From 5453c585e0086227b9eda70f62cc11cf989bf14f Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Sat, 4 Feb 2023 15:00:45 +0100 Subject: [PATCH] FAST multitenant bootstrap and resource management, rename org-level FAST stages (#1052) * rename stages * remove support for external org billing, rename output files * resman: make groups optional, align on new billing account variable * bootstrap: multitenant outputs * tenant bootstrap stage, untested * fix folder name * fix stage 0 output names * optional creation for tag keys in organization module * single tenant bootstrap minus tag * rename output files, add tenant tag key * fix organization module tag values output * test skipping creation for tags in organization module * single tenant bootstrap plan working * multitenant bootstrap * tfdoc * fix check links error messages * fix links * tfdoc * fix links * rename fast tests, fix bootstrap tests * multitenant stages have their own folder, simplify stage numbering * stage renumbering * wip * rename tests * exclude fast providers in fixture * stage 0 tests * stage 1 tests * network stages tests * stage tests * tfdoc * fix links * tfdoc * multitenant tests * remove local files * stage links command * fix links script, TODO * wip * wip single tenant bootstrap * working tenant bootstrap * update gitignore * remove local files * tfdoc * remove local files * allow tests for tenant bootstrap stage * tenant bootstrap proxies stage 1 tfvars * stage 2 and 3 service accounts and IAM in tenant bootstrap * wip * wip * wip * drop multitenant bootstrap * tfdoc * add missing stage 2 SAs, fix org-level IAM condition * wip * wip * optional tag value creation in organization module * stage 1 working * linting * linting * READMEs * wip * Make stage-links script work in old macos bash * stage links command help * fix output file names * diagrams * fix svg * stage 0 skeleton and diagram * test svg * test svg * test diagram * diagram * readme * fix stage links script * stage 0 readme * README changes * stage readmes * fix outputs order * fix link * fix tests * stage 1 test * skip stage example * boilerplate * fix tftest skip * default bootstrap stage log sinks to log buckets * add logging to tenant bootstrap * move iam variables out of tenant config * fix cicd, reintroduce missing variable * use optional in stage 1 cicd variable * rename extras stage * rename and move identity providers local, use optional for cicd variable * tfdoc * add support for wif pool and providers, ci/cd * tfdoc * fix links * better handling of modules repository * add missing role on logging project * fix cicd pools in locals, test cicd * fix workflow extension * fix module source replacement * allow tenant bootstrap cicd sa to impersonate resman sa * tenant workflow templates fix for no providers file * fix output files, push github workflow template to new repository * remove try from outpout files * align stage 1 cicd internals to stage 0 * tfdoc * tests * fix tests * tests * improve variable descriptions * use optional in fast features * actually create tenant log sinks, and allow the resman sa to do it * test * tests * aaaand tests again * fast features tenant override * fast features tenant override * fix wording * add missing comment * configure pf service accounts * add missing comment * tfdoc * tests * IAM docs * update copyright --------- Co-authored-by: Julio Castillo --- .gitignore | 12 +- CHANGELOG.md | 6 +- .../data-platform-foundations/README.md | 2 +- blueprints/gke/multitenant-fleet/README.md | 2 +- .../networking/hub-and-spoke-vpn/README.md | 2 +- diagram.svg | 293 +++ fast/README.md | 24 +- fast/extras/0-cicd-github/README.md | 139 ++ .../cicd-versions.tf | 2 +- .../github_token.png | Bin .../{00-cicd-github => 0-cicd-github}/main.tf | 66 +- .../outputs.tf | 2 +- .../providers.tf | 2 +- .../variables.tf | 27 +- fast/extras/00-cicd-github/README.md | 105 - fast/extras/README.md | 2 +- fast/stage-links.sh | 114 + .../0-bootstrap-tenant/IAM.md | 49 + .../0-bootstrap-tenant/README.md | 210 ++ .../0-bootstrap-tenant/automation-sas.tf | 127 ++ .../0-bootstrap-tenant/automation.tf | 141 ++ .../0-bootstrap-tenant/billing.tf | 39 + .../0-bootstrap-tenant/cicd.tf | 223 ++ .../0-bootstrap-tenant/diagram.svg | 597 +++++ .../0-bootstrap-tenant/identity-providers.tf | 96 + .../0-bootstrap-tenant/log-export.tf | 94 + .../0-bootstrap-tenant/main.tf | 100 + .../0-bootstrap-tenant/organization.tf | 84 + .../0-bootstrap-tenant/outputs-files.tf | 46 + .../0-bootstrap-tenant/outputs-gcs.tf | 41 + .../0-bootstrap-tenant/outputs.tf | 140 ++ .../templates/providers.tf.tpl | 30 + .../templates/workflow-github.yaml | 190 ++ .../templates/workflow-gitlab.yaml | 124 ++ .../templates/workflow-sourcerepo.yaml | 100 + .../0-bootstrap-tenant/variables.tf | 305 +++ .../stages-multitenant/1-resman-tenant/IAM.md | 60 + .../1-resman-tenant/README.md | 184 ++ .../1-resman-tenant/branch-data-platform.tf | 133 ++ .../1-resman-tenant/branch-gke.tf | 133 ++ .../1-resman-tenant/branch-networking.tf | 107 + .../1-resman-tenant/branch-project-factory.tf | 79 + .../1-resman-tenant/branch-sandbox.tf | 51 + .../1-resman-tenant/branch-security.tf | 76 + .../1-resman-tenant/branch-teams.tf | 163 ++ .../1-resman-tenant/cicd-data-platform.tf | 173 ++ .../1-resman-tenant/cicd-gke.tf | 175 ++ .../1-resman-tenant/cicd-networking.tf | 94 + .../1-resman-tenant/cicd-project-factory.tf | 191 ++ .../1-resman-tenant/cicd-security.tf | 94 + .../data/org-policies/compute.yaml | 0 .../data/org-policies/iam.yaml | 0 .../data/org-policies/serverless.yaml | 0 .../data/org-policies/sql.yaml | 0 .../data/org-policies/storage.yaml | 0 .../1-resman-tenant}/diagram.png | Bin .../1-resman-tenant}/diagram.svg | 0 .../1-resman-tenant/main.tf | 79 + .../1-resman-tenant/outputs-files.tf | 46 + .../1-resman-tenant/outputs-gcs.tf | 37 + .../1-resman-tenant/outputs.tf | 311 +++ .../1-resman-tenant/root_node.tf | 41 + .../templates/providers.tf.tpl | 33 + .../templates/workflow-github.yaml | 186 ++ .../templates/workflow-gitlab.yaml | 120 + .../templates/workflow-sourcerepo.yaml | 98 + .../1-resman-tenant/variables.tf | 281 +++ fast/stages-multitenant/MULTITENANT-TODO.md | 8 + fast/stages-multitenant/README.md | 27 + fast/stages-multitenant/diagram.png | Bin 0 -> 200274 bytes fast/stages-multitenant/stages.png | Bin 0 -> 219942 bytes fast/stages-multitenant/stages.svg | 1278 +++++++++++ fast/stages.png | Bin 258759 -> 144883 bytes fast/stages.svg | 1948 ++++++++--------- .../{00-bootstrap => 0-bootstrap}/IAM.md | 0 .../{00-bootstrap => 0-bootstrap}/README.md | 60 +- .../automation.tf | 36 +- .../{00-bootstrap => 0-bootstrap}/billing.tf | 46 +- .../{00-bootstrap => 0-bootstrap}/cicd.tf | 23 +- .../{00-bootstrap => 0-bootstrap}/diagram.png | Bin .../{00-bootstrap => 0-bootstrap}/diagram.svg | 0 .../{00-bootstrap => 0-bootstrap}/groups.gif | Bin .../identity-providers.tf | 0 .../log-export.tf | 10 + .../{00-bootstrap => 0-bootstrap}/main.tf | 4 - .../organization.tf | 33 +- .../outputs-files.tf | 2 +- .../outputs-gcs.tf | 2 +- .../{00-bootstrap => 0-bootstrap}/outputs.tf | 46 +- .../0-bootstrap/templates/providers.tf.tpl | 33 + .../templates/workflow-github.yaml | 186 ++ .../templates/workflow-gitlab.yaml | 120 + .../templates/workflow-sourcerepo.yaml | 98 + .../terraform.tfvars.sample | 0 .../variables.tf | 46 +- fast/stages/00-bootstrap/templates | 1 - fast/stages/01-resman/templates | 1 - fast/stages/{01-resman => 1-resman}/IAM.md | 0 fast/stages/{01-resman => 1-resman}/README.md | 82 +- .../stages/{01-resman => 1-resman}/billing.tf | 16 +- .../branch-data-platform.tf | 19 + .../{01-resman => 1-resman}/branch-gke.tf | 12 +- .../branch-networking.tf | 2 +- .../branch-project-factory.tf | 19 + .../{01-resman => 1-resman}/branch-sandbox.tf | 0 .../branch-security.tf | 4 +- .../{01-resman => 1-resman}/branch-teams.tf | 0 .../cicd-data-platform.tf | 4 +- .../{01-resman => 1-resman}/cicd-gke.tf | 4 +- .../cicd-networking.tf | 2 +- .../cicd-project-factory.tf | 4 +- .../{01-resman => 1-resman}/cicd-security.tf | 2 +- .../1-resman/data/org-policies/compute.yaml | 73 + .../1-resman/data/org-policies/iam.yaml | 12 + .../data/org-policies/serverless.yaml | 26 + .../1-resman/data/org-policies/sql.yaml | 9 + .../1-resman/data/org-policies/storage.yaml | 6 + fast/stages/1-resman/diagram.png | Bin 0 -> 233671 bytes fast/stages/1-resman/diagram.svg | 1340 ++++++++++++ fast/stages/{01-resman => 1-resman}/main.tf | 29 +- .../{01-resman => 1-resman}/organization.tf | 49 +- .../{01-resman => 1-resman}/outputs-files.tf | 2 +- .../{01-resman => 1-resman}/outputs-gcs.tf | 2 +- .../stages/{01-resman => 1-resman}/outputs.tf | 117 +- .../1-resman/templates/providers.tf.tpl | 33 + .../1-resman/templates/workflow-github.yaml | 186 ++ .../1-resman/templates/workflow-gitlab.yaml | 120 + .../templates/workflow-sourcerepo.yaml | 98 + .../{01-resman => 1-resman}/variables.tf | 98 +- .../.gitignore | 0 .../IAM.md | 0 .../README.md | 42 +- .../data/cidrs.yaml | 0 .../data/dashboards/firewall_insights.json | 0 .../data/dashboards/vpn.json | 0 .../data/firewall-rules/dev/rules.yaml | 0 .../data/firewall-rules/landing/rules.yaml | 0 .../data/hierarchical-policy-rules.yaml | 0 .../subnets/dev/dev-dataplatform-ew1.yaml | 0 .../data/subnets/dev/dev-default-ew1.yaml | 0 .../data/subnets/dev/dev-gke-nodes-ew1.yaml | 0 .../subnets/landing/landing-default-ew1.yaml | 0 .../data/subnets/prod/prod-default-ew1.yaml | 0 .../diagram.png | Bin .../diagram.svg | 0 .../dns-dev.tf | 0 .../dns-landing.tf | 0 .../dns-prod.tf | 0 .../landing.tf | 0 .../main.tf | 0 .../monitoring.tf | 0 .../outputs.tf | 4 +- .../peerings.tf | 0 .../spoke-dev.tf | 0 .../spoke-prod.tf | 0 .../test-resources.tf | 0 .../variables-peerings.tf | 0 .../variables.tf | 24 +- .../vpn-onprem.tf | 0 .../.gitignore | 0 .../IAM.md | 0 .../README.md | 42 +- .../data/cidrs.yaml | 0 .../data/dashboards/firewall_insights.json | 0 .../data/dashboards/vpn.json | 0 .../data/firewall-rules/dev/rules.yaml | 0 .../data/firewall-rules/landing/rules.yaml | 0 .../data/hierarchical-policy-rules.yaml | 0 .../subnets/dev/dev-dataplatform-ew1.yaml | 0 .../data/subnets/dev/dev-default-ew1.yaml | 0 .../data/subnets/dev/dev-gke-nodes-ew1.yaml | 0 .../subnets/landing/landing-default-ew1.yaml | 0 .../data/subnets/prod/prod-default-ew1.yaml | 0 .../diagram.png | Bin .../diagram.svg | 0 .../dns-dev.tf | 0 .../dns-landing.tf | 0 .../dns-prod.tf | 0 .../landing.tf | 0 .../main.tf | 0 .../monitoring.tf | 0 .../outputs.tf | 4 +- .../spoke-dev.tf | 0 .../spoke-prod.tf | 0 .../test-resources.tf | 0 .../variables-vpn.tf | 0 .../variables.tf | 24 +- .../vpn-onprem.tf | 0 .../vpn-spoke-dev.tf | 0 .../vpn-spoke-prod-ew1.tf | 0 .../vpn-spoke-prod-ew4.tf | 0 .../README.md | 44 +- .../data/cidrs.yaml | 0 .../data/dashboards/firewall_insights.json | 0 .../data/dashboards/vpn.json | 0 .../data/firewall-rules/dev/rules.yaml | 0 .../firewall-rules/landing-trusted/rules.yaml | 0 .../landing-untrusted/rules.yaml | 0 .../data/hierarchical-policy-rules.yaml | 0 .../data/nva-startup-script.tftpl | 0 .../subnets/dev/dev-dataplatform-ew1.yaml | 0 .../data/subnets/dev/dev-default-ew1.yaml | 0 .../data/subnets/dev/dev-default-ew4.yaml | 0 .../landing-trusted-default-ew1.yaml | 0 .../landing-trusted-default-ew4.yaml | 0 .../landing-untrusted-default-ew1.yaml | 0 .../landing-untrusted-default-ew4.yaml | 0 .../data/subnets/prod/prod-default-ew1.yaml | 0 .../data/subnets/prod/prod-default-ew4.yaml | 0 .../diagram.png | Bin .../diagram.svg | 0 .../dns-dev.tf | 0 .../dns-landing.tf | 0 .../dns-prod.tf | 0 .../landing.tf | 0 .../main.tf | 0 .../monitoring.tf | 0 .../nva.tf | 0 .../outputs.tf | 4 +- .../spoke-dev.tf | 0 .../spoke-prod.tf | 0 .../test-resources.tf | 0 .../variables.tf | 24 +- .../vpn-onprem.tf | 0 .../.gitignore | 0 .../IAM.md | 0 .../README.md | 38 +- .../data/cidrs.yaml | 0 .../data/dashboards/firewall_insights.json | 0 .../data/dashboards/vpn.json | 0 .../data/firewall-rules/dev/rules.yaml | 0 .../data/hierarchical-policy-rules.yaml | 0 .../subnets/dev/dev-dataplatform-ew1.yaml | 0 .../data/subnets/dev/dev-default-ew1.yaml | 0 .../data/subnets/prod/prod-default-ew1.yaml | 0 .../diagram.png | Bin .../diagram.svg | 0 .../dns-dev.tf | 0 .../dns-prod.tf | 0 .../main.tf | 0 .../monitoring.tf | 0 .../outputs.tf | 4 +- .../spoke-dev.tf | 0 .../spoke-prod.tf | 0 .../test-resources.tf | 0 .../variables.tf | 24 +- .../vpn-onprem-dev.tf | 0 .../vpn-onprem-prod.tf | 0 .../stages/{02-security => 2-security}/IAM.md | 0 .../{02-security => 2-security}/README.md | 34 +- .../{02-security => 2-security}/core-dev.tf | 0 .../{02-security => 2-security}/core-prod.tf | 0 .../{02-security => 2-security}/diagram.png | Bin .../{02-security => 2-security}/diagram.svg | 0 .../{02-security => 2-security}/main.tf | 0 .../{02-security => 2-security}/outputs.tf | 4 +- .../{02-security => 2-security}/variables.tf | 24 +- .../vpc-sc-restricted-services.yaml | 0 .../{02-security => 2-security}/vpc-sc.tf | 0 .../README.md | 0 .../dev/IAM.md | 0 .../dev/README.md | 63 +- .../dev/demo | 0 .../dev/diagram.png | Bin .../dev/diagram_vpcsc.png | Bin .../dev/main.tf | 0 .../dev/outputs.tf | 4 +- .../dev/variables.tf | 22 +- .../README.md | 2 +- .../dev/README.md | 36 +- .../dev/diagram.png | Bin .../dev/main.tf | 0 .../dev/outputs.tf | 4 +- .../dev/variables.tf | 20 +- .../README.md | 0 .../dev/README.md | 16 +- .../dev/data/defaults.yaml | 0 .../dev/data/projects/project.yaml.sample | 0 .../dev/diagram.png | Bin .../dev/diagram.svg | 0 .../dev/main.tf | 0 .../dev/outputs.tf | 0 .../dev/variables.tf | 20 +- fast/stages/CLEANUP.md | 11 +- fast/stages/COMPANION.md | 82 +- fast/stages/README.md | 30 +- modules/organization/README.md | 14 +- modules/organization/outputs.tf | 14 +- modules/organization/tags.tf | 39 +- modules/organization/variables.tf | 8 +- .../stages/s03_data_platform/test_plan.py | 21 - .../stages/s03_gke_multitenant/test_plan.py | 21 - .../stages/s03_project_factory/common.tfvars | 11 - .../stages/s03_project_factory/test_plan.py | 21 - .../__init__.py | 0 .../simple.tfvars | 3 +- .../simple.yaml | 16 +- .../simple_projects.yaml | 0 .../simple_sas.yaml | 4 - .../tftest.yaml | 2 +- .../{s01_resman => s1_resman}/__init__.py | 0 .../{s01_resman => s1_resman}/common.tfvars | 3 +- .../{s01_resman => s1_resman}/test_plan.py | 2 +- .../__init__.py | 0 .../common.tfvars | 5 +- .../test_plan.py | 12 +- .../__init__.py | 0 .../common.tfvars | 5 +- .../fixture/main.tf | 0 .../test_plan.py | 2 +- .../__init__.py | 0 .../common.tfvars | 5 +- .../test_plan.py | 2 +- .../__init__.py | 0 .../common.tfvars | 5 +- .../test_plan.py | 2 +- .../{s02_security => s2_security}/__init__.py | 0 .../common.tfvars | 9 +- .../test_plan.py | 2 +- .../__init__.py | 0 .../common.tfvars | 7 +- .../fast/stages/s3_data_platform/test_plan.py | 21 + .../__init__.py | 0 .../common.tfvars | 3 +- .../stages/s3_gke_multitenant/test_plan.py | 21 + .../__init__.py | 0 .../stages/s3_project_factory/common.tfvars | 10 + .../data/defaults.yaml | 0 .../data/projects/project.yaml | 0 .../stages/s3_project_factory/test_plan.py | 21 + tests/fast/stages_multitenant/__init__.py | 13 + .../s0_bootstrap_tenant/__init__.py | 13 + .../s0_bootstrap_tenant/simple.tfvars | 60 + .../s0_bootstrap_tenant/simple.yaml | 33 + .../s0_bootstrap_tenant/tftest.yaml | 10 + .../s1_resman_tenant/__init__.py | 13 + .../s1_resman_tenant/simple.tfvars | 70 + .../s1_resman_tenant/simple.yaml | 28 + .../s1_resman_tenant/tftest.yaml | 10 + tests/fixtures.py | 13 +- tests/modules/organization/tags.tfvars | 59 + tests/modules/organization/tags.yaml | 76 + tests/modules/organization/tftest.yaml | 1 + tools/check_links.py | 2 +- tools/plan_summary.py | 11 +- 345 files changed, 12155 insertions(+), 2077 deletions(-) create mode 100644 diagram.svg create mode 100644 fast/extras/0-cicd-github/README.md rename fast/extras/{00-cicd-github => 0-cicd-github}/cicd-versions.tf (96%) rename fast/extras/{00-cicd-github => 0-cicd-github}/github_token.png (100%) rename fast/extras/{00-cicd-github => 0-cicd-github}/main.tf (72%) rename fast/extras/{00-cicd-github => 0-cicd-github}/outputs.tf (96%) rename fast/extras/{00-cicd-github => 0-cicd-github}/providers.tf (95%) rename fast/extras/{00-cicd-github => 0-cicd-github}/variables.tf (75%) delete mode 100644 fast/extras/00-cicd-github/README.md create mode 100755 fast/stage-links.sh create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/IAM.md create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/README.md create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/automation-sas.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/automation.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/billing.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/cicd.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/diagram.svg create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/identity-providers.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/log-export.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/main.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/organization.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/outputs-files.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/outputs-gcs.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/outputs.tf create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/templates/providers.tf.tpl create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-gitlab.yaml create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-sourcerepo.yaml create mode 100644 fast/stages-multitenant/0-bootstrap-tenant/variables.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/IAM.md create mode 100644 fast/stages-multitenant/1-resman-tenant/README.md create mode 100644 fast/stages-multitenant/1-resman-tenant/branch-data-platform.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/branch-gke.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/branch-networking.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/branch-project-factory.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/branch-sandbox.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/branch-security.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/branch-teams.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/cicd-data-platform.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/cicd-gke.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/cicd-networking.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/cicd-project-factory.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/cicd-security.tf rename fast/{stages/01-resman => stages-multitenant/1-resman-tenant}/data/org-policies/compute.yaml (100%) rename fast/{stages/01-resman => stages-multitenant/1-resman-tenant}/data/org-policies/iam.yaml (100%) rename fast/{stages/01-resman => stages-multitenant/1-resman-tenant}/data/org-policies/serverless.yaml (100%) rename fast/{stages/01-resman => stages-multitenant/1-resman-tenant}/data/org-policies/sql.yaml (100%) rename fast/{stages/01-resman => stages-multitenant/1-resman-tenant}/data/org-policies/storage.yaml (100%) rename fast/{stages/01-resman => stages-multitenant/1-resman-tenant}/diagram.png (100%) rename fast/{stages/01-resman => stages-multitenant/1-resman-tenant}/diagram.svg (100%) create mode 100644 fast/stages-multitenant/1-resman-tenant/main.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/outputs-files.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/outputs-gcs.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/outputs.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/root_node.tf create mode 100644 fast/stages-multitenant/1-resman-tenant/templates/providers.tf.tpl create mode 100644 fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml create mode 100644 fast/stages-multitenant/1-resman-tenant/templates/workflow-gitlab.yaml create mode 100644 fast/stages-multitenant/1-resman-tenant/templates/workflow-sourcerepo.yaml create mode 100644 fast/stages-multitenant/1-resman-tenant/variables.tf create mode 100644 fast/stages-multitenant/MULTITENANT-TODO.md create mode 100644 fast/stages-multitenant/README.md create mode 100644 fast/stages-multitenant/diagram.png create mode 100644 fast/stages-multitenant/stages.png create mode 100644 fast/stages-multitenant/stages.svg rename fast/stages/{00-bootstrap => 0-bootstrap}/IAM.md (100%) rename fast/stages/{00-bootstrap => 0-bootstrap}/README.md (88%) rename fast/stages/{00-bootstrap => 0-bootstrap}/automation.tf (82%) rename fast/stages/{00-bootstrap => 0-bootstrap}/billing.tf (60%) rename fast/stages/{00-bootstrap => 0-bootstrap}/cicd.tf (86%) rename fast/stages/{00-bootstrap => 0-bootstrap}/diagram.png (100%) rename fast/stages/{00-bootstrap => 0-bootstrap}/diagram.svg (100%) rename fast/stages/{00-bootstrap => 0-bootstrap}/groups.gif (100%) rename fast/stages/{00-bootstrap => 0-bootstrap}/identity-providers.tf (100%) rename fast/stages/{00-bootstrap => 0-bootstrap}/log-export.tf (82%) rename fast/stages/{00-bootstrap => 0-bootstrap}/main.tf (78%) rename fast/stages/{00-bootstrap => 0-bootstrap}/organization.tf (89%) rename fast/stages/{00-bootstrap => 0-bootstrap}/outputs-files.tf (97%) rename fast/stages/{00-bootstrap => 0-bootstrap}/outputs-gcs.tf (96%) rename fast/stages/{00-bootstrap => 0-bootstrap}/outputs.tf (77%) create mode 100644 fast/stages/0-bootstrap/templates/providers.tf.tpl create mode 100644 fast/stages/0-bootstrap/templates/workflow-github.yaml create mode 100644 fast/stages/0-bootstrap/templates/workflow-gitlab.yaml create mode 100644 fast/stages/0-bootstrap/templates/workflow-sourcerepo.yaml rename fast/stages/{00-bootstrap => 0-bootstrap}/terraform.tfvars.sample (100%) rename fast/stages/{00-bootstrap => 0-bootstrap}/variables.tf (90%) delete mode 120000 fast/stages/00-bootstrap/templates delete mode 120000 fast/stages/01-resman/templates rename fast/stages/{01-resman => 1-resman}/IAM.md (100%) rename fast/stages/{01-resman => 1-resman}/README.md (68%) rename fast/stages/{01-resman => 1-resman}/billing.tf (77%) rename fast/stages/{01-resman => 1-resman}/branch-data-platform.tf (86%) rename fast/stages/{01-resman => 1-resman}/branch-gke.tf (94%) rename fast/stages/{01-resman => 1-resman}/branch-networking.tf (98%) rename fast/stages/{01-resman => 1-resman}/branch-project-factory.tf (78%) rename fast/stages/{01-resman => 1-resman}/branch-sandbox.tf (100%) rename fast/stages/{01-resman => 1-resman}/branch-security.tf (96%) rename fast/stages/{01-resman => 1-resman}/branch-teams.tf (100%) rename fast/stages/{01-resman => 1-resman}/cicd-data-platform.tf (99%) rename fast/stages/{01-resman => 1-resman}/cicd-gke.tf (99%) rename fast/stages/{01-resman => 1-resman}/cicd-networking.tf (99%) rename fast/stages/{01-resman => 1-resman}/cicd-project-factory.tf (99%) rename fast/stages/{01-resman => 1-resman}/cicd-security.tf (99%) create mode 100644 fast/stages/1-resman/data/org-policies/compute.yaml create mode 100644 fast/stages/1-resman/data/org-policies/iam.yaml create mode 100644 fast/stages/1-resman/data/org-policies/serverless.yaml create mode 100644 fast/stages/1-resman/data/org-policies/sql.yaml create mode 100644 fast/stages/1-resman/data/org-policies/storage.yaml create mode 100644 fast/stages/1-resman/diagram.png create mode 100644 fast/stages/1-resman/diagram.svg rename fast/stages/{01-resman => 1-resman}/main.tf (78%) rename fast/stages/{01-resman => 1-resman}/organization.tf (66%) rename fast/stages/{01-resman => 1-resman}/outputs-files.tf (94%) rename fast/stages/{01-resman => 1-resman}/outputs-gcs.tf (96%) rename fast/stages/{01-resman => 1-resman}/outputs.tf (72%) create mode 100644 fast/stages/1-resman/templates/providers.tf.tpl create mode 100644 fast/stages/1-resman/templates/workflow-github.yaml create mode 100644 fast/stages/1-resman/templates/workflow-gitlab.yaml create mode 100644 fast/stages/1-resman/templates/workflow-sourcerepo.yaml rename fast/stages/{01-resman => 1-resman}/variables.tf (79%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/.gitignore (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/IAM.md (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/README.md (93%) rename fast/stages/{02-networking-nva => 2-networking-a-peering}/data/cidrs.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/dashboards/firewall_insights.json (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/dashboards/vpn.json (100%) rename fast/stages/{02-networking-nva => 2-networking-a-peering}/data/firewall-rules/dev/rules.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/firewall-rules/landing/rules.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-a-peering}/data/hierarchical-policy-rules.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/subnets/dev/dev-dataplatform-ew1.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/subnets/dev/dev-default-ew1.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/subnets/dev/dev-gke-nodes-ew1.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/subnets/landing/landing-default-ew1.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/data/subnets/prod/prod-default-ew1.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/diagram.png (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/diagram.svg (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/dns-dev.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/dns-landing.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/dns-prod.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/landing.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/main.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-a-peering}/monitoring.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-a-peering}/outputs.tf (96%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/peerings.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/spoke-dev.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/spoke-prod.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/test-resources.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/variables-peerings.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-a-peering}/variables.tf (91%) rename fast/stages/{02-networking-peering => 2-networking-a-peering}/vpn-onprem.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-b-vpn}/.gitignore (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-b-vpn}/IAM.md (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/README.md (94%) rename fast/stages/{02-networking-peering => 2-networking-b-vpn}/data/cidrs.yaml (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-b-vpn}/data/dashboards/firewall_insights.json (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-b-vpn}/data/dashboards/vpn.json (100%) rename fast/stages/{02-networking-peering => 2-networking-b-vpn}/data/firewall-rules/dev/rules.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/data/firewall-rules/landing/rules.yaml (100%) rename fast/stages/{02-networking-peering => 2-networking-b-vpn}/data/hierarchical-policy-rules.yaml (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-b-vpn}/data/subnets/dev/dev-dataplatform-ew1.yaml (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-b-vpn}/data/subnets/dev/dev-default-ew1.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/data/subnets/dev/dev-gke-nodes-ew1.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/data/subnets/landing/landing-default-ew1.yaml (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-b-vpn}/data/subnets/prod/prod-default-ew1.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/diagram.png (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/diagram.svg (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/dns-dev.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/dns-landing.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/dns-prod.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/landing.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/main.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-b-vpn}/monitoring.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-b-vpn}/outputs.tf (96%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/spoke-dev.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/spoke-prod.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/test-resources.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/variables-vpn.tf (100%) rename fast/stages/{02-networking-peering => 2-networking-b-vpn}/variables.tf (91%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/vpn-onprem.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/vpn-spoke-dev.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/vpn-spoke-prod-ew1.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-b-vpn}/vpn-spoke-prod-ew4.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/README.md (94%) rename fast/stages/{02-networking-separate-envs => 2-networking-c-nva}/data/cidrs.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/dashboards/firewall_insights.json (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/dashboards/vpn.json (100%) rename fast/stages/{02-networking-vpn => 2-networking-c-nva}/data/firewall-rules/dev/rules.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/firewall-rules/landing-trusted/rules.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/firewall-rules/landing-untrusted/rules.yaml (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-c-nva}/data/hierarchical-policy-rules.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/nva-startup-script.tftpl (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/dev/dev-dataplatform-ew1.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/dev/dev-default-ew1.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/dev/dev-default-ew4.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/landing-trusted/landing-trusted-default-ew1.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/landing-trusted/landing-trusted-default-ew4.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/landing-untrusted/landing-untrusted-default-ew1.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/landing-untrusted/landing-untrusted-default-ew4.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/prod/prod-default-ew1.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/data/subnets/prod/prod-default-ew4.yaml (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/diagram.png (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/diagram.svg (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/dns-dev.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/dns-landing.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/dns-prod.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/landing.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/main.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-c-nva}/monitoring.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/nva.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/outputs.tf (96%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/spoke-dev.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/spoke-prod.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/test-resources.tf (100%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/variables.tf (93%) rename fast/stages/{02-networking-nva => 2-networking-c-nva}/vpn-onprem.tf (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/.gitignore (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/IAM.md (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/README.md (92%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/data/cidrs.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/data/dashboards/firewall_insights.json (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/data/dashboards/vpn.json (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/data/firewall-rules/dev/rules.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/data/hierarchical-policy-rules.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/data/subnets/dev/dev-dataplatform-ew1.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/data/subnets/dev/dev-default-ew1.yaml (100%) rename fast/stages/{02-networking-vpn => 2-networking-d-separate-envs}/data/subnets/prod/prod-default-ew1.yaml (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/diagram.png (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/diagram.svg (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/dns-dev.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/dns-prod.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/main.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/monitoring.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/outputs.tf (97%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/spoke-dev.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/spoke-prod.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/test-resources.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/variables.tf (92%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/vpn-onprem-dev.tf (100%) rename fast/stages/{02-networking-separate-envs => 2-networking-d-separate-envs}/vpn-onprem-prod.tf (100%) rename fast/stages/{02-security => 2-security}/IAM.md (100%) rename fast/stages/{02-security => 2-security}/README.md (92%) rename fast/stages/{02-security => 2-security}/core-dev.tf (100%) rename fast/stages/{02-security => 2-security}/core-prod.tf (100%) rename fast/stages/{02-security => 2-security}/diagram.png (100%) rename fast/stages/{02-security => 2-security}/diagram.svg (100%) rename fast/stages/{02-security => 2-security}/main.tf (100%) rename fast/stages/{02-security => 2-security}/outputs.tf (96%) rename fast/stages/{02-security => 2-security}/variables.tf (91%) rename fast/stages/{02-security => 2-security}/vpc-sc-restricted-services.yaml (100%) rename fast/stages/{02-security => 2-security}/vpc-sc.tf (100%) rename fast/stages/{03-data-platform => 3-data-platform}/README.md (100%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/IAM.md (100%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/README.md (82%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/demo (100%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/diagram.png (100%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/diagram_vpcsc.png (100%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/main.tf (100%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/outputs.tf (95%) rename fast/stages/{03-data-platform => 3-data-platform}/dev/variables.tf (90%) rename fast/stages/{03-gke-multitenant => 3-gke-multitenant}/README.md (71%) rename fast/stages/{03-gke-multitenant => 3-gke-multitenant}/dev/README.md (90%) rename fast/stages/{03-gke-multitenant => 3-gke-multitenant}/dev/diagram.png (100%) rename fast/stages/{03-gke-multitenant => 3-gke-multitenant}/dev/main.tf (100%) rename fast/stages/{03-gke-multitenant => 3-gke-multitenant}/dev/outputs.tf (96%) rename fast/stages/{03-gke-multitenant => 3-gke-multitenant}/dev/variables.tf (92%) rename fast/stages/{03-project-factory => 3-project-factory}/README.md (100%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/README.md (85%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/data/defaults.yaml (100%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/data/projects/project.yaml.sample (100%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/diagram.png (100%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/diagram.svg (100%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/main.tf (100%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/outputs.tf (100%) rename fast/stages/{03-project-factory => 3-project-factory}/dev/variables.tf (76%) delete mode 100644 tests/fast/stages/s03_data_platform/test_plan.py delete mode 100644 tests/fast/stages/s03_gke_multitenant/test_plan.py delete mode 100644 tests/fast/stages/s03_project_factory/common.tfvars delete mode 100644 tests/fast/stages/s03_project_factory/test_plan.py rename tests/fast/stages/{s00_bootstrap => s0_bootstrap}/__init__.py (100%) rename tests/fast/stages/{s00_bootstrap => s0_bootstrap}/simple.tfvars (71%) rename tests/fast/stages/{s00_bootstrap => s0_bootstrap}/simple.yaml (81%) rename tests/fast/stages/{s00_bootstrap => s0_bootstrap}/simple_projects.yaml (100%) rename tests/fast/stages/{s00_bootstrap => s0_bootstrap}/simple_sas.yaml (82%) rename tests/fast/stages/{s00_bootstrap => s0_bootstrap}/tftest.yaml (83%) rename tests/fast/stages/{s01_resman => s1_resman}/__init__.py (100%) rename tests/fast/stages/{s01_resman => s1_resman}/common.tfvars (91%) rename tests/fast/stages/{s01_resman => s1_resman}/test_plan.py (93%) rename tests/fast/stages/{s02_networking_nva => s2_networking_a_peering}/__init__.py (100%) rename tests/fast/stages/{s02_networking_peering => s2_networking_a_peering}/common.tfvars (83%) rename tests/fast/stages/{s02_networking_peering => s2_networking_a_peering}/test_plan.py (87%) rename tests/fast/stages/{s02_networking_peering => s2_networking_b_vpn}/__init__.py (100%) rename tests/fast/stages/{s02_networking_vpn => s2_networking_b_vpn}/common.tfvars (83%) rename tests/fast/stages/{s02_networking_vpn => s2_networking_b_vpn}/fixture/main.tf (100%) rename tests/fast/stages/{s02_networking_nva => s2_networking_b_vpn}/test_plan.py (92%) rename tests/fast/stages/{s02_networking_separate_envs => s2_networking_c_nva}/__init__.py (100%) rename tests/fast/stages/{s02_networking_nva => s2_networking_c_nva}/common.tfvars (81%) rename tests/fast/stages/{s02_networking_vpn => s2_networking_c_nva}/test_plan.py (92%) rename tests/fast/stages/{s02_networking_vpn => s2_networking_d_separate_envs}/__init__.py (100%) rename tests/fast/stages/{s02_networking_separate_envs => s2_networking_d_separate_envs}/common.tfvars (78%) rename tests/fast/stages/{s02_networking_separate_envs => s2_networking_d_separate_envs}/test_plan.py (91%) rename tests/fast/stages/{s02_security => s2_security}/__init__.py (100%) rename tests/fast/stages/{s02_security => s2_security}/common.tfvars (91%) rename tests/fast/stages/{s02_security => s2_security}/test_plan.py (93%) rename tests/fast/stages/{s03_data_platform => s3_data_platform}/__init__.py (100%) rename tests/fast/stages/{s03_data_platform => s3_data_platform}/common.tfvars (85%) create mode 100644 tests/fast/stages/s3_data_platform/test_plan.py rename tests/fast/stages/{s03_gke_multitenant => s3_gke_multitenant}/__init__.py (100%) rename tests/fast/stages/{s03_gke_multitenant => s3_gke_multitenant}/common.tfvars (92%) create mode 100644 tests/fast/stages/s3_gke_multitenant/test_plan.py rename tests/fast/stages/{s03_project_factory => s3_project_factory}/__init__.py (100%) create mode 100644 tests/fast/stages/s3_project_factory/common.tfvars rename tests/fast/stages/{s03_project_factory => s3_project_factory}/data/defaults.yaml (100%) rename tests/fast/stages/{s03_project_factory => s3_project_factory}/data/projects/project.yaml (100%) create mode 100644 tests/fast/stages/s3_project_factory/test_plan.py create mode 100644 tests/fast/stages_multitenant/__init__.py create mode 100644 tests/fast/stages_multitenant/s0_bootstrap_tenant/__init__.py create mode 100644 tests/fast/stages_multitenant/s0_bootstrap_tenant/simple.tfvars create mode 100644 tests/fast/stages_multitenant/s0_bootstrap_tenant/simple.yaml create mode 100644 tests/fast/stages_multitenant/s0_bootstrap_tenant/tftest.yaml create mode 100644 tests/fast/stages_multitenant/s1_resman_tenant/__init__.py create mode 100644 tests/fast/stages_multitenant/s1_resman_tenant/simple.tfvars create mode 100644 tests/fast/stages_multitenant/s1_resman_tenant/simple.yaml create mode 100644 tests/fast/stages_multitenant/s1_resman_tenant/tftest.yaml create mode 100644 tests/modules/organization/tags.tfvars create mode 100644 tests/modules/organization/tags.yaml diff --git a/.gitignore b/.gitignore index 79fa83df..91778178 100644 --- a/.gitignore +++ b/.gitignore @@ -21,13 +21,13 @@ bundle.zip **/*.pkrvars.hcl fixture_* fast/configs -fast/stages/**/[0-9]*providers.tf -fast/stages/**/terraform.tfvars -fast/stages/**/terraform.tfvars.json -fast/stages/**/terraform-*.auto.tfvars.json -fast/stages/**/0*.auto.tfvars* +fast/**/[0-9]*providers.tf +fast/**/terraform.tfvars +fast/**/terraform.tfvars.json +fast/**/terraform-*.auto.tfvars.json +fast/**/[0-9]*.auto.tfvars* **/node_modules -fast/stages/**/globals.auto.tfvars.json +fast/**/globals.auto.tfvars.json cloud_sql_proxy examples/cloud-operations/binauthz/tenant-setup.yaml examples/cloud-operations/binauthz/app/app.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index cedd3a40..c3657494 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -480,7 +480,7 @@ All notable changes to this project will be documented in this file. - fix `tag` output on `data-catalog-policy-tag` module - add shared-vpc support on `gcs-to-bq-with-least-privileges` - new `net-ilb-l7` module -- new [02-networking-peering](fast/stages/02-networking-peering) networking stage +- new `02-networking-peering` networking stage - **incompatible change** the variable for PSA ranges in networking stages have changed ## [14.0.0] - 2022-02-25 @@ -499,8 +499,8 @@ All notable changes to this project will be documented in this file. - **incompatible change** removed `ingress_settings` configuration option in the `cloud-functions` module. - new [m4ce VM example](blueprints/cloud-operations/vm-migration/) - Support for resource management tags in the `organization`, `folder`, `project`, `compute-vm`, and `kms` modules -- new [data platform](fast/stages/03-data-platform) stage 3 -- new [02-networking-nva](fast/stages/02-networking-nva) networking stage +- new `data platform` stage 3 +- new `02-networking-nva` networking stage - allow customizing the names of custom roles - added `environment` and `context` resource management tags - use resource management tags to restrict scope of roles/orgpolicy.policyAdmin diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md index b038cfe4..a05bbae7 100644 --- a/blueprints/data-solutions/data-platform-foundations/README.md +++ b/blueprints/data-solutions/data-platform-foundations/README.md @@ -21,7 +21,7 @@ The approach adapts to different high-level requirements: - least privilege principle - rely on service account impersonation -The code in this blueprint doesn't address Organization-level configurations (Organization policy, VPC-SC, centralized logs). We expect those elements to be managed by automation stages external to this script like those in [FAST](../../../fast) and this blueprint deployed on top of them as one of the [stages](../../../fast/stages/03-data-platform/dev/README.md). +The code in this blueprint doesn't address Organization-level configurations (Organization policy, VPC-SC, centralized logs). We expect those elements to be managed by automation stages external to this script like those in [FAST](../../../fast) and this blueprint deployed on top of them as one of the [stages](../../../fast/stages/3-data-platform/dev/README.md). ### Project structure diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md index 1e09afaa..cadcf410 100644 --- a/blueprints/gke/multitenant-fleet/README.md +++ b/blueprints/gke/multitenant-fleet/README.md @@ -4,7 +4,7 @@ This blueprint presents an opinionated architecture to handle multiple homogeneo The pattern used in this design is useful, for blueprint, in cases where multiple clusters host/support the same workloads, such as in the case of a multi-regional deployment. Furthermore, combined with Anthos Config Sync and proper RBAC, this architecture can be used to host multiple tenants (e.g. teams, applications) sharing the clusters. -This blueprint is used as part of the [FAST GKE stage](../../../fast/stages/03-gke-multitenant/) but it can also be used independently if desired. +This blueprint is used as part of the [FAST GKE stage](../../../fast/stages/3-gke-multitenant/) but it can also be used independently if desired.

GKE multitenant diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md index 5f596142..bdf877c7 100644 --- a/blueprints/networking/hub-and-spoke-vpn/README.md +++ b/blueprints/networking/hub-and-spoke-vpn/README.md @@ -7,7 +7,7 @@ A few additional features are also shown: - [custom BGP advertisements](https://cloud.google.com/router/docs/how-to/advertising-overview) to implement transitivity between spokes - [VPC Global Routing](https://cloud.google.com/network-connectivity/docs/router/how-to/configuring-routing-mode) to leverage a regional set of VPN gateways in different regions as next hops (used here for illustrative/study purpose, not usually done in real life) -The blueprint has been purposefully kept simple to show how to use and wire the VPC and VPN-HA modules together, and so that it can be used as a basis for experimentation. For a more complex scenario that better reflects real-life usage, including [Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) and [DNS cross-project binding](https://cloud.google.com/dns/docs/zones/cross-project-binding) please refer to the [FAST network stage](../../../fast/stages/02-networking-vpn/). +The blueprint has been purposefully kept simple to show how to use and wire the VPC and VPN-HA modules together, and so that it can be used as a basis for experimentation. For a more complex scenario that better reflects real-life usage, including [Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) and [DNS cross-project binding](https://cloud.google.com/dns/docs/zones/cross-project-binding) please refer to the [FAST network stage](../../../fast/stages/2-networking-b-vpn/). This is the high level diagram of this blueprint: diff --git a/diagram.svg b/diagram.svg new file mode 100644 index 00000000..689adf24 --- /dev/null +++ b/diagram.svg @@ -0,0 +1,293 @@ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + +
+ +
+ + + + + + +
+ +
+ + + + + + +
+ +
+ + + + + + + + + + + +
+ +
+ + +
+ Organization +
+ + +
+ tag value [tenant] +
+ + +
+ IAM bindings() +
+ + +
+ organization policies() +
+ + + + + + + + + +
+ «folder» +
+ + +
+ Tenant0 +
+ + +
+ IAM bindings() +
+ + +
+ organization policies() +
+ + +
+ tag bindings() +
+ + + + + + + + + +
+ «folder» +
+ + +
+ Tenant1 +
+ + +
+ IAM bindings() +
+ + +
+ organization policies() +
+ + +
+ tag bindings() +
+ + + + + + + + + +
+ «project» +
+ + +
+ Tenant0_IaC +
+ + +
+ service accounts [all stages] +
+ + +
+ storage buckets [stage 0+1] +
+ + +
+ optional CI/CD [stage 0+1] +
+ + +
+ IAM bindings() +
+ + + + + + + + + +
+ «project» +
+ + +
+ Tenant1_IaC +
+ + +
+ service accounts [all stages] +
+ + +
+ storage buckets [stage 0+1] +
+ + +
+ optional CI/CD [stage 0+1] +
+ + +
+ IAM bindings() +
+ + + + + + + +
+ + \ No newline at end of file diff --git a/fast/README.md b/fast/README.md index e35a4837..7459c870 100644 --- a/fast/README.md +++ b/fast/README.md @@ -12,7 +12,7 @@ Fabric FAST was initially conceived to help enterprises quickly set up a GCP org ### Contracts and stages -FAST uses the concept of stages, which individually perform precise tasks but, taken together, build a functional, ready-to-use GCP organization. More importantly, stages are modeled around the security boundaries that typically appear in mature organizations. This arrangement allows delegating ownership of each stage to the team responsible for the types of resources it manages. For example, as its name suggests, the networking stage sets up all the networking elements and is usually the responsibility of a dedicated networking team within the organization. +FAST uses the concept of stages, which individually perform precise tasks but taken together build a functional, ready-to-use GCP organization. More importantly, stages are modeled around the security boundaries that typically appear in mature organizations. This arrangement allows delegating ownership of each stage to the team responsible for the types of resources it manages. For example, as its name suggests, the networking stage sets up all the networking elements and is usually the responsibility of a dedicated networking team within the organization. From the perspective of FAST's overall design, stages also work as contacts or interfaces, defining a set of pre-requisites and inputs required to perform their designed task and generating outputs needed by other stages lower in the chain. The diagram below shows the relationships between stages. @@ -20,7 +20,7 @@ From the perspective of FAST's overall design, stages also work as contacts or i Stages diagram

-Please refer to the [stages](./stages/) section for further details on each stage. +Please refer to the [stages](./stages/) section for further details on each stage. For details on tenant-level stages which introduce a deeper level of autonomy via nested FAST setups rooted in a top-level folder, refer to the [multitenant stages](#multitenant-organizations) section below. ### Security-first design @@ -32,11 +32,21 @@ FAST also aims to minimize the number of permissions granted to principals accor A resource factory consumes a simple representation of a resource (e.g., in YAML) and deploys it (e.g., using Terraform). Used correctly, factories can help decrease the management overhead of large-scale infrastructure deployments. See "[Resource Factories: A descriptive approach to Terraform](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c)" for more details and the rationale behind factories. -FAST uses YAML-based factories to deploy subnets and firewall rules and, as its name suggests, in the [project factory](./stages/03-project-factory/) stage. +FAST uses YAML-based factories to deploy subnets and firewall rules and, as its name suggests, in the [project factory](./stages/3-project-factory/) stage. ### CI/CD -One of our objectives with FAST is to provide a lightweight reference design for the IaC repositories, and a built-in implementation for running our code in automated pipelines. Our CI/CD approach leverages [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation), and provides sample workflow configurations for several major providers. Refer to the [CI/CD section in the bootstrap stage](stages/00-bootstrap/README.md#cicd) for more details. We also provide separate [optional small stages](./extras/) to help you configure your CI/CD provider. +One of our objectives with FAST is to provide a lightweight reference design for the IaC repositories, and a built-in implementation for running our code in automated pipelines. Our CI/CD approach leverages [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation), and provides sample workflow configurations for several major providers. Refer to the [CI/CD section in the bootstrap stage](./stages/0-bootstrap/README.md#cicd) for more details. We also provide separate [optional small stages](./extras/) to help you configure your CI/CD provider. + +### Multitenant organizations + +FAST has built-in support for complex multitenant organizations, where each tenant has complete control over a separate hierarchy rooted in a top-level folder. This approach is particularly suited for large enterprises or governments, where country-level subsidiaries or government agencies have a wide degree of autonomy within a shared GCP organization managed by a central entity. + +FAST implements multitenancy via [dedicated stages](stages-multitenant) for tenant-level bootstrap and resource management, which configure separate hierarchies within the organization rooted in top-level folders, so that subsequent FAST stages (networking, security, data, etc.) can be used directly for each tenant. The diagram below shows the relationships between organization-level and tenant-level stages. + +

+ Stages diagram +

## Implementation @@ -57,9 +67,9 @@ Those familiar with Python will note that FAST follows many of the maxims in the ## Roadmap -Besides the features already described, FAST roadmap includes: +Besides the features already described, FAST also includes: - Stage to deploy environment-specific multitenant GKE clusters following Google's best practices - Stage to deploy a fully featured data platform -- Reference implementation to use FAST in CI/CD pipelines (in progress) -- Static policy enforcement +- Reference implementation to use FAST in CI/CD pipelines +- Static policy enforcement (planned) diff --git a/fast/extras/0-cicd-github/README.md b/fast/extras/0-cicd-github/README.md new file mode 100644 index 00000000..58407b5e --- /dev/null +++ b/fast/extras/0-cicd-github/README.md @@ -0,0 +1,139 @@ +# FAST GitHub repository management + +This small extra stage allows creating and populating GitHub repositories used to host FAST stage code, including rewriting of module sources and secrets used for private modules repository access. + +It is designed for use in a GitHub organization, and is only meant as a one-shot solution with perishable state especially when used for initial population, as you don't want Terraform to keep overwriting your changes with initial versions of files. + +Initial population is only meant to be used with actual stage, while populating the modules repository should be done by hand to avoid hitting the GitHub hourly limit for their API. + +Once initial population is done, you need to manually push to the repository + +- the `.tfvars` file with custom variable values for your stages +- the workflow configuration file generated by FAST stages + +## GitHub provider credentials + +A [GitHub token](https://github.com/settings/tokens) is needed to authenticate against their API. The token needs organization-level permissions, like shown in this screenshot: + +

+ GitHub token scopes. +

+ +Once a token is available set it in the `GITHUB_TOKEN` environment variable before running Terraform. + +## Variable configuration + +The `organization` required variable sets the GitHub organization where repositories will be created, and is used to configure the Terraform provider. + +### Modules repository and sources + +The `modules_config` variable controls creation and management of the key and secret used to access the private modules repository, and indirectly control population of initial files: if the `modules_config` variable is not specified no module repository is know to the code, so module source paths cannot be replaced, and initial population of files cannot happen. If the variable is specified, an optional `source_ref` attribute can be set to the reference used to pin modules versions. + +This is an example that configures the modules repository name and an optional reference, enabling initial population of repositories where the feature has been turned on: + +```hcl +modules_config = { + repository_name = "GoogleCloudPlatform/cloud-foundation-fabric" + source_ref = "v19.0.0" +} +# tftest skip +``` + +In the above example, no key options are set so it's assumed modules will be fetched from a public repository. If modules repository authentication is needed the `key_config` attribute also needs to be set. + +If no keypair path is specified an internally generated key will be stored as an access key in the modules repository, and as secrets in the stage repositories: + +```hcl +modules_config = { + repository_name = "GoogleCloudPlatform/cloud-foundation-fabric" + key_config = { + create_key = true + create_secrets = true + } +} +# tftest skip +``` + +To use an existing keypair pass the path to the private key, the public key name is assumed to have the same name ending with the `.pub` suffix. This is useful in cases where the access key has already been set in the modules repository, and new repositories need to be created and their corresponding secret set: + +```hcl +modules_config = { + repository_name = "GoogleCloudPlatform/cloud-foundation-fabric" + key_config = { + create_secrets = true + keypair_path = "~/modules-repository-key" + } +} +# tftest skip +``` + +### Repositories + +The `repositories` variable is where you configure which repositories to create and whether initial population of files is desired. + +This is an example that creates repositories for stages 00 and 01, and populates initial files for stages 00, 01, and 02: + +```tfvars +repositories = { + fast_00_bootstrap = { + create_options = { + description = "FAST bootstrap." + features = { + issues = true + } + } + populate_from = "../../stages/0-bootstrap" + } + fast_01_resman = { + create_options = { + description = "FAST resource management." + features = { + issues = true + } + } + populate_from = "../../stages/1-resman" + } + fast_02_networking = { + populate_from = "../../stages/2-networking-peering" + } +} +# tftest skip +``` + +The `create_options` repository attribute controls creation: if the attribute is not present, the repository is assumed to be already existing. + +Initial population depends on a modules repository being configured in the `modules_config` variable described in the preceding section and on the`populate_from` attributes in each repository where population is required, which point to the folder holding the files to be committed. + +### Commit configuration + +Finally, a `commit_config` variable is optional: it can be used to configure author, email and message used in commits for initial population of files, its defaults are probably fine for most use cases. + + + + +## Files + +| name | description | resources | +|---|---|---| +| [cicd-versions.tf](./cicd-versions.tf) | Provider version. | | +| [main.tf](./main.tf) | Module-level locals and resources. | github_actions_secret · github_repository · github_repository_deploy_key · github_repository_file · tls_private_key | +| [outputs.tf](./outputs.tf) | Module outputs. | | +| [providers.tf](./providers.tf) | Provider configuration. | | +| [variables.tf](./variables.tf) | Module variables. | | + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [organization](variables.tf#L50) | GitHub organization. | string | ✓ | | +| [commmit_config](variables.tf#L17) | Configure commit metadata. | object({…}) | | {} | +| [modules_config](variables.tf#L28) | Configure access to repository module via key, and replacement for modules sources in stage repositories. | object({…}) | | null | +| [repositories](variables.tf#L55) | Repositories to create. | map(object({…})) | | {} | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [clone](outputs.tf#L17) | Clone repository commands. | | + + diff --git a/fast/extras/00-cicd-github/cicd-versions.tf b/fast/extras/0-cicd-github/cicd-versions.tf similarity index 96% rename from fast/extras/00-cicd-github/cicd-versions.tf rename to fast/extras/0-cicd-github/cicd-versions.tf index 09f544cb..830f1e48 100644 --- a/fast/extras/00-cicd-github/cicd-versions.tf +++ b/fast/extras/0-cicd-github/cicd-versions.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fast/extras/00-cicd-github/github_token.png b/fast/extras/0-cicd-github/github_token.png similarity index 100% rename from fast/extras/00-cicd-github/github_token.png rename to fast/extras/0-cicd-github/github_token.png diff --git a/fast/extras/00-cicd-github/main.tf b/fast/extras/0-cicd-github/main.tf similarity index 72% rename from fast/extras/00-cicd-github/main.tf rename to fast/extras/0-cicd-github/main.tf index ac6028c1..d91ab970 100644 --- a/fast/extras/00-cicd-github/main.tf +++ b/fast/extras/0-cicd-github/main.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,9 +15,6 @@ */ locals { - _modules_repository = [ - for k, v in var.repositories : local.repositories[k] if v.has_modules - ] _repository_files = flatten([ for k, v in var.repositories : [ for f in concat( @@ -30,12 +27,12 @@ locals { } ] if v.populate_from != null ]) - modules_ref = var.modules_ref == null ? "" : "?ref=${var.modules_ref}" - modules_repository = ( - length(local._modules_repository) > 0 - ? local._modules_repository.0 - : null + modules_ref = ( + try(var.modules_config.source_ref, null) == null + ? "" + : "?ref=${var.modules_config.source_ref}" ) + modules_repo = try(var.modules_config.repository_name, null) repositories = { for k, v in var.repositories : k => v.create_options == null ? k : github_repository.default[k].name @@ -56,6 +53,15 @@ locals { name = "templates/providers.tf.tpl" } if v.populate_from != null + }, + { + for k, v in var.repositories : + "${k}/templates/workflow-github.yaml" => { + repository = k + file = "../../assets/templates/workflow-github.yaml" + name = "templates/workflow-github.yaml" + } + if v.populate_from != null } ) } @@ -96,41 +102,49 @@ resource "github_repository" "default" { } resource "tls_private_key" "default" { - count = local.modules_repository != null ? 1 : 0 algorithm = "ED25519" } resource "github_repository_deploy_key" "default" { - count = local.modules_repository == null ? 0 : 1 + count = ( + try(var.modules_config.key_config.create_key, null) == true ? 1 : 0 + ) title = "Modules repository access" - repository = local.modules_repository - key = tls_private_key.default.0.public_key_openssh - read_only = true + repository = local.modules_repo + key = ( + try(var.modules_config.key_config.keypair_path, null) == null + ? tls_private_key.default.public_key_openssh + : file(pathexpand("${var.modules_config.key_config.keypair_path}.pub")) + ) + read_only = true } resource "github_actions_secret" "default" { - for_each = local.modules_repository == null ? {} : { - for k, v in local.repositories : - k => v if k != local.modules_repository - } - repository = each.key - secret_name = "CICD_MODULES_KEY" - plaintext_value = tls_private_key.default.0.private_key_openssh + for_each = ( + try(var.modules_config.key_config.create_secrets, null) == true + ? local.repositories + : {} + ) + repository = each.key + secret_name = "CICD_MODULES_KEY" + plaintext_value = ( + try(var.modules_config.key_config.keypair_path, null) == null + ? tls_private_key.default.private_key_openssh + : file(pathexpand("${var.modules_config.key_config.keypair_path}")) + ) } resource "github_repository_file" "default" { - for_each = ( - local.modules_repository == null ? {} : local.repository_files - ) + for_each = local.modules_repo == null ? {} : local.repository_files repository = local.repositories[each.value.repository] branch = "main" file = each.value.name content = ( - endswith(each.value.name, ".tf") && local.modules_repository != null + endswith(each.value.name, ".tf") && local.modules_repo != null ? replace( file(each.value.file), "/source\\s*=\\s*\"../../../modules/([^/\"]+)\"/", - "source = \"git@github.com:${var.organization}/${local.modules_repository}.git//$1${local.modules_ref}\"" # " + "source = \"git@github.com:${local.modules_repo}.git//$1${local.modules_ref}\"" # " ) : file(each.value.file) ) diff --git a/fast/extras/00-cicd-github/outputs.tf b/fast/extras/0-cicd-github/outputs.tf similarity index 96% rename from fast/extras/00-cicd-github/outputs.tf rename to fast/extras/0-cicd-github/outputs.tf index cb580e1f..61b5ffbc 100644 --- a/fast/extras/00-cicd-github/outputs.tf +++ b/fast/extras/0-cicd-github/outputs.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fast/extras/00-cicd-github/providers.tf b/fast/extras/0-cicd-github/providers.tf similarity index 95% rename from fast/extras/00-cicd-github/providers.tf rename to fast/extras/0-cicd-github/providers.tf index 29be30ae..a7ccb32d 100644 --- a/fast/extras/00-cicd-github/providers.tf +++ b/fast/extras/0-cicd-github/providers.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/fast/extras/00-cicd-github/variables.tf b/fast/extras/0-cicd-github/variables.tf similarity index 75% rename from fast/extras/00-cicd-github/variables.tf rename to fast/extras/0-cicd-github/variables.tf index 0d9cb7fd..8e5d0832 100644 --- a/fast/extras/00-cicd-github/variables.tf +++ b/fast/extras/0-cicd-github/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,10 +25,26 @@ variable "commmit_config" { nullable = false } -variable "modules_ref" { - description = "Optional git ref used in module sources." - type = string - default = null +variable "modules_config" { + description = "Configure access to repository module via key, and replacement for modules sources in stage repositories." + type = object({ + repository_name = string + source_ref = optional(string) + key_config = optional(object({ + create_key = optional(bool, false) + create_secrets = optional(bool, false) + keypair_path = optional(string) + }), {}) + }) + default = null + validation { + condition = ( + var.modules_config == null + || + try(var.modules_config.repository_name, null) != null + ) + error_message = "Modules configuration requires a modules repository name." + } } variable "organization" { @@ -63,7 +79,6 @@ variable "repositories" { }), {}) visibility = optional(string, "private") })) - has_modules = optional(bool, false) populate_from = optional(string) })) default = {} diff --git a/fast/extras/00-cicd-github/README.md b/fast/extras/00-cicd-github/README.md deleted file mode 100644 index acf249bc..00000000 --- a/fast/extras/00-cicd-github/README.md +++ /dev/null @@ -1,105 +0,0 @@ -# FAST GitHub repository management - -This small extra stage allows creation and management of GitHub repositories used to host FAST stage code, including initial population of files and rewriting of module sources. - -This stage is designed for quick repository creation in a GitHub organization, and is not suited for medium or long-term repository management especially if you enable initial population of files. - -## Initial population caveats - -Initial file population of repositories is controlled via the `populate_from` attribute, and needs a bit of care: - -- never run this stage with the same variables used for population once the repository starts being used, as **Terraform will manage file state and revert any changes at each apply**, which is probably not what you want. -- initial population of the modules repository is discouraged, as the number of resulting files Terraform needs to manage is very close to the GitHub hourly limit for their API, it's much easier to populate modules via regular git commands - -The scenario for which this stage has been designed is one-shot creation and/or population of stage repositories, running it multiple times with different variables and Terraform states if incremental creation is needed for subsequent FAST stages (e.g. GKE, data platform, etc.). - -Once initial population is done, you need to manually push to the repository - -- the `.tfvars` file with custom variable values for your stages -- the workflow configuration file generated by FAST stages - -## GitHub provider credentials - -A [GitHub token](https://github.com/settings/tokens) is needed to authenticate against their API. The token needs organization-level permissions, like shown in this screenshot: - -

- GitHub token scopes. -

- -## Variable configuration - -The `organization` required variable sets the GitHub organization where repositories will be created, and is used to configure the Terraform provider. - -The `repositories` variable is where you configure which repositories to create, whether initial population of files is desired, and which repository is used to host modules. - -This is an example that creates repositories for stages 00 and 01, defines an existing repositories as the source for modules, and populates initial files for stages 00, 01, and 02: - -```tfvars -organization = "ludomagno" -repositories = { - fast_00_bootstrap = { - create_options = { - description = "FAST bootstrap." - features = { - issues = true - } - } - populate_from = "../../stages/00-bootstrap" - } - fast_01_resman = { - create_options = { - description = "FAST resource management." - features = { - issues = true - } - } - populate_from = "../../stages/01-resman" - } - fast_02_networking = { - populate_from = "../../stages/02-networking-peering" - } - fast_modules = { - has_modules = true - } -} -``` - -The `create_options` repository attribute controls creation: if the attribute is not present, the repository is assumed to be already existing. - -Initial population depends on a modules repository being configured, identified by the `has_modules` attribute, and on `populate_from` attributes in each repository where population is required, pointing to the folder holding the files to be committed. - -Finally, a `commit_config` variable is optional: it can be used to configure author, email and message used in commits for initial population of files, its defaults are probably fine for most use cases. - -## Modules secret - -When initial population is configured for a repository, this stage also adds a secret with the private key used to authenticate against the modules repository. This matches the configuration of the GitHub workflow files created for each FAST stage when CI/CD is enabled. - - - - -## Files - -| name | description | resources | -|---|---|---| -| [cicd-versions.tf](./cicd-versions.tf) | Provider version. | | -| [main.tf](./main.tf) | Module-level locals and resources. | github_actions_secret · github_repository · github_repository_deploy_key · github_repository_file · tls_private_key | -| [outputs.tf](./outputs.tf) | Module outputs. | | -| [providers.tf](./providers.tf) | Provider configuration. | | -| [variables.tf](./variables.tf) | Module variables. | | - -## Variables - -| name | description | type | required | default | -|---|---|:---:|:---:|:---:| -| [organization](variables.tf#L34) | GitHub organization. | string | ✓ | | -| [commmit_config](variables.tf#L17) | Configure commit metadata. | object({…}) | | {} | -| [modules_ref](variables.tf#L28) | Optional git ref used in module sources. | string | | null | -| [repositories](variables.tf#L39) | Repositories to create. | map(object({…})) | | {} | - -## Outputs - -| name | description | sensitive | -|---|---|:---:| -| [clone](outputs.tf#L17) | Clone repository commands. | | - - diff --git a/fast/extras/README.md b/fast/extras/README.md index 121fa4b0..9213224c 100644 --- a/fast/extras/README.md +++ b/fast/extras/README.md @@ -2,4 +2,4 @@ This folder contains additional helper stages for FAST, which can be used to simplify specific operational tasks: -- [GitHub repository management](./00-cicd-github/) +- [GitHub repository management](./0-cicd-github/) diff --git a/fast/stage-links.sh b/fast/stage-links.sh new file mode 100755 index 00000000..cfa7919d --- /dev/null +++ b/fast/stage-links.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ $# -eq 0 ]; then + echo "Error: no folder or GCS bucket specified. Use -h or --help for usage." + exit 1 +fi + +if [[ "$1" == "-h" || "$1" == "--help" ]]; then + cat < $MESSAGE <---" +fi diff --git a/fast/stages-multitenant/0-bootstrap-tenant/IAM.md b/fast/stages-multitenant/0-bootstrap-tenant/IAM.md new file mode 100644 index 00000000..543a82ab --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/IAM.md @@ -0,0 +1,49 @@ +# IAM bindings reference + +Legend: + additive, conditional. + +## Organization [org_id #0] + +| members | roles | +|---|---| +|tn0-admins
group|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +
[roles/resourcemanager.organizationViewer](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.organizationViewer) +| +|tn0-gke-dev-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-gke-prod-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-networking-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-pf-dev-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-pf-prod-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-resman-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-sandbox-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-security-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| +|tn0-teams-0
serviceAccount|[roles/orgpolicy.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#orgpolicy.policyAdmin) +| + +## Folder test tenant 0 [#1] + +| members | roles | +|---|---| +|tn0-admins
group|[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin)
[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | +|tn0-networking-0
serviceAccount|[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin) | +|tn0-resman-0
serviceAccount|[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin)
[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | + +## Project prod-iac-core-0 + +| members | roles | +|---|---| +|tn0-bootstrap-1
serviceAccount|[roles/logging.logWriter](https://cloud.google.com/iam/docs/understanding-roles#logging.logWriter) +| + +## Project tn0-audit-logs-0 + +| members | roles | +|---|---| +|f260055713332-284719
serviceAccount|[roles/logging.bucketWriter](https://cloud.google.com/iam/docs/understanding-roles#logging.bucketWriter) +| +|prod-resman-0
serviceAccount|[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner) | +|tn0-resman-0
serviceAccount|[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner) | + +## Project tn0-iac-core-0 + +| members | roles | +|---|---| +|tn0-admins
group|[roles/iam.serviceAccountTokenCreator](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountTokenCreator)
[roles/iam.workloadIdentityPoolAdmin](https://cloud.google.com/iam/docs/understanding-roles#iam.workloadIdentityPoolAdmin) | +|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +| +|prod-resman-0
serviceAccount|[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner) | +|tn0-resman-0
serviceAccount|[roles/cloudbuild.builds.editor](https://cloud.google.com/iam/docs/understanding-roles#cloudbuild.builds.editor)
[roles/iam.serviceAccountAdmin](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountAdmin)
[roles/iam.workloadIdentityPoolAdmin](https://cloud.google.com/iam/docs/understanding-roles#iam.workloadIdentityPoolAdmin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/source.admin](https://cloud.google.com/iam/docs/understanding-roles#source.admin)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) | diff --git a/fast/stages-multitenant/0-bootstrap-tenant/README.md b/fast/stages-multitenant/0-bootstrap-tenant/README.md new file mode 100644 index 00000000..c1fc9530 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/README.md @@ -0,0 +1,210 @@ +# Tenant bootstrap + +The primary purpose of this stage is to decouple a single tenant from centrally managed resources in the organization, so that subsequent management of the tenant's own hierarchy and resources can be implemented with a high degree of autonomy. + +It is logically equivalent to organization-level bootstrap as it's concerned with setting up IAM bindings on a root node and creating supporting projects attached to it, but it depends on the organization-level resource management stage and uses the same service account and permissions since it operates at the hierarchy level (folders, tags, organization policies). + +The resources and policies managed here are: + +- the tag value in the `tenant` key used in IAM conditions +- the billing IAM bindings for the tenant-specific automation service accounts +- the organization-level IAM binding that allows conditional managing of org policies on the tenant folder +- the top-level tenant folder which acts as the root of the tenant's hierarchy +- any organization policy that needs to be set for the tenant on its root folder +- the tenant automation and logging projects +- service accounts for all tenant stages +- GCS buckets for bootstrap and resource management state +- optional CI/CD setup for this and the resource management tenant stages +- tenant-specific Workload Identity Federation pool and providers (planned) + +One notable difference compared to organization-level bootstrap is the creation of service accounts for all tenant stages: this is done here so that Billing and Organization Policy Admin bindings can be set, leveraging permissions of the org-level resman service account which is used to run this stage. Doing this here avoids the need to grant broad scoped permissions on the organization to tenant-level service accounts, and effectively decouples the tenant from the organization. + +The following diagram is a high level reference of what this stage manages, showing one hypothetical tenant (additional tenants require additional instances of this stage being deployed): + +```mermaid +%%{init: {'theme':'base'}}%% +classDiagram + Organization~🏢~ -- Tenant 0~📁~ + Tenant 0~📁~ -- tn0_automation + Tenant 0~📁~ -- tn0_logging + class Organization~🏢~ { + - tag value + - IAM bindings() + - org policies() + } + class Tenant 0~📁~ { + - log sinks + - IAM bindings() + - tag bindings() + } + class tn0_automation { + - GCS buckets + - service accounts + - optional CI/CD + - IAM bindings() + } + class tn0_logging { + - log sink destinations + } +``` + +As most of the features of this stage follow the same design and configurations of the [organization-level bootstrap stage](../../stages/0-bootstrap/), we will only focus on the tenant-specific configuration in this document. + +## Naming + +This stage sets the prefix used to name tenant resources, and passes it downstream to the other tenant stages together with the other globals needed by the tenant. The default is to append the tenant short name (a 3 or 4 letter acronym or abbreviation) to the organization-level prefix, if that is not desired this can be changed by editing local definitions in the `main.tf` file. Just be aware that some resources have name length constraints. + +## How to run this stage + +The tenant bootstrap stage is the effective boundary between organization and tenant-level resources: it uses the same inputs as the organization-level resource management stage, and produces outputs which provide the needed context to all other tenant stages. + +### Output files and cross-stage variables + +As mentioned above, the organization-level set of output files are used here with one exception: the provider file is different since state is specific to this stage. The `stage-links.sh` script can be used to get the commands needed for the provider and output files, just pass a single argument with your FAST output files folder path, or GCS bucket URI: + +```bash +../../stage-links.sh ~/fast-config +``` + +The script output can be copy/pasted to a terminal: + +```bash +# copy and paste the following commands for '0-bootstrap-tenant' + +cp ~/fast-config/providers/0-bootstrap-tenant-providers.tf ./ +ln -s ~/fast-config/tfvars/globals.auto.tfvars.json ./ +ln -s ~/fast-config/tfvars/0-bootstrap.auto.tfvars.json ./ +ln -s ~/fast-config/tfvars/1-resman.auto.tfvars.json ./ + +# ---> remember to set the prefix in the provider file <--- +``` + +As shown in the script output above, the provider file is a template used as a source for potentially multiple tenant installations, so it needs to be specifically configured for this tenant by setting the backend `prefix` to a unique string so that the Terraform state file will not overlap with other tenants. Open it in an editor and perform the change before proceeding. + +### Global overrides + +The globals variable file linekd above contains definition which were set for the organization, for example the locations used for log sink destinations. These might not be correct for each tenant, so this stage allows overriding them via the tenant configuration variable described in the next section. + +### Tenant-level configuration + +The tenant configuration resides in the `tenant_config` variable, this is an example configuration for a tenant with comments explaining the different choices that need to be made: + +```hcl +tenant_config = { + # used for the top-level folder name + descriptive_name = "My First Tenant" + # tenant-specific groups, only the admin group is required + # the organization domain is automatically added after the group name + groups = { + gcp-admins = "tn01-admins" + # gcp-devops = "tn01-devops" + # gcp-network-admins = "tn01-networking" + # gcp-security-admins = "tn01-security" + } + # the 3 or 4 letter acronym or abbreviation used in resource names + short_name = "tn01" + # optional CI/CD configuration, refer to the org-level stages for information + # cicd = { + # branch = null + # identity_provider = "foo-provider" + # name = "myorg/tn01-bootstrap" + # type = "github" + # } + # optional group-level IAM bindings to add to the top-level folder + # group_iam = { + # tn01-support = ["roles/viewer"] + # } + # optional IAM bindings to add to the top-level folder + # iam = { + # "roles/logging.admin" = [ + # "serviceAccount:foo@myprj.iam.gserviceaccount.com" + # ] + # } + # optional location overrides to global locations + # locations = { + # bq = null + # gcs = null + # logging = null + # pubsub = null + # } + # optional folder ids for automation and logging project folders, typically + # added in later stages and entered here once created + # project_parent_ids = { + # automation = "folders/012345678" + # logging = "folders/0123456789" + # } +} +# tftest skip +``` + +Configure the tenant variable in a tfvars file for this stage. A few minor points worth noting: + +- the administrator group is the only one required here, specifying other groups only has the effect of populating the output file with group names for reuse in later stages +- the `iam` variable is merged with the IAM bindings for service accounts in the `main.tf` file, which take precedence; if a role specified in the variable is ignored, that's probably the case +- locations can be overridden at the attribute level, there's no need to specify those that are equal to the ones in the organization globals file + +### Running the stage + +Once the configuration is done just go through the usual `init/apply` cycle. On successful apply, a tfvars file specific for this tenant and a set of provider files will be created. + +### TODO + +- [ ] tenant-level Workload Identity Federation pool and providers configuration +- [ ] tenant-level logging project and sinks + + + + +## Files + +| name | description | modules | resources | +|---|---|---|---| +| [automation-sas.tf](./automation-sas.tf) | Tenant automation stage 2 and 3 service accounts. | iam-service-account | google_organization_iam_member | +| [automation.tf](./automation.tf) | Tenant automation project and resources. | gcs · iam-service-account · project | | +| [billing.tf](./billing.tf) | Billing roles for standalone billing accounts. | | google_billing_account_iam_member | +| [cicd.tf](./cicd.tf) | Workload Identity Federation configurations for CI/CD. | iam-service-account · source-repository | | +| [identity-providers.tf](./identity-providers.tf) | Workload Identity Federation provider definitions. | | google_iam_workload_identity_pool · google_iam_workload_identity_pool_provider | +| [log-export.tf](./log-export.tf) | Audit log project and sink. | bigquery-dataset · gcs · logging-bucket · project · pubsub | | +| [main.tf](./main.tf) | Module-level locals and resources. | folder | | +| [organization.tf](./organization.tf) | Organization tag and conditional IAM grant. | organization | google_organization_iam_member · google_tags_tag_value_iam_member | +| [outputs-files.tf](./outputs-files.tf) | Output files persistence to local filesystem. | | local_file | +| [outputs-gcs.tf](./outputs-gcs.tf) | Output files persistence to automation GCS bucket. | | google_storage_bucket_object | +| [outputs.tf](./outputs.tf) | Module outputs. | | | +| [variables.tf](./variables.tf) | Module variables. | | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| [automation](variables.tf#L20) | Automation resources created by the organization-level bootstrap stage. | object({…}) | ✓ | | 0-bootstrap | +| [billing_account](variables.tf#L38) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | +| [organization](variables.tf#L193) | Organization details. | object({…}) | ✓ | | 0-bootstrap | +| [prefix](variables.tf#L209) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | +| [tag_keys](variables.tf#L232) | Organization tag keys. | object({…}) | ✓ | | 1-resman | +| [tag_names](variables.tf#L243) | Customized names for resource management tags. | object({…}) | ✓ | | 1-resman | +| [tag_values](variables.tf#L254) | Organization resource management tag values. | map(string) | ✓ | | 1-resman | +| [tenant_config](variables.tf#L261) | Tenant configuration. Short name must be 4 characters or less. | object({…}) | ✓ | | | +| [cicd_repositories](variables.tf#L51) | CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | object({…}) | | null | | +| [custom_roles](variables.tf#L97) | Custom roles defined at the organization level, in key => id format. | object({…}) | | null | 0-bootstrap | +| [fast_features](variables.tf#L106) | Selective control for top-level FAST features. | object({…}) | | {} | 0-bootstrap | +| [federated_identity_providers](variables.tf#L120) | Workload Identity Federation pools. The `cicd_repositories` variable references keys here. | map(object({…})) | | {} | | +| [group_iam](variables.tf#L134) | Tenant-level custom group IAM settings in group => [roles] format. | map(list(string)) | | {} | | +| [iam](variables.tf#L140) | Tenant-level custom IAM settings in role => [principal] format. | map(list(string)) | | {} | | +| [iam_additive](variables.tf#L146) | Tenant-level custom IAM settings in role => [principal] format for non-authoritative bindings. | map(list(string)) | | {} | | +| [locations](variables.tf#L152) | Optional locations for GCS, BigQuery, and logging buckets created here. These are the defaults set at the organization level, and can be overridden via the tenant config variable. | object({…}) | | {…} | 0-bootstrap | +| [log_sinks](variables.tf#L172) | Tenant-level log sinks, in name => {type, filter} format. | map(object({…})) | | {…} | | +| [outputs_location](variables.tf#L203) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string | | null | | +| [project_parent_ids](variables.tf#L219) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the tenant folder as parent. | object({…}) | | {…} | | +| [test_principal](variables.tf#L301) | Used when testing to bypass the data source returning the current identity. | string | | null | | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| [cicd_workflows](outputs.tf#L102) | CI/CD workflows for tenant bootstrap and resource management stages. | ✓ | | +| [federated_identity](outputs.tf#L108) | Workload Identity Federation pool and providers. | | | +| [provider](outputs.tf#L118) | Terraform provider file for tenant resource management stage. | ✓ | stage-01 | +| [tenant_resources](outputs.tf#L125) | Tenant-level resources. | | | +| [tfvars](outputs.tf#L136) | Terraform variable files for the following tenant stages. | ✓ | | + + diff --git a/fast/stages-multitenant/0-bootstrap-tenant/automation-sas.tf b/fast/stages-multitenant/0-bootstrap-tenant/automation-sas.tf new file mode 100644 index 00000000..c548f8d5 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/automation-sas.tf @@ -0,0 +1,127 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Tenant automation stage 2 and 3 service accounts. + +locals { + branch_sas = { + dp-dev = { + condition = join(" && ", [ + "resource.matchTag('${local.tag_keys.context}', 'data')", + "resource.matchTag('${local.tag_keys.environment}', 'development')" + ]) + description = "data platform dev" + flag = "data_platform" + } + dp-prod = { + condition = join(" && ", [ + "resource.matchTag('${local.tag_keys.context}', 'data')", + "resource.matchTag('${local.tag_keys.environment}', 'production')" + ]) + description = "data platform prod" + flag = "data_platform" + } + gke-dev = { + condition = join(" && ", [ + "resource.matchTag('${local.tag_keys.context}', 'gke')", + "resource.matchTag('${local.tag_keys.environment}', 'development')" + ]) + description = "GKE dev" + flag = "gke" + } + gke-prod = { + condition = join(" && ", [ + "resource.matchTag('${local.tag_keys.context}', 'gke')", + "resource.matchTag('${local.tag_keys.environment}', 'production')" + ]) + description = "GKE prod" + flag = "gke" + } + networking = { + condition = "resource.matchTag('${local.tag_keys.context}', 'networking')" + description = "networking" + flag = "-" + } + pf-dev = { + condition = "resource.matchTag('${local.tag_keys.environment}', 'development')" + description = "project factory dev" + flag = "project_factory" + } + pf-prod = { + condition = "resource.matchTag('${local.tag_keys.environment}', 'production')" + description = "project factory prod" + flag = "project_factory" + } + sandbox = { + condition = "resource.matchTag('${local.tag_keys.context}', 'sandbox')" + description = "sandbox" + flag = "sandbox" + } + security = { + condition = "resource.matchTag('${local.tag_keys.context}', 'security')" + description = "security" + flag = "-" + } + teams = { + condition = "resource.matchTag('${local.tag_keys.context}', 'teams')" + description = "teams" + flag = "teams" + } + } +} + +module "automation-tf-resman-sa-stage2-3" { + source = "../../../modules/iam-service-account" + for_each = { + for k, v in local.branch_sas : + k => v if lookup(local.fast_features, v.flag, true) + } + project_id = module.automation-project.project_id + name = "${each.key}-0" + display_name = "Terraform ${each.value.description} service account." + prefix = local.prefix + iam_billing_roles = !var.billing_account.is_org_level ? { + (var.billing_account.id) = [ + "roles/billing.user", "roles/billing.costsManager" + ] + } : {} + iam_organization_roles = var.billing_account.is_org_level ? { + (var.organization.id) = [ + "roles/billing.user", "roles/billing.costsManager" + ] + } : {} +} + +# assign org policy admin with a tag-based condition to stage 2 and 3 SAs + +resource "google_organization_iam_member" "org_policy_admin_stage2_3" { + for_each = { + for k, v in module.automation-tf-resman-sa-stage2-3 : k => v.iam_email + } + org_id = var.organization.id + role = "roles/orgpolicy.policyAdmin" + member = each.value + condition { + title = "org_policy_tag_${var.tenant_config.short_name}_${each.key}_scoped" + description = join("", [ + "Org policy tag scoped grant for tenant ${var.tenant_config.short_name} ", + local.branch_sas[each.key].description + ]) + expression = join(" && ", [ + local.iam_tenant_condition, local.branch_sas[each.key].condition + ]) + } +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/automation.tf b/fast/stages-multitenant/0-bootstrap-tenant/automation.tf new file mode 100644 index 00000000..9684e7ca --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/automation.tf @@ -0,0 +1,141 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Tenant automation project and resources. + +module "automation-project" { + source = "../../../modules/project" + billing_account = var.billing_account.id + name = "iac-core-0" + parent = coalesce( + var.project_parent_ids.automation, + module.tenant-folder.id + ) + prefix = local.prefix + # human (groups) IAM bindings + group_iam = { + (local.groups.gcp-admins) = [ + "roles/iam.serviceAccountAdmin", + "roles/iam.serviceAccountTokenCreator", + ] + (local.groups.gcp-admins) = [ + "roles/iam.serviceAccountTokenCreator", + "roles/iam.workloadIdentityPoolAdmin" + ] + } + # machine (service accounts) IAM bindings + iam = { + "roles/owner" = [ + module.automation-tf-resman-sa.iam_email, + "serviceAccount:${local.resman_sa}" + ] + "roles/cloudbuild.builds.editor" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/iam.serviceAccountAdmin" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/iam.workloadIdentityPoolAdmin" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/source.admin" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/storage.admin" = [ + module.automation-tf-resman-sa.iam_email + ] + } + services = [ + "accesscontextmanager.googleapis.com", + "bigquery.googleapis.com", + "bigqueryreservation.googleapis.com", + "bigquerystorage.googleapis.com", + "billingbudgets.googleapis.com", + "cloudbilling.googleapis.com", + "cloudbuild.googleapis.com", + "cloudkms.googleapis.com", + "cloudresourcemanager.googleapis.com", + "container.googleapis.com", + "compute.googleapis.com", + "container.googleapis.com", + "essentialcontacts.googleapis.com", + "iam.googleapis.com", + "iamcredentials.googleapis.com", + "orgpolicy.googleapis.com", + "pubsub.googleapis.com", + "servicenetworking.googleapis.com", + "serviceusage.googleapis.com", + "sourcerepo.googleapis.com", + "stackdriver.googleapis.com", + "storage-component.googleapis.com", + "storage.googleapis.com", + "sts.googleapis.com" + ] +} + +# output files bucket + +module "automation-tf-output-gcs" { + source = "../../../modules/gcs" + project_id = module.automation-project.project_id + name = "iac-core-outputs-0" + prefix = local.prefix + location = local.locations.gcs + storage_class = local.gcs_storage_class + versioning = true +} + +# resource management stage bucket and service account + +module "automation-tf-resman-gcs" { + source = "../../../modules/gcs" + project_id = module.automation-project.project_id + name = "iac-core-resman-0" + prefix = local.prefix + location = local.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.automation-tf-resman-sa.iam_email] + } +} + +module "automation-tf-resman-sa" { + source = "../../../modules/iam-service-account" + project_id = module.automation-project.project_id + name = "resman-0" + display_name = "Terraform stage 1 resman service account." + prefix = local.prefix + # allow SA used by CI/CD workflow to impersonate this SA + iam = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.automation-tf-cicd-sa-resman["0"].iam_email, null) + ]) + } + iam_billing_roles = !var.billing_account.is_org_level ? { + (var.billing_account.id) = [ + "roles/billing.admin", "roles/billing.costsManager" + ] + } : {} + iam_organization_roles = var.billing_account.is_org_level ? { + (var.organization.id) = [ + "roles/billing.admin", "roles/billing.costsManager" + ] + } : {} + iam_storage_roles = { + (module.automation-tf-output-gcs.name) = ["roles/storage.admin"] + } +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/billing.tf b/fast/stages-multitenant/0-bootstrap-tenant/billing.tf new file mode 100644 index 00000000..77c26b91 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/billing.tf @@ -0,0 +1,39 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Billing roles for standalone billing accounts. + +# service account billing roles are in the SA module in automation.tf + +resource "google_billing_account_iam_member" "billing_ext_admin" { + for_each = toset(var.billing_account.is_org_level ? [] : [ + "group:${local.groups.gcp-admins}", + module.automation-tf-resman-sa.iam_email + ]) + billing_account_id = var.billing_account.id + role = "roles/billing.admin" + member = each.key +} + +resource "google_billing_account_iam_member" "billing_ext_cost_manager" { + for_each = toset(var.billing_account.is_org_level ? [] : [ + "group:${local.groups.gcp-admins}", + module.automation-tf-resman-sa.iam_email + ]) + billing_account_id = var.billing_account.id + role = "roles/billing.costsManager" + member = each.key +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/cicd.tf b/fast/stages-multitenant/0-bootstrap-tenant/cicd.tf new file mode 100644 index 00000000..a25215af --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/cicd.tf @@ -0,0 +1,223 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Workload Identity Federation configurations for CI/CD. + +locals { + _file_prefix = "tenants/${var.tenant_config.short_name}" + # derive identity pool names from identity providers for easy reference + cicd_identity_pools = { + for k, v in local.cicd_identity_providers : + k => split("/providers/", v.name)[0] + } + # merge org-level and tenant-level identity providers + cicd_identity_providers = merge( + var.automation.federated_identity_providers, + { + for k, v in google_iam_workload_identity_pool_provider.default : + k => { + issuer = local.identity_providers[k].issuer + issuer_uri = local.identity_providers[k].issuer_uri + name = v.name + principal_tpl = local.identity_providers[k].principal_tpl + principalset_tpl = local.identity_providers[k].principalset_tpl + } + }) + # filter CI/CD repositories to only keep valid ones + cicd_repositories = { + for k, v in coalesce(var.cicd_repositories, {}) : k => v + if( + v != null + && + ( + try(v.type, null) == "sourcerepo" + || + contains( + keys(local.cicd_identity_providers), + coalesce(try(v.identity_provider, null), ":") + ) + ) + && + fileexists( + format("${path.module}/templates/workflow-%s.yaml", try(v.type, "")) + ) + ) + } +} + +# tenant bootstrap runs in the org scope and uses top-level automation project + +module "automation-tf-cicd-repo-bootstrap" { + source = "../../../modules/source-repository" + for_each = { + for k, v in local.cicd_repositories : 0 => v + if k == "bootstrap" && try(v.type, null) == "sourcerepo" + } + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = [ + local.resman_sa + ] + "roles/source.reader" = [ + module.automation-tf-cicd-sa-bootstrap["0"].iam_email + ] + } + triggers = { + "fast-${var.tenant_config.short_name}-0-bootstrap" = { + filename = ".cloudbuild/workflow.yaml" + included_files = ["**/*tf", ".cloudbuild/workflow.yaml"] + service_account = module.automation-tf-cicd-sa-bootstrap["0"].id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } +} + +module "automation-tf-cicd-sa-bootstrap" { + source = "../../../modules/iam-service-account" + for_each = { + for k, v in local.cicd_repositories : 0 => v + if k == "bootstrap" && try(v.type, null) != null + } + project_id = var.automation.project_id + name = "bootstrap-1" + display_name = "Terraform CI/CD ${var.tenant_config.short_name} bootstrap." + prefix = local.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? {} + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} + +module "automation-tf-org-resman-sa" { + source = "../../../modules/iam-service-account" + for_each = { + for k, v in local.cicd_repositories : 0 => v + if k == "bootstrap" && try(v.type, null) != null + } + project_id = var.automation.project_id + name = local.resman_sa + service_account_create = false + iam_additive = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.automation-tf-cicd-sa-bootstrap["0"].iam_email, null) + ]) + } +} + +# tenant resman runs in the tenant scope and uses its own automation project + +module "automation-tf-cicd-repo-resman" { + source = "../../../modules/source-repository" + for_each = { + for k, v in local.cicd_repositories : 0 => v + if k == "resman" && try(v.type, null) == "sourcerepo" + } + project_id = module.automation-project.project_id + name = each.value.name + iam = { + "roles/source.admin" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/source.reader" = [ + module.automation-tf-cicd-sa-resman["0"].iam_email + ] + } + triggers = { + fast-1-resman = { + filename = ".cloudbuild/workflow.yaml" + included_files = ["**/*tf", ".cloudbuild/workflow.yaml"] + service_account = module.automation-tf-cicd-sa-resman["0"].id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } +} + +module "automation-tf-cicd-sa-resman" { + source = "../../../modules/iam-service-account" + for_each = { + for k, v in local.cicd_repositories : 0 => v + if k == "resman" && try(v.type, null) != null + } + project_id = module.automation-project.project_id + name = "resman-1" + display_name = "Terraform CI/CD resman." + prefix = local.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? {} + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (module.automation-project.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (module.automation-tf-output-gcs.name) = ["roles/storage.objectViewer"] + } +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/diagram.svg b/fast/stages-multitenant/0-bootstrap-tenant/diagram.svg new file mode 100644 index 00000000..4090c7b0 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/diagram.svg @@ -0,0 +1,597 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/fast/stages-multitenant/0-bootstrap-tenant/identity-providers.tf b/fast/stages-multitenant/0-bootstrap-tenant/identity-providers.tf new file mode 100644 index 00000000..3f8499b7 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/identity-providers.tf @@ -0,0 +1,96 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Workload Identity Federation provider definitions. + +locals { + identity_providers = { + for k, v in var.federated_identity_providers : k => merge( + v, + lookup(local.identity_providers_defs, v.issuer, {}) + ) + } + identity_providers_defs = { + # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect + github = { + attribute_mapping = { + "google.subject" = "assertion.sub" + "attribute.sub" = "assertion.sub" + "attribute.actor" = "assertion.actor" + "attribute.repository" = "assertion.repository" + "attribute.repository_owner" = "assertion.repository_owner" + "attribute.ref" = "assertion.ref" + } + issuer_uri = "https://token.actions.githubusercontent.com" + principal_tpl = "principal://iam.googleapis.com/%s/subject/repo:%s:ref:refs/heads/%s" + principalset_tpl = "principalSet://iam.googleapis.com/%s/attribute.repository/%s" + } + # https://docs.gitlab.com/ee/ci/cloud_services/index.html#how-it-works + gitlab = { + attribute_mapping = { + "google.subject" = "assertion.sub" + "attribute.sub" = "assertion.sub" + "attribute.environment" = "assertion.environment" + "attribute.environment_protected" = "assertion.environment_protected" + "attribute.namespace_id" = "assertion.namespace_id" + "attribute.namespace_path" = "assertion.namespace_path" + "attribute.pipeline_id" = "assertion.pipeline_id" + "attribute.pipeline_source" = "assertion.pipeline_source" + "attribute.project_id" = "assertion.project_id" + "attribute.project_path" = "assertion.project_path" + "attribute.repository" = "assertion.project_path" + "attribute.ref" = "assertion.ref" + "attribute.ref_protected" = "assertion.ref_protected" + "attribute.ref_type" = "assertion.ref_type" + } + allowed_audiences = ["https://gitlab.com"] + issuer_uri = "https://gitlab.com" + principal_tpl = "principalSet://iam.googleapis.com/%s/attribute.sub/project_path:%s:ref_type:branch:ref:%s" + principalset_tpl = "principalSet://iam.googleapis.com/%s/attribute.repository/%s" + } + } +} + +resource "google_iam_workload_identity_pool" "default" { + provider = google-beta + count = length(local.identity_providers) > 0 ? 1 : 0 + project = module.automation-project.project_id + workload_identity_pool_id = "${var.prefix}-bootstrap" +} + +resource "google_iam_workload_identity_pool_provider" "default" { + provider = google-beta + for_each = local.identity_providers + project = module.automation-project.project_id + workload_identity_pool_id = ( + google_iam_workload_identity_pool.default.0.workload_identity_pool_id + ) + workload_identity_pool_provider_id = "${var.prefix}-bootstrap-${each.key}" + attribute_condition = each.value.attribute_condition + attribute_mapping = each.value.attribute_mapping + oidc { + allowed_audiences = ( + try(each.value.custom_settings.allowed_audiences, null) != null + ? each.value.custom_settings.allowed_audiences + : try(each.value.allowed_audiences, null) + ) + issuer_uri = ( + try(each.value.custom_settings.issuer_uri, null) != null + ? each.value.custom_settings.issuer_uri + : try(each.value.issuer_uri, null) + ) + } +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/log-export.tf b/fast/stages-multitenant/0-bootstrap-tenant/log-export.tf new file mode 100644 index 00000000..b0bf115a --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/log-export.tf @@ -0,0 +1,94 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Audit log project and sink. + +locals { + log_sink_destinations = merge( + # use the same dataset for all sinks with `bigquery` as destination + { for k, v in var.log_sinks : k => module.log-export-dataset.0 if v.type == "bigquery" }, + # use the same gcs bucket for all sinks with `storage` as destination + { for k, v in var.log_sinks : k => module.log-export-gcs.0 if v.type == "storage" }, + # use separate pubsub topics and logging buckets for sinks with + # destination `pubsub` and `logging` + module.log-export-pubsub, + module.log-export-logbucket + ) + log_types = toset([for k, v in var.log_sinks : v.type]) +} + +module "log-export-project" { + source = "../../../modules/project" + billing_account = var.billing_account.id + name = "audit-logs-0" + parent = coalesce( + var.project_parent_ids.logging, + module.tenant-folder.id + ) + prefix = local.prefix + iam = { + "roles/owner" = [ + module.automation-tf-resman-sa.iam_email, + "serviceAccount:${local.resman_sa}" + ] + } + services = [ + # "cloudresourcemanager.googleapis.com", + # "iam.googleapis.com", + # "serviceusage.googleapis.com", + "bigquery.googleapis.com", + "storage.googleapis.com", + "stackdriver.googleapis.com" + ] +} + +# one log export per type, with conditionals to skip those not needed + +module "log-export-dataset" { + source = "../../../modules/bigquery-dataset" + count = contains(local.log_types, "bigquery") ? 1 : 0 + project_id = module.log-export-project.project_id + id = "audit_export" + friendly_name = "Audit logs export." + location = var.locations.bq +} + +module "log-export-gcs" { + source = "../../../modules/gcs" + count = contains(local.log_types, "storage") ? 1 : 0 + project_id = module.log-export-project.project_id + name = "audit-logs-0" + prefix = local.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class +} + +module "log-export-logbucket" { + source = "../../../modules/logging-bucket" + for_each = toset([for k, v in var.log_sinks : k if v.type == "logging"]) + parent_type = "project" + parent = module.log-export-project.project_id + id = "audit-logs-${each.key}" + location = var.locations.logging +} + +module "log-export-pubsub" { + source = "../../../modules/pubsub" + for_each = toset([for k, v in var.log_sinks : k if v.type == "pubsub"]) + project_id = module.log-export-project.project_id + name = "audit-logs-${each.key}" + regions = var.locations.pubsub +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/main.tf b/fast/stages-multitenant/0-bootstrap-tenant/main.tf new file mode 100644 index 00000000..3a150594 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/main.tf @@ -0,0 +1,100 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + gcs_storage_class = ( + length(split("-", local.locations.gcs)) < 2 + ? "MULTI_REGIONAL" + : "REGIONAL" + ) + groups = { + for k, v in var.tenant_config.groups : + k => v == null ? null : "${v}@${var.organization.domain}" + } + fast_features = { + for k, v in var.tenant_config.fast_features : + k => v == null ? var.fast_features[k] : v + } + locations = { + for k, v in var.tenant_config.locations : + k => v == null || v == [] ? var.locations[k] : v + } + prefix = join("-", compact([var.prefix, var.tenant_config.short_name])) + resman_sa = ( + var.test_principal == null + ? data.google_client_openid_userinfo.resman-sa.0.email + : var.test_principal + ) +} + +data "google_client_openid_userinfo" "resman-sa" { + count = var.test_principal == null ? 1 : 0 +} + +module "tenant-folder" { + source = "../../../modules/folder" + parent = "organizations/${var.organization.id}" + name = var.tenant_config.descriptive_name + logging_sinks = { + for name, attrs in var.log_sinks : name => { + bq_partitioned_table = attrs.type == "bigquery" + destination = local.log_sink_destinations[name].id + filter = attrs.filter + type = attrs.type + } + } + tag_bindings = { + tenant = try( + module.organization.tag_values["${var.tag_names.tenant}/${var.tenant_config.short_name}"].id, + null + ) + } +} + +module "tenant-folder-iam" { + source = "../../../modules/folder" + id = module.tenant-folder.id + folder_create = false + group_iam = merge(var.group_iam, { + (local.groups.gcp-admins) = [ + "roles/logging.admin", + "roles/owner", + "roles/resourcemanager.folderAdmin", + "roles/resourcemanager.projectCreator", + "roles/compute.xpnAdmin" + ] + }) + iam = merge(var.iam, { + "roles/compute.xpnAdmin" = [ + module.automation-tf-resman-sa.iam_email, + module.automation-tf-resman-sa-stage2-3["networking"].iam_email + ] + "roles/logging.admin" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/resourcemanager.folderAdmin" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/resourcemanager.projectCreator" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/owner" = [ + module.automation-tf-resman-sa.iam_email + ] + }) + iam_additive = var.iam_additive + depends_on = [module.automation-project] +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/organization.tf b/fast/stages-multitenant/0-bootstrap-tenant/organization.tf new file mode 100644 index 00000000..46f8c0d4 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/organization.tf @@ -0,0 +1,84 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Organization tag and conditional IAM grant. + +locals { + iam_tenant_condition = "resource.matchTag('${local.tag_keys.tenant}', '${var.tenant_config.short_name}')" + tag_keys = { + for k, v in var.tag_names : k => "${var.organization.id}/${v}" + } +} + +module "organization" { + source = "../../../modules/organization" + organization_id = "organizations/${var.organization.id}" + iam_additive = merge( + { + "roles/resourcemanager.organizationViewer" = [ + "group:${local.groups.gcp-admins}" + ] + }, + var.billing_account.is_org_level ? { + "roles/billing.admin" = [ + "group:${local.groups.gcp-admins}", + module.automation-tf-resman-sa.iam_email + ] + "roles/billing.costsManager" = ["group:${local.groups.gcp-admins}"] + } : {} + ) + tags = { + tenant = { + id = var.tag_keys.tenant + values = { + (var.tenant_config.short_name) = {} + } + } + } +} + +resource "google_tags_tag_value_iam_member" "resman_tag_user" { + for_each = var.tag_values + tag_value = each.value + role = "roles/resourcemanager.tagUser" + member = module.automation-tf-resman-sa.iam_email +} + +resource "google_tags_tag_value_iam_member" "admins_tag_viewer" { + for_each = var.tag_values + tag_value = each.value + role = "roles/resourcemanager.tagViewer" + member = "group:${local.groups.gcp-admins}" +} + +# assign org policy admin with a tag-based condition to admin group and stage 1 SA + +resource "google_organization_iam_member" "org_policy_admin_stage0" { + for_each = toset([ + "group:${local.groups.gcp-admins}", + module.automation-tf-resman-sa.iam_email + ]) + org_id = var.organization.id + role = "roles/orgpolicy.policyAdmin" + member = each.key + condition { + title = "org_policy_tag_${var.tenant_config.short_name}_scoped" + description = "Org policy tag scoped grant for tenant ${var.tenant_config.short_name}." + expression = local.iam_tenant_condition + } +} + +# tag-based condition for service accounts is in the automation-sa file diff --git a/fast/stages-multitenant/0-bootstrap-tenant/outputs-files.tf b/fast/stages-multitenant/0-bootstrap-tenant/outputs-files.tf new file mode 100644 index 00000000..28bec327 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/outputs-files.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Output files persistence to local filesystem. + +locals { + outputs_root = join("/", [ + try(pathexpand(var.outputs_location), ""), + "tenants", + var.tenant_config.short_name + ]) +} + +resource "local_file" "providers" { + count = var.outputs_location == null ? 0 : 1 + file_permission = "0644" + filename = "${local.outputs_root}/providers/1-resman-tenant-providers.tf" + content = try(local.provider, null) +} + +resource "local_file" "tfvars" { + count = var.outputs_location == null ? 0 : 1 + file_permission = "0644" + filename = "${local.outputs_root}/tfvars/0-bootstrap-tenant.auto.tfvars.json" + content = jsonencode(local.tfvars) +} + +resource "local_file" "workflows" { + for_each = var.outputs_location == null ? {} : local.cicd_workflows + file_permission = "0644" + filename = "${local.outputs_root}/workflows/${each.key}-${local.cicd_repositories[each.key].type}.yaml" + content = each.value +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/outputs-gcs.tf b/fast/stages-multitenant/0-bootstrap-tenant/outputs-gcs.tf new file mode 100644 index 00000000..7c0c7efc --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/outputs-gcs.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Output files persistence to automation GCS bucket. + +resource "google_storage_bucket_object" "providers" { + bucket = module.automation-tf-output-gcs.name + # provider suffix allows excluding via .gitignore when linked from stages + name = "tenants/${var.tenant_config.short_name}/providers/1-resman-tenant-providers.tf" + content = local.provider +} + +resource "google_storage_bucket_object" "tfvars" { + bucket = module.automation-tf-output-gcs.name + name = "tenants/${var.tenant_config.short_name}/tfvars/0-bootstrap-tenant.auto.tfvars.json" + content = jsonencode(local.tfvars) +} + +resource "google_storage_bucket_object" "workflows" { + for_each = local.cicd_workflows + bucket = ( + each.key == "bootstrap" + ? var.automation.outputs_bucket + : module.automation-tf-output-gcs.name + ) + name = "tenants/${var.tenant_config.short_name}/workflows/${each.key}-${local.cicd_repositories[each.key].type}.yaml" + content = each.value +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/outputs.tf b/fast/stages-multitenant/0-bootstrap-tenant/outputs.tf new file mode 100644 index 00000000..4f22ff63 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/outputs.tf @@ -0,0 +1,140 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + cicd_workflows = { + for k, v in local.cicd_repositories : k => templatefile( + "${path.module}/templates/workflow-${v.type}.yaml", ( + k == "bootstrap" + ? { + identity_provider = try( + local.cicd_identity_providers[v["identity_provider"]].name, "" + ) + outputs_bucket = var.automation.outputs_bucket + service_account = try( + module.automation-tf-cicd-sa-bootstrap["0"].email, "" + ) + stage_name = k + tf_providers_file = "" + tf_var_files = [ + "0-bootstrap.auto.tfvars.json", + "1-resman.auto.tfvars.json", + "globals.auto.tfvars.json" + ] + } + : { + identity_provider = try( + local.cicd_identity_providers[v["identity_provider"]].name, "" + ) + outputs_bucket = module.automation-tf-output-gcs.name + service_account = try( + module.automation-tf-cicd-sa-resman["0"].email, "" + ) + stage_name = k + tf_providers_file = ( + "${local._file_prefix}/providers/1-resman-tenant-providers.tf" + ) + tf_var_files = [ + "${local._file_prefix}/tfvars/0-bootstrap-tenant.auto.tfvars.json" + ] + } + ) + ) + } + provider = templatefile( + "${path.module}/templates/providers.tf.tpl", { + bucket = module.automation-tf-resman-gcs.name + name = "resman" + sa = module.automation-tf-resman-sa.email + } + ) + tfvars = { + automation = { + outputs_bucket = module.automation-tf-output-gcs.name + project_id = module.automation-project.project_id + project_number = module.automation-project.number + federated_identity_pools = compact([ + try(google_iam_workload_identity_pool.default.0.name, null), + var.automation.federated_identity_pool, + ]) + federated_identity_providers = local.cicd_identity_providers + service_accounts = merge( + { resman = module.automation-tf-resman-sa.email }, + { + for k, v in local.branch_sas : k => try( + module.automation-tf-resman-sa-stage2-3[k].email, null + ) + } + ) + } + billing_account = var.billing_account + custom_roles = var.custom_roles + fast_features = local.fast_features + groups = var.tenant_config.groups + locations = local.locations + organization = var.organization + prefix = local.prefix + root_node = module.tenant-folder.id + short_name = var.tenant_config.short_name + tags = { + keys = var.tag_keys + names = var.tag_names + values = merge(var.tag_values, { + for k, v in module.organization.tag_values : k => v.id + }) + } + } +} + +output "cicd_workflows" { + description = "CI/CD workflows for tenant bootstrap and resource management stages." + sensitive = true + value = local.cicd_workflows +} + +output "federated_identity" { + description = "Workload Identity Federation pool and providers." + value = { + pool = try( + google_iam_workload_identity_pool.default.0.name, null + ) + providers = local.cicd_identity_providers + } +} + +output "provider" { + # tfdoc:output:consumers stage-01 + description = "Terraform provider file for tenant resource management stage." + sensitive = true + value = local.provider +} + +output "tenant_resources" { + description = "Tenant-level resources." + value = { + bucket = module.automation-tf-resman-gcs.name + folder = module.tenant-folder.id + project_id = module.automation-project.project_id + project_number = module.automation-project.number + service_account = module.automation-tf-resman-sa.email + } +} + +output "tfvars" { + description = "Terraform variable files for the following tenant stages." + sensitive = true + value = local.tfvars +} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/templates/providers.tf.tpl b/fast/stages-multitenant/0-bootstrap-tenant/templates/providers.tf.tpl new file mode 100644 index 00000000..e11a51b8 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/templates/providers.tf.tpl @@ -0,0 +1,30 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "${bucket}" + impersonate_service_account = "${sa}" + } +} +provider "google" { + impersonate_service_account = "${sa}" +} +provider "google-beta" { + impersonate_service_account = "${sa}" +} + +# end provider.tf for ${name} diff --git a/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml new file mode 100644 index 00000000..52325868 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml @@ -0,0 +1,190 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: "FAST ${stage_name} stage" + +on: + pull_request: + branches: + - main + types: + - closed + - opened + - synchronize + +env: + FAST_OUTPUTS_BUCKET: ${outputs_bucket} + FAST_SERVICE_ACCOUNT: ${service_account} + FAST_WIF_PROVIDER: ${identity_provider} + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + %{~ if tf_providers_file != "" ~} + TF_PROVIDERS_FILE: ${tf_providers_file} + %{~ endif ~} + TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} + TF_VERSION: 1.3.2 + +jobs: + fast-pr: + permissions: + contents: read + id-token: write + issues: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout repository + uses: actions/checkout@v3 + + # set up SSH key authentication to the modules repository + - id: ssh-config + name: Configure SSH authentication + run: | + ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null + ssh-add - <<< "$${{ secrets.CICD_MODULES_KEY }}" + + # set up authentication via Workload identity Federation + - id: gcp-auth + name: Authenticate to Google Cloud + uses: google-github-actions/auth@v0 + with: + workload_identity_provider: $${{ env.FAST_WIF_PROVIDER }} + service_account: $${{ env.FAST_SERVICE_ACCOUNT }} + access_token_lifetime: 3600s + + - id: gcp-sdk + name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0 + with: + install_components: alpha + + # copy provider and tfvars files + - id: tf-config + name: Copy Terraform output files + run: | + %{~ if tf_providers_file != "" ~} + gcloud alpha storage cp -r \ + "gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.TF_PROVIDERS_FILE}}" ./ + %{~ endif ~} + gcloud alpha storage cp -r \ + "gs://$${{env.FAST_OUTPUTS_BUCKET}}/tfvars" ./ + for f in $${{env.TF_VAR_FILES}}; do + ln -s "tfvars/$f" ./ + done + + - id: tf-setup + name: Set up Terraform + uses: hashicorp/setup-terraform@v2.0.3 + with: + terraform_version: $${{ env.TF_VERSION }} + + # run Terraform init/validate/plan + - id: tf-init + name: Terraform init + run: | + terraform init -no-color + + - id: tf-validate + name: Terraform validate + run: terraform validate -no-color + + - id: tf-plan + name: Terraform plan + continue-on-error: true + run: | + terraform plan -input=false -out ../plan.out -no-color + + - id: tf-apply + if: github.event.pull_request.merged == true && success() + name: Terraform apply + continue-on-error: true + run: | + terraform apply -input=false -auto-approve -no-color ../plan.out + + - id: pr-comment + name: Post comment to Pull Request + continue-on-error: true + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: $${{ steps.tf-plan.outputs.stdout }}\n$${{ steps.tf-plan.outputs.stderr }} + with: + script: | + const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + + ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + +
Validation Output + + \`\`\`\n + $${{ steps.tf-validate.outputs.stdout }} + \`\`\` + +
+ + ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + +
Show Plan + + \`\`\`\n + $${process.env.PLAN.split('\n').filter(l => l.match(/^([A-Z\s].*|)$$/)).join('\n')} + \`\`\` + +
+ + ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + + *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + - id: pr-short-comment + name: Post comment to Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' + with: + script: | + const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + + ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + + ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + + Plan output is in the action log. + + ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + + *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + - id: check-plan + name: Check plan failure + if: steps.tf-plan.outcome != 'success' + run: exit 1 + + - id: check-apply + name: Check apply failure + if: github.event.pull_request.merged == true && steps.tf-apply.outcome != 'success' + run: exit 1 diff --git a/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-gitlab.yaml b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-gitlab.yaml new file mode 100644 index 00000000..739e7485 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-gitlab.yaml @@ -0,0 +1,124 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +default: + before_script: + - echo "$${CI_JOB_JWT_V2}" > token.txt + image: + name: hashicorp/terraform + entrypoint: + - "/usr/bin/env" + - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +variables: + GOOGLE_CREDENTIALS: cicd-sa-credentials.json + FAST_OUTPUTS_BUCKET: ${outputs_bucket} + FAST_SERVICE_ACCOUNT: ${service_account} + FAST_WIF_PROVIDER: ${identity_provider} + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + %{~ if tf_providers_file != "" ~} + TF_PROVIDERS_FILE: ${tf_providers_file} + %{~ endif ~} + TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} + +stages: + - gcp-auth + - tf-files + - tf-plan + - tf-apply + +cache: + key: gcp-auth + paths: + - cicd-sa-credentials.json + - .tf-setup + +gcp-auth: + image: + name: google/cloud-sdk:slim + stage: gcp-auth + script: + - | + gcloud iam workload-identity-pools create-cred-config \ + $${FAST_WIF_PROVIDER} \ + --service-account=$${FAST_SERVICE_ACCOUNT} \ + --service-account-token-lifetime-seconds=3600 \ + --output-file=$${GOOGLE_CREDENTIALS} \ + --credential-source-file=token.txt +tf-files: + dependencies: + - gcp-auth + image: + name: google/cloud-sdk:slim + stage: tf-files + script: + # - gcloud components install -q alpha + - gcloud config set auth/credential_file_override $${GOOGLE_CREDENTIALS} + - mkdir -p .tf-setup + %{~ if tf_providers_file != "" ~} + - | + gcloud alpha storage cp -r \ + "gs://$${FAST_OUTPUTS_BUCKET}/providers/$${TF_PROVIDERS_FILE}" .tf-setup/ + %{~ endif ~} + - | + gcloud alpha storage cp -r \ + "gs://$${FAST_OUTPUTS_BUCKET}/tfvars" .tf-setup/ + +tf-plan: + # uncomment the following lines and set the SSH key secret for private modules repo + # before_script: + # - | + # ssh-agent -a $SSH_AUTH_SOCK > /dev/null + # echo "$CICD_MODULES_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null + # mkdir -p ~/.ssh + # ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts + # ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts + stage: tf-plan + script: + - cp .tf-setup/$${TF_PROVIDERS_FILE} ./ + - | + for f in $${TF_VAR_FILES}; do + ln -s ".tf-setup/tfvars/$f" ./ + done + - terraform init + - terraform validate + - terraform plan + dependencies: + - tf-files + +tf-apply: + # uncomment the following lines and set the SSH key secret for private modules repo + # before_script: + # - | + # ssh-agent -a $SSH_AUTH_SOCK > /dev/null + # echo "$CICD_MODULES_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null + # mkdir -p ~/.ssh + # ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts + # ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts + stage: tf-apply + script: + - cp .tf-setup/$${TF_PROVIDERS_FILE} ./ + - | + for f in $${TF_VAR_FILES}; do + ln -s ".tf-setup/tfvars/$f" ./ + done + - terraform init + - terraform validate + - terraform apply -input=false -auto-approve + dependencies: + - tf-files + when: manual + only: + variables: + - $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH diff --git a/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-sourcerepo.yaml b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-sourcerepo.yaml new file mode 100644 index 00000000..e171c45e --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-sourcerepo.yaml @@ -0,0 +1,100 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +steps: + - name: alpine:3 + id: tf-download + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + mkdir -p /builder/home/.local/bin + wget https://releases.hashicorp.com/terraform/$${_TF_VERSION}/terraform_$${_TF_VERSION}_linux_amd64.zip + unzip terraform_$${_TF_VERSION}_linux_amd64.zip -d /builder/home/.local/bin + rm terraform_$${_TF_VERSION}_linux_amd64.zip + chmod 755 /builder/home/.local/bin/terraform + - name: alpine:3 + id: tf-check-format + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform fmt -recursive -check /workspace/ + - name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine + id: tf-files + entrypoint: bash + args: + - -eEuo + - pipefail + - -c + - |- + %{~ if tf_providers_file != "" ~} + /google-cloud-sdk/bin/gsutil cp \ + gs://$${_FAST_OUTPUTS_BUCKET}/providers/$${_TF_PROVIDERS_FILE} ./ + %{~ endif ~} + /google-cloud-sdk/bin/gsutil cp -r \ + gs://$${_FAST_OUTPUTS_BUCKET}/tfvars ./ + for f in $${_TF_VAR_FILES}; do + ln -s tfvars/$f ./ + done + - name: alpine:3 + id: tf-init + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform init -no-color + - name: alpine:3 + id: tf-check-validate + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform validate -no-color + - name: alpine:3 + id: tf-plan + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform plan -no-color -input=false -out plan.out + # store artifact and ask for approval here if needed + - name: alpine:3 + id: tf-apply + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform apply -no-color -input=false -auto-approve plan.out +options: + env: + - PATH=/usr/local/bin:/usr/bin:/bin:/builder/home/.local/bin + logging: CLOUD_LOGGING_ONLY +substitutions: + _FAST_OUTPUTS_BUCKET: ${outputs_bucket} + _TF_PROVIDERS_FILE: ${tf_providers_file} + _TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} + _TF_VERSION: 1.3.2 diff --git a/fast/stages-multitenant/0-bootstrap-tenant/variables.tf b/fast/stages-multitenant/0-bootstrap-tenant/variables.tf new file mode 100644 index 00000000..1a0134b0 --- /dev/null +++ b/fast/stages-multitenant/0-bootstrap-tenant/variables.tf @@ -0,0 +1,305 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# defaults for variables marked with global tfdoc annotations, can be set via +# the tfvars file generated in stage 00 and stored in its outputs + +variable "automation" { + # tfdoc:variable:source 0-bootstrap + description = "Automation resources created by the organization-level bootstrap stage." + type = object({ + outputs_bucket = string + project_id = string + project_number = string + federated_identity_pool = string + federated_identity_providers = map(object({ + issuer = string + issuer_uri = string + name = string + principal_tpl = string + principalset_tpl = string + })) + }) +} + +variable "billing_account" { + # tfdoc:variable:source 0-bootstrap + description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false." + type = object({ + id = string + is_org_level = optional(bool, true) + }) + validation { + condition = var.billing_account.is_org_level != null + error_message = "Invalid `null` value for `billing_account.is_org_level`." + } +} + +variable "cicd_repositories" { + description = "CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed." + type = object({ + bootstrap = optional(object({ + branch = optional(string) + identity_provider = string + name = string + type = string + })) + resman = optional(object({ + branch = optional(string) + identity_provider = string + name = string + type = string + })) + }) + default = null + validation { + condition = alltrue([ + for k, v in coalesce(var.cicd_repositories, {}) : + v == null || try(v.name, null) != null + ]) + error_message = "Non-null repositories need a non-null name." + } + validation { + condition = alltrue([ + for k, v in coalesce(var.cicd_repositories, {}) : + v == null || ( + try(v.identity_provider, null) != null + || + try(v.type, null) == "sourcerepo" + ) + ]) + error_message = "Non-null repositories need a non-null provider unless type is 'sourcerepo'." + } + validation { + condition = alltrue([ + for k, v in coalesce(var.cicd_repositories, {}) : + v == null || ( + contains(["github", "gitlab", "sourcerepo"], coalesce(try(v.type, null), "null")) + ) + ]) + error_message = "Invalid repository type, supported types: 'github' 'gitlab' or 'sourcerepo'." + } +} + +variable "custom_roles" { + # tfdoc:variable:source 0-bootstrap + description = "Custom roles defined at the organization level, in key => id format." + type = object({ + service_project_network_admin = string + }) + default = null +} + +variable "fast_features" { + # tfdoc:variable:source 0-bootstrap + description = "Selective control for top-level FAST features." + type = object({ + data_platform = optional(bool, true) + gke = optional(bool, true) + project_factory = optional(bool, true) + sandbox = optional(bool, true) + teams = optional(bool, true) + }) + default = {} + nullable = false +} + +variable "federated_identity_providers" { + description = "Workload Identity Federation pools. The `cicd_repositories` variable references keys here." + type = map(object({ + attribute_condition = string + issuer = string + custom_settings = object({ + issuer_uri = string + allowed_audiences = list(string) + }) + })) + default = {} + nullable = false +} + +variable "group_iam" { + description = "Tenant-level custom group IAM settings in group => [roles] format." + type = map(list(string)) + default = {} +} + +variable "iam" { + description = "Tenant-level custom IAM settings in role => [principal] format." + type = map(list(string)) + default = {} +} + +variable "iam_additive" { + description = "Tenant-level custom IAM settings in role => [principal] format for non-authoritative bindings." + type = map(list(string)) + default = {} +} + +variable "locations" { + # tfdoc:variable:source 0-bootstrap + description = "Optional locations for GCS, BigQuery, and logging buckets created here. These are the defaults set at the organization level, and can be overridden via the tenant config variable." + type = object({ + bq = string + gcs = string + logging = string + pubsub = list(string) + }) + default = { + bq = "EU" + gcs = "EU" + logging = "global" + pubsub = [] + } + nullable = false +} + +# See https://cloud.google.com/architecture/exporting-stackdriver-logging-for-security-and-access-analytics +# for additional logging filter examples +variable "log_sinks" { + description = "Tenant-level log sinks, in name => {type, filter} format." + type = map(object({ + filter = string + type = string + })) + default = { + audit-logs = { + filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" + type = "logging" + } + } + validation { + condition = alltrue([ + for k, v in var.log_sinks : + contains(["bigquery", "logging", "pubsub", "storage"], v.type) + ]) + error_message = "Type must be one of 'bigquery', 'logging', 'pubsub', 'storage'." + } +} + +variable "organization" { + # tfdoc:variable:source 0-bootstrap + description = "Organization details." + type = object({ + domain = string + id = number + customer_id = string + }) +} + +variable "outputs_location" { + description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable." + type = string + default = null +} + +variable "prefix" { + # tfdoc:variable:source 0-bootstrap + description = "Prefix used for resources that need unique names. Use 9 characters or less." + type = string + validation { + condition = try(length(var.prefix), 0) < 10 + error_message = "Use a maximum of 9 characters for prefix." + } +} + +variable "project_parent_ids" { + description = "Optional parents for projects created here in folders/nnnnnnn format. Null values will use the tenant folder as parent." + type = object({ + automation = string + logging = string + }) + default = { + automation = null + logging = null + } + nullable = false +} + +variable "tag_keys" { + # tfdoc:variable:source 1-resman + description = "Organization tag keys." + type = object({ + context = string + environment = string + tenant = string + }) + nullable = false +} + +variable "tag_names" { + # tfdoc:variable:source 1-resman + description = "Customized names for resource management tags." + type = object({ + context = string + environment = string + tenant = string + }) + nullable = false +} + +variable "tag_values" { + # tfdoc:variable:source 1-resman + description = "Organization resource management tag values." + type = map(string) + nullable = false +} + +variable "tenant_config" { + description = "Tenant configuration. Short name must be 4 characters or less." + type = object({ + descriptive_name = string + groups = object({ + gcp-admins = string + gcp-devops = optional(string) + gcp-network-admins = optional(string) + gcp-security-admins = optional(string) + }) + short_name = string + fast_features = optional(object({ + data_platform = optional(bool) + gke = optional(bool) + project_factory = optional(bool) + sandbox = optional(bool) + teams = optional(bool) + }), {}) + locations = optional(object({ + bq = optional(string) + gcs = optional(string) + logging = optional(string) + pubsub = optional(list(string)) + }), {}) + }) + nullable = false + validation { + condition = alltrue([ + for a in ["descriptive_name", "groups", "short_name"] : + var.tenant_config[a] != null + ]) + error_message = "Non-optional members must not be null." + } + validation { + condition = length(var.tenant_config.short_name) < 5 + error_message = "Short name must be a string of 4 characters or less." + } +} + + +variable "test_principal" { + description = "Used when testing to bypass the data source returning the current identity." + type = string + default = null +} diff --git a/fast/stages-multitenant/1-resman-tenant/IAM.md b/fast/stages-multitenant/1-resman-tenant/IAM.md new file mode 100644 index 00000000..16db4a6c --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/IAM.md @@ -0,0 +1,60 @@ +# IAM bindings reference + +Legend: + additive, conditional. + +## Folder development [#0] + +| members | roles | +|---|---| +|tn0-gke-dev-0
serviceAccount|[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin)
[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | + +## Folder development [#1] + +| members | roles | +|---|---| +|tn0-gke-dev-0
serviceAccount|organizations/[org_id #0]/roles/serviceProjectNetworkAdmin | +|tn0-pf-dev-0
serviceAccount|organizations/[org_id #0]/roles/serviceProjectNetworkAdmin | + +## Folder networking + +| members | roles | +|---|---| +|tn0-networking-0
serviceAccount|[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin)
[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | + +## Folder production [#0] + +| members | roles | +|---|---| +|tn0-gke-prod-0
serviceAccount|[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin)
[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | + +## Folder production [#1] + +| members | roles | +|---|---| +|tn0-gke-prod-0
serviceAccount|organizations/[org_id #0]/roles/serviceProjectNetworkAdmin | +|tn0-pf-prod-0
serviceAccount|organizations/[org_id #0]/roles/serviceProjectNetworkAdmin | + +## Folder sandbox + +| members | roles | +|---|---| +|tn0-sandbox-0
serviceAccount|[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | + +## Folder security + +| members | roles | +|---|---| +|tn0-security-0
serviceAccount|[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | + +## Folder teams + +| members | roles | +|---|---| +|tn0-teams-0
serviceAccount|[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin)
[roles/logging.admin](https://cloud.google.com/iam/docs/understanding-roles#logging.admin)
[roles/owner](https://cloud.google.com/iam/docs/understanding-roles#owner)
[roles/resourcemanager.folderAdmin](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.folderAdmin)
[roles/resourcemanager.projectCreator](https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectCreator) | + +## Folder test tenant 0 + +| members | roles | +|---|---| +|tn0-networking-0
serviceAccount|[roles/compute.orgFirewallPolicyAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.orgFirewallPolicyAdmin) +
[roles/compute.xpnAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.xpnAdmin) +| +|tn0-security-0
serviceAccount|[roles/accesscontextmanager.policyAdmin](https://cloud.google.com/iam/docs/understanding-roles#accesscontextmanager.policyAdmin) +| diff --git a/fast/stages-multitenant/1-resman-tenant/README.md b/fast/stages-multitenant/1-resman-tenant/README.md new file mode 100644 index 00000000..ae42fc30 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/README.md @@ -0,0 +1,184 @@ +# Tenant resource management + +This stage is run for a specific tenant after [tenant bootstrap](../0-bootstrap-tenant/) has successfully created initial resources for the tenant, which is then decoupled from the organization. + +It is logically equivalent and almost identical in code to the corresponding [organization resource management stage](../../stages/1-resman/), with a few notable differences: + +- the hierarchy is rooted in the tenant top-level folder instead of the organization +- there's no management of tag values and keys since they organization-level resources (it could be implemented for tenant-specific tags if the need arises) +- automation service accounts for subsequent stages are configured but not created here (tenant-level bootstrap creates them and assigns organization-level permissions) + +The stage runs with a dedicated service account for the tenant, which has no permissions at the organization level except for billing and organization policies, constrained by a condition on the tenant tag. + +The following diagram is a high level reference of what this stage manages, showing one hypothetical tenant (additional tenants require additional instances of this stage being deployed): + +```mermaid +%%{init: {'theme':'base'}}%% +classDiagram + Tenant_root~📁~ -- tn0_automation + Tenant_root~📁~ -- Networking~📁~ + Tenant_root~📁~ -- Security~📁~ + Tenant_root~📁~ -- Data_Platform~📁~ + Data_Platform~📁~ -- DP_Dev~📁~ + Data_Platform~📁~ -- DP_Prod~📁~ + Tenant_root~📁~ -- GKE~📁~ + GKE~📁~ -- GKE_Dev~📁~ + GKE~📁~ -- GKE_Prod~📁~ + Tenant_root~📁~ -- Teams~📁~ + Teams~📁~ -- Team_0~📁~ + Team_0~📁~ -- Team_0_Dev~📁~ + Team_0~📁~ -- Team_0_Prod~📁~ + Tenant_root~📁~ -- Sandbox~📁~ + class Tenant_root~📁~ { + - IAM bindings() + - org policies() + } + class tn0_automation { + - GCS buckets + - IAM bindings() + } + class Data_Platform~📁~ { + - IAM bindings() + - tag bindings() + } + class DP_Dev~📁~ { + - IAM bindings() + - tag bindings() + } + class DP_Prod~📁~ { + - IAM bindings() + - tag bindings() + } + class GKE~📁~ { + - IAM bindings() + - tag bindings() + } + class GKE_Dev~📁~ { + - IAM bindings() + - tag bindings() + } + class GKE_Prod~📁~ { + - IAM bindings() + - tag bindings() + } + class Networking~📁~ { + - IAM bindings() + - tag bindings() + } + class Security~📁~ { + - IAM bindings() + - tag bindings() + } + class Sandbox~📁~ { + - IAM bindings() + - tag bindings() + } + class Teams~📁~ { + - IAM bindings() + - tag bindings() + } + class Team_0~📁~ { + - IAM bindings() + - tag bindings() + } + class Team_0_Dev~📁~ { + - IAM bindings() + - tag bindings() + } + class Team_0_Prod~📁~ { + - IAM bindings() + - tag bindings() + } +``` + +As most of the features of this stage follow the same design and configurations of the [organization-level resource management stage](../../stages/1-resman/), we will only focus on the tenant-specific configuration in this document. + +## How to run this stage + +As mentioned above this stage is decoupled from organization-level stages: it uses a service account and state bucket from the tenant-specific automation project, and its tfvars and provider files are also tenant-specific. + +The `stage-links.sh` script can be used to get the commands needed for the provider and output files, just set the variable for the tenant shortname (the same one specified in the tenant bootstrap stage) and pass a single argument with your FAST output files folder path, or GCS bucket URI: + +```bash +TENANT=tn0 ../../stage-links.sh ~/fast-config +``` + +The script output can be copy/pasted to a terminal: + +```bash +# copy and paste the following commands for '1-resman-tenant' + +ln -s ~/fast-config/tenants/tn0/providers/1-resman-tenant-providers.tf ./ +ln -s ~/fast-config/tenants/tn0/tfvars/0-bootstrap-tenant.auto.tfvars.json ./ +``` + +Once that is done, stage-level configuration variables are the same as the corresponding organization-level stage. + +### Running the stage + +Once the configuration is done just go through the usual `init/apply` cycle. On successful apply, a tfvars file specific for this tenant and a set of provider files will be created. + + + + +## Files + +| name | description | modules | resources | +|---|---|---|---| +| [branch-data-platform.tf](./branch-data-platform.tf) | Data Platform stages resources. | folder · gcs · iam-service-account | | +| [branch-gke.tf](./branch-gke.tf) | GKE multitenant stage resources. | folder · gcs · iam-service-account | | +| [branch-networking.tf](./branch-networking.tf) | Networking stage resources. | folder · gcs · iam-service-account | | +| [branch-project-factory.tf](./branch-project-factory.tf) | Project factory stage resources. | gcs · iam-service-account | | +| [branch-sandbox.tf](./branch-sandbox.tf) | Sandbox stage resources. | folder · gcs | | +| [branch-security.tf](./branch-security.tf) | Security stage resources. | folder · gcs · iam-service-account | | +| [branch-teams.tf](./branch-teams.tf) | Team stage resources. | folder · gcs · iam-service-account | | +| [cicd-data-platform.tf](./cicd-data-platform.tf) | CI/CD resources for the data platform branch. | iam-service-account · source-repository | | +| [cicd-gke.tf](./cicd-gke.tf) | CI/CD resources for the data platform branch. | iam-service-account · source-repository | | +| [cicd-networking.tf](./cicd-networking.tf) | CI/CD resources for the networking branch. | iam-service-account · source-repository | | +| [cicd-project-factory.tf](./cicd-project-factory.tf) | CI/CD resources for the teams branch. | iam-service-account · source-repository | | +| [cicd-security.tf](./cicd-security.tf) | CI/CD resources for the security branch. | iam-service-account · source-repository | | +| [main.tf](./main.tf) | Module-level locals and resources. | | | +| [outputs-files.tf](./outputs-files.tf) | Output files persistence to local filesystem. | | local_file | +| [outputs-gcs.tf](./outputs-gcs.tf) | Output files persistence to automation GCS bucket. | | google_storage_bucket_object | +| [outputs.tf](./outputs.tf) | Module outputs. | | | +| [root_node.tf](./root_node.tf) | Tenant root folder configuration. | folder | | +| [variables.tf](./variables.tf) | Module variables. | | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| [automation](variables.tf#L20) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap | +| [billing_account](variables.tf#L51) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | +| [organization](variables.tf#L206) | Organization details. | object({…}) | ✓ | | 0-bootstrap | +| [prefix](variables.tf#L228) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | +| [root_node](variables.tf#L239) | Root folder node for the tenant, in folders/nnnnnn format. | string | ✓ | | | +| [short_name](variables.tf#L244) | Short name used to identify the tenant. | string | ✓ | | | +| [tags](variables.tf#L249) | Resource management tags. | object({…}) | ✓ | | | +| [cicd_repositories](variables.tf#L64) | CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | object({…}) | | null | | +| [custom_roles](variables.tf#L146) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | +| [data_dir](variables.tf#L155) | Relative path for the folder storing configuration data. | string | | "data" | | +| [fast_features](variables.tf#L161) | Selective control for top-level FAST features. | object({…}) | | {} | 0-0-bootstrap | +| [groups](variables.tf#L175) | Group names to grant organization-level permissions. | object({…}) | | {} | 0-bootstrap | +| [locations](variables.tf#L188) | Optional locations for GCS, BigQuery, and logging buckets created here. | object({…}) | | {…} | 0-bootstrap | +| [organization_policy_data_path](variables.tf#L216) | Path for the data folder used by the organization policies factory. | string | | null | | +| [outputs_location](variables.tf#L222) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable. | string | | null | | +| [team_folders](variables.tf#L267) | Team folders to be created. Format is described in a code comment. | map(object({…})) | | null | | +| [test_skip_data_sources](variables.tf#L277) | Used when testing to bypass data sources. | bool | | false | | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| [cicd_repositories](outputs.tf#L189) | WIF configuration for CI/CD repositories. | | | +| [dataplatform](outputs.tf#L203) | Data for the Data Platform stage. | | | +| [gke_multitenant](outputs.tf#L219) | Data for the GKE multitenant stage. | | 03-gke-multitenant | +| [networking](outputs.tf#L240) | Data for the networking stage. | | | +| [project_factories](outputs.tf#L249) | Data for the project factories stage. | | | +| [providers](outputs.tf#L264) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · 03-dataplatform · xx-sandbox · xx-teams | +| [sandbox](outputs.tf#L271) | Data for the sandbox stage. | | xx-sandbox | +| [security](outputs.tf#L285) | Data for the networking stage. | | 02-security | +| [teams](outputs.tf#L295) | Data for the teams stage. | | | +| [tfvars](outputs.tf#L307) | Terraform variable files for the following stages. | ✓ | | + + diff --git a/fast/stages-multitenant/1-resman-tenant/branch-data-platform.tf b/fast/stages-multitenant/1-resman-tenant/branch-data-platform.tf new file mode 100644 index 00000000..3916d635 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/branch-data-platform.tf @@ -0,0 +1,133 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Data Platform stages resources. + +module "branch-dp-folder" { + source = "../../../modules/folder" + count = var.fast_features.data_platform ? 1 : 0 + parent = module.root-folder.id + name = "Data Platform" + tag_bindings = { + context = var.tags.values["${var.tags.names.context}/data"] + } +} + +module "branch-dp-dev-folder" { + source = "../../../modules/folder" + count = var.fast_features.data_platform ? 1 : 0 + parent = module.branch-dp-folder.0.id + name = "Development" + group_iam = {} + iam = { + (local.custom_roles.service_project_network_admin) = [ + local.automation_sas_iam.dp-dev + ] + # remove owner here and at project level if SA does not manage project resources + "roles/owner" = [local.automation_sas_iam.dp-dev] + "roles/logging.admin" = [local.automation_sas_iam.dp-dev] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.dp-dev] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.dp-dev] + } + tag_bindings = { + context = var.tags.values["${var.tags.names.environment}/development"] + } +} + +module "branch-dp-prod-folder" { + source = "../../../modules/folder" + count = var.fast_features.data_platform ? 1 : 0 + parent = module.branch-dp-folder.0.id + name = "Production" + group_iam = {} + iam = { + (local.custom_roles.service_project_network_admin) = [ + local.automation_sas_iam.dp-prod + ] + # remove owner here and at project level if SA does not manage project resources + "roles/owner" = [local.automation_sas_iam.dp-prod] + "roles/logging.admin" = [local.automation_sas_iam.dp-prod] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.dp-prod] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.dp-prod] + } + tag_bindings = { + context = var.tags.values["${var.tags.names.environment}/production"] + } +} + +# automation service accounts and buckets + +module "branch-dp-dev-sa" { + source = "../../../modules/iam-service-account" + count = var.fast_features.data_platform ? 1 : 0 + project_id = var.automation.project_id + name = "dp-dev-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.branch-dp-dev-sa-cicd.0.iam_email, null) + ]) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-dp-prod-sa" { + source = "../../../modules/iam-service-account" + count = var.fast_features.data_platform ? 1 : 0 + project_id = var.automation.project_id + name = "dp-prod-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.branch-dp-prod-sa-cicd.0.iam_email, null) + ]) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-dp-dev-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.data_platform ? 1 : 0 + project_id = var.automation.project_id + name = "dev-resman-dp-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.dp-dev] + } +} + +module "branch-dp-prod-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.data_platform ? 1 : 0 + project_id = var.automation.project_id + name = "prod-resman-dp-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.dp-prod] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/branch-gke.tf b/fast/stages-multitenant/1-resman-tenant/branch-gke.tf new file mode 100644 index 00000000..9ece810b --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/branch-gke.tf @@ -0,0 +1,133 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description GKE multitenant stage resources. + +module "branch-gke-folder" { + source = "../../../modules/folder" + count = var.fast_features.gke ? 1 : 0 + parent = module.root-folder.id + name = "GKE" + tag_bindings = { + context = var.tags.values["${var.tags.names.context}/gke"] + } +} + +module "branch-gke-dev-folder" { + source = "../../../modules/folder" + count = var.fast_features.gke ? 1 : 0 + parent = module.branch-gke-folder.0.id + name = "Development" + iam = { + "roles/owner" = [local.automation_sas_iam.gke-dev] + "roles/logging.admin" = [local.automation_sas_iam.gke-dev] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.gke-dev] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.gke-dev] + "roles/compute.xpnAdmin" = [local.automation_sas_iam.gke-dev] + } + tag_bindings = { + context = var.tags.values["${var.tags.names.environment}/development"] + } +} + +module "branch-gke-prod-folder" { + source = "../../../modules/folder" + count = var.fast_features.gke ? 1 : 0 + parent = module.branch-gke-folder.0.id + name = "Production" + iam = { + "roles/owner" = [local.automation_sas_iam.gke-prod] + "roles/logging.admin" = [local.automation_sas_iam.gke-prod] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.gke-prod] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.gke-prod] + "roles/compute.xpnAdmin" = [local.automation_sas_iam.gke-prod] + } + tag_bindings = { + context = var.tags.values["${var.tags.names.environment}/production"] + } +} + +module "branch-gke-dev-sa" { + source = "../../../modules/iam-service-account" + count = var.fast_features.gke ? 1 : 0 + project_id = var.automation.project_id + name = "gke-dev-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = concat( + ( + local.groups.gcp-devops == null + ? [] + : ["group:${local.groups.gcp-devops}"] + ), + compact([ + try(module.branch-gke-dev-sa-cicd.0.iam_email, null) + ]) + ) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-gke-prod-sa" { + source = "../../../modules/iam-service-account" + count = var.fast_features.gke ? 1 : 0 + project_id = var.automation.project_id + name = "gke-prod-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = concat( + ( + local.groups.gcp-devops == null + ? [] + : ["group:${local.groups.gcp-devops}"] + ), + compact([ + try(module.branch-gke-prod-sa-cicd.0.iam_email, null) + ]) + ) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-gke-dev-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.gke ? 1 : 0 + project_id = var.automation.project_id + name = "dev-resman-gke-0" + prefix = var.prefix + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.gke-dev] + } +} + +module "branch-gke-prod-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.gke ? 1 : 0 + project_id = var.automation.project_id + name = "prod-resman-gke-0" + prefix = var.prefix + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.gke-prod] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/branch-networking.tf b/fast/stages-multitenant/1-resman-tenant/branch-networking.tf new file mode 100644 index 00000000..85490baf --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/branch-networking.tf @@ -0,0 +1,107 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Networking stage resources. + +module "branch-network-folder" { + source = "../../../modules/folder" + parent = module.root-folder.id + name = "Networking" + group_iam = local.groups.gcp-network-admins == null ? {} : { + (local.groups.gcp-network-admins) = [ + # add any needed roles for resources/services not managed via Terraform, + # or replace editor with ~viewer if no broad resource management needed + # e.g. + # "roles/compute.networkAdmin", + # "roles/dns.admin", + # "roles/compute.securityAdmin", + "roles/editor", + ] + } + iam = { + "roles/logging.admin" = [local.automation_sas_iam.networking] + "roles/owner" = [local.automation_sas_iam.networking] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.networking] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.networking] + "roles/compute.xpnAdmin" = [local.automation_sas_iam.networking] + } + tag_bindings = { + context = var.tags.values["${var.tags.names.context}/networking"] + } +} + +module "branch-network-prod-folder" { + source = "../../../modules/folder" + parent = module.branch-network-folder.id + name = "Production" + iam = { + (local.custom_roles.service_project_network_admin) = concat( + local.branch_optional_sa_lists.dp-prod, + local.branch_optional_sa_lists.gke-prod, + local.branch_optional_sa_lists.pf-prod, + ) + } + tag_bindings = { + environment = var.tags.values["${var.tags.names.environment}/production"] + } +} + +module "branch-network-dev-folder" { + source = "../../../modules/folder" + parent = module.branch-network-folder.id + name = "Development" + iam = { + (local.custom_roles.service_project_network_admin) = concat( + local.branch_optional_sa_lists.dp-dev, + local.branch_optional_sa_lists.gke-dev, + local.branch_optional_sa_lists.pf-dev, + ) + } + tag_bindings = { + environment = var.tags.values["${var.tags.names.environment}/development"] + } +} + +# automation service account and bucket + +module "branch-network-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation.project_id + name = "networking-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.branch-network-sa-cicd.0.iam_email, null) + ]) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-network-gcs" { + source = "../../../modules/gcs" + project_id = var.automation.project_id + name = "prod-resman-net-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.networking] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/branch-project-factory.tf b/fast/stages-multitenant/1-resman-tenant/branch-project-factory.tf new file mode 100644 index 00000000..2fa64bbc --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/branch-project-factory.tf @@ -0,0 +1,79 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Project factory stage resources. + +module "branch-pf-dev-sa" { + source = "../../../modules/iam-service-account" + count = var.fast_features.project_factory ? 1 : 0 + project_id = var.automation.project_id + name = "pf-dev-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.branch-pf-dev-sa-cicd.0.iam_email, null) + ]) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-pf-prod-sa" { + source = "../../../modules/iam-service-account" + count = var.fast_features.project_factory ? 1 : 0 + project_id = var.automation.project_id + name = "pf-prod-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.branch-pf-prod-sa-cicd.0.iam_email, null) + ]) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-pf-dev-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.project_factory ? 1 : 0 + project_id = var.automation.project_id + name = "dev-resman-pf-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.pf-dev] + } +} + +module "branch-pf-prod-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.project_factory ? 1 : 0 + project_id = var.automation.project_id + name = "prod-resman-pf-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.pf-prod] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/branch-sandbox.tf b/fast/stages-multitenant/1-resman-tenant/branch-sandbox.tf new file mode 100644 index 00000000..6f3d526c --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/branch-sandbox.tf @@ -0,0 +1,51 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Sandbox stage resources. + +module "branch-sandbox-folder" { + source = "../../../modules/folder" + count = var.fast_features.sandbox ? 1 : 0 + parent = module.root-folder.id + name = "Sandbox" + iam = { + "roles/logging.admin" = [local.automation_sas_iam.sandbox] + "roles/owner" = [local.automation_sas_iam.sandbox] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.sandbox] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.sandbox] + } + org_policies = { + "constraints/sql.restrictPublicIp" = { enforce = false } + "constraints/compute.vmExternalIpAccess" = { allow = { all = true } } + } + tag_bindings = { + context = var.tags.values["${var.tags.names.context}/sandbox"] + } +} + +module "branch-sandbox-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.sandbox ? 1 : 0 + project_id = var.automation.project_id + name = "dev-resman-sbox-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.sandbox] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/branch-security.tf b/fast/stages-multitenant/1-resman-tenant/branch-security.tf new file mode 100644 index 00000000..d7253cce --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/branch-security.tf @@ -0,0 +1,76 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Security stage resources. + +module "branch-security-folder" { + source = "../../../modules/folder" + parent = module.root-folder.id + name = "Security" + group_iam = local.groups.gcp-security-admins == null ? {} : { + (local.groups.gcp-security-admins) = [ + # add any needed roles for resources/services not managed via Terraform, + # e.g. + # "roles/bigquery.admin", + # "roles/cloudasset.owner", + # "roles/cloudkms.admin", + # "roles/logging.admin", + # "roles/secretmanager.admin", + # "roles/storage.admin", + "roles/viewer" + ] + } + iam = { + "roles/logging.admin" = [local.automation_sas_iam.security] + "roles/owner" = [local.automation_sas_iam.security] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.security] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.security] + } + tag_bindings = { + context = var.tags.values["${var.tags.names.context}/security"] + } +} + +# automation service account and bucket + +module "branch-security-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation.project_id + name = "security-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam = { + "roles/iam.serviceAccountTokenCreator" = compact([ + try(module.branch-security-sa-cicd.0.iam_email, null) + ]) + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-security-gcs" { + source = "../../../modules/gcs" + project_id = var.automation.project_id + name = "prod-resman-sec-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [local.automation_sas_iam.security] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/branch-teams.tf b/fast/stages-multitenant/1-resman-tenant/branch-teams.tf new file mode 100644 index 00000000..57f22110 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/branch-teams.tf @@ -0,0 +1,163 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Team stage resources. + +# TODO(ludo): add support for CI/CD + +############### top-level Teams branch and automation resources ############### + +module "branch-teams-folder" { + source = "../../../modules/folder" + count = var.fast_features.teams ? 1 : 0 + parent = module.root-folder.id + name = "Teams" + iam = { + "roles/logging.admin" = [local.automation_sas_iam.teams] + "roles/owner" = [local.automation_sas_iam.teams] + "roles/resourcemanager.folderAdmin" = [local.automation_sas_iam.teams] + "roles/resourcemanager.projectCreator" = [local.automation_sas_iam.teams] + "roles/compute.xpnAdmin" = [local.automation_sas_iam.teams] + } + tag_bindings = { + context = var.tags.values["${var.tags.names.context}/teams"] + } +} + +module "branch-teams-sa" { + source = "../../../modules/iam-service-account" + count = var.fast_features.teams ? 1 : 0 + project_id = var.automation.project_id + name = "teams-0" + prefix = var.prefix + service_account_create = var.test_skip_data_sources + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.admin"] + } +} + +module "branch-teams-gcs" { + source = "../../../modules/gcs" + count = var.fast_features.teams ? 1 : 0 + project_id = var.automation.project_id + name = "prod-resman-teams-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-teams-sa.0.iam_email] + } +} + +################## per-team folders and automation resources ################## + +module "branch-teams-team-folder" { + source = "../../../modules/folder" + for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {} + parent = module.branch-teams-folder.0.id + name = each.value.descriptive_name + iam = { + "roles/logging.admin" = [module.branch-teams-team-sa[each.key].iam_email] + "roles/owner" = [module.branch-teams-team-sa[each.key].iam_email] + "roles/resourcemanager.folderAdmin" = [module.branch-teams-team-sa[each.key].iam_email] + "roles/resourcemanager.projectCreator" = [module.branch-teams-team-sa[each.key].iam_email] + "roles/compute.xpnAdmin" = [module.branch-teams-team-sa[each.key].iam_email] + } + group_iam = each.value.group_iam == null ? {} : each.value.group_iam +} + +module "branch-teams-team-sa" { + source = "../../../modules/iam-service-account" + for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {} + project_id = var.automation.project_id + name = "prod-teams-${each.key}-0" + display_name = "Terraform team ${each.key} service account." + prefix = var.prefix + iam = { + "roles/iam.serviceAccountTokenCreator" = ( + each.value.impersonation_groups == null + ? [] + : [for g in each.value.impersonation_groups : "group:${g}"] + ) + } +} + +module "branch-teams-team-gcs" { + source = "../../../modules/gcs" + for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {} + project_id = var.automation.project_id + name = "prod-teams-${each.key}-0" + prefix = var.prefix + location = var.locations.gcs + storage_class = local.gcs_storage_class + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-teams-team-sa[each.key].iam_email] + } +} + +# per-team environment folders where project factory SAs can create projects + +module "branch-teams-team-dev-folder" { + source = "../../../modules/folder" + for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {} + parent = module.branch-teams-team-folder[each.key].id + # naming: environment descriptive name + name = "Development" + # environment-wide human permissions on the whole teams environment + group_iam = {} + iam = { + (local.custom_roles.service_project_network_admin) = ( + local.branch_optional_sa_lists.pf-dev + ) + # remove owner here and at project level if SA does not manage project resources + "roles/owner" = local.branch_optional_sa_lists.pf-dev + "roles/logging.admin" = local.branch_optional_sa_lists.pf-dev + "roles/resourcemanager.folderAdmin" = local.branch_optional_sa_lists.pf-dev + "roles/resourcemanager.projectCreator" = local.branch_optional_sa_lists.pf-dev + } + tag_bindings = { + environment = try( + var.tags.values["${var.tags.names.environment}/development"], null + ) + } +} + +module "branch-teams-team-prod-folder" { + source = "../../../modules/folder" + for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {} + parent = module.branch-teams-team-folder[each.key].id + # naming: environment descriptive name + name = "Production" + # environment-wide human permissions on the whole teams environment + group_iam = {} + iam = { + (local.custom_roles.service_project_network_admin) = ( + local.branch_optional_sa_lists.pf-prod + ) + # remove owner here and at project level if SA does not manage project resources + "roles/owner" = local.branch_optional_sa_lists.pf-prod + "roles/logging.admin" = local.branch_optional_sa_lists.pf-prod + "roles/resourcemanager.folderAdmin" = local.branch_optional_sa_lists.pf-prod + "roles/resourcemanager.projectCreator" = local.branch_optional_sa_lists.pf-prod + } + tag_bindings = { + environment = try( + var.tags.values["${var.tags.names.environment}/production"], null + ) + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/cicd-data-platform.tf b/fast/stages-multitenant/1-resman-tenant/cicd-data-platform.tf new file mode 100644 index 00000000..704f45d7 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/cicd-data-platform.tf @@ -0,0 +1,173 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description CI/CD resources for the data platform branch. + +# source repositories + +module "branch-dp-dev-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.data_platform_dev.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.data_platform_dev } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = local.branch_optional_sa_lists.dp-dev + "roles/source.reader" = compact([ + try(module.branch-dp-dev-sa-cicd.0.iam_email, "") + ]) + } + triggers = { + fast-03-dp-dev = { + filename = ".cloudbuild/workflow.yaml" + included_files = [ + "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml" + ] + service_account = module.branch-dp-dev-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-dp-dev-sa-cicd] +} + +module "branch-dp-prod-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.data_platform_prod.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.data_platform_prod } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = local.branch_optional_sa_lists.dp-prod + "roles/source.reader" = [module.branch-dp-prod-sa-cicd.0.iam_email] + } + triggers = { + fast-03-dp-prod = { + filename = ".cloudbuild/workflow.yaml" + included_files = [ + "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml" + ] + service_account = module.branch-dp-prod-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-dp-prod-sa-cicd] +} + +# SAs used by CI/CD workflows to impersonate automation SAs + +module "branch-dp-dev-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.data_platform_dev.name, null) != null + ? { 0 = local.cicd_repositories.data_platform_dev } + : {} + ) + project_id = var.automation.project_id + name = "dev-resman-dp-1" + display_name = "Terraform CI/CD data platform development service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} + +module "branch-dp-prod-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.data_platform_prod.name, null) != null + ? { 0 = local.cicd_repositories.data_platform_prod } + : {} + ) + project_id = var.automation.project_id + name = "prod-resman-dp-1" + display_name = "Terraform CI/CD data platform production service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/cicd-gke.tf b/fast/stages-multitenant/1-resman-tenant/cicd-gke.tf new file mode 100644 index 00000000..dfd035a5 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/cicd-gke.tf @@ -0,0 +1,175 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description CI/CD resources for the data platform branch. + +# source repositories + +module "branch-gke-dev-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.gke_dev.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.gke_dev } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = compact([ + try(module.branch-gke-dev-sa.0.iam_email, "") + ]) + "roles/source.reader" = compact([ + try(module.branch-gke-dev-sa-cicd.0.iam_email, "") + ]) + } + triggers = { + fast-03-gke-dev = { + filename = ".cloudbuild/workflow.yaml" + included_files = [ + "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml" + ] + service_account = module.branch-gke-dev-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-gke-dev-sa-cicd] +} + +module "branch-gke-prod-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.gke_prod.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.gke_prod } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = [module.branch-gke-prod-sa.0.iam_email] + "roles/source.reader" = [module.branch-gke-prod-sa-cicd.0.iam_email] + } + triggers = { + fast-03-gke-prod = { + filename = ".cloudbuild/workflow.yaml" + included_files = [ + "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml" + ] + service_account = module.branch-gke-prod-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-gke-prod-sa-cicd] +} + +# SAs used by CI/CD workflows to impersonate automation SAs + +module "branch-gke-dev-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.gke_dev.name, null) != null + ? { 0 = local.cicd_repositories.gke_dev } + : {} + ) + project_id = var.automation.project_id + name = "dev-resman-gke-1" + display_name = "Terraform CI/CD GKE development service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} + +module "branch-gke-prod-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.gke_prod.name, null) != null + ? { 0 = local.cicd_repositories.gke_prod } + : {} + ) + project_id = var.automation.project_id + name = "prod-resman-gke-1" + display_name = "Terraform CI/CD GKE production service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/cicd-networking.tf b/fast/stages-multitenant/1-resman-tenant/cicd-networking.tf new file mode 100644 index 00000000..dbaf587d --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/cicd-networking.tf @@ -0,0 +1,94 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description CI/CD resources for the networking branch. + +# source repository + +module "branch-network-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.networking.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.networking } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = [module.branch-network-sa.iam_email] + "roles/source.reader" = [module.branch-network-sa-cicd.0.iam_email] + } + triggers = { + fast-02-networking = { + filename = ".cloudbuild/workflow.yaml" + included_files = ["**/*tf", ".cloudbuild/workflow.yaml"] + service_account = module.branch-network-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-network-sa-cicd] +} + +# SA used by CI/CD workflows to impersonate automation SAs + +module "branch-network-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.networking.name, null) != null + ? { 0 = local.cicd_repositories.networking } + : {} + ) + project_id = var.automation.project_id + name = "prod-resman-net-1" + display_name = "Terraform CI/CD stage 2 networking service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/cicd-project-factory.tf b/fast/stages-multitenant/1-resman-tenant/cicd-project-factory.tf new file mode 100644 index 00000000..4c46d858 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/cicd-project-factory.tf @@ -0,0 +1,191 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description CI/CD resources for the teams branch. + +# source repositories + +moved { + from = module.branch-teams-dev-pf-cicd-repo + to = module.branch-pf-dev-cicd-repo +} + +module "branch-pf-dev-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.project_factory_dev.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.project_factory_dev } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = local.branch_optional_sa_lists.pf-dev + "roles/source.reader" = [module.branch-pf-dev-sa-cicd.0.iam_email] + } + triggers = { + fast-03-pf-dev = { + filename = ".cloudbuild/workflow.yaml" + included_files = [ + "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml" + ] + service_account = module.branch-pf-dev-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-pf-dev-sa-cicd] +} + +moved { + from = module.branch-teams-prod-pf-cicd-repo + to = module.branch-pf-prod-cicd-repo +} + +module "branch-pf-prod-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.project_factory_prod.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.project_factory_prod } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = local.branch_optional_sa_lists.pf-prod + "roles/source.reader" = [module.branch-pf-prod-sa-cicd.0.iam_email] + } + triggers = { + fast-03-pf-prod = { + filename = ".cloudbuild/workflow.yaml" + included_files = [ + "**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml" + ] + service_account = module.branch-pf-prod-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-pf-prod-sa-cicd] +} + +# SAs used by CI/CD workflows to impersonate automation SAs + +moved { + from = module.branch-teams-dev-pf-sa-cicd + to = module.branch-pf-dev-sa-cicd +} + +module "branch-pf-dev-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.project_factory_dev.name, null) != null + ? { 0 = local.cicd_repositories.project_factory_dev } + : {} + ) + project_id = var.automation.project_id + name = "dev-pf-resman-pf-1" + display_name = "Terraform CI/CD project factory development service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} + +moved { + from = module.branch-teams-prod-pf-sa-cicd + to = module.branch-pf-prod-sa-cicd +} + +module "branch-pf-prod-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.project_factory_prod.name, null) != null + ? { 0 = local.cicd_repositories.project_factory_prod } + : {} + ) + project_id = var.automation.project_id + name = "prod-pf-resman-pf-1" + display_name = "Terraform CI/CD project factory production service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + var.automation.federated_identity_pool, + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + var.automation.federated_identity_pool, + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/cicd-security.tf b/fast/stages-multitenant/1-resman-tenant/cicd-security.tf new file mode 100644 index 00000000..5cb1581c --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/cicd-security.tf @@ -0,0 +1,94 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description CI/CD resources for the security branch. + +# source repository + +module "branch-security-cicd-repo" { + source = "../../../modules/source-repository" + for_each = ( + try(local.cicd_repositories.security.type, null) == "sourcerepo" + ? { 0 = local.cicd_repositories.security } + : {} + ) + project_id = var.automation.project_id + name = each.value.name + iam = { + "roles/source.admin" = [module.branch-security-sa.iam_email] + "roles/source.reader" = [module.branch-security-sa-cicd.0.iam_email] + } + triggers = { + fast-02-security = { + filename = ".cloudbuild/workflow.yaml" + included_files = ["**/*tf", ".cloudbuild/workflow.yaml"] + service_account = module.branch-security-sa-cicd.0.id + substitutions = {} + template = { + project_id = null + branch_name = each.value.branch + repo_name = each.value.name + tag_name = null + } + } + } + depends_on = [module.branch-security-sa-cicd] +} + +# SA used by CI/CD workflows to impersonate automation SAs + +module "branch-security-sa-cicd" { + source = "../../../modules/iam-service-account" + for_each = ( + try(local.cicd_repositories.security.name, null) != null + ? { 0 = local.cicd_repositories.security } + : {} + ) + project_id = var.automation.project_id + name = "prod-resman-sec-1" + display_name = "Terraform CI/CD stage 2 security service account." + prefix = var.prefix + iam = ( + each.value.type == "sourcerepo" + # used directly from the cloud build trigger for source repos + ? { + "roles/iam.serviceAccountUser" = local.automation_resman_sa_iam + } + # impersonated via workload identity federation for external repos + : { + "roles/iam.workloadIdentityUser" = [ + each.value.branch == null + ? format( + local.cicd_identity_providers[each.value.identity_provider].principalset_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name + ) + : format( + local.cicd_identity_providers[each.value.identity_provider].principal_tpl, + local.cicd_identity_pools[each.value.identity_provider], + each.value.name, + each.value.branch + ) + ] + } + ) + iam_project_roles = { + (var.automation.project_id) = ["roles/logging.logWriter"] + } + iam_storage_roles = { + (var.automation.outputs_bucket) = ["roles/storage.objectViewer"] + } +} diff --git a/fast/stages/01-resman/data/org-policies/compute.yaml b/fast/stages-multitenant/1-resman-tenant/data/org-policies/compute.yaml similarity index 100% rename from fast/stages/01-resman/data/org-policies/compute.yaml rename to fast/stages-multitenant/1-resman-tenant/data/org-policies/compute.yaml diff --git a/fast/stages/01-resman/data/org-policies/iam.yaml b/fast/stages-multitenant/1-resman-tenant/data/org-policies/iam.yaml similarity index 100% rename from fast/stages/01-resman/data/org-policies/iam.yaml rename to fast/stages-multitenant/1-resman-tenant/data/org-policies/iam.yaml diff --git a/fast/stages/01-resman/data/org-policies/serverless.yaml b/fast/stages-multitenant/1-resman-tenant/data/org-policies/serverless.yaml similarity index 100% rename from fast/stages/01-resman/data/org-policies/serverless.yaml rename to fast/stages-multitenant/1-resman-tenant/data/org-policies/serverless.yaml diff --git a/fast/stages/01-resman/data/org-policies/sql.yaml b/fast/stages-multitenant/1-resman-tenant/data/org-policies/sql.yaml similarity index 100% rename from fast/stages/01-resman/data/org-policies/sql.yaml rename to fast/stages-multitenant/1-resman-tenant/data/org-policies/sql.yaml diff --git a/fast/stages/01-resman/data/org-policies/storage.yaml b/fast/stages-multitenant/1-resman-tenant/data/org-policies/storage.yaml similarity index 100% rename from fast/stages/01-resman/data/org-policies/storage.yaml rename to fast/stages-multitenant/1-resman-tenant/data/org-policies/storage.yaml diff --git a/fast/stages/01-resman/diagram.png b/fast/stages-multitenant/1-resman-tenant/diagram.png similarity index 100% rename from fast/stages/01-resman/diagram.png rename to fast/stages-multitenant/1-resman-tenant/diagram.png diff --git a/fast/stages/01-resman/diagram.svg b/fast/stages-multitenant/1-resman-tenant/diagram.svg similarity index 100% rename from fast/stages/01-resman/diagram.svg rename to fast/stages-multitenant/1-resman-tenant/diagram.svg diff --git a/fast/stages-multitenant/1-resman-tenant/main.tf b/fast/stages-multitenant/1-resman-tenant/main.tf new file mode 100644 index 00000000..76c04639 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/main.tf @@ -0,0 +1,79 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + automation_resman_sa_iam = [ + "serviceAccount:${var.automation.service_accounts.resman}" + ] + automation_sas_iam = { + for k, v in var.automation.service_accounts : + k => v == null ? null : "serviceAccount:${v}" + } + branch_optional_sa_lists = { + dp-dev = compact([local.automation_sas_iam.dp-dev]) + dp-prod = compact([local.automation_sas_iam.dp-prod]) + gke-dev = compact([local.automation_sas_iam.gke-dev]) + gke-prod = compact([local.automation_sas_iam.gke-prod]) + pf-dev = compact([local.automation_sas_iam.pf-dev]) + pf-prod = compact([local.automation_sas_iam.pf-prod]) + } + # derive identity pool names from identity providers for easy reference + cicd_identity_pools = { + for k, v in local.cicd_identity_providers : + k => split("/providers/", v.name)[0] + } + cicd_identity_providers = coalesce( + try(var.automation.federated_identity_providers, null), {} + ) + cicd_repositories = { + for k, v in coalesce(var.cicd_repositories, {}) : k => v + if( + v != null && + ( + try(v.type, null) == "sourcerepo" + || + contains( + keys(local.cicd_identity_providers), + coalesce(try(v.identity_provider, null), ":") + ) + ) && + fileexists("${path.module}/templates/workflow-${try(v.type, "")}.yaml") + ) + } + cicd_workflow_var_files = { + stage_2 = [ + "0-bootstrap-tenant.auto.tfvars.json", + ] + stage_3 = [ + "0-bootstrap-tenant.auto.tfvars.json", + "2-networking.auto.tfvars.json", + "2-security.auto.tfvars.json" + ] + } + custom_roles = coalesce(var.custom_roles, {}) + gcs_storage_class = ( + length(split("-", var.locations.gcs)) < 2 + ? "MULTI_REGIONAL" + : "REGIONAL" + ) + groups = { + for k, v in var.groups : + k => v == null ? null : "${v}@${var.organization.domain}" + } + groups_iam = { + for k, v in local.groups : k => v != null ? "group:${v}" : null + } +} diff --git a/fast/stages-multitenant/1-resman-tenant/outputs-files.tf b/fast/stages-multitenant/1-resman-tenant/outputs-files.tf new file mode 100644 index 00000000..29d5ed46 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/outputs-files.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Output files persistence to local filesystem. + +locals { + outputs_root = join("/", [ + try(pathexpand(var.outputs_location), ""), + "tenants", + var.short_name + ]) +} + +resource "local_file" "providers" { + for_each = var.outputs_location == null ? {} : local.providers + file_permission = "0644" + filename = "${local.outputs_root}/providers/${each.key}-providers.tf" + content = try(each.value, null) +} + +resource "local_file" "tfvars" { + count = var.outputs_location == null ? 0 : 1 + file_permission = "0644" + filename = "${local.outputs_root}/tfvars/1-resman.auto.tfvars.json" + content = jsonencode(local.tfvars) +} + +resource "local_file" "workflows" { + for_each = var.outputs_location == null ? {} : local.cicd_workflows + file_permission = "0644" + filename = "${local.outputs_root}/workflows/${replace(each.key, "_", "-")}-workflow.yaml" + content = try(each.value, null) +} diff --git a/fast/stages-multitenant/1-resman-tenant/outputs-gcs.tf b/fast/stages-multitenant/1-resman-tenant/outputs-gcs.tf new file mode 100644 index 00000000..6b0fc89c --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/outputs-gcs.tf @@ -0,0 +1,37 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Output files persistence to automation GCS bucket. + +resource "google_storage_bucket_object" "providers" { + for_each = local.providers + bucket = var.automation.outputs_bucket + name = "providers/${each.key}-providers.tf" + content = each.value +} + +resource "google_storage_bucket_object" "tfvars" { + bucket = var.automation.outputs_bucket + name = "tfvars/1-resman.auto.tfvars.json" + content = jsonencode(local.tfvars) +} + +resource "google_storage_bucket_object" "workflows" { + for_each = local.cicd_workflows + bucket = var.automation.outputs_bucket + name = "workflows/${replace(each.key, "_", "-")}-workflow.yaml" + content = each.value +} diff --git a/fast/stages-multitenant/1-resman-tenant/outputs.tf b/fast/stages-multitenant/1-resman-tenant/outputs.tf new file mode 100644 index 00000000..ad2d8dcf --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/outputs.tf @@ -0,0 +1,311 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + _tpl_providers = "${path.module}/templates/providers.tf.tpl" + cicd_workflow_attrs = { + data_platform_dev = { + service_account = try(module.branch-dp-dev-sa-cicd.0.email, null) + tf_providers_file = "3-data-platform-dev-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_3 + } + data_platform_prod = { + service_account = try(module.branch-dp-prod-sa-cicd.0.email, null) + tf_providers_file = "3-data-platform-prod-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_3 + } + gke_dev = { + service_account = try(module.branch-gke-dev-sa-cicd.0.email, null) + tf_providers_file = "3-gke-dev-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_3 + } + gke_prod = { + service_account = try(module.branch-gke-prod-sa-cicd.0.email, null) + tf_providers_file = "3-gke-prod-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_3 + } + networking = { + service_account = try(module.branch-network-sa-cicd.0.email, null) + tf_providers_file = "2-networking-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_2 + } + project_factory_dev = { + service_account = try(module.branch-pf-dev-sa-cicd.0.email, null) + tf_providers_file = "3-project-factory-dev-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_3 + } + project_factory_prod = { + service_account = try(module.branch-pf-prod-sa-cicd.0.email, null) + tf_providers_file = "3-project-factory-prod-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_3 + } + security = { + service_account = try(module.branch-security-sa-cicd.0.email, null) + tf_providers_file = "2-security-providers.tf" + tf_var_files = local.cicd_workflow_var_files.stage_2 + } + } + cicd_workflows = { + for k, v in local.cicd_repositories : k => templatefile( + "${path.module}/templates/workflow-${v.type}.yaml", + merge(local.cicd_workflow_attrs[k], { + identity_provider = try( + local.cicd_identity_providers[v.identity_provider].name, null + ) + outputs_bucket = var.automation.outputs_bucket + stage_name = k + }) + ) + } + folder_ids = merge( + { + data-platform-dev = try(module.branch-dp-dev-folder.0.id, null) + data-platform-prod = try(module.branch-dp-prod-folder.0.id, null) + gke-dev = try(module.branch-gke-dev-folder.0.id, null) + gke-prod = try(module.branch-gke-prod-folder.0.id, null) + networking = module.branch-network-folder.id + networking-dev = module.branch-network-dev-folder.id + networking-prod = module.branch-network-prod-folder.id + sandbox = try(module.branch-sandbox-folder.0.id, null) + security = module.branch-security-folder.id + teams = try(module.branch-teams-folder.0.id, null) + }, + { + for k, v in module.branch-teams-team-folder : + "team-${k}" => v.id + }, + { + for k, v in module.branch-teams-team-dev-folder : + "team-${k}-dev" => v.id + }, + { + for k, v in module.branch-teams-team-prod-folder : + "team-${k}-prod" => v.id + } + ) + providers = merge( + { + "2-0-networking" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-network-gcs.name + name = "networking" + sa = module.branch-network-sa.email + }) + "2-0-security" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-security-gcs.name + name = "security" + sa = module.branch-security-sa.email + }) + }, + !var.fast_features.data_platform ? {} : { + "3-0-data-platform-dev" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-dp-dev-gcs.0.name + name = "dp-dev" + sa = module.branch-dp-dev-sa.0.email + }) + "3-0-data-platform-prod" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-dp-prod-gcs.0.name + name = "dp-prod" + sa = module.branch-dp-prod-sa.0.email + }) + }, + !var.fast_features.gke ? {} : { + "3-0-gke-dev" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-gke-dev-gcs.0.name + name = "gke-dev" + sa = module.branch-gke-dev-sa.0.email + }) + "3-0-gke-prod" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-gke-prod-gcs.0.name + name = "gke-prod" + sa = module.branch-gke-prod-sa.0.email + }) + }, + !var.fast_features.project_factory ? {} : { + "3-0-project-factory-dev" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-pf-dev-gcs.0.name + name = "team-dev" + sa = var.automation.service_accounts.pf-dev + }) + "3-0-project-factory-prod" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-pf-prod-gcs.0.name + name = "team-prod" + sa = var.automation.service_accounts.pf-prod + }) + }, + !var.fast_features.sandbox ? {} : { + "9-0-sandbox" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-sandbox-gcs.0.name + name = "sandbox" + sa = var.automation.service_accounts.sandbox + }) + }, + !var.fast_features.teams ? {} : merge( + { + "3-teams" = templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-teams-gcs.0.name + name = "teams" + sa = module.branch-teams-sa.0.email + }) + }, + { + for k, v in module.branch-teams-team-sa : + "3-teams-${k}" => templatefile(local._tpl_providers, { + backend_extra = null + bucket = module.branch-teams-team-gcs[k].name + name = "teams" + sa = v.email + }) + } + ) + ) + tfvars = { + folder_ids = local.folder_ids + } +} + +output "cicd_repositories" { + description = "WIF configuration for CI/CD repositories." + value = { + for k, v in local.cicd_repositories : k => { + branch = v.branch + name = v.name + provider = try( + local.cicd_identity_providers[v.identity_provider].name, null + ) + service_account = local.cicd_workflow_attrs[k].service_account + } if v != null + } +} + +output "dataplatform" { + description = "Data for the Data Platform stage." + value = !var.fast_features.data_platform ? {} : { + dev = { + folder = module.branch-dp-dev-folder.0.id + gcs_bucket = module.branch-dp-dev-gcs.0.name + service_account = module.branch-dp-dev-sa.0.email + } + prod = { + folder = module.branch-dp-prod-folder.0.id + gcs_bucket = module.branch-dp-prod-gcs.0.name + service_account = module.branch-dp-prod-sa.0.email + } + } +} + +output "gke_multitenant" { + # tfdoc:output:consumers 03-gke-multitenant + description = "Data for the GKE multitenant stage." + value = ( + var.fast_features.gke + ? { + "dev" = { + folder = module.branch-gke-dev-folder.0.id + gcs_bucket = module.branch-gke-dev-gcs.0.name + service_account = module.branch-gke-dev-sa.0.email + } + "prod" = { + folder = module.branch-gke-prod-folder.0.id + gcs_bucket = module.branch-gke-prod-gcs.0.name + service_account = module.branch-gke-prod-sa.0.email + } + } + : {} + ) +} + +output "networking" { + description = "Data for the networking stage." + value = { + folder = module.branch-network-folder.id + gcs_bucket = module.branch-network-gcs.name + service_account = module.branch-network-sa.iam_email + } +} + +output "project_factories" { + description = "Data for the project factories stage." + value = !var.fast_features.project_factory ? {} : { + dev = { + bucket = module.branch-pf-dev-gcs.0.name + sa = var.automation.service_accounts.pf-dev + } + prod = { + bucket = module.branch-pf-prod-gcs.0.name + sa = var.automation.service_accounts.pf-prod + } + } +} + +# ready to use provider configurations for subsequent stages +output "providers" { + # tfdoc:output:consumers 02-networking 02-security 03-dataplatform xx-sandbox xx-teams + description = "Terraform provider files for this stage and dependent stages." + sensitive = true + value = local.providers +} + +output "sandbox" { + # tfdoc:output:consumers xx-sandbox + description = "Data for the sandbox stage." + value = ( + var.fast_features.sandbox + ? { + folder = module.branch-sandbox-folder.0.id + gcs_bucket = module.branch-sandbox-gcs.0.name + service_account = var.automation.service_accounts.sandbox + } + : null + ) +} + +output "security" { + # tfdoc:output:consumers 02-security + description = "Data for the networking stage." + value = { + folder = module.branch-security-folder.id + gcs_bucket = module.branch-security-gcs.name + service_account = module.branch-security-sa.iam_email + } +} + +output "teams" { + description = "Data for the teams stage." + value = { + for k, v in module.branch-teams-team-folder : k => { + folder = v.id + gcs_bucket = module.branch-teams-team-gcs[k].name + service_account = module.branch-teams-team-sa[k].email + } + } +} + +# ready to use variable values for subsequent stages +output "tfvars" { + description = "Terraform variable files for the following stages." + sensitive = true + value = local.tfvars +} diff --git a/fast/stages-multitenant/1-resman-tenant/root_node.tf b/fast/stages-multitenant/1-resman-tenant/root_node.tf new file mode 100644 index 00000000..5b83d2dd --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/root_node.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Tenant root folder configuration. + +module "root-folder" { + source = "../../../modules/folder" + id = var.root_node + folder_create = var.test_skip_data_sources + # start test attributes + parent = ( + var.test_skip_data_sources ? "organizations/${var.organization.id}" : null + ) + name = var.test_skip_data_sources ? "Test" : null + # end test attributes + iam_additive = { + "roles/accesscontextmanager.policyAdmin" = [ + local.automation_sas_iam.security + ] + "roles/compute.orgFirewallPolicyAdmin" = [ + local.automation_sas_iam.networking + ] + "roles/compute.xpnAdmin" = [ + local.automation_sas_iam.networking + ] + } + org_policies_data_path = var.organization_policy_data_path +} diff --git a/fast/stages-multitenant/1-resman-tenant/templates/providers.tf.tpl b/fast/stages-multitenant/1-resman-tenant/templates/providers.tf.tpl new file mode 100644 index 00000000..993c78ca --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/templates/providers.tf.tpl @@ -0,0 +1,33 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "${bucket}" + impersonate_service_account = "${sa}" + %{~ if backend_extra != null ~} + ${indent(4, backend_extra)} + %{~ endif ~} + } +} +provider "google" { + impersonate_service_account = "${sa}" +} +provider "google-beta" { + impersonate_service_account = "${sa}" +} + +# end provider.tf for ${name} diff --git a/fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml b/fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml new file mode 100644 index 00000000..8a946d84 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml @@ -0,0 +1,186 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: "FAST ${stage_name} stage" + +on: + pull_request: + branches: + - main + types: + - closed + - opened + - synchronize + +env: + FAST_OUTPUTS_BUCKET: ${outputs_bucket} + FAST_SERVICE_ACCOUNT: ${service_account} + FAST_WIF_PROVIDER: ${identity_provider} + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + TF_PROVIDERS_FILE: ${tf_providers_file} + TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} + TF_VERSION: 1.3.2 + +jobs: + fast-pr: + permissions: + contents: read + id-token: write + issues: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout repository + uses: actions/checkout@v3 + + # set up SSH key authentication to the modules repository + - id: ssh-config + name: Configure SSH authentication + run: | + ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null + ssh-add - <<< "$${{ secrets.CICD_MODULES_KEY }}" + + # set up authentication via Workload identity Federation + - id: gcp-auth + name: Authenticate to Google Cloud + uses: google-github-actions/auth@v0 + with: + workload_identity_provider: $${{ env.FAST_WIF_PROVIDER }} + service_account: $${{ env.FAST_SERVICE_ACCOUNT }} + access_token_lifetime: 3600s + + - id: gcp-sdk + name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0 + with: + install_components: alpha + + # copy provider and tfvars files + - id: tf-config + name: Copy Terraform output files + run: | + gcloud alpha storage cp -r \ + "gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.TF_PROVIDERS_FILE}}" ./ + gcloud alpha storage cp -r \ + "gs://$${{env.FAST_OUTPUTS_BUCKET}}/tfvars" ./ + for f in $${{env.TF_VAR_FILES}}; do + ln -s "tfvars/$f" ./ + done + + - id: tf-setup + name: Set up Terraform + uses: hashicorp/setup-terraform@v2.0.3 + with: + terraform_version: $${{ env.TF_VERSION }} + + # run Terraform init/validate/plan + - id: tf-init + name: Terraform init + run: | + terraform init -no-color + + - id: tf-validate + name: Terraform validate + run: terraform validate -no-color + + - id: tf-plan + name: Terraform plan + continue-on-error: true + run: | + terraform plan -input=false -out ../plan.out -no-color + + - id: tf-apply + if: github.event.pull_request.merged == true && success() + name: Terraform apply + continue-on-error: true + run: | + terraform apply -input=false -auto-approve -no-color ../plan.out + + - id: pr-comment + name: Post comment to Pull Request + continue-on-error: true + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: $${{ steps.tf-plan.outputs.stdout }}\n$${{ steps.tf-plan.outputs.stderr }} + with: + script: | + const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + + ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + +
Validation Output + + \`\`\`\n + $${{ steps.tf-validate.outputs.stdout }} + \`\`\` + +
+ + ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + +
Show Plan + + \`\`\`\n + $${process.env.PLAN.split('\n').filter(l => l.match(/^([A-Z\s].*|)$$/)).join('\n')} + \`\`\` + +
+ + ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + + *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + - id: pr-short-comment + name: Post comment to Pull Request + uses: actions/github-script@v6 + if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' + with: + script: | + const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + + ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + + ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + + Plan output is in the action log. + + ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + + *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + - id: check-plan + name: Check plan failure + if: steps.tf-plan.outcome != 'success' + run: exit 1 + + - id: check-apply + name: Check apply failure + if: github.event.pull_request.merged == true && steps.tf-apply.outcome != 'success' + run: exit 1 diff --git a/fast/stages-multitenant/1-resman-tenant/templates/workflow-gitlab.yaml b/fast/stages-multitenant/1-resman-tenant/templates/workflow-gitlab.yaml new file mode 100644 index 00000000..8981e70b --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/templates/workflow-gitlab.yaml @@ -0,0 +1,120 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +default: + before_script: + - echo "$${CI_JOB_JWT_V2}" > token.txt + image: + name: hashicorp/terraform + entrypoint: + - "/usr/bin/env" + - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +variables: + GOOGLE_CREDENTIALS: cicd-sa-credentials.json + FAST_OUTPUTS_BUCKET: ${outputs_bucket} + FAST_SERVICE_ACCOUNT: ${service_account} + FAST_WIF_PROVIDER: ${identity_provider} + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + TF_PROVIDERS_FILE: ${tf_providers_file} + TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} + +stages: + - gcp-auth + - tf-files + - tf-plan + - tf-apply + +cache: + key: gcp-auth + paths: + - cicd-sa-credentials.json + - .tf-setup + +gcp-auth: + image: + name: google/cloud-sdk:slim + stage: gcp-auth + script: + - | + gcloud iam workload-identity-pools create-cred-config \ + $${FAST_WIF_PROVIDER} \ + --service-account=$${FAST_SERVICE_ACCOUNT} \ + --service-account-token-lifetime-seconds=3600 \ + --output-file=$${GOOGLE_CREDENTIALS} \ + --credential-source-file=token.txt +tf-files: + dependencies: + - gcp-auth + image: + name: google/cloud-sdk:slim + stage: tf-files + script: + # - gcloud components install -q alpha + - gcloud config set auth/credential_file_override $${GOOGLE_CREDENTIALS} + - mkdir -p .tf-setup + - | + gcloud alpha storage cp -r \ + "gs://$${FAST_OUTPUTS_BUCKET}/providers/$${TF_PROVIDERS_FILE}" .tf-setup/ + - | + gcloud alpha storage cp -r \ + "gs://$${FAST_OUTPUTS_BUCKET}/tfvars" .tf-setup/ + +tf-plan: + # uncomment the following lines and set the SSH key secret for private modules repo + # before_script: + # - | + # ssh-agent -a $SSH_AUTH_SOCK > /dev/null + # echo "$CICD_MODULES_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null + # mkdir -p ~/.ssh + # ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts + # ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts + stage: tf-plan + script: + - cp .tf-setup/$${TF_PROVIDERS_FILE} ./ + - | + for f in $${TF_VAR_FILES}; do + ln -s ".tf-setup/tfvars/$f" ./ + done + - terraform init + - terraform validate + - terraform plan + dependencies: + - tf-files + +tf-apply: + # uncomment the following lines and set the SSH key secret for private modules repo + # before_script: + # - | + # ssh-agent -a $SSH_AUTH_SOCK > /dev/null + # echo "$CICD_MODULES_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null + # mkdir -p ~/.ssh + # ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts + # ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts + stage: tf-apply + script: + - cp .tf-setup/$${TF_PROVIDERS_FILE} ./ + - | + for f in $${TF_VAR_FILES}; do + ln -s ".tf-setup/tfvars/$f" ./ + done + - terraform init + - terraform validate + - terraform apply -input=false -auto-approve + dependencies: + - tf-files + when: manual + only: + variables: + - $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH diff --git a/fast/stages-multitenant/1-resman-tenant/templates/workflow-sourcerepo.yaml b/fast/stages-multitenant/1-resman-tenant/templates/workflow-sourcerepo.yaml new file mode 100644 index 00000000..446c9c96 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/templates/workflow-sourcerepo.yaml @@ -0,0 +1,98 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +steps: + - name: alpine:3 + id: tf-download + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + mkdir -p /builder/home/.local/bin + wget https://releases.hashicorp.com/terraform/$${_TF_VERSION}/terraform_$${_TF_VERSION}_linux_amd64.zip + unzip terraform_$${_TF_VERSION}_linux_amd64.zip -d /builder/home/.local/bin + rm terraform_$${_TF_VERSION}_linux_amd64.zip + chmod 755 /builder/home/.local/bin/terraform + - name: alpine:3 + id: tf-check-format + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform fmt -recursive -check /workspace/ + - name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine + id: tf-files + entrypoint: bash + args: + - -eEuo + - pipefail + - -c + - |- + /google-cloud-sdk/bin/gsutil cp \ + gs://$${_FAST_OUTPUTS_BUCKET}/providers/$${_TF_PROVIDERS_FILE} ./ + /google-cloud-sdk/bin/gsutil cp -r \ + gs://$${_FAST_OUTPUTS_BUCKET}/tfvars ./ + for f in $${_TF_VAR_FILES}; do + ln -s tfvars/$f ./ + done + - name: alpine:3 + id: tf-init + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform init -no-color + - name: alpine:3 + id: tf-check-validate + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform validate -no-color + - name: alpine:3 + id: tf-plan + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform plan -no-color -input=false -out plan.out + # store artifact and ask for approval here if needed + - name: alpine:3 + id: tf-apply + entrypoint: sh + args: + - -eEuo + - pipefail + - -c + - |- + terraform apply -no-color -input=false -auto-approve plan.out +options: + env: + - PATH=/usr/local/bin:/usr/bin:/bin:/builder/home/.local/bin + logging: CLOUD_LOGGING_ONLY +substitutions: + _FAST_OUTPUTS_BUCKET: ${outputs_bucket} + _TF_PROVIDERS_FILE: ${tf_providers_file} + _TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} + _TF_VERSION: 1.3.2 diff --git a/fast/stages-multitenant/1-resman-tenant/variables.tf b/fast/stages-multitenant/1-resman-tenant/variables.tf new file mode 100644 index 00000000..0229dd78 --- /dev/null +++ b/fast/stages-multitenant/1-resman-tenant/variables.tf @@ -0,0 +1,281 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# defaults for variables marked with global tfdoc annotations, can be set via +# the tfvars file generated in stage 00 and stored in its outputs + +variable "automation" { + # tfdoc:variable:source 0-bootstrap + description = "Automation resources created by the bootstrap stage." + type = object({ + outputs_bucket = string + project_id = string + project_number = string + federated_identity_pools = list(string) + federated_identity_providers = map(object({ + issuer = string + issuer_uri = string + name = string + principal_tpl = string + principalset_tpl = string + })) + service_accounts = object({ + networking = string + resman = string + security = string + dp-dev = optional(string) + dp-prod = optional(string) + gke-dev = optional(string) + gke-prod = optional(string) + pf-dev = optional(string) + pf-prod = optional(string) + sandbox = optional(string) + teams = optional(string) + }) + }) +} + +variable "billing_account" { + # tfdoc:variable:source 0-bootstrap + description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false." + type = object({ + id = string + is_org_level = optional(bool, true) + }) + validation { + condition = var.billing_account.is_org_level != null + error_message = "Invalid `null` value for `billing_account.is_org_level`." + } +} + +variable "cicd_repositories" { + description = "CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed." + type = object({ + data_platform_dev = object({ + branch = string + identity_provider = string + name = string + type = string + }) + data_platform_prod = object({ + branch = string + identity_provider = string + name = string + type = string + }) + gke_dev = object({ + branch = string + identity_provider = string + name = string + type = string + }) + gke_prod = object({ + branch = string + identity_provider = string + name = string + type = string + }) + networking = object({ + branch = string + identity_provider = string + name = string + type = string + }) + project_factory_dev = object({ + branch = string + identity_provider = string + name = string + type = string + }) + project_factory_prod = object({ + branch = string + identity_provider = string + name = string + type = string + }) + security = object({ + branch = string + identity_provider = string + name = string + type = string + }) + }) + default = null + validation { + condition = alltrue([ + for k, v in coalesce(var.cicd_repositories, {}) : + v == null || try(v.name, null) != null + ]) + error_message = "Non-null repositories need a non-null name." + } + validation { + condition = alltrue([ + for k, v in coalesce(var.cicd_repositories, {}) : + v == null || ( + try(v.identity_provider, null) != null + || + try(v.type, null) == "sourcerepo" + ) + ]) + error_message = "Non-null repositories need a non-null provider unless type is 'sourcerepo'." + } + validation { + condition = alltrue([ + for k, v in coalesce(var.cicd_repositories, {}) : + v == null || ( + contains(["github", "gitlab", "sourcerepo"], coalesce(try(v.type, null), "null")) + ) + ]) + error_message = "Invalid repository type, supported types: 'github' 'gitlab' or 'sourcerepo'." + } +} + +variable "custom_roles" { + # tfdoc:variable:source 0-bootstrap + description = "Custom roles defined at the org level, in key => id format." + type = object({ + service_project_network_admin = string + }) + default = null +} + +variable "data_dir" { + description = "Relative path for the folder storing configuration data." + type = string + default = "data" +} + +variable "fast_features" { + # tfdoc:variable:source 0-0-bootstrap + description = "Selective control for top-level FAST features." + type = object({ + data_platform = optional(bool, false) + gke = optional(bool, false) + project_factory = optional(bool, false) + sandbox = optional(bool, false) + teams = optional(bool, false) + }) + default = {} + nullable = false +} + +variable "groups" { + # tfdoc:variable:source 0-bootstrap + # https://cloud.google.com/docs/enterprise/setup-checklist + description = "Group names to grant organization-level permissions." + type = object({ + gcp-devops = optional(string) + gcp-network-admins = optional(string) + gcp-security-admins = optional(string) + }) + default = {} + nullable = false +} + +variable "locations" { + # tfdoc:variable:source 0-bootstrap + description = "Optional locations for GCS, BigQuery, and logging buckets created here." + type = object({ + bq = string + gcs = string + logging = string + pubsub = list(string) + }) + default = { + bq = "EU" + gcs = "EU" + logging = "global" + pubsub = [] + } + nullable = false +} + +variable "organization" { + # tfdoc:variable:source 0-bootstrap + description = "Organization details." + type = object({ + domain = string + id = number + customer_id = string + }) +} + +variable "organization_policy_data_path" { + description = "Path for the data folder used by the organization policies factory." + type = string + default = null +} + +variable "outputs_location" { + description = "Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable." + type = string + default = null +} + +variable "prefix" { + # tfdoc:variable:source 0-bootstrap + description = "Prefix used for resources that need unique names. Use 9 characters or less." + type = string + + validation { + condition = try(length(var.prefix), 0) < 10 + error_message = "Use a maximum of 9 characters for prefix." + } +} + +variable "root_node" { + description = "Root folder node for the tenant, in folders/nnnnnn format." + type = string +} + +variable "short_name" { + description = "Short name used to identify the tenant." + type = string +} + +variable "tags" { + description = "Resource management tags." + type = object({ + keys = object({ + context = string + environment = string + tenant = string + }) + names = object({ + context = string + environment = string + tenant = string + }) + values = map(string) + }) + nullable = false +} + +variable "team_folders" { + description = "Team folders to be created. Format is described in a code comment." + type = map(object({ + descriptive_name = string + group_iam = map(list(string)) + impersonation_groups = list(string) + })) + default = null +} + +variable "test_skip_data_sources" { + description = "Used when testing to bypass data sources." + type = bool + default = false +} diff --git a/fast/stages-multitenant/MULTITENANT-TODO.md b/fast/stages-multitenant/MULTITENANT-TODO.md new file mode 100644 index 00000000..a14d64ab --- /dev/null +++ b/fast/stages-multitenant/MULTITENANT-TODO.md @@ -0,0 +1,8 @@ +# Things to add before sending the PR + +- [x] multitenant resman stage +- [ ] identity providers for tenant bootstrap stages +- [ ] edit FAST top-level and stages READMEs for multitenant +- [ ] multitenant stages READMEs +- [ ] add test to ensure templates folder is the same in every stage +- [ ] add test to ensure identity providers code is the same in bootstrap and mt bootstrap diff --git a/fast/stages-multitenant/README.md b/fast/stages-multitenant/README.md new file mode 100644 index 00000000..27ce17dd --- /dev/null +++ b/fast/stages-multitenant/README.md @@ -0,0 +1,27 @@ +# FAST multitenant stages + +The stages in this folder set up separate resource hierarchies inside the same organization that are fully FAST-compliant, and allow each tenant to run and manage their own networking, security, or application-level stages. They are designed to be used where a high degree of autonomy is needed for each tenant, for example individual subsidiaries of a large corporation all sharing the same GCP organization. + +The multitenant stages have the following characteristics: + +- they support one tenant at a time, so one copy of both stages is needed for each tenant +- they have the organization-level bootstrap and resource management stages as prerequisite +- they are logically equivalent to the respective organization-level stages but behave slightly differently, as they actively minimize access and changes to organization or shared resources + +Once both tenant-level stages are run, a hierarchy and a set of resources is available for the new tenant, including a separate automation project, service accounts for subsequent stages, etc. + +The tenant-level stages require that organization-level stage 0 (bootstrap) and 1 (resource management) have been applied. Their position and role in the FAST stage flow is shown in the following diagram: + +

+ Stages diagram +

+ +## Tenant bootstrap (0) + +This stage creates the top-level root folder and tag for the tenant, and the tenant-level automation project and automation service accounts. It also sets up billing and organization-level roles for the tenant administrators group and the automation service accounts. As in the organizational-level stages, it can optionally set up CI/CD for itself and the tenant resource management stage. + +This stage is run with the organization-level resource management service account as it leverages its permissions, and is the bridge between the organization-level stages and the tenant stages which are effectively decoupled from the rest of the organization. + +## Tenant resource management (1) + +This stage populates the resource hierarchy rooted in the top-level tenant folder, assigns roles to the tenant automation service accounts, and optionally sets up CI/CD for the following stages. It is functionally equivalent to the organization-level resource management stage, but runs with a tenant-specific service account and has no control over resources outside of the tenant context. diff --git a/fast/stages-multitenant/diagram.png b/fast/stages-multitenant/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..940fa3c36ecb78e6b02ad976a95283b46519c57f GIT binary patch literal 200274 zcmdqI^;?u()HXaO2Eq-Zlz=y-grtD9iqg{ENHcT|Jy?Vif^>>>4mCrUNSD+Q1B^;D z3`h$@ynFC|p8w!GzTe<4jfD92fs%!5qg7N*m!Yl1mNdD&r5>)W&8`b~b#k~H%@`iZ~Sp4s0#=I>I z&yPpzD8%H|=zaKbjUm$3A3t#rdBng_M;H)KC0lr1RfQ@jDpINy-HuC1!FfD_1b<9C z4}pY!AD+ssyTMz~jVU(c%Wr@F&Uf>j=_3Yo4W_~~1?Avp{QTWJ-`|G&_ZAW#lsNjj z?8?Ms=b@$f3!Hyv_%4bfQAoRkVGPoLQX{YJ90bxrV{7L)k{mMLv$3Co@Oh6I89_?J z_zE|X7E9s=+rJGIG?bKz&__S~$mAaSs!DDbH}o?V+AlQLA+}6F3w&>hixJcwUxL|L zwulO8L=R6bsy*!XoWN$XJ6ArnM4n&9!rx8+77T_WybYSb+r7NAKP<7cfzj zX!kuBKjl^!^#}gg@|Kd+OMxzx!?T<`PUzg)?U^7^9$+d~z zgjq)S=F3^>4Xz^wzc^HE#c`+?v(^iXi}p{PA|=|}QEY$0z3b~P%OxF(i}j5Mi;IYh zV|{cVl$6-pIezM07=E3(9kFXn4&Uevg@mL3f(IJ&%~JS{ul5w_+p2Nug; zuVNuS#d-J*_DFX6i4mA(X@aSb5I4tyTdfCJhvjwgjVrhfGMI^K37pxfPX~;=@n{t~ zRlc28HlDz1Sh%3%T-_+=y_&Q%I)%;!cjH@DO4`*w*&O{BganE0>?~L*?Y4+CoBNdp zHku1=lu<}1n1qPg7)t>(|ff!9G_%o(r;wa zcX=<}K4=6HZr9%ib(E87(mRcb2h${JK8VP__-Rul!2bBAy(4r)b5O#j{y2F9u3J6r zuQ`F+!)pII=%{-_bj5k^YF^q{*5yGC9IvPRPZxch-tjEwui`A|yxPc$qqv@Y^aPoTk&Nd8pL)}Rw(y8`< z{Q(c>ox1X!9?VguaMM;H8R6J>=N_&@LdQbuOWq%`IByAqk11L4XknsTY=Lh9tP#WV zPJI5=%WsHxixJqZoa!Rm<;5x_@&(bwDM;|YgPnS*qm|v&q;U^09w%=hC{}P4ZlagWLZMwh`5K3dRKdUD?-g#h(8a-+Xe^(4l;o7*yAzUpqFfRXAU(SyXTj|>5$$Nx& zYn==L$;^%4nyfvULMZ-1tN~_^I9U)`vL%P;W9#$wy=X_@t)wL?utcMkgK{&5dY?43 zxi-cmVQCo*Rx{`+XNL6#O8&&(bjpekOnvLuiyFqmYeA&)qMg4Fz-Gs?q9l0$7z$lc zrd!J*dGkc_cfa#;di{E=hg8zuRuQ5AJZp$@x~}9vdtqCmeSD?WIbh_7Uay)+98R?> zvKWi=iF$uyWUz)7x+R>###JonOA5fsTEiZY#_o^m^(cAeX()TC7l>?nQ=hShAv!Li zxriZ|%;Z1l?^qk$<6j&o4}t)fxT74DB8{J-grrj6UN$P}BCPn6XzgMXfRDHr^2d1y+bjJkS2>KR(fK z&})7&{NsM3ko2E)yh9Q&0N~vp{TegDaJp?85OQB*xPvKG%SDw6#xy9~0Ml4KA$rAL z$4Jeq@P(!xzug|^Kr2H`psRXjlY~dx#QbjLn&mG(`~IcH`3d%%>{j=aq3^JAqRrgk zNl8hl?ks?pLFzg|YKYkj zZd`Y({YB;>7^4@>Hg!%}`HXuhtG3f%Y<3g+Y5;;md{}PR@@>3(57V@p{suIF?JOgm z0`114vkT_sty>*D3NKlMffflq*0Xru;M4F=NB`aoY=)xRX!d~!HhVg?mGTvQ;?Q@L zU|M&On~0%D5X2+DO*hXR(B)jIUAY7hR4-JUjt`BKjp1~=ktfe4Tp7pnY((vJzqjqq z_<~zfM!Deyu37E}bCUJQl5l->B4Ci{N?V?cI(l;yABhEpMQH>Adt5DxRJ-H!EfbLF zuP;x5uo*RncP4g3i+`mrH7iq!=@ZKNRl5LyM+o(GpF#^P-}~AY*M^kNApvV?whG3v zzg(7+No)8s>ptGvr(G=mUmDWY1zl4?8^`B#2mv0@OQLTv6vO^?3dYcjER}Uzdv-X{ z5ul{2o6zsq=FCJ4ZXyX8vSoH-97>;DGIP7j59Y{6);IY`SVV=IIr>>doVtl~Hiq^; zv1Jh4bK&-_+sR?I02_hiz)xvWe@!NJW4;=@whdl|$XamQ$V4QlEq~oNpZ-LX(-c9u zP+MDT%@hDURbvS9mrx<$7g%Zql81sU3ck%nS0A*gBSNY+B=EOwf2QMZG0dc^ML-kis>VBF_puP}_<04P2LSOF%!4#d^Jwlc zgj24@D2dvCS{h*OUkD#Np5y(xPHn_9ZsxNwZ8WowM40|Ahp>`B0lPz3TYTF@ro)rW z_-sq7Ep>4cCNZ{ESF`oP>06(n;Zp}H9>*|?4(*0_ah-3VG$SM*$_ zbYe}|ji_4L*oWSgHhokTH=P&90SZJ(wa|ob;1_g7+8dK*fi@9b=jE*r=!MA|OXE-<~M!b8A|Mo#Yh7o9inykkW_{M$~ zdJbQp?CuK+Y63Y1JfH?&ZfJn%Yinqp=&~0j31s=~mM$Vz%Or9(_~9^q%fM8bB`iD+arvd!Ookp}$$$iq+2c zP1?Jx-VvG(t?94>G@+bG-rneZD6S-Uhh~hch;Zb0-Pbq|*{H$O3 z?;vQ;xRR)UKpHa&+D}NBDQ$oL9LOK-Pt}vk22?-*0X%I(HG`~YyJKS=aY7#8GpTXw z)-8}X;ebL+0K-u?&osbv>@Duf0mLpm!6JIGLzw_EvH^4_Tk!#Txo9g_Z$ZybI1bbf zz{6L8ZTSXaodYn?XC(bL5w{*-Omsh0>+c8Pae!ttz@NOQhZ%DnsVON%OvgX`h$$H{ zQ(WH@PQfOWx0Lg5Rf0@N`mlAs<3|de1hyL1bknmbOfIM5TDONr7z~A)!eE2WO3Ri|Qj^8jIPfF*1(<}yrEvO%xlvI!hg)?fO ztOFIa+J2ZYIyROg2j3%K#EGMt`PW=GiW+nQ(G%4cHO_Pxc$gia8WocIuQ4((tWU^# zEpC8cbR2M0Ja3~h@iC$<1-gNlUI3-j{|)OMFbL@&3F80`Kv4rcSqQT*{Ap0)9!P_z zaap~GGXYBs#B^4!F&$Wds4CO_7ez0+zJ4lW-^`paVC*_ z?lhD8Abwv^P!PFlxQ}5J7ZK5oI!U7ku#z}#siYR5$0{_f4BPFr_Wg`~p zyuj8xj9_LU!{jNpG|e`2YU*C&g?Xl_4$LpkF9YgF5I-{NeAtlu^*14YAmKvP+D4rb zkEAi-EzrHmKxDAP<>V&%PKb>L#O+TF=z+Aa@U+u(x!WdP&_@^AGl%W`;!df*dcRxNOFV8gRXvUb)XnLwqLZx7nKcs6kFRb`ZhO2 z3<}U*=D66rTWwWM{`YD2=u2=5N2pcbs{NKPNW!#01STXri0fT=UmpNe4HL>q6ADcM zavr3JL~|&xrT=={R1Mrq$fxnz<$BNx-soOk zK4|n=b+2k=W%@Ff6SQL8l1z>$49p(Z`T2V8OkCZ@N;U?VpI#2yls#*m|J~Dn52EhG zu`cvAYYm%CMzx(}sRWLEr;7sPS4 z{RDAHBl9Y-La4?(JRPo0#`lai)Vi}Ow3a#rROIz{|0XsPu13fs@erF}Q|L*PR!!*h zN(wldd4N|5zHD~wU!qik81^#-Fe~(Q$&bfRt9t&$J|3hqs zbpY$CMIgTu&uSc?9nF)L@<74BC=pRbD>#Z7&pUOPU9b#=oan{G3R?tkZS#ybC@tAq8%))7 zUjMH%zURApdj&=HhH_D9-=i%$h4@@_Vmwx+9gG94qOJSnU)V~6WgkyRdsXgaaJk33 zEe(#Ou5stsWOI2Q?zoDd?GV4YJdm#Ktcp0Fr_u|bPgF@0d!V5B;>FmPBQDBPm+u%% zo;0#*<=IkqCO!{(lH)G4F)W%a1dSI+e17T2`RK%_!)eQ;`PCcYzJ7$!@$tObCaFA` z^AIz|6(*VnbB0HL!fT!|G+R%9Qr^4TZMlX)Gu>)3hV}3No>Bk<@vJq{3Tnhfr+9u!OYZLN7J%LkeF+a;yjoVu z_~zFp-B(xe+Hm+EtmRad9Wg?#Q_pwBi9(+dBw*{QQj#w6AxCnf82Xbnr^B5UMc^7$ z7fCA2k8-k=H4pn*_W~FDk`yzNavfmtBj)G$!K5@&B|HsISmefB=MzQg=s}#5x>w8) zo8De(=fxz1uBS5|h)1q|JPoZ?xdniPreY@HzRih5e@aRTt)TTI1~T><_oacAveQtp zNJh;c^LBY{tyi*h`oDjjJ|G%HpO%)o3i0YyrS+-Q#F&sQ1v9Ntsj_jrxM{*bT2_)E zM|)`4yKht-+VImLuj;iiu)h7{JV|&BgDKLS++0r2Lyw$Xfx7d+WQs~DnL9~#$)bWU zRs?M#d*2j*o(nemzLSF6(Q%lp&0soxpbSvuvQJl;Xudx_)!!v2%@=gh=wSIgx-x=v zF^_zIZR<`X#m%_WE_J*k)>)@kK|w(sC9YIZFw$=$I+DvzANVCvinug3Wc@FbGm`{I zIu?78&1$FOMRZL~rvZr&79wy%%-_DCnH1^!flPaYTc(f zn-=XuSlXVs|8@xh_K0KcPvn=m?zY4MJ87UuczxkV>d8qU!yXfH2A4w8`>l-y4AY^f z;gq<?TjqZs08r4fpve>!2YA-@?kAi4=bO)>)xHJt-v9!ny3_|9FB_)1WvY6^z11H-$rOgIuDi#=+ZSRX7ud_y?q>&NFpka!5ZG=Eq#rt`Lmy(|R$MF- zS3y603=;F>>u4_p4eLejTc+FkIfJPyE?Q^(w3Llkn>MME%f|pL``#~dRNF?;YBw7t zH54`w#JWE+h?FG|GLUt=M z`=nvs06cuwwAVoD%J{(k>3xO6zJ=@BRiQ$8xrIcc{QaF?E>NH2^>Ut3af#G2Po@ zcWwk(b|t|I0FXwrGKhLj|Fq@Pj!yiV_{eRi23X)BR44d$*(3I|mOl05xL2?#oJ3}= z;_>c}=vY5QhxVmO5B`*guxhR!DX}SZs$TS1_4p1NxkYS*uL5^{ad4!{?#P+Qdyp1O z0r;#@PTt^XON+ksix(8&`Oy(f5pX1fk4i7EB`QwqC)l1e)W#$VU9$Q3q~#J0#LGYn z$BPuO+(-aRFgds7hn zjfzK4bZQ_A&A6C2^qESUDsmXMkylSBq^<|0B~&IU9YnBrHz^fZCF$v^omnum>o-`0N6u zraUV4pY0u&S7I0L^*Nt5u=$jQl3 z2|51(pjXlxRkrm_UN4Ek)@OTYLuU?NUe$wx1CX60`Q;@FYf;H zz0MP-rKa|IZOtJrE{;Q7-0;$+O9s_WY3I+~4!s!E?XbH#W>8@n7SFB!X5 zNFH3$)YguxsI1i1(D+hOA&`@uou8fkj9%EmMNGohWk+KFk0uEms{9aqqNbn_rlFys zrK4jl^`W4!FlKPcU98~)B_5Lc^yRgnlH_DM@Oq-OX7o5t8$4@oZ~sN?u~detkdP23 z2M74n^Zru^4a3}%&#rAEw`d*x9UV*P=;_BMCc650f?RFzrsJcdj~G-mXz@+~0Rf{w zco5@7Jw1xr+S;O243J08h5JKAg@s!B`n0>@Z2w%zZ)!?k;%#{j78Nq_`@kQ}uDgt! z36OG_7nZ$o18 zb932?XCCnKj_=_yW8jTl+&C8(&i~-^y$t{1uz$`$$gW;IZ|(?pbuC9ZV@m;Kf;YgL zhXkN9Gh4&>&V`q2jw`9|!{Tpe zkX}6ROZa`fu1kK7iZ2cn z2K=oB=p7u?_3^2lcB=O2kIpVGF0OIR_hbU22A<90x_nc8*U-rAzHKLyJs>^yr1?S(-$Z{Cit#?2)pBt&`td$_u4ukc3j ziv**po}mNjZ9U-SK7Ab>9US@{*IL@ywnRIhZDi38hWblo94On?NF5T*AjM1T$TWlZ zDypp1+}+(REGf|j4(M~^x3`47gM*frm)C^Pg_Oyo> zhX!E-jr`(b?kZpoicXuVel%3Y&aMD2WeW=NA;%J;Nrs_Wk+mw9 z9PF#K<4>KYs=ALHEaAe@dm<*MXj}Lk5?(%~0){!&6yT>vpfAFI81Lle;<{cRLUXmg z$#Wh?wJ~)ba?_YNV5z$7d>dAlMp+LpuV79tE{i~6X=!OE@j5V)nt&Z7bes$$7X@RA z$;goYC3WbsTzP?-iBhxW`M}&JDW-K3?B*}YB`3azfn!R2q`kJ5!;2R$_?^8<7?SnU z%GGSkWQ3-rUNT5WZ*c3}>su#O1V%ylW+?-{+c{Rsxs9aA(>oqb%y^^6#%|Q7d7gUV z9UJJKa8j~vbC}s#Mz0q?*r{9O9jB@|GEqbFDiII)i3WT-WeS!eWuCSa?@>QvPN;?w zz&gkV91WF8U5tB4PI@6IjAuy7qxfW5Z*K@6qZzg{R5ED3cDNkvxaTt7dR^PtSaPkA zB&a(?C^zVX9)KP_JBqA$zj-QR@*^d9d3ha7fd?!`sn@ambLBqOwWJLFTDKfw z$Ej>QrW!g{sI89tRkHA#6#ye=G1^~8CtguWN!!H4iBWo%%F&|a9}6aZeSHI@eH;-A z>gwvs+{?rRxuX~Kew8;l&yYbn41qTu_<WMN@p+4$Dh7V+bJi*Mr6xbt0Lqz27_0i#0fTLyfoM@L6x z8)OjKo;p-M^4PfEt7K9bc=z)-;rHAnu?Yzx4uq711RGRCcS#s>!|JssVb+flqc zJUSqZYaQ?Y6N<4$kB+{Lo8o%#KxlAi>IB08f9Nk|Ix)rUwa{_StfH*6AR#U;2RO)- zR92|bh}aNtCH4KG04dYa!wDZBpGBdsj{+N(_-@>|VZEYl;WsB{)kvl|H0V#cuzgVF zG$RH;z92iBwRoe+Z9y?!4Z?FfGPfNPUeu+|?X}UFJS#bk(kap@sd$h8NP?=Tr>BA; zf>w06s;1^q;hoT#`**mY-HiZL@}uL@($dTYlY4r5=h8#UBX+&pBGOHPHNIkRg6a<_ z;kLeF6$r#CFZ@&@%fL;JOq(^E1#lR(kj#vc#+5TGeJM3tyED~`@5g4S+Qr%is!A9Cg0uWEW?w3mR#t&{4XVN!E*bJc*!@PW)2y`nDrtI>`Y zAglm@MzB9V=+<*H|+Icc27OjwTIKNl7%G~&$~=K@jomw0}O=Vi2J6&EKb zWs~b2g_k|wL8JgYBNY-BPEPxz7nTWpqwKh|&L?V(ikA7Nd^w}M?5q*F?se&k3lFDd zdb$RqP-rPgxR#~3fuUiF3w`YJ3q;&dlZdcz@YBp?uZhFELx;Y_PtHYS4Cl&BnkyF zdkKLkvQ|ciq+|uC*(Suk?AL*OGPc~x1ElzKD?4i?OGHTM-R_V~=5J`ku70-As0 zeBImas_+4Rs0hT%A;8M3jl0a37<7)veG z^U%u1CI#=Oub%|OQI%zPOxYk^=Lha%b$xxidgrXFI0on%U{Am=C`Wqd2gg;;*e3Nf z7D#w3GF$ELKWbK13yIauKmmYJt0^kJpWKTFvj9C5`lk;eBG<+{SLHx#y^AxbsOV^N z#!6vOB5Z8WfgmfJVOM|k__0zv_f-t4rY2FN2*TdjCFT3#MZ`fvc446+&=gHSEH0iu zS7OpQ)v%{WSO(3SXCU|bOUA?W2BoH*V0{`s(fEKTPhR1Lz8diSE~%cS+dNoUT7u%I zkOlxLKoqt8LKGHW;}W@Uw#CeU$!MOAj_zxW=J1d9hRn<-Kx%T{zc25NXA=jO1Ih?h z@FEBDuldXDj0wwqP^J75C zC_?D&U4e?3J1@QlJ|q{_Um|~8p{1o|dwjU7jxfYvhf0gg*YW^LEWWA!d6*X*Hq{v! z7Ym%-@*{PS!rb)GFW+++yyD&Vg;jT64lI2&NmG&~? zh$LuJLtnq({rhWU2{=P!$@++^(QsFTuTQeIqGXixRL1*M13ID;2}io1fdFvL7$DQE_SNU`Auw7xYa z2_Q0%&tQqV@m?v%P$*pLcE%ue>Qh3~d5CaJyns zA8A`Ixz)wr4VuRRkTdv4up-@$8LF%gz1L}QfmJ7BzN@ac-2NtT=*bQWeHl16j#Mt) zulQ0T3yv$wT3r=F1I6R<>Nr(>YDuzpltrdY8*~)co+Bu%jI+KOBs3Kl_j#R0<7W)ntlVf(NQ*pBWbfX8_%OHU8Ul3(C0R&<^86INEIm`LWASeCuM&Q%#=!Zd zCDX2Pigu?L1;2j1MB85CW2>sJmXjn2^GAP_XOfhbhEE9TSRgmiLX?t>QFzoQ`c;H~ z0Jwr>|?WwL*q7~L4gHT6C0p5NYISLe$xn}J+FrPSQGYF^2$w_`} z^-cYobwEbgFUF7KA__O88MEF&?%vK~0MJDS#cpkHXQ7uvMFfT19NFtp!%hzyJUbj% zadqqw5fSS69AkPqsNbBgSsp+DA~qP}E;{ynNg9ycYv8lJp%OhaxGU*X~1)^o~_RctyS;Y_$tPlZe%dO#ppK8YiVlUggvvGmscdJYv9|! zgOgaCe)V(PJ3B|wQP7J1>J+2v`ojTKEcgmU32f9a`i0JXI2-YWk`kf8a)37Ln{#0j zBE(NhOUcH7d?_p{%KBvyD;Z>20X<#C;rjOwU%oJ}hkor6<^eL7m{$US7LkTF2761S zm#LqE!MkEw0jcLhKVtA?ps(k~^puUVv7l2BCr^RBGeJU`Pm9b-Ln<1QnXxj#S^-P2N6rx1QBQGu_Flt+}5MA%E0IQm;M&Dze*A)BKeP3Mad z@87>K+Zz`%z^>C-+}oOQ@QCWPKz%?9i-8fZ ziBPa>yAIH-kidAv8q^ZIn?Zl0GrSo@x{1TS-@U|?aTO)npM2#E|82_ zy5e;;xeGO08o{K%6aa9&4MZbu+BSXen|P-lWk8@%vW+-|on7(Z9CbNBIid(#w*fQP z($%G|RQ`lCGRZzV@(1YnuJQJji+wAL08>f1?ooE@rB(uowRfytq%#>$9v1Ej#Jj7s zMeJ4Dm9L3lN%<`*I}&ZL-h|L70k!Ii(X%T%uHTb4a$-8!2=||Q%6gS6ay;(4lva` zbYg8~bpz9kC@s|i2-~+;4Lsk8fZOyQ1u(lW^*9DyYD`~kNd-}U4ye(f*3D{qkY?~c zGc8+fC6HiFh5(k4r_nn@K>C4KZ2cH|dwPaJe(*(cPoFkm=jXZ%AaA)*IRp?$poeMq z!QNhg@NJIj{5qOW%vx&06vt^lrYXSv#H4h7=7{c8?bf& zNqgru-;TjSy81yMH)D$h>BPhm(EfeMD|0twZEbDUWMpJUML}-zEubbj^x5D!2s7<5 zt_xLAQQy)1|o%6r>oal_uGk$N&Pgf5|ML8M4J1U|~zz$92aik~H%W1Cg;7!sV z-($h1YQXAfwu?N>pbX|w&(gNt_F_L+v>Zng3jp}mA=w~Nv3FI2w0r~mUHOminu)Ip zfJ9PU9CHL~AjyIRMNc;PfKvC5js)DUFW8QIdE!?yvu-ivW6SY@4fW!iXvWC2# zHggR^lWL_6HVVOjfn(nW~oGoSzz6%~Pur3Bwi##X+q*5dwWz9xtz@;*H3%Ri_R*mN%)YLfl_@9T%K#g#lLd>SsddPz;0J2uS zY=8e&N-2y2l4t~65^3HRY%UGni2`gu&^bpQNM{$H=*L9G z7V}ezV{ncF;)b<*p=b0+X~}*z$30e*tL^9V|2zp{C!y4A`?J&XFLHh6o&xZR5$)%f zl3^=%LbA>dj+S=z$@A;;gtL*42Bp;6Bj=UhOozl?|4{Q56~TL6q8z6syzU` z8`Z>qZ?227-d~)eWjXRP5wCG(=!zB#ttxUJjrio*0noRV5(=HghCcTLUKTGHi{}vko z4pZ%Ccf(ZD#Y)~?ciWk4|By;{mDu>5%D)G1iKi+ljcRtKMkFlfKRVbDR0=od1JlI) zWMdxQ!#o&7>WULj1QWw^MHyP2jZQVG-cwCOr#grz5DPjWno}!g2}!YvN%4jH+okLr zmz1B3*jU@4kDw1FA85vSd=dOC6C!>mlK2x9S=L-;57>SesCI~{x_^2tB#USrh)uwe z!iVhEY%S{nPcXBe;Iu0>mVckKKT$|EX6L_xm^KRHgo3|my#?oyV&DK9m~k0c`s@cs z5J+bg5?%<7pA|F?Q=fu%`PBRR>Yj3p*eJ&ARiTRDW-UKMiHA~8U-o>dMhvDth!b=! zZ5twXALM>WARwJjpC}B6_uYAs5xoKiz#ikVZvzUJ3Df&4PtL~q>1r6qhmpK`kKATZ zYcl!NK9_hZn^*_RR!HDr_DKmwiw=Ac_S6--%DCk9cvg37HVEV~v%IqY&fcy{EZGl^jFh!FWS|3=>g&$FRAy(*<@WUpq12=m{NJa?gdSaZX~4NJ z2U*L>?T>l*M`GcuYzFktew|YDc7V+QI6O@{t2Z%wFKGQ(IYk8=z%<&$BbVyxIF>*~ z1Ema@H{3R$0MwM+`EL}S>(f8hLWpj3vE^Buz=N@)G-8F%UG@L}k%-7FXIF0S8^V5J zb)KR7;(+Gfbn4q`%;uuC!tjIY_$Xal@CePl|3(|cB7C|>ZI7u`s)jEhkUL!PxbMQw z%|oC2=}kYff*PWL71aApQVQ^nMfh3K69jTougw`=AVadZdPwgyvMVyX2!0X=yyVi~ z+8s#CMK4=;%GBPP#?QEMQHGwkF2@no1$lXxBL?u;r|bWLIiHA0$7K)9F+`?r+cx96|A+wGNhD1? zTS9OqT#S=2o;&zra(ax|ZLN2H%l4pjbNX|0aj{MZcLH8YEDC0e**JO5)IgA(z)iZl zSM8jhK#k#TCFTg}{cqqLJA~{Hs{;5scxunzwh4YJBdv*9kE+7&Hw&CPF5yM!s)`N* z6g0*}0v+fxHj~~Z@M^T19=(|G6Q7+fuAZGJ24gcvn8N2A>lV;%#$N4T@{eiD6R?6c zh<!jp`x_hYNpxs2rQZXc86*5Qdut{oi32@RBsxL zac8V&jI&|Y05iAiL4x#|yRHt;`dU;f6lHZs9KC-7#NnT_0yhBoq&P9vLFr8yhUsSA z71|`uhAlcIev(aLY9T-s-n__iygYQu5O*Y614pF8e}z~xbNQ|N_a}*)I{JAPYDwKF^$1Qbr-c(YN& z)8*8}So7%lHZpzvvrlR8S1!a**qq#`&rzt9_x=t1Ruf{&ujw{Yl_eLZ?^5 zN&M#?6$uFnLPvWEQ)eFgwU>J3+a}rWo(FM+>3+XR z>P|B=p0njKpUQ$c)~&ri&oGTG1ud^EN&B=YUj`mww)3AwK7M9!cG6LWsV(gLzc8&U z`RWfwPgezu2wZ9vOhk2pPG0tPUY>Y9Sjyo5>`{5e(&95m0&pJEfpoelbYir7APQYl zchYgncv}^Ck<`+`7pc7_gz<}^u!1g29n3m;R*ZaFr+DA|2$F578sT?BA$YDD#L+FU zCg8tgi`bK=z`iRYyEq{mr${_^_Bi|$3Ic29B(51v?bM(RreTi}^nZCzfMYj78_VcL z-9aHAGFL&s9JU9ld8fe^XB7L&*VNqCe=E<1keyDHV8^yt{ zQQab)kbs2xhK-eRPh9_`M(AGmx^Qi!HFSO2!KyE{KnWE5c*q0uynY#R#z8^E3ddKU z@*eWJpjXt`S?jZ7SwXm8tE9qq&hCGm#T;Qw3xRFcYPUU4VS#kzLgY@+Qw-}vh?9IJb?_9F}AFLqve*1t>I_Js0jr{JG>mvW2i{I z?0&2rgtQ%Bu(?I*HR&V*)sYqWn&L4mD3BHNFc_-n^qoY8ZL>JsQth49o=P_Fj83Lw zGl3fTXghZ`b+1r*>z1EvMSI=i2ou&%Ge*nTuy)D|o(%v~Htq<@klgA4@KDwfM$kQ( z^18v%rd!lhA{XeL0q`jwth0J$F7UFKeY>e^Mz$I~|KPwcr`ioJf7jFOk^ekdyY~Kh z-ASf;I!of06{nW@**XY&`wlpbX;HuPa`jIFB-=Je4$1$r?5C6GCGF zs<$|~aFn$IHg+g3O%4tYm5{d_{~@~3H&AcqQ8Tw3imE*+j#6^2s=$Zjo6#n2Nm!+hZ=d^f$=>L{EtFy_}l zya0E@7d2vN|2RSA@4qiqc0i31#6t89N5|KCH%a1&FjX1VhTUY-dx^Z0O8gnA4OeLePYd6_ciJm6^Sl4ga4@oNF%d{ z^_rxi`chw{iN3H~84(J&EXV;0R+fuLv3@!>zJmqL@W-8zu+@o86{3*6c3o=D!#nZi zUnFdK&W(}Ot6-ZLW7u~GRd~AxIH`LHA4oPVy2U=Mo`g^uX4yXMCTCgk0ATLPxS_T; zeW&tHhWc$jKc~owr2*ZgO%`j>W@DM|BB)|;hWW$v@a)lDk?F#yhK(YC5ZKZ2!qpR| zC_=g1R)Ase>Axr-n0DTsdZm#uu77_e6BzJwdrxra^5x4rD<^GYe(S}v$NQ(FuTyT&$#s+;v`4V$c7BQa#H*u&YsnZutoz_G@c7k^&FJ^Vm!OQ z1K1$kwy|WWEFJ5z1Wh{^^3xb~S1#c}nQ5g`3^9Khr5%amXEAOyOCW>Y8T%QT1!nd1 zl25`t{^5f5L10_7V^Rtt)cHLbi zgnFD3F*m0InZ#d-bVMvD1+{TVuu5>&h04WNu-jMP?>4I`IZ2^&lINS#eW?TNPKmLeTD{@#sJ0##Hw zIQa3NloCe^ZFb}wHSDY6_*`^b(xXVD~`SS|LeVzGa8L6^Lge~k7~4yd*hzccjvHAo5{ z`6_2HKFT)ESQ~0SmaClFXHcVtW~p%g)uKO`J@?i`k3(PytaejX%UjATD}oA&Y^}(6 zR;A+k;nrin-J_e*qb$-5yqpx3F1GB$|E36~evK5=irlc+ARKmy>wV#MLk(H!a?^1x zjRQ zhox?iY&21z7;o|Pb!+B%EcVg%r%OKi@EcSv#)`w!MKw8T)`pu;mqJ!aQ{4pmKB$1I za8OIvr)AZb`;ju}i97G$M^^lyWt6Y4FGD0d3RikiT-sEq_Tl<=+-Xv8T)LDd$dc`` z)uyL=a)`YE-|s8`MBn`%Z?->NZtlY(c(0nywa1Annf^KQWX*~Be8hVqJL$ee47g^~ z?bGEqnaB)MriT4oqM8GW#(rShrzf4>hGab)~QBq zxIaps;7R*ba!GXCv)$@CG35pLF>VJ+e)}0$2T=!7V{)fR%+LGLSAu1U5z+EIzvNgm z4g72(X6N0YX9$>x<-jh@f&003);Bb8&?U~cE)pSCbSQOKc^J-uz zcJx?c)g2&(Wy+7*lMc+zUP=m4WC8u%yN$rQ6!qIUk1a;Lxf%z3fRlZ`?%b)SAXYCB zc$sC9XkR?+^b6qrg#5v58_U%q?V=Fl5c`MWF@b>e#up=a^M4oOIu;%U{~QnjTASE; z;K?VFjt9X7cPGYnPb*;?t&X!xY0J$u*eAbaKVC#Ivl+y)DXC;8=Ya+?r+ELWT&!7lDP!(P8UPoUvv-quIAaw@$5|&#rZok$e2&!Oa6rGkCH6z)S zavc=2z0Wfz}c+LHk=j*lv9M^UEi2`FM@}WACXr-3OUW zwa<=9f|s4h+t$0Hk}&)42p?7Q4kVE8uR(9vzi^YctgN>UvvnV#n-9G_{G0Hm>zp3> zAf-kDRm2TXTZeoZ(^JPs9jPw0jmsy$VatcZ)IG+G{cjNK&(1FT@EQI{bHBjY?nu1h zyV86E=#8g8ugDZw-47orYKG2Fdnh7hm+NX%N?fm>EDxG~Bb@FC&o=*#3hi7kPP5<} z`;l_GNT`ABCuC|sZSX}J&`mk`3G={76xa_5_{SovdPzdnu#@L!Q=_Sm*?@u9+KIrg zA(tWkz>z`14$~=Vf^<#LK5uIK#Bv%1Ofl}VI1EmUJwor>czU1v$6l>)X`_qFNOkT` znmpF;7x`xIr&Ef@fwAd$_%U`-;>3TvS#tw{WcBVPR`6Q+D z=dLo3w|{cR(^AMYLG1d@!391o+|bbM`=*m86AW`7#TI)$P4>;8^NcL`jqu=xRBIFOwC;L^E!h_%o&+u! zMcl6*q{*M7CshxHeupqI6EA~=X-1~f-9R!3=pr;eH<)&x7j+@?Hz8WtkmOxyDJ#;+ zi;RGe@q)y?9-QN*d**oiLcqA|mh%Y}u)^v1>9K5WZ^4zHn^ET=eqNqm)r^t(0UaG_ ze~!?7$cAUk6nnGHH%&|-b1Ky9Gfg+>koIG^nPTQ48mXgYPRQrL6tb5JN!OXbyq~`l ze)rbkOQ_*>I!E08QuFCSU|>oAOX=&HRzKueL(eYZP!F*;t>)s876S{O!w-+db2vMF zujfD(d8+HyL@7uK%A}R-tSeveNEw}+sy-nxnxgD&r;z6fd zy32eglBzM|J(q`)!mXFV8qXfys}(rCNO7%XV`-vse`#E&QPQ&W?TGfGeLl@)&HtS6 z+xM>f!0jvrI1ExmFTJ)c=YhMNL!53k|5&3xy#ZWA%_HSi6Rze6ae5IlAv$>FnL%n~ z$;j);0)44yThcdeS=(NUGjues2bsQgjyv(C8obuyCWCyGA8#wpLjOlsPN<~4uhQtzj z7x*6j0vkbvySDcEyzbAR;RZ+GM;X6~j(^g8~CnF)VF2YU;dXs&I zkt$vqfoOz&Go>&nxxBwI^(qRn%bcb%*U^7&y1D3+g<@E!?d{6$kL0=2q`90oOp#${ z(?-{}{#5^S;R)oxiG$fdEY9FV-svBknxocBq&voM#^>I)NnJ6t;0kBwTA$hWt4Uxv z(uq?n2r3zPuTV|$0ziy?BH^HS#f>FNIde!ygeCP_2un?17P+4nUazeO^eI_3rq9p! z=zP?8l-YgKMis;L7~5-aIL?CPizhc#q?s)^1vD%AKTKT*JeBSHKSpMDBzt8XdkZ0s zk(Et$D6+{ady}1nWJlH^*?aGdlf6myCVTzw)BE=R{yr%m^ql9p?`wRo>-)X#Q`Ksf zS8gAQT+(zA*r6iA?q z8&kZO4>IP({C7$I;kq1(jiT5v-5XsoxLoRu5_9QB7jsq=ef(Ppl=iCYm${ygzBV*Ayjs&len#GY&})QGWJgFPt@hK%~4=wbwZG>?mBXqgHI0{goN8!lg~#9TFl$6Z#m+dRyKrGY9rq`Au&I>TyVm zrueHC%Cb^*cCU$iXJ&+CwCG?48%pe!O03lcxQOEAYw5C|{99Xhs zxkj~)Dww$s*ApOa%a8x!w0v-Mud3;?bFfc~h{%p)}4kKbV&FkFB#pIIE^LQty$Be`M0mKh18yW=MU!vh~cPyHB z!xhA@%jeW#zqt()@++{)`TSB&B57mIR%YDa`#C%~Oeci;-@LQg{<$x3NUKXK>iLoA zot3QEK15^AEl6y1ZS31xB_CCW0^4K@EcJ0b$eB}CMd1YJEr?khmf*@|%9=(vIwV7< z(3F=FF=J)$0}MdeU_t-_0H~r+p9SG!gn7KUR%#gxv1~}0doFmzYZpWm4AZ*zpM#JL zrL%Ye$m_du@*`JX_|f^jKA! zUr20ahQPhY@tg?JQxo&vnPQ=5t#*x6{tBWC5Q`%bYqlH#bb1h;+wkGRH2*k^2sl{IS zdYgDIb54X(uT3=(0ApwmewDa4SEJObSDQG0dKS4|;`5u$=WsKkl~s&xp6z$D%mu>L z)C5uL5llguVs|=667#)we(B)nR`OxB^VxZ%lLvCkh86=4qo*R|%uW|H2*7_=;ulT+ zsBe3E-gbegxEWBWi=)Rh_C12%yJ))JFi=x*746qHX~7*#2j{b}9IloU#9&vUG@DC$ zp{sDZi{6a@VO-yKqRgG8@p|a`wOA3DXmvWK9k|;t;J#a@W+d#v%KtMiPh(FQ^WSaE z7~;$sfBB5Jo$W_Nmz_JcgLVcY{S->N zcty)wD(>-p&%?Tw6qw$TyQ>aN8AB5QPGpzZ-0T9LCucBQpQ^iw0AD(N!36~cS^TrM zU@iN^yTHfR)@-{#bV7KST8;_na+!1`^o{TT8jcy%_w1Gsc-u&cW@TFmqH8jJuM3DQ zB~9l#h$VSO-cJu-(d?$y1+DtLv5*ttZ;<=tTy{)-&w1hWkmYUh;D~oACh}@v1wXHS ze9S0=e|hk0Jxeg=_5;U_oZ+?2ZRC&8t)p;C6>Q~(G$&NmJ~yuK%n834-#62Yp$8GY z-K0s}=A!jXE`;iIyMyMkr<73^ExD#K`jydY@J8*$B};UZIAiQbpZWa6gH?%xt|$Fi zO>#PrOqNwT5@P$jJz%`m5ctN1X6IFmWQ16;LZh#4IA<4=BW=yU(Tw}-u2v@E8%XD z_(YKWHdwR6!_b)ieQn*&AM;&S`8`YCjNH8mvlOTAR!q$39MB44P+v_;dyq!8BmKzZ z;`^Cbb37V2NyJH@aw2FaQ(7KjE_qpHW&IKY$$Vwa73{sb0kQd1u-m)5DIInQ>~+7n z9RCYgMvv_T;YFv{PCrlkPS7Sl@ikl}`aBK6U zPe0Chon!y;)+}~~+WJR!v*1%;)>O#VK>nRGta+o# zAh>-D;|q6rvp-liECbEaK&esIX_YS(!pZy*x9TIFJ)C1MFBVPhi_cBvsgCv9_;T47 zTI)N0?d@@p+_k$Uc4V2kgd+uH-o}9%;+~N(u=-GZ+8}*+`)0{CqeP<@UZ~+&oS%CPzpeF4 zR?(kdlUm)<=hpyV@olXUL^EuYz&e@cVzi5)39~lbF5~v@SjKrl0Zv%G;|{UkS;-;7 zGEE+!4B)yTHqK{lzB$Wj0^bPiv28D18tgxnU^6Ux=;{9REW3-B?^p9A|0)PcEl<08 zmYqf3Y)xh@X6t85k6-7K(iGNmkDHb>`Y>4P!d zHx5t^wjy)wNd4^AGWqmYgyl6ch+5?LoWD;CF0)0RpgFGX1-`OBnIM_(Jd}^gE~%oW zNxaJ(!Aslg^`4-&@ua=kDNlLDhxqweOA^!aKMWm3@`fH_v0 z1_rOlS16X=$u0Z~AR*1*L`sR(lgD5i=S98L)`Zx}l$XVFR<5UL-u$Km>Fhhs9L}8B zi3B8LlYm^2s6Y7M>QDVv1kBvg^B_CqyPQmNAw2`MBr{GuGFl}=u_T2^d31Elw0%d4 zBdz%~2$xd@H|D89F<4Lq0m%UY;&29v2vF28CijM_E8R~}q)+V0Q0t~k?8}VpqmO?~ zAE!VU7e-H{LV;pXoXn?dGyIA-c(Xw{yC`N{GZy*4;zp z=rgEJmu)NHA)G3j<6_^QsbkVPbFC2HwkZj0w@p+@wC zfqWQZsAR)yBPs|o#0Idc?SnfFB}sAgp?fDC=nT|iQ_pDKOf4K;=C-pC9@m2kw?Q0m zYFQ$)o&*R$F65wVXU*1N#AkW$yznOM#K+rdY#SJ*tV6mgJk1wgxXfB~_eJs3QyKAB zx8C21SRWB}Iek>WcZuy{ve9DxM4Zn&ij!{MyK3llm=OPe4rcqN>b)Kl^pzkCX2Txe zWBOy+-`f^-(Gi_EoE#^ZDjY^U@c8aW%H1GR01YA|MG0>QFS^t`tN7l;oIXe!l&K%1 z%*@Z|*L(Butpy)gZtDsh{U{2G3JT{M4q7SFR+gIES%Pl{ii>|_7gu5c3@|Wc&8U{J zrgA-@W%aHCft6#ch|I2SHsSSX>4M>Fd2<=+kZp5E)mlq*O~qiUiZKeU z^$H%!2zPO&_{SbzKDY6vi6U5lFT^SK&!gmMuw|+jW+3u1*@Dz5@OsbGQS!9{L~ZZ@ zj#h(`J}WTJk?F06I4@&TjpgQtdl#XtL;zW!qtc^G(*rDW@8k(V&K;Z@LaCR6 z6pOp>?nh6tR}4fStB}a4jDui?P_P}?w*pC7ShBC=rOP1kI4jhpk)zyR3*6wCiax6z z(s<`2UeN$B=3zMZI`C~Bt?trDX?C0*LNGShU~Qt%&SL6Z_hhiFQM*(P{uN^)A#L-p zII7}Pm&;9~k;m1jui?m1qw|?4L@GxIXZ+0rWU5clXDh1ECSR%=qR@w-YmKq9|Fgv? zkZ+TpzBay3p49+Zg6)oTX7;1Z@9wamHg)E9Daz=mFqcB^bx!5c^c(bRzKcz^Y@WC2ykBT!|4{*zPY9Y2+Oilp@b z!M~bwM_MY+I)D)OsZabvn=t6+u?4*Q^XpPYUsFg)bbsX5Lpf+kcxi3dJ#L&_x6?T1 zgUmG~(RjbQzHeXuY=9iZJP_@wZUN9LTH-L#<9f}>BX>*>%KGWzkn-wqtVV0)rT?Iz z`QF^cQODCG$k`qi1SEls68D{2V~N)kgP^S*l(A~xQJbYqmi?7^Jba0J@bwlzWnQ$i zP444w$NV*Hw4||)&I=uu(Mn~#90-a2w$I-Fa`q&A@@pRUoJSUxlH3!!OWwcy4Mg|x z7>Y7%2#=72f67(h=~}OA{mml+iL>9YZbykM9G%6fT0$Vs$+us`qin7e-}`udIB8c|fcBhpCgXR7dN4V@?UKxQ18u$2Mu zVSn|>cZx@={{TMeFa0MzzZFW`z8{S6$Dnn)uYD4^J}CN{d!a#~dg&?w3lGZX-|@VZ zpAS)l13-cXupqC^d?Bs(+a*v%#qM6#)X8)k#@|e4UYNyv-Sv7lWR@=o6%bmjiv&jK zqhoY;z^E1AA9I9v9sX7w3C-0}U+Wv?Tfv(%pfO>^Bvg0^AIcHp`$c%1>T}(dc3SCp z0}}io&bb0qmUgT~7SC{bytJ;n{}&<@vMVy|0AM#E8q&0;NCg9xZ=y2}y`l z$#7PIqV9@ySXghDMN!BsFPDorh#Mj-Mi4(eaeqW<_&wD$RG^vt=Ujkkn-S|Z7Z7z^ z^NN4S@OM%0rBZL7W~`bAwGn}?VqTfP;)RrzET{y1ejgp7t8Bm_+D?N!}Z{_-V|vO?dli7Q+{5t?!VSF**88w zd7efh%k$a9HyIl2i8FBd@~6CiYbc&cTe7))(_X8EDd6Z2mYpA*UZQx^Uq3y$|Bel; zFGq-Kp}%oSuyLWRYXS{Uu$Ow5E|e53BF~P?GslSm(}LE?P&udH6GX_8a`vv|CnAMp zu&;Z2<2vP)G5Xmboi1C?Rd0dS5pg+fc|Gn4&E0I4NaB?H^zaZLiBqslK+dVXHr?T| z8=Ol8fcB~3>Ct_VYm-YI=+Pet$cO5I2o4sIt^T;LYQgC)YH|W5uapEt6#Q!ab#DrQ zBs}a?UR&Yvd&Y5UINc_z=3VK1Cab8jquu%8A0kNrv`|{X(Ja<8KxZF%dsT{5UzImbpUz zKpi2rs;*F*hIBN@PLl&>!Iw@I&=7P1wWzT#M8X7OY$8SeQXinZ*#4D_;R3|i)a?di z%zT)}Z@o-4^mu#W4I8*x{(IS~@GcUhSwfnRqmS_@RcC3wnS&NQP89kFX4jg&r|*z` zNKgPD&PsG0%u0aNaGc-#C`TQeaZU%>VJnr^)rhd0YtGb*>QFA3HZ=bm;z?WbAL zRZj(Q-cFC#Ud50r^ab1a>j#S7{kiU+8}@#faGcrbzeFuYm)>EzJqoIaitL%?BAj$d zKlX8Z2;@4kf9{_ah|@qHR>)QS8pz3k%7&Hxs8za3 zN^G-u`leaPC?Bm-!=!B9_(0?T$ver$rDfQ%es{6&_7MqWJ4FB6o65ugd@bqxg5I}ZZcAXawvFq>D5?-e_~ z(cs2eI=jj*BhCq<+Jjun8%qOt-@#J;3*tCGL0>j%S$>MVu%_`2ksXzBIxTp4u&IlV z7M-beJmdu#qu;57zi2=+HOOeYgzv^9`~Z2={?iGhK0VHrtZClZtYy&7 zcC7OXlQpkCK)6DhACgWWU^$w45k;kwI&rhMu!P9}$_=*2eNE^c&{58E=j4V>SEV&Cmme zG(eO3mK<8wDG}nFI2r~Xsd@RBjyMXt%4P&gep{R8-fbR=0y^Swoum4J$HIW96F0so zGVQhIH8*uc2OWfXE&}}&cJ`T!U{~siP*7j@8g+80a0=Bs9&q;>VI(|8hK<>M+nPQ) z{i?qWU+pj{9&`v;1ga%@*rqgdyno+z|IO+?PSvLC)a6I@5Nj>nb=|9au=8!l>I(NY zk|Ia<&d~Neyvr)%dp`4|+y>BgasQl*S~*J0=xfsL*kWn1XUKlGMz3+suRp%1(L#--jOX2(+uiI?T!|1yIS6 zytW8&uugVbX~U>lNY`elG<|5_QtGI-YgO93cK{M%zCr_iL#1O85Q~J^|0_Qj2wBlJ zw>~gr^~Njb1nsbv406vDYq6Tbd9yps0#pmxUgBj(W6w~L2kGbgVMz(4$bv_grk7`k z3mRWdCsj^X!SHfAX;9;K_GXKi40B|{sWV57suXnt!Ho#c*Z7V24=&X9a})`%;%H)4 zV(T;}BI48)A?^qo4#xh1+oPpe-B7C-GnFr84R1{;fKo%~D4s}t8Kt`u-MmWBY%9>r zyAw2iS4vans_2T063KnQ@!h&aeyj^@MLYfbI{!USv!r0>lWcXFlHm_E6buaD3RwPH z_8UT_dbe$&?&(C-aM&!qte{Z1PyCtx9&5ted{byx$hp2qXX+ki0I+DlW%WsfYC&az z_uJ#$wo59`mu4{#P3C-cAEwpAmw#E-pkHyylWz53?4%I-=h+Y#^hMkqfPRIRJx;_V ziRY?*D6uG1p&tw$Nij#`16+s*0wOtZ1EPaPO*-;cFee=bW3VWDdWuF*UZ8tysK55{ zZ5K(kAWsnBMGMuu&(?A!_F^9|$ErT3PYCZbBqGwzvJgk3yAfB?Qv9#9@FP@q@&>OO zs4T?pB2StY0|rWp$V5Nu{0J`pSdbf#4`ZM&;wKH4Q_mT1rNyEri-3zHq56%j$a#&8 z$AF$Nygv%mO6=T?%I|R=j98OqA;^C?ft3_6U`~}0joU5YIC|p``}=ym9OO8RG*19U z3$~g;UvnQOjrBRJRK)L+RSYa`h2RSO(?6bl~-P{=T(`D=7lp@&=LYH`eS=4i2kIC*oaP_E%c z`VUzKEt7Va1~7u}p05gH)(_lZMrpbP#V;to0&&4Bk5Ta7aekf5{>i{K0iOXd9W_mof;&4-(RC|oRXoIaqTe* z#F`_QPggnx#l-)g&O|Q<;leopH$wG|QWCKrU9hW?BQZwC$C}NAK9qjzAc^Q0vKqmX z&l<`botPiR4~Kor^Crc)1xPTU3@8^8=BoAv6-%ld-Zlogjkc}rX##4iCye7 zIz~D2GTz&@mo8ogHY7~M*uOkeMCnJJK>#;^Q3^Y4?bvi8sIBc4r4ft;w$o!?S;<-+;0`jAPs>QtP z*bXUv0w{qvjw8|)M}ahg;3Uk-y!*5BUQ`!R%&)E*A)%2+NcV(Jar}+032}q8=#aG| zeIMzBFdY?;l4p7GK@SLkOhD7+52-l>!yDZ+CFcP;$3mChdlIESYg141`=_KP2CSqQ`^m*%RVqWqc`#_fxewIp0SSFIxY0 znj=wLym)ek4@e4N<<39>lWk5y?y5|e+{|W`YZ-e2X7ZH#)H(sCKOePFndP z)E;hLht%pvPIM7sg@AsH@bgf=%vv1Zy$ch$o9$72h3F=#tH!Ytpm%{=B%TzTo#61R6geg-(Y_NB%aWR*@TBvrq+^fD~E) zSUN#Xl2Cx-^ri18Sp+Nv=O zvD=0tdlJIlthXSdc0QbNM<&!LIXnnfh;&{W&Sl#o7GLuBg7m728Y0CURN!@>o2_$o z3cx1iJ+Xh=!o75aw^0_zB^f?W162;_3@YSkK>S1tZ}qF-sTIBl58w=nb;uc4zJB4Y zMTI+{Q>=oA1gRi_1J4;+FE8}jf!lE+RYoB0rb|}uqz`JY3xFJ#Ra!liEDxg$mF5bS z%MMV?36kdGc7IUb^S6A^H_vy`*E1>5Z)yZ5L1c}t9%Ay^x;JkgqCv_j1ob~s03?=B z^Q|{KeIp5k>Q<2kY55HxDXdx}99%x;dd&%q=)nS%RH{ycy-dC#SEzpr5x@j6^HS$T z8JG<$Urnk|JG%xE0&OTp2LATH+N7vksPv1wn@9c14Eo;5wq!DG*}yh}raz|GTG@Yn z1YPbPG`oZI;1}P$clmePv&5>t46n_t<_Xi5k`d){QO&ax*PA5O;q ziA$JyHce$X!EN)Ha4UNW0;y5NX?Tp0tcV)^-v17W$bHM;#fe<*6UBT+F6r{|&puE0 z#5#c~*eNC9KWK`Ay@*@8-<~Z?g*#2b)XL+IIY~SOlB^u^fteDx-t%JHE8xI@n|&s9 z??c74PE-dvfXOA?Y5^P2!QX0%4mwf}i~9VqlyC*60K@zKHIIY+*!^S0!mT($KwVyH zIUentD4&A8E*c8`0V_STC3M7!` z4?j}a#qOVFFafXyL^({FY+GAfNw35TJ0bxTHx;SRI-I0l0+E;0Kf?t*i-zP zw+`6E2xSVH#)u!g1Pr<>`rz1^!oRkFgPt3}hFrIo0HIgExx%P#gn+0!RV4rft`KugV^2mH?_-YMq-=YTjO*A+m`rNb07q&uyXMFiCRs=A)c2AvB=3oR(p1{U`y#n$`Rd z!<7P|Vhg@-&~2ehQ!u-z6oL>IHyD=$4lh6bik4x%`9V8h7U(}b<;99mj$4-ZTX)Fi zv*GsI(G7;d!pS+#L`=l$Pi^S4dhcsKj#ab(r&fU+Xy1peMY_0t#_SzTGT#%T)O>(sV{6RqY zEh!SH^jdbvyWswys`))+EqGsY*AQpZ=CK7;8VvR-Ug2;sJ=`Med%}=hmoDQ!P*;#R z>Ac)0!B`h4oAT~tm6C&-$Ig7;VcVXTntD5D%n!>?KN};~S4NvY5t#>h0Ne%G##wKA zU&~-xKO?nZUC!j@V`^epSl*BS;x}5dt&WFGxgrpKT4g6Exh!o|3<51L3d9bsf)rjQ zC_Y{36^fC@x)Tix-ubL1f*Pm5G;>$a^wYfcbj1=4DCH58h{oL2`wR>P7F5gfe>x%M z7@!jZ!tWiN*MQy48hr<}zC0oUNXfAu& zU3X$>mpyL0#m0Vr0vAh&{x8sivJ*mAr${k``=$`&k4OfJ z^0%J0$rw^^0jub(1Yim|RcH0^EePnYAjW=RQP-1x60N_t(dWL5cwdHw4lE76b8S`S=v9W+Z46 zL9Fb{GeJ%CT^r#7yv?HQ0Vqgh-4$k4ILKtO)ftJyTesO%c#fW$NOq=j+3s4&r;dKx z=mKI>{d|KfG*DXSRg7g+y19ylbril4__HPqA3Ii?${OD*XswuqSv|!Fm3M-lyni>9pF{yTNL7BDIvR(OAW8f?eu0iYff-<71a;#J+jw~5qX@977FSpL~ zCoA7$f9mVw^z**>#qQ0MPhvMI+LA*5JsHSgIjecxS*|Rp0}FB{lAzdyKtQGH>E_l7 zipLs0Xin?6FwjJhMU-rm0!{)nghRhFleMvdS5Q}`O#Y~t)2H`8(Q;lp&Zg2j=q@5^ zLC0&q=S%uCGpK--ja_TBXQi`IhAT&$ax2hq(>(cJm#UHPXT7nxb$qVV5N)8`H%is9a}bw_w(@C6H6WbBnEw9Lwjy}{M!t13esHh z&!)$8Mv_#PxgvDd+;t^n#p9YE8dPO84v6kn0>uYNDxf|9J`aDx8SJ9VTTNc>%LJH14TX4bQJYnXaq?WO70&U+pwdB?KdEr8FbpGdYB$pyUTO zN)*EqM1ZdLdS5&GPfW@S!kN`@u8A}vgKf405Qt2Lkb>W$K{2LrAPm-|W!tHD_0m;sOv z90e;t?#E}zx!Ix_bL|P~^Q0OsIf`3NYX#TSZIH-H;M39tb(g8x51@Jfy0S_T+O|ep z9d%sEIb@x9ec0aKjt&MUDl4ntRw=<7g-Cm?bnCg`#{AEQaL^Anm9*DENY+|+ey}js zOefdH41wrG+?%efls^Vi#a2uqfaN2U&IdxL=PWuzKoYXx^csPfG!`hQxL3~~ z;B3*&%bo-c(gE_N7K_Oln?p_)&U}{*8yg-z(GbubyFRBYC{#S0d0prW;cj#xhU`T& zT~Qj=oMZc(ZOkwBjy?&pE7#|wx!S36Iu)BwBh?^1c5tw1dlD@k#ozRX#No0nB`K-< z#_%AU_8Rg;Vju0<1-q_fi`ecp#_lIy_f99Uri**-O@YWanti?Ly*fL;Fv9N3LPZM! z=Tqmq7y&NU zJI+?Qazeq3>JUQFd7yRvll0CKO>SCuQVAnub2vQ|L1#;}@VWYQ?TqmZ1-Uc`NzdeN z012(X_6~@b+cMh-$OxoEs6;M0#j4K{U)CBYkP6ukN6a^yC5^#=eTFOm@=tP=yw-tQ zB1|Tffa~m(Qud^S00CHjAVm7Q<|^@fEf5d`YWdn83z=7CJCb6g%C0Vz{7L!?`Wowb zqfou?a>&-aa;*}Xa&X%-`k*(fmvyIw>C|_3K=sVK=)ypSzXVnz)c4Fz*k`}Wm!I(y zbSu4Yc`t&5#c4&?Vc>N!a+RAzoHS0Wnsq)7?HeF}UN|@%vMQ9Zc?ASj z`i($9B+Yts6nebm3FI`Zm7r-a?)kgRUApLbeap=hy94%x3}88hZkuCAinmeD;6bphd|A-Yj(wd+aR;2T#wRhMFuQ7Y6yLJ+#+Es#jGv z?qiK41CI@_eo;(KPwlO_H$^?H+ig1y(!@%-Uap!2cQRUBve3ig!y37V8`|cvL_62c zZE_`6|LWSvN|566SNAZ#jhK@LR*ui_HrfTm?%euZt@9Dd;`MSQwIRpf6nme~TkB3B zTUPHca`&IW%|WFgKp|LJQPHesqz#7DZjEeQid5=xa9uu3>7xe|g>VgNxDGu<6g@c( zH@UL*TNlx&w3w0>GrrcA#h1K8=BjJ4pSZ}0m0e912OdaNlzMJ8HGbGahCM|=HyEz-L}pEJ$t zCuUw@#m^ESH!4e?BW9nQLZgYY3kjgd_YYPrvP?g7_xN2mpImyAHhY46IXs`=OE=Uc zs;f|=sLB6&LJIUrKk~G}v>&oA*%1Pm3pw$a*kdKtHTKUCk1TtR`utNC&}jzkX)rYf zFoG0VrjlWtmXSBl+#^9|Y~CSHf0Y8dL7)bFmN#a8QR&8-u({-U*6=D35PPP4JGZg{ z82LvFK)FA`Ad|nm0rbj1XN$tYiEe-g^fO4w2~rmgtS@yY2q4N&H~hU% z$I46n0bA~P9CZk2JjlW9Ge8rEm)yOVeA0Tz0&2Ufy|@Qm#Er+j244xphAMpL>-`Ng zbs%2}VwP=cCITBNuOM{dA$3&`&xaXXE5W5+P#qrW&Iedq6;XZPM zm}+*iyVGFT#83Mj7E;}P13`#*rNeUz8GZw^sFiLGrtO2;o>{$hkybfbXmR*CbLQ@J z6mNsH6KNjpwfDX5=H4LS>BGrx7N5lYWbr+f$CVgZHv8MHVh9#~INrx{5H1v<1&wOF zo=$Rk4T0cQirU)Pu)WeQ*9Vmxz}+CQFd)cX^aX*|v^9>E;|0lYeNN_2TtQ>%Jfl-H zSUDQuf4GJA`swq_M_xmRynygRSQWxgkG|kA9?^K5+PuQRDtul~r0_){!^5-obviYi8=FYmMffR*{Y!qVjBB4v*hW*#TOQYCck`S!y2a z)ug32(YGJ)04?rn!_{fLx%`VF2O!vXygVb}w}#FbS9c=S8yRpgBANCers~VsVC}^x z+7rXJ(z|IS8%A3dpDUbhim6Y>`*b0YUH22y!Qz2;E{c*adz6QBHy0+`t;jrBb&mOV z&V-`~)$hc2`l0Kk1DA;PE@Ib*g;u%Yf-p@Hfm_(qs;V_{*Y-QJJ^LO0c%pQ1z8AIfekMnP}iV9nB!5zNcptZ z6D1C~0A$RJEpe-f(6Fq?7_e^XnD+^@6{=e}4s3IajEsIZJtAt5Ua;IV}xxW-3@UIhuMKc#z0dpRm(W_7gCsAde;G=DTk!ex2>m zX2EL)_OQ&M9=u1Y_gmamu0=|M-E^YLBIZ|7>T5F_*Q+!Dz5sT1K6GU}wM zCc-(F?RiYisQrN}&D@fcBc$Se6z#(F8#xfW?@t5W`^ERyE+$+4ig4)EQ?2T>x+V{9 z{D=k(cd;mb=78}x+AyS|NM>cDE!+0 zL0#bv8UCtoliv69CmogRwAFYJY0ObCYa77X|M`Hk|B=6AKr+SwTrWTe{5BGj;(ljtWUD61AGP-IMgheQ`4x-wGBA2{Q>2huI)B}K{OwaKj=9;l!RA2xJ4kcI8!d5_ zxL19csU>eonfCD9{8?QAwA5NNvD8vQ;K zbt}&{mzVG&4#-El2%5$L<2S)ajYvV&z421Dz)7=qU@cA{#JNyU2yfa@MYX>$DqKHm z@x}}gj70S=s8`DcCP8P3D55Jaj3rhf_eF@R zCcWl$CC88T-_{R{p2sP)ck6Uh#`S5h!IGbV<%*{9bQ|0LqMDY*`wh-RQ#?T--SM5g zPUm<1VN3`6%20M$8$M+1JkYy!2}qe725U{=>WgXA+sF~DxE93y^r|0sM00@e%spsp zKn@dl@5_Ms5h)-I6d+wUg}TB0E-AEwHy`l*N+Oc(uPW9=;(agzLKM-7oT0%PSrJ>k z@^r^}meRG%`Baw@{z-wU_1MlXw$B2Lw#x7&v`(}$buu&4Cn$nxnG6kRh88QpY=MSc z20!*$n3-3$KYo;Gbts+HXinwIlU^P1dTUo!(SWBbSrY=F`_r#B)~yd})@nbz{Yyh) zJ4Vu~KL^dG>erh>oy-Rg#UrC*8QBe_W~J5N6V%yA1M>9*FrxH>qmMZw=7fPHK23ok z4JhOl7-*gVCCDQt)OS5hT&{!0xR&`KcQ6t20yYIygP%1XUq1Ud^2a^bD zB5$v!Wrm~QqtSglF-%q_dl64$KRC14D+e$^#N0JFO5zJRO2R#Dp{d%z4;_W(C#Oah zhyJ(c2H!|TR&`Gx&R~7(SwPQZ7(7JsLOa(D`;& zJG;6_b;d1$^uF7+0yRHoPEswW{%3^%VJE`zL-FcTZiqNTM+*As-lYkL1MQyggwz=;deg2$KmOw5)NK&j8RHoF)6yH5_ZSR<~203Ex!G1 z{M{65E%)l!kh5;h&?}oAS2swr_EY~f18;JQB(cbp-I|Y$-o+JF;%JQ3&g-J!A3|B| z7iHLZDit0cH#7nQqgksuwBl%OWdZrYwTHR$W5PYA){Is!?WI&)@5^$_$tn5bwQF3UhIw=~qcq0YDZJ*C9ETaw$yd(+AE2Q6oizJ&BEo&SFgWD2207lI56qSn#ZZskJI?19Iq!^< zwb3%$(x2X0PR*OkYxmOo-P3h<4}6j}Tn#O(71^=BE`~j7_1v8^n6|FnQ5xT0EZ-4V z|3vMC@qi9)T=cVu#xB{+}h+SH8_A)UQdO z__E)Xkj+-VJkV|GTz9{|Csk}Cu9C;RD9Mi5lal`?cShXdyFrk#-mJIoeVrte`6A4@qigYRcE7B}%cSV;` z^T=V3^5dGH@D6q^c!xg$2536# zC&~8(`OfC@O2bokDsV3Fw_1i4uzWmAaR()YPo|U(iEcf{Cp@N3@)V!zlYHaUxmW%dwzKSoVl~J%V~L|f^@X{zcWW<0anFXk_@xj_P9bZY??%ae0|F4;dr8YO=C|S zm&cQR$Oe5I`?+SE^y7dTQa9IPHsITDvU9$q4a-KgE-X~5gIgo6$nh}VKiC2SQSis{ zL0`oF*AI5?2Dl+|ojgK|sV73u@x^GY3{pt03Xevr2!6)La7*1``gB?1!2Pn`xMf`v z=dmEbqK5ydbw?Y)w$YF4bl~I9L*TNmO%ZbBbsF{v;G9A$Y;ST;J-;&$QAKmaeb>a5lOX=rHSs}P@ zr-Pdn5T+o2WBQV17CK9cT-sp9K5qqCbD-at(UWxGd0vrJTGe0|RjB`s7Ynh1$zIvIiNSPD%_VMxOvx)K(~5^ z)XLZNODict<9XTBpjLHQRt+7Ln24@pWhdwzTHZx%hB7X?+AZIDXS6KV#gkJk zQEL?D`h$;tO6u#yQsOl7IeitsF5U+qtfW*DJat5JMy>a{WwwW`g~!;Myf01`mUT_u zx8(}Qq&1ff(snj>9e>Bc2Ym^D6JM`KG+oD04zz|kRa%c^G&!$-*R&y>-RsQ`gBv)T zrG~ai*bjgM+?~Qkr<9-6x-nbx5d#rMHC^B8T;)WLKy2{Xo%Jaujr#+TO?^=#<;t@mR`J(qP=leB6 zHBM3*2Q=A0G|7ImpVD7A0{Ru^4NCu(La%^wl!kNp>-3%C5G$MN5pTRW1unz9X`QIl z`{X?`9RL;}*IJed$}xclZ0=dr(`QxF3ty*AdAWCgH8FJ%;>fEla>z5sKjKRWpi^Mw ze%1V<0s;Z%%R#0OU#DqM4gIjv`FvCjDyIK&;Rq8@6ez!B@*60*-$Q|kL0&{)J2V|h zE}UREp2IJbB&tY?6ur*YYZW`CG(UOQ18ZI{? zWS`=G2M#p3ioew0enXmix7P9E1vkYVI6uXx|6_=Tz;vhAmw$LQ{V#x|fdFB^SnDpgtIYS% zmj0+CEBhkNYKD(opb__pAcH|2Wf2Tj+OxuSa6|iXLfbIv`Z4Neao}=gKg})6o?c!b zkODERc)g`C#|wV&+X1Yo5ZkjR1b`;eTHUT{@K^4b;#PUn7~leMorv=(ir)nIXb_so z=|*~*HfbazTXJade==YMTfNx|m`}vj&Mm>U;G^8{zHUG+bKlNXa-WU7Neg8OZ78dP zi1)_rXfOd%aFQQ{Q$^xH- z<8gdhwB(J_4XUn;{=x!MHYf z^s>NKC`G$A>?rGEN=5lr8$i8n$GLBE`sn|#yLf9m&4d`@Z9FNF9%eTZ;M-Fp5*M@2 znch8yG#96GPUslrJIcOS{lZInn~@x+&mV|Z(hkAfp4`GuA$3b3#SisvIm*!aKd#;b z9P9plAHQW(2-&lcy|M|BS@zz0gv>G{B(hgB64@hLvWZZV?atmSA$#xoUw3_azQ5z| z=s9|ho~QeMzhC2eUDtV?=lLomFxqf%l!N-;^y5X;G3S*}gV<^)?W1d(e{5!hV>f)f zYGZ4K>v@8eF|vw6O298ARv~w5qO`9(JC{NL$LHkZ*0j|-+gT^>GV`IL1q$+K{EoM; z#kFY-`dd`&JVD=5{tIQsC+{m>iFYa#TAkmY8D<;=84ZWn7ZK$3laPbm=ZDsm~@tBNSRg+6Yu z>u&4*{w0Ax`0YwaaCYzr;{21Ikf>{YjUuWjHw@3Wf<_IO&%s4var=hD7GpT!NlNWj z33JKw0y58@nltR0&$$7Q$s^^;eLO=a{`4N~9=7_-#7+l6$#@F_#>>6D7ZG;|WRAUy zhAyy@-eq9R$ooE2Y{Wr&7X}TXX1o#rW?e5QYDB|V%Q@*h` zn+AUyQ`liLt}XFXoo3!64r|C?>X1Gj zR7#A?!3NlnEt+9xkxNfi8|}p_<-Sm2${biR1B;4%%AK02WPsh|`Zvsy$n(CI5lcfLM%RHX8Lk{}ade*R zbnMbj6w{h9!mfuLhBd)Wg4>k}ML|!k3AAHB6ytK)P_VIej`Z~9a$i%6XGn^~%GYKC zk`UAvydik76iF){$l70!qrbr9D?aE{6pS=u@mP5eiU-qQId+Ej6_cFMPEyo7I)wWw zrRNm#{r_PDvCrT7&igSk-wLz!iw*TxoEkwOfQuNC=3_J$E+`=xZymX;n5)58TBFzf zFi~{YB{BPhgKydzUy7?`yG6M$EQoGvqO5>Rk}uSLy!*7sVY*HJb@~???6ZD5ciZ9_ zo$mKGNAGK{Bj9Y1#=NUTc$HHTR1adYIC*X&U+7jbpA!C^Az8wni<*K(m~06Ob9SME z_)lp=i-ejGFIN4%U|R;UkAJ|X8`RXcrSK#QRlPV)N~M=arrKHycnv1 z3qt|Nm`S>W0JVo`UVyohw=W}39@N=ad&+G**>yDheB&l;n%RY$J;`k&=r zc+NYyuqY7O%JPY?d@7mnL?HfdVq+MFS71(+{#0Qj@}&hJWfKlM@uF*W8(HB|BPH1* zs~JdJa2lgiAoQrIB6XbMvbhD(Bvc0T`3>Ytx6T86Tr|W_J9|MHf_pNR)1UJi%U0Y( zF#jLFF%o$OLQKSH326{J-8eNAUdxT5muSf@toc5C)k@-c?O6dWu(Uq>VrAI55$$jE zLNgIR3*P))k}}TPearlkf&i7bK~n~kvtONRvOaK(2nfvWCom+9*JV?n2cn`K=SdSV zMdJS>Xz*5gekq_5h#hT8$^`A#SAZnty5dBU1tor^4HAt z2_T<_hT8J{V-<&I^!uuXtE!dzlt032Mgvz`$rU@ z50$|{)Ct@TwY|^fX?j<9#&;BChjOJw6&#u^YJOTX#1`96A{r+gb#6uSItK`3D*!Ly z4gsS~cI*4QOWJkpE-hNzky>n+B_8LgPV8&iRl{H`gG zd)z6?0EHEh!?-4MrgqYk^to%hG-|O4{Oi*eX)SB?+f{MDj>OiLu6&g9?ZKI$%_|?T zz74@rWQBi$897m$iPGb9mlqcwYRzc)j7`MIn%8*apIv_49=d3qOecp7-2RdI^tIuh;qq+8V?wT3@esoyjcxc(iNBqrqG5GW(8#2 z<0iqoOB-5O{;q1GFudt^@=pb*?2pbgFR6T1?*WGNPU|!Vp$4{K5d~+@6@^#QhKQN} z33YVjHmDX8-FmeZkB%1X5+(EVkC5mnF`-9{VWeN@ z3t&wd3V_MbSm_Rr*}d;9arTVXh-7iJJkpFUrN_d8mrMy#hti{?2&C;GRGG|9e%p*N zbMsPIy_D#cSneIs@-nNMBCp#9^>BIUFcJA>MROnTKj``AgJlpT#d5!Y)tq|^Llo(A z_Kel2@sVMZ&%1@@#OtzTstnxXb8R^zH-B@YA#A+#xn2~yN%p9glC|xbsS+^i?HGFx zv@;BAX7IT><@zij52xvpdi!LvQuK+EgXwofQZZlP&Oc`>TM}$zyz2XSklFwwXqAXE-}@h1 zNm$#L(oxNn4^93bdMpGNFBGupb_|nbQCD+tP2dR!EU^PZZ18Yv{?dqBde%7 z7!a7o0+SUN+lYTn_)6@|dtl>Q@!m3g*)MHQeQ%lu13`Yp+h>3KE=lPw49gf8jvxw`S(V+K zl6)KtZEd`UD>33{8LcEGB?V@eZdei}?VT(-4rx0LIu->_eIa_{Yk-q=!EwxO`PHS)?aXZ(E`H-mLo=er>S;c0gz5osS&m8 zZ$@=AgRpI0!-r}BaTR#rNs)3OLqquY*vWDe%V`nlkgyGD)n$&XE;Wj$_9DJYWh0A^ z$RT~8`cE=X0)}h^x#Wn4GDMDEx}{H_HER(d-j(EGH+VSc)@FUfzMF*_sL`XG4<)Vo z!Q;tnwQO&&b>zDC$2Nb5f<zAQ7Tqy)?K0J{Aqhk{O*aL?(INJ( z;=Xn}Td)-yrg}WB0?)nULm~QcFvB&aa3nOXf&!B0w3rB&GrQ|(ISklP0vBol zh0DoCsy+tn@Q(D9pk8;L5jW#B&VB3!eWEZ7P^?vs&!>ySS+{l3r6s;7>%;P?X*fv2 z(?mUO+=3rmv0IL!v~^>XwFCBXN8U3ljwl(9Ks~W&Ju$rWr`S>ZRnY!Zs}~!$_;0D) znUhINT~$Pq?w=}7?Fe@z{=niN9)Y#8ojdRVH!9NH)=Fu^u6&{xvVAFK_uSSYq(YLC z9KxTttI?y!nh4RoO!{80`)^VLN|1+%WX_H6Wauw9nuM6KL~4m#p{?N>GiY%2L`Z)E z8Dyh8&XXWKkvJ?$PIORYaHaInQ*_a;Dbq6La0~NaD7)#;d>~Qm_MkH8zn${zp)fY$ zUAbj=bw;nm+12gG7ybty3}NeP`D8D|LGTWw{r;s6M7{ijj?(MZJ%@TVgcWcJA4=(9 zUBR8Q(-QyKSsC2eFeBO`ZME(&u#qw*DS+ALHJZCx1b|^HZzR5-DDGbwKG>VwQ|sK| zZQl3+$|J)th1`JYoM%NX&tC{dhu%a}f7$Q5&UCQus0*V=|8EpIHKDZTxOTBw-LG=r zXl+eOWM*aijv>2U;Uqkw(XVD=m~4V1Y%~ODvw=d}uU2zKBvobZr)^c_aWpI9g~g*f zOE%INU~YhoB>LB=-3U2M8BFuua}Hew$~J!+as*_TpVFWDmh6*%EHJx=m;1(DF3HhH znaJ@zUJV-j`eZ5twY%lF)urUHN~ZsNFky)=eaY7kWhzm?oYB!5K8y##|Kj!0x&jpw zS2&nG%eqVYfmFg z_|I(oK3n8=#e^fau2iKUXm);;R46u`^#?Yn%^6Lo#AwJfyxbAdfC>SjW@3F8Bos#2 z#plwwHi8saNo4Mold}!p=O*6^Z6_kgNupM|rLc9_*yKdT)*8+yV4$b|C- zWihJWR6Xa!Ka+bOl@S$;?2XD){?hMs553Ha5om6O_K*pYK=`lVyZ=%&ueOQU(It!c z6F{zAuMQ>Ndun35k28^g_42)!1irBR zf9~E!qoVV-;+02XwwByUuFu?g6Ckr`Uz@zNM*fS)X1f8SV9ck5ri+@N5xA+Ws+{};!F#Eay3)KKv7@xE!>!_`fpdV z%l9nzG1R5#V-d}e%>T$6&d=n_kBzheIWUEiy8M6Io#0mH-Z4(u6nz%zmg{AcFK&8@ z{bIqzY78JLi6)NdvOLAEjUF7%-LtRrFf6raBMxuo6AMo*>0y+xo@-Pr(v{4f^XH;Z zPU+2&t5?{NqLsX;eRxls*@1 zh&sKg_$LXV$K+1R>gis^nLR1FcD$3xd_BaVkw?`^6;qmg3vzez3#jin1}fdJhsW6d zlQTX=ZAO*8x^>3+E)C(;;O(3h_57bah!^!)c0S)i3~M$K2!1;OJn`dNNKBMKi0E&F z0c|?e(95#Jahow@2T&YA6t?UYl!msN_g~?vNK7JQ#Y?eVX#gP@;9|DqSmdL}V@D@OsJMt8$WnH6|o z*8xeo)>y@=;tr(bwDR<%Y+AMs49n(Z?#e(6Actf;$mp>5v~jYPm?%L>bI!KNm^m=AbypPW8r<4fc} zlr%zw=YAUfiR(pTeDeZ%~#dUOPn8o6tWpW#?Q?oZRiOS9T| zjRj-p=IG(x_S~5N8FdqK9zb>90r2v~qlPCwi;<7Ql|}TbIXc zo7SlOZ5|UNW=kK=&)vpnF+zR=fB(7NA|W1LK{Q0Zi|%Y}$hdlYRgUfJJWp}?a$%_S zaIxT)krx(xPKID)*gzBB6fI)wR3egN%&D$$zSg!XyiGC8jI+ITt5I{w-lRfU0J9#!SOOby>(Wvtpty)GAdU$4DcRh%j-{1&7IG5}FeX!^`S+*upD-O#|3pdi_W zd|%lT8t^=`Wl~r_ZY(r7&mf4Mo}O`Q3N{w}*j^2@A}l{+{z;*Plyg1T!3XpXVfI85 zNyp&Gcr|WV$Rn%lNd9PEB+T1MA0=v#z&0Rlqvw zTJrd*tA8e;dPbsRFY zW9@5syTo+?am{Z{@`K0T&BgVBhPR=%tFs?B{>)$~Y0G}DZT1Q*GtCwPgc;zG5LJWN zlV<=*0B$O6o6G9i=(-?kI9m1d9^RL!2-5)TNOdHoMnSw-8qwDaYIKw&TgO#~P-di5 zd%?#M(O zuX(;%a=K#ECgg%ndPfbkHKZd5Zja zhMn$dobqS}Hjmi;dZ4YnbLykhKlBoxxVj0vE76@3h}mVTyVjFUyB4S>e*Ho(@w)LmbhD zgp!tDXt=LIWyl)(#Vs8~&RulUEqk*+RMSPpHhop8MQ_b2#?k@Fs>5 zW)^MFxX!5G{HXk6EV&;aeEWJ#+)S2RSDmT#HAd-_MSFeR$qpu_+`eFF1_X%*yq(uj7p zH~5;OZ-1}7qJJHcu`9(z@Z>z|200};is@x-Wcrxv*U8tI?H}7C>T@O^EnUL??-;{* z(S8JqCFBXbC8{&B*k!sYj3^1P{PKg3SMb@dXLNPhUHTi~VwRef$}Dq8By&~BdFGix zN!nHLw+HB-HZ)W&h;f~rkYpA|NitW%9AX;MPATuDVw2p&~Q^=H;nZ zr3*HjXBV<)=ia{UZC<+awJf*QQRL0y!nTnHEVh4A%AZ@ z%E9+e#e*&ccZy3YBjgD$i31;uU(#(D3fR7U6R^(?E9?R{N(gN53pnM_`GNllet~_& zuL1%D*fPy`H9b2!cwJL>=u5exr1Pt(Hijp%z|3l!%E@fAarYUu0*&Y+H#ufS*y<*t zC$EmiM6b^dxRNb>_?^OR(*9)A$DhpPq&IRStJPQaqdOMxPqyGFburUiPCFsE(^n#1 z%hqM%rbXf-@v#p$V%?WCVWFh;#I%cg%{!vFb$!iW-w&G+VqU&GBg|{rZ5A{Uw)t_7 z26#yGz*&OuM1zVLQQZwQrq@LS@Mk0>mRuk1^^80`>q*Z5j<~qksUo%GQ%C(iNprE8 zz0=93zH>I3mm>03ff{vsu-URLq-tUN5JTd&I~Fi(e24wcrkjgPOHc1|U#LhIs%T@l zzPnecQYaMtk?Xe@>fyY95XkTZ1LOMcQX3bfNkyna@lTF&4aPAmi3-iKh9@a&zwLTb z>kw598UlFhs$vK4T1k2Y`FVpOOug)wTrS79xs^<{dUPri4u}`H23?ZP0(|v(OGe0$ zogCY1@cWSxOlf=7=$Sce3k4Hk(=U|1izEQ;Yvyd@+sl}Qdkj3hA|{0)?-|%gUZn5U zt%L?Jgj_@Ix7}#n(_e}+lAa^(N50SWM_zO0VM+%(i@6e@_&-s8hJ|&lNdYk28Lf-Y zXI@be)x0tLN#$DXtBsIV=EeoRYLj1B(Cn0oLJin0rrx=X%l+!?yfz=u1n}H00!0 zf~gQxr68SvQ*HJbbvU9`QdJaC|@;+NLnK3PNlPv05)~Z;ADk5FyW*OU5G;_ z&6Ea19NRqr(|NlpyXiwJ*fD_OHTm_uPa^{6gTgDE>;$vM?#WIwYe6gu(3XYx(e~-|5OfScu0_DQ zjkM&nE^j}Ds1Oa32#)%V0XJQ)ndbGB#w}c2^sl!sf&taeXyfTf1{+E<@pYdoC$oSQ zMi9oiW!7JTvldrPGkN)PbA6jUya{jYdMT$vfPA+HjijKU> z+W*AI9}XB00#y*FO+jtKKd|*x_~f><%PYWBse$qa>|@9_sPx%VgMnG7$^dHB*so8c zW)217IspC_DIo=(QJ9sJSUS>5M)ozjK`JTynL!lRd73#CH~a#FS$TyTO&fk4Rtg)1 zb~9Dz)~=80*{D6JHt-%NPM+tWNT1UlO1((NN`2xB@zqlxeev+F>FW0V{^iru%+(?E z45GTK2<#jZ3_euUJz|(4;Wvik@aW;Q3kc8@6FyV#2* z6!O`gY>#`~ytcC@`tG81;Em-vuZwyaM2=PA`=W|6uK#Lp{+NdhWJ+UDCx|?H>x=;4 z2jM^NI0P;f(0+fiVXCO`b|4E%Fz_QljRYvmo)JfY>EsPSC`luvUs~)OcASd5NtAj! z0L&rjvJo%=Y%%MXe)YQ$ki!9J0@?!o%n8vfjlU5v<@9Ol86EE9U~}GO5F(sL`Ud~; z#b0)-r&v{;x=D_W^5RlPsy?K`#rkZqE$gg%DYsasD-SPEhNrsz6o*iST9ma+J;Cs> z0FNo+@=MwlKJG|RUmzigmpx5ys@8@L1T4-w(={v#z}x1Eq300ns^or?)cGdY6JYzskLW)>7sR$gK8n5 zQ^D4C>x16U$?Z?~zK_fnxanrpW#W-W=+AZ9Hr{(X;PN#dC!G+${2ZyRcqOg}5%reds0tbvwXbu#cTMLoQ@8_xSUef^ONmwmf5~Nj{ke$z5VVJbQhNW zR{UQMz56l1okUL``It4^wRxqxA&(Ss#Prtv1}C>m=@vC41!w!^H!2RshNr`;4`_rv z_CCM2H|pM7dQ$41y|J{?=l*p_Xo#edl-@w}zd?a+K2%p=IKe@^B!zvtkU#}R5{(Z~ zXor=_Ub3|HOK?BGT!w#V7LkkoQP+A4%h3d_5_lx*Pa+~4?eQp*pHKu zG|iPK1$v z%}e*DP}}oS%1yPu6=4@~ZwSJJs{JU|h4(cF5OSoo2+$CqG0MoZ^L;K3E!5@f)N*36 z2!xhy9dc0Z;_iio9$Qyf3mCwklP8e5{E|VEAV;=+okVVxB1(?@%8Ajk6@PQS(AOFE z7F&J<-JMQPI{j{@HQNUP$P80;u-I$xsD?Hb(YKX^GB1HwT5Lg7HBTrMlr`r(I$OS| zs;0J3wVS5zdO(_#z4T+vzkpj@#lVbV_HL2h#X`uIGFo^=m5#qpwvohqJzX~S3yPMG z>AQ8IkB>WG=0{-d+qC18fKyht8in~u_t1dK!m4+q1CMMark{9Xq^C86qLK?Lk;cP~ zi!L@JP3KP(bnvexOb>g#`U{2{1ZPky0ab)mnt;)$;SrSvhv$1Y=Toj)woZ~#HqV`= zr_F)e9Y(L>$E;*DrD*_Pgy7K@uaHao1D%ES`kgQf+yEA?#}XA|7(k1N7{k?U>goW| zkrjWj@OM@LO>u&V#it|ul*;PR3#PonPuWv=s0mDMR5=TWKe$l6Gbje*!JU0Wo_Mw+ zIK5l8Et%(__JH5EJBx1iE}tFmO}2RjCbY8Lf#8U$-hc*uECRf2kRd!K9e%bk`Hu^* zOzN^2GvHdJdQDcBynJMM8ar<6l6>S`HXs>0@L88)q11Y$ovCZ?m=EHaREktN6zZ|_ zv5B*cLcp{}N7C>KyU0zC%q5+f;-%)zE3@CjYUa`{ap%tgbm%a)kBFjpvr%A!m$}=@ zhzs=b&*gE#J5N9GE^Gsab2xntL}M4pi9^#9u90l|@!9HWQNSzV2T7=e>B@ZCNxhbo zRYjJBJ*U%0<8?N61HUS}+g!Jn&CH=S0`gg}?_rh@wObOmq0zzDu!4 zK4)ozzD*sGlQ;leq!kpT5v;$5a3jVlzq_Xn$2kgU1He{x>huv1{ZKhfMDvX&6R}FU zNMFuFld1%1R$8*+55P4?F{>e8nO~0az4vPn3zTe)fhJ>7N z6IH&NF7V^KNf*M0li0-4P#Q5f-66(n_~pENVV zh=ONOmOFAMXMp1QjjPXZT!7v#{Z&akiX}^4%C|wP$7R-hgFmCl?)2E)z$k(vl{{q& zkRDt6AkcsyfY}R6*ihs@xxw|Or`Og8}^6Lrm)+4$wG~Gpn8*lHC6BHtiNhMO!2) z#V;yaoom1LIYQ!W<7Go)bdwhblu$P%E(V=z*S-NU&d0z%+x^ey`tAz6@ms|W#@Y1`Zd&k{TVW&yIvF%=p-8l_;5%tyMfhg zKSa({C;N1anM>dV0Tmat1?KV*l5hiYI@0!Qhzb+ne|o#7BdbTZ85!f`Cuyjq#1fmQ zFM1}NJx1o!#%vXpm9zljcU%v=J;5R`q}tE_vFi2s9}2Nhxs_q|HHT75)v={2;@JQ^ z)L-dub0S=~Nd2Tq;AP&3_Ka3T)+0BR3bD6%g+_h=y=+nJ$7#aJEj{@wOc4*XPqTAz z{(m%f@EX4~HR6PZx-8+T?3`V`|L<^yKkKSq6<8f1sg`H9>$rGP8D%p!OvOjHh50EL zrJjK!#;+DS=&7S2!11D5NT7M$V5~!hjZ;0m15HbqS`w%UO?~uKSFlDMNP$Xo{L!K` zsB-K{FboSf1@|Xi-BC2IQh3 zK6yDlJqR}EZ*7g^iDH-uqUEmQ-Mtzn2Zq0JXXw(05}l%FJ$6B#oPwsT1ADB;2(nj) zBV_0=N6GQsV9+VhdZ)(;apn1q)<`pjcnj#^G@I9C=GDJv5kNU^+m(YMyuyOe&4)0q=?*f0)jw4o9;5Cb(;zvopYuNVvN`v=B7X&Dw$NJNxA=1pH$Ho4 z=i;n4c(CZGvJgwo_+NytMX0TmHXr0+B`J3qHmB*J{7voH7(&!v5~u8XkXBpJWIImG;W2b+KS03vh6MD8> z;L<=VB|+5me_Ug|+t4Mf73F>oj4)8o0E7o4%A(V!Lj(q}xWVA=d=>XD?WOrQHNYuR z0}9FOPk13ySXBmf0$&BG;7;`>Km1N=!COhZDN2y1$fzf~pGs{pC=fyqzVcY0K1+%# z$>QFLu>e_w4lZy-G;$L2X=h<40(A}H-=!b@<4e7f(4_<=U`o)EOK}sUWakYI8=xAR zZc4?4p6cmeJukr?&Ds zvMx4Z`>_;W6waz^*!-G$IPj2x`yYFcIM$XcDI7ZOU~jBLrsQ>w1_tbdT6MY~@agG0 zS$$^xuaoPUg3i}(SN|=wf<6bS&v^$PNaEPl!ND4SVvGAZbCLPS5@lLifIFEU>|3H5 zO8E~HfdyDWzbb?&Z4PzR)uhhG=`Ly@R2JT)XuybIf;$GuqrV5{UjjYy`?0m+iLo7f z=>*X=7WN9bJb_h>6U`rK_Tpnq+dMFycQ)S=M|7AExq*HNp1H${D-v!QdoXC1q_f@N z3)LWOD`dVu4W}~uH2&4AlE3;X8d^rkWCIGoC2LFi$+qY31w@3#|kugrtpBvyAco6AON*#&?R+xDxuXq@*}PA`r?~R zX@{(DyqbI#+9t(al^mCDNn~=&z&7G_gWljaYvQVR)%2mzoA}&&+(Q$dWQeV^^rtbI ze=QPAsDh$dMJ3ebWqDWjv)>+;PO76m>Wcfs@COt>3O&vI7PYH(Je+LNW&7H&M=xPW zCnaOkag#`CB{izV10nH~Q{a@7^y{hWLM}?S+i^&QWIXhP5yEEut5Ei$)EMFA`YrL2 z5`20}ZwC-MLR^JUA6`PJX)Y#?G(z41tz_OyOA?O-&p%=1h{3Sh@*m>QfvP(5^BhD0 z__2mtfp*>wvcI_x?DUit;9#Dd+(x)ekvo=5%z4}zsSK9k4TIGieD}+u2=w;UYN8hQ zbm3l3OFOnbaJg8LbeZ07+?;9Ld~)d4$Mrxi@%}T?i91dlRK2Xtgxbtn`pxnx0SiYa zY}6K_&x!H2-NRFe=HC%_@dQT{37g?ge!p-~@S^bEm%%HEoG!S$2F;{9-S?6kZM0Eqr@darY@f3eMrpDnzMF7(d^=TtK$D~7MvE2;IfIzcUBQ%ua8|nK1X7pi zKGy^Ohj!nW_0<4!4jCF%Y~sw#>yfrHb_-#oagDw)*NOv6t%}_4e~`q`aexHtk!2dnc<6>b|$b z+X$DwFkkMIMcg0WO?+k|)zX|CWuDzd77kQRLit=}(?-AYPMK`v?4yP)Z==UkTx<5! z!r?0}L#3l|+zl zJ(zx0uBChV@8ZxgfjNHFhpu4AMOQjBsFW02zRORkAo|rXxCYr6Orp?c5w=UD*&V!u zmg_h&{7n3Tu`6Z?EnAuru;3=HRTy+D5Dekw?2U}2DLeS(y1cexi|U%I-B9ars)+6Q zvAnr%GKVz&?%t4;67w=Fkw@PxX`N8zG98yfI~&3c(}(6-N7U(1!HgP50yibD!}alR zD|4ZYZr?@w<5Yd4;@+whnZ`s$16b|Rw!n}?_;-yI2WuG=B=WwFBvcBs7xZ>|6IMWh zSQBJNt>uBj2*sittP}51kx|d7)kz2IeQ)C{SpfGQOO>xb(!Z%-6l0p|lPXpIHF~aO z@8EgqD)mH2^*i@>_>F%1PDAb?^`W2VWh^hhbY+wxRJu%;{4JJuQHmsFslt|;BwB+mys?fm&KUp;C6x6hQzNR+%5A zT3w}v&U3kzWg46#^0ErG7hFE+gr*qNX)@AiGu5n(ia(djUfBvQRV~+>ueq@l%KQ?6 z>rC@`DWS@8qzKlm>3QcXkw^M}AMm-J278jrEgG6@VWTV>E4Vgydt-Z8IcZOyG>lYg zcek>!M#+5|ZV|7>-76W}A89Zsk>gLJy{1YS#hkBI_|x*eNqnu&TpjAV+L{Sj)qH#8 zLgEjHGbJX)5*@=4$LsDQoDCk+t*bWE3`CrookQCmDg7yxsn?PTETV?kt`JtphTmFz zV)fMYFnEnxjqO#K%z_bldX`ZEAft7@eTEOeTE)35v*rDXTF(iDsx%6e>g%c_2kN%{ zD9G$@ijmFrl<#U4b<)qlOy_QjOn4d>!8`_qJ*ZOXTyp0dooUD`K_4md&d$VAN9w(C zsml_#E>B9)R!2R$$BIMrmQTEQcDWT?hvHoPRJFw)KYLD4<&9sUOQyn+5lP5QC^Dzb z7MacG&~0~_?sLMBy&9_yE7_`*<$b#Rx6E%*JRY?%2+cd&_n(i=A+K5wXK4n_P zbAQy;Px`>-16px}nVpqeq;52gCH&?f*mW>x9vl)P{CM+;=xzT0trVt_!bIR`jXLsH zXc$e`;lvpwC0%HC5QGoWITPH|8Kp*#JC){yzUgM(p&*obZ%9j4V*W^UWJZNR#%zRPefwQ#-1+D zK6@g{Bld4Y+!;R#D~jzRBNvrW;ZH;~FL=0gZ3#NSMJ1-9uNC;jZz*$>7QZIgdNL-` z@2Oc90&3o{FNCo9c7h_zpCQefmv(0ly|=ukY^%PdDH)}BH>#9tWvSJYyBMVWPF*5% zFw7tNMns#SV(QLK64v%;)FG)S^#OAM(soq55;NqJ9DgEhT#q^nae?;FK{j1+lS}11 zfH=Ov6ZJ?*a5Ov-z5T}i+fSGN`Tg3J%kIc3G$xEt4;m1s%C$fKe)HE$2c6?~elh;f zO^r|9O{{~(pUeDrR>-Z>J6L{!x zaZJ3Dq{PFW9UD?MGNwF=^fy?|X50{MoO{NxN`+RG5^XsoIZ7w*I3rh~;bu}LqA!KBV4eArI_-mKH52IrTU=v0u921QuxhC@gdTu|_^*mr%1YE(tD+vF0-`)O7vT zz;;S1^Bz-*JRYd!2( z1mNu~)4k)@KS@U%cAFD=7DJ(ZK zHQg2`IJgF{zY)vP;>Qi1FU)U;o~F0>$8ZLoQ=M3U+yA<_BeQVXVmpVDK2T$2?$9e< z!sI5_r+U4DI}R60`U|wU25k9(Cm)ouM+Hs|~)} z-7*bRz3@)N{-181J$HV(q<{HeNMUDtt>xqfI#CB5`;faghU1i&x|WYG6Lt_I#LGhF zO3+6gicU8fOj&rvd3x3+#lZbBwglaG&+Ve_e*LO^xt0c7w#8+OFslhm@iMB9BY`8U zE#EQ^Y%E+2k2VX{ILsYOZ{Dvk_-f_)eHZh?wVHZWuD8$IDb3)&jQpCI}Vivn>}lOnKuCmSaQ2zs!;OwSpHoT(}UyR`kDMIPcALSKX`V7I{fCyXG9 zYAYDx;_BV-xV3#6FObb}hqS22j5{B-!ql(i75A92d3K0smLz(T7A+Q{f48er;LpR* z^n1EwaD++|QoqHbVjAvjAzQ|phv<{TwIAOL27Y?OjlX|3`lD>S{rYiAr2tkm1;x_x z-36td=V*&^dt1Yj5X=fqgc9$;c$WNnQfbhQi?@fQ!7cvjJ`yOyD+`ZD8BtRuT`^G% zYyV6fUnQjYH`8!pn*-z|HRmY~C432eWaHpWX*^kNNnWzisjb0T;d=Fs{`HbLd&R#G zhcuXD*Z%YG@I0UG!&K_Rf^16JFBy5>BVoZiB{cSC6($94~!nK_O zw1j$RSLHl=Bz7J{JY*w}Dt_MMzF#p0CjYuq$u}q0N;v;FVeGk89xpzbH?SJyhAk?q z^znN51$Z|`>lEF$U2QJBS$bQ5$lAvxS)%~gzi+|%VFp=ES6$)AI&=l3a`Y)kq8P`o zx!$6I3<(BCUr3=C2dr4)IzpW!N#c>V&0nJ~eu2!)K}Y|UUDb>Yd}ru>;fuAedaeRJpZ(vk1u$rQdw zBB~KiX~Q~rr@}X)-;4~wRRRoXbQUR5Q{g=lYxWZkgj;8=s>1NkXpJX6B>oNG{a|T} z9SEgk#d9kf{Qj4TN{O4Q8HUPpySs+B5k;n@gFQ34!eZ-IHQb-qQ)qM(=2L*i8qV9A z{r%_UYnyG5Rdou8GMcgwMtyl5^JUy%AMNpNr}_)x7sUJWoOD^7oI13E6>{HODR%yv zb`s-a4$^oKb|VPJDntzS!)*w5OJRM!&tAoxzd59-ebxBH!?I@Lme)^y zW|g$>7bU#Y;1u8LCx{W-D_6nQ{$Dh_+?L{ab|;`91qta#uW=GwOvuYydEZ}+`yJaz zCt0|XavyJ%8BGD#$C##Rr^(WuUFR~SEkP7xQp{&aFb7xN_jyu!6q=XlW_RZwetoW4 zUKg}<{=`FC2qBeB-IG0Ix?Q}3( zgOl;^deh^9tPD}s9yG>aKR(HU-9`v8;&lv*wxVA;1hzoX|B`&vDbcY+B?&9s3D!8G zHC^(i&Y@f%o!iPrSYIn8-s9-?VUTN5)2e}fGwelUznkJ^Zv$@-TR3`6IUx$+&NZKF zDMRCPS5Y&zs@fjFs@7W2a5&S3@3%)?Mt$lvVfjf~np$kjM11d=G!13y-;&OPkL?xv zXCj5R_>qN;E!)oquhUW&T0ax#YEbyY89c_@Ut>3t{3eYt{U*Y!DrsePJ~TG@J&P-NSi;AveBW^}s~uOE2XnQIAteJ$>{u#R zhMuz}9=^Ezc{G-0M&9>MV5Ln5lgA8^cRhffw*% zKRuu>o>_vRVPP2blaFpV!iue@Or;U;4)^Shlpgg`t^Nm9j;CIeT%fDUU0$7{epZQk zyq6-^lsJj8gObp`c0@>!#>aF@aelZj9Jmo9?l zwA34ei@JfV*)0%)vq5AP${q(M@mJtF)AiBeUy$x735Gyk>f%k>XrkJ@Bw1#vyZafn znFVSJXD;7`jBUOm{o-s-topAxzTa2;LnMA(R!I}_?OA$qJmXiNwP45ssh}g4CewpO z=0BU}a~`p3&LFAPw=d4StceOrN-&~CSa-@sD%>+-el=~7G^&)C*tpmQcdY2Mkt`nG zdo>^lJI1W}W7dd)VwhFl)6uo5dePOJ;E z7q|s0sT9z{(PzuQPFG@5)^1$^x9Z3<3<$3Y_Qt5P9;SNW4#1Jv6NehzVb<4KNMg9> zw4Y=v({!#H@6RHI=$@&~dB4g)&`mZ%&w)v-4~m2Eo|Lbsj0@d&)M1#N+RHJ|W+^H8 za$MIU8fcgH_B{q>8s5*180eR3r$aKhx!b>ZIOifFA}mEG^2tI+YIL5lCBB40X>kX0 z(SG&YCeO8+3JRrMkdpkgTK0Ed9H}9KFBeSKzLHmskH0-?>id$2S#^6B{jg}_y4P|a zpn$J#xj2$UFj{}=G3(r1-Ln1P*;fRBA3;RT_>p|opf%tGkoB62Q=-TJ41$M!u2V~I z4sX!C_J(pA1Uo0E-hdK(F&ou$6)zg1M2_y1oEQwL89FWyJrmCUvkmOOpBn@96 z101N>%}H6+M%#luwtBhbvB0oh#1}%qndr+g7T;I?B${{O_z|%hLl(~HPQzLxdpXOl zDtTw0mqZf`m%sz;4t)YvhUj3G-2$pm5PX^9m;7bTNG7$8en{i*)H;~NCTUR2yNz$d zRi$<}BHD=Hm6)I}4d7hhdE=4pJ6WB_T&;U+Z@jOlvC(?h2MW_1kTmq#DdzG)r35$q zjeFzfXr~kCT5ywtc?X;<;cZ!zN>yxm2qh-Xi4jFsQbo962qE@ON(UkyLWEf9_VM5d z1r620Y~!Y}ma==nL*Z_s^wR*B$yXn1AK#xQ`^N>Cx4b3lf`>>S0a&1kMB?M${hzfP zo=b?d?t1U9%9P`%1=F+LL6MhdgOp)dyNKxx zt~XQ+%^iz4GM10B%4H1SflmMOk=UQSuP?mOTFOC(wBogqxT<-Jh$he;KlTN7*jhcz zz^~|dJmy+in7ijqCd7%enXdYq9omaoF{J^Ugf;%ri5xBXZQW zf0#W0p3ttc$ZQh-mORgmIS|)OkBu_EK)8sG^JT*!S-eJBmo34}bNKKS^T_?kouBs4 zrd;UAs1--d(AGx=#C$lH!{!@LaSUgLK(9j#@Ln1--n1QdT%|tCgh=K6+!1-01wN;m z4o!S;u6y1?;c5SuR0(_mFygsS#h)k%D-_2V>Pc2y+9c4t4etEed7#Sr-Kjjq_i!o( z1cgop!L}u##og9@l{OvKKWDx1D&Er;(%!@S4r`|#h*x}S72_6Ch*h=i86?_1hp5Vu z^~)`b|8vjf$^fhasVne@c|L?0sjvR77b$w(@{Z|T%=z-4V8ID@lDOPPULHq@z|!0u zzk&0jQvus=IP7fI6O#O&xYV=xW7J53JRUzlfxgbZXH6pC#3ZaYcBek$fCS!~pB9rr zG{@e=WGj?{Aw%%p(ZnQSPtB+;2^33${kw+RfPRfe+zxez>*ulniXM-R)8(sX=fg%r zPFO4}kdx!Qivf42in~;usZI&*>7&+3uf+46j6=(BZvdNCG|x1lCS3Mo=e4u_ENHY>92NXO0yFeyN6Md3aAo=gk}^3u`4Ui6FHtIC2OGM<`knvKG}w0TTrNk=;^C9# zM7f}HOc^-0So#)OCpu#PvnJph(utzfNWos5s#C20XeQyOyR7yBA%Li)S6J7Uv-4|( zAuN=mByW*nE4n{Ti`kQ+uar9>M?7g!_rgo(`7_36nW{dbm^s}VSfzt`EL9>uK#~r) zX9mx2V=zj9*(Av~e4bFNP>6q#7|{(Y;Fy+F&0wxzlmn}6o3+?Ny%dL-n?RQpmoP&j zRpLAj?iseF8zq6LVdS!oVmjfJt zBVZPj=i6TcTsRt)_91qJey$jZQ*$RFy!50TsiJK{bvoJ0g^EQ=63Q&#B<08x11`6E z6E=VwKKv!;tCD0H6}W6gCP7Li9y3-P6SG)36;y#Lp7(-hps+JM@@4uW63(M7LoP8B zq(J4x-)Q2)@kDypUR%_8EWpZCynQNOo$?fY!WPa_S=~AF7~Ei)_j*7QqgGAUIu^(9=FZtsp@4qxhfUkX?m!YBZj{ih`=hUZ7<8&Q4uyb zKTPeSf(Gpuin~2lZW%?%l|1^LS+kQ1;39AaPS|;{1 zg4K{YS`4v6^h+3j@2;?)S^#PcR4ZoX%Vt34cox_^bMo=Y{q4$#6_|moG@!2YXk_FR z2jZW${bSN?c)0j6qPHAg@Ugdo`mH3K)#>iG z>yVTOsSV}Z0E7skfJuXO&Kew+UY^zKP?oB!ik8W4tXVUC>b%K+NAoSrJF`$}A<~|m zNpt6awLH(Gbk>@2?Mp2{ zO%Hf+;~Y^s(kHkVnyLf!FX|T4`8!Z?zhYD~PkY$fb#vQ%?7nnY0i$}x<#RH7cd%fq zduksVG1|(VAFR;giQ-n8{`gV>apJuw;o`FCU*Xb0x17HICgdwGo6@(*?5*-o>0cbn zKdBe#-h@Ok=sB^i^&~2}0cI-hy6?DM{q{lO@5Xs+lMFjWP&c^wuEdAGsQNRBzGf{3__SZ@i`-sNxWV&OKa5XX^nt1iIM(DnU zidfUEvM0Fs1_>s;##L%L6J~|a;)gc$JY1q6b&w`4^VFj>v*4pFCE@1)Qf-n|)ep)5 z8(A}%j?tqbcvF%+1t^SHXswC+-Q9dAxV{q9@7AkiK?h+40Zcc#^%FxPO!nc*=VE`U zCdUvoXzo3x^SW<XxHL~S;>c#*-Pxk4O? zP)nyGD0!+RHl3I5iTl#tvNNqurYWiz<5Pr}1z58Ed>F9d=l@a2OQWkF7~$+LA3*b& zD;nr)Uj0nm7~SD>H~9pas%;N(RlNwnWGa9y;}tuu=>d)eGu8nUp?ka=x-q@$JSr>o z41!;wO=@059oYD9hJn8$jT*49+^+fx%ekCi9dRkAQ|)amv$}IJgiEPhVq+m?BIR)= zdy8BG6{gdFN&zR~yrfW+pusz!q*3-AxQ(3)J>Xaqi8C+%*!0cpIs+g(;pQ*SCIhe_ zF>C6#K!5E(|7WGM^GHXcfJFz_=-BOt8_Sn$IV;aa0}j}E;}jF5;?RuBo3zKdnoYAa zVaT}Jox+Oq-PyZH(NY!UCanxDf#_LB<|GSckY(k;oq4ncKBXukief%2M1=VNanw*7 zRTIY1;4N^xEnWu+^Ia5)xgUM-9R%6KbHO|4VcC_Mm(EiL(8$Ex>%~S1mR_j|=r%T% z$I1H0V+q&R;IV@n`i;tB9a)l*hHfTN#S*JvK4RqGzo+DJH*#{1RCiR4I-!3Hd3I@V zAJXLrsf&Z|H*YeDXr+QAuy#5%0#lNFdLIz;dcP`^O0{7tj%3MXn32F>fTOpL<|cIU z*Y;@+(EfLB*+FStq(vDcjv<>LN~K_Jsae-IiZKyCuWFG>iIFB&oz{uK6K12!`ylbFzYtT39wl2Qjjw6F9U#8B7E?}us7wG71T_;{ zfs70}Tt!xWAR+*TAAgn-hmrLNTvME8y5C*0h*e2TKVMqxkaZh)Ti)|;J1ab+4Fu|! z>D)=Y!kNMKlWXPI`2Yy6UL(R~XWeOaXaL^M@f4#AxP!xqvcJ?*IKT87Z*)0pnh0Xd z{LT1;Hh-L}f&tQi)BC!z5aZ$O^9TFGG$&pKdnyk z8w7YlBqnZlNjCwq&M7>LdrV7CbEeY!KrzxDguj($aQ&MnY;e-1As-lWr*(q&>gSH1cvB*fnb3B7HI0N|{z*nYZc%L={lb0Gwb=8mUtO7|GgQNA8Mp zZ%cpz7tVSOUKb;G(SJhCy%RWOSJql8bZ8O=kt==_D03uq73z!|)Tirm_-t_hC~FW) zBUTB3Vi!Q;%F;h9%Nl6@V+wjscrc~*7g|F8uc&pge^2)HPtKv{$~A-QVTYu)=TqGo zC??>?LCX0j3CQz2(xWWOM61-gerLaQvgH6np5Sutbf^LwQDTXZ;v){<8+g;utC@Z- ziQ#ksUyN%$74#hURhpi`OeA|39t= zUxFoG-$G-%c6?l#05R&Y*{&^+C&{6cy+8#o|pOq}#v*#5QeFnAa!9J=e0cfL8AMo1Aq zDp#&V@uX6*SKN`J?T`zFKJ3Ku9XB!Bfs72ybactM8uo>)M*I2$#-$;{U1iDF%`Eis zR57~zrtyr&I40Mi$Sa8df2rx+f%P+#ETxsROJ`R%Hhf7i6638b2Yk_sjgwvr4xly; zmRGIOf$+pqJf)v`VZ95pkt}$T7VkDrn-jUa2PI6af2QEbhbe_y)U{b>0S<8A>8}$H z$jp8-s3BIF2y6QQ707AKJKo@iL5C+tV8cVGnS2M5#dw;cm&$U$-MMY1%AS^)W+>0b z|7mb#e9}N!SawWL?da=JmyQY#gC_w`85+;YNeni>!vk;K$TOj)_4?=9Ye=Hhs3XrF zBuHu8cmBd7&q4jQ&kyq-MNXPSf^z<4U&kT<2HrX?jD4p1nIn-Z9ug~_Cqb^LL^E9v zl@|R#6pak7@{oRq!IuEwizz5r$NG`M4ACR)K4D_7*gLXs4}O?Q`P~{@#1dzO|+SJ1XW7B{4sfu!EGQPc#m0F z-A< zehnXCJm0Ky~Nczg>N|g{X0d#}0JIk)|uFt2PS^X~Y*{XB`3kRx@xWNd`%$Bq_S`4pj3b4Q@2lKv;w_+Hv z#q(;&Q-zeOlq@{83MK(grWvW-Qp33HZ@|CHM(g&1{rN;qJUa z2ZvSXS^Qz;Ji}|pGL6p}@2SM@doFRX>^p0GXbPUm7!+yK=sP5^zsGt%f^<*l{? z<#NTWVwuW&e$LTPx@bg~@w4m5S8Y4?0B3vit7bH|rGUT;1eVuo)N;+_ceuh{`YBlW}5UDCj&85>^2#q_ol7a_+Y11?bma>Gy+nISktv;(+E<6gQnIJmDk-n7Jv zut?Ko{4yKYRc6YYFaxTAq_hlU6PI$sP9@4z!?VS!A7$!6=&55~U8XN`nPp=z~D>tXtm;Xg8;>uA}x!k>07U zzsvThhq@dkK`lO8QTT5jDxhP&$F$)iTLzB!b~n=hP%uSb+p|gpMyzAvfCKQjGU2;r z-EgRLSyqMIOC}niKN8?ob;2W1b_Bfedm^IEr(gkY;=}p};*GG5TTM{aaP~0!-<#>2 zuf)LWqVqbhm58%@0fCnuR_ihLk9tsnNe(WDsK=KFONYzU6@rGKkS?|3n%4R3;oS`j{{{bZ}U?FhxTh(%pVw z`xW5Ca{441hGl)B48tldO=nXo;i6fY2T|0##U+zHo9>ioA;byyjPLJrCB(=|TPxDJ z?h!6QZq372Jal`hn+69;Yaa!n&FN0p-dx6I6Q~8SPV8S7tE3s%o0E6vuuKytt8Zct zYmDxD6#@fGw}(4tbxb}j&fp8$UVKVH(* zr@)g=5j(=njzyV1pinWJ$k))B1>JB08*%J;;sg=8r|%(ZG>QL1W+DZVUHhM0E6~H? zR?nAm?L#QyYTgT*v$1>tvgIl|uZoh{U0^BSf+O@tyO;zL$0~O5fBskO929w_oB1-r zP-X6aS^&Png<0VKdeMf7GvcYeppDmO7P*VzPod{X0CDReB?=Vbx~AP|ze*koLbfAby7 z_E$Om8jwTY3eso3NMQ?uzaeH9!|Sl2?+YIB{xil`176@v$vc< z&UgslMqqNN51Ux2M4Z(1`s*+vOCyuo=zt=gLeb)dPKtQ`^jO2$W!CJ5ryh_ zM>gzx(ndLJbkfY2GrfF*(kN(Xr$d z)g$O&lDvEogSPw6X|suK=PYx%lBq(@xQDBuAeAg7Idysy5VwFlGIkzx3}h*k17UJ< zgh+B)MxGXfqK%EE7Uh%zG-uj?nUgkS3W=KHo5oxQ1mMaq_uflRAtq3Pr$75&ci8-6_OBamn`f2z|`!)coPR zUv|dK=;@ooaR~}YkSAnyG^BnVbL?gn3_@SiFs|mNq%=*6ptgjR^+`8d%2Ovyad^#J zWmpNw3h1i2_@>K9w#{S-1%O?Pc!iuhQ?%z_Zt+k&q$sh#)E_XQ7*H+p6^bRC)T%T_ zjzRVBuV=dqm<=`2dFp7ge%6HnhQ8&i?KXt6WhvM@`E9Z4P}VHy_63DzP`lPSK6D3i zA`k6rBBNUI^AdD}*LX}xwQ7(N|YT^1)HzP}q+F^5#y2WUu$hqi) zYchy#+UHNT+*ibnzBpnZdivr=aIYp}RJk0^*t=r5vT7@Nk478p{~qv`@65&8ezQLr z=7tk~#^~v41A~8c!OA!1I1kgb{Lc_AiI7bX^>YvSaE&@$bnO7y6B?jG{NKEwT?AdSzle7_F$ zWh>v=>f=ux-|U%FbN)or3}5?+UB|x}yxewUgpx#zJszf5tYjFN(A2z=F>ML-^M0@ zA2lCL;f~zl7n|=n4m@u8_vYFi2Q0Nmnm;3Fx>_!l8G7pohVwBh{GS%UwGEb@M#$YA z!AQ8-vkimey9)6g)IN0E%CXeG@i@D*S-pRCsCjV?$8`~rOW=8)_hoE%>5%W&ro)k1xdzQ^f$kQ!Im_B+MHq$FY3KbLmnymGzKX5S)QB(JR8`w!#2)#X$}&xar1cfLO?5fl*!bo z6zEjQ7b#U(co)0{ZKq%{tQnIY3m)^k_-M-9XSow!C(L^07AXVK4PbLDwYJji1JA$gBuFdy&26h?2h3Q zBeRbp;2(t#S+3c`lLPT{tLX4yCO!Lmu1*N&{P60Tn! z-r6m|R9g<@EHeqa8;VFpcjpMZA)ijm4h5Hd4qgiNhfPASXD&0_hj)*E=a3-B>HS02 zz5j+sK!4tvz+=PRLFgSo%n9{!IcxaOu3_#wsk#b}HVkbp;3xva77#pfCEFP4;iLzZw1c$4Ke>{)vS)HZ~_9KT_Jy($HvvJg&8Z`c=s!`16$sQ z5HX$2sbt3;kU4Gs<#(;N-ICJ`n(X>ZyWY{L(*x7>Nw8}FHU0?=ZROE(Z>dST?E+Zh zlj|Q7xQB1Q?t#9(UfOZjP*(SJu`yhc$zx%~KBDv3@9Q(=cHSf)?Fjk&>Y~P5lJNs> zewF6PPLt5Rl5GzSnVvCKVed0;4mt{Pl!oq?7M-CC0&Yh(7YB>^e22Le z$K57DGfyAFR^WI`f!jHGf?x*_J95KU^r4)k!BI)4Q}KC8fiES+C?PTA$)NY!=4d6A0w z9+Dgix`h%hxEj>WaoOK+F+S`unTm}aO>uVg6cFEs)PLVDvh|VRKR`QZ(JdR~27mH+ zbyw4~Cf|Pl=oKI9#7@Gzc5h{2mo9b6 zWOZGMGpBzVZe@V82cG-xbd}itWVYfMoW{s$15Flk4IsCD0X}l&Wtr=d?wh6PG5o(E zXjmJ*ciTn;&uG0(f8}=Q%hhO>>Ff2-5>b8~J;q-Wtl-*qPqchr9)NO&iWwmW_Os@; zUfG6Rcc}_G_Evd=_pf<+!G{21y)4_xYo7binq1SXZAmde4nA+&=zD~9k2%ir9>~+y zxma~Xs?l{->C%-)o!;K5-Zwj|1SruA4L$m#iRQ`>nkiY1h_RW~@i=+V&ue8Uc5r_t z9G}96pifEp?L_jF?fjf6P_3!|t&Aegjaznk6nx^oJED`T-l*xg@VnqQyXGlaHwOST z$Y$k_jM#MUylT8E00A_zzLEKe88Gon({|7~#R`|? ze=SX`b1z~$0ojJt{8@W=^ow}@Z%{`?IU9O$d~T#1Pz00!F(Wj_zKk6XQmFr{lRLA} z(Fm1hBnV?HhFH}7#s{G2n9*0P3`wJLtV?dY<5Al4%k%@UYt`eZHs9%D1m9`vi77aL zQ-c{+?O8;=vxF^Ix3YKk3rQMK-wXUlMll_qGWu5aIT=~h{5SOF{dk0#@|s)s_f!YA z$Ufj)M9BT>j(*coN`#N(Ha#Yr_WlD%;B2?Xe{9*92k9VZ`qJJ#zuLqi-U6WrprjSe zv%8Ds`bfdYmIAQ)W>ri~N4-{d_l}sWvSYt$hU*f%BKUu{)Md{zJ?#fzy(gl53{D=1 z&&`&i=-*1F5ofO7U6BKEMTp_Xf>l|(7ioi4-l!n|r8c{k$5{+?LE~_L!JF#VWo2M1 z^Nx2kDq}VCVXKDk=4b^D@I3w$qiXLQ z;ReC|C|Y1JYM=KhSZo$B60Tk>*|u2WH(TOFh*c()@!j;V6p}8yVaRy&_0mmVtTc3^ zLi1k7iqMG$=kes4O0avqR)KpOZ$XgQM+PZCmnn|JzIdUe@ER<^t_mGtM&pB>Bi*1%9JC&%4rNbUOu(gViU9>jkxH(%-D2-)efgxtt3sj@BKVX| zs7im{G!1Oh!g&xn<5s6pix(NF4+<>r0b2!x4|y72Y#UGLpR^Sfk1k+pxbIS@(yv41 zl6=5uj}dyVIB0JHJ!W=m0i~k(W-g{w8D|OJe|0oDCUG~LDA4esy7bTve+kO^%hRp3 z=&8%vu6r6&kaA;S`&@RHgoAhxF&+6!&Bo=4yzD7qGy)Gas?l%u#q*d)ip2M0JIC{0 z&r*Abb$!o14@K=i{c7-!)Wi$1sCJk6@BbV`p{BUX=wEehQ#@76!89{$!w}}Ww)!ZofjdfGn zwjHJea=H+ zMCn{C!gcum>n6DEl|Kn00C`A9esR%bwa7-&7`_}$oamSyv*r_ip=*)_aR+$$JC`%m z^ExYK$o{+KCM(NMkec`${>`pu&qx5YKRxIkF;Ije3_5l!UY!Qr8CO&_eN>jWw&fog zq^=7ssv9#NoA{&aX}@C9n5(44o;6YW%VIy<{NkVGr}SXVuXW`rs<`nM_^P=$@3PG^ ziuTn@CBbgm$b1|?cgA;W|E1_!*70l@ zp5F1i?gezBR{Q(`KsWVe3t-B?ggGev-~heDAO0-mC8aVI&}^@D+~VrE@1I*DZn}+T1M5bl|O5BG1JiK$nf#ouF#O_co(iboSqsm1f<{Mh)U8I_<*k@=d~==+{mkzlcV43t+dJhq(}&v@Mbp}u z9vLC;QtL_*I?dFQh{?d@RfQs@W@U*Rng?vv1e%vN@81s==;^I7<4fKSl% zE6aOv9}-bksU}sKB5mi{`p%&-U%>rYKh-Ch^ws6dcky`W`bxH$T3*vG&rtC>bBl9$ zmTn7Q-Y&bn*1T=5G}*XmRX~7~N#EEkp{pQr7If-B1jT|5^6GY0h&uguxCEwDsQS4qyXh5ME~T;Tkz_IAc9*BELT?g{q>(H3TDrA!6>?Us60Sac+MSk2JH{Al+mc=bDYu>;}2h2_4c(H)aogw{_=p8_M|r9MSW zXozv5TAF~#A`h6IRiyO8nO2e!%srp?#e5+|rzT7{d#RRwe1ExjtumL+prjm^y}}Xb z#upVow5!ja`iqH1yvG1+<-UUNq8bAal>k&oc4s2i9$)dlokIzw})?@p(YS)Z` z5-ct?Lb`dFHv)dGsH)Agc_THi@8~9H!2bHZ09Fjk9fu!!#HY{^O!?k~3GYcRz71_BhnY6TSf0@|6A*IeRLQ!`Ub61-;VwX)R@#-9g&%My7+kcYC zIuc>9|6m`ofM#UMXZIKcj;xAmni7Y7eEw^3S7_td`a+PG&^m@5ZmU5n5jF`OIyWjlEV8I z88Xpf$^Dkxn-7!6HOTaaH1tF?wAGA!uY=W4-f%OSxqdb7K6?2a{7_dXRsF0-Knmg; zdqX8k7W0X&FWx9zG`Guv?(Ju=nwt&pGu29@Af|=2bV)M#WsAKSln!GC?C2$+T zN`}yA!UDvvTBISu3?W(!0g#U&bW4d4QrXLVh5o*MNs7=?Bg_G#aN5kI^`9yVZhRm6 z+l@5Vk9QTil2(t4Fcwe_8NUj0pSEB0%*1WhryQNsXk`|R$)rK6Vzpj(=F7@vZBJrpad&jIdur4ax>>p45_xV? zybz{?(1}`g7+NOu^LnfiL}hTHrFQe@xwBc|{I&a##DFScNMU7TK4wHQEt8R}!T7<~?(M$s-C=svftEXO zyUoV6j~^&7Wdx|R;h3sSPO8*U*Zj6(eF=Uk1s?blGD3NWV^nD1~Q$Z13{X?KKa2+cr z!nB=BluZJLABe{YaHFXLy(w4}+JFPrVC(y(qu;t#yNJ0Suaxput@{K*hVhwZpmnTb zYw-QaE~0Z5~Km%mEV zi>4tYzGNrj2oY1;?3JpDA38BV+=1qw8=BG|pC(F?w9pVoa+c!`uCX_02~Wl_2A%{8 z`fgj_-DDECta)!4KKgb0$K9OQL`Tx7H=1l4SZQ=TkLEu$SoWUVW6(>ZqZWv@YTcvp zrv?G%MPBb0YWjNN+~m2}i$UQj^04~XNby>1R*Q6@Wi$0}Wuyonv6tGk-8M#WkEcdW zpTQ~Pu$u{ZItUvtG<&uLZVZMO(?;z>5Q8XP!6u?zGa9Hphy2I)m8-=Q zq?loHT1Gif>Q=wo$m^|n8v%AkNKvMa*Ms3=q#P&-#!U-$ zYK>#@L-15JCqJb=;yCoW_WEcVRMOg|T zI}78whrU^;+`xzT8iY1|f|J@)lSvTq$5l5skAIh-lKh;ONR}i+{AVI;@!l=1B~zS? zDEb44D0mV2Jii-RDB?xPh)5fPX9tXam!dEpw4*3|9H0l+sr$WR_Yd*-1i2WneLPFv z)K_N4f(?$znEA`oT}Hd}bYtRbVEotmhdL?gW_v|2Xe^3|cIxZ}^C7p#+G3KyP7T)9 zGdPQQg?_r?G6r}7-mqLMMm?yjEurHh7)bQDPYKnOg1(4B@-iK-!xmfc(J8)2v&M;e zhEDq%Z^P2p!^g8kv%?)R$DurP#sJRmqk(^FecYD?G{j`n@EwUW)42pqGK+Gz4dIPU z^D%m~a%vk9!SO;S6zx=Rao`sKL;1lyv}@jjC0M5-o=Ya=_zWm4)*9nyEZ<`}UAkn~ zmAwSNMN${WUFZ-FMU9$=h8>C-bEx+%+K?v;TUM89*AbQN({njrkRPU?KXtO3h!5uFqKI zORl+n?~*7P*c}TZml9d$InRLe4<*WYe|;|bJO!F;6F0v+e-W03!QrSNk$$<9<|_zg zY-mBRGMNBfDR9UJtvwLrGPh>F^?u_F5e}okCMAV>rWOu~ z(0?jvThrUjO?{`cD-`< z3b^76Vy-k*hC0{t-0hlJxUVhs)|f;cHTGD`);xn{k7pt}*A8sjK4@@woVtQVTh3=a z?t8w6OpsDhzS9P@ZyJJF8@H73stQNzNecwL?mklH^^a}ca9rD*F+RF4g67se`x{dCGgIl@PWLoJg`N8JTZ$#0&z9LqtBcaJ>g-R$c0ymf3 zm;671BU6tT;441#AlM&u!@FNpFveA7NLe461q9 z_NHJcsymaQYleQo!N&Dy{F&FC1QvMt(1rS?XW%VT;%Bq3_awlxNGkrlt`fR4n+1EJ zEcg$a?ir~l7V}e`OJ;Jx9}w_9e6;yfO~18^V-Rrlcii)3=)sOrZ?&ae)jf;Ht@Xcy zeX&qf!|9V7;ShHHILMcqHfN`9;{?m#@XZQd4Dc=RoGCMn_2pog8BJN!9Wmfz!V?ih+cDiRYs)F>-kCn%YDc z`#Q(6{JfPsR2Va?FUv#;>^GgyyA$=2AyQZWRA%z~eZ|Ks_-9GdsybiDagW`+I>BBN zM1Qc75a}fITcScLUVD^j=CwMhFiEJpEJ@E=mG6!3F|4DVSMn=cgI3q_tl%e-9^okl4e?*wLNsLqO~YG8qnI69fHrpfz@GCR&Vo@X;1 zSP{Hcg*&pDl;0El6_yyhn-Kkj)p*V3`jp6Nn8iD2E4(?AyPt^{&a$BhDBOPr! zfDkB9Rtv2 z^+U(+QMJac_MkqVmuTuEyuAypv|>iPRBXPCIy6|pXIzDSkk;$oOFC6fP&M355Y^Yt z7x&z~pRI)5Mw=SDx1BHVaygq^c{^1nNvkY2@4xY~`vLbh1j#B7-w9nH21 zR()^GS}z=kSZX3a9fjK_-=5Ex{AoC;lg49QQCnh>nbvq5HhooNf?q5>kuUfzQ4X45 zEoO6exs~m}Q!;iO8+1ahjUnPXm?u@(3japfW~b==g(|w65+dxlw7F&-FlZBW6#rG` ze}nXf5yvt&)FK6|UEMvqf=^3Zt9HP&Yv!|S4jy7GiG#=}nNL5NCos~&_hwVWh4+01 z$0!&H3HqcmIux;56{Tiu!Deg-oL;$owDCwxG&o64d*2{0BUAi@<>!1<9A6eGr3l#b zT_f|aZD$yM2*SyXj6YZFV|i?TeH&I#(?B`#TZwG7x@z4anWUb}kHSxj605o@IMMi& zrY4GnG5}KatMA-Wl%D|@d#uFE&I&^LLD?62=H7(wa4s|Ww12|Yx;k~OI<4L~m%QMf zp5%nf)p4CpT&4t8yNUY}Lvf^F4D2mg6yU-4CkYLEvQ_*iIKp=^98p-p5D+X+hK_{% z`*WGX8Wq}OZ=r*et98pW!tHN`_pjc-mOhKUR5x;T3tX0~Q#QUTfQsoBb--F041OK- zRmE;qU7n*=KK@#5g*k@dqUH*BI}h3Kt-J3D+Nph41Hyvv<{cIQZwMkewLkL+bNcm2ia2>(x*|Ys=krgC;wVGuidy+l?e~0!l?bt*YjlcHSsKOgLRiF)o5;R z3-QY1He(e4OG0+w{9tbSG;EtKds}sQ(_VDAz7zC4_SJuaRi9u`_{Ck-e|wDnB$Nn= zZKv9;z~;1U3&)}nlf~)qG1nE1-Pv94reW$ZJdVXsL#SYH)mSuuJ6MIKh5o%tff?;G z`is)3_%$!2yZc78M5ki%6{DsZmw&ef9ZUjhQPj4wyrz|ZlaT43$Do9iCNRl@Z+ z_-{U7BO$k`z?HM3>Z)GMkGCo=cOfKO7?Km zqQ+sXJA6yQd*%zr?+p+4wFXzC%4OQ22WGEzu=7QeFDmaGWWO06^X6-V{|@#(pW>Rz zt1Cv;%~sGkaZN%_!yNy$FCxP+;U zb^y>rg5~uOcZm_JgH6wW_qv_6G;HD!3;J9!R+`@F20?wC}#zn6rN@ zbN8gXpM;_50YfvpITIN@1_wodm`F*`{mO>#c5OkpNf1uXlr8rDxZBqcv*h(5!3~NZ z`p~{0KUD2j7r@1g>xEZGdl8SwLN1tz!6sSyO5i{pLTeb?A}8q+t2Y^{-W|h29-qVY zVJliDOs~!ECc@@%S472JJ4kk~y!WmS%I4za4Pr<_o5nyG*JD<<2XXxD%$`5nO$ma4 zif`Lv-LS|E$>+ODMC-PyUppdx1G-)&{>=ER)FQ&_eGD}dT34Gcqi*f@e;B)OX*N8C zcUTMe#*?kYVu7&kOtw|<0gMU922U&&J#X)ULD!NP zApPx`AL?+&7%_!1Ft?z`K=RD4{y1}8WKvB`PreEgjtZ~-0g!`bVVss=Az6gFn-y0H z4PxdBT4pruE!9~9-n$pSjC=n5ey`l@^zl;=AMcQPqw35*6b6PGnzRJv((l&2m-=C% zhIU{0?V3VZn|@-x2K!EG@z~k$*q!j$llU@O!)V1o%19O?%VQatsODc9Zn6>$T?_3q zP+u@kz?TBZRHRAA6zdB)rt$f}4^wgaCxS@?a7@p^j|6btTte7*ktsraZ$n7MWIL0E zOQy5(i=U@2wb^-k{o6YT63#}y`BPV04-Yp`^t@_oyAAPW6EatZ=Y~4d&h?{jc}opi zMe7k|Gw*FR5fw;MdYnigk#u_e$cxTn-j%3t*3wrV5GW`dLF;-E>(=VUm7JooUoZRA zkvGTRX!kmKe>~P{@pc84-tWQkGBj8PZ6(Bha_{^|kRvsMnsEfyj56s>aBzi842u!6AUyx7CJme;0mNoJ zjxrYJ$JX(`P-(W3pv-8~oYP}R8II8bhrF?&?dtATCqx*XiKNQroK|2oH>(Q3qv)t~9+fxMgn_DK*iK?3)I|VlC z{Uuk1d#J5EdF7Cpp;QzHhT$^dpEJEjRh<%~i4pH2MkGN;?8JR~Btu8pSkeK^Q;9sX zV9FUivta-5=$a%#pMiZjivFgsZqeL<$MHH1PkqpNWsYt>FUlfiWZ4zG9o~eU^%ja+h?td2w zi$7+bT@|<+;2+tzk^IwuND5}Pi^Op&leipsU>CG=MHHu;aFgc2Wu5a~w){eX9>((jI2aWW zg6w-)yxK{emA14}4evf!%b4BUQb&KmJc2DEWo_B|o|wZsP*ukpl?>yk?UlF;#tR{k zS)x0J0Mcd8CyLhHj9J4mJQE<|&d-NnjdYoYV97B?H@5mnA*yON%z=}^YZ{?SJdmu! z{mxI76nuFP!WGr<5-p4f=&DoGs)PILiCd$B*TJfS7bNfb+gJ?1K_j%iWl6SDINh$r z`&XM%3We`PPwd4(={nr{sZ5qUjH#YnIE_;KzH2aRHs)Ot6tIxxUhC`WZ!yC}Tq;U2 zyla9zt&AC|V&~O028=K#z>gYA(%rR&I60;`xt1-xO){1`rT{Ok_YiW~>iOEL@!%h_ z{7>%cue~0!ABRsJe)vb8^-r94wySjQH3s|hplkX3=5b(sb zC2~WRNhGA92w1Rr|NnUU3aBc(XxoDzrF2MlOP44mAq~=okx;r@N+cwu z6ht}%5tIgzl6s5(-uuS*WDN9x``fYhTyw=-(27nMFS|Pg3Ke5ht}^|r+`pgB-W~ke zOz}#w5PZSBf(X&)>jxN19==PS&zBBQL9=3X&Q->>0|#Nw@3wmR*T>XNl?HZ`+{jzO zm0I(NM|50;C$yI#j=Z2oKo;cuiQdU|)N#B{1*1((*+54R>jPSlG+(K^Un*&ueQz4A zid8bBN`W$NU&!jSzCWLEF+m{)o-sQoikx^d!hN?$DQ-&D8cNRf)KODv~MSSNk1+Su7brNoXWKlWTwI3CRT zO{Ep-$P#zp*^7SrD#v7C^AW!6OKgTB38#OUfao!gorNiJg=YGw<&jZz0QG_Pt-OHHgfr#_KgwYNT!q^)KF;hvg#by2gKWI0B`=F9klifNWzkAQXP;aAr#c$xF z2x~QAWI;k3^L!tX0#jm_Wya>p{+P!tGE(EtZ)j5rbs;G*{rXvLoC6olvK%zbEg{we zdw(VpYRNFs#_sWArp-O+MGmeWEe)UQf+B;{zuBkb6lQ`KrsQ?|LE*xResyVr2^ zeJ_;!_IBh&js|{VS|^tX7^yaI@5l){E%G{?yB>GM=Tu3+H*ld$EwA2LBp#ec=^S#s z($vSjY2bIhOh9$~s=h1_%MXk4mA~fP_ZEsOo};{d`JB3Ov5wra z+AQPvRCJr0%C8s;?0U|jNWQMcCRe8WI9KLPi?0ha;Z3G5BpqAfD{a}|fBQZH`!7nV zWagjju5a9-L9IK}2@P`kJQd_`ig&RjYKh$)FDVxE{c7h^$%=8u2N!L#iv1t6r{Cf# zUc@{drf78Psq|hHQ{uO#Y0ZAT-Pun|^YNqi>yTewn9k0yxZAZ zXzj(zb4Of+=;fPm1qXs2OxQZ9-!!nT6X*m_2(|f&R zHiohO{(XwI`M+rLUPo65nqvZB1!gTtkqDqo2+!Rg1p*NgfMV!C3tExcy1GQ$RlO}Kwq3^Skggck%9}Z*m^srH#3+Os@^64c$wG*T5W@^+^-bqa@r;9 z#4IL_2bc)Q&Nqu8mJkGwJ|}z)gRlDVE$8QUl1MsI8X_r9!eZC(CW7eR^$V%#sgsqk zDUi08&D*-zpDXrfQD(bX?BdOT%oN^Dz?QOd#m`29UFBpY80E&q&-`4{LQ2Y*tU z)&V)}DeI^AB`)_OM$by%){ZfZoV-QtHfu6{EXJBebNVzV!yPI$MhN{0EcHoX} z--1s&_4O9}g6bbv`F)n(!O7c}_DHNv4^kHSK5AOY!ne{=q!{1ryGnUJ|A;L13eYI; zM4!?46YVd7=-VC<^l-B4fi@UAjPWG2X_lXGii1T-MQKkBK3{6XXxgs+)zz3?irB_2 z9Q-w%Kj>@%{xb($I=+%}Qi=-A}!>+OzG;->J$ClvsEAFxVHQs3{{^Ds2*9d8$=t>{Y<>NW8mnkCdx& zyC$7gZ^MQAPd{Tn0d}3;^aqrtg#|XNm5?CL#n~%~IBGzIZ>Z$0pBktQbjNobR>?Wd z)}h#xvn#voTg45i+=>LLT^v!JG;A;(Ec7(&>nmT&xW4!lR~y>m}{?jt(y zJ*i;D%zOBMcO2asBU9m;gwOE{hKVd9h?MOXZ?Y0dBKR~^p<+P-y0IWfti&?j#LlEO@Ry5qNW?xxnj=M) zLx^*XMUdMu)5?dsiDySRMK3)zlx{pgu|-gr3Y`-7m+`NC_f^^8Tzq4fFX?BsqFFVM z{bm*U`SvAEV-5n<6MDf>*jr+pA=ij848@>5#npBo0h5C%@$8sU&}l|QNhBm_t7MqT z^e@%r0&9@nOv~n&#_GReU7~A{`(^u5==I~Q?jfEJkqck0x|{h93YYt$C=u6N>-&zs zq_Rre>7Xy>O@nkUmaX{)%Wntv({(7M<&i|{rNm%WVhn|p(sd@ZRTT29Y2vH7-xXVG zuTiza{rAk_m}vdNmbSd?wFmqpswnMq3boc-m3L-Ce?8qwS`j(yH9&OcKlbzg*50!6 z0kt(}I#``81n_mb0MpVl_kD8rl!?{phF_6c?vib`tT{f&ds$w0aQ&Y#+1{5(QA&9_ zJfcf9yv~3HFAjDu2yfB8YZ*^+guN)PNE!1r7ZFi9n!6CcZI8B*FGkSErS!Q9gEoiM zJo^724;>~_f+0x>3lf%OMJ-{^2 z_^tG8@B>g0OLee*bo=`cJ1X2Zmtw$NOr#X^%ozV{3{a({iW4JW6Z^?Yu+-nVFgj8ckQ0;fVzuHYA5@MG|E1IqEC>MHhSRk0?7pAdaUlLjo&E2}R*8qN zO*DJ4EFwUX=JW=l=FrH<<0#?B>E~k?c_7B%x`LIO;q#Sw>V1S&xYK^nHh0kf!kaOU zdfCSi{;qHcqfWYSr0x5e*P^D|;n3#Zw;k5LnCC@gj%sq1(ie3P1mB2+!?G@mym)?o z8^P_%`KHF=8^`(Yb!y9_;=#})o?^_H#DI+SN|yQ73$JT);Fl$@vf$;tlD>K@>^u_y zD?51R+j-phetYL!yaW;_ir>EBQ4@O8celDd3|MN`cNez)C(puwxVwh4u(s`5##Vtt z+aEjMQUkZbOMW=6s}x5@3mFHXCRRTXG21)gCSqJ8YT_ocAibv9zv_~%iq4%hhz#-z zZ4W2GrldSt*ADK5M=dUXq3+V=V!iyY=4guld*zUv>T$XL#~?LFXJi zcRz37JZ&k*P$-0Y8Ff>`Ao^CK{by9sjvP;RhE|W>o;uw^?u!73R-L=bW0aSaN5)84 zW+)UAa#mIcf2YklMwY!a*iNsb(+cx@em=~`r(>X%>dncM&_}3>U=`X(n*f|3pXxSn z^9^}ViB3=nS$xjB^o@bvPlQZWLK8H_`s1kjOIK`fmiCqClvJ?yzu(mB(iD6@#mX}` z=|XlT@|e`rM@Kg;-dE+sa`3o}f_Y7fE6l+N! z$Zz`~dT{0N7>}cnP%fXQ=v_fx zyEXWU%f1tly+1hFZz5dc@eq(f)mfk%P^8Hoa*eZQ=59cXWRk}HQ`FJo-Nz&u#$mD| z{5xJ0Lcuyi)uEcD0pBG%3W*WgMQ2R0k0$c4VbfstdC$$aDFhhrqd*K0evZwZHh>F1=YGr3j)Vb6q`l!Qi8gEyw8gI4#H z`*F6nxuOYIhpihSq>7hFrzZQ@)*|yP5W`@MJQ%Uy2VeAs&zL{0^YEPnyns(fRIaSbdNf&?ZE_Y7Q6!K%}Qw*o^nGj(jj-*@BD&yx+0OvBDL(OPgLS5woKBS_z_hSNLo^}v{K+^$jaSV^w>Cy1H8 z`Y*zIzc*Q%A@H>ZJsGlCRpt4Mmpzs%_Xf*2d3qCPU$cL?mu4QEf3wT;?Q4tY>INop zzD@qV(sPDUA}t?zpPXF{8J&H<^K-n?TL=jr&rPiEG)=J+FQP15z0dmshlXnCsdo(Y z^xK}NKR)|T{jqJXBU?w!Z9F1IJczE2JtBR!=}HHYmF#nr@dgEfEA#>l(Y*P2 z4jM4Kbr+$}*Oa12KL0~o<9g+&UOv%$_E{90fSWJajto5*ac;q{g(meA5)lJq3+YHB zZ3^z(B#*ESbn; z)hkWLM3*t|wm`HDy-ZCdrhlc-X_uZ;_crZ8E5YNQgQ{Q3#|9(gZ(eEI0odwW2>XJp z)0aA@Ky4L88p{PQGrg z#Sl7}9Tii)l)K9IW%^&qm2q2r=bdH7nfkzel-&%)J>UQ2KJTT+`0}ciaegK9-mro$ znG`1zwg>wY-+pF9XYd>?K8>T}uSL7GZ`K_eS536LXowGgHa6>tsrfQXCg!msA2Nkv z8Sly9_vl2tS>0$o*uB#;A12A3rm%KZr-I)zp(=K9$!m0nGC7qP1@X^0I6}^{o}ZQP zJ|_!fRa+4$WwlXvwn~E=tH%ck$p_rtE0T`|SB6ikdCe)MIfYxRb0JLonht7xhWpr8f{1l#`XF37XhT1+T_)j64xp zPD{RIs=8=8x=;8WKA5We@h~Hry=JDL?2!vBWWVT2_lq$$%b@Q+G1WP>lW=!Y8RK6d zWD}Sy;~Ttd>O{^pK_UF4|L0z~d|$R@#ngj4er6@Z6@`9#2bo+&idR)uUu&#Uhe?wX zn2-A3)lklSkD-eg1EO)pNf^_+9CfRu>F_&C*T(A!Y59DuidcLN z246!gOE3`gc#+q{>}NzqXh)uSY6PhWAw+l?BCV*fBrF|L7pI1lqTbq&T|449x4{8` z#I7Vo4MV5iLF>bl*+WN-rVb5yNx(G z>1KRhD982*xto)Q;>O@8mTS@YTD>Di^!Rk}mg`!I{54q)MEXbI*0JY!9a8Ark7D^6 zflbeuyKp?W>;EDbNoCp?%i7DLY$InNv3@vrvHL3~TwdX82LwnX#Sq$*IxlK7~0}q?e2R;+zE{@H{}rB)#I`+?_mb9C8WRREM#V0 zag`lbCQHGVLp`=WNK9(4AwYYj%Jy11EmOHzaIKjkA>Ehk>(he^i+e#D{=nE{BCD2f zwE~iZThEruQi+o^zaqJ=XpJ&PDY9&k|9VGHRT>0t4D$1GFe7WpeEy;D^_JF)_~w$x z;Mz+4NK#;e?)Un2&FGX>MzNbymD1aJ4(Tz_&xoPMqKb6_pybKQzSed2!UbyZx`!FC zt@4m-KJB*P0KeS$S%sGd35Bp}`0OK{dYX7XuAM?ntjQ|FxJMHy^)%g1`N(8D@$c6Y zI*@oxXVspqw@KTK$;8jI{uO=AhGQg*scCsU?z{g{RMjA_7~HR|=RVbR&uRRAiW1H4 ziqE-*M``52wE5;N-nH^X$qG1K%4U%&ncyiOiaG-aG%QMkf!Jz4pIVY=@RxPm!o^=x zM5mClqkKx7fKe<$WMP>Hf1NZ_Q7vR2b=)_4F0QRg4 znZwu>w8mn(6ajV(Zfr1K!xUeXYXN`y?WqyLudt#{0|<=AA$RRRnus39Jg}kle}?A! z^+pYFG))T=BCD2THP)7sPga>(rSL7a5@@uZHZ<7n{_e~zim$2Mw?TBy3OSDY{kwgQ zKxc)@>l&W8 zOJ^Dr++|_TpW;5!vu1JM+rqsA&pQgCsAx{$yrsE$hP|->s#eOy!bX9!+$?U|+$Pby zUhEA0PM zcXu;=reDHF)O$OLC2_=;BylEM-;rOpn2(j4JK&lK;6Yq7%>i9O2R8*Y~3iXBOfHAmv(A z$Kv7ltOQ4mJ)L}VdUCjKL{n`INd7z2m!Wx>z>TKKY!H~RvFbJb%!kR zwYrhQx#i)li3zcxZ#8~nQxQnvhla(XFXQ5%AgWC2$Vltmb${K7ex$&X1SKDE&qF2y z-0?O-=t!T@k_lMX&bL!C45W-bb&zi6*3w2+g9G%0G)t0HZhFgZ>TdB{2e&!ZtvSL!x=%7R-J>?>y!&pTjYm&ai`I@c`5!rzp^FA z@qwOacf)=johL%M!k*-QsA50 zvoznf*3&{h^8g47M20bXf5P3(`Ph^c(ry^53%n~a&`|2DId_F(!e=Z=M5Qr9hEgF;6T#o zf^Zd<(D5C) zi@Mng%a?`yoWw|rP0Ha@in#te{c5?z<#`4t@}xVhLvW$xINsz*~jzY=DZQk_xy<@FZR`dG7fQ{B@j;b-{k%~3IUjM)*tOz0gAK1)e zF7d&!?pHZrmF4c-8kRxdR?Bj2VViHVQ+k^`rn8LZ-tbDHZy9%nATAVvfUuz1_nIoY z+MXZoe*3HB;6wfU&=CMzp$2Ehg3^<&2lvghy7buVSlK5BZgbCktT5@lXMS$aKfpGO z=qKuWkgawLqO?gGcx`d~aaeiy@GHPYDACSWPEf@dv%5`Lik9eZ^%dgUz{cJ{lyM9e zF^{KzFP7#CY;bsaxGR35MkMj980&Dzq4vpCekd+0Yf>y9u@$R{i`#>~&%{soid1a) zC1CNgLitzWT8^b@+e_4t$=u`#^zaatiT^ zrtLj+^l)_zUCo+0*Pg$*+8ozO7#o8gaPDew?l1jEDFLgLyKW;QrDK&tM6T!%7Wmpi z-BcH166nQqsNv%{#X~r6zTmz25N92??)qrpR!7{8qxMb1yXS05-voIUxw4MbHr_(xrUG zvH)L_DT%#@@Kr@W&{ky}N*X5jYfWzpDB4Gov|R|pO?CS=?nq>M#JUs{VeY#E%tGcz zz|q1?@e2NY2=ee}tK6PPfAb1HMg3qH$|4Zw&$!L}NEa+6L8RQW=lh!)DeR?xA8>Kn zFml=ueY>5##}JXh)Dwn+;F$P(Rmo1wk0uk)zcO^U$nO#XxD^EfupYk;2ej_59%Cz&jYg*HcpA#^{?7T-HX zh0FwqjAP2$v~4hHAY>WLk8Z^fK0yi7fOtf=)oA`ZD~oS@EX_or$_`NcRtAd=LEn#c z7EGF0OvuQ6?}zw3A7ml9qpvr88jW48OkurW_cb+8Fd#JzYK9`(2v{s0;)Szpch}0(JAl zbjt%1)v7q{PVRQ0To-`>ZF^5$$Zd@IZX#a#BOpuS2f>RXZtugc)guIgbV_@q<(LI27)O5x zLLWtL9e^eQ7!&g{Ace7R8l3ZGb4>uO1OymyDi5^<|9dO22!-)%76WskyfQNVZSRmg zDlR=5vKj7cc?72$a5whf=S#UE#LOCTGfJs2M5!?A3C?jSv(#YgOIpjjiqWDkF13h;+ z)97?D!l@vtk@dDN-CURgo0?y0*hrf5E~h}*atwQutw{HP-DoUDv6AahShwYlS@A0O zs3OYVvlqP9=WP!bXn+of$%(EkDb0%(6ln1>pmx(^SyN zy-o}1IWKPh6!dZq9{?|83EcL1kJxbd=)~Uz&-&3@h#7l@-{Nk%15Y1{_@Gj>x>I&$ zohC$u!KHLpEmU9ovh2Y~75CQF{F=Zq*B<=)M9?bxFAG$0NYksSu%}>0@VCdK2T36U z_w9OeempqM6>t|QmJ|ZHeAp{x`@IAZ*QM${pO=D z-x!m>L|5L}7@b^Esa2 z9A-hy;>JVY_9E2Mqle=S54`?Gqtxx0Y`DGQ`MpUi3)Vns%}tp4yL>sf0T(7m_;@Hj zrCf>Yb%v~ZIk~FM#ETCWiYM5l@OVxT;&FO~B)^|P}D)ciiUQvDTsS|pHp1c!}4 zGsF3y!zWH9*SSm*MAN`jimJ>?r|@_SAzr1M7jdSs=`lX=G%L6LrX}loyFi~MxI;@O zYoJH~pA5wn-~k62@|htnBb%==oo#%@89p9s&Km+xRnAL0K?k+Ij2I>)76aZ#e7z{1 z`WRZo$@m-FcdzHkwa(KY@}i|$qvT8MdZD+`Jmm3v{!b;Ax#7Q<0=-6pK!l4o9IlZE3PP3k;$`0oGbZv#fvH9FCE*~L#Gv$J z5K*%*C{4J-OBh6^T03#0QaARQSRj3C{pd3O%|5$P%hRvS`b|D93GA!;|J-sLsLgUD z;!)<*0~x7k!EyQX6@08V3bttCx32pKRt4LVS*KeKe{P6 z>hR4xeJh4tqBSx}sb#so0*dxt6#adG17tIgF(>I8WY2Zl6`w!5Lf7Q5GW+{hc!p!3>&|Ig{B2)}yypEz34R$W=MHPYbc{bYW z0;>?<3ZMG*Yw+T}2_{rhK$bbG6kLGP)#G`ekYPZmDy6ilkV_eJY3q6T3uIW?_{XR4 z^Pz$GS^_TcYzkP!J9U~2OwLc^n6 z_K{F5BvdFot=?X%ubB3HQ??IoT>YiLd}g}>8;$D7#s{EcczzJ5ABk&WUY8~yrTB(4K^r8^W)Ue{a^I#auk`I)&DK%QzP{PM=w!+gL z3T5~(Xb3Ap3MQbaC{CMynRHb?6*fedfBPf{2D1i3rK)>{o<_?Z77xn1ULoH5{=1Hx z_6ntp6Kpi^`G1MjC*0R3)cp5Z6<-z?Y0vlQ4N62t5#3ej$?X!rmlWP}5T*-_DH*<9 zF0)?iAe0hH9}$Z7-BL-3l@E?QDVlZRBR1~WlB~{=<#-Z~gUfF8DS73eBIkcUH8l2B z<(jNEiGWcE5 zkXe;jLCqAA{hAT-iYf&4GGOHz`&@4zpex@YpRerA8z^GO=eOq5GdnU4Pulg&Fc9<2 zr55OnaMl}_eN|$0SOWhi2Km0mP$gl=8nf17I=f0bTxQrEkjzFJXW#pYyCEv2^x;I; zhdX*Zt$&+G;LdeSr+l#X<+c)3WZqu2W>#k_`9>=>OblK;IAl;)AzeB;Bb`Y)x{Qcq z52BMJ!tFsI9E4C)5`7*M3S5^fa>d@uuWBR>e29=dpX=y`Lrposx-lx>(SLloVeziP z`(dRnBm*C#F7cPNAM4?D+tgc&tKs)_(PjLs(oR*hz8M#CJ@klj6sSB(5qgAA1cFaU zDA21x&IrNLKm;tlqy&NsGHZAUBTt`yow6IvZ+9VRZ+wZ9Ix+RpVfj+{L=z;mxqloa z6+?XL{%&0lCX##U=p=;ZDak6cd3XKY`slCzjJ}V%7+m+;Gf|+$>3_I zrhT3x5+%ga+o*;;1gLP~<6-`vQ&i*9j&>-GzM;kpBkjE12xQ*vFFi?ItH#9>f@w44gC zHV9$VVEb8TAdX=zOg`pHDGePQMAFgnlcbnlH$eC}J-GQ_xA}!T(5ETN^akcHzC#+Q zQ?M7JGjC%MJgz-rL1roNw_t-_Z_*X*gY}B1K$(0NjT<~B=;>n4P?AD>$epkG65jNH z1eO?Y%Ym4@=8fhkT+w+O zBN#A$Y=A@XB6P14;^%64hI*&ig=IrkM3JCmP_LKG*!f;WIJZ@FASy zaU2*qR3lynN8YW>@%jf5*R6Q_}7I zJ$T;!eb=c`R>BA=Z1kJ+1JMBBpyvqMDYT zUO&~_G;?T=+{pAu(LR?rV1b2|p?7l0Q_#F=MqQJ=>s30M){mkVP^nPE(8?w6LzRLq z_?Cf+LF4r2?ZW5Vt)tGtsotO?IJw4Rn3?%$&0{ryLrH{?F-1urSxG>UKdyhfU~DsY zY%}$~3sOtb_M7>}ztqf>m5dacAyDD6v7JczQ0hsMzwh8HAs?KbPkY6dn-QU_XxC)G zmk|RhmqoS=loCl*?d>^p$47kkNq+oU;+@e((d@-B3C7Pmnl;R9*-p(dAQYJKT@SW=V;%r5 z2svR%T`xCKkrzW-_JGz}Dkwh!-#cc0wkI5wuf~CIfa7%Kjn)cmDQb8-uz$y<^E&eWV8}4dE zgK=-#S#a8UYv&KB#Ajg1r{_c_46J>7%gq~^|4~gVpF(q{;*bAhr!06K=er$F!WaS1 zQ&`=cb#E;zXqR^x#?5ViD;u`$(lC7ep?vnc4kU~)52!oQK zS0+hYJ4<+`bVWx0HbVjyVO-zut-T4K`^ZdCIGFcQ#)~z*$7o5^L!>CzcVk#K&-34l zcf$83eIhseR=j?=i>|Nl&=JS+6UE`bj!aPCU`oV>Dsn-eg;g(qm)qzvm1&%fwZ`0! zOO02Z8;o&^5?4<(%iB7OG@qszTJY+a>B+j_~Mv%YHKi@2IZ_~5$ z;h85{_kD3s#&DW^H#;tTvh`R(N=TSfCTCB`W6?J@HXPcRKtHCO_dZFUI@{Z+O}3P8 zfAs8!m>LEu6gYF}N(cahHMbH3mS^n;Mp^@Q+4lKC@%Xx( zvr9ok%PSS(Ar%oNI~Hlq9CMb6&qWl1zwQ4v@B7U2$17FbN*ef-eYIu@G62IiNnXC3 zRiD!hot1wmP3Ul^f#PA}(3j7dCJpIrO-EH86VPV8XOcCo2Af_u)N$@4L$!$Vy8--N zk)?1ZY`u34f_#GfxB-r#-Cd#6Dxl&8;&d=eB2){L9|NYv9$ZLJh`YdqqZQkx=e;#hQrHfe`X=233 zjIjm#70HnzwOd3FCTx|2^|kAzSej1S>u|zVH#IRfNKlg^E6Hh$tPCFdY-wpg*{MIp6%# zHMWEwbVs+({;4N_`@m6_GP>@m&t(JpyJHG5(zyX2-=-ZmU(e>#0wkPC_JXhW=~_wb zLmU{x*iil`24i!EhfB4=Gz#Bw?P)8fS}16N!ZwUU_pMB0@=91^;Q=Y%)wv5kq zP-er)Nk1;=jy*g3+lml;-Zo*p_+GJC07P#OzpI29bL(v~W6_rloAa7C8Ppnb>5te{ z=tjRAAQ7r(4=Oe1{p48P5tvt?z=7>t$+fkC|(h1WP==d#- zsiEr9MAT*~pR3M97&|oJQoHQ=fLeTk8kP+9LI@*YA8U|5s6l6I0{! zKMPw1hPIpnGZbVii=ukKVkRm@EswcVYzfc1u+pU6iZ@!Likih5kwr9!SNJA134gY# z_Y>ij6(KA?)PymZKOmlz5YANf^nN!!`My5xZqJ(fxVe%Bar>#>W4E=fmPZ|nv$KQu zXf7$d7u`LB;Sf$M)Ysqqb1L@aiMk%EK+%6=H<(>t>bfUZkxVe#Y;k*LZ@Q0WkAu-^*LCE+6t#P99(+=hlw z^w#VF^Mv|epNVdxpRSpSf6T}8kHy%%@~cb*-342K1p)v5Jy=^?E4XR|!7!*iKvADt zz^tWyKCf0}+XaNw*Noe`(S?)BgrfRqRk{sr-xUG|O6`keEV^EiEo5(dzS}K3{Nn)k z_K*L6Z{I3`Hvzqahb+qG9@zO~AT!dl;+XvGhO;B~ zO18MX*q#I>DN)J&pV=2wx4+(!?{{{iC7b<1BL~Jlkw*k=I5#E zXP~)Mj#F8umD_7O&d;oIR8@yxdvGCjMeV=P$te(Cz_ojdQ zs{{zZ6RJeMu1_DCpPbUlkrawcR1$Er4zc4@EB+on)Y38+3LR7@q{Anq<LKJkQthozGAp z4wzgk(g}U*l?hqJ3fymOJviP~O}w89(~OfNieqUJ(T>P2sH(!ve&P`zqxteFU2S)%LkIP zzpcS~D~RP-Rh`$GRwtG30(?uNyrn{jEe}F5R)fK{B+R`(wM+W$66N{8ogkdgLYUG* zi9E1#`SWKim^Qb&T30EQk?(U>$EUsD&tml&pHDmMf@#O4o$l|)-7Rh%j~^dHJgn76 zvQRB|2hzVhn5+NbyK_S?tRGC6kZHrTU8yI!y39zFlW?(4X!WB9*<)+U4TAToe9i{5 z(gv2ky`HMcTGCdyRrq0>6ss^~dO1s#W!6>eN{%HFJ228bR*%Um>NT2HznMR3fdBEQ zsoFVLF@+P#ct2`&qbm~{GUMY0EP7$n)hPaiQ%$h>Gwe!HxdewlZH<(PR88^ThUvh9 zi}>euqz)0~m2v23y|T;ld)e4mPVj>RppdIKYxvP_@2V&7y?gyB%Y2LC-hm2&Fvrdu zI9`;n`ThPb$)7C5(=4Sfy1b?k|NZpA!^+p>G}OP$zO;XFy*#8!!wAQc&r4Q%G9*?v zz44V?DE)n-gNvP2jQ{g9YHmE->UF+K-CMqAK5h>v$eQ`{s0AuPEpgE5$tGc{P5u3< z+wmyojqA07pC08(W2Q8jT$oHt@`6Ns$-YC6ntD>l!;}Df=E~D8FHsDoBqIXT?hM@kLaTKUDP%Ea*IBwB@< zkqUxxj>=jvsXcx!X|r)IR)U>-`T_c4A7_razmBy>?|k<1T-|$A0{!uYGgIJ}A;x|L ztiUV%EPYO?Ywb>@B&9;~TPjF?^8MzlW^3+=#uPQ4+klCL57sj6cy|P_7}+%ACOECgM8Z(pjHZPg-`Lt)X8)3dJt7M|_vt7ek1mX<#*SX4|ahbEdi%Xm*%dLP3hY1(GWa77%mmTE7ng7yDJ$)vi zY{HS5^f5mPc71V^QTa|e`Xi00@liWz+miCx6>R!OjMh1Y2c}R_#BaoAo}fXAq@MU$ zJY-W3xqZ!Iyq|IwbF6pYC>08u>qti!V#d6y_);^`tXU>}(O+)Tl@vb}=TA=0ib)M?*>0P`)K<>AV$ywgKvE~zk_6{Ga^9$8hb4#l7OD7`$T* z7h9NIpB486sjmGBK;(DAu`^jdVp_4>G*i09g<9q1ugl8IyQe0x--hN+B&cvCD>1`0 zWPiXOqAyELrs80nprGsjIU9efOtJS{@UeeRQt{$i!_@bs(T}L}zFRqucJIKAo7v%u z9pJlr`tIE&5i%2Nqy%FIREJesVuSv3B}e+VJw_+L_BiF1jHHy2(db~Q3Ag{ zA9VhbEY^`_kLm&l`0?6Bi^?;vpE>DcG^_5_48`AMqtL2;aP;29I1U%}KSN~m)X0n{ zRN7+E*`b`VVO!O^xPx?v5Gey<#$4%y$h-E=E`SyI#U6ZqMyCKI2UX+CLTRKpd2!?m#{#9+?ksMyyL#H(SUA?{&l-ijw;#hnF>-vqt|OU zwFW$RC(O-Wyq%VGy9xBiTA!RJ2!M3D)F%$DDi-pWzZ3&S;t6$Zb1z--xbi7Q4(1Sj zL*`~^i`8HfF@5A9{Bi3VNF+w(>8ertXHUg-wEw;^G%|!axNOu`#;P3wpQ*CrY48H* z3g^MDH9Q4_%Tm0Q{KJWLN zfew+?w0I`i31G-JJU+Fk&ydG`h@S#S@ZNKKmp?ZgqB}q>j3I+5MnNA3^~IUIkv}#sazOR%3Az^Jkt^%qeSKg+qYnA6&H7 z7!+>Lk9gdtZqC{Wr3jS{)R)F7A&g`K89gU%dEsPB4nfqCgQwIuUQ}`D^W5QRIzns5 z4X?B{^>t@@83|+gM2$La8kP=?aauVh^c_pDrG)7lTVJDVApor>i|&eGcV^W8LfAPv z1Kw>&9U_#js8`x#jh|B#Hfp1WP;aMQjhR zc%=lFqQRj}Qk=z$t{htRblW>>i-~*83kPLuixY50Bx@otFqRGa*F)|%=N+B@UD%@G ze0EP%wES~XR5^(bm{phvs#pTfj`y>+=$o&EDA^4#~eY ziwE8(zR^SxHaI_`GE9W|>TKqGneO)~G1XL2Kl!oKhm_q(U-F(_$8i$`5*S{*O zXZE;O8)no|KsIE0@WHJ2vb!ib1v#rAk;MaI78$i^2JFVGYtg|`}GF<%_c*xHR!#_SKf=_ zj~^thcFMaL;RjsrXrotXTF|^yuQc^f^F(f4WPu^ys;9!^r!dISO_|c}vtz}EWc(>U z3Y_KzHJdICtfHPqKm^S%Txl&=l5WSwB@O**`MYf1;!}nSwqTQa2a_fLRq7fLmDT7v zV|H0EK*1ckqyc_#yaY+779WF7sLhraWgNOF070)-oZxrU3%tt_6coA~%ag%s#SpZ4 z_1Wsw%`GCn6;D$yXPgs!NGBbScMKuZ>Y>t7qR+frsNhOT)}{zRZ-vog){aRpV*(o0 zqf)|&jTxW(%CxQ58~4+_b?~Eh-lQ@?-p2X1bF(pSnEb>>Y2=b%t%qaBq1ZY%sVzT+ zy|evS={*3^q1qrcojIQQpN%jSy^n~VQ310g6RdhM<0BQ@ZXmKX8V2X`R_t!MkS@|_z12M)!!SN4dzN^g}@G3vMV{5vOPWNY^TKi z%}tDLOhbkKc5L&Ny3&@yf1>8Ox?I=Rt#-4#7^qL63Ezue@PD^S;sxXEvv9!i^iO@g zgMtojMdASQOqQVmNP>d*6k@|LdojX7XG@51T$++Y58?T>6K+g;uMjsT zInErkw}l4I7=({Y-pn~qLZg592Zq)KIiu6EO>uFPd$$V_@OmJJ3+TD2;zvO&{#+~& zrlgPU`URz(^rrM4GbdvITI`V33y)tgp>8nE(GM9j@4WWv&2aEwnjI7hle;+pxFy~E zw(-S@yI)15Y{9H}+yWRQ1Fq?+Q}0&oUj>8CKQ}iwYV^M)u$2}xOh%Mj*Bh*xuC;A- zrVwC<-Y{+2EDB;bc_IFyZQ+Cex(v_=z^}}D|38|(1D@*k{r^ajkx^DcQ6YOo$jFKi zvO8u-_9k0JW>!M7$vCz+_6!LjTd#MT0&eP4C-GZdTSQ_v~n_G5@heo0hQR!~@aTT1vt=OsFO&i^|t4aDpX3PoE zA_G@4*)NtbN>~r{(89ich;$hjHJshde~P| zjQRAiv+b{-d*x=6i6R~&i%Q}mHTO;Y>5-e~b03ds=}EQ*Dw3I#I;J;w|Ne`PFgNsE zsYK=5JlVRpvg*%%xq$Y<$=v${I1IE@(-JBCwR6j?RAbNEYA-k?+IM^n=CCHhi9GKBm zKh3tia3ODGM5?OJ!g$gZ;KzinckQO%P464?Ch)|6_^ibI%M6B-+BPSTq1g&f@?%IC zhWur%#I%s%6NPwCQIy*;2Rwqf&pa7kUGnQ5eVwg6#Z%nny=qQjC$^-Ht-hTi`_&eU z_44{UvEB8t3~zCf``sf`^(sOXGx$@UZ`E0pcYdB9VFWbUGu5vr`>a0iLlINu#kZw+ znfAi#_As}u|GO#FNmUq&>_%P7CJ1EOU0>I~UzU5)a6vws3a>ck&DQdST$yEAl4aG9 zT7C+Uf8umBU{-kO38$Pd<-zC;xRHbUB|4^-9(a{V&P&>U_fWCeSfh#{XF#Du1A|zOp(^?IydMOD)vKt%HxYYs~Slr zgFfH5$kDM}<>p(HJYT7?7Sy$dG`P3E{~AkVn?DtapS0EPjg(#RDsk>0L-tH~mPasy-&^J>npS=XTv887=izaaJ+7^I^socrexssjHh; z{R0_w`!Qonbpqjg@TD}w9>_1W=&>R^b=@^1AZ*G3-e~fqK88<-Xqo-1iLVGeGnNFt z&-eKCt7GVp9>m$c;%s!E=I7F@;MQw=ujKy7uh$>}-+{M$SvipAM#>%9uzpN0mp0=j zf}J2A#&3fX5nyk@xZ81^{0|=BKT6a28rf~mpF(AFpLT$dJ%ik-YPQ3gP21pl7|jPf z=e)~BA+1+|tNkmZmiIYVgSTK&Y-OS8#V_V-1zln6gg(HQy0}0;kFF^Bti`TlWL`Up zOgli1`cQ$M2e^dki5+U;THnoBf@}k?4NA^WM;${A&dsj&S_$uu8H662MC1F$*^RiX zhq|vEYSYk@AhwoGe9N=i$k_6_U_|YiT0tCR%eODJw#>}gp9$m+r?)9>CrUl_4-T4_ zd|M)XxA`e#du>a{*1Z;o#b7wvkZol_I&1Aoe+uU?!}O%d!B!0SxysIkT>Sd2HgLgi z(>p110781Vw|TG4-^0=jh^^7{ zNsDp-R007p^?3ckpn&$nDt(giLT`*-GMR32VLd~3>D%8*{yL)fnm!Gez-#feTW?)= z<-5-p@KIssER)nCqM{Eo(_9&nd$mN2gHlHmfM>qv0$)2UZsw)DDiwxUWoZ0$EJRxK z=@DQ1*7hvlyu9CiJOndZ?_USn6|M!bhnR@I*s<*dzumFv%f$i0=7g#$VF;Q5Sqhts zK^NsqU#Y+P@Lwp?D>m`CUJNoiNcA$W5SNfhK8z z3IJL=8l6}L7{m@CuQiupVRf!o;!tjrwY>MHmJ$s#$s-`vPBO6-_*g*Qj9jWWxO6rKzDzCshee>ceIARO|sk1boUH04~! zW^d6(ua;6zAW6glNz^2M7+*6;XIs#^Z2u-M+4qufb_BQh?(^>29R_ak1Hu_qnVO#7 znux9U+`d$KUFlupB0JrlU)8mJe@N`%zutMzect=7?Yz4p8E=}%@a)e=oc7S3y6?mC zZ!%ufSIsyT5yKHL!h&LZJ7^e!^@TSNy^xz7Dd%K5*4wL_(LhMOOY+SH1QFlICA zDOFao$0vJvcH2L=r}Q9~@Hti7k!tBUFvGf*23?PuV3|1pgSZT@|F8tapfa~Q!uM$M z0Ij;x8`$szFgk-{BoEDegXk$Si%MPH{61Dr;NWgVme2(gS@tS~owpim*U#sCJ>I=- zlEhxyt>*LNa}Mnn-d}EtpWlAhbnE{_A^KaDA?fDFbqB*@7>{Zz=2!P%fLg8^=fYm4 zg9vTe7`x4h67yUw8yh62R{Z}7YKmRIW!01>Z7BPOY2R(x*A!;F9?GIEW+xN0{?n8X zCJTyHcCMeQt=xwwUv=!*rQC!!!KzNCb+lS5d#2x>BLF{yTo-2A?}>ZR zizI~~9eFtK?JY#C=Or+FWDH|qPa~Oe}gya z8@otkKG0exia2~JnL$K| z{k^Q>y=GA`k=oGTHXL;Hx5&r+9YnR97jtvUq<(#kC9!M^Xj^FzlAoHqp&e{tRrgqk zqKdXrZ%4Xv*!z`K)TIi|WFj8B^B8x-orX#2^H$04X_qB@4~1S$x<|AnyO|oOeqA@Q z4ZkV6^G@s1>vb!P?~6Ct^?UbKe3nYwC41qd!|%$dNyYr8B8>NBXae?inAZr;=- zL!iscw<~;4Z5U2d&Z)bTA2t{r^S|o(3qTse>)__OWL{9U>+$Buq_75nXhG5FG+tRD*a7c0fi+TuK|JAnG+Cpa@VYp@bO>U8m5Eb5N? zXo!S5F~t6voJ1csqL_5bo~ZE#kj3NA}y&BpD-oU z)zH$KeidCSr-C?^auDa+d8at{qHe2kurW$LO*K`A!vdoUWgWp@ zsQX2AMpcRo@y@ZG+5y^SlhxG8+^Kwd$1Y^RwrVu8>;_U$d|_eRme>M_0FY+0bpd6uAZCiz0SH<0AM) z=%(A-QkdvMw%U8fTfIr?`Zv@G%HT}>_I+VAF-mq+%_#ojHmK^J?`zV+d0#Z zQ7Dv1&rmGjv$L+Jy($Lr7C4YbV}YI4K=B7fA6Ey0`)mJ=_ke51p3Lc}w)$!#L&dse z>?wKGaBv<8snC8r_2MP>Y~@637GSfxg$Z1$aLWI~PZz>b)dSBOx>5SgMkHnidyvcP z;)m2UQhLp&m)j&d8j`(JAX^N?mA(^ASTl-T)YoXBic!t2$X*K2d@|)W|Dt}|?%b<= zeN*Tt_)?n2`w816P^E5ftN8x-J2ds1?HhLgvD7nIov?IPBII7(i8}h*-?zsS6-O-P zB>&rf)Cv!@Rmf|toi^>l7%3(m!#}rrlqMATC4l zO4ijU1X=!-0lh}kvB_NH%J|J0b9Z7W;>76&F0h5l=4Q7XHGKqG4=nt9)8{xwQ2COD$DS7b4py zuLNK5#8eg9jH$r|F^bDfyFf6&muqL_aTUD<2)08kscf2{~A@+2;7?>RCA(kJ$T38R!(c5F#6kiB9>5$#IXrG-`TQlBkxJz^rZ>E(Aak(un({i<6vn z%LyHi9SA#lyx_UCl_{ZLdtn}I33elKIdXVvo_%&(HmR_Z;5KP~D=YmqvtA-5mq(R- zFV@4r*lBoTq0N$)pF9!LNj?Fw=7C+}#~I|%y=}xA>i=e3g|#WPE@fxo#OAwJ4;t$$ zvq|;?Q6K~W5nDpsQLb9B%cfY0f$9@Y_W$zHRvn{{#w9@*%d`yd zq1qx%l4Z&NNFB?tOUxkbK{{y;7{jfhme7#CS2}WsQe7%Pa%?5FurM58549&x?pBh8 z{$6w5-PmYZaO4r?Q)WW__B|v7sJpP+)mqEq#T_6tsaPn&ryZ)ycdNDQywh~Be6UlZ0-$v*f4%eTDWG;*zqDGNlhWq!yUS}t~5(|#0oO42fld4d!(^!D}x#XgL z^O;~?X@mF8H_jqX&C|T0dxUSp z_w@m;a5q$m^+hEpJ^t{xIiLtDS51esHIoz{kXBH80wSyF`KQybnN@+X&Yj$Wr0wc-GIUWo6m5|w z?Kg{cIT2F89LdINLPagy$B~b_ouf@Pp2H& zFs4IDw&L0-XSNK@KF(o$%i|w6EUXPqH_1!fFJ((z%$Al(*RHum6NblOR*K|(DF|4q z_O4D0TMp>F#%uogWK)m3+JLFUC(Zvu@N29g37BSZ<7aq9^u9^()h!51Moo$qc!xq0 zUC5*~CUhRz%q%(745NR(nakrO`-%ivdaODqLk1)&XQRpT1hg2GNQ<+xJ$qd*NCjm= z_6dr@UN=4ELZXrn5HWgGKXj-`1nByj${j4ZVXk*2XWlMShg*T|%9{eOyT|hyL7?se zca@$}ll7SNY1jk9%#ZD+z)jsRG-fu3WPN+O*tHfEBwm*#dO2aw z4N=JY5{g83Srp5=JRwQ9S?ouHRIIUa`WC2(ObpoT*FZn?waGRE?J{#5fz1`M47YCf z`a%}#uxn3xFsAcDPq^bz3exsc8Ss7^t+nra=_ z-!xfo@XJhHlR<(a+}_9qKUiUs#c3y_JCdMgzCsAO9ox8#vp-xx z4XvRMenWb?p)Ap#cKt%MI?=}30UD6n`i0ynY&Q278z%wESp|4$XSrdGmJmhnXcN5w z(?GRPvbtPcgoM{LO@rH^P=n9jQ`?E5nyg1k8a-*ZE9{03jGToYoxjIHFnIszq0(s9 zWLtw2GWnwVm=0Ug%&#h<`B$%S1R^b`Fd_ZD_UaMGp0DXJ$d%LngZiEa=cnJRUWcS_ zsZ1T8rH@ItoiDi^W=qU%H{OysYgeJZk`1Q7?tJ5+9s|uhByHu>;=pC3qBGx54^T+B zZOFmbTg*xwU=Qt9t27g8t*%OGV5yOew@)64HLdJ%aM&o{p>(VgMRer}4FgY=1PJWb z{>p2(_5F+D6ZJ(A&G`G8oS%SVjXT0n;lN88I}$7x3nm+TKeo_lem}CO=W5tp%Q`y7 z@()MVBCf9wh0A=o;oGFrega|-Vz->GZSr(lfUHKWN#0-qLJn*&ObNh>-fr;;ajkc*(}2&bFuNlq^0qy{lwR*!C>yyp?>)srG)pksS# z5jpGQTK%@0;886&r+v155#^08X~ihNq_TOht%&ctbQ_T<>^&#wGo!j!EvI*^qj>tu zUpgvxL*1I|y;RiH$$mbS!l5hr+vcFy19}A<$Tzl^n+!&KboCO5TCH$#-jhlFq7H3CUtN-Jh{FR%VRpxVKYb8@G9Zr)47lNk zAUNFq*F0sgEuQxRZIE=YT;tXukPG9xKDMST7t<0(4vB7>-`reZ%Pgv>$&EOlK22GA z+mqK2jm49SPR1mbx~I8$-(gb9lob zp-~pPYQn+uMCfW}X|tSe=l3eKRQ{**9LzJS(CbNsJ_aspkF}MA>0N)|l0|ScC{Yr= zhYs%(ef{r8tVadg93Vog|Mz>z?Qc~IFXU~10~@*^7`NZun8L6nJhEwa-G^A*eYT9s zzHQV%6ItK@{r&|FbVxk|xhES?BjY>A-6I0$bQgQcc-)S+wKsLBtj$gHEem z{m#zE|K?w9To@pmA1bPE=Qa=zZ?!aV@f1-M{&@&kPv6Kyc&jm9Y@r~svaY%Za4T6N zGEOaic((9KZ+~?bA1o@6e0KZ_n*n&u7TzAU8UeqH{l*0R1;gfpLyt4Al=3VrDi9&M zuUX)23hV}Cc{A{M1uJNz@_zv<-Te9k6{j(|eQ1&#A0KQFX+ozRN3Jm-ocZGnd;8wr zYmPXqjSm})IPeUpmLnN+d|oeR}SUZ9x=IaR5QYn()Ag|?!`Xo!>m237`H zgxWdi3lqCZQhw!7S~;G2q1Gg(dLy8$TFqy_Bjh5sS*GRFv?Dc=kXAMb{(tgshg#g5qj^z)p3sT&b<%s&K38=np z2o$c2tr(d*>v)zQ@* zzlQDVW7)ZpAiBd=U^|~jdd{mNkr{9i0FEpOJuggeS{nYX=48LD#39)E%_=wl`0=s9 zsyI+0n_im)1|A!f%5^9_ixmyLP|UCFvuWE6&uJR$58K(1h7EO{6y{r%EI}MQ_m_oX zCd@E7^?Vi)@9a8RALnV1a^zQ2GMbNk`Ki@1xxyDnlxP*PA6RV9@O0boa*tlprfJC+ z;ggcn@q=mJf?NxMB8*zkIuL>8*4tZPS$SYLFWdvL@R&jL2bdJ|^^-#VwXQ#<+jGu=VF2jj9tqgaYQv*3YwHY z7e3u^r?}e+GU^k>UyloOYKLrWER5|8U2v?A{#lcAz5~=WVaA2``5RfoHJ8X13Th54Zw|6wD zNEhV0K?Ov|UN}8YxPACs`Rrio0$h08w5lf}!k8~uMT2dJj*;4p-SvZY$EdphYY=uIJv%lYVEH*GE9f*dhgo@NaOctKJ>|91=ra zB8G}+`0P+_1^QSB{eg5@0cT>aSF7tsMv3R=V^EW&aM`qi(~wv5Flob8tLR<(iutYk z*BE2vEz>?36wQ^_PrBH#qcxw~#D1x09}B5{%22x&?NnG3cIMOBGqnHUdLrHc5!8o| z(*1{lJZDaLY3+6O4OB5b4O6@+BWKKuSY2ClsF_~{+OnHG>@E!heZm9tnu5&W4dwFy z4F&zxn?{ao7jxE4zPhB6tu-%LKLXtu$j?zDUoSW%WONxTLCP0Yyb1 zMXVO_hN`q7k6>e>!#WkO4_`kTlCCcC-Z|H~&U<<4O4&7jlQ`f!FxjEJ) zjinR6V171>TYwZS&V*jb*yeM;&AiFYa66}(_+L83$D%Zyr_w4wY$_X!`VX9Oyrhvj9$5gOT! zAz&C1p&K9qO>DWZ;Z2Xz9}JFwqg06s5zDjQZF%e%^C}XA9)zt-9ur4Bk=Kl~EzOIa zjwf}o*HuIuns}Jmn}3S8|D@ay@i^X!-4^N>0l3DoT&uGL3X|?|87IA@C4{X4L~G-T z3Kc9y%~J`XnV2CD9I2p!OdU2}q5BRvLg7$EW%C9_PR2M|FA0@bx3D9 z5BI{vx9SEYZh`PsU=~WVAqwE62x`l;R0s;gDzvfEas`wdQ#-_hTTOv}rhFr`Malze zX{x4Bpp%v2r-1&1v1~FcFu2iR^}jv3olr-sbp6if(fjic8U1x)n$n&DZ>p;M?>Wcf z%L;mw^jj$H3lbT&ch)n~9jB{NXD4z?01x|>aKz(!$X`D@|7 zR}N+z6m@E&HMj;#M)HBxgxkzYMKpTSbE7J=;zlJ>7;ON750u&gSysIvcNq#Et^czM z@*+ty3hsrViv5~hVKH+&4ovR2g# zhSu(Wx|$xKM}ihm7md0T-Sq1Khat%n3C zd0Vu;xp${uW)wuj-h#vMs2gQA$+RJ3+sVX2DqXyb@-%$9|t<(J!m2R+B}{0Rd@)NuR*3jTY29P_M7mrL@YJQ6g52r+#hx-0vX zHgTOx=#YC6x>#E=s7a9V$8{{rVoclOE-MShf7olBiv{$CZlX_gL&3TYs3|(#W{3za z`TOJtE`S%8;8SK$1ddqk5B5%Sq+VliJZ?qa~2$*fv&jUTKKc$Pj}IhZtSt- zuy8GJG;%N007!sXs(m;%434_HPi~n#76wUxP&^VSowa^y`((dkW5Fpenaf5OZ zs4~-12wR{d1bszka69z7Z2u_Fij_^L|1v}W2Gvd=>7NW#FK&*_0K^YH$J7#_D;$J} zN5aE{&ZGLs!+3#eXa8kxW=Q7hMM3G?bN`cSLP-50tqrS`1o{@4WOZBy~K;dKSJu3aUXN1pvGa5QBF z6HFZ0TIL6K-x;wablLojDYL>hgHUUrO^)wk-rrmwE3=|BX2DWQP!dP^g^@O5&OSf? z$~TbF{;wD|EuP2Z?JYoDSK@j4`Cou=vv0$y*^+n2BYu`ygDs1VMT?zMedFb#Vx8x{ zH>f(o3=TqchYg{X0}s{bi>XjCc#6mJTAzz0T0QMbUa?K_n0z+BX$+HA;0x*fd;Y^B z-#R!_yBi_&7BC1K-uQ1-y=2JNw@F(8)+XVk0{eu2WZF_fjY+5`Qh-R3Sn75XKc zSrqEam*Jhk{emxr)f=K{r|3Y}nvaFbW9r?NZB_beSqtMoEjpv}-(RKXxF|VoG!=*I z$UtH*6EavP+fZKxK@>wV#0uV zz4@B@+*W0hDjOx4EP3l7Oju;g3d!UnY`sd@+E*`q58-&J9%CFZwKTC`LXxm6USnXF zs!`Zz-{O?@M~euG+d8W7G)5&q|5?55EzY!h^Qi;n2&F}T*4V=Gw&n8uX$&#b=pC** zycJ{@ZfQOY3k(0VvXhXP7eu6nra1ph{*3!cR-YqlCdLvB7c9@}Re1{8@r0zn$d8ML zLiDb`lu}->$_~tpO0V;e&{^(Pi^};2dGu^W-e9P>rr1lv)JwCvhe!1;O6$==>sDmV znBrG4H8zUv#g09GnTj$0Pv&)j0@tq;Z#b2zad7>_{2N1WS*hn~{$44|(Z~hpUyeb^ zJ#d^%&Ek&w_4!!=Jaw5noh`YD(G1bYHMO)NSKMU%f&_n>I#oJtG9oMjheq@hl_X%^ zU%DDfDnqNe*(fB)BWP+#HcjW9ZwpaehQ#QH$LYMnpSF){Ka21WE>M#9+AcdILF#Yn zPD$r_nLzwg)Cxt?*~g@SIE0uXX}LUZn49Qh5G08&RKj|D>O>vQTckP+5HK8#Mh?ASJ^BFE>iXN$dHFe z!OKGES8`Q!<>99%Xyg?xai>Be_Av=~7RLAhUsD2MDvaiL-)^{I&9$ z23lwW^ps^{wTrJ(L$eN8(+uYNIAi=@U32LfSJ=3#PrR- z3^_6PdJVQhc*$`PEoRp$HpT;4LsU_pgdU0!Oo$_O7q%}!6#~L~PEMwcg^IfPs>;s- zq|CFH0YSg4<6t#ZOD4By|N2X^Uh(04s*BCfOutpxa=#DS2hohNna5RWTk6=A-w#L=Q9%%qH+CUDQg@% z;!QkD_I{l-6W1LWEmITokRW(jo-#C3E1~AYINzm6*Vg^*U#v_bV%AzjWwcjvF|>Rm z<8NQjTu2v#sP)TK{6&ksY7(aTTAFd`BOzCM|Uz4Ngm?itH|8~dGwaVNsYw! zajDBu=ENAaYpen_bsS70X3QBl(bsU2v-?U+cw}WNozBy0qhBw!-xIPP^rp}5C5w_T z8~Z0rYU3>5Wr-1qa4pj|`k7txiE78E4Z${0A^p?JVj=C0%(viLFandq@ zKh4m$sHh{m7HaA!m_#nZ-Uie$v}j!gHGO{SDsPn+`GMII4-d~9cEhu)@D#2miC$@! z11CZ>M2PZU+TBQm*Dv$zkI-0I3S8YAW{g^Fni^JU8*#s&qo~IP0m|7En9axO8G{Yl z_Cd>yOp3hzOr3}~f8Y4_NF#3!+4@d9j;0CST_+7%Ue?G%bLwtC#l8Te<>OfIbk^A! zFS3$Km{+cmH|8@TGvEtb4i5p3`wXR(*1zF{FG0S?wHbM1lJNn2w$2hE$Meb(iT|$! zIJ|(H%Mi&;fk2o=ljGvzvQjBN40sH`?h$pNs`7f#Lv3}l8=vuO9}VdTBT@UUTt5s( z^FA%pecHXZ5iVpRNvtEWe1oA;_FR?D3TZ%m-)Y zKqW!a2{P_o@}xTk5k#=q3E=53eybA2&E@K#4nce^Mj;Dkeq>i55Iu&~m2*E*>bm8- zO?SwUoCwkkW0=`H1Mh~Uh7vx?eq-BhCZ^SwwcC=;gfG7dd-=djYn1lUwO2n#yp-H^ z@+a_0+uf$;$a_~no&vq($kbM@IA!pSh{`+@jgowNhql?+9JRN1kH^J~&LF~SN##y@ zy=f^D*`z_zEWKgN9T*h;sD=^=(9gC4T|5VFuI3uYKLv~zPK40DP2pcRDui% za%BgTL=$3tIpa+<{{u_*ip^i*qxx3AP0T#LZ7y9U>)jvaSA_CtEp2VypP^wgEU|6t z{%z|rQu2(np|_*EcvD4~7ZfOsO9>FgpFijjqy27orb%dXaNUZIc~{hIK7%js%MPP# zWlDmbMR4PyHw%J;mghy>wLOE(!Qm5tUm<-&n3?Q-WIu}A^8U`3E@o#DPQQChqiExj zJArC&f#7)QksJr76q(*%h2vs9A?F;T^NSfeV}4@S1jhwIt}S-aF@|UL_3l7y_ zjA1%!$Bk6$*k-Y%kk(6w!-1Ndm__H|Oe41VAEVc-XlQ7J2IlOt^$H=Tkw4dB%fVPa z^u0>HM+vimVVCO+@awdQKn<|wHXr~_Pxy`=5C~i9 zDOK{Qfk}1wOt6b^4gYoQ^tcdbe|U_WrEI}|BS1|iJ7U68(%JpeiW1eM)Ui&+bdyEL z;Tgx_D5aOs!Qj@Ne)%juSnyhCwkvt&U8M@NUVEav^YnqUw@KtiYj(~LD_m%@r+_=5 zq7=TlDlGGC9E4TF33+-XH}LTBep?Gdx!_Fk7|GthB#Mx`zc~HDBZr?<1?3!%^3UQt z%6N8r`rw7BTTUo@dVfe0MK8hY^Cr<)?W>44Q8Q`!DfXLMQt}rNddfAT`7uGtDQ(R; zd;S`a3&Ta8!d1d$W%>x^&^a0k6pAn5NVsoMkSB2|2VQ}7C`AtUJ6MJgLQE$j#(Sxb zHPa3cUkF~WsT-*07hJW{%tVr@$Zx7wBygiYlBuG!4(PZ>ILs~^)2hQAE}K-w!^a0< zLX^_0NHR4D$vE3)E6?p;G}|b2-5Nk%qR5@g8)QnKD;c~AzNqhNy${o>5=x`d77e~R>VJpK5zHwpoCZ>M2OI*% z_fjSP^7jMe@8ebU<3zL(#5GT@XYPl&j>#Y#hreN%8J}4*MaSgk?r$IKpfqOx?B2;L zx6t-h<%*Lg%=&1dBvBI3blY<2;BT19Lae`K(p9rSLbjv}gm-c8rAOP^*jx!)W!sjb z$9xQOW)Af|?6Uhi-nzr{_mrLf8uk+obm_icP&3@h9`VIU zGQ~?V#lIV|_HSEgi5$BW6B1|dY9-3^&RVcx!RsEXAXlTSI%TyigD?|;N;2$TYl<9m zF-;q2@ZPVYQ;1KZ{j6`z_{8}OF){I@0`*4WTxsQ;w8(ti$illm3x`Y9wIU*%Zd%gL z7bgByNTlkp;UcoSKQwLbFdR9VI$df(a$fK@=t;Yo667Jr7ZZRn-uQ<%zEEr;%5x#E z*(VqG^PZ*}c1|NNznFWj;WehwUzRaQg_ln5a0bgInbWU~bK%2sJiMSadqL|e4Azx} zva5cOrZC zItXB!7)iePfJg;gM7OevtuTwF=(I%l!XCvl3i9AW>zt3Yq#qJjhx~)ev-&Ne?-g87 zSl5-vpUHuBqAGo2xf2(8A=k0$-B#Z>3e~D48pnqbUT43bXci34KaHg-MRn#08!RYX znz_4DS38($$|@_v*A_&A$|PK*ZswsSwjVBlbRxnj>_tLMWLhjMv>!^PAZzbNM zGEwfqoeD8s@R;A5N7Q7zxv8k_?Obi)&SzfW3Zz%grZ49l{THRd>3Y23{mj`;p z;V^Rj1ge7|C@VugjnkHqsk1dQLKsBcfE91e@YnxMWuz2J<1sAOtM6NlKT5OJ84Ru8 zy_ttBfKkiAO-)VuV)YY0dRB^G7*X>lLjL$kVIg(`_vlFpEBfStuz+e#xS0`ESL5pF73t>V;bd}DKopf)uc!l z7i^%BV*SS9d(sxiCH1Am5L`RA_PL6}iNR+3~;c^+IPCId2 zjzeeSyq}oT>%KkbRO5+h=ljf*?)@wev*j)Zi#4`GKC6%HqXqaJ$f00?=Yc~qW3L15 z?X~{10U+S%5RWo?Z$)=WXJf404e|h$R)L@}ETD3(QxIhNWI=x zsx;s3(w$29e*3~YBM54NTWD|(u3rkFG1*_ zNZs?=Q&`4X3Q|LVre|OIh2bRUXs|S-zYPix?@bNtO>G-qz6|l1zbS3I1|9}^1$-SW z+OTR$wUO!Kq{J%57)#1M4_t&%>1T(XeSM8Q0a0&TkItP*!5GV9MdS6IM+kkZ5jvGS z4ohd!IT$vt!-#sfRFefFS%eyTfZR~zR=RlBAUnjPC1Z+d*TS19o~1n3)otFin|z$6 z1D)f?l@mQ3S9Ov-s|0jA<{ZEKyqo+*mUIzgdF6oN7h`mnU3HK7?`AXfuFG1KEr1!K ziKHDf26t%vrk2*XbAy)eK-Ty_$U{D}lxBAG6_dyv!MsbbAR)Yry8p4A7#t)TNe}U& z4$|N)bQBzYFlNJ(5H?}3{nk`>sooMz*kz_JZpVL}7+>6#TSF0@M+wM_*3}CEJtnvM1P4_)mVoXhxf~c&6Ihzi(2~D9GvAvYP{bsu81zA!row^7HfCs!W8H zGibS;KdmGfsD}Cg%gBv@D)b2nYS%-*BChV$`i?*X=ADxAk=?pr!HH`gb#5l&QKnkc zy5lXzuVl|d=vg5VXIj0Bg)ku4zi@E#SLaO$F@EoS{^Zfp%m7iY;rvAtPXnfpkl4SgFk3qt1mepe)4$mqQ_!PW5iWuI=fMxm4 z?evT^j5!aVsDIQ9BSlE2R$jw>K-Cd>wpmXYzV2xv?Nm``L!szK51gih?DiT%!z*Gim+A+EvnMN|IE zbiB0p*sA^$=G`$VOwAf3S+a|_Cb6=zs;d@V;R#$1$JNvBfr3~Sgq8dCSukC%aL_=s5pu`nnY!yE4@z}4P zg_|&u0!#(q!8XT1%fmu{v;Zo*gLR?QP^}9~N%?-1!mFsRg{baDRW5DS0!;BoGFS*v zLb*SJiai?YFOe8E%NW8|$LIBR>a808FE>_<8LYg^lGd|2P1Voj<&kuL&ic>j7 z?=#)0$AuHIJ(lQ3GhY5rBF1xX$svs%E{_Nb4{J7)75WCRI~2T7*yD-yyX3w1zN)fL zy9&cXAP%LT6(%cWmg?y0N^==Lf(6bCSrAYF24-E$d|={m0?Rr;Qjn%`YwU}_!XGk) zg2F;3uCECB7vsul8a1-6+zz8QJj;8mF`b`vFVDb7tFF7l#FUOZ6GNTOpurKtdu)$W z<%NR)2mhfxxUr;2nnISN?W-j!>IL@)yylXkx65}dDwg=K@AA+-I6r@qhiP0XR`fpQ zTnvv$^COpa=$sCI3rGDy0_H+=?;8k%P1&y8)MdW*jFczg11uW)>yI-S#R*Y-&p&li z4y?IAsyQpA=2JUi_P*IxY%q2Q!f1XKWgLWf{oi{CXY1y~4$}qKF6F@W;lbC#%s);l zy4?KQm9%a_I%DMTc(}PS{FtA z(ZbZx9gHrbFEIzjDV4pmlojC=oc-8S>k*{>ZbtqEM?pEShS#;Qmx}K>?CF3LjG@p| zeh4cI0XN+g8KbeH#a`!?76c1y3Q&rWXOYxgQLfn=7CZycN}4ZzWB3R6$f}fa1-+fU z>oELmvbRS7e^wAYun~{!fHVWwMe^q#N8L~uOQok5Ap@%U7VA;>Hgm918;*FL@>q-u z*XzO6*Th%%FmdY((9XyLUQn-Ul2IysP;ufs=yo9vb=&FDaB_4t1jT1KK!fn zj5Dt&Lw02eKhp|*zkXN^etT}xPgpoojg1nh1LDk}oNOH=wbjmhCbbogo|>Q>JJuLN zA$q|oF=!e8m@QhCElDy&HezBSS@ZDt~>A61OpNz{Y$cVMu zmNFRvGMR}r9#ecYyF4_z*h5=d6`~{?y1w|t6L*g!DiAut z$)$?^tJ;&IZh@Leh3L*UVW+WG^&+x>${=Fxck*#%P&%vKkLm{xBeF+m6N7?|5a9i| z0Qhb_G1e)}|7|`X#Lv*E8izb6peB^Vk;kp75ts_e(Jnh)W>H^xD%qyhG%yffGKXYv z0RuL_8Porw4d5*rdGco}PQvS#1LCj%dnfgg2Oc3gIZRLTvlsbeU-;0Fi%Rk5VrC>; z3U|653W4Z|VS{B{kjn;58cW;ZjbF}dy$J6;X0>-A4}jCw>01;b>tiNM0Gan)M*x~L zyzKyS1jLbtb3R1bQc*eMjF03qOK3ujL_tNA>!DqxA$g~a81Xq-xPJlTET?xli%T=WCk(+|tT2nFXDDXw8 zt(Z>C@*Q=c-P9}&O#o{Gt7>JXOmSR(P+!{bWg;ze+PYAt*rdT0#y^(|O-u-H7k{i{EQTzt;c- z$o-1FxYqqKUy%ijgCb@Pn%9G`IOwyY@r)jw9qdm$*Q<6**2fKR-^+Voe>!^QAFjC9 z&Y0oazGJoVgQ6zShJUIgnI||mckwtoGFKhAqJumx7v+=FM=!3jEmBKCz=(q|7obgy zr+MFoIUV%2NwcQ_f)~6I%}#_f1lMxuVz=26I$u~1OgXTmK~kZScY4DwXYw{$H_Ek~ z?+sIW^moYmeRw~>$B^N}s4oS{$h2jOWp^y?AtD!97Pe&}Yl6;_^NzCjwG;ZhuaFx{ z%b+yyj2#YPEIE<{MeLE}tW;MxC+yvzrHC_J9HmT{$#BXZ!eop7eow^X31isEL#M`3 zWJO$`K#ltqpVK@m#2bmzABt{=H@NAC`hs%g{wmz)<^8#U^*NoK+leGMm|1?L4q4RH zev?b@WZw>6AI`CB=HgHHDHjhyO57$ydWdM-*n)J*iWUGZyj9!L{Iv!>e{Cu z<%?+KrMUiZuwnl@u$TJ+cmpR0VIeMabDG#PUQE*RYig4G)Ipi^|Css?cq;$5|5MVk zGK$QSY$7we5ZRmT6=jyaiAaPHvdi8=$L54M+1c62-g}SpzfQmB_kW)I|NWq zQn?y%R`xF8R8=`lZvrBG3{hUQYUJ9Fr0V=(;Sq1kKfnbs9w~a(jZ7hi?fQcA zc&fOZRKGmHTF6{E(33@SI)NXCEUikh0EB5O>@ljG6=#JS@J9p!=|KZu@iumSuhzS} z%v4EV>lXS$egyXD<8-^ziXCyJoU@nF0^yA&)q?UOZX3wc86$O%iYQmUz6ns(Xwy8v zY5GOAwYAxgD1A;dS4$fF|dS{pvE;`7c<*rU#E_Ot?H49DgJv;>m& z@&S?0ZE*M*&x6y(0?obO62(a-r~<(Mtd(z!v{?zh6=KSkk=OQGvqa-@o#Euml_2Kx znT4so2sbjFLcGEelUUfox|#lJx!?c%`7`A`6#>vn`-{eC-SC4?_(ym2l#8!`N!=|j znmQVwqOyb8?G0a@ZfszlFcP?w+c{M_JuB{cCC=!#&f<2-%6qdq~BQych93)Tqv1{4@gNGjv;1kfOOp{5bQ3y3BQMV?x}E8QE*y zL*?YQsciTiv%_?6h2><)iCw~jp#E^Rc&gD+*}l>{d+4*RHy85kto@#T<1Csrr^u-0 z^}f&9ZM8=pO{=TxCfOS~-W}o?*<6 zKG0CnEavX{OGV^sS^u2bf}}ls&(X53blMbwV!kXiW!Oc1L0`LeE${y0`&G5na@-&2 z)B3=o+|dXJu7cj<{fCd7`1u-gGh5P#Ue8suK=Nt3y-(=v2s}wUCODT04$&*Pu^seX zj!atQlb%$ST62Fqch#v8(l8oRGw~ee)(p!=e7*QtH~))n{%WNbc-I)YD^P14qsDSc zE6*8|r_t-pnyFUrZES3eHe&;Tioar;)Kgef_EMOp2J=SDc{_UapfzGLGJr1G5HGv^ zwJdYUvbOyn?5Jd8HYZ(A#;|{668Dig`#tqd(*DeRRnNP7jrZ|ba(TMa z&Z^(J#FR^K{#aKk;%+Q^-@{02{yu z*cQLEi2~4g)dU@CPVnT^~@{P-bOlEwG?TYH~l>rY}#f!N`tJ6)ojz%;*g!_b{oP0#!8 zH1HwRzHZm8V*;rK3ov7esbeiNbo$M(6VLxqmG1u^M|RJ*IQ=i+U&46O)3itY=>zMpw7l zWE-K*sW~(BXZW62puP9}GL2CHb}_;BZ8vJNGYZ(f-F;Ntv*_cL(npx-PGveKlF`aOCxl6yH7BRuC%epXtOtGewQumcMF|2PzCEV#FWtvXrIwVJ z2Wk86gm@*rnaHGmKr?fwvub55ET=&7~IXL&PBtJNb6ToO)Jp%(#e|&0hE5uK{ zN(gXR5-LYZuD!oy^ufjMX$Pai`$H%budXdE3~W^W*w)J#rMmVrla?W)R|lWNwo(!D zFjghs2d&yGG?}GO&1z!blczp#?a04Pzr+c!wx%-#G9;BB%t6Y~|JP;Yc1W7Y@)P)_ z-QOL*fA!u+d$%qRocC4;9CA$1PnG6W^Sj=_ zL!oZ>lMA0#BC}k?y8dzr(Q;efU5~233wmb!i)U;tGgY)#Xy= zo>FFzywFFv;Lv%$)FjMuIi@TaTHH65(fh9!;0z}G=YWFv!4#%;kvrW?413=Vqlp7O zuf5~$&Ao`p1}fieUmGE%DvbtL%$6QieGnRzvN!Fs(?TRrYlr=f6U%$8=dzWGn~4m^ zb!_>)?MR>`aA-4{4i&IGWCt1+Ap``^m!K>#DA3qkGDZWi?T=5s+RqNgqvR~%z<7l0 z^0Q}GXewa0nC8BDR8sp)^UHwgYb`e5M4J9FBa-<8)Z224Isb{!5Z?p0@jnL#k3bR! zXnm4LS8;u>FxoZVqL0d3cso`pz-CbEBk~c>vS%(IS@az1GBX(c^BvJ&cvJoR+WaAJ zq9X5Lp!V+W7cB$m#43}iD_PegQ8)3M%zQOgDL=5s*zbc-yrw#!h;ARu1H_-i$-|LY zo*2WErR(~rqbu}Z7Gn49XJMO6pK9Uu`iO`nzNqWrrUR@?|Am>}6F(~hk+(ga-L3d{ z3oj0!aTvkt5v`qz2IybpVjK*42+!`zR({aXAc>AHAptMX5%AE=?Xzejw?s zJZxQ6EMDH}h_^)rm0O|?G|)q~r<;nt2uQ{|TiCrqR(;chvA(ex}RS zn4OEsA~MTo$yJ>V{Z-@01!|i0+6OM)IfpYhCZ~5NkIk{T*9X{>k?dv_bIH&W;>l}_ z=hH#bXrMo^25PUFEnLL+9N$W3dIcw5+OA8Gp}!{mst?!#)6rN8C(y*7zabe(@FfFI z|91P{tr8OaoF?;;l``^Mt$&OZ$vF&{M&Y1lT@D&M{zR+a7*RD->7m89p4i$e-WeIA+czkw5Tfnkv;L35ADX zMP4=Yp{u3U?)I*e$sB)dClK>E-7FdB9T-*cmw2@cY-m)a5joE! z>SH63z=Jdr4y0c;icTK6V2JXNOzGJ<5F$FFv|&PWzTaN|>nZ4McNNwp@fFV1gWmza zmR*fbWu-h_h0Y!k)1>Lw`vGmSs6dE-(2z@P?(OK}!d9CLQ@orRHv_V3i?C|y6^(r; zj!?XdNAwV3<~Q9i5%Q4jFG@tWV_KRH|75W~Ky|mLo}*9Ws5BsC=O_l2*z9iP8^|;4 zMVUhc5SdBQ7IQTub1Rly=G}t%2ma_qP<5H`0ekt%+4D)_KM&pW{JY9qeyB3Kk~&e1 z2hqq~lXiPOsY6h>hHR=3~umwct2h)_)(f?|Zr{Z`I#+U3HK8gaxk zLHI#3=wC1&e5A=AC-X(;5r3l07Y#u3KQcq-g~bM!Uo}|qwbvXk?DV|g-IA6E*aGPc zaXcw0VIckC%wCX^2JfqI#V9=6F!qTwA?snG4^f0vIDE0A|H@jHesXtkT`dil%+zg` zdz2SD!urv@^4c5bkZV!79P^{JNCp0g7`I17D^{dxi=vqDp%(%vMyY!QM#^0Zf4vcr zzqZ072wZbYt9*7{!H54^M7r%FwfQ@962t_qWRKPtt7IA2UO?RQoz7HrOnHphZZf6$!*2{@rqcIxGAX4Rs)Uce`J%^J5L29h*X7Qsecss;FdW%BOBBf9e|`3Sk7H}ZB*NFmt$paTdXB5kh+}$@QC*2GR}4w- zmNhbQFifhy=Ai5K^Gj2i&)9?LfyO$AkfbFCHe7Vr(o-1zwyLgSMhf9FI>@vq6@hoJ z`9r5Ieg^btS9pvAs(yuwqBw8WIpgIdzo;}?@VVBea!3aU@7euc29Izn?%u6(dMCb5 zM;M=DPry3}zei?oMiv4db%rrXF(p6B4SbY~>%^Zkl#nxb=UV%Veky{Kwf)qoNl^^7 zhRlH&{I>CJilAZhALRFJX!!9xMJe_?_{TXz=)sPj`^=^(T~g`iSr&1g0P;haVAsC) z1$BR`b{`YQ(RBN4viw6H5c1v4vSbtvVuQ`-EQzbCcU+=}>}88%bz3K=TdNFD*4?}t z$P2>3rjOX@ktU)p#t5@S$tkk$g#KW$*OjC{<#gEQI7*9NbTGcLEz871v#xyQMJHk_slGH+HIjw9qAhFxz_+5f$t)XE( zycCobjj`gpN4c<@4yAJgCqJMAdm^Vei-SD^nL`Sz%;dMI%9U)icnWUtwBX#Se0fF< z%%NlDPN3yW7Y~QYnv)z1@_5?UYg&D*nkV!vo*o9Dn7HTcAm}YZ*48P|+~chbU6?1) z+^mY6+0DSNvkQ_eX?@Qn&J{kx7ec4+Jxv|2_RLVOswKGu+E2N$dY&5T{h&h8B%*R5 zVdm=I#%|DgLk4E~)f9*aUTwxZULwrQDZ@g0*wJ9gY7dX}9F9dKuEs)eAU-vodP?f# zv6|Iwdx?6=m`wa|Qy4b?mNx|Xy4%@pdSb4^WLN(~E0_SiB6fT_kI3NnBh20r#T1MC zTw&jj!kNHhfHX0h^fgEit8;YNZ%4Pc zV~XsVz6@A_kh5TVKJ3y7#e4)I5>h`>Y1}{l`k#1`d>Bcx8|aOMEnxX`^@p532#uRT z)X6!&Y4}Sa>%POWSmp$7%!GSEx3W~7%oqNL>j@8^R)#`43zDm(W@nPVDJ#|cY?*2| z2Xtv3r~9;DJw-n&b$3tc>yO_oN=_H^T{P8B+5h&ca^+xRA9EfXtF_*Ke7xsEkpUqZ zcJq_fz7Icq323m=XZ0fN_S+TF@{GM(^F9z~2c~|@bEb8js>+@sI=FU48VC_@jnkdI zZVV-2qb+~3X}P!_ivqM!7~jUJ(kA0ytpj>-MwM?eK8$D!qafy7#*zpP%4d&{QYSu- zURwaN_Tqh)n=(Ks({Fy&9hCd)O8S|BQOb8ozcx zxze&VGUyj-#iW-D>h&OMda*xS{9V_|2B_iNQS-Q@aqDN2;Mhxq1A z+DD*mVdXfruX)P$mIIi?1Ois)U%G^tMjqnb?1z~*topc?0-s%Il80k!DIDnRUe=9W zZ6>%VDpzO~GhWVnU7C2GRyO8(FMC$HwRc?WT%Z@!jt}3;-tBXE)`cbUPr@*MFkqG7CJ_jOxBRb* z>-VlsoG#vbh3TSJYuyQoSAvM>WFd_1Z(S-z{9t82_0HXlNRkW}r+YrTfHLy6XSmRd zBcm5Twrg`Xh|e|Ei2sYC<0Pq*4MVY^-@UU|yu=YoAp;kM?xfegHfGnSTu~T~19Z@= z--}c0jrqwlA@C+NM#2(SZx2xQXIHV0NMnSP{IFtnzDT?!zxWg}R6Ow=m;*@$vhizj z20l|HhG%7Qe-<_505Eyee6@ zy2;7{3UYw4JJn~WcSysUv8iA`GP#n#$=2A;S(7n~!9KKrm^4y10K}17G(<@b6mIs`LEC1%zr2cK&pcVQcRUqQ>e>m z1VY(|3>1OB9Ye3Q1|9|ms8Zlpho5V=gZMg{t&z4^7HrXl1|`>LpmHO@LlM5~7X z^odQN%4$4x95?Lxg01Ztwh}!S_nD1=iXW@#7zUwT+Ty6vPl}fhyk8307#I#WK=z?4 zMyLT~XCav+_lIjw?jazz&qcdHU67g@AEcFU5-f2%w_6GMC!%M@JjBGSox%2(L0$Cb z!=o;3zh)but$FsCOoO(7s|1oDytXmEb~T1JKkRgat*s4Gw*&g7zdaLi;sR$I?oHOdNKk#p z_Ikz8=K?CU*wT=3MfetyK5gyqz!M=PxV<-VX_uvAORB4{#>fTs5Z^n0c7{o>fJpwZ z`I?mKjD9XOHSRQHp#&wwB-fCosH%{UoZG*Ccj(5b9l{}uK=UEBmmMO zsKA2rgxgCFN-n5_01CmCGgi&|I#{U!dYrne7g5`BK?HSPLI}ei+eW1u!K8lkO`ItL z0eNulPgcS!SF=n@-n_+o=x+8I$Z)W(@bt1$Qcfh?pVHJ{+>M0Zo6@Rl>Z^~8;q+SD z2xcZBK&B?}X4pkp#Bp#maWHO&A`N7W0)H zo)JncUQnu&@cWCB))|kALNd$jV;^VY- zM1~y`dibU}_qR9ADpF^^*SAeYxElA3p<3ejJ1WH~50=E6JMFRz>ex4W3z34zTagT8 zB4p(o<$K>9{ex_q1n8_fQfXpP!UURv9)=LULzdgAz^?RZCuGvMY;w|{KY5rf53)ND zYkg?5$!TOGYd6rpPE2guY{TEUzTL)=!I_l$pm*L{TY&)IA)1ufnLo$lTUD8EK8+mL zGv0;GS@AP^sGz!4@z+{g47W*si?L%mg}{(Gc4ik!P1YCP)!>=yKvR}{6)SFi`q=Ho zP0;EfGQ>{J&WLjcnC8P=s?-|BOfQ2e-_5f^Uc4OxO{lOsK&0;I&ZkGYwa-TDa(T>T z>ZF8lVSw2--<)L8eqh~z+RGEMdy>lZX|y*sjz6@S!}7m|f6v6mDFZY`^g>P`y0J|C z^uv_-eEz_B1e89(vk|9~mk+M`?T9VsbemXab>AWxC@VuaC->Q+Q+=j0?d}BxFGx@* z^t>Yv#RDXnN(# zOAWixOR~ZWXq-C~)YL0~+rnEQf;6{2yEZRJBd$uO${qvb0{Wzloen3ofE27+ct9X| zwDNHo1AN+-nA6h#LQ)O%iGv@cr235@`wd(eETkKf#3I}M!`RA;1=+h%EDRSG>rQjJ z@n)+-Lm_Yug{jI^lLE8dQ;Cr`0A^E#y-bmgxaUf5ir(|TyAdgk#vw{cKrw=@5vr1& z^Cuz@ppFB_KcOhn%nv3d^B ziv*jJ#&M=tdRjwPF|Buv!mQub{q8rA1q!J`M`r&iW{1P`APfC(RYE(Puu!YhMNs77 zAi(n7lcNrJyZulqtt5Q^DTl?U_ZM?MvJ+)Z?;or%$2D~c^h-%GeSBElq+@&mmH|-4 z4Hn3kD&cEa9k2O@uN5b-ZfO{p8vK(<@=oIU&{18dwfT@H&2 zkG)?e`MbElkfv+pOBVNWe;mo)l8fi325aEm^e0PPy_>Jxq0HUs5Y(^onjbGF^j=!h~w z{=RnjAb)@o0>j(i=6Km+u7d97n6UEbVNIS^L9w&@U8(-|A0w=O(dq^a41Eyj!bW^> zl!4yJW8EzT-HnPMYpQIXChPm7x5|oaHKVSUk@v{Bp)!w&5&fm_{_bRGV#S(G^=DLy zR{Cq^5Sk{Yi)#IN8ghXrJRokIqH$fzWT)juq(?6vPz%6n6K&iJgLo$i-4+9nG%N1LIyLl#&P_Ik4029$>E&EZ)nl^+WoFtLxZ5)A`X!% zsb)Pb-65>vp4)%uDkpcJu7jfurIY%J8ji7B+zRoC04}F_F4mrN0EH=BnW( z3A+u#=r1bYS53JFtSJ;!jfkUOfSCZVhVUCUmon~mwNhd@cZurT$@y~{<*NNMAqQb{G(W>27Ntd3qYEYJ32g~N(E-O~4Ac|1I# za3b^@)7&SU;5`go_xsmuQQS)DU!6&Pda}rDR-v;LVd{miZK|ypGL9th@?4@ZV zE@a^QI@ew^4{P;+QbQm>@^n63?81o{6sb75JENK6yMWXUBoYFJU2yj=lstrvwyTOJr&Z_tdR{G2RgI^tlLqkSB2vKF6(! zSULAEsPrawW(2_r5DiGA%yxJSjt_e=1Ng&pA11bGz)S7PRMoQBs;TGFcMt(V+%$ z%|OCVdk;vO|Li9RNA=d_3{f4Nbg?78LqFWHVW#TZv^5a?0Qb*7))MR0A0egsu_?#2 zg+G>Psw^xg?l-HkcD`}9~Y-LsQfRNr@|h)cXFJkTWG>f z2J91-@doyS$a(eD=I1m-fX#CB@APY1U@e-*>s&`bJ-i_)KNYOBp-T;}vyf z7kBAz*DtE~mw{B;Kav?d1wx{D=r+9Sh+LfS@rq+XQQ^Zvttq^2v4PcD>UbCVdYB~8 zj}@Z_N_0UK1oaV3=KW32c_HVN+D2pFkFoReux_$b0hJY?KQ?G#@^1n8$hT5zy4XaJf|VdVTkzo*#Y!4Sf)Tl|b5(N)QmM!!6Vb2%WcdaW+h9ohua-;FPlp$Z%d8CC3gKU~&=(8k0s+31}Ta>wENfGH`0OLPF`YaM7#S+U;L zM&~;o$7i7@v&<1>7f^0LJUc*gZa(Go&e-7!%FNB&RQLbh97cPOsOIPF9kyekbIyBM)a;1tL3s+Y?DgkLLl|NrEBOs z6n=bYGv+26{yHq5KLCP5O9UzquREy;lF2uh;OvCq^EOSC6zl~l^g_09)P%z(WrE`3 z(Q>r1f<*R!i@T<0oWe7Z4^=yWo7c>fF}8yV+`3T?yR>GWIpPlzAfR2mSBT ztG|)c)s6>N6c>$JmOXt1$6N{KZywh&YTPY#zaMW?e_Z^bJl0~*_4!0eaIj5L(2-D* z(k1(3)CK5SO0F$hec>ZF@l~Egg;zT&+0|EmXrNB2CiR9`?g|?f_FZ}QEF)GplXCg= z{bWLiuMYRGKbF2S%QWJvVqCm!KYvU4jIQQo7T(P%S#zDrDc{x@y29yfWX2!Kz@Ktg z)YiB}Q{}0qQcRt{T>eOoluH7xS>#~{y<@!e91mWG<>cwhgFBaqRMz+7b;j$UHz~g4cE-9`62et=-bH*9FSuiYj_{m1-)+EULuI z+=3zrMh8yHW}+OPiE^dRPCT6*jBfLf#XlVXuwI_9h-RxUJJ`W5d&jVOfM3=+lfZrT zhJ16-bnCZkg)0o|kqZvT2P0K`&>{Vs#b{`7@DrtEkuEBG1L#0|!)uHSpVP$%9#mFO z{uL(CG5bk2iN5>m3mwA$)dC!I6zPjd3MGHHb1g02z8sP2anTdG9X_8dzRlY6lfmqc zx0^QsFYf5N$3#edO8d_ELe_rEvlSO6#Rh&MLh8))?Vr_V=*LH`8R~A{J|gu&{@oQl zLMj!hqeG7IZ1xyIqirU!Z7Ql1l!G06)bVFS#^kj1mY5UA^%q^vNf8l*a~115BS@{7 z2lwOIp`QemkB8_lo$j#ub2o0>DA8fP%#RCSUv=1jWLs{TO%l=m*4~)xRmu)1ibn66 z6u)XA* zRf?5A!+hl8H~m2hbdOI3k3ARvS?KNdwG1b;ISO-{(|hx~Zdnb}O`AYR`}#)t$uqXz z+#l8Gl>w!c<9$@yyQ02C7uuP|6npR8h?`W4_YT}-=846QQ|rGm{&C+VLdi~sv3V_+ zrT%TAJ2r3FuE&hqlj&cw+O3LriW)LJ>`K@+JZQ(bHf?KnjsKjl-?+4LrF=7H^7PsL zMTXRa4ttw}>T~s5H7EsklE1l@Dbt5W2S|d5=;OFgKfOIpfA>fpa-Rg5yezX1e)o&v znO~>HbbqTEZZ{nTwJM%Ktm77aX1lH?bR|hI zC|Fs$M4k)66Gk8C)ZfXOG4%4IR>0Ju55M|pK&8R6Gk8O?BXjn5T-?5E3VrjnNC0T+RpcV zKQ#0;D|E3fljm?-q~1fxNwmElM}~rGaT@+=XS_1X_hj#bg-u4PxbKuJ?3&*zgi21y z7Dn^LY3jFIWR4!V&S@TbaBk1vJK;>l)QOMw4|%S2Y6nX{f}c$Aw_Um7@@vTPFnoUH z%AC)|^vEZsk*z0HY&HXgFu&m zoFr5kj*~DsOqnA2&}z;v(rr=3&BZGxSbbL4wwTj`ZG^fQU^v=pS7B1IzQ)2&ua=aT zziJV8D^ZHY&nEw1hh4HMUCQ*8gn?S%$wJ2iEy|nX8}-qnKBoiLl7(j(BauzXxHTy@ z{A}oO+N_qRf|Vr0EU*P{$V)e*I%fAZoP}$h2l2D$HR8xL(v*;ip-r%nc;iDkd3j@L zAu}t9#pkP3mhdp!HMdnR$q4p1Cy-+{LM1r8o<=I&J($zRT<{~!PMIQ2Jw2(Jccz_M z?CXYe!4L0rCA-JO)t_pwEQ>_Z)y2Wj4r*gQIk7gR%(;l|C!$bxE938qEDx8-Q60Z! z#V0Xq0{koC9@k1_pEoVrnP=v|$V|**`CXnxW!?N%{EP*AKOF`sqwZP%>C4@9hd2mA z@x7U#>C3ZIb&igjOolhBq^yQXUb2y8m3)6&VKX@Pmd2K!P3dg_rRADrIIVW!nJouB zeW~OkW}}oNHa3=mg7O(GPn5EO+H&#(&)0{C`a{jf%A)nQg-BRqxw*_Gi}8Fgh~+&# z5@v1Y===BqFBw|;H9o#%@IVvOQ^MWon>*_AMj`&Ut6cliY0*B(P(LhQ$$?z8*jrli zKgPr5Dy}<<$WXr`Qh&tvrQa&`U}b)>?p3^wc~qHweF9Njk^T|4*_~5ZOFoAvj9SCX zob>I>bZ5Vr-aTe~FudC#S)13$U%l3}bwIfwxN+HApy=gVCtU$vR&VZw`K}rN??fWo zCs{^DYssUU>Mv1fgZ4fHCMSCdDJgUE9?b5ucImWN7vIXnr^Ms--$h1NbfFYI9-O#u zZK8AX#_E-GEbc#Ld^B~k*EXU;>&jslCqJ%InmMJ;@6mv2mzl=Od4apjqRkt<13_ zq|90`_s-5@;T5~`YV}31V7&M0H-wXfw^`}V4zdUJmyy~S;-6t+?EQ*&6VaOL^0tMf zq0Rp7n$dJ59{1?X`_~g;m}^4My6@?=aNVGwrhVq-B!Zo^z|)!D>ruI6hzL62(ihum zJn`%$i#M??;1_Qy(TeMC2u9?`N(2~LOSTrpwwm7rb4LAcb|}*2DK%e zJwoq*f(@TloGpyv?}d#@kl?>6vh_Qf+GmAKv0=}7zMvp-r?&zVf?dq6bu9-AH8l3q zcW@9Q4lDhPb^gbFWMdMk-m&pQLaq5VCSJd@%10+24cxWrySMCGbnsI@d z<^u=l;T8Zt@JC+gzw68t$7$5<8ZGKFa|_8wBsO7s*DnNZ`ALy+C~Pvc+48E7Zs(#C z7L4E+X`3^_35IX(sN$PFH2D||n6FCNYj4}hiFOvLZD{KCEwv=_?Bqy^)(8i65I^ab zLzwEs8j0DK%XwB|f5u#Ax;Yi$9b)gZ8*$i^f3J|z#4SjN;Z5h-AE}`i(QIVI#Ke); zuV$I6b8v9sXEZ+qO|BMv|Ye8y|{Z9JP&Yu3r-Hw@Q zfS1p6ifg7fgG|7r z3Q(8LzZ$xK{oP+D4fScKKQ1*Jl~w}!zje()Y7(XJrV&Opi4YxRZTtL`83uwo06p~m zT~Uyi?CuZ-txZ9zwOF%m+@`MGeehh|TXbBn_rbSn;dTY( zRG$>=;`iBEk_VgDI3O>6@sIfs52H3CEHe6hmQPWNfC1$&e`I}XSbj-(T7PJ3lOxS% zH59GGfyY2NeOt|RSDvmm(;9pmg3f-Y*bPq)!znWEoc71@BIU^i%9Ew7YfsCC-s_4E z-j8mbD6y7<5i!r--PNBPi`PEbK#RRY4}G2EjwpUj1q;H?NDaETwp>wN z*2QOcn5vb`iaAAM*OA)wl8nhS014XZ9A`?@v6E9&dwK&b@Hn4#s<4>QclBVc(yhKm}TA`b%aJF3GQ|T6~hS(Qc@jXY8Roz{PY#KP3 z$IZ!GtA+(CIp3duDU^4GcW`>&eRp3PZmO_bVRU-OH1Y}fh|5wZVC9? zH}`czyGz4E!V=kFSmw$HKP=DC&hyEh+t&?`_KeOMmkDp(S%Hn-Rs3vM;GR!lx6hjV za$`bCq>tg5?^&!9>udDT2coP!nxD?J1~3pUkB_#GwQF})QEkO0$m`(g50BQ!^3MIv zPlngT2d^$S37Q9~p)x(KMA(qQA{68C(Uo!Xu1y4R@<+ZT*s>&frh&OtI8w1w-3Crs{B?WnF4W2$(KsQI(g z;_K8e4yGb}LmVv)J5jO6G@i`ZHLs`K@NuldNl0@2yNZu@MqVB(EP|C61p-y2e+Ng! ze{3uWB6fY~)*t*TS^HECO)kgm$oaypa8>E4e&;w|yY*`UJzbB9~ujdbt`E5??fd3bu>B%m<`YWRqcpK@tAv%f(bOzt3a{*?wa@6 zCURTU^L+@;3%7d}Txsg**m~ixWwFavd+M?1*-`Vo=qF4=$@}2dW@T{gaA6P4`%VpQ z8Rf@ptSX^By$F8Lf8lFL!Ok^VL}_Mb=H0ST<{RWS#U!EKzp5+Z_Xa-?&yr=f=3e$b zmCT5%AznHa8`1R_%v)vD*772GH?u{l$|GgA>1Fv8!WPV2E|X%BQpQe!AGCret-gfVT@W#>718_M8L()Rva;5G>!_t`A z=DdKK|>O7&wUmvMKFEU^D53oxlHzazz&lI6I>?)w#vlvwmn0@#Yz zAh9<%rAZaOafLWJLErUk6%9Az;lJ-Uq}_cdLiFj&NC!l)uWzY4vt_U_DyMn~l3gIPDn1M8@^^A`^#Y1I8pY^OxI z@a7X{J(&iqs~fvFelxB{E~|HEj|i(Le_3O-_>wIOrkx|_D`5S)z{!z^(XZ;v_QSi^l*d3jImf|xv&8Q7$$I;VMsdC+QB}+(3 zb2SdOaUt}pYY_cbv65L^+cDEto@zn?k!WzU4lI_~N40+|lz#uOO#8A?vf!>l1Gg{s{%X`@3avpN$8RAJy7YO(E<4@!-kDHw ztEO#n%q>>xcTutoLn7s>T(hr+NW!IHu$WNmxkaRUy4kWUAeTSr~y2Y_i`4HS=>Dv-zTL z;*2m>|8>?knz*hOkvd!7??AeG#6?tWe0#(aS(_{SaRZBKgG?x#l0^);+#G~xbfL@- zuC?KP%;qw}iQ4T=mT}Gh`9wazT|*v6pOO_-3=LcA_p}oBc@qo<%jGTaABqdp3>+-i z9!e}JwJ<)~8C$vZ-2&OW`(u-%P(6bTi!J#R74q)<`vBSzCb468vCZM`M1vrhrQk6f zT=gjOFh$43Ek1v7l*_;;<~SKnbqfYa4q zZw*V$&waJ=vq5P^I3u)y3m;m%mbDMKW# z-$O49QF157Tm3&XkDYA#&&G0ou6BDoV#Mda&pU4~+_|J!^xX0NdquA6@4!M7cy{~? z=WN@Y|GOf(=BE~>_HEj>L&$1?;u0je`|Hm=3jRZHLqeCe|9flqYW2$YWRz2UeEbCj zM+2kK$XV$e}tb(PRO|3wy zG3TAiCn@?XGu1>m1ZVze`)@|r`TcjfFyX4#{Ep~0ppQ|)*?{NXbeFdlWohDqv*87k z!~G*JQ7*Tdm-Zjl?u#a@8|r&z$LU3zAp8~2!EUxY;*$z_NFQlVPsRuEiAG%(|q^GKCVv4oqYI0->t7^rm54y)rM6me%k!@JtOvqZN zT*YG%F-bv^W{a|3=PkDevjD}{9Qo5*1GJ5>wrx2cLZ`xt6IK8mwWG=LP8L zynp_vR9=v}DzPIp$e)FnrQ=h3Sa-#6!O|z#rIDUl@EP%`0tY?uj)$vEbiVJG=rL02 z`vbIDvBJ?>ziqTcigcHjY7e|8Yzya4n%g@%<_2ek+&%|Ln4Ojz8kzIl40;F+maJIi z43b@&c0X4u(V|UzFq|-1E>tz07r*~)Olpk@mMzh}@6e7TNHf5wja`44Qm&M)aN1*2 zyd(McsDUyy+JfT@X|mFutkTRSv{JYoC!6JfSrBu`A@v>K3o@looZ5T!iLG~dC8*)! zBNlk_@!XLVyeu8wpIz@w3T^LK+#+US#d9p9h!;c*?EO9am5-fO@^RZST)=fnD7Ocw z(=#Tz?7Y0*A0ZPl(2Y;A+r~{&Dnwsah1jOwf?j~CDN9vQxdH?ZdQcOM8f8NO)kzf8tNVUp)&c&t9XU^-)GL39- zhJi8iCny=9l>|@XEz;Gdo|pYAQBoO~&9h~6bbl6#4^^RXLI>lp zb9nsO*eWK*n4xU!ruq`T*=tAg>g`di$7W$;}-;t&qsKrr@FfIG*$01M`SYV!b9?`z9&ucNSPnA-*luHrWlSdIjIjXuXE!i z(TC@!_4Ciw)OviF=_-Nl2O`yceh%TbZWf{P^u~eH77+ zqoSqNqFjf$()UO-aVTSD3M+ZiG{m&+W&e*H3zzie+SFaFtxvu-8Ii$avydw%d@LlTDiHeR5YKq zf(fZ$%zj=_%u|zbX{#$t3}{;fq4QdkW{s#BKR@N2IVT~(-&I7YZuN~#Qz$rm;JA1G z1C{Td)6f+FU9H^s0YGw;%6;v$(P9JV3(a`0C=iPFaSO;Yq)%4_OHFrlFy<7#N-*dZ#Z#7ET%|kzd15`ij<53BP)M^S1x=z3kDQIU zO&Y`boJU!f7Kg2wYzU3fRT1~U+|g`N>IAKt$#>PY+B5j17m=t z75l9z{+T%A=Wi6|#t(ZTry&uLYOMZwL1yi z(V>{PZJki-@zFUzP}Cy7RGkFE%7!2KZ0%i#<>PEfBtz%k9c$3eh3}VkOeqqaKV(mG zRrwr*A5}R4GQ&^dy#Pu&ntbf8nfkXJ{@oR(C(=K+29iy5(-n;8zK+_iSX(z3X^W&U zYc-aIY&nFBdVCt8oX3F^gvFZvY+SxXw8D01mm`c_4+`BK=QmPLS68m^e$tOzxxlt8 z-8|jb!Kkjw^bf-Qn~e+vuKK?5ed?*UU8+OdVzjhbU24lk)H}_GZmeyy)}laeAb*jJ zZA)~Qk;oPnxWWj1MWs9UEwMA&*E_#f;1_tj+Ji+NW3UG@ZJyQTxOoM=WT>7ife_)Z zlaNB*|4w{{V9c39xh-TEU)3&g)tySh8V_#Cde@S5lLjTNsd+sn<_0Sp$AO5Qh}}?m z|F^GSfByPO0S7`JzkZZEio=4a$d45=+H`tj3wYRVwG->5X?^i!kmEl>GCnH4X#~vn z0igLxg%0b>8hw}u;p*jo+|$2Toq5ResanQPn*$45{xw?$7N3hJQOB{v#bpwDy>Rm+ ze#U=3KI&vNZ*hP4L`Z;btVkF3ys$%E;;>ZIKVL%UHu;2=l~tiYRxTOrxJsKv8K5^c z?fGUDj-&w?xc^*{of*bUV(y}LAgjDY&HWc?W@^0{` zv#&|-FrK{`1>W~A!VKfpO3B1dxuI5wbQm(}BW3LbL%P?u0i9jpJ>V-+{+}HrB{d`V zJS>-_Ux2FvMu<>`Pq}u#=UB`a+8DzgA*B6XVTQxv7uf^bh3NdBS3?df3npL|Of4ub zPRYK{&3#^9y4j-_Y*bMc3+RmOg5ZkA?jB1TXyFVikO0I2A%__~ule_?Ee z&fMJTyq|=bD7+7>C$jW^$oCmNnPG(?*>@XyWO|d{e_x+Cay831@5fj|5`A*3af!w+ zo%P8L!6q(*%d-kJtg1KJ4m9_$_SK#s0eh=NZ`f{%1;dcT{qv9Eg)v=gLy7;-CV>Cx zJ#jUV?=W|}>eu2Su4S#+U zH@NhTN&}b&3-~9<@0J|k9}DZ^(N6ErR;MK?q4~9${{Q2Zda`_Cz5QhtnYrX;sE_2c zrj=)iaxz-J9o>2!qCtlo$H}70nWe)ICft^p4p$*F>e{>gA9x&2F& zC%8@7W8J|%O8=b^DXH>k|6G#DR&(vJO}$YLKH{s6b=l-U3nTjmNf>^U{obSOyq20W z+c>K2H|C+M?3&C4rb;PZA@(Ihn-sHxsr#F0D`&BL+b#ZAVz9CFe=gbEFa}cWVqqri zD$`D|9cTBA))!$WFMbD8uQFe6z>~mEmhyLLHxVI7Js`3<0rp$ATu+c>7C@QLsA=xc zLUPS{fbR)9@&COkAj~x5JSo`Hh{3RpG98D>MsN+_dk$BV?fw(zff7_8Ld@aUOvn#> zpVYX>l6U$Pvk?3YB^bbYNdLXY9{!I*`Z-?bd`8l$ksz6T{M=@v*qt4O1eyXf_B(`J zLOytYSrRzO$D`OMYt&$nb7PegB$+n0d@J<%e}~V-Z@kA){V(J_LCdBy$&I^`r;>MU zMTCvFR|`E~jE|Z-NS8i^c@PtgCQ8R|`YF!OcU_YU8|wV$D#c;`#Cnd+>;&@E&}w$Z zs>5;ZkpSfSB^tW8Srj4rT9+NM;qa$YH@Q0$)ddZ2JsY+EyV!^$lNA~?t^_M~BUGjf z_^U{^YklTK9JjX-)V@1hcDUDtgPKiE_~Z4@9I>RlZ!$TmyUcn}f%O01V3@-xGJ$sQ zzgmEyiVITd+=whoQi`CGe7nK!&hG7_`0c}0b*2cDiq(mt5;cJH-1s=zeX9Q)KZ0`T z|E$uc)s#2sQqt+%_lF-KSlikai!3}r%OL2xc^?7j68P$`kM?R}$>Nth`@iTSutaR&36^GlQM8 z4;Jh`@m11rDF{QY>GWv-&%@By46VsNkn8WPe+bj_LC@2&;*A=>EXW0%gMCLW?D2CZ zWX3S*v~`prDwppV@}RJ0Bm#V!xPAURIRKhGSHd&WFN8s`PJDH~f{i1FQLD@wpxpl; zrs>FlOA1A@Ynowwa5{G5Vh-akod~pMKG*+xK&e5%32(qj<4C3>Dh-f89(~neRVcFh ze_Xu%5hh2e=@2V#m?ZBpa9H|<$&AwN7E^~V+T{- zwbZ1aDvD0skEh*1#QF>OUz;aKmuOdu)!Ei8{<_y}_e*D!3GC2>8 z8C0W8MbEnvME^{DRr9Zbk#GDY-Xu52M}cV4xoGrGMvtVM`}mOfVfRL>tOC#&I{@&U zf*1ruAnl_MZKDBgyMY}~shj^@Gg#kmb=NeYi-UsT;^}9I!ewRe2BUq_7Y{sExH(IE zI&Jb3nVCM!@^wHu}W@;^5YP$DNh&eq&DpGB7xBRa}_K-k6(VMUJ!Kp?H|;4N6%6?10n5QnQ%;c^JS(_rDmHAcD#j z5HvFg26R`uye{_Yoz&fSksGFpOKu!sLPziZSllaLQFQi~=FquX@*1DJJkVF0=|6@Y z7I~nH_Yvs05E9q@@4Y1@B@pHfS-S)S;K+e60|84)k2*R{SNVM!Vo*wI7?wU7YrtRP z&~tu`oc~x94#j*6BXp=Z7NmZ#_Mj?J*$1Ra7#J9ol$C-0Z~V<8BhRual3J07tuc3; z9jIoRVL_Bzx^X71z@GWi*EDBRZ<>nSnT|4 zn&>>3ff@laR}dwg)wN?2DY=Rwb}feI41;8*fBWaf&9M-{f2WA{{rACp4Du@OnLQ!^ zn`*rBs@YJ{p7-3Xe4&bpFiTF{$bzk`)x*rsr3=OP$JyB) zjGjqpWYpq{+2czHheEJuF*NXif3e*D*{Miv;JE1m|Baer^+ehy1(F*$`uVtSf%*XL zkil^7EO_UvPxR~JbzAGKItu7NVC=JyU0volSa*J7Hegzv-tsf@N%{h!fuX7&K=MIf$$ybk+y!}Fxo!BW{LOPb zybrv@SG#qsC_Sq_T!ujJn6h3R(bE|;}gEzBWbqs=rU zJZBo{y9M3JjL3fV-nyu5_43VsJ{?(=xmJcMZP-=z*YtJW{&(Q9LruZ)lzozJ2@F1q2TAF>VO(o%o!k&Vv>8^M7*-R?aFaj3LwN-`0Ga&SC$~ zBMvrDWldQd4F_6>+XH*m)7pHtprf)PzpzMVFttBPmLxgmt~Qn{O(1j))A#CwKv~1fsvX zGKxV|`i%GgSe?P{e?T_GnqoeY3G3shC+sF}%GUte17P>kl%OJc!fmcXzL*Rva%^H2 zU07;Xf9Jkc-hIK?2z2{)zuOY<25mV0-(`9V{Da@xZ|f;fG&$g9icj4kpzblv;a;3o zVssb^asf+Vfy8MuaB5p9M>Tk!sSk>`o<)OHR=RH2k+}1vI{4m&8=r;OrAz$XS+r7dT5hafiB@UG=UjXb~zT!WyFK$~1h#1G@ zGzeZLSrg6fG`4bh(}BPQs3M@tKmawtE}hc`9EidM8$>79-t@at|FXl7zao#^fq?-; z_NfVw><2{BQPnT(}gu92O00_ApqyMx}xcY?sL*L{9T;#wa1 zAFBCRnv>2rMeg}5v41Wggg~AE73KA|^5fqMk6SZ+JLD`7H-femK>nqp8%U9-Jf*lk zkXZbIalHKkL`VBJo}_ha^5*#PATi)IWLyPmy0ZR{sbl4Vo0_rK073}_{*xpZss*HE z-vw0YLqNpeT)5fB!IOyI44zKKre46bJFS-)6}-*;bg#SVlf!@SNgGEFw;1dUVEBxT z+SyQ8LF)%3hxp|_;%NDT@oVRN@C5{S&S|PgV%o&gAgyVL-{bA<_kU(hm0A4@!}Gz^ zieho{#^tJtKLiAKf)FZE*Mrm@LVT*UjHgf|Pg?Q{xOm`;Gtj?)F9Waxths0=|34qq zM^&Ay=Vx6866av4lBcZviEQPAe~NHH58+sgbS3UM^b!qFIRN6BeBdiUvLPWUEln1r z2!NG61?PZ3{ZkfxmiLqu`QKGN0YI;hcxMhlm^`+5Ra&UBSN`4spM#&Zr=w#fwHLGx z0r4B;Tm62wx=xJ*?jm2OW?!&MdjSLlszCEl`|ot9b`>0>vIoC9ih4iC!@-_*Kxc+AN9euLnUdYHQ0n^gi_b-wUos1N4>5 z+}su}FUb9-lIcJf3%J75g;w?U4Ip*pg0s0lN%dG*9I<_{!tw*7rCF}7qqRc-q$gIF za5<{Z_Vw7nzdpE{&Fk@Yar4((gLh6&31Y!$$79hxPsuKDnZo$qPy0R-R#nATcE>J#0-sn<7EaEd#mD=_(@xTd7$&b}lyCL*X?k&c zqR0g<*+6kwE~XjNOgCkfcX#J`%CipEnt-VE0zFQXguCXc zrRw{*ejF4Olr+8SkmMoTnq^SRr)N|6{ZG_{vV7!(k&BiCf@&;2fMO7O(c<-}Y?_)Lp02m=wXdn{q)AaQPgmfEwZOa<05H4PQn#u2D1UxGc zl%s+CEW_vX#h#u|ydWBbfM6#*YUg!%H!~`*OCUsSUcwRF?HyXY)?A!F11-t9`Rh_% zg-L@G`k%DfkhMB`x&b84{hSsK3tOXV1x`Mx!ygzq{j@c*n6Wn5m*%uHFYbGZ>>M*{&8!0P2zrEnvZ!YM^v`mn18*-&?y1H919|IZfJjhFTZY zxtcRMZT4O?>eUi$S#)1Rre!HrodB(uqeAg(DM<}Gkzsh3s7c3=pxjzq8y<4~{PS~7 z&E#H9R!z-xYPKvhuzf|Ey$2|hBs6oMhw=VOxG4I}n$Q-Opjy9M|2;6)RMUsXj&Ay# ztm&J$gHh~cNA5zFYh%{k8nte#m;3w!y3bL7*OnM5YYzDnUN^oqxLd(6bD_BB)XLS6T>X3Rgu_=ygNG_juhgnz9YFCJhM4fdFg{gG z)R#Rk%u5w#?SF{kgnssb;F0-vu4bd&J4$j-odA!bdRDHGV#sV|h$^o6VuNSlacvcZ z_Mr5n;^HFF6>P4)-oMvC(GSn1iPg&?zs$PMN4}|nKMs;;5jr$pU0vP1xZkOKpovO8g=g`fI+ABN=ixbIBmteN$j`%(j@bW?&nfrdHxH(P$jov z#Fpi;Ii?6_LG*o_MrC^7#y;l6zAoL|T2=sgdfz1_OAj+nQWt}1{Ni0fj-J149pl@-7ZRimhX7AYJSRedMnlLdx2D<>z1W0r%10~u_z z23g}F#m6(n%2_VXf>-LMp4%fTNLE%z8v)t70xclM8RWunw36MoSr7x-(gphzOyjYy zYN_CHE8xb1Vv&xGHzV>8fWYsIo~h_-d`JS>UFsTj4Q%^*XkbgMye@-4GAINgR?Gb$ zDFF@rYDi05ST#`YurS#;-l~6HOugm$>#p4RTg~_|5UuUMJPjF64GaQW*-U0;CTB6$ zOgT6jydfat*1pN%RA_N~JKwjFzQkS8#K%`^cHz!L(Ho`{M74{T&LA8%TYOn{HAJQU zP_fH(b7CdqUb@S5e=YHaT|Gg4sbVDPkn08>a1M^f-1)+KyO^LLiI>x~WaQ9GwF#Si zggZs^IC_{V=hRic&~rE6>X7 zb6G`CucrbE0|AEpy|anL(sXfOWn1oHRH4*rBJ-^&2dhPMfpv~Haw&1J!2K25t>pO>6O@jlsj_U3&A`=NJ>C!5jDzl>RHt??d?0m-d zR7if?wOsk0#4g^E8+cyh*2uC174lz}1}(&z+LxRx zY0?;(VdFyFpzDljt(+N8V zyM;}a(eTm1=8F8bE<6Ru5_xw^cZ!g!v*1jQMgm&+sW69RgP*rGPnHGhJn)?5_95Zn z;c}lGDb%1NUG?*d^UC4UeuaSo^QbdIe1i48paZX@Nw94tO31@)LX6hWl+KkRuf+H? zt0|#*!ZR|d_0siP*o-SJOzwF6@*(Q!XR{=7iQJM787(ayN5@n2Z<3k($%&Wdvj-#j zTL-(FR!nUjgPS91dSTn5Roq|{6ZK|^DR*a*eB=MUGjuprz8`=)(q-i2=K6oS`OZh8 zV^cpimPxpc7p~}dFS(f73w$$$$tna04n#s8$%d+iR>%l({ggi{4nAYWHkDSdEl|V} z;MLk_EM%3sxc4T6SP#|h+>0EJ{%zP#>0dj9WL^FA)|^(freTevWKA#l=q66r^tLEd z*5Rci8ti(i;*zp2d9U#_K)?tpuwtbtxrmVdBaV@uynI@cpjHg9JIFI1gLV_Z^}(Js zPzA^Hd*)-eF+iq1zuh#p+s@$jgGV#duFI1D(q zV#ptVqko;`yRou^!AZvP*{_$qC z`L6R2GxSq&9Umg+;ra}^SAvNYN@WIC=qLAWPv22Ku1fH~P+N1pF}!vHquyuc$oh`! z9Kfs!t7c2x*9{(0rWZZ-qo#GW%&q8nYY*HZyqCnej*snpUL2%zgysgTk@XLWnQ7Bd zNACB{=8t3wzDpE)Hn#nw^&a=76GG>hCHqm&vQCXJ-6eZIAy*LAjh!#Jo@~GNj3jsP zZM`@__nV^;^6S5H@*yoVFriIRI7Juo$Y6V0G0r6jCES|{DJ0<;s)=q(g0FP#wBoL9@)o7_0@qHzQReZ=t=+lP$NqsDuJZEfyG=%?oMS-U z+tam21>(@Ta(hM^P;doUr+=?0>k9~|o7+BMkV1DhuF=|_TO4UN0?NuyE@nCPck6o7 zMRCK1^PKqb-c5)!lYi{P>m8&||fHdTYBy;cIcw zw+pV|MB0hO>vQ{^l8iUsVVZ?2NQn-EJ=r}uP-<<27&k7j)z@F*v?IX2HC6@PLGwhP^DJ$pzRy&F&cYJSe~=W=g(m+A2( zsf7q*LO-17z1NM{=*c#EhQ8wg`bfrRkllT~v$N~vxtM_vn1KO2pXJTzAni+s;l+p3 zwk092yTy~kOdq<(^m<0&$m9WC;)7M(<1k7D7BaG1qal2+R-F1v^2INad z^BJh-{CHoB*LuDvT`=LbjOX*vT5(C5b&Ed=)U#oa(7$~FdDCZ*v;}F0#{+z!#~v%$ zr_D7p*1Ct=uVSSgE=0L*{{THm_v&%R^Y&}Oh|}Zct}HziGFCQXvZhFH2~<`0ja9(7 zH}MC$2<~#Wj1FnOeL2@oX+F<-HZ!~AgYD*oYa>@rmqMi#p81R@C1clKjht+XgBp6u z3yb5(?1W_rBxrIh)K{>t6BkLtH$S}6qSq36nLWDs-65r{%v_*y7inS9d67$Puq{A! zF+K0PU}GdB{OD__?@kICDrRPC>S#`JzVgo|_y$@F)EOHkai)&X@;X)4+YVQQ(Do&* zXuq;Zg;ixKkQY5s+GdWW5SU1zF=fWNY$V2$FLB!TmMIW&^wZ=9FSI<4AA*}8ep7G6 zD^<^(fBPCT@$$}AZN{t2wK)Z4Z{oC#B(R`U_{^NZc)r&;FsO$94SRNe-r?5VW8?*~ zUsPlkr;NM4rZBO3uF*@~VelMs+U>F@bo4fzGsDm4&^GW>;MgHah+^Qe+p{Q=N=)1W zg`d8UTS z`^WxyelS{Ic_~WUy&>1a{bmv@T)N(RR!*;RdtD^0n^y(_6l;pu%(&Pu={H_}pZBXY zi)e81YVfrd=cOf>d>XlgZt$y=WBr|5ug7}viHV&tDn}xalx+0$eycycAW<%F-p={P z5`_JJM}a#69U>k$M0&}MVpKDGeEN8+xK*XObhsJ3_d4x3#PSuiDeE^E=e#q!;G^yt zN4L|wXv~-KV}~kOq-*?{I|?Dls=o}T+Rf@a7e_}$zER{RG~GDe(%aifhZG?Y2DBS8 zfRle2$(`4ocUpHJBu%cdpTqnU&SQGF4}6&I78& z`*~TE!N(sEUx?qfF7}OEjt74H;AfWToOiN3W3S{$6rydGLs>m9J}W6(_R6*u_`^fW zq7=KLlJvW)U!`-6Wh%O&O#L$7?sgRNfzsi$$tNG*xe{OFe`FP1pSxip;S(K2PYhn= z;(G`=lh-*;y@*E3)YQ#r`$X=6`Du@HuhQYn39DqHs-^AIP_&NYr>dWBgP$3Df!z_q zzIf1-`&K{s0OMIK{cSb>?UQlM7U?!1G6_B+PojUw#lqZz7|POdF?FfRBX<7g7W|P$ zO?!^1NK3}V0Uy9pYdzZlHOp!HqvVw=1akRlsId2HLAL9bii!@|&h#-az~X7-7y2Hg zy2K^G*oxJ+iGHmh35Tn^+Y0_&_W|aah}6JM^mc*|=$Jv}vlF4^+ugXMo>30) z7$eR;+EzGa6K3_RwdPqO1F7P$eWq$lm?iPp1)SU=0(Vu(7IwvoR*`B6bUxR3-y$J+ zB*$E%f&mF#2v9%Tt@dvD(V4LR{Cq)PX0xVObN17SPNwD9F>>wZ|4ru8oJOEi{b7o4 z`KJ~@ZrHG>ezL_VSzz{54IUoeFh|uVFdVOm1a?>orR-g+%Dq^o~@@l zW?oVtgf-Jmo4s;ORngw)Dm9hxJtK`^*p`I9KKDa4n9$XTNaBnr(Qt=la)ggVjk*JQ z=`rJDuNZzZ=v3=|8$sv^tSH!U^nW)$HaWg^@oLi7T)Ltt!S^@imJvKe(Pr3xXp~gU zg%GSls3llFa%hr=J3rYJL0Kk+H15t#_)Mw9gd5g6!F?6dfcE6pGff6|yjZhAv-W05 zDApJ3I-D?&R&GxPCFam@ErzXS?3eLIzmm6{3i7*`n|>Ebd+6mj(1xNzAliI&Qtz{l75u=TmA-5f{{*+8P-9V`eE@fs>KJYLbv(8h1^bkIH*y4rOnGg^kPM^6afh zl#oGmrRv10c-g?81`+n?1SRi(7R+DkrUwCKolC6h%mC!>ArQB-&*bc!wb@ObAk5*| z@A!|^PkHb}`gksJNPT^cs=~oLp*O-Zl;Y7tci>0YHc*ObJ0}-D&Kf9++ z%<#QwnLV5Ur$nT)7+4pssB2m@%(6T~N7-!7ab!hef4R|kefM)lyC2f=xP z(YdKRwbcogjqB;|6wd5hhhf=o*=s;k4%f|AbjNO;RpA?hDk!ncWlD^snq7O^Or zK49 z+^)PgRz`P^ic5dacP#|$dVWj?gaAZ3;q5r;!$skm7IR6H66t9iDmQNZ9o2EU;BYK# zX?ejAB~R65@+N}0(X(pGmNfTpk;&Ok{1rP#7EDhU`CAx0pZ*&~k;2YXd7^il_(Bih5A!OKRD^|ph3Ouny@}2(8 z{oB`@hWswD-q@7>?w!DEXMDBFZ#phpS!Hl3p04NxkZr`TFSZ#JsGM+p9qv&SSuY4Y zr*|kK5+-Ulbzn@PO13bfuq#-yzm=O&IGczu$;cSpGov`uyK|U!nc4aGemPV7bNN&> z=AU@QzMt*EdGqe7L*GvhzSiKgR;g{lkrOQ3aofqlZM_deK81O3nANH^OV-{;E8||8*;K{eOY+ zg30z~bNO&0Hp*>w#`prRJw!$MmnlRUr1Q_vGIh^*%X}nZK-_`D9c=-ozQq7ap#b^hj~aC*z#BR%)K+=2vPY3S!74H(4;cnr*8b z5Wi>9whqOL8=L45P&UAf&qlgZ4A$}?mWmx~BfG|108x0#VZtW{!|YcJ(yRMo)@qc- zxw%^$AT%QAIXrf@OmeiV1s3q1fMTINu=s`aqdGmr(8oUJ%P9;D3KbZf;(hMYrql|XY5nq%reJ=kIMr$4;V>RG^=Moh17s(73I;NO9u_?vGyjRW@*euo zw?X!Z=v@1Npiqw5kiREX1>lzwqwbo@B8*ASJsK$wO>t{64%rLTo+~%;S}b6v5Wn%A z$L9i-wWWkQ2Hwx|gG;EtJ&45KDGNMD0j4Qup*Iq;Uh!R>e9eKsISxhYHYe@4dS?Ik z&5qSm00uWJ3R~p;DGy9ElHZ_jH@Z8bea<6Q?*AR0aifk&)YTGah?onbx%d|4I``3O zT5vFlrbH0a?zDl4lM{~P=1BL}7EP)S)6(AC;jhuJyf+;yis8yPhvUa9W?#f978U1X z$`40EmR`!;o%PN@xDQFlV!sqO#%=`Mlw7A51;=wS=nTBriRiVmNJG54Q^kH}Fv;V! zR&c~ICOZ6ivOMPcx)Y3S&|%BEgZFqZ0Nz&1=RRTjEu1fMPMFWMJgUs)*yY^MSfbBk zcfXfLGyMeKXc2RX3mvkF`|D4)Kyv$Kl!wuv8ASLz$r(hiDd85%z~P^Y)VjFHOQ&hP z*6R4BO7e$1qDSihbO0`-JI~~I{jBPugK)v z1WkLp-@_N@2HlCRKDw>OB6BDC4AhC@fOUx0)x%yalLe>CKVBEILUaWS3p4vVG8JW> z+$r!KU#)5JBu4~nuuM|!V1kQcqI=1u%Wc1|-EO=iZ|5#txb=|2yu75$01 zOAc^jSB}|@YlRlRDJaKI&7xH!iHa!K`g!O6kD`i(E% zw+=4Twd1=tke@8)m#3X=0=E$se}`HP6x7rRRPjiaZ4bQF zH8tMzM9O6v^qh7J4A)-aeK2(I-o5MV?}vhb-VSPNYSJY-g%dg1*}_M+4Gr8l&!3Ys zGLGbAHaGM4@54dLHFoWv^;`iH`dwp=&hZBU0fB;p0~dgXplymBEe(yIex;P8Bz#y{ z7-iDL?m5`R;{R(vLMALcyc30~8IrHEowGI>n?5wdKQK7>zRAJSF=t{M0(tf7m9(tv zsn#tOL52cChC=WpI6da`=bP_5s694t0JHHa+YRr4j*goPLCecl+?VQX@U0|W-eDGV4act~?INHddoFxYS!KQC z670r!idm#Tx5I$T{kj=H zZ(;e~35mGKCxmc9sqso6@tcbPZh^Fg5DPGM<6hay@8x!#d1<<$P^?dm;br`CWR}&@ zM&_faPSRJ`C=jc6_4XJ}KOh5(Q6+;}>WZMAs_b0doy4ZH0Ho)4%6;_JrNASc>a2T3 zYZWhrsOZrEERvz*b;tia!d7p>f7y5z(Ku&o!>z+AU2R`0gL^yficukT&5= z18s?*>_2Vu5rf$({S^jg%j`=QbjY&L_vl(KeJIOX?X#u~KG*TfO#V_t9v+^_RndGE z<<+`=Q&DwwTsbQ2>gsCywLVN(1V_%;s3^4l{a2usYvrIc0Kgv>?4mhJFWJ}}Rd$jU z*4Ec^8XA7DyMemUGY|n(ZL*#+gc7n&wZA>YeYmuc3usk0XiC)OBL28 zlhe`(uI)rB*P(6SooNH_g&IN@;DJ3QiI*rIim@zhy-cv}tY&*;z+hCOX~>4~W{Dky zXrI$j|LQCl9S^7Xe#>lH-)``Hsm=yF^4gfML$s4>KA^8L+9=1!7Opr&V^OZq^(*#t z>x-V9D_q1BU-O5}4UMg>JxNpXhPQ3cOnswTtfKRo))hR%UX+b0WPD6ZYX|7z}%*IF%c4T9Z!cL@9fQ%VN$mX z`EjxNUg7Z{YCsoI~ySw`a2LojC zMdjrqE7MjT*GxQhK$2n7x|G-668XPrlUWc_1 z9dLRXjPOrHKwyDW(a@!uPTleJKHV4w*hDhx$`=zKA5hK8*b%N>Uf_v{xe0kmON#`G z<^`?tn2ybSInsuu6%;=GvXoF#!eC`%!z3a?1%_B%%?b{xm2RCf6+7t6&VH%eVE>VX zD@6{Vny|e+^U3L{dBn>%{Cv2`a3kqF6mBCc-Qh;H+ID=3%#fmrik?>Q+pW!`Bm3t2 zi&;Ty%vFT|ce&x06=&x#OC5Wd%E%B9Oc>h744&6`&BVRI%!e2r%r$B@Zxt98Y9ABp z?llKqgl9Ck?DJOWH8E-){HfjL_NgWri^bHeQ=3cfZ3v}aHZKvd6kT5y#Fj58sZ^bp zGKivG9m#7vhXx=05{&m(=IcO@sf9OSdD}|RLR9Hcp@ai<57@>`OKy07d7rH(v*N2t z*k!>1x;B)-hqs(VrX(&E_GzhZ#=61lnicp}VsTnXNK{m2*oFfBvuDpBwxflaEkTF4 zojoQeWF)Z2-DjSVsTU4e5nN9ANWBR5&~XZdVq#)2a#ZoNwUW)x*$E=E&81aTut3)% z5LQbu;jk{K5)f8@Mn5FE_*ks1k8i1na!4 zcWjmVNsH_3oZhsgT{Qt zZ^W9?qdtfEV_2LEKD#skZX}`9#wB+}A9b+Y*@RHnl*uAMYd3fW)XbRH>l_)UONlOkD zRaH0%@kmLr#U_+zJh7K~Gu9V$sO#dj5*9>n`279-DfcV+T=ufB!_%juREoct?7bhM z^6 zLvLynh333Z!X zh{0GJ)}xzP^r5BMAR3_mVLm#4Sq5Y96vyAcMKIiM3#0eG-)b=yQM4mv)H{&4%pcs^ zJ818&kbUxbo>J6|$xJI=o(S5bX=CG4QEm15Ko}=%z44?6wqbu!YQ~;^%eOPixh&WD zmfMCmINp3j;i|Op+&@iu=|O>%r1ewOh%J$T4_2?@)GE^}(v_M~L2L#VKn$(tzdK`@ znXZr-1&>cmY{xICtE-A*CRvuL?tx(`k z*ETkwmjbaiubti&Vt~+1T2Zmk`D9aefC%M4SBy?Wsy}@^BnVAZ^ zlEbk9S;t5D1&WxH@QfI6s6%^1ibWZFP6ryBrk&%&O zGBcyr)=WLDH%Bs@Z2S2!(hun$Qk|$7q-WCR%5iIEB0x--B#2ZyhW+Nvo1&s3jPsb~ z(fHH!(0zL2%NjmZc$j%rEG#V03;moH_=W{^)69%n^1A8M+aHUA>6emrEspVVaZ1|S zbaYW6<+sOo`i)|H9(VTvduex`gO=bVl#w=}bYH@A4}q2fUB<#T1K13O%@aNr@=*|qoJ+z#Zqv4T^-@n zhkT%3o>1~hV$|#KhpX`K$(K#CU$P5^Kv14D{3tlIP2VYy=VN$l_b^8EoWQ?bgb)}N z1QLt6tR${zv-Q%P@zO&khHH0YRyq52{GD#&ID(K++Z!7^;8$8K-Z%L*IvzqphEm~T zTDs2#F15Dq8HRFo;#NH?j)uwaE=@Lhi7zXjO~gM1ryy88-6uvwMfD@+#R4w8)%H1% zXpPwG^^?EZgMJUh#QBwk&6kXogmZ0+3k@vmHt7!y4@%F_{$LQ0K&g8{D@+l)UhC(p zh;a5_uTvrCjcplcuMx(FRD}{LDk|dP`hy57CM6}bqeC?55X{A-Wv$o(u3%zfB1l;6a5hMuA0wA1Rqc#0e0GeNIP1<8$`M&k?(^ z6jGGuAIm5};~Zd3?X5A#j0_A;$6I71s$M3HT3nf3*e&|#V385?xo{Ivf6~l3mzk1! z^9JczDK(s(SPYLCYTsSD*cu5q&J4e}xEL^sj*$$$*n|Xj+rvPe{eUKKzp`I(aair? zGO!Qc7dN|=F!sKrN0s|tq;8hjGh)anD9Y;Ua5Xb~)f%A0CnhOr)1@47{hWZwSf9$+ z6Spy|w4{V`G2Yk{XQ|;K<4{87Q;5oli7{sySdOnWrz~s9>FH&a&d5C}+77XCU7`{7 zz3fC?cl+lL6Y&qG@ZEppefbht;oNGDH!}$7y}me`mA(*+@28}>fwpg&hT-aV&vAyE zn@hUB1TH0Ukm#fZ@7foSJD5|QF0rVxvKNdnK&&kiu|Puz4J|Duzxns0j6*Mkj~_pR zo+vnX599f=s&nK$8G)nx1!zQfgqhy@0jh<>@q^$XaJLKhXA6%YjRyXlJYFjBU*4hQ za`k0^JuwIn*sEI@$j&GS6a*UPu8RFaFsnA){vE?mwps|3>lJ~gXjZ$S^yY3m*_lCY z?qdn=XCHco`?p5G3kwda11)UKe7iSM@T5BX650KH*@5YDXS>Beb8v2Vd|h96XIXz< zU~b|-Z|&E7fWpbnN~T}iZ)YStzNRsj3s!@@PuIqHLwHR;7si4vqDHEy*ZOzKN9u1M zUg4hn6dN96GO9;cT#;kNkC=@VnZ>98$bI*Y_=*6=0DWawgwVQ<4E5Ozc#nzO6#)pQ zqIRd-+PM}Zo&befHzAeHlk+Ky+H~+8<@BJH(8uR=iRo0#uMPDh)I-B&rZ6nRe86?P zNK7y+g_hzt=?feuDE&uKwt%drj}FWRq^W|*xt zrYxU*sh`s)F-Z)0k9WunXYe5a58$@-(G3=12pcCKvUIjRQB+=@(YKt=4nSI2UmvYp zLpC}wDQN-^iKm-u0G#g&4({zVt^(ChPjBw)>x0-&xD5q|ph@Oo0-ycUvXVrs#*c}E0}GZ{dOA^X zH6>*_2&Yd){)lW08!|V13&1A=-WAjy67Q^CwwtoPxuAOqFAF$beE%A2@5ucUp)2TM zW*EXnyL>-nR%7UcZA?S8o7m=ZwVNnZpdwBH7U(gMv?l!&n)B0V_eVNG--2-#IRyoP zCQ;Lw{3Fg0)K27>w`z2_3R!~ky|vBFy7uL9o*^OdrY&)JFI=l#KqRB2sY&zQC%r}N z$}|3_pvXZGK$dolPhg~+Q4c+a-MC{7|C_L~e6hKT5wYfSJgZRV5ThMoGnV@;v- z?2WN{U#p!i=uLpfsGEH%4w~8s1hsKGI5=c0(GXpDu=d^wVuWA-ty%YibvzjGf-NUr z57Ify3KsG}02%}Y@k&Zc!qf3hi}bXYG3|!J4i43`i$dei{cA1@m3%XN34d8~0O|?O z@KOj8YW-0FCJWs26`ut&KI}C7qF78B+=CbB@TZM1BMUMsPw$&1Ub=FHdLbmt%}>4E z#8;J3CQz%r&vI5&N&EV>vz4Ro(no}XuN)D4&$8U)^u9YGUBlTymS9VMA(cYxZT-Pd zhW7RtDCFc{4Mkv6b+pIk#>0egTf^skXO<7D>p22A2|;U-80>7YtX!rvXEDBnPdxjDbP@EUqKEfkWuIo9QJ&gAVBc1o{~oxQKjwTwx%R zQvGAf?U#AY@n6~yBtM)&iylfzZO@R*E?q6S>Lw=7+5rxXh@MEnAQu&$F^}Ks;vJ_0 zatXG0?Yv7)IEfr^>XF1;V|ayANjuX_>q;8+CDI1ZgqrA(AG>M-I=6 zp@_hP?Zf@AN<8FvfqZMFdiA!%2W^i&M1o%UNlXSV{h-I#C`n*&@an_uVO9dCB2JgE zEUL7ZBAQ?qJ}^aPZS5Vygtv5wG<09rM(T`za$apz^YcFLK6{S2q`9Lg~ zQ8PZSqNbtoeG;39DB|wU3ka$J3_-yyPr6t{jz%f2R20z%=J9wzkd~xh5s4d% zDa!(;2sF2b5PooCSx9(zUe7#Wu)HqD3lyRx@FPb-(5xZ|dYP?h`R%2Y1><}|EHRV2gQ>><9_x$0G7aI>R7~G-tY~3?rVq&#BHM&ILZ_s*- zX}y;`1*C%lU19ukbII{coZi2u1)Kkf9B5*1gCpLmsKhOiJinj`%F zeeqyxTt-GDkRB1BO!+%#koMpFK@&c54UI5&ajEO{ptuzJvA>+zT=(UG8X^wIRlUhu zY4u>2CzgS4tTHmXeXJdT84wVFh=}+jYjHN{#}8rl`fn?Zn+88V zwh?#8@(4*88fG)4?l}T%gK!BHK*PWs{U}LnwT^?iqy=XLu=;~Y0Pi>ySSMB3lj@Rk zI6skwy7XB3;oc-(QL~6>*~lR<_|wl|Vn!DiMTrSOvTQp15$l9T*#W-iXyUJbz2w6t zAyJ5I2Nbq*)~;>;$ouWv>2G)ihzD48Nr{Q=)|{%VpOXti01lx-iAOkqfGXEm9x(j~ z$vnek%GTJa6hKhhm8`q2GGk-Ow9U1(3BaYhlR#h@Hn|)T^FbNWd^J5e_A`D;#w-?S z*`{%aMWEX18V76~S0q8^RR)*hQSab9$Lh*TOl&Mvi+(iNo`q*LphZN!x~ssB#TtgC z$QmTN?7|4dnBqP%jxWUT>4n}VU;s5iMEK=$b)V}21$$Tp?Ss4dNV*6(1Qetm zz-?HBu!DKU8Xwmq?ZNJeZu=Z4&dxH16!Up{VBTY7XvpdKh>VOn^d;RCfGyceB%d@C zWaKUF59TkYE!cs^eatPCxfE=L-L%Qa%WGJxt#?EI&310t_HZQ{%2(mdW1l`#pip*H% z`{zSwylVgYV3J&k3Y3m-aiR?GC+w{v8wqF6ohHr+7%~};#?obU&7Pm{FG^O*@yn&9@@w@6nFOu zV*XWyE)h*MgfAK`$6h!POk^tIr>EtkQTpM0M?L8jcw{kYa+WTBhps>@f62U$V-|sc zNdi6$BqT9u#$pVLg5)Fu(yBucX4s&RfmDJ>5he=mrmc0KZroSBgO|<-aBz*dnAbMT z;rgNruy;IXI0K`N447%@Eqh&mR*KOCz1k=AUiefHE}8viV-aJ(#GDU0S&awGW@t!` zphu;0dLqUpvx}B>VHGK_2k$umefzU5Wm8jAx3ku`)ae0JR-@5O0mfzcUzW8?+LV`o zaHh@*g2V;r;FX=1CuU#nb?CY1NazwVhpw{O`@)BtbA@(&?;4!lRb6QTrf8oYwq{1| z65(%Mrnd9OX=E6|jYQG>Dl<6qg7rk$PmM{!JcJq_X~Gha20)uBq@uVZaEl88N7~-r zcFMZogr(LpA&4~7wL-;s{_fh7Xt7hN$TnXkRIA3!eMqdgu&fMKqf~vobq^FJG#z$} zrqLzJ@ID`LF91Z`!cD)*N0B=HF-oV(7!ErhUo~u0^cpICtE<ZvD@3**~Rm5uEjN#l}atbLak zckdd>SJxR}kwuyz{r6x&6fr9SO~8IMgiNByxyPE5f}Vb`y++nz?+KYSHKk8?cn;|^ z12F~N-Q9EVi_6NyZEYFvhwM;hu;=H|MafaLR2SBe38I%IJIb+ucBfIUE#Vk_+>)Ix z)^b8B{?mdzPSoH;?5)i9?A`S#@f7|`#sQgY8%h%!&a^7`Q?uxEltkju!|+p%t|^$A z`mQN9OvzB@p34=7O(@Qct-U>`D}L4Hr5E++t%?fllKaW^YQn;P;fB8is7&XJG3<(Y z9L;J9|GWS+ahU^<5k!=DzBRPJrZ*!XYq6Q{<`MJmr*x)+p_`TT$(r|?7s(=|XH-j6 z6cf{=pxqE8SyP zs5n>gyfGzo1gwG3z(L0Y1Qvc-%>4904_;8qOxLaap|Op zr5xtwdL%Foa5+Mf0>o*cW8q8gw<=R4?*o+Fi;b)6_077%Bj-xN8Pc}X+Gb`{Ah#fX ziA$S9@Z{KeDg2+OSjG3l2DC!}E|6zK4g}t2jADKd&fj~da`Cn}W=`GIE4_boG*~h( zXGIMt+}_C`yOjI&>(Bl3Ya_J$Jxo#Zreqp=3E@qYWtAX)p9%rPyVbona`1EEa{wC| zNj!m=_Eo!FT3-HKrpuK1z|@Oe?saISgsc_4CsAN1&Q2Rt0XCk?+J|#u9cp$0Pi^%2~pvJ%s7tWJ0fXL79jA*=i@`ZS-qxT z39`BUrUY*hxm&3}#}sYZJW$aBpJMv%owD+P9vXw-$ZeQHVctRthzLm>e;=PB^IU=j zjrQTghpnwGkPC3sG*=0F>v~%ngHXtJ_th603e%>CphrGY*IHkEc3$fr@s zy~M=!?iSZl%xv^(KK_|bliv9rS;S{CXk(mbG~t(J5XduwXIkTr0LGKNA1)J$pJ;Fd zk9N0@u|P}L10pVHh_%OF(^+$SyU1GW4I$)*e+VL;VhLZ6Y?3DwWV*t4b@elI0gRA0 zE%wtNPzTa#i~LUk4$D3W8nD@Pk;zQ)6UYOP9C0u^Uki!HXlnVmF}043q!m77NWjxJ z+6P8df>{7zK_NVEPT^$+*`^2b;s((`%#auesEcya4&U?$Nri1ut^Ha<^$C%*+0NY`q6Km+u!p{va8J zY}qRzE0j(49-&AmqY|0fyO6zQg|b74viBxsM97}mJA3`kyU*wI`}h4_e^)LpJ@4oJ zyzl$m=RW6kUaxbD=8N$T0=ej_t!~g{BkU|8u1b$gP2Xi@wWhOPDJ{ITu2TOz?3$;u zRFQ^*3_ar8wCO@*=;uqemGV|ZEdcDSBSjRVIq-#mUl)xW5RUZuwrb^Qr+xk$v)fB` zd#rDrZZpK5?478~ugWTN#kZp0s)mNqM9;_qp&9PYHPOmZoGus?d?UV&ebXmTCcd9G zJsf?yFB9*&g{A&b@fimsU6E&XPSbU#mE=f7hUd9F;=8@up7BL^5Y!;vadw_-!C8k% z(pDZSCSn#2!j@R#fc64a!ccc{~ z3od-q_;56~oR14lK-O2xZMVEePD%D0#+3MMu*dc9Qe8coxF&oOsxZw?$L1T!~{6s(n7M1|v@y8wV&N z$OW_?KBON%2p1??tfC^kbjjP>8xcMF+P6PL=Q(d<*qG~l?%X+goug|@j~ue0?)IYg zNrfau83qmcx1odV36uG^o)S}o#)T)39#v4R0V=%EwG^H#zM^p}{Mzdh&WWIV;#P_kiRrI$0Cf-=r zc46OQ1Qc;3M7kNSyA$0GpRg`=MBQHRHD#iDQ2Uoce~Pb}*u=-n!fri;>KTBY&(6*Y z{%(Vqgqu4&=rd(#>*}a$AJ&tXK0W{n!WIv8@R^SU8!b$JQVg!^tHUK19)G(0_|v@& zTIQ3$=7^-sBcFyz`Xw}h8piFdt%Y)t2`{M` zb_ebOGk$Db+_dG93U0`S*7DQS)A9G@V1udY_S=0_OrH4dF)ImfT#0PKkKSI%&aFa* zmZq?;beH*Z+!&yu5~yycf|exs`iNU3V)<9nyyw=%HJpp}FEKA|7-j3X$9w=-!aoRLpy7pSpsBtYxNlE)~J1YS%YsS3@jWMY`jCwy(3o|naF|+po z?9b{oV|H=fm~S1^M+*~r2RZ&?ZB$AMS7qU)P1%b?hulzK|EC6JAEw|1u{0z&`ZBef zu4U+>uC9P;=Uip<;%3?ba0XJiTiJbzhF+-Qtajl803hPco8VD>oeNK4>z6*|BD(wf zLm)V^I5DD#lrqJ@7Feg^H*jn;y4UGCpsl!+NbWxA75S07jc@O-hh)mkA4)q(p6PdvwdgQT%K8zbfnZDQ=a7PFS%_F+A>Y=}@PaB!fJ_rtzs>!|RDdCmqy$=hSw&Ce-; zd+0gJ>=5dG#(z@S3#Dp1lmX^=x zsQw{U#~vA@+iz51xdsy|0x-8U!>l`Hgf=IklZANd9=3)$ntP8l3*mWfZHp!+FxLjq zUz}B~s_{SJp_u+k34m_D)wuC6b(FTfQ5-+O|oq8a`A}G7khM|(b{CLB6R7(uXr5*pw-XM?QiCaTGK&pzW)Q5ug=$Dc(t{U!?zH zbBGYB2dUWNUe_ZKllj-8)fZ=WZr(bk6y53(2GJsdc*Gh~v`Ot<4*SvLiMj zhozQGyL-k5MH!{E4NrrUM>MX7M}%}#*IX^ z#@@Mhlbwhl?{3hpatNp$5pNKv5wb>4_32>%Pd=^9ICaq7-GB%*ivE?$_eXk6is;2} zp5H9G4oqR$&-frGQg0iO^{}9VD?S8;rk;>csi&51w()s(5Is{qs2eTiyeT|9m$Xz# zJnA006a5>_TbU~BTHCWhH1E}JCv30%COR7^?HnG6OdQ~QZU#Tt|0o-cF;Om?QlFB0 znAJx-=x%*}a$uyjj@E^JoVb?uO-nF&lX*#6Mn-dkv-(AdqZ($&B(dGQy*GCweT|t> zu`IBS*;Td1>cXZ{Ipk;~Y<7No*JeQ#etI6J{A6XUEwds)(g{{CX<77o9DZQnyBT6G6lW;?&G_ z>lT?+Xn^|zBqSb*eOmnz&(Ny%S}Mh}P7#c56>l7^@h0-D(`{)QSQszo^FeO;T*6aQ z;}(d*#+~O0(gs0{DSh<4kdU1~9z{8?WlAYD{~0wmwD~;`@kX(YkLwLV^ha%! zx~BJaTlCeSo8=mu`($Z? zTWUE<-*a)j(DBz+^xEbydA8hIppvft|W^?N&M+tg(j7Z-~HMkxvim zdtZG@bGU$Gja-#mV;#qQGsdOM^+=TwR^++1=+CPYo?HClqS~B8rPvkJA~(8GO!vyI z?sLlws{|1pK#zY#(^7SA1id~JuaA^PW$fN4TO)}Nn$7tKL@eu29o916C-ZThgFUBA zZU#aEVAEZ;w?B^7#Rq)((g$eulaucX z-|)--t1;8p40^BZ9(W#;)wzq#2d!~qq zhqkaG=TMkr*m7udIuCztKTREEU~J)5jm1~4T_U4=1@2DU%M(%M4DDGT!yAeC){uwe z?Q@BQouCOksO_0%m&jt?ujlWe`RvQ^2>s8MF4tiH>T+y1Jw?6Zgg{6-737SXv>q4pW{81qf%3bD>W=B%c9@`Q z@q0OVDy^~K=hawZ3)VWi&t(t>oMoFY+WuP@Ne}OAWJ^rmu&jOP0{OS+a3wdGO^WNA zW*OPE{Jb|oOi2+VWrT?amx|J7r&ifOM-ZlWWVC!|99%q}g!+m!C8**aei|VJwRm1Ehop)&^V0p11vsqqp#Vtd94?0+4%{s0cDO3Iek~Xi z%<|pbexnAg8PQr#n$ZI%7( zBJ33g7#Wst`}@JcH@u9Vl%%C)TA%U{y zDKR;wK&k~G?H0s&Kt?#%4HUyvhSrQ(bQ2Zzfx-vj5M)Aqwb%Vl7o>dk4|#enMLK#i~Zuha0{e{C?%o=<{7Y=NLLDngG2HQ4BtXv@}5pF ze7lD~*7zTv~HCv~6oCm87fFkbXj!fez zTEVz>5$|Q=bjBiERYuR#fsuv9^){IOm68CaN21Vgp!u4*m|}P&%BP0yE`!DONVYSe z-v=4w`0;`XXkvRmI^3*E4$|xzWI1uwEg`CN)se^KvX+8_sT{Eg%CK!_RHP;dZ!dwv zUT}_%2!c=rR)bA@j@sBMF4u2k1?+K;19E(HZ3t`Nfj37a&M+S&iD5ZideK#3iOgS? zm#IsOJ6n7_k~I9l!09D%)~sD6OV{Vm@3QOYU^Nl$gqff!O8rt>2hPztPl`LfewC4w zM8lgXHEF|#n(b|M_GC4AX`{$$xsZfFfZQ9k!1Fq;486$6VAjpQ3ke7$1eBE=5)xj+ z0ofN@SJi-X3aAo4<+m7r5mO#3fh?K$Tw!NyR5%LTKRXUmMf#lC>?&olWGw4d^S4@ zEWhdt@*tEi2l-h~FB^3(w>B-yu-shZTPvTu|F{6M3KO46Au^qY(3wT$Iz_ZMsCFc~ z>8Bxn%VhkTD30x=zQ}ZY}U+BwLkw(KJ+>>M{=x|O;-FP{#u)^{___&7B&G1ZSan_-m-%n|S zTPy)H0Jwy9V>?8Z91?M0d4j$MFo4_l?k(Cu!Qc|4Yt(ke*B{dYIR)tLz*UCn*Y=%; z`hhQSTz*|{d#FMPRlcvvkqz;;vOHMpt`rpw{T^x+(T%S}LtyhfoZow>!U-d2cjWPX z*c8=91b|ye8BmQ)icgi1q_XJjW4Wc0WeA!Aw6chQ4|N<0A0}5_vTv@+fsiQa<`0)E zDs1FjFJYGw7OoK0y{}njT;jXy>ci+7`F^80`;UZkp2w699og?ZPStm&gM6lU-A|Wh zejItTwP3<3@e!p@hUN=bO8fw+gq5wNA&A^+2^?Br#hPkNxaH-A+!9+)f&t%$S%Q@| zgfA!8?l=wWx#5jKr_xEe(>$1MS0R?#8#5h_+bQ#+$ z=WssFUp%YS9G2)s2PG3QKWIzz@G>=p@71kc)a}Akc;qC=?){6TX;h}0xQXN?W+1r#oN)}xXznz4O{%FqJ(s+ndzF2AoeYAe6%6>rtRK2&yac^aXl>j zzBm4>gpzvsKBPjPI|XW*3ADkoc4EeswAQDb-v`~U%s$)F_7^b+Z&4bslEOFj4@d8+xP|A4&=7sG?xKbTO&#fSNyqB-#~z-;T99mM zxCj=6;M_1GUZ`RA1%FYUb;1Y^y)$*mjy*!yi6iF)UH(ERV{jFg7hdf;>0aa3*MuH@2aM zoMe+(3!1_00fByl_FL??DA5PdEF%cD69($k`~L*p#Zhtk^3-_50qm&quxi7NkZcSYUuvQbg4QQ2*gk)c#aDax zG)Gij&>7YSpV61V?NxHyV^c9`Jx+Vvb6cq! z+j4<%^INysoEvdmCT3HuJWq%Tv$_De_^}!2Z1v{6h@m?va&?9O#)Wz3O40zG_$pC7 z(`U`}9^^A5>qqzTl-nQjWJuddDdNmr^@HXrsEG44YL7c0_})ci|8rKXCmmtqoNli5 zQ(HG0Pz`V2b9v(wKxfrM1(7oZnpl&MyI6BLC@v`KObiPbRAwjc7gcKjP(j-kJj;OE znE&sTUw7HpUVVRqV)MI1-OKqDFSO-TBRH#l_3OsQjf?nph8zqHlE3#utt+UtoTbC<1(R4Bh@YWCQ8`q*&u9hIGBjJ>14f8@&1883?D6 zY;OQ$Y9KjwcO~q#l9GQ`pw>1>rVsG7sx#Uwt$k^itNGpZMF zrcRpAy@R$wKO9o%_%BI|-PL)z;}!f%wD{+$GfN#J66Dld>*aM)S>#w!L0Tf7pW{Fw z|A3H+R8h7O+EE3j=(sLyl>60+yfzv?t>1m}f5#U#k(MWo+G}}rlJMP-)Ayujl$S51 zJXz&19|J)oB-%7QC&njzbAFaRWv#pA)fHfSGGam7Whw|w7g7N=&_8#{GmIIUW|d}G zWlkJ)qDRyQ9#zjr6G5=NY&Qleqn;sQO+e6XWPU8&)9gg|K$9BIamqY~Op~4cO0(Dk z(N_4|svzz#IP(P765dD|yf|)o8}s_S=>6GGo4Rez0T zZZZ=nFn-_@EFZU>1f6m|>sVH4Rh+Kg2nidnuXb^oDF8Iv;rSXx`>Ck=(Sjx_(}Fz@ z7TEEc&luOsz;9Nlh&2RUwEsFlPTF2B=r^mzB;QSK%SvM)^e^L{KV>ScrKvpA(RlY0 zT5$nph9LK-1O$EinHcYYa~AUl3~Lg0*Ih?!YE-8um?`)RYI@0Uzw)Zi{B+?$>meCT zK}|O*>Xo!L2b`|ziv)moRCrno$|%h{lH@dm3Y>d%004t$0oY^r&h~rkdl0h*`5GHf z**A8bBz*aw33K*?YSPKzgT1tYhvyKEz|fXT<{PnGfwF%nnS7iJHI0`Q_Qy359w1I5 z^$QE3Y}S3+lk44=jcaSJzl^jlG+9fk@)%7^kcJilsE`7cFhCoObF#lZwEG!MpMA62 zZ2wvO^xB_n-OvXG=^SqRXmDsVs(3;dHg1hxW^LM6^PV4UbM_$kEH_@1g`Psc-JE86 z&Zuwcno)p?oCmrOp+`fc<5~Hw#QjeK!-48NwCk=Z)shW;yow(6-F-jE@|^Zwn}x;+ zaKJtkHk~Nz(5ukC0-x1;YN_D)^~%NZR(UO3XnO>yPW5{aTIA!i4!afS#XB7{i4YIH zKYfb<*zU$i@>vl0E)6;EmldCqUrmlcql9;?^7PL?p?q|gDtu1yz0*WCeYz=Mi(UTH zeyQDgi?YZzl6oAHx})s}?-z)mF#)K`AqE0mD9gAW(xd0?(mU4BX$z{gK42}oWv3XB zHwT1=N~)jTffWor-d;fK0#x453oWQn(|NpPklc2NN`PieQWSh43QHpI);-N#;$FVQ z5NFb3mCZN^ZQ*9fv;iBa-d*8yUhVdhw9pYq>EONv*%AB|p5QaSmxKgL^-d%6>4EqT zv*(@TGgP2}%KYJqW;t2o9xHix2=-&_olbHHBPLNvJ%Cr&QCI}vW%iyOqB6d|lMqXj z6WXw&jGwzJ1=U9*zp(Z^5)gbKu`=f3uDw$uajFxAlfdaFwd=TAt?vh5>Et^Iw?%2DHnwJanQ)q)tX@hiQFWBYWuH|t?Y%h zA85?0Hx~^XcPc&&zI;_cD|4t8!tf|MJ$<9?iPuxk-z3R$vIaE`{Xfq z4NFIEG79RhpjQ$mbSUDtVP0+f;k9<{wbYBjl>H|w;_f8=b!<}UcP$3}NC>GzTFSaw z60fB2k!(-jpO?zic-TFa{{BPWC$|%_?qr{xz0pv0H4>$$k>lS9&hB&JMMoRADZV{c zw4(@&H6+V|)}-)dwqMObw&z8v7tg(vd^Q}|A7kp|@03$ME2^hA5;)^g*G zh|ShAbi3HLuEMmdcw7EqMe~aJG8N(V8yESk)g11tt!cYtQtI$Sb0Up9%p_V#D zd0fBmkGdYkaY<>pVIr64q6KHUm{e7vhr!xbEwhl#`Nqe;9bJsu~=iy)<>dV3gJ zZgsZZ#FaDE>-0JG$I!WoQG(~i-=_rp3|_Bk+urlZHDBg=wut-S{b8l^)gZZivQWHm>lTtKVXd)v6I=ix<`=#p~&ug=~jdD*w~WFHyS4CUV# z_T7d#4E#FF{GKGph%Qbq^_Gl6d;F|GqOS?&hZgBnDvtF}-J6Sn=%ZEiZ3Rc)l6~>H z)Fu3HB#XUYU7Ff)i8`3{A+Xt)l-#rh=1Qs67`xG*^Ktm~bqWnzl(}n6_eQzB4wS#X z5l~MHG2@NOFj1ORlx1Tpq53d}@Fs*CKtBL?(*f)EPEHP0V%$!ON+CW4`FNc9mOYe( zjE}$Y=V(znfx(BDPuiyYMSbpHRA_47P1SyXK2+kn36+|y)jN;oHkMHhr@qjnw;cs- z-+k_;mr$)|%|5MOWP36DbknRd%dgi|Dxrd^jP>dOH7_(*Vq#Cj9;sNevy=Uy6F{lh zz#t@y3+kPwFd=FtF**S|{Wa~|Is_%7>Y`nzW0r`9o>B5%zheQ96P40+4fEkO!+ytm zRR=B}Df-67#w)bT_QKSn&X=y;{Sd**gzBeCS%86sFDOb*MRiS*g+IYXnUJ5C5gqC2 z>7kc(4o@Gv(4;Non9%Nih^r+={G3&yVMS#*^k#4-Ii4_HrQ202hOmJ1PZrFiJ@QJl zxY+I38>M`%beU}>3XKitk31@x3@N(sEAYk~i7F9y&5^k0CUn0#d@EsB(G_VO)SODx zR*VRa8?3D~Wa2N^^*MW_xDyc*Pt89$ldS~Ep?Y`NVt;=o{K}U!>uUfox$8vZNc1 zX|)#9XR2v|k2doMx(1_yl&X)%xvCC6USuKOr50x-%ZH^t^ZAW=ao^7GwElj-Jdd|t zhHtNCH#f^f-`W_JWYIyAY&@r>Ja&$huDp9d{5FGeQIV$xymb2!< z!2|a|r-=znZtlq^;i4R}l(f(%Lo(k{{A&2n^&euJ*68QY@0;B25>2Xd#u-d3=}AaT z6)0=e`Gxg>PGY}fcB8R5al)4+t1AWH-aa8i&17_8ZBU}1Ok z2nK*!tWYW`fH1$Z6E^5@zvGP)9ZV$?1Eis1S8#C-}Q1uKbZB*_UhV zn_X^Is7d_VmFV}rJpirjO$a7OLgCJp#08LKRM*r*3i073CJM*s+)ah$lfuRH)j;mE zax!%h3WJ%2AjrQe*?s?OnNEq7f=<*U4fmnA+@ zgBad4+Wh!38QqQD{b>73dC~i8RqMzt4kcMRx#?ZH(XbCc%iiH4U#T^RE*rj8+<9d6XoF3-6M@71$r=;`Qo;w^} zNt~D6TRhc{R~INupBvbAxP1Ox%5YtrOffL5X-P3P^N#;?)CI(wjT}|)s=QyL;Mz7;GFM7b7 zrlzLi#XW@4(a|&10$Hvr3TJ6*X=Y%HaN#^xK^t(%dPb*i&(QD!8wWo|7>|*0=_&_5 zg;8pQW;UGEK?E&cbU&LBl5y%WJFufp0^kpLlHww_L=qqqMUs^=zL7y<)OIC7l_9sP z%1x8>-)--oz0Y_vRv3*kKKyGIPfK7q$~yl2GNX>pF!_?8JVy$dE=EE0jca|XKg+x4 za?SM%awRn$B321E`ixx8!u~q_hB0kZ>3d^;;7cj@&u1niZ-qoY@0>Z>hwyEQii?YH zY;MY_t3zlmoT=vj-`l`Xvu5UNDmB~VT-8UXTse(y)LtcD=0LH8Rx^&IcdWFA{B>=B zTpaUr6$AFdOTn5#Keso3c~yr=zxBdJ0zv}nQ@bTv26POilO)pJu>&^| z@2`)!a!$3CFcILQS6=z+I8Vm3B6`KPev$PWf_lA}!!hdz=Mn0|X=S8dLexeAdV-M6 znwm(e-Sj+ZteZ;SbCk@~oVrTzA&SwUBhZh{Q3d5w{{89|WKnF>c9Fe;dh76jZg@rn z$;iqW%CDL`2t~ZXwX9~Xh=xlsU?CJCEP;IgoV4>#M{PO2Yf^ec@+syMkssWx@M)g&ZvkzEkrb z@0MAQgtHJw)xR&=zoKZwe&y#d+m)}^Fp*E6ijn%KI`F`LZbZ@ED!(w0h|W2#!Oh*> zSNdyM-hO{iD`g!so65JYL`=ka{$vbbX{3N)d9U|0yyYMZvDjQXJl5)nH_N)xJSBg@ zT3%ab-+P&j6c_RCFm;sILmA|MU+HQrvONyr;vvV}wKAX%7#}^Af9C1Q1jEc^ahC= zXa@Hy4nb=Rk1_2~;94oDDz?5%dRErV#U&IDCdAy@#>jTPi}SjF?ti{QR%m;2l~YkQ z@-OQIOTPTYn%=yGQo`lo>;9+C)UP$!PObP8Qtz^1>Av~v%J%J#tB;f7d0WU~VIcJ` z|Fb6bqduD~^~CwxE(CMi=2WA*)_C^ps2{Jsrz*CqJ8Wf%|3(uKgzc}tHg6~PTJuGz zqu9ms#Fy4u&;7N01LR(q`sIA9J8(*3WsPC4maovigZHTd!>)oZZMNW=8mRWoEC!_q z2i96w{(7zeIe%uq9H;S-D`c6)j~^L>?V}u#LW`P?69IB7HKOW9!Du(Zxt1M0VUt@^_V^@@Cw8^c?1M&3Uo9Th_21zutA0?@oC3t;A z`i0~q6bQ1gx+;6WiWcqET;P$yUsGd0Q=N(J`s*3apEadGIG(v?mC7^cnvz{aAAN7x zXG~1Yr(k})5FPovG~6o6{cn4E)Q_}YW=Pi}5~DaCIg5N7zFWk@99LDwlX>@Eu&Qf~ zQICTU1_qjU)4|^>q@3x`3ek%&H#3W1tk%NQd4nKRMhqLUi(0HqzC$+mVh3J`r20-B z+YA4fJ^UFwGxx|0o}Fl{H7sP-3uFKr`1Y2oX4S5E$R!$~J5kjA>{pO?ce1H$YU+{Y zYRzN=1L>uYe?2YZ772K2R20&=ruPzDg&!&ssWIf1rA$i{wwRCA%a<}!_{c1@pO@cs zP_i6~Q82%}9Q>!7d4cNi_TR@$@>BD&y`%*vCL=2g#fcekTT|R#Clons9r4LGEb3Q1 zciWrNQKsX2tgSwMsHxoW#SP2aKB}o68 zp~$P-#kw41Ing#{k1a2Br5vfbAE*13DaU_nPZD>-7d8;FQd5<(C-L9@`?0&Pf{V}| z-Z>AObpz~Q$SnmM`eNS43Q0fO&mA5~XIseMulj#%m|QfC=Z=OmQQVhK)C#;%JP$oC zs}SA!6m+CSPb}?3kAp1!D~*};V0yt6yPlrIbaD9*YX-}eapx@}!e0sIy(NlCIDb8Q zZ;ygryzp&}fc%QWKulIdK~as&%j@|O-EH^MbN3&(;K1~BIZnMRTBKZBqB7!js2}Z} z`l!#fC#~JA4WV?+CI$t@*w`2>od$GzQU2yRS6E099i}`9U(KHWU=U>O@lgEhcum4k z?=tNdXIq0OL&tBt{0$5Jl`@O3Dd2>Wlca%yTwP+D8tA>RK2M~i7(y^4M3M%HooU3{dz zxGHwCkj~RPTR?R2l4S1kS@UoJLqRF6NIw8iE3M9?GNrLqE(u79}&nUq^mjs2MOev9+>@4rDxO%eckyNbGU1Lvp5jBex9v&Rp)-~&z;-bF(a z6H8dxxggV{&19k!GcUmfw}@DzVBp~3zAP&v|9u_<*6*4^_+Oq8d^?*;GOH*K0(%J) ztdq-^13%nLK)erMwGy_x0Z+bJ)LXt2tCFE!hXYQXhf;O_td33Y{u|E?n(~C68+Rs# z_$OWAV_zbozKEC&l!mw%{{5i@q@o&Q46QlOXJ!d@UAqypYSrAoq4BjNkqv)S$3BaM zgc$nWmc3xxc?fB@|_;hr1zkmOpmbxe8>gFcza3;VAsi$|t1ua}ZY6i)H zf}Gg9{}X;h&PQeNl(;V%Al?EK;|yfUNxjQELy1R}h{g45yu5b(&pVP5&esde_ho*$ zmR@@nN%U%ad2Nl>U9j$w#h~`5QireG{~F$Q`1|<(xB!3tM9BuxQ)leBU(BrO!j7xx z$=B!3dnX2FW@aDnXTRHEPVxLD1i|P9XseJdaBQq%hl7tRW9-g>yxUy5VejPD8sW*C zaPbr06XU7l`yjPGuP=~cEm(KgfC@a2$oIc}3FS@h;1=UZ#*c=DZCZ7%_;aKMB3Z~S z2n*w=Qksivx$=r0-gKH=wpQ*L8w>5vkZEp_3%&QDXlwQ7HZ0xHk>kJiXtQYuv2hUy zGsjQ*)Q(po{RuBmxv#x{FcE;Ph_Nr!>NaQ%m*Fgk~yJdl7eo&n7UnjmYGKxf9oZI`gTejI>m?C>h?(hHk z6vmBA{bcE0RakD(jXI5`oNiyE6#An%HDF4KO;mjBDPnWLVC<)jwV zbQRX7+Nziw{3gx%`m5`DC?64d=NH?pW#fK<$`lL>b7$79{li96-t?lyM5<5!Gj&OA z>Q%~0*`2rcb@z?pg zGAS*bG+Lc;Tn!K$PtORHoe|EFlIl7R5^>yj9rPZ_{jqeNuF<+WKK2sivfDmRs($`y z5Ub{?ep3hue^FRi_=fNAiLslFZPYe3Wrk^PX)`ZTavv{!D2s6cANLldc6tt$<=QTo zWn)o`_BAoDxlc4?uQ6%#>2Gxt4*B{}jvs5R^H{{&_V zc3^+<0&)w9lqxdLtgzzEiNDg&m?V?^HNCywy77tiS+D#h8TOjG6f z4i(jh;^N~0@#d=^axKhcYjTzz>E|y0ZAoanY(4_uoFQAd?fz>eV!&%#!jNtzq&0i89%(lfUszjfZ7Iez z{i^cmK9{|!L2v)N(gL*Gky9G%Bt(yt|5{+tuOVN6z#kQPUb(Z6BMWGps~)aWcU)@D zydVK(dHHJHKn3;p?pljnG=WT&XjZMiY$GuQ5(YiP+kZCcCJv=gMk56Y#LRpk zt+uGcs-ouxCQ`B!+Cvp$)%|zg#=;GN3vjWJhmvZgBvV)UM;K1HbnY;T@()=lNK_T% z9Li;c`V^qTlJn^}=Y0qv@zBhcmPuDhjgW@KG$&%jps;=Wvg%`sP!l8mhV{f5pF<+Kk0W*_YL?9;Oc^(J`|Rd@#CdxnQ!T^7ie%G6d!qWPI? zQ698jTWI5KIJb&PXP6SmLj4JIVWk9_+(}sZF)%Pq;I)qdlA`8$4zdfCm6gn2{{fv* zA~TS%?T<{HzM4;Q!v|HaX0}Xp1lZbJfN9i7NT$j&?T(I=PrFtto^o!vGIuJ+3O7#j&)OHs48 zf75GaC0RA@ttI=!W?Qu*AnbR@a-XS=UF}7{e1U7g%`LO)(Rz zQHYs8R#QGO*160FP2Hv*ob5cINm*Z9B=mpw2W{#e{QmtVj6Ry%-r8$n(nMdd?;isE z)AJH;=L%2XS~?#l%r{SKn=5_smOgs)?TfuhEHMyK`9E_Co88y5&CDfBZD;_rK<9f> zm%%Zu&YMIu#Juj-IaaC3)j7_mYBIC5yw;aZ$9da5UT;Jnr2gm+Sxez^-}AsEv6DE5 zg{hQ0o#8m0$GCZagOJy{Sv9hVLY7}~-^Hb&yX``%__&7a-mSi;$?9Q)^Bv23b!RpG zY$)H=%X;{`Pu+ICW=|>kyeh9DS#Znr+B?+Vog{RhcV+ee4^Xu=q3k4vjW8AJXUOt~ zCu)sy#DOo@&n-tsu(jlY!V$wk&bW0^IGSwr7a3AdKz@uEt|Z1Zx2#{&n6M#5B3Slh zFJ04=i5_>+BLD3neY|-nT9E|J=AfZ|Wz)9AVQ=_H(+;Bjqa)>rKj|T!A1LpD7z@q! zXkwvBCIdbFt(PCnij76SFxwS(-X={T<_mp=L^wVri^R0k01&jEKT*dZJEWKo{u8!B#2dD`r#J&)AAQTs zpixy?jX`+slAiCYa}{D`U#?LCOxZ@BnyXOOc9pT4H0`3i^!*#T7RyuXg;KNqHaS{} z+PS$FXvhok@%Wo9^3%@(+M_cL4kpto-VDwwX61gVy|lQ#9uCcL1B+46Vp^mwG_L_U z=xRzHfX*S8`Ix^1urN8QsG_=`1_XT^=PB2}!$g+j?(PmnP7DOX(?9`+u@*C46gGog zVkK~}c$P>Fg=awhUKzhEXMGL;^ zfR{@S4&c*SbCYG7sqmYZ3_ah+MwMwC*qIz>-!QHSxu3g2`dTx4+7S)*)6Eh?DyTV$ z>fK+J*9`~?iee>3`N>K`fie5&F_Yx5v#hIo#zy8u2`RBJ-`!f)O^stOxK${Cd?d>^ zPGdw69sUxtb+>Vv5V=qLRc}?MO3V3O^et*%b>pwLJ@Mb2(c8X}(|0+tQLAn9XX**7 zsDu8JHuLqCHUi|G0L7IqQ#-A2^j<3`f50EWJNR#W{hm@7-OtUWodwmAL|1a(v4v z+UGnM78h+T24hm!X5hoJl=lEN>u&s;O9XN$3@0m3!xX~9i}orGlN;H>~EuHF#x69+T(Q?@=V{RuPP z$)m0HcR3a4nVJsL*Jn(K35lp*?GO1fSTEy0nj^PW9r6A3izOqoi(+>ZFAiqyhr=D? z>W>jTa7ttNJyAxx@b6zbjh*h;sa%XoV@%b&=z-q?e-XTI7&aSEp@N4mXJ_BH+-F^La&L~6a&jQ z#;$xWS+-66K+X4EllhCy^wB{d!A~)+YjtLOqh56tgH|rEIQLh2+RO%S{uC?Je*e+A zSM!5@=@*99Qh^7O_YP#Axi1L}cz8z4fAr8>vOhk~UQQ;HLoIG5uQPPH=mw*oVx4!V zx@47Ua0MH$qps#jyg0PCX_b9l;JEM8bm?1~;cyK9U6C;Y1a6GGCn!`)bw^)wHvYi_ z+MnBN^*(!rgwLV2IF)HxcOE%DYMsE-)puL2Gi*!v-q&7h$uN+Ak6ZkK<6_#3#Uvvw zq2iOpx@X01`g$%u*DAPAtqaDs)YVBI?oFlh#IN}CX|a)%TT9*?;JCNK+gf^+)_>fz zu?yqOM=pQBDjBE<$4BV|A|!HuYQa#!wLA80^7JR(-jVQ{jo3!9KGx{YBtt6ZH*SOH zXEZ$nsV|FJv5P-_1zCag%Urhh!A*)yrvueQydUpk2o1){zmTM|o2H%7d^ zj`g#QQ$}9}J%j~AT;wy|$l32#ovU@%>bxzjYtW%-e;MaP&e+-7gZuuLhQqrS?v7>> za4EdjW}ZfQwe)DE$Fq97p$pB#>a357%cOQU)_@A!KiN(5#1Mtu1)v(a>eRZBNZYj(aw%n8YW&ID zriZ)?jDi%w^IZ+o70)jbQa|IQrx6btJUfo;TvbmI36F!mijL`oW!*_HTAt6-vk6mr zdo;*C#)V_k$V(pVrU19L8S*CLh}VRK|F=j4xly*4Vke3T&MV znfhTPPrB-BF4#41Z*^=E50#r_>uPtZs1a?S&B~;9p4>DqnWnzC$ED9R?fh?6!f&?{ z&zK!WG-JdQ4_T9J3n|`99}L3D!dT&a9QlO+qDsH-npq|@eRa0Fh2V!=NXp0DmY&93`zOtn?Dj6S=-kYIAol9c7|eXxeqs@~LcvY{j3EEqT) zDk;{R!uQHUvU748VP)C|$jf}cB%J1Jl^T-q)OodI2Y)#k3jXr7MV`Ot9vqmAKG9l1 zK469>W1V8buu5raXEfQ>4_m$_p$SD1qpHHFjYfhhU8xVUu!F5@JZbKJnbY_(w;zY) z_3~hmFS%9JWldBqMP&V>`@8tY%~);ipzDJi6~q>?qfd31mnW{@Ok`hLYLOZTGx&I# zQnhNwk@LPec)d0pZi-@EEw5KlAvWtTpDkB#33G}MPDG{w7fP|WcRIq4DfB<2hN&rx z&2Gu=4qjIF6={Yz3`D8R>#D6>^hj+ubiG}xHp%Hri*~>+hcW?%zqn&1fuDY0Hm%!0 zYDARSI=*cfTk1P>U4N|6{omFb>r`Iz8ZqeJEy1x8eXfM- zws*e@4P^kpqr(@<%2aF93Kzqw*P|eLHU1`9h#a?qNG=+!<>q|nKxCa48sb>^301Yf}mW>=LP$TM$G95*SBOz_LT&g`fD2WM5Uy{j;KMIzk`d3 z;<3SZOHBGRsq_-dZ^I8Zta_-oFa zPr@No8S>@Iy5iv{;?v<9J>MlVwin50A+YRmp;(@}@XRLoKYJIY?Y*9PH!l)!p&YiP z&URvbj%)HBCd7bNE4;NOu01F{mz-?C%2nb0Gl4Hd&H8&U*rjaH6$yI|C7j}U&SrnQ z^;f_lgH78wJ8UxcYlYf;1iJU<{>!Y_>ae3b7CwG;q|H2~kt#DC4@z&Vt-rB)Bm1c4 z%JYKGgD4ou^vY7)K{*X?Lg8Hfj#|sqK76hhy{4D^ho9eFAbzfr9M%)T!*5YIH4??h zVfgtX@Caesm7N-FyS=|->n{i^AgEAhx7yFRdYYj%I9TzPgC!}h8Vy~vP)UHN3 za%c{b2_II0Lx+&?B@od_9d_VR=|w!UIxB*CqoXzM>G%ifwHY~B?wRl;tnAvl9jZ{X z35Vu!a;oiB%??y>nXt&qrxq9BKk4i&dfbuB72cU}+JwJb=DbE-)m3;38$qow%=X9A zaX0;fs~5)xhrYjTnjo2~^}Fy+ll3E9hPofq1c?yIs_&pOTU>DGvl*dl9Kyj)TcZbP zga3kLX)j!4jM#5nxomwhzB4K~YbYuC0&oPWLVjz)IIxF=lmLWz_W znjt@5sg$oZ6VySe(#s2uK9Vi zc;sT;UKs{PQGq}*8Uo8H%01z0HefJ`nInP%~0R#_93OY$j=`lLO&aDCStMuzW#7+l}6a(&E3ED^_NT0 ztxv*L*vW9@v7E4FA3ntHUXl(|#27tnox^Cy!>6>bu`wG_>doKauS}Jf32VG9(g;7b zlxI~p*_H`ua1u;ucQ4iWzsJ*=2Iu8Glp6d50ITeni3>S!N?^RdsQlFD43j)96@4eS+hxC%@Bx1Y05Uu*;~@Fd|Lv-(Ly(Voo)8{w&4*_KdosmH#6 ziRl}(W>D4peK(w$U5t%1=S@xJtl=%~MZv%BQu8(Mv$9LUB8QZ3>c36Q6x@}MRsZM- zwX8J3aXblfBR#Z&j_hDS&nVr&-M+%tjjXMkts2ea@&$ zc%-!Gf8qovI!xo@kmCd5P-*J(Ux8J#Xxxn)(MbFX&9_L~Kdn_}y^?mE@VlO{9|et$ z2S9NY$^hjAzm-j0d_zWR$i__}|4W(eH?B1E_s?JC+=Pc?p;);)p9gr231(!LqPlrP zXH69r%Brs;o2XE}HlD=5bx}KIeeIKGz4=NW0Nvi~_rUPsn(pC|83)hV>nU4;T~$~T zR(U{zfj_wP$2x>vE-K1Vh+yc^Vs3A1RIj*9wrV&O02(ubtVrMoM4^*a%`GBoUeo{Y zCQT%e<*ZUs?(`5Y>5${%yxe5^@W;NhFtPfT!?lA*`IwXAJB-5U6)ur5e$Gp-=>dgu z?8}YH{I5k%8Ml~`SJGB_1J$Mqy%u2p1U=VrNK%A@`(o_PEx%^Ou+Zpc&-^MY z>YcqEo12_2PAo!j9<77c8prT7m&oS?U-f% zgMJUZcC-eRLNC4gqJ%P(g4ksGG~X2;#2Yy@{rp&vc@<3jzdU7dyH_E`=bU>C+;^XN zr|_{jwO%n;{5IxBWkL7LNsN2yftr8*9~MOWyb&GB_#AYA)4Z+r)#2+h?!ITxs|V3q z5CKxBy?pozh1C&jDT>|fi?pZPa}(}ninO|27km*pR4__0zBf^2sVx^m+18Vf(l52G z>yOXWNgLk?Wk4{oNona?$-hppP$C$Vn94GM+TOkV(VLr|m{ZucS#9&a0NnvR!w--c68NO~)HRTB@~ByqSPz(uOK zsQmlkpXTINEMW7XR#1Q8@9WTLd4C8vnVQ6-82ltK-)i6ZFzVh?YW?8$Lx-j_@yW_D*?UUk0JcIQwBR}e z?|;HyWmR8gR{n`mHUCw+oh%b(_6JW;v7*;n98nv?-J=()RJV$=ifB2Ss&Jq}oHIdW z`?v!rBi-{+2KBSmtH*FGVVw;(-iyRi69?r#4#+FC`@z(%82U7e@5Lr{oNY3yP+x6{ zBja<{E!3w-=zJ%KBI-OKGy1ds9nT-%D8(`7MfK`V$f2GOUz#-Z5f>cEBwmp&)No`% z9fFQp;q%$ZsX6fEoDx2aIat?bEer5NY!*i}MctzQ^_0#pGv9kE17++ADSE4o*G7#< z|KEer!)EmDOU}JHsO*hEmDfNHI$%_zjF5t2C901%*gE_r9EOB0)8(=K*^R=C^~1KE5f1Bg7DMd;=;0XCf-iqO$IL7xR( z#jHF8)~L`Jwn0_rb3(EY{%}Wr9!fNDJ>0Rr@b31shFA^)^qDeAFn=uA{?jp`9X%{@jsq?+=4fc-mv%c82v(GhSNR3#a_lso@TP@9{3>!POnPY{^{KMz@W40#tms52J* zZuK>@^aeQ5Ky(a3Y7%A_;khUFN_QZ;Y_8=D#S_4st!NpdO6Td;M9Tp=B;pg)o&c#>v(wW-TD8B=#rVm{hU^D$5RX^ za{G;;f)N$Hf8x-6mtL$9{h+Z?iTTyD7pVcsXKe~=NY`pEv^x*)QkL;7LLE4co}M16 zy=RhbPiNEWj;?OWpMKvWX1%Egzth~X!4mY14&H!APkQgv{BoWaj;XH|U zpU_beK9?3=GEl&|xkh1fSbB*B@3XT@&0R_FJ_*DY ziBwS6p1&@)bI|r)Yw0c!2T=5uFuNB1>ChGSNK4_ovFOpXgkjr;1iAfIEPXTTxvqKR zH7mhKQ9*55e!a5eRh;bxA{>Z6TwFsnU!|S#e>IJ zCCHD4emgrmL7OtU|LA|3hJ`f4Kn(BQKTI${ zSjNDB9wpa9PQL6+C!C6(tC&vf*vRlF#Jn0tJc8tv0R5CzQIQGg$OS3nQf()3(#p>d z?+)a@ga!gqI>mHx8XnW?G_y4G^8Zwj)&-&fRllDnb!YtKTc~oy1^JnxK1mgAM_Oo6 z0k?a*F2LMgzFQNl3zf4NWQr36%t(#DuSI(P6grB>W>9L*bO`-j!|1~%T-%k9Diowg zO&;(;&o4YLH2?o9J_SD8yjgRKC?+t>J&te)mg3b-<#t9#Kw_fR&hJbM)Hfe{d;gOc zn2B#X|MG@{D3Z=?+yPtm#fzQQg5ueCOldK~H1ROK5+*+L&mUBSb)-*B=D$%W|H}(CCTi51mY8iUKFHC zyk3=>jg?!#q#Qx}X@sL=q2BndC^CfW)@0;u7S(5ovw0oe-A`?8H%p3)=Gy2kx3Rsi zE{F2-%#`$&wa`~$Bd1QJ)ZRwcQSkC7zB+cT|Fu9%D#~Gt(Es!Y^1F& zFH1G6J%!c82nayiRQM2T{+AnixoW;r#ut2rY9B%};ZjM?rhxOULkmRxmatOpeu#P+ch+q@9T=xEQ9 z9i~6zRYRM|NJ;T6{HXY?e@r%bp&?*KBS=y`f~F_96Am!{jf8|mA12Gf@AePmJimW->-r0WQkW%Mg{`@^9b$!&Q1}I}SG|SSG7`J3EOb zTC}Qc+lIbrZ4BM6&4baR_J`}EL^LhWK%kgjLV|8>Sn*sa$R<1#cHOMJSEisEO#Osa z&_CLoP|0~fkx4G{ajifhw*_{0TVOBjL?Svm0vJ5o;B^F&LIKq+DlCGYkG3wtkThO`FCXpjGR$#Fg1#jUA|X&290 z3+9#@Du2By2~Fm=`N`qCgR_pTBETk~eIuQn=sc{AjLOWc$A;n4IIuJ@LE8KBWXTm- zsM|mZ8l(bne^4X4J)rZo`aq%xM!T+$mdS*Dv<Z{ep&GK8J^gm4}^P9tUSP+&w(dwgc7lBpc#egfXu6SCM@?x!sL# z)rYQv;tB0WO7%Y!Y$&c>)i<2^9*Q0A9#)>{xKAP-bnKFsHiixYqoci+_IZ*;lytPB zAqkx~_|S^!wRxx@9VF>b)x6Jl+7+r&q4NgDkdG&B;t|`DekXKlP`X7(IKA`s{kv)D zaIsC^ar)n<#KEB?!DXG`HlUkKz1-pHv3HSf!`Ol_>{6P)XRp8Z))Kmj*7pcJ6ceKX zB|(KcIaG%uezdBR5@(UHxpa$taWR#E?VC2kX0W~~q~5fi%k=SkMKwsNGZEntP9Nfn z7t}naT|dCVpu}EwYEV5x@BsP|V6qQBO0_ElowVQFz#vTe>HGj^`5NA=kzd74?$Lv* zl23n(l?v9I-mVm@W&uG3M|1oW6A=-fT=nynjRn5r4k;;xk`ggb@A`(eCkgTL{hgY9 z#A!h-!WS-XN4SJ-!gPhYc0cYnpaES2<;9p&-cC1V2>fOo3;3*tBEoBKg6U{gz@15+ zg!!?vTc8_Uw$=lt8;n2Q;Re#oP4Xd(p^TQetp0an;>C*>ZTPX!))>n5mP*&Z0y#IR zrsv}Eft!P)m)_LdTU51JHxjh0M68)waY4N)P0S0`7P=0HtuKK^tq9ZpVlgW|KK?i* zrb&OQ(FZ(1JZO1_)8Q0+q)Ozvrk%oejF$cN*=5Q{s5$m=vKuxEWJg7mf(gw-s%5}qfibXOGgt_P1qw82djx;J< z=#_!)C#=-J&0`r)od?X!gvAdkYjBexjsiE86d#FwIX6{Jp=3DfmNiUAeJ&CJ-28mERTWZu!NJz+;)pQ~yIb%{H8|i3t6_XWhq|&FJJ^_^@F;ArusV#4oII4rtY>7xm|C_Ab`iCp z{SR9agT_?Yh9FyI2&hV-DiZ2PP%A=CejSXk#lM`I2qO`?=#6u(9ux=|Y4oYG5b$Hu3&XST+3^#xqPHpwXtBjhp! zI`}9fM{anW>@FC%{kyUB$JO`Y%pMv7G!PalQNH2-uyZIJ^N4DZ=0kGOcjsB({LyHS)%}7OamJ~2&CiOi`OUW$h0c0DYhF7&nD}Y0lQbv zMTsCrnzpd&ieQ=|uKMSS3X@LK_+hc;&51gin{uGpF#8=Ge6=W3PbE!<6*EaEjK8P8 z$-!`6Tf+KE_r{(I-mC2miLTj4SYFXLw!CIsDtw}ElaPe!*_T{IATLv8pFOj8-+0@U zD=G9T;Bpc7P zsftyOYu~D76V1{boTPa*+%MI}Ads%h44pM(a|SkUT&$Yw|S<3^++(#{n}AR7=uiN!z09qISd z+0D?|3uC@fCg2VOL(67P@pj}IOqR?nDIqLSEB*zZr}fVoEE}Li76oHFt&uSp^bYgK z$(`E5ZW|IkA1Nv?Cjm_hR{`?334?=!%&e>=bs?wi1LnN0TyKrY7I{ZuTa8dKkkJ1J zsy!-aYXuZwJy}lyaZ(GwT`s@N^T&3Tqm%Y1(@v}?8UXqS;U2VLwZXiS+J%iZ@;4o~ zab$pULs}Yp8r96f@9yr~OC_UqZpAvZKjr6q&JN$TGdmlP+G@eM0x*d`LP1YxJ9M)J z#tB6Nyklwn1tzM3<V{;GF`!=vYn7!7*hdSU?pL$tAzd=b=EI>EvDot_ru zkYME-J&qabt&vhm?<@G}qeXR3vik+=hkm;JJiM^ha{n&2 z36~wV6$GceP_IeX8x$8wLTRL6!#`F~=*h#CWOmL5r50qW1kxk_P48!gTuEEoB6nXn zcr(sXTv~w7NN|WMhs6y>;f_Lt5Q#GCK8-e0R8N#gDq~pdf7#evMK^d6M1QS4YQK_x z%zdL<4*hyy&7+b~#(T`4#xRNfZb!YB&2le%p806QLQ?*PbuYcx=|*%P!#-xy&2pum zN5h})#4hjLxsfo<XMlps-L6qoSFanPZkJvYjH|b&0`WM@H1;gY$mBzln#} z1`-myy#;Ez9#6&h80C}Z_h>=i;;;4*$SMSHyi3w4Ab5|lop2^!?l3!=kdTm<&qGx5 zdd;Od@LF(hGvJTkYkGVhyT+r7;pWxB zl9QEvpEzvV`^Z6pk&*H6IAZ`r{^WxoPW#Oe?QCSRtkCiU%J%wcei;z7`2=mX{kSx! zYUP9}FI7P>of_wn{-Ts-_r*QslsnAtOxOCwzVqH|I?D@c|mt;^hl(I5WjzVe}bP=*@ zS1Xm_^*=D(H!V*H`chaZ=h~B>S_FY&%&6GuOfe`4%s2~!o_YjGoydozEMFfmn<3wL ziCMbtDgwp2ydP?)21Bm1%O&wXf2mqG!9GQUSbfG6Et93#Q@S1 z5EUngdT_gLj^D`r_do>kbOI!%JX4}gIzKh9IA_(?j%7P3IR{gkP`q;iLGJl_8PzCB zZ3#9uHrhlI*E*Uq)9xoAbcK5-ulZ4#kZh~V91G`{PdXnTJKt4I;=KU~@ZW$UXaK;_ zO5Q|KRgvFq6|?q&^`<1DC)uyEf&{?)WcNr)N}}T3;(!OSd`##VcOR{8aoWw2kMWQg zfLkqe;$yy6?jlWg`*vn^wL0+~!uE%&o!07=F#8{Bv+h24@FyGJv^(iq-9!|eB+z)a zYJ7=-C2jLT@XGLdTVJ1&$G5zesC)`K%h4+9(Lkm&cXSX`d;+zgAw1roO>2TsnD`{f z?lawETh&?9@C&v)rjJWfo)HpZ~~X3y+9sE&LB-{Gd1fcwBGwG%NC%oE+TT*qp*FaULEXJ{O>q-+_ag zj#Ja^$HeN++juT59o#NznUvUO)@a1e?#(IMue?Y-{sEp+;e z=LXOtoj&9y)nDM6K*LK>bO%#YQ&Z{n>-)vgzkfgL=JYXbp{2yLNrDqXaZ4Sv!DR7e zMkpwpbpEV3Q<~z-JbgOTFGKefWUH3qv)J1vnV}+3QAZ!i5x}+UD2eTi|WZ-#~X*cEQOy1V{OE_;Rxq2gV zrv3*@8{OtyTcQ0W%9FvG9lw9a1l)~V_U`@td%H%_2fM)6my&0;dOt##EE1+={;B=z zCWw-QF&+vO7hL-Gk^`0%dFtG?v)@eb zfZuQ}GD7(2aG?eU7!$bD(HS2tN57jmJ`*XRnYaA$Z&*p~;ej@lPA`xv5DI^4w`PP- zMRmlf7184mb0iAfnr%$BOMy0~@DbwFJ zRE`SLULKtC6ewn|NlUmTX=r^)N(uwZS3~Ew-}8pUj_WiP4yZkGGRX1Jjwijg(5e$n<_cI(4;qL}A|oRYYHfV@-(Szm zll+=5Mc9v|<_`S*D4EZS6g&w8P#jAKNunO#dp(*5jJ82p`4-$n`{Qi`@Ucd~ZF~xT z!b9b#TwGMt!|)GvxJpY)gKa+iRwB}%HC=bDW3AFubszvzdD2R08=}zf-W&Z;u@5$f z!k9DZrP<%l&r$A8lGxP5!~h=nR#tv@T_q$O znB=L7daa@=2;=FeU9Uf2Bc)HVDSg;(*x5JO98TXj^cuBI{ZFW@@!mj8Xmtr1 zQLPyyE-Y9%p|)IW0!7yl_oBSeFIo~+UPv`^F+Y`ZHY>Y!@N~R|K}0lty5VTD;D%hP zpn=Wg*R&s6zdjxp6&7~Q*|_jzeUQa_Vs4INc$nAdjgQ<<0)78zoHb+D83pX@+p6NS)S z$p;b=diY;*(qDG1laD3m-w9?Dfjv21JYg$iY58!mE72%PnIU0At(#G0Wy|G2``wR^ zasENS(Mg77!KL7i{s>-p)JHlx`b++W1{E}KHeU^P^@ zLmsA3@_x{iq?#=K{dW44^B`uPA6t{l;Xp{yNdj&ziJDC*eWy}SE>Id6+bETUj+r(jE8MWpxK zCtO!&Y8bgA9Y9#YqlPO2x=>6@Pakk_#M^x=KvoIc#b{tR#6_K5!y&!H!tw$u7o^$0 zP^ieKGEYVh(S<-+ zwC8!Uo&BS?`m(+;>iXhEICbSs^G?$3Hl*lFQ+R(Vcmt4(A2Cwkx~P16h?N6;?7V%T z;j#jkojS-xe`42J?eE`Y>C4CZ0xw?}w}qd*tE*RLib|xIxfc~W+piVhcDXK6kVtiD zdNMFLXaL+lINeY<+rrdTeV-QMlaf~Zi{P0*u5H7m?6A?XzQDZzQR@I;!$&q;!KGx@ z)@tg8oSt>61>@?A)+gs_u^bqYe6}ctSD+##K4#xTb8dQ}7eOs2)Xd-sl;^M2?I*0-MKXHsy3 zlm(nzi|tC(bVo zyf6?x@9?l_O_9vPaE6duJVfzU#NyztbSjw{K&>RFyQ_@s>yrP4QGeWr3`dF-VT zgHdM6;yywLtE;QVqiy!jOr1Weube|G`zqJh;eg_`*IlWmF60t+NAHLLad%ehH=|pR zlr*o=DdQh_<`oo3f+i;9zBbEzzd1XfQRe);nY|{#$M>38uAiW3$);)byJ@2CU1CB` zf+wB~fqa(OwVry%H}TJ?M0MdDfi5JWtjIEqaUQW!7A`H5Ev^B|rp{BU#cAK&VI4y-H|t8uf~0k0J3IMOU!St+TG4o?j&f zEpj3c+JsfP8KelmR9BCb&s7u^;RE*O-g{zFNf4`n=021kHDPBF-R>iP4^e9NgF&z0C8hX9hX_=6-^?$Vh;y1FW zPvtndu#<%EWu#G7@A9`NQV#5^X=o(Yw@2n3`m0lK0z zv`Z~G6dXB&lB~5z>xJQGxIV}e?P*?}Uc9psV`0GouOg1b=r2m>o*7PC=Pz^7^}BEx z#m`%6k)0l74VO+KhK1A&QQbr(Jmvk>6!E^lV@1Woe?Bl7jg%PVm^cVhiyz^Y>oCk- z?hU1d8nB}E&T&(HAM9|F9nXcafSh8a4t{cJq8k5n!@MMY=zmyGfV@uhbbK5c-u?nF z%hk`fILZ(dgrwcSyGEXHw-#@Gq6s_Q_LAJ|Xe(gvS&-hEa5S&})}>h9C6W~N9GUhv z->tgJO`L%tpMZul5eXdGkKf>7Q*`&urC2Nt*K8xTqp7qxuy)ITcZp+bFxsQ$$|m%( zHmB*!Yqe>o(ygtfCYmMlMlP?d;?w^8^Go^#^7dMs^*8Q`%2?I-7iCTGjx!fgn%8dI zF@*#Sr>7;FjYXpDE_JFs240m`2lZ!K{K_1Yt0|$iA*ZGl%jYU0kZ}2qD0h)FGc)sY zjsf7``Qtf2h4HjeP8&~fc>Nk`IyxKu`Ks_!%ZT>ZG$?$Z>GWt}H<0VfQHM;}wnJtR zt=wgERRkp`I*(jYWqj7#(ecFGJTHZ(gPBJb7{h@A!6KB5b5AR96!L_f%pc??f{E-} zcvkX}B&jK;?evQ{FGC!-J0ny?Y7ds0s;kLAFex6Ys}j zkxB#1U33%y83@q9ehLYv8M=c>8*}qBzYjzE9O};^02rMnuUp|RYOX6Ek(ZJ z&S9G)36-HuFR|Jz65S95Z0q@9ON#}*%+hfXPK6?uI5Z82rBg-R(ESY_HDzS{u*!I) z*l@Mq{M?~C?9sjH(Mrl|Q{O7vW+@DueK5u5@5JK3R}1iuOR>)>AH3LXABGYEuO zj|y~?Rk_!tF2bCC(4U8%w+jITRp!^?v~;zV*$F9dsN5-EtcxXx`1zvuf-v?-Cb7t_ z(zb*R^W9w9k9o5+nG&{E=ZgcX;VereY0ClAXVJ(%y>k8DjoU|8GejdECu9Osg~@w+ zQ~L85*}TZ&yz>zT^#KX*JKSmM!CcwM#p#hcI|9GwgINk9#`O+o)J{Oy<_v2L^STaTqYHY|D4P&PA1T!Py6H3LxpAf znbNbCKiq7^qYL))S$SH2aEU$QF`aSlJ5!i$=-g$Gut5t7JfO>*-P@o=o+zxh95=V# z2&HgLZ+F9vqG=ENdyuqolbDt&yztMIWN7!|PU^^%p4-OZb$#5M1nr7UegsqRd`65K z{LYNfP={#X9WkfN>`U?Jv+i^giXstVQ^85kD-3zW;@p)_nbWMX5kuI+%VGnch$xDv z^c;Eq!f4faoV7|-gNY%_=(*j>w8Y%2if`FAaDAv3-yHJ$JZc--9Sq;!@}~V)*5JYu z<+iJ~S~e{{1F&M^$I)*769znDF_cNgsH;A!scDS;f7Hd+SRfE8BxU`1>MRgL@p6Fo`uBVt6PX^1=*Lfgc3`6s!m+ z?PWp?rz^60*v(zkwb~{d^O}%m1W+UG9$R8R_Knsir~lD+tXmSwSO>H(AQGm;+&day z1#wIimu8FzOhuABQVav60Mcp;FcR;ihkYXbmc{zh&e1TXlM|sdG(nce4 zQS`AuPNz@BF^?0fXIkdz5XWmp6A5MBZ)Jv})fKG;Y>zonF+(r`1$qYCG?&@Q&1gh- zfKmHS+0!POwk2f$s-uCDdcwG#y%M1UKmTmi+b#XJ(`exe{QU*~&YLQoOi?es5fF*? z56cvEz7^_J%UJ%PhLpga02i%F z%hi``@%=lEVClFYkx`S}8>S*54Nk?zpEV2jjRqX;$%X_A_R9`us`&(m47Zc9QLoCR zz?9CA!fu$6$R!mbt7v>hpCw~kTXx9kvte9^-Rda*0nk`iy2O+b?QNC-!XJWGzhKKO zP7t*aq1XaAf2g`B6#da*Y2tg2?{|it!nzvX$GinaS=qlIUkn5-KLSV2y*|(L0i=DQ zOrX<<5a}eG>NvvS6Jlg+{MmpaDLENsY9OF;_jxh3s-&YTOf=}B0+jomGSb$QTcfyO z21ZJaLS%fB@p8$4mPLKc-kr+f@$m@Afw zOgxX1u%9W~7(qxahZI44?=Iv1tOrX9yv3G76hvBlM;|@$)bZ*)sV=zz@;mjuGcvcZ zcnq8yT$!PT?)}#=$OrzLMUkd5u66fCN1hHSh4Fgp=5NGGjEYzyb8HnSJ}IAB^2cWm znq>=q>P{B$DnD8+MP1-_O6Z!bL}9wRnrLxE5z9{9qjDktLk%kvbtQ*JpzqntqHe{i za#Y26Pl!l$_e_{uiia%!KI0M{yBe_DP0!o2!+hIpi$mb-V0**zlk(Lzn)?ZM8E>L= z4+GwDXWcbH?{c)}O2YXiwjpEj*Ki`e=!&oqa=xZF89$4DJMrCW6gzIYIwI93<3Krj zG;+7lzhj~Bg)EpI-W@lL6|vX!zp(X3|I{gKdb6ninJXW6L6lX7|P)hkfQ zUah&aH}1zZetAueWm2n-a?lSM_@-KBXV32>&QvEhj_)M#!LxrR)@TAeIhY5>gLlS$ zPBjIz$WY-%D^5rsM*HRe@mA@LgoDqa*!|bruX2a?Qv1~%p7zC_lholt{@RuOVHt;& zj;9e67lc2lFQXqTToP~W^@+R9U3zWeJ3DyaN|Z!7^zHFusW&6m-0CETWq+psW|VNA zH}T|JaeKn)HPoH4q!x9>4f@%#)2`-6&y&%5i2e5MOmtJqw?7eM9@BSrRg2IO^W7;$ ze}+63HrfR3*98NE0!16GTxv>AKPW1Huh@_fZ#un{=!~GsaN^EE+!18HUiLRF4kMI&9`_o|BXGG*+_xOA26Qg!PP~#oiA~jSuei+yV~HS=a51fT_8>@NZp=| z+)8`IM%LHp;q}V0VQj;-6OB0A;H)-0q21(Qb#QmXov$;Sr{jyMOu3m>mgs6NAP$h< z=0{NzkmJISE3V5wFn}7hRYzx4kqljtjnSO`8g>?zmU4@KFx?~oC~$Y3CYGo_dZ%Z( z4K``Dshf=o1D@-J{B;c*vSyY4QYR`;UWk$U^;(!o6c>W(ytIxE4V+4j5UKh>$eLj4 z`5eTZAMN!@M8j+sdjIZs~eH`^Nb9A#t5U1H|Z)K>R*$lLycem)^h4&p=B}?zO7h^5$I{KMuZkC(n{P6fp zTj8RYVTm;TM}Ojb$5~nlnMAzN~ybIu(dz+7$wJY1&@$# zV$T&R@C#TvX0|F`>gpCH{_8OJ;VO=c+cFrOgq4Mu{vc0I3RW#{1HZh8Cwkq|R0 zB=fNYDgNG;+RNx4MavfPEbT#UW8N9;5cjUfPo-#xsY%`}{h}hE+8NfVLo2_=)Wz-o z#F}5Oo{0KXiXxcZbh)q6X8rQ7eS%=N|Lf<2dT0n()JdyfedX^I|71>%@$9DxIJAT$ z_EhZ;Q=z@juU)5q4e`Zb@fD@rCF={?Am+JkdP%t|yhmvvVH_+!4q;rzfG((8x z(cR%h3JKeuGtBD&+Nx_s27-%YSBU`BFKuYi;3423Py7G1l18 z=`rbI0^&sJ;|WZbr-9zyOos-jc&<8uTwdwP{XqK3K!HbE+f3r7g5t14;XFj$(2YM- zJP#!bPTvx>SHhBMBt9$Y-OX`tnYVO0Q}#7KwNrQA`At zc-Q_IA#Jpex@pkK!ys9<=(t@vLD%sm7nl$qu+S^|VB$U$1pq(pcwBk1x75iR0696R zL;w8h$aP8T$U{i3w1f_=%>bdUcf#{5(-f132wc7Wi&kx%p_ zLIX$j&oF*&#jTyP7<0WhGPdpOPs&(H zK7K?oSl#?sZ$pfJj>v#T=#Kdd_kpQkjzokShYIb6>N+ zR@r=doDVx!dhGLqBu{Y&kiINf!B&rwzw3P{9m6p~I-a>f7<=U_eBza(!8VC9ns97! zP(IzP&ef>>@*+>f{W=pBmGb_d++*uuTh^3=mw;ZD$p+MlhCPjJ8SNSy-v+zZ4I8ur z;|GyS-hxnR7k4C7ym>wZ7OAzhl{Sv+8UoT2l91Vj)&kV8KJkFs7t~z2el23KJDj$Hfh1qvuLh)xj3L$H)jn0)sYKm6`PQ!fB zrnBd%duV7*a=1B#u@vi>j+FT4-f>=6)`;=4C;PxLedD$@&g0o?V+#K<;DN#ct9g0l*S0>VCo|L@Fx8dfeM z4e%4V0Dk&12zlnk4LpBkYrzOQRWMY0&zE?%7MrPJGSbQmT4ba9iTzy2ltNaEZLP)^tj zzq*ES+$=2O-j&v&$X5wI;kg^AWhyl>5*X-%|L2)ak&c}egH-Zk9mRozjRE2CJ7HBq zZ~Q9_j$6-_zJft__a-$gGXVD+Bi?A^?LefD?%z&lYb7Jjr>@u}!L^^RoYAhuKWNs0 zEW0EJtS}=P4AV4hz8%(DL-5LXKp$v*8`-oi>^A`0r&IF6<;yXZi|6;!{x!lV*met| z#>U;RtF$gtH~u@$Nu%ut$+cHaF_i{g?0O9()9=SUVY?4^1%3WHS$SfrZ!zBe<1hF{ z6Rdy#3G1uNf%c;yR|)B);_+m)e%xF=ZP}(bsbip735)Fx{Tp4jg|YR$WU&tME)3H z$ZmICv5%+#X4j4bc*U+mD&kY9C~Z zmVpY(7r*ZgJIx`386S>nnoyPqK^%Z$2Icf(ID+Ir7B?Iq4$$(<>Q}KV4i}Z%G+i2v z=m7J_bbj>^!W{!shla3gxC$^xeYcA>_Ko*5148@N7n}XYrZfIyGIicU zg-R_@-1++L4E@E`KEEug?f^o%Fwcd`L+2B~ZR=SKaMtY%FX6OTKBf9DU8sj`?wXKyjH)%-ghnTR&_+K_oRwp6}$=m-?a zvW@)drsTFw=nrx-a2BRfl*ot3NGS7tpZM5P-w0k(Vt65wgqsD=>Q6+nvbr!g_H(tE zFb)FQqF;;3h%i8W*5tYJRNkZQT>cw7*&^^Ry{>-mAV2~u42<(_6yJ(_6UWNUN6y`v zbvBp)191*FREU}$Q4_5;sf&vUr4pCJ>IU3)z83ji)w@yWWhJ~ledF>LidaH^7bbYE z)*yB9zb^a_aVz?cdNy1X;7jSz`;t6DMavt}kwYq%!=A(c1 zUsb!yX=>OEtH}%TMYZ~MA)^ecCRfL5>ZiF?W8brJxpVIZOVgj}`L67E%wH%ch%C9O zAD>msEDb0`x1f9Zso7$4L2+t(rXA?-Q6v3R@aSF=$& zZZsdn)u*G@%%`8Tke%^yhpb=SHf)p2)_)z`7Vu8!s$I*MlD>~LLsf}Dok;rx6li+{ zuuCaA%+6bA*Sp`q_hSA@efWrMDXOo|%`QdI1q(XMTH@B?`-(Z%Cci$}FO zC}t?8qq60^fICXAU1MPM#Qd9<7)a-PWwO8G6g_i#sD!QZz7fYO4+Dg=nn!=}AjZ%c z9kOS4;OHBSXGbS*O6*>mM|kZ!jM!qT4jeQc{GR)rbmCO(#M>q%;g2m-?n7sd^UHrb z;2C9n1lk4id%-3ZFXkMr54Ej8pJO8h`|ve{jfNqLZIwv-^!5x3Z)e0dUHs_I{gt}i zYV0=ztzhAah%XR`3^LD5zpDWE?Eqy!^ke1TM$*ww=lhto8yzW_6lmhl(qeXTeUC5b z=QKLF#j%w|&>8Ulaqe8_cJSmmo8|KUF=Ch^Bp$z5>PD44-C&+IIN@@)E9MASPp zM0qWH*1_yk7^pha{QJ6GvLG5qu6WSnnX#@!uhad<9SN9;%1-n9-Sm=le#i9QS69!Q z2mF$zo%|kg@TN*|9371x-#bUX;P6~m)Nuon)?CyLzo8H38ySZoJaXUpV|=~_ad6sX zLw_&ny2E%wA3w?Ta>7gwQZ?ENUQzA6aI;9eA#5m|j0*ruOUQVL1u@e!8HZ@J7w#fK z7=LpLZCh{c*{D9`=1OrENsjGO0>~yx{U)*CSwXo@) z`J5xkf%q-fVFy#x0%2Nfd+Qw*8*UZ4t4iGOZMYPHAGvO%YV+@zY_9ynp7J_JR(l^j zJl$`k0;98?IugS5@L`9sNPyesmza!I896PuR3rp49i(N;8cCL_^U|1)f( zq8-|appjGKWJ@_)dL}cZ>ufhvSc{_y=|j~GtHoLhCj+ z|5pn@v-G=^_}J19+2?e0SVPsaStA0Uv8uVJTJ+PbuBjD>JJIh`&;FnGzC0f4|ND1B z>Ju$mP?kzbQbqGl$2QzE zeZKei{e17ef8WQwk9*&bhpA!a{eHd9Ij{3N=e*8&9?AlTfzvS6X5IUR$5@!`uklz} z^7oAiSz=IsiS3SezfpjC1vOuveGk>O!dndJMmF}0$84uX(4zWjcjrY2quKEX!v#gsHUz#rSB(;zg}EIAhHWhuC|m7+7d+ZB{P?u z_Q9UL?Tiwg-|Q|#^4={p@>@Jbn$REESLB^Lz5U(4Fg}I0&P%E)e#mibJa#%q0`aYt z)a1N*|A`+|pZdEn)?^apec8z37g-R3yn5W9zV|FrN05r(k9$#?PQ z0u7GH*>g@Z>CtPJt(DaMKy%xbYi#O!GiLh~I=3I&Pgp2W|LGKbuCS!in<})nRF*+E z#W>MTYxIJUZU#8>_c3{~T{H4e!JcA4u#YP2ZCy`dpgsu%4{Jacn%p)V1~2m{jE_+YfBVGrRuHC zb=Euk@liz;DW1{iGmbVwr|F`{9R^OO$Y&H6F~qk*GdGw_Z5Krx?Wfa0nvoCdF@M31 z=dB2Z$&3vwiQUP*JTpia^uA!j3zY+VEk0jgQ6uiVJeSne>9lfs55G(L+%!ts%z^I< z&JAa_b9(zb53FE;f#b%^_))7is0c^@sBBHufg+RRPnr+@6}EC}*`#KFYQXZ@SX{O9 z=iNC6x{EP{5><8e498JIrR&tIjeIy)H1}B*hVGKg4tYD?xiVSv^A=Pc5Z0!}5*5Al z7gp={D$mTZ?AJE1vIzD}^xCo9G{$JO*h*thRM?UcH^qliW*-B$j?{5w=Iltgw4jav zzkPkIJ0@hCcw2$!SDUNuZv^%>T+86O;Ov>06PPy1vp?W@z4{!AvfZTC^N_(X(wn+m zE3Tc285>bqnaWT3e$;FE+a1R7M7geunJM*L&n>&U+?{%_?%cKOL)GJ&)G!d})N_(C zkTAVhdE?H42L_`!TSZPr#QX;R&R>BPOipFrIo0qZD#H=}qSKM~<;NNnrS~J8=6(p5 znmMJFEwL1uSv?5$ES$WKRjhc?#{Jhz3%&pcmC50Rh^*v7-%3_Sy#NAE0z)dD-aq3I z=P5L^UcXtvUf%bm2y^O$M9nXjW!h*2WJA~~(faaua7^ssbmP`a=doXPtb5t;yskTb zZ1LwbaqOB7Nlhgbp8)K1&*v7#``{sn4=kn!A^T5_xVeNYdP3GZc<9jgPmw1Oeo#ch zH@ea&%VHwMl&)fEt;9LHK0^Q1dZB|2f7rV!+pa9q8 zkH0$&4DW}MfW-~Qh-!2Z5N?>UJ5{NqYTzGs%#{QE+2KyLCst{h{@{|!Tk7CL=; zC&Fo}I|~u}*FT;G$hyP>b)ApPv})_FTVr6Ae`WJ4Y`Qd zW&N{xAHG&nGHddv;B%kj?-71Iwntb^j{K7#gB+~7@=tf{X6xjBgGW<6{WP!sg9EPX z78V+|pT2o~8bk*^af+_O{t8C?7K z^M8BwZ}vmci4pIc;&06{c`Gh7pF{`yS1G$Ek3RQj{b0G(DBCHUBQZ+|$q@QyR|^l| zktzvi-b8r1B!^l%TWC`CcD2xrR&B|#>qFpoZT{*14(!C7z$Z3VT_2a~VL9h%POW75 zr_ckW&CN^eFRmCXw!_x4=LIXAu0F5-KAEmFazrap&OdBx0U9b!EFNXAl!k@;8j6Q5(}$iQ zn6N(E{Jh&ck`zeu=muKQ&z}!6GczA5^*oW|ha{vc-rhCl9q-oGJfmN~PS4D|w&0^tQ*y$z`w^$ zS2wByHPN0VM%rfaNWgNuIVK)e5Iu($o<4u+Qa=p^_)X#zr>=BW(>r+MmeI#{!#6}n zQ6gF1vYo2Oh45L@GBQ;e85zTfAt;DORRe8r-3s$=gmV7&ZglVH0T{yklchMvWf2jP zCbDDD)faoJbaiyRkz&HaswG?DZ~$Dsn5geN*qW?pypUv6URo+mT*fJzod8G$Eb6ppu?J7vPQ zTi327S**bwpPxq{AfXz%A+R7?h#U;>_A=;HBnZ0S*`2^!SvBi2AI=rAvo_I5A6HhYmfPn6PP0yi{UJ zq=o`(e|#26xu&J1m2FSc>K;aso#cL&od>aOAqg<0RXY_lsp}5N6K{NbHxCkf=b;z) z@{2wTT?dDAO?cW#pwYjY6gTVvn%ME6+)cTn_cxSe0cb{dd4r2hM<$FbqqtaSA)7!D zgqZ|D$&Z6W!FT+#XU~{Jhqc0lw*WCsD=+7U5Xh&`pH)DdfMR!abOPY_pZ!8B5Zbo6 z1qCrGxhpH~n(L)UPR^GVz&t%>vA0vgVU+=V(C0Pi!yH4TUOTLy!Pc^3-0th2Qw_3s zQbdIHR}JxZi#E?QV7AO6rU%=8(9$zL1yA*4vp!t!D395C7*Y}Y(f3s@gMZHsfa~Ce z1|jKav9o8dLHhD{ehol9LgZWPhEQ`Th5+4hLZQu|z$j~Vw~o1a1lV|ot_*J6gmvpO zd*+0ws3>zF{_%yqLqlgvY5>AS+t6?dRd_bC%X-OLa4sFrhObrNH-3c*W zU0v5THLpH;B+4yeHuK~wf7fRzt47YY2O~+hhS7R@(WCVv(1j;GD{DKtde})W9jGQP zEsgM-lA`uO-W1&Fldqd}VD@M-F{(91&Y1;Z8Ceh~8zPohd`34}A38W}M{o+dO0e%0 zoH1B!SOdTYcZ+MGO>}c#hRpI&xzk&ULN;=+1>1V8mnopjy-bDfdJP^bt3_-Ov-`Zh z&TLX2CfKUklk5}H3)nUubM!6YOT-mEGukn&R6CzPo}G@`*5Jf9i{K8` zIXjTwoh|im@kqRK+eP&n^#xy)8B`;}< ze#i6uRrTM0$vaoQ;RQ3xSUf{HK0ba3gc$jv-cpVW-~W?(|Na8VaMfcwyPs^oB;P!& z!D1Vel9OkP7*GJ>Tbv9&vU1JU0qARH;exxB#h#)=gBMPbKU2*~EBS8Lcy0QMyMiV(*j)9xRbaAA-1I6~e-`VLx~e2PUOk&l zjGYkQTJhy<$wZQAGG&64JinNcfEr^Rk+ zmn2vE^sU$3gq?xU4?Y%8sZqt$M;4W~0 zsR@^urDMY%@?BYiwlW)=np!$~+l3vsf=D~`Krp@0{6Xy%5K#gNxC@9`@mk%mo4dKV z6sz0%X{)E)Qyb;Vqp`is&F%7r9-B1KxUb*uD%ve3kQQJRksj58tnjiYO?ta?+?;AT zGyP|xNEcT=ZRifG?gihC0}*~Ncizn1mf@?BG}E5Uc&p&GoHq+^^8XN=3ZgamEc*V1 zTc)}(`M0_n8teOm`5~{y7TK1?51PtOzGaR?6ZPFUYq#F}wh%*#bJq>$Us%Vx1bK3i zuyAAHDISa6yL;&kBLoYDsyLOJrV2hlG!QzxfsC2U3Gf8ZkM4h-b~u z#cQ(VVej&(lP4dt)NZn2p{9hqP+{}up8=!9tG#Q#y}aoufOnbXw#hnheWS@})ZcpC z!3<-ev7rD(RZbolk&r$qBjEru5Z8>ToZQ^cikLOm9<7sImfyf2Kv$dU9!<{&Mi*xs zg9d^bt*~OdT~8S?B8UUdXQoZ4dcf+)!9Lp}4@%B{@ zXTBA-zA`t4tQe#!`D|3KZ>%oNLiKM8qASIqusa_BS3KG-mfII}d*f`x8M@OC+*TVS z#@&P_Q5!4Hhoj@?=5PPp>>Iy^m?2*x_Iek-HYLtN4v5UQGfN6GC+hNbZ<}289$aZZ zE^h#=YEtx_>^$DDokK+SYI!mg&k;D8%O|y$7AnNdDrVm&D{^Y#EfB~j)&W6 z+q|g%9v&RrZEsNe%&ywX)!r@vi@u!qem4eDnVWl~ynZ@lKeD3y0tys_AT=%qzt|_p zrx?=U9K7%{G4U*YxVQJ@R^hA_D9ZS?U&}L>Tqj=+m1`@$O`@%}yE;;W7>2ul29Ec1 zch`uE`0%_rCo+4eWOO$nnGSTFzXa2nk$p)mRFcdZ8P#X?TN|SuU#oaOSgo^#_%n~?B0<{dr+jKme)J)NeSd~q)-&D z_R1Qz6*n~CK^iE0?RMmshwQSkhA&bEj%Nv`7^=rib}s7cm&_cM$&uc2Tg8t5R;~Ax zYt4z9e22g4#O>zDiQlT;C=bn{*?Mx4M7&`|wm#p#?Gz-^mos^0eTTx>yJ_q*0yOJL z(pFD9@@A&>yI&4jhjyX_t!g4`w@c|@%97mnpf%d@7#8uBY_1+h9 zv4rQdionWKJI`#c9MLFN^xkf8&7-C)LCyaXs?t`BGEMVuuaRhlK5iPm$}4Xby2Jro zECFfWHnAwP@lNpXIFoB0INU6=4WD}|7%7E6D9R~>5ufERH)v?SEwYj82rsH}TEQ?s zy6X&MpTA9Oz+RgLb>5g!gB>_|y_iFGO}Q0&*v$p9&&*xK;fjw~H|F|_Vz952VYR%f zr{?zFJbQxNks{kxE@h;j#g2vdijgu|9m`VFH+eiiIO$OPdcE6i66ISDl??BJ5$k>o{w>%QV$B)o%QTY*P31S(QyM^qlW&XCAI+YhC`=;4mlCkY;a6n z($glWBcENhrs&AZ9CwX@0;O$|^^}@#s8q6-j>Q>yc_Vg>zHfmsv4<8(ueub40w3S5 zoyBa&{>AiMY&(*vk?)gUz3P5+b;IzFo2xj+^EX9nCX##} zb;iT1J>sQwleIO6+st4`ukIqdwx7(!if=1Hy8hy7u~WnANKU-ll?qx#Rn=j@>O%M( zh7h-SRC03o-8_9uaQLt-lWlL#voaC%zyWyYK6iiBp@W{lylS*fSL$rD@8i?d%;en8r{Z$iH~?^)wBoVqaChQ z0K0*ZjkqNvbc!92m6q`-@dE;1SCmsyvFIJ()NVuYUUrvkJlQZtc>fe}#ix*7_dA7d z(D%wF##<+y#Gq419g7O)*0N9*^i){$bt?E6V1~z2R7^U+dh~IW?Mze;|Iyli3fJOI z>2hDBP*=YaU8khbTUIF~RDC`F^*|1pjoHb$D5b$)%)_5BN^k9>+e2AB$;;%dt!spr)fev9(b0&93KKv+ z!vTE=e(&GEf1iLr7?=iDKu&kS@+-3IJCm86ed64?-QW*Cr@SR!G4Jq9ryioXo+?@U zMefhgX{iJX&3rAYcO3>h7E2v2kw#Ho;mq9|eS84Fr?|{Du z_iS^-!YkrSp;rb~+^mK-ghxWn+FBTVuy-B{Ht@vXjv{#0=7SU_vJILQ0W$-Hk^r+> z&uxBK>H(r=!A5)hr6<@X^02dcAf?k_kV2)$;2c;tD@65!mNTJt!<6#dmO}BcV{_DZ z?waPC6dFQb%ihuXCGEk%>s(up3JMBTF__w{J+VOKV-QS%00>}}MJMT{>!vFvoh9UK zRh8?g6@@A%ZMSO*!h!#=BA+*Q?OdK`GNTV?9!R3e`fMoQd%1<3DEVupD`&Xq0H5;3 zJ!*!>Sqx9yzdumB8^Ig3k4BdVaeM;+q0sK}8BDzYu&JS85cmR+HH=2pun)j?zhbXW z!{^0*Co}OostUF5+?edicB`iEUO{frrmP6G@H+}SYq#fz1(tu*FitHOSwnv@HZB2j zAsk3p?K^pSGP1HK02{Nr7{WirQFmPlAqXAtn}MhgI)87AW8CET8iR%G6?TsS%gWUB z{b=m2UP_Cd;@b{+ZCmgnAb1e#zf(H`Vm-63#(4a50hw4@R<<72+UQQdvbtVCe%ruj z>*(k(*#vG~Y4uRjXJiHV+xsCz1eSJSc(~e=Cl_o0JsHf8)v|M3UvIt)}KO)4Q9bE+v0^zo#_gefcqOvT;PI7lW%lUGn}t zz3MMiVAqS~VXifFR$hDcfZ0mPUdV3*mD8G}P;phDfO_cYQODJ|R7Yjl`9c#D`N0wV zR2T0amzJ5y2F`f2|5@MZ%vx0c;SC46>MFzqz>u_kB!E$z`1#YKG4yb;AS}BFirn1X z_aSWcnq?md6*F*`6)V%-(=%Qsl027=35|%Ly=tEYop@NU%eELT3*cB+*t3(pW-l@0 zJC6t7LWts;sw(79{rhn zQN!r^hgk4P4ds8(8Pt+>nFFqV|tKmr9F7uJNHUllud zj=98IUr)c)5{u!LYUXpE*^E}D?py3TKS6tGm~=}~{6&42aFYAh(&*!DrPeZx*|1Sh z@2$E(-kOyU(R;RInc+rg+B!gS!k8Wx7TylE{xIzefE*bKkrCEB{R@1PU$Tj0#^C^I zFsEJAiTF@ufj9S$`fVLHO-h3#7J&h92csh`~s?LwvQyj~(0a^68n#v{TP>Zr->tN1-#Drb*R9 zu4xuHdHs~+??{ESe}Hp{$k>*GiSq^o2>DOF z6C+Q=f$l-9BraqU2%B4uG^FRjOYMko<#LyWw7A;{ZmD$%&uLa-gO8Gkdre|E=|634)*X`Vo23S1!y#(clMqv*q0wJ8bn-a@@1H;jP<$ z9y!m@x!bF$yLZ_7R9CQ%XvIRbFbyvzp*vDK{W&7thp}Y9_1TPdda8u{EJAGl2bZ^F z?b46)0i&3$s}tq7Q+%zuT@n@_eEInC*(26M%E-VGi^`+%ZP>t1BZS+ywCpK@bU z2Xnk{FS%Lswl{fd0r^D8sA4yUuE8xJH+buIccx2TpHx#w`X~F079C}I@epy2>az=M zJCXCBbOqiG#VUEtbWOSNi;z~MnlA;XH_(?d1{bY*=0gYN_j)w3D!!(aMa~xz-4Ec8 ze%bcCX3S(m=Rj`gffULg?aO;_=Rp$WOyi|(q`#LsrV zXs=FJfdLXOYkcYAplW>0*q{5@p5bsu!k$m@EDI=itQ5Cwrtu;W2qzNP8x}JaRl&Rp zz6Z@M$zS&dT;XpLm3}n7P6%xp8+x4m^|4`AmM(7F@p+-s2Cn;W#m1WXo(?jz-}vh4 zah5xzcX5Rv0jLK$1^OJ>hNB;UW^a7(p>7!`D{Wyr&pQyk)}b}|#!?CKbA&QO);WPj z*izYCBojZuNt+Z!XZW>N_K9&9!}QZqAqh_^dMQmv^+yg$J6WdC)o@Fz2=Cqlsbn%a zH|oX0>QHHIy1!Q~W*=KF>O!#4C1vGUyR!K8a1v(byrm>>=7fWMl14_?OS`foUO1xy z?CTrd!`s5t>TjkeCnZ_G&PsMIYw1?9>9&1XF-Pf)C=W@$&i+(o8vXSB6{7h7o_rk(5Q;llf~=iWTf;k4PcM0<{o&>1l|;5FS=C{sdt#1pMb5d~H_l71 zEli@TyQyfa)!_8gD2Fymcf{fWt`ek?S&YUw;rH653XJ-eI z4DjBsSm?`hJ7CaBmTSn5QBhI%%oIDK=G+tGw_-7FCzu?~JLu=7c`Z6HXWZq{NOet( zG|lm1f=N?cn~hD1Bxl=t{r5XTfi9-9&dN>Btv*z=g4>Z8ows^t;bn}EWy8q6QQ}&*=lU?#bFtmahA+W~w$LxMv@%H5M{WL6UrL?3Q_Dc=DtasrC619( zeD%#+c_!p&zQ5A?Y37fW=Mt+0>Fi!TsmeTD+T$*l7Tn!Y{SHcb0x>P)_Y{n9Bpae< zZQwfP~*H|YA1?J z>LvBYUHUT}lu{B(9WL?#@^Gt9o6UuyjU}Ju^VIoI>s6GwlCFmb2h4~zCH*6q`Q8G| z0JZ#*R+f%7!)G+K-jeripIsKVCl~l)qd-C(z?sg6uErN$RUP<=R4SQwB&C%)6i;Vh zhSPAjTs=b7GQPT}phs#_YIWu=_S=>9+Lh@fljGK~%GtwfRsHsQd40iURl`!lR1#2t zWXSMQF2|YbTk_hJhfKM~e-)phwAE0@@ne4)^|z6q^!S=rn7@lK&ebc->@QUIfD<+Z zg8zWO=r=*l_-~!&So*EPuQL+sQJ))Xh>r8U$(0%$;?#sXQTZV2+eX5*{7u?`cW$uU z!uMuZz2pMF{HG{eDP1o^|6EBqosGvgm6JBQ2UY`4?{DfAp2&+9>E~=`J@9kHZO9Zg~oC*O_1bL&J3U zzLQHH9#7Xb#`g;5lPI+wgS#t54{fDg9T3Z{1(|#tW1Wn#Es2{F!yR~ozd`syL7mNc zDQoW0OuSAk>$l$(R<*ob?cX3xI@}X=^Hfx=2Wd*vAP81{ej@=uP-^-*dACt0AObx0E`PL6%eI!KX zqO9fk&yY}7<`0)1n05cm(2*eAqs^8`gvDinMnTBL(b{5Yj)-z#}~%mJavY%{_9^i1lOCjHP7TNc{+@A$ZyV`yk4NMThf2l zS!#~C7M&ea#g!QLjsq!|G29%2ik@V}rLLxw94b0*b7AZ@{M|{oE^E|lezAXK%&}rn zjNGYGlF8_4ucG|u=~%|9_=bCkn9kXOvbkxmUjJRP#K#__o_|kUW=Wwg2tI1Rv|~yt zutMy835@r7z2$fF#_Xlf6*024=3tvHb%l@RpsSPOMlu(IK8-9)VG`PG?9IKD71<9` z&FSNLCgQX<1K#I$QgJ46fyj#qaaLtY=3VmuRC#Aa!4{T|i)lrtsk#T{ixR%|Rls@q zTaT;@akqlmgj^Y)dQMS2t+w9Sns1_fx(lx&rA8=}C{s(`_+u}VzSOwJFSUp-NOIyz z4KUQSp7^_1ym<+(WM)(U=#z@eA>|-gktNMBpr!nP^G3*JjK(2$f#<@bAjHP zM;6R&R4!UJT1Nx%tqztfCp)Vlj#R~sBWmjB#Uv&r#i7)lltEbl7<1Ue z?RSR*gOjw#?U(oOAYDk(5)Kx61TgI9wj=7e*i?@7Oi81Y?&j)c_SxOY>yy6^1&P2- z7JpIZzrQd31}1C&>oVKRhW)QMPW%4fd9%gpTAMqduj1s$oc;|}t!ssUS_J$zqxMaO literal 0 HcmV?d00001 diff --git a/fast/stages-multitenant/stages.png b/fast/stages-multitenant/stages.png new file mode 100644 index 0000000000000000000000000000000000000000..dc2acc0a2821c37d4370fe47527e87e8ab2a4740 GIT binary patch literal 219942 zcmeFZXH-;M(=OVem=G|KlL-kT86<;>fDH&r5F{%(HaSD1Za{LD44W)ja%^(WL1IHA zIkeE^Cij`m-tYU3^Y4uF=ZYbu3Z7Y*zyYJfj7dkFB_!$3BBV+PYRUyHNhbb2X#VtCO~$V3kD;;G>#QfDcL~3fGYcBCc11qD{?Xrv zUVkNqHq(!|1)hQB%tvZ+6?W%o6kd?He7WO2!sd?!*F-5 zocR7sa5X8q#1*}Pa9dw9>0PLwKI&DSm_=rD3^d$_y8W>TUDOG=u}F8ZfFq4yBA&Rl zd**PM-tY>{@k~ti_EJ0e(aO|IJ7RA-%S3I%Rpu%c46+9|-?*l7&_dEXTAyly%5N+l&qZRVJJKyE} zSxCnrL*pNrp+lT-b~p zY}-XNRANio@Xplhu#Ga^{_@fFLmXojPF{1>A-*kZ^7rG}_vOx((NX71{kh$8yV7sn z771egS!oF&ki`j$T5K#)3rqbz$&CAeCiDpVepB_BiU02ykL}B|3rLLH^`phw*BsWHPB1-=)DZ5E z#>)YWP62qGxqE;8^DNaE{QL1 zWiBl(iD!|1qJNppQms(eI0D-i$J0V>{}B^4)+58Micd z=RTP!J=n~TSTyA~XN1omFD)6l{jTTA+_bW}hx!aonAbiHUx^zuCJiMziwB z*6Vw;ni{yw(QKUO91(mbo&F9{j%BbHQq3O8iB^lok6@&*hs7S4VUx%E1gnGh-xq1N zC9(lEROQd_QrF*y8qeicV!ZLz!D$a>-M3=3u-iKDhq_1npjE5b8i?@w)xtAsR7U{#bPBZpZ(hhp1&qV0BT$tSg!2+EyL%a0H(bAy9}Vb#6IMW;Da@Eu93-DIE? zsIdC{G4O4!ql)!{O6+>|n}PU&(J_NEukS8mPAg19-@)2+Wp?*;lhaba1v9PK5Zzlw zx?9wR-9&O6M%XL}4BO_;us(4zK-T;u*q|mX=nICW4vg9TNC(vfDAuE(U-{K`wF6 z!NI{=AF((VSW+PXfZ!n5rtXb}V2$*SX>j)j&_2+ssj2B}uqa4U?>C%Q;*es_?0LCN(4o~Zx089O zqnc5sFnRv=nMRPk1=F&B2M%ib9EL!sBRoCv0ORKF9!X1chlGSAZei$>S8kGUfH>55!$? zZONZ&oiIbo_Zt3AO?@DaJq-ki(uX;~0tHv1o?#JlLq&1bCiBI9FCU2S@A0{<*V2`W zFhfeo{z0fJY;w8rmlKVVaf($}CHA~0<(V6@Y(1M`34jr^vgvLepJSh8)d`%~ux4OR zr32kgj(acLK3UEL*tQB(#q#(!_K8GP-x+*M7A*L%JOeyQl|M)(-IxsO*OJO%B`N1> zaq#&BGom7S_;ISzE-yD%RgFf^L|)7M#U}oDgExBWz!KrOCbIoA%vmN=90?_eP4?GP zNkSzeM!9qSlikmyOHHv8+}Q$-31mAdJgC~YX_0bUzbg5wP`n7e#89+)Fq+ry>4A4Q7vUtu z-Rcn+wt+PVg`-kaybmWNznKahS^L#OLKdfT{m;~{n{xjh5CxZBDweyAS{c{t>%h%i zbvp|t4$Ujbs7wh@5|JToLl)sZwzn%!;F>%2F?zBqLzXd^z?9H0JT`x zcHJ=_*t18>Ld;7VDhGl_It6Ck++p2r?e$5Deiho(JC1PJy^(tmS98U}OJIu6jk#d6 z;cso+$112bbae|ktOmO0Y+_+!iat9fyvR?nBWtP)J_AyzZ-?K$1g1SsAFz8edm@iq zv^P@Aw0fC%=y`%WW=DQW-A06;)+4Y<+YG;`U#5l$2PvIep-wDg0?Ei|L+5~AGHyzm zyHw3RK-zEpKEuZO4C(gJKO#fHQ=HE7`8MiP4i5y?bSdF2!Xq}X@yb((G2`5CjiI`` zvf*y!T<7;Uz@`+FPEkDiB_ECnmZ43OA~jF>cS;?Oq8{)RK@+7U!of9PvDy7AoNQ*V zl`V9`s;or)t7U4mulx(<`m_K6mv0GeS4xfyaD1$L@I;5c#JFUp-c4wl>D*avwo|Z2f85qdr#h1QT*s>{LJAhVMK-~?;_uo z^bVAv8@f3#IBthc>QntzR$t;W@D)Dm7MD2gq~`QQS~i(TW%)i>4?Mh*2kwlB2y|PU1_Y?|wK;I>{hbi? z-Z{HF1^KxOZh421gN+#^1Lov&CBnFNyV`>~YpptVF7}?--|FsS%SUp-=>v%>yu}2q zfW!c6CTF0H$Y5im#2d_rbe3z^2uY5an1T9|Y3G{-8u0{=?lp(*h5Dmr`7cszv!T)I z(J?V>{M=zXNB@$}tVLyi@jEQF8aMQpQ}HPTx0IpEWqEC86p|BbkEFT2lS$55J=Z_OM~_-*}HoJ+kE!taaX)$<59E1=tOsCcvZSN8~2R=?E67E_iY2FT?$^ zgr_metse7Tl%@KI01e`KEA?2(hvn-F%-q?QU%F04KqnPJ{3rHRi;l)qVm6`)JX?tI z&>BT{aK8jkj;+oz|8)}p6F^H4XA%Zi*&-h!6FXf9Y)kBFz=dE9mTZK|@F*zG3)4f$ z0d#*w=5Z7nH*l-dzSrzRCmJjzDV@A=cN%lzE1P3g9wlrb+o*2%^e$-X;oizMy$xU) z!5YW1Zz)qt?NRUk9rPHvR01M?pwA$1+o^+zI?w&w>)211!Gy8`bGo5+;<(E2yGD^C zJ})2eacPP`2M%Ybd`%Dr`?+OORWj-CZumkjqN{?*C}U-uzA@kB%wh#VwykW}BHtd* z88g>T7;(?LSYSjAI4#CixOtWpq!NuIy_NpriTU{V3W6tc^)0Jmf6R^#^vNe$9489iW`spDI{`Y=aBqVx;UYE@6X3N#P^ zQD?AX_*X*nw>IjR{7E{s*q{%G@-bB)Dgm|;?SD0{X(LY^K=^Cr?z%7U+p(m62E)GM zyvsUk8=_%OGzL|G&_ncVa%%=#HULCT)CW~sV3XMrtbYTu?@cqB|8?~}J{tl|(+v>F zjHi(kXjq;2PQA^5rZ7Dzuqb>^m8FBj<9xy zW0Yltp{K}iaB$8XdBE^t1BZ_k(CtLaGxc+RBOIRe*-Lu8P_FC5f|wa;_h-1x{@x9r zz1Bz$H+PKaa($&3E{*ZLJB5`p@Xh4WRc`yzYvZ0@AtHTGbX@Hnrtv~Hpt{F1@<#FlIALjYUK&kQS=1By8 zrSNv}y9fT1Ejb8gb}|&ZJqsY#^A7D>_m21WXCU3N6G?*dP@ly09#P=EJWqWls}ftE zZiRGS?W@Gb!-VNp0EbfsxmVPF1>R9P)j)Wch?GqqB2Ev}_Bi0;VjocfYQyU_uH>v? zFS23yA1WiTdnXT1bV;amX%$p;b*+~bs1`z3-o+T;V&?JYI#GK`oQ+FKgr3yO>?Az- zWPA4pNk+;r;eSHk6%7#208*@116n6Ii^?Jb!+s?ZmtNmR_PC=nR~!;1>c7p!yz znwfD#V}-G?SN&FC+ox($JXxRQbE^P&n-nAi>OI|m_P>)D%z&%~@aGN%5tfA8IPgU1 zcB;zA<8~*&FLNp@)l>eu!c5=r&LMHNm`?l@*qA0*sGXf1TZWcbG%JOogXx(|M%$@c zeEjC%0pKtU#8)EzJ;GL&7e)T_1^ihpjR($uk52mw*!kz1x7bBO`+s?gulw`wRBb=} z-SC`X-;bij5XVKA>Vq=e@kku+EPmGv5nm}L=q zNUZ7}KQQ{nARb=cCr}X)7qO0T{CJ(REQ%gaptOt(eYQ*x?xTyKq~9)Nznsrx7Ihh4 zoqSFj6qFqCN|8|C>7qXAO|#HD=`yr6UA;?-2+PM)lg1@(xAmw`#jzQIZBmffH~$&M zJ=K&I`lxP_7+mw4mp4m3EMsU$MZ|ttfi#`KyXzmF@HIC{`9+>f*jaMR{yV3Xze3_0 zQY7KJsgFABs7W9S5*L&q_IA);9+Sho(Bbg(ugina!Ke`KXzX&|yzQ32yNg z1)q6A6f92MP8{b)A|o=Edb%G&m*gqsBhsW=+;HkAc9eAZ=T3$uUVdKxH=c%ho8@5} zU-(=Jk&DPJEP6XRZ@~mzG79W76t|mKIa?Pzv8Q}=aZ4b$MdE_Fd7G`NH%u0hNgiuN zlo@V6JnJv-iKuT#HTNmhT#aG^R*;3dbd}3J2;2uT<^nT2^1U$DtY|)yfpy%$soW*m zkhqkY!|H(v&Xd|v!MFza;ZVmh))OJ(yg41!0p<$jo`AsoNBpMwC)|p(yalK4NMyYG_ zUD;u-k7j+D0?=azV&-#t$KKFfn4*Up?^5lTFN72n{o|)c>WZw!z-ai$DJZ+=G;ZNA zUmj9WP%Miu_1dLpE1J2us7kf8&@wU(ZFRmblzK_o2@UH?6jtwC)41=K{#x3{NAs=f z57*u0C6TB4p!E8x9}J(H{zf=8w|qc zq-4M-wXFHsq9z|i~a zXFlruFmOv1jIyd6Caw=iC) zLrGY@#ksC-g@&MNf&R3~#dB;vBmqRacY0h2^z=;fWWaekzU3SD-ODIkd5GVmh>Ygu zqne}Ll<1M-`yKBHIy0LVZlAg76)Eabn;!sE*R0PM1HZ?Fq&>)*Zg6UV)wf|q$2nC- z_bG%!@U91fZs~8oduz|P!kEmu=A~=4?NhpJU&R)BA(2I)5~R>H=O^B(m~;6`85!Bf z(8|+}glt1yh2M7Zk!T2a?FM>7kl5EqzA#n)pV934_eICovv4+FGXh(_6TZI(=hdgY z8F+)3jhgVaEgGKt{@uG&Cbq5f2K3$o0*N>x}1=Ek1z`%lb(Phg=!yY8-lj zzZF0UczPZ`Y;#)M@3MaUlc$MA1D;vR5e}AHRbYzt^tZWf!E_&okof+Cx)c=S+xkQo zbIr=Mh~bE4N;=%j0H;AGCo3?$BSb!;P^(@wu#mG4^ii^E!Gb$Dn)x#g*)#CbN=qsD z4~8Ei$%&IlIqH|!>1FZQ1K<$0EufCh^-+XUA^E~)Ll{L1=jLuh({zZRk9B|7egwsv zyU>mq2))ceO6Hla)vyqHhA1WuJ4ELg^WPb*;V)NqBs(kXV1xxFG(s^sXjzC>{}U_ir{N^vi4puUt~c>?0MdAq8-^02prn+G zkdakd5~5ukKHB9ewb52pjRiC8<(E-vxxM)~HWhy>jdY9azr3aK<~xT}QeD~p$Ps-EMy7?`#5?n(!e zhn04@5@>7}+kCWZPkr4x?#IuqdB=rcY?~~xuKz|EeW&ZPim?qb-^o|F?_AvM{bw+l zfb9tPHDW$b_3hiR7W_O{22#fTm6YP)_L5BsQvVy(x~cRJ7T|CGe{JKmy1JSa#E>RB zSl!2ST@{tcme+WBwMjoef6k(q7{*jRV;vn8wFn&cxx}?AUqxKD{$|Rls?uN#W$Cz0 z5DQ%e#SRswTh~lyY8(ObhK-{I;BxZvb<{jNb`jUR@88!OPt7O)sI?TZ)K zIr69`y$<0f4S)TLPS9G_%q%B2FE7&08=UXNU{^$5K^mV@T)SLm+(%oWQQTaIQ&m^b zD=Sm&>+1`6^{|@scH_QiT+pP4%+q>?xUkMi3 zi^eTbf_1vE!j?En5mC|dPi;3Got(Nc*d7da_sex}vw?WxMf-P8@A%_qWo~6vZWX(K za#nYX5E9vn!LrQ2HMO+t8I%=iHWZw&bFZ1wDk`3-sjI69UFK%4TTfg0&t3q)Be}ag zBvQtT^dy(ALKjx%DPf(V`F1|eO=kzz4pnIClU2}4PN5Gt&p(npa*|V zO-%Ni4fA z3Gwj}H@pP|1lVA=$45uI(EGXB*|N%~Z@5whva_V}H4tu!FHQQxj%#*HgbOpF0{#BFeg(+5 zRYcRm_K*5{T?Ph*hSXKJ0khjLdMZ*Om~Ks`x5#FPQ7q{VTtaOwL*RqrVLQoS8MY?*(4nu z9gEM;&oh=bzL%c=`t^&c;4Ua36%-T{M?~B~E+KSb`L(s828lpjJVoOPC51gp0pOlC zO-;=R2_+N2HF!ch4CrK~q@=pHLmtzUvM{LI+S)#)Cq;51XJ=FHhyp~Jvk@8_9MpGb z;9z6(2bz1VbG5dnrliK%!O`*YMs`Dk4X7$;Y>*PpWT@=4SJFi|iF#D#+s3 z&CSiSaf6s1irpg*Xb+1-rO9zIFcmrE6;);Bh?0BkkFdo(L_uQr6IKp^>dJ(pIu`ta zo!Nge*_l7s2oblHOn7Ehli>-8odFpd*o#tJM)q{f??>yRYaI#E%*>1#-L-tlHO7ei z;G8vD0bX%d#XXmfPoCE-EG>Jh>dJ@o>!jr%otZX5iO<$5nCoTIS6>DAf_a+h@fYis zj_AnpQP2ld-^D071yA1NoF8nm>RGUZeuW0Q||G&*F)S1&+fCKk_}lB4xXaV zIyQC3W@eH`x1R|JyjgdxXn!_DWdK>cnygHa!T*+$iVD9%pUTV2ivt1z%KULIbT{(J zoPd!R1Ao+b^X5&r*B@Fq$a&&MCHTZy+dmaYC4ZAibh53|F3hKc7a$qX8{8HPy_xlI zu0Uc`3=9mWENb>?E$X^NP-!29=tC%|s8~E#oND{dG#X0fcM5DnuqdOS&m8Ema)&4spqg5MLH?D#%waZF;w5_Y(S&{0PzcH~y4nW|&ippL4 z+8Kjorn{p+tg;O-OXwsgq}OolW#V=|48bT*MXa;HK|8f{zx}MkT5@a!vt73rVJ3QZ zcE*MULf+uZ{#giT<0^D;cJ4U!g6Ef(@@4ABTB}k(xIu0k7SX767kzwutRXEeosU3> z8^u-^78YuFdU|#rw}Vq3J#`K#r^3NBrOo*lGfIWw6uq7=YzAeFy==8@t5f=I_m1`%3n5}Y9lup#;mGm zHe-<+iq+ZFvzfIAnng#-byQWhGZ+k}lH-ZyT{HCl%qm5!i}o05!C>an@Ei*A+pd&y zD1TrLxKHu?{JaJL!S~gTS#J`CmkHbVe{D_~dtRxe9L*p9P>D?18`g1mKZ$LVtzEnP zCm_IIxXq9p+dO9@$H_N|peE4Iy6)FPQ*_d9Zwtg!u6^U|?3|yM$G%kmPERi-N=2hm zOkTP`WXnALOGt`%ASf<6U6uj*|riCthTl`(vHr8ej&W@ z=ekoZ4J}<`EO4RMW;e?vs)F{Phi}k-@l}AKv*ZU0f`3?7BAq;Iugt&l52lS^r!AfYix{Yc%Y@ICfhh_jFh`q%)mK}+g4qFYojKHMs!Vex`{#&OK;UTHhu*kGn_ zYx_D_u%M18QY^5+g#8*m)Pte+lX>kd?fb>WzZSNc3L>k>&^=GC)H1I7Z)?zbjm*^M z_vpx7%F`jEaC3z`*PbsQinS2aTJW^)cfb`dlla?e=pDay#{8sQzq3$Wp_ZATGFUVH zN;X4IouA$UB?G}jLN#F+7FckZ?SjlMW_j7z(ZS&d2no7H>Hr`k>j(N01VK<{zvKTp zqE5F+n==M{+}zxlx=s}%faMJz1B|Xf?z@QP78H!;71f)cc+Rh6W@b*+xt4C&0b0L| zY0`fSKAbV^3p{|YFr6j!i9onjToJm6?RL6|`Em66y14*9e$&JnKLlGM^Q@Z>#0}66cWi|l>jlm2Y3b;;@8APY?Ss@!p|ALlQlIW{x&%oU&N6P~Xh5dS20;1u;EKPJ7@znV*vb1(eHp zp^)jwLjruD+ZLa|lR&iOG?T>Bps|8dgpz}klW|=L9g!H6CNNfpV3@P3@|mhL_;GY1 zp|A<`wh}<_1+Z#%cD%oA;$Q7e4l}g0w5(gCdI>mHd_sas@#^!a5GU4d_)YJBV_0ZhHf)5!CY>AeRj;q>+60k|@ znHt-M3BlwOr7Y?KWU&QRX`~Ao4VeMF{j9FMe6%+hJPlB-lKQKJos#%Hl-_Hpz>z^D z%Kh=<^%3VC|IQ1V>DEm4bhs^I8gAZqFQ<4*?ROX^qvqbecuW-wR_K(nD-6+!BNHv*e6UbH{UMDd9; zhJq44FlJS4ZA&lI(2#9TDnV=;;O33L02h%^I6U*(W!Vlc0#r1ow$^>R%Y~a-!EIrj z`g;d!6rjvUXI^-!vVW6D13M0E^njz#f$YmznzpAW0*qV|Aepd;syS2F^Hc+o&Mc-< zA_Ih8?h$H)N>J*bpp@2RdXO-HQ+Lfx4*-)ODFnj-qHoN#sn7kRzh6;6P!L&|GU3i$ zESr(!FsoIB1GFKniK;Olko#<4etcBi=Lv_FsOf1-MRso8F$+g`clY7asv-C3O}9V$ zZjrvWJ-@aRas*wZrF~q*K!ih6(RSF^k>4cH_XukK2;`~3X~^>D6ci-A4Q&}48_Ss2 z0t*3nRG$-bI!p4*H?=XRcz+aJn^RpmRVv&-EL#yYG0cEei(jD ze3oFMXFnqVk`;P>?uCSA;|+^haTBnj8b!q zw;gZg45yO^e8W{NIpd6qib}~;3lgSOVkTQskzjZ-ojB3I=u~SJ)8)Wbx-76(xCS7~ zN^H#Ik&f288vAf491aJb-&KbzudGCJnjj=~%u$5;2cKM&Aprk08@v$j^EEz-E`HsA zQ&{Zl@Ycig#o#VSPfMC3pCBmBFv{CFH-hp11T9BOw(jN{2FBBovf@M$Q9LebdrWuT9)jB^8|eyH}ki( zok#k#9%t%mB_t%2yY3qAzF7e28i*>{8#%0PvmQ>hGtiS#v;fV2v&xqs^Gw{C!$R~+ zs0Ug>DABC6*6H5wnddZIG3V7-MOr z?+mi3JwXkhkc^FeF9A-l1Skio1CNp98T^S823XXx-s3q+RKNR?BZZcnzNk+d3k)Z z-+=Xnf)JZw*>db#Twdw%Omgfbw7jzRcAzZ=AO5QSGSQ<#D0_J&DTqqnRPDf$-Qy*~ zvE=Jxj5o(tJPhdC-F#b3wm=q|p-YKR=EvWm?dxW~J)At%aJSb;8P(xb$D3X+QGN&7 zskU@I_~SajkbA|U0e#EX#ui{hK=x6RV(FDXuswE~osq$W&)`t-{0`CNi9#r_MU~5ceKs|EXyj`xziUU zS5eK2hSv8$j=W92fKSOvyt3N$9yL|C7aP@exeC!&c*eEFhq0hK{%lG*N%uQQI+4&$ zf|l5CJ31vE&Y7RqahunDx3y(Q#5+tPD>aIa#?t0ol1Dp6^eq6t!iW@ zsHhl-G9{4T<17Q~x^N8C4wb6=0Fo?b5>dkr5b+R*87Dn3{uF3Z#ojdlRR9n{MDrGa zUoJ3~fV3U(3`4Q^P++l1g9ilqA|R5fdU~G4_TT|RH%6RsAQqbpV*CXFWP#EVND67N zddkXa&+q@;-Y$dOsG6|`0jOHLFbHX8VKD-@IWOlUC?M=+m}s!^#8r$DWZ}U_mX_LF z8(`gnkNzNmL2rL(00jeZ6;0*P;Nah2p^=^-hsw*$d~DQd$sXGAs9{#pxUPMhw~Q5{ z5Dd&Jzp$hI?SRt&8U!l5gH_d!qx)RowzV@rIFoiO>J72A12sKR#jzP{-wvTD8mcg2 zpcJ?p)AJZVRIN7PVxW?QSL3@EPrq~jO`Uh$yf zvaHpSs;o5+f8mNuabH!IRt%3F!9ooPcG!QIEeYvm!sXIxM{!UX`(+&Mg5%lze8oZ{qEln`+X$fT zOLlC4(bm*VX%~Ve-tc@1z5#;Pq(4}Pqdox;RGX2Oysu4Lt)indQ-!gD?A!%SRKAd* ziGDfkP>y}g~sJr@G8YhfkN zvN*IfHGK;r&XM37Mu>OUt(#Z&+v#8#3|4I`yBBPAHcnTQzR4>b*KC*IhX6awkZ%@m9;7tQU;M(t| zugkOkQddFl0z51iB;auQ#(^ZG6Y@<+Hpg; zEd&epHWXBQ^Ze0Hvs@Ov3b`LSHum0Xx{7D5wDn_t@QKnqt9p<&p*}Ncx$3w7v^ecE z1ilHZBEI<>*gBY`6OjT12s$-aL;$Ha=+$wVZ}rdrUQ|?6xj{k*w#x#)-QU|YEYC-7 zJj)&>@Q(Y2R}?icT7Uq6R8!l3xB*^AV$kG9|coL0CI z;QK-3aPA}M`tjqEMX@)cIjUv)iHP~(=h5+!I62U{PieV!(RsoT=k1?r8ta3_d8UBg z87I_Egz|@Fm%tM(I}+)a`12P>?+tR2j-S{R+?#C0Hou2D_4x{dsyZnPz;wY8gKv*t zwB>0=x3<3d%E~w{_r_`a5$VTQ%?GeAg3g(r!RLS*D;6)_h0DnY3cxtunBjLaJi*s9 zw6F5$ob5L316HFEu{Rk#ZZSDrLN5!t@!&NW^6Y`ccbLy#Z;;UUIkG~Gslh-`3bhJ% z9*-}Ikb~K?y%^#SzSJaj!|O1dX-#t0*5aQ{HW2OHg}HBp7~Irpt$x3DUz}EkusyNB ziku&qT1?9-M1iGv!Zk^fFMoGM#&NUv=O+`TxLLfaQgDB|>19Ayfm?u;cIxmjlHkl3 zM*xjDX&*2j8qNH-6>P(XIvIsISaMsQdoDE_)eL_~Zuti3Wis&%S>NjlHRMmnH(Z^k zo#aE(LBB0l8)U(a4tE)7pAq|ltrhRM@$z}oY=U0$2kxh_eCouM@Q^PLylvxFH1df8 zVZ({8#7t0=f#lI5uv>^;7W7TIt66C^Z(i&r+Ua)9t+ICgkEj86QH$3?K_zrnTxpw?(6u%iQX`gcLY z7O(Q(%6}wn22T+-x9!6SsvLHUYQ{W{e$Qez#ydMrLmuH}p(iJ~`&S74NX|&MfJr|+ zhfaym_#FOT263ZCzhtN^WiZt9$?FP)=3Lw?Yw2Av+#0N?A1 zNfI1TJLP{>2y-!f72(h(W+w)T!~_r{Vw93Z3iwR=7lpusyyazww!Xy9letEyYIJH} zys*hVLPF9J=xe{s*$K8(8K<)sI>a{6je{LP-f=-`b41ySNy<+tBbg{Dc?T}q)xCyb z+XUEwlgMP&F9sMZvtAR0dhYK4&|{q=Zg~KF507nJ+-@{-%C|w71V`);XywK=48--A z@u-a9E@i+*(G(B;8KIVw?cHGf1U z)m?0!cU%q4XnhFH4D5F3v2tGf+E{yhI7mRjVY7Z9YGH*H<)t6hYH(4D*mE5y(Da(w zujrvc@>W<;!Ds8Sy#_HE31XG&&M<_EG;v}Dk{*5PS)D43ejt4}H2r61s_15JV29(J z_J@TEF9|SGL;VRc;+~7T^64p8gSC%!L+LZC(<>I!($b1&*~rb|74ZfW_e3CTEaG1! zhWQ0mUuKuIFGZcUNv`&#I5T_BR$@F6N4ttMw(3dd_f7*go{`=Y`TKyXKHKJHao^U9 z-#QydektZ>kKo~|y(deexF7YiUix(MV##z|s1Dq z?qc9+Tfe=*gx*&g(%@w)$1nfX)rL=6ra&qNNhhYfhsaJFRW6AW1_lX-=RVS;;yWgi z+zovF(YA_zB=nqS_T9E8F{Xw>@nth)gqU?b)RA=ek)4wlZKW9Yl;?7h(Pf+S>X^(4`DsX8_;{}6rQfF?vD@n8rG{Xs!m|rCp z>KWwyKwf>yyc>b^HC?;zxpi~KP-QUwp4aabaz^^WzyU8=JCVTmj8DwtflLv90IB>Z#Wb$op9oK6UdzVpavoOiGz~DBxJe1(uXEDQ@(jr0}6PrXv_PeL0q}fxI7;&gFSP|nO8LnCYE#GzA z5$F1z_I9TcV_w^2`<3-?j@5pr+%ca&1k=6vcLDasxO7L~Bx|X;w!C4pJqI2*k^Hq- z+q~&*MDy26PoCPXqLr+nn%I!q^}Xc*(f#!b7c%+ujvpTf2F}}`QlGz&vLCKS4B6*h zJivKFk~c7wS_|xxbl4jF2nt&2ArJj1g>IDpDAQ2%lk)M|wP#=iTb|zkchhkD!k@`f zTCh11Y-n*Wm5h0mLu}h_zt>oJce%Gr?bV6bb|D&@OLfizyW`kM&3j-F<+Oat=;6= zkvCLskG%%Zth?=SZmC<*8VVk}R5<;EurkV|4bb^7g?XcN7~~8zodTL zpu!D0%>Z;z0h*17;)ff~pZYt)w?i%6ZRCdU<>TCx$=(KWPzJ7n4P-Y`zO8O`JV0Rc zJf}{$aO${~KIeUycn*#XV7Y?ezj&x1-_gSIi|X_(=+KW;m##P*Obdh1&6(#&rK7{! zHq^%`=w@A>#Pv2JAb`^=Sx9!ap>Ee6It-S-a>LW)N8KEAG^Zv2f!k+0N$}pP{G^0j z*k~To>k~3?kUD;kd7uDT3-E(8>F!&Zk6PZ9R=KJ)*EH1K!f{m22pAVzZ(wk#Q+kKV zcr*g)%6N)%9l$K*>$9?14Jkzw*4u1KO8heMGN!L(nz3EMgcfh$B6x93maR+_2^1v?SJd-I)Z;G+?S z4)d0O`OlsuZVnwC&HVcFSg@b9y&UD(6SE#Koe4IQ#iex`$K>(^csYRx#|5ROq2cwT zeq-Xmr2AA@Lg*Zo0?@zrft))Qk)q1a@5_uB+I0uQ^82yAdHTmQjN8L(zL*-p3@f>5 zWX@unat}#P5~COUm51)pqb?AHY}IETQ{0Tvard110z0Oj$1z5yRNMAC!m2ko&yrvx ze=YRT5k;V#zoXs89YGTDervEp#BR}4`TBN%uzH5h8L-xfjB0zctOUiEvLU&Whv70Z zYV_LIW@O$uO;zHaH?!a*-JKbympxH| z=YgKH1lISfzLou$i7;R*j+QaMD`+j2voLLI&dw*OE3!hS6}M)*Z@64mG2Aa+5Un6m z86avu&}qA=Krgr{9+H$m&*Egq!4ja{UHo1yOCf;xn)L*hp$cBt$o_U3>iv7?tk>`+ zA!Y|+cy0Y`-qlMw%H5fXLNA)D-?^;(la?QG(_5D}=;_WUwbx^E>1&A2RQTGzk2N=) zNCpbR9f-#{&lKrn+zNgfY0!8$?*EaV&77TUhRynvmd$Kfw<`H}Xm!Q@va2*)iXDh{ z*@%X};Jtmf;e4NKwl(!clHJLMGe)NN)cT5&^!Nj{6vgbeO@^6?F;qaHdeNh3xl51= zm_>r~y-E{8>j5V1e&eddH#f=9Pb2&07e0SfaP@>h{9h5qDHB#}--vrjn4?|NdHb6w zJKJJFr%7Pv(v41&fKR~TG>e_pl@L9TG@qSQynJ_DpGOI=QDYTwz{dExp1T%1Uya-OAa#GvyPl`2pXa1!z}z5317Un3C%1K^oj}Vx*{2vMXoZ=T|f>x>Rq_me-(+-X`(zGd;u~ zX^!#_!y7Gmn^(v8U+>xs3wkfuwH*J*k;e4tMH!}HqWVAYWMY-B{ZlyuUM-aXz$vpw5ki>Q6 z9iCE!7OYRmt8Mn)JVXRqYcZzFv5%uFwyx4JXM2J+`Iran~c7xv)SKcyTfd^Ig+#=_#o82{*e5-RW@jLKDT5cWOo?pSZHY`Q6v0K zpOvs&lPLWKS+FKaUfbosNmb0SDap10?>}n_TB5X019z!Wn?lo*BYllF!O>rvcj7-2 ze~{Z!rRn8xs3+^k-5KXhlI6WEC6BJ4F%TEf6nBdG(n8$eNp&fcCnGu?+O}Xd`^eJy zd`8;B9Tx*r`%_uty|>MRQ@+U|xm(TU?|3@TBB@d8UC67gW2uVvndLk`9_((r3%yw@ zo{7A!(JK@CMh5cyDWxpNPo0~ew_@wTQCOG)=j9rh?EqC6NbFp+FO9*8kT4J7wUcBCkKLCp|dU^L|aaamu2j_PFD_U-6#Q9 zPJTdca5$3dvInyf8HX?Qb)~e9EP%_l3not`u>-T`{K|pBfI@ zwAwIreAe=@Gyo2lP2;&q8anTMPrJGEM|QuOa>4%?G)uJHLQ4;D{Bk)TD+a6POPNGB zGnKC&U}moS&1h!dsC<@fL3jSU6a-YfKy3n7+4psh8O}G5v#dVK(i-wF)IP|!{TN8W zHAvpVrsSOz@UE`2`+Rm^xps-YcD1`BkN%CO)7JTbzm9(qVuu00+_4nNIzl-4Vy|); zKRH6-n3f^_AG3$bnM^$eiPGB@8a*@rEE3y*u9EaTj;60n3MS zXsJD=>{zM~4eMJDd!0GBX-)t!v=^RUz1Mo?xA}R7`P9pP;%QjVaG?0OSb=c{+Rcy$$3U%8BaC8C4enz#%1 zAJ;u172DKuIm(2`+Sl$pQ`PBGrEO@KzDn++^de(~=Cai7X@tpDPQ8v0V&_u$)kpQwHVz1%#|qqtQ073)cf+h}NbTDahx?T7o*@QoqRXx+8Bdgq%m zgxJ^Ion3?&+dpKa@d2lYJ8PH^Z8%i3eYI+bF8bchlSv$Wvmom$7ETJ^cgBgB{G2NH zBs*WnoIAE#D2_%dFo!p!Bbn|5Ke%;sVN+a`0J7~uNL8e5qF;5T8zU%Je$$SKD;h}5 zCcwMx#7|jd@Hj7h)Z7MhF8)*VuR*?~{@;>tcy+(pJC4@@ZNnY$6;=AIL4oSv-(5Ig z<=e%jf4KmjZ{{X8rsR*TKNdt;F>pGRl?Q}U1V{s~Hx*cy4pljViFxjdm$Q90rvB3q zV94uh_>eTO;P!j>mc$wFUA7`u4Yaqlg!9a#si)!oI2SGrjTe_rM zx=TPrkVd+sMH&PYlx`6Lr9%XyrBfOaiJ`k;=#UtY`uE&>_50^J&xkz3oU`}YYpr*^ z>s|XGW|}a1vT|8xC#rhYy13yJ#Sae}lJE+1UtP&5R2s$CEPcJjwk%*R>JBR@X$J21}A4k7y*A(pz!rm%iB%M zs@IxLZEatRNy8Gx{VFFYvS6EVzpFsu=cPP$Rl+}gQgxkty;v?<@m=duokP)N2x{l9 z`J_DdURm)!(f`Rzj&q1HPNZcbAS^cadEpT!A&HnTi3)PfJ!2i^Um3coU|E&HR7P6u zQTw*fdhz3jw*7VT5%#+V$w^nTdl5HoR1_!_{X`=mI`s%DDd~YCGj6>e98X z$5QUWC)bb=1#L$DU^M8h^5;#X2ggS*P|Hu-(xPomWI>PkJf_(ing>xw!8gJSEkOReEoE4%uK z&Qf6b=%ES<+GMk7J8ye~%@ehTE0mmuyE+a&{W~^oy)0)1BeLA8+*?8%<9iHWa*`}egl=HFAx6>+3`firJ zCQ8?jj;)uTC+?{Da_!-4dr{|L!H&IA%n9kU?;5GZi`O!#tP%oSgN!tA8r%hQ@Xt$I zuRX_-l@uk~K+=I)p5aS$clrf~{`MoJw`2SmW?pu^8P&~IjqbNGaCIBCox*LRcyOyS ztdr>NgWQSoCI_&|O|Tq_W`Vn|v#n4{Z5Nol;sW#r9IaugPxtPqs+}*m3XL}~{l60m z=U6UdqP0T-F`g{%RbGjGv@Q0#itOG$1!9#%rD7fla!hk3oED@ zo$$n_Qp*h1_9{;>3nL1Kx@lVinI z)U}T4bJMGkkQ7K>{$J1kCDL6iPy-I$;^tQeN90Eb46$AiwZm52q%Y96u zyk!ji>l~jwvRsb;ZdCyVcqUc!kKz*)KL=PE3c@pridK(6^sc&YPmiM38HE^eW7ODW zo7^QNfRTREC`7^BQ|}ZTmn-ZZeEYAr88hPl_{K)Ac71kcJ>a!5pMrwh4{J9FikxJM zc}Yo`p+HAYSOeSgn3x=nUQ-OM9Ru?ZGZ@U*fdVYb!`#J;;r6ywV_uUB7_R}KaG@F7*Px)R+H1Rij&Av4X%h8G^9_FDW@wE&L7og5%_8KRpdP7 zT7iM>Vov3==Gz`CR^mu-|44`cRrtGQjaLuKiAIGV>@&(#qj48eCbCtRMb_1tOzh0Pg=|@fm>Dt@_$(wt1 z1F3{Hz=^!X1u8EUMtQ}yTXXSBMjN7%4}DSBze$B%Z3XW8q8@XHhS@$?Ipz-dcTrS_ zXp2P`*wI2Q)>YsbIr5{3MsIzLcBYEmX@N_4>-v_e!l>4F1r$u<5Z8}I_TA5%-07&o zv-N+A5va>B#L=0uw%p?jt{x+W0t&0{u;;qATH-|4@(J*xR~ZD$BenyL`sV|+P04tS zIybaHBV%YRRh!lTO`+TUQ8)tKc`a8DHZRP(e05LycaoS6m~wY8?0@VlTaZt1N1mI- zy+=TB!r_%vyapb`y7EprRJ1uZ>0|hEJb)UomfLwbkwH)kJR zvs#lVT;D?*J1gD(kB19H3f(4nWwhA>#$mM&>d=tdhr?`ID(aTC{{X(tO8@n z8A)M64GfyCh7c4F3jkPKN3vd(Ik?@a6L?Dg0^&0{lrswy=&hO!@6K@!%-nFOoYR^S znQ%)IIr}o3)jTohqbxMwfw}tqUZ+nzzxG)~+}z*Sqbc$dy;mD5>3y(b2epL5V{>f0 z5MN^t`UmepsCQlpE*)>6VlW8(V_zD5j~<=l zN8Wb0U2;Fkd@?<4+C^wE(oZVZ-Im-n;TECYaTg{bY%G5NII_lfcS<+j4a_%k>YM3; zg3I-(#EMBZ3(!aV z-ab0TPpJ))(>;Y0^lT`P#GXCse_HjS^BCi<<}IkjLTGV8^4yFsCDDVk&L}2rIyi>S zT(zK~zOw`s>9sLJ@UerpjIjuyqWp((VYZTg0p_SSD^;*GJ{r=&Wa(Qc{j{GfvfiGV z3#JstK!G*}d4Fy25>KIjC#H~T8yF^pT}0F|@w@PRy_Ml@Y8gnqQ!?d&`+$iM{Pn_} zj5pfs@`!370Z#sR0>FwL{RnYzr;B)pEri;fDgYVKvhz^^tdbFXoxV*|2f}bP;J<-) z3oDA{3!0}47@!PNEF=}5`hAY>d=ThBPE8Z2TPSN7N)#GP^QMmv z@nIKcj`uG7y?2y?MEHFAPN&jKRG=gj@ms;irIi%0%mBZRq%{im_4ez5qXb-SwVjuP zeWAR>zX=Dp?HyaVPXsD3gjdJt)`}T8pMK90t@)-^cLl!FZw}hV<=DpEO07!BXz*P* z!PG#6VZ6nB{c?3n%(Pglbl*#jKaTxUm`zF@a;~b8DIESeu{VSR}`V%5$_xuHLqc65Bt3)u4HJ#aWdavb5*a>%|$!BhqI8D z(G&|?iz85;RA&#MmEyO&Q9U!i#J)k+$Nyk>@;U!Mh}3c ze_ledSFa8Cqts;?;ugRvupj$a@j+E6GS&$fOnC(20o`kbtk0QjKO(=>;LG~ZIP(wEoKcc!&BCugIV{SS{)Wk-fh&u&948B)LLXkNLW)Q5mi zbbG_|_WE8J6{`gzKlCQe?|IXe(A?SN}qbR7ZQFmE$)6hOT0iLgYb(QXYCBps6 z`Pmrat6#~o`h^}75gV11E2g@nujAa*#T=w2asCK8y#86_W&WH(!xX(`?I#U;MFQ%% zCszYw`dCu*nc9Exj8cw0txMZZz)mZ$$q6`PRuZi3=_XVF+Q@4KZ$PZsVHQI4F_cUU z$?Cw&zzxWHTiUlO0KBMtMy>CIX_Z_}0g>&nt|btlK^}=6tte?p2~5A=lT3<+Dnzxq zj{8=kQf-7OD(ekprg(CiV>9m&)F!ptp|c_Ap*UhY+jI{1l$kY=ldTvkIcPg7;&&83 zxG5l~WVWYs`Vyt_a2PQ-kKjx9Kd2LpjSI``Xc@GwX`3^XWk^ph@9X7hiU4+W1HXQM zSF{$d8a+#E+hR|rR!L%gkFw=9i`wFIQ;}v{vM0ImENbEA`U550N88P}p@j_Gh4$Ne zZ^Kv)mU@Oou4aZsoSpZIE;$@3CW}R!ZTC`3!3kQl1~6q43UhS)c2}L`^%{r_(tNs> z56i`i)+a}AE_f;#omFuRzi%6cnGZzCcwRU84vtN-OLe>1_%4FT`P~cU$ZvsakYk{aP&Q%XJ`P6t~}sR=Zc&EG~W`K(e^od0X$`*TYh7gXJEg zy#0}T-PRtNiOA&#??37HmV7x}BVBt8g37_z*7N0=NfU{S1Pu74=-H#rfhkl|5q`Lk zg0^JJ77yAV>Z7q4a;=kqGF_s_`BT*aagt0)`BwEazB&`ghrkbS`<`wYQxFsrX%-NR zrICt7qf@{CU8*ggUi#kOTU62Clh*g~J3 z@6870Wn6AXaewR1@J8eDN9d$-L~r{Y9@oIPC)h)+V_)t(^j^ryS-M<>HkN`5Em(!e zU(mcdl1&AZA?>&7-v->(&xfT;9f#dX+Se(i-?*eg>)P_Wmtq$>$<*2E>|T+FFas!41h#k*e2 z5;ZkVQ$tOe#foMQUuLoP+I+d2#przy?0+Ai5rC7dgBrrUT@^FM$FG1HyIk)z9kGK& zDq86w(y7+t`Z58bqtX#?VJ0#!Duoy%XuO!!TckNysM`DXn!2F@j(yRewiDdv)HyuR zKP!0FLKYK7o&4=Zsn;BC+b_gXdf@rmw$a_}&A-S~P|Kuu&`O}i{)u!>1TmH)Io^bB9H02v632}H3EAC9s|C$SS;JqPR3Z?wy01*kGdx-$nl3W4`XRc6C_<9eR7 z`^+i#r7}#1`0f(Y3#Qi5Y1JVf<41RagI7erpf9h28{mV}-{I03hvj+ck|Ev_uOHGH zwHuaxi^gbnw(7@Ua|0_4um^Nbh<3d>h|V3Q-z&Xc2~W0gc;N^{{LMOq4}3?F;~|)U zfTKDds*i5Iz#|gzP<4mfs520#FQsLqkpzAQ!LjCQ84d;Ux;48b0r!P1RqEg6X7CV+ zS5kd&Up+VL&nzx(4+krST`fb5u?SAC9^s)IW0c16vvB76r$RiGsf9+3*P7F`)jdt>4@X>QZ*UxOFUXprjS~<;1B?GNt8ZGT_i*cC%(63 z{ND@{M6%#xhM+*6(?d$}Aj4?`^gYtA&04?io#dRGA6ajiIA!9WfgTboz^*aq% zi6bo5lX|S<9@xC?S$oUopVpJ;1b^GRN-DkZZU*<}-FMTkv(RKTZp_5d$rZvf%UeS} zD`NB``b}=TFdA~|i=M0`xoiYFKtVFrCC*OGF{M8scsWaRV99l2dL<<*QMsbp4ZGd1&6t96~PNDJz;BZgBFUuY;#~gpFCRbCLiE!ocMXDrA5cTT8C)PxZj)=yx0@&-%=;B3*edp-{ z<6`~^j<|*7YtgvA&ZjZm!Bz0JT~&@)T#qVoGMqqYp(U%yIo7-5ttWV_OPf^}0z<>q^pyMQ~h`kHVvl`!0DjhaL@tH)Lb z1n5UNG08Xcw}ShcE6Y?1iC&q^v|AoZ2_?B^Rt^d!cy4cY89to)<;fN9P53;q>pi!U z|9p4vT%L)^s|}rUhceY19mbE!S>K+^VE2FH^$)N92v3*LeSq;v)LBM3J#FHR*ck9Fl0yf z8E$e$-6e#AxTQa;hJYle$BsvA+IXp2sPGPR4$7i(<;b%M0deg@U_}eZ80P%zajYKL zbGR7s4-FnZW{8u?81@CgXgmSVT1zL{_9v5BR*I&6v0B(_j+EYMK%uK*Bt;!+3 zXJv`9xXpDOQe{dsjV+uF2cgDl^4zY{;hWT=3K9=mnAKj-Ns0g~v~gFA!S&tWRUcTI znVdVrd#5KjNh7uT`joAlfW&&KL z#bb;G1cpWcFU*aP|0A|RG=)Jix=$LZK{Psu#|C{vVgvT~!LUIo)1EJ4_4aES5^J zx|=1ADRGu+6u`brK2@&l`kS69dqYg$R zonHlk7@1GHkBbu`$x66u*Npw=1ISM}pBlHRVBqd{f-uBYB3PrJuf3Zu?q_u%c={u2 zc)bh*1dCRWTW~DJ-hrp?6Zb4TR*e7@2J!5xIE!BI9!?me$)0HC^SPZ}BRD8kldg8o z6-J`lMK+)OOUF>(Izc%-OkAB>Q;A_c}Z>*Mk?2_HrfJ zKO?MK%&zG+-Muai(iOvxVc-ISB zrz=h8=0cPxkd_JU`yW#!(#ll{VJt42D;rO;-py0CfNSocTR#BdGkcj<`al4p7ZCIK zbreOAunOeez}ok#fVDrQ5jH3(`1TyiQ&0Qo;Rvue*~5XpJscTdCFta+!j#0p*Cl4^ z$9XKSFUSwdEysV>vx^^s9PSC9bHkxXAu@jq;Qf5m|Ck#fnWLKipOj;g`-2*_Q^6GK z{##MxQ#w8f8=C`HQ2{Pe8!s!*>KoASQoIOh#?|s_Xdemn;2_^QN`)hRXMrXiu&jd# ztg+10-n@s4u62o*h}|b;%kRVN1D7BCTL91h0w^sgtM@Vcs*O%~*q2u8Dl$1@ z*UBuqOPs*%jwDl0S2PUO+Deq5gMEb-z0->Zx)7Q-hl~SkXW!4xo9?7OKU|Rf@G= zz&knr?!32ue&ckJwFqAyt&6fxIOzs^FE8#7sWi*FcF$9CbknTwz zT(}%O<$%>62l9(efGDg{^gcZwlY(2WUy{z z9g@C(hTCI>^==3grp?YZM;p!DF%2jp#XuTxpa7)5nD27w9{D^=@YSW4C+ z`YHl_A6%@NL)lXC_BFwTr|I4ud?Gi}F$CNb zOS*K-z4@0qMWsfTt6M^*wi9EE9k=t++Z{?9U;mqXT6@UR07f8I^5A=_d3v8YNHboM z*fgJ`G7%M!WLSbs)p@&zN3V%!P#25kndjC!aqaN@dM3~ep})s47Wn^ap@>lswUMvv zXghCrY@o||%t~B)J%|Eq)F%m$hxGTe`Ox0bgPJp%{Gw=$20MwfkT7WDYPAvwbD)}I z`>4{ohX=9}iM_KoS(w}=8>olKNXU=&XZnw1dk5kaa`RA=A=>BU4)ZSlHMi z@mQLX#aot;1hKv-Skb6Nw`-dBNs8R*<hr=Xa!0rmDs^@<-~*`1lafSBfD*$F~;|R{1}u?2Itm{cv(3?A*Z7ca4i9y z79nclUaWw}GOu~Ec!rz8wP>9?YB$E@&K9a%HCW;6Aq%&+AKnxY+;bNP6h$L- z?8B^4J6(^cT#0X^>6W7XO)Tz$_LZBDNXQAF3H*g!?C%PQ!E^&omVXQhyN-F{dl>Ms z>G81`!Fzm9zqb*6QoDsvt34kW4D#0>Ra>nEdFtZ9FJ-gdGN$yI+fRi)qdp9MJ>4K? zHt4WukjWUAZ(vU%G}LuuU0~>0wd@vd>+u&3=me>NLFsc+fwGK1lD-6Y3>6NVJS(wv z3DqZ9z71M%LRyeow9h1b*iNv_;OB?r6Z0v!DX)Nbq0Tn%r{ph2mXF2N$2p!!u5!ym zrveSw;hPbE;njU!&Y%#04h?X4&_fERliNS+ zg^<^+z;Mfy4zpoY^VkiaYh`t>87qT_E+j;#p=xbe+HP6ItC|c#@~z3mNy-Wj+y7Li zbc-Le(vfqP+I;5*6+{RrOWHYXhvR{rr^65rbKhwy+r9yoZ<1H|7^+TDkFD@4y!yYAJW06~Im$R~!1$ID$d~q#RPL5d7nK=ufq^|{C()7IJHA3uReJ%O83{<6Zm^bM zPEawcN?yE^5%jIn)1qoX{rGSrC$!9R{P*sZFQ84DhGa@m z0%r3Rw*J;f4XPgNuk(-OkAlhj2gE&Fb$vn4%IQI(%bybEJW&iT0+bhZq`kz_WWfb0 zaus=b!_Rt?DYgOA%MjlKY7H%uGy2B{`BIL!TlKUX-U|yRR3f!Cb594wDhXb_3a=*o zQ+%$pZ+%;qPLC?jFr^~5$l54nj%Fv8MzA+-JK{W1R5s1Yn_`dfb@_SkbxL6SW7d^g z-vKr3=-RkGYl7%b^T7eC7xw%VW`kS!(VYaCA&JBkYp$ZTlJQ7gU14F4u6iJ#p~r6h zJsUe9p5kn=A+t4GO@^tJp^w;r3Ik=Kpf-YoR|VP;plt2ga1%F$gfRS*wV*;a-{}Pk z5HmnBLMegT?62jrzz?7#kxD{w1DRR@R!pey=A#-GH`Ai+$T{1JPc@`N4eB2ARWZ>t=@D;m#0c&;Cy~mu_xQ`*XZtIX%WvUg3`mC7ip;Rm&RzZQf&WHvOY1`Y2K9=Bg zDR=&Ny2o|`1)~;kR0@jR1QirU1w~goJKpPE1fW5-g7yob3N(^B9Lmrv&>wpNis@ivV1(utKOzB_+kh0}3Gw}% zTMIA`t!2*ivyMy1$))-_NyVJkge=l>rsMBDw|8$buV^!`87mk2sn4R3tBC?5f0Ok+ zO07kPH444q*(iK!do~2*IN%o5siJ(DBr*;U)8)$Gx&c)hJWAuBH=z1ExN{62h0RuoG^fxcVu3kVBl=E6`eskYF@0#%s<)$;C3q(gK@QT^~k<-8$Y z@}n?COH4F5om)7VV}f`L&)U9 zY}>JvvX{t*T%Y5@TToGnPI13C;v& zR!4l?dRIt*;%MItYf`&>E*Brh{C1x}c$Sv>Dy5Uq$RL8KMdNyz&V8#6cuGlX%%MUTv=xbN}zB+p5n zls?%keedbMnP>Uqw`OxbYSYv?qPPZE_LC66tlvFY>zqap38_Tk{Zq0f0caL=3|(`Vozs6G1*)XL0WyKXnUS)Umg00(MO4UKq(Cu8k(J6=6VhKhzR3$5p#^_- zZk-Ekhob=}a1k?kG-mYuHz)EVu@6z`L5vzfpNGn7T>JPKzNCBe-j+EHpw4q0R4lu? zzVQ!!0CHS5!e|s|h5rsGvsPLmJ%fS1P)a)(HIOj@iOJF>dJ}HnBRPH6c&AkEd&P=4 zb*dpoQg{h+;R7@Nn67n>J?D6_F`yO%ViOme0BA!8ItZLVwHmv6>|U^3!6kgk7FD>s zL+-d$)BZk8C`LgfQdDJVSlhaLw42sUO3;{#{e4( ztPOX?#(67&%-lMHzG%uC%Mw7QhNA%|*n1^816=QV3;vDP!FLFkiK1RE7kOLfiG_Uw zpqj%^SGxzK0ADbp@*t?er#@@k4k#{QL;ss~0(tou126^lpc)B?TIKhOY^VXF7IJP{ zs1(#EV!FE2(_%&(b2TvYZX`BnsT_z!Zzwi+`b^o^>v%zLF9QRLnhk54$_^R(l<%ga zP)Tr;MQcf46I5b8<6JBfPx<@_#IUabkd<5JHI|SPzdPZIqKd{?TZF} z)}zSr68P6adjU|A+4s3aaigWx_hhlXcl_-D89uo>Jwd;$jfPA?oGf$FNP`4}LHDmS z2L2uihG9Fa;hRu^VsRJC$zFlmQ-$8Yku$M)<|%7}in$Pg)!E0ba6C|Ub?y58D846P zEb;Rr*pphLkB+2^&S)_&ZnUm3V*v3v-|Dd?qF<2PiJE`i11WSSr?}HT7)Dv(t!5Of zTJlb=AW`5m+}L+{zpWhuxMjA?(ZF_4PEI$Zj zJ*z6$W!R&cYZT0|JfkIVN|Z?1bFxpGY*@i%h!H^Qz{@8Z4e&*xM>9wPjJQK% zF+vy1o(RouaVPbFx;{8ILHV8lmONp!xAN}{XuGvOCWq(}l+CL4<=6>|(*VuMHvs11 zA59eWQ5DPPA(4S$G7xNS8kxV0QdeUn442CS4+Ua?k<-PsSP9UPV=)rP{A?&~cM6=f zexku!-BgI$L~9}oViITy==U6t$Up^Jt5Mp&Q6bS;pZt+M?>hZtcFuK}?M{ODZKCi` z-WfoYSKM#CUYQJTxaoc9l6GFMTwfuy_Z9^Fbl835uyY4_BP_~A;CtH%MV9)X$F~M& z)>}H>lYtfsP#VkBecrc_2qfqCkf`jRS1(}%CN;-4KT~$q0$vdB(#g;DL<=wdz!3!fM}`=cU@8*a%N(VVd4Vk>RJ+f(FAx+B%877N>1ToX`}8nIv@+a(m~!} z@5aAHbK7O0G+Xisu_gjT`;rE#H7Tg_wSGGxx68s|2z%E^A9_4*KjqM+8)!RC`k8JxnZ~^B|5lv4R z39=FHW>kV_cmBz{QGi8KMAy%);ull=T>@X73x?ks199gwfTBW_BtfGE(A=>Ak#3u{ z;CS8FWA(gYphd{k=ZsiZMlr`RNUFFqEjE?t2l}{-HXj?!g~}&WQiB`8$dett<5D1L`S2DeOkUz?fY!w)qeClC)^-spD=WrMy_5-oA z`{YDwD-M)Rj;~_l2FR>uc(j!1^;Fg-Bg3k*9lr#~HDk)0mbL1;5?;w*g8KVe7TMI> zzpnn>d!_gr0X;~CX{FdlRZ^htT&fR-fM975HinfWYuf!oh&e|#R#_m#mNVwk*GsnH z4d07L(YPR$K#IM`t79m%>#mMxYr_j74r;=iq;;$-7;MOe0>7R-G$un&qw3*WjjBHiD?X^NC5JF$W3+%9Cz2B6AhQ#!M zL?q3KEf^eKbfJo+GPdl|s{Enl2M>rN?r+yR7&bj*GT{Ha)R|UcudRuYh~@`U1z0Qj zp=5o<-p*d8p|@`J#uxhvkVzSG6^ey)IubrVzmTmpNYOJK3vpRq%LJBYOp$-w=%}L5 zn>V5i8_berNWO2z8GI1VCgP|Y!=8&1NSgo*0KBsAlVIHhw-lm!q@uua545a+W(*6n z{PB%4Ah`w#*~r(6Viq;GT9-eK>s48H5E+qB4q5~B}6o?`x^))>~aq?JZz#MxK zoA22aPI*PTZPT(i-M>mwE_S2x^sLG6YVr&QV*YeN1T{+Ay66F(dbg*H)xNJb3RLNW zUHCS<>dbUPuFuaF)p3s^7&a7VOVw%NGPm=T|4tOTBxL6Lqv4BN zLu%iWSS^TbU=j+&Ot?BMT%Z6=u0VtCD=daD+*NAKb1{jEmqf)jf7hhO5*o@-R2c? z#U*MsXC>)Q-&grT!sMd8;iLJAi`d?T8Px6LIX=B*V}b&{Gko(6A47fR7xJ&eC)G9? z#{%1hgOw{#1IqHRvot_$C=%iEPrG4ZjLtL3e{qsZ0@j%kZUBCipr9C#^MPmF;)g4A zIld^y`K&`MCxhiPRP-Xr8nQnVQitX9i_LeeSAAkQldZqIUyyS0m z3sLBTLI`EBvD)K;d5j#YlE0vZJmt2zw=Kj0nXB5p06R)O-u+|)T17@9{bWb2QonHohgFv>!uX7uPY9L{&>&C>kGVYeY}3F3TRLi+>hwMW}cF+r?o5 z2LjOxkO8O-UNbkVRCM5*)!a>L>zJ{fM1xzwc)kiba$XP55Z>$wib4(5S!qVx-Oa|5 zPyhfrX5N?Xlt8f@7vS(mKixRAfej9bv-XOF;29TykDy_VF+mL#zb(I{U+BZ5E-^jD z)j{5m$`Lh(!8ZtdR-*9y0lOfw?J$k=WqhlwB9GEO0gLpWzb^8^DgRu!K&fjIeG9Ph z8(6_N01jRRQdk5K9cL9*;P5{=9&5=-7~TrbEW?yxZjiL%1ll*4d8lrVBEv^e9xr(K z64cV_QZpQj1 zQtx+1DJA9hC^zz=#|Zx4Jmev7;Il^`Rnbx9b3Ua0iuj)$z$}hPvKC`@rppTReDBXL z0rCAm)nQ^S6aPN>c5QZ?Dg&KiH+%p_FaE~E)Y^1<*w`8#8XvDfgtr6=1X?dA#x~xx zTNk@Mtt4+U!FbAwU7&rV%HD%M74Y|f_n;$}LsB0mm%ZVjg9TJOZh7cP zV}Ng0bl&&{Hvjj^HOtL`{@WK|Txk8+L3$_n4@ilVd^wQv5Qw= ziS(NjfQjI)vgdw{(Sd1JRaIveSLL#Ie>G4AfC=#EysO9UfIdrD)>X+J!VGEuzWVEQ z|Az;%jf7Hpbz%!BcDhxBLQAhZO;Mn$fjvJ;jFb7MH8`C8zmz!JlJcghDWB&QiF zVpO0&j{rTiV9HWnFOojxOUdLZHok)yWbcaGWD@FovIBY$^!QT~|C>qh(=)CE1;V7#*_MtK0jR}x(DHgN%~>>M%jnLiifcHT7nd~= zwD^)ft$*ZGV%?ke@Q5mb@G#p;cK=$Ygn~X_v|{SNxB4L<`gpJ@aU8xSq7xKz`O}5< zjyutjM?eq-wGgs{?I*Kk8b^)+aNgh{K0FJ4d!b9Lo52Dij!=NA&}~yX{fhcsY~1HZ zcxJX%Mb_|XPM{Y2PcyIF5s%c&SJM?&6H|QF^e73^jr?oGoPbRZNDEO&nFZ1vAW2j# z*GGc@Mg+axg~;wN0LuV4%O7E1`Sk*7`&||JQl!I5Kqf~6AW(X$m@zBkc78B*@`#ye zj+eCbr0SscAX=X@rm4Z#-m^b?9Z2wuwwwN`f%*JImeqEhkjmLI(V|1zZ;34(WjwS}(h0^$M`s_=d7;m+LVmm0EzMiN2;6?dOm=5jD-tiJr zO}Fh3i+2C+iELW9{+Z3v!;{U zBazCRZye`%MLYjHHUp67IDJkP7G}1@pcPchMB2dqqNbzsA<#(udMY3&w4_dRAptG; zUtW-bWztViN;EfqTF@3zw?zB?P6ZMeZ0=FHLz=idt2Oe!6FuuMM_U6#XZ90SQzVF@<6hIfanOHZYW| z$E@~GzA6K8^ZYIisJ+5w*7e=bLF5H%KNHBAK%S5sl6>sC+ho#sF;uuTj%*G%T?Zv+ zubK%BAOw~L@*Jd~xP6bPO&(E(G4SnlCZhkz9r7D3$a)@-?~B&#OpXSp&w6orOPt?G zi%seKN0cl_W;3w6`y`eY)MAkWWN6`vG1OY}YHjOzWNgM6?Au7$P_$k7c+yy+N^TJ7 zg8-r}t>I?DTR7hkm)Df%dvl??yG|Df|5pUGct5Z9+e-c2aDnTIzFwwPlPk?Q+e^-9 zx^y$D_qz!`ivfWx8xYjgOQ zpMUyL)SBvPMPl=;hXvmxlhEDg7x%w1b$_+|qVUTgo2&Sd!6&Q-<-%{F@EDZOD8pM# z^R#4c;q*{8F8bPe6jY@)DJPa*DFgC5O)hZNv?fQ^8Dq+_UL$5G5qr7 zIjEC_eY+~$v30ViLI^q4P^w?;)G!wvrp{7CmeX$0GHlcAn!T~YuW=YhVCVxU(GahJE6Dl#p$>|AGW{PkY0j;nGs!)Kk0J(JtmFn;<%!>aelwa~i#!cS%bz!z2;2Z%J2E06YHYu--e7iC+C6kyYF-a85aGmo$Bj5H#C>%vu z9HmD3__TIek;e=EvSu+PMcCA(bTOfEe}>~%e+QUU5<@4NX&j{rOP;E}(=GYR!S`a0 ztZdwJX13(d$i&R~QhrIb(oI)+ofl_x$Is7jn>O1mqtE#7NuEv?mM;1ZyrP9qPaU*H z@+@z~N{g-WO-Oc#W1+71{Iw^m5HJvt7CWFsGHyi!7u~i&CS0F!kHuYsPN%#nTPl zT8yTl;A}cm+UQP~&FvRd;xDX!G*FUdd(F>r#A3{zOay9SVOLmFC_nXLxY3eWoN}-l zx|a-F{#lh1sY+yI*AU*AHARi`_3`##_6ylTSu-0a|TD@@Vi7yN2&+85?iZ+zAK zao4i3%0W1WMvTqtquS@f9I|r+&D%ZUc=#;*0N?^t*B!m7=?Ay<9=b_tvy(sz9UE?k zu0NwG$KYr$a%RD-*6yV@pg;{KzLGW<>$d*;RiRxt*eDC3JeQaOBh(@=m*fzi~pKTf{o^SuI#3kqPNIUjb3wG>J@5T2jGwRv$?8!MfGtgHR=66KC&UX_y1&RsH^ zzF$Ywn>lWNUrTbk`rQq^`)Aey6np|ya!eF~?cBjiAEN@i8E!SHMKToLe4Vv;|4x4H zuwBQ}El5T{OoKNYqHBZGz8R1XVoxGE791V4B^`g5J=x@$(O|h1bdCleiVI{}(a0aI z;+A+E&{B4+O_~0}hXu0BFs=UFD_>^V?0k>rbSeo_ZXNBX9*Dh_0xb44P>Gi6a7OZQ z1TpASPt8?GS$Ir z`}QQ-W`~)$>Ph%fBw{wiaCagiqxmR=N;B3In91sh)GRz{EdyrOlAO>d@@kWFXhT3s z)Q3>-xlzivrIYWegI?p+mG53x$+!sy-40*l^_*{4Q=j+Te2pnC#dU^DJ+absr3SYQ z3YE1TM7O{))y2hrcDHk)%!vfG{ppfso;k7gVQyN`qOxac){&c3JVDpoi`QC(qqVON zb@WGv&#Mq|TUT}l|SnGH4mG#qJZ+uo0%Lw=gd!W>~1-qcOj5x=Q# zaL9Aln+B$g4Q3to_4iOonU{Y#hV+XA@DNn*8|u&JQ8Kz?Hx0-PbcNe?-@f@(5@WLM z?E|lD*d-0LWeTxLpJNMsiJoKfDh69oGCPiZZl;QIK=s$z^-8DkemvQH0BeLO0^`$O zYhHCM4&TY1XaMq0FhVBblIO<9A0FAhAx z4bOL{UUr@jx2=>VWtKOi2OL>y z7xj&#t_&eTp|%ZoHG|%0VaJ}j4EOqHDjqS-{`6cWH9)xZk54hl9RkbR1)8x@uAIQZ z!9WJI#&!U8V@MtygOnqFCO$F3(e{H%F4!*v@W*j#c}NjzSwiNN&g*)LBncI#FNEPt zH{{!$6O-0*wq0($35cST`Hl(7t=}<+lz;_A@MFB8FL?OMDtGZIxA9w*JeTGs)R&j2 zw)XjHHNS1x#c76i%T}9uc_|mH+VeJI3lazmORx?_KL+PB+%y|0SWX)Y?EFa|eS1oSr@DysNmC8N zqIay%dttF*rSt{30CiJ8d77K&yF4c=5?70;-6+cDi@bJ zG+si9I7fg#k1_PsQ{pl4J|S`UI#~k0_|YH=UpmV@(=gn516ZTD<-E8aE9aF{yOB}t ztn5Z&^!Axz=?|MC>J^h{3z`AKI^Zc6@T+(`C;McW#}lI9q{Hw(`D4#l;}FPf)mto>)SF5JI}o{Lj)Id`{BSpW;P6SoZVGBBorxM4jNdj~ssmF#tu z0gmI{&f$80Kx~M`CrW+3r<|(=1@+z(8WU!g9bLP#a< z;<-f0iQg=1H}W}W`^RjnRILBZK}?dvliBw~yH?S-*eE~O`)-~isARS_IKI(Ii(MqM z2Wm)vUWVE7FT`~>zuAd>Al?CN1L^p>+%4yR1*f>IEZnM0cT(CaIFw13m-j7r_LHV3 zx&Dhw#$mYCb6?L9H_^Gv1~DHN?Afnh={F1;JeR>tE*+Xqi0!8L0(-2MJTdEksu+(l zP2-Diqh8etKVJUcN+jCtZE;S!1b(u8GAqDrRGl=ne=2;1ul~{!!_P!|?!0r3FE-=2 z^W2G2%lA>5_Q3G87ac|T;&y?MZ7i?_YZFwcLL1TwInAkUAu+hMhbSaTu zDpnr1%ultpW8L39`_)I?P=c$inS5hPNso7ifc92g*VD1z!}NRXOO2I~0@ND_e6Qo-hY?2pjQW|KIC;#99!S=8pqlyTXq6k&G0Jb|G_Kgn)HS^w6Q#`60o=Pz^ zsB}9#KYxsQ9!-=#*pv1tvdh}PhW-`1Dw9&Yz~BV>FH%|!VwaPPn@0_~WL*(Oq(!!0 zLZ3!3R@vI|-@yUm6)?-rI;zj240YKPe%wOK9cFtGb)4B9+R7GU5U&BA3R*b&xZo4t zm&xJexM7uCLi;K#_5>{UTte^;{tFa6WMcIThj=KpMGcS96mDh)g!Qr{V!a9Y5#f4t z96S5G>a7)OX%D$-NUE`a($?nseNKuDXFp4!03YCt-sJp@NfS?30!{%02j3rzl7_m% z*-sxGzIPI*)-$I6@TI^l>)8FAM4azXa;)lcf3!Qp*hmBOB@JNXvjBnut2>&KLXGqa zucEPaOl9?(T1J$)qu%M>S>x+wryMUAZF9to0<_g80a~eahZl6 zv?rN>`_ToEyL!Fb{^cbohC5MsG^999ym@&p-Evm#Sv$MS;mOlnah^2%g@^X<;&=46 zl3+vJA>`r)RqH&%f%dI-r|{GjL|Zsfe`KdSWLEQC+!paPH|lKEOo*3}B&x2)}RX=6M04 zecJVYW22T!rLLLEva8*hGoBCM`a$a!C8d-@6$Sax?>n&^v&U0gwFe8;WgJ=1}T+1F3TQB4$gj2KA*TT+z$u* z{r=A0c8k~b25ooKHJI&fpPgg7(ImW!-Z;RFf){v{x;NEErGQvW+5?41C5E_;jWHp# z5YUt6A*f@UU&!sOQ~8)22OX54uzmc%`VUjc8R}Mc{}BtghRk8RtnrP^Vf(Cc2iV>T z!$+0u5p#I}$OV!&_LNdNxcYETSJrzDO0}V+nmeRqPs%(;BO1pA$rMA)i}R*SCJ2P$ zY?+ubRAXFDCQ&q%MSS3?l|1`)z?n!~&v1Y}o}L@=Ie%*Vs1^!WFundrPEGDKSubjn zVI@G(9*4@}e7fM$k$oU4&djC8GLYK4p(30T1)OV(t|oS%iEyE?$VXM?pmy_rl2KFt z3yqmqTkzGb7%IsSki4f-t-QQEP_l84DwVz>Pd}~rCIgo0OVca%tF@GAm-fW1)vZ}4 zVH58SCD){dmx!4(BD3T^Ye(NxdcVENJ!C36aiZiO_52!<=O%{h)pR0e;(f4sXHd@P^_>Gv%Pq~bg=xV}LBU|pE>3z^ake3`A`1Zk# z+_#TQhh+;oO8Rr(K8#` zE;U)jWFWkM`jC|wwDuE}Jm>Y^R{$uQ5R&iBAD4Q%XZ#j9nozeNc<>5U@GxBD2baQr zz~FKx)?kBQXVYO;(nrqTu^fAKSzru1lpN$GtVAe5Rtu^&()61)@xlj5$R1EzkKbO-f^e*TPb@xEY6vU%Hi_vn-4 zpD-q^9#Kg^?mAyzu)jOQwvw3sOwiCF_}C!OTn#lyB2)}$;al1|SC6;H3j*4N4|UjJ z{3hhM2`{C9It*-CkPCQm^+a01fR|M4jTeqZes<+;VZkWsSsI$(!-wRdZDvD*zeW-` z0uce)58x`KH6%b$sy!HHfxHK2sz#kViX*?(qn@Nvw%Zo%J9K?6cw@dxiu{$etx6}h zR=3h}R#3lc!8NX`z`S)Gv^{5YpaX7BdSO0GF}`%2V|%kKh$fg@ZRm)pWQOo=5fGBiD4H5Jr=0i%P+!p_3A=Rue6ddw{-b1hGx@#LS0QJY zIgxAYa=+i}=SY3F%9@(v$4Vkv7 zBLV=xe|k4)WHY7?;mJ{h&yDT~zZBS~DOYRGcW-n}v>jt-e9nNa#--PuBfrDm?TyV` zqMEit_#ecK0HQbm~F!5`{pKsj7>0~LJt$|~E zd1u~1Pl_@ja~njP&w%b;WxV!o6~NIX*mzjjsq{K-`e_mlc3I0($J_Dr4rqn-5)+wM z5?GRz9j=(jy5);E)TWGcULN}azE6oda=F%5Ml`D|gJiQ3stj$Wsu7xl>Z#f`9V2#V zlP>JO@{`<+p#S*_Sd41MhlCXDsL{Z3rr4a*%QVTcOrhi@7kM~}j3k}bJmgHok+h`P zhGx7Vgw(TrXuyCcz01NELWCWvr)cnGQ3|I4ls4ACvFr7C-M#zgAXzPaZ zj6N?O>CcJqRAh|JDYRSk^g#Qe6s2$I#gep|g;HSo3ve8jBB#90d*{zU=MdK!_;a*o z==(P^sZ1!<&+WtIo!rW#y=tpSVP5*t_=p64l1A5gE7!N<*5xS{iMA43podVXZ7Kq- zHTX6^!rsQqffjD)d+j}Nrj_~(BDe~97ii5Q14w(<m!U}0lxv&UwLVVCa&wyJeIo*^dIiQ#_xI}edH9CB)^hhBftF%(SD*yE zM>)9;EoPj}+ZcMcDUqx4BmaCrl_WsxuilmQpCigS0H)ggQc3ij*|9p(uU{WuEYY7f z#FO_n?MbY}NwRgA@=xq<)N+DKM1J8y1td4aIkHEv!D7W(e*U2i6-X^F#oD=G>aM^)8duebin zPWdPjZ23hnp(Upiyi^`)Er+gPF{@{;Yrz8Y8TC(rm*v3y$_)!=zy7webZ~zwH~jtA zD^lE`p|KG(h?%+d^LyEG%(9qDgzeonl_w}cL3W@KhcuhoTsry!sqx)cg6<@Ht2I+c zP(?nbHts#`wdl+zs}XvD>IX*_v#lgF9>}Eh*aH?7Nn7;L7iAn|Ft{vd ze4pw^yu&Wo#nl%<+XwI#TA*UdDRfQ;{0*eUWxlfu9WjA?OYyZTM|S66HlSx|32_Z~ z^N8JEZZ)ToWDleSm(>&IYZeJs9*j3#<3ki-hVKT-t1p@EwqV&^&4ttIny{0X*uT0D z`w3Mb-?|X=c16pI_>mjt5+-G^L4{#TVa($;V-7kFgQ(oyU9Kj}-myP6xuU`OCBdsnIPbU)Z-RO&|)wOLsDA~&T=FwDHXUdL4k2442yUfwg_veiL zo0-P;kI(JSo9!er?P@9yBV7JL$F^cO6cky`D&wj>shzHo0a$h6a-Gi=c6nVhyRlyNZGbydspNuZ=f%U7SBM%@lWiARlpA}S!DALJ z+-}~6BUo&WVbqN$obOuqAzBusFmc5g~Xps+zLo)A!N2r#Qf2GT9@`a|3DPk;nli8q)k2$5yxVfA}`N&;33F zT$~SPb{e?p=?~Gtr8|blzi#hi;~WP!Vf@>dey(xk57&6bR^vWM+*SDB8pr` z@_ip$MPXfC&G5^qJVZ5#IIO@n@P-3dm%VeF$y36Rq8^9_{nHXTIG7j^?h&0@o5qyOVBIto|E81He%y|xGuVOHPVy7c^5gZ z&iRyo&zN2<9w?ObWXSBi>4QYz+To?$l4HK7_v{vN41dSGljH>nNS}RxfpP7tuhqCI zU8vTkriEPBK$_(|?T3@!M^78%|471+V<$e;ClDk?5h>usWi~q*%IYX4)PdEJR3SNFnz{J z2IMG$7Lgz^fJll5I?4srI{DL?usEbg$+yt}EeB%`I2ty#Hlqi9+>hxS4SiC;uZ@j^ zvPex1lEO)IRruH4vy?x4GGGb`4Ou85X)}Tn=M2a9M&N{Z7$`oU;-f=!_-?3_u9)_9 zB1Dk^yO`~rBR^6FjC;G2Qh_F3LZSEpL{a@UO0xBhiv$Rwq&ox=!R03&BYF#F!|f6O zgI93Q&oYmrWatqfYWX$IWB4q(rUMn3^Fj=%^R>oYDtT7{tdD_@b$)gU1DWm6}| z7ltoX8Hp_N7?13+L4mFXuEErw7EqLefHlPb;o=NqW>VbVY`&D39QKG*i@@=9Q177@ zGv}Lcv9#dBv9ehUhbVV%`Z1u&b+wEnUz8HjwM#OvekV?Ay()$EX}~q&ss`#mEzuCZ zVF4$`!s+j0VsaktQL#)l1V!eF>nN~ALy3IK{*BFKF`R^dHHpTM&H8@#i;DzDq&x@H z3jrt@PW4_wI7*S3`OziPf&2Br`4wNLG!RPc(9sQVz?W!9apYVm3V;PEmZ>S(t@4ur zHkvp(a?rg934NaaYf^QPj~P^(z~`d{&Z0k|Gvx&+(qiIZ-4lGMDFyw^UXpLBY8kbt zKKMyoosmUH7}3l{Kqv){@NGcwGE~GhFP8Lo%Zq#hJz(|3B#tN{Q1KoS+$q+SZvL17 zU>z$%AAwkFZOrD3`Z<3z0wjiS2Q*NUzDzK3pi+~O)`#3QD-JjTJvK;6%ffxo$)PK1 z>cR#_wiB`;a1D`$2w{IwJk1vz|5ghn_2r(|ASX~F2JdgN$pw01M;Imx7{x(FfVa-O z?iQpTe9xd@N_>E+0U!Rj%W!gebu`HReCpmCegeWND>{?{+e7p~8c>>s%uIfL*LRB- z2j+($e=P53U%^wOiISjaA+9B)fn@|lrLtX2J(Yt3DaHR*<@KZ&fU*Q8_v@_R9|4*8 za;CrZ%5lY5k-3XKoUTPt0~ae3t})=`tcf8@$rCdrmj*Y(R9S2#!IWM&y+B}4)YU|R zuqVC(Yz{uQq{+z_a2(tP3{(>2jOFna@Q46}1t=96xZ43Hxg9;PI%wf1C9( zYr|8(A7y|sy_CNWE)I*yW{q6-2nYxq*$V@TPC$586`m7H0!zdf>4vDs6dwpZlXM=F zw}GYs0Wxk0L(4a|_Axcq{W0i_c<)|+mWrVN&cQOxP5-OVKlZf@W5x&M#BZ2UiUQ0w zk6f>L?P^tpo9t#8gEU{q01E;8hQG%U?QMMzW5x7>?S!I56-&syFIa)fxe_+>5D6uT z+&0$WpbQ2Y(D?(s6-aX_RHIFn2R;yDPZA@WrU#I;F$=x;pILH3NAAODlQn2})yeI@ZL z1TuE$I)9x9+`Cjx*k|N4kx$G4G1n2c$B2!}7XDB*U*(R!d!rLV!{j61pSANq5;$jo z6cG9_>LpmY?yByHov`*L04?r((2?uMXrLJ1akf)uyVRt}5KvBz=F-bdRJm}egmIPd z7p<|{bgTlTo*fS+zW-e8`WQ#ohGMA;b1wesik6Y^PZQLuXl5irDosbwUx-CHyRor_ z0Lf8dw4D83(@ezja#2PF_s;F(S<`JM;TDgyYK%)d5g$(?)d2N_fTiQrrej3}b| z`kDrnRYI@ytv)MUEUUXyPlX0%G5i#vEd|-2&HMsfGX&FZ4tf7A^1t1OX)1t2Mo!Ql zd%O$q?k=z#I`M1y%&LOZV)5_-$rjI*W8rX3OGjA?d0oadU99CDed_n*AfS8ARe{YJ zl9CaTlb^U3SePfAmdft(IG&z7ijv9jY4)!rACK9e7Wv)_HUVIB6P;LI!xh!TLynYz zR0J0o${y(wEI!91PsX%JM&xfGuwbdf`>^pzMeO5EsOd*pbka9u0R1o(O_h8rX}{P1 z-`h)1(O90@W3VoelxqN8^5|H#qNdPks*3~`#^0l!o|k~!q9VaOJcKsm zFqz+j3dvu2UF(J2J)S~c?S&BHAS2EXb2kVlbwc1mm7`VnWcfMuFT3`c7n#5l2dw)c zG{7_mc!lcC%eTkQ^~!ZPpc@9p+zsl3vIC`V!quzg}44njG1MK52>4@9x_OQQ;98LMkg69wgCu5S|`3T$d<`LvMC?s#y z3mI%B1LIz14ULPuo4fH%@&Y*`WCKUa;D}btzxbq*4$7=KHuF~q$2>rV|6&mKjYD}p zXaN`zzEU+#$*I1h=|3>LD8#-T`i!tTqg6I*#9o89mbO=)O;pltvVJ!!v%3%m=PmAJa+u(tz-|H3 z77=!A%@^=`DxV^=3UafG&@yN6U335RU*&xu$PMx?_BZwilbxZc`$tV#Qx+uT+ix+o zlomm>JDBvPWe+CbC;rTDndA5w9BqxQs{^1gU?tCj(*7ljD>blhA@Kx z5dxIGpaX{`3G+J=!hs)uNKrGq7W7E!Dx_eT(#!ejC8yCm7lT*OZOSUZ&Is({F zVIPQl165JT5t&E?upztUQhM!)x(W)b)FrW#R}TU!fLXf!{~UVdVMb?Ud1H*E*q4av z;^pU_whJXQuf|n$Lld@I_q3P-UP^uJ{3vC}abX`6D5qeP`T&WF8n7W{cl2LIJ@y9) z0Bf>szajO zl91>P@NlM$nPF;U!jt~4ewdNCxHCDytMG^D6J`5`7gs%Ns44^YFP9C5N7kk0jrG$3 zcLDYr*u5wPVJ5xQq<8zNteYVcJ6t03s8Jq3tCvTcw!8^vLqprgwCqr92o?>reh40J z`#40AH%x-&&4&GZGX$>qu#zvY7%E|($L2B0PyRwydYY)5nWx6wiS#wx_kb|#>X*O& z(S<4#xzZvtlb+;p_Po&h6yd5XfL(HIKewzh2aokUqhv+_b9hp6+!ns!F;nPP){yOJ zifo}8Xm`Rvt8V+)PdS*y<`isS=Tr)1c;vw zvBl=@R5|Ax3rcqalk}q6q1Ah@{)`VYjA;nFBj}Ce9>HTllkVxbk>lyTn@7aJR6$ab zafKyKv$5xN*TLO=Jb!>?)UX7w;%NLu$+^ixI}sq?qMk(q=iK`Y^guDpE|7i>pnm{u z)FHK55J2|;KIO#70`6hq809PfOR0_1T0WtlD!aco?mvzmCRMIb!>H?pgzLQd2zzgK zsQ5M({9)G^9okYMB@d$o9vvXI04o9%NP(ZxfOlqGoe3}l@K_YMmuA(%Fipwoy+t6+`b>Rh!29rcM4V_O{OIrs)j0plfS?Lm;q*Pri@t^}}9dQNjE%A+|?-d>7$-5?GXf zRCJ$x&6ru6H1zLeLL6Wx@Y-LMdwM@bGu26@))u-3?*X`lcTFI_noQ;V{n zpA0*ram<7;sXKh);Oz;5m;vSlP5H)dT*p#gOpl-AvewQ9 zDlkmH%beof?|hPx)vcBu{96ne)Jedq!G~uQH$J_mZ~u!WyCUdSftLj&AoMKaVJ~ic z;5xc^wXL4{wL0e=(JClEqUs9N;3pgz7s)=!V@f_UlZ6R`zzG1xkVQY9k(1+~K90^! zl5g|O%X2i)8)Aw?shE^q(GEGLBMvnj+D3u^=%1!CxPSP;Y*TqVri9-S-TnT?F7v3Raz z#qTs_&Kqp&-t>>aQ~64j4uC5lF(*dMguhea$H`LODq{K(I%!{}&q&wQVk~SNnG1J- zvfb+!3YW(Slttj6r6CMStB+~&G1vdwmtqIB4!bG?)%7QAZ1+1A@WoYj@hoy1f%{og z=eD%ELh4lz0`Pp3tJCG>Gp>1E(XwdW;TA^>5Rj5%ueu;6P2&C=?0u)SYO|ZU1p*4P z`9k>7Jj%V*V6|)snuMrZswc3nzi+J_z@2^%!yg*~&))*o!Gh!4M9-Tb1#P54wb#ud zYx3-bQg;h3Bz*CmQ60rXi)d(Yr0Ye-roC#6{?PJW*vxJ7LVZxsq+T*`=EShU{ADq5 z#E<7+y@G20B^as~y09{UVuwC69q=$jYE3{6Hc-*KZc}>$%NYy3U5!#<3=Ry zS;v8kRi586-d*qkun-ew#LnCAU;05un^OWFhnZC!L+Wi`cq)t_lmGXuKNzZrLy3_f z8Z0KGDykU;qdE&cW>5J%iYWg<6QOH@P~@+(cOXJV&2j78F+6s1*9TBl;roC2ZLPzxwwF?XlQZ_>nu&Wv7j~&(P>N-u*pZb{WFutBzM?*i3SU_ zIck`=2DVwYdcy4eK z+a=NVf3RdA4W)xXr2Iu2S;@n@$B~BLD?f#X4O~`>w+$!43e>PbgZyQi&CxNlt_ly( z>t&Mxd9v#Tk$1^a>VKRlW*ArzVNd$^GH7791Lc+JKF_zhn4VS|j9hYqPSONaHdbfn zwrwm3M1_&gB0pbIeVNhLxIAX#RM}MjPH2TbWWoKH#V^U!Xe?|u@atTc<|T+fwF?gV zD&O{rX1jX)*{CWl#fRo?tOdYJ11^0Y0#Ip;so{Lb9XbVHa$%_{ssIPDBqusUrxn26@ z>j=N|^-^dwIU9p#-k84l5R7TU0c->Uf$bSI3<(k@WiDY3 zB_FIQY`652&GLhr0p(fJAxBx}3nEC!lL=FF2nf^#5-7;md2`c2-7kk6V5(zg|Hpq` zE)m!|d=AFf$XUut3l{H>wwJ}F?|qQfRsyh>&rE|E0PgkyDo4lDuDIAZzB>v%8g3it zLC_D{6JOOuYsStFBuf@U0H-QR}_<)x{79Yk{ZjcYIonlns z@4c%PBtVJ@=9HtZ%1?9TAAc1JmR+5}WqLq`fl~}ka4Zk1wJ-|6uJyQtPm4feVS(Q+ z+fVnC%!(vhl>iXj?UKpx1Oout^z>140C*Pjn1kD6Kpw2R zl~yQt&FI@k>&y}#Y=P@_hQJUN2sAl^y=I~sz_FU+tlDQ>(<@J(-16Y|kO#=F8;`n# z*d3spe&V8c3Mxe%r6Ayq&=jTT4QRV}b(ws|F(mTdRS+Y(`#sx?6IKtC+0*Mx{@$kCW6Sv+fz1Duy9P+JGXaP{&#e&LXmYf+ym6*o39==SO zt6gbv9Z?+y%Gn@DTSD&jjnuoX@+mT};$j#aT@-(TnT_%pJ1|_`QAj`@1WVXTS3Axc zj0X{56Tj!sfXt)Xd)uU7y4+%bN+7xCIX(*Lu=B{QqhZ123qHS;}_Q(nIRUa zXG@6tt;SbtxJV9u7P%;@C)f?tG6-#2pY{WdiJ=OVaRNd`>#4}*#i_JQeysPtv&4=-<8M0MU9~+zqd+H>8qvPY>%N3dzLf`F9o6PM2Bzem1u;z$Kp#7P?RBql zIKy24kCrvu!_EX2-sW;}cVIzWM>Qa5<6?2w`(z1h{KczrfO3%aN7?OR{eqiAe$sr$7@To5iUs{YC{@NdhD% zG7ttaMBMh(d7z~$LO`fD5U8xxh|$2T|L$6jTougH>hid}ocG{#hXSse*J-WZ(|hD{ z49wLS!KWLUosI-#C?H$zI$7k3F;-`UkqqZW1Cm;g-ymF+Si%e)WoXJ-|K!bk%&wMn z5Gmt3#8D3AP8%&fm^WkBMHX#tKTgJ%xMxh1bu^Eio<0<_M;+SEF|qFp%MWVP_gBjf zH1Ko#=J)W9ijRN!;w-%5Av%qO=sVfMgagtx--oDZ^(Dk_6b;x?rnUV(JQhUKF&aip zip?6@bSiTf1hT6GJpC?_unaJ1iz5`xQj~rC{s0D3#&{Gh zsvG&h?;%aH?4#I^MZI6S)IH}wfqmYDmaa!yw1r6;cFFXU<7S;UqpA+i?_oyeO^=N| zMsVu^E^6Ad4aGI)KxMvP8X%@OMU;&&12Mv0K-@C}<&PU0P7uAziOic4^EpWP?BPJl z+qgR&-K^h!22NmW_0S|zstDxy6x$RaQo;1bmx(q(2-JND;0f_1?WXj9XuW=p5aww9 zfmU>}i|D%%XW;#8O z>jT^M4W*1JGBB6FUp}EQ87A|*YSF)%ckvEwOaUR2WJbqt8bpKZd~R`P4ki^=cg(K) zi$MU}yfF%)93qd`>$>I@^C) zyUyr9hBtotTxZ9nJtMVmv}q56G%1kRCCYp~IKsO@vIqy6W{5cbr`7xUO>xK74cgb| zgQ*Sv%fSlb_$YVbTYiuR_&bGpTkgG^BNDKRouf@Y`v{&TXZUJ`R;~Lp&i8Ky-!}c2 zI}?_mi2}!|>jB9(|pv=sh9-0i6Xd}J&b7!x`^&}Kh+PxCN@p_FL( zZ0|y_Xug&Vlv1#Pif>P>C@v4sfozsg@p-OFn!Y6E&B0-D#*fMaFncOb`b#?*d`}0V zkO466!@8jl#QuA8-bpt59|v_^`hjXS2vH4M0|q_d%zqet4*~(R($fl6`ysJ%4Pbcy z0so7641*Up6&hbhXuclSy~a6INEV6&m!-&>k})P3JE&zpG+G(CzaFPtJ~lZkz*$s| z5MB0 zmx{E%;{~+`Fa8ga+iScbr&6?cQ12-vYjM!^GbV}o%tLNAr*A_vz0XW$ZpYYqQjZrS zBMqB(yWI-rte*il0F>4@>*0G)*7ywN1lWGbh^8?B{&Y3q*M36-i3sq6txj({l5aTP zC22{tDP7Ia?k`U)zCNF#7I`=ebApm2=&iP8L~(Hzv-??r zeuUR6gD8Vxsrg3Xz(&9aTZvHrJL$bhI#AFL+>p-CNOb(?MZ%`sNp6;ChuJ@ZrWqqa4LI1 z9jDONg3s#wtC{*^t(XcJH*M!By;gm*(DVMA0-m!J!?UH`Gy?luJcb^ zPv_?mAu8292X$w2Ar;%2A77Z_M?SezJl5B2Q(mp9|BjOR*5UXuMbH^F7>^=Y48gL| z`~F__wgZF1XT*&6w!D5-I@ff<6CU^^({+byMYHEeZ7!f}>u;|MhpWC#jC%R_u=w_f z6SDAaP&?A;fjT%B#BGM!1PLUl&llKf($T|AXsxgMoF?3RPZ=1$KTlU~nO*LMeN@`IDlldhg*uO+thUDR9+YAhqY2^!v^wjXH0-JIJRHoyxrL9)J{9b9<*Ob4lK53ygV8=n@>Tq*W1X;ZJx!O@$DeO88TCm`Ej4u`5bz)y!vdB z@?<%1U8g1W_LRC!)gkv-J3qQsaAXrIpK2-jDj6%a<`i{eryXB1ZNenB4YbANT)(5K z8-10tkzD3Hn0{Jnpd`!t?+t*U2Y>C2&8@b&rU@h^Ag{_jh}W!KaItQ}s8oK?+Jf(W z-0OATUq}6rJbZciI@oTSL_}b7JnH@0pLF32I{ImI5KB@1r9yi{0&qK?H{Z6OiF*ZJ zzY6>b9}5jlo;?c9`}N6SbX=9IK3kHOo$yC<8XCKFOwUeBSulF6POgPDs_&vO@nBvmFnVH)3iz#Q!qB<`bSUGOkN{BUA zx5G_nz4zw^+hCS0k-Dx#kPg9hbsHVL{IRg~=lI*jFr?(YVR`;!o#0|&dp0N|xA*a$ zH^qz(sc!A9GjO%3sPQSiSq=Dj?*Lr2PMYyhZ?_|M8P&UL-U%zjs-1zQ4ESqb%bTfB zD~9jRyHm{Hc9INvH{Nf$6!G{*2)K6xBO^0G;!dY$TH(RBE51p|?l`ZU&e?o^abNw$ z^A5UAZTKDWiK}Vb^R_6-K{b18h9w-zC3|0JvV+%t5s@dzW1o{pr_a8b6dMbbO(*r# z9Ve)*wbW%23yXIK%M@X{ncLMbe8kLT=de#Efh=5kU1KcPp{UkJP&JFyscQ67ZGN8S z{5T)~mh9khzP#$SXUhKB?<+30qia*0wIYv5`;7r4_1Qhmo2pKbAG3kOzt?!H(Q9=d zt@C_!-c=;^;v|)etDzZdFnMVx8I6O~G3-?YI}e{&qvFcN{tYBtt*x|f-^j>wd8gSG zIxxw#&Y{UHc=he~ffh#`SCq_QyU4AkMFn{@n)Jo#?RhWhPoZa--CdbB-tStX5N@Wk zZ~ZhL56s_)-2Py@{p~Y-MV_a!WrDK2NLzKd?|o{=tf>Oy@&5XKl9~E)7mwY}wtSWE z_Qb;{>GrTQ^-1CY;z381aG!_wug;+dClFFkYws0p8@dwmrBOVc)k&MChw16~+7e>o zj{@+;&>sa%NGoqb$MWnyDu{`fswX!=+j=bU6=4kxhl{@jgt@Gk4kbQKUPv0)WyPid zudAi&$0&WDV0HQ*zX0dev&z|R6cXD^4y=5Uy)SCCtknby12YIi=)k|M+6UU#ykt#9 z(=+CtxN@536~s)o4SP=|W&HNjj7O!2|hp<=Dt z8CaDTt5q!yctc=?qS+&9Bi4dRw>wph#pUP~u=53*Yfm}7>bdh3bdf`@{gwUO%Tx^J zVh$($1c3-D*qK(d9`xuJ_3v~Rq_$IB>Y8x)D-*dnXII3yUU{D6_QjIJiNyIKZ0rXw z>1pu7`Jah16J)EsW&~HgUx9DU ztcC@bNpfX|A5~jaR2IqYjI~W!@^><24{$y!lVFWTBC2kXr^gF7gg&sV-dQPgBQ}X6 zO`agtvRaLLCh`tm?v(geH!^tII@QRDPllJ2{+`@|t#)0qb*bV?;JSjt<_xsLqOfKT zsVY4BB?IL{*;UR9t?fbhWldCU4>#h@E3p}%-_asKe|R~QXo=wH-f+ZK zp!77A>yd=|$00@V65hRuzoI0BpfQZ%r6djZzXTWEQ9i-V7FvGqZ5@R0kc2+@qN!n_ zMuHd?iOa!XUs{-iUk4IhpCag`Qvq)4v^Vh5NtU-d`lS>ttnk~7f*cNda3%yB@1iu} zm01N0n$YW;B2{RO>QkK5AVU-Xb#Q(4m$-WIT&>QHulG08^{RU9z&ss&SH9;IR1|vl zo-3cxaY6%WLXUe@dWf{FJGq&vp5R6pRKzFhkGqo$_8&z0oN=#xBW6%%1luDAt?`MH zU#Wcqj#ZZO?7{ilT(!Kb?dbW{l`7qbQ@nQW| zWAAK4j)k&VGA1Q-i*0(Ze=1IyB2Bm~o_5dAx1ID|)m{WLTBszd23IgK;z|cyy$r+I zKj*Ji%~H-(Q4}+Z?tWgVR%fA@Ibsgqa+IAPcUm(gzQ`B3eoK?iz#17!+lj})lZzad zYm{&iPbc4WLS8CEQGMmsM0I=MqPx6OrIYrtcX9jJ?z~G>suLAXb|N9JWb%#J^>lT- zd-dq+r}%A5`Y}fCZ&r@_Ll3aQ>m`=Oo@EekVYTh$dG=uNxJvix2~d7y-WQ*7n&+R%qbps+fn>?!*+=dkRs+K#tWbk!e(Xs9Q`}Po;_C>)s$=<2~zSaXQ8XGV9{H z*0B`x4cIp{5#L*~juVjQz4O@T_mj_Wvu&^c&SX3sZ!%Vw5y zD9kY8=MH2(cu)(rPuH`jp6>=%WS;=kSSI+ z>FVd%h0pDh97JXiU$KH@E;t2Z;&eUn62twv@C!Do@X^A4C8pL9zv`Ub9Se1G?Q(?gYMh~ z_fWBkm>Rquvxs%1uQRS#P;*$~0irKfCQXoy?QFQ;JT^(%Croyr~R-YzIg)9%q34iVit-0qYa&WGgdfUCJ$@mr!aJm)@ zMQkgL677((E^Nkc20<6pJIlruAr8el85#^3O|nBCHx*BZHys`3bPClBo%p(zWVO#;$o7N!*%L2 z01<|AQeBz51IM$^7hMG1$JQ&$t6O`NAz+oN1|4R9-xu5Q`F{sB936*+m#>su+_c0u3bGvUQ})EiJa&$Zc`*wdUR} zOvihXXznUPnv87v%0vHhSP+~M5Zi+TUfj-~Pl7>2ALA+`c{pm^+he^FE!N}RVi7ck z!F}1h%R$!)6_3FYYeepx4%T8A%rSo)=>U!hlB?@MsLD@IO z4?1~J_s{ZSI9!}7^RZt0L=D%%^wtlSTPL43UOm$_HX9v0U$K>YugOe!kvQmOES@L_ z_D0vlLn(hwyu+P%top-3JpG2Hv&A!o#vkfUCo7-tAQfpC>ToU;?75|ZA0S(Z5wSzX-KP0n#_G3%= zW7Bo3$fvL;b~ThUPW$kD>-?(0;JLJHSng4)LpE6=sd?^Eehkx9@!&13Z!Gt_SEl5( zGq~8Olvpvwe)+IGR&^)E$aHuw2!M*q z@NA|VWERkC-WQwMdJHA}w?4o3%22{tb?gcwhc^JdXSS};c)jQJ3h9k+BW_X7SnOD! zdqV_#Q53b#EZpF1mRKzN+e1l}#6% zoC|7`nOU#S1U_BDSY1CoNPp3~NcwgWJ-pf0-cusaAE8jbcbVE1&*$K9@RQ8f^S=FC zg}H;SS?qA^w6V=D6HdX~`{d%ag@u9_^{ZsqdwX!uP2_zEBwLiAcsOoT%<>ly;S5HEV4=} zHM#`lVma_8IWLtWC%j?|z81eex$uZjeY2!{v$*|I_ltO@s>8uAjJcDa!BwY8P#BKL zZ{M?n?Az1h$ICBnb`%<$K~D+MEhh07l@?ZCsNh<6yB-UT=`qHg6K>I*yO_Z7x(UGl zo%-K-i`OLx;3x9W)_U(7<>RBMX`8lnCl_1ELQtJ{PTfc!khNO!IN7QiJd0r>QqINB zbxe3kKV3jmp!N)v5(o5vq3vN~mU+Pevd^pI5G&svRwuj8XjY}{@bu=3s`<-m4o5u_ z@e&focJ~s31|Z$f#J+eo&|ar{igR+nM129dJxldWG2`v1O7$iV?GJ+$(kBim=8l33 zNfv%INT08>`6Po8ubM~A>_y`I4g021Lh)^{i|cM5-8S}U;ye}I>LeoF)UY+IW~99LOppfVUQ?hS38SF6T>HV(A+6>oi4yk9{qC4(L>m?p`Y?=g=EmJJL!>L2BN1=HTGLe%HI% zyje1`e9FENhq=fU{t6e6(>FBhx^+MDvj?Mk*SgoS&Vw&&)^9Rr+^*PBqwfW`N$DAf zmv%?389MP(irkFs{}34+WXjfgLiI|qi=^aIFiauBc3-@+bkY(#^70K<0I&OC@`GRd zwtVNYkynCjLOwxR?RP*ZvVPP1CGl#5TvJn=?)li+(Upr&^GQ1&xWjx*Hg-;jT6&Ma zuK|xjI!hV8zfT+2Z@=-Y+e*X*kUY(L)Of<~)V-nk_3oDx`Em$(+@utz4huu1oqM&0 zBbaUe!B1SLBO5<>`>?tDH@Y=+ZZAFaJ|p2fU3#PAcHt!E%g$I4f)w1z=RJ5YV$Mk* z%izPDHydj)R@Hcg{xqJTJDV4hP?Gl{^V=5oG5f&#XO!l1-e=dHGIS%n+PF!Yee%ep zWDi#2Zm)m4E!Mp5lV>9c?T9Uo>ElnXPXg4;vxX=aJ zKcAlm&~mX^b?^58wGWp+?e&b)Z7It>m$z+9)%8Z=#_oQL*_21@q}Yyn9(W5mgk^t6 z{nN1E30*!9R;T@6yEMKYTSkH|opD}o9Wm2r7ZHx1?07Sb&6MA=wu-hV0OuZigC)n* z*T=%c)OYFO1vbfU_s>s=nC%8-e(bRWK#9;zQi+S+Pfx2BYOKv`X8rb{f*QzQb%Z>8 zWh;6N@#dS%u{x3gn7L@_E&kMP!aerk{>k6jE)e9^&DospS`4r?FHXFXDNId9n^R zU9a9o|E8+VchdxW%04&Dr@G0waXGxpSj(v*ml1)om#e8{X?w(mKc)^Xl$Ao$D95GpVbDRT}gIwq1RG{|zsTI+c4 zr2if=D=JQ&u?FC-ua6Z!L;_)G`!p;Pn{#M>8sNU&o>eSa-Y-2L2aH~1jSz-rvFsO* zZ`)2-O%$ksYj~X#cWX5tgoI!}*N8Y#89rGR+v_F%6vt|5Nihpue0YhvXf!fM}Sa);Q`SuQ&cFo1^t9qB@>(cQ|d z>JSVZ$uox7-g?I^?(clYDN%4eKt=4=c4ST&x^Z{y%+R!dB4EF$r|OVKE!8M0?vW~2 z5Y`25B<{8r6-Mz*#^Z9J55lb@N*oL6H)+u?)1L^G&C!(1g3-mlRLWI3aEGmbOz7`< zS#MDx%b0A90h&X`!G;4)=fv1UxPF1a2^WYBt=``=lra2I84v>i$B#m>|2WI#rBk;c z0N@i<2N+0_0XyQlJ3}XXsyMJ&VmDqIURF585;w>tP$i+qg3Qn|eBSj?+#iWjC%#%a zSA~XHfgtn=Fm$aHarh5emoeV%@a(8znV56bW_~kS)6l^%D1-3?1Tn@8`Upl@<}#wn zn0_Y=rE85MHKY|6Xk@J_*SbSM&N2TToSk%A>FFwDA=V}28p~H%WZ$vC-@JE(BZvlY{?q$I&b+`sW~@pz{9jFxyu8t2Xnq4 z-^=k#2XP)>wHUcJ_K}(`mBl7r@>FdaR$}9f^o%Q^2&fq|{5Vz4SB(jg%!|bY_S=!( zdt&d4=mEL=FFMsnT8cwIm#?XeN~liHpo>qI^YTWR*F{fsNr0>IiK2aC8-1r?5Z=I z1mz!J_H=XLO9r2R+{iQ(Oj`=cO<(%C%Kd(D^|=`0=m*7RKU=Zfe-zjU_e}AIcjX(7 zqqIEuY1|@JU(cEyc6V%I=Z{d`gsQ309%O;g@Z@KcI^UhoZmCXHiJ!O`ViKw;EGryM z^CTmxiWm~92MHt>pr;xoLRMNr)v$fBeBMEj#@dQIwyE!oKZD(Xi&%TS-mL7HRZ7Ym zLL?K5$dvIN*B-4|_uEsPvs3)p!}G^AdTjCB;^mk8 z6fRP|)fOuo+B)#z@TsKaU8UUXi7iz6+1T795#3Ra`+a>d^G-cKPd$IZp$4m|7Lw=k z`<07SVV+^Nu9B7br|F_SGpQB@x-KpL&Nqz|h0s%K0uOkSvf*Ab-XfuG>2*aL46N%u z;_?Rk0-O^1`s}E5^b-}x|55#~ND5`iobOuYwcWBwkTb95xG%+(cUHLRFfPEsIov;H z3MkugSN{Fl9VKWZxE)PZm);YQR26E?Hd8U-(}e9)-L9mNJL zHlXSH375<>ess00?*FFBe3r;=ZB=JF~x_p-tK-^ z!rAyoF5*qe6UC2%l^$A=)k<{PJ_@`eDk4Uy5J;S8)=un$#UF!vc+*u=+xq%>ni6ohb*e>NX1Ti2hUf*bIqXCclSN zv4i{rvpfhAHEMXkB@z}D{I;@X&^~+{^FdOYwsjyeFPv?EW@P1~sp8Ky!u^`5nk*7L za#Of#>VxXsOCG$|RwfS1t`t8A>B8JY_WCpbmmj+t;})r9zc z=XMP9R;eGDS*!iG#MOeG!|(CCwyo1YEBm(gk~I)CAbWqME0_%Lu}-@AN{nk@mLi*C zZ>eU+9dN>GHog+oi@ta`tinK$oThC;TQXc{3yNZ;L|;qq&pTH5`4H>H9bMN+;MuSjw zjZWql&PxKg?Mx@D>BLRNfmMZFnl|!`T;TMCGHo(vw~ZePcr4v17{2@BA?3gOp8E{B z!whO_T9$|O&d)NH7n*-6>>?Vb%ocww5FMmg2)S@yYr-wVkngT>#jcG2H&fWw{NZp} z27r5TM*EZS@XdbTLB`T5BuE_eY2Wy^=w!ep_o#XXx_yY>M7vu@PIx%uf$1mFSh%HB zs6Ov7J$aLLH>}HB#dNevUMmMg3@uGrvn$MZZ~qvbn}odqLG_2%P>&-V}dQR>qh z(tA>+>73Ok^lm;T73*2$F1Gu@~{j$TjEFtYwMQ2i{qNu zIA!O-49G_8?Vt3${N<53>T2^k$7^|FrgO$)wd?FWv9b9cj@UP!ju7V!t^X8ono5lV zQ#{I7%fvqAb?CV8t#!4=EUXFKw%f)nWY4uQxCi0t=kQ8T9t^haqk=TYt}Esae=JE z%?;?!-vSNmQM0gEQ*^rea)0h8OaA`MAh5xjtV`I%kJjTV0|FllALBn3-sj;>i4dp! zn(KLqgP>Jd->f|ulgv1t7qe=|`;TPpwIE%udd9l4@8JD(y#QiL0rK1hKefHJSj@1M z!si?W#~Ts?a_%eDg~*I+CBvERB0<}$eZ}QMmM{^{0BWxN;sKT z-Y9#I{#&S1=33Y^|3$}yOi_KvAJ&D0;(RQ9qh7E5O=CvuqS{>3HM$h+3iaPs0l0j{ zIv-;&nWt{iwLjz_I%t1=@Q9~pKn{UO9Au-n-{1xlqH$e9DNVF&_C%agoD$b!gzKMF z8tKE#TJIm+_(JR{UG}pBEHF73QQY3z6v7!UBc(lZ>oHBTz78E;#C2#JKtx7v;$ru% zaBVaUJ%GCZXz^W%s#V%!3t-;IBb|+Sb4D8nl39|iBc-`sKF!Qj%6&fJvjU_5mGkL4@5Z?;1C@jz7Gllf&f?HG`$h9DNl`HGGzt=f%8rQ^j2#6$m!`+)M~x#bG;lD0B5BdN;a$8 zu3JSlXb+9v&(m^saQ*STNB4RHI|H5Sz{lkMBdbF3`JZVmsPqR;54@PtsHzF*N(eq^ zvRv!5ZZm#GE|VKO6LlKxuJ+&4jS8WUAAS$hx1XkH%Y>d=n%Vk*%!%Lp4U3+ASvy{N zDOvjcY>rF5E3rKha}SPIc=Vw1;}lyW`%kInZa>MWiIDbCbODS{=Er5X5P571jx zxUaf>!ZaMf%*ocagMG@`!#rX|s`)nBYfAiX?Nl(C(!5vqy?WuTXFZ1D&-+O3uk2av z(P0VteHrY+mvo9&$&_Q%&x|WpVN&fd@AT&4KI&;f1?q`RZ}uQwj&>*DT7YEqUpQ^T zif>ud`%9bxmA+lDT(TdV3(P?1N|^z&?(YaYEigM&t{;kMwnivmZWVC8Anh}WvL{Yw(#3h6pnZt}SJ&$v0#0&Q$Pk5Bz4#f70^Cr@# zblaR%xAk&~GsS;sU$gCUdnH%g>o?`*n>XevIm>XYaDyveiCrG8Gzh5DN!KHT+(i2+ zJ)u|8n!+`!Hsn>Ypn5MF(s_&J%C#q?TAT#Cb4AaCgdKOr64oB4i4LC4SXJ!wN1f6A zMOcaS|72SiTqZtkKDk;6dv5rcK}U@4>z5Z7dT_g$R)Yn#CQRLD&0Lv}%3Y_nenB+M zvs}wE9JzCu0Y4HC{o(he9o8yYWd`Sze!H4ZzC?B&W{qyTSUi#?UK}j$Wb55|6Q+t) zk4mol-0k9CFSH-)jD~lZEPUUn;^eM+Bp6E@uk@4wU+4=RmGrAJ%^#!CXirJ#y#BSA zCX_UQ%@($$2ZzeF*dD`jt#%9c^!S|OGSEp&fVr}`D)Aw?=f`JiM?X5uli#M(r77+9 zM|q@1c`op|wol9q_t5@BXwn+mUI)c3hMT|SzUlFb)P6n78i<6neqf<~Z2c0~KG4lm zf2OHp=4qevjC0vp05sS)#+ku5Ia8?lc|Oa~ulfA+N#bB6yy7)`W8RJ?q0-vnDwLk( z-9#y=vYT0@tjt)0V_lh01oQ#LdRf)qg}SwQfC)oBfAZyeWYLia2iTx9{*S2ADT)g$=(I)<7I4_OX+ORD=T*hz z#l@kB5+&}hSDuIS3W|?+^B!MP#m2^V59j;`JMzQYZv%>9$n>e!>rj2WI(EZots#o8 zEpWowP82_qtFc;vD<@T;JkiF#Q;$phbES@vq2Jc8tFl}u3(3Y|q#algpqf^eUtm9+d zpA%?-afO(9iHYegj4iJ2rH1D|)>p5ijhXS!`xg586dC8SVsjdv8+=J`)0c`xFK>8m z#%6$_`KN5Mo)1}7nB`=4jUA(7mR7M8A}6KmzEgQ(=7@#82iFxYlRdWYVeaU120Yp-HgC?9a2F9(MAXLjxWz|ja;s1_5v<(kGv{QjLad2#QD7c$_#j+($IRWyZ0e9Sb`|Q{H_~E zA%?#H3QB~yok!P`G^HS!Y^Z*Qv@5$>wv2B^TqG--YZ8U(`XinsYJpHr%B&rGC6-m8 zfS+=E>#o`9-tqJB@Ib!iGo=;tABn*@@K)7Y146uR&OQM-@k=lNM&YqHP8#GFxppzS zSWo{zT!MUOMuq#BDV}N8BHWH&lAq+c`V%B*G3BPbl5minm7fezZlo(c=8J`tF|lZU z^Hx>1Rv}(Q8`8=~G}BckTvjX`7P**n+@QIhr8=o?5b}RX2$?|Cb*l#|-6Z~|MiayM z!JIIdKJLw!H5VtRXn1egDJ%Q+=Trm)8gE(AZPYPZq&(d`s+5=qELfEI@j#$d81S`i zcdK=~3EpdM{OOIspEJA9gcX*92k-ltM0G5ywA3uakd{q*6*K7J;I$DzzE2E~D(Ex5 zEGbBNn=6SYiTifRp74+{fskLFh z-GLw0l@Bn=dmz-wrLPy%HA(k=1>0y3Hzn?S9#Io79}>BTx@c zGpQQ8@~4~LHU3G+o~R&D_j~~bmkMk}YU?HxAbHEr zaCd|)V+4{3nik_S?p)p6AlzI!zh}W%*51>M3#n-e%$=v3CmmRa7|7S$_lzl)2Y&J( z#P&gXJ`edPr2X-oi|D1&*ATf5+v;fjSRx2tYmOR$ zhI$GsKX4{e7oKhhuFL}C$B1}xO46M;%=R%XQ(t+>)k&h zKCZEH%?;%29wO7&1%H95hLyGj+ScogGi0&D-OEUEj_>9d6B#?N^iR;~BPqaNNpuoy z$s5c~F{JwXP;4iKG%3|$`9HTIYYk?}behtp+6la3N5gw9|NoN+SXtY{pgs#{_7e1> zfM=RomX)(WzG9x95>GCEYEzQ?Fwp%D8jV*>npHj99`chc8~d4g2faTH3PEA6F4X9j zTK-Ld3jWhS+}8)#pr-MN`=V>}66xxq!JoPP7=?GT*QoSr_5MG&{zI^o>Ms@Wpc1#N)+t-k7!7ae60GUi92gHwQU`fCTTJ8%lLsp;INOm`jfGQPSz3ii>*LDi@Z(n(Uj3xhjbmZF z)j8Ja1@y1_!OFtf=u-2g@Bb8CyvLG*D?x(BGrb!3ffp~L5@(xyJOrxj@(;3MIK>MQ zhCSCwhcofXongsa&HY3&e(AtbgVP0a$RQxw49H>ElP%XzRj`c8oe(}z`q1*V#i*Tu zgYR{UvmB)jPd|6P%sn|E-B7S^>t?AXzH9qHnteYmXBls2l2lZ zNgrC2UvVeZsXf@mGES1B`UbX!A@N_eb_I*uyTA8+Evm@JLY9IUU`!8#BZeZ~y_O5l zv+EwUpBrH$_Aa<9lCu`O%LPqVoP7D{8^Ca@Gf2MzBgMj22s%)}Z8>vkKj8$k*S$gf zlPA~plFZ*@t0i!Pz(IX8ExKZ@`-hx`c@%O7-G2{yp?&SGKeUJW=m=aiWHjWFqJutG zGBIbT_Tj2{o%(@3gTBp^hJV1-s1}G8T_t)*d;~^mqq2?!a$Z9u&!si|Bzjl2eie1! z2y49!E5{3ILzwzMG`7uDsygfyDpF_;s5>IOCQ)4e`n*ZL*x>>;R@{ zanNj&r{&?5GIt6g^J>4m67b$scLHx!rdIRIg~n@Jpxc)m^^fMTY<81hco@T$k{xO! zxsp-DizmEVCjKFy*H1H*X$YdO54_z|kCihAf0Y_P5(xX1O;aZqyB4J5G#EbmOy_2a z3Jwb5#LWW}=fJpP{k$fiU(?r)rc;Ywu2j>y2CVt)ZuOR{$SF0^9i!aj;flrXWsGjH zF_vg=(V}heNK>T@(^q$o96j7NgMZQrrzZqD#7WhuP@O5^; zLpxT524%$8wdk^&|CTvLMe?|h!QVlEEKN7uA_W{mpe~@`A2GVYD-(#awb4x4WK{ZX z$LbBR5S^x`wwYb41}-IDy&4myp9OrM8#YHT&Dh zlDkMeB=Ee+=#Q58DdetPe~X}~0EO`<^CqOLNL}~9Tvu5ebcV$h1l;qNd@|e|oiOqK z{39-3j|mS1C_9QVuq5($S@1)<(WjZ0iFtvT!zN4pYFn1o|4}w4zEe6XwT}Jjam4Gc z*7l=eA6_&4<%;gzK(7D)!m6P<4Sm*%tMT5(`pofiKiG>(O3DZ7de-c@xp+$E=_?cD z7R@wASE?cLj%a1g)TM-?(D_B>G9cN4fUJUmW|Or$kFf?kRfAK^xk$d7lr8KOis_q` zg;=miROk`B;Cw+&@@dEl<-`r4d9&btapDLc+;mp$YPjdlbz=kEIiLsXOn6 zElMA~V(*;9`|C1H1Sah6La3|H!qz?ZzShe82-7YtE_?2nkNs*+SwSVA=4%G>k2# zc)7CAB~N^E2Q5{H452P+&A9_pnaWx79?uWmThJ?v z4*E5Kb(+8q&+fMqE+I+Y6nsxty!CF!)_L@#6BD@aDD;4>|f~ z!a6J_VT~|AnjSv{FY?=4vAget>5C@v4-HY88d|uuuQZAMt}`nSCh|38 z-$c~AsJ?QK5<5)zJ(lA0MR~!S*T}fM23hW=?Za_hi^*@(UQ`~hZm!L4HHDB(H2k~j zb^kVZ-i#5C7F4qbhtQ%ET*eS-_TH&oNCL#f`Zb#Aw*-)Gafq@DvJ>2;E3~?QiO-~? zW58&k*++49JWBkeIjU@YFUo#Og^?Gd=D%Eyyn{wn)NRCTzi==C=o4bMRuwW8>NzTf zSS0af#@1HAvNW6`Fjj;8K_hTqWP^q^3BV4z*n3<5qmND znqv8U^R@fLA-e_>4IU%VOdzU2^RuK|SBgTzxbR751D(LED_Mh^|Dy77I`^-u4|iZ+L#Yf+<7IK%AX>hzNa-0>A&=^q=xu1dzXbc3uz6eyQdUq0bppaSAyA z;-R;d%Kma6w0hZcojR%`SCEkcG~hpK2^627#N$j&8qx^)zmU@@Sr-Fq=J=q>VeY7O zX^}qNJ(ND(?QKWMP0_t3{V%_b3)PuX>53a|R`R&b`OZK(tDdcHY!8ggKgb=_J*@m^ zgp8{0$mcAr^X7dTe;wLNEzc|g?lm;GL?kKFon5cT#NNvs2d)x0*&&1AUs_3!_FdO- zi@^EyM2|J^Lk7HicoD!{Yuj>@V7W}Ox$9M>t}uTi2f1V`oRpM54xY(&00J z){E^193)iFLM2VeNgM&56^MfwE4wq4&yR8?MKiGAR65J1__J-RQ}!g{%naxGqR*?l%;>Cw0-orcnNXI@!p|EM1ywXf@{wt>(QC=L~LT*AQ@>R01a+ znk)!abG=m~6w%{zt9N=dh5_1(r5G84J>EOh#&+*;F2&hpTDq%-bTA&EA@^zW9Q~II zAmyK($m{@3#ysjp-Coye{+JpIEZ1bY71H+G&@k0%f2TtT#6uqdzuV-Bldg!s12p?P zV<(u?DtX^q^PXWVgc}{`i|~|B6hI*~R5Hz4DE!Sy$qM^uRiRZl7&dAH(cCK+ku(RG z9U!F4jjXF%m~T(OCAn@)=9s0>MQ8;)D{juxFyv;Sz@U07^iwn&!zGj2qABFB zIF6JG3Dyagra&+oVum()!&Xi!Lnu5XWGIEV?(Dcx`75hh-H{uj&T;TD$`P;7vYd9d za|mzpX~-9LJA}j56Llo;2L8Tz{!irZhov>(-Co&`FvUx83cu_1d}Ispa;6YF^-)ez zWtys+HY@9!na?gBsk%25CRC`(bUUOqSbEMsyVNXf7^SK!1Z?%1vtgV-faJOWXbu1o znVKf=iV1-cDx2{Nk<1M4H=xvK;OHA^$@Ci`7uY)qV1!=}#u3UY#si106pN9N;E6^X zxNBU=-R8JOug*rh>s{??Qz5MZ!u55Y_HRwNS|N0hY@Lw(iu6mKP1scYqYo~td(XSO zu4CVqVq=vlBt5z#Y28!v=l!rwO`Fq41)8U{>5q20H${8vUy;Q-=bS3f8{F_#%5JyZ zG3wJj#{~D!BG|m;J;qH0M1TPM^E)rkRu&uIFG2AhG>rXP5(cp$IAqqc>Jztkf=uU> z{STFCO6GuWAa$OBK)!oT#5Pyu*~;$p&x2P|Ai*SIx5H?I+ve|%`_!g73)|8%@T4qO zJPWR8$zb1t!Z}2BDmJuP-4&@GGojIEc+<1Q>#+{+CMJ&uxNF$xkuV#aOrBGqQE9MV z@r#MwD^>Dsc$}O>@9oyq}&XtYO4H{BlrPx@Sak2E-Semr9cJ9Lyr zlZ`cux<+spB1K}Z*rimZYcu-eYH(SqO^y{CQ>h#Bs-XN@AC+2O|4(FVK6oZCi{hC=h1D~60%jWj0 zArHpka{}(^_Y?G4_lB=0OQyW}@fO0RruO1I1oSCg^Cc4qyINiF#lavnDf?4-UH)Oy z`-|QOfc8#~?cKSewO5@^#$Qc8Xpfrg`7ufDh#}9yQgo&Nw>!gIYT_;GO6 ziJJqI)7fuSuaJ%o*(;*s3h>S@PoMGwV>EwtOn^Nkb5yqf1#|j}3e4S|f)#k>8Aul^ zM%W#Cx9^Q^@QujHtfwvx88`+SHcAc74ne75n3RZCPjP&*wq~3|hyB_0iVO)ap#q4Gw&(Q{A*U$v6Jm`a~7 z;43q&K#iv@)2O0(T%!~aq7M6hD}5fjkP!Y~LPLUc9<&n1hGY!LX}GEykfgG`WfmLl zL?;ggbebw(Y9Pu}kkCahV8S()(8odWm`BW6V52(!JEqWAS%*)mJ|Ba`mcBL z%nXilF84e$O6p1IvBDSUUwUJo;UV96g#lL`0aH;3=l#@{8)xm zls~hszhkk6IYn}{%pRtf#(O9KMQb)0%%tHbD3noB z7|mZI)OdSmRVmg96IXH_GeRz`Ye0&ntPL!gZQ}K+uA2N)Ok^ntS^u=ED5u*fQ5DQq zy(|o1#1FgDAcXZI>31(q@X;SMM>AwT3b$aHcF^YQX8vK~$hvzoe@Lrq1A@)OcwbVT zd3HqQg0&<2EhwQ%qL)xPFP=mK8r10(Kg{m`+fJ^`WinA;$atT(jW<7M@i6c&Neyh1 zHpyU;;Zgdl#(ZKT&?FE5b37aEUwVmv^sghF#&hkzJZRbF`QziOgu9{w+590c0p8~P zVtvZ^o)Uu4zWG?c$h3qWla#VNnW?LcCg+5iOsa&!n65?HoB>_FdylO3zlgH8+Bz8z z$X6k#zV(!@*erxH?&QGG9kWBJmWnR5K$XHF;><^J1{^=M_y_8gvitic=5vbM!v+l- zJG1#T@`oT2?N9xrd6r@ErOjEn7ORNfD~%t_;q)rs=H%A;_toODl!EHVoXa`G6wvI~ ztm>2&(Qkar_zFGY5hYqbK+$lG>2w*-?aQ^?J=SFc6cT)3rA>Vstq95P3O~NoNU=Hk z-hyLTs>%QI1QQ~<4Gj&t&l15eS}nQt_&sQL8lLrQt3MWxiJY^YDhVamSyE;lx~fzK z2e+@koNL3Er`c2|IRA51O&VIhI6<(8?n(*XsU>NLk#`8SGvnzG6PJ zUROXu4|35dC)_IdMt9V&HvxJEmqK(dmXY2q(&f*PH+Z85G z#bKM&ZyU09-^FjYyL@$Cm###4KK=Ia+!!Z;rQ@k}mr{DKmc#(LXQTNG;<53Jb736P z9toE^(J!yL+Jp5+_eqF56{t)jg=~)TM^j%tK5W1$~qPjvi4LapSL}5ZlXLB z%~n2AN>=b;#8EFJR+n$`r&%z;#eVq90Vkw+VIBn$*iRQv)*U4G;Eq0;?|01XMK7^7 zBYPUWn=46~cQKfl336;Q3NxrAaFHc&xnnI)>0m}<ly8o+3X{_K zhwurX^?Q`!WZDs7=Z3vEjJ%bTNyT_Km=ev1i_>BOO=fOOaXY}k=ry0Z3vPRDdN_9n=Pi0qpGILSf_RARYMj3-<^ zT$%kA_|D6eq`oW)KykHLv3U=vcni<(CH5`xW7|d%!XOFw>Sr7E6IGL@*TTEztN*p9 z7S{F;G@p8cGpyW6#G`5!QbJL*t!V1l}Y&6Ey)n~k6V|DtMRJM7iFh}A# z{0*XBFRJnYn^a`j|K;=NIUB8?-y=A3-@C{eL!tfmE^bN_oO`5^kqy^5bAkzdEB2~r zBygW1-#a_F-L-&QhEqD3q9W1!hB7!$B8Mo(-^T#gYJWjKKCC_wX^T)Ltl%e|Aro3a z3sH%X;aXL0xdimNlM6+EqGLh)>R2&|5`CkmDK1MtEgpg9qA2MMAdir~9V{Wn)`A#g}~K9t--097H9aHmun0JLYHW$AtD84^h?C zHReBe2PVF{L_sKfw1hIUDl%maZF#Nx-`S<+b2z{%$+)k}kh`R=k9UV!#hk^zd z16x)l8>d1vS?E~#7MC;Me-DkBll;DDTx>nJy|clxu0-hDlu7Q*6t99C;C|e{op8S% z&)53Vce*{pz71K%Db}nJPB`H#%8bMS60G<=I<&dYH(iUy1c3;c*lfT?bSx7J?Oi@x zir)0ToO~-}ZWW7qb(_B5d&*^7Vq);Dy%zMhJ7H(;q7;}Y4bolN6AeN4+TZ>=8|9m`5T45unZ;8upQA)r2xsBxo=| zJZAK|cTARK9KN<88%Km|oxz&`$3CpumK#;ddN_y$E@Bp6nsP1lcW*z0C)x2+o8H3y zBBBzIU{X$kwX+-Xy_dT=&fLH0T}Hwvd`uB?g%*~d9;z25+Jv{?`@dqg@W!(HuyHMt z72&P@yMc+7n+VfoF_C?CajLOxmD@aL@y_C+%kOrflIkpXEhA(9x9hWpv^xK9<*~5r z9Imc7Qy0^tGbH|0Hhx{(Jiaez*+W?$`+Q@lnfHttT8YD2XSZQk^g;8+_J;^_HV)Y= zqRlx>A|9l}c(CBm5UxPY=@9Yq>T<6B1c%HW zqS}>4ZJJgaOp`7w6FZXjuiyLr*^VD|)(P8)gYh~pg2(DUOTsnH?i(dZirEPm`!I{- zb)6jyR&#od8`l1GczK!FkaPEQ-@A;H0+FhA)RA|0{m5~I$@SZ8&=rmuI2P~e;|2^q z!;7axyM{0-C5q(Bkbr$GV#sqJ1e%WF63GZHafXEztQ>v5i!iubGN^d}YAezA%v8;1 zV`5?~SM?uV>Ab&xiNSWDD?=R(oL!smv7-Z7PXQG^cFQWMKiqtfBZq04Wack!M7KM^ zJIT!Nf=VQ=6~fiMMkS@GF6H;Rh1JG;1Yw4Xiud=3{f+3#N$x8g zyTW0V?8ow4iC?e|r_Bs6HjlgS^^7xO6hEZL=PNh!at(PQAJOlj*OnCGYkwo@+eqA- z|DFE_%-pVsu5)LE_-b9vpvs&B@9nVGBl3VE3I0^SM>Kc?f-vto1frhE5n5?4Nvnd` z`F@k^z2Bq5=UiOg&f*ZGxbdNmQGftpAZ2)Tjs&j^zGAx71>}kcVa$33|E@+d*t((RbQy8$CC?( z2Ziv~YZn)3p2=lfg3CjBDLDj!V#p1B~=fX8k1%t0&2;b!@9qrYvb;_*p#7q5^Cp zy2^)Ahz9NYnK2JZS9PIQp`;HZ#nQFg=pPu!;b=R)&66=@keWy_o~zzL7l2wp$xIHm z@|RzE4ca64Sndv1w+0Zn_fLmF^SrJ~Bvlrsl)ce*dGnD6B`jf-cO~DL-io4^nF*l` zevTb4cM~K%(C|%$`PbCBES(@}+}m{YFBPGzk^H;~XZvSV`qwWN6*Xu+|834_yt;4r zX0cs#yuTq6%vUFmiXsf?k??QMBPKm|l@ZPFGwMlt2@@TDk?d{NBc{laeXYlN-Cs0c z!%y0wtB-o0B(So7d_#grp(B(OyTu~foQLwSN#wc5Z3!<&hMFYgQSX@YCmv*kpB}yG ze1s~O8^1#hDQ#=OO6^Y^?M9K@fj6d779j4J}W2)GLpe9Oc7XCEQ!6;qHGUF`bbh;<2F=6g-JUxQ5i2`dgbegg5P_Boar4#QO0d@3vVTxh@>FvriW5(I zBM)UFTpdGaonJqJS$iPNI&6)f4d}(eL^-nRKPs+pyAh{#L)A*)XZSUy?!9(ETt8?@ zlqg9;?~%w+!Z-NAhF||kXRjd_6`!E9m_03$q6xO=+_;LY&M((qkg;!GU|ku`y1G+7 zi|3nPpNhE|eUYO2pUMNpsUoaL@x}l1`wwTrs%(03^T7^&Bg=_2nG^Gh%tGi0!9brO z6-racz#stKan-eVugnlcO^U3EZ8<2Y$p{M6rhD zTC$iVSZ)i%SjtSYxOm9+FPrRjLU~NMA4#bVM3A7IAAQclauXT;srp#>EAzs74Mxls zvbV2*){5d!?F7o;^^ZIb7iPZh7ZoGqJ|nkegvr~J8>`;^W?oEs$|ckp@2tP>7ikD} zHt*E);A>kvr;-lY!h7MoCIi^zv=7+Yy6q)x{=Ti7;}a9xJM0&?QCi|XYVQ5t-WgMm zPj5gE`MhtRX~O^??9JjJ&mOqsctt<@LIdrRz${XW^#%)PBf(A^e&mXIU$C!lMaFcP z_pQA#=lN>V8If?Xedgj% z%hA|lFW=TXi#3>Glx89uQ;E1}fy&nRGvD{6uG#%>^F^{sX(B;M%Fbn0vNw20UPj(~ zE9lFDQPmzKQH5$7#h2~$G+&kDrpOI21u*9#?}tTh87g_P*mHJhP;+k|3I8%;U($&> z8gUmL!{N;hX0&F5HxFo}+UD(IZe%jtR4ePVX;~4sDG6QJH}N+CH3rT) z7Pf29`~Ld^R~*a0GCv8xLvE%BQb&Td{*m9;6A^6g{XTcP5*7ptZUXjf8Gi8)d<5DD z0cCX0W0Lp<8t*tbPH8-O^2BE&N(4KlJMhYq2=8apGt9rCEb`WvzCbhA5-i<6P#pbY z`n0I!fA73{X=VKj!~QsPV-cphqXcYLXH=QUHYzdE-%P9=8-HluxJ@s%L3X7GpM#*|%V>s9es5i+bH z5`J6!cmJT%gHW+yx`{9mu=-EU`nIoi9}%x@pS)kb5VsR-N#U>|(;e8P?W)_3SEU71 z82D23`fD7FAV*x0`b1?xFWVw1lIS}l8dL;fRODgz2%-R7&kZbkB9GysOzB~Mskg)a zV(&4e;Xua38L*&3a_#F}sKdI44Nm&xG3L0C;MUKWXelCOb#kFX)@(uJA*w#Nf6J)E}#=vpiUw`=k@Zz2W4n8+SrPK=|xQrGc3~DN%&@ zn+KF&35ldBzcw%9cy}vDDzPPIe~m-+)5D3EyHTTn;zjA*b$)QGD;&F*^5^Pj{elST ztQaE9&s0>;-*|PKPBGu9(7Hj^0L~tYx^^tt^B7~Lu$rSrfznA<< z_TaTSA9yC2>b;Y92k;#P@U8As;y>!(CV_)w1K}D)SqJpSY4B?9#l_QV`_|9-Ut&5d zeuN*(sH&*=YIq)J97QebeJ%aaI49mhUxN)6k=VO?wr%>v58?g$(@sZXpzQoVJkyc6 zdUUJ2vg+4xclFYH!_OS$Nf>5o6fKlp)VKz;0z_yi4}ai7Dv(r`BFeWcPJp-kx_=5z zSDX~y(kKMN{v-|cumd%b{jQEC(SO^;U7h3zH!Ig1A#~eZfk}(8dSe6jAVaOK8GUcl;y2J7kk3vK-zv- zX~g}amqTmihO7n8O6HISbWFt!-BRiMW0$$2o%v-*?3?jeE2eG>dTTFM5Uy)XIU=x@W= zs;u)aTc9uy-T^tgr51*Nx=I5i4H=*JQDDlM%G?h57JM4g%o4Es z$YIr}pwy%`8ho`Ug}nnP6V{ulHhCAU!-kqYB$+!X_slnoRH4W2YU>VCmD4&fa6rcI zBD7tD=}w;&kHHx37dJP~-1lft?d5~7Ci8wQj|))(lI313l3XEazp~Nro-0|%TIbR| zuuFp(8K{WV=f~Ihbi8cT5^Khj)h)k=wUn0D{K@}0@`jS`CP=?Aeeb;H?o5v9kbGDB zXHv@8+% zcZ(){UU!m56>F>jE%KbJ&Gk#p^$UcMQEGDAOzq~oy}B=-NQczioxiRoD5cu2zF8vm zWEoOh1O@!D-15V2z00g{Tw?cwsV{28y}erkTx4By0lOuO`4zExS@Dz(iZhFzdjQ*% z+TX!=Ap7Y1i?)mT5wrEvscb?A6r-p?&k=|c%NDZ&o#>O};qhVL54Rt_w?X`ByTdn2 zpli+Ii{aQdSY$`^pU@Qj+t5NlV!Je-np+? zSqx|>ctt2sL+J)pWW*U zXOm`YGK;u~=?YSS1qSwHZxy(EE0{QdX8BHxbvv+|qq_O(xCj z=+yW=;p`IDONKOkl-#b!5AzQZ@6+cO7OQNhW9(CD@5m1>QCx_|^=JosY1WhH>~_7k ziD`GPCOz}qSl;gU$xLb$C?=TO<_G>_rQTYKpA?D1qnQIQ1Y*XNq}VWSWXG3{REGbD z`FcQ0^pizOggD*xcKfpjn%Lf$FmZ@-{z0Y!3Io2}M^!n71&8ko4&L*)QSDc~YS9A# ziL{e7s$_c0^Ql9jJBR@wEQRNDQ_#54c`Ax99==V!y;? zqhAgzZ@GBD5Y)FSx_zlm)58JU(j%yo4F@eiMC9h^ACY3AD?wC4mj~0nA?%E+L zeG>!6dPXb_ivrsomu@s@5B7{~2{>QOv5u}6g)isZdSH2;_32tV;(oKHCo<_D8VoB+ z*IQV=`$Wa!!IR7zpYqqU>>Y~v;FT6PmeHGfn6|3OlAw$soEs1Dv?jC$+AM9JH(f-n z*&l8kW;u5UmhX$yPq}Qz>&7fZA4p-mjpUo_o4xL0blMYc^r@ooMy>v9MjL$u|I12Z zL79w~)91c>cMB7zE@*0!Sdd~9H^oYD6x;7UJ#geF8#uW7Rr80%S-Dk0^PJ&Mo^1}c z6h})^me*d*rgSIaO-=Z z9?k~l6lqgO1Z#odf^w$^8&N?hfNm0KUapuviYARz;D>FZm0N_wad1J^* z50mMm|E()R2L(734ic=bW6ph%+5d6@&Q^Xm@Y4<`*KI${d_OP@G$NM6?CyiJx*8G~ z_23Vl{Nqj9y*<6F*ST~JFd;Rak8EO~XCsB!>x&0R=bqMH{_Nc72w;aQFMOUH^eF6O zG1GBN`&OIrPYw7Cp1M4HDK$i0pj&|{BjR`PN1nfLG#qia+41$XALzyyM*5w}^h25_ z8b+*N$KRTMWJtl#_ilx!%9AD>1V8R#Jwkrwuq;K~I%`~e@UH$ehDT=VghVy2`@!o& z+ElC6ugQP)W?UO?&a{ysix;JTB)RA1&Oi;vN(JK@l4#jxsc!LyZ#9)mZlmjLsiHGJ zfar4g^-sr)pS3q;T7BG9mNj(qu=k>*x!HpE9I3NwshPqgC+TpQBJT5@*m=%VgSp>} z$9%R6Lqg$Cd8Jne-(=;EVpTDnn_KPsf-g6AJKq^QF|PSpQ$AP$RU36cD%RpK-T$*5OfdF#L8yPHp=YyX(HzFuPf8 zfRu2&XMS&)e%5Jh`%lmd!}f#Rr)|z()*0J%>)r1pu;{&Ym_)^)5YK-z#gBI-C?I7Y z^%~Imiatub!IIlO+;g6v!kO_M(xGY9t~I+Zw;V6K9E^2i`$Xtgb5z-kUwNe z5Es7nP#C_FOTjnPJyZlyFaedaiS|t}J#Iwnt*G{|wEW-NW5|+xsA!W;Tm|>sl5Q$A zuyrDlUS`|^_$kTz4uzy5l+fF#@}0~Pblw${0LCak4u~}%nK(%Hp2^25-581QX&-YW z#5Ivxp|E@Bg8uD_t?tkn3|pJK~N zD!-q7R7QijHeA?TdHO;zTIZFm-j#G5T|Cwg5c@t?BeI$ENDMK0e(*4c!+l}et1T^M zM0Ra>n59MCTCyeDOt@-Ur2LismDsfuQMh9uNrmH~Fh|prD;br6zp1OKtaNyQrC#*0>CcE>vu}+l+GixjiN4j( z^HUy;*T07S*qHGUro||6#u`}C<#=J(W?jvkQ&CTAjEP`BpFTRzkHIJN3~!lte>JlS z1HvMlQo$slf|{RiNbcF#4a;v+`@}Obn!-CgJGPwRKe+hD-`?Q^d1JTPx|niQ6!y<- zus`tF8I6O9-z9sp#Y71`Jy^5@E5_Ax8FW%*_p#Kc7Z3STblt^?f%zqD=x5QGcShY7 z4dTLl-{&=j%<37}x=UPQDtq18Q*f2uId`K>I^QuNyf}Bi>rJ)a<|Si~D^{4w#+S<0 zuu$`{OM0LF_GRoFpIG|=H%}HrY5RL@&xm$t2lyke>)&#!##Hc?C&6g(Hy99wfxKKb znCLa64zn4OR6#m)L6U4i;ECvDdaD$9>o5kXG_ga+7WcMyavc~F@WaWN4g!}9Eq!a! z)KngkUH%&Yxr6ilnj~;eP)UJ@HI50C;PsDWuZ7{hr5~11KE~ay#k8!ze>4`DrYpk0 zRNl8q2>*lF7v@TC(%!Yc?i|OK^h&KNrA9r;$gXg}?4dW-Y{ZG*QB->)ZQ)F9RN{U`e!^@!j+e;%=oR{)5St8bcdie;GAG0C zN=(F7Wwl!pEu5l(6MUxe+JLivVU!&0Z(al&ce^hcRjTA>1K{XMs@JG$K!L|gmqYmL zQM<|$UOqJ~Y-4zbb zj7679xl}N7dwAtltWRHgC2bSE3@4vxJmpXKI?iQO`2i36=d+6sNfWkXF)wGxqW*k4 zpzt7+;PnQu%#}V7U2WdwVQIWZBm%Jejlbdkjv6udeLkCl*h)(qG4_a9_sKC&=NK=x zQDqJr53aGL#*GBlf&Y)EuYiiOi@F{J0cip0kOrl@kxoSr>5vZT?vR#}2I&%!?gq(` z?rw&V2I>Cqyx;fzYdx%`I5WcYoO|y+`|NY}2qnb&@epQtBng5M97}9xfi>8a>%Zte zUSTRukzOzlEzmvd$~mvf&j?Ax-n>%gU)y0k=F_F!#&aY?n&aoDggUIQli@mG{gzTl zkET>1>o@tfk*mbIZGhgX5*L$el7Qfts*4lrC@=SFLvkQ4c|cYxvnh+e(0kUGGcFx~ z<~$se>$pWhGi$;iQ%>T2thR%Yk?re-?hQEi z3xbRvtKxh?#aGX=Op?0n8vrS8OC2ln`=BZ{Ltd{qKsoCvMltL8Xre5O(~X*-i7u0% zfJ`1J#8=)0(DRt{zx0G)x037hN#&yjt&K!EmnrJWGVPEb@!Rmwk|&|C*{ZHTizINf z))!hQf^Wb#A;uK~$R`~Ed0KR)yxpp~xj$R-Sbf_1a6%w5B1vnV$4ZI}XM&})62-;+ zC*VVv^4Rg_f^z<3xa`^gD8S=wMu&bMF-_>~o^33%_AQf4Q3XpE8gBX~c)OE^KiUBM zq_H77USTTyR`HfTii`LPv4h#CYMjdo3`Y89X%VmhlhjZ?s))F#Mvs{LUc0|({$-(9JA7C1YCKr41$$Goa^ZFIY?o9d{ z$EPu&5iAE z=+_~VPT1suSE;PFX|6$>Z|Kz--}+{9$LNwdY1U4}Vh1Yi%g`dj)2YgFe|!OW5K|1=K55@{y{?M%#)meMHiAM zjtvqz)gmcog1`~V25L)-e!fm4R{sf}Fp#srbsRWcL3hG5&KQ9&2aHA!`ds+CY1wzi zafon3k;FHWD*xo~7Hs;DhL*S9a)KmFUP5ui0-A7MUuKp%x$<6WFuz!npYQY5(y^wP z1%Jpubcaek`8$ARK~hE}=*en$xj<=XCt_e*>uD)4U8XJg;~FXvUi)dX@=lzuj6F9<%A1kh7B8VE3s_ zaijmyXHAO$-QnatCok^_%6(cc)hs?0tUeRYmg9b9Su*I_#_e7B{UfB!Z>6IPvtf27 z3e1NNzNefq24|ESYguR9*I$viKWj^+Us*Qg8}0l&Dc4m&M7@7P{tlY2*cEG%onljO za`M*!tFSie=$tRpNl2fGciOR(CS0qyk-Z?42EvqQ$LvFEr|U5BbKIW!NNeXVIM0^m zVNti$UbE4N2_z<<>WHL8(D4$G=mX};a*okJ=`1)~Y@&kN|Z&%wSc7L{)@F-44p?m-;=V@4HR=%0Jj? zt|j;2d9TQ}q0oj(>1xuKMwsjJsdQg5em@CG3eUq)Xnlo`R)k+d%TOR|*eby)FWX4V z_=2elG{(xM#=$uNaavqyVG0xoyL@U$9fDBq7!hcl1Sa(00_0f!IUunDZIxBoR>ME| z>M`Ml^S^pMzK{f`4;lfu1r>DEP?|=p;1r}EQY5%Y99%>Z%*BiYzHa(Got25t-X`gS zZ3NI!SHVI!gfW$qKZ*8IpZB{)cb8}SqBgJGpkm4@gM{XTC+9y?@fp+oP=1Q9=v)R6 ze9NP@AgJp>Y&1E<7H7-)s3`~>r!;0nPr%%Aa)(yA@LEXSGgS32DUGxR^^iY+6;`tV z1k($WTEW8Dw=WWnarD7qGhLUYQa{igE$e0kjxqkp*_R2k)>42Qhe#+lP3={i6-UwT zOT`6iC>zYATo7ZcJB|GWL=UN+g{iUdw(AeM%8in)zE7__RrC+owJ`yQoAd;aU@#3B zABH|4pjabffwUHbKb^>)zp}zvlz>I4ok^NG{MnmV)xytn#~8uwq#k3Wj%CcPB%+R$ z8$Zq21TGw=D@vX09;v#2wHWKPBcbulTv#^5G0=`)*eA)g=f;Txn_xcD`{IwIKPM$e zrmO&g`E%-SFZ`mhU#7}Bl3{%ncaeRLe_w#1B^nwlhuX<$`Is=%w?KQfo!5(}jJnM! zxLXGcAPiHGXH*zTRA3BpQ4j|MqZGs?&<60)49OpX%zy*e$Wj$Dx)ah?&#BFlt0LC& z1wSF6-JO{;b$m2?#&8p@$ubF4wtjT5lR)0^5>3{zaU`3iCWFKJZZnwBGsyuDknDrF!<9J&fH5xGvib?4ZY6G*qiC$@!fK1l*h zgar;3!@Ywv8J2qwy8XKzonsWOzr-wcD}Kdlzdq)JJ!ARjwql1q)5E8~U!gC_?OMi>KHRen6Hk)lRWPcfzi`W(05yH*NCLE;*`6c` zMlM0UZrBM%ZmeQ# zN`5K0m#Gz9L7DfiOH>PJyPth&5PXKl2kkfEWS=*&{22h~<=5V_Q+qBQ*g9*6IbAs3^isaLO2tw1h)x>fBLQoBvC$)Aa^OVsRG>x04~JYN z8BWEiv9YwTM|LTt6L?}g`NN2T&?daIbckSnOqgAryi-yM0jK< zyxk+opl+KkZ=bmsz7^Bf<;oxl*mK)WoRF zcL_&&B#L-8uznKhLvP&K6yB-0X{f5w_xRx%am*{zan6ssoS?4CYxHC77`m$e&hM3BaQcy53csz`O_=nI85kJ-B1UvH+$nJD$T+&C4L|9;mvBgmv zZ6fnfh}a(m;}SidN>v)Lw?QPr5 zfyK?MI5MLmCTWyZ?LCM4XLB;fl0Pw`c+`0v6>v_nLpM%M`=5yPwEbGF2YQx6MnoTJ z0a9bF$$&Ha6)EU|=UHuU46-N1L@biek3POq~qL$d}f@qM$I2>7f0&1pPpRlsvEYTgWf&ZyYu zeegomq!kY+(}1ef-ND2M&9)lc;OST|f^Cx0mv;aMSnkc@usuf<=cN;JXjnxLr6Ime z0mg4Y1_3{TRMp^e0*pLqW&)UWZVCdE@YgRKWYI5E5}p!=%RE1kTI(B~Q7=%F7zpE3 zK@2hc{a;~la+itIV^FO|0j!T0>r5W&T2y4IGW=rQ2v)3xK6&%9FOz_q+|$@~2sSqF$DtscYAI_OwD zyvMh9u&o3aP@EZ^Uyl3u_vsu2RHXQB=8&Hw*ja3?xlt0V%D7)8=fVYL z&~3)`#%6GVqROh4%qr60XD`@EI91{zPbN22#O2KTZIy^Mz9quM2(;pKHz+?!WDT0k zfl&aebu@EwIIyk+J1JU{VBgux$+fw&E-p-j-$3#VexmKP@1kR4n#>1oVO;{K#hd-F zh@XRPrn~kJP`<{HiXuP~@Cjj2GZ#uTHAoIaP9@i5pwRNxy7@Be1JVQvCbZ)AAO>=* z6#^2}w5pYO?4@9otUEf8Jh=Hi3J6~x>-~J&|D6?M?(+FVkPe_3<*n&QMqzH1*AH_+^zVuEMb{Z;Lpb63Ah&Pu%4y*m9)6TY3G*bfP;g$_c2si!pz`QdW6r? zEMU0dFy<rhu$FP9oSHJ|}6AbDok%9z@{qXU{eM#ewT@OX2asNT`3 z3G_U1F&GyXG!UGR@1SoAjUi6E!E->=0c3|Sae`*HLq{n6fxxT^Ij@o^JjpBh<9p7!fMRpxk<<2kl~H#h-rJPB$rAbF(y3X?lT z`ev$jOC@3Vm{3J#itV0H&OjWk6&0r&X{O2h)n17<2m|`(ijz#97q|P0QHLGd6n(3J zMY-)-0@>v5PFGWq5|D(~9`RYitM*vAn-N$E!&wnkPbF6_*)C2>RprRwXJq#k(0W?z zZQuS{^ne~r@X(3tp2E4d!eO^{fM&=(i-v+wWB*$NPCnsDyqGZ~P?=O1uzJnJ4eJB^ zTUPsx-zs+1Rl9*F9x^$N=|jf5T{q2UE8@DPEY=D*y&Xf@gg$cMfemz8#~Fpb;c*gN z3MKScfmAgN=ejL zPU`p54;_3d#;Fo|c>$VCs2fz(>wLCDE$KMz7FwQyVhuRKN5L8Ze^O~|Kw~CNklGv~ z-OX3(33t3qx?Q!O8=GJL5*UiTy1Is_1@m4_E6Umilw@zuvMo5;Id>az-EFR1!t zhOVlGWO1Wo<+$b9d*QX6sAE%gY59z2aZyMd0$>>c)L>7B5|!j9N*3X<>zOQsg7Q2{ zX6(e2?_Z=R(9#0tn*HwuP{ntgE4F{3E;jAoVxaGpJ>vUq=(e_{!<+4F*c91Df{Ltp zS9^l=MPiCMBeP?u-kQji4KUk_TsGsQ+c3p3=CYqDWlYc3zeBT)kBbW_I}htcCA!Aq znc}ckO;;{%$E$Cp;DHL#aU#1(%7hyl`hiYRXWX5hF=2l8N)<5D01LFJJemXKA2f8R z5Nohm;B<1pk|wji#t_}^w$i~tzJ1Jp4wy$<{bZhD2FfZ_ zexQ5cc?Z%wS=LxIh?wuy9+*i&W?}tK$be6crL(^NZX)5#6g1~-IgBLTR+^ls-Wjgw z*f){IIpYJuMGv8Z*|oG%OCUU zhYQmh!NrDLWH-A;w$I9~=6+{R`w!*Gqw~W@42Nv}C2vXj3@W)dVBRFR*prHJj#nJh zW%^k>!zhP7L;!A>h}45^aIJ30Ek9!+)&I)L;rJL~hb%&k%^=v$x{(rV`grfz<6BpCh2$?5nuQi&BHTAEIm`}uU{UhU*46zPUQipUfNhj z(XVjr`W*sL#h^eK@xRtsOGU|K@W!Yz`h8E%QKDFR%^^>Z9IB8>4?DkJJHIYy1T=Fb z^8GhC?p?#tc)4^e`d4Il;YbEeyto+-RVt;b^7q73uU@PasubWRz0Sr>dfu%RI)bV} zLlV)I5SV5J`l+aJK3%6d4cD&s?(U7b_0g9;-d?j+Sof_bkZOi4Ivy*BRzCVXH2ZfQ zc1D}mZSv>#7495AYq{MDjbq2BvXlezh&R1a)0&^++#R>u*EA;#PO7sWkU#TLwbqtpH49|!Ik-p7^Lb_7U28os7Q4x4;@@X(=z*QF^q!6nYe9TPO)!gfQ= ztD8SLHH=M9g$e|l5uFV-^nCnB6hSx~C|*eJR;LTV;ZV>DZ2q-{(+M$KE^b6JK~R0GFQl9 z2S4OyFsl@3Ab|@s8}};~G)#@{jH0fcorA6F^P8skf_79T1bZo*b)b$6cCXQinWyA= zfm6ENWe?s!3Sr-H_4T>B({qABwxL((p)lvUHG4t(oO|IUHRg=*Hh=IEP(VSNgOqIL za%55Zi`BnNCdW$l(cN~Xf7#X!QC%jjEMbA%U2LvwGmCy=>^-^LAH?@W5rRNoYcNX( zF!?2v$^soB*{u#3M?u6*!ejL-**rlHNxACH*$v|HZS`e`QH{3dAU!_*MwfMesL_)G zt^$wXM(+TKx2V2mH0`$yM{!z`s5qq-_2A>FZnZzX;hpHx;;+!+R1zZAoq(^OjVy6g zcdZ;ZNlzh|826qZBT*v2BK@%p8o-u{2Kkr>l-Ifm4t^(sYKBaRQJH0uZ+TE2or#Xx zuHkcC5{9~}*+gSuVIluHa@+Z$LK<#$9yxQE_U^vnbQY*M0VBksLDdX2|4hTnvIx6Vv058Z1xB>`PvY z5P+s8*6zsqldpW_d9pz6`V76fzvtu6?(U0Pc-~0(u80}GF-|~XJ9+3&WT!Pa>g1lh z^Y#lpotsleIG)RBq}Pd@ApwAa=XEm7E-O=lpRD70nwQz2&P1Yht?Vhl;NW5}B!aLx zbT5aAW>M-JK*W>Uy|OTaN4@$&^r@=5!HgHDfM;7@?jln|Xog>#;10`c6QEYL$ep3A zVjsthStx}?1VZ;hp+X7dOvwWUaX)0%Vx`viC0LUs^VB8tD6(cL%dI1&gCC;4to{KQ zT$)z!qC_TDsn^^LJj0y#$D1l}_Q$(-YxHx$nKsBGsS-5k!sbF03Oc{;C9i@54kx^a zR)sMTqeT!&TU!W%mGU7@iwt)H`lH+?s7n+T>W^2yR4XvEmj4@BvnKO%a;9?7{SoFz zHIJ=e1~c93sR+GR3y~EBC1nbr$f^EjdHdNOh>aaKH1V=*uI?h-cV)S@S#kfjr6*+v zggej=5rXX9VQ-72!R9onWa0k2TLtpw;QRRmF*OGoMqW?<3q^zq!XqdYLafG2!a`SbTh6?{LwOn_#H&n@zMQRc`-xSwXbQzLQV-yN1lyd&eE=0fl zffgkb^)DEGbpC;^{SC7IS9{0?gg+bLM_PWY(;!mSutf(R^9F(acaS%mQ&`XJX&-s2HysQvy#bbUCoORBE)Apu}c_{G6B#^K52 zbexBH{tcnQ!&pzDZzOZsw&mnj z@5=G%x_9>BNLwRm@un}oq>#NzW*K%t1vd&0uJ46n`t_39wb8ZK%~`wq9O=;Pb9BR- z%YIe-PqzcA(R9T@a||pv*=^0pfbW9xClu6)G}+tnA*=R+tIl%;Hb--gDI_g5&8aL9Sl6YMRMEr!z#`d~m`A8Rscdc`0m>XQbfR3&65 zaZx4EK(I*~n`Pdzetli_lO7(ogi=NjUq76--|zi;HJPzMKW1|m-2vMJbIQNdpZQE2 z^kq`~U%QPQy4StUjOmMrB6^-HcV9!@CHn1^x?$r@?!v8E#&Bvk?hTSLTe%b8=JWeN}05@9w)%BBrZSyn2{N;Ctrf-1AZEkGI-Mfp?Azmfg(X3Ez_Q7 z3rzPa7m*^1GV#Ssfw%fQtXwK3&(tb)C2r7mAo|cagFf z3S`n&GYW;`T4ufld`n7M!=PVSF-d(DKvI)*6o{y27TcOuW6hJqfmh?xD2U7t^X^Zw zd~O=mSSM92dgDxA{9LLKgo#>0C)}SDzVnWrK0N>!_U{=60dsojd{nVYv!M$ZY>x_k zdAQ=~YjHRqRdkCXhP_^gb^Ee?-@Dm49rC`}frmL*l8;p2fOX%m9f5GTR&l$`c}-Xo zZK&aVxJjiNKf{#}%hwyJbbEeuVv6CQ{nMK8qN};yyzbjj<^1mL3hZbigF1okOE{7? ziBch}2X}*A5IIy7FqLa$duJG#?q;MV!DeJP4bR_PWCfaF`7DNg^6&Wq#LfSHY|_|* z>?u*aXZL^m8;z2(|3^vDqVotRnt+rnyS9|hlr&=QD@yxy`J}9UNOgs^sIDz`i+nBn&@&a>_v<#-4`tSOY|5n<}uo2N0@+Yoh*px`U3YzORRW-s8SG9Wi{ zBu9oH66m8Gp2GG=T@79XK5)e_R4pMjNb-OoM;cs#2uik~^D744`2_|PV1sTAi8XfC%LRwVtdUtBk~8+r?G7uZ z6z8JX7ks*qHer4GaH41_RfS?O^9LLU9!2uFu_=Zikbu-&!!=btE?V`6G1-_V_ofSV z?CMh*=t;~8(z^Tr?n%S3U_elXwNa%~O!{DmE-NKH{igiCSi%TS2xlW%i*bTDJ&bGD z#4)voqHiIxS*ky7-bm7b%2!4*gu6YfA`k}93(75$D{fNr`kaY?Kopzs~+SE&%$11N*F-oo% zp+4_%L*U`J^O>}Oq6w_~?4lDS@R*O+m0e-iOOHt$c%z1t2|;QHAyXCjC)7+@67-6V zYp1&WE75^|f{|dgql?W&k&jrDelW}C4iW}j1ZA~j#B6KcAOY2G)E_U4=U zTR#DW!mi-{f=wnmh0;z?t`-z~KxPIwl=+iI1UFP+!x=1NIckI_zv#|0UEj_f= zmmV%jX~mfi*?PAtnkyb#k@?BXaxU#*R+natgqFI^TpbsPcEIv+K2sD^*$}M*Lm?16UW3A&^LQL_B$^^;eSnHmK(t z(WG$UMA#ROXsIu-g53AoA9WeN%K7S<3G_LT;f5pOKEop8w_kUPmi(gV54%!LPe1m~ zJ$Bl7r)`#7doWP4*IjZ@xq5MRypomqJ@Q-JH%t-7^y4^EZB~|ebRVp17a;qKCzG{( zZmQ*&lqv@fx)R-1GWaHvz|?RMj=~k)@waC7Wd9-(cN^PFEFs9S&I3HWC=LB97FO3w z!^_9hg_19h{O~O*j(w2(u|F*dc5d)U@ivOV{x3`h9Gm~}sjd%~u?w6kz~@Z_>1=Yg zVfy$qMX*HwfI zZr%*0dPVO&Pv;o)yL%2r;m-<|$mh#idbG0}Z=&xqbnbo}Yxg64M#1ooFmoviY%lJY zL)ewzRI0%LUZB~1RU-YA81`9&FM&s^*^uXO`G(EXY0_3V(e(QZBL8dH3y~sGuoPDgUcB6l!$ptxBJ0m*>DdY) z;}>1vM9__0%P>@%(aqu^Rm4}PY+dmO+dAtxJK3;^j@<|&Mvs0V#6X*SK{!c*i^6?_ z^r|nK@Hs|>g`hWCT3ek%H<+}Xtaiw~a0fa5O|!Ck3lY5HOwBEEnh&i)I(nFX?4Q3Z z19*XdpY^Y^Hn@#kMoJ%~>9vvvMRXpYvY`?u_Z_J?_Ac2QGUiTj&9=eB_x;KdYDu{+ z%gMsU9(O9ZWqIdNj*ldjH7HqKPpP>kt|@FV{0Rf#Kk1KNJmPvAL2qxy(=&o5!?>3} z0@LN-$;Air;ZC#aD9c+rzli?taP}I0Ih^NA{e&w|v=;;cBFO#!DMFbg;1CqPmM}6^ zeSz_V84DFcdiMOfVLdQa%I=F{TYPP_PqqJ^IK1-uw)tQ25^_v<+$t(2OhGB!MiowE zqJ^ZT9v22?fq@#-ztc#t@NfJ%6-X5-29j$6hJj4OTw_#(r$S4I3+dbD$>RuKI6_yY_g~q*6;{^J zAk@=4(C;brIvDg&1#|llC~q&Kbur05e;jUih|Q17f$sHY&v3O9NtDkxZFl(adBaV- z=Ca!5F@aSe6gJ-y#R(=!&t3O?W}WiivXXOW!DO#9PZ_}bQ0&6Kl(c;Mr;D%kA$i5e zuR3o3Tw{2NeNcx5L->AoB+W))2F*T1=0?EfQC|OH?e*PiBV{QuN!vre07S_Q_ML?> zCaWdF&+{;J2(4!C$nTWhzI3$gBXF6noMGrU5y~wYe2-%wQO9fR7h&C9tw+2rN<0nfX+g!f$Vp5J53{+S-^XuIllKi%u#c_0^WeQW9CYGgY%lH0N8 zRC-Nh77>njNw&60+15G0)>=i)-2#8@%CHy3PGq)5*iv>u&RW*P+_uL<&k^6F@BZKC zUpjC)-iP@ElQAn(ZzH3gb1?A^K9jd{0u%cJbl?G_MKC{F!D2R`sTuR^^6B3r^lXzV z=HNW3T#f{#Bwf~#!Nn(BPUy2X>fZW%`Z3LPEE3I4Wpx_l6lx0u^l_Fva!Nns^T*X* zy>O8+;vCvIBcqS6B!1bH;d*w%du9#1v|3b)fH5>e!{MbCZ(5$JU9smu$&4;*j7Q>% zA8_-P?)#=xz~@p*GF0XG4s%9>kQE)n3sGdT((WipJ*<9U^>|)<#4*<1S+ag)`6W?P zYE+O8sop@XS>cxL-a{!aCe*!Zx$ebeRw{Jc$YKP-74J0oj)i-nhLupOiKOMbHqO_w z7orAxrRcDkA%ESYkw=jj;qC!3?}EA9y64|{C8of$vzwLCK&|A_2Cg5XPIbgYqIaw1 z$0xFWl*Lp1em5hJ!Jinr@v?l=!C+ck4CL!_zYCAybP-uQJ2qwS-AZ*96=&4YB^fZ_ z`@_7z{YEfO2A!UoU;Av?wf*Zl?BX7bH$}QurwTzhLLYO|?R;&D>w^~+fWssh>kr(4 z!=zx~Znsbf2#gnju^#FXsjW1DAlN(4v%q*E+C+7^f*17k=DXF{Qv^Re^*)RGy1BTl zxeD0NEIcF*yjTx6xmW(Gq>d@z)F_M|K~CA0l9E?Mq)=Yw+vI|Eq3;b1kZ&$0yC=^2+B#hm;FlZwyxJ zV&;m>3b*;3y(W

aA?+4&xJ<}DTUs8KN^SSw4V zQT?+HRri*amc`W_I@=R=Ucr8F!&^MAV+y(_lq<3PDVM3Mv=y(gy;RL?N$pMk-&3!5g+BRH{gN*R7cQ8U|Ay22Uh;BLF^mJ$OPF#hRl`{e&c{yx4?O!tWiy* zFu$lU7|gjvyuIMv?m9Htd*)?UIHjH~>BT#}HEzwzdz3Y_F^%z@^nmrP8SJgyjOIY< z%rM_Vq-{c>tj}=0=cBr%x3cff(&Y*}dk|?ovK~dhbSDRvb;o=XrJI?R?~tGDz(VS> zE#0b@=rMcN6T{)+F70l= zwpvMP=$m?(NXHThSSGPKzR{Ed-9pNltI_v)S6(ed7|0M+%ix_kkKwz!Ct^OE+;;k8 z3}7rZBmP2_K9!Ug@!1WjtA%{Q)QaIi`Ddhvxx3w?k!DQfC%!8`>g-%+ZO9hIdLJr9 zhK7Q7Lr{3w_m9qDso9af8xC0M`|c!~6)ebfrQk74si@8=MJF5F%)PZs8`|K% z|2}VaI*E8$c0C(a%dM@pJUBRc=i-E$yy91@6@W>&LbN^jd3#28!c3=aEA8V}=|!uE z>tzPyZo)~dWyb*=tdD1l*fTtejsn#^lhzKmfjrTbcf1tkw{@?8p%fWK*N2tWGwhWn z!6OwjVze<&7IaJ~Lm9-1Zp{FT_3xETInw?f@@5}c`2<(Zz>Kol zMy-c*i;FteI_~qxX6x%W_bdyKL~fsOec-eGAjrit!k2Z;nms(eU@;0iX@ujIbN&@y zhbb7u+eV9Y*x-8VcE)=@C-%YY(|J9R{{1?|Gyk#Wv0JTtdL=6c#eO&`cyTFaFUO*E zy~VYn=VCKvA6fW#RQ|7EAUzwHLiwM4!!#0DK zdXF?a(bLOfitV%!@8tIT8#j-;ysYNK+rQ@?{!_0xNvW24_7~&FP#I_GwO22Cu86gPq%|bw*LC>XMyV-&Lw+7Z(>_x7B<+6V$7o2lnZ> z+FxtVu8iROip(X($whOF!^ScB*;CKay{WqSHMxXSLe`V{oh&Y)cDW)o+XcbqrY0~g zIr4yfD-%z)VY~Zz?*$gjL1<@pH&?s(c@!N{JLgbwc@`{jW`x7n^eb=`t9_Lw51|rA_1^vF$>Wuq|PBop#&ymEIY$=X_m~D|>2G%Akzs?bQeG zqdCIw0V>9#iyyLlnmp!?e9sTvgJxMF zE3}_1Ji0EGz9#+rHN@C^cWmV3AGU$kb59mOEc)t7t!sA|nFZ|qF(yP~c8 za!f7}QMc;ET`}R?C+7M>BR%MNpVdWerD&Y*3%7mU^?E+Ru1j4h?yp4Lc#a+e{k+2q zvu<|39^DU43M-49Pnjhyv$ftn>}mhOiatZwy}U{rxdVfBlBD;N*!rAQ~C_#9lSmIc@5X08Z+F@)_S z6Bp5_z-1K}E{wjR3^r292q4lhr`ke)icc4qYm$?g5SM(}s<-w)xBGK*`d!+3*cn+N|^&F{DcUz&$UIPcTLj-sL z5^%I#Y}&C4iL~!JKzt7nu}=otZ+(6x{{C_~}* z&v+&{R+8r4d%rT~xS;UiU(zA=aVEBKH`o!pa@U9qZte`8Sh3e>y|8OP$uTfDv&x*? z@p!n{TWKwuf4({f6&;*V_HmiI4J2XD^gZ7$M*d!SDAs2;ZP&d159M$ZG(sm7Y1&>Go06oqsV@mGx`Bszt&Jo%)9xrP$(LMq^G9h}s z5wBdg{)S{V3jh%q9$w2{+XweWTQC=Tr2Uw>(mh>Mc)0mcXsYG@@y@TkpOkR98@QUy zQmzntv;ChI;GrX_oGptD2O}6^mP@!{6N<-Y&P&Xc*q=X+c8xn5rI&J6YG()BEd{7k z(eR$vI$w_la4fQ#r)kjg2F{sSsjuNH2rw^|mZE})VcxU~es6{R9x*=fwmhqK8BI@5 zZ}R8!2!=m|Xep7sFIet+E()itK(Yc{x+}FOvux-A>@ET*TMLynwr^|H*^<}gaHe$J zvR0FY0HAurdxUf>p`|5cz@i2l#VQmi0K0YEC@#KsxmTs{Sv5xYT>iSSEEF>b&8``R z)8fTXG-P1aXdnEl|Exw@HUl6(gdmh6!_doCqQ%`XJ%X?o{AR*8v!U=Mg|saxRcl>P9Z)zGOV8!~*>Ih{%W=*3Jh6(p}$W3I;4^GgRTzBj)R_EdzP1S#>=$6=g(xB*or&(Qlo^A2MVwL$ofSrKajfp zJiTaWyqtVy^?TjhqUWA;C2-}o+pgU6aqON3BkC+(DgXOQJM5B7>(py}^h$Ku!F>fY zP^(pZr0)ZR9NqYgNV^QG8+46>watOJd}Qb(Ue=!f;Ps*3-G-jKk8M@zzKfV~%*>FT z@821XjHf^O{tBG`mRAku1`t7)Hx#%n&;PWy*K9;+JfN_|3Ya=(?nAN;kQ?`m{WA*{1=e)}Cp(0!3#w4|^ys*}x# z)_xlMD94Vk+SU1}e9(LcVDG=e$9twXr7~osq{iOf=>sr4i1(_`(IzbB;Q_>1rkvx= z;#0^&jDb5eiBh>_MA<;#Eo&Car_mzQ7+L6B-h^jV-7dd=lcGx-X`OEl8`huH8N1cF zsTh6GBgrzcr9$;r&+9Qh=*f;pL!s*KrFBvnzm_^ZvTNVwH~Vlay02dRQD5ZVi8HmN z#q|JJfqtPxbdV5jXaG1GK2Wd)P*4gk?K1Q&NcWjcz3L9q4%RFxNoQMg5ISklb6_LbcuPqKjbm$+nLath-9G0!2AU4= zqnATVsa{vBfdbs=xgw7ikwceS>ic6FtAIb{KC3xAIyy349Mp;&$g($fMITL#Z2%H3 z<>lg0W{qzyJ?EJZwcQ+Ps2oO|32I4WB8ff$kOAdqVvLSQiMnD4dOnTxCv!9Gf$Bt< zEY=!uE@+{45YoO-u&C9(o)Ehxqr43i+i>%}UEyK#yUIZk@Y!M>X}|JejZx9a_PFB2Ml;HW(xU6l9+XmwRjtiryCu}=~+bO)uuIK{L>aqt0!O|cTO;z9$5mL^EMyzZf z{Otb#EMcaM%qrTGK~E-k=1Y>dKz#w+Y`|HQ%fa)_4k=8(9zCyy{Y7pb3v)$+^PG{_Jw;?Q{x$;7tiVn98>w&qCYSb>>TpiL)%)(Rf1dfYN*{gbd+>l z$ztq$#5b(!9BtAJxxTcOVxa4IL{iR}bAaR``XTjMl`0%|IFh*KU`EKb=`;V zLdxx{$~@uA&Im>YpzVEdj{d92H zNxPPVW0dOsG(jR!$82+`Qt3borwN$y9e+Pk)tLIAai!H9CO*(nI=|A zD?q10n*6EyijYwqjoGfns9L+>bo3#*CL=;?KdvJk2iyZSi?xbw(QeMRFf$vP- z6nqr*c)$clpN(=i=r1>jc5vGpb@gw1>%og~BNz}E2_lFvitR3%-LKJ#YQCr!Z-OnK z%yl8DM7~Cb*U2Ssnmm-22=|vYJycBOQqupUPB9vlcHZXEU^ylRDMiw^_lwUo~%QSM+q`;DAe5vjzxDV|6U=9NqT^aB-4sattd*82na3E7w!A7+b zmFae;yFoY^w(b>KVYcDt;3 zXRM8PooAn&x$o??p6LE?=-i107w*|!nG-L)K&m(x}}Nz^LfI=iuKIfsmGJLJWB z02V07`kl|CHE(KJvoL}3=#tIv?M8=ljkfpMszspkr{UvW*cFX@KH)7K+qnX3T{{4T zhbEdVf(vhJP0K|HmMSnP8!nd(14{TIit@4v_cj?@}#lXHnyf) zu#~C~0EUm4V%M%s-NZ=%7#0FE-K7CMn|wxM1yh&m*a1tsQ!A-v@Z1OK@d&D)RriIB zS?td$F!;qJgG3ZWNKQdmP)KvaoQcWEvHyG%HyK?GJ{3tsyxb2t+7E+lA(Ok^Z5ci0_&toKpfgsrnxzC_$C3Kio3o}$+kaLfSZw2L zf|{lAjWos@hyTcV2cA#1=un+ z56vH%qE{A!&L{AX_C5uMKyz7g^Jq$AGPsF8G}Kz`Ah@5Oh;d@F+q4H3r=6ZEB7N4( z(DCT>$OpVq_|bcPEbCXiG=M|CzL~5~MG}p0{JP!KFHM6c$imX%N@L{i+(twO_@T#M zwkKn^9JQv^yaG9P?v&L+D-xVN4SPES`zYB3IC@q7&djwAS2lTP2#DVaLk)8S){x2T zmuP1iq0+xgrInQ#&> z-;V|g-;DPBjAq~qJNEGI^I6qZg^Rgr<;<%&TxJeN`UqzHO-mDk=5IIIfo(!0Y@(Lc#; z$J?6B1P^EJVm&)tyJX$Kcp3h^p~escuPwh?s~w3jEcH_LoVGE2R}x^VrTMl<7a>2f zcDC(KRJmGuQI&swYbxxW8Alo*={lF7G3>J|5$}rW(gxsXiN@nO*+lhe!Y(OO9b(Kv zAIM!>U>gq6%O2kX+933KvEa~S$KQ(LV>_*$89tsacm~deS5sEa$;{n#GpM)fY34r< zcAE~HHc4hmUywZE-{bmYeA3NQ`Vn5FNGmqYS#x4*3Cm?%blc7Ntd4p}O1kMLb|wyK zJ3lxoX*i4#z30zXr_iU!YB+3@2wN)9EgGHO{W&oZ{t3LFPn|IVl3$QFTL=1?MS$}_ ztY*3rZ+)*wx9toDw(?>R$bdf~iE;HTIp^}V9_TFS? zXJ%AFNM-N6_ujGzm5_vxkL|JdNLG@WJwx{1oBw(G{{GkXbX|S;c=Ej8@7Fo^xzByh zy_sbf-aFsE<*hyE^`f9j=Q&IUnQI!HR$tzM_dCEs zAdBmFkxSLQ0#WZf%RSqqZS={bF~E?dyR=chMY<#>hEOxifqxi>NxR#y3QdJg&f6Hg z(OCZuX538PSZtCES-#FG+Csg3My5{qx|!C&rF$a3>cs)ZIXe=Y6V2g#bUcmCq;%23Fx|Up_YYF)sDtWhwQ$bU#egl5DGIx{k%V`9* zR0Ta!g_T!;?};$EaWVHpeWd@!&DDp|t2xl&0h_Py;Am>`Mm6`%`_3;Wyo%kwW>J|y z2kb5Py~aFPTfI_*y*zZQoF7nq_L+DN9Xc1+LZqIdADt{m>KEilFV)%MbPuo4FS{~; zl&nN-)-xKIbaqlTId<~Jg=Jsl!`-YjvkbogB)*zE8gV^a(o?ZFFVRqYN%gPI#i~ca z46aORswbnW-Sfx*NrU*gg}}t|_OmDmUU>$Qppw$;r<)wxQDTw3lqSZEk&#tnPPh?TfyFU07`Yz`{+4P zpaSeJ3R%3+Nb5=UR~S#k>SrF(iaxnfAx!({sKT_-Ff+?BSA_{FXO0E@&`L-PLv8I_j7p_WWC^hs85P?QWyKGqn|=mGQ! z?kH4SxFKVxC+eFTkxM3@wc$@cWhBTaHrhMYu{C%6P6l{=qda>tn{qDS1^r%Vsc1uC z1LlL)Vj1{zZr$A10p3GQ47z9_jBHClHkjBR9g)n$jdM;(7(NRvj>Vw-N< zn&Al^Yr8}M6#}WZ64Wo^<(U>2!BS3KZ@QLWN~?3b$bItnu4ktAV+??!_Y(7hv&)V{ zyE(-h@r}$QxfjtY%34OJX9bau!w>rZ$M&rnfK{pgne`P$K-c{I2l>^ahEajNYt(+* z>c{r}yAQk)D`*a?r&uGuZ(W4NZWo;?fldv;XtN4wfOtz#^5rok=Muu`_e%Mk!J%QN z{Z>rEgeX_W9(A_(a2C}MU8WeP-V+U!CD$|yiM_5#lc@0evV`x?p)3W6pk+(aZbueH>sGX9uScJv z22zG@O@D1uaM*L;4{bIum|4br!RH*Hby7dn(U>5G%vLRYub7ql!RlqcLHSP(8@krQ zDDJGwFZ{^wlXHYz5 z69ak#;35EX2(JrztrCTco?QPj>g#lZK4e9N=qimygGyVGIcmzTWz=@`gE3JQ6Y*<0 z1iBx$TQU(aAn!W~qT7IC6I>9cxDNsv16Ju04cQ2yPIgnV3+DaDWFhpy8cjNRibnU8 zvtC{^_`)5~VrRXV2VaEF4vO#nC#L8HXo;CamtIZ=iWc~tX3n+D$iYrcgNriS+0!Tz zbU6r0F`nUsyDHK)H=@SgOe`=GE8|DBgG079EIn~Du)*_#4_@<#zMm8jq{1vKn5e>I zZ^*Me(eUe;X_aQlM8TUFoI7B|jb;SHP)YJ2ZXrwi{C&+apHp#)%SB|Ym9?@8>hbe& ztD5mtKFSD3Q!9)Vr4H`;y;N6mwHnpg1HPqBl1L!eB<)6is%1kNg>}Q#FMVd|2Hb;m zlTv^HaA?S*7v0hZLZ^-nt9IIx6EQ;lW*8=ASLKiG1}uKam`GI+Mb zVnAITg?FSovhTH?;l6-eIfZde4=HlixA7id-$r@tGdcO{K`l|H3W^f=Ib_VtA&-CGg6eqkeI5fCFPS|NTd- zl%~MMQKw~3DNGUo@qT)SzCZKD*Ah%{{pecHr7@F-UjH**N9GI@Wc(Ij!|nbro=<^d zD_8JT@28RAJ9&1KgjYOVO?EE5DrMvNgVDFV8h~O_6ehRUw!mC93ye$1e50%sC(qvP zswV%6Evu4K0keOWgP4yiOg9g^t#TM{8j5uTT=2m8&?f&joZea9BubTQ{OoR0C~LrI zww59;+#xI6%o2)}BF_2xkWpTsJraLIna@Zb1zy`)@|pcS{G%hE-GzmkMr|fmu4PN?FJmYs)F3$Z&(HKP1IU7-mIq;+hlvJ;8h?R$Ar5u_B}+2l+!*T_}t9PWVf zo+8=MswgaUj3PJ`cWUI99M~muU?gIO8L!jWZasC6>-?b`b{nC>7XQP<*~Hm%_vAbI z5ux-tvsx4x_*r(2axSs7#q^cB7vM?m)1t^(rL+fK;09)zkd8lBnZ-wzWBKr!NTCmc zL>e=lEwPIu^gCkN)eBHCS6D-LJ^}R4CY9zQ7(r-P((r1fkyfk6V%_X&852$_6y6En z`^~y~nlJS*ZhE=_~PJvLV&)@e~-OY!F$WW za|vS&V?6Hr(Du&b_|W{7oxF5I@G37f5ga6NWd}0p^KEe@Pi1i1H43vHWBCa(m)+KE z>T7=@BrkD#{g$@0TrKEYZ^w6%BtwMn-=| zxe5nCbjL(Jc}X%#fFf3%)^hX6uqxO1so4_A$;j`eq|}sbwfw>z%!xETWVTRW%exl$ z?L+UF`?cmdnzov3@u(^XpaM#Lp_B9pLQWL`Y8`M8|1>YDhKnmSYFE|2SgyeVCBU#N zP3*)_!Qj)Zcw8!F6xf0`Xx0N%fJ9w+^gu+j!CP*L3nCPUF#O8#xb14mzuX{1I(*}C zr%CQ}nV`p77w}_jygW`&WMec zt-XQy10M0ZZ|mpi(4&gzL}fs*hsE6Ym}qEC;7L{lvJ)VXGH<*ZJ3a%H=9J+3{7W$b ziaKa+0UMjv(LkSbCu4{$o(67T+DFQhXG_vu1%@x(c7bG3_GoTZE*Zc*T?gPH- zP^DE3R5aW0X7pPCH)rDHN&H&j`gx;(wvU%-St1Di`UN3)d0+F3p%Nd+Yq>?|RxMp3 zSMt)zg{6&^CJ#O%qQQ>_(lt;?wSMmv7Re%0dN!PR?>~T2~S5PTbi)ft#p36mxlR6d~ zL{%LN&|R+b9y21bE+?w6Ef%qdis=*G8o`s4%Mt4zY z8X7I0@JHKK7*0T9Zk3$nTPyS<2TYpa5mMhJH ziYE$23y7h19oEkIMVt{=&dCpziP%}nmXoJXy{9J7og|y0ZNAylV@0O7=qe)=nV*yi z-CMPL1Xmo&`JeM{s5-XfB|WwB+}=+y*8U_8v%8=S$_@?t?fe(}26OgOcw5{XoC9Dp z#~WHJOW~#z5Ff_iyjSA|sF6`}J;EdsDg+xttW~iW;9%P^-#W^f%=&1_>eu9r%AvIv z4)=cj9i*(O4-S?NA7Xl8`99ZWZwpQZT$0>8;t91b85v-^=Ag7%()ZZG7)f0KnvM}4 za~lHYJS4M1y;OXoWI1zQe$|$uBCe#pf4{jdRQ^yrb)o=IgsrQp+Pac&AT{`J$NhGO z1S9v~z-RF*VyK1I$*8LffBu(}afkLc-eKn8)l5tqK`X&iAX-r2y@*{GGP+mzvTRdy zUUlncF<}JSDh5f|RAu^E0y`1FlLo&THI9wY$Si`yj%>^j282Z||8iZ$a;-o#Ht(bV zuLW?SsOuwhGk;Z%Ki4iFl6T6YpZ+pOP)1gNv>Os!xwogZjfTQZ2z%srRK*A#Mub6$ z#wfJRc8ohPF@kic(+qr!UK{ZIKz%#)c+i;l=5tI(nJ#m3d23ZDvl@Oblz!GA&ghwU zf?Ol6f}io5tgh}swLf9i?`CkI2FWL+Ge~qTG8f0bylG|4px3JS2$`E9vFmO$%WAse zYpaT%s>1M!RLX9fcLS-ZV;!Xng$YK6hBk9DQ(X6K@tB~mof&i)wU99z2S+v@x{}@- z90;>G$CkkPLP+&pgTHk4wulp{lRE;GxTPQkx7Tv2H*qEAF-qUqUE!UTdvkS>ndStd zyU~J#A)1Hbw|@`taVVefn1g_{L*mqb2g+pkDO*$)CrP`+0_BCz4$x)5=$^Gd)~LKSJEzq=|dRXf)znNBQd)Cpe-;w8d5H#sEzp?z(g2 z0Urja7LZGYzwg`y%p1`Gk1g(xtt0D?ijOfAQJtB;yPg>(`DjKpI&^SU%L&u-^C6H0 zcFlfUaQg9vsU%O1zXw=Dt-^#e<&??&4!cncqWU(Q|0WE+sBn~$>WuI9@g#B=VB$0c zF~3n8`^+4yA(_&My%iAQQZDC|i}pfA=OE-)(oiOj#et$^kHS&JjrZrY;!zwMH`jSc>MsqIf!&2=)h zs_bSbFuDNEwO>Bd~(bF13*jte)OQ?4+z;SyHzvbh#Zb`LvBM2-u(>vptT9MNzVxnLfk7rMcn{eqHd%zJmNdX zPpV9G;p1j|5)^1!vf3|);2R0S=7rDsRZK%G<&+{074aAA=ky4rFkLgMNZrl_C!lzx zJ58ScH^7;6#n`GwO1|8(=5}9Pv=_9Qs*Lg+?+i>V0-!nM#*LhJb*ET9IO<#5N>?o; zhy@e5xYoI+0FuTEPR;Ek!ljTM8%}>*L>%fUyCY3Yy!oNx=#qwTD|1>DO>$FElhX`D zgb*fb92_Ze9Sp8mDLm!kN+_~hl<1R;{O-$s+p0UbQJ4YKEi*FYwjwsvV;?~-L}?b5 zYE!Bx@xsiY)6hcBe?47N3?B$8P9-F#d!JM`}S8V?V!p zt30T<@$0&Jxpf%R)R$x?U6*6bgh`dZeo8#T5WEV0k3SJOu_BB7{hTc^g5^B{d8BQ( zjiBT9H_}uukB@4+Z}gLxiPc+VvRkG%ne4E~i$E9$!wVwHT<;X`D(BD{@y7qB!FER{ z5??3sOTUHMFR5}(PFuZ(QL7N?l9Mqn&n!ccIJ9q8H5dNZ61*mUlfUgYN%q%AUg}9g z5;I|YrqyY4+N8h~m!-m*u`=*yzw6`%-00Hk{l9#sfNECCUw7Se?s#Nwt?4~b^4#^N zN9LS^I3o|Cv<^G@3+*^Jcm1go^MAxxiFLiF<7W@)l(uqvm#+_wuxLrO&@swgPnDzu_4IGT_D@}oK&BT84F*s^kN= zZ^O?pmlMK*<=y6OL%n^daWE>n?K0^d_yn|QDBftfoF=5O5lOETVEi8X`MvzT<-B~b zMp{Ax0cffbsot|~u2Yx5)pjF63pxEa0T2VD+EuYtMUE&f=utn>Py>osw~0#Uffqnd zedidu98QHqeU?_cMYr5^IDpK~*evED%d&8{4r6kp)QydQ4E_>BruhcRy)?T%#TGTz zYT(cPWV1fVJ=KRI?Dm^G+h?EBNx#%nfY}vAF zEs-;R)>+r#P!7M29`0yPaQ~Oat#KUUvIrQhdEZ&+J5RB^g^M544vGCyQ>Sx&a(cQH zXq54_TMPzOxn4fC|AL)~zX2`bZQY|3BO8|wK<%a;&-eaAQ}CtQO*f#}ca(kJqXcGR zyO&25RuO^&?2IE-$on}3kE`xk*Yq4#|2ybd zKv4}OK);6cYnKuRm@t}i0RWt8e2>7?jt=Nf1CyMz>4(a7iB%gg0tlT1=F{M8{# z+JX$tNi1-=cm2=FpmGJCQ~lG3K6TokH2-s_y)D#$PqG>#^hpvmbZnokx;=n3SO`+n zC;9L|vk85AMHgIDSGRN93R2ogqel+KrxcqL(#9VlK-vrVz`w3-lF$N>N> zrtA5oI8seaa{M1He5e+`U56Vs)&8Ro0h$#JF)6WB#soQ)+?P+Y2vu|QhwcKsQP&;W z;McSe_+gpDeSMten<{9qaI#}zoZXo>X=w0x>e!|a0z?xUx|uV>QMHKD;O_J@ z01Di`v%UXQ;%(DMHPa?`umDWP$|=K}ahz< zs^zfpMuyI_TOqzOq#8Ggvd&hZ1RZM-CrXZtlh6rKQGt3OVoNuQG#{J~4B~#Fjy=_* z=e(cm9NzgfJ`{;t_#45np$Azxp=-qe*j%_M^hxjK*-KD}`Zg75%R=#pITbOg@=cPz z&&%(i`;o3PhMfKs^Vm0loVfjNr;`mig;9m++L~LHY4R*Dlo@14v=anqtuzh| zWk5}-sMI?E^0s-W0VYmm)LniCoCJQxeB0g5#SyNsl$thL@OR771@S*-NoNr*4jwgW zW|dw%ZE&>!oB`n!H)(};W+NDo{9*bg= z0QktKHMn7bybh|{KWy#a_mV&Qbx?l3~}8h zq&nyiGy4t7v_5e@+fZX)e3n-*vB`T-LIa)_4VQ;A3IbYjS{#ed^7VAOre~#Ir(*(H z7L{1!@V7@)%Si{GFm}yfi;E*QK4|I`BlLD@pAGLwyOgU4qd%-_hWT$0dF85E2fT#z z)9RMZnq+2R!SCk$w=YoOn#`llVp6PYJfk#kzo~=^z)=CF67Z!5FB3d5aADnsZF%}O z1pm0|i&FtX`;8^Z{I-AgUHc(qSeBP->j1;a#Ab9M#adj|8-1#+Zl zfG35R$OH*B(>qjf-{U6U8{R$|3pXsSXAtxv+WW2QNU7JGvMPj@T|^FHRH$3wE>L!$ zc0CuLUOWKx+L&bJQe_N$J|kOrIM5Bww_gr$iNV00awiKCK$B;``qIBVxbjXz$lCN*I& z^6TLJJ2LrqNYRgdsSyJQR2lyRd!a!$+gHnQM*OsEArvFSsLviB$;GGRul;or0W}K) z91XeupfQUIkyOSNc`d+R0#TNk8+OmgyWgrpnCg(IX)CXSd}V(qveiYL_F9G3eN9x$ zPhCt2wgZzGt#v1+yAJZ>ZZxUk*kB^mnH-(&%tDL2ME)*AbJHmtK5tPFGwTm0vdLJ$P#DyorU{E?ECFv7OqOQK{yG|ROk@3o)_PxfG zC4QLNTi+M!*lNr_xgazWW(|AEk@-D?vfM(s-}3V^ zZ_1g8q{CB;#Ao$U*)3ShblGKeC7w7+x*++tVT%d>`>v&bH64~?G{q|_C8b{ANkLx- zP0OMS+KhPs@zDGQrF3N1Z~0I~W(7FM$zAU{|9;wdmOsP>;|Mq;iF{#KBFh%IIY!TOT zK>FHieyL8Kpqc1g?e)&@wLJgHn0hrHg$S5GnvBj)yO7UJlpEwHj=QzjhyaBtZ_+x| zlUS8ABMUiM+k5ypnHp?p2%R2nzFVv2ex(C%!*j}P%0D@9jTO1Hr-YghWu9LpXealH?q(`@?Lj4 z+^cN<5~j%9GB-y*Fs36TE%WgF$eL%_aFusXy-A|!FELrbBb`RKYb-I;<3uby=iA-x z+d*1=>Q&|PJOq&pJO?p#I8L_)}-~ zbf}Z*C`HHd%#2;?=#ywedbH6kU}j{Btec*W+MS3KP} zc^Uc)CGgcIJ$`llGbp$eCNQ5E!wV5G+bm(>zT-oekz!Qx5tgI9llxDFmGERM+yXcM z6;+RyZ+P2Xh|3_YwLKuneTq}D+B^Xw1`wp@(wFF^Yp}(mg>U)3&&7G4`zsRVpJE|k zbzgSS0ybG>@jM4(`|Kh9EG9d*PV+S{?*Ryhh0l>A$kXb_Z>0+C6wOP2aA-bZ_*nY} zT+KmgtWcy&c-2%L&OXBIFgHrK?3zNsRlhqxq3W7GW!SgAAx3xpre-Z8T*&l-XGKuq@#7m2|jpW?xQ&F4yr>f4tW(lvWc`RLEJ~0{< z;_q8!>L&zMnpH>UM%p6@p;EmMs&^PHEgUq&poO9koa$E)EUbx@1WR12@|a1hcjHyqiXt%yQs+riM|3(G z-pjlm3#q5k+5I``{W*qZT=v@9T-d7NAG;&tBf#0}MEZH2l8%m!Y@>>7qJYdSDO(7n;u_<$}_GwDShn6FAkp5>OQt%uB`Vn#sa0u?K;<%z--tlWTqepic+a8 z)p#>9t_sZi1snCnAxXYeDaBkderNzwz0 z`|5(iV|9$Bvbh-=M3U%uRl{%n(eM?40B%Mrp3oZAS67mEJ5SEH5Yf3Hr*%KlhPC*G;>PL%$yB7 z6%6>vOZ;7~ZhYu^?J{GO8*G%z7`>=rD@k5Ks$(^1l{3Va^NKCU%0F+2&0=uXb>e%SuF@!n z*@uu)Lj2)tV!xTkI~VqDa9o$xzzlYYi?((VW&PZ%2&4;IaQRNKZ@ZYs_0urw8?cSKWBPdSAcawT_Q>wDknFCN{Qk6^hn z(dJZ&usGsNuI*cMGi;^_mLvrc*SEm_S*od}e55}%vi`7;Xyj_{qU^Zs%zS4%DGbh8 zziZXbfqi`dP19bS=?JXL{w(S*g>$#*jJWZ#$ro2#TpWSO>}TC5>sa{SVot5)JYnCo zcXy>R*3ZrKk)!Cppv;ug1Lo`K2rnI_oCKe~r$b9*r2_ZvJfC1AjI4GuCfJe13h?-L zu$*3E+sg-c#0oH4I^f%7indT1021m=(7}(D@;DX-JjcJzN{IE> zYC_w#ab9b6W8PI{Bl2h0!Qc!D7Z(?OT9?95%*1n!c)AMu8?^b|ydQobI3lZny3}cq zh>&r2ReCfDqx=$x5~h`E`}FMJw43Ze)gY=HSMs+ z37<{h3=cMjiBw_7RZOMHvU+iAe##c*nM=53izwk7&)?=9@7MxzkDl)1x4lGPep`>= z$_jZkonEdvW3EB$`Jxu#eI~f-d_t+jzOFP;y0#j)F|cOWw52+)&g{53l6YT;4-Zkj z*2mg@JGw~oqGtS8>t0jin^=kJa5-U&u;1_sRrXyBbY)k}oF(n?^|&>HRD>Od3bESu zGY2E(mpV>kVtyynHwOeULQnrVXzk?oiWM(@S{wHE%{|#1Z^FxciIHSOyoZejTXjZl zDXyqW$lyuggt5WG?adwTi(JC>6j6V)nUhWJ;~i1S=D&Y`CZ)S7Tx)@*&|FEcFLC>L z$&!A(zgnJz&#C^EcKxaUmA>kYx#b_2%-R2K&!?ULu1%j!wvUi(qVZdH&)TRIrS_!D zs3a)35sLV;+Bo#d#nJKksY)v!P!7gaz?;_FAOpUx(_lTn^R7!$XYu-3% zKFodjI9EqYtwf`cD-zA5#HHh+%Y^p_5f&l}$j*nfgn{z8!P2<_uqrXnZ8rg|bLDg2 zDlKA#wsJ`U-(_{su6;<3J7?|{A{}UyJNdTHVRdo6aOs-Cqc+10g(St$wzfytr41os ztkaNz zIOB65IosCcsp*A-cr$W&zA~{@NJfb~{1nSw<8#^!!JkCEa-gv3zox5YvPoA9Lhj4x zQH-O*3jh6CCb0wiw71kvVb3#=THA@VHtz z+aB>hSua)DY~3;TSaOQNt;AMYRG6{Lk#X4D)KhG z8K0XX4aC_r=faSW;o$c)p0WRRzJY>K)oa_!c|=~(jB2ApYz)>zffqs4%eZQi`Z@n! z3o!Q-?Lx-aee&_e&N~&#emR>l*8|_d?(XC5?<0C2(5rsqeSY1bUGHn>MZM(jO9pUD z>}Va^WAns(*yr-#o5PB=j=v8iC3fzHK>PY*nuHL4g&>`}me9M|G2dp(=@Z%I{3Xq2 zh}dP)0EXpnj)=~;^iKQX)!6urjrU&0;^9Y!2cDpQIy==f!w|{6Ar>zm5=+%Y(e%Kd z4B@b{DjbS&T5O-wWO(MWS7(og&yHh{hqLzPF~j95cUs&0)m*RI)MIg%0(H_Nlva-V zY|?yZb#3N*tpBdEs>Ly6yls6wpIc)##1PGnzOJcj&qI__qLi#WVHu;x!HvkVz20(% zP+?B{FU6kclS$mLj@8iA8(^Q~II_ zE7)pbc!9}3!8(yW9?Rsd;hiW|CH11I+l21NnnfU{X?6QL5YRe=E@QBQX!9x%7T|OD zX82usH@6~(Fz8)MA#cG=e#94{Wx**d0rD75>&%)@S+gULQ+$tt;>##$#Di$+Pj34i zFN(sBl?cdJ%QX9c#+FjG4nuVc8O|-F0o)*jiezqbblT@q+)aZ>8dRb+4C0 z`-~wrwOJ_b%HQE~B+(JR^D%kH(BQ}Kwcs`32FN9H2B z?r`K{?|s%Je5Qaf@~G0A=!LQwV4<%^liO7-gb_fS05zS%*uE)G`;#LZFF7rH48;-W zzu+lY)ShYK?zwb&WC2o~uL2T>H9a3qH99h(dLbqzA-RJYiWY9(EV@2yT9vJ8WbtG8 ztE}wC+VX6PZJ4i7+Z^HTnCNeoGh<}|5r_1EBOkK9mgQ{=NVQ0w6rU>A0C)Sm+fmhC zz622_A+2ZE;O-*VMH8#})V9*|AX+5e? zeFQbakQF%CzN+;rsb!tktMg;Oo?gm<-%5{opvD|ns!c+Yc&VA@KKfth>}0ucT9Mw< zip2{vpMmw3gU^0{2J>dS0k&{oc6SYoK!G%`&LZ?`$^#;aS~-5hRM*T&9j-mHXS2AF z{LuH550At8)yZ+3zQ&z`NU7f)I}mN|n$K*|AMoHJQvDX$^LutFNO%9Nm^Z#&YC5Ec zdn`XYu@N)le3Ums0;uTqr4%0E7}QPpHKiUQzn(H@68)OiJwhO)IGV zk0tf|uGqzbKa03}58JvJ_!As`7Jf|;_xqzhCM~%FybQeTs2eIaalyDvKAu26#AqsV zHw#=Pcq`E3qF-)r&`{~#AwRt)wX!?Xw1eJw8BHQsZeKE$Q{CGkarDGvuW*YFAM+2% zR$3d&mL%uY7X0lIb6jAvfrgte%O4h5dMj+bG@6w+qpw{mJZV?PxzQ_`ndq(bCva(C zSQ;u7IM=Y|i-(_a9POYc^tFl9)YOJrx47qF`Ot;vz|4|s^w55l=-2pk4;oESK_Cg`|>+P2fMF&BCK%{ zhJOm#i}}f5<^r`#vwP*ij^Nlv{tCwl#6Ypyie;DaS1rk20!d29kQU1@_u(*gJul;_ zgoN(hAI9ct4SM!{&6~w^xIwKZ~eB_ z+VJFSv3=pU;r@n8@BY&nq`R4)!dm7bh~3ghEYqLo|3SJY*Xhy{PODffZ#vpq&D@P! zOHXn`sY>Qwy9)Rj>8&KB@c$g#;1Smr#de?+cB(E(pKcw5Ll?Ps!O+4(?)e_GU#aBd zGgWwt=*;K&jw6A0Gzy8~UcBpCnuVfylY%_pcQclkRf7pzhXLb zj8F)&p}GL8Pwz~ZB)WBTG%w*W#)2be>$pH%YVttg?p>c&~D{v(JmRJx0{qOFq(@dRH zj;Q^+pz(@X;4p<2&L_2=|2a#;UONxP2Nlk=q=ko*v!}|R*t&0d$UC}l$8pNTO zrY|!3d&{wC205-5V(w{un<|-GvTMst>kUD680g1po2wl8pqTZXHQ~>= z$x!CVQU?qtU6;~uDkR0@;!>jndjjoxA`;*!aPSV&-Q$MtZ5UXtwI9t~7%0U1^luj) z##q1l;CmV6UtD0jlI_1G^%)A2cBInm1oDcZ{r1+9VvS(M@aLaH%Q(@VGw={+eN)LE znTu`Of5JZO07?5FlyEI$v~>Q@e91l~00(7%37~0cBfyX%O=eTlmj?BO)}IU??Tm^H z`G7k}Q?+d>9b%n^N-DN1EX^K$Ul>9?5YN!PIjEhjaxn{D8QP@ zgNgu#6A^RG`4+b=(aA6*iH+6VaZ@G=L(IeB;GaM>TcIiV%)`P1m`?*GtR*;>2|gvCa~ zV*S@yYpqh)Oc2E$`D7~(^|}4lrteabk)j(Vca+E&W&H%iYp+l?b-D7yC_Y^Ysq5@F zX%!!=EOx@ux6&3@rSH3f+Y@iicaSHMA{AEBl1XujeBQiOgU9`J22WXXFaDKG*WDxP z=7<;h{!I}37RGV!@w{XutUmjL=5ub`0r1#gJCKeR!xaH!+IDx-mA&=!*4m5*T9TsK z&;)g1h!^T=J{=0ohsCj1GusDO=VFcL@sipHhhD;<%=q^ONW3^0EeZJ~+R^EBcPbQx z3F0Jpj=U%HFH3_TO zd`TQd(NQ-e%C&Hns6{7>ZSVGve~`}_On^7-?^$&lb(~wK+aFS@erjG??X!UaS(rX? zzS-TXNKx?S!*lU3YWXGA)vT_E_bUtt!#f$(1l8DxENv+S#71M`R2-#OK+q|*@H%0&xuD?wGc?jvVM75m^Kria)vJ3dKF7aS<3oXT8_)tu zv&r{rg|qjmO-0XT^ix@?LOoLpp5^;}Ox85=03 zro%w1jK^KWuWP&>=`km_%w=fAnp;Vk(*#N3)#!-vd!BvHkA{B$W)ceA;9(os8(4Ee zJ#mx|#44>9O(s$VeIRZi5U4_9$v&B(D&h3kgNFt3XZz;Vqx+4@lit^1w=PA1#)`0? z=~3{*Q!OG>s1zrEt#b1F*9L07btf1zGEmp233zqYxHjb5?|_2}_ttjicI{zH(9i1i z-)N&s@~s{|nuDVtuy7W_GFzTzAdK$+u)shlsn+3io+fClyo7i(c?XCG4!|c^h<`Na zGR;-*@!u^UthDnKwOjuqNJ6 zoc`Qa6QvGP4y^{U@oTF?J_o~JbIV7Io-xN&{B8J%^Y-<=iPyofV=_<*#r776CfBW< zP_?r1DCMi^AmNJuQi5pxq}Hp`LH|}%U>U-&@f{aXWbYT&& z$fA2W>uz76RDg6|-_9Xi_B%W9Zv~pcyltlYIR2^Sp#dXlP?1zw!Iu6&%>D$@-@nbT z7f48C{r+Q_!-|B{wYq)JEm>Ci~p4D+L1eU*{uNd-hwT=)>$Zv4B9sXijwj z?AUB|R^TfyF=zb89^a)JpWbaHWv_hn=?Hg(4R=G(`o-{LSy`jHY_onV0kM0*IX4t_ zAHz~05WfNSdry`zBZVoh6IRLI1ZkTl5)TA^Kv=`ems$uk0RXimCC3 zWm>p0(O}yg(;BZU8Fb9l3i&^O{1ixwDJ)#+w$?I%i_34Or(NfD-pT#NKZgW`Ufu!T z!$bPgTy2jZ8M=@ESthRI^ECJALjMfK6D*v>p7>;%EwsG7&!_*6jZ)up1y}6g*Io8a z6#e4>e}<=qN7L_!olXAM)>B{@OA&-JkFcll2n`wo9*3P*tQF&Lf{nsMjiJCdfZH@U z=gKE>;f*&JX5ScuD$_4_o8pT6PelEz(m~)w{pjk;&1p>Ew*&S#QqtXr_IbpXqJkv83%#Ai4jl&Sh?FQr2R~duf&D)y1u6e-oRR44-HzC& zRa-PfEo~K~(d|SNJme5xL`rjA&taXQq}|4?axzpE;j$+o2^+ByUz+SUuo7f>0b-&D z6h4gzC(l)3rB79C-f*h)x+gm*trm3)wird25Io#dBBrIk|Fs69)3L4LFE8I83%ehW zPVPjv-xvO)dDJSOQ3%ep8U?yV>g4}H4}PTGj7zuL1y?PfOf5>&>PD?Db6oY74HsUz z>bqKeU5Yg5qY#f+^RHVRMJesA%y{FoC{wlJHSXP(INhe-twGP29gW0d2b${%wJ1YH z@njJs?c+gn>Thr$@s=d&gVQdTr=Io7**t-Dq&JpvMD7vlXx$P9B3D^_FP^iC)%R~d z-w)G0Z7j;fqAgT=yt^jSE9iD_!!{0z+?`*qYa%e`nO5ueI8UwH`C*J_&n~QIZF>kc z3UE8@jW^c}4}Gs{kxiN=I>78weGGX zXjVo5PC`dqX3t#8Mybn`dz+R%IA5G(dYSjC+PfB%>*MA&ij$uM-KX&i)q>8HQf%hf zBEsER{;ybAyMcfmIE?w{;fKWr!jbGFc0jZ^u3mT1+MuGAk`+zYA?8^-;7qn(F4l(q zSu@23p{$9$Euvdb(lx%9)NM&uXtjB7U13EbZc~#6p52zJpv62s;g-CPnDkvn)KW!T zUTLx>YJ*HOzE1$pUEQ2nKrz_i-P&4+oR^}1Zi zVeai=YwB&j0&CuMiQUHMt6yIZd5om@3yf61I6E3XY#17G&t__Q^p$}LQ77tM?QkLj zGg#|_*fCSS#Y0``oU8RS!Loz>^%9b7Lu}9;#5naD0r!RBPaj@ExjXR!4;#Eeu1g^h ztnpYS<0=!Mtz`Up-f#t_mSIPXhoc(9Tu*@g5qtN#C@h`sIXiR`-fU6?Pnk6rxTC=+ z>N^X{9S;Ji0Z7+prZ$LkAHdLH`{7nxqf%Cx>O#8ZwfNA>ht-u-oWFE+akUfGGQrhS zwuS?CHyAp3-A1jf`s4OM2-+-2a?#1j0JEx6QQKlsThT);JNLSSgTg2FeHDMtq~K6P z8R{@M&G2k$Yv5vU=HZ%Ysiv$kC0_*v&>|WCMYP@BzA23efCL!o8p@pwm5cSlx?6tM zy)_2x`8FyMI=VYX;qLjyV4LCx>)s$Ir5=9VIr+WX#ye}cIWBQG~_(fF00X%)?K`=2twOLCt@3&* z>#e76j|U^bW{Zn=a2`RPhRwG3b@E02HodUA9<3D}C?OOO-HoM~)p`;}kt;u0aFHpa z!ul68xYgi&Al;qkOPz~OC=LWYfdyq~l5}jWkGicT0&<(jXurARyf>ASGQQQqm0q!lgSz>RY_u_bIsWd0zBN)Z&(hU-LA@)NwQ+e`!|A$F|quX{L&$h?lK8ZQlF6)Cx20@%M>RA zYHhX;#D^Kc2NHL#(f}LJ0tKXQ7_f=b6buFSz-6(@ixYpN)$)nqn$axRUGcE1pC8=4 zw1;Syaa*$$v=$Q=u&2dug(vRoFxE6jG|9Wwk?=a`iES8^>D256?WY_8cq zccn%b%jh#)<7`bEyJE+HELsSSHCF?`n_9h}Qj&w8;)`;|eh=&(8`yR-u}s5by5mzl z*e6T>0)dF>3MrwqglM7(wF6p!+!@+V&@TTTWa)cf=AVq%dvaWz-7; zuhzrM8#sd4M~4|>o7TYPiI*J}6$`gQEn9Ok)6=c#PG}oqvU5-4jO)gQxDEdq#{Ovr z=Qj5JHgxjDCgrDwOD^Lc%gh7=O#j3G7En!R_%LuY(ybNbN2`p=uV$3DDDM{DAyR(r zc~MC}>z&cFM{3)2d@3;OolV%o=^c6bp(P2!#68+t&u>jj`uwooz|a zK~XhJe~-DL^e|tMIv4nY2FTplHN6eA#}Qe&3?3N5g+Ak3Ag4{Ap}{bN@$PlFfLaM6 zF0X=~7XQWz0`*H6dj>pjde|f|%$F*j$j^{;8Rt#TLpr*QzVDg5;$QE>B!hW_FydMD z5Nk5d>xX3?qTg&QH~|tuyJAfx@Ubm~esoC&>|$!9VLr9AcL9(nRVLWL@H$;FV^wa2 zcLYdtN5WCkIGdu*78b5V2rX%3GX#2Q)b>-0^OAM?c1HMJ%&N0RPl^M)-KhRZ zGgZpN^$nqHo&paxwbH#nzy@=s{13TNrFn@(Z; zGw~!-jwG9OquXX8z6J6=jrar3Ao@3>aI=0N>#Fw)&@3odibgX+$R61I3iQum` zxGX(ANx*KdTkAc>_B^K)Ym?mncLt#hxbu(g1$EV);*ofQ;hTx+YK@4O6^!C94#|x@#`yJ$$*(;%>!gAgF^%s!GPNcO7+%TUvauy zx&9*P%DL~asXXJ|#xk_`zLxKT5nnpv%Vi6GCu}`ACF*Q3+Vpy_+4A3a0~APrEtNF| z3}0^p82ksk8iDUKH$BVIX3PQfVcHbA;v+{oIy!5#tK>-u0xPCeM?!%AITbG@c_|VG zPZ?v|TWUXBNQ={B1j55&CV4TXwted@0%51KDJ`BfWX9cW`78XU4G|Dy#3`i<2Mk^2 zuIzJqdf9;DK}QivOA(q5;%&a2GY18n)(vu!MchUGoN}W~c!!>pA8$(xjnZPGmCSxZ zQ*x+i+7st3oCtW83QbR{rE)}U0pB)PZw@O&Kah2?9KRDA;^wQQdmT}wpA$*raEKOS zc^vY6;Zw>X8vf%OQb9M7hkrd|(?v=b6TXOlwE!`KN4`3}aKKbyVPgf-34imrL#+h zl4Y{5rLCsc=31b#aml1`XDZi1El4V!f1|Kj*rt2IqQr8yP=4wm!6r-g+rPE7-e@X&(w&h77h(X_xCgSIxX_7}!b zthA&cn1epN3uy(6@gX?4i_{BMLM-hU{MJ3_Zj|=pAy$rSvg5|9U*vyeCp|#;iW7;o zd8TQzswP$`(oG5!w9+w|?FLX1J;upL|B^~fz|%h5%eUJ0!Lp)w$$U)iy&@m?J@DIxObimJc%YB=D~XWIDm| zkpJLC^3;-eRAJryw@(1p`ws%7NQ{xflf9`KV(AV$`b%OjP$5Ge#*hZ&UWHc-ic#?-TR$hNg zt6CUNO7`CFG56<`WT|wT6q+|X%`22BqbX*Ro>R0ROISdI2DDLU_E_>Bj;B?L5uIj0 zX4EAKe8cixPDEJ+nFX23LqmYurxx&n*m;C*J`)shm}5YZqCKNa5M^dfkyvq_B>yH% zm!Y2YDN##Z3uZ4My@OMDZa3|D9puT6gl=YvM2VSXVq=H8Ju0juA!ATsBo6;&&Hdlf zQ;Hw(ZFAoY?zZZjuBQezVq+jebRH8!upy~e`1k*D0ao@8pbhlZGhvtpWSJmRtf74A z<9oP17Vm>(M~Jmrk@VM3)%vcD165hFkT(F63N7RT;mWGL!jmh+8sd21S6`Q}0jzc3 z9-ThOm|=-$&U}9dbuV&@+;-PG1ewDXsY;-%6ZV}DZutg6sZh1X=2AFME$Jy1`xTcA z9QeK^M+TKdhvbd?6SDv7Zv-iK&FjyOlLCb|UV3@cf_)kTg^=JVhtWdg&y-mztJ(Q_HlVqM z+dRq1dKHW;%pQ@=!XTsCm{Ri4*k(7X{6rh?;MJI_lHcA^HZUo;5kdV{@XgpoT)n%n zvnBTBIqDJ{@u?{;s8|E5;T38slW<^*2#+|cD$D%E-MJSpq>Ny#C8;yTI_>^+wetNp ze&MB40-@nPV|)jv7o;W`3b1+zBESDWJW*yO9>c*90MYmM+HmcNocqhHgvutGy$l@O zatwgfVkX!&Ft~{iuc|UVfU)4;&Xel4xu3T(h7*7ux%aA!^Lu^7 zXqK#9m8`_$If1#?dyK;09Ph=-+<~X-{QMe5;ce?=wA&ASs0jxqnPMeA?%l}}m4I^t z;j2*C0VvwcLM(wD?o~AS8m`f)%p8Y6fLa@P&FIXkH}K^5TKi25f5M{&Y_1E)7=&)!8f(Lj8 znbo;TsS`)O&sIj6?YpVYPPaJ8cA8hCOd!|~Rp=9!zvYgS%a0Z-R(qCi>>({)ttu1F zc;_*`wTO`()DO7taH}oV#C1BMIzcWi#5!eJw+#u|-#x-Pba0C@}wKb&GshY4r_Ao zX_jpziqqm*>RO9mr`W4}=Bldh7W8sLy0T&pYr}41VZ;fNp;a6Bpo>O*-px_@Y8`7S z0LY>(u}`Ifv>S-&tkEH}2C^LFnY-eI&7+Eh_cQvIwpN4ca&@rr&}m^sKN8$<;sZrd z%~#{!0UQcTt)z5=b~nyb))eV$AW%1sliLP@`|n)%{aqNsUHHRY82oiv#33PVPYBFm zz5neU25AHaDb7DgHZ67dFB$I=@N__ji{wlM;S2rZ`@x-6l?_1JR}#mjsY`Z)-ECJI z9b%bVqo)98L5F-AR=fuNv8z=O z&WwlWFP+VadA$uTM^}O0PIZPH6|t`b2$=5twN9OL)!qyeYXf>=+4(7cWV>Ot){}-g zC`#oRg1r^{OL)t05s@(-!u@hfv$1bR90%T*?OfyZ*7rXt|uMZrI*1ZpjpT8v;t+=&gOg;vi)ev>(ek zegqlXe}o4BD<~+)X9g$Z3sjka%#f#A;5hz-+W0E@UcO?yy9Q=*yi=UMjsVE)&BAbK zkZtvB;;>P5y3Jj+4SZ!(jh8}to4pPf_cV)z%ozOR)ihk13ua+%Wchju#N}j#LO-xG z7K{do*zv(@rgW3Z(9J)n`HUGrr@3=AaDb031v%}&=9kQ|8JwipViui82{Pzc;U6wo zCv=42ZAKLfD>Lq!KZF~En+|5n=N9dMAW_TbkSB^}t1QH%)>P9@(L-r-xcdX2p!gAq z;=*98)9U&aZuP@WESeFrbwt{fk3w-KP$`1=4%ndj3W_M%agrlXi9X3iH~+e^=-@?{QFo z_c#z^zdcNOLSPp$ZvHF0oQ8%(v9&9vA;j_ytOB^wrQt^LjdufxsrV_82S+uA)f|Gh zaT3!7+}uguKtLjUfJT7lwX^3amI!{DDihh{U{klHuVk@gnW`u~*;R*IeE9lRZ~(K( zw~xmjW|cm5JKGAX#P2nIi7C8XKq(_LpAg; zV(Y6dGTgfIHiF&#UN)0ht!`uqCFTqi>1QqMh%%OZ^+Kzaqhwt2<-2HL!+JHJ@ym_~ z7Oae*inw?;kn3x_O=SN416!S7ky4xSqxA~xYrF4M=`th<`t9}4izCzvTXqbo-$|l> zK5BUVt8Q*FXuxp%rO_i;uFyGPrG6$DZF{H^k|#F&-^~R+!ynMR0^#7&lSJ2@!3B|6 zOYSvwHdl>;Y6cL)TUp~YcJsdGt7*olv&a!>OrYI6+S>SEwi)_LU|?_7sM^?@*4Gvp ztlNlaP?*~BD$0ejA)bvUmF?>PN!?Id^SI)O56{A|A>;rD{4C&`Ipm{2z(WQH+=r{R ziSrck`Jy;VB-4KSX03H)m=Z6>GeMnSmWHx|bdy)DZ%1wnz}!G@bgprGmdC$MvPx#n z6mmdIE`Sl>VS!Siv_(12y0D0NUFwjL|B#UwJz4NmQc+$)G5#0{NMMS_ZpIH?)2K!_ zf1yzr|E+Ksv_V|&0de5H^zib%lA%PGy=7)@Yo5=zQ#sn7z7stP$Xu{En{T{CBqEapGY2ySDDW-ttOnG*l%4%?tT=FuZYT_%c%HURrA%{GCkg(;dnUz{Fd z=}@l4JSdp2DcEv#vVyc$t5G#wY#$B&?fax*8M>?{@YGKN5gW*GRWHVvVl^x&@{y?_ zoCxh3#ggH+tik0p2+hm(G9^t4+6<*1PlS%YT%^2wSb%-4%y@A13oSnOed0(Y3wJ%= zVn@&PS^4@$GQMH$8^lcBse}V8v4eCn9k&BA#>x1jlv!TT2}gmGp9QlOC*?+o;e@X2J3RNlGiE(G|$jVN23)Uah0^_1h6l zJ3HFFxveKDq(C7wy|#ouzzRfSqsl}eB|^MpAK$h*`~ZtH;oCcQ*LxhpbHRqZZ{Yxg zL(`Jk4=$~3G#J3C`9^8GS%m{7?d^*f?`8t``DRf0F{n3)W*CnCL!7qaCPoD z-IrW<8^8K+E79;l_>?GCUCC@Zsxu9nr4?uE_Ag3ZU*3m|s^>Fjd@Q9QU`$id2Tf1} zY>8A}*NhR_`;)}*CSOlSbXoO`2}=Xi0S84F<%FVF&<&c#`G+uho$Ut_OTI&pksD17 zaot{rW36)cQNEC>V6-ShOkngKpb;Rdv@JnWM~OL>Y_c&W!+iAuDfi1Lbas6}O(So0qoj{q^47$d#6WC#jb%C@6Hw+n$Jk=YwSCcYxH1 zsW8Np0V)C!z@DC76QEMz*70^u8dZyAFBlbX?gY0Y5MalR(rJN#FNCj5rteIfVPXhb z+r}_W60=De+Eq_}_x??t2Ko$vg}TQXLd!rX8Wj0An_@rhYG^8Td^fTk${7R#Of{6s zv#|$KmJUyV3YJ|PAPY4;G|-HAlC-~+_o?DxYw1ag_Zn7eBM`8-AY)d?^3f+6=yT?y zbmXH1u|Le9_BF9|6_G5ry#yH^aFb!W5n|K3ky&{|i~vz%f;E(VJ8&VgpWU_!Cc;da za1iWuyw&j`WKsw)os1RNFgWKxhAL3;_JBR;lR?ntXL7T)n%e=dX}RVMVp5$xbz z&(71kVGNcg8;}MA`q48Emc{7nrgQdqlLNfxBYrQ zN##RCxCyG+xYTFMZx0Sv8bx5OZTK@ZSq2_(7cJFQJr+!=2QqNy4n#K{{h1GuqK^Y-5@F6>duZrBpcZ+gm9U(nJ{3spd%ZkaiNl%w~?64~n zV);a+;Ez(CY2L@X(LYVg_N7citDtW;zah#0OX7R!beiP;F{!ik1t7LsdL*w7t)`;=4?WbJ#c zwT}0j%G4d#w_W8_cMh_NNCEzvN0g5^Jq3v)|sZUcyes3w8 zokAU+Kr0F+)wYLkF~+{>mJ}}@11x#iOq?lMggGu?7G7_Nb}7|6wL*Vz7zbFIBnOJ0 zG7mzyUOchr*!e|U#jf_lU4!>ym#H$ylHIvL7OYS!42+Pm|p|`d-LXIhs0TYZOQLhy! z{OUug-vO_RB>a|re1#RjQpt;O-yA#@3!cU5=(#f(;T`Q&nN!4yS?o?PB@+wLd`AH8 zQ3o3#l~wGFUEY6!pEcygH^o@vGpDSis)r(t%L1gigB-adH3j`-D#Kt4041qd5*<#S zy58G$#e8}mZrXH@)bIUVa$a%ee{|hO)o`3uEy(vT#p@YXc)-mlJY&nW()><-Xd}1@ zTs`_-K|1&ynh20c z06MnH4}4Mp{cx;mA#-O0cU7*J`=I*`gVpRST6WUnn^Kv|Z9`M&iVk>C4?zbT;y(!F zf#NjehCsu=;%aJP;rCv39A0;?>3M^4%0d@COha5lL}CPHY^s=PqVfZS0LS-X@7V%M zjW|v_M4Y=_rZ2Cih_BK%Ll+Nx^z&ZoQk_yx(6Do~a}-7+sEnk+gq%O*p$h(WqnU&N zDcqFD*lzpl(N~tW*A}&X9X0+kfXO^vpm&CB^ZCnf>=r zDu#Y12>t%P`z|2FaItftz!SuO#F*r=A~9W+QM=&)M@v`tqo`P6M}Q{twP$Z;nPRP{ zrW|sa+W3H$_LJ=ujhSSVefVhu|n`FaEAdYj5)Vnw#O z8luWVIflo54DY_?(K?O_1FU!bqP z1(gzLGc<0A4-?ozS+IN;y76Gc3XdEPJh}||=q^)`If4s6;5O8`#-a28s)95l2y3#a zzB4ht4Y3mhYz-?kA^7MtoS7LrmHkwL*~=28G!SOc6yU~|$oQ0yB;}y^WQ(7@e5>k) zi0{-=z!=a1;XM>~Fsn88_ncg{;t6;##l$jj-CvsHa=jEr7@tPN@jxzY@@3%644*12FAGGl?oBK5(5ARf`l-W0peH?UHB8hRu)Yh0mtgq za_fjund*lj0=W3L(T1(>6q%Qy4cJ$Ujx693APeuofqWH!YQ_^)S>xM`_4zV6qUG+# z6Lltx+l>m?!`Ox~WJGoXM$i&p92{{nwPC4vviBLbsioKEF?nhTa^qjbBPcf!h~Swp zz=6_$C{~pM+|25s*>V}FjE16F=dW{%`iE|X9rTrV3W5WN0oN;fl@!OiqtQfM#eb50D1LH$?N|memA*$k7K+=}*#G_=-7Mahafe(~EcXFpAQC znebQ;>dRFvHn0Mos&oO>16+6mbE5drLs)ge(9`>VwK((U;ZaYQ*aO~%psC_0R-+kx zddcwN5ln1AS4%W^q}jd#sYTE-M>F%{|zHejn;c zL4v4|kUSAsD6XXNbGwo%fFy$O1*XFh4$fB(wdw-w*SZSoYy_LoL4uj@>(&3d5N+x+-DSE$8St&hYiw1M6 zl1(L6^+7&;_lF0iWsAIS6rE1hi#5qs?%%i`uDV!wG6)ULaJ~GnC0Dg->RdkQG-*RI zwO2Cpq3DC^gOSFvFagZBG)G>qo0FbC%lNUN68-}%{**6Q!Ox)$kLFh6@z(b2db=gJ z3Ns1FkrRSOm@O8xqT?$jhu94m@gu(9k}6CH0qt+y#^&Jz>=#2^KxHHj&Syx=X)p3(u2_)^u2xy4f65dfW zGj%~reTwj%FwJNxO^U4g_vAEX@1}I`3@LOC<3SK;b??{C2ebVLQaVXVU&iut^YdhK zxpc`XACf4J#_>@`92|N)Fk}oESAnsKUe=p_h9RJa=HRZ;5KJF{?;Z=EJ2az!n&xo? z3s=HWh|O@=s4{{0G~>MV*Q%%)^Fj;)a&kxR@v_+t=Nw4k^Wx&|#~H@32Q=S4bByz< zb02=qc%`qEL+f4|Fn%41n6^x!cA}A_U-0vQds(L4<4Sc8^hUljl{1cQ(pE6WcU^4K)^GRP#z&Q4@e?VDnO2B?La}Z(Omb@62&r%Od|$=Hse#u|T*DyjLYUb3HMwbttPdX8B_(DETC5%vgK{;`XzF*n(o zARR5T(Sz-V=2HW%j3R zhmYXY_5;kI%&ql5F2&1bKhIfy8`8xMG*3X%q>xF4YG1&DH2fbO63GozuUco<>k^L^ zS8YoVwRA&g%sYlA6!NnS*^A!HP+n-GmWn|jlK(EEcLlheiS;2)aW4epOJ zx8s8)dEfLmev7c<%2)mQ=jAJz2Z5S`WjP{Za{;L`64`ZQ{*swm6^kX+;&c-ES?~Lo z9>qVlA>me4i@kTrY#x3~qvB=9rv95FwZ^^bxhxgs0ZZ<$mDP|Qgh~-!1-+t2wG|KA zF}Qey+ICj1!}$wJe1<-Xn{>wa6FwcpbT5Ja*ny|eAyp(kd26pHq39u+paG-wd&d}M z;y_KhT5BKCTOi$Cbw9p>K*|Ii{kzRpUg~h>|ldMd;SCb`f?P=k?!jUkuEzdSv?UQe9D7@iv>{HMB^_|<> zxUMDG>#m6>recr*X#{tU^Nni+N87QIHCu9LjI5<)luS6OsVy~~qn_sKGVhXKcB94{ zd{Bv$uN&01hgR7Wv5U-#_Rm(k-)wF-$-k%wSM)kEaq);t0gYxW@10_cd{tG!SzO_r z=;Pm;ZZBBlosh*TR?OgABD-aOt4!o0abWbotsDz;KWjsyv}*F;%=EtdI!qLy96Unk z&)hX0;@}+dM@fhLtBFYo;H+?csZ4w$)dwT>sc!}&g@C8#+j`KA^B;|4fN%!}GOGMy z{vXFlL_>It{D$mnP6?Zua7&&kO)4%}qp(#M6>ZxhZ+dlK5?2>bY!g+3yd$Y;Tl z$nX#v>=(nNC9$@%H#W5;R8zYZn0d9-LR>S(RxO?RYLT3{&vb0Kx>OTk9y7D-8c5AtOeV#p*YR(~OYs?=l#013tu%wul(8@-(7FH&WK=~tbP z-AhUK0^EW@z2+UO6w}uv>(tLX2`!44Yg;b0JJSzSFiwivrzj4#RzJg=e2>2_P*R$E?C1I74h%&RZ@fsNSOOon{Z z?QMk-;#)(qtjucvO}wFmjq(=pJoAUF-2B3|D>lgr!CjWkrkqB|B=&napX3?j7>F2R z2r9a2Xn!6=y*sg|HRLtOBW5+AoWBse$!_agHWu!~)I47K9PL7@e1bVSd6R;-K0dM! zxmO!|YS2ecNoDb-y>mkjrh>$5q_FJW$?J}ASo!dj)M8zj#OR5|lndr^qYD=`H`OO6 z6WO(xKgk6>=yy74sYx%!^HJi_1 z0c1G+=aI;9J3{(tRiS!ec6L{#Wt}R&y#Gujz(RWo_3WQW!^D4>IzJW$%|nKy$80N^H6QhJ+bj#r z84~3sVclc+Q~9^}>X){qjb)Cl7j_@~b4}FD=sVZh93R7qU3Pv|qDwj7Jgc|P9v8t9 z^KhLshPR*W9_#-ZCb#Iy z;{1s6q$2B;WH#sW68LtK5LKVFHEV5FP_D9^jf&d;iRIv1F#2809m)kM^4d1xud%obw7d z<&@`75K&We@ualQep}q~J!aeIW+#o zLlZw1x4i;x&N*Fv7~9#v^KOl5I;Cqs*BAa9?Y@8R@U%OSOT&7sv*CP3@L#*X+^PBB zp}EV)A3wDEoSpl0uRiJD-@r3qAdt;qyiL|@%=2BKTHcHr5NQguW!dt4F4CO}0ielGn>DTM#itsv5*PjvC6DK5uu?gMjmyW|mye+#aO z#dJw4YFH#o-EW_|t4RMmo2wo5GomjQyOab|&~r}6{bk4kYvMKvZKS6)@~BFFs$T+= zcB?9GnW4v=2omrKM{!7kG0PN0=dE82qD2a;MS40V*4u~ zGm*$`Y#$P02K_+oA9x56he_<6h*mx|PM2;}N>i%2s8Lm^iB@6F1e3Lj$2Y0(4z9X@ z7d6a3VE7vim^65AUDn!>2ibgfT^-#<$2$?~;nlfB z4i0zulj9Or@ncMcXWwjMUvyasUnZrt4C&czrj4wzlO2S6IYIpnA)CnSC{|9SWK1a*D;&M)4}jhEDIQ!n@91YZyho%Q-$ za;8sU_A%TPIL7@ogrX&T&d#xXpPOh|$KaH&!mk!xy!Z_=fi6Vp`k zcQSKRP#ZdTmDOS)EP|fjj$$wSX3~5vTfG8jN>*h<;ERWSAG()US3!TDFQk)D?%m%V z`M+S~>Jv2@sgB_`?R}JoZ|rroNb49OWFk2v40HI!ewbGb&aLaIh??F{{G7-@CX4tr zwA5m()!6q9pM2uYYL^Ecs8{GZ)qytrg#Xn0x`tRF6OAp#Z8t$F!2kgr(twyoD|0ad zP9Z+qQJvItHn31$2H#SEFnlqRB7leRtP>|z1=zNJ30h2dV#B_1zu1t(dR(m8W6u2e zK+WHJyIJ5CGb=zw4*AEwBS3yzyO^XwAy^?-tgujc)H2UZPn1Ve^BOl6TF@9)jJj2& zHXvukiGyyttx@{R!{n%6$@{bQH& zj|j`?+0OpnffA(5@4wYb&r5FZ^5%nXqxRj|p$QS6Qui0b{ffCH*NOa<+2fZHY(X2 z|J)Sdr+nFNRuDd%h+_SQET1Ue;QJDzc-bAbkMh}ZCl1ek(CO%2xxdhNuYizEkUJIi;!Yy*xWVPgETklXrUd2)e_Vw3xXT;qMb8QDeMr_EL5 z|7Liqxp$)t&JfWPjJXOasN%8yS(RUo=`z`^Y;V@uV51C7a&GGW+BRuAqg7Q~O4x4t zaWWMDYWX^d4yYkOuHh@Yej)~mM0VXM#Z5#b$jKBe(TqjCIE8>11YXO)s8GkQI=*NTdOQFRtG^FpED&)ACTzrEa{X#g)+}xGR2z5fVJobl{*ksO zYwR$_KW1E77wND?Dk9?_#QuE$_)ixqyz=*4K`}OpE~KDH<^A`=3(}@k=DLgT&t~6r4V?J)ZwdL=BvJyuG=~BG ztGn)8qpHd;o5~U4kivQtJXTgFGyY4>Z0**4KdEh0PkuOza}MTnA7Pxz8(h{?)}6lk zJ>T}Y#OE@2u465-GH0vw0gYxH~e82>h{+vp8bo|*T%}tjf{d6mU^qb&M|0rD_HW0PAvIo1^3$`a?zwUvG!5f$?JGd}+FnA(gEKg7P$n#$v z@4ub&2U9CJo^D%Pi%TediOc~drZ{zqYW#(*5Agig86jTSwrbdrZf#j+mgZtrSnYpo zNW#5t6ERxXko+O=0rDN-X3Qz{Dbnv{ENmK95dS>Csn;Vuqy$XK@+Y^T@bCfK>dra4 z_8$zwZ)Ib}Ko|j3^8}pd4geEsvf)wH#zT`~DX9D(R|`HAr;?fJ4R-r->iUrixe~ct z#+>Ttx0aj(WyQwq7ct4W$?m8nKc?lY9v&EfW}tXizQj6c1YYSR?i+L_k}$bQ`ScO% z)zx)vWSwpL>#eCyMFWpy(XyJ2e-qC_Wbc+Z&G(pbu43~i<7ReAyBmz@BBW`P`l4mB zwk_)eMMKlW$7($6L+<&!S9zXqUaQ@^QD<=%aK+4lXJwl0PlS6@&;=Y;YseykPO0l} zHW)4GEF577)Eymh2_v5~C47H+r+H?gap6eG%O^MY?Pq?cxcPLBum?B%MHF9D#4N`# zyyc<=@Nxpww6OcCq3mP*-0)Ts{pR*m@Qk^h>#3if*H`x{4nc0PxEaq#OP4In&hOCb z_STJnj=ZDBT=|5bc5<9#FeM}l7V$|r=40iZ>^eP`l_M%`q9GAtkk=OZ8|Sx=w-aBi z-a`N+d)_enzzYNU4RHIKemvDvwj<9v`|@D?^~cG5pje2x>SEqu_c>A$4B6f4&O)d9 zz~XZ;rct8dG0aQpgI6hP`R+5oz_;WeIWdWO0iG!4ZAp(UKlLs>B92R)XA2nj1{@ma zNT*-FAeg-S15;S*fn4R!=(+~G7e{e=#mUWQ^yc6>+&vHiL15MKmtl3r$L{*0@A>2f z@6^$QlvoPaR&6^M?K`a}-fVYI#rEF~?fk$PChDI#pEKoNQ}{qawyfh?Nm#+&U`6TP zjL(}yU1Zd3TALxaG4dWrVZXyu9DQq|gflu@V#(X*-gqH4>v2fT#3bo|t+4m4Lhk*f z-j_>*JRdW_y*xveIr_PU!^yaI@=?yU7rv1txR9)eYJPB`6U+8m8jJ4z^Ec_~DYY)2 z&z)?Q7UMD{<;S1iVJt*n&sF?fczDuNU&v^ZdZXpC_}tg%Eatv>befzWjd?fQl-7qz7S8`pZJKA11&lHY8`H0=R353Rshupx zH+4@`vjWJ)>*&FT*R+pGl5{6R(qBd8)9%fai|Q26eoh-HGLcNyZa8YV1I&sDNwMtm zgN7md#W^Bc@saOBLj=Y#k79`>J0I@$AF^_j0j0-fesv>n|HoF(-#@Cw%vKr}ojGha zbVybSWuP3vpx8p__1ZUnCQ|X+Y=+3B9nb0UO(dDE`l=LT91k@+cal83(fET`V2@GO zIH_GAB9<4oK4;m06P`^74Wu4sMm?4Q{BB5#jCV~p&jz7xSUmhycC9o@P0h@_>R;{X zAFvl>#=%rSeWQ5I5ZOB_WJwzSFyU4otMvl}ewesJU9zuse%g=~G}fLS3hmTPS=mhp z-rHX9GDZ$;*)LAUauDvSRyHj%O_AELBArsQ+v?=}NM{ z8_ocIjT(WeFXPOQG03=9u^k$`aUu8f!kcX?^}dLam9eAZ{d%*ZtNHTpx=+2;y*?f3 z9Ualap#@uK{GFQ#NBv6qd4=XjfNk;;ixsO{I@)g7TGNXES5WZ)KlfhJPIRBDEZtY+ zlYzPQ4!0Qo1#&fd5(}5@7QpZv zdmUm-^pcO<#?R~)$!+*pZsfR?l^e`5f5N@K>QZg@DP?v*^D`HUZLD$B^3d{-463>&Zv)cXGVA+A~Adx?NHPT%%PvUtlp86okz^5u-KuypH9uU4Bh04}&5+ zaOpMesO2zujOeuxi5Ot8Zs52@3LQ1e2yk%;)&1MmNGo6xidPdJ=)UajN8Q$K z;Fg2w;fX)ZLnCFzzC64{K$FfGvU+t8YVsK4hRM9g=1KfJtCsZbtarI^wisHl4K?0V zXmE-=_TJIcEPAXVKwgU!;U*MwVE?_jJAJed4M|}*#CMU$)ed zO-06K?LStoBQX3^S}v%*YFkM&kAfxhpM%<^?vI~(88(pQtQMIcTkjNVv*ckDYC^6T z0o{BWiclC=y?QI#n zFQuUhyI?KNI9qirfjZ#P_C&2QjdU}d<7f0uan%Y z{rCZfHzYF$-aluVODff5+}nuK*GKYVycFRmj&l~FP3mIp@?d^!_VW(Jn+Ne)jT%PH z)I|~73ZK391>^fDms3uUSje#jPe*Tjmt+`Nccl>abR41bGm}WbBDT)^7|-^S3a69r z)tQUyX|3FN;IfbT2A#StWWP>Im6T^DhkJDRi?L$A z-R=hpE8MedCa=X?=ycS+V&Slc?~B9T&Pb}|@qspq>1x@3eW7=HeYU8cI$1xzbst*w z7;Wv$*Fo-bS(F7N73t zs93?N2EdjkvjTUVrt9evnnPHIqn#;5jW?w_9sqr#<}m$l&F#aoa#%B`-t3ri9b02; zVB&kGqUvkW#)D~_Hz@L_;>tfE1t?R3Uwbe_-<&u!J*Owu`&tUwVO?qX@+bog4p}Jb z89UpCLElfMMCp-+bnf7rOP&6mWt&_L3g}gIm{-HTD6RK+du4l*Tzun$z;yA-p|(mF zHrvxXrN(+;oDGK4E=I-OJfaprf5=xorvl zPFx&onM%yj@)jD{^{f`Ct!rCC<7Z6v$Kdp_IxUI(&LNvu@R-3X zA~m&FzbS)PS9FCRYhji(bm?i)+Q(!tzLQs&Pr8j5AuPs7)#gvIfqsKq&Nu)cf{)~do zBnHZmm3#LbMH{W6(j69rjL=v~4N>l3A-{E}H<1Ez2bVA8RQn`G`*xPji>ckLN zg-gj|<^I7m&$kvsVA(E z;mF>6R1@`FJNJDtlQ-K*{f6Hx$RtE369Q3j@83#w!Tb^u5WeyCN??U|& z)pSe{RQir^=jKW2N#0%LexgmUCiJNUfqbS5BI_X7e3G=s247+l(n7x ztz&asYE`@FZo2eg*OKF|{d}g_bYk_*Q*dLN>&I#giqHKYXZqZ!>{ZR3sFS!8q3CoL zTm8f0<-x)0T}2FlAVy~2b>Eww=w8{m?sJ%X+5CIU8#Y_ECL;$@uw`e&iD~I}L?p%) zgt=h-Eyb>Az*0#W+RT+^7@2;0Lj!UF8PKW>%nIq=Lql+>grtXM%J5Ca zbC`aLl1Cc}npc@sWVUEjK9_00ylY>rVyJ``w4e@2Aq?RQ`xrhy$!Mf1y$%+s#zc<% zWKQm12|gv5S@S=Wdi@w#xKt7e(>9!f>MRYV18Zg6a}89cq9Mhy4pyy7(l34nUXdYy z58Az2a}rsduab}dxflb7#heSKBOpK1vDs&#z7I_&1_ckHtvY9+I0cI@Q@|^VF*Nex zK~A1T%$?kQGk8Zr7T8%#^)D7<(j1vduZ$Wj%-;iRQ{v+6D{`^yqB-~RU!$Y^ug)n`R z!URR1t;MqrYM*E;pZA*FBDE^!wjSkG@=)p&eSGxCIh^y}U1uJ?zsZ*e4u2=_HudT} z?BgK9rEl?V!h0GjjkZo5o-iz zyiV<8K!>)MV#VsTotgS=+R=E)*g0tgD7)nL>!GRly(gF&ihl#Rmu7WqHX@wz|Ii zvp*hsgq-;((PR`@S>--fU?rLO!VpfoKmoR^H8%l-T9 z|KkGGY|ozCTo7aRhad7&0*m0a4%VsL+`sD~FD%#y73n#Wi;qI6<|?q-`k_2UO^0`1O?F{q(mtJ0R@SnrE5qD=^Ugn009L70cmOJk{k&M zk?t;OVF>AlZ;kio{eS1VkI!=z&e><5wby#ryWYLFMo6m~D=FVm7Ycq-oIflfB|Fk^ z<$=_3AdPa72fz_EwFw{p?qKpygx@h*c@bOWn2~Xho39m^?bUbkug6N6=huk|mfs8cCNrmr# z8siT>`Kh(yfM5X1n3KD7sqR1?-r8Ro71eSr>Twl{Fu^dq?R@$*B_uJ}<^xfhZ|QT7 zHx~S&S`tL=r$!%awB2Gk(lPGV5Gi~TrK!!u#ZJ57Yi8YC?Qp3madO$LK~MdtqTSf; z^~=keL)rtXA0KlZ$7x#34w;W;kR+T;x4AqJmGA4FA0~QsJE!?EmF>1>alI5& zJQ&=LG%@;G(wu^$G*qfPuS%|>uhV318jqBioL$P++P_$&&itq9?ALImNG4|njv!7i zq_E|?4yl)Rpm^kM=00s9-Jd&tO20PwHKU`G-Gaf4?9?Q_e_U&a1Hbs}epRDmV=zZu zD$q^BrBJCU1gu#5?)Bu4Yla+@&l^Oyb9YzeWB4V2wlXUM{Wjvh%Z?sffVIPjgj4^5 z;Kcgw$p{~xRZQ74ODoOwyEP+^aenEV;i6#tqi)3zQ?)6nfUa@y;b8VsW@1Ic z^z0IiVG&6ZnTmJG?ls;s#6d!C&pX#om7r%GisoJlxC+lT6sj7&SlCa~U($&$^P>cy7OF8nyyNHd?)QPkO!dtxEub4TGGf?g~nAo^|!{ zOAyAGR*YI{txiI`x8JCAUH;Bd&tuFJ4fHAnyTnv#WGo1H42;mr7fy20HO<^RdiXx} zl~ZoKDvw%4V-B|@88KbmP&ZWueS~xh2_#dpjOF!L8a1Wg*p+D#c61IX5K%HHJv(@D z6+|3g(N^XB5i7Q)aC^{WaZ~rdgI#c-&N7=J1lma8%wBSAHG|@k)(!?Fr{6wDFXi@{ zmQJ0>`L;fuBS1{vrnSB*nWylNZS=HU%%$d!zjq^l?>?E0IxZI&`h}aXu^7^fWKVZU z?Q6(ODf2rTTZXbkR*CtosQ_cou^;oMBZ?Yd3=IA2LqU$WNcjuB`n}1e^(CC&Y`d+I zOJ_*L6;cM%bu2(9i<69$%X`-7AedRYa6UCz6=SNtEFH-Dw!br(e6Ta^b9hlY!dw?=;q5I_(M7;FiA5$AGIBI|`)<&d6BN#tTg z>ouAJm=u3BH|;kmsi@d$STPUfIT*fVi#Yxrc4SA)A_3_HuW%s-W$UZJJpx zYM^Swi_=cM6AuzM5n-bM9V=H^-||4x!m*XH!Eo($I@JHmZ!0|^7noE5T z(kMiF;#I9bX|sclylk8s439+fv(q!0URy^srsGm1sTX-%$_2j^arHYp z;20?hIVaXnb&L2w$jFMdbx!t3=UfDyp2saeK}S$CbZ6`TkSFfGUG~ zH)Kgq*wsvgf%utU1--%`4dXYEN&e%VgjoEwQg8a<;;M@z%+^|B{$o4T?)Q+yEJ`j5 z@ao%FlSD@R-6|h4k)T&idM$WtcW7?!--MB*!vastH!Gfa-5%7Pj~x>wfupMRg+h}` zutWhfE}p-eMQe+2O`z4b#*#hckDci1y$rhRvs+6c<_fT|Gn*(fABlpv;oFUhI$nWu zRQ{H5+&ag^djG-^^?4VUuQcFcsNSWvC1C}=Gaf=GK17~*UJye>QroSexbF;ZczeWx zYu7IsOzw{!=m6ir`Aq}JdIjRA(#2q(Z-(_d)Y|Lspv%OORJFAKOxl+8yQ)K(Rt=6| zetuKTKGeS6a%=Hg^;52naa=YV5rJqCIr;Kd9~tB3Xa?vN;UPu2wG*ES;G}DjEHk0* z4&=6PF#!yfP4-FCTY0&=eB5ZQzOg=$p#E2*#qN8Rr;UxTUeDdSyMZZNb-;jOYN^52 z%iQj4^##m?9ds)O(Ti0HxCg6%wNeB7ra7XWgA*`t|HPhf+$KL12dxS}(2{}McI6+^ zg!Up3?Z9(GfiPc_ZIdSal1NYM!0VvKbVT6yGs{?~WB=jJZA?GS*_U+e7l}{x;+h4q zXI6H0DU2yZHnlz5a~|Qvx35dnpC|I?j~MWbKb6kE3UzM_4Lsc*s#N5142Kn0F0=C& zYglJXazP*aB*d3uuKc8`5}0N<=Z15^${M|D&^lu}-SN#mM3#vMzg4N7R$Wn~A1ITh zh2)|^dg2_IppksA2-x%ul6RJV@szBhO9sQ>s&@{0n;t?-2;i!Ui^)|p0~`#if6EDr zl8NbC7!bw_D`@p~jns{yPYus%j~f?;z+OVq_t&n{)wwWHs35Y!vniAVzE6IT>OD6* zyi~cbS|oV17hnncKF;O!D<31X*>E7L2b)W>b?sGVCk;4{rUq3H9IxOy{yj_d3Ab+4 z-LN+HrczBN9$u_5pG$?#Ngspme_C4Dqn<5VS%Yto=2HZFG_Nr(;uz>}g&6<{0U=@% zLM>Thtn~JzTq-J26G&{SMrC15%%^-%a-t?M?CD1lcQx;nI0MB84kWFc z&PcpId=ixAhb!TO2C)459;IRN?g+M|B-ngNFi%<>>eOA)hmr>x&O!yxhv==Q%kylP z1I0`+SrZR#)8zu~NJE*l=;A2%^M> zo$=M7VDqwh$?$#5#_wSoQK*c<%C;2T?X@aAsSqL~N>|7KSx)lvSiIGML3~j}P9SVr zh3y_+N{V}2?;E_sFA}qQMZa_LwBtRSL;Jv6gWPSHUy{ec@`FM$e=`(+0|I%<=7r^- zkiw|)pNBlZnQsyKM8&&uCb!v!kD6YAiKobcU-Sm$%}eJKm5IZ{?R<=4_i8X$sT{FUZE2- zT3KOz5s(WU&Fc-cl?;tqLm!Th;q~WunXh|%*7+Zw4Tx-Kw#QUGz885??^B8EaM9`E zrs8dl7Xv-UFX@2Y0HpMA^HoX7@GERZcH6DYJ0LA~db-#P9FXCeIgx&%$37 zSptj(It+?Xb|N%i*6HlDaV@H@h?0m-(!IdnLXz;cIv;B?ZN}Zb zB}ltBgXLj=BK*pI^mXlJ!g`XW?AD@lR}?DBfHgGh-7_#w+w%E$hayH$2=9i)c_O23vD>Z}UwW)F-Ia&i0(FAlNh zg4h$_+pOb+8scJKDPBNX5K06J`i=88eX)MM?eR-Vy6>W{U_0mdKH-f=wM!yt-K#%? zMPsn{AKN^lPoc^6wb|I?&KZxO9>HM;dg48))&n?ytyjpPGS^@UnceS@ZVFC`v0J z=9RSyq|nrw`RWF4cF@Q=a;PA1OVtG{sLpmT^Z8g~_uOsL0K`b4XM1?%4SYf5qz_;OvFZZBr8{IpWKPm-d*1Y0ZM$Yx~dvo&uKOLtgVIo~{}sFxhC!HG|H zCTI(F5Y|VNJeeDYSBB;8lhBg}vNQ8N<%u4kt0IEfR7{!ltr|8 zF^c6Sw_g57KD(V8u)Pl!umTHneT>N6vn>7GfUucCS8rY7OOu;6CR%1$X;jdcFoexZ z%2ru!w!UH~M$Z#t!QQZw93Oewy%e9JSLkf;qpwR8uL6GN5acBC!X~}5TKRsbKZ6Ml z%z%ax(hq{ww=O<`Kku6Uva&v1_7BOh43tWsisApb5$vIFkp4M4Sbl&2Bz0eRnsA?q zl6*4!GhV7Hy`%T3=`@S4jeT|hI-s8MdtR!^?MVxu-h#;X={WF;B z>W<@~xq|JDQ|%^ zr@rUb5PysO+@zV++>d-lHJX0H;nq8}1J3VXpwF7M3)^izK+qoT%$W@fuUFhT)l-Zv zweZ;YZYH;K&76wyyqGLJ`TZ`n|D|{I0~PkW@w(aKuj&ox!le2O2w>kBRMX%?lFO4w zBLT}9N?g3-dcH!ZYQ8{&=M~hFEP5zd$lnwSS6iy5L#d-gjO5wH?b^HTOvP)hmQ`)l3s2NU z_LH;43y=NiaMp2N7H~TnKcXSWZH8zv1_?L+=p{P8IN}-lX<`jNhiAJl*N*$G2b=Gz zbiU|v-P3YCaL6`ENG0cr(Jk(%Fq!WRDDmF z!)9w{%;8)YE-I!lvI~oYWsAk`qv+Q+FTXu=Yu+JzicyZubu^}(V*22i-Q12ZSW8jl z&C+DYqe!ot0GxT=JY{a(nI?rAd2!b8FiO{ng1?bn`(|vT-NK^Sr>HfLmCv0FcvHcl3(^7o(iaat*x8W zcVr0gEK(-CFI(3E`F{{qlTSVe1$ZI zSH62q)VL=F>#=ccui1}(v&d%~aw_<**Tt;bb`;p0w5kK*tb&nI`* zrN>?k-S=s`5MVfOs zqh(94y|d5epFVm6L<3YU2#Cc--^uTRr-D-$;uHj^mO!fW%+9iM%*{!(QsHNvmWjEp zu*;(4=yyBAJ2ktJ?_Dv(lRS5HMI7cH-Vr$KVuVS)L<^U*!MM zU%Ar&77g2coz%{kkEX*cHU}OXAN5)vt9{y|ntkuXA#hTMu#{9QXK7 z2|FKXAhcU8dD%|0^r_ybLOZ%^s6gycZ<(dX%`$d^#tatMxSc9B!oF&XZMzw(nzxtz8uGCbNzKpI6Vrh$oe z;4d^7e^mDKaw7A!-Qz**_Aj25{kC=5kQ=r$rxA}XeH}+Gus0V!)v}6d`)(VBx?;k} z7|PX%iQ16ijE2MchQCBEFMlZ%Xk7jhi5gUqg zk%#1%5A_##os2g9_pL9Gr0lYPi_meC3)#ro_ITP`y;MtkEbEA__@w?+#zd~-J#k%l z<&odEheI#Dco2=}18PmyLF_G91NE=pP)9-*lRBIoY6Qur{r&b=XR@ibDbB>InT9~%w zY_?)!l#6Q<^4Lf?E29zh6nVecqF4k&t}k}A>fE_35Vx2iDZ3;&K3plM_Q^Lcp+g`9 z!urv4E9jhuBmqIW_S~gmhueZ#(sMeU(szUyjrWEZ} z<&!vC*M|K*x5Itm4fB$$Ijgb?6@HuXThy4NUGtsZ@_n!JT%8`cNy(xI+Za*wX!@yb z!LJELH~L3np5~J_Svmcf$%6^c?3wuys0CdSN)GrUt1lrC7N-va2%?$EY1PK7-y5us zEZ2mmx?IU@x+r`&s3lA(eDKq~KvTMJ^I&!LoGe3#e*@ze^LI0%qccWPwr%$UE|tpq z=zlKpluVFx(D-Rps8MK7cy9Ov;$fw0zpHS@avPD9Ed54LN#*CcxTEq5BinhJ!x!hP zCwx_7Zc(B?PMJ8BZe)YrEov^vXD&!qmcC$EF@4vnt8esdpS#>dY-#Ue&E^_>X&K$! znibRMc@m?s6n5b^1Xm~5LuPB$I9KZBlof9D_V@iBJ%d2}aDDAFz{TrCQO+`pB^o7j zpcrdvRMY8StZ8XT+NKSu)vrohzv`2JiA3(UkWk!}Nhw966qDY_*RI3E%kx9ka$NTx zgt&jDBt3H=#1DNDtBV!2#uLZ)D(>KNAb?r_Q=IOPpixA z(!i+mL~(9dl+=%9n{@2@LH5Nlad^?DrEJY&8C<>n9g_%O_x&mPD2~w$gO+b9${!*cjZ>!1soxLTP80uO5!LL`^5! zjx-P4#pN9r?#=9lN*CLT@$cbVFrUiu?)w)VXJ;rjr+qzSF}~7i6fXzC7+FjDt?j&F zkU!L5DivS?qx;*@%64WRWwEtqw=xplu7{tDjcykDGMF_;FAjF#Ab7$FwxlwV`r)lT z!F?%{{jQWRI|4EAY(%FjkY*eAYqeohzqNhXb!$GCC01%7-TF8fj%8j?NWd0ohLFB{ zy}ZC5&}=idgtJz2(ZAZ0{S$tpaC@yTpdB}`>h!CtObv;$_H5Xf&A9+0+s*1&Jeen0 z-@v#b-jEVgotK^jiE+?~qwRX-G}>qP~2W>Y!K#lp=^J-Sd>NGL(w&7j`-bqFbSyt*R;o%F4f zPHi0Ly>H(2uI(hN{U()b(#tN2KzPM|!mhup+%$<-f^o~c?`^A{&t1gy7g!c;vJGB! zZx=cwh8O&}M5E0NzOSTmjSmb;aQDu!BM(<*w)GR-@+q*ECtxH&8=gm1nN>$;$B#te zXDXJi%P$<#?iG1QT^l@v*Hq2gA55#VHQ}9N?`hZA?fk0+=;Jk^ZMgYOi~a82fWTN9 z?Q!ciSpdQ2RMqa$0gv(3lL*95n$Bl$97Cnj99NrE95*+NPKn~*x;IDXU7$BT3ac4S z`Z=d*5Duw+7Axq9syKYb_adQQFcq zb@%D(gL6Ds&N+8zqJVIEB`2B{(3ziC?z$h=C?g%h+$7yQqAsug+}CCA47Y>3a!5~? za_-(xb%7ysQ!`oMW21c1^u(_*&abN({!vz&*K~?!uAtdv7F=^4El}TySAfqi1`C?@ zxMyX7<#@*FLzL7n_(VA{l5%iL%v3bZXE5-5Y7+L0Z0k;6&l%p0#co|SR+1jxsj`Jfd<~|M3a`KPr8b=)GMIi`nUesxC zSA%_73jDyMQ&E5+^{P7f}cN1XAHpmp{g+pG-ADYuxz`*`a^ zoq(gG-4$F-nc4?A`iP1n%b+UHdh;q=1?>|{_rgDu!XMV6Gi>a%klz4Db60HN;K#k(2#cFhOpq)o5tR0UsE@2LHAct>i?8CNukZ2WkfWf_3ezb zh7BYs1LT=_gc2U#Oy@%dTsD7^T-=vRhCP2GD=5sERMkb0|4Y^AbQ3@s7mYp6I2N0# z#@@vT>FKX?E^Zme_xJGT-Z!`5=F^{Ij>VWmFSte@GpDsZb>wH$=ZiVH*vQJ=u=WLT z!wwt4PQUPgtFU=6U$HYYsukJOqmTxWp|BY~U@7AlnV&fu7cXRDoo?)ZO~?_4h04s# zd@n!az-F>1GGp zINhRXTNXdDmxF^r)`rg%;b*e0h=`5^JMbsvjCs8Cz8Qjy=uQYvJ)`0>%Ai(UMCp^i zaLhWN9yS9v>6hH5qK-hS?0)6XbJ{izKetGE>)ZPr2MpVA<^7}%G#q8yY9?X? z_pOfI-=CYCV<}!1vgto@8~+J7;Yr2$HjhUuPD!QAVr>sp!pzK{eJDz3q zGUjk~r!FHQq16~*bgy@FYzWdxEb;>F0Cs}=)UXDBZ0FN^Wec88>=8Y*HS_Ka-If&)kztsEC38x1 z6Th-zdnU}pU(um;)Il|Ei~IdTkXn&3Zxljd{dYz#lJmENC7TTLe>k~qwx@cHm-zL< z;}Ezz;2ZG>)(;S$MJ=0UI(5}2VQ1&H$i(N2Llrx5%pXL2K$EQ zYZorO`=u!#k4#T3mvY6F?jY`DK`SorhU5gkg= z-SQy>ujQ}mdS~s+VgObsS}BxlyOkJ+vC2qP(T9=#j{EmCHHr>C&Ml4=??eqQvH6>3^ z@8@iz{kA&}Y9DR~%QV5f8PG9}{G-N?1p`5aV2XIsD|zzh`cJGic76H{jUDK3)5L!Y z#V-N;CG*hq&A+G(9?zg^zYX76{3RVgt=+G2DsyN0`p@t@sK!2@$@ngE8Kt2Ww^96GJcF1ktdtfIEns!rhAmC# zC&iOTdqZAe<8C@7tmH>?XJNb#z^SRbiNJG^&d^q`nupUoxiDx66YUoUbC-3ovS>76 zjho{`a^tizM)ebN&_Z?hE6wQxp)zf`?gf7PV$o2)WaRvh1a~{N57DYbc^c$ccM8!1 zJT&a+FfL@)Terjmd_Bg(;U)iiMlONaj**yzmnS_4&g6Mm$+RDL<<(k6q7n$g+Tw6=?w;O{>aDTs&ZATg`~}j~QCCUXU1nPNWK$GFlFu#+d|E3|3}rdV ziiSLVIya#DK?J2W?KJ%P4~| zFtR+$OH|7o@F+p7mWmSE$bh?<4Z|kOkmj&>B+5c#n6K`z_@XvidvHOna*QxZj9;5 zr$H$KScDe}#lh-Pr+w{1WT9%lWy>53om>z55|7j3E27-pY;>`146TP)jhn$ek{rpw zdQ55N;Qp+35tAuOCR~LI>$fC=IBF5YQLS5jbIHx~3ZKfQme&f{j>jQ}3=HC7JF8F* zxC)uC^5o``goL|KD62=K37w2-OID!CEeYNi)XPf|W%Y$DPAM}NE{W8t=?dpk^IAy` zQLS%v&A$~1{(Qz);)9%t-4@J+2CLS7?ws)9V(+4$`|z!c8KtEI)Bawrp_0h3rl-^E zIR`|ig>ogp`Ao07*qwX~_s?E_QG3>5t+$^Z)u`v2WmLqB*-3sW63TMwy?iQTt~vkR zD0h#YY8nk`slMm1oE~}%4yCs+Ftf6LfPljv`vjVtJhl2<9LLY@$Q&6H!gZ`wtVPH1 zz;Vx_jVB;Q@`R^~4y*NZ`$KEb4LUNiRijgD-EeftzoE;*v?>aKD}yQ+cAijHAIag! zt&0nbWztbnDIX#!`&wWFHdeyB9zzy(Us<6#r~zTclSa*XyR}WGQBsUsAoj=dV2Me@ zR~mf2;I-r(?;oBQ{sEFr(|eIz*bk2O*;sj4*CBWeQceC*-?UIeWqy94vcKK+ffB8HEjLFb%rf=~2QM$L z6RsBH^RFQS*OhE|@mgD?{l_4moS+3WwOnMQu1fl$E5>rDh~m|o-f&9UG|mEb|KbCZ zWa)Qr1LvE1tsofOKY%HU(!OkC0-v58{9UnoJ~pol7mQ78c?|##!K21St|ou{iGeY6 zQo;aHQaj`Dc}O?KhhJ3}jCok?2+0%usXRmR)T{om$T(FS)~xS)nuXHk=A8qjIgZ(0d%=QO&NmZyM_@2=7&LzV5CfOPD}c@ zJm$hKdAVE3UPv{J0oOW}^S%L1XNXY^4aL(!Q86-RF2+NPT?mWIVq#*+PcjzkNFEvPXS^)naF zg3U{QE&7t#YTOHny7hn~Z*z3Ni-S9o3B}CfIREX|S=pR_)L~^RTeumtmc0UGH!@@7 zOfdqv`k#x3Jl2PIRZS(s(?;EI`U5}KrDv?q0E2Q`gin#G2)^S;5X;NTA(O^Qb&aMI zNIFi6R`8BLw{QRC_4Jsm;P+gW6-&H}3hAHfn>ghvlk?9H$i2u2CG2Of>_MCo{RZ$S zat7x7&$UL7Fd?fg=L^hW4=+dZ1nyB7e{9CNomO^S@#fY=$m69$FeTj0xb%VdxGXN} z?8L7!n~owg4wlzk1>AGTObiLj#ndBGpUJGO<^&) z_J)VWgtv8EcHbHs&ti-5L+tvpW+ARu7<=E*c#tQ$l{vmY$!om9P2}GPAga;&sS{L3 z6Lrml4M44g0y?QPvsxPQZubBF9e_pWq3?FH)p#kNPnTOs0`{v6dGl6doXL67J8b8S zwieAAqdO=CL>p4%Kv+{2bK!JGW}mh{>Hlu-H7sUY>H{a^mO zylaH&PinS7Qifo^S~L)lC@I~pSQ{!^TnFaq2hKKH{W2!X2AKij5szlbj96$wB0(HZt)CEy43(APmq-H zxm$%?mfKyyQ&IRU&(R{@k)Bu5Hec)_4d3TXbOlwpP{w0BDZjB3n-?!M>#E$2sHKBB z&MbP|N0R9uz76~r8TCL|(~%^@5f z1Xc)u%(Mk;N`e`JFfyH3OZLB~>7C>!UU>*X?!^LgO4qZ~4K@Ccr=(K4qvGQ3ro=(+ zS^44-Dg>K&5O}HAY01)uJcX#0j>V<;Do<5&KN|O6Cqh|jD?wql!XG! ztRIqjb1}HRUmua_Ju^L>`xhg%FBiW8^MEF}0riRKY}rg26G|Ueau1WgP9e|nclIX# zZFY85TiexCw6%+|_%{Xh5ap%qQCmGG6mYGOK|Q4`1nvNbo(y+ft|1dMT$gSEgatWd zNh2AZE+iNV$YKkjiEI(kllWu@e^sm2^7cEMS+K^S$$M8azv9++zQ%1bKWhe6F!&Mw z5T)BFMRWUCR5){(t4D_g8mCQRVRQ``0Qwp_w^q*qmF^Qdek`V$}B<1U88!r2+TruKKbHloNbQ4ANx9qi zd1$Fr_gPfb)jwi|gOwX*+AJi0+3|nLt&nApu2(K3J1gcYIT;xn?%uU)G>wr(eIx2= zv)}h*v#m3Km2RZM1pNulKp!%*GI5kKTbvHC7n)l2GkTPeyr@{Yyms$O#$Ow%1`p%R zP;lwB%Dy|qtHC7-c1Pn=mjDW#-ChdD8q9gqaQY;yQ{q$uy!WvbcWbY)ElR><_PS&&s4bUb;YlPbDDtQK2e z94jlE0(7^LQED1J>fL4$G&IEzR1DxA=l3kPu=VTSf9Nj!YkS37&CyFcTNv2g+lSY? z>Wv44c6?5Y=ZhgZ9{W|ARaVCL{~2U78z3gqKxQD2VAZTS3$oCZlvG#(M*QC->Y3l- zYPl5}ib937nuT@i>lS;ao$-N9tQ71{#_=n|-Kh&1vCeleiS?g2{-i)9#lA_9WBu>f z5jQ9j^lAKp$WaFuj3gr^{qmxb;pdu z5A>59uW^abe?4?H`i6evm8mJ~R!%Ns6WOe%=D)u7B~1i>LN-q1;U>CZ^R2549b+R{d$y!=lTO-i~R!eKq{apOy;qX{7V4ClSvfPtzNZ}<5tV5!7 zoV-EZYHlZ{erMi69Nq;miB#+bs5Nk60VDot%*S!FL`rHgjetB~KNEC`1KOUI0 zVV*`jBUV;>wz8}W&apxY83HL32(+YF4+f>yPu#TS_eBPVDuV`}sKF$@EG%nTj@XI?24biP(kj{d*!rgj@FsA=u;N*+b%e4Iscn-GpN3H1>9j~^BlQ9@-LDwN|6xCZK%WJ&_CBelDLoo#$g~|X7PJ0dcd>7%3}tX>g$JvxvoJ> zhtLim?d8eC!V*CX_|A=Hj}o|!xBKTdf1q`Y6&?T1%1^mVR93dIGSij$_ua7VT#J87 z$L|4;<^Rf`l7R1%SvE2l)_ocKr_xv!PB8lSclB_?W9NE!?z&E8>!m)WcB0Z*TIlWA ze1ZxoN`4$9bl}xUrq2eqh6L;7U$llOJ^>z-L%{Xc{&Q>_*H?#`sFw+O$VRKe`Cvl{ znH*CSX=Di1IUnVD7-;?)NfP*jr}@ACLlM=OYThH~PoFs1iZejPSMd{A$z55LLH-81LlL`I>dtf24- z+>_D0Za4>vLAA_7htFOPjxa|yPUUpCpWTkq?ri&)X-kN){7bYz?L&}3lAV$?EeC4Afs{3ghD*WDgE%pcJcDy2rM7;LYM7`0&RDH_vF>RyEJ` zd^=qF&kZBII&3oEG~lN(O_aQOO_*HEPvwdf6Q^L|U`lqT=lxZ?EnBo~5u^pt>aAO( zfseWG@e8K`N3#HhNj1T6e0~1kOY*gk)^~%ngj~CsOKC8ikPnTly5(HDti#;uF z&ZQ6LyQ=fDQ=Skzax3YBHfA2cqm*c>83R>C-yob)DnX;=S`$tv=sjNC%K83R=PI;mK z*SCdwlFyNvU28GIB z-{Qik1+UHWlTvrL|J^3TJ-Q0qCFr&K6k6O_(M8=i{nfZg72-Jv>#ruuT19 zQ1#01X8pqSABsrnC&B&!E6bQ63)RyWB^P>|nxw*{Ot|g_muBKD!c$&MKyo^ro57VI zmEHcQyo)CngC%Dd3kS1W82_$31a)A?ZyxQ^k#vB(C}u}K74(eKry<4wBYSII=V$5g z0!_w%6SFf|F;4Ks2l63bleZ! zcsR2Dg+NL;*e=Y>#MCh|67!vru|(PQ`Q-Hc;?zE*mudL)a!sOoB~+ghRuh`wPf0~=Q6DIBtv>CGsSe|y&K6YQoi)0Ktc+$C2snB zZ*yHLjWZUh?-mMh zT{_Rt@!#gD-B;fch(a768Xha3eSlR=6Aj^tlr*)nk^{6&tutD z(Kl~6)i0b-ny*<)_PLws*Z8`rS&BEMGTKqwMF~PD>4q%#-HUIfWhy|S zxfu%ViP-;J*QZ5l>5Ywzp$iu(BqNiV*RpM-3x^D86k9Z-dAIkpo_fi(TX@tFnN?Pt zKNruLgo&4YsK^#KQ`17LqX+!){n;!;L55RT2nXEEX;wCs@%II%Yi^(9@6VI-j4N1X z0s3BrAbm%3fDKo+81(RT{5Q?{LsiINu=R?__%R$Xl?>C-22W|^WqtuH18yj!ss>bM0crs!?$Cz(% zi?}RY10H65{2t0OSABv^#qHW;_sl4}YI&UT$=`V`{>l(QTfs1V1bh;a&;0i$UfF(- z)AkZ%a6KUDX=!;Y{wl$hkeHF-%EID87?O;F!rV!#FspAfHng-8_(3pIX7czSR)y;R zq`%ej3GfB(KUX#LKg8=Xt!65)&i2mw!X{`HttmAz=RtHV6!0H{4kILa3*8EAF1lTj z_X8kxn=(#DR#1KcL6VV6oWXbV#g2ekx!s5pa^ z0iT^@XE0YdspLY^7BD+IOFL|#%FWxy@^d><>n}Noco+xZD={3?wq$0hY5zup}9-qx}HqsHj<1uvb{9 z4-BS&5d+cb_qc1Z;O_@R6qCWda?0{`0QjD-Ej5aWh2p2rTL?+uRx@b?gzly+ThkG)|9)CF#n#{-EH){fKI z+yN3AGIUw_c2m>m%Gs^WCZuhxt?6J9urL*#JW0@urUsOr7i>LM4E_$vZq4%nHzzemU<27;9bS77q$Orav2jM`n61(dXn+b$fgJ1={ks z!aJ0N=6d>Cveog#lqLQk8v^3F=D!rlOSWz;*|}!M&P>fbR9kM2?G+ccHPvU23WR6o ztfWtVP=w`nCADmP0nrtGs}r)Ar`KA1-l-1#B=t|V;{4y4^SbWc!4cHce`fjDK)#Lg zl`El8E@Fq0`zg`>FsT%JlqK6cW_I?m&x&eBls+QCA5VIWr|SOk(BTUU3ths8-NNZ5 zC2AEF6?*|yJ4AnYhKF%G6Bj){N9eequud!C{kYyM@(<{O8VoTS)q-?fBdLUhggpw> z9rb>wck(g|Ao&7QLZSd|Ly_0oMHUReW&dm;C(*eJc$fEaX1XzSuUq&~sjwOT_aP0D zw+NxPNJz5hL4#)xqtNO(!Ho`42DQ^8f+Dq+Sxs{)Dg&9&?ydG#QV24-HDj-Qctu_N zBKV-aGiS&Gs<;F0#>$O%^O+bMe~6I+f7|Bs9&rPO!OF_{qG45#6CHDwTyLTDNhKFr zrx2Ju@h}8%a*UiW@HkR3>SCvMaoe89+r6Eg`4;=r)5+(0VN^G0W##4P9>mAQ^w1u! z(&9qn50b}@wo0Ov$!x55cpRfMbBUQq0~fx(D_gWTM>VEu4+GnXTkeKh&8R9cW5D2P zwHaxnj9oMVE^yzCRAAtA$59{#RpfuEB#P9r1=zp7*W0P^31FIC@^F0;e&~bYUj_V?8fWEsJw=4r@p@l=b%VL_hBErg*wJka!d?M2wybXD3e*S*rvhQ0U?C`H!8{Z5`&fh6zcfzm{ z5d{#k6_Bp>Q&wxe)etS@ofURXRlE&D0s?(#w2w76t!8?`Mu4R8Ht=GdJCChOBvAS< zEKW0!oz|0<8voe6F;X+-ApR$(dkrfaUmmxz9SGUm+uJDd+%I8SHa9aH`ctrfztYs) z42pwFi~acH-FO^l{O;RxWGA+LzRg%l+fTDyd`+}kOsJX$a9-J$x7qcTJ|DmCN!<^2K&THnLy?s2qUMAN^mg znWI$kAA80|vyCHs*=AdL$CVjE1;+G_j}G_hbq~b2xwt+m<@Hhb#(>SZ>Yf+r3joT-z}i*v!{FpWO8fUM>O| z7G91-0b&Kr*DU`f5F{7il`@#_;AOy>W%)-rr)s6Gb(+ukgx8SlHZLe!ZU4}jyvae3 z$1I&7R&3zgv_#_^d$c%L4^#|#X@R?pKWnxtx*sO5;?u*ki}e{Sw?i5fCH4N%Q|Wto zvMd170L5gqYJe2E5IblPc3K+l_2;0Qoplry6EAxFensE|Z&hk85qParU~DzeXgF85 z%1VU0x`K|Y#U2t_2>1|pCY*|=>@edUzdxs@nc#_$tzu)9JFLV*pfrMJoC%H)BfIdW zIOD>xO+N948bZ8qmfgH8qZy~7?XW#}DvxteTAT0#Z5)tX{22qjj zZt3pW-{So5{qDU!&ygc+ezDf9nR(xNXD#+{;Wg%@VNLqzVSje7Gxna{UHcni|?E0P3YxwEu<%SlpueEji$I6*YC8 zI-UYj?)ZD&h@^)hXJzv$R`N7ZPNrUN$`Mb~d!JkgT8HdCJ*PH4R@&{@w%2`;jAM}f z?*nyuF&mtjFpWs?ENQP9-E!yO3#71uC+YOGXqZoTXz|har=|i78y<+4NQA=CJAW~?U;r8vXu5~=F+Ie<><#74AAlk++z+hb z?rlXz-ZJ1JQcAn>i=a0gIv@ksE10y`(13&9fVT%y5>DVFt(^Sk{hbA`rkr^ACXlo> zjk3l1_e#{?jo-J%k5;LBZmk{wq5_lxcDsvIfoKoob3%qvk=rMRIzlcO2L_~(>{C8& z+U!DdAxMls`5AD$W5fO(Me5eF_v472x6G`GnaW$XbEltyZW+94*~!p?KutrNN?+fZ zX}sXR=j4<&m&n(uJe@b<74%QB7$B#4;VXZyRWiU5KS?2z4jhftqBpcJt9~2QA8sQ% z%5T@P-A49H{blX{$uYd1!88A%mRQ2GgDu0t*orb zWpW)T@X{1i-`cYly%P%%c6IJx|CHA8gCAWQthrf|=;Vq2DY{&61a?_j1pZYpf0e{8 z%RuHD=RYy)A)BndQ<6H}lU$}On@*YaC(>V z+5T(au)p%Fko|BZM%@|@cT=iS;D5e~!D*$8ANx+Wx&W zQgw&rpa*J$cqwNcNG29E+(x@+rnf)DVMW8cwiUVDEvX#a;OoeC$GN`Ph3+y>3;srQ zGHoe+vub@PcuXc3?cm9zEp*%|XtUIJwXOyX>}Konoc_b5Zu|EN@w@EVB5Ji%{IR$H zVW7@~6}DyvD}M{kCwL9udGqE;nn{BJVRy%B(#pp(jA2hBO<^$!swx0;?y#N?_ca>$ zo=yhMNTnw*{6XeR0TIz1?B4#pVKug)RC)dR$m|nMFh=z?my-C|(`tt3ku8rn&=pvk zD<&`6q;=R|6s5<8Zz?mClvJs<|GKdrZuY&c$@v%qs8Kpl)B@H2>GCN?eRi^r{Db}d z{rfPXPbCPI8e0;kv3W{49I^Bd*N>GVx(zs_e)EVIrSEB|P-mUOL# zWIH6;35qPM0~Y17{JL4I*mSH@y`y`SM`&O5V75+89#gz>SF|@IFR*A#YxZ+=%(mdX zi(GPTu>-W#1WGA(Ig`l`Z8>gUYW37d=m|(JjF@A5;~N0NpM&d6x>pHjKtjxswb?gQ z;2uUgouTBO#iaIR9?M zFHKcBIkYN+^ZeWIb#2eY`@qA)luCn}H0`(Jblw!9Sas0y_cLs#+|P~P@$rY0 z44Nzy_6|wQ>!Tu6{$@j&BF%p1r$xVaDJcQ&otpY}R6YWJAgS6CFmyG8`|Z=Xqb@h; zWQ~MK(c!9j)4pfj1mgM65QN`b1e{BeX6&EZ41ss5kv;;KsAz#()?cXQ^>fxzu`J^Ut6}+bX^*&4*;r2dVBCFqiMMsL*;nuX+6-=x^&Hp?_*!5r6 zo8|SOyD`&$B^|frCfCJO9HkFURAL3Dx1C&jCk-$u&%5o8R6nO@5w~vj0b9$D<#S$( z!e3g*oZMUM_bEBbE=D7l%CTTE3D!qiuJ){k^GxEmiek4T^SWYQz{k$|ol=RPK{t#~ zA5N66inVls-0sHjel_T%ihmfxY;U(+Jb(CpcG|VR&3TI-{8zVs)^W!bRQVpJ3x!cB zebp42S2J!ctPsC?c?+fT%M!n7H#PDsdvXrIOm;2RTD3U%;R057I{paB%X_I^-osXP z1AX)b31a0g!i!-q{1%2P?hX@z^3{U=g$W0m!M-1zoWb^(E`XKX?%{EP7xt5Qj26G_ zUB8{dJNn}YJE-vYm~HyxcnAJDF_7!+KkH|V^%MZQ$Ae1D_?j)s2C(+0izUvx_5+j( zd1vRuAM&tvbL6RvJpUGLoA|1Iiij}vdkkW4k=Q*PMa%3MfNceIG;THh=VKs;Kn*3} zyxxxiJb*|B5YLxJ1b|u+@>Rp0l5IL52FNJVYfI}C;b8tm*tPK?K}nB@{AvtZRl>+G87g%4emP{N%?!J_{o4*oIAipv@kHQb|n0_ zBovcLcS+xv&VTD#4a_<4b{H~q;=wPkaQNdR5pyL!R_%A*A3lvA9dR*q6r{3hr>9nq zjgBxgm+k3SpWv@8m(j-uI`XmJycn?k)6qqUWw zk0Z#sqVmHRd$&sorinc^<9ExKZmt|3OkygI{vD3$Lhr}|ZhK%a?lP@di_{)g)2nIL zyFS@aIKBh@3z{qs*MHstgS<^xevA)1dNMNS#((dI#VQW>=!EK+G+D&%#)hkpj?~|k zV%F7LRnRF~Ry6{5MlN8e`Z7N#?asYI6__&Y`rt?*nOq<%SMb*CQatBqcPu>DB&XS1 zvCB?7=r#+MMPE|K_$7>EsCi_(l*q&{;J@LxY+0PWVpTNtzU6YeR%%x{PbTvJ~$^_#*PdnKAgYqxNp(kI3fmAm-ZtsOV?eC0i^?&j1n(1g{fp*F=y|N zc=EYo5Xt!f(*nM@-_JZ`oe)-jjA)h%*qRQ~O+E*GZ8(Z!1z2qXeUjhK=F;9bUjC~Z zaFr5M^gUgq8hP1q^(IF&K#Ixqp(LK%-%NiR%17lpIW4fu+wpkh){MG*bJp=i;-;Ty z5~MIpYS57s*ge9mHSd9Eq-Vo{#!~{;0J|OkE!D;JINNfu>Ey2gZ1gq-b}JijgVkQO zb|-eTtET(o;mN}c2kq1-6&0T^EI+72XZeHF2#c*jwU{NLB+9; zS384VLDXcdnCKUKz>}psocV4K!$R9{9x8Sg!lwzMBXo>dJz3Kx2FIDI2e=I8%y0km zqRSynup8v_3Et&N@RRfVgxt|2f=_Npm34Jfi04oVe%Q^`yy?yNC$ICg)_Jgj?@Go% zU%pvE5X#G?57>_$01oG|KBvBqn{stL4Iv3Z^Rrw*cIU5$vkr(TK~m z`3IO=V=BM3lWfdJX^tV`<;4Qn-a3qx>0fdoY!h5RnB=938Hny{i}B~-^eRVf`m`#CWo74d2M%L0x3U#C zwK!=0PVaDO%rX-cKLnR}OEj#M2gVVnA;oEMvp>)4+{HClyzkmhSS7cyvGt6EqWR_~ zL~?*bH+_ab^V$yj4DCGxQej0zDt;aP;pCVUE9Pm9A9yk#>V9=@Htlz`p5s6Qk-UqD zD!P9pWob6z-1j{SfJo}uF?)V}h*>evoGO#;8?*=CeQ5V{{jgNw!B$}Qt}!%_q6bbrp4sBSOG<{SZlO-<93fT_orI>oBdf+K*^5%8`Ur55yB9|Hk?< zKZ#VQw9ZJ3`?}P^j&zbP=IKdxGu2+U#%1q8)WkEe1t6QO(F$0gzxf7p3Ta z(mE;uhu5-+oQ)NW(vElB#IY@r-5r$AI#Km4M&l~2$FaVN94(56XgEr+bVYM%pNuEo zmP}p`B|v2lhfO^3(08_ni{Mves&2Ok2R)_X5f*#7gYnd+FPe6HcO>PrLVM&#HeFv8 zXf~lnAga!6j(rQ9*-oaP=VyJh>{+^TlQ21@F|Z|^OUBc&VF~G^Q%+a7OoAH3abyJs zCw59gI_1~!zy6;we;WF*U?Ffy1V#K_qh}i)Bt27`#erh__+ZE|)ZvniBZJ@V**%~A z4}Uun)j*xF3Mco~iO&WX6lr6g)48HcZ@Obc#aQ$X37#z z?WlOLFUZo;_$4II{U-;xP6)M!vbs;+0q`LvfT> zv$tADoPFc_xlx-_VIlKW_P-w2qa4Yp|;ZQuXlkx&^B$_@uL zekLd;11m36tWB%L_302|AGo19uB=)lL`QYKk`5@W01M*H~Vl z-SI?2!$`w_grHnHw0SPBZ)-xs5ufE>%<)f{wz1Ck&e|=e~ii6%gu8zdh0Zt6qD&Q)O{E*$Wo^lZ^jm`2X`on&mYg`F3r+OC90Q!~;)bl=N08FF+Y&RlufO&X&{@7$@Eh=N_t zO+3$eLv1?)i*OcOiLZ&b7P$Nz+a;L@8eV3W3yd`)E zP+R+V2fd`x`whXWk!=+|I**&eZzWEh^70&lhRf7;Orq`rl+k+6gX*4_O$V3fI?*R! zL3sx(=QY9ZXSb!g*6TXHOFEHZAHC{tecula=}ve`yP*+aK#d%_!8PnW1Q9K0JEOyT z!v`yTyj$zzAG3ohWls2i7D-zF-)^Q${W%`S0FRj1@=B?Wsu_v~GjVQ*Gb%^G!1dkR z%J(}6V0bMq|CqgerB23;k?_MPew|5eeQU^2(D$C6HZFz$TrZXrYAP%rv{j5jflfNK zBJ;KFXlp#v?}IEFp_cBt`Z_6VR<5rcbq40M$CI!&%AN(Ek>SsgUrXa0^Jx@WzC(G{ z)DtROT1>XY%zG z4x1tL%XS6#sz>Dzv+I#CWgedwFA<}9)ME|Gq+)l>{crU#jLIpq%Y`D5%+Jg+$b`{# zJBd+K3uoy6ZIeb6sq957u@cLX>Qeix^TIQkMHXOu!h7@W`bgUO0$rt%jNKo{QE=v5 z`@6g?J#>ZIe0ODLfO1=AO0Bf=ttBg;y@Y#9vz^i?_$JZ5+6SYDY##;RU6MW?%;^U( zL6+$hZ@HM4yuPrAZ+;WhS3%;^bW=tESDw*hYBb^3&S^$Awhu)-i-+*<3_G{Y= zH`o_r|F3U&n8np0zytnZ`i>2jkLt8`!T&@U9k%2V_qrq@WD@iU$=2ssIR{l!OA5}7 zYTW3k=)F#X_dn*h!8<*LU*I>O(GfjxrXSEocdQnJm!gbG!WY7d{vGagRm}-MIXG5T zor2$+p>jpIjaWAzE{8d${6BuilKb_!2PC%3W$)5Ku-r|xXJ;G%p8`)%4Dvgjqp!Ls z1|KZ~;@nh)TKsO;dHXNLpU+}wkdYa80;s8W?u!_n>SGG)DZDo(SKHHMG4$knnV%DY)E15+Kn z#QLWh_o2zP#nfs_?lz*CGe4ZzD|@8Vz2oTBX#{c>IfKM=tx_CZViZX|TXjseht~3n z3h`=kgps2ce6s8wcmY(a(NP1fwey><7qF($ndlrAVpDyoGete80nvxdR-9ykrh=(&KT9;*ddQw@(G+;NO z;-AmuVFwH%;R1-IuXO~(e+YlS&;P$h4Va0Q*^c4>3kBw1YwzU%E$qUqL+hiwljD!bF2EpE zbPb*NrZ@!4jR#U$Qe4iqIBLBFR~kJjuE@650>k{upfMNeJl3ZH*MGb3crM!SKc%Q;(<+b|?1jFmgS)euv7i4a4`-Vaihq_g6e5D54O z;Y8@hSqfE=If!p&9b-{BEvE9f5)ZE{xpr*VWY9keVFBMvb$!(|96y=UgEz#1f|a8p zE1di|ZeSS6nT}?7_K0T~cwI}KW}W^!94o;<-TPW$`4egn;e7Qmx3)G^3QUqHZk2YT zNzLy~DU-ng6AD*pn%M1Hc2T2{RF5i%AdXAp-ffv7N%+Uz;gOMrSl#6%XXcuKL(~2{3l*En7wlpe|%`N zMf9MPFMyIftp{ROfh>%ioE)%AJU4N_yboT>V*J;yjD2_VGBT2-lfGi<#Sa_ITwIYu zHqu&Jc(n!`@bK`7sj2j{>8izeb#-+J!VLdj$#SwOv zB@4!g70l>IEc`DZ=b&gY4Fl`w+g)!zh@QLZykf1-$kqffP2Zo8o#?CZ8;LE}F3O^P z>I}S4o-5y3<+t;yUF|MfCBjPQijf-0LwGWhqn4YA#dP8Zml;{(VKd+pt3RGz*Z6f;h)|8Ke%mOOtyauxZ`( zuo+YR&XO{{ECzVBeq^v?rvj z>1N@w{XOJjh+`s;kgN`#Wp4`8@ckCXo_SfBw3ixI;N7M8Uy_%$mbLBkm#e*NU zzxE7+Ld{RA|kdW*s1kRhsV>8Yi2=rW`mQw zfk9@z+o!ZN8eU#J&lW$%9Pm+kCML_f%L90qyl>x7K7aoFah)+WHMO$u4yUlSm3(t^ z^W20K{aNq80G+t_(m+xi$1@S#nFG(cfe+W$-t-I%af&An54RVPU?5JvT}T5L=jSJY zFy#^w65g`6C-v^QkL}r>VTSQsnu8#}G3UYL+kW#bxYo}5v6}(Xxh9JiQD>ZH&q~N; z5Ud}tw(4QabhywI7LCWW@;ArC$jfsr_JI7{&Bih}5YvMWzVkrD%lWXIp|;-3Y%m`w z<3(`hNA!4EG@^BIZc^|X0+REEyYiu>0Rh58_FWY$ETGYOr`7QGb)8b!%uzo^sTqoM z=;l;ryd^LFg%_5u8KsEG3+S0saW#lJKqoAN}J`AK(>z!%YUR=GYYu`(R)BWNiS zjwzq@B{0vRCu%OwHc%Sg9!0NZ_z)p*J58pRI*s?6u`ab~TdO zIlh(Mo;J=9;zfBC5;j~tHaojhuTn6I&cFxN)Ykq0d=l6b7TCz0a5hi)qGNIQus2TW zp+L4O6M+&fEv-L!oNM6+VWD&1wjbOY+S)Qm(vXkF!JrRUK~1f=BkMJzU7dkoj_Phd zkobj;@5sD*1-Ix#eW)N#*W~O}rDs-WfP;)&O27=CFbPB0eh2?m&Y=Ul@6C6ydI_qa!e%UT8De| zD$h35JiI*;2n_>=6*TE#`1T80NjW(kIoq(1HyE`X_U@1#9vlVfokb-Soct+@kejJ+ zjJ0-3GA}A)^)89m?pO$Votzxx!0PjB_4b+GBvdsDQD2E%pTcyZ7m$` zA*vv!J!cWev0g>JR%UWuTSUd&E0{I~GUT-ul2qxG;-OoGw2^h!tFG!DcEEFtx?d>Q zip=F{yfe#i>!5b{rvPwy)Hpa@_N!c3m-O#^D@$@zVR8p>dSIkM8Hs0lo{`@rTU_N; zbQ%`B9{ht*n0%G9;L7r{nK5^$2e16*;}VCUF{b~b8%F00^lSjFEXYaz=j$tp#I{#k z_d;5X=7#|(5h6cY;5A{K^v=!HvJ6m=f$(2o*tL051b#0;f%3|)ye4DW%`#MX+re%2 zZ4ZIkvoggF_6p*H6xFV+zv%sTu`R{mCHTb12-6A&8Wveypkt%&8|NVTb>Abxa(_QE zT_@MN&e?1U@usdbT~mVhe)lH>J6T8T zaTj~jJ@$3o?*-`C*nUs1#|k(kzDX_b2gS#T3SPyKFByrCu5UX$xpG%FQos?*-a$ z_f7-^;t+B2n{CCKefWbyT6aEs1+Ubb2f|-f0rM12x3n#mpVCN(q-I^br(eOr;hBd7 zFR^%JdgghSQ@gC?_!~X}<37G1i9?jL`3L zKcvqB4#KK5*wq2fTNj-9O~O|gU|M^iJT^YQ(}ojM2T~pu7M4nbGG;cmupyh4?OXXj zlH1Q?`lOIR>$&&-Y)zy%8wm-CcBiXw4)78EKs+VKcnsHF;q(ifKN)|QTDT!Hol<&l zl8M#b(}R@1TB224>2+ix`gpyLf`M^iZiOD2!sgK6ky-^5NFugnix5U%#YYqw8jZsDGae?LijS1)e+OH6w`iA!Z5+s;Y8e9_`<~ zLr!({E~K%5EqZqhF6`{g9WsnM_kAP?y&;0clM98?$;X?mc87D5#$7*NbsQD^BSyCd zJV*BE(kP6orR!A)B$(`FvmJ$WkOT&$??^+P17OTnL&D8LBtn9`hAi~;pyCBDnJlyi zAVW>%#Yn7i!5b-^tir5W00PF;DaNvqGR&v}Xw>vfo+X1&b#XQ#80bC#x>e_LCzMD=V>>kCb`uR2E zOO0;FhJyb|lH9X^N6^&7U0Yvgn8%q$bQjJ6*?aLkMD@c=vqz~sPq$5tIgpltAXhnm z03H*ZA`z94Ag`&Jyunk5Nh(of8W`9vIYKjVMievXBH5ugIx#{2&8M%ziFuOiSs2{O z$w~FY8pfC!cn)}?j8VH@G_F?eFYROYb$pag0kXRWtOsmP3OTypD@?psk$^%5H|#od z@B!T9s?mGjL82)`z+p}X3g;SMSV%9MPvY_$U3Oy*I7#5U&V9uwoakjsChaenNt1cj zhhBYi9}VF4SSwsfPzglWw9K3^*qlx*D=jU!lKTFvw9lgJ@!<|+odm;ph)uTff1JR6 z_x<$z67XSJberJSzJ325+Gml}HobIc>f%y0e}TRw#E5P~$@o?rSr{wk#63u1UI~#& zT&@78sHliCr)9~4HsCcF7VgilO$M@x-9A=miAMaqs$bxxqlB*cnbpiDLZNEVy~akt zS7qu9!=W#Ko>-(;Pt^Q{{bg_~Ev{-N z+h6O8Y4kp!{i>1`aTIXmCmt2wrQV-W`qukIQw(CZ8hWhZ;MF?8Cu*z}`EFX|2_&1{ zQn5Y3YVx~tKEPIl52i4!u0~RRP}&sYAGUK|oQ)p-JLS?5^`=L>OZ`u8G#-wCT7q(V z)132fz2qWX6v{g5LkLr{XQ~ zTO;@{4M%FD;&9&^j+hc)SYH~Z*J0yszaAy7YV@r32+-WyeqFw)UIw|ZTp3gz=`$=| z(y3y@E55Xa?Bc@o%j%fyecJ_Fmo2c80+Z!;f+IePgRKE~o?WySHa3hPv|3-ODJV#) zs>aV-&?+8%o!-;X(^D8{`#5S}$IQawV%P~HrUGd5{`;IIR*nv|H!RFC){*kQc=2U= z?`;mf(*WrFLm>?5JKpKC(aSYD<+VH0R{`4EZ4{0sn629ZGRa=QntrvAe5o!z%G=Wl2Y|{oY8>k;B@o%$MT$5u&>(nt0J_GY3z+@8TzZid7m50#_DR1P~X@pyD^uS^K{fV^XSS`X0~H1?5(C*Kicve8JgewYdO2~0=aKIvfrzSt! zxV`bfZkw#8cR)f!TmiAF=TbQ@{^k<-nwl?3#QEp-c%ZZ!_r?wg_wC>9pnFelk%=u*)EVr4%<} z@KlG_Ic!Y%Q6x|b#)Z4kna>X* z?p|KXlv0}AamD9p0$Fjw5$^@aghfO^E>Eq8NRO7Z)@QM11{O1znW9I!+Ha04&wT53ce~`R$sIUzBJ)6}_ruWPRvcQS6NL8T0Ehc+{B1iZNY+~T5+1fGzs0`=q zNH7Kk{0cKGs}%Saxch(aw9j~P2g&nOcxzy+c2`tfJRYuda$!)WGq-GYVpuWFW@5(p zAf#6nA6ps~h0?XwJZkr0(!R*j5EHzmY!9%mj3FC9%e>-BObI0a;r2pABPld)8K5C9|dQ!ZZrnmM1wj{R|Ni#l(ch4X%lD4IDtlRm^z? zo1N(A6{uo^$k;U?sL_<$%Q zBh$I#o)6A6>+9=te`Gp7$|-J&UqHYm>Rbfpb)$eJY}@kWO3lE4G!7h}n%~%%A&v%U zfNCyOoS#Nc+{9o$ld`g6{{B@hEH0KVogCv)9_vkh$8dsk-Th5_cN^SeuDs8}1@9b{ zFedzCioU-7x*WHt_wg6`u4AglRVq0i(r1<{vERqJ+5DI=15S0>jj-d}V4u|*Ok1@R zwqZ9&gO*G8rY)7Ct{Z!=W08wj8(unfyS9=-oIA`p(cNs` zq=6v@_5j?A{Fq9=7xS^PnSUfnCx^+$a1r3&_}@*9xI6ZWF~_q}Q$tJxZ;A}(dxwfZ z9C-6)vmWv}IT=2tFBD7#P{0Ot0SUiJb^oU!o1WW?z0uiO)UYmUY<>CC3J@Du+1T1l zuttt>5gYGJ4GdU)R6uHOXKx>>Q`)!rJAKC%^w*7TZXYaRZ(Ob?yc5z*o)Kc?m)oF@ zhlYlR!igl^OtS~(UR(BN?P;_Is}b&q6@{jO>}a&vC)X$^mwH|D7mZ>+VJ9l@n%}D} zY_$g{c(W%;i;z&Mf56M+bZ_kRPM8I3YNN0s;fDAqlp4#>PRyIZLxTi+Jl%GBI5JFKMu)ssK?sc8f@^);70qZgienf8Rth7v3->uHa2$fk00z^UeJan=y~Kq z25t`(m1Y1U$`Ko+K`3rn_kM3%41k2en8VoI1IR>fCNLKR4;;>2p%6Fy?M728nsOm z8kS}wHNb% z6+)EFrKRDYKflza0$`35^UDfHfSOv;6$fX9Fl20u$%%~L5krx%u?`jI5J>o#J%bv<{;#@-GFr-{<ygCjC5d}WP5>@svW>ZKf&u>g*PrhHZ55=IO2qNLC;JiJLyML z?!@m`&lIlo-QCZFW%+^KDs9U=K9EGwWvH2$ z#Z!nteqP~pE;fM7inJg*OWm;?@wQKtEJPAOb5CF9+PF0)v!88i%pNNDYs^rIL1cR_Im;h%X! zabD0V96$6u>5n34Wt;{PkyMMhzA)b`VPay+IXiO)o~A(mQU!$cumG?;>r_ z17(i@$2?Z-FyjICFg=|~4>aTExV!LkaHx2~y(#xhCVsS_*4IwOBfXB9RI;x;35SHf ztO_+sn6xKAFr@ljc6h}rB&4s?$q;L0%A%q%NQI_}Nh9u$6MilNBVRiaQXfqW z!WztPNp_*2qEfqa<(@vkIB8txdavBq-(gZZx%=j4EJ%#q-T4CGzWn%s4vIWatOe-H z)}D@!!U-d=gsA@fx4$pr;=%*a;^N#ny-D(8s;^v8BIz9vTi=w}rir@AXs-_ZqEfy; zPt&BQr~gu4?=R5bA}1>k<4pl6{I z0W>?JePijH#evg0(E8zEMcJ{ju`X$gVe#+HdW@ z<;4jv?RMkXs@mEXQ*&hEYoe7~q(|fSx`6y|f2K;B+WGWqlZ*T`fgvWLkn&4IV-cZH z+oTJfDxYQni-ZJp%1_%@U&V&-e`^8S5XYtgTnaN8snuiuIXql^!Eocf%T|q2T3eCY zKR`5}+IS8K?gbeFmQgi-$08nV1yesf6F74T7LVDJf!vpQAA(fd*8zG`tRH^Oh*w5a zj9)Ms1s14!Iu;Hqz#VO0GZ}`L)CuQmz=F%oRo%mqla~iol-#K|XH)eJmjE?YS`J_i ziYqE8V3R8cZWXIsdOF>lAq1H|lJ5+?QR=TAOQ$dV`R7kz9nI#LN3wx;p^2ToJ_#Vl z&0c)A3up>ii}A@gFB{9a@DAuvZOKjqM zs$TPaU1>tIMcl)F5#|;IRx#%S^0^cWnFth z1zTHErIQvQkbV5X@}&doS=OTqbHFAC2HUH*(2v8Vd<1lgRDX_~SVo7lW;p7ogqS3( zzZc_sYoebw_gQ>=d3~4zg1LTPZmj+(3?ZZtnf_q*y}+wxRhHC3$Y5Ii=f86x<4 zYz%&(Ezy;V^(_%`n~(RGw;_XqZ+1~GWu&Cw^9u@2R>H9IYijU(e0&_cnS%}+<_~@j z4Hda{%)YXKGApzu?0<>nKG&GnSaKjZR3mHMUpXmNxkYn9=i=bf}cx z+g~$PQht6d^8$6g@5zFQ(OKkF_~^^KfHOv^$3xCfwe$XZ#QRKMmuQ=he2-K5KQ7YG zpUGd`=I_QX{)_)+DH{>-^_d5X<@2UFNejRamg{k^LX{N*XamXb1+HTj6v0+(F#&`z zNT7Bsr=^uL&wp$zqclgzReQSVm`f-%xK;(K)&OXgg~%Hjsi>%YBuYU3?R=5e;KDt^ zmt%!vxr{A2W@oQZv>t_}Uq}^I05-Z93wMz8K5)f`bLWm(0g=B} z%;~MF*rXW6Q>aw{JO)?;KXllB{rWXBF(I=U3C!K`EVh`44D$EYhQoe(TAD_c<}ak; zLRjIh@F|5Z!e=^U-wwcY0f1MMk&=?KeqoJBi)m|Rg>u_cQ6tDVhlfjX)ExtQS*iA@ix*U?;gu!BkmRD4%noL ze$XIH^LQX+>z*8sd#d-i^ZHX@hIKXm z{tPiY%+_xQ{}1A0tRFnXMcB{nFc)lQkI&fV!5x4{6o)wGsr}W!qo7b(e0zVL$}SF{ zOGJJ1_9E4cj}%~JK##zIQblSiJ|90n4HuVFudMW#uI9xM3P=Sq!~>cQZ^Z*meQ>?f zn(sE^Po6DfFftsUSZ+i$fDmnL zB!)~6+_!_RF6BUsb9HqU?f-Lx%(BhbWw6 zotjztcPG&&7otD#AMf+d$v4{lGVy-49TH4RZ%J=G*4FX?8oRKt5Cl>}a8vHAA9RQ%(zv>Y!`g>my2lu9==@SY zlSCU0%v&hr^~bJ4@A}#Ipa54GY7WXev|Wi&3}7{2;+VDeL9PMq>z3b;j&)rpnbyAX zL<<5AE~G{Gc~kncjl-fYGwfFSH4e|mtC$A&o_ilD@`UV+uM=r1@mjP-zb5MtTZc<> zFEunp()Q_I<^s1LfSM2TDj-#WH2Qcjb1Hzq!Ux=(5#mstp%G3( zLc;11q^UkW1L;Ke{5NIZrsSYh;vV8Z5Klo#fe4-fP&8d&0niUi;HO6$wa{Br zg>+CW5SsS!j=!j2UkCLD?##dfhFyo*Z#}}DZ~{X*C&v+A*>jQxCYqN z%znd$WA?&eJy3J`0hw;FsnH+hxo`GG1Vze$>SEhZT-5-QCRlV!QZ!fq)(e}2Bzj^( zyMmLxMBpb+?n0s@?2NVFrbc5Gf-OEQ^89H^DPB6e8Bhe z@Zf-D_&=PcCjA^Znt=Mn3r%iMd0d9G$_626M@mMnSBbU5u7GbFJ0dIUR##EM$W|>L z5DJFnBayIqwom}418TbX6F#ZZgXEpi1dwU=t*hVv`GxAJWIS6~5smf+^9ASN48AEs z$pN#xudlGCre>wh5b11y=%Vxs9nk~nTN^O!pnL*EQ*?)yK--i{!as@)c|szA_xrpV z1i0|QZa9aJ4`lG^z|pQApPhw4q0o8TD^`v&hwH5@r+-I)oL@J|Z!4fc#-ix#l13g` zS~XGk791Xan(t@Q3P73z#5;&()8%)<_|L*Xq3iJ>)ZGNJdc+2ZY%((b)qiBSWdyD=H zj1oZsT236ER0&K4i4$4sDq`8&zdP=Uth(KDb<16v8r#qxbJ< zuLQWbhE?{NIXMZV$Sh7+X=p+|vh3{a{QUhJFP6c@^kkkcv5Nks{70xE!By7$|IK#*wC@rTwQ&@hmLlFWP-N1&U{jG4)Tj=tz`g*Wn+4 z1hufBB_$)<5jYV{RXS0LPn+Y6fIZL=gaLI4SX2}ez)Y)$HEnFZW`(8vx!4doreD(s zOl`Y13_f>&^CmV{`O~M=u4AzRo$>`GPbyrIm z)nQ;DDU}=$89e1h|9J#c91v9Zut5!Ew68Tgo4mP`n1UkiV7`Hlmp7$(4|pe#CK8aK z3JD2Sdu%^je=+#$S2rNhcBEK4{^l$?%1cT@z=^u2r>6^q*ns57PuQZq1Xlu7N$q30p9?<0n6!Y1uy!GNJZLjbQZf32vbT`pP=H$nfr4R$`fV*CkM0$e*PTpX=kVNmFz-=+iM zm+k9dbhHJSLx3%imgzQ{dv^wkw(K8kCT3@&!BYZQHSb{ZYy%qh@1GrOXo}Bos~4j# zT}Os$XBuD{DX;*fq|YP| ztIA;a^Tl3pD3=9b(7{$ah!;iI{67FQprNn7!|07ZX>9?j8YejNpMdp%3iIDwF}AE^ z)$elo#E(*?6M-NKaJ->kR{Wfp7@VAp+Ym@IZ3zS}nwl@DBXs}^@$@39s4k|;ll*5> zx^LdRsoo(-J12l71TY}!|6q(6^tZ)=WhzKSFH+wlS-4OoBRS%t?J#8xJ!>;LnmW?F zk`yh!Nj%vs*(xU2^q|`W=8`{MqHRX4Ak>Tkv>Prh0xqmw;La7a3@#|}2zv-TfWZfZ zn25)VlL4mA3ononZ2U$7x*SJ`vkEq0VFTx~wJJazE6pe2V*L+{LmC#Kp{0d?DgyHJ zpn_@*<+eh~Aia?Mue`#kFM_J@J_6T={9{ZY2mwirqX&=JQ>o`HyVyr>;Uz*&WKr(t zjSZ`fjg3aJJ@6S&M*;gBhTaKdyZC`D5ioAph3%WgJwrc#CX%NE5b^ED4}6rXCtG-> zglG|ZO@d=;tEd>gB9!R&*f)Jt;?$RD8&WG>9wSiu5@Gs;_I&b@R-HRhTLy5kp&b7@t%5W+VBw2Oo#mg z?HL4dC)C`4fKKo$kbPT1Df?{snUEaV4H}8RMuy)^7ya#^ain|j9}Q*TD@P+5Uhgh) zt5rFvV>hUjasHtlG}!kFyMe}w188m|ff9JojXQPSUFg_jm>**K?r#SXjoV{3OA7Z@ zyCQfaGknT&2&7l8OcIC_KkjM?nixisaS}nyeq%x9qRL@@KY(7gs@d(S@1)_TbkdvN zg2kdhbhxMt6B%?INIy)Lx*J|+3q47%+0n4heBT2__r%0Yl({&drj`H1dE$)@Df|(0 z;p=!3xOQO7NyPeHZB@^K!U47{`A-)FY&fVAAmm)T#$h6e-UUdWR=&i)IX=ln{_o97?)NX{1xSLpr3p zl~lSxRFDp7Dd|SKyQEWEI*0i7c;55=`u=lqIULT+6ML_{*1gtV_x(8dr!Y|3^SWJU zXm;>wG&V#OaM|54a1yv|+LG2pfj+QeYA3F*Q*6!Y_4RX?o9et>=#q+hi${*21F z>#YX53ZfPZqZNlLbj$&PzMX0Q<3hthV1b*bf^fdL6uSI$DF4b%gt z?cN(|FMxB>$1TB6&}!}B$!v>VD))iJ@~p3;>X|hR<=A6kJ_w#Qb=`|IJlk8? zue}9Z9|t2%HV6=+>pcnz;`w+y3~kVM1#b;bYTXC9aQlwdGq4_(1R||XKm+m6Qdr>k zT7#Y2vqj;H-$@qhbjqY zo;uat{b3A92B7;_&Iefkv3oM;@!bzgy$P*c+PxC9NA~pt8Nlig0a}i2!TD{YH|dtMdCkCZMfhu4u7)UailHj763|0(K<* zq%C?^Y^VS1xL*qw3 zAG@f@V^Rv(BvfZwz-||wpM?v3pm49X6|8{%Z1VyA>DwTu zK`@^3-0>{EmD4Mlcv3ZY)pqxXz>}5C#u{Y19Um;v`u^T#SIXnPaC)7?`Urd1VX~8jI+-q9#V-=>idHnyRW9rAlwjM zGy_pv9P!rOHzY8;EpD2c_W^UhV0FrkRO z<#eQEkJt^(nUW1Y7HUeue|joe$btm+!#r0l@_t1X{#NG)s_nBb!!Q+K<>H z;U-nBE>M(WyEA*uYvXr3xgIy5QFGn@ivPLzovh zoks)996$e5LSoeXyx#LtUTAMiE9iiKXI$X|+T62ORsdxeG$T6`#oQF+3IqUVPZJo1 z`5zr2S!8cV4ezhaQkz%@1q8Mz0N%m6Kk%COJLUp%oL@HvR^N+#|K4PDhbLKHID(y; zVBYJ&SsG{pdG#vmYi7t;17!sae0ZwOsPqX73s!UUDE~81=XoU?8VJ-To70;}PF)BD zBn8blO@sQHfx$W)vY*|%qNIjCz1tiRww|tT0VpWXKCx^oP*i$q;c>RvwE+r& z2O?hIwGP_18)p1UKT;naFL3|@{B_iBMN~Vy29yqhYgOnWlDq(fThrSYEif@fT71XY z;kXPi8Q?7Jq@uizRP>|V{kR(i!8^@7Pr5mFrmmq?yLo1mDxY70h zm($>0S3^sc?1T^|n4ayRO?yjqTW?Yuy2aV@{x>Xo6dX`Vau1D_;t>Z1~zu23>D z@m+t+7H*yd9TJ7jpX3DX!x9&M*@1WfH{JKP)#=JA3r`3|y#RIieuUxCK~GewOW0dd zvzzZY(}G``AX29`Ah1Sx75D?YfCv1mpPhpvHc=9c?U~pzd1X;3fqeSx=tzw;u<1$; zoemJB5r<2FCF?D?c!cTpJf{66>Hq^D7w@U9aCe2>hD}&a?hh+5+i3LEY6=qpSNz~1 zFX06hDKP(LIA;@3%w?>mX&7-PvtGBpDbBNp6SvsB$vA!lD&MpF0*Vmu<|bz5!0!h3 zGJK!_2jAlfAg?_4bQ7^${juvxNll%RmL~MXerDGd)J5P$D~QG&r?04s_wQzs9%cmn zuqIK4>Vbn^$r9z^?g6V-_iDUx_CO(8#dobz+rzFcWi*JxHk%OMOU9%5gcoe*m3M<&H3I?`bF65ns`$8E^E zO5gibEdRFZi1+Wvgf3S!zU=}W7@z&_Izvx@V{1CT^A&9S0`HlNnEKUj?At(4LXm(( zNK?@fASP{yjX2)?tWoXug2%m&0!sPWjl#;5@0}7q16tg@;-;;iMhsuiS^kki2z6Oa z5(}mrXpd=PbV5GZGrzq}Cz z+?jQpQWkWqO!?;!DcvgdLlS<#w1vnou2x+yDKWUD^h6NfRPP7sz*zQYb2>^cY*+l- za+UHR5DYye>ED|l4G(gbH1V`RatiuEfLKIgf2trUsF#3Rm6(YMB`DG58EC$I*`pKa zMhEf|DQRiM<_HbPJzQK|kgfZHN+vx4HDE!_Bz(Hx(I5n%6zGHlS;16Uk3qPw1ket^ zBq!Agj2qEEb|El+2UvCx19{Po<|lc)Yki2jy=fDCl;k$U>PA8y zF$>B)s0fQ?0tiZlBTr7*E)qf@aC-8)%aOMv7c*p0Flk}ski!6JHc@jNfSwkWh;+|%2Y(4WD)156Af|u%Zg3t5gh5P*-?S~Abd6Avs2DSYk!$Hc znC7kZQeR-}+!{bteuGnw`jJjguMyClBP2gL9*x9osgRrzGm3HJj&9j6x)W>c@{% ziI#wJe;$clR>&0P`9R2Ls{!n}EcX3?_MxE)&#o*SxqoeHB7MlLIpl_U7yCW}Cx!jO)5>sK`~6#UwtTs;j~VNvjb8m zMaK=uG_0-XtpQj(p-o=zfT#c*tN^`|q4F<)y%YXqE*v3M1+6GMW8G@=A9xCYgq*nM zJCG*bchRh=TM?-IUj%&0h9g*Q&R^}!P!;J<)Bg;NOu zv;08Og`**kwVHT?N;x1^U5t^ZZ4_2T3orn>u=S%r&m^tu##QU#b)PtsE z{IgvlaW(}bO6*m3`j7P`w4=9_m{gP3=55OC>|DK_1O&OXg;_Duu=6@fwHi8||v55)9#Ws=5VQ%W=Z=jMIJZw&M zw7>%v#XxXqpy#mN-i(grh*p^hD7pP|sV6wx7jJzL``NrpF;Zeh_v`53$J;nzD3)>T(L^2V&RD5aK+s4UBCh@-qdKQ0KG}bnXSV`=K8?dext=U2E0u}f>q>y zdjZKN#N_cF}zr4%n071lah9}SqTIr3dYIF$Phr;p%F6x zUPTPA!&HA_M`RDyWz$E{L@yIA{R%lRRxjdtHp$1#l3u#JuLvy2d zd@7*5CL_-DRAM=;u~zCU-5dqOYmV@IACNCIzF=fu&&;gw zuIu8=t=!T;b}JF6id2W7nRU+W)>a6Qt_p^)(>XTVE}0%w z;r;R`?gVZUis>77jJeZhks{Yr5SH;rR{^tHiOi;iP7F-s`^j2>C@UL}8FJNp`0Qt-``TA3a@Q^}JVek85~)MM~nXN-C^44>w9Oe%YXCW6@zuE&L@2IT{A`5}lR^GXiUMSjqL&RK1e9>P2kV}5CxWnApQ0ZL z>K1^-jI_uTegQym`+ zuQflvd5iU+>ISu~&<9cQdNP&n(v4+!{yUQ;vOJJ(vRyFdz^FhNg+QuoeZa;3!aQwE zWP$wvDh%`!2gweAwWe9_i~HcrM{z^xn9qF!a-HN8xz?MJt0+0*+Vfi+z@7sl2RPpX zE0a1O_&Ou!iVe3JSXK-!5V{9BECt0+h#Nu@Q-*S3gFZ_c<)WkBSxQQlBg68LAg|L0Nf&3+ zfyeX2k8#YNNu+pqj$SSd^r;Sl6LKq03S@VRX}C%CGHpizzv0*N0Z0O7nSjfbO6G=~F*wgJ-YG7pVB#@0`B}d+j)UcMyER zCR#WG+(-aC1rC?na0Ycncydk4(}wDj9W+^;b$zudXot{@s>|or^ou(CM=`q*kYw06 z#W)~DUM6e~aS-!lyjX?E<@5+@*gv63BF?))f>9xH0bQCm*C6zfpUd{k?7iL}x;Iw3 z(Z5S0AvpOYScOpth;p<5f6c(F0ZJ<0ng*ui4S_(!=84Ul&@4|9#;P}Vh>)vm%{LnQ zqCc;G)v2=UJS34Ib_fV!h}J(WO>_b_jt9?(Av&b(=H+i^gDAu1~JnmyMO;b1+{8vs*y>d10a%r)260A{jo-h&hz3SwWx?+~g${@mMnYJ%y-0V z+UGUX{v|_-kmdrrJtwQ6FM4a8FF*-Ug4hG(2QsI-l9Ej91B68>!Z||3wj>dn^uh2% z7QJl_NUnhij>ET>#9h97-Q^e_S|o}eCYfjl%YMYU{-@~8(q|=xXtyz=c0lrgurg30 z4GNy!H|2HP;-ihrR1A*6cyodN?K$&R*1<4Z_DR3#jn|xj*C`FRoNHf3OfyFwrDDBmvb$K7I884MAh=ijU*EUI~HrqZ=p$t|PRgK{)JOfsOCOhXiWRTZ*ey6javGp97*_ z9FW1xet(nkKHFHg+~B}hIm>d)TWUI9y4VG*+tEs?``}VR{@Z>7mgr!a`FA70qi?>n z_?Xs|P&9>Xv~eW(1_2c6@H#s;)_?BWnNOS9K%A1#p-AJB(D2AZ8qJWYr!+s4ab^jAbLkiQlacn(pVD^ zYGOe+;Y4ms3WOj4JwLm%@p6I>gb8dCUhU`}yhY_#K+MA}3KoJfb=9$l0C{~+M#=sh z1)L!BWZH$^KI>~(*1LHF@QvR}4>MKs!axL~i%&BYQ0{@@{CsEzyzK9?#|^MWU;Wh^ zA5hykovs2I^{XL=NF>39<2!Jce+h?<1W1#+@d^#o)4?~X=?J18DtzT6YZ@$-?zjW- zJS6==5((Az9HnV2`(NjqaH)FJt&d>;Zb{pxCrD5RYqevNi(A-t?AQlQnQPwhmTkPw zJavl)usQBGBy7Olj2dsUZN06-2B<%c8Uy$4+-JT^@Ioyub?ePsL6m|?e>W6RHld2MnyD3Bo z-5)CdY9!_)ik4xTq6H2*L30(Rn>HHLyd*U=qmLE_1Qclhqs+o23v@Q z5l(Ea*j2WgFewxtd5nPb@r2=Hf_Myq#j{S<&c~*AAAIJyU!M{sN$&L1X<*%JU{Uxd zN9rIAG^!X@)XN(<0JDXS50=9Au~$=hwkw&_=y{37l7^e&@rCMfylcvIzw~O`m{^f^CQlXatZ(d2 zGwa8P-TSn#>1xyd^StqVb;`l>P5pz~O3o#obte+bm)btnR+~8SUv*nfT*e;JCV0Ft zBqXrt@(@7q6-oE)cHZ^V6zAj*muQP*9j6>Tm?=*52M(uctxO&9TFW zj~a{JKJ&q(v)dOD9&8mAgo>)xsg|33GIsb`fh0_;i1~2ZH?r4x` zKA%X|k27NGN?GDA5nj7VngP&nB}8qcasK>@E(+lfD%UAP)!y@X6PWFjlRU3&9 z9>qc+wwb4aqxp6cGFD;s_dm;e&n;;bG(M&-`?2jk;L`I7t?O0jcD{jVQhK9e)&uGSC|mq0D@^lX)wFW4?L(W@CCs%6JE>~Q$6=j6l}OKHmm}%Z8{d3TSJ==Hze@ zfl|O%kF!zWKf!y*sJZwGE90Qsj&!})&KwN#E7Qw@USA`2J@9}8759p;tvuxVG;QKB2$are5%ke3UAL&T|*;#sN=G_DA5ERq| z_t6RLn7xzZ)3kQYs2gwC%fM$jR$@iLcb#UBV3#n5?<0QJc}RxBxOQHm$PnV!&_nw!QtWoOC1Yyt$yEx(6p$Zc$SIQ(F(6%m`{@#N znkekg=|tZ@yhjQ|DygVm>r}m;9d|v;m>Qu#3anorH2{sanx#eoGpEbTMpxH+K9ABt z(*!v=nhA|UO53Eq&u-;)BkUJ$Iy8fDy~c3Tec3Ko@WD^r)&AhP*FwA?Fm{apZW*xM?4{~ z?Urpo}I)h;qtEFK3xBx6}-V{=njEe_+2 z_5+je!qNATg&*VG*J70Y(R}|e;0RlgmJzb{CF^WjR+B~I5_jWfGMZPb7J@+|QmN^<^oBDp(eq>E&;k8stX~Zt zVpc>0y`Q&(&^oJz6k#$PS`+Nf5Ah$rrK)0T<62W2;;3kzHb!{EXcQ;Tp3Tc>1My`} zM6R&GC)ap(0ItCZTuNzg8nz<+s-~kAa}Ps7dSPKudKGEl{LNc4kD%E&+BC8D%HqE*)x4!;)@NO_&Xoz!+E_$5#EdC&7udMoNA0?MJer@bu~LPR z+`?kmiaK<)>k!1-f%xfy)|-MsSe;&6v1*#|BvJ)ENtx+=(sFs#j~Z46K-s5K)38!= zXr?!BJGd)Z3JjsS{;ifU>B zXY(EkJMZD{l2*v`cvuopIwV2k6FU^+SM>_!m+ZqcY&7d64=N$2?nRIYpVHwxTCbUSusrv*~0J zvO4{g?Mvdpg(&LkGC6Ymv(leFeF`VXP=JoS9p&JT@CA|9afUeKn|dN27p^6g(OCI! z92h|qvCUj#KamwLo74UoPzrcA>i4cfZvS=?9$U;76!g7Jk@Z+ zjTCDciiY3Vzb{X}(b!19;wCodaux#q&(blYlQTVX$o{>8f;9X<|GtbBJ`9zVmSV5r zf23t#AytA&0?Ca|{E&h<10gjRrY|G*#p&rK*<_MX9Jq!5=QT`lC|mMIUU zg^?lVW1A2NS^%QfXQr%P60?LB|rQHN|v6E8hO@dL!x_SaQQi|eV&g@SgH zKZRJUPq-2fmQvhGS9~fdz=69>M8K@-!HPAm)RwCs65%0PxD!B{txH37F#f#(_`4h> z2pWP{<}47{M$3BY^_>sWRG>#<9|;c)`R8CS0*INGJBAq&ettoX&HDEMKlkfI5q5=B zI48R{VydiS!7{C5K2@9eHu522qlK#R?ob^BHD@fr4t=3z$WBQy1{F4D$v9?Be2eb z2g|93kj3gIc8nPM2YaNjOSLJ?0Z(9zM*C1-D9 zf~W^;1J$h_!I#-!?<-*UW$mF|DDn$`tx>Ly;&elBvw9vY3bedFOSPwo_tTeZ&>s!k zZU{-dL3=u)(ol(xh2=*{iBvhS=j;r9{P$|bIMOyZXNQ)aY?=*CP0?Db6sQ8pp&NQb zDNbz`2=EWs6_N6puctUwvc)n$rE+(dSn9=Ly#(c-lQ}GP!Nh*GElG<0cIj-dh7dgM z{mF-(gJ;qMmb-`$sn!Msj4c@uOTb0>RuouGRVu|`14_MLdgdtB$G;9Fwq7+GedAVcGG7{L42=y3Lt{5yuf-{+BG z1(}DT(vaq@j|^AiYc8dl#Oa3dwAXx5_C(Cw;fnMRh^&1!?zLg za8!^76C6YeQ0M-Q?QKyhDb_Jmhm7%b)h>i^=TK#jE^}6U-Mv@Xk;|6H31Q&(L4 zc`qXXmWt@;kg&d7Q=w%j-q)BE9hsPDwXTFf#`4{jtdubQ11UZ`vOg6e^R(Gm{h#&C z9|AlnuMa{5FY&jh9N_!SnSx$K;HGlNEe*Gn?Z7e@c5flfw+|MyHeM0qu$x$uSxWaX*ZPN+joA|8^OaN}pAD0gxt=M;?M~e#mOmC9t z=&=!7fBYD|!^w(dpnt2lNnm4+Qv?0;<7lehi78{TM~^}gAmZzTE3mU!j4WlIpI**T zIdgMsk%C6zhXr7s6}ucp`xt5Q583tx7r@PKuqO=JZak>N`|Dte8UBG_$O7&JVP=+= zDot^+(A+y(2M_tJ6u7<*0@HV}`e3z@GZVH#GFF7OwRMK2nuevW-%ZPE%3lPBwTFMT zK*7N0U?IlN97bAemJ+ec7L!P86b_1%r{ImCHeCJ7M}uX}!Sf6nF?HOVqo}U8R3SHf zfzGX`7`%cUU~X>SmQCZ$xxAuZs~lNWWLve1^8!T`)j>+R0Fhkv8B~t8(HR-|FWb5` zQ>m;ay_t?SSz&<7;nG_9cId%Jpilq5uZ)BCVk@Yv*X3jIn6e5Z9=+?qI5rluBALXm zvKZ=xnwY=y9B^vx<&{n`g@fuj(`|9x222+WUf_}?wHj{0DN0_}K_LBwmt-@60fFSy zyl9X#yJzS1oc}!w_$9&pigRS&U6>4jZ3x7A?$GM%%bFHrJ`hL>n|_4LXJR7<(CjbG zN0pj5%m-g~r4$L9N~6hF&%~AMFNFAB-X-25be2+(2{g5wo=S?xlA^?E zYwt+QQj5B)`%F0&H^`b4mme7zNjV{}!Bg$D=-w+;xI5dU|Aeff19A-SxKS!_alL+P2I(8P}VC_;Qv!aE_9 zNX`417$4DiGRVP$g$r%&WBiFo%~!$230&^`L3}fg9_>#P&IDR(tLwe3a&5c=(QI%G z7_^j@c_HGNV-N8v76K7iLci1x!L!h!?~Me*2f?7Ea=Q_hcgQb2qWbBrCvZ` zE_ilg|HShrG52qk+r=c)^K0*d5)BxSm|T+Ai+_QQSPexVAD<>cKF?o*dPKu`S(YEs z2Kiz40BrTtQ`uaz8ycGp&Fw;AjOUtJzrGmREPG_Y{yF9WX&5lIcILnEE28g0HjT^F zWn#bkiJ-njc83!|t|IMzmnaq-WuM7_2Oa01b3=T=(g1pe-kYNuNjbE;o157G;|P(w zNi8K*29^Ez!VUTz)zI0p|LRq)J0B_7SH>!18wY!;b99g4Y#U6*kM-u2Av}9D(mMy zb4!a?=6{V2IL7f8zWMn8s)a^eg_~s!3QK)3y)-@t4DhHaP}C<6CBcMjY@zK8J%Fel zltO&fz4&-}BmM`ntt2l@vJ=taME=ubmxO21Uiv z_qmlVxN+1D%!fEKg(t(qk5!9paFeDtesVKuq=uR`x$*J^7yJLnw8= z8gnKRA)yP%< zGvdMFikGFze|m5yD|+*(bKlq32aaxYU33ElatK65D|%fKnmQ_KSRA>`RDy) zG%uCK1o{=~)ewQGE0nitURBC!B>@D`1?~Y#bVBW2lP@`MtaGG;{VFR-K=4aQsHyxb zq}BkqovU6@Bd|p9Ub;0VH&oK8fCMMxERIbiPsmf}euDO~xuxOX=K2eGqmilJ5n1t1 zrd!eJWRP6k<>A>3NdO&)lO>95{<3Z6>TE+utQ2MI-9R`zyOX7i0Pe-|00mX-+|~IQvet=|9xc~_@^&X#^g#1xw{hp6rnUZMC;1)=KLweZA*T;A~!R zWX}Dzyuxh}pf1{iYP8JZ)zkWIb5UYO^@1juzh=Neid-V+UK4jXfVdzIb)}xpWj12f?DNS&IqCOMj9O~&gsIFTy&w<@$W{MxCo3VK_VDcx z%^E-tc23UAvY8j60KNkKS7~NFP=^pvbHM;PlpCFz>ZG`Zb0YcH-X#X0uxauS1H%gjTHRAr4n4Mb7XBlXhe>wC!1XNnH~l{I}< zTU*=C92VSx{aF?5cV+Kxjn3UHk;q_St2$)^)`Y%|4fYo6%4YMYtsvF0+{LM5B!^0Z zR2byow5yI?Cdyz6#1uln-_f4T&CPKGE&#ler>7Tbmg=Sc-%8%aS{#ti5tWuk%T`E@ z6c2kCqKh*OPkG}%<_W(RNABtAWdk9osWy3x5(m{b#RC_dBWkejtBvLYikc^5wwU;3 zO;60|#6)KOx0gFlgUyr5Gz&{K3xx`<9RQfk&ZeT^=g^vM*{EgTN>EbQibzQzDU~71 zaOkt#eFyx$x>sEZ69*Nx)@XL9CO$G+p?a8Zo$Jy_mW)xH2z>ex^1pmR0?ajT_x&e7 z`#$^WUoAh1?lytfb}j#t77{Vgwgq_zeh29+_wtZJJ#rxCKqf}90PO6~}Qy^(kD!sh=n5FTRn| zC)K~lRRdUTcs5_sMUL3WID;(iMLRP(1Uzm)d}*6I3p%3MxG5?|L4%4Zp7azud4iLG z@pQOno%zG^>GJ_LK@y&YBQq(gcpMx?BMvb<^A^8%th&(9%M`sa=QG4b{?u6@O}R5$ zGrHoWlH>SN8}0#W1(cMOKzkYU3}6Mj{+bO5B6%bAB|lhVusD55o6oJr+REBm%-A@y zN%{$mx>a27Sk|URx4Dg#q?;R7enmxBN(`Nmi);I%;%2r7oK!C1Uy$0#<7h_rlR5I__O|>-H&g` z78Vxds=xi(TT9T70^gVG#17K;JV3tLOua!ZEiENilVsm&Ri3oTgG#)kYPdM9vJJ957pXy-Fi!Xz<&QWmW=J0ML;K z6aj0ki;IiR%%u=I?b4V2Q@-CE`cEm1LA1!3ZO&xr3&hUtpxBg&j6HDdvpv!D3sM~ zfGCEZ97=pkBSKlr*sltz2EaR3du9<~qw#!@hP`~dnb%F*c+L?{{jA7xJDP`SZtvu= zoGA!+cOc}iuEe-QM76ae_*18HROhc&N69suR`fh~7eE(E6{Glk#*BE8gih!_t)@p` ziRRah9d`0J(jTU%~V<@>|$f*MDG0u6v>v0VR+4x}($$VI9c`S*SvE@AT0 zCLWKXbDVGqT*wnU5}T|O+8!PeF6syNZ%yZ6hBk_7B1i`hp9e;hI~{idm?qZG0nDqSk`7&p>sxS}FV zH*^CmqX(S!c3{U9eo%`*Z6iyLof{;7|->1(|6lp&8<{8@9lIAmJ3G{S`sa3I9@ zxZI@6A98#}9nT}EJ+cnydfVi=ikz_%7dKHh#q2K$QGbsrqe&Xy=NFIcqU zf2VV$!+X+l?-x`3I$S3MyfEa(hDyHH6N#_00E`o=)$t`ul|DMF8v-GSpiW|FL;`qo zzl2p*P7a)E=Kj#c1gwIYjQxW@*690SbLSSyJLzOTH^K5K7^2)42-p`A=gsTbz~24= z4p8Vqdg3Zb2!IDbZ6+bot2H7$`J5{+BvS81@)N%Bthmk#sYjbtUC4xW9Akq$DJW?{ z^|ew{yvU#E%+p)eKiIRKEfnm-|8u~MbheLVl=;hs6)%-kCVee7=~_-f4$JE7oB?uJ zjh+HlJ9*A8OP<(EsdZ^k7g-K~*j%kb)Zh-~Ohdoz-6_izF&DdzKTl{ay*osKM#k@52N1PgYA0{#gGt9D_uOx6%3Rpb@{)kigm zuSJL@t;sj+U1MMiKZe}rV6S;QBF28P@HUXh-673Rc*fLfcOBWj{V(uh#|sQZf^y9h`aC+~aNzhDV3o$3Y@DN?=PVD%JZQ_;V|AHl&=iPUKOV}otn@1g z>>k$tFlsToCn&L$XUwWyR5(WwN5|@8%REt7J7e5@d^4|`n^!C`&m(I4EP|9}TzSBv_O3{0CCaiSu*wfXVrMzOCd1mb?@~62{94n2vXRAE6-iH=oqz-Df1D3JZBD6adD4=c7358~W*ty~JVUl;eD*p71+lIj0AVQm+Lw$P<723$uZY>gDO_K^9xj*;k}sgIpo<(PHdM z0BCh!9%Ryv4}-;B`zW@zRiB*vY#db5(vNyogI;27$m~iw;Kmn7PkmS6dLI^F@cC!y zJXoS|mjVv2Q^{cRbhd&L>x@O8bCpM+(U$4Mh`sggjvcqso8hcEn=-o=6~U`U8A#3R z8CQsJQK4?NM5GPG-|67vT+mUB&rc%IN26URsMpv>)x}Vh+xDyV0-Ys zwJUh9smg@SHqk3~KS{p0^VijF&{eUH4>i5XQ$|vEFG<{ye?jqUuuY0I@HX9#UI5dy z3?C$;;PC=0+jjJz>L%g8MNI>$rwp&+bSuH|&56+8v$5gOyFFqcN#)X(rG4&#C*E$h zzfE&H&LmrqSJ3hCuvbb>x-%y8c82NP>G*ot>Nb+b`;eh8b^EeoC(^B|4q2;|&B1)U zs@a;&aN#?cz zj$g9Bpw0x<3Jgr1$B^0(oMk=>=}PW45_S;J>g7z<+k2?YqY5aNANfhE16(mL^pn4b zjD*1(S!~nQ#C3_K=?hpjGQSHp9qN-rrH^ixf+@M0X~n8V(t?y+mo+WL8h7ee=4E82 zTUq&a8-4%PDj5wX=;pXrjye6)5zoW8IAgb)TPJirghjDUah=@UwxU99|Lc4DiQgx! ziaNM%1=zG0r|NC$CbvB^j>+Xe=(WKo|G~?FaaqyVy8M0W42Mm;clvAh-tgZn6%U}S zAM~|OdUJw{HaM!>B`J;qXQk6tJx8#fr0E_!;kUe`yXy3Xv51MpJfA& z$0$pCffS_5h<}WKB(`&8jISRURx;KPFV?E}Qts(Yh|H_95xQ1Pd2WOu3gi$x= z4prU=i&>K?;yyltB-aNkBDE;6xYAtu%-T0JabI6&fh#fy8at-#2FKrrgJ6xVeryJe~ zVj@6nQxX}7s?-)3kph90X;y8K#967jZxNglm*}rl&3oVuT6@patjmivX13Q>=q-1ce3@!sQe{K*J`NxkTFATCbq zHgfRrl6!~_H>66hRMDKt6=2(NAmh~bZ&7Bh1YQC<7zB|&dk1X4fURS3H4a|BIZ58( zsn}k;_?VBoPx)V2Ti2KLzlJs5@d#+PKg!OTd)E%!t1rQjEKHZ{|8m$7ZB z7iI0M>UBEV&9Q=B(wYqWT|#Mhg{tqCmLA-(S!15;cr@z#Fol;s36?47J-f@>-__Ic zQ|>l&%ml_^pQ3je4 zg@qEpJR;jSabig6OrG|Q%eLzDv(tV#)trS*4n*VfBD{rKaEy|hO$PtbtQgSyvI2J{fUb=YrXJ3 z#p-ZJ&{S3JbCK-sxhsfJ64i3VDKe{DC4b2N7*3T zEG!HNo9&N+e#BnwwpqZ~9eNuZdbYwzitl#tD>?N$EptnPZ7mVA^<(xZ$cu|#)gYmJi#=JoNu}}+=V$Cgicz#cp*Y- z{Y}&Vl<;0a%>et05KV9-@1%FQttsgL;85&gd$Hsc=TY3-`#_)et87sWm)`goN3(f( z5PMc!FDoA(I#pbwu$>)?d~$=YIJ%=)Q8dJZbq!?{&#^rkAzs85D~V|PmM2ObY4LQ5 zuq^Hbv7%y}Ti;Q_oFc9}=F?OB(Pw5Ly(i{y86TQZt1ApaXq!z+^s7DCC)-T%R2j`0psy53Wh>tNgR1&#n}QE75OlO}2Va+y8(^gb zCQOW!%BOPyV9BlZ(sHkL8aaTSC}Gv4FZt73(0dEUG@$45ZWRYM!lF9XjK6oX1cv$; zSM@l55|`i{*QyJ`&S)~G+idI|Ln~A1p6Jf7=-z4gX-{kXIU-!*dAR()pg&~ird$( z+fG0SbVKAUWk&NWXDHda&Gc|gPj?^D;f4PO9f@e`KWX9T85A+I*22=9<0YtP!s@Ew z%zcg2qZ%*A9d3cg1o-a!pP2gaCjy-@aS=SYH{#!o@u-ehRG{nM-V`QN{OVPqmHqDm z6~n-wV>KD)WqE3{Rnm!TArSY)@PK{}unYAgrDQ5RIjep8ss#}{k&5kgQt%3C4vW;Y$v zB&s3t1dNB9uKKa_9siYAEECCM_$;jvjYYEAU=I2izD8D}AAyPZWi|g!t^m7@w zHh9-86}$7-$#^apbreFj4*dzQR{>3HK-zz9TC5cm`YGP$ep5)-R98X<3Ee|4LOe7c zS?Xu`R$K7x)XmQ~J}d8cl0@_R6H`t-Zef@^0Y8l1$W&qoozb9tYj#~Ji0&D;$`Zkj*!0T_Po?6M=&38l(#&P|d(bgzi&_4%8j!V!JLPTCwC`dbxPt? zW(ZS~T^JlV%tLoX*SGTv>v*@ei3o9{9)JE(t?d0cAScoY+-Br`Sr=Z4XEU#oMHgSv z&gR>>YTt_qrY2oy?ZpFh5TAEk);>miTMQl_2H3W}B*6Mt|SW3C_8= zI|veBHw-vJhnbw(N|K1$W=!xPyU$}D`w5@kM^3#ppu61|+TO8%Cv@K%T2wQPzdL-L z(%dst2f3s1L@L)!{EhQ`5;DXW07uX<2NFx*(mXJvj~+51L-0}r0s)eEP|sV*=cKn# zVi3Qrsp@Ikr>{>A)dx;nQC#v4Br=JI&twLy%N>CvtYkew(`&v+jxpzWfa4#R-PGq< zn;*X>?RDHeyHY@xzt1z54+1#=RvRb03mmKotN=g7Gd^6!s<(Ax>UOg7nAu5u5+{uy zgz~6?N9hfA9oBjnFFxacVuBoz04j!${ob5nfojXjYaS=N4MC_ryn?P3?Z?B_FXU+r z*l2xX${E)uwzd}SU@uo>rm<0A!@0lu+=VAU->QxNwTONAVx6*g_sUUZ#X)H3Ad1xr zMs{Ig$F`3*GMsX;eS6dsKmIAfy0~AP)f|gnkObVu@PsxkiJN@>{BIjg}QK6m<7KDOf8Iqe=f)P)O@T#Zvt-?^Zu#WTC8IsWgZk;~m-anA$Q zK!k8VDr<_+^6}%Dc<3D7c9iuBeV254X!8XA_t($$!FPefpn${Y^B!T_6K+Ye%V*_VFt%f>XT?WcPJYmhRkB%EaXc&-Unxn zf0qBR-tu=gZ1s7BEK}LJ2@fxN51KvCT=#dNQSu~}jYQdFqja^{#N>tKGh42=Ym}Ip zIh65jyZorl);C^;UA~M3MJKM9{OE)PCe;osE9v0}+V|=)IqdF9lAgGxouKAFc9(x` zq1c51{*b-erk`<7&s1Mu{!}jk#2_&rSHxmOv0VE_8$ErzruX3}Izij1P1fMm)Mq4G zC~~HV^5MX{LiHY?C*H%U{UCo|#!{YI6UA;cjBGj+s65)3)kQR1M~Z%K`5gJn@*yKH zvjX1Bw$9)@OAHbQ2ZaZwJHK8mr(S+SJ0}Q}Iz`(Jy7V<38(!P%%8UPX&vTHw&K2>k ztIoV9JN4B%kR2N;zTFv2Sfz0nAcGauOi7hyLLNvCFtYb-lBIY&^qv0qM$}PP*d@v!*fnWueLPu^d`MJUs#G^IT zsOM4O4c+su6FL_f-^%|ICS=3h-N0CklmSjAYq=GXm4|EtQw@a7=-tR~CMCk3VqlU1 z^@5Bwbr;z^wRPjYFbaVZQwc#X6(4C6Ku*d)JpdxZyxUa6({^kbGdzUi**~?> zl0zDdJHjLyT%FLAfQdvzz@4HxwH$;X)JPzBEA(WN+(oA$0&uZ2>EP{YqIyR8Zrmx* zaqNpeyo@-U+Q0MH?y{(m84<4YhSy;J7x)z5DrUJ$SMi+Gp(_rQ6GF^&VG^sd%?ZO~NfvNcJ~%XqQcek3aNGag zdhv0lwv-e|NL{@dK-DhLH0&RLKk~nvbD-G|39m!YLg`h*O%mh8g`Vpa8w<&SkA`{B zNnl`LP`9?_ub!{-tIC~XHJd?=v?4WAN}N9GKOLa`MkQE?lhe&K0<2_Mb%y%#BJfkN zPq(D4`fHu*2)wBFI|Pey`h+Pd1{KDQ`GKF}F9qGbsr>CF7mt0U9P2GgO8;YfdjLg| zh52cNKBLk6KbSI&rgGeOW>4B~EE{h&{t3^HjuGfu-zVfLHmNL)<6*<);W2G|^RThs zz^7;UJ^aa}Fbf$Ktt&}T&fQQ?oXc3;F~7XJ^DL1DBet7M-JKX;BEgjMwd?P*7Yc2u zaW+&3+BNSsZ6YW3c}h$S&f~R5-Q4a(bwJ;rul)T0lef%!x2Hk~LWQsP{7I1+`p@*8 zoqSyEN6eK9xvvnZe(?973u$p?U>Bg75}8^lLN#!6rK-4idLKoPSgfo%#^qI6-gcPC zL%8&j#VsV#QIG_;-$?3?rTq%ix zL>ottvtl;Md&+ECdm+<*m&J9goK7}|+Ws+R_t2Y)_|Lg16N|m^zVPbt!k#66l}&jr z`-^6OnZT7p(tgV(cA~`o@nGQtXDs>KY&TWz#g31ET(9w%lMqHVZ5vr(s)s32gpX`|Yp)OIvnUdN;YGbYm!;o-BJb6~kFtW6} zqev^GnsKF1>=c(ZLRQa-@2%D5m7BLFMn0YP{?>Y0z+CwH^+<9~)onByjc0fFBVxlw zq{^$>*qr-oY@XBD!D3Mu!Uxa%QR)To$rQ@R=isX4AFr5 zpE*A$|5f+iwJLGD_K-HwWj=^_WOJuiXj>num?O1xU*w^fO-Rk}6B`R-pKssZ->Tjg z{gIv?q&;@TJ?;*hS)go;3(E{a8Z!_U7Q%u<+*~!}fk9~+8Bbw&GmIN?oVmY&QAL+o ztkXU2!zpLFX_p0pfwg_6_l-WV2nRuWTDRZBH#1v*aaylaHsyIZRRLp3PjjH0O7ajL<*W7-LZ5wu80>Mr$exiq*$lll9*9 zax2S6Uevv_JDiUnzs8G(bB2ZBtl7Er_U+r9lXaxt;V$m}Vl8Z;zGg7?=F}ZD6nC0Q z6*1GB*3b#?>pHv)#`B{#u}?~4M~`CNTimy612C@z3f#YV+h!_3hoNS_S7>3)G;P1O zrIKU0zIs}em1|nyqB{YUe%ek`%lDJaZeBZ#skg)~*&)76k`&;NASYLlfQoIu7#G1S z?|McC2Ryrz`*_d`#_xD=$-2^YEBRXxG(-hL+e`oOv@f#jeu`|Mq=fc^`2~Kv_`pEv z?0UNKaW^xIbz+JXDG84UP>jYSs;^7uTw7b4EX#hCQnUxxQElf;}_(o8zSt&*rJm1VuM6(l$`#j+%8YwyRSMek5;4IFca7zkrtm8eYQ% zI-k>ILPO$CLmA00YxmhV`4f!RdyBz$W1C1F=${^Llj#!Kh}kDdHtp`k9!bD9Y@jDV zvGks$g|+qVB8Jp~T{*L7VTx8dX4_Ep~j%&cyVzR+WKa zk4ER^b%z)1c-OB#mGGd3Zc2z>H=v(~;hGY(ufar$vaZIL(dc_hOwEk+qPH6vk9JZr z`SOR}mIg%nHWFLo{AT6wj>$`lYbCX@`5J24`xvQPtBLowU<7u9g255Pv@^R_*=%_| zdNWX(s}4>QVuQXN2B5cY%Su0eI=9~^CZnK0C@3iCU)$Pi&<$$7=yO5-wYYXHUlv8- z-48o%LW+`CN0A-q!x>JTdJv{bbQm$^THapxru`XqHb>cd9&Sx>oC;)+!!vccKp(cf zxUnou(x>t2)lE=PW0rny)Vj;#oaG%VpOMrxn5ozX@AYFFjJ`_2O1G_=eFfrNXx6|d z=wMlMd{IDkf`wP#uBSE9f2`&nmru6Lq5bdYKYHSCeeu<{${Qrik-m!W@se&`Ew)+N z+7h?Y!G60=nf$7KGfj$QUWy|!kU0)!S+Otf5>y>zqKQt`B+swjVKr+Pn+g&6n{>lu z%=X-V#Y0DqMJ1h~8}|n@zrhgDWKZmrtPrO>5u{i87{DfVsd{Kv?t&| zht8eY_lX3+TM3VhgawKElOOzhUuG&iViYLv_-8Kw8`ha%l$%D#X*NtzR2;Ud*P-%l z3_xQX(|5v+Phj5d=;)j_Be_CGO&$DoRv!l!my!Q2d87CNQc}W?n40>-*RMC=hmx5V zSNsHC+#^1gsZNoEm-52`-Ux|wgpeqy;iDLXM={E-rP5|IEYjbk9&#Va43Fq{7uwFSOfT7M9Q!<2|ajxSig#NI1D4HhTwW1>pXvVN@KJp-ZrSi;4<3 z-Ky?ek8@5O#&MudgFZ6o2Kx2T{~8B4X-uescZfIf`}c3{jMx8uD!zE}g=;b1=;t%Q z0I(eoeqQK?dRv}No-m?l|A+SG&A%k^{Pp)XSF13wYkdS+pW>7LNvc20z=d6X@KS8M_i4ypJ zkjO91|5RGq5IhV=8%PgOa6fX;jk989q`_J}J48#noJ?!ix|Oz#%sfPA>{s$%i2VC` zB{%c58Fi*3Y&(kpG3gJYS7sQg9}^tbz5>NikC~;#MFZ5@(1<7JGmvclc%5tq<1Zmh z(@yZ$d(qHr)qjo*57&p)?Hu%7X6Lj*NBg219kcH9@fS(8)uExOo%<~p;;+6Zuikia zvm0A6_4^a0KXlBog^ZKF_|KJ`rAMXomwG8%gJ&z`4t{l$nEG!J6kNMT>M}*~g#??Y z1n+~n{ule_TmwmLu`&)6SFh5zl05(2_=EA9=Y^TVyPT?=DnZ4BuYIQ|LuRKDSn2gT zv%0UmZn?SDaJt5|vknb{NO$ihS5;}6fBqLeRbM-F(3SMfZQ^E<;*(_?arHgQBM9M7eY9g30**$+xM*HFLP z-oN*siyTM{{u(N}D;y-W<)2c4mR?V~B_*Zm`EHj)!OQ(B;s%Yt*4wx(r`!uYbMJH~ z^`DDZF19s>HWw~LPPxua&(71kJbt7K^(G2@SwJPFo$uGDlnkc3ZNuwt3H3f(Kt$xN z|7z;-rh{d>3PV8^#$C5T?wR5W<84meJfY0UXwLf}6X1Th1qaf9Yv&Vh907>0=q4mH zOxza}n<>nL6`i9$&BN4W{`y_MuB5E&3jnyex%mzon_T(XI4a5O#N2YGZpzjhq*^*} z*uu&N=+sg&j_e3tYms+#tz6{_M`ss!5I3D-_JD${N`_-Pjh8aHn3piFzGHVI!ackpTO4UF5!_j?MT_Ok*4@4aGq`dh|$L@ZcZl?M;*;yX3*6e%8@m4- z`{1DIPn21~M}KIV+j&dpTTuROie7KV4jm-Gx@cf*48l62Wma*E4XS#j?C_g|Qy`n2 z|29iCzvVNT(NvXV#&TwEvtw56LHnlUv&#?=7mATPN%t=UWXn zuiI%|&Fb?7+26IH+}9HkQDl;3lo4=xG1AW&M6M7NT6e}li4XH9Yr2QaJZjcdExTR& zDypwv$CNqG^W1}>r=g)C9j~l3WWHwUwav}Vs_if25B>I)U)HzEORl|>3?N+ecrEov zUp_Dd&w==gaQVcS_uJ@;-`9UXvs1g|FNv&HxOy`LpJ;#l3bC?Y^o^96y5Q5kB zZRuhbmvPkJ+lyG7vek3aLu(yxcd1=WY_=|T?THF+uje~!lpv>fdRji)RtgUFr9{h{ z+X6V#|G<9J-T49+j$MAWyrbh|Z4NT1M!2W7*Mg!UtK!1vZXB!OkV)d0h=_EDRv9U& zJ0JnNYQ_f2C?L;`QBI2@PyF4xqT&Kj zppljR^jn#llr*igg7~xyB)kIyxh9>TKD`W*FRv)HK%4^PY&67RO~C4-TNK1@8sF`v zV09(~6Vua3^8JxW?DGfz5%{73UeT3UL>;T^!Ha#g}yTE{bcn)6mJ~fSXT1%>C=yPI+PvV-OY8Lr?U=%pl}p8IXTH;8il1~Jni_AnkzUk zQ0a0xJOgM@TXH;?l$0cFo?Jn><9%qNABqjA>q%^m7`Coye)t#1+(l>u@ zBUT0)<|5g(!s{1Lr3uN`O6ds$upxY8<>c(SzBqg}p`xa?Tw(>nK>Myfjq(|ztjNOaV8+0evgia0I8p0aM36)$*^W+mq9;qwzYqaQdas4 zwXc?R=&$GjM#q2zQY%p&f}pJO_85Q5ecX(&%--3RqAN^{-gpJ?c@6pBwBHD(5FtsE z`O>_ioH%m>JkPypuTv|Jlhw?siG;@%w?QG)y>z4Y=^JG;9#Wjjk{Q;nXT2oQ?Ecbm zCkP+6Veo1tumDIxoo}};yO>@LM6Vl%fDR{!sIyJjSX-;svT)l|{ss!l4ZK&x`5Nr7Pu&Cc%>K~+a24ODvZT*t5 z{{H@CEtb8~Z%IkW?roMNXZE7_1M1H8bsegPq2Qa1Nej18=HVjd(xN7tCw7^2WAD}@ z#JIUhK-Nq&;L`B#u8rNO3c{tnq)-?_L2h!Y7a~9_vTE~dMBa;cd2Xmp2f-r!#!G*O zhFo>@;5ub*XAg*&f(X~QZz*ms3f$R7zE4U!l@gZzEwarR}4}hWrv#*@$M zxJz&Tcsc2CP56ork?0Wu{A{hxi7tIHD+5D~jJz#BwQK_v^Ct=!tzivJ=gByIt5jr= za>I?C-r29lrlx5*IkL`K0&zVV_rrv#W8)2OgB?#?wI~@257Bqsy1U66T&(){_!6ot z0TkC^%W{`5^8f{#pe3rf%FxINw6?#%qUG*5K1Ea_vg$jJ?%$Jd>n|Kw*J(mW3v_i> zzm?#Cb9lGXPd`-!3RX%4Lif21{@VHb`{%4la#B4FRac11W)RE(+jc|}ATUCN+_pa_ zxEM#QR8=txY6vdO1Fquupw>s&+A;`yI*hp}&lNc?AV&;$ADpw*2gHbp!^3$RMy}J6 zC6+I8o9q4!hXw~XPuIE+z-c_4^~0PUT*`+qM~$R9w>ZY zzx|*A@B}P)4*~ZCcp@33t8!@%D?Ic|zS?-{b%)w+vdAR*apcFn&-S2WB=z7#)ydXPJ?95!XG zR`4QsED7DHcX6UNRd$keahwDe*5^Y{fQOG+{GeQZ8J9rvRkQk}bKj%xc;e526E;nS z27Fhl)TN{x2>J;_?Dtx2@Xd}N|e?@5_sVs~|u@x|Bp<&B4tx-z^FXhT8ct;u%~7p}nuM8IR-f_DiBdax zKjD8Fy8T3jqWCG(cJoz)1OzC7?i^wKH0mdhjChHXA`hy-h;C9u<}AhiB5p zOtg7_Tjq_OCWXI>ww&tPWH3BWV+V8WmwS%)FU4x=bT~Y+&zw%iI`X?4QMUi4QU7w*Nh;f^zadF|8`=QkDf)1Kf$N$q_J>IFf(NBDlFt0 z;tFv4x1=5>#J1S0z+U-M)rKFVopRrv{;J^?Pi2_K)`MF#4NyPINN6`n2(ROmJf5MM<6ly(0nxaFQJ@A0-Zi^GF3q!ZqD=G3 zrp2D{8|lBnWVzx9SnLuofrniduo z<>eD2e|x3!K~6f|Ufm(}q-(9v-wro@(maPR;H8I$Ff}1Ah;@e_XCM~n$2=VMDKDqz zh3jFeEkr@4_v(VM#fBA;^i2=lt25qga2kH}?Ywd5DOSG@BO%(km{9JXr zZH?2Lj&;Cjkw;Be+6LAFK0sz=Df#(>kzHLm?M&UUQAiYCMUA(AW5iY>N!>E&|GGl? z$6*gAg!UBwCG!-`O6q^Mj5v0+?-2WPNYpb3&i?azV#gb#98gDFDXD-%zlRZ z|N8Bl?~6Fz)n2yYuqrJzhNCy71$j=^r&MqLn3R)W#?8NyhU!hJZ?wskH0liYfAx65 zK`^2c9}7)?5ZpO@3zAD&r+$Fl4~C4K-#>)^1f};6Q`T+pBg_~i>m8U8Iyf! zsJLNX(v#S+(t03$V58uwNu$P9hW2F%OFggrT&o|iL3U5pmV<|9(6lTZaySTz%34~v ze;fhhlibY7%6bAhN*{WB(}_uc#Ri&7xNip;UQ&JeLsdbIX^u#C& z8Lf#~V1fS8^(e8A=A^X&PIpu5OdnU! z3o4?GZ-=s=DQqnO0I**l$4tri;m7;YgajeXA0oxTXH+x_a#8q`wBJycgG!mTzio&syh9uT_H(o|!bQzsef~w6{50gq^FJ&&``+4&yri z?FFda{(IQHl=V|kIP3Mi=FP(o?S`a{4>oJJatVlihr!bhI$^LMT+5({HCyAoZ%?nR z=v~*bV)T6XAFWR1wZ@r%8&a*>z$e4$PXs1{DNy~@tH1VI=RcdkuZc_(YB43zdG~^l z=_4yrfLul3W0A*SjZLh)!RIdWwsmSpF)+d+9f?w%H2v86&9eHj0Zi^ScNVG&D8f@j zDmh`KA5z+p)+dya;VYU(!dk-rYb`)g+1W}Wu@&N8%zxGmFm*1Lmn!^~_p%zGE8q1T zp(eGrhc>ECX$sSD4AS3&=tj;ZPHCy*{5PTIhiro1dzMy8RMbq`)@<79YHA{kzP~3m zJWYMCPE~PhBuzsAw0=p{!$P}Qg=9jftPkBq#Y%$d825Hu;aH1abTr-VJhkVihP+vM zsc7HP(r?K9hmiQgv?^VI8Q;f#ki9uT>A#OiF~Q_!B{40v^K2FDroNq4>DtU}SafV% z?I4gE;bQ>7V9_UKvaHLJH*RfwATCa!YsN{vAZe=%6VFr8g|U|tfK{!i;2-MGaSQev zHnFPDGRhoWE!o&}@+9Ef01I@I(4vK>Hx%qzq^l;j{?s*3nAPwVi|V+h9uct_UGfc$ zVn|V@I{ohc$FKai0l*CQ)^7c~^a2o%tW4_4*T>%>v4okwp&G;51mk%J!Ponit34kV z*+_e2P2TIu0;G}yKYx}4s;tlFgKle@dfNjk64=Z# z?x5!^n2@v2s&{H9ojc$OPvy07)Chr$CZQ*ljJJ0sJ5QjiC*c?h)Rpu)u1SflqX88}30!hls*QpxH|N|z>7$Gu`As&0?;!!5tq z{svX*Cf=SEda^WJ&Y#T(Wi~U`nj^qFz?JRCimBB_{lz8uxwpTMVIF`qLmoC4X;i9q z*Rcf_1K)H73A2!|qx7JZ7< zT|?>IZ_ACO3RoB@D`3eh@{HY?{8LC7C_Yaqct3Q8mq`pJk<(OMt-;LjtO$5aq=I~< zq>hbF?wCPp+G`tuBE?EZHOmpqlxoHmpG+eaEzy9clxv;ptL?qr-LEb&0#~9-^PAy_ zp4;ee_x*v@8q9~x#v`kKQ&Fmh)>Al-=fyzL8Ce`efA1;oztpFn!)Nc=KGrwB`43DD zw3_$FGqe?boC7NHx`Plt9_Ld2hQLm(xs_7}-)OUPH2Vz*g^AG)D8NW;%sFzqeV8|0 zgr&4ZbaVNanrT%;uoe$*+zSe3CBna*6J)*=C9{jC+x2j-dNT8qYnQc~OF7q`P}OJx zYh~AG{N|0zWg#h@7=nTO1?lk7Q@kp5wE2WnX5|wR>zMHj=lW9`IDEj$rkpAk5S35l zYd0~lyd;hmcs6r044D znsfZ{3t-)Q%aYYJ%6uk74+GaVEgAXv%4M(@rT&Wbnm=>+vTj?N=5jH?dJhJ0bNHKHw1X>3FwIe9X!d*tlgzO(9B|y-z23h9-)OY}{?RdXsK6s57=ncl$+*2boI! zMa78r$92790>B~i=<$e3TrB<0AJv6xF?!jZ$JVP@;o-FX?8~V#JX}WO@`IZfe`9hL zu`;^d@w4}7u@M_%^`tGQ&W7+OUr~d4E<>5xk^4Q%g{Bu1Sx1H4>*}aZ`u0OMZ#<(2)?@ojjznoZniNx+kbuSTi<3h zv4P8OsJHYB^t&N$qE`79d$ALDd?G^CH4XO=e_ULn&EG5p%a+(1$Bqh>5sVI zV)e+xDI#rM_?V>A^M=)9S!Zb7&5?^)nEImX-}A+jejy^nSJ6Y_AAJc6rB*TgNr;+G z2`Nt&z^o}LDG+rfy}ataV=)r>M#aYm16(lx9|aB&{?Tpnz8c4CrE=M$D$e+OLPEa7 zQfo^KY;MK^%Dz*{1^zx7xGr#4%R|0qe|&R{Z-$c~gYrIOSpFRc>8+`1GAJ}uR#wXT ze`eJK1P>GGuTX}LwCO-C8poyX^FubDO=_jnWelb(1sD+mJP9c&I)^QHUsF>@;l`rQ zPcvc&VajT10hp-qaA_nsqruO8@;LEJ0u14uq-MP5Yt;g%FjRs9&3VZq~vEa_Q;fR@ryQzaZNQ+uE8 zD5(E5`_{Md*t@SfW?`9i)dV5S-Mg%g>$dzg<3yET zh<%-NDT)9fz&pyy&D|HYv8%obL_5%d#!2HA(m%`R1tUgE-Ne>QW!y%-deFRG|HB$> zazMcnCgu$f6K$RQv=->lbuTaTk&$X5Kul0RokPX2b#lzenT&*csu1h zLIZPeWo(u3GUTh|1cou@yL!mEdS&knHLj)Qh+XKDS!cJW%63Y;_;uZ4a9i)!L4wW6 zWWa&?hqNT`rPoPPH`P%riu0>cyyPZHrPbOPYi14idraCI((<9m2+PIKk8|sYRQGHl zsTLEpf|F{`K9K}d@)+V6vIMt96Eh;T33^wJONWvKzp&WvEA0&!7}xJrnVfDu|F~WA znce+>(xflJ%DOe@EMFI8lpepy5w%riH+5b$+rvSZmUR((vVeE>no8Mq#P$eHBm9;u zMYF)C1TI>7aq*lzbL@~k_r2q9q1AuWn$#oeZ|P~Z3wnUPtFAqnz8G6F5k~*M@&~?~ z?Bd9DQ8<|5p~M)GEsC0WpaGL7A`LEnQd|X^wzbM}J$$jVt1H6WCo`-V!>ExKLb$|~ z@SvXcw*L6|7;^pBe$IZ%P9KqkZw3Z(_#CvXtqasxDr%D8u)9ZaLIF)65$wToqO1o= zC|C5tm4mag0CpG@LiY@^s!T;Kb$>Xkz=J@~l&MLQSumH8krA^RI$WAZ;phZK* zi#U92e?uy6U`DH)psY~*0%}r_*k$)7Oh3-5Ex`OpaT8_y*y2WiQqo|chc%i;RFNZ$ zm(2`_)||~C!6@V*EY@}%s*DuoOB8cVW{PS9(K_pLwvo)y1IWW1OH%CY?Q7Rm&bJ|J zvK;^UyyJWE#3oevR0_~g5xduxPsaZos1*&3n6;|mX`4MaY2%y5H`Xn-wQ6~P2O=vs zfBrqW0RvR^LHhYw0o~p5Nz1xBnKZ-0FBD6g_B`*G(}5TJPgzd$kfov)?(j8l+9U^7 z;;brAn_H5&c0%msXv1iOTBq^urJlIglB8WDU!(g}I0DYfA<27tO6Vf$4HZpCF>fiY zTI(snCJT&jg;MKd9X(_|8PF`X;}mHF*Son{7W0&IM+Asb1@zWdUVC?jey>Rx_hce` z>fK#bedKs5(Eq>iZ0iC);0k(B^>ub`#kSN43~MLspL{Sr9YI4_gqn&Q0^;4Joi`1O zZ(favIoZcQuAv5< zf2((fj*+%?$J8eBaX~-{HCG$sJ{XGf$lDYB@NF(_C(K*DptB+Gs1Sd`+4_BM2{wIW z)3>mM-0*K_3;!#;mmT{ukDtBc!*AK-BP6gjKVvK&kjl_FnG}e=#dE7X1W(ct{Z5|R zovQUifKgXs?I=2NIlut^xB8KiFa%EQitpxSrkt{b?&JQMDqcPxiNxUATWGu`I_5%& zNp60KHc5HsuuMpFiFTJ5ajB{gN!JZ0coYTM;?k~c2URg6c6aB(uGEE#|@ zP+dtXo05dgYZ0|O3Cd`{jZ&XP~yQUfs6ZgFChRf%%x7BDkMqp zGQ!2kv8;GwEK)T+KJ}bAgesG|MA^y0`(I0o9RKkq6T));sxFP6^W-~R)jV~BLWc`x z+^t~21*wcr@#3t-3T|O|IDvQm0GsUYnZzw1`HNLc@=YF|os*PW1Q5rUlmG^Zh6?pN zGLdQ+*v-C5WX#JfpsU<6GBgaA=kYcRNV<9W1V}*$Ip1Pp%ms{oia|=x%E_r_ysudq z;#MNOhg$7>e5dzYkIA5p?zEE{lKogW>M$%RDHN*gcc26Zthi{`*of5+V&b2~`y!tV zc&oWz86{8L-YlIQa@PrUS$UFJKe$%5xKH3vzc~__&LS#TCE>n#q($h8{x1WksXNnY zS`Y)-BR@6a8&gxFqe}dXgYtTVh1M@QBeb6Xl!eca7O?IUE05T^sH9p%JhU^bFMQZcgoR)V5R*3O(0eUj!lPD9wqTUuM(|F+ zY98loy_kvLYwyR%PTWP^f}(80&c`HUx63XVd)q8#lI^!TbYFB)GNlt~+;nn}FzAg? z==kM4{rZys_?-5lo#@30)zNHwrc3=+AjzY=Y%yzc%ORoGU*GFB2`R4uAU=0o4a+&9 zp`{M){&P7iTP&o6on6)`i9ht$`-d-gVeThoCxHYh-}F6{kPT^$q)~P{uG%pk{!{IE zm;~16RIe5S2Oom(ukmyWa#AmpZ{EYXIrZvC*m8FJ1sm(67z}UptLb$YRzvf<1-HeM zJE;XFzaN^Gj6wajf0-s4wss+dza*NZ8wm>tRJH{?S(nwptt!At6PR^l)E|ndio%xk zIY)64C7APGsCq*af!pHvM$VRYQr*_a0_zD3d6YF!TIra(oWjC}A`j&K{Y-J%#@AZQ zZC^7aICx{&aV%`PTF7|y`Bbe_Rf(7LL0nW6Za|YS6bD}~F%w_D9l*j=)r!75btK7m z?km;Y;i1%?Z&Xm;-3-bT)@viVc#>-F+4KBF6p_68qsf+{#8YaT_M59gh0YcfUr9 zs`lv#i3nS9R-?HGRUAh~O#JT~*V|2+j1bNWSU>!e74z@nq1vHi<%a!s-0Cen9ARHc z*U{Hd|Be4U$Bi9fYZH&s+r+PX_owB!Rme7 z5v6J+^yjDciUE$z6|6}V9*j*gjOXV8A`>gWv^}p93Fn<9gq2fnN7AfB=xf?41@;+X z2|FHJk73mu46EjOqxjS>)@&fbWWi7@Svy*YCwvw64(4)upUx61C9yGF3tkOlrl>nS zkC>fmerKfYUemZUvpZ-S?h_&`HaE$Jm45OvQ)GXJ=6uxF`iXIpO20DaY&w&lYHFT{ zRirq@TQJxCCmF}>2x?N=ty`~tYL@Gj2}V@ilC;(|R`oW_Qb72NE2oV-MZ7C`4&`ec zmIcrFrmx9&CjhsTG35eOq z&f4E0l#?9>whZGjjg7OH#7VdFp|SO<1XL(ud()()d?O+vE;ocx^x}#Ho{$kL$~q8y zt`Qmk#jRE{uU$Zhc+wVekpyUeFi&tU(fknO6?2|MM@w?q#lIU)u>AW>(e@?&`IcA15qctIHyH#Y+xPRvm8|Tcd#%^M{XREK zx;+8nX>+1$Yjq`3V#i-s+Y@p8e28{!i%Q@^Tt*@qj@`Yh3MS2xj89| z{&@3M7sA98S+Oi3KZrUDfC=H0`5|>U^7PKb-zIQsC7e(V-jMuo=|sZ{5c z$1HhaDIfIIfmC-|e*OzrPEpZBjSMO54@cc|B65Gk9-2LKAjr)_lfzB^cA#kMkY3zY zW|YCI5d5(McB32f-c4%u-J2uU#Zn=bnJ?hi2ONGIWar(YqumQn3E-xa0gHV5cwe z0$l?m%;#CxZ8sjoY;_kIw)S`5Z7`Tu z!{mMYe}G7MzB;tQPn;F|(2Cjby>N`*#LTow6%nxAO1pZAK1tNU)u!X}=5*8cXC0W# zhI@IQ?%6A74ZGcgF%`^_@Ye`~1Hv#bYn#uxgrKHP)ibHA>#4EtucBP5CNWTECl8mp_m)zsMZKcjE5c4>$gp{SaMhp=Wp|7?B?cBgs}bD&hSS4G{=bIk>)#i?s%U#=3h zIW!tAG9wT65($4TX^DqVq}e z;^H3Zp}f{S`o5+{JPz2!kTB)!{%1JC8veTw3~TtfJs!<(AD$hCl$T??(3I7yVd~b9 z^6OYG{>%y78Y05k!nkuRkLgye7l>>Y(~6h4&Uc1yziv(P$a}#ef((epq3^krSJxin zyQo&oTC;M_$>J{;vCy4<~W9Nf_;ag|cn+=kUwDsIN>cpRUyx7LPP!p{$Z z;M_b)vqof1E&hs}ub+jK$>m*JQuypV5Ggek3yJ_Dt;zZGBDv9j=R}@9*~I(;a4o~^ zTHw?$)DS{A#>PHfz8-L*Y~^*i^PK8!_7?9|rzdjwY?^SO%WhsgbrwTqDl8oP@gckC z)C+1jMmCYxryu1_U>KS|f9Pb+w+sgxtn@mgPx0WI!u5-ED=|)jUDU76bM<`{BUI3% zbZ&}EmL30Zn?eS^@I92!{JkBysQM;n_!l*@%e|Qs_)ZxE<1qzbIEKyP9nJ=?j?6HR zljU(h1Y(#mXy)+RaL@DDfDAT`4;TZk7rVF#kR%u?#jR>R%eD{{l{DTZi9m zg9ivX&?8p3W2gN{P;h*Afvt2lTkS zSa;?Rp1~J442}Kgo9byTtT})YUy)rFR}J^serh%~&rLAKdi4<>vPG z9p#mkm7N@9Mi|RZZzH->;4`oWuf&!<{m8AWK4a(5sl!3w84o{i2;#kn>#}yJ@=d14 z;!q-@f}eY#$kF?2Zuuy-$QxpG2jBs=C5!+l0x-Vk)I(xuG;o1&8+$2w>0I*0B=xCwJlDg2iC?_wE>1q722@4?I0R zm~;ftFspdga^g|SNW32`sJ?M+=3XP5w6l#xwQ$rr2>rn)*_KsmPmG(+U z3PF8#{y3NCDp|a;awfdp<^yE=d(@^l6m^nw(w_W|L<3g|bOKKVejiW;o&89-lC%RC z$%alri?u0C!o(_Y_7GC}k6_Zuc1NT&MS?>5#(N_zU5OW_asS)#^d@A0e9hVVyP$(0 zXW2r=9W8_$Phn3qFRA_ay3kD_kr*$xF^hZqv^@BtXnqk=h@URy8;D-Mq$c28ebGX% zyWq{~5AoEi7~@<6?xhHdF7remwUl0;J_MF1#(LNY@Nk~nQk1T^%p4pS_0#$bGVKJK zPF|pDDgVZUi}gAqQZzX2wF0UtF7jn{C{RL2&)t}L(dSGX_wR@PUoU_|#dyS>j2h3} zVy~0ydESfVaOx$>>lU`X$uY4Qom>BK5|HzN%e=Q}5DIzLT39!4xcwNv@ViaIjBd{x z!{O(%9adiJ&Qb5y2}Y*x;0-b>G@L9d(l4X&q z@iB*n@Menc>xofK<@~D*)$b1Es(}&BQ=ML1ql}Zh3Bc746m@0~Jz0#cB}U{89EG76GM621mp0%glFW>6gKo9L7QWC5N`%0+q@CsZnYCN~T8% z@evS-N3-9|@8#teiX*mL=&9JMvOtnn^0nx7;MLgwo{Hu^=J-Dd7^{%@Bp?@vGJ5h` z|0%4!B*@J+9WYWf+}d!}UB|@@m`yb2sa?AB=h{`;kfe)$0{nISzRq%o3%O9}wd#Hm zyB)EZ^%xxZuvk4YfCPy_GM4_Ww`xoBHE!KO74~~mtQR{s;O%D@6E%>&3ih5gXiEMI zfU-!`l(ADx7^jWw3puT@_G7i#gs`nEOITp-$HK!vZ%9HR;ONH^7i0kr6@pL<2)By| zbEj{S@z?*msoc5iRxE%_4si(NZ48wRW;@i$-+t z$|nio`na8oF=AeF+2ad8Fv8gcw#Jl$UK=i9Gjfc1ek5vfH$J%p+=o(~FQf$Fc9#+jp7nH&B~(3T=oAG?WDuPJCAIyt zI2{(!wrT%z?^9t}QNfL??Fqs`aenU~!mo5gtOE9Np+fv?Z|C{qzJA#x5P^m#Kb}{0 z1w%mJ_A0ux?cqQU=&E&uBg(w?A0JEo{+q~>p8qYY-Lndu*sSAaA>Ml_mrEM)IO!7N zd}~evi-RD+#`>va0!!2V6@UHUDsxL8IjKL@2OBd%;AJt+98>GOq!VwUn!C>CF|~?= znDpLun0z$p5+b)IWCwc+1aX|NOx>6zAx6>l)t_Gx<=?x9se)V=Gm5MfQ_!vXz*&dF zAsAZ#Sf(#aS_?xp%=!%6dN`YSOIML7;(&VNC}JAdEj9 zuhj zW_5^IX@o&5EsrV_Olb#rsi&C42I{p_ z#^X917^`Lze|m)=zY>4eY`OfXW?u-X(T<6q=7X;;JkQUL5fT5{>s-KO+LwrOvzn}U zhsAnT`OsEDa&5$9N(`IMQ|0}2y>gflW2-wJ{uuXOX0|m&oZM}y{|Q-W;7O6(mR!Y= z4vVHx-LLen#NGuMM4hA}1JL#Do5o>ZL)&Xdm>6qVwc$+J{B0au`;OJRZcA{I>&cS9 z-C{#XM51~2bulpVf3XR}WtIB}U?ct)=pgP;Aa-7L5^*hcy8qbLDyJgjsGh5ExjLhL zAZ&Nz=A&RMQP)bCA6I_)GVSc}cz=1f5tmMX_<@45I0l#KIR9HwMvholZf3g3L|x=nLGef;UCD|I$?s5jp|oR78mb$YNk zdK#QM&@^@EEh-Q9)zmfAMBDTycuPb|+3h**3x>8!8v-6~|H#KVt0OE^lGpw9kNVed z+??GbMupRfoRClQ5jItC*N0-*Yk+YMQF6!Ahqf~phj;2KT(U#u__;i=lNWv)J7}ve zGtW4!vsbK#1o_^(iLxMNanmD%vCypS>_+Hn6j;W`^lfRFKsojIZ$B6bJUjHhC||36 zXw=GO_6(ckz5k;-lcEQzIJlSRY}zPi*EV1^lJhD<-5}28z$-aL#N`b4R=2qry8W*w zu={fKK4$8^{V6N(9XSQ9nzQkEmh8VReCRc(?UBBztm)Nz}LEL~!RTM;uC<4-? zgH&mv(gdV8Q9}<+dRLU96s32N-lKFv35pu&od^K}QYCZ@F@(UG?DOsK_}$<4$9?W| z)`Ll0Sy^k%ImaAh%(2FJU%E@&5>$Wo-93pkTO$tYwo^zRQ z?Weqkq5_yPM;oV3pZ)~Gz$YV5a`VW7n&3|NY45Ct>|XM`^5Ipb!{3iBo7}kvHIBJb z@|_1kHasH>3kz70d7lD3nn%ka$1H=DWC#Bgjt|OLVmx~`=FOYgTP)!q*d%7r==udb z2-i0@E)EF(9K{5}?Z+FPq>9Q6Lpk5IYuw=ZA_O$?;@`RY;H#m$-BClmxj6ZaV|0nZ z(NSiQK770%avtz(92Zn%%d^zl^_}+eh(bVtn)IPYFp>e`$Ukb*cINwkJKf=3sWu_e z7OrzaX~#RBfS?zjXuvNAz>Rwn!LP0uk^V1gOvx3o{|3rGi~_08UQAH|Q{K-+AjdcQ z@9nP(AhY?;Eu8)T^BpF%E!!a4@R|il_weq2C-wd7bszMF$rM2H=*Cv}_d`{Zn2e?vM_X zK4A)xze%M38328(?cjY+oNxgJq`%>eENRgM7{h}^Y0FzajzgIV z7~DTMd=98i#&E2t{xadq&;`lB6c8FNrU-dHy<7JO-$PRWrm_F$%BA*V4l8Q^NVse3 z992yGtBy2_+jIN4NUEkM|Iv!$i1!&e%WT zlxzOaHmXR=X8vosNUPM%eYSVvX_ME_gq;AOs7_MTfhw6!QJ3$rX{;O;LnZxc}YpN2leh{BM8!(H%gB z{xA2(s+5tD5h%(%?Ip(FVQyjZ0i=BVZSA78X+2t|!DnElq7DH1(qAPbr$A1AQ&ZEw zRKy(g&&g=iiWCTnV^J zt^L3;B8h;YAn{T}R8(p1qhjtMsp`Bu2>9mf+C;4|yw-hA6`Bp$!L)Fdmdyrc_H&DXo8i5h6@au6fIMn&b>syDHH z^?GbUsr66!*0W$GI7B+it-n#u^{iaqnyft?%r7aQpuLUC-jy*zL8MHVdNg6?FWNe=Nx220%5C-(yS1 zrh)6}xgjYSfC_SjxK=chK88~#FH$twgb<-xxNE$;<>Q!o=Tw_T?R)nOszSGBRgmMz zlxT#Gwl?UoN|UFdeq=gd)nUSvnP3i`m%g@a{X6b94-(qoXVL zP8Bj6?$Hz#jV8H)t93gI3k$b-+H|dZo0^)&yCgjr{ucYr`u02Qw=x4qBKqXU;rD z9`54~OUqmY zqv)LAJ+ouNEAg5 z*R?}h3s8Cr`AwMDJ9xv0GZ+vM7XAVR1ynG9$(w^1-M^nV6$wWk%6WQvCOy5#!4V5C zRdjC93Dt4Qt(9Wd$-Ns(|MH`5J3PS2IMI$HU8;Usw0QTM6Lc9IrV>`v6STX8mDzvS2bbCovm%I;BTonH|O4 z;=5@a62{ET%)d+bdsidm=WtPX{J9DW8m3Z9gjbpJmus(qt^%szbJ!e&SME-Jem?DH zB4~8$!A=htwA2Cr`wP0M$$};V45vg%9f%nO91uep>CK&E8mhk=w4|G>WR;#eh^7R>y{b)~89N!MBUrZ!NH-J3ds=(gW5$Jz9>OH1;JQN);p8dKDGdCoN`W{Uq-j}^>%ziC3ZZ25S{_BjbsDg z+v|5sO<6%-<;BG16WX)>CXpof;Ez3hJlBu1PXKLc@%2INfD#V<{w2_9cL3B57~5w+ zX7<7aLjWj<Rn^sIX+!}}$dm$1KYWxNqzzk+ z4sP51p1uDTjVG|S7&fXusRTNOIMe32cyDpH5*z|h3R5VrfRX>+7AT{eCHqdEHZR2w zDTv)hsMc|Zd60_93bp$eC#E;KgUP`irL>QD7;CZ2)5O-zZn3>lUxk}@U|u>UMMcL+ zUfujsc8lkbcSnYY5kb|*!ZQ{4!*iVvQzBM~ zW8segxFle<4b(V=UR}Xce*0)#8vsz5#Df`K!Bp@&BrYdMUPGLv;RTAs`t0Dv^UgW?&Q=h*+R7SE%$T*xsk6#Sv&vbs)&u&_sm8YgM-=4aLvdWVU?;26;x4fL3d3|+5)@@RBT%2(V=$u6a%+b*U4vaZL*0|cTtfjq)N}a>GzOIf{_X!sV zN0lXmIWR`vd_2JeN<>gKH{sMsRaa zDQJCpSuk|&u&}1vnd?up=G_8{&;&C>mJbgZ4BEzR2uO6x4a=rHa~T1FZn}A6Ap-Uh-f`IZF$M6+fG(P#IR(j5+ZV0r&G`XR6kfdKq!S|B&C%~i(b z`$Ipsi&h0SKw-j3=zEtgZz#jsOxxhUy4f#WSnBWU8nV(8dhEsNvpzXiG|%Wg>*jw@ zMD88hFto4%=_V2DddJtryBf0q!6^3r;EWbo%o#ldE`j(I9KO5Zd=nO!lay3A*|^tg zVr(2B{1`t8udMU}Vn7Uz$qzvUWHZs(?I^k~0cC2kaot0?3oa!onO1!xB@nP>ChzeA zBW_Pz7znLEGF2uh-vBIhK@DzJFne=z^C{rDSnYFO8JF4@s@uuzKofWh78f=>s2Mna z5i^f5zN}m$fh^z7?Xn`q@wFo-U8Fmq3)omYq>S(SWRXw_VZt6iGeXK1I9kGchXiI0 zd3;0ul_F&JbZQlaE&(?aJun%a9ENAo&g27!QNphGmacBx&Vwf)@e-6$7j$OwOww+X<{1{651R_oEfftEvFawGV_cQw6Y8jBj7{(Q z0uJUS;7^ZF6M*4_v&}dI{a#K^NlEc(X=``{5JHP{1Hoy_p)u9LZJw_X=Q`UQ(Ngla z1<~pH(`VmGJ$gbXhM>;t|6C)d?&$1Xv17L3?D}Xs{p7EWB*>$FsoFiAx=y?GUf_0n zAuXZ@ygGgdM$Igz9|YgplzCQ)1mp7SJApzmpDeXM!@ugb*qvOAwTS5^uGJ2hJ9Wmc zj<3k5n6%GF zivhYiI{0!yf8|5Yf>I0ph-+FYrQHA+Cr_d1R0r^*%gnJt61SgB0-=QO9J{~ic>#;( z&BCq-ZrY3=bdwtg;+v;k8%e+m>c(EOnO^JSKNxxh*G2*`pOzzNA3VuLX`N(D*uD!* zu8A#DCThahgAB|Tt@jf{4?@?cZCrTn22*cgIo`B{UmdBq?5clOM}F-dKfeqtiQm9< zp<$2Weqj?!HV9&lP zg<=zZuh-1buiKzZ-aVOm*~DUcWXwu2bi7s`8~>!Mrlh2$qN2P4XEJt8c^81f_8e_% zs~r+|OxiQ{k0vI}R#|gH=ZX)o?y^Z}ZvclN6l_*I!K}`+ibw28Ku2r75kC^hA8=L? zaDN}4!n;Jnc$MrT{?GpATmIut^}}Xop`+>N5DJqxyn(;6+d{M42*|sxcu)VW0$$!P z2?~_TJdKic{jn9KmVn@$)wJ+%N`KC{`Iw@_3@QzjLWq>I99Cq* z2XK#e2T8WaXzlFSH#(Y947VTamvF87Y_PH||(b zjMW(U3NcmZt<4_Y$*y|bq$HBblq4KEW&PC3q=l|Ans}%TPmi#S1QhGv_MxJz->_qH zh*ffL9Y=z%vS1+ZcML`%fH%#j*mgqVuYuD&&bzxFJ4dxY3yNX26GB0pT}#O|b&Cqd zMX@D0&P@2Mot#T!=`h4z!`%tP&G^-2S*#=*UBPZf$(lbPZ2m;5(QOFsz*G^VxWZ8=+&t{e6^OygUJ|Q)ri=p}p0tuT?8DyO0wjbuslOC_lj&!~H~t8Z zjdI@b-X?P?@f}rD(GkxVX<+Q)!{yn$;C~tJMv5?`cT=7IjcR}~Y3TplgTmRD&{eB) z%-Yt^8X6mA5=~gjiM6HS_txvaahfE{h2bjJnoa1~%28GizShF+>=6C8t8eJY=a215 zH8ZTOulE(!@&-+l63io6UeW z>)&iQMQWXje1Jf1T4B|O zR4x?OI_GZM9BaSdYdEeXb@8+LgS~*ZoTz+$ytz3(P1^<*pj?U)XQeejWwG>*cjeg6 z2);FPnweKHGMyXPsL<+Wyb6c_Lqru%(%EviZR2cij13&M6PKojhZp7m zh2hnN@QlbMm$O&MVI2(2wIL3(Oka2z!dAm;_Ah@y8A_^Ex_DLI2i7ap|U_NTVKAyyCW_x&cHu9lpS?_?TOH8DYL2#ea*7Lc>2vVPSZx?Dkb9_PSoFd zyl*wIgR#poRd`v0Jfq}E2*i|qlPB!2 zU%MuucMC?2npZlT+zwZ7D0|wHIAd>n(n(CSop0YXEE##nbC*AE{*(9horZb*6g%qe z(R@8CTWo}--lK6p;q!_0*MqRBxX*YJ`NLD8eR}I7TNq3SVD`-WTNmNEjev@M=?KL% zYzHvjP54&NXKZYIy0Ha>y$=)vIimZ~^sPZe&!0**E%-AC;*a>B^%ji_SP;I}uFwsy zwkGBsXmgfq*ZFX@_AQp=`M;;L`8`ZBwnEoTFC9uj}`yfCmEdECajzv}$sS zibZ(5_fBxG!hlv))lCK{Zn>#i3m;%rOp$AoEO(jaM6<{vcGS75)N`m0LMBj@i`lrT z+3+0RSEwg{WW=ywr@Z>wBI)p@rHmEZR}Ud{qCiC`r~d*IF))Eg+(sr-XVputuBAl_ zg+eWmLY!dl6)a6;GW&*W95B*SY;9rjNHy>S^I%L=%K!+MNkppvs z7|35VbNb0x3peuD6;|WiLqo)qG0!8y@puC**!gK4OQ23&`NZQC}XklWy=+9Y? zf%y+ee<5t?mRv<2JYHq{v1>faxfGZP!+4SQV2EH+!(O1ViOJ7}1sE1 z`g3awaDcz%+BFe}I9G2Nj7`P9g_U@6 zh;< zex3jA_ng`KxA^=!NbU zPTF^KrU)L2+gvG1wdo>mo@#U7)tDzQ&s|@0F4K=$!Y`+n%%D#2x`DLSq=>8r#t{yOi4V4xt*Qn1uk+*lj6uUNRPg^W-K7yp3*z!k@IV=i$=#ZcWb?}!6_PLfZF#$3NZmUTY9?+|j*eYv9r3V6 z_wh_uOi_+faDX2t@VuL!fBb6R)Y=#2@#KwGW9SHC*xL#SRN2(FV?KYCe`w;=jnT(d z2@Ouu{m`IreV70#` z`AU$ex2}cB6GDtf>Gd&`yac=YkRE4(Zp8|#A2=`0A0yyck&}D(5`4mijZ1ILhmo2t znqSIP6E={sfW2KHb|KG`y=1E$Crb}RmxapwM)%>Nl7Eh7HO_z?<>l$AnwgpDnWuN2 zol!4=M~YGMRsQft+G4+lj~P!cAVjira=I@=tueNoP+DMOiX-#5g$e~j4Uj8prfdpl zUhz-AeK+#cYk{&b`ZA3}V4#Jork7iica?D_;<2@Tg03}vO7F;(xMCMcwy!9uyPDhB z5bwwU^6pTL?!4oEYbd;P4iwM-8t#D)>RE@p1Z)Yh-Pk^?ikBPjtcJUlN&h_qN}OeJ zw_S9xhx& zU}x_Ya*%dRPcIb0G_<|RW(g9hH;4W3@@BVRLoiMEoB=cX;$07QDUIw21snlWg32(6Q?`h0PXEbu<#Bgj7a*sr#N2HVDbhaT%-Jd>wF-83t?vZ^ZKbovx1=#M%C z;vV32be(Ea(bUvTZr2Nbty(db;7wWbp(~SB`(~V)2m8qCssK}Vqs%UqL>bhDDL0V< z0!calJmUSEkfSyhG!d!om&EsjHtI2|+%EWY9PU|Ef zHBX-!wqNM25h5}wtqZAbI0#*u>w}- z$&Op`_IBmpR%?$&1aLnYaUy1Jr$An|dVB%qA= zsc~h`x?kr&?|5w<$_*UP;xdw%&$z7_=~kPj<%2DUjE=F&5ovg=3@dHS#tnaX+>Iap zIa$woU^N2plT%4cn@n_Qu-U;KoKZyQC3bsdqr|fX!4yS$%9ZN;Xc* zrhZd4E@;u89o397_vRG^6LgAepF0<_HE77C?)UZfkY0gDyLFbF{D&Bzz6OWZeHQm4 z)OQ1=u5UJ4!+Xdn`tqLTO7FLpb;i$0-b^8>1heK8KW&NGzc;L>ynB6pd1LCj^_emn zxSHS4Gc_!s%vj#W`ED==ybJL}19Wt9^7)shh*-%sC@#fx)%979UJL^6zqd0uj z%8cNcUC~3=j;30&3L8EwVo<_DIvhP_r^Xp9{RKMIv`o>Uh<@E-^}JfZW&31}T6W zc19Z|Im=yvTmu()<&a$c5-X2hZNh7V@K5(bZYQ}$%En#A*z*$D>o+RpN}-d|_^)5T ze#RCQuUD>2`W3_e^1dH`YG8Mve$}VN6D$p3)hcfENjo7G4YnlmVK3IW;7oUfE&pa` zOG``g?&%US>KAX1reUXstNBn9103L)nb&_{^Z@%jf6X$KQ zRI3Uwgg1NOQIq<{mtDQ%_xS*IJAXNgBc8je7!1Y> z1e&K{O^J!hJ)_9vqN@Xg-1ivV=K`C5blcl195eIhSb+em=%D2!%rz?S|`& zaMTdd0{RSzQ!{0R#B!MC;h|59Fz%T~+VL#;u1&=Pa|8T)SDR*rVHFK(qoni9vR|YVMz1Ea}&0>bGeFE9T*O1+_pi=F)&61=bmqd~|3;{t;f9fA-WZ`7U2 zs;Wg-3pjeQL7iuhKtL%y_44953ia}m^l43jp6aPlhodEwX3VR=v9fWA05V^eIcM3C z&=ZOUOe<3+V5P6n2v!H|sJlffJ~nbt$DZHj_R1xsKsY)P^#f7ON+0ckmRNYno)t$d=M$D^H_DSFYzoT4(xiImf)X}b387kYiH!H=TSl|?_tA2&H zb829vx-p}neKWPVDnN*rv{+Y##=TsIypQpMX5rkeS}w;2*uaOCIB2QLNPJAuA0LYD zHRtck(LDdOXUjRVUsc&Bq>kX6!C)?7G{<}Zxz3$>>Yd@ovh1hP-t~^voW9nVtg8}t zt7GqyLS@-s-7e4%hzrUBu_JGhRYhH2?2>b)jzyw0sOQ%hg=u5*oZ8_#y-zZZUi}JC zOxKILb5i9^rpXIgO?p|DvUdX6d@K z)g^t!P%Dl?Yv++=N+5zw%3zu3_w6Se>EOOu{YX4l8VsXLZd;?!41Pc4oyPnZ9g!40 zOz~EHf?5wt(5M(YtIrJFFaw4F4F*f7iW;6fcZ82tjVZ!b;IjVs+#7pq6*cZ*4)zo% zI7*#aBY({46qaC!79xq-vkmSd-EZ*!u6GNuX#KS#n2%Ow3O!;t;?E)W+JBKEAbx}R zot)92XiIM24JE;L7VpoyGB(WE*K%bYg-0*#4KaP<06`RCc>RXnDQ*M*8X>pEU^vw5 z)2>1~YBX}kg*t)FMST7D2rPB|$yTt9SBn)B>H}bf5jRZ`o_8Wjt@q9aIh&<`Obl3$ zLWbhz?SgkzCZqIu<=(f(^4>A-d!CQ5b!;A9eC@(9FB?bGc|Qa`Ih4-wt+!Z(S)&=P z(xwjvf|THCfDdBm$7hN%4&3d?4YosvBJw~buY1P zW}>5(@#jvau*^hVpU=Y2Vd+=-qahVu&rb-QvAVd7;Ff26M~j}GSnr->%{}apx8|wp_Ddupb%s zwqlBS2W|rh?Py+#%Vhb0t@5Suv$yJE5?! z!$#7Opz2w%<4;kXEhUXA9!tqsWPUk^NSn2rOY!49O*GML?|q`8CSJBy`GBK1o602z zh($jo`>LAFUWqk)Iqp!BZY4WAyXZu~MDCt%yWn9PC~kD{^YP(r--~r~Bs}eF6FL4A z4X~$1eQN31%88~ja%O$;#n~RJSvEcS&SMUeU#rIoIg*`FSphNB)YLCgZ&+saDRYWZ z@5ZerblTyZ$4jyoI-Ww(w-nwQSh7U^Y<+&@YWkx=-89k3sjTz__?Hb9t z;8fz5Tqio=^Z2n^X335m^O)BZ7K>hrFVD_!+JZaHm{8+ZhK*$~z|{O@>f;Z!tXkH# zhe=F#CaDg4Z8PqUr&$ccc$Tn`Hx)7oJJL@Rdh+aF9cWLs#i z>|_Q6AqJA_e|Arz>&jzrv(?uq2nrY}Fo=zA@FT zHh@*IL2vCIF7wV%GYw_S`>s$AkOkX(a483vF+r1+#N6MqR&6^UKMWA|`9^WMNgLtH zsfu5PfSWk-bMWie2%qeD(1ePL3Z55vAxO8nV*Yt=sXxE5IKsQ&=UndrV{%($DUsR#9sAoVO7i@q`*I z{~`sy%IB}IJ{xMUKe@!AXU682qj?;I!r^0f^kx)GXqWk<^e_!NIm^k_kC{;(Fth5G|Iv?z8ds^kDDr@7Oo==@$%P0azF9lmoW+Y`g4qtd^wwSyP zFq&}bBAV;Tn)Swd<3|3G3dIS!jR0R5aW7|1jX_4b&8a#ME_V>CHv|6 zIi!jI-jBdN9@IsYhrs5xSf4y>7X-9G^yvvknvN=bcz{Lm+^TlMQMY@`^%i5X5^C(O zw|UhC;0KKWGrTQkq{vXuUg2LYge-Hm(KXO4^&-~s2m9$P2DHUVC4lAG1xDa*Zrz%F zh?$wOE_yl10zj#XF3Gqu4z=B)QBVM33Eh4yJ0wDQ=C^&Go ztpKYe%5;(fSaRVf9qy8B`XD$tHfFTmD?aYp7#&qQ9ZDtf_V%n*nWHKsv~L~SQRbAs4C z0;Rc4t#YdxC-SA)*w*XUW_|q01t@b!Z`86shMI6g@e^7xkj*ut(6Rx|+1)1RBA z&`G*~|Kj+I6m}p>e{NdzDr$fJKkOQa{QSA2BSCGD@y{I(ySM>=@E_azg};N`|Fg%` m^SD)iY(h8x-?)wDBg*_msj=s(muimh?yiQedbR4q=l=yXS>Eda literal 0 HcmV?d00001 diff --git a/fast/stages-multitenant/stages.svg b/fast/stages-multitenant/stages.svg new file mode 100644 index 00000000..157453f0 --- /dev/null +++ b/fast/stages-multitenant/stages.svg @@ -0,0 +1,1278 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/fast/stages.png b/fast/stages.png index 238ad5a0483485a533fe77e53ac7ebdda135ab16..d6c3e386a55e0f40c7454bfa56f7fad5e1e6bf2a 100644 GIT binary patch literal 144883 zcmeFZXH-;M(=OVem=G|KlL-kT86<;>fDH&r5F{%(HaSD1Za{LD44W)ja;C{SBe9{8 z99n2{ll#nO@Av)2`FFNh`R}py0>O zbWm!o5|Z?15mF@tHRS@9BoluhG=F-nCSzCi$I#g8b=DKnyM*7#nFWnmyCR=n|LAW- zufGz*@oUF&`IF^SW<>L|$o%-gkH);E<^*xA#fIfPzTd5?kyVb{<#2e}fGu`yq~QD0 z>c{&hYMC$BC1NnbS^dJZEAGiFY~R{G@eqJX{&RF{+1oMv=L-blJ)LHH?Z00ag# z`{j9Z`u~6G|4bVR326LhT-m9 zIr06O;A&EIi7R@e-fex&q<5iV`lwfRViuXrF@U%ab^Buxx~LO!W0CG+0Y@6aL_Be8 z_sroiz2Oy@dqZq4M zm9^rmBKe51amfrnI>v5WelVrjf(onIRPdaJa$z%a zux+;S!#h*2!#2uv`^!hy4{?lDIC;%ghxoRv$={D>-3X&K+jv*to793~1mLs72l+>JR*TP$KDDHW{>aT$mhb6tJXu$(CcO%24^Ddk zfjkePx$dN9WTdRzcWNJ_?&?~tdtRHeEOHZ!qTkLVv%XaY>qm>VuQ{wYonU$#sUh4S z$w|O7vaV;3grk8jz;)Ah0^>TY#FIz4yC zO*pAPe@tEswqzu~Q!_|>pGH~=I4J!p=^pFg-IUpu*JCd)$@U8KX6)HxHh>Y;ToPa2 z%3NAn$~~xZ#7xzWYz|CV*H{^A_FGFd{$oNjK_89OqTd(QycuQ0#&$FS<+}kBGHz+^ z&V4ddda#)vv1rO~&Iq4BURpA8``y5mxoLrA1j`k%%sySd;%JAMh27SHKh!cF1w+mo~y{qljg61K2jtFlNp^B@GF7{C59V8vI-15IbPTT+Qati<@w{Ut=UthJR9-=$N%vO$S+p!s^BY5jGwyrSp?ZTVvood%_d^6y z^s<)ncL^Hm46=cDgxiTBD=>p!v9sA74F_sSD-331PWo~eAFs!=wxac%z3ce$0wVMo- z0u@%DKL)Efyelrk1Fgj*X=Jnl0%xQ&b=sQ@OuFUS9ZgN`cw_v6f8=`y5 zNOvpyFK6}jH}>kXfuGjbEl`wh#kicNzI{y>e{UQpEtWTX9zWBl9wB;C4hInm+HX`+ zdOKF57PWfnCralm!bD*m|M+#|@D8v2Vd7c6CoL_l98Cl>&pRaW;bgaCnq3S4kAhs{ zo`ZvfwLW5TEU=_P006;3uua_?3&9%c9n;|M4WNCXS5s5d*I-%Rsx9raoy-EbB_fVQwe$ zP)9YROkwi;?K6!adkdyz{|+3~^f|1)UcKJa6Av(M?(UJaGl59ED13y8GY$6vLK8!Mk0>gH^>elNCLpDeiYbek$dNSo108E2$wgJE| z6-*i;F3c_AU2}CXbDhk?FH1ZBPI}6bOVXd7LCb(N@TYM{|#x683GR z>W`X@=8xNZLY9kl4l%%9dv9ypaldWs9t74ho~Xs)WVXW7&q_DabUb;SB3P!p;rxNP z3$88sbFC9*X!#!E@6^->;@HzbfGB;K11wN*CF&Wrer~8JuG(b2*ze^7@%=qMxAj`O zQW0iIDcL^=RfSD1H~w;>F)~iE>Z-(^_oO^?Lzb;)6D$ERVpcZYt>bg-v#dIS6C2hH z%&Bys+sSe7W!opqnE=~XfvQ*@|HeL%i0V6oZ^?oMAC_l;C#muW$)p>TLH$}%Ijkh* zTrCbhpI}B*Bo9AMRodm{=BldE=$XiCnZMY?|8DR`PaRky9M?p)e}*~BWQrr91hL8f zS}IAXM8qg}u79%oxpb*1c4E9C_bLX#wRQr6+c27`=1+o+XsgT4;j z%ry>g*uWZoF|58T@37ir;Zdi-@c6z=&B(cxPxQtB2QbWNSzzGo&?jmsXhBa87Y0y^ zb#2!j^MO5k#4N*fyYc581)QuM3PrrvRc!|sjTgSeV27G45Vd~VDI zn+<0(ZIG-Wi9{NXQD0qs~Sw7!JL(1WSpqefvyhV7#<~3e<3NdD!`>iol zcULytt(@!p{s!2TV$vy!N5AC5F~KslNm8WdDgREX!%@@&o+4V@a?VPh= zDlpmixhd5_3p0g(x(lB#mQ8<0gn#eJ`znebJ&m6^TqTUi5anIu zyOQ34GIT>X2L{LOut|Mt*vjflTn4_vXWilw$DQs9FAt6x(cQ zw0d+*3>!ap*v`?vq%&(#*o@73Oe0a?juzhOmAw~1ruEtn@M9|SJ}u4CEIb2k`sQD4O3357uMXC#4T>8s! zzbxTtjB=~Td>3V@{vkkvc-~4qR`Ox_h5|Epw&jG^7XsT7yBcsISc4@Sp)x!Qiu1zs z>g52szasNE3XL1M)oI^rcA*mumXefC-ncuBIq{Xvu_})eHjr&pH+*^*H1%+A<(l3G zu#8}hW7)TqsipR)cmEE0j9e-K5kJsp5V-Bs!9<F;j%LN21Kg2^ajWt_e--{s6=1wgi~Y}X>+ z9?uyw*G?F5&%0P)L=8AC##Oj^mKCHDjU&C4{^E)G`1eXZPvq)bR>S_79UthEPqa8r zKvrm0sG)*X55W|;8K_;~WTF025%|-vt$;f~Ik!Jmum;%%7ska%*ni?SL2#C^3(x@zgF(9`|`dWOX_DZ z>?_W@th2Tu8sk^MUhRL9faK=i`ouIb}5lo_CVEM<*Ms4|8d~L)E3!<&#avWzhF6!{Gf&Y2?*7(Q&^@R0(#ooIQce$H=%!;?OHNv{{mb)8rcGb8Q(47b_e zyWz9f8p+}2juBmMs1(DcF`jp)uu=xTnLN76ZQtAH2qp&U?0s#Ma@<5ViX6{g@jCsY zyJID=k_K{J6UtsdI`>*D5pl{t-L}rT%)o>3d;w2Dr#8ixkNtOv6xFuZ1`ua&#K-ok z0M971Iw8d~q>sAcE~g+F#fKoPn|Oaz5}Ql|#O!LrX~%NSkm)avONah2&qoGIjaN5M zBJeAPw}an3@TY9aK`^tEq1f$N0I{BTXy3Ybyth9C>5iR95|oGfB(C>}0`KK{>N8oD z*oJf~r1NTDB{m)=Ot%6!oHEG0qV_BBj>@S9!n;JIZ2Ay!dYHDy0T&nhhzd{}UaxT_ zXNbK>#PB~DD zc=E~i?hTTRlwrdEguW{pAf5rFSg!`OPH+~LXUZQRwF=C5rr0g|S;pGjvV+Ldi5@%? zcmDO>6OeukALG>{C>B+rFG!Q9m|amOjt4yeIpTN{9x!Wq|C>y@Ip(zv4m=-UL)iaC z=JjK+@p*R*UY~%YL>HTy*5!x}HBSM)V+JS#SUNSBo?f?&Gyqe#s<~7s-FN<>6!=Mk zTUX^MeK%WiHV6bitwf1HstZ|cr`r6GXCBI8c1=mN-TnkDEBOr)d>#kxuE8eP?gNqz zfmI$8Z5%pxwGUb$mc;CfdygYt*QQVfJ~a2x`p`ig%D;I%q0gfd;BHm zC|!_cXE1&Pi9Rpo?T#tjCG4z8!?c-E;)23%orz}uH&2kHO@TxK)gTca6TOBP6__tr z=?XM6EDZPDnanJCHD#*BMg6^NvWGtNqG)jYZ6| z2t6cLb&nqyePa+0FYgnmh=_|=M>u}GPFWU3k0(%CMut9HCJ6V@MNraj7qVZ@XEKYr zjIT~UCk+Zpj(DX=sPA-9pY*0#=$&*K+M2H3rL7Ok$5WHWC2qI%s87YQ8G&t5kk~i> z8O1%-lok4@Zju;W^P879OFk@PXh=oGep!Juoxr>6AD!?uH%a+Lo=ezSa?AcZr34n!RKI92zNAiYzPCHd`)cR&A0rQ zxqHC>z>LbA7gzuG_4R!W?critHR(?r9Wv;!r=bM5c#HAaI1DCoHg!TJ#AzP05OC-H zdymuRv@nCnsXtRrhD$1?2t!RxnMMTp>DHqpXza?x(lR5f?N=NQ7s4`rC1&7$Kd`$4 zDZPTvydVk|CvGQ>^COWF8B0CgkD*KQl=2a2QY~&c^%FZvI{b4dLlZAQZ}=Ne!@SM% zu#GQ#u7t=%RnSqQ?4ZhR`%csl+9KNLua zWkVU%w^~908~x6tQ$83M^;h<8QxQDxk?hsS&^C2Y8aG;cqE+{rh=@pqmJi(HJ^2+c z>P6AoJCR1*QSQ;BbP+qtx3VFm>%DQM%g#M9(P-aXiVrY!OQ?h*Evf0|bal=0x-tic zUVd8ION#y!$(&-mZN(mSLLt8&2KdHO`ufT8^NZcVVLHDlCW%C&!@xR|i#V>A$;c>m zZN4iz%=OW1C{qA>?5LmloZhiFG#94m;l{gE`{fHE1x5e(>5;l3t1&PdK5`1m?m3NH zILw!a6ciN8B22w@>Dh{AE-tE4EiJT+j6++UuM4GKQg%Yax)O!eJJ&Ss`=!5@_VLkt ztNO!rcX>(VsXi#ZzUl|V=ca${aNL`)B_Z48CW1U~&?<2W?~ZvoCJ-pc<*L~;mHO&@(k)ww=Nl+@cTs#D%w(aQm91C<t_kh%%i6Wjd>FL=H=ch+e7&-ZX@-oZqzud?OluwU# zey6sGJfp5SgXi0vdr(mDTwYRmuJ}cvKPA-6&_Oj@Df?WjF9n`i_`#vPu&C-g$}iTD zm3F@5lQs-*BoG_nLJ za0J!$@206EscFqePgq$yKmG+_Mjq|12#C1J4W)jxN6EJUEgesrJW=x)ZKjvGrob8C zTV*M6xDV?KG~ZSuF8BCQ-A&0g{}JB@0*+S=%y55B_8xj9@*Q+ojX3FeW<9})Y)MvPRMM5Pfb4lKgo`zc( zFVvwVtij@3SGPh#P_;mR+T`LnHXo7zBHcSZt^|5|CV4X8JRRTijr;Cp6s|nP?@>fX zbMsNn(QZogNb&uScLbf8O$)cr-1LeR^{CAcfT?RXi;vEUH`u5_<9!3=4(b^%Xh-}_u#zx zls5x!5VKJezP3ffbKk#vm&(Mpb&f#qt?_|5RPmFO@ECz)&+)MNs~U7$?fBG0eOU;f zQUI5(Y8%()7{_R{L)XP^-d>UoT@rezz%rEjV4p}bim5M2R2^}04-EZN-E#yU#*`#% z{~j?3zuz$gi2*p2)jOwjg$b(IK{&H_L}z!=TmiAA1g$fkQ?~d7IxOoaB^+{Pq^oi0 z1^!k5CE)3K{IJbwZNJO<@lT#677ci2DMvV1ZdHLP+SA|WwguCD975vz59(4-jBo1` zUCcEr(;|i=nkngUF9Vzgot&(|^o|huh(fIf)xbi|KF~+Wss#(~;ArO0G-S`fM=LF* z;6E6Ch$JUYBIRgUUZSLn+;(UEu5RX4NcP_em>UyUHcIf zZ|*`nW+3!311Xtjx>mzN=ozAzIP^5XFPL780paDNbql3u_|>)gHYEK;Ap=7Yme)au z@&~{xAabL^yM{$t4vn`={xNU4?cedYX3)_v2*C9&+BaYX1^XrW!XXOv)`Tt)(10{{ zeXR6cy05sTAd~E@tb-92l+XypP)UjDnI< zE<#3DX-SB7arkJLr_@GURW%mOu$Ny(spavoOEuwUt4n?BkF5>QJ5bas$x*{&>J)~R}q=VD;i&buoe zNFG+&~o20SH6n4Z2irYQ&pwG7|POd zn;;gt3W^;nOt-F?&eS*p%<;%U!+=#w5Y5QG+#2P;g|29^jl`UW~X4)4o zuyf>5O?n-|O&b3C6`i29s+n0%ZeCuboi{k&iNUUjyn-}7rMPyv%(#!XK%=<14yUTF zo>x|;+Sk_?@akbT>Fvgw&xdX`KDMy3QhV{@^U;{<)7MaI666XW3W9K?CzKA-ev>w#EbUtp5F1t&&u4&s@y7e z|KzOh79k|E6@z7&fop1M*)u3B(rhR=Vdq{mrBzfsQ&U%05xUIHT(_RK@}Io`fJbt7 zc}S#;73oPX+X1Q2<3$5#Ukb?cQ?J44>3m1@Sa|ED#+wz^Ga^KUpLt>)T?MAhjF?SP z6IJD={#E0M=9GE`G3Lb&r zrlzLs7;Zp*-#PSX$atx5Yg_!xYAU0!kaJ_YTE)6j)a)pjPEdFA76GI*s+=LWqT;=d zjt+h>d3pI^XD@_g9+fs^u?WBNjeB>mU3Qpny}k>pL>5FuM6k^&y?N93*Ek}|KZ#}6 zB_TdO;)b_?fB+lp_W0;%7kWQ8J6l%y^bJ?aKz3GE*7c3MkgTtQD3?cTm~GvW(%b&8 zdM&c~i!I=v5&;LYtJc07U{n%PSy-rem5ecQum-|S@uf+B*m2EniEv>iRG{Bq*RKE> zw_4w{u>GT9IuQG-OFE}o+Cgp$IZr2ueG zo2I5_goKg_;2J!k9R_r=Qc_ag+aZtXNm&@wZEbCz(vu=Nk+ZWYcSHfA%-INy4G!wN zGjOo6`2)>8*11|+Q&Upo?BMA5cq1EukbJMM9^>SS_WDy+UOtIh0454X=rA`oA4b*Q z2^E|X?_IKM1Gd-UNqTp{AGr}?HC4uDR?ES`v4CQRD6|5(N0te7iv*XZ#KN`jQ_91| zzmxB}h_Rg%uWxQv)U!lIMYV#oBhIb}T3PQP>=S+x6djp?mlar5#q221*oH~II~8Q{ z>*nTW*|$$##Lj>W4eUiJE+cz7=J%s@(Y20*Xl7={jP6>#8q~-e8D`;^!ST) zOGk8M`6%dvsqbQxoPwwC3ZpCqo;_<{N23jZo|ov~@n5zPHrx&3V9TL?hSI)|M4M(= z=sm+;Mhnaqnogil$)lc+b+%z?`6M%tFiZ_t2)8kqsVVn(-0LCkglG5JP|1cY2?tNn zXC0fmV>2^Jqub8}1m3K>RFLi8aNR8%aUD^9h2XBvo7`JDpW5G=~*=Q9U7tX!=S zSQBOsT{c?6s_Fbk`qbkuYPJ8)$Y|Au)s3s5OYO1}A8qUEcUGi2=5I_akpmETucC6- zzIMi7nd$B*5UXqh%n~}u3F$Q)dzrYM536UCry|x_;Gmsay5D}*VJ$hfg4wRyi!c*C zJ3C{;0wHhkW&bRMvvCzVI6HTodcpHcOZhVOW35#wAlx9g4U1^hx{E$OKGu+ymd>xQ z7dMKnE-Wn6@bvWTK5h@)-*{~Bp*HnaKC)Os|HD0I3v=@b+V4mtQiay~?mcpY;$Ma{ z8&28$mlYgLtBU*6DM(r%#wD$-6=`V?*UkrLXJO2Z{^KvxS#;FZ)s??&I@LyQGK^VO z&uqpbHx#S0sb@254>XI8l8gQTD`T2Pb0D|wU8?)Xd3@;P5@BiAIGWNVuNjaK7{-F|?v^T8d?tT*6CR@99 z`Ahy4?Z^TfQx8tZ2uU<&1Uf-8F}R!!>1KghO~pkTGNwUKso7W50@ zg+JGwYH4Wc8e@SAy*9g9E>RV<|2%wy{)?{y44oxESP=Zfx)SN+S$k#vm47g8+%mm_ zHYf7vN&yLtLFz~9MuqRO-$I;)Owh*$^&7OLej~a?1>?i5G8z^yxMv*4-0qdO^NkH= z`nI;Og9Qufh$6)T8%)@*;X^$bYCoCR&eFbLT>NWco2ekOiVWTJwX7Z@iK|Ot%lz5YiG<)%Jn-7#T9Cq2`Ym% z)30PRThGBsPm)S1J>|&OejU62vet?jmTci#EGO}TyFF_ClW%fJ% zuOsSoi?lgoz{kzajj8KYF#=fL@G-#X3go_vSZ+bVXkJl+`HAQJN@ix}RGn+-h8>{w z%a|tpx8TDW!@j@+_zKfmQlAKfTgA0rw|={wE@FNhy}oWPz|Y@_-tXRU>RH%Um}-!d zlOw-&`Pa};>ht^hUdGzHcZt5f*mXAe0DZ#AspyU|H8)q*(n?TF6bj!-n#Cwh8Jn4z z4U6*)1yHa%Z2fME5&}hbfV<%8XGNc_tgLoU&SC_pwp_%PL&J%gbXy9>e}NboWddXK z0+?g^`Xp#}ax$*$4_<-xi9hyl;MQfXih#JeK7BuiK5zPZb!3_R z@#DwKo~*a70VQ(=ruQgHNqs%_LQEl%ELI5+<9mQ-fFXWOOvFZMUnTsU;X7GVBT`;g zrfqjSzqIrH4F94EUV`g-B}RRv*fe~-jn$`IZ!~k zj28--jyxp52fA(X2|NizOHMOMJPjHvD6Lm=aB?!P3!x(tgVF@X$`A~5c2z!8bp}6< zP9zjIf!FBtsZ72bo zw4SN4MN9}LpD1Nf7a)r*s7fPU$Y{t6;O%F1<>jNj!Qg3tYLzrxCG3>M@1gWwO9hS$ zB2n&-AFq!%@A!9K&`h^xvZups$@JBBY{e!m@u#8Xl4z-gS18>p-r8(zY~iyQbpwO+ z4QzWL&FJVTTX4%lv2kBK4_)L4z>d49qR)(9Av-UCo zeKglva#(N{*B^f}2wzgi0vJ^ZnKy&MS^%02<*Eo$2fPv3jPauVStg24 zoG}!X@PRR_YHM41p@xQRb5aRn+WyO*DlL;a1o%QIkmO!(_Jpy)Cz73 zV50{dg$`t2#?rJsJ?p{9B>|ENi>R72bv;it5b4Zf zDkU;N=;a=vu2%_4{S%bZnoJK825{=Gx#^iu*j_&=NI0ZK=r4tvhDn=4f{+xn>q_?3hV`F0( z^IBjb0FUZ(VoqmCp82LW<`nObf@^cCD~J3V9gSA|vtZ?pUR`|)48GfKEL`nN)87xn zuZhnRO!Vw$1VFMv&(FP(&}_V6F)MBYR&?BunQ7DuO)a>qnw_vGZ2M&`KAv`WH%Zi) zxj;`{-K4g`ao7}XRG605d^){kmnlvKSjqy^65Ms zpmf{uR?cubdB8VZ#ga45sHmuvOtm0kN+o8pB^3#VC)0@&{fkbuRxw=;T&2qbYlUk7 zqO8QmJRa$2y{oYghr;1-;Q3v3xbn(MB&SKeq>ed?Q2*eQi!ub@pC-bq{(Zj2N72Qv z`)>-1eH~tV)IOOhaf0!I+$&3`0RWO2E0KXqdh3#&=e}COhf-z(OaG2LH?LTQ3f}Sm zQC&SLc5i{Exmkqy6y!z9zHA^RV}og$tcPENjJ%VT^#i%0nvPD=uu994U2vYDkK<wQbhJsdff>Qi>L!`EOSF5@eox=jrY&VS(sB#Z&H}Q@h4$bl92{?|z2p`UI0pv@Ch-+IM8_u{ z`#4ZCMhfwgjGHl}n&Tb0{!XyFa@L7YxekYpRwNJoA&4v`j4%1AZ-PMACx%*HUXIdu z216y@`{RfJUJ^b7g(~=L2D_ERn`Vsxri~A zR{G8$o7xl9@CnJ-*!L3Pq>RNH=9oH5_?>-Vc;cvviV6*2+{0R?@z1%Q1Nw94>o__X zjF?sD`Ye3o((}Se9V{I!?I(#8uCd8U8o=S?j)8GMG@={R{j0rvc*!mfwxl`RS&)~< zH~S4(UnmH%8I~=_zQyI09?vAlPD0BoYi|eIV({Uw+AkA5Dul9^SCWFL^i9EFt>IO3B7z^aBC-k^h8-{xD$Mj zii+LfY~P=aCj+@x92(HKY;9}-HUwlJB`KC(`2*Wyr`Z`9O!y2A1<&sgO-^1PbFU_c zp?P=M(av!)N(2xPJ=@iSI#Y`e<*a0G5ef^A+9vFWLG^t|m8h|PQh#;bQ z3&1ZI7)wCf4tR#4*n23j*rdS&0(}t>$y7Z(&tiM<0HGTr&NvW@O$IUk0syi==?El+ zG*~@l<+SJb|88%WL2gvdSc3pmtz8&|G_$Z60o* zZLSTlZox-?kiej~KOjKC09-{=IW#!+dYw7(s28bE_Ug?F&3hH-SC3*5GL1_)=;ZbiKzwsxSV2dX$WW9{1^6h%W7 zMhuh!cVl`U6(w#%YjH3+(4 zyt;Lu91%XSqQXtBdjHl%VJyFgdY1|qVds)v4q#8ZMdR9f5!JH}fSeJ2_I?=tde|!- zR9u#oyBy;9J^>zc<1*ob2+9(0sP2{BHV z1qs{O4r!b4de(6X64~XVC|C%C)ouHNumogT+;=NAuj4OVkty!0%F>GAu_IWh0l_ZY z*Z0cN*?9)K$gyGTRl9go=Lax2o~DAe;a9f;Y1wmzNf`?D2SlRX(NJMmM%zhgI zw0+5r4KUi8nknru}U30D@{W(vtVJX{%LqbY`kBR*;>$poz*C zGBlB}SuhLezx|gLkN`$?l@LIV9^dg_9aYy;v$86%B4oUI1z#Q9#k9A#^SI|iAa*UR zZ?EQ7(SZDsd@t z-Sl;N)?ex>$X$Sk<$@&LED2O<YHyxD+G&={qE{jJBge+xTTNH-td+KY%nv?MnrBrH(k9er1}#_p_MaA~ zeTKj{fmOsee*;?wlXN0dpa4Oq=86a))dsyfF7vJa`QM9*iYhlq2*Gw);J5pGdxqut z$c<;&qXgb@-|&i}21W}I0FY{G`wut3>qu<6{L^J-kpY2$e4Ogq+6qm#AXz*YF2_}g z6kje04h{w+4-(mq!I}sxI=*>BLIjqTQJjRJ_q9Zd52{c*f}>2B!DvwKC*+ zgg!TG$^Z*u7DfsKqgs-xYpScu+5tNKm#sJ!+^|OkZU6;JaKk*&El6V&cb4GR$(iwh zR3(xlrYD-;kPQ?|{KT@{m*HI z8v(u_L=NXZg03GwE?E?NBbuXHrk{wIAATMkFNu=_o%@uQYZsj-{BYj>siv_$Se$1H z=$&yw?L;VlSau0K(Xu0veu+PSarE9GC+YZ!O~Jj%R&4WosMC+|Rv`*3#S^Ycl6?8QD>9Coy+1#hD8!Hq^-|%)ye|^4xQ&*{EjtLvqVENH3F#Z^-&ySEwO>I=Li?7i_I~$BmcIn`RUAl0R@ijpb7(ri6!ldEjjux1y0x z6bKtmbR}kjnhYe57J=PD^s=CD%3aM$t9kQcFVRl7Yi^ab>wiQIxSNv9pPd}bXOc{B zBxun;od#~uXMR%ksgP28_d}ok({Ql;gy9!{hYdXi=r}HdHUAB^9RRgPGl3l)pwqt# z8n$?q|5pAZX)}0QZ*$u|jG)S4x2R^!lm0~^@E~t_*`cj3vGZiE5vm%U z+7~Zua*vRZbOid^FLQQ+Emg+p?1c`o2)c2w1IRlrC~b}?TQN!bDP<%R1tssmMZ3D! z5Nw+OJ8%-2%=*OuV`bKBqEOHM9RPZ)bHptVfbZe4jf>ljMo#%Q2$SH59RjV~IK)6) zk0~!C%h%QuTDOdsP!(J!1V67kI!P2J0=-)NwHHTK-Nl})f4{kcJqZ8)73>#V`G4Y+ zLU{Pxk7KWs&-njjeA5>+v0JH^+|EoS)m&`!1Jdw_!}*{0VY#IxBz_f9op)63HRBGy zgD)xjZgWip^@o3)%T`R_=_ZKUk2fCS#hw3G81EiVF`>W5;Rh=9=cV8!!6>t}!{SHA z1Fhk6to8Vp0=bv|d*voLGqqca7)nk#ds8SC_x%a13R*e)A+PzN-{$%Jy&Q*k9}1;_ zX*NC;6deB-+U~2(z|Ua0Cq+1p@sHra_mu`g_v=4Lr~So#JMc3Zjs10$9a86sj%rqe zCk7pZIoIys>P@OVt&vmnT9%nvt#<6SI@_7iTm8D}EWmpw`WEi%nj^t zoYVfWP~jy3MnW{45ZB*xQCB`a%LxP zaOo}vp0@Sd8%*eZr6CPowsQRPPhCZP(lP~7F-STws*I6U`}CKcZ? zk>p13^+($({*lmgn%Q^Tp2V0M3dNVrkP%|m^-xFB-A78(u#>=96)>Vo!^!=vLc9r} z5yw=}4(P>hc&C3~z<$n%+{K-#dY+)v*U}!>ELGsrmc|PP=cLZuc2|;U8EA$RBr(5A zEYvf|`+>arlzBG->1(=n-E-^ajG@Y4{5`MVDdddwgMkBHvU;AUC&qK;laA358R2su zJx_-SpxZA~n-0(0iN$9!TxbTohy|`FkFxG`8y!^ zIG8yL8ozIydlys|@g{#C^pM>3DyQ8{l)38Z#4FcBMB#b^URWNVtD&o-R+3P*sk3@m zB$(L~ow8Txd#=1W6OMR0K9IWl>%7^Sf>A6DfwdYQPnmuQH3sjP&Yrl`P` zRpy^){st;78t=HrFnIFWS>-?y7-S3Kuf@^o}1N2L{gDpHiQ{kg^}Ht{<|` zyLf=}h9qxbDzz5aC+V;?_z@Je)I%QnQ3~BC|52u)=qKglvun@52(~=E|L>;Z_Ju!_ zrL_O>;oMTUqBRsecByds2VrHDH%S00xE+SGl>eDJbS|UdC( z&GVc(;liooR{EUxVd6PBGJxd@g8$;7f_z5{%P*?ax1d8mQeC>@a4;f8~a!$&b1@=4eh$00Otqc9P(|RryH? zxvX|6%k-NJEH&IlM6TW?@+sZ)A~ z$#^sZ>dJVEa~;4eF!GsoX;39Z&OqQ)o6y(~6 zk3Tf|;AH%KxlCTgGMNk{jdVr6O9~=gTkOJbJQon-jYt24C_KV%iUm6n!F%(aYv7|1 zh7R+VfBDazC2kHK9nJiP^H{K-wY?nW*b}oJFP#ZClEtNU8pq`F1b8`t2*(AbrJ>>V zqkd!Jz@+*Se_ko-{wmwCbpWm0cerVSn2+Qxs`sV2$&oFKev-x7`dS+P3 zO(Sy_+mw4qa*`Om*snZvj~;b_AY`jP^O)jhjE=kK)EC$>^*oL-I;GmS*AZ5|!FiSh z8~JOYhmI%$?ff0>Htq^zLX8gl{^fW zkzu<-_!`ri&4S;9w>*m%8^~i0b}tGC-G~)RmcgR~WMr%)(`c#^_q>?}C+Y6YIKAwN z3Oo<=oF%ZnU-hl*$4rC)TXD3E`CUP4v7CizTXS|kL0yp*GOf5Z<9);BvWnq;@q%at zk;(v3`+-i|O$BZ5(@^iLy zHwiI25W{QhXY;OJ(oyctOcZ+2T>Z{v<)5_th@0NJyg^TQKB>JPlS^Mibf&`B{(Y>u z=|nP65bi)c&UvOtALCZ=%SeO9!*TzQ^lawrTr+Ier?hNl!@5<;zeB4l_Lp6y;Zp2C zw97^``~~mryNL6BuG!Yq6G?U_8_pP++EeQ*O48#G)KV0)+cp_yCdN6}t?A^R#&CssfwlAsYbYzpads~&a=xev+%enlQv2Tu1T)s_zBKk9sZ4($PN zkJ#c;-MM+!KWlS>vZVpaO16VJY+!|lf8H0#_qn!4WN=ytcc3Z?%H7nA40jP@AIP~U zqQclS9P9#4hqc?4o^x=G}4L36Rdt|gacSX6{cWwnCiDFlT#$HshdK`8Sq3ph{RZBnbhFSzF=! z0`Y>AA9kfn)lEj<)Yx>Yu4c0RXcA!K(L=~!rKCQ&2& zO`nypT$3pM1zE5rNnYFKz)4liuqny50q;L+3R;f{-esr{*}@!s2J!71P5kld~2@^?I)XOYw>^)BSq*0EGY`^<8l9}jl7-G$z) z70*Oo*XWgreIo;T{*+P{SOVG^W*n?x9`Geo{(dfh9^J+msZr|(sg{%~AlK6kaAEr7td>(xo_j~!S#)aM3 zr}^!0eXW~Ndl4xq3MUMCxwW?d$03$y`WG5};3o%yTcNWqAVgbEi#_&45gCUt*L#Y6%vjgQjS_w32|c0oI_nYi@!UMgpUA9Kb}qbkbQlRI zDwkPhI>D+pl;#?6MURw|P-)Raa(rqy zXwz!L)bUx%$I<{eTsDp8CTZxr^F8h6&L7$RYRU!wW6&(oatkdz!12rFe5@F(nlEJ% z-ONM;`qfO{cB%0e>C;qWT>M{Bp-qB_;Aq)&rLz z&#l5*^i{^HA3mIVTEk2)pxB|jy2 z6}1DUBR)?pnHxF)-=-!!XWIkXLcy^eF1VR{fd;QSW~4q{%N|?ZTI7QZ=E*Cik1pWB z(PtOYs*h7UT@XwrydOmBnYEH)k^~z#KWXi+6qSv9&uEW5SMq-_u_-JQ`Ca_HRc}5M z=6Pws;H3t3H>FMlb~bR@Cs|O_V=$JMSFVp5Dlq7iNlNdzD^HQYrEG=qF$B>6r{d z3tk1AJ?Hj`0JVXKwxpcCs_#js)z5x#`{F2Izvt;e3`T?eOed!%d=8?=FLMfDb#09{ z41=coF6(iKmV5B+yiZiWfnIJN=uup%{EGFY#BCrDPYV~Ev;A;?5Z@RAjn-Y8t9QOB zLx_FN-PuKmvHe3v8Xs_axHH6jDB@7f_SLE#y6Ag1PbP8j&4R42SU4$s-x()j@^h-( zlk9vQbMDw~p*R|;z#NW9M>5?BesJsN!lt+=0c6{Skg7=AM8E1vH%3sd{H7fdS2U2A zO@MdXiJ!8_;Bj91sJRX1T>PizUxR!}{l6vQ@alfGcO0(++J-ygE2{Kag96pTzq@e0 z%D0P4|8fC5-^@*HOvxWve=LZyV&HTrD-Q^z2#^L|Zz`}Z9jbB!6Z6~^FK7F1O#KHD zV94uh_>eTO;P!j>mc$wFUA7`u4Yaqlg!9 zkgZ-loJybQeZe%t-^@E})FM-w#RVKFU$2r6pC(<$z5EdKzyzq#VkVMRvLV@w!KF|YRTj<1te3IoQ+IB&y*Dw0fp zV<1hfE%y4-pR;zB=hZLvfV1(ppAxiKSJpQj8(u2e;p(#|bO9eRW!!%gwVm=3b?MsH zV=4FGlWRzbf;J<6FdFn$`SYgHgX5!_DjeJfl9r#jH*J@f8~$72qqAYtfyxS}M;;Bm zPvG`pLc)24w;`luHVSo9M95wfoBTfUCsFEpb)_C#{36=$bwwS4L9zANrPlDPm0kTq zXDKjz^iTx_ZL-<4owvQg=80Ov6-rLST^$FX{vDgPUY4_h5m|0k?kypX@jZqwxk#t; zrul&paIZ$EI}Np-8(y|99ycJ(@LF=x8!fbcC+6Fe{-9TR_NZQL%K6ym+i8_1eK*Tq z6Q%1%$JR^F6L(a6x%P0jy{L1rV8`Al=7jXwca2oy#cP>VRtbTvK}H%l4eo+D_~)gq z*Pdg^N{SL~An8CY&+sL>JN<$~fBO;A+cAC&GcUW|jOym9M)%toxVnwnPT@9DJh)XE z)=BjCLGDC(lLOe~CRh$dv%p=~*;Xi}whK&NaRGV*j@Gc$r+ar))y@}Og~l70{@)3O zb1auJ(b}Pa7*Ce>DzC&o+7|m=MRxC>@zAtaJ%lg1;GsYQ6kPQ_C#@Sx_1O-&g%#9{ zPIzKdsbvOhdzB{`aRLzjx#?9%ND3q`|F7r&66r1$sDTiHGF#2%-7MwPI2fjqPqx3sQU`ljRU{_~B)+ii zh_+(C2~e45;e8{#gY*Wk97H>Za_$faBeaO^>6=X^dRt!s4uK%j3IYH-H&j2*qS*MXN_3dRJYyr$9J^4^ol_9AY z6*5Ss+%m!;fc=i|v4(jqGrxLybwiVFk-;&g@TPr&vx}#@qqS02yY*8uV1y28IU12Q zV3Qiw+4cW@RRqgBa>|SwkbuyHIX}gw5jgK}O<<{ltARXp?nE)Qk`R=j86I<@3(3%t zzp=6S;v@(z10_I#f#5mVCPPeDZnWj^FyGtwX*OmK4vjpHcU!NdIPj!T$?p*j3&WZu zhGg=FIlrzBt=_(QbajO#)hvjeD~AGo_>ihtU5V}p0uQ*?keO`i7ADsrB3 zt-!!`F{kob^KFk6D{&;bOKjwHRkeUDdmLSSkA=5Y5j&h2EF}xu|J;*wgUHkQIEMp!)za{9CHW!yC|wd zw8f$e>}a7D>nd=J9Qjd1qqjarJ5$B(w7@02b$v@!VN~n80t%*ai0j89`|f8>?sQb) z+4{f52-Ia5;^<6STki1%SC5fG0fkj}*mGT5Epei2`2_gUs|(+Ayq2p6n-}I?zPcy)Pzm^f7$79%k+njB{7(F^`Mq2oF9@-1!hz>R9=LA-zNTo3oFu zS*=MFuJ54#OXn`c>#%%6X_J55nu0_2%u`$5byzJr=nl0+y?Bie9Kp&v6e}G?R)MkP zjHEE31_sSmLkNn81putABU!J?9Ng~I2|Oi#0r8m}%9#ZU^j6J=cjq_Y9oPC+iYMz+$Q5G8Tz+C-)uhXZVU;8W~Ztm~v(G+=!-m49j^gdXzgIdDju{kzg zh_A5+{R90GIm)!>Q%U7GIgdN!0tV$UA+Kdt)Ed5m#a^A^-%A+)$4d2Ys+lIX!%XB3k*9UQ}E zu3FGg-&ul+^x7C9_}IZ)##jVUQU1fYFk8vL0CQBEl`2>o9}VeXvh=N!e%enKS#QtG z1yc%Rpg_FHPT!`f17SEC@ZZ3@ z1sN2}1gNAIE+v%qFD{Iak%l6b}EK*c-wa-`ALLi5l-8Gc*3> zw!KFwbA62B=WeVo?b2PcD~eF>hSn%6M3hy7j?S2DEWIGJy-xvE#`=As?m!&ykn zXo`g`@=Z|dN?fc54%!M@Ji2{J^?vs3@PR@VBO7UCXQ%M=#hWZ%ZWGXNcA7IVqX)p! zKQE!!tJjA6QR=b`aSLD-*pGdz_@F8j8S8`#raS`ifbO+I)@#)g6ssTgBli`yG*CJn zZ=5+2cFL(W>TxGo`g*~Wqn_X@Wv^eKl2TB4x>s`f#Wg-=T|gw2&{IU_0MInuAa3(4 zzISzhdJZqHcNN&Ai`o3HK|=G|yB^|x(^`?OSH+5f=%FOI4LImcPW>C5ZrJJZ^mle5vw{)b1YvLnN$XSbo245{CAG_TxG>O;UM zy1n6fdwnmAiq!&ggQ500ysJpDWX=opv0MFOHx=Q!H65)R3 z{A>*I)vsh({X&n4h>c3h6;oZ(*Kuy@Vh&Q1IDZ5kUjHoeGJj5?VT#_e_LGLaA_4W> zldFL-eJm;ZOzppTMk&Xh)}?JHV5b$>;09#9E$v$s0A5r+qt^Gqv`Vg~fXH@O*AfWOAdke3R+O})1g78bNhU=@6{1>Q z$9*eNsW!qCmGy=)Q#?7%v6=S>YLnXS(Ag05P#m$HZ90d0%FLR`$yN-N9JC!3@jHqi z+!T;gGTYNReTmX|IE)yaNARWlAJmD)#)ai|v~oZLz0Qt0b|$N7-_lMQ!o9sYtUe*^}IO7PWA5{ecqhqwVI~&_V|8Li=sK zw_z*?OFhFPS2M#R&dz&9mmCfilf@#=wtK0i-~=sN1DLW2g*iHYyQ@y}dJRMdX+B-c zhvni$>yx857d(}W&Z;29F{B3Bn-xfL0H%aoO z?s}0iv}630yDfH-R4qENek~UDtQLk!Ez5# z-u}qFZflRsMC9^=_n-88OTHYgk*+-kLFHg<>-qA`q>02u0tWn2^z2dRz!a*f2tQm% zL0d9qiwErw_0iZ2xz~t)W4=&VVC4S38 z{P;T=U~uDjFt7Wp-IST0d%Y)#gqYf_dVZYQ1FsJbc}6F4Y#)J%V%stviC-Q$Y@yH2 z_htk0GA=ixxW9F0c%$+7BXm+ZqPP7Hk89xD6YQbZu`hQXdM{+GOG?dz1%Z(LHLb#3|GOR)=`WNPh_ORdPo;V*TG zxYvK#uRc%YkW%Pd{7X;-VZ!6%>9M>IllQ&|SAu?SfA}F6PuI)g(5M;$1Ih ziJF?GsiCIKVns8DFSA&CZNA*iV)Q-;_P-C%2*63!K@H*Fu8NuB<5$3pU9R_ z6|M9T=~U}+eVKsJQR#@cFcX;>G+xZ=Ez%q;RPB9xP2JD{$G+%K+X?P->Kq>E zpA|f7A&Uv4PX6|y)N2m6?HA%GJ@9;O+vslg=3nF~sAbYSXeH2M|3o?`f*4Db7)vrr z@nzFPdWJ7pfD8o21ftl74@cRflh_Hao`ZGiH`?X00#unJ-I)U&g}{5HDzjm|aXnAk zedd(=QW>U0e0K@y1yk$jwCWI#@uR!I!7CzQ(3e-i4e-I~?{Mji!}7dz$q;Xe*AHop z+6_y;MPoEOTlM3wxq+1i*aJEzM7!P`MCXpu@0H%JgeO}#yl?~}{$?G*2fm}o@eoWv zz)>9!)kim9;1P*#)ENlWm(nuQNCH2D;8=6D42Obv-I`sJfcwIhD)sMjGkA!^ zE2%!Xub!LrXBHQ?hl7>Eu9hLjSOh0mkMPiqF-qh3SvYh3)5||#r=i|v`y27|<|`q> z1113j!K;&%8RKlZ1@H6o{k7P+bi{FbshW)UB_6FPQ%J2_a0mdpBuby8E)t@J6W`l1 z{%?i}B3bY;Lr@^k=^>?fkm0le`X1@mX02cMPIAu8kF2*$oHFrGaxydL!C=+<`ke-> z#1R(jNj=ta4{YA{ti5IPPwPo^g1_xuC6!)yH-mfg?z`#NS!gmEH)i7K z2FFU8Kbw34$tgFb^3^C*y8g+p@|pdvrnkl>iq}9gr%?Fbn&9ZzVmc} zaWVe{N8Cd4wP;*l=hK+(;41jqt|~_?u1A$P8BQRy(2~{U9P8cj)|GzM(!qnG(GV+Q zZTaw4>r>GdG{|)0MDbSA4@(n{c1>t~a#qr&B{__x6W*W?HE6E(D?$_H4hOKJ(AZb4 z!ExJvv;c(2@D5prq&!`%A|litTdhBv{Xd{Xo zlUaq{Tp~_JsNslP78LmsRBk0`vR&yt!MdrVa`U~)UBI1LeNDKTN*HdnMol7{)nh9I z0`w!CnB<%JTfu$Jm1U}hM6XO{+AR;Igpyn{D+h%VJhwNy3?EMY^5hElCVZaQ^`2YF zf4;kSF3-f|)rL;FLz!xh4&z7VtZ&a{uz#@EJ#tlS0Jlg%?I|EAW+vd6R^<@i zv$8~4+~ztCsWK&+#umt%0VA!CPY0sBa&>GW)?rXeN zkfb0{_o=KKPBNF{>p5SQefS<>`qTEl*Nlaa=X@}r65c8&j;(s;Rrl)}{a&DW7e4Y8 zVf=6vR)~zer5UG(Phx94L=HwOx~+pl5=whi+9q<#^rDE;9A?(j*t^@O^h60y7E2{q z-OUomlsHQ@3SeI*pDI^&{Y_d&6UOgVKH+-Imf%qm5@u^z@uUx|ZDkvND8Nw&qe%@z z1`}EiM{}Q=PLt}3j=6KLWa$#rt`WpQ0NxKoo_e8&0LIRsn8K%6cbjI!PVjM|&Zxhu z&aZ+%jLaw9$HfVeWF_3SYsUWb0pur~PmSADFmQJ}K^WpH5v?>JpGY1 zyk3R@f<>#xEjX59@4!>{iF=kEt406{gLw8;oJFs94=0S#WKXp6`P|N~5ge4NNmo1P z3M0|&BAd|N%0-JTy5~XABD=i0`h0XbYCG!8b!g-z=ImT5l6^emdmSE`>%oghd%2SA zpAl9qX4iC^?q3F^?=C(zBPp5Ux~OB}`HCn3!7bVrD8R3ouB10fEidcs?MrBwgjza) zm%*oFr**XX)y0|@?Lu3qp0k@X=CH|iR7;tJZe=67SwnBQy8ot$-`Z7Rt=F~5_QV{L zvY9Aa^PncbVP>ZPYYH)sA6RfkgHe`^TT+diSL?K70e?|J%zZHG`L>Y}ZLe-%Crp^;-4|IRuiz|2NLftJ!ljh zNR9#dEE<$5J}nNf4}FTHf{^eNn0H09Qe?D?Asu2YWasP)6t=M^hJ|RH2Hm4K9;)yjy8LigJCgYTe%Ex z5CAL?FP~uaq6Qu)%>|ieTtnZ!x#I-N=j{JR{ciPj$>lxP&26FE^)*$?MCXVFyz2$6 z)0L)kb0JC;NXvxw{g0^k>2d z<2)AE7vu-!mg7I`*~Je*4)=u5x#3Wx5Sc#)@P0n(f6NV#%u!AMPs%aL{Xvb|sbC6q z|E(zUDIFh#jm?3pr~ntKjhB^Y^$qBEDPDv$<7#;|w2y>(aFFjDrNWWEvp|y$Sk}P= z)>vk0Z{EX2*Sf?@#O{-_<@aIsfy)p6Er92L0hAV$)%%!z)kY^g>`SY4m6@LfR-GRW zgdfR5$95U<2oTnS5@HUtX}YL^CK&NOnDH>ENln~=5?XikT3kwy0#z$j)fYC=!nx6{ zYh@PQB~IXWN0OMRMump#+|UJ2BX!ap7z1 zb%{XQV>L;CyKd}wdzLCqOWeo?eWgPp`#NEoznwOR>;IZ(~9 zeN<`P!vk4~#NOGPEKF{b4OGazx+c3~w(2)aIm*T6S6EQ3f26&< z4ViZ=gH*V)>JWgIk_VXg#I|4iPTX6TD8YrlnYB^(U*&-y|KIC@x6vanU!tC_*W>5g zRoPd1RB~^LA~|9}84w~v9+L1%Y8&iKA5bxFbk@N(+QH=j$hx8EkZI|`ktr>HENpC% zcr4Ax;w?)^f>>V^tY}oC+cnMmBt`D@@@F}TS9^&Pl10fVOW(HsL!-1>2#wY;7)1Y% zNZHanYpd>bv;rlRO6*{{a$>>|0_^+vk=-`W7~^|DehkVcgL7*}ysVs{kkiozxR!uU zix4$&FIK=~nb$m7JjCGTTbkjovuezuEe*|bW73xCKh)=`^wEnB;`0T6PP!_4o@1bb?gCp!7MZKv_m0Nne6Hh6)Ewo|V|T zgz6J4-v%u>AuUKP+Gi3zY$sS|@bg3RiTM=VlvhBzP-mO>Q}P!h%g5sC;~dWBu=tZN77Z3L=D*CG8xx!|}k*(_x5*x$iWUZQlUPH_0pfaprm^@#{=NTV*xs zoRX3XFk5tBrEeYI6Zj+uKm3j4`k_qN7nh5UVULoqvB;}t6h75802+_~miu(M$Rp^| zdO$Tx85F009A%s~V0=pneSz`!1}ljun99bciSs=a{Cj0B`jH&{zB zC#aZJB`@B|2>Mp(X;C$xetfu*6Iy0D{(E=I7tki_lP}2tfs9Ndi(`mxDVsenLoy{O z0ke4uTYu}L233#s*ZD{CN5SO%1LB^oy1t-i<@6xYS1bZuOpH9>Tz`QQN63wwSFv%xL==uQI6kVImNHCNGE$#|r$uCOpiS3MBW&||m$ zo{b$4PjR-`klC88Cd1Uq&_`@Qg@LkAP#eL)s{-u^P`37LxQUxWLKyzZT2LXI@ALu% zh#4Rmp_D*v_SbS*;0I8WNF|}TflRFcD<)KUbJ7tPtFtW$eK!3Tc61a91ZqV24ufnD zK=ot`<4@vekYJ`v{)jzJdBP5KktRyxw^a_{l@7!jar4YQ=SwlGxh1=35Nr=>$)M6L zU{AtCcnb)WfVDd6-eb;d+{chxw{=LXGSv!1eOAo%P%0J>tDrz#XG8;twC(LhA4_n$ zlso@B-D5j}f>Db%Dg{Muf(i ztp%8e)-q@MS;r;h2hUo-GC|$9;I>68&LfnT)CMDXUxVj z@-*v&Jxt7bejh$0D~hF|K;NzS1%w4Nb73f#R9k3cfvU`bYI*l1(jhvdsDAjNa^4Ux z`B9jnB_^7j&Mh2a- zt0O*cy(=U@akOuSHK|=bmx~W$em_7G_we=}2lG|2D&_xdulyHJWES~o;h*m_EAkqr!B;@^wjTxMS8NxW>qDN*_-1qoTnWeFft!_j~f?7fnl0j_tw1^-6t;5&rNL{Tr7i@dG##KOJ- zP|e||tK9=qfG?O)c@Wg#Q=c_%2NV~uq5sV~fxLW-0hj`NP>lpct@3+CHq?Mo3pqC} zR0`@7Frv!*3Hg?lII36gwx^{hk6yFmt zmiYM*>`ATBM@P~{XSA3XH(J-2F@X4-Z}r#`(J#pDM9shMffPEEQ`~7E45KXYRx^rK zEqNzbkSP1v%v)KZX7%2EtDzSwKxX^I;UQ7Am)BSUdv?O#G_zM17w3^8suh2Ujk3Zq z36>JCkW{!`scGXt=6LJmP*CFM5HP{gKoVuN2R6CBfZ6P(xKTFrMYLvVKr!$M^M z6S4BE&m+9NqKO1JCRBMwW#(YP9@mYwqQ?PY>uT2V1UuX;j=FAuaW{zTJC0HNw_xtD z5Uo*TRYFLP-g(!1J$y4M5+*NlKIrBhM}u$%ct!my;9b;>U$y z;!DZc2&|hAZe@;x!*0u%5ccKo`g$79@{VNdPJc7zBL!`T0&R+aOWF!qbngCa2`WJN zo>i6WGVIaJH40`}p3#ywB}%01IoT&oHmu;b#w>aW#0VgD;N=sI2KXY;qZy=0PlRT-xRZK7T^}5qpnOjNOP(;=TlseewB1@ClS6a~%4Svja_j`fX@KVB8vt|h zk0uKGsETFtkjTI=83?vEjm%$0sjD#(hRbDvhXOIc$m!x*tOV%Du^5SCem0c0I|a^K zKhfZ=ZYo4=qBW5PF$pvU^m~p+WS|1A)hO-XsF3KaPyWcBcb$GRJLfvgb|*pnHc|K| z?+hTyEAF>muS^Cv-1I(lNjooBuCEZ z>n$Dc$v}$*D2-+6KJQyd1d{W6NL2REtCuhWlbU0jpDDX)0WXMm>E!2nqJzDACa6d& zqK@l;Jx$gvFF#QeDtGsNDF1~}R;l7EAlRRUQWm$fA|2Yq&*qlG=t z4Z9TR9eN4EVOxPWt~h^8lu z1lb68Gb+KeJOAX}D8M2qqU+~Y@rx<`E`hJk1;cNRfw=P-Kv5w|lAzH7Xzo~mNVm;e zaJ=s8v3lMx&?02&b4DyHqnP6uBvss*7Mn`+1ASaZn~#m=LgkYwsX-0_ux|a zQJkT1xhU6WzYlo4{*y5=y=oU_2!uv}E1BLs$RA}#wh9bQKJ~D@`X}Snb2y9;`+?Zm zeR3kT6$i>D$5*j&17y}SJX*^1dMay^kzv)@j$Z=gnlWWg%Ubna39n=@LH+$Ki)`xc zUswO`y;A&*fF7j6v{LM&Dk)HRF4YG^K(I6j8^g+xHSPW(#GE4=t1J*=%NcX&>m}Rp zhVR9rXk3s=AjRI})iD&>byvr;wc!O32es%8genQdD$!K@H&NvolDU%D=u)`p;(su1 z_JZVQ@mCckaBCLh^v^{8#@!nw$}v$^0qKo4;znWfxx?-kwn9ct#PP)M!*VaTxMDqiw0<4w% zP_n*aZ)Y#l&|9~9Wz2U=D@Glqp( z{`f{2kX!?WY~<@jF^ig8t;?Ur^{On_T9QFN|P z)Ou%hI?5@fxOI`M8c+h4+O|@OXB}_eIyh)vbK|lN?ClFZ!Z{(y7zV;Ka>6zXkgIUR ze^YubOS{3>%8GrRubBncI2FeKwtQJHzFbRcXCR`mBE>M6bSD-=n6&Ax6?kY9rxtK)7OQK?%ziU@xl^eSvZtD&q ztPNCbTsAgwT&O@Eg#dZu1Jc z;u1BRvyybD@2mVEVRF&l@X>t5MQm@v4C?mr9G~8@F+l;}8NT_3kDUUbVSGl-Cj?6eXb>oc$6TI!wrOAiE_TC13^a|U2gsV% zQxnOx{R$g$7N}qI*xB58V^DkpGHRNOH7dCM4w>NN{k8eb=`4Dr#Xk$TBGfzo?cy+j z1A*uT$NLBk&<%pWY;2VTJD^Ym0__{jJXAMFk>MjKj~6_A z32JHesY&1~N&hlQYdW|%I6l;$G)tUiD-(hlHL!7`8MG-l3bff_vy&mrAu?MLYI%WZ za<(5-KWAzb#;NAwM`L9z&iZ=F`|YN(LVXmy(I_LEk2jJZJy@3$G6&6f7Yq zCobnfcr`z;Z9oAdV=a_2`ewIZXkBHQ$L{hiG`NB6695N*D$1WVzmo;+&AQ%bH)DMh zsrS31l#+6LlpA@`V+8+i9`cYk@Y$n}s_3ZlIUiDgMf}eWU=~LtS&K0{(`AKuzV~OB zfcXBO>M*gEiGQDbyEZ#cm4VK%8$JM|7k}enYHd0_Y-|k=jgMC#!dn6b0)&D zF~GMgI&b^}oBw;|n&sv||LqGfF0_8^AiWd(2N3iXNF-}#y_L@~`7I*OFm)QD*u^Wb zMEcDMz(jCY*>k_f=)g3qs;V=Kt8&@9zZ$3lzyx@7-qquFK%XTn>#F1qVTQDSU;TBu z|HA{>Mnb8)Isrs8XV4k@-H?OV2NSAJLLlwlG6+o zF)C1?M}Qt$Fl8yP7fGM;rDXCH8{feUvUkO8G70rP*#SKW^4v-7p?W2Zq>!U#cBZA)ULS*+BfMo!j<&Uth{CWYk{jQ39DbisjAd{m35GXxW%$SvNJ3p8@dBjXK z$4gpzQgzUJ5UtM{)70Q=@7W){4kUO++fDz}z# zebQ^C>A1J4;HD*?R+w!M($L!dMG|E1rLP$eh@9YPi(7vuhJ%uI?(RB;5w86Pw8BIi z7+3g=+LP?o`3jdH@Q`|GM-zkYLTUUrefA|!jJH}ru^p67U(Zv1@S^-COo#Sn?|2ER zrrUOiMaqz;`r$a4-=3Sn+?bahq>8qMiR8n*qpkoIa-t3o~0{&N?|B){I;$*^>_SCQyiSz$7{_MdC%Ms3^cy!4un z&PzX?x7l`s3#}gdEw&CU4~OoVYVNp=o?&E2MM=_MXf4CKi#v-*9O}vivAP5fCMUwm_jj$oI*%s8yHH~ zV^;eoUzLHld487$)LvmT>-z5JAo7B>p9$nlAWujRNj`SnZ8B-R7%E&EM>YqXu7i@Z zSIvY55CY2rc@9!g+`dQDCXXn?82ENN6Vd*Q~)^M}nEu3$N%WKN>y}8icU8f6#|0@Doyq{P5ZKeKhxWM&9UoX?D$(3fD?ImY4 zUAh_7``rYe#el$;4G3!Lar5+B*B|FFT7E+0W`nm|O|)4J-z!X(7cF&swYQp7(#^Mu z&p&-AYEAXDBC&ba!-8*;N$BqLi~C=hy1!a}QTSz$%~kx!;1kw^a^bg7cnr#Cl;N$W zd0H~JaC#^k7k%|CEhlgT(FvhtzF2!{>W7%z>y@Pmh`WWIB-g$tdH(WZdvv_37=HQk z9Mnm|zFigW*gDx$A%vW2DAliaYM6@-(`LVQ)Lfqr$G_S=>-tmm>H6+T;VQre8zRCE zb}8A(zF31oo6xu(;eeQSvm|OwlRu%Y84on736&V)kxz;UglMy;w)HiIIu0N0h>u^E>@@eKp@IQ1`a4?m|(bYKDg5 zb7!li&dtTfQvIu~;87M`v=^|9?^!E2h9%vfqmdkO5b~?f&rg=W!z{gjJ^z-FXJfzl zCv<4w?%rcEs7IHSN_F@aX2pLK$}jmM<0fzXx-i=haE^cq1703Ho0Qi^zFnCZay=o( z#b{^!xP&k#GAV6po@S zj#49id|JD#$m0cnS+f|DB5dkXx|qzXMDviJ=qCG>%e*B~Mk~>6U!u;CnGg zRyJ-qGh6a!WMbxgDZivz>87i^&Wkg;Q9)5nTY@7R7-Q)5884G0>E0~`O>&LUCY&in6qFJ7OI zr-DyD|8^H6B#G8$SkVr9^ZMf4rtJAO#yuaJH9|5ifLg#yBW6&!Cd8oF;^~HN zEk@H&a5kMOZFHy0=JpFJ@fX%V8Ys!Kz2@gQVlie?F;j%H@<5A zxNF&1yF;k^n=@a58WiS*-4;9XuS&^h=Pnsd z->)O;%^WwsuO+!%{qBa|{WEI;3O)fUIVOt0cJ5%Mk5K{M47ZxpA{h#AzRp^_e?5r3Td%f&T+RdnN%zy@=X2Y37;pN|Bfn^qsWL;h}svT~y<_ z(|;?eB8nLm7&J$-NdLq{uNQMO;>4t}&H?eEd%}H3%+c5VqO2ZV$()~uuz`A2bX~uR zeR~pZv%^eW^(6c#5-}TMxH}P%(R>s_r5Wo9%w%;$Y8IZfmH{(sNlxe!d9}$ov>_lR z>O-ja+$d$-(#iMKL9g-Z%6G4;WZVRUZilb&dd|12sn2_EzQz=n;yS~no>*zR(gjt> zNk0}mFVAw^p|p3=Oh`uHqv|q^c(0?7<#apV;`IEaOXut$^D)6_It zh059vqFZ2@>f&NQyW2TY=0t+p{&Yz*&z#u$FgGn|QQ5OJ>&Q(io}g>)#cQp?(b`vs zI{KqSXoa0O*yuX)VAwNxJVU92hZ|WxNh~LyV zIOMtOO#@TL2D1+P`g^FP%*($VL;A%5cnGTZ4fW^qC>h!}Ch7YCl; zhUdFeFFVhN+g8ewGRvFM1CFdan$Gd)cm+~xmY*sGsda3)XBTMvZgy|L=ra1|(*E1U zi~2@VSB8+FP}_#Pnn7>0uwzeMhI{=p6_1!^e|oNx8X#Qy$ETR&4uNIu0?pVcS5DyI zU?2lpV>^JlF(i+ULCO(76Q3C2X!}7W7wne-_~SUWJfsM1Vquve8&Xk*6)}@O2C35_%Ytl7d(7rmAm+q+xV?Yo=bBR>dQ-1 zTl@U9n%_3;;xt3MWvflSyp#)8?Rgt9a(zi;>Ap9Swo`sd@M6YZfUv!v`kFa*`NFJp zB)578hT+yW`p^A&xgkvu-Lbzr?c43X-d9EGG#8anm;xDX2KX*Gn94meCV^UbgW+!H zH8dE!{0yEehd)fvp_s1^8ExigJPLaEUYEYSRpYm~mfHQpbFC`fzCESEQ(eURq^SmB z(L2`Xy|CD@Qu+d1fV!!lJk8DXU7nK_iK|7_ZWLwnMPNI(xg3&Lw)|+M)BR7nf8`H9 z8ZV(loFl-W#~AwRDe;(ipOCnFoh*T0{Adt`FP-I{X&COj0jyEna$a1ImGjD}-N>kR zR(2yXdizYV^oLCm^@>Tf1aCf5 zzgKcycIzw>%r+Fz^_yZu7w%s~&&8>@oV(kmEPw^tiCYGF85q+*+_0XCy@MURO7^5M9#$|*LE9VaXvXlK_ApD6{?gu8xuTU3IA*2#_ z@m!+h#BY|h8~L2G{bROOD%OAIASTJ-$?SWgU8`tZY?PnteK*e$R5Du|9N*}q#V(TB z12v>SFT-s47vj2`-|WOb5bprCfpmOb?v``Ef>T^p7H(ChJ1K1y9Ll82%lj5Q`$^N2 zT>r%-<1pOnxv%Glo9NtSgP0Es_UzZM^c#i^p37h+mkv!Q#CFqrfjw4Bo|yGNRg6cO zrt!tMQLk!+A1{AzB@*rSwm7F<0zcV4nH69*s!p2PKNY^hSAS`V;b$T}ciuV27n^b1 zdG181<@+d2dti9li;g0Eal1gs@y;z=oAZmI3pO_Hw!D(rps~XpOzfL5*l1u$x|B#S z6)TTh=BHZQvF`7l{pzFc@^uC7WHCap{*Im!L*+lHCXTaVU@&uBK4n*9Np! z>B@9*$|~1);~7!RC<@$Fq|$J(;K2-VROlu#<7~)ex_qvt=qlaUw~aLOBTmBW8AIgV zT!zB2lw}u3xxy0ow*(B&gxynX?Ajj$fJBZvRx*q zt6k*pLAFnZIfFy;rn{S7mH!Co(EB}uvXCfV{lgc+qZN^QRqK7-VZQmfZ)+cf`o&|k zE)(JY<~Gipo&c_l$tVzo()Z6N%tq8FE=B9_!BRr^IFe~WNoH%TNMSly?dTX!1|RLH z4g&_K3DPYLHpvS%DGfBqlYj7lV0+k)QALDGQG_a80NWi8`^E=@ntAW3DIV1gPo)?d zRJt9WpFhStk0#0=>`D6+*=6ltL;s3hl}RaHU~mHc7b&dlxF3_)_4Ob?kmlBF=XxIac+!KiZvPY@~ttk_NExSpY$S)g4Vqp+!bAIa@jH53 zNw6XA5OQ&Ys&$^>K>Jp_m~86PT(I^r1jR#=nnpQNGC?>Q-|8|V3-7{@>{Pt@Ml;V$ zA|3R#1kr)MUXdkDfjsi?6;P@;5~DuyDQM6r)|D^T?8y_{+}>~$@!qKPNfsyJNm6E7 z9Tt@rBq36#@J=iHxVR`?yzYzaWz6jB-IbBJhLzd5h0FM z<2cKSp+Z^uB=Qfgb$t`}891}yR7BcqJ+TvosIJ^PIQR4&AK;<@2Cz^;gx|Mx^Sl7j zKJ9wHu~EyVQrApn+12jM8PA7r{h)P=l2Xc{ih}&;_nlad+2g6L+Jg|TW%M_T&gAni zPtKuFm!a{&uaexv(k5!nCBfe1G0**NFg%~l@S5u_gOo}hmt_wm2WP)1pHJKv?uP^Z zet&0gyT$8zgSNZr8qD^#&(5*kXcFE{f8;!40S8J|A+-#L*}qu*7!!|uzl9J18nbv z;iF3Sh`Brf$UYDiXXa948A$EjP!Udv0?xHXR}(wXM7U5`)mqB5OMBwh>ej52 zu!;AEl55h!OT3lrSALBg3eeXHv-Fxk|*V@PBwXW&F zW{L4K8Xf+_7HYI~w;p%OYN#N6oBi1Yz}4p~!doEZhTTbU!Nj?OMwNAqlt_z++hC!u}dB z(ZaVY@cvC%KPT9k2+?;MPsy(KGGq3)8@=z(&76~hDr#_->|?7a#AUHWIMFFaPt9JL z>TU`5g>P?&!SY`ngQ3)H@x6c=5$7T8n-FsW6)^d;ggdA|@atE&v)4Ieg0)4*-O?w> z(J~|~ACQSd?kZm&aK1Z2Hxd~CbkI;CI2d4{x!U~z@eomP={SU%hw%lB&)+Sg`< z^BKdi;$BJubr?9ZU@qYK6|I!KJ`Ys%wI`-|URK3zLH@}7(-f5Vj~~NAT1^M~Pln^z z{Sg7$_v0*}GQdMttl1l4h6I6}s!{8P?7;VyqC264^|o2-4qcxK+?Z`ckuq3XE48C* zbSf-o1oSHBU1BQp&01DL*>gGzD&VGs7pBz;s$;4k67$z3H4#`pn>h9#`d;%u3OiAJ zbG>9qPY+*k%6JBtn zjH*!X+lf|vYnKFPFO?W2;PtcFV&u8Y)mwk9qK1IG<@0M@NLb?O=_%P>2(-C;TPb%2 zmG`pe=YBi=cx>INc3F4$wRSi-=5$tddgy-z4bb-sK(E~m7)SKk0UMmah{R9*I;Cch z^1tjmZw)LGM$od6qESFGddO)x6?u4Y!Q8*+XlYs9dX*wM3eRyQs!#-wAAQJEpi@xP z4h9r;cwv&Fk6y*Hg84JeTDP_|(#HDrNk?A(`>&qd6LRkO^__p^dSZ}dhM<%4 ztnjr}8Q_~R3$i8$W+p<2B-=kvuG;)CqA>DRO70L|Xz0AFVpe0d_6QPN1>dJ@mAlsC z!;;L!HghT-oXQzHV;5>N`!^jvHU4$S325&;)eIkseJQ6~rME3J{`TBcd3d{WCV0xa zmH+?%->L0@;q}k82($nvDtk#8W)~B4t(}Iw>Q?a z@oHN3VSf-a0vH`Ks1I<*j|uxBI;JpqSg*RZhC`wjnT8EDZ+GP){g=cJV zAi&&y|9(9b%fG~2f(qCtnT#I-KsJnqiI6e^nrnGJ1sSIB)1H_b7}3QA3Q#YkyrVSX zSl{^aWL!2FU2V!z5WK&8Kb84GJ1r!+?(BXaC@tNd4l4& z2^Vqkb_vS<(a9sgqPW~ts~2CtiRj<3e@&-WXw~wDD$Dy~h-Ca^&6jt~+3{#Gi?yD8 zb7^bNURUx_T>2&$Z9WaEdzG=8yIlaONuXiBphHnPW{N%m6Qi_wvE5=UwVkWnYLSuH zGXZSL?=8;H5w%O_ugOgqW3aBG%U3UoI zqDnZo&EO-tYeE0>^1sSU10i&v%=RkMf5D6hSvahv^ zi+kjG(Qt2exQ7BmbasL5f`>cG55-7515f6JKehySmU z>Vfayh$Yjx$bN0^FKy*iBZx zptJ_R=0~VStSl(u2ENzef}B?3-H+fR=#{TIg9IS$U5!6S<=ACZE0ARYiox;5Q%E?e zfKOKC?z?8gcg_P5CP~-U$~E4OiL$eA&VCN_FYD$TIX>K}+vVmR@Lb8+r2r+x`Zj+t zc#pDk?3+zFnl>Nk-X=vX%MJhYfGP=q)?dC0>%WGTvH?uBJyD7GnBIDOpjWp#wot4$ zWq>W`WzrpAfu6W`9teQ|-i5!&hoTqr&t_0JDio;Y=?xHBu@d0E+8UWSghG!H!R`=h z*4w`IVN6@^G(Vi$Th3gE*5|f42#|3GglOU##l(wiwrT zwxVnIzXQUA%oY6G##*AH=~+{&^9zKX&M~tZu+eva?{YIiPDL2jQ(m6mFruoiyxMY- zmGn_K(DJK5Tyu5@c&Xggn)hA6W>!sK*MJS=HSC=PFUy|Wl`A^tZryD~N&oIfPFPUJ z6%;FAV00J-Vrpjf95*Y5Nd`?3zpcx<;s`k)z!ntZkR}uB3kM${HNN|a)0tpvv0`iw zD9=OF!ot;BiAtwk4%Y=#KS)_jHWFO1KqjTj=C_~#ZPrCykalR9B7DsZEFY0V;If>t zU9ums_S@hTSDgoJ?hQ6m0ToMjfm15rZy?3aa~++ih;gtD1!YzCtd9OHK+jU)V;OAc z61u+JXi6c<>PreNt;5fIQz%feH`aKK15tn*yz48gx?sFJf~9vccaTcQmFqqUv&z)|z& zr>LIdQvBD@~n2 zM8e3}UGlv;wTWQR1<;iqJ``sjVgQFpXALjS_N9zPAo&?twRErH^zZua5BG7Ps1;fExxccfAi+X>{z?@YY}fD2@FX7Ju+1ml4}a=o zVSX^R)xb(keT)h&-7z>kxqXO%c^KIE;NQCROSJ=En8r)DQ@+!C2SUAnv;d$gBF%At z?RwiN2ogMN|`yLHBP3Z#Zyu**Ucu)8hvx;HInP5%U!|&2DnRSR9EZ(%HX; zO1jKTQM={v|J3K!XxLIjWP*j3pr>^BmY?R#5XQ36aqg(c1bD~>3`{Vti>6HtdgMRnEX&z3 zm-KIr>Cxoo;({Ixn4UF$5cgl%zp!0&$n)@;*&zJP*FNVcaZUuL&yqZNaP6a~*|08E zpw_CUiBww;&2*Z2kD2%L2~~hEg}4FxcyP$?9;!$>kiKPPfID+6hoqogky%a>nl8;-u5;wWO zpFUf+K-U}`ik8Wo-$%ZC(+>evuA^xv@uGx)rcHv5dr^cX0Ol4o)r$tKq z*UTVe%pYGK62iEjj)i z0N(z4;3E)gt&Ccql0WB*LV$ec-2w%agbyPe22^U&QhJb^CWSsnpvMN2(lW6~I@onY zOq^Lk%XVBQcu+&QK3vFG1pCbk_J5;=qWV&|GME!6{u%pku*m^>Vh1=HGib$e2?KAP zSM4pBdhk7slrf$JO=EEA<2K#V#nnOo)8~`8ulexsC*RT_=iBU~`cs0?G+=6c@?Fn0 zRt%UQ0({ZEo@Iblql^@P!c16$PYF-+i%e!cpQM-N0#b_q?TYe*CxEhe#t&<)f)0R8 zd@0>m>i1#!XrY<2-5^b~f(90P`k+RiqtlxQGLN`FPs*kYnxd&Jv=E_5%^#m5&?)G= zL58r!zXEIy4u*vB(N~ZT?gk80;AM~I^5%031B3-A6=@oO(HK#2SrrbJ`q(!8mG~pm zg+D^LvX@3uQFbrM6>pGz^+@^LM1|(2H3H4mB@h_l35y?)1hjL~+1T)ZR^P$n5k22l zt0k6tdcYs0fi}IQuQnDYv+;VhY}POs5IDRO3KX4y9QpY+k&G4W?LhYGP3FtIHbBjGN~(jN5CvZRz&WrO)j7< zjI^Ls1x8&fn#a_jfess3bz8tlo9?cOf))0B`}EG+^_WopIlct2M0}O1kEAC3fbWr@ zO$}=WMFRq4%o2{0XJqAVVx;q<-w6>Hw>MKoz;|nJiSnlRRmdOvTAC3935@VH6LO)S z>H2}oHIHqLs!*ft3`4*h<FIW^5GbOC~kuMUkiV1qBjZ7H>Zrn z*t_P;1RQXnbjxfb=USSv1CM6gA^@2nEdweFShWD(*NN3z{xxh54AKn7=jI|kI{Vls zZ6Kya&{y{;3jk4Y2nIDU8fKxI%v<*<(wSy@cz2$l{w@4&_ za|TEOxgJNp1UuJN*%iJO+O`Ow#hnj2V)YOO1mio-cJg$a9Et=1;pAX8wbWRZ6N^j; zOA%+m3cXePt)Jwx!~Xc7FGViYm^#*^i=Ak*u~%1A4ETSFpdJNNLt&^C4PI{n`lFe( zwG9MFwhDvg%=hXh0_K+s(kfVYZXb{8E>m&W*n7)HSkUpFZ35xJ!l>QqQxqvCn@|Y9n_|T+)1DR)HO#J<;)Py}Ah&ib8yWNT&F2G=v%~prw`49ACnk{ z*BgDf4e;(ZupBz_X?oA7f^4y{e}2yf+l768e??PUNfT*R+9Xx9`Q4M`?}-6G_nM;u zpEZCI6To0cZu#bBamOVx+uRPvM--9LY2Hn~HL$VIyHmp7d%z(8Y;L?Gv+|&VdRXv* z5|D~u0Ye#u4&K6ZG*}{iDaYW>3E(5X(T786v%z?i#6zL%2bVV*9j6)gv%yv-Nh1GTAWt`XJrs!mEr z(f~@Jy#;diq)J_(*+jtFtzff7j33VG+BR8m2hHN#-afUwU2RQN9jVO!gm zjyVW)}wAm2o}8uS#o?$sD%R;HjbN(PI^naGj{z&P?wrfDiH%buikGvy);p z18Ive8^)U#gLP!yg{I{&)AEo~C-7Ty{?uP(Kfxe3$h+uEj1R_J1Cb988Z#%&iC~)+ zXqt)(V6;2v^rd9=Cq5+n!e^Q7@CBr{hL+_%5E#%CXFzrVSSW=1&S4DyD+6PuT9C$1 zqeFxMWiP0};R!-~4)}w>k3XRBCaeb3Na`w3&`k2Q$|+?d4C#r9;oZv4r|Ti!lnxmN z?5B`7#I2sJF!+F2I2_oJU2`6J?ufVu2&vR2u)(VOffc|sRquZey|PflQ{voF1}Me_ zqPkewnTO4M@${=P6`hc{jg}ovM!%PmA3Huu8nB<+1^CO#TPKs;BO?cFNa-E@msW@I zK^zb4*Zn&>3?2XPS)}ITkQ;0PZ0zvKO<*7}7C<1qn2tcp2KM_<7U#R(!eh$8Y!6rP zXduGU(XVuNwK0JV20(A#uxR=hZ4R#ZUg+N09o)D+laL^^)TlK76(I&b<@}Fr)|9x* z2^QCT7lt3XpLk-3fa@U{VVerea3P;mx?npKJsu7QCMNqPAm3P|v_Qy9uLfs)_I3|P zT=7TlmnSNpV-O)sRE>-PSL^TdU|d`|WuG2ZFYI3^Dr%#xN@Jo+fI)L~q>|Kl@mKBQ zWtR8^uYrd%Wz-Z+3vDpr@9u{hiitVF@Lq*IMjbERH8{WOUb(N*XZLbRe`t7Ba?VIE z6>t~eyn)k;oF8i3Lk_(=Po-US5g1|O=?4vR09w5~ShwMcI~^FZiCsn00mH z>w9pn$_P_jU}DsjILw+83`!EJyaL!I+vZF2GE?Aa_p?V#$e<4og<&=G4vm^{ZDbDE zj3mhvsDW}P43z3N)bEu7nXQk(@kI)F59XTJQ(Je$1_NX3Nr;x+yV%Sjy3}6`XetD_ z%;Gs!5DF?vybs_{3&_UrIs(6}xb0YHO8k*%401$z?(5{Jw3z-5fr_htlBO=XU6TKO znD-`*P<&On;ryN$sM-RB*{F5Y7MR2`OG6X=WkW@ZItFY|L5T(VO;jo63_}E#?*L&o zKLs8jC|vo}FN~y!j{wO$x$=*S;vI9s74)<^uWL*7SIhGIl@cJ++VnA~U4|Ap0}t`j zK8EP*ohs*SZC>$CV3Jx`Gq8;N>QDP1&4?1eEBuL348>qHDAGL~*0MdkwsQ&S7|V%@ z)2`5^DA#rz?<%;v$MXePMh%@GJ%-X(1ojjb(t!Z^7Wpg+IOl@WQ2j;GI>GdF0R8=_ zBKOHn0|2@Q@G1MV4B#H-50NwYUP`VV*YFDdQrW&-dq^EM1XU_mdr;d03DbW45guf^ zuV4`k{;+9`3~Z=CVWCvOqXWbiU`K!g$)6?CwEHiheV7WY!@4El7{p2c?H{RC{&u7` zNX=9-b2vUp%^C}P`Q#o1WT5nKxrh~?77^8@&NIj-+I4F7Er0G8mu2 z+Ls;x-kD)}+RqfgV-et9no$cyGa;_?5{5MCG5$0ist8H6(>1LyQ`FS{I{zt%@R_eF zrtfIza~;yi1$?)QX#jVM-y{=aHmLsV*D{Um4FA&80C_219T4El>$4D0&KTpMJ3h7A zPTL`uR+>iyayY0K^VGQXmugfoFk%pvvaK3G9Sb(QbHc)un*{V^6*h_~66N|Q_BV4G z5u^=XusS(WC4LdLsC|3WcnVz5H8qzI2)zE24+U;7{6!`i+!qaEbMTY*Jd9Ty{m~y4 z-4`EICYDAGy*rr@J2(kEc2{K{Ui2s?+R5Zvg4f_Z0QWP%o|ZFKFPD&L7SG@rIs3aDT)N*Bw*DBho%+QJ_S8#`->$z!=I=EFAJD}(7k|-v9R`m z^Wgl|rh0ltRrWiAWe|Qu)aA*+Cma|R%FyOACLWl|z=goT2>`~BL_VIvV3_x*qjD1D zT0L@e9rSev7$cC&CuDwW1s~E7h8PTN-h%+>pQ6&gyZ^y-U1{@kF`omf+rzbO^5>4K zG@8c-^l*>j}?OM&X=aU94rYkHuUI_GpV%GT%9wP9 znwK<_uEIjN%x~}K!96|?3YZgF@32Bc)$sm_Z^5xHH0v+tNvWqLC^k4H*8 zS1@=mhm5-%sFo#885em=Mhox!`_|e5-1+`-7_}kr{LPc?%{y4cd)x%bYuzhQQ*H`g zkz>P`yxVX=q4Vzy>d5Ar1OxrUoiEbX?NmSO4J_Rao4IY8uL}s6&`ku+oX@OqUl}w^ zvBSAnueh}S5)4)Io#<&mvGXK774R?wYK=e+)>q!MYF%>!&mIlAU5->?@CTA<2dC5S zm}r1Xa&k58_+dG09I>IK#S=0sPNyl7=^{oFyj-y3x`>?~AgF_6+G%6UiuZI$Q`x)y zUd0>~tvI`7xVzv3U?E1d@GXn)Uwc7Cn_Uc+!}M(}UGnYEuw*!1I^X4tFKDWWaS`5w zXfPX(sHmppk7&<#o6_^T7e4w2O@yona3N*P+<^!cjsL!dWfnzk7$6qcw>$1SWbb4$ zTYfRe1LkTA6GiN*bk6TSdiLLjAGL7=eWxrFpW|@<8+jqt0;v3sgL1?5OFjt0APN!gX`DwV;c7y(4l*PUaZ^ z;q2hZUXjed2Z4qO`k4>2y8q)B(58C?vO3D$o@J86_~tiG~}RPW~-os9Gq`okAbK_zJnA{&d7 zQ|l%=1fs$~W1g3%puWUlV^sEe?O4e~?@nliI$-|vFN4pdN9$i#HC_N0S<mb3J`_45y4G*Z?u zr;srhp_uvao3@930gz%l2`Zrb0*?Pl76&jl?C056@G)Gxe=2@i6{ln{JnrWTqM9g| zFcx_&{&(IUQjJC@Be3QTsSA%mn<(+`nb$479J2GL;nP&4Ug$m&BxSKgeh)0@%xIs=)*RcUvEsgTrxWOmqzI9fck> zXyfmW*9*!MAEg|y_CXzzqOA}3fG?G~!fHZb(*WzP8A2FB%n-d1TvWCQtJPWx@fo-3` zJXrO&njzpdd(t{mYZ_0o0j}2>08LaN(Bug8oQ|vqX*JtP^`}vFkKB{QW|G@|ZXmmE zIOr5)v*+S?FD7!QpiSoFlC8~h1M`ONz6}du$dbM~Hh|~n-{W#+0H*@AQE2`g!>h|k568FWcwPG4 zwPo{;t7rl}=w@9gbMG-g(*5dYvcct@?+q!D+en{{0E3EiWS=3ptH@ceZKJ)~b5B5t zE*hw3iwS$*jxASn67BsebXHJN^5fra#57tCXRrLwv3NGoW8Jcf`8-EyvAth2Fqnb% z!u@{AYr_RbTxO3ei_iZE8ciQ`?{G4~kys%QUv=29`N@YTeg2oV_ONw$eRP7Il3t1e z{QK|9`U@&1k!!+ad;RBNx0ns!h3cjEUXzqHl-*ee96Y z<5q2diZ$=CiTt(K*yH3ENjoNHJ((~|nWIR7;?gO3&BNsS<90wyiuWM@J>PUBFqUYd z_a7ilM9`L!hbF&)T&=80uaclRE$4wh6`&e@IyO=6h6RB$&)%6L!AOOQdS47^E_k+R z{8>;yDc8`%23)h5=n@b#0GytI>t3Tz+rVjxnfZ(88nyD09l+MKPo{loH z`!PP67=DNM%1phl0^Oa1^vly%hnf_)%+LO&+phr3XlPE#s;c~u6NAI<3uq_s*=q|m znq8ZJ#wWUay7isy4*zf~Lk?odJJ5gx>`d)DGsRk)5_Iq$u@Pf}a@!9PU>3FuCUNB7 z^8+BbKVO4_DRK%M8fVsAUs>Njo?kqdLrn|%9;|e39WbC^Dsvjqwg}xieO{p2x=;)* zZxCf~7El(!xpRfQ{FZSkX@G--oA&s5rrIl)(1qtXzW1~>LYU}Ei2Ao#n#J*w5Lh|P z5c;~6){bgk3no2AMLi2-`%NyXXp0*x8=RuVNb4a7Ny*l5>mxvG(j5}Rzq>dS%;d=N z``DFI)PX626DgPZQAT>qXegFZ$U2QqKV{BWfel055g9}BnqU)pdx$$YHG?98qxi;q z`B}A}n4SyDy#W#jI{Po8Ii&9Sz+2d#LWHJ>AXS}6AvB2iw<7t_kN87$u062j5>5S;XdH=fBP#xA0j?epBW!XP z{)q9q#meAB1nKUFts55SI)>2AJloAKf1`v>KLl_!-_P@BQ(9*ly-}>rwzBM;%5GNF zFZUL#g?%L5*S{w>o-kgyonGP)pjG82xY$h1447u%&;#w!4Dd>f)t*wo!bEcvMEy|9 zl|JN7%6KeCx+_j82p068d*2?)q9RkBh0xwY#XtzX8r4~BLXiUO)g3)*h@?{0Z9A2i z+~zo@gIsRx#v0$aKU@hcfCxx|VhRiyt6Whp(!b{-o_Zdi7CSBFCQLP6EF~}LyFU}K zVuhGFY&PBu%MOrW@Xl50OTL?<4V!sIt>ki!a*I$dc`sVVCt$^G`gC-z$8~zP(Ccco zf3|tQHH#t$5vab!Mc&PtHf32?!JNI%(FaJ53^wL~{z_=v9X0P4_ky!k?StFZavl9$ zcXG;q`o;ohD5vwzR*kqoX*7PEo=ioBde(D$k+rtI(R$|_`4KscBaVwB@p(LW-~H5s zY|MHF10*>Gw$L%}3vMh=m%DlujV?unVE{}__dYvQSJZ!VW(}c)%l%Cj>=Oe6h8&^= zac5d<;vpi=*1~<2&Yi18wZ>F0CB+aJ<1|5Al&{9^V;3smk7fccCK-55Dd0>O)4sre z0F?Nv9=C9&Av4^evzeTLGa&Mj0+RR4QVfE=@4R`+I2;G-9}Z>dCpWfs9uccgLRxti zx|B})-ZZx7-QExaBqOf4aa5}D6V<N10T%V8aHP8B$`_7HC$Nq>-Mvfp`e_vWPbtVOGG9^Kj7 zO2$A=Lh;AGyd2nqh2JHmF4we;P0t%qVqe0*hj)pirO~Aob%e#-9-Htu<`d}5IAMnx zFJ(jslA4p7B@#KXr87PV^G!cSC@6G5KKIkq^^>?-Afh z(iZ4$c6Ux~xAy2gwj;=!HXIr4!e<;)QB35M#HK*5^}axqBNJwHnd*P%fjcp#vk)gfG6q8Byql1sj=N59=qugnNnDZjgX0gV6d zGK2vc?B3Cd$zH*($2}USof8^3-GAriZsgr5@zA1kNht~ue=X?e={OS{)l7s%^kf0Z zL&Wbsk1ef50lX&1j-#M7WwJ36AEphag!k(J=O7sB%L{HyG4+$l5tqclL3IZj%Hw>YHbp6~_}D(VJ-579`pKuWF>hC5h|Tb7VMk3E zBghM>&(`$F9;9J=*gzu{kR(fSpLwnDS=KMR0b)5tA!mNa7F@;N(*u%z z^|#u>>#NMc@8IcR8e0o?!zI-Z1KWJ9Mm%RB8-AIdE#L=V+jLwaDryW|l9F4R50uia zfZE=w?JdnJ9ni>cP98(%`!21-JeA+d?LETk*c-e=v0dyWri(_q+7YZw zOU)sq6xU#Sa&A#(4TOel4x=jbJ19HPmxAw`axqXZ0;8%2>~{Ykeh=$nzs0_2zW??j zVj;JBn`lM=Q+bZ{JZr8 z7To#o<+4PaO<1*Wnput?S1elow=$j;A{3ocSfU-dTpT2EsL(9!K(ap7uwzfX2a|u=V z7wj9Gxx}->X}C}{K&josZOSDGyPG((b{y2MAJnGLTdDew9s&!rlEuN%1Lzz$Ie~-m zBQ6puF~WN~Al(6A0~89b>Tke!feHI<9KXmZL!@;fs!9S0MX%7U<@DMDmMo~f+la@| z13qldSPZ#DLE)QdSp|?Y`*kh}06C#KDt9%Zb4#QVQgCn#&P${7?y4Sh#e4^A9U8ghN?py!nBulp!x6JKs*U z6ZNdp#2Z5q2V|&j+k1^uyEVvd75bmQOaRp{J#AUu+wAreYr*i{+a+{U;kgew*U5s) zpw;u7or8mmEM%#Mq_Dl!``~$>Tz$YdzN;AFOW4gdig4>~|7@aEm+PEkgZEg&u4=vN z?#w5esmZ!_chSyne{^c-PQC9#jwYMONQn1{Iik9VpFBh*y)Vbnih&{ah2JLNBT|)* z%ZpCq2|3cKPnJECZaNlor^h$@D$z9~GfJ`>g&S6$I;(5h7Vb$p$7-YftLI*gtOA#K zbKWNeJ2j_tfja^=quUMJw=Nj*t--S?OFNelms4gy@ zv%|(z?IKQBo6mD+r;YFRdhI#mLIo~@^p0ICpbq|C@ssNQO@WU9Z5- z)Qe!hYhGQEnmu$v%+r&*o`0Hjc@lyLLn{f9Hl_2!5k;l&!?~2^i%L~f#yWUmN_Ucb z7-OvQ8WT|_ukx9&hxeGtx3|FC#?Id;Es$C^1YF>unAjW~Te}C{e&ca&^>Ud?6wxxJ zc&LEo-m6MbVTe|1Q>G(L*I-c2QOQ=x1rrDk{1G9HdCkB2H`NLXFs8q(4nWPaM+kqB zaAKJqF%+cN9GpnL%TOA0>z&?ZNs50`1-rj-^`rkv`i*YYF9YE#NKvwt8h#>EO%WctEjrC?_dYtr2sI_iC)qGjnn$Q!i)6Si}+;fLr&h69@}hf`$JHsr@{k7{SS z>#-Abjm>>DS>y}UqzYy)Hhp`x=XE^h>)-k;OnTmqFYOvy8AnEELi)WnFUK%2fe;Q` zz^(sVc2f?o|^ilPEvq%OYkI?tQBm~?T--)u*~&9v7Z!FRBe-+L>N8xv!U z&*L|@B<-($l=|&GB$k*&%_o7adP^mh4LJl*?%0=-WG=t0`s%LuMrESys_WKI{czGs zsk!j~**Vc5PwHqTc$7I;oR;wEtDvw1LGKT`bcpZN@|FitcDE0Lxu0=Xc22h_ZGN9x z*0pp&4HQFkFX6|RrIE?xXw(0oUm{(iVx_6BRLB@jA2a0}>{j2mxyn+Z6~l@Tr&xHU z?4woyYPfX8JjJ}Hrd%@7QSbuEbVbJ7yr<3>mZz9AKkZMC z*2ckgueIGPj`>CWxpF-)zkY;~u9?`nI=Ux~v8b`cxLzN*0`zl}im)T#wU&G8z1DlW ze-V2Kjt{1FkqUz*&$HfahpQ=R`b1ExQPxMsVz$~JYd;3mgb4%=exb0%aa-GOZ|>Vn zZAay^pnO20qF#DIT4+%@%uFC#ch+LYk{JI@JFoJW`+SA1(u>S{;?+v2AFXeB;r!3O z!|NsA)r$nZDH^MGv4WX9h9~g&wb>mP@1CSr4j%UIvJ01X9{E?F3@8+|Z`&5eJ6G*1 zsR-hUVM2Pl9J@3G9_GrQU?r15| zi*HIt=XKLwYa63)#(IPY`j57*zE$QaJY~ROMG0#4z4tOaVj3@1FGoY))+^RLGq`8F z%6R$YN3&u+w>{$)d~>my_~s@=$H2oDhh7}8!z3d?~C}laBYCUXryR~IMDklFe&C~c|-33-5f~rfUF06 zYfbxYZ}IN5zZs;xLvn3*|5MK@@9_o+gjCoL8r3yEsrKmXq;yVsk}~eq(eVZMjP;{T zPwsb~DB8(a*Mcwme-_2+WT(j$s5)virY+hScJ}`mzo-blR4s>RX{v}CMs+=}*KRad zNFO#E+;EVY8+*E9LU`UIe9f4)0A+~?0qerfor4s*t`cw_OC#5K#kX&YSas#vNalUo zR%CndhE?h3>i+RLxR~d0x`FQ+hMWEZlv5eK?xdUK_aX97&Xyx`lzB94n6QRz4f8%) zHR6JupIwe32U9*4i1I13wF0?@#n=s_VXf!DK6IQP#=w(KSR4eUU zHym>bmfdGeIjnM2^Ct8~Gu4!t@W*DpO>At_uBL6E7fk1rmCT$D^k)pe(c*UGi9h;<|Ob{wx4__k4V7ecq2tPM!T>mF@k;7XS6<*+w}g{qxI z3T7i3+k|C&nC8drBJdoQ74pUd46x>r`yyVKOXT8N!{rRbyF5-oQgas&o$DcGkL}&t z>TOp`B2bJE8_~kTitIx@m-2Vzig~H#*|QPEusb#?oa?Y|0f>|H|$8*bGY!` z+nkfVBW0H6zmF{~u02vuE+55IS0i$pW|0iMKCpknt&%s|X=op>hHk}8YefZQXX(xF zno~MVxpX<8Y%olq?PW&s8EZ9VquaDhc$YT3K45xxz0CJ&0kX=x?Hje8UvT0l!!pqT z*|ZqXOd1phq7hJud94t|L^E#4NROL(NprH1k`NnO{{DrAfdC9kH_bxYig`SzlQc4I zco%s{^{YC`pnXxcvOT)#s21bP)W-}k2p}n)c6cgooXh31TE{l47o4Ivl@EX0yB@hc z!fsslx)QtI+yR>0B1SsRJnf>x$((0ZmksIaZx!8kwrI>pVGY`>4MKC@M%@`h5Wrp5 zuz~>R+aFVG(6N4*kxfUQ3TU4h*VwHqKsOj+7cYJ&Yq}T&lY5P&t9x3>hA`$cAuF1V zxLgX1)eBSnxS{=j2f24(K%YH*)Uu@hGme%LLp1MseGEJX<-(oULANf15x(2K0fe`$ z;EaLrtEC+~j=6EnH=&vIl3SKLo;IeZvZbYfgIn}@`e3mhPgSDNyc%%x;=O>YZbF>m zkrm2SiM3h1y;;>lVm(r;s1AF~%V9nWRgTr{%{T;(aXt$L0?sN0iuR}19cNjMmweTh z;j4|8c-CH1z9h4inkWwclr?u%dm_BE#L~m-6t$w?7TlXI>hz(FzTDcM_&`wv; z&{2Go_e;To3)=fcK#&9lK4BS7l+0hgep9p@O{B9NICl+gO~1jkPHy1pZ?orwkO~Nd zx0alDQB-RtnP-CG0nN*kJkWd<29L|l{(IerwV!hLIkoeCWvf{;VbpInP$hV+Kh@^< z3@ZYUT)%=w;e_%4)BoT2pr0)Ll!4bN<2W8?iY}^m zf3e2|9@8Ni0415wLOCqTXE}142ElqqI{NeYb)1hbBlS;uiiOea(G5vx_8c227qPW~ z-xPg&dmNgDXzN3%-SIDP`L`+_<@I@PhoR$#0J=35uYSbzgeeh9Vr*!-^l?pXaBA0J zv4Wi?A#t(C`&u?~*?=<#5D=;XRcPVZW|aWe2m`?f@nBBY#=hUpgB2Yy zJw^>D&U5oa=dmO=0>AB%Z^m>yJ|tiJpK@>w-3XS{;QzK3x;@Rnqt~=Tah`EM%AMNS zJ_O7_j;aNyPR!b$NKWQn(U?iB?;$+epT?^5mH;MlxOL?xm z)C8)PDs*y?ON$H zj{dl34oXtckpok7MlIX**})VzcB_G0o66Fu{G&60T8@F~pVjEf)StThHy6aB#3^k> zBk6jZZ0tP5bA1sCJB>=~_7Y=ali&PU zDULM1!m?Dd7@0oZn_*(fXLHmGxIK?;TwJJ}4xG?`lFWJs989!%WeWM-0nitBJHjnoz$Xz)NqFPCL1e!zo>sy}Ptn>f=j=Uq_M8cQ&#qvqV zdW`mJm^y3Ps5$&?K~YSbxv`U5QvX%6&fa|b>Eh<`do*K~-or^oYn-qjgQidGwxwo& z?v0Pi8{1Ytns(j7VfDVn=)XBU1QSr7V26PVJRby7)?L+ezSR2Kx= zQ>`=y7mop9K^twnux-g{(bjs_&93sbHs*Jj%H*eTjPv!)eQ)zb$Z~GsVwhh-m?KLco!5OK3`Nh1vZ=e%GyCc{l{4W+Po9x-{o4e=> z?8@NqxK3_p-8AWAe^%?)WtpN>__3d05Bu1D&es{hnmJmsS1B`(sV}{~c4#$TYZ^K7 zcHS+4cF_{~#%kc)F&$rGB)R)8zw{40O+MkCE^Ds{PS$#GWg$&6vqFJt_4dh&0LlAj zzc~A&dW@%jRT4y8@7?>^&&2NN6_9niKLrhQQ^}S#`95OdNXo*$do@VD7&yBxJ+%ZL zJzBZf12E*T<~_f<)|su*6Z5YE3)w> zSx4W>DbiZ#Sj)lf9*~18RllTA2RHND?20+>rwgAuUEFt@B-806`n(#`rFDF$o~K41 z%{a1ooY!Z<{5z!kq);icz^}1;wXCA+5Kq)0>Ax2on@bEh=>pH6tjIkmQ6~JN_BAfn zTC3smEV1^OcVMB@k!X2gdBfq=M^HG+Cnh45Pi*nQ~r!E4W^f%(oD2 zUb!`n^6OBK>Rm2zVAJhiM%Ro>y4SSn#Lmu*@vdjRX}x%O>6mRT25o^c>=oAGLc|T; zs!rn%i>&_0egbg0_gUaY_3BOfwCfey{V3ePR!Lo&ALGBJH%s^u!^v;go$vN@RN4At z5Dh(Hu!bjDJFQgJY3kCrC3k?-wI8Bh_^kbE%{9L!me(Y{bE z(s)TDSMTseUB}he=J9)(g2ko<+weJizjWsrxoVYfm2)9In=RXp1yd)!5wo(l&#|*~ z_+;szK&N20*g#bYExh0*1ss#s?dqExwLH?QZqK>vC2J#_jO5xK;fi(7 zcI@zjaB@%d`fEYxEB7LfH$m4jszqZo?NVmKb{nJ5AZMvk%Aumv_+%(uODK?@xwf}QA%9ikM(J%!1MOUTTiXW-`m!Xnm_g0>$U&` zlSA*{JDsy9?TveF*KG4yJK02b>SD!N2h#M+vPHN0c!Lpa2lvEEbrr`n;TAU70M zxs%`*ve{IoTHZ6!dKlmwM$AXc$;-N&gs#xZ(?7EAv3f7xt~3Phn9mSuJW!-p-@`tw z>~*fgt=9CJmq8^M7~XBQT;JLK? zuTR>K6uE!lUR%deqIxc>_yA@2HOB<$`pW>NoVxXEKw|-WVEkzCjB&G7sg|>aSV>ZI zO4cOm%Y{m8rQ~b>PUaR#J4nG|C(Er}}4x>_DhG>SzpaK@`jz(imc1zUMjx{ml zg1YS8)E4e%_i1Qja`0D5=j0>36eBVFQo;XX9L?D+aoYCqg|@Ks2Ro|I z_I#Gpj+WP!d2&5OXg~XyaZ&vdXf$Bt#D=CeDLsr2)d6k#;~_m@Q@|;^dTNXVF85hZ zo(Y&SZ)ReatQ;NrN!r6GVyV_sGoavqa4t`+{8qIM5^EW*l=G4rW@2e*IyJWZZ(71w75u@aK}`=SYrTw-9reM)6V&!a#r2Uk@bRR7q-Hnnz9G5vX0=D1fko>Ru$1y75B-f^CL}2?$6^hqQn+C@n1|4FV$4-3=n$xoM=NyWv~g*Ymr+bDcj_Vn5GXllR;+ z!hNHPN}1SE&CGutiOfwc{t$_+T{#27mSXwn_NKNXOow#m<@hLCk?j8*#-d zB6&7Q%Qe2!-W145lEx3`Mw(;=Jk?xKW1}NGIpSL_gE|WAiu`oP{ErJzm*%Fg5)!CP zVZlYLOGShxt;Are*Ep?TQf6(10tzlpjcJhF$`=sp^k)tGIS<>N3x*$YBz93LFflW| z|5%IM89hJ~J0<@2h=DlTwKW1gG<)*WL;&4pQyRp@kcM!OV$8d}!H9-VR`VwGn_Cbi zzScFgGkDJR8;A@_wJ!X36?sc8I$Q+;W7>qTn#>OFqV#mYk_b4yAV22)!<92SbIrem z0$ZL2x~>4oDw1hL)I=7ER7HxJV3VLJ5CC1z#mXhyQ*hwp8L)U4NXr>~duLUhk~)`& zBN4h+?Y3X$G#K{O#Nm&Q6)_6p9DHYQ7-$6Ze8KTzwt)U$g5T9LZmayK463Hc8?{yD z!q6X7K%&mH?%uC6m+7nLTn!Xs<8 zB!@x1>P0gve(qMV<^gn4J3k2b*xTp<6{^wBcD!;0D~gTQGfddGbgV9uGH)bUIBtLY z-C_$JA4;arRsYY^NbKr`$>e2MF%YB^MoHCk@Irr3?i}o_EO!x;D!<ldp6$q`5u_1=1Cq4fl$ z8_&H5?BYzf&XD!EpK`x#p|X8DmtK za|d__*7-_!cu1joW4w|8?+e{vz@i-&sw5MU}$Y8w^gRc`AaBAxReA!IHg6Jk}$$y#0Vbtr9lq88+RRm z?w>bB+49NKkviBqT&CPKJqF>ZLY{)1&;7GN9H`{>L=*c`su|bplzfD+h-#AdlNw3z zoNGN%&esElI>pZyqs0D`RdcZNLhZ+osApK5cOwG_>^?tKQe-JwFuem#)WnINae$8*C8bLD8CyO=G&Bsvm}c=Yj;)*| zk^Z+DV`>i*`NCCczE9tq%-F0Zf5A>;=Jg_}8{X}wyvS=_WbP1iZg zdcy0{1<&ECIEl#fQKaUKmW=&0DIj4zhN!CKqC?x`d(NxQz4{$@LsmSXT^6c4xLq|D<+~7`huiLGnwZ_1xmU`m$xp#Y z&%-+T-U=IJ=mrJf5w)J0-=Fszt;B{< zt+xG^%69{|^Y^K5RO;2i8WG5Hm7*1+n+i4Y#_FklVfQi+h_LdNk|J|@920xvf=RB? z?J}?lyl3z8pANFv!FA{c-jvN=cG#qiH9FdR=Bmeys?pPu(Y1|s8yiI0-=}x1ct~&W zngwg9!1QRbdbNde9~2sUgLRWg&sQEk)d!Vq5u0pEv4cz}xn6mFj!VE4%uG-B9Qdrh zze@MJIJg=K@r%RuIZX2SosFDlQ1H(v%=`aN@d%Fcai6M~p#b`yoU8`{8$;eXnnc{U zWJHxdi5uj6-a29P;Sq;`(67rawVvsUY5LFBtEhQrR$K{&?;FRB9jYl7qU|QS7QrfG zxWkK!-7RvCRIsL&C69F09W`9hFH#ox`l)q|q|Ju?{OQSXjmjcEU)5+VY?JCQjZL)W z1_FenB3BdRFvkYc4fqcbfZ2;e;yKD&5B^x9`&>sqe8*G#uVN>h<59L`QJpp252sSz z3@|<-w!yM7D>$3-FE98xKlN{KUFyQ}EIpmC>Mwuz&$A%|(dMU6H*O@D)Q!AMxeBcJ zZrO8-lo{vC9I@qcv(7VV<@d7&{kYvRt(hNEzvFl>FRrn&ArsH6;1K}WQ}W)IFiBe; zG5m|Iz=Uo=A%VnvlR~)+^H&$yFXUA1Z)T_tW^>9B6u^kYZ&Qo;;+9k_h?fPXPN;7|7BloA^2< zTd~4{8l*9RepcE)M3tDbGZQLy;U)!iIM@4#WVdHIycL{_oQ*em=rem~_RiyT!Krdk zut0i=De_lrr3hR!S*An_}<)u_g9c22&A7zEsl0i zhNh2{j~sR#nYQ7j&!zvLtH@KYe`Q^_WRVlP|EU`fXx`gbIhdH|@7{P<<-7&bI55P{ zSz9*IP|~ww>>{OWWT4!lMop>+_F0E@$4%_)ouED=e5a@OT}z%mVTMGdF+r1AnGx6g z*HZLk!*lpL1iYLk-+kIViO4P+ILlVe1vDCaecO65rcxJqeiz5D{e|@&pc*tAM6X3= zzzEqF@wFth~{ly1PIiqdAVyGUJHCgs7-v)G8NN?z3H5O00P0+Nmbn!7JDx~?Ik$07QbXom}SYY0Z5v=Bpdiu$x_L-KRz}th4wC%cjkk-F*U)nSS$kTjD~lY z%Uu~ITdI~7h?0-tvr)h-Lp2L-%El88f%IG7`RLz;%>QhImlADW6+`vwXI}*7xzu-6 zx!<7=JYz*rPOPa%a)mMSPH-aK*Z&>QQldzDV{2?whzg9Pfkl5 z<$OLb{ij-BbY19YAX4$m0F_c1hp{Z~?~Tn$G+k`!Y*UOxKjP7O`?^VkY#*svAT4=Z zQd8De_Or}4IM*v>>*VTyY7m&CqY>CKT62Seb?W5kT%^c?pFUDOayT}@<9D-Oii3h! z$HP1LK|W9F!r;IgIa=tHTFbf|IR3wekqi{fA!L+A1goC-;q>1uHc^9VA$4h3_JSP2 zvlI1Y*1$0O8i#pjqkzUz3$q#3(qU*h@2=aKXSy7Z3L`E(dDzQF+E8nxAj(?2xR<)j zpZ35w8jroma7feD%FWBdNdPc_fgttXfTz&9vX&y+57~AJrYvoIva`U}EQ0N}g9`gp zSrhzuz3pHEbfd)?;49vx)Nh##5k)dDNN$8xxR$ zGH)lSj(2-E=SoCfua$QE3MczyMUVCV23Up}|7nfQl|=Sr!^=6$PpOZiy1r!SSy5bG zTwFMV+kF*cv5+@LvO$!HDr;K26O4>ZOmUtwsbET{CL+5c7vV^!z-DCCsQgi)d^{q! z|5eMCMER?F8@}ZD5sp?Tt1p8ax>WgN+n5KH$py(TK%y(?x!NJ4#P9?FjFHLp(*MhK zP0A-Gc~NQHo`-iw4BE7>SB)<*_N4^3ujZ|&YLOJqB~;NeN7CS0l-#Je=?5l200VSCOj%Q8Q=fipd7ee}R*|D`4BI z{lK8-!I@@B7~&9a6!RXu810&I?7sCPN8^jMxB>`17JI7jtQ2i+!mS3XNN^vdm9Z0b)`Suj3bN%E}0b4iAG44s)JW zrKQosx4l$Hg{}9gO3JDyAnF%ty$D;{o8bDdv@;F%_7y8gCRN@L5Suu>)?`huOdsN&1mlmdW7^rks`m$qeFpPNnbDaORt3uZ{%K3myU0LAt(FRTFQOm27Gd|ktMT`p&Vw{>aLtYL1z$wB$>Nbu51u>_m$2@H1HDL@!5BY( z5T;K2(JTD)U5E8?)K4%5r+8R44&;NIu4^Zr9L1m9RWE-9tmyXaBM=tpPDf&4bBPF4t=+I`GlRRY-D?D83HM)qii5ukwcbjZIMK#3 z#_BY^l793C)ELCG_2!~K84Om5TcJ1tLq<@9emT!(sTW#D04nD?tZ-ru(V8SM{>{P! z2qZ4cbJ9dkYzkK$S?DOTZ*=ZXkxV1%U$=abaOc#@-p}4jv>Z zL9cc6t*aTUUO&UYzS=%p5Ga;2JwlANN&`Yzu4B^(&a_%L#->_OR8c)Nb+U+uHKBjP zrdsRKidzj1rmV@tpEJ9q64_8ssaH> zsXF!m_+)GApA232rpCx6Tr0+rJMai_2$do*xqlxl9o@09mR3|X%{A<6Sxf7(CIWd1%sJBf zzLYz?bL0{KqhrTzlCjI)gbR%Bx>z`M`_zq#)cLd20Kkqm)t~yAL|OidxhpG=kkhSB zq4f4s(X$Y5YU1DdizjhA`$Q;+ms>p|LwN<(5Z^z|2ip_4|5+F9ADTb9;^ZM|SOr}8 zdlD;*HnjKmEft; zeb{y?#rRZGhi^>8J{FuBS+i{`Ou!gLL{SN*gQNb-bDmYlHFk$$h_W_&# zYW@T`n+$K}vVC8|@Svreu7f^S$$v-~WHoXs7u0Y=7N%f#Or0UeCD_*? z6TH21wl^b!*Ncy?SP16iizS!7;F%dN^Mf=S)|%ezC0g8!s?o^^#o9IwTJbQx3Zf)p z%h!BBgX=?mB$Jc9=ckJ51412eyJTjY3T&Oe>!0CXd>Cun*t(G*FdD7JS41+nvslFaR$PjSqG ziM{BD_H`E^6A}fQ3`y*A;p*V=Oo(=Lt?Hooqyf-Kq$`Afh)cN_4^$O+9DNl_fXg(1 zH3nR@WnBu?6AeQqFdH-7!;jlVCW2G|lp##(IWY)pQ6qJ=?0Z7K204G)o_3MQGGg4j}Q7%8>hgm;EEBm}kBQ7c5 z2C2+fr?F&KK-P)P{(wmZ%Y8zJpy%&9r+6htil>@KJDw1OQKp1&hn~M}|KZ_X`#6ep z)`SxEX;J%ZGA;x29bAB?3aa0bT{p5Pk_eY>Z=&85Xj*{0ef5|*;S*Qw$hr%M5a^C6 z+yiv5cC|n`o~aasS+i=LLyv{arV^jWpU}$VK%3G3fbbSITLVxd;v_x=dDpQ=UOy1evSLJ*_I`HgVk_to_ddGSFC zy1qb1jD?`^rcUF8`kxN2dIE2nklktjwr~sQMuR8ujjvNZuaRn=Iwt_`UCeOK_^31; zf`eEJ#Xm*%35ItMjEGSo2u@sA;Q`<+*4yr!^&+C$sud9VsI?@iv_x zm-(^W?3`g7H*UN((vAvtbdyG=xX2VJo&M^*fjwtQ#S@?BDeWtUSr|g92qV*LJO5W! zl>oF-y<(zZ<|A45Y=rFakE9R#0daPc{l`-A6c z$+n4V;EBj-roX$}d_K>Sm=}s072`{KVr2Dj#g(euwJL8DS>Yb;u?CpRTHGVk2yHO^ zHZ)v<-SonGqHnD}a{>U@(ftQ)vU|Xs>QDbpO5$Im8VL(~Cw<|d>1mus>V9+~IgLMsjCotF;rxzw84i9Nv=~~5;C?Pq4v@dB#-Jy1F zsRX4xLBnf{RmbuuVCCjd{Z7|};K-|BX0hVYH|6?`%q_2_9co|G{~`hh<(3@P%q98{ zUsF<1I?TqtKjuAn0Qu}Cl-=(UNM@fttohBv@-};(dl&k2TyBm03s}HU+e=mUmG$hj zvlh!=r0cT{&v)Q{P|I~)5c6XPxEe7glxX=?;iQ(iaV5NJ{&-D?L{58|-OZnPO#w-M z+$Y3QRgZ|lvg^|6$mzY$Bv}%+l@?ZCT4_PDr>rx;V5@~*OF=A~Gphei5Agfe-0UAD zV9M*H0Ycgmq>r#NmuHSad$mrnmP)!vrRh#`x)E){5QKw|i|z#D-`O_GFsEA&R>v`S z-T{t$!c}*|lzfp}V`OYLoOj0FjqbD!Z=x2woiS+o>Rwvv1W(S8;{-jQM7{F<074Of zwcpwLAE!0h6N!|PfrGV4wG>68!5>^A0kQ+|cRW|vi{#Ux3 zv9s@`guoEUCQ`(#zx0UY8~-R1f=ohk zp0oI^tPqgBnb9ljg&?Gn-(J18;@e9vE7N4di~I>oCBK%}K!xmy45N=7*lV;1OiDRZ zl`os@F+6?rtlXPZUcsL1hHu!G0HzLu(DD%u926WBLrPn66lNL&zSQ;8WbM-H86}2J zBj5cKhz@I_ot}n>(Hk4LmdTC$*3ytp$LQ89U zIUYBU{fy}~K;47%@KNxTPVcamA_1FTv+?A|qzw}C^|_{wPU&=*l&O>nDs3$Bx7*`ZWYbSr$+EF8Dk#{<>ko;@ z%@uo5<2}HVTCaCn%h&gW?iVlSPj!JcW%)pz?HKR;`YK>8suOwZ%)`MG`rjj`1AQoz zQ2K#!QDeqDIHusgoKg=au2VdSQ3;C-*X-q!5L$4(7DGi(O$bU9=ECOAki!k@4wC{K z9rrZFJ=g}b)O;xeXKuh&v(oftv2x80q^N8;F6Y8g74UsGj^DALe+$*&ZTt z*{|&b>dfnHzt3thgeKvXa_Ah-gANYRl9ZD@ZZ$FrLm7<{`KBCm6h$R95W_X6t zh0uO@YJeuPX#>RNRPL-h1AvD*`iAD#^dr|dU0Ks0f!HI&&NWh|O{OLOgo7aq@&++L z5Ez|aGj+^z&<+U#*tDDyDq2pt6x2>2oe=a9_w03TIyoqoF$Zp?0pmXA3<+p&`!xcw zPeQ2N{$m#_Y)@2qq6peBxRQ5E?(gWqkX&0g}dV^hcr0NxY<(Ii0>T z!M6(rU$#PlGE58z^=dXi6(39NnygoF{iM#Q(_jDXB=~~=MR2dx?rNXaD}z(_g{`wO z8gq6)NvUYUrH&hf>+^~Rmwk)SOpN(_NsAjl3Ku1q!dx%+KQ2I67n}BPVoXmEFP)yd zmw$P0Nj3(k9Xx~%fkCJ?)%{NofPwRl%o^Eo${FAL)5|0gTKJ3C;xMtFo=s)Y`HcyF z<-?!s>;((y{PCA;Nnu^9|7+iA3b*^USHOQosR9hDtgqGE~e~+0=^nC!e zpr2`PRcr>e|0sp9NLBLU_Tn$y?xW9pO~16(ZouZn)`D#Dc&0J1BP~o0I}%ESev@L8 z`1S>Hd3AzyR42{!J>~wTfEEG`Nc>X~gBx{NGu{BT;R`P;)wX_YQ~TP%1`4upF-8e$ z{BN4ffU;MYu3(-$?4J)MZ*Kz$b(G6H$pm%P^ms+=ZnV#mmhiP&|2U4tpSr3LDnHuvOlN;XQ zDkOfctWLW{Z~HtP3H{#OS5B6#Q9J_6&4wZ|h=J3xEiJ`BW9fV-)~HT0N^ftTS+~NW{7M zHHWqWPG)YyoUbrJhqm6@N$jsd1S7y8j*SLD)j%8#cziT|4?}E*FiWmCHac<$aHXSO z)jOJGrH#4wi{d@e^Fsskv>>fuWi0_{>Gn}yMCZZ==ws7$5TiAWC40U*#<4qg zm|j3TX#*=Mzz7!2tmT*%8-((_8$`ONZu%B4M%V)DIAzjFTHi&8*~BVTcLB=!(TwCp zw$}TN+-flnsb<3-TduKbmezi^I4f3A|E3{sA>XPuzykU7Wz#;{qCG$~iPdWw-C8#6 z)3jl+LpNU6s)E{=!Sy+N?E+0u5(2y_`y`Ez5;W&bpzlt%7&tvJVSY{*r%~T+BPkJB zbkU^I<>OV)g;6KId+NfrB>n1qeQ0Z$3x5twBhu36rF;D$r@{Glr*z zZA>yiM<_V^xHZA0gj^8Wq452{@baNRXYSr$PC)yh7WjryqQc1;jgi150Kw-u!LCI` z-%|DmwJ+Xl)B?LL9zl8PuTjzP2Pt0VpacWU2d*uM)ZN#X~ z%(9>l^NRiJapZtfu4hH8N~cHFn07wZ6N0VshC@#8FLd#Id&Y@?rnF0( zeaABzD(w)x8QdxY+HFB(#83K^P_=5ICUt|r;@wrvRUqKk?YV__&!eFls0fmJP|y&Hh@{Cz?pGHcdWqI5cE)CzRDfe1oqzrQs7NQTTbb#m<7OA;Q2#hF}e>yVD8 z8N;&PaWo8o^Mi^6zwfTqj(|Tx9NsO|?*#g{R>A#nrh0Ws^)MP$Bwskm^@6YCt%E*w zdM`kVw~uTSJ;3%~b(twW-iic` zS^#_o3_dwJ8FOVa(PAyd=;>yb4FZP$F*3I1e)KWqcP`op&ZS8+1lGCo8s#5%)AFb+ zSAJ23P5uM8*Q|ca9w%Uetwi3k!SV(vOIOxdR76P#P>3Seg-HuC5kMQ$VI>6lmLxS! zR%xk&?9}>61E4h0eYS?rE(;896l3u65D8vjOy7gOrA6KR@w4<^w>z=)I?g=jWC>8h zHDp1a0bf%s9F=^bDv-V~dWR@s%tc~OrEWg+8Z3Qz!>_=BPm|DcTU#(|3+AvWmJWya znl^P!%clQ)ODuWG-9R0vb0wZl@}YMc9WZn2ilc2NP3CCY2qkM@}ux@$xS|=QCbQd z(B@+qATLV#OQ7=vxwSK)=AC{fwC5igPfJ{(oRgSKDw3oTv-W@sA!|@jigP7<>g0t> z&Nb4-Nm)iA7+c()Qo8|KxFE z4>SEEHY*Mmbl)gThq3iqDel~!ejUvg@!5dK`-J`s?6V0};%hmeX{YYD#7A3Vieutf zZ@1y=v|;)Z6PSk4v4Wz%PxJDN_dHlhK9^gObEQ`BeHC3CC)v2__MitWV3eYTqu_Qi z6*uqxTD4bs#!ZLvks8Isg3E3Rk-4vbbaC`U&G~t}tt12mk;|xxpb{@X1N8UIeEvsxCWAs^Ak!gSw81Ox>M3^PyG%5NTMw9K9LT^4zoY?IxW?AHjU$!4@Z!to@*WOddHfBDjw^59I$;s_CXu>k5h>c(_%r8v zeO$0^2oJ+^p{hp?r)yWX)btR$(1H9N_TndLbH)nYF?)St6@Fat;cmsc65IRlw4bTL zO@3(K04izPN*;O@A-iv#L<><$W&%FeJ$W;AC*&o?btBy$ZxP! zEBH9PJ9quttx!Dv>zC^KDD~dE3Cco-E$KlE+Y%i769{T~>S$kM*hK{vE52z<#9*S% z28v)b2s7n1N}mcKd3ea+|30Zu%gO${h$ya4;#}`N(18O1>u&}gJz0`_940k#y7Uz8 zFjMc{rjp$;1a_M^v&nqcI_m0R$@?vf;nmqg@bD%`&XTM=T%Z?@zjg3#eMJqIZV3Hr zbA3)dg((-#e^qroy>E}(4k!Hk^Wax>nSo#JRDOU9$r`bdaeADz2#A+~pU$;!yw*%*|&k!IT6R4#Kr#T+~7!OM}m$gH@R`$op z=LoGFao?85R~|B7jw3+(&p0j__?QGhCd`mv-{@Z*1r)#H zB8o%ASP46iHn_oiWO*A~|6D9%C4=v@>JhSViY1^hazlXFBDgga1jAm%xhvuitG>EA z*Rwlx)W0tW`^Wa~mVP-pTrlrRhr>^$q%)Z}u)~-?JpkPNiX+yyBGAd}yTg~*e9@!n>P`oq&? z+zKJYk85HjP@~Y2wNr;X(!n=&2JQ3_<`$tNzD^Umd*5ZkSyWIEEE1qL5U7hwxYhp&)9;V&LQ(8qo^Xfs>`eU} z+~DbPgH)2pMy+_vo9n5m2x)TEb`?d_z&^PoC_+*{=5&@|@$c`t#h-K2dcjK^^Wm6< zAR7DoMaYZBvC3@SC6{31RoJ3vyYf*XdYA3)hclm!hCi&2IKA1Lei!)q+& zUc};aBR7k*QlkVgy^ifPCVqAtf%HF@Xko?xW>|K~Nj-VI{eny(As7O(Nv8*`s&i)-`waSktukb7+<)v6&^8FVOan(z8qDo0R zNlBuDKLo;aV$7slxumz9y)ydHZQJJ>ipa_K&482?!}HdAx^-=Rp|u_6IFsH#AldCv zxc`w=ReI0(pP=GseCpYeOj1jnh|dh^>kfA&e`$Ysefyct#jDBMToz8OhXX`1xe;Ri z!?eJ5EW`FuT`!+qKUV2;lxGkfMtS!Em9UaYnI|gAiU%!Ilo3UurOApz63LV+LW?C# zJV!iQCInnN&pF%S+JkzT2k%qc1-S>*Nu^*m+iDLbxwQXpw0DR7IwH%VeGd8mP0CtaN)k30lXEWYHr z!tkU3Qu{^esto^2mU`sFj-3#tEC(37h1R}#(Yc9DO+LiR5NA59_&Go(z*yo04@7f( z64@N!06ZxapbYg=@7TB=J?-;fU_zD5lZon3M?zcQ4a=ksO%^xICRNJ7jiMwx(t&?w zR>WN@;)YrNZ1(LXFoELXmCv8(VocX!LqF(pXRn_m8p-Vo* zqBq;BWp!VLl8hgB73DYI;KH}#d@5#$$4_}jf%Vryb@BEVRBqzn_1SAZEAW@e8FG@+ zkc}~4IltuCI&a%MvWU00NkC)B&VQ3J3ITiM5=i!3&fC_`EcYIPnnA9J|7vTwVWFDniYExs$6@P~+2Q+YsuX(g0CK`)F%3<@!yj(=3)4rGkTKAPRlZ zj=}%}N!AbkEPYKbD~Z!(E0Y&%I%Fbzt?RRl+ZMzwP-ZgwSwDoA#`ex_=6VlUzU0W!BV5Yd2EHWURk=T~p*pzhAqL?7Pscal^Jf(wV*)RN% zA5K%E^xN5^(}9H$CR|nmizuM~xbIWmcYXbY9mj9!LnYzrRGlDY>LVQ34M)g%j8cJu z2s~i`3Zl;CEnFE%-)Qf;Gya!jV3)y^7V4y45F$F(FNv5WkFJme3K*P+SI5d};s%KG z(V1Z$m(~|~<$cvE%rYegt5UXzpAi=mMjXn~%Ye_90rSUlT<*z#lbl`d4!m$A4^iWX zFOE^pl%vDJkuskBSg)hgK%KM_1<;mH;XX-l5Tr^{U4*j(@K(+vTL~knnkaQSRtLK> zATycxlk6p#BEc3SQH&G_&*UM401mR-e*qQhPXVGgq+ONUK|i$TB|2`ewAJeqlR1|{ z6%-T>``91w9**YG`KL~`$*nHwrfEQAfKc{gen!s^tdll)C2}>!VeS3Dc!u)@4~6K* zsdK{l29oJC9wowH!guXOe@uzZUL(R6(IF$WFNc!QawXf!RrUJo@PN*4%>4dzSE}?V z`MAJd*!wXK^ta=Lzu|x#&1VkE=;&=7&=%+-@C@`e5f>u~1jFS_`Wq87;!k9LqDEO& z7`5RYJ5gh#lb4L1e!9>FwA@`?{0Z$&5lF&bXpYhZ}lv@UDO#*4;@cTPK!^JzYCZksN z>6QQU?h(l~QEW^a#`|d|tgo9GdmftyV+MWx{RYRECN5@8W@r*bl`*|$>X|Z8YnO{! zwi|mSGU(0JsF6s*;BCOd7m3G)Xmb>7rw047{N&d@b_#CE>dayf)k)JQr!Gkq30y19G@48H!ygmQ0>hJ~98!`3F zGyTb-U!=~NQV*s95r4Eop+5!$xos^yeM~L)56k+94bNr84J{<=YGPBzsF76Rk&myT zvQjFK{%aouf0&hYpRl6>5ddomV^2@KogD0)wRtV?7vYO#0=`P1qbXh0V}$_KkdUH% zS>-p22_OteS(%Fn;j;ms7d2{(tmc^40pbM%R-nf0B>J+B{xjWIj9*{Y^CxYxUKN7g zej4pQ>ZB7Q4E`ud@a~NG!96=de5_w~0d(@-rTd-;}k!utcfGlQQVg(6LNEHTBL`t7H8O(YE zzvOg%asu&x_snQHc&D`Z50|#!I5Vb)6F(o{v`@k{DQ*{?ab=_9?r#tBxA%=zMV{7I zU%U{n16WC;(v)Ufb4MavdHdBGZDzliet*bCwKMP;tLR4GTq)eq%KplF7cSEoYcWF} zP&SLKk(h43y}VgVm}T#y{F7g`)}@W=jcf$>_@&ncMSO;~c0x|Wr(rDqg|V>lXB1;; zozZy>KgjiJF%tL&U0R6P(?X6b>c8vNGOt~ch{%33ecj|pS>s*pHl|pGD^;@HI3L~8 ze>bvC41zDPW%%2Cv3E6R({$>%dCxt<&9WnC0OqrsiAZ2k7hTeY>W;XqhE`!h=Id4& zZow$B5zblmUx>4id(TxywyJd5nDu_P*Mri)qy^1Q?#M=;bv;fKfU@otnx5*^e??+R zD(w?EkVXCj_h!P-ZPl&%?Np};+dxB8b@3x)GHf|cq07M#jT&VC@yyIFOUu+AA7B5l zOsG=m0oa2fy_bTCQUOOUFz=7PcbmjSk<;@HGgV_K{F2hg?Oek;b$%&`rI0ZX^ds!T=^Pi|U!xkY8rY{86na{ctgG`X3R@ni%7IAwd$T2@0q|`dG>OSdQeYNBm#Qi9r}5 zk$qUVrp=5GMx2g(pB(uP7QgU-EONwV0{m6&?SxvPg?%d#%t?6a=m=nge~smC%`=OFrRYHj{#sJ5na+c~GXl8hj{Pi86h z3&Ftm<6Ic3hAEp;ezPaqL8Vko=Gu^l=e2{q+Jn82z_9drw(%fq;)FdYQH6)xT1I+S z|MoJwk?WJFKaoe{()|`Fvk6l{b4si> zt-~=6=#{{;fyt3erkaKKZ|AN^MS6yenjWPtBpi897MHe1Q#G*IVSW6vhZw-x;ORL! zIUauN{X_w+n31_k%r(J)M`izP!x3}&?EQIeQE8D5vwSBtS=;`!p~PD~#X0_ByJs^G zPQv>wcZL%svoSR-`L$&1EftENg~oiX#K(_h$OXJ1slOVDDRGYPqwA^3Qj>jsm&s&mD?7!@(>)s{G;viU?U27cLsB zF0x@NgH6>2K2c7fwb%5iLy~t?DWUZ*C-Q5yvz&_x%=X+?R0c_61rkr=mcV>Q_*peM zU6I%#;a(K@CRF?`YJMy(66!TG|Flfe7m)#L{$Ox)0v!dqjX0vsBPLKN$s)+j(j5#J zf0V#M3v#ueV!%HDYKKTBl_>2j{C`{kg9V~|Dbi2R?-}DY=TZQSD9+~H5}Ns38-cz% z2xRhG+s%O)i;6%xK?>dHs?$Zsu{}0&aIt1N+=|k=6ulRHXf6ZSW>MKbCCbsam|W0e z+-(*thck_luP5N>NyT0WWGk?`FtPo+<;bEBDl%#6<2RD-_QPH<+sL&pl>t4;p!=gx z^hie!45~MOw}M^}L8H@z)7G)`)fNz>(3;10zELBBW+MbKy42bK#nu$$0+hDShnJg`n|GK@id9 z;%~kc^AN%SoW>0mcZbg zryliJ;kAcz!!4P#^3w3_*)RGOH%-zVhoFt@^0To(JAuPE>`%we-&4h@jLg1&Z4%^1 z8Qp^%-4il(&VCgP)oR&3pOjK{NQ!?|`^J#OC4$Y|Ck8VYB^{XB@;AODMH>?OR)W#r z)?{(a5Zv$5h1HRk4}Ah`ArV?3bG$oFYoAiV7x-OkNR*#O$*CVDQ;4c2*KWJ#&~cFz zV?8hV-v05*+grGKf$0SP7vpb+fIDOnvA2Tksmv@t+BgLGgLZkT4L*I^v}AQcnuTQe z+%w5fnG4o78hN2YTTU+Px@g)gXPfVbC>_b4n%}?B$6~@O-*yL(919kOy;uxpR>fC^ zlr;&cN80@@T^gI<;@#o1-I;rrz8RGy;q|)0q|%Ph-HIAfH_IysRsFB;ZA<5VyY1ShR1tSD=x2$Y$hwh7*SV$k`Xzm{ zs4XK(_$=B^*}%xG91mePKtia=J}y!DPj7|{v!fZ4fJITCiYx$&r4C6rwC8K+&$ZBQ z+|Z}1V4Qwvk16GqxV5|#WFuvl<`#uz_pBr&u%Bm=U8R=K1 zlAI{Bp_7XJNAnpMYA*$3KYJ(te3)d!Rf!MpjHbW(0(?nMgU!pnD_m1Uy?4TH_p8b? zyKK9~qKw@!5$-J@d1R9QT~hoyxLA*GrC$3XnvQBo)RD)Oyz3IAD)ssyj>>Ub!nFSWoTlp7NoGqe~v~!cvjU^ zXXV!lnqzPx@Qe>jA3It0wUDa-FZT25LG6JMiBGdDOdd3h;G5&b**2-ni9z2k zUGA_`av22xKAc=R__xF#{1Ha2T$IK*eg%&lnLigY6rGxwha@*A=Q#ch)7_Hw1vlDrW_ANOk^dPg%Q+M_@N zdQyhv=_T#lh(xUTfA%=ud@FJ;wD-aEh9hjfU!Za-N*>l9(E8)TqkuL@QhD)bYC5aI zW;FK{o_t$}xo_i}LcehlkX6AyQ>y{Nrt0-$N)yF;37jW*5Z~LwX{TAvQ0`~xAixjH zU7=e(cYj9#9~*JFE;??01PZDxig#O$6W9p~Ot#MzbO$gt+r6lU7%|e>1i@WHmg&{L z*||he3Q{hFQ4D)iiSzjn5Am6f{~WZ2n&W!1XiqFBY(B6k2kt%8iO6@Evl%cCvGkP! zo85MPaPK(KBcvtsX=P&8LjIH8!#*}QWlq$n>CJnpo)h*59_ddn4BXNL`j_zEL7(aU zKce0OEXrv69;T#AL^>oSls==f}CSXkfOqAkCHnWp@lqv2N=- zquj0B2*+`*lEdvB+n6Z+`4NTFkr%|Mxh0A;^Y?X&l@hl%@ZN{Zo&txS&%p?`r2wxV zm#bnrHNR2Y3<})3(sNv!s110kbrY&5%1<*%o=|87NMAe#hHZF=MuPktw6)HIsgo*3 zISiX59Wrr36)KjD9-|Z2zj<#i!XtaC92d^^fhiV^QiTacCcwi~>(uUsZb0?w)pi`# zyrN`GEGU|BeHrv(KKF$m`j*Sn_$_wSEgs+8YsC3fx{Qf>IBh`zXm+k!Y0%Nk`-&_K zfY3<-Aa{TugYSc__2U0q_8wqB-LKhp$B#?-ulYkB9$}6e*PXuKz<-AJfv=2%U1VPZ z9~|?JV3qz~MmF19jx$ZrH$N59V=Ip%IWuB!cRl&TnsEwBwf*Nl4U9URl7P^nk?G1F z^0-V$A6ttYGM6G*2MJhd*#@1f?~M?T4M)-M!9Yz}HQadTe>o%Egq_&!`F(6U1nJ** z{dM!=#Z4VQ@jhR~7}ta{g$1{v%8GQj+M(0Lc~$eQAzUSifPXrEXv7g&6%{O9o(lB* zV;vWSzLR|lA^d4ul>$Cn$oJ*nwlwgNH%U2)>TZ$|I!yR%7>qXV9>5Ng)M?Di$$<59 zRYJ?X{15GLb?&UbvuGb8-eWuBPgTu0OP)`8v^@(> zcI1+sVV%{Z6O5nk$!k1Yu`UG@ez>5{ ztQP>fJ9*wZBOhjzlm?6an9!VS$LVq@325N`t8+e zOy-9lc28nQv20^{lxc)5Jkeu05vhduryDh=eO$cgVX(}sTgYc5qHnpUFh z3t;UOhZ^uBnqENTcs98!@x8y}xV`JCeM~f%j_ROfd!R&}nXzx~lUyIilO|mSUN~QZ z@Sn9I&mbEPndVTnxS^iEIh#~Rpu%-l>qx$Dt##I;{O%HM((UOmKL$y7r{yvDe0?N{Il%NNGZa{e6PVE0U8qvy6`sxlmuT_FI{d9P-KQ}fzUw-XbXzows5n-v_=_F z!bZY_792oiYas;SPaG7?6LAtSbun5Rx55+`d^2W>d!mURt%+V?ihd$a`AMEeaG-Px z0fo2t{_OZ;y*vmR87r|OCAweg^ZkP2&4&BfRb+ z7x>V6h8xE{jQ97IF22yaKUdxxKZ4N)emkCo@6&`{lS!~Ijk4L|iWX=Dh*HG+#&7&S zrz_U@^LCdm5g~_CLLKM==~aO+!;mjnJPVL7FfcUq6Qf-EQXE9^U8dNmK`&8*D#{(w ztCvhijYbb;_Ff3sg4`uR`BKVQ!fhT0zz3AhptuDL`l=1}bS8Fedz`cw;J*-!qK#i0 z&q9ZbGp^*DYiYQ*1T@UCXo6@x>R~4?cFw(-jO!;nGcF_+bOMIO zb`2zep8{^qMDcDr4cZtblJGS@A%bH<8ne;~5g@E|e2Hm@g9Nwzr%!lrP((Co4l_>q zTvHI9JpQ??p{(jiN-a7G9K$Koqe$#FsGtOtE6@kadys=b5*`LwiZYlMM+te^HF#EL z_;==ziC+msUw&SFx!f=`nXFtobL-1S^8SN*0kB(Rq;mUwM7?;%y%MSx#*BA|EpOaf+n6W7`m zkRiK$fOWVy2fBE}oAJN&$%!LJsv<#S*4UtIc&W@Lnbmnl*BOlrAnP~8a07wA51JAB zjK637N#y!e;L?%zW8h8fKp@-wnyq-&7>5rSX48&pAMOwIIbfiLc8M<-CF!4q$`|OP zUgQ%wCYnjmG^2uSESVSPB9Jb^VMiaMJSQ2K*y$QZ3tGfA&?1gMvaULwCM5&vI9Qx! zJJKpg6d0n?$A9{SG7|sp^;43uV8*AyIDZ}hb<>KhZfPdVBTA+)U~mGKS3dxn@7BV! zdG_JHDcxAifg%~u4(}vV&fO_UB7etK(3p@Ry^Zq>#qH&6YNXmGg-nP>iNFvBP_!q~E;hHCh<~4f+C=ds3jdLv4R<4b zz@ae_wwDc6(lKqwBBRwHR=20n9)nA^u+V}~Wg4B&RNGeli-m$R^FUZB3ba;W?FPpW zXc%mU5@|Aud1AY}HA%$>DrBnBkVAL0d}c4xki*rHxNy4zF3;A5gymygQVtIO>}KWF zng6pSDXmycm6FFKsv*ib+s<-$)X}-lf={%72VCCud|sZCr|0V=60h$G{a*oA>M?bR zd}Rb6*>cg{Ps-GYv)D6A((i))+NS;(OVU#L&S7TCX_o)VjP8?1E^)>edNJzGu)l!N z%74Qg`@+a~y*=>yrV{W5?K{=a1OdTg^h>fbYI}P&C22}av)=8^;x_~mvvl|CFO1+S z2=w;2@WLn(s+po!$cGUj@P5wDMBe7^loC}a(#&V=?%J1uKJu4(4$;^Ka z)1$2Y%-!AKz4ki@HkOUzd?JO(Sf%}24G4qd{pE+3FrzlVd9z{UazSQ>`2c$Q@yfkI zJC9KtbdZvN$K=d{j{bXiO%aW{S+|KZIJ`X`84tCr|6ga6Dzwb{cATXFvMMcz*mEX0 z&I8ta1W&I|ugUHW-`+RrLAwOz&u|T?x2za>cDAp7Dv*dMT3_XBK@<{6(X-|DqY^C} zX6BD)w=?`FHroSg&z_NeJbMa&^Q1B%fmJ=M-Ke%P0^x=6#&_vI{fO&EWh=7to=4dV z)C0M%q(Fm#Y&9=n$9ycpFrM8m(Cxm;FtElrl?T*Gq)h$~RPFbd>3I0))47 zg>kZ`gvvB#K$i0#V$erhP=dyqD0<-QkN5GhmoIb&O~QL(#f=z-6I&yCuz{8_{pa{8 zU7J8O>#I+3f0e~)G<`WGm?A}ZFk5oR3lUgJ5&Y#lH@pJdM+4UCkG0aciw%Pn`aV!3 zQl(1+w)_7ieuTr-GF|W(8Pc8QK+K0_(ekX7i)%sltycjMCz;d3%4fo9Kn0QDc*z)+ zgH;W%^k=%=sqH}u^q>i!1dafRf>PCp!7Vc|J;mUcK1SIdSbm0Yy$Z1SzkI#+?n|-h zSc&@mg7{VOe4ZB5MF1yFuDQ<_>1#I~rC^cODjwU|lBR}EFM0B2Cs{ySsnej*GY?I| zS#G;o;oG24SRL~8xV*sl6h=eBEHa2IO<-aI);Y_CwI9ZdlX+*|p2$PRZwpL+5RdN% zn%XNx7Ci4-o`G+e^1GTu8<6v@mXw0rYkwzlPqMo0IJ)tCiHzG!;j-#&x?7T*2%!Rz zL{r3LVQJox*^B6v0a-|`EOqcA)SmxbiP{2SeZWXb3ZqadHJQMJu=M#4M|GjqV_^On zP1j{JZ(eX(ncc4}2C%WtCLZVqf zv#Y@5Z=0|J3~mj3j| zIuB6W0tr~9VvZW+h^aTQW(OM1EjZPw)<7WJ?a&V%@yG4O!hG*a1ft{OX7wybqgwgT zri`d99lvs)Y39eq_qW=jOo?J831Sf^Xp@=(>B=;+F|6s00`HLfcwBAyIG~-*32b8bZwq3L^-Z5*2%_no|yFU}&l)8dewF?j}A(mH<_M!T> zzg7uAAiabU8aM_Gs_LctX=c;$N^F}yXdaHB!a=m;t!OneTHahuXn=MU?RqJ+UjkGO z9Lkr^sN?g6p5Z|Nu|G3MO3GZ^#{a<#CqxPVNd@*GA9pIoMS&-Z%NW1{++@u`E{`K) z2FVuM>gSDKpKWCsYGckb&JZ%RadUGL)Vgx8=#2c?x{VM~F!s~EadwtPB<}W6op5I< z`9g*r11ME0&T_c>I1+}AI*pnx_2)h7a=YI|QY6qUdM%e2MMk{|o_(<#bu82j&}bPC z!Dm*natY9v$45cdCxijoqokIJvwrD(dep-Bl~ce@1eHoroBQ`9_?} zav>Z*={6N*#Lo!#a~bng?)K$xD=1Q*yBjaEs@Ex8Q#swb4K4+7Jy(F~QQ2~8Ja~o= zHFVOeLFzQqD3bzFeZBKRP?Ib8Gxu`3TR3Q`7jNrwczV|VfhOB&01v>6mVhG_$hA+= zY2-}&8v0P%$WNWQ`(N7fl01LJ_P2-dFaY%E*(=>{-T?whtZZT^|6r)#H_+t0cyYsH zdy1YlMgZ6`1CE_<9=)qBKq3Gb-5m#XeT5d56d>vVvO@%4P;`LK6#S_&rO$!qXFrOu zy`uEpDR4}dFl0>_lqR5#1rOZcCL(queRADz-iL@Q>xLSi!U)~H#YU#YmLBm(YERm(zD)75RMrl&RV1#6E=oEAo(&f#Q(=C0ij+XRllS!0l6{S zR;EQqbMuVUcQ&F`w}pd*xdFox8^#q1I2RA)r?Q zI14$@dRjhs=*9Cx>pdHDse{eapRu-oHwq-6nlT#M2BC(Jn1%;-z96?XR_$kI^1GJh z+W-@Ro8#$|GmR&#dl9^+D>>`VUq-(N+a_clFwHd>yK3(yUQ7Xa`}#!8d9^_hnhA7T zt!Mw3l~qh7LnaX*EdH0j)5DzqmBim-V{QYm<{3x-j_y5Dc{e#61Pe2N)b`qPG4ZA~ z-~#ES!^cP^l`F`d?v>qQVRdB&Afc3-%m@J_BnDV~8DE+xVLWs`#Cd4jC%&mBa(4wB zFGF-U$uOy-hi?Vv<}}X)7w;4t2Z>-vpHs`bw6YCg)W)Dn#*n0k3PXR#l%zppOdERO z;y|nG;)>67>9~${VZ92zWK{MHt+9L=AVKv#7Cp7ldzKRMEz6X;Ux2IuJNWY&0N=gC z*YGj+i^*?x6-$dN;88wWvLgrX93U6l93R7y2zb0PPsQ?Jzc}*%kYxSLd<58}B?arS zmhO(jV{|}L5A6D$=*6UKdiQ;fD_otnzeh*8$;9uRtnF0qiJoz};$fH2Q7DfnLOa6o zX`Kc@b0iC7%tFG;p`RwFfs{3Ae>9h*K?l=M7s*dIXf2E4gbW#B^#W-{4ksiF+c4mu zQU&j;K>Cl`br`RdH)ymf?s8$L zN*)|Pq?;+JXY&amPTSI*tT-VwD7^%L+sS&_I#@_oz%Ei5{e}h!ECa9}BG-S7osI+< zu_}In+HJ4A$r_{MYdw%mSB`>H6%x=TM_dG|c)@zFT@9tLHS)9f-QCwa4~RSmObZ?Z zh;dBviDMe@9WY^STcA=7V`JJvXO}KhJ>*+VS-Wz$rqyziK`6jElEF!{3TXJR{Pe z7U14{3I~;c`Ro_^)1qbvrq&kYiD1F|?vtw{exBTQ60$siJc2N;?7i9Oa+bNHiQ?4- zPi_BYRDO3DrEia(n^yEC3WD~y^5?Az>`EUNgcMQG4?be(`}Tfdp~UrN0_0~*YdB~( z1&(IzgcBHaL&5%vrjRHWV?`PN`V&Z>cdGt?|NDIi;%%v9TP^}|_JelA-_P9EG6OjB zOIItah$Qy|u;rQhe_H_`NetlYBgQM^!-A`WD6h!HrwbhI`J0FC2Z`jG@9SId69PR_ z6^)*J++e=L7uOBr=j@r*65f8G5pO@H@_Qvbx) zW+CBbp*D^>05gyMBF71l6hwE!37O~+4=|#PUXh!Y%wkvID*W`WKsZ}FXYG!oP_5JM zg<2<@Z_@5D;i?%Jmyl#sFi95j~4wI z^KqBuvTX!{Z!_~{=47yzM2h2vgH*`JdHG%mCySY9^G@3nBTtl zx}3<+U!0rUO|sJgG0Nk3DFCwqDSaa6jog~sdg4FjhWVi71Bb?V{`Pw%2phnLhl3qF zUspR4r|7%R!?A@Ez6B=tT;nZE-YB|XI$>SCESb?srz^`&_4;svIkXid$v8(VNX{fF z>;JR>KP23*jH?|l09CJ~VoIiw3N~t5T#Z~?a52EByiZJs;#&g5H~`G`Wdn^)E9B2T zUMBC_^^OV>AbrTVsfq_0NB~I(NajdnuI@FnJMw_!=TWPxhcCO$=s#&ls@kjm17ihb zFSpyqUq%jq1@4{9C<9UmOng1oPBW%X-u0d!e)4!<1y3LsG4 z5PMJRaBQ8yA8$|XR(7pcM(r;QBXnQkfB5T8l~D7-d%5-gF0}^8V&x)2yI$fb~GxH=ke;_~(NNcwoA zB>&4Hm!pg&kr~^2qz`Q%8X-o92^4P1F(K21*sVX4P-l6RT{7vUB}CXl?UX%A)!zL+ zq|1)3#|x3nzCN!S0r*~~3LSRD+42R?@mp2cUxk$<_Mu^HN6flG?--1KjZHY_7i_I$ zV6HE6KLP6&-%3}P%N|-gk}+(-FP<(}Ls+md&X9dQnz$Fc)lKE=(U3%4jcFY$u0Nfu zEW!9*XV$TJ`{FlUOIWrQO;~7uw^q|jo?`ZGN(lunSv)XXx34B$NZ-wt$oD$aQr5}O zTX$ZVo7)!emVx78%i(c>2(~qQUp9W?G;7#;s2J_y9@`HmTkFO2TC2 zqzJIp$+U++p*BMNcl0nqP3+TO!%nn8!H{XPX?K4(p$Y_9Jj-)|n*#~*`P>UNpausI zm@QoRmA8>I#ADlMUHfQn{+v2Pt1_|Om}f`de@y_5w>}d~ht7`-)(M+#*8urWUYP+n zkp%pZN0@uqM^>T;6kFS4mxp7Qph~Juy9TxKe{=#d(y3qmY}%RrGc*0S{_1W$KB6Lj zv`rbCBpKYwVDY~6NxInn>p^)Dws*LwtpbGr{RthJA#p2-(=CdVrSm@p-QPTz&ZcSm zfb+b;QC1{TqZLloeilV$_m82GyDkhV;PaJPK%= zx0$PrdMf_{_4j*l5Q1fMyCW`xmNBev9h8hV7^j{^&7xYWb$w`cePP2)A97SWRocH% z{5(BtH?3Ju|9p^=q%+4v5-E+NiW{=Z0=aUbjQ(MW4NmPBA?@*=UWpSfW={D@>;$`V@?PLT(_c!bwl?!ka z=y3_%=U;ZK0kOAos|~F7eA@>8pLV&InBF8XNYC{nLZ3mpjTmY)f9V!FchDjVOumk` z(7Hbmt9EN9aeX%ha`g*-=m!Wy7?Z=pS2b^BC7}`0xfY5_fKIjipyk;W`aSeNCn13r z!-R%UlGzy3%i$Lp8w`+P$(57L5z`-3X>6a0``ouQvT`c5oCRNsVnmI{4$Mh2)l$j)yUz9GJ9 z01P|ITj@{hOWY|o;bB^lC-vt7WMNczik@U)J>$LMee1zdKOT70H|%(sab9PcZfs_O zqe?27-Z~v&(gC8F0dL;Cw&UICbPEuLZ73IVbvL|iupsspDO+c6|Mrdq2#yq_U&y@b zRHdK&!K^+vH-*9!-G1+CUx_Y`9V@n3+0%gO1IP(cpzpn}UmbB-AFBI3&6R>t2K6-e z7YuwpT&DW^eb83jSz(Ofb*F8&h@_^dNN+9dXdF* zyzT9dN0y2PM7(C|h{YiFYjFN?ErjQZKv9}7GQ>qk8$T-V%3l5%+QkXhKiK@#2gXqZ z>6CiwF!_o8_|dF`o7f-gPt8oWX{Qwvhf5YzFhZIOj31M-c;H0#93S1@MWrGYs%J0?_livbT%?v>64r`?5k zrc@-kOv1V)EpD@ftcjz}j;N?#7dpgljkmua@EKBr=8uZyQi^tuL*lMUE<0YX4{!xt z3q8N>V%E_0DJvZe$-b3Q@SmhfH3IME)rf^(&1kq7IXB#&NBbXxnNh?q(aSZn}{&Lz!<}wV~NZ$c^7n{_2?0$ zaFpcGtnfH-qw!lnRe_U>`ETC!fbrvv9wZ6^>3`_xX;Y#%e#`d`$Rxj^H)bQ;K;_+F z6X8PziP1o7oDUp>k9b=e+Z%fVXHOIFgn<}@x~SW~{X>T-$bK}!lmjtpT6lN7eEEpL zfDy?mNx}kpfXMU9p<|K)lNs5!(C#}g9{B9>A(g}(27)*L2|peFpO_i#b!}G>9IF!! z*F4%I&cDF#!K_>?-wPSHXga-G$ywTOyJ?}uWgoIXUYE4EYa<(^^SeY-*`4CwAD_B% zxG=a1Yl|2E8BEs-uJz%tchY6Wy#S7#w-&t8=NO&-fu0%6hk}=i0#zSley&yIrANIQ zKYM1TWxLS25DZRT35c>qW9)*2th&iBy^^>T6g9{}q}c3Dj8yEJ6Wd+8`|h`5|~bQ?}sb*U9tAFEF6s`LqTdN$;i?KhxD2VUwgE88}?4 z$@n6c$+71#5UoA2Z-Dw`SG2V3_fIA2exM0u=9HntVF!Vvj1s^1mx*0wT=}mUB(Xq2&fA8x4Eg&OwYN(9(fhN(-`*=Q?Wz=SCH; zw~cbw%CTfS%RyLid0J-w6RX=jM&aO0{{U{Y?tQfnUsz!o_l;1WH}% zw{m~J(sO&HqixUI9xDcc)$X!N+f=chY-#it9d{dh{hNcf#qFFVgVtXtF?uD>bzYaL z;Ia?Mk?lK4)l0#k6aVJiOo!435~S+a1Fwj%=84C_s{6W^z3=gg z7#q1<%Uvy0E5F~K7fDCoKcnfR-n{oT+OA!NcSn4erMrgl{yFR|@pV`lo4A<{a= z!7Uh>=?k{&KsbS-%+ebzZPToVD_a!0FaEN>Y=D85H&To;`U7Q$4?L2B$FQxm4T=qk zUTEyAbVXdR$OV}J`RZEFWXH6m8bQ1TGV;f}3Dww_DmayyQjxE8?ZgIhjO{WL*$>B?*O2GF1wmO-wOxrm~Z zzi4eeJx4+Zj}WhvPfD2EAVulo1SW6kxlY(MKkhGQ7n~qqdM*TmZ8M#cdU^3K(*d&< zT<@n%kxp-72d>0qM-;K`e467pYjwIgc}yU2pE@F^tBzMVmo5?0=kR&9ud5}^-+8TC zsxSrhE)DM@p}&jYzm~NYy6Xc zYI;sD(AFCYuq%-yh*sf-5oFZlzcKPC*$%9vG3PGsUHts?)-n?OUsRWZ-VVHDOF*|2 zoKCkzj|M+_3+uY081a468det}!wgS$U#I)m<8Zd z090}1GC0b8EPwFb*ki=0gVjJob3mKB1(|&*gBKnm4u}2Quu>m)^9?hx>a=~Qo7Ie4 zq#RB>3MR?5<&AM_x%`aekDpn8NVF5A=kV@t{mUWawN*ZuaKCj_3=Qm}#FDFXW)^}vS7e@GaRIb)8!A{Sguu5{c6IuoE-ssOnD66>F7Tf%Jo|CPOyyAmqfYcak?FT zyn1dfZ1x7VW-Mx1EuRjpm9YF>~5#FI+lV)RP zDPMYSTbwRQ`oD(O>U%FXxs~}x#OGf__JuTZR1A(a ztd(IKoA{1hxsF7WZK!*@{|$bsGy7owmb&>TBEio7>iF@F-7ERJoGan`6$~f@Dt0x+ z->)nD(CgUMyxG~#UiMfhl%}JQ>7gi3BhjU^W&El=sQc7gJ zPDsM8C-H7bb2U+IwgmMmrqguaIlH=NIFbWc+wqD5O4Bdjl18pJyw5Z^ylB1Rh8zZp z=rC4)iK;3~gI{^T5-vAfsULS4qv|`-yx}ElOeB9gHfGzkXgRa5AaA=?g^65pv>AfU z$2RmNA|rY{JcIO2w>~7H(O#mh>g4yZIyrvaNDA&!`p6PCVYbH}_`!oo2iSMaZ>2dmTPsA^t!g?qRe@cFu zxWKO9dYoE!vUH0O4NepLGyyYHtbTr*V@*}Ki%tYQqBDVS%FpB+B|2cAn%MHA)1)qw z?p= zbIy4MU0iNEFzQ0f7QQ-y>V5K_n4HHf(;-Z8qpHzn+hrhkzm8HDAWJyXLLce#-rHZ^ zTUGhm+K6@hZy>MC{pq6dlJacqcK`5bF;#E|e~F|JvQX2RL8VEc+E~udTD4=YypH9f z?tuwjb*u@~ZZCc!)$QgyX7so-MeIVD9}00XM`#gUKqUh1J}1m=-Ey=LwWo(wF(i}# z6O^H091F`Ht2%ZLf#wab=dre6BI3-hTjLxUP^|XuHBGJwHOGQ4n59a3D8e`AM`!l4 z;RbnC8du_Z;2U8^s)>gkQC^oqJG2LS#`RS^U)|lf*-TNx(ZWC=x)3oW1oz}?D7Z0; z(Mi&*Y+NBdhNVcsx^=JoGEvxx1F%2qW-9$wdk3p?_P~%ftfWm)O144fYI2p|Mf-8b-EveR zJs68GYQb3Gad8*64(?;V#k$=KXzLbrD61W<m<)a}6)V#L|4~^YL<_YB?V%FbZ-s zX70x5(o)(QQM=GOuvyIcRc8?Yc&bSca=-STq+vgDk7+P~H2!@= z?Q2ns;=q7F<}@CZ_74zYMUTsq+e2ag3wtnpOA3=5?hOI@>3QN)sN&-o`Pq0#Ec!Wg zZ57M2T-i935jefaO6MxsJ*+oxwMzXe6PG>$F~mB3+~0>r&$fC^@Q zpqN`)DaH1|0W!|dG}@E_R!;W!nX6pSWA)q?&aWK7NUEYcEUJnC&tPScdwR#Ty?1)H z9l5K8T68tYD^Pz(t6#mD^6geBsK!>)=xgL9y>#>5v1JxER6?#eYe>aBa-B}wuybX= zJBzu)m4Gc2iBc$%$eYZX-UZHjz^HUzkQ9b2D(t}>$%f~E7>583%wSae)Ur3V=Pvs* zpnBAxuEP1M^ww)8&4SZlq+8Pw*VK7=u2)C9Wb1Z)!px)xEERX&V5#;{qnr~1p@Rxs1@wFVsrNUFh7QMiQBD_oKara!K8rW^Mg#4%kjRjBJTejxJD zaO}Wlib@%FRzo;qmm_U8wdy3)APidcB5e2I6e7$`7=iE^o|vz77MPbgo5-HN>-(jYJr0B!cYT=U&KC;HPgC)pQI!Kq z!M*01raT-Tg!xW5rCIsKOAeo8iH$N-mA$iX`J}=f_+I zaDvoBgav1siG@d~h91OEFRg9nA8=Ub8Y8n zgC=&rcD|3E?jCm1znl9aT{O6)YtsP?)3u!`yHEKGJjdAx$G#IUXC7R+f@Cr!#jf#g za>Zsj-RtsbY4X_Z=PnX+s=mkht&wb>RNnR0*)n`#)Alv zO|{FThMaPVnb;pk%SX#qwA}kNS!Nnh;)6?ut*WNV{*Xo_(8Z~{fDydKDg`b35r`z`bd>MR;dOQc*+|Yy|BPcJxs~m4IBR`e z^Q{e5%~`4Ssf&05!{xr!NKSH=tPOg^2_3@)p0|OA91DV@BeNacF1y|Rw~w8*0ZKNe z*KDC#`g#tIFF1eQ)DX=#r=6UhOqJHp z!pSaY9@e(X89cOl<$8Q4aPST{DGiOCAD<>!Wv{K5Hut;b$pq0crzfQ^Fw`@s8(W-J zV9F>v`VjufnZm@L7gs_;S*@4$8)$#SF5fgJgulcW4USMNP_wExpWL>cn0@(G5uyiQ zG{?t5gwb|(*ETer{(!g)Sw#R}-JE@z#U@@?(OAXqslO*pRzX3~KiztZLDQR?Ac)m& z?RgEmbeD2fa@)}4&hK(w5p}Yl@${Sm&GkT&5>=%+B=ERFTZTdf{`qwVpO^_JWblcR=H8w+_FuGAq{jWnJ^lLQtzVI}N zBBm5nkcxmdCP$NrHH8GJ(5JsuaQaBs8Uai@4nPH+kp&YtD5lHSsb>KJ9*Kz)BJQ8x zJAJ+|FUn<)lYI+H(}_&pe-4Nd>Q$NUZBue(69#p&puci(LI4INz}X8NuW9f|S1AZD z%tethlvfz~Ax{sik-xhT^`}?fHN^%R0%TA10zt_VT!6&iI)QT2J?+4f`vh8L>a-wohu|o63j>iNX=VJCJ2dZ``_=6s@1fM7LQTlDmf2 zjU?d@9yruFy#{Sp`oy$Hgr^sC+ua{)<|edJeGVIt4XD@Y$ISxe`TRzpn_x#M z%J`OJ?{ML8oVk3baeqWb-mcG~V;{L`rWcXX=J7M6f*y0(mH(;*di@t`hQ@9e=f>ee zupli-kYQMT4$PBsL^E_BSDRwzb|A%-Sj7^0go6G}y{q%7jL-Qd=N0YE8pIPd--!wn z9i4@PqdOd9teKdk3fs_VJ{%u`=ki}}O|t@<{8-pG%B6WATQ{hhPj zhK?7;z(y#7?Rd)}-L&y`eR$L1II^pbyN<3RlL<3|g_jiWL*CeGRh_{ zw#JkAsL_PIKFQRr@_p9}<-c|<+l~Xo(xSnRsuP66&9>R-%Ojd@O zClh4r{wSz`Joe^BCE#mqr%k4k88Epti+5v zHEc`T$Q8}9Iii_yRM8&jz9eYLqw; zuR_$}Z$NW%<;F6AtV&T^y_>8RC`DU7UrfSV59!Jf##3bBVwGrB+L#&h;})n@VmO@& zpg6q|poxv1cY@C0e3_Y-pz_5p8mj!heeyybU!3V1yZJma@yl~d6U~`F_V*SB_}L@S z#c@4$3a7@vUZy6b+nd|vdqv-lm6-XA|Ldvo6;s8P)qt}bmY|I=_>dt~1Ft^+`yz$K z#!I@kHi|4;+L^*G@hf;Tzr$+WF!~sDS<m)|*GrR2SOgV3U%x7`L|8UqCqPH|3OzoMGMcYZ+bgp_1z<;v z9k(UxkrGS^&{1U8`wU;c0rh*B7}bSs&aOv*Lu+*>RRDG!U)_L=q6U&s*#XPKF7QN$ zHlMM8au48KFMjDTMKdS#IzwgfP3sT%2XJr9Q{TMl+)cdd>z zHCN*FdhfpN#KfW&R7gIL{em^uDlrxW)Mf2H)YyzBd+fvK@&EwS%vxAc2oxg*$IAvZ z*!VZtAov-eKZ$x19J`MF5kjS?^>@gfg-rb!apFWv6^a8zc&Bvqi+X;Q;< zcW;&W3PTAN*pQSkKJJro3$P6@cp&5-wtK|^=Qr4lMDVEZs?!$e|Wk=0mK(pHz^tp}HT zc+gPxD2P9-rzKb840-w(LHe41pdeuEH|S5B`s0x)h%TAe*}oz2^7GV}_96O-%=wC7 zk~f}&+gF_JI`EM=5l1pscLBGU?kOX#WR?_pySJ6thV$$@7u5(J^76wh_>rS2M{$A* zbu7Skxx7aaJOrYtIq*%~OcLU<>{iE(b92Qmj+KfgxtbRCE43NVH5tzxYM32HC4ryV zZ`^nbuD%V2;Qn1~0Bdh0HPvAZi>v$E*OW&{Xf9`W7B|Ul=81Lgz?avHu-5P&> ziJ5_0V4}53tZKZoGpTKSQu%0aYx-5$WhPXij|R6Z1Z&+UT%Ic| zD_8j+2bEDQFaY<^#e&Vy$dyJOgV~j@Z9SWIn+$mOSJbqAp=TjXtk;3Yy$kINcmdFx z{hlB^y@3NBv|h`{J3KvxC}24_f4ghc8z@Nb#N z$4F?hU$%{iwd*Y+<>!9~?-o>+Hq^2?DqvW-)$DK=QP^zw$a-#3Hb!2Tk4Rab5}gVI zUcZUGxDiS&UgNugO*Rnai+GTaq81tY@ z8*inRGx{7q?$jsso9bH_62YVlHBtwoUpH%(;2m%gGr}(SHkTWRhksNzw;>!Q-n{#3 z!b*Tq*`>5l`Jbu@<-dD&P6?-X4+FldJ3<1271fN#SN|=Gj)R0gun-iJ zXValB-(EW3Ox3md6&4Ddw?7D6w?BN~bhsaZ+`JveZ0(SvRj}I_?YQ-PM#rDMa$;)` zJiu5xkWH%W4SY*{OcJSU37Urfruzs1kQ^;7s49OKJuy%!`Dc1gOGy9#SI+sqRLOmb z9@+2Rc7(?c>3#P9%d%ygWmpB4p46cRUz@#BN7hBkmT$}Cf)6RvN{`q%lEdYgc$EHe z#0Nwr?sNRxbs&g91RwjZ{AJ+w*!~6B+;KTSGNk`HEX=Sh@iD(5d3J6#wC6lHC6rLU z{+IWJAffz>L7zMqfHL~X`gQX+J5=PWyUb6oxl$sSAE)zp>}wm5SpN&17Pd|wn~yw| zNyan%mj}T9I7xIo*~DqKNG_@qHDqSs3}JRA}felWy>a6)@>aEw!oYqn+&!7&EXn~HEQ@^N% zdri4@gJ&RL$>q;GyrRWA6;tFD-5C+Gh@RI+pCA&Z{$dYX+epBf!ukT|BYV%8E{q|gYj|CrPhWcuyOPSWw+hl>gpK( z&XI*w*+g`|2_YHb_T==kzJo`oXy)hv+w@mkZR|ysUj!Yh>(~U@`~D3w%vwYaWUtE)`I};}~a%-^)lU(a_i-tc77Bw(g$pLIeg ze{XR!VrZEAZX$;epuT;2dc8rdt3at<-;z!8g~T<|bNIP#o;ziqO7xe19+}P~1RUIE z=ZXFvH4`ZJ|Dp&&4My&r6nBof`u%xgwrt;KyPCNqFP+UvhY&`GnK`DnHaY z7BXJzIM*}winhq=j(x=$Y#+fxUorfvbh%Z>4iBE=|`=krWKL0caX5X#R zGv1+4DCLn5UZV?|-7IO__%U?1W@mMMbYoCnvc75~Y5m*=*jbHQ9Tn2#)1{(2#g1TY zY*hc8540uSfw}GHo^jG&m1}I`iVs^^TAii|!tWKvHQGGyH$Ogi9FS@)-qEAa)dfuR zr0+=CQHLb#t^r{uoB+n2TSY)GYc<7P?q-^m3&>iuaJ*B%*Y)}&usEtIKs!F?^GOpg z4ns*vj{EG<3n%1@)jR(@<&Kl9qd6*gGvty|?IBXKzTU~zb!N+bx!GTWL3h8y^}zOQ z=IpKt>GRy&V=yr=AIo8Gh5l^MELq>v^PCUoX(Ksmk{D918|@*f+@CQtbUeNhdnwWkv4FA!U)c5Q1%LCj)gP~DW#e#f z+LYJH?JVWluD#fSjQ6*$4X(58qKC&lok|!59`90M{p2I?N=kk=*6vGq@n((Lm1w<7{owtSO{_p z8fzDIyaObBTe1Q;>dC}y^{81gK32`^xbk^Up!96X9jCAxCE^bXd3|XuB|AC&2jdNI zJ$WZIWT3D9AUd1K&>7ipj;+s&JQ%3m$w!p&@`BbJLGRvo>T_}3o9=A(lafTrKxo>v z;~?)n`#)$XUr`9!rT;MyBll93>B$}dj9FYkS-J=sUi>^_{pAAY!WSXZ$IK8&g6U|C zhKk}GHTfd>Q9@)mR${wc=!8rG01v|t+IcW79pncPK#qF8A0Nx^G3QQvU#Y&LJwIL{ zdm{s+1bH=%ut9*G%a90gp!~7hgcS!Q zA2WXvbM&VO7E#Y;G4|M`5ii!HKwGlE*IVa@l{ z-F2!@Y-fRv|FgnBbMXoeU7QT7tl4LPA)dOf=%st9mYtDV=@;t*h=CHIdjrXR2w{M_ zfwT_QY164GPoe_&^hGOzR|?m`%lrsR2iVFJ&kkWwn4-dzgAnS;!ky6;Tf_^k2P}!{ z+8mhrT22N&2_5e~nZH%KXxh^hw)SHlMD#v2B&i+{ge!84T1dY3~N@h!R zBi8CojvYbi+O#w>`2$-};$```^D%pj+sTR`47Ds>AMqO~a_U`#07sjH;Ev^20-w(1 zyDB~4nt@J5hR>Pm{Y)6!>Tund(;|;gid6m)7f+*NzaLJas2N5kDkM2$Ni1RI1twM^ zPk}*;g|eg1cHN5Lv)Q}+keEw_E_gV2wZHpnrBz7(aD4jdN;m#PZNjfRweaw+DtbCT z9@YF4zC;g|bInBeK-jbyvUpfipCokSHaNZwkCvS|IE6m~(jkDk5o7U&hc3d92f2Ba zT}e<)dug+A_jSi3Nl8D*P`fgpSMOc&FDP~*TXq)W8KQ=fbWSXeim1Wi=}gru7$dpV zxx7_D2~bdjo#+A6ZLiE}2mF;0NqPF#1Dv>PF|F^v9UOWI`H@wtJR85vkax|v?X`Ri zbLo>Grn|V?EdgGJS{528ROyg1smV}x`dTJ6X_}^dE%^$6`OR zVRp7NQuC&~Yixi2Wx*B8qb;i+8#kZ1UKJjYC#yA{?1cDn@woZzVHNR4 zXl@pNa&N^o-W+GjbAtn1$)tJykps)T+Df6dNaWn_r>ZY1K16*?Y=K!!E|d`Qw{zS> z3zHt<9g)wX-!ix%jE#mAuL$y*tug5&&Hp^F%lqNrpW0#%n8*N$POHs12!Udb7Pet{ zkBW{w4>w(o&u?3T}OsbTNVx^_M6k1HTO~zSac!Y=E?HXgIP;I zINhvK3Vh{;uwi55er@%YC$K z&p4&GzcQl587XjyF9+J_N9n;)nTmM zW8S;Tn?CcfOb2L(+ZZXX_m!_orNeWA%`|p=y3)@!r7x$5nUg(ZyP0DCSaC*s_WLwu zDINrcE}n6p(OB#X*wnX|+5zYkAK~V^CjNDT62X0tFm52}Q-+hBI?%>(rCS>r9yq>+ zuX#=va)|Nx?NO?aI%>T_$`81_M0K=Gf9YTSGn4k>iPsoJ$={*`AjtJhy#wS>vMi4X zPsGG>-TL12Rs}a@IGcDOA=P&jZ-Lq5FwOH~rTXFs78pqQ1I3F3Gikxn=7fsSx72SW zN_m#z+CGnFY8skQFbAE?YIY;lFI*_;zq=eIuA;qNe{}{;V|P>Jmddim4Ibu@fmUph zb#jkeOi*W{mNJxiVRi9+W_J1zGyhv)+t#;Kuep#s8T6(IX}TWQ=AX_DG>&@`eoChw zaGdk@M!d)boszPEzNQyK{Q?Q3pU4T{w6lQ6E7W+~rTu2Hi~6q+%El=Ry`X~#u*!6v zlh0^9Cr_o5l>Xb5HkV*3eP)jmPZnWFBQr0l7Gw#52Dk;m4)A#rsb4p~3lzFNA7AUZ zQW@dG2;i@P4{+=q{zNTo0wbVLV9YD<3_vO_I0<>u-qy9{yTcp*9#e(4f6SHkg9iKO z@#6P=Q4PpmC+8nojaDC+>C?Y}BMi>{WRUu2j3;_qwof@%-e)WuidS%7Y{C$uKo&bB(9?=d4o(TI)p)uS6w!u0Ut+N~W3j6H3Busn=rBR70noK*R>6L<-gakvwZ@^!0%1%8XYpO1j==3<$I(sTLHSL<`Y_@kh5JS52<9Bt1>|g0~ zeJ4qI8g?~^fUiR2AIfrp=j2bk@>mhVyVAbI&(rDB!a_`Mpe(hG)-I@SZ+u9QFn6M zL8yOw&@ijPQ$SA3Qva4*Wu9m1*NjvZ)A@P?>I)K=g~mM^EBZ<3xSOTRJsgI-{FiL% z-X`*-4zupT6mRw%noq0SIUWS_SuRX`yK-*|O^w03$J8$x8U)z_*x5?~5&$JlQEqQQ z*_bJI!YZ;E-)u~f_TO^kJnx*z3k<~ZeNL#AG-PZD)CgpN(@7qFv`7HAV7Pf+bd2T; zma({5_?T&%#7qCP#6Nhs82imvJ@;Gi0f$Lb<5rUXhH`{O?#V`ZEwT#{RC((ZinyZA05hioeWvv~*jfx3l#oD%WSr3{`?YTSl5|yb zZ-4|p029pvIehh+!vS1eTnK<_qfGv}@RFIGGK!S9EYU5*;mjNE+7QqMKL+gt`o}aW zhK3ec_Y}A0wBn#8I^^06`P&xS8`;TjCB>q-e&G0`7Ge;E8tmM{HztDDzt984r~bn7{y1sz>p-ZINpzbFdp zmPbW#4lPp6tUaE%R8o?5?J}q5k#P78mH*6C$<6%vR^1{L`#5mr8dNawbL~_Yf1;2e za^%uiFv9~AZqbm;U{No12G9m>g}TCv4)PHGqL?tK+y-FHtOHt!p3#;L1kT;l*%d+H zec-sYb7)y{TL@tmFllg*zSt4-j zuWnCNXq=Tfrl4m{H&h6EN(=2h=5zuKsZE=Na=3?nHi>%MoBrNG1T@_m3HrTO)JN-|M3?!P0pLJCsQtoSFu z^fJa)s~HNNt@LNDc41Z2*Q86xtE`E(`Yi#^fO0H`36-`WeFb zr1*Q+cM94_oNA?kmCycVsUX=kyEuXPq~o7`1s4nKN#f&I{~qm{ZYdR->Cj*zdmxLt zR>GIv_pPQHbD!*6J-8gFr(viZByELGhiP2d&4n+(Z*e};b579~iDD$n4-AIL3@`^jt%vd*yQ@OBSGFja-~5 z-3$qL1L^`V%ySiu45_blkKRnh`VgcS3YnJn6O~0-q(_FE(zr|3kKec=G0GSg%a#;y z{hqZUvqX*(XcVygauHQ-)4x7Nh&#FzoNfXUpqO?4A5uo4;|M4cI;62o1+QRhawhhnW2=j{wc)OG9v6@H@CmK(dNC7>`NctVHm=<1UXy9>j$8&$k7kEDd&aIYSeN(g;q+^a(dOHt>vQqNP z(v|Fb-#fv85!5m8}OvtUzISrQ2eAQ*iG^L3e@z!>|)dK7TD zG52!~E~gW=|19X*5Z$9Tdsmy1I%SZ&U(~tTU`9IwKdPM*_?xHk2d)i)&PVcp`X8UW z3pE!2b|4gFLIPmT9b&#zI3*-JY*(oh7NN*P9szEn-CN@_G^rl!3DAsLA(e$tKV zANL}UXaI?zyiL)QT>q$8enefT|1yZyP4DCs9tlk)_IaPd(^eYD{KE{vmQP1HpsE2f zJ}>lVR%7O$A=s%+kt- zLe{r^K`mf$>E{qF(7wd-OtMU>Os}#I-^kokO#f&ONhX}gLUyOC!}jIWg9DV(A?>Ms z7Tk#nI}-ygHbbkH1mm}c*f*t!(G_7!r6c4Qnm?sY+kL;m2zPDBW`RPXQ+iJi+q@fr z^Q&^2X1bM12#K&E(Jq2Vu5>lvQ6NqH-+}MX>Yt5PxZXfajC_&QX;EmWKS3*!EGR9_ z`h9jw8;Mr>c8`pOjLcfOgb2T?dzaa`p5C~QNe=|~gAcMS*$jr(w{_8eq=gVt#b2%X zr@p9TO2zf~K0NpS=IojsVPOx@#TQ6<_As{9oXGp6iOp90 zM7)XE9NHg&Qw2_(N%eAw6tRhct2TckI&nmvwFTG#~#*5f-@F;*`fl;NOt+cpJE+c zM72^-&*Ilr2VnnWopM5Q*^*`ZWqRF56VGn35{Ey`dkv|&#Ah7vLZ;Oi{uiLF+@UQc ziSCx=NP(j^`fB+3O}HiLCf4{%?L?uhA&s5#0|q4V?JV#YUoL3*WH1;)JRRL~PMJL> zxM><_Mg4Q((vV$Y|O)7$;6N#QGs6?)E5|xh_{MW;MbZ+ zy{KQLX(vRpLx}eC$9z`gfHw7NT%e+>$;FIujN&%mbzCo=!vD_1V&_@o)9WS#$pu#|C8X!KbgK9S>r2!x6;sw$6S zUZ-(fBJOj7q>2Fx??sqBTW3((CzBww>XJj%`=oR%YY|s@m5`Uh=5)1g7^Mm-1%t6r zwxPbBdnkT|LXBVF8r!I=PD%pbLT0Ezl|Q@q)Se}=zNbO6p*EDNUxfa?OHZlv; z2p9-p2hPELbSOw)WyvS1-D@3*f=(H)(;n4JffoDc`&)f?piBVdw@eS^PTZ<>gX(Sc zh?&M;=nO7NsJ{!e=(@-SB$omTKV?ADTW>ER*>+<5nUL^vpz3dnaKx)(%NW9FNB0V$ z{>L8Sy7^{%d9>pd0ty01BNq+@(274hYfL2qK6b2E5Z+Y|&@jEOS!P8LwL6CYl?q{h zr8_>ANziWZXZ^qTs88$4#~apclAlV*_tUw|5mF*mw0p0j-ejm|jYqvvB~`VkpnY{E zG{bWDDhzuDT82OS0$7K3i$;rLeeOi$sXG!>q2hF8p_I@}@DZjc7|4PA^;L**Z6H8tF)o55|2KPO*rt)UT#%m`3j6^tj=_sT zT_+(Ln>fdoy-J4+i5t!tSGkJ`U*0X&;#QH3lKl`X5(&Ya1vlsU5VD+Di;t*c%`Wp| zJTFBmMV0KaH^m&1K9A%s4EE~0ES^^~<9XdWi+3QhHX-~~yw)Wav|l6SL1>5q3PKEY zy1P#QU3%`$ht8ra8GX3q6G&4}%9e=1phw_9O5#|J7`Zf^d@DB<;w-eLiR5jkqNx+$*V zkY_+jUE&|RJ6H$wBd7%x_~qG?Uv?=6XKUv#+ZkH{8Kh+E$|{!cG0RG%m8_OtH|sR% zAQU^AtorB?UwA?XQ2xq&3SL#_P$Q@UH81wup#SN!$h#O)tPCia_t(y7j%H@67XvSQ zOxw;tb$n{7SGQyKix*p;@|)ek3hi$1{qAoxSaD$ka%(z-ZES~}L#GMFMY!Q%d#J5- z&seN=PfwsOEA9cOM;J)`l8+)bsR+g@ttfVi;vQ`Ikt-oKKn3hs@0jd>pYEQ!UJumg?Ejok!I(sA$XlAlYr2^)cXQcfMz>@U zLP@YnFZ0BD<1XX>?P)t*bl}AfqS=~cQ}wG2{Z7sU1|XgVeZn@#BS*%3l`<_|LJUdR zZ>v63Gy?+m=c3il*{#22lUVf8?Eqy$2=#soRO?1stGq#>HFVjv3Qf6%!iCydFWc3c zn}>4xx(fPDuqW-T#;K}-DFPu~hAKnGhuciN{!8Aq@RQ8?4o*Gc$^}|H<*89EazO{X zvxqXgIjEVLJi@uF*FMcrx1k*-E1*e0hOU_u*)5l`{ZzUBBfIv~#XucV8j-^{{#w~8 zII85XCLHKO*L%(QI*w*2nqp8Z24^FhN&Z~#W6L1(%y&xVijk|_yDCrV)E7sYvl-G_{D-Xaf;1di1Tz6$0J87ZY_snf zt95Pk;Aiv$%#HndT9b8OU&}RgoxH=`cK#cR#A#Q$gRgvh`57eJYF~cNtMkUfVPD_k z;ufs;6ll#GUjx-w|NZ~(b%}7WYK8}bp#aB>!si7qR`Mmg693_gRw~;XMTnxR$7m>U zM~u#A47#yI6GgWKLx#}GI#oF*DEO1+s=^P`BID2H?yiQg1)|%do-F*XT-)M2AFLh} zQXJ73zTgIx7JM-N*O`Grk>k7@eo#_zLo8&(o91^W_nxZJxDBtC9NM&mtKNtKu4G3i zF!b@qz!)%tj`N%j+g+;*J0tmyZkqx>|CGSc9;}+wSFVlYiyek|*Kfk%8da~YOON!n z(wSGtrc8diB>2<9l!5E`7oKp1=S|&9w*6l%iZ*^djO44tW#CtU3`K+S&UAPw2X3LQ ztx*jfFokmg>z;AoCm_z>I4g3U=(eYwE1yhRtiHW1fjIA>l8VDD|GW66oKlWJtP`~` zRr4!H2jcsJ=0E3H5~;3x3>0P<4}@G96Rj+Ku_x7EoRF(QY;yhcwUCm>LpZWNAN>}q z_fBRK53mU-2oV^#ty{uDLG{-s_Bs%ZAD_;7=^+O6O6f{Rk1uF@kDWfHnfcyrhBt|zw5N43oZj$2BW$sm0$AESCHLlpz&U)T@G(?7TJBuYJTwHr@&KFgolfbR$5VBSRqmApnb_%pjX*)a(?@={mF<2`Ix~Q zC6kTsl97z0*qDg5n)zjQ-s#uD{o>KxKC!0cETUp=o*3Vad92n}b^9H~HhT#+_oKz% z+Mfuo(>9_1gLYU=<71U`A~0C>2wPWlfB4Jts}`mRYEc&dkWSG^+p~3o)U2#ah<5|a zjgI`~+UOVU9C^}OH_&i2z8Mow)0j;pDanZbO2hkVl@}0LR7<2NRaE(9nJcDa@>jeg zDx{)oY^cOyx3_yKL-~8E@`A6>@=@#TX9{}L>^egZRwt%8ho{D$pKR6yND#r*^2oiz zQ7+?^xq)G|4-l*p&?H+&blmEQX8Dr8KiBePov)5-$OKHgVg=z1AXU4 zvIcbAC$iAL|9cQCH$M*sV(@b=`N@d;vWs^|$*s+WAlA*zqh|PI16K{WHp{ha-xSsJ zl48$%zsPF0+e`m*F>JrAyhF!B(Xx{{sdX|gXq-HX>V&Opc?aP?S=jI8Hj#3|oV@RSW?P6^Sekj!Pg2rtr#PjP5-E06 zwXwH%^S1Y0ku{6vu9tsK6$+CpF%043!~%7Xm(mTaj~}pgTX4a_dfyx*%M`fQ!SAyE z^GcLl271u5MX&REbeno5sbjgt$2T%H%8<{N64Sd=^D?EsP=iC=AHfq>yK=xxeCa(8 zrO)Li78dAyo%*tkA-at|uI(Ls69?b7z&G^yr$h4u=MbQvf8BZzxze}n-=z$@CXSQ+ zK1#sJV0(HCgDZWe;7}$+>NyNL&liWL#t}8id2C{P4mcOSQ3xUEc%n&F|j@MRcc^*sX=~;wT zSC&jC>3Lxz1YCaOy4WlS)r;L)s3D%e7}W4}qv9l`Y2vsKvqz%5+QVh0W5k;Z^tXDG z$CF(-%>oYFZzw3nT|4QfI!0=FPM)p|g=^uDh8>-5cTVlNqpe9p%IHxu!bjNl%-Zv) zGBWt8ilxD924823&4u~m-{(GWT)f;j z5^&VFb~UEezZsM(h3|h>@R7`xqZX%%dK*Dj}{8@AnEJEQ~ z(}O$NJ@jx+H?-CnqC2KHo0FSjSF4L$7H%@9*5?gVK3T=LTDJ;NWA(iDt~z`5bMr@0 zv4u!_QrriXc`gwNg+#Y$pDw6y+l_eFiw(a0wrW&QB5*i$KP$C2Xew|yH*kB>;qOgf8`aAy;c7)gS$dWS8BzACWwV3>Gmr<%tY7s zp%GY>1NP!0Q_a;N?@cj@y9`|3$Ay{p>nE<9L(B4Qppcnd5*6O)?v6(IkYrx$>gx_v z)LE5xi7-p?p!Ml8a5LA}043?>fcFk!?a)vB?G8n8S7E<_Kw`}}?da1Z^^Jyy;tkpP zC)&7pwt{xIP7k`9U&>`{%*^W&=BMN~jVIHtj1_rIJ@|Z=0!d7S{<0=CjmFTeB}788 z8*c@58lQPdo@6Aa4~jhkwg#`@kh5$!LzJw)PS6czpSDQKY6^BT754sTG0N<59JAkmc(qmBz#$^Ar z{wy$^F1Z1$l)hC%ctl=5^HVQ#lQ&^l+Gkmo_A9?A0r*3W1$~slH}lfe@|LHK&EE4H zoEX?sW72d-Nz(SPm@aXuUG1vo<9ZCC6gPVw|ov-a^2)5BN zrPqOt7v1t+VD2(9;4e&sy6A>cBN3wjL*AT<*cKLkZ&yc(?5;D}SX5vRftqmuUs z7+RPx*|^L$`@+s+=dke_nS9T=yN?jE+_x^h)~?csKlHGkn7W~e-y9fl;#92ksbY`H zKD3fx{xe{wqQKimS8YTNBgF~N-YS`J*}2=@9SaYdaQAM)?v_89Y@SHm+qAH9SnjEwf#f(q_i zBx!xA{A#&rbIt@gpo@^*4z;kz3UKNl#!Akbyc}I@$6cB+3THN8F$ZWIJ@!QPQi?xR zt{(`k9nE=PNnvxnk|%mOfO=qMEX2{T{>__hM$!nl4Bf2G-RxV$yIfA~5J2q^Z`Bd; zI}30cT!K`@61m@dM=n_UYdQ*Q-uSH&?bezb@}gC%F>L z94_yM?s?3Q)yuL(cP%>gB=88bDvyC-Ft_+i)?#ZAdA z!tV?1o9;(GSP)u4`L&tbI)zBdb0o_$Qio$85_FU_Zhl}Eb}84!BbT2wH-Myo?y+Mb zlaollP22nyz}x`8Ud@Zl#04o#nv z`Kq#zsdeABO(;;KjW#0Em{=gD%!B8&tg?c!Ixl}j$o;S$5p5{8Q zpH7P+B*>SvlUx84Hx6X!?z@a6mG*iak9!Goi!CJ=hi*GeP@Rk%!Fpp)=^OWtSi4w` z>ANotxGvR5YI^YRxzy`-)z1?!Qim`mwoiTgF5t6izL&U;-QzBNd3mVP>~^x7#a)6d zON+t5-d=yvO4q4{!Wp;ONz0yZb$=p^jrir=&Y?@?NN!%HKWKQE{);AF7?vn#Z6U0d zl*IEjjrykrNMru_%i*gbw}G26b+oQH)D5D$kHb*`E32I2TW$V@n_AQ!D@Kkow_VXr z$SPDw`aP0Dj)_>~=3E9l0eCl6#LJeslQ)Ki!BZ-GjoJmVcxoSZNDM9X2ZvWAT-AkN zU%to3t6eQrF=Dq}AB~M=N}yx0qQq9?)VwlhItcPwT;WCX@mlcxV5zT)80hU~(iIaIa2q1Z@GEj+QNp_vNiABk zK$KQWT}F9!ykI1oq3U)tR$sQYn?Kp-mydyP_i*nTsN4|E3vc=#8s|<7gEB5Dktivl zBpB#ee(V>F8rR0BVrRJu94Qy~;=LP5bs;^NC|hf3bu%i`QD!;3SM9Tn)xPdYWC*UQ zUHUlAucpO6j@mU7`_4g`tQCiABVXh6CD0z0kqzz$tnKQ%Ih|`Xv~Mkz5Yfnb4KA8K zOFInbu^e+n<#5;MuWPUS^p_TzT*1PsB!P~paWi5^s1<tMKy2^qzH6C% zJ}{qH7+EmRZBu@LQ#AezHX8b$1{YTy4tHW;3lj{a9azWyJ;Z6wbyhHJo4l!}aO5TG z>9v^45J@*hSSL2xnU1d3bcUQO)+D9|etT{md5UzMDnN(u<|| z?R_+k67aAwsLVp7wiS?3xVV-~k*KdfznhP#9FEUM9ux(bXEJ(VO()uyfj;c%$^?tk zCxD!(_f}nw4%#H*Ql+!=D#dL|l)j-o1+OL_ViJJFoNoE!5B+_a-R51j)vmg=u{ZWb z0XA$NP1PLL@>!zF_lA=OD{XhzZx2%_B?+=(1p*`%F0pB1%^ME~L!(YgaZW<{A_6#+ ziL-$-mAz+Z-vMr+Xxv4Huh#>@ywEYb#X3M>vBSsUQm<* z3-nVY8>=2f{m<(YmTPlFm>8jCzf`?-q1s&=4lL<6MciSG|JHJA-p*8?aFKVyGczVe zAp-+j{NiglW{`st-)E5J<#34WiQz&9bTp}EG4=E7fp{7=WmD#!PQY4+%f~(otF^^X z<2Rfrgsjw7DlN#}Z#zq{XpPwVj(c?uU|^5wM4rwNkZlhFOCpfqlzLU#8b8}@4M6m> z!%70iDh`NJ%BJ6>#@;)i`X2p6@O8us~rywiqeojWe$v!v^PWK0f z>A9;ZZ~pq>FZ$$?^$jL#_odY3QkC@`ACSA)tOs?|S3Ui;d10fwFq$IqKWP=upVfEN*zB`CCPU~?_R`bV7)NT07AHCSbj9o*XxVCPl<(ZPrN*R=|yx?{l-wd`e&?pfh_{HM1we+w;`6;T^YZC za075sHskt?d|+Z*P}{p_euLF}ms~(xz#qbf<90n!T=XBR3mdCmzZ}4b z#ThpJee)sIj)ZeW^80As*0bg{7hwpqjFyF&LIX@b6z`jfiy|YmuwjCxq7KdeuVRnb zFNr3_`^V(A4X0H8FH!LFP6s^BXu&a{`Uz2hy3wH+IMv`X$F=c`Yk@9NM=Kv9u6u3M zc`M&$f`l@KfGF>LzWbE+RqbNiIJW~h&B>dZH4tT1Ib9fwDITy|(ijTxN73k5PtV3B zR|*Ifs+pbb>T-8^ft8%hFeB*LA4a21R{|_A15_+3ZpZmyQ3j_CvD{OoWr>&Ag!^qoIxr2;ffEPg2U(lf@;XEf29Rl9YmM zpUprlv3^35kdRPdw#UJ(|MqE^cft+@0{y4swzHiFad;S(Ns%5d>)(L30DTiCJb&9i$SGhTgMU%@;r1P}QN4FUq$r zt^f)&wL1Gkr^pToI(AxUA>T}A)$?yR2pGG*Qc6W<{{Y8sSXj$`Kvb_XO~*wu32Sfc z>}Fy8COQnS-kT7ec?O`L4h{S}jCO37>mVL0UC@ku)o##uO0_!$Bp^3$4c08F5JY!RH&1oyc7xmiy`0F&U)sfVC7E6|{`?-7e!0`!HXr}g=quD+Q zUoJ58yV^yVGU6iTO!HN}R{84|ho{5A=uO+9hd^Ara(QK}+WKCH$NZ{ZT~ev{g%)F= zbOP+ZdF-u_*{&~N`PS&Z?S2ww1jU%(`q)24c<--!*Osvsv~v9esXpwcSAWLiLQgB7 zUFkT;T4v71TZX=%Q}spF+_}nJQVjdCo`{i_}zu zXTot2NdlOmjpsv$m?F+qtHP+4wMRmJhFRy!6|fKjx45t)Iq7?|2U4pm$Y1-v`}N7I zasz_phGsfy8J47b*9eol4NQu(p!@j62BKK?Pu?D!Vy?@0ZZk2G0^rT6PJe6Rj7OCr z$DBI{-gTQdDBD@E>YtU+j(VJxl8L5mmk8qn$-;ia?ycs;tp_#AuK8(dnRR}Vqme+h zG2++mBp3K?zOrc&9a#Bl?KI*fjlXUY~&o0%lH5s(m<9xy;`MSfHOKj>ce_Zn#jTXeQ_6uWs z$`}RCjsyvuB#+2L?^T_&5g-u4CDwsGHM}$8Mdc#T4#s5=KBB^<-%wpMKfV&4V_@(E zj&-oOn$F?i_l{`Q!EQbR5rL2QsG@j4kK4|I5Ljy2%z)cV!WEjp4qr~JAD(ROj|B?* zop@ML=Ec;$Pu;cEw)Z7VG+z$rt~O~|c_A8XzRLsB3X3eW-~D2j7jvj93!J!s=rtEU zo1uQK(xzFVGq;`5P%p1IE%uj^jBhR$)D#67v35de`qh-rXfGl+oFjxsDPYyV>dR2Oo~ryE3K8HJatnwA8uMI0pj-sWcoUq` zmnLdHW3;=QIBFO;YQ(J;SN)vnUrG#B%QXMK=Lg$i+|t!>y;xX%yXs+Q=NT4~GhU8? zGy;LJQj_<~PGw`TcEb42^ZtGcgTf7v%)eKCmiPK&_poLH$R@aW_%Tw%gYB3C;aam8 zU^o-b$N)px-QAC?|E%)djJ?6xlxGDo`KSC+93VJ>HB;c>Vq(i4=8ksy4FlboXdYxQAxYlOgJIY zpIfic?Od}`awFPcUv9*L%;-I9k-YAYL3i`De$U*lq@L#d^GhFGxWmKjgtX`#jjrjp z7rFjlBxlM^6(yHBWG?$fF6;3PtFckc>>>Xs``fBnyiH@Y=j(}_N{ZiQ4D~G#nmHs87a`@ADqZAY&i_EC0qpc*IH(ZRjn)?mE0$7Zq zdCtj&kXzU?6o(JJt{T~BQ&7qkq_~BnxbYI2dL&ZBnk?|5Xlky`bk` zdZS1~;bogKbo32wnC@Eq63!74yrg`MbYXcBdM!2%HZVO;#fJ95aA_v$ETC+sSdY!I zB0D4Da~;ZY{qEMjYbKMw$6HRlad?g^{tx+?>-s)G3?8Di%flMXaVATcfnaxV3q%4-zPyj z+u}C{#cv9&FEj-~qg|*}grAxWCCQ?n?tcjzzgvk4eO+7;5{1|SZ_l!2zmSzty9m&@ zggsDzhGN7Ap0s}T=^Ga%q1fEF$H3Alq*s4)zcK1PmLEDDstbPTU5^DP6_TUazVxC) zIdwZnbJ$2kvOu`;jqrX`ayZYqC>{7jrpf;;PF_joCk=K+#@TB|*>=hvxtJAgBLJM|J>~&>J(M2>IQvnN}>Ds|u%;HE*c$;R+Y-`TG5Zh5K)* zkf3|Bv4uVj(F6Ca6 z#k*EC#UU@o=1G{gi-Di^KmLQLPMbz0LC#E|<0Xp5ZZNmZy%Qe-rRSQt5@LE^CpWH% zi8!1S^DgL~?Y?|1rVTn@A^f`vv^hc<(#$VRltoC*Obh(n?Kib&+RY%nEa=piw--Yl zql5DZXXxjjXNzzse6D(T|7%24Qs5V?f3Sg3LqYoc?6;2<*JNH3=TcecwwIZ9Dnaj$ zJB(34EKl_gZ3#THK&Y%mXbrrA7U^CYSbq4MQgSQ2e7YZcHdYRB%D8v}?S8d>s{{t? z);tyl!lL-{Sdz8lcrDqrJmZ1N8ZzWu>ou}LYgs9Iwz%?r-}5fWpPFC)BQ}B||7XDc zSmt$;K-z1RsLG8i3#(+iG!<`M5O=spo0^-I4D{_ZR;1H+?xm}x=4aw?1kniPl5P5T z-Q$RnYmBIIhq0y7O{416>;#cY!AHEMHfu@F?2C`oiYO7FfQsrQ&s!MX$`~*=;6W;9 zAynvGy@|Vj%H8v?ZG(PbuE?JW|GO0gf=nK0Q|ck=2?1tJTOgN8Y!~bER!^o+1@_*P z)6ocrbaUU9V~#M>egN_AuvTKBmn9t{I6YHQ8k5OUgd?#nRhvwRxcx)py4c%wjh|WU zrs*150!W?ha`I2r#c)H4q*2(j>MK=JUurUpE*L-jCRRVLn1q)Xh_im@o^U}(arD;V=_cRZY}v?o0A(!E}3KJ zdHO#zXBwVlX5TjyFFox8Cm--T>sg*G4G{`-d+~7YF3aRK@^MR8%{$1d~ zvKvRif?slWEoo<~+JZXt(4q5LPMarKU_7*rJXF}pIE7=KKCNmUzEjI4^BQj)F3+X2 ztvO*sd~Jw7pL5d!rTF4XzF%;EP4I2D2xdM?yyM$^x!3>sRmP}{;m5=wjZlbz#%DKg zL!vi14_~_)?W5izd;oW(vvy4WC}(IOX~9yLWy{j$xEf6)WTc?ZmEiO#;CvtgNlekN z?a{~a-T2!`##9UYb0bP);(M=O96yzna%79S@trAjLq|5mH&r^f31Ug!GM=;mgUr8# zBvA+eYJh!E!VdD?f;Wn2525Cxn_1uAE@~%eMUl8cPaX1YW~Y8;C%wESB$kC$p(*21 z6l&-9A?CEn7S^#l)wa-R!5Ik!ZPHih8TL6Vtt?U@@0CPW?A;GH7^H&>kx^0OGaD5 zU#`!)1cBF0k`!_5JA)os%2uP@Z{YxTEq|e)roAG}8Cw23OxY)RLDe*x2r{SzPXwnE z`&r=E{rO^gCCda42Tly?7!ku%I>bbLcO0WhAi={RvVBMt$=a|{&@y|+vM4kuD0}eh z0giI^W4mGNE>!QWLbKEWzyWBt?!fLh^{l_FI-Lz z4(1Qr*(7=U7d*v=J#9@)kJ5MxZ#QHrb%5LlULt$4PbZx}Tx|xD@Dw;8^UMQ)cbG_pTD20Mjo!oTysDdAw>n-IG06{<6_=;5#~tAb_h*i%^hr+h?J(5 zp80*(rW+vHMj&p)5W{6O6AdYT_KvqS+9i$=m7>?kLJ>Z@{d3HMbA$dD(f?1pW1ISI zKwOId5J0eL!J7asdgK+MN5R1#EF6aI`_@(mYn+Sr88Bf4JRBA-5vu|XkxO?LcyjJ6 zP+UY5J$>5r-LyzBtg;&6V;YC)UTt$fLTj0Wo%97r_~jiGz%V3G{quzhsbuG%Uc@3P3XDcfHEx_k}waDy1SIjifY4mwY+o){(I#Ngu zfE^!0l1lmKb-_66gI^&2A#LQp9Py!3N&H$BNG@(=Y1r3WFxb*6#PS;4lplvVr8lmMU=-RTX>*$RE(9X_F|!Lkbh*Pr zKc*7Y=S=i(zlXU0no2cKRmQ_BXbKf^<0ZL_hYs>lbkEk?|B8KCswSh^M>ajtG=Q75 zBZqMtkm(y&TOq=A8&%>Cy4Y=WF@yfqACBX*j^9(C&=Tsd)Tj{3(M3ucuq-{~eTW>x zm?3vr&Uk;V@~Tgpr_dlzh$)_NjHxwejT4QUx?VEl8}xJd8KkKuoueYm8!bj1Ee1d7 zlEej4^aluDSvU_`aX>aQB+oztM*8yu?13l1w*I}n(h?0>WXLc38-8Er_!NWRzejk{fxKpCNt1k@EF(b&M zI|{$^1Y4{Ji)JbO0ylN(sa-&im93(fsQN!P?oLmq6{kps3VD1V1yL|7jN`S^35HJ- z3?MsO$5*zFL};*4;VF!azM&-!Gq{jSQ|@`pS~O_Ad#^}~qnI}&nK4L%9g0ANR{P*B z-MW!(4EqkfI3OAM63HYHPj=r)mUm4JG~3~oR2(!6=GU){O`aN!J3Gc=OP8awUTahc zUP^n?@WQL`rI9=y260&1ov^lnk#8@1>ZdRY!!2h22Q>L6th4}6bqxrJ-vL#H1i1nw z*p3hm-F2I-YcBw6U@UJ0q{9K_pDzb(AvC&ZQArPpv28#49xY$HzsANsGG>m4sy~Ud z zML$R7v4FDhP@-6lV)N&Z_fqY#Q^qSR2Quz3-uNf~xm{Y&8fJhSy2GhRZ;(->wJFo# zAY(e7)@-NEx8V`MEdf6&P}$PZDQ7U8I*S;$G-qJG&=TBQ0C?7feA|0jMdPNhG*Snx z?l~uGRn9sVPcZabazNJxNZsi2D7+;gz@*2i5zE4(nq7+?^~wS@LH2T(9;R~yNop{A zNe32`L<{hGV5x784J`eBwGj4C9}SywB(`}!iIhZ_W0FXhAy0FL%!6jjN-`3KmU}l^ z=Fp%e)?ba-YQz~*dkc~y)4Oz^y~iYck2&%FASaC4dAxvL>06rj&v%cye8K@RK6mY7 zVhr&%*hq__J%~i?yD+kLkPFY@gOdYOe@^&r8LKknk)qWMuV;0ZEWYi1 zA-zF%8~qA`U7Y8N2ziYWK|PU2-erWnhr#U*m6~RpJ3Y7lO~_K88|%_%!bCWV3>x6Rgcq>)TgL>eGm+&o<9P2vmj;Ydl&Q=0GKOCdfe zb{JR>vsV$2Ycb1W;!qBYA2p+;hcO0PBp(*z|1rME-$l0>q1>-?APxRv_>hoL=gyr1 zSFm;A0R1T7dm9vG+moBkig<9Kw$VT~AQ30p8mIMClDA4qAL&)Uu5gwly2KvF6U^4w zIN1zHWkn#U?;Y%ewHql(#lkcE%A*9haS(HsCFd}vPz(8g&Z>pHRv3X=>CIUSbZ9gO zb6tQJJ%E6`)9`&XlcriIk{N=!DM@qIeyggT;8z65d;)`h zV~8^V7jQZChVbkSNVkV%063T)HKBj{mkaRvb+gsO;7e&*^bfCgenMdU0gXg{3)QBtnppj!^>oAQ`I(7;u&A=N+JA& zJCKfIkT4a1g>c&O0mgvUKj!8YQx|OJYtc`E%-RTlJb`p635sxE$95%wa=7vG<(*8h zTxKQF;Sjke9)rx7#=W!=QwvUfLf*@2 zbg>34>te+!EgwgNAV#9@)jcjC;zEEm;HZ>s`juM7$eiu}xse5^twG)ecJPOSazLTm zcY;4Yq5ZSm3BhQ6k;($&1*0ZC&kCU;IELtOKs)|PWzD!bM8HUJw+21q32hlc7~Ts; zRf8(68uUxEJQeJ<(760&WqS~8aU(gZc|%rIbV%}l;;ILZ8^pXpPe)3de;6#8c=Jk) zG*&uzB#yeQf}IR>CU*G!+aX9lCb7%V=vydc&q64TXc#eo)RAjqcU^i=b^RhW&|{^q zAq@1>6rIYQ@JGtjL|TPYf#miZF;fR{BPZA5`kxA^dn<_8^}u8__DJWymP9k zBqs=^zzeyLhYH(ykjF|>#7Y~RbYmo`T>%pPwB+sm_znWy<2u-=?IC;F+prr@d--y) zK#`{K@Gvi@>l4t9t!5l>yGBnZdypQn#m#?7Cu#1bTHQeBgoIbb0i7?(ZU^WN2Q=(3 za>GLxgH6fc>EB43L+C$1mfFAV>C3jKP_GrJR_Y;m9~yi?m(WWHu&^IYE+U3VOcFnNC# zq|D2IdZ#B5ydKzK5=B15=E>vxb2ctsQe3l*F*D4P5Ez0Zw27>?p?DTwWB$O>Oi z>oI#SJpH|LBp>%KC^Rr~TJ9LK=cv#HjIlqHFlLVv0!kFN6^!d5(PoNIuPr5BFX(y0 zb?Dxk3BNy(zja@gIN?#sBGMvzrtK}b{WmOTp<1dXYj0ixg9kQ|jT4WksLU4=_9hed z52f`uP+5~Ic@-37qy`bx8Nk~Hq1$lyu~ZD&mN%J|vYYf-7wAEk(^G7OVP&ccU6R9$ z5Y1JgrT1kM3#6Y4zBJuN5V_=iw|OgV{zv*4pAR1?r~KziFy^(PAAGz8z6li9qWD9N z)SWwwQ2zi8j_>v`JwV(rmdzu61r^DN+keatI4ymFEs*+y>=?_P^!!7?vB*9nknsIFbewtJsyHI!U)53bz}z(82EK$r<9-A(QdGmVAV zcQ~JLWBIo)w(m1~hcN|!r1$(!($PTDXSc6`?*(H9{4CNsRBF}ep@st*Ly$$|xHO2T zJAB5v37seqLaedEtg%Q>6!CSQ^({IIUe?v%u3|wJfSudeEizeCoQvLIz_D8m*WexS zaPx;icq2)z^;RW}YR}z&hJ_YOZO`SuIn+Wd-LUktrPI~Y3o>p34S-}RBQ(gLL+ZZ< z|8tOO>5Laf#V-{pLli0L1l00|n@p2% z4h>4!RY^--B;LwEmHiGgx zihq{h9yms3nEiR-wi(_PZiRssVtKhhZH~lyt-Fxq_Zp@Cdzc0dHi!d&=;s-k3|1s^ zMB=qXzCF|^5D$Y6^3q~295b#a$f6X8>sFpXe=A6=0#!3ykfp(3EEi~V^^8$BHk0t+mt_xN}%sloV+nP7 zpirWSU8}(;fD=sEG-IUasnC!;@9S&@hX`;OIG;_Ooc-KubvwS^m#R|;JZ;l*3E(do zK?p3MG^+pS35_^gOxU46YEvIPwZ#B*UIXR3#u@6S3wb8|$wCZ~qVSUrP!RfltvsT; z5tw!(@a1+UT?Up`0fAPS_+f^sNZzop@{~fh+VG4rS42(O>~6DPxu zp}Q8xy2|hH3mt0N#58PhPdBD2({r2`8Z&-wQ|kH5I>&V3lvQxejxhUPS|{#-o;EDn ziyQ3JfP<1C#RX9Ga)H_vNMcM<*sK;kGy@B`Wwyc; z0(UuC5Adh@wbr*j#;VfAM)sII4`I0+>nF*L(#Z8ngFRe@j$_r^s*)ZX)$1rv|1$(C z3+-b?%Od|V?P+4qzUSi+kU;(D z{*z@WgeW_#g4M4=7X}BSWiUMF2^|Du6&Y|ZA)uW|s{K_MY^zvQ)V6WARfq=6Z9&ah zj!Mm%_jQz@)Im!_&Vn9$Cq_u?ej`mulU|Z39?kS1Rx1F$6HFcFq@=`+hqqweV-s9^ z_l{@y`K!3m@xu;bDkkF0~8rKc7u~2x9kr z4R_aexg~SD@ER%MZShy(=wXIW-7ZHeVtYiB;D+8znzC6+&X|4zuuSt}0L}Pk%Jp7! z;S9CM1xl9@zpKfqr}W-GawY-!Khhz&VjieShh{7_Y_*qPi*t7yyEjQ7BG`fXXEEg( zCYshn;y`&0#upym;OJn=GGxvd?UP{k-X!9dqtbhCI!w0b`RwkHCQ4^2<;1j&vSNkL zE=fF?P12uqvchwP*7Ug4Ag82WL zE>hgYoQM8okPHHT9XGN#67(+9(G>`csgOTT9Vdn*W>~3}ImHY$1s_Hs9?*Tr=Wg{D z??%8IY15VDB7m7BTDh@w?r0sz{ibrF&Q+C$b7-&~f$9N$Nb}3_>%8MEZ?#u~fX0)Y z^LMM??_G~IW7T~Bi0ft2#BqFT+%RLTl+6bMY+cVxRey_+7W9*~XWncRwqfFLps;Rm)DkfLy&& zkax;-XkvpsF;U^sg|?afkITtEr`JBuNm0(xf^>iV#j4V2x`fW_wGp?vz1*k6$N1@F zAez}|>GVca@JF|)Rc2Bwy{va3TgOLUJ_w;=#m|IAL@kL$^;aOcQJ9R0M8MDsIh;_j z(^K;xWWx8B=h@fAP#PQ=MVk5k<#Lw9u&QM!Y3W!kO4ugS^F3lD@>;&Pv|`zA=XJDm zI2Kwo_iLck=$_+fCZ^XyqZd~6oZjh<>p3Yln%L>O>-l8~5OHJ$WU(Yso6#LC1k{{( z7ET3dH|}cU^`N}x7x42J^uFr@Y=h3FHb;C2<;ceqUvF?4%-_4MH1|I+qc^J5gg%te z>*dF-K%||@7%ilT$81&p4qyR+kgv57zs0^%M7B1Z)!Ls-D(dKL(du;$ru=lq+_kJ&18hfAaFTXPqi zRHEccc&|O4PS@OoQ3JlF)!+E-`>h{6{+st>W#=|L8#s$@*F4E-THL0Hr~fgZa{55P zXA=)lAJWBU?Z*_E)L9<#1_wLbf|GX(y?}pk-k%zA_BPf1g{0uPHYd&0}Y}oH963V*wLMcERGea0NN5x~CBNA;?u0WeS zR){(_?MAAIGId^q?eK+~6)^H7-oLJMJ9{CZ8pS0GiL(}aT9igohxL~LYTKZ^EK-t4 zziJQVYo-%z;0q;DiibpkQ9`WAp94}KT9jFRMP>cIu9mHWszN8k881Oe1bbwC$rC(N zAUavX21o{If(j8o&z8^*2j*$-ozYhkbM{qhhlgjzUq6;EO%7p}w!O5V3>-*xK$eKC zHC|jNlEd8HWvufArs(=VW4VSL%1q>gFd!zfbzNA}+3dq$@5SJSsHl@WI9QaF}f@!3CY{;87j#8R*JIx`id zxW`J9#dq9~?zkU&GoA|Tm2SM>n>%rrBr~rD-n$-+3Q!FA1Y`rQPP^9rLZ02++(EcV z;Tz+Nu#~3fGj+)LkXAiPjtK$O^c@b|W&XL=u|tDnenAl1iKCH^t8+1?@UtdyzuAcG z3c{%PYPgR*R^Qo)%vRNz+qr~bE95U?BKLT@+MGdkUTy^;UL^f}Yy;n7*V z_jD}k2gTesU@|W>yM7q7-ij@{pmtdwLrH9X;aL4bk|sp|^i&t}@yO7V2*1emH3Zt7 z4{YjGBo<#L`(Db!a5z%m7&=m6wuG()d!&iBDAn!lv>vuu2RZzzpIe$Jk;*?n)33W( zeG%0B1h-TgdNeB+D120fRL1nFv5YsiC}27 z9y(0vVk>a4+h_mtE54-Z6CKyV2li9ug0wE4xM)sbao5|fO_rhX)mQ4h zGUdB;{V9VQg^=X^GHZ4U_C&Lj^K-mq>znKMA4V-4aR;?7@y*OX@;5u|t!voqGY@*I zmbkX;f`dKZWhGbl;oBM~M&O*s&Yr$S>jKB|tq8%ipWnze8E~(iK0e#>WL`N<5Kr>C zsH3!$+Q9N&sPs`Kz4%O>VQxZ$g}FKuTc!1V^kbN841w-NBNZx2Dc zo0>}L?0k@0QN!ASbE)ZPRC02r-0G&PYlQZ!q-a!3TwLa9-Fv0ga#t5x60TqNCfO!& ze2oQat1-=KhIr8SFGSQhL_8h&OL!e|C@oeP9d0N+K^P`uM8vVD$qlzvpLPr)iK{Oc zdZY;Ye~J)0nZ4z9uBiFp{s;;dDI{@)TiLuw zA*CS-e?2ClDHfc3`rD2kn_#HqU5L`b{4bN$REY{&+s}Kag6E>~go(q0>uOS#k*vB2 zxsIkj>`$`{vvVsPC*>O$CpfJ-`n~+xD!X0P72g)M3m#ZIx*jYKb(DHsObrgAVn~Fv z&mFHbua7)%dCC#586?~|bNtho6pSfUtWe@Qh_r^y(nWh{# z$57HzcRt&6%lZ6i`ij0_rgP#3hsaE%+ElI1#q#n43FpV*?N-GrrTWL+*}hrb3|ag9 z+m=&RBZcSZpT#g6e_P*LR&H!))oD*y?!R(trf6i9IM;W5vBsmCYCyH){r9FiA&VPG zVW={eDbc0-+80~fmq+4Cno5S~eqJ|8G(W$vG!=~zCGL7t`r8i!jrFA9qdw`-P;m@> zw@M8L+_9jAhcT?So`S_1Is@M&QjPB4esUkLzsXO(x%rK7>L>hjIo{Y=#TOQMU$Te4 z4GyYk>3m$}8hTlAUn?Kp=Y${4EORP$eD~%P5eCB@@&A*tpp(|iTGdMdDh$Z6YbJ`q{ zGdtv7?aBWey+P(f9e8mx$go0}KA8$r&?EvmZp-_j0z+|4@s6{D=;)n%f7 zI*3p_V+J2BaVpbuq_Dp_F!cBCUYF}2b3A>Q&I5L%hJFJB`^htH23$=>HO+O-jI4+= zSHArPsel*$baYJpSqEzbIC$YP%bi2%wWK3^afB;tOGdqGr1U;DY)k0a>*!B|j zy`FY9DMpcam?VZsqqQ>>6>4Ulrg`lh+ya3W))p+b?B?aHm80Lx8JMs;6~+w}i?las zskt<%`!WzYO@5k6IvV#~Q`CKYg{B^L+uT4rn?GkH99~?GAAHCgv%0pTM2QvKW~3yw z{hfK|9#&!xT_U3{{&MhrGThKr;kkMIwPy0rwl{|87-T$U?B-GxR=IRBDe+66YJAeY zUC>g3TKo-l?Hb7PhI4b@g*eo9iI3aQ5S*QwZ(6YsksO?Fgp=rUyJ{{H2*k`R#`l;Z zr8RC?1^t?k(lxKg7`rF7dDG3!uL%0|M~>LSR-Udtp~RANsy5>-Gi#;0c7-e>D~py0 zGp{^DH*d7y{fG}EZm59E1he1OEGuN^gr>=Kj6H>?FLZFQ7xMB-B_bt7p9@(`V)pVG;sy35HPD2LY5C3&RF|+m z&~3C;4U>+;U6nR2eMgWe5fF%*r+O4nZFVqc!hjnZSCori$=7dHY9$peqn0NoL*E&r z|AuQrfJi7x-D-0!iZV79oB3k)3fKBK*!SP4XZLk!l{EP8U-; zg3#qdW`!x%P789D7_8RZIA%sAcg4 z8ZT3rFN=fyi`M3akhQ?l(wY)WOx0m(naL?r>wpGjZ`iz4BiIKoRD^@FL#$6{^QN;DW&4t7^PWNN3+jyzY^HzL#T<$u-0~?$}{o-91?}E!QZs-KjtRETa9ZyE6tBHanK8xputIaZwSJ zO?O!(w1)Fi+{so58cZMqCF16__RL&vcJ!v-%OlUsD@fVZu>YT$@2#!IXpMYTs8gTW zTbOJTf7u{8v>n5}j%$88J)HFA@L?>g%{<}ge%g|Von|@bcmy&JocSx8dP}wOb zjG~kfcl{I#{3%J>e*E0aEbZHWnZrgUwIz%MRtPI zFQ3NqJA3++B(&qlCwOrp2%}y0@dHz*Ng`gm>5TF0)Fu)LIo>9?j2uU^o~WnssA#{3 zR`;{((`973Lgv4|osQjnR?s)6+B$ZtCxub1Hs2*H-z6x2S+hiIFiL~i@8~nj&k%{r zA??B;VwYLd{C}TZsj=TKne-+ps5WoY%`>%U$$$NNS888^ur(_;yy(?U2W}htZ0>`!ZIPg$!^`KQbOg1S>Uk#sa-d+@D z*LltJ$>?ZWTjt%~{$N}qX?-es)Aw?qVfMCgbcJA<>hkg&m}ID!E8ha> zLqy4uw|&x0GvQEuc< zm+(C^*`Wbc_X-gOXA;uY;=|?|2;C$*F4NkXV%`N`)sh-`GlG{PcWxqME>lw$F+QQ@KzY1 z5Xu#@`n_@HUmMHHmX^h8lgggj?N>fk^~?%&BFEbg9y%p2DwVlng14rdry^?JQ8^SJ zZ=ATglWs}~_6`+aOSslar4;W~=f@9Qs6gD8Hx)vfI8D%702 zHEXjI49{ocN(I{&m()F#w@M0`vQ<}loJ>i}Wga|Ipqa6*&6QVDw-$c6)$nRyG`+4? z{&iQXg_mBdVRO8va~CipnJ_6^1{wnvvQxy5JkBppf+rt&r&p9~FlebMr@lz@YMXON z5^#PznrKHu!i62th7-{?Pq?+5b#eS|n(w^%C5J|VnrZcWFyJ@q+=W3dee|2qqhPg~ zRBChB4;EF`D zH^&`Kfs4D4_pwaU($Yn@c09M)Ui6Z_LCX(kez5EYzc5!K#G>CXAF%vmrN4CsXkA&^P^H9D^^}NTv5Fc* zYD+b1?I6mIxMW5N67}ILRo?hKswElb^uKJBifR?slcuz^cwP1DDsS~1#DhckR~uTG z>W0yE%4F3?ELd}OrwXYL4R=c=4XP@u=Df@8)Vz7~A)8vBYOUajWx1ZUy0USp-cg4& z@7c8baAEcnC8_7*+O1@keu~_{!vv$EZ zbQ=#eeo8S;DZ@@W^`N-X`;f?7cqSZ@w4IzIo{8 zfxmYg_dFE@b3$?*3v}vrNZ<44v5|UZCpVs7_kKDdjA9kr1 z8L)8rR*m0Y>SbD9s8^l2`RGJJ%SWLAB)(wFK(t4_aJe%Bx6Rmrv7=+;-u_wU@85ze zoD~`jtR|2Ho7e@0)NX&4Kx)eQFOK?)uEFEg3m2ipib7>6%}6jj!INe~MG?-;*UDXG zv?&?SFVU1Z*kZ`bQM7#=Uc>9T%Y1RF47QoW*x=gn;RCMKQQtY`C@kGql_Z{&;8r|H z_Tqn7WN4k`bE+VLL=UZc+YCp?(&543yd86b`Hk(bEa*1lb!v^r-&@o7?}TCyQ}9+0 zI#RZ>V22X2ntXi~p&von7GxFPp7ni(G6L=YY9?LVUaZ(y+`RNsZLV=X6|E;9^JN!x z3k*TI(D#f|QY|n$;ZD}`d_^$mxtKS6L-7u|>gl}wB>H_gIyiW;^|R=(s+^r42#aL3 zrb<$RgOK(!?S