From 9baa835ee3a7a4ca35fc03efb3d232f14273b39b Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 13:10:58 +0000 Subject: [PATCH 001/107] Update runbook --- .../azure-runbooks/SHM-Build-Instructions.md | 92 ++++++++++--------- 1 file changed, 48 insertions(+), 44 deletions(-) diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index ebd40df327..d86ea26c8e 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -2,7 +2,7 @@ ## Prerequisites -### An Azure subscription with sufficient credits to build the environment in +### An Azure subscription with sufficient credits to build the environment in ### Install and configure PowerShell for Azure - Install [PowerShell v 6.0 or above](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-2.2.0) @@ -11,11 +11,11 @@ ### Microsoft Remote Desktop - On Mac this can be installed from the [apple store](https://itunes.apple.com/gb/app/microsoft-remote-desktop-10/id1295203466?mt=12) -### Azure CLI +### Azure CLI - Install the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) ### Docker desktop -- Install [Docker Desktop](https://www.docker.com/products/docker-desktop). Docker is used to generate certificates. +- Install [Docker Desktop](https://www.docker.com/products/docker-desktop). Docker is used to generate certificates. ## 0. Setup Azure Active Directory (AAD) with P1 Licenses @@ -29,19 +29,23 @@ ![](images/AAD.png) -### Create a Custom Domain Name +### Create a Custom Domain Name #### Create a DNS zone for the custom domain -1. For Turing SHMs, create a new DNS Zone for a subdomain under the `turingsafehaven.ac.uk` domain (for the `production` environment - within the `Safe Haven Managment` subscription) or under the `dsgroupdev.co.uk` domain (for the `test` environment - within the `Safe Haven Management Testing` subscription). For safe havens hosted by other organisations, follow their guidance. This may require purchasing a dedicated domain. -2. Whatever new domain or subdomain you choose, you must create a new Azure DNS Zone for the domain or subdomain. - - Click `Create a resource` in the far left menu, seach for "DNS Zone" and click "Create. - - Select the management subscription created for this managment deployment and select or create the `RG_SHM_DNS` resource group. - - For the `Name` field enter the fully qualified domain / subdomain (e.g. `testb.dsgroupdev.co.uk` for a second test SHM deployed as part of the Turing `test` environment). -3. Once deployed, duplicate the `NS` record in the DNS Zone for the new domain / subdomain to it's parent record in the DNS system. - - Navigate to the new DNS Zone (click `All resources` in the far left panel and seach for "DNS Zone". The NS record will lists 4 Azure name servers. - - If using a subdomain of an existing Azure DNS Zone, create an NS record in the parent Azure DNS Zone for the new subdomain with the same value as the NS record in the new Azure DNS Zone for the subdomain (i.e. for a new subdomain `testb.dsgroupdev.co.uk`, duplicate its NS record to the Azure DNS Zone for `dsgroupdev.co.uk`, under the name `testb`). - - If using a new domain, create an NS record in at the registrar for the new domain with the same value as the NS record in the new Azure DNS Zone for the domain. - -### Create and add the custom domain to the new AAD +For Turing SHMs, create a new DNS Zone for a subdomain under the `turingsafehaven.ac.uk` domain (for the `production` environment - within the `Safe Haven Management` subscription) or under the `dsgroupdev.co.uk` domain (for the `test` environment - within the `Safe Haven Management Testing` subscription). For safe havens hosted by other organisations, follow their guidance. This may require purchasing a dedicated domain. +1. Ensure that the `RG_SHM_DNS` resource group exists in your chosen subscription. For the Turing SHM, we use the `UK South` region. + +Whatever new domain or subdomain you choose, you must create a new Azure DNS Zone for the domain or subdomain. +1. Click `Create a resource` in the far left menu, seach for "DNS Zone" and click "Create. +2. Use the `RG_SHM_DNS` resource group created above. +3. For the `Name` field enter the fully qualified domain / subdomain (e.g. `testb.dsgroupdev.co.uk` for a second test SHM deployed as part of the Turing `test` environment or `turingsafehaven.ac.uk` for the production SHM deployed as the Turing `production` environment). + +Once deployed, duplicate the `NS` record in the DNS Zone for the new domain / subdomain to it's parent record in the DNS system. + +1. Navigate to the new DNS Zone (click `All resources` in the far left panel and seach for "DNS Zone". The NS record will lists 4 Azure name servers. + - If using a subdomain of an existing Azure DNS Zone, create an NS record in the parent Azure DNS Zone for the new subdomain with the same value as the NS record in the new Azure DNS Zone for the subdomain (i.e. for a new subdomain `testb.dsgroupdev.co.uk`, duplicate its NS record to the Azure DNS Zone for `dsgroupdev.co.uk`, under the name `testb`). + - If using a new domain, create an NS record in at the registrar for the new domain with the same value as the NS record in the new Azure DNS Zone for the domain. + +### Create and add the custom domain to the new AAD 1. Ensure your Azure Portal session is using the new AAD directory. The name of the current directory is under your username in the top right corner of the Azure portal screen. To change directories click on your username at the top right corner of the screen, then `Switch directory`, then the name of the new AAD directory. 2. Navigate to `Active Directory` and then click `Custom domain names` in the left panel. Click `Add custom domain` at the top and create a new domain name (e.g. `testb.dsgroupdev.co.uk`) @@ -56,7 +60,7 @@ ## 1. Deploy VNET and Domain Controllers ### Core SHM configuration properties -The core properties for the Safe Haven Management (SHM) environment must be present in the `new_dsg_environment/dsg_configs/core` folder. These are also used when deploying a DSG environment. +The core properties for the Safe Haven Management (SHM) environment must be present in the `new_dsg_environment/dsg_configs/core` folder. These are also used when deploying a DSG environment. The following core SHM properties must be defined in a JSON file named `shm__core_config.json`. The `shm_testb_core_config.json` provides an example. `artifactStorageAccount` and `vaultname` must be globally unique in Azure. `` is a short ID to identify the environment (e.g. `testb`). **NOTE:** The `netbiosName` must have a maximum length of 15 characters. @@ -97,7 +101,7 @@ The following core SHM properties must be defined in a JSON file named `shm_" @@ -108,7 +112,7 @@ The following core SHM properties must be defined in a JSON file named `shm_" @@ -211,7 +215,7 @@ For some steps, a dedicated **internal** Global Administrator is required (e.g. cd ./safe_haven_management_environment/setup ``` -4. Run `./setup_azure1.ps1` entering the `shId`, defined in the config file, when prompted +4. Run `./setup_azure1.ps1` entering the `shId`, defined in the config file, when prompted 5. Once the script exits successfully you should see the following resource groups under the SHM-subscription (NB. names may differ slightly): @@ -254,12 +258,12 @@ A number of files are critical for the DSG deployment. They must be added to blo 1. Run `./configure_dc.ps1` entering the `shId`, defined in the config file, when prompted. This will run remote scripts on the DC VMs -### Download and install the VPN Client from the virtual network VPN gateway +### Download and install the VPN Client from the virtual network VPN gateway 1. Navigate to `/safe_haven_management/scripts/local/out/certs/out`. -2. Rename the `client.pfx` file `DSG-P2S--ClientCert.pfx` and updoad to the keyvault. -3. Rename the `caCert.pem` file `DSG-P2S--RootCert.pem` -4. Double click `client.pfx` to install it (on Mac). Enter `password`. +2. Rename the `client.pfx` file `DSG-P2S--ClientCert.pfx` and updoad to the keyvault. +3. Rename the `caCert.pem` file `DSG-P2S--RootCert.pem` +4. Double click `client.pfx` to install it (on Mac). Enter `password`. 5. Next, on the portal navigate to the Safe Haven Management (SHM) VNet gateway in the SHM subscription via `Resource Groups -> RG_SHM_VNET -> SHM_VNET1_GW`. 6. Once there open the "Point-to-site configuration page under the "Settings" section in the left hand sidebar. 7. Click the "Download VPN client" link at the top of the page to get the root certificate (VpnServerRoot.cer) and VPN configuration file (VpnSettings.xml). @@ -269,13 +273,13 @@ A number of files are critical for the DSG deployment. They must be added to blo You should now be able to connect to the virtual network. Each time you need to access the virtual network ensure you are connected to it. -### Upload VPN certificates +### Upload VPN certificates -The following are required to enable deployment of a DSG. +The following are required to enable deployment of a DSG. -1. On the Azure portal navigate to `Resource Groups -> RG_DSG_SECRETS -> keyvault -> Secrets`. Then create a new secret called `sh-management-p2s-root-cert` and copy the contents of `DSG-P2S--RootCert.pem` in `/safe_haven_management/scripts/local/out/certs` without the `BEGIN CERTIFICATE` and `END CERTIFICATE` lines. +1. On the Azure portal navigate to `Resource Groups -> RG_DSG_SECRETS -> keyvault -> Secrets`. Then create a new secret called `sh-management-p2s-root-cert` and copy the contents of `DSG-P2S--RootCert.pem` in `/safe_haven_management/scripts/local/out/certs` without the `BEGIN CERTIFICATE` and `END CERTIFICATE` lines. -2. Go to `Resource Groups -> RG_DSG_SECRETS -> keyvault -> Certificates` and import the `DSG-P2S--ClientCert.pfx` file from `/safe_haven_management/scripts/local/out/certst` and name it `DSG-P2S--ClientCert`. +2. Go to `Resource Groups -> RG_DSG_SECRETS -> keyvault -> Certificates` and import the `DSG-P2S--ClientCert.pfx` file from `/safe_haven_management/scripts/local/out/certst` and name it `DSG-P2S--ClientCert`. ### Access the first Domain Controller (DC1) via Remote Desktop @@ -283,15 +287,15 @@ The following are required to enable deployment of a DSG. 2. Click `Add Desktop` -3. Navigate to the `RG_SHM_DC` resource group and then to the `SHMDC1` virtual machine (VM). +3. Navigate to the `RG_SHM_DC` resource group and then to the `SHMDC1` virtual machine (VM). 4. Copy the Private IP address and enter it in the `PC name` field on remote desktop. Click Add. 5. Double click on the desktop that appears under `saved desktops`. Enter the username and password: - Username: atiadmin - - Password: + - Password: - - To obtain the password on Azure navigate to the `RG_DSG_SECRETS` resource group and then the `shmvault` key vault. On the left panel select `secrets` and click on `shm-managment-dcadmin`. You can then copy the secret to the clipboard and paste it into Microsoft Remote Desktop. + - To obtain the password on Azure navigate to the `RG_DSG_SECRETS` resource group and then the `shmvault` key vault. On the left panel select `secrets` and click on `shm-managment-dcadmin`. You can then copy the secret to the clipboard and paste it into Microsoft Remote Desktop. ### Active Directory Configuration @@ -314,7 +318,7 @@ You will be promted to enter a password for the adsync account. Use the password Once you have accessed the VM via Remote Desktop: -1. On the VM open the `Group Policy Management` app. You can search for it using the windows search bar. +1. On the VM open the `Group Policy Management` app. You can search for it using the windows search bar. 2. Navigate to the "All Servers - Local Administrators" GPO, right click and then click edit @@ -342,7 +346,7 @@ Once you have accessed the VM via Remote Desktop: 1. Download the latest version of the AAD Connect tool from [here](https://www.microsoft.com/en-us/download/details.aspx?id=47594) - You will need to temporarily [enable downloads on the VM](https://www.thewindowsclub.com/disable-file-download-option-internet-explorer). Disable downloads after download complete. - - You will be promted to add webpages to exceptions. Do this. + - You will be promted to add webpages to exceptions. Do this. 2. Run the installer - Agree the license terms -> "Continue" @@ -371,16 +375,16 @@ Once you have accessed the VM via Remote Desktop: ### Additional AAD Connect Configuration -1. Open the `Synchronization Rules Editor` from the start menu +1. Open the `Synchronization Rules Editor` from the start menu 2. Change the "Direction" drop down to "Outbound" 3. Select the "Out to AAD - User Join" -> Click "Disable". Click edit. 4. Click "Yes" for the "In the Edit Reserved Rule Confirmation" window -5. Set `precedence` to 1. -6. Select "Transformations" and locate the rule with its "Target Attribute" set to "usageLocation" +5. Set `precedence` to 1. +6. Select "Transformations" and locate the rule with its "Target Attribute" set to "usageLocation" 7. Change the "FlowType" column from "Expression" to "Direct" 8. On the "Source" column click drop-down and choose "c" attribute 9. Click "Save" -10. You will now see a cloned version of the `Out to AAD - User Join`. Delete the original. Then edit the cloned version. Change `Precedence to 115` and edit the name to `Out to AAD - User Join`. Click save. Click `Enable` on the new rule. +10. You will now see a cloned version of the `Out to AAD - User Join`. Delete the original. Then edit the cloned version. Change `Precedence to 115` and edit the name to `Out to AAD - User Join`. Click save. Click `Enable` on the new rule. 11. Click the X to close the Synchronization Rules Editor window 12. Run powershell as administrator and run: ```pws @@ -415,11 +419,11 @@ Once you have accessed the VM via Remote Desktop: - Select `On-premises integration` from the left hand side bar - Ensure `write back passwords to your on-premises directory` is set to yes. ![](images/enable_writeback.png) - - If you changed this setting, click the "Save" icon + - If you changed this setting, click the "Save" icon - Select `Properties` from the left hand side bar - Make sure that `self service password reset enabled` is set to `All` ![](images/enable_passwordreset.png) - - If you changed this setting, click the "Save" icon + - If you changed this setting, click the "Save" icon ## 4. Deploy Network Policy Server (NPS) @@ -435,14 +439,14 @@ The NPS server will now deploy. ### Configure the Network Policy Server 1. Connect to NPS Server using Microsoft Remote desktop, using the same procedure as for SHMDC1/SHMDC2, but using the private IP address for SHMNPS VM, which is found in the `RG_SHM_NPS` resource group. - - **NOTE:** The Username and Password is the same as for SHMDC1 and SHMDC2, but you must log in as a **domain** user rather than a local user (i.e. use `atiadmin@` rather than just `atiadmin`). + - **NOTE:** The Username and Password is the same as for SHMDC1 and SHMDC2, but you must log in as a **domain** user rather than a local user (i.e. use `atiadmin@` rather than just `atiadmin`). -2. On the Azure portal navigate to the `RG_DSG_ARTIFACTS` resource group and then the `dsgartifacts` storage account. Click on `Files` and then the `scripts` fileshare. +2. On the Azure portal navigate to the `RG_DSG_ARTIFACTS` resource group and then the `dsgartifacts` storage account. Click on `Files` and then the `scripts` fileshare. -3. Click the connect icon on the top bar and then copy the lower powershell command. +3. Click the connect icon on the top bar and then copy the lower powershell command. 4. On the `SHMNPS` VM run Powershell as an administrator. - - Paste the powershell command copied from the Azure portal and hit enter. This will map the `scripts` fileshare to the Z: drive. + - Paste the powershell command copied from the Azure portal and hit enter. This will map the `scripts` fileshare to the Z: drive. - Once the drive is successfully mapped, run the following commands: ```pwsh New-Item -Path "c:\" -Name "Scripts" -ItemType "directory" @@ -488,7 +492,7 @@ This is because, without this policy, the NPS server will reject their authentic ### MFA Configuation - Download the "NPS Extension" from Microsoft [here](https://aka.ms/npsmfa). - - You will be promted to add webpages to exceptions. Do this. + - You will be promted to add webpages to exceptions. Do this. - Run the installer - Agree the license terms and click "Install" - Click "Close" once the install has completed From d8f1d13a9b0f5266604bbc3f8024a00e883c06fc Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 13:28:33 +0000 Subject: [PATCH 002/107] Updated management config --- .../dsg_configs/core/shm_prod_core_config.json | 2 +- .../azure-runbooks/SHM-Build-Instructions.md | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json index ddbf8993b4..151376751a 100644 --- a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json @@ -1,5 +1,5 @@ { - "subscriptionName": "Safe Haven Managment", + "subscriptionName": "Safe Haven Management", "computeVmImageSubscriptionName": "Safe Haven VM Images", "domain": "turingsafehaven.ac.uk", "netbiosName": "TURINGSAFEHAVEN", diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index d86ea26c8e..2b1cd03ef0 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -32,18 +32,18 @@ ### Create a Custom Domain Name #### Create a DNS zone for the custom domain For Turing SHMs, create a new DNS Zone for a subdomain under the `turingsafehaven.ac.uk` domain (for the `production` environment - within the `Safe Haven Management` subscription) or under the `dsgroupdev.co.uk` domain (for the `test` environment - within the `Safe Haven Management Testing` subscription). For safe havens hosted by other organisations, follow their guidance. This may require purchasing a dedicated domain. -1. Ensure that the `RG_SHM_DNS` resource group exists in your chosen subscription. For the Turing SHM, we use the `UK South` region. +- Ensure that the `RG_SHM_DNS` resource group exists in your chosen subscription. For the Turing SHM, we use the `UK South` region. Whatever new domain or subdomain you choose, you must create a new Azure DNS Zone for the domain or subdomain. -1. Click `Create a resource` in the far left menu, seach for "DNS Zone" and click "Create. -2. Use the `RG_SHM_DNS` resource group created above. -3. For the `Name` field enter the fully qualified domain / subdomain (e.g. `testb.dsgroupdev.co.uk` for a second test SHM deployed as part of the Turing `test` environment or `turingsafehaven.ac.uk` for the production SHM deployed as the Turing `production` environment). +- Click `Create a resource` in the far left menu, seach for "DNS Zone" and click "Create. +- Use the `RG_SHM_DNS` resource group created above. +- For the `Name` field enter the fully qualified domain / subdomain (e.g. `testb.dsgroupdev.co.uk` for a second test SHM deployed as part of the Turing `test` environment or `turingsafehaven.ac.uk` for the production SHM deployed as the Turing `production` environment). Once deployed, duplicate the `NS` record in the DNS Zone for the new domain / subdomain to it's parent record in the DNS system. -1. Navigate to the new DNS Zone (click `All resources` in the far left panel and seach for "DNS Zone". The NS record will lists 4 Azure name servers. - - If using a subdomain of an existing Azure DNS Zone, create an NS record in the parent Azure DNS Zone for the new subdomain with the same value as the NS record in the new Azure DNS Zone for the subdomain (i.e. for a new subdomain `testb.dsgroupdev.co.uk`, duplicate its NS record to the Azure DNS Zone for `dsgroupdev.co.uk`, under the name `testb`). - - If using a new domain, create an NS record in at the registrar for the new domain with the same value as the NS record in the new Azure DNS Zone for the domain. +- Navigate to the new DNS Zone (click `All resources` in the far left panel and search for "DNS Zone". The NS record will list 4 Azure name servers. +- If using a subdomain of an existing Azure DNS Zone, create an NS record in the parent Azure DNS Zone for the new subdomain with the same value as the NS record in the new Azure DNS Zone for the subdomain (i.e. for a new subdomain `testb.dsgroupdev.co.uk`, duplicate its NS record to the Azure DNS Zone for `dsgroupdev.co.uk`, under the name `testb`). +- If using a new domain, create an NS record in at the registrar for the new domain with the same value as the NS record in the new Azure DNS Zone for the domain. ### Create and add the custom domain to the new AAD 1. Ensure your Azure Portal session is using the new AAD directory. The name of the current directory is under your username in the top right corner of the Azure portal screen. To change directories click on your username at the top right corner of the screen, then `Switch directory`, then the name of the new AAD directory. From 386b532478aff91b7106d06b591bf143d4f4d6af Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 13:30:51 +0000 Subject: [PATCH 003/107] Changed names to be globally unique --- .../dsg_configs/core/shm_prod_core_config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json index 151376751a..a1fe52a1bc 100644 --- a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json @@ -21,6 +21,6 @@ "npsRgName": "RG_SHM_NPS", "vnetRgName":"RG_SHM_VNET", "vnetName":"SHM_VNET1", - "artifactStorageAccount": "dsgartifactsprod", - "keyVaultName": "dsg-management-prod" + "artifactStorageAccount": "turingsafehavenartifactsprod", + "keyVaultName": "turingsafehaven-management-prod" } From 6e7c1ec342621ca8e79e6fc7d2374d7ff3429bc3 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 13:31:30 +0000 Subject: [PATCH 004/107] Removed name suffix --- .../dsg_configs/core/shm_prod_core_config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json index a1fe52a1bc..2037256c59 100644 --- a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json @@ -21,6 +21,6 @@ "npsRgName": "RG_SHM_NPS", "vnetRgName":"RG_SHM_VNET", "vnetName":"SHM_VNET1", - "artifactStorageAccount": "turingsafehavenartifactsprod", - "keyVaultName": "turingsafehaven-management-prod" + "artifactStorageAccount": "turingsafehavenartifacts", + "keyVaultName": "turingsafehaven-management" } From 29b81f044af7c5cfad0155b3c9753b83dd7b01b1 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 13:42:11 +0000 Subject: [PATCH 005/107] Shortened keyvault name --- new_dsg_environment/dsg_configs/core/shm_prod_core_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json index 2037256c59..e7a9aa8950 100644 --- a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json @@ -22,5 +22,5 @@ "vnetRgName":"RG_SHM_VNET", "vnetName":"SHM_VNET1", "artifactStorageAccount": "turingsafehavenartifacts", - "keyVaultName": "turingsafehaven-management" + "keyVaultName": "turingsafehavensecrets" } From 9259cb1921845a94177f2b010535375afdff8d37 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 13:53:51 +0000 Subject: [PATCH 006/107] Update SHM resource group names --- .../dsg_deploy_scripts/DsgConfig.psm1 | 14 +++++++------- .../azure-runbooks/SHM-Build-Instructions.md | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index c4f07c9797..65d997f26b 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -39,7 +39,7 @@ function Get-ShmFullConfig{ $netbiosNameMaxLength = 15 if($shmConfigBase.netbiosName.length -gt $netbiosNameMaxLength) { throw "Netbios name must be no more than 15 characters long. '$($shmConfigBase.netbiosName)' is $($shmConfigBase.netbiosName.length) characters long." - } + } $shm.domain.netbiosName = $shmConfigBase.netbiosName $shm.domain.dn = "DC=" + ($shm.domain.fqdn.replace('.',',DC=')) $shm.domain.serviceOuPath = "OU=Safe Haven Service Accounts," + $shm.domain.dn @@ -71,7 +71,7 @@ function Get-ShmFullConfig{ $shm.dc.hostname = $shmConfigBase.dcHostname $shm.dc.fqdn = $shm.dc.hostname + "." + $shm.domain.fqdn $shm.dc.ip = $shm.network.subnets.identity.prefix + ".250" - # Backup AD DC details + # Backup AD DC details $shm.dcb = [ordered]@{} $shm.dcb.vmName = "SHMDC2" $shm.dcb.hostname = $shm.dcb.vmName @@ -88,12 +88,12 @@ function Get-ShmFullConfig{ $shm.storage = [ordered]@{ artifacts = [ordered]@{} } - $shm.storage.artifacts.rg = "RG_DSG_ARTIFACTS" + $shm.storage.artifacts.rg = "RG_SHM_ARTIFACTS" $shm.storage.artifacts.accountName = $shmConfigBase.artifactStorageAccount # When SHM deploy is automated use: "dsgartifacts" + $shm.id # --- Secrets config --- $shm.keyVault = [ordered]@{} - $shm.keyVault.rg = "RG_DSG_SECRETS" + $shm.keyVault.rg = "RG_SHM_SECRETS" $shm.keyVault.name = $shmConfigBase.keyVaultName $shm.keyVault.secretNames = [ordered]@{} $shm.keyVault.secretNames.p2sRootCert= "sh-management-p2s-root-cert" @@ -177,7 +177,7 @@ function Add-DsgConfig { $netbiosNameMaxLength = 15 if($dsgConfigBase.netbiosName.length -gt $netbiosNameMaxLength) { throw "Netbios name must be no more than 15 characters long. '$($dsgConfigBase.netbiosName)' is $($dsgConfigBase.netbiosName.length) characters long." - } + } $config.dsg.domain.netbiosName = $dsgConfigBase.netBiosname $config.dsg.domain.dn = "DC=" + ($config.dsg.domain.fqdn.replace('.',',DC=')) $config.dsg.domain.securityGroups = [ordered]@{ @@ -224,8 +224,8 @@ function Add-DsgConfig { artifacts = [ordered]@{} } $config.dsg.storage.artifacts.rg = "RG_DSG_ARTIFACTS" - $config.dsg.storage.artifacts.accountName = "dsg$($config.dsg.id)artifacts" - + $config.dsg.storage.artifacts.accountName = "dsg$($config.dsg.id)artifacts" + # --- Secrets --- $config.dsg.keyVault = [ordered]@{ name = "dsg-management-" + $config.shm.id # TODO: Once all scripts driven by this config make separate KeyVault per DSG diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 2b1cd03ef0..80cc0b5981 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -181,7 +181,7 @@ For some steps, a dedicated **internal** Global Administrator is required (e.g. - To add licenses to a user click `licenses` in the left panel, click `assign`, select users and then assign `Azure Active Directory Premium P1` and `Microsoft Azure Multi-Factor Authentication` - If the above fails go `Users` and make sure each User has `usage location` set under "Settings" (see image below): ![](images/set_user_location.png) -7. Configuring MPA on Azure Active Directory +7. Configuring MFA on Azure Active Directory - Go to the Azure Portal and select "Azure Active Directory" from the left hand side bar - Click on "MFA" in the "Security" section of the left hand side bar - Click on the "Additional cloud-based MFA settings" link in the "Configure" section on the main panel From 1a42958465e0cfde3df8716422c76e08838a92d3 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 13:59:42 +0000 Subject: [PATCH 007/107] Added bold warning about docker --- .../azure-runbooks/SHM-Build-Instructions.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 80cc0b5981..02e121a3dc 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -215,9 +215,11 @@ For some steps, a dedicated **internal** Global Administrator is required (e.g. cd ./safe_haven_management_environment/setup ``` -4. Run `./setup_azure1.ps1` entering the `shId`, defined in the config file, when prompted +4. **Ensure docker is running before attempting the next step** -5. Once the script exits successfully you should see the following resource groups under the SHM-subscription (NB. names may differ slightly): +5. Run `./setup_azure1.ps1` entering the `shId`, defined in the config file, when prompted + +6. Once the script exits successfully you should see the following resource groups under the SHM-subscription (NB. names may differ slightly): ![](images/resource_groups.png) From 74de656a9f86201031c5b7b6773222c9cf813273 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 15:46:47 +0000 Subject: [PATCH 008/107] Add a check for existing files before redownloading, as downloads can be extremely slow when running in multiple levels of indirection --- .../setup/setup_azure1.ps1 | 36 ++++++++++++------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index f7d398b363..c9dc89eee6 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -46,13 +46,13 @@ Set-Location -Path $cwd -PassThru # -Name $("DSG-P2S-" + $shmId) ` # -FilePath '../scripts/local/out/certs/client.pfx' ` # -Password $securepfxpwd; - + # Setup resources New-AzResourceGroup -Name $config.storage.artifacts.rg -Location $config.location $storageAccount = New-AzStorageAccount -ResourceGroupName $config.storage.artifacts.rg -Name $config.storage.artifacts.accountName -Location $config.location -SkuName "Standard_LRS" -new-AzStoragecontainer -Name "dsc" -Context $storageAccount.Context -new-AzStoragecontainer -Name "scripts" -Context $storageAccount.Context +new-AzStoragecontainer -Name "dsc" -Context $storageAccount.Context +new-AzStoragecontainer -Name "scripts" -Context $storageAccount.Context New-AzStorageShare -Name 'scripts' -Context $storageAccount.Context New-AzStorageShare -Name 'sqlserver' -Context $storageAccount.Context @@ -67,16 +67,26 @@ Set-AzStorageBlobContent -Container "dsc" -Context $storageAccount.Context -File Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "../scripts/dc/SHM_DC.zip" Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "../scripts/nps/SHM_NPS.zip" -# Get-ChildItem -File "../scripts/dc/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "dc/" -Context $storageAccount.Context -Get-ChildItem -File "../scripts/nps/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "nps/" -Context $storageAccount.Context +# Get-ChildItem -File "../scripts/dc/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "dc/" -Context $storageAccount.Context +Get-ChildItem -File "../scripts/nps/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "nps/" -Context $storageAccount.Context -# Download executables from microsoft -New-Item -Name "temp" -ItemType "directory" -Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/?linkid=853017" -OutFile "temp/SQLServer2017-SSEI-Expr.exe" -Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/?linkid=2088649" -OutFile "temp/SSMS-Setup-ENU.exe" +# Create folder for downloaded executables from Microsoft +if (-Not (Test-Path "temp")) { + New-Item -Name "temp" -ItemType "directory" +} +# Download SQLServer2017 +$outputFile = "temp/SQLServer2017-SSEI-Expr.exe" +if (-Not (Test-Path $outputFile -PathType Leaf)) { + Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/?linkid=853017" -OutFile $outputFile +} +# Download SSMS-Setup +$outputFile = "temp/SSMS-Setup-ENU.exe" +if (-Not (Test-Path $outputFile -PathType Leaf)) { + Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/?linkid=2088649" -OutFile $outputFile +} # Upload executables to fileshare -Get-ChildItem -File "temp/" -Recurse | Set-AzStorageFileContent -ShareName "sqlserver" -Context $storageAccount.Context +Get-ChildItem -File "temp/" -Recurse | Set-AzStorageFileContent -ShareName "sqlserver" -Context $storageAccount.Context # Delete the local executable files Remove-Item –path 'temp/' –recurse @@ -87,7 +97,7 @@ $artifactLocation = "https://" + $config.storage.artifacts.accountName + ".blob. $artifactSasToken = (New-AccountSasToken -subscriptionName $config.subscriptionName -resourceGroup $config.storage.artifacts.rg ` -accountName $config.storage.artifacts.accountName -service Blob,File -resourceType Service,Container,Object ` -permission "rl" -validityHours 2); - + # Run template files # Deploy the shmvnet template # The certificate only seems to works if the first and last line are removed, passed as a single string and white space removed @@ -105,7 +115,7 @@ New-AzResourceGroupDeployment -resourcegroupname $config.network.vnet.rg ` $netbiosNameMaxLength = 15 if($config.domain.netbiosName.length -gt $netbiosNameMaxLength) { throw "Netbios name must be no more than 15 characters long. '$($config.domain.netbiosName)' is $($config.domain.netbiosName.length) characters long." -} +} New-AzResourceGroup -Name $config.dc.rg -Location $config.location New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg` -templatefile "../arm_templates/shmdc/shmdc-template.json"` @@ -117,6 +127,6 @@ New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg` -Artifacts_Location_SAS_Token (ConvertTo-SecureString $artifactSasToken -AsPlainText -Force)` -Domain_Name $config.domain.fqdn ` -Domain_Name_NetBIOS_Name $config.domain.netbiosName; - + # Switch back to original subscription Set-AzContext -Context $prevContext; \ No newline at end of file From ee1e1a434297fdc8617f85b5a814dbc1f8d645cf Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 15:54:45 +0000 Subject: [PATCH 009/107] Switch to calling docker-compose directly from Powershell --- safe_haven_management_environment/setup/setup_azure1.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index c9dc89eee6..68a502ad4c 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -38,7 +38,8 @@ if ($null -eq $DCSafemodePassword) { # Generate certificates $cwd = Get-Location Set-Location -Path ../scripts/local/ -PassThru -sh generate-root-cert.sh +# sh generate-root-cert.sh +docker-compose -f ./build/docker-compose.certs.yml up Set-Location -Path $cwd -PassThru From caed6ea70c4e80ac8a72c3f241df5e9eb3c4fc32 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 30 Oct 2019 16:24:08 +0000 Subject: [PATCH 010/107] Allow docker-compose.exe to be used --- .../setup/setup_azure1.ps1 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 68a502ad4c..45ea2072b5 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -38,8 +38,14 @@ if ($null -eq $DCSafemodePassword) { # Generate certificates $cwd = Get-Location Set-Location -Path ../scripts/local/ -PassThru -# sh generate-root-cert.sh -docker-compose -f ./build/docker-compose.certs.yml up +# NB. Windows uses docker-compose.exe so check for this first, falling back to docker-compose +if ((Get-Command "docker-compose.exe" -ErrorAction SilentlyContinue) -ne $null) { + Write-Host "Using docker-compose.exe" + docker-compose.exe -f ./build/docker-compose.certs.yml up +} else { + Write-Host "Using docker-compose" + docker-compose -f ./build/docker-compose.certs.yml up +} Set-Location -Path $cwd -PassThru From b848c1f63194de8408fe94d118ef09e465606bf7 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Thu, 31 Oct 2019 10:07:53 +0000 Subject: [PATCH 011/107] Removed shell script which does not work on Windows --- .../scripts/local/generate-root-cert.sh | 3 --- safe_haven_management_environment/setup/setup_azure1.ps1 | 7 ------- 2 files changed, 10 deletions(-) delete mode 100755 safe_haven_management_environment/scripts/local/generate-root-cert.sh diff --git a/safe_haven_management_environment/scripts/local/generate-root-cert.sh b/safe_haven_management_environment/scripts/local/generate-root-cert.sh deleted file mode 100755 index 15f8652ecd..0000000000 --- a/safe_haven_management_environment/scripts/local/generate-root-cert.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker-compose -f ./build/docker-compose.certs.yml up diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 45ea2072b5..58d5a50944 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -48,13 +48,6 @@ if ((Get-Command "docker-compose.exe" -ErrorAction SilentlyContinue) -ne $null) } Set-Location -Path $cwd -PassThru - -# Import-AzureKeyVaultCertificate -VaultName $config.keyVault.name ` -# -Name $("DSG-P2S-" + $shmId) ` -# -FilePath '../scripts/local/out/certs/client.pfx' ` -# -Password $securepfxpwd; - - # Setup resources New-AzResourceGroup -Name $config.storage.artifacts.rg -Location $config.location $storageAccount = New-AzStorageAccount -ResourceGroupName $config.storage.artifacts.rg -Name $config.storage.artifacts.accountName -Location $config.location -SkuName "Standard_LRS" From d79dd60976e264fe8997e0a0e95070cfc0ddaf7a Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Fri, 1 Nov 2019 22:19:23 +0000 Subject: [PATCH 012/107] Add new 'turing1' SHM config and amend DsgConfig module - Also add DSG100 config (new sandbox) to verify DsgConfig changes - DsgConfig changes: - Remove some SHM core config fields that were only needed while we had differences in test and prod SHM resource names - Put SHM ID in resource names that may clash with peered SHMs (only an issue during Turing's EduHub migration) --- .../dsg_configs/core/dsg_100_core_config.json | 12 + .../core/shm_turing1_core_config.json | 16 ++ .../dsg_configs/full/dsg_100_full_config.json | 261 ++++++++++++++++++ .../dsg_deploy_scripts/DsgConfig.psm1 | 24 +- 4 files changed, 301 insertions(+), 12 deletions(-) create mode 100644 new_dsg_environment/dsg_configs/core/dsg_100_core_config.json create mode 100644 new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json create mode 100644 new_dsg_environment/dsg_configs/full/dsg_100_full_config.json diff --git a/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json new file mode 100644 index 0000000000..90ee7b74e4 --- /dev/null +++ b/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json @@ -0,0 +1,12 @@ +{ + "subscriptionName": "Turing Sandbox Secure Research Environment", + "dsgId": "100", + "shmId": "turing1", + "tier": "2", + "domain": "dsgroup100.co.uk", + "netbiosName": "DSGROUP100", + "ipPrefix": "10.0.72", + "rdsAllowedSources": "Internet", + "computeVmImageType": "Ubuntu", + "computeVmImageVersion": "0.1.2019082900" +} diff --git a/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json new file mode 100644 index 0000000000..31faa4e4b0 --- /dev/null +++ b/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json @@ -0,0 +1,16 @@ +{ + "subscriptionName": "Turing Safe Haven Management", + "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", + "domain": "turingsafehaven.ac.uk", + "netbiosName": "TURINGSAFEHAVEN", + "shId": "turing1", + "name": "Turng Safe Haven", + "organisation": { + "name": "The Alan Turing Institute", + "townCity": "London", + "stateCountyRegion": "London", + "countryCode": "GB" + }, + "location": "uksouth", + "ipPrefix": "10.0.0.0" +} diff --git a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json new file mode 100644 index 0000000000..df3836ab2d --- /dev/null +++ b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json @@ -0,0 +1,261 @@ +{ + "shm": { + "subscriptionName": "Turing Safe Haven Management", + "id": "turing1", + "name": "Turng Safe Haven", + "organisation": { + "name": "The Alan Turing Institute", + "townCity": "London", + "stateCountyRegion": "London", + "countryCode": "GB" + }, + "location": "uksouth", + "domain": { + "fqdn": "turingsafehaven.ac.uk", + "netbiosName": "TURINGSAFEHAVEN", + "dn": "DC=turingsafehaven,DC=ac,DC=uk", + "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", + "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", + "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", + "securityGroups": { + "dsvmLdapUsers": { + "name": "SG Data Science LDAP Users", + "description": "SG Data Science LDAP Users" + } + } + }, + "network": { + "vnet": { + "rg": "RG_SHM_VNET", + "name": "turing1-VNET", + "cidr": "10.0.0.0/21" + }, + "subnets": { + "identity": { + "prefix": "10.0.0", + "cidr": "10.0.0.0/24" + } + } + }, + "dc": { + "rg": "RG_SHM_DC", + "vmName": "turing1-DC1", + "hostname": "turing1-DC1", + "fqdn": "turing1-DC1.turingsafehaven.ac.uk", + "ip": "10.0.0.250" + }, + "dcb": { + "vmName": "turing1-DC2", + "hostname": "turing1-DC2", + "fqdn": "turing1-DC2.turingsafehaven.ac.uk", + "ip": "10.0.0.249" + }, + "nps": { + "rg": "RG_SHM_NPS", + "vmName": "turing1-NPS", + "ip": "10.0.0.248" + }, + "storage": { + "artifacts": { + "rg": "RG_SHM_ARTIFACTS", + "accountName": "turing1artifacts" + } + }, + "keyVault": { + "rg": "RG_SHM_SECRETS", + "name": "turing1secrets", + "secretNames": { + "p2sRootCert": "sh-management-p2s-root-cert", + "dc": "sh-managment-dcadmin", + "safemode": "sh-managment-dcsafemode", + "adsync": "sh-managment-adsync", + "vpncertificate": "sh-managment-cert" + } + }, + "dns": { + "rg": "RG_SHM_DNS" + } + }, + "dsg": { + "subscriptionName": "Turing Sandbox Secure Research Environment", + "id": "100", + "shortName": "dsg100", + "location": "uksouth", + "tier": "2", + "mirrors": { + "rg": "RG_SHM_PKG_MIRRORS", + "keyVault": { + "name": "kv-shm-pkg-mirrors-turing1" + }, + "vnet": { + "name": "VNET_SHM_PKG_MIRRORS_TIER2" + }, + "cran": { + "ip": "10.20.2.21" + }, + "pypi": { + "ip": "10.20.2.20" + } + }, + "domain": { + "fqdn": "dsgroup100.co.uk", + "netbiosName": "DSGROUP100", + "dn": "DC=dsgroup100,DC=co,DC=uk", + "securityGroups": { + "serverAdmins": { + "name": "SG DSGROUP100 Server Administrators", + "description": "SG DSGROUP100 Server Administrators" + }, + "researchUsers": { + "name": "SG DSGROUP100 Research Users", + "description": "SG DSGROUP100 Research Users" + } + } + }, + "network": { + "vnet": { + "rg": "RG_DSG_VNET", + "name": "DSG_DSGROUP100_VNET1", + "cidr": "10.0.72.0/21" + }, + "subnets": { + "identity": { + "name": "Subnet-Identity", + "prefix": "10.0.72", + "cidr": "10.0.72.0/24" + }, + "rds": { + "name": "Subnet-RDS", + "prefix": "10.0.73", + "cidr": "10.0.73.0/24" + }, + "data": { + "name": "Subnet-Data", + "prefix": "10.0.74", + "cidr": "10.0.74.0/24" + }, + "gateway": { + "prefix": "10.0.79", + "cidr": "10.0.79.0/27" + } + }, + "nsg": { + "data": { + "rg": "RG_DSG_LINUX", + "name": "NSG_Linux_Servers" + } + } + }, + "storage": { + "artifacts": { + "rg": "RG_DSG_ARTIFACTS", + "accountName": "dsg100artifacts" + } + }, + "keyVault": { + "name": "dsg-management-turing1" + }, + "dc": { + "rg": "RG_DSG_DC", + "vmName": "DSG100DC", + "hostname": "DSG100DC", + "fqdn": "DSG100DC.dsgroup100.co.uk", + "ip": "10.0.72.250", + "admin": { + "username": "atiadmin", + "passwordSecretName": "dsg100-dc-admin-password" + } + }, + "users": { + "ldap": { + "gitlab": { + "name": "DSGROUP100 Gitlab LDAP", + "samAccountName": "dsg100-gitlab-ldap", + "passwordSecretName": "dsg100-gitlab-ldap-password" + }, + "hackmd": { + "name": "DSGROUP100 HackMD LDAP", + "samAccountName": "dsg100-hackmd-ldap", + "passwordSecretName": "dsg100-hackmd-ldap-password" + }, + "dsvm": { + "name": "DSGROUP100 DSVM LDAP", + "samAccountName": "dsg100-dsvm-ldap", + "passwordSecretName": "dsg100-dsvm-ldap-password" + } + }, + "researchers": { + "test": { + "name": "DSGROUP100 Test Researcher", + "samAccountName": "dsg100-test-res", + "passwordSecretName": "dsg100-test-res-password" + } + } + }, + "rds": { + "gateway": { + "vmName": "RDS", + "hostname": "RDS", + "fqdn": "RDS.dsgroup100.co.uk", + "ip": "10.0.73.250", + "npsSecretName": "dsg100-nps-secret" + }, + "sessionHost1": { + "vmName": "RDSSH1", + "hostname": "RDSSH1", + "fqdn": "RDSSH1.dsgroup100.co.uk", + "ip": "10.0.73.249" + }, + "sessionHost2": { + "vmName": "RDSSH2", + "hostname": "RDSSH2", + "fqdn": "RDSSH2.dsgroup100.co.uk", + "ip": "10.0.73.248" + }, + "rg": "RG_DSG_RDS", + "nsg": { + "gateway": { + "name": "NSG_RDS_Server", + "allowedSources": "Internet" + }, + "sessionHosts": { + "name": "NSG_SessionHosts" + } + } + }, + "dataserver": { + "rg": "RG_DSG_DATA", + "vmName": "DATASERVER", + "hostname": "DATASERVER", + "fqdn": "DATASERVER.dsgroup100.co.uk", + "ip": "10.0.74.250" + }, + "linux": { + "gitlab": { + "vmName": "GITLAB", + "hostname": "GITLAB", + "fqdn": "GITLAB.dsgroup100.co.uk", + "ip": "10.0.74.151", + "rootPasswordSecretName": "dsg100-gitlab-root-password" + }, + "hackmd": { + "vmName": "HACKMD", + "hostname": "HACKMD", + "fqdn": "HACKMD.dsgroup100.co.uk", + "ip": "10.0.74.152" + }, + "rg": "RG_DSG_LINUX", + "nsg": "NSG_Linux_Servers" + }, + "dsvm": { + "rg": "RG_DSG_COMPUTE", + "vmImageSubscription": "Turing Safe Haven VM Images", + "vmImageType": "Ubuntu", + "vmImageVersion": "0.1.2019082900", + "admin": { + "username": "atiadmin", + "passwordSecretName": "dsgroup100-dsvm-admin-password" + } + } + } +} diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 65d997f26b..ae75477878 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -57,8 +57,8 @@ function Get-ShmFullConfig{ vnet = [ordered]@{} subnets = [ordered]@{} } - $shm.network.vnet.rg = $shmConfigBase.vnetRgName # TODO: When SHM deployment automated, make this: "RG_DSG_VNET" - $shm.network.vnet.name = $shmConfigBase.vnetName # TODO: When SHM deployment automated, make this "DSG_" + $shm.domain.netbiosName + "_VNET1" + $shm.network.vnet.rg = "RG_SHM_VNET" + $shm.network.vnet.name = $shm.id + "-VNET" $shm.network.vnet.cidr = $shmBasePrefix + "." + $shmThirdOctet + ".0/21" $shm.network.subnets.identity = [ordered]@{} $shm.network.subnets.identity.prefix = $shmBasePrefix + "." + $shmThirdOctet @@ -66,35 +66,35 @@ function Get-ShmFullConfig{ # --- Domain controller config --- $shm.dc = [ordered]@{} - $shm.dc.rg = $shmConfigBase.dcRgName # TODO: When SHM deploy automated, make this "RG_DSG_DC" - $shm.dc.vmName = $shmConfigBase.dcVmName # When SHM deploy automated, make this "SHMDC1" - $shm.dc.hostname = $shmConfigBase.dcHostname + $shm.dc.rg = "RG_SHM_DC" + $shm.dc.vmName = $shm.id + "-DC1" + $shm.dc.hostname = $shm.dc.vmName $shm.dc.fqdn = $shm.dc.hostname + "." + $shm.domain.fqdn $shm.dc.ip = $shm.network.subnets.identity.prefix + ".250" # Backup AD DC details $shm.dcb = [ordered]@{} - $shm.dcb.vmName = "SHMDC2" + $shm.dcb.vmName = $shm.id + "-DC2" $shm.dcb.hostname = $shm.dcb.vmName $shm.dcb.fqdn = $shm.dcb.hostname + "." + $shm.domain.fqdn $shm.dcb.ip = $shm.network.subnets.identity.prefix + ".249" # --- NPS config --- $shm.nps = [ordered]@{} - $shm.nps.rg = $shmConfigBase.npsRgName - $shm.nps.vmName = $shmConfigBase.npsVmName - $shm.nps.ip = $shm.network.subnets.identity.prefix + "." + $shmConfigBase.npsIpLastOctet + $shm.nps.rg = "RG_SHM_NPS" + $shm.nps.vmName = $shm.id + "-NPS" + $shm.nps.ip = $shm.network.subnets.identity.prefix + ".248" # --- Storage config -- $shm.storage = [ordered]@{ artifacts = [ordered]@{} } $shm.storage.artifacts.rg = "RG_SHM_ARTIFACTS" - $shm.storage.artifacts.accountName = $shmConfigBase.artifactStorageAccount # When SHM deploy is automated use: "dsgartifacts" + $shm.id + $shm.storage.artifacts.accountName = $shm.id + "artifacts" # --- Secrets config --- $shm.keyVault = [ordered]@{} $shm.keyVault.rg = "RG_SHM_SECRETS" - $shm.keyVault.name = $shmConfigBase.keyVaultName + $shm.keyVault.name = $shm.id + "secrets" $shm.keyVault.secretNames = [ordered]@{} $shm.keyVault.secretNames.p2sRootCert= "sh-management-p2s-root-cert" $shm.keyVault.secretNames.dc='sh-managment-dcadmin' @@ -234,7 +234,7 @@ function Add-DsgConfig { # --- Domain controller --- $config.dsg.dc = [ordered]@{} $config.dsg.dc.rg = "RG_DSG_DC" - $config.dsg.dc.vmName = "DSG" + $config.dsg.id + "DC" # TODO: Once all scripts driven by this config, change to: $config.dsg.domain.netbiosName + "_DC" + $config.dsg.dc.vmName = "DSG" + $config.dsg.id + "DC" $config.dsg.dc.hostname = $config.dsg.dc.vmName $config.dsg.dc.fqdn = $config.dsg.dc.hostname + "." + $config.dsg.domain.fqdn $config.dsg.dc.ip = $config.dsg.network.subnets.identity.prefix + ".250" From c9523bc80534efe54e1df2915824f7d3e1396b94 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Fri, 1 Nov 2019 22:21:30 +0000 Subject: [PATCH 013/107] Remove core and full configs for all SHMs and DSG except first new one of each Kept 'turing1' SHM and DSG100 sandbox SRE --- .../dsg_configs/core/dsg_10_core_config.json | 12 - .../dsg_configs/core/dsg_11_core_config.json | 12 - .../dsg_configs/core/dsg_12_core_config.json | 12 - .../dsg_configs/core/dsg_13_core_config.json | 12 - .../dsg_configs/core/dsg_14_core_config.json | 12 - .../dsg_configs/core/dsg_15_core_config.json | 12 - .../dsg_configs/core/dsg_16_core_config.json | 12 - .../dsg_configs/core/dsg_17_core_config.json | 12 - .../dsg_configs/core/dsg_18_core_config.json | 12 - .../dsg_configs/core/dsg_19_core_config.json | 12 - .../dsg_configs/core/dsg_1_core_config.json | 12 - .../dsg_configs/core/dsg_20_core_config.json | 12 - .../dsg_configs/core/dsg_21_core_config.json | 12 - .../dsg_configs/core/dsg_22_core_config.json | 12 - .../dsg_configs/core/dsg_23_core_config.json | 12 - .../dsg_configs/core/dsg_24_core_config.json | 12 - .../dsg_configs/core/dsg_25_core_config.json | 12 - .../dsg_configs/core/dsg_2_core_config.json | 12 - .../dsg_configs/core/dsg_3_core_config.json | 12 - .../dsg_configs/core/dsg_4_core_config.json | 12 - .../dsg_configs/core/dsg_5_core_config.json | 12 - .../dsg_configs/core/dsg_6_core_config.json | 12 - .../dsg_configs/core/dsg_7_core_config.json | 12 - .../dsg_configs/core/dsg_8_core_config.json | 12 - .../dsg_configs/core/dsg_9_core_config.json | 12 - .../core/dsg_test_core_config.json | 12 - .../core/shm_bris1_core_config.json | 26 -- .../core/shm_prod_core_config.json | 26 -- .../core/shm_test_core_config.json | 26 -- .../core/shm_testb_core_config.json | 26 -- .../core/shm_testc_core_config.json | 26 -- .../dsg_configs/full/dsg_10_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_11_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_12_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_13_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_14_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_15_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_16_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_17_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_18_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_19_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_1_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_20_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_21_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_22_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_23_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_24_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_25_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_2_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_3_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_4_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_5_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_6_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_7_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_8_full_config.json | 261 ------------------ .../dsg_configs/full/dsg_9_full_config.json | 261 ------------------ .../full/dsg_test_full_config.json | 261 ------------------ 57 files changed, 7228 deletions(-) delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_10_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_11_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_12_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_13_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_14_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_15_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_16_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_17_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_18_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_19_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_1_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_20_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_21_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_22_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_23_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_24_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_25_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_2_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_3_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_4_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_5_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_6_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_7_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_8_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_9_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/dsg_test_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/shm_bris1_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/shm_prod_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/shm_test_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/shm_testb_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/core/shm_testc_core_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_10_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_11_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_12_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_13_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_14_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_15_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_16_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_17_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_18_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_19_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_1_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_20_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_21_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_22_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_23_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_24_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_25_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_2_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_3_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_4_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_5_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_6_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_7_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_8_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_9_full_config.json delete mode 100644 new_dsg_environment/dsg_configs/full/dsg_test_full_config.json diff --git a/new_dsg_environment/dsg_configs/core/dsg_10_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_10_core_config.json deleted file mode 100644 index 1d9062a8ca..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_10_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 10 (Prod)", - "dsgId": "10", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup10.co.uk", - "netbiosName": "DSGROUP10", - "ipPrefix": "10.250.72", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_11_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_11_core_config.json deleted file mode 100644 index 1e3e198b44..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_11_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 11 (Prod)", - "dsgId": "11", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup11.co.uk", - "netbiosName": "DSGROUP11", - "ipPrefix": "10.250.80", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_12_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_12_core_config.json deleted file mode 100644 index 4c72b4c0a9..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_12_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 12 (Prod)", - "dsgId": "12", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup12.co.uk", - "netbiosName": "DSGROUP12", - "ipPrefix": "10.250.88", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_13_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_13_core_config.json deleted file mode 100644 index d24ff0e8c2..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_13_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 13 (Prod)", - "dsgId": "13", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup13.co.uk", - "netbiosName": "DSGROUP13", - "ipPrefix": "10.250.96", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_14_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_14_core_config.json deleted file mode 100644 index 030ba063bd..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_14_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 14 (Prod)", - "dsgId": "14", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup14.co.uk", - "netbiosName": "DSGROUP14", - "ipPrefix": "10.250.104", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_15_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_15_core_config.json deleted file mode 100644 index 4c9bb88d2d..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_15_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 15 (Prod)", - "dsgId": "15", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup15.co.uk", - "netbiosName": "DSGROUP15", - "ipPrefix": "10.250.112", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_16_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_16_core_config.json deleted file mode 100644 index 39a301b445..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_16_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Bristol DSGN 16 (Prod)", - "dsgId": "16", - "shmId": "bris1", - "tier": "0", - "domain": "dsgroup16.co.uk", - "netbiosname": "DSGROUP16", - "ipPrefix": "10.250.120", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_17_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_17_core_config.json deleted file mode 100644 index d6538ebeec..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_17_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Bristol DSGN 17 (Prod)", - "dsgId": "17", - "shmId": "bris1", - "tier": "1", - "domain": "dsgroup17.co.uk", - "netbiosname": "DSGROUP17", - "ipPrefix": "10.250.128", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_18_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_18_core_config.json deleted file mode 100644 index fe37dd4c90..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_18_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Bristol DSGN 18 (Prod)", - "dsgId": "18", - "shmId": "bris1", - "tier": "0", - "domain": "dsgroup18.co.uk", - "netbiosname": "DSGROUP18", - "ipPrefix": "10.250.136", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_19_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_19_core_config.json deleted file mode 100644 index 25f4c83e9a..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_19_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Bristol DSGN 19 (Prod)", - "dsgId": "19", - "shmId": "bris1", - "tier": "2", - "domain": "dsgroup19.co.uk", - "netbiosname": "DSGROUP19", - "ipPrefix": "10.250.144", - "rdsAllowedSources": "137.222.0.0/16,193.60.220.253,193.60.220.240,193.60.198.0/25", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_1_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_1_core_config.json deleted file mode 100644 index a4c556c02a..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_1_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 1 (Prod)", - "dsgId": "1", - "shmId": "prod", - "tier": "3", - "domain": "dsgroup1.co.uk", - "netbiosName": "DSGROUP1", - "ipPrefix": "10.250.0", - "rdsAllowedSources": "193.60.220.240,137.205.213.46", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_20_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_20_core_config.json deleted file mode 100644 index d8745fcbc1..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_20_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Bristol DSGN 20 (Prod)", - "dsgId": "20", - "shmId": "bris1", - "tier": "1", - "domain": "dsgroup20.co.uk", - "netbiosname": "DSGROUP20", - "ipPrefix": "10.250.152", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_21_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_21_core_config.json deleted file mode 100644 index f81b864ef1..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_21_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Bristol DSGN 21 (Prod)", - "dsgId": "21", - "shmId": "bris1", - "tier": "1", - "domain": "dsgroup21.co.uk", - "netbiosname": "DSGROUP21", - "ipPrefix": "10.250.160", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_22_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_22_core_config.json deleted file mode 100644 index d6aead7641..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_22_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 22 (Prod)", - "dsgId": "22", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup22.co.uk", - "netbiosName": "DSGROUP22", - "ipPrefix": "10.250.168.", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_23_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_23_core_config.json deleted file mode 100644 index 6129d10ed3..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_23_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 23 (Prod)", - "dsgId": "23", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup23.co.uk", - "netbiosName": "DSGROUP23", - "ipPrefix": "10.250.176.", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_24_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_24_core_config.json deleted file mode 100644 index 7f27f32ad7..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_24_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 24 (Prod)", - "dsgId": "24", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup24.co.uk", - "netbiosName": "DSGROUP24", - "ipPrefix": "10.250.184.", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_25_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_25_core_config.json deleted file mode 100644 index 084bc590ff..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_25_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 25 (Prod)", - "dsgId": "25", - "shmId": "prod", - "tier": "3", - "domain": "dsgroup25.co.uk", - "netbiosName": "DSGROUP25", - "ipPrefix": "10.250.192.", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_2_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_2_core_config.json deleted file mode 100644 index 6e5de46925..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_2_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 2 (Prod)", - "dsgId": "2", - "shmId": "prod", - "tier": "3", - "domain": "dsgroup2.co.uk", - "netbiosName": "DSGROUP2", - "ipPrefix": "10.250.8", - "rdsAllowedSources": "193.60.220.240,137.205.213.46,167.98.26.243", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_3_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_3_core_config.json deleted file mode 100644 index 7b59341a58..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_3_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 3 (Prod)", - "dsgId": "3", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup3.co.uk", - "netbiosName": "DSGROUP3", - "ipPrefix": "10.250.16", - "rdsAllowedSources": "193.60.220.253,193.60.220.240,137.205.213.46,137.205.238.0/24,194.66.251.0/24,146.169.128.0/17,146.179.192.0/22,146.179.196.0/22,146.179.200.0/22,146.179.204.0/22", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_4_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_4_core_config.json deleted file mode 100644 index 19d7b4f6f6..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_4_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 4 (Prod)", - "dsgId": "4", - "shmId": "prod", - "tier": "1", - "domain": "dsgroup4.co.uk", - "netbiosName": "DSGROUP4", - "ipPrefix": "10.250.24", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_5_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_5_core_config.json deleted file mode 100644 index 834703dbf4..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_5_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 5 (Prod)", - "dsgId": "5", - "shmId": "prod", - "tier": "0", - "domain": "dsgroup5.co.uk", - "netbiosName": "DSGROUP5", - "ipPrefix": "10.250.32", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_6_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_6_core_config.json deleted file mode 100644 index e5bd7522d7..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_6_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 6 (Prod)", - "dsgId": "6", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup6.co.uk", - "netbiosName": "DSGROUP6", - "ipPrefix": "10.250.40", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_7_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_7_core_config.json deleted file mode 100644 index 7b5072ecf0..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_7_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group 7 (Prod)", - "dsgId": "7", - "shmId": "prod", - "tier": "2", - "domain": "dsgroup7.co.uk", - "netbiosName": "DSGROUP7", - "ipPrefix": "10.250.48", - "rdsAllowedSources": "193.60.220.253,193.60.220.240", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_8_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_8_core_config.json deleted file mode 100644 index 0350a33e13..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_8_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "DSG 8 Test", - "dsgId": "8", - "shmId": "testc", - "tier": "3", - "domain": "dsgroup8.co.uk", - "netbiosName": "DSGROUP8", - "ipPrefix": "10.250.56", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_9_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_9_core_config.json deleted file mode 100644 index 2da7243bd5..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_9_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "DSG 9 Test", - "dsgId": "9", - "shmId": "test", - "tier": "2", - "domain": "dsgroup9.co.uk", - "netbiosName": "DSGROUP9", - "ipPrefix": "10.250.64", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.1.2019082900" -} diff --git a/new_dsg_environment/dsg_configs/core/dsg_test_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_test_core_config.json deleted file mode 100644 index b1ed0e1857..0000000000 --- a/new_dsg_environment/dsg_configs/core/dsg_test_core_config.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "subscriptionName": "Data Study Group Testing", - "dsgId": "test", - "shmId": "test", - "tier": "2", - "domain": "dsgrouptest.co.uk", - "netbiosName": "DSGROUPTEST", - "ipPrefix": "10.250.248.", - "rdsAllowedSources": "Internet", - "computeVmImageType": "Ubuntu", - "computeVmImageVersion": "0.0.2019032100" -} diff --git a/new_dsg_environment/dsg_configs/core/shm_bris1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_bris1_core_config.json deleted file mode 100644 index d060134f64..0000000000 --- a/new_dsg_environment/dsg_configs/core/shm_bris1_core_config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "subscriptionName": "Bristol Safe Haven Management (Prod)", - "computeVmImageSubscriptionName": "Safe Haven VM Images", - "domain": "bristolsafehaven.uk", - "netbiosName": "BRISTOLSH", - "shId": "bris1", - "name": "JGI/Turing Safe Haven", - "organisation": { - "name": "University of Bristol", - "townCity": "Bristol", - "stateCountyRegion": "Bristol", - "countryCode": "GB" - }, - "location": "uksouth", - "ipPrefix": "10.251.0", - "dcVmName": "SHMDC1", - "dcHostname": "SHMDC1", - "dcRgName": "RG_DSG_DC", - "npsRgName": "RG_DSG_NPS", - "npsIpLastOctet": "248", - "npsVmName": "SHMNPS", - "vnetRgName": "RG_DSG_VNET", - "vnetName":"SHM_VNET1", - "artifactStorageAccount": "dsgbris1artifacts", - "keyVaultName": "dsg-management-bris1" -} diff --git a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json b/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json deleted file mode 100644 index e7a9aa8950..0000000000 --- a/new_dsg_environment/dsg_configs/core/shm_prod_core_config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "subscriptionName": "Safe Haven Management", - "computeVmImageSubscriptionName": "Safe Haven VM Images", - "domain": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "shId": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "ipPrefix": "10.251.0", - "dcVmName": "SHMDC1", - "dcHostname": "SHMDC1", - "dcRgName": "RG_SHM_VM_DC", - "npsIpLastOctet": "248", - "npsVmName": "SHMNPS", - "npsRgName": "RG_SHM_NPS", - "vnetRgName":"RG_SHM_VNET", - "vnetName":"SHM_VNET1", - "artifactStorageAccount": "turingsafehavenartifacts", - "keyVaultName": "turingsafehavensecrets" -} diff --git a/new_dsg_environment/dsg_configs/core/shm_test_core_config.json b/new_dsg_environment/dsg_configs/core/shm_test_core_config.json deleted file mode 100644 index 61030b47ef..0000000000 --- a/new_dsg_environment/dsg_configs/core/shm_test_core_config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "subscriptionName": "Safe Haven Management Testing", - "computeVmImageSubscriptionName": "Safe Haven VM Images", - "domain": "dsgroupdev.co.uk", - "netbiosName": "DSGROUPDEV", - "shId": "test", - "name": "Test Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "ipPrefix": "10.220.1", - "dcVmName": "DC", - "dcHostname": "MGMTDEVDC", - "dcRgName": "RG_DSG_DC", - "npsRgName": "RG_SH_MGMTNPS", - "npsIpLastOctet": "248", - "npsVmName": "MGMTNPS", - "vnetRgName": "RG_DSG_VNET", - "vnetName":"DSG_DSGROUPDEV_VNET1", - "artifactStorageAccount": "dsgxartifacts", - "keyVaultName": "dsg-management-test" -} diff --git a/new_dsg_environment/dsg_configs/core/shm_testb_core_config.json b/new_dsg_environment/dsg_configs/core/shm_testb_core_config.json deleted file mode 100644 index a9421cdc2e..0000000000 --- a/new_dsg_environment/dsg_configs/core/shm_testb_core_config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "subscriptionName": "SHM Test B", - "computeVmImageSubscriptionName": "SHM Test B", - "domain": "testb.dsgroupdev.co.uk", - "netbiosName": "TESTB", - "shId": "testb", - "name": "Test Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "ipPrefix": "10.251.0", - "dcVmName": "SHMDC1", - "dcHostname": "SHMDC1", - "dcRgName": "RG_SHM_VM_DC", - "npsIpLastOctet": "248", - "npsVmName": "SHMNPS", - "npsRgName": "RG_SHM_NPS", - "vnetRgName":"RG_SHM_VNET", - "vnetName":"SHM_VNET1", - "artifactStorageAccount": "dsgtestbartifacts", - "keyVaultName": "dsg-management-testb" -} diff --git a/new_dsg_environment/dsg_configs/core/shm_testc_core_config.json b/new_dsg_environment/dsg_configs/core/shm_testc_core_config.json deleted file mode 100644 index f723cf0026..0000000000 --- a/new_dsg_environment/dsg_configs/core/shm_testc_core_config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "subscriptionName": "SHM Test B", - "computeVmImageSubscriptionName": "Safe Haven VM Images", - "domain": "testc.dsgroupdev.co.uk", - "netbiosName": "TESTC", - "shId": "testc", - "name": "Test Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "ipPrefix": "10.251.0", - "dcVmName": "SHMDC1", - "dcHostname": "SHMDC1", - "dcRgName": "RG_DSG_DC", - "npsRgName": "RG_DSG_NPS", - "npsIpLastOctet": "248", - "npsVmName": "SHMNPS", - "vnetRgName": "RG_DSG_VNET", - "vnetName":"SHM_VNET1", - "artifactStorageAccount": "dsgtestcartifacts", - "keyVaultName":"dsg-management-testc" -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_10_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_10_full_config.json deleted file mode 100644 index ca5c0e8046..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_10_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 10 (Prod)", - "id": "10", - "shortName": "dsg10", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup10.co.uk", - "netbiosName": "DSGROUP10", - "dn": "DC=dsgroup10,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP10 Server Administrators", - "description": "SG DSGROUP10 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP10 Research Users", - "description": "SG DSGROUP10 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP10_VNET1", - "cidr": "10.250.72.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.72", - "cidr": "10.250.72.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.73", - "cidr": "10.250.73.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.74", - "cidr": "10.250.74.0/24" - }, - "gateway": { - "prefix": "10.250.79", - "cidr": "10.250.79.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg10artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG10DC", - "hostname": "DSG10DC", - "fqdn": "DSG10DC.dsgroup10.co.uk", - "ip": "10.250.72.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg10-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP10 Gitlab LDAP", - "samAccountName": "dsg10-gitlab-ldap", - "passwordSecretName": "dsg10-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP10 HackMD LDAP", - "samAccountName": "dsg10-hackmd-ldap", - "passwordSecretName": "dsg10-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP10 DSVM LDAP", - "samAccountName": "dsg10-dsvm-ldap", - "passwordSecretName": "dsg10-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP10 Test Researcher", - "samAccountName": "dsg10-test-res", - "passwordSecretName": "dsg10-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup10.co.uk", - "ip": "10.250.73.250", - "npsSecretName": "dsg10-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup10.co.uk", - "ip": "10.250.73.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup10.co.uk", - "ip": "10.250.73.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup10.co.uk", - "ip": "10.250.74.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup10.co.uk", - "ip": "10.250.74.151", - "rootPasswordSecretName": "dsg10-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup10.co.uk", - "ip": "10.250.74.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup10-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_11_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_11_full_config.json deleted file mode 100644 index 0c753ac816..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_11_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 11 (Prod)", - "id": "11", - "shortName": "dsg11", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup11.co.uk", - "netbiosName": "DSGROUP11", - "dn": "DC=dsgroup11,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP11 Server Administrators", - "description": "SG DSGROUP11 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP11 Research Users", - "description": "SG DSGROUP11 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP11_VNET1", - "cidr": "10.250.80.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.80", - "cidr": "10.250.80.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.81", - "cidr": "10.250.81.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.82", - "cidr": "10.250.82.0/24" - }, - "gateway": { - "prefix": "10.250.87", - "cidr": "10.250.87.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg11artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG11DC", - "hostname": "DSG11DC", - "fqdn": "DSG11DC.dsgroup11.co.uk", - "ip": "10.250.80.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg11-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP11 Gitlab LDAP", - "samAccountName": "dsg11-gitlab-ldap", - "passwordSecretName": "dsg11-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP11 HackMD LDAP", - "samAccountName": "dsg11-hackmd-ldap", - "passwordSecretName": "dsg11-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP11 DSVM LDAP", - "samAccountName": "dsg11-dsvm-ldap", - "passwordSecretName": "dsg11-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP11 Test Researcher", - "samAccountName": "dsg11-test-res", - "passwordSecretName": "dsg11-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup11.co.uk", - "ip": "10.250.81.250", - "npsSecretName": "dsg11-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup11.co.uk", - "ip": "10.250.81.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup11.co.uk", - "ip": "10.250.81.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup11.co.uk", - "ip": "10.250.82.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup11.co.uk", - "ip": "10.250.82.151", - "rootPasswordSecretName": "dsg11-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup11.co.uk", - "ip": "10.250.82.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup11-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_12_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_12_full_config.json deleted file mode 100644 index 36edf9ea0d..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_12_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 12 (Prod)", - "id": "12", - "shortName": "dsg12", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup12.co.uk", - "netbiosName": "DSGROUP12", - "dn": "DC=dsgroup12,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP12 Server Administrators", - "description": "SG DSGROUP12 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP12 Research Users", - "description": "SG DSGROUP12 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP12_VNET1", - "cidr": "10.250.88.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.88", - "cidr": "10.250.88.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.89", - "cidr": "10.250.89.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.90", - "cidr": "10.250.90.0/24" - }, - "gateway": { - "prefix": "10.250.95", - "cidr": "10.250.95.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg12artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG12DC", - "hostname": "DSG12DC", - "fqdn": "DSG12DC.dsgroup12.co.uk", - "ip": "10.250.88.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg12-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP12 Gitlab LDAP", - "samAccountName": "dsg12-gitlab-ldap", - "passwordSecretName": "dsg12-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP12 HackMD LDAP", - "samAccountName": "dsg12-hackmd-ldap", - "passwordSecretName": "dsg12-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP12 DSVM LDAP", - "samAccountName": "dsg12-dsvm-ldap", - "passwordSecretName": "dsg12-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP12 Test Researcher", - "samAccountName": "dsg12-test-res", - "passwordSecretName": "dsg12-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup12.co.uk", - "ip": "10.250.89.250", - "npsSecretName": "dsg12-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup12.co.uk", - "ip": "10.250.89.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup12.co.uk", - "ip": "10.250.89.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup12.co.uk", - "ip": "10.250.90.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup12.co.uk", - "ip": "10.250.90.151", - "rootPasswordSecretName": "dsg12-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup12.co.uk", - "ip": "10.250.90.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup12-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_13_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_13_full_config.json deleted file mode 100644 index c88c7b90a6..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_13_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 13 (Prod)", - "id": "13", - "shortName": "dsg13", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup13.co.uk", - "netbiosName": "DSGROUP13", - "dn": "DC=dsgroup13,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP13 Server Administrators", - "description": "SG DSGROUP13 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP13 Research Users", - "description": "SG DSGROUP13 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP13_VNET1", - "cidr": "10.250.96.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.96", - "cidr": "10.250.96.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.97", - "cidr": "10.250.97.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.98", - "cidr": "10.250.98.0/24" - }, - "gateway": { - "prefix": "10.250.103", - "cidr": "10.250.103.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg13artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG13DC", - "hostname": "DSG13DC", - "fqdn": "DSG13DC.dsgroup13.co.uk", - "ip": "10.250.96.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg13-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP13 Gitlab LDAP", - "samAccountName": "dsg13-gitlab-ldap", - "passwordSecretName": "dsg13-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP13 HackMD LDAP", - "samAccountName": "dsg13-hackmd-ldap", - "passwordSecretName": "dsg13-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP13 DSVM LDAP", - "samAccountName": "dsg13-dsvm-ldap", - "passwordSecretName": "dsg13-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP13 Test Researcher", - "samAccountName": "dsg13-test-res", - "passwordSecretName": "dsg13-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup13.co.uk", - "ip": "10.250.97.250", - "npsSecretName": "dsg13-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup13.co.uk", - "ip": "10.250.97.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup13.co.uk", - "ip": "10.250.97.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup13.co.uk", - "ip": "10.250.98.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup13.co.uk", - "ip": "10.250.98.151", - "rootPasswordSecretName": "dsg13-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup13.co.uk", - "ip": "10.250.98.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup13-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_14_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_14_full_config.json deleted file mode 100644 index a40ac77642..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_14_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 14 (Prod)", - "id": "14", - "shortName": "dsg14", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup14.co.uk", - "netbiosName": "DSGROUP14", - "dn": "DC=dsgroup14,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP14 Server Administrators", - "description": "SG DSGROUP14 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP14 Research Users", - "description": "SG DSGROUP14 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP14_VNET1", - "cidr": "10.250.104.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.104", - "cidr": "10.250.104.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.105", - "cidr": "10.250.105.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.106", - "cidr": "10.250.106.0/24" - }, - "gateway": { - "prefix": "10.250.111", - "cidr": "10.250.111.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg14artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG14DC", - "hostname": "DSG14DC", - "fqdn": "DSG14DC.dsgroup14.co.uk", - "ip": "10.250.104.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg14-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP14 Gitlab LDAP", - "samAccountName": "dsg14-gitlab-ldap", - "passwordSecretName": "dsg14-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP14 HackMD LDAP", - "samAccountName": "dsg14-hackmd-ldap", - "passwordSecretName": "dsg14-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP14 DSVM LDAP", - "samAccountName": "dsg14-dsvm-ldap", - "passwordSecretName": "dsg14-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP14 Test Researcher", - "samAccountName": "dsg14-test-res", - "passwordSecretName": "dsg14-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup14.co.uk", - "ip": "10.250.105.250", - "npsSecretName": "dsg14-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup14.co.uk", - "ip": "10.250.105.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup14.co.uk", - "ip": "10.250.105.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup14.co.uk", - "ip": "10.250.106.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup14.co.uk", - "ip": "10.250.106.151", - "rootPasswordSecretName": "dsg14-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup14.co.uk", - "ip": "10.250.106.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup14-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_15_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_15_full_config.json deleted file mode 100644 index 687f409dc6..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_15_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 15 (Prod)", - "id": "15", - "shortName": "dsg15", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup15.co.uk", - "netbiosName": "DSGROUP15", - "dn": "DC=dsgroup15,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP15 Server Administrators", - "description": "SG DSGROUP15 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP15 Research Users", - "description": "SG DSGROUP15 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP15_VNET1", - "cidr": "10.250.112.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.112", - "cidr": "10.250.112.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.113", - "cidr": "10.250.113.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.114", - "cidr": "10.250.114.0/24" - }, - "gateway": { - "prefix": "10.250.119", - "cidr": "10.250.119.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg15artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG15DC", - "hostname": "DSG15DC", - "fqdn": "DSG15DC.dsgroup15.co.uk", - "ip": "10.250.112.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg15-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP15 Gitlab LDAP", - "samAccountName": "dsg15-gitlab-ldap", - "passwordSecretName": "dsg15-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP15 HackMD LDAP", - "samAccountName": "dsg15-hackmd-ldap", - "passwordSecretName": "dsg15-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP15 DSVM LDAP", - "samAccountName": "dsg15-dsvm-ldap", - "passwordSecretName": "dsg15-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP15 Test Researcher", - "samAccountName": "dsg15-test-res", - "passwordSecretName": "dsg15-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup15.co.uk", - "ip": "10.250.113.250", - "npsSecretName": "dsg15-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup15.co.uk", - "ip": "10.250.113.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup15.co.uk", - "ip": "10.250.113.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup15.co.uk", - "ip": "10.250.114.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup15.co.uk", - "ip": "10.250.114.151", - "rootPasswordSecretName": "dsg15-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup15.co.uk", - "ip": "10.250.114.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup15-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_16_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_16_full_config.json deleted file mode 100644 index 32521aa967..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_16_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Bristol Safe Haven Management (Prod)", - "id": "bris1", - "name": "JGI/Turing Safe Haven", - "organisation": { - "name": "University of Bristol", - "townCity": "Bristol", - "stateCountyRegion": "Bristol", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "bristolsafehaven.uk", - "netbiosName": "BRISTOLSH", - "dn": "DC=bristolsafehaven,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=bristolsafehaven,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=bristolsafehaven,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=bristolsafehaven,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.bristolsafehaven.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.bristolsafehaven.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_DSG_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgbris1artifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-bris1", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Bristol DSGN 16 (Prod)", - "id": "16", - "shortName": "dsg16", - "location": "uksouth", - "tier": "0", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-bris1" - }, - "vnet": { - "name": null - }, - "cran": { - "ip": null - }, - "pypi": { - "ip": null - } - }, - "domain": { - "fqdn": "dsgroup16.co.uk", - "netbiosName": "DSGROUP16", - "dn": "DC=dsgroup16,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP16 Server Administrators", - "description": "SG DSGROUP16 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP16 Research Users", - "description": "SG DSGROUP16 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP16_VNET1", - "cidr": "10.250.120.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.120", - "cidr": "10.250.120.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.121", - "cidr": "10.250.121.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.122", - "cidr": "10.250.122.0/24" - }, - "gateway": { - "prefix": "10.250.127", - "cidr": "10.250.127.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg16artifacts" - } - }, - "keyVault": { - "name": "dsg-management-bris1" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG16DC", - "hostname": "DSG16DC", - "fqdn": "DSG16DC.dsgroup16.co.uk", - "ip": "10.250.120.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg16-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP16 Gitlab LDAP", - "samAccountName": "dsg16-gitlab-ldap", - "passwordSecretName": "dsg16-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP16 HackMD LDAP", - "samAccountName": "dsg16-hackmd-ldap", - "passwordSecretName": "dsg16-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP16 DSVM LDAP", - "samAccountName": "dsg16-dsvm-ldap", - "passwordSecretName": "dsg16-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP16 Test Researcher", - "samAccountName": "dsg16-test-res", - "passwordSecretName": "dsg16-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup16.co.uk", - "ip": "10.250.121.250", - "npsSecretName": "dsg16-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup16.co.uk", - "ip": "10.250.121.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup16.co.uk", - "ip": "10.250.121.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup16.co.uk", - "ip": "10.250.122.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup16.co.uk", - "ip": "10.250.122.151", - "rootPasswordSecretName": "dsg16-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup16.co.uk", - "ip": "10.250.122.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup16-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_17_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_17_full_config.json deleted file mode 100644 index 585407dfb3..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_17_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Bristol Safe Haven Management (Prod)", - "id": "bris1", - "name": "JGI/Turing Safe Haven", - "organisation": { - "name": "University of Bristol", - "townCity": "Bristol", - "stateCountyRegion": "Bristol", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "bristolsafehaven.uk", - "netbiosName": "BRISTOLSH", - "dn": "DC=bristolsafehaven,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=bristolsafehaven,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=bristolsafehaven,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=bristolsafehaven,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.bristolsafehaven.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.bristolsafehaven.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_DSG_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgbris1artifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-bris1", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Bristol DSGN 17 (Prod)", - "id": "17", - "shortName": "dsg17", - "location": "uksouth", - "tier": "1", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-bris1" - }, - "vnet": { - "name": null - }, - "cran": { - "ip": null - }, - "pypi": { - "ip": null - } - }, - "domain": { - "fqdn": "dsgroup17.co.uk", - "netbiosName": "DSGROUP17", - "dn": "DC=dsgroup17,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP17 Server Administrators", - "description": "SG DSGROUP17 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP17 Research Users", - "description": "SG DSGROUP17 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP17_VNET1", - "cidr": "10.250.128.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.128", - "cidr": "10.250.128.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.129", - "cidr": "10.250.129.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.130", - "cidr": "10.250.130.0/24" - }, - "gateway": { - "prefix": "10.250.135", - "cidr": "10.250.135.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg17artifacts" - } - }, - "keyVault": { - "name": "dsg-management-bris1" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG17DC", - "hostname": "DSG17DC", - "fqdn": "DSG17DC.dsgroup17.co.uk", - "ip": "10.250.128.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg17-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP17 Gitlab LDAP", - "samAccountName": "dsg17-gitlab-ldap", - "passwordSecretName": "dsg17-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP17 HackMD LDAP", - "samAccountName": "dsg17-hackmd-ldap", - "passwordSecretName": "dsg17-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP17 DSVM LDAP", - "samAccountName": "dsg17-dsvm-ldap", - "passwordSecretName": "dsg17-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP17 Test Researcher", - "samAccountName": "dsg17-test-res", - "passwordSecretName": "dsg17-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup17.co.uk", - "ip": "10.250.129.250", - "npsSecretName": "dsg17-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup17.co.uk", - "ip": "10.250.129.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup17.co.uk", - "ip": "10.250.129.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup17.co.uk", - "ip": "10.250.130.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup17.co.uk", - "ip": "10.250.130.151", - "rootPasswordSecretName": "dsg17-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup17.co.uk", - "ip": "10.250.130.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup17-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_18_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_18_full_config.json deleted file mode 100644 index 066b234902..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_18_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Bristol Safe Haven Management (Prod)", - "id": "bris1", - "name": "JGI/Turing Safe Haven", - "organisation": { - "name": "University of Bristol", - "townCity": "Bristol", - "stateCountyRegion": "Bristol", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "bristolsafehaven.uk", - "netbiosName": "BRISTOLSH", - "dn": "DC=bristolsafehaven,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=bristolsafehaven,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=bristolsafehaven,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=bristolsafehaven,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.bristolsafehaven.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.bristolsafehaven.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_DSG_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgbris1artifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-bris1", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Bristol DSGN 18 (Prod)", - "id": "18", - "shortName": "dsg18", - "location": "uksouth", - "tier": "0", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-bris1" - }, - "vnet": { - "name": null - }, - "cran": { - "ip": null - }, - "pypi": { - "ip": null - } - }, - "domain": { - "fqdn": "dsgroup18.co.uk", - "netbiosName": "DSGROUP18", - "dn": "DC=dsgroup18,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP18 Server Administrators", - "description": "SG DSGROUP18 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP18 Research Users", - "description": "SG DSGROUP18 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP18_VNET1", - "cidr": "10.250.136.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.136", - "cidr": "10.250.136.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.137", - "cidr": "10.250.137.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.138", - "cidr": "10.250.138.0/24" - }, - "gateway": { - "prefix": "10.250.143", - "cidr": "10.250.143.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg18artifacts" - } - }, - "keyVault": { - "name": "dsg-management-bris1" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG18DC", - "hostname": "DSG18DC", - "fqdn": "DSG18DC.dsgroup18.co.uk", - "ip": "10.250.136.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg18-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP18 Gitlab LDAP", - "samAccountName": "dsg18-gitlab-ldap", - "passwordSecretName": "dsg18-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP18 HackMD LDAP", - "samAccountName": "dsg18-hackmd-ldap", - "passwordSecretName": "dsg18-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP18 DSVM LDAP", - "samAccountName": "dsg18-dsvm-ldap", - "passwordSecretName": "dsg18-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP18 Test Researcher", - "samAccountName": "dsg18-test-res", - "passwordSecretName": "dsg18-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup18.co.uk", - "ip": "10.250.137.250", - "npsSecretName": "dsg18-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup18.co.uk", - "ip": "10.250.137.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup18.co.uk", - "ip": "10.250.137.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup18.co.uk", - "ip": "10.250.138.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup18.co.uk", - "ip": "10.250.138.151", - "rootPasswordSecretName": "dsg18-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup18.co.uk", - "ip": "10.250.138.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup18-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_19_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_19_full_config.json deleted file mode 100644 index f9058ff3d1..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_19_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Bristol Safe Haven Management (Prod)", - "id": "bris1", - "name": "JGI/Turing Safe Haven", - "organisation": { - "name": "University of Bristol", - "townCity": "Bristol", - "stateCountyRegion": "Bristol", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "bristolsafehaven.uk", - "netbiosName": "BRISTOLSH", - "dn": "DC=bristolsafehaven,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=bristolsafehaven,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=bristolsafehaven,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=bristolsafehaven,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.bristolsafehaven.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.bristolsafehaven.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_DSG_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgbris1artifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-bris1", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Bristol DSGN 19 (Prod)", - "id": "19", - "shortName": "dsg19", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-bris1" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup19.co.uk", - "netbiosName": "DSGROUP19", - "dn": "DC=dsgroup19,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP19 Server Administrators", - "description": "SG DSGROUP19 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP19 Research Users", - "description": "SG DSGROUP19 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP19_VNET1", - "cidr": "10.250.144.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.144", - "cidr": "10.250.144.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.145", - "cidr": "10.250.145.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.146", - "cidr": "10.250.146.0/24" - }, - "gateway": { - "prefix": "10.250.151", - "cidr": "10.250.151.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg19artifacts" - } - }, - "keyVault": { - "name": "dsg-management-bris1" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG19DC", - "hostname": "DSG19DC", - "fqdn": "DSG19DC.dsgroup19.co.uk", - "ip": "10.250.144.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg19-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP19 Gitlab LDAP", - "samAccountName": "dsg19-gitlab-ldap", - "passwordSecretName": "dsg19-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP19 HackMD LDAP", - "samAccountName": "dsg19-hackmd-ldap", - "passwordSecretName": "dsg19-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP19 DSVM LDAP", - "samAccountName": "dsg19-dsvm-ldap", - "passwordSecretName": "dsg19-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP19 Test Researcher", - "samAccountName": "dsg19-test-res", - "passwordSecretName": "dsg19-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup19.co.uk", - "ip": "10.250.145.250", - "npsSecretName": "dsg19-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup19.co.uk", - "ip": "10.250.145.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup19.co.uk", - "ip": "10.250.145.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "137.222.0.0/16,193.60.220.253,193.60.220.240,193.60.198.0/25" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup19.co.uk", - "ip": "10.250.146.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup19.co.uk", - "ip": "10.250.146.151", - "rootPasswordSecretName": "dsg19-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup19.co.uk", - "ip": "10.250.146.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup19-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_1_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_1_full_config.json deleted file mode 100644 index 5463370afd..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_1_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 1 (Prod)", - "id": "1", - "shortName": "dsg1", - "location": "uksouth", - "tier": "3", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER3" - }, - "cran": { - "ip": "10.20.3.21" - }, - "pypi": { - "ip": "10.20.3.20" - } - }, - "domain": { - "fqdn": "dsgroup1.co.uk", - "netbiosName": "DSGROUP1", - "dn": "DC=dsgroup1,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP1 Server Administrators", - "description": "SG DSGROUP1 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP1 Research Users", - "description": "SG DSGROUP1 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP1_VNET1", - "cidr": "10.250.0.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.0", - "cidr": "10.250.0.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.1", - "cidr": "10.250.1.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.2", - "cidr": "10.250.2.0/24" - }, - "gateway": { - "prefix": "10.250.7", - "cidr": "10.250.7.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg1artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG1DC", - "hostname": "DSG1DC", - "fqdn": "DSG1DC.dsgroup1.co.uk", - "ip": "10.250.0.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg1-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP1 Gitlab LDAP", - "samAccountName": "dsg1-gitlab-ldap", - "passwordSecretName": "dsg1-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP1 HackMD LDAP", - "samAccountName": "dsg1-hackmd-ldap", - "passwordSecretName": "dsg1-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP1 DSVM LDAP", - "samAccountName": "dsg1-dsvm-ldap", - "passwordSecretName": "dsg1-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP1 Test Researcher", - "samAccountName": "dsg1-test-res", - "passwordSecretName": "dsg1-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup1.co.uk", - "ip": "10.250.1.250", - "npsSecretName": "dsg1-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup1.co.uk", - "ip": "10.250.1.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup1.co.uk", - "ip": "10.250.1.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.240,137.205.213.46" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup1.co.uk", - "ip": "10.250.2.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup1.co.uk", - "ip": "10.250.2.151", - "rootPasswordSecretName": "dsg1-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup1.co.uk", - "ip": "10.250.2.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup1-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_20_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_20_full_config.json deleted file mode 100644 index c6fce12e11..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_20_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Bristol Safe Haven Management (Prod)", - "id": "bris1", - "name": "JGI/Turing Safe Haven", - "organisation": { - "name": "University of Bristol", - "townCity": "Bristol", - "stateCountyRegion": "Bristol", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "bristolsafehaven.uk", - "netbiosName": "BRISTOLSH", - "dn": "DC=bristolsafehaven,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=bristolsafehaven,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=bristolsafehaven,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=bristolsafehaven,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.bristolsafehaven.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.bristolsafehaven.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_DSG_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgbris1artifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-bris1", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Bristol DSGN 20 (Prod)", - "id": "20", - "shortName": "dsg20", - "location": "uksouth", - "tier": "1", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-bris1" - }, - "vnet": { - "name": null - }, - "cran": { - "ip": null - }, - "pypi": { - "ip": null - } - }, - "domain": { - "fqdn": "dsgroup20.co.uk", - "netbiosName": "DSGROUP20", - "dn": "DC=dsgroup20,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP20 Server Administrators", - "description": "SG DSGROUP20 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP20 Research Users", - "description": "SG DSGROUP20 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP20_VNET1", - "cidr": "10.250.152.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.152", - "cidr": "10.250.152.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.153", - "cidr": "10.250.153.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.154", - "cidr": "10.250.154.0/24" - }, - "gateway": { - "prefix": "10.250.159", - "cidr": "10.250.159.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg20artifacts" - } - }, - "keyVault": { - "name": "dsg-management-bris1" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG20DC", - "hostname": "DSG20DC", - "fqdn": "DSG20DC.dsgroup20.co.uk", - "ip": "10.250.152.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg20-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP20 Gitlab LDAP", - "samAccountName": "dsg20-gitlab-ldap", - "passwordSecretName": "dsg20-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP20 HackMD LDAP", - "samAccountName": "dsg20-hackmd-ldap", - "passwordSecretName": "dsg20-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP20 DSVM LDAP", - "samAccountName": "dsg20-dsvm-ldap", - "passwordSecretName": "dsg20-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP20 Test Researcher", - "samAccountName": "dsg20-test-res", - "passwordSecretName": "dsg20-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup20.co.uk", - "ip": "10.250.153.250", - "npsSecretName": "dsg20-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup20.co.uk", - "ip": "10.250.153.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup20.co.uk", - "ip": "10.250.153.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup20.co.uk", - "ip": "10.250.154.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup20.co.uk", - "ip": "10.250.154.151", - "rootPasswordSecretName": "dsg20-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup20.co.uk", - "ip": "10.250.154.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup20-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_21_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_21_full_config.json deleted file mode 100644 index d0652580ba..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_21_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Bristol Safe Haven Management (Prod)", - "id": "bris1", - "name": "JGI/Turing Safe Haven", - "organisation": { - "name": "University of Bristol", - "townCity": "Bristol", - "stateCountyRegion": "Bristol", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "bristolsafehaven.uk", - "netbiosName": "BRISTOLSH", - "dn": "DC=bristolsafehaven,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=bristolsafehaven,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=bristolsafehaven,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=bristolsafehaven,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.bristolsafehaven.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.bristolsafehaven.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_DSG_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgbris1artifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-bris1", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Bristol DSGN 21 (Prod)", - "id": "21", - "shortName": "dsg21", - "location": "uksouth", - "tier": "1", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-bris1" - }, - "vnet": { - "name": null - }, - "cran": { - "ip": null - }, - "pypi": { - "ip": null - } - }, - "domain": { - "fqdn": "dsgroup21.co.uk", - "netbiosName": "DSGROUP21", - "dn": "DC=dsgroup21,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP21 Server Administrators", - "description": "SG DSGROUP21 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP21 Research Users", - "description": "SG DSGROUP21 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP21_VNET1", - "cidr": "10.250.160.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.160", - "cidr": "10.250.160.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.161", - "cidr": "10.250.161.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.162", - "cidr": "10.250.162.0/24" - }, - "gateway": { - "prefix": "10.250.167", - "cidr": "10.250.167.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg21artifacts" - } - }, - "keyVault": { - "name": "dsg-management-bris1" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG21DC", - "hostname": "DSG21DC", - "fqdn": "DSG21DC.dsgroup21.co.uk", - "ip": "10.250.160.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg21-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP21 Gitlab LDAP", - "samAccountName": "dsg21-gitlab-ldap", - "passwordSecretName": "dsg21-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP21 HackMD LDAP", - "samAccountName": "dsg21-hackmd-ldap", - "passwordSecretName": "dsg21-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP21 DSVM LDAP", - "samAccountName": "dsg21-dsvm-ldap", - "passwordSecretName": "dsg21-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP21 Test Researcher", - "samAccountName": "dsg21-test-res", - "passwordSecretName": "dsg21-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup21.co.uk", - "ip": "10.250.161.250", - "npsSecretName": "dsg21-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup21.co.uk", - "ip": "10.250.161.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup21.co.uk", - "ip": "10.250.161.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup21.co.uk", - "ip": "10.250.162.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup21.co.uk", - "ip": "10.250.162.151", - "rootPasswordSecretName": "dsg21-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup21.co.uk", - "ip": "10.250.162.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup21-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_22_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_22_full_config.json deleted file mode 100644 index d6bbad1c40..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_22_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 22 (Prod)", - "id": "22", - "shortName": "dsg22", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup22.co.uk", - "netbiosName": "DSGROUP22", - "dn": "DC=dsgroup22,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP22 Server Administrators", - "description": "SG DSGROUP22 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP22 Research Users", - "description": "SG DSGROUP22 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP22_VNET1", - "cidr": "10.250.168.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.168", - "cidr": "10.250.168.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.169", - "cidr": "10.250.169.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.170", - "cidr": "10.250.170.0/24" - }, - "gateway": { - "prefix": "10.250.175", - "cidr": "10.250.175.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg22artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG22DC", - "hostname": "DSG22DC", - "fqdn": "DSG22DC.dsgroup22.co.uk", - "ip": "10.250.168.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg22-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP22 Gitlab LDAP", - "samAccountName": "dsg22-gitlab-ldap", - "passwordSecretName": "dsg22-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP22 HackMD LDAP", - "samAccountName": "dsg22-hackmd-ldap", - "passwordSecretName": "dsg22-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP22 DSVM LDAP", - "samAccountName": "dsg22-dsvm-ldap", - "passwordSecretName": "dsg22-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP22 Test Researcher", - "samAccountName": "dsg22-test-res", - "passwordSecretName": "dsg22-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup22.co.uk", - "ip": "10.250.169.250", - "npsSecretName": "dsg22-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup22.co.uk", - "ip": "10.250.169.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup22.co.uk", - "ip": "10.250.169.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup22.co.uk", - "ip": "10.250.170.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup22.co.uk", - "ip": "10.250.170.151", - "rootPasswordSecretName": "dsg22-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup22.co.uk", - "ip": "10.250.170.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup22-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_23_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_23_full_config.json deleted file mode 100644 index 78be18db5d..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_23_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 23 (Prod)", - "id": "23", - "shortName": "dsg23", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup23.co.uk", - "netbiosName": "DSGROUP23", - "dn": "DC=dsgroup23,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP23 Server Administrators", - "description": "SG DSGROUP23 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP23 Research Users", - "description": "SG DSGROUP23 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP23_VNET1", - "cidr": "10.250.176.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.176", - "cidr": "10.250.176.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.177", - "cidr": "10.250.177.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.178", - "cidr": "10.250.178.0/24" - }, - "gateway": { - "prefix": "10.250.183", - "cidr": "10.250.183.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg23artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG23DC", - "hostname": "DSG23DC", - "fqdn": "DSG23DC.dsgroup23.co.uk", - "ip": "10.250.176.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg23-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP23 Gitlab LDAP", - "samAccountName": "dsg23-gitlab-ldap", - "passwordSecretName": "dsg23-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP23 HackMD LDAP", - "samAccountName": "dsg23-hackmd-ldap", - "passwordSecretName": "dsg23-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP23 DSVM LDAP", - "samAccountName": "dsg23-dsvm-ldap", - "passwordSecretName": "dsg23-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP23 Test Researcher", - "samAccountName": "dsg23-test-res", - "passwordSecretName": "dsg23-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup23.co.uk", - "ip": "10.250.177.250", - "npsSecretName": "dsg23-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup23.co.uk", - "ip": "10.250.177.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup23.co.uk", - "ip": "10.250.177.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup23.co.uk", - "ip": "10.250.178.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup23.co.uk", - "ip": "10.250.178.151", - "rootPasswordSecretName": "dsg23-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup23.co.uk", - "ip": "10.250.178.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup23-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_24_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_24_full_config.json deleted file mode 100644 index a7e7fe14a9..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_24_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 24 (Prod)", - "id": "24", - "shortName": "dsg24", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup24.co.uk", - "netbiosName": "DSGROUP24", - "dn": "DC=dsgroup24,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP24 Server Administrators", - "description": "SG DSGROUP24 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP24 Research Users", - "description": "SG DSGROUP24 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP24_VNET1", - "cidr": "10.250.184.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.184", - "cidr": "10.250.184.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.185", - "cidr": "10.250.185.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.186", - "cidr": "10.250.186.0/24" - }, - "gateway": { - "prefix": "10.250.191", - "cidr": "10.250.191.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg24artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG24DC", - "hostname": "DSG24DC", - "fqdn": "DSG24DC.dsgroup24.co.uk", - "ip": "10.250.184.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg24-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP24 Gitlab LDAP", - "samAccountName": "dsg24-gitlab-ldap", - "passwordSecretName": "dsg24-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP24 HackMD LDAP", - "samAccountName": "dsg24-hackmd-ldap", - "passwordSecretName": "dsg24-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP24 DSVM LDAP", - "samAccountName": "dsg24-dsvm-ldap", - "passwordSecretName": "dsg24-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP24 Test Researcher", - "samAccountName": "dsg24-test-res", - "passwordSecretName": "dsg24-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup24.co.uk", - "ip": "10.250.185.250", - "npsSecretName": "dsg24-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup24.co.uk", - "ip": "10.250.185.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup24.co.uk", - "ip": "10.250.185.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup24.co.uk", - "ip": "10.250.186.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup24.co.uk", - "ip": "10.250.186.151", - "rootPasswordSecretName": "dsg24-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup24.co.uk", - "ip": "10.250.186.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup24-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_25_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_25_full_config.json deleted file mode 100644 index 12e2dfce0f..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_25_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 25 (Prod)", - "id": "25", - "shortName": "dsg25", - "location": "uksouth", - "tier": "3", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER3" - }, - "cran": { - "ip": "10.20.3.21" - }, - "pypi": { - "ip": "10.20.3.20" - } - }, - "domain": { - "fqdn": "dsgroup25.co.uk", - "netbiosName": "DSGROUP25", - "dn": "DC=dsgroup25,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP25 Server Administrators", - "description": "SG DSGROUP25 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP25 Research Users", - "description": "SG DSGROUP25 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP25_VNET1", - "cidr": "10.250.192.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.192", - "cidr": "10.250.192.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.193", - "cidr": "10.250.193.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.194", - "cidr": "10.250.194.0/24" - }, - "gateway": { - "prefix": "10.250.199", - "cidr": "10.250.199.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg25artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG25DC", - "hostname": "DSG25DC", - "fqdn": "DSG25DC.dsgroup25.co.uk", - "ip": "10.250.192.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg25-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP25 Gitlab LDAP", - "samAccountName": "dsg25-gitlab-ldap", - "passwordSecretName": "dsg25-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP25 HackMD LDAP", - "samAccountName": "dsg25-hackmd-ldap", - "passwordSecretName": "dsg25-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP25 DSVM LDAP", - "samAccountName": "dsg25-dsvm-ldap", - "passwordSecretName": "dsg25-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP25 Test Researcher", - "samAccountName": "dsg25-test-res", - "passwordSecretName": "dsg25-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup25.co.uk", - "ip": "10.250.193.250", - "npsSecretName": "dsg25-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup25.co.uk", - "ip": "10.250.193.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup25.co.uk", - "ip": "10.250.193.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup25.co.uk", - "ip": "10.250.194.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup25.co.uk", - "ip": "10.250.194.151", - "rootPasswordSecretName": "dsg25-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup25.co.uk", - "ip": "10.250.194.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup25-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_2_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_2_full_config.json deleted file mode 100644 index bb79cf4047..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_2_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 2 (Prod)", - "id": "2", - "shortName": "dsg2", - "location": "uksouth", - "tier": "3", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER3" - }, - "cran": { - "ip": "10.20.3.21" - }, - "pypi": { - "ip": "10.20.3.20" - } - }, - "domain": { - "fqdn": "dsgroup2.co.uk", - "netbiosName": "DSGROUP2", - "dn": "DC=dsgroup2,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP2 Server Administrators", - "description": "SG DSGROUP2 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP2 Research Users", - "description": "SG DSGROUP2 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP2_VNET1", - "cidr": "10.250.8.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.8", - "cidr": "10.250.8.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.9", - "cidr": "10.250.9.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.10", - "cidr": "10.250.10.0/24" - }, - "gateway": { - "prefix": "10.250.15", - "cidr": "10.250.15.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg2artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG2DC", - "hostname": "DSG2DC", - "fqdn": "DSG2DC.dsgroup2.co.uk", - "ip": "10.250.8.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg2-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP2 Gitlab LDAP", - "samAccountName": "dsg2-gitlab-ldap", - "passwordSecretName": "dsg2-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP2 HackMD LDAP", - "samAccountName": "dsg2-hackmd-ldap", - "passwordSecretName": "dsg2-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP2 DSVM LDAP", - "samAccountName": "dsg2-dsvm-ldap", - "passwordSecretName": "dsg2-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP2 Test Researcher", - "samAccountName": "dsg2-test-res", - "passwordSecretName": "dsg2-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup2.co.uk", - "ip": "10.250.9.250", - "npsSecretName": "dsg2-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup2.co.uk", - "ip": "10.250.9.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup2.co.uk", - "ip": "10.250.9.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.240,137.205.213.46,167.98.26.243" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup2.co.uk", - "ip": "10.250.10.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup2.co.uk", - "ip": "10.250.10.151", - "rootPasswordSecretName": "dsg2-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup2.co.uk", - "ip": "10.250.10.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup2-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_3_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_3_full_config.json deleted file mode 100644 index 5c139a168a..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_3_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 3 (Prod)", - "id": "3", - "shortName": "dsg3", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup3.co.uk", - "netbiosName": "DSGROUP3", - "dn": "DC=dsgroup3,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP3 Server Administrators", - "description": "SG DSGROUP3 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP3 Research Users", - "description": "SG DSGROUP3 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP3_VNET1", - "cidr": "10.250.16.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.16", - "cidr": "10.250.16.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.17", - "cidr": "10.250.17.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.18", - "cidr": "10.250.18.0/24" - }, - "gateway": { - "prefix": "10.250.23", - "cidr": "10.250.23.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg3artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG3DC", - "hostname": "DSG3DC", - "fqdn": "DSG3DC.dsgroup3.co.uk", - "ip": "10.250.16.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg3-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP3 Gitlab LDAP", - "samAccountName": "dsg3-gitlab-ldap", - "passwordSecretName": "dsg3-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP3 HackMD LDAP", - "samAccountName": "dsg3-hackmd-ldap", - "passwordSecretName": "dsg3-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP3 DSVM LDAP", - "samAccountName": "dsg3-dsvm-ldap", - "passwordSecretName": "dsg3-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP3 Test Researcher", - "samAccountName": "dsg3-test-res", - "passwordSecretName": "dsg3-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup3.co.uk", - "ip": "10.250.17.250", - "npsSecretName": "dsg3-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup3.co.uk", - "ip": "10.250.17.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup3.co.uk", - "ip": "10.250.17.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240,137.205.213.46,137.205.238.0/24,194.66.251.0/24,146.169.128.0/17,146.179.192.0/22,146.179.196.0/22,146.179.200.0/22,146.179.204.0/22" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup3.co.uk", - "ip": "10.250.18.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup3.co.uk", - "ip": "10.250.18.151", - "rootPasswordSecretName": "dsg3-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup3.co.uk", - "ip": "10.250.18.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup3-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_4_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_4_full_config.json deleted file mode 100644 index bd31b303ba..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_4_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 4 (Prod)", - "id": "4", - "shortName": "dsg4", - "location": "uksouth", - "tier": "1", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": null - }, - "cran": { - "ip": null - }, - "pypi": { - "ip": null - } - }, - "domain": { - "fqdn": "dsgroup4.co.uk", - "netbiosName": "DSGROUP4", - "dn": "DC=dsgroup4,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP4 Server Administrators", - "description": "SG DSGROUP4 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP4 Research Users", - "description": "SG DSGROUP4 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP4_VNET1", - "cidr": "10.250.24.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.24", - "cidr": "10.250.24.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.25", - "cidr": "10.250.25.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.26", - "cidr": "10.250.26.0/24" - }, - "gateway": { - "prefix": "10.250.31", - "cidr": "10.250.31.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg4artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG4DC", - "hostname": "DSG4DC", - "fqdn": "DSG4DC.dsgroup4.co.uk", - "ip": "10.250.24.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg4-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP4 Gitlab LDAP", - "samAccountName": "dsg4-gitlab-ldap", - "passwordSecretName": "dsg4-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP4 HackMD LDAP", - "samAccountName": "dsg4-hackmd-ldap", - "passwordSecretName": "dsg4-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP4 DSVM LDAP", - "samAccountName": "dsg4-dsvm-ldap", - "passwordSecretName": "dsg4-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP4 Test Researcher", - "samAccountName": "dsg4-test-res", - "passwordSecretName": "dsg4-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup4.co.uk", - "ip": "10.250.25.250", - "npsSecretName": "dsg4-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup4.co.uk", - "ip": "10.250.25.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup4.co.uk", - "ip": "10.250.25.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup4.co.uk", - "ip": "10.250.26.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup4.co.uk", - "ip": "10.250.26.151", - "rootPasswordSecretName": "dsg4-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup4.co.uk", - "ip": "10.250.26.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup4-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_5_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_5_full_config.json deleted file mode 100644 index 153189a3db..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_5_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 5 (Prod)", - "id": "5", - "shortName": "dsg5", - "location": "uksouth", - "tier": "0", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": null - }, - "cran": { - "ip": null - }, - "pypi": { - "ip": null - } - }, - "domain": { - "fqdn": "dsgroup5.co.uk", - "netbiosName": "DSGROUP5", - "dn": "DC=dsgroup5,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP5 Server Administrators", - "description": "SG DSGROUP5 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP5 Research Users", - "description": "SG DSGROUP5 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP5_VNET1", - "cidr": "10.250.32.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.32", - "cidr": "10.250.32.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.33", - "cidr": "10.250.33.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.34", - "cidr": "10.250.34.0/24" - }, - "gateway": { - "prefix": "10.250.39", - "cidr": "10.250.39.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg5artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG5DC", - "hostname": "DSG5DC", - "fqdn": "DSG5DC.dsgroup5.co.uk", - "ip": "10.250.32.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg5-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP5 Gitlab LDAP", - "samAccountName": "dsg5-gitlab-ldap", - "passwordSecretName": "dsg5-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP5 HackMD LDAP", - "samAccountName": "dsg5-hackmd-ldap", - "passwordSecretName": "dsg5-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP5 DSVM LDAP", - "samAccountName": "dsg5-dsvm-ldap", - "passwordSecretName": "dsg5-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP5 Test Researcher", - "samAccountName": "dsg5-test-res", - "passwordSecretName": "dsg5-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup5.co.uk", - "ip": "10.250.33.250", - "npsSecretName": "dsg5-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup5.co.uk", - "ip": "10.250.33.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup5.co.uk", - "ip": "10.250.33.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup5.co.uk", - "ip": "10.250.34.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup5.co.uk", - "ip": "10.250.34.151", - "rootPasswordSecretName": "dsg5-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup5.co.uk", - "ip": "10.250.34.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup5-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_6_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_6_full_config.json deleted file mode 100644 index 7bbbb14cf4..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_6_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 6 (Prod)", - "id": "6", - "shortName": "dsg6", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup6.co.uk", - "netbiosName": "DSGROUP6", - "dn": "DC=dsgroup6,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP6 Server Administrators", - "description": "SG DSGROUP6 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP6 Research Users", - "description": "SG DSGROUP6 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP6_VNET1", - "cidr": "10.250.40.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.40", - "cidr": "10.250.40.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.41", - "cidr": "10.250.41.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.42", - "cidr": "10.250.42.0/24" - }, - "gateway": { - "prefix": "10.250.47", - "cidr": "10.250.47.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg6artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG6DC", - "hostname": "DSG6DC", - "fqdn": "DSG6DC.dsgroup6.co.uk", - "ip": "10.250.40.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg6-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP6 Gitlab LDAP", - "samAccountName": "dsg6-gitlab-ldap", - "passwordSecretName": "dsg6-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP6 HackMD LDAP", - "samAccountName": "dsg6-hackmd-ldap", - "passwordSecretName": "dsg6-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP6 DSVM LDAP", - "samAccountName": "dsg6-dsvm-ldap", - "passwordSecretName": "dsg6-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP6 Test Researcher", - "samAccountName": "dsg6-test-res", - "passwordSecretName": "dsg6-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup6.co.uk", - "ip": "10.250.41.250", - "npsSecretName": "dsg6-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup6.co.uk", - "ip": "10.250.41.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup6.co.uk", - "ip": "10.250.41.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup6.co.uk", - "ip": "10.250.42.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup6.co.uk", - "ip": "10.250.42.151", - "rootPasswordSecretName": "dsg6-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup6.co.uk", - "ip": "10.250.42.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup6-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_7_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_7_full_config.json deleted file mode 100644 index 3b2d924837..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_7_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Managment", - "id": "prod", - "name": "Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "turingsafehaven.ac.uk", - "netbiosName": "TURINGSAFEHAVEN", - "dn": "DC=turingsafehaven,DC=ac,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_SHM_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_SHM_VM_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.turingsafehaven.ac.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.turingsafehaven.ac.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_SHM_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgartifactsprod" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-prod", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group 7 (Prod)", - "id": "7", - "shortName": "dsg7", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-prod" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup7.co.uk", - "netbiosName": "DSGROUP7", - "dn": "DC=dsgroup7,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP7 Server Administrators", - "description": "SG DSGROUP7 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP7 Research Users", - "description": "SG DSGROUP7 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP7_VNET1", - "cidr": "10.250.48.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.48", - "cidr": "10.250.48.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.49", - "cidr": "10.250.49.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.50", - "cidr": "10.250.50.0/24" - }, - "gateway": { - "prefix": "10.250.55", - "cidr": "10.250.55.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg7artifacts" - } - }, - "keyVault": { - "name": "dsg-management-prod" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG7DC", - "hostname": "DSG7DC", - "fqdn": "DSG7DC.dsgroup7.co.uk", - "ip": "10.250.48.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg7-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP7 Gitlab LDAP", - "samAccountName": "dsg7-gitlab-ldap", - "passwordSecretName": "dsg7-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP7 HackMD LDAP", - "samAccountName": "dsg7-hackmd-ldap", - "passwordSecretName": "dsg7-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP7 DSVM LDAP", - "samAccountName": "dsg7-dsvm-ldap", - "passwordSecretName": "dsg7-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP7 Test Researcher", - "samAccountName": "dsg7-test-res", - "passwordSecretName": "dsg7-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup7.co.uk", - "ip": "10.250.49.250", - "npsSecretName": "dsg7-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup7.co.uk", - "ip": "10.250.49.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup7.co.uk", - "ip": "10.250.49.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "193.60.220.253,193.60.220.240" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup7.co.uk", - "ip": "10.250.50.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup7.co.uk", - "ip": "10.250.50.151", - "rootPasswordSecretName": "dsg7-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup7.co.uk", - "ip": "10.250.50.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup7-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_8_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_8_full_config.json deleted file mode 100644 index f696b85a64..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_8_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "SHM Test B", - "id": "testc", - "name": "Test Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "testc.dsgroupdev.co.uk", - "netbiosName": "TESTC", - "dn": "DC=testc,DC=dsgroupdev,DC=co,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=testc,DC=dsgroupdev,DC=co,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=testc,DC=dsgroupdev,DC=co,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=testc,DC=dsgroupdev,DC=co,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "SHM_VNET1", - "cidr": "10.251.0.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.251.0", - "cidr": "10.251.0.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "SHMDC1", - "hostname": "SHMDC1", - "fqdn": "SHMDC1.testc.dsgroupdev.co.uk", - "ip": "10.251.0.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.testc.dsgroupdev.co.uk", - "ip": "10.251.0.249" - }, - "nps": { - "rg": "RG_DSG_NPS", - "vmName": "SHMNPS", - "ip": "10.251.0.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgtestcartifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-testc", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "DSG 8 Test", - "id": "8", - "shortName": "dsg8", - "location": "uksouth", - "tier": "3", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-testc" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER3" - }, - "cran": { - "ip": "10.20.3.21" - }, - "pypi": { - "ip": "10.20.3.20" - } - }, - "domain": { - "fqdn": "dsgroup8.co.uk", - "netbiosName": "DSGROUP8", - "dn": "DC=dsgroup8,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP8 Server Administrators", - "description": "SG DSGROUP8 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP8 Research Users", - "description": "SG DSGROUP8 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP8_VNET1", - "cidr": "10.250.56.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.56", - "cidr": "10.250.56.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.57", - "cidr": "10.250.57.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.58", - "cidr": "10.250.58.0/24" - }, - "gateway": { - "prefix": "10.250.63", - "cidr": "10.250.63.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg8artifacts" - } - }, - "keyVault": { - "name": "dsg-management-testc" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG8DC", - "hostname": "DSG8DC", - "fqdn": "DSG8DC.dsgroup8.co.uk", - "ip": "10.250.56.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg8-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP8 Gitlab LDAP", - "samAccountName": "dsg8-gitlab-ldap", - "passwordSecretName": "dsg8-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP8 HackMD LDAP", - "samAccountName": "dsg8-hackmd-ldap", - "passwordSecretName": "dsg8-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP8 DSVM LDAP", - "samAccountName": "dsg8-dsvm-ldap", - "passwordSecretName": "dsg8-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP8 Test Researcher", - "samAccountName": "dsg8-test-res", - "passwordSecretName": "dsg8-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup8.co.uk", - "ip": "10.250.57.250", - "npsSecretName": "dsg8-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup8.co.uk", - "ip": "10.250.57.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup8.co.uk", - "ip": "10.250.57.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup8.co.uk", - "ip": "10.250.58.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup8.co.uk", - "ip": "10.250.58.151", - "rootPasswordSecretName": "dsg8-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup8.co.uk", - "ip": "10.250.58.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup8-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_9_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_9_full_config.json deleted file mode 100644 index f8953c9132..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_9_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Management Testing", - "id": "test", - "name": "Test Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "dsgroupdev.co.uk", - "netbiosName": "DSGROUPDEV", - "dn": "DC=dsgroupdev,DC=co,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=dsgroupdev,DC=co,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=dsgroupdev,DC=co,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=dsgroupdev,DC=co,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUPDEV_VNET1", - "cidr": "10.220.1.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.220.1", - "cidr": "10.220.1.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DC", - "hostname": "MGMTDEVDC", - "fqdn": "MGMTDEVDC.dsgroupdev.co.uk", - "ip": "10.220.1.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.dsgroupdev.co.uk", - "ip": "10.220.1.249" - }, - "nps": { - "rg": "RG_SH_MGMTNPS", - "vmName": "MGMTNPS", - "ip": "10.220.1.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgxartifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-test", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "DSG 9 Test", - "id": "9", - "shortName": "dsg9", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-test" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgroup9.co.uk", - "netbiosName": "DSGROUP9", - "dn": "DC=dsgroup9,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUP9 Server Administrators", - "description": "SG DSGROUP9 Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUP9 Research Users", - "description": "SG DSGROUP9 Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP9_VNET1", - "cidr": "10.250.64.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.64", - "cidr": "10.250.64.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.65", - "cidr": "10.250.65.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.66", - "cidr": "10.250.66.0/24" - }, - "gateway": { - "prefix": "10.250.71", - "cidr": "10.250.71.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsg9artifacts" - } - }, - "keyVault": { - "name": "dsg-management-test" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSG9DC", - "hostname": "DSG9DC", - "fqdn": "DSG9DC.dsgroup9.co.uk", - "ip": "10.250.64.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsg9-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUP9 Gitlab LDAP", - "samAccountName": "dsg9-gitlab-ldap", - "passwordSecretName": "dsg9-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUP9 HackMD LDAP", - "samAccountName": "dsg9-hackmd-ldap", - "passwordSecretName": "dsg9-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUP9 DSVM LDAP", - "samAccountName": "dsg9-dsvm-ldap", - "passwordSecretName": "dsg9-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUP9 Test Researcher", - "samAccountName": "dsg9-test-res", - "passwordSecretName": "dsg9-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup9.co.uk", - "ip": "10.250.65.250", - "npsSecretName": "dsg9-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup9.co.uk", - "ip": "10.250.65.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup9.co.uk", - "ip": "10.250.65.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup9.co.uk", - "ip": "10.250.66.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup9.co.uk", - "ip": "10.250.66.151", - "rootPasswordSecretName": "dsg9-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup9.co.uk", - "ip": "10.250.66.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.1.2019082900", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup9-dsvm-admin-password" - } - } - } -} diff --git a/new_dsg_environment/dsg_configs/full/dsg_test_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_test_full_config.json deleted file mode 100644 index 88f6aa2a5b..0000000000 --- a/new_dsg_environment/dsg_configs/full/dsg_test_full_config.json +++ /dev/null @@ -1,261 +0,0 @@ -{ - "shm": { - "subscriptionName": "Safe Haven Management Testing", - "id": "test", - "name": "Test Safe Haven", - "organisation": { - "name": "The Alan Turing Institute", - "townCity": "London", - "stateCountyRegion": "London", - "countryCode": "GB" - }, - "location": "uksouth", - "domain": { - "fqdn": "dsgroupdev.co.uk", - "netbiosName": "DSGROUPDEV", - "dn": "DC=dsgroupdev,DC=co,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=dsgroupdev,DC=co,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=dsgroupdev,DC=co,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=dsgroupdev,DC=co,DC=uk", - "securityGroups": { - "dsvmLdapUsers": { - "name": "SG Data Science LDAP Users", - "description": "SG Data Science LDAP Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUPDEV_VNET1", - "cidr": "10.220.1.0/21" - }, - "subnets": { - "identity": { - "prefix": "10.220.1", - "cidr": "10.220.1.0/24" - } - } - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DC", - "hostname": "MGMTDEVDC", - "fqdn": "MGMTDEVDC.dsgroupdev.co.uk", - "ip": "10.220.1.250" - }, - "dcb": { - "vmName": "SHMDC2", - "hostname": "SHMDC2", - "fqdn": "SHMDC2.dsgroupdev.co.uk", - "ip": "10.220.1.249" - }, - "nps": { - "rg": "RG_SH_MGMTNPS", - "vmName": "MGMTNPS", - "ip": "10.220.1.248" - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgxartifacts" - } - }, - "keyVault": { - "rg": "RG_DSG_SECRETS", - "name": "dsg-management-test", - "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" - } - }, - "dns": { - "rg": "RG_SHM_DNS" - } - }, - "dsg": { - "subscriptionName": "Data Study Group Testing", - "id": "test", - "shortName": "dsgtest", - "location": "uksouth", - "tier": "2", - "mirrors": { - "rg": "RG_SHM_PKG_MIRRORS", - "keyVault": { - "name": "kv-shm-pkg-mirrors-test" - }, - "vnet": { - "name": "VNET_SHM_PKG_MIRRORS_TIER2" - }, - "cran": { - "ip": "10.20.2.21" - }, - "pypi": { - "ip": "10.20.2.20" - } - }, - "domain": { - "fqdn": "dsgrouptest.co.uk", - "netbiosName": "DSGROUPTEST", - "dn": "DC=dsgrouptest,DC=co,DC=uk", - "securityGroups": { - "serverAdmins": { - "name": "SG DSGROUPTEST Server Administrators", - "description": "SG DSGROUPTEST Server Administrators" - }, - "researchUsers": { - "name": "SG DSGROUPTEST Research Users", - "description": "SG DSGROUPTEST Research Users" - } - } - }, - "network": { - "vnet": { - "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUPTEST_VNET1", - "cidr": "10.250.248.0/21" - }, - "subnets": { - "identity": { - "name": "Subnet-Identity", - "prefix": "10.250.248", - "cidr": "10.250.248.0/24" - }, - "rds": { - "name": "Subnet-RDS", - "prefix": "10.250.249", - "cidr": "10.250.249.0/24" - }, - "data": { - "name": "Subnet-Data", - "prefix": "10.250.250", - "cidr": "10.250.250.0/24" - }, - "gateway": { - "prefix": "10.250.255", - "cidr": "10.250.255.0/27" - } - }, - "nsg": { - "data": { - "rg": "RG_DSG_LINUX", - "name": "NSG_Linux_Servers" - } - } - }, - "storage": { - "artifacts": { - "rg": "RG_DSG_ARTIFACTS", - "accountName": "dsgtestartifacts" - } - }, - "keyVault": { - "name": "dsg-management-test" - }, - "dc": { - "rg": "RG_DSG_DC", - "vmName": "DSGtestDC", - "hostname": "DSGtestDC", - "fqdn": "DSGtestDC.dsgrouptest.co.uk", - "ip": "10.250.248.250", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgtest-dc-admin-password" - } - }, - "users": { - "ldap": { - "gitlab": { - "name": "DSGROUPTEST Gitlab LDAP", - "samAccountName": "dsgtest-gitlab-ldap", - "passwordSecretName": "dsgtest-gitlab-ldap-password" - }, - "hackmd": { - "name": "DSGROUPTEST HackMD LDAP", - "samAccountName": "dsgtest-hackmd-ldap", - "passwordSecretName": "dsgtest-hackmd-ldap-password" - }, - "dsvm": { - "name": "DSGROUPTEST DSVM LDAP", - "samAccountName": "dsgtest-dsvm-ldap", - "passwordSecretName": "dsgtest-dsvm-ldap-password" - } - }, - "researchers": { - "test": { - "name": "DSGROUPTEST Test Researcher", - "samAccountName": "dsgtest-test-res", - "passwordSecretName": "dsgtest-test-res-password" - } - } - }, - "rds": { - "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgrouptest.co.uk", - "ip": "10.250.249.250", - "npsSecretName": "dsgtest-nps-secret" - }, - "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgrouptest.co.uk", - "ip": "10.250.249.249" - }, - "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgrouptest.co.uk", - "ip": "10.250.249.248" - }, - "rg": "RG_DSG_RDS", - "nsg": { - "gateway": { - "name": "NSG_RDS_Server", - "allowedSources": "Internet" - }, - "sessionHosts": { - "name": "NSG_SessionHosts" - } - } - }, - "dataserver": { - "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgrouptest.co.uk", - "ip": "10.250.250.250" - }, - "linux": { - "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgrouptest.co.uk", - "ip": "10.250.250.151", - "rootPasswordSecretName": "dsgtest-gitlab-root-password" - }, - "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgrouptest.co.uk", - "ip": "10.250.250.152" - }, - "rg": "RG_DSG_LINUX", - "nsg": "NSG_Linux_Servers" - }, - "dsvm": { - "rg": "RG_DSG_COMPUTE", - "vmImageSubscription": "Safe Haven VM Images", - "vmImageType": "Ubuntu", - "vmImageVersion": "0.0.2019032100", - "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgrouptest-dsvm-admin-password" - } - } - } -} From 84964bf6e0c75f258331de05c567000b7bcf259a Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Fri, 1 Nov 2019 22:23:03 +0000 Subject: [PATCH 014/107] Rename SRE subscription name in DSG100 core config --- new_dsg_environment/dsg_configs/core/dsg_100_core_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json index 90ee7b74e4..1cda1b948c 100644 --- a/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json +++ b/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json @@ -1,5 +1,5 @@ { - "subscriptionName": "Turing Sandbox Secure Research Environment", + "subscriptionName": "Turing SRE - Sandbox", "dsgId": "100", "shmId": "turing1", "tier": "2", From 412de1d12895e1c4140aaca6e06eab992271a770 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Fri, 1 Nov 2019 22:31:53 +0000 Subject: [PATCH 015/107] Update IP prefix in DSG100 core config --- new_dsg_environment/dsg_configs/core/dsg_100_core_config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json index 1cda1b948c..4e77577a07 100644 --- a/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json +++ b/new_dsg_environment/dsg_configs/core/dsg_100_core_config.json @@ -5,7 +5,7 @@ "tier": "2", "domain": "dsgroup100.co.uk", "netbiosName": "DSGROUP100", - "ipPrefix": "10.0.72", + "ipPrefix": "10.150.0", "rdsAllowedSources": "Internet", "computeVmImageType": "Ubuntu", "computeVmImageVersion": "0.1.2019082900" From 9e3333c967b594a8c9fcab8d68bf8c5ea47ee02c Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Fri, 1 Nov 2019 22:32:47 +0000 Subject: [PATCH 016/107] Update DSG100 full config --- .../dsg_configs/full/dsg_100_full_config.json | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json index df3836ab2d..b73d6a3749 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json @@ -77,7 +77,7 @@ } }, "dsg": { - "subscriptionName": "Turing Sandbox Secure Research Environment", + "subscriptionName": "Turing SRE - Sandbox", "id": "100", "shortName": "dsg100", "location": "uksouth", @@ -116,27 +116,27 @@ "vnet": { "rg": "RG_DSG_VNET", "name": "DSG_DSGROUP100_VNET1", - "cidr": "10.0.72.0/21" + "cidr": "10.150.0.0/21" }, "subnets": { "identity": { "name": "Subnet-Identity", - "prefix": "10.0.72", - "cidr": "10.0.72.0/24" + "prefix": "10.150.0", + "cidr": "10.150.0.0/24" }, "rds": { "name": "Subnet-RDS", - "prefix": "10.0.73", - "cidr": "10.0.73.0/24" + "prefix": "10.150.1", + "cidr": "10.150.1.0/24" }, "data": { "name": "Subnet-Data", - "prefix": "10.0.74", - "cidr": "10.0.74.0/24" + "prefix": "10.150.2", + "cidr": "10.150.2.0/24" }, "gateway": { - "prefix": "10.0.79", - "cidr": "10.0.79.0/27" + "prefix": "10.150.7", + "cidr": "10.150.7.0/27" } }, "nsg": { @@ -160,7 +160,7 @@ "vmName": "DSG100DC", "hostname": "DSG100DC", "fqdn": "DSG100DC.dsgroup100.co.uk", - "ip": "10.0.72.250", + "ip": "10.150.0.250", "admin": { "username": "atiadmin", "passwordSecretName": "dsg100-dc-admin-password" @@ -197,20 +197,20 @@ "vmName": "RDS", "hostname": "RDS", "fqdn": "RDS.dsgroup100.co.uk", - "ip": "10.0.73.250", + "ip": "10.150.1.250", "npsSecretName": "dsg100-nps-secret" }, "sessionHost1": { "vmName": "RDSSH1", "hostname": "RDSSH1", "fqdn": "RDSSH1.dsgroup100.co.uk", - "ip": "10.0.73.249" + "ip": "10.150.1.249" }, "sessionHost2": { "vmName": "RDSSH2", "hostname": "RDSSH2", "fqdn": "RDSSH2.dsgroup100.co.uk", - "ip": "10.0.73.248" + "ip": "10.150.1.248" }, "rg": "RG_DSG_RDS", "nsg": { @@ -228,21 +228,21 @@ "vmName": "DATASERVER", "hostname": "DATASERVER", "fqdn": "DATASERVER.dsgroup100.co.uk", - "ip": "10.0.74.250" + "ip": "10.150.2.250" }, "linux": { "gitlab": { "vmName": "GITLAB", "hostname": "GITLAB", "fqdn": "GITLAB.dsgroup100.co.uk", - "ip": "10.0.74.151", + "ip": "10.150.2.151", "rootPasswordSecretName": "dsg100-gitlab-root-password" }, "hackmd": { "vmName": "HACKMD", "hostname": "HACKMD", "fqdn": "HACKMD.dsgroup100.co.uk", - "ip": "10.0.74.152" + "ip": "10.150.2.152" }, "rg": "RG_DSG_LINUX", "nsg": "NSG_Linux_Servers" From 1a1696e6d4619030f56e39bd069b6e869e55dbba Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Fri, 1 Nov 2019 22:46:11 +0000 Subject: [PATCH 017/107] Add first new development SHM and SRE configs --- .../core/dsg_dev1_core_config.json | 12 + .../core/shm_dev1_core_config.json | 16 ++ .../full/dsg_dev1_full_config.json | 261 ++++++++++++++++++ 3 files changed, 289 insertions(+) create mode 100644 new_dsg_environment/dsg_configs/core/dsg_dev1_core_config.json create mode 100644 new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json create mode 100644 new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json diff --git a/new_dsg_environment/dsg_configs/core/dsg_dev1_core_config.json b/new_dsg_environment/dsg_configs/core/dsg_dev1_core_config.json new file mode 100644 index 0000000000..509eb91eb9 --- /dev/null +++ b/new_dsg_environment/dsg_configs/core/dsg_dev1_core_config.json @@ -0,0 +1,12 @@ +{ + "subscriptionName": "Development SRE1", + "dsgId": "dev1", + "shmId": "dev1", + "tier": "2", + "domain": "dsgroupdev1.co.uk", + "netbiosName": "DSGROUPDEV1", + "ipPrefix": "10.100.0", + "rdsAllowedSources": "Internet", + "computeVmImageType": "Ubuntu", + "computeVmImageVersion": "0.1.2019082900" +} diff --git a/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json new file mode 100644 index 0000000000..6ffad181a5 --- /dev/null +++ b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json @@ -0,0 +1,16 @@ +{ + "subscriptionName": "Development SHM1", + "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", + "domain": "safehavendev1.co.uk", + "netbiosName": "SAFEHAVENDEV1", + "shId": "dev1", + "name": "Development Safe Haven 1", + "organisation": { + "name": "The Alan Turing Institute", + "townCity": "London", + "stateCountyRegion": "London", + "countryCode": "GB" + }, + "location": "uksouth", + "ipPrefix": "10.0.0.0" +} diff --git a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json new file mode 100644 index 0000000000..31dc9b25d2 --- /dev/null +++ b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json @@ -0,0 +1,261 @@ +{ + "shm": { + "subscriptionName": "Development SHM1", + "id": "dev1", + "name": "Development Safe Haven 1", + "organisation": { + "name": "The Alan Turing Institute", + "townCity": "London", + "stateCountyRegion": "London", + "countryCode": "GB" + }, + "location": "uksouth", + "domain": { + "fqdn": "safehavendev1.co.uk", + "netbiosName": "SAFEHAVENDEV1", + "dn": "DC=safehavendev1,DC=co,DC=uk", + "serviceOuPath": "OU=Safe Haven Service Accounts,DC=safehavendev1,DC=co,DC=uk", + "userOuPath": "OU=Safe Haven Research Users,DC=safehavendev1,DC=co,DC=uk", + "securityOuPath": "OU=Safe Haven Security Groups,DC=safehavendev1,DC=co,DC=uk", + "securityGroups": { + "dsvmLdapUsers": { + "name": "SG Data Science LDAP Users", + "description": "SG Data Science LDAP Users" + } + } + }, + "network": { + "vnet": { + "rg": "RG_SHM_VNET", + "name": "dev1-VNET", + "cidr": "10.0.0.0/21" + }, + "subnets": { + "identity": { + "prefix": "10.0.0", + "cidr": "10.0.0.0/24" + } + } + }, + "dc": { + "rg": "RG_SHM_DC", + "vmName": "dev1-DC1", + "hostname": "dev1-DC1", + "fqdn": "dev1-DC1.safehavendev1.co.uk", + "ip": "10.0.0.250" + }, + "dcb": { + "vmName": "dev1-DC2", + "hostname": "dev1-DC2", + "fqdn": "dev1-DC2.safehavendev1.co.uk", + "ip": "10.0.0.249" + }, + "nps": { + "rg": "RG_SHM_NPS", + "vmName": "dev1-NPS", + "ip": "10.0.0.248" + }, + "storage": { + "artifacts": { + "rg": "RG_SHM_ARTIFACTS", + "accountName": "dev1artifacts" + } + }, + "keyVault": { + "rg": "RG_SHM_SECRETS", + "name": "dev1secrets", + "secretNames": { + "p2sRootCert": "sh-management-p2s-root-cert", + "dc": "sh-managment-dcadmin", + "safemode": "sh-managment-dcsafemode", + "adsync": "sh-managment-adsync", + "vpncertificate": "sh-managment-cert" + } + }, + "dns": { + "rg": "RG_SHM_DNS" + } + }, + "dsg": { + "subscriptionName": "Development SRE1", + "id": "dev1", + "shortName": "dsgdev1", + "location": "uksouth", + "tier": "2", + "mirrors": { + "rg": "RG_SHM_PKG_MIRRORS", + "keyVault": { + "name": "kv-shm-pkg-mirrors-dev1" + }, + "vnet": { + "name": "VNET_SHM_PKG_MIRRORS_TIER2" + }, + "cran": { + "ip": "10.20.2.21" + }, + "pypi": { + "ip": "10.20.2.20" + } + }, + "domain": { + "fqdn": "dsgroupdev1.co.uk", + "netbiosName": "DSGROUPDEV1", + "dn": "DC=dsgroupdev1,DC=co,DC=uk", + "securityGroups": { + "serverAdmins": { + "name": "SG DSGROUPDEV1 Server Administrators", + "description": "SG DSGROUPDEV1 Server Administrators" + }, + "researchUsers": { + "name": "SG DSGROUPDEV1 Research Users", + "description": "SG DSGROUPDEV1 Research Users" + } + } + }, + "network": { + "vnet": { + "rg": "RG_DSG_VNET", + "name": "DSG_DSGROUPDEV1_VNET1", + "cidr": "10.100.0.0/21" + }, + "subnets": { + "identity": { + "name": "Subnet-Identity", + "prefix": "10.100.0", + "cidr": "10.100.0.0/24" + }, + "rds": { + "name": "Subnet-RDS", + "prefix": "10.100.1", + "cidr": "10.100.1.0/24" + }, + "data": { + "name": "Subnet-Data", + "prefix": "10.100.2", + "cidr": "10.100.2.0/24" + }, + "gateway": { + "prefix": "10.100.7", + "cidr": "10.100.7.0/27" + } + }, + "nsg": { + "data": { + "rg": "RG_DSG_LINUX", + "name": "NSG_Linux_Servers" + } + } + }, + "storage": { + "artifacts": { + "rg": "RG_DSG_ARTIFACTS", + "accountName": "dsgdev1artifacts" + } + }, + "keyVault": { + "name": "dsg-management-dev1" + }, + "dc": { + "rg": "RG_DSG_DC", + "vmName": "DSGdev1DC", + "hostname": "DSGdev1DC", + "fqdn": "DSGdev1DC.dsgroupdev1.co.uk", + "ip": "10.100.0.250", + "admin": { + "username": "atiadmin", + "passwordSecretName": "dsgdev1-dc-admin-password" + } + }, + "users": { + "ldap": { + "gitlab": { + "name": "DSGROUPDEV1 Gitlab LDAP", + "samAccountName": "dsgdev1-gitlab-ldap", + "passwordSecretName": "dsgdev1-gitlab-ldap-password" + }, + "hackmd": { + "name": "DSGROUPDEV1 HackMD LDAP", + "samAccountName": "dsgdev1-hackmd-ldap", + "passwordSecretName": "dsgdev1-hackmd-ldap-password" + }, + "dsvm": { + "name": "DSGROUPDEV1 DSVM LDAP", + "samAccountName": "dsgdev1-dsvm-ldap", + "passwordSecretName": "dsgdev1-dsvm-ldap-password" + } + }, + "researchers": { + "test": { + "name": "DSGROUPDEV1 Test Researcher", + "samAccountName": "dsgdev1-test-res", + "passwordSecretName": "dsgdev1-test-res-password" + } + } + }, + "rds": { + "gateway": { + "vmName": "RDS", + "hostname": "RDS", + "fqdn": "RDS.dsgroupdev1.co.uk", + "ip": "10.100.1.250", + "npsSecretName": "dsgdev1-nps-secret" + }, + "sessionHost1": { + "vmName": "RDSSH1", + "hostname": "RDSSH1", + "fqdn": "RDSSH1.dsgroupdev1.co.uk", + "ip": "10.100.1.249" + }, + "sessionHost2": { + "vmName": "RDSSH2", + "hostname": "RDSSH2", + "fqdn": "RDSSH2.dsgroupdev1.co.uk", + "ip": "10.100.1.248" + }, + "rg": "RG_DSG_RDS", + "nsg": { + "gateway": { + "name": "NSG_RDS_Server", + "allowedSources": "Internet" + }, + "sessionHosts": { + "name": "NSG_SessionHosts" + } + } + }, + "dataserver": { + "rg": "RG_DSG_DATA", + "vmName": "DATASERVER", + "hostname": "DATASERVER", + "fqdn": "DATASERVER.dsgroupdev1.co.uk", + "ip": "10.100.2.250" + }, + "linux": { + "gitlab": { + "vmName": "GITLAB", + "hostname": "GITLAB", + "fqdn": "GITLAB.dsgroupdev1.co.uk", + "ip": "10.100.2.151", + "rootPasswordSecretName": "dsgdev1-gitlab-root-password" + }, + "hackmd": { + "vmName": "HACKMD", + "hostname": "HACKMD", + "fqdn": "HACKMD.dsgroupdev1.co.uk", + "ip": "10.100.2.152" + }, + "rg": "RG_DSG_LINUX", + "nsg": "NSG_Linux_Servers" + }, + "dsvm": { + "rg": "RG_DSG_COMPUTE", + "vmImageSubscription": "Turing Safe Haven VM Images", + "vmImageType": "Ubuntu", + "vmImageVersion": "0.1.2019082900", + "admin": { + "username": "atiadmin", + "passwordSecretName": "dsgroupdev1-dsvm-admin-password" + } + } + } +} From 8fad24a645932d99eb8ae8b3536a612962352bb8 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 4 Nov 2019 16:03:49 +0000 Subject: [PATCH 018/107] Fully parameterised SHM - VNET and DC --- existing_dsg_environment/Create_VNet.ps1 | 4 +- .../02_create_vnet/vnet-master-template.json | 8 +- .../dsg_deploy_scripts/DsgConfig.psm1 | 11 +++ .../Create_SafeHavenManagement_VNET.ps1 | 4 +- .../arm_templates/shmdc/shmdc-template.json | 87 ++++++++++--------- .../shmvnet/shmvnet-template.json | 87 +++++++++++-------- .../setup/setup_azure1.ps1 | 30 ++++++- 7 files changed, 146 insertions(+), 85 deletions(-) diff --git a/existing_dsg_environment/Create_VNet.ps1 b/existing_dsg_environment/Create_VNet.ps1 index f257b573c6..f17b772195 100644 --- a/existing_dsg_environment/Create_VNet.ps1 +++ b/existing_dsg_environment/Create_VNet.ps1 @@ -10,7 +10,7 @@ $region = "UK South" $subnetrds = "Subnet_RDS" # RDS subnet $subnetdata = "Subnet_Data" # Data subnet $subnetid = "Subnet_Identity" # Identity subnet -$subnetgw = "GatewaySubnet" # VPN gateway subnet +$subnetgw = "Subnet-Gateway" # VPN gateway subnet $vnetprefix = "0.0.0.0/0" # Address space $datasubprefix = "0.0.0.0/0" # Data subnet ip range $idsubprefix = "0.0.0.0/0" # identity subnet ip range @@ -54,7 +54,7 @@ write-Host -ForegroundColor Green "Done!" write-Host -ForegroundColor Cyan "Creating virtual network...." New-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -Location $region -AddressPrefix $vnetprefix -Subnet $rdssub, $datasub, $idsub, $gwsub $vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet +$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "Subnet-Gateway" -VirtualNetwork $vnet write-Host -ForegroundColor Green "Done!" #Create public IP address diff --git a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json index d7214f937f..90f25338ed 100644 --- a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json +++ b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json @@ -93,7 +93,7 @@ "id": "[resourceId('Microsoft.Network/publicIPAddresses', 'DSG_VNET1_GW_PIP')]" }, "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'GatewaySubnet')]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'Subnet-Gateway')]" } } } @@ -131,7 +131,7 @@ }, "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses', 'DSG_VNET1_GW_PIP')]", - "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'GatewaySubnet')]" + "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'Subnet-Gateway')]" ] }, { @@ -178,7 +178,7 @@ } }, { - "name": "GatewaySubnet", + "name": "Subnet-Gateway", "properties": { "addressPrefix": "[parameters('Subnet-Gateway Address Prefix')]", "serviceEndpoints": [], @@ -235,7 +235,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat(parameters('Virtual Network Name'), '/', 'GatewaySubnet')]", + "name": "[concat(parameters('Virtual Network Name'), '/', 'Subnet-Gateway')]", "apiVersion": "2018-10-01", "scale": null, "properties": { diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index ae75477878..44ebf7a003 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -62,7 +62,18 @@ function Get-ShmFullConfig{ $shm.network.vnet.cidr = $shmBasePrefix + "." + $shmThirdOctet + ".0/21" $shm.network.subnets.identity = [ordered]@{} $shm.network.subnets.identity.prefix = $shmBasePrefix + "." + $shmThirdOctet + $shm.network.subnets.identity.name = "Subnet-Identity" $shm.network.subnets.identity.cidr = $shm.network.subnets.identity.prefix + ".0/24" + + $shm.network.subnets.web = [ordered]@{} + $shm.network.subnets.web.prefix = $shmBasePrefix + "." + ([int] $shmThirdOctet + 1) + $shm.network.subnets.web.name = "Subnet-Web" + $shm.network.subnets.web.cidr = $shm.network.subnets.web.prefix + ".0/24" + + $shm.network.subnets.gateway = [ordered]@{} + $shm.network.subnets.gateway.prefix = $shmBasePrefix + "." + ([int] $shmThirdOctet + 7) + $shm.network.subnets.gateway.name = "Subnet-Gateway" + $shm.network.subnets.gateway.cidr = $shm.network.subnets.gateway.prefix + ".0/24" # --- Domain controller config --- $shm.dc = [ordered]@{} diff --git a/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 b/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 index a2702ce02c..e79e02703f 100644 --- a/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 +++ b/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 @@ -6,7 +6,7 @@ $rg = "RG_SHM_VNET" $region = "UK South" $subnetid = "Subnet-Identity" $subnetweb = "Subnet-Web" -$subnetgw = "GatewaySubnet" +$subnetgw = "Subnet-Gateway" $vnetprefix = "10.251.0.0/21" $idsubprefix = "10.251.0.0/24" @@ -49,7 +49,7 @@ write-Host -ForegroundColor Green "Done!" write-Host -ForegroundColor Cyan "Creating virtual network...." New-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -Location $region -AddressPrefix $vnetprefix -Subnet $idsub, $websub, $gwsub $vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet +$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "Subnet-Gateway" -VirtualNetwork $vnet write-Host -ForegroundColor Green "Done!" #Create public IP address diff --git a/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json b/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json index b20efab520..ebb321a66c 100644 --- a/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json +++ b/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json @@ -2,13 +2,8 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { - "VM Size": { + "VM_Size": { "type": "string", - "defaultValue": "Standard_DS2_v2", - "allowedValues": [ - "Standard_F4s_v2", - "Standard_DS2_v2" - ], "metadata": { "description": "Select size of VM" } @@ -31,9 +26,8 @@ "description": "Enter SafeMode_Password" } }, - "Virtual Network Name": { + "Virtual_Network_Name": { "type": "string", - "defaultValue": "SHM_VNET1", "metadata": { "description": "Enter name of virtual network to provision these VMs" } @@ -44,9 +38,8 @@ "description": "Enter name of resource group that is assoicated with the virtual network above" } }, - "Virtual Network Subnet": { + "Virtual_Network_Subnet": { "type": "string", - "defaultValue": "Subnet-Identity", "metadata": { "description": "Enter name of subnet where you want to provision this VM" } @@ -74,19 +67,33 @@ "metadata": { "Description": "Enter the correct NetBIOS name" } + }, + "DC1_VM_Name":{ + "type": "string" + }, + "DC2_VM_Name":{ + "type": "string" + }, + "DC1_Host_Name":{ + "type": "string" + }, + "DC2_Host_Name":{ + "type": "string" + }, + "DC1_IP_Address":{ + "type": "string" + }, + "DC2_IP_Address":{ + "type": "string" } }, "variables": { - "dc1name": "SHMDC1", - "dc2name": "SHMDC2", - "dc1nic": "[concat(variables('dc1name'),'_','NIC1')]", - "dc2nic": "[concat(variables('dc2name'),'_','NIC1')]", - "dc1ipaddress": "10.251.0.250", - "dc2ipaddress": "10.251.0.249", + "dc1nic": "[concat(variables('DC1_VM_Name'),'_','NIC1')]", + "dc2nic": "[concat(variables('DC2_VM_Name'),'_','NIC1')]", "avsetname": "AVSET_SHM_VM_DC", "diagStorageAccountName": "[concat('diags',uniqueString(resourceGroup().id))]", - "vnetID": "[resourceId(parameters('Virtual_Network_Resource_Group'), 'Microsoft.Network/virtualNetworks', parameters('Virtual Network Name'))]", - "subnet": "[concat(variables('vnetID'),'/subnets/', parameters('Virtual Network Subnet'))]" + "vnetID": "[resourceId(parameters('Virtual_Network_Resource_Group'), 'Microsoft.Network/virtualNetworks', parameters('Virtual_Network_Name'))]", + "subnet": "[concat(variables('vnetID'),'/subnets/', parameters('Virtual_Network_Subnet'))]" }, "resources": [ { @@ -105,7 +112,7 @@ }, { "type": "Microsoft.Compute/virtualMachines", - "name": "[variables('dc1name')]", + "name": "[variables('DC1_VM_Name')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -114,7 +121,7 @@ "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('avsetname'))]" }, "hardwareProfile": { - "vmSize": "[parameters('VM Size')]" + "vmSize": "[parameters('VM_Size')]" }, "storageProfile": { "imageReference": { @@ -125,7 +132,7 @@ }, "osDisk": { "osType": "Windows", - "name": "[concat(variables('dc1name'),'_OS_Disk')]", + "name": "[concat(variables('DC1_VM_Name'),'_OS_Disk')]", "createOption": "FromImage", "caching": "ReadWrite", "writeAcceleratorEnabled": false, @@ -137,7 +144,7 @@ "dataDisks": [ { "lun": 0, - "name": "[concat(variables('dc1name'),'_Data_Disk1')]", + "name": "[concat(variables('DC1_VM_Name'),'_Data_Disk1')]", "createOption": "Empty", "caching": "None", "writeAcceleratorEnabled": false, @@ -149,7 +156,7 @@ ] }, "osProfile": { - "computerName": "[variables('dc1name')]", + "computerName": "[variables('DC1_Host_Name')]", "adminUsername": "[parameters('Administrator_User')]", "adminPassword": "[parameters('Administrator_Password')]", "windowsConfiguration": { @@ -183,11 +190,11 @@ "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('dc1name'), '/CreateADForest')]", + "name": "[concat(variables('DC1_VM_Name'), '/CreateADForest')]", "apiVersion": "2019-03-01", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('dc1name'))]" + "[resourceId('Microsoft.Compute/virtualMachines', variables('DC1_VM_Name'))]" ], "properties": { "publisher": "Microsoft.Powershell", @@ -234,7 +241,7 @@ { "name": "ipconfig1", "properties": { - "privateIPAddress": "[variables('dc1ipaddress')]", + "privateIPAddress": "[variables('DC1_IP_Address')]", "privateIPAllocationMethod": "Static", "subnet": { "id": "[variables('subnet')]" @@ -257,7 +264,7 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('dc1name'), '/', 'bginfo')]", + "name": "[concat(variables('DC1_VM_Name'), '/', 'bginfo')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -268,12 +275,12 @@ "typeHandlerVersion": "2.1" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('dc1name'))]" + "[resourceId('Microsoft.Compute/virtualMachines', variables('DC1_VM_Name'))]" ] }, { "type": "Microsoft.Compute/virtualMachines", - "name": "[variables('dc2name')]", + "name": "[variables('DC2_VM_Name')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -282,7 +289,7 @@ "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('avsetname'))]" }, "hardwareProfile": { - "vmSize": "[parameters('VM Size')]" + "vmSize": "[parameters('VM_Size')]" }, "storageProfile": { "imageReference": { @@ -293,7 +300,7 @@ }, "osDisk": { "osType": "Windows", - "name": "[concat(variables('dc2name'),'_OS_Disk')]", + "name": "[concat(variables('DC2_VM_Name'),'_OS_Disk')]", "createOption": "FromImage", "caching": "ReadWrite", "writeAcceleratorEnabled": false, @@ -305,7 +312,7 @@ "dataDisks": [ { "lun": 0, - "name": "[concat(variables('dc2name'),'_Data_Disk1')]", + "name": "[concat(variables('DC2_VM_Name'),'_Data_Disk1')]", "createOption": "Empty", "caching": "None", "writeAcceleratorEnabled": false, @@ -317,7 +324,7 @@ ] }, "osProfile": { - "computerName": "[variables('dc2name')]", + "computerName": "[variables('DC2_Host_Name')]", "adminUsername": "[parameters('Administrator_User')]", "adminPassword": "[parameters('Administrator_Password')]", "windowsConfiguration": { @@ -351,12 +358,12 @@ "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('dc2name'), '/CreateADBDC')]", + "name": "[concat(variables('DC2_VM_Name'), '/CreateADBDC')]", "apiVersion": "2019-03-01", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('dc2name'))]", - "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('dc1name'), 'CreateADForest')]" + "[resourceId('Microsoft.Compute/virtualMachines', variables('DC2_VM_Name'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('DC1_VM_Name'), 'CreateADForest')]" ], "properties": { "publisher": "Microsoft.Powershell", @@ -372,7 +379,7 @@ }, "configurationArguments": { "DomainName": "[parameters('Domain_Name')]", - "DNSServer": "[variables('dc1ipaddress')]" + "DNSServer": "[variables('DC1_IP_Address')]" } }, "protectedSettings": { @@ -403,7 +410,7 @@ { "name": "ipconfig1", "properties": { - "privateIPAddress": "[variables('dc2ipaddress')]", + "privateIPAddress": "[variables('DC2_IP_Address')]", "privateIPAllocationMethod": "Static", "subnet": { "id": "[variables('subnet')]" @@ -426,7 +433,7 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('dc2name'), '/', 'bginfo')]", + "name": "[concat(variables('DC2_VM_Name'), '/', 'bginfo')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -437,7 +444,7 @@ "typeHandlerVersion": "2.1" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('dc2name'))]" + "[resourceId('Microsoft.Compute/virtualMachines', variables('DC2_VM_Name'))]" ] }, { diff --git a/safe_haven_management_environment/arm_templates/shmvnet/shmvnet-template.json b/safe_haven_management_environment/arm_templates/shmvnet/shmvnet-template.json index 521c85d598..401b307fb6 100644 --- a/safe_haven_management_environment/arm_templates/shmvnet/shmvnet-template.json +++ b/safe_haven_management_environment/arm_templates/shmvnet/shmvnet-template.json @@ -3,23 +3,42 @@ "contentVersion": "1.0.0.0", "parameters": { "Virtual_Network_Name": { - "defaultValue": "SHM_VNET1", "type": "string" + }, - "P2S_VPN_Certifciate": { - "type": "string", - "metadata": { - "description": "Paste certificate into dialogue box" - } + "P2S_VPN_Certificate": { + "type": "string" + }, + "VNET_CIDR": { + "type": "string" + }, + "Subnet_Identity_Name": { + "type": "string" + }, + "Subnet_Identity_CIDR": { + "type": "string" + }, + "Subnet_Web_Name": { + "type": "string" + }, + "Subnet_Web_CIDR": { + "type": "string" + }, + "Subnet_Gateway_Name": { + "type": "string" + }, + "Subnet_Gateway_CIDR": { + "type": "string" + }, + "VNET_DNS1": { + "type": "string" + }, + "VNET_DNS2": { + "type": "string" } + }, "variables": { - "vnetaddressspace": "10.251.0.0/21", - "vnetdns1": "10.251.0.250", - "vnetdns2": "10.251.0.249", - "subnetidentity": "10.251.0.0/24", - "subnetweb": "10.251.1.0/24", - "subnetgateway": "10.251.7.0/24" }, "resources": [ { @@ -476,7 +495,7 @@ "name": "Basic", "tier": "Regional" }, - "name": "SHM_VNET1_GW_PIP", + "name": "[concat(parameters('Virtual_Network_Name'),'_GW_PIP')]", "apiVersion": "2018-10-01", "location": "[resourceGroup().location]", "scale": null, @@ -490,7 +509,7 @@ }, { "type": "Microsoft.Network/virtualNetworkGateways", - "name": "SHM_VNET1_GW", + "name": "[concat(parameters('Virtual_Network_Name'),'_GW')]", "apiVersion": "2018-10-01", "location": "[resourceGroup().location]", "scale": null, @@ -501,10 +520,10 @@ "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', 'SHM_VNET1_GW_PIP')]" + "id": "[resourceId('Microsoft.Network/publicIPAddresses', concat(parameters('Virtual_Network_Name'),'_GW_PIP'))]" }, "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual_Network_Name'), 'GatewaySubnet')]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual_Network_Name'), parameters('Subnet_Gateway_Name'))]" } } } @@ -532,7 +551,7 @@ { "name": "SafeHavenManagementP2SRootCert", "properties": { - "publicCertData": "[parameters('P2S_VPN_Certifciate')]" + "publicCertData": "[parameters('P2S_VPN_Certificate')]" } } ], @@ -543,8 +562,8 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', 'SHM_VNET1_GW_PIP')]", - "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual_Network_Name'), 'GatewaySubnet')]" + "[resourceId('Microsoft.Network/publicIPAddresses', concat(parameters('Virtual_Network_Name'),'_GW_PIP'))]", + "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual_Network_Name'), parameters('Subnet_Gateway_Name'))]" ] }, { @@ -556,37 +575,37 @@ "properties": { "addressSpace": { "addressPrefixes": [ - "[variables('vnetaddressspace')]" + "[parameters('VNET_CIDR')]" ] }, "dhcpOptions": { "dnsServers": [ - "[variables('vnetdns1')]", - "[variables('vnetdns2')]", + "[parameters('VNET_DNS1')]", + "[parameters('VNET_DNS2')]", "8.8.8.8" ] }, "subnets": [ { - "name": "Subnet-Web", + "name": "[parameters('Subnet_Web_Name')]", "properties": { - "addressPrefix": "[variables('subnetweb')]", + "addressPrefix": "[parameters('Subnet_Web_CIDR')]", "serviceEndpoints": [], "delegations": [] } }, { - "name": "GatewaySubnet", + "name": "[parameters('Subnet_Gateway_Name')]", "properties": { - "addressPrefix": "[variables('subnetgateway')]", + "addressPrefix": "[parameters('Subnet_Gateway_CIDR')]", "serviceEndpoints": [], "delegations": [] } }, { - "name": "Subnet-Identity", + "name": "[parameters('Subnet_Identity_Name')]", "properties": { - "addressPrefix": "[variables('subnetidentity')]", + "addressPrefix": "[parameters('Subnet_Identity_CIDR')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'NSG_SHM_SUBNET_IDENTITY')]" }, @@ -604,11 +623,11 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat('SHM_VNET1', '/', 'Subnet-Web')]", + "name": "[concat(parameters('Virtual_Network_Name'), '/', parameters('Subnet_Web_Name'))]", "apiVersion": "2018-10-01", "scale": null, "properties": { - "addressPrefix": "[variables('subnetweb')]", + "addressPrefix": "[parameters('Subnet_Web_CIDR')]", "serviceEndpoints": [], "delegations": [] }, @@ -618,11 +637,11 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat('SHM_VNET1', '/', 'GatewaySubnet')]", + "name": "[concat(parameters('Virtual_Network_Name'), '/', parameters('Subnet_Gateway_Name'))]", "apiVersion": "2018-10-01", "scale": null, "properties": { - "addressPrefix": "[variables('subnetgateway')]", + "addressPrefix": "[parameters('Subnet_Gateway_CIDR')]", "serviceEndpoints": [], "delegations": [] }, @@ -632,11 +651,11 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat('SHM_VNET1', '/', 'Subnet-Identity')]", + "name": "[concat(parameters('Virtual_Network_Name'), '/', parameters('Subnet_Identity_Name'))]", "apiVersion": "2018-10-01", "scale": null, "properties": { - "addressPrefix": "[variables('subnetidentity')]", + "addressPrefix": "[parameters('Subnet_Identity_CIDR')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'NSG_SHM_SUBNET_IDENTITY')]" }, diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 58d5a50944..a794e52ad9 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -15,6 +15,8 @@ $config = Get-ShmFullConfig($shmId) $prevContext = Get-AzContext Set-AzContext -SubscriptionId $config.subscriptionName; +# Set VM Default Size +$vmSize = "Standard_DS2_v2" # Fetch DC root user password (or create if not present) $DCRootPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dc).SecretValueText; if ($null -eq $DCRootPassword) { @@ -105,11 +107,23 @@ $cert = $(Get-Content -Path "../scripts/local/out/certs/caCert.pem") | Select-Ob $cert = [string]$cert $cert = $cert.replace(" ", "") +$vnetCreateParams = @{ + "Virtual_Network_Name" = $config.network.vnet.name + "P2S_VPN_Certificate" = $cert + "VNET_CIDR" = $config.network.vnet.cidr + "Subnet_Identity_Name" = $config.network.subnets.identity.name + "Subnet_Identity_CIDR" = $config.network.subnets.identity.cidr + "Subnet_Web_Name" = $config.network.subnets.web.name + "Subnet_Web_CIDR" = $config.network.subnets.web.cidr + "Subnet_Gateway_Name" = $config.network.subnets.gateway.name + "Subnet_Gateway_CIDR" = $config.network.subnets.gateway.cidr + "VNET_DNS1" = $config.dc.ip + "VNET_DNS2" = $config.dcb.ip +} New-AzResourceGroup -Name $config.network.vnet.rg -Location $config.location New-AzResourceGroupDeployment -resourcegroupname $config.network.vnet.rg ` -templatefile "../arm_templates/shmvnet/shmvnet-template.json" ` - -P2S_VPN_Certifciate $cert ` - -Virtual_Network_Name "SHM_VNET1"; + @vnetCreateParams -Verbose; # Deploy the shmdc-template $netbiosNameMaxLength = 15 @@ -126,7 +140,17 @@ New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg` -Artifacts_Location $artifactLocation ` -Artifacts_Location_SAS_Token (ConvertTo-SecureString $artifactSasToken -AsPlainText -Force)` -Domain_Name $config.domain.fqdn ` - -Domain_Name_NetBIOS_Name $config.domain.netbiosName; + -Domain_Name_NetBIOS_Name $config.domain.netbiosName ` + -VM_Size $vmSize ` + -Virtual_Network_Name $config.network.vnet.name ` + -Virtual_Network_Subnet $config.network.subnets.identity.name ` + -DC1_VM_Name $config.dc.vmName ` + -DC2_VM_Name $config.dcb.vmName ` + -DC1_Host_Name $config.dc.hostname ` + -DC2_Host_Name $config.dcb.hostname ` + -DC1_IP_Address $config.dc.ip ` + -DC2_IP_Address $config.dcb.ip; + # Switch back to original subscription Set-AzContext -Context $prevContext; \ No newline at end of file From a0f5c60fa16b688601fbfa0fd7ff9e1f7f89fe25 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 4 Nov 2019 16:42:45 +0000 Subject: [PATCH 019/107] Revert to 'GatewaySubnet' for VNET gateway (it must be named this) --- existing_dsg_environment/Create_VNet.ps1 | 4 ++-- .../02_create_vnet/Create_VNET.ps1 | 2 +- .../02_create_vnet/vnet-master-template.json | 14 +++++++------- .../dsg_deploy_scripts/DsgConfig.psm1 | 2 +- .../Create_SafeHavenManagement_VNET.ps1 | 4 ++-- .../setup/setup_azure1.ps1 | 3 ++- 6 files changed, 15 insertions(+), 14 deletions(-) diff --git a/existing_dsg_environment/Create_VNet.ps1 b/existing_dsg_environment/Create_VNet.ps1 index f17b772195..f257b573c6 100644 --- a/existing_dsg_environment/Create_VNet.ps1 +++ b/existing_dsg_environment/Create_VNet.ps1 @@ -10,7 +10,7 @@ $region = "UK South" $subnetrds = "Subnet_RDS" # RDS subnet $subnetdata = "Subnet_Data" # Data subnet $subnetid = "Subnet_Identity" # Identity subnet -$subnetgw = "Subnet-Gateway" # VPN gateway subnet +$subnetgw = "GatewaySubnet" # VPN gateway subnet $vnetprefix = "0.0.0.0/0" # Address space $datasubprefix = "0.0.0.0/0" # Data subnet ip range $idsubprefix = "0.0.0.0/0" # identity subnet ip range @@ -54,7 +54,7 @@ write-Host -ForegroundColor Green "Done!" write-Host -ForegroundColor Cyan "Creating virtual network...." New-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -Location $region -AddressPrefix $vnetprefix -Subnet $rdssub, $datasub, $idsub, $gwsub $vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "Subnet-Gateway" -VirtualNetwork $vnet +$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet write-Host -ForegroundColor Green "Done!" #Create public IP address diff --git a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 index 6d008fe120..8e8053b354 100644 --- a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 @@ -23,7 +23,7 @@ $vnetCreateParams = @{ "Subnet-Identity Address Prefix" = $config.dsg.network.subnets.identity.cidr "Subnet-RDS Address Prefix" = $config.dsg.network.subnets.rds.cidr "Subnet-Data Address Prefix" = $config.dsg.network.subnets.data.cidr - "Subnet-Gateway Address Prefix" = $config.dsg.network.subnets.gateway.cidr + "GatewaySubnet Address Prefix" = $config.dsg.network.subnets.gateway.cidr "DNS Server IP Address" = $config.dsg.dc.ip } diff --git a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json index 90f25338ed..0958b94519 100644 --- a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json +++ b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json @@ -43,7 +43,7 @@ "description": "Enter IP subnet prefix i.e. 10.250.12.0/24" } }, - "Subnet-Gateway Address Prefix": { + "GatewaySubnet Address Prefix": { "type": "string", "defaultValue": "10.250.x.x", "metadata": { @@ -93,7 +93,7 @@ "id": "[resourceId('Microsoft.Network/publicIPAddresses', 'DSG_VNET1_GW_PIP')]" }, "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'Subnet-Gateway')]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'GatewaySubnet')]" } } } @@ -131,7 +131,7 @@ }, "dependsOn": [ "[resourceId('Microsoft.Network/publicIPAddresses', 'DSG_VNET1_GW_PIP')]", - "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'Subnet-Gateway')]" + "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'GatewaySubnet')]" ] }, { @@ -178,9 +178,9 @@ } }, { - "name": "Subnet-Gateway", + "name": "GatewaySubnet", "properties": { - "addressPrefix": "[parameters('Subnet-Gateway Address Prefix')]", + "addressPrefix": "[parameters('GatewaySubnet Address Prefix')]", "serviceEndpoints": [], "delegations": [] } @@ -235,11 +235,11 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat(parameters('Virtual Network Name'), '/', 'Subnet-Gateway')]", + "name": "[concat(parameters('Virtual Network Name'), '/', 'GatewaySubnet')]", "apiVersion": "2018-10-01", "scale": null, "properties": { - "addressPrefix": "[parameters('Subnet-Gateway Address Prefix')]", + "addressPrefix": "[parameters('GatewaySubnet Address Prefix')]", "serviceEndpoints": [], "delegations": [] }, diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 44ebf7a003..3199b72387 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -72,7 +72,7 @@ function Get-ShmFullConfig{ $shm.network.subnets.gateway = [ordered]@{} $shm.network.subnets.gateway.prefix = $shmBasePrefix + "." + ([int] $shmThirdOctet + 7) - $shm.network.subnets.gateway.name = "Subnet-Gateway" + $shm.network.subnets.gateway.name = "GatewaySubnet" # The Gateway subnet MUST be named 'GatewaySubnet' - see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#do-i-need-a-gatewaysubnet $shm.network.subnets.gateway.cidr = $shm.network.subnets.gateway.prefix + ".0/24" # --- Domain controller config --- diff --git a/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 b/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 index e79e02703f..a2702ce02c 100644 --- a/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 +++ b/new_dsg_environment/infrastructure/Create_SafeHavenManagement_VNET.ps1 @@ -6,7 +6,7 @@ $rg = "RG_SHM_VNET" $region = "UK South" $subnetid = "Subnet-Identity" $subnetweb = "Subnet-Web" -$subnetgw = "Subnet-Gateway" +$subnetgw = "GatewaySubnet" $vnetprefix = "10.251.0.0/21" $idsubprefix = "10.251.0.0/24" @@ -49,7 +49,7 @@ write-Host -ForegroundColor Green "Done!" write-Host -ForegroundColor Cyan "Creating virtual network...." New-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -Location $region -AddressPrefix $vnetprefix -Subnet $idsub, $websub, $gwsub $vnet = Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $rg -$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "Subnet-Gateway" -VirtualNetwork $vnet +$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet write-Host -ForegroundColor Green "Done!" #Create public IP address diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index a794e52ad9..91df9ce38f 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -120,6 +120,7 @@ $vnetCreateParams = @{ "VNET_DNS1" = $config.dc.ip "VNET_DNS2" = $config.dcb.ip } + New-AzResourceGroup -Name $config.network.vnet.rg -Location $config.location New-AzResourceGroupDeployment -resourcegroupname $config.network.vnet.rg ` -templatefile "../arm_templates/shmvnet/shmvnet-template.json" ` @@ -131,7 +132,7 @@ if($config.domain.netbiosName.length -gt $netbiosNameMaxLength) { throw "Netbios name must be no more than 15 characters long. '$($config.domain.netbiosName)' is $($config.domain.netbiosName.length) characters long." } New-AzResourceGroup -Name $config.dc.rg -Location $config.location -New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg` +New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg ` -templatefile "../arm_templates/shmdc/shmdc-template.json"` -Administrator_User "atiadmin"` -Administrator_Password (ConvertTo-SecureString $DCRootPassword -AsPlainText -Force)` From a4130f0f3df03609f7e740330cfa2415718cfcaa Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Mon, 4 Nov 2019 20:51:38 +0000 Subject: [PATCH 020/107] Normalise SHM + DSG resource names. Use DSG KeyVault. Update SHM cert generation. - Normalise DSG names to RES_TYPE_DSGX format - Make SHM cert names include SHM ID - Auto upload SHM CA Cert to keyvault - Use separate per-DSG KeyVault for DSG secrets - Update DSG VNET deployment to pass subnet names - Update SHM runbook to reflect refactored cert creation - Normalise SHM secret names --- .../azure-runbooks/dsg_build_instructions.md | 51 ++++------ .../core/shm_dev1_core_config.json | 4 +- .../core/shm_turing1_core_config.json | 4 +- .../dsg_configs/full/dsg_100_full_config.json | 95 +++++++++++-------- .../full/dsg_dev1_full_config.json | 95 +++++++++++-------- .../01_configure_shm_dc/Prepare_SHM.ps1 | 19 +++- .../02_create_vnet/Create_VNET.ps1 | 4 + .../02_create_vnet/vnet-master-template.json | 92 ++++++++---------- .../dsg_deploy_scripts/DsgConfig.psm1 | 50 +++++----- .../azure-runbooks/SHM-Build-Instructions.md | 76 ++++++--------- .../scripts/local/build/Dockerfile.certs | 22 +++-- .../setup/setup_azure0.ps1 | 4 +- .../setup/setup_azure1.ps1 | 52 ++++++---- .../setup/setup_azure2.ps1 | 6 +- 14 files changed, 296 insertions(+), 278 deletions(-) diff --git a/new_dsg_environment/azure-runbooks/dsg_build_instructions.md b/new_dsg_environment/azure-runbooks/dsg_build_instructions.md index 5d1f0ac242..bb6650906f 100644 --- a/new_dsg_environment/azure-runbooks/dsg_build_instructions.md +++ b/new_dsg_environment/azure-runbooks/dsg_build_instructions.md @@ -15,7 +15,7 @@ - #### Download a client VPN certificate for the Safe Haven Management VNet - - Navigate to the Safe Haven Management (SHM) KeyVault in the Safe Haven Management subscription via `Resource Groups -> RG_DSG_SECRETS -> dsg-management-`, where `` is `prod` for the production SHM environment and `test` for the test SHM environment. + - Navigate to the Safe Haven Management (SHM) KeyVault in the Safe Haven Management subscription via `Resource Groups -> RG_DSG_SECRETS -> kv-shm-`. - Once there open the "Certificates" page under the "Settings" section in the left hand sidebar. @@ -33,7 +33,7 @@ - Click the "Download VPN client" link at the top of the page to get the root certificate (VpnServerRoot.cer) and VPN configuration file (VpnSettings.xml), then follow the [VPN set up instructions](https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert) using the Windows or Mac sections as appropriate. - - On Windows you may get a "|Windows protected your PC" pop up. If so, click `More info -> Run anyway` + - On Windows you may get a "Windows protected your PC" pop up. If so, click `More info -> Run anyway` - On Windows do not rename the vpn client as this will break it @@ -123,7 +123,7 @@ The full configuration details for a new DSG are generated by defining a few "co ### Core SHM configuration properties The core properties for the relevant pre-existing Safe Haven Management (SHM) environment must be present in the `dsg_configs/core` folder. -The following core SHM properties must be defined in a JSON file named `shm__core_config.json`. See `shm_testc_core_config.json` for an example. +The following core SHM properties must be defined in a JSON file named `shm__core_config.json`. **NOTE:** The `netbiosName` fields must have a maximum length of 15 characters. @@ -133,8 +133,8 @@ The following core SHM properties must be defined in a JSON file named `shm_artifacts`", - "keyVaultName": "The name of the KeyVault that will contain secrets mangement environment. Must be GLOBALLY unique within Azure. We suggest the format `dsg-management-`" + "ipPrefix": "The three octet IP address prefix for the Class A range used by the management environment. Use 10.0.0 for this unless you have a good reason to use another prefix." } ``` @@ -217,6 +206,8 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Prepare SHM by running `./Prepare_SHM.ps1`, entering the DSG ID when prompted +- This step also creates a DSG KeyVault in the DSG subscription in `Resource Groups -> RG_DSG_SECRETS -> kv-shm--dsg`. Additional deployment steps will add secrets to this KeyVault and you will need to access some of these for some of the manual configiration steps later. + ## 2. Deploy Virtual Network ### Create the virtual network @@ -235,7 +226,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor ### Set up a VPN connection to the DSG -- In the **DSG subscription** open `Resource Groups -> RG_DSG_VNET -> DSG_VNET1_GW` +- In the **DSG subscription** open `Resource Groups -> RG_DSG_VNET -> VNET_DSG_GW` - Select "**Point to Site Configuration**" from the left-hand navigation @@ -277,7 +268,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the new Domain controller via Remote Desktop client over the DSG VPN connection at the IP address `.250` (e.g. 10.250.x.250) -- Login with local admin user `atiadmin` and the password for the DSG DC, which was created and stored in the `dsg-dc-admin-password` secret in the Safe Haven Management KeyVault by the DC deployment script +- Login with local admin user `dsgadmin` and the password for the DSG DC, which was created and stored in the `dsg-dc-admin-password` secret in the DSG KeyVault by the DC deployment script - From the "Server Management" application, select `Tools -> Group Policy Management` @@ -331,7 +322,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **SHM Domain Controller** via Remote Desktop client over the VPN connection -- Login with domain user `\atiadmin` and the SHM DC admin password from the `sh-management-dc-admin-password` secret in the Safe Haven Management KeyVault +- Login with domain user `\shmadmin` and the SHM DC admin password from the `shm-dc-admin-password` secret in the Safe Haven Management KeyVault - From the "Server Management" application, select `Tools -> Active Directory Domains and Trust` @@ -349,7 +340,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor | Trust Type: | External Trust | | Direction of trust: | Two-way | | Sides of trust: | Both this domain and the specified domain | - | User name and password: | Domain admin user on the DSG domain. Format: `. User is "atiadmin ". See DSG DC admin secret in management KeyVault for password. | + | User name and password: | Domain admin user on the DSG domain. Format: `\Username>. User is "dsgadmin ". See DSG DC admin secret in DSG KeyVault for password. | | Outgoing Trust Authentication Level-Local Domain: | Domain-wide authentication | | Outgoing Trust Authentication Level-Specified Domain: | Domain-wide authentication | @@ -395,7 +386,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **RDS Session Server 1 (RDSSH1)** via Remote Desktop client over the DSG VPN connection -- Login with domain user `\atiadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the SHM KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the SHM KeyVault (all DSG Windows servers use the same admin credentials) - Open `C:\Software\rdssh1-app-server` in Windows explorer @@ -407,7 +398,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **RDS Gateway** via Remote Desktop client over the DSG VPN connection -- Login with domain user `\atiadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the SHM KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the DSG KeyVault (all DSG Windows servers use the same admin credentials) - Open a PowerShell command window with elevated privileges - make sure to use the `Windows PowerShell` application, not the `Windows PowerShell (x86)` application. The required server managment commandlets are not installed on the x86 version. @@ -455,7 +446,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Enter the IP address of the NPS within the management domain (`10.251.0.248`) -- Set the "Shared Secret" to the value of the `dsg--nps-secret` in the SHM KeyVault. +- Set the "Shared Secret" to the value of the `dsg--nps-secret` in the DSG KeyVault. ![C:\\Users\\ROB\~1.CLA\\AppData\\Local\\Temp\\SNAGHTML2302f1a.PNG](images/media/image23.png) @@ -523,7 +514,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **SHM Domain Controller** via Remote Desktop client over the VPN connection -- Login with domain user `\atiadmin` and the SHM DC admin password from the `sh-management-dc-admin-password` secret in the Safe Haven Management KeyVault +- Login with domain user `\shmadmin` and the SHM DC admin password from the `shm-dc-admin-password` secret in the Safe Haven Management KeyVault - In the "Server Management" app, click `Tools -> Active Directory Users and Computers` @@ -557,7 +548,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Ensure that the SHM NPS server RADIUS Client configuration is using the **private** IP address of the RDS Gateway and **not** its public one. - - Ensure the same shared secret from the `dsg--nps-secret` in the SHM KeyVault is used in **both** the SHM NPS server RADIUS Client configuration and the DSG RDS Gateway RD CAP Store configuration (see previous sections for instructions). + - Ensure the same shared secret from the `dsg--nps-secret` in the DSG KeyVault is used in **both** the SHM NPS server RADIUS Client configuration and the DSG RDS Gateway RD CAP Store configuration (see previous sections for instructions). - If you get a "We couldn't connect to the gateway because of an error" message, it's likely that the "Remote RADIUS Server" authentication timeouts have not been increased as described in a previous section. It seems that these are reset everytime the "Central CAP store" shared RADIUS secret is changed. @@ -569,7 +560,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **RDS Session Server 2 (RDSSH1)** via Remote Desktop client over the DSG VPN connection -- Login with domain user `\atiadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the SHM KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the SHM KeyVault (all DSG Windows servers use the same admin credentials) - Open `C:\Software\rdssh2-virtual-desktop-server` in Windows explorer @@ -663,8 +654,8 @@ To deploy a compute VM you will need the following available on the machine you - Activate boot diagnostics on the VM and click save. You need to stay on that screen until the activation is complete. - Go back to the VM panel and click on the "Serial console" item near the bottom of the VM menu on the left habnd side of the VM panel. - If you are not prompted with `login:`, hit enter until the prompt appears -- Enter `atiadmin` for the username -- Enter the password from the `dsgroup-dsvm-admin-password` secret in the `dsg-mangement-` KeyVault in the `RG_DSG_SECRETS` respource group of the SHM subscription. +- Enter `dsgadmin` for the username +- Enter the password from the `dsg-dsvm-admin-password` secret in the DSG KeyVault. - To validate that our custom `cloud-init.yaml` file has been successfully uploaded, run `sudo cat /var/lib/cloud/instance/user-data.txt`. You should see the contents of the `new_dsg_environment/azure-vms/DSG_configs/cloud-init-compute-vm-DSG-.yaml` file in the Safe Haven git repository. - To see the output of our custom `cloud-init.yaml` file, run `sudo tail -n 200 /var/log/cloud-init-output.log` and scroll up. @@ -704,7 +695,7 @@ To run the smoke tests: - Connect to the **DSG Dataserver** via Remote Desktop client over the DSG VPN connection. Ensure that the Remote Desktop client configuration shares the Safe Haven repository folder on your local machine with the Dataserver (or you have another way to transfer files between your local machine and the Dataserver VM). -- Login with domain user `\atiadmin` and the **DSG DC** admin password from the SHM KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the DSG KeyVault (all DSG Windows servers use the same admin credentials) - Copy the `package_lists` and `tests` folders from your local `/new_dsg_environment/azure-vms/` folder to a `dsg_tests` folder on within the `F:\Data` folder on the DSG Dataserver. diff --git a/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json index 6ffad181a5..c8fc71a583 100644 --- a/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json @@ -3,7 +3,7 @@ "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", "domain": "safehavendev1.co.uk", "netbiosName": "SAFEHAVENDEV1", - "shId": "dev1", + "shmId": "dev1", "name": "Development Safe Haven 1", "organisation": { "name": "The Alan Turing Institute", @@ -12,5 +12,5 @@ "countryCode": "GB" }, "location": "uksouth", - "ipPrefix": "10.0.0.0" + "ipPrefix": "10.0.0" } diff --git a/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json index 31faa4e4b0..37e19fbd7d 100644 --- a/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json @@ -3,7 +3,7 @@ "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", "domain": "turingsafehaven.ac.uk", "netbiosName": "TURINGSAFEHAVEN", - "shId": "turing1", + "shmId": "turing1", "name": "Turng Safe Haven", "organisation": { "name": "The Alan Turing Institute", @@ -12,5 +12,5 @@ "countryCode": "GB" }, "location": "uksouth", - "ipPrefix": "10.0.0.0" + "ipPrefix": "10.0.0" } diff --git a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json index b73d6a3749..fbf200e53c 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json @@ -27,49 +27,61 @@ "network": { "vnet": { "rg": "RG_SHM_VNET", - "name": "turing1-VNET", + "name": "VNET_SHM_turing1", "cidr": "10.0.0.0/21" }, "subnets": { "identity": { "prefix": "10.0.0", + "name": "Subnet-Identity", "cidr": "10.0.0.0/24" + }, + "web": { + "prefix": "10.0.1", + "name": "Subnet-Web", + "cidr": "10.0.1.0/24" + }, + "gateway": { + "prefix": "10.0.7", + "name": "GatewaySubnet", + "cidr": "10.0.7.0/24" } } }, "dc": { "rg": "RG_SHM_DC", - "vmName": "turing1-DC1", - "hostname": "turing1-DC1", - "fqdn": "turing1-DC1.turingsafehaven.ac.uk", + "vmName": "DC1_SHM_turing1", + "hostname": "DC1_SHM_turing1", + "fqdn": "DC1_SHM_turing1.turingsafehaven.ac.uk", "ip": "10.0.0.250" }, "dcb": { - "vmName": "turing1-DC2", - "hostname": "turing1-DC2", - "fqdn": "turing1-DC2.turingsafehaven.ac.uk", + "vmName": "DC2_SHM_turing1", + "hostname": "DC2_SHM_turing1", + "fqdn": "DC2_SHM_turing1.turingsafehaven.ac.uk", "ip": "10.0.0.249" }, "nps": { "rg": "RG_SHM_NPS", - "vmName": "turing1-NPS", + "vmName": "NPS_SHM_turing1", "ip": "10.0.0.248" }, "storage": { "artifacts": { "rg": "RG_SHM_ARTIFACTS", - "accountName": "turing1artifacts" + "accountName": "shmturing1artifacts" } }, "keyVault": { "rg": "RG_SHM_SECRETS", - "name": "turing1secrets", + "name": "kv-shm-turing1", "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" + "dcAdminUsername": "shm-dc-admin-username", + "dcAdminPassword": "shm-dc-admin-password", + "dcSafemodePassword": "shm-dc-safemode-password", + "adsyncPassword": "shm-adsync-password", + "vpnCaCertificate": "shm-vpn-ca-cert", + "vpnClientCertPassword": "shm-vpn-client-cert-pwd" } }, "dns": { @@ -115,7 +127,7 @@ "network": { "vnet": { "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUP100_VNET1", + "name": "VNET_DSG100", "cidr": "10.150.0.0/21" }, "subnets": { @@ -135,6 +147,7 @@ "cidr": "10.150.2.0/24" }, "gateway": { + "name": "GatewaySubnet", "prefix": "10.150.7", "cidr": "10.150.7.0/27" } @@ -153,16 +166,16 @@ } }, "keyVault": { - "name": "dsg-management-turing1" + "name": "kv-turing1-dsg100" }, "dc": { "rg": "RG_DSG_DC", - "vmName": "DSG100DC", - "hostname": "DSG100DC", - "fqdn": "DSG100DC.dsgroup100.co.uk", + "vmName": "DC_DSG100", + "hostname": "DC_DSG100", + "fqdn": "DC_DSG100.dsgroup100.co.uk", "ip": "10.150.0.250", "admin": { - "username": "atiadmin", + "username": "dsgadmin", "passwordSecretName": "dsg100-dc-admin-password" } }, @@ -194,22 +207,22 @@ }, "rds": { "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroup100.co.uk", + "vmName": "RDS_DSG100", + "hostname": "RDS_DSG100", + "fqdn": "RDS_DSG100.dsgroup100.co.uk", "ip": "10.150.1.250", "npsSecretName": "dsg100-nps-secret" }, "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroup100.co.uk", + "vmName": "RDSSH1_DSG100", + "hostname": "RDSSH1_DSG100", + "fqdn": "RDSSH1_DSG100.dsgroup100.co.uk", "ip": "10.150.1.249" }, "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroup100.co.uk", + "vmName": "RDSSH2_DSG100", + "hostname": "RDSSH2_DSG100", + "fqdn": "RDSSH2_DSG100.dsgroup100.co.uk", "ip": "10.150.1.248" }, "rg": "RG_DSG_RDS", @@ -225,23 +238,23 @@ }, "dataserver": { "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroup100.co.uk", + "vmName": "DATA_DSG100", + "hostname": "DATA_DSG100", + "fqdn": "DATA_DSG100.dsgroup100.co.uk", "ip": "10.150.2.250" }, "linux": { "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroup100.co.uk", + "vmName": "GITLAB_DSG100", + "hostname": "GITLAB_DSG100", + "fqdn": "GITLAB_DSG100.dsgroup100.co.uk", "ip": "10.150.2.151", "rootPasswordSecretName": "dsg100-gitlab-root-password" }, "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroup100.co.uk", + "vmName": "HACKMD_DSG100", + "hostname": "HACKMD_DSG100", + "fqdn": "HACKMD_DSG100.dsgroup100.co.uk", "ip": "10.150.2.152" }, "rg": "RG_DSG_LINUX", @@ -253,8 +266,8 @@ "vmImageType": "Ubuntu", "vmImageVersion": "0.1.2019082900", "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroup100-dsvm-admin-password" + "username": "dsgadmin", + "passwordSecretName": "dsg100-dsvm-admin-password" } } } diff --git a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json index 31dc9b25d2..8b620fec24 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json @@ -27,49 +27,61 @@ "network": { "vnet": { "rg": "RG_SHM_VNET", - "name": "dev1-VNET", + "name": "VNET_SHM_dev1", "cidr": "10.0.0.0/21" }, "subnets": { "identity": { "prefix": "10.0.0", + "name": "Subnet-Identity", "cidr": "10.0.0.0/24" + }, + "web": { + "prefix": "10.0.1", + "name": "Subnet-Web", + "cidr": "10.0.1.0/24" + }, + "gateway": { + "prefix": "10.0.7", + "name": "GatewaySubnet", + "cidr": "10.0.7.0/24" } } }, "dc": { "rg": "RG_SHM_DC", - "vmName": "dev1-DC1", - "hostname": "dev1-DC1", - "fqdn": "dev1-DC1.safehavendev1.co.uk", + "vmName": "DC1_SHM_dev1", + "hostname": "DC1_SHM_dev1", + "fqdn": "DC1_SHM_dev1.safehavendev1.co.uk", "ip": "10.0.0.250" }, "dcb": { - "vmName": "dev1-DC2", - "hostname": "dev1-DC2", - "fqdn": "dev1-DC2.safehavendev1.co.uk", + "vmName": "DC2_SHM_dev1", + "hostname": "DC2_SHM_dev1", + "fqdn": "DC2_SHM_dev1.safehavendev1.co.uk", "ip": "10.0.0.249" }, "nps": { "rg": "RG_SHM_NPS", - "vmName": "dev1-NPS", + "vmName": "NPS_SHM_dev1", "ip": "10.0.0.248" }, "storage": { "artifacts": { "rg": "RG_SHM_ARTIFACTS", - "accountName": "dev1artifacts" + "accountName": "shmdev1artifacts" } }, "keyVault": { "rg": "RG_SHM_SECRETS", - "name": "dev1secrets", + "name": "kv-shm-dev1", "secretNames": { - "p2sRootCert": "sh-management-p2s-root-cert", - "dc": "sh-managment-dcadmin", - "safemode": "sh-managment-dcsafemode", - "adsync": "sh-managment-adsync", - "vpncertificate": "sh-managment-cert" + "dcAdminUsername": "shm-dc-admin-username", + "dcAdminPassword": "shm-dc-admin-password", + "dcSafemodePassword": "shm-dc-safemode-password", + "adsyncPassword": "shm-adsync-password", + "vpnCaCertificate": "shm-vpn-ca-cert", + "vpnClientCertPassword": "shm-vpn-client-cert-pwd" } }, "dns": { @@ -115,7 +127,7 @@ "network": { "vnet": { "rg": "RG_DSG_VNET", - "name": "DSG_DSGROUPDEV1_VNET1", + "name": "VNET_DSGdev1", "cidr": "10.100.0.0/21" }, "subnets": { @@ -135,6 +147,7 @@ "cidr": "10.100.2.0/24" }, "gateway": { + "name": "GatewaySubnet", "prefix": "10.100.7", "cidr": "10.100.7.0/27" } @@ -153,16 +166,16 @@ } }, "keyVault": { - "name": "dsg-management-dev1" + "name": "kv-dev1-dsgdev1" }, "dc": { "rg": "RG_DSG_DC", - "vmName": "DSGdev1DC", - "hostname": "DSGdev1DC", - "fqdn": "DSGdev1DC.dsgroupdev1.co.uk", + "vmName": "DC_DSGdev1", + "hostname": "DC_DSGdev1", + "fqdn": "DC_DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.0.250", "admin": { - "username": "atiadmin", + "username": "dsgadmin", "passwordSecretName": "dsgdev1-dc-admin-password" } }, @@ -194,22 +207,22 @@ }, "rds": { "gateway": { - "vmName": "RDS", - "hostname": "RDS", - "fqdn": "RDS.dsgroupdev1.co.uk", + "vmName": "RDS_DSGdev1", + "hostname": "RDS_DSGdev1", + "fqdn": "RDS_DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.1.250", "npsSecretName": "dsgdev1-nps-secret" }, "sessionHost1": { - "vmName": "RDSSH1", - "hostname": "RDSSH1", - "fqdn": "RDSSH1.dsgroupdev1.co.uk", + "vmName": "RDSSH1_DSGdev1", + "hostname": "RDSSH1_DSGdev1", + "fqdn": "RDSSH1_DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.1.249" }, "sessionHost2": { - "vmName": "RDSSH2", - "hostname": "RDSSH2", - "fqdn": "RDSSH2.dsgroupdev1.co.uk", + "vmName": "RDSSH2_DSGdev1", + "hostname": "RDSSH2_DSGdev1", + "fqdn": "RDSSH2_DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.1.248" }, "rg": "RG_DSG_RDS", @@ -225,23 +238,23 @@ }, "dataserver": { "rg": "RG_DSG_DATA", - "vmName": "DATASERVER", - "hostname": "DATASERVER", - "fqdn": "DATASERVER.dsgroupdev1.co.uk", + "vmName": "DATA_DSGdev1", + "hostname": "DATA_DSGdev1", + "fqdn": "DATA_DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.2.250" }, "linux": { "gitlab": { - "vmName": "GITLAB", - "hostname": "GITLAB", - "fqdn": "GITLAB.dsgroupdev1.co.uk", + "vmName": "GITLAB_DSGdev1", + "hostname": "GITLAB_DSGdev1", + "fqdn": "GITLAB_DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.2.151", "rootPasswordSecretName": "dsgdev1-gitlab-root-password" }, "hackmd": { - "vmName": "HACKMD", - "hostname": "HACKMD", - "fqdn": "HACKMD.dsgroupdev1.co.uk", + "vmName": "HACKMD_DSGdev1", + "hostname": "HACKMD_DSGdev1", + "fqdn": "HACKMD_DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.2.152" }, "rg": "RG_DSG_LINUX", @@ -253,8 +266,8 @@ "vmImageType": "Ubuntu", "vmImageVersion": "0.1.2019082900", "admin": { - "username": "atiadmin", - "passwordSecretName": "dsgroupdev1-dsvm-admin-password" + "username": "dsgadmin", + "passwordSecretName": "dsgdev1-dsvm-admin-password" } } } diff --git a/new_dsg_environment/dsg_deploy_scripts/01_configure_shm_dc/Prepare_SHM.ps1 b/new_dsg_environment/dsg_deploy_scripts/01_configure_shm_dc/Prepare_SHM.ps1 index 007548bf1c..20f1338060 100644 --- a/new_dsg_environment/dsg_deploy_scripts/01_configure_shm_dc/Prepare_SHM.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/01_configure_shm_dc/Prepare_SHM.ps1 @@ -10,13 +10,24 @@ Import-Module $PSScriptRoot/../GeneratePassword.psm1 -Force # Get DSG config $config = Get-DsgConfig($dsgId); -# Temporarily switch to management subscription -$prevContext = Get-AzContext -$_ = Set-AzContext -SubscriptionId $config.shm.subscriptionName; # Directory for local and remote helper scripts $helperScriptDir = Join-Path $PSScriptRoot "helper_scripts" "Prepare_SHM" -Resolve +# Create DSG KeyVault if it does not exist +# Temporarily switch to DSG subscription +$prevContext = Get-AzContext +Set-AzContext -SubscriptionId $config.subscriptionName; + +# Create Resource Groups +New-AzResourceGroup -Name $config.dsg.keyVault.rg -Location $config.location + +# Create a keyvault +New-AzKeyVault -Name $config.dsg.keyVault.name -ResourceGroupName $config.dsg.keyVault.rg -Location $config.dsg.location + +# Temporarily switch to management subscription +$_ = Set-AzContext -SubscriptionId $config.shm.subscriptionName; + # === Add DSG users and groups to SHM ==== Write-Host "Creating or retrieving user passwords" function Create-DsgPassword($secretName){ @@ -83,6 +94,8 @@ $result = Invoke-AzVMRunCommand -ResourceGroupName $config.shm.dc.rg -Name $conf Write-Host $result.Value[0].Message Write-Host $result.Value[1].Message +Write-Host "Before running the next step, make sure to add a policy to the KeyVault '$($config.dsg.keyVault.name)' in the '$($config.dsg.keyVault.rg)' resource group that gives the administrator security group for this Safe Haven instance rights to manage Keys, Secrets and Certificates." + # Switch back to previous subscription $_ = Set-AzContext -Context $prevContext; diff --git a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 index 8e8053b354..7ff56cc987 100644 --- a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 @@ -24,6 +24,10 @@ $vnetCreateParams = @{ "Subnet-RDS Address Prefix" = $config.dsg.network.subnets.rds.cidr "Subnet-Data Address Prefix" = $config.dsg.network.subnets.data.cidr "GatewaySubnet Address Prefix" = $config.dsg.network.subnets.gateway.cidr + "Subnet-Identity Name" = $config.dsg.network.subnets.identity.name + "Subnet-RDS Name" = $config.dsg.network.subnets.rds.name + "Subnet-Data Name" = $config.dsg.network.subnets.data.name + "GatewaySubnet Name" = $config.dsg.network.subnets.gateway.name "DNS Server IP Address" = $config.dsg.dc.ip } diff --git a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json index 0958b94519..3b94e97861 100644 --- a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json +++ b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/vnet-master-template.json @@ -3,62 +3,46 @@ "contentVersion": "1.0.0.0", "parameters": { "Virtual Network Name": { - "defaultValue": "DSG_DSGROUPX_VNET1", - "type": "string", - "metadata": { - "Description": "Enter name of virtual network i.e. DSG_DSGROUP2_VNET1" - } + "type": "string" }, "P2S VPN Certificate": { - "type": "securestring", - "metadata": { - "description": "Paste certificate into dialogue box" - } + "type": "securestring" }, "Virtual Network Address Space": { - "type": "string", - "defaultValue": "10.250.x.x", - "metadata": { - "description": "Enter IP address space for the virtual network i.e. 10.250.10.0/21" - } + "type": "string" }, "Subnet-Identity Address Prefix": { - "type": "string", - "defaultValue": "10.250.x.x", - "metadata": { - "description": "Enter IP subnet prefix i.e. 10.250.10.0/24" - } + "type": "string" }, "Subnet-RDS Address Prefix": { - "type": "string", - "defaultValue": "10.250.x.x", - "metadata": { - "description": "Enter IP subnet prefix i.e. 10.250.11./24" - } + "type": "string" }, "Subnet-Data Address Prefix": { - "type": "string", - "defaultValue": "10.250.x.x", - "metadata": { - "description": "Enter IP subnet prefix i.e. 10.250.12.0/24" - } + "type": "string" }, "GatewaySubnet Address Prefix": { - "type": "string", - "defaultValue": "10.250.x.x", - "metadata": { - "description": "Enter IP subnet prefix for the gateway i.e. 10.250.13.0/27" - } + "type": "string" + }, + "Subnet-Identity Name": { + "type": "string" + }, + "Subnet-RDS Name": { + "type": "string" + }, + "Subnet-Data Name": { + "type": "string" + }, + "GatewaySubnet Name": { + "type": "string" }, "DNS Server IP Address": { - "type": "string", - "defaultValue": "10.250.x.250", - "metadata": { - "description": "Enter IP of the DNS server (this is the DC within the DSG i.e. 10.250.x.250" - } + "type": "string" } }, - "variables": {}, + "variables": { + "Gateway_Name": "[concat(parameters('Virtual Network Name'),'_GW')]", + "Gateway_IP_Name": "[concat(parameters('Virtual Network Name'),'_GW_PIP')]" + }, "resources": [ { "type": "Microsoft.Network/publicIPAddresses", @@ -66,7 +50,7 @@ "name": "Basic", "tier": "Regional" }, - "name": "DSG_VNET1_GW_PIP", + "name": "[variables('Gateway_IP_Name')]", "apiVersion": "2018-10-01", "location": "[resourceGroup().location]", "scale": null, @@ -79,7 +63,7 @@ }, { "type": "Microsoft.Network/virtualNetworkGateways", - "name": "DSG_VNET1_GW", + "name": "[variables('Gateway_Name')]", "apiVersion": "2018-10-01", "location": "[resourceGroup().location]", "scale": null, @@ -90,10 +74,10 @@ "properties": { "privateIPAllocationMethod": "Dynamic", "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', 'DSG_VNET1_GW_PIP')]" + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('Gateway_IP_Name'))]" }, "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'GatewaySubnet')]" + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), parameters('GatewaySubnet Name'))]" } } } @@ -130,8 +114,8 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', 'DSG_VNET1_GW_PIP')]", - "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), 'GatewaySubnet')]" + "[resourceId('Microsoft.Network/publicIPAddresses', variables('Gateway_IP_Name'))]", + "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('Virtual Network Name'), parameters('GatewaySubnet Name'))]" ] }, { @@ -154,7 +138,7 @@ }, "subnets": [ { - "name": "Subnet-Identity", + "name": "[parameters('Subnet-Identity Name')]", "properties": { "addressPrefix": "[parameters('Subnet-Identity Address Prefix')]", "serviceEndpoints": [], @@ -162,7 +146,7 @@ } }, { - "name": "Subnet-RDS", + "name": "[parameters('Subnet-RDS Name')]", "properties": { "addressPrefix": "[parameters('Subnet-RDS Address Prefix')]", "serviceEndpoints": [], @@ -170,7 +154,7 @@ } }, { - "name": "Subnet-Data", + "name": "[parameters('Subnet-Data Name')]", "properties": { "addressPrefix": "[parameters('Subnet-Data Address Prefix')]", "serviceEndpoints": [], @@ -178,7 +162,7 @@ } }, { - "name": "GatewaySubnet", + "name": "[parameters('GatewaySubnet Name')]", "properties": { "addressPrefix": "[parameters('GatewaySubnet Address Prefix')]", "serviceEndpoints": [], @@ -193,7 +177,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat(parameters('Virtual Network Name'), '/', 'Subnet-Identity')]", + "name": "[concat(parameters('Virtual Network Name'), '/', parameters('Subnet-Identity Name'))]", "apiVersion": "2018-10-01", "scale": null, "properties": { @@ -207,7 +191,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat(parameters('Virtual Network Name'), '/', 'Subnet-RDS')]", + "name": "[concat(parameters('Virtual Network Name'), '/', parameters('Subnet-RDS Name'))]", "apiVersion": "2018-10-01", "scale": null, "properties": { @@ -221,7 +205,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat(parameters('Virtual Network Name'), '/', 'Subnet-Data')]", + "name": "[concat(parameters('Virtual Network Name'), '/', parameters('Subnet-Data Name'))]", "apiVersion": "2018-10-01", "scale": null, "properties": { @@ -235,7 +219,7 @@ }, { "type": "Microsoft.Network/virtualNetworks/subnets", - "name": "[concat(parameters('Virtual Network Name'), '/', 'GatewaySubnet')]", + "name": "[concat(parameters('Virtual Network Name'), '/', parameters('GatewaySubnet Name'))]", "apiVersion": "2018-10-01", "scale": null, "properties": { diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 3199b72387..5559d8b70b 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -28,7 +28,7 @@ function Get-ShmFullConfig{ # --- Top-level config --- $shm.subscriptionName = $shmConfigBase.subscriptionName $shm.computeVmImageSubscriptionName = $shmConfigBase.computeVmImageSubscriptionName - $shm.id = $shmConfigBase.shId + $shm.id = $shmConfigBase.shmId $shm.name = $shmConfigBase.name $shm.organisation = $shmConfigBase.organisation $shm.location = $shmConfigBase.location @@ -58,7 +58,7 @@ function Get-ShmFullConfig{ subnets = [ordered]@{} } $shm.network.vnet.rg = "RG_SHM_VNET" - $shm.network.vnet.name = $shm.id + "-VNET" + $shm.network.vnet.name = "VNET_SHM_" + $shm.id $shm.network.vnet.cidr = $shmBasePrefix + "." + $shmThirdOctet + ".0/21" $shm.network.subnets.identity = [ordered]@{} $shm.network.subnets.identity.prefix = $shmBasePrefix + "." + $shmThirdOctet @@ -78,13 +78,13 @@ function Get-ShmFullConfig{ # --- Domain controller config --- $shm.dc = [ordered]@{} $shm.dc.rg = "RG_SHM_DC" - $shm.dc.vmName = $shm.id + "-DC1" + $shm.dc.vmName = "DC1_SHM_" + $shm.id $shm.dc.hostname = $shm.dc.vmName $shm.dc.fqdn = $shm.dc.hostname + "." + $shm.domain.fqdn $shm.dc.ip = $shm.network.subnets.identity.prefix + ".250" # Backup AD DC details $shm.dcb = [ordered]@{} - $shm.dcb.vmName = $shm.id + "-DC2" + $shm.dcb.vmName = "DC2_SHM_" + $shm.id $shm.dcb.hostname = $shm.dcb.vmName $shm.dcb.fqdn = $shm.dcb.hostname + "." + $shm.domain.fqdn $shm.dcb.ip = $shm.network.subnets.identity.prefix + ".249" @@ -92,7 +92,7 @@ function Get-ShmFullConfig{ # --- NPS config --- $shm.nps = [ordered]@{} $shm.nps.rg = "RG_SHM_NPS" - $shm.nps.vmName = $shm.id + "-NPS" + $shm.nps.vmName = "NPS_SHM_" + $shm.id $shm.nps.ip = $shm.network.subnets.identity.prefix + ".248" # --- Storage config -- @@ -100,18 +100,19 @@ function Get-ShmFullConfig{ artifacts = [ordered]@{} } $shm.storage.artifacts.rg = "RG_SHM_ARTIFACTS" - $shm.storage.artifacts.accountName = $shm.id + "artifacts" + $shm.storage.artifacts.accountName = "shm" + $shm.id + "artifacts" # --- Secrets config --- $shm.keyVault = [ordered]@{} $shm.keyVault.rg = "RG_SHM_SECRETS" - $shm.keyVault.name = $shm.id + "secrets" + $shm.keyVault.name = "kv-shm-" + $shm.id $shm.keyVault.secretNames = [ordered]@{} - $shm.keyVault.secretNames.p2sRootCert= "sh-management-p2s-root-cert" - $shm.keyVault.secretNames.dc='sh-managment-dcadmin' - $shm.keyVault.secretNames.safemode='sh-managment-dcsafemode' - $shm.keyVault.secretNames.adsync='sh-managment-adsync' - $shm.keyVault.secretNames.vpncertificate='sh-managment-cert' + $shm.keyVault.secretNames.dcAdminUsername='shm-dc-admin-username' + $shm.keyVault.secretNames.dcAdminPassword='shm-dc-admin-password' + $shm.keyVault.secretNames.dcSafemodePassword='shm-dc-safemode-password' + $shm.keyVault.secretNames.adsyncPassword='shm-adsync-password' + $shm.keyVault.secretNames.vpnCaCertificate='shm-vpn-ca-cert' + $shm.keyVault.secretNames.vpnClientCertPassword='shm-vpn-client-cert-pwd' # --- DNS config --- $shm.dns = [ordered]@{} @@ -214,7 +215,7 @@ function Add-DsgConfig { } } $config.dsg.network.vnet.rg = "RG_DSG_VNET" - $config.dsg.network.vnet.name = "DSG_" + $config.dsg.domain.netbiosName + "_VNET1" + $config.dsg.network.vnet.name = "VNET_DSG" + $config.dsg.id $config.dsg.network.vnet.cidr = $dsgBasePrefix + "." + $dsgThirdOctet + ".0/21" $config.dsg.network.subnets.identity.name = "Subnet-Identity" $config.dsg.network.subnets.identity.prefix = $dsgBasePrefix + "." + $dsgThirdOctet @@ -225,6 +226,7 @@ function Add-DsgConfig { $config.dsg.network.subnets.data.name = "Subnet-Data" $config.dsg.network.subnets.data.prefix = $dsgBasePrefix + "." + ([int] $dsgThirdOctet + 2) $config.dsg.network.subnets.data.cidr = $config.dsg.network.subnets.data.prefix + ".0/24" + $config.dsg.network.subnets.gateway.name = "GatewaySubnet" # The Gateway subnet MUST be named 'GatewaySubnet' - see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#do-i-need-a-gatewaysubnet $config.dsg.network.subnets.gateway.prefix = $dsgBasePrefix + "." + ([int] $dsgThirdOctet + 7) $config.dsg.network.subnets.gateway.cidr = $config.dsg.network.subnets.gateway.prefix + ".0/27" $config.dsg.network.nsg.data.rg = "RG_DSG_LINUX" @@ -239,18 +241,18 @@ function Add-DsgConfig { # --- Secrets --- $config.dsg.keyVault = [ordered]@{ - name = "dsg-management-" + $config.shm.id # TODO: Once all scripts driven by this config make separate KeyVault per DSG + name = "kv-" + $config.shm.id + "-dsg" + $config.dsg.id } # --- Domain controller --- $config.dsg.dc = [ordered]@{} $config.dsg.dc.rg = "RG_DSG_DC" - $config.dsg.dc.vmName = "DSG" + $config.dsg.id + "DC" + $config.dsg.dc.vmName = "DC_DSG" + $config.dsg.id $config.dsg.dc.hostname = $config.dsg.dc.vmName $config.dsg.dc.fqdn = $config.dsg.dc.hostname + "." + $config.dsg.domain.fqdn $config.dsg.dc.ip = $config.dsg.network.subnets.identity.prefix + ".250" $config.dsg.dc.admin = [ordered]@{ - username = "atiadmin" + username = "dsgadmin" passwordSecretName = "dsg" + $config.dsg.id + "-dc-admin-password" # TODO: Current format targeted at using shm keyvault. Update if this changes. } @@ -292,16 +294,16 @@ function Add-DsgConfig { $config.dsg.rds.nsg.gateway.name = "NSG_RDS_Server" $config.dsg.rds.nsg.gateway.allowedSources = $dsgConfigBase.rdsAllowedSources $config.dsg.rds.nsg.sessionHosts.name = "NSG_SessionHosts" - $config.dsg.rds.gateway.vmName = "RDS" # TODO: Once all scripts driven by this config, change to: $config.dsg.domain.netbiosName + "_RDS" + $config.dsg.rds.gateway.vmName = "RDS_DSG" + $config.dsg.id $config.dsg.rds.gateway.hostname = $config.dsg.rds.gateway.vmName $config.dsg.rds.gateway.fqdn = $config.dsg.rds.gateway.hostname + "." + $config.dsg.domain.fqdn $config.dsg.rds.gateway.ip = $config.dsg.network.subnets.rds.prefix + ".250" $config.dsg.rds.gateway.npsSecretName = "dsg$($config.dsg.id)-nps-secret" - $config.dsg.rds.sessionHost1.vmName = "RDSSH1" # TODO: Once all scripts driven by this config, change to: $config.dsg.domain.netbiosName + "_RDSSH1" + $config.dsg.rds.sessionHost1.vmName = "RDSSH1_DSG" + $config.dsg.id $config.dsg.rds.sessionHost1.hostname = $config.dsg.rds.sessionHost1.vmName $config.dsg.rds.sessionHost1.fqdn = $config.dsg.rds.sessionHost1.hostname + "." + $config.dsg.domain.fqdn $config.dsg.rds.sessionHost1.ip = $config.dsg.network.subnets.rds.prefix + ".249" - $config.dsg.rds.sessionHost2.vmName = "RDSSH2" # TODO: Once all scripts driven by this config, change to: $config.dsg.domain.netbiosName + "_RDSSH2" + $config.dsg.rds.sessionHost2.vmName = "RDSSH2_DSG" + $config.dsg.id $config.dsg.rds.sessionHost2.hostname = $config.dsg.rds.sessionHost2.vmName $config.dsg.rds.sessionHost2.fqdn = $config.dsg.rds.sessionHost2.hostname + "." + $config.dsg.domain.fqdn $config.dsg.rds.sessionHost2.ip = $config.dsg.network.subnets.rds.prefix + ".248" @@ -311,7 +313,7 @@ function Add-DsgConfig { # Data server $config.dsg.dataserver = [ordered]@{} $config.dsg.dataserver.rg = "RG_DSG_DATA" - $config.dsg.dataserver.vmName = "DATASERVER" # TODO: Once all scripts driven by this config, change to: $config.dsg.domain.netbiosName + "_DATASERVER" + $config.dsg.dataserver.vmName = "DATA_DSG" + $config.dsg.id $config.dsg.dataserver.hostname = $config.dsg.dataserver.vmName $config.dsg.dataserver.fqdn = $config.dsg.dataserver.hostname + "." + $config.dsg.domain.fqdn $config.dsg.dataserver.ip = $config.dsg.network.subnets.data.prefix + ".250" @@ -323,12 +325,12 @@ function Add-DsgConfig { } $config.dsg.linux.rg = "RG_DSG_LINUX" $config.dsg.linux.nsg = "NSG_Linux_Servers" - $config.dsg.linux.gitlab.vmName = "GITLAB" # TODO: Once all scripts driven by this config, change to: $config.dsg.domain.netbiosName + "_GITLAB" + $config.dsg.linux.gitlab.vmName = "GITLAB_DSG" + $config.dsg.id $config.dsg.linux.gitlab.hostname = $config.dsg.linux.gitlab.vmName $config.dsg.linux.gitlab.fqdn = $config.dsg.linux.gitlab.hostname + "." + $config.dsg.domain.fqdn $config.dsg.linux.gitlab.ip = $config.dsg.network.subnets.data.prefix + ".151" $config.dsg.linux.gitlab.rootPasswordSecretName = "dsg" + $config.dsg.id + "-gitlab-root-password" - $config.dsg.linux.hackmd.vmName = "HACKMD" # TODO: Once all scripts driven by this config, change to: $config.dsg.domain.netbiosName + "_HACKMD" + $config.dsg.linux.hackmd.vmName = "HACKMD_DSG" + $config.dsg.id $config.dsg.linux.hackmd.hostname = $config.dsg.linux.hackmd.vmName $config.dsg.linux.hackmd.fqdn = $config.dsg.linux.hackmd.hostname + "." + $config.dsg.domain.fqdn $config.dsg.linux.hackmd.ip = $config.dsg.network.subnets.data.prefix + ".152" @@ -341,8 +343,8 @@ function Add-DsgConfig { $config.dsg.dsvm.vmImageType = $dsgConfigBase.computeVmImageType $config.dsg.dsvm.vmImageVersion = $dsgConfigBase.computeVmImageVersion $config.dsg.dsvm.admin = [ordered]@{ - username = "atiadmin" - passwordSecretName = "dsgroup" + $config.dsg.id + "-dsvm-admin-password" # TODO: Current format targeted at using shm keyvault. Update if this changes. + username = "dsgadmin" + passwordSecretName = "dsg" + $config.dsg.id + "-dsvm-admin-password" } $jsonOut = ($config | ConvertTo-Json -depth 10) diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 02e121a3dc..b601d86460 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -61,7 +61,7 @@ Once deployed, duplicate the `NS` record in the DNS Zone for the new domain / su ### Core SHM configuration properties The core properties for the Safe Haven Management (SHM) environment must be present in the `new_dsg_environment/dsg_configs/core` folder. These are also used when deploying a DSG environment. -The following core SHM properties must be defined in a JSON file named `shm__core_config.json`. The `shm_testb_core_config.json` provides an example. `artifactStorageAccount` and `vaultname` must be globally unique in Azure. `` is a short ID to identify the environment (e.g. `testb`). +The following core SHM properties must be defined in a JSON file named `shm__core_config.json`. The `shm_testb_core_config.json` provides an example. `artifactStorageAccount` and `vaultname` must be globally unique in Azure. `` is a short ID to identify the environment (e.g. `testb`). **NOTE:** The `netbiosName` must have a maximum length of 15 characters. @@ -71,8 +71,8 @@ The following core SHM properties must be defined in a JSON file named `shm_artifacts`", - "keyVaultName": "The name of the KeyVault that will contain secrets mangement environment. Must be GLOBALLY unique within Azure. We suggest the format `dsg-management-`" + "ipPrefix": "The three octet IP address prefix for the Class A range used by the management environment. Use 10.0.0 for this unless you have a good reason to use another prefix." } ``` @@ -112,7 +101,7 @@ The following core SHM properties must be defined in a JSON file named `shm_` Admins" group in the Turing corporate AAD as they all have Owner rights on all Turing safe haven subscriptions. - - If you are creating local users, set their usernames to `firstname.lastname@customdomain`, using the custom domain you set up in the earlier step. +4. Navigate to `Users` and add new admin users, setting their usernames to `admin.firstname.lastname@customdomain`, using the custom domain you set up in the earlier step. 5. In the user list on the Azure Active Directory, for each of the new admin users: - Click on the username in the user list to view the user's details - Click on `Directory role` in the left sidebar click `Add assignment` and search for "Global Administrator" @@ -217,7 +204,7 @@ For some steps, a dedicated **internal** Global Administrator is required (e.g. 4. **Ensure docker is running before attempting the next step** -5. Run `./setup_azure1.ps1` entering the `shId`, defined in the config file, when prompted +5. Run `./setup_azure1.ps1` entering the `shmId`, defined in the config file, when prompted 6. Once the script exits successfully you should see the following resource groups under the SHM-subscription (NB. names may differ slightly): @@ -257,31 +244,27 @@ A number of files are critical for the DSG deployment. They must be added to blo ### Configure Active Directory on SHMDC1 and SHMDC2 -1. Run `./configure_dc.ps1` entering the `shId`, defined in the config file, when prompted. This will run remote scripts on the DC VMs +1. Run `./configure_dc.ps1` entering the `shmId`, defined in the config file, when prompted. This will run remote scripts on the DC VMs -### Download and install the VPN Client from the virtual network VPN gateway +### Upload the P2S VPN CA Client certificate -1. Navigate to `/safe_haven_management/scripts/local/out/certs/out`. -2. Rename the `client.pfx` file `DSG-P2S--ClientCert.pfx` and updoad to the keyvault. -3. Rename the `caCert.pem` file `DSG-P2S--RootCert.pem` -4. Double click `client.pfx` to install it (on Mac). Enter `password`. -5. Next, on the portal navigate to the Safe Haven Management (SHM) VNet gateway in the SHM subscription via `Resource Groups -> RG_SHM_VNET -> SHM_VNET1_GW`. -6. Once there open the "Point-to-site configuration page under the "Settings" section in the left hand sidebar. -7. Click the "Download VPN client" link at the top of the page to get the root certificate (VpnServerRoot.cer) and VPN configuration file (VpnSettings.xml). +1. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Secrets` and copy the `shm-vpn-client-cert-pwd` secret. +2. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Certificates` and import the `SHM-P2S--ClientCert.pfx` file from `/safe_haven_management/scripts/local/out/certs/`. Make the certificate name `SHM-P2S--ClientCert` and enter the password you previously copied from the `shm-vpn-client-cert-pwd` secret. Note that this password is only used to decrypt the client certificate on upload. When you subsequently donwload the certificate, it will not be secured with a password. -8. Follow the [VPN set up instructions](https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert) using the Windows or Mac sections as appropriate. - - **NOTE:** Despite renaming the `client.pfx` file, the cert is imported into the OSX KeyVault under the name "client" and this is the name you must use for the "Local ID" +### Download a client VPN certificate for the Safe Haven Management VNet -You should now be able to connect to the virtual network. Each time you need to access the virtual network ensure you are connected to it. +1. Navigate to the SHM KeyVault via `Resource Groups -> RG_DSG_SECRETS -> kv-shm-`, where ``. -### Upload VPN certificates + - Once there open the "Certificates" page under the "Settings" section in the left hand sidebar. -The following are required to enable deployment of a DSG. + - Click on the certificate named `SHM-P2S--ClientCert`, click on the "current version" and click the "Download in PFX/PEM format" link. -1. On the Azure portal navigate to `Resource Groups -> RG_DSG_SECRETS -> keyvault -> Secrets`. Then create a new secret called `sh-management-p2s-root-cert` and copy the contents of `DSG-P2S--RootCert.pem` in `/safe_haven_management/scripts/local/out/certs` without the `BEGIN CERTIFICATE` and `END CERTIFICATE` lines. + - To install, double click on the downloaded certificate, leaving the password field blank. -2. Go to `Resource Groups -> RG_DSG_SECRETS -> keyvault -> Certificates` and import the `DSG-P2S--ClientCert.pfx` file from `/safe_haven_management/scripts/local/out/certst` and name it `DSG-P2S--ClientCert`. + - **Make sure to securely delete the "\*.pfx" certificate file after you have installed it.** + +You should now be able to connect to the SHM virtual network. Each time you need to access the virtual network ensure you are connected to it. ### Access the first Domain Controller (DC1) via Remote Desktop @@ -289,15 +272,12 @@ The following are required to enable deployment of a DSG. 2. Click `Add Desktop` -3. Navigate to the `RG_SHM_DC` resource group and then to the `SHMDC1` virtual machine (VM). +3. Navigate to the `RG_SHM_DC` resource group and then to the `DC1_SHM_` virtual machine (VM). 4. Copy the Private IP address and enter it in the `PC name` field on remote desktop. Click Add. -5. Double click on the desktop that appears under `saved desktops`. Enter the username and password: - - Username: atiadmin - - Password: - - - To obtain the password on Azure navigate to the `RG_DSG_SECRETS` resource group and then the `shmvault` key vault. On the left panel select `secrets` and click on `shm-managment-dcadmin`. You can then copy the secret to the clipboard and paste it into Microsoft Remote Desktop. +5. Double click on the desktop that appears under `saved desktops`. + - To obtain the username and password on Azure navigate to the `RG_DSG_SECRETS` resource group and then the `kv-shm-` key vault and then select `secrets` on the left hand panel. The username is in the `shm-dc-admin-username` secret and the password in the `shm-dc-admin-password` secret. ### Active Directory Configuration @@ -305,7 +285,7 @@ The following are required to enable deployment of a DSG. 2. Open `Active_Directory_Configuration.ps1` in a file editor. Then edit the following lines to use the custom domain name created earlier and save the file. The `$domainou` should be your custom domain split into parts separated by dots, with each of the parts included in the `$domainou` as comma-separated parts in the format `DC=`. - - $domainou = "DC=TESTB,DC=DSGROUPDEV,DC=CO,DC=UK" + - $domainou = "DC=DSGROUPDEV,DC=CO,DC=UK" - $domain = "TESTB.DSGROUPDEV.CO.UK" 3. Open powershell and navigate to `C:/Scripts/`. Run: @@ -434,14 +414,14 @@ Once you have accessed the VM via Remote Desktop: cd ./data-safe-haven/safe_haven_management_environment/setup ``` -1. Run `./setup_azure2.ps1` entering the `shId`, defined in the config file, when prompted. +1. Run `./setup_azure2.ps1` entering the `shmId`, defined in the config file, when prompted. The NPS server will now deploy. ### Configure the Network Policy Server 1. Connect to NPS Server using Microsoft Remote desktop, using the same procedure as for SHMDC1/SHMDC2, but using the private IP address for SHMNPS VM, which is found in the `RG_SHM_NPS` resource group. - - **NOTE:** The Username and Password is the same as for SHMDC1 and SHMDC2, but you must log in as a **domain** user rather than a local user (i.e. use `atiadmin@` rather than just `atiadmin`). + - **NOTE:** The Username and Password is the same as for SHMDC1 and SHMDC2, but you must log in as a **domain** user rather than a local user (i.e. use `dsgadmin@` rather than just `dsgadmin`). 2. On the Azure portal navigate to the `RG_DSG_ARTIFACTS` resource group and then the `dsgartifacts` storage account. Click on `Files` and then the `scripts` fileshare. @@ -517,8 +497,8 @@ This is because, without this policy, the NPS server will reject their authentic If you get a `New-msolserviceprincipalcredential: Access denied` error stating `You do not have permissions to call this cmdlet`, check the following: - Make sure you authenticate as the "Local Administrator" (`admin@customdomain`) user when prompted by the script. Other administrators added as guests will not work for this step. - Make sure you are logged in as a **domain** user rather than a local user. - - The output of the `whoami` command in powershell should be `netBiosDomain\atiadmin` rather than `SHMNPS\atiadmin` - - If it is not, reconnect to the remote desktop with the username `atiadmin@`, using the same password as before + - The output of the `whoami` command in powershell should be `netBiosDomain\dsgadmin` rather than `SHMNPS\dsgadmin` + - If it is not, reconnect to the remote desktop with the username `dsgadmin@`, using the same password as before - Make sure the Safe Haven Azure Active Directory has valid P1 licenses: - Go to the Azure Portal and click "Azure Active Directories" in the left hand side bar - Click "Licenses" in the left hand side bar diff --git a/safe_haven_management_environment/scripts/local/build/Dockerfile.certs b/safe_haven_management_environment/scripts/local/build/Dockerfile.certs index da6c21e9f7..9d2008f0d5 100644 --- a/safe_haven_management_environment/scripts/local/build/Dockerfile.certs +++ b/safe_haven_management_environment/scripts/local/build/Dockerfile.certs @@ -1,22 +1,28 @@ FROM ubuntu:18.04 +ARG SHM_ID +ARG CERT_NAME +ARG CLIENT_CERT_PASSWORD RUN apt-get update && apt-get upgrade -y && apt-get install -y \ strongswan \ libstrongswan-standard-plugins \ strongswan-pki \ openssl -ENV USERNAME client -ENV PASSWORD password + +ENV CA_KEY_FILESTEM ${CERT_NAME}-CaKey +ENV CA_CERT_FILESTEM ${CERT_NAME}-CaCert +ENV CLIENT_KEY_FILESTEM ${CERT_NAME}-ClientKey +ENV CLIENT_CERT_FILESTEM ${CERT_NAME}-ClientCert RUN mkdir /certs/ RUN mkdir /out/ -RUN ipsec pki --gen --outform pem > /certs/caKey.pem -RUN ipsec pki --self --in /certs/caKey.pem --dn "CN=VPN CA" --ca --outform pem > /certs/caCert.pem +RUN ipsec pki --gen --outform pem > /certs/${CA_KEY_FILESTEM}.pem +RUN ipsec pki --self --in /certs/${CA_KEY_FILESTEM}.pem --dn "CN=VPN CA" --ca --outform pem > /certs/${CA_CERT_FILESTEM}.pem -RUN openssl x509 -in /certs/caCert.pem -outform der | base64 -w0 ; echo +RUN openssl x509 -in /certs/${CA_CERT_FILESTEM}.pem -outform der | base64 -w0 ; echo -RUN ipsec pki --gen --outform pem > "/certs/${USERNAME}Key.pem" -RUN ipsec pki --pub --in "/certs/${USERNAME}Key.pem" | ipsec pki --issue --cacert /certs/caCert.pem --cakey /certs/caKey.pem --dn "CN=${USERNAME}" --san "${USERNAME}" --flag clientAuth --outform pem > "/certs/${USERNAME}Cert.pem" +RUN ipsec pki --gen --outform pem > "/certs/${CLIENT_KEY_FILESTEM}.pem" +RUN ipsec pki --pub --in "/certs/${CLIENT_KEY_FILESTEM}.pem" | ipsec pki --issue --cacert /certs/${CA_CERT_FILESTEM}.pem --cakey /certs/${CA_KEY_FILESTEM}.pem --dn "CN=${CERT_NAME}" --san "${CERT_NAME}" --flag clientAuth --outform pem > "/certs/${CLIENT_CERT_FILESTEM}.pem" -RUN openssl pkcs12 -in "/certs/${USERNAME}Cert.pem" -inkey "/certs/${USERNAME}Key.pem" -certfile /certs/caCert.pem -export -out "/certs/${USERNAME}.pfx" -password "pass:${PASSWORD}" +RUN openssl pkcs12 -in "/certs/${CLIENT_CERT_FILESTEM}.pem" -inkey "/certs/${CLIENT_KEY_FILESTEM}.pem" -certfile /certs/${CA_CERT_FILESTEM}.pem -export -out "/certs/${CLIENT_CERT_FILESTEM}.pfx" -password "pass:${CLIENT_CERT_PASSWORD}" diff --git a/safe_haven_management_environment/setup/setup_azure0.ps1 b/safe_haven_management_environment/setup/setup_azure0.ps1 index 3599005395..29f118968b 100644 --- a/safe_haven_management_environment/setup/setup_azure0.ps1 +++ b/safe_haven_management_environment/setup/setup_azure0.ps1 @@ -18,10 +18,10 @@ Set-AzContext -SubscriptionId $config.subscriptionName; # Create Resource Groups New-AzResourceGroup -Name $config.keyVault.rg -Location $config.location -# Create a keyvault and generate passwords +# Create a keyvault New-AzKeyVault -Name $config.keyVault.name -ResourceGroupName $config.keyVault.rg -Location $config.location -Write-Host "Before running the next step, make sure to add a policy to the KeyVault '$($config.keyVault.name)' in the '$($config.keyVault.rg)' resource group that allows gives the administrator security group for this Safe Haven instance rights to manage Keys, Secrets and Certificates." +Write-Host "Before running the next step, make sure to add a policy to the KeyVault '$($config.keyVault.name)' in the '$($config.keyVault.rg)' resource group that gives the administrator security group for this Safe Haven instance rights to manage Keys, Secrets and Certificates." # Switch back to original subscription Set-AzContext -Context $prevContext; \ No newline at end of file diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 91df9ce38f..4c8a3adbe1 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -18,35 +18,46 @@ Set-AzContext -SubscriptionId $config.subscriptionName; # Set VM Default Size $vmSize = "Standard_DS2_v2" # Fetch DC root user password (or create if not present) -$DCRootPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dc).SecretValueText; -if ($null -eq $DCRootPassword) { +$dcAdminPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcAdminPassword).SecretValueText; +if ($null -eq $dcAdminPassword) { # Create password locally but round trip via KeyVault to ensure it is successfully stored $newPassword = New-Password; $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); - Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dc -SecretValue $newPassword; - $DCRootPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dc ).SecretValueText; + Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminPassword -SecretValue $newPassword; + $dcAdminPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminPassword ).SecretValueText; } # Fetch DC root user password (or create if not present) -$DCSafemodePassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.safemode).SecretValueText; -if ($null -eq $DCSafemodePassword) { +$dcSafemodePassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcSafemodePasword).SecretValueText; +if ($null -eq $dcSafemodePassword) { # Create password locally but round trip via KeyVault to ensure it is successfully stored $newPassword = New-Password; $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); - Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.safemode -SecretValue $newPassword; - $DCSafemodePassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.safemode ).SecretValueText + Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcSafemodePassword -SecretValue $newPassword; + $dcSafemodePassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcSafemodePassword ).SecretValueText +} + +# Fetch VPN Client certificate password (or create if not present) +$vpnClientCertPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnClientCertPassword).SecretValueText; +if ($null -eq $dcSafemodePassword) { + # Create password locally but round trip via KeyVault to ensure it is successfully stored + $newPassword = New-Password; + $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); + Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword -SecretValue $newPassword; + $vpnClientCertPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword ).SecretValueText } # Generate certificates $cwd = Get-Location Set-Location -Path ../scripts/local/ -PassThru +$dockerArgs = "SHM_ID=${$config.id} CERT_NAME=SHM-P2S-${$config.id} CLIENT_CERT_PASSWORD=${vpnClientCertPassword}" # NB. Windows uses docker-compose.exe so check for this first, falling back to docker-compose if ((Get-Command "docker-compose.exe" -ErrorAction SilentlyContinue) -ne $null) { Write-Host "Using docker-compose.exe" - docker-compose.exe -f ./build/docker-compose.certs.yml up + docker-compose.exe -f ./build/docker-compose.certs.yml up -e $dockerArgs } else { Write-Host "Using docker-compose" - docker-compose -f ./build/docker-compose.certs.yml up + docker-compose -f ./build/docker-compose.certs.yml up -e $dockerArgs } Set-Location -Path $cwd -PassThru @@ -100,16 +111,17 @@ $artifactSasToken = (New-AccountSasToken -subscriptionName $config.subscriptionN -accountName $config.storage.artifacts.accountName -service Blob,File -resourceType Service,Container,Object ` -permission "rl" -validityHours 2); -# Run template files -# Deploy the shmvnet template -# The certificate only seems to works if the first and last line are removed, passed as a single string and white space removed -$cert = $(Get-Content -Path "../scripts/local/out/certs/caCert.pem") | Select-Object -Skip 1 | Select-Object -SkipLast 1 -$cert = [string]$cert -$cert = $cert.replace(" ", "") +# The certificate only seems to works if the first and last line are removed and it is passed as a single string with white space removed +$caCert = $(Get-Content -Path "../scripts/local/out/certs/caCert.pem") | Select-Object -Skip 1 | Select-Object -SkipLast 1 +$caCert = [string]$caCert +$caCert = $caCert.replace(" ", "") +# Store CA cert in KeyVault +Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCert -SecretValue $caCert; +$caCert = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCert ).SecretValueText; $vnetCreateParams = @{ "Virtual_Network_Name" = $config.network.vnet.name - "P2S_VPN_Certificate" = $cert + "P2S_VPN_Certificate" = $caCert "VNET_CIDR" = $config.network.vnet.cidr "Subnet_Identity_Name" = $config.network.subnets.identity.name "Subnet_Identity_CIDR" = $config.network.subnets.identity.cidr @@ -134,9 +146,9 @@ if($config.domain.netbiosName.length -gt $netbiosNameMaxLength) { New-AzResourceGroup -Name $config.dc.rg -Location $config.location New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg ` -templatefile "../arm_templates/shmdc/shmdc-template.json"` - -Administrator_User "atiadmin"` - -Administrator_Password (ConvertTo-SecureString $DCRootPassword -AsPlainText -Force)` - -SafeMode_Password (ConvertTo-SecureString $DCSafemodePassword -AsPlainText -Force)` + -Administrator_User $config.dc.admin.username ` + -Administrator_Password (ConvertTo-SecureString $dcAdminPassword -AsPlainText -Force)` + -SafeMode_Password (ConvertTo-SecureString $dcSafemodePassword -AsPlainText -Force)` -Virtual_Network_Resource_Group $config.network.vnet.rg ` -Artifacts_Location $artifactLocation ` -Artifacts_Location_SAS_Token (ConvertTo-SecureString $artifactSasToken -AsPlainText -Force)` diff --git a/safe_haven_management_environment/setup/setup_azure2.ps1 b/safe_haven_management_environment/setup/setup_azure2.ps1 index a71ce83a41..5ec58d1d36 100644 --- a/safe_haven_management_environment/setup/setup_azure2.ps1 +++ b/safe_haven_management_environment/setup/setup_azure2.ps1 @@ -16,11 +16,11 @@ $prevContext = Get-AzContext Set-AzContext -SubscriptionId $config.subscriptionName; New-AzResourceGroup -Name $config.nps.rg -Location $config.location -$DCRootPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dc).SecretValueText; +$dcAdminPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcAdminPassword).SecretValueText; New-AzResourceGroupDeployment -resourcegroupname $config.nps.rg` -templatefile "../arm_templates/shmnps/shmnps-template.json"` - -Administrator_User atiadmin ` - -Administrator_Password (ConvertTo-SecureString $DCRootPassword -AsPlainText -Force) ` + -Administrator_User $config.keyVault.secretNames.dcAdminUsername ` + -Administrator_Password (ConvertTo-SecureString $dcAdminPassword -AsPlainText -Force) ` -Virtual_Network_Resource_Group $config.network.vnet.rg ` -Domain_Name $config.domain.fqdn; From c80e7a7ea9965e2c38a5557bf519354c2a567d07 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Mon, 4 Nov 2019 23:53:48 +0000 Subject: [PATCH 021/107] Add dev2 core SHM config and update dev1 core config --- .../dsg_configs/core/shm_dev1_core_config.json | 6 +++--- .../dsg_configs/core/shm_dev2_core_config.json | 16 ++++++++++++++++ .../dsg_configs/full/dsg_dev1_full_config.json | 18 +++++++++--------- 3 files changed, 28 insertions(+), 12 deletions(-) create mode 100644 new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json diff --git a/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json index c8fc71a583..2516dbba90 100644 --- a/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json @@ -1,10 +1,10 @@ { - "subscriptionName": "Development SHM1", + "subscriptionName": "Turing Development SHM1", "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", - "domain": "safehavendev1.co.uk", + "domain": "dev1.dsgroupdev.co.uk", "netbiosName": "SAFEHAVENDEV1", "shmId": "dev1", - "name": "Development Safe Haven 1", + "name": "Turing Development Safe Haven 1", "organisation": { "name": "The Alan Turing Institute", "townCity": "London", diff --git a/new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json b/new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json new file mode 100644 index 0000000000..5821cb0b89 --- /dev/null +++ b/new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json @@ -0,0 +1,16 @@ +{ + "subscriptionName": "SHM Test B", + "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", + "domain": "dev1.dsgroupdev.co.uk", + "netbiosName": "SAFEHAVENDEV2", + "shmId": "dev2", + "name": "Turing Development Safe Haven 2", + "organisation": { + "name": "The Alan Turing Institute", + "townCity": "London", + "stateCountyRegion": "London", + "countryCode": "GB" + }, + "location": "uksouth", + "ipPrefix": "10.0.0" +} diff --git a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json index 8b620fec24..cf88474598 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json @@ -1,8 +1,8 @@ { "shm": { - "subscriptionName": "Development SHM1", + "subscriptionName": "Turing Development SHM1", "id": "dev1", - "name": "Development Safe Haven 1", + "name": "Turing Development Safe Haven 1", "organisation": { "name": "The Alan Turing Institute", "townCity": "London", @@ -11,12 +11,12 @@ }, "location": "uksouth", "domain": { - "fqdn": "safehavendev1.co.uk", + "fqdn": "dev1.dsgroupdev.co.uk", "netbiosName": "SAFEHAVENDEV1", - "dn": "DC=safehavendev1,DC=co,DC=uk", - "serviceOuPath": "OU=Safe Haven Service Accounts,DC=safehavendev1,DC=co,DC=uk", - "userOuPath": "OU=Safe Haven Research Users,DC=safehavendev1,DC=co,DC=uk", - "securityOuPath": "OU=Safe Haven Security Groups,DC=safehavendev1,DC=co,DC=uk", + "dn": "DC=dev1,DC=dsgroupdev,DC=co,DC=uk", + "serviceOuPath": "OU=Safe Haven Service Accounts,DC=dev1,DC=dsgroupdev,DC=co,DC=uk", + "userOuPath": "OU=Safe Haven Research Users,DC=dev1,DC=dsgroupdev,DC=co,DC=uk", + "securityOuPath": "OU=Safe Haven Security Groups,DC=dev1,DC=dsgroupdev,DC=co,DC=uk", "securityGroups": { "dsvmLdapUsers": { "name": "SG Data Science LDAP Users", @@ -52,13 +52,13 @@ "rg": "RG_SHM_DC", "vmName": "DC1_SHM_dev1", "hostname": "DC1_SHM_dev1", - "fqdn": "DC1_SHM_dev1.safehavendev1.co.uk", + "fqdn": "DC1_SHM_dev1.dev1.dsgroupdev.co.uk", "ip": "10.0.0.250" }, "dcb": { "vmName": "DC2_SHM_dev1", "hostname": "DC2_SHM_dev1", - "fqdn": "DC2_SHM_dev1.safehavendev1.co.uk", + "fqdn": "DC2_SHM_dev1.dev1.dsgroupdev.co.uk", "ip": "10.0.0.249" }, "nps": { From 43965e0dcc297e7255bc23e1c675885340fd7e2b Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Mon, 4 Nov 2019 23:54:22 +0000 Subject: [PATCH 022/107] Update AAD admin user section of SHM runbook --- .../azure-runbooks/SHM-Build-Instructions.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index b601d86460..70b235d69b 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -127,7 +127,7 @@ For some steps, a dedicated **internal** Global Administrator is required (e.g. 2. On the left hand panel click `Azure Active Directory`. 3. Navigate to `Users` and create a dedicated **internal** Global Administrator: - Click on "+New user" and enter the following details: - - Name: "Local admin" + - Name: "AAD Global Admin" - Username:`admin@customdomain` - Select the directory role to "Global Administrator" - Click "Create" @@ -139,7 +139,8 @@ For some steps, a dedicated **internal** Global Administrator is required (e.g. - Create a secret named `shm-aadadmin-password` in the KeyVault under the `RG_DSG_SECRETS` resource group in the management subscription. - Set the value of this secret to the password you just generated. - Once you have set your password and logged in you can administrate the Azure Active Directory with this user by selecting `Azure Active Directory` in the left hand sidebar -4. Navigate to `Users` and add new admin users, setting their usernames to `admin.firstname.lastname@customdomain`, using the custom domain you set up in the earlier step. +4. Navigate to `Users` and add new admin users, setting their names to `Admin - Firstname Lastname` and their usernames to `admin.firstname.lastname@customdomain`, using the custom domain you set up in the earlier step. +4. Let Azure set their passwords. They can reset these later. 5. In the user list on the Azure Active Directory, for each of the new admin users: - Click on the username in the user list to view the user's details - Click on `Directory role` in the left sidebar click `Add assignment` and search for "Global Administrator" From e7d421a650e3ed28cc5ec9d93cfc9cb847c6ce33 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Tue, 5 Nov 2019 09:57:44 +0000 Subject: [PATCH 023/107] Openssl cert generation + autoupload certs + be more idempotent in SHM deploy --- .../dsg_deploy_scripts/DsgConfig.psm1 | 3 +- .../azure-runbooks/SHM-Build-Instructions.md | 6 +- .../scripts/local/.gitignore | 1 - .../scripts/local/build/Dockerfile.certs | 28 --- .../local/build/docker-compose.certs.yml | 10 - .../setup/.gitignore | 1 + .../setup/setup_azure1.ps1 | 177 ++++++++++-------- 7 files changed, 107 insertions(+), 119 deletions(-) delete mode 100644 safe_haven_management_environment/scripts/local/.gitignore delete mode 100644 safe_haven_management_environment/scripts/local/build/Dockerfile.certs delete mode 100644 safe_haven_management_environment/scripts/local/build/docker-compose.certs.yml create mode 100644 safe_haven_management_environment/setup/.gitignore diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 5559d8b70b..17e2e67aa3 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -112,7 +112,8 @@ function Get-ShmFullConfig{ $shm.keyVault.secretNames.dcSafemodePassword='shm-dc-safemode-password' $shm.keyVault.secretNames.adsyncPassword='shm-adsync-password' $shm.keyVault.secretNames.vpnCaCertificate='shm-vpn-ca-cert' - $shm.keyVault.secretNames.vpnClientCertPassword='shm-vpn-client-cert-pwd' + $shm.keyVault.secretNames.vpnClientCertificate='shm-vpn-client-cert' + $shm.keyVault.secretNames.vpnClientCertPassword='shm-vpn-client-cert-password' # --- DNS config --- $shm.dns = [ordered]@{} diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 70b235d69b..6d28206f03 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -250,8 +250,8 @@ A number of files are critical for the DSG deployment. They must be added to blo ### Upload the P2S VPN CA Client certificate -1. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Secrets` and copy the `shm-vpn-client-cert-pwd` secret. -2. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Certificates` and import the `SHM-P2S--ClientCert.pfx` file from `/safe_haven_management/scripts/local/out/certs/`. Make the certificate name `SHM-P2S--ClientCert` and enter the password you previously copied from the `shm-vpn-client-cert-pwd` secret. Note that this password is only used to decrypt the client certificate on upload. When you subsequently donwload the certificate, it will not be secured with a password. +1. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Secrets` and copy the `shm-vpn-client-cert-password` secret. +2. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Certificates` and import the `SHM-P2S--Client.pfx` file from `/safe_haven_management/setup/certs/`. Make the certificate name `SHM-P2S--Client` and enter the password you previously copied from the `shm-vpn-client-cert-password` secret. Note that this password is only used to decrypt the client certificate on upload. When you subsequently donwload the certificate, it will not be secured with a password. ### Download a client VPN certificate for the Safe Haven Management VNet @@ -259,7 +259,7 @@ A number of files are critical for the DSG deployment. They must be added to blo - Once there open the "Certificates" page under the "Settings" section in the left hand sidebar. - - Click on the certificate named `SHM-P2S--ClientCert`, click on the "current version" and click the "Download in PFX/PEM format" link. + - Click on the certificate named `SHM-P2S--Client`, click on the "current version" and click the "Download in PFX/PEM format" link. - To install, double click on the downloaded certificate, leaving the password field blank. diff --git a/safe_haven_management_environment/scripts/local/.gitignore b/safe_haven_management_environment/scripts/local/.gitignore deleted file mode 100644 index c585e19389..0000000000 --- a/safe_haven_management_environment/scripts/local/.gitignore +++ /dev/null @@ -1 +0,0 @@ -out \ No newline at end of file diff --git a/safe_haven_management_environment/scripts/local/build/Dockerfile.certs b/safe_haven_management_environment/scripts/local/build/Dockerfile.certs deleted file mode 100644 index 9d2008f0d5..0000000000 --- a/safe_haven_management_environment/scripts/local/build/Dockerfile.certs +++ /dev/null @@ -1,28 +0,0 @@ -FROM ubuntu:18.04 -ARG SHM_ID -ARG CERT_NAME -ARG CLIENT_CERT_PASSWORD - -RUN apt-get update && apt-get upgrade -y && apt-get install -y \ -strongswan \ -libstrongswan-standard-plugins \ -strongswan-pki \ -openssl - -ENV CA_KEY_FILESTEM ${CERT_NAME}-CaKey -ENV CA_CERT_FILESTEM ${CERT_NAME}-CaCert -ENV CLIENT_KEY_FILESTEM ${CERT_NAME}-ClientKey -ENV CLIENT_CERT_FILESTEM ${CERT_NAME}-ClientCert - -RUN mkdir /certs/ -RUN mkdir /out/ - -RUN ipsec pki --gen --outform pem > /certs/${CA_KEY_FILESTEM}.pem -RUN ipsec pki --self --in /certs/${CA_KEY_FILESTEM}.pem --dn "CN=VPN CA" --ca --outform pem > /certs/${CA_CERT_FILESTEM}.pem - -RUN openssl x509 -in /certs/${CA_CERT_FILESTEM}.pem -outform der | base64 -w0 ; echo - -RUN ipsec pki --gen --outform pem > "/certs/${CLIENT_KEY_FILESTEM}.pem" -RUN ipsec pki --pub --in "/certs/${CLIENT_KEY_FILESTEM}.pem" | ipsec pki --issue --cacert /certs/${CA_CERT_FILESTEM}.pem --cakey /certs/${CA_KEY_FILESTEM}.pem --dn "CN=${CERT_NAME}" --san "${CERT_NAME}" --flag clientAuth --outform pem > "/certs/${CLIENT_CERT_FILESTEM}.pem" - -RUN openssl pkcs12 -in "/certs/${CLIENT_CERT_FILESTEM}.pem" -inkey "/certs/${CLIENT_KEY_FILESTEM}.pem" -certfile /certs/${CA_CERT_FILESTEM}.pem -export -out "/certs/${CLIENT_CERT_FILESTEM}.pfx" -password "pass:${CLIENT_CERT_PASSWORD}" diff --git a/safe_haven_management_environment/scripts/local/build/docker-compose.certs.yml b/safe_haven_management_environment/scripts/local/build/docker-compose.certs.yml deleted file mode 100644 index 0aa470bd4e..0000000000 --- a/safe_haven_management_environment/scripts/local/build/docker-compose.certs.yml +++ /dev/null @@ -1,10 +0,0 @@ -version: '3' - -services: - create-certs: - build: - context: .. - dockerfile: build/Dockerfile.certs - volumes: - - ../out/:/out/ - command: cp -R /certs/ /out/ diff --git a/safe_haven_management_environment/setup/.gitignore b/safe_haven_management_environment/setup/.gitignore new file mode 100644 index 0000000000..b2290143a4 --- /dev/null +++ b/safe_haven_management_environment/setup/.gitignore @@ -0,0 +1 @@ +certs diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 4c8a3adbe1..a39ea45a4d 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -23,86 +23,120 @@ if ($null -eq $dcAdminPassword) { # Create password locally but round trip via KeyVault to ensure it is successfully stored $newPassword = New-Password; $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); - Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminPassword -SecretValue $newPassword; + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminPassword -SecretValue $newPassword; $dcAdminPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminPassword ).SecretValueText; } # Fetch DC root user password (or create if not present) -$dcSafemodePassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcSafemodePasword).SecretValueText; +$dcSafemodePassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcSafemodePassword).SecretValueText; if ($null -eq $dcSafemodePassword) { # Create password locally but round trip via KeyVault to ensure it is successfully stored $newPassword = New-Password; $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); - Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcSafemodePassword -SecretValue $newPassword; + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcSafemodePassword -SecretValue $newPassword; $dcSafemodePassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcSafemodePassword ).SecretValueText } -# Fetch VPN Client certificate password (or create if not present) -$vpnClientCertPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnClientCertPassword).SecretValueText; -if ($null -eq $dcSafemodePassword) { - # Create password locally but round trip via KeyVault to ensure it is successfully stored - $newPassword = New-Password; - $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); - Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword -SecretValue $newPassword; - $vpnClientCertPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword ).SecretValueText -} - -# Generate certificates -$cwd = Get-Location -Set-Location -Path ../scripts/local/ -PassThru -$dockerArgs = "SHM_ID=${$config.id} CERT_NAME=SHM-P2S-${$config.id} CLIENT_CERT_PASSWORD=${vpnClientCertPassword}" -# NB. Windows uses docker-compose.exe so check for this first, falling back to docker-compose -if ((Get-Command "docker-compose.exe" -ErrorAction SilentlyContinue) -ne $null) { - Write-Host "Using docker-compose.exe" - docker-compose.exe -f ./build/docker-compose.certs.yml up -e $dockerArgs +$vpnClientCertificate = Get-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertificate +$vpnCaCertificate = Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificate +if($vpnClientCertificate -And $vpnCaCertificate){ + Write-Host "Both CA and Client certificates already exist in KeyVault. Skipping certificate creation." } else { - Write-Host "Using docker-compose" - docker-compose -f ./build/docker-compose.certs.yml up -e $dockerArgs -} -Set-Location -Path $cwd -PassThru + # Generate certificates + Write-Host "===Started creating certificates===" + # Fetch VPN Client certificate password (or create if not present) + $vpnClientCertPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnClientCertPassword).SecretValueText; + if ($null -eq $vpnClientCertPassword) { + # Create password locally but round trip via KeyVault to ensure it is successfully stored + $newPassword = New-Password; + $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword -SecretValue $newPassword; + $vpnClientCertPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword ).SecretValueText + } + # Generate keys and certificates + $validityDays = 365 + $certFolderPathName = "certs" + $certFolderPath = "$PSScriptRoot/$certFolderPathName" + $_ = new-item -Path $PSScriptRoot -Name $certFolderPathName -ItemType directory -Force + $caStem = "SHM-P2S-$($config.id)-CA" + $clientStem = "SHM-P2S-$($config.id)-Client" + # Create self-signed CA certificate + openssl req -subj "/CN=$caStem" -new -newkey rsa:2048 -sha256 -days $validityDays -nodes -x509 -keyout $certFolderPath/$caStem.key -out $certFolderPath/$caStem.crt + # Create Client key + openssl genrsa -out $certFolderPath/$clientStem.key 2048 + # Create Client CSR + openssl req -new -sha256 -key $certFolderPath/$clientStem.key -subj "/CN=$clientStem" -out $certFolderPath/$clientStem.csr + # Sign Client cert + openssl x509 -req -in $certFolderPath/$clientStem.csr -CA $certFolderPath/$caStem.crt -CAkey $certFolderPath/$caStem.key -CAcreateserial -out $certFolderPath/$clientStem.crt -days $validityDays -sha256 + # Create Client private key + signed cert bundle + openssl pkcs12 -in "$certFolderPath/$clientStem.crt" -inkey "$certFolderPath/$clientStem.key" -certfile $certFolderPath/$caStem.crt -export -out "$certFolderPath/$clientStem.pfx" -password "pass:$vpnClientCertPassword" + Write-Host "===Completed creating certificates===" + + # The certificate only seems to work for the VNET Gateway if the first and last line are removed and it is passed as a single string with white space removed + $vpnCaCertificate = $(Get-Content -Path "$certFolderPath/$caStem.crt") | Select-Object -Skip 1 | Select-Object -SkipLast 1 + $vpnCaCertificate = [string]$vpnCaCertificate + $vpnCaCertificate = $vpnCaCertificate.replace(" ", "") + + # Store CA cert in KeyVault + Write-Host "Storing CA cert in '$($config.keyVault.name)' KeyVault as secret $($config.keyVault.secretNames.vpnCaCertificate) (no private key)" + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertificate -SecretValue (ConvertTo-SecureString $vpnCaCertificate -AsPlainText -Force); + $vpnCaCertificate = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertificate ).SecretValueText; + + # Store Client key + cert bundle in KeyVault + Write-Host "Storing Client private key + cert bundle in '$($config.keyVault.name)' KeyVault as certificate $($config.keyVault.secretNames.vpnClientCertificate) (nincludes private key)" + $_ = Import-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyvault.secretNames.vpnClientCertificate -FilePath "$certFolderPath/$clientStem.pfx" -Password (ConvertTo-SecureString $vpnClientCertPassword -AsPlainText -Force); -# Setup resources -New-AzResourceGroup -Name $config.storage.artifacts.rg -Location $config.location -$storageAccount = New-AzStorageAccount -ResourceGroupName $config.storage.artifacts.rg -Name $config.storage.artifacts.accountName -Location $config.location -SkuName "Standard_LRS" -new-AzStoragecontainer -Name "dsc" -Context $storageAccount.Context -new-AzStoragecontainer -Name "scripts" -Context $storageAccount.Context - -New-AzStorageShare -Name 'scripts' -Context $storageAccount.Context -New-AzStorageShare -Name 'sqlserver' -Context $storageAccount.Context +} +# Setup storage account and upload artifacts +$storageAccountRg = $config.storage.artifacts.rg; +$storageAccountName = $config.storage.artifacts.accountName; +$storageAccountLocation = $config.location; +$_ = New-AzResourceGroup -Name $storageAccountRg -Location $storageAccountLocation -Force +$storageAccount = Get-AzStorageAccount -Name $storageAccountName -ResourceGroupName $storageAccountRg -ErrorVariable notExists -ErrorAction SilentlyContinue +if($notExists) { + Write-Host " - Creating storage account '$storageAccountName'" + $storageAccount = New-AzStorageAccount -Name $storageAccountName -ResourceGroupName $storageAccountRg -Location $storageAccountLocation -SkuName "Standard_LRS" -Kind "StorageV2" +} +# Create blob storage containers +"dsc", "scripts" | ForEach-Object { + $containerName = $_ + if(-not (Get-AzStorageContainer -Context $storageAccount.Context | Where-Object { $_.Name -eq "$containerName" })){ + Write-Host " - Creating container '$containerName' in storage account '$storageAccountName'" + $_ = New-AzStorageContainer -Name $containerName -Context $storageAccount.Context; + } +} +# Create file storage shares +"scripts", "sqlserver" | ForEach-Object { + $shareName = $_ + if(-not (Get-AzStorageShare -Context $storageAccount.Context | Where-Object { $_.Name -eq "$shareName" })){ + Write-Host " - Creating share '$shareName' in storage account '$storageAccountName'" + $_ = New-AzStorageShare -Name $shareName -Context $storageAccount.Context; + } +} # Create directories in file share -# New-AzStorageDirectory -Context $storageAccount.Context -ShareName "scripts" -Path "dc" -New-AzStorageDirectory -Context $storageAccount.Context -ShareName "scripts" -Path "nps" +"dc", "nps" | ForEach-Object { + $dirName = $_ + if(-not (Get-AzStorageFile -Context $storageAccount.Context -ShareName "scripts" | Where-Object { $_.Name -eq "$dirName" })){ + Write-Host " - Creating directory '$dirName' in file share 'scripts' in storage account '$storageAccountName'" + $_ = New-AzStorageDirectory -Path $dirName -Context $storageAccount.Context -ShareName "scripts"; + } +} # Upload files -Set-AzStorageBlobContent -Container "dsc" -Context $storageAccount.Context -File "../dsc/shmdc1/CreateADPDC.zip" -Set-AzStorageBlobContent -Container "dsc" -Context $storageAccount.Context -File "../dsc/shmdc2/CreateADBDC.zip" -Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "../scripts/dc/SHM_DC.zip" -Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "../scripts/nps/SHM_NPS.zip" +Set-AzStorageBlobContent -Container "dsc" -Context $storageAccount.Context -File "$PSScriptRoot/../dsc/shmdc1/CreateADPDC.zip" -Force +Set-AzStorageBlobContent -Container "dsc" -Context $storageAccount.Context -File "$PSScriptRoot/../dsc/shmdc2/CreateADBDC.zip" -Force +Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "$PSScriptRoot/../scripts/dc/SHM_DC.zip" -Force +Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "$PSScriptRoot/../scripts/nps/SHM_NPS.zip" -Force -# Get-ChildItem -File "../scripts/dc/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "dc/" -Context $storageAccount.Context -Get-ChildItem -File "../scripts/nps/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "nps/" -Context $storageAccount.Context +Get-ChildItem -File "$PSScriptRoot/../scripts/dc/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "dc/" -Context $storageAccount.Context -Force +Get-ChildItem -File "$PSScriptRoot/../scripts/nps/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "nps/" -Context $storageAccount.Context -Force -# Create folder for downloaded executables from Microsoft -if (-Not (Test-Path "temp")) { - New-Item -Name "temp" -ItemType "directory" -} -# Download SQLServer2017 -$outputFile = "temp/SQLServer2017-SSEI-Expr.exe" -if (-Not (Test-Path $outputFile -PathType Leaf)) { - Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/?linkid=853017" -OutFile $outputFile -} -# Download SSMS-Setup -$outputFile = "temp/SSMS-Setup-ENU.exe" -if (-Not (Test-Path $outputFile -PathType Leaf)) { - Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/?linkid=2088649" -OutFile $outputFile -} -# Upload executables to fileshare -Get-ChildItem -File "temp/" -Recurse | Set-AzStorageFileContent -ShareName "sqlserver" -Context $storageAccount.Context - -# Delete the local executable files -Remove-Item –path 'temp/' –recurse +# URI to Azure File copy does not support 302 redirect, so get the latest working endpoint redirected from "https://go.microsoft.com/fwlink/?linkid=853017" +Start-AzStorageFileCopy -AbsoluteUri "https://download.microsoft.com/download/5/E/9/5E9B18CC-8FD5-467E-B5BF-BADE39C51F73/SQLServer2017-SSEI-Expr.exe" -DestShareName "sqlserver" -DestFilePath "SQLServer2017-SSEI-Expr.exe" -DestContext $storageAccount.Context -Force +# URI to Azure File copy does not support 302 redirect, so get the latest working endpoint redirected from "https://go.microsoft.com/fwlink/?linkid=2088649" +Start-AzStorageFileCopy -AbsoluteUri "https://download.microsoft.com/download/5/4/E/54EC1AD8-042C-4CA3-85AB-BA307CF73710/SSMS-Setup-ENU.exe" -DestShareName "sqlserver" -DestFilePath "SSMS-Setup-ENU.exe" -DestContext $storageAccount.Context -Force # Get SAS token $artifactLocation = "https://" + $config.storage.artifacts.accountName + ".blob.core.windows.net"; @@ -111,17 +145,9 @@ $artifactSasToken = (New-AccountSasToken -subscriptionName $config.subscriptionN -accountName $config.storage.artifacts.accountName -service Blob,File -resourceType Service,Container,Object ` -permission "rl" -validityHours 2); -# The certificate only seems to works if the first and last line are removed and it is passed as a single string with white space removed -$caCert = $(Get-Content -Path "../scripts/local/out/certs/caCert.pem") | Select-Object -Skip 1 | Select-Object -SkipLast 1 -$caCert = [string]$caCert -$caCert = $caCert.replace(" ", "") -# Store CA cert in KeyVault -Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCert -SecretValue $caCert; -$caCert = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCert ).SecretValueText; - $vnetCreateParams = @{ "Virtual_Network_Name" = $config.network.vnet.name - "P2S_VPN_Certificate" = $caCert + "P2S_VPN_Certificate" = $vpnCaCertificate "VNET_CIDR" = $config.network.vnet.cidr "Subnet_Identity_Name" = $config.network.subnets.identity.name "Subnet_Identity_CIDR" = $config.network.subnets.identity.cidr @@ -133,9 +159,9 @@ $vnetCreateParams = @{ "VNET_DNS2" = $config.dcb.ip } -New-AzResourceGroup -Name $config.network.vnet.rg -Location $config.location +New-AzResourceGroup -Name $config.network.vnet.rg -Location $config.location -Force New-AzResourceGroupDeployment -resourcegroupname $config.network.vnet.rg ` - -templatefile "../arm_templates/shmvnet/shmvnet-template.json" ` + -templatefile "$PSScriptRoot/../arm_templates/shmvnet/shmvnet-template.json" ` @vnetCreateParams -Verbose; # Deploy the shmdc-template @@ -143,10 +169,10 @@ $netbiosNameMaxLength = 15 if($config.domain.netbiosName.length -gt $netbiosNameMaxLength) { throw "Netbios name must be no more than 15 characters long. '$($config.domain.netbiosName)' is $($config.domain.netbiosName.length) characters long." } -New-AzResourceGroup -Name $config.dc.rg -Location $config.location +New-AzResourceGroup -Name $config.dc.rg -Location $config.location -Force New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg ` - -templatefile "../arm_templates/shmdc/shmdc-template.json"` - -Administrator_User $config.dc.admin.username ` + -templatefile "$PSScriptRoot/../arm_templates/shmdc/shmdc-template.json"` + -Administrator_User $config.keyvault.secretNames.dcAdminUsername ` -Administrator_Password (ConvertTo-SecureString $dcAdminPassword -AsPlainText -Force)` -SafeMode_Password (ConvertTo-SecureString $dcSafemodePassword -AsPlainText -Force)` -Virtual_Network_Resource_Group $config.network.vnet.rg ` @@ -163,7 +189,6 @@ New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg ` -DC2_Host_Name $config.dcb.hostname ` -DC1_IP_Address $config.dc.ip ` -DC2_IP_Address $config.dcb.ip; - # Switch back to original subscription -Set-AzContext -Context $prevContext; \ No newline at end of file +Set-AzContext -Context $prevContext; From 1dfc93a518dbb0e22fd3b188c3969c2d8985e2f2 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Tue, 5 Nov 2019 09:58:07 +0000 Subject: [PATCH 024/107] Fix referencing of SHM DC template parameters --- .../arm_templates/shmdc/shmdc-template.json | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json b/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json index ebb321a66c..914064eaf9 100644 --- a/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json +++ b/safe_haven_management_environment/arm_templates/shmdc/shmdc-template.json @@ -88,8 +88,8 @@ } }, "variables": { - "dc1nic": "[concat(variables('DC1_VM_Name'),'_','NIC1')]", - "dc2nic": "[concat(variables('DC2_VM_Name'),'_','NIC1')]", + "dc1nic": "[concat(parameters('DC1_VM_Name'),'_','NIC1')]", + "dc2nic": "[concat(parameters('DC2_VM_Name'),'_','NIC1')]", "avsetname": "AVSET_SHM_VM_DC", "diagStorageAccountName": "[concat('diags',uniqueString(resourceGroup().id))]", "vnetID": "[resourceId(parameters('Virtual_Network_Resource_Group'), 'Microsoft.Network/virtualNetworks', parameters('Virtual_Network_Name'))]", @@ -112,7 +112,7 @@ }, { "type": "Microsoft.Compute/virtualMachines", - "name": "[variables('DC1_VM_Name')]", + "name": "[parameters('DC1_VM_Name')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -132,7 +132,7 @@ }, "osDisk": { "osType": "Windows", - "name": "[concat(variables('DC1_VM_Name'),'_OS_Disk')]", + "name": "[concat(parameters('DC1_VM_Name'),'_OS_Disk')]", "createOption": "FromImage", "caching": "ReadWrite", "writeAcceleratorEnabled": false, @@ -144,7 +144,7 @@ "dataDisks": [ { "lun": 0, - "name": "[concat(variables('DC1_VM_Name'),'_Data_Disk1')]", + "name": "[concat(parameters('DC1_VM_Name'),'_Data_Disk1')]", "createOption": "Empty", "caching": "None", "writeAcceleratorEnabled": false, @@ -156,7 +156,7 @@ ] }, "osProfile": { - "computerName": "[variables('DC1_Host_Name')]", + "computerName": "[parameters('DC1_Host_Name')]", "adminUsername": "[parameters('Administrator_User')]", "adminPassword": "[parameters('Administrator_Password')]", "windowsConfiguration": { @@ -190,11 +190,11 @@ "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('DC1_VM_Name'), '/CreateADForest')]", + "name": "[concat(parameters('DC1_VM_Name'), '/CreateADForest')]", "apiVersion": "2019-03-01", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('DC1_VM_Name'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('DC1_VM_Name'))]" ], "properties": { "publisher": "Microsoft.Powershell", @@ -241,7 +241,7 @@ { "name": "ipconfig1", "properties": { - "privateIPAddress": "[variables('DC1_IP_Address')]", + "privateIPAddress": "[parameters('DC1_IP_Address')]", "privateIPAllocationMethod": "Static", "subnet": { "id": "[variables('subnet')]" @@ -264,7 +264,7 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('DC1_VM_Name'), '/', 'bginfo')]", + "name": "[concat(parameters('DC1_VM_Name'), '/', 'bginfo')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -275,12 +275,12 @@ "typeHandlerVersion": "2.1" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('DC1_VM_Name'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('DC1_VM_Name'))]" ] }, { "type": "Microsoft.Compute/virtualMachines", - "name": "[variables('DC2_VM_Name')]", + "name": "[parameters('DC2_VM_Name')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -300,7 +300,7 @@ }, "osDisk": { "osType": "Windows", - "name": "[concat(variables('DC2_VM_Name'),'_OS_Disk')]", + "name": "[concat(parameters('DC2_VM_Name'),'_OS_Disk')]", "createOption": "FromImage", "caching": "ReadWrite", "writeAcceleratorEnabled": false, @@ -312,7 +312,7 @@ "dataDisks": [ { "lun": 0, - "name": "[concat(variables('DC2_VM_Name'),'_Data_Disk1')]", + "name": "[concat(parameters('DC2_VM_Name'),'_Data_Disk1')]", "createOption": "Empty", "caching": "None", "writeAcceleratorEnabled": false, @@ -324,7 +324,7 @@ ] }, "osProfile": { - "computerName": "[variables('DC2_Host_Name')]", + "computerName": "[parameters('DC2_Host_Name')]", "adminUsername": "[parameters('Administrator_User')]", "adminPassword": "[parameters('Administrator_Password')]", "windowsConfiguration": { @@ -358,12 +358,12 @@ "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('DC2_VM_Name'), '/CreateADBDC')]", + "name": "[concat(parameters('DC2_VM_Name'), '/CreateADBDC')]", "apiVersion": "2019-03-01", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('DC2_VM_Name'))]", - "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('DC1_VM_Name'), 'CreateADForest')]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('DC2_VM_Name'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('DC1_VM_Name'), 'CreateADForest')]" ], "properties": { "publisher": "Microsoft.Powershell", @@ -379,7 +379,7 @@ }, "configurationArguments": { "DomainName": "[parameters('Domain_Name')]", - "DNSServer": "[variables('DC1_IP_Address')]" + "DNSServer": "[parameters('DC1_IP_Address')]" } }, "protectedSettings": { @@ -410,7 +410,7 @@ { "name": "ipconfig1", "properties": { - "privateIPAddress": "[variables('DC2_IP_Address')]", + "privateIPAddress": "[parameters('DC2_IP_Address')]", "privateIPAllocationMethod": "Static", "subnet": { "id": "[variables('subnet')]" @@ -433,7 +433,7 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('DC2_VM_Name'), '/', 'bginfo')]", + "name": "[concat(parameters('DC2_VM_Name'), '/', 'bginfo')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -444,7 +444,7 @@ "typeHandlerVersion": "2.1" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('DC2_VM_Name'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('DC2_VM_Name'))]" ] }, { From 2b310ef9f5ddada893c3d7cfb7cd4379fe687daf Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Tue, 5 Nov 2019 10:32:06 +0000 Subject: [PATCH 025/107] Fix VM names in SGM + DSG configs --- .../dsg_configs/full/dsg_100_full_config.json | 59 ++++++++++--------- .../full/dsg_dev1_full_config.json | 59 ++++++++++--------- .../dsg_deploy_scripts/DsgConfig.psm1 | 20 +++---- 3 files changed, 70 insertions(+), 68 deletions(-) diff --git a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json index fbf200e53c..2eb065d524 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json @@ -50,20 +50,20 @@ }, "dc": { "rg": "RG_SHM_DC", - "vmName": "DC1_SHM_turing1", - "hostname": "DC1_SHM_turing1", - "fqdn": "DC1_SHM_turing1.turingsafehaven.ac.uk", + "vmName": "DC1-SHM-turing1", + "hostname": "DC1-SHM-turing1", + "fqdn": "DC1-SHM-turing1.turingsafehaven.ac.uk", "ip": "10.0.0.250" }, "dcb": { - "vmName": "DC2_SHM_turing1", - "hostname": "DC2_SHM_turing1", - "fqdn": "DC2_SHM_turing1.turingsafehaven.ac.uk", + "vmName": "DC2-SHM-turing1", + "hostname": "DC2-SHM-turing1", + "fqdn": "DC2-SHM-turing1.turingsafehaven.ac.uk", "ip": "10.0.0.249" }, "nps": { "rg": "RG_SHM_NPS", - "vmName": "NPS_SHM_turing1", + "vmName": "NPS-SHM-turing1", "ip": "10.0.0.248" }, "storage": { @@ -81,7 +81,8 @@ "dcSafemodePassword": "shm-dc-safemode-password", "adsyncPassword": "shm-adsync-password", "vpnCaCertificate": "shm-vpn-ca-cert", - "vpnClientCertPassword": "shm-vpn-client-cert-pwd" + "vpnClientCertificate": "shm-vpn-client-cert", + "vpnClientCertPassword": "shm-vpn-client-cert-password" } }, "dns": { @@ -170,9 +171,9 @@ }, "dc": { "rg": "RG_DSG_DC", - "vmName": "DC_DSG100", - "hostname": "DC_DSG100", - "fqdn": "DC_DSG100.dsgroup100.co.uk", + "vmName": "DC-DSG100", + "hostname": "DC-DSG100", + "fqdn": "DC-DSG100.dsgroup100.co.uk", "ip": "10.150.0.250", "admin": { "username": "dsgadmin", @@ -207,22 +208,22 @@ }, "rds": { "gateway": { - "vmName": "RDS_DSG100", - "hostname": "RDS_DSG100", - "fqdn": "RDS_DSG100.dsgroup100.co.uk", + "vmName": "RDS-DSG100", + "hostname": "RDS-DSG100", + "fqdn": "RDS-DSG100.dsgroup100.co.uk", "ip": "10.150.1.250", "npsSecretName": "dsg100-nps-secret" }, "sessionHost1": { - "vmName": "RDSSH1_DSG100", - "hostname": "RDSSH1_DSG100", - "fqdn": "RDSSH1_DSG100.dsgroup100.co.uk", + "vmName": "RDSSH1-DSG100", + "hostname": "RDSSH1-DSG100", + "fqdn": "RDSSH1-DSG100.dsgroup100.co.uk", "ip": "10.150.1.249" }, "sessionHost2": { - "vmName": "RDSSH2_DSG100", - "hostname": "RDSSH2_DSG100", - "fqdn": "RDSSH2_DSG100.dsgroup100.co.uk", + "vmName": "RDSSH2-DSG100", + "hostname": "RDSSH2-DSG100", + "fqdn": "RDSSH2-DSG100.dsgroup100.co.uk", "ip": "10.150.1.248" }, "rg": "RG_DSG_RDS", @@ -238,23 +239,23 @@ }, "dataserver": { "rg": "RG_DSG_DATA", - "vmName": "DATA_DSG100", - "hostname": "DATA_DSG100", - "fqdn": "DATA_DSG100.dsgroup100.co.uk", + "vmName": "DATA-DSG100", + "hostname": "DATA-DSG100", + "fqdn": "DATA-DSG100.dsgroup100.co.uk", "ip": "10.150.2.250" }, "linux": { "gitlab": { - "vmName": "GITLAB_DSG100", - "hostname": "GITLAB_DSG100", - "fqdn": "GITLAB_DSG100.dsgroup100.co.uk", + "vmName": "GITLAB-DSG100", + "hostname": "GITLAB-DSG100", + "fqdn": "GITLAB-DSG100.dsgroup100.co.uk", "ip": "10.150.2.151", "rootPasswordSecretName": "dsg100-gitlab-root-password" }, "hackmd": { - "vmName": "HACKMD_DSG100", - "hostname": "HACKMD_DSG100", - "fqdn": "HACKMD_DSG100.dsgroup100.co.uk", + "vmName": "HACKMD-DSG100", + "hostname": "HACKMD-DSG100", + "fqdn": "HACKMD-DSG100.dsgroup100.co.uk", "ip": "10.150.2.152" }, "rg": "RG_DSG_LINUX", diff --git a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json index cf88474598..17598c4c0a 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json @@ -50,20 +50,20 @@ }, "dc": { "rg": "RG_SHM_DC", - "vmName": "DC1_SHM_dev1", - "hostname": "DC1_SHM_dev1", - "fqdn": "DC1_SHM_dev1.dev1.dsgroupdev.co.uk", + "vmName": "DC1-SHM-dev1", + "hostname": "DC1-SHM-dev1", + "fqdn": "DC1-SHM-dev1.dev1.dsgroupdev.co.uk", "ip": "10.0.0.250" }, "dcb": { - "vmName": "DC2_SHM_dev1", - "hostname": "DC2_SHM_dev1", - "fqdn": "DC2_SHM_dev1.dev1.dsgroupdev.co.uk", + "vmName": "DC2-SHM-dev1", + "hostname": "DC2-SHM-dev1", + "fqdn": "DC2-SHM-dev1.dev1.dsgroupdev.co.uk", "ip": "10.0.0.249" }, "nps": { "rg": "RG_SHM_NPS", - "vmName": "NPS_SHM_dev1", + "vmName": "NPS-SHM-dev1", "ip": "10.0.0.248" }, "storage": { @@ -81,7 +81,8 @@ "dcSafemodePassword": "shm-dc-safemode-password", "adsyncPassword": "shm-adsync-password", "vpnCaCertificate": "shm-vpn-ca-cert", - "vpnClientCertPassword": "shm-vpn-client-cert-pwd" + "vpnClientCertificate": "shm-vpn-client-cert", + "vpnClientCertPassword": "shm-vpn-client-cert-password" } }, "dns": { @@ -170,9 +171,9 @@ }, "dc": { "rg": "RG_DSG_DC", - "vmName": "DC_DSGdev1", - "hostname": "DC_DSGdev1", - "fqdn": "DC_DSGdev1.dsgroupdev1.co.uk", + "vmName": "DC-DSGdev1", + "hostname": "DC-DSGdev1", + "fqdn": "DC-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.0.250", "admin": { "username": "dsgadmin", @@ -207,22 +208,22 @@ }, "rds": { "gateway": { - "vmName": "RDS_DSGdev1", - "hostname": "RDS_DSGdev1", - "fqdn": "RDS_DSGdev1.dsgroupdev1.co.uk", + "vmName": "RDS-DSGdev1", + "hostname": "RDS-DSGdev1", + "fqdn": "RDS-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.1.250", "npsSecretName": "dsgdev1-nps-secret" }, "sessionHost1": { - "vmName": "RDSSH1_DSGdev1", - "hostname": "RDSSH1_DSGdev1", - "fqdn": "RDSSH1_DSGdev1.dsgroupdev1.co.uk", + "vmName": "RDSSH1-DSGdev1", + "hostname": "RDSSH1-DSGdev1", + "fqdn": "RDSSH1-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.1.249" }, "sessionHost2": { - "vmName": "RDSSH2_DSGdev1", - "hostname": "RDSSH2_DSGdev1", - "fqdn": "RDSSH2_DSGdev1.dsgroupdev1.co.uk", + "vmName": "RDSSH2-DSGdev1", + "hostname": "RDSSH2-DSGdev1", + "fqdn": "RDSSH2-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.1.248" }, "rg": "RG_DSG_RDS", @@ -238,23 +239,23 @@ }, "dataserver": { "rg": "RG_DSG_DATA", - "vmName": "DATA_DSGdev1", - "hostname": "DATA_DSGdev1", - "fqdn": "DATA_DSGdev1.dsgroupdev1.co.uk", + "vmName": "DATA-DSGdev1", + "hostname": "DATA-DSGdev1", + "fqdn": "DATA-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.2.250" }, "linux": { "gitlab": { - "vmName": "GITLAB_DSGdev1", - "hostname": "GITLAB_DSGdev1", - "fqdn": "GITLAB_DSGdev1.dsgroupdev1.co.uk", + "vmName": "GITLAB-DSGdev1", + "hostname": "GITLAB-DSGdev1", + "fqdn": "GITLAB-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.2.151", "rootPasswordSecretName": "dsgdev1-gitlab-root-password" }, "hackmd": { - "vmName": "HACKMD_DSGdev1", - "hostname": "HACKMD_DSGdev1", - "fqdn": "HACKMD_DSGdev1.dsgroupdev1.co.uk", + "vmName": "HACKMD-DSGdev1", + "hostname": "HACKMD-DSGdev1", + "fqdn": "HACKMD-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.2.152" }, "rg": "RG_DSG_LINUX", diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 17e2e67aa3..2f3a3b4088 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -78,13 +78,13 @@ function Get-ShmFullConfig{ # --- Domain controller config --- $shm.dc = [ordered]@{} $shm.dc.rg = "RG_SHM_DC" - $shm.dc.vmName = "DC1_SHM_" + $shm.id + $shm.dc.vmName = "DC1-SHM-" + $shm.id $shm.dc.hostname = $shm.dc.vmName $shm.dc.fqdn = $shm.dc.hostname + "." + $shm.domain.fqdn $shm.dc.ip = $shm.network.subnets.identity.prefix + ".250" # Backup AD DC details $shm.dcb = [ordered]@{} - $shm.dcb.vmName = "DC2_SHM_" + $shm.id + $shm.dcb.vmName = "DC2-SHM-" + $shm.id $shm.dcb.hostname = $shm.dcb.vmName $shm.dcb.fqdn = $shm.dcb.hostname + "." + $shm.domain.fqdn $shm.dcb.ip = $shm.network.subnets.identity.prefix + ".249" @@ -92,7 +92,7 @@ function Get-ShmFullConfig{ # --- NPS config --- $shm.nps = [ordered]@{} $shm.nps.rg = "RG_SHM_NPS" - $shm.nps.vmName = "NPS_SHM_" + $shm.id + $shm.nps.vmName = "NPS-SHM-" + $shm.id $shm.nps.ip = $shm.network.subnets.identity.prefix + ".248" # --- Storage config -- @@ -248,7 +248,7 @@ function Add-DsgConfig { # --- Domain controller --- $config.dsg.dc = [ordered]@{} $config.dsg.dc.rg = "RG_DSG_DC" - $config.dsg.dc.vmName = "DC_DSG" + $config.dsg.id + $config.dsg.dc.vmName = "DC-DSG" + $config.dsg.id $config.dsg.dc.hostname = $config.dsg.dc.vmName $config.dsg.dc.fqdn = $config.dsg.dc.hostname + "." + $config.dsg.domain.fqdn $config.dsg.dc.ip = $config.dsg.network.subnets.identity.prefix + ".250" @@ -295,16 +295,16 @@ function Add-DsgConfig { $config.dsg.rds.nsg.gateway.name = "NSG_RDS_Server" $config.dsg.rds.nsg.gateway.allowedSources = $dsgConfigBase.rdsAllowedSources $config.dsg.rds.nsg.sessionHosts.name = "NSG_SessionHosts" - $config.dsg.rds.gateway.vmName = "RDS_DSG" + $config.dsg.id + $config.dsg.rds.gateway.vmName = "RDS-DSG" + $config.dsg.id $config.dsg.rds.gateway.hostname = $config.dsg.rds.gateway.vmName $config.dsg.rds.gateway.fqdn = $config.dsg.rds.gateway.hostname + "." + $config.dsg.domain.fqdn $config.dsg.rds.gateway.ip = $config.dsg.network.subnets.rds.prefix + ".250" $config.dsg.rds.gateway.npsSecretName = "dsg$($config.dsg.id)-nps-secret" - $config.dsg.rds.sessionHost1.vmName = "RDSSH1_DSG" + $config.dsg.id + $config.dsg.rds.sessionHost1.vmName = "RDSSH1-DSG" + $config.dsg.id $config.dsg.rds.sessionHost1.hostname = $config.dsg.rds.sessionHost1.vmName $config.dsg.rds.sessionHost1.fqdn = $config.dsg.rds.sessionHost1.hostname + "." + $config.dsg.domain.fqdn $config.dsg.rds.sessionHost1.ip = $config.dsg.network.subnets.rds.prefix + ".249" - $config.dsg.rds.sessionHost2.vmName = "RDSSH2_DSG" + $config.dsg.id + $config.dsg.rds.sessionHost2.vmName = "RDSSH2-DSG" + $config.dsg.id $config.dsg.rds.sessionHost2.hostname = $config.dsg.rds.sessionHost2.vmName $config.dsg.rds.sessionHost2.fqdn = $config.dsg.rds.sessionHost2.hostname + "." + $config.dsg.domain.fqdn $config.dsg.rds.sessionHost2.ip = $config.dsg.network.subnets.rds.prefix + ".248" @@ -314,7 +314,7 @@ function Add-DsgConfig { # Data server $config.dsg.dataserver = [ordered]@{} $config.dsg.dataserver.rg = "RG_DSG_DATA" - $config.dsg.dataserver.vmName = "DATA_DSG" + $config.dsg.id + $config.dsg.dataserver.vmName = "DATA-DSG" + $config.dsg.id $config.dsg.dataserver.hostname = $config.dsg.dataserver.vmName $config.dsg.dataserver.fqdn = $config.dsg.dataserver.hostname + "." + $config.dsg.domain.fqdn $config.dsg.dataserver.ip = $config.dsg.network.subnets.data.prefix + ".250" @@ -326,12 +326,12 @@ function Add-DsgConfig { } $config.dsg.linux.rg = "RG_DSG_LINUX" $config.dsg.linux.nsg = "NSG_Linux_Servers" - $config.dsg.linux.gitlab.vmName = "GITLAB_DSG" + $config.dsg.id + $config.dsg.linux.gitlab.vmName = "GITLAB-DSG" + $config.dsg.id $config.dsg.linux.gitlab.hostname = $config.dsg.linux.gitlab.vmName $config.dsg.linux.gitlab.fqdn = $config.dsg.linux.gitlab.hostname + "." + $config.dsg.domain.fqdn $config.dsg.linux.gitlab.ip = $config.dsg.network.subnets.data.prefix + ".151" $config.dsg.linux.gitlab.rootPasswordSecretName = "dsg" + $config.dsg.id + "-gitlab-root-password" - $config.dsg.linux.hackmd.vmName = "HACKMD_DSG" + $config.dsg.id + $config.dsg.linux.hackmd.vmName = "HACKMD-DSG" + $config.dsg.id $config.dsg.linux.hackmd.hostname = $config.dsg.linux.hackmd.vmName $config.dsg.linux.hackmd.fqdn = $config.dsg.linux.hackmd.hostname + "." + $config.dsg.domain.fqdn $config.dsg.linux.hackmd.ip = $config.dsg.network.subnets.data.prefix + ".152" From 935a781589594e535a4b2839e8cf01d628b2f865 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Tue, 5 Nov 2019 10:32:29 +0000 Subject: [PATCH 026/107] Get secret text when fetching certs from KeyVault --- safe_haven_management_environment/setup/setup_azure1.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index a39ea45a4d..6d6c0f85e7 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -37,8 +37,8 @@ if ($null -eq $dcSafemodePassword) { $dcSafemodePassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcSafemodePassword ).SecretValueText } -$vpnClientCertificate = Get-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertificate -$vpnCaCertificate = Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificate +$vpnClientCertificate = (Get-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertificate).SecretValueText +$vpnCaCertificate = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificate).SecretValueText if($vpnClientCertificate -And $vpnCaCertificate){ Write-Host "Both CA and Client certificates already exist in KeyVault. Skipping certificate creation." } else { From 37285ddf599650a4818971ba1b4ce2037c1d5a40 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Tue, 5 Nov 2019 11:36:41 +0000 Subject: [PATCH 027/107] Upload CA full cert with private key to KeyVault --- .../02_create_vnet/Create_VNET.ps1 | 2 +- .../dsg_deploy_scripts/DsgConfig.psm1 | 2 + .../azure-runbooks/SHM-Build-Instructions.md | 8 +-- .../setup/setup_azure1.ps1 | 55 +++++++++++++------ 4 files changed, 43 insertions(+), 24 deletions(-) diff --git a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 index 7ff56cc987..bd15d11a96 100644 --- a/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/02_create_vnet/Create_VNET.ps1 @@ -14,7 +14,7 @@ $prevContext = Get-AzContext $_ = Set-AzContext -SubscriptionId $config.dsg.subscriptionName; # Get P2S Root certificate for VNet Gateway -$cert = (Get-AzKeyVaultSecret -Name $config.shm.keyVault.secretNames.p2sRootCert -VaultName $config.shm.keyVault.name).SecretValue +$cert = (Get-AzKeyVaultSecret -Name $config.shm.keyVault.secretNames.vpnCaCertificatePlain -VaultName $config.shm.keyVault.name).SecretValue $vnetCreateParams = @{ "Virtual Network Name" = $config.dsg.network.vnet.name diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 2f3a3b4088..74a542064d 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -112,6 +112,8 @@ function Get-ShmFullConfig{ $shm.keyVault.secretNames.dcSafemodePassword='shm-dc-safemode-password' $shm.keyVault.secretNames.adsyncPassword='shm-adsync-password' $shm.keyVault.secretNames.vpnCaCertificate='shm-vpn-ca-cert' + $shm.keyVault.secretNames.vpnCaCertPassword='shm-vpn-ca-cert-password' + $shm.keyVault.secretNames.vpnCaCertificatePlain='shm-vpn-ca-cert-plain' $shm.keyVault.secretNames.vpnClientCertificate='shm-vpn-client-cert' $shm.keyVault.secretNames.vpnClientCertPassword='shm-vpn-client-cert-password' diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 6d28206f03..c7350b271e 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -247,19 +247,13 @@ A number of files are critical for the DSG deployment. They must be added to blo 1. Run `./configure_dc.ps1` entering the `shmId`, defined in the config file, when prompted. This will run remote scripts on the DC VMs - -### Upload the P2S VPN CA Client certificate - -1. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Secrets` and copy the `shm-vpn-client-cert-password` secret. -2. Go to `Resource Groups -> RG_SHM_SECRETS -> kv-shm- -> Certificates` and import the `SHM-P2S--Client.pfx` file from `/safe_haven_management/setup/certs/`. Make the certificate name `SHM-P2S--Client` and enter the password you previously copied from the `shm-vpn-client-cert-password` secret. Note that this password is only used to decrypt the client certificate on upload. When you subsequently donwload the certificate, it will not be secured with a password. - ### Download a client VPN certificate for the Safe Haven Management VNet 1. Navigate to the SHM KeyVault via `Resource Groups -> RG_DSG_SECRETS -> kv-shm-`, where ``. - Once there open the "Certificates" page under the "Settings" section in the left hand sidebar. - - Click on the certificate named `SHM-P2S--Client`, click on the "current version" and click the "Download in PFX/PEM format" link. + - Click on the certificate named `shm-vpn-client-cert`, click on the "current version" and click the "Download in PFX/PEM format" link. - To install, double click on the downloaded certificate, leaving the password field blank. diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 6d6c0f85e7..1d4e00a608 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -37,9 +37,15 @@ if ($null -eq $dcSafemodePassword) { $dcSafemodePassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcSafemodePassword ).SecretValueText } -$vpnClientCertificate = (Get-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertificate).SecretValueText -$vpnCaCertificate = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificate).SecretValueText -if($vpnClientCertificate -And $vpnCaCertificate){ +$vpnClientCertificate = (Get-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertificate).Certificate +$vpnCaCertificate = (Get-AzKeyVaultCertificate -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificate).Certificate +$vpnCaCertificatePlain = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificatePlain).SecretValueText + +# Define cert folder outside of conditional cert creation to ensure cleanup on nest run if code exits with error during cert creation +$certFolderPathName = "certs" +$certFolderPath = "$PSScriptRoot/$certFolderPathName" + +if($vpnClientCertificate -And $vpnCaCertificate -And $vpnCaCertificatePlain){ Write-Host "Both CA and Client certificates already exist in KeyVault. Skipping certificate creation." } else { # Generate certificates @@ -53,40 +59,57 @@ if($vpnClientCertificate -And $vpnCaCertificate){ $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword -SecretValue $newPassword; $vpnClientCertPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnClientCertPassword ).SecretValueText } + # Fetch VPN CA certificate password (or create if not present) + $vpnCaCertPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertPassword).SecretValueText; + if ($null -eq $vpnCaCertPassword) { + # Create password locally but round trip via KeyVault to ensure it is successfully stored + $newPassword = New-Password; + $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertPassword -SecretValue $newPassword; + $vpnCaCertPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertPassword ).SecretValueText + } + # Generate keys and certificates - $validityDays = 365 - $certFolderPathName = "certs" - $certFolderPath = "$PSScriptRoot/$certFolderPathName" + $caValidityDays = 2196 # 5 years + $clientValidityDays = 732 # 2 years $_ = new-item -Path $PSScriptRoot -Name $certFolderPathName -ItemType directory -Force $caStem = "SHM-P2S-$($config.id)-CA" $clientStem = "SHM-P2S-$($config.id)-Client" # Create self-signed CA certificate - openssl req -subj "/CN=$caStem" -new -newkey rsa:2048 -sha256 -days $validityDays -nodes -x509 -keyout $certFolderPath/$caStem.key -out $certFolderPath/$caStem.crt + openssl req -subj "/CN=$caStem" -new -newkey rsa:2048 -sha256 -days $caValidityDays -nodes -x509 -keyout $certFolderPath/$caStem.key -out $certFolderPath/$caStem.crt # Create Client key openssl genrsa -out $certFolderPath/$clientStem.key 2048 # Create Client CSR openssl req -new -sha256 -key $certFolderPath/$clientStem.key -subj "/CN=$clientStem" -out $certFolderPath/$clientStem.csr # Sign Client cert - openssl x509 -req -in $certFolderPath/$clientStem.csr -CA $certFolderPath/$caStem.crt -CAkey $certFolderPath/$caStem.key -CAcreateserial -out $certFolderPath/$clientStem.crt -days $validityDays -sha256 + openssl x509 -req -in $certFolderPath/$clientStem.csr -CA $certFolderPath/$caStem.crt -CAkey $certFolderPath/$caStem.key -CAcreateserial -out $certFolderPath/$clientStem.crt -days $clientValidityDays -sha256 # Create Client private key + signed cert bundle openssl pkcs12 -in "$certFolderPath/$clientStem.crt" -inkey "$certFolderPath/$clientStem.key" -certfile $certFolderPath/$caStem.crt -export -out "$certFolderPath/$clientStem.pfx" -password "pass:$vpnClientCertPassword" + # Create CA private key + signed cert bundle + openssl pkcs12 -in "$certFolderPath/$caStem.crt" -inkey "$certFolderPath/$caStem.key" -export -out "$certFolderPath/$caStem.pfx" -password "pass:$vpnCaCertPassword" Write-Host "===Completed creating certificates===" # The certificate only seems to work for the VNET Gateway if the first and last line are removed and it is passed as a single string with white space removed - $vpnCaCertificate = $(Get-Content -Path "$certFolderPath/$caStem.crt") | Select-Object -Skip 1 | Select-Object -SkipLast 1 - $vpnCaCertificate = [string]$vpnCaCertificate - $vpnCaCertificate = $vpnCaCertificate.replace(" ", "") + $vpnCaCertificatePlain = $(Get-Content -Path "$certFolderPath/$caStem.crt") | Select-Object -Skip 1 | Select-Object -SkipLast 1 + $vpnCaCertificatePlain = [string]$vpnCaCertificatePlain + $vpnCaCertificatePlain = $vpnCaCertificatePlain.replace(" ", "") # Store CA cert in KeyVault - Write-Host "Storing CA cert in '$($config.keyVault.name)' KeyVault as secret $($config.keyVault.secretNames.vpnCaCertificate) (no private key)" - $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertificate -SecretValue (ConvertTo-SecureString $vpnCaCertificate -AsPlainText -Force); - $vpnCaCertificate = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertificate ).SecretValueText; - + Write-Host "Storing CA cert in '$($config.keyVault.name)' KeyVault as secret $($config.keyVault.secretNames.vpnCaCertificatePlain) (no private key)" + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertificatePlain -SecretValue (ConvertTo-SecureString $vpnCaCertificatePlain -AsPlainText -Force); + $vpnCaCertificatePlain = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.vpnCaCertificatePlain ).SecretValueText; + + # Store CA key + cert bundle in KeyVault + Write-Host "Storing CA private key + cert bundle in '$($config.keyVault.name)' KeyVault as certificate $($config.keyVault.secretNames.vpnCaCertificate) (includes private key)" + $_ = Import-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyvault.secretNames.vpnCaCertificate -FilePath "$certFolderPath/$caStem.pfx" -Password (ConvertTo-SecureString $vpnCaCertPassword -AsPlainText -Force); + # Store Client key + cert bundle in KeyVault - Write-Host "Storing Client private key + cert bundle in '$($config.keyVault.name)' KeyVault as certificate $($config.keyVault.secretNames.vpnClientCertificate) (nincludes private key)" + Write-Host "Storing Client private key + cert bundle in '$($config.keyVault.name)' KeyVault as certificate $($config.keyVault.secretNames.vpnClientCertificate) (includes private key)" $_ = Import-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyvault.secretNames.vpnClientCertificate -FilePath "$certFolderPath/$clientStem.pfx" -Password (ConvertTo-SecureString $vpnClientCertPassword -AsPlainText -Force); } +# Delete local copies of certificates and private keys +Get-ChildItem $certFolderPath -Recurse | Remove-Item -Recurse # Setup storage account and upload artifacts $storageAccountRg = $config.storage.artifacts.rg; From fb939c5c884057ad536e6c067f64eff82786b44d Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 5 Nov 2019 12:12:52 +0000 Subject: [PATCH 028/107] Set Azure KeyVault Access Policy to SHM Admin Groups --- .../dsg_configs/core/shm_dev1_core_config.json | 1 + .../dsg_configs/core/shm_dev2_core_config.json | 1 + .../dsg_configs/core/shm_turing1_core_config.json | 1 + .../dsg_configs/full/dsg_100_full_config.json | 1 + .../dsg_configs/full/dsg_dev1_full_config.json | 1 + .../dsg_deploy_scripts/DsgConfig.psm1 | 1 + .../azure-runbooks/SHM-Build-Instructions.md | 14 -------------- .../setup/setup_azure0.ps1 | 4 ++-- 8 files changed, 8 insertions(+), 16 deletions(-) diff --git a/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json index 2516dbba90..6d601f7b83 100644 --- a/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_dev1_core_config.json @@ -1,5 +1,6 @@ { "subscriptionName": "Turing Development SHM1", + "adminSecurityGroupName" : "Safe Haven Test Admins", "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", "domain": "dev1.dsgroupdev.co.uk", "netbiosName": "SAFEHAVENDEV1", diff --git a/new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json b/new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json index 5821cb0b89..d822f394ba 100644 --- a/new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_dev2_core_config.json @@ -1,5 +1,6 @@ { "subscriptionName": "SHM Test B", + "adminSecurityGroupName" : "Safe Haven Test Admins", "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", "domain": "dev1.dsgroupdev.co.uk", "netbiosName": "SAFEHAVENDEV2", diff --git a/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json b/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json index 37e19fbd7d..c821fc0884 100644 --- a/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json +++ b/new_dsg_environment/dsg_configs/core/shm_turing1_core_config.json @@ -1,5 +1,6 @@ { "subscriptionName": "Turing Safe Haven Management", + "adminSecurityGroupName" : "Safe Haven Production Admins", "computeVmImageSubscriptionName": "Turing Safe Haven VM Images", "domain": "turingsafehaven.ac.uk", "netbiosName": "TURINGSAFEHAVEN", diff --git a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json index 2eb065d524..9045ddc59e 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json @@ -10,6 +10,7 @@ "countryCode": "GB" }, "location": "uksouth", + "adminSecurityGroupName": "Safe Haven Production Admins", "domain": { "fqdn": "turingsafehaven.ac.uk", "netbiosName": "TURINGSAFEHAVEN", diff --git a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json index 17598c4c0a..02b78440c2 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json @@ -10,6 +10,7 @@ "countryCode": "GB" }, "location": "uksouth", + "adminSecurityGroupName": "Safe Haven Test Admins", "domain": { "fqdn": "dev1.dsgroupdev.co.uk", "netbiosName": "SAFEHAVENDEV1", diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 2f3a3b4088..30b47a3fc4 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -32,6 +32,7 @@ function Get-ShmFullConfig{ $shm.name = $shmConfigBase.name $shm.organisation = $shmConfigBase.organisation $shm.location = $shmConfigBase.location + $shm.adminSecurityGroupName = $shmConfigBase.adminSecurityGroupName # --- Domain config --- $shm.domain = [ordered]@{} diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 6d28206f03..e150d04f37 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -104,20 +104,6 @@ The following core SHM properties must be defined in a JSON file named `shm_ Date: Tue, 5 Nov 2019 13:10:17 +0000 Subject: [PATCH 029/107] Store SHM + DSG admin username in KeyVault --- .../azure-runbooks/dsg_build_instructions.md | 18 +++++++++--------- .../03_create_dc/Create_AD_DC.ps1 | 11 ++++++++++- .../04_create_rds/Create_RDS_Servers.ps1 | 4 ++-- .../Create_Data_Server.ps1 | 4 ++-- .../Create_Web_App_Servers.ps1 | 4 ++-- .../dsg_deploy_scripts/DsgConfig.psm1 | 4 ++-- .../setup/setup_azure1.ps1 | 18 +++++++++++++----- 7 files changed, 40 insertions(+), 23 deletions(-) diff --git a/new_dsg_environment/azure-runbooks/dsg_build_instructions.md b/new_dsg_environment/azure-runbooks/dsg_build_instructions.md index bb6650906f..647af23de1 100644 --- a/new_dsg_environment/azure-runbooks/dsg_build_instructions.md +++ b/new_dsg_environment/azure-runbooks/dsg_build_instructions.md @@ -268,7 +268,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the new Domain controller via Remote Desktop client over the DSG VPN connection at the IP address `.250` (e.g. 10.250.x.250) -- Login with local admin user `dsgadmin` and the password for the DSG DC, which was created and stored in the `dsg-dc-admin-password` secret in the DSG KeyVault by the DC deployment script +- Login with local admin user and password for the DSG DC, which were created and stored in the `dsg-dc-admin-username` and `dsg-dc-admin-password` secrets in the DSG KeyVault by the DC deployment script - From the "Server Management" application, select `Tools -> Group Policy Management` @@ -322,7 +322,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **SHM Domain Controller** via Remote Desktop client over the VPN connection -- Login with domain user `\shmadmin` and the SHM DC admin password from the `shm-dc-admin-password` secret in the Safe Haven Management KeyVault +- Login with domain user `\User` and the SHM DC admin password from the `shm-dc-admin-password` secret in the Safe Haven Management KeyVault - From the "Server Management" application, select `Tools -> Active Directory Domains and Trust` @@ -340,7 +340,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor | Trust Type: | External Trust | | Direction of trust: | Two-way | | Sides of trust: | Both this domain and the specified domain | - | User name and password: | Domain admin user on the DSG domain. Format: `\Username>. User is "dsgadmin ". See DSG DC admin secret in DSG KeyVault for password. | + | User name and password: | Domain admin user on the DSG domain. Format: \Username>. See DSG `dsg-dc-admin-username` and `dsg-dc-admin-password` secrets in DSG KeyVault for username and password. | | Outgoing Trust Authentication Level-Local Domain: | Domain-wide authentication | | Outgoing Trust Authentication Level-Specified Domain: | Domain-wide authentication | @@ -386,7 +386,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **RDS Session Server 1 (RDSSH1)** via Remote Desktop client over the DSG VPN connection -- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the SHM KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\Username`. See DSG `dsg-dc-admin-username` and `dsg-dc-admin-password` secrets in DSG KeyVault for username and password (all DSG Windows servers use the same admin credentials) - Open `C:\Software\rdssh1-app-server` in Windows explorer @@ -398,7 +398,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **RDS Gateway** via Remote Desktop client over the DSG VPN connection -- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the DSG KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\Username`. See DSG `dsg-dc-admin-username` and `dsg-dc-admin-password` secrets in DSG KeyVault for username and password. (all DSG Windows servers use the same admin credentials) - Open a PowerShell command window with elevated privileges - make sure to use the `Windows PowerShell` application, not the `Windows PowerShell (x86)` application. The required server managment commandlets are not installed on the x86 version. @@ -514,7 +514,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **SHM Domain Controller** via Remote Desktop client over the VPN connection -- Login with domain user `\shmadmin` and the SHM DC admin password from the `shm-dc-admin-password` secret in the Safe Haven Management KeyVault +- Login with **SHM** domain user `\User` See **SHM** `dsg-dc-admin-username` and `shm-dc-admin-password` secrets in the **SHM** KeyVault for username and password. - In the "Server Management" app, click `Tools -> Active Directory Users and Computers` @@ -560,7 +560,7 @@ Each DSG must be assigned it's own unique IP address space, and it is very impor - Connect to the **RDS Session Server 2 (RDSSH1)** via Remote Desktop client over the DSG VPN connection -- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the `dsg-dc-admin-password` secret from the SHM KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\Username`. See DSG `dsg-dc-admin-username` and `dsg-dc-admin-password` secrets in DSG KeyVault for username and password (all DSG Windows servers use the same admin credentials) - Open `C:\Software\rdssh2-virtual-desktop-server` in Windows explorer @@ -654,7 +654,7 @@ To deploy a compute VM you will need the following available on the machine you - Activate boot diagnostics on the VM and click save. You need to stay on that screen until the activation is complete. - Go back to the VM panel and click on the "Serial console" item near the bottom of the VM menu on the left habnd side of the VM panel. - If you are not prompted with `login:`, hit enter until the prompt appears -- Enter `dsgadmin` for the username +- Enter the username from the `dsg-dsvm-admin-password` secret in the DSG KeyVault. - Enter the password from the `dsg-dsvm-admin-password` secret in the DSG KeyVault. - To validate that our custom `cloud-init.yaml` file has been successfully uploaded, run `sudo cat /var/lib/cloud/instance/user-data.txt`. You should see the contents of the `new_dsg_environment/azure-vms/DSG_configs/cloud-init-compute-vm-DSG-.yaml` file in the Safe Haven git repository. - To see the output of our custom `cloud-init.yaml` file, run `sudo tail -n 200 /var/log/cloud-init-output.log` and scroll up. @@ -695,7 +695,7 @@ To run the smoke tests: - Connect to the **DSG Dataserver** via Remote Desktop client over the DSG VPN connection. Ensure that the Remote Desktop client configuration shares the Safe Haven repository folder on your local machine with the Dataserver (or you have another way to transfer files between your local machine and the Dataserver VM). -- Login with domain user `\dsgadmin` and the **DSG DC** admin password from the DSG KeyVault (all DSG Windows servers use the same admin credentials) +- Login with domain user `\Username`. See DSG `dsg-dc-admin-username` and `dsg-dc-admin-password` secrets in DSG KeyVault for username and password (all DSG Windows servers use the same admin credentials) - Copy the `package_lists` and `tests` folders from your local `/new_dsg_environment/azure-vms/` folder to a `dsg_tests` folder on within the `F:\Data` folder on the DSG Dataserver. diff --git a/new_dsg_environment/dsg_deploy_scripts/03_create_dc/Create_AD_DC.ps1 b/new_dsg_environment/dsg_deploy_scripts/03_create_dc/Create_AD_DC.ps1 index b138d376b2..a6468544a8 100644 --- a/new_dsg_environment/dsg_deploy_scripts/03_create_dc/Create_AD_DC.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/03_create_dc/Create_AD_DC.ps1 @@ -68,6 +68,15 @@ $artifactSasToken = (ConvertTo-SecureString $artifactSasToken -AsPlainText -Forc # Temporarily switch to DSG subscription $_ = Set-AzContext -SubscriptionId $config.dsg.subscriptionName; +# Fetch DC admin username (or create if not present) +$dcAdminUsername = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.dsg.dc.usernameSecretName).SecretValueText; +if ($null -eq $dcAdminPassword) { + # Create password locally but round trip via KeyVault to ensure it is successfully stored + $newPassword = New-Password; + $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.dsg.dc.usernameSecretName -SecretValue $newPassword; + $dcAdminUsername = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.dsg.dc.usernameSecretName ).SecretValueText; +} # Fetch admin password (or create if not present) $adminPassword = (Get-AzKeyVaultSecret -vaultName $config.dsg.keyVault.name -name $config.dsg.dc.admin.passwordSecretName).SecretValueText; if ($null -eq $adminPassword) { @@ -87,7 +96,7 @@ $params = @{ "DC Name" = $config.dsg.dc.vmName "VM Size" = $vmSize "IP Address" = $config.dsg.dc.ip - "Administrator User" = $config.dsg.dc.admin.username + "Administrator User" = $dcAdminUsername "Administrator Password" = $adminPassword "Virtual Network Name" = $config.dsg.network.vnet.name "Virtual Network Resource Group" = $config.dsg.network.vnet.rg diff --git a/new_dsg_environment/dsg_deploy_scripts/04_create_rds/Create_RDS_Servers.ps1 b/new_dsg_environment/dsg_deploy_scripts/04_create_rds/Create_RDS_Servers.ps1 index 1d375f0654..6ccf4efcbf 100644 --- a/new_dsg_environment/dsg_deploy_scripts/04_create_rds/Create_RDS_Servers.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/04_create_rds/Create_RDS_Servers.ps1 @@ -14,7 +14,7 @@ $prevContext = Get-AzContext $_ = Set-AzContext -SubscriptionId $config.dsg.subscriptionName; # Admin user credentials (must be same as for DSG DC for now) -$adminUser = $config.dsg.dc.admin.username +$adminUsername = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.dsg.dc.usernameSecretName).SecretValueText; $adminPassword = (Get-AzKeyVaultSecret -vaultName $config.dsg.keyVault.name -name $config.dsg.dc.admin.passwordSecretName).SecretValueText # VM sizes @@ -31,7 +31,7 @@ $params = @{ "RDS Session Host 2 Name" = $config.dsg.rds.sessionHost2.vmName "RDS Session Host 2 VM Size" = $rdsHostVmSize "RDS Session Host 2 IP Address" = $config.dsg.rds.sessionHost2.ip - "Administrator User" = $adminUser + "Administrator User" = $adminUsername "Administrator Password" = (ConvertTo-SecureString $adminPassword -AsPlainText -Force) "Virtual Network Name" = $config.dsg.network.vnet.name "Virtual Network Resource Group" = $config.dsg.network.vnet.rg diff --git a/new_dsg_environment/dsg_deploy_scripts/05_create_dataserver/Create_Data_Server.ps1 b/new_dsg_environment/dsg_deploy_scripts/05_create_dataserver/Create_Data_Server.ps1 index 2a27131595..58de572d1d 100644 --- a/new_dsg_environment/dsg_deploy_scripts/05_create_dataserver/Create_Data_Server.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/05_create_dataserver/Create_Data_Server.ps1 @@ -14,7 +14,7 @@ $prevContext = Get-AzContext $_ = Set-AzContext -SubscriptionId $config.dsg.subscriptionName; # Admin user credentials (must be same as for DSG DC for now) -$adminUser = $config.dsg.dc.admin.username +$adminUsername = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.dsg.dc.usernameSecretName).SecretValueText; $adminPassword = (Get-AzKeyVaultSecret -vaultName $config.dsg.keyVault.name -name $config.dsg.dc.admin.passwordSecretName).SecretValueText $vmSize = "Standard_B2ms" @@ -24,7 +24,7 @@ $params = @{ "Domain Name" = $config.dsg.domain.fqdn "VM Size" = $vmSize "IP Address" = $config.dsg.dataserver.ip -"Administrator User" = $adminUser +"Administrator User" = $adminUsername "Administrator Password" = (ConvertTo-SecureString $adminPassword -AsPlainText -Force) "Virtual Network Name" = $config.dsg.network.vnet.name "Virtual Network Resource Group" = $config.dsg.network.vnet.rg diff --git a/new_dsg_environment/dsg_deploy_scripts/06_create_web_application_servers/Create_Web_App_Servers.ps1 b/new_dsg_environment/dsg_deploy_scripts/06_create_web_application_servers/Create_Web_App_Servers.ps1 index b93bfe6a9c..8b44e016d3 100644 --- a/new_dsg_environment/dsg_deploy_scripts/06_create_web_application_servers/Create_Web_App_Servers.ps1 +++ b/new_dsg_environment/dsg_deploy_scripts/06_create_web_application_servers/Create_Web_App_Servers.ps1 @@ -18,7 +18,7 @@ $_ = Set-AzContext -SubscriptionId $config.dsg.subscriptionName; Get-AzMarketplaceTerms -Publisher gitlab -Product gitlab-ce -Name gitlab-ce | Set-AzMarketplaceTerms -Accept # Admin user credentials (must be same as for DSG DC for now) -$adminUser = $config.dsg.dc.admin.username +$adminUsername = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.dsg.dc.usernameSecretName).SecretValueText; $adminPassword = (Get-AzKeyVaultSecret -vaultName $config.dsg.keyVault.name -name $config.dsg.dc.admin.passwordSecretName).SecretValueText # VM sizes @@ -89,7 +89,7 @@ $params = @{ "HACKMD Server Name" = $config.dsg.linux.hackmd.vmName "HACKMD VM Size" = $hackmdVMSize "HACKMD IP Address" = $config.dsg.linux.hackmd.ip -"Administrator User" = $adminUser +"Administrator User" = $adminUsername "Administrator Password" = (ConvertTo-SecureString $adminPassword -AsPlainText -Force) "Virtual Network Name" = $config.dsg.network.vnet.name "Virtual Network Resource Group" = $config.dsg.network.vnet.rg diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 74a542064d..511b309bd5 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -255,8 +255,8 @@ function Add-DsgConfig { $config.dsg.dc.fqdn = $config.dsg.dc.hostname + "." + $config.dsg.domain.fqdn $config.dsg.dc.ip = $config.dsg.network.subnets.identity.prefix + ".250" $config.dsg.dc.admin = [ordered]@{ - username = "dsgadmin" - passwordSecretName = "dsg" + $config.dsg.id + "-dc-admin-password" # TODO: Current format targeted at using shm keyvault. Update if this changes. + usernameSecretName = "dsg" + $config.dsg.id + "-dc-admin-username" + passwordSecretName = "dsg" + $config.dsg.id + "-dc-admin-password" } # --- Domain users --- diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 1d4e00a608..a2c225c16d 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -17,7 +17,16 @@ Set-AzContext -SubscriptionId $config.subscriptionName; # Set VM Default Size $vmSize = "Standard_DS2_v2" -# Fetch DC root user password (or create if not present) +# Fetch DC admin username (or create if not present) +$dcAdminUsername = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcAdminUsername).SecretValueText; +if ($null -eq $dcAdminPassword) { + # Create password locally but round trip via KeyVault to ensure it is successfully stored + $newPassword = New-Password; + $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); + $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminUsername -SecretValue $newPassword; + $dcAdminUsername = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminUsername ).SecretValueText; +} +# Fetch DC admin user password (or create if not present) $dcAdminPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcAdminPassword).SecretValueText; if ($null -eq $dcAdminPassword) { # Create password locally but round trip via KeyVault to ensure it is successfully stored @@ -26,8 +35,7 @@ if ($null -eq $dcAdminPassword) { $_ = Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminPassword -SecretValue $newPassword; $dcAdminPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.dcAdminPassword ).SecretValueText; } - -# Fetch DC root user password (or create if not present) +# Fetch DC safe mode password (or create if not present) $dcSafemodePassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcSafemodePassword).SecretValueText; if ($null -eq $dcSafemodePassword) { # Create password locally but round trip via KeyVault to ensure it is successfully stored @@ -170,7 +178,7 @@ $artifactSasToken = (New-AccountSasToken -subscriptionName $config.subscriptionN $vnetCreateParams = @{ "Virtual_Network_Name" = $config.network.vnet.name - "P2S_VPN_Certificate" = $vpnCaCertificate + "P2S_VPN_Certificate" = $vpnCaCertificatePlain "VNET_CIDR" = $config.network.vnet.cidr "Subnet_Identity_Name" = $config.network.subnets.identity.name "Subnet_Identity_CIDR" = $config.network.subnets.identity.cidr @@ -195,7 +203,7 @@ if($config.domain.netbiosName.length -gt $netbiosNameMaxLength) { New-AzResourceGroup -Name $config.dc.rg -Location $config.location -Force New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg ` -templatefile "$PSScriptRoot/../arm_templates/shmdc/shmdc-template.json"` - -Administrator_User $config.keyvault.secretNames.dcAdminUsername ` + -Administrator_User $dcAdminUsername ` -Administrator_Password (ConvertTo-SecureString $dcAdminPassword -AsPlainText -Force)` -SafeMode_Password (ConvertTo-SecureString $dcSafemodePassword -AsPlainText -Force)` -Virtual_Network_Resource_Group $config.network.vnet.rg ` From c982def94a5f3c8c267f812450090abd2cf22501 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Tue, 5 Nov 2019 13:23:23 +0000 Subject: [PATCH 030/107] Drop redundant DC/NPS script upload to file storage - Also refactors script folders to match DSG (i.e. zip + source directory) --- .../Active_Directory_Configuration.ps1 | 0 .../dc/{SHM_DC => source}/Set_OS_Language.ps1 | 0 .../scripts/dc/{SHM_DC => source}/map_drive.ps1 | 0 .../nps/{ => source}/ConfigurationFile.ini | Bin .../scripts/nps/{ => source}/Create_Database.sql | 0 .../nps/{ => source}/Prepare_NPS_Server.ps1 | 0 .../setup/setup_azure1.ps1 | 14 +------------- 7 files changed, 1 insertion(+), 13 deletions(-) rename safe_haven_management_environment/scripts/dc/{SHM_DC => source}/Active_Directory_Configuration.ps1 (100%) rename safe_haven_management_environment/scripts/dc/{SHM_DC => source}/Set_OS_Language.ps1 (100%) rename safe_haven_management_environment/scripts/dc/{SHM_DC => source}/map_drive.ps1 (100%) rename safe_haven_management_environment/scripts/nps/{ => source}/ConfigurationFile.ini (100%) rename safe_haven_management_environment/scripts/nps/{ => source}/Create_Database.sql (100%) rename safe_haven_management_environment/scripts/nps/{ => source}/Prepare_NPS_Server.ps1 (100%) diff --git a/safe_haven_management_environment/scripts/dc/SHM_DC/Active_Directory_Configuration.ps1 b/safe_haven_management_environment/scripts/dc/source/Active_Directory_Configuration.ps1 similarity index 100% rename from safe_haven_management_environment/scripts/dc/SHM_DC/Active_Directory_Configuration.ps1 rename to safe_haven_management_environment/scripts/dc/source/Active_Directory_Configuration.ps1 diff --git a/safe_haven_management_environment/scripts/dc/SHM_DC/Set_OS_Language.ps1 b/safe_haven_management_environment/scripts/dc/source/Set_OS_Language.ps1 similarity index 100% rename from safe_haven_management_environment/scripts/dc/SHM_DC/Set_OS_Language.ps1 rename to safe_haven_management_environment/scripts/dc/source/Set_OS_Language.ps1 diff --git a/safe_haven_management_environment/scripts/dc/SHM_DC/map_drive.ps1 b/safe_haven_management_environment/scripts/dc/source/map_drive.ps1 similarity index 100% rename from safe_haven_management_environment/scripts/dc/SHM_DC/map_drive.ps1 rename to safe_haven_management_environment/scripts/dc/source/map_drive.ps1 diff --git a/safe_haven_management_environment/scripts/nps/ConfigurationFile.ini b/safe_haven_management_environment/scripts/nps/source/ConfigurationFile.ini similarity index 100% rename from safe_haven_management_environment/scripts/nps/ConfigurationFile.ini rename to safe_haven_management_environment/scripts/nps/source/ConfigurationFile.ini diff --git a/safe_haven_management_environment/scripts/nps/Create_Database.sql b/safe_haven_management_environment/scripts/nps/source/Create_Database.sql similarity index 100% rename from safe_haven_management_environment/scripts/nps/Create_Database.sql rename to safe_haven_management_environment/scripts/nps/source/Create_Database.sql diff --git a/safe_haven_management_environment/scripts/nps/Prepare_NPS_Server.ps1 b/safe_haven_management_environment/scripts/nps/source/Prepare_NPS_Server.ps1 similarity index 100% rename from safe_haven_management_environment/scripts/nps/Prepare_NPS_Server.ps1 rename to safe_haven_management_environment/scripts/nps/source/Prepare_NPS_Server.ps1 diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index a2c225c16d..b2a3899e62 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -138,21 +138,13 @@ if($notExists) { } } # Create file storage shares -"scripts", "sqlserver" | ForEach-Object { +"sqlserver" | ForEach-Object { $shareName = $_ if(-not (Get-AzStorageShare -Context $storageAccount.Context | Where-Object { $_.Name -eq "$shareName" })){ Write-Host " - Creating share '$shareName' in storage account '$storageAccountName'" $_ = New-AzStorageShare -Name $shareName -Context $storageAccount.Context; } } -# Create directories in file share -"dc", "nps" | ForEach-Object { - $dirName = $_ - if(-not (Get-AzStorageFile -Context $storageAccount.Context -ShareName "scripts" | Where-Object { $_.Name -eq "$dirName" })){ - Write-Host " - Creating directory '$dirName' in file share 'scripts' in storage account '$storageAccountName'" - $_ = New-AzStorageDirectory -Path $dirName -Context $storageAccount.Context -ShareName "scripts"; - } -} # Upload files Set-AzStorageBlobContent -Container "dsc" -Context $storageAccount.Context -File "$PSScriptRoot/../dsc/shmdc1/CreateADPDC.zip" -Force @@ -160,10 +152,6 @@ Set-AzStorageBlobContent -Container "dsc" -Context $storageAccount.Context -File Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "$PSScriptRoot/../scripts/dc/SHM_DC.zip" -Force Set-AzStorageBlobContent -Container "scripts" -Context $storageAccount.Context -File "$PSScriptRoot/../scripts/nps/SHM_NPS.zip" -Force -Get-ChildItem -File "$PSScriptRoot/../scripts/dc/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "dc/" -Context $storageAccount.Context -Force -Get-ChildItem -File "$PSScriptRoot/../scripts/nps/" -Recurse | Set-AzStorageFileContent -ShareName "scripts" -Path "nps/" -Context $storageAccount.Context -Force - - # URI to Azure File copy does not support 302 redirect, so get the latest working endpoint redirected from "https://go.microsoft.com/fwlink/?linkid=853017" Start-AzStorageFileCopy -AbsoluteUri "https://download.microsoft.com/download/5/E/9/5E9B18CC-8FD5-467E-B5BF-BADE39C51F73/SQLServer2017-SSEI-Expr.exe" -DestShareName "sqlserver" -DestFilePath "SQLServer2017-SSEI-Expr.exe" -DestContext $storageAccount.Context -Force # URI to Azure File copy does not support 302 redirect, so get the latest working endpoint redirected from "https://go.microsoft.com/fwlink/?linkid=2088649" From 033663769bc00bab689c2831c87ad9993baef308 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Tue, 5 Nov 2019 15:41:11 +0000 Subject: [PATCH 031/107] Update NPS deployment to use all config settings --- .../dsg_configs/full/dsg_100_full_config.json | 6 +- .../full/dsg_dev1_full_config.json | 6 +- .../dsg_deploy_scripts/DsgConfig.psm1 | 2 + .../arm_templates/shmnps/shmnps-template.json | 115 +++++++----------- .../setup/setup_azure1.ps1 | 3 +- .../setup/setup_azure2.ps1 | 18 ++- 6 files changed, 76 insertions(+), 74 deletions(-) diff --git a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json index 9045ddc59e..4d41f2abc1 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_100_full_config.json @@ -15,6 +15,7 @@ "fqdn": "turingsafehaven.ac.uk", "netbiosName": "TURINGSAFEHAVEN", "dn": "DC=turingsafehaven,DC=ac,DC=uk", + "serviceServerOuPath": "OU=Safe Haven Service Servers,DC=turingsafehaven,DC=ac,DC=uk", "serviceOuPath": "OU=Safe Haven Service Accounts,DC=turingsafehaven,DC=ac,DC=uk", "userOuPath": "OU=Safe Haven Research Users,DC=turingsafehaven,DC=ac,DC=uk", "securityOuPath": "OU=Safe Haven Security Groups,DC=turingsafehaven,DC=ac,DC=uk", @@ -65,6 +66,7 @@ "nps": { "rg": "RG_SHM_NPS", "vmName": "NPS-SHM-turing1", + "hostname": "NPS-SHM-turing1", "ip": "10.0.0.248" }, "storage": { @@ -82,6 +84,8 @@ "dcSafemodePassword": "shm-dc-safemode-password", "adsyncPassword": "shm-adsync-password", "vpnCaCertificate": "shm-vpn-ca-cert", + "vpnCaCertPassword": "shm-vpn-ca-cert-password", + "vpnCaCertificatePlain": "shm-vpn-ca-cert-plain", "vpnClientCertificate": "shm-vpn-client-cert", "vpnClientCertPassword": "shm-vpn-client-cert-password" } @@ -177,7 +181,7 @@ "fqdn": "DC-DSG100.dsgroup100.co.uk", "ip": "10.150.0.250", "admin": { - "username": "dsgadmin", + "usernameSecretName": "dsg100-dc-admin-username", "passwordSecretName": "dsg100-dc-admin-password" } }, diff --git a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json index 02b78440c2..e29c99a538 100644 --- a/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json +++ b/new_dsg_environment/dsg_configs/full/dsg_dev1_full_config.json @@ -15,6 +15,7 @@ "fqdn": "dev1.dsgroupdev.co.uk", "netbiosName": "SAFEHAVENDEV1", "dn": "DC=dev1,DC=dsgroupdev,DC=co,DC=uk", + "serviceServerOuPath": "OU=Safe Haven Service Servers,DC=dev1,DC=dsgroupdev,DC=co,DC=uk", "serviceOuPath": "OU=Safe Haven Service Accounts,DC=dev1,DC=dsgroupdev,DC=co,DC=uk", "userOuPath": "OU=Safe Haven Research Users,DC=dev1,DC=dsgroupdev,DC=co,DC=uk", "securityOuPath": "OU=Safe Haven Security Groups,DC=dev1,DC=dsgroupdev,DC=co,DC=uk", @@ -65,6 +66,7 @@ "nps": { "rg": "RG_SHM_NPS", "vmName": "NPS-SHM-dev1", + "hostname": "NPS-SHM-dev1", "ip": "10.0.0.248" }, "storage": { @@ -82,6 +84,8 @@ "dcSafemodePassword": "shm-dc-safemode-password", "adsyncPassword": "shm-adsync-password", "vpnCaCertificate": "shm-vpn-ca-cert", + "vpnCaCertPassword": "shm-vpn-ca-cert-password", + "vpnCaCertificatePlain": "shm-vpn-ca-cert-plain", "vpnClientCertificate": "shm-vpn-client-cert", "vpnClientCertPassword": "shm-vpn-client-cert-password" } @@ -177,7 +181,7 @@ "fqdn": "DC-DSGdev1.dsgroupdev1.co.uk", "ip": "10.100.0.250", "admin": { - "username": "dsgadmin", + "usernameSecretName": "dsgdev1-dc-admin-username", "passwordSecretName": "dsgdev1-dc-admin-password" } }, diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index a85022ad7c..758fa35f25 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -43,6 +43,7 @@ function Get-ShmFullConfig{ } $shm.domain.netbiosName = $shmConfigBase.netbiosName $shm.domain.dn = "DC=" + ($shm.domain.fqdn.replace('.',',DC=')) + $shm.domain.serviceServerOuPath = "OU=Safe Haven Service Servers," + $shm.domain.dn $shm.domain.serviceOuPath = "OU=Safe Haven Service Accounts," + $shm.domain.dn $shm.domain.userOuPath = "OU=Safe Haven Research Users," + $shm.domain.dn $shm.domain.securityOuPath = "OU=Safe Haven Security Groups," + $shm.domain.dn @@ -94,6 +95,7 @@ function Get-ShmFullConfig{ $shm.nps = [ordered]@{} $shm.nps.rg = "RG_SHM_NPS" $shm.nps.vmName = "NPS-SHM-" + $shm.id + $shm.nps.hostname = $shm.nps.vmName $shm.nps.ip = $shm.network.subnets.identity.prefix + ".248" # --- Storage config -- diff --git a/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json b/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json index 4af5fef349..5e4085a203 100644 --- a/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json +++ b/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json @@ -2,77 +2,56 @@ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { - "VM Size": { + "VM_Size": { + "type": "string" + }, + "Administrator_User": { + "type": "string" + }, + "Administrator_Password": { + "type": "securestring" + }, + "Virtual_Network_Name": { "type": "string", - "defaultValue": "Standard_D2s_v3", - "allowedValues": [ - "Standard_F4s_v2", - "Standard_DS2_v2", - "Standard_D2s_v3" - ], - "metadata": { - "description": "Select size of VM" - } - }, - "Administrator_User": { - "type": "string", - "metadata": { - "description": "Enter name for VM Administrator" - } - }, - "Administrator_Password": { - "type": "securestring", - "metadata": { - "description": "Enter name for VM Administrator_Password" - } - }, - "Virtual Network Name": { - "type": "string", - "defaultValue": "SHM_VNET1", - "metadata": { - "description": "Enter name of virtual network to provision these VMs" - } - }, - "Virtual_Network_Resource_Group": { - "type": "string", - "metadata": { - "description": "Enter name of resource group that is assoicated with the virtual network above" - } - }, - "Virtual Network Subnet": { - "type": "string", - "defaultValue": "Subnet-Identity", - "metadata": { - "description": "Enter name of subnet where you want to provision this VM" - } - }, - "Domain_Name": { - "type": "string", - "metadata": { - "description": "Enter domain name" - } - } }, + "Virtual_Network_Resource_Group": { + "type": "string" + }, + "Virtual_Network_Subnet": { + "type": "string" + }, + "Domain_Name": { + "type": "string" + }, + "NPS_VM_Name": { + "type": "string" + }, + "NPS_Host_Name": { + "type": "string" + }, + "NPS_IP_Address": { + "type": "string" + }, + "OU_Path": { + "type": "string" + } + }, "variables": { - "npsname": "SHMNPS", - "npsnic": "[concat(variables('npsname'),'_','NIC1')]", - "npsipaddress": "10.251.0.248", + "npsnic": "[concat(parameters('NPS_VM_Name'),'_','NIC1')]", "diagStorageAccountName": "[concat('diags',uniqueString(resourceGroup().id))]", - "vnetID": "[resourceId(parameters('Virtual_Network_Resource_Group'), 'Microsoft.Network/virtualNetworks', parameters('Virtual Network Name'))]", - "subnet": "[concat(variables('vnetID'),'/subnets/', parameters('Virtual Network Subnet'))]", - "oustring": "[replace(parameters('Domain_Name'),'.',',DC=')]", - "oupath": "[concat('OU=Safe Haven Service Servers,DC=', variables('oustring'))]" + "vnetID": "[resourceId(parameters('Virtual_Network_Resource_Group'), 'Microsoft.Network/virtualNetworks', parameters('Virtual_Network_Name'))]", + "subnet": "[concat(variables('vnetID'),'/subnets/', parameters('Virtual_Network_Subnet'))]" }, "resources": [ { "type": "Microsoft.Compute/virtualMachines", - "name": "[variables('npsname')]", + "name": "[parameters('NPS_VM_Name')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, "properties": { "hardwareProfile": { - "vmSize": "[parameters('VM Size')]" + "vmSize": "[parameters('VM_Size')]" }, "storageProfile": { "imageReference": { @@ -83,7 +62,7 @@ }, "osDisk": { "osType": "Windows", - "name": "[concat(variables('npsname'),'_OS_DISK')]", + "name": "[concat(parameters('NPS_VM_Name'),'_OS_DISK')]", "createOption": "FromImage", "caching": "ReadWrite", "writeAcceleratorEnabled": false, @@ -95,7 +74,7 @@ "dataDisks": [ { "lun": 0, - "name": "[concat(variables('npsname'), '_Data_Disk1')]", + "name": "[concat(parameters('NPS_VM_Name'), '_Data_Disk1')]", "createOption": "Empty", "caching": "None", "writeAcceleratorEnabled": false, @@ -107,7 +86,7 @@ ] }, "osProfile": { - "computerName": "[variables('npsname')]", + "computerName": "[parameters('NPS_Host_Name')]", "adminUsername": "[parameters('Administrator_User')]", "adminPassword": "[parameters('Administrator_Password')]", "windowsConfiguration": { @@ -150,7 +129,7 @@ { "name": "ipconfig1", "properties": { - "privateIPAddress": "[variables('npsipaddress')]", + "privateIPAddress": "[parameters('NPS_IP_Address')]", "privateIPAllocationMethod": "Static", "subnet": { "id": "[variables('subnet')]" @@ -207,7 +186,7 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('npsname'), '/', 'bginfo')]", + "name": "[concat(parameters('NPS_VM_Name'), '/', 'bginfo')]", "apiVersion": "2018-06-01", "location": "[resourceGroup().location]", "scale": null, @@ -218,17 +197,17 @@ "typeHandlerVersion": "2.1" }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('npsname'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('NPS_VM_Name'))]" ] }, { "apiVersion": "2018-06-01", "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(variables('npsname'),'/joindomain')]", + "name": "[concat(parameters('NPS_VM_Name'),'/joindomain')]", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('npsname'))]", - "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('npsname'),'bginfo')]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('NPS_VM_Name'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('NPS_VM_Name'),'bginfo')]" ], "properties": { "publisher": "Microsoft.Compute", @@ -237,7 +216,7 @@ "autoUpgradeMinorVersion": true, "settings": { "Name": "[parameters('Domain_Name')]", - "OUPath": "[variables('oupath')]", + "OUPath": "[parameters('OU_Path')]", "User": "[concat(parameters('Domain_Name'), '\\', parameters('Administrator_User'))]", "Restart": "true", "Options": "3" diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index b2a3899e62..3fa1b2f6d6 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -207,7 +207,8 @@ New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg ` -DC1_Host_Name $config.dc.hostname ` -DC2_Host_Name $config.dcb.hostname ` -DC1_IP_Address $config.dc.ip ` - -DC2_IP_Address $config.dcb.ip; + -DC2_IP_Address $config.dcb.ip ` + -Verbose; # Switch back to original subscription Set-AzContext -Context $prevContext; diff --git a/safe_haven_management_environment/setup/setup_azure2.ps1 b/safe_haven_management_environment/setup/setup_azure2.ps1 index 5ec58d1d36..afefa0b11b 100644 --- a/safe_haven_management_environment/setup/setup_azure2.ps1 +++ b/safe_haven_management_environment/setup/setup_azure2.ps1 @@ -11,18 +11,30 @@ Import-Module $PSScriptRoot/../../new_dsg_environment/dsg_deploy_scripts/Generat # Get DSG config $config = Get-ShmFullConfig($shmId) +# Set VM Default Size +$vmSize = "Standard_DS2_v2" + # Temporarily switch to DSG subscription $prevContext = Get-AzContext Set-AzContext -SubscriptionId $config.subscriptionName; New-AzResourceGroup -Name $config.nps.rg -Location $config.location +$dcAdminUsername = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcAdminUsername).SecretValueText; $dcAdminPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.dcAdminPassword).SecretValueText; New-AzResourceGroupDeployment -resourcegroupname $config.nps.rg` - -templatefile "../arm_templates/shmnps/shmnps-template.json"` - -Administrator_User $config.keyVault.secretNames.dcAdminUsername ` + -templatefile "$PSScriptRoot/../arm_templates/shmnps/shmnps-template.json"` + -Administrator_User $dcAdminUsername ` -Administrator_Password (ConvertTo-SecureString $dcAdminPassword -AsPlainText -Force) ` -Virtual_Network_Resource_Group $config.network.vnet.rg ` - -Domain_Name $config.domain.fqdn; + -Domain_Name $config.domain.fqdn ` + -VM_Size $vmSize ` + -Virtual_Network_Name $config.network.vnet.name ` + -Virtual_Network_Subnet $config.network.subnets.identity.name ` + -NPS_VM_Name $config.nps.vmName ` + -NPS_Host_Name $config.nps.hostname ` + -NPS_IP_Address $config.nps.ip ` + -OU_Path $config.domain.serviceServerOuPath ` + -Verbose; # Switch back to original subscription Set-AzContext -Context $prevContext; \ No newline at end of file From 8e9bfcb6f5e50bf79943b486a2f95d0c9595135e Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 5 Nov 2019 16:15:16 +0000 Subject: [PATCH 032/107] update adsync name variable to match new name in config --- safe_haven_management_environment/setup/configure_dc.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/safe_haven_management_environment/setup/configure_dc.ps1 b/safe_haven_management_environment/setup/configure_dc.ps1 index ef697f1bfc..e8884e95f6 100644 --- a/safe_haven_management_environment/setup/configure_dc.ps1 +++ b/safe_haven_management_environment/setup/configure_dc.ps1 @@ -28,13 +28,13 @@ $scriptPath2 = Join-Path $PSScriptRoot ".." "scripts" "dc" "SHM_DC" "map_drive.p $scriptPath3 = Join-Path $PSScriptRoot ".." "scripts" "dc" "SHM_DC" "Active_Directory_Configuration.ps1" # Fetch ADSync user password (or create if not present) -$ADSyncPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.adsync).SecretValueText; +$ADSyncPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.adsyncPassword).SecretValueText; if ($null -eq $ADSyncPassword ) { # Create password locally but round trip via KeyVault to ensure it is successfully stored $newPassword = New-Password; $newPassword = (ConvertTo-SecureString $newPassword -AsPlainText -Force); - Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.adsync -SecretValue $newPassword; - $ADSyncPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.adsync ).SecretValueText + Set-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.adsyncPassword -SecretValue $newPassword; + $ADSyncPassword = (Get-AzKeyVaultSecret -VaultName $config.keyVault.name -Name $config.keyVault.secretNames.adsyncPassword ).SecretValueText } # Run Set_OS_Language.ps1 remotely From e1bd2309b54f554ea1401add85d71696700dc2b2 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 5 Nov 2019 16:20:11 +0000 Subject: [PATCH 033/107] Add explicit Docker commands --- .../azure-runbooks/SHM-Build-Instructions.md | 1 + 1 file changed, 1 insertion(+) diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 02e121a3dc..ae2c39f9ee 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -16,6 +16,7 @@ ### Docker desktop - Install [Docker Desktop](https://www.docker.com/products/docker-desktop). Docker is used to generate certificates. +- If running on Linux, ensure that both `docker.io` and `docker-compose` are installed. ## 0. Setup Azure Active Directory (AAD) with P1 Licenses From 001b04b526d2f7534c92c6d6412caaf429d6c0e9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 5 Nov 2019 16:41:27 +0000 Subject: [PATCH 034/107] update hardcoded DC names and fix path for script location --- .../setup/configure_dc.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/safe_haven_management_environment/setup/configure_dc.ps1 b/safe_haven_management_environment/setup/configure_dc.ps1 index e8884e95f6..5a78f035dd 100644 --- a/safe_haven_management_environment/setup/configure_dc.ps1 +++ b/safe_haven_management_environment/setup/configure_dc.ps1 @@ -23,9 +23,9 @@ $prevContext = Get-AzContext Set-AzContext -SubscriptionId $config.subscriptionName; # Run remote script -$scriptPath1 = Join-Path $PSScriptRoot ".." "scripts" "dc" "SHM_DC" "Set_OS_Language.ps1" -$scriptPath2 = Join-Path $PSScriptRoot ".." "scripts" "dc" "SHM_DC" "map_drive.ps1" -$scriptPath3 = Join-Path $PSScriptRoot ".." "scripts" "dc" "SHM_DC" "Active_Directory_Configuration.ps1" +$scriptPath1 = Join-Path $PSScriptRoot ".." "scripts" "dc" "Set_OS_Language.ps1" +$scriptPath2 = Join-Path $PSScriptRoot ".." "scripts" "dc" "map_drive.ps1" +$scriptPath3 = Join-Path $PSScriptRoot ".." "scripts" "dc" "Active_Directory_Configuration.ps1" # Fetch ADSync user password (or create if not present) $ADSyncPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.adsyncPassword).SecretValueText; @@ -38,13 +38,13 @@ if ($null -eq $ADSyncPassword ) { } # Run Set_OS_Language.ps1 remotely -$result1= Invoke-AzVMRunCommand -ResourceGroupName $config.dc.rg -Name SHMDC1 ` +$result1= Invoke-AzVMRunCommand -ResourceGroupName $config.dc.rg -Name $config.dc.vmName ` -CommandId 'RunPowerShellScript' -ScriptPath $scriptPath1; Write-Output $result1.Value; -# Map drive to SHMDC1 +# Map drive to DC1-SHM-SHMID $artifactLocation = "https://" + $config.storage.artifacts.accountName + ".blob.core.windows.net"; $artifactSasToken = New-AccountSasToken -subscriptionName $config.subscriptionName -resourceGroup $config.storage.artifacts.rg ` -accountName $config.storage.artifacts.accountName -service Blob,File -resourceType Service,Container,Object ` @@ -57,7 +57,7 @@ $params = @{ sasToken= "`"$artifactSasToken`"" }; -$result2 = Invoke-AzVMRunCommand -ResourceGroupName $config.dc.rg -Name SHMDC1 ` +$result2 = Invoke-AzVMRunCommand -ResourceGroupName $config.dc.rg -Name $config.dc.vmName ` -CommandId 'RunPowerShellScript' -ScriptPath $scriptPath2 ` -Parameter $params; @@ -84,7 +84,7 @@ Write-Output $result2.Value; # Execute Set_OS_Language.ps1 on second DC -$result4= Invoke-AzVMRunCommand -ResourceGroupName $config.dc.rg -Name SHMDC2 ` +$result4= Invoke-AzVMRunCommand -ResourceGroupName $config.dc.rg -Name $config.dcb.vmName ` -CommandId 'RunPowerShellScript' -ScriptPath $scriptPath1; Write-Output $result4.Value; From 19ad51fe4167c7ab6582175257cc5f423a59ffb5 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 5 Nov 2019 16:49:00 +0000 Subject: [PATCH 035/107] update script location scripts live in source --- safe_haven_management_environment/setup/configure_dc.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/safe_haven_management_environment/setup/configure_dc.ps1 b/safe_haven_management_environment/setup/configure_dc.ps1 index 5a78f035dd..2fcb3a91f3 100644 --- a/safe_haven_management_environment/setup/configure_dc.ps1 +++ b/safe_haven_management_environment/setup/configure_dc.ps1 @@ -23,9 +23,9 @@ $prevContext = Get-AzContext Set-AzContext -SubscriptionId $config.subscriptionName; # Run remote script -$scriptPath1 = Join-Path $PSScriptRoot ".." "scripts" "dc" "Set_OS_Language.ps1" -$scriptPath2 = Join-Path $PSScriptRoot ".." "scripts" "dc" "map_drive.ps1" -$scriptPath3 = Join-Path $PSScriptRoot ".." "scripts" "dc" "Active_Directory_Configuration.ps1" +$scriptPath1 = Join-Path $PSScriptRoot ".." "scripts" "dc" "source" "Set_OS_Language.ps1" +$scriptPath2 = Join-Path $PSScriptRoot ".." "scripts" "dc" "source" "map_drive.ps1" +$scriptPath3 = Join-Path $PSScriptRoot ".." "scripts" "dc" "source" "Active_Directory_Configuration.ps1" # Fetch ADSync user password (or create if not present) $ADSyncPassword = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.adsyncPassword).SecretValueText; From 92890ba4d1e7923a9f14b4996e3d98a1edfb0d0c Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 6 Nov 2019 13:28:36 +0000 Subject: [PATCH 036/107] Remove exra comma --- .../arm_templates/shmnps/shmnps-template.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json b/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json index 5e4085a203..47c4699883 100644 --- a/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json +++ b/safe_haven_management_environment/arm_templates/shmnps/shmnps-template.json @@ -12,7 +12,7 @@ "type": "securestring" }, "Virtual_Network_Name": { - "type": "string", + "type": "string" }, "Virtual_Network_Resource_Group": { "type": "string" From 28da7cad8a15009e7d55729f6742b0ef5aa45b3c Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 6 Nov 2019 13:55:00 +0000 Subject: [PATCH 037/107] removed trailing whitespace --- safe_haven_management_environment/setup/setup_azure2.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/safe_haven_management_environment/setup/setup_azure2.ps1 b/safe_haven_management_environment/setup/setup_azure2.ps1 index afefa0b11b..3a6cb28a5a 100644 --- a/safe_haven_management_environment/setup/setup_azure2.ps1 +++ b/safe_haven_management_environment/setup/setup_azure2.ps1 @@ -30,7 +30,7 @@ New-AzResourceGroupDeployment -resourcegroupname $config.nps.rg` -VM_Size $vmSize ` -Virtual_Network_Name $config.network.vnet.name ` -Virtual_Network_Subnet $config.network.subnets.identity.name ` - -NPS_VM_Name $config.nps.vmName ` + -NPS_VM_Name $config.nps.vmName ` -NPS_Host_Name $config.nps.hostname ` -NPS_IP_Address $config.nps.ip ` -OU_Path $config.domain.serviceServerOuPath ` From 8274ee70ce3ed77c0074758fe10d556a67342dee Mon Sep 17 00:00:00 2001 From: James Robinson Date: Thu, 7 Nov 2019 13:22:36 +0000 Subject: [PATCH 038/107] Standardised capitalisation --- .../dsg_deploy_scripts/DsgConfig.psm1 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 index 758fa35f25..284fdabb51 100644 --- a/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 +++ b/new_dsg_environment/dsg_deploy_scripts/DsgConfig.psm1 @@ -60,16 +60,16 @@ function Get-ShmFullConfig{ subnets = [ordered]@{} } $shm.network.vnet.rg = "RG_SHM_VNET" - $shm.network.vnet.name = "VNET_SHM_" + $shm.id + $shm.network.vnet.name = "VNET_SHM_" + "$($shm.id)".ToUpper() $shm.network.vnet.cidr = $shmBasePrefix + "." + $shmThirdOctet + ".0/21" $shm.network.subnets.identity = [ordered]@{} $shm.network.subnets.identity.prefix = $shmBasePrefix + "." + $shmThirdOctet - $shm.network.subnets.identity.name = "Subnet-Identity" + $shm.network.subnets.identity.name = "IdentitySubnet" $shm.network.subnets.identity.cidr = $shm.network.subnets.identity.prefix + ".0/24" - + $shm.network.subnets.web = [ordered]@{} $shm.network.subnets.web.prefix = $shmBasePrefix + "." + ([int] $shmThirdOctet + 1) - $shm.network.subnets.web.name = "Subnet-Web" + $shm.network.subnets.web.name = "WebSubnet" $shm.network.subnets.web.cidr = $shm.network.subnets.web.prefix + ".0/24" $shm.network.subnets.gateway = [ordered]@{} @@ -80,13 +80,13 @@ function Get-ShmFullConfig{ # --- Domain controller config --- $shm.dc = [ordered]@{} $shm.dc.rg = "RG_SHM_DC" - $shm.dc.vmName = "DC1-SHM-" + $shm.id + $shm.dc.vmName = "DC1-SHM-" + "$($shm.id)".ToUpper() $shm.dc.hostname = $shm.dc.vmName $shm.dc.fqdn = $shm.dc.hostname + "." + $shm.domain.fqdn $shm.dc.ip = $shm.network.subnets.identity.prefix + ".250" # Backup AD DC details $shm.dcb = [ordered]@{} - $shm.dcb.vmName = "DC2-SHM-" + $shm.id + $shm.dcb.vmName = "DC2-SHM-" + "$($shm.id)".ToUpper() $shm.dcb.hostname = $shm.dcb.vmName $shm.dcb.fqdn = $shm.dcb.hostname + "." + $shm.domain.fqdn $shm.dcb.ip = $shm.network.subnets.identity.prefix + ".249" @@ -94,7 +94,7 @@ function Get-ShmFullConfig{ # --- NPS config --- $shm.nps = [ordered]@{} $shm.nps.rg = "RG_SHM_NPS" - $shm.nps.vmName = "NPS-SHM-" + $shm.id + $shm.nps.vmName = "NPS-SHM-" + "$($shm.id)".ToUpper() $shm.nps.hostname = $shm.nps.vmName $shm.nps.ip = $shm.network.subnets.identity.prefix + ".248" @@ -103,12 +103,12 @@ function Get-ShmFullConfig{ artifacts = [ordered]@{} } $shm.storage.artifacts.rg = "RG_SHM_ARTIFACTS" - $shm.storage.artifacts.accountName = "shm" + $shm.id + "artifacts" + $shm.storage.artifacts.accountName = "shm" + "$($shm.id)".ToLower() + "artifacts" # --- Secrets config --- $shm.keyVault = [ordered]@{} $shm.keyVault.rg = "RG_SHM_SECRETS" - $shm.keyVault.name = "kv-shm-" + $shm.id + $shm.keyVault.name = "kv-shm-" + "$($shm.id)".ToLower() $shm.keyVault.secretNames = [ordered]@{} $shm.keyVault.secretNames.dcAdminUsername='shm-dc-admin-username' $shm.keyVault.secretNames.dcAdminPassword='shm-dc-admin-password' From e275417be678732a71c78218ee02eff67929e340 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Thu, 7 Nov 2019 15:48:41 +0000 Subject: [PATCH 039/107] Fix help message --- .../setup/configure_dc.ps1 | 6 +++--- .../setup/setup_azure0.ps1 | 4 ++-- .../setup/setup_azure1.ps1 | 10 +++++----- .../setup/setup_azure2.ps1 | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/safe_haven_management_environment/setup/configure_dc.ps1 b/safe_haven_management_environment/setup/configure_dc.ps1 index 2fcb3a91f3..215ebd9391 100644 --- a/safe_haven_management_environment/setup/configure_dc.ps1 +++ b/safe_haven_management_environment/setup/configure_dc.ps1 @@ -1,5 +1,5 @@ param( - [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter DSG ID (usually a number e.g enter '9' for DSG9)")] + [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter SHM ID (usually a string e.g enter 'testa' for Turing Development Safe Haven A)")] [string]$shmId ) @@ -14,7 +14,7 @@ $config = Get-ShmFullConfig($shmId) # results in the double quotes in the JSON string being stripped in transit # Escaping these with a single backslash retains the double quotes but the transferred # string is truncated. Escaping these with backticks still results in the double quotes -# being stripped in transit, but we can then replace the backticks with double quotes +# being stripped in transit, but we can then replace the backticks with double quotes # at the other end to recover a valid JSON string. $configJson = ($config | ConvertTo-Json -depth 10 -Compress).Replace("`"","```"") @@ -60,7 +60,7 @@ $params = @{ $result2 = Invoke-AzVMRunCommand -ResourceGroupName $config.dc.rg -Name $config.dc.vmName ` -CommandId 'RunPowerShellScript' -ScriptPath $scriptPath2 ` -Parameter $params; - + Write-Output $result2.Value; diff --git a/safe_haven_management_environment/setup/setup_azure0.ps1 b/safe_haven_management_environment/setup/setup_azure0.ps1 index bd3a4562f7..d4f064f2e9 100644 --- a/safe_haven_management_environment/setup/setup_azure0.ps1 +++ b/safe_haven_management_environment/setup/setup_azure0.ps1 @@ -1,5 +1,5 @@ param( - [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter DSG ID (usually a number e.g enter '9' for DSG9)")] + [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter SHM ID (usually a string e.g enter 'testa' for Turing Development Safe Haven A)")] [string]$shmId ) @@ -21,7 +21,7 @@ New-AzResourceGroup -Name $config.keyVault.rg -Location $config.location # Create a keyvault New-AzKeyVault -Name $config.keyVault.name -ResourceGroupName $config.keyVault.rg -Location $config.location -Set-AzKeyVaultAccessPolicy -VaultName $config.keyVault.name -ObjectId (Get-AzADGroup -SearchString $config.adminSecurityGroupName )[0].Id -PermissionsToKeys Get, List, Update, Create, Import, Delete, Backup, Restore, Recover -PermissionsToSecrets Get, List, Set, Delete, Recover, Backup, Restore -PermissionsToCertificates Get, List, Delete, Create, Import, Update, Managecontacts, Getissuers, Listissuers, Setissuers, Deleteissuers, Manageissuers, Recover, Backup, Restore +Set-AzKeyVaultAccessPolicy -VaultName $config.keyVault.name -ObjectId (Get-AzADGroup -SearchString $config.adminSecurityGroupName )[0].Id -PermissionsToKeys Get, List, Update, Create, Import, Delete, Backup, Restore, Recover -PermissionsToSecrets Get, List, Set, Delete, Recover, Backup, Restore -PermissionsToCertificates Get, List, Delete, Create, Import, Update, Managecontacts, Getissuers, Listissuers, Setissuers, Deleteissuers, Manageissuers, Recover, Backup, Restore Remove-AzKeyVaultAccessPolicy -VaultName $config.keyVault.name -UserPrincipalName (Get-AzContext).Account.Id # Switch back to original subscription Set-AzContext -Context $prevContext; \ No newline at end of file diff --git a/safe_haven_management_environment/setup/setup_azure1.ps1 b/safe_haven_management_environment/setup/setup_azure1.ps1 index 3fa1b2f6d6..0ac8e3a41b 100644 --- a/safe_haven_management_environment/setup/setup_azure1.ps1 +++ b/safe_haven_management_environment/setup/setup_azure1.ps1 @@ -1,5 +1,5 @@ param( - [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter DSG ID (usually a number e.g enter '9' for DSG9)")] + [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter SHM ID (usually a string e.g enter 'testa' for Turing Development Safe Haven A)")] [string]$shmId ) @@ -49,7 +49,7 @@ $vpnClientCertificate = (Get-AzKeyVaultCertificate -VaultName $config.keyVault.n $vpnCaCertificate = (Get-AzKeyVaultCertificate -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificate).Certificate $vpnCaCertificatePlain = (Get-AzKeyVaultSecret -vaultName $config.keyVault.name -name $config.keyVault.secretNames.vpnCaCertificatePlain).SecretValueText -# Define cert folder outside of conditional cert creation to ensure cleanup on nest run if code exits with error during cert creation +# Define cert folder outside of conditional cert creation to ensure cleanup on nest run if code exits with error during cert creation $certFolderPathName = "certs" $certFolderPath = "$PSScriptRoot/$certFolderPathName" @@ -110,7 +110,7 @@ if($vpnClientCertificate -And $vpnCaCertificate -And $vpnCaCertificatePlain){ # Store CA key + cert bundle in KeyVault Write-Host "Storing CA private key + cert bundle in '$($config.keyVault.name)' KeyVault as certificate $($config.keyVault.secretNames.vpnCaCertificate) (includes private key)" $_ = Import-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyvault.secretNames.vpnCaCertificate -FilePath "$certFolderPath/$caStem.pfx" -Password (ConvertTo-SecureString $vpnCaCertPassword -AsPlainText -Force); - + # Store Client key + cert bundle in KeyVault Write-Host "Storing Client private key + cert bundle in '$($config.keyVault.name)' KeyVault as certificate $($config.keyVault.secretNames.vpnClientCertificate) (includes private key)" $_ = Import-AzKeyVaultCertificate -VaultName $config.keyVault.name -Name $config.keyvault.secretNames.vpnClientCertificate -FilePath "$certFolderPath/$clientStem.pfx" -Password (ConvertTo-SecureString $vpnClientCertPassword -AsPlainText -Force); @@ -171,7 +171,7 @@ $vnetCreateParams = @{ "Subnet_Identity_Name" = $config.network.subnets.identity.name "Subnet_Identity_CIDR" = $config.network.subnets.identity.cidr "Subnet_Web_Name" = $config.network.subnets.web.name - "Subnet_Web_CIDR" = $config.network.subnets.web.cidr + "Subnet_Web_CIDR" = $config.network.subnets.web.cidr "Subnet_Gateway_Name" = $config.network.subnets.gateway.name "Subnet_Gateway_CIDR" = $config.network.subnets.gateway.cidr "VNET_DNS1" = $config.dc.ip @@ -208,7 +208,7 @@ New-AzResourceGroupDeployment -resourcegroupname $config.dc.rg ` -DC2_Host_Name $config.dcb.hostname ` -DC1_IP_Address $config.dc.ip ` -DC2_IP_Address $config.dcb.ip ` - -Verbose; + -Verbose; # Switch back to original subscription Set-AzContext -Context $prevContext; diff --git a/safe_haven_management_environment/setup/setup_azure2.ps1 b/safe_haven_management_environment/setup/setup_azure2.ps1 index afefa0b11b..e3d80dc3d1 100644 --- a/safe_haven_management_environment/setup/setup_azure2.ps1 +++ b/safe_haven_management_environment/setup/setup_azure2.ps1 @@ -1,5 +1,5 @@ param( - [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter DSG ID (usually a number e.g enter '9' for DSG9)")] + [Parameter(Position=0, Mandatory = $true, HelpMessage = "Enter SHM ID (usually a string e.g enter 'testa' for Turing Development Safe Haven A)")] [string]$shmId ) @@ -30,7 +30,7 @@ New-AzResourceGroupDeployment -resourcegroupname $config.nps.rg` -VM_Size $vmSize ` -Virtual_Network_Name $config.network.vnet.name ` -Virtual_Network_Subnet $config.network.subnets.identity.name ` - -NPS_VM_Name $config.nps.vmName ` + -NPS_VM_Name $config.nps.vmName ` -NPS_Host_Name $config.nps.hostname ` -NPS_IP_Address $config.nps.ip ` -OU_Path $config.domain.serviceServerOuPath ` From 12ddd4b4567af439630fd1049d8426635f45a227 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Thu, 7 Nov 2019 15:55:39 +0000 Subject: [PATCH 040/107] Updated RDS images and text --- .../azure-runbooks/SHM-Build-Instructions.md | 22 +++++++++--------- .../images/rdshh2-virtual-desktop-server.png | Bin 281832 -> 266359 bytes .../images/rdssh1-app-server.png | Bin 211127 -> 230907 bytes 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md index 74adbf71c3..64501b0c6c 100644 --- a/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md +++ b/safe_haven_management_environment/azure-runbooks/SHM-Build-Instructions.md @@ -205,22 +205,22 @@ A number of files are critical for the DSG deployment. They must be added to blo ![](images/blobstorage.png) -2. On your local machine download the following and place into a folder called `rdssh1-app-server`, renaming them so that the filenames include the full version if the downloaded files do not already. +2. On your local machine download the following and place into a folder called `rdssh1-app-server`. - - [Chrome Enterprise 64 bit The GoogleChromeStandaloneEnterprise64-v.75.0.3770.100.msi file; unpack zip to find it](https://cloud.google.com/chrome-enterprise/browser/download/?h1=en) - - [Putty 64bit - windows .msi](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) - - [WinSCP](https://winscp.net/download/WinSCP-5.15.2-Setup.exe) + - `GoogleChromeStandaloneEnterprise64-.msi` which you should unpack from the [Chrome bundle for Windows 64‑bit](https://cloud.google.com/chrome-enterprise/browser/download/?h1=en) zip file, appending the version number + - `putty-64bit--installer.msi` taking the [latest version from here](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) + - `WinSCP--Setup.exe` taking the [latest version from here](https://winscp.net/eng/download.php) 3. Upload the folder to the `rdssh-packages`, ensuring it has the same name. The container will now look like this: ![](images/rdssh1-app-server.png) 4. Do the same again but with a folder called `rdssh2-virtual-desktop-server` with the following files: - - [Chrome Enterprise 64 bit The GoogleChromeStandaloneEnterprise64-v.75.0.3770.100.msi file; unpack zip to find it](https://cloud.google.com/chrome-enterprise/browser/download/?h1=en) - - [Putty 64bit - windows .msi](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) - - [WinSCP](https://winscp.net/download/WinSCP-5.15.2-Setup.exe) - - - [Apache (WIndows v 4.1.6)](https://www.openoffice.org/download/index.html) - - [Texlive: install-tl-windows-20190429.exe](http://mirror.ctan.org/systems/texlive/tlnet/install-tl-windows.exe) + - `GoogleChromeStandaloneEnterprise64-.msi` which you should unpack from the [Chrome bundle for Windows 64‑bit](https://cloud.google.com/chrome-enterprise/browser/download/?h1=en) zip file, appending the version number + - `install-tl-windows-.exe` taking the [latex TexLive version from here](http://mirror.ctan.org/systems/texlive/tlnet/install-tl-windows.exe), appending the creation date. + - `LibreOffice__Win_x64.msi` taking the [latest Windows (64 bit) version from here](https://www.libreoffice.org/download/download/) + - `putty-64bit--installer.msi` taking the [latest version from here](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html) + - `WinSCP--Setup.exe` taking the [latest version from here](https://winscp.net/eng/download.php) + 5. The container will now look like this: ![](images/rdshh2-virtual-desktop-server.png) @@ -258,7 +258,7 @@ You should now be able to connect to the SHM virtual network. Each time you need 4. Copy the Private IP address and enter it in the `PC name` field on remote desktop. Click Add. -5. Double click on the desktop that appears under `saved desktops`. +5. Double click on the desktop that appears under `saved desktops`. - To obtain the username and password on Azure navigate to the `RG_DSG_SECRETS` resource group and then the `kv-shm-` key vault and then select `secrets` on the left hand panel. The username is in the `shm-dc-admin-username` secret and the password in the `shm-dc-admin-password` secret. ### Active Directory Configuration diff --git a/safe_haven_management_environment/azure-runbooks/images/rdshh2-virtual-desktop-server.png b/safe_haven_management_environment/azure-runbooks/images/rdshh2-virtual-desktop-server.png index 4e4c75e41e28fe8023f9acfc0295568b539edbd9..e6aa1c92b28ca5559d8dfb0584060b3ee1f0496d 100644 GIT binary patch literal 266359 zcmbSyby!@%k}nDF4#C|A4X(k1I}C0i1b27WK!Ou2I0Sch3k)y`?iwK23_idhkGs2X zcfY&u{c(4`o;hc_ySlro&s0^{uO?1YT@f3D90LIX0bA+4oHhaidOQLGVmKPgOU>^_V$Q56CG`aPc@N zLl)s;?*)sD6+Bv=9-p7tmAqw`F%ekbZ2NjMb5L!+{rT78{MHcRyYG7wYcCR)Bo(}j zeFkiL6R|O+%QfDy^GoqF2^PRG)%NDA{?u&MU;=~^J4SWzMqq3xCj+$JCNG3hkT=5SK zQj`CrWw{KJ*}usNaIUO+kemFBi)Cbi6VO{OqE2!f$<4ztEAcUGSru36_e%4-XJqw1 zzPxf?jc+V5C(ViJe-wNqq;FO{=6X z)@jnnSbz0D0ddn=`FEKfZf}YLNjw?~s{im5j7S#CNz@aHi_5z?x3d;x?lJ!Wt6-As zv6T2F>|`$&7PT1u9BXYC1YQMdXY~$XVhPhC@Vw&Spkr~UwS?()3k0fbyOXRFckrTn zqGZ}Qz84Y_XhO7rJWcg&v^7Iv7)7S$iB2L&p}S;-n!e7w`-?dJhx7=s3<*9fs* zuUuQgnYL`fW4}D4-n>KFc}M;ek@ye%H?l%MB@hvH>$P|oH`;4UTJmZHz!$8US2Wcq z$NkKj2=V>S^|)yfLtCsB$SnPAzc57Kk+#2f4t>RgMIEZe^U5sL?u>d;1}`##6^}S2 zMwgEBCjwuLBOS|6!iyN0@1Iz4l*8M);jeL4Py1E4Qfm3C$!#_Vi7~zf80=n6;1Gx;y{DMTR2-uyIecb zu7vH$z655(E=jP#v8|5Vsax$piKo}WXi{+nOz-iU(QYDXU+2_E*C)6p{!(vO%A%bl zV2Tr!Q?z=+8`T~MRB&W8W0qv>W%~O5h*4}tn;<4lk)0ur(Uj@)SIMuXKkq;IxC0E| zZ79{!`J_OlON8@SzB~e?xvrg4jWw6U;xIGo8|?QXXl`Sr6zlX$@Ex8HE5a!+b6% zTLF8YVz1uQ*VjhU=9ZO%_EEAJnZ#!7${eDsjYOEl8f+T|;ptcDGHDC!RC-4`-?a3# zZuIxrXf%6E9<-y%c8XGpw2R!OZIsi09FpB(}P zkir!Uha8LC3hNZBBU&$-LE!^~L9t^oN-?kXw}!s+kGuN22F%}>d6@%L{ndK2jk3$K zsow@!Fx%`qv@Tb#pM37<6#;b*KC~i_41%nR<#R?HR1iT(AlVF`nhO0_`m5EQHN8fw zz{?tnnsP^eryWOjCk4k+rwAvXC9{^HrH*B%=Hq(!2N$OTn~;eo4OE60-5CEETNTd? zMu14`hc&JBuZOHF><%6?J2F!;!#11U(BE+A5ewpx43-QCRCqIiMN*u^ zd+M;;wb3?~d_sC;0D%pgZx%o|sS!|bQBJUZ-&7F)#CF7fEuHwiM>;v&EBtLZm~(^+ z+svrp$}ZOMXXlp?*A<^1JH6q6LP8)hN)CVeNv_Gahm_rE zwu5f-4FB31*7${at<}qXsO&uB+_kDza8#k$2D_AUAY+UfJ z(=l$dTVL{DyjB!^N3kR1=`y#J)#pYJ7OV3nbkjL1GZ)Hn=Gu60R{4{06S()#{cv8h zVN8KBjB$(1uu9oV_4Miy@gU~ulw=jx@mc>TSGU;*BVD5_8&rp}YnrKG09>p6t()yL z*Rg4gx3!Ol&*t)OcX=zYQMk=F(4~JPgTPJ`LRu zTSx6pW68udXxHP{W7l)8dvN^{A|?SRq(GHlpFY@vc~PBewTM7=@ig;p16=b@zLJH5_7Jx%%)SI!>gII)9I`lx(xA-x!Ly^ zJ+K#@6J?(UGmzR8R8U6lhdgU9?M|HvlZ8W z?|73NdRYoJs1ut;%^&jb;F)m`@`Ds(xzN;^sGjJIK(H6HvGm<8wt| zDg0=%fGgxiO;Jswd%usQclliZ$!SUqJC@%hxS&E?Z=*LOdS=e+)q z9Y5Sh(**>6`q^A!cPP>pBVV)WmzAI5wh@CS2#%I?#)5fS0$;p67x<9zAC>EY+>Y3a-9 z?7{HwgZ$rdyfCi>6UzpvBA*Y3Y&a`yNSwq6+I z{znTpFBcE@e~$e^D*lgJQB6Bv8%Lm=os*5T$IBd&eEj@;;{QhQKbrn)%Kt`c_+O;L zBEtWj^1rqG2c!UXmE%-2W+iNeqMO6y=xgptO_I(0#eS{>R?D z?A*Z12kXCIU+!O%X#FL^NI*b%hoB@Ut?T>hBo8@@a%3TzV_0@gmUfuRhl^m1Dm--y zQu{nYm9j;`7)C2i|91q64N;1H7fay=J1eOBIDN9b0m;r^US9ujIe&TLt)Vh*Jg+ye zXI}7w$8BdggpvyV3&Ou%-gPi(TF#Ux5yhvkp4be&4@LTyOMeGODvL&$W+GGAzfK&A zG{GB&p;M+>s98;E%af|`n(^JgT!_om^OOtUfL{IU{3D>JS-&POQ_E2(1d2>sFn|8v zu)wZbAekq_n}J9``|4jVtYb**lUckGG7avz1FGcz8y0l4L_CyyelOu*tb+G5wQ-eL!tORh^jKkS;334$cx%ZX`iET=0!^LjLz z=3F5E_3P@te{W%W2;NIr-yxJi`Oo_3C}#MZhk^9r%f{M8ZbI8SSD_xkjXtTHqu-jZ}(SdVVCX&eVhOTA%LM%gr^ z^w7m?Zv?kQ_n~NPk7UXF3WtsEj;_mTG1K`Udc|B*pmV#~vX0~0uIZTBDg*Ae^HGX} zk{OI(j*!9ceowL{GF z>!qjynVD0cq<_zKaIDoJvfQJ8ufkc?g;X{K&vJ(?aT~Wz_H_>(t8jIc=#E%5k=D4^ zg-C!NeXd>$SwBt4R63Y+HHx{%L_?79J&1i~aQ5~ygqS;@m4p|ly48Ywt}SzxW&M`N zwyvFAm?ze~6rJ~1_~S^n=$yfUqC<~Y2HkvlnP|1U`GM!~K-eJZThl3fVwi*8zjsP-JFHPG|iKpNE26Z31$4BH9HFF(BgOXKtVRZhE;(L7+5sM@G!!Swmax9ww%Y8C1? zZ~p5V3Im@mpXwpoPF0V%u(~Rwi6W`;Q!ikTq2dbE$$0Ss?6^*Tel)M8li6v|cfX2F z(bT_)nBkQws@H8^;j=3E8Dg*;P;~R0+c4R4J_UfC(qOKK+c;=v7UnNkTMGC+VWaycV1C_YlC^?PLR#Wm)g3eaSJKJknFR_lMr?N{esyD^&1chlo&)L2=U zFuPC|fU8PMqh_1y-PL}&Gi(T2M_?PG!7VT-!P;H_Xv=0$4*9+G`8hzo0Zxf0(hI+& zggt>T*9zWd+VMS-*nBu>Z3!Y9kEt&P9A(O&Pn=mdi&Gp(!DC1Rd;RTf7wh%+uzb$0 z?v)X)`=f%MJwI`8`NKXPx2|<>nc^O(T=s+n?PYOo;Kc;ddo59HPI`wtnzlPjr#9{F z3#@Oi3b+P%Rpw0RT;Hsz@Zp?4kj5orYOEH=iS-!IUJG*GCEj*!;FPEwZw*A4g7YOz zixobvwQU9;A1!b$H;Os03AYX5h@~0%9?qC$9Hha+P^tgkUmvr`-28p=FdR*_O#L4! zaF|8Ya--YNhMlPEJCw$GF3siw*^U@C6Gb(P@m@jQYzLL#Yj=RU zMB|&Q0i+2k7d2%}Qo>{xlLZkc>hfz^KY~=$1BuI+=cu^RXEARNeEgcPajo&SI+qU# zs7-7>ZziY9RL7K{_rX&fLmxZKrMT)J7Rqh6(L+5CDa3-Z#SRV|DphXR$~7G|#e8c= z-y1Gf2kW&ppyBMclk&2i`AK&qcz_F67kmuTLznnXmvr_4u$|@ol-3<#)gLsA4rw`k zA6j4^b22EpV$>aU94(#QcA9gg+!i4KZla}mhj1;K z#hee8TyV}nj}}DywVlr|1R&2FSzEzGzXO>Ka(n4kq9timJzPSB#GH5rI!$K{mE?5m zl>7Me&_))l6;GFbh0GO&Eqe$r*v%e68fI5ZAOFfj<=5(b?Q-FMg9IV0(*a*LC~PTC zGNpo?0~RGe({g8JRPcmfd%3Nwcn0mapQG>BeD-l$kza$K1?a2?NP%0-q9L2Xfhw@Y z$-R*yk9S|ZTd#Z!YLkLFlXc8w8Q!?nHy>xleu|`C@R2CFYXOOMp$IHe6)w5sU(xlQ z1OBKikzvpc4Fq1(yhTcFoAn^6bN3*r@jlHVCP68t7B-Lzvo2>sQpL?(S#jbn`ru_m za@NJa0T)=?A~~PDF=hO#X!t-)w`*$vd*-kzyUm(|5-nYtWF1;BOLKeqEb};C-w)M#Y$ct}--0pbTai_2m$Vd7rgNX(sLvJK+Cj zJos)Wsn%|N2mM$4kX1IYS>%3ubA5)`foi9z4!}~9x+N9I^!rYQut+cxzs-zQJVHVSR+B`P)SL1m=wG8%sZiLMHSI8ioKo0wewnEv~ zYq5+e=e|?e$*EJ)qx1IDH@=qDj@E=vIsW2;WttRGJ`}(;JCnBfW;=(qSS6M9kUtD$ zCJDVtoNTKdHzHeO=slQn^JmBHc@&)_pMP{rT+~0(TgdtEGB7_HS8LBKxGyzIGwRAU~&i(;wkihWa; z3)n-WucK8YuoM1V?-e)hdOPcW5`TYu=Xt8$yFF@+Hr$CCa7c@49xtZWEvVL zv7*)f`EcMzuW30Dj{FbRj3v`>t|F(ayL{c(u2UE`U_q`Z&3fZGm_iiE-1Vynh^JM! zS<3r2;+4ddEK=~m)6@sQ@zJQAFq$l+Fs}+Kqs2*9Ja%`Ft^QC;^ldF0{M?>kzjA`- z3Gp0vTfbqp*|3syP{B9zZ^EkgSA<%hm@$>#%td&< zU$GF998pWww5(180Y5!mdcoWz+anEDP7al5qqLI!GoTL9IWauFV74M<;@*Ke%nxME zgim_SlG6gYj?hcON8Cq9Myw_l2@y{xJ0=FRCeZ+M!bLb;q(eY*!N zj#FM$tMr%GJz}_4EFxD%srxLaMBU;lCt#fV(V{3=`tkhdp_6Q8L!PihHkxjpgKhQF zC(++De!KBk3-OK;B-K@?BE#5EUa6&B;UMoK>oV zf1m9*wm?Y_$Ug6y_tuV=L4F!!Nrzl4hhW{C67-$tnp_MD!;XiUYHf;tK<+NZh}d3i zo8Eru^#%)tQB%KR0(OR!{lZeIgsRRboV15tdU6FsWlrR^0B!DWb&&5 zQAGZ1Y||IrkL9&H$l`15aS^>Z3hAVI1L5E#`cW!w`Y=Pjanq39c;_u*(?Cx)`j@5iCo;Z`VL@EZ!%O2#r ztls|AtIG-cewfs1c7 zDTRWZBQC#zHY}OG!yV=P zN14LszZ}v`4f%ezFFD!uMXc0&NfkUQUN@DrEp|U-x=s{C^6%Oh;2WhH9e6*%ZJ<(vwbO)R}HD+*Y>)eE)$W) zHi<`Lo+=r2U(u`YAeWm5T}l^B9J#b!SxcfeFy^S&8a=vQ*+&V`jRDJ$!*f)Mv?i zr&_pS#;9?lxTVr-6{oAUCObL~zxqbrC#a1T@}M7wQ*6jDy6(2#g42w6sruojwrqsS zj8_>**^D;+$5RfSr$+Oh&T$J6Tc@KN>Tah62SR_PX8Uy@CL~S z^AM-gacCAUP#66mJazzgZ-~}5&$u4c*5tJDqf?FSC!f<26a2C##eVEm=_Kg&^K4vY ztu2J>YT+hnrLYj5{Ksh%Y%2_$2%RSpH)nMbu<>IsR(Ew?7)-A%o%149GILq^Zp8ku zrS7&9(fIrmRp;?C5gnNJdF{XH zBJf-+$Chl-Sa2o(!w*FZuY;a~{h!)gm{B%G*fLZtT|83m@Mz~Kz?j(InB|R$ozOZ0 znV)5is^q;_=1ekmor61?hRmGRCv@tT&h=@P@EFze@_g~CJh<7#QwP}gelt1m_kz=M zQ3X>PPsl|OU|LQp1EmWHQ0tG9*c8S&4(CqzyA5~43<`?1UX7iPcza_{U`R8d{abVU z;$YIoIU9H)-CKx*cu*hQpVk2i>f7cR7nD-b!k0lVruy^)1;DdqNPb&0*KLK$ghQKc`WS_>^r;Kp%g3Mk6&RHf$py>-sxq$M)0%8oAQf zt-+&^>Yi_gE*PhMXCqiJ6L<9MBrC5|SS9F!nP|v8QBi_thBGbL@?d{{y@#dEdo12Y z5iRZ<9`|-NDxRO86OS8pw(@JTj`{9NyA$Vx&fFNW+fMO0#_IkI*Gex-e%Px_BA2`U zc1lOT$dPrmQYmwi+LB|^67-DUl4QJKm`eFXqt7Ro->8vMi;%{(kLw?v4VLL>qJJt% ztCUcM$Vn31pV!IvLgQhd0EIDv5}!WTGv4?A)k!YsSmWl#pp&G`Pel>n05!EN6mq(J z%($N}ea@;h9e^teK8}%H8ocik1P8HX{B4$s4@SEecscg*%>6KEg$fV&uqPH?!8bRZ zTf0>()=E<6M1an>eut?T%-m+D9kzs0!QtLIa0Nkd(wAF0jV3>+qF>yl^Xc2^2U$P4 z)#u>G$1ygZ@V(yRKgG;xV8;#l#?ydr6@R>7d(Tsz8o}a2@Hm^8I?mCH8(=S)3NVRe z)b%ezi@nLz!8(M>fz;0&{pOi`;_d5mK4F8@C$5Vinuhl)*2!gT#~*#oqLrl_^8;^F zDywO6M%c=Y_O~>++(v>HY~a_t7GT3;aamE~fx~CYA z_X!ZSQ19{ndi@nD0KiOrj8)uGDnAJ=?}1S<3f6VuL-wp}`X=3@^ZpYAc#uIaN z3OFpZGbD@8=+%7t3l1f{_|pWI^e9$LR=>j?SautuI@o`OoJ?vw*3`t67aFyo!fqHD(%vW7Hb}qOYXi0 zzL7e$96{&0o|_9BLc3yye+ssTT_}7H@5V~6ly6WOxt{^^6?Q2-vP1T;7Ah3fOn0W0 zxFq}vR0EMR^M?^Q08*U9_|j=&`Y46mlHdIbrESpUxO^eF+#5&BHI)I7+2MYpU%0CM z)~`uk$ME>vNUE*d@%^=-GBXM2lbY{gBb>0ri4eav3i7~@Pb=Z5l%^?xcH2I?_F<9= zV=Y;uw+Pdt{#j&8PKr|%WPWAV{k_;W!c{%h#*;bLmvPc^nNHPS@Q3LLXGYjn!u`|X zXxuy6Nw1}nX!D}?ET==Y4P$)iVgZ~xeqVt=xRX_pYM)j0pY1iyI*qF$;eh1zF$=D0 ztI$ovM!;`ce20N`KbfjuD7(gza*T-yW!v-wU8{S zR;)umc(=I+5YuP#ixS&;oLR)_bYt_WMA%-4J34N#bmGG9Ij{3m%J3h8B*U0ju=5a> z32&aduR_ZUblkD5CmrCA?acI{{j^X0F7XRec%!{sB-W5%+eY|Ja+IKG<>Q9LYNwMt z|0h$oompKZoh$_Zqus*=(A*Pp6t?6h8X+Nj8|ac| z&-rv?=9E*Vr!u1c`o~j9Tm`^#{(bVXAkeuVYKSgnYA9ch~G&ou~C{4olSeERw4E`Xhul*Hfv7KY! z&DPi~baDL&pGrEA?4)h;e1Q>Gh<3N_*l~rbyhU@A$*@NzXR;OUCEZEuB&x-I+(hP$ zJ9EOBIo>5-Pu=82dBojp91^Sf`tR=SW~@jF(YlO8M$=XM0C2}9abE| zbl!I1I^7AN*KH5@#Ry%uTrHH!H>F{CliW_(EWQ&QD13G$a;h`9^SyxSv5WDT6gVSx zhi~XEwj;5=Krw-H3Z0K}CRsLsvO+zRL2wbtH`?V+F1`2ttQvCYIn*7>Yu@pe<1R29~g2VYkl1J0`^zO=wQgf0vtwCT5;N1iEIpK<3 zw@3JHRi=0RLj}EQ`9Kv_=K0JlCRynG+~!wdUZCuT?7$ls zrT=Cu(5AF~Z?5&OV|c!dVbzw(D=sO=vKtxtBpQtpaxK9+4gb&?obcJ23(mBR^RC%r z!O*s&I7xKkv|)@IaslGjkUt+lrSUw-^+ZR;)7aCe`DlZr2U;8{`y-)`S% z76zeR-ov2KA9@_(kZ#{|E1%Pr#m<+QW96^wd+Qgqer+WXTS7}DOFnQrZ(y#54#x9| z{X_dYvg=QZ%Gzn$CIqaJCpzzSvZU3+(I`*-1nYagc03(N#w79O-4faiw8kyJp(Bb6 z#hTu)GCO;*2VER>-P$1}EA%u{cYji4ET3LP;tX5&;r7gXLd$q7G0pkUz-b!lYvMm6 z^^Q?ieD7eXK%y|s9eI3Ja8IF#2J7{+`k``L* zJou2IQPOA7%vqj28@;_v9{2=&uNgC-h~+&fGs{4K@r?;_Rl2Pp5Zx~nh!k+#B?75x zh+{H6o4>5e^zv3aCJM~+gl;KS*1J6c&V5q-^&W@MvP!&ofkXkYm0Ec~2GS4!;(~R5 zbuVcFoqSKqcZ=8GD`K3qm^!XhPA`>4u6nlm=FsNM~5UO{*1{kVIHf>oFSj zQTAzDe-BuwPOmc+{SXcpG?w(g{*<~9|Fz&sIpc7j5AAt^DKGFFo2apUNe+ zG(3w68lwnqY`ndTQ6i0fvN%8FHAKmu$A4&XrYHPp+vXFqDK)48KrVngPJCJ56qFL^4Twk1 zlC@Dvva}}gRk8PfXx){Iw5o32BcPsG`%RxA?Z1`AQC-=?8F5hYT#Z@An<*-nUDbzn z$)5emn5keC=I^5XBY*C4X$La|INabxJ;9TK)LK*;IE?BA0EicL_tMd0+iV^G`V)zA zlzt%pg;!oqgO%I$^9Pv<`5}AyX+w@{7YUydpbBVoxf|EL^~oZIY1I}@pSV+H9kGhj zbzOAP?FF7X*nbayrGkuCyVGIFDO0wJs_vd3|L41ven~)#U`x+mG(v~P_;eA@Izcl_ zc&n+n+oA$Q24BW{@Tf#lL9999C)|f|P4r?dqxDiIsYFwC_v0>tiX{t-Y%e=%gm8h` z#V<(aC}XJ2W$Sp5d-(MpY9DiCHLD8u#D{XDhrkP|S(6Zavw^~V2^-jGZFX}{x36W5^WAXoQS)+&sUOFBZub&(du&0>wM}*j>?-$^J7yf64X{CO;bAW!e6L{f zz~G4#LV%38C9~;E*ngFZUSB2S{c>13UNe&q8GeHr<{-d1q*&O?V2yu8I6~I&T=6c# zx1%!F0aZohZY9>1(|UDNdRa^#Fycj=&;o=IXMFr^;0Imd#F)>1Z_sP1bbZh~89uhE z?b81v-z%turu31xnaoz{8Dsi}?pNzjC*XdQ>Gb3>sUBygGrvnS;~aZb>W-gXH{;1#Y%GXc*z6-`sADQXa7`)hu)Qp z6Z#rAK@+fKi?u;|Aat?)Ewka_K*k(arPp33#~8iWz2(?zDCK12URhUT?zU=V>>PgB zc0Qnp;w!n^X|gKMNjl)oHeNLH{-$s>k4seb`30;P6PiTD8?aTo)Pf>{cW%NguMYz5 z-fRik`IIW3;n25y-lMWBj5VoEFMSlf@0GoI9BV(Fa6GgfJ(XfdOxu%y? zPcAFl30c@s>+!POO9P3i10^jf5ony%@Hyt|r$sb2##;)K>syHv>V2OT0{m9pa=KP# zK7I;pp?=rB+YPhEV#@JxP~$*yKFCQH31qMq!pJe7EZC-++ADTE*Iw_7v9WCQQs?2V46;M#vZc+xTIG9B5$ zr9?rtke1725mN_bnz&n7R$1QKUxgn$T@lW_Ve~gd62F(1KoJ4^v(pg`b(G7wMhuv> z3-E0RFQi(p1Mw>>yU_Gq5}6oPa|h^=*QONP&LWnUo(TtAOY}0Q@?y=T`VTf5+DI*N6;9U4m^+C++UqKjHf9!5UVOhhx}1CWpt51oRQ5N4 zRGxa44X867eVn_E0VB=1^olv2C2sY{{=$=WF<*CO&45n8 zWz`O1Zky#zw5Co*#Q6MjcUx}6)3SJiaWYos_|Rqk<7|LeLo+^0mf&mD23Fsf9B zcRMJ3ZVa?1qR@4}+diVrO{5AmL&A)pr`AQS62nW}F-wzO<=Q0&D3vUrH{_m8jX6R< z1l937$APNUI4OHSsu7UPpSUxbJenmMY%upO3@a~rDl2hpF1=lt*yxla-aTyc#Ua|x zlIUeziO46TfH*(2-6iP4jTU?_fE)`x5QOvI>GO|Rg)w+K#@foa@mnfdQ=mj5BRMz zlSbsVjQ1W!AHVj-L@8Mtk{D1MWdAj10+E7MuU&q`Gkx(X(FjKm7G9;1e%>Cz6f3zm z%RtVT8qggcX*nbB#-DV0HV4!6sW2FR6Kv>iq;4`+V@Y!2B3#0jXT;kh0T}MWKMNd@-bf(=aUP#SjP9Q;-cJgqXUluS8&dnB>!$crA5c$@5x zcs+qgz=Fo-7!)r#AVxvA7rmaT)$!=4}?^D70Xn7LADWnq^XvP2e<_+LLwbsdDZU!%iG*tg7_cwg5Nq9YUDoQLF`3l%U8e?7~7a zug(0ek9|KzdC>G%13cJjH!8kGuLKlt=X=Z;X3|mz3!_ot||zW z>Tht|WO36_>IiH@jAfD2WhaXGj&4<6YuZJkJos5?BkR8XdfB$X3oqUfbpTJ!$QAF^ z009w_IG)6SG8vKt9>+jYdQdIh{Xk4(y+X!R3mU4*8>7NEkveE9R2lw}2pBjjY&WN? z21gx(L4-Ym_LzlB`2mn@0w?L8-e3tBQKNda%^SMl2%Uxuu9#a$7xcc_Jn(#EnyX6K zV_%hQV4YEy2YT~Z(B?l2SY6|2YVK3jCXC>pSN(Uhr+n!+<&sPzvK{t z*L^mF%yjp0fA+-@vUEDsc8n&peK9|xexEv}n5$@1Z^FE0SDv?zrvad-oObW$ z1v2Usz8O4T>uBn`da+yHc4$h)T?_<@Yiol3}EK@GW{7x#E* z(lrgDI|~!4DcwZ}J=?_q!6^bXzZi_i<8*NyxtffHDSKnP!;a{{^pa^l`$^>p+t*C&3&<(o&IqP9!9H{@tFZ% zT`>XPZ%Vqw?HXQZus{M?v_87<(#x$S>~Vq#&l%Rdl<3~qVx2Uh)z(Lr$tcr=KENl@ z+D|Ua4~kpAnNJ|@JyrbqpmpXK_5Sb!nRvc%fIK^{!T2z3Z=yoS1oK)2--pY~?z;>s`na92G3hC+=$k5%O?9n(p6iji+Q_j!eSxmiA4B?#v<=xlQ%L5UBbWsB_8zE5rVU=O@^ z``o!RM|`B{YMk4N8Em7x+c`~hKKoR8>aZlET>8@BX%wZ`j3UX9p!wuY!00NNgO^Vu)cfUY{G60OAcuYu1!so4X4iY=7s?Q{LUE_ zPZ4cIUGnY&jcIIxy69nvj8+V5;^}r*{@%4pzs5ZP+SAr1h#ZCw@HZ@6 zs?aK?1jwwvU=vXftx~$IBnL)osD(=z#?FU5XqOazn7?O#70UL!!K7y=c3pOzJ(Xoe zIVa1Qa-9E>4u3&Kx+^$+aWiy=FERyB2OPrtuBl@u%>vKmxvg>}0$!Z^uG0sCZ(S#i z3FiAV@eSd@TW$L^!>;wyUSm`~?Oo8`RrB}<42;gfhx##Ev6Gu&L66{UgV$rX131<7n7>}~ZT9n{hWXHYb!F9HR7Vw^q~ zI|BaCS%vkI_`vc=t9pzS^)I~oy@^y})*S~9sD~$^7#TdVjgwJfda6IH?RdmoKSJA{ z>=jln4<=^5N_^;`IzB0hymvtD!b+j5Aq8nizKI3d@Jx=lVKPNN{<`Cw6NkMvL zo!2}jBIcSDHm<1dvRgCuHzkI$8AnFZttYkxuYSV*>-gfK^#ESUCcQbO^H}eH^4qgA7+}BkAsRa2b%v2I$i*)o1_zA7EZu@dt zq3U5hxb}0Cn!(x`o)2*Z#HAYFu&$1)@$ZlR{oea z&^A_&SJ)=M?zY=zIFCGk?*m9`+IE8bnqgWn$-F~SR=+;6J(p<#UHwZb?YyW0PjIUV z>MUiq;87c=&>{^TDA$sVW!Kr?s~gVGrXQ>XcxZMuvET%m=zk!kFJ!SXG=^e;PleNh zN;sw?Thy$-zDq%E4nzi9XS1|uqpKhTJ4tLbsUpWTCK?mXlgzRRu!So0D!=?C$Oxw$ z{Y$Tch?2(%)*>|Y2fu{iN4Rav2E&Ax%Q)Gw?{kq0WCL8XfW&UI_ir-ZZS-+H&ddpN zE-w&&8{Hytn{0uEo4d_a6eTwPsoQz7xIbT&H2*dxiXL}qfvw^V_pHpZ&vfhNH~F^! zk3y;C?hlF%+}h2eScHv*9IaF4>JPa&x!pMTb%7CMO?RKiPi>`gAShTWvEQ%FuJZ1$ zJ{kXg94sR|h#2(kAzh7{agmciB(1J;5?SPbR}x@S7aqK7-N?vvU*M|_4z#ZZ2y{%s z;u`*lub_TbArhi-O$^Z&CcJ4tlC(eEa7cr(sZv_b5)kK>@g8+kC(kbI7#S}j&(b7n zOqGGK2>F=X%YTc$$`zL3Do)>KYmEOe2^BFr)l&2FFlGWY*MQ zZTIDa4_X7A!hyu?b4T{bB$H1$;1P-F6J>m5(j+q)K z@(VSo>UbSV0o-su^73ldHj@cEo^F#}dor8L>eVax>!7Bf0$u96jSM-lP~jiH&<4Ll zd*RapcG|us^BCTe_kS5&PT2rXcwbDt=JleG6!bqu1z2RCykG%d*c5_*9eKgUosSgU z9LkN5uh;cu|d7NO-Wy&B%MVZZ%DV;_x$MM@)^K|DsFxIhWrjeN-H|tEj$!Dr=xK# zBioWFXfr|df>f95^1S%NxndVT8DyjUD-+sf|2ctlFY;ZK4JhOPaP}5ZaV=Z7a0GXU zpdkcrT!IrIB)ChXjT7A65?m4>NCSZY!JWq4Euje{SmQ3i-R*78|9|hh@0>HnJ@<~m zV6@fl>RnZl`Kkvx|Mgr3V)!tE=j24v>WB4D2sjiDg>8R#Q`4Y zjoX$4vwgR=pWW)$I>|kwY7UAN&*x z*tqT!^b=!?dBSbwG}9H4tBglo(ljaX5?ml}H)Y98X3uUe^TarC;o@kz>GXTm6e&nAm#2ne40D|?1>H4g?cSO}i zIqNNnJUZzd=ehOVl8zVAxKNiO!(5{ag5dYfVVu~6zjYa$DA_^m5j>N3G0RCU3`%I^ zker8bqSiZkNv5JR>SjezgnD;R2fe4=Z4r&Pa$2dMq2o=oopmFdE+p`s8CC{@u9;aiaaTeo1qREJ`eG1Y2tB7USMGdLK+|1> zIh8;{M_tchQt5J#6`Uwq={nOsjZ^*-Jtmr&=q%5TrJ?F{vRmRqnO3yz%zfw@GS0$6 z2_|mY?rFQ;fUQf!Anzg8K@-uFu&zUD!lpOC0eIa&!_T&>@^*4r^{TckyfII}jr6+O z2}3?x6au}jSQ!;OeE2fCt9$>+@QdIPk=Jvsdwjz`467O3Fb_%LOH@^+U89Gxh4J(- z^|%{BwyL)@SI4%?D>~u!klmgphLCy7|?a1u|Y_fcm#mFDL@hgX|ZeTHcSTe%D^wLkvqxI5_>={kF z0Z57#80ncT?{ygA)I83(Y<=%N7@qtL<;%yYRf6Wh@sp0@>2st8)SF-PJ?SNe#9Sm^E88SRtO#Nc}u}#j{9?Vi^xddS`W!*4XYY=f{ zJMhW;?H)2+?hyk7Z+&@cB6u2TU2-gr3XD}x2K zy585^y|ISjd>0fIJo-~E!TvV zI1-yiY=&dC0E*Z?nV@-LuMgZHuN<_Y9K01-vppT&$odn!@l#~6#y=B zHfVG`xa#lV#%f`9#1k34q?qWCOL2oKgyt%z@?i#OS0kJ={tToZ*9KzK=0!kknlwUX zJO3am9#WG>Do2lEuA%TgmyuAC3ryYdk{INQ-P%}O%s8IYNohFR)u|rfB;Kk}M>xL! zX2_HV;$l;OjvXeE*R@MSJ6&U9m-z|eP4L(c?2H-I=A_@JXkBkPWS8-|JK9Bg#)fm^ z=%*C!#VSL2{Zb@2=z-JCpeq%WUO=(ium7R^;`U@i8EI%5duJ@yvshJaDUjy7$HBtq zEax{6!gxNi?i#N+GS2kRlnEf<{40B-P}kFKKZ;b*GIU7+y*t%Ss5mkg{01@Ck?}RS znleWQ@WN(RgHgH7dWa%bK180Z8=}w)`)rhPWJb*zE=G*j8UCedHPfu6IN+uPN5M{P62UOAzCQ<)mT2=B^?obX)CV9vh;Acls*p)N%mAYy$5dj#EWUEaPGN zGeO@4W=Z&b+%+XwJ8`hce}&>rsncj|d8PDSamp^AnvbcoTLCv*|+$`w^ z(4ro{DSdPE9_wx&g!`!$!gykdk&4<~w0ifNgUQvB7(cVs*GW>r9`3?vA7URzgHF3n z768sbP30FQY3A4ztU8f|AWE4{+A)-TXr~&(KnmPZ^jMsiH!*tndeuC3` zFA27JqTJ2jg|BqA4xs;!7C^Sx)X(RP-Qf}D#aZdJE&NG40dIbIAey=7<|74KXm2X= zP6*`Ba)+7w=36UmtkI8Pj{zJ$iH-GWLU9X$FWMY+OtExqNLF#>%MfhUBd>&x$srvu<1>A9P;*n%z@?(ytMc zbn=z`Mm^s6)w|L6s-JzjRp@%ecfb+|9~AnBon-J0dfVld?uc8Al$m++uYC^_?fd4u zd%643v;CR7o>$v$r4{zs!M@jSd0P^xw{lNa@{Tah^%yVe7C22kX;%3x@K&o_pJ50blRRuW=WylmCF2ge6#VD)S^J`X;CgmnGQf z^WE|*Zk(Rz)NROXCoMPD@5OI){#ezQt$XayasnldEPTnx#6ElkcHUpl2ym~lLEtF% z7MHhfdY^8m5TuP2Ywxr3c^|*^xZ0^B#kc$d;5c^yd?v^9w~;<G*G(r^J|be)~695Y`goED2Plksj>RZ zh~`n@;1}VmE<73Ii*F&Aq>Z9yGb0@N1&BRhKd=Wfho=X<1TnBV^JSC+^6s}rH*k)& zVD`NN{|&8?g0_mD%0xU@&0;N$?&wP2LBaKU|C`HP`}Yet^0u9U04V6FSwKF-WTB|U zNlFOEwD*IPo?T7inYN&j?5|n(=~BEfjdogLFgqdK)4uwXhRKrH-L*@YGq=C*(v5_J z7XW3YEX(~XAX6qYFgcH1?`txek$PMGr@im9;|M|;LTCX`6cH4ew?Gw1dq?Dt;cGjHnd1a zVdRJ|Sm{}M;8yy|5jLp0nRAe4i|JY6wE6d+Kgdb2*neNZL^e1eWn!1cYD^Y~n2@9N zpTb-lo`?466@(~^8p(@~NM@~-P{FCVtYa(`TA{FbxWt;2e~s!hWHnTVW_ zWPG*lWu9|ehA;0KCet9TV?9#+d5gn*;~8PE4flhRRYq+9C)2UdM_rp1CW`89;8=V? z?AyzRaFKplWp<&9fV|51<^ndEu9h&7e8Hm6Mu*0c%AKt3}FHpjCgE( zR&U2J`sud{X_Dtzk~NtD<=%d-S$hK5!LTrkAjvS z#5Zm%gqPV}q3`LvlcMS`f*@;+ zVtdMpI@j;P+pAH+BozualWUC-@|%VN?kIt2eprfvSoVm_%!ia{ZxZ_F+(qH^a^qDoG09vfTf2m0k0i45PI zny3~I8JUxq!<@)zIl46*(S}ZG>~sS+6tp2>J*@U~x=J0#`BBQ?WC5)icYGRSeQ~2l z&5yHI3D{Z%#-t%)eZ6a=Qq8exd%MT(TzY=V& zb(jdkls@j`V)6OfjwGV{P@RsPh@P~Fdn$_sn9eMCUhG@lZRb7i)xYY zJP3Xb`{@cC^}P>bFc*AV=)4Dbh;e-8x7!R@&PcD*Pvje<6X_Nl z=y*oi?dS;cJ4qxRDAld$zlZtXdYtXf&PH*x{vJYwKf#eK2s3Buq6C$Q0(iwag3sx9 z`(3znrKuZyGjV^?7Xb7`GWF4VTw&->V(ot-k7Fu%@zOr;L~LkNHx>@@w1^9UbDtEg z9|+sF!*RH+&dDYO?VSwxm0VhL8ITg^+&tgLJ2KXneR$z z+#meJai5kI!J6u740dxTkb%dFI(VIIPL3PU!7ZMC=|I2Me=^}277|lG;Y@u>IdMMa z_k#oecpaai)v!*IoN~U#&+aa*u$_ZNAO0M$S{F}1;%IsX_hxHoO}Kw$*|HX!m>med zX88(=AW+L~qtwHKdmtmBrRgyynI9bOthyNuE~=b1T)ZiC=!)qqQUcMtOR7qVj8}Rtw_@N&HJZf*(57LZ(-b;14XtzreKW42nPRsuq%- zO!gBgISox)z9=!Qu#?ZfpM zOxQD=C=pg!NN9ZPg^!t3KbZGpt+<6|i938Ca44naMG57UrMSTiFUZF)Hrp_MXB;|Y zyTu-ySk4ROy|Xu2JWh{~RFc%m>$t|O?5?S675pC6>sa<2DJ6F-V`QBj^n;%xcJSzx z?>lq1F=J;+`MgM!pHYeFpVn*Pc@$e4&!z=VoIa&iiex@hp0UWNaoxZ|F@`$>aBaX! z?LQtj;*jxw{?%WydkhjBT>69Hj6BJRMs_cvs>bBVsCDAXuA%o}eUSAV-90ed$*%E| ze7!U(wJuyaf$6EbudV0A(3_^W;sft8lEU3)<5#-k^$qlKQm(_u&NG|Bu5ja2luFt; z024Ksq;*3;Ldq!wDIrCccI;;_VOI;tO8-)@+;Nq4Jq~m7+i%cn`^7J1W>%V*5f-`@kyPVLU@ASarDJv(2VSd}lOmu#)GL-2r$OI;>83F~*eS zP9aPszzKU?n4?<=0F9|zyVT!K0=X#PM(>kN&EM2FUri*gwZ4*_CgQ#dg~8LcmKf@l&oA6l^ zt$m7o$>m{0yh4pHkydYGim0_Zmp^yOQ1VcYGN-Dih@Kdrs*sX;a{Oh3`a%VYNxYW4 zud=0DZ*iKXS(!7nS9p!J7SV!8*JE8m7e5yjK0s!J3QyGd{aVE#;eaf+o!T)6jXCK9 zE}8#R@veT}el!$y)z@bjDarl{;O6HF3$W^(NU|{pU*ZquuS&X}_r$h8mo5X`q^{04 z^?&$a{PymUBTP61DdXVoqt1df*{S!H?UJWP{iZ{$xy%vIrq`R~&AN|O)Nlq72fp>z zPxf=eWBcP#q;(Dk@V%`zRkiXHg>f4Ji^(^1>q2Wb{2#282t=dFmtfmw@u9)H6EN*kMik&qc_`C$e2lC@{?eu z6MTjz>EU?z1#o8FZP|0?Ve&kKTK8gs+B_<)w7kYdOvr& zsnR=-@6J|1{xYB>_xkX+4hoTPjrkUabH-#rG$9evHED16?xafMs_|?R8gm#J*0#G# z4Sn*#R6UipwF75Y&Y?cX*&DY6Xra4eU(NBIxVovqD1?KUd2x@-ruPaM$C*O)M|yPR z@e8UdG-w#w?2`BUoGXS%2Mc|)rWCAmrm#`B;?M=50^qi^anP%&jT%qWFqTY2-j& zQO;B)%C>??(>~I{q%}nOc2~~Eq4gs4G?e<@Dn~ypsdq3ozt5X}7wcXnE|k*!t~T#9 zyul%NTV*Z?1}NkmyqRo*Wl3PSl+@qxox*xyZ^`;aidx3EvT9`*FY&-E#9jp3>Zp5H zqu?Kb^-G~1&(IftVL^a;h zd2V`!?WO8Z*Tk;AnXapBW{WqXira0`*O9J3V(LZ@yfQYiA~iY1HG6WL`Bt{8&gn3A zH6tA}^u5rtBoCV_k@vs!wB6YWXg=2YgFkH;JWp-S&ntdjSGyPExEZ;+m_KO0m(?p~ z^xeL8aFDVN&9 zZ%ZS|g_dKaTB22|y9;Q#x!FzEvbi!tTV~u41~*(_>=AQ9+UP)JP}Y`?Mj&q>85`pIUOAQD4kILtX8cf#^CN5lS=@<(vfBhNx)7{T9(EVrRKpNz z&e-I(1;v1{)sz~xOzi-fdBbaDapPG`xTfw4KuO9$Rx!r!<^(a9Mdsh-JrzP~_*+>* z1y#uyN8Yp6es(HDk{sWDtSEvQ`}h(_GBpUf5iEbli!|1e6Z$j4iOB(}KSTv9<**1; zu@3{)JP1SoT5P6*32!ob>U=$5zMF?&Y!o-gL@j24@#h8ws0L}?nq1`nk6Sn?k)hMu z_-J>wN#5W>$d6E5woQhCA|U?z?cAQSOO=@w>~5ys{P%N#UHEw7no-ObP#@C7y-bvW z`4bMuJH6q%!@FB0Hr7C2uY+rxvX=03TmQvYJu}%_#aGSy@Zg@^!=zp>3F2WYN}^sa zVVSofCIX~H)DmFl(P-?OZln@-KQ8O{KEG#~ci)w6Hc`Z|*p6YIg*7N#IP6tCe&-IO z2)ZO2=snC?aBM+aQxQvw3V$#@g5odCy84k#${X)?NUv%OasZ2)YG#?=8wjxdMXKt0N9Vh>w(+y@gWYBPqnpAvCSaYB>t5_0;^~W*rngl?_8KiF(|Df6gyj;SqPQv;%r)2zfV4G~-+{x`4Iel+p`GHz zDC{J!nq+Y7sUAXN0bt+iZxVlI8wHktqxEMVSE+=vkDq-}qyH$%@(DYsMS;th?h@_vsE3bx+47W3s)}?l8d_V-aXI6l;qFbjmKPm9 zqbo73LuaK!n(HOSY6cs;!+RhdQ@#t;LdWXd5*~M1?u5QYx52kj3rLF}|eee|o>M>eVth=95l(VQAmj$G;vZSmXd*-Qh#g?pA_7e8d@*-~(ByZE)8VgFU0 zS~=vY9R@VRfXaL$<*>C@Y@Aa)$oU=NGoM?{?)tu}OZADi>}OLQjB zXvNOm(tWrZa#*ip2<(u$qK}$*w@4GHj#mMV#;?NuNugyC)f<7o{8&0g&>DU*)|$VZ z%q@=k!eMKyb93CQf+b$B1=GBmAO# zm)+Z6zeu#R$~V0kQ~OhQ>)8>d2SOMfvrZ;;^~;uU^kKM3gyTYj;Ay!ai0k!HQaI>W zUB{aT-gCX^h|Y}$BeGgt~AutgY3Ssq$nT8>-Z2MIqui%-q@1IMQH z=MS(i9xgh?^!4SKpsOBC`n)*u)Blh!!eB}&wQ@tk&U9Pl=COaFiaU}>@xwu%0>t{b z?NjbT{IcKV2O8-R?X>!}!;8{E3rZamszOAJxIY3aMlBz+5i&0I$XMwg$QIU zkrPsnL&ljI3+}_HGm5aDwySeXg7`N;)bO=RjQnix$@KS7fF&Mm(np!~2$RXqVUo!A z=-nm@$OmMUP%)9sg6wOtTM5saRjA(Oyv&hljOf}~1?BS+Pt7v@N#hi`9Gx$DkR+4Q z>vpeTL^(vf?rhHI%ExjrZKE`lmXa8;aWYQhI1e;yZpXeo-ku!6oG=>0l8=xSLGkE7 zCatFcXhKoLPnCj<@bm;yW6p2BGiKyK5wDt!Qf%)j>{)zZT;YXxj~#XTb-t1zy~Tq{ z*rIs=ym%kDB@-@_6xtD>Oy~$i7MiX$@-v#<8n{e*JwH(m<5p008`qO8772WitRS-g z7h%#r;tB~oKyHjRvm2!ND-JxluIYC_(O0dtH315 z|J@rxdUUpO^}DKU$L?IGpH3UKhRsrxNO5x^fZ%8XekaSvbMWhq!!VcRcOAiTZj&Ni z-jGJu4ZewI1GZbA7N1><@-%d3pU9taeL6hVtZX(e4Ln_qh{nahde?6OyM*X@xY zLt}k!m^))6#PjyTE>h#~(uJBz!`XneMD=>tshuA+5TjhY2>MoKQ1uAj=rmk-mcIp{ z#n-`~G5uCTDtWa>eWH8mi(+yP!l%Se7d7w+=oz}oNFJgfeNUM&a8L$hd1Ak11kg-( z0^+Vgk|%2HCpFk3YadHVxA`XO+!SJC%v0IL_8I2^YkU$HUPUdhoA!!qBds)S$IVIL zDX3b4j)9}5E_9a>M6llX8El2%I2FWDOrz{R+_rYpo1I`y3J2}_ST z)awd`bR62i$p?!^xEHp>9hmw2ZY-~04b?z8D+cfLOBv|*Ng+mr2c{M$F8f}5Ki{;S6+ju7zfZdaiKxo z0oriFIn%ZwTF}#H{cF1CkH3QRmA*7*%64I1I*gzgCmP&xdD=}lfQf=+n3Wmy;7SyRVF?p^WAI z&gr-q}i*s0XL8DugsI%A3zyZNXW;^2%6cB>)1R}7^bPwbEhO5Uk)dGngeOUTwtLb<*)ajQ@0G;Ao;--t!z2=^0EePm69?@wH{w z1E(geaVImKSao-s=MWXf5^Af72@_6DMnqToW1rGl#I-dYeADQne&Mk4GdqZil)7Gh0UtoAx2@ouA%5(CsX(fG{z9o0dM^S8F$ z7D79jH14z?JV;#QvVN~GoXN57AXL`yL&H?!LYJrY_5SThXSpDke0JM7g(2gp)tb>r zC4Ceq2ZP&ObCxSKqq_U?cDZHqwLftDrC);zF(<5KLJ$w}pV(d{$*-j*PStIHRj1SjW;Cf`}Dt<1qFJ#j%2 z6~}Tv zRv^3Ej#}I5gr>}M%%SggeNhkOE}xAX%l6xJ3mK?1hc#ZG8<00d;o7F32BB_g=iOBP z9M9Zcv+=}Z>-K`g-ntJD<}?gw4p9>8U;}Akb&AT2xCyYw2xAfM|^W zES!{dhmKfZ#}zO(!%ucDgrB{}Ii-o5OZ=@~@a+T*UuuTQ1T7T`^LTQ?2&DKC-F7zk z0XsaX^N*K%QH`M*O=uO)d$@U_<85f9J91}$Y^b`s!_t}4Kw~|nio;nPu8}`=+r(V@ zR9}_zWJhXvNOtFm>SiFNyIhmMM8LYU*ZQ4Oi7|?Se8o4{Dqn@_5U{N}Dg#qCkfYMi zA5wzhL<*Jplh)y0pU_nDRy6ZWx<6$K|DJc3EZ-DYco$Bu;oxN_`BflG$roI5*!gG! zP(@}}^H@KOCS=TLryBBB@r`hIhgI_w+>NZJl$HnW-Lz7DJD4ShKBT#OTLc#8fNhqV zBi+FDnj8#e+S7Ioo+q{DhiVS%ae7O=g2aR;{(w2*2gls5JUOK8!7=$d-dJIxgQa!B z7*0H&+2z?!Y(oD8s#z*EOLa0=hR9`okAFA=)v4P^o}vpXwPz+IonVOr z^dchnae33O5Gq_*0<~D{4p6i(2*aVeF0?J{!3J-_O#7nkM-*S2XccrKNjZ&>d`P{m zmE;1|2>=389!n97n^tWhnHZ)mjn_G%=<<3%c1*uNj%2WdoV3K{o>i>(J96n3V2m}m z42jl-XJRfIGxr7IicO#@Y&Ck<{P>KW5n8Dcz6?^_W^y2fFCjwY4Q23n^^!Z6%) zxmi4WFA2YiD9>oj5dJfNKqVbbBQ|M;yNXFm?I{-;kJliEIGL6-gOXPNOCx!F6OG<* zvnN7WoF?4xKB^D((Y+-lzKSVeT5OmOp? zCla$WuU`qP?r2yHt*+ACc5zBbhU;V4Ni`XQHSe|uwB zx*GIFz%O2Z-idd1qxLr(^a(cxDTP#foS$TFWHxC--)XM&Q#^$V-vnDnN%HFd9=bumybo1A*BExr>ZR;`Lvms-9-;Bw_qQhzET3euF$QqE|ZOCc#@54V_c7V@d%Om9#qF7S;+|?9F5P` zkH`Q*OE^jeL5a2m62P zg@`B2X11{=2$>(O{1@%ChXmi!AB31p@+?!`Uj{GrL926ym_u&H0QOw4L|MMsM#;LE zJm`(LnKOF9g4^{UI?TC>na$${z%O!_jU=5Tyh~ZTM1ihFH&%s$q1P*UY)7>NmKp-) zPLw1`r)@T#U+I^JdzNqGbsOvrHuIW-*Z(zNHE#TfD3aK0u+khpGmye#0Ee<+;(Tra zP)ZFW%Hp#$UJLJ0XUvlfEC!vE{tO3|c}nq!xLd@nlfi@E<3RV1$m)AAlK+?biTfNR zqQVQ?;}{3qAPMj`8~IooxJHs1fT*Y&p(Wedt&#Z*f@5!q-$sQG+SVL?e{H$AmtLh! z%_`gJi~bwm!jx^6-Q#l^H~Q1t0qI)Tp>W5>-QL9E*A}@T!tp#SH;;|?Kj@NB6}LKs z{GG=(Yj)=!GdAW{YEVKq71l}mx%&{5ttmG1C9fOdp3(o(cOxo>Ov#FQ|EnJyq76W7 zqr9tvZL;7awdj=F#&FNc?_XVRdvmjZx<$uWp?cp(K>SaFjNftLCCx*S@CA@)Yy!&G zKy8D63;#vB!4$ZciOU1#!}rrH{aqy6a1YY63bFh;7vbu!->+TM?)#B>jFy0C#FVTE z+NItN5dc~kdYQ=l>m&jmOQXMJss+j=)XxXpeUYrlQ7K`{4Wz@1@B_5}?BQ&6Ac1e9 ze~x57eP4pE!UW~xp8KO7%mF%xu=wfYwv^SmOaIzbZcFK}6tsB4<}nOqebkEg^*S)W zEaTo^gh~F6c&_DdW&X?V~?LG7_jBjvJWwrPKboPDFd?Ya`(L zIGtSe0QRpBNMX20NwpvU8Se2if}jBAzN7n_`1ijqfPenDpZOt1Prp?!x6Ypi>mNPM zL}DURC-@5pitRxj??@p%C~@itEuGw>dT)#q*Yl27Dv9y2kHO1G}m1?Yu|?Hy&?IJ|BQkdUw)lH zfgqv%7mYKU2{Tnnn%6l;{<4k!`(cB10F7;fI36MW7Zs^g<^WTmHRqDN@#omZ-_6Yb z$BH~8m{f9Oz57|dCphqT^{)PPLjT=k+kK$%^g`5whyPot>hC`H zx9=u+-0v7?lopr&@hHDT;`am^+wDugd+=X0?iao{W9~T%=hHy)+mXX4NWjJX#-8md;ko zl`8{E))daqd>4PnJtVGvDf6G1PkKe5pK%P$)K_i37tV-WdD1fkBp_Gq0MG(y#N=q^ zJZUQNxUYKS(a)Tpll80K$@B$)p4TonY#HU+T}gV7vYy1~_n$4n_rp(t-)E&_sND5V z#Ww$oyK~!(xX;g%=S?=j=_W*Ts@2$P7r6ar0p9HA_2F-Scu^J${b-aUAP_VnNWTO|gsN>nuMHo~DG z9ksdTg5w=cSp`}yQH#&yyl;(2A-+y|J(~Vv5)~`~ky^5-=#ixa?(UKQ=-Oxr@IM0u+fmh(27di{DwL+E&U&h_#(g*_`eL z+)eKSf_S5qhArMYZT>gg3qiQGq1Y5tfJ%i8AlNNo?NysO0bJb-(9>%c1+=;IYUjPT z*y;@WqNz#&0rA=qCE-bGpKW6x-)UUbvj2UwP<%&$j+ool_z(9v zFUzf8*!%08^SM+X8*diN!@sr*6*XGp2gPuC`4X(>=3Jc4vim>eX10l!<=(07`c|4eRMH zg8+jC9r~Hd@A#Md%BMF%`PIlehQD>87vDb7ja=6BlG`L-j#pVKPurBYlmNXe)T&I$ z*NRO4eRFs(u_sckzyM^Fzt}abLKln5BOtZf*c~W{Nh9(gaXd%FFn2Pys@C_x6JS?UMQbR@KVWmnuNr&$dWO6AZ{I zkEVu-!oz|tTyc>x;t>5g-y=m~pi+(P@$X-S7v6`x6b|4db_2B||Jw^oVPGhC0E&^) zk0^0fAB^raw{abNpEeP7mHXuRcw0a~n{IC(!0ewJ1a5WpDv#x$t3)PahA+3B|8>aa z@vk>DfJXffwWy`9xwUrFjj>aTFJ{fO^_`@xTh8OfuNQIIRS;RyQRi9QZCc3uA)oF~ ztJcf+aa39u08`5Upu2jT0-T~(1q?Qw$=%@OF zpQu|)YqIOo6my=-AKlkdEc0s0AAFWHO0{n+Ocf8f^=?knkWj6^MVg*9br z=dEJo-z?MI!CVFf8An*`Tg&W_d#cMamiji}k zg!Y<`h9%V&56@jR7u4u^HH$}xUMLH342fNp+%JoRJpJSfm-WHI3yj-)HgF-LK|~dg zm3e_7KVDgE(jEX<=zn(F3P#9X3;5AlYj;#}YOE!hdu!k+YF=~}HY2JG>EuNut` zRKUPv&Rj1Rr$>(K{HYcf6sSuMJp#bnay3+9DI#8#Ruk=#3J00V;-m+hae-DTm)VP$ zng#&tMAynd4Y~dv#m%SOrNEMqXR3}Yh%h-e|u3 zO1%8A=%+qK?-1NF!_NY6p5$vbGM=Bjk$S~4y2hw!CJZD>4SKjVE!1l&&J&oC@{Ki! ziR3@KVolD}d@MusQTu?1!;g0Kf#j|G#cI-3QehuJj~>03hUzu|tU$8gtcWU^odJ*787P8S0j0ipv@pQDF7yvTV z--&pK_dhJ=+ybDNtJ+_$DMG4tCQM`8h-D&|gWj;w^WLl>-A%g-8P^rs%q~UbL$&|Oe36RaF1T}*WwtDxvQG1Af$Hz2x z$`aq#vIr+wl&0}N-U2xJXSDzh2wI@v0c;mjd7x3$GOFHlPCU_-YHHb~WSzM>PSNv3kI>CmduSIm*dQCT|3k*9lnF z%!L>M7*jbmr2uCsu8=ahE-w~iZYf@i0HF15FaaNm(S8JXRU-bZmdR|`GfnTZIIP)yRDM#hpIuZ%|3#1L2y%Cca6BO(?ui?Wc@$1wTLWw%R@0k3v9wa#1=-PZ zKM;)=5-g+I;WnaUoXY>eZ@xD*+-P`2@OQQ62#B5kldx2*)RKWraP80d(1aPl&NO3t7oB2P>#`k1o+=>b%p(9E*05>N`b8lIW6=&UeO6=n8mbDKKeYf}mqKdp z4`qzVSpZF3_DFjw@>dj4OJ$n9Y1^deb|v34xqpZQZVFg+V_Iy9`nAtC4E%zAm##KI zPH>7FyRWdw8ej)2r9!5n&KurN*OnG5tw|ZmuB#(Hu(Vi#d-e0{8=?;Y)5za&cQF*8 zWRnNl$>+msk!e)orQ85y{*oCo88cefD=Edh>dz7;-SMq5dkj9h@^ z=H#5uo*htO+J33l-$JB1q40Au`!GnfgVhya-vfA~O-jnvkv3jjMh zr2J=Q_?vd-+dz}87vQ%$7BN3I&Y=i9qdnfKAO8BE^m~}~=rG2r~(rWeeSij$nL9+X8iWKr{;~0>Q%No|mUsPw} zffQyI9$8y5idNXO*u zuN?k)pFPnRy!nAq4N8k{$t&rFMfwx|*CKu8AvqYfi>D1DxaFS?4YwM$W8D7XN>z9? z#?6!$#3m26ovbv!cMeEE&-45>5;MVMyQ*zO`>Hkh?mJT(=1U1g?dXq%{OL67fig{^ z+rSy>q>6xsFDHlPV^2QdM-OR^MGoOYiX-ETe3{=7DIF|FhGloUo#;zpviPp$dkV-L z#fYAQn}CnrusorG1l*idKhTRq-19R7U7t`ykR*^0#XH1Miw=kW9vDxDkkkp>T^|{| z9pcdL;lTbl0fZyOS@Zkqy~s$8uzx3O5SLZoyByoI|?(D*=Op zDzX}&s~Kn_`!y*>{I>p8V#R*ArjDWnH-uge-uX_czKo^fUc%6QSQaqiG-dI2R~)V9 zo!A%2cJ(ijGc;DMfU+D)d=$8BJzc7W!~s485OHQEe*bGv(oE~0nG(K7qc)nq$T^MP z*)<>Z7JA7_RCuZ|)j01zrv|GfD~)woBg%Hl{=gZ$j-jTqtvK8ONEDWO4lOk`RwKRq z)3!XM_Ub46;yr9j#MQiJE5MO%K{CicRi9d_i}QKjO$b8Hinal$-r55YY4Zu1wnq!& zsT|uM?oLg=&Hh-Tn*BP@Ymvw>Ojha@l)t2i1?3bdM$*Y*abP2XsJc{5XWqC@I??4& z7M~#bXUni)T!QP%oPMVXMp$7S_^Xu3RDdRWq?Kn|G?j3Xd?7P)cbqPns4Rw9$ipv= z26y_JlK>cwtqE{9*wlXm`y2AsW z0xUI44$4bgeO(d-zqO8!MP&r2Ivfw^nhrMy1)60i$d! z!YiW7))$6bPbf?t{*xdK+SAyemo>PNiPkWa2DU5X#>rtwRhf{_ji2psr(#uEd^M~H zsV7d7BR9lq4sgm#64TxltG}#XJY!~ZKN-_b{Xguzc{tQ>`#0X^Q;k%gvJ@eol6|XC#E?)T z>sUj`ZpbqBA%qYrA;eg+jb#vHpD9Aw_hl@TWF1U)W(>b;>b{>pp8I#)Pv3u^YKq=y}C z(jPAKxz^4qCcF{MznMO~KHqm=Z$;-LzyXOBHXX_FHv(Y(0JVBqaDr9z#9^7qUG=WG zLy9})D<2P^8va}L!Yc=Pu7Jq!gzs&-9DAFWaRIk3Fq=bBL-&GsVFSrPp8&6#42#fc zDloR^h5esvp1eaY?j>RL4Q;sOM;Uy#8N1E)_hzjAURR& zEnFyJ_W~+)n?lV=UCPSl7|m3Mj&?!C)E@HL+raYq69l%i55x!tNP>Q<0c26ZB$MR3 zNB)q*GRD8qDJg9BAra65#!FgWgZEw7 z&9%w$_wxCagm#t_V<0N_g+=Ho(TDZPZGQ{NSF^jPzrWoAT?DEtbyA4nB%R5}fy1bL zXN4p#u+2*b)?A;Yi2iHkaBjav3F$>^Li?O@Z^gwSVB2yF4hx;UUg!V-<=z=8TO6Mz zmQl3oBbU#QSN&A<>7g1Il=%BL05g%2rnFq>ezI;?L_^h>p6cE30zwetYwzZ!vD z{hE8zMIRh53njO&f%)6~JzfkB%ylCGJ5-Nv0Twau$}RR9n7$uO)qQZ24xdT^Wp4pv zLjFH`z`N0D<$IH;ut)QG+c$P?2ELH+P2G#LV1Zv}_;kJSd!f;XMF0>Xf>NIBuZU}6 zyLGBk1G&th6KUoc;n;hVxh1J|m)o0kX`3@{$HvQl(oGHza>qqb?`d>!-E@1;Xq0Vp zN7DnxT+_RgEMXN!+rR`?tW33p7gWs}cO9+TZFoO+CqH@P+W|Ib3Mj{xz%zD7 zzIoNDoGODDL%TL^2fRiP**5~!+|VA-eowu7G||rgV@hA3pw6Z|JZbaSy#MR6D7Y1;(6kvb5{<+_MmeMfGY0?5NXSEP+(pIbTDKQ6yV`cj=x#?fnxi|CER3Eg_Z=#{4t- zKyRq_Z2C3f1blbZ=^#HohAVFK?^8lM8!R?DAH|054SWQ$2nUFZeI&<~C0lS@6`wKm z=e9WgAVUH+(JCeIQW9Wkm62QhQQL?-pL?*T>(C(qV7h^ENWAao8V6vB>czxAPxT~4 z`LVYk_wA42${v8*?2`cbRaf!t0Xileub`L+pu}E~wcpWY5QjD$mO%$(s~J_Rvj=O# zrQn4AA})QSR%<_|S0fokf!{-)%&XS(;{rDV@v5_mGrPnXp z0;6NK!p(n0SZ&LI8&;s5zm)Eg)G0$M>|gXY6sWl9n+dT1Im(k8LR0Rr4qt#byBG7% zaOi9lzmI$bAmh@BdcRRR)=eMyB6%nGNm7`vKL9z9eG!ThB6=GoV6LSsI57C8nxj7$ zm?I_ORS!%VEvCz#i~`uv1i4z%0($`qA^kqRK@leyKe)3oWIlfS1w_|6<@)9CpcTo9175Bj zF|dlzlKc>IQigvZrUA;{EU{?dV3DTzI@l6&^Q+OpE1atSy*sb-!^R7Nca*>D!Uo;X zkB}qU#SvZ;J}peVNy+DLCEaw-q5Efhc1R8#aqmNc zG$x;(r&dQ=2iz;3sp;HXO~el~NsoP#M#Mt2HNZGH4`jaaFkNvP_FmmYz&C@Wa!|rF zgzl1^ua<<;n-tc4B9sCH{NUJ%!}ES`$y=cWx~;;Cq2REcIsk7teR;`)+amk|~4v5aD1n_Ic ztxEWI4l{(%*-fM^3`NgSWeWmrazQoTYFnPX&j<2R8>|ZX;@P z=yYx|U&TnKGULz>Fwu`rgQ_tqhBaE+jAAI1=|uD7u^-v@$egAHZf#PqL`S(%iLyVV zywEuc(Z?cL1TW|48m0zY!q#33PngBCG7C*yDhQC%WQSZmu>r$hntA?5+kca^O|C5u(p0}7`Q--z<_N-x?;#8uusz@{RCoasC2tELEY^COeFq-;Rf!c z8-q0M4&ObcdKR~T`1S90EDW$Jmcsnx#Xzzk{czeMoO32DSbZTnEczCxh}9d_!*r>e zOK|Y;@-r?sTHjLrv$72h5@x1I*qyuTeDBf?5mk#qGv|&)!d^HQ7o~xDRbb3-W%Yoj z?9%m7Z~_$pqDl0+6gXD=0Ozv^@?CYOWv~;=0oX0;dj8rUBI^qmwM0TJSy;~W9p~fM z=M<$z-ux@rl4UB{u^<-}P&4ko(~ zk5xbsS5_)a#)PLEP71HV?VBQ520BWT(kqo+5M%TgC;JLOc7u7Rt^D6>SB;jBRw0Lq~FwB zgK^6O8zuOM4k;moss0}^5C@OYUk)Tv!~{2{XO#C3A9zOjCcE&icQ^Z3#mwHxykr$I zHUxoO7vrO|atP>6KL9Xt1hhTDC+d9iyPjRqNHzrjTLc21KHzF2$;bTu^ujL{D!{{2 zxvM@Koo>id<2w)ev&4W-`u(`9B@%2I&vGV?U$OLEv5@{Ba`bd0RPeIax?*YTiHP~S zznKee8;F@I{@FUFfB4;zNEv>te-ngG>OVMYoEHzaqS|ZEKibT{E|Xq%BvOhW`} zD0ew0?zUE8nW)BQ$e$g6^t~N=hQBp^II@Y+$(39Sv3_YF3*zwiR-b7Q7>&TIDgq`u zH(eSd{|s!WU-xB-LJvcezVOaSLRX5#{r&5rm6wEn8pA~Ru^#g}e!$0P5!A_&p+!JC zD(Tpr9z-9QR)ZkffP(fx5Ceob1{h)+I!fyVigPTz-T?c_bUU^CpFe)3l7{Jd!ImkV z7p&U?w_BZ>uA2C6>lXYdhh?V^t8ybB18?*XB1UDGdoumDmZj{v(?45>zRNEmfZgl> zyn4&QI{h&Ya8xLqt}u}tG;AyeohAiMK1 z$;n*Ibc&kk{MFA!{DuR7^c}T~5^>sDo!$h9DPenMst71PJiqXSKbEI57+(e5DjagY z<*ELwU$MXza(aB>dsEaB{pbReNuSj4qma5v+rxhrYUoSmi>MZ}qC_ZaVQ;m5>G~SB zzo-94`tZA(?u&G8g_Z6>NuT>i-+ym3tf5K37Y=yPw}X^Um`%T6k@f-lKf2a5C`|Q* zE4c%Azb1f#x_&{UEbIfZY&wP8uC4anTiO@FNAsB|wvl}^8j5y7ZbpWQ-TO{)!A$uC zm~y@dCM=bLq;CL3DLMKeTQ@HB3eeV60J4byJV=%VW9`E^Wj)J*2%wGLG(*@2q?iT0 zdZVKebcHg9ynodi#JfcA;FrX!Ejq0D(vWZkXE0z4r+4oEau`eZmli zo)X}|(A{vXUC%$d9Q166uBLDpKu-_SfI>pU;sZcTN5F4NmC}Uu>RB%W{-8YRnyoP) zZhq-A0C-f59c#tYY(E7vNP!~TAXUB56)d3|&yNR>4ukAC&bWiy1VEt=rz-%lIk>R~ zG!R&jx?~Sd9slE1K5#Ex4X|sGI$HMgz1hl+W^?Jo;KnTJ6N?4b5rDQg1_g>+SrVw_ zOu^xia{%VABYBmflew_>x=s5zzulD<(~oM6hRwM^cV-04^h__3k{yd9#5^&eUEY{& zVHFvTDF^l5=*OVL<4#Pn`JS(51kUBGag(=B$}T?Fkx5H|5Qu=KtcAY}O_7=>6KyIF)zCLP)T<1-^Y`B>p<`taGQ zG>@RHs@y}`QEXx{U83lr0%ePAz$&wrccB9Js%b!cHsC2Xsn^6Wad2?D*AF(=*>?0Fu@T6r~5-56oRL_yMg|+>X*rs?s9wGp_s7f3sO#o z5fEF*3;P>)LqF}l_d%QGs9DR;O)FWjFI?qf)>Y6z+KrTDJ2tprGDJZk=OL{(O(#kL zc7(40emtRb*Xy!#=v-bCn>if@OQlVV1-kNF4RnH_@*9jn6**S3d-TuHKyYR*2-Age zx;b@L*Km6>lF!mhSVVQ=^DI#^2tp@z!l59TE9_LHz~_xhJgoyp5riKNsA{?tbEARY zzkQ}a=tp)*;wiHoaTs}`e(CAqlXr_SF9!kXXiM)dRFagk@BJ*YMxrk1a@^4@j}CrB zP#I`h$ItiW*7E#Aql^H?si-oo>98wkFRbXvQq84M!PX@Ji0|RF1WZzQ`Z^O|{>vo6 ztbD;#Vj|h`M!WT}dDjFP;JRez-Ev!#-Aubt zm|noZSl3|nSC>>1(C@Ov2hZESvoPU3GUV^wYOubFnIaVw(KQ=DK=k2VuqFCOws=ag z$-TH!F4l~Z;5;=O%+*AdcOdu6>tkBD%?WCyZ0yeN^oDY#g8a$rzF!#(l=f&`)LJ>4RWCI%%{LL&so&MD`ln6DnZ1b!lH&nb#&IiAUuqdlVoh!Ewp? z(zR3%pNl>;�jbpm@Y-SPSz;gip*LKHjGa2d8N|Y4Al%R))U+jvRf1(atVe4*+PF*Et01PAryJfVw>I2SXTdX{?t4>?Up+#f z?@rQtA}pXcLtW;+#+hQ?`GAI(>Y4kUq_-de#^`&Dc>u=mMWCUl6Z`MivS%X%Mq% zcILj#EY(3S{LT!AH0F20b#ZGK;D#T-{Q9qQ=C-K_Ct$+jWl;vwgr1JI#s>?^IpXob z){r=m3Ux4XkAPrQx%A^}+!7cN?A2ugdJ8G(YPNLyTKnhsG*V@~uwbqM0Y}?3*)rZ2 z(9>!+kkNglt_vhbPN03zl}7@m#>jb~*;U}Gw8uZTcJtzk-)F^17(;-Q_OpNKhasp9aqa)?tY156V6Qcm$ z)ma;81_O(oxRL9x7$YU^doK@c0>XGE*fu$%n=XE_x}PYD_*8b&edax3ZoIZq;KwG= z?G1y2#1W{T+z*xkka`TrN5x2exv?e&8D-nIh+n{QONyDI1KzSY`Y{9aAY=pgSQ#8$ zEJ>(zA)DFCV9TSu{}7DOe}sV8v|fFp~~x;g*&G61RXK6IoBBBJK^r;8i>odOH}0X021 zHvY#)Hb}bv-!1*$`<8-?fn@trq~IW5&Hte6K6X({0W4XD&+i5PCo5JEBEJ3@c1vje z_^*5^2y$i{kQkHqd&h4kd(pmW29 z?@iW<>>0$IQv*3Hz*g=;a3!P&8 zZyyGTR}#3GgXis=7keVr>l;rWJ`zB2O+((K zF%B(7n^cxcrd$`nDy8F(y%GF~FcbV+=syw>g@g2j<8)lkZ}=~70W4oM<$PvfyZ~5B zS1U%?e(%s7#?$Fvi7!MVHJ_5|wmZ+u{qGG=>2K*@v^J7O{=FxEfX@qSitA$r>EF09 zKmG0370^Kk4kkN1Idk(F5M_7X=e1<`k5I&)4p#Re%UilryS+lyb(x9ku5+4Nt#F7ocv0~&v)3fCCh94ubD+E>c+AF=F>BKS$?yN7>k zw}WmossjZEAOWQPfG(p*HI~c1!`37LYk5)(h~uAr7L-&0e;<8w-~vDWs}x>APNxg> zo>i?}JM&GZD=O+gVfFNP;3u^n|1$IYmfjeAJo;%5fRlt*s$5Bf53$zvLNnW$R~VXP z%zx^~2#y$}_#<)`g-Xip7|?23iyiiB@I@1Mr`2+X&5l!1sk6Qv3nsJJ=pwIN*1_y0 zc4bHPmcJF!eUHD{95*I-&9o4Aol=U1@_aL%TxSu~T0EExAaa7N?nI|Uc?WjXs6d}& zV;UYhV3IzJS$o*k`99IS9FggW?9&*Xt~pNPd8%-eVWuGbDrce38Y@e+5aE9u6R(WT z6FgKP!!H%sqf_hDpD48w!u{d(`ds&CQCSZwlPrtzLQ*L`MCaKBfr_G>#?G{07%P%8 zydpPLv61ZBSeDskR9a~c?j_@t+@t%fm=i&^GHe^9p~`^6C%eku?no;9x|;_*01I=# z)a|}DL9{H(o@H%gh(?^|&wYBEuj|&vdyyDi_@MnjtM3x6#SKe;AzEe!X@3Wy*rlDF zqB$_TjS3SOv(SI*H1dSO0UOWT5%7CEJwN`KG1%IK)$s}@QBr_Ef$fCQ(A^-|d4M)8 zKC6|lh_w|hYu2{2{P;k`l%cd^5I)x#I#bXvtQ3d)za6Yv*Hn3kQ5e%^$icPgp;_L9_DV5DSV3?CJ zd|iEXMLS*HqI6HT2tK<$Q4*HQdlDRB=wyX+9x$S>mjf3QN_Gfw%|xr6J6wK<`RdvL z^YI4X^IUO9BIOixjZYVrPv5)JUJ!7oDIj&$UFBHRbXHRhxT}kW-&F4wI)#B7$vD!m zW%YsobdFjXnVVzjH+rJ=Bnb4q6^+4d z=CAkItYc2s^Kqh^9jNRkC)^p&g3 z*+Y{(jCvafqEGqm?CJMgrup{RV;EF^mXiQ z#0W-6x=j4Dk^H~<8WfZvAQic5`g^11c^;Z(inRW9@BDXzE%Eo!|3v0UvJcXbSGpYD zd_+SccN{Fy4emau!JA3uGHx{m!%DEycU6WUR}@rG;2An79r)w6rJT(5(zcW1H#Rtp z6Vl(-fX%?;q(=TCJQ2=+preZG3N^gxi>-#>}&+4XE269JTb zKKMO7Yo`==rTc!to0Db#CPwpC4i(%2-_5Zsxp(5w@1k4a5blhP55AK5FM8+VIKBN0 zw1?zu$c>hjv$U-Qrw^;$f;uIbjsML=HHd4lycBk-61dQQ1@i1iqwuZqHdjg5ZjN9} zAi%nY-;rmBpF(M0Yk>DhcWN;@-Ecnz>XC8G)DQhRuI+uREc$!a#U`a(msf39rp;`7 zGL`jfJ>hihg^n51#3t+{Of^?Kwi%|CuZiMg zDtwTg`<#&8H0E|?CAzr&CJ@_oX`CYmq-|S~X+>Z#MFCm}=8JD~OJ!s4A>J{lWjW7E z1!96R$voO+ntH8e6U1*NG(yU8M%{4;SC3d2Q!cp5a`)TNmwiBQM|UcUjMhwHMemxX z=QyfggS@_Vmf_y|hxcK{x^F)loY8%<*mx=@hsnyoSUkJ=fy3i`C z)ybqL@bGM@&nJU{n*g-+DzyKQgPjEf3*;LixJ&GXrw{Jau)b5xJ>+rU1Y_RzQ=0i( z2>iitgS)863~gj{w4db*k-ZIrE%#5LkIt~znXRVY4G|XoJDtu8rl%s`?q%Hnb?m@2 z)3p>OIE}ChhFI%REgt@afDa})@vu*K29)<`DT&JJRlv7J`ETZG#54A6D8UIeaNIyoUy-Y5qE=ivsnEoM!5pJpH>6OV8v6 zMfwB=y0pOp{lF?RC|FwWyo(qv3jvHecJM}xz3!L!p*fpo*A^}--Q3~}`oooSkH6IS zXspESO$#E02fIj?$Ge$jhGBV|%uju+d+$q8YsrNV3L8=nU4w*3I}CprBtAOq*oTEP zX9_s6)Fl!9t)@^utxK~XLrzsl4t^22h*u*D7d)B;3&`L|G(M>q%Lo>bJVfAuk6+n5 zdq4H!yLB=ek!eAZ@tQwl8s}IuZKVRWS(~9f;;3}Cs@)tGd6+so&FsB2V6Zq9EALiR zPIS6PRjN#F9kJ{n_zxB)6~BIa=v0bRO+E*%IDqyV&#`?G!fJm`7RGCw3lkz$Y;g-6 zQ43N-V)|onN`vNshlfy*5p7;6bl3BqSa~NXZ9Q(3v@Ew(!X!18cg9c4&AQiBxV zKsuggC_J^)mzZvNFH=xfm2AWyD+w>NmmSTgcHZ1T%qg9!+Hx@pL+O24srMq5Qc8&& zqUP9kb}8d=Dfmz)%{4w?xuCUA3@==!eM$8#WgIzcTDWv2C83};)EVBeqL*?)ztG z(-!W2+pko|&9PxfQPLVI6Jpw!3E`_=&nTqw_j}f?$lHBWpaLXS@IC%WQvg&Ka`hx~ zE+daH2@OOgO&Xo^=g%PtG){`w9%E?e3bTYnvN+-;fBXm-Dn6kwt$SR8c)!iyLBFR} z=Xmd+qyFj@J9~Hxu!HS{lE(@Qig1(#&oz-sde3+YqTZjCLUw{*v+I5}82Ir3)wlV@ z+)VS8{6}#4CD`Yh-@zvNHbd=hwV0mYN(vE2d#^fvYw;X|zy|*I_}vpBmPa{zb06_& zz`Bh}9^on?8{`Kp&>-A<_tj?Bw{ftVV4d>of9|erZVX*hTXLx6tgVGu`l4PScO|Hk zM}sZ1Gp!938%2d)5*&b>^N4Xn`deoTX$Gq6dg*#!G2(@3%W z==b*yoOQ?ndpobIHbuR=JNYt0oshMwVV?9g$Xr?6xaY~rFpPr z!5jRTtY#p2hLzQilJB|+Uk}grTdLQbfD-FgD2~NtkFYV)4*g#?$H`9xO~+wD!><~{ z31x>Enjqt5QsxOfzt5N#AofJA6!zHCmq3sj8^4E^`q7uaU-?Pgm7`4!FAb@7+c?e4 z$q(0eW?48{84n+-epbG#VH<3Dq-oa=SI6S#FT0{T?j$$0-Zy6Z+8j&VqmG*SElr2r z?S3LhQJ#&PYOY2ci}c~;GKg2$_EFO+{NB}&eJOWzxN^og_N2yQ*d?j_ZcYkvW4V7! zl-wsnM(&Uwz=tbAyK<>MBM^jCckJ8afVBB={w6akhm4cA-f=5hf8FY>ozZV?OQkJb zALvYCSnN3?-tYmSxJtYBkb(_`c<#utpzFmCWMN^}Dm*1M+SB6W&p?B8bq;ywiB4!X z5@@bKOW`rw#Ce~L5KEb~<5MX5SPZ7V*PZ7u+Pf_QmUFH-Ca2*77Z)UyBHN zEZcE?q~UaV_49DWvrLlt`_or<1d%M-u*KO>#-&%`sx_!0fAd}H7rf}8YUuskKnW2@ z&-Jn;8HCw1Q3SlB4K+$VankQbVyor!@yH#LvY!i~FiG--ysg2VeQ7a>LO66bzhQOn zC|6x8hD?m_MX`W@Ik(yC*CzCPdqJWTCCXDy)9-{-(VZv4RlLMzl z^$S0RTo65_pWkq3()O@oX(UuzPBgG(X1}bk9fn(-&%j}hj+ME23nHPI9&xR(hR<>-G| zxu*zlhp8tk!F& zVY*S5e%FFui;473+Mdwws|t(!P84AncV%*F$79a_}1C2!1wKK%bJx7`nEb165OmNS&E!}-NvCO zqe4H0J#_A+q>M|}XAVyWvOj|GO@Kx{k6> z!pYLrC=|0D8OSjp9w_#tF-aQ&A^j>rwYPQeLkVd3^t5IMKlm+LYDZrG^On6bmt*M> zyYC0ZUCyA)2_*H=ot+)|u!C=VouwSVl(D4+c8=fe5AfVpk{)$hTdgNE0zC!3Sx%xE zhmspT7I_b-25yIbe*ewoHK`gs$?5%*=VquwIe6kc{8wJ>=2Q}soyhgn80vD=QRY?0 zhzj2HM-e$1((u_d{OaocWkj)s1XCOJOWrHzlps~EB`(Gl?s`owr1u++O)tGGA7r~B$cOSK#&Xx{WK^IJdS?;9?r3b>@~84RjD-Shp* ze8kVXw{3GI7ge?82s^pX`fDGf2M1JKewXk3cyLaya`Ybhbxbpz&ij)7cH94=dLt`v zZM>v$on9Wedu#UvTPEGM%!Gtk`kMAwl!_0(Y||j9OV?$5QV5$s-o@{6KC*H_nI(yJozQ0Ix^1%!$3&`T+C<((v)0O+aw(6e~wD z^q2|=OBuh4K9Xf|O4f6%Ip)IkFY?g=8Szm@!#1K_j=ow>p!ksb`MlBev}Q)+-%S>)EY%bVLZFUiOP?%x(jJjLNc*l^FphCdn(ifuOHzIXP*y^G*Lo z!CD~j2`~viX_7G4%AwtKmg#&y4oRI0Oc}Y~<7c7gap?}Vz_d02v@;J5&XzQmakYeV z`#*|}4iH8l9r=*djSs+@{%cyS^UF5np@}dKXG6<<=p7~LTO0kln-oV(cJWH5Y0dB+ zmHQ zzex-riTK^5FsvJx2TVKlhr_dY+QY+oOrr{=l`0KRXgY1}#YrEvvg}^2uP1^wz1~hJ);{e_is7U==udQ!^pxUvpQRh_IIo5u zeEZN@Dty55Dnse@7h|I?_4ag0P0{lJmHzTUV@IRJIp5f$3~rzU^W0ajTy=?xf_(jT zWU<9VS;TTOdo!$MWzUaX(?yDfQp8~_RzTisaF2r)cwN{em;am|u_9yN&Q5XMgLW1D zK4UBY3TL0xD4Y%1;_}1HAby`2913?ax5GXI4>7=r-)u-wZOmWryG86)+m^Sl{hHI$ zb-1?bTVFW0I$|g}Ox&4Jo>bdBWL9haPe}0w5C;w0sPd=;))x&vlH9tMO?aWneFwgO z!zHb#cEY!3V}dXd9l*Ld-apwElPulaC?Q%|4*|6U4Q9;;p^Iz(j!#yL1}!gvR}k(A1BGd*3N zZo0~v^?{^2#ORf+d>66Au7mhuGBg$Mdh}sF-@hn2ibE zp+_z(=rw08`C(4UTMTHW7JIC<2#lU8U9Gsia%3t=%8g#ot;Owr(vsJ9h+ok=ZljJ)zTc{uaAeQXC)W=ajlO54!eQ20WFB)Kk-C75`s=ck<&@P; zlg%~^emJ?O8!P8YPBJ!FA{p=UQ_@z+Z9r37wRJmOq*Aa4)!%tGZ5zyWCNGyQ-rr}{ z-q*8m_!JB(p?{3M>NhS86)(%NkR!wL2W{gz#~Z$A%vx3qESR(*jH?4l^R_>p2;Rpx zEJf{9uC2t|^B)1?8hnM{d!rB0z^xCIV|6!SVR5QCzU4#ogVn5c7X~0TjCG z@jA`Tr;Pe`=->bPImFU99j<5Oq^O51?2d10c&Z?pkqg2aqH(8N>10g6O8;1K)v93a z9EPpNygT>gVkKYA-=16JTW_{QL-5+~`j3t~$%EQpT#P!kv@=9_p!n`*VlkzuHG=N~ z`A}>?{r1$7*VuW6;hLO|L9u9{>IVu%^L@1xvUxd>Lyvn8k>2l7Hd-l$eIb?@WeeaI zB-68!ir5_4%!P8MNn3l%(JnAFI#=(^e3l9u^FzVwHwNw7maC>bYu93AduKw$_WWmz zJU{=f`s~A^ONf{>gTwyr?6q;RS(p7Sd|v`7v>3UhIiz`G-nWke#MY*hi~a5l>@6|p zr_A_(S(BvcY*Nnt9dhMTW=dD}1M8as6>?V12A;r)B4>hQh1Nt(BU5&`avKU-xV;`W zcSZ9kEo+3rJWe|A&O#S~*zmd6Xno9%%xxRz`cZKYZuJ05Da2M1Is-EF z(7oeKZ7MUvw+GOr>(cuPCN7AK+x6R5Y6SdyBlxNo^mwHrZQcd$F)Xk3iU}1F1M1Q1 z-n*%&;U8kGRca}wgc<20YDTeBfMYS`?e2uLkEXUH?q>U7J+C3XDDZ}-PCCjGBKUoL5MuW=O%U!guW2Qu7+?zvwUD2yg9ZKRISNFeG6ZFU~e!cO}v?AAK~=x%e`SrC%!P%J?}`tLS)?E>RiUC%?8Hx2$5>OM!e?th*mu zj3vv5faoF>;xyBq+2GEf!nXreVZD_2!u`YFfU2+T6Nzvo1qiz?O}zFHZd1G<6A6DSlVS*jmCo z=`Lxhaz6-{?*_%Ke`gdGejm0s><4B0$u6#x+%cTZoO^TK^5N zj+Vsv3M?5^uK6G1i_eF4dmtaDd?)Je5uR7hjy}og{kw78OKJDRKYiHAjRJ+yquSd< z&B?6=G3^o!MHz-RVD)i(a~u>F3huqW0coc;pHY9dwU%MT=VnKbb2pM7Ld}D4E!=*e z8Nzn!e)iy7Xmw@lZ7wE@vDN;VP_h*_E930WmYPx+8WO}@WX;e z$rW^7kYf$trd{9Xqs~`;!%;H6m7lVjrjBQHg}rJtSeEXSKt${v%T-#(t?FVQC1T9x zhcqYw>utMM*v;|>IH*{w5RvS^G&`_g|NVBdFBj^yJZ7~brt+)f?*iA21yrL2%z*d< z63BkLpjN=k{`ExTcx023CA;%g`8SV&XU=STW`m`L!o@m?ck^|&H6ulkJ4ZRa6$m!y zNH;^~31h5NHPa4RZqq?;;Jz*p)BaRhu|QID2t8sasavEJNGc*~FPK&`_m_9Q@5Z?K zfxS!YX>FP-TH4-IrqT^Co^0hP*3Dh_u95n!lddWGYTexyjeUD+k|$dE$J{q>&fb|! z(^v!^f|Vpp?I5{RZpJbJt9Vij7_-b^DlXLM<-o3(kLQC@#!-EkK%@ z7)D(Ed0ITRsB-N4Oq+JgFt9i1_Z>-lGrf&}?);3?_X|(H&4&CEG#$UDAD;=_IGP$t zU^vpO-#dzOKBn{i1A#kP4o`s;JZ7(V56;%g7-E@~rRE$0G}{N_SMC1b3> zM^di1VFCz$H1y{1)T-B5cgI<=`MEH7@rylxT41om3f=MIRhs`A%8}yKP1R=M1!h~v zXtwRsAxBNfb1Jzgk84wJ;xyHe&hs?H=Z`_lSEiYIHu5cAN^<%wx_b70<*Vh$@)`^9 zV}7*L#N|7uNPIDGoM&1aQ{mhvgTC$gT;r|yr%u@|vHWRYH$cZ!qpzWB@*G}RSEtEG zI=|i*@ZERpo$ZP+ZQ`755D?Q6LQcuOsj=tS-))~=BP=~;q2(GLy1sJY z?QCS1*b*XVX?NG3d*gh9rk45=esf{};l}B4r(54XhQK?n2nqEs$WkiiR1#5AV|G>s zNO#J*Snq8~$mv2B7_#S$2tR$v)wFULYf^PW*_TKmbF&|JdZN`dYBEM#K2G+yeK_7F z&%qEHSjwFVQ3=pFeOp&gx7~NS+CcAXo&|Gc3J2%foZd$Tn2=NyVbBvD`8^jvPo6NV zT@q}^P~3RcerA783N}hi&A;Az1=E8+b)`xRR-Z>P!8}6?MQ|is?IT_sa-c4b z*4_zyts~_%6d8!xMj$lM|GdJjvDEc+*l5&Tp{fQx%;+-I@Qsa*2*4#tlaFq>+osI9 z8^U0=ox4{c1G`+0ATD;{pHmaj`YSM0|z79 zVV~~BN3b~YWABl(ZPR>vO>OC*J!x+ig`5Gk`{fgF9z&w$<#H_e5cSQ6&rM5c`(>$| zaEDUoY)>+1ubUlfw5r`0yHskN)nIf=m1SQq^={mL-H`1EL1hv$)8ZpiOPI^9S8^bu zF+uc4W~;|u{oE)-Nn($17h+(Kgcp2^q?`$Kc}y5I#}g(rAy!gO-Qs9AAlRDQej9CFf13}5(D-kpl5zguG^l-E<%jxY*vNNS z2K|*4XrJ2mdbV(#MU=haOQ&*iu?G6`4zt)E+h}xTm||(!rcmFC!Nv|{aV;M2c06Kd z>Nv55GPcQM1q)fMLC(W==pZhDmfnRyYwh!v0jiV;*+75KME~5mH+yrBmTQeZcS8uG zK(4ad;^)UkP~|jm(8FN^^00hOA`G$~xVqBPgGbubiq09!zSlJ0T1&BcM(z=Rp94Wr zI#>FZ{qFEA@Y|UZ-sH={4H8gn)A3|4TtmAUPF!MOK&prPY=u*G4E54U(^EaMRXtrS zs#RO5`hq{UJREXw{Y%Ui0&owYjQK6rxCqqitPXEzKGqEG&FX1ZiP4l^y?ep}mvb)t zoJ@V6(rsb5Sf(V6rO8zCQx*5I*5^)t;a&gX;z?3*Hk`h~#muo=i66oBF#QdkXJgy1 zpXH(s;hhm5zEfAFBd69}A`hJbz4tB-Dc%F(FkYFBH@Xj}nK$lbh%sGzf3IaT(Y-Uq zS!e%djduAe+o-eRI_fA_6>)DTHn1wuB3&t7cav0)Nx}SVlH2F}-e4V2yC1a|x&KA+ zup^ z>c(+Jm^ft+&j!P+PS$SwnYR>9UbsHrd>=WAT=A)zb&NkH+eTHpqzqyxYraByn6#j|fP zIzsJ_<<|q2z$|Pi3q8wpe$`xhe=u;|29zdiDOCr$OIt215l$#YS?o6ifEl;Jn!B?G zMo`;U-@Df1nEmB`jrRR9WTl_joy4?)M=N$79~=$WZ@w20sN220&gc&#^?A$~*^WFt zh&RA?&$dk`n$7_8F8tvN+`dz4*h!|3>e8K4a7s#a zGTEg!RGP4U6A!pylY&Qvu1wb14#$%{++Abk{Hka7{;I_ucbO>&Zq(IQzN}H>Gc3#A zP_5|EXBtP@?TtE{C8%g#HN@Vj&T|#tPVDZlAU8ssE!Mf=)E`x)IUHHQoM-vF^I$Do zPav~{P7@nawfXRkfK=EDJwV%?{mbO~IzdJIiTLRI18sfUr&WUL0X$LOW!nN>YKUAR z37Z5qSWi;#tRdh_ULO_nQ4%aqwYF8DTXux(7H80Q%CR+O?hY(>6$wue#^)x6PYRh% zmq8gE*FU_<5r29X=e52TIU&nl)1~R#^;L=5%^YUYN|E1$+xo7<%zhB*kTi;1u8{#f z+R(*cfhRfF)=tW9)Sb)yS>|)=}$SVFY_DdkM2fD^9mReHu65v%ws83 zG47|Y-dz_mQh$#sKjwN4GKkk^eiM1>>@C~QEm4oNfi8e?{a|-&Fjc3+zPi}OR5$rM z*(VVGn1W*@9-j15f?Lx=s^ep>fz%bY5=YkYIRdA)6lq{(@= zK}u4NI!%Ct^C)IMNBA%#-(#!N*Y7+4-S^4b+d&6fd{O;WR=;26vhcRN6#YQbZulZB z30+82L%e^Uw!M|pP|wKPE*&bfwqwTFXer|qs^qm`hI?9oH!G8Ht{xb4e%|vWb=&Vj z(8ExMMkw|;QMyLOjdosZRF3kKpN&0c|HaSUXLGR(nM4VPRjA{FPn8%H%2lp2a2J_7 zbCtIucgbVSddH{7C9%s3w}1G=l2=!~Z*_**#=|&5Uzc)67PNeTc~hF(u~On+&2s4{ z4h=~0gLbXU(z~zrAlA(<&M&iRa;QvWH}If??-Ii5!wDOwV0vSa)?vCHa^}5(zPM^V z%&?GF!*pNo%$lkWLBlSzNj|AM?;?-H(zO%Eo>?3wqPDZ}rG*^5Nx_z2*4!h#`uW%8 z9K9>Zrtm=!BOB$P@g%=be?}e!aqOr4TPY0!2A%#!Dij|6>3K;_UkSg*U@?+YI)vPZ*aqqP@&(vY|A7&)0=~_W5GAOjSOO@Fnkpm-(m&%pT(gYLD%cE6qdAo z@DSa{>o~jdc#c-_fQd$0sD(1I8CVEf0c)T4e&?6P5=l!y0}>NvCf5PySeC9k*|?w; zfbv~WSlKeEdQjYTjWh7vUD;)TFMK|$*-Ci)D~4@EwFjwQSQZqS?&Tww15+Cn7UHsp z^!x{|J7J+974=SQb31{4^bHgH{(#oG=9T!Z>*{3gt&!0U(LUF3)Feb?q1iAe!1hMF zphRt^JYG$YxSc^`SKD`ZWLA8fS9gw@*3+=fhB_P)glksloccf=%t`{|q*0 z<5%2&brIkDNuzIEonEROL*I+9D(5!0;2Dd>e=1HfmFLevG)CU7&&ufW;0%w$nXBA^ znd^n}Uf>e$3)sb4@FuHgFa%zMAqjw)D7+U(ba_kl6r`3K7Q2(roWkZ^HKb7rcA6q$ zfo3aP;{`fm+WnebX~uB-&*Wp655o>d=4d8v1w9VxvX?@H}!A4#|d0y!I?LTtKWd4wp{I7&f{|Zzg!;6=|&w6 z2qdW9y34#=c`i+8EF1Ei(ir+)&_e!Yrqx$g*1pw9h~+{J$JXa_U~;@w5B1WmmYQa6 zuA5__{1xi)LCkv_eX-Eas4!9g{!kwMFn4M$dSwUE(DL)ztwLv(;;f%I?$xV%X5PF1s%-gf3Wz1%t@V? zizBfNh!F!|z9)#_QCjbqtyz@be)hTlRABwKJg?kB{RljF85_Xtw5hv|eD71M8h=pw zc|#1CKuqK$BH3u4K32sCihsjTm3RG=L-V9;9JPgb?0gM8Ng2wP3tI}M9)~(!H6>2y zk)s|4n6NrEO4vyf+aN zTF=Q8_+7~gnU#^S&S;qv$)=@zn)clkzulI7TcK$yZ(&hUnqi$SVpuQL{kG=mFPDJ` zI!--cO-Sf%+8$?QXPUvRY*)Hz#YLDuG65REu7yYNL5Q3oM*{ zYgFuMgF-l2)ez3-q}m0Go-2_LuUR;iw8=)if*OiP$m#c2=udbeOLzjJe^||RWi|XQ zeJ6fu*Zcuhs=-m{)_y=W7n|tAxz5rsOm{aUci?KN+>?EpbNsfC7-?_U)4F=1IhNaH z7Ufk;>H?kZD<%x_@i6x5y3#7#KHC=3?UqKu?s5V9N$G-Y@+CiH;wPay#pVf9{Xq1Y znXw~JTR%G#HKlojhyAZg45KnHLZ~pgA2h$q?!3`0Lc|0zUBI#hq=gN^jA9h`<#&WB zLO*fg8?Logn>D0D+jT}a4T?1e^PM%!4*wiIcER_{CudHkjp`OIIa3BX=}Q#NRJ$AK z*v!d}y)#U?1z)!$bn)YAuytsyijt=2wsjJ0raNwpO{9V=gouEF1i&Mu?(r@HWuFBa z>s2!bGkE0-8Wy}M@2bAH3S|X07GJP&vNow0vyJCokU(`^A@U*RFEc!B^OXx_>F(bo zVydMmd&_$N+*%gdoqgmZk3pKmg9`3f-oo+!m$z^dg#W}f;jfSK&r@HM^w&zYs~UWQW`U_CpN2*Ebj+3zvpF?y zln?&Z!yV~7?#f|;^_YHX?tljrkh3=qNFchFMCvEl6kk-&X zYpVv1oA71~ANSq$Hg_N4r5YWMJ>$VO^`Q=6F?0b|vfBeY+Jldn@rRCrM$9aYUO~Tj zMBt?7h~W49-mbY8F4xI-;wN+mw@PK73hy6x3Fh1JtG$gp`HXrWGGaaN5O1=sxL!@M zS>H((u{-mZuK(SJaCHxbfMXMpd4su|jih@@(;Eb8Y;tOH4sJh9BVdhbONL8feb$U| zs!fOKh-Sk^qr>Y@g3I|B9ab}4<8PSgpMICdq)tRXBS$-pCJg3^Yh`aur}b#9-%k{# zAuF{@r_D2oS=$-2->EcY)4J`w7M*UELeJeFbO zMPFSSwZrR0?%*3X(F^YTX8qI(rErmP@lOi{Vc#c2(1l6%y<0gs+g|23{H=4~?x|!9 zTM_2K(n9pmlavJ-bs({C9H=G}_D3FI+;_|bK6{0SF{7jb1+k8wtLY;nnO_bt2jqqg zrQY_Sc)jMXL4-U1f1JGqRFvNqKCFb4(xr5xl%UexT`CMn$N(bJjdV&$E1e1`QZsaS zr-XEON%s)n!MN*w-~Zn4{?>o3S+i!%yzjgx_St9eefEAHfpLIOy;a(AC}Q9`=YhGq z56z!Bo$LGI5^f54Ng;FYWWt{%4q18A zZ*H_^zDxYBKgz=FIHV?Hdh{Um+2tjuzjUg5Hi+{u!G2I&0{Xh0{G&Tts~nF6d&s-h z?;OYWc2YkkF`ulVX!zBRZpl@2hvf+~Z)hw_2=R1Q&87i`5 z?rKp}M~?~|%GaX}gMGYBeab@XD+Qm!$QK_dpYCsycuGPa9|0I(lUk5Ty#i*!ow z&m4BSB;CW@_ge^8*yt2PqcXoh;K<&&SR+{vr^mh;yg_pNV82qTZij;RbsB(deRBAA z9`GpK?)xaxr(KrYmX_M(aQlo03c-7Ddxx2R)B*8RH}>4*Rn}$83PSkRx|7?*w}Z12 z0TFnIJ}XQh%*;f0JimHQwg1A^Zrn{^E?*_jF0s{dWtSmG>D5G?2+tW$@6_=*&$oNS z^k?U%jro;(!9&M`E&a!%-fBeY)|hoKnoi?WOwP>ZF%3?IjnCY6x*q*x5uVXkIdhsa z{gM)OFHB>@lnT^7m;Nl=$Y;1rUYVgXKCKQrPUq4mQSf4WLTz@#QwYW5N!PxLJ6$jFQk3N0&2cZFp4u)OgB0SV%bCe!K4C7>*S1 zb9kH%iFLp6$CKPpnpqETPU>y+Vh8dh%_na*=jZ(|@WfDC2TX?xQv+wuPxwFR26%rFmwh-DI z;Q!j4lWP`#jh42m+PdwFT6WD2>oRTKbmvvL&?lvltnnLyyrG3LWPoaB*~9HqA0R`b z?63q_8n@if0nnP{5o#Vd=6jL_0A|Dj_S~s*UkO6lh^YxBsrnLm`lH;j$ZBe!C$6VPpu9%$GyDF|TnF)o&>H0=Fpj7*CX~cM z&&zGHWWuZHY<7K4fQ$4PK<<_iGdXe}AFR%Wbu2o5Vzn3aR2NoUJxAF@|)E8;heM!MA)`^vWJFcz@5mF0> z?J}->$~PNzsoqx~$Q51ySq1${e;fq^}{5m zHzL#O9C5c5(2eWOZ8ga9p7n5Mf!wG_!Nuu&V|XT+u@|!|#e>S>%~57gS<^|wgrFkk z`yxou{4!i2MYIbT{nWNe4?U_0Vm6FO+xmo$-9G$K%QhT!c=)uZZC1KdRD=v(q(xDBS&LOYrYAkf;b>UJ4M*3aXrZ8bN+ng z^G>OFXh)ybi|?hv;l5!T?v47XD`(D?1<2}@`KBwyX4}p3mDT3jp4(Hqy@krONCnPN zPP~ZBq6^Y0>-|8^kFR+vda`fz8K6TcnEH3=-9t{`lBt8WCzIV}!>$*cOlvmSZyFMY zbW_`GE!#QeHfC53Pwv=?FtstHI(O9^o4%e>X+5?jc$WICtMOFi)d4edjxs*=p6_ao z{Ks!cPCJYy&%0NG$`xYHp|voiN8L4Rsx2OVp5NSw-!Uvb+sNGST6BP1x?D|>kECC| zC01a~+D=@v<-FS}*Q%gOMH@?W=!#NHC;WkGfU^x z_Gr}2Np|MxA>X&bCnB)S3*DmB>5tzldsSlTs_{FUrK46_o^72nBa8QN)Sb{mgLGqE z;~dZ`V@q6;Nrw4F^8fJhigKX@zgNAj(YWJtNQrQ;{shf1NqO7q{$v^;$@($UN8L=6 z)q&tP`30ktTQ)S4GMelj@=F>y2Te99=by#&(<^0hFsY=N=Y_qu`{`xOSW>XQWYt;iCXbm)DYl>EVcr6#2K6*ak87s*$kWcl+oo1g*#5 z7Uhet&UA2@(5?Zn$Hi7$@(zu3 z(;PXi3OhD3MdE5~OAZigB+1zgC%i!8cznk!=84s0++?%sH;1jWag|qllOo-pNuE4x zB1ia5(#Ic+=lU~`xe?&g^hmC)bSww^@|DEwicL` zG4jc7b7dJS4uWzntOlHC3LBN{9ZV^Kfpa?u{Q2#v+#G6@?9U=8Q(_1vpozHAU)O&p z@xsvb^sN2~vo91GW7y(@-sw&~$L>^6N&1odyh}U6;wNMNw5OF1!6QE<(OXOY?p$wk z2gPQ2p`*Awmd0FEHZ4eZh8aXN(vI8A!X3RGhdA3300OOoMnz0J)?ue##M*+6ila$_ z?Cpzypx27Bbo5-kx{`-7;Vk-swEaGeiIJ9zfd;P@uy3|pqCMt8fPyVQ0@*L&8*We8 zR7PmJ_wIK3V>LQWQ~Lf06uo1d`S|m*Z3;5(Tpp{i zduv<1%s7VmVM15%upLdWABvkJE3fmkOYTUzI1@{HZR|5D9Xo6UUG|@vrb8a|g}jXH z6w)6dsvCQmy)9rirKIy_{^Y)fJ%-I&kEt&X6y?f)SW^>3BXNVp4(tHpCQRA*^fEmX&r#B`4RQ*EHPRm#d%;OPB>s29MDpY2w)gO9WH;>n`EjCYLnW-qkVD> z^|~6Ho_Y$vZ;6pJ!V5qNOMBBxy}cBxI&SBV$_cU6$%-O7n)|1K_fY0lqhAt-V0|G# zEn0>(VRtd8O3d^nJn5o{rSgc95o2vw1^`@k4)qxe02wQ)!2LGO5}<5I3i$*OoGLtU z%VL4n%;K95q{I9)#_EewnD9$M)&84;Y6_G1I zi$ApQMZZ;!2AWJ*2PUIyi%YzSDaB*8-2K~$qSDgQk0082BT23jNT-tG59;5dyYNuS6clt4I#AVr)QEXt7|J8a(lC$f!>%bw zIlBFVrm@yY;@i)W!|yBVkkhw8sUwc_2}rTdxPfO-&AQsvZGetA=*Dj>&yE%7p)-bk zPm?!mBFUWWp|Z=2XDYyxdT*CE(V*R5abBn})kY3AQ0yET=>}|e3DL^JTG%Z*?|ulp z`gEJu*}lN4=bh3-k3iXzCnevqR+>^_uh?{p#*!{~$e*SwV(i=WT{M02--_kLr6-i2 zwdn{xL_-{KGNmTbVGkZFK^iwed{OSg@uOL^XP*?G`j<3A-jsD`acz;8}5!GH4$0@DuG%VyR5E&XRlR3FgDZwLYxy)gbF+t8YtdyHp#K{af?) z71=3mjnwA%Pvfv9Zg2FuC$sSpW64Zh(7b{PW zXGCL>YgQ*r@{rpgwD4K>03Q6|zy>_b8p_P0IT_nC(S3Y&@xdlMIs^>L%EwPu~)g@M6RU=P#7Fdn^3urUS4XMGkSj5 zpGzaQUUOw@&YUQW=#UT_odBrRp4I-(x{+)4 z9gql%Kuu!3$1_%St!;b2W_|<^X6>u#ZNjfi>$q19^;hXs%8U6sDw(6Gi7R2cKQ13O zIe#@*Vm5)+<9r41_hiLrI`vE%^&~PU`rn>qL;8`z{V_JCOEunPjbc;)X3@#|!aKf;WrdXe0vEp70?Ggv*V-Vyh-Q_azcG?E=0)OMxd zvCN(LGQnj%dt*fp7tM`CZ#014p>|y!5R{UeOJg`qhCM#N|8+M`-;j;sRGj`6=X*cI z_O``%lCAt#Q6zo*g;RN*9n?^!4y-Qfxtm8p5xbo^`Gr&jI-jFSg*@EFBpxi$>;s(F z7Qub{Fl*Ye-K;#^2HNk)ID&B-8}=V=nrXvqL2dd@>`|a^#2bX?`L2we9>PwS@>Rg`qh$vRcvwl&-v*Irn5Qc>@S9Nzvu`LxP( zEX`-l)A&H)(tf0BKSU&M4T~pkP8BqAHV1AXd^b|AAMZ!W7K|^ z&JCS)h6wY%Tk!)JwNkl<9g;~YA0(^qgW?kpy%PeBo|IwC-Z>fawc$gmA@|e0nOv#9 zDcS{c1mk-uGYzerBJKCoYt%?yu59QSs*E}sjU_Qu!?~wZ6+^cxnNDr6paM_ZDu{!; zk^P|A)v@w^b7DsevB^&PF|tGTy!(02;ijo7q2v=^4Cn^eXC=f@$#Q-QRYEg^ONBD0 zghYD@fEjf6mJ+vFe=GaZ+cby7B%C+&p%ANv(q7HfSeLqtCa$l7nhil61Z~>az@g7hgG}q1#Zd7K8AX(J4n=){epx}no!{76(A9j|aPexWeGae7 zM+Ty~aOd9U{Q$bIoSt>pfy>l4P3d?i5BCI%8ruU3{!0 zusyrqT=YuI%s>fEr;fV2<%xW+72Pz4#f*FFe zzAVotJ=%o{A#bG4?yNv)fw{CrVLP2BID=2x=~u!jSVZ&srshFSUy6e3mTB=JN3+Uu zB}wv(8h2eygg=YG*oxF5gHOBB)+z6?!nhOCWzCz&Ll=5lUV{isvk~e`nm-XCLJUHT zbW#+K6Aq26D1*q@;*JlW7v>FCKWgf6#NHVFcSPD zNyHyUV>(FzVz`o1z(c1)w2R8jm`5!rF7y&F4=`A5$=qUnB}RxEq7Q;djvRO9kdTK5 z@QLiwJpe{5SCL7d;~{{MOr)E9h_U}&0;j@dHj`oUersX|L4I7sHS6INP7+-n7XBh? zSqyC1hw5d|W^5n;3~)R(P=5)ySC#>TL&V}Tp+NjNh!M4y>WS$AK<^TEGh)fnrV@3K zq|*(Q?dB&vVzz=u&tc;B77 zYrZugXeqCo8b2haw zAPc^f&cffOpZyY|vx_4UB*-%Q?0^w}6szYLPZmq7(N>Y3z zwuGn1!4BPWnlHAk2K96)0W!|EbCv|9N8J~7%DsNeCHk31xzC?hi?*CPej&18hv};+ zd|#T^y1jBMB^h@o7mLNyVSUKPL3$cjqE^@$c2~gCO_Fet7VTV41`)~DyWN)RJfJlq zMM3k-wJ|s^44z+l4N0z9xFb*R@!;nNvvDaBhsSN?uI7@~`=J-1)+@CdC-X z*=_7F%%FyOhlRn$0D*%cAt1028p;4ktDVq>OMD-0qE?i?Qt&F_E&u9=i(iL4M~gD@ z#c`#S2OyY#cx`!qC4q7qUu>PwUU5EyD+TCgD?keW%ChQ$8*y88Mrkomw`#bSdkoagDSZl$66^>_?kLjN)qp#<^tahCfT(c$j2QrI&gZYn5}xP^mX9<_k|A{pokU1XHB;yJ;lAoke$=I{tc8omRUYVn4!rbJ zPzi_^59zg%WGb;V)Lj}@tRQ{w5cu`sGX1R3l858_q5PUE_qy2qo6DGp$p)noh3qny>@zn7Tosp$+TmqZ~k5iRS=?k%rGu;z^Zm0B6$4H1ssA}an zTG&nQGD*+3Xk+B4JTNx3p*UOq`Z@f`^KZ{M6+BK; zW&8L*vv8!}bMw%yHr@bndxW#+!AF;tH=bGK1nH#ta0>R5V<&OQ#R1>cKv*3h(J`&VJeda^nr&D%$aOO#tCRJ}un=~HM_ZlYcQ@y}4 z*l_G-nlBH`faP!JxLkGL9qifEnxP5ClA&~e@4h`M$}JIVa7rUq*cZajk)d*sBJwjN zTVoROxk_`S`1TI=o2g0>ol|R~Q0wMMzE9=PAXT?d0#IbVu3zf(qUjJy$yfKeoN!*^ zlD~u!r2{pt97n_~-h1gJ0D?w{s3* zSX=>&W;%qA#&=CX_hwz~6K0rtfYtnVs>%tcSOYgkqbdoY3YmNmK!ew3A-GwowwP|> z!}5b2A)mZqT!~H9Z})W$$#^Vvn0uI+4U}m^6=K^NBMa@xEq0~1k4J3uJ(qsmRDPBp zek#uC-mQ;Q7)Z-bbrA%etkNqHcVr{o+i&7#>_Hs4Gw&JS9}v5}8|DrYWe)tF%zM1_ zAHxl!$3H(~jAGPF^0^m&`eb+@ejBk}W3pBL*;UYJtDLyj57_MJeVkAs#p5eyMAFdb zwkdoz`?X`&Z%gT3)$e%%8)jqh^9h^8Sq*|y8GjrtAV(%zR@2P05A~5uj3=8E?nYZM zp&-}7ItvEBr#I2&GiF?!^A@^W6(A-9=nE-IZT0$!|huHr*Joq#znlyqlX?DBU`(TdreiJ_Iv9d$}=B{ zAPoG=S)%MKb&^!9v^JP&-$e6XsLMy*R8l#Mr zh>K<%N_8AYwqjsvROe~w7n%cE(A*QRDCf9<`fI`)w~iz}S7WxQ-^Wsvd68oR-CNlFkNO}; zm_50_Fjd5&y|DoEV)?XUq!qxOg7#a1$Wq@#k`iZrN0M<8RcbX;D~I7%j}}uin;@2} z#!%17rnXafA|yb=bkmX$Z~&jQE9i`ICb(yKJ!() z47q`ca~Duyyf4y5&B3+)=@VOD`&E9v3Tcz-oR{}}rzx4?p_?&Mm)62h%`Ojqd=zO>(17@) zK0Ut2!$vRMTww`let7PzSfggjA1RTj`e))nW9~UiaF?hdFE<=z4?O3T?kNjmp zlZV%6C16J2cZwX3ifaa2NeZf-$I^3GeJZ0{6RuU*Fm#76CHVlplC5SUPvmehdRTl# z)Xpi~l~yCbKBK^-_wn)c#G_d1TZij5Dk{h4b2DYYjmBd1aDDl9^INZG;tR{IdB(+n z+Z1mAN<=z)Z(8+)<;F5A&Kfe$w0$(7&UD06>-HT!Jm_F58&=z^*86>uQn~M6|Ek4bar{Z-MA>l3CJ19K=9i zrydy|uPU2)(N0QBg8s<$xK>1y?`vDn(HMT;3Vu{*s-i%olL%rGakk-`S>C>ff)Kn@ z_6hco*`Pa)C;5jYKtpXE2Eaaxx%6GN5Cx(9TXmPxi^t&^a#?pkbVB3>3GUBcz6pzW z7;os=JwCsu5a1r+ZM9K!o*6jQ@SS1WQ&X&VQK*ft6s(&O+;1uj%`)gI97bK5HYErV zqaQwPL48%*<4Toy96|P!qzFV(j6gof*oEFZvsaTukbin2s+G? z9(D;?q#M?S-BB>C#o{Et8mdgcjqlK4OrP5@l%G67QOR*@Z(pX0Gajvr$wO49oWYL) zy+RmagXtnL2tpJgOJzi#?O|>78^xxnXkkwm!)G8c$$?KxVq3oQ?@91t>)D7H^DewF zmhhV1@$Po24ZE1txbXGy7#Q9$7S-8bD&|Pa6talC&#@#|v+OC-w-j1!|Fx)%a(F@l z3z4!m{+Jzp z9nk?_5W2ck9WZMO*p2dutb2=xOMOtZ%416ksnRub;})XyzF=wNF0C4iyRV*kkdeFaRblpZ52+z^ZafGFz z^AtUNpSGQSrstY*apQ}Jujh#A!kF{&f2Fbf3R*BKZWmc50FDGfrX9IkNUTkw^(YEDsCRcF zkZcGh1?B4{CNg97*4OC}MnSP%xTZA4fIpoa5H8!cU%Ymk^+ub_!1H^78$mORc0-S{ z>9Unz^Dh=a@~6xG>h|ECm+@GLV*dwhagAMtfNe@>9rXmPUM#hHNX^fz%e)Jc>1V|- zM2dIjaiXcA$+tzgW=n0aElkHnq*s+;9y*rbX#V>r zNM)<27=|5wwpFDRchHBmwg&h8V~VU+nq@#F^C2;}N#PxgTAZ_**Tb&+#a1nrQ-^bW zh$<)t&hXzCGp6YSlt`69gn?oYgGh7q+L4iX&#zWe>yo8zz%TE9sGANbEdcdw?2D48(Yl0aL%rLL)1H%w9lwV#Xu$! z@A!!#4%QGS=C$!qks1Yc2ze{TT33u&Gv95GkMN2ho973+f@w)Hj;!T5S=Vc*LC($3NS&ZKOQ3@v&G0bP>CWIQhdn)AtNZ?c)b5 zll*j}=gtr+hzYDVJk9(Ws1OE1YIJc#EqpsFQ+|BL{P_j*X<;b0cy476W*)BmmQh!} zc1tqJ8vDbKg*%gh$AS~3mUdh8HdkRpJ1H0!v+Nc}_kvHvj$b6pJUAR!dt{-@>Nj_W ziDh80l2)rioFSW=_IAzA%oVB6i&O+A7-Zwk*Y-xv8R@~-QU*kI+@=tfML;?ZIyPQ? zI*2dZ6kv4}vNP+k{&o%1R&kl}#X0TKB$ZBVZp*K`sBfe|lhX#4t(moD5qzUHGFu!9jAH zW<2FM2KOI;1IZ3vk~W9d(^__b+JDyrRzU*crir1Ge*bV5^*C0B!r_DKO+Vqb@WO;A zzPg3)$@vC6g!p=ta3@{2YrOR}WGC?Pa!xH~xiJW3kcydOQuH{ky~mOsjz}e1;}wQ5 z;^5GG7g<%|D-3n>Nu|G|ednEJNV4V-cJy}oNH?s{ToH3PJ`vhFA?V(6IBNINCMkGuM$2i# za5`btmDI&w9S|Ujnf{F^qGA3i;6D!`$so;Bl4K^PKw z@@4x5cEAeYhmzprO5(uaZ*I~JaBwD#&&(wbzorP%>fi@ij<+w{uv8735{PRLwt)Lx zy?W|$4iX+qw!Ykw)*=~XCzPW1m#+^s03l&o4H6hmuv0mnjwe1L{WsAea*HHo}^wk!+lk^WZ@$v8_O=zX{5CZ`;s5BxRVvA*q_?nj# z6u1e9sH`oY^l!b$o49rj7QclRQ_#WyAC}~J{zN>BT0OQK=L86v2YyxjR6n(X#Zf)W z4Tu13O)iweI@Ga{7lN=D?!?loPGYD6VZc*WZA_AUlbA zWt8SXKpUWtsmcb+l2<(m#{9ZbbUPxQmAuZ)+Lvtd#BU1=${-7hj5oTV$J*W`ld81E z=Bf=kZ{2$Qr1WqTYfk349=RLzqA*V?O`D;b#6#s+qsK_vDvd+D7^fQZ?N>C(+myLW z_+GT~#i_Gul+$5t@5iv|zHuy~3cL08*7u92tsXC3l&g*^rpbscu^=vSvhR)XnLxy6 zK9}^770SWs`bseE1EC zp02LAM)R69V2i5+q)XRPbh-{zo}ruUU-508ewC6H)2OsQzdj|I@w{>uKW*?Q%C)CS zwsKc|@nS#EPU;@6p%jWm|2JM#lF9<2!(Q z@2;YBBL#_$R%ZwWx$g`4a$aw09QV4H4Mp^V(7__xlhXOCKA$SxuU>nMxifhimSN?2^%@U_-#+vT9KD%>3ch|>=xP3ypNxKa~+7@`Ow_pv8D^a z0X2BX(_hlFwQ^!g9_o&Hh*tG>ryS~j*k}YP&(M2MEY%+p8Q#ah`~HcbJdscViox(I z1N|mu3oUbbR5(hh`IxzMIQg7TX6GrU%0qp3KDK#r)!=~F=2yrGiBpaX+xH9_8U9F0 zgy=E>Pzapp;j@i+NECr7-(KjC1W-7}A;KL{AQXt@M6266%8eHKS%J+)aiYwRop)X$ z-^6d0fHkASBg(n_6gu6H#@Z?g?hd+tE1QcFzm_!eF8OJMq z*;%wmf@j&bxP4J901F*YxV9NSx)|+an{DRd*6;ZMdTgfRlR03R<~y04Xck( zA?}PI*?Uhin?gXmT8|#H*ZJW-L7Wj_>{8App^v~)tWO4c4ZVdl4<|wDww4m|iir3^ zYbaJG1u8?gT!ziqgTi!G*2rlkR%NkJnY(5|KOUSy9-S4-3afD{(1>$FMnj3tgb!e@ zj$uRrZ6J(t$pG_M;ND*yWw_4gqxFG%hTkd>qjpq`?pz)obmSrG+9D(ma+Q0D=53Dm z-R)?NY55D4r=nTiPt%zNa*t*;)1K&fV@7ZDyDJGP#3B7Y!Hm&$8?=N7&^<$9$(#C$ zg8q&>HBM~;oT-7zj?)#|=|30}v4+Lrr6y&Mh*$<3-f|zCWDV=~j_f%qua7Q-@tnC$ z!3=7=Lm(*KTF<}MbH-&~w7W$9)ee3H*R}y(kQnJL5-(i8I~4pwxq3DHnq4%wzHyke z*|tlaOZ{6pe`^RAAXLq`?SvEA}LW$Fk>3f^s#f8j)0K-daj0; z=&f{eN&8)tr`qo`bzjJ*T&lld@=a?j8wJwHwGSe{RYpO@ays|Vh|43qiQ%Xe#~WE? z4plxV7PJFN6U)szQs~Uo!je8|@u-$1m%e37Ibj;#H_SZMl{3ZEP0h zPVDH~QY>KOQ+qd~D<%{Tcb~kiIW<_5el$~==|{wgg5Gpb`#1_Q^uP=|SHJ(-5P;t0 zBF2CqjnSrg|Gf?5JrZ@wPip*yeTb#-q{N?;Kl+FZltMk`<&b9k*!ua_^V9w0ICLaV z^q7}6xiAzcjPVc@OD2HwDrp_`^|O2kyb&W5Rsa}Qmgld-K-s{!SiHow0a?pi9;6Ly z>BJ(}C)dk>CRCJ=1SpH)X524sr+drSJAKR-`vhvRtPLBG?n*ks#aTCuWYI!2VQ#2q z8efsu@mUm;c>AltL2_>S?8-DWW$z zh99d)1;YJThyGnyMp)jt#KA52LB>!tR_)?;K|nk@tS)v3od1(OEzlEsT4`@uWID*W zVz~zhDQz0*&}#u5!#b<~Yfb-AoJitaQ3DF3e877cr}kNzPwnnxU_)~6b)Yf-&eyM-t{*2xF|n?D z3(!6V7^AEr5K_gbfSc0py|1LcH4Y}tUDCin1wUQLC(oBt*bWUwi@91w-4QerI_|3d zlDVlJ&JD56xI;npYy+w#dw>-BE+jHfTna_||^Rw|YNQ46y`pnBy%w2jV`oRby zII~8c_LCL%K@vqVH$at6{RrgTN047mxdZm-L_o+OAT|L~%dM_)!U^bK4{mY#>PTV( z#_(%~r&WGayrd71OnIUr?s~%Weiu>PB4qa6=THh$%iV<&?w=ZM*rS6|!ehKrR z&uOa!?eggm?%?K!AE;NopJ#t$(OkZ#1yghwH3+zi9{*BI9t}NW8W?XTcnaHX{JFLb zjU;}OxPCN&W-?{)g+9PMZi)?ZSs&T2sxsZ%7|u(~)~l%$2zGz;s@wW)J!Z_}=RrdX z%SSZC`%)&>Yh!Rj8DzB~fE$*?B0F?4Sfuxp)KToU|2uG9saK8vX&XAQLaik zeuv~Et=`~L%>AdWX<|WbSL+&LCI9WdPSfxTAx+bEQv=y5#`ig>K`P$6NS~J)KeM96Rv3#xB8KfoK zy`Dq~F?o#7tbxKzsG#EXG%lJlteZgyg_m-$DYD{^NQrvjrFk*dwR6oV($?Fg$kjAd z{=2aKy{exn!a*EvP8773UJMiwvQr=|AJrRDVY`%sdtY&u&eXtQ9Z)_yZK2Y<{H9Y; zXs3I>?GS&9)u03O6C--x1C89TIA5y6Dw`eRSpjr*e^Q%%Cpi6=_jYU~Ee1jsOj`IRDRKOB1&b#ezyfNzapO%Wh|-`_0is~lLUh#bn7FpyKM;%3WOFM{B=^ZydgF6RFzoc}I@|HtP-U(sRo z7H0geu$v$COOgOX>?xp*PBLbP5c#6!%~NJ6#zU!Z05>khF7@uKNXyg{p1> z$A=Rn+i+6w+cR6svch&S>VGZ+T;;_{K0Odx$^u!0{`%RhUvK8Zg|5!`0V7DyGO%WN zK=MMLk9JWoeMI~(iKX9t&N?fCRS%pH(f{>|pa8At3iE)n{n^Ljf2GUcz_c3x;++w2qsB?fF=0F z{E7o$|KF_~!eC<=5qQk+=lUyxe?GAPFZ@q|xze0g(}J2;t)XNj@&b}^PnrFTRPoVicGl}h#KWw4{=cTo ze{3!x1!xyha;=fV@0Eq=1*Gh)uVOl6`h?Tr^12hAT-dUw;Rz7~gfH`b5; z9fMtJYT}k)8M86@e{laFF{TkskBgZ7y?VS*f^Pz;2o_^13i>C4aD5G~D44Pv%#%`o z)|b>rFZ32bp{MgKvEA`s{?dOOi+}&}cjy7r>CYXaY79Wo)qZM~hWrEB{-u$i*U6IH zRFn+AJLXL*1sX>CBia1+KbjcO82W4J^Hbxb{d0qn$o1l@!x=;Rr^6}h4`wr4)$rb* z8`{;uY#W=l!N>pUa7J8PD@%CP(SK_px$!`^5?w+Z{`BjAYoCMbJKS003I29N5Ojm9 zHUuK}PrK26eKx;@rSVGs&!oo7fsyInBpD9=r?at_2u9*mDem-dKW<&O%9r2w`9IlF zuXU_9cy>DEX5%ZhKVzpl3e+geCgsc1e>#||yw`V-Z?S&-(`?M^`SJHj_W!K||6Kt8 z^Jmd?AXT~FtGtN*sC{oAI?$>H_$#@8+K33b>wV?l3`^?NYkk@06)*Hp1=EQ6dIpOP zA#8u;3g>!)(4H^<-eCUc-X@9^uW~(u+jPSbe}-Z}8hlZlZY2GW`|RMe&r4fvw{22+^ z58#WSD5&5+m2GD2Ynjl#=otPp%{OYzhR31zwbbQzR z|L~{(i&+119N|<*D8C=6ngpJ&k>rwS@sG8PCm4hy4y^pY3On-J6^-16a{m>u|2Y^) z80RL3ol93Jlyjg?{m)R+%Dg=7{E@E|O2)%(Yhmd7KmX-l7c_zf5%<26`SV3uJ5V^e z?GE?JB>#-@|D0cpYZXPK`2Oz=Qoh&1_L*u7^KbKhH}b!~%f^5^I`9qM{@lS|x8jzTJekDT0#( ztU6oMuMG)L%(~OWe7iqMg(!kzSH&;N$%>)(o(x3TT^dDN9QIIQqNZ+KJJyV#F#dsN zzWL?(zKR{-c1a|&s)o<9;H%F^F(~M`FA7RgAda`K9z6Ss8|72=$h#hZpPB)a$0Wac zPu>pDQ5lPW+{?ozD?9(WH=W(=sVIjK5or>+IyY=}zo4L$XhREpu~x8n&i}6WMB&#;AHM0x{o4UaE5~PM7l-dIv?ca`mPrgI zVv%-mNELPmw9Lkzj))Fgfs<$jtPS$#o1oy!7(kETE#V;Jp=RU->1^Gga*i)az=fG9T0=!9CURkCfx{P_#plY6~Q9^33s20gW{5;paECq1N-<5n8`Sh(W_-kqCUR|3yXyPvDrxe z6E^MQz;A5;8>L$qu}M%;K)pfq+&Y*HmjBpnm~{|l(8N4<`>5>AkIwF70iGy3F-&t> ze-|*t`UPiNRTaiv#E*c@ejPg2A>Mx}w7K>rHLUoKIGoe4byQ9*C!yVIHuVcCU)Xll zw(uZ8tdmIx$TF{vHpi47$J~T))nanx7d~gc6*-iR)5Gm)c{zchrMETtJt*L%@y5W) zN+N2V#rrX|aJ`}WARef+JSY_n{*kRQ{=PCZ=zh8%6qmRA;*jI%NU-&T4;_ijCj~td zN*lsOhw*+DfSHuV7kVMc$I6NF{yXZt( z?Vc@RzWj_J!|FjR8m^3@u1<75_Q=v%t4`iWRsH#%g?2N6uO-;K>h@X3kK?VPqlYFX zop9kKn>#Q4|6eoqciSpV0h&!~#^3y}J5H~h#*5zKrXZToD|9@$z%=Zpf#F>6}W?8P;?JE=rWZ=KFsbd&{Ue)^=?$A-Fc~ z?!n!yaS873?(PKF03ld#36kLM?!nzdaEIUyQ|$fj^UXPHpKs=0v*^Vts_MD*5{e*Z zsc$e!D;Yd4Bl3L57?B#F*RvU9sH|uv{4LT6BIO6{D>QX~sm@0AjBM|7CJ-6pH364* zD`24-IH4L8kTvAb=z<>alvD<;k{oz84)d*_YDysRd1x>6?n{84ucmux>GW;047Opu z)Uwby>-6_YS>v&rHEA_WMm1iq@yM87T||8<>`}SM z2(58V%m%*T*lN*h%=W8!Vx_5D-W+^m&H^RaB&l(Kox@02=4qLQIWNt9m}9+jQgisz zyvm@kTPiLyvvjBN>MdV7!}2prB~|_PxZO@P)ZvJEOPOeRk9BH!(MeY2Hr33bwGEv8 zeK(Rk4QI2>G|l9wj&swtxyFh8)0K{Ph5%Py;teFnl&5sYd{*0JMdYmecl@8u#s%Z-_A& z-D3b)VO7_4Qv7qG$VQ4SW>nYvdH;uFY)V5ov_=tnkB8$1z7%+{`jEDzqMOWG9@MW}$o4U*WSS^#8&YFFQ*~I^-8NRX0cyAuRIN5CMOn z4~IDYA9;xXmf+*5fGl1BM^W<+Gt!nsaVFFlFb!q}kQtSCz`_Ty*YI$@!ebSp3X0yB z^i_dnr*SjZ<#7M`0-)ff18IdV!7dz`a0JNDsFZ*HK+!}HP&7uFCXmtrv?LCI?Bi-% zAhYIs@o6#O<;jdKKN&bXF+nKl7XawFRk4u>ZGTosmTtQ>FI_VTi%2! z1UT&ItRL7X$)+`{C-NQ-T*)7$(zG->MoWi?m48*}cqqaBbLQ+JgyT>~te&e@Wz5RE zAonjd8Vxt_7%&NJlK-jbLgjOc5&B3Pfsv#dh6Mv!PvEOk$K~mokW6dnQ)S2%kRQ?# zC|ydc5*hWDGMxHx3&kSQxQ|u>J`oEEk_iF|0O>BM^R-qgY<5fRHKs#oZ0<*zY=)h0 zu!#c{ufHe=?*HuOg|rp{vqT90Okr{$^1n4=^SgJ|FbBXt87+blHQn8Si=S~AGNCmV zgZ5Tl=hY@{QHC*zqNo>dC*f}ZW`njE`nb;Ne7QHd^Ez1tHVvFWdTikV4D&{><_#Qx zrNGX{Gw^Bb6G>@sU?ws^1!9IFaQrBe!D+YD$nMWmx$$b$v}bDXH=4$=Q`Yc{70@gS z3~ZSItmS4^ixs<$fVu@bFSiGok3Ip~w(C{wdIvzHau{}4&%RGNg~HbT4QY$U({T{Z z3s_(C0XigbJHWc@wf1Zv3x09gL~30(o<;%TciH8{dK)uS z13S<$c>R2dPmlEA2EVbXY!EmWfR)kfw=T?{zE)9&6lD2MoBiUt`Sxq=t1KZYZqA?DLvq4?0N(zlT2N|M!1J9s zu-;NSR4=;w~c zeid?gSE%chOCepCZMDBk5SNp3TYi?eKzQAf|xGel>vC*uB=dMd@XM8jO ze=R5mD{9rlUeCokI>W|AQ-9%Qbpy%#0Oc?P^kegL3-7!S?=w>g7aw-a!u)gmL7{bM z#zR)`-Adt8|Blk=iGzouo5iv9;7k%UID>O8lUR(b@|NA}M0*$Qf{m^n%x#-3v-7*{ zeX~1(VnwT71%+1gHs0a0!xlE(Xz!xUNOpQDEd%}!wUr@)4hJ;=R}B7&Rvt6w=d3C0 zIae(relZhbFuL%y#E#GTWFVZY)D%#lUskO>+l0ED#X0Ohz7c9jdy&`Oq4yNQaos-S z7<~a0lCPg_<-&X1hx%a41;c&oyGQgAHi?|4=Q=Vw5uM_!lzHaa#9F-v&lu)HaPIN! z`ESZp#`wL4^mk_3YcgcTY&*Q&dUPS`)ealdxH@z(=ONPU5p-=C_3MUeiw#IMgmM@U zx$L-l3d@<7>t9U9EVV{wl*wo_>u0ktGe4ev@e06U-t&^zn>M{UpCYKSJ;q||geO>^ zbMlc-NqdK{%B+#C$VR%ZMnPVe08dV#AVCv$dxL0T+OH)Kdlq8GnD7*QmMA~}r4o{R zr$lWBhOTp|aod3lIep3Lqtjfm`pE+keIC-IY15s5`0^B*JAJl!1sq}A(rhBF6_;vf zBQA$s60KQZ5%%I?XOLOIV!N)rdik>PfU}m%jh4?Ap3Qr&nfEJ{^*&?+)$4WCv+OW) z6_$*rFTv6I3?vei=bVMlf5LICE65R29GoSY_0v!E$7+RY!w8Eo+ZOuud(h(I{JmaU zILvQ%=|<0m>YH0DE55o-F7KzVLTLH7Z1OhgBqOs3~RMBLJwiLx!5;y7Q2f6Q?p?DLcmKf-~&tF|m@-g1a}zfXT?pZZTB@;_?J zsn@xp>y)YfKi%&-WK^?asn5;H*lezAPkx->0VE=bMf&4!@tC3v33-*2l&?ApZC#>Mlp1u!I}L*6KidNWqFs04|#ubSR6t)3<)_oh|_t zGe)*?ft!rLMyA!PP{VHk!3#RCQF9$IN@oK?Ix8qx`p*Ey^%{VK+5wVBGL4cfEb5i! zC*D1~+YBe1CnVBT;)!en-?LD3LlF!d43gegPES5ECEHlgSX}XlyX_zkP&E-!mp+5= z!M|&k?Rm;?DUf;<0j&Hd=kWIfrjhlc3*SP+oe_h6i1lhj#QBQRggKKMPLY0XpWeUZ zg)9Xc-#T=b(XVU+bvFP&!NYEVC(x!BsHnev5t}3JZU#gSMuD(IuvnyV$rJiC)E|z6 zY1|0NULM$zAC3z?lr{mFMDpcS!;Y&tol!tafe84fDZ!v1EF_=%5ly<1Y{!WbOdAre z#m`*pmtqbbH9vYH1!=%;k${3je`@;Wjr*-Q1c`Y!(?=jP`mDpy z>9USdl8F(Z)hd>nM!uwy&Y`LM9rCiMb7V-jtkB zf%V|Z=jZWPt3Ab`E4p{UE+n?dStkLOPp=tuFE1C${g7}c zIu_nMqXmg^i6-Z*FQRPtQ?`!C>{Z3%UY_uqsp}l;!r{*Bi~=^;1&Lo%Gc(_@>=tGE zB};vs5cdau{Tfki*l3X-ALptGxEszeyXbg03V0AXpYVeBArO6$U1GB%ey;V+AC{c5 zqH{oRzgt}qu>DN%v+l?zur7X%-V4F%J2QCQ`-p<<@!sr;YWjMzsr(mU4f->t`pBbt z^S%0;Y**O6=lXI92hS_X3qVi^6XWp$W?S%l42^9BJ~s$FQ73Ybv$>&tI99*bB1AQmF!MNdzYra~4Vn0v}OXQT<$rHj08Cs`K;yv9-oZtUBmUW^LQaOHTOgNXQXa+6&7hQI7P); z=j^onM3Hq~PGF2gIp1fTqmmz*|;D6u2PgHiXt#`jP(|Z)3CtuWF=!rN$8Vpj|@o66r@R^ zY~YmreON>v=tMl!y$uOr(G7s2rlrP^Y8#TF3w|ywo(i>o@ZAQTCK#c50ZUba>?%~M z6bLnA=UR$H&w>%&!0e0w^@NpmHX`O-lQ)R!l|B81HZ#R&!Yej3c$rdMLI;U(y+N z9a|)lu0bsC0Sz_$^lnVVK)hP&Z&)$`*mc7;gtu-`7P@RC*1=cJKr_sj`yMhKIL1%{ zjj5P7Z6H3dA#q0bPm9Prj- zBpgH6R1c|yS3gtqh}bl|lZ*bKxAjqowcIp=G|C{rfMO?(vhg8g4|De%aBp6h5osg& z72MbGaMChHSk{@nNoVh^bO_4~*2LVaBE66iX zuid2O{#8f5?3f-o>7z9{NvHFN7Ha46v-Z&HW6lnhQm7KOLzmJ*LJK`&L1(34DMlMk zTaF?@_T@Mz`Ms z9paIy0IxIVU5S>_fV&Otk%vW+T(6Aw5qZ)Njr`iCpW1J9><%AiLMTxuQw%&JD^hgq z^t@v=ZPl0EKNvKUIu{qzc|#$9g%<{zeM@!ise>Df1o-*7p;sOIoH#NgY`2@sb_(L0 z=@UrNVeLo`;L!)f;FakbVWMad_xpdfS75p&v8%Md^c+j78kHw}ebE{=^gz7hNntKi zUPRmJS+pTn>ME|O+bR&JG76$)5Ka^nm*6ckMU<$d;IbOi9yo}QNGfX?;V68-7m~%G zP7W++h_m(Ul}U++!lPL?p%59A`4JPJNyKM#JlB^;kJ?B1K4Z!^-rRM*kcFWw)Cp@o zs2JtGYI?FIO`9);(?Dx|fyPE)3_I$IsBNLuieZz~P*>k1)S%ApF>p>`y_ImT&rsp-8E$+C1fF!3dhqFXXzQib|V^-T^f5q{{u6yZRqI&Cfr+p`YPw zw0h3|3RLeRsqemmoI^wXc5+p!*6o1(vR}HC)R6p^R4P=Fe(|>Pxz@*5ek<)wL#nZ! z-8EByL~5?B!4c*BYNdY+M-~Ocxp=2$NALA|yW3Ab*%0S45uZK|3m}?o!9|C~X)7_U zpenTb2&s%|zc=}JyhWhv>#$yr;wzx;{MSgz^le}sJw~w9TYGHEPIy!?I?$>x2!bmd ztrjGDZKZ^AZDj;o4~Qd?n0E%CLXfsY!djB30z%0b8Tc}=2tgqlG$BPlzn1(;spMp*umAv8gw*i^O_DWC=wnQZo%LHzF1$ z5T;kFQWL5x!5|jP?-k89mXt0Z=avXnVhGCWOe(A=332a{LF=UgjA}p8nY_xncEJ$4 zf{}-0?;n8nTuR69iG|cG)AxL6jAH|ko;A}j<*}T|i7=xOYK!Rmjf_^#X(T>`LS}ez z^RO&vff^l14#{W)1}6fH-`}P04xm44zsmER05M3H3y{C+6%a9Ii9wI>>kTz7y&umO zT8p%GeVXXNsc?LXV8Nx35ydB&_{ue|EqYFGAQEyj%C*LAqi3|wf^761<;3`jWcS@q z6ubdIqw>c-Kvv17U$?t#X&jvet7o83Q3G*0u10&;0^SIHC7evS7pepx6HvcpBwwFH zwbw&U_*5|fagTe#Pf4#+KLU5%sZ-7c67TxJFs7q>*s0g@5`wRztI+qU2=;U$z;V9` z0Jh3r+rwd(o#}GPK;UYSVFZ7~2?FDOsWgZ6C`7w-BlL?oB>o6ob zQwS#CH=f86N>+$^I&Xf=&M1+B%_eHE^k>AjEGau=gYEcTt_T4MyE;~EGA0OX?^q@y z0>uD*0mZx&N|127fo3;q^}7x!^N$DuRc$fsKDK6x7vcSO0>a`tZ%8w zI~Uc>_fmLpgZYJZBbzN*VvrGhC)LRfy$l2)q`Lw<^KgqK^=XchZ0`c~T63TTeNL?V z80T2i$3KMN4k84lYLr{yZ2v+_j^!16@aygV>hOs{pOA!;?>JXWeg>jSw?p2i**&t4 zGr}sUH^}JD`uam@Qq9}?4wA=7J0x^DE7Z>?Dw$Z@>a-f&h^JG%%~KEa0^iG-`qxX6 zzqm{COhygbuaT1R&B8;U+88jE!Zls*hJGe00%8T!L46)!Wj|H&wkv;I`E&?ejO!!G z*q|t+HTTP}mYT2l4+-|cZV2$h?#kG!;~-6>M)T|lOOTg{9Aru?EQ))vh5WAoi-z*y z{@6o>ax=y{dz>#w+Jmrk0glm;Ifs~3OEVB$5p3($b+)t!K9a(G*kvoGh6O03UvDj2 zbooAG`JLz>rMGM;xP-cWhAT1LGqI~u=+!rR!m;6()=rE*jIY0p@V@fD2pHRDh&8Z+ zYS7T>DuWzl*h`~5BYD%h_x1E0!v`4x#{aCG|CvVrr;Q*{dmXdM#P0v|GXfljS}qQi z8A<%)2{CCZXfg>F_1iFs6zGt-dK~-8(g=3LQY7%(nK*<$k;t5B5WRj^0&WP^_HarZ z8t(13@X_07PF~A(Xh>B6oE8^hT6-%AiNRZ@Irmmbb2I2c0?tw>M0Dc>4iY;8 zo5K2h7&RBC^ysx$Z-Nx2sd3pI8}r6F5BUQbMCO#vW84dCfi&bn2zy3Ik0CAWH(B($ zziTLV&e20yo;`)}0AZ)!kaJVDKD-2? ze;5q5k4B&7cVlo^u}BbuEQdWr;c`*wNpo!@JjHxznq&iZ%rZ!s*5ES&vPk4h?@jpg z%G-QyBvi34?_kf6RtgV3UJ$DPkV$&KEe23yd@5=lzimcHjRNRV>k* zGhPR7muE>YdcRAp`_LMM70{| zAL=^aE`uD}-2KRHtY|DAuW>JgG{Ugrt-3<6FiG36@^1$mbrFPqTc4Gx^UPZkAiy`5 zGEXMXuqZj9{G812J0pki2+AxJV~W`f!`q_ ze2A_iNhH69bH+Z{En{HHZ9iS9cM#JIsgLsMtz^NRbKqt8>AU~KPtN7=UOs$sZe#YH zI&3g#rsz!bu=Vk(m3hj9x^%UfU-OV}s2M9nyj5%C8>93%3xD2mnF2j0qkbqN zb|bHCAg;)F`{4vJz3*-Zbl1}W4kAtoV}zzi{gd>wYKXB&@^DayadSCHH4;|jfDD`t zOhTucG83OPV~K@+!4)!pg^?8ml+9wQ-&1W6qbf>iS3Q$Mz`*hwCdt8Q!Ud)5DVMKX}bWTG#15+Fag|$Ni+E!3A+g*Sp09-VQz?xIW&(0bL3$3vRmgo0J8?v zx3P(&PbABl*7F}1<~FG;<+?CQHb@|~>fzt_h+jWLI)&M&I63X6AbrNa*VIkzE+}?r zlD^$G%g9ahUkzH?8bC#jomp#GDrmBf)}&D&?%@n#O6wK;E~)5^%1uhtP2G|KSNx9_ z05JNE6};ceKziURjv4IYFYg?s1_%g_uz~4~9ErBn@)?$faL8TQZ2O0i0diA^X4PkP zZuGEczoP&(nzGOIeGC*Kk+7^`wV12~K7i_gTu&Gh`Tk`T)^i{m{Z$uhhGzVf(`MOl zV^Hxiu+?!3lKS?!{bpJ;BI=MGLM#pVBW~S@ks5_^xE`^hwZ#J;-SwiXf}cevc3o2| z<xkVfXGfK>P|uhDkP6;E%<=6oAGgPSfxiFGkhS#wHb$HzR%56T6;7uI;z zxQ=2?7kseWE&rfHHl3Vf42NYLNu-zsn_T-xZhqNd-s}znA(D;^309+DE5*%m4Tov3 z84^yEq&3J#Ai_@j)L`~?%WRmOW)%OMp850YcX1ApJX}qg;9_Xf5#BF+mM=NT8{KFR zk52i^c>Tm<_;@_V#OO#SDM016xHOe2kME#|kR`v+5aqSk4Xq^oE319!5-*9o z`&>M@+4n_Lm5Pt^98F05!O>n+3Z}&P-Z%bGN>ivGPa$CrdtACDUcJ|+S&m@-IEM1g z^!7j$wVCt(0^b^Xg+<|N$H@Mtqt*h}7Vv$((MEezntnkz@aWF3OumTxV5Y?LP!4U3 zkFFx!KblS_7A-$~?8u0Rpx+K%EOvUDuW(hxyHmnjH3c7XLFf zf&ZyseDPGF!*&f1Q}?_MAf_4nA>Sc%w8pS)ZO(t_XNr~nvw3?J9<6>1p;&{CppcM~ zjrHL4>p}gz5{WMO`8nsZJzhSAX}i$o`vW}IKFN=zYP0BJBCIKr2tbGwvZEXn)qS7E z1nK(u-7^Kg!8`*=i*Ac4Viy`NJ;>U|$8m9~Ooz(_fWGjSxF_IX{n2i)Kc;sb68z&2 zRNSMu78&bHR1cdBPfnq?h8}=|5HuB16fw@^$&AUHT?Jqtq5IHFNjdc)lXq5&rKcGy z-iVLhGEkY-_+#iWSDKFmy?Y+h5Pou>JmAB*9O5Gkn{7xc8zM<|FC4<M*VkufqvvwX-BPZTBBVXC6|G7UTOLQ`!D|=)QGz(7)tI3tgk8kSHPew_3)pLh z)aj%k7%ep^jMbH+aHZ$eA2e2%FK0{P;g(3fC|lTMmg&d3aW;ND{xieB8>V{xtISz? zH}4O|VYv#u$v&ratETLX)eOUj%v8CH89xHLwg5Rur3Dn0Rm_3e+MtpSy;^1Whjj4( z-iD@yb)AJTPVlmpq7K$akfDr5gW0B=va8JfwX)JeK9_8|++z)l_HKlfewsqo*UvyI z0r|DN=%^gZ*NCZB;ZT$Pyqcz3VrqU=ePH^byz=jD-dg~~%K{brkBqkB3>=1du4X(` zx!8jeq(HnOb{ypV7e zmriRx5(Tkp8ObmS5Du99bf?0d;C`F}lKB8tnStWF&V3NsQONKZ;FZC|VDkP4a~-O> z1Fp@prnD(P0z!lcBax!zSX5e}PH7%XMd|HO{g1VMC95ycL?`enG&4=zX&8qy*eGr@j$ z{fKh{U|*se>-tzUkq7{oMAPMztefh57T_F7V!X(FVAvV9wi^Mlz6#LZa6u0S4GDoT zZJB~5RcVE*qcV5xpvB?$)-ENOdbL$SjEx<#z1unRh%6BFTq3n0Zx9sGOVucci?MYr1_5f@2on^b7R|*QQdj|(so%s6yl3k`f{?k=4;$=O3*xL*WokJF_-jr zOs|ENZ}FYB`!nyRWyJq5r9rU!puTzw~&difUh3F;SA5i9JB1cg$whG~z6xj5%i zg#%9zPMwc&*77#Jzg9yir4lNptB&92C^7V~g*h^eO!XF)L|1M`ta4L>Qp(cL`&Afp z_WHQ{Rp@i}de5x}FU}BTM>c>^w%2-8+om?_%<+64d1i$^_MwePIc|VXOP@B(V_%j> zz#fHsJV&W4x=N9@RsMKxu@ou(2kR8Jcjb0_A?8y9I7CZNwo+5NEp?$?x-jqDg+ZJP z%~f`dJ)g?#eaK8mn9isd4l%`aL`34Ony%OJXpJlWno?{O%$nVsDBVN3&F*Fycg_{Vgym2Ec;*h&HaAFr=Jvko-RzgA`*;UbGULm1Hb#bgZ4G?0h=^b;T zz|`gp5~JMXY(TRlwfCQClE%33h8TO{S`^n9a7ENir10K4nPx~mJza>^Tmaqy&Or+@ z0>06vBKs`K08a?>do`m_H5(G${XLWu>DX+}8w7PnsOX%52u;`?|A^%@cB`P-iFjMz zV_>D~i^3p9D7?DneON|=y09Kjd_o@)d8iW^YlAh$ruioL57OHWuG%vBOkP0vk=A50 z&8D0MmLT>g4&s?KxM&%W-)a4~3=<^Ju(}*x~`q16P zbi&;;HSEto1Hz7XrvFSi6}^pT&$mzawS}6VmU)X^;`bdnn1d^=;$zJ9#L`BZB4zZQmRsBq0SEgD@ zXPo~cRIy+RrO9J5=CMh;Z4CEogR@e7R{3@E)}+gJaH~0QOiZ#`=S(XkV~Vf72CB^w zM+U2UF7?!m{MpD?Go0Q^u+^WpgQqKpL;hnDFXEZLwQjnjRW5AMvf^&QxB&+ z3#oj!tpp*=AH3rA*Y>e>(FVSP)GVxQaT< zvwOvPm_e!SozYvWRTPk6+D5?4(K+M?JfN(kN}5O>zTeVB0$Py3a%_;nSE zGsBz6qq*f=XI7x)dVPg(K zsiimuxrm>rQaC*!qXDB`%x;%)-St;Rr6l_G^@A)8-b(8#@L(7{b>oBZ^oE0Z(Y9fdsP=V zLK$VWGD|@ms*|TZ2YMA}>aFg=N|HP;wL|%21&*I--j=Og0^Un&Y_SjH<2DF3{ z0N=q*f!g?SCj+6&3DF&YrwdoEpp+xSe0js``^Mp=-R6q^SVEhu-D@_O6LVmWSrh#r zP!oK1Q{s9Dc@qGjk7M|jes={IfJ5Pf{-m*tj;>!DLFruncHih;P>p#fSwQTQn6jd!yxbG#PEg9kQ0f;(hcR8{$pf2f5Fss} z*|LY7CI2up?h>nsunn4Gi&FY$28-Lu0 zIp~CFHaYespK~aRftnx6g63Tp$u&|!TcP`^@Pm>#Ycb#T_bKIEM+t&{+CCU^pHoOY zKIlju|NCLV-HtZ%5&gVY!!K34Yb|D|R?3t`7EavGMis(ap_QL%eAE&Vt)4_NmN1pd zk0k+>Gjs^`({0_aDt9NOwPzP4n3O8bopuYyeLI3xhb82s#XgVPToY_03x1~K(@!Jp z?^+&3MWM*2b}O&@3M9Ulx^u?;F9%m1vOHbU_HfS5`O+XD`iXnAH=p%+cLdNi^5bbD zZ1{vm8TByc^-sq?^hsD5J<1Et&h{+D#}C-sGdRXqeQDlWfPfzj--8JX9vqYk6deU5 z64-}*n?rH!osi+XhM>p9KtvqYGg7VhN`bMQ<;E}q^Zv+0{FdG8i;UW!z7MI)BCm!- zjUC_EJ09q@s>QNAH{k97+-QMvflMK;M>-3fi{cPb3WMsT(<%^8!gc|4_%@*4mk0p` zFNO|hB}A+IjXBovw-t5F3s6_N_)F4}T3U>xvQ*opqce`88mN`1kM6z?;dNAaRnRee zd4B3I8^CfR6>1+qXlPpR3D37Ou%5^XYz0{FVH~}ru-g{Y%T0rA#48YJ6;CBLb`AS( z1k>LAg$~=;DSly9&4ewL{l8PmC6USVz5`ja(+@35@zuL6YfKB!RcL~{gL|t1;Qt;g z0|mOtc7{_FTE$G8QKB(u$w1j)3^Qt<qBE0WXnolwbv6dAu4DEcN^=9|R`1_iJ3 zS$+a09hXb&1M9S9=+Qm1zhs@omM*w*)C0Qv~yb;WTIkRYtWrtp>DivlU zK*%!m6kFVzDZ#suhZ-x2q0Bs)GAG*dzQ4zF)wV9f|GD~}7#$g7*L_dYExhN77kNO$ z&b~L-0-XI`FeLcvvKJym;lnQ-IzAN1rw%lq561$VSOb<8vRs5;EF@p-KF=9BSqdrAIw))5?n&VE`gi2xYHAwOO<&JNEX2-i$e~+F#zm zUiJ%XZ-e~W82jzULT=Lo;k}&^>XO%fL5e9reCI}_T{JQ$oe1_EWMD^}i(l)D6DSt~71g6Y1p!bQ;LZs|WJCCjld|VQxyWDv$T2WmgSKd1T{S z55vpZ0P*m&f{A_2)RgqvdAF+In^|=`38YP&_YU6SuqS&0|T5VMq{ zfE8hh-RO%(=r#mfhMg}o0HUflaO-kLyD*T>cNe?!Di_~3Ogf@jGK$mDdePYQ%YRdo zD6zcjg@~IOp=(GQ+=y_P;$`GYF?OUjcBK_qTmXX`wkK%&Grnn zd@&Cy!>5UE5rRNRHROCyg}OYiX&QGIUsuTIIgdO``V`w8b$<9)yvXnF5N2=cF|nV@ z7RYUcpNAgeu((_h=CBXQ`_$j$Zy?v6DNlo`5Lb7efM84Fs@?FASbOIvQ2ha-g!+Wh z5KySALVU1_gBy>OW2(|pWq8TvL&^SZ9-I%>w%!x2s0`E|#_A{z#sGU-M<^!xw74nJ z#tW3`x?WfCsX1nBfPP)bN@`w~lQV|X!TAvS23dQ(ebqMnP z^jxp?5o9d^ePcXw-C(KxqfpuE0kr0UvcAkg!^v$P%!Sm4J6!8H z)7)I+<>VG-vFMC0)9ur|Na*b@mJevkZKkeDB^B`lZ*jigD%4DBJjw77uoMj%QM1$Z zW;?=(b+_>q`0xy!mg1rvtO=QBn!1Rk>*22$o`kB(_g#%WA3m>*Qq|HN6f2In*Mpy0 zep-C7M{;03CiFPT?WoU;zbQIRe)p2~rKv*WJo4JuCp#yOI6#QLtz$7(6plik?Q2TF zg3##0xXB5s|gfG#a151EGxB&8)f4dn*-=i_m@X#dT8jApxLY=KCYW{ZxuAzAW&J;_nG}GBvg4HQ)UK_F%_P*EIZZ!RFIQ* z++ux+B+z{U&GSk`E}_!~#X~1AuXa9w?ex9ctk<0$qBBJ9n_e{#cw;db^oo^3RwjQ> zK?P~}zE(M$y%x$zf34l`-JC}5dz=s*qEgaFWfrv@`5*y@6*uNnfOa;c8%9Umn;VG6 z?FVqn{135W%p!S4G3ukZ_AGOn$Kl7VcR2*jA{i;AZF? zZF2Nn&wKdvr_xREb6#fAfPKC9>JzSpg!lM@&%kQ z!|KhiG@Lu*50wq4t+eSCwCPo+d51Y)(6cUSspY;?VSYJinzx9Rb3`cpO^Z=;)2N~M zfY)CH=8kzODK{fz(eZAPsx@hx;W+B}N$sq%%U?UY8C}LYfQkeybKPj7LS&?8@qDF_ zvom@Hu{b@Lk~u83bNStOdqN|nD&1_T-=y6p5P9V$NH8TBt`A~Wat|BaWjHSP(BvCX zw=y-2TF?5gw3~QgUo@!%Fbj7ONl2tdp5jO}e8t~iq`-!dmZpKul?5>QPXy&8ok4pD zMk5fEuoCxIhro6TyExsxd8qY|1WxY&kuS z4g;|DcY5J8Z^w85c;+9M*&r!X0OanUd%0pSt#2<1OSg}SjGmb{3b=sc-edvtQfW?& z%e91&ik-v92pdU&G~L&G06+P(;v$g+e`$OGW47KM%$(qOawg-*9CQKdRs-wK=ZPb9 z7{f|Of|3Ap5iWa)G_Sh;XvG-VOjwp!4LnxUh($JB*4t?4LWOMm?oZZ)5on|*Ly5Fs znjqgIhfsp5EFla$7Q{wtgiJP$W*gwiCXr9Fm+f0V0C4?%n>jjPbViCs_>xEmCy; zgq(G$A&#@~g{lxS)vuS%mh17gz`4X+lU73wvs+E2+IYrxqfTVnx8Ip>LKewe4-Py# ztTa}|)y;LeAg*(=6e%v`WJQI$Wn1aohIEc$eScLMqFxg4e{A%k@(PXV74!y#zdogo z*ek@L9$?!?OVz*ma3OjJX@H4Il1Lnad%z1tT|&y{K0G26=LuiNTKIvMkU&W~efi=Z zlFU8Z@?qWR(5&azbix>%G|%BIJVXN_pH&1$1QOM`+;uF zrm-{8D`@z35(^Ar9h54anSQwhO+7=M5%D`_TmF;780l&{M#4yJu$tVEzDCT|0MWK6 zJaN&5=);E}Tg>vBxv=dM19AhOk>%B-3}YSB9c60J#gyY#K5I0`J}twxg?Z2$tpE-_ zChBK$Ie$Ja%_&j)lIa$Kh-Nd-%|0+>5;o9tv#+=CD@LJ6j1ufN%xhz?_!Jqv%sL;r zezWkvQOP`CgxWSi6ZGQz-R${GNzniHg6QtF`(1fP@$@p`SOq7O?R8ztM~2v%i{CMG zZB8NMrdGWB|LcHKF#$gQl$gJ+?@W=LL<&;`1w9J*T;qt~-H)VmRVX}SfZYsGBiKkNAS`Nw*S<_(b zc(Mut9%o%lf(1#yWsb$~_h}#?875nN(>0dKH>$m%KcL@B6hqtPgk(hcnIusrlb1bL zM((&@Qt;%%ky;GgO-vXVX~vyw(wj-!aXbyD4i;Fq zVefa;Sp-$CV%5u^;!GaP5Z=n(v(s+tZc#RMIsG~FmVeod30RwSk>_s5kZ+gLmy9=R zdF&m~G`4G9Itoto5cc!&j_;STO9KSc_WP8Vb#)R9loj3 z#FJzPaJ-q!ZF_Wurl;$OV{AuZ1WHC=lONbAzM0t%U#-I3L*F>YpmSoan|}RI+x9=9 zQ-W~1T)7Jg1{%G){Bk;;U9d*#l{4Rr+6))Z62h_BrY%MiCu67kDmoZ%Y-*JIqRw^a z8I?Qy1=czmZ|LF&75)Srznm1)0*ts6VCFJ7)rVkmwZZ+_ggfR%xl~unD(iEP}6VT0n z*j5@xGM;V?sVGmw^}Wl**|}Y=kp1K%oRqIHQ68{ExM8ooeSpO6jJ3Sky7TVX$2nLN?GZibvAv zZ!G>5@bAa~M**LU^AQp)I+PqulutvJ2AaAm>{EIU!WZc40Li5~A5~y>b(wJ2>nViy zT-ADY&9}qvQYcsLISJ9U9)|z;^X%^{{s>tP4Zw-Yq1EdDzMt{Bu>1gdhSh09Y|Zsz zYlz$teK=dF<5XK0B{sXABqc+FwJ16sgI2k>j%N;VJ_DK;DM-k%j1HPzM%}F%A=FaL z@P7nX{@?he$V}lp)TpazB!pl$O3iQk$pa491)wk{?X*L?&;$Z+tkCS`TV4HsQ)xm5e~p2q>oFf z{_mR=p8@N-KPCRkA}n0V6@>v5fIT3MS*ZTK_4==!xD+BJ+Bd}`<$D6MTPCSy3@?2~ zFoiqqRK?69B9xi5sTmKjdsuT5c)iB$;eapDpYYNddEE|Zp4R;7`UCF#o*%scL%_(# z(>Ni>a^s8LQI4yWr~8ucIv26auStW~wqqR79?!O2tJ0hLCQpupH*@2{@ZfV{{*`?n z|L&rqLoQPl_4_xin!>5eUx3Hk2fPmVSR#SXJ@|v=&iviGbNL9pBudd0Uvj*M$6Afi*1rJDYOhP-&Lif z?*-R?TmwUu;oAM_?Y)kdv_neS#CT2=AqumfiDyYVwVqW+YXQOl-<0NNrVRhnz5$)a z&wIB+N|&7xAT+gE=IZZ^Wm@bgw|Y7OGuWsKJ)*x(g7d3rp0mE+SmxiUv>cL*oP2xa zE8C7kCGa%*{_Ab|ulxN!KLpyykchzdF(%uRq{y(t!a{6NKBC+U?*l09YS(?%@uLz_ z44?fZ4YRF5rNRzMd7L3&>Ed&J+zzyVh+bQh?mOo*#2sAS6+Q=&qYtD0e%s%vvmG^1 zbqv+JQH4ou%>birIlxUDpFu$1n@5{amqsz?<0HFC+T9EUFf>lE=CDrz(&_NWX9wBv z*f^`?6}Nf4>M7K8LVj1NgZUEb&4Ev6=-;fm{2kgUMFnxJd+qVSHHR+a!vP();MSct zMp_pS+CPCFq7JTOJn-GU>;UrdC}6;|$GF)aVBg>BdIpwcP9D;@2CjQ*qg}n)a2-5- z0|fu1*13)?A)vgS`QehXU*wSe>wIKd;qKu4uY8ig_KNqrH~>sJ{@Dop-#-j}70yGC z>Z3sGG1h0w#nG)0Bo>;ZUWu|Yv0H3bvu~)$T)5EE4a2X zKVEWk9>}a4sjJEt0_c8u86$#3XOWlQ4DWpl;5*K@N2#; zIa0|^cb`%1_WJgRYy9t87sv+BKW0k`)Q?+6?jQ!r%5Sf^SCP4`*82>; z|6K*=AB~OwyuITMxX%73cavuvkvwrPa<{RuQ3N$t`& zt(i3WCOMumau+8g_Ze?Czt_kxxW5Ezsfgkgh05$toPnwya9qIg$me5_d z3N%{O)$vWCFSBdv_lMEmiURjz?e^>I<29yFcw8*VhO;GVUtW{c3$GFF%V{j%Cmgvu z%h1J+M>3RJe<_9Sz7wWFSplEhv4L28CMMSar6?>0vS_T46rl8cIQRVPT^f4T-yHI~ z;_>+Z2#)_btiYWmnS|{FV@4XWRMaV!j;-Dd0&$i?Hy20D9G0WWd{kSBbOtDl3w-+k zF`UK2S&eVYE=qYUy4+spi8EyyYnNsS`Ot_26z^b=IL8bC6PC}uUKeRVul%%!bL<#j zuZT!iNqX8r2ke$6tew}pp_&@BT<)&sxAQg_kX#}s;xbzVEmnT6$eZbdtAH|FDpV%v z!}9flUnUQX(Bq%{+S7%hh~HQYsnmczb)rSqF};C8hH1A!EI!}T?p&dtrC*Fut_t;s zH1?pXIybPld^U?pv->`MMaP_M^x2o!;FTcodf=Y0NZ$PayeXzKBucP--Kdd9gcSvf zBUlcz6&m9qS+Dv@Qp-c-C14hvkK67&+O4LME6cS_RysYjdA{Q*`dE!&q+5XDSpYTa zcjdb);?JyLUV-aICxITEfjE3}R8&-Bgg)CMmX_*c$LkVua4-o1oDqe?dyOsvlo!WT zAWuK-;0USq7PxfReMsk&uET5CRJ_05XSm@dWgF)Mvw!%WaaO9^Btv9JjQK;E@MrtW zI?VpW84Fv(-Nla7FMcnv%!N*eJ(yG3l=9V>!_-)m!wPxRz@37p^S|!|{_CAsj&f=L zzek+^^IMSk>#ZPT(r0H>%4J-t!-!fuQCo-a16EyBY7T9qa>H0^44RdSX>0RSx-VWk zh~JgB&0S*tdyX!1bx7Zri^jB^^!zc-G4%muQYwdQ7>g&7oFbQw81l z-8Dxe4L-!ToctgkPI;k1!sFm1X#e{EF!mNuRi=CU@ThcmNr#klOM}t^f(jCwF6jm- zX{5VjXb_|%HZ9%V4N^*X$9L};=ltLAyl3V;Yq3}xSbOt4_jAWDt~jYe7Oyou)W1B5 z!M4*0*~s#FhP25oWTJ4(k@3e`yLd{989B74khr5}9DZBPfK5IRWb6b(q8jX3p?2wriSedo8MnlT#iC-M}!8J2v~ zPOCLE{t9hXs-R1&*6szM=BJtk$wH%etVdKR2e-xxvroLPS(+o`4yo`|yDCG%Wy%g4 zU%tGMH{vios2}zECN{#JOc8PM{6phe9i{sQqU2%>6$M%x>=-)J%6=J22n*aPlVHg} z601=DU%G$)$8ARLAk&&=s#`qQS06D42!Zc?Y%eb)PlT7#YQkJlx>}-lpT`TRK1mYX zBxD3i(51n_X()IMl+5vLF#`6RvMJKD$ylM)@{^!Nl52KMASE-AOA71TsLpBG)cXQ=xj-C2zga4+KeUkpwK7Nz})igHcE8 zeP)M5qM~F1DiF`y1Z20%VJiZUZ%2R~7Vkc-Ftw~z-da>=8>u1)*84rXD>RPK z?S$JvilOV1j#6YWK9kF!-fZR1(Q0isoyGlT7CtNWCe%T1GP{wcz4cBWr+F9G%(d@^Q7P!_C?)reN%a|!5ybZr|WchzKMG!b?4n6Jc4I6JKpGz2a;5? z14*m5h!`@n+-9(|v#Ej0WUyQK^l>*(+Vhx#?A-Y@jDHQ>*XpqQkolqNJ?DD8H63uu z{_rW|&&iDeThe>H7r?j6@aE!h(0P~lSbGlC8)+&O>$t*i`xP_l8I;0j8KjjUk)St5 ziO#$kG%ts*$B;MM z^?0KP2DDMmlsLM(-j}a)_*uf_4H(O^pq4~yIa|p&YD+e_c0-dko%hvbDEae+8x_dC zst4K&7klHF*8%-G=KbIj>w2&M9+Wg+u~gq^ClH{DdI5&%36MxhcB$3ss&XsV+#F0Z z0u7H*fW0mRAFq{yR@-#eXfi}j%xxMO%c9AKjWmf-M=g9tIKDfbg)0h5Q3>wm` zZ!K`mrKThqoWLP!wv?Hzkijv=XBCtLfD=EVp+-(xH7ZGjHEkj!tRN}zE$xSLWarwh zN;TPEFQ-`3_u(putk>ho+!zWbXWB#%*2AJ%I<*olyRC7?nPq4U`t<<~upst*nkqVV zPEAXiISm>+q2|dL2;VDyoh~QQ`(yG90SYyVRyWfeDz!&m{iuF4(sxnszM9BxvJNF3 zL;;A%VO5~-gGY!x-^6`Arm*x!S-A{0l%8ve?A&lRl75W#v3+WZam)HPkS5Pb(x|IxS$}*IxCtLzI(z5W@hpAT)lHCaCm(i zfJRJ>nCkU=R-r*xxRiqfONYiq7yA!u5b<=vyY9|bMGM#)lc{9gjNcCD$l}7(s@%Pt zJ2wphT#OO;0T+Fo0?jf8AbhCc&P!3rQg4lPW3$ikpBo~7#qEq?K> zI`Tp0%(?25>$^Y?e$Ze^g`H8um@4^-WV!cq*0RBPjQzE@k_(OV`Ya9I`zO<@p8C(~ z)5+^!=t7%ZdT?rM%K`nQlV}PI6@lc*912o{1K0f;d$pU z;CDBXryp`v5W@oiZ+wrC{>*&2{p3BN6;?Xe5vK9e*yXUjY0hi zbTV^age-fh!WU5}lBdrBG$FSH$3fftfdwX?9vi5sJ`W~jBe$AxVJp3UAW;sSN3`&z zIgoai)e-or!O8IT8sq#N&E3m-q3#VpQM$f?wqNU4i2waY>rE?9*#hDqvZ#sXuJ9h= zLV}(`6_$00cfB+Vjw@mrgUPeBPtJ3 zOMkqXlNHfgi;m1W{?a^^Ru}W_5z}vkz$x=lGs z8H=o~27lgtpqL7X@z|^!quM;Yi%xO2Hua?o(4FI*mprD>urn7SE-Ua$HiyFMKq5h0 z;HAw1=&Yf)u`^?Bj}bi8Mh#>`>Bw51n+NShUc;vtATFnciBj24Y5<(FBPv%>>+kK9 zc-KdLZ0jq5*>}7!`vrw=iJJl7hVa@Ibng0@zKx&)67XmPfm!@<4QeaA%a?%;&wQd1*xLSFW{-79ZZ zS%5VSo7?<3mTv^$G(Ai=c@@a(V5D9#5TKM_FdD!n{h7jwz7}xhra|)n3Uo%x-@MDM zpN8|iA&MpP(?=2z0NOE^;H1jFU44wd_#klVm?u23M8nZfn^eRdijA(A$i7l1_~xhQ z@5=pNJ#l?ibxJpGo5cT=DPQ11tt85qJnvNp1=$2ja%G;HgzuPm=H#%u^b_;U)~n0284Y*s`=|?X28AX#6D0a5gH>M*PYK5cJ@~%|LP( z)WOuLgTH{OrpfRYc-6cEcIiBXr!yFNEBpy}%l!6ymb0%>2%a)L=Cz1KBgUB&{T|#* z_AUM&9yrb;@9ige@@O{vQok0q%zHpM2x-ddN*$gOy*-J6$<$VO-hSwbV@~*%29pp> z07g5qph@b}`*j(?8p7xx#+uU zizL^cuw#G{mPe-Nb^uqt2CQoipHwp86$iMVSNe|C@c9ULmYH2PRebAwCoFTFFvSw^OF%ud8{l*c16gBH+G3ns-N- z4x3RGN$WFbzS4S8)6KpCr`@2)%=M6fJ&Vc4>(Qg?d6j&3UbBNiCIQz;O@`{zZ)Qmi zH)T(k+!YklYkw3s%Y1VGxxUCGkn2=y(R5~uCHGG7WR1poEozg5Aa*~VB6{TbtfwO+ zVGW>$Uq|QQ>V;_9+IJ^fmdAqmL=wFicm%C@89ZhRr`iAdj#1O8f7$F*+ZF!+_jX&B4 zh@b?5nvH0MpVa+z6V3e#eXlI8D5MSdN50xospM$2pxL=46`OYE@YE}!9I06d>`mPn zI38WcjU8Rpy0kTOe%KS4x!-qfq}?@N=P|h2&w8Y&8D+Qmawca7eZ>E9J{i>tt%>5; z9skbuSDTW`QGgSvtyMSHaXV|VPKoG?UBc**3KZVTSBg>T6}Zuu>ZUP5dA{FP@_4Hp zMH<@*YbgD7c!&+uY;V5SXA}OpF*u_fB-*?zXIqa!`(I=uDaZ1=02ipr!{F`T2A+ay ztsSUq%Yh(h4Ukadq{2v&uo7K7zhCAf8xcNLryR>yN&o`i$#w83c$`&9Bd3gRj$n>xn)}qw&wiS=X4L3y@(hus6Y{d_r8QKEH3u1DJhcAr;QuYnd zGo{XzPax1n6l$aL9Q8X?NZ}n2vOjEi?$Qfnqfy(fkeEY{?(eQk9d>8mV36|bUSJY) zw)Yczth&*I5V`5Bd=TOz5sHjqzN`ZXIAh`A4>Axj$zuU(_Z^UEq(w>!@;gXHTA6{` zu9{*PA2Q-yZ^$lPFgY^<83|s{SebEw7a%(J;wlO0 zou$@$@^5A?<~yaJ60+h!7xXY`ytjd*7pwDvV}d}9*N@xfQ!NmT#4I}_@9cvP0a7|0 z1bK*-y=$My1>?uQ4#VR?^#h?clC}P%vH7ur>j^a-WUbZmd$3pim=OMjWr5Wt|LsdG z3+8!~rTzrtFDsGnfndwMBR#ak_wm<7W-~rKx(;}374+8P@O#H7fR`L+iD=~6w_tF= zm&3u~x8OjeB-Oo}D5pPue54buw8dp!^&(dFKmhZ zne*Pxrk$~gehE4WH+#ZCG>Ja18+kc;g7Zx!jj>JYH_GAXA;tdq}byC z088r}KQ0wCvb}A|d0fii{ZW{g)WoJ;&<0o1E-?MZ@Cnu?o6oz$q@Zg_#BCi>gHUPy)n*Q*XJ(%Atgg0b0$`Z zhYLaI%6Cu&^>~OZlt4)x{L<&gcYu(O0lL@3*o0arJTr>2Sn^_c2prLZ;s;S89v?E4 zdkBKXQ+*E-v6fuukd)q>;3&Ss4;JUBp4SX8-xa=~lU2VJoB_ zXhnq$4|;CYZwec9qGdqgx=y#J2(<%&@`O?yP{k^G7!S}qJWEtqB?~~mwn+%-_1j|g zmD(o^evaN^NLh_yyXFS7n1j1KEtfkpUvsS%>iAC-E=1bM{cO}#-H|%J9Ru&hcz|&- z`|6p&x8M+?#J@|o2> z{-B&VlC!ZoORmE8r_ zcq;(D2)~=tk`{)FWiG})GFfX5=ORq)*l2j$14_`0s8p>WLlUr3r+4>|oJKGyw;)#S ziTqi=Hhjq7{kCqL(P(iSpNd$8l=fx+mRwDO}!%}$)bmIZ;RWK#S3^~a>FD@5|oN9 zUy(|LteYN={_f^-9mI+Wz*j+0 z0y`My3K#Tg7@;$?T;d0!2|H3R)$l0C%3?R5wCH_mM3sKU?3lt77M{K)B-4C|pFuun-f3Z$vnNGV=iNwTLHrm9sB_gm`xM;!yXT`)J|V z+g`(2IyBJf+iR~vd=t9tH#n5n<$` zAeAA$mh%A)Ia~H2^$hb$2e%f>a;#nm{ec7-+vnYcJtXuqkc(Wy;mt3rT8>0 zf7=iFHv?Vt60gLG9&ivr{OWbeX4$q@pXr>Vs`fw7=V+Mj3^8Tv!onwWDQ|UYdGxeR z)(Z5%WcO=W_UtbtG;Ms|3p=El5wzyXE?7lBCT$7N3sX$&l@`(3$9*s(Q66PaD$Od5 z1Xn(qm@g+tMOX^0UWPvpmo&)@qREm#$$z>v3+gYPVP1Kaxbf_*mHv^*UjmA`9@1$M zEtdPuzoic8LEQ{w!D}NGF;&xgA6tjBxDUlOK5W696j&k4mav^&p-{>QiG90Y8YA*0 zSSIfAZ5z{BO2YzjzRNUPM~SafGP;JPdRDVD8DC|x(XFJtzAz;}D&B`tg858e>@>Mv zmX6XBOs9oTYuk;ej-V-(tn9uXf<*D|iPc30DiZ~_-}Igex;M1gV-iudK?k0|(bu^S z*fN=KK);&J+WrWwbRueITvC8@1EY0iE82(k0oO`2nX-2zvfgFz8@^0Og+}Ks^2!^)(;6_+Y+q+3 z+?jV$JlUFZ^7-2FvJT^n=VUeAgp!`&3&oG5&zE~=j;v0iSN)ShNQ(yxkD{WWEkj2#iV@BasG5qtF7vUp*kv`LHOu|KRdnT0Os(-&G zJxAUE{B@CTfQdn5pqQN+7Wt|s7%r9D`uD{!Ko!F?1%Egt~9BZ zs4c=~Up0*_xx@b9clJh1s(BwSB2VkzFb{wzdIqugo?5DlZ~~>s8#RvNIKfmVxG?L6 z!+@n@hH8V6#?bO*XL3Is$5Q5_#J|mnDLG(0C5{r3u0KFrpwL|Y$NJ*GHmb;~^v6Of zhkHfXj_WjArss=nassG<&vDI`jkr>!m+^f32#Y}M%*|#(h1Ax!26mhj<+!U>ymeMc z1A|Te$8X{>WZ@`N>8=~Z#Gou;oHDEmHKxCYXD*rhW1U_57oH(MK;qYBCCQRKJ}_(U zz5}Z?Yzz~E(nbZJSssjchThKGs{E(URm!AX_E%y9s zWd;AYSa%9G5?qUk=YZL~y=B4=f=!~?0GBT|CCn?c!y7)1(qWV+UDZUWo0(6@aC=4V zl^*<57Tj8|*Y^5C6a8T=8+{|1rKF+{8ezE-CtS@(_F%?20p75>KEA#weQulY=rB53 zz=MgVZuG{c%}VOo3c30DZJ!^-gd>_Gru*@>xT{I8;#k#WN6+M={M=lcL`k2=bCmQJ zd4h~4#p|(q>$E!6+#*w7cfuv-xw~dqzt9kc?8A+qwSK1h`IVvCV|obH&%~E~La{o9 zh%^!;dh7IO67K~2H7PTRNMm4n@O-<@7O2YlOd-M5Wj#eglN2j{D;Gq;l$}nL64y52 ze)exIqMzy2cCeZD5umgo7uu|}=AmjM)-3m==d-9dMaVZlemKCRd_5b!5P^~bql{H= zJC%&@qg-Fps|)T483k=ae3-Sm&N*AHsb}VQgtx2slp$S#Jgv``uVsk8FG@g-Yvl2_ z%qm{IE5Mwp1_nv*tAQq=f>r%4?@}%K^zAH_MigeC2-4Iy3PoKg#pyZHmk1?I3sd`= zES}zGPBprkdS1Wg9#vF5Mj6Tc}5;S*!1;fEa}K zsXGh|C){3B4gL-A5_UF}!>kI+ODVgQehK{O!32Ng5*_y&&#zJiJ`Qcu3C=UY80ON1 zY<5)CWo@4`e@m62T_2u5QbEMnoiKidpgt7O$^)`vymMCkuIKE;l+qpB|;IOT6WF*7&(lQSjQPHNI1=wc(_8^|S${hQcGS;A^yI zw;pQH#!!ZJdojd=@`S4O!R&WjO{mW^n+tCu#4J+hKTf|@6j}?Fl?ahXmU<-%_n^XI zIZt$&JeQ_W+7^basJ6E$2q$7wa5dz0XAmsG?-v;?hovuZ?vFG3ztLggBJ=UBnCE0_Ddqmwhq&d7PV>N^Erkl}YqXgYtGA z_T~j}7x9)}$vj&WyT&nEmI+jjC5jPd6YS@BJ_kHOxb>yR#aqb(QS(be2B!#AXfPkr z@`rq&b8BwZ!=p-@IK&NCWmwm*_9E2h?_TPXQPFmhkNSBof6HgJI7>9p@JjL4#0$L60ky`w z$N0pZMo-U@XG%<-Vg3#H9aIg(^kHy3eTZ=QpK!d7aIIkHPOK?FW^)&G+**?!^K2;~ zMmi26Tqb$@vUHB^*=h1ME?fB_j)o3X{qe57v)k3tYanuAyPz$lGfv|W@7A!=PuPm! zq4)W=UdO3khdMiTim1xdLew%d3dMJ)8cU>najqz|EjA%ip>KA5#|ewPY-V}F?#Bf@ z%llRor_V7u8gKeoW=LxoUarJeb;x7ki)(>|>OO+Tr_Oo#Jx!_#2f@`CAfkgsBjsq0iuj^U5%=w@zIstdi$pJw{jW{` zlv!=yIatvj*;p$vFU?3hAN1{5OAq#bp|3l9ow6%MYCQEd!jY`J8uSCt!utBK(M})k zJ}@$^A=^=R{q_lsijn1I(pq1#MtZTP7|F9NsTy{6^%RIJ7L%Eb2tU(Asm@Z7diT_c zYvvGgP2&6BSjNsI)bkJQQGVKkPI5jWkz_bHk9@bOpBrIaPBW%fFj+`2@Q2DLP480W zkhK~jBtL%6jN~79@J%L>rc=4v;$1zledsm((6>*x^iq9o{=ghf72w#+*;(YI^)Zu}+-d{PHKn_7+lYh7NUH^zq*dX!Kljv{ zndhf=BfXtGNZSUifXRi_I6NOKY1feQ%XR9il6sSDx4c_4X`1$gv@ ziT>K%@45C}`vO>6Gxjyi25eIWuiCUwPDQFV4QlXzOhY6WO80IJrr@)I57L}g1=;*- z%J(5?tDNz==Ef0$UH@uZ|NDzbBA9;}ky@C+FV9PFbr6Oqw0jnQCTjFkg{&Xo5Kv{D z7&(<)B?l_;mw$77GTf(L|1^A;FrR-aA)jB$ZgVxcKD5cypIL@s6`fnB!C{gx?+0R! zr)-#gX&uDi`3#g6Y|l&BgcFXRLLxCUrx~T&PrAum*J=ach3mie6@HUJO?QqJq1oJt z86qWQ6BLhyA9?j9rQ(t`P-Bw71fC>8m=B*KGaC?r`f8fV?NW=g>XUPATdk{0qNG){ z2UVj~4;#W&6LFu7^&t|VTAAUb&N7_M(Yef#PLS&(V zpy!njwqZy6?9}h}xn{gwf1|I&xg70#$!8cDVY187 z%B$U_+=Xw7$spN`;hQ?W^733@&-xK*=7Nvo{ndn6;&^FBy)4T5iL>evGhQ1qX)2|a zUHy-CWft9P5jJ4fBK&jmi)N+Whap5%|3Ensm62Nou|-fj3Oxp0=@^?Wd6;*Bt$u}e zzXVHBD`qIFPu9*%HY%Fq&J|jvzX+D7c)x$0Oq!r`{N3%fJZO5mui8^klCFTC782lF z+4))H8C5$I@~L@{X1Dp3V9cClZm{Q zgEZr_TIn9WMSu$mYYM1^$5MD+h&Nqr6`ATci0x3tOI}0t$T+${aW!!t8>yNy@9avk z6B>Eok-fg-YPR$$SO2cCM3n(KfpZ=es{jy>9=EGp9=-5CJiRKByv*>tk_Ej(^7_w9 zV4iP_l>7VH5Pf-F7_Fmy-7cSK7Qv|Q;n&3aD$CDIaf-x^$nyJGn#~tby^H2DQPg?M za9-G$?~d#Oz~o8Dp8#O`n|8*^3awQ2|6hue5ft0-XF z*3CZ+(4`}O&aehIk6<#Ef=>GT2c-!=_BfeH4{(D0xpW#T!OWj+zBa14&C=+bW;;05 z(E4M?j^E+6Oei49t>_+h8cC~H_S{_I3b&uuP<;b0J(g9%rb~FuA^Z8^%~Won3^6bCa-yImmz>X7%0a0&J1*L_Rxd$aRrw! z2dJcUqNDm$VhYAaGAX9lrQh0rZ{Q{=n?0yM+oX&@d~9f@q?auG)-Bv-=E`V7 zROGw@mand+lp^6MW6obrDeQ5lD6!X9b=DZ((voCwmKX&NJJ@e*KBPpAXt@ z(T;d_NPis5Wq32;J(7mffbMW6J=IOv5Zo&p?}zXTF^R`*n4%W#Z+?u0IR5U4WR(8n z`F8#0XZz6`F$`@8t7^e@4}C^A@USvV_BKTfPnkwd=3ZK`raaRCLHDijL%vb~4f;S( zLp-NoGL+5&U=ciyKFE1Oj~m^wC0h5J?;*1_*89u>Hqka?K4l~1tH4r<1xPMNgSaHI zqGkSDY{*p8LZe%a*hP?^@FTtkG1)dl-uL6(NDcD_C~ucGKs%CTb&a4PBe4XrUTJ0c zZGke?nBUYslha&OR1^+2_DX%u^#nvsC(rTsAu^jb@&M&h&$ z^j6gOg0+1=P~DNQ2kibPOg;Tg}afh zF6y)c>lxH%*PGajJPM*?&9!T$omxEOr~+d}X?cP6sF@CPuWYv#(lKJYi>0Uro7GE3BPPN@9uEjKgJ(7XCC&z8vjFH!iG6j?AY_BY0!$rA7aiM! z(9-4gN0pxTt zhS?iBGr*7KHYScF>LAjRdb~62dv^E6_{WpsbaXwWJfx<23LqVv#A}(HanTLh9~SUb zyjqjo@F?PiS`DOE!+Fng;5DQxy#TSs+Z27<5G0EySKFoXz?;^A-!r3^ce-&^jmi(V z^crt<{8DWE84wgv691xhT&J_^c*=xm!sYk$MXTq<&GFE{zM<7f(*W;$`H$q8;>ONa z^M4OJ{)GkpPw|Hgs{}_-trc`7z%+K5;0RQa`(S2&sgRwAF0NM~fJ$VS@Ad-y#vO}V z(1C>e{*d1#lw4SYa?+08kEkB_yR8G%JtweJg%vxHn-MY-Srppjoq{?*_nsc+aimwh zQ$5cndkS9~@2v}Gx!E1n*3d3>!R68N*=Q#r#Y&nh7TKifs`d4pQ?qHc&TDhxv`5eN zZCt%+LY@eY$3jp6N`$0Pw?}(FOm@z2>mGCw(ze!O^0%aFuT2GlBKF8CrNYy~xf3j+ zhCgvdMN_@(H62v%<0U&rPOe6K8oW%1WfB$}@bsASpWO9&xklTE>#>I-PhADEXG zfsESX_wCS!Z*B9t@l>QXvY!P8Y8Pf7OFwdg$_4cyh`jDE6&?F@+Gc)hF+v{Pw25@M z*Fd_6yUr79N|x{8cUL)9mQ-)Fb5juc@$6ZXh;533{rqxd>%t?ON9NBMdWF#+Lig(u zVs2(erx%h}VI6=ECZ%h=q;%oF3}_{Kd*eg4^eNw=u`O_x$*V_s>kI1-(|o;-HwMD` zu+s%>ejM6ypuQFzcJzS!@YrIlv0f6veTcbYM+I~j^j}o6N7z8#PZlQ?Zh1a|3CjU` z)0)*}(AR^fWf@8qYBnJRmb3%QF$1w9ntWDAI&(PRJc^4)Lw9?4AKPNXsUj z*Ohs$-jh_Zu36}gi72$iKDb0pZU<=(^kSX~XR`Wv!j$3MP&b+I+R8mQr>!)g;U~cB zt{ZqhScF@4LYF%h@z4$twc07q#E-7hKbF-w?amq(GZ^gaxP?)5xANPs2a}HyxCz2K z=C{Q@R+T3C07j)&=e$p@%#hdcy1US^@%buf>=QyiQdv%yi33ro+>S6V>gNg8Xdwdur}YP5(5`G=@|7`U6q z55M(W{mYKCNQSZ&spBElYg=(pqYA^tfTRZ`?<6#zh0N%lR*5<@6zMufnl#^Z3P@DL z+aY@&zpJrY@ImQdhw$IGJAtW=XCOZ6YBZF-km`0gEKsb|yy!R04bOJ}5lWeu5~)2Y za)v`PbIHH>VL238tze3Z@@rH2N7 zT<{A{IpeM{3qVEg^gy%Hm0<$)#9e^ky&N=#+fmnK+) zO$R2p47vM(xc7wuycE_%fCd3|kuu!ttAXb`^(OtLr-w|4{SMTHg;B^u!1#v{Q8l@TY+&6MP! z$l`rT;dN6kbbB(kf#-&^#D#PkDr|Fcptp*JAUzBqEOG#>r62%Z&wRRpMn%@XjD;t1 z*p4f;Y_V^7T|c;CWG|JCWnP$wv00bSAMhJGYX-pAaJD)?!>tw@W{QcAq7E7tVfb=m z-$?XUR=?Hfb|DXUIjAV~Ip&LODkPHy?DJ}u`ad1FvE+?zw}`aW=C_boyiN>oS~)<- zByG=zVPuxyA=r{m_BvTjc;q*W!aa`B{LMP#a`!_ynY`9{g)jnn%)jA2{`I4n1PzF! zBs8(Z1Am29CDh(IOn77L(j1vzbuRX1tK_#Pis*r6(3Sq3RrFm@-7{M2W`+`$f zMf^>f!0eu`sp<3lXgm4Ce$Nu42ZA=7^I8V=h{Ih!?FrXgGPmJM^je|^`yfkV>w*(b z^Sh+w8qh*u7}&Xhh4CCo8>w8;o%WA2VB!fJ6PC_&D`}}6)L0a^Asun=1JWs~w>rPk zNPr0H?%llQ_HnN#!h2!o8L`dkNCxF3-Kp#IeKyd>tzi64a5jDV@QZIa-?Y%kAdvV( zldgYRk8uI>?#-i;K={^vSvz*TZt zHP)B8r9!LB#Q4*z=iTqw_+FP*oK=BV&-f|Il4Z>&13@&tK}VMP?O-8iA1*D>+Vx2A z^?w{Tp#I%}?HZx$(ci+7WprTz%DSknE5DFM-zI1yU;FFVEI4V(u(e``qhulC^RMJ` zO7OR^bTB*a&CmFyGigD~)T)0MNflZ4S&6gp0I*a*X@dNqQAoMXA{wNyaY+(%E@?RG zWo~*Ra(`p56U5jEbve|>eS&5szZFeh-F|dlk}Tq(CLk&*yyZ7~wE_}MUcJ-#A-j4CN9T$*;Sb1fcc1O8 zPD5E|ET=JyTb{H15&yjR(($^jVnd@UnUUZ~HJ}i_zd1H;v?)RM0H;Ws6kOOo-Fa$b zll?)O|8SBQpNGe|lX9ggangej5R4v$nZ+mqYu^MP% zO)XTQ=Y?n9OP1dz?;53#zY(}1Wqx5CzWx33jDE5f?4q2YRPc2ZTVsNGykHX9`RQR* zLY3D)l-(t$Vf(WNdbs~z`!gqu>JWly2$E~5gWpP)$*?A@I*?#m-wo;nO-XsAi%|wgA=K8^><2=PH zZfupON+-gkrUzKjRIg2#@(t+aveyQZH2^XgzraO(3cD94lRa&nqtM~*B%Gg4u9C1g zQ_M|wB0Oev&{jh72q)Mq#bih)mPL_Ywg0D28+N8Zd4!6tPl;be;=O=LGnJ8J?}pP^ zxY|3lH$$rUOk!&f0_pv18X(B}G(o=0rU9E8K=|2!6eaytf$udOqsd_EgN(wJ*s$_d zL-pUn-&`!VLfW|AzG&bL_C>@@-X|-jYJDGYMB3?$(JHQwP9=kKF4(sxI&W}-POlIY zi-m#XHn=Uwqg;OhS**3s-*+Qcc(|(>`+}hx#QG^4ltCc_&gQ?D|8P9p zO0;JVP+^1ogLIKb+-)CY0Jz-0pQE(_Kngji&?5{$+%H23J76eLTlD@Ny88b@7;4xO zq1FIqmA{tAcR6t9P#i-K92qEhdx%ELYCfAxV~v{Z>^S54h~ROrSFmC9jUu!gC^#kz z5$+}Eyrnp0`9Ak0M6OXzz0NX1yNSXf^ZuYN#PK)-CG1be~i%}2FKl@*3 zKSYk zoaxQyZlIs|2f+^n2%S2s7Jte}foJ=_zbIv4SPEHIX8ISu`q7KvW{)>oi)bV9kbved z0H!X`bsXo#AOl$I^IkkzJq^8~2lp7pXP>i=CZZo5ZJx!9Y%OVvqzI{&e*B{fMa~8r zW-)#0-!j#K;$4``&XDMREJzCJ@>cAN|6vYHd4oAH_260kFJPqiHn0FG-+qyP3#xir zm=6i5*?N8+6TTolBns!s4T&5tRDncfmi>)*<-bM}ynyb(Cexn$w+DZP7*!x-ovtz% zNdFIm^1p`({DzVWhU%jFg3u-LYoyd*Dg|o9>?wch&HT^*_n%*T!@=ehTpc?p!LP}n zg$|ymHu`6aKX~o`&86Uo03ayN9f_^quYts}hRsgCSc{ECpK4QYow(PHu z-~(6D5k_JDw-NqdQ}x&AiRr^?sruRi;VHlVslGV4Gj%Zo{J)Lz{%uHP9)io3e;Cru z_}6C^fM1}-;r0C!m+*gHhuA1=$&P9$4T4SPkNfn2&1D91rf4+mHlnpP z6hnV~LKdv+@eCL8t5^V_xc~g+y#@p7u9fws{sq+40v&FmnumY8*ni#aUspn_1csh& z$Z@my&kZ@65yl<<*=j%g59{QA{;4M&Ou`;dRIEQgQOpiDD0Ui_gMaN~|L3GC0RWU8 z6jbtG<1Q8rD~m_#=qpD4w-ZVTbVfHm`4j#+Qz*?~&%vyO+2pT1<$qrAe|-H1V)BVZ z|F4zgO$*yKX)6;`QU2S3^b?0M8z*-Jn8wt0qt@pzQdUe9V&tqC<5fxG*(f{gj8F{Z zp8f^Mq{RvX!{*(6@a(_+d|Jzg$Px^^&TXE=BGv|Cqe@dubXD@3=!rvUe@zl^SgnbG zgg&17pC`?~{_340wOohVu}nL8-SsBGyokv^_m%%+T7%iwc1Jt#N!9Ob6s|l1d$t#H zd}5g+Sqcv~-G4pJ{)b;i>LO`5XHI|1nC!JygvtiB@0DuMk|cg& zu6|suUi{d*gHkd6*F}Gi0T1<1HpcS5-a@`p*=YOge}k(j3pG>enLe9%q~hk#k0ap7 zs^U`{4qx0KO8a6Ns4v-pTEA=@Q{40C&l87ed0O}tji*YqL6MwLHih>~D5-!7r%_fJ zXSmF}G`MI|*b<(Pwv+hRt^Xe{uyDM$S@GPiLe}jL+TXbzrdQaRmurn6G`eq75uY4C zV@&4CMtkpSUwPyAVFj>>M}dSgjd3rieVy#iO_9=%A3j;L1rl2dd5URFZGo5x9U+9* z=vDe1!7#E7tmulz2AOAL6G*q1t(1iw#I8qcQGk>o56Gu&tu{YL>4<@>tC);Rle;U; zGs#D=&K;~Ol`9w5-=r8t{opX1`lygXKO_f^r9v~vqI>UDQbFy!j|K%x5tM+h8n*rf~ zVqk&tn3tU0Jd(xZy=)9qZfd>FtMGIY>yinkIO+64?OD<}(ds)-)~&2nk0*N_YJ0KsM*bd=E)3)D)}9kwS2-eQbxslrIFu+9O* zZI`D9MZ6qjM!i7Lmx;uxulO*Bj-lFqQ&9kzOB(?s4{t&43VTg0dptrpw?ZC%eQPza z8>#9^I?s7Ts#j91XFE0iCbJpRv+`cj|CXHnd*@(eLA^Vq}d|`?|CLM z<)<}+Lg!(>Jw&4X_z&M|wJGJ{I`Z5v(-d?n-eHgl$D4{M_9m$9St!3sPS>I0ueLmY zplW7ORXknCJiWPy#}c{pnxY7&E;QFXW~7w0A*=7+>_;9z!Di_t0tGJll~#YQt0RG| zdr)4Iiy#;Fal2fLQCiz7D#Z}Fwr;w=bE_}@or35nBBS8k)2P@a-Bk)i?ao=OWLoqr z;^lzAq(Sa^p{IGtdiCz5mGV=bAx{To1urX5qNW8P3sW1N@2P22%Vv$08 zlKh+Zbmf5jrNn)ZrI!i()Zg8Lz+a1m=RKYX?hZPf*0ij1!3xl1&H+v?Er-Qd8$i#N zH#R4(yfcErI>B6M#K6&Ms~T7eGiuj4R0J#|eujA6I$mBc-ILow?0oeLUC*+8^*^kv zh3YW>KJi6U4F#VGkBcGC1D0`S^}X8~EtQXd8U?^I2% z@Ag?^JOabz?jH{&B(KZUy^o0!1U3*)6SV9;J=Lh}4p4RIkyRU!X=5Ux?2VDmwkhZP z5()M~>mESIUhj^gaY||ixmwU$`Sj^p8iKi4ElQ@7_RMiDTyQTED5HH)6S;fa=xEjfV|#;*Z4J!LYVqs@$cLVQ z5{I4_+K?jvn}<2-Ovk{yX%bTAtIQKBE$1fpfG5Vbh4RjDrsSE>t~?*Q^-pyGIivwX zU-)Sue2XrUp0}rJbNL^xQWl%Zo$Yh=DuLgxI(QT7WA~%Et?O}w4&(krDv%h45D&{K zDnG3nYC;YEsghME1Y@gOS#Pf==)}A2)zV)P_zsbnj=2tR)&R8|pkxGh&4ts*y#YEj zImQFY)pbiSDH70_u^dLU#_A4x2-jh^T5Lb`&nq4L^&>WWORB<*=ar>btL6Qb&`Qfx zlgzaJvduh)>6{xR)qHMSKvF~lyXKZ~yJoIhwkl*!mI>4IbV3ce_j9uXL&uqZymDp6 z%eWjrfd8U09(n>7%kH!@z3e^};WlyX1!TaNZ(^(Yexs5Pxs62ZM%f9K+(w0Y}5uR^TYUcgt^LhZZ2~s@$S}0^R z1au%Ze30$^&oV6)UNF0rAZPnm+fH%5S@XGe*{zzgm;-Pd;TFFY>Oro)HwXqCE6sjD zPUi)w^KGq~W$Dnz<}Z-O*>qfCKF^dN=d*#x9J9w)XSHMPMCbgen^DJ;UX{?AlbARvvt}}0&M0K&yxh~xbW~!dY4djl zi%Szm4R)_$$!`SJtV6EpE3;|BWnXL|UR)653lc^2xRlD)#BlI@EKN8(?eWV`Y~B}%zE~|7XtT)|edi8*HRztt)Y@x2`Q5Mk zI$oDY>ywvkUY8+_PQ@n6prKwh^p$t?n)`u3?a#av3Fct4$7&oe6Eeol@mRIgoxf5= zGXH;!y>(cWUDrPBt%89g(h3p=jUe3&NQtB%-62RTor8b^A|)U#B_Z7%BO+Z=(j_qr zDN+J6!?&*+@8@{G=Y75X{pG=d%v{&rYp=c5xz;*QybnwQZHhqd)XB z-RJ>f^t!u8p@u3X`zuUZZ&kshDZ!Gt4s45N$Nsbuk$RewNZ~+S*o?X;x3S;s^@2jO z2K3b_H`M{YTH52X3#E7?dZlKse3-^Iv7Ws0#0*d9d40Hj3xggQGh8RTzK42%`Zi{f z0t-VYg81#6WBzuAcTEo)_q9i@T=F5cQ$$5zZ(tjJZ1Hgr_iNDnp+pLGLnZEF9;Nvw zBZ*;dpT?cZp+}_L@?zuGXg5CF@r-CD_>oe-C@&(fgDf76xJM8{Av zQi8ew(Kj;J(sx0k1CS?#36R}A2{G-@G5I|kKsO4vFsM?Fb>TLF5- z%+IhH8?zM*Ec$5yzMRlyMM*YxBeR$rAp+!kH!^{&WK=*(xm7fN^CU+>}47o5Pj zS<%SWl%9&h8Mh4_Xo;k~)Rw|8x{)l)&v>@wG|M#I6*Ul*DNtVi*I@MTWfIh(3!i>> zA<^u$?Otw**<{kNYMGZD+Q+mY&J^J@MjkKV(=e2$B~#0vLsX{kL31~a6%wEOl9>~9 z8_@8Vq(Cg$Sp#pO7@{~uF-R83Z!m+Tt}=z+Zj$LOi+bs%;v##^-njMpkrpzu+J`1@lrtLIgr0HeiLa3@+q`m zCY%LLNYT*c)n8K>>NCkE&kV)`90P9}?6&QJHgGbMX%aOeMF!<$HV^@jxgO(0rIW7y zm;;GfEFe470^((p@Wfyn2cQ5pvEO^g#%rAJEALtdCP18>7xe|vgh0*DHpmpkZd4bQvPBC!oq<{TU|hW=UuEkqX0A%fhmxcaDXsF z34`^AYm|L{4{4Yh_n2(RzY4`qwyRl;3HlO4%cN89Rswq=ZP*>kDHO7plK2SNuA+Uz zZp=a-?ExmCQ;VpQuvCk3-7dfP z#|y`yM7)w9cwN*@>JV9{z=x~XRAP6Cd~`?i-bGZOMfTIdUhh)7Bbp;zTC4h^0||pL z(F8>E3z83$nC;Txa6Re#Vr%QSEK@v83!g+0FYh8BsE!`gasW^9vFGR3d?tunOKM}l zX#V)ehg$xi$wD>Rdrv!F;F-x&0gd58;3$N+?JMnP*a53evdu*0orhQ3?I~8VK-N-9 zQlpmsF;K@;?q7KVKBq#xl&74GwS2*lL)6a%L3S5uPcc5=ts~vVCbvR+dHQJHYb7UJ zYE!yO%alOrl6#rml#n1Q$?-GWA`_rTiUqEd(P}Yp026Ft>Akmm57+Qhf>U&5xPnqOD0J<>s5_EwC3+1V!%MWiYd{2{fFkG#C@!8>LS=aiXB3AM7v!&`PHo)yJ zEV{2g-b}l-SJ)?16GX}!VfX__;{iqjKjhCmt54T@Sav-9n$^Nhz2wDD?4rzAOax3>krboyq~tFTU>Yw>M|zLE$jNYB;x2F2CdeC5zNVf_QE` zQ`+>7Hzhggc1kmJ?Z>z+dBF5(oIn?4Q*raBFu59by=oOozzUkn;@tGo-Cz7NQM;u? ziLqpIDfeK3Y|(Wt$w~Y_<>GV^5~mr0-rTA5;TVs5I)N0cLLMp^CVU^XKay-~Kz*D$ zYwOwf+R=8x!o29BZLEPX=*~uLh$gWVlDt9HOD(Z=od z^Scp-K_S8@m!BTOGA}SFL>qn5x*&uDMklu1b+*L@2pq!Lub=?^ycaPTfZv%Oo&_1{ z{ht8sT<2)W2KU~W3$7Xf#Z=D3;HaOaKA0~skVQ4ox_XEn$;J1@b2C;OQu|*h!*UkS z%+N1d`S~~fRQ$==f3PM_$A2O2aU{u(rqWozWt!+zE$x+4e1Cz2;p`1^wFVY#{U=Z5&Tt%BFLlQ^2~xH@ z95oxf_m^X~g`0d1s>ZJJVn4nOKz?eS+p}!%d^rXp{_45g({c2tZN`c@Avj zfIlK3H7*$rvPe%+>OB0mbbgBGgQ;aIE~A7`z`K#-!pwnqHT2ayVc2c8y{OdP*T*;h3!uk9Oq8pQ`~Q*DkC-h6vt_LPt=J`=b3z417K5 zW=c>;QPoFy_!4iysc{%g8GYTWMIWr?)e!i#aJkwciU&gV4X3sM>lvd1XsffkOMAHe zDL~wgf{rO>BIVQu?Vq9{hdgnbhG!(FI!Y(X$}~HYh9@#w(e#f$Dpsh9^pffNyv1!I zZt-@-M&tOiFc?z9yYG}n8@=n|9uqHSL@7lADcUZ}?04pdrp_q?dw>_XA?|^EWgQS1 zZ&{yV6J|zY_Y!UMOaVb^$g-fZ?t}4wceK_i7o=Zluc$!U(u(E!fF5H_%jDhsUgD{g zXdnnqOj&6TO3^i@WVG0u`l(N zk@yN9l%N^{!)FG7n3c{GS|`5SLwm>1W-6qJ=_|A=0u+-26jnNvsy=EF-FN+qf$&AXEjhb}A^LtQvlE93~<%WvNM=ZK* z>cv=dwkUg_QF=@CEp>{e+hPr7H@)Cg_K)2dB@Y2zOk7|j+!)q=RTc=+0@0lUrHLNgR zfAar41#r?jw@F#<{K zC=iL8Pk0*7p3lez@a)b|2FIV!X>q!v^JeJO(P$22RL*Puj$Kr2ECj*ks`Ian-kQqx zez&s7s^)F1Bt@5a;pbc~W3t;la3@9eY|MtwxvUJy0gm%qFe<+2V+;!Jg6@Zh{kZHq z$qJ75ey^x&*q^qdMwd?hT#Lj0(9`|%W?_&rvKdeeS1mS@U0o;?D(WKX{b{*Bgm(9DgFh#_Abj$@?KL3pR^_XrR1x%82ohy3x{$NLjdU2V^giNq z#~B_+V;IRI0A+m)2t2d9?y&2ZN=+kH6$P^&sMpN**4+jtqGN;qR%>)b1l?w%uw>(* z!y7$kMUtAG0htaOWe>jYAW!+et;d;-PQ7A@+_DDAKTYoDBP)K^@ibyCYL|Z}=rB#r z0ri?rImUOS*HN(3auOG9<1LecHctF1&;gRe`hMsAeb)(KmHuYsyb$B4xRbyErh;?`K98WB@9AwB*t;p4L^&TYk&dypKPkQ}3 z+lweWdp>wE|6sxHWG90lYh@3AQjv}Drj5cL?X}o^7=As#twOeak8$}qtsbS|p(T(* zaI4i5Z16Kd^D@A6Fsmu^W^)t-r3xx+4I6j#8Q5Mse@m99{t6(nJGSG~9OnqBqd{cZ zxuTxum#VyttSC;454qk5j}hK%lr5}XSqZ7X?rl;0oObV`CxV9!GZ+qkaBz`~_+?3? z5dW>fMu){?vvxKAHF_GW83~XOq`ZlJZ~wc)?0X$5#RV#{RlWTCrN!gG>A(AS9)PJ+ ztPLJ6u^M;Af@?{u+2wx{<9~d@zAOy#M`61;5xsu%0;a+w|a_E5Bgew-*jjI7=$M@nx=> zBK1`%-w2R!b^?54G08Fawh(z8D&PC|dp}Tt{DcyHU*B95b||d z=awwuo@v+M;c&31d0R)r28?Z$8a163WcESy=UTvVKi_v_c1RAKQAMha_wWt?nX2?z zZ4h%YI36GQ{0OaS1-1R2t3Mvp40g%+9B%jA{aVB^z zP?Q%Bw=eXna4T82KlVMNTI*z4v&In$APoG-nX3nhw4{!2-9Q-e7}YgK!LItK5ZRcM z-4otBKb&jUGj6-8BTXxJ+OjOZO>U3U0}UX+`;)U+xoHWdmShLY>XB z_0G1_m#Z@2i}l;qV;0p?uZW4f&yEPWsj%njDqkdLq633XZ@iF}Q45^gV_EC)n=vmY zG1z@DQ=08^L3aH<>UcmVG^78q4-q!rapH%4;~T)r&?&-Q#d^G7Fy%e3*t6DWD#o2n zVd(X0ZK8_*r{I@9#(3)@?J}9hiRz}_#IS?%K_y51aZTzXv8Y3CmE1>i+!oF^!vejb zJS#&pd}B|gXxiJvW5u!LV|U*-4&$-g;n z;5oIcTA}mP3%%b#v4q0;%pk1$`aK2ezK!jnsy#vzBxW{3*~0}a_Sm$|lhv>_BLy-& z+iM~*Eb5)S^263LVf2Ub1Dh$z-Q1b`>BdYA_E?(QZ=I~SlCQbm(%E{r>0WYh4MaM5 z4g0E@$}yn&-A*6N7nzRa7+i+$H*J@BRA9x1S8F!UfPYZ9Vr@IElxJAPD=~hgyGzt| znfphKO;6&Hp`bY;rmw)IFzMM+yxpk7D5id8y9}i1v++!ZjedHL>&~hmrcHh4S=QBE zq(L_LOmwKxe<)9LhWZ=XZ^Lol+j!?eOPAD{lT+vr2E6d7Bic`KJbkX=V`>HIOfSHLL33&XTW|FtLw%KxsEGr1 z6Xx+_E68QTe-pje;^DlXHT;~$ZC1kFd@WAJ-WgHeX9`3>QWRzv<95~uL9uqs28CGu z{)S;KTHt#bx^6SWa7Juzz;)6+R?k~8N~^i}2#Z4do||Y%^7LUVY=&y+vAu*7^xrpZ z-BT2NP`3TgBkdXkYmvgHwe{GqJg!!s^LmHpl`og~)l^b*xkbQ8WOxp-{$Y|SfrdU) zWSHyKD6KQ*w*m+&?(`KHNY*-U5^?&Zc=O3J;BedD{QQhZzVG)W2m%_O$LZR8rEvvT z4LSp$54Cml8Ye_*Rs9BW$rI|l2oq}Y^KK!T3XYSeF#eXr;yWnOrW?B1n3j~5#`n70@ z4s(`gRbdl+)cSem;H`I=2|2iL$G5zl2zBse{ZGR&#ltj0gO40)4`PtxM(wO5hQzSD z%U?$yov%Yp$4D3g?FPUp*H$j1^-hRl%xBHVaV0u6U2(_3mE9}@RlV+|CW>C*Vw|uN z0Fgl{R@u$CzTo!K_~g)*lakf8$gZ*6O}w)w0F>gZcN4WuE)? zS$-oT2Pr_RUS#T^#9*r7pp7@q&3ll_hR$YuD5nXtDtd`KtvHf_G)w(MtC;9`^4IZ4 ztF=Qf#?q^Nkeu3Lhu{6Hjk%7KqQhGDMV_#{+FhIGJs)U^e5^nwR*=u<`BmW>pGgMn z$ItD|eaGwz0x_J!m0|}ArfO)r9O^Iv6SSAt51>6`j1|(}>nWYJ*h+HjeWT`6bj8KK zOJh%PW3Vo^L7C$A(7~_@Pzx-xNqJZ2LV_Lp(o^&?qfckE?U3P`+fGU>LsqHUYvhda z(GQ=aNetV8u_Ej$-;+_5%h#w1F#C(?FC{+SKN?Jp*id6!SIc`KeH;SCK1U)e&X}j^ zx26i*HZ>hVIY+?tc!0L?7nj8HjeX%Qf%5x2)DKH=M#jzqc4gaNc z-OLMk#Y#N#V16)Sf@yn77vzZjxj_vcP6UP7aABVVdDA2P!oJc8j8XgqDyDts$g$1s zw*i|tT{3XaZbH}pIS3cPL4c=G@#V+19qqqqG?2FK~XUezo$HXWL84C(>3d2j9mi_ul$jEp7~52=Yhm! z(OC|>4-$>IGszKy3hMM#=my39;vreuaec%`*>LQygk_Dh;+nuRv#C$1@RZJ_<(UzD zelJf=>HAaxFUt`)_rUeG9?vhv?NqMz8(-eJPT9un)wg<=|0N0Y^2QvAPMUnO;*bB5 zprJcp6oXI5tCf`|e(ZsJ24l07&T{)pw!z4%EgdBj=pBR^hJ3GjD{H^%ZwTrzZQ#dQ&{voqasjo~g!GIVB>pMa)mP zAF^35Rx_T1g`MXIwNq)2{S|kSpBA~DHFTN6DVo0z-%TI`rEf<33N2EB^=2@t$FdKC zu&IaG4wp6jc!ReoA5=%q)$tBx&QZfoFT;ljd5+^~8$_l6=AF^^UUXd$p`Mr;6~T|t zYEoAiFlV1l-F%-HiWbvPFYbHaV55Eq7JEC}Az~(515{*d#G$?j1fu3TdNSCqy zEz(cshCK$LvA$Mb?q;cq%3HRW=OI*4v}c1aYwU1#sRz8=cdCc-P1~#$)tv)`N_WxZ z0^tm;>wa=WMy+=1mr&V>moEb_+fg2y`(%899*wkdTRr;Dg~c_yXZ*tV5NtQ2DXbMN zuf2x1&Z~zeSNbx!-g(DSHIyFa8l=rqtPl@B{dz;JF3~79Uzc-CGX2{fT z5{FqqOkq}(3KX?^593!%Yo!B!to2?+qOmn4yDPT$LKv2p?Csc{40Td2c$?RW40Hqx z=tbN=+J*5jkrrLl%Fl#V&`vpt=}B`R#|t5N&@;-PwJ;VeY}Yg2J8j?`=gzf!YHUv5 zWS`!ipRw3+%*MU|8@?*U4!@F*`gx;H0vT9~$qY0N9ix41*rR;3Q-FympfNr1FaH-5 z^M80CdE5)T$?E>I`UWu-<_FSMmb00%Mbn_4ldP_bkm*VB+#7Zuwp&@S?oNx+zDF_Ev+iMPcU)p2o7G_4ur{KP4Ay8LH%Hj& zAq{pc4ET?QKjFzZBd4v8!rm>^Z}*0Oh{g}{5-B0lq8bMm4{*0))8O?}%U@0+dP;A)Njb?3Zcp6nPat8tmw zfQF_=bF7bJY+w`LMB&ERBk#{buFV1P+=rD`Q(xJ=b5Lm4B!bPu;Z|S;_IKYh?H)<_ zx7l^saqdK#Ceu*A*eaqRzx+M+P~PtCt&!}2S(7_m{M&=a z?bbz&kxbnrj?w`bsZc6{=Vu`44xtxrO&3__k8uw$=h-?4+KGPjlx8;N=wP#SDjXNP%X%TH!BMDN z>XW|mzAT4y7WF~e3oUtWdN7}IdUaSc8b5JiDq4iY-$5?-S;;Q+G3BKZd^Rp+3F=E2)1nVz(p1zW47i~2u|PM z@S~ip$?B-+xJXdr`I;hi5P^!ns5YPC(;JYa_d#}_1M`hwn@#M!y<)L_1Q-v9Z^C@` zV7Hl%m>J+AhkqETvE~;%#^?}fen+u>6AvM*Ew`2>$>^}o)j}^N(;i=YnqB)Wkb01> zA8v>%TRglE08(#f?kVA4C3N#AC4>n)fCn(D`lasx!gQd5xf<-ybO7RmG$ z@0=?E!AXahCPGDlYSp#RMr~_#SFT7pDep!h`&8{j=EGgYRB0qpsEOD2lm<~xmo9+8 z-u7w4ywX9znUQ*4Tl7syW;>8y|N0|mYso;;KFYvToo8~@es`5WqH-U8g^l2PQMg;* zyS;0hdK4dqYo5s~)OJ4a?<%WZ{W%}9Z@~IPy%3X~`pSN>ao*3rUgH09?I#c$l>Q3{ zTt8{Uq00uAAdd~%;O%O$d}@Z&elUQi3I=~e819$K9mEgH-n$J2iO9w+&8COZ}}k*6{)GupkUC0Nkf{mq4l;}lPySsrLi(` zsj8sy-PRuG_#rKws;AUhS&UQsD+m*;etwi(zn6lHNIRPrI}}2H^TR-0IM7SJ^Nkqi zRa2bGciz*bTvcZWv5%2DzVw8)_wHI8&9T*%$u(i~@Uw{hABAl&vC-+eoAC#6mnTF zDb$^Php+#M#UC9R9c7pj{Vg>P|IVaaxz59Vng(LLr|E6v96x8rYrns!+gw%&w?-jr z9eKLB%tpTl(Ir`X0@0FEMaBTUs#$l?+l*1kufE=$yT;dthEWM=~S1;=9X@-U0Q0Tc2STN zJmgM=CsKY=xO<~~u?txOmsd^@gzpZiNfySq#TxRmjSnNM-1^d2hc~;_Z#lK?@CspE z2NioT%|x5K<7(4!Y_#4xX;U)|796_j-R|h#Wg}gwbLgKp8rmX+oq<<%-TD`kIWwA{ymz8hZIyFWbD9DK}H@YhpI-TjDcnl2S<5$)(oR z6y52O2e<(Nu85WK7LVPOZLQ%ElXqReqU--%SoEE|1JHBVKDcW*w3`uKpn}wr{9QZC zW6+YpO|5LnJuQ^a=B|9(F1*nxNh7#sb;EOw*wz0W>=FxJ%SCc(fv4hoYtwfgD=yMb z>0OoZXD|Hrw(bKvUUnCQ)lW8|^YfqZ`j4h+C?9=~Eg!n552M13QC~K|UR09X&0(zB zk_n9QyDT|f?YQ$LGn73FNFss{|x?|~@+l4oIiyesIEw7IIF zfa$>U5PHG1&FLhe7K4X*g8Bdoo*oWI4!a-B1r~rzZt+$wLk)^?P1|)oOl%3R z=AqF1LY8;d($BP(o?j%#wxS3Wk?dG2YOH)~XKd}_C9v05wViB-JMjc|>*hB+H=G04 z^58Q#$BY>&yl!p^>TbO%mx6+u*^G5p5)Cu&PJ3GoH>5o|5K@#UNq;SX-bJl|)A~gxCt#2HQ zH9puueN}uhUaij9A|tr$xfZAFfY|cLaD0WYMTU&Z;gr`#kLFTA>t=j}k)fsM@fn8u zT57@Mcg+2{%Pe}LbJTFQN6L!QoT3k7VMCoJ7D>;tV9A!%D-Es|qhh?`TsEKErEU7PB~JsfjH$-*gW;a^M3agI4yXOE1sM|m!V zpc&5n>z4#v&0vG9a*o0KthyK8&ZxtEvi|3UzYkhJU!h|nKNB$Z%Xpzn|4gR!10>#y_g!yR;>2Vc6V5L1! zdy&4^h4jny9#t7U)k1aL(Z9A9vbE$#z+OIg2e!Ms#PQ~uOYn5FN?E-*a8u2fW!D_{ z$xFCf&rzJdD7<#G;w7V*MIg-RVW`vkO|!#6y&(N)q)$GU?M?rCnHSU-_t3-%XL`7= zure(jUs{&4n>6k#p$Rw886u=ZCy5CzGc#*$IN4IV>KflmZVtR$;@flAkh<*@30=rO zTWv(Rp)cFCG&XhABFk@Dsw~7RUomAcj1W#-4Rn2b9wm6PZR`izljqG8V;N1@I^459 zEs3!uk$Dq_@2+yZWj*fLxV+k2u^;=F^U=<5k7>Q5z9+@qp}wsceNnIFh)Xmg?HUD+ zsDOrA>pD|P%&KMX8_SB4MEiq0p1K2a*Pwrai6TislyRE~_A7f71lglWUnc%3a|It+ za(2wk@;4gGmbfaUJWTB&i;XT+ufWy#ybRze>C4#kKH^Z453^(=G#iKo8!j*)}edC$o;w3%z| z_s8D7fBV_adRh-(^x#FohlQ}!Ja)O9{k;8od$~|Ke;4}(-X4wnKl%puDU7OV&g1Krro?FeL2t!v5@1dEK}Z3cn62b&iUw~c%`x58;Lv2gJq+wcfJBR z12m@ahsRAU^WiL9?J4Q5Jvl93%QIhJqdQg8 zEMS0GqSp@(LQ2tMi?8G_)EwZJ$6>^&?3G! zdM9H$pVrpTw$C*aQN4|O;aLuvb$u8KAzpLJF(sI*}rNpD(2e4n;CSDix_{_)rRP`_B$1%~} zDR7^BwKc8~*~_#gX=e*^Gv%eSP+4;f1(EMfzj(@7iJ;wWksK8VTYaMH4Rtm@>x zCz(J6n{iAvt4gYPx(oAEn*6gB;%tTn)6GRNm#b7t0B0lCf5y}ilLi6j<0}=KLh^c^Uyv12E#)+Qf+l##F z%iSU?WmjG7t?IU84R1GLQtWibx{ET%r>bz19})vTII*hC-rlBucyq%wxN>l7jR%G9 z!#>>hjvh#Xt>5zKdSLpBCK2&<^Z68LxU9?noaA5Z_L0+ljovpG+b*;Fgt%6N z-sKU=@9XO~m0d4W%YB5F@)h%W^-#aD{JnN1-}H9W8`G@c_X({*eYc*yRPRrQ5$V(+ zbg89P?z|cEU$C_&yyd*s8i_`FoYw?B6r@_x7A}7!3=X}Hbqc=c($OH}VvpjGj(g<% zVGU6f0$(Ly)2)?~2^DFKwnqM?e7_}_tPGcW?Z)qV(8Xh*_Q=dE|E81itcViuE5 zr-=lJP9u0ZeR4iU8ziP`{rK!8*98S2Eb@y{xNvxrs!xaMdvzg#CvU3_MC-cjv#iFU zn*UeZafV!hnBLe7;orgLzSo(+`<_!`sd{megt0+=IcB5b;$O+X(BIf!iTrSGuPew{ za$PkOOpQhoy-$w0DIJ_)^&J>@TNc@5tLRaPSIv{Of>}O~Zf-uFnEEoym*V4iJJ-B6 zQsx(4bC9<)XD8h}lYI4RZMo%mk<{;R)&FJ;P=1~o7uci=wU~l-w$8kw`sRb@Zw`uwO83rcE^$gYy}^@SB9?a?BtI?4=muuZucjwh=sp%R7wcg z1|zcfi)f~7znhH)y~)zi*y7o3>-c@Z0DZ5vE^q-~lWAoFPnNnCl$PZ+m4qZ`Ut9!z ziQ?s@>HsiMUUsgz`a26b`NLiieZ+7ty{S9t1f$c2JWY$#t>10(f7&tV+5p7T^-Qf3 zb~1u;1$rVIs<7X#%71<#s15$7QnLOA?4%)*39QybIxnf;Vmtr*!r>Lbc=WjXCmBxO zi3J+LGEJeOhqyG3bgJG0E)A|fEZpDA$_XWu&yD#{K1T2%T{d0|L&ILM%~Yv$E;N5+ z>l6>BPZ$`LsP<26`M0ha{2~K-pM(qOlgIR3yY=^E7$~P#WhwTEk$k*=(x&#?Ry*-i zz6#J`mHV!DGHC1DeFY4gaPkfnkNO>Kn}GovAYq&{8#vngnT_O>pv!EVKqFMX=_JoT#b z>3=mmXh9={K?l!buRE&n?-g>$fwos@Ym)Czf4SfRp0ox>bm|29&ZecxIu4>2(FR%^E*OdG82LDua?7ja7-MQ>K!!yyd(d|-F-Ph!4B^~ zC+Q#a{%;`UzAso0Qloy-lVh^R4!mn!AKm=#TaEwuBvnT6U!Coee)XqTLSgEi>`;l{ zXVCwo)|TYpznb3@`sEFdpp6xCZ25mM;T`Bpk`s1*eJ43&hb@djbAK98J9Qe+YN@dK z8=-$0e?D}Ju=ZXw{qsa6mjT$6Rw_rllkF=F0Sm^)O?K(e6RiSJrALX0pW;_Xf+MiR z$AxgsKd&v9JorxY4oCfy@8psIKQg2`%Kh1b2%yD09rf|b$wmu2gdQQ9XXN*w_CNbs z8UtP|pO-cS|HKq7k%7fct9SZi!~c0RZD8TrE>>56T?1$iu(()7G|?Zeul+K3Jk`7M zfSo-OR6FIyN*~iJCyOu(L}i`WycrDoXj7W2cz-&sbWhXqK6>eqrFK<&H}khUy< z(Vnkqk8)I1b5!Yb)bnBhs~1LULQ2mbqNFG`mIUL!4UY=-v}4%ySwO7w`bqP-Uz=PD zt%aCm$e+1@+OPU55C*T0mVhp_RR$79r4aW(h*Au&0Dl%i+`J4?T7fZqay=_BF~}!C zzBUUxd6hA7u&I1;w*!Ly&F}y1RLq`>XW_TFY)mqPNuvt&+HX@6U?lq%ATWA8a(e?B zrHmK#tgHtlTIt?*v`eMft7rX!96`q~BjD9&1mzWN@;f?ad5H(=-C*$f7RV$jP|G;* zPX}mtqv=0K`zyCx0lQIpc!^W&&vs^dmW!9^E7Hg3+Fc{@rxsu|FB0%Sv};?ud%O=c zj1)Zf)|jDD>jakI^{KiMcEg-5nUySwyRZ)j6JU-g(_?qVWh5s%ndPtsP)i_4`in<_ zG$<6l#{`qH%3Pm6^J|qL(|3uZZ~gNsWgx|~@LI|{V*!^zWE2=rjBWBiClC6WiKiBU z8dC=7N`JM-=-LK`-!p(>M|uNZ2TdyC1MgGrf*`vZQ3 zerB$~2*^}fw*-W_3xIB3y0 z99X;!`X-ryXm**mRU(*{R7M=487%>i7v0VmNy3h|ng+~)gtRdbXOVet5;Kr-i2?1? z__i`(*O>uheFRWedH|-Xq++v%GFi75yBP5MOK%6k)rIcX;4dzyJ(YT-SNs3MZn@2~-vJ2(pKx%wIo{4QJC2u5{ z9G`g1*qq}NdF|9GvIaRRiAOP6AwV*~b>I5QP z*VbO|nuFulB*1SoYBVEjDA^ZUVPl?;7(2oK>!9h8!hP7kV- zII}GysV)=%yv1SNt!ZeK7NU+CT`_`=WgF&h4EyV`R0)5nG~R-X5V4KS*;bwMCpW-m zM}i6HaRfBI30lI#s;8Yt^cex4lJRFTZ1I!+o5D&3Ixbr+6cc@gZvwtStc67ldkIq& zC;VXL!riPV<_q2U&;9s+zem3U89>d_K9m~wfDnjxdF*ezJKq2ZM1G8#hSTd5Zq=ZY zqkt&Y$I2qTno=*^0m|jo{i(DrX&3ZB3yt-3eN8>?a22p5Jsbl(SOp&|0B?||LTp0) z&Vc;-KopoFB-3wwm={%JWlni^aFI?~c%6r8h2_zQhytdVNzji(TDO#7y%zZfl*-Gy zR90SMpO5{bv66^TIO7NgStFr};19rsAqN23$C#g6F7=0rp!CgK0c4u`lC#x2osuAu zmUSMftha4E)mdGprN6QWsPd!pqVLZuuyF+SHRXV5fxY87zJl1EB&ygz!n*RAAd&$~~B{&zS zs_awrg|=`Nai2IH%?UOVgY6*qz9do=ktf=vTuB zJ!u1gVfu~YCNT53I83S*U?O}Bv>`U4XDdwG!nj=4w2sC?1#QqBz+;c)+UT_81J&uK zgI`s0IvwDi%g?9$@!>cr2it#14oe%cfR|qkyQ=v)Iz23l}ax1Rn8sjs37| z;Rk>g>J7x;RX##kOA2XpE&k}@P<9HTK3TpGrzAL&fA#SHcLe-DQYJdri)J;caf$da zktwh3o{jfUG7F(J8Z;_gTdM;MUtk`NrODzr6u%r20b$lD|M1iJj_rJ4;iO=RpOGB3 za<2VxH7zNaTz?lr#oy~fOHMj?2C${1C?pB=SH7azwnt(a2D22Sl0`koAK$TkKjU)* zRLwFUzL&wVPoG52Mj%SuqWe!W@!S2cQKRd^Z*hv3D@cG&moPWrKq{6O;(PK%93bxI zu`xrPI+TqMthSqV#`%PtGLMv;RBV7b41npohVt?!{r3R(*KOdMDpGcxR zzi6h1pEgFmXafSXMR3e3Qkw5+vT7Dyim4d-9*^HPdElX%Pp7SVgXg%~@SzPDS{=yO z<`$;Gt^=nTV_jIo@DuaxHAgUhBPb7hEq}Rj0FK6@vd>|Zu$keE$Lbx3Xm$OF%D(>L zG~&n>Vg;0<5<6LUag`8@f8yfb+e`bq)A5v~tD`0FL#TzncDgQqkpP}tL|0Be*32o5 zT~w>a;juR8i-vf^#4z6_sn{F`om;P2v;%Tf>)6!EdiOF|SOexq7ncvt%W||h%{B&1 zj#f=Nyk2&QsRdj*%7^=#_N=d+(F4*TC}I$H-G~O)2EKX?Fm-yM_L7LjK*0jw!GuPL z_q^cW7tb~Aq!Kud1uXF&SNkNhQ)>e%t67h690;`{S}}@lKsoqMsH6@ zAy6_{IgaLZ=pc7+yqSb%UkJ| zn7kYUV#0ibUt$9?cofL(0o%>EU37Xu+4WCzvoXay zs^9`oF1ijFTxMbc`$v;L%Z9a+3Y&&$LE|2vr|JL4_Xn3jHZE zTd;yCE3qi}amnyUz09KJ_%FGJIz94v=F;}HL*M)f#h5_w^;#eUaAjpd+VbNU%{FF1 z{2;{|chFS6JR762WHnxHDaFgJKkWcfP6CCJx}D6uY_i@MHtm~~okC#NRu9aVH95rT z9OQ#gY@^iS`>cfJ(1$k#JXyni;4CqKvhL-uRjvdd?5g3d4atd~WKmr}?pl$`6$frE z`ce?4k9Jx~Fd~s46f6L$rMkU9YI9lA>jd2W2mrWwiT~lS{#p0`vQdX@XdA8{Km&Ju z$)cs88L&Utxb`!Uj-#gsGK__C%d3DL!S=a)o-aB}{yxz5WhgJ0H~{=eqpQmnwz^=3 z-<8P?I~PbRbu_eUotV)|loZ#=??DTK){_0geV?z|7Gufmb!(+`&zJm6Hi+w7H_2h4 zAnyGa}&>uV4dAv4)_2^O*nRslidwzR46LjF#r1(@Yij{W3AaVh!%gGSRHJ zT~K-kTIDa=b}5|%oB#j8$A9~D2PmmkNa_Q*$!M?xtEtMuQ*Oc&RU)04)DzR|3YsT9mHx zQvB*P+=h@N-1WPsPd@42tcM%g>;R#WUuG8t{YWel`}?t(e~u3qgfKHGpNc)%hFK}# zY=qy8>k<6hgZ^#2?LrW4(5rWs_~h}pp#2RXas1;S{x9Z-_N&0CugyRB6$AfE5G1Yv zVSmFGL0cy=eMA^|h5@3e!hcztlQ;FXfsBYsk^I-}H(dermn`iEzm2s1`Gxo%1V4(R zLLZ()Y7s2pX>&~GZ~u8$CJ4Zp-cxIboxDGLs`Otr_0JdlAI1~`ZQx?Y*n+{y zi`~Bm)|OcO`hQW6wyU0oFfR ze(5nC-&C#2WHJ1|^Wp!TU^4<=FyVY3uyLD#9IMoG-_CNXwnERbhqq~T7YXy(8?%5I z@DElEk68fz0ESrkt-t2K0bolfxJuSsIsoQC2SGy+z@br~Ll1hgV<38Ff#iqwk+mry zwd~lN&&7MmM?vm_0kqXIAhCsD4T!E-@F>7>b_$*H7?Q3}avG3x08;M{0B!zlfDl?X z4g$(jc~G^;1nOC(uA2t#;I|ooPTz7P_VShXOTK_McD&1K84j+yG|BtDGcZYIGe+nL zi|2wB%?u8W`g=hg^1z{-6xtr!Z``Hjfh5)d9o8F=XmaT@EOpYVE&Z)IBr4^u<_P_ z2yv=yR((PvPeT#FN-IV)>C&$up2j9rh#Sc!g6o^d&MR?qf_y-(kE=QZ%URwJ3=s0% z-{|q7x{rE=9?pve4Je~~9)L}+69V4=;)eDjt9{LQ1&b<}(Lf$`0Yd8CmEkfUhL=5| zIQI#VB6yAiApj%;73CYT5QN<8vq4c%48 zkNb)9lOEt_8XYW9 zenAVz9gPnebMKH$ORW9u4Z6P#pP$jmUO6EfNJX}bKVee?!Ui53o{86WE3u6ks4gzT zn2Ud_NOBY79(&?;SFR*{kRJVXqT}stL`4a(dgsW+#<+y7QUhxNyn2f#=DFLMBk~gQ5Z$tYz0VYP=j}M0EDbF>FuD) zSe;jF@XS#SBS>%W_1wJG2q(~_xRYpG(#Z8|n4ERo>s{NwO3ofR6Dmubj28>o#oOmM za2JelLxyHmqq^RH5hLlVkQ>*~P>n`CJvkV%)yzWoD z!2{ghub%!80M(`F1JmB*CkqAeVQe3E9toT4{)fb>)b^oI+aC8J5eTo0e)IXnj^`*2 zPcY3GLkSUX)VX%$T++@-A-vjgN1M0wayxhyzB_G)gJ{bNc-bN?c;(GPjd_bw!H#daDEiE?ycIKf%h*4xL|ys;fZ9eq31>q@#3vzryt)Z z20Up`dQ%_kSgwK-zQ5hJGBNeV&IotVFhi{rQ;yVn;)Pv428_%R|AXJg0$T31eZVw= z=E;?zRP#GmH{)YhOnZev$=F*V@0UN(B?ggaUGwb_?9*Mt>WZ`5HCOdOIN~9Wi^;d+ucPKy6-1QFWdwUoH;o@iW-EYoLGmcx|Oau|oht5X3XAAVFKkX3R{bY~B z;sf-$TAoQ}B}X4YMB$AIO`P3w0M5PoR6zLVjqXo7`@MAav%rEMo4NDp@oQw`Gnj)0{_VDocUV~0T}v9m{T0eS0 zLQ03j?E+*sVC9ZTC?bF`Xx$@oHa=W~0TAaP5jzqY)dIU3`BL(bpLFUMK!k04t(ij!EPoJa}tS3$L~n)+qVyoAN;&q_qV9)!U)*| zs=BHlD`O19OoYCrU+^SUWXC7SWIV60h8lf;D(x4-VsPLaWu0z!hJ{jc!z+UGEUrQ0 zKCZ7;E=C0=Jvn%cF!{+b>0`vwM#7O>m|Vf0-tM-tg@v{SFWrHq*_@o5-E|(%oitXi z^o*50$D^fY>I)r9d%SsS8Bu^vB4Sh?U&Yo?7a%Ez6>RqlFIKN51GI8N-rNvk8$@eHm*A; z45bGXPCoWwgTqK7%WK~9SGZqIn@1Q&LGN9Hs$M!F+n3iZU^>qI^-j62jO!`1IUncx zs0i@bbMe^3SmPIM?#Sd~@Q$>j=((-epdLPJdQ8ZMc`dl2gZ*WwT#^>G?TNrtU) z160jNt*P(Kk0t$(g`0e9>LI1d6WaKuE1cx~aZu1|i5I;kXgh2%-A9KNB) zIFY=1A9TOXz+oXFiSU;vXJ!0)5I_zY3fkJt8jnHfxf&|Mb;PNbBAx_-pb2RSQ{&xE zr@777mb-EV!0dt32!yN@C)oPJ5|A!)L{~N#2Cs0u6}$giM#dCJa$LV26&h`@MomTa zLiyUYYvt_s5bCn>*d0*21}I zhJ%TQQ&6Yjna`DU-&(ZuW&_5j{zRV^W%>ux@y`1WX?S}~!H7#JVTRJk=4FG=SG zVO;DH;jc%9VR(1AgkgtM=biK0huey}#>qUZUzv5@chvIp0V8LZ@XCTIH-Q4j8Gna< zck5>RWO?PvWPLLfR$I38N^V2(3Rl)>(|9yJL7<;(b7Q)7U}HwA9UKSrU(4 z3&_C&yQc+{Cy|MkS_Ns-7>8%t*PcqwGEDO18{If@pw!2Bn_aWL!d*EgYpq>>b5N~* z-X&l&+^Kwd^IPXx)|1%lRQnlu*+ZK!^2ujjdn_lFLe zo9n9j+=;41=HaZ1KW7Lk*AuUX&~=BmPc<)cCIr3A*Vu}B}&FIRz8SY$`j8&rmZyqF3b8pPMVk* z_Z2=a)*V1d#<^2F`#~||n!LRHC2`jj{NQWlDtvbndJ z$r2T7q%`=jab~8~wM4v_(y~fOM9DOxm{ia=exYp9;TmuJwYvpr^0U81;SKHt7!ipB zcLRsr=d-W(m49e{z&rmP`od&<8BL=dKQ!kzKrGJCS#3ar8mn0v11;*WKKmJ-H1$>a z7uQOw>BN}LJ{g}f>~gbV_z;BQrr=2TSj@q&42r`EC0i?)KT2%)aCV`Td(DW+)$Q0U zC^$!dj{LCcGyv+!qCqD)m$zRuJ~?*a>$?Y7F{zM<@hRPN8T#yE363urOjbn1+s}#Y z?wDvM@(e@q?)L8HB`56WsaMV2YrT*cP^M83-b@apA+D8)cNng8(poFfKl+50%s2DP zG-Kso&xpC?ZC0akrZc?yY5Et0Y_clRp1l)^h8x5433i_NXg0OltL0-Qe|@E{S`iWFT0z32yBJ z?^fi@UtHm2XWuG~=Qnd6!jO%8c0bZ(6PvY$QT7O4udl#{NM`lD-`r{OdZF}kHsY&oMY>M`q8*Q6GN-4%Y zuUE1D8H4yB`y6DKPq#S(BX%JkB5Nm~{hEDG-7g`d;O=hyZ6w zQznH9PR!RZG@?xYdoxu8*)N*J9_Dd|054)-7+og$qZBaorWd`Qx08HmmlVyh<0J8n z-p3XUH7XJ}NQ#E4pl)QA^I>Ft_Z>F*lVM3xFHd+89rr|gZsMZIIUTOnA$(^*n+v#9 zxdvG0R6txRgC3tm?jIuM+Z%KP$XaZx&z=h%)XiPq5f-rq49r4Z~eBNp)R zpX$Ojk-kmE?r>!kaldT;4SH#%k_mredc0&RS0n) zC=eLwo_yI0_SM1&i34xGHn;scHI~#*XM^i`KP@=Tfr_C@YG#fArN!qt%b$ z9u-wlZ|1h+Xxv2f{ZiMrbx~h>qCPqsETU|fo!z{+15_Acj$2F)0adxRivhi};fo*h z=F8U$%_rLZVs8y^ZO}?sL~PuBP< z{lu)10G7W9Ef1E~M>3R1YrJFLFV1z!p@nB6&uQWjjemVa#S<+IZrem4-Z1gJ#e*19 z%Rz?#{71DA7joAg2bqoqHJO>7JNu>ALdL6M^^2e$~gbkNBO zTt(=6mNER}vZDCM_S=_xBs@B16(iXLhGERz#EuB3X1ZCQLuB=f!kNqBw@6y=#;zoK zZCn18LA$&a)z<14YO9z@@c8(^jH4bjj8mGH zt0xr%mRD`#Opgrk$4li|57NHaV}$w~J_Hxw_BeaXXpMB9(4feuC({(EVVy^V*)1*u zQ2B}EIK(xKqY+&4I}<-mYF+2fGufxb4N4}_ZbNYd9<@e&?U6Sb4ax|tm#zrK`AhtQ z9FXK^fO*`o9;JL3^2k7UEnA}a!UbAaquc<23`N7wx- z)#b_j%FT*lMFd}&Dox)lF4@dR2D_;~@11G) zdw&aM-aL8d=<=4LTcXpCnOpi^tRJp;m05MoXqh`#Y~hA%E3#W$)ZY$$hapmmCpB@S z_fYH(iLGVWoX8Y!{I1!io3~`1vVDZM+S6l84&_?yO=&Q}X{pA2p|pLaaFbiyJUfKk zxVx@&YtGRnmc!qhJo$s&l=x?xg!KZ&_xKM!Bex232}0cC=bU%#zZue%TW(-$$sM~r zJ9{nay}l~&=nW9=dYzg#_{5>%wye)jA#OK_8*SBiJo12Dmy|#_XOcnfH_wcr ztudm_dJ<6u~{pvHTZz67CVz@!RBAV$6p=u__h^ zpH*YmEjc{(s}w;5rqXPmKy$%5m-`5v4W34GlSH-hvEI^KD`kT1&})pJQ~<(Rh4|p& z-085<*YjMe)-w_;U5|C$CzqVJ=QXh%?-OsKEy)k&rBw)Vh~Oand}{GNR)QVvy=~O$ z`NP^Sc-V|@ufnre<|!uoR1wT5XszX{zd)*Rm{CIPlwDkqgCTE4U;nP3o$gw&-FSLI zU)RzV7f-jWqVON_hF+q%X=~|a7#0z6gEFUB=an=pR|~?GqGX>Lr5kocE58cQt~0gk zOE0{!Bg<4mvNPF5ajNq@w})zur;S19;_%D?5q;FXYu#n_d1-w*XO27VZe2@cvtWu8 zuNHU@^p!WaPc90#8wPXE!x)0Vt$R1ghodrLHQPgMZRP@+zNtDy*)&h4+m8%KMNdJL zW+zA9kfg{y9yjaU7qvjN|H#vWS36g>RsG7WpIwM`sI>VO9D>n*vsN)Cz2x;}NwR!c zi>qN{AXc{^3TJ@6AMUi|Ac7GcY)h9Ow6)<~;@SRqi0ff}tYP@mxLopvVz{Hb~ z~4)v<9qXGqM~`&f2n7KP!)M1+UmGDQVNi6aB% z>U;0;EcD2Ji={(c@oDkc2Q95b@$Fn!vf4MNGx%@q{#N`8jVD~mnZ!k9(!L+Bp(-Gt zUCDWcs~iIix%9x2Q)N}8bMA)?uhRzE(o2U(MRPeD46E@Sk_Kfqrze$N>g&sCzSj?6 zgRArzbvePPeGk8SZcepM&nY+ zaV5E0ynb6{`~G9jya#sEk_BBly8IR`8!qV5A=XjB?v-u7W-a|n+__O#A&QY252#m1 zwtD53S$-j}sDCu#y;HdDr(QAYOz#*22!_g~U1V@UY-_8K0r{O>id!2Z@5hcfm#u8C z1i#7n`292+@%rP>d4!+&LvLa(Ebc5W8`2G)a0B{Yt*0u6+F-4vCn&J_X^&1s@N=0XoTKQ{P>1IhpgeXg~jdud!2GjQ6$4A;+^)BD!S0SUE1{K zl-%tvM(@Q9isVzE096s*d>A`JUUDkWe`JP~wlGcFF0X6$QcXZ30v*_UpK@7i6?*JL zZgz0?+1xb z{)(rro_(yNBD@k6#Dyo-M{J$r<|NE8jNVvmpMN=XqG;=u6+?LqR=Uwk!dZJ|dqHlX zDCDcVM^%_T5fZZ- z6|2x8!)|*4{I)dV_P$ls+ahWCt@Vt@_6!MLv|~DThC2J?dR9T(!Kg_uNz`uRD(7-> zo>_Z@gpYAqek#k)I@~_O6HHP`S|m)EV}pQRT()^Cu#u>4aBzF94X+x^B-2glQ1A>GF>^2T4LQf zcf_ebTby}RpwL@?S@6P?f`!^3jK-kmY&NK`=o=sW+T9i}Ix^7mE>dz-F;Hecjjx`q zME_dl?2>DdE5M9r4ezhW4tw|k9V?C<aIr$k2p-XGF7;PgZ(VSSZ+?Y+E*NHp zAsEpto~CrstsC-pR|48|Yb)<5=fuXc_KIO#Jw0RFUxzKqh6k(G>s%|DD~Gon`#n`= zdPAqv&^sfv%?55$C(xBKP90NQ^)YdF?24^px!0BAlrx{040DLq4qQxXogBc)VFka} zN*-Bst)Lb`Xj5*N?6TI1)669Ejn^|TgWH&lC$bqBUaMrFcr#j2s!WYi>qg~PnQwZ= zEd#(v&A^t|6xt*Ztjkv@h{;}l@TJP3b5Pr91U(BRryFS}wFU0xa(Jqe3p$AkMQhJg z0rxyPM-rh!cYMHk^@=^8(jT>%jO3#6C!=b9lr3{|kBXMTL_k=_dVu$F{tA~nj?Sin z^~&QTKe9gNi5a;ofj_O8zh8ERA!~r-M{_ZS*2vcS z=WCgK>A$J?L7EL9FIFI~ALUY`nc&*j5nF=IZ?(JJHdt2l@*A)9n)*^R89ig>XWE(o zCCqu*WGA#4oDz;($SL87qT|0a^Q>oVXd@uv!sOA0^8}b`osf74#W@jab&a^t>W2>a zc-Joh6P`76JFAH2o)n;{iR2us%{_TFQU2WA&f3-d^?=nb%MkHRts8F8@XhE#9iP^I z$+2oZu~#Kh0oc}G#B=X1j?8d@#a;W%>bFd_d{QmT4K;UZtOZw{&rGXjT~f0-Li=&p zX3F-8B$GK1A_XflsFpxZ_fWFb(PT)0P>AXfMr@ zhSqFN$C-6iY<))g_j;0ACNgdh-L?x^;UzJVNj+e}EuU;8E5xmi(f0^mEvccmJG8jO zCt{f8sfym-ddH|Oy&Z9SeA#=&_pXih&f5LA7|tcPUdd(D_Z*Le&GaF&A+Ji*DVLKg zUVoXc^~dc-8G2b-T`m|i+ZMMX%JXc$W#}njb$zAU+a?)-*e6_GV{uvNaO4n}M8> z64u=_Q@s9*|HUeW_zkI+JocR+1N_yYoM2Le*((Mf*KM&&vW0jyatuw)c7BuRfGOj8 z|ISEUkd_cjBj>_Mkb{t&=f2y`Z*hQN3+LaiC9UXxms@km4VbC5?T3G(n}oI!Hs(w| zCa0rzqR;C4_!AG(ya+~w8Sreq?j4a_tg-4c#m>Bk?qsmHVG`yT6!IyevWqA!(HEAS z$~`DTtw)YW=+YdwE8hj2NMUGd&a)OM0JZl92&x{t?yS_;>ZomkIjLSh)*wqDzBI!8 z;Ca>Ibt1OKX7?IRUUJ*6Se{{(L^`pZ@3moHz8E`H+ec;AFMbN3tesS!K}W@dw-I=3 znO>ySKdFlqXC{5vw7(pNt@VO%QYy6DD8_*&=^r63LP<#$5?vU z%rZV+T0=>G;~fx=#x>l$Q_4%SgVS2hEu1#1VqU?|u3R7Wpuy~9b5w%}c+Iq>N9Aje zXDLN*%V(^}S&9kta^7&N>blCOqD=-2&}FmGMZ>_^Ois0i`oI84iKy97cF6-hQWkR`k*b%`bcie% z$mHslaL%2Mk~r7(xKdSYMW)*|Ue#{XCfl(56h=C%O4>e(arr~6@}vaQ+S;b~&9vqk z=twxb%|_|jVeKtTi7FHH{txgcTq=LwRdSznt`BgK8Hx@DuHno1<^v^UochJ1bcYZ5_6?`0I97tbc+dsi5}B#q6H5Fe-Z2@?eKaiF>Uf}L z1n(^4cXKa>V~-o#^<6j^PjTRD^aBsE*_AI0^Ld(ex!R4M(zE-Mth@k6F);n~BPTbcMRiwAG3xshq8f9*!wz+}EO7TR+r=z(g|a~5}_NE3&FA#WCWyFDT{ zSE8ch{V5yUK62KcwWwZ|94_(=*%Ys8uz*TB%DMAKQR$vFSA(=vL{w0XcW2P|dv3+8 z77&OBBs_XCqb--ehN{f({kl>eQ_*Tnj^#?Bw5f&Sj@%+q>{wBs0V+74piP9$Dwct6 zd$`qkH_x&;8T*KVF?KWg>qMq9_yX)zavM|u>uM?MY+tk|D&tCTHx0Ddhf<>pq9;3sH zfagfm7yx@aW^3L3W(ecR9RY7#x^#HSsCy<^^lizvJBw|{72#O+ClHxzELL52ThbqX z&)TXR=iiN@#Q#8BIt$MlOj@YbU{g-FD%Q9#xPLp1?oRdE{|)mhxTGGHkCP(u69B7Y zXqS_>zNWVp+Iw!XUlH8m=5g-*cQD@cVc$OL8-|wFTnlhIMn5l|>OGO2IP$or zX?hxEr>3WZ{}78mbOJ*VlUTA_-s#yumnkM<`?Vo#>CDOBSY=EolIQyM^F!|4*E+SB;0K-43XTuG@<8Z1e1Y>Xm2|Xf-Y;s_sTD0?Wjesyx{9DFUhIU zzFS4d%4QedRUD>cF;B0X8(ItZ9(@*}Np#%W=*r~`qh#*{=e2^FDw+1nO>0?a2et&X zV^Ck#ZxmOIIMaTA-6~$LpKOzXeXlGu^1_j^kLfaBTv4)qVYfB=pk6~LpY^kbwhKF!wG0zOUY0%7hAtHaP@6sDDin2b- zfXZwQ6+eN65v(AzVXVR+oiE6<9o6h>6GaA6lK-D{V7S*A&&>)em7BQXUH zZkz3|k^wr7To0nxZu3MMCFuP{6k^|{q91!qCe;cJ-@O9z7S(s}-2Us|%uJuG6W?AKO;fK{52L@nDr!k;8r?{T%s8LczY?g7U%K8bV|k9E~z<&$K-0a=QG`_90lZE@65Wq-1_QU z{caQAlb2eq7@54`{UAc&=nIdfPLpQI1cU=0U7wi!rrGc_P+`tgd0;plI6Esh?tc-q z$*kV~!fW6zUh-{?1gj*SX#YcbVsOnTttYm}CVdL#XR5W_vluA4>Lm2OyDcgsSNR%) z_s)vhYT-Pc8s(A#&+J4Qudp)7(S$9 z*=#r)B4bSQ+LHUh7=L!0sz`mQC}ZtSt|Wm^1B1GY5=)yK_p@fYVDPfc3Bl1aMenTf zwnU5m>wy7EicDr$Akjzh1r-f_OHv|>#ip(;T>kjllDz-&Jm=o~%C z$<^zkn_t;V=qovEODAf`xxQ8yN?_gVQlVMHEE*LY)sVxXUW(6CPe%(pzm<8rH!6;B z4^atKCj7wlUdbNDawjU+C9?~&ytALY+Ufm)i|w@mOb8nH*>7H_L)=5E*g@t0b!H|m zzvqpH984SZzR1qr61aN(z;C?R{Od;0UvXT_A_^9(@IA-@-8cX3hDf{}uwc|PH8}>L z0FVleKyO+!FIxJhjmaz@Tfn`CS+5t!q5ZIQ!P+44A<3OHgxbvG42tfDnJa`S46X+5 zq8;Q73=)XBm{I|gvF~Hecy`q{DxA5hdb(>ZWH+dX#3%na@uWo^nfbkBhlm7<4L7-? zROVfCZh6qunwPKa_EP6t*)`Et#Wkh$No_e1oq;&P1A0^=HCBB&9MVQl-6A6`7(O<^fbbO~&V!|n$I=Qm%k~@8B{qso0+>muw zl?{VVeK(E*uc&_18Qf^+{F#bsTOAjz+~&f=gCqpQU4@n!F8O64G1@{UltK?{xG3wOET7dxIu+MG?Aerdn-9)N;@ zK%B4dZ$a|Ec*4k^X>;6#mYrsBver!*J_n?OPE5;sW?im7NEH+jZ2xyfwun%hk)_yV z_Q1uh?Pp9^+0T%W`z5^-;V^CA-a0-&8CL1*ubw`yul}z6^v%qMu06Zha189?J<}`K zm3})=zZLzZk`9tgx5cy7Gk92Q`9fn$Gf-wudTs7MK(!|O<5#bM^FdRmr2aOuvu2p` zB<8#%wqd;Mn~^12zEc->uNJq9-a2=H`cQKHYulM)-R$P3KYnSv8pE$Xj^+NR@hcf` z2myq64(!(0>GO$h(=nl^wQY=JL#6UUgMJy=d>tkfQJu3Fuew6DX9^XUq^cGD{Zy*r zA5Kroa8*od)>skrl9hqiQFdqI55}jD5bf>Nr(;ZN>_-l#>}|nsl%!uQc3RGNzbISH zEbIoAT1O;zzVl9w90RggB;2Ez>%h6r{dPy>*OoO%_+%ZX8Y(k>@xuCm@26E?yr1{r z3I64aMLLEy{%1w2!@f|o9kQZ2BteQlb6&dDc#B-Yua1_aRikUKM*2WX3AVyGpZoZ~ zoyULtl(9nSmDFz*rOyoFmsM0JPMj|~DQF$Nvl8OXKZ~%lgfYWOT@?RXkcdy#A*!LR z*=qx9BZmWs35>U-m5sy3Ybu#^*bk6|`+DM=i61Tw@T+bv>`1TrhIu&eNBeonU}0@V zc!yG|1&3?B(i%w%G%!K)@i&rX-~u5*Y!~!wz3YGu%m`?ii9R&JAnyKf@+7i<_mm-P z)EhE>LGvH${`b~qi1{G1wt%Me`rSJ!_E_W}z)cZJ%V@n@ zk`9f|zOLl=X?5MtKWG*&av8r!_OU_1x4M^wdcDXzuhQKHIZlXG<$g6+4wT`Tq!eFY zLQ80m4oK>|UA}Mv;Q^llE>AvmLTbM=@^M@o6kuO~A@E;6>}TXpjDpTGU?FN7+zo^(Psr@%wZJ zUf_*9yg=brqkbw*ykhg(V&coQMT0LjVygpp+hX|Sp!1f269@f@;m|?#F!3ZDBgjRC z=Q2`chO{w6b)Yms2+NmKdL_C2?d&XU*=F{>^GK;k{V1GYl5@}h$zJ^0RVcJK3wrK8GQL0PG{Uuxo=g)6 zh_GfO+m?QIo0f|Du*K0xGFo)(r*(XiVBSvo)^Rf5PfBay($9>Gj(p=N8Z^*5CNb4C z3CQ4cXo!#p<|m@gkQQ^9{PH#s)=~|sm@=MmvLS0WGxNDf1QQ*}#hZ>pW4jtPW4dczV1ZAx^zJ|r;XtQT1EBV!$s(vp!_f3)L4Gul= zd~AGt)$+!BJ?K__ZW1hfm6~1aXB&a#z11gYgF_?OZpF4!GAnTlq@3632JGl!yEx`0 zBCX=QJZcjw3=nAcOK5NCg20itl_4!|H@jr?IZz~)D`pk^RW!d&0`y}eLs!p{kdRE=pM6b!XO$G`*MvUM1b$Snl8VHZsYV-w zR1Kobl_p{b4;`Aq)ZnXLg2BJuyqO;ceVt7(OVb7rJe^{|lbb;YqKcIpw00k^;x9OSAIU~9Gu;@SZ`ib5&|=B08W4C*(4h)#bN48PCn z!J{mi2Ex<7ft7pa|9@Dpd%8^Xgmo_*FoP9l?HIo2O;!cr`4^01<6D|D8To}y5(o6; zmNW5idRVS4``*0pj5deol~>xep2Fo>6_cu&=%R1Z>AWpmxeYMSgu%>C|k&H zZc;)Y)438u$}V8p^+`!p2nWL+za|H9K8LZvXUvh=?$u8jB@Gar0TukXAH{3MD9(vH zF7LTiMJz||?@R!vSsv)hN=(tD4>y)ZhE$CuQ11|c%9^lgm{`<#fqNQsVnRekthD+z zfKVC%?Hdm#DMH&>gtg@FEg z9sjA?>;ZsHzrhL*-yd&sXaS-2NtU!&W-V(6wF0f9VyO{AmVDtlK^omNMtY_tD&Qao zhqb4qjdg74s1W^T?Ml}?vbnCoy27g$7k~LOht_vkxjxjlj#s=ell^WXsR+GO_w{6f zo0j{+vO5)t>bjJ31;Xhe72);Rv<~+MsOxJiDu-uF&%W+N+9pT*U9_@LBS;n5c3H!O znC|u$w8^sO@`6?m6FHIN{~K2MvK8ZT*=EXAYC952@=Dk(YkHLT6~ zFHvXf{=-lv_GE^9hsUj75@~xf++B_0by?EWD7HkW$&$Pta9l@DVHJcT)^_XB|KvCS z?R^^beX_`@G`dU$f?{av&K)?8qKAVQbfo-EpmOpD^}(zp(lh#y>)q?qcZo4BCAc=o zo=S=uc+ae>VxxII-4cdH4T`-UTNsCS_phN>j_?pT%%*vRrpXk{wB*|gp%qZzztlo1 zYI(PZghtQEiWdEzRd+t7*8u5d=W9n=t$E*)C3h?I3ksm5bmtn5wXs5zGf%6gN}|NbQ}ncW zQGndy@Z#6$H)!ja9jQFW;#wfrTv5$#wT9R})~UbDznr0*9SLial98&m#r4(yhwFNU zDU+z~1-E^x@kZ)*yqR2RbmUD`Y<}xGD-Ay#y6DB-&61kN^HF-n5?%<|{*A^3QTamV zi`j1!iIVxbt)P+nUWfGlM`)anBYJtTsG0bc<#&xrsUn#2b^{pOC~5(y(xH`-Nz>@v zzr8YlX>%3L6@+`Kq9dwWSxw&5H4DAYkq|0H%Fjjik?LE9hYx0@T2%xHEhn>14hfdwnP7gb^`Zws$l@30WjzDEO@q z|6kqHK0;yk&6;~Oi*YV%p$@2z#Zvb*hQ zrEpeJGpPY|3MlB5*xH0Q0_B$zw8;Ho+9%hkJNvujQ8NL3B|gRhglYWW6i}Bm?C2JX zK-}goT)7#^W@vo-%i&mgHmEOfA=*ASC_`pR15+#L3%PB%C+Zo!+37_bxy>9)!fL!f z>5*MU-g}CQNiFN;-4_4<(!=?moAI?&%9c2gLsIt4dE?kiPru5Z`(b#-T7;^h4ONX{6`i20>L7hN?-}pY(sD6$5!zBIij&#s6>^s4c`Aago2@hW3b$ zv>n6D=S^C%h=2q*q`z)@+$#4mp0(Z2@fi3c^e)4vkud&Z!qCH1Iw|VRg{R1&-n*287m|Bt)U4|zRl}a!IbSpIO8B~bOE+^FlDs6;yM9&M$eqvln^U^u z&|HM5T(M5wLz-il-^<_8Dz=U(v>O|3nHN$#$yV!#P6vnu;Mpe79HQfN2d~Y0cU(#v z;Mq$m`x)+km)78m66K9AT)MyX4j@Ek=uB9Zr?i++DXFzh>W5x5nLfUoazLb^D~z&D z(kdVN5UJ}|%io^^(O|OlZJjG|`ZP8o8ssC)7Z>mUGY+ z;@R!NcnDXLKPW@Mab4h{I5dgeYZIRN6mNK;R6slRxfe9IAQwDF?1EA>6SSc|iSw41 z54fn2MT|(gA#};K#;c;@2Ce$DuZ!FUs^P_@Sjk@o-Aw6+nBpsNlEcd!W|~r?3|LJ* zKMezsvnRcm)AV_1=(3!kX)A7;Nr0Pe1k729pMDLPK5px2hY!9ah^CGP!HV+Q4qxKif|?wU^kv$l?o>q@bjug$hrJjp=jG*9$*v@&;f5Yc zVueb7=$;G~2v%gSYeZ-Kz!3IF@dp{-~D}rlIj{UGcGl9eoY9N^yc=N@% ztv_cjW#>cbe2f_r&Q2^UGAy_v=N3T&xDV z%n#FW=$r$6yr;SeE~9Ss#DI1E%2g~0$E+DdcHx6Pht4J0{VC-jeHHzH*(D~HDPrAo zdp+!pMtbZ{VKEmu|5^p)l8w;JI`y82fy+rpqLS-j+p!4cT<$Dkow^g%SjQ(4DG&*u%8W5tXg0S4w9b#N2TU}T^lAjVlV|+ zt{(!_SM}9WwA8}1q|t-YQff(bJI$FxI&(V$yomMGLS_Lu#UQ6pFEfLGw z%b!l(1@dD+OJqMS_->7j zcQ~dK(H8`~BYI*MonD_M-_n*V5IG>lLmy@9P9B>tZ6v5#ldF7skiR?&8XmFoAKPgy zQj5YZ$93S<4}UrQ!^hbEc>pIK^z}KgrQYa1*6t{>IvF>>r z0nk@JvGRGg7DS*BZiPT2=;NIreKva_`;`K!C05WzC&n7+*bD`gzP`S9b;@V&w8oxC z`uZWK^mps`fiB}XOYj5&Db=`5-C1aY)8>l%yjk>gkloa+Yf$XVhK*Vz>G%jh(f5Ej z6hLZQ7SHL?|L*o}%IGD2`dv7T&nBTeaZ;7HRn)+Fz|3sg2}Pw_diRy%(y;JL4D^6T z0pt*5=oh0Ly5!ukHEe!ugqa)2y+~-Sgutp~H&_2GLy~XEBt%$ezVZBdtLS+yF4a|9 zY6XLHTu)8}T{Dm-dV@B5NVTwLqTx57nxI1_a7{7pVHPN!zA>|cE1;@1bfbK>W@lA# zpsb)UvKY*}Lh=qwiDDVFPI1zUP>#vE@F0c(nHlT!%o zMUrQkhRVh#M@NOjJe3bn(Sha;(g* zl8g!+!M4kNfLd4d)*L;b&MJZ&xe2;*wrJ=R)xo@IO7x3wP>#9)A*evyWh`QbcXoF4 z`uSgggzj4(fM0ry&gLKd8|L}P5K~H+_#UfT)~We=DAuUKvv+5_cjXd5TJ&xZBKTG) zm`8Nv64R-A5G}9i6GZ#W zdI*rWW+Z5&W&f!beA_-)Z9SKlv;mK(|LR$@w?agy+wnSJ%^HhoDHk z#CF80x;Tr0@PKJ1JZqrbjD_ZpyB(^Hywkkm(%w6nM!^5nE)r%r{Kx;PW{G%xT7g4* zH20)AB$eB?ks|x^3%o_5Mb>WZUxM*B5lesKLxI*GW8|bj_H}twpH$y5uMpM8*>n-jh)5f!Tn!EdnOMM}^uPL$QSwz?Tm6%&ln*T@ z>?QdaftDxo#e8CsaCdfdscY*1-}kO&bZSOMhJrJp&FX5_7$yR|OXGsDou>RrEtWqW zs_s+pJ+0b`&6W4Q?@_`!1s6g(mg4Vz6q$~>4UzY5TqHd7$Mq?|1<6v6);_TJ`vy)U z>vL|1+?TBsWwKR)NiUof5dAJ`R--AG`XW;1PuDp#4!+IQv~x=L-oJdI2nRyFSZTjS zYPmhHelW%E^7M_MGx+6q8V9HqwSyl1;er1*gg!+L%YDI#CeV3fo1_$VHeQN{gYSd! z8(ZPOD@p%!u0uVLm5mCfeEPLAU1VkDKUd}hD}#`-kTHg-|x)NbIPg> zt5G1m^Q)G5BNfhO>UPYL4h1K=JLRW{15?Y-|8ZR#G_X0_b|$??_ii6TfL9NMH+(cM zPs*!*LC7M8SwhRBQ!KLaj_q0p{mH54YE(N)mzhah_3q^dF!R&vdbVUcmLe~9!X{R zBd=Tgtci8c#vWBgUN;6_w{8tn51+A&fkhC6sXGVjHj4{>EOgY0Y8tKE@|b^vfn`z4bWvd$0O``6h1*5QFD7pKrT& z16+|~>uV|^)oc=ihgK{LiOZg~EdbEKCaC?mY-rR89fUVe1j+ z`1u$|MYtey4Dx@MWB>EN|NU^EId(8MPNU^nzeI(Qa#<=99QxJ%Nv{@1;R94`sc@H; zI2(xnS9j+_i+Dxy!Tv1Py-kAmS|a*+c~qN!K4#=Na)acaANgOdAV91l(731>U&1-R z2edu70FS+REsdy9Y_pV+PyYy**jX~Fpo&Ah1poVkND*J+Cn%WtYa$lB7gh?MqdtO$ zdkBvyAqKo)DeNZ%^7nrH&qrpoAqQ$EySaStK#e1hJ@|ZfA4iDzQoT|Xph4>Hgmqt* ze3kzD7XSUo3~6{!Ptvp2w|gcFG4c|j$RWZM{(MXqhxGqXkC57wk1=$EK1VdOc%X+g zkKdw$=~NA9yxr}mXJKVMC<)}9n;=Mm{a!$yVOUeW0D?oCXMeh50%EHyzWs@QekIjKm0~fLE$Tuw2oH!uZt4a-9Prf4DdwmZ?}w3)&VNr^&Si_e*Q}b zUdV>F0gvi@t(4Ti-d@t=Qs<#mPQ7vHb)R=Pjij3Ol+aisTO$51S7)W``db48&&a3_ zIsGIP9L;D%?xrp7r*{f5D?io4p~ikZpaCSE%n%wvnlha>DDm)v!ik{WC_5B+!$DN2 z`ENk3va<3n-%%E7b?$#MD|_}>&5tA>(xXutx+(l_k@)ao90lr}jgBA(CClay$&!Y? zAqAy!P4YuuF^jYjWK_D<=6+(;3y-;T!@boF%NYu}e2iZm*rSvPAP%f6JMrh4%2SF; zDTliFVjj@aUO+BP`vs~-jnF;D0nNYRfDgpkbLbRuC&uwx9=9bWth;=W^q+45a$g2K{sm+O(j6@ZGTH24Q6?FaDEKxr5RXw;Q#<WPq__;8Q4Y$tDS`w(#@A2%F7@*-0OsHKGy?{>1om{0 zw_E-60NqG@u2ACf(@Io8Kr;6iOXS<^xW6Gx#PP{K{)34>nh}6J^iy`i+4)K+-~mt4 zAILKDAhLMxbvG5_2pepF{+4)@uq*=dh7*5W~^IZYw)C$Q(5UJ8vhT|0J9K&^$; z`J%#1Tl^GgyKuKEBZ=Nc(W>paOvL#=TAP0gCbdQG^8ap`tysX+kl1uX<7N{mq9I!3 z*M)6|ij}=K3linq6U0*?ExnHZ5vpYb>QSpu;*FJomi@5WBckjphn0Q`i(W(0?~9#D zK18N45v&VWI%(RG6!aPy>9WYm`vIZmfDAIPM=$$qS89+L_ibZYbH?c+i_eSF8qY*i zlbBQo8N1G$GQ3Dc^6a&9=2}w`%g~M2qH7PyC}ncV)fWMO)CNpT^~OEIy5viL2rJZT z5!sI<@+DG%x@L7l&0r``0}e#XCI5`B1`gd8lpMaoYj74U(dgavK>`=^9b`O5yoeKP zxc{-A$9ER7<8uOR2Rh0jgXyY;83b6yXeM~0)@w_2)!S;lxn8QV3qw+|{I;QCW}li1 zjS^L!8`daSHj>pxy?AlW-rhd?s^l_IXC`KDknV^%CWtuAUAukzHfurn9|T~1tPrn8 zVxwL%9Ry=GZmzDaDYqe-Ng#+Nq}Rk#f9fpgwoRWmW4c#Q@6v$iG=h1d^t^2d7f59G z0Vy9c3WoVzj?41sE6W>a_C(EJBlYnRz3mactw#A|WvN|67DpxH_33PR>ke6(JM7o8 zo@@Hm{hrnRxAhD?y%ax*lWO_`{)?+7vR)z&LR+5 zsnylhk98ot*3Iwv+HxPfHO z5pj?HoH=WsMcff0#s=I(t~A7ePx7d6--%-`7z3C@BvK=dtUQtPCC zWJ(Qa_OodOBNA;eI;b@nSQ;F+4BX6^1H&}j47_n0y!U_H4LG3}rNMUjHiGM&Iu4-5 zV?k=!KkM$YswFiM)xq7h1b=Zo=B5ZJ4NZY$A9;QHah9}JDu}N$C&ZkS0N+pRWyK0p zdJ3s60IJBPA*yL_pLYsK2l=im#`b=V{0|mDE-oDWYGdPtM0UHXjYy>!URhvnor6Mu zF`}V*z0MPuJ+14YKNqv|v*f??h32Pt7rY^ecOeYl7zxkv?zcCayN!!IvCc6fPH&M} z9_F!Wvz;lA*O$k}_*XI#O`M?079a*|T}33s8XrA+v?_^TlT1r194tb~wSM8!Xx@gm zXoM;v$72Tf46=PYi2go|WrzZ~ZG`yrHNj(vr|6xfvULq^(JoabUgXPQhM%rtoPLtK zr41CG7k}sNOc&tqfKXdY~m(D*7m3!6cfhfxRM2yX^<9$4M+$Q(jC$upwb{Mxk+h6q@_{1TS8L0ySuxQZs|=+IBV;f znQyM^o8OuF>v$dIWxwxU&%2&=KX=HZQ9K3Rh7%tP0n!HcL$EhSV!(cm=Y&1}_`}W~ z%ouz->*1R~lIete()NTX2R2vGw7JXICG6ZX?gVp??IPnd%*EG#$kp;1Y5%$7-nK#{ zum@6LX*?a{So`41v%_z**pQnov|#)$p~C#tym?C;YEmbIPxh$2**$dt49Yrl-zx&d zEDm6_o2xZf5nB_)QrClAJln7URNSeoYu#bI2&Rq=Q@Yb&jCReQS1hb$t;0eFx^Bg< z;MwF4X~%u|cYeYuCj8j|Q65cD^AE}hEfLg@+_8q{t|JK9+0V33-yn8!U2do96+{$X zo$XmFYm`Yme>@|LBY4ze`<50p5;PVe>L53QC&)1=1@4+7SNPUC0q&n$*97;HgC~q+ z)3Ovk8bnnGlg@tRaPva#xgVQ=u<~f=V6%{#+ezNy*j@np$JjkCtHqO0fdjV6pdAP7 z*gqsW(5V=}K#wRepqFE@tgfUK0k^3ncV5Sjl0TWgs+i)~H)K9(I2qzRasRcGLu+OO zW@3Nr40V6!>UnrHVc1^-T@yWU!Fp(s!Cg{YS+T#^s2wVD=L8SZO3)K3s@){{@`4I3 zKJOXJk{P^AvaWjt&u-x?s7(H_Kc}iz^wwM$my~B<;&~O&5yIVvW$$=I2cItE!XLF9 z{849<#!mi)6aSmu;(v7+k?{9vJWpwjA~5<+w{3(98O-aj@$nb^bcvXH)O71$NPx zeyPaK3a&}Ac2EN8k8D6j0y0FUd7~dSb_OA)2hXqiC$hOJ6J9sV7-gFmhEUL-gQ$%@ zpsO}11Gb{k7&zmUocmx@2hzRSxI=0Qt719jGUROF9m;cvW8Eh*+ZF_+dFJFE_!grW z0^hKuNTXE$J*938PAkPOc=5_=L27FjK>$LCXg!*qV0R8aT(USdt)D1KuRq7R!lEnSXc+d_4km z)qY~rd_Z=-5V_9t+9L z`bQo}AF3Ik8$M$fXiiT>ZF@v zTn69)h#FfE2l4yxa_9nU#|TiUlQKHLMiXnj^sU9UX+PH03tP`Qweu*-=DW- z?W%#6Y;AK5RYC~R8;#%XyKE+yzCdb*C%3@6XK)Uov(~M`D)p{%@UWsP16?;e7}i{E zWr3#65NQhNPspZzJbI66V+5?5<;r8{GP6OoHgNG3g14XU&#^FT=MPs^{PIaNm8IiW zi#&2=cNt;A3_x>f9dG#$M@HpDi;n~1bkvF_Iqd}pR&o#EH+I21@ax}itQ5tbR&fuW z!t!C>vA;+ti&42=G}F1UEq5-jLbGjn+A5Oy>a4x8P*s^JfUD3nQ5j3xM85@9sJ7BM zs|-Sl^~k0P%;zQGZ`G(6)Ic)F83XomW)>D4i+lC(*cpIk^6va-$$N1E(s&B(=dG$= zfr@@%!IH0%6AIr@;Z#K6uvl!qs>FHfQ|s^+9O*DVj~ndoaafHc=*eiAGvHfnPC-m^ z%$MeB#?^~;nbF7`!e7AwJP=FhDIhaZqQ~;_+kpZ+f(hQ|uWSQR0Nl^M?XTK#9dz6TR?c1mV4BC+cmrhB+}D`hJ53`rW*C zH6ybBd?p8f>vanM9xVaYMY)0Qusba+O|$#?6@D#h`mH@+Y9_6KgQUOt0Q%N2oL!1W;bzO%_2>SkTzK3rk7~TkN)bC9bgoZ#s6k81 z-9Mh#%GCqp>sIr$z+gBU30H7L7BFq$#O`;m-;Y~^cl*z2)-RWR`eU!~Zc4?p&rbkKVwI>3-u7S3*d~_%Rg-O|2z1o&HoR0$@?F{_NSRWB z1Mvy&fGF^-(i4y|e+<+EjYsWnQT>agiixZH_r1?Weg1y&*vR9~x*k`?<;=g&ia+%} z33zM>D;rnBoF};p z@RK13a^l%N0?VZjgb2!#Aa-IQeFC^?A{;jz{0?*COSmJP`v5f`hE_l_*0t2)aH~7gZ8N7_k z>^J&yEh}S7!75f9;#&*mIGIml#`aAV_*i6i1hTC%zHP#to!|s`4_H*{i;!vx;oDP{ zS|HJty_Za8dJT-exLP#;e}13K9q1oBi_-_>KVFl}WbaxF08(v22x<;Cge@&NU^7cj z>t_Y%I}!_;|KXv0zZziaKL`A*cT>aJm1{e24C?>ug$3G$-jFhuPH-SI1}M=VnI%YL zeC)LBrL3U=DNhFbAX15g6W}%Bf7P?l8<$VA0Am&70q5HY63Z+(fuHu3v7A=kV}*?a z3aLN0fZ6AjN8%6$kwrxNKyY$Hl z7QMfwf62l251y~oNL|%ueu(;~!+tjg@6XIF%8TILjXn4Xk)#ob@D1TV_4IhTp@^FJ z^x&OV#ZeVP8i)OmF^V3tf);2#{@EjEkoW=plz6Vvz!K*lb>f5|xa_+{9@CJ2J+vY` z%7uxt^GKMWb4Ed!I>ypC0hg#Or)ej9zOxd zCCGED>p>!*HF1ep|33qV{_B_Z&*I^J3!WEA6H>`v%M@-nTVZT}A?pO+WH~D?M@C6W zDP|9OZhb?u`H=BXO7Q!|f=G@M#eXePkjNG|nQS$f_;=t&2_H!!^C()bpi!vp=qhP$ z)WEW`h&6|iF1|DRd^)C3E>;thg3+n`>xKEib72^YO#b^=fF(JY8t^I^qnOdmKVis! zOhWJYqjfOT*=MddFna2AmXY^m;fFt^o~m0R)pXOOk*mqX%=6&y!u`LNv?2|Boni=J{zWX)-oe+! zhvI^Jg+|)7WqlDlqU<^f-kp(FR@wh{rAqjf3Poi8F7Y&Fa6)3-D1u*!w7RTMi5T>p zMaV%k^Q-?>1Zh9vz`%3Y*nc$KS@0(2wXPA$^YQAarQl5E~f`R|%jdbgh5t--2MCaWjz4gxnk?boEFHL2mm9vnY;ajl5{WJO8-i1Stq;h zA0cta^LI;!4CR7%W%=!<+@UY1OhiI9lKOX@0GF~ing9JdfJkGWNcitf<`w8R&aEru z$dkdNM!?w6wipK8{Q0B=G?j2=@MHJW(J_EjGw6MfjC?TL=vw_O;2^*D$LxpE!|^~q z-tR$!jR$nt{VeseaAp>@ zRB$+G9@Kla)KANk8hcq)E-rpy83M~kxS9iQgBQbBu83TwL^+@G)hGksn1Qk6{~V9C zAwP1*SxS0;vFJwR$Jik%4(jRwj15pE;d|E4zqG9a_%d@<0E=T9sZ*^$<4(KQSVJ@}CKCXr*!c<90BkVT8{mRTP9&K?kO`;$;iWPhx@0R1+N2=m4G; zLiH2iD#-x7f@9_Ufc!EDhVpcI_a@idfdZ06LFg#900(Nfumh(p9SBi;W?NtSgMja*IU2_Ob)NO{svA0if4x^-=~BKxm3(nbI&XT z7vdlwbQ&IH$XWq15p_8E*&K9rW2e7#oB>MKTMW`ib1Qz`)9i-u+#KL9lvigOtP4o2H2{gIpC>M=jHlHmEkZqgzFdQ?ypFo&K1?c)gB!?a& z?+-4I*D|UUK!-V4n!99vj9A3|S-lw-ZoGBop3C|R#8*yLc;lX%T;F{{%&8~iKH+miq)cJ0Z5jsz^Vg$zczEKtH0kq*h+ZNQ55%#< z(S51p4t^J0X#}`$C5;~lU3hF1^&a-~UnDM+5w=!kvh>L068VdP)0gi?8|65Ffc=DCK!0#_g2 zc_@$}Z(`M`LmJQp!FkT(WEYqXJ*IhZYZ9ZXW(VhBe_Hx-Y*Dei{-mo3Xa~dE`Ow@+ zp@B!P>eKOlT((Rha#(B*OYet;$Tka%+kqDEKq?rr!mBEdBUao~s+n@|R7M)*W|W5w z$D3TgYSx5NCUCXV^IjA6GG}lSJ1##!o-L*?szqbx0lxeL3^@*?K$>#Lj~ay99sK zY<>U4^B_!*>{f!9KEEhj_AP1edTj*O80POOuxg|@j*IfQ5&E}qKVAA1TNt{HzkG;Z zITpe6nP?TgAgZ&m;)ncL6d^~j^#ecSCtY8}#45Ug9{nw~(&~#P?5=<>kr_O?x8OLt za`GChljO^oC7W9HL%H5>P=o7?Fd9tTEEprHdG4`%f(s2QP6(icJl_bK)^#nEEt^|= ziYb*~r4_5!yJU7tk?fWke@Ew*P44&u ztHuY#kv?B4#KdG&Jt|?Gw4`mO#_MBn4REwNK}LZ`4LA&ckFa!jxu!4phPEOx)EPQ( z@0SuCOulR;Vhn%kQ8NLO=fIV1y?x?3I>CF~c`uKd5 zsB9ZMRi$exOXeM&NNAXL%(%hAWzzG{Woua3F%ApKs|nVo3$&uD#T2G4 zhPp6zHV+%vWi)txns&bl=Y?oTW3S&r1_=dD`SS%zm)?z$=|-ULXN~Y9KPc9agAN1T z`?vRgsy$Z$A~y!FrT@ndlYl&c~`L^FBj_(Z{}&M0rAq{AWcr zdW&+19jTJht8e?DY*{OYv8Jcx!TN;B@I`E0T6nISDszkMHa zVP@DU>flX2#`dFVx%1Hd(AB)MrI?R{H9>n--1ideYp35iKgg z{X%|2U}>tw&X9I7c_Xrr&uhPGs7d`=+i@JtsncWy&V8mOCTQ3pwm|r6^|SEApVZnG z#DJ$OL|rTaj3M>FQ|fC`1MKyo*j^W@jl;ZUd5FUOwvL+B8s=NME>YCig4=%magBj9}a@m>FwdCrKJ-QClXMmHwr!G6}W=L zDL|LG7=)$U(!T;W+4mpStH+zple~WE0BO%%5|#qXy17uNlOrx%U-P*~Rbg07mp(3Awo8D{~ApEgwjkv@o2i?teMKVxe z6M9=uR;yMi-14y7B!b+D;I8@iwFt;loFUaE$Nzbns~IB|jr(It1B#7?YX!M*-{eef zUCX}b(N-NGIC{!)+3Jikx0&XH^RqjZ9v7O!>b@f*_v{HZOYQoD3y`wZu)_~C-$?3X zXX;vFKXl?leW;5QAtJ%Zkz^h)7Bi!7t;5w+y|!4_NKezncL3Cfr%PwRZ3z2*F{#9N zGD!;yP?`}Wi^lAm0fM5xt6iS;P`e2b7ZeoKvz7#NsQ1lq+*XfYDG66FdT`$3l9sPa6JlbLSfzIdxDsLaBQJsuo-Z6?{l~2t>5kUpYfd!Cmk#{ zkoBH+iL=Z;?oLgZHiGI$#f?J-HR}kfkT|NJGYBg1yv#KA#@XhBIgpwgExZxG*I@NQ z{3TY{`Vj-~2*NKvux0hTs&v~mohnN=eV6gCrmmkQg1U)}Tw*7|2xwLR?j8uBa9xlQ zoFDF5Y{RS7FyDF<|AgLgvg7;WHPK?_uZ#S8I$me`{QeA$GDx^f^*_0D~o}=@41Se6xMK>wrrBA!9-c zgQwLuBkR1{1gO2LUm>Jf_5>+|kNH@Syl5{46_FIXFbyjYLpAedZ@K5r3qoYb>L zpj+?DY7W*U7X9kO2z+uXn4EOz?;nvTPU<~ao8u~8r%&TzltJ3YX*|#;;uaD}yN%2s zAFG%`Qo6*s(o*28Uh;5FWN{pSckPWDjXh`AX+z4U+bwY8XJx+Tci}9E*EM;V?j`#5 z=AA_{L@is8@Z5kD_X33YT9WYc)3Uo`dr(tE={XOQ4p$_yFkiMOfwq$MtS83O<49pN z08EV5y6~kRj}DVQSbRcmUZJa3Ap4zRTI+k**@(X|xeI=kJ(uQVjC|dzkBnU3@OqS8 zntLM0RX?Y9S9P>}8*3PJAv3yOnd{?yWF>cqaVoCZz!Ua;4YxQZd;sYU4E3;dDdNv2M-mPe%Q61>kWgYKjQzY zDk5k~x)H(&8{5^nz;oJ84{%FGz}0V3m(Jzz7-YabQ4xskN&H>)+@zObx(_4NAoTgq z+=6YnVfMH!CoJ=FGwauwW-z~@92#<>Bx zDHf(G;Wj@bSN3}j9GfJ+N}6A;bK{)d}Jd z849PS!sa8s{yMBq;HSUy;taI+MHS(SzE}F6^e&J;M+q=ciBo4$2{H+(5o<*kO)o+b zLIabIYO1N2O88#-_?Ka-Njf{O2@%=m(SI-7rb?a4^6g>B86VcfJ*~E8dVr<6xZ@x& z5%FmipH0=W-LopD1;w!swQpsFJ~yTTYHo&wN{z<2TS`Ba;qZX-zQ+aU9W#52jt`)V%Cw7Im>Lx%Mv#{O zR(KQ_!@F8F-t?AFjQ9%?FX4j21{LZ$RrIB?I3aHIt9(8m0-9||LpkE(9aRDdqEcZzkH?cdhgHG{SS##;4 zN@WTbVR7B=Cid_Q!Pp1({Iu23vwoMU`yoC3tH$g@3_08U-Jxu4qGbK3B!M(3I3(ez zW@~EA-&?$wj32Y=&^o*}iF;N*ZvdtM!6|?7-l`Z{wRps}V8&!_O#wrYx0*z`BSt#iqR^J*5s;E=yJO@Sh5>-nYZ zeIZ~-<8b%DdO1JV!W0_ycQILCGv}?%Pie0En;dXFBu(6>&GY-GRj%;$#OnN|zZ>hN zrbPWAC^SBOhO_uCzn4^lta+F1VL9f5-eVps*5EYk$c$nVjngHwjF1}&LS433&&sv$ zV@e;Hd4J&>qh@~S)2sA2q(jxkngF^&$6rRtOe9cQ5{^ovy*gJL@i<_z1{fhH!RR>= zUWeYdcnp%`%$w4%G3k5R9ps$F5?*bfMk5x=iZcuKu=2ZPANx?;v>ZN1BL8x|ms^J5 z`&63X>bao-hIte<2}v)zK*)N0xzuV`-50ezwilXC-HzVU=uGk^#Hya^o-4pOc=rVE z)eQwMJ62B*CK`D$GAjj$lzy-CaU6a{iH9>#LOT3h3CLE$$~3gI6lQh2(y;qDApz;` zM*(%vYL1fEp|%!OX#R+1TkACy52=qtpxxgo`78cxv!lhq>uiI)=p3?ni8!Oii4-LBHigQ6;g1Spy!Qd z7!%FoRbPag5R^4w1K{e6hC)x+tpsk%Y-R7xlcdZw)D|Eqmozu@kP z+;(v||8fE_Z)&~RVjBXJVnLf3;out0MUYBu)Qi^jDpb)jPsGDBY~+*WrO)vRwW!v(zWk%>i8Mg8i4Cb?1WGz!ml>9G@WIJ+5bXd?1SQs`_WLUH&Ys9Sb5sW>mpDCKP|w1@dV=jlqoC%u@l6Ek;aS%jKa5(XIT?cA zGwveDBB5^oI4=$gC-IHDjloUQTnPwT*|+HLwN9x8;?fHO&-6koN1E9#n8xEQJs=bc@`5Z-CeNGERJ%^M0YkCG zXB4m|io$`zS=5`*dp7y+J?+dHU0BBoE!@$=Kcx-lw%7R3(L@tBcfCWnWo|TGNqV6h zct(`DY(H_%f_x>FE z`j;4^@AN7JKl_P~=@%>3w8nE0<{fz!qQR;K$@`Or&5jV?jtoU($4dQx8hGBHVrcNO zANkaFvv(M-$1L{)W8gBHhDV-!p@mnF5RYrNsy7lhn80PHT^wTvqqqgveG!#@G&dM? zZH;$502}yY=_HDjSkq|K`lBe5Jn7iBp!v-fqM8iPM|ax~S=YEwOhKf8Er_9!O|V*B zdM-}Ef^+YHdr=M~b|2G#|5A=0Rk&6c zJ?z&O6uP@ybN^J(Paw@0|Na<{OT(vyjrBSSGcg=LeTBoWwM|XHYsr&|_?=L$7Y?ID ztzyuY=2~-jm3+@$NpLGH$*SX6mt4mZO`rIh5ZaJ>wjfG!Bc^tw9qhQ~SHU|RK1!cC$+49ivI;myJCRwM)CrO$B84Y^e0 zed`E7?-$fdm+uosY#ZgFqb-PJjSvk!IYp#$ftLg>ECOr)jr?5kH;`Z(EMcr#=iBeq) zyGixGh3GaB?n;7uia?W$ypzw_bBl#3ypqKB z1!h=N8!|!^DHGokNJqQt`$Dv6P=-&wBTj=zM|2rd!Ipw?;y2cYYGLGgdZgvsNe_8D zV}H!@MtoDwlS!@z?MiIt^B3G5-)hKe*B7!yJMnirOz#!I*rW(<5m+3iqgWNCve{o{ zq}Ac|01;L7jp7W-%MJ+=r!mAS0~c2ZNFTa+I~5^qSBpqT0+(nn(!dl*S$d*bqZ}0PyagMZB37@zx;Ao?qz!&Vmt5;nmvs4%R$yw*sH4c zGJi=hcDKpfyff|CL%qJD*sAZ$$5n$txBK=;x|Yql4v;%ZkIqfl10DngiKitr+}CPD zp`0h|DSxep<%}+fcy~{zibCR9Bps5dy3(ievwL41mBy-MoQCVlzuI=TG5qQQaO6~n z$`3LfzmIKx7)Q9lwuRzsd(G^L%dhZsFX_t-?T&Dylr*+W_Q}>tORNlGUUmho2$$_J z%IG&OD7OfGYU@yE^g!Nd1-A$~!M+(k%Z74}NO!aiN}*qbSS za=NA|?Brn^N*f8PwBI~RJ-_BVmJ$lQDfJA}iS0m}=IC4DK*ix=xn~l6!CqIE;_o{ZbWMDX zE{Gr|)uIAPoz1_UnrkwfZ#4|7ki3nCWfI&{=PydEIFsFwOr1ol$iJF@RI`QRmQ(v# zayFHS;;=_S&6+67oQACX?XvWd_N?d?imp#7F;eQ*WO?9Q#x?|ZM0X?yUntv{kq~Dr zx0&G_$21j5L;#tDzFVM8H}LaYZuZiw8D}HOc&gz4KfM6X1c1aqMOi<(#pYSlWPF?$ z4zwN7;i2Q(c-p?2XOYBHJr5i-klr!2KWSH_8}YKcM>N-FxEnibaObnbd-ZJ~B8-g- zt?3f8`E2D9Q@5j}C4^ts(h?VojZg&S#{VK_h7NtH#TRUC0^ODm2FobN03PLU?c007 zAuUUfMZ`U32QfWcNZ$Lpr<1v(bs;$3gxa8PW{xn6S&RA4cDje^?cY4U4J;#apR^Wc zcqhEs?Gehj`5i)MNRUp3rZo_5lad_T>seOEQ-yCX?y4yA$eO$YI{vNhr~57Xj3a9E zD(-s{OIoqi?+@~V^`KW;VP#x5RIIaiZ51CvHRE$)2#%1^8!@hCeo{dw)CKOGfEnO> z>`skTTdbj`&t-cimQLy3LlIoQCsr~62inq}QU;DghP=L=f_-)=_pVI3OETMBXnaz9 zyf{dA@_vT2dx$oD864)f@kZd-M7gB(tMjov5WjoctQxUUp#GA&$wsX>sFe2C05DY^ zx8dnyEGLeHoc~nyH*B1P7(ib ziKp~WNn^WuI;40rqfh5OV@%>gicuQ4|IM#0{3@VJFqY>i-!`aycO(5DJV%_x#pHsSP?|w_W0OYYFT`SocISUw9+Se1@ey|I2$4b zBh%9rxOo{o-9fc(z%4#%G3pmzRAlh^jZb85FcHvl2Z1$xn%(^5DD9COUakpM5-ISx zwYv6{BU&uiX*-MyF`a+*maY8QDXi&>r1>fDkxv$;RCU!Mm0Zt!X{WnuCR*d%j6-bk zOSEFmeO2{qEn))BV6?AOClXVu2s_OENWnJ6mJ0efSrr@RyTmw$qdblg>bT zrz(9>@~61k)9H>&EY1FBl|lDcE}jMlEyXJA^YIhL4fiNG-v-(3SH6B86h!7Te`9#T z$CFZqvN78N+l{msV8uieP-so2!eSGrEQAEDd|XKXEEP>eq8df3D<;sT!XxUhFGjfL za`YGpi=3V{eo>cws2>LF7j$B#=43NPz)n|JVNA8WYUuvhL%!m}VWpQVVNy=+bNssL z9=V2F#oEkK%86qKcJrB|ysw9TGjlF)SLQlekB0zJyX%-zmp=CKBVSQ6^zcJ^TtoGI z75#+sdZTM^_t1vCp8^Hx*k+jB?U%QJ10NOa(9~)}{EKWewE*o`#UxQC2B$S2xs;1r zkp40h$wB+*VCcqbp?tj}CTD->@QFmW{MUD{U?+Ax4@WZXj0w1OZV?vCNws>Z&jUkr zjm0OAE#h;y@v5J5o_{YNAJHMteb;2W#w&3_7x9JQe-717 z@&1(l9=!BR)&7)zD}jcx%|D`f-wseg=Z!2Z~Ej5 zRdtbMYqle9nvbuL6W}p`D63xi8AAb|@F|AwHWw2)&l0DgI&m>mAxcUSWLd7-{ulwe z()sAinO>+~p#ASC@^u33rxgTC4PW#JoLXIU`#Hi9V*sn*<*q?YR4mVRGIx0j#PDkV zRY7OYqXJFZqEc$oQEQE~V3hugC;p|EE1dE*%(&E{ope)<8p}CjZL!+^0foG&;QEtk9+0k+s$k80&H8Y3Z@1NhsD4gosp{afMM&il4niLh2|0pA z{twnwvfWAQ{t@4L1gpg=a?LJe<5dlm_(6&@!}+vD_AC80jk}5slSvG7e5TYf#oWU| z>EGq4p3>Wse(@!@M>xmJE4?Het3nOX8GRy$f*g8n`B);tB!yYmAUk>_OY-FmFb?L3 z$tp-{{8reiBI#unH+{i;zCz{B^eMU@1u8>uutGy=VrdbQF(L&YAMy^gTU$(YZc2n1 z60-KIKaq>}fk?EJB&QdhOS;Z<66|^SVYQVC%^1k88B9GH&WJBmA;&GjS&7;IQs>`* z@tk+b?c`zqOm*xc#we<+URJ6%c~`ZwufzE&;Jp+cS$rmLZe7mT(Dpxe&LsF{Qh@7! ze4KO>Ep1c3vsdjpmiel5@0XBIE7i41@bs&XI`$z~#w+?nLSjUM4QUiDJ&Pn25t{{v zM$Lh0PKqz6%i2ETo{%|>b$r7U6i82vWO@6iGsjY} zqY>)*!-f=ZYo}a9vUD#Fr^UXz=f;kN!af`PS8Y|V5?lpBQ<5!73`ig@#>Z$4i5$9o z>T4QIk410@lV5Zny-36Q4fP-)iJCjC+{fJC7AUZj83?DGLQJ+9X?c*OHPgM!&ch}3 zdBY%;U1U9io3L_`XP=ir>t z#$-p9*;uu^n1|UZ1&ST4S0MlSR*2_3|NVfti=llR$$CJY>F$U7OESnX$6%AG?sJJu z1HFoxfQy-RbXM8>XH@r~FAd51zJZAVr#n%V&}Hl{wxa}fZaGxh_1jDQjrA}^z3@(z z^(2Oq_rVvr-RM{08%SY!Wdc$eXXMFeAr(t>yK=?o`MPebp#8V}Fsb=Z`%n0%{db4A z{}9mr8xaT2LaBFaY%aE6S)Ae}T_O%Q=q$hKn{|T;V$Wd2s*0e&w@6 zBw%=AsU@3Iuo9q}!r53Tvi(%9hX|tI2K~Kk?%8EmAoJDVuqw2QMbU9Yl-YtR-j8}W zutDNbr79SZDd@k7mWLcKW^b)l$aP<65-9C8ZDfAEstT-RCc0o#tLV-yO`c)V&1bvM z9=w4$%zp&)K1cb4B(iSfjJl)oJI~5=TvIYJ3x&`4m~E{!4P)O0DEVEHa3(_fLc_C} zXppajg90?v3P1_Q;6LG!?Y8&QBNNm=@lk%b*uF=B^(kE7R-Hi3Z0&DA1|9 z?;Zrxd#mt=Cp+$sl8n15IVQPN#g|%6m3HD;L~F~h+ewl{Qp&AhbFp@o%_Tu$X{6Fp z#>8whhn+nU)TDsm^G4-1B95D!@{Wnd59Gia6FkHwQ)7-N8{>Gz+UT~T1 zZ=W9}pK@JO+$vBB-cV*Vu$7Q0(mBbr;z!XFIcr1TGEvRiD97V^5Tu4vSiSA1=$LH6 zJshP|ByyS{jdL1pKc-qH9tjeGIF1OAj(dCbJ?ZMNvqz}Q9cDY!aIKtc8sKaYZ!#h7 z_B%t5>EnTW}ib+ z7YT-{|7+ zzIf+<(?56mUK$ z(#-~u9qu7&xktXX$H&u99dviDJ$x=kuDSMdVwU7ffV-c=`dM$QZ;}}?IoM;53R_T- zd+Oi;bQBpurpx9x2C_ztS@ZCEbrekCO$pl(uoPjKdn|FPN#6C#aSylsUT{)A>Si3T zaCsfGg{SDR_KM``%|Qe)(}XMcDM*X;=e5Ua?-m|4bE3Ckew~c+5;0ukh}HdY)928j z1$|Zj1@o{s$ha$Npg4vdbG&OE`4ll3S6sbEzq{TMr%Ralnn&5gZ%O4`vWI0E!H2Df z$0;PIo2IXd!{0SiY1$2W#D7AyqpJ#{{@`LJTdGgAqm&eC35+${ZgTP#`PQGoROMdi-uc5o@+WQ+|A`IEu%E#r=cBe*wFrq;G!YFGllDkupNRf&kUcl zG+`vJ)m=|Oh2MuVV>WpWUKh5qGp{Yu#{%X^{Z+@X15NeVAfDd2{hqaFnylACqQ4Y3 z?dZ7H@tdGLqP>1@WoGTXtb~>n{)n^W7-nm0Gn$*&4Ny$U0^C)6w4{JWI$_Nv^Nz|J zrRdbb`Na$mMUP0wd_hye2^1;E;C4nV?qlps1a9YCPT1&as%iM$As*wVc2z2s@RgqvXP9ntRbMgtk3FhWAQCZDN=zALdtlGz zSYe@JbmDWnXvDA+Km8M(hi*=RL{sQ6NfdoB# zocJUgK#DTgGfnMg=e#-pn5P$=74hMI@zl8FC?B&d>774Q#)bFZ%jl~Go?FjlXmU#-R)RHB?hN>6!<1mlRO> z;28RxLbvKAi+Q4WJ=qkEUj=&xP3HoFKzKwdbdus8#~uW5ovEaJb1Wxdw6pZ~{00Jb`u$=yLky%Vo~fnw zn)8p7pyITeDg@|~El$sh_VLPaZ^Oq<0P z+{jD^Erg3}Y4a@lt$ znGV8JZMWQ9^G6mz(tG6oA(j*)?bHW&y!jpjXkD_Wb6tY^$X?W*B{P`1?I%pSd2^1& z^E6%UQ)XTjh7p8PxP14c{gDikN|^WF&l47&N-j&254^T1E%rgvz@7MdRZ3P~B#VS1 z_)wr!R2OG{X3XXq^+aF0j2Twsh~UZP*U;x?XZ$#6sAt&o*&FqEqh2TNoYHa0os=ry8=&#rdw z80xjuTdvM}DK&R`<1yzEZJKGk+s~eGduMD#Qod7mkU+6LeC@CGgPxb3VsBeCqhL(lEaC* zyQbaQ5g#j*Sp^jV8+r4-ha7Rb(as%DyChEWLgXCOSgP}RahwC)2w-VvMZ?db8a^c@1_#UXN3&#Wu4B?9fkm2&(}|*oD--}aTIo`s{5yM2yZE!qCH>ju+W&AF z_VT`{kUA|6EfpW6ysb}%2)P-AQ^+$JI?eSW(9KV|1}?Zil2Krl1HD42-ci>#-e`0B zW;441lKZxFxO5_#HlzgvTU^o# z<0<-jF=e5<E0alhfVUrQM-(Z9S?PW*xSaQKWbtc56l&lQ=?S2Q}s>J3v>^wOi znWdq8I(_O4tXgtjPg7+WM0ej?V_J`zrX3))D+w2);WDRxKgcmhMJB24LL#c^d?TfW zKTNKzf5N&-LmKy5VPb)#agL9xqD&xT|C-_AW@@uHQ^Nxu=wKr)}x`cCN99sWwmIdPt z$=V|b`Dndv$}wMQB`FIml+eV@m8Q9)=@pNzlOF9?9ep5y9B*eDTbjZ|atf4cG576} z1A`!0cPgXIFg8MiBxC1m8R}}Mah4FEGV={mEetmbL4Zy<7@IgITsmaQfH#Txq zBKKJln&*<))Fzq5S>fvl6@bl+g$jxLTrfCjBs#Dn&xxgdK4g;$c5W?iux>%9adfo>F7Qt)w{StpW(-Jz$dk;P}-zm>(-Oy^`a)bB40wtC&k?|o4};@ zAajAjLiUL+QOA(j`daY^9S_Wx0^DBSSxUkiLK2Nl;?(pk!{@0tgnNzEpiCNh)IDS<7^&rRmfvyu>j(aoV@ zsULd9h7 z^!oZafUo3k<-H8FU_ZX-5jpK|q?33AjF62s9s_OP;aT_=HNmMSqWzo6n5@5WZb>67 zT-_>RMQGgjL-p|tt%3IDG0qsLj;{8cy_23lZI{?02s*-y;?XH&!ZBxkM{4wj76-E; z=vg#>Y!_flaK2lq94Kvk(-ARk*TLkd)OA-vkht`8*-tVWFx_j|onhNOT5_Lf*NF)#-6z{p`vg$ z%-)q2Q7va96d~4of5WtTe!2?H>@!NxdwkrEu@g-tk+tg*Tuz}4*%U134-Jt{f%8cY zXSQP9TD6U72+LHv-jrdooGG?0n_AI>9#%>Frvv4(&q-3#4o%3~{hEdcA1%`{QAJ~X z=&$5B>&@tQ$?J)nci!o5u!xfqK>gkxAF{+yaR^3Q3EF=0y;zLu2AM&2vI&Y(CUL!{ zY#mSZjC$Q(g zo6(P{{oJ2sa%a=g&xe7qJ=`Qr_PfouUZ-;??nx}WDOX}F0i-SQT_o!>9rY(WcFTWC)CJj^k~!=H>VORp9VF5t!0`?Ox44xR0UqA&a_Ue%s@pqH1-A1}&S0xP zUj{G)jiaGES|l&Ua5*9(J&de|E}8YQ&f`Y#UK{FuO0%YB#epf)2Y7NHF(kSw(IUE5 z#9%uXgg7=Xdt(aPjI=}63~#im7vtTa#x+@V*%>7+(eSfVVb1|%Nn0m_TbY)&PE7*P z3?`41E#agCIFU)>@4yo%0>HpCOWOg9MuJ`6gzkI%;{X9;rlKi}dygjKpU(EG#jdV= zY`)gXdt4I5TX)s{0z2rchZW0_%7%`{QM`wm(n@Q+67Ur>!3g4J1{r;anU+tOj#1w< z37c(7Oz1M8S2HD@80&10-Bj~*hJ$aVKM~!3IAMyxgH1Dd)b9&z=ndknVjt`!%evAF z(xv$?%>7+41bXXoi>)VWC8$GiADGQ!2D6I=$N9l&Bth`DRLG#GU~A2qMn6)9^z@fv zR4!bp$HrOSl~!2<1Tb%=BcM73b#cIZy|%6W|6N8pjDntSnz%=AG;!5r38ogtUcGJS zVOb^Xr_dPa;h1UlF5pI`mmpY6E7Bx?SQyYVQV&&{PrEDS%S8&?D1(T3coN>ucfb4h{mJvl;$HKfbIfa8V~p$KutZV6f*IXQTN9su ziq)EWgla@IVgq!0e=W^3Zv&y2$PpU8_Mh&J+Cn6LFt$sY*J`14&+f=U?y?yb;ld;y z&VA9!y!bx+ikvTU1ocRaBk880>FQM? zqo%KQg4IF65`NcwUDb)Y98XBb7}J4$`t354hs31?E<&#T(${?C-QbND$71>=(nj@p zVXTGQZ3_>RDNyOolB-uHAvP+Xj6xHk#nf z-BqWat`Rd!sVW-yuOn?*9EisBRN9u3FuNDo(A7quRNu5>%Z%yWkh*=f zA^wKRrEDdFcSgY}z7?BBisD5G%8Ssj53e+#1GdCWle=moi6x-2*dS@YgI2G^AXLF> zDb;=x`~o|i4q-YD(~mXMSXXJqzpPl=e+_z6IK?%jA>mz6<4XAFi$74z{d}lA2FNjT2XPni%)Ws6uVM40G_&ZHjBY#O+5< zUrEmdK!X1(s=frTL3C`}|ilJ$0i7G6Xrck`ahZPg-a-P-dvcns0PNN-WC^xAg zX;9-HJc9i8(;1p^ZDiRgt|W{V+;d)x;?*!Cc5OLoCsnHZeYPAId%e3!>QuTP9-F&u z-t8}9@wYz_%>q%6c4V{xq-oC*gT%JxRdLSr=FkYRreI ztEs&gBF;^%C}`Tpz*Ie!@X_N!@BnXB%4h7+RVa%Uaih z2qtSZkCp|1Qcq~g^_HQuarfK7t!9z~e)jQwv2f|Qv(z0`(_-J0G8KLDhoqp5TRuK+ z?d41V2lPd)WOyT5Yd&@2VZ`g}Z63uBR4xu$i2k`l6OxVPo=?mJ;k(l=$=~l@h4Nl-u??CTw%9fE1iDzHd@Xc>rcXk2PF8na*&>(#>QsZi?2BNlU%HI5ULt zgNef#=0%`8axBLnrX1Cx^WXxe`xv(p=-PeonK9OBl2dqwT}`B6PJ8DGQs44EbNJ>< z9@>hIOWB+83baWdvqu6J*-Yul#TVljlUI|=_m;YyQ*W5-Ue31Y6kL0|*w;GtvTIK> zCM_)&g+8JQcM$faRGX34&`!fab%>y1CQWsHm8@^1L;M@p!=#`ZsLZ0qBfe;Mm@`Qb z?4tdckjK4dl8VpW06K*rXrnig7t@K9{~3(#Ufw1zqN0K!{T$G7+< zfo$gxG)IWmVgX~SDx|tzZP$B*EDcRume(8&P*MD)b7jtDJyuatl59QyBe&qdZ!(9iVKyzV(zs+p=_y;&=~Nu{pns?^q|}p3 zh-R-QjcZoT=3V7Vh zXA}1>lSDa=Y1f#vQ*vy2nhzLv{b!{B4a@m+k|pE$iNqu{UQl0}8wv19$%^9ldjjsw z%ri-K*V!?Kd-A`08Wmiu)~`fc*>5Pk=*U|jM)WePJ*02!CP3c*5AaylcKxy!+R9CM z(FnX<`AJ6G96Ja7PZjhW@Mb5`g*&jbQTANm+y;+FHFuXI)E5KFy^=Wyy$5AYFA{Fe z)s9990_DcKL&<3Tv_(fn%oAs-b|Se5E$Sy{C%p;(snP)8a)tsc)MyWYcFFLF@Y%ce zYe-mN-Imv?(8caI))MsI;_t=v2hmeITF1pmW`_iszlj z`An61tt^Ox!CJUF(*NF!ubJ>w^J;2&QbU}ApbnfUay0Aq0o;Kef6zu>MY*w#9ZgaN zqX?A&>FyK$5aXbUrwj?lC@Eh^)d;e43LMEMrU-5;_bIYE!5sYPhYOu`EfgV9^37KIy@1SlHc0jOeW9%G8iR7C z4Jb)l$K*&$1$lS5lB0RiqIZ#LLPG#DgQB)-`$ars@b0+53CWJGUFGsP&%VG`b`%Y{ znYK#(MJC{a^2S<#xGVy zokNhDUu5QE?#62>8=Mg>)>y(|#%85m&#nkz^DJ{fOO=?m7FN+>Uy<1vkqw9GRnYx} z2BWL5T(d#Ty@p%6#k=YNUc|)G&|pE$kpc#MxVOG&lRy^fme%d!D`By=ci`cQ~QhyWQV898nA4hvP6Kb>(%OSD$WOHD zd#v6hx5curCV_0k)*)K`1T$0FqsjZVGA*+AO@7}K&$IH1K0kP4T6%`_rU&SvF=ryL zZy}Pl6UC*n393cXpuw%PJYR~ZaFx}pkQ=jiM0VXWmx)22@u!G$qkR8f>m_dtMzV9i zVT8;Wbra7CvF($x34E1C2GTO#1s&7^1xGkrc(#QohqeXgXiHH$@dhU|l~&%@m{)nH zn39u7M5c2Ng%qSB1YdKwo15Y6*_%th^x~g(5XH3$%S}F!X27s7o>bqjkRp~xWOCQ; z_`gL-q!C*{W((Oxks6As(=`lt3VU#_JDb6Hv173#3<%LfCHcjPjfLh ze0Igpq`m9l>mAAD6&Dj8FVc6IIkrFaKK9gabc@htplKzXJC|c4B)ZL>JZUzk=ofH?ESbIjszf@YFz;1Y5pv9?%Bk;m7OI`7 zJe_+o#LDWwe7sSv;4Z3Kl%nT`8u)!XquA=v;<9@186CZu22Xe6yj6v^J0B9~mQwNT zyfUJbLbQqY`Bjn09YIlxBVj{(2r(d|%|JwwOYP-gR{r>`Y~ z3%_&7ftd_~(Yi!)fygP&y3|Y1Vr4_H8`^_;==LqV_ovoVqM`4&o$L0ir>SHKkz)cU z55otV)U@ZYJj0ru6HB)d&civo*p_lx-9;HoS5%!)nriXZg4}jDh)W}oIvyN3L=k+! z4uA^a6QZ(UHehlQFS?CX{c_JW#EOkJ{_OTx}okxks}JuiYn*b4RsGrr)P()Tbe=5G9~IZU`wtf$>wEPf>$Z*?rc7T$J+Ax{43nMSEGIFrR_j%M4Nuv6YeRN> z2Au}DP5l{Tx0uT7+J0fwYB0~%_AiEOF)yG_;;9ofn=4u6(7$iFxXx_fs-!w?F8!5Xms%#DD>kDrZNxAr)J(Xx< zUm=sR2f@sKwLJBNWa5!WPB%O%Lj-p1RIdGnPW9u3;vWY>e6ha-dKXDz5^0y}iGBIr z*heaT*6;BiePy-uxbJy`nUx^u{K>5Q#65TU_C&M8<~Q=aYs3SSuoo+PjiooN?P=0hnm7>{Ww3~jDp#2G?*2fx4pIXc~*?g*xV^qz2-WUH@S62S2{zOSWJVl`DdUmAg zQOA>h33utRG`r4X^5^?+7ase%WV-9U&b#Jh>9Grx%f6j?I^%sES9v1*2`#sy{E2a9 zN`!g@6mlrM^YTWkAOaVrQ5p+jt!ixvk*v$p7tK9>(QefVAAE}!6=b&Z0Oo5+Df}2I)ryM`6&WXVkmBXoT-O) zK{4@QR@RlWI|S8_M={;wjKWi(Kdb?Phd9iMypV^(pvS~Zk1|U#q{tN~YPR6Y+`%1F z3R?uiv`L;pt{SxB<8(Y!>-MB(W^ zf?m(kAlgaoI9n;_uG6C?AwKe899^C4K(xsr^@m0W&DOvzk}sI+3yd7=T-3C(s2}C( zSThN3Rqjb)ZjJeVa*3RK?SI+ju|gjdUs?du&w!Oko$tfIX}K+oQ#<)N&D0jHqS?|{(K6vEml)AM~K#=_7H-_ z$4sBRKRH5HsiFB*t);1w_UXKkH^(2FnyOT#AW-EU$_JC+3ZLl<{&Y3lV!^(umn1^INkRQ{b)5Al zTLXDC(qESFKOZ3vgB35*S($ndaO$S4O)TDG811Il?!p$}!5 zR*3<|M*=5CJz7N!nzqOAU=h&nBbryuBb@@yX_5*W>=<6zDaY>pX$!OqjWAX(eNK*9 zGUAOTcHy91BSfK?b3!Ba84&B-?;CJx7wXSs{flS*(>iDwQ83T>=@?F(2i5M5SE3F~ z+WI<8d3Y4d$lY5kxo)qEa(vP)$YE0u-n$fbx!X3S7HFlCEn>a$L-LpZv3Q$SEz*ib4FmEYbuJ;T z{<@T>>D|3g+k%~+RR4qEQHEt_B4X9MKSII0fuzEc!79(fsd?&rM@(^WKC zwO_c-UB$Zzw&Gi4w@SL7cT*ikh+tTqCFsYfSTC+;!uF{aGX(&(KgXV>OZ*qB@Sm1M zHl)duFer)Dy{2}Tz!7_s4a2)wNptP?vN0xpa{Flb{*{R%&gA8f?>oH?aj71zkOcC^ zYV1NC8uJq?u2HCg!3s%rGv(NNc1rRJzd;YAvXeUDTVts?&_3e#U|$5&m)jY?jcJhz zae>`&gLn5CoqSf+eY~|6rr?;G}Fr)907H8?w2+!vknkh(Nl7?sQ$oV}i`fH^a7;W0d#}Bv27{9RGc9;2z#wRmUBbsVJox8;knGm)cjD>QU9V zAMDL5yFZ}X<9L|Ro}Bl2%+Pm1!^w8lKds`rg4y+|@{tepq3^QO#sDPQsTk8iRRU_| zX)n0!h=SH>yNQdA-@v}T>?06q6cD8b{)>bCPu%_A9}@QXEr?$C*l=nW_qnDEcfZcy zLSi*dF&y^9g6+!~OlaFb-5g~Lo>M~3dFvL&q#)MnR&BWJxjdmYbHk=!0{XbNZk|ye z6mQ;iuP>pawarm2M~ahL*%9-f|3oIM0-9mnH?-Y=oEn{vllez#zz7{YX1QO&y9f9F z^&0-?)%D|nM=+qZUm+QqA_;Gd=Ei9$j^uV_wZe+I>b|%>?(5mM*L2YiKb0SvwYyZm z7B;_PZXDoc7#^rdPlJSs*3J77)kXfs;N61~+1F(%R>s`bMFBP);Us*X~Crppa9yB(Wdbqa} z7*_e>YmCi9py-@qO)dnwpBitD3k68gCgXO$niQsp}bd=(k@I%JWh@w9%ode?Q8mretw zAS`Hp0H)Awcz5ecnRGKkIS>4Fz)Wxf6va-PHi2nz^BHVku8G2^?cn?Z9@PKADnFjg zYh^~|R8YtC*WeoFKWLuJ?4Gt>KA*h=QAB^xNL`g<$ioQvYCFU=94 z&D83M%QQ!zifN$%d!iDqBSJy(6TtWb6fR&-;cPs~(`Y&2gaXlTQQp?Va!(L}?IOP2OyR2E!@N zNz+B3T)2Y4emAta-Ebhd$x%nd)@wx-iEu0#?6B?{=B|*D$X9 zrS7ttyS?fB00tP}ndJU2wEW*MAc|Kw7Hq5D)?QREt#vwF$pt>&r(LNNFOFyRut);? zwf;j&?DL3QK|}s|eu?uhY?9vut-rKQKa{kc$$+3|6k&x^LLR}i_fPNCs}=bK81Nu-MGc1jgj5#AtSfY`2d}*VaD>` z@7&sLZvt(AMw~w{kR_Z3_uY73M_y3c7&uQdr$EH83QQ)?NXN6bO@qSGx>fjyY{;=1 z*bvj80J36`R4$ms&H7ket~nR7e-<%y^eKaKpHx4c@Aoa}50T~%Qnwpc_zo8DM@%#s zTft|hp|w8|oeCDgB=htCtkb`-Ct!hJKo|x?%+Ed8roLC!FNG!>eEr_{1yaz75L@+d z^VBtA7|(LDph5P{xr6($@`hX7;B_~A zZ%qkZF#C)Y(Az$Aj>dd&@zdc`EJ3S=>84GCv8aWWBnJ($`VQG1XHF6LZ{DXReQrB8=EZGzlHuJ? zlbGRD^`jMB34j|)0ZcVAU2ohGFC2J(R28}|(+lupn-~2=+UeH3DG_Y82CAIqM{5J5 zxzGG`@>e7YZSNxD(PP-8Tjq$O`u_x_k&!cN`RP2-Zlq7P!W6hv{LKalGcQYSZm7KY zwBus(Jn>z_!1pg-XZ-iKcSSf=n%$^a@HX|p0Bsr{p~*Zcl2Ue({nuJBUaIbBs|)rt zuxy&r_9t1#`nnU$`(H!LMlbA6VHXV-Kmog`MfBuu>&fYR-Uq@~HO2c20ZPB>I# z1_VI^W2pPoAO#n=9PeY5n2$ErMmYhtg|*;5Ws*JwQ^Pd?XwTd>fK4+E5L|piOE2hX zU8;ATPxjNP%Jwe>+L{y6iQEIdz}d=i3I|BhDxQKO^pIdi8U*dse#Xhr0T_T}&kO?~ z62ne1V*z&1P7r;;+N#_ZVC8LrTa)weFDks}S-yV~)P51zz3ES=s_;L#Hz9XxVoU6N zT)HD8(=eZh%)BWP(pRZ!Ltc5UgeM_!J0fvg7$wf)h^=Ze-jD$qY9*=aWW^DYgXKJz z`{5pmF@$U-U932@;4-W?WO~|O905y-Mw)`+-zM{oyCA`6$g>WY2a^D3UGMgHge=cf zq16K9R?kkteESpAeU3k6K8*v%8^0J_w0+QeAXhxJNEZ(gQ-^^$8E->&oEHAj9!ug? zpyxZCSNbamDlq2U&KGn&>Tw<0cL*SGATQ`uito`>?X9H4{*!hcp}>wwq@NdNSV%HjXk^zK#+}uVLCq#y=e139DAUtOfh#8#w!c~c&a<)U z=ch`s@zBt-6smX?@j@p*9pE8jmvYuhGk5@#VD;G2xp-2YHm~R?^)#dcz#=vWfV(c& zKv!lYSJVgamZyMF?XhHkJbQ`S@LcbdDnvOyg1R7VZtEtK>%x4K+cfcb9Um}hH!kdfZu4ODZZ=g zr<029r_Y&Je=-4jC#+_K@`qi`+-vaRK?pg5hi~bXHEs5JP~UI*BjXS4_Af%oe|+y$ zGekgMLOxmzwF>AKHxP0NuoLQD|G3sL7#PQaxdB zU=fBM$?*G3=Ug0noPi5g0-rbe3`j_J!UQgi8~|3D(7SQ>M(4CdCbsnCqDIx60a+u4 zMu!GSkB)HB8)uw1868?5i63ppS2W$kuF!sSV2+R zQmtBFy16_!-M>9kKB_1EkCgHk*(fS;jHbKOPx60xwEoX$;rD4uWy7I7v8cPYaA@;c z-?^c)piXX|*>d5N*LjK*t3&3ekDoNe$T^$0!>R(0aWq<6*=QQx|7=5diUhmld zn@IYfKdFfs)?nO{_fmo6?{7JQ$78@GsmF%@w~pZ-UQ!b*1gGnyBFEp~>W4`x9DBdQ z{QGqO{d>ZK=l6o$4C(O-5`Q1Y4Lpog;y+*c-+G=kY1lhS*e>|+XZHz(!?tb~f}^T2WmSdE%) z!}1!gn-g9nA0*tnbn@S!zkGytVHw(tvB~iJzi;vjDA{25gWJ~a6q8oTHaLvG(CHiH zv6@c9iz!k~^{(C*lME!Cn(_Y;6aTvflqCbpm5V94{PdqAt)GEm`}3Ct zrfT(56@GV3r)LcL>EvXGv;}=o-Tn8U9(Ja@+B7r&?vb@;ce|`s73qU$=p-XgjW(@c zO_y?BPTR4@-O&xcS+5{d|-cM&SIc^8kF_Ox@ z?p|FYa835G)oQxCtsljk|Gy5}{~bIa#IOi#S>~Pdci;8j5wgfOcZ*-HYHQmi%aAt< z3%1k$im6u}Jd=(e>&uK#agJD_300l40N zQguIHmVXDUnZQc!mFb#Cr#~(mAH%;SO0g^Kz_e*8uaw;N&rwlP9GU&D0r6d10|o_#cDg&!4ZQpyZEyvHiougAxnbJy)Xr>7R~P%wf7e z+(pK9^0Ra=#-erc>WFr9la;T7lkMOS(^)6o`dH+LPfRP-5*kPvO3v57d-R(3YSJ1g z|DCS{ya(0}-A_tW&MkJUSCcmZ;gqzk)_R3d~n#2jp>f!AuQRAe}oN?AeU@M;zMN z*Y-;=xEQSG2PFT-!4_25^-^vKdtp`CcVjTcVC00IBYgr;_0s@`@^TGHvEjaau{PWI z4>9c!&UX;N74ZQuTJm3+8n3J?+wfGYq&df1uR-o<+WCaKmtm2*@G9gfiObc=q=n03 z5n#dx-GJxeQJj$6?@*yUe05tnWDQjvUo=r_6B|mI>sV`w6=|hNxP0B{890^MQ5;zqr;#CO*KH;yrD>< zhcGjjm=7PnAF0epj~_Ji{rF~rj8FR-v6Q;G+Q8gXFF`RZNnj}S z&uKa0glGQRa57;6v&$GgGHa#w0mbJYM$m*uCj@4-fg#ThXr`wvKZjdng$%3`SW))D zIBS^9m%EicXuFZ*{ITGv>&5tZj~V(euCP{!jld7d0>HyTnP%Iob_Ut8jkb6J4%fg3PUy_=q!Hf z=GDtzlPeE&VMQxg*_X_9&+8JFw>KQ;TX5(jAV@QO1O8?|jQK)}k3gMe$$r8(JIj46 z$`R$78$jwQK%H$WelVtL?4+|G6|mcQ4K*~dZKd|#vsFnAk?RwV}ame%O=|%e^Y&P|4TSs3Dc3* zD)?CfQ^N8z>_w%O@Lk;YU?8Q-O;#PPq%pqP49f^}Fe-M6k)eakoVTljx9cZUHZn3I zZ)AV={&ju{eNOK0e%`H_rCZ8JLXYN!!9C~cUL(_y4=c_QA-i2~YC3>+O4WP!ou@J2 z&%(53{H)kGTfOmB$I&J+(2L6;jmf~A^JcgOQ*cY*_PinV)~D8!#N$+tkiGGD{yM{;72syM|OwPU;f6eD^cZ8{*nrAPp(=+zk zFYm_UPB8k*nth4M3$qgD!PjVkAL(y3Z!eT|fgAkM@f$v4j)7xf{_#^#2FKYfI#%39 z<6OGcc3!;1a$Ff?j&4cVZQ6@40czpzZlYKwQ3 z+oh_FcYzh^)CMqL{2mDr&T@MCX1eEWF7&R9Of(oc3*1zM44mt7-X-_ue5|pzl)!sp zy$O^uC9`+_Tu7;vSg+BP2tmTBy5fMK`&I7|?ftf}Qk~g>J(YNt0hpOf*_GZr17k3k zLSx!?macQivXJ0Llq17_xQlU*2=NcK+%nu1OyJWpaYDX3$JHJ&lr6&~3J;wxc0FTY z`C!`B{R^Fdrfvq5UZjmboJTUuWFCivDtzgcT)!-Gy+R_RPSE;5=Pa8!4i1+aKMRvI zUb&5Nso79qG5v)@33IZfx5h&+o=0Hp>4H0j1ZLS{%jqpTDoik0pb;2X@nsgo1xzN% zt`HVwjd*%}JE^y^5{29d-f*^Jzwf0pwKWhVK^oI5fQ7T>&M7a8vdL3Y#RSjdS+0}o zy$^O@Q}w-n`;$TTrjSPbiBXs_GDi#`ha<2f>4rEUv@#9n=?36!I(D2aqlnzPnHyo zc3T-AwNk&B_T`A@t9fA!0uk)z6gqrFsz(;t@UW4}XEs4-BNKGu#=f3F0~j+|OjCxh zf&Fo~mo(CIM`X8XbVbFHX?)WcqNh>C`WF^*8jiDX-J>ug`s~(!3t>;vQfKdLXzx9V zaI8My(*u%f9wiL~cHx>{uZ$9XEl@*h(hNUAvS9glQw0yt95vGzQ`uye~7v{)&_vAfkN!^%UBLiX&W$;SfL3a!b@dEBV zJMji&;*W_skeyoW2VBk%vV)^ zKdY~gc?)z`M;3k*{)1!KVVQ)<&7JP5>Yex^Y(B_p9igxC7@ySeg&JC0LBqvIK_~B3 z3R;v66h%6$XQCT%M>qqCO70}bM9-YCHfyMBMKWi`IO5Bn7~(p{a1}p6qC&dS2~w^t zLXx2#@&2S9!3Ppy!ZGO@u!Z$k?h{u##x19zEz3nBw<*^yr}ZeVnIhvm-ymcugg=9; zfB4TkS4A1y^}80szVFDfP|0)T*Tg-442m;v!%bQ%t7-c)2-@3DXcH70(r9ysZOM~H zYO~eP2mz|b@@H*SZJP>v#MrLi71EZrj~T+e!F*GE)OH~r;VD#yVUB?2?$K>398Vf9BSMMwyV|lIL2!q)Y4KX7ofSgsFzO5hC+4*tmgo44Ja=Hizya2{81C(51dbgU^o)3kA> z?wsWkqZ<+$vo-=Cotrw0luDQRK;Hc^#`# zs+mIE=jMik@-ZMfTs|V=^VES4rY+`t`5tl)z|5}3@anfv3hKeda6bprZkU6nbY^iL z=y7ooc|z-5BwGX$muxd6DtQedg1CTE^*I&zZ9cP!vUcEws#F!>t$PcaQTofIwG(|L z%uGRlqt&A8bRkd=$RWp@K;{cxB-KULVa98AN#MF@0zF3)u*-FbXAVO3dmZ>}^yWHC z?ruGo>`rKkf5<@lK*uW>8o*^d_$`a}wJv{(r4_T}_wG}pN(NE(%QsSKisgKdRXNmi ztH#=V_tu^d4sPI%0Ra7zt`A;>IPwVOq2E+WQWkP>_H=tJv95wn*K*gGIQP~9K&hXT z(GaY*sT3#^iVfBOc~QRu;KE0{C+sj(-tMNTSP5G@CfdYkSA<$X!_!V>TXQea^=CkG z=&V*fC%c@$qt?!c=U;M~uNB4)S!`=pS6S9!XaqUN84E+mxv5sdywPtS`1U8nxf3i5 z2kpwpHf+R&dR+Kp*7M{c>nzzBhQ)csKcr1|S;Pv1zDNtk?Tm{-B->Y>$0!~kZ;&on zEdHFF2X2(fVPq^0(8L#<7O+0KD`gx$aVeI*)-#+#kq~j9R+|k(g*+~2ekpBNvgR@g ziF;M&B}u-N@j7Q;GLUQHGXsgR^yQ;LFf(2aS?wymk>p2Rb=JT5+>5!0-XRroKSFSc zzF_adtXPYm7G_5==6Sy_q6gC%e{HRxX5$A^9e*4Ar049TIrRDm$5zbGNqXAxi+RvT z4f{pss%$q%`elr^qK0J-ihv`Mz5oPuP8IY*D$k60FSi#&VW-|t;1$BZNyY3z9T^LS z=0YzVW5S}{9_hDPdVpHYyAL|MhekuSI*3oYjh+Oav}6(WjQ5kC_1^qU+{^cTj>%J9 zcjC$C7e>0DC6n@N2|X|H$u+29$8?EyD40GE58c!{Lm_Rw2+H(z{X*5UPr6BUl28F! z_zVX@M6Ce10g0?rha2z6t0d5W9D{>Dy#(V>TwRY8|G8?Litf0%-aF@tl|RlEJv)G< zU~BsPWdY{5LVx|DxI#&)Mte;cftnYbNF|>0@_j2o>!sI%Q)k<;C&B>zs@ zIwQ--CY@jxS_xh3SKs>HAk571s)_hAL}kM4QmmceY6E^|pn*=j;BZVP&=J)$r|Thl znFrw64S$#4&qQ>^mvE%7;G|)_Jk;n*FB4>HPwkP@_$!dxt($l(=0P{vjm;aAj!|;; z_h@>I4Fj@hd?Y5SOUT}W{W#7X54xLo(+_lvyS|y=;?r7pKxO+!aXo1c(F>c_0gJIO zsvQ}Hni}BWhD6jf`hF_iqv`dRdu8(RxG`R{vRHI~u(MD-%9!tc;!e}((~760jrc^9 zV~$l&?hxHH)|uA!aIzG4-J&P5I6TMO=-uTr{4I;X+T`TalH_oV=Prv*M9|{X4!u3> zn)^iEj+_?D8x!c8&jXLwEQ`@TzV{TWwfe=8?9k7z7-o67G1M})2Xapd=$wkK!iq)V zTC8%2$cw$A;1{E^7^ajA!q5;w)9I>!fEpl$0`XqyHHpAbmaj;grcK#?E|t64L?QcI<{&4R$6a4zNn{Vj&fFFGnv8#B@iIw2vE!`HAe8@1V3Tmf1J>Z= z_Dp8hV2IeZ|0O!{z3>`f<3LLzOp@F7^r62S`gu8J z?Kxx6K0n%~BVt{q*XfyiG)o9lXgx8YUc2)PYyK%2^pW3DzPm8W*ZYrEl_kkC~uN|X42-Tq`_1uBdK7{sA7+oR9g#Sk!sMd^9Gb{lS_m&>JO;- zjgbhr^o@Vf3sP<#v7kxi2nEtf=YPW3-zspUz4;DT4DBgmZ1IJ>6$_*+P}YNIN(4*^ zU4tX(4o;hnkF>vavA5gSSTXu06^2!Fr@7H9@6$NumPP!6#2iXS>g>D>pk(C7r5NvP zJ8zx^m_@-%{Fxn3-0)H%*C~-mfUI~?jhU>c;oq+Q(m@Sb$hcQoBLe?h0X`4iO{K3~vdIa%5D>pvH6-D=LFQI*?%OIZ>lDhKpLC&Lx6tABK#HLcD1_Xsa!3sg44OqLM z{=|>|UgW|vlxJ#8kKiA1d>y^%a|oN==5ebrG!X0)Sar?XNQ~!ao36hYnr6#YD%>I9 zNVIb~zF%`dJhacNmN)X{7xv-UX%*(-+EnUG#{3VK7wg$v&ccB%YEH*su!Ag!G8++H zR>Cl1hVuHu@x>z9tz+p%b&{{&y$=}d;|rkKj%0)S`;eGz$$RJO;p7Yqs-$n^Z%9?ipCKK>!SrF^4w5C+1&R?Ho#&4RYW zAbr_y$gd0~Pfzt+1`p*qv$?A*+@4@$<*J{L=i0u(-ie{Q8X^npJ1}ON3^9FdO&p9J zNWpf$Qk^C{VJZ2ZGpAAXiP5P1*ze~NtnyB;X|S-RHG)bm#y@uxt**$V<|o-oum#-^ zE`B!Go|dr_;iM_o9M??`EedDMkUR}oUkTH_DSsAk8eLGBd6ZEvms?u?BBt9;>1iLn^+;Y@3%xv4e8EgZZ{h6|p+>Q%)kdH!KL{#k1t(?r|6&Q~*6J&IM} z9!nb-E&q|6ocUHJx2(Nad%;CyRNcb5&$5y(v@l0Ab#<36JCRjN#5nWh!>CL*OIK;_ zQ{9iy*n;nz87y#(rP0Y->!#a?mN+J>Eea??aPU~3O*Isr8DsCPes#ah%{}Om3`@)y zQyDcUTf2Jdk-${zG)&yau7zvp`wfYi=_gZ*r=en}HboM8;q1DQe~g}@p)d(W?^_8j zyS?(VdPS<&T<8H+i`eKZ1GHFu^se8BzO+xD)Q0zPvSzJUwr!elu4E>)+CHJ)?g+|9 z53p)Oc6dA)0$HH-Z>Z{|>vvTsu#%PVL)YxifB(c^NK@ue+r6fsCOW3p;6Mx^R{;IH zbnbJy=f0AMkCD4<`PCJEzLio1j@*ROA;aes}9FFy`-9Wa{b zb1EblcSHKQFqcTIsNk`HhrY}z?0h&^GkEA}5JIo6-R{RY&4l1S#on=VlEjnTcFFAr zhxi1}Yv94F>EffE_jx0f^3&APEEvze@w|5~bcZ^4A16<_?I+GgnjN%Xy79fK>Y%Fp zoWCe_x~Z}%aX7K+K(_K-zRC`FH?#0NCLY&%p*8L32KNt}nQz(3hL&elqi_=dp07^E zZV#`1S^RuNvM#|g1qk2TJef7muR;_A>;#n43pB6Ql`=&9`ZDKnvIRp8t~EK^ZybxkOpYUzg6Z7Yi2Jpk1<;|Ds7!7rPRp9|;? z>W;r3Vr+=jQ4Ltdl`$V?J}yiYn@A}^7aOHgE%T5-x^7s{O7L4yCbJY&*#1RN`V6Cd zU5=XSg@Es{&GRG(O+w(7PK@A6{gNJ*9V-9nF|YY&m0dh&e8Z|P!8$>SE;I~MXJx*3 zSS`u)0WX4#jRtE{B#&PGLHLixto`qA+fJi5V@^xDmn*Dn!`1i%VplXP-cK408w^#@ zA-nLtt&y&kzNlOrnK7dr)}F#knw`?fMa$YK@z3rNQc4gfB+p8z3wd@eGD38oF{rl0ep^gqRR{?dF z!rUN6?n2;Ov&b)KLN_?xA<Q0d1|kV{QW?G&_6K9_87k#{CC(|o zWNr9n95Pog2i=soHOZobCv%oZHGZkFR&9Po?zR;mjC^-~#rumjBscx6W}=Q{aKZHB zupH5w=&VG{ZK+&mEWtFw?#lNxNlfM6ZQCpLwK4A&F9SQEMsP6i7< z$(Ho)utgzc(?N76`RMMfWN9C{L|Mws&Q_SIKCi)D9jX0QO3}jq_DH*+Z~3+1n8)ok zG9k_zC5@P06eJWFJyD-ycIdCgc*+)D9QBLDN;em|M-9V!bG< zR&Jp4_xD z6u6}(XZGnZ$-tmONoBi2>0<4yeUg!b9HQ0ZcRQs`HR8KCr%FS6#UXD_JZUQxYqV9- z;4|$9sit!-ObBPe%r&zqvU#`_)Ab9k2UcHe{Pnt)1$maTx5*25mJ6|~%vVk2%!!Ig zo~c*1#jPGW4rNLAK9j0RF>^*_4{XXCG8_Qo1$=ceF>Yn!qUs8tB}R|%5f?@gYQEWD z7cowr#%@GyN?)MaS50a3nez%}9rv#XLv#9e5<>1pPC{#0u{% zk%0>X4v`b*9&uYtkc$S!2lZ$Z4eKc4wgp4VY%9J(8JQKHHl6LT5FXM2A^cD|FlV$Y zBxzr1w&QcOj@9`(XSlnptQc)7x%hKe1lvPpr0m!gNpCh-A@R@{*G;3%W5cpj`7sw% z?sIii15YZ<13lsYW9+Ttnts3jaT^QJH>e;?^sO|Agv18Jq(dY|ql9#fW|WB1-3Sb% zVRVcfsKf+>Ny8|~vC%O=^7oo@-}mQt$M^I8hX;S`wO!Y_&beMEp67Wau`8IK$mlTi zd^0_$8oKj^Ryak6@eVof$}Hr*=aN>5IbnceAevlF34@|`KYj8T?iV5Hn}|CpD;}nI zjb`XK;<_|LCyo5YX|(4ZyxXg$HhEYf62#=os`!Olv}Ucb-*{|!?v8OwrwL<|R7ld_ z{h6nMMz#{ETOGXqX^swzS!99n8#P$r8!Kz2)AAjogO%Z_qES{^l8hU2G@fC_%7_M$ z<+`uGc5`({r8>n^LW}l?a?{4M8w4M8H9|z~3VbYeyh}*&AR79>CCE4957%K;3uV?Yr zfYD}=nLNa=yL2Kl<2@s*uIvr@+0~WM^bOI*j72OjccJT5*k=_Gv2IFN2}-QBXD-)| zLZx!Kh@H2{n&c&uzV4ohb+Y^rtBdGU-ookL9tj@R`$uxUbmuZa4@q_KuYM!O z%VYEC$Oh%H>#?w5Ym>Tx@}=*BINdjm1LRTDE4-3>-RE;JA6R`SqI(|e9oa_<99-^` zK;M;r$55oEPdf4dX7t*y*>vdhLaHWSn~!n!a}FkLGBR_TMdfK!_Q@IUieogg9gsbU z`CYNDatOOo#q@$_`o5HV?o3o?{XOOHRM-LzDG*>ow}DrP6~`&jAl_@+^~@EuT!Zy9 znzmtvHA*p>*vGs~Lyr1N50>d`qSI^#Ej8jmp^m8{E>G~_XC%$Krz@hpo-ub!>1BH5 zAy%bE39W^(@1}ZY^aSF2U<57`y563&5D~~|O*9jv!Tv$bR1o(^r37lm?p#&Uy==l5 zWB>R4QGlf0@P1^xsRbt={0Fwoon@u`&Np+e3BA*LhgJp!O!jg7f=qA>{sXwcaOKOe zV3%md)fRbstgGW=U*)h4_rj^4%6VWGe3I`<@Lq+NXfpmC)fdOckZ%BlBb<+Kr0y;Y zbwh_uuJ<$N(uSOEVijOF;uzRU9#FF|Jxj$~vn-x7+9N6@%SS!Jno}I!-eRpbDlb@u z;R;zcpJp6!;MwkhcQH78y}-_6rDy{w6YW@HKEQmee6l&7S1xO3SB%$j7az};S8SCl#} zUgsd7-H`BR1kM${@zpEv1b2`M9Yv>sn1U(bM3|xc2MIo^!lL|#d}8)thJ!0Rhd&oB ztCTl$t~F1|8E|VN{V?WM^Ykm{bk_h*$N@jAcUv$^YX&} z$&E_0eY5CJViriaa4utKMlI?vi$*al?6Ui7 zx?SvJ+a0AYhjtWr7Qg@Ny!Sdz5TUMI(e@yJuX6nnsUVk7!Cd{l%bogdOXBB@KH982 zoTljgrCC?jr!eykD+72Kv2~9XH622h7@wYgnYf3jg^A@Omw<_UX^e3E_y%%Yh?qxd zr^lE_m^4Z&;(Y49hIX`^1Fgx86!(Umw#jmLv`v;UJ+$7_l?W#5zjlx>t<$S)0TpL0 zjs7zHPsa&|SfH!Xw69e}q*8s#JgO+PNVn^u2JjlVIZtj(mLg21mx%Ds-rjSWu+x^6 zTLCG{+3h$sb~_@4jy%1#P4t80cTq4oGp0?>56U?As1NOfsrvFOvfd~gZNA`IPeiI0 zRvE@gT{w!0rR|gKOJ#ebnWLiHL#+G@p1NC%CIvF|BuyJ5lX-$Yy2$Cu&{12usv+8v zu91E|I{%l5H4i*Y+t}+H8hydBA5!Ur@m3=kF>wxS?|YCCQmw1#@Mh<}xy);Ugk765 zRgOcrFqZw-2=YT@QmVHXwAs|5&r(iUq9d>W)xJU)?nX}kbttxXt;|5;RH?3EB3f1` z=$#eur27g(iNGV#Hw1 z^g~%099&PHVgxngnNF*<3q?9{ep4~!M>^x{aXxJFJD|jYr-L{+a!ibo*WkPD2;7`p zY4Ss4m6o|h*lse~=})BK`a4qCphOD&CBGvD$o4MibV};X%9ugDi8^yj4~@TAJb1jJ z2$P&>$gT;xP#iJ4H+n%9@{Fc<<0AWX6<8MDOHx>7Xi;)avQpw(Drs@83j;|jz4>4* z-^gua5FYmGqZ?t^Mc5-hn$&*+h!g}?YQBiO{MB3LXj&XY+cpI#zVpv0Itpuq?_r0kpX7vM~?wt6nvNm+dT-g%(bP|Ujg0~79wmeB4f)g67 z`%f0;W~(C&O{0dTL%K#xE=5EVHN_ zcni50nnIHFVb$=O=HZgH;VUL#<>yA2TbjRi1=@J$efqJ6*Ib#vV^@m|YMe>JMeeo9 z97g-hPk$#UX3k8#dh3WB-O#O#Pp;WaRw8T3-!`>ulKi_5CKUo_sTpL#-%ZC=&w-ivN*z``N}i`ryTI-#0(m>TnZV%hq_H63 zxuqS*KDcaH4@I(F!q(h$C*0jCm$R>)V2e|!3f(o*(P}+3udV&TVIMOyEq+Fd^@sY( zW>;t7yBiDkR+rEc^S}D$7MrGu$)(e~WLUVg04-o|{F0m{@KAvbpGn|oI%Dng6`&V}SY=NRG zQuTB+&Y9dD&T`-JS{hlmWu#Btv|H-m>UGHg+!@f4sGRV?rXI+o98D}koNQ$+Ot@n+WqN_)z2uDwisScV!=T;F?ANdh z<`Rwv%!J{TXnypHFhMX@%|NdKqc*q=DCdC7uPDfI!bpJPwM-_&`wj@~B(iKo-6e2b zhn-3qSgY5dmxnM*jSQ@9NsL>fLodG}jXs->Evlo7N;(Uo!r61LHV;4SmKkD8qBt&b zmAG;EjIqWJdULP2*u9Uq5yI9P<|NGrhPYK$!s@54`2x&Bq0|P&W!HM)Llry@DcuZ8 z*e=VNSvxKqg@>BDXMf-=D#g+;F*wvzzmm~EJ>#WUWdV9qHPB zJ$@ZZ^Db-msZMpzLx_EzhkR-(?gRPEZKCGKzL)q+BM^W;>!=1D#QYEzXz7M}|zYCY8Oi^~JW3Ah?)>;=QQO&uFF=Znx>TUYB8D zXAi`E%O|Qf!CR$6VZ7eER?Z`FWBE&oOBWCnpS(>>UqE~Ln;<)cFejhZrzH0>gp$H( zuGQ*^Bp=>#dd{EK3)>D5sGOBl;!?x(8z@aUjdfu%#)J(aYP&YU)=OWMo>^}<*V~OM z-3Gflkum!U^zO0hqv=J3_7XtbVp477R<~NX1e_zspH$24l;f16mZNJsB`De+ZK+yn z@bN$I-wco>m{Zz|d7J%hhNid1=!HLN8qJO0m+#l#X_^GLw$g4;OP^Mob&`m!4Opvm zI%98YvD114&3lQ|6$OUpZ749`lYtCbOZn*Lm};dMuZ_T^rU6*SJ!h=rAAqKP8Aq1dh z-Alp7bswNQab$olElM|Zxq!{C_x_O3&bs|@AP$-{f9;zg(*K2&ywyI2{nFmu zqSSEts^o5WxJTZwG`0}h;TqrWp_Tc8h0B2UeU4P*lZa1ujkK|H+j}1I$7 zQlmSq+vSToXP0N0e+MU<>{qD5X5OaS0C3^;RS*E68qA4LnrL7b`5ANWNBQWk+8`Io zT=QTV;Xn6v^FoeGCcvxwCf)W-3IQ00b<1N;FqK#dwh9Cio3#W0bNQM-C|U_@uDRV) z8`Y~bQxQSJgz0u|s!Rl+Zs*$Grusa3oqRM(GO#CcWF@w;=g4?N1@sah!81L-GC*n0 z&zC0l)-NhsT+BytXlV~SIrsqytdzoiR4Yp9g}Og0G9$j^ZH zI@|`wv_juhoNaDUb9C(f=~{FjWlJ;-C)F*T1h2GNSx9U13Rbnq8t0`v;}#eWOLGS2 zmnTfCY7%b)O|t0dg5^L&Kq_sN#1`Fwtm2qAfVwIOP<0EbRVJPIDe!V9+?daTU))DIt{VX zCUZ2AU?u>Z;$dX>|XO6V^%<5~L@BwNqb!^*Y- zGkg!roy5nw<63TN?1DGhjli|YGAHfjd)X<{gbaG6N%{Kp^5Bqn!fN?Oxz|qK3qR`F zF{&Zma{6KYL#>8_RblbtrPgfTye3VGxn_EC0rAm=I-kRax;_t@hqOpjqzR0Iz3x%M zxS^LYPkg_kp5A}@9(qZ8H+Ytl=3-7GfVZ@@Bc!+p%bF)Tq^^9Vwi=c*Szf?%uK?(8 zjp(p-zO5SoeEY$XoZ#%uChRnn*s|w2%061Hn|@VhlrkbCJDGy)HA$r^Jsocx)D_?T zn4e}YIGB_wc{LwgObBmR@MDfQXRZ$Rb7;w$2$FWEeZk?$Wagwue&P1xRsK}WD9g@g zs*iS_9naxqk0}n!Bgs?t5yJpOlmCh?F{_7q^KzU+7_xIWx@f`FGeqoWx5H_wHGPl{ zwr68}C1w+ep70$1RI{o#IaRj`G_-$v-kq$o0#?=?(>T2tZKe19T2=CTpMMX*X4F6G z?q1UPX7=kbd9t6ThKg;sn;5snlpixLiy+Gf(9_As5#9Jhj9-jtq{`DNXQpx_Gk@-} z>$!o+8*iMXwly{`G+?r z#MV>`yW6CkRKmu3?igbO=vLI?(KcgXdL!mBBZg|bAF)UCj`!W{mGo?)OG6=IRiSGB za2>Ve9uS4+c&>)+jr0AUhX+}&K_YvHXN)@@;x=m%f>|rOvuIjWiZ$xmkE1R8+Iu1IIy*_#ezM^^KsRNR05>mHT^w;UA$e-|;; zH~4%X`T}wUbVQ8RyHv`Y(18GXSNt!#YrnIww@Zr7|KvccC2!dOAmxky_QSGq&yb!= zTl(IVfIAIG;LITtWtlo&PWwPg&HbB_`_0=vIEgwj+k0y_h}ppBwCWAQt_WzlI=`ro zgM_We8>`j=rNx-Mg=)n=QN^;W-sw2!5>=!Fw=AZ{S(88fC3eUpD$b-x@MiBIeC8U} z^OoB;AM-x7VS&_z8Tbv3V%Czs#zOt+s3G>JbCb`;%J0V4PVwfI% zFXc^HFf6ibU@vqyEPR|UdK>kC6~hXew`YbIU$dMdy(YOh5&bTv7JW`b@cCcHj!8=g zTC*;tX0C~iJ01aO9sTnIn{xunPF=d$Ky>Usw9=2^f+%{(FlIFx?0mf;Oyg_558zbB zf=bLKS*e?B&nw7%CQBCPtW}XdAx+_y<&|b9D9tzeDyc@vU=0?PB{rMgLN6_Z?LKG^ z;YF1lcEaAGJVoJk7Hu=sL_zQtq#;3nSra!hFPbB|@A0itr!Xvgqo#UFOzcjkPO895 zX8V9>{U)^N89ZK=%fy4-g;;FC-Yv!CbZS^&6B$V6a$%m>3$kS%yW9D6w~qS=F7Sv5 zS`tylJXW}^c|x2J|o4Al2UgR&ml%-S-yXb4PR{_Sx*dNuaf zXBDeFGs0|Izk1{xt8|x&RfnPrjj(~ULvdqa)tDemnjf;)%&2EbOq|S0^dY%IteC~S z6=EwkK20PETi^5m@F<VZv`ahHjYlKx{fAY5NS(`Psr9dDNwE z7ZgwrY80jqfoUJs2WOOZV>!3oIGk3kGhgl!75EtiDAAr3K8o|9Ox5+5)d@w$*EeEr z5vr^B`$Og%bn?C%?Yv|+_!U2C6jP{-sM*=|OL`xyp(sDRunies3wx85zyZ@`gFZyh zLn{+0$Zn=o4Y5AbB|Oky6gMd$;E^r$=m7mR0gpCy<}L`yvd`^oDlgkrQg?ptvMi*8lj~JdI>~OeR=n1poDwefxKfTP zW-5E!1d;OUq=Ssu;DwFKY77xorax+@|M5d4c8rL z1r;-&mBXnu*4=A_KAd|1m}_xMvUTZs$I57qC5~Ox*I}tV#H+f(X@@;k_dxP9ECmdR zJ_yZl7sd4G|EfYp;@^W>t?xTsmn*hxDc?LGq9aLrYkDbj1}lccXlp@x@FJG|m49xs zbtOG2HJ*!Q_*pNnR~gK}g~NK+;+Zy1y*1x9zc)w{L*)B2SPtd~a_O^?j9Nguh*CcQ?LWG<4FF8XVh=5vo|4n3 zBy#g1FACQ>rw!x3Z$!Ml+Vi5OPsv?zIM3?Vb~QHio`wX+aLm$Emfauu$WBcOpgFJ@ z;Nu}gPBCoH;eX)2E!*IYZfzvU*%xeSFgY->S#Gu+RsbGD0Wugx zke8785z{yW!!TD`&#q(tgx>Sgk8lVeXL^}J1vy@Sckjbu!vfG7Q$WJ`sgX(d)UEAo z9VeDwls9G^s=Zc+w5gLnORIZt6}vTdg8ShBC2IS_{4R%4I99##?o;*R2de$3g3ynn zn%jd)S3~vlp)rn+hzy8rl&u;bzj>WF)Kge^B!i7E8m!D)M(Jj{%SbNvg!fBj-r!6z zC$0vSJAb#r|MX?q|Cz5JnG^ZclN#-OifkHn(e9wztmA##saY%9-7#BW;l>wA7~&{?w6A!0r`XAcj7I^eHH3A*}S5Cq}*aK>Li43yUWa6ll$ANyd*C&^jj9cVf zLpJrnO{MMuY?n~}vWh~&r7H<^Cncy%Ok*1Ed;XGDM!aNAal$8!KZiIkn)RrRR%U4Q z9`0rf2Aft{#RkEWuqW}m+@2<5=eH+0&{yRW#h*}I+!JTKwvBv!>#Tg!beMe%J~xRiTYS3) zS4dKC$wyR%ScC(ejJX`&ME>=wD1`>3yka6bYx#`%V+}x37lOfW;^6FFOlBTcLsmm1b;6B*%YWTERuY zPt!OH2|SjKhCihsGDnw^QT-$foml&p7fNXz-KL>gWG*MP^UM>t96o=U;{t;L9@v@1FUyidUV$JABdfIlF0Tc*+`WEcE0riV>LJ zm~+gGZKiQ0TfPB;!NqSXR!F8W!;MTu?LTY$AK&{gzcw!o9IaP!^`&FK_ddn%y&n{* z@EgGPU&8s9NB-qshD2b2ckkXk{@kl2ij%Pv2a5V{qWzag{^j3<_rTN9Kko7zZ!h#J z@O0=khNvefh^zlVvTr|c0ztd5XLj@XKhn|E zq-0*Lx^FZ5_Y?o$1mTlN*=V+F;PEMzXi~CZ1?!J){>kJ18@X*zV1e~A(KN>!KS>e# zi4Skj{~ufZ7nuS7YEU+cI+1ek&L8DLQSuG_e=FDiv!~-JPj{sD9Y5{B3amvJ9{tbu z{oxMq>96!>-yKWkjWY1t!-8yQ|IxmKWq?mV=ecJ5?vH@JQ>vMQr{pXC(aNtU1E0R6 z|0sa!&ygjtQ4~Nny88dEC&$7o009SFm{RuS<#DRL891^ehC5gPxAXlU7NZ$WIpF9P zzaM{=>azwMneZ)~0|K_-_Xf9BmUSJK_KYse^`2rE?(n6i8un2dX5C86Q$_`54 zfWD&P9mwQAg`0EtfP*;4<5+h2f2{TYuPwiYlg9QogQ5S=+vIkM&+lKSR&z8yj&}c_ zm(bhK&nS{Q&*F2eF_yu=Ias3VBd-4=L#v=jiZ`nH^s%9xrpV&-hxY;h=+NIh0#t_a z5v$zssijj4PeuM*%|ANy?{UCV%V*^mkLCV>Vt7xkQGNYKhn~O$DA=6e$M?s-g`y~X zKi}zl|BHl=W&1CZEV)V9C^aebKQiU46b1atHR_+8cRS_j*;BXOjyEn&xv!M*nP>mW zdB1{FZWK`ypL@p}Pox9HHWwiKKbQG0EB=pvKR=-e`A+cJPsbZCr&zsJ^N&sOYOlKsW2L%|1f(bbT!;dMxya8aHp8)%oCD3qn-HiR z1BH6X@{Mk=%3jZv;PN4vzG}vQe;g>v^7|*1@{cV>ouc!9ZBgo4*VgN2A~J^Lk-s+j z=~#aKydNo5>$O!mf?C7^6wpkC}gMgQQ-oG7PRyDtkm)^ixeeVIg3Y7UcK@?mbGL7c^+!A`NFga7{QN)VKl zNNi;uze^G*xzM->9HndFErAtVz}!OdT*(-gedC1A)cutsb;#IuL;r&J(G7osXo92< z5cW#ps7D}qi=QU)Gc7~hqh#(o2I(<=wL-M?(U#EOivxN9$Q=h z45RU5bD`iJP~JQK-VAdT`X&^OJzMoQpzQC!B<6_< ziB%uk@8i9MOy>Ct#lQS}e-$6?7F#@EP~e4PAqxkpIRGrw)PdX;8^4${d~H*)DRyph$wb6uw-M z#fgJu7ru^9As@XD3EujYFt($s>Yy4xVxyG3)}uoe4ECpP_*dEBEAqfI5l{0acQYh! z*3oc5+c+}tNx)`E@m|DuzqK4H!}Tma&pdM~?`;=vn6B0`%HV($kwO|SKEM}0bXo%P zM&5L@z+|9G5+g35xYzV!yoy)wku-EYl2mBxX-T#{+Olm*Yy6ees09!)X>pT|R{iYk zfH7bil)-G=jHkkZ`Iq{ypRB4wtlVjeKEAm3$F^1P-X?5Zx?i1!0McR_&p}U5_e$S# zGbYbVOCl2Dn3FTP_kU7JGALbV(ErXn4=QupnA5<>!sTE<-462c%P=q+V>mG(|IO+a z?a?Z2(oW{y=9thtL`k&8yPY#ft%pE)r;;j*J*}fN&vlINjc;pEYTPf*kZJElZ`SDn zWqntu#89o1B{|HcK4Ta7U2uH`P(@M)YN7jO7dV@O6MY+gT^$6lW5v6BjYoSXvs@CJ zKYeM7kO0ZKsbOkY9#p_0O?|dVF)Xk~(Kp+BugY7ePsAtzPF{vLwN#9R_1{qSUb_IK zfl5~ToW1Lv0iqW*?+p=e)dPTw)_@!Yt54tcmE7@lb?XF$_s~w18cCD0MKF17bqp0` zvLWv1ugGQ(t2wi4A>rM7zOv7k-~&)7$u<(ETeXe zQEvENq(kTHL%F?S&Kj_M8^;QQ#EKiV-_ll3JNn8YuyzcP0{7(_ zzPM*2GUljilo8dNg?tJy!Y%mMY9&d?ggx>HIJ<&`a|r{KOxBxsx$P9wB5_~b4t@M+ zUwVzsx*(00Sutp1MaY2=omN0jOIy_Iys)|!&!M+ZMle2)W?SH4$r zL(@(lSZ`YQ+U|RwJ}BH0<`dI*86P|c8{J*;MYI$r9&%D=JtS_KdT*I(2bsTMTBLF^ zt$kRFxMH;$+_)3mc~E)PVwL4+jiqT1_;UnjP#$AsK^nyP)*3-`Lr;f>wA+ptEUl^< z-#Lc^a1H*K0b)D8%NBRPrU}0h(ki67e~z3s^xzPm_~u3N-@>`3vqJT9``16HDuv+# zAm5eS70GGB^)v5yAuveS^=Z3g$~>yL59WK5h=mg3p^F#6Pc(6CSye3wMk8jTMdAlWeEma6A zbWrt(klGlV+({>O4J^jOnYtq7CZhM-bufmq4z;%y8QLQ|9F`tvEYiwLcYRo^0l2kC zWlgs;W~68Djs1WVwkXqJgi~ad!v4;1%s})!LWNAZ0bZI@kWkUMgiW=Q4~eM(n65)j z3Ow1gkC|cRV+_HY7Em4dP3{fsLCXpUB$jcTM1O2q;)n5qtwJa-)0w&FKqYKjd`oQD zq=)cqQMxOgceC@TV#y%7d7E79jd2s+>gL~_Q{MiSSa%Cql`-R9IEE5_4apc$s+9z& zjmw5_s;{Wui_VOvOGmm6e)>L~aAq@KRHtSXN_iT#xrV<)5GM0;lZ!Ap# z+5I>lZ|)F0&&cBWZ-+MHcwnqzXSux9`viI6pXQQHdfr$!XXW+#H&3?sHK?aPd;Kr^ z2gD(HX#`5msu0M>Ydg?8P(4YR=sO>8gaD?~(<(`j`yPW`%fF=rCQm;0^V===_C>Jz zKF0htBtW?DbZ_BWQ(2f)>9j$yT*)aFA(?$LaMuSduzGRZ=tj^1BW<=yd<(ziAzJ(& zW70>{^dDN=0WWA8lJb?y4S;*#B4=qsVi-g@TqbF)`6AE@X-G!N5QB5kqC5EOdFSHq zg`eZ-&uajH5maP3+m6e|WD9zVs^w2BDHduvcaFgfE*@dF>HyU5A|C3)5H0DIe7@D{x6i$ z_muLv-NyZnMrOZ4Np=0?khJsHQrVgNQ2jKA!1e0RF-sZ6Gp{!Qsb9HyhCyWX!DQ+! zP4<`uwlVD_s$HideHGUixBwOz*s5C_gWG{n{ufxodh8v#5B<%-h{~SFn2*h?^_%s! z-g_f70;Ay{S@=WOzqKhT?cEg0hlMg_!;0fZ<#Rw6d+Z~epHpj^V4ithP$$t$Zhc98q`8a$P;DWo(#^7!O+H%U23@hwPpp-6|%quF#*rNQRX z=W~Hpmcefq8cF&XZ9)l zor8K(3zKdO;)PfYD4x_mMn%4u9lCtaU61rV6>ryKsD^>PW|LK(?Cq@e$JbfqmUYV= zBFMi?YM)~M_PklK1A(&B7a#6|FSVg(AK(d_u~8D=tW_pS*X*gt1bC9^Na}uDDo?Pg z^B1UdpW(Th7x!*sB*DgcJf!~j!P~fvCvE2z5rT!LJNIzQvg6M;jBDb0zp7aA#@{MC zcK4<3-9G!mo5?c?aN=(e{u9UCNiwJvUY@9HbnPg+)}CFNo&dR0(`9?3*VR)6Lf0)T z4SGg>%KQp$VN;*sN_(s`vIu<`#@|2vQX@9t_Jt2m0Uj&eh!lU`cq*Bvgo~vx1Zp`Dl0*x z|Hc6Zz_rY`|#^Tmge*O5lRLyN0;9vbQa0_KVW1#u-{GT}5f%OWgCBvxdeE^Lv z!nW;d?#lI)j4WxiHQbI%NoF-o*TZGE+WLgcs9j!&z0!J+?tn@2Gdga7e}4YjZd?%& z+QBffQLEv7(L7fzp4#`0)MkGpsn@{@4 z05BSwK7aJbk+$Fa0Drj96prw@Pbwh->+Sdu3Hw+rp1lu9uD-1Renfb zl8+WTSdMLS8)fTu$I9|$gThTlRL43)Q=hSyscib~B)>SkcBC`0JCIxn&A_PSaRuQbdtRFTziGeGxgMC&UC^ z;L`xW!3K#@cmJe59!0(di`9fF@qY$m9sqICeUIO`6z7Am722*^=e=j%L;}x^VHF5NEwT?R11sS^VW>aF~WF)QV}wKia{h9 z)S`CukoXLhk~Rx0T*{a+!ut~W8)Bs6b-kbp9c`b9H6a5{8v|~5v%TEt%vsS( zm?~b(U+!XgRf=+z2f4Vq9`k0xd$J#N>FJjEu&*^ibx5VhNrwl6nkMCj(VG*t73mgb>f&)DE8225vr}RW2!R*gG=q*a5>Av1MOON6 zTwx123S9Pboz^n&NtAFXGKKi*E<96sIoWTTSe33b}fN9q0QH)Whg|d4)RtKjJ^u0~O_W+%{B~}p+t!d@t zPm2P`6bn*4sg5*Xon*WNG-r+W5qfx}#NOpK)G10CdG2x+sLZVXOgm>;8I^qb4y#R# ztE#X?e6ec__s7IU#PtAj6~H9>`bDK%iu-VfzVHwGquoulk)I1L4I3#w=YBdhPN|MS zfPQD#_pQa=F#jiZf3l>O@7_xK^B!PR1H;})gEAbI>kY7n6|dW5ImcP3D(!3I&s|N| z)j!Jt+6jh}Tu1HrZ_$c|q@Qk9=SlaXCtJ0}jVwN32i@tPknRi@t0aC{#wu981(@?% z9=(p4P%)0s&%9b`EJT6N|V!j^5x3xk<%GEVm1T^Q7O z&Kl2@Z50a2qbpgv`KHjBVXtj>GxnUEL+WVHnd`*80c@ot;EDKoo)F6{d;Ch{OfAW~ z{?^{+njYf>uZofwa$aj1nzHAFsG6@Ct|a!l>>3w+6)V6;T7xf6Z1FgxsxQf-)1cOz zt?ZspaSaVyLXs@_aTfa?jUyc#)2u8_PZ@VIklSd&ndj*0ohbQyns7=q;%BC{Atx0_xALvI8qEd=Z2NPniF$V+4ai>W*-wO0tK8a^ zqPpdqQlA3nE*6)bY~)i@rhv2GIE_Y850SGsFAtI_80le%;xsF3BDzvE}L-!B4~bN1Mt=LW}#g zbc+}ba**%YpeDh-e$F6nG0qV1tnlT0y6yG&#(IXTo-ip<7c{+ckt)M%I98a8BblmM zoV)Fp%(lR(Y{Jw^XOf7BY|IWZ9bBkQ1N95Wn&-gPZt;ifVV&nycFXk{RX~0r;9*7k zaW+rLPy*I}Zond1JI72@fE}XSc|LqrrMH|$rC196H z)D&(px{I6*a;N69{2_o0#@2{`o2Od|#F{f!R!*zE@%odenxYF>u>__&f@JJy_G_## z{S{zl zdu8Vx12=dozsTyxId#NxFpzG^w#p111MoFXu}RW}+vcOet0UyUm+sCO2Or>dlOmoX zVU=NEEAi`sk|R^Eyy~&od=@=ib#ijD?<0d#MMpKJU3tlAGvN1k%mpQEskOSy#q=I9>wnoN*sh4jHl!zs7X{#&j z&xq$djxsA@@%OLU9Ig{rw;?H5I@f?}qvU15D@m3!V%eG9Wrz)LiJ$ab`^RkPUu9gqls0o#8ifJ{(j757kHYoliWGK zB%50Eg!tsE)*Nc0GQ%88`!fx8QTEEqUrKG16k; zZ5LiRLFWql!aywUzXh+Ub4IAdGRL+!IkLlNVhj=PD5fG4zOg5>QjAtaq*0X??4ies zEvFlTrKq<7M&`yg>8_f3#nxQ;j^Xb~xT;w}5=amH1m;yx{v6X<=E?$l0L-IpnCn#? z0j%eJx`Xez%1qy6uU%p&^ku#!+zFkFn?1tO9?;xDoSw7~w15uGnBOG}R--GpIr_w>W#(T7$%H`BsPfjI>|vvMevDk(tsT1!Rlu z7?cLdI^0?;0RNgV#k1(X`uD_5HUMmB{gh;z=T(X-R)Q+v424B|k2vK$l_hhrv3uK> zf0R$|Z{Q5x7<6Fns=nc(C7v-%@3&4b@Iv$Wwuh_VO}kJ5@A-H7k zrE{Sb$b_HTU7W0+`6d>W;i5lBiKG(OEPkf~ad{5EKw=i0;N?DGf>#Na+8qsXV>GaO^_^O%wkhr= z{S?8i?*azMQ@{dPm5^s|Z4AU?gU;(HF}uw~J{>R3SP)p%Pd#6$z}x*W-dMcn(Klf9 zr^t_X`>>~bM&T09!xnaWaANIcF%pku8h>k+!=SE%Vk(C=Kxy-#`kj;zc=$GHH@%jH z>Zy@f7CEc$r1D4;rToJe?En;BoA$%XUh0QDGnq?Fj2c#Q>h@7+HL~qCd(-4;ylfO} zY4d{fW-caQ=DX>{7GqPczQyg~B;TLiOE<^l-|;Hv<~KRH z8-ru@N0Yt4GJmZEp7zxPznkWc)#+;i=Ak7dC^+zdzLiO(n6-q`CC^8xsOa1%T8}L3x}aIVU1e=CawjEDqpb zHSXQA{rq_@qQb_o@zORujV;; z$`N24DK{PrA14E!QR+tBKx3?iaVi9;mWoO97oHJrvoO3^7pFnr;W?ma@)wLM0L17L z)EC%Bot>v@d-`#aQGDxCqR#S9j`6-9aj3g%$xYdyN)F4#dtj@<6MhgY{-bV=I~i&5 zWzNY&FWp<_;?|84mTgkh@GEqM^)X$yLgk05S~!JoW!lw`TfVWFz%7bW^NlQt*2kB> zB*n}=$XJy3t*`kaFR_y1mHcUbU86yjifgd6Zsc0Z<^1>V zs+88v>%WG`f5*X7r*lO*)|y_=%&X_K#OvC(tv0CnJ2%=!dA0oQAcbzZ_ao=f(utw4 znXYPwIl%gklB?W;>t%0%6r6hG-2`q;74Z61L!M&2;)cJxq?;eT-XE`&aMaRzy3Se^Lh#}eYMHbe0V`?$@Ep97^@GdhJ7d-wO%PZzZ;3aCr{xy z^E_9T^~tn~Jum0Kh@LhWe9bx*5OsbTLkMn_^7Y)GT?Ys(m!`F|1XZG`rK5c z)xuEjT_dXaq1W~~GARta7mzkLOG-`$gKg|*B6<^#gvtfM0oBp;)F*{$GU4%Fbq+Ce z?Cl?e1#jNtkydB|p$|9>LsBo@ zlm)V)rux2tYYuN!kfWtAz8^UVV|v%;2Q@FTS)NHgqBjhdlc|)Z-j={7&Hzuq?lvB5?L<95?j>Q2jJw;)lcrN{SI(c~HyUWJl+!bFWiiV;SOR!6-+w zH@ItbLI61DbhmZ+jb6PhM*q7XGjvO!6O4N(=i7gk)yao@cJh zbE3oB9v2MP~?om4Y?Ugw|Cjcv^T>`{67m_ zs2P6-+R#AT5o#Oh_nz8;Xr|R?DBi?(L8E^I7mM_9CO2szFe6 zhA5HSPd+>asUaVZifrq;wpVXn-D69k=hzGucGtc+Ane=s>rU*Ktx%!*j$B2mhy$rf zHT~X_#>}#{I?0n_1D323MDbmZ$`pgqxbzJLD`_I+PWF%npR_Dr>#!3KmC_(*+p_w8 z-Pe`{es3Fs1ALx+?w3?U6e_}d$~ z?%(si&wJnZbsYS`amYA(?{l5!Uh!R@)t-PKenh5BgBwf0ddbA|yTOoxQ^x?F$-zXP zP>X|S*Oy<)0hn6%2+ld&8(P%-uO=k=#i1+r!eHH+xqDpr%1i8pf#>|10aL;|KV2G` z=Gm&IU}wqkl8nt&wPl|-cy0W)1`*Xmwz;4fA6r6*mJ-*S7~%o+`*#EB31J8^EzA#bhWo8 zW3kH~Xsa}Ca?CGU6!{VLb#Y?v@Gc#nYTGkz65FM;?X13ATKHV~>pj9R*@+MWXmKk# zzV@+;s`AKKEt5ti=x(f8xQ!z)L#NKHyF_8(~5izOD+}%GQK%kE+FJ>+O5DmL7}@E?+@c zPwMlSPFeLmVQ;K@u$ef$7N_MU92s8Taoi!YcE(w1_TB`l?d}Q5+o@iHIFIPz!<^=y zt14xM!I@iGCv0Tqfo~m3-acO7u1X~36fHkh&&p2qTq!YJT-n-Nn+O~+{RECZYb%p= zx!)*fb2;2afbooMaNk$4O7-`>EHZOS`hRg{#Y5%WlkN5ugmZqQ_ zJ-6Yk`dEL~F}I3im|;o=nm~h2E8c1Y5weOFc^?hVWUQtwjX2t($J#0TSxTDoy>$1+ z!n-$%J+dO^(U1C9F!eniQu$2m`Y{h<@6poJyYatR5Ro46ZJ?AePk6{8WVd13WYQ$p z^>g+YY%dj-CnWdKvGH1TFV|89ij`q1-S2vKJeGPttZQE~HL|=oqAUXMGEE`>GCNJj zA~11Bhf>2irfzpw5C3#WmH%nSg<9g8qIz$0=D5w<)v>KV*Vja-v?$c3kq9rg1|sHO zH_Lk=LT@s?^hYS92m#PeH6byeEcp5*ka7H2va0|XPjv_~Fls*8jS1mJ$u4BHovOZv(%uV+dRJ2`{*p7OQ zvR+=g^+4g0!7g{vTdIi{71izg{xe(#h;Hg>SnX)IWAr=6!@crv2tQF3H+MQoHdT(Nk@bX&;o07; zk!LXU4?r&@XOBG*9hO_t@te=?PqD|)$_k>_rdW25WoE+c=zIdSOOW;B00B`Tn@z7F za2`PB-8XQw^mPs`Ugvzp$qc8D|r^Q7|+of}vPFv3OK=cjT7aVL+5 z5QFehUloT}1@4sy{9glxU zxOQZN8Uz(@oX&Asx2oK)cKp~URo>Eg?6LZ)78U6lOwaB5b3#OZ$i_pV;#jsi$8QbqC9L@r=zCByr*&{j>sVMQwLzzb50D_rbgH3 z7BNor*eKDXQd^Pm8WGu|X>8N7I;%7bt)$OgkgkTO zm|rMEGGb_%y&-kR)o{oV$VAqQ^y=w;<(Y1C@V!)uNE2xS%8gXN^}8Hl;xOdkNTyOP zBUXQ0dix5Qfm$<*%Y(h$bGSyu#e4%$3ia$$MV+Ay)utzi*8p@NOJ4HqCslc7jpT@wcB)}!YfPJ-YcM99WgA%`W=Be-rnRQ+AKf)o^&zG%#V|C zv<>_Zk8;w(tt{#-JN1r%4ETH;>{OL&IlM&hJbyQa!%^Fu}^Ac1p zm+2MF8ac%Vb|RcUa8FT*v#VPNy}|WAC`qV_>{{FELUnGBki<`k@-eukCt~EOxO^%^pt`H+D-0WP5#0}W zop>>my{U6kM_M=?Rtl8v;PbARN>80ZI+FUQ{DL`37u#4YCL2CI6jl+zl7b=&bUYz9 zsP@`P$<0$iAR4)fcQ_|A=|1HI*ogZ#uAU8>uCrWQA-JU|=QsYRhvvS`< zDrdd+6o+Ln&o-4`eZ{^CO!^Tgq$2^_ZHu&1_49*s%QIi&Q1X>ggNg$W5@F;UVVl@d z2BE2F?2xqo^WGP;PRB9Lue8C*%r4kqh0BiPEVHF|kgY+Z81*Fqb4o31IZ=3`0x;Tv zOt6m$fz|deyTEs|Ylp&jf^P>@UzQMN^ZtmZjbgSInfUGzH7G5`GID!uS0-!n zr$96kndH?o)2$tJY9fsAu( zD%mxrU44f^Bi(%$_!-Bp>IPil8rck5m`*EMKX*%+&V&yBrWaY|yeYpHWBIK#BGRd8 zt2d^IYJ7>MS2tVMc2<@r&f(nHhY8Te5=KtZ&(p*O!T2u97i1uHjw(_tv6=E&(){xJ zPuTWSO@Ie>dr-BLmaylfwr!nQdi;h1w3UIwrNZ_dIKmO1$M>)=@G?CgUgy^k{cJWa zgb;NmKPXT5VyqPY9H*Wfs#dEs(m^A2Ex*AKm(p9*{C*ii{{w zg|aWtE6o_W{~X*8`!NR{?iAG`g#xs%c>lQBwz%Am zbCZA8m05y;WzGzKEPC>?x=XuQ)l`Q+kIl$2?WR}dmxJ0cP>PUg1`J+@bg1 zlwV@VYVRCza^Tq1jw^-v?4&a>h+%aQRtw+X_^qU-8sRg#|0oel56yIKxbJ^_)?eZG zNb>PUt2n?4KA4Q3uid$hX>lAFte5mfS{6`s5lY?lwEJ;uI^PtK+bNb0Bu}IEfHb*^ zR?Pu%6F@T#zSEAlVnzDY^Q~qE*NLPB(y8AGKtIt<0@G;}M3BYaP1b*rUmuQTnqrmC z2MS>MGSYP+c!Hp=n6ktpO`=b^}&#<%<#uV9@At7fJne5mQQD-|8cu(nmehyDq zx*KPcLu>4gOGo^K{)QS*hO+l8%IM16FN~cjqJn8xU}{Q#-(%I-#dOFftthVs0th6h zPdQv{00L=fCd5|YZ=j12V)j*_$Qk`8$>qdr=4kpsEs#|_c{ue$NF#o?!P!^CMduF! z$!S0sN}Ww?BKl$Ng|RvQU|v9JA@0;&F+9ojxf*S;_adiP_1&)Q*SMqrajr7eWKV?q z(|Gy`U_e^Ktf=yceH|vtT>cO9CYMKX z8XRBk&fM~z8qbXyOov;n?fbzo9b#K6)ID)Wuo!}y&=4zK&qffuSFmjt&gQP}8SP9d znvkks$LM-%$+^W$>Fl{IP7O#}$>HSMMC|rX2)Zo?#ZV3b`u9tlFbt6*L zP7tRRRy9V+F?0(| zvDPbWi$2*KwnPAEs`kibz|%w51Gb@X$Gnd~l63jhKnvOqWn9v@Ycib;}@5H^GgN<9T zLpf-;Cg!N*i9(8>xbwgda|6UzZX~~gw0snp4C}uki~1*NsA+sF~h_oJBQl6S3Aol>CgzG+1e)tXlOO!K$x>X+^Hr(5Y5_er8JS! zCj=wz6#F|Wj(#((By3>w`()oc*y^BB#Ig*~d>3)-;Dx<68U<6ruG`phbOhjFc=^xkz z2B$)7nu|oo<>2Uy4^{jXe9sBVjts-$;#aa{09R~Sl&KH$StJRo*E?;ZhZ-)_)B2DB zMFNg|QvpQOu+hlTHIO=p9{-rpS!fN-!e5Hen<$ruA*rPYxEI_T+`P+6vU}pP34C}Z zAaUt$G%XOeK5jBTFspCIbB3JTA;J?YH$D;#!U-eH(@oKO!afz^zopS$T?#x<&d@!S z`rhQmB=myQf@wo75HQ#DXAV3KM~qaCTlFGt0ErnlyX z$1Vwhu&1QC!=`S{%&JfwGn`#BVAZi zBxLo>d>2r%R^;J(<#mbutIYs?waGP|{SnF0sbAD6b<*@EJ%JTT) z8l1Bt!=us2C)f7OQ(24Yvw{)OP2*}PMKqFCEULJ-eOH-;Q2@bR$&Sus6`Lh!Oy#u- zLHeU3yt3HWcg{3r89-^%g`%fnp+%)2pSh-q_R3IDv|oj_nzUAmBF*y=RMqr0 zPkJh$i$PMamSUtZYg18){&`RR!{aS!urL9r?QEv@EM$=LJb$B)^?0*mv{MbR2%{9`X^M?Eq%`+cI z)%Cl`@3%@s_>w;j0)RfSe8asi9$O1d1J^?d1iuG;hedFFch@at-|=jRQ{?I(WCEC` z2}~c?*{^j`m@J>(E*`VqMJ{SIKKCr%8g1}!a_PPuxKkIO^f#3vf!hxV97;UDUN=-m z!>Mw?-eOr!$o*CjOQZpEKIv3e5XPFj*^QJ>3N#|0a5}zv^e9&4Bq;M!0dWZj&0Up0 zD!uboJTO?M03;BF*IaL&^CJp~!F*T^6UYm|(XFA&;oHe8ZvdJB*q7?WMao6vd%T&H zFIR1o>k90Em7)C<0n`rAjmvI$hspnq<_965SCdm%J{CfSc?A}lEGUAq#TMBil|T3C zZvS??iMnubdJTAc*jg(($ z&~N+Kl@->zQ#V*uLafPVf+XRt?S)f9UCEK}+6DWJMP7<(_wV0o_; zBrALp4PqB{Bu`obTnRDDXv+W2A;1AOp#mn>^>ctt!F6y=LQI(dj7<3(pz;4N+W*<` zE(Ks%M!UPOp8uV8J=o)3ZyvbtKc4Bo|CI&Q4KVLqy?%asrr@Vd{|c!2_aFJ&9D&Qo zdJc3Cu=_Ee6N*}N!L6#xcF*iw^ZcKQC=X!3jVi#|dC$>Ilpt8;x*q>|!_R-Yf|psq zrGj>MzKZujDhFl0*hjoS^n(BV+*%rdJuAS2%=nuia{<%>J-&VG(tlqsU~ZrWc%vMT zS!MnhXNwhB)~oD}=Ke>YMuT{yl`YmkqbA<8=z|y*tx4v;U$*~lsn4GLOJne~c_8U` z>(2x78v`*cd!aHH|IvNl0WmB$lzT0( z)$AXwcL5*x>Dmh~{>19H9w-5iu|HbC^4$3U{r7^;S(_gCYc55dTLkAf{u4Z}giUV# zpU3yV`A);zGv-M;2D3(On{kH7S z#_T2%Xz6=4f_MM<5rJn)3l4mD;<$|*&*^X4ptaqj$6x)OX9b)LfctZ@y7ES=Icwau zdMeH#aW`UZqFSrV-p9)YlNqo1FZiQNR6EH(SQneu-~sZ##2{`nJ9PbD0SaawI5Ji% z^X77NJkQa5ye5g)Xj`5fPrbK>*{%QOy8SVI$(hsmqdeYPkJBa z>vH~~&pwFuhRn{A-$f? z$q@?&i!bFyUNpE9=6r&*pVnA&o;jMkFL3jb-T&=H|L^D3vI1VdOHDM#`Hne* z8@+>pV=Lc_o#B|Gpr_uu?b47Mxs1pnI3Su?5&gY69~|2u)!Nw)Ea-2qMB>lH<_T93AkK|ML=lJg8SKGkmZe9P14 z)Ux>Wh9KcT|Fpa%EdgGdFWu5uUS0x!N*-KUWfN$F=>qqaDaIxIb3!H5dt9d=zXCRO zMZV>~|4_!gVd$WYYgQAyNcI5u@yopld;{USB^V;DS1cq1q*HrTmTPMT9o7A}t2?{) z`}7w@gSqIvvTe>T@Z}{n)|UVwZvh36>N$Q`_V5~on@~->3}%)o!E+PwaK zM77~DriOKbfYqn|{i=HY#9Gv^jskC%?Fyj!e$7SK@moAdV}eiZ*3VT~ z`xw&itUxp4kG&WPjsf8o8=n7@O)xHZ|8bc~s5AzIY|j~Ncxr8e0A#Q*rzQsA#ppQJ zw-FM}x5BxqM$_ECnKC|9A62nG1zLIZj{$N|-YEzp3a9PYo?WlE@APntTHFNwt>FyM zV*>FdQ~d^j=)*Y{uof6bTf`NyLgh$u zGG;75&3RnnaXZC$JN;A)=7IZ&8V!hbh~mp_7PF}hr7etjGr8v-;}=GFj!B*CR7nUu#tCjdZK!+X_~DL?)BI-p_58g=aB!a6D7 z|C$6kN`ir2(QH>utGf8@W`MI1a+z4@Go$j`#oX*vU3#FWsDsC6Gel(B+HgCucNSyL z;C0n=T{A``Wc?R(QclW1}p=}KpomsiG)iLNmm3i`M5iD zP-v0wP)q}QNKJO$ZdYKQ4S67gt9A+>%*+ggEe(tK&GvE@7vM&A3@UA#4u5v|;WLhU zwG`R={P66gfs%vZCP0VrDW?>rC`tkLOWbR1-v>TT8s`X&e(1|_)xQu}tw1kfE>%Tv zats<8vH8)ccaa9+E+uBb1lV2pEvE;0>kq7ILa&Bw0it>a4RER|cj|t_l7@(U(rJ~? z32qLknLf^xOH%`9(CNi^lqs`(kH4_{TXg17@$1nYJ8(`+$dcHSF#2eXUCBeXL7jnz za;j3MI`!^r1lfGMU^rKG_viS$60P`wOyV6Rd6d07Sd#z7FaPsxD zQV<12=HQVEB2IFTv`1+ii0gr2=)tUz&7fFudBk0MPaypkFYKz5DiHycL-PqTM;Qc1 zU;0m%9du%Dd|pqh9<;Z(vl|H6`Cj@##(wO)_{i|`YcpJ~m(yvK> zAGR&mZYvYlksRn@CZrI*eJ`IBUZ&%WJFJN(2Jh_?3>!Zi#m7}6OMdLVr@0x!vrfifsa9h|E-?S12crdN ziYm6IdfY1izS0~|?4og6|MXGg2CP_-vnzw%yDuPwRSv)Os~Q|PH0*9N8QHVpvtK_@ z0-Qqj@^;Jff{hr3N}HMAr~84#61f+ur#-Q6aDusOz+vbeTZ~k((PZ$$fK5^>y2440 zsy$p|?zoEVdr89A?atm2-(^2LFEgzIC36>vTYJ(%SxPr&`sa5n6R*@BZ}nk!s|o3qPB%VN6#KPLuBGKpj$~%fF?(`b-(Z}P*@^GfRoPEGDhQjVy`cO<6VU}Luu_4 zpU<}E)V1ZzK1GI{{_3~)anfML0ML`!!mZA-PZ6iMr`XBDPx~F_GLLtgF*F^A5#9@T z%Xc&%-#@cM#>$e;AbWZ})ue_p{LA;NN^y#k;p0N93H9$)= z-XdZ7liD&3XodtZgxi8WSJ>Q^zJv6#g0QvyYhXg}fJ5HV7{W)BWF_|Du&B9hy`N(+ zvEkxsYu@Syt;>NiBU;Tkbk!@4HsZ^naDbGC5BA?DOB}>JB)7HzOG+zS@w`j#dAw&o z>!%pM-tHG90Zte=A=0n6=xc|-MGx1uvSgV@F*owL28@ehAJXA3_S$Hi_Qehb5CCnJ z(XGwep=*V$N}DEnUWsYcioIv9&&!Kfy>Tdb(Gk-k^i>`K(PFQmKQMQt5@J+zL6l7* zTTQ0xB{~O|sK582Sbr^7HssWv{$2gA*6a9-*>Edi{@1Zst{XlKtG9m zx|q-y?~ON4(j8qU6QQ+0{vZU#oq~#hvp2}=h3fef0#Ya z)2FakE|StfFFH!*i8Q~CP>g7QWL3i=EQMwO((%k)CgR0@4bC^E6%8@Ka7P)y=c*V; z=_^KX`CiKVJ%n+r9C%VY*Y^@&vnH9_|DbgZujzm;W=uSl&&JlsRIgtfafT%y?0EmE zoi@|6maSfE=*`K84^jpe_e=Q6Omr^`#^&#iocxts50g~1pK>}sp^kfr(1 zFE+WwY%GiE3OA6CY0A;#nhaQuBb8#)$&bdfF=~o5?6eEq5;W>v&%A}7O=M6!Bgl7` zanpZhMK9JdN+y`g*G~lflD7#jQ|66@ISt<{YXf z$q|_i9thYm&}aw*K0J4!-?Oy*;5bpm-6TA2kJV1UOf}+gWu?Ay*Agi-_gVAsQ#-B< z?;;uzbX3*Unlrod?ziU~rzp(@&ke5`y_EL^;cGxdyPxbsGg71E*m?Tb2>*qkhuY(a z=x4OXItnay=?kny-#eebQ_uc@;gxwgX-iHc^H5Ql#!Yf!3-u!Qp*}ayBI{GEBfG@) zN7y)(w*Fw|V`>dI>PPx7JZ0#uZt<)oExm(hD8_d-e;0A%i0~~Y1WZQ$+I%Bv^|JQU zqYrhzO$H5;oUsWJ#^GH-N{B##iSY+z%Z9NkdJ@m}J)29euvp#=88{XS>e!PplFT1e zo8fnOGige;K!4;MqG$%2_PEA0A$sz3ZU*orooihpoRpIfMCI$O)G|Kp^>jZZ(?WMK zxIMMAX7P4-bqSf7!x?kK7#&ixF~CBx(D&US*sAPD?D$!ekzk{ zdXJm^6h?HTcE<^h?x7iHDWsN-tF#^&K72t$Uzd%55R(cBuk$A0muFGj!ez9H1OE#T z)=zik@eCL7w?&}E0s3Xb^nzNaAZ*<7Cf_6WitJR9Xh%L}Pmc7-dfk2Z<{E-_h|G*5=nv=l=&Hej;kzOE z{>CF5jj5_{C>G}_H3O3rxH+8ik(6ugL&-ORsHi&ddyQi^W@ie7pnGhh?I zurN|%K8sVs%PQI@AYywpd?U@-QNfGbyOIY87kBS19-S}lOByi3mA|bBu5PdVnbIGz zj+-h#x3Fw_-3&LOo>RGW@a`6z`RlEHa57v8&?ih>HEI%K_1z4er-9CvRc+$Ee;HCs z1m(noYKMhf!zHmmPn9Mp6iw{Xp+MjccUT{Zt_5S8I-aZacxR~9r zCU;%xpwwHOpNp zOO@XbR&JB|#;7Gf;h0rb^bWAvpK@ce0b)^f)QN*sUh6BSF{kyn*SV=}D$$x~$KM6I ztrt9F&7VDnFIp$M3;+}?<404`t<+gcWHVhDS>1LyBi^hXE{D!roh)?&&<{FuLQOzT6)d3TUB z;F$RCWmpm5ofNH%d?(o`FVrc|`pE=r0UJFbh^Xw$N2RX8856p*126tKWV3Eu1OCJb zO|tSrueNmjHq3N)dSJuKJ#qpM^uqx zqQnI21#C1&RffW^%8AYi=O}E1=^w>HLWv_zJ}c=3Zw}6A>nR?j^E^K8{>rHL#O$`t zj`u4s-{`77cHY z(iD8OlWZ#7q;%A05>sdOp_9x_sFGrV9)U!j(O08+izU6|QK zx^z)Fc)&Doe{w+I+qr?r1l;*uJLOIT%1Iskz1KZv}`ZppCNX zc8`^UZ_D0)xRXfz@ppc4lL*VB?%2NucuZm@m|nMBET3D(-N4^PUKD-b;UFvP&K*%# zY#WhQ*g#UANbS(61KV^`u*EDEG4U*=^l7EcQkYnD;3}#!dHa91!+ZW>d#UD4ZqU;+XtK_pRx6 zkkF%@b-TN~HgJ}r?~j{HtWmdGN?=9CZ5JT9`oxv|z80nB~GW7(guZ{`3gLBCk-7H4MB~Ybpx4+AzPH8tS-#7FdlEOIInoMZ4a@U2RtNiKZ=or0d z?zYAu5*%V${$hbYr*u6_i# zL)XoRvgVhzuuiDkq(>$&8?!+j(aMW*CewGzT=qPCZ*Y%8j{MkiOk9DPJVPfxgB>Ky| zl!Wv~VwGoZ&-0xyJ0Od}5v*cUwj$T%Mi80Xw3s@JOmajR4lLRn0m-Rd?%ql&daU7Z z+=yTk+}(HAAvD~)D`oxF>U(7S;C{rzv> z>~yE(RHCvLnt|L>zD}a7UA>pCtun)= zw_^P*si+)k!Q|K}a5GG7kgey0n&$y+3ZRC*OcQM~|1y1OK zWA;AzMg}))urZFmA)o&My;~Hc??C!^3AY+Z<##$3|E~7_f64n0dJycW&V*vgrWu@ zU4NNBT95~Zx5FocLx*YXueEBH&15`I0OeX?nyMa+Cg@d1ABP+^tVqI@AVpkSgDqc~QEEAoX7`2_t6a!1MG z3#Ji;7sV;MN?$2``1U~wC&-t*5il*Im)1?NRNBt73!v4MC}&A)LWeT-gf;G;`ovv_3XaQYZ3ZgwJ*U&9tsrm6`{!3iUawy zUe;cwFcWVnzNv$T+l%>O7X@i@lkoB_B_7mlG#!x_jCc8^jT+XD#sEkwGKAU)O+}a< z{rBgTw(QwipK|IX*6-b=cfbqdw0clON3>9(FkL=AcT053s_JDyJT>;Nb?e+`Dpb(n zfVf^v>i(a+Pha3;@4f0> zT`W)QmXelcazNoJN-TpAXiPHM>@ z$eGSv|GB3!qK4aSB%gRHrleo1(f0bIs)!J*18U`*^Hd=9y~F%Ik>I2<99b^A!8gu8 zwnZ*s>zSZYMb0$qK~;LkW3uE^=}OgHgh%{o%ASJB%%v^@pDv^RO-jg6(A?$Pr#FA}klqVbN6C<62$kqqkG z*@}s}5gV6dBWcba5dHQ>8^&|u(G<$UyQS9OUBw%zRQP=U@r2c1vaC~bGSOw-jFQpb zbA;qt+;8=qhl9dJ1`nt`GG*y8UHs|MDluH0H^T00dh1g1PVeZ3)?;gwJUS@;a(q}> zhx`x>wW1C)R{6+2q74!0)b^i83jyyF+Ne8y%hZ__A33Y9_!5rrV^thV5JZU`Sc5LB zV#_J}UM;ngpnP@yo)qhJ-ev`tT6U7C$gOW^znVGefgo-Gw>ondv7-|iogO5;ZV3OA zU(sf~GFL7!qNK+CNW0~Y^#rv4XwQfFQc1NLEKczlm_?!&jOkJc!dJYH%X zO;T!2gl>poW-!~D`B+jYD&t8ijpK8Lwk|#^5ILlS>6~ZPB7HJhN* z@15Y2E%n%+2-& z>`vV6%GR1=IvkNzS4C!+l@0k$DpQ&(FEJM0{ELj{Nw-t7WZP%C=$q1$y#4CAVV2fe z)@I|Hl)Q$q2B9Q@0BbD#zH_LbhT>~jFK6$dCfo!kBGrTb*38nOwqFMQ{!yp3z^WtL zBV#oGn`!`TTV}G?T6d#P`=;jZoq({*LfwH43jR**yoAyg0^k4v|32>e0vtbH`I}t2 z3^Mau(^=jfJ0=XXYIJiwD=gnWOC63d`Pbl_O$#C-$>4a@7SW-+P1J@Xk(|(9kEMDF z8rqK?h|(=k+1W2Rr;CNs2>mNw)j2_n3 z@%09d+<-IvJL?!A0m1G+2wmpPNJ1(dv2Qkw#xHwPaW)AMJ5Z?ak~wk#fGVF;&q&BMl8_lsS<_xT}9@lFKF7D!f!!Nz5arU0W?@MS;N zZ2T;*jSfWUJUYRkDkkYBp4)KRo~$olNT{Od860MbzogVxQ*kwCdQ;zo!YkFqn#vz-(w^uB`xpjytDO1Q8AhEOv2UI`7GPH)~L&NwV$b=^7caZ!iURzfJ zDkB$}l?`NP9$^|`D|q1vrCbqP9!Pz!Y*_aVh|jeLdwR9pNlD|H>kQf6853eT+6B$8Z?{O>v8js!PDnH z`03Xe-BUUm^NG1oEOS?D*E0s{R@C@CaESGb2mGafoI!%PBkyb`K&c~PBEfSdcjEdx zTS)O7^k?3SgZ@n3BQD{%ymako~z`> z`;4FPMvXnBR?91Ugb@v78SO6eNP%SJEVH|jCsQ!Mt}MNPBA0kOe#cmobsQSYu! zR}&`B0ES+>U@cuK)SWUtx&u+#n0K2w{!TUNi7i~(!PlO8dQx5G*q=GIuWv+?G#4VG zWT!Ea^%~=`L*WeB4Vt@P?P-53E?Wb!y*IKhMMSk|z|oaQr5l-}us+IY`defxI64Md z!}d%#DbrTTF{ADoZJ=*b3p3!IEUrj|YZCs%>QKx$ZPwnHcsqx63=URg2^MS$1g2QQ z_j;4c+Y$1> zn55*V2yur)QzGZ*&z@S5w*7cfcYhIn%6oTdZ^FJfDx5QF(<5<`lA-wptB=Xm_dyyV z3A5$EL8|U6l=&j^ExsZI%(Ysv^0ONn1U%u&X86=8mTmsUT}HG~s!7?d$E(+WrXVH@ zeYc`P6eCdBNe-nU%BSxA{_NQH;TtFO8wi;J{$}9p*3V0_Y$TKG{czx@r>4Db{@2xh zZ*_y0h$Y`S%D#tPk+IzTNphPuK>h#?4SrqLM%{9#e#$at;#nI03ayaOSo&cnJ7VePUX!3`IHS*jSlafCOwCSJ4OmgII11B zxg)`8gs7fF*2cCwQx|MI{q;`z>mj3NpOZHl7e;q1t+zaZ%r15~Xe}_7S3#)g4oYA- zI-u_)%SIi~c2|f<)TU-sGhh%X9>(|9ll$Zwey7ZEdek#D)P=sq0^2M?|4IaiLr&4< ziDp|KWFQ5jalY~XlyFrfi-7{7vIuHMSiBFlk+xOT4Me3OX< ziz2Y+%7w`;T0wy3L67SY*KjeL*YWdO+}h~N9#b3qjQpzi1sG997k$K~p8t=%w+xHA zZQH$76bwQd1Vp71IGgkVZ;6q&uXM?jB+2loA-aVW@QumtO0BuIGN= z=U!jew!Z0XF#O|;<2;Ui{~bA8!|hTL=o6dr?lVx9>(T^SjEJ*Dn|9*To2fII$ua4L zD|v*gH+RJ+!Etl2#tkqxdb_YH2C*P3ue@Qhf^{CEnSU?NV)X(R)mfI0KfL*=x`OpQ zpy0;`r;5MQb}G~$%I=FiMJmb6#>+yZw{lLcFO%QCB)0}ZkG&X2V zZG#usPM9%UZrpBaHboIc#86Nby+eU%*!In@9k*H7hq;bmVS_g$nf&~)vLUgK|3OrZ zN|GP;Q!$z^(wHxIE-DtvJ+;n1#QLOtX@I{~-)d!3O{P**RMRq+<>|crl@~{l0Fd-LQPl55A0{>5iZdQLu4bN`3HeH)Zh9|cru=%}bC)^5|GM27#8WWISf1Z)t z7h<{`GA!GFfNy)WrkQMA!r~4*N3<&m5Y0L-C%c-|&4g=9cQAfgdq$vyA%<--{4_Na z)*_NKixWa|Wo?twOz%w|O;oXkhs=wi*YAy|_AW>I3#~|fAm0_-ICa_^r8nd>IQVVV|Ajmt3XK%R*ye1=di`v|< zeLY&5xNS2`3d)|xRf7T%7Tm5f0Ma^UmD-2wa#b*SV>FKX zX1Wd6`8%_%sUn1U{8z!ght)8r1Q2Ct<#7+zmrda9v@J_TmYP!4JBNlYCky3=4(%Y- zg*&0Ui!51dJK~~R%ls*hE!9e*5q(kS5yf4(^=-!78>^f}F49c6dAn_gctu%%598Mz zymqSGQdRxq1oR2;QW9kg;r%ePibM zR!KdzIfijnj+dp}Gbke3u#93bt@NL!ZeS6ZZ$sjIFA<7syYR>FTEms;rzti;pc9@OVZ7YaehY|1NNLwFq1Y2m6vp7^|b-T*h|rdJ_?e1mD=;ZS;>xa|5M%Fd>7s107{N7o`=L#PK&V- z)5`=QjZeAQ5V{(c<;u$Baozldwsb8|EW60neparxTi_TrVv`uU;p3QH;Pn8ejY|zHl(5B*PrUJW z&cM2;{Nv3jcg)8i1j$?Byf@ev2cJ-1`pL3OFF@40g4U{E6gsnX>?lU%>|u>&5aEyq zm@qf6_Ep``jNhTeyqjR#O-IQ&NWilU??y6SYHDF`B#C5L_qi->X?uws2A>j1%lp}p zw5z?{ZvM>sET~jHh$V~2PRl4V4|+HGp5(=WDaCY05}Sz1MXJ86iTk$B>o7Kdr5%5@Z#=P45#^s;p3Gg0Z81+ecV%raX)q%&fE7-@5fI5 zN`M1s{vDWrRuCinwoS^@nTY2hC?wSaR`yfyz18r-vqi%n)!9YqC@-e$K)DbdDRR?h z$N+_j`p_VtL$zWyao9wb#ZQAwwW>ij@|Qbv#KmX(3J!%`DZv0&Qq^a_>g8Loxi&_x z)?iHHFB6%r*r#8mT}tF7;FD>%*5*Sp);v z3(ITsZiV8ifguwsT|91gw~~>P%i%pNk_h|P{pR-*99zv|tC`>}gObA@14kJegZ;h^ z1d8q-Gq7HM4<>0SZ+>vp>fx7!l@pRLYi4`7`F%@(MrJ+~l00->$msPkP>kJ^Pk_gG z1XVSaT2fW=ctP~_Z?>0&$-gbjsS?&OQQzEWS`_m|N$pNR z?N?QgRXFfJ2l`d~wCs@Kthh+zBp9KB*C!QKi$Ae(e^k(rJKC9Cp~v>)aJ|1gdaT|b z_nfx!YfsQ#&bVem&kpGQ^u-{DSN69^?}rfb7^s^G`UuLQAFP71suEe-$~t?tL(?rn zrG65kWh8INRqn%D&Ii(He9_0E`T!cqh-Nt@Hc}w9{ zcsH$TGQKf0BfF=m#?TyK*p#xFux8_~$*a>CI;Z5vmUR6DoGB*yb9B-{=4@{r&^`iw zrihty#xw3$lyi~p`|OK#!<;Y4Z8lxGaIb8n@25L{LSVFp8@nipY(PkMjGDN*J#$Uk zD5b2cVd6%EY*wQ?G4-}oj-$| z2L&@^JKD3f>;*Qqxb6%_kv9*ZaUTpRuGLeVD^f>glMBV=lxmz&QlYFbSU?P0=|bz- zT=5{-2!>}MT?Bjx$3lIS8_(Ll1?17niLS=$IM4Y+QQWi{h&CLak6E_Y@1vcYKscnW zU|K)qoZ>bryRWCrqAyq`9->LEdgKAro4IR#_L%VdBn~T}Q6>bE$N`gvKACtC-=FBa zX9Xhq_i#ZdC7evA`i#uuc&;=_QL}?9tw35;F=5CkDLOyBbuaV?t0LbdjrV*XhHq3J zy78!jq8W&J3s6-2LoJn$I_y>wZC}6gMJhu>Hq2B~=RVC-kb2f)4Ly5wJ{AH~-a2r9 zuRPR4!7#tb-@@*N(NV$P&z>QV2bWbb1Y!BRw5%?P2F! zcF%Ne;r|^{Ip?3&MmP)Z3bb56K%6>s(m&ipOFsI^1(|y1e&NR*>sNSmowps?OcGw# zGv-t22r`xC%L{qG=WKC4GPug*&O$c-bh(nD1wmgYIUdw#dzz12zWuSh7a4J}Pf2!O z(J;mM;H`Rv&p>(hdUgU)$_rK)|3t@&xT^H(!sYpZyLd+%rBDHhxB2|2=o#^o6q4^o z9GM5QKmS6%qkwL=n!cP$L0}r@No=IBaL4-@IwIXBD7UtWE12OzW{&`WLvvi1nMd?n zq!DRk&}zE@y5dt}2XloWWsz!k+5#dKl+>^nk%}E<-X=e&3X$D1FpUck_l?i#L#6~c zKMIe})8kqmpwTpHJ`Y~a;H%-5|Haxr_AA~{>Lk+?UNa~nQ0}AFkvg?Q^s2Ig>tRjD z-#gU%BW-uV^bT&8w(DzRkL#^!5FA7Zo6j^J30b1!9CA^Ibv5(wyOl`A{1tG>W-T$1 zt@~VNb`o8V0RV@12v5;ir}wKE1gD@sofUZ#pnVmg-m=wR9ZDe;vk=1}era1aF+4O| z@z5r{Y1xL*dK$=O;TaCKmbl)KwdFalA*qVfBlOAaxwkJ_f-mXqqO{_Nss#!+v({^z z<$tY+MXJ^u3|GUfFDwC|RPKC~ow0Ix+KZX2l1nT2x;^!?rTKtm>zi5At--TWT!BX! z9fP2GhLdit9ZdAIrSJAWnjxXzYDPx@i!}Rr@WaHzSNrZ_v*qbteIa|Me5+P}!H2N1 zFm3kDYnjl!(_?S--egMAu|l&W=7LUWkIwD1^wIOK&NZ z7nBv?gu?xPu)|w=sVnMb9{P4+u6ynZM@R*h%Rr*H5BYC=3TrxzsKn3$4IdbEs!pB z<2B_gUL|WBn=mS|ki}AMPt_UQ(GT1Ktk-a&GgX(#g?(amrAZF>9yH@&`iL-)au(dS z25ry#S=BST1xuCiXik-E!ZnfR9Ec8r2VyBv-f5 z0esl*!`wBhtdxW~)Ny4$dKyw?@1a(ndo{$=IxfU-)v} zDf159;Y%UUH)A5Sg5Ci=+8Sg3K(TQA$Le`K=(Q(HPzzCytlecpin&5W%ks^6GXhp= zIAtmK!bqDxZ#onweWO}jq>aVfNRjx50A+GQgKo9ia4w=2s1ooarha;NGmIut2L7q3 zMqJwpF97a_em8^DjY_MHQw&&^e{%l7shL`wdSa>UC0+Y80rTOc?fEbf6sbVv37UV- z^>BG+5`ASE(NV=HjN+^HEU|6-vL}dDe5` zf*Jyt{{ijc#_GLXPqKwMBAUA@>)n=VAI;ZB!`h2$ycZvECN#77)CrvU8R$e`gs&}R zy40?u27X%#33;D1`$a@2@wqgtL0VS{D0^4gC7^V0#yr^4wTy>Lk;M)M=oOf|pGdcS@~ZM>d*Qaif?}22%*_%V(vy^y-@@slLle#uSw0sJ#wM+qx+&B>TpBMp44;T-Lv~?; z)>F)#l!QVU&1Y5Awv2C2g=*dD{TC}wMwR%f8{pwZQ6t~08|Z{)2*CB+{^^*Hx|WB zsLEra{BU`@=EsVrkFpn?0YFCq={bydkTpeTyjT#tNaH?TFAW@w&7{STpTCaf+?emy zelAb1*M?-9rgEqdbjEZ)eRo#9y(EDu%=1)P>q%XQ;Kfe$q-!#TKz9ZQ94~T!n`B9a zw+tW4^@n$Wt*=E12%5M?B5Zl!^nISkpFFd>ofGWwD>TCjY0-LfZBrgbx5wpb+Cx}3 zd!RBZ8~4UdG?2{%hsI@0NOGMrY+MN%20N7_lfUY+DO^XHfP;SZXZ%k47AXY^zdA2N zFONehzKS?@e@5&9Hj;fhw=ag$gWxNmP`W;V1u4;1Ll z-m2AnH*-+vgui6`D!|quJe8vg>e{fpnLJWGxY|IQxOf*q3JMr>5BFj^dff*1Sym_p z8d5F=-jSD!>mr8s$yVKdSf%oj@A!#wOlz-$lCAJ+r(7gMFWwTpdGL|+?hRK|2tES7 zof3+Mg$R}=S+8QrdL{p9PSW!e-_gb?I!U2y!#kqs$G;qgtXV^%9D`==K7-$PSiK|b z{L-8ZCz&}>>F8J&M7tCinKCE28KI zYnDMj2&Hsm@BifC#)xO+ML%?^CXDLu4L&>~oj7rJG)MQ_cgC_`W#Fk+f%AZr}m=6)A#|J9@%Bnyr% z3+(pjf5IZetFS10F~#B68{<*$CotyLUB!=W6_*D!X1}I<2(|c%x+diyG4#cCqwZs)!6Ss+tn?{5P+v79asiq{jDYvzB+dK z6t^5&(G>!kv_1^<#RQ44OS+_;AY-X=do}9QMieaCdY7hKZTGadKg@SRNjZyFuP%Qi zjQxGvvSJALyx%-Ri>wC+|t16&$VC!cu8hC_>JpO2DBTn#af; zPhhg7>}09Vla{$^CuBZFRnUCV-UG1DRQv7nn-8Y9Je+36gBVS4wrAY7 z3RHNifMpTRpz*HSsKoUEZYGo^u=1T#v@1ZJCkZ)^dUmz>IMr zLS|e7O*|X_AS*Njx+-{nf0{v|f-^bi>6j2efd`!aQ|%6Tr_r7#(cR+fz&hly1N@U# zajBsRD)!bC;Yg!oTds0mK*Qrt~on!x7+rigz_1iO&`50{*E z`E6$ZpT0xwAHVR=FZ}QK|Ibgn0>JHSV*fEO+`2lK&wm-q|IUto1B}UA zL;}BW*K0`zy#JoMkBNf+W^nxTk6+zhCsHDp6bOy`iyYAS4JptzdXwKD`Nu)}|Bn=S zf5#qa&Zc=X`)9EBd;<6MMfMFZ%|A!+pP%^W=U{X{55RcUbM)sTaFCvVD(&|Kv;XOH z5J6rxb`wv`pMfuo9B2U+Sd76VriSS-gF{vTh37x;?I zYvba7gkJi{FuqLz=S$0fdKHb^dj1R>#V5s6q;1HRmM+YW?Vp3_&rkjH^Wrk(wVOsK zXZ%4_d_`_Cw3_wf|LNoSf&s?of3=V`+S=i*^_Oh@+d1`bKYS0~iYC^d2m1eJ`qgl5 z{C_k3|IV52Y2X2J&v;qxn~U>^wIY_y`qRw@t(d_9r0d+Gq2&^9z3zYJ)%@O*+>x~& zcU;G_-*daz?mXzWCUwuJl)pSG4f|`X+Ja9ly%FkoSW{uwv(5xT07gH z1Z$6f`4BSsq00>YXN#5Y5^~k-rZZpu^9y%DXs>jGCqV0@E{~v01(eE^jW4XVcTYZg zI$Q4?UT$@@&01~0ck!PM`@Q}CPaD2e2y&b27-apk&7~r@>)0o8NF}jP%ooysi7N{w z)4vva?q!1gebdwPc_4;x-?P8&{$Ec4|K{I~&Bz;Rwsy+>^U@z7jWpg@s3ISLDze6N z+pxQo-AVU6J7o^@t?`%`UJFP*M;!U65|G@DxBBk^{69wlh=06pA@{~xO`ETOze9jD z1e=5J)lo>o1#o~W(}+&W0KdreKjjxOBKHbL&#b@L6o6ku1^xo@)Rp6H3h;|CL|J#u zj7th}jvW4@%~XvWxs!4q%KX``GLbPJd*@Z+xDgg^P*2)+6}3knO{p61)eBx`jQzYg zVwu_dmNl~M{{OWt{^RpvZsdL2M0#iZeo9_B$mfs#>k8xq2OuXF(Gm_%!S8EMZKk7V zwcIPiPze^M+*xF+sYi8j~mf2qxwPj^5yxX zhD!+9<_nNbkeiF1?*l-Gq5xzPLsEWUn@uqjsdvkD6V1V`!`YGkdl&DCYeZ6Eas_QJ zZEf2Dx#y>F^e7-8eHW@gGEiQ1ahX+Byw;yJAFJnpaQTpPv2=1+c+ieE>B=3PuhPgE zkf^kacT@74j@c3eugyBWLAP6^ZRQjpkj&yEQO0rM+b&=r7|Fa}9t4n>e*NhhhqjB; zEge44HAV9?spnq&EF+MYHOvEQk4*`HmZ)yc+uS6ksR!qu3}?`3U3oj`@^9voXe94C zXf>yv02=hQfnU?H0FK}T7jj0A8xiiFp%0>GPJTS7xMXE&hJ90&We}7xw!u9)v`RF#Qi_~0^U~wCde_Q!dGwdn~Bwfj1u2=+aZ}8<;Lo^jQFA@X(7D1 z$Nf(AipcCxlvhDl%*V%(rItrF-csi8n)$In z=`FgPU?;N!9&kPPPAjglkMpKovPRT0vYm#od3qdGvFG255996Yq<$;V!RU;wtYEKI zWQUP2Y5eDl$O0jp=Gnm{UJ^epE++TS_bN2R2X$7!zHMgh2>8Ik@ePRWv?2!vm#4w(~8}ORKe3o>yXCI99C4~hr09{fKq!C za?|-Cnl4ym3D_k?h+hzznEgI1O(^$5(EI{mC*|83Swp~UpictkI?0dzTc@4ereyDJ zc|qQQVVdf#-76rBO$5#`@iHG1F6M!_URLRm84Y< znAArazOPk3Kis2-lyWxWRQU;9Y*=}IcLu!(RacF#u-_Tl4IYpkFD&(r=f0G^v=h8_Dyg>2NodurB)>6YJx!qk)$e zS;-!*Mmj&M_W{1jblrH6d*}SPLy$QMbgLueQ=PQnYq50&U!q+%>EdCxZV9FXVCE>2 z0z-V8!0Ec;q^PORn6MMbtB7c5GOI4^-x?{@(zwF1kka8FiI7+-0lO=68%TUIfV?n3rjr4P+WT|a|b-R_wSAQ@@# zoYbxxvE;3YLb!GI$pTxa$OOc)0_dd+b+$+Ux%1Z>4=4PGA%35vE9duEdRzV;Gn!#_tGE*!Yl zi)kc%Jhl;|4fS6nPsENg=J-h*Om&HBL5Q-69@;yVS70x;hW=`1H2+Q7qgPu!Z+5*E z-dIRyaU7ycbmV@W_Z>p(O|F$L$_SLALLN>|^RbTbP%y@cWB(P)QjZGycjVkNI$zt)u?k#8&6| zCXDbe3{#I+4KEX!CX&Ns%k~N)%kw@@vfxy{g-!v{+9_M#jW3xCThbL}5@l}Ke-pny zH<;7Fxegk?q^Fmj>g~SbsavFCF_kWoChxxcV`1?rn~VY)Esb&6uc&YIG^)K_P1$q5 zUgOEQ0}6_HREGW3JtrtXSRy=m{9Mg>VvXf6iJ)~hcap*c)Oq93yPLL0NL#OdJoTrd04B*Ur2#N#2 zfiF9+=vbOaI+l4X^*Q<a!kl& zN#HosHZs|TNE68TOpDuR6_j-L;zoP@1FL$Jr%{)>iG$}RnRS2ox2F--Z~J)L8U-}9 z5$f>Ks`imY=IJQO7;3q^lcdmYp$o3kjmp#$+VBv2^#gLvqfU1tLW=HVvM< z4umZSC$_^OFRBAfqv#MB`)PI%D#Ww>@fG%5kY*mOD|C3zcxb1C7>w?RZ)pJ`h4(H@ z)@-8A@at{io^$`U(DOT>KH-?t+vd_*5$cUHMf0V0TB1rw%O+l9U6fsl>qEZ6(zW>rce2zm9eyt5!D z2V&|aV-&P2(9;Dz06np_U*L?!a5r)$G$~NqiY@Twb+uYXp0#$d?n7Z7`ck1@@ivw6 zhLnBc@M|k{(yp&h{D0JF#>in;0#_|qqwH(X0Eg>7i!wuBjz_vo*bue~ChVXJim~4x z;C$!&hmdwMUtiY6SK~=r^#aQ~%HH@4xp2?^nZ~`B8v^CZ!X079?_#;c#(fcGvjX3O zag&p=Zd?+7H>g6-~2IJoI&zzQuR>xI@Q2OMF_>Z=PT zRE=e!)6}vSTdk609oU6XUpqN_Ig-qRTH|*PeS>O%$ z+Sx-J#FiR${Yi&C0e65kjFAJ?wrYmsRIvSde+eG#-~*M%svdWGdQFMYOU3of6lREs z!go+8Ue78wq@vppXq$cZJ38S1l19WJSKN%key__@@gZK38fR4H=342eKy(gKG6$vP zN3W(~%FM5XM;3mSH@&gJF&d%}pVj{z*Hb@*-c(cmB7oyr-DFHnx`F__!;s*X4Q;b^;#f=91$gbzB-l_%r^?CYj(X| zArzyT@qql$VrEz($S>i+aq?AM^f5nAQ}Bc*AqL#Himj5N?t3=AI+q}hV2+r zk;^4qHD!l7nY-AfWz`qS($C-pG)WcoByjOF`;+u~TQ>6My!wNjNys1|Vv@}YuP(+3 zn4TuR1FOZ_+r{U9@~`8_)2)>Jm3(;qpO`33QC8=+sF-7WgPNTj9J+>yWxQza`=9%7 z3xWouX!$Q4ugEzMQBanl0J{X|V|ZT@^o+d}Ns($o9{G5<`tB-Se7@ns#}f-XJ$U|r zL+$(#ChuxeVI5v3DT+_j%Mr)W&AyE&U}?{?(SJ0j=s$sIFLIaCzg289RlVEIK-JxP zSfV*7yRt8RGp$Jjw4u-41Slr4WMBj?{m`-l5OlEz#H1=cy6x=VpC1f)^E6aPdreIt z1?I{Jm*zn8nBT+7=n!eN&T5b3OqE+Oy3Lm1%;a~n2_hD8ecd1ULESlc43YpWW7uIg zrh+O#=46V_ms@SOBP-FiKbsgE@)rZK@g~8?_X0h@eVx$6UGQ<(UX~sh-NqKv@wP(G zGwi9DHq)>ORe2&5Jx8x?X3wQszzH+Y&zxmlNe}$E{SEUYb0x|ve=@vwsNn6Wuf_#Zrl*ig?RKJ6LZx}14B8nuBOeE1)_ARSi z+^G^_@>zO=Y@*`y^OMDhH35%^hox#R>V+A?DR~ziYdc_oL`hqE;fFcDeNFa&C2t~ugOl=UZ%8>_{lO{PO)m=T~X)J zga&L_0$A1H^qXp)G-sXN$xw}&PeA{DRX0Jh)Spgb&($3;%crr>{{2JOFkjYWci1v3m%?UXg_=de$61>WvbE(W zP~~>@!5Wbo8&b;dRK&@tEMaxxYz_^TOa!#)3;uY+X-yj^xTUsgQz;H(DNR(YyCEiIGOhKZ9 zS_K0zQ@rHVmh7t&rUsih;oGqZ!)O>-#!(sD;_hx3lheQPa5y$&c<Q*$r&vrxvSH-Msn_Bcj|#A ziR+ghu+haXy_O_(72r6Ku30ClJ+<9JiNc0r^3*R^$%zb5-``tWIH9^v))qID#&=W> zn7=ycCh&XNm63IRj(QZT16jw7Gz*`A}79}Q_w zN0ERjN{lR8%rBi&nF4e3yoB3XXSuJ&_IokF`Y};pV*h45M z#?zIHLI^2sTgs~>Kdd$_2}e~@%h9>i7u1IBKU_|hqAP*)t7P5_E;tus6Z*{)oZLow ze%U=-z#$O<6z;LF7kt>G+5oYNIdi`0q{`lDf@T3B$`i=!u58Asym*>a%6kpfau9Y> zW~teQ z8WZ9kcf2X=q{6-1G~nWOt_JPHjqkf@*T0m_rf#n<+^V$cg zP#W?#eJ^>1Ca8&y(>>OBc`;BH@~`#&tn4ox)#XMs0nrM-k|P4O}KB&zi>l5Czb-ug^0vrFN>rDtuO~r6JT9D%+V%wEX3t_F+!@D5<4XmI3&+ z#j*n|jWhSrj_jb66H)85=`Fd2T8{Mi(en}R>o(WkhEpFFnr!*?-ew`W!Is69_8X@3 zi%~;tlPs1kjc*0F@#C;%YQAd)t>BF8r)yh33!%oMB=iR+k;ZPSIw_XB#bU3&YfYx3 zPeTPNoK)Cbm@{2zL{ppvI|jU#!O7L!0Z)-k_Vf{8q2kj>l*ZvPoJsoDLvoZvE|bV_ z*xn7~y;q?ZrTUJFcl8e6?9iv+!8YZt?8=G#UTV?`S(R~ppXo7jgQ$@zI;n|hWk?Ty zOU5(Sk;buW&{<@R6v}9 z*(Zq?wlv?97|4J^Yh}{_3`hO?$$@DF*b*bxt}#)GzkZ>#p&5T8*P2K??J-*>l=Wm; z@hhaV>W14>wWvb}kB8$WqO*8t{{JG0R|ut0cG(pqbh3 z9O>md4j4X?(;lpmJ)Z#>T6k^dhJ;Jtsr)YSN&?tts!>Lu$>%mzQZ< z?SP>a{rHNZgoOtfN*zPkk7hcM7^VBCFZR=5!2%(M!H}f=dK(X?F0rY!m23N>AcYcf zC)>`(Kv_+!RNFVURf>1fmq)JYl@ zxxR>fdhF+|0!t>nUiHip7hNgOeJ%#xvfq<2nc<3&Pbo_NsXU{3#Fp9PMy^xt_iBEw zVf(uomG}Is2y@4U0D1f?)k{lU~Hd* zSn2#05})Kk_`M7(l`EqnY_e2c7f~M!Oye~-tzQrA(eiG$@kWLiJ<=)xBD0p z@@c0!(8J4e50s?i@u_*YvK-2Cm~#Q$FD?JA?*?aq`2Z^~(t$NJsh2!0%_agdBRV}{ zZ}-s55ILd`A8{SJl*;gdZyqCB5gobY@>opvF@Hvi&~nE2LYvqJXW*fC-n5Z zpXMY2Je6u}QS=n#6xxKl(E=pj2?fc9iFHY~JfZXrMD{}{mzNB9UTRTT1JC6pCvAP< zmtdni(#Is2+DoJxGk_|nG8Mi<#`Cl}gPlhsHPOLeIZsX-1R1B-?>;WAX?x-F(azp1 z4*x|*DAz5e7xF^#`8K%}=g4lJBfV-}*l6B(T$P`0G3Y&hRtocHAuIl%19y)O%-bMk zhz|2zgn58d0?8DptdxFeAI7q6zwr(T>s#M^)E7G&kW0B~&tE~N1=HSmQV@Dqa;p09 z_3_v*g%>Xs5PT|!>9i;djMS`f!Fc7zJupf zpHT1FMxfebotj9=qPZawSFjGw_p1;%mb>&9Rpiv9GGcI9PKdzM_C8jIAM{d% zvibWk0l6TWLaBk_StWOA(p1<(+mhyc=S&FSfv?hRS*5#afI$PMMs38%^$BW^;wMsy z{3M*3-6F1v8lK#TigtN?t=#xv3iuzf_yB;|a9#arw&%~|uhy2ycpy!;2R|KD#+??` zxm#{@(lwTK!TvZ5-+i87cC>`)wQ)>YNXNF@M!D)V!M;ZbL&~#pRDDv?wOGpEWFc%!EM97cXDa6yA_X>bI(IBB;GIs`ZA}G(Htk>kjqb62G-pEUBXgRKG)`jGW z?#vh{lJy;sD|HySJqen?Gvzq9EE^CR9=%;PJK2n@%gGX@j9?7FU4$7wMpBj((ey1A z;+_ijj*2T44f?~S9pr%#1hrCrX`CsmtL%av;*5T}-rq%Zx+cBVdF&Bzxc7eoS#o#9 zc{|`Q(N8W<9Dr&}$3jcu-v5Cq={Ycf<=O2d<3%djgzXNb-`2YpsVMP)t36a6>k~cQ z$BB-p82yKK?OsGWlO={K532c3Uc3k(K@kK{f3bsVLV=T1!QD0?{n2*DYVOl0d%J!I ztsQHvrQy~(CQP*s=m#!3KTDfdbJ~0bi!Mc8Z~PXVpjJsYwaotarnR8!%t1bHSbul0 z!wrLLA)%4+7copy)j2^1WO%O%yVUSuqX%5=W`w2?CAE2(U=mi0KIeCm-lrX1G;?X# zGK^voHTRzh^n6_#l0NpQazl@DZ;o)QF$~#3{4HgB@d%Tz!^tDA0`b9eiw*rqy)Q*p zhmM!6JR`9?wZ8SKo?n_(RW{ZS9dT7lu_Zm6j>7Mo>PKk0t*3(1kscFh0Y_~Ya)m|s zTgvX1r1RaG@S?>-?urZsyS6eB{!I!4=1m*>Yu#9)4FDqRYz=fY=*M{UMyc)*s;Jg~ zbChNsMW+Ia3TD#T7!PN22?3`CvCWg0DF})C;${%G)rtzm^JOwp&v;#Z2IfLhBar<}+ zKh;)C%+l=bezTO?jz2e;4n95)EU1{s4Hx8nBzD1(pCF{T{E36bc3Zq9FK7aB&E|t~ zytj5-rl;(eYsvMn(>hD?jqjE?L4$-TGkG2rU5(}S4pgHvrsS^4ZL-(fJs3up?iW?W zxpm}(WNitT(;2qi*}rn;$sCD4oBe<=p>m~uF|s)j zLv`8gm)$;uh;5cFoa7z!fT85IJ|(A-|=xx^x)XgX|6z zK;=N`5zgx5Ia+P9=#MHj_%&Za8*vT_H!&A_; ziRW(Gnx#bjgs>U6oZ6yZTTQ04LkSZ`bNg}4Zs$RaY_q6AS@Uwxa(C#a>7-MaRL#tv zyja}Lc_AePbCB)6%VqnE6(q_D75dN|Ke9^S>acw=eWuQGm-;nHAj&fG^jDi9pn|Z3?2dVM9hAd6yHVOk+pbUZC5j1o`b0e&QcW%rkkBDEsGr}V zw7)i==Gi9{jW8Wt)>p4ykZ(RPWq?eQvC)CJJ|V&>Cqc39N5E@K+m1t`$&XcXPLum= z-E#eJO(!Erd;Bd)By}`MZz^rs9+00(pGj%C*LN(7SlkO>nZUE<2|h$?BbjYMo*3+! zekCYQ!uBE|suOlk?$F?ob5&PFjYL7mv=91&wu(D*dK~d+I+tQ9cnI6H$ z+Ak%iu#zPQC3Pr54nSv zct3-A0%VSKm}#T8#=Xv+Vkufca@UxWNd1OPQW6adDtvHi+Q+Re20 zd9cuz_bZVpjG9bhb@i8g&&)qrgXl!~MYpI~c8DpbPw-KC2l}CyBf10I2NN!;0M(iY z3J*kKR$Wr0ME3!=W5%qF`t4|$;DuqXG8 zCGv_sOKNPjRvZ>JgFr%gB*6>awvX zPTe-_B$yv$S{w1>Iv$Nt8kirW{rDe`sL$7aQUI9gW|5)C?(*uEb9Q|3yDNLJ$M5TW zp)!ML8O%FbT}ds6oQnRZhqtoh(?dzWk+<9C`4+e zQGMYJuS&W#1dSHPRJew^6AapoLt{Wo4!Yf;x(^6%bs{kzp}QdL zpgoBkErgUM2bLUpQh-cNL&(@?JB&UzY4Fj|MX}%f4{eI27zmsFZanaG800j z;*qV@6wJ~e30E-M1t~Q4G6`6H9Y%?JODFL{96vf?7aKNLMF$`$XJq)b*@lpL+~jPG zJ2{N3?jZ6A*{PToBp+?1R8~68q`GC5!1wyq6ZX~i>Baqz;m^sv?FJrEQP^=XmeWBO zrBT(E6wyu5c+$cOTeuS)GP#vPa^{5e{J#em1nFw^ws+BdYu{!=U4+jhxoy5FFB%$` zJvo^9UFaiV_u?i>seeh&0_iQhgX8Y;I*+PM+E;FhyMFC_;;_qfn*0bZi9T7hfy<2f zbgyeGlc{ht- zVcUqv%BFaIP9bw_1|yr-b<3^9qUgYRVa^(T?O#|(B}{TfF3G!^=5~kbBq}{aclXuh z^Ci(j)efZQ&r6VoSFL`D!%pt?%;Sm0Wrz>^1KV~duOzI2c5jLb07AkXEaflP$qt%m zUbvm^A$9hksrcmRd{6Yzgni9SIV4>ULR^8hgDe!}GC&ZH;b}Q_c3KCxJS(!rSA4y7ty;9b-J{O&seV(*G6d82GXFXB+IAyXQXGACj^#mE7N z(C85qrMmZttV`mde5>y?rCpHI7kTrYi<;?SyL1 z0QqtTdGuUclgJnE?Kw~wAH4ZKKVL(nkZjxYqhpOH4aa51EUzFJ5%U03e+;zJU}2Dn zQTz3Z@oAM^*YH*S!P^AhRE)YuSm%pX3Uc$0M5qDQ;ev#ItEmW(p zh_U0VHpAI<={vTj7K1o8_m8sA7X{`P-ERbDLahg6e>~!V7@%S!ERZrl1J4iJC05xU z8XC2bT^K=q=qp8yV}a53C>tDJp-9C%UGzK{I&O&a2mj=Hy@(l{1#{a6kyCJU#{-DN zrNUUA_I{V*5O%5uHZ%+2Xm}ru4|ZCHqe#9yLX;IMtxI}C>mV6Q*t0`1BE7G%dRW4= zLfpholO$^t86jC)Wc572hK^q)L{C4~;z4U*t&NbNuQ{)Zd#%$6y864o{_+ws$&3Bi z!is6mSO#N33P=?879#UZY_pS{<~x*$)Jp&p(IQ4TJG~Ql&C=$FajSp0>tL2uRu$kE zjV@%(_(wNrHYhuA92F`f@wHXMnG^8x1h0wB$IMoHl8<D00})szz5cqZO6)a}Em+S01AS64!ozcJv=soJ_mTdUse!s4>``dpVna zuLu7v!VCz}FJ7?opdF@_LKw6a+ebtMCRkKe_H9!lgG<|P(Kr?6^`&SXfkyc|uU@?i zloU$Co1;vZPQLN-?QXY_@}%QJ@UwpPLmf8Jr2?ii+R@_#BbXy-$2nqT*L;Vjw`K!m zJJ!k{sLEVV#Fsxod1V~&`11==Vhg$>`(Jpd(;ST7I4z?!ZN(F_K!0IJg00M_t0$o6 zrD@|M9T)+I*n{kV?&k+{0Stwms9Ah5R3w$$KL7wJt5tH?hT|uFowH)E9SAm09^s<; zPtjwEl0)qK7z@xM(IjdsY<7uZbL=T)JOx!@6<*x&I4#aKcjFhEN}g7TCm#L1M8*lN zv(#=uw&E%JkrK%UPas-jU*@H;mwlH)k8z*ObnwW<)oRnJFgf8n3;!s-3dp&2Sqiv_dlxB8N-9m`&?)|Lw{!KOsXHJ=L_A7CB%cmFIs6F1pd62m*BS~D z3u5*|?U<2yJ++>Th9Z#B|5ey^$2E~fYbh(bt_n6pX%>poG)PAXtB9a9kxoEi5$Qb< zA;gG)ih>9TNCYW@C`DT6#7d-?h;%}TB0U5o5K1E9-30f&=k8CIzqpgkDc>nGnK}0y zkCC>hlUmLdt^K=#`{z>M-p*p46(M$CeDrRI#KrN5k3L@;eG6YS9xsu|8a?qWo0{;j z9|!7=iMJ9KT_`e-Y;qy{zjF$qWKDw4>Yjq@UCG5}YVd?PPw;2a#=+dhY0R7jOGxcb zyKqXvODEHl_LrEwxZEQcUyo^rY-3PF9Gr+N-x8R??JK7#o^kYsdD?zL|Io+FD@G)- zFZIUJ>w=+3%1dSrf9<6D^X1%sp3ynmNs=y6Lidbp(+cA$JcU-P!% z(fB`aT))nvTj{<&b&Bj$OWPxG;O}hO-W=KKVf7x-dK7=2PmS}u>oe#dv-d?}^?K2J z3Mw}))SZY==$|xug%go|RrTszw`|mI zLtjvy_DVqK8`^H_a>v2?v6K##2&3Wt2Lhl+u;1e?l6(<@1%CSKGcoR&>aWv0^TX5w zyupClBxT`7o52WAySP4`j!QK{$GkZzTQb5bbh5<2ve-H8na{Vs zcY50J^Iz%q20io{q1-n+0~hOX{zIQ?tDE*|?r96;6L8<jRb(5ZTc-14G zW((8f6-LqFvL-xX;fLluE!@c>gB$fddM=Rwzr zcAmj&q6OnlrEPAz?3-)dUmk*3hZ?d7GwDy@1y|cZJ&D21Smz-PP@3cymc9XbV>6Q5 zgNR&oTABRzL8+wt7S%C{k`K8TL6hG`smDxW8Tx9pg(3<}rd=#>Q|``&9iHfOw>JZw zh`hF0!-6ecLmw-Co!plvU6c{d94{*sB+yIsM_MDn2M8&rIbIxQ5l9K9njjZ_f z@X`j_=^3F|-5_tq=F_@Z7Yy~FK(-{Q3PB7<(;&2-FK+etS*vqPVn= zW3>5Jd`+~2?oyNKrCx};5@x#gohAm07`*x1(A*%<1mW`~Y za0X)Aw85vBikxE)G9w*7dz{$1%&6BL z8DQ;M48Sc6q$-cr5nB6|!6@nxkLqabD^1i=c#_M4jX1U8b56C_%97b}4AYJGoe6T2 zSvW8M20`^hJZNX@XQ9?Sb}_0&uwfTjGx@k%-<^J4{pE20W4G3L%FPpIlStr>ZQQQ)8n8W)w+RSz|HV1XCCt!n@m#+W7LF z2%(HLC}WX}m~}h=4|%zJl+sK}G2Qlh^2DaD;2OreXw8(G^t|sGvFw1^KSNzkq`I|v zx+`P7CubEGz%K;CA5o`zp0zvXBCY%TC@Yz1YRz@S6+UOWsNO41jTg=B{l|P*%)$1L zk$6?`GDax@4>3K2V%1D)K>I)kxU_N-cCe=9gO{Smey}&NDR*g_X!#z%ypf8uFIpNq$FY-M`_cx*eSd?OF@CvWyZ?%0$oINCM_zy zeq0ejKbsPUofoJ0T0IuGeBN;A%7EQOnk9HoT(4Y~t4NLChbN3q#P5#A#?WnRKiu_> zaSip1`w~JwW9T{HS-bpzc69)<BI980chd%B} zVv;Sdb!8R0TQBYYeMjwL)AY*sY^P;-KJHA$%0(r#^UU*T+w_GEn0dkjZ4)1_!+KIQ zu_&o~mj+{^Rb9IP z3IUIo5xR5`r;@c3yL-UC8v$#B^`4b0pY-m1A0kxr$J;(oC>GJ6ak?c-n+D4mlHAi% zlNH>031tmIXUi>?7u(=(6DNfkV+bi?h;c(8KJOOS=g-$U)lohE}TZY3GfiyEVfv zWxQWPrjCdu^zD5*LbmD6O%A^+?-X~|$|0c4FBh|ENg{3 z$H$OH8=vMG2qSei0{%>*H!VIEpF0;gipca54*7tMryXON4OA}IyV`r{DuwJhj5ph> zsh2#iq=;uQ9~#o_vDDyLvP+2kmX>+BNpuB378foHPR}~qKiU#qHYffe)wInHnzd# zId%FpMj?&q^jEqF>v4^3$T{m&+@t%BpX%96s$1~V=ZLNFZWsclMe1BY3g~smeQslj zZGo|IU}{)R1K(q+)(yAW{%{tJ%(qn=bcC7D=&=2S^ZW8AtFv=~nm9Z0`V2b(SvGwS zlT^L64@0w<#XgcsP}$1`xF;2=>x?ge-J91Bk5gOHng_imgO^=S)Px7!FPiqtAT^R~ z(X5>ev=&U_Ab8Xpw)iEQ3`UAoGCK1<+=F}d)wwHeuE;muon>Mxg%xOTeUlwzhQ?LkvKYb<3y>r-TulA_93vH_W7H)Ac zCKc5e71Q@NhCasfM`N_!YO&4}%*C&cWj={L+G`b1^dRsScu^Oe@9nBB+_3M36MB-b zS2)0-xkROSmXJ;AAJNvu?d^>Va5zJGSCq$&YPFTH>`G%~REpgXzmLftMMy4dFB#iN zeMp(-Ii}nqx)A8q>xSzsqPk2_&p0_S`%CLb)O2b2`V8gbmCK!2=uA_9E5%S^7_#i) zYFo^|#ZVIeirx0ItYL97Fix9(8quPVhTE06e8_t&fR?@WQaY))e~-`Cp8A;ZVXP>g z?)bQ;q$4LlP!f7=9a@T?|29mokCWXG_gd=k-&T0Gk+NO#h_so&Z3aS?uz7LM8PG2d zcs=ym%b?!^zG&(}QU`!xi%{}S2O(*nAF=)AV7h%q-IQAcQf3q9^ZK>vt;)op<)_Xt zT_ewh4hz#qha&^FbGWUB4bw5} z0>x4*(;5wDum$X4_0W<+x)J83`KAp!v?eAj)w!|wu^v1+B7;sl-HbTlaZs_9U4%N@ zbnv_msBfP75-pKF`~+1F>(-t3*tXPXAPu40oU%A0#)$ik(mb|~C7T?)?I*#)fhaUQ z*={3OUq_B$7f~~jxM`+aIRXV<29sly!f~NsPA$StLIlDFea6feT4IE2WirA_S>r^u z>vO8GEY{NT)^>Fda5HECtN-0#RdLa4P;seQut}{|ynCU?B~A<)>l**RkZ}IVm6tU0 zYOXlo%Z25_8*mvey5=~^SI!=nSh@HHjGMr+oNr>HtmgGs)=G9JPeG8MDq>`EB z40dJhB1x$>BW!_mM)9I5pr#0@O{g41ts3tqP8@Sy2m$i7*rz6NKM}3F1}*V@cI1`w z3fp(3Z&>Iam_5r-bDA8(-8ncvxPW@WkSy6DgLbaP0EEtwYBqRTe+Ioesp81Fw%+Vm zMW=>-Se4(!TDe5czs>wlmM>HQNBiugBit{fqyvuQowr1V{=WtOc@Fe~Fn|G`=_R%b z%6_ntJ||SF_kZ5>uTy|qivcGg9j)r*(nceH2dlh>;GdlEU#DF_0owC!z8_XOjdJ*! z_(c8!z90NkZU8L|&qthH4JYyj!0B#T1$Xr;9H19G0PS3>1N7BfEUYZBR7}-<>HilZ z|B~+7%NxJ(-!`ra`0FnBGcP-EUzV%?qa|-(oML~SnUv$#qLk(^8?V&iy$t=oE{w(;vU$&Q&3jb=oD>S+t=na3!DC*##<(I{a-z5tl z|MX;gq2as#urJ3ctY#rYjaAu4`?6ijH+8jM}ZTU zkQYO1d&LoRp#1j2-M#y{V3U9kV>es6|CFl#Ww;AWAW*K8LBMG)Vye+PD!dqq-t!9c5a8g>!*E9d&>V<$)cA?#GtFGP+PO9yCEAtYCumfFPP2QsY_2 z5y#I6*vup!o0PORBML~Xtj5=?m$J`efRPw-r<~-PjQH1suWc?}yvHRing=lXT44R; zKm1`oKq2Nv*lN_po(6UnvdqomI`1#JUEn|`cOi9E3DFwB=|r*KlFXW!;^kGKdRJiC z4lY^s(}0A4tvAH@CxHKHGISv4=0`1a_4vy#02VDw&3%it{lV)TP(xbfi9VOMG$)J) zcODG=C-I;4>)`~h!YiW(T=>qK0}?wt_0zdGg1yISP~YTa(VrKt{|`u9T~Gi3 literal 281832 zcmdSAbx>Sgmp6(A3zh@|K^sU&aCdiicXxMpcMDDv+}+*X-QC@3oZHVkb7$t(SM^R+ zzP~PY=yQ6Xv-du0?X`bPJ5)wW7#Z;!A_N2kvZ#oF90UX+9Rvgn8vF-v3tx*24g|zU zVN-s78BuEv>38Qcu~Tv z-WW82)8T5wa!mmq%_&9nubN1NPN#;lr>|Kd!^6!gm08z6U>(*j+CXhLp7s}+^an2m z2Ip<`5Qnpuxzid7Uwt@4eJQwz0vG{|k%GrC@RQJNou6e~Jem^lzJ5ji^Kt#1%G#R8 z{HL;Jg2sFLdqp-W+VCR;p)Hy*{O$`!2nfuC>;@r)20M-ysfT04TfRE>I!F z0Q}e_X35YjJe$FXAkq`-bZq`~4y}1KrG@NIc7-ZbV|!x{+$&cd->H>pv3gKYQbjPa zD@w8N&y>b%e}2#BT_qk02@O;s*aqqO4&&=3kjV-BC_0msZ%>DI|B#H0~osjy2@ z#rV=7z;{mgo~9?O7sh5Bq4rZM%2x$PFQ0=HAZF>m^d+2y)}M(^u$9gmC*(CCE(DE{ zo9VkeCVoX#(%ula{Tc>pDR=)yyL+BI9mI)IlChG^nqUMw7&XjKsbRFft$C z0z}|<`Mm(es(_yXPZRuVcXO}?#YRYq_^g`fpNzvX6`d;7c?RFZhuN6f=!ojkB9{aeE)rb zTGS7F!@CXp_p%`C=JKkXMmd>b8Znx_Eq7^4Qp*VdrlEAlSq$4kL{__9kWqW|#AE&p zluPu}`X}{(v%Ybifhzk&Kq*3HWsVBH6FPfoFMr8ll^F)IP`L75JhW@?d&s~{uY!}@ zx!T3@*^?-zG9iUrI{~C|szZ=O`gby&s;xBb!ELbzV&TeF%{325886}4ilPOHIS`~S z@V!_)8I`BA-`CgIU)ynt4dT>)0;}$(WSk4T9p%s4DP23CQsMm8FcPH97H9|p3))@> z8CQq%yc6lcUkB|&zn@AByj<6pMMHFr2|60QQK%cj&LP~C; zv7ku#BW=<(qMUcn&AnBbm-{+|z z6U@|T%$)CsaCF^ zegwYa$vlHZ5~K;A$l%oxo)HQ*XJ!Rm#7RD-2)Ji6dwi1*UFuEg{oZ@mtJ$mH>!e3o z6)ix79iJ`=nXB?CT7ie`dl~T=3Ep>2fMe`>eBB_XfwLV8Ya|7Lnov2$IVL)$A|^BL z`B(E7^)Q0(i9~-!|4`&uWYx-0$u|FdRp2b`eZc`cj)$YgwybyHdO0z_u2JFCm@tbuwxCBUmY)1dE>8S5`?}&10CCgdrB85wILyB8M`;T^Zhw6KP7b]O&n5E`5ML($1Hh z5g!vB>rTc&rk~6YbAQJEEXZuw)aq92#_HB>>Gq)f=&#kcOKBQ49OWFv8IA544XO%8 z2&TlJr#T(2bQbD~^otA-G8AfwD97<+Fv1STKESG=v7&3Y_Df?)iC|8#s_xoN5S_5` z-+JqL>=_BV!1fyW!stjB$(&)@ymXswnwiq18jvz;k+FnOgKwYjTIpKyY(>C}wZ+aym+jOm`85@3C2uls zeQ!%-fABCCNr)-ZgLc?RVYv_^XFTF*`}ipJq`B{|Jgt32r2*E8(yC%LWA*WT?tFpc z5Pu8bo->tGE6NF<61PqFmQp(CfMtS!Q=OCB-PL`l^;>Imn`P@vn|Z7C6V^lTBgGZ# ziTEY*RmO??Ajm&6N!xb=zoX+t^Tqzf`GFfppIeBpgHgBY>QO-34A4N)uX^X{joRirs4vIw$@veDTY*@jb; zJCnBh17+Wwsr#9PKFxeV(rci8 z@}sCmq6_m7Ks0tXwKSgNR})ULg}MEbVU6!zDR?Puw9lGS7UT8lzN-nV zny$O8x2@2hJVm2+cNuO>1!tD?#;4^>h1<2?QeU)G6D&$_W2FZ^QNV zba!?icY|i)3oa<9$>Y9grf)ImUqux3ZS{4G_8MOs*N<1HGkVYWES)Z;?GxJ5?bnXi z0oCam%(Z%3&u)rt?DyZ>I~}`*VXZOqDJ*``lBXz7Kl1mY-sLUlRZpjJKfO2FqPL5* z7Ft#fY&(W`Bp?irC$%IhCwQxMYumk%He`}{e^W_qshYFxtKg$3!#k6<>~{Bq+>9h|AYlVVo`fOgkjv|)bbOfBSQgG0|A!%pSr#d!}qROxCXpx4h7G}%gbuw zS>o@)AEGb`&e(r&&f9aGxEPBWRR^M9=E}mCfm%mZFYMZs6x;N!{N<7Ds^D0MaBe%IdeFH5Ap3p9= zSd*+ZI@(W(t?zN-dm*=+TY#($Fd%~kX z;jf+TI&*nbc)t{t>>|91_Q{7AI8Ll);vJ)0w7(4WayJ9TGeMw)w<3`77*g=p=QqT+ z6TORo_41_ZB4M>j zs7&>C0naAp7-ky6y&;$4GKddwsVNAZC6*AA@{l?jLC?XV$M!%mw7VsRz)tV(+Y%zI85_8)!LY!+eptymJ&?|OB7++02)M-I|+uFh#NxNHMj39wu&KR^`0`b<>& z`o7&kLuWR08dyWyP-uI$Dp=_Nu(kvL&$G!XGq9M#Xv$i>8Y&kjHzi^Sy`!R=&0%FD8Wxq+Phjg=(^{SOKMgQWl9*S}i94C6xNp#CrBb0MZBQfGqK1J_hQS^<29`e$*#CwTD3&;K}s zuc4SU1M&6iARu@kLWZ=y<&Rm0ys3@zSMf!?y0!R4g%>jr%C*X_l`^9u(Pw` zTdFpE$M}E{1Myb}Pcyp7N`2W!e2&FgX4`E6*R8;>akH;IsN5p+rK*N&&5qOgl4&F( zwEF9`tZW-fxdaOSz))yGI3? zQgT$%K#uD%<_!@(K0jPmJArS^Ruu0qH_?mtKU4t>`rQEt(=E={H|AY_u+v5I1)bTM z9@n8?$dyJZ_)}mIv7uRQfBY3$5D2-corX!8KR|2FnX29|4_9=C!wDpgV;Stq)rKQK z%ooZr5>Uek0s8N6uY0NH@?8rlf-=D20vpJobBzoS> zDSx5+Ah#{?i4gLy4qpiXk8r<4*J$KlE-wTE4EmoK+7QHp*uRqx2m}K}NJMOUSbAnY zC=#B(I?x1s`1%RS(uM!3H+asNUobxnM!$@%!vCc(#PFbjiSRG9!T;+4^3lM2l&7&L z{!1qCK=Fc!_?X@8`qu-b@PYaG|9@d1)cpstK2UCQ{MDZL*G?KVf%-yc#GpGb{kJlO z_M4~sdT-=t5DNqK>tF9K0}|f=400uz!Q|KgRp!4IE(ItAa^>>e7+NxXs=tH^$WMbJ zPzWVTW!W*b#0WK3f6H6nLa>-dgasjq_`v+#L6^$YeLPokG?+Y<+q8I(Yd6(rn^Iry|Cc~wfe@T!CVGK`qv*QVP`wH}={Pp(5mL$}DeY*QcZVmr0 zE9_Q$WQPjF_oq>Kfro=%I0tNbPSKs zXOYELSNgyRY{`_n_`g+CFrP#gs|}F?BYaI*;{SS~a}Y=@)|!9w^+)87KK-@SL4ikE zsgLCA=V3?}{T~2zsg2I^G|@q~eKbs#fmut!D8K3h3TAw=#K0F zrSx$!)_dDt9EHnDq(2bFxVq9{O%1km*sYewgW~@Ea&%tt5$ZnQpAFQ-T#Z>f z4<1tn=PEsFOt?W zW7sh4L3XH=Mjb{sKW#$_aoVJa0Xq&p4IN}+|6D}zp{4ZG%@ZqG&*>iqhyPr<4M<7 zD1;Si72f%dgZ-h0?7jCIi zOYiFyVZuUhhl?EPidf<5+iN?Ke>cbsgwHw3*)(H#kOH_f5 z8ZRCO{o$wCb;M1N19}}v8fjH8lUe+7#R|XVZ~MM#C(M_r57elo4%eDY@$HXikgv5k zCxJmNuc&;-aqsmRBn~zZByRwx7E9H8SIy)W|C?gPt%3REbh?OMgwJl2_HDJ&36(N_ z4+ljoXW4ZxbcO80SH!Vb%SW#xI-|hHJBto6JGHt5BrH9vO&HaXUAJ1ik!oH4TmW6CCXTD4+xjy;t23l)UQT=G6rbe$TS3zojzp*}|wN)%7GE#l~ zw3Ig!*ta{3#n&i#Of+xVO{Q9RBs2STtT;qTy{gJ;^H}aFyyu%VKcajCf}wIY=2~mW zPS+x?U?-oOsd-x@_XMioX}z!5){#h$Q*3R#h0flOpsm+oUng}mCwGi|8KJu1R#{63 zWz1hOtRgEZNU1<>B_PC4x zUE~~VL6YM+VV({R>0k`wby?E<^{C0Kwtif_S-Lq&-IQsrlot})QNAf;ta;%GoAGA2 z4;cv_7q>+-wV9SM`})fZi&B&;hon@wcfjOZ*SO(sDcd7av470f=?W)cXOilO)BqO} zkQ3HlwKgG)m&VtxU$+s?!XxX&GpJH+AX?)vobW4!$iQN~wF#Z>{%~sNU2RY$Ujn-a z&zoF+5Ni)+&*FbEh(w@$12Wj1@j-k-Eb5HK@yfsm{=vmZUFpGxRlF~BLhROHsU_VR zi2m9r#WT8CD4SyDy85&FHk(>W zh$bbgD7F_9KZ{)@;#*oRRpHrq_EvQ69AZ9BO$1$jzZ%?)6Jig=*MCmNCBSo-NKFFe zx3Z9^8G2SXH>Vu?JeW383{O8@=RB}Z3{@4fHV_wBW9qHIgSa=QCzna3S#TbrBt1QiZGzw};_FGZ!a~ednLGM1^dh0^{7rRYJax zVaslBADinPCW(mCIYCi{4zR3xGdP z8t`KYlFol?y1&P+C=R-q=J*xuLtH6<-(U!Y^v*=tS)W=&Zn~7cWKb~QVK&11XnVyq zlc)`pAOP%mPerr1E*c#$g)1t8SZnPkJ)yzu)l0Z6 zqkJ`aiqgHx8E6|40-zuI30MirOVS!<0PKK64b*6KCc;`F_^H!2V_uM%0=?6}F0?8QWbJ(FXpMQ^ljYjE*sYcGHF z##tesSpTD%OC#toCwkZy8jen56uwKsABZGrPKb8sBC986&f(!{xbH-q&Iidt-z^%! z3--Z92-gAGfy!=`;`rW2KWx9}M~ z`yJoap7mEUX^HB<>tgeBh^@B(*_ui>yEESVEiOiYV`k&@sMpzgF**?nyjlG@7lpOi z)4FKtrzJ!##Qm}2BN}rtC(^vvnr4sfmNZFDPW7ai@^*(pl}e+UFzN-|Nry#P3D)N- zo*6V}tfNToWM};wJwGxAi=|#2?O7VJZYg9UHEM z&Gx!(pb_J{SNZ#*8)bLL7Tnwef!Ywp`~fx0GA?JXfLzbaurI1w<}lS=-NG&B6UUt{ zJBt|i1*@~!jkk@pE^+$7_6XTaP-GT?gv>v;w>E*~#`B}3(RamYw)olWYsaULQ_(Hm zznc8(e^0xntVQ?EaKU3wG>)}!yHv`nn%)pJ(PifFQQs;zaz9oCL|A*a@Z%>puj{0N zTrx-wv^hBFOC;1*+{{3*`9;hcauQD(=S|~=N-JkhQGxnaE1xEuYv0hL!lT>kMDt4u z(QHL~{LoR7v7*8DKxkmF<1f;(Y0*KJmpNo$j4U2@2d<|DB6in~$|-2Fd>0HF+kI^b zr)YHbVC%g}ak}*-PMiuI9^3u?^wFErp!QcAz`z1*0;V=qL;WwXN$3mqI$NAC=7lc? ztTiA3J8l?sX2rDyap-j8!7;YAq$Iq{()o!|o~sMxnmCyBTHddB*!%y;+bcd$W^3Fj zmQQG<+a0J*PEbgUxsBvWs8-5z>rm%}=M~@i{@Hi5S*y!o^dyw8pWp}BU8%x7N}^WE zBFdh_hBbVMj5X!I$gGxHf3hl2U4Ji@vwMXN-8Q7B&)_CBIAzk!E4p)p$DV_v`MLQ6 z{-8UMj7{KHCTpv#j3W!eYlFooZ}j=ZdMK0K(9bM{SbeQUfysi~V)Yjwms?O1hn`&P z#UhO(dt1I&lI)L%l3-j2bAn*qPm1XlZL5!f97LmXHtPBq+WBOB^OU7511>99hu@=` zwaQ{8KkLPgH0a#B@QM2~=((C()^stZ>#%AC*0!RO_2CM}noZG?`g^vpF-E!Wqezoq zZA=`0o!FO%8!^w+vd}-rx_m>RbVKKlo=y*Kdnb3Stdh|lHU!d*Utw;%XgE(|X8 z&wIENtR+3AWgy`qBKF0FiqbOhb)(USZ}35z;D)e%YQOK8psQB&UGNyoefF00P}zcK za8cyhxc3rgT6vJ=m7Kcnb~HFz6F_|bta1XH%>PF)^!mb5^r$;t?DFBUsoNj6D`RYX zL(qp9uL3ksgoVM zg1jeL|1PWdBi9j&Ti`Ef0P%G2hdwuqw3qVi0YP&R&K2LB9BZD^qkY9ZVOw&-0VHWu9=p>h8Z9vleL-MA#48vb zDT)e@%9hv-L-G{_I5sM(846=>7kMdQ$~(#zNy(XT6NcSZW2)<9&syWqzC-UcTL$lr zWP$?LcBG2ag^$gOSBLZLKZL<-`UP52Oxf%26Pt;(@z%h~QRVF%kfNX;k0))d1)AZ(vO~%xr*ILF?-MQ274UP z)h2cI(tT~;kqj5?IV#wi_u^h4rJT{yUULtQUJRclT8<0-7qRQE#frLPj~sS5J1+mc zL@Pe;f-shY7@zYzu5hO-g|v#4SsO}~l9~;1P(*z>RCgm%U3(Pu@EUWEvf|}S_L-pO z_S{Yh)dD|jEnxN$MM0NmJPs2?Ifmb1b!OEhYC$gw^~JIF+$|%dt82g4E8mKL6JQlm zcfw1296?RipS_*!t=;3b^k?5(74$x_T`U>Xf~sG`GY@Xh``r*NKL=xKg*r_0UQ#rlIS zsK$KvPZ*hP#nL$k^>_EJ7u7M(4h9VuzeOWp+(>?F`<%58=)J{esS;R%+ClrBe(iLv@UW_^SuwQ&$*M z7p4=eb!V!9yQ|H>7RqzO)#v!k#M5|gMF$j+_A39T*6V5fO^W%7!lymxXQW^!mV@#+ z&;HlhUvBTR>H}nil1H=y8<>sMDkb{-0K5g-{+);4vRw{FLUynEY0qzQzlV!c!x}em zx-5uVaem!QWzOIjFup5FiSZ=RIvGx<3%COg}d%*-= zF{(92qGPFy@wp-Od*07y%u6lK6$~bmJW|}R4!=|?|9qi5er;oLJf0=t>(3F69#+=& z{Emc45fh2SES4wsJJ)KhS*}0|ucmzD$9gq*AbP%jtu{A=fCzS{)0igvgH%^o#4j=N zQf#7Bt(Sa5iIjKx^Ap_f7RQ3_;5aTBIIi+}^!dEyVmH(KjrQ4QKgBpmF#X(X(Uj)- z>7>FCte}lH034-?C5ajiQ-VPaln3u`%Ix`pNMDD+dAd>V(*e_hj2{K*c48{6A@?eP zosx?7RDr=pgP~7g(jtq#oeg*`ideREVt+hkovhU5w@2B0*unBgS~dwRb8>&+vfB+A z&E(#AQLnd1Q7Dq@!zHDW5Sc`wCajDm@Vt$s&~Deb4OH$q-;I}MIxsHRzj#f!jp^u!8=~Z6lOLYhGm8#X$8kxf!ruwS5NU3X@yB8!8&5x<0c3b!{<@~%{7Fv>Ilh`v zdeQ2h&4XLLw%`rnTt@T}LDCCl8@_gi0Um{a%iP*RLZXGtu%XQ6)_SAujzsEF1R6bG zh>e-^gl$m=8=fN~8Xec;I;QLP>zENLH=b+{Jp9^P;EZZ?XvtX9=J)`^qV(i!dU-f; zfTe$?Hu=Taod*8v2}j8`nX*mr-o^ORFVy1B-Oa7sBnhQG@Ao^yT|3Xi^Zo(u^TfCK zHaIo=xjS-^L7M}5^WFGNCvgl<_=|iu$B7c>i;Dd1ir-MWB-wnSxYu3$p;2rs!cUxa zKZaa`s~3ONpY@AtTf|S%a|AOvbKUEQAg0M3`_u}<0vkUNQd|lXV+d!r(YG(@;$Kg= zRP|NCipSW#D_BapczQoz}+?vKh_PK9(t0BiOyo! zROAyY2TJz>nwWclbgDiHRD+863AevGHdQagby$jETTJj8*Z6tqUZ4GrcmOl@E&n-S zPAGXB%o3Q-hvalbbWd)AX#_zrvd^NqiEqDn218Cx60DF$&o#68tU|0TcsTC+sNF{= zqJs^iR&WC%8X~k!>mT<$s{$i_GCby#K|$hdR{=5dLc{FQ?$!Ekdzh1w_6yvha9*M? zjPLH!+r)}_4nMCMYZ#|sASsIRUB@>OA#(JnqZur09`ZXCV5)yo=UpsOax6ljd8DSL4mQ7UR44N zy%OV|2py_e$S=2?@LaAc_tiK{YMD=mw2Z8p(wNCn%LagpCVhR?Kyazq96vWuXG z6T!H?*-mjAX|MkA@nExdmT@!!T9$MG#ThebSFKt&TIr6Por~P92av*3zp|aXdTGwO z`*J1yj!9Gh!FJS)(N1UI65&Oe40>Fi*eC&UU*X$_Shqx}=TURw*)XF6-(HX6yJu2p z(M!AoVp@hWfH5s=tbv9i0|JollT|h=NX%-D+4`gKh^-2YLa^88oJ_;KgAc{P4MD|0 z7R?Li<)aO*w~k1eb4*U9w%aFrM#Z8gVPQ?v$k9WP(ReyGCi&aj^Tj{K1H`HPD>#g1 zBw%=RbzvryYuQgVkMN=8pl7)1f+GkJbP%yU%})%nL6&+VS90;bX+G&zyaE>!e4G#y zRfUI)Rr|)*Z$HjDP)n&HYXY?`!6Kj*o9FFn*Rf_HHPyBkaJCY>58MIhyD*sM| zO{3$(@%FGIy071lZJZ83^Gu}DWE;9h#$g(?Y*_mNPU_pn874#Wn)HQXL{?S{gnr8Z z7!Z-9a`}i^#|N=G@qXx zZpN5#WD9=ndemAh$pJmChe!rYpKgz)3#2nU&yexh6rS$SPG-AB|1C^{^LbcM2;T3n z&T@)M{TAf>W^FHT9Sn81yrv#D;qNJ5gH*g-C*e#YWw2SIC zQHPZz{)#~%xZeUg8dvy$cY@^SiX{#ux~&)dimabf(;+iD{>a2VNP*DTt6b799*5R_e#Sjgh58MFBL*$pa2OM z5b?Hi0aQj-G`X4C_B498joMSR&6Y%Fkt7&JU4ZLn`c`QFGo9^f^U2&Xp6}()O1&;V z)d?GXqabgtqkv;W=6khzj2;@Tl%V(5jKrT2H1s(hgm=a@zT%^EB${SCC5pA4+oHgM~O4*-jtR3Diqo3)TDP$H*=j?F45~P3LpjySTV!nTc zm3%dW9_iuh$M53nXYNpJkR~_qm?ky&SXZVugj+3!$6`+ox|zK~SYX0Ura|>(n)s$p zf9in%Iojv!en65~Cqt_(Ylu9Muj+luc&=T6Eaf0jeI{9P5z(qO)gP<~4+S6|?{keN zbu{RuOW<8C@C&^^elgB@aNi&df`enKnH-1Bo@ zZDcHyI--P@92Ak4lh-!Mu06UHoBRl7lNSnaJEogwA(?LzoKe`w-=n8L_q5GuEz{FX z4@UctQZX+>$!tQR%I}*9s~JI zEye9lj2*cB&TyvkfjRK$ImWZY`u!K*kNHAqCy;3xDQ>HIz_8r-Z9BCdgkaNGru;qH zVygX#+>yBUrizo;;8bmV)!qU3><*fo$<34VskNG|AFw&gsWt+zY13fZt+-5|lJ4OgjlCyWXfi zF>&GOOa4M<@FjPZ>-+A0`t-AJbAyZD%{JRUks(|E1%ZQwdh>V-wPh|f0_RLaoGCF^ z#35yWvgb)&-=4fXP{H`w72b{bh2}Ra(sOq6-(zLZo+|A#`fvxg8>EKiF|=y$jY68F&xad7S@L!6 zuP%?##}j!6x_PEi(>sz5lP#OJx$br+M>M#PHmL6}&{lCgS&Q@6bBwA=hGp8QGs;1! zi$Bg&I$?IaG~3Q6zwW%v&YxUpueqPQoKN-ONCt;SoP&&tW2VA3%3H6+Tz4XwbM5wq zbuUO+i;y58>H-h8sIKkcA?=Lf@JLhBq7D<{;DJgZXH%2>Z@F1a5 z=N@EctOBk^nD(1-_I};VvW9grTh&sC*sXL{dkJ?y9EEy)sfKMIMjWTR6K{qR3j*)v zU@Y+%liZVTgY9uq!Ei;#o0(E@3~I#7GfE;FX>%-d1*m}&7pCf?Wjd#Oy~pETQa)Bd z)&$pcX-k-`t_3*sq0+jLEBblI1-_uiy5n`8#fWcErAY2Ou>pnF>SrYT`%M{BV#YJKv$};`@g%BzL|k!;616%rQIgVQ(uf#zRNobb zFo&L-9)7V&>bXZaU0iHDz>aw8k2$v4x+%Cln+5xfwad{+k=!x>D1?{kOAu$Ov@Y4;@&`3GJ z2{0}dP!#lj*<|o0bCLRXVutW2^vZN(jbp3X-EE3@)s=!H)D zWhVExKe!q~SCxxlpVmCP{GA)eRM9b41DA^?p;42?&BO#)wAHd;j>9nHxs^c8%*-i$ z3z{+lA2c-CTJiB?dWz7qKMGI)h!eq9^c1Pp&9VUq{b+%@aij(1veF|iKZbiwv@6oQ zG`c2oVAgY{Sw1f*2HnzM#4ejnyUDbfw6#qY_-KQKi9(<9n%euRW65n|LVDw-&3~vEVijoi|tQE70a5|13W@vY}aT)F#4RIZyY#S4HBJ!OQ-2sRS(#`VS#uYG*8+@IUlkzcR3IYcs54WM z^jKd$eI_sUSGhoHv$nxY1BCeJ*f5fwQ3*7lZ4h~R7E3j1*R6;iy+X|Qcp*2J*LI>$ zeVFC~B{zz-D^79h%@Z^B6qRUB;UvOFE+uDbsIR$|#-N`7Dqr2QY_}oL+$$!z79$7N zmn;OLZJg?|Whk^u$3xEWZ_nqb7Or5Sq;VQS!O5t;UqfjUzs@K5SrD!<^wt>9->y2- za?jIhm!XW6eV}G6!6_IF4_hvlcs`(7CyzAyK98Z5?E4v+`U3w@?JVz+`rp`R`;tz-Vjdur} z=E(&IAF8d^*oc3+zuqlG`iz|uYoNz=F9nh7`8S^T<5)9<6T;L+`6TwVMXwrG$6Ts#RN>g598cA~i}RqCzQ$eQfky(dz!ZM_;-cvb+n0%1ltHmv_- zU>`%7JRY`!onjw@d~9b6Wpx|GMg@jVXoBQPpfoI707?Pk-(gbGkfeYdtf$GQh$nFM zsvTaQzF6p{Nw0iDvv2^Cc3C(Lyx6$q$b@>N0mP%q28$&Uv4JS&H!t!K#oxFf!Cx|Y2ewhUR+d%|Sa@4JIoC6O*a&!k-=9C{X_ zRCJa6OBPiezupMf_=X$y+!OZ;UZt#%W25W*leD7^`E-sLI`ML{w2>iPF_{qjJUWpQ zl@_NNb>Vs}G2=QaMn6*anNKJ;N3auP3WF>;<;hl9Wbl}qdG!YIT$cXBcdo&jll5{v zrA99zt%Zc9y5YU*aHx(o&qo1G*G+|^58%K~vCh}4pm}Bbl&1(nF<5OlMH*F6*!Bx< zg|)JAi3=rKp_#XE$rL}=n!!`sx*o$z2t3qMbe9-TV~sMBh}9DvkLYW=ts>F29YQ0H zlY2p-TWAo_nE`_t3UzRzz9=uJ^h7JO;|Ukra>cGV952cf(h=iYc%)0*;BLRikM4$n zkrB#@Po6(2(}p78kfG)u%shpYv+s7KRhli15&uzgSR1or2RCJX;{Hxo!uv8cgzmlA zObGAxIFjo~90(GJjzc^@b*pLz7zF(M2&rotSzT4}Il+8VKa15k_M4|&hgdR36xg7S zeT$zT*5bUd_%f8Kc&-c@Lh?8uP1g=SdGv8155pmO3fWM0Ij^ec@?b8}?#vZ;KFBk8 zT4QC0{iT9VT_{qT#TK*F2nuw(o_A&+o1hk6fDhk2yRN+*sYd}lJDiacq6Kb#_DeR= z9k{KTMX-w7feF5LQmu8QeP8mzm_uih<6*d5s=ID)uFHyk)WY-JsE-pWYGXcs1`Gmi6i#fh^%aoMGS1H7e=hB1FE9Om$+x&uY@7uG_#~ zist$9Vj=?bZg7EUcRnPl>67VV9nNtDbS4OxomL7+jpM@P<2$Kz)0D?h*Tiv+{=j6T zUgxI|k4=EWN~vZQ>5$%icOG@&gx%luA9N_Nq@jN}< z?x0CSG}9b10ycmMgoK?_hkc^WXpusp;m9K;doWi7I8aOoCZ~$h=E49@D0HQ-z%8CV zb?D>WSUY??r0x1F)a;G=a56Z$F?1KrGEr`>rckb=tiha(hXi_KQ|hox$r&e@yJL2i zs_^a`!4;v5^r>u+_Q^T>`UH~CoZOIpSV8dS=k>{qb9bomb$A;b^g=~(0Yfw|Fl~S7 z`~xoZmRZQd?TmEfOs1w$M=a(;6#F?1H$bHZoYohLhzZ7b1J7NhAB--v?D(?r>sPoV z02r`|T4l4vw!{a8B!D4Z8Eg+@;E$a-P<$HJ8)CYm^ zdELqJ9#E_64UB08`eLxW6lL2DwpUXWr#$%|znO z1h@9)U`XecV3>_}Zms47Cn#NXE7FZHqV`wGnj5K9x`~{rKF}S7N5U+F46y038!Nmz zH_D*mgOL8MjQ{(%FwMZ*18lY^+2+UpEeyc}g^)_7LU4uG;j7@~UB;~wz(=Y){MlaE z$)tE~4+k}sj@s1CgxsLFbv~5{1#*C*V<%Jf4}lFlM@<8%PfLxaY17uH313)0dX^JH zt=1a502P=U%x!?%;8ev0MqaKt(gh@ZB7iWrbYaZ?mwl3RTBVrLYx}?{4h-hf9b_Xn zRkM2)x_KRUMF{%TLsG$l^|K5rs?B95X`8&bIw<4MJ>LsxYw{cVID0*=fHZM|J5iP? zNFmlNFCH-=M(s{t(oscC^8@$7taC_>)%%Q1&+R47uqckBD56_(^xmC21r4fF1xrgM zM=oEOiS5;zcm%O#&hn#zg#6H#=feR_r~%2|=+7r4=tsI-a=)@Y6&b+4b&o=u-@61=k(N- zv@mj8(Z&$e!RZ*6f(#(W0(6p!z#ss2+NjGJ4fjvnmiQL1@y}Q4|0xOOnEa*UarZ*H zVlaBL&T0}}rEUz3A;JH}|K3>1VD~P}(a`1Jlztmasq%uZ5j5FP+qjv-Kc^U11!+M`(#=;0lI zL?EI2+9(uA1k#WvJ5Brm*r_xHhA%r{5NG1roz(4JMP3a=NuIylNDom*!)X*)rKrp( zmlPgE|9*~KS+l@UZt`5UM)M6`g>TVTdyW=62oL}6 z`q*Vj{8V>BeS40)X6bR+L**!cE6`_8I!jxg<#a0CB=r@8zG$QjepGWoiXYcRJM8fc z9A@>5&;(9DL$&~4*V`@%OJ}*<=JI>4OPZ70*=A0H2OP<%zcOEHRoV{pnRpT(i~kcG zAhw=<#*w77gzoN%w|?w-@hG%!BHdWU}CbecfidlPZLq4YS zj73aD2We_Eg~m)!z(0gIjxLyIjPW^cd$>tlB$Y1G|0zzcX@9b8u-J(I8Rm?{tU!8* zc$|wRz4(R>QcYr1s>-%oEeAQA)Z@iz^HJ~o0fyhUTea3N2-WIuX))Ij6k*g=_+nK# zA6oxm4pKnskhwt%h{&=(Y!NmOUc)?dI%9r&>)PO5I9_B`S>r{&*XVb!10DX12gXjl z;s;ojsnyX*2H^lP7@MDMMkpHw#i`p2(m$8kOln3Q8IB|(XuP4Jp{W6g17bz`B6yaK zLl(snDNMbdx#i?APqb{hV1;1dvsQ!&Ja;R`LlDa@FKZ^akdSDYEtg4b&^{tIzG>PG zecuvv!a@GVKqKY11v}om-51_d9*4HdXt_MAn#$5-Jb|y;WS92{=RCaC6Py+(Qic3g zNT9>(6((CI1OR9sO=Ubn63^E;g!YE}N_l*Dg@(iT0uSQrCC&8s^poXd*|)c_0!=hR zaLGjY56Q+dZVg@&qGeVed$owW7f!`7PQ75{B9qWHAnoGw%GCsdat@4vv74MD9&4e>hjpm4sPu zU?ZHAEK^=}N9#Ltul+>Pj*<`z{_z$s7XG@!`6{cXV1x-ZzQ96T-)Cgaay?%7`}*RQ zUGw9hyZB}j0Jv_IxMEfFd*}$dK$wdTzBJFnbqm*vaO-=IRFgQ~oW+-ExDL%!40&`p z^j|TgR{+fPH>m~vC@cp}>>W(~g)471bFa>}TG=!oA{z zaqKOVL!hz^bjfEiR;vc2syWj&PAg|kMYU#)bOjFGk!>7PvMsSM)~i$H39Gr~+Eq}` z;jcnG0ji21z|SC4w~Hb&DQIJk$$DS7!^V8H2JIAu-SEdTLNrBVy4-ND>7)<1BbGcg zObUHm@D|W3%Lo8{ZR^ZfvFmOK-F@WaLsbF@g>!8zLX)@r8aIPq^{H;m194vs-zkTC-nCtx+$R&0J)#S)&l3>c)GMP72e%gB)eGILf> ze<3LAt{0yOaS(Jm33X=ELV0^~NKR;Q&<>K)Bxvuq(a^@xU>s^Z)MjSvpwA&N`kD90uG5-hj+EESNo`GA_LM2VF#a1OPdBUvnatRG5|2t5)%zX;E}ID#7JzqMH1C zLY}TL68{f-Zy8lp)UFLHiXcdfbSu(GcT1>rcX!vOLmFvBI;9)w%_gP0yF;YArQXT& zerJq#jPr!&{Qkyp_+!J`tTor1cU<>%U-!*XCDMs4eMT8-$f#(g1#Cab7(*Ko25E3k z*YDcQfZUu6hS~MYy}CewdjF7Mc95yTxjsE;_Tcg7f;X$=cgT z`#8Iw1dkT8uJN+ZoQ+T2(V1rzn*bbIIbINR+LUWHmMiuyxVbLP>(5rpf-wHJFMQ(; zrf_E;WApqs9#Fc+AcU>f?vyoa!<-Ko&`au~zgDOY)gY7CJ;$PiDkYj_lQ8Hkx~n~c z6A8w|K2 zWGK%Ugu{u2&a8g)`f0c=nLi8JD9u}({hEb}gQjb1Rl=>o+A(S?oD^!4p)`6xw)$q0 z=Gv)@bwspB2nGGm>nlMd5mW?w;&(S!Qh&_py6gmztPtrjR422<(P9E&nspL(&D1Su z|0y~p1&x3-s!)dT7ddw+fNW=h7~$i&yon^KNjAo@eXby>kO3=K3kchI$l~=^zBdYx zO0@Zzs&t!fT=hM>4dgTr31J!IVP5;5Mw@__;oC46L3-dNmBlHdb&g(JFc!VEj_~a$ z?;(`}Wb(2)SC~$lN}d!Mhid0_lIGm7wzH1!>_PfetU){!Yw49R#AMqqpdR1E0&xtPqtQ-IM+rU5Ut->BlDiHiYU9R z(R}*&2USnV?8;M*np{5ddD{<6Tj`QC?%yg~QJqtM-h6APu(ABwLt^#CJr-xY=kSG8 zmK6p4ZAD4jZG=h-&ZjUei^O_*=RY4IB6kk4Zx`)05Tvs1(~B-1aZaIYI1vMeuA9EB zN(z3Jb;HT(I(i9zaAg@@c|YPKIZE|rJgZxm-zLfe`q$@0<2hJnGk$QwJlU?|mlte{ z{IAH_gJ(4DG=^(-A@TBLS?*|fie=u5FR;_qO_ZVQ3n%m3KFc%V7K~IhPn6yz@@Zs} zGQ@Gd%einWkLwH0|Iz}`DccZ|t>UYfz04`fSl@5>^+(*9&R*wruoKyVKK0as#B{aWG+IM{+ZV$8-hwX><(5A` ze)7u)f%uS-y_qbGRfavrwmPQF~ z>cgjcc?Z;akCTDp<32`&nht?6Y_Onz&UV&I>-RCU=ba3OGlZCJmj!#$_>OJlYG362 zhYmc_M#R^fb2oof4==+fX_);4cXm06@XAoQn45MvnY~sxXocqpe_k z3~5nxZt~Q3#D;G-CZBPm7hbOMKo;E2*GhbC2-c!M%4tECyG<8@NCjbX0TLsto#nJf z5g`n z0l&`kEV~($#Xam5Mqqurr*qrrPR`wXyD=+lnYn`Rx6g*oxT(K!6bVY`K0zBM@F&C* zw@}}jOj?~IIp;P_3ESB;ggha<{zF;G{j|td*%2@NypDfnui^4a8JpQAOchOFzJ@Q~ zEGN2&k7~IcL62m0-#Ud+2O-g!~Nl_~`x3CDS-RMMqtDAGq z&d`6FRoUE(GoHQ9AsWMA^|F7;0RON5c7BOaBm^#h?BDQ~G#=8e)God;)~xim_QOuLscT6vF;NSV%;3o%+Qm$K zlNA|OrE=oqp%Ww6J_d+)LOyoS7%@qsgzsoJ)N2j+aR>1gXes+LV7I^yE$a;3Hp(r` zks^v!eOa~Kj+5zeG(M-0+E;y@>`e5Je82aanGR5ozt< zax^CfEQWI!jB=5u!-43oZKHcL0s`WgjL{;t>KmIRVf?Ai#-z~;OevD^cocN>qcj}M zBmQj%LrLrY&Oha|A?y2>+a%W`-V@Kcm{BLKaJRUM(p5N`9qX&0DTNUW z=h_{_JIvc*C`??fjc9%@#HBq)?~4ugOT90i(C7!#2V1qO?F_><<6>SiF0HH^0%g!;--MT_6kZ{scOjw34`( z6n(0Iv$E&No1>;7oggBTGL@tK3|VutTFGK}$68JGT$aiuzo>H2&{w&2JCh}$=-9KK zf^NpyTum#11d`kOJWIEMh!yH=2R7kbV|hVDcni$vuY`XgI`dm1`!ugdopWi_bjO>m zQqKXJPYgLA1(9|&@6FW)1%%n^RYinZCx1<@nS-89YCO>*Dd+c(hU`qTDe379@*ME8 zER<^TJjiy0#VljV@ahp_mP}){%I?r0UcBD{jc#%jpa`t<3${}lIu~7Tt5+rihp;25 zR%5Al1t^$p5#Mr!zDJH%?EsiA7KCOB*03$gpG{9is~naA$tfO#LJT*WPTt}z&Yi>K z^>{`d28q-?ViQC{61UCozY5pv|3h>m!2)C}u*sfMphu8C(^mM%t@Dyj*`Y6d{AEyl zfIK1PTTVX;19Sf{{y*LQL2l(wS*Dkkly_r_CbnMqyc`=l_~6)J zD{8v*6#6PDcJ=1+=ZD7{&FaL7+{1Gb*c>TE1wL=jP+oo0C&9l^GxQfJbwOtMlqzgy z6b%rfcXd+ch2$#PBr*k27?5d%7MG0ss@zK{220m$3D4Wt@9JQ5g{CnWjmRK6o`XUxds8QVkw=Qy8n$ZVSXz!opW0n7O)slM)s$vQ!dm`7)?k==?q_(7V$LYzVGIg z4A^5V`a#4bet=MXINCoPS+kAUV7m7hq`2r`YG6~JJUwa`*PKJ_BW-qmEGeJjIQCoN z0bn3(ZSi!lntz)d^}CU=sJ*ZlBEt?uLpNzHZEYk1{(Uey1^MvXOq&--weuWqL>jeb z02JnSc}^xFi}uzaqW99OW8QLUP(Aq2jr@S}IzQ*cL9#uIF8}RHUz}sXG=N9$ow0 z3NPQF+TXq?WHep;J&+tu`ZDw5&LXZO|Fe?5|D@~^r4ESCEy6kcT{g=<7e*mz6l;~Y zG#&HNI`MBpN^?<*38kl={S?buOhZJ8kaFR~KW#xNwYOaqBAu}5X`LBhB_txt6mEeG z9dtvV3wK6U4k*yD^9YbupHly^#fXq?WS}K$oc;C=!gu!5*!6T^z}OASjiF^Hok<&> zi1$aZ@WXwZrnBqEygd;<-r}wKI)^|mrdcPS`wv=;K}8Zd({EbN4jHhSTaKO`y-PV0 z9`r=#(q&6&HTi0h<+mjiKhlcybqzF$9$}3+6^hhxeo%-ywsr0@u;13iK8T>T{x^!tPFpq2zvp@GU?O6jtgd7q-wRrm_B3AdjBR@%R1ir?{g+%xzq+NKK_jYlk zTeUeao_(CJG}m_1ASvV(F(RMjfxGDQt;ybc{&{9v4r129)C2?$wyBOnxpV=kkgeHu ztW@Sb*tAUcZNTT}kK<`~;sS!MYpgbLn%tndFO}uW2|iUFloxa{jyYgbGaGaO>4lH+ zK`Ke)SgdEiI<|e|C%bodu=j|#4E!1nd)U`(IdlTp?^N@oU2qDs=rUiXl#5LUqc60u z?eOt2qT3P?7FegiXKAKO$Z)ZJQ~$HkwUYpm|KnrvbP8!z3)}E17xStr>af?dDFL|F zbrb6{)7(7-LJ5rmRgR>Db0e#_{_(+PZhUF4KGK7x+cM;FA)Avy3S+e)_Kuu9*nt?! zNI;a`1m#flQIFxgi&Q{UiPybb#?yD({;-kk5UoZSMl~#Hu$$pI|#d*z45uRX8 zVU`wH49P4;GtDNXeLW&3H%{)XOUdoK)g1b%IwF(mAn+omC;&PcLL5DN+29r0wjYO^ zH}Rfl96Yz953mcmQi_$usv>x{I`*3(_C+?)$u+T6Ii^ zGtHx<_~D?clG|pyUxxomDlP`>AOE?96s>0wHwne;mgl%^WBPGdi^){a+>)#BxiZb^ z1rPJA-P6{Qjf3Ks<=jud<(d7l2&0hbxyj*vJZslZAMD=XJ#IaGFuN1?^E6?K!(81( zh8Ov5J)CQUJI<-V6E+mKRVzr`S$$C6FRw>tIVBk$5<#QBij&q*2w&j^>ww4w>pm3M zs-J!DQ*KH5whx8DUh@6B0ldjKqtO@zt2o8;Bu-ZjXIkhT)t)U_9d#GBoD9(Y77~Li zXSYZj__=-l>pTM@2XD1&f~h75ZnOG=$;x4pTD0apBEpGE^Q?8!lab}K?@j!(<)0r_ z8Re&&sq&RI6nk@AJ+U0xukD^UsOy(Q74B3K&K%QF$Byw*d5`p2E_a7>D4KALU9vx*o4T#Odf7iuKz(NO+UyvWK zpgavaCu5pVB9(R(fhR!>mbI?$|3n+U)bo5$9=Io`qtEDQcq#onfi0|d|@3Pba{eSaH#v1<$ai`0M9cuO05Fv*tW=$)3t}Qe|7quq~HJ1PAB*G?oNy9dDvW3Y$FoeiT_e#x^kBn&2v(OoyBC7RRM^P2I z{80oWIh(MU%Dccn;tPt(q^&>DF6^wO@7=_wKiHGa+X$omA+r{ynPD;i%{C{l;jQdk zOh(gfsY+opkG5Pg{313*jkZiu(T6w!C7~&+HA;xF6b%_3#A)yAqlleKLe|h-NWGFn zT8a~1_=W+4LhwEMeqPX3a|+so(KuI#xFvtEvT7`q`rIxQyHwAW6_DeUCdZd#it_tI z1Xf-yL;yXec3$%291qADLjm&F3G6 zW>%<7*q7xtQ!?Wr8&{}m(39jxNzXeQF1S5{qgeb4r&M^_cXPftU(-eXaX~4n5_EEy z9}%vrsl11-tD5t^hZ{qml2g%%u(6e{OZ=>&ZoH%@VZ0zpgC=hL-1NReedwrG@zLo` z-dw*;Fs}lQ;rsNUs?p%FvstgL((F~N%6F%aziYQ?rxB1rJ+ilCG0gVjMJ9rpS1}I1 z+tM*f7aOgh1W;-osW;PpG;fxh*Ll6lQEGzNh=G0yMJ?t;Tgf$lvVo8?DP5YNLHe~_ zwb6Qx%%Q32a)!MwN7SxPE?`Fp0}bI6D}DPDmWtWO1?6z0Uh3`nkUP|=zWyaAEo$Zv%zPs>te9-SGgXr`E1&N*`Xt zb943!`&&{-bWba5t=%bZ$cHgKsDuzYhmoBJ!~xV!?s2B`Err#A3y}uduCUl#>V zk0lfkuI?5Z-D^*GrWjLxy8;nOF%MHByl7*522a2gu~Gw3Ea1I7dvCt`(8RL4-5E}h z0|b~T16YiqZ~}4hD@#*fiasBnjUt%kie7eleOt{1;$=uy5taZ2(c79Gj)4 zPBV<==uZ5Cq-bIM%rQ~`QA?$8%I!nfP$ltw*7MT6Xh3cqJ6?mlGXWA>4^&<6;>(wP zK+x>f8KEEnH)PuoSJ$oO^J9A;miZ}-cQMq3Q()Pg3jlFHuf8$r@V{gk{EF@({LQS- zdbX-38&L=5STJ6yrSW?x-KO{WKN9P{0%9FPbFY8I67*CXVmR)Ywz2u7#)S~C3^nJc zXNR3(mAm)UFSb9Q$FX?zw52^clNg9%tYkaI)vCDkkF_sY2T~gHQbx(D8*+jGxdQ5_GWx z-Ji}x>+{yePHcyL|Mr^Y$A8Qs6241yn~hBxG~*P0&i2bCgG8DP+a*tDHDDynoE@T= z)Q5@`tQ`?_;q0eKECA-@R-~-?0zALC*c|(ABz+`=OtbaO{7GhB1er5MKf&d^I(D|J zerSeQcE=VxtCk6Ty<1W<%ZZz)fw=UNZoAWT?Gme%scg&bb_36N0kxyH2fHwlV5-Fv z;Wvn%Y_;35IP=I}NlCRtA9ac=Q`Xa*BecFm%=CkU6RH;w>f38Db5_B~&bvSuT-)D1 z+}5_ZW8Ob-+Iaa@kE7k`%CXM?-#2BY%$l__dcRRBOZblbgVz$5Sva?$o59lc_NlT~ zz&l`gZwY)1h)S0%s%`27#Fj80s+RrDjmboLWoiZ%g{IS3u~&U{%|oMhkEgf>{d5$A zLz-Hj`K$4fCQN$q)Zq>{DJqf~@Dl#vuU6;(Gve?#qPj$N?n||Hl@So_$RI-Z3LnK` zw!FOFC>o@-e6OmCN@g%uiJY8Cy=UNkXOV74+U{!g#Gu=_F=fubIGnA&sP_z` zHLrMO=k+uEM{0E78xR)}ln*=GoYcxhIvE)+N^i%#F9XI$&w zLjraPrCZK%HAjDZmfTF^Wa#4lZJX3Y@ryOwVbWV5c(1u^Yj@4g>&1a2{#(m?+#-C! zHM1v060yu&Z5{eV$l0XL@&`Z*h8vfG#Iba7R-Ool2!jeq;PBYZ)hO4w?8~*_>AkKJ zt2epBH(C|CAlJu;ty=HR_eTao3U0c0z0ickcAi0j;8(u41>eQIgV+yKXJiJK_1;*l z>`PI>6n67*Di##7EGZTgyV-}jf(PPbvfRoYUE@e%zNdqJ!QZ}#UV##%KM~%_=muKw z>H{0Z*c%i!3hWK5<^+?Bp$z0dNNiF469zl!Yv;)$1@54?W=+vwudAoDk%#EsFg4L=qX{=zpmBoZvr>mjI0zr4T*FmXF03SdRbSL8t*vUsh#2|}+Z0t>!Q_vX} z>ohm%`5fyaMCb86O8}%4RiP>G`(NA&a*sGD z4f`b&7krGa7$;Hgp1wH79Mu|AhLx)-q%NMfo1fTDf-dRGonKhlb0v8ZQe75MUp%O^ zle}|g#^<{XF8R`J5%YF;8mNyu0URoWb0JkPY#}l6dt?Yr+V)&cc9rafDCf_Fmy1c1 zH}N^w4b__106yA3#*;c;^28m?8czM21Njk ze`4voVFtfojM4zxy)PVLa~ZkDw_*w|Fdt9+venk-2bQB%CG|NK+(Vwc4Q^1x_S`(D z3(dsNLV~HBq#6$O8+8a@==`%@5nWzog&6e<5pN<}jh%DTY{chNjye!faLAUL zs*?pU@|ega$^Lzg?^X{b zIkW*g0<EU}3PSy3nX2-#trD)#c) zDwvYC!tN47hI)s)J7i%L!cX{FoRgPq1crtNC@6>*(VFthr!r2m&g7eXD@Ysi zV_gh7-mI+pvl+}m8-)6NmADZ;%@DlRBT6!N@tg7<9F zT59QjS%oapx?JaZ^)MIV!!(UNj4Tt&;c{*et*Evgvw(AyRC* zJ=a*{MT{5m7JM1BM@qUXa`i0`6lL$D$d9+A{F_G2m zYhuv1Q62Bw>g*gX^rlv=5pPso9wKhXsN?m<_&@yjHx3l6C>&yMo%R)fR_~7i+dDtA zQX}+YE>jfwc5b@4zY`Tcp)#^B+nm-G~5mt!eCS!}Wr* zP1GpVN0;MPny70}*B{s6XYmqI4G79}KYMIBlgR~i-iF#Km zjrt~!P|E!09YF-o2%H%qPANaBDC>Z|D>iTE$ugc9dHkkbi{ByA8~g3@V41_9)5Jd3 zaQgO7=pSDp*A2b5&@lhqMvdM&r3ILxW{@96*$j~q^|JGc>5jjHkaRjzlcRqtX;+kcib@cSPzSI!PMkzNJFa zy*@jV%tat1@7q-m;U3~e|;VGf{CZh{IYHh(GrM=LQ9j5m>N!mW;#&u~V z$*ciPttk}Ti-I1W8Hot0zg>giU-SbkS)R$- zS5f7t8GF4G2)Jz_Zg6XJ|NQi{=PVv*8${O9cPZ4J?M(H7?fpinP?1Tv(`7c|TQAUp zLC=m2i~+S5lfF25+lg=AP>M;3OwybeT|3V(wo*%WDCG4RHEJXam5Pkd-_#9Q%~XiS zG3r>4inOUQ&3YkB7-%7`s3WdWK!2jJ@R8H+A#o#kU9KSbsABq@WXb1zG@iZp@q`l? zmjl|W)S%z>CDn4><)6M)jzK)AqVYiC#VSoo$5q>Zg3S6KAT#69-!&4;_fd~D(+9U| zRmY6)imU}ijXn<%9jl6BzBc4lp8In@&JY|+rXBJ&Y7#rbqRU;7^#V;)#Td_VT+p0*3N4VS#ezcE+X|ep@wkzg%!Kf%E2MyaBODoXKN}0;0{vxmY8zOsT zdZXc|f6w!{BY7^{eR=OPUN`hQD&ncr0T0d9xDaEKc5!-cgV?rZJHdr=Yz(cqOnq|1 zz()tAm(00%dVz|=RyQAGW;xP&qtnjf;yTu--6Z3=lv0H*iYRP&0mq_{NkOAa0iiFd z<%`%OhOm)&=@m_vo{TpYX4e=!skEUU7ZN2{vq}f=d1~fKFiCx|f*u8ged)3XLU!^$ zbbq$v4Za+;QUS`Dw6%p z;j1Ajtos06iGd=s~S1-p63>55RTGkNlO^7{hHel$w+U*dshD9c?#lF zbyRJ0r!0#TeS7n2Udq@*vBq4lTZ?pFPDmr^I=%iS%6j&KYrp`jz<<5CNB&_z$L&>i z95IiR@%9WEoe;CyOWJxa#Erv4>8(`b5h(1aqa5JqZ5ogbl@FLGB z+Rq*Ak!tB1ai@Y_cNOY`)_d`B&%D>KYkV#JLm>2rNwLC1iZZx zd0i{2ET$NgnHVVkz1q3YS_F8_T?=Feejk>n$$wbh3c22ml^jRsMlMz^IaCWHpO}UW zhP;`O`qi3gzh2js-ZpV3a^Fo|>lP6f=~P5YKlDQSz{!#br6%wnEr%^K%X0$fz2Amv zds713*Oyn`QydFlReU_NugmtXm$x^c;Jur;O#a93l43o7kaA*n_$^ttQ(A8br1uh` z>joAI_jlK2lIi?fxzedLmBs@|^^BRZz~aOM%&2eqr(X`xD(O;go5BAN&QJmY?l~C0 zBD0FM;Fuq!1jZiR++%VUF7(tah`&h>!6h>^{QpKFw3NSJK8*G@x=y3$B;(Xjo@FHd z)D>t&_K(Gr_^7+o`#-3XgAMRc|FwL17({}#WoobU@9*_r{&bm>LXd3D&Z%Wu^FOTgzp}WT(TK9$ zF62Z~`^f*|F8}GR|34oRnt%Zfyo0E?$)EnM0ONm`Wc;sB-eUUrd$UPr6RkG=^M(3< z{@TC#1ww&`yYPy@*7*3py$eF{I%S|Dy+q{y{zU$(pZcr?3AVNdASbH-x#ZHer2b#7 zXNv5@lYB>g>->Mu>%Z+1{---5f)P%V-qVAKu_o?6G#UTX%fW}zR1b$kHYkQi3Kb*L-p1fg$+l@l*8w_MeaW8^Ne@bs}k}XaDTS|MD}RRZP-uRn4x@648J9z5nXM z4E5*ehQ-Q3F{wiTv+JNw5t(029qC*AiwF4^e=uJe?kQf;#EPNGe}DFWamhc{h>GE{ zZ&(MUVOss4EZV=hurT(KP^USBa|Z8!c3sG)&!h%+V5`3RH(&nWAL0LhegAx!|LgUI zSX%)6QCy?aSW3TsXQIfY+G0wYw{)8ajP@|aU8Q8xmTmLFz&39O+%2f25Ov-Om&mRCa=YrcyF zQChWvXfKBNgtQqv!&FQT*>R2AD#(bg|+?9&C3lj=37Lwvc$2GB}2J32-l>hv# z{Wt6M_-Tkx#-?8wz!zYihd&WIbhXS0REkws;1UX8%=0w9HdTek{7}%tVoi z+_YuZzv)(W3@VmqParkOc~^<~_fH}A@D!jmoeJNw`8yJ0A+06+ZLc}tVHl~!yxev1 z4TE<#Ep%){WLBmYpcVgH%b2kYjH2=}ncSI#lD=Z?Xd=J-=0VUK1zO!+K zbFjN-o#w1ez+jMC`kHBSrjlkB0HV9^l+^A5@V?S{$#W`+)lA=gw>$`Pu(;r~08!B} zNre9cA)Im6r_6BDnOpK-D67_!eTO5^}xzm z^uG5@W-*DdYP$MevlhVv^W&*mH2nXG27o7S`S-_?+8sa?(8%X1u!`nIngyS8{^|4A5nT^-!y#AML<4e8cghsSXfU3$A_4Q$#G*FQ>zq`7aF-fm;kl#?slTNj~zrCmhC$MXf0JVQz z6K!LI|E~{qz-zD@Fe5v`TYLaX`pm(!JQH zw$0naXEu}=bzJd#g2p=>u#eAbijG>NDAZ}U);Ytqkpj50#~(&dM-Uza8-cbXo!Q~n zH=isImw!4KVEGb|8| z#2RQrNR3vFARw_W+I11tfSQ!J_!~YiAltB;pB3>D{}sQi;0dT+RX(UgoX#IgZ8QjH z79{ybBOwDt{iy;X9^d z)*Gns4cka_FV%7wU^8N{0h|H`L6zVBc+%)Nh7Dlq)ZT&jz5DE8vQ9%GM`4mNm@ayo z(Y~jwVP#ZkpJ=8atFRMpQP@hAZrc6MS{w)Zd%PIa4`Lo4(d9`@7F zBL2LL1lX|_XdvIIaRKBw>+%uOtXBU*R$MD2Id+T5{-!_Mv{Pr*OQn)D%wqAeKtD!D zOL`-#10JtZYd;u+LQ`dVp}DVo%{+b1k2;kR^A+l zLt<2e;J$Dyx@2kG1Nqiy+)`3i+}1hk`aMl-2^}UGtisVWm|_$7Ud=Z>KX^73QIY=e zoeqoCEO}km?a3ybWcZw_dSbmyCgB2hbS4*x7^bKWWbp)viE zeB2J{LT=47N=_?C2WSiA8i4t(^c+PIiEx!b3%0<0_g+C&u8Y6-P(0(vl(E9DSN zlr=#$@#YLDZ>6ZFym;vqR$2>=Qz>(fZvY4%Ye2KhTtQwMK0(wtOz8uYrFvwsXO!~V zDdDJ-g}}s1%{VO=ZHr4V<1MC8D(*sairMV1g2{(7@G?`d8l*Yo#Wf$uIyGT2s26z^ zeqmrZp@WY=Kuu-|AQk8uFu-hkQ6 zuJ;?twbl!}z@JE}uLFOx0lP;<=vA9|0cMF1qe{=KTy!B#2K?-X_6BV4bIq1OyZ-fQ#R!u1wuyOU?mr7!%mR2WDG+VFPRkvu~{? zYn|bhXHz-?W-f&YcHdz@>oZB`=T9k)1=a$XcHzFiLJ8x-Ay{F@1r-4hHaT^Z1-+(M z#>R2j`g#L=PE}DUjHa9}6)oNKTy6Decc!vLDw+LD7c9#`a15y0lbX4}5bS;7t>3Zm@-cSn(5gzO$mLF!6E!tAU-e?`pz``qjB z5M<^;ZX?xjy9Y-La-BB=8zc>Pe|B~JCv|PY5{{uK9G~PqOf^DB9?O0S9uJxC5K>ogU z=F>u?Q*F`n@qu!>@;jLoTLnjd4>K3lXD>A0lelZ%urb)KBZ~oWMA{` zul2>00!xiQa>Kz>;eQX4XM=x~6^nF#nkO&=_{j1Dt8j@R4}m;>AAk;G1%(U7dBy?4 zl86FNc~wSmP$%Q1LRnNUS@F9SqaMazS4pwYyk6_rNf~Pb1FHg1CX}ioWU4H-n(uE9 z&f}YJ-jvS+3A;BC+6OYqod0ty%(b=s%YE1_)HKR&f4&Y#q$gjG>?<#171bX@*}d;P z6wo;=ks|*TX07v0wXNHe{I$0i#>{6D>Kxd)Gn}I%jE}yZoh6t?I6E(YV-ZsXHDW&L z#iq5~LK84#HWM3DG>)J+vkC*A(tL+{&ib669p9e}UkXd+g zEO}Hm9{19&Ds}sFJSi ziX4P2b(=S25a$^lsMu%~B5i^2)oMz|+taZoyK96d0{ClKqcUj)?;c1uYWU8l+vqbv z(BN9*=la)PF<$~?(bSF(&sj=oww@`IiNRkUPdpraQmsa}Gkp#|hWD|h_TP0RKyCa+ z%b5U$**wGdGe`%ZMcMJJc87u!q$D1PLOY9%?(fD^s$s92etrG)HBg*{sy`noc;q$| zc_N3$s}R!_xPHo4W!sV1c!n>YIDd&1+usF|{)d%z)A(WFL8>1tB4mUxk!`QdG^*VD z{*K-LS9iASOSmv)f5{|Lutu(q6%W7xm_3G1q`6%#obxu-QC=RgV*EYR6X7Xn?{|&` z#~7fNLuEX8k21=2eYqC-_SyS-yeZerlN{bXz$t(Xq0ozL7`YCf9a|!t{5_Nr4I-i?<-==SSRaJ>(0^(3rfSD^0q z#;ome)RCQ`f10wnP+xnyqjUdJJ&cAAw5h{BwDr27n-Fuzs0pb-$Qp0Y=i-x;=1Oey zI?bA2?uI$d6dO1m_q?rl6}UMRQBdmpu>evo;1}}({5~$+@7Z`;fE+MK&O`IRv;ZVu zM1o+a@j{zt#UGq|hq{w#gUC9D(Kc5HaI}qV|0hQq1oE9D-LLzh#slUWuu}vDTgIgl zS>Lej8WpXrK&chz<`3Hj7?CvyKRCPP;qh+YKj?{2H$WaTqk#4smw@qyM3lg$p`7HK zW07nUoFNiHpceM^mrO0Tu7K@c0>jgt-g9;kH|>W{4A>RE!g<99rpQVz2o^Ph9Fd_I zchGy@u4`sOMaL@Hsz!}-dH~CbhzNz5hN|%67rlp!`y&+%#6-MCwC-3*H-)Fy3LO zf}|{)kX*=b}dZd4yhr*MBJhTBpZx3Ii^74~L z{dRoSCw1tR&-tv32AHB^ZTS5u-df=jbyTjcM&Wromdv-pG*#s&Ce1iumo8%WVo&hW zS9IOMkQT{_gHg5sxH6#ZT)$h<_my&IG$-`Iuz%45ep?uc`Fv}vYrpAwzx`b7;O2Vi zzQzxgo65`<*Gn<>6QpP_xz$I<^Gr!z>7xL{EX0wu`?8xNa#~KDX#K5otsdz+v-e2| z1^pAErvmp^L)l!lbJjcx@U7wOvs7kKVoT^s;0L{lAN8BItI*P{tTD0poF6OTg<>#J zZruUfX#kpbWbj|1FoU5tQ|ut^%r?v1k-|@0^OGDpBg7f9{Ocf65egt^d(5({rq}Jz z)eYu&`CXw-sJYMV77&0L#OJWqG{2t!V$-EsQc7#BaZ*uoCj$vgZL_sDBn+*s8QP=4 z2?$8S5yX7lW?``VQZUAbAdW^co>kHzK&g zP`|5x&~OqV_Gb3-Xw7QL^FoRj_232WyB0-JX3G&$1I;%Q5YdNu78=09x2m1kHy1nb zG1BUh{rxI_77RyWE?wZf-VT<#XA_{Ss;2EjWioFP4fi$}Q>m^n5@4)MkEai1pjlrN zF6hoj0k)2BFIGkS!|bF8DpxyXqew8><^fCul&H5bj`KDM@GOhK>Xe!-*;GbUL{_E;wqrNb7BgG-2+H{0Gh2HKSOz?49P`rLjuTkTO{rq-K@jJHw zznccOkXQhk5=!}p7|JgLa=0hH$P82yw@0WvyUV`zO|(Xk=;GdQOwM_qcXp(vxLN?YNxc_6Je65bD;OkI!i3vUZ~p^x-amMlEeKDz|l^?jUCifdf^Og zW42(9v0}BDlK1K3@s3cO_-$>?2@b}(UtinZ95+A)UK2sYLy0oxXZq&DK%RA1+e7vU z+fLt`twu(uM@j@qr2gnTzTjtgY`cJ)TRCUbtmTX)rNjdA-tOW zE`q@E@jJg&vam@ZI+w{HApwhVm= z2N(DdrC3$;Q05|qBiVOWn~I9TQz)Iu$5OXZJ_+E(E>%2}+lzroMp}&Aj2yMOayK_RJu zBhM=F0RT*M_oF-~gr%}{&E{&X)+iYrR9PiAOrRj9+{+AQI7aJh2!D3N%+w4Vnidrk z%vOm;@luJt)O};~w18Ngmf4&;HM#J0k_FFU%M&g5uFac=U?~+csW$S{j6{6z#I7_C z3|0L5uu&Lgu-&7M!0xREdwx+V_mg;Dh{Lur6vT8NVq)KRLjetB4iMt8 zw2qAl_T3(Qjb7ysBg{hNys}+V&_=(wNy8XHz`-ydCV!!%cl0~irUtb6#Nj&wpb|E$ zQ-JaF5#$4ywr!*GcnmEfaO=iaiCihC3)s`xLe|Z^=Qa+{na%HjR(PkAOzFqa?cW|- zqdBFS-wW|_EdWtJvZxSOSu_lpxm3Nn*OC7P09O}Q=Q)*#l%|=BL+}DE+u%3ZL_oA& zVUSC2o*wDIHwIxL`fC>)OD`D3gnV=yh+ADK{G3@E1a|C(-BIm}v@THHpT6yDj?UvH zHHF6@4TO{n)fhx@b%u{IKftI}Q~}#yD%)xMJ4p0RZSyU?k;-_IEwFaAfSNxSElz9( zbkMx?wc*DGc~2zW0eRJ+Rs@R%J=eMn`&6N}f8-S;_*r-6n0V16nn#?j$GtYX@>JeO8Xw6EhxX#!g$Y_916-2&#e0?c!x zE>EZ!d=6RiJfAVCm$ksfl%&h}6(L+U+XQZ%jfqp?B$ifX_AvsXE{Fvs`-^zE#T+&U zA`n`{=FlMy&I(g}+&7x`PN~fnB_WZI9S}ccr*WK*O?J zbo3~yY%;#^!LbGiOe{DR=2}g1rvHej+*EpV)AAQT%L#Nm+lshX)Ysm}njD?CjItg50lv;l-~ zRXM;On*4@IGWHbEm9~FtRhdRpKbitOUJmbMb}LIi6m|(ojc#WUe=5O`avad_0PAjC zZ3E0>Z6b>a%==Ruon0xf1XAv0uo!Hc}A;uvSr1WEohH+S2=UiAjw`b zY_t?KSL{gFgXR0MU};iMgyiW3>URvRbz8Z~Fx_m}ClxTfPA!u;UuPdg41L8O1!mY! zC+)t)4?^I@AQ2Ws70C6^F8a=EC)PDDuG{GUdb0vrLc&kis50~{Wu;W#FuY-=53k@7 zpW;=j62>TJw199yN-H&J4*+<~5JoAHzb&;r`akTwcRbbo|34ljAxV*y)ll{*Bb!1t zImd`Y_TGCOLdXauBjRLp?9H*sh$8dIAuD@tj`e$&V2D$~jt`6;eQHk#Mq-H`nwz&g$(AWJh*6u6`Moqz{OtSA|e zzo-29{2!BpSMTE_7!+U5F8&hvoOAcO$uWX^{~f_4J{E7tUOLW$=o&hnt;%Q(BKudC z=7G5{@FHm`AVBV0)*=5oMde#P{uDt6KlcGBFqEbsEezZU^W$qv`5zxYOjj>mHMz{=qV-p=T8-(< zsS~}^nLyQURdY2U0_v?@M#?7uQoRdn=4eF#K2iXX9BA!kKK&mq)ryC4%g<_Xa6)t}z$6}W*|#Ztal0Uas0L~Kythe=HN0N=GgeH*+B zUAXt5hPu2~&%4!0{nA-bUUEnh*J=!SF5rkkb8tuHHd#%<1%IGez%ie;K-IYi;HwdE zIk`RP8>&D?B+5@Y@nP<(f)|v3`~(MYf#@etnl1?fsrD_p(hGk+^Ci#uFWpv~35O3MKjGGGF0| zX=s7aF9g(Sg@{j+NQC|0JxDcwS}GI0+G9f9GLy&x;k^l{(^F#J&T6AJVjO>sW1oG2 zjs>j9Z#E!_xg3zd&`|YC_GC~*zMj@Mg6Jv0rzuiLHPV^oz=S^ z32nda8wlG4M3?~*y%fiV=j#}QoUU(Pecbgs@5cSk zPKNV!9@K&wttc(M3)_rL*m1Pga{`lYk(?*h#cjL{W z>(`O89_z~H7WvAo6T`}^6{lpvKmw!nH00e>YS}vH6Tc#2QZI9qMZl3|$OUY^_hKto>F@B)h z(YQ)Ek^5%Wt`*G#v#$=A0njXAJZ9dUOvl*qkDDXlbEt881v^vO`wtflt~&0NL+ zivGczmMpDBYpbcKb%gbPtOTyprMYyn)^YXVgW))ZXyb}CFNK) zAY5|G13;Usw=Yfv@#{;BGL($+IpnJP5Q$tA!)k>0?viN;y<38A9NE#LKbrvCcOmyR zJvu?Vk0g|Ci~Vib{dIdB_y~sk%TM1UTdId+0EL7Jm4I85_mU=#+X-lJ9L|7)*zg9B z6!c^%eVDGCNwh9>Tvh~l@C9O3oG^i_=>TB7HCz?^N>g$Zu6w}kJB?(=MH$-`v8jlI zK$|S$_hMc<#n)AYnhUzuljbxsI{@8?#yQ_Kir@aRehasUMb}IA5z-*wYo2IQ2NyJy zzyVwo+Se?zTMa}+ZokMw=3SFO(Ek_wJR_mx8B)yMCHMKI+CbWm}La#ONF6qL~r zt*_!M*=%9R(}g6|f#zLVe%H2@JmxGCKC9=@D99)E)Gq`iH>$s<q)BJlHlFO^px6X9eq`R_V=^&Fp3=i_dE4?ZJ$ALledVLvlRp&}4QgAJ$jR3$Dder8XEg$oy0Gv&p6UW8345?X^s?tCV$0(3qnBz)h z(7wba?ttXo;?V2&SlHOG#RkA0Q2^3)OxT`Dun_}>iOOG!8UpUJ9>^BueH3}wFjCyn*;Z3NR6S#K9g;@dm0MyByE?B;Lx~%0sr!ZO6zdE;YWvh0j zdPP!;79~!&wE{K)d6&(PR&qnDr6>cOI+Nb>*V{~%T96ZH+w<{}8vr|X!*6i*2cPtV zT|{W=!ZL`;G6Ji`uYvPM3^3{9?TG7psZi91`c-*ivO~0GS!2UeMfxAX{9TceHEaz6+o`n2h?-3Y@Bv=o9*&P$Ta}u z>Y4%gxdskITW&v0<7=AITf&fG3mCA2t`6(k^M8{7hkhQAoPaZk%D|_u9UL(LGL70@ z8^>^us)+4EsI&*2k{()42j^|2vq>Un**kNVB5|b*u7_G}4W_eOh$}ktJv}r}0#zIC zV6>wKy~Mvd1^w$l)AN>w2nEw^*E~HC_5|!G~5*+UrYz+kpUNX z#aU#&)_AylX|4wRrGWRI4Njdo=0R|~>W3Mfy98_mkZ$SHF<_dfkX&0U>0q#?*d}O%6has7of}Bh;VbAf7SMogU*lqD#M>Q@PF-UlC!w3UDSH`)xX;0&f)*x zxBIW7^M4=af7_baI%4!2G(jqX-88nZ?C(GR&;JCn0PICp-WET2f4_K(8{qtBSsdhlaJu>@ zaskjX3xT&H@p~9`a0e59xcncL5KOnh$EM-sCI5R0JblS@dmit1IkG*9XE-#-nB1kb+9(Twv?UOadQyqJH{qO9omPrugy zU-}W=hd+Zd6~Ly=A=7g1Z&>XqK%04EFSq{LKxu(@uIb`s{QY$K)xaB*iY~11{mIj& z^r(aR#Szx}S@uuPEHwxioA4!v zl9IolHg2XPcgyy+i=)Adi33dk{UEZue+Y3r@9K+qu9>0ew?8yrN`44BSB1Q_pMLqeTo%=bQqnbGenFSukgIFWs-~TGHwj^G=_gYN{sE$kkL#ojq$2K`qWp98((`=?chsw{C!vD`d zG_hV&2({p-#ce9c3P`dx3WvYuwbL_7<5(NaV44|*i+4%0>}EWWb5#&~$9w7XrOS-9 zO~FwoEM`hrsgKr+aB5vod__Nf+nIZu6;ukR@Oq0N<)baCs;w&pOV7KrmVcbW1j2QR5@R-rdPgVGRDr33&uI z*vgleYG3j_E%poIjuFpO2aLh6~sFD6nFR#>%0Ka z#oo#OM2DRb(6JkZJh=M5+l-l_Ne{U53 z2}v7QlVdtlf(FdlMAGKY#J^{rz?b^tC#jN_5FsNE886bcJLVbBR)51oC5* zUp%RD?1sgq_ga%d@`?p#8$T?m$`p^VcE^|jKLwHT>h7u%Ftl08!Eb*L(O+wcBCrVn zy|%>7?f@&H7Kpcf@*juaCnm5|ZhSU;ar>_`&MHjOGcW=QSOnf%od=B%hTIVf)GK~0 zV|mng1Z2HO9cWW7(HN$gn!DYe`6iyk;bI$TPND~Kxm_1biB|YMP~Q&SOmn|b=&yK7 zYEUJT%CQ}I>~Dv2a1B;le-Rbt#!2`kp+v_3-UEHl`j4*IOarvjk1SAfXag>+!1v_r zBFb6k;`Z-PpWOrm^frJ84g!d&U0cn0oB!gbgfgk^0J`L&G_vU<^shZ_P!i8TzPfH* z7l&v!z>l7T|J$^@A{qua^}I4eIfjOId4@2}_~B6+iMoxuzM>=SmJkSXGvpM_JM_iVm|Kn0B zz}Qy)Xg?W8%%mk0gc0C;g5Ch=Rz}Fj7ll6B4BtsZW;sR+f8#@bMG@T>WjiE zKtxJ_*dV)9Fja4P;89jne$lDUa0@^`Gze}Ty@!0QT}ZfL$|*d15G9W7gxS1NDQ><< zrwuR?rKuJm-{%lUjYR=`-cFbboB}D@aa>;Yz^)bA0flGd2I)B|y;!eoEJW+FZY$|< zMSP*XmRW^rGTNIo#ZZDnm%hgitar_=BG3L}A2Fb=VAM060#yDeK$Wa;HW?~KOqIPo z#Ta+W5em+PQ$7tpv(9PloLfhwimmlmu7axs&k~+T+YXWfY%}BP9Bb*-a$ft0hs=oJq)hrnKafZ47ICVSq zKm{_VsTBIVr0Bsvyv%2HyPx33z?*JQLf_;Pz(1uk%dYF_7`9Iw&k5Sa;-D#d$Is-x zyCqevA!JnmT14Y~mr+0>zw)r=GDnt!W(grp6e|(0Z0!W}sZB3E?Z|*VC#&lL7-W9O z@>}T!FOgwL#R7>J+0rmt-B6kz_A(jd4?UA%Ct$Oy-__J;y2YsMF9RLKfH{oYw7WZQZ8tkj?$!X_MANx{BrODE*;Dd|a(JMti@h`8Rj-Y^;mNV(4!1ur_=9L&%|yCr@_KOPe} z^dwmom}qYG;V$}KH^T6bI^mNrXpi!H5r;wz%k$zX9WjY`bY9`fFPCx}i=Z znkvo(Z@eml-C`omuw5x2f-CxH`EV&d9ix}Whh<7M<_XN4xZH_~C-)^jtXIjf=X|?dA`@ z64L0FTNomPsRV)$Kte78Hj4dsNbF+B1&mD$CW^9U7L4I0kl$C}h-86Li*#Cg6Ua;b zhQ2skAi&1mJ4HEMe^Bi>qu^?bvlpY7tXwdjA8Wx`HMYv;)C1|&XzVGbP0t!K@2cM$ z?I!5re}npcVWkD=jI+q&<*RNeO}7> zC-L0OawOh@JW1#asakk0Tvk@49T*`zf2HQvKt}Rljo?~Xztk(9uL+h1>~@Dov5@a{ zI?v>}F>&Bgn=ZEKfSP37$W`hTq^0+`QD$bL2}B4U3<6>*ZlR@M@D)@Pe5N0SpV9&& zmQ=6+u6LzND{cb@@)*avv;h&Oj1pNn)PHYw9rSJBt8+yS*%l!mB1xW4K%k0<2N2V4 zLFMd4ex;c~;9gm%lBz=T9f7l~Mhf}U1Dt~KwaaEe=i%VH4!j_(q1$)$oVcXgEuvZV z^gY*>kI(iS&sJ~rl^DyRWeOP}gV?UJf;Mq(srDAp0I-03ty|Gv@cr~gt+XNPlk!8K zpBaE0gA=Q=J;|*EmzmuQh_#dSKZ#$TG;E01dZA}??S^>a!G?!bud;S^Ec;>AM1>sJfZaqrwPQ5rHYag^1Y?mbZC@nsS7c5z`fT=IY|81}62_l}$~4#OaX$rkVwI4r-K|&T9aZKdT5e#q08EaSnGB<3UjbfA_vUNRTk6n;V%Ck+`By!Du0y$9P?5Fj^jwn4 zYLMeWtMNi^U|AH34)f}IMeGo+QCuh#{oI7f0OAKSQDwKA3DLW|8!vCXw5ULoO~{ zOBEY{uW(q_AP^9{N0Fj{E`Q@ybP9xkW2eX@rFs@NNanou!6+jvGR64R^8mDUwa(9r zFkbXMnWklDQ(LB+xUh!#{GW0=H~Y3VkA7yz$2dH5m%uDK|4^-OTsRZ~jzSFBq{p50 ziztD}Qa*R}i`nS22l1CX?_5pzBEGOIA87@m{!~0qm-*G^-=OxP)wgUuH6jrdxKj$v~1VK#@8om z&ZqUjzAa1SEtZ_7^cAEamW%{PA;~K9W@C@$;&XRjAt+tMt#x+}Ro1(Oi*_3_46!Rz zcHRQL*$b6HQ4fgt=1RHX4bg8?mWADx_Oy=%ft=*MA7b%Q!TzOs#In#rP5!>&x9r1o z&iK_Zu5=`$`H|?*Uhp~*^5GFEHxo|n_G6t}ts+cU4JvyzK19(xXy+8*VyXd*j5koZ zjvp*|`}Y_p&v>aUtkaAyIY)~7Em5<7WE6n2Y!q$Mt{H^1&Pxf^uPyKD_Z|WYzFACS zSG??pSyIh@(n9%SK!~tk1#EPpdfvfB$Lph=r!Q7-PrjG=kp;pe2i|WT(h~?#_U|uh zz_O_iX}WoF<=!gUyEp3eqi})Gnnehq8UHzFx%O#MdS=>kIt03hCCkd}@ZleGpBbO`A6VohxR2ZT# zyXm354M|rd_1hV0bNearu9o*J%gZ?`;P6tXN(MwNmEa*TJtpTw&d;L@P;7O;*wrGn z*1#18bNX^OG%TE$E^ArVt23Gz=er&OZHFNUdCjgp$eK;@TFMRGo_VjK!h51IK!7{v z`S-SXSJT=*oQn+$>p{oBEP@YKW zWz;gJv`#%0LqCLjT)}Rlt`=$0DJws zX6pV=oR7`Ubz;!UI+3dj>y?_YA=u9A*#VYMBq(>!6a}XOY zp77cbLl^7`3HZ{Kr-r@V0{Em2+pYA>q9LhSB)TrE!t*C>{Xpo|h!jXN8+6%ztNZdE^ z$_w#Kx8U66x8T^Tzo9YLOoS69-1KBZK)an;k81@)x zi{_0GsIThgpnY))fShr%uhWr%zIvZt`iyK@UgfGPU7z3bAvwQ{#YlHJ0J+wha}3)K zNDfM(Sr7L6X)gR&N2-0JLRW%qU_z)NXy%Ie!HWU&D{uyAc!T{yhZ!j8x5`-TC|d?5 zys%PQBReUddQ}|#(yfJ0ER-b5iFA>Zse6t9(BU%4UEK80$0spD&jdybAlSeKH0;d0r{c^$6;DK2o|} z&kz5IQ<>USa9^D?&^Om=zE{Q+t%{j}j^*$rUD}EZ_2HgIyhLvr3L97FyKX zrs{RY)1mw@2uW6_s_=tk-dn1Eur9~9 z#w)=X-TP9q1RvH>%Uo5K#M+1Fl&cFC*Fu`5lNE)}cAn>=`Jpd77g9s6m30u@ErTnQ zpyzu(K$Zs@4wp=QZx4RM0*m)F!;;>Bv;2H^i_NL%{(x*?1gdE%@8i;#X3mo#(?R|M zd^;;)1e|A#``);1YU+nwT6l*kiatS9$?^qTP)s3QXY>bNOMO#dta&o&;Z)nmfV-?a{8U9oglHS za9_v(Y9}$57=cX5bj=NdC9+B8hB-7y$G0!@cL<81cM=O$HD)E0v$NES^d}%Xs>?e# z0o3C(J_MuY>#83YGrEW$0t6=aYfE9*?jx1htGg+g3LREnu)+D9>MUmk3672VL}b)r zh`d++{D+?N^(u!mjKQR?T#FAaSDimET;wA}y! zjWaABMW6*0C3xj}>~eFbuHPA=+`3!0hi3$rh4SbqBQgP2x4On&T+~|+te}OM*&EMa zoS7cgZ6VexKuM9owt+Ql0>$n89!HW@L}F_Ge7&y41|mfHH&mqs(8wtlYqdaYr@^JF&O_8@Bh z7_yBgff2M+!8Fc9A(k|b-v}S~NSyiLWUtdK@|QI}DGar`@cuBc80_S+_|$>C;fPBq zk`_ntq?DxON> z%D1R%5o}nz6(a3`3{K0MOl$m}Yvo1!ZZRNyPaTF_9u{<+@CGVbY)E06afu5jxJ0{g z6G&ADOVgKWJhaR5k-}Cqj#9F)jDAN?V4Ax&^vJc@8BkuK+e+I@(!)R|n^{}u*72&3 zsDvrD)E>G2_z5Q8G?ACKRzPX+4qCiu`<+JRWhxQE`XwBkD=em-| z-uKsbGBjS=__}DR*f2-2kXRF0YhPiLMY_+r=6fJcuW9ntlyQfl&=`4x!M#zRktM$7 z=l-tn`);rDItXSJ4OOZ#)Mg$i%xvXRWQLf$cc*@>_5wO3%^$Sx+JjsLu~728)}I#aBMm*Jl%`ce_7{oXIOrviE}b&x^rR z&_^+TjaxIW$MCDrf%_gg#*_jCi#rWzy=KDkJA&bMyU#Ov-Gv2x1|H=(qpLu8npN`X zS&Eo9%2|6|YV_Vo_w3=XedaaIqjf(Ha&ba_+rs7kl6PhLy)82o;vK+JvH#gzHwd#+ zH{__UHbQu_f|U5$GW?dPK#g5|oR$SBFQC*<2F#`4DFYKc!Xd5bZ%X@R`SWm>N2ksy z!OPok0~&=xD7bc~grUTP+cNVGBWalI-iKJc&_wa`Y~OQ=lf}<+Szl$JE0PE)_jxlg zvF|mGwysOLZiUs=!!v=)?!lU@J*q_wrl74u(*YsamF#VZ@-o`|apM(1o^O7R-2=a- z1Wd|Qz3K;|ICk}j*ps?-{h^+nQWNS2S@Wgs)?y8LjuI-E)WwsDm*7JiFjW0792)>t zU2)ozf~-bYBOnUp}tXL~9i05K%=SR;KZUYAsz=Fn=A%b?4AISxDlcItgEGq_ql zgUE?{`G=Sa>-jl!kP0;Fna0(0!2f{Bhcgaa;G7I}5G6{QlbYFm8N)(r6}v^oxz)Ys zaES^_gA?v2nkh`is5kvGBe=j*X&>L`1eaV5p~|UpL6R*uG%t_@1`2BdB$Vw{4v*1D z%QkdM3tF;G_3PMWi2=r}4Aa|+RcMinMiv}MzDC^hT1K$bGHAZt9tdiF8YBrZ%%Fb0 zQ|etn;JG<+-(LK{i7!c_dqg8aX2& zO_aZeWR{ekgVW!(-#16*aiHUJw;Sm4G^l#vT04FF`3nN34{Tk2F3dpuoAmai@SuKQ z(}lmiHfY{#u}%3ILJE>P zTbmTM->OqqQAlcPKpQOf)4XiAC2~SFkqSVof0*0r=*6kt`FJ_PS7q>#AV81=Me~Jd z#u3tJ4N;@dXc<>EYS#cAQ&bo?SK@s*@+;wGT?w$3Q(Ot2CIRyTJ% znekvw9~jzP2W}Qw>A<*C|B~%pFlT;eUhhxjM_o;gOE5zhC?RRyu3TUUmZ8agp3AzP zQRd7{v8r%k>$se z>rd$@?TW~DGV&_3NZ66L(lnK%+LN)W6^wBOZkU2IHsmeia*}0$uY>z{YeJWTL+P=* zkz9IwP-ZEN!+$xyT_@SSN{(YrfCe?D*joHUg zRME=>E-p(ie%RO3#{4Xwc3M8Cq%(B%P9L&|!H;TWX55IKcx@>nVEWp~}JX=ul8 zD^`i`eEb#+N@D0R5qlkW_Wp|_zzls8gKP-oYyZmbvt=o=oWcUvw+p(>srvG`)`BMG zwIK+3J0bl^1JdeOlmB@DkoXZxF1cy|R1=GS25Zv1KfwLqqe0O=GLhxHjtPeEhhM#H zp4A%^`=HzVU3Y`Zf%#GdQ1LztY8<36gJvo+W<}AO{I3h7TQhzVmB0v>&{~j&@(h_2 z!6DtQV!4$V&hpOFJOJ+&zl$Yf#0h-?eJ|$zgrYLELC)%xe(%mlvf5ju=ed1#5;e!4 zEN>_3i|l-0U#nSWhX#!+TK{yBl7(ON0A^4A4*nIVT!er z@OjFDnLRx0=M)iEfezseF&E_?D;bVJ5FtJu-Q2B=2J}?W3vVu}pSYY3BNVY;W0&kN zoQ!l49T%0XMm+(f%FmMHEgJ8iET zJ_68ZI@($>7`Yf2oa5iz~2n!FyZEC)vuGkv3jjsOjcL~@@s;v2DKWMBy_wuUxDAT z`$}LCu{740QYEjDg30>*s$TM;{RfTvNY-b zfhw$R54f60i9igk1aexLg)?a>?#J30@YFB0K)s^Ws`^bUK)LBEv3s}*wkUa<$WsRB zte`79H7Oi4uSWj7?k)S41UYcmbiIA%{8L)Z5a=Z>s*!ZO4n1^?RjsjG$s}PA-g~39 z=g*61w@Cx{m76_ks@iTlm_DMYtpuV@g^z<1k~;;1w|26x0cD7AK#r4-)umLG=2 zd{8l<95B5etxyFQUwFT|b?mbkM^8WhSjekhlhZTx^LppeF8j4<6OzKe0fXcK64Ab^UqtVi0kt@WUVHBCTDdUCKgh(jE%@_g{+HuM0rQ??zP8T{}G#s3K@10Aa=TcS!f8UQu%JvqrwZb(-=ag#9`-Dw02oA zwrZL8pl|x)nNdtR+;S~AeG)n-GP0`SX@tNBV0RO8)PK@pexz++b6+iuTN|>Po|e>d z3tOt(td~5G<$E?>9lOhZ81|DZE=tms5>%)sk@;l)v(Gs>sK^am^HdSyZtXPY8L(GH zIXNUw#OJVamft4C@`_?XwaFeZ5gZ<#VL0pg zsj!y}M{>&ix<{yeNpOr8pvE*}Y58IIwSu0lx{nN2pxA_h5%*?N*r!C1Pp4~FIO3RQHcCir4o1#2 z>4^3-Z>`Te>05c*0nB`xD&6(17_Bh7byDk#DS*8*($zsbF@z|1v0C@HS$xx})1%eSUnk1TUtGN!-z?gtALXJi*WU|f zK7vrvmVFQy5_r|Y1`cDm3crDn=on#;CgiTX?e|YoxD4Z3G#^y3pTP5Eb&*}wD)Fx+ zTJhD$dWg9*XJ4UyzfiBHe=s>`T|ght29AC!-+iZZf&HmzX`KZ%2P~R*<%UR%X-AL) z--jZ;?9FxgSy(oiuxYKRghAFa8G`V`*YxP50HuaQ=i8S%4;>w=e6huRFI-SOzqCF` zwF}se-Z{;>RK<#(*QkzIIB{TXePIgvH1C&lq>T@T_am_?8fO#^gUd2ILW^>8_H~=G z{oaU5C|*9!Bp2|h#!kznk!02}t2b}sSYsUzt5?K`Zvz689%&iBmjdh!y~tT$ay3(W z9L>enR%h@GmI#f-Cv!XpTe_;x=--|Co$yG*zUSrgyh0)Nl@YC!&(V*vU#9mI0U1JW zinnjgqTNhD#O#l3VCemPvLHKWl~zFKCVs3l=Eu&q)c zikXf7^3OaIwPYY>Y`>`tyNm*wt8vB+ln?_t=uN{0nm~zw7WyU?XWCf~}pP(1x60DhPH&6suhU*s=!z1YMxNQicKz%VOF~t`=)X3YVcaos;S3 z1}Ih`>Br~%kAb%1YojHUyM!$uLYz7?T1p3&xm5NAn5usv+YX8K`A7mUE+r~c#m*$Q ztkM=SIv*4!^CwRPgH4S~gX)`WGc!~pmZBbgg_?(H(>I&(;{9{EpOWwsK+<>_VE$1u zub|5C9^m!e|Y+xX!PTN0Ju+in|ViWE8}7qKLQKq}3v zLx)I4*9>b%JRvxP53q)iQ zv6Y|~81!6$tH`pZklW`?#Kry=F|W0n`LTIlQj)-k(|YOHt1~DMviQ{bPbuN16?%IU zA!82;IullRX2(@eYzy{T32yEf^YGW3FY@2PiYI<6cZ{3zwxTxS=oLR$3U83kEn3Tk ze?PpcdHox%b``N>B!O#FPqGb%MHt368CE~(umlRrwR(kd-fU~Ho}>MrJR8^CI1AVi zSgurX_eP2Ty2Ihr)leMeh6Lp!Z-z_mS(E&?m+08W6{* z6g{xQ_WaQ5Qr$(Zv2Yx!9_5{A4!GkxqUFXq4bHZUT8Y_^#2JYV_GsZ&hJqczG&aiM z$i!hnGHAtjLI!@lWvGV$W-guzAX}~o7kWuUYtQAwbmJWO_R%qLohF^OLjX&6;+zYL734&nc>gg^vA`TF)Yl4NWiEIOz z^ED^@5c^Es;Qms$5}bFk(PX%tweFJxtoO`(onx{fXIQX~;<6+KuO#i;_G-PN`xkHA zaML?q-wvhN4I>H*eG#smFcLO?%dN_fj)?Nk%DD@7o@`3=3i~8g%zy1E^LM_o-Vr5M z0Wv_%hrj+bpG)2cQ3n}WTA`ldkH_SmOZMAtIZOlX!fq};>BZa{ATio{fBv?htYa6^ zxNEhi|I66YYHjUe23H_;8!iMn00JWGshQvB+Nm%wy=L7s;FjJJWFz-?*bWlRAtF9S{LFh@vre|HnuiCd=-JSiQZPGYgDCn3Y1{=@OZJNfXj)0ykXef%F=Ll z>1LMFRkLmyr`yTvd>8l}Q(wFjA~9!FG*9HLu+)xRS8jOlSc+~!YIB{L;mW2F5jimp zIm>4B>vb-MU%`$3K2r;UgvB86_8lT$LAsr$?93@SN?CO`jP7<}MCPTXiIa~-V}gyx zZ;^%Yf&1{?rs3R0AGuN@n%wi*%HGkqtkjylRZKQg09{nw$qQv_eJT?aaqL_9aHy{C zRgzIjbBz;VsSmc_3OhVWRlO!ZA7)Uz@mRV&T6S*JC@5k>hN*kPUGIVCOS;pn-nzEZ zyKTfI;q_URwPMd}H{0osWStA<6A=`865qxJDELPA6YhfN(Dm|nN4j^HoS!?_%uxzTh^al-~$S?-IlKz%l0Lh zFN1a%pkK;gl5YS0BXpT@KTpYqJgny3&1ydSY^4AyXJe9}TOXEQ_x7@wT;6A<$ZuQD zxiawD;A-=)>#2FB@1l8Aem+77$8^0)OSH*N(V=n_v0ztODE-*5TtxE2P&vk}6bRE>^_N4>7$1YuOrGDg;p(>ax z-`TlOG@*Ox$srfhbYzhs{6l-ptBCiUW(bdl7XCL2z?W-1R$ana6@}ADllXq0|5<#!d(7x4ik8G;7iom$7pGAJEjd4M!#i7+! z{(|5ma>lDTT3{wv+BKq$d2NPSn9S*_$2+I)06_@(BM0Zmo!3I@8*?7w&6o)xx@(ts zR`A@!m!FwAW_^#W@+VvY(hb8zi?>NyS}@nx#+p~1>dg4J)V#ogiA!1RFLboLL{qb9 zznI{--ZsR;`qeYkv^wckq;u-`bMa)KIX5T$scw-6?Bu7iE4&j54|ySa`5ynniPYC> z((d>2By8e|EFJDPktaNLy8giYXaoOhP@X#3f1n^@TPcv7hc<-ALgjm7rC-I*sn=$7bKKV4s`U+xVVw7lJB2$IMRE6 z1lnh{Ho@W82Kg0*!Tk%feT4$S=~B{)OKuJVXgP{d_D2zNy4b$qTXiE z4d17o)cu{J`uWjsXNbqYbi*lc-0)Urck^E92C9rzjd5N(v}QY} zw4=y&3!l)c9?)boSX3@&gfiv#D76~xBi2dv@859>J4`hdBGC{snI33j+$Jr8(y6lsJq!zku;fFlgVGcN>!Vzv|8zv*Uv*i1Gy_F z8~I?KXX=?Ui0@Zpx}MjQ{h(?& zkF#trJ@tN9+@?t6=@;LPG~O1(9p;bhx7M%lXr|Mn^W9?gMzpY{h+i4`p`M&ia}eVu)<%c- zh=RD1TqoEs$*ISwH>i=9NJP-aTfX%UuQ~6k0#bMTiR6WU{Q4w(67V*k`d5U<#Nt6gfhJc-Hcy zYedjPot5*e^WT*02Cs(Pbb8&W)2i(CQTdYHm6l{nhKo#3OeH3J{Pe_X7Mm+Qn-V#z z<)1#ccvchLpBp`C_Ha?k^PFU337y*5h!KM50-u{kUNj1-dEp6@2p$nl*>-N2VtjD) z+htdvXoV}7CT#AB8|8vC+Vho9Rm^DI`?nVwl^qhU+@_%ALC~!Vd2G@@Iq^X-Gu&|y zm-H~3i2vGsrw8Vlin#VjdK@eN7bD-n@sW4X`1)04l-HH_@9#| z+3UDP!Ph=M?2-EUSwl(0x`ti=M=6m@zLF{JbX@gr?o1c|BKCS>?OJk7vQRgrO2X#a z$ONo6{9XoUu5Mnix2pptU_e1bo{Ramsn8lrLZ(DNH<2&dhZq_-HF=EKuPpAZqfjbN zhhd^1>Eo=@iP*M`I5W)gT8sSKNj$Nhw?al&kGVd7i?MxxAe_Abe>+ig$z(O?9z%X# zmBZ7!4v6xJ><>MZ20Ym4=)R{WjG9k6pGr(O^Km0}K7ynYaWMuz_l??*gvjGJ{z3uE z)VCzkv<(eQ(B(!|a=M;s7?6G{TQ3wZZi(;qtn=38Uq{X0>pH<@U-wK%)xGbSsJJA# zf>OoSf}3T&HCA`cO=AnT1iA?7X&`G^mfxD)P1%(~3pwMFi$8Uohh9`l%z2d9}hTJy9pLJoH% zuX&t64N;{eG>-_shQ=Q8e{?^d_nCbz?Qmrq_5~j3u_4m;Otg$ag|Zj4+-xU>_z*LnH;LEfZVYfW_Ob0XyGHXEa{Em*1)g3gQX8b3sAzLcDJ6|W zfKMIlR`j!ht~xTYDYCJuCH{;LhHkCA{j~gOd~Dtf?(N%D=~>vcFL7cOqb#tQ2Lhik zYrt)^H{;W|k=*3j%OBuOZuSH>Nf&DMqHGwSI?@XtYp`gTT;sb@rs^}Xp&K=+T~@R) zIl8lySCm!g$5Ca?bQF5^`o-dTlx)*iz8mGQQ-VgsB8*07*#|=|y?*(RUy#S(c)mzT zS;DY5>tM{W!*YL_+_6Mb4K6R|8I1*(OknBoz>Rk9muR<%>^dias!!jCiW~91KS40A zhPhdJ+QT9JQA*tBn-rd{F;%(b2js`ic7^I=opVx#2aikqIP*9lUnbVhY6^4#c{1W={O+<4Vk6ci{rbL>!%O{!I@ltWs;0#^1Z{>AjJ~ELN z9zjB>7sX``Y|~gZzPf-ksql(#33NZ zjjbD#e5%QYOT1&>AxX_UFgs{+I9DW7-@*k6x0%ZWk`pJ>M4IpU-A8-gaD>@bOb+Y0 z&jw}(8+Bm}U_9>LzKb)tDh82-91HjjiG?>4TEXJX_(BE ztnY_ft4-pqSn3p9S~Jqe9t8xCVxRMehw=(7QJXA?5o4TeBt;TFf*jrmpDxYNju&ov z$*`VSigR3~j!J|@?LfZ!y3?OP&z;irGWay333A!n43qOtnbx|9{MPPTpeijcO&#y8 zjYUPxwNJu}t8P9)Jc3z0wNpJxe)LY8wT{gcOBx%Q!M#WY*GVb2{bOdp*z2l|?P=F6;9omwJtk(#KEE6Krk^wwKLRhuoXy z#=r`^%vZNK6+gxid+bYseSlV%(rAsNxS|7V!BZbTVjXyR@g6-eJdWL&qR}=0y|PP2 z&@QslkgqjtOu5{(ZM|?~AYQLMDU6~%5Yr=>@}WL?@Y5dJtq5)VOC$c&#Hi?)!%9ti zv|Y_iJ^Rd? zID!7gOP^dU=tpkAgxm`>ayr=zzN zcoMLK?2ssI0!GJX^$E*7MO(+R_2O~;~ z!Q??p)WZc`PAa1HIeA5oFr#tPb zo4LX~F=pLp9&C&^3lZQbfc@_KTy6WhUC-${0>g&K5j#Fg82~KBh5NrZ`j~!e(xT$6 zGf+su{523F@vl6M_(smN++|BwUlz*VGU2my(TFw&67x8gBXs(w#+vALO<QFxmKF?o>M`^!=hxP#KSifoAnavs{RB~k}wR6L~a%;_X_yq3D4 z?)8d}aNV}FPr6Qj>iJ^By@?kF$T-JDw04Sa8>4+9;q&=kc3BQ3Y4;wMGHX$$F3jrb zvb3WikzY7GzR9DkZnsDRrNHu@(H8waM4nenW;eHk2~By8v}x*@WiP(qp-p3B0!R8F zXQWqKL4Op}$Ghp6%+4jhrDrrDO3 zz^wa{D$1UApLDQzl(5xZXy@?5%aC;6Do)+=?GABxIpa?h{V+Fw`Jl3eDNJ2_C&MA-*D)%G1-H z87Z8Cmj~6V;g|-9#f08{b`emu_vgJReP(#R-Y-x`{fH$Q&U-IP+`#<&tA+sDe^75@pqZ7*6bqP>@;aP@2M z_g3mI%QKiDWUe&M<1{^JQ)J~8>R>6_YE+qJ7=}oVW~ATe+EO@lk5^J^EF^cn_miq) zT2jY_-18=o(E&yd|4-u~ynM%Z{pavQUJUn)@Ol?Ti_U3!!w&6^eK%rXt!JU5Md$?+ zupSL9VYRL+o!aDKQ$F^-Vhlm#a)webs&l?aj?=Set<$Qz!cA_9ppHRZ`6w{1tlXS< z50ivI_EuspOvi`n9CP~aWqe(S5K_SyU0p{ zB6Fx)4wzo`4p-PUUJaE}d^nu;6wUBluM89~%C(YLO;)_`Yv3K7)KEf)@*X@WI}AVC z5JGNZ_q{LD6AvGLJR^+T;EjqzYPd5I=cxd{4!LJLcPC}18s4$vkN!-samI7HSyOic z#^!(#u=^0R)qeVpm;yu3{Z5M-`&$=16`r~oZw$)c!DM8gzly{H+dmb2uj`qg34{T-luPfS)nq>K+KXu4iOCnrQ|~HoES)TWRzLtU^2^+U=HJ^eNM>T}kYQeL z&5yTv!=qz{v=pmtCUbbR*r{gF0$~cqBD~8Sm$gkU@1`+plG-~7ciUa`Fggb)>~|jY zD(EOr&pz*Ri@8%D#_)1ZVrf6+&GaxFAb+|_-u%oSk@ULgX<`+8a5cP4UgM3i<89rO zWLRl0sN)^S?3`|KyFTNgMbS((3XkqlplLuY()YUkTIg+KccqUHdND9f_S{SaQEaum zKyv^8-e^EYT_`E3jO}rmnM_zTk%%~{w$-j~ls{=N$8MCAbf0}grW0fldEhQswAf0@ z^L*no8BZ!}899dW#!WmPGFV1e#Bq@_4w5<#Mzzf|hS7QH`;BjQq`7$D9;01K7*lHq zCf)#f$Id;2)?AJen%tw3BP=-w`;dS z0yUL9Bsx7GABCf`A##VhW|aa(bbqYQ;l9+D@_a>!e(krR5y9)FTvrdn4;9t^PYf$+B5R12sSJ@#56M{lX0x(LcL3SES|=$)IHvN`T9D!d{V z!>$)OjR;+NGi?%h;Ab?^>Cyb=w? z1s%ZSM}V%Tn+_Y^skrCOn(~2Jw*o+Zbq7$!l(iG;k71E}Ja2yOsNHfo?4<7IXnJlf5ZR#>??Mz`quz9nBH9=tpczDWz3@uPy_ILGT$=(vNY^2WO># z+I5`^-t&a@yEibt$X$0!&?{V<;XQx1_3*NcwbNWy-qC57hSl|guC{n_>8^Ooi6hSI zy@xh4-~B98Xz(-$Yc4}5-=;)55U>z7M=`HE&SOc#Ie$2NRaOob8i>?iA<~g|>7I<@ zM}QfRi`aWKx<3u*ELMn-Nv)zEbT>%2 zTQAYIl0w!jM`Axw=+=-_J8XlDZ#h!<%wik6tdUex^Y_* z(udu+kqiwpue2=7eyQMFn#}t{H0t}eGH=Nc@0agmlgz4AvE#c#ihmyEUi4E(GfJJ#+4M0dRwy}>>ZMNPS-H%= zZoO7y^UIwEdr}Aobsu zZBOcv(11|h`Vaq9$-tip1#)0VG2FMcs=S&~NmT?kIoZv++-lVm=FO%+iRIeMat(G% zD!EO?8Qu1YkEhL`lzCo*)P5c@keme%fa}!53Zp^1f!s(~(%TTIw2=ubxr`Rrdw2=H zh4prz0T^}6+`A{;ysAr~k9&BVMBobYDK?!5PtB}a7U!qf-|E4*{ufzkNOi* zC~*j+``zgI=-%CM2D+lV;u^Vt_Y;|7_&xdi&BO0@2p?d5UGS?b^wat>60ab@AnJyw9CX>+gk*tt&z9 zwJJo}Kn%4X?UY7(x@~M1EVtk!FoYD^8Tf|S6*Ad{*M}h#TF^nkX$1h9@HT5)=!v$z z#-f&nfdb@-ZG3j2-CMfc<`+4zYpW7u7Uf%6n6wclRAN=S>NL#%v-CW%{SVC#`b3rJ zj~-ykx-Z=Y1FnQ>L`_k7=><(>AdGj;2O8~Q+4fXRZ*f3pXQm?+rC0deh6nJj+0Py) zwr06HmZWj^7%~|JxNS~U94q^0nM#WWzoFv602C6{;4n%<|JtmBb{3xE8IZ=5oH$`h z=Ro0tg$VXw-~eF;o{Aw&o%rsqogZ~guf6YU7;21Q+Q6G>9JgSDZ~ zGP_CsvhWyP|1Q-V@*>ZTBe?p9qf`hJfwJvGrFKI0HqHVTD80vuzXY9fa2}CAxs)Y{$Q2%v>>cw{aTC4au^&jI|)f+UQ zws%zik>dY$^8WVuhJ$aHh7dwxn`%D-zK|V&9%CeAMX4_VCaw##uLlS=Hpg|ZTC-d+ z!nuV{7jW2lB@d1OyU8PiR)@~iH5i@Dk$Vo5IlF*rQGbFfH5m}{*I0j;zKFz_ZatK< z*j94?2va(?F?~jlA6Efbdvfw< zWC=>dGAI0i$Xky*YXQgV3kY_okjiCFyfN7Ei00EV(9c{0`tvgY%R6YVHphz|#>)!P zryX+toW$q!StKDh?^|e7433*jATm^R710E*J}XqW<}jH6V~J6FLhi%MURbr3qd@Yh z+<@k$q-n1&Z&URGmEFbB^2#-+*m{Wd8f#LZaP6AsnNtg-;^UAcW!jB`@Hbnh1vHjD z1J?SSQfK>Yo1Jh8t$aP>zFQHr*fTAkK(Mq?2(ZuX4p#cIIRMH2i0HO`+A^(>zOKeE zHm)`?Kc*{>L2?~2)E~u_pSh@6WDh+FwY#!;B zG?F*88FTM&b7CZ{#po$(g4}rAkFu8l?Pdqals?sfgYML!*C!c({Mc>OFgR~hd{oB6 z4!xBOIuXNCINVVPNUB>SF01u|4@3ciQe5P{rr2C z1AHiVwN;=(o}en^Yr@3%pX~C#8*A13$iPOEBH=vR)7-|AA)S@&0}4>b9%9C-EL`$@ zsjT)@+St2**98MQeV$)rk^Gk8ptsuq`xg#g+>mvNV4eZ&oMp}DmbBA(0E7&`1pel_ zG~WF{@%EQ>r>%$*c0^2FKiqQ5D^K>FB~ncDV75l>Ow=o=YIIW6i*2Cy<%(EkUy>L# z0Al+2tCJU3seDdw1QL3A5&IZn;webfDVOClqys_l{+lPrH`ZJ3Nt*=l@|6lKAB0$< zzN*E(tgq5DrxcSbfH+>B@>nL5S+ha%#V_(a9MZxG45t(9inB}M|8`&0mV`UY7XmX$ zFZtvv9Ul4}XSqW+yJopNWm%69D>(=~rCbROVcumB=Dqld(tozC|K5uK_IM}^*aXxl zbKPb_ax+pwkUF&9;@U<3^d(SjOH6v*H@=5pZP2HC_0wrg$kbT)eZ?MWKyc?-w#hA5 zKLAL)M}2sy5s(FYOCYRn50cFEPoPDtiuH>8OMs{5PDSA|Q4Zi*sw3GN^z{*5NS=UZ zlwA!-=jyhN4be{$ppUbifQqLhvP6jPoUpntIQ+z8x;5(V0(Iqz zkfIDJMFSEyA9v0*isEp53m@zP0vKNqLbWxy#%y9{!nah{%D&&k6 z3`MeD8%S%1Gt5Dc<`aiexjQAt1`r}eu%`*gTN8Cq7EUhkS)aoIgs2CY2(~ih1~^!l z6W*BxEDm}DF}btT3{MKn6uIf}A}l}S&!S!KfHm`~*g!idu2;zO=%BF`DAZS@vcbNy z)6qJvkpEDW3D!|%Akt?CXc!S%t5d$$-pAi>W4I@_0V|!Lqu=#_ zlpB~#rg|&v`l22%J*N8SUVQkm4k0H0q<0ZT`tedv+PWU0!&TE5hM#`+ ztqjV|@2gn5q&>l5j}=LO2`Tukh&KK23Ob ztFtt^m?@MnaqRu`2C}wY%$xM9Z{;#|$&3LkVGB|I9zo3Ih)~Xy7F(S5z24la*;nSV z8vGh=7c&$SbtH$Bzzw30iAPvJkN(kDGco&_YPK_A8Jlj#hJDdXV5nBHq4w_ zp?DYs%K0SKVRqzzc4pVjHPSUo-2d$D@GHRBa|2Z-=B}feN7JSMFIHQXF&!gVC~XwJaG-tKc(^h4 zIMdp=Y}|4)9Qg@0_)^W-+ZkqmiRJwL(6dZ_=lakR^k zS)9aMP1kpKC^D~VHSLs}f8S(kkEykh-`jAZxKA!Y@ z9sk>#_`Ms#gMif^k6+s==Z}wx4$*?=Lqe`rmH*^2-{-)`=I0i3$A8V3?>N!XYGh*n zVB&(7h`s;BgUWc%&a&XwcRx|S1&}q@Oy*5{HbY5|jJKTPx~V&nEy#NVp^*SE8X-J&zGnXbFUhUakqvniK`*rKOJ6&xx3 z>N0snu#{lme(Lg%mJ(%gX_s5Shp}G`Vz%-y;r*l8+Wr=dYY%_*N53y~bD75E3Hx7? z&;I@?0~eT43QA87e>JBl7aeFS05Kou`qx$e-w(9qf%(#vpDBCx>%Ct?5%w%pM#&cc zKhDYj_@ZBj5@^W|Z?8fA-Up&YqwnCS>IN2hD#?bwsEko>$Q->z`bP5pkL9rcbS*f41iLeuSOuUo6c3 z2fshJ}AM)!z=kU%m1@7SWus zi~0G#Cwe?$qQ?t+S=Ic5mU$wN=%$XQkJ7&{vxsQ%ML{;J_fGAyAUUtWKKl#n9m-7w9ak?}vj z!G!wZdUdgn10Y$J;0pgHW+b<*zUFFVZuY0!l7AJLk>y8Ef8UKPXe*RkEDdW2{X-IdXN#QAz#H9j2r5H|fNT?2VNR46 zaAR!cS4=tT*p|hw|ICp1G@X_+JSC688FhCG_%QzPgT-_GB1Xe_w=(Op0GXF9Yc#xtzWTI){ zV>t#H*IC6m2t8{cwKQJy>CrC8ZLS0wnO|&)9p-_rBaOQ-M_Jdt;g0@}>1I8mf(!WY z&ELk`X%CI-tlq#M`v7Qr6GA|TGP_Jga95HCh^G%8^plH0s{vf>3zsoqbQXXpiRC_i zTQkD7gE;aT9D>ZAc_735jh9=4bscUL#`;GTO__g{#;pZU>&XxA)JNy+ZkKOGs_Qd- zWj1RPbc~1IWnaD+yIrX4L=ly~Nq5QH+kIv1ms=sPRB>d*HMvBl<#29OT$Nkazn8uD ziTHGDihkJ8U=(YA&LH~Y%;vt2XQhj3OoC-E?@ zXRg8nQu2qNjcry8t;Oef$7ehWDJso0A~van=tufV$`o|?)oZ6!4u zi-pzepkd^5x4_CAY2$nFvb<^m1Y9TNB_4fCHJZ zxbbCBg9vk&Z~gQ+aai`L^>+WHY1v28Oo9)Zyj5S*GQi%in=a z-uB%Ggfl%L>{i;{dLBYb)VXs3N@xp!hdpv|7$4|9+JhwYQaQ8|%&(vXM`kK%=?wk6 zHB4K-sx;raMmia~m|*VXKrngiZPi;b`PDAYu`(fr$JZ}qZ=Ygov#-7yL|h!h6xyK; zlXy`VE3)j9=DlTlZ_6|l%kCt$&ljd`Oc4upPWo6WR7iaZt%R~FQ_V{hs_e5tbBD55 zrS*%P?`X?Bc)y~5ZetcYUwMzmG1#VF+UhxV4_*fYF2`KesEwh>CF@$|^aV$KDl(zi ze1!Kq0+uU1O;EIS*;brMw*0lliJ-z^om=+@9aq;I(E{tGhD1gC?eNn{+n?VOJWo=k zjE)3zG_n4*HvaX&S6oCl;RcIE{OUiy9I+SAFgf%AW3vF1pN8Bsd4tAnpYF9MH}_4w zi(53|x<}86GkhTnp&lKE#&?dUa%!8urZ3KjJSdXXLSPez{ zzD&+@PX*YzLM>B2RdDtstx4B)G{7~Wq7$?}j6DhLyVHG=Ism_jnH?&Zx# zj#?_!8)uE!`YtfAH;TIlDi}ANt&SM!5>xnkR)KuSD!Y7!?t|C|>fNq7Nv?>L?I;TV zF`@mdmjy2K@rgOn4rh7w@Yc2{WdTK2>PMsdF${`o(jN$=Gol{}28XY{tiN7t$-E8G z5?iZqUuxvGtCcp(#sSEy~4&yBSduy@yMy~)#lyF^V;g=mT$N} zuC)uxJ$Ldn%XydWpW$&_E%z7J?ptNHGrHDFGkdBrWLJvR7H8%bd(ARdIr$fSzOz?p zHrEvX7I5Zm&QZ^-qH@bNv7PqIRL|c_s(nq^fVo>QR z08{O-y)8vZD(hbieo`Q)fIF^Y#Dn04#xV#FWvx+Oa@%~J2f+P<34QDQGC`44Tvnh< ziLqV41K`aSAZjsgBT}>SF-#Z4b1r#reH<^du2!6o(|PnxyXb|V#FNk!=dPqjTi^y< ztn-S4R5GeN*{V+*bndA^&O;{Vn?rEO7;Au(_ZmX6RLbdaZK&j5`rWG*f_>^!3a_`|JFKcGc)c_F(PM2b%z9kr5G7B%MYjy|1H5bKx)@(dK$4bnr zfq3{dg-+zi*?QsjN+%-hGvT%0J;2?<2V_C?M53GyK)81A(iYGd@om!Pg`Ywoww(-$ZXwQXjuQviL<~2dfSuh%js*6 zDeHpD&)XvQIT~LgpC)r(0OIzfhKkT4Z^2Hc5Q!ZugQEYskuv`%jJ3q&tG-oHt-Y=yN-5j+FzQ#E-x4N@p4y5;HtFTM^y_VXH6Lu|vpX=k>UH5tblXbL zUq9jRHsz3O=Ur_Rfv;zpRjJg!pMNL4>d#}T)8=BC2w%QvHKuqOmAq)yr9V^Py&=P6 z)}b3*vUnQIee}sn(jb1~(s*cv@JnHU=X9_^x2thxx$?;@M*32<_x|%O16!-=GndB( z>;u+v@4p$>%9Ub_kWC9N_PGD#KGfJm8A&BCTbwMe4=%xOC~&f zM;7rj+|Z=$PbwYiI&LBEv7uvgm+U@n8s=Av&$+exP?>!rNax7CovKo}*HzqhT&-a) zw`5e|q9P}b<>wFAP!C8VJ-*rk;hrHa#oZjQS32E4v(lNR6CMpaQ{%M+_ zKsiEx7N?iE=YqCSweK*fBAm`SqI9*2QD3O5!Y_RpX#G?Wg*8faXMQD>?6GNNy|4q? z+D{gK^USM=84hv-AAyndiNp0_XwUk>dWfFDa~^$0)YF&$gmY zeb2qeJ?4ktOlA0FP2vT~J7eYByweN8y_SpI;b#Hjzqh)-k2C)|=H#FtPM#ex>H@zH z>)4oIx5Qh)oESm_AQq`JpuDtiQ~-v)Fjpan2O$nveYYp2FbJNxgDrC^C=i^71M#qE1`|obfKlcxnh+ck2qk>1QFO-% zgryOiJHFI3VsMg5n^fYNTo}~~qnRayWB}s{56ucHJp|&x2jV=0CfMs)now!XVX8B^ z@t$ZZiN=rmCUk>{=Bsk>hl-pRgl%T)mrJfT4awZ-5ZXJwY zV2FUe5J;s(FW(h~9)ZaI7fI*xnx8&FMa}@#T>ffqr)s@me_28O9P5r#PwSg~)P!9p ze6baPF&pSPJ*lEkwf84rD=Z(k+Lh9OUDHPHNkgvHKVSgZGnVT~(J`Bl7g8Itly;J$ z$%UhA`TZ~at&z{=Re2z0Ne_L1J_!sch43)w`5XWNVn;+Za@aAe{1uR(a7k4##8oGs zT_Q41ot<0eIBf8*3se;dM@aW=tEhXvAR)JIeglNbUm9J{zB&Rx>)@y6q`fpIk~CES zCI2b%Py$0}0qiT%p9mq-^SNPuX*I5xbakqjdX*~ylcOlAlk_NfD|d6^`eIqcCnf~) zwqvY@;&YFiPO9LrN}b~~oe>)B^=IJD2cap~GMe|I zsrNuQ__yB4>9;49qFctx6_QTli+>E(PuH}ICkICriAYOL<$z}eFF4;Iva@F0lY8yf zlIVzyr+ez=b$HmZX<9O+v%G339b4gUoflFs49U`^jJj&?dM%ox@qNyoupM~Sle&ee zwvNi!9OOuZ`S8z+3DI*_`MMTWi9HaVQ|Ir>q) zL-BniJ6LxzbbY(M-wI@H>@}8X_m#>a`OLRP9rwhtKvCN;4FdD}H6!U1vz}QQzMy-g z2fI{lcSmU8=-5@#>ZbBWz8wd0c2TjQMC?Y8e{ORGduj-b6PK+uFdVnDRS3RqGhz5F zqYbAIZ!Sl%4;5txe}_ZwCv9!r_Jq;Y!?1{5Rt_r(NU5^KRq+T2w))E6OX%|Kyx)eWir~A`%Q1-# zY7{D?84xt)G(mPT{9f2hi_L35J`YD|9kGR@;$Lh|MW)`aKRv}b)&=fE9y$|AL==zOD+A4CXVW2$K&Ot<>x z@MB6|%v+ql%{-hY-}kigPHHIlIm7EzlYL&oK+CS|+*@;MSoROyF;HX+NMY*8*e&;AC)%o4!X%v(3v|PjFwJ%EW7Ro~U3X{;h?-TNAuY zL5RJhC3!c$ujImm0EH<1@@tUx479w}h=HdTKUx+^%yqE>8rsD%`B4mwnYqy@zPFS2{SFt5V9@ z*O_sAQ5D0-{xAgaQ#Tqn_vyHHh7@L4JT9ac_kIl=!kD(L%RNU+>-Ad50TLpZ9vcWlUj+hom{cOfUn&C^s zXHE_(@)&oCq~yK`88t&s)`ZdAlF$WNUWiMptG(Uh4@dCv1Z;!$QHZV)VnEU)whLNf zHNo1+l#@crUyv^Ex3#zu56JY#6F-Rvw|=6-ihsOC#}W@HRV(lcqN#b_SP@XNx3N=2Pg0e4wb&KA~c}idh=y z_w(!dswuiJauJ*G$Kna={h=m^@DOXZ-nyi+e}+Y@cvgKa!}DP0AI&SWgTc|^qL_Sp z{!+Hbk4wBL@g+HvENdUBRjp6Pvl6%=6SpE=X+EJM!uIaDHnMS~P_+VW@ z61;8gt83mpL!rtHImE=Tnn}8=Jc*3*z8xi-`uEo9`5pZ`C>7u4d?c-6PhOb zdg8$+j$-l)P1`P?fvbfK$%FTUum80@H%WhRX z!J&PO(O|J{O?U2ut~TpLP$qZZT7l8T>m>D1y(jEILNce&=lK$i&o5JV~$ z1n1~2%y*X8-0uaZTM3?)Zd~1C+;vs-;^%eQpYo@~-rTJOX@wJXdb(aM{xlA$pGc*P z0+2&ETMcKjq^-0i`LcM>?sy@%+D&B<(2;H*L^gVWan_<#KnOMQoU9YeKC>i+?^TF) zW>C6`S0En#ef}gO6c+D{73#V))plsoex$%w(MKQXXzbBQ&eJ8fqlSAF?vGMG)kxO_ zGN2Z#cE1ZlqRt=;3vKi^t-{@G8R|h&9h5^z3hJx=a9`nXb^iWLv>ia^C5^aJ`Ey3JhUAp@?$(bhOoKs zGS^~~_(37I5>)S4Wp1=PWKuwSB);OmH;;QvMLiFrd1s##cd%hB)!6)VgTBpnF}@Rt zWzbSN0_u$=806@N6&nL~_dwi}2rf8r? zZ2dMg4`eAzF~8$o;5WIvJv%4QoFAvnmY$puz5A_`ZU2_zxxQ#kBvj}@Kn1dW2#ucr zD87a0OW9cZ%fLmkY9Ka}GlX}0K4;A?Y4<1Yk5L4?K}J>yZx(H%hx&b`@H4n>zqtv{ z;=w6Sp3;#4=EpV*nmQ{17O3|m#lKZU#E2S89yRfQQh$iy3t|lP@+sk>-Ths$J%m_P zV#Kp4@2~iYkB{JM=<4&DG4oD2%)?Ol9F{kkgnD`h0t!Z?w%rk;K z4A4%WhBIa)EIg|W2zMpbPVo*F6P%(TxG%)cghMdv14T8e+g(W+fLrqT&WBO+OL|!t zvIQuX^wK>kS=^<%)h7h$TTEhfszu%!V&K|Zb0H|Jcp~2FE@0XAr%RO`r+k(?nWm1G zj32DyykzQbQiOQaCY)k)%lD0ny*}cKOFKz*)8wE{I8443sbnU<>g%mqsaJyg6qhcg zw&~%AzU_sc&HEBmIR=SKE8tKJr)pr z$59Ss^D4gr4v87e#l_I9c|PDuj2j(DWodeaN#MFZ+}-;MWI;~?moGWnQMR+Cjua41 zeFyDk>Xm7i^?fkmiwIm~d>Lx6KiU}6w}8HWxTQ#_Qmr^{yk4ytT)9kpc(?;o7533h z20OiEwx^U+O^i6RCZGaB)p{{I5H+cX1E0Y%LEtjCkrdLBBm-{57wh9Y99~IZLrROXg1hlyci%fL zS7aa5#?huRSvm-Cv*QFjX2*pKxoa{9lMp+oE-=W3j)}!M5oKpMn30^-FWI&E7OW+1 zdzk?WdH@fyJyca!`)l-Wz&hQz^H1dDtCtq%aU~xMd1tBN_#b7Oqjq7l+3Ayu7?(3( zJNbZYbk4MCRad+*u!&Fly?nV|oRTyH;D{^8>!d z=-zYmJPR=#F{bcj94cmiO$cL4t!+~fa5U%hw?)Bn+#Zi)D!h_+&2<|lJ(_hA@i@C$ zhf%w+RqH3pwq@1-b`LQt9~S=gQ{ zGLbswS$K{eYv%V4cseR#$_MWLl)#9`A)iB*WtvpoXy%6w+1HoKT2V*7OfVbiphcT+ zd(4K?((=~1!;mtTi=dw-g95^OCJLs~1haHI;dT_1Et@_ZR3UgeFm7dKeJyWaI2$Rq zohaoTfcjzGX_E?tGGq%l6MKPbhMLSA+c&dw*c?ILP$x3_k%#sjrOxfhNJ^;YK2R~Y{cZ%WCyAMg@^IGb%DIDv7Lc-rEf># zJUgp!d1B*C1`ks zUL}6J!YLS7KKtQ=oiTr{H$kNv$4wsk1gjyPesm-K}rBhDIe@X<9BL=|2Uv9O~f#;m|i&_svn&Tbra{yYjjyR!;!dg#_^um5>hRTp?GD5Cn+g2k5=*V~pwPR=-kXQDoM>p176 zXf6a>?oUb`$A>(}!iF%Eih6}0zipR+YFV6`XIhUqj419Mig>D#j98_0+0|t^FOOq~ z#wk#lNPf6fTToBNb=8Xs3u*Ep=a-}#GQ8X`@L|h5GhyLDekF{Ii%m}sotC;B5O7z zKdg^Lz^;u#HNTZI?4(6n@>OJvJCabaul8t6F{O*2MY3I6O&Z)r{gvVSb)Q$snbVf% zT+TAb4D4)5<9rG-X;BjkMKSfTux)mnvxw?4jkVN|Q!jl^o6_rfvx54Zs=46LVsNtg zBF6b}6Mk@B6>_`4YcEF*!z8HYffF}O{ZnDIWm)*XQfYFrXwhrq%f6rJjD`*?@KZ5P z-!gtK|Ncc8R90V|g$J)1#La)|9!{JVZA!aLD$$qkkgx|vJ48ISu5ttQ(>~@O`CRqD zE01s!=e*B4qv9x|1Hi5=_ok=I51oTj9CsNpCqm;> zkSw!J)=Ef^IhX2vG-is^XC9lh2rAnh5z52yhBO9L#w&0$Jj&*5HR}B)!&C+=1~ywN zYems9W?Bf&X{nt;K)Wd)xZ>GqCb6(X#DeRVmI zqf08@x^pHaAZz{}SJ#(?RbX}0VTMM$t=Wt823R`2JAuf`!2~4DQ+H#70EvRjdicTT z4rwg8c}!w{in#y)J0nP7?sR~GIyutpmip7rU3bDk{hPV^AbVr!FNGGNvDY5NN=T|83Ry?QguG+|+8DIbShgL86YbzUY8@-2%CF^IW@}*2 z(m{Nm$X8nY)4Qp|?hc{DEoZm6Lye1twh=ey%a_aw$JQV7S7R9L=I5o)7uog3hxLvZ zRJJnO{cNj!^VaM(N>)6%QeY1gtCQ|SLmf=Q!{}`5@q?ouIh#Bf=pE;7n)PM79Ixei zmGD^10>)w~$Pwt87Dcw%63o)OM0wxZD41dB*hQ^l+dT=2-Ukw3Q1#%oy&WXSLe;}g ziN{Rr(hmYtDpKK%E)y?e2BusuTPx*6u4Xl`-p2Bhn@{iNS068CPu)3qODe7$OF1yC ztA>J@LdQhBQ{Egt-p3za87wS@Sk4+ZwPEkOJ(nnx@*a+3wO!J zeXz&6(&wD#phdBru--1nB?-#8<@L&L@ZMI)+4nhIj;r0}>4K)1OfRSRl|>Ocg=%JP zKZ?4E3I4Ss`^y8rPf8y;fM1u`C-eM#`&-IE*lh?SjofLAgh&`*A5~>4^YzmGK2-Uc zMvA)NazHG^M{)1^f5<|Xg0jebc#}!K+l-?E6FM4gikb-K8+>#*7sg%%iVCOjPc!ak z+L-CK%L>dff@%qq=1rR>G@jD#Q$y~G;-Z;3Ob!S~_!st`aVVWlOTMJX!={Bxe`$8fJgsF7T3M-4CC)i;Rmv zB}%>mj7B&}`XJYQ`qP~u>B0HS8f;S3)u>bvL#EB2a(HU2jZ5If<1s#19;iu`Gz-m1PTFqoX<@DL{lzfJ0_SK?KkODjM#R(8MXGn~Jx-Rp$RuO>I}T z`kC>jh5KbuSz{e8L7YyqV$&T|e0MA%|4u}%AXv*s_6?`M=4$3YPu67Rxt>v=gSoX{ zY(++>i>8x)ddy_{~&MFY-JLqPW`*#hzo4JK^qinPV_mKWciXsMw%_A1}D-20P zU<*kwG#RAc{HS@U2ka;e;(d3cLO~W-i2~d%?HCJR8f(fi6vI<&j{rX{nCUaA@!oVp(F(KCafY!t^jdhZ0VV zt@VEGMc!b)1`HByKE0{1P#tkh^d!Mk4*Mn{7MQn}M$98&Z2~Qda<)uupW|)BGl1dZ zJf-wzRxdd|mCu**W>}XpsCH%YO%V-&8wWeJ;Rw%Y&F%HrxpiN3*F_Ji)NFryl1(0A zeqze_Z)Fy8NusgOIYnHDPC{bG0iyOcpwiX0Cha;VSG7+2m$LI)h4@`e0*G-tEoYg( z#hAK4LBWs-&2*kKxsYN{wbRUIOgO&0D@;SrdZHpa3(-n&v!;vKq z<>UdlXei1tgnkWC1;R;vt|BP(CA&5xBivHF^R14wW+qV5w6xODlk!=o5FID_Quo>R zW<``$^fHTBxeJZIWG_hJ;0J>-o|02)roW`7S?;)FQ!H)5egk-cNXN&`iM!+t!~Y}3 z9=}cHL$kG#)^d*DEF11Cong%y5uU3lB`SFy0$N42KmTOlvrWDmY|g$;;j_^@j+$Pu zUW?@tG#Cz$<7ggBZwn<=?2HD>?_UE$-y6uCeo+@_OgFvl?yhzQMu*%qSfH7|XqyHT z>_!m+l)17RNi&I-2T`+}ZwRnRN2XUe8n!fl20Th-)Nn? zV2k!g+TUm_Hk=ag_&bu;6z)=pG^$NstP4n!7$|RbjxJ%lu1a&fx2zt7Szn=!t{Uq2 zN|i0nRfVV8{SjrnkOFzj=vBDOOr_Grq=Sq=__*b8UF?aCqv(1t${B*Bu!> zA$ujO`zD1nNDgPp>lx%ma`jie-0G|>+|J?{i^yxyFHi&N=?TFTE7214O#aZjSoeY> zo@V7=RLk12tUhyWq@^+ydQm)0>emwWCsOAa#CZc(qtEIt-4}3v@pdg&_stkN_Ehms zza*IDvH6d;KV<>gym z+e_<2*7vC*EX(A_CBXn|{e$(`rG3{qVw3pLzGl<@8qT*ox8Q*^p~-t&%78%%db~1$ zNM3QDbdbSc@7!Uj^PpnRy+LJNM9(TjG#f{`@A+07T?|m~>iCYUA0&GnRGaOEYWEHD zls4*kx7A%`P|iM6j3o~NoI>q&xk{ehwOa+fHdjL@Sy=M^LwkT1sMYAnKomYJT2TbR zk4nQre_I&@d2<0hof%M$Bya4?wJT+qhSpYR4Qd5P)neZ*HsUw-{-JM-W)`| zV{C)!bf5je;;7r3Yh;L%`h5&o52(s?%XA#7b}n_|hWhWOa~cI(jARFKM9J~TMMTh29D7nM<-?tU6r}9uAHD^TN@r=fQE56x4JqKTxFf#V?HJoI z^%$SjZto8z(dcw_U;Fzy0&ty_OZdG@fai{Kq=E;qIZ`n*04C&X;eakDhK43{ta?JL zkE8Dtuwqm`1;jXiwz`NnNP-NvA-Cs>^qzib7JfU~WwpGc>?t~Cq?7mkzJ7=dpDr!u zy#=r$xx-r5`hX!RaPkVc{8?t@D<3-xhN(Bxu12t^=V#i9wKtV*W z>n(0S*?d%pt%Sr({wPWl#$mOt@iZuf$vNCFxNf;Ty-ojO9QiIm1~2U5VR^&?_|*c0 zD0hGT*E5LcoJP>GtX~1?3A=r*gvZ5IhgB2qQ(Nk%Aj_rjc-miDBHR4*WFCv-1xn0^ zoFHk^W^(^0L}RORWis)IIYxqMX8 zStd==nTQe}-aW<86f{|3PxaL=vWwXW`)9N+%M!Z&4Fq{cxS_OsSew^)*Zl1w1&}9{1isNIk!|hjS@d2@!XNrmL*4Dx z*RWY&nsyCV8TFL2(xX z={r(WBp3fyUH!RN?28r#vBg-iCTEgRcAF%9C?xB#3n4%^59;7c0Xp%d*IQlIZG*RV zJnD?@GoFW5Z+QNeE)s};X}}}~+#|;92G!~F<(7Zg_|<6>|DaL^PPfw7Dt0vLk;#C} znmT|(fQy#-lX_&EIW`hR#7A}?B)J|8SWWLY?u)eUX77@qbkM2+GqN)Q@$kb7`EHr1 zI{UO(NsQ;Ysm5M9-5SBCQEn-xa0`x^PS62B1+oWx!c0b_0f_?P%+N1eo%^0O^ zI_RgZ4ld*R6F)Ny$~KqX>d7V*bAAr8uHDFMj5fbevJIDDqgi4cz_atK%b@LusP^`% z$0&(*gX1ibZFGrJR=@(bwa+mhR@}{bo`fknZHx4AhH}Q!AG0>);2qcwXj`y)@$+O#RS|K{61;IsWM>jjXs-a5&lP z5iAyB>3*4QTRAmh+hu6rB|B3lTV2b?rZ!jL8@>Ag%2eQ02MEzF8%okV0=bN(m!}zd zSU}Eb+|-7p4Y);fZm>RX5bcg%L3*N>$2Yf9!z0PPa3nH!XUrmosIUBLOy;eFe1yZW zGP~`Pmv3idL<{Vel#D@4XA^_$3cJBn+?=#ug5U2GW-agX`1f6%6`pq*#o|)aGTLmo z{?z7|zjMP&CxVTzV{GSR#NL~U%TGwcPZu>qpo;JGM_$THkSR{3s;0RzEWGRp;UV^R zduzeR3fsTzCJpfm>>nb~pKEE+Z}+11k{~d-f0UkkyT!nVAQJ)o!0W&uwnfd-z>t~m*pv#xRPEM~sg+G#$U+!lQi^kUQizB-6%?M~%*>gNu*JvD(P5Ibv^AR>oH zG%K4uMgyH+e+X3!84&SyGwh1_I65mtDt^VPE!pjk%Rwa?_gi_;zMb>DL1(?b@G9 zb+58!e+@zG4bLFk_~~9>S03GdBp0w+y-hODnR}7@$3;tW``Em^ZSN%H+t*vcl zoKMLXKVo8ah}Dq2!Y#0|E#@+L1=Y{C0{#ogHPAh5=I@E)O5rw(vY48G*dRCm+qWd9(t}R7=Gyot0&Dyfbku4?^W5Cg;VV6uA zHxS?C>TJeMRzmrewreRz9mzWW?;%-+)YXs{Kqe7x5%o|Zgf&DT9~Uobo1gs&d$tgJ z+?bdf>LA5%h93`1cs=BOvtmBZjNfgGZ69t&)+Wk7=*VQ*2hg*(WFA}t8dpC_Pl1oh zJ<(EL=W9p!q)TTQM1#^J8iAlR{FGXq%6`qL_@!Urm~w3=xD0kTD=!m|Q7jwXBA35c z)awBde2zMh46if|RfnnVG|i89Le{$3a5-0YL__q=X09lG0EQX&0|w$EpYVL+4ETiC zB_TK2nQ8=#inA!lHboj*B1j=vBW*q7U^K~#C$wBqua_0;LrB0EoJCdeWj}P5XkcyF+#q@Gw!Dzk z!DS^zE*Efs_gz*|f`nsHgNBwAUO>7u9-~H9N>f*d_;TBRHLWlsN6mb>on=Q7qbrhK zIA9#%66PYG>*`jNvTo9wkM5OaZvHsP04z{9$?x9>-G3<7fbfAyN74sl_^9T{Nt>Z% zQlSN(g($~>B@2(k9mMyW{cra9Y~$+r+@swkd}vY08`O=0f?R?}d-Fe{`8M)%6+l|T zVTb;)xnBJ#mD^R9T>jmm&3S1KNS=%@RV8i*J=-j<$m_!Sm7V1^UAH0I&-^$Lj-kn0g`&`(Hf(lj_Hq2P+B1F@`BgY9Vv+)?)I|A#LW|5n zixfP)H(Rfg6FV5g6z%q|shLP&#Xk>wU)IG&qSq8!g${9En)IB_kO(Zyk8<%+NEKK+ z+VH2a*@aBz94@wPe;h}6Fuy4j31k~VQb3%gb0nTsw2Nm;1hgYeKPyUzX)SykbzWVr zcE@|413l&Dz|eoJI2X6Fv9DpZ%xK1G_G7U-Q_-9}zC3>^_N*-11+6(!qQiHt@hZ%paIC#~IcJkY(RIxj z$CaUI=ipNBf0|a%;gn5zTj*JHpyzWf^9lW*KZ_7*+!AP~{GpA^p1r-qCyz+Rtl|ij zcRqW9(#seXnJ<@#X6IwN35fY@&a|g_JyjG^pDM`3@!R4t>7LRt9m~I>d-Z#|MUuBf z+wj_so!>w#XoRC%UBwvIaQvOAwkgqD)wB}+T}ZQH)44#qHHd&iQ-E1M(Vq4`u*O@d zMUlfc);vToG+I$KTHGFVDiQG{|JfjiIY8m(R?PBlt42}Qt2$kgT}Gl`{I4%9>Z9{& zfHZe*Ns*2%v04;LP|bh7GvJP?m_Y|vNDyCpbU#8y7IC~}6~u}JAz$cw@Rp@Oh*DsA zVxw_?roJHG#bo-is|b3ZhI)+EBwkg+GYU;EjEIDUfPHwk72#+E#5BY&0~!AM^?(!& z&=$l4e1pOhusB2JsEC3X^NP9fX%RKO6GmjPWVF!W$KP^)-;+NE6({^W0+sJD!B&)m zRGf!V`Wp`w{M%DR^yU3l5OMkJ<3p9+>$(VKOpzvgl|6kN!pA2MY`OFvX?hiX5qVl3 z#)>>Vnx9)O;&@cFb3!Vhl~iL%v^?Fgd~1x+{$OvH^z(^Nui5zPJLFJgM&Oyc<`s3k5-@!{Vy0 z9jWJ$?U*T*c+l<+evH5V_M3{tmr*~%KQq&P%uiNQTI#_<&#qJ|-zxb1o25pjg^x%B z8~Vij`FTO45WqQz2&kSr0bGY1hV!uGJ!z4?M|n20_vlv`T(*Y|7pwf1rvJPt1p*HU>` z-I5wUYn^zj3$qPB;*rhrxv@^Umk$|yUA;GV5gN~?y zoyp#5wLUtFQ?e)_*8|~ht1u+B;X3ZMlI{0k(Rz!nca91}u9tCPcIP9KJyC3p@S((+ za>|KMPVU7gx$?2FKSZpVzv$!>x~(JXKZKi&q$-$8~)B&g~UR^50Pj`Vh^8VCvIaX!YX=1dPyxDaT;DmPWw@|P& z3wVDiMeQu}C^x~)x-1&iu_@0IJzi(07tVj(s1x0DZ=C4cJ`2HASv#pEsdrZDs%93+ zqit3mijPjeJ?pcsG+Gfb8_iBj5pbO?9TnUaM8#mIdoTl3^9i*I^YiqP#cK7j!(O(_ z9M|jV3hyCnN1cAHwzy~CpDtL>iU)+=Oz)ZOJ>8p;=nOy8QQH-9(!>KKB4z4q45YVu zZ2K)Jq=&%Ax+$GKje>8FPqx^jJHs3by6*c8mbF~=#1SsIZ&)SrT{5V(daR`3?rQV6 zNf7oYvjM}=kh`CWbS6$0zdvA#;qi}kx=K3!4N=ubwV?m| zKww0B&a4`_))!y2H1Bcrh8Q5k!vT?XX21sjKR)IE-$h&_%(K+)7jf+f!Sig%PQ}Km zcqaTV#tduJA&VYFK34{V`fy6wC|iE%Hw;?*wm!*&&%z5)j=eWS^Bng4?TKMaB6V5I zVa>FDxdW2ht+{YI@Rxeo2QJw-A%9lwtH3A;}NwogA>*wdGT)ieA} z0`@EUwMoz%PQ`~Igf0TZ%y+|PGm-x# zoM9k=txUD7Z8T>TeEtf2LtJn^{5uJKde4i-i%r z>q4X<7=wuh)1wXQeI_9uv$e`)VqA^aQ4fz+Q)~6BBOvDvpQ?6#4Twm!ceTt37R3D8 zaiXl=sh7Ch%r^?3z*()3`#O;S`9b}6$_f>_--<^J8s=aP0wL0?x;2EH-JZuDlt>L2 zZ6?U-Ef{eXE=ub{@UMJBHEK-Rc^-kuz#|##k^Jc#1Yf|s=2JKuxe6ow>l@L=VM_HK0|9Ir2k4ptRjf8pqq^EECR^SV}N>DhiR zCjoVV!qywc^;E6;9eT7F4@h z)X%Z2mIh&;+{+4l7MXGFUeKm1%^@3=-7|IrSVPe2chZ_KqzE!sd7SOJQ}*ON2rT0L z9EdG*zU(?ClKE=F>Zj^%GKBC}M0(z4SXAxWez}kq7NgNZAt-)va;DJ}HuHc(#?r#d zh46`qTtRj>rI)s)wEx%<*TZ4TjVmUjUUhDcw!dnN0}CLbxxP3B=9K(XO!()ExJ>9* z;_zch1N1cpHcs9Wb%{8(8wttBe(yJ}rfOV$#|qC<%&ng|S9&M0Q`VRlZ%ugxyjuq9oM72&&{_o9UDFyJSII0cQLiXY>uQr zC8t#hXvuXdltoSyW-}qSwjOHK%Y$&KYM8M<7OPeP^_LL^_AT+N_k@-;FQO~+@cX2lS)!H9$l8(ugWHmwC%eY zjp_~F+*Bo*C;+p>v&B7$E$VTuTrZ;6nz#H}mGkt%&PR@q0ci`AlRn+Z`8Y|78rc>! ze>HnHX0Jb6_sk~ClT&>fw9~~#PTSZ=YTX$UxvjICMlT+0ah=IsHn|I!+msDB-MwGj zRLr;V&_U;Ti@T@sfBE@*8z5RmNK7f@LUp!b;W`3d=?5lpZ=e>`Mxo3`*{aw@LLO&t zx10X>Sk52R!jhX-x+R02v&7B4k=F0m|B7JMX;$+}KZ4w40p^Wnw@k8;R2g%p)xAbz z{AI0k8UbPFou$sxK_Hp{PjVIbtlL3xwtVb#K}f<6I=?P=)V^$wN21!y!i^3~2Mk?0 zb}Tg&+WB0LNH%M-sF1#IVn5FEwcXZwxOR5r#M;qNL$A6%b~%kwiz+xB7F{xGu~T08 zXf;wz8%O4ZNUnR(D!D`VY;48$uT=d;9ym=Q3!bH^|0aL^SFHNq%MEa#Xw`G#{f%N0 z_8?FKaDcd6U+^&Lv(~0SoZkfnSQKvt_o!q)Jqf>kg(5PWt1C4hwfOeZY^pR%&OKFx zI9BFTDBDI+^Z3#R7Ujok78h={fK2y38{8P1m=6vG{8M6@i1CW#yhQ%6)O!lbxH(_T zRKd*#A6_be4Hq*WD7Uy!j5{n>-O7$9InFk^3hC7v`;QgfLJ&E}Ih+`wIb(0Ib6{x&Cg-)8{nGo&1^ESI- z0FLSgQP~{3>k*NinV{nc{}xcQ6k1=6X)0fj^XUxk_!gl1 zb@EpI{#-MQWJTUPPdQT?uV`Y)BKPF+f zFS1-GPm&*QtaT^ODCdeA6lifKI;Uo87G0v)_PBiN`SKHBe~f}W_J*G>snn(b|6bon zjvSqCgTqLvZlg^40sv^hfw^Tqj7Naxt2%Rx0dZ_0wf@k0zKID)tYV|+exv;6h; z&-%d5Sg7MapYQ)22^MS7GgG@0b~d@|iQXzv5SS6{C12K+#!A?MxSPM83IG7- z$44OMUAw{A^VN&$q6+VQ>vO|F%ew=oxyG!OHS*7M{ql%`)WfWR-fxPK@*-G_mzbC4 z*AbBkK{2t~)sAJ?wXvQRKtO-HWSBFU{A`@#?B{y>VHT%TJJnRPVG&hk273!4ROWM- z48nK{7opoPGFQ^EHhMnk>BdlP z4Q5Lu=lI-CF__K`{xMfVcGM$r{)fb{&%SY^L4FTr%Mr@*s9y>A>h z*%xpnfz*X<&04oTMusCBwAj7PMrkMhnBe0i*#J;2UWvQ$zbv&$KA^KIQM z*+Mm8sLAyR4!AZce|;}jpjI^D&AA3N+ImgWJ?UNltRjKDTi<}A!BxbkgJloi z0{su=MklKXD_5WY;gq;SidNwfk9IUMx}HWvJ@zM+dW{6(P{Ny(+8%YsOI-M$v#xi? zN_Tp2Njwo&nKhgl%~OymxQg%^zV7fV_;aB>=(ADL;Vm=j#-r2u$y1H>a9}NfSV>y-)ZUe8nDa?PVNm_q zR+C!Y4O-{HTgSL6tJ6612eJ-b$Phf1cdU&=$hOC7=yJNB9cEqsJRb}EFIePCj!Gan zRJ~LOx!R-apa0r^{mR5Z5e~7OEY-#DCO~{LCL~K2cAqG9Q~vw)OCS$h>ooyPDE!ij zCD=8I+YEjGF+PJrOdOlG)a;^2C_yZ=GfO%G2CxX>OFtGNLiYOftAgDbfL)a{0kOvvO7Qe~8K$kk6(xoZ@Ir=GWj- zSjxB^m!fWcJhygT0U5+eC!8Fz_p8;w$^`VY+?JmO>Ev1!`^2qnTCE0}ALyflF!iN$ z+A_-#m&-2_woYzVlZ#_dDFd@vPkS?ui9AN_#|~096^)2A;$YmbaJ-CoXqM`zS!tKp zq`PC}xXILzX&tiL{;Dmh`` zUZS&qq{SY`HOmWsC*BQH=R&vML-xtzY-L9old!6Zy|o;?^BB`0+lgI~ZLg%Rzqcge z{oqigqgSHYl>j@l`|AA2=y17XBu|m@95ABMCG^c#tuz^`+1Va1Vz_hs^6XEQMrY&{ zF*u|}F>*?g?Iv=W^a4EAl1EK$Cxx`KQMAjCP#?1MX*o|fhb10iljUoOnX;;vrcgCd zf_DZIUP+W(_!H^9EkGJ}h3`J_Kj8D{4?>*)HlDDpk-^*ACsqzn+IC@4crTq?oZrN8 zP)b(!W~eJLn`Q(c*PNUK!ZEH}s-gPF7P9}8C;YFRfyx{YK?q)Hc6VOe9=Bj;qNdq# z62e3dr(D)^<*k`6Qp-lMCc=l1+RN=>7HQ!z*TAvg``y!hwKHrdN<@PG1V;%cJ=X^# zLdKumW%CoQT%68`_MZ>Ess+0azZ6GxUK9O=SSkPyLu#N=Gei6#-Q?z!U{L5KYCj$z zxc1#4eabm7K%|&11K>&yMApxMV&K^e#gFk|!}jm&e}hiS0F&SWF^{=w`?KFGGD>gY zvsGr%@@YbvK)_k7P;SOnE!8L&mknosmNw$+v^(7c7?@@obOaL+r+*WEVq?CgS!vt@ zc#mmDAgJq$=jii&i~}Y&xL}>i5j`XVUkfz- ztL_&nxqH(k&h*Ewt~8thB4|TNz=b64v{@0!PQ-_1`wayqow~0imY1iyr(W%$dozq$ z_dI6Dy65#y0N;a{-dL8Rb>P@lL1HxTHX8L2GHHDM((ZWH#;Nj_l*)N zA4a6BzDmc3{wdaNtWl58?cRJ&&kO#KxiaDrdS-Dq#wkwvrzX?+l^3rJlLBY|hK&Kd zn+CwU&*NxzX-4=~7W}b@XiWxFq5xVX)4Sq?Y*=h>eYBGM=1=OWX7^fvRw^A%E@&)C zsz472-QodVxTM`$uTd4j_@hZdyHx~`28b(X%TNPRAr3Gr)I&o<)0r;StduI%Z!OI% z1$ZPwB9mXl9>fL{Jjb=?H0q_rO;Sh~v8wHfV@uZZ)&21MtYIF&v5QW&sH5oL6pnn+ ztGAP!DA8sB>}lWSJ$cSd3)ntJ0%NMSbIn6!`T?$}sz;G(0oZIL+xGST?q{A*)+sx+ zJ?)w0dOTPXynO9j&kU!@u2B%aU_g^POIUj_aT~?nNVR)~*TS1Ax5Zo?oCXfMKeSOB zM+{M`L56alot+DvB<2TL%i`aBKz$#)evGp=#5M^xS!8?dxD*aoq*P4nLB4(RkoN0E z=M(jrc*qos^x!OVdWa!@sid;ozX$~%*xUJog7DGG{zx$YZB7@Z$s|oVu&^esM@Ckq zLB{W>9Yq&Pms8?6Un^<_@sNAB+rZ8+w4gM}7|VfN9bA2_jFJqQ8Y!7v?Vb`e-`!H_ zL|$p)$&5$I>i%j_e2jY3wU}^n_C9ZVQt3f*ZL32IR_cy{WDTN=<9nnXPoZ}Ul zNJHd0?C4{vdQw#|_siF-%od(i*Qib$z2kQmXVQLIP8+;`bsJ17h6A5(=-aMuayn{R z?ZeX#))-Q_DLw>n-3^g-kLIacfCZ>VAeAkqS8X24rz>9deFr!vL!yM;olb6iuYt%f z3H04)0qOG-P&w{C$6XQ$WR{ro+JHFhwd;DKiE5#7HvTCs=d!T%(hq;U7ccVH-)75z z#&L!X=0^rNPS~7r@CS3v>+U zlJik6FFS?XNe)~eb}E3pX*jE^jPKolp6&~r&#LKy35HEB-}j%%lmpj8qeN-17W0QTYkkonpv6Cy@>dL#4)Q^sHS@2$(1cAq?FNesE z?E>f(@fu(-S)1-zj5+jG^W!dn)bv4auV^0QP{i~na$)V2sc0X!ZLo|4ui!|85OI`F zxB)QcchqAcE)DnLOvxPiM9wHGF|;G)rD@ci zfAa(`M`eE@gs0+ZW)U2^hQ)wXz>n~MLAg9%Rr)#xPPCj&^gP|uTRE4bo~j_KGj73c zBPuCr2ytKmAe9V<^3^l;#0d&Bw3@APlrW(v+UrP`0M7 zEi|Sl1;I*G&P&&8fdAKI-Y%Q+n)v(Q3$5N5NRYA`5Y}Q%O`KmkQE9}o>uQakjZ6>_ z<4}sQ?l&EUM_qK3YxO-()U@dXLjz4?a%W2~w{}akYh$`k0O~&T=lD9_j$}ipG3r?&S85@wi;{qpT**1z^`ly>cTb$t&jkDbfU;Wbafv zgu8rIDUSql+nv@&beV1s_2@D)^aqrCXse(5P!$}Pnu|2IT$;w#YH_%3-k<> z1In=~sfz1Q7&O|{8F0!sgfc+Udqd-@5D26@n>8bc1`?xn=St?S)Lu^e^2KW||Ei`vxPdZWKPF8@;k~*rO-{+i!%S0+p?lLbV3YB^ z%e8~88UC22cdK0+#W#5+8-_?a>FtX3kSizJt{m;MX**VESJDt25&C1v_P5aaP(~!^ z&k#ViFVgdloN|B*2s7B!YP|p^R>$?H3aUH$YGAm&=~F|{2MVxNEL~&!(D>0~z;ofd z6iB7Kl+JIP4-TK=(RYgbNvXh(b4r-b#F9EMu|_Vzc;w(;VtZo`kt>|W{rNZ&bD8?r z7bj|@G8>T@9!$8YNxW8t4G9)pUEeMtB9C!H1 zs^kHpwjIrVb9(s_%(q=(It&K-W#K~MfY0`?mvje9%@l?-0@SqM4_CToCZX9p4C6&4y+Es_6_Pl)BL?f$@nm1W1zC1o8c z`Wj_sq0gqufKh?loGwySE6c(U7oOp+5kK62h_KEN@e<~5=3vun(vU@NVo|?9vdv+E z4a7e|&zAxzR{@3NyUV4-5U;pH`9;UT{3@69?c^@-r?Uqz`n$l(GdGr zTYNDHxbU767wsU#@w(4p0IPL2aQ2J;1KkKV^cY~eXd!dd2bWNAk8)P2$uxeca9+mmb)3t7i%IT7H+}aXLUP{c*GLP_=D6V zM9R`&ErJnC3(N-_0#3gf5v8jZuO#`8*;J^?<+opafr~* zzatRKrkZ%DtQk!mc#@F-rU7q@J%T1KKx*-RIY@*yUdlwqvcJwK{FB2bV2T7?MqV2` z46rjrwRdLdwAktwqJA*|qyUvJL3#}&UCCGvV4}&n?PUn*rdLaQQ;4HBy*_zK@m7h1 zTCntzvsJF}w}F+j+&(?A+J(g&CR5fzHJHfU>|@*J)oBykf+Dl?Glj&k!$&+rw2pco z-$XaeMm>|$VroVPPc?aK!TmNhnkT&+u?^*KX&YhpOUojxe8mD)leTfp^VCpU>B*Lo z=49_BMWN@JR)lmo29&5mXyY7nA-H{*(tY(~eSDFVUc7NzO8Wid^roLAsK7;AYIpIA zF{5}o)rp#R7(ub4Xq)${>a@L%%}KWhtW=eunDUPIz%n6>&6ZPZO*-+em4V96 zqSfpAhxy)N6Jfy5d;5}+epJ_D+&=J!NGv2KkP4S{eyesn-uxg<((X<)xFr(?yis)4 zrdIJi30m$-QIYm)2NFa5=_D{sr{8<*VI3kJEF}^pVA=x}B7yYX=hc9*#>g2eYjNmt z_2Tt2CR3%^9O#&CyNlL4XJH&Awid1+&QAI1}a@n zu=4gYJ15xS!_oS{xETt8Ou!i-$)c*DguWqwUS9&JT`XfT_t@F*@rOg`B5g=|k`Cbu zYFe%S=LJ#a9UFX^Rz8iI2d{CcpFdontm@965&iLyi=aFHtOd!tn}s5WQu-$#_8-(e zYT=?X;tqbzKt|I`?PpRo`fz9#kn9&@H+$-Cwz%!|?TqQ*pw9!I&a$(0w&QPQi1iAT z>F9VQo{lk%*($eEd zk7I2VCtTfvYCat#?xMBiM>k?{sK6%k9BOK-EYGQ@bXBz$aDrVHDszA5(Br}8RJcw# zAF42)1-ZGUO*2~Qft_a_RX_q(L9W}AJNWIxv;WFqXqV3B0$I+UpVP^@%mHeVfaOs z08cS{RYYbcvT_z{RTx7rvRNJp$|MITWcbm&IUgZhN%W!2%%m1b)x>4PTP8i@wwRF5 zS>^#E^NJ_Q{+z%zEtHq7vA*`%&I=@GwW!nKvSbjspoXdxgv)>iorSGn>k>DqTO&*A z8Qt+~T?nV76o$3}Q^l)@Bp!=ipzw@^noF@v{84w2?8L;U&mWS}X%imj*?vm}Am%*) z%fp1%s5b_d)OCdM`I&gBCJ>d59;a_yL_9s-C}JQU`)vdBMMNPm5H4@Fxfj+q(xx~7 zZeeJb-JRFV-?lt4%Pdk!E{n=qD$<`J_N;6p{h)W z#btvp$VT|V)!D>7vg!5<;3#6S1Udgl(H`Ej4xv?|N~(%XS1UHHP2QH^(1=Dopa~63 zlx8-dT}MB}0}b^15PXRwr>RH)&srEo^}Un}u;*ZtLYKyoPv;CTCP5BeR|!ZpEEL9x z1{%ODE8povSuaqipCG{e6>kW?^DA`3*KC$aNlM-$WxR7g1;zYian^NC z@}aHBCdrl=R>4R=I;+!P@L+fcl= z*T&W^$iYc{8pXlN^xVRArz3`QF;%|MwGa8Zq92wOMldCF`&(5=_<^x-<}2P3GUdUP zBb1S#)yYKJ6WB8PE6K`l)$^`&)ecn`0Stw?qdJb{;Ai5Q0WN$dgJinor6q&`!30d1 zdaZlDWI`@K!^H#hT_U$qg43dzI5WxHY1y2`9NI1u8JGs+YjV5m3_70BMb!`O0ICsX zCWJ6%LW3}rDZA01KOj@Zd|*}UT3?Z8ze*m9)Wg$P*vfO@ zwG#FV5kGp)8M?>!hYcnvW39V?;RC3RWMjt zBgrf-^}+)+=M0QAz`q<@`D<;77+Z=|jx=ugo)Dw2Ve*IZD1 z8BdwpV6=i)(&1#((_b& zm8mj20^;bWL$3m>#U}dG7c||*w-V>dd<|u^5LXBTDPOr-OtI#2n@+4uBbI*`-0iEz`+mTk??IW36(yyw zxg{0t71ob7MFP&Jhm~+S^jlbs{Y+6Jh`sz#bN5RD$?QIO4+ZAwo?!zejej#C>&Z0= z$dOub`A?j&5Y@OJlSiVo8>h&g+Z?cFOtm$l z8(E2`z*$UGN%GW;;>zxqIWZ%xnjif{j)YEa=3J@#OOC%Y?ybx=T#G)s`UvasDE!_E ziBxd?eL1BX1JT`=(`Lh&@DiziYO~AS^}Y#9eZS|ffRRWBucR4@aT*P~ddkLIDYGma zplZ2(IcmY>W4UXJN!M77G7jZZQOuh71*v%+WUQQEPlqCo@a}4D)b1f?UJ%RckuDXB z8`m{DHJjkjq-rM6bSk;i9d_j1it1x~Eu1|Puy{WBRdmW-sG9<`)7E4MM=(Ij8nRc# z?6KYSmRujvYZpK6=Qq-4DNdbAUyJ%Ng`aQSHMD?aj}Gs<5a!cq;Hd)ZpH?Z`bOn*O z<;=%FK)6QE;a>B+eEAcPE;Y-_O)wW&xO29Uh+r<5YIN^mIrJJ4U5i6R5fP`l}yER7k9@IUkpPZ2tx@gKVJJ$sCn8Mdt1C6JR)KkMZS*&0(Y508G%S*HG8SS^}SV zKql&gY%k&$KfD|FMC41lti1xFR0H4z9F3f|Bn}b}D}%=Ilo|Ef>J}6pq7^a;xE%@b zOs;U}x|0L=39i!d&iBzvyy=8x20d+;W||S6H1a0(J4ZzlUQ0wS^PlSQ`2yx2XCDS7 zTWeo?E?^qINc)>({co0i>s?+`W&c|H#PbhoPHNk4iZloez^P~Q-xZRHB$uO@~BX`ZQ>2zCHW{b0^&ezvm6WUt(-Zz zMC{xAe9z}0^vED`v{}WXl`NBenGW{vW(vSInOg$dS)5i|lIIr@_D&8z00B^M=4V&c zD&aY7ZJX%;bvSn!{zMBQF>>3rPyL|~?_{QaG^}8CRO)*{&cdei+Zs)#Y-+;Onr&Ri zSFX$NH3vfp&4NRX1ouGME!c{{l1^$8b0hVePfvHQ)Kpc%ElkTja#>en2{zU)aBVDVK>0RUaS55Q|NH9(n8> zG`mP~uXZsXUAn%VYKa|JCxjK}(fFB^W7nZq-ay#=EuR>%oWaMzk^1iOB8o+VOX^^r zP0Oe<@X3NruC$mXq#4ojcRY7~L_QS5k(9iBBSzKr$2ZHm|6dr-$9GvPunwtI4L z$K}UokC7?F0VBfv)nf7|r%ySzu+HmZ1m1^^zJ-86xzJ3DKzc}cPC}5`WmPgE5-bmx z$`;M6ncwA)iL1fwsDz#yOH);^z7MGyroJl8iC8(FE%vgrMezmJWHqnXBLOdqPCvH} zEWNdg@}~4wMW%H)s=&msx2^>PNagXxQff1HVv5PU&4j;evNWQbx&lg8QojmG_t6G< zL@xUA32QE{S{UHkwH3;YAxZ4dlp&auv?ju4Hf(g0C*Fg4o_;rN#tTnoi^(&WLP)7p zpyMS%@(ueip55R%%tU%H!fqTA9*u}G>|+IZPW?xi2U^TUcSUH$gHGH;QbS&nar0eQ ziW{TABS{fu#KU91Ad|M{tIVM@sF-~=F~rv=j;GD6)Da>%N^X}ZoJ$0DspMaCM0JHy zj%W;>3V&ki`6`>M++ZbPc}OoMtzdDu=Z_)Q+w?=&;jZEFk0<#jA1{$!)#IAOV~N<} zw)Usf_(Hz@NT=ek{uYJ9J2+N-YILug7UNy)uihv{*&=mMoM$%Cc5qW7&M!Qq5V&SO*Pp>+(~ z&cWD%(wJ%&=}5RUZX^6tNHL)F$pEc(SBlXA@3lwCN3j1-d>Ym zoVCgxNQoVoci98TNY#-uTda{CI*^u|ZM(s-EZY1&9f^p!$p%-0X3P6Fvc?e_i;rGe z@AA>TVl*@(3{yNinxqcmQ<~4DcAM`&d%s!K>6uerCLe#*W_I_$l7`Iit(G7+?qcM~ zQ%|Gdm$I}G{)0<<#epN0@1=IJSM?dWEc|~lza(#<)n803P$mryP4_{E8Hu*p-fym zuYJ^-^}NJ}qC7YXG&sH;bDyE8vRg7>HgF#MT80^(l);Yh-v5n-($c?{)>PGb*4Ovq z{$i!V(Qy+0m|*b}dPVXNg3Cj~h=`{93rWAU0K`7GdJYffsW+i6Yh{)`qvd{1VR9Sm zF2BVqDo^0bR$p9*=nD2pId?}Wr_R}8DPm^+rS4d`#s10RYD1O+PYDIlA-7rgOHlCA z!wY!XADn?LMzFoo{->?uE~d&vT=|9=PaJ_+Wd!F|r}sWSv5G3vq2WY5ev{Lciz(Zv zEJ1i{Rp@IoxYvAR=+fLeeR8Jt0YD2rF6x$iI8@8mU=n*LORR3v=r|vFpdjgC92^Zz zIvm=I83g@Ibg>Tih_LOaX)-eOn>;kjxUKqV zZsofGockf0PI#wE(u&9b8R$>7hd;LH#vYlhFpIj&|G2V~+F}7J>)jzPvrI}Q>TFpL z8sEGTeINIUkBj}BDtA!>?1jTdyHkM7WM?U5(RMmM&B%Q8dbv%2EHwPO)XIzhbszls z%_qCC8$5bK*?#SYRrGEkAB$)PCUq#gCX_jK>YdCVD;jjuCNpGQPZ!N`gLzPz%yRM4 zHW#9$X+$qx<@tzoDuvKc&4?~EQ=I~I)}FING_`*Bv{Pqw4zRRlH14n3M;I0BOI~0h zdluO;repUXM_uY8#9aNrqmz{%dz}Jvek`0nBV&7UC#MT5eP!&^;f6g3g3_9nD!3jG z|3-3KMaD$(nFy8*wC}3WXl%;|ltl%|GJ1NJ*oEW^{f-;h0?Cd|4oqJ+N#E{%Yi!T1 zjLo3Hd@#3b;DCjonX1YX4)&iurC`PU(#XU$Rf9k@f8LKFKCr18>|c-Ax-=468C*Vp zFM6vgOB^fP{CT?;Q+?Rc)&0KkT=Sf$^W%J4uNDX8o(?plG-k4kEVRCX!mp`y3s{?_e04Y$QU@%&ie#>M-r!9j$Cs-Y&zG?~*qk7PohE!^n|T^O}J zV4~QvdE}`tSy!kpm{*zmd@S-=NO1UVk7elIuij<06k3wzlL^uw+gSTeb!_Xf8ya#y z7)_{Nc^WK7+%%E?_B4Ulxb+-^#~dQq=X}|vesb7|hRt3&O(OW@H$~y6A4z3~XTRg@ zGGmZ`sj}?+^_J0CMkcR+>Wi*mrwR%#6O|Dv804x^tgo}|c@T5kQj5fUWMID+MH@%E zk@4thHDEimR^P513r=3J9S$k`*hA`#CwWZQ7&yt}IE)O7 zDn$J-$}P3+-s!4e8AQ;X_bZI*xlJtla?d7)d5Dg7B3%D7z$X2?F6fXGrO;|1bZ@9d z&n3RCr)_#LNhnJ@`-Omdi`po`SHo{9(XrLO&f(ivKo-<|dka)xW?EvR7}Yi1-kzZR zwJ$+Xx?E${$c?^2v5H4nnhFRa=kRS&u7Iz4pb+r(@ELoGA;Cdoom9R{csefP))%4v zrf06`7)oyA|3?hPDv>1{BaTlkTqt>#&BV<^l!jy`eho&vy}El@GEclRxA(v@hKS4P ze6qKJIM~O))9H#KbCZo z#ByVd-mj)^&fZasAtD*apL}^<>z0fp;~*y2m)NVj%k?dVxq-42lw-$B+mqP)#yV?4 za<+0=o2-dMj^rY%Nf!_K?lHgHtL0#qZa%sY2LlN?`q7iM09jhJV>8z{+Xs&$Rd z)VWBR0IOeN$$xOfzKHYV{M+zubDa2uns59cs`TC--RzkE#LWVvy7^^N3~tFs>Ny+L zwvU$^i2`YiB{aCF=WY^YWe3<{iq(k+;K;v%ig^}7DUmDN+dbI8?X>R!^%NOV9x2fm zFY~aoO+-hKfp_WO3#(~=dC<80uzDbdQ1yZm)N^70Oe?**V24OJNw(cN|4eV=G?k%siWTS5okUlA|%@uX@b?cF;(=LX|P|kn;P%&*~%%2DYS3 z3{n62elbry2xn_#o?Xv++QHFZW%4lcDVD4(N63P%5@tCTLYLMdR{a$8_wu&-7jWgy z5v3}KVfeRiEe>eDQkT^4Z(k(a*qratK2~HpyByPeWrTC!M#dDAw~5;bu1+~X|H!pS zZsg%)U}tnL`fo4XN|5crj%19cKx2N|LrDe{o2C%?_h+@<#*|6x#*kXZDy@{Qwkm38 z&+TPaD+C2bA70T^$nK|^_jN_0ETzvUJ(L=|dN{7b=Z32OP#Zm?tD#6oS-AC{^QjR3 zdN$knf(hr;YfwWpb=`iqCG)aDzbvD>C#>nFLSXy}?5>-KgzE5>%leh7{ILM9`qY3m z&93t+@^X&umV5Le&qXfl{E%qy)#_C-=lvecTE21>2O-W*ku(ze)lBY5+{^rdfPxpp zQH_anA8L{@vJ6k3I&8EWRUS11vBs7~ZYIuNT9a$!tEw3P<;I1^& ztZ|-3NC~~8Zv0N9Q|!DnyrS6Z9sbx+)-P7Z)y)@OkKW9B8$YC}7QBxCv*;GAf( z30dEzJkRk;b2=8SLOb^siBo=O6c$1V_1GGG&#CE$xX~|Uh%GUBR}OfinyVikJ*x)E z@jc>C8}^w-;wuA03u_d{(vjTrON+v86-q+*!fk6lwsC1`Gy)m)h_%@Y8DzAyfUE-= z6(*mY#H7Bq)ZzUJ#QbA`!B8J;=eFAEEn_0l^(^~td|Z{~$XNWasvw+0ffsFcDj&y$ ziaz$4nyoq`M%*U|lCK4UF7eo^A;It4f(W$L(hujkI^JxKK~KG-8}8QU)C@3Q!#XJ@3OMe6$Wum9Y)lIQ#u078F`Ec`6f zd5kmk!2rw5WAv9@TCnDG-^e<5{(Sz+WDv^GdPuL7^f_DLT^8WgnPX@n!J|cx)ZcQs z^CUR9>(O3-P=6JI`2|Jd`}DBR{7!?CPCua}Q4?uN6=vPaT!2%KOB4i`1b(gV2`!9g zkq{K47q`VxV_v=3n2kW0%2R4%^mk~+;3Xd%^bhCxN)9JN{`oLGH#GPaRyw;`$6j^t z;$nU9gxi`%bSxEr4)Ld$H*@vL2NHWv&v_gjQL@B3U1OlT4hcnGUXQcvdIVMoZz1E0 zb_WLH;Fu{=q}lys67TYKl7LI5>uG||g}enjXKB=^DolDozoq~yCb4M#ta-Um)9w2y zGnC_@&qC($Vi?=>Xc)wfBsejDtVQnLIi}&F?Y}zJM)($=$-aq6wlB;lxHov0`Nq0R z)ZAUY$)NH37;eHe?iT~HxNB@ z^?Ul#k`H8qn~8%12p0&2V70&IiwM6K@-CJblQNOE^GjHzlKUKQ>1lyWbZPVL64vhf z7j73;f-^#LbI+bVo8H}SU?Pb!&$69@Tp_e8_z<8-T*~Sjb;5!r>R!`tya;27tzyQ; z7Adyfxn>vEZhd07HemJ#ZQ?I#j+fj}&?fRi*%IB5{aNKvCIEhla!=EYf-Fr2_MMP$ zBJYR=uBj&!NRy3>O$$EHW~QunZAfctS?>n7^#>#&)>{jG%HvyisDXNneDdT)*B-G# znEGFR;Gf@LQ%BRZw>lh0e;y8xE0oT)X7gk3(Zo zSF<&mCAl&!BV{O4pEp5)ceGC{CW9=`;}4mfH_2e;t_Z=uEwNtOEQz#BfmaF!arycifjJmRkRR$F3r)lMP7r6Qk_=$E#Z1ERcS=-31P6P1fhgzuT6wGjfE%>%Gj%U&I^F z|2k1c2XCwak0V#=Yfq{OiX)H(R?7~gggD8ANGS|vYAN4^l1Lofe$QyzoY22~kpP{> z(V);!5$6>Wvp=6y5ro9V^w^i^RWf^C^D0{m<`T(ie<}SJp5=f4f{+Jn&6xWE?yn}LpD(B}lZA29{8FLYn>W zsXG7JMNMG_i%iWQfBXLDW!?-Z!gU9{eeVeTy4`2bnyL5%-{G*!exBV zrNsZEr}^_E{2l{``{AwTI{hoZy!b6xIwHlFb20y081^4Euz&jjSX}OZ*~QFlxP)Qm z1Bw6QacIt>chJ@);@AKB++et<`oAvvPre}RL$Ap#)kvA2KBo`OMtIha+PfBt_k0snnvXr7~AipiU6 zDL)r8<1%`o7Hu5ZeqQ#USj?Ie`cQD1xX}G;3ul~z%cy?gv48$wT!t_kYpbTI_ZR$cU#GC1Z6T(3tz^i;TQt}|_44`IysW#i7*n@Qul_XK;2reNKh*n(`IjCJu2lOt;b8-Uo$!hMPB4{-8a=@FwSLMyba^1k}F+Q3~@|1+e+d zP$IMPb_su1`h4#D$HdG8cu>XLfx$aRn>}|ys*fHzs192TsygK+AwR}z zlv7A!%78w=WixSSA5!RSm~Lmx!R4<9qzE@)I<>n3SlVI*W+IfD&4+a@ELE(sbBPNI zdLLA3BN!2m*OgNyQjh?_yM&;7)}dQv@!q!OI7iK9JOY%qe9*2ab;^zXzj8$}=;xf_ za~T!ZXA#5ry69$V z5OmQ9E?A}4t}Atf?9sG|jho_1*s|NxSq>?nlwAoRzE9?8{7RjpSyfb*AMlf15?Khu zFVzBt6Udk100SuQ$DnJsk3mR@^LXJ{X5>Q!{&TjcE3s6rqBY%aSWjWE6ePz%lh7G5+>@tSL|}zZ0T&A3gNr zIcx>U{?t+Y2j>xN&lvePfId}p8F|m*u%a7HA5Ny%e?8Rf;{x>%q(Y+Fq)27wHPE5#&r*Z-Rh{=?^$~bIlwr%p z?<_6?LObBuFa{1V1yy$Ah1N+=%F^Z?V`B4|WYBj&--v;C*%5NIx( z?33SV|BJ}zO%JxDd(3(uiK6{*N9HBB+4}m}kS`r^k4zn8uiTXl4>biSbv5H{01l!l zrnf-l22|u|%?EN~L6Ach3`&UI8aRe%kR}O5PZLo_51bqyv&Tku)N>SKVDM6>>BVax z5Fz=C7WknKjEYIe3fR!>+XrX9q_Q_x4tXb4gRhAJzC23|;Sz2{yt=Oeujh^xd``rr zGtS9V51M4Nk267qXpi++ayb`81 zj4AUz+~M-rdfdJQ`0)O=Q9WD9jy2)KoUXkO94(Ca(b8y&K1{hq)M)!&}VR}r!xuZlV2KY7~>I?kJtp8_J@jt#JiSNhA!R5na*6>5v zxjg{iq@xV)E>1OLaCNQMv`#$FXkld^__?~lI_i&5uay_@p3bhHs?afrq&t`aG58o- zi9klqH9%Ed0u?8Qhd|a)G(Z8vnyhKnXBn0g8?nELkw@5fi4#9d5Sq!bi6rZUy$^Ej zY5JRB1{8*|4V(z_*WO`cg+(_zF@avi^L@MUIuh1fL7M6HN(a+2E5(sI9v?cVx5rz?R@2A|JqAv$ylD{lob)IiT8 zKRgJYxCfvOO(UcdrDjxDIAgTdTXM|)*?1$Lyd9uI4!#F^owh0!(LT|a>ls8}1T(}C zcpGr6YElE468uDNf<*L?DbV!f_Xay>Nhsh1D)_1+$>#-V?k&5W;j1y6jXljwTwnM) zxzmg;2)M3j^dt$z_`1HKxWtH)!75ISuW0hF4rHMMnPg4`1bOKRi?AhmV~8&C;Qq7s z^~9GD-OE3En6A%&Eh&bkf?sU3li)vX93>LS;2LI3l1r9AElfGqG*mwQdZ*HcGb-k4 z{HhS$!}wLl#ivhoiarG7hUMa9VJp439`XDuzth4W1bqp*ZMz(WL=6*BEN8&iI0oMp z$Cn(tkL5x*LYRo(pT>{%ufJGSi1C{2xAUZ0nl{$JIm^NLvPy%vQ#^+seJ$R`UVJ5to8OgR@G@? z`4I}!lA;{;){Na@3d&1KtoKCa4^V@7L*{^@#{60Xq0HUFdu4;}!OkGCp>>#W_50(v zBtFOdbu?`YFgCo(dERVXU(Sq3ADBp5ol~B87+exeJPIAvAu6V7PA$;Y807R3wR?B8 zUigwlTM4EgaG(Y0_^GL4)+g#5d8j2XI?Iz$#dYo7L7%o*eY_BXp|<^lUnvnGXlKP2 z-W?l2jl5nNz-hjx$2IcU__8zCrWjLkxO}5UiEluaC3IR;>F=5QzhbH*$oZv3n)me& z)Rocd@=E?0*CV?^Y~#9e@P(>yOEb9ei>|UZE&6;$_&=Oat-VsqcQ&N5oeL3wWqfp_li<_w2AF<*L>GS zpUPj=04hvti8_2J9|Q~<+0bCO1@Cfpj!yTTWJzgtL8lf1 z(1?o#hgHy(O;}DSL>$8{5!UtCP$H~;#qujB_8u;z@h1+*I;DS9I0+U;=clQj?_(wZ z5SVypy-rUVX{pk$baj~tk=b0-WJwa^Pw^tJEtQ8VM(1@TN}aYE2;Q#{)M|6pmLu%% zs$k3Hp=kI4962H!RoRI4rJb_-6B$ythe-pGCCep-P0a5>2G{;dPm|4;cOm`drgt@q zFgYi4U_Cd0_$v>IpoAndFs!M1yc-^Ux)N(afu2Sk1GZ7ei@m)E0w19F`C#Y~I0ye* zV<|XaTWp*6rL)VWze>Tef@V`^88&&)*3&KXsy)k`@qjm4IgaK96x~`0^W>y^D9-#$ ze<9E0{d1{EY7zFFQVLk%5~R~&KLFYWw#6?~P|uHcRw=xtC?d@{!7^R7gz^r(@l|9;#=0Sfxq~5PmWDGpJ=eEMldfDM8nYmXhb||4~Fl zgMy%)+$>B#paMDS-P{o#Nh`M|Q^ah5(h|mgx4QezsF^98fAU@dXTmN~#SpbJ4(l|!*~iL{FM5EN zjN1G$r<)?#0a<84E->gGr$M~^@|P4Ip;%0Y!QCv70$eel<`l-o-b2^MPMm7$wEmg3 zQlYIi>aa^w(iTG%)LXyrfXd5*@c4}!^;WufUA^)q!Qmj0@lwCe0lOa~Q#5>2gHVhh z8$jy*#O;iP!zVpc$#3+8mQSgTxTLaQza*9l#G(ygSy8kJwCqXm%QO<_+x1Nq3a%p@IjNXS&uN`b4x5U5c3XCKe=Po}aGn3*Xt=bV+qCO?Z+hF? zr{(a+?BSH<@hpMw+OFebOj*WNiarH3Jg!$wc)LR zKF&@7vqFxjLKrFA^Zfj-aygchlQ$mSFETxfD@%3rP3Hz$z43zdBRP5`z%5dlH86Iu!gJrZ$Ma~%+6 zSm%${`i=!`W1Zf0v>evGK3KdYqS(aEe!4$WD8zPMGkR8x(?6W_+`yyL&D7Ic2o$rd z{Q~2uAcIPU5scFffF<2OLJhpHMl^+}z~GQ{hD@tmn}ubUW){(xhZAJnEHHOq&$UbMEDXqK`V zNI<l6!k#kQFfie)+=`K^bs5ArHimV>!5Ej_+igVJaH!>iVFD|-HJWnsx*R-X~;=oj{>Y<9tVX%)TRHEtLl z*&8EJ<1{Hyxe+B|P(Fd@v-j!o6vKt8&D{z-3d*ABZ%VMVH&Wa(u7bY(G&;D=oFY-b z{Vhg@${s!cIrTOqBCa1fJNFK8L{Md+fw)uV$mFAAr&CR*eQ@m!K~x@H+PmOs>$Qqb z<|#{znuI_G>ZUN?;yQXj@36k3qR6s8F1sBLRSpY@&M*p%iT5h)_NZ-K@3`uHuN>yO zRLk}kwYrXV>sl6lL+&n(^yKkM$3nz7zFgXdf8w(@{TqScjK|K8#TziLPu-^FcxQ8$ z<*JDlBxZ+D3NnC`WTI(z>Z(oubPuV?#oyv!UpvD=Ava2w9eAQ8t05)9I&L?ye~toz zR#H6UB9%FwajUr{ywkg6Camx3QklAPc|H@44X0dIy7P8aWsHYSFIrW|#-ht*8&{i#+w|TqLxcW?KIp)K9 z52fNE+T5LV8MmHa(pG*36I2`;R_Y6U3u$Hm9W)7J_?BG22{0z)u8n-+o&MqZw&G?Q z##5XaCRyah-dt1z%>UR=PjoaGE=l;-ax)q!1%V36Q)y86an~Y{nEJd=_UF-Ov65IP z2nh-Vpfm;#Q!oO!;<6({{6otJn=S4vPBnQRnhv=vKaKtUJjLn3NDDtEopU%+@%8ud z{1hIx#|dm*xi0q>ly>2;T#ahL<19MX;)os5cZ_&+nBEL>Tnnp9Exl|b>Dg6N)Tetg zyJMCm`*vSJtgui{jzKfJOl97u8kWrnCcb6tG{RgkNRUo3ldK=WcR%%f_Vk`lij}62G zJRdGhFqa=?#~Y#~?6mw^U2rh-FUYbO6NEvf&+!7KQ*>&!XxbPB`#8*5-<@#m*`FEsRzbxU!-f?;!eD-En01F=F(K)!~^)wv3 z^}64X1cA_?(7{4xb;ttGuhpFc2>vBZagxWHZnq6ta}#X3Y%uN3J|@KQ$&%#P#;B&OMzVcFC$sX0mX{d2ZVU{!t zT>kH7z$hKCwFOl;VOa`xk^67XP={K<@aTYeyruUpzL4e!-`@rP@%4Z`DVC>SgwZA6&?rnXM5hotx^a_mw*(j7Lfty*##uwBvD`EGRJVHaIPQ zAw#R^CR3)`9c%1Pdn~a{A7+04lq|r@G?8bH>f3-hP1px=<0_^R#l*|;lqgAYQsiaTHihWlR!6)fG?lT*o{L!5Ah*z>6?QQtysXp zEfWVw^u0I&>W73)m;t%Aw)EZs4Ag)@j0exQs5EyBX|0u$J2_@MYE#xu$`^E*rCt%2 zC7-v;xGhlAY1^XV$T*1dJC)}TPBan9b=<~glcxM59(PcDD+cz-;1nhHic zK9}xsfQ4=Ic5WLB4n{V!XmpvsOtFT4ILQPXsZ3fw20%v|mnP~eO3bDj-Gyg#7v&3T z{h{#0hv!$EF=GRah5TA6D=NQyGVl%CooV$|GmvCCqbOZJ-5&XPF!w}%EXCH_;_2`Z z0gDzWqUrO*+9!IA$CUM7Gt>H3?P&ENmi2l(#73>BDl#G&=Ae!eTlq8s@ppj__PyTH zdtxF5E%~OQRlb@{Mpi8@SnytF?5}s-6T3-TqKSb_c6rtCEl%%fZScxiJ)zk1e2gQ= zgC>*&mcM#dT!T^b0)Xbr&u6kC^Rr+OjpjUUOP>mdd2U~tk9YKHcE&8xp->&*`*N21 z?wqm}jos#`UqB!YqZ(XSsRCM92K>F28o<0K0sXz|^4a(T`efJ0!SYdh>XtKHBqVje@{$2$8iqds9fUJIdSg&NFQ7xeq zU|YLUzDI4m+t73>aUyV!&Fg9P4Wjm`1;di7jv#kG1wJ8}^mV={S4qud7@p!FtwJLl5q*5&qRiPwNHyKOkv1v7*v! zI<{JVD2!2uj`ld?lOIx?BfPhbfihPxro_a%a@(R3byX#eja|30YxiYlItz$-=%wlA zo%ibpvrjnW)UefqAgkdJO2|j@S2k)v=SNAXVR1DJ@2MB~xOqeK+j<+Z+J^R!CM28+ zxbJ_9*RFToAJ$%2GiqMWy(OCApFiP3J7%=N|Gg)5)uwS>+Q=G;LF;4I1cz4kT?M>+v?LgPI zmUqgnjY-gF?d^r}uM0er9(@>?&6%61@(=8e=*HpF05WRa=WrRf5i?)nuiRlUF0sIZ z_K$0sAT-yRnG)0f0SHuCZK4U1PcVH`#{FF`it zj5G2B6yoZ%bw9;b&L&mac2ap-W$VS;dI#X2ejAUJ|Be3VZV4!!1EE!WG|qN_0Jj@v zyo+n6RtaM|JNtlgnU4)9qjlE{;%X@Sfe);MgSUV8t4<6pGOUibM`$-m{qc_L=OH}bak1#s;5@*Tzl9{Z**?ZLE-@17h&sN78bAbd(31MiLlL*HX( z^!WM1`I3~*m;J<0C=X~@YsK}RBO%wYE9EEN9zKL|umeR+J7X)573Jb9X5jrrtRNae z%IMNt@_E}#;LiWESy*|g5YwOj;0-SPb6K+YW;PUXax6cWrW4G6s~$d$>yOUFsr~qx zx5pbS61~A}Hb3$13iW5_%g`o+05u<8Ng-_kSoTu&l!s-_=%d%Mdip|=7K{T>?W_Yz z&OX)e&}|f|f&8xy#FnqKmDCSLLfN<;%5kGXbsA>y){h+4XOqwah=Zn+g*>bE%#xk; zAuvATdCvT4jm9u_47rovOzpGx7HX2eUx=>sU4PDY1gap@`}NIxUvO)zM!9PGq_3hK z@4>j6L9BTYN=*;!)Z6!mRp~>sSe*qNBmVeWNlz*dBv}v^JabGL-Q;ow*#WlmamV5#3&Oe-1P^q!{-L}b@ z78Q}N{hu+Ty_K){k4PHJanxQu0Mk2)Zq?Q5UYHul1)7s0h*6-l?dH+Q<5e01rUM5cj7CICGW*{#kQ*7Wm_?I0;NyS%fde`Rj-= zlUJH{4XK+$I7(B9;(za|`2SvVxEJfYs z?(7HX1qy0jexCEK!g{If=Fqy~NRXUBpVp}|vegttt7$BdECHJ&?vL1cKW}BizLQdz+oZ_j}uEM_9may%N zpM(N~KIDG==NaZcj6V#xw5=bf+4wFfI=(7UraJn5trvu#Ngibvf6JWZR8QLhE3mB% zZ7F$J@X#t7(Zh0h_(%!nc%bDoEApS)kPyNwqtaATqg5DzQA1$QdZ74k={!6R+g8kDIzt5QUY6>$6vIr(I9 z!^*3o#M?H_#bn`EZvSq?+gqjTjIWxQ(JcVu%a@l9KNy{SDVfvCY0fuvZGDEVl>Dg@ zs`e9AD;m~xT?z65=081XwAvGzhw^a_m(e`~YQz4Em^n&<>yp!Vb?PvmVxxNjzAp;o zu3DA)Sxz^DifYr|m$2q|5yci%enEy|H?dQ{T^5emVnnJqFV0sXIN(*!tf5nFViTOU zM}RNdb+&m$zM(5byaMU9l5OD-_ZYfdFil=yh}o)9(yEA~fNI{6Y8RI~5&I&t-I_zd zh|}Bzo3R-ma}Uy@@~pHpHtLp$5hT@irT0F}R%qMB&vPEs!mKQOHrsNOwbp4-4bJ|N z{VDpYLVp8Pp5kl?dgN#hc-xK5!e*~=XER37V9EdLi%bMY|e8r_$l%v&f~ooR+iY8n$65KFy|Ga{*@5 zq)MmZStUxAfF#YD6i@ysX8tMul{(UGT_)ZtZC^U#nZXmLG^FSwpuT0OAgc>FBv~&O z8MioxR}#3Sp!;c*4qdc;-8+D z_l^sS%g%RQNJ%vq)#qLEx2b%O?2(QtP2S9p$vJR5P;R;G0kqC3nqQCbmnt@&(mc#< z_5KS}PrLIg*kleEYc9SF(;-H^0a0>t#m^_Y#FDVy1-T0B`gxH<%ge(l+&zK=9LOaM z)Yr7?Safzk>G`9~r^Y!#A~{MUr)!-5W3O`-45rWI8q(aahY~^c>N}Yc<)Vkl3K58| z1i2vhU*=DL-;Z$nj@D)Q^r_xXwynVJz^gWE>B6s(D$m7*@&X@elFRyW2UKreH}a#! zHDgs&GrA_%j}ki?5l|GI^VgR|9ZP^5%sx zUlJGce@}S$Jdj^AS8-PEYV)0o43zfoh~!#I`#DOW^ZjK!+EVmJq4Hr?%26SbKcMbw zX1XJZ#Xz|h>k-)wDKdqeWJ8TcQK%&^o)=HkTI%gb80&P9(o3Av->mx{NqMFGp3q4i zBO@99bYXSD1zztrAG9_`t9@p(2{k_#L={R3e%v>@>QcsnRFz z^GgfB{Gk1%$BeqFa0Kseq+I)xu>w{XikqoB2J>FEzJT&*SzXth59+=gyOv;1>8(;_m;YUl zhWAHPsRh?*4bmyzurhaJOWj~5r}Z?s#{9VB>Out%3%P)*gg6-7Wb@pZNLHI$@Y13t`>k7zZaMc2K+d;9AwH!_TVp7lW+s|e!pn}sXC;4EO>uw=Rix6UG_PLS?4hmE*V~Rm zhq|M)z%gkzT+JrnT4j_MSX>j0j+j;@va1cN^(gfy=jC>eGj4I~ghye^P_lrl%Y|!pqS+@tD^`SER!APq4 z_$%$v<$}!To~uo~W8u;Q1G##rH&P=6gQHJ9Ea|(*iS`Aud+9QzFKf)-sAtcQwAM1E z?W$$28YTVH(5e*R1a2p&4OGxvkP*t)p}2WplsNwY49oko{N^peLOe>#4=5KX{G6oM z(`hTaYi$`DcPH^R%iP4A-J%tj7-p8FIPYKC81P9Avvjaw4q8NC3p8&s|7hy1CYjP@ zlskLP`(DTe613j_F4U9{dZSwI-S+tTueUNd_=+AQQ1a$mUC+Y)-QtkC!)^tP8h zg*6F$jQco;%d}oQMSi;^s4lA7#%5V-w!g@iZ=6mNsII!EIbSL6;IWd|wCrc<{2^Z8pdW=c<1au;y%@o0-PtX*NY zh$%-3a7uS2&Mdf>n0}F(6~oLY`Kd((dn9- zy@e5i`(IzI0Jd(eM<&2_j$z1S)}0D}-n!Gs&mcgFWT$)gNK1gVuz)t7gdO>p{YYZ% zv~sZ)t0ESc95L0%r+m);O7M&L( zmu|Tf^+Z~h*LnZy{ZWz4ZO1rAu_>^Ja|4dJhb!>hn)uf~cAM<7i} z_;%0^>v4<9tJ9BM>Lt%fUupDq2ToLN6W0z9F1#X( z^Xj%ODlyz54jzd9A>_Gpu^?Q$ZoT&vDb7WNPPfI_M|!1`Jxy3&m=f3n=xE*rgUQRJOqXahqYK|%%iv`e^>N5XxQwci^|g9 z%FT>)pyYR2+awNchBBOYLO$?4QnY>r)x` zprUl@73(|se$a?>+N_f{imIV45ICKBnxQyiUBA606^>FZo1z0nEmTWo->vPHJfpPy zubw`Z28Vhi)Ki9=jDJy>ID-*D29=3Ys7zeW`?xd28Rnd2_a)>8e?(WDC2f~%H0MB_ zcr@n={LPZI`nRnwY^gjbC)TU}w)beQ( zwPZ=;<#qa2FINna?P!smPlssZJTu$NI#{a)Xin08dsJ0&Wkc(%dH^2DF#3?t)fN)V z50b(2D>~40@>0V)UNY-A`QSQkY}Zqr?YIPp=5>i_<~Ol-lbLDAMyyaO8Ne)}Wfy ze0K}c@BH|xP3>EB8PJq_u@Xg#0$7#ry_g zgH?nOsF-TrsyF;B7BG}IO@yLFDU1T~5ggiD#-bHwTpr!ffDdsyyDKG-%Pfz+p|&8{n@P$eG5f)t;mgEHB5qQ%#4}5iNl*Ckkrpl|9CXs3W5DxiuaBV zwXhl`D!nf>$FeyT@3`PFvGtM1!@M&|@;T`V#~2}}%$McM`CG?Jo5h}f$4gUYK*RmpQJsXn((&3qw2wS5Lmyq7mhO66_;@0E0gMzqqHeZVkjhU&T~&RhO{R8otyzZ(x(n=@dz{y7&|N| zq=#-tV9#*x#KHaI*^X_~F#i~s{QQTP@*YiZF(skM(O**i%l60yS*}7aM|=?}6#lJq zKkhgeS-{XzpUYtF>C`@M=(bh0oQTLpuKdgA8>BB47tW*Y%QPjTHWWoV|BE*8BfIeo{^%QQ5L8B|^z4vO|)r%gDM2*&{n#WS8AQ zC3|nmo@JLJnd9J&Z|z&$-avPjB*y7ZJKc&jV_|Hn-V>3fCMDKk z$GYimgFq)5#CzraNk(}n23Hft}G#k`AzBR z`LlgYnBP>Mp8p!nt<8P;_aZB)R%@+RKZUOSikO~*a%JsD0-Y)HBN z{<)X`h<|5Z)qItR-kJFbvvR@IueCOpU(j^LZvaJUzS>NM?B4o46RD6ct&|jBeFLpi z711EQ0Z;CP;r-dEx5OK4?&EEuC5Fg$Zl5Vgv-t{V$*ljC2=lU!`W2*8A~Z+`YnI!ql04b z%M~DytWH1EROlX}cvKL=ScAF0(xlP0P7(JcS@3W^KO4$Ss{4BO38H83)TE+=(u$?C zFF4>(9?@4i3b}#m)~SQ;JbXXru;w7~ZCq^5oY@k0RF3Zfp6%A4o!tmeEbbn`^6j&# z0t18t@7XgmURqDq`ej6Yg{9weCM-?hR+mbG`*?ytV(8^>_dODG1iT})ZDp6HsYp&u zeW-MwqHt`^Mt=#S7iihv%=@(fKbkzlPLwW|6hNRs_fE}PLbXQhR#D!wi0ZKrAvdQl zW>G_W#b(%Rk14G}@ zH92O9qOK$V1L|9^qeiT6j>U5?CE}~&ni3bH_tFiiGd)L9Y@#;oxy(E$Tnf>?y)Fv| z+1%s7d5_u{&+dDXakoPT%^(Zr*u5lvYNE_m|rk{kIwW| zZ7F567LJmKu|(B6cHJl;z}+*Ag)++|YW-gNYyAv;5{uH+Y>Bw_{`kd)7&I|yhPs4& z_kOeJqwF{(wN{pJpoR4#Rk-b{ZI!$^gghg8{FvSQ^KDD0#t-~TIVK-Eot3tDDEO-J zc)UNOEmEE()57(c6(!6qIS4C_NI3Y!V^p-VO^7TBk7w6;2bHPu88jRe)#^T2J1tly zl4S12K4LTU%qwWEGj)Aut<^&?_+IK*qK!d?PospsoWs*w!nU~ef{@2KGSll3A>O`R z*k||s$kp2%W`TUhnW5P|SkUVD^#FJm4E!jhcuD|Cex#UtR&TrrMa~*G`%89xIl|vTKbaS0L+G(2 zNAG(^}y@b5SWhGPR&LoGwhuS6$!(+b=*x$xC=dTDpa_=)hsGk&*!a` zWjC!^PN#42d~Hkg->Hw0SD+Lj@xLf~LHlLHroE zgMEg3_>jQewrf#gMwR=8%WO|xo#u^+r$xC&_BZ)e%X~PAq4(0ZFvc`o?W>X>7J*#s}ag;j8z( zFNldK9{K8kZd8=K)_?vZF9+a^%Wj3-9$8#gKTf~@tg{DjDE7voi@Jb~pqh{Io$S0@ z2UOh$b?!EL5s)l(CTIyovl{zTrU&WW>dje9XGy`%9&s@oP#MSiF8k2EB zEA0GbD$Opz%WY-sxNxOPbOzh?^cLaHhoL!l;D0j|O)Jta9MMr%W@(zFT_yXm%ZblG zk+3plC<`>Ir-+$-<=EqrMtu36+<|IF&CTs9Qct?rc-_6&>6BQ zTWc{dlAGj=5ph&HmoF`l@VD9G4Dp%G&Rfc|Z=|g!aBK6UdQHj~MPq;t=2Z8Z?x7o!fI=3xWttaoE-xy`q?9@jV>VI_)VF{UHcf zcIBz*9-d4E>mfWzu69{}t5bgw=U^3}xNZAS`nJ?C^3{&F4;C{gpQWrrVf5Qd6BTc7 z4t%gbSc8W`iNEj}oVumpZM7v9S$zo-IutSgN zW9B=y@+KoKi5dOz=2aq}GS#KFveU1Isd|bMt}MN|cvf)MrOKz;z0(a7rxxWf>nG(Y zT6k$wh+6da$hR_U;mc-BmT9q2@nop;)Yr3)`~xR^y&9V~(L*g;@C zY{k7{ZU+h*UBd#=d(8r?=80TCkxqXW`Nt%1gfM`C_pIYq?-k-wjPF*b!3b12DJ<2Z ze`g~q0WyJ9hkc`j@0801$zE%H8pZBwynQMYb%n3px7Jy)v?4SYZQ`nzsr|O>E3ckN znsT`>IP@`F$3w}V6sPo&AP8aC%*`_&B+A%(P)F;Xnmxm{ZqCl5`aK;6B{4bKQ-V*f z(HM5(y_FKB*QRitZwOwv*UastTb6O9hHxTu8c{wA7D!TBt-0J#*gI-%*?y6ST%UCEh0i~aLC>%3WLbFy#S^dmj8>Qdtax?7jOI4}R;pHId^eDy zW36;7QZvP^a|&bJ8Ir^v4UsqQy|fG~S0MS$_!tMPB8fO*a+n#i-z`!=W< zAu{7(0mACe4sD}=7ZkT2g}MZ*C`6V<1QbX%YD#ivHu5tFOb1`+wyclLY$|dXG9kL< z%a1qb@;%I8_dDS;10RfBDKAyqrRQoiYg|-eIylBuXBpK;?Q4XO z|KPG2B&v>Qxf#!g*GnUtC2lohCzj2izQW+@x^3*L%dJz^SuE*cOu>I0YoM26*)Y*- zhxT~2G!VM~(pWRcYC5K~YPv!l>fbp%j>HQU?RP##a(49_vGg0ybXsyv6nmwvhbOeq zV;<%MYT&PG!}O20coTu|!S!S_v;1j=!Vfl@=ZkU~4`a0wa!#jD_IXO&(Vu%jWjKJ~ zR&nCqHK*1#%3|WcSyGaVf}rvh^3H9m{NBNQWmw45Bh@e3J{1)L`?9`=#@DWNkbVDLMIA#EdHcd z&>mu^p9|s~EC`aZtDHm>*YqHBMe3M~;+&)&S`YJ5`ob*l4@wliLgCu{ui$TF=n^7H zma-}TOx70y;tZU64WzSV*J)!@LTH$3H1p#U zq-8rMZRwIt5z?<=YTh6Mp!ZwM6s|3dq-9s3io2rp0P%ZK6q%8x5(p7of-6&r8J>1>WG zTMJz&(8$=3Du>rdYMVT@#5}MAG8@X$phxf@P98-$!T`#p3oW<0t@~x2wBFBfXgWd( zPx?f2dZaW56)F?3$FB}~U<^Pj6j=gQeK(msAW5_ZBa=eQuA8rw5?|^7eaPJz2ahyl zdRON{$I7?oIZ9C!w@|G?bR*Z}YXP{H#v7I;9xqmf1af_=W$KU{*y&bT zSpnZtCt;T*8-Q%;cVgcN@B2pX3{0v)V6|*To?0h})2P*&XyaA;NzeIvVcINQ?7X+T z7jk4DQp+#47AEkk+@B#2(vHFy!h!FU)}gx-rpl#=E}uyeq0hP*@8Q2vNQLreLNo|y zneOtOlF$6xFf48PXI=hvc<(kSmZSZ`V0}Bh`(Uza=u1S&hB{47yn6GkK$A0&Fr=a#)2dL> zawcge_>{CGOkV52nZ;LfWDL?<7CfwW?*bbSCbxp3t*to^r&q?Uj?n+y3H$|Yx?DkT z;phr1#S&0XuGY6)96KnQi1WRKM8XJ)*Gb zc4NSMav+Wmq2tTYX6_(}(p0O|cy~tiK))a)BLbjQtkxJ9>?+iy$6tKx$(gI=7jcNM zB=m=zgBF(6?a%tB2&AZ;fzP<*ACD0F5Kv|U9h7X=13O_{7kb=^x_tx1L#)~16qbKx zU;jqHClSXZUakEb(2I-sQMWfhntTVjo|z;ND+sG7%c6x!diJxc03uurzRd@;-eDh* zHwifu=(7$pj{&a^IqKc+Den;?WObO4t7J4|n+C#cDPTMO)~6U_3M@IUriw*V;wwrZ zMe3Clz10r*WdWgX zbpVbIGew=_SwP@Ly*EXH?Dg@wp9y47Lys0p)$r4-ms}{j#hslp`(AEft zaEq6rA2`V$ht<=R8AgxFR%+#3-JFgH@VC|Bw0pO$5ML~|@4pb`;1@*zz z=Mm;%=VR9kbbL91=Y7juf`Y#S;FtkG>}FCqc;Py%GkM0>t=+)~Qotz<6Lc-}7(~*O zT-BSlOxgvMd{_<{o7td5KOg)Vn$x> zrM&r2Nivr-D$0#}CSeJjpUSEFK$lqnk+)t*uPTRepY7rpj@@25&GeaMVru)PQS$(- zx38yT?OHD7Kq4j^_#R3sWSGrf<5*VtZpUq4)|3N^DWhMWM0kX(rcB83>m)@+P$Yz( zYv*)eX$?a0hBh|3V+_buWrt5lmjLaCRZ|!5Fw=)+xcm8G4jjeq>p-ac0yW7{6WT$g zu(^~dE5sD|M!UW6NAeb2y$!JY1N~gP&J7_lD72ce*eqBy$xf>lh-j_-#218@iizFX z^Gu{_6^5ZMAj={bl}bK_XgRW|WukKOCSj1rc#piGWGDx?Wr(a?7@A3?8uX{DoE|Pu z=6pOG5ue=g_8h~Hk$eYW!C9G_eSbgRe=e_|1D^KfJLvdww@O2tk0Cu#0nM;iKsLGl zQ5W=YZZ`6jUn$GkPNpf2k%?}8LexSahw{E<{Sp$J`E*5H0B*H`Fvwm|MUX(em43)~ zPhpjd5KTf14&&620+@CF%!UE|l`l9;JWYmX8 z_x$|we_-Q(8)*AJ5?o|9nC8k5$hfzfd&$ zd5aAFBQ3kLllg={_5XSzv#Qr1)lzyAUBIlb#GWgbT;Eqs%_LBloaXk`o z<7M3aXjKleusc|nSA73#pCe1%%o|?ZXY-_2X7{g&Pr~4fg`s|4P5=G?58=i4y@Y=J zQJ6f;GC#|gU-`=S#H5h#j0zgx4b{FAIm{Q{7?kg7z~=_fqg{mv*dSZ>&{ ziyw)9X|R#Ues0g(OTGKo0mw>kdX4%Se*N2Ei*X_wl7vjKe0Lj*Rlyor3^x$|l@BJr zdK$pA=z|?UrTq6{@Vtg>z?00GyYs3T1w+u4lK7$OkNoXlo;%MB z{yK-wxXA1KCKC%Lhi`G>&

WU)Yjjg-BqOeQ1C1Ze$ea0-G#rsL{XcU&GEHkE0j> zBP6$w)^>Y$h%&CiDxrMy>gKPEm>Hrcr*pIE{jrOPIbo_kCUpM1fd1tx!xGy^dujiV zA!Rm(6>>=>pZQmoCedd$m?s%Fs-OC*2_ha_s{c6T{@c)r#lwE0(tNW1;|O^J4`Dw4 z#;E(>ruOG?oOT=@QgvVJ?cMdkCI$aYcJ4H}@GB3E)j~AL&F|g~RNP%eM95#NHowWK zLtfIIr!U!EWU18+Q9QdSF~}P2!OY(gu@MylDjA|VP#d>Q*t0vBC=|?(RK3RTG4}J( z{^>q`dEkj#*aBn|c8DM!0$w{Nw|Vh*TMWW31wz0wR&LQ!J&KeVmVr%TVn?jS55Ts| zdxqV~za|c!b>hQsuE_P<9PMOihcmE*be<0C;ji&4y8k zV5A($N>XE7-VI__2Cbl`s-P)l`HbK4IZ`{0x?mgvP7j9dZg{HR3{?(M`90qaEXo|F zPjS}n{joaBVZq_teN32sWz3ULE4GU_>}Pa-jsMzvL3yq{IZ$Y}WNZL9fM3CufAn_C zizx)lbb3QbjS_4s0qCtzp(<(Eq5*40oz(q0ekbT zd_VLyBDn|*ea-LZl1 zvZDVUDeOaG4?PUbP?t<7ol4xMm|{po`|F;Kdn z?b5Oirt042STd>9f}GuCH)kh@keX)i2+OZ*RU(vTT#|QC-v;3)(5f=S&RoM zmtVz=LB$XE90XmUlXpN=ke5i6ggv(1x*_wco`scujPwK;vbR| zx;~OpNCr-uD|o9yteO>grEYJ7P0k=p1qFT}ZP`?qlr%d&AyjDgqJYsmit4QGSImja z7Y^QKuSj!2RqbrMq8nvTM}PMJuzYlF7moH6gLCxW8=YUdQpwrwi@n`Xn>;_~vC|*z z&~7wZPqPhC9xH)Xl!X&>HkbK3Whv1N!6bd@oOs0ZQ|7 zAKSk9Mv9QOHi6jy8f0!IowG4%{!C|BF_{oJ0Qsp^=GvzOuL!kHyM&r&#Cndi1HGp< z!i*plO=twX&ylXC&&8>Lc?``Hy0RT&C1cq&oC9ZYn*jhWwPR3R9YItzspe@GzL&vGqq+Xa~An$O3gd+D(;^cH;fBF@8{yC!J#VF|E~{Rukqn>oF%3 zP~8SCSqV&`fGLCUN5$R~G9gPH0QMj*E8t&FM<{4n50AOQY*JAy8`b(FTK`jU^zTm! zs(U`JCKEBBNLebE%mEB;zfQgU+WGaK{XL^+tdaY^7*4bGyP51wh`|w;lfOjEs+9H2$F#T!s5ng2K601( zIg+plX!LCUX9oT~v?4yPXy6@$Ah(>F1^2^{n->hs$7Pl;;q%vLt1^++&@Hh(kfdc&#sn(ZmD%A0IW<^2;60VZhWU*O#dKFM$+M5H1c-v=0 zjGbNBrTP7~0&I4nqY$|UX*ms?phYZhZz!BHW%9QAJ@d#J1 z(oh$>&N_+xw2dJQ(}ym74l{8jzTtNWVa5mn$v$C?$`GvIk~d `&X8c9ti)+(lj5 zUL8whN#EM{W2`?pL9F?L_?PyZqKW6DLp-zKPi55*L^~VjeaIGcv<`@hdQNp7NR{?Z z19xN$3wO3R$`S0m5s5U>UALFP-74Cq=0FZ;*Jr`O$L_fYxOkT%sMESdDMIh91kK|1 z2q19Nzk^kh$lB+lV0YmmD*vV)c4Ggi)yFvT8~t1013z$B=9tnvbE1p#fLUg?TU4PE z=>cK4RU1SEe`y9W#Ahm$ayr|TCN>UN$4pMux*4K#74=yHaCiX01UU=8R&V3Eoj`a! z&9zJX^E?S-AbafcKgGI#3E@2n5Q8g&Q~tp7>p_frZxpMoFHMbs*wvCuWvIbB2+XYF zJHnb5l-1OzhwdKr_t6)w4fJPM;tVIr6KC$TdN5hmUqDLx`_R3SKNBUT!$c1qcf`so$xr zDo%rs_p_?~jUbm=>ugSNL1lpepVu5>vRQ!Umxby3>V7AsTV~U$z-Jn~#|6ep=E`P_J|X8?-yaZi~T8LwDhvS(4<;&2OM9y4u%|7*Y5W z^PMg5iyYGPCe@A>bZFk?>5mFcQ1lO|;-QvWzT+|2SIjz&g5f_-B>y9|QF7zYsGbG`j-+gG79H zF!(xW#4n^g<(|=Hd)g155A6mvmk_6p!vXbwS%3fSHbH*&Bhgi@CPaJ=kkk)0W8)el z8@2{oahJip^^q(ydn8X4ghiK;LX=1B&h8th1;NGjZZe03aAGzNl7()eX-RSuKl-Ceo>kK1b-><~OVt52|tPCZ~-i-(1 zG!X|YHGl7hU)i^cClFZYer?l@-M{`DaPvRbk|mP3MTPKh1njOYRs`HT5{CU1Fi$M* zuV|E~J&e?!$`=1VU*EuK?rH9^>0Lxfkpw=ttH!&9>sLTXMZ|DT>h~0v-SE}yZ}8l| ze{hCBlCa-7W02(vam`X>ZSimJm9H`V2)HwZjL|D^#BCiOQUK2mGQbK#t)y|>+|#{VEI@4 z_m9HMe_d~i%0|yL+_yE`|?pgP&x+~gk<-9rlP+z z2nz7&c%f4TyLDAhGXw?iW2B?=`}eKAI|y%Km7MLBl&RhQXfV9mN2^|WN$Z!^dJ2Nt zPRTso`f)DZgBO$Bzj<7hQzP#+20VTcFS6P=OBzR{;=iI;_w9Qsu$2_Mr#eAruv>&{L zYv0PQ)MD;?{Qg|fA%la1Lrzn~O)oaPrd6g-4T_qZx2F1x9I_zm%YlwGH;VNc_^Uyb zm;=t)R)L&FHht9J#rFU`UXSAckgZ+HV`dKyUxRe!S%-yhILQo;!0jiqT{r_V`nTbD zOEB%R0+rtN4HqQ45wQDm9SNDrASE5Hc7&EEg6oIQxmC&)4x)yuIf2qA4{RZim9*{x zh;PfYi~8QpfGLR;SaRIRxDAbSW)TrdGZ)-ct;2?o%c0G3l3M=YY>yrH)4D;;<6+I_lAERa9^DS| zvfUB3XUg1@y3e=NYZqvw6cPF4`Y+50N_el@oqLhGvCMdOijRFk>cAh;njmZ!MNPGzrvXfQ=bcbe7fm=RbNN!&a>@US3;(PtxWJZlq-FKMSymCL>C zn{M_%U(=*C>g`JwEU0GJXDG@Y$^HU?=LaJ*>hE7HZk^<$`&sQ-hdNz>_Cnp<1K_o3 zRf_+L*8|5|&SD(+8EHolQK#rk0Bs0A?UU=IhIXcR--#d+36FMPpE8{eDjq}ctgGLI z;(Q0!4unJD=EbLyT&&59&bW)-iLV?mHy_tgAbowfkSxGpF<<95wK2vDrKx1}0m3LK7k1Oy|~`l~uJ6#=jUuy*gOit`-sfeL?k zT!cM_E9S*hvrdT-dL>u8bnbIwtdYzHqtxx=A~Ye#F7fDwd%VEy)d!QLcbu8ryvmq| zvSInhD3AW>=3=|#iHen3+7@Nx?F^Yp$j98y?{^M6-?o8jIOmt0+R6o^uJbv(nR>2h z7S0c<>{Ou<5g+uddNFfip$AaD&PIuPxVMYUe@`vq)(>cdQTDj*ip$DubWuEFc1JeU zKfHk|CcfdzsxsNuRXlf~wp%EQdPp-&X?PsY#%%5WTBBOWgG?fq$6ji3AH3{4lWW3e z4j_&t8k||G@=6D|4|`fnlraoL?L??AalU-kLc9U8!tgU$CitXsRho-uORLb8K<=!; zKAMH;SOluq=|Yv(nLMBFy@qj*nqBo~79o?RQl(r^{su^i685cYdKev_1&_=0*IQ3mM70N4sV zEs&!dWnCCgRZ$;N<2~y`DjvOBQ#%6$e*WfRvl6;&YHq}y0)|Q3?PWh)2ZNvAK5mv* z(7wK;v)Uh|u6wthwTh_Fzs>S^)8rB1gw@6ok+h8+1let#3h^@%8h@hlC}rUOxc7nElL;wNdmu2-AIUJ741x(_1_3vwH^Kt zBdqmU=eYet-m{_7I2H_KS#$jEhoX=~wLa7>uEQmv8U2zTDO3<=2#I^ekEE~L-U zH;3rP=B!7Lm%D-yU!sG(Ozgx`X~_4IDsTsu=-MGwPwM70PuG3Sd&N!zDY76{2GO$x z@(P>hUhhQ;iJO3FRJ3vgoRQwW#cqE_Xxx^195wz<}WZWWXnNyJ3dY z_03h4D@_|bD5qq(ic1Ga%oFSUvuFyazam-=FfvZX>xRp*Bj#`NPTpqJ4w}kd-AgKgIK2r zL)2S#S6h#|ie`=T9xETpOkrQUY+NAvpoKUAXBa<{i`Q;1%1XnmGm36AY7CD|Th{N0pCdbmNmHZK}=eZM%$&N&*r9zhNfxPNzmuR^qEA2y;0K-^8Kdd%;;l`!D zr0xSP_4j>+h)!0nkW^3K@2HFQb{V|7QYlqnb(!?7!OxHnU|V6Hl*j3%9kuArlS5+C z)p?z{Rke?@Wg6^$7Bs~${yE$h z!&6>exqEV<-bp#}C`;XwSdtn>TBOF1WYpZx@WzNRFuhgBPLyEWc?ZLV?~|sn62>OX#&m# z_T4ItqWr!iqT9i`PQ2O{$FEZgL!DrwxsYd5_r`E+`h;|)yRTFw9hkIqD6B&f?XioG z%ACyuMVXS4>T10=UTHD*xlRk=yakr43_}q4jRro!K>5`Dxr_3lNcnwh9b8&g(g6n^ zkQ*pt9^`41Ci7GlrML=*s6R4i=qrwOUq4eN7@AosR%R!>;QcgdQBL@|=3D&012XKf zxv33^Vy?Pa;e_rA`SV0Ojkpd#s{*Z8FNeN-d+|V20nkAUv^DtH9}l%DS-n2znF|zU z69!??B}O!>x@h&e9jvqG>ZQn;LY5A@6CuelckyLrxxy|Ota$=uixdE`o=b@eb(ZYk zjukl2YWAHh`9UG^%z_B_)e&q7VGZ}~QAy2{E;IL+1wcK3_Gy@yCWyh%K&?sx6*_o8 zl-z8RR*U~wj706*n^7o_5>lW-zWqssL?$+wgWR3*fGG8(ofwV8h-pSGZN5 zU;kcKP4gpo!1z9)y8wwSkqn3%Pt~fe9 z#74uik}3X449tv}*ActM0}j9sKlK zwE5fdONnJ6fXJrJ^r^WuOKnNe#hr?;Ln-6q7lK!#KY>X8EaW;{TaJPxN7M!T#5?! zaYpY%PWy;A;m@(UUFtW7CUxR6)FuZ z=62HWP2o*bYlTbWPtrsx-PsR5%Z32&S(Qg%vCK@@H$*4h3ykjY0$NM;VS2xflnp4c zxIM!^e^DS2vA@*kzpEbzo4~ zT9urOsxdIHJkmGhJ8`3IMSnr}%aPi!?{gd$hsQC9&e^+9Robi$sht3y9RvA{%gfA> z6G3Wii{}S+=I_#z8Qv!5LG%u?_(>UQ_INaiE74DP%qqmB(Db9N!Si!2_n}u=TGFC| zD8+s1miiK+Q1e$}t1dL|-G>Dpi0;3Dv5t4x;v08nz5IujZ#$xmJ*{Gw>Ti7oPhyIR zr*U7q1J$jKXfkf+UP39Aw#W<1QhqvDJI~SZ%NH-`8`hBdAc})_a%(y-Y1U&^^3|6~ z`=L1tjaA3&FqkM;iTo&9?1m7YI9Ax3N?}UW0W+8imuAHSdwp=?=QkI^G20r@39=xj z3+iCg?Xzh$VMW2vQ+H#06kU;8wo17ZwD?hyY|Wt-LsUHwimofP?928#p$5s}Nd261 zxrI(S*7zdF6b^K+q}(-`-C(#5%S#M@RMF(^cFT03L}izWN$7* zBMyD;rjf9`XI&)dxtf{Yt@#ZBjJ0vcSTQ&~DG=Xa|I9S2RZ`)lN$mJV)AoQ-JzA@_ zdvm^!*TR3Wn2DusI&W|{Hly7gYWCHCwQF>K;J|QmuiIbf zW~*#O1hv9!aPe}{tjhPaAR|_cMv#fuM6vUAp3LaH_3DYx%SS46rV3SZO?v~X%wKhD zVPqoZ4xr~O2Iu*~NTdpMXHR@Z8Hpl;SG@25V?;VY(@`^(k}Qcxx<>+$kL1`mI?UZy zF-ASVms{&+I5Y4MTVcnNhiVnCsWA7KS~cDjEy_On_Qr4m9^sijqFOr>WlNfGO<;)IkuOMOt+^F&D z9HglQA8h}^;>BKN-n^W^oalGBgZlIGP3Fyq;rN)R>`iGp#G>39)*%Zzs^m4euI#N( z?A!IOo1>99rHee;-6F<58|3b#Ox5=@NhN8=f;-qBdqN%*RJ;Hm@e}R30|p7u{0;bIk$zTD}Z(|&9bY(UUI&nyOs3`rH3Uc zda<^<9dtyjm0xgpb?RZ&QHQ1ro3p5yuCPzw0S+gut99y%65Xh<`wPxIx)`Am*HT42 zXw@k@Q51ZQf-7+YTH7gT-so3__*T$qhskw?fKke!`p#yg&HlsjY?fz<*rXOD3KL8M zvkR}ycvCZybKj42*_%maN;uAKn_i@uHNWaCd4+HyE+)yu?+l5rp%W8x| zl&AD|ja2R2!6gwhK5pI7>b?H`$vf6du4PpuL~@gnvwb9y`WHR+v6l&)Ea#VqUd14d zj}920K4`~v%I4go34*t?{%^02cI%Z*P_;R|d#hH*`$w?+43cz1_EKTaO)1`kJh(Te zt5SNauURY}Dv?pu+@12nH)nB=?3W;>Om78EB6fMF%XCx<4kR31*VV_zLsgdoqhBDXmwqHs56-) zsitmxJ@Tq!Rmf6eeBkjQGe<%t92U{)xRX>rWezu1&@KAm37J!0T{E~_F&N$NplOxM zp27;Mq11NL>FvY>8yyV=@yviS14ceGR1J^5IyQY-5WB^ty0yAwo?FR3B3wHWxKMWC z_WP@8^ww|A>kfw+A9;7p$vS&d7dL#mS1=$jP_8zD3t#S)qJ;Y%WqI5`qHA51{Q7!J zG&rlAJexV&SSz}@qP*}C3lgEhEW?RtwDg;LoAOc4q;;2t?&~?vY@Rt6FN|CkJ+{N( z3>|%wiSJ|(;!&(et5MB7!XEpS2kF~&=*=$iRq%IW@0Qh+KE2_8ckNWztUHZnQu*(- zE_5MPDj}_U$9|%zSAk1?KK%OZ4Kk0zq`-MX6f&pWniiQ>H@zD|MYk{NS5@_N)V9yZ zqNQ^oUpLxE>(0C+-mvOT&Y8Ghu*wI0?1~fq_OIL9vb8xwW#T*fb`TjW(JyG8$5c| zDW_3O1l3*4{wzjFFt^4|YoZBKl@m$84&u;vU#$?q-c9wj2Fr4v@y=1zQ>>58PiZS` zu3;{=lEKM6wf(e_`*C_~ZmYQ!iJ`0YRR_yDQFYv_KFHNOM(=Q?jO*WyIgnJ&)8EUbjiGftMLkitg=vw~y}QXszwbi-Sq(_M96VVzanc#zbEa6V3UT`EBBlRN*uO(cbAXS|{C7 zD<&*yBz{6)?NE`qKKD4#t`>b|Ok8>+lz7i#q?8`X82ye47heFOBJ# zuTv!zh(kQGURez;r)?8{s}lsGKx!yH{Z(u8O?fW02Ln(yNpyWk{5KQ_;WSt_(T*)e z)wF87#hE@ADK#PrkWcjlZqeEV(1kF@QR{x%#~)TYHkr8m^(jTUw=?dIK^(qim4f+j@(E@2gui%xz-%(W zWn~U-P)|9~DBe6N=YDPQFp)=bU~K5fDp)zv&Y+|wLShm(63p2d0}gg)>ig1-?HO9V zOO0*_^{*D#ShIa19dR~1acs4+W-!R;y3qqsmy6pnzg^W0M9CuT6gb4HqnWNc9%_<&S(`Xs8 zvm5y7NPG3u&?^Aj#{GhrkzJ2wn@7<0b5l~YRbRoG_#r@0Cvj76($U+%gbIp?7Qwji z>gc@jW!=o|1bVvEs~XJwbWrsv*H!xLdp}R?@06po!=Cd_YX~>B&(B#gv83eUa{;~A z_a-lR`;AEr_97(O@iOl&Ch7G02BYSPdg?R5PJ~mU3X>PELgyI-_lL&!Q|-3RrV=G& zBh*?8R(Q8h=X$R}K4Vt+E)vy0UaXM2elYn+&WRVf5m!GaaYE$MPjYM#8VbiLMKFTP@VpYJ54f zU06G%in>-I4_%yUwj{2!T+{JG3bH|`5eD_qoP3)Yrj{>GdezsVsafA5{_Y1$Pm4Ly z1#`)r+-Y43-4m3gFjD>Twp?G9OY4V>PKV*#X>=9VbvWEf{T8?80V0jIk*6|Id3XDZ z)S2GZpqW*@g#Kend_ z2KG%pyh2M~U%!3*`W5ELefC3dEaLlt*Q5Y-^0m7Iz2-lo$e+jH-^UFZybKlQ3Ao$H z4HB0H1Y6s6v@H7rUJahpZ@^uy*AV!ghI0Y1@IE>5ZPkB!p1=Q0QD~p7U=xiWP5ofp zhr6?}sl(gL*c?^q;G?(y2z0_Up*C+u|K;zm{mX&+a~#CR_u29{(U6@FNX?U#F&~(^ zak|j8->iSTh3|lw5AD&5G(W^re`VGDWy618C4c^pC-<4K#}HYwNY5qZ-4d_mPhmEA zDe?6DGvW@O!)#~Ho_-L39W>S;RKZlH0`VLC7B76Jd_WfqgOg;k$1yAhv>Y_ zv93q=S4P^bTC9bTR*ql9KuF~2YVv2w+o%qqrTLiq{I^l=B=vkj!n19BGxw^ljx06*EO~G$JsW4QVYvwUm}>g)x0B{Q%Y7!BnT*cR z_26sWQH7u(N7x8TSGk@yiDe(TN^STRn;8i__GZgDD5+RkyoZ9+9BGb3Rebn%*h2v8`k@+qY9W?&66t#{aD6Vamid0f>6as)N zN@pCmd>{#)9egB;f%Mvw-^kc}Ckx{r!YT2a=UG5XZhK0p{>priH(g~;^@5CB7d6PVu!!8QluiJuh_4J@1+y!EKA154WEvb;?K)bX(L%mBN*9*(_>9Jpe_wk)e*1{zvv!zLHjjJ$`tKZrg;?B-LkT6n(B-w5 z#*~QJ)h0MD997KA_`a*2kS>wMoY3{I5b=Q|1@=RK7vvf}5f?PI;461UoOt61fSChA zZn~k<^*PpL!GwptEAPrbjGGZ42 zOWts69d9>yc%zF}CWuBKTHmD4lNMVKTY<4fAtDEY9#p2os|^BQp;}l37nUa2F*S3> zT5iGgeWc>jHj#@sn_p8SfiR`Nf@H{UPQ_|`Cu$zic_4+x9;k0lXhv-=7gt*%J%K4H zDZ{l+MwN|IaYf~sVcA!#feupy?0PL(*$15HssX?z^bo5Y2Ixnc6F7l1O6nbLD}b3P z$DmAPrZ>L`RGR{2As?`YaP#vjB*`Q^4aH|%9_uj=-bqu>jX|8Hu_DkxC>u!CZyve+ zUPxLM6LJ^GD$DN;5!O%|0cB?cDs2pD~LwpN14rlIb=|?0knZy+jc4z?n~} zJU~sEhOL4JEgf7gw;>FS%|=%b;kt8UZ6k-A$4JXRd68Vt7HA0ca)x@g+|w79TL^WZ z3%Y*!IG9}7^A>`cUg+T&elEA9q^AX{!LGpOKAN)eu)SSb)TFmFnCcqOIgl1nuc9XB zp)^>8gtD^2oqgln?h7OwY;0`B5nwOS2UKqpdj8GgsBd{*%MM_9)CJlx8{0l+gA#ef z=R)Jg2}*|joE-^LB*g>w_UyHQ{*2>Y@dse*IW(eck#f8$MHfmK0cXR4;pnp{Nc#&$ z^^YgdGosHHVM;==@=x>meP{|lfPC>4+zZ8AG{Dc6Mmn)oLfbdQoXD(5cxQ95Eia0E z)A{p5nd>Y9XbN_e`2)>Rue)GWb-sTc>jP-?GcLWp>0HxO`N2ujM+a9w#u4}fNymXxB?gQ{m!s$0 z8euK$g=R91U*Vi_k{g1Eo$EbKj&!!J83VhfKS7{oE8q&2z{GER33{4hox9`VZ3$DF zhD-e?i-GmfF=kUwsot}-GCVh=&|eKI4yn1B{a~MU5)nj3L&Ln~RMD-s3SSUcfHWRt zZArfk_>Xn;-!AJ<9t4*d3_C?`AGw{y$6XE|g!&0Rl&IkjXkj?z5L|)C0J`>2 zW^B|lZO>QN7EefxyarZIsZljP+qxHN)FR4bEAGMBu0xzw2#I-SfH3Tn1Du!GU$27eNiX2Eb6<>Ax;ewX z_>+;YvoF{rmldmhRLE9iPfJ?>id&;9*@}t-1rJK@X%z?o8d@$dUe_wJc&6ou$6>q5 z9LxpEd0_p7)P9%F%y&fzgG|B^sBs$~Y;%b<9l>{o6ft;OU!I9N7ke0v^Eh@m=hS?U zPyhKE|Hp&YQxS=3`g-m48~Tpi>U7K~tOjMC`9}vnH)uv$qQ5oI$!E4&OD0+XvO|+| z>}Irx5Y%Ce_}MX#OSV-Q?(OZGgB^P2SZabA16JNaqjMb%5$#|SR1G!3GI0j_6298{ zv|rSwqmzAXrD~K4=~oK)G58opn?m?kAxXqZlQ3RK;FW%v~zmm;=M)N zxoL#2;q)#$U)Y&OMPHlnDNd870>mPgVC6QFl~jwY8s#@4gj=T+VzjNIW8JnP>3$2=@g{bFrY z(ImKk(~jQAf4n>ly(st|h&Leh9N%3X?hO^& z8SrJX#<7)5yf)Rz^RS!;)T3YHlj$o<<$K8>bhZ!7mA55MNS9d9WwMg5fDP!o0pZ&q z`d4V28XTPovt*4)*458*FH#vQz5O;}!jK0s|y*dT6`2h63Eutq;Z`l!NNlaTMvfg`a@Z{%tc`6vSQ zK13RXq+fp1eWd8?*`!;D{InR{M{=EAD0C8%Yd|8+YUbN}Qkxn;WrRgnJykLbu1R`^Sd-9kY0#`)Xf-g1N_4p3d5Rf? z6nv-kT{kqEe9UnBCy@%tT;ejt;DvP7|G=B=N_qqGDiFljZ_LRv%;t4lvY6+V>J)1STJ1XA4)DjK&--Ap(;!Br`%@94lPFIVd{vKUu!3(|r^sKebgKQ!G zLqR-LYFB_?3{Hp~dV^CywUIo#yf*6y?Ej5)-F?P$rx+trmQv5+l1+ria2WW+*wvF} zxj@icdb)EDG!4^|R49lZzVY6>6uXvrA1MR9bZ%{O1lnXeK((?%C$kg<-f5zOj17Az zBjtsBt*Z7w=Hh1JpSf~p^JW{@4q?-+6cUiEr2M@{l#xARF5h!BZIW#gL*`*U?>jD~ z!$u@?Q(0tVLRGs4wlJq|Y z;J<(2#1yhAE=jR1xoGpr*~KyYRp^g5in6&-uKo4&;$Ji&%T};!XB24zHkYbt?0wcv zzS&Pz%g!4qU66y&Y&>-sDf?y@9@qh=l84mz+diuHZ<73U0L*+$C7c&!>WJ{kG9Snr zl6*WruM6@7te2qJu{mSjXZ{}Vf@h$Jdt1|ar}edvJnG{0UCdi2+2Hfhhfn~N4K z>b)9QR@F8_9BPR{Vh`mz?rod9C`bWk-I1wU0Hq3M}y3;*9|mJH!~# zH7gg&@;2x}ZZb>I#+#}8Ix63|#NmQ!Psk*Mz|KgOSvH%+Q7Yc4sZRf*Yb*w&Y*&9B zx6ozYn8{SDonl@Kmt$(&@5+*W9`H6qNqnU5-`7&@pX1fcd<2@NF(o;g3n!uC_Betj z{h-eE`}ZdG=eJ!P2*x>Ayv1%Xo0Tc~A~!fDRo&8BLy zgt9rn7~{dTgQN!L!<~Q(<#d(r+-H9KXr%gZs5;|+)OY^>UF1CWKtLnHy+LSta|;n4 z009m)=z(Ji@~k)Ws}S+b3J|8Wc88ZSfrB{z!-o&i{i3K-05SR?5Tjjm-~FRNT60K6 zU+I%ieLdyGeI@qER)fXgHHxgQ;5civz(Il1khv^%@AE*AhRC`pGfevLPnN&G1zc59 z_8$?&Mm31I>y?y_QV4a-<27mC?Egtf9(+k?Kjm{8=kTJ2V497Wz@Z3GgFw0M(%&Y%oIu34Bao9(~e@Ujf(Kc zPR>92t^O<+BQkDIbLOK7%>8D1b%HYVpN(}59GJ|HM_>nkM)Ge*pC@c6M~hlf(; z6@vdXcwLCW9<);2KkTK@?tKyznH}i&;{5js-}?%)BnQ{;-@ktSIxZR3J~vkOn}<`^ zlwLFV<4a6Ap-Ot|Cg-BE`d4-1S{+B0)!T=67wltK2X~|Ghv(OwV=LN+EnKrf&ZEX8 zQ`nq3>Y2x}Q`E$1sZ)|PhL#tw$^ZGQ z^83eVXs;hX@&jZE#Txs}K5U)+JrMjEy%SiZF8ucQ$o?7IKM(#N2K9*YqF5vU%g=<& ze?AaTj!kX2P_ISX_8&g@&pUd&dT@+pys?c+|L+hk%b&vM3{F{~<~-^XVyT~nKKX%uIW zS-`?3`MaR_474z$!1KK{e-`*ZKg0Ab3<33Z^unL-`{oOiu%VX}YIwvUd}fD*XuaT}{gcZ) z($nNP6Zua9LqaSiJz%l=u52G%(1 z5gq=Y84|O>hZ!f|R^ubeJV!dorVl4;?%$35uixzd{8aK7O~R`mSpUqtB8=(X)wvru zi&&(B#~*#U^A<1NW~)T@sW;Vs-cHC0w($BEiOzq1ncB{h)` z|C!DIGlqZhF(rOieAd1zcwx)S!*f8SUv4NAtCx z5L=vYvHfc^Gnz1tU8Z>$#UhUmUoW93`WMN-xm74Uz5u0J%hW|k5nKdR?VQohE@g)d zd`|T_rt^7^;dbf+a_tV^99WO$-o)l%A`9Ejll++-k4o6rxm9_UBwm4Ve{og=Ag=}_ zh61NlMfK>#uPZ%WjMv+I){#i+!tdt{MtwngzU0UGS` z@GAX-s7rLR(Gj|ETX9A&$#LgeNggy-bv06L`~E#d|16U731{)ft(We5w9v$WnBr?O z;P*U8;w(}ZZ0PwVxg#yO;VEZ{#;xVE#@^(VZX)d+n^kCiHKWp0CgfOk4(1;(NqqfC+1)6c%eBHJ_mZBeh3N#5MLY3}`e(*lZn4f2VPiJW? zIIXPq>Tm*Bmy0C-tM9=g4V9C&kdpKYjA7K-I{AC^RlrU($euKHaK`84{UzSm*XXJH zFE+;iYdivXAo!4|mkqnV_j_GDL=ZQH$Ju}VB29wlMLC#;Uq48WV(lKXaG<^j$yGGM zcK^L-@py#rln_{gED+$ zHN#hTB(?Tl;KPVKtgpdP$?Y@u`DqO;4Shp$U!AQwlDRzbhuOb))o^cU8BLNT6WI}x z4VhkSri>hkr@+dhf^NAn?2w=18=RKn@yJH6r;ma-6%G!|r-yJWmyBT7lPEa3^xJQX z{g=e>Lcyg=)J4JEHA%;227Tn;Q-nJ*z@nqByhzFE`I8a-_`o;xSf~$xB5_&BOlrLJ@G-vl-gG z%BO{wvB@oS#BaIQjl#2V2tKq#aL^9)%RiUvhnd|bTbOHry#C0~xWhgAKuTc&%ffzR z1St|Pd*t5@jf*a+s2hd-1lGgN!z&xqcsgZ2fq3hio>j_t_vsEaX7C2-J0=`J<9e@5 zT*Fly>p-413Y~M#xpErV0tjUET-oihrsT?{X6PAaq$TuD{CFJ>!os0s zE75jYEU2M-XZhM&-cYxR?g`D@wGGz7QICA?%(;I|)w&@6YrKBr)7 zGcDvhMjC`Z)Sm7RjKmgD-If&8o2NJgv+>%jSa#EcY9gCsJ`e|<6+N1#3KZ+bA-$eg zw)mx?`g4Tc%{Qm3arC;0!dp)nqjG~oRzNla&ryV3SV(YA`Ahs@u+w&3PW@wPFI>LC zZ{=j+23#}=bUoKUg?_gV#DvKk1EU59*`#z+o%E@P)9wfKho{z&o-adhg|TVeA&ci_ z1RPlHCXif=mJ;%MqPsCJ z#Byz-hkMM-+M!~$Z?#chQ5;=auL#~Z-EBd{-i)Vrrfa%nBM4-(;NVo>`E>FFzf2_O zb%rdY1aeBY>`s(?1YmFJmpJcFn0+|Cc=tx`#}0dpS@Ps_X>8)_PuN%694omHz1$}B z5{Sq2XT8Sc-rJ~!aNyM#MEYx-;9@GG%RD=K0wn4oyO5+e>Ww*G_(Qym%e>c&3sZq9 zqQA&VMjCvy_(M8=-a8O5_H#w;uB_)sr(KDizRS0J6TMZtMmR^BB_L7XpKs#3Yus{9 zE;wqH^ot#vD3yw~r39Q!ubp_98yIQErP(Sjfs=UWN-yR|Gy;wHj8@ob63}-U7(C)p z_^(siM5Nq6JkA#)XrBBkC=d6d+WT=f@*7(j{^7kJ#n21c_`_$%@^Ok$5NK%=Y0cQx zQA!yR-5bU8+{+oFsgo%q!>|Ss?A$v=y$W8?NMF>=U*qa=@72=Y3f8h@?t7-&NQP(^ z5fGZv|IXb)8_a*z6|A6TVOB9@1A74qpJ}f^2bsu}U(h3~acS4Rz8>e&6Wyy_lOv(!8$HFzOBi&B8K%IQMXu2DS5BY|vXxy;32faO>g$ah9owar7Hxo59O@(+J z9XjwjZ|xmzG0yUhDN2ZB-e^ifa1+5^v+e<>E9CUs+uT>*jTl;;+~1m!5+%E)wRVOk zA^FSABSmv<5X}`Yq51;_$>at?XLMwG z{YW9sDEw99L;YKkNH_D{@+TYP1@6EGd8!6w!}+=dgma<&oDS7*Dp1~mm`VASSCIk^ z=4v3{lyAQ~?f9x37=kq*p7hF3(5hFeys9 zM4aZTcik8jgbFl`%t4x#R7K0KZXwT2M?=t=6=XL0c^0QqDBfLiJdaok8bP+I9+$)A z&s?x#HDAn{Ff<_P9nMG318R+|^CM6zWW0-66j5 zE9)nQqu~l6;IBms!+cfStv?f}_8E$bKx2v69-yKYNAXz%7#Aiu$bMXGpp&*wiJ4ZpqFH<3R^kRm5NAKJnRVY@AI z0y5e6p7O$6{|OtI)KFFMs=3MSNXT|vU9}HM>}9>n?gTNOaop3MRB( z_3F#t;an^sa)sDzjUbA>!sCv%8fkrh8%h(mmTyXV)^ ztY58d^1jlI`ZHxUc02(yNt7i+za-;f1dS28vZkwI<)Vhz5)ShdQ~C(2q~u}*N3kY_+(T54-jcSicO=$hFqASRE##aw@@#VHfb zZ}-0eX?7$VksL8e$M)y5A|blVcWB0eSV^U#VV1}ogvd7ZfzI!*wH-p6Wl&B(KVV&E zg@Wh+q*$L3RB5l}U8%Wg7e01<-Y%_8w^&E~X7i!2T)QSjoW65wZg*IW>6 zIXm=gTV9GHY`Jd>2wOsTwfuf>j%H+YJYIUud!+aX|Jmnqnr{G$AUuyzZ;$U^mNWUR zyO>5HTyU1HB=HUeCEUkqZtLAOz(RWG_F)@NC8j~)yK!>i402N-UDsBN7TEkyjReEU zjiP(<%($p-X3RO!tuJ`So9pVvgd6)1=-^RpH%gHW_P+#aXP$+pv#_w7=4VTVtr}_uUY!;-YI?&CI`aYdYvj?ad5u?bdpoGuD%KP(^I2=5 z)Z=pYzTlxlG)DQ5^^QgE%gK46wf`?7@~`7^$x|Mc7dhwhTNUG|05Kzt@o557Z9c|^~Db@5Ry~Lf;h(>VJ9L*(+7MpPp??c9j&}m&yCAd9`;^)Dl`#t zi<9Hy?bpy-#C&7cbm+IVAc%BF;+&f-y8UM7T0yN30WW%QoT`0!o+}7cc5RCfcIIoU zKs?Rq6)BZ*Scv>eA2em*TWtM(OHd%qCvj<`GLFn~#P zTGcy_1lmAw9^rTj44U6YcNY*F3f6qTHBr3YsMjkAlcT zYiDVfg0%PbaJ8$0aMo?}EJiTseOP2qA=go2xHth>w|D)zfVMtIIl2O8F>mCToPHHB zM%i|)4u4-K;fjhu8%u55_i8&%T3>&LsHr~|6lsBo5MJvoHdpKW+SmRsPrV_elfg2Q zknBff{Nk|rTQkS1fa*Ct+v!kMGlm4$kK$-l`Ju0ehNpJoDBL?u)E;@9Zjt^S!8*T& zNr-JxAvp3RB*T^p#-|wv;D89E#L9EP-*|!eOeN|)KQ!Lp{1WTs%?Eu163dW657${~ z-E%+*HSrY2-ulEf213DIw%VfQDYkQ6sgcFY6QOd}Imttm1zhh*yq$3nCG;&QN~J(b zCERZcszzXxLZIxT zY3db#8UFPa`ENfB1QAzKsTU!3*2F=`otu#B!uj)FKzJ!oV3_d^EEF7r*N^j~E3h9Y zhl&arZZ-M?%!QOTYVn;3Xg_plkQ&=Gr zc7CF!=S`F+r}%c8#u$n6LQ)j3Hhc}GH;L=Fz9GhpB#~zHVH{=rt1pnd`ccrwM_xz@ z%2%RZrAhx)NG{Q4pEvT#9>a*wDEbxJb!4A$!Xx$~XC?mBLUmDBF-eWTG;>Fe;_%vR zXN`7yFkXUAf`~wD2J8->b{dO@&&VBzOP4Zky0uoG&HKL&&-rA)l=j~Yd?W&lOw1l$ z<{ek{nIpc-u@jjWXRv7!PQ6Hd_0tw~5Vno5NdsE)z6K+AE;7Rh2h@h=zlg91W8wcv zgvQ$-pzXU1y7x!AzQMGVNFp~l`yi#bGqu5iZc!`O$dQ3!L!@;5QStes%s7IViVeWF zDGbUIy@Ch^>E*ZbHWTauxzHDCqdtie$TI#8Q{qElH%c&TAyNL(7845|d*L{x?B6J7 z9|6j%Ci!Q7ujvs6cU}};q^3Or|L^w+-+~9U8(zo$o5uK$#t?WJ*#|Nz_!s{iv7Z|O zF0z}LzQ}RZmv}-BLl_D-s3rM>lCt9gfEw-l6PxVM|NrAed`m!1dDHsW%zuYqi-hi1 zlvW6j`hXGS0geZu&VL>thNP+sy>Ob3Xe7t6x{$QOnQQ+=l=#UA@AT%>5u*-B(gNkc zAlYvWx%$GY#rqhZB;R7CIr9^XCJQJosiIQIAOblIMHyA2r+TjARaC zn`8<8q+ReY>%ijrzGbUC>H~IO!2{4O4jq3thH0o+Ha6)%?K7^UPsLrB3Q!3n`a2c9 z$W*Lfp>sRxRFufUR1BKPzW6&8Sx9owB0u=WQC~um85WP0*W$(HKSOvlfp95){qlku z)uUNdX$(w*b-Vc3->iK^02ox;oxW2?J!NMIVd8hMCETO?I}3#H0MzrV=>NDM|M`O- zFl}qx{Qn$h@yI!UUuf{Cn^G(u7e+Af%;zuBK&%QmHL`EYl^*Fn1*52uf@S!bTW9ij zPqo7&_Svi7e||L2cI?DzGz{4(_Vn$)lm1N@nFBeUi;73IC9xtT_0Mwij?mvRgIYW! z#zL@fAC-;t%>ce~L(S*)l|Ntk*%oGjKl;fEat0j5M}Lb$9$-=#YW{Z?G~xe+-nddn z`#AUlC3pw5TJ`DQ})X-+%0s1gwI4;*UrYoeLv3mxJ~0ZRO#}VU<~x1N5smn6vdV`JWa4XGg<4 z{EL5ngZ?0#C@GPP(tjuS1;U!TZCIlfkUTy^hqQ>7fSN3&mmIM z>#wP-{-Zpq0DF%C_LpWnbGmeYbc5Zr5fVL%KU*a;6sHU2s zj?;EnPHk ziM{qQWF<=~?gG8GFptoFhnTc_+2;s+)WFln5#?JaSW0R*|Jsu-GRbeFV?*0UFLCNT zX>Va4pPgR)tn&g#roO(8UU%@x;|S5E*r20@WgZ9A-|Qvo?QNVGqTSoa^}15zttNkb z{w(%%vnjxPGrK}YbII=1pVgl+g5BwI(=nivH(H{eyVfi}7B_ih>mmP4g@xDYdRjx7 z?T=MZVoVt{NJ)#hS0Jc&*7e;?fI*hotC3KWcs8_*-EmAI{1`f8G@t-2k`Cy}iItfdSH z6gTRS?V=3{Q{htPjS3>|^+Y^@nfUmX2n3(jgHG-d^w>&H4@=aHBaNy7a1@!~KVMe` zydb`4=(!bHIR0*A&p5*UVB7Z!m6I*PPy%HTQOnZVBt5uF&%KCydg3_NC)r0(A2y0) zDUrPLWxn9-+ydDgQSG%iAuC%<%XoZkPm|1KS$XZWp1N)XByNCs72J2f#=b|n0gC#(k&ClaG|xM;Zo;|GX+!X1Ox-+-_W|KUp+P9Tj(lp>t*nZRq)z)l z-k*Gdch?Tdm_pgmW=R3m>4;?HH8F16xIYGMd~YbxVXIp6W^<)shL_y75&V9v#Y zBvO{!pWnMUIqGqi5)1Cyk5%GiVgz_zl*A^>L1m_%-}UgEiMNzthX?{vL!_$pih?I6 z$@y-3BAug>RDn4ZrUvh+hd!>DV~*;EXN9_nl7v5M3vRTmdd79 z0A>{kvxZa%#~s|^Ttl^`=z@#E?s5?#1?@5pfHnuhK(Wxm1v6--()7X0R7 z)o#FN1eyN{3L9Pb*S1#1YgDUtx|2}uNUjt>Fvjv_w`Cj+HOMU5LdB}ldeE>z_s*&iyGH$O0f7|NA!_I=Uf9=8SwWWhkrd%yd#mjx%ZEi3i&mqMbTGXvh|0iY z6zwe=L-M!oBr&dAHB{F3y5iA2h@LQuih|}7Zz2_}<);mTdDt#7d|ZrWjI=zfX(0n<$!ZVW-egG35;fAzrXXg6Rh71PE1U%HUYsPFFG~jb_-s zlf!a^K`=IwTN_qgUvHWg*(@pCF*Y*$zEwCZZ;lhu58YO3ZX`$Ri@GeO)R}^UgRTly zdixF}MSbE9){@l)0H&JGIQ(w!M>%z>-+snZUe^hxw{_T!(csSF@q(LHfj{KjcNBZ- zf1z74?ZeK7;S^|gi;$*~`nv;OESe{hKNc^L-u6^BW~&lJl-n` zXU}$wAvt5RvEdYZ2MJBj|$wXI}ld!CyHt)_{l z=A~DrVZJ*A?g4;|#t#N5ZA-1v?iCrUwT;lYy=zo_Du;4cr%NUGe}u{k+{n*z@<-CZ zj*L~^IwgQ6dhXl=cSp7Aa-bcj8%Uo<%R`scN*=C@c5)9`Wu=baKHFWw_;zt^`Pa4j z>Q2HbD43?|n{O{tI&hoMF2ZYZo$_X`5SVkEo02ve=Kh&$z(&=#lp=kGwZcMDE@!sz zcCCakKDp3IB++wLKe5N^JAEY*COAhun=_i5iftPc_jB3Vew(+^F{wyN_4H9se$7rY zdl#=_L=3llG&eqZ)wb@X@bk5PNwQ}+eD z;D7CWzcvVPDa&>7=$9fpGl4NHTifmK!>_6GGD@#4VZPy$tjaYoNSOAwGn_E}xeR0w zyHu*U{RI>9g;-cDZ`AlREzb)6{+RyxsbBcsk+^2R2E(!#Y?%%9NR)l&`d60roGwj9 zc83QuN)5*`P@8?-w^a)kEJAf@##J&1HSRAZZ7NXC(!{2;1$n07IxTH)t@5k);cHxy z<#QnMraI{kJBn;@<>ZNd$@sLajrNEbzHvhDhV6V4w*f>$?WEmnhAL}xKZk7br46bv z{TB*+kI5aK&52|74gkaCd$c^sFx8kA>x>Zd!rdz&W-{v zL$h$L6GCnjDC`KbPMO=1(@RP(K0bM(;x;vFcykl_QasOtaQEf9y2J;IMFuqIP7K(E zm&uPjSoay;h5~9e)KD+e9Ia!=?OaFV*tvTZ%|O)|xp4d9J$lc}cIdj(+3HcqLXzU2b47T)6#&Q*`V^Xv;_%%Cg}^O@foG*nV6wK0TYXQM>9Tb=dI;Z7w_Khf=QZskFZRL?E}&MsebBZ(4L!NEHp;vOBF#U%@=)slGCF@H6zJuE_k9 z_=j4hk6T58WZr%|i;D{@zT{_6{8PG-FXScaUmossc=#H(#xkV}uXib)y#N9y3v5{v zRySmL*m?X6md4G4!v|k-H%FcSbl?B@?yGRYT43SMI3fr__NgajA@UT84j~y@y6~X-Qsk3oZ99QO8kF2$mLuo2+GU+t(2^BcQgn}H7L%$5kO$D% z)A$dI)|awht$8ZHo>Grx`9oysN_Xxzp>#A6=Y7M`dCm5Z3+3?e?Yh3Z4gPGD4m2JJ zKU3^PN}i~wdg7`v-O^Ze1sk+E%O6a8Ksmdge&?Z`Nv#JY4s-Ps?k%@;sR_q_4J%e$ z6B{(M5ewC+WWjeVk&Yoc2rk>1Smv<6fn9{Xn8EVC*mYWP9xr9{uB6v} zUy{Wg+0J5!H0%2KT~e!nmyEj`{Z@s3TygD zC(@i)4Bu?Y1*kO7l?z0VXXR|$UvXq^kJ)lgv<$pfG+6C7N1eXw@5RXSv|Cvv0C*BM zeGP=5-*x2F zjN2|WrnJ4Xq3n2^4q@|S3sjT9PlpB5Up(lgLW_$Qwtf6i_#2XIzFDi{9cY%U z6`Hk@e~nZXm*Iwc!Mv;>U69H5;PjRJx1Ri_1gVXt&zsc}s~fGE@z4rdMmir9NFQ|V zx)5CYC>e@XFCistqfwC|)Ojq$>xBrL;-&*yx;%v<#6NaiU`bGqo@ftvl2uLBcePbyj$RY9&yQYTl;`$iGh+5plT`X|g)G4?5^ zag^)j^0s2$uCadCfA%E#Z1*_2g?C8#VQ7~5a$}vCzl5|ilU9GtN26YIh=gOA?hhf<(L=VfB z{IA{^^`#@7G%-hLEkYIMiXZE@dM^$oS$B@0J4Df}6{Cf8IzeT%OsOmFK}~3R4Fx{s zs{Lz*jC~JDSIY3Ek1af4H0*N8Pg$HFn$a5Hs|;kU0AkDiy(Q%n8`e?167>irQC&M> z>yt%Bc2rVgnvNMCb4jPm_qhh8ha8vOrAh~`(j<&6j9lM|!b%eH$eVsRejKf8F;W=1 z3>MF|F_}YgvF8z$ZiPOMU^6DyXsLKu_!M`ni9=~HS|%ql1cY7`RzZ+sda+q$#H!M5 zC_^{Rc7N<~V$HkVvA&9+>xot-{hex|az!M!3s=vlj?C|OmYj-pkSX=M19`TVxHQL# z`fk_KQYY2~=KYGN+T_+BjqVvxEJi?Si4KpEv2^GR$q1MIkEMoK(w}7<=%uxJGL$~| z#RLi)mlS(Jk~c=Ld7d&GAnjf_(>=2+PUn_%<|;}^J}8fP?P4wa`Mht49bD+z8C`J$ zAN__f;@uDo*Q7U-wb?6>Pjs*Avl*WZRmX_Y*XcChTaBikY38(Mxi4(E3OZBC?``vU zcn3yd6^0GfYYPrsB7J~LEK5zz$1Ktjm6}Z&3zVdDn=80M+-$=Tw{cIr{j)pW2N`PB zhTzTofwq0?J1SXEETtM#!m`lM(utrdgn_{ow-nW3+N%~<`60%s!{chcu2NC|kGBhZ z3nrrThDy_=y6CgGiS!f;f~zfD_Nb^qS-ZR$tG-JcAzBcLaaN_=LF)M$j6ni!7rq4cvTa?fNdm{7R2p z2FAMY!AXB&%Te#z7p;MF_%1#B$ANqF)MaP8~auli5Q4+T!2!s1!qM$5Kx@yZym6tke3ZE{&S3WGQLxcS-OOZ>> zB~vg8zOqqne_xC#;~gr;q8Wd*Q(2+Soy603r-G>!le_NvrROf)BZpE<8JTqNbJ~LI z>#B5yN@Yqo_nHH(O5=HxVkZUaH=X9zq$iX8)|z%s_c$tRSROB`tMdwE9Ct>4iWu$~ zYU5J6W~f9lwTn+&C~Cg)YF#+j3F z@auq?VvE+}(<77zyL(Jl4elEY(>3Gyu~|>5CZnW%+biq~?hD?kDEV6w!oEp&f!j+_ z_U83NZ4?0$Cg;l;a_+%k&jA`0GTdIw_C?X_7suwlwU}jmu7t@TWlBp;j?MImd z*g~t-&7*?TLl;qhQA=N*o1MnOWEJN8 z7S6~{{(Hm-+A~OA@E#O3h{jG?6i>XCmRR`YgOL9%p=|@H@1Xu;g0tVMp#fq{Nq}du z`rt4ygL$@M_*2)p&}V3Bzcvk8U-I)txVeWhvA6ZqemY2NJtRcP)q_!(CiBoH%kq_a z($L~EsTU`S)%QRiq%LRJdET2}>@qZEk13Ou)3}%Y>%q!vbx2s(Xb%4hr`}Y#&?TZ0 zYYF#qy}@ETTybq+s;Y121lW;$!*@K$jq?m{5-m_qe()}QC?Mu=L8}3WwV1lrBNU(h z-RiF0!)vt^UpUK}Ou|AL1woh!h1BWYlJBRy6#0~9iJH*5a(fE@^g@3={#hE%%BF;s z@dmud1m0dWvLS{C2q#S3=&n;P%*2Jffu+;JWl$7hz9A#^%Ce`Duj*3e5)aqh_{=s2 zDI)@o2-z?YmQ0N9E=7gOFK;4DJAC@3d}+I14AD4Dr(iKyLl8@{7U zv-|vn@UoNK3s2>Ko-o4n`41s%mLOhVGE}@Pf0DeLg%OWadGd>>eVWB3D!X99`~CL0 z81r;*$I8{12lM$tSHJqj>V|P}+3|f9cL<9;8z#=R?A%)>amDuh{cKWDVL#mI9ca%G zc|kbYZ?hgSZa$Y`-R1o$_WQE&y4{jpE8(Q)Fdt_cZC5WJ*BgPly^urX{v)9^L_vuk zXRYv$7651)W(o70@{f8+Pu7fQSAhi9D&-(>s8Ma;+0 zvik25NHgn+PfJx;w9E)6yS}>N%$DeoP?GLqnP|N-sXnPVDY5*xqKJsE09%Q7ZOOWK zM)*e0MtPmbbjATsVdmCus+=3+Z&);x!SKA@I@)uU-;`o(!WPZqKb&9wm5uvm>TYGg zhu-)nk@9FvM4)y+b=rb@hfRTtf{#ND=OMoY)Vz(cKA~CCk9JCaoKYwn`5nJ_*xfn% zwukNu=y0fRRh-2eKBrDv;n-c6WpFTZxa&?MTkch?c3n`VWE+%4uZ&4}F7zwJC^x*R zlU|(Ox;N5-Q?SyFe$a{_J^1uHdChi@)7~$-w%wdITrcgm=uz>PsK*x-jC3X%s}8{z zZHQTqM36x7O$YJC9)!a_FKWi@l9JTTukkdqRB?nBopy8nZ2jr`xQlqJT*7Hq38cq)yS>co*aN+Os37{Qt&vH5+0{-c+05o&iRV&>Ag77-x7?W?2&s>9r<(7#$C`L zkvDe7(OI{_+a+@7gF9o9GwZmQn#$P}3N}LTz){eGw0%XGB_5xQ)#s`oQ<<`JW@GPd z1<5I?eXjoQ-8=0mm`>+5?!$;eTpqd)9Gn#-A9ASklS}VPj&u0OEpr+2ojXXCeK>?q z65(AOYUvr2=6uIZYo7&x*8XD8`jI!h>t@`AA2uuM%@(xjUS_f-mEK&s{mwg4q@p!3 z%|;MvS%fY)pEV7w=$?wMBeY*pA$^cQ4p-HN4=q% zGfBM=9B?_GgLr*t?~3K#gsBQ1W*?&p%BvSbvA*UR%@0{IlpTe2QNqYLF`Y<_tkm`Wi<4YPw2HmK3s&!^Ys%}&e zj&0twjFIMce@lu?+Co!ieWJ3p(vngzv%50o1t6rg=z5O_#nJ|`SVZS8amDN;o7^3j zbI!Ji7H@x9Zy!*<^Z|>>^op9~c>kSo{0*737#d#Z$}q~Hw-$qyjUN})a(naBT;(wn zD&uQCbT@u^TF|}|8@$I$uGw|D4rKN`htEb8y-IbiOjAfizuuANB%5bHOdI^v!4@V; zHuAmrQ{dbWsK8(q+&tutHCq*1382~*dbThVS#Xevp5NEs@5(c|yU`Sg=^3L>uw!U_ z_cdiCe$y<{kNkocQXAC2SS-dkZ;-Ya(sRREs^QM#e*PE?iE-NSdLCgFbx8Mn0o548 zecb)}K$#O!w;l?oqnCkz9rJc|tNX=5%(y|OK!3fck~Mcd=8-RDJs=gfSxtPq1K-`u=?PQf% zmoR%vYVIKEWME!N0zT9xzi?D!vireYWR9M_d^Y;br+2YcP&@Q72F1_JnVF;-=f>+k{%GwP ziu329bs5Q7=`(I={qB?!8)IUc@^8qpw&fl+1~o}6e4Dh(`Pq?xB9O^WtTJfez+qw; zz`giFbnMuJ8vEBfp-Y&nyBcOum`wAI<5ak%Erw9u+k^{rABno(l}i%u8cx z4Yk0R3T3`? z({*NW@ZW>B<25+*)QJr!r-xJ+dlrGBox2X@Bkws2(oNKsJG!2_*ga;gib)#!#Z>gI z`ktUe02_&&gz*n>j!cH{hjKohsG8ps6)zphHBtFQ_dj*UMwHlIIu{JCH}g?JAnuZ*px>TdRy8^* zTgwT~MUbNmTXG+FjGxM2odu$wdH#UCY5Qx@G%Dgccih`N#8ZnOr!kRf!5r=%emaM& zr#aW{IHd6@P4@}*Hrzt*?lAbXGL0`ZTvBo;GgwY;D;UqiGz@R8V7tk7^$s}qLQ9xO z=+vx$6We=5SuVzyS0$Divin0HHUsK!H0_|~b~QxRwG2qY^y=65G;RJ=#l;5l&`4y!ZjAp;g`kV3f~`24ebmS@7qrdS)4aWjzKkz>-L;k zvwpI)-+8$}ctpfCCOvbmA#tKd^wu3SMT&`rNJY_tantWxo;LHTBT=QDHU)A-B1wE$ zTXt)xhL1>sG$W&HvFsCujcAr(t-0CY5)N^7uf4ue;Y{;`VR?E-LnRl?RK(bcn^Z0F z_Aac-MSWT?hCSfU{-H{BJ?m`+Lr5Fx?e`UqP1{)4;3D46#F%+iw z-hMzj!>^X0^p~rvoHPmNd`0e|y5yyB7l1W;l1%OUgem6H!*QK~d=2k}6Cb}gX?N-h zyw4o5bBsKW``Prz!vQaI_AhdMAMJW=NK{HX)Ev9GiVdeBqq|Pd5|y6OHsI=y*Y-Ip?ioR4B3~Qy9FP^u}PQx7t@-T z50^s@CVWZ6P#TRXay}Zj)I4u+qN}Ago9NuiFH3|zo|5}6AA|Yi_R-=FYQLZuv&7S6 zf59&Kb2=;rthq$^;hC^%743Nh?{ZvsIJj zRn{@O?yYgs$HJpf9TtRNerY;sgk_tVNI$K z!lY^*iY)GJ}k#oJ&nn5&GW%I z%_~ZkT_g%s)<8LL6&bmr`niZ8OdK`7B)0dAr?dXRSH-_EpFPu80i|rF;pZE3Dwi^&U()WTYvj z`^0^bns`n#9J{JQRC#*VrG7KOS0VYSo|oN;;RO3yx3~o#FUPoDIadHFM4;yJizzQ^@$~JO%5)j_#9iLa>sZnXJ5za z%MTUtg(&RG!UB(MuA@eVco-PMnly%1ftx}HNsmDtd9K?=vY z?n_f4=2U9#&Sz07bI;kx!s%~=(xM)-=o9EG!fuswA7vL!()oDml^Ve5g~g#?l@qg& zkhb!vZ+F=%8427l?9ykgVyLt{kQq-V7WE5yp!%lghJTT8fLUB#2HtzupLXATh$CLf zecstmTef0VkkDqLpL0yA-@MqF`#g)7^I);i*8)o1jfGaH>OB%b&8Sz-%AGHY`<6di z(^CpB=itrzCPVUQhQ|ip;zVgG${I8b1e}F=&l~v^TIAfjtgjgFJu56qu;-b|T(Q|$ zOgY!hr%|rCZBx}rL0Ul8$j9FjOR?W}+^%_Okg9C?Wsk?hXpNQLj?V})O-vLa3%Zx+ z&>0FX`pmKv)N~O`A6_Wgiq(UBJAPNyrqz1!8Ql!7v|XbZYBnEs_fIb*aOkN;KClrQYga~}i6cj=q@S0t7tYrD{I&4XnPV}1Acl%@trfb9@yIWsJGN_aENw-sd zs=RIxX!OTN*2xnZ8DF9wA?}QS=f`n9{^zFuskc*d{T!3oci0?c81Yw6@JstrguVR# z82jqDD7&p~gAh?r5fCW>1tg`BR1px6l5UWaE@>D<1f)Sga!6qqx*J9sht8opq;nWz z2EKcI^t|UizxRC4^B-~VTDA9Hd#!7&U$X$esZrL0k3 zrYxH!)|9Hv>aWS~sZ$+>LWvhKZ)Q~GdlP+3rN#F$?DJuZi$Vhap`bT9S6fn`5z*Tf zJh!c>ylR(=Qs0+~WfoeY7z<>PMrWXS&X6?)MX_xQ_uca~UFYD1Z{`Yh(TxoZ8hZXJ2wr-L@XXhTh;GRlEwP;L)DOP2wyCu6e%& zmgm_cZ4m<(Z3)mbwg<@rQzCv zlmkz*+Z$vJ4L5D1WybkjwXc0SGT%&@cwv#~ojiC@D)Xugg3Gkx%EG$~q%@&y;@@-m zZ|8-XgP;Xrk;KvW?Vu||r&7Xm zU3P5{HRHM&mYb5;B=nb>700oL^N0^}Bb@ddToSBj7tR2%zpneA%J! zboL9@k#RHYsE_NaUHH@$5>fK|Nz@HjH@!1Jfji}m<4sndxooycITiqwcbpQMwrKgOEXW*w}<$va8gFMl^Pac*^7(Y{-G?eqt`h; zMO=^Vc+cO}c|X<_Cu8#*9UT(&2ZvKzinJ_PEh^9W^wvdufQK$yoO+GOgl)Amiw|<^ zE;WvTps1F(tqhkcT2CAPDnM;AXXHlhlwoO|V;}K7T>@B4RKdBms^?l`aD0Nzp(7b( zuWEiff}C#6B;`d0v%^qLknHD_`v%02K5Gp^ii`IxetwLtLj;Z&XXbG;i0|2?bc?30 zeF-tvyWb?l^P4gW9?M7SJksI4^zDH+zFz9!e%=$Cw|yDecm7{u zWVmU6Z3w42^qy8SyND>WOOKCZ0jbZ>;qI@D9C2)Xxnd2*QX6>en2^~keH=l&W+&)s zQtnzeacS)V7|+9N@>$s0@VB?uZl-x;HZe@%z5qeP=EFWIfZ_=1Afzs2l@pvZ$J7s< zIj3#3T`-0wEMJwA8wS2d_-ADrY*|vv>1k+Mn2(2iOZ0y6Jt<~|R0g8NU~6HFAn$tXXG(qp=N@I$y7j4`ew8g_JG3YP zOUP>;;YRBuCCT%5=8m-H&Vt_VWyPC`FOy~(ISoql#DZY6g=vac3mOgRxxP^B_z2yz za7m=bq?t`qQ*3O0uy9bB-UTw~_(P=Ty+`O+Hdf*|rBj0BZI4Gz_~*dE!9$I2wcM3H zvFTE)MP&O)HO>me{2&q)5M#S(cvkzyZ=JuyIPFbIzN_78ZpWaYXNpkTvU-C0|31}Y{3lFG{(BF%DxbD}`T*>=2a%{5kjgPt}H$iWSKQ+2$bFPM$|Nd9WQ zu`h``{Ja*Pu2?s5A3Dw%Y}-KXv)%DvsaLVs!}DC%n4LwyLQA2gVs@)>XK99!lijO= z!RzTO{Gz}+U)$msa3&tjk-tB4fOB8udu?E}hNUF^eU8df zZ{8hg5M#R_I!v8Fx(pte?Uiz^WN>L6YyjD~T^qR>dbhh%!bjByJu5nMXy+#%-LcET zWV^;KtmDotEHD*>psiN5%LKokj28-@Ks?4*tH4%{*|Jo*m9_Bb=Fys1E~lcSWC9)d zLcs>(dGr~JF=4v(WrNccwQ3Kab-hg2_`WW6vRt>Os0q9YZ&^a*aN$7`BXgsLR#ka? zx9swQ~f>S_)Y%YLy$E50nnt^^SjU zZO!~bs>h0D=8i5Yg+Y;9dd8+llj=aT7VH(%bdcT-ycEJuD5vtAyl43c}6Q;b{{ zuRp+tz+2p7g+_q=MT1F0HVB z7P?G>rg>qO>kw<)sO=MKLO9+rsW_}IVhY-{gujHzCFV=Xf0Em@DNfE@)ku=woP3>v z&z-5sMB8XW;f`ZwARXW6hlA*f8HKuY5Ak2wHT}fc)B*_(f$S35&Y$9h(?JIc-rCwW zw<~ytIrk<;iJMx>$8pSDq|Ti@uJo@6UpBI?IaU&-NZ7 zy2P9_^_06)yv@|+E0XlZ4U1e{mFuROhX(Kxhl1qg?Gb#9n=GO;yd;m|wpep>X5JFw z!}ncJHN{&O&9N?9ha=H=V@)@@yqyUwvI~j@hh%cLK(BS8D|frl(Aw=TDLuMOvNtEi z$k2CllFJfT2iFW$wA>4VFF55BIBN@X4HDp!u|vGSE6%eXcj_sm(U9}Q zj)K4_e>TT6SYlx5%ZUco6wSujRw*cJirIQdjTk86ridvxe+r#xJY9FpEWr)3Qw_Y& zDatf6=1lF4Ny*mhv(GbQ2Ao=bYqpBPfiB=f2UP0u8|o~N;-89JcnRgU2wPI9veu!| z@j*G!L0=U-DMeXys1cpyxhxI-!E6AjI0b2(dNtTYmk0a7by>vj%W6Ir07;|)p$7Fy zkx+QUx)Ei_u$v|IqHEodr%c`LIEtHt8{izF=O2k?$yBPA3q! zu2;F#l$|c8I+!1@828og$bCD)v?iQvM4W@a)NZxz2syA_hv>QP%Wa8OP$O*-fS*$C z$YQkcv1QpX*Zrcn8*w3u$Q02IMy;Q*&$L9 z37=GTLr!O)k;>+6KDI3 zx*~0EaW?NSYKqD4cL-)1i<6cVH zQgwFZwW`)tL)mkVzL4>0>Tkqs$9Jifkp<;BYh+nwZyzg7_yfU6CUU8$nE#rNLTJ4O@SAO&8J|QQRBImJ z`S#MYLAetWSayus^Pv!tE&ZSLM4MLE{+MlNt+s9KBeO)b%S zY~W1k!&m|e?4hclj~6_ zvv!kdw3r1%a@%AAiBdzLu~~in;#j+*sIMbir`#F8&BkODf^+?76+d8jr9YeqTH@lr z9arFXz}jb`2ZMfZmFLpFO!q8s9UW1gfkm>8$0D7{FL2;x(vsZaZmfTPwXh&+YpX zTa}bkpE@KJXtZH@tst{`&d)uJbX8*-D z=4Aw9fhn3uP?Ghu3+^|iT`fc=FGQ@ioByQyU1alVwV3XtXy@kIPyAIAgpZjr%H~Qt zxG1eaOYl_DH1i&JFX&j#V)Vz$@ex8B8mAlDzZFwRA5*VytyGhO|C zj#P`{=Ne+&EOiknw<|~sdUi0oBodN+@l}(u^{mGk*HpyjehMuu zYK#nG4yzjEh=Q<#l&FQMvTdn`iYJ}pPK{wBDSOdr&TvSL8byg~=nQpF=tbzek?P82 zeQ}WrSvSz2sL)`eZrrjp^5zCH)^#7F zi@^$An~vT~B<}!}4t_{1Pb?jQHAYZhEf_eUkey^X=(B&QYRrr^77aP2s>AR*7)8<6 zuFT?|Q?Qh!>T}-VhKG}xKPK`hw9(ZUUe~He^YEzB87ogOyVegMgi<8n)W_=^*bLS^ z#*}fZ3={2zjCfs?<@twJiSMfpDa!3&V|v9-^W^X=h1b8(5m3;2EQ}kmQ;g2-`Mpqg zn5bH2zXIa!QpbrSpx~Rc#m$T*eR(}EJaS;+TPEWsX~2E`QA6di%B=j&F&rq~6L@H9 zr=ox8Oc;w=mcdQltRY64V0HB|oU+t>BwWu*nPk6Z~ z`aR+XeV0NdZUrz2KsDPL9pCqbl79rkl0Z7g&Jk*?zU=vjKZWNKZxtG&KP4}i39G{k zBCKjf8&0;we;E3~C1i@oxxad6bTCqpiq8%Vsvnb?S4eK$_;?&7Su@gWGNb9KfwJZv zoJF|*I;2#VAVrs|$UCymC+#Q=D|q>Z$+i-0L8R0};2~azjOSDrt1YT%=OSCJvL`l5 zDxeWk?o+X^u{;NT;UEWfW&G()KH<|Qx;Eu#r8`pE6WF||DMEtqt=jPWQ%B1~guUI$ zTJHVcI~q|s-nD(3@%Dpgo7H!$KYJ9ZfkJ6QovhwRQ=8uwILkIEpmvt+h#u2u>6NN* zHH=5qwNteL4|MGdO7b)DHsld_RA1L4;|=9~v|(jyEY^TzkZ{gX&j26@i` z&&SKL=QOg@3tdi8ZbGEvo^+W-SG`Z)Z*RDqC1(|Gj9134S_o}c&4y(Hfpb$`cH#+I zyrV|*KLuk@U=)*S`l>Lvds9_YOt+U#Degm1$|2P$cmh5(*?Y-!=Y|u6fcByr17P6g zj(~VjYXcD@r$4O9AmD2;c%sJVdPbuuGsZ`?#v^<=23$(m&S@%bi8u{thVr| z?vp(Tq2ryQX#`E7AsVuzVkg?Fm~v`5Q@d3J!9lCU(COt{nG#v%Qs|;9tleVd(vs))iKl3+shsu}cdc z30Ci%SHxLH?}i8KecPuWcq zq*+-eE#a=Qhh#|iU0TksEO~ieJ{4NWl~)`3q_EWFrwE8Me){f6M5j?Jq1X#C&@r?*BAV!<)|Z7YJ0vKem zE`}-KQd+aNW|KD%E?q6N=4eIVe*S2S5`I2k$nvCim2yV*9S|I^ZkCfVnx>O* z(YR10B{8y2Al~_g*WsIty!@N5{u;xbc>s)W$E*?SEjMfq>n|`E!52Jc_cGNOP0&N^ z#Br5PN5HFG#WuCWcuY7U#fVk~(K{`j^q;k@R5NZ|pS%OQW)U^CCQ+%3wPkur@8xYo z*w>3mt=1z?cMHl^T?a-n?<4td>Hx1#Qo)}>9XBYT(a>^LjGBBQ97YeIVSVFWa}rRK z3iV3jrq)GH)w^|_S@@Zi=D9!;T!w`24n%n~{#dZ_3n7DKWKN*W3_9MsUfRI_sSoiF z)wf7s z0YZnm4@$=$6xKWzKJ`+>$IGALssfoe3>S__m}y8GAfN`TVXK>MmS&J>0C836pbzS= zr%J|WWQ+;hs{x zH+bN6XO7!R`MP)dG^@=ZoHOkZ30*KkJ0Ai@pzda)_S6Q|FMr8YZe)qVl*uZ9r)m2N zCa6YXP*urd5(DFZYTcdJJSdt9*{Yw#Sh^CbNW%&9|%Yed#%jS@bio& zM<-6Yn2|h|$%z7soOZ?FQ|jfVqE7ruv$B@$Ety-+c zS4`(Q4WG3SYL6D>E-J=?T^7d*>vF4qrc_9%e%0mzq55<6DwZI2tZ}hhrFvuepd!n& zMEf*qI%9BS{_5N4?-ohp9R}X(*yt(FNe}++2PV9CsLp~u^e~+^DrlWz%9em9V)5y9 zKeM_6?K;IeDR*NVHNX{{*{8~aF0E;Hr!y%()p1U9`C)lvZgIrc^^(kVf$u;Q+H0hKo8D?+R8m{?q$squWwoNHe>f1aJh zus8AKyclRjtxX0a zx44pOG)@U9_XT~Vx3l!TkrdwLFowxGg=Mt^Pg5WD6h1ugeQ_f8f~1rmKs-0-qJHu^ z6I|t&0!!<8nZrvLVFgW#`2L5b6+fnc@}lg7LyCzfffWGgHLGC0p(^!IyD}Ed__0@0 z%&es<^XskZw?^)CnS4sQF78o+gHs-KnKU?)&7<30;_~XBlUS7W?9@61@A?Sq-`c$e zJobFQh6UdFWZwVeWzp--pRR86*g!taKQh8_CLdhAh zoA;rf`sT-YPs*Pv=Dme$ISM5LjVjPHMw3IZwO*W3Mgo-K-eVH(iD%)>6F`l;MBI^4 zZ}HFB_Pp;jknUepk0BxlQlPO^#&;^21V*V45CZ&{0=uM_9IxlNc#ougzIi{1a*HkT zev)Av7;qQz9UB_u8T4Db(uj95yE>+{Mk*VV@;ewCWt~G{-r&*oGd(Y_iNnz2`cd<+dJ0+18QNaD{_B@7NaL_MNKlm| zrICj!u>(XZN68k5AccDb6q^*XlNF7H2ZVz|_CR3zx+$T+bO8cgg(@U7s zpyTE9qhknVp$HVN_Q^Y}m$g@2|5-r^;KWT=mgf4iS*`-X;%z;YpF&gcRxvNWr-T76 zJIL#VF9?Q-o`P;S&$Smtz+Y@GM^EfxpHNCro@y7fIE)3GfM`|Zd5A;ykUL217h+W` zdKP0Kqw?8l&ITC~?Thz6sw{`Xr7?n`ys;B2@A7a75 zNe3x%hTiXsYPVt+-G^AFhoM?hlYAWQ7N^e}dohCk2D^GkH)JU3E_fT&M)TSkI(HXpyDtkn2I+t;PZj;D;$o7!@+tlUP>VL zxKjIgEzCz?omDoF7UYH^q$o<{c8ZMLD}&YX&-yE0kvf~)=?eqk>TOWD;Z>rCpH>Cg zR!5(`!uLmC3aE_a8!2=7vfEC4{RGdYj`j0W72bIM;C?hGS>e`Ey05K#{Bdk#uwM;; z$Gsu)O{YI8RmjqQ3ajK7^~reJy@VBy(B2i|D$o7x1iA`$-d82fqz8u&3R>J52m!@#?2W8;4IPqtEA-+$F{v5? zC~GKtF6Xt{1zE@?P&te7x7+DzoIpu>2LPA?rgedEZ%CNAI&Wv5)%|-FzS9}I*mHaq zkkGP_OQi<{o%@M}tol2$6s4$X6Xz_7-d)7U@k*>ndSf}LIFp3owOQ#!I3EB$S6BbR zvVzM37u~=^roq_j)2B=Cs}QOp{|l_j zf#wg?fy85%#2D*4tq3mAzU%kIPbTmBf-l_9n*G zSi}*+9|Q-p-y7iz3dPj9GaEJBCpni$bG~v8p6?J3@fvh`>#S9KR$En62^BR@Y%Q`n z+}5~fDwW#E=QHFI9F&}g!@Sil*H)oD{her(ILj&n+7%K7^#e>B7pKQn;TXC7 zbz#<6QdsdR0bndv+6y%ZD2Cb`Sn4d20lagWaLmi^D8JYf6hlw#|`4^w6)UWV9l{;UnV`7{3d%avA-UaeCqDEmSObys`T z%5lG&+4*BzNy2{9$=2G^Me^zxQ3?HWts}LYvu5f~kJ=|Zt{1(-x2jk!piu>{ni|i2+Vf}$qK8Kt;n?$hDq5k6h45CmL zs`@nl}>?n^;)g@bQ!TZP>Ns})ZiD^b3e91 z(vb%dv4VjB0Y%wXyMYxdhh6z_2K9KDMb66U=g&!A{ToIu3DSS zU@dTU6SGTqiFFA99W76yyZa_bFaY0B=>TzGO0*ES-?+jh*W+-XJxGIRc@6q zp>Jt!`TYl;cOZ93PSXcoDt}02f=hH+lR$_cbsIe&;Q86tctN@s^|QBdBd52*&Z;tL z#zj(^%(WtYgdgcJRI_jnz--j*rflckG%!J@JqI@5>zvCu=-bAzMmN7(J{jKmusS&q zTs4^Mwl-uZ>*p*s(e00}!qzq(Qj2?QRA@sv!;r3#t@B3KOjp#{ahT<9-7Z4Wg?8Njblz$+d z8*07*z~A5NpNk-Gemv8-J*@dLOHx|2Z{gcz#s*GIxL$3MYv{doiX$&)#l9ecnOWdK zM5<7SeW+*w;*8GP0!>BoZ4nJI>6?J}-PGVC!?GWNR<{B5a@8z#Mn1?Awbe}MK>IyQ!YTJlgMXVT>ItPq)E4w-~4`5HuPx|CG@&rf8lxy?Dm8Ujdk80~YrY<|$8#PH2 zbGDYUA(tm(y^$yJ=6N#N)>wlN(H;-TdEuSIL5JD)FwMXM=|~M|An8bTh zl}%#5RQlu*m6~4BM&oOM+j@7F6-c6HazdfBY5s0A$9;fHywXjY@LB#2^Ti;6Hd3nq zoF%fK;ktEXjnW=ho2qKqcwKq=9v}h`QI}fsYAoHWwDjAt@dMzgEq`a>OvZGLgM=I2 zc)ERr&Pmx59^9B-fz_**KkI|pJ$(5^rY(HD?W0d4Y+-}0Ok1re-Z1wSo6)w-Yiw5H z)TzVmFw-$%Rn%Q`xiUMQn4sdN_E6+nYaLJpXyqtHT`yk-bkW%VQ9tZp4Ll#VBMvS2 z=9Z|esb0itJpz?%Z%^Xg4uVR52M#uVd_-yDTe{g^2N=E*q(Kgpg-{-^gyH!07*x*9b(Rqu9IdH7Zuzto*}}o#0%>4YNRF)a@Jwlky^;+|3x| z*=8;Il*j#oL%AZ@`KfhDPCKnPO!+{@Ljhf#1<&&Nx|AJGVT(Ohl%*_|+d%}00RQKc z!`FF54+|n^Y|b%R4y@gs^mCJr>jDBijkJlj6HHb2C5llmU94A(1g28=$A*4k6!_{X z)|_6HxiZd;>X{npQ_$hG+`97chA-niMuN|{>CBZ;>HK5rgtF;=oGin8ujzj(MPnXj|jWz<2~^iavZL?H3I*P1?l#I;+3{r z^n%%)@#JGJrGD4MwK~I}9N+}F@;=-Pr@mca^nrB8X_fXP!OZdyXS3*9@MRvCQhH;y zyOHPj(4Xq+FO900-0+oFyi`W%!{AkPC-MVMIN@bdiU>IcA1<(QaHyTzPDiEw{wQ(x zsplEKcn#m`!B8Eh{Jm$co-pX-ZEmAm9Pa&VgvMN)?f9Y6w?f;ivt4bN0RLifMZ~^7 z=qqkUD~k^q|6~_xL&@Y}J{GEKa^Xu$C#vAqwJKq*Rsq6^(%CIhlKA|bsFoit5)Z(s zZK59^lik)Sll3^D=WQ-X`LUc?6@BBfq-U;rYemBwJP4WNfuQ^A`08#2j>*uTGNUG= zVD`P9;81JZ^~aW#YeLr~+u083#7;i-Ca+B4nMk(RI}oB8aKF%=rqd?oOI*{@^wJ6p zx@pw()p4dbh(5XUX7hG@0t@kNGDLnp8ECohzKV;hrQqc!aT+VuS`WaASLun8>2EXo zj6UorYv_|Do&VaFYPw8i+VPXPd3wq!g_R^##MPie{s$qo&HY6bNy_dg68KBcLAx=@ zrVr8hj%TDh3yG69>oWXCfmR%pHWN-DGgQ~MhK-J+`;45V)Ivmt2isdS8Wq$vqcRIp z<&LR00xwE#p}Hm@;3LFF=D6kVDKd+Xk7p)HX=MI2&284 zOyNt>B$>&Idd6k0`fTlD`|wEd0MC?V+;M2-FO zElTULSS9F=@Gw5he<&jw z=JJr$Mt)h2nR&U!Z7kJN<87n(sO_9|`G~NZ32?}rGXKKSY>~RNl$XjH;;I@Y{q8+m)byR_)K^5nWqOx}#Mwde!*QnLGF z_~&`onfK9W{raMi#$GVfa*3$Tslv_DuFuAb0loJgOyJ(F@MJtp@bGpTZgWvcI6J)t zbG2EvXxR0xyujJ_qB!ZKA~6_yl&X_}V?{kVvHFyT23NS~WSUr>G=tS&cdHNE|l)4 zMM?ftki6E^XNwN2_Kf|2^Uz-RT27~%uH$LQ8kLHP7qU*g6gibQE4s0hNGVpr862ub zhv(Z))lyg`VoQ(}mw%(FSvI-)%hnw!J33q=Gp`laO`dHd6&X)UlNo>VJyUCv=sJ5^ zjk{{MERC=!!ge8^c5jn#H5=sFlV?ajE?#3O+yzh%465Y`m=>ysSg$|dT&IyE?^C|s zbzR)%-fhl8X0D35eK&>1u&tO@Amc}XHJ3|&hk|kSw!mGX_8UyaPZ+~W?5pQxwcg(8 zpr4BQA?vp!-^W%)LfG@EtJ&P@UZ2W}=ibADtyPuBu6>}RvbrOJtLa?|il!Eeyhp-3 z)})4OMf5kXv1QJbgZ#f-1*N}AmRG+K{`ICQD}r;ykqf_-=3q$#(F3A;cq40P z(|k&WW*@@Y%x?7H6NSp1nrN=cZrz;Nq(I?o~pcmJ6s=xlK7;L55wm@r`E2JeT}b@(=NWuM^Z3 zNkN0=gX*nr%nR+!BuJ0KAkasZwT^C{)RS(K=5$Qvj%CNYdFf=qVHU-XGqCPzYsu;? zw`+3BohdFqQ~b&!sN)Y~aq&|I7Ox^z7hlvJrWw)WB()@J1eyN6>rPu0;5<@11XpWT&`mH7{n1AQ z0H(PrHoqVn58)|gQ@FK~$MIZmyQv5%NQ_~l#qBgM zo~FKyDIO!?^Y#)3op{ZUhoX%Zzj}OaNy?Q5{5;2*sCAm@3L++k0EsO}C?aWhywU>kj?hprjFFlpa-w%Q+hqo7sW;KAj8vD7X<*iTI%QM3dk3&ng(2he+Zzn% z>Snx}@#GfS($tw9THhSGLvkm95|eQUMVBPvyr)6mhOd;|UQvTN8J`3p8m!nY+!r+T zG-*J6PKX5rl_E#Y(w8^F>u*RY(#= z^|>mqApvg{XlkWqeV$+18$R>ES?Bq};mZT|2EdrqAe)1Ry8{L{(-yo-YKI%jf{t;Z57V2%K z-0ybWj%q>Ws&ucP0?zmArk~NGKz&fg>CI)i6`s~reN?RmP(Nj4B8Fv`Q=o3VC*bgP zTLs7ayQi-P70&F3l4jn+Yj;LpeK@_CnaJ+vSCQHQ;Hdg+33I>9_a6;#4i)PC!2;0N zkSuouPzwvV%sdxKw|Je*Cxq7@`KZ`1Z<$PYYplO$R${`weA{@rMdW`#eM?0J_E1$; znuaQ>MN*$WELpH`uYn^_az3}r>4kfvs^R*)J`SV@k6`e_2x5V2Z>LOpH1~w&2Iw`lQcl= z+ByCHE&$(~VE*%#R9Y-aaGu?8=$q2R@0><9LQAobi)i z`@@SB0?{FrmW9>8O4Qe@i(00+o#IM%MZE*P?(l5XUapWj!q|@XIX9=K__w zOOxJ*@SaB8?9$o1>MYnkie|}!`#n(#R?Bxluz>SY7`!SH1 zS_Z46RHTzr%f|}6!-sMhKXiJbh&Dn+WdN70#69cj0!WmcXHr(@=RydWlIbh_cxs7CsF^%%w>+)*=C=r`~1_-w;4i}p_BcaLks zLz4l(L8Pe-cF zjUM=l`G%>OJWQZHUrLQh#q^+J5wMLGjB134cc*_9dxZD*ljTZ-(i(_)eyLv$&4Ea= zN%P0Mbx>`2dmM#Lea+=^Iv06+cozVpT738^u9M%TshvoLcj#a(+Q@tpuAt?jWB-Lg zn6Gp^3^q=?^9Zn_*4)6IRN$%WnT1M}vZRzOUefciPuv~Dikq>gYZXt`T}`AV+o|V; zV!n=JdNjSl=T-0Vv)Kecz2W>$T(i_YAN18tT}k}NSX_M_;%hc8`bzE>70>>iin>@} z)@!8aOZ%cqB zOAd~vkJsE)TEXNAb#ZxNX1?oYKG*E8+_TD$7yNGK^Me2Gug`vwT;7m@l!D>M&PgW( zKC*+hKPlJ{SGPsCnlJ2CZq!r>W_q1~?eu6)v#Qu#8+wlV`0UDl68~u)&}a6sNl}hA zwK@iQrrwXG0A$s7uDE}espd@N9(W;O_!CYkK z<&hXNRAw7MSth>ztH=p#f#5Q|U#!P|{*z?)WxH6MJm`LKs1NdES=UqZ?XBuHVlmA4exj>S z`JZjmF-=pskiZlubKSVZs^~c}M8qqGrym>~`t`~m3jS*bz|4!?ae$Io#5W;4`+OBg zdG<+h6D?60*gJM)1yCQ_eK|&jNS(-2@bf*wKh22-i^L+hGvRxD}AN7}Y z_^%EBWj>5w0S%1f*BG__GAP9?fO2a*f(ZX1^8Z@%|J7eRFa<%W_SHWlCO-puB#Au! zGsOSZ=6`kSt9M5!$|3HOGsj<_3Myd9qEKU_{hKU*dj2J>|G|Y{P0l2MAu;pT%)f17 z*aLtQQYM)}SS9~=p8dDEP_bNL;ik#me8T;^hZcFD#}=@7yTWff``=prnUnop0^rJh z*QrMkI2B+!A^HsP5+7&A@SiS%63e=qy}Hqie~qOn0B`~!uX^#1R)C#{Qq%zVpVfZ1 z23FK7l_mL)`Dlja0wZ&Q%x}gi{a01}GsgcS?kJXG&Lkt^zqJ961nAC>2l4GsfB$Ez ze_Pvs5==S@AfPlCBDCzE@$l80Juu{+{c1!>^j|akPph3F^zzg0p4%U}txsMJ4J ziHBH~cv#l+>W@kUe9wN&O>;w10_&vuJ5v7o-~qr=uAyE1Kc^iTU{VSTds+Xm`Lipm zz*)}$_npwM%@Mc(YG7A|NEVp>L*BpPtZxGYU`u97M$CURv>nTi#nNG%e=OI@SVNG4 zEA?Bi?B8RZbMN=z@v^`F@^_R7zm63uSp^Ek-*ceD+BdpRoXo##`G?43Pk?3HY6c`y z{q8{@tL&U>>s9}dkaKQ8gFUyEI_Pit$$tq*Lu~QdtAA)8ANUerS@(S}_RoluSj_+j z!v4(hZ*BFMC_o0+J|)`UEjj`K!ges`$>;p(@^5%*IE&pa?Q(AZp0xcTRzMFA`tSaY z5d6z<5K#hCAl3=LNBf5p*aHV$FIDDmqy4vw5X``CZW$Ej<-heA|2aTNzckzUznT0W zS@G?`4r#Vp1pRI0^0De})dn^HhaFrdPz5-led7<^R{JuT}o}&wp7Aa9jko z7Mv`;zi99QM^-s%;LSf3#mMiqSjO9CoHG42;Fuv+HtkmudH?kHcjI3MRB-RZcgp;~ z_&&#sl}+ZAM2CND+iZa$X|~Z^E`QO?S3(kN+hVDur2e5e7vBchIQ7|@_xA4|FmwP{ z&h7v0a`FEs$ae?qY0&|0GsNgeIhD%g2wzZHK5I<=n-*$TSw z`2F>NVa>nHsx9XpG{+6u&zgF1CVC`6pV^{TWJ4O_bHFU|B@o#xCbBnErt$r1r*$=H~ zpIecY+k|Gd9l=m{*gXItPv?j z6Vo3ysG6WFfE$q4v5HUat5I`t6#4RSv?7P1$L`5;=#YYz2&9{d=!1 zRtF|rNV*!eYt2bYp>yd!eUy2fWBUnbXJK|;#_nyb`dpe9az1OEu|CJd7xTIhPqQ6K zP7h^w089SqvCof3aWUBH!=7YcX=wGXzz&3ADuwm?aJtJ?jmUy76`+!d9@C0epNIO% zf%wHiQ>xEl#JTd*3-p2O7KFx{##j7&QJka5y~hgfz2iCS7$`htba3ZgFmU&jP@JRQ zag#oo!xt9}jZy&01W3>tF#L~U3Fr1D2I@>KyZ3qOyB{RY>WZE3Ma01_P!}Ng!RVCt zG10sfD1);K1J)uCGOugP*0pY*dUlUG+Qqx33MWz-3-h|ndA`62Uj$sZjsue9TQ(mU z8dYeR$yZZ6ZBLHuE{<;N9MJBx!)5_gUQY3oXmKs98+BiA7OA%!%F`Q9yZfo<;%N3< z#~tt>YtW$Q@Z+S#_M=Gny&qjB=%)LCJ_IT{v-_L?cSOet3rLSc1~oxG_GBJAu%`5v zaj-{YB@w;vMRJ!S!4NZQhfz23JqExtJ>55SW`(YWD5=lyTqbsV=04U!quwiawi(tr zcX3R6VO#^0XAUU$>Opw*q$QV;6Zk#yfng?LqE94uJtrq;TyA~v9?|d~;m?lK_pqn| zyaEC5(ln1k%|(nkGs;Uq&Bvyko?7mJPhD*W@Na$vAd9n-0T;O6rPCsGEbPrWu&&8v zz!Cf-O7Wua0^Jvf1+kM5+6JoPd<7CVFm(zfFZ!Qcdlyl9haI`)gDJWo{Xx+{j{|xA zZsqoInfO`R$3fIhfvG2g$6>R_Vf#RpAN!O=(PBw2EU52IA3L`eN;tO8^`YX@1_@B^ z3hRsZR?lI^9nv>!-0W)1M~A`o1Om?d&~b~rOf=t+c9;TKMe*sExcYDPfEP;(y*=H} zIEcU1>a{?U$_zWrg9$yk=$S?LIAXp1B0rxK-#;xOGf=MDfPLGQ!KrxRP#3 z6oYBlb}rh_kruVo*lXUyvTWbyyzhcyozUsQ-6O5etYq&Wab7>(CGHb091x#3i8K2g z*q!(6+g)tIdWsaPFQ#WP)B8YvNxiO94<9b>?NgNrm6a=@1}OOE!|d9^LX@Q0W? z*PkE^e7sMF#4$tZ5!tk-D|Y8A+}V-c$%okC5;7f{MHj2V%zRz|v<3BP2?BPG^q03e zG(Pk%51NXgfTIC78`rma6lezp*8>oRUx+{Ve2;y?=+;7=T%7q_6rsEO(A@+(w(eaz zM2q>Hm_bfr=;Jnqv z+7r)r#*jA$_&&S%xTZ8Wkd%^@E$=|+4xf52z#q;U>TD6>ShsI8dt@VQ8<#!!*(*sb zxWqFacIJ9vd$I!vN=IK<9es%B3Qwxmy9kO@o*gt`1I2Hwp*?+ec52e?{HY>5;=%NO zZ+inneYr;|iTf{7fLd36Wd`Ur1FCk-@d!*UL_~?>-VV3ec)@s>4{VXuDoU(YD0R5y}2+X zi||bCRi)c@53g^oW(5*)K4G9!Olhp=zne*e8KA`s{H$v^T37{buaa40%@nqnm^u5t zr`D&5rxiy60FZOhLnAX9MuRD>d(5#};7d8d)RWcfk{e(_gS_e7@@h5G2bFD1t9GPU zdaf6-FjyaCUe`CTnY5B~nkY-wKTWjG9{W_6YZ47+Yk+_Yt}NTsH**%MU493pHM$Hd zot(iaqFWU|A?LOIJ>;g#&sFI#qq*CTa~rQck9EkuSHAOeOkUJ$+-BUwh9XU@_z>l> zXxofPex@3ZsxAr^m>g6kHx7SUk7E7eeA$#THF>q+%yci8GMVhWZK{$3_!Rg5G4<79 zP4|7dOu zKlk$-@89Hc!1oj9=Zux^{V@x)m;P(n_VsPT&^D{rC(vO*A?-9w{v-)#KIJ8*(kF%~ zGItzHd&qkA(}SL9>7V+nQ(f&)_2z-)3g;@xhGPzvtAo~eJQ3&92Kp7|6V9jl-K|2y z4K6iF()cPvFUH`}ufGAU1_F-URLjWNpT|LS$IhN6^yzN|^4rog@osA$ z*NV(6o&zvqSL1j7FG5-dTgN4Phq~vbMiZM8U-^}(ywVlgTy&Z95~fm0c-vmqs?WT( z+2)YL$)4?9)5lD_pvy%UTE4q2bLTB88KsSiQ-NG}uaZB$-&|=(MLjduj$!?EN;LwbPjx)g7 z*+_1lMexc($Nh0z_S0)o*(S9yP#2#ON$@wS5YRrn_us`=QXyLCo9WQau3BVXHd-2} z$d}_W(hbhH_M4tVw*HB<*sAH&4*1Fr_W9+c@Zs!tzM63^>+9t|DfeS-EB^my0t|_Q znk+V}Mf_moiH;&yv-6K>?Ht@3KUi4gyXFt*hq~qQ%OPb>dginmXXmODna9ujQ6_5Y z$#CkP#n#}p+{3eN#i_(R);$>HiKd8M5AQq2g=&BCXZI%r-^( z{!z&m&Ubv|L&QNIb+m`Xau@;Y$)3#O&rPSW%GHB@@-p0${8S^8aTydwm+ZdA!_0W9 zp^!J4p(S7JIR#$~Xk7^ifAZ=G;K7Y0ao5!JpQC)EK2oDoy2>}3U-*<3P4I)atlLwy zJQ9N|0QkW+Nkl608Sg8$T23x>$Z-=kD4YUbx=_yZKxECGy%O(jlN}AKRr=-f(+1wlXk{U<-GZrKn3y8nrfhVg)R`{jrZt+&-O z6(s9z&Bw(L|2^u4!~IR#J|e@c z=JYo2z^}U=U(L&{UR#@nWw`t=Dv}JW4!t6ay>!eWyKEp2ZddA+&1wp4Zi>)4c$xtL+&c-!F$hmzc0J3@ZYR+m+hO&>UzdJypi?n;>i~0 zRhk$kMttJPSqR zl^4wIJP(rMjp~){IiCF4+9g}jB!q#UZ*Vu<%!>&yp?w zMAh9}VNLe&HEg(V&$rKk7(K$fMykt}ZVauUh+hKZg-p2=%UOTqU9`ZYb@xcwlhEuy z4;IomPc3tl6TKua7fg*)f%k^p2tOFyX6aOm`8kdUM_&PDEFXWa#X%i3q9gzYW|1>U z#CQ2`DESB}hcB1)4(aa<@h7sj5y4`(e6OMG-VRwoY(O-uOX&D-WD;>P={&mxxzS!-2ty7kT_~}dJT9zC zf+$Tzi86I#`ZOv$la23rqG!I3qX!GUR6EeG%Nq+hIM` zfo+p8p7np4y%#JK?_c<4XqoxQAd1Tcm@MXpT5O4#lYg0fvJxnh zX8yNh`c+1fpXuJ^Q@ryk{2z^vpFQ87n63P)RZrr;ElGEEa&9%#s`{bsu^$C z+NjeriyLoCrT>5v>5B{+EBVbJQfGnB;PKLnKXrukSd3L13_o3A&P?OP%-V*^1hcBi z0z~$Mc#e>#+B~l-xTp%(I831`4+@{yc4qOSzeK|jJW0J%{9yd>!UdS9&!Y&^m*j1Q z#MrTAmU~R}#plKKO4k+kom{UmWC4C`j|mF}(>oE>2dpD{)&)Xn&ks3@Wg=ay-~~BJ z!@o@yV|I44Ei$@T2!c(ENK7Mtqi39?F$91@nig+ohsLZK{rA5MfQC}<7ZnCmcyGDK z2ME@ch7CU4S;Yod$X%q2r}R#*Onda2%uGbEeLtQn}Vu73<@S~uIqdC^kcD<#eNhhC1#!T-lC_E-ObDz2A=ulzPC z{7fum*Vl3(VAt0QKY!XUlxF5V32^BCyp(r%jGFQ;r(J5_Za^&y0kpi-0ASBu766tL zbQq&~;~=}@+DiY+i_wV%Kl$DK*B=fSj**!_&`_^(>Rqz_o=_|>3Q%D*guwyDUoh-!sV^(WE5tEt42q+|vUR}PR4MtraR*F=0 zZgPQ6`>wH_uo~Kmg6zPETkZfmjQ#amhix%WZ}Rp2{V8b8g`SZ0r#{C>zmImoqmx34 z-0NoC67zDtL^_wBnwf*v(qqC&C&giA+c|(VlpoIfm{~KUMHRQa8=5J+(!mrF-`|_L z0J%9-4r}fh_N@YTgPVrM2wSEsJv+B%%n~waub+o1t7PZh+bi67Ydw%M3}QzA>102u zawe4gY5XZUiVaNp{yWUb(22O-iL2a-`)a9m&tN+Zp4y1=xuwX zH7A!)>#q?V{5b;lN2lVCwX|#8oa8twv=Y4}r8DDlp_F95jd#g~?_sHh8Sh>AU4@+w zDoqc91Lr}k7Q4}g$^OIRKVbgK0ngw7%WM<*d!D^#hbuO@SaxPrTSbmh8 z)0%b|_$$&$O^FqQZmLXVdzK?^2px{5h5as}Yxt|-*SDQzSX&Ihd~?-RZ6ld>iszGG zgOB{(3{uYjk*D`hWt`g+n$r#5;|cMoGGRocD=*h7w{Sq^)V?Ts8NR&UcDWwmetVG; zwF6YbvF1O^lTKl*rZ=k%3E+J>JO{&dlc&=6%k1D0jnJqww{OO_!q7AaCEPt?%U75Nk${hrNluzWW z1Kk0tqjN(-unq$dryW2AJuCUsU@wxCvL)mh#dK>-ZEUX&Krzh%HalIvVKg10wst7G zmps{u7u?XKa7R$J)CBK?C4Yr$oCECI?h$e!%Vx{ZxKuMfVaOqhdK)W=4o$itQ$$QnJC?DflY}Xg1JWDtK@Yb{7_gQ)TkI0YgV?@Qa zO(iKig`J6=VfOoS< zwI~xDcxV`MD0#{rbYoE(E{at%P(L3EEYxCg27BBXzLe0f2y?p4ObaH#!)pJ5sW1(Q zt3OtRBfxEeK-#&vw&KNs@IZq%*)qlC#re9L^e;|#SJ=6L;Em&fJl3e~>J z(v#Xc41K_b#Krv!T4zy98qlBz(ZCvq4QZ2_Y`jXiFFxIl^5(;-GM+a+xAKKQ$M@wY zPU(X9rj}N~D(M9q3#q3R%i$gxGSP&uat~F0SakG<`*&qU>^*JJZn)HmShLN}wXkE? zxKNrMPLds`2q12vyW{s7(#q)d+5L`F(Okg_kWIh+5Q5%~Klf%O3s~bnRmQo+WO4UA znjc#K#ql1KDG_Z0?UhvPTi_$>n@i{{AL)Afyf5poqdk-vYxfCuxJ}4z6PL>yjQ8f) zcpX-?S3Y-Et}>;WJrtxm;ZO-nH17TJW4Voxb_Jdu*PDn4c0c)b>a(0;$got!)L~sQ z;mE?IF*@k-i8aez8D6ZwBHI^bPbO9?B<9M*e&U)>qB@g@8Sj*2K$?x+TJ=QcYEhov zU8eBcmejiodGLRi7txsaJm8^@TAkD$ZEMu!B4YB$_^%hiyf+HANduT&J4%IPnR;F@ zcu}|fzSO_@XKb|4{^YgGhOOhwUZ&oQiKr=YFWqr36XKW{EO#ivZ{<%GE%P;El9iCU zQ>x7yPAkr-?L~wdbfG7A(x2Bs<#;(mtjkCxrU*^#6!K;Z@Js5T^|lnIQ~+#jySfIvRLPwU!X(ExtZNHmbx04XYP$H zmW4Lk`sh+co$&L3>uoXv`wLUmO!=UvqdeNhu|CjoemV1<0yY+bkR`3{PH+k@9x8Q92}5M7(x8@$M4Vv=c5j zEe6Vg{$+$x{&2|C`^JAugiuNLT+g7Pg(b!?ndeLxhsd$S&^f$0Vt#Q(w-Fcg<}9=A zG&ABDR@kGdugknaUDzTzuprHV2m6QwOb#$)`3LD?=cEs5ZCk|N!f5Ov_>5`Le!7e% zJ69bvW~YJwSa`vL-Uc9*p1uwMtLvM;fdxoAdsg%x3dGaYoR>H?MnYx;YkcXQMOLjb zOg5hHa?GS|3vTE?9_()60Sj08*UaC}6S9m$VV3-q^`A+%KZWiVMd)1ZrJO?bFQ@P> zFH_%}XfI|%I}k_z{yVK*C*bwz=c{c8DSOX6?BH(C_B8u)QaQ4vaYc1sv=-4WJ=>eo zq$0c0@AGtfaj1&|x1#^q2x4~AqU1iN2vfjM>ogzd z_GkD(M_i*;T}yfM;-xJ5c_llzmGs*t4|EFo)1yEn=d&7@iqpW`qfattaB?n0PxiWw zcf9HHZhQ!V^AZaEu@Qd00ouzdnrr6(tVpMt^eR+ZYJc6ak#RVoH(XMxwJGn1wgf(K zY+NKQm6LM3*g2l(roLeGJZ}o$qqBLh;E~O(U0P_WL#3RmB|DuVxMJTsV;q;f?!2yX zo_WUN05xR=zg;rX<6dL544V#DsF!HcUiQ%ok~}KO+vhabw^Wb?QUghLyrOtR4!^{5 z*!)6>891)=Vw^jJE3?iWRw?*dxz+yX&Q~>ledBlRh`?TnsrAgA_Z2qGp0p}X{{{tH z6Zd)Xg7eB~K3QO*__P_9@BG7JsS*_ zAdk_ML7_+(yi?6;@}5C%ik`=N7)n+%#jqLGbpX-a(^|pHVb3}oI{S82L>ZIL336Kj zF^zuJ(i?S#)63oX0g<*q79X_L3I>nGZeZ6k^7)H+E3)C~OyA{^p8ZY{2_l*6u(k=U zN*V|%?TZ9I3y#k`lER+Qxxxv2zVL^&g%x@cMohWp<9Zv~uZGEwP1jdjrjkofANlge zQqPt|!vMPam*=>Qta#pXQAyDkfLP&m&Gi>fCQe57DWdo;j?n(lv~$#k zk$x!U))-na0oLR>5=p}DLACS;&S zSnDTM@$FLVq1hF#py7dIESUiF-n4Fa48msXFElT%#?l2X8fRC{y)izr(L4qf3?~}6 zzKuEmru`jG@z16$Y(u)oSX5nyIEnsLxk;>fUO~hfFT+48Ktq*G{wjKzne;<4%kVRn zdd+@`hz6(K`^~>VpX21VqloPp{^3*k6@0`H$c6Eb9-xM-y)nOSkSIptH}fx%9_edm zTp=BEam+lU7eaErA2_IrD#T$i8qMk~G~s6$b+$E6)QS(`kS@Bz*>r!RTuLG5ouRU2 zbd^d};wf$P{a^L_arK4Az5xbiS3GhyJS`+5q)Ty)dGopay`a*Zoq8cNObD{yt4QA( zv(4KJ9JJ>e^&ty$B^FeZ+-)|RKQrv9JTBgnt7pggGkN9buHJiO@?g&o6#^1UQ0Jv z!Z!&L6?pC8rSzZ(xpD^e)9z=PdeUya!kb60Wo|zw$?I66)pd*iQ4q`xg-3!i|lN4bUu zDvWh*D8k`YZoU0B#xgNJ1@f7wMr^<(^(=>}P2MfQ^un;T?>W;+{C%EPo>m%fK)RS` z^r?y~G;LQH;qim$t#|wlu27Dwij+AHBdSk79+UBPy53GCG4vCbK2$T;+nP9>6E;}#m>D2TCh5~ado@pGm@QfEMTvIBR?$pwW?72KhsMxs zi>ayaWf9XY5ceKEQe_ZE-n(kVALR34#i#0kbvD@HX>WJ_QmvKePCBS>hG*Tjq|xupc`Yz z5(GZYkYB*)mA0pGI!Nl~EUVfKLUVLUjIWeEVkJ`UD4cU(%-}R%@)E32BP?VP?+D(1 zJC@rAhbTQ_Ckd$epwSiYXn;W=4ev-bOdTe5$rN=5@vcxa z9IZS+Yl(pT)D;zaMa}yiFc+Q4=Q3MI;LR@Qmx=DbtESxb4c^~lA05C5jxSe@m``~} zdPlcX6OT>@+l0u>hq{l`ds%WS7G9C7m}JbU&3wuJAr!-9%>1xHUzX32X4V~LYs1rX zXMlW>&_{b#+{7)iR{QeS{M}1;ex8`TCYZRel~X-N)j}K}g1vZ+vZ{ui_P}$6NZALp z17gK+6Ap4&oXo-Q-@P4~^p?cN!QDe+7g=+_1cmPf`@l^8o*M-YK&=S*Y*w0Th@r;E z4d;Rt@ytCx+662uyZB;r`##Uq=tP|UsT((M_QiaQaDz;NZ9fJD4lOo+sgpcU21d*H`YT$`_CiH;A$Kk$N7~^rgK?8c;6n zgYTEf7bgb}^2GE^D-y8FqSpLC2>AYS88!W3B$6R~PetZWe6@4xd}wyH;|b%|l$ewU z4H~rVV8|2`+V7491W9v6w0$$Uk^KbOfBYQWArM?X2C0D)+b8RTyZ)rgk~Yx>_Xej;}veA-@up?<3lY8_m^*| z9gHn`H*V7ETRSF00@q{5aUjFl1dJF|pl4bF@)mMFuOw zVe!fX?Y$>2tKGRoD_r#nsp%*!&(*AvE1=0>Dz@s#SO9;GER~!V@1q(K4n9t1w7So_ zwE`f>zSX{S4;CH-gPXc)5jq=uKkF`Q+f39x5bl|5^xT%|7*Za;E@Yu4980lo-kBEV z$kzgek=(jH%8uy4y5s^IHm2CabEIlCdq(oIVtY{*jhU=wKzfq?3K{}A&wX9 zQdcUndqujsIjdgH8Ih9WfVfF)$SI?)skwK57WiCTjIcg13^{h zA`==?>vig9UPOAeU#EZO!ib^nvA)U^Qj1JNKxXVL?L)H_MP-K#!7PW>BzZhJ3Pr|T6#SjI*1)(iMVh| zsom?jIn2O)d~d^X4*8O6X(O^mzJPuQ_I+Q?m3N5mNO=^xjNUJw)OT zN`9ZhJl3e)2lvTlSJc*bpbg_T?yUPE`aUPUoTf`=t;3ZNz6da7fgFwGu})71RnJ!L z1en1!Ct`2zb!KFXeJ^eV^6IBkXPmU#AdmC{7M#Q=!t9w(@&XZOrK~U+B|3#;3So_ONMos0kbGS3B~H@+Y^AjHWHTmru+v`nXvKuukz> zfOY6&m%JYf@LNda@7Q#?hes{!^n||s2IOn(9}x15R@Y7Hj|xhxC~!foBev8pq?cB z+Wn7FyJigx2_arPtr|=scb7$Mp%QoCm^Q7x`yyS<8FUqYAo6ZWN zoa0owut08nnX|l3;;wz#J*dcknbg-Bk1c^M6`F};PUxlJ!P6~3tGenf7G+jY?uXX| zEQlWV7dSh$i*vh@|AZFObmYnDtl!g*GGrKj3km~iG7uiV-3ZHucm>BD?2Gtw7QB8yCPUdK{?VUXg%OgDq#FfOWN2zWu&ut)&)Pa#OQ9H z^0nfmV+F(+tcm2hFbzON51^Sh5-5`fNNA5RndgDg6iM|tmLFu!5sSlmqwxGbc&BA9 zjimz7rRgO}M3QRf66#ssh(M-{i}6mJDBrBkkU#hKM>gmO*)=9oZ(d0bYjkj@Y$i#P zqk%Ohx(mA7ACuRJMU)KKdcTB>5O8>U~?H`E%hP!=Eh)I3GA&N8E-S66;ySm_zH?U%Z}m-wJ^c;n{*eZ!Jw@v|4ukC=T$L|PaD+5 zxLWqEdlM!4UdTijdYWE=H!@8^VuIU7c;!za8|pG(4y&zB^lv)+otY`Rqa|(SEeL) zCZC$RwNj!1J`OWC)y4$Ei#<=>&ZV9ZH)i+|)hbWBNVJzSNbNj9pqzY_b(xtWS-2-g z=n2Ah^^DqFyu@z02QeH{e@n9nJ{4uKMvb}{I1Ts$6(^CVyOlR&S0a*q%5>I>%Q4mD zD48eVQdK_hYHNs*x#L@SwKChhl)Q;^c`=;k8~v(+lYVdizJs= zyS1s{l}4e60WBs?c74*4^IV|^*3Kn|#GIq#qgOu)*vQlYv#SC`fmVUmdyuncD8&Et zdy4HoNhl!$IhtzN^IGSQ(Uk+m^5fZ+*m!<$eE~t}e+o>(4_-j4q4CRUBPPF~?>YBU zlum#L-8Kz1$L*-LGTsD;wJHhgrxk-gp^BET%*g}XGuV@=eS5r|<~=tGzzl4iK>_}6 zLSsH^PRu`eDT2br%o{t1LYR4walQ^%pv|UU$Vv$JNugVJ^cGB zb0)Qd=PgPFe+PHK%=%=4NuIo+jp>;fK=4s~Q1w>yQsfp?rEc#q6<(Z&Wb$~@G1F-8 z$n2Wl?Pv>BgEMij5Xa=mC#6Iqhu`2uxnBS&k3-Xx zbuRvG`EucJ+!Q0yqsiGRAt za-2#FQ|@4Gu#7lra%RNMv;g2cz{?eO32&jE{oHC=v2c+kKrl)``>Dw?^Vl5_>>3kDv~5GHRX zlSD{)zjI17OemW+#I8FgkaRmrQt|51cq~d3R}+tXcX^w~CiKXq@Xq6?qT^&@w5sFY zN8L(O>vP#CL*CKu=||_Z$AWQcO)%me-*NMNAc}at#%#^BV(|om)7e{!pM#Yibzowl zEC3DeO~``O<}2RAgjtzo@o8PaPf13?_TIT43giqy4UG4#yi&-!irQ6-Idcw(w(!$b zk;#T4J9I*s4SQI#NYWX& zaTPX(XQ!gZ_XJ!?V~$O0_TB`beJ1kF%o$uz@ux3lHAPe6b8k?k<>Z2>+6vE7a;6r~ zoJ!b-L-0-NspZSa1bSwbsE|qN8>hNU`n;8Sa`af-88}r@C%%KtuqS>KUoLjMxxeFT zOn?$nq-K_$CikvaGvAT9Ojf#NTJ3`#lf+=HV`Y6&U3M zWzkZZtmZ)s(RobTg@7UNkjXu3Y>)Zhk{9v)=rvDBZ@Ph_!adfn{r3k|OK0t#a zdUXWdXw|nOy;?+DK}qg*#vj$zp{nj>j_oi9${jpPJu%nDCcn+=#gZ-y@zDd>DWmWh=SnqDD3McLPsX*NWobNd?K z$v+Y{PIOOy%XAK}ck2DPy)qYk8Dh{kTMR(TIPsO@0ENdi+~TZ`c2g%2Q%4z7mxAP2 z8}G7eHG$^8@`;W*5LYMudUI zPs4Q4EO5(%zg5SFD-f+#5Z3)tQ^B3G%}}h0BBV)I%23R>_+Cg}1>`hk0ArJ8HddE0 z61&jlqG>MrI8LvS7!OW7-?f>?{vTSrfvO@^>`^N3{|MO-T!*+LrgC$X9RuT-uKdXk zPHTQl^vASjb!A?x1QBu{C8rpBn*1g!)LM7HVtWbMVbycP!WOLGd!v#!-LQEM?0OzV zKCYS*-&xMJWI=wjERJ0-Mr+6Q<~N?0XYHvriluIMiwN8mDHRa2bz&^_zubc%gEs5N zDG>~mvb8l`QBSKGZ42FD(q(JH)5jG{Hp%(L)f!l#OjsU9Q12mT5s!L{xB#q&2r=#& z3YOgQP^2u~!wxp+jtsYmdEU}sU|jbvn|*ge+|wE1RQ0y-y!)m#9aaiv5{ib2?%FO6 zcC;j#e6Q+OS@f(i(B0yZk)3#jFz?)KkuCK^v9nS+?2tQl^JOWV9-LS|)3>Ff{c}iS zzfo==$1Mh_R~s@=fvN7WR!jBnG@0l}>q4FB_X#%hJpnyQ@T_>f{o=P{dJlgfP<*oS z4t|BJv_=M0%uu!9W%t+D{a*}i0f|e4CS1fe1qk0ASo1ugx8Ypqljs%S7;Fg-(L21~ zrp%B?U+u|;j)v**yaMNd{id^}jE9)lZPJ&uC37{qdwn84Jxk?U8f?og(vVdcn_bpp z=*1bFQ4=DchH`Rwo)Z{@Xq-i`%$;C`p+jHIT*R*H=m%4aZ+{oK7n0f*lBp7X0S5CE zUz+td1ss(Y#0YaU_EJ5)Anz_ISBAbrx!C~u@3)Z~g6O$XdgC{a00$?6!X{0kUX&kv z=iYy8Sg+r|;I-X{t}2V2rDozT>=derrQmWexGDX5=ibhfUCkc19t&}&PQ;A7LMl&BI3#THIRIVSL@H47w$iT& z5Td`cidG6D2Y(i?^`|YNmR8u0BSb1128}sy?ib;l;{Qi%)m6*(C;wARsTC7m@SYsm z6YATr-ME#Os@*~fu_i9_@`wIFGY-Zs$PmF$k%Ly21!=xv{m~3iv;>Jvhcn4*nx9?b z70^RutYIiw5+>2VedV{xL^6E|b&+*a=O9{ZvQ3}_{2Shne(V03!aFTx6(~0P>l~Ks z>S{e%cC{2balI8y@)+^}Qq_W{@=Pett&MV8m8@v|6xkATVw=c}cC~YjADk;)+tzkQW9YTgP zqAr>+7<1$~RkE|+XaN-?3EQ&a7HB*QU7lxGE3#iKF6EU0Zr5tR0`pie!IIIt49iZK zvil+oKl8G>9aze*6bYS*sH%}x#}Ew=%LU{-c+&L@_FN!n)*PS|1Wa|zW+6npL~uYEg}@0AThlkhSvGc!ajo7C^MciJ|THM33k$2l`H0g`oa zE-_2b7o}ee%jN~EpASx_Y84Dze$=s*`IaU24aE@bHb`nd&_Ow=W8egG9N(2)N-HNs z`oPBn=L_72E7CRIYRkjKs9794U@63CelM%Z6OMswC?=zqx_rSkbjm!RU56VPh~jB* zo;eDR2r2MGzv_8z$Ick{JGY2-V2RjIoWzSq6LxrVzaQSuB3*PhW02#=w}!tfC%Woz zIrccaO^J}TY(F#X&%*F4*(T0Tw8e(ftgNlFi)7skq2{lyk&VFSvJuKkW#fR4`qi-V zJ+h@m*BTJ03NX5>R8&rq6ZOgFSLSb2r-F|dZE70u>Ek{|hDx&)fGR$jMvvpaAOPbv z2tbBcq3;7QOobQjX22IoE?wJ0GikId6OeKCoeQ{viZ< zIvw8as*UYCQW291JwiDSSYi>rsl*b=+x2Zq50lp+yrVt$pfbXqTfN#>ktYWgwNb{! zQX-$JSHy@%ax8XX$mGQ-QlrkyML=5Lx=KVDv;9q89ZdBF+eggVl(rmL)ymC`N&0YrRuBje)3 z9`gZBm<>Q!!SF1F?p+~8ea?b^OINJ97!%&AwZ`+szyO@izeUW%yB98i9-rV77SqTx z?VXN|RiBS@H^7p|s9W$hV}rIl0}Ql%CBM4;`*9iH4mc2x<&_~Pxq4Kx7E)t@+jjVI zZ`iZZSQ(xtv3%fbUY1$yT_{w~*EV1i9t2c#j)u2#W8!+7FAuhB$)L9MYUE#zGMuvGNnzZL><*Nb($ea|K* zPD3j(u>jBJDW3$EAZ{TU14nkd4q9eXg08qDGF#!i_?Y*rK<^K!FC#fec|X}>?rvu-HYP1 z`5d?X7X<@o;10vJYF5Y24$M1fllJ!lq)wBytE%&Ph9NG1;h_?rSo0t`aPrtI-X_Qx z+@3VPnJR7jILg$P1`X^@Jpe&)ajmpcq5YmE{%NQiz%!88adp~#Z`NDuXK5tbcUi{+ zT2><^EdSde6F#ELX{N_RhTSETHMW#iNRPULMhlUAa=2w>`IRCtc5^d}XuX%Ep{wD>XZ)V-p(G7Ij;BzG%F@esyrMK(N6I_F(h& z;(}OrJ}T<7w|wSAgY*62go@?^fFKw;ZG(#P0%*zkgBKUw`>^U4<1Gbv? z1g84Q4vhVTrcSTrwQ4MbcfN=vO%YI*(U!9KONSggDV$q3$rU`gy8h9Sb5Lc*$-aw7ML+ zlhcoE7i?xORWW8)zWAFiXZwxSjutAvFgiq2-D{+PQ^Jw=`~tc=wWsi&V&#Wd7FN?U z=#S6kJ$ii=4H#E+^AOyDt+k&ioFy(m+eITSel``1bNljhN!jtUBMpl@A)EMHtjka1 zvS$Myj)DDyoJNbiU8H~8(F%LaKNoS5$W(bKX`!35cT$knfohVeWC=6V#&(02s#J_) z7|s9B4(kUP==8!|wSL?2d7NCd?I_W~KWU2G|L`*H35Uw=#sTQ~Bc4-~R&YEK1tQh@ zrbOIA{4wuS+a$$*XuMki_Y2P$vm8yisht|-TS?1D@}%^Fe`-vGxr63K#!>Jj#!eF( zaRz}J*^c>S3OYAwzB{?Jmv)v$1*P&~f`oR34%x;Y<;UB5p^_`T=D-!LcV=naoFAMw zF^Olkx%u^h_D|(TMj)>}GV_%4iPDYehq*qaQ!y5Vg}!g|IN=i=N)n#9%@v;$2=m+B zgvMI(>Kb9-Kw_nlqwdzmCKu%3G znQ}Ds(;DfV&7Z*uQh`J}(f)aABph!(c-TrCCMLSs+u6rBG%LSnm~SYoT|TNR45hPq zJnc!L)?;M)W$q!H;1ZXc5+BEu#?4zQb1I67a~wsgJKEVxHF-KAmPuNdWfWWYk|5rOqfX4}Rc-R$mk>rJUo^+-v9`)LEDm0X#I)uvcjeU<_Xv2>^huU3OIMaKc~@1J8| z)4PFRk@afWs$FT+X!AzJ~mRrBDb!uK$k)HtbOf1I=(`)+xea}X` zS6n0#<6Qd3ZCZ<$8S5a$B%sQM&7^q~ZVZn@N*AiYE^NY7d$hYgxgkHxUuX>J;gZW< zCrIslv6r_sh-JJKOO2{k+;o7L@D?Ui7$tLUc``WWR}MnYC5N0^`wO|nXWv%CMLF4> zL)wiV&u$)x2LlNXJ?V1;)78`}7TRrD5Q^LuyI7_y3Z+|S5&-(n<= zN0+C^>Z31ZhFZ=6G#_ohrQtcn99-PT^a#byLo`5F1dajtG8+Kvz8>z)jZoH}3*X?J z6~E)EwdHDMI?XRz@3P>-K6NM=2-Kil(cgMVk}Igwkdas>ibfJ&dm4n1eJwwC!ILi#C?(SteC6LXl*i?bF^XP0x?oS}cHY7sYK&Ga#b*gmLe? zIf&)IHpF2<7`l*(~CH8aM&c7GPkw$V{{cjW}YNCAm+7H@#P)I{}$u-o&39$WS%_!%H%tQ#UM*DCdO6K?6W!VCPB7c2;+i>pM-hfs9B; zwAwrGGpvKacy6CG1LH#I4wz1w%ee_tQPRh>x@o3!NzpE6$@wQs?;9W-y)EO{UdG5k zrk(qRdNuQVg-K#!)gBR%dqKcP_4ZKFp6G2IhTSQdT7g0cB~Zl|6O)VdJ)a%1@e5yIPzWco=GkqLK*g@lioAnw=n z?6R*1$Wo_%sy?C0!;h-L{j-?MM+el@s+TrvK(MfbENylCUFZ5{Xd3_r>8CHwKFX{=u38x`5~i!L)3svH~Q$g%h%A9EB;%*xSj;~4l` zxV*}Hs6bf85`~BS2jJ?B0u=GN534ai>0GGKE*w#)-FKB-_I!p4{5rznh8eTht7lm*ljf(^EAIjX+wwFHh9>I~QqTViVh6&9!X zONt{;sNI8(c0`VN{w4W>TVe<7o=5((=1Xni2oN42#PB0q$7pY9SNSpd3#`rrxYOw3<2vqz*xA4>wNqxc#zeXl{7Jz<%a2-D`v;$~RIs zYkY*^G8_MaM*Gcz>H)TasG^zk_>v{V^G)5rk;&~ye{FMchAC0#RF|%CJj*lX$&`!* zBuSWFsWPj`G5dY5F;3~biKKe@k?UF8dt8(2SvRFTp2vd7Y{tDv?u%hfAe$D=CL$d} z_zR$I<_)AbLaF9LiCa@1f5L)j5t44EIx$fo#7<0|NyH@Nt|ykZN{pb{LQy|mea4Z# zTpa$hmcwUrdrw8qrdI@x{T;7!vdhfV^b;xE&5(YQeLhF~@z-zUK(-9?l(^$Yr{i6g z!jSuZ1)n)<6AO7#ZI5t`?tUdaYlrBQRi*RmSm3klXR_57qzpVhs7ap z0q2B-Tu`G^2g@xzjMJh*H8zjT+`-AE@!xQ4f)N!9Ey+oTm zMf$H+t7-3#fz*ps7qNqw=b=oT`XU1#t(KqXarcvtT)j&Tfjv@}m^FJ-o|CfwR5aK&>WBm~2P`7Or0K-(;NoviT$R z;0cEI_}&vS?;rePcf?K~H~gqk3<);XD|1l!y?4>#S;sxrJK()PZ~k6K;5L~vbC&&d zzkLy3ILb@y0!v}nvS+({u6$zGVanO%6>vW?+DCbYmPNK^lQkh@yXS_kp!ck`?nLdY zMn>^*_D*5@2}NDYAV98VN88a%;b^DVr$>xXv=q;l8}I(zEnim%?V2!A(FjbXn%(*Buuj8c9R@WU zDR`>dsm=Q~rkJkL%GRgbs2&Oei!%z~%15C4Myo@KNl(=*_${TIAH?3V1>F>WRqo|YHme=P4z;T?Qe z#`-cgT5ne;)}!?OR-86?O+X>xnrn$)`6Dj!`G-`kzI+!?IQK+VY5Of`q&`VWfJod$ zTf6uMw#z)D6Byuvb41vxt@iNU5SinJ_QTAS;;zw&Zy`nljj!RpuI!iyuE2iye{gCzn4e*%2WR?D zqG**iUYYRY_?4!c@+4N+*xEv|)0S0v|B zc3=Q-q1)T0_?BY+rs@Oq1?$fV+YG%$rS)I*eOB_@{4-e-ed>qSq2^JV!eTt16DD0w zCuRcR%3mIpevkD1+&bfOFlLo3y27=T;i@VENTj&(V7oM@pN%7MMii&wvNfRw0P1hz z&cdu#ZT+xyT%vXl&58)1RTAdMSmqG0mmXUmNuJnHAE&d5Yc6wKHPxjaHcfib#9=g5&R!j_d2NXn zp=*_?xqS*~EUb*5W$#+o?mP8txiEYIHmQqm;k z+z*M;cyD_s@TkXB^A&Zc-fxzGN2FjgaKYI2Gs{=}vM;;CJd4X?dP|UcFYPa;OW!=v z+`;Lg9To6Uj(^rucrfj+4;oU@`l~ly{-dj+9tiUMmSiPk)FQSEdk~F(eujp{>H0ah zdEt73iI%eq7W3o7(Rcknf}=s5_~5c4#vUGdN=R~c0)D608LyP3{zJh|#AYMF%oa?z zR>?fC1|G0ZFEA%fz2;Bp5;deI)$~oP&t73!#>SVTNINtN4bOYv>-+N%ypY25&2p%g zDM7}t+$fBfV~j8Vs{Qg>XBEf@&EogWW+JdT?`j6s^2C@n%G4QH zOtyNx_qn4sPS-cULTG!ftL`&X@kH-N^Am}Mw=jZ0R`M?APP{exqdtm&sjw5(G1<;) zyMXe|@_n@%;b^>hIIlK1;fik>M;y^z2K-4N_<;UpdR`Y4+Y7%}DUm|mvi*Ce(?T^6 zU=8Z%c#V#GtdpX151MYN1^$kL{9Gn6zJ6QIiEMtY`%8Y7rKdIV{&u)j<98DKr|0WN zp9`PSq{Ofkz~my$2D>|`_E1D18UrNCaBQQrb`3dA(d{$A@s?O@g>f0 z=?@!e)^6vX2Zb^;SZy{989kAovqL!cpBscTyu>CBFDiri2y;RLUX|!OcaUNeV`KaV ziU+klz9uq)L3h+L`@QDGX8iHz9jA7?J+rUf(HS3Nz0cQ-j8>P5g`@@wu1KErK}=}+ zGE=;Yyv7yVQy9IT6W%qEGW!TLZ}7rY$LM_6$N#Sko2L|&kAGvtTTJe~ZamI9Y+NFIXs(~p|7lF`#(yK)ap&30e}uj8(N}~p zbY5Pu)TupzFc@t!G2wqw<*>OQ2p~+7MjB6Z|ACdDu*LF)?}CPMNgRmQFVMh7=~3S| zH|c&8cIME8ojH*8uYX?iFQRZS{q{!!|4&Y$C;&V0{P$PG>Ert;V(7)mT6kGYx%Wxp z^O#y{k6I4*t0Y`N3I~mOHq1J?B4dwQ1NC!oJMbVOe+!;U_Wkutu2TceKX^~xv@Eyq zzRb_!811z5{s0NJMjwz}Ul@oDa6_X$KYVb0+zI%KF$pd}G;tjBpoA|;9@e=42n|P5 z4V9|_^aqfAm7{lsLjF0576lk3zkdB{$-W5uc9vwf|6BO_J)T%#pzaCVDE+yz@brLXXP|Mi4%FxoC(Q*8&Yl8XKXkp8c={x5C8Mx)j-Za9`-p{8@u zk{!7zww+g!9sfIM8nA;C6pbi`?!iZ|nDzLiXpFh02L*?cX#@P<EOJ-^rxRs(D3so7Rm8{#ytnRFO!--{%s=!(I1}ll%fK~ zt82~*=$>FI_xWqtnoe{hI#V47uVx7`bY_fdq>a(l2>Cya5o7_BpfBI`k4g;(dM9QVg2cS@w=x^smt$fi#=dWN9SCq_?>$IzmWh@Zpm<1GO^nh?gF4D-$UnF* zOLFHv^k(&(7Au!*?gx!GtPgTJ3CY1Yir`3k!e`GEAGO?+Bg18Ulk*{B;&>6Xo3+*C zZ?)JfayWU}v@}^*w3#WwKP54R{MGB$e7@#@n}~UrFG=>FeCS6k*F(XX*5X&W7yrMt z|9xn-fPn(~ar%v~rnHhL#$zF1y&c-LE18XdZ1g|%Vv8lyhd5`*6w%NXziYG|DAHjr z-R!UD)!R=WF`(W|3nyHqb&ulQxCIh=Q$O;zKExpeG#lX`*mtG0VqA)D6=`Aol~4WO ze(;RsS(o)6D*Y2<9-zEn^%eEM9!EjI3-K}Yh5q>Lm!}N5`TynP@juxQZQvkp;Pt|e zIh|KZ3_7NO0g{gv)BaI*_&-|Ef<^SK3;OtH(-jNfm{Ir8SK0~y5iS&Li)rojmj%4W)IwMKRwVYHH!TAtRz!i}e`^Kel=pxcbh|-+ zaQ`;}J5Ih4n&SA|N&QDEP=Gs@-LISlrW-x1O5yR zb%g0&sVylh0VBMs{nwv0=|67w$9ewUyISr6R$w98ZT#~_GvGIzb@Fem_{3NhJq6(A z4P2F6a|1An-Yi$T!e2U5OARy7=!xBfSAY89KJfda0JiUBCHt z#23eaOZa-{p7sPIFNIKXveb z@c_XrV9-Q2V;5Y_nB_cZ2kb3L)03`!9~Y0wZkaJ*&(HW*J$G9Ua5d>EE|RNN)Tj1M-L z+E97Y5o{;g@dX;uSF}+xQR=gzWb|^Qaj)N2m4Jxadp>@+gWO180??fJLVG$2?`KwJ zif_@nznx2W{z-JL81iN2Vq>P%W6~L30&Z<|!~l$6d)=J-YLTNuhVG07ReU5o2N%?Q zGF+zR3BVxJ@fc0de$>J=HvoOyHvYzIlDw-SZ9nfawju*B_5h91{;l@Ut1ME--SrPy z0R;^fEkFz4a$Ntm$pX9K&f6V#p;t>l>Mu7H2I+{@(a+!_^zL|qgN=elW;C*kL}p&g zmE6$FWIsOEFHiLR*ATlXrh`jDx9bMO#gNEV*}eXHXS zgiOlNIMf$tWN8sv&S1C?*!}3<{Sd0A{zKQTEIG0eN zbe)8RG2!>jqxBTzuek!8)E8)7jv@Sf*ghKms6xYG#D0JT)J;~8P_ePuB@^f*^9~4T6k~;bPsb!nZbAFcDj<0M1yCdL)oe67 zo%Dq5Wmc5TqXl;WfO7U_wCG{KCk%1|gxmEb7I|YoQ)Hygus4o4I7jLAa@vg69?Pqf z;~cUC?y?M{MS?n!`4grMVn1JFq#g3spxN++!|8yM%>C@Z1FJx-sf&YJqk8c&&#*a> z-jT1C4HFIx4`(EMCk}gNWh%d zMJsbu{+Jh-r2_=g1@?cEH~zdioDO(bUAxV_^z3T~Gw90!eYIOaAnDf^%rb@3cTvU( z=vk5fu-6Y`{Ds*kdWf4F!xW8QO2Uu^-x&tG;8?}xCl$zKyZqE|P z24%(YD|VkL_#T{Z1qPzdfg$d`k5=ZPPK18;^aG}rFVAah+@~ zzbh)!8<8sgS`A$+E+rF)UVXcHRJI9CfB2;?^c29A^VC8kSeME+w?S|Nq;%b!KBqZ# zcDj2Z`-c0{($UN60oxzTOO&N#r7=S_s7 zPk$g+c7+l0naCG0FTK5U6y2p))rg_5dsraA3?88@bs&tDJnmMDi4ZG&PNlAOTtd~G zTR$s)KoVf4M-?t#4RzLp3U4RXHsztHR_ zR(5Pl)j^(`!ua3kg4CzHr$I0>>e$u(w?E2huNIhgS~uLWpDxvM!eYI}*ysTLrb~$! z?(v#^<4_{^H`Hp=g)!>4hqdI+ftd-)k2kxPnxz%GBKjzkbrn*blDi{lTaTlETVHff z)}W58)SWqBL{;p=W*jYGrE8nNj0ox}hG{I#np0^`tIHi_FBUfn6wP1<#j}ht^|__| zW%IRUnBY~_mTj2nDd6A@LL9TUk2l`($OJrFDhUnA^)h_YMkr(p<#XtHV4uvg#vrMcmi z@GCzZc{$e>K&SkQ0hOn8N0Lsk66Ul1v+Eah1^3%Ux8P#w68kDbeeu41xOpS(_Zi!S z{E`=<(>D|QO4s(HPuf`|)v?yjRi-52;hbKShk%NcIW^2r=v!74bgwq#XirG&EKzUQ z2RKtyNuWOGVh!?Xee3+VU}fhI3jh$>&<7+0_!sih*b;;O`2FZRV4daAGy$`g?({jR zbjGH?^TkG1ey_2?EoPX%J({X~A57yKB`I`cM5asl-bT85R|?fQ8o{~P>H9=hPq#}4 z35DdCq#>-P;Vn_T%wn?c6upq<8viUHDc|k~g!Lg!d;W|d1L|WqttfB6+-EDtXeDs1 z$uf6YLf{BQ4t##N@jZ7!J3m*YD+RSV4v%v`UPvy3Qg5aBn6G`YO?2MQSiY)ll&o>{ z`2iKf>(vuPrsleu%RacP?{Ie(fai|dHVJ6Cf*n_=rnke?CHUu-(E>)SF?$mBr(u9B z3(~H2fUV6q$)})+D40h&?g`XKK4!=L#A8+0zjMZU6$OP}RINx`lkeXcth~H96=IAQ z|MUims0WSY1xVAdE(Q7ha=$hLNdvUw8u$4E`u11Hb~@o}sihGCTnH^d%Wg6 zHydT?Um#gUbF%acqWqGjJ2bjRe+*EKu+`#yVQStfjH|dezh%Kpc;ibn86SXdbTSzc zbHusykw@+DXWXPZZsJp8VA}fNW#x7!gZka3+#bonooU4EC&%_j_*k!33z!Iz3^Rf- z-!pX~*0pCA$C_QxG>CNPu(CKG_!`C(z<5T+ zRadiEZ!x|J_x3nWpBf>fFLpS_-Nut0vqZdpubTmEu0MgUj?l~H(ECy!A(&E^*SdGI z5QK#lChsoU3^C#Gwg&Rxe7VoRHZ3+YF zM15|fCPw9$=DU3F!u(){k}hsL9ppj~VpEQu&IPm(oPoMB;jP7TV4x!;|<7aAA;XkEh-Sj%A4jQQM z%4TM))w+u>ZbQNl&hzJ!-nzE{*@`;JrwXnf`El{$c)A9!Rmb$@yKAL8m4BRD+$WqV z0Q^uA@EV6{5nCd@ci34oeBAz9@2e;EU{O0+T%i=Uk)DundlJ5PiyZU~fOejsub`mj zNqv^gy0*90ntm-4#x0QcOs776X1w!5x>z?7VIaYvbIWadV@!UA*?c`_BaDBjiW}D% zK&yj?9vMhAh;LKtd3uZ%fc&&-Mz&pnZAc6X*mYpImQSB+bm1g;Hmw;nnar8jJs8M4 zkPR`LIP42k!>eSH7|-XgTbL-MV_Ma%==i}K^}I{?_QSS6Apur&NMNhe6BmSRI!hY} z?}yo`1QwDaG?7YOP|)TeA@9%P6)@JdiT#v#=O^PrMRCqr1-5sRqwnddbVXRFsOK*9 zKH%x&r+H?GNaZ6UllSHlJJ!X&*IyCMd{7xjG&_gh1ynR^bfs9C<;hg(Z@!H$Kc?hR zA>RZ9B2h=wVd)(DAA%*hZB&+2vJw0o3v1Q5pj4VwAlt)$l!j(OcQRGXTj$0DxDpJ) zw2scMsK~AXk9EmT2XGY(xK`o3aeT%S_16?Z3@#iIo|C`!OTGAtOEBYA{z&e$A4mhkDib@-+q5f>yIU%f;DLk22s`QP?FE9t=Jm7=OT-bH_tTQJBv*SXp3 z;f(_%u-*R5Ul8Z~${gz|oNi};-hfUwZ4vVsy6n5NTRzW#Z+YW@Y>Edd=C;tnPH(Bg zf&}{gXKx!>_XF^GfbuMQj27Jz96CJgyLfaa(8#mdv>nQAmjt!ApP;k&ehdkfcY7y~ zu>ov(mygDIA^P_=5k?m-kh>uM@`1-sZqfy5ZtCA@wqsJQ*}Kc9ns87JyssSYZ;W6q z88opbkeaL=G|7wD>n#q>H4}+3&_VX5OyRO*@JN!6Ub72ZsnV2}~H+<42*o%{s%Pf^TeAUEFb z0maUTJ-VVNt?v0zTXuOuMmUt?DW{xBNbF-_^u?cW*^#4ytv24H-k4%ducHM4gW#5&cly0+1^pEE<>LHx(w(JZ^E(zy-&j68 z*b{xx)#aIZcu(+ic|wNI>SuPWeYwfT*rVz82Y8LHIhpX<$|8U2Su-kx6<=3{oBtN+ zI=MdgbW|0&ciE2QtVGwft}{-i&2rqu$5Es1j8hB6y?z)v{3qJ@JX zMTdGmhBc2eA9K|XgSN>R+?V+cIu+_rX?a0>$|nu$#`;XFI6Hpkmg{hS#pA`PuN>|i zGrlG!82z(3hD7^1qh?BQNnCBMx83gVsDGSy&^rOtd%?rR-5``Np@j_@14>{6LEo-? z>8x^+_Ee!6W62wyv~@BFNOZPe4@vKgQ96rHqOfb(QUf$kMOHOWIc#ZWb4o@J99k?9 zp2c_b_x&MtI$0*~wyGVxaoc}BTxan1kUwdA3KtVuHL))Ov6^#4{s%Bo^@hNQa0(Ss zrtS7tA{_w+6gm~cIX9|P+kx7Y8jJ;EqzAJx@VrIY@w!yuI^m1V$7x-LL}D?&>7dr0 z2*6q7;d&P%C`FxXR#39Xewtkv=bTnmCf60=EWC6bp zWgwonw++M(-^47v?E_tB*?RVQ?&<u!!-PNe&>SMd2h6C%fKzu*GTvleZzt(`$A1p*V;9x>f-yH!2-a#QDyFRC{&9nY4oBSk$&d>UUqWXOm8p&DR?<)nLgJsWTY7z!VN#S`;ZZYsCkf@R-?Kd)-FUKe9BO*Z1Zf|zlfAw)Z zep2C@D>fc*RO;MI$u-xF)UNVG>D#%&o$#K{>EnR9S=2?mMTS9;;M8BGs5u-iW$!+Lk#8NhaH{i$Ai@ar64 z1it4;nad=ZnS@H}&Gm2PiZf{)ke}B1$J}A1fFFa?5Wyx*ZP^gUF&G2v?xlRx&3kr}$09wm75Q6DhtsHS1NRo{uyblU zk9{u~!tI%Mhh(BbK-lpv%&b4pcMArleN)(MqBj=puR1T-6EnOQC_SzEGvx(W{~5b8 zIlbU2ddXoy4+r z$9n(~T#p3;h3vW`U)vL=81V#@xTQJu1M~JL0~X&u?&@o0xQ4%YQR;f68v^!D+mC=u z4jOZ?AB`ayZ-Lmh(U&yg(TN;gbJSsr8Su)1j5}&$*Ti0Q>GZ!%F6#&o;b(x@*MK?@ zPCE_2fh|!4anf%4JL1{Jz6kuNCuVl8phb$#@7|)6#m<~HZhT=f0+dVjmP_4;Cka0U zM_9~z<28&Ar*!R4T?;lhK$NJ68q8kd^VI z5g8qtQf0@n?vUn6>Y8Z6m?P6DYhgTHk*Nhqn(o=2)Cb-y;cc&z+7?qW2_GjdRGg{k z2>;pf5_Y+-)PNe5o(?cjLBx}n8Uo-NEq=+%lWFtI(C8q%2*Po!Ckw(U4B?K{JIVZ{ zR)Grv+Vv?xkw+&Xp>>i|TH)OztEZeU44ckYef@46QBw@?61+@dlaYb<=X(1tEeKb_{ucFdyG%eDcf?3#u<* z$eDyKG{Q<_iTT2m2Xx%U2%PoGO$d$K;yBjpri1OXBY z`2a#7i2@<5=lTvdy<&PqWoUb!`tv8dmkum2N)FN?L0d%Y9=+R1d!Z@34QF`or91s% zT)<6kh0<8M?T#=*$+2pt#87m{f@h#}yk6)hK-Q;#Dal8+Z z0?$%!g2T*3Gz7RgiD*Bq^E0ov)Uw9F%^2wub!f$5v!*UD#pO>$}P{vn<^2l?siik-2HE zX(yKE_c*ZRz{kCvGAB%uH5Awovw3Gp!rNPZT!x3@*ukhd!yDhcLP! zLMpaALx^dYbmU`kctng#cm;mjnn31Ks``YaQp0>>_>SaRC8ly-`02pnQ!@*_C9mu_ zUT#oF_0wP?2(29DXxL*Rq*MFO*LO3$Ns!dN?mBRN z@*$O4sTyxYuG{w@mrSR39rn6F_0`!2B zisnuFPdYt{0Y#8>k{_oipKcN_!Hw>vJxOb=6x^U5v=ZJd2EfY2;ku;0Wd0`rO6`{0_Of;x^wU<{V^q&}@H z8^e#3;ApUuVd5Nf2$2e~YS0l^sOx`p9Lc9TC1@vcENXB{WE8@^HaY6a8VIOPqXoia zb9-!%z+%f$oFqc1qS_+d|AFNxqv5pfn4CeZtA0aOn~8Spudwq6;hupzIL|ESvXYS6 zMh*q`MoG?c6ZEA94#x+0?s?4Z3+?p*&C2UlJvhOD6F^q#FS z9CGA~F~Qy$yXojgl1T1Sl{CVhV*x|8z}E(jKTQM0#WSG-=o zvy|yM{g%gG>Gh7dflgG@Q-xrz2j}{=>x8{FsfBU8gS_`PbOnT?;)sH6`xON5EkN4{ z?rb?xXrhGQK%7MMv*U=`G{>y_8Nb+7_3>jm^|_?lmioUSwwPl{F0wvS@Nt!7ngZX5 z*|W=S^PL8}&?;3}=2;l(iNbS(D81Rm3|D?dyBa`B$}=>MOwv0#;(tgoFd?<^k&`;arJMCJ8~mmgIRexD%UfC%!i&i=Ku9tF%^okhX!D46c-L*K-g$Gq{S zwXpq?+#110G4}%b!}0j&*Yn)unu0*A4f>@_)qQW{+T7i>Lg_?Nu1(lGSndq4k-Ya? z0X!z@VkJy5)ebEA73>$fZA5e%kr`#9g{}o^)NfmYcH67RV)@8sKevUJ=d(}w!wE() zrRB#zRpq8Qr~4RZjYXa%Sv1|{<7<226nQ;Z1j(TDnpBm+tN?YP#Xz`q;^hfMYk;8e ziq{V>7K7j(bVN=B$BTAHGG!XqUf!ZN{9XcsU`6+ijt@tz-rE*8Jq6+m#cof043NkFYqk!b@5@ zjy|E7s0kvn@Y|v8kU$o_H7-p5aX`Eie_0Be--WaikIwGyaG3WZF$2b_O*_4kzlt|} zT8l3z1(BP1IG^!Y8`O?sT9WdqPQWn@bxw?L`aQ6GZwU!Ajyafjzg zQ1w;D#j6T|H4R33Xp-xkV<`xeqrK|}Xrob+CK2%uZW9Ba#}F{Z*Qd#HT4SHm@7Opw z+S*xRTn_+Zj7%<*+##0sT%L`yLfqkkYVs9l#=sZvMNEJHO53wRce;k89C~pC9{i!{ z#Qlpth;$;PQdZOj8^gI8WD3Nw+hweL^2`Rw;xX`LT#xcIszs*hX2b2lCk4ujs`(mc zX>H2He1p2r-x4+?{roxhRz46WKXQ?$zCX_r&RpV_Hs74`_*P)P3FmFiZW)UAJ9@WB z_axe%B$a&)Ak!nvni2h-Q8PM@nKMl;T_8#6w>L-C%^@f=8LvPqa)G}~V@9^c6&{~e ze~*8Zez|MEwkFlgMO=Nxf(*>y@TA_9Y>A_s71giwp0~j)du_G2$0X&k%Alpue`k=E=yHaMPMN&V}t6( z&?L$?&V6v1QD7$q0m}ZkRq}!W1zU2(gB2Ny<-#IJ)ve zsT}G}Fy}-<*otDFk+%nQe+cuk98IziPYwm%K1x1&vhH5jSbZnVfkdrlfi)!jJE&X% zUi~?_pYIdn98(tTtN4!H;)!bib27fldxAUa&6}4&1}za|*xi+3P{Q5cO5qe***ShFmH$UXg~%nv0YiUcFVv zrzaRiTju2FHyhzOWp+UH7M9RR;>}W?L$H+smCS%0b#O1es!ypqO0yoC=5K(3dnfReANZYbETpt_Djr?-__UQ{8Ny#|PjCbqw;5P>n6 zK00HP?KS-nA?9fF%OV*G1eN451j3{JlWui8JQ>e*R-@MKN)d}^ylCueEfFU%$zz}@ z^_mGGq8FVbd?e>5Z~;NsJh(GV6lSltq-#hVi@)UL?VaT(-VYa?Y2z>l|8kvjQB1)> z2nsC|RfeUra9xiX^hY8NaH33Z4M@YVP7{%h=Dyl+x%M`}SRZbb?P=x=Mo73C)t(^3 z{Y(dYXAc_0mPBd()kjH={x-J`vFkg;e&i(YI9beN67TYx`%0^|L!z?8J2ZvmAJ26r(xh*7OR>X*m%N}gF(jtY`9xcGECG=gvL{#Jyz*|%rkR~qJ0 z_K&^^B<&z6OTjDw&o6P+3Gl)akvK}ANWtswpLC}z@A3_ne!x!=%XhgL4*@3|`m8{~ zmEYZ<%Xnex5y>u8FBr_?TpHFfb7&BJRSEh5OI8d_HSu0XYH6VySeV9oJzUe?2KFcG zwUe=9FNwHn>lgqB;x~x#;6Bcs$~MRb0`i(Xsa1V~Z|xAPlt-x@whKM%@sf5p38hp^ zZTFL~Nq$Yi%fGsfVI0LMOy*x>7+msT4uUPk`54wb*N|@o(8i%)hPmt)1dr%R4>N!BRd0I6B?Wkn+!|YFKc2u4QesA9WkbZ`@aN>g(_W0ZAQu(X`t;>`| zDXGU&jqvVyM5^kU?#I{K=f%a;WA++M zG(#k?0h4&ezW0O5kA6u7ahE0|0)8=7S5M8QK9~pt!Xc&ER*m=Yr(B4Pjh`ekYl)#I zUR-n>*Z4f4ElxT$C*|YP7U31TN-}k4eyz^bPPyj8z%(O(SswykG7RWj26ksP1yV@` z{rn;h2oR_tNiVXW>A{b>!QMNM8%b&2sqa`KDk_OYW${L9syLkouBT9y?h*0<*Dedi z4iptUWCpXMopoE#RcsZ-)zr}PD&Lzts4^Z#OqBb+6m>A+NGLsNwlK4jq;mLLSlJ) zjUfyLEhCIdhemiWfaE0Cb-Dn1E-FS~(@VrhEMzJRuA_Lv^NW9oE~b*q+l9s)4Zy|b%~ADPZ`D)|iI z20h`Q>p>I(<5?>C9A~7~A~IsIBjSjJz1MnWzb}2VwY+}aJr_98IP8EQK7bk6??19+{3*U43R_c7=d$!>oQ9>^?tX}d zfdadXw5>F?r&q-DF1~^pXAOVlkUzA^fx&1U#s%alE$@)ePSi{ySQWlI7dY1ifUlX7 z)q+C6y}OE5WSP0V5G5nSxl}GOC9?yb)itNSHyz>)uOv(3Dq^dak|G~vzy8u|l^jPz zrR`UEVyVUiqgd|heL4oL(kNz%>@d2W4?i`MRK><=a#D31 z<`o)=QmaJ%TyUy`I(_{65=bJ?#K2LxFK z3)x2+Dn>%7G)By9R*iZ3=o6t~6Mb^VWDI8C<=C)g#*;%_h$!Q9HUUYxH34C$5}guw`ysD!-M|do4c;GBkm1QOr3=X zJyUTTXu)aCRR8a}w8QQ3r<`~BN?Yguxx!SB!)m_H2x){jgn;2$p2ybBsD8bnnU94A zRnMg5H~Bj60K4r7DpFTUKX1h}MbnmDahg=!`D82iHo`;${RDfmg@v(OBINup0B+d< zqN*CyQfbX|8x-D77htW^#(j6KP+C4H@;kMdB8M^gBiJjxZ zpj;DzGU{Nm1@S{zAMh2c3GEB>DFrUeY70zP61_#)&jp*sh*-*<;6@MG4Uk&8gwnmj)N_oFn9;ySd^DYWw8v_8ww$z8jU=K$+!(t-I#0_KZUxqzfy zFu1BDCsXiqAIQF;@eSq(5MPd8;H(Q6QMRRGFb5wB*&AcYsGi*JPqnZqx+P^WS1pVb zyxn-;AbpEHCchXZY1v@v%6A?GDukRfWYRK7v(WCAQpp>4xl*`)up3%^aGRIHP2-$_ z02VE3TPlNhjvu}q#}}X6mNnc@wG+Q2N&co(pL^XWY%Vnd^rT^~FZi*SN2{EH5R7AGp4kb|NF?LM52daY?e-HO+ZUPdru69bSAw0A-1PzE@IJXk0t`9GYonN9 z_3Q~h!fd5`=AX3q4^hB!h>H*5+Xy^vrI9gmVVNCY(TMOSlX@`b9oC|OM{(nGL@={y zu4zogCpQ!8uSogZAVgKd4-U$V;TAb@isE3ItO0IIsQE#SaO@{e%F%5$1J$9%5U{`z zK>wc*y^HY83GBW!IAoCyoFdHD;}I z5EtK(<;d7pcWYFV2`Df1r8O4FALQCp-Eh#*BOx+aGbU+o6DRbGPCC} zu2X|ddJCVE0IOUM8+N&HdlLvzDv$k}#TqASnT&Wu0L9vy+ccbGp%v+S_DGL|HQ4V! zg`NG4y6NvD>UR_8sAQI2Wakb=Y!T8F^=k1Fz=gzN{=MJ~U<2yWHyLuNJJ|845bE&# z^B%A_-VzALy@D}^#b@w_OeX`X)QC9oZ z5O8@^WzPrd)m|q~>;)iGzaVkNQx~TlG9U>Zdwz)lg4)-#87%8nPMp4GDr?Y1JN5g4)ma?~u zIO#FN9e)ga7iw>*IVN#$JJ+!=N{HfI*&68WFu2^{U^u$f=y+Y$Al5!P%9ChilLW&v z^zdkrk*DPM5l!lZ9eE&d0RJM3_7dOM@nUho7Bbi;ZrQd$!k6XJ!-hJP#VKSv1Ww3n zJ6FuDnt)@IA29FgI_-OtbX3x>Ee6;W&QvM~<}bvs0xXl8qqn@^V)EhCE?r$95I@78 zL=)m=;5JMJIZ`9*MVD6_o(D^|-|m;wsO!w~@fzxdZ)jo$*42Zo^!nYxD@6L?E<8kn zRF1&9g0%q$?jd1mo{{J=_>PJOuxr4tTsj)puHzo8GVA4~y#>B5i?l^%^Iim(lmDis zU`Bj@%7Nryawxbg@O({so}kUi102xH&!mynlmB|LBSPLn)i=)!V8l@t#-H05PzZHN ztz=uyTf+o9cPC#jc;70((b=oZ=v0)Jm-WkM!1-vvkxewh8r^<;ax{BN&gF^eTzO=2^U-=@@cZ%j=D*e(E+kzuDT+6O#SxeYclWx<;}<`M z>sy^Ne2hoH;TcGN-{hIIl>Gv=*L=41yLPd7d2DNszjMz~A&G|)^xdu@8O`$?i02?R zjf1Iucw_ebu4+%UC8caBt?t0rrwn3Td7pivW*s68L*Y?IIwd3}u18q`_cgu4KC{*? z{NxJ-`!lz?BA(J?D%fxR;6v7(rvV{9fAU~#8-$gZatu=$g+`4Ck=2gf;3j*skVs68 zfBS*IiI8+xid+z0!G_Dit-E6}=mBrI@kW!ro_edv$s5ZWMrVIG3q{3H1)c&QUtTD* zO1;y4vh+UBiU=4a$+py6PZndv3A54lOY4X*I1CDEGeLFl-;4>5PP0$G!#UU@7!uBK zk;_H=Mtjh6)Fj+ui{y|=5}-YKrQfdL3fR4tTx!J{CFm_Vu3yUkJO&a~Pdj1@nNm-V zJ*4+gTpg(IxQ}-Bv;zw&&~zQ|&JCoc-YHMAykfJ296ON}PPu zSBYG3(o1N5Z%6sPeH+YCaJGUDn`K;3=(c+iDag|FK6BJ zGQ;UVu3g^;t}+Qne%sB|?(&jhVJ5Z4w8gPg6`l z=%AIkGuP~w)kz0Qd=KA&l!Ss4232X70I$we{mR5$+gfcZpCF7RL%FQDpq+i5(tAv= zRE6nnjE%gm>3q+Msnl%{(SB$U@7ch>YhJ=!LmP49B;?@#YE($d}CaOjq95Tv`M1?13m2(bIt78vu9?{ z-oO1V40Ef8yH}3c9-oYaen6vPS1&oCc2TcA_$Iobw5>Ask&m^%ei&v#-lt!QI@}Qt z^9JOx*kT0tA5v-%7~YO1wpKSNv@%iF$*Kt=;QPAZ5>!0xS(3IRs6B9MwWRwH9IARVP%SL1+;4b=0#NxwAeBwcEvB;7Dn~ zI&LL3K@*qdO5jHpx|R(Xv*DOw#6`XVWVqH)`#X0Mh`=dKR4PbbO?t%I>a`{uO~gq! z2IfB*G?J8rud2RXJD_!N8vWw1$%5Q_o@`~KnIb~3{yNH-$T(9bG3A9;S7KtK=jDKo zAZ|fa0meY|8F^Zb(iA;kv29~=^4*UyMN-oDhbU>?nv~per|0x#&9?5Ap9d~bWmdRt zOpTSfx0%OfOb|Mlh%6p#N9JWl9An$W9Iy{@Q~Gjf_~!)6@}v*IQRKYkjkX2?whC1J zb3jTz%?Jl;I`nTTw_`1cBl8w-+$OCtrAk%UqKuwOLBieZ@{-v;LR2g|BIdL|m?_G~ z;@-a0RYH`*dbQ?mk3?`JcKv)|tl9V&Ys?*DBGv0+)I+Crw=hiI9sj-6!A zJ?-Yw%?1cjjl^g@{MN@*H(x{_J!FlzW~-6v^dV*CF7^(Zk7H3FFeyrwF1C$?a=02v z0Is)k8D=*>$poV5C=(Gy=+0r9WNJrVX`h7Rt&NtrB-@m_KqD+wdpq%E%AI_Bf9qsxwv zb+@npyEC*QU+woj0}ReWvT==h4(9p00Fb7iaV#e~J9#=;nd!Ev-2vi`r?zGJHmXdl z8QIye)bQ^pbnquD>5a`g4_{aIcqxqW2Y}{^O>`xmo+L=V!~e#e9stS>3v|P6T`PBK zv$%ZUv9kV!mhj-%L7$Xz<5f-{YEk3T}#v(@rlN=?v-g$6I?tYnoWznDMB;;4re zr3jjLBwqJkmd5tN3^Hok5j<+D89@_99!$whnSSfAH)cx6MCbvz86!}B+JL0-^y7)L z9_TyxAiLI?2Uk=Qh@eC0W$iPBwbL#QIvIS7iAH`ARhb*b8r%SdQrl_X=FX0Ldf$d2OnK$Uw^jdpXfaH3U@v5ZmiG_T>LmI}-uGzQO5C_?Me5u;v0 z1KpPoJ`0nX!?}3BRci%&)Bbu5XU;v-$3shm@sX^$Om%z9?|3Y4difZ`YCEhToNzBK z*xOE9)Ut^o=ZxV_r`5n)m(#$a+;O)h}UZybE7&K8%i40Gz z_xpU|2OlwDM67-9bP$l@hi%v&;WSh2imt;XoeJ3qU`r|k^Q2!lzeKPxNKvJO&zF;Q z_unWh5wl6NB||)t)M7rNv|2my6@FVs1eXsuGiRQTwu)Qh8?vCMXE9=1fVoKz7B9YW zB42Dm`ZlQd+Rkdqi0%ETkq9mmdQZZ?H-7v4rf)hCPdpsh#G)Vr(^7%lvlB{^FH_*a z-J$0vQHZDa_yr(H6`C-<6YmF{YeVofd3Y~Yk>PLCT(-{ZlB1#xZL=u`Il*klK&p_T zJDR>q%0SO-PNZPtk*NNYigz65b~pH17XBYXyb0b}0EZa7wRYVDYWp(~eT*Wk@;zVh@uQ`0l}9MO>G zCeGByYOt}h@6J6vS*VJ#R1=;x)ew`;bPh-?QtQGzS~_osMNbWJQSiI|b!#iHhr8JC zaq=NRzt&7AcUBI%+0prVWz!6Vta5Ho4~9NrcaFQev?Osq{6cTEP1e$|60H8=YOZ7} zl>4$r`6ol$lKtEG(>=to+VG(tts-3GGyOYZmMY6D`xDdN|ww;lX}R10=WE(4*2V zSD_I{jS(BoHakQyLc5sYB6;UUE__yYBlw@C=NgM{hJActoI*B!)UtlYVJY<7G7GP&Po-O4c;y|s6``J@EQQ*s?9OJ+p6?#615 zA-msczN6L^fn{jIH#{!%C%OZ`DpB|}R?b{phA&=(hj^Zr6Tx|2#Ac{ndmR@~XrH%g zIRt4rX-~;%xt=;q1hrj!-fr*RRobf@3!glFS0$;S~WYTZY#f!EL!=_Gs$1yL?v;p^;eA=gdZcD(qi}x7;{Q7jX;~U*J z)i}ZwWWrDM)4OT)3F57Z79hd)gTPMuxSi?wu!65xh8vJz|8`TS0c-JF`|@K5a+Tyko%2uv_Wcvem<=q zDX(G$-m(KC(chB5O!IHg*gQAKYfgb?=c4ozEpnJ^Ky$#mn;xgkVDxgu)p{{@6o2?4 zahgjbU@Bd1u^v=Q$N6|+rrOI?$12Rq$snrMmGMK#_a~fvGK)5?jMI!2Tnj+3aq`7{ zJEwgLWG=q};naJ7yGYUFgXY2>HJNuBs1fHB&Rl71y7GgFC5{JAoYt-v#G-DV^V=In z;gW3}?vER(jZ4*z<7^e!Nwx z6OpeuIX7iaZ%VoOnI0m&ju(}b{Reo>4@rDQjeJGd0Qo?Pe5GSil>MI>WE2k&7 zPF#Oa^B&?j{e#!1G1YGb^i>>s2#n(I|#tjGtuza z-D98t@EsOFq)4|9zprs$ZUCi9%%BoS5eI-^$+jf^1&1>I1Wxec3p!^N5_wD$P~$3P zCW}+7Bgyna&FfSxC3jp_RP|I@D}`L0FeWfoQLrJIu}T}OhIhL#hw~Y#_Um75aU%G* zCeLg?M0XZuH`8e0u%P@fM?|M__nO6yl3w*Yl+f@=d&u>Y-2&~;+4U`yb%eLfnJoPq zJ<+}n-M#JRf-I6B2Y?_kwNo+wg36c_^`_dm=#+07pLdFy60Q8 zDD^rFyZzSd{S(k^{jbi~B&JQi__lbtr1(iu z2ViP^*FP(CoY|7xab={uhrawf(*=Ntrnf^cDxot3R=`qz1Ld4@3W{iuJxbKHm8qF` zguH3mtJQGGAv6t|hpC%m_~p;`hQkd6e53&lZ>WDu`C0i9Gz8;DV0w}ck$k1Lxm2{r zLIz^?w_s1x&VanR?nshg?&aM9r4+H$_50s{>`!j&eX`Gg4&uM{hUL*eoVx!z_{ql* zO3a$sFTA{`*_1#zM>~j9g@2Udzkd6^a~g4gKp0(DzSaJY_tJ$TFpRT|@PCi#UliuA z$8!aJP03l|`STxCp;CYe68h`E{)^ux!2*4@^EP?%d(b|gp&{I=4P)yn|FWw7`$)?7 zfG*5AmbAp&k6{VO2GzXKFoFMzul;2+DG`7a z@EjOKnCphzecYTbEVNG#Hnr~|r2lNk{_zm?&ux^iLQTpgDyQ4M7+ioZa4UZ7`D26r zC-H1H1XPn-C1fE0CKyZ&9&le8`wFalVSE%|$?`+QRFGokxSas8Ec>Mj7EA4(}a zx?ej9Nq|VHS{sc1wD*^z{wJ}Ni$IqmhBNcM^X#oS)SMlaCL8_HtUp8hFMVoXhhmlN z7D-j^*=N(Qp)G!b=)M0x{^vhLD=PvBO?gg|{XWrlniJXr;gI&f8uVB+ki=Fpv9*TpKAV1T_*E+1AMYnbon3R`u$qDV)Hkp;0NgB}S8g>r&--B*XAO|L9VD1C^J?-zmug`nIPa8qkHT$@>^u0P>0RLvX z6W~Djn|<*4CJ9KvsEIOP>b`{#=dpPzO9Hy{K5DU{{&S|pg!T!}p^Wa|75~5V z>A#@E6e$1ho+X_L7|fCPe{68OE})GFIiop$=H!xisE2&H{89esOY_J97*-+$nP3WW*!wY#a`>j4FH*A902#_`v1vj6M| zCzSS?a($QdJGL~cJs;Yl$~+qO|G2>Z_r?A8F(9LSGY?D^jv#Ak6p zlT;fa>u>JGAPKZMg=qcI@8=cG5`J?Qcefmpq|v}rBGA&gWBq@8H+UlUx8+s$0%3nC&y{e>uvR# zq@(pvf{p&kzW;sf_lm%P1qddXnSTj!PN%T zuumq~2%Y$wtrG#QBRdVqmET+473cuC&j=mXEXWO>S%ngCZKJtq{VnrHs0fIXPzbLa@R<9eQwllREFjaO}g`Y2dMYKb;vHAz0Nt@#1#fgllcUT&R^a!bXnkaRWL!~ zw#(}A%nnh+B~x>5-?6Uv4DkHC=&k?%LISd3w4=FCsvE!gg=pCWUZe-2s7}iLp%!RK z{)OzlfjNava!a4(f-?@A<$@bKIL_lJOs8asdj<3ub6TzSI9`&$8R|L%$cR@t+vi?C z&k?k?ft(IqhY<<97oJ`xTwYbK0Pen=Vh##1+m>K8#Ks}||LO3Am9n|=Ys5oW`l0X)TGOE(CFa|uKIRYrP`5;Nbw0Q;yn{{`6R zFl$=y#yG>nkzLm(LUY?21?}mwG#Cn@`v4X=FVP0zmS^x;#5R9eeF4J$S6$HB5uv=( z;g;2&uoD0uY^c3tDcFzg5?cHKvwheITJNA3>Jy&;=I#4-=l zck4jBDyZqa6!2{eN|T(J2h^OYj3lvr6a(>k0P160Cx#?eK&!s!Ydo%f;BTHX(sGh^ zP||umf1n!aGN}LYOYvpPG1Sk5bCB=CvkP(0DMa?ajupC$-G<@?S2jj1Dtw5n+aKZ_ ztdx147UMX20~K@R-9guvN! zenkArwCZ&nLjR*vt!)}J2eS|;r{wi1P_E^Z49r1^&Skugx|!|ALv)uuv5&k%P?y?c zw=By`L|x|INm(J-TP$~}avQc+*U4aaBZrfeMfZF;6`@-w2QA-o&`wVM{VO1U5=VLp zD#tfLq@K=WQ*3)&<{ZDVeU#4Bu+_a7#OMyyvVb0*b1hhT>}aTgoqO1OL_$)oIul!e z3q%xfvKcU| z>`kS)tvE}IS=47dziAdg_fQSg=1Q!3*H=&RcHUHI$jzce%f^!aXJG)UK2u!CyYCJ0 zHc3vuHpgiLxb28UoW-J2-q%DKaW_Bj4t|pK;#oi%V?T)BGA+~AjkgqXCGG>egpD!& za-p&7b3gmLyQ4@i{!+Ke_Ypmdz*=N+m?-5}O1xV*Z=FiURd`iU%9q=FSuG6ys*f z4=Ug7PgJ2R{16HYs+q<4KyDvP+Ip#`?P3_~f1_O#a9s7Qm|c$X%(ArCEyn6{M2b{^ zcRfj;_m;UcL=9lR%BP!=uW<7LX3=Y&sQ8fqW$Rkw7GjrOQk#QI##K9AL2BjmQPR7^ zAXKNDNztA+8+8*tuHG+W(MEaD>k=-ueYo_gYocsOzM3udCV!)gO zR;I_0M#yXTB%-%f=rjFJK96=QUaY2ouu0t53)$q-N4oUKFFt=hqhfaX%I$s$8e|b0sRIzkPH}TtiHY|~;eQK)NLn|b9B?DRhG>hgc_xt1soNB6p+ugLJVM8RH zLF)dUvJAk-e1W>=N(Y*3w@;m@+79nXQU!13)p%P z1(pME-GiuyK+zfj`oqB#x{fcp!!_OQ3cWMWri^b)!kV;4vqECfnq6x%^C_!;0P$Tb zP%N6w!tDMS;1=Gwi83}!FatiG{*)Luu8Gzdk~jg`Pw-rE5-?j2b>1<& z`M9(8kfR!Jea%RQaw`3WX7ax4SsQg5qUa*$p^q#wh37`v(kA?MeJ&AzD8_BSrIM@+!YdbadG#n zt9#czsJemkvTcN<*ygzZ>+X`ZzUdOV{aef5|i#E*a2@nY9lsEMNgW^b=}3|p1P zhY98sC7ZsV3|7_1=AT`}?YK~X)6V<_5F}8sp|voW-iH!ebw}(vD?xAMtQkl^kZken zX%T<~b8U#IAic4Si>fexHB4KUC}H-PC;Y%wJra{WP|g;h25+dY2JzP*tyZ?1t5R~M z1wtcDRjEuDjK$)wJr=zMXBn(Xt|rY`GTrL&!r3Kv%idv=n-!MHNsu@;nXMg<^zU3yPO1JebHqA*+X*#qR z1JnTgP-U#Il2^9FQ<4~=&06eG3W)}8H^o-^OhHw_t*X7wozY3+nZ+a!oS~I4G4C(B z7BE8a1l>({P;@uEAuaNJQSrtVs|U5xLGHXNFZJi(or-V~!(Fg)zAQQAQS*-0!E-)52J->&!qS1msTrg$CcEwTEUN{&H}9th~>v(OkTTn0_Ws&k;SH8GSQ)N&C;yNMmWpfQL^50omfzjsUn=f@1kNDZq;A^b`7J>B<9dH2S)-uCk>v_Rx3()x}x7;l5Z}hep z!p^~)A&rm|V4g#gLz7{VViQ9J|Ba33tL`F=_r6OeLLsZrYdz1~SO(9}%J&x@?@i(m zK*u9Eos~xL<>Nh}c6hMiBgjhoT!&*Zr&gV@YLWc9DmU8M7?tap{EQ-QA4^n`J)(x* z;9#bi11r6!TJNjWf=&Q8(eF7JcTr+2VD|Z|NyoW^>#~n+ZUSvb-A6C-%1q520935TcSess~KQi{T|)iRneMc(`NIQIOJmxUi@ zU{^)3Cy*cJPO6VI{+UB;jelQn(GGFyVv;<9@*gd+)8OWdbx$<6r?m zD>64+HR4p!4XvE>11Sk?`s;j8LEIpzxOo8DkezHAV7PoSzs_+6oZ_!t?n(q}i9LM}&uBoH1(1@jeQ zAS-@0G(%*rA5yGiR z>JZFA=H3UX0P;@l&V);x8032X3Qty>9p5lU%>U~P6Im1ot*vZrtgTz%hClq2c)8|K z#WAp=&)>YG_U~jj7ovu4K7LQ&Vbq(nXFI=>X)! zBi!+bgY&s6+fv$LeXl^NoZ~^stLCP9?PfeXzAJB7G<;ST4zGb=esgjFuSwW@AlY>h zyI%j4Z(1|9qIHL~0X?)s* zzDTfOHWTeRyETX2T65s_^P0~hndcV(Z?Ja2yk-26w953sZ0i)c+?Ucs1lLvPc^!G( zQ9Jx9ixuW3UnCrXl^82h_B=l zkCgW7sZBFcVm_=sC zrdrQxP}LG(h8$uLHyn8o#dRcj>|E6L-w&h0j?T_OQ(Bk`potuhnE@)kW!0!W5nxeS z;ZYAkT`v`YO*br!J3Y_jq()$6I^mKeez{V{;R;)k--gI*zn6Aw>EN?0Svuu!2HxHO z!oa&6vmk~Eqc&hjIg&^|+?*(7EWswWd;^L<}9( zb6Hq));gbL)>O8FeioWR!wxOJXhbTZhugdVyk4}rS#>qgAjVM)j-dcNEW}(9DG!~9 zbOyc`+8F$-i_Iu2JyXLa>CL3`4T_3(2i$cPD;z<>Ma{Tvrp%HH7^Xd*h=H>m&T=pV z;$#a{V(|G!5c!n$G?AbqqMoX_x?qs3o}&(5T6rFAd6-AnSnaOyq8k-*zVk*G7gs?_ z{mC`rwSu6|zOfI^0a#b_suNA=@#jiJWDPY>tCP=P;+Jd8(U+el6R@+@&A=bl0sOnN z%3chi+E#uOo&rMFhfCa(Mg`wzm)Z{I2OR8wW(dbc*KR~zy ziQqm?5WzGg7_=dC-K%`GHdB9M7uTup)e%8FwfhNnon?39qFkr@g!rf{q45J9B9P#! zvEYng=w{J{qhWr->dgz}xt<=ImtaOPmUI{;cQ&?7!ySLmCO>%5ZxDwJx2wg}{{m)7 zkPBdKpK7#r=ayNF2BbzfD>zT;w-YSpj;z_{ua5Pd7ueK)vc5|Jk8qkqG#9N8(@1by-^6E~SW9wYLjDxY&PyvZ_KchoeugQ>e2(Vn(9D`!72u9Ge_)0E zIwqgxU6iWi3-IzWt-`Y25A_TPa7T9cT1j7JWXJQ*8R7Zrh5v}XiAZNxp8*vQb)I{w z)(}2nH~WO7Z48lsz~|jl*MY^ZuO&q@YaAm4sa~;Df@-a0SLsM79eSYtso+~>{wThY zPQ{@}(VkYm`>2z*a4;@kDU8%Vu4aolzB^K7cr@r#Z5FuhZozA*KPk|F`F&CX8K{BJb>*QeD?P8=F{3DSV`#q&a?qp+L<)TeL|ZYq05!oj&ZVhS&lXg; z4tFHJTooJ*6w{TtOq!J6{_#w3nMPohGR#~|Sb~P$kaiXa3cDM$?XF5Nz5*`r5`!xP zl9`IaZ`NxR`}(TzZI0ZJJ#}%ly3l7hyBqkc=)vrJ7U>(#;6uKljc0+9H|R7Fse^wHg}p?GcJ6>wr-aj@{nNg zRl`B+b!j=H3JtB+e{k-I;4oAqJQCTaCnUc%e5*=R;o7%7GB>_mXNA=NO0a~VE{)q{g1E!d*D@Z zI>g9S5lGAtvOhEYu5ZncRXMo z?I8z;_lEk44BxoIqgYGDauR#EDAtlG3`ZLPX+8NoxvJKvE&-9FS-Zc)%zg#I< z+AP>%l)1LlN;)rPMYlH6-=@G)BAVZ;;i!_N^pKOTEv4`{`tn`#ZZ z%96}#0y`U=%4*2@hw8kRh)ZX2ew`W3eR$01WwqH#{nI=P$qvPtT_7NgIe_63St_T|76Ex0ZSO z0VJJboXU1BzoM8{7v9nUFV|U3q0^zZ9*abM>KTJU?oAK7PdJvIqa(^;pI@enu_2y= z_-I#+EFs^3oRn(?@-}Yl16e7`_U^mn43Pz6Rzwr!p^FG{^**o+0n?Q@b$p@=GQp*S zIA8X_0@2yAw8jsCRb&2RY_Q}^&%mPgf=x3dn7I^{(tOI$gM8Vc$pPt=WX@2q$1|eS zL|P%l5!uAW&NVJ52!7x%7iqE#G;^ydzs&+jz{<{0CJR)ee4200Iu|(bzF~7W#Lm3Q z$N)vCqWbBPW4Ii>u{eYAa9_OJGF>9EzGI~HPk_KckVw+}P1aR{UrXaD0RuQq3r(@t z%)VBh-oPCDfl&pCX+M0vyH$UAY|{FV^F4jUA%@0;`5p|cyMA~tog147rLmE6%5&B0Nlqj!Vi7-a`;in%#-E`Y4s` z?(iGZwT4JLW~|lcWZey=5W+W8tb+To@BforJFf+mlicjDRzso}5#xp&GU1&3Uxt~i$dW|)AK zcyRU65j^qQxRkWnU?2A7VA>>R@4GrEI{7E?uogMg)TgpA$}>iTmS-1#kDs$)@uv1? z)Y@8i4*rR_xUuGQqxeAzIHsiNR0Fq*dXCxEtl%#*uk!VCQWHjuv_0dbe0~}8`#hc@S8el7 zd2HaGt8(d8D-RDt)koX#!k~3K7cb!Cwmjs)Jib+xv&eZoVHEhd{ zcW$u}?!EWpwLJI59=Y(;0Y8q+01xWf62rw{(Vov5>4OdT0TmyBAcz9V+QWxeK>D}( zrpsSU*h?wx^mQX@x(0)f$u^UXCBaf)+FozEzuSQ+bra-7$^3G^6dZ7Qb?F6f1SG z?#2#)p%F*><#2^q;-IpqCP^yJU{M6*?P&SqNSBSkb41$MyAz8}-GXX4K;f z4gEaL=o{eU>m3Z^tBa8RUQd^T3^6z}*E>7T`|ec-b=Gwm#Iu!&QGYxM6p& zKa-Z6c5C^q`DBo9mK!lb5ZCglhnA+85HFwJGf?AQW9M5PgsJudf~IukS0rk}v|}r} zarKAoSdzpZR`naci>Ce{UgC&=4T3a`S?WGBV7%rZx%!Kpz>?neEXwh301> zSC;DFJQf6vu)uZp0ie>%37pBReA>8?U0MXmby*Bp&f1(#m>#~PV=|i`${9frp1c*C zG&pH*=+8^ohnM+Hrv^GR!!A^THn*RDbjMrFLWo;y4pE44baM~J3L;MfABhB=!T7H9 zATf69KWR43MKbNDQrZ9D6Oh8yJomLu$P^>c{y{J5!U(ZLOquovt948D&}FBOY*!Jn zR=leLwb<~^S^FUhqFQy`4f@ZAX_cZha1q1o5g6bCWJG4eOk}$rHJoFTiYT&%*>;2_ zqG4ceS8nmlZ= ztj|G?CUY5{`883PzQit)H5Omjg3o=s2>G3@C-*xL2@J`EG6S>I^0mT##b3E-M$6 zbU!$>#4c@Ad<=f~x=m)B$HwiFnv6um2EB1lmvOueIQKsGZug)*Z`$w8j;eU@+>-1e z*6*KS3gE2zB>A|hr39J4p&+RB<#P8!9D@?sC0D!;L2d@mu@8D zIhv6X@jXSauTHVXe58l78M}@`61wn%ZYe%?o-p@Nn>&S9H6RkKpuD=m_k%}`dGA(` zkdXEfxqqEKDR0RSb3mHeOOTU0e?N25Fz)ynqk}8{-58w5{OU((-gy@q!ztPMheZLN zz??E3#;-7FH**{K-E^ls29>|#rs=ax_JsDBH`=Y@zcGV`drTg}E=uEMkNN2gCx3;8nBq`=WWkfeu-e68ii>(qB?wvHO^?gkKwY6 z-ZpaihKSsPU|xSCW$2rfXU>>}xB&Me$9X|+w*W<&U*R?NBZ2Tjh*Iv@OJcZJx=&|wGZ!!4^%Wv~qIMz2R^r%w&fCWau3_BdR@zzqJYno6{Pb4aMuLhWsl$o- zc_t;>$OD{%M$1QBYZ96VNe zV(i~$-zD{=cK4Jyp#~|BQw)K(@^wOV2CKIc zFwca4{X~6y5CAGticbkv673-v@Vq=|D3X1A8dOwNL({u_*oW^xULB=Gs8AhkD*u>3 z$x;i~{*F9&2@}U_3ZEXH+4RXKl_c`ZVamapr8j5#Aw`GJS~!?k!fVVsv3eM9X#y>F z#ab&B^Hs-SstOg@i8OdUq9ZNc%}DlxT`kOoc>ydqBdNztA)U))TA(7vDI*#@{v_ z0t|0&PgUuG@mFMsrWJQ3y6mD&%uv9!%&&b$Ix`nBcoS){q)hxlPSVmYZpO8v^}J0@or(N-JSpz7Y}XXsSQq;`A_*+aw* zf{069c3jJPq3`49N>MT5bw2JjBq$vZa;4>-Gukk&35pW4Cwf2Rw*?D7z{E3n{Hkk; z_>32omy1fMsO`fDDgR5!M@3?iNT50U#xZPd!I9(ug*QitD?L+fYsrp$>fLVm{x83O z8Ypck-rjq{_MuXf84R}!_j=z&3W;DuJI=`;9GHC){UzzpK2J=~A9UPe+Z`R#=2=$X z!GI~(aDXZkmN(e7JUg`P55nL>ip`~3h{dW#9N@CXII4d8d|T_0-pf%NL!n&;#4Fwo zH>1}WM(^GRZup7nVKc8!`>%2bQD#)mnh`OV2PdxODCfhi0 zqs~bWueT~&EtdFsmvP&-JJbC(lYK#Jl{jxNru-lB-O|^)V=7-K=1tHyb??dj<=?PytI^1wq!9ZyW7R``~S=rC_;A54d={0|-%UXN&Wh zTg}6;*`BWz18H^fJ)vRei-{YZNV=0{319xV5#bnL-O{6kJ_9~g(AF&2_%ce{L@KyqjPEm7MrMl#Ey@hv9uJ~H#=Gf zGL({N3bXQ%D{gL;d%&jT?b^tGMc*L8%Z2+aEfn-Rglrx2PY830IDliUP$4M%)?k5J;{qJvC>|f4k`Xn%WjMoMr z;{{%l30d?daIkfwpM_OOH_u2Dj4~PKHsB^@`RuuFc2+ou;a{3n7%_?V(B|8E+Q=qn zKkN-!f}n~8q99#{*g(Ru&ow|>eL~wLM|sTjqLOsip*ZxF{4|Y$a*QNDY=);Gdj=Dd zI@bPQRD4^(a~t9tMW|Kp%_X#1Y}c`(B=274L@8w;r%TY$C$L~h4@2w((7*c0-XG{_ zEn#M>YDzn$h}Bw;T6xnHV9`}BaI-BDnDHbq$qb?nc22-T8S#1hCE>?&{&1IZ$P2A& z^`!_#bpH0uIf4mKa$%>{bYx$K-8SClA}Hm`q;M+yR@#R4$5Ui48L;BDkxva~R}1TB zDc$0x%gv@rmpnf6ok~2xSj&6uX6t_Zl_n=NszyM;Iu2*#gz{xyaG`Bk#|b|Cv=4oA z{gyC!PX3qEP*LG@)V&dg?Kxm-PBy^kZFq<4xH$IBi8`J<^zQ%-W^=~ev)2iBE9*Pg zf?v2A4cnu_BhNYefOqcU7+KJ^6M)GUD%DzlVjC&ouswdrD~a?hS`yw|+#`hrk>FrD zmp9h!CiDg{!a!ZzZG-Zvm&2Tl9^Y8J)t1fN3Ug!gB52MOrwgbo=1v$~bc-@5xnZJC zL74IGKhEGnd^+_sa$+Cdd>b08Wn!(1BgoNsUt)7(W?d)^sVb&=~!c8Ji-^oHR(R&ro zuj?Lzxz1f{xmiy_V5j%do@A^*5q-eB(xh`%QRp`AMF+|Pj)QlBU{~bRTNK!wRMLc5 z-J+AD&xru)A7ulBsZqr3tn0Q|46wrz&3#e`7DSJFJ024_An+ZBv0c57+sc**vsbDt zHI93Lk@jWtkU+rIe)5NF_gXY27&T%IzWFDI8vdhao7ZgH{Lh#Y?~i8X`G_WpzA`Yd zduhu6vOR>M@@$qiy^E5vn7B}A1z+i*%3}Zd#2yH@jLQZl&V3-SMW90?h)-Y@M8Mu* z`$fe~ISTDNu)P#6<|v?}wc1G_kTvJzCR6a2rd}qnF51t^)@v~BiW&0_%}i0-t_)Zq zVpD0o=2KqoS8g^VPdj@Re5?CBomKOI0fVN$W$Waokne{QSP^>}PD*AAIGW9NzJ8rd zXCOy0c)J$ujTqs6pnC2OwLJPvvmvugxhLLJL@syL;V3o+7!0%5`{$AyOB#5J>Pn_7 z3-s@?ttDiyxGxb2YG^V1G;?6g#dyU-%I%5fMMw>iw-?*I`dp{W^>|$-8$CD7(1$NP zFG@QPmpVJ4Ur6I~sHaGPK>Tb`e^HFIaMKGGqo zktAZ{L^r&#c|7rONLb)w)-FbHaqNl~BKlqZnKSh$++Op8MFp;4M!paEbi{3de~mlB zQ`IH{|G`G!G6owHaEJTxAcPYU7OC&M>|9Wz=Q5>VBkJ;!;(3FNX7XAwa21=JfeQeM z2L3T(WIp16&Qnu7cf#y%jKYk6kI%WZ-=hQegIHZpbP%m z5H3INQO~92d?OAER$rfSE>I#`=l@am)p1dE-Tu-j-5?Ah3P^W15=x06h;%mt(%m6l zN=XP3N_TfkcQZpb3>{Lx!}E&o@80{l?|q(s=5sj1th3MBYwf+(cf~H9GP4DpQdfg) z3+b5gdT*OJ(Ma_2+dV$AHv(Dws_%lg>7`U`?8A#+4u&)$ccToVX3LFeE3f`Cop{e0 zDri4+7IoTsi_GPPXh(+KgWe4^1?21vboR7EMSV_U7TFD54wz38=K4-yPXi3<9GN<^sPIGhJUJh5)8@Mc|Vdena6 zU*4>CY6Y!3da9@iTLjhm)}tlX2QsGwj*pu-jgD;JVfXH&mK#OI;R~>%ZSppo5d^&-N9}uh@^Byv)Q7qk4VIPzGmRa z;J!8^2W+Hvu}i{1!khinVP(1H*@+T^E}JHBRNf6lrf!Zv06?M~th$C_R3Guqv~gNg zl+Z|QEpdK$KYXDyLlel}%eP%C8HXx6fFx^{Lk*>)qE6^_dJNOIKiq~P87KG@kDU-^ zqZnlt`hR%UT(Z&-VE{N0lK9J*Pk~G+$JDih*NQ(;tlQSS54wN5yfd1;W%Wku)FM_DWsLmSso5d!S5t@amMVkDQ|9L65% z?dQ)m@p>J+3%}l5IL$RdJ$axd-Fg&c7yV%EjrJ7gd<$ExcHnijFz!Nw!YuhR8HUVb zW?3RQ=gm&87j+VD6kTN*yIp%{+hv2oWsbV27W0l@>RD`?x;gwW)wc4gy-v`1lwO2r zbZ-opuU1yPE(BI)TXaDK)4FCzBshE@4rS^K2|YKQR=h+V-}4Q}Tt)0K6ZJ+a$HX|Q zv)Ft0Aj%v2&J0!gViXr;J9kBK<7T}TqvFN!`T9^NX)`C(z}!sj%QuErR{wN_evFy! zugeBn?Q*5_1ne1j3a6V{0`d+jHSVcbm?BsE`GU(*0d?!RXQWGVT2f9Rj8RQQc>qL; zuChL_?FuXz*nKztgp(L+E(%SVr{Iz_#iO>ZkBOqEFkD9l7NYBs(tsWMN}Dx!1@~25 zl+r+N6(Wn%Q;U%@_{=C47E3=dRj9~_9(?M1-YC`XV0-M7#iSP?<;rz>!!Za>RM4KO z51Y(k#~U|F$wcg9Pv}uD6bpOyiD_oFLeZq&5S}0V$c9JbG9@O${f2A?KT?w>rTYvN ztET1f*0Q8x{l&FV*!y?|_IdTN>Wvo;+mTb*0_jTF=-Hy~TD1EFtbkszIL8l*bCW4f z>46-`nfi`EI+ZVHyVa^b@qS<&8=Py=;r*x=y& zm5uRWpyepHswK9V5bNc8rkEG*E|I3gpW9EEB-2-pt_c59o-sFst{5i=W@TAwP<`Dd zm}UU2%eIOj2*3`Unh1CsEf9uN&!dpV;j1ux*?Uh!r)`TUS%7nyM)eFRZrn58kokS3 zgmb|RNCCfGdQ^Ac3*aH7aQEG;rKS>trA(m*o=Y{<3H6uzB2eOmR`jgLZ(ThV>8jIy zA2%bFS`eXjZ}BMUnaf7jO3-rmk+0ip3X049xw^927Y|9IMfP6)#M(SqpZID+=0u4) z@=8nbsI8`E5Dl>v-6+!g^7^nLkE(FwRPoC*#IO%6df1Veg&sO0Xfn&L*JEZUwS^YT zpkxd0@OOaSbMCPyd%!ouc8RH`nso^&i3?lIZnG_`Rj?de>SFhvlZE z-14;yCzX7T)5anb(4Vlb_pOg_r)UVf5dil{M z)x-TLy~q%J`!(y4mJ)u|dyJBpE?wcjI>E9>25z&Lq(Kr{T>Q- z<{a*d`_P(BN6qd~+jR4bAv8;X{jqHYF-JcgS4tDP9_;8v#&Tyt-K1F8`1&?psQEIt zb2I4!c=RHDGJJ(n{~^jA>_QmH$D%X>E!F8rHxzh74_I^eQ?VQ$CH0_hM-q+Lpx%;W z+)gTIOot9s{)i$2g04wrTQe9k(4_h0M2Y4B^9apq5$rjMIu_f5J(kI#(0bka4vw`D zn%D@xQr3S#4^hoYPrbp#?nSINRLr_P`X5Q(VnrVlqf*+AGD_M9xkfn$+mC)#Km+g3 zw4p@g2z*({qG4XqVE&2cpgbn_novvF-u_~SHD*BTl}YXPPwlQYUCnuiJWrzVQaf> z8(x-Rnk;JN!!}!1D+^6gKB|al&QkxXm%IH8%vjSwuEpObQ)P|3=H9d?(3P=>?)zN! z670!n?mm2Kg_87bH3qSV9`2y$v+*N0A!_Nd%ZD(uG%HlAo~Jmmip~^9U^|zy-Py@T z0e4tc^;yW2bOwZ!H=-WON~eOdyW2$&BrAyetzt+L0)E$e3dhz+*x9^X*lufu97Efl zf{T(`umq3HCq4a6w`|`9;#)kTW;`XiAVz$OPDW9Q&(rNje0l6rb8s$@>@67dLCfeP zm>oGq-w`YA0q>@Ea~1jECygrcn{z__*Or>iRj<*`zG*rS95)c1k$t_%k1RsLmIi68 z2i0Z|?qR@%!mgu$MtA&9V<*v)NxqwO$EOu=dMo4Mk_bDjW7GT87E@jUyV|%U6{$rPfnclOKlg$PL{wQ zB$y3nNG5Qb9w$0XsCOX-QsWWp^{pj?td!_r7&2FuaZM&$caT=&~ z?yuc0BqgY5K20y{Sa4~vCFL~Lt(?*ig|~f;p;K-1^0A9 zGT@-`gmfxWx7wG3k4{mfp5YO%${(%u%lb16APgE&u5oEt*JODJ=cyK$PiVXCPT75& zC9x+<==sEuY*jf;!~8xPhQ_b7a~*m%={Rd;a{I`RTvA)qSmrl6-XTi4KcMH^f`6 zW{?46kRn)Wm#avt&XK-R22ak#Wb|v{M@P!7k4j>Nde^^B3}&C?HX(y9D*JsM!86`& zIA`6Rq+rWg-|d1b?U`?3((q4T51=BBmL@d|MEF=C!LrL?xb@QTi?tPLi&~#1JOjZS zm9y3svzI=v+YtTCWeJp~kcU2Z36MfhMZ4cTfm-`uqX)D4a=Ia?>Q74kBvjzLKwbRZCedh25{$EW29Ng z-pNOP2=w4UUM%`5q1;^^*nA5s1|XrD&B>y)YXUhZJ)zNOF4Y=k&(?;2ha~%o)5;~h3b+tmv&aTLiYDnAekbaO#O3GtxiN)%;^A1mL_`N%d!NBi< z0^y=41h_{ecHSMizi+)B2FCvGVDABt)OC~Ov^DmVQKPa?H_4Ki;MrXQShmOI>0#_2 zC--*@Ht0e2mo^IVLgjuwb%F~;Ii-)UXL{bQ&?ZGuWh3}cG6nOoosj;^_7v@)dEjQ3 zDHYD>|1*|W0~SV*EOU@1wDlAywoWF9f&fX?Yo9f&pWpZ$qW*uwi~)H3T#W7UZ~HaM zn+=~`wZ2Z&KMZAZene&7^jaTj{~DavhjOHvP*|{?96q5#TVx=1H3{G}tW4;3+xf9N z+Ilq4>OX9J4N3xH)W#r!(fZ@Pc>xPjuitz2AIIR&g{V61{%#fYv9n43`-&gmHETYo zi=?nC-2fPBQpLpkUQ1xqMgxxTX&#hC{TZzb9uRf_+soZAIRufw;0a(!p+HaO!FpEl zP5^-7v{*T9y1lWuTf$-(J-H98t;vuGfDMveF?_#A_rJWwf13+K)YskJ0zUT^DJ2&mugaPF zFMeaif3g7n(}hnQBAub!!;s-WYem>spvLrXGxlysqDps6$os0^811^ z5##srrh*8+D&NiPa<~#=GwmGlPgLQ@otXS!!9x3^QK5Glwe4EW`A^7@-;Id8@X6r) ziuEd3)CG^d@am`u_eodVe_P!C^Pey7coc$O^@p+lLqqOlhJptr+l<>h~ViU0Dg==Zy4f3GEDME^Zwan^Tq_qN+c{=u#w zs{Rxpqh4>$$nl#@J{3TwkZNC$@%N4Y^4R}n@rg6Id-if@ukyXgnLz{4Rl+m!{0CDm z3J^IY|D%60cUJ3IE^+if5oF3|ce|ReKIfkqF`zSC(fSXw`ai#VJ$9$f<{5pFzn|R0 zb~i%@9jo8}0c)Ed12eSz7=EzrcNWF}e)-xujm07WW!qGgrJ@LM|Y@65>n#O{@UG|xzPy8YlG&!3V14+Z`6&40L9 zxm&y4f3ksok45E9fK;192b6y&?fso4-ADgUQrQrUPk+C`>(sl!r54f*-Ye+;%@@Gu zLIFfXw#z~H`S1TumjfX25;;v8!u#xzzeA=6|4!1zR`vCMJ2blecbPYBUc>d%7N_D@ zunn#)ZaRWhU8=uB?S3e%ck+xblzqSHJ(2<#*M|h0Y~nkAE~xcKRsOFFAN@NkxMay_ z?VeYS0Iw2iQlA)VDwE^L9-cSdUKee$nOm34b&qp@H&lRT1x}Zb)ON&(aQuGw-OV;9-B*AU1dvv5@?{kHEwgcyz=U%Y z%f6A>sH=bGautKkzC^|`DhH;J<7h~Q#npuW?bR=x?9Q$x)6q=5_wDfSOnici&|4}xc-&PhDga-t2Q z?xuzP^U6V}ayPFzWB51Zo{BPTzuN&{Ih{ht8 z!HC}s2#Et$8j>&1oT+iBdxcwK&5i9Oo|%X`dko0=~7G&qb#x{R9; zFxg4Lr7yqJlcGud?~h)f-M>DACc=5Zc+wOu+VihAY3;T)cl!f~bk-s@F)JfL96ezq zCqCb6PbSuULz$USOjH~d7lHN?Yz?(gBcSuu&EOaJEi>aB*OSTapJ60iBVizp8I?Tk z`7ch39RbV|dWXrkCu+vs%8ChhzOJUnJVy3NASq$3VE4lJE(*3#LS{~;)0tVai68RO zD?jCA(gm^4m(QR829}nnJ^$E#{%!nlIww^dkPhih>4hsquuQkb zJsGB|@s>+NEzj5{KQn?)xIXpZ*_!sh7ZExEL~;_&=Bult9u*{Quj`ZkEH%woVyFG) zn>FB+EH)+$kaZHLmGN?B3K@e`UF=0lt$MDn1YGtfWae>8*qd{(IGLNvD#ZC>64$P|l6pq<2XM^es z%N~3LpYA=k9kcg4HSuO1?MjlWw3t}gsvn+bzA`?P4-)j$t{JK4+^G?Lz%k9JT|RVm zGO3fTeT`hH?YZ<5DC9935+*%Zv#2FTnouellpHHIAE)Q|<#*QaAK6J#u2ThV44ig@ zURwrTJGRua)L)(kr-$>7S24^v4nI?ys+6y$GB(bB=?ZtvEHaY`9;q!&{DIZGGA_aqfi58owLV-gbcO`_nO=e%D*d;UZRQ?PUy#4UH zi(l15Nq@VV!bT?@!mrm8CQebsdJ+EkB9(8iTeTAXh|tTVa_&Q(csvS8IiH~yhu#&h z-Op9E`&jKhMbgM9iAJ#?4DYj(bv;j5_gadue zq0Z8;KGoQuI9s@kerBgRtC=*9)bA?a-)N3?dl09%^(_WT?!|*-)vl6iN72K<_Ct^l z23`AKhA(nR7rV~}MQ%CAd5Rc=f;F=nQdtEZYieRiIMa0uwZjpHH;-5vj5GMLsqub* zSSjs!0lawSN~WS>VXG^xzceKW>1?G631dLy_B?ZFY5Xc;K;_>Sa1>SXDCT$p9Wzs8 z+Rb^>RBkQ=pcLGIGc4OU{=Km#T01C>s>ON6yuF2TF4WnB=+wJos8jFLU{5w_ED zT~pPj=j1N;D@~MQdzHD7noJ%6)Jt-*t9Q{@wLi1MYIQHNV+DuUrqUJcQOFVDis~;4 ztAH@G4|CHw{Lh{`_p8M9H=!3poqU&J%6%GOe0=GQ>(hbml5C~e6g09fD*>WlY|Dh} zaeao){aw4NMG|wn4Y<9vd}vO&K---AYzh)``26g$wVg?Pa$EILe4z}}J6~Nw80te) zge4avN}of82aW_&sFb3l=iPWEIeATPnZikij%KMB$elDjw(H=g8*}a%Uh2Lcw(sGX z8srdJYz?_9%j{|WP^Mj;*ARx-Y|qp()Tf1HK@^VZBqDnf3|k^F-_ZVn{-kNJVEfQ2 zSGBm*mvt^RP5s?S6pERVdR}*bP`i@$U=#0vY-(F>y%I%r5zJfHrsYOm2{2q*^}GNZ zBkEz*H|pXKtBTo2CzFWeLKJ5--C07a3H-vy7+;1@5gERm5UdPX3-zt4X|2z$&Y!}X zZj+dJw0EDE7_4jbg;yER7(oyRI%lo-EPu_pMb2-9d>Y=%uT<~cevV8kHpfgQpF+Od zssXEJfZb5>5yr2^KS2Ht8vhlwj~LH*`>aTq<`Id6zvdsDQ0C6F4}ATX`T6Z>q|Rsm zF#U6UV^}x|xWT&{tS)@CVz4%Xx&BkJ?%3h8D5YBFjPWAsu7)+tyl~e!Q~j`Ce>B6z zpbiw?P=Y7I6!V;gRebZROrZ*LUHWMKViAvBpVI-BI=_Qzp%??73}m>yLJlCwictEv zt0?rcG(ITby_@QC*DPBu z)v!UJ~3_90>qP^+<{~&lx7wBS@NBak@!DovJeH-Nl3;smLk`C$rz+)Pg{nCwxjorD}z_$+YU8xbf=LvQsZhKIXIbrVCG6@Gkk zC~JJqK!QaPU?wpYHs0jk6TEVftsGRDx9>YqE(T&i6JjXSU?n$@L|2SC5_PWc9y};Xfe`Ps>bH69pM@>G7b9_2*TL`voA@tLqRA1FT zhZd3aE%$8S6-Y37KQ4Ecofr0URCo}VzE-?bli$_NzHW5RLpr|L5T8AeuKLZu!(eZ7 zc{GxPh^F;Dfr2wmr~pg9QL|fydRr~`RQIaEHy>todUr!tC`yo+t#u5;QM56p# z3vC8SassWy%6VqUT;eWP*VFn9u&_!YB+;ShxUxNLP=4WGQ8Ov-n!LrR5WGnKwRcCO zks?W{Eu4q!@Ahh%r^UA0BIW1<=V3rCR?e;d&4@|_#lqVUL0fqZ#C76QWDhvt>W?Op zv*$@nj9m)Gppa^Qp&3vEg){4T4eOf@>Ibw8gTf82>HQLs!e*?wOp|~j7Pb?o{q{iq z0&F>mnw|#uH_jG3jih*H_~o$w6$jw*=p4KO=hdxBtxa|2<&>-cSFdDM7*r%+&in)6 z1&>Wuu|!bAV+AP9>@ohxRCYl0zDiI;@voMRnT#ZUV$jQt*D>BwYXwzMqxXo)R4Oy+ zG3t-)Wfam*6KifEscZFUEc6S}!@KQb!U-{ZL+O6#E?+q|lO;p@s!J%6x+p+~$U=vP zydED@a2!9zH&yO?7|e!^j#=kqv8O zXRiNs$Z9uXX4RnNE-vLEG_2?3Hn|5WuS4nV;#4O57=?q}D^Pbj5?t@Ia9QR)xlbpXeJnd;l1eCJDg27Um%b^1gtk<~bGOZY^6MJby@!lG znBSHo%|Wi6H{7O0mc=c|dZ!!ql0u})s9WjVDP{sL?E)%6vdlbZb8b!j%+L>FQvsE5 zttiXF-2F~kLg#A{8sJjDv|=oA1yufL>3G&hJ$bWwrbMDE-atiDdvh{!1;?n8zIl6B znkRFw-KrK4skC2ksBm%T-j)>@&$y0Wztd)k)#L#+IaZRB7PqzT%t(#|@i##XEW5g? z&i2LgoZGztNZHzWH)b!Y_;sMQd&jWxoHV{B2`Rad>RPLhmoq7ZnlDN>yxWD|Po)b8 zX|*8l;e4rb?(qq_ZA4%Xv(Z%R4n7^vcM0ut-7Yv4UuK~2rxX~Up{bX~2@;p0cy7%Q ziTFaaB0C^#Qp+I`r1|(6M4{~_Ll^mxoIEU5cFygYe4~=BaLVCFK4)myJ2KxJ%^Xm8 zPgObi>>-Jg@io(h>(38m7i$`Er^?T{RzqDe^*HwIz>!0F6@{~3_kloDz5g%am9Y_| z3!Bh1??M>F_DpCkB(DgIdWlb0Yo67=JXB#n70DZ z3_7aiL9ZJFW6$KxvBOVn{gu0UD(qZ0>z(8WXbgrg$S*6Wo_*0Krk-ORkwW(n~?w|%b=D38*(Xn3*Ra&)JoB{ zaXUo4cFZyO^TKBT9JS>sJb&WiVl(Z2yGH>m=nK|2pl?vFuFa==I4E5OuerQdU^34r zC$({7ghB31+e5#XAr(OhnnDuXHvt^nOiFRmK7ZEjJYvf+1j^fQhkP^R;0ZZ9`%Vk8 zX!y`9vDjUL*I;Xyxp(!;bY#qie!;ybz)`$Scg8@jW_ELJRxT&m`cvCf76kUFr+f-4 z#YRojE`{&J-(Uydtnn0=eN6kn#IvN?vdSYoe|ghl<;XmdfUhGG&=boe`S=VOb)|CA zwX8`9{epv1_JJU*HMGCs>}>E=@^&QJfN-1ZVAvLM%=Jcn3Y(Lss(^mHl)wz!y9D-Y z|JX;E%)J$iwkfIIXlGh^ey0`W3iGGgz@%Prj#`LZOtr0r$TF8}(@NR^4PZCefMAsp zJUz6AXnkxXfB>j5C?Dc{*tm?kEPT`F`msX9*Xt#W;A8yuhb8|=xoy9*vY*CY71hnU z{+dS&3cAftr4>5mnMBph_v~UBlRk70?>l zZt=Y!+(ASnNg0h?qEb2(x$@HEw7Y!%!$IJNfVn1!Lf<|35N9aIx3&-y>$G8TZtCED zo!JFT-lI6>u1^j?;_LcHl0GOcBUzZ!+|L5p>Lao4_;pFH|CQuXnyz>uchng*QKKI6ySWfmWd25fzZSOYc zD*#Jm(0xfR@~V4-K~1lUARy{sfSE@l67vmVm2ED@=aB>nO&veXRIPRk|I-8?g_ua% zh^ioOo=yZTVHHdhq?l5y@K-w$ZFs5pA^3W%Xb2AG@?)3WW)L8y=xYu#Isc*y%x?{5fq1&QF!p7sR#`c(<=u_KAF%65&H+)vje=W!R&kHhC6YGfcSH zD+x_1sQh6*DcOx$bdhXX|FHoYgV>yVv|Q6(K2D_VuFi_#E|N?X5cVOUh7tBxxpqws zP%@w;d{U;^KgXAr3~Ra+-mruW4~WATHO`Q-9THuN-JC6-)4yzvS{cBGk{{iQ+^@$4{hH*t=f@g}7U8fQBO^OKh~+G9opkF=Eio;o zX|6s~83fa;4`JI1y~+d74})R2f}7pa8K_tS?=uNle0`N?geB7zIY!S2zp+p%XO0Vr|qAVsdmj zEs+G5)g?x-9an$YanX(HR0_p)l$3kGFaGAks678IzfQtihrD#8CvL z!|GKqNUAtiLQvz z;nT~)<{B=Hk-d^hh+ay2@m)VnX2xu9x0cS7ReJhF4fs#)@PcEVUoyF0jd0)sWJK(58(JHz*LfUu> z3s^75%50{_9bsn7b?nQDNVChW+Aa3> z*iR@Kf1T1Y%nk1jJdDi=a?nh{dhrqi9`*$laPiCm7q(n02wOK#o*g0sy|wYRMd6*6 z;ky|fj2EaVH_Qs?QWi-w5l|>m1Zq%=pstr%j*mqxBa;saGRBk@y1!t(NHXQ2dfjcx zwy%RkNeRPs;x~qVr+rAW*suv8ypPcZPmqGcPylc5b5;A(%a&3KuR&a-UxyvsKi8va zgA(u*g}E5s&$&tNC_94%xsE06UhJm?(&~dKr`))m&vpT9cs^f9f77{C*r;>vwQj)K zdcb<>W(CuNR){(e08}%)OyUwc%He2Y-BsY{b_e&WWE48@RxB1Jn520=>675_lQs_4 zcdsNvk7=OVuiP0R_Vf9?{|jwU*V;SbfuO4+YzwHHcl&VC&oFCf3)AL-hTI73@m(Es zQONCDahwGUjOV+tG~Z;k9j-!?2PU17rkI8ap*BNd*euu7DMK{WjkpZke3Rnbx2S64 z^*bm~;Ivv!t_D=AY_>XLlGY-k8XpvT7i)=lm5P`HNAKi99k*TUc6Ip6jVz9q_HmSc zTBZ;WK8y%(LY&b%SKTrp`*>1j>lEqMcD2;l5IiPCCw*4Ou3ui%cmc62>G-VozA(!B z)R+IbV==oQM;hn@_rOCV4JEbM;TlPS%Uor)&-X}(0?39*eR3a`{VN*={YMNw?k{GA zzl^){Ns(KV##^gTMb6)=-p-qPl(p362@MbgNOuC|JiRK)qi-{*ke7oINpSq38-ij6 zgxX}-slJcs#AZ z_guNK_bF8-H*a&4d*19I+~+*o!URGEJV-*Iv}{tWUZl3G z4eZSBe7zgpsD)J7g0|vwxsz&?i^MW%BXGG5mOI&+o!UfF%7Ff>%i$`Ll z6g73CZ^S32;%36pA}Kosn`CHC6VfsMI~N5%$vd?ab##pe<8%WX756px)MYP%AxsV_ zthO~C?X!`K^J$hJ&pK&g&4}x~1PC5M3D`OJLd~m$PR^;3M>D8yT|yff7Eb8t^;BwV z=f-}{LFe`v4gIaBo4 zZ?bj3YNR6kaued==FfLgO>K2ZR}>V(!~Y!WvfW>d;q7BYth*NIp|PVs8?+0L71>4R zR=*lpImA6{O@tX?H`={GGe>RLq^;jjZ%UOGOge90i%<^pZmE>Ovn}V5E|0eu|6%Y$ zHP3iRm|)P*TKi>FEWc2+wy|Kdi)nNLA$tTy_GigD!<$JR5+Md(H}``NNNio#Si<wlGED}@; zHKTptfuhnralrmoZ(HAj4_4Bum?ln88_ko{GIC5r=3+Fl_G&lQXT@KL+A}H;z+rbF zR}q%i^coVZ8W#4L=ut^IDjKXXUdJ8MsLb&8hapO2>uf2|wfW;JgxXGz?G4*!gDu-QT z*7JC(MA0!jR9IT>tjGRM-KhW;q*&tR&{=ELy3XB+JgzI&0+U!U5ka*jt;FBb zO@U7<7)9Xyn?P@qOrvCK_&Spm-HEu1O6w3eEC+Z*mk7=1Sm#I5U+h?_yLA_e2toRF zEHa+e;JX;B#{lJ(@K!7{Dl6jut8v zXM+nH0>q`{L$?2f%S!H&NEV*oC6V~Xt=zfe%S2bE`)Ucr9-m%iTa}G3m1JPEX9(t0 z2tn#EX7VacSreKs5#iC31$Lu0U%a60Hz{i@AN{Gj!UsQhe6}?@SZKj>g*&;2db0}j z?tDyaJW#j)M4*EcSZdp7Pt692&kKa6fd-4jI7PLE1{*?(l?Kn14|G9NKisq36>!;G z7u*0G)E1R=B%<@vd8yz{?!-hCZPN)Z2AT5$FAz`uhzw3qn27ZcYjAVqaGGZj|)#sIl~B^GXv+3h1nH$9Tp|<6o1&t%?5W4W_0EaRC)F0aZS*y-_zU zew9J@XRUW?s)}sz(jAgsRyzIYO$3@DMw-mK)cQJ10lH?dIIa|1H_xOIAo?yX6-O{g zlv)=U{&@ELSKaey1*9Dc^01{qIAP{y1RBA#R++E|2&-+1f(97LtdwoBKCEM-;kxuc z*20}0m31C_CahtNp6%k;YsxsE^gFdZUpdlaxUhM7pBeL-6LCRFp`T99QJ$oIqJuqZK8%o{$F{sB`pd1CAsrwpx1QV}fr8ygzP=8d9N?PTmE*+x0`p5+1T!sr&CJ zXm`fUMhj^_vC*e}v)?FoJ33M82f}RR!I+Ayq^bkXdE%ZMWA#~f(nn{|JYURX@QzB> z6a0_K+>dvaCM}2$B{XuC7xcETFyjgL^#jEmH*%r0*ejf7Gw8$pql$v&%yk>?b>!>M zbp*#vBV*{+nZq5+&E~ywliM_aZp{?&ugWPmfvy6<2nQWFJ|;AXYNqJ{Vf%y#SU3AC zk*omV*)o>PwOf1Drs9kOn{B;uzw|4a=#}f=O5`R3!r~u$4;4faRj{*CKFpX8DmEV7 z7$4{hR6IQm|7H4yE~FJ^lIq^4IkPC3pTtnu2vKk;5=sgOvV>-)_A!I#_WPZrjT%T_ zR4*!|Sa8Ul(`th={T*y!1UPbw*u|0cB*6q7M^7O0*wGj+TeceTPT7P^YiS^7FKXkjHeId7xvoU+jJ__AHu03SRh#kT6GdEG+peJc)s zNVY^i=X8sJQHawx{Ukx+`q2|n^beC_P_)7*C8$?n&YP)5)&;^!1H?W~|5`sp4~o{* zN!Zt*vYl@18+A7|%67@9bs030#fqcCSq>NR{UDMM*0-)nlou~Gs|GMG$^1uc=)7GA z^H~T3%ZfKj0iSPAXH5M-PPCqnGhsg0tZeNADuUuSY;fcL9ClrQ1=TApECE}X$nD|w z*Y&rSqZ|StcT-se9Bzqes&o@i0MJyisG7){w93wPN{fg*ao;|V!Gs)mz&T6^oy~Mr z_15(hu#-=0*^CsckjV%&LV~dNzS$%&zO3}EK1*tsgB*m|hmLj_<38G+E z(`j@Kd6zgM>r|>`ze$koRwP`xi~~=H$n*~1fU&X;qgK;D%p}Flr>5yvqPr7W4y4vJ z;HW2^DlkqK_J);Q|2T$Jcg1C)MQqJKR^jJN!1IcQXap)VSD$?Utsw5sC0@oLFiPuiMVjHG3k7p9J+N7|0MI6Dlfb=y)EK=x`QM&{gn~E-Iay#@w zwv1o9LU*FU#L!jr+evsKW6$?2C2o5K^MhPPI^O;0@lmF)n$|#uM)BZouJ`-K@6PwV z0E$WAO&%U9G=teDdWDJQhBvA7P0u_T(KYyx?;D+n!Us@4z*5@C6(i=*``}X>m0afz zQ-XGlMOzd#%rMlGs(DImJb=Bx2B#zZ+C38~KcSyyk#(l_R}<%%vx8l)m8T;($IA0K zI0ZD(dI+{O$D;b4KA@1=&wu(!mVdk>xsn!bTM|uKhx)w!$p)uViY6{f%7GgU!g+j( zcpx?Fn3D{&NomLQu3^vZ+7hGRZ?7`@L?2Tx^ZBJw7{5&8W)wxe&f9r=KX~;_yR{gG z!VvtR458z}rrQL0cwsNZl%u0H51dMjXp(wUG0j@w5Lu#b4KVfr#n!0pr~}W8Ey`^6 z=!q-(TFZkn`nTL=sokFF^&J}){>#-?x*nEy!6x_R6fC)UQATe^bVSg;sz~uI0yjwy z8WtOu#W-eJv|Y4<>b!BMx3K-^Ey~eYAA+rGSALO4BwWu6<4xcX3kOfgDp;{Vy%m-7 zBaMEP)sGKu5?)_r9|h1YXOk9|B|{!9?NkhUE?SqQtWq2LuhV~vJdDeSG8CTaG9`!y z@j@E-H^f5sIMaZrcweqB95Sja_O}5IW7lD*I#a8;$9eQxO}wgGXF~jT#*Y-s#1UTR@=1s_(^K{{|y6tJ2jzgl7s`IS-9dD`q77~eLBK2Hte@oka8w(ZsZQC=py zs?nvGbVJt4JZ45^sfecu9BV?Nmt;DXh0~~cTrh2(_d`$B&e+TP)DkjvLw>rIyjHAg z)p`Tx(%IJC5(2a*P0{gkb8v5nfGu-PI?=OYi*_x#c2H9ysMxISU8DuTXr|~$|4k&=AyMUf?{;k|rymlDeF*Ig?OZ?KdA{xV%O%m$VGDh1t#7@iv z;6K?o;n$|Dvgz0ou>M6 z7iG_t`@CJK(il+lfhGMeY6V5g1!ASdH;9CtWBK^l2t zu;;}I(a~_dDY3sx(LFJ0&L@o_bEk$MK#1Cp{jC1ak%m{e?lTdQAWBYV# z&F`1hDVqF{4J-&x7y0lTaL;>b56ldC|GSK`d=JS3YIzcmuAe-hL-8OqL6pMxC-E16 zPg$U=h$ZM-<%Ir4!=j+VJ!oJi@Vh#A&%WX0K?o?tdP`rZ!$k6f=bYUcXd?Cv02I$4 z@XS@uSj5Jr2vOJz&)e+2JymbHp=Y{SigNopAc^c+a1`bk0H?>*(yj;A?i#-elMaqc-RF14F7Ug5TRMafK9 zM}j<=>Y~s|%D99t)lG*0H`n6#!Sb*6-JZ8cI@(3Am!egTwWHhtBw~Ll7|a2`%TzFnBN+S&VC5&kJxJH}coy`pr z^|_;E7;q5RR`ab_{_S}3l0XeZrI~6y-knc->LcPh%FR> zpjdAs6P4|;0HkpJ*y5ixY7d>6GBC@FNX0kE`ug$7N7#Q+WRM2-RIoLJ1aj@bwMe1X!o$;@eLQaW=RrC5h zn?8|1liXLDe~Kc5?+QPV74LG=i0*RI2m``&1HYH*#z}5Kj)d*>hN8A5beJZAQ#>?3{FPtHqh z%APsu=4=}8mk|#;RQynO%cQ6Dh>XU<8T?LPdpn!K%9lR6eo;#*A-Wu~)uK`UXZHzbegWZ!fXufqMm%Dy@*%B|~L1qqQ7r6oiJ zq(!Au1PKXIKpN?GsG&niK}3|0RFF`*2BZb)?ifNDO46Zmh;Pq~=RD_m-lJTfmwy2F zeebo_Z^d4_)+W$kHMXY49VYnBc{G}t^2orQ!&B#!q1Y%MFMr&&{F5cKdoWa+7Bvi{ zfPW8R_b7Vm!wyNsAE`)gB#v~H%$rZ}FDeCaTvRV>I{%!2x+B0tP;7YiT*Ydl^m}FQ+8)^{iGG9A9l^1=?AyswxnvH+)8w z79>4gIC1dko$uSYFT?#IO?SDgM}utOm-BY-tV3ce1SC5_84d%Y2-5^EW(hwxTj z3oX-SR635%6r#b#P{5JT4qmIhHpoCSB`SHZ-MK-|K~>L|6a;ngM4xq>GI#D$baZX zeC7jNr}L7;??lY<@VC@7d;-g3L@@_sLld*waaTO0zUFpQZElgNX4bfkYkCmYp#*C< z`lte;WU9tyyDB?x`Tw9VUcFpuHr>VZA;PzbgDrkIxYpKggwa=|U*&1u2AxDIQ1>+lo}uPh0j`~y-x>A*uY)|BBL3+zYZ{9s^6NoyhiWW<_1Xt zsAmrDpKb2g-=;$EU4z#svTB$V6F2PM24y#CTx$+#1;DnQgdK8uMmo3B@*B%JaInk2 zGh|0DxHvO2xtR$;4Vh47wVtgK0UBZd9cDneQskv!BaQ+Xbsb&y|!3 zkH(aMJ1i{unBMZA{q|^O%%wU>C4@zeHK$TqP;A_L)q%z=Y(-+#-fIV1BO^DHCNGZI z0jn9Rb|saFp#){HQ#G;!?|M@Z?xiL$+0c@a!&-$iltno~lWeXdt$cAnfULZpj9XfS zmOs4>rfYX8L4$kij>GqTIhkP;8|+hREu#-Avu-ooW6_#}s_)Vri>pHuR(J)(-&&g) zVEtAm`cRUuWxQV|p4RL>S{Ou)i+z1J z?i2P&U+xw^YIJm3FO&~Te&bM^U72)_G`VVna7?#swJN5nM^n1;giFMCr<$AU&8?++ z)1x9?PMyJNl6>-I!UL4IhjG$vJvc7bS&1GUp3P7?To3zXo}F8E6KrG<8Te{fFm+v@Z|QOuZvzakA|R$`AN6SN)#nu2|!`=D>|ZXu6(olefL+_mBBDOf@89Q z>Hd@0O+%dg%p2Jb#$jpI+2B&AxikDK?x0@LTgUDjiY-~yq!l=B6Jn+(vTYi!hDWN` zXypmri^v7}f1C`i#;WJ7zDJ=PsozerQ!yhNsS-_+y?+uW-JPj`J+LIF3|J@_{UjZh zo+>*mx}r9raAfQdwr_nn%#V9qGOeF1AbEFZY}7#cDXH z7W3>iipRFdFFWXj)W!oqf*rv?uXUWCwb$vT zwCKUs9qq8gtqoeJ#JE-s;lknIb&F@CWj&fh-*(e<=sGUpF<-{>xCFLu5&nHg%N-_k zjUE~?%rrnGW*Pv}Cdk>D<<9BVs8pT18bkNSgiebHL6r{Xs12l9R>vZe>{y8Koid}* zXG4}AkfDrhZQ-lok9BmX2Fh$?T0)A9?+ejBI|sHljob%kR77w0sOOTt?3{~3s9aZ- zNSGA8c+Q$RjZz`#O-$Xh>lKhJJ(14$mY{Mn`h1&ZP`&1QgpLGynf)s3C~3aReFKH^1)6TYbr=ttF%KdiNsrP@2LleZfGQwwb5#h$6#( z%FNHGN{OWLX%i;ZLZn|T@6fcfatEk2mk4*L5I%=Bgf+;=fyol(}DVT zm)ENLNL=kq0oISC*ztno+;zghf=4Hl3LooMAehBjKWsv+ZPd-hoHt#x=)9&lK+bB= z-`sO5-^YLWd%2%C zTyPH+QXeKtOJ;Vz@&(80{=-e9$l2PQGnrNTQ@6wL?}Q}FS4lPv zG{pvqTXfk?kp%NGhNDKVPq{!VyL>Oas`EWMu!t9&(<{z(a z+$#8{V(=4{o~eiA4C=vE#Mz>YyZcodbRTE?Ku^h5$Mw; zu)Y?=p*hVX^6VC)*ShK z{~JSXhtMBg(617e@RxH@nsPI3Ywyjh$gU-OjlYC#keEGBSZ7((JHui+kk(`rUN?YH zNWSIVEYyaZHs)7n#2mDovb+# zccl-%asG`?q!q7@BLIMZ;mBY^YoywsiCFOu+-R6u#erB=N~0)?lhret`F z8gUHSs}Z6Kl-ym(EN*gao}^gsn?~`27J8H<9S0 zfbsIl^p_gfdD2%A*;F1BLUg6Ui6u`16S>a$&gnLJ^|M~MQ}s$d^mb|=>6wfgig(G~ z#kDG#)m8HDzTaKC^)r_2%0^sI;R;*9Ir@ZY1;sz{5DkGjcYD1Z^bid>W6-!EfZBND zy11g0U*0tCqMFY~2M)%Z*ZUxaJ2QF*G0LIXQf~R}RI$^+Sj^Z{Ftcq3Wt6$NhF+VJ zXYkge&gGMl3t42!Yw%M`DVqd^6TPOwz@<0UV~yS^w@w`C_D*eqOQRZD49DF+H4j~) zU76^9&gL4Q<#VWmQ*CtcLtFzM<*6Dvoe3yuimB8)`boT zcHgC7Go=UTqMUY(@y9NcE$uA0X6mP4_E_h7#6?RS5o(wRzzZ*R2f>@dP}_=l6^y41 z`omIJxZIr{ZWAa|OLk4Fvb#q;$Lm*Wknk%o-Q&$zm!lhX+3%lfLj5G+^F7#O3k+wz znD_TFcg(#YPqWY`BEs%PHS=c6$UW|#Tnu25wcd!$VebiL>9;O&z>f%k3%lrUo* z9hn8QM8sl*4A6Q7^OOUU0=S|~%P!)Dr1siNd3qPylNosy4Gh(ceCTb1+N+E{+Qzpd zsIAI1syj9bzjYnuUM8eT@!Ym@x^MItnmGy?ZQT@$@*OB_r1ojAeY@t5L5wie?nMp(~Q`G#Rij@L6?Wbtb@ocPQn zXPfr)9@Ki#;DO}gEJt=$>XqE#=CM=cw3BM7Zw z6ECD0-Px5m5kYIFzNg-60t?GBk44kEZJ|Y59u#a+tz~*+aD;j@y+bms2v<(?Tdu5I ztEKQR?Hg8NuVh^uN6(%+^rjjZjUdb@kjpGx(u}X`>hEh&Z3vgV?!NeUSP$_Zfn1C^wosGUcNgP zwc-i$%Y+);nvd<8=~is{flhrm3FuD!xktZZ6wL2@2Yt(eX zu+CF;a&HXhdJW^6uh6?Xm!4uZP{H@xMGAv!`U!DsyW=s;kzm{9&do0j;8-J!Ctxef zQ#y=1Ee{8;_!dFP=bsfdek;UFwhs79)9yh`szkDn^#sei$rmrh<>I-V3`pMDxtR}!;l~E-wN~l1*Bat&b-f!C=*|qJ5*Wzx$gW)XLo6>H?frx$Iz^Rp6 z-oDU^Jy_lMy4=uZa0kpCu4(7itb@_{(KmrJf-#R8w!JxLM_V4WlsmTyn!l(!d2)=_ z@@dCU$9EE!hdG%}(s+ex3>$2Cvj^3#r}}f_N{5ZIu9j*USfh`|Z#UPe6KBRyUi(iz z_rKwxU8d=fbn~X*#AAKRdW5R24TGnL<wK2VCGvx6 zk6RF5zH5?*`QG{(4*BTgr!RHS^(-(7_&8cVzLl2lle8l9d6EuijyUc1hf?e;{mUoq%tmn zkaMIqgH3Y%lavL<9RaNwVEI&&YxL*WgUi`R4r>x`&AB1-U z5${4y7qD7~Jd@^lx4Y0s$P}U)e<_64CPe0hF4=9dLNZwsR%mfy*v$GYj;U`J;!40^%V=j3AbC@H9LCo7d`70+;^ESBIH^Y z?#gp_)*R$I%xw7lbTVvlg`0G5J0f*z7M^SrY3&cz?D2cYt5r$S)iO#x9-Vd1R)*k= z_T3`2p2`86?j^f!PMY?YXm59wr3_c_FML}rNSB8-%b(c(xs=zrv-2&OvCWrJmWZ=a zQ-6$e0ci@WQ-3jP0j?Hp85z~_%r^>VLY!6cy)J8{=J&Cshqr}#!>e#hbngN06kCe8 zk8ksQ%Mjc);piZE>PW&9E(~sCu0`zcuYoN|?4rvdX&dw3Yo~YaifBKXT+8cv z7`w7)blH`t|3-0ud3xW=f z&(-*xQ$Sr#Xn6GHX+*V13esi2H7CK=ChloHHRXfpJ4P^cqcZqp9ig} zuI4?UJr`m}7tgFF7PADMC}k&~I<0G8-tb2N?*3AUsc=(WUO4^FdRQVhOA=bV9 zPdy3e49%dqy!?Qpf83{*2~l19)7y0_|EMS1O&@Ej}Vm)FShxv4MnOf zmgGXKcW@pCg8Lb z>JDP>O+qJqdG1FRLao4^tFP`3AG8y@hX{01O~ij`{d|41GDJiRIB(VpP33Um$;|2?q0hUaHj;vfQZ=!YH0|$soTv9*_&iqHUiUWO zD^R%?iDZKw36Xj>74bUJ;5jA zc3>}bHSb1*#dP`H50;45N!QP!&t92}@xl^?Ok`3deGcLB8$&r^RADBdi0y@3J$WKw zs}Kl8L$2b)MMTH>!$KOZ{urqZ}jBGM9u%gIES`E7rHnrwNNju z?B@ZnRjeAHiNdF-8e?`JdEgRmyRE7SL`bK0>`Xu%YLw}5mMh>4dw2V)pM*mi=Axbt zg+16>?qx~&TFc|VDX|={MokXx7J++(v91&rpQcF*?9_tQH#X9_m|TQ7c_2~MhGD^M zu=if8R)m(DVnaA>BYgQq{V-Hd)VA*9KAGN=YH9Tk)BLIfI_S{V()@0w!S58$2 z2^S##j^aDG_`-?skoe3sxjX9|N;kWvGRZRz=ezUH3Q?8CM(lZdYh{32tQ@MQp$-uJ zq;ABH;=Voqb=|kSo_lRC4EwF`Pn+RLs|bH9U#^a=5lG1w7@->$gnEs=f~Ryp3C9uc z#JB}6!R3?EP0{E2&z`%2nnr-5FuX10`&6~+YLE>)Ro)fZQh%6E$Jh-Qnm0y`9w@F5Rg?DX1o*`-UBYegnM1yHkVhnW*m3iBn- z?~28pmK2beA^c(&p!Kz=sIW2UGG%P&JS1w482`|2yW)U!;S4|J{BsJGUT=lOMDFAn z#f>km3By(PN6UU7L!Dw}oZw;f_3LWH*pHot{<*hzjknrxbEH#uFhs}3E!5L;I1!l4p256S$oL@HM9U7zmc5rB#?@UT?f5F+`zl2J--gt#Bs=`JxN#C*e^j=PqzV3SpWq$tE z3Y22DS^V@wBEJMryutqJj#(I`1DP)@czWr&4owIVMQc;&dB2AeUp?5LSP%Q&>(M>h-nAqQ z|CCEv$zvC2^b8(ql0Uy%;W_!pEPzflcwkx$xuZ5O)^I4UOyikr)8p8yqvYI8e~TX4 zgtRyd+0ZVzr+KzyhC=6PW$y`xn2c*{^Y*+%TlhPT~Jjp&~TbLbH)clgj!$ zYyJ^Ygw>esi$)_g3$4XsZmRx!)BXK(Eo&)4Qf~`%_fc(I#pAX3Qny*0Cvdi`O5l z5O&Y^Hi(j3+nP#(jwfGqANjmOCmXgQt1p{RS-1u)hgtM+gr%~LUhr1)-Ac%iOsAzdH$aefK(;(;Y)S(5s!FIQ89oM3^ehIV{B%`F(QO>cb%$cX2(!1O*#QEZtYfiFo57#XjLFcI!>n0Es!2%)azpb6uMcjsLbN3-LP1r>{hKS#>@$it&~b<^ zC3G{dx~pQ;V<|sn3R$5DHeUqNGPr#`xEcUnGp@uW5F@ESGI!>v{ov+Aa<2&ctLSwThwe!ELl`+Qp38w z>XV)DMVlP{FMYWbbGfUb(@$ib1qSIR9NdiCtp z#ysR6>nUGJyNTJ_yGsGkDouRiMkd63?Pj#?ynb@R@a@E`qp6`K@9ZI1>Wws?Th1C6 z*c>&=BC6-YcJ5XMr|KbVLU+1Fa)*y>^9v1@Xw1jiVGTLMVgNUgjnyrj%1qwP*soW? z{hkV+Rv>{Sx;kVNeJ%$_C^$>Vn_&kP2(TAt*c7#bdR8U0Be9$9TK3`j`OoXb{PKe$#8w{2H((%E<2Gg;bsXi>oH!y+~k zPdOnkF=l;IAflV4;7!Hz#N2SC$KGhSPdqPG^GApteCd*nj{L_4?y|{@rF!3ZHim}7 zL(Q^RxASk<0mfR^Sq}U>t4_&7#eR9m!9X~1W)6$A|A+FnGl zRgZ;2RLF)Xbjn)`wrHZ&IbCc$(jB!+GGQJ@yfL+V@PyWijtEITPwC?|{A~Gf$imgD z%c1<6oW|a&3W`>GRVb561u1;-2+zA)HoK#2YCCOzE_5a3XUW4_L6B#tn6%%ensxc{ z*|+MF=U`2~Lc)&rDSsh+%Bi(%ai3D#))?K+a%polqkTth)#!S6AC>pG= z^}=ry{wm#|&lzK(s%Mj%x5T|6+@uN*-?6J|8q)TD?%%v;Me_oez?q2Pnri~}Ep(=h zORz~!W~xUh(8*++|1oZE`!tQ`pdSR6ApB|%XN%Bc1(!VbHL`{CAqo7jNw25-Pxj5U z^pb98x0%u03p*W5?<4DaD9Xd3RG489k(EX~^iW`}$gZ)Pl=$pJA%Rc)?ty!_KdHk*G5S*J4T@ zoe#q>`dS@0v01LNz@3pL7rxFFqHEh9Pa+7&sL{@SU$~tdJ9cOwkk#tOUpX2Ry9^!n zChZ;K&QTBkq28m$wg35Om|=OdntrOLvG41bXhL#S zA@;62<1X`6gD?#hUnkeT4;JAy*Oa;xzJj6J>y`bEl?^kAquGR_g`4nSc^Mh|Q$HpX z8f$494C_+2adBz1GzZWD$AGqfyoSjnpO!D;gunV}TpIc4VtPzeV&V&za>l1TdPEJg zX*V7cjc`v5Yol({%!4e$^@fmA*`jr8UZ{joSNK|_T}@-uCoXFPbTrF)C*|ymO0=+z zT^oIFc%(8ZVnPfpzF&F18QgEOzAPr?u?P-Vvn4xvd}zz$!@99lF`%5Ff3%&9!LmaE z9T2t7oa-WVI3?gvWeO+EahbcS5ea$0YGbjKSF_j=YI3;rZAv_TqF|b8G_=woDR+CM zIoy3kQ{GRC28h?LM%4C~^jPF^+gN_|+#)qUny^lSB)JTAGSrS)&vIx#S8|-H-Z9P2 zDN=-4BJoB|7!YE%&$Gw!FdFl3BP6({nb&qc4#OE&q8}4N5p@NRCUfs2g=u02%#J)R zuTF01;Nf;k?SWlQFYoxS!)S!)irB=d5n3#e|HB7X2OL0RrH9;SZet9%jf1I0yURoU zDjLCG{Qm0?YGxqEzB-&-M1g+Gp946H3eEW3zrOnqx>7g*6FRk4SBwo2gew7n^`eG; zIoTg5qEq_I->_eiQL{6(2t~G>J%&dRmg#|X^91H#*${BnV+tC%GF;=$_79FQaQ-jh zSHRm7!?Q~<18sjD;9x^VIxFXY4N6?TD=%yjuCf6%`I_)pg3QUHPdeXhG0E@@erT1K)K zVa5M^<=-sL=qiv-!x%=61(Otj=`oO2{co>g8ve`l%+8U48#?URi7+U!e*zJwmGchr zugAY5D|H%}3a7T!Gi6L`l#0MI-_6*?9w**_7SL9Wi%mC%K-~yvrCG%~@ONbXYVIu( zNcY^A@B~(#2H-y=4rVGCS^uO6BO!ppx5N&tyAqTDcd9;noNOojA)x&T-GQH&H>IAR zUZgaw+M7$T(bIK({ufLCh2lT>zkdrzNW1m^HRf+`&jZHOv+x3sRYWOJM9u@3F&eCy zJ@l_QO~aOLw(^gr|JU!ZkLvgUi3avJ!C1~(0HoDq|Nk=L(%9&II$k`kNMN3)KEt^% z_L7wf?B#;Z-8a}-$=`dt)F;4JyS}6%w&zy_X082kQH}aI4XP0V1?t>SOTyyUkB&4E z#kv2E#D7%de+9(QCS2Xh<3A1sVatmkql^s z;z_B_ankh|0qO9xYV@%o*69M!U3T2wai(&@Um6g28le0uGLM1Z?9TjJ*7}1c{P}_I zA_)7ev0h67d_6&}efw7@__^7PP-FYPcOIoth$$?w)3t3^w6# zM5mR-2Ctv}#|ZzO*ZU8Fw%STFm$6{B0qHdG%7l+2*K-05=KUglY{!ED(Sknq{nl?R zq?6h}+mzP)Ha4pa=K>kTwWQO>eRjfM z0IPt6_>a2$TohYc$CfXZV&ikv?-YaBp#0hEK5Y*~`vhRr!JoDou$3d1P!k9yDt-|2(KK&SoP_04g*Q`QEmtFP0<5?BP#YG;m>@E$82J>YUS3qKvpWi%PEH`yB;m;Wdk zXf*3Ju(0%xO2!z+uB!(zlP9M(_c&DiMbHDELd_Kl41qXwq7-118*`j=*MW3}pQ9ay zvE=jsD)U#(eU38~DI+uiCgy%@`0l}Z?F!)Q z+F(!-21EZSAYDw=lk+c*v(o!&z)GJ)XS870G!i&-zn3knjfnjp0-#w#noYt?R z$MYW+?`dPeEGPgMa=Rjb!}5rpf;&3jPCIYA`TI#4+V!)3EE(z~Bf= zZ5fYq*E(n5u9-`AHW(P*qC;kMoi^qebFnxbAldf8#~VY!`I4kAlO~Y8^UI)*64}%cI#4& z<1EZb8W5m*J=KIIR|xhIDaPwgB4CF*{_qdzc+dE`%v_Oz^P zE7&*^R{~IZADDZrWnNbWHs$VO{{q8iT?;T3mi~v4#~Snk3ov2)Cd*$2jShwIFUL-* fNg4T^I>PsgtQjE4wFo`|{wds6kcl$W! z-uK%3{&T*Y-z0l7d)CZeGkcaiYei{kDC1&LU?CwP;i|k-&_P1NSfW?uY=N)$PjBem`}%Bx*wThq84iNM zL>w9YN}~7{f6mYKUHzym7O&eTRc?X9UfS=O1ys7utZ%rR(OHtxdW_EkrQ@C|&ILO< zX(;;WSkCdMfXeOk=}XD7Wn2^M z2w7;PkH&^?)JS^nO`5Co>wG^_S4dv@25(-sbb*2tm`GAm(b=J%H7{+G`S++AHt8nI zFYoBJjJcorb%uSt(0XCOxt~sYYX>%tC>;_nG6x4ei*2RFm4363pN5VL=^{x3AEw*O zG?3jp5fP!97v_k^;kG4M?a>uhzKL0ky%_4(b@HEDUJiU)GkER03`miT(R?`Iz;05{$iewNE28sn8ML7~@0?s%xZTZXn zc4jT4Z|x3X{N#{7E374GEbVN6vBck!)uT9kMdrn!`Krx}Z2Hyam}W?hAT)%PfaH6G z9z9nd5`TmpJxd?aX@uO5&#ZW=!SxA9M(FlI-+ow@P>G{V$+o?<{>i;VA&9XU(({9D z2lt#@spBJn;zM|y1<@?2N7%y(ua{Uhs&#vVlXNo?cSzaFx)b&S+VaQz63$N&F^r#}@kL6LlNflVAE-d>-TQ>!oZ& zf#D9$`O9-WH?c<2#bAW&vRwSn;<063;+R)GNLKL{=J~uT=~L+_>TE?66EO`jB*5s9_p=%YbRJX^A%9jkoL`D68xzDu4R(^O;H|{1bFYOv z5!J_gy)q?njJxXWU1_);zSi-RdPE7pkcrBB^Nyev<1&;EB?}x5j&_Rqt5L6#PB--G zO_aETvgK>Ou=*%~k{y#Nvourdo5Xi}OcLWduOgC_*%@<~Oy0yMN+%Zf-G20R;WT`^ zq*6)m`TZzyS%;O_{u}n2@b8LqDy0R+`I1F`#0B5TqxrgKEh)R%yNtTRyG)~qy6U=2 zx(ym2Bfgthwtezi*V;*A~V~D@fgY1Ki1I&F6Y4*v~-yi6TS+^O|=nPnAm_#_Q40E}U z*z(xhlw0*56H$z0%`8egzl6zSrIDDjt8$35Ruf~BXtFIC1gD&*$R$s+Q|s^PW@>-X zzWlJoMyu8O>s}|UXf6MHzD~Z2EJ!uw_uj7oZ7%JWlG|)ALuGJj_xXYLD93Le=K*4ov5ue-Fp_~QR} zdMs{osc7-{gSxUt#LuL%i63WLY5Du*SwDe=zCipk>$0@po?4D?X{TZ1n$uN(+iZ|1 z0hCTScoaAkmNg}ZiVZe*-b2y4I|nTb6tlW*)m{vu4$7x`R+M}|{s1p;tY|fY z1I{WaD~jy|?bqzs?Un2b?L+K6XHDz=%r?x~*Y1PwK04axfdU5}HPIO(^dfvBtkv97 znK;Fu9~ZP26L-D3oF}6Y#M|dd6D2j70uv1bH&M~y*zm%6(767nQ1?asK8J{|NGq@g zj_&Dub%DsCVa0chmx~Y3WE*uFbs6n7-7{4&#WkH+`mki%BH_;~9U$%Nr}TONhqNG$ z@6dL=X$jUFe?YcpfVk>1Th2RLra?l#etCfF^}2+l57!PCMK&wo--`l@e77i9ooiw5Q;nrp6*@K)-@j=&AGvH4!gMIf+${I%ohi0$E8pHbD zdMj^8y8cjxmy#doUT`p{F7G1vu#?+D^NlDoF^f90I5R1Ww3>_he3oF!LAG(`{rB|| zw(Vw(6BV)SQ+grRI%fTJ(v0ckIL&x9nZcB`A{XBerR4*LLVW@&B*#hu2LhKM^|OcT zsSK^H(;+CQP1nvjrW+a%&1z0#j%1G3K)GBxhcV;N@Gh{R?bBUmzj4(<-c0^X^|VKo zE)Zt3IO{WWp)CBCa!tg|adI}j&6#0TqRNBFS$D6jb&bXdr-D*HB0s#?j(9vIh2z^jedyzEHvMR%XLJrix9z>49S-2U)2d#o0#&vzOh2yy%~Tk1Y}185*YBgO$H3PY@}K_}q#njf*w4#ZT4Cn`H*gmBxGS zhb>-HCtrGn?rg2A;HHi(7XAf=qraDMZ z958a2BMv$q{t{-Jt0$Ak$8+vGM2)Y_mFeFBiAvJ!oBPKUy8Kz%^U)7-cj^ zDj$RIbT0LeZ0|(c9Pz_;<>=%4tpi{vtRLH>qL7+Pk-xseMIt#F?gE`XUN`;l)_lro z4_x!ce=wOw5@eXjCUH4JU18#{HA$H7le7-$G)A(spr?4!`;;GcSL4RxA)6A1cM0#=*Tc43Fx7gv4Bzeqpi(c=6ElhiV9{Oy% zVmiGubVWiUee;hmvWgDVF%lATu8khR4e(xF+{)3O+v206C5YS0-s!nF5|X5s_;b}B z+>Aa`~pIPlK&+5zi$2Kl>dd)@IOgK z#6_0QJl^^(St~4DBE~gzb6E4A_0P% z&WxUHVJMayFIiu{v@pFhJ$T8K?6B)_A9$2`v*lMax+LJcMLf`yyPcge2U&x;R9zq( zNz~JMS2dNDQJCKT%VqQ3kFRn?F26>9sC-3z_b(R7px`JXmT?9m>=&2`NdIDa+wh7t zUC`!LnEGZW8cz1VJo&pH=BFF|#QYGde|c&o%w&$BU^d+%tvKV z6AdE&i(Egi(mxp&wx{@CFn)W!`@dkET;S9Hg7Hry*((1F#)WK2{}+s39?bnO7?*jx z4tajrhf!W?{L2T0NsHHdgbFJIfcLMSlIQ*dDQ`O#8eG{vvd?guuQ+3rn_LwG8$RWf z)%P=3e%XA#w$N$&{~Y#_0rh&}iL9ShDe3=xKvXl{b~JmRv3_I+^%br@)Y?oeWI49( zj)?Db8dMn7jbkvR=GiKk*J?bjuov}jID zItI`qzoPrM64b^JgbR{1&^bu0d^P4RYsm?qSeJ|4{w=hhgF|S7HU>3FhFHt;t4ob) zzUoVRn~$@O2-fk2LQaCsUj#Z8YMTk4UxH2-^btJ<%(vUUrc(3uMpNuYlJ}1yjJ){qLOVGcEoDGLF>X|8dHvxc?}ekxbNvhO@W9W$}3ieM1`I-WtHYD$Tk+QxMZxxj+^jLG(&-KnxPxZA{g zwXWs1OqP|UVoh4u!zH|_tg>;yo`EN6Jn?^stGC{Stm!g=0j1a(ylfX;$~6m`L}`t9 zS^BPNG?VHy;rVDh6WdiTFr3T-GS*6QJJ*I{AMcYn^FJmK%do(D1yr7fjqm&<0>dWN zJuSDJR9DM<(F^5aWfQN3e(U#BH(0&!433Qb)>IPe;(BJAwD`nCwU4(1&272`Z(V9d z`Sot>RaCJIEV?TTd)iYdV|Nk2iluWm1JVhq)YIOfia2RX-?{(vMbykyDotTk6KHoV zx)`gq)xTz$U-6z-O{6uYwO#+g zrEThiy-0OmpHFEq`|Jr9j-oM`^UZI4lC}-=JuDML>@SlxDRN8~a?49hG|TFHB3j=s zavy#vjDx!^jkOe(eJGUMGd{+ihXfAR^s1B3(457;L?qbn7jr}G7uGiS7rgI;+$Er; z8RB_|gR|s=i!Jg+4SV{+&cl29msYb_mnQ4UJhJhQu$cZTbsa zxHZhOcExyg{RDHIZx7clqm#DF-Ch*p1d3Y9Ci2HvXXO+c=QJuaik!sjchk7O4ZXUI zKU-*$;dW{pHT~Itp2x~40jt;?e5ZneKTzPWqNbHfYxT<^`{~@#G~xQRFvlb$Go^Z= zV!BvxdAo5I;G7vUJ8aC=9YL+_s5U3xQv4(pxt~?&zayexzvKoI5MKc-s z0GxD+a5P&!oGR2{c6_YfHcjx3w3bn8zW11?iCx@X%)AFp=zJ$!{(BdsZbQxgF>-&d zrr35C{PXU1zse*>yb$Qo8&7-WvEbaxkIkbyKX{hyB6HmS!sO}kLGd%SQ~>v=7r)*A zIp+U<*keQ9b_Ang4=D7x$+j&o?AUN@;5H8+!muSi5sSuTHV$dJ(PJZ|At~?%|JD4i zoXdvLud!du-a& zL2*dR4cu>;gKicfIwt0cfucs)qFg2o)6`dgKl8{9ZQzFv0qWVKy64nakEt;4r!bN) zytrr0B2GHNzIakqXo3k&7#0faak4^qaaiPk~qWR8woIj9t#5G}w za$7)@JMeVjveN%$2Y{DL+X5B7zjj`i(KF<{PBa9hJX$-CuD|-}S=8hiknPxl^AG?( z;aUux=@fVQVKUSCqma zDj!h5ot%8kODvZf@_XrdTUbcs zrzso5_M>Vq#Eer&UZi#9D1)rb!1~p@44EdM_Rw;xleP2iH#wCh)!!XOp?Tt_roSZu z+lEgs_8dKz!x!*B21|JzuOuhzK5HK~BKiqDiG!6ebr7LxQEl3`*d`wRL^Mz9yJ+>z z404>T|E|i~NjQz`d3~7cLXj-wc1|~#q?wP=jVJlmL+O~SN8V!r5I+;xthmi}@;#51 z9y8T=T59#U1Rex!N}JAaPD-!c5-o_I0(C8#S|mBp{s zZ_DIu-um;yE%*-mUFVxT$VoqaBZ^zfQfnBjQ@4E`xUC7W@;Z3^qkjS&Y#mvNwBH)!C1_ds)Z;b zmU}Mf*tSlGS$ghVT{^wDA2ne{D6_%lvqig&+t}#c|0B#289h%H# zg~D77wKLtjwgRyk0^Q0J$rZ~ZFf)ba$@N5tjX!a&y*cEUcFw?fafK^mF{kHKVw$KE zR}ZsLq20E`)>m4Vb8g~?&Z>0}hZQ5i@;!DH(49(`1DLZ;gMFRDFw}E^8DVV*<#ApQ z-9Mk>(4ZdfUS2c3ThcshDFoC8RjI%eRZtBV!1)NC-4iQ4(Kqf?7xyEuqDK4x!+|P< zAHQAMl{~yN;-x>RZ9o_nDeee_VTSy22zOqLj^B1;AjBA_v%+#9S!>BO;laM8jsMu|RwA-}U0WU*ynTM0m zu&M|R+e4^`qn~vX?AIs{iA6iavf^_CMkZJ^u0sFJ{j(?C?VYhgAp20T8CjpOGRu9< zXWwi`(T1gMvV7Y6DJ~*{Ovj#dTBPe@ zPUDXh>t!7Vo+rRgcA1!UhlC0S<;bru9LxyIm;HuFedYs4QUmUiBYJ-+sDlA6Gf`Y1 zNSn*N`|XQhB~DW_PN2o7c_X7LSRS~``}{@JCE8){pJEv9Vv);fHVMNIx5^v{O8#z_ z*G3%&KhPI)2mn_=w+Te9XWm1%FkK)g(??ghIeXp4J1#2^&DWxnVM|i*`pRK!SmQV^ z;Y-wUE($$o3piKLChxnhmtfA9FxRF`9cv>JZymIhS^4NJx}Q8`-__Lc`{s{ zk>a?AwaGEj$COE-hFa=3B%l7~eW#Ln`M@2!T*8tjDYEn+>78La2ma=Jd5@ z&GmMn>X!Z6=-v~=MAtl@i1_;{7q*$W_!rgab<6V`{ccVL2i2dg@`GvHbf?B^!;I`? z5w-`0A;lb3zhJ3!E%ocGRLns2&v=-ewP;mbQOjT|0@y-OFGwtT_j}}WI0Bvd2dxlk z2ElTHXZaDg%*V4B?W4O#x2u7)U3fQm$y(tOCK(mho~v@AU1j+#-lcS~5SJ*G1h2t5 zG}7iD`4sqcELSAer8?DH@G6zdF@+2HYLBAz&5!qL z&hY(ufBPan*X-+$au$PMxF7OUajzF^HQrohM{ivi7sLElj=fd)79Are|xY%ObT7OmanM;v17Zb{Ioyr-r|34gUnf zW!A2QA{@CNKKlDDu9!Fv47|*%$CV7GG?GccoB=wvq`czye|oqAF?^i&fZMkulyY_s zCSRUP7BA3$q!4wY1w~j7{XLG!lLbo%{7f>_y7uA@@K|)AgEHy^VcYwJb-| zeRYmTdVL|Vzb^wNM)fNJD{*ADa_QxbjcerLI>I?QfU+|b-`NBY72XBLAaN++gHL|B@xhhz3-xInq*kZJvV%iWpZ zvyI+W2WakuG7$(-pT&o>5t6K3lyWZM-1=zzrqW9i8P_DXM2LV6B zB=boNSC-M+hCF2krVR!^FfVmQus!7Z3aixczvMt8dIHcpj!8IfVx8cNhhFu-To+wV z&{Nefg|YP-_`mi)vFQ}S=JLbgt@^lE)1GJd`CC4O#>DT6+`juDMFSfg^b4^ChxZLG z-RY(Bi&>bEbP6{z&-UZ^5^A_2<|J|?Q=2Mx%n>L26@pHV8gM7Q>HA))8eiG4n-$zYRuV1~mwQ{uO z!{Pp-?H$HNW}omoFI}HljKn>RXn7FjFK~5)XjlWiP7#7qd^peNzT5)=?7y>?&N&Q} zaZv)o^rQ1rnL6*;cCDOA^C1_b-KRy;#(;+&XMnY@HtA*?b=xc~LKIrjEELdV8p{Z0 z1o)6M8wcdIbXE{Vv-FA7TC7kB(>Y*|A{w@htS;ijsqWQ3?~V6264dOJF3 z)eaK#jcd>djng(JIbi$VI^ar$2b-|a-t007GCIsK9<^UxIB{$B2NTQhd;yD)(E_f! zhz0A-ja@MG6{=hMv9{}%b*!4&YfqvlV_sqYTN6C<5SG36cC~LX zDO+PasAQ+*?iPP855B?tA@(@xpbl-U@k(#u1PI7+4txEgQ|^=JoJN&~%YE5F0>1oa zVG3wGUWStg;wNJfMccF{MgjczQxo6Fl_Qpqw`Y>by6PN`F2{-&;iJ>0^rjTJPknn@ z^oe8HuP1))mP9gegFhg<&MD>G7JEU&vR|#Y;B|z#vFoG;u3QDf=4}j-Ur{HO>eJK1 z>efIF>ehR4m8_6Mg}fBLQuEWbf#>6WdB(CM;%@ix>;NN*_Ea!!J0LktbaYyJeMlx* z`TXIC`7SUUg%Kbvp=#PFdo#3Y$TR~fj#7;Z@IMKxSzM-{Dq*_-K6eT zp?p+5?)Kqs zSnr8-B|w=fGZ>|IYDY#qdu>itZI6w>dZ(WfkJsyqk9S8^+Rl-K|3DeTamd%ED@`~K zJDD9|iyp4Uxjw%`NQ$iDrG)hWp|%mvFrD=E%8RSJqqaNWEMfaSk2w&T=d49UgHhd= z!p=zF!|Rjv9IOnbnAfZ39eYtMxlTu|ca^r2C5dGKNPhebeFT-xFO6R)gQsZDxbIPm|Gf15vHaDD#8Le-ieLXmEmhRc(X)r#y58e(KI~T56JdOH(o5UK({?|; z91{IyI{C5A*E8a9rJZ-+;r?t?nnx*?Vw0z%4&x}2G0rJR-2JqdA2TB%;;8MZwM^@0 zFc9XDBXQctXp+Jnb%NtXuPJ@AK_v2NC_VX!K!MtG!C5-a;zaJj=cwgs;fHL9AGz#n zpdBQv3DLN}u$ASA@Lr|3wmQ>)kb7)99pFGj&;}ewBxv?hxyHl;HwP3ex`X-B10Qd; z*#hk6Yn^=$>(Y3#-ceHjcNd^NT>i(~mnR_0#9bYT=~)4%sKbY zaBz`>=&Yk+lNT9dP;3yCC^10Ik@Sm<_AjUXI1x%XcJ9q^bhM9$?ON`QDBlUu`3vkW z09_Y~U%G^E9y3BPBN>8+|Dk0$2Vt6qHp&~Jg3)}~6ox^rI*~H{3w7LcX`-#cEDW29 zIT@m;ldb5rF~jEHtHey1G&ySacdSNMw76fGJV{}JU<+Ji5(2g!A4K{V3AP-|ri3Uqr`=?OGKe);l8*8lhMZG|M|kEeC7|Un~{L4ABC^ z&zmcbW~in+7bVIFegLHlNY_^e?pJDWL|+J z(r5azjNu8}3bp4$EH%bfhCh0l&VE#VgUS#%w6c?mAbf0p-`&Exg~dycT704I@TijE z#M8->=AAQHv(1YbUnG%s+pknTcrI`OJy0x zD}#nyou!q_#p=qtHY(EVg0+-UXHEs$i+0v!mVzVPn!XLP^CW)sNh0MU> zcuOH12zAjxU)|Jy!5q26WB9PVsu`O5Gm?V$ac)(mhb3CZ&h8drf3S(2E7GZbJ_GQWwH~$~^y@BfHXJSg%l@qj{ICwJH?Km9L*SE1+r(0HrYi zuNchYNwsmhf;yb<4jt8W-}4xVYvTkR_a|1 z?4D_qw8LWv>ioIwuj2zV_RWr2gz1FPa129P3Sj_2& ztcfi`DF^T#j;11nfbc^CP! z-u_S@x@e%i+B&tfCyz<=eq-ld>>nu=ar9YYKMI3o;##XWxgky}#3E(GG1B#~=6VJZ zm04@8?ynsg-TD=m#r7x!Iw8K2*idP^Q6#Rla4mncwAK@s^ zNp0l@sms|vCIL5_rL5A=pfn=eb>yUt-YfX{IjAUBdUjj*ES4*ub;G0apK#okcZC`` zT{U!}+yr$oRAM?jns=dn*1go8=e;fsq;f^}(77HV+v%a_F|80o0;4#wlnNjGZ_iIU zi)z1G-26D!ho(c}z<}p~Y^7Ci+@49I=EiE^)1BGqbgpsj=R~qH|BESuOQ$`FP&)$Ajyb<6 z>|DQ770=BSgT2vO&5da}`Cv+q#kifm3lY_su;vAc>a303O%M>B!JcV+5& zxG5srQx-0_Mgn57{W{GSm3T>3=`kT;SrLk%g38RMAr3O$Ne4)flJg#svjwvCS3u#F zim^1F{e#R&Zoj7WTzXv{i}icMwWCk&W!GVY5S4v(aNqf5ok=vn485Cgc6Zn9kh|(YF?qt%a3EfWM+j zOW}ufj*GH=SHGKgOAv$@VO{e$3P3<)5M1$k!PljX;ly7Dm7b?B%g;$OcTuBDF6$PC z?FuqqKa@%e1Q35^#U*v6Nwi-|wlRU|oQA7Q!WCb%upAI!3&yMF=Eq$n9ip1EAvuyy z6WXeS2Z(D|&}>nZ7eofQ2xX1-d#Zo9diZ)?`!hatDub7{b;4`yAvdKbi@Kbjso0sX zBH~RpxU_dqfbm3$p%9l8O)pkg<>>SmyFt2@V5N&9bwvI{4R?Bv-#h`R@{wVv>?8f> z*k+@J{T!Q851r9&MvIiwNU(%`E%9RfaoSz^TV1Jf_V68@^*%l+vP*@$7e`A|trXY?d8WeE z9%hi%=#YC(>oq~ysXCce$57i~|Cbo1N4lzS7v**|Ta-%HZN9o~1Q{>foa*5?XgVa* zT&Vlmq!ro-&=T8S<->bmIDO>8gh40a)gGpw6Nve37VN0ZZFV=L3#4kmUY$nE&sKoy zqRTbjg+K5*190qnv>p2Q6=>JnFh(~zD*nkjoRY4SPPDeB_+Y6|C`Fp=0~H-kcm9OC z5|Z_x0HWjihpRwsL15!E&Y$w-%5JX9UD#e5q_R(ssLLnt<+%@*H})hNTa92OE#h2V ziM{O|%3qP0pLU6eoQeSHc$kBb{rhv2Hoi;*^F~W7v1-6cL}G2)+(1=lnNXX8AzF5^hlfF|8*EKt|bLX8;xr3R0|T4ADHb{hkubuq4*m6M`cO0eoD z6IycRT`x5M9z*`t;2JB8^F#1R)QP8!1aO&f`q^)DCmRsX>F`2d|GBFmMb3PKwjZjE z_kc?Zpl=oZ&~=+e-R!-m101=_U7B_zzdDjldho7Yk5I`XadV`E3=uK3zh)do!H-H{ z6a9phzAV$P;8ExbJ@i?zYc-UyH#)VcsxWiDGXgpU@4`-kFla6W zDhFX^lP-h@25aGz&D`7(E7!;uM{(=GeryS$=$N|@i{zf8@y})nGu9oMz|%Q0lt@O! zS;Vhlg`3bRO8B&qN2XHD6h3j8r%dFV=9!qcGJqLD+6(DpPQ>fiA9PzuAh$f@N2*CH z)Czi80|MiggcimeKu`B`tB8f(c;~y62L6#4i2%Kqtb-9)+tfx==Z6yowCbAOPvtFH zUi;+(Yh z?a3wedKSQPp~na>*Kf_&NiF5X#o0aN@z&90MQnYnBiTuZXOpza7Z2Ul9Gv2oOFvrx zHZf9x^43no>df`OG;~B(aSTSX$@9Nd3B%0A zz@LsY&%j*c2h;>_vXSry?RTKlX20U^_&$lrlD)#k(qR@k;n1*2I!fI}uL^%wkjGPb zaL;A`hlV>u)95yO+|_ePw7Z39xoFI*TExA7Q~?n zH3QG17Td^)(;DbwUBeEdO4+#_L&0p~1+pQ#hkB}&=gX?n^wXgmpA${$3 z_jA4L^v@ggBA`hp(34E^tjUbGo2e(7fp<*gJ0GU!G!Z5}(TEg%FoC*KXGId)Y7GtT zc288K>Y^f;!jiM!+ydS4{LiAB8@5dUx1%ss|(t zE|Yz9xNBgx{cFOmkv9iT^cb&!V;B}#+(pgh1REQaMqAy$Gh?ml$G02b-_c=E7)_Xv z%SijK**OY)%q)S*a>M)9yVf0&(oFa`*%0O!3YV0frxh!Rot(+kemx%7#*`ndtk4%K z+R7;jrY1VYM{q;Dh!?`q;W$gjr@tm|a^O>L5er<=k^JI}#W-{Kp|r4m)T+82 z%QF-?aZbT6rkg~$!}y#&lH7;U8kY=y&86Qe4kzaXx8UKduGdj$i_h5w$<;W>Cw(d{ zL~DfE$`{A*`2N&jCxVXb47;=7i(gD@A+<6rokRfYukv$E)_s%7D`#$VJ-TGQ&P(BQ zlyY)&2zoQ?vn3b2TkA7U2MK;TQrL*^t>@8H_qcMl`7H)j*N126rd0sy=ZRYu7*ur>RQz zi3zy4J5eh%VKvrj!XTYjSSZ5#phow(tA#ZJYStq(>!MK6WYP3DD{ihc?F|6b1s?`1 zP;kP>06{2A*`{nj%g=$9gQNqS6XRPJWACX4w(OS%)a3-xkk8sciO3^GT)#POq!jMy zEz5YY-*)((P}(m@vD9f0wf)GY;pr5$+45gndIKLmoc;-IGkcjXrTWG(xco|d!#Xke08~)QoK#jZwwxKC?~c7#XpqU zyJh*#Ux{|UY*YHA`7?c&ziM>Xv)CsOFT_rS3$O6|fJ*_Jv_roJ(|S#o4-2cJG-YA-!&Oth~h6 z3Qhd?(0%Aa$@1qr^FoJQyZ2#duNhlUyR#=>_s5Z6XzglW72+HNpJ8}%J1CWO8**6J1wt#OO*pqIlk9(#hY+k`5DFHwz_^zK z2&bRuzAO5o^5sJ3rjLwUdpD6}=tmj=oQ*~^fW76mIJ;F?Lv`=qny(6sN6mcreXb#I zs`5>v!L1}UKE2e=*%uYF@HCbcPKok?hdi^-ZW59)ts3@4|~MUv!;!%HX1k< zZBFw^2k3fU5xn0YBy}E8bsn&Ro_KLP*Tt+&yJty*WtW9lI^zP$yzj#YFTDAk4R-H& zb_0+gp?%6>>I4gKVx9CG%ZW1QgR6~Yx)CZ=Y+R`*I-5U)l|gqP3)lmvP@;-E&9YaRwFQii6vn?lpD)qG z$hcf^9ZfF5kSl9CYLysnB!U`-h+=DWD>N?7Jq!QCiGY)CGKnVp`GdKdmK99Pq7^B8 znR_SIl}Gba;3-Naw zctO1MyzF`HZc*5%EqL-*YCD*O2FejSiv>jQY&joS3y_d{V!XkZYhr#seuwFsyZk>g ziw7c}RZ)G>C~2CU7#$k1~f14R6|KU76{m0JG9vhVot$ii^dykLe88%V@ z+r2jk4{ta&f~m$SMnx1uDY*9m`R3~4D0*>|NBvj^C{(^?nt+MEFT)(8p{ju;7wV#@ z6B?{Itr=jlLDu}zbQ}`-1D!}JVo;8Y*&V-^(xyi>G~8r7FFnC)=Vt^J&Bh7R%yS0m zD{K@}9`j%-?9pj@`&k{ibmS&i>={b z_1Y9^q?;LKXs@3ksphI3a0kCnCbD7jw}MJ93m}e=nG}3{$;Mn~f72_LWkx|pHQL*K z!m%v=@nQNloh=S9IpIT~?pkzrAjYXtfG@j!~^+j@*M%BXH!cc|1vtF-7P#QxV( zah~?`!du@en0AQoy>KMM3U-$20(g}oAC{T)bvB6ZcDc)v*_GLg&3GWe@uX80xCPQH zSFOmJ%92tO%^S|mA>bnCs5R0U`J!b4#S0CGz}O1s3aw@Xo%3&ZAt#-DS)})IE*6LG z$3|H*18=-=1K>WS>VetUvyG*X+i)HR?)gAexZQ=s%xFE;q*+XugAXVlkjv%g{c>Bp zADb8!O)^*H{(Gme@X>JmFxsB6vA<>}M@L#fY>@llR^7_ILif1s8BwD!xR5A6*pvvU z4d~f5;2bp1`gJmN?mbr1cGHjs7K<&p>&$g_su(Wj&N4_!lbI(YWSeUwp(^|0H9$9u zx6+)8ZB=;{;jbhG3}lkK&iWYllDpjQhA1fT*=Z9VF5-dD3ar?d-czyhe8^7ngD~Ws zBCBbDb7O9ZC7ae1fAexgOl(!TE&9IUREAf7gd=}Q$c!$kVn)u zYmVX$sMK=(7H}p}ni|M}h|d|Dw&&t;F|r;sf}XUsR0+1GxygJLmFsgm?Ps~$k-K*p zS79ksq|VQH4t3mEfyd8w3gSu0|5O;(^c=QaEiD=0qw<0yKZdCnD93w%OI+7uMT&0h z14|OvM(XPE<%%kx^8>zwTOy~V`PmkK!o48`3exPn)vKRw@#u-Vv}Z}H^vgaVo~7?u ze%XrDEH^G3K39ugh50z`OBd|(?1HrPeL*ZVINTk=u7Jo#aPGmyZx zqjBun+dw=ALbwCjPB~abvCjU`gqULn%+qA3F;#AOt|$!13GQaC ze|k6yWP6?+aQ#P$m6CwY5Pbyv7}gw-!i~{p_lQR$DasRVB#aZl@*fH6|E#c5qHHpJ z4Au`*4-RrZ{j^$d$RUL+5%rPw+9F?apqh~R5xf&!5qQuQ*Rp(DR&sdb3bL)Ism=*^ z_ZT;Rs3YP_7xdO+W@krbc21a%29@!t6K@I_TCEdo``V~0q5e^9jEK74k~P#C=Sp?L zCABppEaUZ9RXZ}_kV_F$`_NR%V45KuShuWm$T(-pQtwng1IK)CqSqrP0f~;PiO_Uh zuW;P)2lN>+MUSzoPBf37Y3B()SqS^}LKSI$U6}rQI;164r{)XB#l;qRovdB1(dTSzHnK0Pz6AO7k=WrnoNG+nGNq9uq#QBf> zf_`~@8)VD!q4SD2F+Enf(ms+OUt{)5y$?+rt%NSKcG7hExg@kvOun4IgYE45w^2$Z zzmio$4e0&4AM{>FX3ekXpTZBVE^^TD)Z+@XdMe9^45Mc>b>BQQWJc)$y18Yh+$XFw zThv`oX_mVqt?|vqi~yUhf|A6Dl0S{)28(cTz1qIebJrFh4@A5Bt>(v<2>?^V1~Qjf z$JuO;V#WRHdq=zXQT!!%owL0lc-?3(r$&^~{!Do~GgfFJNhDfh-?W*m^`PsdT=dde zDA?=qY_8OaF1OAmS~X<4#$2lQDm;pfP{cmoLS=PvpWji+cH+A&@TUz<07Kk!c;c8t zgF;_WEB9XCk49Z40DfEOT^{{W6n`3w3e`*#FAX5?9qde*_R<)%)1wfssE+bIG6Rwl zeujGp{9X=C335$}E|YyqaXj|oZi8Ikp0fxnwy$C)RxU+Dbn|HJCvti0#GR#C7p8qr z8UQ`9pRHGd?d!O8!VHwcuHr6up`ABzmt>wL%o>OK|$(fI&hFP?&J&;U2kXKshd#aBhj-O@I!pd|h zbZKjx=OtYG&d=h{(5A03o~%q@Dp$l2mE;uAYr>UaONx#Z`bbDnw14yco-_8cTbhHh z(zpMziEQw4%0t2kgt5X<Lp#)m^+f0`m zIt(PUNh9JVPa|bMt$&&zHfS!mL040rokq;tR$XX^zQux1gI>v10AVA;c{0n6jG|UO zIHRc9bbx9(W)8vItG1`Z3bF3Zuj1ip?uq!vL?G7JEEq!?QWttWp}K=Q6GiV`pJUUi zXlKvije5p-Nq)U|sg03l|2M$V@r{H7%K%4>P5jZ~ac+6>$}+LkeVx7X35{BS`{ioK zDxvG(ms@k7#S2iZ*NaL-Or#w`2-3kt#GW488JY#|Tc5^KP>W znWOBN`j@0?r);CS{w8okUJdOU<%Jt;P4=&O7+TX}X`kSFboVy$@Z7amvUKC&t_)>W zk6V50Sx8aQ7VVgYwc@;&*OmRF@#vtb!p)5qsdK@7Ifw}8XvE+o8s9#5wth(XMoMn7i*f?9;`kM+#*d`3mV?xMid=9&^Q6fR(@* zS0(HO6r5TQrNIkcZo{hsdo!LS4Ha(kbV(x zwx&Nlh=-|Tu*YgfQ5WR&GO@yJP6Za(LgWbL8@@jlox5-6K!4G@lxWD`13PS~G{KZ2 zru)Ss|KsJVZW5A&Q84XLoECjCoI~Mid~4~!s65n zm{`$IZP)LY;9^X-+w+nXr+`Rx}iq#(ThjwcLLDt&gg= znXL=-v@a>@R-Iy!auG#$MzJ#|yV~8v492$KHnU+7H5!S@EHYItT%%J}-p8ftxsE@* ztz4A)mvN4KfoPF6z7G}1vYD``a5t|VtkMfo=3VdMiE<2*TwGp#I-%RP^7MBsoD=(| z(k!e14%0RJQDtlRh9l78VtZ|}{!u=YY`!(F zXSz*55+PbEN1+&QGZJ9&#W|&)z_MvWrh?)tE{bYACCBAjoL&PhE$L9YM8FlO!}<=0 z=|R+XBNn^%6RAU@_j6ju!|(&=2P6+BTLXL5e0)mZnr5H}Z0?J!)fy^7Q7lNSfH!~0 z3la4Sip~E!B02*75`DNIUfP^eH|XK@L8{|5lQGFFL*K=M_aL=t_@VpF#bN&L1wa{0 zDSuOGy)5nsKvr{$2$1*NtVns$ioyi88B%iq+>c0Xw#R@doVSRyr8G_dU8$E}HnFZ# z%Z3*@rpL_DqhYnKFtS_Psn${e8`RQwyN`}fSHr4Pcd_5w!ttb$(Hd81%!O#Gr8mkR zy5n1nmB@qTsaiRCB>1nGp4Zd(3=sie0V;qF0J){0V}0L57_ZSC70>mn!vhS8!{uoC zf=H*Nzx=s-Tt`QztP_9zfbuy}%2mkq;ipoa4}PL9hosQZapls}4`2*U zyD5osx*IOPGJia}V0w$y=jjUSow_WapB*aSC0&qrTPqi*8g(o`UFc9+D7F}f7Fdkd z{D6-Y)w!-@KDVr@CW>W{aGA$}D$!^$w20A6>hw<0XA;%G^-_L^3){=PPI8;sw0DlD z_8%!cpQ^KoR2Qq`dvl=Q=gfo6qdvgahqydXdDxYB9RJZbCS}cHq8{IPg-{-j*CgeK zDSE^x(aTWK^s+yXZ-XSoA6c}F;RVc|aM0lC-CV9+i_mZZ75C4U|un~>B#c5;c9$tjJk%r zD|c~Q5rzq2n3XlL<)KCx%=~XHfY25P+OmsRv#w>K;KE0Rw2As1N-y}#1-EgGF9Yg? zK3;j~*rkBLd&Grb?@22db_aW@Bis&Ge5a;kH}vO5EF&q<)0fpf)!{zx6Ui|bh*gGm z8mk?xw$7%@EoX{r+p&0O;G;sp7kH)(25_+w2(dS)hbxxuUd{{?lh{n+cJq7-d_HGd zalpCu!HueSK2zD@yWV!ri{|JvCsvhDh^uCmy!66C0^G3`tJpLx6B;MXh?4DOr%GOQ z{8X{BU|D>XfRh~-?#!pt_vm%w~qaO%R)%P^Az6G4@y;; z*>t8T-oXzepLu4wy>QuomwLYxbjMdymFQ1=h7J$fph=bH4E=7+24ma@&Bjt&Rq9o& z9jA{%8=VcC2K}>ze4Kw27e&9}uR4~w>{MB`8jaqn2XePfauEKKkZYj?#yPja7zfdV zPEso;swj+i-Ydky;h+wWn?otJLe*hN^Y@ZCJ&)3_*Z+dSxaVW za)JAs<9YY<`8c|oAXkvDoKC&NsaCQ^NxpxA76Cl|;%f!7>JiBTMvG*yJfHd`pP3cWs7l zbJD^fiW+W~`{HH~Z>B7{)eH3UJZ|SfCeO?9fF9CdYLs8-uCBVz^PA!AkyBJkmWr`6 zT>0B5?=KA2zj#Ce4}vb%)_fHtQ2Hia+7ZZIZn`cAd+oLIDKbxYoZ7m;LD z6DJi|_}=;znjjhcR`TbXgO(#VFSV{DDL9c3-83Ljb1~i`k(r2=|=EnB5Fwwlh;l;OAN>uqAEAmDzKTANyAgg2E=RkPUN)+4j`i%X3W< z_s`3p4N1mmv`?RTy*IHTFmezK6LKxdUt{M4teE_^^vcuY~mT(H#d|D7?pg%YBH zozs_6aW^Z1MMOstyPM4xYeUMSIkSP|n+^D_-vPh%WH#h^wy;l(e00m(=e{|(*FUL* zfXt{FdJdzwtq9syF-E zJ7<2BHTrm~>Ag_bCYBju(l{H=IN3#^+4Ex;xBKGlV83b5jcsCi2ubcrN?skly>{F1 zv7(2?RL#PK#m%6dmGn1?)f49F?YCB2Q7G8=h{N_$J0JAkoFr!ZF7V}SK$0tVU8O~p z0V5iSlk}y^Mka|-h`7I0zn)-Yn&e!Y*E;fAPB%+zR_F~&>39kG9YT_S_>i1Qt8T!4 zLTAd=97RJeji=GVl9ThR&od3}NfOW}rkI%G+U{ixqtDP;N_RwCME9p&d4WCR;!JPkdL zpppQ%^<*28+|cf^0u^TAm@{;-kx<@+O`tY*=ZhXf_x{Iklqb)YB;UIn7gsO*DF2$( zb&#;D8EBz@i|U=2cfbX~#l#}vVxSExTQ+`3y1wB%XaBANkAB!jWcODQYv^G#7mF9U8z424&|@?l8*E!>9&#Dc9I>9;GO~`vM3D^u&Tqb- zZ*+A$2Y~U{$1Pv{eQ+ZU5^LE}F;&7v?`o=PvNskz?{DA1Ke%9t{v3$+z)bVfz;;Edoci?)K=ztcn~^Nmnr>y>bJlWfn<1R#MY@&-WdYskqOvaMQIcD*UQCY5CrcxURTq zzOrN2+qs2luU>F&5UziJFUy`>!=vmPdOXoFpw&)qJ}jW+26np8eR`YWZu7`PmwG~4 zA(Hszkv(9UjwuYsefCI}_2R|&%MdET=bij|s=Ko4+CMkl%I=;Lm@(EvVef8(3Ir9q ze9k2=iw#z<^cz*1hj}HCjEY}p_Q#Ide$MgeI2&p?e7Og}q-`w6D%a98c#|fHEx?IU zL!8(b422A_H7Ew#N$;4;ytydbm5Kn{)Y@q6!urgAEuycY>I${l=Q6~|Kz=mH)+SZ5 zwKL_JXslm_yZG*Q5TvtEs^I|lTR5mo@zT%r7wfVlbKoANX&NRNTzd3m-3(T)G_uC^ zS9Y_XpUQn^!|$}Br2*QUnL@wI-Epa_dixc_peU`gb2eC=QrtU_adVeOy4T6x{A{x0f^+)vw9k*XfxaoOfXp!t zEY!z`537~R!US`Lu3zG12`-5H^RJ&S8-C(|Bj~^c!p&+acnT{d6?UmqP%G7K9N8PD zVEWW%MaZ#Sf8>RRt=b4c+Wgy``I*mx`xr{UI^q8#GS)@HP%YKfp(9Fwn#5Lj(^xq+ z(|O0The-ZFkaI~&sq8*UEBodf#G)?h4MoJKz8!=w33L;gOe{a%YsiA4b)~+-%-m+% zBLlPCY~BJz3`mX3g2JafNxGL2+oxd-c$bnZq1~g#TIrZLQ*u_)?$o+QrX|*7KUA5A zJ4}EW833e2BX3DOx(|9)LqA_OEnXWTChb$+Nsg?` z=PHYMIaiR?qOLFKLt13Dj?r3BH&DarN*$TzU-N|rpsDxfqJa0Ogaj z=K)9claS_%moUo~@ug)Y9wJ#+U+IG`>Nl31g=1>qfs9#^7nDR#EMsV(!fL zMyi?`{WeR@zPM)Rxyo$U00pVtiF-j4!K{`=T9|}@_L~%58p#wV_|-_(xCj`>$B(T_ z$aMeyeUU&Vu7yXP2{}>NPHTp)Yk)eW9VQFwKfia2gkM9Fu>Q2VM{wB7tpD zH;{#;y^6>j$6~540U}7pH1F>4CnIK7mcbeJ^6%5 z54hExg8@|`UZgwR*w+li1ataYt;~|_PjZRs*+n`o((A?!)81WKFqX#A^jUmN(QK-9 zV=Fv-u@YTu70)=~7Us@gmQCAh4;3z3!v*i-eODh-b%pKs1w3Cl@+%$`@Qu*Get|;hVfjAi?%*P9gTwnP<3x+mr*gShc;mWo=i6_ilPj7J0Wt->2(YTM z1$sBuzY(nPKHQ4P7QvDkJzE4yH|TqabVAM5z8Fw@)x0=J8j~qH-($kqV<| z{7_D+o9Mx=J`Z5&Q6Of z&{1CuZ3AF6wsF0}LwX~)TN%~dl|wN*Y``pt<{!a&UGWMSkaS`Zh6gb^6yRa?$UT8e8WtwvEs0-CA3ikc&6kePlr4$rSZ_kQ7MWnDM)TK~1XU0YKA9;fD>YRmJ`(=!W(^}0#O(*t!<_su7sX6wa)^0kpq z#GS4!I3r|9mF=$tgG~J7_=pKQUtd@Q{N0;&{vvXB9+&T~2fJo_UyI?j zq+v4E!M@jR+OV7I^C@&D!RH~;rgAXDYccDKIJCMCB5J+VzwfICQeQxz4= zM^3BX9RNhZ>KAB3vByxCuNJLI>v3!8lb6+t`{W5vuPU*fm3f)w-1;KcP1UDIocucY z7Z0Gq!;qe0HpoJoIWiG}6`?Hoga!E18*E-Op!A}hM@zbK#EAZGX8j1J@{Z9J zeu^(&Xfi^EzgJt6XNP>-oeK~uV#5bxByCTGaZ|<$6^BE}uX-jJ*=VaTzOIoc1ytCR zWVAmBk4#WcC9tacP$vDlV|>PY)3m%6wAc0>^EN-gNIie#rW31!(C6~C(Orc-Z-Gvk zJ6glIUrQQVT0S_&t{NPQI?UEC7G(kt*$_$G6^Ypu^ACJfo8GX7okM^2e6{*Rt@@Q_ zB|RZCc%`!!;l7GZ{#{UQ9><+CT(Wf|FE6;+VK%FPh=iN3+=J?OPkZ(} z@a)@UG@2lOSezG)d=RxHE=#nV@1H9Brp%ovo@YvT*!nal!}myI)$=-?wYs3z=i70% za|2&)V?jLj+#MryucumLbB`BNn3DvJZRNv#JsQv>;KGkv>R8T!2* z?L8^0fORiGDpH!N$3KV{ICrNtUFs3(VQsWk%KA>V@8vxcC+MTY2S-f-? zH_>2_x^Opk6L#K{+4mfmN$g&6R>S*2$CBA8o!hK#qHgpWLw`I_!1f zl6)xXuR7adPZ;XuAc`O7g9J+CPTZmwNq9uRaHl0!osYkqT!8OX?H4#BDc{;HHfWjhY zF^_quqx~dY2~Jtc{l3lHK6iD&>06>`R}&^DjhfLV5hG`0iz2Hqa#xe^eJ?*EptYXX z^sN3(it?xH+NTYaem7s)VO^O<%4NQrr#p>_SFc#tmC3)?hNK_4VGD;~Xp($c$a;*%7aee`{pCoT%4YFzb>cjTt~W%$MZ)E<^<1d~d^ zZzvYoNRj+#saCO>$C6Mhe6hLtfg*p~SYbMJrW%JE7TkQ|0>`P@FY6-L{fg}Aa<;RD ztO~{OD@LHQ^sZm>#+(E0qIQ~?~D@2(23mjfso>`Tgwx?J#{jo`d` z)-GE^v|Qj6B%VWH`8R!00KVmg<^S5NLFc==4nqgSvca9Uy7be--gQH!`|&;jQ-b3g zf#P3Z(2I6&DkRdY$Swd%am-G;t@;=*ej)oU+s=~t4_@(cy=2NZ@hp26@-FY?m1lIO zIQV@eP?%58G&2q)tZl&n5Am?~H*`suh2JK6tB!A@*M$QC|21j|F0$Fsx+R}X(W@RL zo)-(+LfS>Xo7AdfjRwvm6cb4cvg)?2-jxGv(LU{@t3i;uj2mG?S3C}~M#-_Q%2mK| z*GAre!~eP&FhVL|vX}m*(*^elB0gZBOL7M*C{|CW_K?)84{y;5Syqgm zBll4Z8hAazB%fGQ3OH?&+ZwSr2x7N|NWBeYKkffbWI4fh8y0lOTe`hMGRCr_M}DpE z@2X04T#UJ%4Um7;Uw=gwuS`}?x*x*Q$|=G_E*)QlYJcfRL}z9?@Z22Vn(#TPi@d9} z=Z!DrVPWxqjfM~)Lb8iQ6sy0r^0BNlCO;KwG8Ow0-hAuvsk(DdTf^xiuVyEq`kPK_ zb2`&&wnpspGxmwG6Q_gGPP`44IQ`r5^Na?=ka#(p3dkoBz;3f$2xBX_hQF7c2yovolX_W}lc3(+eo3s~0l)PnEQP`ac?DcmO*coym5au^`PEAf08MvN)KBy%H0Nh2&iPOpV+l#w#U$ zBXsg^#E_!3`!`q+TpH5$*dQH;gx|ilk^988HN&Du-G~W()-jR!tG!1I++3t88>0ig zuRNcr%QUi2s_tq_5&SQ!dV>MklrlX)CU4?rEnrI#ANsSrp|ki~lI z=c5w2l=GwMzYTk_Rm>yyp`wqqKCAte!MS)1!gpEL$yN%q1OfZ)-^jcqy1zUVdC)v} z&MaFj+C18*@!xRSjNJZ?QpnLDA>lTUp8b>vX>E8fi1IjcEsVn%UR+%V;01(t1+I+% zD|)P&5<#B$7CtmrYuorp#!ng-Bn;HKQ#e_`@00k3T{M2z4@f1wX&CGM_&r1d`{$R* zvstTD0Ypqi=yr6^w4GS@7{Fub?xV`{@nZqI|5HC5x{S-fNi|By&Mo3l2A^rDbKOol zdk&P@6HVw($yOPsd*nlQAF6;LA39=-8&;E;1 zcM;YU@(sfi=ihi1uDq~p{Q{k^@fES@f(GYgiKNd#+B6;Z2lsT&^^P)M`Z!(LM%+7E z5(6-lcI<7M6%sf)_OHWurDQAwYxT9EPQkqJt|571l1+Q3ii=>MM8fGk9PPsi1{Pio z$5{5cTnin?40fEps5q1QCe+20y~Rf_=;)3uLNqSYT+eea_vAI+VQM|tLqFpx>YS#H4UP@cOm7Q&cgPkIf*x&;@bK z`RBNjNWU&3tb&@5t55|E%8C`Cxl{|%r-Yst$hocGp;vy#u>OFmDq1oMt-IFVd%5Yo zN3pzMEj;eW-!7#1f9stu1c}hdKOfA-7GtqfN*!)WLTS4<4bUuiS2(7IU?V-gC*kXH zXPs5g$JA;cw!LUS<2U!CVMXjC4#6(fQ{=M?XiYpulA>1dGRo@VzMZHXl7CLjpZP>b;YtmRlRJKenA%N{OcuI z5V@bq;%5Gi`#Xv6``1+_f};zeU%l@u8poo>-MkdufCRhpx?W8_qK`uu5oo z+^}NJccAk0F?3gZm|W|Uuk!DfQZ@LR_zM^s(DWO)X2=@fpb+oSpSo14JS#M7oLIe@ zu9P=%>=)g3#d~i(S3GHabz*XynXrdd7Mz*Ectpn) zsd3pt4(*P{+uNQoT{t)3*0$?)^|x&NtT_~m&mLzJmz%wA+)CeNYn5ysao<4MBbXL> zvFHP+*;URq{zeX^pl8K$S@z5<(RMiaWJpEVD2&m_x8722smH!htDSP$jA!93HmSri zGe^T#4`w7P9rHr({XE7;IB7PI4ii)C8sA?D^J>0%49g|sq(UMKP})dk90I$Nx$T|b zzD^mMfEJx?qK(9BON=s(n+}0 zlU?!>GQF;Kgjjrx5Y5GGpQYdqJzk>d|E zygG$%0D?u!*g^-dn{QvVOHavTYxw|>R(tGNTW@StuR8#AUk@;jFO+MwLr9@98UVm) z{z1H`_`(-mb0r7#jQ1AeCpRSznX9qcYsXg@8@KZXBZU zqB+DC3x@oI$1_H5o6fC8RXS1Mp%!4p_NHY;X=<74-0g zg0xPB4wqTjj7K2lt*r~cW+KYJ;q-E}r+rrYm1A^`PFU(&#*}YVJ3+;Q3(`)3e)M*G zD_A=FT(SfG1=WEBX)to%k!5DaibhJ;u%kErl)h`h+mY%q-ic!H+^;zOdbVi%nwfGx zl&cu<8nQPD3*}feJT8!(U-=o2kk(u1CPtwW&>M?}Y$Tj3U9M-(v>c?cekdV5Ij{oA z_^3w{dfuaWd?}pNEl=(j6`VLD(up`{c=Wp@mfX%ZTveIEU$(auh zh408p^eQqIJ9Dx|LUy;;LpE{j$usjcU%}m^{S-X!7LY1$CFZ3ld^u3yw5P_`)sc3a zvqUUy&!`QAk#D8l(YrM9SbGk7+t?Z!9x2vs#tBQE3>dIwMN7?nLC0Txa)LP3`}DS) zkf2c10sPe{Aw}YNSB)c-f@-Yg7(=}@GOk3k50loWlMe8gKGy-DHI@oF-EVltx;JWl z>fM8OdNA7#XV_camFXu9zwR>!CC4GZmB%XHH5m%OTq-l}g_Eejk^v)EDXgbk(1)vM&8V`J^+dzndtMD{>y=zGoa0u>!V zO0D88#YC(%&Jl8nhx@d=qOZIGYn(;f9$SwQ0QAcsXy=07A%4d$QZ@+Tx_475%di;E z@Vh4`+^e&P&z)?Iy3Z_Al$5F#YmTi+hDlJO;5~P;0{Hm=hTWI@mYR6oMt{9O!E&4_ zAu~=iFub*0-(Z1Sq=uL%9k+CVXSSd7Cy&n*2d+m8wMw)nE+a^@vU@Rv!wa+?0b>t1 zLRq&a^yBTt?j`%*bjPHZ*g(cJ?B6+5A6m+Mh<;Q=`r`Umspa;~I6AY@^CEqM#zd(H z6ndH)+KtL=2|JbYC9ZK^?4$N~QIc*=(%&4hDX}56h84|)q@u2V#OJ26i!RPqX~}`h z2E&nm2iq)_N>j>ppG?Y0Z*`G)XFX(Av7U3ZS6R-_w0IL1Dg1A#M{Ohq7zC^1EIdo^3kN>V9n#AP`x z3!kMvFVWM7&*upihL|*kTh0}i+Ph`vI$U6Of zxcZ26uc?#`){B7r=s=3_Y!!IA{2=XeqS@2a5h&1KzdT>`Y_8ua@9Wp_00#I!yJ`IO zVoDv2AW&n*7qk#c+aX8)*T@jOQt8?3O@&_#+JjZ+$r_CiC$pXH)pA`Vc^%dqW zERT|6L_Y4gU2d=GXdhpx$WRfTL_UC(zPvnegw!`gZ0+HBSkwTT%&QJj#cP|rsXybI zK@JK*(CWb)Le96Js=$b2InvyYTV4ay)%SgyEx;)rm^s~B^r5R?1C9@DrSCUUA5YHY zi-kErd{ubVMCk90grJY{KTwSVvPUb`v9ksNWIRh#v6f?<-=445*=?=3oNO-FIqvTX z*ljMEPnPU<0<8xqwMn=>M}$9u#asir6*^IL?`3$!Pm=!uu=1gKO*M*=0QyFN9`REz z^lR{Ajt)}l9Fg2=TR~X5^p0H8!@Q^Mpxx-qvZ5tm*ID=y2LoMe9M*!U{*jF)pnXI& z8YZ~6>2Z6ihLI2{o|6%c5&pXU1V~EM18lc~1Ip%q{1@=Yhh3Cco*4A7i$Dm>?FFrA zrRz1kP08?_0j(IKCrEO+JHu0_Q<*`9idEt>{C5va>2(CCQ$y-ii*z>tS>Y@#0P_QP zeXDgI4y)?L=WL_<$ASl2> zU%zgZ)bD)(upbSDz+wNNpZ2$>P1T@%=&rO`<5iXgjw1@vM0Z#+vk4vFlTlU?*L?@7Bs2X2!)=bz91rW~SjF{(&`t_r~|Mibv zf4BpV0MotD6s6%q@3d-<+pCY-4{kz%YVnUNodrGMu3IBw)s7E-+YwBtb9;5F+6q&@(M8~}0S?7HD{ z6WQyF)o_55|0&;Dh_UF=y5DIQHxlmaN00yAk8al25sdW;#p(r=qd>mWDvDk~p3KS~ zlOvQ|cm`;CmbgtJmO~)vC*0D|`q}K+zkS}rM?OVDqG#Xt_3+nnLoA2HFL+xj~vsCTq_C_<9i{SuqV zQv`CqiI5#YXjKk0L}Yw*xskf-N309YP4$==I}_Y*ScSpI@}mG*x&fePnba&mJAwFM z@w}@d7D?bR2^I#J&paMCPOd9K^hzOPxqI{Vv+{zw#=@>=c3qpqpD@Q6zMlR>#F+v* zmOucMa^q|kAk^cqSG!TS8iHEwmT2Ps@xwMy`IPmWJJIZF1hnnywsnAQRfI*#)Bm7y zF~)kf;A$nf?2BKdkSb!<6{AVzl<{*KmBLLQaFZKs$psz2(6ODo%&_v8VSKIp*`V$t z@yYUjsZf%biBj$f^|rBU-A0#b03~S#Xn9LlMGgp6DV@C8kCP&Irddlj;g|-RV?aVc zFf=uQi>B+k%k8?A9XEG>QRiku+ei>6$Q;# ze@Wm}0eGPqUvzvhpfa1k2GW96&O6M4P6f7t#J}MPpG4H>oZKBpl@vxPh)iRPThPZCJ}L~!FtC2 zvo!Yb5TL_X0ckx>$R*IBQTxMM4}Gd!B86uFePiE-#XDsZ zrxUBmcJ~{{^TG$yt?KhIbyHq{sY;8CK|;QAZq7^%&`n9_UA|N}x!JKY^UYmWmtyUdi? z5hHYo;Fa~EMBX9Rnk9t#!%ouCiM|uV_CP$=z-Y7DR^|JPF43K$ioxE>;KWi3Eit-c zcUzzG5Jq4HI! z#i3b0frH20(UELqe{}6JW_UY4PgX zzgtdv(CD`~=&xR;5CmfP0^ZAD9gik*6~Zk*l35z_(6?`ONTuanOxDL;S>-vQtp=g< zIa^p4xodmk7lV3$_L{ZM91pu(Pt4WbIC>+Np7kg;NnT)!rXJWFwq~8h_`1x8t0$p( zI>?!=zoPVFw-m(~Rk$&8k96S%T0&BPWWdpJjWGt#0BL07tQ<%H9X+?KBCP$!7)9Up_>BLls&nG5(@B(%X^v3bd->b6D{i)xfR;F8M(5Jl#yAn zmWfiiPLlkKFzFL4D5?S8GN0h7HW3ENR>M{L=*r{NU)rRdLwy^mo|e0_)e2QxsWhij z5LId)*<@vK8!8=g;gjPwV-ftM!T2Q#spuGD90#bzpg z(h_Ac_9Q}^2j!MO?CYK4X|y%OV(=A&hOv-ymZ4m~6TNAH`zHsp*%!WD%f!U^Xe3Px zvHCM$mmGkDTu)WL0{0iA0m*Iy9qWbH#i^EIAw-~Zp!>lTveiQ!qWWD6h2N(Kl;c>z z^-e{&*_04+TI*IHTeIEc)aKh=tBD$$)v=6=JNJ0$@lZgpJKB zVAebe8jpm6P!q;tab9gDJs}g|;$~R@EHxOT_47rQwbH#P&~aiGkfv*!cIbcARTC@+ zkP%aXd+RRev~>%}NU<5D5cCgQo0F`wiZCuY3~*0Qy(NW2Yi2QNW1xmoh%V^59d>;D zNpDGxl3=GjU+<_Om}}1NF@KSKK?#_Yqwi{b`QB3i&PA76d!xEaG3yk5Ll4wu%ICd}k|lJ;Z*Xqq$zlP*!yb&)3kG&%6;S#5MCxQ9Wp$#1-#A}zPDJSIR!EpP+#Q+ca;Lg4iZtb z8rTDc-7oK^K`wmJ?f89xVW{2);H&UdeTNg^jDHqHwpei87q$Sh)ta0bX!+jqe2fhl z=5K-P7|S$n%ULNx8cWA+STcyvog+C47;zU07D@C3YBD_**)xCB5!FE5B=@sv)^EQz zx|kVF1adJ>8LaV35!PlE<4Xa2?43!_!4Dh`Zph3S3Jy7V+k!6{Skn?c>0LO96L7`p zn3Py29$Y?-dfbS1O>}UZ%94n z$LgB`E{#ga=?ZX#!ybfDxb@&nS-HP7s7g*hwh4*-iGhhlAG@L)%~42WxSOz0P2=G=*uD)B*k7kM+0`yWH z%~Ns}VfY|^>jOis7~2w6Clxo@IDvZ>oG;%xBX6ebjsXx&3E~^DdxQMc2S-h85rS2 zpYw!OCVPnXh9f=~&;YEJ+>ct)UB}^`H*Ne`s=>mF!59k+n2z2y#n$u#U^)Z1AO= z)BMp0+#{qns8ZQS%S|v|-GcjKLCl+sMZm;ledwf5byLcaQFb~gkjqYsDlN}6G5AWO ztrk;6?z;0z@UR_!bOL9x2X^~F1@O1)<9QM9&0i2%aW-R-`y({K9GIE0;AYXF(o_QD z2Y#5&&s?BbaX6q{s^a%~>8BTL_$_JnIxTX-idgJeZ%dR@+FJuQ6}upHbuMJaOK%9O1Jx);07R6>MLK5HCFG0q6RbAes54?+ z=4`*3hwx|?px4Uolml@b4A@Zh7FIw+P&uxuHNeG|1nes_w3-qB_a8f|n%u87)sdMz zK$|YAqP?87$@k^D@U<<}S?WLW!TS-ose#QEAsa8fOsitZWEUuXUCJs(hqXAKuS{>x z$W80VqJ)`AFWr*F{`zSNJhiZ390*s99=r(?4BGd}0^@#GH$2Ok1vn2ussq5%O_&H# z@VxBP+W~~a97}N-*;dVBuNuUI(LEtq>iuYq>ek$d@++k}~1iw;&Tw0TSyGuo!W9 ztA;~=NYmxI+3~5k7_~|#2BPNnkg|fX3Gg7u%vA_68>~d9K1bySqqL2}^JW-?QyORO ztZCE|;`Eip14M(>m3I*1&p&3bJCkKwf3;m`stsDS5H^xv`LivEITlZ;oWEgq$)R<% z%2h$zY@%a7;o>^$i=1ezLvLnakIq5s$0391`d9S9yi7x8#b*W74IKb&pQ(f8wzlb# znGZly^3iqL#%F>KMGsj9vyhdx^bWu@`Pl+-PaCtDVBfK%Qp8p-b14_rR;-y!0i7M7 zAT$dk5%zh40>VGGY<3XqRk{FI-e(REuuX`QmU&ubuOzL*(}BQ!DIj7xe~`%E$%>Mf znSJB_>%hKPvq~nhS-%BA`L!%z`VAM5S^)0w`J2A6OznERtw@-q(=J_YfC2QQL`ziG zf%1*!I|1H=t7lv~|AW2vjB0x8zDAFQqf*2IA|jy2BM3+l1e6v80qHFPrHX>|BE2Ih zARwU91f=)STj)eV1VyA1NC**-8bauSgoL}}dH&D6?|a91kDu?jUmU|RlJF~guf5is zbIny))MSRYad;Q|J0M>1p~Llm_tZ@$f6s71*xe~9DjR>U1sZsS^cmC-C4NcZH?4ir zr*RP}IL{1ZJTN0hj)+5V-GU1j)I*a3(T!l)695#XE6K~c@JU&6eXfKhB;<@GgvSEx z%6@#lVl4cOHV_6%jX!+;sc;4sTK85^sKhdDh6?*bD>NTw^q@gmb~;*LjoSv4MLuXgZW+%iP#iq~{Eoq9LRsB+kfmmrbVE3$ zUEULF`xR&f0nC+`>+8YkQN-P1^wsF;3f(3|{|?xBe}`vyUcWF^1+XG}s=%k1p^9y# zmFH5w^N6mghC1+Cn@q_aEZ-K0}pQ6qZS~tJff_m%LcDvxG`c=%r>E9^= z(R_M@=USSi_G+^QYkRh3y+8iOErI;89u(i#7y96uuhqGYiu1sXimT*`50PP)LAFp( z;y(PqHX}*um2u-8IYn{no>MJz$);tX1x;i(KUzjR?Pj$~%(*79Ui+d9qg-K20sf24 znxSuwoV@jc4LVe1FJb$=4nSm|7?e7w-JN_BN|MvwG(Qk21A^OXOL`774#WV&4r$B4^>8fcj;M$iA8IN#ZKyDnbUBaHHP{w)_627h26sU7 z;drS5A1Uw>Y2SThe4((G$5PoQmoW{M@?h22v}ev9dYhj!SR+}%s0V+USM?T7uq&X9o1csx6g@gAzVt3+Z;r!w zdI9+H^k`&X`V7EKd;a%sVI^U2vt|yRfw3ACrWYFGB$7nL%MAu z4)Q)}yJ>~p!l0f{JG^nMcJ+1mZ#}Jtp%*x<1zlgNFSIltO{J%C(#-FWe`4w#ZGpT- z99AXZY+%F3!sY$xwA$Yl{$B-(8m(r=OdN#`cds#v3ph#G4P=ja6I(aqn4SXwmQPZY zMu*8=dc?ww17W=7n}7glx;)0V^F_+Or#3-H=8F_C_dioQhtGD^Np6Mv>}Zt3pNl%Eb2_!ZHR zy%@SwHQ10;{JK9;z)%a70v9$1+E16Brn;nDj%F9OheMK$ze;PlJ$3e6afXKCAwj)a7$!6 zll!%@86hznbnwzp0pQP^(j^^}@iAi{V2_r8+8F@`<2AP1pb;{Cx{TuC>}5a8*Ix6a zTz@d5WDCfIFMGQ`w?MLk0UZultKMQT0mnwhG6xgJz~qFkv#&5`*(*{^S^*_1^%JB1 zG$P!e26~mz08X)zQ6+?cXy8Q=b)-0`<%pUa0!+sXm4J2v3PVTt^_ecjY@BRi_*RD% zv4&tALF<3ba4$#*ndYAbwqw+5q=7^@Drz`-d zh+Z|!h=bS{H;8!}Wso&2e&c%kPZlvXs@hb4UGgwdvf^@>R@YOF?Nl+} zwTGZArwqyL10JfM<#CEs0>|&{pi6pl^mM;Y?$L;zPWb!d;_L>sPwG`(mpJq<(1-X% zE;W!fOqGc`8BY#GOKT zn^@`Q6d)}L6P)7KFR|{u!WCzW-n&N=03$V4sLjRUkS1XpM<+nNfw4NjH?Vlms%zUp z3q9qOIQ?4-(}7+iL-jB7Wt<7qf(2L^Ewr7rhNEjemP?Az+S1rWAATK$J?j>b9np_6 zKiA$rfA2=t536ul!+TC8jDzdn?=mh6xYPsnvUSKH{0Uf$i__gg+jJ+$caH|5>HUZEbLo6t1(zTT{Z@^kVfHIx{ ziuZbaMN7pWfZOd$@HK~j2V^-8Emze4GZn0*C-83uZ_eH+j2;oDA#A_B zvjVuZ2KPPiZy7zEM9G!-h8Ae1py|vC;G@6*;mHwOB@kT8Yj|B<7EJt`@LM-a=eYHn z73*2Wg{SZl8mu>>VlNpkaj-i6{RxL2NH37?V!v)BRvk>3|m3 zK4+P^BAiOjRub+M0^3?TSx&glw$CZ{@EILK0B>C!z-Gi1(2?#+riY2-tV7kYP3on zOMTLx=?qHrirR4y9G!b!Uj`OHZHd}85Kc&NE4?@R`>k1KjzahfwHER_$TT=)Leqrw zoWrzwQ$%aQY@!KZ(BaUA*R4{movOA;=YH7RoT;}&W(s*=cMt%?L7H3d@Hc%2rkg6# zhW){J8oR=PZk5p z0e}geXFf&IF`NlH6?H}Rl^YExTB?DX0R^ZbriN88VP^#}1OV<1=mW!U?db)k6A(JM z^#b%_jw}f#mZMPd3S?0An%Ox#UdZsFXPFqm(z2N`Dp(0xR>eC6493XRIY~+vRtPOv z0`+4R$fNFqx}9EhAwZODMofN19@v7cL<*#!##r@E0$oVIg9`~UwaxG{DBXLEpQtS= zHQNS5mYRZjyhii^by!+3HhbbXV};`Osp4~>obYDLe^6tszO5&qEXv4jO$KX$0622- z@V7b;swaND`ms)1nnF;sx!+t;;WOPp14({{T({}A=q9??--K8I7vv$E{(Gl579uDbq<$^`rV)lyRIi3rp0)p>&SK3%3IPZ z6F1;<^66+f3~F${7#t79^_I{@ZF147jb94$3RSmg#7B5opq?xEsv z!cGevx)y0!nIV&hG({(h_46i!>mUSU=U**PheyDO;>lpDT-(468i-8@Af9V_HVSTi z_OMopnR`^JM!~EsAXNcZgnUP=B;Rrx7YhI?0kaU-#_5PN-E`b`;zQ^WbDKgse-A5g z&-elP?MEa+r-}JL%P$?iv3|wqq3vL<%KC)Lw*Tlgtzl#cGHhoL5Ybg2D^Ws2`$RGJEo;sjJzsQkm zz?%k&J2c3_IwM&{^)G9L^0AN#tKMea)E&)&E`2%nCeTh@d7|sN7NcGXD^S9CYVQ&x z6S06YT8_vK0N5Y_6dSct&gjP1DG`;!bs(~}fI5x3?imHu4FyUy?X;~-?SuLBkyBPPdb=tx@93cANk3DJL$5HC|9OR;{MUmx+K#lb zKuI0Fqn)!fm*Yy;?&!YdkW`&b}E4R)YSmrfz-Dv-K7V0I*!cJHI}b_w&7bP zu|e1Ql>DF+qo6$(%ysAh0Cn>b&o=S4OycDrES+O@k_Y{MQlP638p7-M^E4NL=t?K^ z;d*eng6SEyFasL_*!BixBZwuknu*f;TT~uBU@l(;Z`BTFd7?SXDWN4 zy?h`cLU&lqK{NUK)1=fuSiTnJO@Sb*z;#cwebGeniI0N3tLyA<_VK%92YfTWq80={ zxuQ!6f|muH3LfeY{p?hk2-5Vnsoh=@@WauTkyFAGo9!8%nZd|R=StSsd=xngNSeWio1G;b^u%v74?W})- zp2(+T0J4FOcOQ%0Cj%a*q-Y=^1VCcw`0gUam)aKTJvdPpDCT|%>F65n%6B0lE{ z3JH4sh1aq_Q@-30RUz_|y`pl!xW$_=dCDgkQ&ll6JgppT9PX8QwO4cubkO1bprd|$1{ z_uJhd6fp@oQ~7C=f&)&R?WG=RF6GadJUxZ?@k z8g#VM5=S4RX9}L3;m2&V=UV7sU?YwAPv|zoDD>2Ui~-Oln`NMOb!p#`2JxRX*%6yXnDQ?Tn95aQLLGxeH-lnIOS#8>8R(3I zfUV*V$fuf6WZj%Ft#*UN!`f+Jg1rsM@v50_lng-^UoVYMM(iK^4IuW{`$5y+k9SeN zbtF9%07JYGfT(Nwq!jK4TxB0}%X)kEvhDbR5bF#yY6#Dzp%HRly0kRR6K$QKZLkSi zuv|g#Yyj_|4@^zy9SN*|3J_^D-B>nE3!t*<^+CPD4UG>IpIn1_jlzs4-d@!-TeII; znJAG080uq2D=p85L{AD?;Mow@NGW@G-ItK%1lBM`B&z($$CKW zpz6r_gOt*jkF&LZH*ZV=`_#x}jrlj<6xiGFd(SQzvVW{K{mnlCe)+zD;%oZ?hW_6{ zL;gVkvZH}q5O!LwMdf!>?LR{Q|6BS0%3FDuM4xZ!$4*Gc{tmDGKM;)0vrA_=eh(!1 zwMU^%e<=6D_5`wz{F4&0S^NOQPTgZ&Kz$hQ`u^O%mfoR^rvN~7sQ6~ouOe9y#stFH zvcw14zkTzPCD{6V(bWq79RDhp6knGd*EwVUZz})Lo8Wu)7hC_cNuC@Be~)wFP2Ru2 zX4z8o_^NH2{`l8+DwYJB-l4B#Uh!Y9v-k%6gWpPiD*m%`e|H~e-vYarz1uH0<(~)p z^D2<>iHaDh{>x?#b)Y|p3-6CM|MN-}a~Qzym?ZA}Tj0pf1s{afi4p#RO6q~?>CdI_Z{_`M;GwI)3@XIm&w;JK~0}uqCa3%i}>-Flu_o8=32A}>*Omrv* zl5>-Q<=bxb4~C{)2e-?YWgf@!e-6K)X&``>JjpbUWBheoCezp19LFD#@&9LVM)5S` zDQm%w1l5#(?(dp5xN3W)>;I-j4qfI0f3G>?H2L{I3;PiLeg5%=@Be-ef+{~2vgXmo z!|k3Fbg{OnX|4LO#)PQsoosQ2#_vLg=|TS+h{sk7ZvBx$z!vwfdktjNwAwFJOHUKr*67=_eOCWnCz6Wb7g%mZT~sPL zY_?EvruzRCPX3=kCh5AEGy0|@5IM|P)Cy}(Uh32e)8c&iF805#MUQawxG%KDP$^PS z@fp7Lu%7*y|K9Mg&5*4MUJ?9FQPT5Y%|peYCiqKaM|Yj+ChB1$@C zmhUBvsi|Z42-Hsx(=z`az^|6HQmWlrwPL7qIncE$apH4I5L z!b14<)7D=tE9%l~_8NN59WOieuE8zJT%0Tvu-=(f^LA@x{FBIS>no;t`fX+S>Qmsm z#de_^f2P(^FR#ZD$4(mjeb!IvnD0w(Va#OYuHXqz-@&?u z2o@*3e)Q)*+gu22=kmHAod5iffurXf^edvQmHToJ)Zz|8EnDm`NJYM+1w8a9a=}c%`o4WYwuXeC<=kKp~%V5aj7tEak$Cvrri8RlnLTe0xm-V z#TK?Px_I2dpOYuyXtewfeG|Qsx;b^eZ>4^RyMi+oJXFD(%j;@Bo~V7P?3wDz5~m1o z3pqzSNRMl;Rpo2EXS`0mW!r_!>Y%O#vq<{J{qu^Rgfg;gUU0DE6zb@7DCtqZj0ib*GSiLz}RVABPmtKj|+r1X+G zWwDdhkcvMGdjyaKm1RlY{~QOG=!anqlgF_grftOk*OMJv!sku!cG;aiC5$ z&tJ%PgE>^=)Y|AfXxGo7c4v3=Y*$`kQ#3!+=4(_;5~$J-A7$&f=sVjj@@b^@@!6K2 zuVW2xIW{N6OJc|(Mx#x-dDAx?HEaq&ZzBfOZ)HG$WmL%nd7MZxC|fv~?fxrTea>bVdSI#n>DrP%$Aa9Hg z&?f?+E!d}Our$Qf6H^jWW9gFYKYIG?mkff!J@$zPxsof#!!FW%^|2-;?sUHkCd35E3* z>K=uzr^6?A05)z@8}iQi$iWsr@S-;DBG#SR5&Q8ueo{NYJOFO}wm1LlRd`q~7nL=$ z*-s=rF(4zHiNgfw<(-mXM!!Uq2VGpkg?ND}9}AAkX9rI20M$;V1ErvQj=k$6n0k&-84s`0JoOa#t16IQ$ zczB>eSr)46%-ULLp%P3-&@%w$Md+hV9}5WHuU%b;g6vH61G_>f%)DfbBAg7C*h?B; zCAz#vY#6Mq<%&B5{v})VTyF}dSG3Je!uDI$4!6wx1rhUlLBr6a!7=*)pLh2>X;fV< z<2)PI&fw5Ib~7)#Q$l~>4n)(zPB5H1@G2iex&qlv11$zCVBmLPG2=NV!+&8OKdh^O zpx3={r}}V;v>Q)4M<6U?_zSVkRy$p?UVdj%Xq(e$jeGE6`0-t0!zh<@TrhF0bVN`y zc=vW&C52V4OorOS9Z=x<3I z=hsZFiQ>JRb~N#TN%7hFnJ~K&N+C*9#iidj``|wMuZ(o=Oi|*0!KcOVDvH+b`&vvM zp0@1_8mvd(Xr9nxHmu$;MYO*)!xyqRjhCb+9seVRw5filo1pRnhZ)p%2 z78vaZSHs+JPIyePy3Iw)Yce+v__aul-D)n;>se}8Od)jhc+_d9);t>5!_gt1v)DSq zPfMev$JN0W9GV~U20rE~)fYYc?0D9q`T;J))$1{P2iv0FeZP9u(g}ZjrK>ZhK1PWr zy!d0W;kxw|`_SJH<-6Gr1Wrr57-ITUh-DwkqV!J%!Ep;ZLi$ z)5hANeo$e;e<7k&6IC%N*;Ht%;QcKR@YL}L{d5FEv){aP)XzdERN5k>PhrouOKgH$ z3Ohm@2b3`C$os4T__{i{;&{+Bo6<*XqG`?VOnOPhDYw)A+_nE*X^V^`#MVbHC) zBaY`8p0O@r;x8Gh=Q_x$5g#zHN;zqo6hy3b)*4&onofa!r zh4Zi&ifu`0r1X5ulE2{ghx<8pM?3l>9x;luJ0d0XC)&tQ2%xIc!$oSy zK-?|%{clBW(f1qfLn>pg{?IS}@diQ)cMuKs7;DJdDo!`e$j#2885eVzg9gzL&nf4w z-z{eR8}vrj8tI=e;L{qV%CNeAHLCOR>(tUr5vfiAtzV#7+`q(}(5}pC9I8%C=;jR= z3EqDLgxhwUMgvuFMlFN`w)yUlznI0B3hP{SBjl-Aifhrjb)d4pXA;oLokzua<) z^cHyiP2&8E$-^ha@yUKE(Q?);J>>Gd%Hx^Zaw3Db3uOYp$a7p)nUwYYPqn-pRr zx(9z|8GF7HXbsKKeA$CzyV`U2^%vxVkYG=KdT3FGe>6pFgM#)!Ql0wcNuE~+Briq= zpCcofd0Y_tRL^-nf~Gi_Pr+(O{;;i(ZUyr*Gj?u$xR%IVUiwhRJ*bAoeTtW?eE zD{8P_D-Td(FEFRHJLiO{1?z&h%WPNd3|rE>S7HJ6QWUb2QQCRvEn=8wS%a{;b=a z35!x1{otv**+P8MoLw?@x#wrnSJJJy=OpJDjBArB+x=I@78F1$uRJH=JbGI^3Fm?k zVxO!*NIAAwNf7Mn9$8n&rQ5mzXKizF_sS~TjQ#ygj zXo2qeFo9aO?XA&{Y#{4`L28NI9lnq@J0duLYE=gpRyGz7=2Z`2*B0bp#aQCA=kR^9 zMM)y9j2m$;;B#Ie3&+)gn3|(Dq^X*G%4xUtoL-R52!y=htB~aoc_f6Po(0gScq`m^hs)!R+s-{ zx%3mgaHQhy1gQRJ`i=WFakYL(5n+#{{6PO=B0f~Q{Cuz~uHW(ISJ!t!yw*dusc=rI z=!n_11f_IotnYI=5!`n{{HL|-@?su!#$BG=-yxs-$0ED2*#lwMle-G@8xr@L#28zj zda?TMcJ{H!MfZymyzB{kb4>~ncla1~*~Il2V%>(^OwQu`duhajcJ;pRbuJF!7qg&X zU9%oCDpr{Hy~f^b0#w`Vp+A&4=2&i&oEa{*v(v}cjpTora%mw>N3=(iOo=fElzA@4 zsod}qC6!$TE4!vfqoqnJi)SiF&4$TRK*faPi_0&c=qJrj=_e(d3G(hSI)Djvz?+a& z=$gTK6T?oK1?@DcdIkNYlwBXqJ3eMiT$@Cph-9JF1m5;|O(u!GoVk-SciFFRaz&#o zMg4Vm2-25?U(vRWhgS+XEZuNkCKefB;Irpi@c@CHG_wWn|n zL$a?vDmQcJY6xw1Q!^mLUKRqub&F-|qx%oOk%_*+|ghQwePQ+Gg^`lGR5}%G@d%h#X_Z@gGh7`z>y3RrV|a9H~vj z_Fa~(eUnGdC$8;g+b3wFTNWzY$k72Aj_=evT@>W}ftU8cX|<+qrF}JGf*Q{SLd3Qi zV1M%Ze|(m*{qE#5MUwsT!R{KiFnpZFd0*rQWLSf;`e&K{iA5?0>*cvKPyAhnS_%)6 z>ffdzEyNj;EYjEDL9~gYRjNtGk)rUEJnYSF%U<<^T;Qb6_NHTU*oCaTUue|J6Hx2d z>R<-gRTj-5dJA2ft!Xmi(MeGU)7JuqFV&&zdiPW!Q#-hbO_O)Oc}nciCDz84eqGC> zrM4~G%Qgy4B6`a#CNqK+RVke{VY|Su9uR+1`Ywv z-yP$RFLx$FXoDb^rJivna~c+ERfE(BI|bwjc8zbZy6hO4dPUQeJS-it&GnY$pJqV^ z#-n(J4Li@re$A$1;_&<&t3DYoG&=6Q+_*wa@buf52T>8FORsk8Qyisxo6QS%H~>BO z{3PTXLzm}p$j{=zvFn1$nf*U2id~j;rp?wR!e+ag&}3vSFvGpf z*?$1kAcTrkb)vS0Ia21}7`NwZua!oXsESs0*sFopmq1U>OIkxo+nF{FRW)QWincuR zpbM~hLim8ioCoo2 zV%y$lt`f&qkTlXoOtx6tsEFXKH^g;{H&h**!MK;Snhllo8;>K>+f1PLd5$9~=H5&8 zj+Jc)%Tf9Hmf-g8k{w*o0(XEUnPCZK8ANaziFD4rEat!3>=<=fRe`c)=(DO2JB7KB zs}w|R^iw0HCKDt+^Fnw1(gb=Edv7d8d=si{UHQJ}FerA0aq}vJo~L%}Zbvlo5uvf` z99;y9V>jNL22JVSsJH`Wm*K*4Ldb_h2+;9SG&Y=IM$SOok@S5^m>qT=fAPTEta8kI ze>D}-%``EJ$xOFuh|jXJ;j|DL_9-G}ecvlcv3T^DH{e?hOm}E|e`HvH8tH~6=La?$)M95JkLLDfFxT5&zBNGG@+ zx>g4Y#*zrZJs<+!z`i(ne}MG#f{7fFgK?ef|}xT8zU!hghqu+`H$Q) zJ;#z#Ok59CW}l|ygEadtgmq;l>^5)EtuAxN3%Pan!%tQ(SOyT1qnMk=Ae5D}>FnVv z``ZYIP8ha7(Lq8X=zKkOc(Q5CAM2HeZ;REA3qH4l^7hnMQ$8YD5Anq1dUBMm9N3(qW#M`zn<%Rrp7vfLHC@ zR5+NdEkR+N4~~)KFd?3Oi?~N*&U*<8EncxsQ%{*N4?DN|=Ww}Jy8NoB>R`2O;)Qa| zqw;#~gB>!VK}Bjire8Z0?u;P3hyOWO$pT}Y5+}>QPymG*(W?!0leu6j07&??g?BJ; zjr1wy_712obveM^XbUU7g!NfL;ezWW^Kyg&R>y?uE6}L=-KSgfbGVf4OpmWt3Oe-r8J zvJ`EePYBbP-tbi^+$9Z~4iY)HQp-G$opJKHxVf@)bWl5vyP0Rpyns|n3tA0v86jpM z2t!xNZ7O6R2m6m#w!MP4_Hu|eFh*T+u(p?!zkx}BNyBxB=sYE(lDa6d1>%((1cF~U z+D0;B4#9jxgUgB5-81QKSdau5r`|A~zSxrZw*D&_{CQPx@D88X6VT!S;zRnUU>noq z#yb(I^#VO?5$`Uj!IC2~np4X$PNRuh2G{Olip7Wbi~S9Age1bHt2|E3SvPZ*a^*%| z4Ak3-c{A@lF=sr^5F(GG9=`4M5D6KKO#_0I(oc|=L2G}Pur_o0qf3gKEmgZQo0at$ zVSi1FGHkORoQ;EgXV}>HU+)H637qfvWGPeRNF%;NmXI7m6>@G58LTju^?7{1GJ%Xo z2_d@k9Ys?fU&DK+qJyt6&c64YIpMO-X`5*uLLRnCHR`(sY0V6d3eyCs;o}*AU3gT| zTchoJU0Mi6EmQ<%Xg*w&wtR;9kN@!k2qbfQ?@mWX)~>iJi%K#m0IA_HRy5v~NhvL zw<-y*hIMt@q-Q8GBzfHSro2wLP`vEU_^T`~&SA5{=iw?CtF-EPJf3ck_5j$BSc`Sui89Ij1{$ z+@!s>YAuHPDjM>*%u)+|*^8Wj?u0OxVo_C@8*=2THu`{zZt3D_T}I4;Cve_0^T85`JE585_B8WbEX3iTAywy48&S!qm7(jB)A-1*i<;# zu-!iz8L1Xu$Dn^net0A(l4li{%lPtD$PTB^{(3)KeFA>r8LpqJ5_yh6NWnXYDO{j1 z==P|ncm~qke>K_PTuZm(kGI4IK8NTxbY*}&Gt#5Xy9q^DgzYd8aovR`98*S&> zY47G^hrPLAGyQ(8h*c+bbmK!YqK?ruz-6$w;UPP zrf@xx=o6{Hr5by`8mHAgB1yjTCT@`ORd*sxt(}}@DZNA)1a?#t=wX>XTI;pSK;&k9 z7V3bM#&mkwFHnQr`V}QJ#aBtMf6#P>U+TS0+%J*aCEL)ipzUEY)xGS#De(C?l@O5- z!^)l_z-FLtRk-%2x9_a@@Dj+6jo8gj$~`=&>x05(2CkXac`k{!P>?p6Z~69KSGtv=n3;l_xX(P|oA3+r~?~h1}VWx7+20bSaBY$68^FVc}8dgiXeo z`XR2s;;R9p1v3H=#+x1EV5`^4(+Lv&GD3`5PENqDBGf#fZ#39v^#(_69SeMrDWn_* zP2sbcXwuTAIBM-&QH}e0UsAwymgc{KUrcNH(ZPh(I|6{9^futu=JG}m*q9{jnyV5)gQ8cBkuR=ysKY1m|IdzH#fg$+2qv_ud@C+`;-?)V| zhlV(^y=5dBXX3S!*5eeG@8P^;H^0@IiQx&0l`mY|m-wVD<77SqQFOsr?@s>p?gJao zy!qG9S#=~!NlVW{kGyYyw@v~Jq;nCW8|Dz)?1<<_pcj{y#${HRp{Y%h%%G(p60h{w z>b1QV^n~MLK}s_X-^#0CS5-QbgUm+)cZ?x&rcBQZ{^JgjTfQqAr>KRTrSrq zZG2ymFAfK&D35)DNKn*ZZ96M%DNND=50{I?b`#5S!PMoQ@y#L9 zz|)O$!j%>^n$J=8<{_x9iEL6H?JvlC=*Pa0&t@{7#oJLXpZ3&|PQ30zQ6>GtZOD_n zH+!&mTSS@_B)^puf-dMW9l52yeP&k?rmnGv&mqykUgSsm4Ra>YdQdOrjJXSYe-g1i z+l`^ap!H_DfSI{xT(1nnL;EVOqlUW&wI?Ae#1L)r{_X9$VW-(eSttxmIYjBYd z`0??Wp)~t!R@PpiMN0;BFeLiwkJGHz{3>?$hb(N--~0PX`dLWC5Jlso{PrLTdS)|=ZnToV2;=)@wT$7F}Fo~NsOyX^8`yLhUp<~1C z&}n4~S&V$!&BF7Fc7jXeHm~pfx=E*fkA9UqW0r*O;=`}9Jo79Jp$T973DvgH6NUP0 z=(Mxko9{+g+^C}mh58t@4(#fFo%4c7#d1W5c~X3rdq#Kc&9X$n4JW{-@8*6&#hjy_ zqf#EWGEqn3;kMg4#U^hWtpp^fEN0~hl0uLM)c2Z=hfnz~Daz6ql`q)5C~Nug6qb23 z-_c!>jfS!<<7?~wtO~(>%b?^@nrfZ5ZkNFmC7uLwg)12S>D0khF-;kgJVRBZ7C9fHXE{TR z)xwbR#u$pa)kjqpE|sK=bGKpupVd@VPD~e6S=v-4#;6Z2M8do54H!~E%ib(=plK?P z#I{-v8$-Y*Higw11p2g`=eo{#b-i8$8vOpSD=ZkukhxE6vhH z8H(vIQYwPqFA{tbJmeP_a$uh-Skd?DaI@^nz!gSu=apdH1Y-X)tNObznPH!#!wXr# z8|quGSr00hn#WGAV*083g`Cp?H<|TIlyciW_UkaK`aRN&hf}0%9CR^Ba|G6hRkY7+x*RKb1iK*?Co6TD?>vPTzEc^3U3t<)nsc@Oyns7}{eT3DT?5RgQjrpP z?-%8W#;<3W6O`01sNPM8BZ%5&aANOLJv^^G?h>`YhAl!sewRhv8tTsxK0NcqiE&_ zR9CdalnIzPTdIDo*Hgru2h5Zg7%z)<~`{H{5kwoTMOjjnK3+5%T2%0nb&_=TYVax zl4~heicT#Y?!VRf=Si~%oQheZDHfoIXN2wGE7GI#&H}PTj(LwQ3t4+v5WzHSx zePpKHqTFclG*6FG-J5qEI~NP9__p_wQY>G=%L11y92Cs)yl&(5z%0A=it->5L~L84&}BgAVs2KzO~RyyF;JJ42dq{$ zffi1P^DRMPX4lq;q%il1tT0~k#683Fr%vEx$$lzCZkE0|{DJ|pF zY=869OkBx)of)d3LO^?+)QXf655k2LL)Y4J5aQ1GO3U&*0Rgue+!2$C98E86a)|EY z=HqWySX(r-mn)}g`_jsfPdiYx3=3(AUY0V(jCCu60mMa#JbQ4=ftxn}vt zu%+n4`G#?KA?X(n8+G>Oi#`;0I8F0De?jCjztTiwE++8!+0`-Ce-2UgwF+c=5+B@M z{N#Bds@aBoi_GGzA1jq`3lakH&hm4ky2}LWpo5@z8eAg>Xp5 z(@sGR$8mvW*w4QjABt`0ZSiShR$*LIcLium!$mEYubfUL4UZmp2K3Q}xgdeBq(dv~`~CZ`fmImi)Q6L<5fs`dUTUl^R;-WB znm(L1cUhXF04o+t6jJbvL%!kMxy-rh+cZaB?=G>dV*$bk;}X6U1-~L^!~`Gw zomWds)cfsA;@6oWx}BS5$&UvtpHc8v1hUUWs07Z5vvlrtw~^f2dOatnZ5x%mnx7_= z;5bj#ntT%>E@(Yq%`KyBuTJc=JceF=w1^YYY>CRVdO^>e(}Az{61kPIBReG6Tp~}c zp+2J;L+>&R#oDJL5eW)MIux!loa*(L-}CmuPWc=hDKL7@1c5MZ`;|YgTr9bNm}mXj zTc0R8TUAKd-w)*Np39bl8{k1Z^OsM0LC>5S5JCX$9urBJRQ8x@(}xK z9hfI`86_^AWeLj1-+I4A6&Hu6wH`B^uYth(-$=u)`dvL)?nHXp#K;g(U5&;Fj-qcR|1DM2x;?Dak)eb%l(|)(MEL6dL(B6Z#tJ8xFvjqHTKQn4ML(ycEdNHktggA4w`-n66c90y; zj~!nCg|P_XRwpTu_09_n8`TPrh-_`<1go)3~fX+ zGA=iBkv`o|=f*xBq+F5fZvM=BL9!!!zfLO&#-_6kJe2xkBlrS7VaqH}^Kie0Kbc3J z;O*>RtCG=cjO&;SzSpuFFlEU#P10+0K7Zyoj?0997(pYC$^bxslCX4sI|ELtD6EQp zlm2EJqE0O-4g!v#i=2O^iU(zpD~zGYK+5RSjX(gqCCvr&MW!;Ieq;dI-=3i)ZWWWB zkhlZJ{q@(zbf-yg<_YIuMy3$P*>FRZK%c;aAU3;$plhxN+(khVM17VoaL7x8A3eG> zj{&3z;f9mwr0(v6geCG$p}*zNjm<}e#QiF6SnL)|Gl6VzdQ6>S#X|?~&K`}H>d6<) zIZzF`N>zvE>V;4N(vB%q(j=;Oa_#CFBJHlRQx7MU%rHRp?;y{Qi59x=G2x?$`r8xF zgYC^rm}dE^b*Hd}*o0znO&a-p zgmu#O!bu(6jp-el>XY%vs;|S`2Yc~eaS=eEu$3_ix!|&zUhJ;k7}U6`J7_t-v~UA< zV{lE1cz4w6GnK{^E#~%va@t7f1ZL0!=5f1@czLyQL4qLKuI&|Qu8%VD!)!}W&7$rp zM9}1x=c!)$bHWEHMeVU`XvTh|Wkojw)44{EvW+dla@v=otZ^y{yI>TRMXFitcQsDN z(|h~sJ^F8Bwif_QMrk|T6^(R9X<-`yg&sL6=3rC(ZF`q$8wNkRs~C%iMjZTX34Rb~ z*vZEn7coU%snsS1xiirfv1!vt$rr_6z2Oow)t;$MZ><3twGH*nlQRYZuk6 ztmZ*C30}2M4(inlB8CaX$A!TyN${l*@2H66^aH#>>9?G@d113h@{u~;Fm}skUwo_e zzE_rg-VQ6?tm!mqRDtO z5t|b?{B*I6qYJRj`MFAOJm!_9u7cP?%EHEdv{!-Detp?OYDGHWg|5Q?*i9&{$PPK% zN3%)>!{1EP^I@ujcv=Uc2F7Mska#0rVWs1W)&0CO;$xpb9?;HC=&5c{Qqfx4(BTm07dWnIgjMn7Kv!!FqD~<^l($Wk z^fDsNqQ>{jSFCE6Lr83J{7htWG|^`+da3_yT)`>I5Ylz)wj`;$sW3Y=qHBML6d;{r zYgdrDG+8QRlz@v&X9+NU85~Z4p%!Ru#U#h>IMYTe#ZhCH`W8oMs@QNoQCoYR*zV@r ztc97E!C8u$SRU#h<*J;P8l{l%m4!_K9__*hwHd$~zRlnz@gxhUoR5oV-%`k+R}qeK z?L&#cz79*JY#qgmHUJ$}50-yS0nt~T1A;x(5LMw>Z#dTc9 z(mO`0j8Yanoge5D(M!C;hrQMWFc~a|8}N`ce<`pp^hX98_P*h5KWaE|$pyx8*7diH z1^+L`-U2MD@8AEGZWswck?sza?oc`;rBjgZ4(Sf18R1PSR50f`x!VSpj- z=KK4dd(Qu!bMHOR!^871!=BlD?X^E^t^ zEkWSd`f@m$oQ?|rQy@Eo$G>Nwt&pvDW=Vg2@!m;|=XS1n^R;$fvQdM`YrOThEYnL9tTnw(% zz0{NI+qn!5xIYTMZ|pYpjldJWf^Q}%3Z69*{79>P7Z5zN?I~|;zwIc94;DY&&1^c| zXkWad+CUwSRxYMMk>)t^9TWBD5m|S)ijGT@ zq@+sbT0zZM%Ov4N9fO}ud0x4DerHI|-|gW~fxOPCcn}RLU=N{I`n@P9eMDdz2v$j2 zvMW@<%k>|Og^vrv9KL@HDK7$us}Yw(fcApi=WDK_s)8F#+zy{1A@i();!B{#TZ{L7tc;f z0RAE>OTHP#N;jh8-IBwnzEnqm%N}?7$2VeyTM2*uQ?zl6sZ&Y`J`phWy<$ST?UNsR zGvPAr-fmUS^v|jKRj<_prQ;ETX`fq?#_^EGiznfNr+*F@I|-fbn7C@Ie1Y{(21~#8 zr*z<9HF?aOaT__8#?JK3LgvOhqQm^^SoZ5O!OW%SS@3TfUx>g)+Vq6GA`-t3Z{toI zN2Vv47#SCO=M=2D3rtCl@_sW!f!FHaSI`y(Mji2WuelT`-o}mNtqq=7pUm9_mN~i+ z0ENu)tr_PcH$e2+k+lEZ!WQX!x2XE8h7;CJq+x6FHuGmK*hZVGTBmaM&RUwfv-R0j z_pPX$;CjaEnbVi$4dsyyI)G2zb=SnJ_24%kUGm>ZyMt!K4mkhq;M(zA^E69E{9jpv z6L=rI*M1D~3S!dh*asc!7Q8tHvh~u;_a^5{yL?8}W8>#yU27`PTSXVU?FEgx`u?X{8CCF^_+eU^6l6>39GKyA6d zb4&-P6Ty1a-jU%P^w+MDS4M@m7)V}!F_SzL-uskB^YB+%ZaabkG&XDP6QR41Q~N29F1E|8jW& zW-b3^yz)$)2#;G4 z15g>iQ>XK^8=t!Fp&on57hntw5sGeksb(EwuJ=mx2439(TKcOf2G|+kYcv=u``j0{ zsV?y|W{t}5ac0}rXXRqR?KPxC{smqw8c`ch*QZzu8udI8oomF=5mc7b;oG`llP%qY zq-o?b3SEJg58!_hpZy$Yz9I`L?ii)`KJe%cFcJKWJ5svpwn*ifs^61L*y02=@gt&? zpm!>KyYvbu@^7yhY!1?R!9$ng$0wZydZSZg^e!$2ITNBGIxqSD+;(r_Y&Mh2#H_`B zP7Tn`!@A~c*;?VSy}7-0`v%S`W0wgb-FHt^NOes|oZG#QZ`ybAy-k0%sAZL2M19i; z)9g(E7Loo(CM`1Op4gYJ&a;U6K^gJj60HJw6Y-2%6GKJ!UcK$ovsZa@uH{#g3qg)i zaQx!!h}%+o8eLtNcP^rI!+w9WY_`z6?;WQ;lzD!#_dg$kYhsF3OUog8OObDzqrOx3 zlK89FLPNVXZ``~(G0XATPknMWms z_SK)BFQB&XMt4l!4uw)t#4W0YM|K8Yathym6meT|CHV47CIi}qV=_K*#NBa>8cgtd z;8SfUH$WtcPb-?6oevdb_5%~W1*}dlGt=^Oh;g#&4p9&rI>!u5j_y@;V$4mFJ^1vH z*1`CbUYi_(+smJ2`D5G7noAU()W4?hvba!_3Z)bgZ(Mv$&NQz)d@H)WG#DK|vg_wl z9rs9i>~NQfZa6GtVwDsI&WmB%hzK7AP-On@QRSTKc@J%;;|z9rM~3*chQpE%Tf5zA z7B44Mc~^_x;}_>9L3!OyIPfJYJmNdMl1WboENBhbeJkFpDJSq+44SbT%)9w$T}SBe zFpr|@(?LNF+TMH~A7ogm>v;4NAFWLnlI#?CF&|^cvY60fXZyOE+_QqEX}u+4bZJw_ zq0_kZ=D^iyj{MwL3fd=pkgAr~nK>|rnwv{wQdgQ~#fkt~ZIOV%SJTOWMX{EqT+CqDLUa(>GEX(EWn9&SX+a=>Gb z1o=A9d`yTGZcH0bG>l_PXzEdsgp)0be3$lj2;O!0xi zTnri#p(BBCZeXlC9zut$e(>96`ze-oT8_^E@3^g0k?Rc zNKD)=Ji>yd$KPhNOa%`nQ0_nk;xCp^##QDALKP@n0s*tmo46`!Cl~bmw3mPjqC6(y z^GxNvgdQv($6i&z`9I_ifa@_CW%9(0JRAuq$%X(w9C_HX4hPvZ}`aEQ;S*Ib{*xwE{ayITJHf>;^&?G zK!L-|*H6vabdaI*YT>EW;&!P!C5|1xB9cUpZq7UfF5=t=2M^z&w&Pi0%kI0}PEzz)q%((Br%r4+ z^(h&{o;>5prJfu^m3pNDytz&}{*d#W_?!k6YO%_g=d)k@lzx0;W&MTx4Y>8d#9N90 zG=zu(wcqZBzG+x%oux<?%J%^W) zKF=lK7$JmBSL==Yt~(rI>8|=C93|(eUr9aDeUiSnUOI|}vRX$M7SKJ@^M1Ypi%7-3 zm$t(=f9_%)^ahK@FY~3{w0>MHQvRK-9&@qE(T*3dz?7WId@u#;kB@9``EQpgvn5+h zF@6x(JrSUY4d{y^_%xG)d5M^BOoPofl+et-kpQoz=Qstn5NPIq)!>nd?}Yz_X2#=u z)3E6ntmk3vp%HhU-(1fACk9QOMTx(e_iHp4A)_N{VNv=O?kOsq#EX&VaLKfcOyxFa zZob-&nRcJuz%H^EzaGKxPwc;K$^71_lGn1{aqWVL-Ma#v1vNvHg+ z4xup2<-R9pwha0;(R_Zx~4_xParbv zN0(SMB|hjIm!RV5ZU@!QGS@;iJLVG8IP`|>86uHT+I`sq`}M?N6^2`qKc1kG13rUV zlfaN@d_<@Mw&OD7hf|Qqf@F&rhn3P!&|}WY_Pt9+?&(dtlg@7c< zXFV5NLZ%*oof<~iR%yvNUs3_h=iB2yNWd9S-H*nM7F5&;I>ay9jpe6Fwf?~ig3JG#GSOtvW7@fQGz9wUh0G=~LfW1%E$GT3x;AT>Okd>Oz#EIM@;h(d-^^WWRx$>`4FHu=8kqx1q|MlRiD zS~Q2?LvU>pzB}rv+${k@>3BZW3aaxMH65$7&FozT+sZ-fLEYe6?c1yR@guK4xuMB= zAYRNLnLQU4!E0_K_ghmZo10=o7>=G2Ri@^7D}S|HQEsZb5tu{F2Cz#2RaPRhOl~JSSYDZDTbfqRQO{tvYcrKIu z_9c={EV;tN^z$OmfZ)fuv zl^0(ut@G3`a0-@LHItE~27KF2`$>|JI%t?(6lcT5j!ip)Ig(mPn^HWnRCA3&(q=JR z^4z51vJtIY`2q#qAuFsu#}YsM@+VOEr-QdN-{4_pd{#6^`)-@!7ukcP2$xd4_$rtq zsM22uFLKmGOZ?dc{^rQvUa-_NuR_XaZn}~0HB_hv5h6STku-Z1C4E-C5WKbz z(SXvi{Yr_T`qsQ%YFKb^ACpK$NjN;4bLd)y|0Sr|C|9r-vb*aV1K-c$T5!av)PgF% zX?mi&nr>8zibJ52refIJukv$CdGIxc>`>0`vU3u~xvI|@hhdA6%CFd)79I-;&JU(N z9Z$f`shviggPF1sG!u zuj`qf=oG9RK!%v-{l8&~zVryKZ8u46tVR|-+K|N){SX|pUnaCufjzj$=q^6lP)`su zhUP_CjqTQbOO%@Dz3`*P3#jt9T7Dx;)ABClQ|GMAO`Cb&YnEP0%8?wqXyJ#|P?9}q zF6{P;_;`uiXws`ym5)duXzi@l-)(19=#_ft=U50UK7h-aVx@F(vS=NoqiY_#R{gUT zt<|NcQJmjks{(rkfURKiCx$oI?0EcJ2AWQ?CY~GeyLpH9?{BC9XE(PYx~Q!*rg3;> zt^v{n(fibz-f9%!0>m)GUBa)P9rmEy7G=AC%8tPiyafC_GtB(IV+0U01=NS!15RtI zR!=&(l`i3>XQzCt1Qb**-%(JjkFO>n~@pKHutnk#o>%UlA|L89QFFFRoEswfb{)@T-yWmC>qjk+~!1FZ**+K64 zo$@gxJe`f?u7uwqd2;0rD4Nhwg9cRapwYO{I;0+Ab@Lvx=pa2>Nodl-eUpBihyri` z9xGtV5Os?e7@giLqbIX|zso?hV>pz0D8MSh@qWtMyy#|KwF3Ii#;@p!gp$wpjP%`= z?Ab0)SN6cIsL?J%1Qn58&d=`7$k9~IHLi34RY0wb=iVL8z3b&2d_kVYYgzJquA}r^ zqFHnJ2h>wQX($}zo~M4W)rsAUNga0#i-xAbNfDss*Qz`C!_*?YVDUsfSe4SmiHp~Z#9E+!-K z1~t%>TlqCzI<3rOtnGEN#5z7~ny+lE=$g(1`ZPL(vl|jcfWC~+*+xXe3TxC%@Gd23 z8}YQ;{H>RVi5#KOF|DNIec{2`-`fK*dM9$|j{e0(re?#0uVz!&b~aJiG=D`x^1UeB8dC=ItE$pSyLx7Z#TjnKmtG#;hC6s$SDG^=r-cvzJ6(b~80phUvES zRpNWICDtKxu2kwSh^|+bI-6H8_}sGRRDvkFFJL+odZuAbGG+=&{PVnIkam_F6V31_ zJ-fwx8(2V3NN~LG4bY4YK9Go%TJB=`E|GIQsy9Y5LHd%TWz8j?$z5D&XR&CIU?0!# ztxVqWY`DJwBM0wr;DP(#WTI#+JRcpYJ?7s&B08VeN)mhQS?1Rr-Jo5UG5m^VFz6{l zjn=0+d+*D@HwERV#eIv;p!)|Jyc7;&vW^ThHvh3{=Xr5M_i2h?nqL(c_v|eaK@PDU z#G{V>7FwfL9q96m$F$pnPv@}=f%Qft$wu$-XK^3tem@_%UfLOebO;eQ5m}Ew02j#5;D{9FkT*1N@O z4GRSP2$M#aa8ls_y8xU_I%NraEK&mCAl>e75&lzg%a2yaM2{RAx3dSlBmoaW2}To> zmUjM*r;vDEzITR#bpiY3!eOR$l!DwWFdEDXx>CH0JhOMXEFquOfK}t4IW$}u^v~>M z5bS+70~^W91V|h8n(y4oDhI>g6P?MtF~cn&LB$J2U##AKy0Ze>(0KK31C&muc5|TC z6mE|7K3Yh+0Su50c{}8;txgi0jwAj@a312MoptU>Kf7Q3kv?BA_?O_ygA_Z5bisILU)XOANE&E=7Xs624Q-ZAb zom@z=u;(6j$;?YnKHUhu z2QS3QSNUuL4y&ozhd+GD$r}g`248>{1IJgqeSd4EUiLf3Us*m~JW~=`GK+=pOf-V? z$waX%jWr6(FMv|!6bZ!Yrp@m|EaOamF_QKCXX9^VhgI`POkQxEoM;a(4;2rc6@c)SaF6~d8QK=(YC-}lRz7@xSn#34cJ zae)e;RS&qec35w$drURc6^0k_PVm5PVvg=qx?n0CkqQP&yzRcbIJ`9(!wNlH30(3( zs5$RVGSy3%C8ZR$Nsr)C;x~_&&H2>|bV=5jcK5_p0PN861@{={$!ekq>5s4cwACm$ zetqo}@;a_T@UXnT@mbctr(>L@TR2ce2#v9^UDs0Y)Jg3Y2Ikq^Y>((&o;|85>gXyQ zL-Qllcq}i_J>JwC1%dEO_X7p2&d7-nv%Fz537D3ut{8|(sM*?ph;#PEr$e6RQDNuS z<0GN;4!&p{lCG1%uaWNl(sDn5yJs&*xMys^o-0`~INUfIrTyC* z6uDk&a(nG|`S`%XD~9>YVv3rv?oC9X`!QXVB2blOeNhlRB;-9d0n$q^1A0Ccy=Ys~ zjzNcGxj}V>Xwu!zSi#hmVe7aHbz{}!2fZ%`}l*f%TaXad-!vbuAP&`tHHblzu>HS_EB!KR6YeU6K+C@uD^m| zVw_xSFY}|}?0cQ~2{fR-`AA=PhvWMuzg~{b0ZxJUDFKuFo zWUjc zH8(yEreyMW`3Q+`G`)3;ia{$MZ`j*Dk*nVKPNOk@K zupAa@;dDSnRsbZje7$);&Z%3}lX;*TlJvUSTib;4Z4E%_XkTuw#Nq%ue;wX%1NK_T zW35tHh_LS)gdeQ71-suhzF&Ym#hAPZB@QWGq=51eMxNVb^)4TK-1waP;3aki`(74OqO3PKEgz28>Gc|X^=o}$qSNcle6@o9VQ}H>HA^)nAI_1{v~G zHuzNf>?9D&XNQ%yvt7PC-8Y}b{)k00De0NIJLV=UA_e-Dh$PN6U|G+%Z6Ee2Cim1Y zcXydtEMk?8Z+u3oTL%`uIO6B)y$UY97*`?lVHLbhAg0F1*m+f;=i4E%V7grPfua?1 zDs>(bQp(DQgHC!J87`gvEnHfIa%_?G3!l7Nl|o&3_QD6W%)+?+bR?;ewg`9D7h5577vd%`Ixlq7-c%*3I~iKrA2A{zJH zcOZE=@+!%`Z=$Exj}CS0=l&IzwK*jneZ10z5fM*FZ30EQax!_^IIgoV9z!hdEgXjY74 zKKbAVHn05JxTd@9cep;51vMi?J4$@npU}tRIK zR{%GB(!VseTEzl2jEKE0R2W@xo`!-o2(Zg`OZ#{rBP1H&NFbesi@N@}5&(XzK0)pS zGw`$gs=7z8^;_J~qHzhN3aCMbq+fr%M3B8>`EEZ*QO5?=T70 zI#55R^@Qu_4H!$-kJ|14OsibztxV8(!Q$ALyHOw~Vf~ntb+2Rn6!Q1$>E5Y!@bB7} zq=xz?0Y(u$d!>hB@jdR4Glf)M3K1t*lth!^gj(ksY#(B3E4)vIc6K~XivKtqUeLko zZvKTKJUmP=;Tpc#M}_r+z2~%kg~B0pC)zBOt2c2&*-u;&%Q4nZVhY(#_JXX1JTufR zN%}jWU8Zj;_!1yy*^?p*74SzA-A$Nk-+ZilL7`2+jPFB8$v+gwLFl#0L-}gBy*p;# z{u|n#q}uN5Nq_c6YR6Npf)@M5ajn1w){#<7QP?_UyVdJRc~DElE!-4cj}K%`dxH8q8CQ$$_g2;K|B77~ z5K|S$SzgM-x51ejV75|&&78RxlH=N=!1W=+lSapG=HwQ zJ9R8|)rVN~MXonv1iHYYXxfl%lFfGaarVXro$)>*0{A^7YBpL4LR*`ovYV= zXYYH%ghEUk@>!0yGF*jX0^Ap2E_~251$o4jMujo{3^e~eMN^a6NRF;cnnF;uty~DG z0}b@|$h!Np%_1kK0CvtiX5a|_(h!uv7`l*=h}(zL&MlmEjDps0N!`*$MfK3oizHE+jASFbe ztC!5KTa^mUV&GKo7e6Ja3GO!`QwXni?@`R1d27x7TBR_AHqr06{%IkV0zy` z&m5kLlw?V^GvI+7k-k!gX~7H`jZ$1zMxi45AV-yE$qfnA4c+ARQFQvsFSa()4)*-k zRvq7ETj^LeCb#$Qo_P4~wJ@;LVCsXO^cNtEhPaKwLg`DsLCi-oxD44V@82DaAjgfB zD>`bYMlxza@1Ge)3S6SRLyX}JvPzueF+W!aplIhuqQ`_-G7d&xaginr^NEnZjYS1E zIhi=W=0y1ViM_`|mPpQZT%X}AdrN)On85MeFu}eh{{S#PxXuv{Z95-_9(B)4oIBE3 z9M&$JZXl1Yyuxv^Zg3H0g-Mprov|~tDzrZ!f}zD2l#BTuV`$lel)=@}IH*j^Hox2v z)SBg={nvsrDQ|dG)KxS+$*0}K&gfE!R}H_8r*oK&AyU4%^UEM>+{R7xi44VqD-lmQ z^)^)N5?X>Y*bE268)vYyNr%N+9$O3(s9}d|mo`;`UwZ}{k$ObzO-CSKLv|MGg2IT% zqoCej!VxO-M0eAF$BOERz^jY=lOHlh3qDNko8#>0`RK=rU>IHJgY?aSxM8;umTZRZgN(C;39`2{hU}xyWD_j{7j~zDlV2BO7{>BRA?Vk zlaIo7F$HTu>5Mt+R9Ms>XsJULiocPVtZpj90Cj+v-VA_k@ubF9ixEGzFnc7!6dl&v z&*}3NjgA~swr_T+_rxU*Wuh$KZ#W}3?rioWxm;UjMInm{C|vpxner=FrHu!)&!Wx9 z+y^*)xNo%Y`smNncK4m(zA3NkntlC4n67{@w+YrOT%6bvXWvE)QM$ z?n}%XgTDKz{PFwS+QAjgY=HszczD zfGROjDdW4Bqp^=e96&ygyruDya62Ft(@e43rB=$4tzk_+eM(u=MLF;Ua80J}GGC3f zo*y$LrXEnjk};~e->KrqX1>&3UJD+F)0H1nQ=?KBKT}&rPZA!@X=QzvOzhyuFH?%X z&>oBamj2@=*=kra?R&dTi2UJJqGFCVEZln3h%u>i>Cj%!JsbUDHvfPDDE0_sE7%L2X7Y_iqp;}Qp;2H}*SXBr-S3(vsgdBL0E%}hzJDlY~&VWz&an`XV3 z5lNTki{~|0091o1Pq^Hu9cT??eE7oONKpZPUl*oJfH~^T)!8k%!UIQ#9IP*`o=Iza zb9r)Fif8_*>R3UZA0%I{KP>1nMbieQ0o2vCl#UALuSolqK!C5ZmAG0FYjn?H`wsQJ z^&>G#>C_Y@B}R4`;e8wq&Z- z2jONl)bc#}=e9Q{xwvsf4we9RjD3Gqa)mTI@=_S2B`_o?1AQu&kR?#upt zp>}v9ib+zb(QKWQO7FRGvy}b@tq~hKCe4}ME;+U4nOcdLYi>~%_xnBwP9HR<&r#p8 zSfOG@i_oh4RQ?r?BIRQtGZYVae42QMC0P2fIw`ME@et51gfAfINhQIRbLRD%wB)fj0Y)C!vtyjSQ3wy!POk?G@AiLyqHU ze>i<>o1xk=>UD2Gsbc5^u<&ri3DHqp^U-CnHHJu0nMTO1E3w06N?}l+h?zOu%4HZs zu6La4(bRU+n8eoGxyErkTQo1Xgn=AE$x^9WOFs-A$bGkfG^odZ3LwzXVzWin8D-I1Oj6;{ zjg0VgbApDXmQmGTgBoqW@rUOwS!Wmr*z%292Gd!D_+X&r?tjACZnB>nBbbG4VcOeW zQr04m#&NQKmnf5mAef5fLa90Ygn?Px8GfHlr)Y$)VuJ-G)OXk^E-!z3nNAXTha1z~ zdb~e~${DKkO75ADy-+7_&kVrP+>%DTl6ae`pw!n|-pcF%6i2V_$&Lb^7m61PEO+vW z1aC4_{Ac<|hGnvRnZnn?uy}Yw%jyAjVAT685zh+pln9(QnHMf}ILRLo_*nRQMy~R@ zQ{PXLrh$#Ns@23$+klo>DOM}?=!aCQEfDk#x;tAv&B=@%hIQyj#8R1+0uRA!YoaU- z8zR6!I*P7awMt8rn9a3W${B}~El^8P5c+X%;_u8>$7V|gJDE}xr7Ihb13l0OlEx)& z<${p#In)(r(GG+V)^i`1ko2Fu{3%i`=kChmv01wzy`R~ZKala?0-+d({{;(RPiNEI=Ec{ENhQ}|`58IVuxX|VnMrL7YUg`{5sbfR6Q z&*yZTZt~G97}%dO`HoJc<-@Dvs=}Y|PCK@@)LKi#5S8-{pgab5ajw(=z{_d>+mP=# zGThOSQ{r>|`eXv*GHcA>YHt?&ODu5{0NkZV9dv14z?J1V2`~nUUbB9Wt?He{T6({8 z;1z*Wqb)~@j}paSXL{HH<))cblYf1Dj4`gGPtF`5BSF9c?7&b~$u=Oj0k-I8V7N5l9GGPUSM>?w02ZegYaw52BXC;hTbV@4R&(N7srz^C?4&G!^7!Aj=yZ z_9ol1*U8X#2u0VaZTc|`;~&+KS>_FjAAY?#2tDdX>N4M*f4v9Yq-v?3(Nyi!%Kc>y z@j*QcuB+wqVUsI%~VgQgmKR8necYCoIX$|m0-KJCpeUl8lI`bk0S+OetB?cK(6!>da zBhV}(KKa+*Z6L#D1%$t}tEe!!_BqQskO55UC(0#$|KG!7O3DS5K7wdx1u;)xHTEq{|ly*d?2 zARoC6dfXF7SW3s6E#})0Pr=t4mk(mb-r%S9hw*h6fv7wWmlu{~CSJL$OG)a7rOlG4 z(@PUMR4ZVfVe4QO5u(e3#-uXQ%?ah?X5%#U+XSEl*k2leXe^e&i?fZDg8P+FX#J72 zE!gZCfKP@1TM+d>0B~rf2WfKs3$MnfPq<0PakpqkX0~{kBg|^KtN`fv^gvoR<%GKA7Q@s+=C}m4YCbYM zMsU?fcHI$g>A~1F+@h1ua$pF6|8_1-L55%HxO_%e5(COdlmf_UAN_k8@-P_*p=Xu~ zdGi>}#?vtT5%TIu&zRDKkp2JsX-JkDz{_e-?GKkI?9Gz9MM0$qf4=mgEYIRSz&FeQ z@>J{sL?KqM&f@0c-qm9DP$i$B+OLmWt7m>Am=WcD?`Th6`%6Un5i&SS@6tKCYvi_&(v(2hB;YFW3O`3UX}6^^iek zY^w)Lf+Ni#?!lLkXFamS;oKljx(~Yol8t-gKw$|h5Zw##sm12wvTM5U0E>8Vi)ozo zgEE!}%_O|(c@E7Kb{rO;mIi4=av;DbCX4n0Xq3CMokgR^E#aO5(zc#Jfq);6`p?K$ zVS?oV3Y)u#oMAfZ;5D`gncl(!NSnw1sI%1u1LcVrH{CDl-cBkYY3g>|gJtMW^BLqR z^AdyTjld1nz8}yHJ5?u?NrxlKO4+nZx7dl0Sf~{M(8Tw#UZxPcUL>PURV!yWLw`{8 zV(`54vq+-bB7el;rxrzB^%umfn&`k#tqIPdRQ@jyX)+2r>+#UXyzk7UBESPK^X3=s z|D$&Sf5zg3#FOz`S4RK5hyzftc)fW&qL0y4$T)P*WwKaNV*f@&bi(|@{D1#F&yUXkc1ZiVoQmOl@Aux-v(SnEP&0cuYoIg-{r#17x|O1S zJ$Z^tVk3*zOOirhtS>cc&c~<$0~C(hFmFD=q82VED12*~T zs@An2Ly7BMhNA^+ldScSZ^dPR(HI`OQo^%WryD0<#QaqA#ohtH(skE7zy0z_fWh)P zF>y&9^~2-BWHv5`UvmHDZv98U{_i~i>K|^24Jt z{B5OY;9qn8|KH!Kv=5_cVcw|fLjoCvcqj+BAm0~XF#b!x`e*g<|Mp3wm_YEy4Pzf+ z{MYdYz~@;X)L8cY_h|n=wrN8y@P+TX&=vyz)qUO_Z3hm-|Gs89;x>SWOh0Gc7hA4XcKu$!ewLFm zdqm*#|7Sz|X9IoI80uI1k8`C1ZU}Bjul)b=Y#247(Q%E3w4)tue*fQxJVqDk>=yDE z&089e+fccuHr_e)hR7pbx4B#&aD(A3hd7jH!l7YcVFfs1Y+=O?cIWDah@97% zzc#%x?F5cqY)d=OqBM1uxAAVQH*9ycZ+CXe(--yl^0^WGbH3We3lTN1v+DPCS>L(n zeTwziVGjsgQ6ex52XK2_D|O9c=iULGGr23C15Q69-<}??HCqBFLSW-vU2h13QRCEC z?!jvKyzuf?Ea|+Om7J3+TMdhUjD*5VijN?de)gi^%J`K48-!1^F_n#XNqtUhSCbfD zt!`C7-h9h1%=Un#QTW{fEFZsqspgkoyTj7xU|+6h$@bpW$@Yw=SH?4NckapyIxl$c z3e$koMF;<+bC9Z|F3cO*04+fZd~U?S}nbs_w+)Z zHLO$wtS1Z0PBUe&nKmh1u!?P@B(<1>^ga{roP7`ed7qln6SoO<+<^#P)qCyADcj5~%-`<9BBSOHG+moLD%y=2e-c#=k3=(_Y#;2w)cCyC zgu!z%Fau$5O2SHOCHoLmxnf{=E@pP@kkJy6(CGi7zecqrcq{xF$IG06&W2D(^UE$s zXP)sJOGH{DC7H$C>;jcDtjojet1RrI{3hwSUZ8ttLG3qIXP!!8`zSTo4lI$+t3Vj+ zEd#r#g(!(=o0czZY1ts0qE|x34s9(3R~I_TExa|-blkL?N4EnZkk0{i5I5j<3e7Jx zzwp}3U5TReiV^}dB&_J$AT*;_%ysmJH+1wqoQ#!zjwh%WU0$Gi50fy`RUD{}c3yit zcBo;AxN8_b{TZuNf9m;1!Nxnf-hX@{fvDbI&oSb;(KgK}^AUG7XF*Lo&ylT-cVWH% z;6mUNi@DVWDl^ysXEnWPRTTw?DT{~@_%>n1)&^l6O?8cX9bej-uKlT2??;BW5q!Hr zeS604Z(;)bscQ7f$yiNwy?@_=Dt0|o-?ANM{K4HqSQw4&K8sg~4oeUS)Fz?4ukG+($DJGgkZAmww|eUZe3V z9C(!@5ex_Q98`u@{24_JD1 zi_Jz*u>X+QMsIvxd=GXONz6YoOS_3(IM>H-C%!~hp zJ&Bw*Zavr)yZ%+q zPV`0lE8w0T=Of7XAz1exVmlvfB%x|WEr9|~&$;O$1@(1U<_VK}3 zP3pUVoJJ&1e@$!S(&9Wkm+HPMiT=pt2z?qR8MV`rY;(CT8uHB>>t`1U>$X7v*w?#m zb;kdVLT8UR7IgW=O&;C&vGoc#EdTF{bi)z4F8K5ihpiUkAKCpwtd9kGNPB;Te&>0F zF3=sPf4GVx20B$MjP)1j?h(u3aX&(*R{4`BH4P5iuYpjPLcV#U0v{WV(aG5=d5Yf!7RUCZ9 zKY8Efyw}8DZoQLS@J0oLZO*ht8-1rmL)O7zM=PQspA;bvCkzT;;q4JGfIL1`Gvh%7 zxP9?g`+c6^9~t~&>#4-$A??}``Z73d^A{LR4C{|CZ{~&Pxc6YTH|kZOx64O=mWlt1 zySI+2a_!nj6=?((B@JtVfHWe~xj;Z^MMAm+q`L%U(IFu%U4qg`cSuVK(%s#i=jPpe zzvDY+@ALik-@h?%41Lt+x%-~;n%BIhaG(K<&*YN<|V!I~(5hrV3`@#MKk_dlDJ8Vm-zxmLjW_iurxnbTl2{+Lzv8sjTd zSl@Y*6Oz(@1{t;538}%amVkFcXk*7b`3Srre8vfBrONoUZJG3%?<7xz8Fb~!3GFEu z_*3I6@G9d;p+TMAQ23YG=#Yay%@D==z`A}2hY|S7@J$p!cIAa4fk5UKWF&?3>EXsw=?R&g~760=O@A}Hl z?EpjR#r6VtqcvgRe;=nd{@05Le{h$G6WfY-=PrFdQheaQGmt+ZW5(YR;w0kKeej2c zEQ+Lo02ZePf`8)=i}mj=*Z=292QDx$_r=3p{Lj zc+HF7CRTiBucG^NMj^DI9rsZf{?RV~`@<5STT8tpV^sFf4@&!j2VeWsS^u4{AW9Db zej&jz(!^i3F^Vi`5fWD#lj@}}3jV)-5kVEk z-@o+_PZXPP9o1$>UY^+htbkNQ(4Mb`o5q%O|LXgM48X}E%C77D57c?v06DOE^i}`6 z;{NyFba3DLXcJThZhx(44Df*NZXo?XwDq4xlk^$rZpb*L`TakeOL*Vw)>A@!erl$| zfl@;F?^Yy$Z*Q^O|I7Af(zMQIg_U#7=T=vNDw}^fqOJa5LA4s|*#3p{LnXlwlVILP zCI8KjAqF@jN(`lnofWq3%ebg&rk`;53~W0_c=(E!YX_jlW2vcAbge?LM8Nut#%jA zx0V^Xucb{-T;w{{Q16l@V?k#$dDAQl5bl(aYmef~DwF)g(JwJW`AP---&!2CE+^Sb zoR?6mzT44`ea8!{f_wKM{(q+f+6~UwC?kQ8oj`ipJ7g^|a05mj#C^CE{EAw&5GE zYM$nh7=N!?US*{4cb|!;CGgOI^;8r-;&C(&-&H$xzb314>EA)LEN!!WG-$W8$BwUi z8zdkyHP@@K)MZZRUzWo*g)_$XojmbbzW7Y_Mw!TBEMIQc>xC{`2mf=73zY{JWC<_+ z0YFB%1x%4zJDdMp_RuHjQOK}C5VK)MqkdoX9>h6q`h#C`a2d4SSFg7JT537PuPX3G zA%(4GvqT0=^jLu=Q8wSb9WJ0$9|cNJE#o`tx=fT?7{_@LerGUnDfKGisjpK&W|s@>_U&{xFfPu=$V;D5U9+SA~LWpV#f30!i~Wd)fZ;? zrc%F-MXg@@^Y6kq)Idb{{xNRw(lG3a0ZP4XYe9)w9qYswH3LpVn%9yl$gv~z%K3^f z&JzdJj>o>f)BaL5oKfgx*FK*qaucy-7UR$k5B5RgLMQ0+u>H)Q!EtU^&_>ksQ?9T# z{Dgt+=&2aVaZ`ScOsnmgz;bZv7^&*BAwIiWf?VyZd8_)misVx7#3Al>H?ua2JLLbh z*#F0Qr*UgBX+VT?>HjpDnrRgAePqQHm|~VJDyEi&l17bC_-+Xi-Hl%NQ1rfo;`Qu$ z(*X!1jG+{4IQ{+VMgyGd29SSDH37t8U>DmpR`>Pd0`8~hcSbVEto`EC!!~I16$BH< zYDn?yji7|jDg%0az##}yzW`E%` zY^+u@L!4=M=<1z_Ch<$NatSJA9p>5P7`C)zEQPAldSgy!>`BJzUyYmUPwc3_8n!r9 z012{d->~ zV`zW8)qK}P3g)=`;D;s%AZOr?mAD?g14T?P=HY9tcZlXC%F8MsN`x*0Ah1|)pM(Rd zVilJo0Sey}I_9lbv+j`#$_IDR4uVZR+tRtloiW{;Bp@?W?>>m>ow*bhrL(1~=gu}r z+9=a+b0T+$NbL^&#;`&eLr`LRuE{{SE&%cXU0Yvr9I5A^;%OigPzl{<45ebc zr6-nSLNiqP2nVB$_xvH|Gi$E>+_p!LC)zEpe~74bx?5ex%SfO;9z1I23HXk!q4>#H z){4K$a0lTMq9hwpH9U8%OXh&4@~+i z*c1fwnrAb7^Zo5dAZ;eR4ECgdhM(`Y;4Xn*Cxa+gE8yyiB9P~W zshG#IX)OYk$R0XTbj*jk6!hppM4w;;8zY6WfF9ypKAuVKaVmB^YJi*6lQUy(W+mCw zZET<{o8Br2N}Ag?p%Aa;-C&O!ehvpEK|P}Z0gG>VIUT~O_u(?pt~Vl9+x2;<@VSZU zbZwPrTwpbxc7c2nfAO(3P2vY|;t_HRoo!RBiELYmRnjw?6njs{uU`GY%ug2fWH3$8 z&ncKqF4d1h0CXTZ7xj`UMP7qVz;eS!R+W1~e;#XU1cJB~F=J6yO&KJYshKiEj)>|w zyWJI$vAk>13M-v088`dp#njpj1-`&OU{e^Td)?u)C48`#V)U6n#Zomtgv&m?v(Q6p zuGP7-q?^DJ{yNU+@ad+WzXJi%e&D$3R7}VI%NQl~ za>06V_J9Y3g1X-%Yudrk-+?=W&45|IIS3SP zN&&|xU~A}=;qE+n`!g<%_Z=WD3nME7ru$-UVg0AE@5bFZN*RWYAMQ?5c`BY{gbA;2 zG;<*<>%r**2$^1gdk8AIG|0wrG>weqDA7`fV$G-J9D))d9kWf|x8~V2a@tfV-!h5U z2h5`}A8Q?8g&3RTbxEmJ0!5v!d$@v7V4FpP7e&AAgjM&9 z=M5`}*gAU8YFu2SPNSz0%R*Y9EOEzQ0c+1KZ2~MZR#4%l@Mrv!_MHt-aov?&AJAIN ziUK;$pvF@vkacWoVNGDhFHMYqs*HDOiJE{R$^YQodZF!OGE6Y;sW}PduSfA7eq!>6 zp3cqH2fYGyD^Dyg8M71TCqB4)7n$`)&wM!HILych<$uAXoDP`68$gZb&;j{`n@5)1ZFCJuI#q90%- zS^ejIX$$RPCrcSyqhY+b6OfqV`!Is>LXajh>RBl{>ntH)UGUws34xOQq*gyo2S(|- znudgH;Ci`whH^zYLFM4lcD4pK@}5zu=MYFWRFJw-ud~dcaPN~)FFV%3aGfoJe-V(k zc+_6r%f}-X?Ykt>^M*0yreqS!p_-~RA2;7<>qfJ5*k7%sr1xSthAi5y!0p|EZ}){a zb4HBDv}wxtv_^kwA2GTQ4W(u!TL8)IW8=xFEaAl|V|fan(i^tdMkz_(PPazCE79?2 zy$(KXkkNE5oYP?o$E9bDcx{%*OcVR=H6yFkrb>%{cdllARAI(d9UlucCY#@%iTwRX9}hmXuv`q@q!^@m)Ih zsv^+9N72JuID!4u+Z7*Ajqlew>>m(YX+62EQ{s!iakLtGt8|;|CFAO+$dsd``o^Az zZao?B7i_u2BIfx>pvJ0MtgU_Fs+UZaxmgbNna=Yy%XC=ivbnfxpEP` zx4yb_Wj^A%HzMR5MRwXLc;@m-t@&jEJM~I0h8FI$N>{AS6Z*87kkfZ*Q4aGR-zQyk z&nG=6>k}EUVhZits}Pf}zi@2adkp)Y23ngWQFZR!cUn_&Fe+?&y?E)-;7qsXh&RXs2JqY{r$E}3XslS{aG9BEQqK{&xf|#Z>6U8K!Q1|p;Q&0^ML<*vU23Z$ zU75>4wjn}}hggdN{;_A^aiGw#O&tb7#8@@QBai7P4ZM0EPs5ENq$VZsFPvHBpTv42 z6%B~VSe0A{FestdVy<0*UI;|G|Kx{@T=`6ILP9CM83zyhZ$GW!S)Ze2x+i+c12FT4 zEl(AOn1^2N^hB(*UvG7zU)<9ZRbX%(KrU`eqP^)KtJGl~2~sK$@o;ll8a(4P?yTl@ zD{{uxwogQdDZMFn^`>wcQP74!-l8qU3kny z9pgENEE0Qi^E*K_)p~xqY;oPI!9_s{qK4g2?#q=EJ@F*`I80(mpK?E}x;SgdalXh> zK_T+F=QS-u)xMRG%YjEfr+IuA)ke|H(;W;;>T7PRGIps0b#`^Dn<6z!O3qiRtyjl< zEiQ5I;;a3?+LNT&PB?wSqra*$`IvY*OE|L)e7I=5P0W)tUBNM@?R9HfkUkjBRT>WFNU^3mYX0@ReaLBk$l~goa<jikL*} zuDhOnRmk6hAgP(Rw8_kE7t24eK+$4)#YA6O5?w#1`vUzqHrRr>IXu`?Rp@uotXR35 zGP=P|BhxVS#ZohA8U7l96QkoeW~42h(cR*qM2$>jq5}d@ZwtF;`H=6;32YX5>mb`; zG_Quh>||SGK4-2p4-QZ5603;tn+a_?@$$25#5-WYzZ* zTcjN(lDH~h5Y?eQ%4gUl&YRsrb@`+h%n8LoFnr|*Q`K{LIH(;E$M3MdC?w?@ji-q^ z&{=7-ps!CbkzGXH0;e43gi?5~kU4+pVpi|%-0Z9E!V2Pixn&GFZX|!Bef1(NUU>rK zV2!wi8C6s6N)s)w$&8?Rdc)`j8sz!cGE>zTYlWzxnv3zq$?@GP7di#Lj6Y{DZ#kE4 z1D}N6Do^^Prz1axM2O{}>_|zQF!L@X-W?#S_559^GlRtldnEgtimC$wf7xOO4?(+2 z@UTt)l)y#B7n&-{+^eck5$J1_BP1m^^6$K}T4nXxKn256}Qe|T}-(8r3VOJJy z4!1TaZ3|-6WEVvw?z#{zGG17k()4ijIyHcCG#1i}n=VVy%`@}q0*Rf zGiOA3Ehddv36l?7OkD7$O6IQK54EBC@Svb$kKdsZ%i_3ET~0rXMZHQpw9e`ib#24! z?$+Wb$0J(|3FQu?VhllwrWyi4R+z=BrwogPg6kB6-@Y6yM-kxI%(i>3;43xSy=t#} z$2Zp`xngQse6pUYPsS`cAo=v$D|t3ss;CE5+#<)vn{kgAM;*&58aA{vT(J}Af+rn; z%gtH-?c)I%GA@g#b0OB6O1{3S*OtwRLQrv&W##N{wf17E?wPC0b_PY5{3B#IBp@{X z2YGSOPvinGrZ@0NV#k4&pNGEz{!}FY#?U$C3#`Hi2 zY4v*ZO(DYkRes)2$M!8<2I(Mv{~RF?n4#d8zK1){@&XBz-U$=&G%b$>JK`LD1M9Mv zVVB!K)52=8w)%?KEcygfrPD>lTNfYxMS08SdhKv`ag^__-p-J~?@STZ*0{9oRFda? zHA)wcl{|mdJ|f0&zoMwXbuv@zbh90_!!B19-vRc5MEoxLNh(1S&EzUt#WovJQZ@tq zKjQp&nDL`nf8vIzB>0bd0j`uzoA;UC*~TjeDIJ3T0MaHKNrbt|$;{ux$*kG|Zi~23jy&1h`=n$HXD8M70nr#vzXnaQCm-4ia*J|Lh(b;cCLp?w6 zS0nY(8O`q@KYW$VZ^e1HPYe=x1yBbd5TfjHDDKQJ&fB5;YvJyZ|Iq@mwzF8Z!^VT3 zF^7W3HGZw7a2X1MY6ajva_<~5t3C4JLB|b1j=-z6Y!Zm4_wf-Q<@T|Vc=3Ds7-iGg zXJe4dXV>Z?q!PaS#T|co7E+)XDO6}cy&#CbmrMUMR~Ki+xu{5crj)9zy->^QB&)1= z5F)9`H_JnfiPM~T(PvIUJZ}<#Wr3`R-yC7ueCO>28?NuLmOx;OsU0+q+T1w?d2X^Su9eWy)bowjj3q6k zy7&8Yj#7&IP~pl}7q(wT3J|u$<5fcTQUuBBR)Pj5vaSmqv*=hC`s&lav;b^07}~6p z^AVHEydO%SqpP0J2Q}w5W*NV1M2fTvN}$xKFa1UhNDHm8N+;G5{rMXd(($MnS|IvC zrKew>W6OH6+$%G5r=kHWTRcHVw^~d?T%%y2J)}{m&q(U(U`NbkW_Kz!p?%mwOu;~I zxqXkp78DljSW{y#smZX*$dL=sNT!x7Pm#2!$nUpgF26UOH}oX7?E4_MLe!nMaeo_0 zQl`}Ay_4;mH|O<*XDZc2p1b$ISQKB7BBkDq-NYv-OJfPpf|OvdC9{28TornEZmPla zK-0rsh;PJKUFNBJ8f9%JY?Jbng=$nzKV}h>O5#x~rV-_)9L5BnT@#sC?2}C8&EhTB zZ3*qogVd2M#_y_~C~U}7wM=@{8ezsvl0oBPf#;FS&+2$_)fHS!MzjjA=EUFVU-`;I zT#E^O-jz%?_r||N^BPxIxTIMBs$g;YKQjmZf~DyqfDb`uQ)rj)M-(YY$Sb(Mk93oK zn$0*oqtcuM6&pHRG&jYOT9^){d^EDv`k~5oq~AzvAdrZyu?@%BEO{2{SQNrxMWF{0 zqcAYx0U&v530w)o_Z}k&B1R2;Q6Q(K?|w7U&llaE1{E&9pJ1FeCEzuGH*G!^A5EXD zExLkmeTCj})Jsp$6=E_(#C`&CI4=2A1b>aw&UPJpnk+gk)On!D8Nfyd(}sw&CMb@# zKe3z%`>`nq-Cd<$mOB9eWV$8RwMr~)7NbuX@){<_;cZcZ#E$-UmJhA@qpqhYl~1ZS z6lwa4`6*+bIHoI3mpa)EPY3CPabl>ZSI#4nw>WST=TBl&koX*4d6|)`_!JMn5`=as zq8-B=zl{0{&!P?(`MT?oLR2suF*S(<>)MuXg|QN&E9muB#mu(QiW)hQ63Vl%A~Chn zb}F}@ZZ~4og8Ln`c1I2xB7zQLo5+2FqkRw#FSFJlzI(;xy@uHX>`>8?BPhFC4un9T z?Qril#1f=cr0ca=K4Dppiz0^@6GO2*de#qNh}_d6Ew(Q-~B?qH~_ z-DPG^7{tHHPP1Qlp!S$KKmhh@sQ-P30ZQ5%zb&lcjHrV4Ld)RfK3I-eoDe!HY^Yhd z77*iQe;Ud1yM$-w9t4lS0C=dj9Ox1>Bf`kHg~_8`4?g>C%V zo2q^l?vM6V-rJ6F?93wf&%|aLD%SiW0HF>Xw*wp{!JNbCGMU3f%uK1{LQ=? z!mA4zNycnP>4pdTWaSXwrh^Bezwt)6V=3RQ;IIaQ1fNn*P3m%OfAc92=X=DiImsno zOPt5f8+QJhh0qY$gF!^F)y)V?;O#P-`Ud=D$yp|dKgPoS>$rv(-e4p=MS2&k!zX?iWQ@zQF%qZWh_|bEMv9Cg&{}9Cm6;E!RfK5|NhW}u& zqJcDun&5<|LKbp_=20}?g8{EyjTRO{cnc!r288()0DmJ6u&zVbH=14^o~ zG5HNDLlDA>oR3$nx;O4ty~lGMoBOFFVJUC(qwG@7S`$`91=iQk7rCf|)_-NJyN1E+ zV)7z$1%^)M;_?_6Hl8yKd~i({a~aA;kTHjpY~jdHR3nh?l)c8g>qC^GCC%hx+|4{z z?t?)Ly$?TS2@o6KQ4-(Y{>57=-OV8jA^P0OTACilp@b$VCwAyXxHQ#PXz$sNiml{t z)Z}4M@ia(p$m6?<8HmCeQ0N3Go0HALQG~C1DH?K4zG53m5%c4maWyUU639#QSay|U zqQE;6bR;_uDJ^I{2Hp~_LEjUXm$_0+*RiA&c^G!L+mjea>77u+8K$SdMwCvbz2pF* zl$ewQGbs+uoIbkWF%G6ulD3~Ymn)1{=V#L=@D!RdcktO(tlQ4S%h?*a*frCv3DHPB zBqS^wJNMqOB`Ptc7dZ|r$8G2K(cbMc3_}wNlh|sPxO#qo+NxEp)sZ{TslhNju_gOZ zvE+!MWRU;tA8)o>W*!|VrXldh&U!)UH4jpMT{WBKeMcw)95{5jtfmFMKFW!~6ckVO z(DEbLWl0DqD1ab64V81_fT1sPwJh3=gErcNgZ2i-gnU`x`R@{MBh+UqE@jN-7iH!e zPDNBkcko^U!bF~_>|wZ>o-V4kFUUHqZ2YyWK9SsP!VWjw0wISgrV2Q&mRG;Y?hyVa z?%E+E>yuORMT*IkrfTo$_Ym7$xdiUVJ6ex)&X%%M(h_wiN^kU&zNE?(U75iV9INQ|Y$}BG3cB_biBe2P_LnQm8#ar#-c&pBz zRtt3+s2~*GCem6>+bEaEJRIE5-yeCH zOYPYC?&|_-0nf}gk0p1k&k5U4KAdEmkCixjklErKfhChccanvbBajm#`3~sd+r=%NmjY^6s;s`A-k_DTV$(TsFk}guwgS|gx;#mDB*Lz z8#@=fW#3U4bNOD-qtXxos*@_ajdKja$@dn_laHhNTM9!3=oh8BI@}%MJri5R&0k}z z3OLhxC))tDx_VuIK;e{+U{?1$BEvj>t>HXwUA2 zZzq;&R?@Z|F1;ek8|_?LE3m0NpB5zAoE83|O}RnDg-HEguEuY7b+Mem%|dVKOxbnF z=Nmb+q7d~R!K3l`M~Za!#^`QH6>Ool#~=wW-69`DZ!J`5!~cy`Y~6{=uWAUL$3zAK zBQ};lM?;W-iR@_j<3@GmRlCy_0<{(E9~??)`deBSJyxgbpA@|hGEhFu_)ChANj`r8 z)h3KCXP(U|IkUwJ41-!EY%6l6`R9*dkrnPC%;lMu3e(tbJEQm-9msl^KZGpz2~exf zv{k8i`gSy*5q2DCu=D6__|MPtOoNPFIba-pdA&8j?A#>hvzV({Ws4AeC6>fToYt1# z_xVIUu=^nIeXT>1rFinXogdP4vC9lW181>N*!F4NmRqY3zqA#fPl|+dae-D%SCL*z zsoH%T2j`PW{L<&^)T4ylTx6W$KAe46Rb*2i zpPZoGw$8ug7ddoY2Uk~kB^I0g@zE?dEic?Tx6+5uj@jTlMK2HJH?&F2__Iy4QhN+> zyH(6i%rqJT>kBtJ%R3FX_JG4ZZ3N7Y}hfiZU`6NVM zu=p~&)rU+PGYr*EU8~->|HRa^E^J#;H-Ozp-DduI_6MOeQyQsLsbg^^fMBH6H}38>i!@k|h29@i zINF%|cgyD(iUQ;~e2Q1!^7clQQj26Ks_MAE-e2q_(CR-RE?@(vc675ZR=dd)?m6_& zFZHl`uau#jU#f>YaAV;%@&Ld-6Er6I?qm+Z)nlDnWX|7*twIKHR(Gjyo0+=~aA-vWn4Ufs#?f{2ZnxGOVFi52l~+J`#)bMYegc ztOCqA)(87JeQiKOmIgu!NA_K;rmu>=I9xMmIh%89FdyUWjDIrT)4@ux{(kLO)?Gc? zWMZFpK57Ir4{I;TEZLRa>vk-i%>sCOg1hmKexJ24=Xr6gb%ya^BBL%;M}1GvP8q&5 z(0q;AL3@PNnJk{2)tO4fz4)s`URBNM3*$|N&bR2FG&`h9QcTKRjFWz@m2xg45zn6I_s+Ec)prAx)3Dz^onQ!+l>`E`#Io#uaLkWKS~gu1zw zQpiPR@jLs zh5o_6WegRyCFH~gl>?GNDtl_#k2W6e=sFD8=Sd$qW1pMn3EcT0P^J#}?aOb`Fz#tK zc|EX2L8)9JDyWpFeACX{-{`LT!P{&qq@C~6@q%Td)JnkA=82#Apy0`>#qAbZuU^#;7Ij{8w`&MA^U6EN$qhtGZ*s&%nrt}o{KNxd^pDg0h7hF!<9JBIO<}p&&xq zsb`%DtoZ_$Br9|0znaI5GvV}Bnsbxl@yX+!acwNE zN}6PD$96YG7i-Js%STTaYjAsres}q(AqGxMq!GbenI7=t6(y-VlI-r-WrJ6* ziD`c611;d~6z~T`X)Frf$xJrdZPbQk@hAlLUQW&<#m9)O9o4ctVEAjDb(KD5WFRSjfQ(bNXh`S8J&ETc2nI83FU{vVrHM- z-h3;{ymWx$B`OE*bt-GiSC11^?4G$<_j^m@B-VnZAm?}u zsjKc(P)3WOkWh=rYO7ml=oEB!5ZxApMJ5UKG*nuRT;%yo(TU(S-4x;TZH++?(OeLgd` z^*3tp+IHK*ERpQx+}RIVbsA%ymY^+^J(sC}Q#(?=qSbJK$Ju(^Gla1!5LP9(rp~B> zmovN&@wf2(2jouzUJ}Hd?!q4W>6|}2pVv9JcK015$O)w^3KwOmk{o`Eu4s#NZW zN&;NgaUg9#^hZEBkfJhv=8t}nGjoT~$Bv*&KM4;XhwUvyTuhhGxHl0xl3r}k{>DQs zqr|BD1>k^giL}=NX1rslNuN8n4JFf>-BN*nH};Vx1E2YIOCWCAPB>Kg2QN78=+N!Z zV1!)@RZ}HKGNL&~SP3E!Ya$jkMfNSF)?zUpgDOQHGV^5xw=XZl8^w4gisPrg$a{Q! z&7XkhpUJ}pyXi_l@;BP8(6BJ!wYTYs9y2tVcqx|7VgAEFTsx9Ev`NV673GM>Hdle@ z52CtM!Tq7m9Es`s!+gjm3dzD|KPXAPo4?I@R5iyVvvH$GIxI>=U79cVPXs{y1Qok_ zSv7TX!U%P|{DN@%B@5}FS;T!6aY`yOKtPO-X4*l0QnPRi0yQCfI~X(cLx=w8$%MtJ zkl}e?TDlp^%~bV{4;Li`Wr@7F_n9xs;F|(oP+td+it+ESj2N8Q&? zHskQq`o56eB?sCMVsHU!LCv<_gTgw7Mc=&yZy&+!&+|!&JPd`-;urj8$#u)2kZ-!7 z_9|*9cs-p@Zn~C*7z|4>BDvj`#Nx-99q&rQIS?{nQ|rp&jDzFp9zO zukcv0N%F()<0;iLtvU~iOYatir4VquwE6rtqfjGvkyBqh!kzw*`bVI(x_EPqK$Qjx zqsj1njH4Y_yRt=&^kxQ2X7d?et}pXs2bZ8YjRHA8#6h`Zk^f%WwH%RMMFkZ0ulcRn?^<)vpoJ>c}k zf2;>%G<*>l_GCr&KY0hK$e$9zZ^iR&xw1*gLVgnxj+Ba}_|05E3h$1G-g;@`%)k_j zln1XDvX40Aj_wl?Zdl~VK-(7DTnN9@HVfqQj~GoouL?QJu<9^pUs{t1W-4nG$aH;~ zx%rjo4{K2A!!;L8Yhx68`Aw(6Ls7dDi_$yhdB9%t+;a6s!63aj6>L0?&+ZF0dzNqQ zRgFGL)SesFRN1iOWoWTYXueg0@$V(#nU(tnM{Y6pIQ$KxZ95h%-8cog&bYHh1R4l6 zyqiH|%B9DuyjiVJtFAl`dU$?;N_(l__zP1L^w^3bu=j9%Tu+aoKa7g?TbqXha9q&5 zK4E$d>0w%k2@Y3S&4eGlmc~Ghh(R+$k5t|y_!enBLvBU+^TG>_s;FY_9qOKb4zm1C z!;MG(xi3?0U$m1@?FKe+4R8_0-a=In8Hpn{eOoPBo+rY+uLXVWtdl_+F7)!@b}QW$ zul270EtPSIq`St0*ooXEtk+rO%f)5)Mxw0Tl*2>T5R_T7)!yY#^=KR3e$8`bw9Mg} z+*B+4Ao#LD5lYRl-B!cwDwZ6?$-OP?)h+t&4Q)lOwXuyGb{gD`Ko}SH2~Ou=g8_U| z2Nbdh-e{IFXEiFaD(!?~DRjw6ZhDeE_)TF2YV@9VYA-`rY&0_#YE6T4_nhnKVS~}n zNiA;XsP4#$WO8_cLa_e+S)W^eN0&yg8}?&AOn+zqT&*dCp+)qj@UD|waq_zE0+Cha zl?CU9`%KaAyLd?n*(=)Rt}||eI+EwTm3^TVxI0H>MkUXwX>+>c=|+uuG}wlo{&?n8 zU(BgeuSOs^!4uVoXVPUvQMtyqX3~r+tltcI_p&%c`-0NW$ZO&aoenJWBIM$?!;ap2 zrlICj5zq8QJPjlJ;2*sH-Ks6u-S=o%9H_)KgxV}WsY?z$V5(XORdDgKNW5Wf zLrqpk3Uw5@HSN1%*{ygC@s>B6(5UZsNlEjXhd6DGKQ(!B15yh)_a`F?j0NBQe{6bGieYb$|;@1x>aTBh9XP3XgU1^#UFB^~GDa)2mde?&Sjxt~wD%|;rF1QZG z3*847qHcnuW2MH`V;5FzbG)H};%0)jqW}co3_+Mx@#HfK%7YDpobz zd#@=PW9Bi>vzJulh1T>S7bJheM@Z@d;)O7(wqFCliqu@rvK&ag_%8ouUBdUh;0;JC zz$_Z(KMjQ?QY{k_bLV8wtGM@;vQohA*gcCf8!5mJc!5hTY~JwP12(ryAq2{Os%$Qn zXRn|yVN~!xRE1`p+3+C>EnR7qiGA*^kKbcR<;lKc9rT>pVMgvs6pk+CN%tQfS;9pp znG_y4c5fN(7^iHf^Ty!gS*Ut}RDsW9icS~s0CN2`-R8(H3ps+xh;2rF8kcpgwkJB1v@Ux~)lwSDsP|h2+wc*Mf!>2f+#dJS%Pdjt<<3fP8y=# zN|^=-6B=l8&Rmtp(91L)qK;%0e)0+!@8oQSpz;fJNx6@9!&p7R6UNzkH$=9p&QVrQ zB(Lg%_)wM%2$oN|XRBPsA013z>(#tJAGB1EKU{L~JFx2s8e19HXe6?#a}j{#OT^o{EaTySm^$5FtUn<8MO*2s^5$esZl6--PT&US12+5A36Wkcr_Ae< zsHpR|TTk6jJTLN|P*BuN`kdhIyb6Bff=G^(?(S1_6opLpP6*eVhQ)`+I!_-ZtRIK1 z6wau6q9hJ;;r6|tK9D0j?NRYEOBjiMu|n2m)Z-pj>o6c?J|oNX!!R=q*8xZHA7tl5 zZRxB#G2@#9;T-ku7mmzv@DxxS6*s_cUQtL9dHycC zRwL=w>fcz<+j`o^BV!@ZBa(8Cf`gzjjE`_LUpfS6!>A<=8{^%-p`8Q@3n+ZgY zX#-vu$pL{E7qUEk)%@C{h4KW*%BisyIt%9)8M^HB>*(gTyRAC{?u{XyD^0KHCx?yb zbsje0-LGV0#CRMtI^IYU`Z?Sg!Y9i6smI3DW@DSrFj zvN)F)U-r{)5t@>VQ39dOg_XykU@6+Th{3S1PI)QDw3KGMEvyR`LX+4xo1Sqqoh`k6 z2uoq6q+OrWYP>*1O$i#iU<)*yNN&uo7G%eLL$Q5$C9oLEP_T0Tv9ZSA7)4*S_9kta zJY`=EEg=3EsS7#=LM0;~mg=F+6FH$GbXVUcA3B5c&gD3J&`~E@^F; z&7AqB(=JVvy?($};-7%3Lu58S7y&ZZDSMrPOdzWv!g|fiaVtMqys~(jIz5haHMRoi)d8%$ym}*aNM#}9=^I2P#N@HD*eN?{gl|)pC-N( z$dFug_0GBHfb_=;0{(S?(T&q5o2#k4NwAi_Ehqwh7`^W#rfri{!b6kz&EU>&BhxHs z?Vxg`QM@vL3*vZ1$U94RlCBGxO82Haq#J%~ z&p7j*_dRpwJKuksO+9-(>sjkw*L_9S%H~vM^w$_ZWcdG<;emIIc;tKD|Iyym`wanL zvgPS(cx(pDU=J>%YH`?}DCK#&aE@WQ{6Wy9y`O|j^&v{U6No^G{0yo7-v2!Z; z!!61l1(VO=q99qoDGqic|DurZ>A&9qn}llS>)81=({i}h9}i_iU9k1)>1 zAD8~NpZ__)+EqUAn<9u_MGgcG}j?q<(#( z^xcv7aje#D-{f$Pvi#R+qP|-eeMWoJL_zba!shjOL+e?AaYH&JRGjZd$Rr?3;MSzi zP?uVN%Gq(+ruts3u+7<_a>8SyjH{b2vMQy-5z9==VcMbP@Xjb!{kl)DF-V`#i}ZiA z6sO9J>Sj>%LcFa=2$v{aib|aX;5!z9*eg>yN2ERZf|07 znct~b`Eaf8q`6u?q0DsI`&qulj~1*V4Indp=fMljC%#%EbH5E9%E~(SJe330;@y>1 zHZ5`h&4M^Bjy{&-t*#drU1g?aX2*|u61l(3xLLg;NGCQMOf_Cp%hzDYQ~m7rNk8@X zDJ(}@Vg>YF*N!W_Stj?B1%J)j_7G99Q6}>_wB2xO0a@qb=sl*tT_b-@$KOz%g69`C zVZgv4=}PyaD&liM&AnR$evPSWyR@sTLrU0oJ0{1m+X+7*zhlgfT{;T3X0`$$tf`R~ zRL8V7q!w0o%I7CmObT@?W9zQXGsVSE4t`3^F)pHhk|XlLXdB9sjqZ%QoPYOY=<_%y z`{ukV?)NT$PYm1$ET-Y&ud)4W$o}?)ULqo^4u!fkCGC8Zia2e}J?e@o)2 zR8n~$K zWj4c7@y)q6(T%C*GewLV^km&jDDc^r3HQy)S{_}S`5Wfszpn!GL)7-Fs0oXdFA;V# zaX2UnM3)2;r!XB9lei)y_dWz+Ei#W#&7=Bg9Nqo#V@W@?5%va z@oZHpShSgxR%Q>bV&m~D5$(~mXQJtcqVE=~p?h~1*2GZ~E>7IF=N<|4kEQV4paEG` zozKbZ-6@)C-dENnF-1lCy0pp{YB%ggYekJW_n4lm3F{cGeh}%ME!-WI-c-K;!nUWYjL4h&R^2^SX+@((f&EkkLR0Oy!l;@)5KbbP`EuoUGH3OCEj5;|UMeKf zerf%Ov08I$VHKNZ4d;t_azZ|f5~z|+g+)3}cN%PLTx4CkYdyf-3Gi1L8u^!@wcBNV z6^URGliIbIQt&!AEzPZw`8q*Sp}R&`r&CQ=JRF@CVF?y^wLH0J(^Y~eqUNj1;Ith3 znnXY+a_q|0iP~j%=3rteWhG=E+xkuYht5!p8huML9Wvvyo)Ou2)|404r%4f>>N$$> zbal=^>-okYWdC=6Jcd-!oU9)UGIV2uv5VT6|9kiS+s6(5W=odXe8xi#Nic=xz!a)o z%+Mv`DoI}f-Uhfi&t7lkNA%!ATxb38nDyvgxGc@4$LuZXVddkT2;(#$SMX#@HcCM8 zh_(`g5}H3UwBM>U#*J!xb@urI4L~v$Q4{oXXbS^BZ($yXV9AO-_Vat}u)?HKw)Pc9 zN(%t;c%d#bT*8fHdpp2kRl7{wvS;+XJc<)kkZBl}qR(OoBOC-!_=?Z#AL;8O3maQ@ zO_3)gq!ms{g646{gYn8EJ*Za!P25lGp6q8rZHD%Zu19+qMj9#%N#V~Ac^2HTKC6&# z?eDmh|2jebcpWe76C&4*13f8#PQGUvgAd29NF-_k@YP`EF3LB}Spj5>Z4Co`iMxHin_X>5vwola<_3jAmW`>i~xtx3}hvaPC1pJQa_L$ zodTIR$LyOfq+J5gfFf>+n;zmsu~PUcZ1O?Jf+il#{%8-VR>uQNDeE=zeH`@Y)7_xc z<#T)k9KSC2t#7=`->L)Tz&3>CQp8T%Nd&+62yu8VB#xgt{L4e=e>tZ7dtD~~u|<-? zB=|!RN`JIYH`ht|p!FNhBcb_9&B7YwwS}myxyab^wX$BBb^C>vk0R(lms386>O6di>0A_ zZO3irhtvR6Q>%1SOxh8UvUC-p7@ny;%ybQjtLmPaEYEz|fvWRlZ0QpCa&Qg`+kKt7 z{&~%1`QyNrh*r5nsV|N#o@i^98Pb6)rWF{TQqbLt>(McVf(C#5L{TY#J07aGg;Mn2 z^xOVVy$8OG!tz05H4$)feHYZ$Q@ag5zw^&|u{_Uj&@#{(_o3hDA~ToC>tk~X#98tH zYwA>lMfdvEneotN7XG_l5G$rs)O6zJZa1W9*n5V8Z8B3cD5?K`rfm~~L@@}KpTh6m z-yT3oH7TOEF8qEvCUBa^bqTnXwq=})e2WFCME9TzbS6VhD)uAYr)T7ajq&1QctP*Dc;?VL5sbs|u*h;1 zUQ>w%!`%Ucbsd#H{#T!$)fE9>qZ{Yhq7=W=3dw%J#}Od)b3O_*&UF8f`nn%7%5xLq zpjN9!1LOBNozx5-2OdKdW% z=M8GGar!g>*N<+N>N#2f&7jU~{keVVbm+M)fn%5HK_(lGVj`DYi1Z&*Spv?Ah?A&w zT@_f@7p^G>`npByF;S^fnVU2zfkgh0zR307>|f+0x=zJ6D)_DtJ6;_ zeoOu=;A~MG{|l45l7{nrl~SKDG`by^QNFm!-kz=3O!Yj`mX&?U0x`91IyXxIy_k9J zW?&a*da~`*eCcyPwR>U7JQEI7_CpePn*@rFYCc!{@#m(nZQ!a15&z=9ONTS_$ag5*I9Z8ayi{L4I_jSfd34Q=4-I`g^ z^S>RKKR9x1ZgP}fl8PGei+749N-UCJ>q5Fei^#00oN&LO{O zmMxev;egyrUI>!5n02d|OFDZLyDM5C@97j1sf(L$>Qbo0`Gu~JhJDT#T}psun6G2v zyiOTFdjqtekq`X99ijG@c<8V2E4hR1OlP5}a3LnWaVWK59FFS(K@T3mZK!_zo zz^tEukk9@FCbWhF#1JKjXOlBF{QETipLcvhLPSBtw?@04VrsjREQQGszo}q^S zo5LK7j|OyXbx`q`Kduu6pRt8LAQ5J^9L~gg4AKoh0EA375UNVNK)-(qn+_AyV0<4e zVAUBvY2CiuNZ;8h_WKU)Nc-K=@{wTU`(r1XB+G0>3UvTBY_Ha{P668kmJdQF9}T9K zXsJ|oC(Co7@=v_3YT%}KlK$gpzF2+!Ou6Y140u{7A9oycA{cI7EFb`+Tc1g98}Q)n zt14aTf*|ZHYLhk*d|?;t$VRX(+I>T~23Rbisis4b$iP zppVTFm}>wV_yJO=P%@Hqi7N4gDg_jEr8 zE@GzN61k)3lu3Q+7og+%bS%16G2nov8~^zu_vgLjC$4I6o8K*o7ZITON0gciY+89{ zbOH4&?5@!(-Ltn2udbSJFGaK~EFwWMB4^)dHO|UlBi;;>tDf7|uEdFI*90mgaCFoO zoNSE`#*MSjxUQu*0`_VzSOPL%jpnPRiz96fltH(ivrtL~!1KLel1|7tX(^h>e>$2Vy!`ZW4D_=S;P4?3Qm)GByn_WxF;dj%! zXbiIOKJUijs;i0V&=G#}su8s7pHAteDcA8ZQ%2+M#r|-5-8)%++Y3l8a#=4ER^Ws> zjhnN;&THd7EbW@zh~=Kd=Q?8pOj|C*@ycFPG&OejAEQ%6cA8<>*wK?)swK&~KJ4W8 z-l0gix%AR5J8SV?7EINu4c0f>1)$HFc>uXvfVcvsGO5ttRBq{dHM*4tjMwfl~BYh zn(}*7PRd@_hb0O((BcBlZB-HDIt{hfpH@&sVFq1#Gcw!Rn$#~P`xjfq)v#2qPJiwp zF5qU|dWt}q3$&m~-vXxQr&v@?aiEg9571POq=Xu-O2U2m9J)rbcyM7&(%z zDVCjp+W${40MJ>h9;hb3Z&Hq5=s2eK2*LCMtd|)cX@4yg29q`d^N;r9kmL7uPaZaP zr3gTy9&x{#u)2QdN|i~n>a!=Z$_b7iI>*JcLL(PszWB_7BoaF|x;%tKbs zFpPyUO>E{Gw1sc4oV07~(^taGmw;ZQ)Ch9yLa)N#hV5sEv?iiJaQwCN8rUBeycRx7 z1?txocAc+@OZCmbDLN^zR8%Ga_H6HzEV=1&SMZYP-O1w*A4G1nUhmE@fMO*E5DTVw zeoil%=8}9K0Ex0D0Z_Wo;Z;jcDn3lcnC;jx!Bxv_+ho^J$7(k!TW!d34RjRG=4{A|5T zSNB(R7bmi$^9c)#_!7d32@AJlmHFC$dTCKAU;d>rk;Ur9j zy44tuq}B#f-sxq`DD)o#g?f24xqe#^Rb%|sm6nRthX^~0w_?Vf)1~`TWVgh1PNcRhGt#n= z5$UO@1Ire$U;%X@p;L^)dGqz$>drBd4QqAVBUrzdZ8+BwsZpo5Yt#Lq0y9$A>w23e zZbuV2mNX~>-FbNq+Hx8PWof{*CInG7U9GuZPUdU=TKgRxjJ6an!|SYg_V9PQhPFsA z7Kjr%SteNCj)6aqL1F-(fQw|zELRZf?z z&@EcKhW!9L)xBhub>Jux3GCQrs-KKuY<>7l`@|eLmzNJ>iRZi&PPA=2e$Mn;r_;UG zNwB*6dW~1ifb3i<(4VeG_!7&cd9PjhjHE!bI2A9%!S4*E%~Wxr^I?&9;ULxDbh&=v zY@&;BIY=`*kD4BRgMrxV-esD~3WXB1tl=YoTRd8jQOZM2bOBMa>AmHw~ zh91b9F1B_D(w!_dmt3cKLK=>TX)2Q>x7whkJ(MBpx3T0}zg%ePjXaufPMk?DJmoc? z*>HG$^7e6#Op!AO;B`lxh?vs`wUe9pwtNBf(au`N4>Oe-c#}3YKk6O42ykPq0ci~^CU#{?MaR+ zhEzWvoufNkH)1xE9r3$DmcWSQVdvyYz?B-krrY@_B&mt(KDJyp7f`~$GlFq_M5&hr z$R`Ju&blreTimaKb#E__xKNUL9z_B}t;X)_)k@1@De||zXe5X#_9R2gURxz*m=D8% zLxI^>8w>g3bB>wz%*$5WdOmxDaB9+i$urM@l1%l9vIm`-a9&mnOg*6a&zq z2RWkeSDdGUckkVYjQ9@^0lQ$5nz4Ok+mF~k-$vkMRNG3u&7@T8$12i^6nL}287Tai z4Wf#M$4uXReUju1Xk`I>ebIrG$@fVWFRn3qc%T+kh}Z8>B(cN-CM9NiQI~x z*Koc#vLs}G`7}bl2Z&V7W+h52gV859N59B}d}{d78r^#Ll{=_5>u1-c-cbADA7FC= zh1NIQ8DsTI@Pge>VYl<@d|rf& z8RsMX*jr?CM!%1~=EIy*cvIGZ!{hroPTB}hY$Vz^to^G7%28F}{k&qxm1 zOdYdAGbDWP9U+E}ux@0q-WgC}6Gsbs6@;P);*mIFQXJ|u)lQ*Wd_Vb#k(Kp)!A#jx{t)V_z;jkYtHn=xn@je*B+$r&{)_%$&DFr=It#9ze;jEhVNo$pI= zez1P77mG@A9j|u>$4^RVHwZ%ncbfC?sb#STF^rHV<&qw!L;RI0|VC;T&5?% zcJ4(HC~X))UXIHUgL+aSH?7u(7os28APF-^pdiytzrPDUaLxTZ2)0cNO_%35Rvo9) zYX8_bFj(tdmn;%mgG6=>SlT?bZMYuh^IAAc$(b;oQ};ZZjx~rwKWLX*&7RKi52gr? z3uvS(;-)Rm=&S23o!%XgE}DQ~C<2n6_-oPid`cA(k%OQ50iwvw=!uwkC6Xa{uRR@< zoBI;Urm^!jI@7&-J{@EOL#&=(>Hn6z|h7iWTu^F zKh75+?gugTi}6Ev*hxL?Bv2COF-E|t!G@>v2QEj)bG%sn$oGb>1tM) zoyjk3oSNek<0GU!))oj5@mWqUcW%5|doXMzid1B}K5eZyN~MOAtuemps7>Oro*>uM zbMS9mIoXLraVcsR(X#ThluzQRAXk>y64UTEA7MJ{@Ss@q=fn3cgbOTR?-YGudNk&c z!td0H+WJ%QeMuf>N!|pSRT0LEqG4>W=7kY|oZb}qwN+szFb%uf|EYEvf@2073FW`= z>W4DUpege$K1N{U9mFK2!#DC+ARI^{Q=C zfL@lCjYr|fAe?#J>&}}5#nwf0J#>KSO7X5nx(FW@s(zOGZpJ_L)l6VDgerr(**F;;#-*;zQLI6ny-jQB#ziwK_-wuxqp)F&YOF@+QUYLf3;nl` zSv6m9W|`9%B9jMs?|K-=LcM)C;eHY!>~TVYN|PRbz$j-e^U7NMpb+Ldqom)pI)K9Z zwA>(<_{*CveG$LQq#BD4=%#@ImoQzmO`@@dq1Mml1xX`7KZ3Zc)psL688Rjv$Ug#g z?!rwoe=!+HHDuc^Ab8*JUH#gWhohWve?q;bdQOxf4{;QQ`fZhI%hD9bq_1AG+_EBD zqi#%u94)hvI8DENv!EC3i_GPZJ%3G{jGda77~}lXhsS)*>niX}8DBqzB0l651Gfzt zrcS@0A4!x9A$7Yo;waDc9ptPR7BwK5FnLXreB%x~q~w4Gn2X%tU=Uy*>bIB(qp=#@1|K9nkIC!{w_z-cLfl!_uyA+pQX8MRDKv z`WF;RWf@HKtltKEox>hL4QmfPFmsBihbPRrk?Zh){6Z+#S zgVP|J2Of-5#h}@}R(C_eya?>r?fP1@u?{7DOYj!8LsiuQwo;IbmyV(D8e4pTKaq|hLa6YGUULK& zSB7A*J&RtFmn-IwMR$?PE{E5#`0VhWzZYEt0x9I}ytSXpH8|r(ARxW0b5FOaCT?S-oLLa8Fn{*WfgxJdcoi|773&_`$jnUHg$>#>ygjrg zA7E+k@&##t!q;`Tb`4?ti)L}vxVFVNTdkuQf zGJp)V%@UuE8rLwGKQL)SHBx(-gco1x_bTx8pYVlvIKI#qU-(D(VnhoP=)^`huXid> zELAgvgqiU@fd?ws9&A!xjE+AcF1>>`j^RQz@$EFVKB=Pn(6-y{@Va-s^T`bNBFCJ{ zp?|%C5sX{W?XC}W5yLPr?p+)>cWp%Wo&&dAQ>O)R-6!RyDAHqNKv_2U2GY{#iZRIq{Xp$Pg*6veOV`-#kp{- zqaUq2bQPaNnXGmmHXMZ#wzfvS5{@LE&6bw`VypRf3B%QHHN0i!G3-E+LzV&CfDKTL z<4`!D)`1_=N`2EOw2&Wh(d`n?UIK?7T1Bf>2RozzZvdR3_u?@1F-LzaUgG-Y7A4>Jagd=i3!9`9vLFl*H+W^S zuzD^En9<19{4_4*!ip(`;qW%Z>x#l$Atsn^N)l#uruH|J=4q3UljrOZ4#+nFVB$w> z>uWU_K_LO`>lbyNOVSeHw^iiX_u3eC6~RPtr)o@(p0Ju?DcOL02pt;xr!|~>W3eo{ zV{`B1^}#v*?m1uUo+O|aBDInGEdf=yv5Yir&Ec~=HJaQe19E0dpi1A#VmkV;ubRqdhNaU2&qkbe-L84pC0t!s&QQGa_6wPC1-yccnn=Xb`G9iZaX908ApkPg00vu3lA0&Vp<*EJFb&7x$`&Cu4VvSt7nUX~fM zjq_5rt+>@4k%gG*P}{{zlmyBIHl8tPx!&bzFy7Ti+NuayByIs(V*U6OtD=5diRn&f zVe#6+OC^G}tY>`O;-BC)465$CH~fGntDs+J7~oOOf_Za)F_le$zN#;*rc1Fj7TO_^ ze&Hl3?B(Qii3TmAB!-x0pB%WDh=1hb!)v{huhYYPV9>>60*mAvvS@MKqD5>Snck6? zheqf4zP&50)VFi@xmIgL_&2CYz7|)s$C*8$;X;hybC+;?h6{&tpSPFlX>lD{s+BXg z4n+6zJ0hO(G>~w(aWgPNPUG+#ZWRzTziAfPlBLfStMHC+{`?l@IkeWtLQnZsFeXkX zt9;U_S!CUiu=d;?BP9-n);g6bpwDuqA^SL=fS_JixXMYBoWpwJG1Ej)p_29aMI+=m zHGlXavDeSpcP~2F7V1y?IR_E_R}bQ*D=edbH~9eWouY9tUPuD?@RGDecQrm4Ic30@ zuJ5H5NA%bTj_{`}gGfb;S?(0O+bY6mu%aQ&z>5;*|YZta|InZTX;6F%@@x zCM_w6@>C{qv8;$bq{Io>qg9T!P^f1s+|gw9v+%djR8JH3+~&jwIV7gD#(G_gV+;KM z08}#Ozg1B!ZTCVCIA+t}l33g&5pa$GrQSxCkXzq6 zt*{^78Yj#TlcTj3aT^1WM#1q5oi7AYksJfRNJbKg+m_opQ{-2-T(tl25338Oq!pbL zAb6crF|B!iCv?^IgT-M7if%zJifeH-%4<`{zCgy1%U@O;D3gZPU^1dWi^ORmMNJ<0 z4LE(#6jDD-X%%$qZ^cJ9W@djv--T_Bgy9aXHmwYY{lHB+uhmB(z;cu_GV0WOllecPvYbB2r-tmcC^OocE5Dk~S_YA3SE4b-LH7;Zpo z9Ot8&-Q}Y)+CD`W)RbQPaBs%m8B+wkq1r^ny9#^l1MH$Ug9FF&E2P8rjLn0r*DANg zE!)%Y#A&!>!@KWe?GK9P8K{TDmD%|~jU|QT#r+n=yq-@Mrwot^S|~WgI%PW5SFY)v zro@Dog$!c&HcOkeBA*l4z}$`hxN}#i3{DV9qhUsI^(U+-wX98Ae=FdR{B) zpHH^gy(4;6kz`m6L|2KQA-h211Mi7k;mrM7dIpxKzk~s#I~!q-)^mL zxfYgG<6))5zBZ`!eAAUa9vL$#;3e&G7ZiM~!0qUvh*;ER(gKG|bIMuKE$H<+cHn9v zLhl5M)%-@eK==lvf_`&1Bc+dazT)fJyH8v;vvzlI5T0+9=5c@$tVN**Vl}s2^=@;? z$8~SO%!miVP9&6sIrlvw*RzE{8`U72YcIOU_bRR+`V*ClFdjPEwuz8E&UbNK>Aazq z_q;HXB>>a=jKo?0Q-!cz%luR(Wv)zThRx4^!eY4KSj?k=ZU0~FkEj^^9?URX!dDjv*gjB$8Li%^7C&t%WiS=X>PKJe*#cZ@2B zLB(-C%f}5REEfw;eez{e3`3U6dxj#7ZHC2DCoZD5gH!(b(rN{8q}!T9R^n(fc0Zcvf;I&xzufTVXRKrQB#1<5#YS zK5A;UT4s|~x0z5Dozi21GV7u9r8cNS8x&YNWV(bb`c_dKUASHwZP@skN+`HPe&D^j z7EWr`HQ=SV;%b~Ns?f6$zgw4%u)uMwSN_tm9!1t=vA>z)>T-u;&d+Xm8Q3SL`bgU` zm`J{Awi9Ml_Q1Iy6m@@>V;$>&mN6ah+r}t3)Et|Z%QG(7R$YE)IDfToaBe@qs(Q*; zu%~ZVR5dt(U5#6Hs2nX2TfnYY?|G2}#JIF`;|-PKIX|02=}X;e6-6#{J^G5s4Wa_E5!U> zxEmzC+F?n`bv-?>fc~4ldyqeH|F;?^uo1<)Pr=&xZtb3UvCmy()V4N2h+zIngbAiL zd+i?LZn}5zXUg4rN>M%7>uDR`@1d9~M*4v4U?xGj$mweO%cdv_0gyYrRxanr>nQ$59AoP=i$n~?;s z#?Vbk=?CIssHKiPtU; zc%W_CxQB+ckmt5};}=PMV9MQ(yS5)ta-D|gFGlIz>Hk>$W*`fe%b@-{CM4#)Pdoh;dPG8O-Ke~~JjRGGxB=M!Z!7ij@>}Iy| zWk$Qd0^=D9uk^S+3VPW38~+jJSnlp)1`}l3uYKH2gTGzyd2JTVa5`7EKpFIgTx++8 z@;$nU!UR8JsY@opdl?<%Ug_nOHhnC`Ff>o)*(XAQ*bkD|$@$*1)WQ&(_k5~_{pc_s zORC}7tXF^E8Jw>2DsF&@+VShvn*xe7vAw_n6VbE~BmhuKv2{zy)AKdEaf-^)wj#ns z^n{khf=>F_nq^X-xV~h1L}i#3OF(!#O8_jFpq@h>e73EwOnPlj-0mmaZ%`7*gX=f4 zlL~@RJw+S1o!7sU(=qM{M!_tvg+lr`vv>XxNv?peUOIEze{$EN{6rmbIe@~FNhxUu zLiSG4b+!Z$EHguicv&-bAL?;o3gl>&zHHihcL6!Pn}gcycL{n&B^1kWhq$kgYuo5* z?8rw*c%0KbPbNjNA$LbW3`7gJ5+1V_Iot|>Pv3%8ToK;?bvxcPy&SsqN~+&a*#pnq z3Rv;Svv;!j{2m=BG_=!w@g2(qWWxx$# zQU!YE(6v|N^0dpdMOzTY$^63oRHT|wAaw6fuwD%(VLr!RWCpr>Fqc<& zttVbc6uUOBbPpqnJxuV4FP=#=0xah9RTaRc zOpJhwSF8ew9gv|6w&tqVKoS{*w?G~2XueHf>HR9-a;jx3B)lB?(1-3PdF(C)MBUAH zAVSC~)T~5l9e==m4j$vHQ(eSi+KX5Q&NM!4t0rxJD0h^KbTf3N2I0E0;--sNq2>hV zn4BVT=Y*Jo6)KXDzqhCQb0yn{_YluQC-45*L*)0-ch8VS0APXqK@;05#^;QT?SLnU z{1CxFdugC^gg~G#i3Hn5fa>*Yo%|=3AaWHEiGcg;`QkBe(N{q7W*2JacSAkwDJcl? zNMJMyqBdY}2U{JB)*hzVeM*NYk-rgbn{Zn0#uEE>hA%{NTx>n*ByO)@g(w3z4^h}q z546Fws{ZO1J^a&&a5yXKYH~e1|UKtU*|6bw%)F}R(& zIUr(J-7T>EdeXS|-Ez`pxuP(dUH=tB0^2GlasC}h3T7}{*v7%!ur6eB6xq)ELv{T4G$8Iq<8k5G^AGv99IR&Xn+$pC{^o5SUe^0FU(Ozp`71mTdz zz_oP_h40ZSc!wgUsl1un+13V!+h?)I8pn+qk?4NRAd$9Yq1FS9wpB4GA2?Xi0q3qt zSmo9EVb>H>lWOj}Q$z+pT%u^si;M}YTtd_PZLv5-(BHe@Ieyl?TsO18d#^}R#{Pv|&>oA|(#h^DQ;u?4)sDCyQ9KL?>`o?N0#A6~ zU|_yv1&zR}u*{p!dhB?R^`B2@5tA}gkuU$^6aFuN1&*=&AJw5~8Jsy(rmv$EirCI% zB1eLpt}NGaGPT@nvdHGXb0iI|Q_GJFeT`qQ^+wb}70@%c+Q%B*T>uSrzJr4+oazqB z8GuhL=ajo~WIf}4#m@gdyd(b}po;NBuN(?~ZMvA!;6&Ylg%c9lLL&oq+;z!!hke0? zU76yM3Qa|dPMRb!Il_|`XkQy&Edm2<l8g1@JAn=>r5^L2fAViC8Tvb6uH47n>NLG_F3`>AD$aw~)6z?(OEB#%{|6g$Ko?`)6Vj8%jlUPw3F z@jv=}@(s9d8Ka}hmOdeTxx9Z5g_;Ij&*n&;v7`c=HvlN7G#R_i=c_~@v-Lg5evtza zlUCvk*}=KOXulxjzdHs4fgOD86873!!`I;COw!~S-C5#CV$+Q|Njy(ut<80MRERV*ZCW`Dg^pB z;{TPRlG^?~fQ~jEYSUxx*TIZ(%9t|216y_woL>2Tz6=j06paW|iEpOUI7^GZr65MDU+QEPwssAY}LrxfAy6 z*ON5=5`eVB9ZllIWd9jE``4TO7T!xRpltZ1U-K~$1-IO!Bq$l-zxw^m$M9QOg0$xR z>sH?L!Q(ucey>!J#$>ASvHWjr*Zyq~z=x?>2K%0K4;uyDpR{py@CHsa%HBWEq`$ta zHv`JXx|;F8&wpYzZ{RdGg9)v_jcWbtR{r&39szFbfzW0?{_8=F(1I7D%w^W`|J|e@ zF9pwTjF!nH>#u>+69q$~FM76}_+S131Mm-n@p+#Aa^La^NrKOX(+hj&zgau}9H)Q% z*8dr^78>Oj$D5zp==p2y2G_KXcz*pydDXGI0dJpHp>_M|>o1OP$!(14XtiL!vE2%i~?~->gR(igOI{g!N z(n6(PMe_DX#2o+Ke-xFYjxZ6=_JI{g87lJe2YuYlSABACYhS)fi(TDcd@{>rsh9o0 z_1&K{haB#dA1ufe_uoEGd=Tn{h`bedkx4@3H|rM>oFC*9B4QK7{#+q3!3w7S8`AHR z^uL~g|NMd#3qh9BMEtC#%GfLJ0I6I)O;Eg^rSa$+hj!%>8Q~lAXAB8+eKfuiUw>Vo zPsj)OC4`=Ea1}kaviubP)ru^0 zf*7UHeY8H&QMT4CyWu6zUz=}|O7H^TZi?xhmlg|+qj{VdOMXXpvz8sP;A;iIdbjT2 zf!jah`) zG;qyY?u%E3_xSmpRzo3Q!EViD*L0p;V9=<;_`JYEQq|(cNUrL^;h=~-a2(%u@&ryW z{?@!h=C>e|e(1CGgZII~QGo8-7p*MJFq+?Stq%jT4`7kp6o+%$K4%IUtv$Ug#utPz!Zu{Fi!x!(1f(hA~g?jLo->!?;Ew?c zdX&?z_hO|tH6!KoNl7YJj*@_yMHVRU@AAg8=+Xirk>k&P#Z3sj(d7uvblDTNfIT(@ zN>Q9kQ|UmkIqOm=f<|k(aotCL4n~s;aClqpB(kgE0StO3Mx0?_%yHTWVn~*O|7P?l z%v&U#o~_W_8`QJUtt;#o#053M(a@SJZv^!N7sBX#>$@E-STnd+ol~O$pv9yCA|Dv1 z14S^q_YgI5bF*|RU!9X6Z3X^@NdDU$i0E$!m~a2nOGgwRYitgN5BSYDsMMXMT3rv zyrXY~CFo8&f~N5M;9`te5kf4E>zm6x$0^I49srdTM96f=7x9%wp!#cUXJUQGkaHWj z0T^Ny5Xx}?AhN~emA^N<@LdWQWF^2qDfYg-83Jbg)6$AKQY)d1~>XioS)Yx_H@Y7d1%xKT;P&Q{2 z^D_JukFwRNhDU0JwLPJWsET`884-X#8xqXDI+(^rBNx-XxpC-s4V;oeW`d1xrN@2; z{t)Q=%}+K1F0-Na)MLZ%i`C}ijbz&E{`dwF(qx`o_1PG!JwXwc^DRCHAm41N+i0OY z5%{~f4R~pFXYMJ27Eh+<8 zO21L48^DalkpDks0r_t}4btS(ehRFQ)O#}gmm7L~Pfx<{j|%zt!)`o^VJr3c9y(ZY zT(4Ba$Y$@RX}yPiYmb&nh` zN=>7WdwPT6A|7x%>ETd1uCj$3KR%XJ2M(h>gNkUD&VGm#fg4cKnOvRimjN&Eq|U7o zb!FTz9`$CgYZJ@Hp{d*E+w035CNFv zlP9X)tj$-BmJ=oEIKU8xAU>|Cm3&W1Jz5CJAAoQjQ#VOuCrKdes%0L@%KvTba2w$e1PG}LoliB$tRc1(V7m0kh8jC#K1MGc4-kpGb(x$_B# zj;Ea+b*ro+0mpu-4sMu_ngHCXY`XGTSQuH=3<1B1d|b~dY~7#%$Wh8%56!I9T`wfZ zi+5~`HJG8TNci0(E;B~{{9cBQ%Eb{IaQ{^z+Zu|ZxAffN*+;3Kz#&1yC(&!ab}hBM z&ke-UtN=wZDjWNo=dH23?^0p9wzZN0=tO3)Nc+utbRwQ^AQ-g${MqwjBgb*{nI;lX zjgP1o_4oBY#n+R@k75Qt^qGJA&r9E5Yon+w^$SEAZ5^*mV`;U|@pN=TS7V`>g@UKl z$?}(T+#bO@#l~)4Rpdsugni@FO$^8K7St(WFwax{s7bra!64cK;Li0;IEkK97RbTg zTTKROL;>9taj47dnP**gQxyyZX=69E$J$X?E$x-wgF>g&gsQSH4DEn86SvxXBCX;m zETP?9tI-YmI1S5|hR`T-Jn=$TKTtLrZ^H5Z^_LCFjoFdoqA!{*;O}jF_Jz zC@7O>c*>9po!jEOD6LYm#g3KVr#Kc}9YLv|*qN&w8JK|P6tc6V=E7pwG$U*k{3L9u z0yLM1*yX5T7JjtHbS$2QrF`CcPbqAa?2eLu>V)M=b8-AX%HBFG%B}4KRTM=GL`p!U zq)WO}I;EsR>7lzr1Vy@IXzA`wK^i26lA)vEI%;CX@kv7y5h8sG8TmzAKJ zH5x5?F3*Oy*@Y6d@iI|y=>8VGLW){B_XVALd2v{Edmt{UXzPOXMBY{%x|IZId^f|) z0@>qkHKRnV-Za+?D%1ch8gejeQf$k0tCl`Ucfo%?YcGqfBB9AJ2+3hJBZkYinUxhC z3UfWYI9cvbw&c_S#>QdG$>=AztEJ0o+^bwc@1+U>^g`!nX?TZ70&L%gOU&;HS$Q0i zmz%`<&(bG06KX8~g_UIY%73E?c|jgj7zv*v;mB~1?m$~sKig9w_#77jcV>dgrIA5i zJS*Fi09GGW`eaZ~8ea1v;scGbEj#c|OXltJMN`!(OrlIt3-Qc5M1D$`UIF@$m&KO1 zIT+>bhY4|VBrY7~)3E8(F#`uzglALvxIAGncC!voHle(?eZXNomdR;68Z%J{1`ncc zdfF^6olZtNeJ}2!0oLFIY^*n1!wD#Qd-IOED`*tPve*df6GsRQD0gTAXmx`8{&Zof zIBrJ^={mlZ@xht{9i?G1(l@B7q9I!PAX%Yt1QJr<-8@`{Af@tK+O;5^-n|%HuF99dq`8kAJ-m0!c(E zVJ@ZR*+ddUZ5bIWu?e*LF2ETqP!&R^1hGblT3oUyE$zV0M_j+w7kzKl&+=ZT19Fwo zDkmXotPYNyUVtsLp(Kl$c0ezav`6eFBQ^6&^~xFe?Oue`CK9HDkv0|uu>Brml5&WB+Uc8R>5;5b z`X+GHOn<6Wr}>FvTJ4G`S`fB0e(X5w&%uod52b1_(z*Brt>a}!@BDD^aV7>J-`p|p z77Uoj16f~IUxH3Tl!aGFDA3*6%rgCd_eBv(V!;MUjb2|8Eg6UW{Ow0+=IA0hYbSM5 zz6|4+A0OdCS3coe6e9&tmV}CO+6a9C&|~eYieVoyzQ(fXF`CPxK{mJVn<*uv$vY}l zFI+;(1P%V(?YzU~3I&s?kq z%iSJ*p_lOUk;dgb;|l5j4xp@vmPU_$=!GC}9iL@xZt>Le3U*?q%-unNx%Zv|3e`|IljHZ3=4be&#eyjmv0WGhC=CsIH^NYthte z_A-?SfjsaQCL9^o;CcjKMnXpY?1%XRjpx^UcQz7?e;9rMQ{tgB2t{mQ5)|XE7$@S0 z&;e*%IrTHJ9HX%j{C9yorz>fPCE%LC3bnY$^oxKmgBjs38w@;(*i#@l+!fx~NN1Zt z5u9;63_r0xu65cX)$`yAM-xQJB$pm5d?PuEVn9h!>>TO>h#Ukz zYOFPvAOEP)3inHZSy6Mc6dw^}?|$wO;UEjb&XqXb!c&)N5Kic}8t9Tpb^-fC3TPHF zt2{hq7;lk2M>v8I(5)JnXjMg#W20dr96gOx)R)quD5I*T39!9)O$iy@Pq&Ry@$bGKja ztW=W=V2S=~*j4m&W=f&9^Fi$GpZ(pMd-B!F^50VNK=&AFv3EN%UjPQ6@2=Yo6o9%g zNe4r%6V+c@orh+c3aDwP)1TuwIM87W1n-mGJ*cz`8)P6wu=XS3pw~W4j%Uz61uC|{ zN#d-!Y@o*0$oX*GNbeAEGc!>kquy2!BPzNFjmGtwchwWive?=G@K<$s@ek~tq7owUhg`|fVZ`|NCkq{PCiZNKPf}i~pmg(Z2yhX79RJDZT){x=_F{mG2kv&332z`1)Kn((IPoAMt z%NahJ&wgvaHmhd30~i`95m9X1ya=zP)Xdk|8a03unqb|ITMD|T^mVbCbn4H*+@qiW z`||YGQs9!L4rUbAEaBlBh>M8q2(w~XXL zqMaI%Z;@I6WlWxxVB;UFWX|My=|&}=DqO1FXxtsr897*1gmGfJ^HCbUw4^-4cX_N= zr$U{*H%wDI6mK3mg;a&8hij<%9YFvr~IVXqXNzuRu2P*aozW8$H^wjN>q z*!j_ku7?!2)T`g#qN!BM~}vtz$rP}N?MPc;F$1$8HI7_`lX z^m9VzCvE#HgtDEGaAw|$p7JAt4Zv42Xy>>}2l~(aup(EEox*$*Hp}=G&k7a$O{tgRaR9_6MeXejVZ&LbwH6|CG7X+dzDj z1#2W{nNF4zPo42H*Q&{hbSjce9uEh#=YNxqz$F>t+9K3#J)eDz*+j$GR`0zluZz|8``g*{{skOCA+^(8cxg;^l0_bRbk{|GO9%MWKk(?nZ z8Sopttt3^n zfIp_8{!e^Bg7WmHU@-O7rJ)ES7@P1U;7^F(pCIHWxtOT6l?y*?Fa;CQM<0tk12NLX)l5bBVk!Y{-xC1g#e&8 zhNB1E2718K=NaQ6h~uWx`LE80;4>g`6z-Q0nSKd!m=wQegg3>R1}(!c_mZz(;Fd^* zqu(dXxk9v6yzN1Onq8IeKO`5o+H1qnxot~{rd7wJT4pE%1MoYW{91}t7E@;YGus(b zG3|i|Y8K|v*R&J7)%1@T*Dm=P#$$7aJ6Af?`$Z>DJ8L$x6_A+mfSkRCb+in)ll4L?} z%m40qv96=tqf^BdvgN()Xqb2r87r5-!Khkv`nL6rC#S%AK1s1tTO;cuf(c=1*va-q^t82cR~#7gN}Ggwab@V#GwqpL+g&2=u0L3Tk4c3H1FQRQ{o6w z?ONAkB^q%BK}B_cQ6rl$=u*)sFWoD}5fx+#*`Hs~of5JsGMdRRREQMht;2MbKIGioa2*~0d2KkRpsYWfwBHid9d;rs30?Z8&SJ?V|p*g%-YiByrAWz$+2I(5^61X0oMLV4^x8={Q^&B$Y7t4Im^C|EMJ2wy86ml!uZHl7x)5 zr}BZC-4vm`EzQdd+k3h=IS8913#>e*^!w~i!OnL-Jc#{J#sW3pN+%qUf zXkN6_n^kee&~#2ht`NkkQt!0mb10+Ec`_fuZ>DpQA@mV7RWDUi{Zuq4M8!y$TUP+c~Ayfj4NBnJ(DkfE4W_dcOGfAtzh#t zeW=Ve!>Ac0BOT~q+)^CYO%%n zmQldXUdSZ-NpqViQ6P zclqEWzsc79kE{fMPV*R+2p*yP=Z6rCGUn2J{ z>;&G1J#YM`|%!k&;xF2L5M80zucYW zq)4!v`rS{K`=F%TP3)qwoE83))5njfREyu{ZW?}+laP>LvX~UxovNDYTvXAd!qHM< zAGy>w?8sNuFg%TkFk4NMiQ|yhCS>HXT2BU8uLle@N{vv?SE#Yf%2|CU3hCluDT(+f z>B4V8DQuOG9~U=1T&MhBREvNvSlyGoFId+_tx%eKET=XR2d==|sDWJ-52+FB!^@09 zdYN=%sIJbEdy@eveI$UGi`rWo4g&-eUCd$c-dvpK**VoFVu4~MyFhm&6-L?8KHs_H z?h9PL4IM;iECuj}VK4N%QInN0nHSn{7A7nWyMx$S!$Al}+#uC6Pz@IN=~?#|Z~LZc zH$5LW-giQQzGK>s4Use|edP@n>-aO)S(?*7{bTvmc3#@HKY()C`(rWl9S?j{i0pi= z=EbRDCj0bCxwc= z@BZFr44|1MA1J0R+N~W2Zv1HEwGa!s42OP5uEsD>^k&FkWq+FzN$;+j*_)syl-av0 z@$m*j6N|86Uu=?|k2JKRQhL1jnPF?9l>K@uhFs)XJRfD9!*;lCn}63Fq2~i1%Bu6d zH#BRVl1J`3cr(s1njX&H`3a9E)TF=SkcuP{VwGK1Iutz9$WdS_c`d0|20I}1P<_E$ z=UAr51EARz>JFXNI0-8MWkno_6-`F}eEfSw^S2)}wHZ~rPq0D8Dl0(fPFSf3rdrZx zS;xBN#R%v=qT+-bNW~z4glJvAi&^+c?{L;)`$z{1Z;bfqDn0fMrHT%^VtIG&gdZj` z#ObgK*9zubicJAU^Y2XNaHTWNrb{wt^drXDuXTg_;abU_ve670Ega<@vCpKvR!+^PI%`qg_p>PUM?Kw;L~*=oD1d{f_0WxB!opuy1a{ z8;t#ak=v6sJvl<(%tfsxat&! z?3ZrhYcRMx-(Jiw>kp%d9pTl@Ue}7QS)7GC^{b{R%Hlxg~PHeJ*gmt zn19ZXop=Fxofr4yqyHo0T>>w;CE5y83#UUWXWh-~Xu|-;Yf#QH8zefnGF?_>Y*JH> ziN%}!^WAQ%U#Z6h7k9an-xHg*D3vbG<>5$RzF#m`nU2Xq*)5ZL6L~cNVlK{vc8Y*t zj&fb4rcGBy7wnGt)M=JTDY<>!6YqL1ppq> zCo`UluFM@kYX_nsXUs8Tfl~F}VsBYrrMvs!z}IGmZZMO-n1;q5%30PF@$C_J?>^Ow z76BRI1rXk>qi->g~Z&{b1mB2|(qvIrVVB6Qvq0?FU+zK|jOEOBzU&d}89b5Ca+ z)7(V-=qk0=KEt9RKxBqfWy$lZ;T$vsFpX?%q6J{X*VYT0nj1qt_9kgtHGc$AbLCIo zfn^fIEr6=n*-zt9dX~utAjJmz(i?J{T*wayC^ZhP%8Xd`;AziC3$;i$;pLSwn@L-b zW3rM0Rt-H3-OtR6eHVLFLTyb(S(a0Sfl23iS#(yk+T)>GPMNu_tim2it(?on9w8DGxkj3vIxTwl7osc| zF(1r7T|?*EdzQOwbXpE+hH@PKkhE!2R*?cNc-|gch5_R`LEY&dyuWpEp&!j3y%R4U z8K4Q0rnRxJTL(^}zLMVVhX&xwF!MQ3kr7oy!tr!l5J4vCH(EFS5Dp z%XB0htj6r8tKLU5_u&`#6`QFyIo}0|HbPFnzS`ZDVt}J9cz8DO_n;&{XGezsRsu{5 ze>Vpqa;-Xl&QA~BSxaXSPSQO-eUz@PENVO#ntp!rW`N%<&2)8t z!#0(KRK<;WDCo*D0v&lX63}n|VC~RU-nY_;IMefyppINUJhx@MnDp)+8fmMmt$?sZ z`9611)qcuD8D3>$F*A$Hd9u)iE7M`cXP1>(vH7ir?EvO#y^cqa!E=fDxwS3Vttd2pCmkh$w6^6hlO4c@ z)L%`jva>AZx*kmKX>D?jHS)UJmFZT+%HAa$M&m^T^I-R;Z#f1l-x#TqW0=?jt<)LH z>uii?>=2kRuJtc>YoW?)&hy%P^Bq0$mVqxJo01dRuisfG94Ze6ZoR7qLpmDrC1Hi; zfH$S{ct@vgof_eW1#geCnunA8@&vTnC0pDb+Sh zZ}Rw;Dlh(J-D+Q2@Je(I$q<&N=gwXkmco*4jVmgJV5V5wF39=8k+ z8PpREK_&U%Go;3e9vEz$@yU-*u~EnwUnaf6PdcOV(b?E*e7~-Pn#)g~oedL63o0tt*SjmwiTr}JGX4BE-%;q*vsBKp5rt~YoeiuL*YfBF$OXViD1zkZt}l;Tym^SPq01h z8l;fEEEE7=9ZidQWl6Nh+#WaAT*a){$~G64J8SK@ zOM%(h(K>zt1(w`sfr=bz+zenfS)TYTEBiV9)@03*rw+NyIb5_Jb|g(o0FmD@^b04` zUr*N9yj0=Zs_rbo!;<}&ul}56PB;h;kY@8^y*prUY5)Z|j3DZ3{tRw5_Vma}mi-mhf36*esvt5jdE7m<|71;xbP(a9)0yWfq=sj#Mp2pqi+sxc zs9~3#H1jj{mUn68YR7?RtT8|RW{iKr>Cw6#DeJ13Ex$pc=-g8464Wy!2V_V|4pt89&&^U% zAds=?^sQX=k!kK^w=Z67$2pBk#-k_W^fu*wlJowB=8^u+d}qUNPLMFoT~9KInQYtb zCNj-x9o8*=#5jJV3ozn#EN?+dZU|^eB}fw%#%H%Ec9?9udxz9w60WH@&%MQxb5>{- z^5#a?hxC55!dX$$%-ZSCxh(2IsJ=>1vsx&y3QqP;HmS1*KePGWcH(;H;yzgNZcsuA zlg6`&<@;0wATC*5vg5yG-bxeTIaCUWw#h_Ksh*prner86cz`}-sgf`=yI1l(-DxON zgF1AtO`e(!wwJwJEH$=e)63{7vS!2fO+}{UN2c<9nqmJZ;m3276%#Pw_gtIhKg1oI zpu-^sJy8`oi*^lo=(+IKEDEWI9F|+pXjhA@x$6g8lbLIxR-j&w`A-v;B#Wfep10qdS9nZnL1 z6Oy81Hdb9&qT^IS=7&_ay0}P_o*23atA+Fw#nvDOeHbOz0fQfw=IZ0*Acmh-d?!Lt zzkIJAkrQY|R!d))gCH}XS>Ci|-kmst@TA>w=BUno!h!su-oeu?`BZFAH_0Olb2x(u zTE#Su-Eps$U0Qa-0kYXIq^R4DJI`Y*!xXHIYG=D9O={MIsw@fQH(y$G zK5%Vjv8m(FhWVGBqo~4{4h4?}aP}badlNG{1!Hq!9T44C&FEym>2xw$ys{|k%j3oh zSNP|Rz{fod77XR|X+}c*W&v4oYJ-s&wb@$9UZ`qMMCAQrYNa=g2QRG9znnAMr?4(I zjn4*nW~R1suVu_{CEwTS#5};q*49ehn=fK^+ZvV~R=vv4(`kIG+;L1&Y;jja%)?~R ziSMlOcyM4iv%ee1%LE_!&(W(k8HiqswrJP?spWdP$)pU%#BZE-upHB%%2?b9#}Xp% z&;!~{^z%+FE$ixtro5nNyn|d1qTHT$j<#|-dy#|fnQ;&Hh`cP!j2)eor6n9&C;cr= zFCiAA*?6f48!qGUr-$q2@N6o@%NXg;X%|ysb`5A^#e-ZrZt_*rZ8pGDtKfRKV=j7+ z4My|+7k`V`J)~hOofnH@xHe!vv1US?NbXh*Fz{VTPdmG&V=>j#*wByqJ@GZQNdm(UD_u6ve1`6w@oI75cY<2O z&l(%bPv`DarIMT<^R4pn4ds;ig)36F2Z78peB~YW?FZX_o*t8@Q*W26Joz-^`?#$H zuJnb3E0W_PZTf;;s}9y+XEkhBv>6|(@SCQDgW>fCWyU^V?3ZTz7kflzoartteK1%| z8VV0eDB`+sjfOw_v89`zlk%-zfIJ*iSa&en9GN@UYkzDyl4Q5@5}C5h%1PHR z%kCc}ke}K|-;e!l9-}k;wJ(vN@z|()`R8cLShnq~SQ?Bk?sP{Tqb)yQqU)*hlf-1o zv&JANJ#45){knNlTzj{Qn`o20wmz<}Z($jUxcY9ZHWKuDm#b1ix zxy7noMpzcMY}G=4?4j*61#Z}41%UzY?*zju;HAMsn&;a1y92!Mj%PD+sf*m8pZj!{ zov5C7+2MR)T<{@&Fzu4S(MdIXwjbwU2QIf51*c@}%k(dw%b3Eu8j0B*jkkP(5#MS* z$-*J{KJ)haglCG(O{^_Y!gnJM*z3}1x|-#a- zQ4$Mw8ml4fT%Orktl5NNfjw{-;4;hAX zd}K!W$>r6~8?UG@t7jO;MiBex{{MF$PlLTY(mf!Z0p#W*Rip2vychXQvPN?;pxM7t zJewMKFY0TWUk5!`s91y8oZqA994*i&FeX1Qnf{)2Fst;+r1Q%7Im3ba%h_gpBSmDf zhO@&6SO(gC$9sIWXM`&e_NdC$Xa|16uNrTBtJ-wi9or^ZFverTp`v0j_*Lz4KfJgTz8%VnW43*)QevVb&4`RNneT@ zbwxO2?NSezje1`i?I1U>wv<`eOj>u`J;T`6{LzQ*$po;&(~YM~qlUAs4SOG4dbF{$ zIu8s7$vyodCWwJ79>C3iiEH&LaYo)8PI2yWV$?G(zM4B2t`04CbVxpZ7#f}-iTvuk zf{aV5`G)OYgkSCcWLe@l^&q7_sLy{$uxjz!?c*lhtl0(q9BQ7fjcn)!LcR^f& z-u|emsb!#7SZ@DT6*i8t@V04!bM&NpKQE)advsi+P+TxQ?XdVhx|aC~IyAvpavdWo z(riujXmF}v!cXSOxV_%~Esx~J3-1-i%cuPQe*O=iyB(v`#C_iF+IAfsUyj{Zle>d- zeE0eaS$SrtHytMi@Y@q*5 z&&O_NywjL^X-F5Dnb)NY*)3=x!PvtwkJ^?aA!1(@qw0d zbb~Kfnl-z*d5gf`Gn@&!-tj2oe9;w?@pB38jLS=t@&4a-e)CIUX_)jzxB2rGutBD5En$qTqbAkzFxU$rbON$Mf0sC@98b*ap-tsx?Se*fv_u~cHAMz6-xyk zD|yyE8Mk_7KAijdMIj*hd4B8eeoT$6;e;`Orga2$sHwg8Kl5GX24@IV63|ZFu46Af znj@Bjt??APFpmJ_wvo$7Hyd5Rs681;tVTzPquwy7}^ zH24M{hvN-)bzI?6fK*Q@vk6N=UZKUxcaNWMjsUIJ2#Df3+JzIXmnqirxtqS3UqWGQ zSaq9__w(wZozS^jcPbQOsGYTs8>q(26dWxtg%TGd?S2(x+74pi&YWpq_bY zGFX<;l;P5NK2zw#W*5jH8~DVB3@>kf`FoY@rL*dPah1^PaV4t{#fKDDnbXBe#{~A;CD^xffvA+ zRC@#lt9mean4~(>3G2091kKBF2o_e)NuJG~6*KvE^$~Cb0>^PtRVJplOZR;|&Ufz0 zGe*$hY0cMjEl-53;Xw>$Kb-8sO}{NNk-n|Y8T?*3F-&z8fiTP4%4W9fn?V_%8yPX+ zM7p(VE+P$oifxh(ECzs`cPSDf{mSxkopYo3TfSCIQtr%qufzH3b;6|euPe7a6SG@! zZXIvRA6W#N4%ttSf`YUu->9i%cb?l#*ANJVhPadG)mt&+{P(BYNG*-|12bx!La>i z-@t)QJ1XVeax4c><*g5Veqd?J&x;PVOUXnY>XhyvaID7?%{gA?pXV!OQ~o(nXW67r zatCW1K?RS>VkWjnk@UK=LQIRmXe=6AM}d?}zT{KpC~QSseIIa(B#80eq7GE6*)_uD zb}5(f%O;`KS()vV8?LeQ@SV_1XHM+Fc~8|3Qi!JZ`n3WRk9U@5@J?2S+@`_f9%PJ?s-A{rKEzm;N zhfgtazxUz=?on{NNqmR;!(FEWu*owfMnowcn?K@o&H55rh)Ca;enB5Jm$}@3wdr3v z8@&nNR~ur}9{GjWb8dxkQJ|lr(7bJWyiv0=Yy0J32PS*Etgy+7NY@s)#JQu{B`Ygs zT+KiLahXz{M{RtI_LQop79)YvpIZk*?;=c?cYJsF?=C`6A?<(9pzpu6qf!viu9PBh zQzJ)jhLBsdod7fWe1!RMOMOp%@*cDj-%C*ngUqnwaI+*)Nbb~nBBXMbuhe(_)wlf4 z*+pW8PkG)(o^B>)T=Ej?d~tP*&FR(_EW7fK5e{7;qT!ucATu$pWFq?vqa&Z^@E8M3 zTEGR%wj!itaFp6>IM?&b3aZ6LDAdm}o#bEHJ#3IZtp`4DfJtzUt!Y3`;NDMRYWeSc zI#c~t`bF7{v$cW8b0CJ5_i8yjaNYt8v?-o5*_kP_iVOCvMnp-WU7mOCLif1Wo|(FG z*rzar4)VG;YB=Vo?mXR$E2e!((#qH1qAvIjQ|Dk_jnqoY4m%O0E#zmUv4Tz~OP4Sa z{yW%+(ibGaMJX|=|7I2W%8 zf;;E=QhnF;9z1g!Xe8CfCzq1J%e6wJ>3@XGP(PChlED$Are>1)QR(WS$MQrmO~WG0 zqTjIu9imyM&AOOSs4_Mm6X~Wv{KIuSr~=*a+}fpR?orUW-Tt6h2TM*UQHxkxU{}+qQ1nHkh=SXB&AZ?R`|-cAQEzq$F(H$H}?~vH)$z8}>o2>u0Hu za-~rAHsSkw0iqcGyKN!CBbTd23&YgP=kFMgxa8`~vKwcdhGf8814U~fl+8ZZIa#|@ zD75k7PHXx@TaUUU0aE=2!`uASTd=u+Hwp3-lCb6MeT%|m&jVy84gP)D`mOdXy;{Ah%h4M8w<$kVMZ7!*x7joX>AhvEqtiM}d-`%M5u;OA zr7CS+*X{OWqZ+9(3%0m;(|OcCn==MPLOjMXra};rs}N`;8?f0`uRG*BpkBIn2O6c` z=lg{!uF_)4L{SXlPE2}8rCe(l7}~PEJ+m&hdayp)HSO+dZa+vOl94Zgt5R+Cu1TY} zAyaLl&Zy|ZxKQ4Y1zFP&8*9cm68%7MEIgba%2{P8HJ-0kCVCj37yS*5AtDz=v@z&c zgFhRa<+$0As0al$rj(4*3nMWRfu;g2nvVgP*i%QSSizy7x29%EUqvRW^5QKfoq<|= zdNDQ7-=!Xqf&u0fss}-}t%Vr?FOn+mSKEWx&vaCe_&E)1m2HENg`@)q`Z=~QORpTjJBSQw4}D|3aW`2 zcJuHTd&$^A4;IBzQ71-^L~C+7#SnwOy_UjIpC&4}+{MXM;Lwpr@(HixdfgYc7BY&H zCxUXG`?wQ-Za^uG2X5>Jd7s<$N4(64{+Z^DW_+lCEvfI#jhjS5 z1Lmw8P;Wi%)J3AE95hw{3~p>K1u&T9*Ob`LbUBIBI7|olFJH=#6c6`>O`M(Nv@7@* zMof(PUvVaXt*^07_iVbAgU8J~Awmtn-}e&RU;Wvuh6)44MDEr4;CDX~1;SB^aJZ#I z6v~I>!9vcDrKVm$43NUZ9exgv&(lQE^=jr61)2jdD_z;C4LUS?pXoG9D zc8Rc|p4|1zzzZ)wR5KU;v0xbX1XZgSD;S2^_@T`iA?$_7LQrl(OnkorJ&biN|Ht)r%|AWo{-{1S6&DLiFUCB@xOxNFA z`%C~)OUTDTbWh)$)}Qh+lT%n<-Z)({{=endL{zyZ7}>% z!ta4}{YPH)&kE#!7Arv1flwXumA8F=Up8EdP#iEwm-PYpzxg%=!lXqw-ktgV z?N!8vCjNYS=Rc~D|F`&`F@f{_2-k)D)Ab(cU$@M)<0rXGj>>#6_%EJ+0|_dQ(1b0m zn79avyJThe-7y%iv#}%G!&d9A17m<>-SiYMd+60##z?CZ^kY&qJ`c0 zNR9iS&n~EeukLP)mcIP^%m05q+u46xT~^yPW+qF!?L5${;=j29HJ`zYYnH23|8_dW z>AXaBEK0RHSSXX>#QT5N<^N|RfW9Qs=Sn|@KD*ArhOz>!VDL~S|L-^d29lZ>kp5^% z8`HIWY;;s%=mZ75rrbe47(Tn?)NE9K=gRZP7}EOH?N(Fa?XF_#*M418oN2e z|6yR>n7WsM**1Q>W2CnAie6q=8tH>!8wygYB_`iz67&Ny%43RYlBcASn1X&dPgtK5 z;mJ=sr8wb>pp#Mx-j;ZrD(__l2JMlBZ{HLwG`PGNRyUW~OsM0oW3Fo&&2X*F%gbvT z85$b8kXF`y@zm$$&D)O!Zrr?09VO5Njqkmb-WpF=*u>%XzJY{7^!{J|M5z#k2xN9^ z)NJ4)J}EGQ729Z4F@7>l09VqwefaG6@BZ`S|LKp7e4gj{;mfPWq$V1fh~3)%18 zM@3c8@KXBsXCt16eE)H$QZv@qC3M8=KkoFo;Ux`yO(u7}od5L1>;Ko8j`-j(ndR?w zi-Xrd{a{q~w>slTs5$su{IiCC`Qs%?FF>S7R`k{Z4I$VR6I8Hz*7d{&QN-f^{6(S| zWE6dWc~=140j6RrJ3+4}gR`?Uqr%Jk|9sDD1Dhz6s&3sEM*MG^jS#rCmkk;KD{?5H z)u@!_J6XUOuP}|F0xT*)=^#?K8I~850NCvQF{RIz-2k`@q7u{vCTP;Z7+InE%aQgHwb8gsB7n_iO=K=p)lzXg+{pvj#DK_j*RAeop8Uey!`fU$N- z1Ta!raGy?%O~y030YQ1^U%%hT3Di zz1jt!``utdZGnRS#1C5Kw4;m5X_KyL)r_2B5(WWoV5TeACbsO|hf1&;)Q$i*{UatO zW~|!XXIAf5)&b5?orJJA6wGjg!Z%A;^2LUce20hos zijuik;9VvNjRan`eqChUA>4Gak9#|^zP?^}m)mhG68MQY@yTm}U_h=5jF{2kJ#76jYsEp|s#Qc*CIWbA0UVg{ zX79Vc6;1#ltVe<(@dW_34+9{3Y5*{ZY`f{IaT3g|zKgS-Z|`cpOGpclkRk!Tn4bf0 zme$bX@-l+wI0FFC8Nw}IX}H7O*Cwip{yFdfd8iZACCzr%0VA`f{fKfZ9d8>R0*hXb z?FsObvpVJ+8McA9?cXY^gbq1A;zBG}y=O!F-V7evz?%pvWLYFKu~TQ*XG&cBaP z#K+SlAhIE_Bn(|-OGvdY;B4i{XSdL%ghe3fCf9D}yY)S&i z;lHSW2@pRND5ax4p)pQ^!y{%g5|U+a1+YAp^!A*42zDuIyv!)xV$qD9$70O(lC6*b z$_)fIpUi#~6H`k~@jr|<0iEj{I^HQ3jVFc(+^`ns9ddxkMi{*Z1j#sb$!4cjWwx`c z%lF$hJmqt27(XeQic|UTY(t7B5;RjTnLaDgK^?Ow@6X0t@44x-advJ1CN&%pu?gBI#=7t5TB|>=Y7G^li*E*R9bA{bD z0-7{gCczPM@86X4KS!M?9=V$=RO064einb%L-xtny>tFFg`x2lwK=MeW@xMW-Z(AtcK&@EYbDzo#kUtrHi%CjQUb}xQktJmv3~m3s3s__uqZ^Im{l$7k$s%06@xq3qKi4`s?k0GaY;c9|A6U{}J^ z3kYlIXvcp(uS>0)e2BNJA+tL+bf8k8PF8{xWj4JNedcURBc-BcAEouZynDFO-4(-W zAsVu~&;@Jq^o)>QW>70_z0Ej|Rk28A?%d^&Y}B)HhY6yN&tfp97kI4#Nq|9mvReG$ zU(G4lsZ#kA&0A1Rg!<1kEuXnOtZL&iD-ND1&@9q!NC)Gr?@qy1^p>}zGf$=v^Z)3) zgZz=^4#p06(Kx4`i+UVjK!Do3>sX^f&K|mo04f+v6Pr+O*%|oq$^bytEmhFj<`*u4 zNvfwqxlxr!$^hoi%ANe$$o~T7d{@LN=wBSOe}p_v|9Z zK%7N~4M|ZD6cps(AN0XzS-69-%Ed<6sl~6I5-x*b>0DYrwP*n?1moX;O(?KSyDk(T zOmGuWAH%UtI$hl+c9hd;D<8J2nA{lQM#`7Tq#@mzonfNojOL`&vF3-bN@C4KgkO1(^=u5fthiHnZJF=ts;PP2mP`fS)RD zDvbb6!Jka?62QBm1W?hk?GK1I5mxVPvnm-{Bq*;{YZnIWG<2-w!-qHds^|_HS2RQOBq1%8R;}L+B zi2a(0060S6h=M9(f&{joa5?~zOPv~7wF1TIPP(c|U3J6Sr8v`ckBd_T-r_1?g8Pv> z_|@xH25@GV4#2Q8JpjmvMvR%|Z{K-Q<0V-;aOWA+rUQ<~ zBhFbLj0J#MiK1o3$EJgCWe@nqIysjUNP#;Mfk2tHXu5DfI5H9*d*9i6fWx<$8+aYt zpnyw{N)`KOFaP?cc|Aj?i~*|LT0%oxl8siYRtezNphQS}hqHVZ^GfX@ir*73JQ@dK3>=~|O*sQQwl@QAv}siY--;M;Ou>$DB3lHHHoX8{%W3vwCNf2x70|S)bOJSAiXLynD$VQwcCARo zos202pqOnb;Flk&NLD8h~gD zdYld=p9cKayYJBvmK|4aYy9?qr8B@u?ULL8ccAfXi~9tGU?LitF!}{NHZw}l^<5>Q z8+`x%eVO-Rm6_?@4(MY5b1oLL*^6*sH&;w$H0m78>nNWUX;jIw$W1k7O1ufSYI`EP z;^79ak>QN}mFI3ma%=){qp|OZj|-63`2pM{zdNh|<7RBb+ocVT6Q9I*?Ojs~5MgxO z{F`^b5GPP`hiMT{RxL{9RyBY##bxF;&sZC4x~x#kq~ixuY2qL+g~d$Ae0@B{l|cxt zlp*f>SEED%oO{mURuIET2S_5Q|hMQPHdI=hIIWpuz!q*#B|-Oc)K^Gbbk{t z(d&1>fsX>{Ey->qAnOqWz&BuKJ9XQQ5dfh~3iJiZINB~MJz)Ds@4ptgz0WM>`{Ba} z>e7x4^1uD~LM@O~jkb3r;dL1N6g;X;;2rkgzNcRSzNe_&fngfC{z_3zg9rndTkgefU@lFGD#cwi!xGzfP<3z|1kIF;Z(2h+i)2xX%Hzg zRH%$4!$zi3<|#yk3YjTm2uY=q%yWj!WXL=$LsFTC49mDsnHP(&EG&!n`q20H+uz^w z-Fv_9`#gU<$ImIKAy3gx8&&vs4xU~I?;m9Ix(l4C-{TP4w>Tq4;7Y#~( z!(I%4pJeXSl|sGw`_(V=1`wODWCr>C->r0$<2sC!5_i4( z&WM=iBg^EL7(MMjCCYchTdVUfB!n4tg|pMI@!)E$B|!5?4;SB zfEu3t*=N_vL#i(D{mXgz{XaCsDE63UoxnF3?Ocx!aU#oU$=#uyOLNI>=l=Y6GiCZ7 zp0i*7V%Tqd?D`(q2Kz4E*jZhFy%&7;9fpN)xv&51&WJ`s3Vg1xdhCBp&>_BUa}%)8 z7y~2$j;CbC#eM%{M11He1z8)GA zy%NgEEdd%!B~}8KQ{XVJBnBpx<0+wP`y$P)PW5k^TA{`Orw!Lau04xz66lE75A#C4 z7~(QFpwq_E`lG6|JrQy%4QP*aQhIBxeH;w<5kTmACH2qdDOUTH$xwwh&~;oI5-CC zK%(fZd;k+C7>mWhO&9?SDJ+ z)py8kGLEa4{J z+tWeh7e*scd47g^5Bo`tehOHE+WjB<*mh1h2ie=}pL)`wAnY_g`*HoN;GqTkKI@1^ zy9MMa8~_82$vLBJKy{UaX6FUl%ac1!CL4Pn(+ECoO^4-A1mE{I$uSr{s3pAX2iUiU zgI9KJK}D?+?uwD&6n|H5e$xoFy;uWdrK@b4z2IrTQT=Y35w2Jzsa?@bbaU!yC5qL1 zw4Z(ixRnQ7IcY?54mRN{e^RkMr-@cLo0!Azxw$sk2@q$7%m)RIQ%Ld#$X5)$nYi)x zLx)(=d9?Y}${*I&UIT)O5-RbR`YC*-E>*eW0UDC)35^wrv$R!R_)vG?;(OBqJIENV zn+7Z0mYiP651gP|g;oJ$@LzkF%_RhfQJq?bs4{u^4DE}PvG;XmEJFmj5-nx`8dd8ylY$a=H@2}dr z?gnrhtPG3xn2wZw$WCX+YcVH0Bk>gsNk5s1=L5+lW3gtrQ(3baFOi8dmQ9rDUR0_4 zuT^=N4EF#xOueVVHT%Vnu~`x5ym)A@e&PAa%+Xr27RPy58HeKQ)g<(Ipy-DPRLFd^pu=z z(j5cBzuyh@e1nV^A*$({VOGaothsxKq2=mkoV2%BboiN2x5%3(9obLoo9>g+Ikpq$ zGHl3dX`u~o$;+{(67N~{2fMc->qVYzX4wFzh7KEP9KEg+ixK(rt(Y72xavT!@lX4~ zlGa%}h+CWwKbYyu_uJQy?$S{Z0#scO)%vz&jJuPJ;td)57wfHp6=_PqdaBFQ*~_b1 z$foanR(595y?0!-0gt-GwUA(qZvX6WN(_Bz8*+whoNoa@?*;(I?DahhF_*25JH@*Y zz-Au5$bVhUuHE)9=eKfKu);~2oCT0DTv1s@?4{1D%f!iX0QDM+xWKktY7Kx5Gq9UQ zT9o)1ObryjZ;6+bn3dw!BII6Q+fPHI^W-IT&wQ5S_RUIZ?=DBvaPS~&gxl+hh!Q~c z=qPd#-$l7R4~WB@0}NBPr5LU=aZVvq5AOKM_3DYxno!)@z4fT6{7a9b_kjKPEM8P? zo9XcMyd^GImR$>nX5rjH+Szj<+&-}6o+I1xe~rsf8)jY;p=wOVjKgYEKH!d8a9ju*X;8u4BK z@sJE@lv(?*;*v$QBIN&i6NXw}21SDsQR+*3vmnMZ{`V}B^&cwn|a_Ceww@88;mX&Vd5Hwt31X57Z9n{ zmR(v|?6`7J5!$u1R!qiwfy(XAvmtUz$OdV-yPPY0V0 z0_sJ;P4U_E+*6!-M|hBhhR*^05&%=8mp2Ktq3o;a97K~|v)3~GG$4M`gsPFbzGoMy zgRq>TncPBf@nmtbJ_k0P=*FkMUIZ_|c*aJyHcJ%&_!T~~%XzW!j4}a-@h`rVGO~pC z@aXuGvR0kPQw(=X2sd0{(j5WDsdBagQzgpro+~%q2pHG84Rx_`da?P+CAe>LXJK#UFNyBjuo$s0(#PGC6!TJ$c3>MUNez9>7&4 zkVs4-{IM+mI5)gxe+q%Kh&Lus&H4k<6{@A`U{(6NNm*}&N!DlHMm6PA9S!V=ufpdY?RcIX)%6{<b$UV73jmEJL%n|F3a*z4lyN%(&}TG?K55PhIeKg;{x8tC*CETo*uK+RVlTbbr1J?OO6@Q zl>42KC}@pl*LWZKCjC6?^e7=X$5WhIl=w+1-j@aoKC`FyajZT$#D9>rKn`%&y75}y zR|>GW;D@UZ@-64crB;&;=O)7$?h$3z_u-Ca9_G>$fxW?_&6mfbOy2D6LN%L==d4kS z#?Y-uO5Y#-sIZW#7Ap9s5?#=P-30MVdp^D#a%kq$>@BTT-MVYGibKtxlEr3n87>^+ zrgIWt{FZNY5ZhN{cd%mQ<)w{kzol70R~y2~J#>4z`rYnK)XFUcof5qL@$vb9SU)vviSJ`_SB8s*ouqRS zhc6y#klju2sH~QM;%6P4=$y9TnXcIXo(^4K znmG`>VFt z!geX1h`4H9{KF4eDjy%N0FM#AsoZQmBax~%XVl*6@s5O4%KMvrdaW@ES>ArELMvV} z=W8R?mR|m(rgybL!e)_?^1u=cK1QX|ftS#pj&t@%lH_d^CIBry`Hk(?YFBS&>ir;U%G^6;|R5*t|KEp8XuximsLhWgZIHD!)S zbT)>XxVgSQfV+}J>Z~NO2~W8LEPhMd?I6$@j%3^+WC{^YmTte6$=x><7&ydsqJO?+ z^Gadj_|qs<8G_m-M$63`x5}`+rsiXluR3FrW71Arp_aX*lkKsWsWQdaJ3fC6g)N)p zBvspY^*!haQG94DLvA?h>sjb?Y|BFCg`w#19~O#D+0j$gii$YR&jZGUVSh>QuV-D_ z+7=0777w`TitZiWt4|VE9Y6z#{h>#ZHj=l5E)*E;70YQ3&alX4$o%a(+9DUuWE zXe;vUZpWai{yq44Af0xWX_k*)_ zy}R1_Lft|CRA=+mc^VH^)iXhjwEI$w3^7d-b8MoxNt4Pdw6l^!>s-7Cz7PFV9KF`+ z6^~u%BE9wkX2Gi}@1b^YV*EaL#}}m@noD?j78e!?bbAy8?U=Qdi|F_*+Za6)X1Tfa zo{jEL#`O{3)aTQ?dPU|#(5l^Px{E-&)mhwkkFcHcW~Cwb-@IXxfZz(vhfVj7RkurO z7Bo*1XkKo;7a{$~hVG&MPXd7}PSIohw7kZv$at3x+1B${QZH6v`L(vjKdgDtVXTd9 zWhd#R8QdT_&EAR*$7Q5>Vjq_@KagnEF3HK+|Ycb4gn_iTdvsZ12 zdEO-Jz9&8-KdyHOKh3P^#HoKhKqh!C@h!y=A*|Zim!GvY0{`ef*i`z>XDaiTb3BqR zzv_?oH1wuO#bPCQ(LU}RmGwCAi*3&g@fP_7{Lmq%X1Z_AcnR;0)>r*19fpQ_RD20k z*?mVtNjD;$q7Qh<_?2j+Pb#t$-O}fxo$9FFstuPqUrgBVwAPubd>UyjR94;QFKp3| zzmr+XhF`McQHL(t6H{xw@;?yGY0^a9 zhIa7~Cc;$fj{P^P=2LKVA+HY4xH@x$wtx8LK>Ec;{*7Wkra)v#iX zwpCO1-o)4hj-1{EirvxZmWcXx_F>P^km2No_V*Pe?I$K14&$9zJ)#YU^b5*|{+dVHajh=Q8v&x!ZV7_*XNo5j9V=HbhdR!gRD^*$ctEp<*ep$+Q7O1dtLFm4J* z#NKGHx4Zq8mAT{@|4dJK)<)OngCkg`0iCnc!le`MCTTt1mb=XqF`qYWPBc@Vyf{GG zOiHL-CpEHcEG5zoyL7E~;mYR+tn=`Uj2?3yUk9F3sbC4EdUb$U9*IxK$Z)B~^3Hd5 zt7aEyqun4*qGQZzcH(5wcAQ)%`I``EK5R9gAnrOn+{&)2?wy$oIg<4&M@st<@l!WccjS#g=2Z|3Uq@qnKCs9Jv+Ba zAO6bwaD(dZEz%VAHH*;@5`T`#oK!2z(EL`#Edx3Qp|W{n)w~>f4yKKzpy7iZGAD`E z=#TZFOg+b&EZMs@_{|n+O?ZJVKFfy~q}?^+_RaRHxaM(^8Lq_EZ9^zGmKao!LO8qO z-o4AONotjtjZZsROAY<>7~Z~H!mIlR*!Ul}I+Ax_XziEOPbW`8VO@@S>83L(pY=9Y zlCRW^gXosB#>EVa250`>P~F!XgH{+K^mS)y)e&Be(7lY!qg^g`8_4&tS0$)Q*C?;E z7P|?m@hA4)1jBGzY#VFWN*NkQKQ~$q(zRNA!Be zaRFQepEvwnwN=4m6LYzfktfmCM9!?Ux|@G06tG_;`;}Wq@_VtKi1F?-CExqQkeujN zv(zT>!1YtrfzsYjIN>6r`Fd;5FP=fSdwXct1_}1KdY)1~)5>w&hFJdpmCDsyc>a(%;)i0f=!Q^;5k!z)TFD- zWb4uQnm|(T3bC5%RoSF~Xj~h?H*90qsn}|OjwYz}?4m9z8e(r{$EUe>#? zxk8F1{%W#qrnfJb7;)!dvX*%+^$>zWpTmV~?2ME{gojB4f0PZhRQ#Tswz#?X2=x&h zQ5*HBzry)Fs;sZbyZV0fVe0`>b)KvaQy2qJT-y>V$OC|ZADdG%X|Z_9VL`jLH(PE-gz!T%p+leoq0Yz+*kanG_XaT zHxaX$nJkPJFTqdu`gsSWih2KV^3HUd`ZY=YZhfuK_6xIC-b*a+VB|WUWq#-`p-!^> ziv-uu+DeRphw*}eZl}|LPCC_edGm%~%KGuS_~s$O&$02+-qo0#rzW0UXh3=vJSQj8 zeTLRwe?Cy1z9qFRO>SefZiJ4YYzK(PRXzN(TkdP|Vp^WQL zAJ@s85s`?U{h@bct!A`{aYWojpoElohV&(9koMW2Y1I~GABpaVcknmCw0%})0P zeqbsw_+_pvk#XRSBzz?~qEI|d(cXVPCOmxPdcQ-Tuf6tmsNP}mxsp$Z=b8GT#TY8? z0YT0;4M3(NcFjh9sNRkN;a0G%#`LrlMMw|Vy^tfO@xZiT6d(#bDhBU^t>a*Y(*DC} z&>LDWay5720{IwCfIcTf&OGGzeRGXt*m^Lh5|>BZ{DyuTLdmr@uO)hxI|BOHej9BC za)BU@s6Vn)Vn!F6KvifVhH(tR#o|z&tM*+pbsNy_Q4a7_=6GUu9fJCWa-KjDGYH4; zV&v~*hKO9a4JVu?heRG1@BKIY%Y=TfYvriq`X?^CO|cp|w#~f)jo!VZFZQ7!eK~fz$iutE_D+*(`WlK)N;N?W<1}K*;^eVO z{M;%UkvcJ7+K_^|9R9_ln@^%EbFYQ#tr96`8*)y_WaI1|d&cWeII5J{WiKVBr5fev z^&BJCt5!Nb?z!LY=)RE(2Zl>yrmV!pdoAbdV_IE7KL0)c`1}2tkFKHkK3TaItt(76Zp?ma->wRBUXAD#?&(Ew+LuF+@%TW87*3&nKIdhmx zAL-nQkx9$aXrA4s#mj^vbcZG#w|sw-Et(Guzlb`${`X0a0wow4OHxv{=N(jC%_cr? z;S{E(KXmrF5(EhmZ|}jCYe}ehFQ3kPF~@f*8rzW~!(#UqSFr~RuJrt!yebk}6;252 zVcZqon)hc>^LExpDrg631Biz%Pu5$l)yEu3FGE*Draze3Q$H# z=P#PFl9jWMdaw} zjV>qEN*i-1C!7^9TmjtoTDU8;@q3{A&CK2YGC_H($T?k`ig1g5Udq>cemh(kh~7B< z=nUcF=^N`!=i5ij369{CNtHdY-jzT2Da3jX?Zd_{XpQELHSF%IQXlu)tib0Dc2jq5 zCLZj;IDFwo)x7bXvm*fSwWQEL07FQlnke^a1jlr~h~ZXIBhg@7m9)o5Tb^HMwY)z= z_N%szQGdBwTRZkRR^=7R`Ch*``{Nk#Zv0&qnizDupL_9>aL3tR*GhIp6k*eizsK5+ zaOr0PL8z=#Qhlv?u4L|yVe=wXz(eV>4{l-iz{WQrHX>!V{Fb!5O=9*uQh$-RDP- zSFpb~;O{DdL=0o*vYN_nzYDlJdXFogC+5BOzQkYU>Sx?VI5pgAV86ewU}m+bOU?fg zAY3km-}Su3E`SsCg7A?)-@C7~_dBlw{+*O-g4bVJ8MF`NzFuj4TU7|yOc{7*LxNAV z(Fn13vSgfYtHP*;8j$k~LnS4PNrrM|z5O`hM+KhB+IC3nSm&|zT(v5F-%Ijm6gbdq zc4k@Pv5T9nK{9fpJUV_lNSSQi%N3=dxbmU>;A-K)8q$q8q19^!_wG}Zs<&2u2FknO zhAi7I;#}|~paTRxpO-gOABknsPURDrPRu#cM<{;d94&1FEkBbE8rk;p>*w|wdGK)? z8_G|j+@>WDNV-CewOp@RqB_`vb*Xf|dZqmwx=HoOJnJ>Zc_gG%4CeB7ZAt|~oqI^w zGb&rQ#Ea(^u5RU_b7F$``r4hqBXMXpmx?-Nfhv0bUMD-{6FBoQ{w}=mwS#mXui9z56kAR69fgxgBw7GgwF~U_5%a!$5XOt3hKX=3B%yT6ngg>5jN;?pjFqQob%@qMdV|GlzvT(rRF*_u z$`C_8B2>|tT)@U&^QwXq?Fp>k9%x$q8d1Rn8`xJB_c>P)AM3G+ml@)xO7H_-+J|n9 zyX<|pG?(DP7iTj<7jEEs{+q+r$v8V>wy>!>EThrGlZ&VkQd?M~XP?FZ>E-1~N;0ui zqt$`Sog=Gu%THSMKuc0!oj@{;zJ?_1V2 zG}t(1us{K6Pw82%IOyUbzG9&LVmxK3D4fbwvQ^i!_`Lx0hma{)gWJd2R~~Erb^@Va zI8b;_npaJm+Iy|pIB7;>i5c`}VrfYJkYVO-gC+4xtj_Zp9L>>{tQM|{OE)1bHB1Cs zWG58k)}gm(;E>CpEmEnFr{u6^_0l&K81}$a&EH$-u>!@MNp;mQVu#4t5uI zb9Gzyh|!ULevK!;8!#vAshC@i`N-C4fb!~UN9#?pq2ipRlZ7n?NEe>l$+x2dC0C-R zo7CEU*4+}9=7^_ns#=exrLlo%to&NXJOdMZ>e6h&;N^HKpEa|N_CvH|ok#72M+bA$ zO;q3e=;({MR;!`fZxp?4Tto|TW-=S*annMslsa(FcstL@dX3z?)3WMV@W~rT3`eo# zy9kjC`TQj&n4l$r4t%jks20u732W#*@oYcW2D8Sd0N)U^qSx>`k1*lhz3j!QN@&qo z5o^lyC#dH2UJlfOUTb^LvvzrgCX#zpooKTud(p3E*I#~h|B0!oeuJ0c)nvs9S4#0d zFrZtgG2!5GO&Xv1A+7g9hu`+gCro<)6s?n|~=R{)(WIEG@_7Sc!F+tRRCfQ0GJ z-u5$_g!{G(d}xoZICJvoqT629=k3HL=IrXI1pCeMzphk{CD@y!_E2w#Xt1Bu{?H*U zjautpGEDL~##t^OJX;x)-BMn5Dcrqqg()Z*Q(k^0NxVb6^4C}9P}XFolzYBiHp399 zFkY4UE{f(O@-8G(lR33>H@xz5$u|f-5xUazcWLv<_TIIXpPUZd+&GCLWYkFIB~#jr z%2kSgSi&FcjF^}`G=D3|$}1+%gI6=}Mu|gUmsr9;yPBkWnnx>1@%2Yj58lCi(wp0* zp-TN5?O;e)hjYG`#H6;e`5^D5jTF-{TS6lX)+_bM9~0GVT8#!>VJUVt!~e^X2C!Rd z*5GXR77vwejKsIZn#+YXRvrG!(C1x_bV_B(AI~!fDjf7i!9ebN+%N)4F{Q)DoT#f#t^tJZ=T>HX-f0~uO;^UCLgT1==ilcT7+9OW z*D)W6)`NO{;NV`&U0L0OokiN1^5hvYT3gdV3RR6ZrUt9|!7u3ii_72NZ@wBa)@6Hc zMW87$(=yEEd)FsxKa8rmzOuap3amXaZ9sNOs*Wr(>lPfmO=iHw66xeUbSVn1P87?; z0^(*j+e!*u%FlSmWy$fHKyc(byyR(aAih}o4%12iQD>i++!A`}#h_Vg#f)#`!)g56 zBm(7Z)vhYh@2(Fl+sR|lbK*wL&LAlH%Igaz(h#(;XWiU;+?g~oy{Yw*#W-n^|RNG(Jx|8S8` zUM|!%P5>F(mp7DrvEKIFEgX%X5nUp0jUI8-H8A5Kan9rO$W!J9A==Pc?n zLR6$1(ts-^R(YY>{304Vs!e5R4~mED(A?ItJ0ln&_=NW~ajJHF37rzIu8IdD7AX~! zo_kBq(kW`W*6Tb9|M(`R)b8t^aB7dfpe6oMA8`8h`qM6{^DUo9@tsI@OS^bK z@DxiYH#W zYp?9bymA671-Ift^3SIU#ERe$DBwFkW<}}qlOFXF)U!q&e2SytDr#}(FHV?tAMR;) zM%CEqyXxoh6zvzM*j>_@qPXlRELl&r`{jgs`_J{YpqU_E`&e~xXOrH{*`L|_Ob3ch zU(Xs!TzrvF^f46Bf8QG^ZunKHm~wWRXomUE8BzB8T^zH)tpJXp* z{S}P7JTrUN>>5Y%RC7JFymlx9O;-`p<2{KgiG}`~{G&EIEA_t*tAG8ZaOF1im38>E z_smo4*UX}7xz+143&qm1?4bgmz_lB4x+d-*1|Joa?(6U><|h$RPu{KjNTyBzJJrc_ zQg@NGK_mC%b{czyqLu53E6pm`o_p^+wgT^mM{5qDiHV8q4=zXirH(z!|6_WB7dJSo zhD}T1fMc}3G&)b1fGo;sv3KEmOw2~oZqn@~ zi^`(pyKwc%*5VV3GH!S*ZCg_RQXo9GmY= zqr0&e6=vxJ8l#s+$DlFl4bZ=xwkuTzoo?vO!h6v)Us)yHO)Jih1p@8dROR;S5T0uu zgwWH% zRWwu(iX)J=fnTM;;0L>qZfSeLvG0(5Jv~_QhnOI zy)GOS5%Y?)vQQ6^#?-r7H~wNS{);T1@ri7lwSm5$7&p8A!TZohdJ4XA#^R4DCM>V? zO*

Z?B$wagL7SLUcrw&r#1#h-~3NZ?9%altY&PK8PWykLBq8 z=}8;75tEC7Qs?|xBWJ@7$+s)#81*QAeo{r5ja0;OxlH@5M7}>cSik>nj-DVp@OQb7u|Q?!AH(V1rhup zWIzayN2Y-f-!b=&H3i{@$lyS76XxN3?d6|f#6PX={~phoo$s{;#tB%1lM{Di%ROd#ySnqL#N3h10Bx-z#$LxhsfirsNas`6DB*+rs1K zv!3sf#$M+TStLR^7qRKPU2(FDJsMJGg*b894u&f?_HpbpZE7OZItwG0NP$G+|0zBA zR}lQugC<_4Y?2I8B)H74o2M*b&FgUEE4d?_MD+Y?ns>FT;@b8)>Wf*{=ew%e_ss0d zbY6Zs>P$*{#;}m*BAaFyY{}jQ)*Gfkn@poeI_V*sO6FysDK|2SNpehJ_Tmhh6o)FR zbJD;0)PLex{VPyxX9GIwiI>Tu!`#{#e{vMe@x6>X8f~MjvbpLP5&Z-mCG=2ng))!E zH@`bH1}arqJrYHqtZWbgA&?B3J?5*VT zpuaN%8E^q8FS-J5f+NEC>x*qcuyGl&XkN@R++L-}$|vIyb!RtyGSGM(Aa!g4#|ipE zJ%duaaL`yczy+H#!E+^AF?k$%pM|D^PB$bWfh{*uZQwqqJrune7J(zC1XR#*fQ~MX zKLUn3q7uHq3ev&Ik&OvaL|ZIxJJ@^;Xti7dl?zWAl_M?t#a(94PQG<~bHa7#ftQ0K zeZyFUBH^Y1^^%_)z9Utc5gMjuS!&J#=2h;58|pX4R1QPmL*xo`uR=bMwG-6AQPWW` z5do3*_9@r{#y(*}H0Ue;wG96>e}8XS{%E8XxbW ztq7%g5;b$<)}hd&tDs5{sudI`0SMQe=Y{7%{7inQbu+V z&FnKq9r1#Wn%Ie->e5Rs7afM(CZlCIY4s4}j)c#Z=-Vj(TeVVLD&GqvYO|Jk)V!3d zOLq|t3&|xrex`?J^2|Qd0<+Ge#rN9dSr}x(l_YufK76E5x778G@uPZXDH9>xH#hZY z?$rl41-$5t5Y1aE9U|7gSp#Rc_S%Qv+PLjC`JeyNFd}1MYDkf=d=gzk#dndiR&ro9 zz~yv$&Zu0~fr+atGf&uGWa8r(SU;zXm&ht3dlr#TB%Zd7Q#2U+_I>AQEBmN|+M4n* zgrc+{+;8reQ2jXJF`J*nN3wYAZ+lpgJi1dgk52+W+pjgz5^b_L-}63lKbzFhm}8HQ zZZz88sWw1#_-yI0`+LPg5IlD|1eI{5`nm+C=ZJU$XqomUL)XadOHoJ4xZ;_dM&4TK z&@<{0P%M*AEnAz29q-ms4+p!SXoo>ChtU~u52xL?NYL`l0rQzNh|C!X)B0fS#>J$P z;#*^vB*SIEWhhTTK{n47=rnT&%n$B}`m%X%FwO%&(Jcr4io&%S=UbZ=3g;1M8u-`9D)5jY5FG(3Ne!brXD( z5Hp~(OVcUE*m~x{#FK`(nBmMwm%ZlHwl}jtPoDOLCobLRZpnKQSLtGGIgkTx&7gCv zb;Ci<8*MiY>W+I8mITj%XR!zDB!NsJXuu^6E_LpD50u*5GrlbOoXp2!`SA@E4w0H45E~1+UoIVNw=U_i62*Rww(TXOLa{sE z%5tzIryuP9msCY9nEr6?yWg-B_TawBxryNZ~_fkgJX z>uM<5E>ic={O$*U0PvLLmdu#?eirIeEPW?yI87y(YH-lb-MMG6e77yrYFduNn&Aq= z;O=|KF_3x)(VyM~{b?WOZNw?-e^l=6rVu<8BP?qe?5R)w#znn;q^+KGO ztWk(*f(+YSnwqcIY@*?cEv7=)2H!wM<@wwGC{`ujedZiuW1XTFC;t7CM6jAZ*jnV% znkvzEB+JSUTn=*|yqy9Bbg7|ssLL7V)@-gv#dcIMflLqa!OEg3b%OnzL(TV^dA7u~ zkx6WYIU``GYTCFpRpoc#3XA zAlUP8=C>bKndsHA#qgJf!lhSFsV3E49x#hNz;rf6Rsg6cnQn8`Q)RL;jrvlZ`#V+V zBU|ZD)gs<7p%xlFY?}*y8Ql<(BHseGap(OtmpjPB=YK`KV{|%4d2Ca;(Z7Wsm3yys z?s|ui8f|2o<^=iC6$pk2U4l6^bJ$Xu8^Y`)EyRX!)QF)1a#);;AG{jJJWBt5wgvfe zO5m}kWx1@!_#cvze>_T)cKV*mJi()kV@QS0;MF zoBPvQt5`^e^Y$}~@LCxqF+v~Dti2z<3Gv*>4tny0EOcnzh5rWYbecN&xcrX4>_f}Q ziH<1GAYpjAm^QU^A*ugq4*ILZ#6wDJe`E^3Nf+8VjokVgx3$djY)7B>``x3h}<`h3I;xilj# z7$m}o0FYQ1Y`-Y_nevN7O(B^Mrpj_uqryjJ8tsdzIVinxe)cO^G7X1W+M#PeZoYyH!!qUxt)OC8*LW|UhKM$Yxju;?4{e?!|F(s*;2=vH*s)e3^K0X#*8~4o8lV% zib>;A;Pl+uB#pzFC%9&5t;n=z{2-E@wZ@7zgP)AeQA?}}lam%CW*I2}v{iNI81%Lj z%F0cr1T^t}rGb6nkJt{CFSRB1@SRyuB5VN(GYsn1P1!k^!eZ;*wm+;ABWUUUClLpo z2GGfxqn*jyJ0V<_vbIopugarZB;XXm+;jk8K(uE-Oe3OIOMFe4CUDEvVHWdF_4uTU z%RjA<$1?XQ3b=zTCq2@YzNaN#O-nqPw!tOr`#Ah|x^GS8Ku!ue*j3k}*8#cSg9k*E zeg|Ay6}U95mFz^F2ApH4z5^3Z{zi_zSp{QZPo}IIqoGryY~9n9kesa`5LUW3bhJ+B6jKn$g%G7salG0=GDz@Ae?2pHQr@Si=~ z&~dck=s!i%LuUa*a0D; z^cMYJ`nwhj5i2z_D8}4d0n|PPt{nH=!CK~m!QBF^wZA%?4agw*y4wVWw05ys>za!M z*ztVxwWFozM8^qz;EpTW6e0C`v4_?SRio#&K+q5ZVPvFD@TVz%i~=91hS|Z3abK@9 z>Q&drJaCluYqp6V%AK11WIDKnZOs+kQ5sgdfs3WC8#bpj1?;6u+e0bvvf~3N$L1AFT3G-g&@6H!H1(<*XOUF!2?{Z;VXa%!lf zg@)0^HvQL+3K-cuaSvg*2X_k)D;tE)#(UuQ`o=gtFIh|WCJu@6CZ+2QoEc)IERIeu0G&qg8fUNGQK`$79GA@*YtvJqS2Cm9RM)6}kdHim{ zmFyAcPPwh&Q*NYR2&owfG<<1BmwIUl&3t zj(5u6t^2b_wx_*nam%#b+xO_JCpV&6Zo|b^d5+&Cb->FnqVYhe;>w=S0H4HnhN~(H zou5TSpL`|(JC_YyL1WY{1RCZbBi*wTJjX@gwel2DbU6CYhA9mEK{`GvS^19NFxSgm z(&V08b6d3P4jrg}6Tb00JdZPNU)~z;Ss9%@rWIS8#Bn%|tG*eP-G5gEdSjZgb7W+D zv?<}h%(~2182AtIP@CT;o5u9|a2y*|tqOKRG45x*V)65$&)Ve&%Gn5M1yq6{hLTTv z{}BXZy5OI9+eNSbw}s-I{H`?Q`|U^kOJr{q{DV>LE}z$XOwHJ}uC0Wr6sje{JCka* z2wU5ZSyc!B7~S;^9d$r_D)Bxm!j_RqLtI{p&aeH`Xvy3}Y=Y5AW03_Pe>=rq$T_N$ zhJFP#IqskJfuaZC+zXSym0b~vdWpCdo>hmjY0`?d{i}MzzlKcaCL&ol`fAMQ@o5b` zy|aj=#Ky*>Oz>1Je5#0?JsT9r*&~7mTcE|kvj+dnPL}P;_U9%xA>Yd^ zD~9DyROWxno`0k6iJizVT4sf??D!~+%KLnG?2ToFJ+$?JOY2|b^dI2uo$I;GQJ9;s zFX30d?Y!aH%xw$mEP$2ISsu;)M?0xKVTf1DcvI`w->+wbne%c2e}a-rTSJA2jY&Ub zi-9yvmRW!!3a)mJyn6Fz_T7I3u-L2NO@Gzn_ysLDuChR*mrqWRp}$>|M-aiJsF9wkSVyz9fR2+v+BbFVCZp8eu>g5z5VkaCYuAyan9{MBUGL~B(t(X7+I zchrAR?7#igqzr3kG31`a@1>Nyy-(1HclaBF)@oHV{Bt!Y-;yR*2y=dMR zh8Pp$MZs+r3B}MH?ZWs5V6-e?1W_quZ`2*|12Ds}A;72r_O^~jcJSxu>0L?MJbYc_AZCAaY2%}|zs|jBtIg$CbmPJn9qiG6JhYLOB=Y*zzAihTrCB7~dJMb`zUGf!pG!qyaC z{LRemF%5_Jzp2AQPqnjW3$|V88Z%t|M9f0(yqO3=zVc1vgAbazj|I!i8JKg=-6l_l z*~#I+{_V-hfB-39$_jOMvR^^&?K-qK97NYjL+7HmcLk~4Nz6eqC^MTZ5UiQ-FF08K zt{4*(2m8s)yh?+6=Pi{uk6{CiCUxgfPShr=o6Hr(B1V?lYh&w8$Q$;Y z=^BRslfm`>>+2!5V}+Z*W>E@P&&_*_%!TLw)&oK~`nA2&m71KyU=FkPl0{#aJf--z z=cH*mj8Feffv_EuF`w%QbnrQHdo!H--}!p~m(5-mW3C7mOnlS+56vF3-V428y=N{q z;=?bp$b@C7r!|9Pj;1QCznQ~|;(vE9WS5|9;tN9b`r*K&rPs3P`|z&&y{^F98mKVc zABeL60m7;STvmXr60uMmmtjzvD`eH(Q2m<`AQKMmahVx2$mh=Nj+l1PM$2$j4R>Kb zgY?+1``NQ+ix}6Dmqu6C$$eC+_dtWue>*S!Ej0NI(Vgv;NxN!n7fgwDeSUdsup)kA z?D5wxV6g64U??&-WZuc5A!_VSD#~5;QL(Nb;OLTGyKsJH^=R>UgD(?Z1O1HPb|}>d zM*@2mNrn1Qs{3oRiW6{4K1cVm0Sb0!OuoJjhN65klnuAta>00c8qAD%jVkq^sp-CQ zxQK8H2nb|TkwstL_uJF+KR>k3TYBVq*Ai?a-~vEAWHox2HpO{~3!XP#zgiVNe^zK( zAKe}~a$-0UxEoEyBMn+S)ig`ubLP&eOD6-sD);IRdnKc3dsCyNOAMB>TG){-%^=z} zo?+voGO#|ODbK=*xTJpudT}J!C8!~eYbB`9PznE7X$Mt%Js`V2qgVN>((-nc5<|j> z+70Gszb)VMk&{{F3E=G4_uydGsaAdL#%7rR=EJtr%D;B{E#$JiNSN zP$EqEWeyad<(|Z+eU(fQ<K$ zhOp~w-$}5&N_qQevGKZw#-ZZZj4vr6Md3JdMos8t1ivA-{D}v0KN$30A%}C2HjL7# zr2oq66CNhra-X&z2NJBhm2Sjdbgm%}Vd&zGiI#Xis1=3yvAGrT79L#E7s8?wc}g%) z>_4-WP<7FVXd*ti)%cv_3A+WI?X%8~&R0pCM%tUN+^b@)bwymK^I%lAEw;7|NOiev zt$O)Lx4r=#z3trLU~Pp%!KW@OJRKz@SjQXv^lEdwx0d4;VZG=kxD+ea>{)FdT{z^J z;DgNx9jh%5&#yKt+bAFAedEg1o<(aIn&lwKV`xGpHTdy7|Z0diZW zD$<|wj2Uxi_hI;RHt?fid&_Id*^K~v(^6mCE%jIQFWy}Gv2Y_et2yu3oXDU}VMT-B z7Cs#_=(suVp4ZuhH!3$b{GmWo)T|U+)+R}nBH32C1sc2xgy?Oz;E@`BL&=M=e4*}f z0u(HVox!&4g=_iY?T_2}(7*cI;wnW-gZ909dd<6`-cf)Bx9=05z-0O-D-bO?igHQ@ znpER2-SoFO91O*gIu>A7*e#6K9-wIg>XhOi-+zF+_kF}*$>d8OglEY+11-T`FCOoK zKVesQ+43Cte;9kqu&BE)YFGq8q(n+YKv0lQDQOXrE;A8X$ls6|-=cL#egTwDnB)#M)m-brYsU=uYS{4w?8H&*DnuSOVo{>^AbE+;@N z2&NHr%_on2Y$L5!BP)e-M?oq?iKwlh^Kb3~e8)yA-84i=ReT?|285&tqDp8xpV2^J z6Wm`q_W<-)S-k3h1)!xsBJ0iYgZw{N2Zm}~Dkq#32}D4fB~_rFTvjt(gx3vEI(PA$A9`gW?ESQ$9>B2PXIE%MH zJIWp)#44Lq>K4s{78r4)xnQa!yHa_({osZ*CwPbwpiI~jtUUp4nNIq4C4otNkdQKj zikc&kK)YDf)`tpIc5~HM0StZ=hEkI7fotmr9CF&}OEBj- z;a0y(TM6{wY5)iS(d$rp0!j`?&^rAF&P;u~YpZ}Y^9I-*I0A^+_>9mVKJDWPW~)xy z^{ZyxmNDJ84bUond)P{*+8P0P%BwzmU+LT8vcUvN^(&(@VTQGe5u-KG;8{W%`=0Aa zZ-B1a>xPqGMH9exW(BEZPUHqSMjhJuCS9wS7h9JTKsjWKgT}E~yYM!Hds8CWT;m|f zWhy~Puif%Ftle?AYzQQvdTe(n1h|5SfTq(L(SVLEs-krrWq7sW;IMQ$;(*!gR%gi=Rh>{H40jpA_{gN*$!9D zGGp+@h@%OC1j}P-QnrnEo=258B+GHGK^R)EEwZqX9OIF{OTP{WtfydgH(alz@hzN&Rgg5&LgXvzJj9uBn!{#9%CLyx;WX9^iNv+};hk;YgW_F$6bZm`xp;vjS{#<+Glnt z`286@{4T36Mt~?_>oHjDp93P6)RZvHt6I=xm;^)`+FF^TZM-~H;U`X;U?r9`01t$A z1qe{-gxAizConraB00mbQQ1vX-mZSP2mRtV7T5&ZNW?F2NY4T5k2z-5)Vrs65kNA2 zC{}^#5TFX<7%`K2&|B@O9aa(LtPhIK=@mrv{5V5*?`*}WJZ6QDKLT!HZh+F%F{|mv z=9+%_=gFtsie%Ij?bTsY{HsSk&Wl-?rUVr$4!*Zp`3fRu);A>H*cR27t^xlf=b{gc z!yq4?$QPP+*>c;AI$Aqexm7upJ2}agmmfWm*Kv&^A&7*26A*@nd)RKltkT1Ff$)8+ zx+GYgCDFHh)O7JithJ+n(F)69u;dw*ikU3q^y)2`e|ir#6Dt7yf7xSb`7e(6%4uQ?TTDT?trJ#ijh=7S_81N7lPryI z;v72yhu5TQ64(`!b2EKl+D*p;UqMYcePM4m?NSW>(?WMZfqcTm_6Pmh3|^HIF|3H& zYnGrF&FPUt@Ml-cfvEX2oKI8!Z({6CKjJ4KMnGOYiggD4f}8A!H!DMJ-bb^+n?S3> zC79M#=hhwal;SoT3WuD0Y`pqt(oJ0m<1}~buKSE1-UP63x_Nn5{OudNE_}&+jX|H& zjiv1#dvQFWe~w<+Iw&nH$i8|p&Yh+bG`hx8fEh{2`(I(y{ARNBRZCdDqq#(sk@-wH zj82S%I)U%`V4q@4=amGtqpShT**>oTOj=1^xO)X@Wdq`=o&#}+;Y8d`)D#r_$X;R0 zP~@iP^r;cQ7e(t?C} zs6%_mv#Q`K??46? z+oqvgu#kMd=uiBLulUMB6to3POZubwzzn;XcIq85cgKA41Mpm#rqVMj9A}?Yu4E^* zA9gmg1q zGF)h&Mly0Qt1Q;#rrLz;P8_Chm`(e7axbPQ|4X#X^Mv)+Npx$18;K!G z?moX0ENjdo#Ni3UK)bYi1JG;>fq6^sCKz4?S6%+{s+%}Jzsh*uv`*0vX7!a@f06%T zLX_p76fj7G6%U~>T00-ZtWlq1#uqr$E+>)#38@sV>k(TVFx?RxwpZ7T^OJnL|R!Lq4lMK}Qg$nl1s4xy! zGI!qmc~hPbw*f<kO4EpACXn=l`%JWyEql9 z9v1fIpPQgcbRFu~rnV;TcLmv}aXGCOjEhgPaaQXF6R<7n*glv2l2NLX*l@blFb(*I z4~TDsC;@vEQ=U;w_Du=v6P_n@1LircoB4C9ahLz@Kl{daSj2H@amGF#;H*JagYv4C zh+aZ$s+kDu1o5ou5Tl`SL%*uMN%%YYqJDyn^WxnE-B3lZApWt@B`_oJ1SSw&*X@9+ z111U~70YamxlV5`uFQpUyJC#toKJyYqa#Rdz0vwqn2k6a5B}=8Y$QqL zXM5n#F6C6J7i<=X$LRQukp!bW-XBpWIR#FGw%XKI9R*GoFg+P*v(9J~fE_SYbRg*#%zZ3_Ui za7Q3EWE=Z1)#G;p>`5u`#f1+5}a8SW!_O8quok)pB+? zq{v+j4icg27U5m;1QUT(;OeBH1-rq@$54RDwLqHsVcs9Y#A15f0gQJhfjX{1gU|V# zTyfuC*Tb~dxa@os;C2n{FArKYDTXM;g%yINaGc%mK7At9L+DRI+lr9~Y=(bzwBEbA z5r%n*iNa1_JU71D7utUA<6RxHOslT%=7hp2bUa^JJTd!sUv{i)0`4;?U+nC3tph2v z9gBV(B!V{Z{KWos^U|o^wvxfLSy;T4Hp#kjRZg9Hkn*UGS_lf$j8 zY^8*`DvG=0e)S-Kt^qV0{sW&O`G+Dp>Z`-wRM*`Aqh%9h^sb|}PhJ|3Kg61OLO z>wGH9bW{y6r@1-|=syYOCaHqkmXILMN?aVxmpD@uI)OPdE_iM^@Bpj%i3M!)Wi`%CNblN#!qX{c7NjD5BB=hUh1N!vcM66r*OC^yNoz2)@25S+|uU z95^4GKi;RAy8!;~KTmYb;YoG1Kqbl=2%*{k4(_hDH%x*-BtkjX^UIn$Fo!JuF64V> zD|9IR&1+yy`anVaqa!PoHR3T+B>!d#a9Z4~Y&b9YF*$cfKXVeO5@UvAyZG5Cn1uMa zo*+MgY;7HmvacmH?jxcT8wFmZtn&QxJ(?D8fr-EbaE+MYuv>c=+6zwfBopAglHh00VM&VV;<@>D2|m1LWK=KnMsA-MyQ;9Y8^L62OcU>{dH;{rBa< z!(szXWXvmWLenzP50^JP)wxud;lW#L42M<%-_9K2N0=k+Kx}b6RrXY&L|+4 z_Hr85`~>NLKLAMtSa>NC((eVV#cJzyHA&{boNaWqvn{C59w_o9Lr9I*5bZQ8ki+B4 zkZE3rvcB8~RRfr;4TBOC0vM@8N%p*%7CwSaa(C3;p;ur;Y0+;3eUqM;M;}`8%S>{I z==@KBqJ1ajscEr#MK}8arZ)f2k5uqOOhTf8lg~H|mVAYao@m!grav$V8x!~!g|4o& zzxXlW_cWF=4yegyfBx;eOj&I&uh%fJVLswk5u2oYiV@sSs?G_0o$|F|d3jFa_1c@u z*8L5X&<-BEOi}%Lq32r6VvOgH$J{P!dz+iux{%lfBe@!IOv@plS$|LkH2%bXPtWKe z$TzsBOAP+|#{PHbQtbCI7X>CcDxZUTsPct{%`8jJEIXg+8vkXZD@4OWuceDI#+YwU z9}^57)A?bV5?a;C)w0 zzx?-)`15OWSi$#ykuQ}J*a1Ie`xFVLQ62bY@Z4F26_7C!!}0DiB~g8Xl86Z4&ivdk1$|9K=wiwObY{%sAq%_l^sh34r|Eu}3zixUQTXTkcVxl)_{3P? z{+Gw24d(k5jNcvqy#NZ*s9I7U_chtlvgiwJS8x1Qn9m_ruD1jF=k^x9N`qG9vP^uKyPSHLRN z5c%i2{9K>U1Rwq&`(|?%sf99K4SD!o{l-&|TLKEiEPT+)O`Ag1{zddtwzcDh&r7xT zDWZxA-#KiYIsPK~R^tMvO01&N=09*?IuRxT)?^k?@M9@@{s{96HcED=CdTvL^pkzh zUlI}*9rdZscSIySuMpk+?VHb%?~HXX-jz9_}}&>`R%9 zy5zrC{p}A3^M7AG|E?JDuQ_qxj&qqOx(dZsGKB8^Er!P*z_*#d&;@IN#Ge z#1s$C>G|+Qf9s~xa!M#!6%R1Z@zf6d{WT(yJhL0pb42Pw1U3AE^D#*!G6kpp6C!%T~+nor!^au(-P8ZYl8WS@VrF0uzV!fDyHM& z(w5iw&*m{1yNNkN=RSP?b;Wlqvj&p?N#mXk_3K?x@Ma6x|A&+Z(bzj;<_J6i{+T2_ zVf`&-0t58dfR5H+0f19_Q!Co&0RZfVDd9kgnpe9Rr*Bi3gMpCTfGGf`z-<-Bn10`c zf{EcxJjo+J6d0G81pb{gl6jS4y*O46C4pP`qJ7=YvqR7V`E@=|fB9Skj4X2pqcL2h z8VBz+{jPKPTPIL3w=U*TLMU9k&i6;$Z1YQkk|exq)+TG+l3L$)#RHH>Q1jw=cc~UI z!v+f~jXJbh`nqQT-q4Cr1ZjEc+H^w$@IXqGq1B_rLo9)6h?+fN{0P$>acjCpMXq-b zGhH}e`l$_!tVm9}Y)wt#YApj>m9uZ6fM7nUXIl`vMz@6k=oIP?=Qy#tt(D878W{gZ zpIUv!0N{s`m%EZ(KfX|@N*r5o41)?W&AsXL2)M7XDju(c(XS5>jF(BYqazkmmp_Tb zC?>4*ZldU|UULKO;#bFI7~su?bgTSPpb1ODoVPnt*HXZf-b{KO6fRu0PCpXQ+B~n4 z<;Tqe6Y$B|VEWDa-IT4-%o;tI-zzM5H2v~?#+Kha(8qScz`X2H`L1R#&8c(~Cs1ux zgJG+C6=!-~14iL@1lYrW@S7oG4X2Y^H&~sffQk-=KJk5P9%we8W+$rv;saqO z+Z;fuBny`?pG)kK4$yCm6s09Svex*0^gUTnh@Z4zo#BKPGwX-4h*36!gHE|ZtRt8Y z+XUt+PMG=llg#h1z4Ry?H6L}M^Lh#Ll!k+fqPDH90fT-F#twivx(KrE9qg(5-E%qn z$?^iTzibV9OC(QLtB~r+je!0zA3+YFqW$!Tuz4^`QH|-x_!vd_nDERkGoM5@9QQih zJt4@kbr(9_iqQLU%8GrOsiqzLWEV6SfAhGqzwJpD8ODIgI~@*IR6Gss5-P~MPsR<1 zj_y08EBWs@R@zU7gbXoHWYEgie`yH5*!})3HE~SU=EWBB zc!L%8ExFdUxz?dHZ6z%oWJIMd|4(vR&VP0Afib=>?fK|l(lpDggD(B2==qUKapSjd z4n(s$%`^-zZ{p46{vst}Q5;N%le_f1zQiS=GYG+Ltq6IW5V#8tRVEeNN7Tk4xCa8U z_w|Z<7q24+=d^A)h%d@BTFX%lwiq`?JI<ENw+aspbR2!K*&j0M(PPb_Y{=A?|tANmiyz z0;-{LFXJ2*ywxQ$0-lC&eJ>4|it*8Z4JNW6ClUEq;=aiCs{L&8^q2*0G#P2%i(bb4 z-(dJ<=SN$^?v(A|`?tjo@7~Y>r2o5Eq^c}xUSXGt?(J8XuU zRhKF{V*b5a{dOv?+>zfig0L)J^Y#a5a@Ja(+Xsi337Zf~{+Mmh42<}>qsas<{FGN= zyaiT1FJ2hKZhPy&4;ohApJLWIBZE&~_qJ%g+xUE?n;R81a168}tkfF@+hys^+aL{e zkZKku_@|1*mha4B2a0)6&E52GpAdf4G9l3oO?Z8CCcc|8y{V8*hb#pI5(YC zGrCOP-#nauc49Y;vroUZ`~|Pu?D?y1Vwc7~hEcaPZb{!35_Fz8ZIo6+}w}+R>4~oD;6dD@l}|*5$I!Y z#yjo(@?tH$H}IZ&uKi0NP=CMWrOiIJN=p0?$A&kjXx~Csd`SNRAX2+EQ1&0@-;Th3j@J22{iy$_xFw3kA7;@35}&V`>0=j48TD>){|yIb;ft} z<+`%Ob-`V@)+eXamqvQUCeqgHqa|J5Je~l{d+q<#ZiZa<5vyz*qe2t}u3^E+h)>{j z6e7DPCo+J0zuv05`&G<*)c$u$zNeJQ(Zyd22T%eq@)`r>NMrb$Aie zaFF7+XBtiIVb)D+Q4(_V7YvKt&9*k2<3pPQhnhvx)u*1K2u=r)sD;-*Zy+IfDqA)Ao6iGm0N39PaBx_?_nCqloOzmz5ZH1&u(WJ0r=k5Q_& zlV10u0;eim$pXLG2@B2qLSiTUEf{Rq$MLJfg!*_#QxO^ASeD|ioM9Zw71z1*RQ2SO zP>c)(N6$pgol(XG6=*pN7rs8KT9)aM68UoNC+`-ipfVN|{B)wG7w_o>ihHFbhw0#- z@?3P`I}3(o&>kCqbaQck9)84r?a;w5glSQNoX0u#n%syoPW;2$G|~+H^xd*?c8XB~ zTR1NZPW|K?rvi)AVA?*qblu*Eo`X!1&>xUVu3Q5$s3>xMl0I4lO6+(1PI$vW*#aM~ z8*k-?ZauO~h)xNW8b6OniPO3@@VUi6)nY#{*Lco4)^(Ko^C<)g2%C~QDUQ!k%v;lgpIW8bMF^nyeIvC-lQ+16Jp zn&go8hYj!Ye+3vkzpYP~zF?Hxa@>92jWqtp_fJ2K&x(2hf8e|zqKBy0Ue0^~fH0}!mohehBXd&gHNVqafrD5&^ zabz>aYL0{KFSx%>`uBsJr_WkH!XvdwhQ`O7Exxv~v-JCU47TVQnqSNsbcvGgG^3-5 zf=8^kir-dL%MMRpcU#=+hWh?Oe%0&ja)d6*sMh!q~-U)_)Dx4>fls zG+HY)AfDChPk2E_x8}yQVXK{(Ag6oo&v8k6ObshJ?rW*~Mkyz9-dKLbqcVR=wp8wB zm9=$I?hgII^ck2G9$NP$O?Je`ohNc6Bzc@{ksyhVc2A$GRke4dx(7Ar=?@Th4S(>w zi|v?C;(BpZN$LzE!~17}y%c~tiCD*>5SXgf*%i(DPt{rw*Erz0^m%(^Fya~O%|$1B z*j)zM?C-mjarR!W_FBFdt}YcC7LP%vAO`C}{VIp$7qJKrTVJC!zgu{Ix5LcuEwc|U z>=dI%Y_Hc(E6q0l(nWWM|ONXp(WM)$`r!FRK9C3O3-AwSPW59$+(`r6BC6 zPO<@AruB1;RM4|}DYL;PLN4->@qTkf9mhPQQ_w{579IpUvt(HsFk&vBoCb?MJ1!`n zmXl?My=1x5f@W=2^bG!$*UOoB@vMq{N!+Oaf(;cJ`9$HqFiSXGzA?_&w-0LzTaSE) zVj=&@(;U?imOHL}naOZoWeJ+p{`Rs85E?csZFyh~u1>?mw<6J1pkuOjO^NOUxZFqs9BVfZC)HuNq@LzF99kfCJqG*1#X9)l9DH$6&*`N z`OJj$Dz?Q@u(49QseVQsr)6<5*6?x|mGO~D#`PHW(I7n3B*wk4S3}Jr{Sn}X58*#d zjtn3eE0)>@bOZqcf*7CVH;pDgqMLGK@n$g-&*dOocNnuX7=j|$!SU9W_e#mayeju8 zRc5HNXXL`~>Yj9|`rL9LGYf3{Z2f_tzmvdt!F-1kI!F(>MhN6U!i96>2VMO^v7>Lt zoanPbVz^yFH(cU!r>@NF{2P{jU})yE~JLflw*$Lf@czt68Koo+=fb)+OWzHocu z2oE7d`4sqzQ*pmBGrMI65~E?AXFLsSg|&$u?3L?{{6in1hNE!|=fy}$g$8ai_`Yy~0gMCKW7zk(aQ*-1oQ|2_aZ6#QLstHQHp(MlYNs80}g~HR>}cVji_Is%&R? z1sshXsnL;=T&Vq)!J~LMgX@wrgnisnwH{Eq!LFmIEJ%mqLdjCu>wZ2EU_;#JRLQEA z7W=ipJzb!?m@#pH<06trs3UlgxF5DcjVw`2~tA zHi^y|VZ$H#^L6+Atr`PrQo6HuFSYgOJ3>!BT!;_hLijy-`Vm@na`DJHThi*{f_vi( zc7to|?-@93S)=k9UgxOxEa~25A#)!C2GG8?^{=Kfd5cS_l-cudnXLzSHPWB->s%*- zVg>j}wsU)t%!&aOts}aVs*M6@rI?GMxL+OGHVx&I>)ny{3#IUz+AajZ$zAU3ib(7* zCUuha+wY-DITs}n{wIFC#!)pUEiw&nv@KXEw;TgVL>$|NJ4@4h@~3q-44LL_eq*70 zx8dgAEZo|B(@(2Wy9vi1eO#7lwd}{cSMY+G+r^j*NHRWIP6Z*j&vr$2CCFci9O^g> zMzmGMp4SYx&IlUlWxSX4$s~(TFsJb)_H((vAs!(@f`~?@>Uij#R`gnKm%hGx^a68y0E3gynvKA1vyk74#SxVtijb$z~_UX2+)p3(q z3|klO?{ULfJqGxGf5+pI1OOqf66!Qz+K=GVSb7h0imZZD1kpYJtZOiiJb_2LrOBLB z_A5tw{DbBvG%W-vJ1+F~&cw7jFp}e0aW8d9fzc?Bef{z87Y%Cg*$3Q|4(m8Crljx* z6vL(^W$0?3n>46&G_!F<`^NPVT8C%B%G zB&nE|w6w%^f)LG&c`y*6x-UbZvAspIs*Wqeho(c+bAJ0E>QMS+sK%=M9%VC&zqmOg zAtF5EYcik7u-`V6nk2B-^F`+sss(-&F8lq$h{vlr7IS6ErT*?}zGvI(4h?mB2}jph zC(AfX>`NDLjeSwvoff;y1>Wg2(+Fxxa+U~RT*;pvo+hQALgec`&z_x{lIXcMmX$*p z3r+_rpd-aMJ7o_dy%;VRr^?920oOu-V9TyMin&4j8husl^j+zT|~opRcbSK|I=lrXHOpO@I|KiN?S`a&!OfN@;h6o>f!4KBX3=1?Yu8jaA4 z6-u(pE5^+lscX?=mif^oDm<3s$+i;twVg?>Us9V>7h8&8J*n4i~N^iZtk8osIt*jT?mej zj|`Lz{>dP(_Xooiw>q&~rCM7%$z#TPu(ZZmhxb&2URg z2_N#7=Ojz-*!GJbDs7ympL2bwTJ6r8UL*xw5|6qCy?+`E<2aaV1fuzs z`~&)i?AL|stN`piz+=);%l%Das-vh&@?%0kfJc zO+>1NpHSh9+gqe+squQlEER&*rz&2lIM@&;*jLB9$&7&fs$HG?Z&f6O2$rvO9dFju znHc*40^gQqp&jd9s?&_kB8RiG$8Cu|z*5snrmLN?#w#KG>>=Oa=--9Ka^^VK$W`1# zd)9c1ROj?!11a^P99mz?C()KBaR4+TlK-fTd zN=6DNJiWnik)BF0^nnT?1eA!S@R6k)ua&r*cCh)%@}E%pX0-gi*39vZ>jZKgg0qN? z9(^0u6_YP`#d-0UP!e%xLgjLMo!NMTs<8R&O_zoD1YB0y*+;RqB9M->M!93Z=$w?C z-8F~j%sOWN6#Q^q1|fIcELx81qi4jiypj%2Hn1m0uercT^l^C;u5sm%#N)^c!wF5_ z6Yl_J=m1%gTD4G1_$P}=X|e5ynrnelRV~eQqv-WFUse4?kq69@>+y|JBl3i4e-H*3Z7w2xGHaQO6+tDT<(UXil zGEc)_#9z!>ZaTn&Ttlddxl6LAES4*J+*Qj~hcg6E2Y*pQ@);&JKbq8b?u#Kc9hbOr z^4aPX2&%0f(Z;o>gj7DC1{|804?%5i^#nVGZB;imSjgux_H0jGK7NCR);)HJy}}^( zTzUi-a6-3YhLj6X20^IAJ`NID_#6ML{8e-PzH+DM%sQsc?|Iu_Wk`tJPABmmxBgb4 z7SyIgYJNwj(d+X3P@jyeYY1_@_-x!s1ZJuxG3FpsYaTlug_Aci^Lf$cH}&=f{QOn< z{%ry?6}%0)6G_({@t?REM#a5P4a?}W7G^Eo^S=q3dwsZ|mf$Ko=k6w)eN|DE@z~%^ zc&NwIgh={iDzqe9nRjztxof~uoG60iVxTg3ND|>Ff+-f&s*t5j6fyCY8E#gb)90`b zq`r<|%NbU8EN#rNc;A6I5S83hl4Z{B*y=8|zsGet$dP};bn_G6(Yy+~oPJIAQ1pha ze%40hHI4%Z^#&PlZrfk@^R{$$Wiv$+#|jM-ylGG7pBx-!+zYwj7`O24Sv{=QrHgM^ zEH_m8%zb~{O*HL8{Vl{YXmupjmEAOsifHXrTS8zEK0bRi)4z3QBBnc9`VE6&1ZJo^ z2aqRV3QYXNyknaE8ASmti)NE6H5D0jU&0OkEjoOD|Qv?JSF|GS?udlb> zf^oW!b{P_$Y@_Jnb0p9AhGVujw9Q=A!jCpa=B{HqkGh{@sgFx_A%F~jF{O6q`T{BQ zRmah;+Aj(eC33s;i_&^Lk$apgCXot#@sTCLv^;aR($jkW{cL*z515g+>x=BnATre@ z#);n3@gwqtRi06|ud1%>tCR!s@I1nffqGmeeB@ z-gp}>jOld$>!QDNSds3AUmGi;Q=UVt^7yL#Vw~x=|F4qEvn5Hv8uuuF$aEU)c~X9{ zhq}Gt(*-!;7usUur^hkfuAWzD90pHyS$38RtmEky9?7zuk z&1OjCjK)el@PF&HRs9rmj#Vfx^EWN%0PUjHXv`6t+9+VgS`G8_7vxRW{! z+Ui^u%7n(TjP`WNjsAD7RM-7v9pPkfZ@)RZMO-1HQ%jxV5+?>brGqbLEu3dhRtWLd zz8W9Q2WwqeHsl{X+_W3eDL)uC@kKp0IX@ohp}IVWOpbY>sp9fQjlSBO?NIC!EjA&p zWvS`A&3163&hEfwXYDH4(zQs}`s3KwNJc=Gkat!AReJ73<2=rNG|aru>NdzHb$HNo zhVxp<2*n5Gw4D_}w{t!F>J_{i*?Y;j58IFzUkz5a{aTdA=}=$iy3^=Oe`LRdisMK1 z6ICyY#|7t~NLL;hgiCg}9b`b=Gi>eFdf-?)WBxlMxrS!$)_2#1vCXeuHkye-WQ}h$ z*m^H?eK_*UGDNiUTgdr#(pg~_4}A0yLEI(bSTCy|ZV>;P7WZlqX1Z;V*=OE^Mg2sZ zmYTTVu51`RjSSQ)uMVpeNYSN>e5hkkey)0%I1jDbpB{AO@JBmL<3Hy={qI_??s+}(UkW{65mr#2Lr}X$-?JQN~HFMkZlTUX3 zY7RV`=6BQ{ZU~F-#5*?$5?$;N`!$D(^L)d}`$;&REneVVv0+j%Z&Qv1)Qig)+vZKm z@gu+g*k4LyD(|6ZAvkD}`JEs>@1M*lSA8xesdUPVi(u=1utwiqwEwc(O|qq8pA0h6 zXRTAcOgGQX_DSs-lJp{5KRJP}fuy6xbnJAbIPrJGq1`BS@y@&tQZ6qZGWL~w<`8Qz z;(iR!y)Tt@E_jjvb<0gC+S`phCby9@A-X|Nb?RZURDbSe=^<5vfYuHn5@_*Ej3^*5 zym+*^R%X-I!@-ok3JfYR?)ZY`UpzDS`o!^G=>H4P#E*mJmbBwERKPne8VnBc_$|7m ziSS+?C_!kIIGnI<#yoPpl{!0PS6NXUqUk!DWUA*|)h-nn)9CsRg6EpSZ7?&U!g#!* zM8jh0L~7mkH17N=?d)vhJD4#$nn2h~;JJir5i>?XZQHv)8CjTcI8Y{(BW4}meDU|m@d8oM$xJdse>j?4~2Ou zA-C;0($uC*u@Ylw1g97wqk1ws-NoE#=e<}B1^n)PZ#Slkvbh)yN~NnZ@NrIM%{UQP zhMV3}Jw_F|LC0s2Y-F?4#7aYIytw%yvmY!yART&I&ou*PUP1-!lETZ|(2Vx$PZNmf zOZgolH`Pu}CP&fM^U8{3XLH4iun-PqRf)^AeH=)Dwm@gVaj>N$9)XCqHF>{jRwJG3 zY>VD_$xfzjQ}HbM4|v$QU}KP<^B!={;<8pu5cGUz^i^q*wx>3~#$k*~H{e;F!R-pZ z**nIb!7%9pG%emBP-p|{A5ZsD?-VOJ@a z9;L%EMrc&WT6dOqS`5RqaN}_=d(NKfotNT^1QXLH78CxkwVovMkh%mC&Yd!cf`FV0 zKSKRhW?Jl3<)6-Ap~|S+o_xJV^|L^Y7CkvH)GZTN_v@r=YYIr12fVj+BDvv|Pm)op zP;L8*i?{9(u`4gBbJGwmf)`d*&`beQ@$9d7ZbdDGws@-M?qFJXRq?&fnP1@DpZthG z{&B_HD>2Mh$FVtrGE$_4i-(?HbD=Sc5^O-aq;8FtpA|uplG-hGr!76eA-pht;A<&M ze}904JZcDWEnj3PMY7$D95xq}&44UJjy@(B8!q_-uxFbC! z;ou0y6lUIyw*XQaHj^yqW_1ihk(B$W;~w`tlWgq!RD2OQl~Lh!sF|wvqatMF;%*wmVqLO!*dYr6Q9f;%djX`H^oD9JPh%zVUWvU% zBZ6Y~vnpvnjCEg#beJ!^f%lwX9HihXa($nrPs7?&{u3OU0SMT??X|6@|598(^ zg$!|v#+Jf&=I$WgxavP>Cp)<_tg>)KC^OrPzMgM!&sV*^iDVYVhwZE6TkTv+D_c+5@nU~t3SMr!|n*=KJq+Rf3+f~t=B%v#TiGQOQ2Sp@_%S9SC-I_*x0A(+{QolF$phqO#5?acLrPPr3MQ z0O!I@?q)dRi;i8%)&t4AXUy~sVtSQuugE;_P2;aB_c)863$m6z34)TTy}HMJkzOUW zroBgSJVrcdIG#XI;NcQv8jQ{xI)lVtP;b~KqT|wteWS;Mw8{x}Bo7{QOCC?exvZs; zEyBY;YpRk`c83zRv=3?*<*_>WB&u^C3%niAtll@LfZEa6Oa>GtOfMcu3(KBo6l#7X zfqu~HBkJrY%YApZW4!qyt=iV@QemCEAfJ?qhC!b!?-#S*z9vu0S`Y@} z{YK8QS`e|;1)l|Nnhs9e3mIm5A#3`|dixNUdKJ|SxCOIx-PmZdIJn*Aa05Ja`GB_9 zOZv9;xn$-qHu_VS0B4IuS=$*VYCX_(p()={Q<9?z-1t41)-DeJz8tE<-hUu&+s%i< zIqF@N3kCq2c;~6rdva>}lTmp8r$EoWm)+vG=@t$zkzc+@;WDWTHlb(6!ISJ|h&Ow1y7 zs~pb$qHp~z_PA!|NMDIGSFLOvcZ70qVIGFGg-of_1x3 zf(u&WM=SJwbPq?hqfPzYtfT{1{6w9LO-F6f@}8~>`BR=uajOI^zn zTDDq~qd^uaeE9Lu~KkM~WJT`vN4hO`)(zPwy z8TCRhBDebSb=HJ+Z)5_vOfn+lMKk3#N0QpfHc8x9we#J{@#)3-)0L4pGW~Wd`JV@d z8TX!yZD=3l--oaBdu4ZU`{&bK=YI6k-$`=H*FC)Kl9Z^$VZ$;>CG#4xkSDvH{`Pov zjhbZ7rhy4H`hK+&3Vwuw`!&7wm z0eTp@5W}dc-_6^_{!f{E4O8~wYhduQ(#$_qZg!u(PR+_#wbpsl)tHKf7X`A++jApQ z8BOXREUg%kdb8Jw)S$xkOjxHbvQsZD7(yjrlD3fnN7Wn3QBBFQthVo3Ez5IE@pO*( zilhCpg?yvOgWCKuB&Fuh%d0|5OUY;j!^Osq#2#Gx+S{ffVGgO;P)hfe<(I%#sdNAb5Ta!duL z$=s07XOO(oep1%&u~Au4*Iy@ZOFt8C|HRrq8n0ozeC53}8;NsSe_3HQZTMo`0fi7n zOyhO3e3qs7H?l`+seW1PKh^Di_)D_0k1zWZKV~_=(=Cz0)-7=fxD4)kWhX@WcpXWl z8+t2FCeiveOg!@%I@ld`)P=Xmn@N7Ha@ir;Ww6F%enw!NyxkIoC$W@3Ig?)A29?YI z!bl-$R~xN$Q1t_AuGPX`;8>BmtWV88NyxznAFatigk10BQO+o|qV5by+UF=pS$N%W zZW_;FoN>mgp-M`Oicz~A_Kh=@oz=m53yW*>ow{D_(`PwCn88p3pY6i-tuJ`HqD8dZ zE$pi#NTgcf#>;&louf|$yE+$6L1t>&k4II0<{Gjk(jmeRa1rG>9Y=R)@hXM;G#+JL zD)cQPmOD%fJQhCbdo^TCBOe<~A%iOlckP0Q##xQ06i^0|$;iE=MJ&Rh{46yiwA^Ir zmKB%A7l&ZJ6qn34%dJy|N!{5M-45o+m-gEd5aaPUCsE2$NWxY?9lZBs$+I8n&%wl) zWNzob?#aGk&bY?CkvJ=Tk?)qa*#5Tv1bX@cE*XuS{>qUd!X;*IpnD-BMqSuvdeu74 z#A{@654*s)@3XT6J__aJ6~f=12cIy@n*d@Vbpx*RAHF5KNiLQywj%XeiZv<2hgBZ0 zWFDn*_FoTnd9XKSsS8PYRhLh5Q5(_klzr=M9L-w2fRR6~2&Kq0V1D*S`w0dkHLC;f zPA!!ac5|XuzK``hQ9OTDOGfnuHXN)|TZkJ5X3iAv}_CxIl9$*0CY6A(Spb>$NPi z-t%UYM*4RF?&H!pcumNYfODIN3u)T+#l~Wk7CXW64_nhJkIbn`j~99Ig?)iUe zp)U`_RVWsGnjlR5S&+8}pQF{BO88v*UMiKy6ZFwV{42?Zq0M2*SUnz~H7eiPMYZrz zz(3_7P1?6C@fWUaklsg-lwoGs^{3(eH)ov~2v<5X1NuYyLt#wD^=foGMo30;J!-hI zqZu0e#+8Ga*OIE3DEH}Wbj=6%gt(h8#VXgwd|qhc#uG14w8)6*;+>C{pKj{Lor}TI z!9&m4MRgT4d<>2ZpEB1->kY#=Zc;v^KM$O!tMi*?v~NrxgGOHSEpG)HGlxtu?j8yS zA0qHz!8cX3Q+e#FngS#r2D8dUy-w61UF;Oy4Rvab)tX{qpU~ai7CfsfwU~5vCbzCs zNI()%05!^r0}qiAuaQ?3fGM#FxY@$=1%$4*DEGVS`KfW49lqy$bmQh|G%UF(8ThmVXkh^=Dt@^V~MpfBaHo>WK$Y+ig9nZVeS?n!JIu ziv5R^DE?j1J(ZHpvo*$x^(U)91!);C>I`l?{Z&b=>ygvVsvMWv7Z1d-c%$`~6?yuH z@>7_?+3Rw&pFQp7Ig|aa@U%2^TKD{FfZ^KXepi-)6t?J8MyP$1V_YoFZwM*w!qy?Z zoi77B2{f(gWhR$gIHXNs2QG2dV-eT8ERupppAu?ZmFR(sszl`C#WAApm7ii{B={~G z?~++?9GbZ6?mlqsu|YW^9Z=tL7porI8rUz*ZaW2qdtHSSe&c1Yq_;A!@NQ}wu$p>&v7n?5YpSW7VZrV z^K%1O^H0f4QeTthh>s-@nzXO9<*!RGM&Iv7IU0u^EBub(40gvGKtG&oqRe#du}C{T z?nA4|qbS%cwP(2$MQ%V^md3{sik^{jAxawzRI#}KWP{t+34gfxVA#M`U>t;Q=~)-4 zhDB){%*Mr#AXEv-hJ$N#yVZjB?t%$Vi!={zyTO|tz3q}vLf0!j+(&52%kMZ4JRO6& zKrw5AcI1nqPgE;}L@>uRzS!ExZh5gz|DrseM)sxWF&#loex~E^1{+ix2vNUj)5iFz zO1$0nw)iuRB`S|wEQNy+#G5Y>cYMmi%ioN4;riYS1H7TPR_~jLN4<%a8hob_w-KTz zd6|S|XZ{|~oBR+4mTwCrX9@J`V;TuUi5@09KCuR#Y}KWiB2tszu7c5M$d9KJ)(Fi5TNAWm zC=IHHk>gC=x~HZBU`2T;jf%EHcF7k4$`o9^0l zZ{q)MkLSC0zWd$(Ju_#{D8snp_ttvXTF;~U92%4pP(m>GtaA>y`S`fd|7r+Qj(r#M3ym!Mr*Yh~eN=&lOv?xKH0!EhIk)zU% z<)kcWPw~sWo~qP?!LvFup&|ngVGoBuFE;pk>^N(c7Q}oU69@MF#^C;y`dtDo9LC1E zZ*OPvoU}hWJ7~HwI8!)hi>=h z9ma7oU6O0mT4=e#fV)?_N&Qnaan)n6Ma6xEKsF~Zt))UFpVfz8i+Pff?9W5ex+>Cn4ls_ zKuL^tnClr!d!w&`ja3IDGL-6x#uABj9*s5VnO3_mI+?*4luF-=apU#O@xcaW)fesr}z6L?AY%agx>2NinVbu+E;@8Oac`i`okhG)9+w}I~CUk%RBg$Wox9B5}tT$ zxqvBk6g2$^Yr3L?Qyh+@vDd+kY8)O)kyzFtX}vD05uiokM2*>d)#XNNoukW1=DsS9 zzT6bgJxURYWQ?*A@Y-t3pht{BXfM>6{9Md77}dpazmp#e`C~6*jqthb&Hv)uhS#4hhQ=J7tscPOr1u)GZ2^<$u@}IdZ;D`F_xI?j4@-Em z*rnBh?o8`q%=8cLfv*%uyi=8Q7rk=6EC}NWpF$~xP2on+BD+n-76bRUt@>wHSK6Tm z?VL#}6rEl17>zSo$$4Cd$uP5cEjaT4<%JmYxQ3o2!Ve<5smFIubhJ#4o4l@H4reBy z->mX%XP?Mp{u*@fFwB4krU2%b0WE9w)SM>uHkJY#32{nVAKhS$IE)w<&GKBc_6^5M zHA~fIDIIWn7KOk7E@*n0Q+LgAVQ58lL*v*<@=7`y@#^Hl;L zw-4l|mE3FH@8JGJXgQh^kK`ljrUTL`Su96h$Zi zdQ{v9@_Fi~PEsWt*9LQF+9S-~aU(dARV!fv^TN5;qX#n)Rqwx!Y6+HJNwGJlrq~3K zl6j?A)Ig6!Mhv0%1Px|H6Vt073YeU1MPN0SgCk%Z16894ONogO8w-khx`v|l}J)>1AJIfjQI#~{w>TUw4C;N`h4N=c@=>F_H- zG*`*U&3%YI>jfJt>qp4R)$ln^y%zt%&UuyuU7ZI1K}F@_oU?+~n~PJe6;GWvdY1Qe z{uDQ8@*w8+iX!5uC@Yb4A5u4fYQ^NX4@gvWCG16a z3cbf>r-Fk)-t3_$lS#@y`P~TE}%Mo>4orDq! zKHgKld$R86(BF08cdjEP{b=$Cx|hp>j0Ql^JPd(pI|jwW*Ugv}I-j#BMPRB5@x~$% z3v{{LXLvsBEd3|z! zSO>mKfbz1~rNCULW7|gX!lOdaevzoen}cq9P$Bc9*!ks1>NP&R)YZ3Y02sv{3;seX zo68~1NqAErnMf5XxwlK%+nVQba%FT?5##I1DQaDt=zD^OL7{{xMN;HAwMsA>C!Z_g z6XyKnkZ9o*5@AS3olUE_rlo*+Tu^b9ANLx7q=Xs!)|nw2Y+%$8&w^5@8BBEMax&YW z4{SA+5*BO#ydcXkoR4nbkKYe|(v;B*>cCQ~K>dNeYz__so_epThekJqTTt6{rO=89 zcDoHg{A7#90R3FAg>ZyM;t9_f{|hy6jTN6q*&wt*jYl z#~dP7s6vreXd%D2pf_#y@cy?D3}aN(?tajWl~k8`{~Lsz?LPO#JL1Z;U8AiZyV8wP zpg#jf-;LFw09G~gQf`6)SP;6oA>V!DM266~ey*m%d{l-GV!WoeAM-7kPfsYOq)##* zU<=zZY2px5TrS|ic;_~P=f)%$Ad@(^)f=ybw|tO9|(i{^2!HFo{@#QZ-TrdA5$v^cL&wpfrAOJxb-FaGZA5sE_i8>G2ykbS-WNf zDJH=)R6P&c*#?eeMe89}v7NzY!QQtI4-%XPSWjr!4zOd9e_E~J=tyXI2N}b9unLrZ zpanF$3oBdPje?;}IWm78RGi{Fipz;(TgK^j{H$d3$ps}Ml5*A$H(rM!v$4!x^P1Z8 zl9SK?>M$W_RCf}_wr6$I6al>$U_y?MOHD|3Gg(@+Urq81+)|pd^5A}1ce2F@#na;! zDX6%p{d8bLMB))3o{BofGA761^Tv)H3~?P@b=PYJzLnUj{s3nD$s&y}>Z&FEUasH2 z>Xg_*x9X0XtaPCS7n@L4&H%#IJWSVdDWk8+Ps7zQ4~Y0BtezQl<&Fo_6wbW;1ST?( z7h~m(umP`N>9odsubOc35e7O47KwRe4;(Wt3OrP3Y;^E?^M%IzPTNfU7RY zK<520dkDt8bdImqD?#DYg>lFAb3Snaqlmm>?PrIWIjBV!21}=fFc;Q*EOEVP!7S3(K<#Or)JU4GH-Aygjww%rHhV-7+dc?XJwLaWdnCZGb@h;`MKlYYL zA!XvT9W+oIn+Hihl?KI4VQjgxEgw}bu)FT?fYA9=cx36+Sc9ii2!<&qsbR?ebM7II zMI3{b+HE~+_yg}7TYTb)^T@ITHHV!+#C5Kb@VV6lV2dS8(s79(PXF_VW%fBR*_a1p z9MUO-guBpc$JBbS@xUg|S4O_n!)K-s+(Nu@1g^;r|@qDQ2)N|9TY~S zOd0ilcQJ;5E=HLs^Wok~xl9U=?}KwO_Mj=38gH_hxk~5GvbVP>LvvG2q)t_~-skkM zM)?bal>J4Y{m=`_km-_&m8`Dz9{Q1~d&vlZ4)@V*3{W&f7|EM>fU0rn`vivZP+k}Y zni$2B_6Ugb&-|CgHQB1>ebe+hgW53FgPPR51P_*d1iUz4$t0^+b!-Rh3oSz9T^~%< zH=4%J(rFYc5EKA~TpI#^1F8sOoCfNn2s?EetO@ZC7{QncrX??#z9nuWS{-p+=LfKl z(zU&P1Y28448+Ag5>{Sv#&n==7*m|P2AR$qHsTshGr$wsjc4}gpBCwp9-zw6=WwBQ z4B!=E&jgY2KFJT2*V7~^({lPNjWZVjCQ&b3F$s%7cSuxfHGj*?Yj400% zyrSXdD9!Xf12rCfBD+sG+o3*5M_{OhKNej&4V%q8J*ai2ffgoPeV*vQqdIs=llxJu zzGab)`QQwdux-Ds{3G)C9ÓK>8do04I>P>K8yGBdyDhhr2k z;FP;FjGUQ;ORJJDpQ?qb=Nq~Zo3=vCwvktQ2DMdn;hM0jhX+eE1gjB3t-~ydTW6nd zwQr93#;*jN;P;l`H+FBJQje9{cC6u+*DVq*{h7%m$Arf?%;Lv{JL;$&D-Q#k*RF%o zUA~NolDHCzO_A2?mIJ$~S3T#l-T1Q7 zX0ya0-iZ;5iKD4dBSbX+mQRipRS`7$oQ2;~?9C5a%^oJ+^fJD~->h|~&Y%NaS=%Pu z7^WxRG}HGxZsHp|GV(k6imOaELe4(wTEmZPc;ua={suf+1^i~oOU;~6ZBehK zy=){2f-fs8j?-Rd_<$<`z;atXnK;9+hN)~qMMCnptCO?q7W$!%tr=+dYD4p$RGHnU ztd*v;1^IkuL@|{XIKg5BJYdPFT4(w;;d!JIqXn2~+5=yNFwTvqgE73+5NPl2C%O0s zq*yuHPn(x(9JdJJKD|SWRS1qyXl$8wndm%1jxBDWAst2iA(Sv{>HU!24mim#97*C0 zuzresKV+o8O}RjAB{NAc-px1M?8pc5!(s<*x0wE_17Z0oQD#8r*$X>Enca}W=Tv?@So)s5e za+`!><17-Sljdhc(F4e*y!4`ZN_i!^$o`DoQzdot(?L|Rxi%Zr2c}=2 z67+oBq7ZVc0sv_tmc$=BL|r{UsL@;szJ5XRHCLEi@Ko=~T){=-E!`7?-fWjzaC5kIZK7gI_WRLYy#Qs23OJ9l+}g%ed=Kq;c^+ zD(=Tq(`WS&Ug~9$xRonX(5}3ShcJ?M33;wztq3PPE9!RsV0sw23Tw{uit3f_G0mAw zkqGC<-Pjk%!05{Kt0E2idFbeVEzWKQ_3q(Vx2RpY=WT{oP?w~?vz8Z8#RiFT6M26$Bb>>h-hE*qNsBuWtc_pwQ#cnmC%M>(Pb!yc6HpiVX0taX~G(VLIt-Kj$r_^c&)s~Kz= z00!sZeP#J7+$-{+IPT%EN7senR5p!K9Oq&=<^n-dY6kt#U{%Lzz2dz zd4L>+^ZONiY7hh}Jk=-nXS_O6y1qhmyiM=$8@6L2;9U`o3LbmuL0sCZH!>meqg>4N zcRZ3%RH@hHp*Y=J~p zt@pJq!zwz>w3kUZ5H^Q=(3w>nYKFl?WEBy!P~$1$yF#a~Bt;$YAe2&f{>!J*$7-814HX&ixk4VSpXrwlM^-k^2|t$rL~XG)z4O>j!G@b;x8kvI zMm>>EnW9l0!JP(fL|f%+URg_?+jxWQFVSh!%tX4mt?URkCOr=Oa;I3c*ai9iqVF+; zBFe(w!$j=-Lr)f+pwGK2;JXlSsJ&`>R`p=9b2*Ogop zBc5U(<@LI>h@H9;|6woJ%$Sx9d2(Dp(j)>R3Kf%psgR zCX|)GjpzZ-A$)zeV6~xUb!{xJzvjk@N9aKD)ciXA)-i;%@Xe__F~?i~+RY!ii!R+) zw?p7>$*wi7n;4L-)cU7F_6UtiCNe)~X&pr@_HlzqR zhqI9VdMtYP_koio6C02x*EW;bDYz>6(SGK zul=+&Vqaa8eUvXnS^I*m&v^}2W1zES4)c+S0?;7qZu~OJc&L@G8eI zT1O9r${cWv8T`k&O1d5TcPy$YdK^vW9r;=_hCwPX(O<_w@ghqupt@zkR##o4a(d%bGtLzN0ST(>lTul?so1qZRq>h+WW;cJq z7^yn|jPZ(|n?69vIrRo)<>j_G_rkCuq~9wjZUX4K;J0Q3*r z{tH)?J_pPIi!3fYlSVNnr^mlZpi{U$e{-2hY#uL9#{rBbKzbI)wQ@A;` z)FWDy9*fwud?okxs~KrO8OaKrZj6rR&z6R|8#lkMJj)z-J##f)rhMR$eC$?pRrzDr zH($kQ>U}HL(uZjPKkK0LD=k?C4b6@Sg3RLA_z?L&)U4d^c5kT7+NJUdlFC$cP%MQI zB+37Qq5D&34Ja%B@xP*8^j|tr8|g`*)5eh0xk!I(ZTq{2eu=Oes| zfYw#JD5R`)y{X-sb6G{_!TC``>e4mHcKG!cY0}QsUONn)RWtmR8m~gA76dwmv|j*F ze_U)o+kS1Y!ilYJ&)4smjttP@iu~@!cc}7qNB}C8(wT&qd zK{KlXy@?&3`=NSYO9|IZQ$5FYTvy_DfV@5=^>}w~?h3J9&7Joe3PQ;bEYOH&7 z?OhiPgy>*Y=l^^_kW|oc@vaic6eRaiWQCDYFwsz6hyWKz0|I0`UDkO#`1s^rq9|&kx09-;7aqxTQe<;aZ`33NYTwWuyUhJ86JJiZ$jt?y&LKA3Jjs-pHWlNV4XWsA5tjX(ngRzA+JuIhW7IXGsg^wc*RH{!5gfK65M6QF+zfUjT)T4aXs4|N!b ze?a$Y|46zv3pT?uzC4NivSC?kkZQo@1Yez-HPHB31BPBiTzF9%IWu*B`IzPoAdxwN z0p+xfBdcCihX8nUx;YI#=9H6 zGRgaojw0-L5Tsmp$TPO3&!}ei*9Q9Uo8|uy?@T>Gj5TuhRh82*_)BOefzMH<%!du> zWY2=mBflO!)u5+C&j3=D0Y}ax!!|fnvt(0%uzJ6E!#tpr|vXywX z4i1FjsjUZtAPw+#g<3Dlyepd4I+Ud%xYE3pi-AE5{X>w79sg1o*EB~5S*!F8ID6S6 zxD8~e6`v3ur~^zQG&o=iiZS<$H=LB44D^EzRrMEWJjKV;CdpQWBB{Xetc4KOSTOJ* z!06V1Hys9968Y(8wUQ$$Md5HONk4xB3~*tQgo++W?*|>TF4hc44@%AF&b-Mxo88_!-VO`H(YC%I5x~kqRtRbV|-r*>l&& z$7UAQ5sUeQ+D1`bZG=huS=SU4jGS0Esxfgi@2?u=^g>wn^^;4fuOXEddZ*=H$CaIu zZRE8qQ~$C)v?0mLDfPO7Ak=V6rfA{_SPu9tIo6ms5sRBO*j>Y~7B3JI5?pLH5L(`M z25D4YJ)~gOkW2Orwk=D7_&n;E^7cD&FG+3cY(w?)dY6YQJ9Hpj2is+#|3)TDXdM{J@K9dov4OZ$2{beoT9O@(h> zeEn%ekmOWrMCXtiO*3#4=k7U~Ka^{+*f2))CO$m_3qP+YV9FmIkBph9`HAxB&dZQD z6LeMpu@xfavXParxMm(A4>E9iWccpy1^1eecjWXgUdNQEd3010sH!(3Foi(70N25w z&9TEzLYRV25m0mRk!sX*UE73!J*UgbS~cp!2AQBsQ8Lg0Y)zHZDqErl<*(|;eGt56 zvbJj(d+!p?`+#!zrbFbKqqq}+1EUK8~E>Lj#M*6$L0E0~qRy$vf_ z)Zis%-3t-i#vUEMo2hNf4V&he{{G&Gz!`WFH!G&zF`-I5vWBCyQCSm6-=+GQkPXBEOCg=V z8X*uKtEs2sxoU+Iu3x}t#k`BNhq|SRFv!e&vM5Nh43g$cPkU-Mn8q6p)`Z#zG|%s} zmFzG_AeKQJ2pn1rahnDq!we6o)o=-|LBx|lt;TAi5>Bn0weT9{&zAcDxU^o5-S5CT z_oy8UkM;Ts*ZzO5hmvWq2VijHMUn|EJmWF$UraNm)qJ~n{w=w1)2n7>6TK_tnm032 zW%O0yU_5!A>XaB^`{di@EA;Q-o{ z$M=Z?yY<{_Ji%7q2l(+t^`tEg;Pu=T0iYB!FkOV zv8^o5>gv}57;G|rM;1{r=imwYQ(y{{m6!f#Gqp%JrO28=XvLI3)(6=oVdPkd=s4|9eV~(F zYwBWgw7FU^W257i3*~zmg+Au1Z@UhZi`IlZm7kXSo=VX@p=q80-lb`P-ce+$HoXYQ z82($A^K$_3MP~rUerfJE_0z70CC0SM1t=iiGQFtErp7BUr+NqYlGdBQzJqJ6ovN8_ zP$~15|7i|5P4K&c6=wqh)%?k?lEA8i3vm&)oM7hx3@<{$BtjO=W$rnT!!+8QcP%fe z$A1Tv4v#=kxha~I|25<5p)1FFYgR>KVMcAEz zi4!Z}Tj_sti(^ou)TAvw4%`;DYZb?3={QZ&Uc;EgID`fL7l#n(=riP6aH15bAPY!V z1qXygfT3NVfPpO{#!^IjK#6|}9MRs2Q~@ZJwlexXC=8e>Cjpw7pmM1-o69K59DrRv zvs<_rkpWNh}UhuEh927%TzWW)KMgL6}`!g{1ZYJIF%mhO0u4)sFPN;nu zWG|VtHN*Jr7 z8Dc-GhiG@u#BhE685y<9RuYT=*_;E}IGYLi2$TwBF0K#fpc6sg{aWQvOzOQLL zeN*`W*a1kKdfths6aw?OpI;K!7GQUVNSUdfD)EsGH<0ts!?9D)a^=8P?>=+l8 z)%HC}?iPTG>P>MNet{h*I}vSlb(~Phde`|W{{dFg9%j2NLJgM&+t>?}?$oo?60oG@ zLCA(c7*P#obE=r+z*r=DI4cmO0QDri@zv>x&x()3O$X#M$djxNn}kzLfmnEQNjdc* z7J!}I-ieNyRdEaIASgmj?;o+-wl~EW7(V~F9=hEBnXi;>I9>8T#sdHIhd3K%btLVGIMTs+#xcPisEB7k0Py9!qYc2c7fz<_2WsBi zQnqWNlD+qa1ExUgMg4NL+_1{0JxtUV_;5nQn>CzVK7-t95Jc7vc<$JLhljE?OypNB z+R>CDux=Z&uk@Q*9|}Hu$l5ym`;-=lft2?p$Pk2@o>4|5oX1k!PagcEl|51}Z7EPb zay9*%p1t(-4&&)mG8m$xRn#K~_9aQ$CGOJ)b4)HfpW)NeR{tTxHfaZo!{V z@9tE+hcTmWs40g^iZDMG(@<_?Ed&b-UbSFLo^PLbH{ z0C?QE0>Zm|_jgc8Eh8^ZKVw~>Lnbn?T`$3bjn@*d@?tX=$BwAR$Dygoe6qxNV^cLa zL7HoU6Z5a#dk+05nM%2FE#aTq%_1l6(LSg9(518%p%!1iLN{B-u9I&5e*3<8Kyzh` zK(b9)AbeX7w-kjpKGMnq^2)C4T*G+ z?(k!17`7>$Z0$b`VVv>S`6aS<+G#ibyqPo}w9d%yJO?jc|D!DvT<_CAlE_|RcK915 z;wd2-DDN2)CmZ~a-U24+ZBCu^Q)%j)r==DV*V4YNkEN8y{yEEGH zj#1~EAPJFw^5ufxar5@ZOmce^^El(r+kHcecuv21z;pWH7U%x2;qrg{ffyI@zHzq! z%Kxudo|4lCMQ7%BfCS3YM)F@}jsNG{(v$?>AIt6U`hR{iEgA7ZlI&437*FzVPV6>ocmMf!3N=fA?+ciaQjF2`$^BY$MLL`42 zU5?Qc)~cv#ziO9{%jqiq2O~;U1x$<|vj63JK}D1Q%pnqI*PHV|=#dp%ayu63)vJ5_ zw5XU#4VU|;)gQ++>Seyl4zNMYeB3W~ZFuv0-=HUx{Xr1^e^2ml5MND5)AHX27B?S+ z1wfetz(gl87As!1E0EkLpiNV@D}zP?`wNHitAA*J$wWM6hX1m^up$PTPwxiet-o52 zB}-v964x~DeG|Ln_P226|2KXH(ZDEqCjQdv?>XLs-Wh5B$dBJx^vxSGep=~T%%p6Q zhKc&U?h@vto>@0&e#v6U&LB+q^UTQa$mT!J{Qv&Lr*dG1_2I@s{>+(m@!NQ&y^2|g ziA*Fr&KHGvt=J5Ot|3+lIuTFB#-p0r%Z0V+@3q#eBE!4fxGvz9Qzu{5o+-a9S_>SW zwFpN5KYj_DfBjJ<$eGoE+WB$B?Ppv|1Gro#YngCeOPK*-pI(-iypir7=M+Rds#P9`;p!=mf&yi+$JcbwaBcR6v$MJEwkh;cUAj{?A}QU zB%OyksKjN)G2_RB6YAjo^>|^!JVhu&oJos?Y7kzGE4UKhL6|r)r6ZgWo!PxfJ4E;A zD@zIHM4tz+53M#k7v%{T#m&9#9@;zv$H?vLqi-VB;1E6L2~6x(j(hiPg3*6Ee9kXu z{q()|)A!II;@zSTx`Fbobh&X#zaNp$g5>WtFh;<*!!by?1T_mW2mPo|tQ};*iQ07@ zK2MKNfRN{YOL6*C3$6}I@DbT#YlJVyJ{7L*#OB0dGb?xsSnLz^plfFbG(cQD5&;ZW zy%}lYg9oQyPU|`l3iBPET{ku69I?}dFYWZe3=jeDv+-I&lzNEmXgVUN%z)=Sf`|%3WS|l=uW4rzAu{*9@XU zy>|=O?ACY zWKTa5Ri8Za-cnK1SwSd!N6R}n9?Z}C;W#0D*^J^n1I9)_=jjf}Q9rhMim@jmF0JA? ze@F=Hyl=j1o(v82JEGR(25JO%f!aW_1Z}$)pS}TIjiM7}40+Q=Y3h}wQ{nn;ze4t% zR6$p}sm3(-*x#n}^ghcudf^U|E4n?S2 z625@o>nIts{{9v!aTA%>*@E9uOb!mH7N~bvq&%|8%`1_$zHD8g>b`eDYPM_OyP@cH z5Tk#-{xl*nymZu2oy$>;%hC3mD>n2jTA>2_@8f}wFilZMS=+NqtW(1tmg~~M#<R z+K$sgw=$>G7`Cx!f|#j`Am00GY?Lq78sdquent1YJSBNSUmx#KlQ{srdbCkBjw=zb zIs6L!nzlRZHTC0^$zDk3fZp{%!jbFS`)?#Z<&t$h5+ghTS2BdlANFDt9OLx;tbs@B znz`V9jM00>^?_M=%*1y<{}g23T5O<2SJ-&%mOf{s^z*se`333R*>gH5&<3ebLUIKK z!6bYZ+o($32tv*g2iib+N8>y4A|ToOZ6I31B|oIVw3YEt_}FssaTQ|6J>v8EsbA;R zgoJ7|XAAw(1iI=^pi}b6j{^_Dy+hxkV%RGbK5#%&VBuiypZ1>$@Drrvd3fAWG}s_{ z(M+Xr#Z{j|Y;9_HmbWKB()oiHSrap3$74u}XypR2aBNM(MSgrmJwF0vjo*$OBL_Oz9*li^M$N~dx5c!fbaFT7WH zR4eDN6@iIZ>{zn$h{Vuy>bU{WUqjIKyTB8ua3_WZuaHGh0h*)bY~@vt-nAVJlpjfx zuc|^qAMj3zsbbf4m>tFosb}wb!RG)Cz1{f=WNh6D^R5EhHZjkdYtu4SQ zO^0CV#QgB9T(32cnUfx<$*ESzj-=*Ej{eZM;Aj)AWXRHrAEZO> zc2E6;sX6=CF?LFR9wBKP^OC9PkilAwiHmxNut+(HXdsow=RJ*)9R`Cf7T;eQ8M{mm zHa`Y7I#s!f;I8F)Z>1a^vsUY0saVM4pqbV6A0>JE)k0f>_$XsuoXxbn!Cqth?7#np5EkqqF^sSXhOpbTqP!xRYmP{p<{yo()Btw z7O4sJQj2>KHF5H$^{j2AmWFzKni+!~Nf=}L2E(dUsrIu@|`JbRR7`RaG zp-Rl(#UT93UkUDwIBHY#D%65%N9W$&v7Qs@Rvwc(26?5`sryl}GjR=-;=Ksl;7w}G|MBOnA<(R3 z`&fFbq^9zcesLMq~E!h8nqcKdDu=C>IuX{#20F4f=pA zmbemI`A+%OEYAfQ@~!PXJ)m2_x{F*L!y;Ak{=TjZ)#xVn;{fBT;7W~vOmecH-oZkH z9CS>O`TiOvcTb@HGhLv0@^2?&rd)64_#t9+}LN ze`$T6%H8q{HUq_t-be(sxLMEGTkMH{#0niuJ@z7YDq@&KVR7$mepaEp&9|#Hm($3+ z2+?U8^k;f_HIFJHv+IkF`3)o(Cd6P*1pNfM&7r6+?LI=pOy{tt59OQLRF8|KX*P

0$5LBXS|eU*Pk;$d1Om6(ww|nWUQyC2SF1 zrzlAAdh&!VweN5&j)D)Y;L|h1reVkCR{TG-dGILac9n$GrBLQr4jBqP=ix)UNVoHU z5olyu5pztQ-ktL(c=z%0n-A|-v*Su)gQ-&-7}HPJ%l(d}R|^2eCLmVYTN&z85=NuY zXyy0R(3c7t(x>p*=yScB3FR$UWIFwwQ|THOtKK=)QG>o;I(@&|X4=d3R-(WS+iKqM zUspEldB1}XxBw#fm;k{C2t~$P5-bvg%F@1rTKF1W9-|syDjw-4H&K+(pyW4`!GB#6 zFkN{-q00F-s4ma<5kABW`Y}@c$0)f>w{J6QcB`7;;LD^^@>`)K@dicrY}-uc6F#6? z>jF=qKem|Acy?1h=(ecvew^ zr z$EH|%%!Kfi2_<9+L6KU@c;c5>+~ft$&)-%aJw3Y{NcJ=Z`0JR1ztj)-)Nqnbc7%?~ z^@-|}bK-lhm@LQ7rPJ#76h3?7`(_MnX!p=rE|p{Kn^o)&tbw&x_;kM?^fJ#b-yy@% z$G*dFrna|Fpt|u}pq7mMs-KFk_G6;XMiKekTljS`mTLC2t%{>p%t9r2zK=E94d>Wv zFY4y#42WA-ETK|M?H_xly04$8&HVH`*UDy&i>ghk=^1M?gKn)0gK&GZK`=`4PXIdj z)Q4-=^+#aif|mo>#DeX=Eu)ce3SA9vIp#8!FFG?}CZ(-Qn<8oX8}!^}C_o&ae_`{^ zdr$QX?0&|+7e+3?J=5K^W^wgal*XZn7|jnyy$=nUo42S9$wUsCl}NAfInjCug|DdX zR_rbHZn6|cheX>i;Na?pV}OV@zW1WRL3uTnRLZP7xO`W3=DyA`-1UL^bJxIpo>BX9 z;H#P3V^pw2#g!#w?!hDh`IOYBY>||pUS_}|l!)!*aefvucdzupE%&daTpc;ym@u%oGVp5s{K;gS}G1YlS*b5XT(K(0M8?<0=e?yb?erN6eA;lQh(;XOLTy*6`|jT!tgSE4=goo90T(xu7RfuAet@2 zc*r$hv=W4c!`URm{%b#i5hd?6bGC=LHUmV-O^oi6Ds{V8;@+Bl3->c%V0>eBv_7=) zdbt=$`K)q#-yKw|l>-+di%vUP?sI+biHE}Cj1C~FnXUCeoZIrW)A`ml%tx^Hd^Oo3 zh|EqV9@|pI?{pi~q;-Fus$n5iT~#Og>oMv`ctfq*OhlI8t#STutuKGRF^`$p{oaWC zphZe+pa8dR^i9YV^T&%)^MxkyI2A6KY(j;ncLg?-F_Oh$Fb!h|Tzx68eSPQFi9UBe z@rVn`oBuHQ`x6>mG!Ypa0+K~AL&CI&7I@;ATKOd6rx z=@t(j`D7sU8T{i7u-_{< z|CMgZQ&4Of|U47%l=#wuYK{b;P7wcVm#t)6KysQiMz#-0mN| zDz==j)ZkxAA`lRHS5qML@4?VGdQHkK{i~M z)2O60T3;SX>VZJ|^(2pcv6rD7TBc#(`w2$zAarsp5lc8Jxmi`^>Gm`J`SqMVUCZ*v zKif1q5()H-8=V^QG~ZN+4-D=5BB3n*OdE=(l`Bzk5=U0u7R@LPP14~&k-3q;5qd*p z%)rK5C8}`kdU>|*Xn=oJF^MA!Hkoxi!M-y}@?U=c&e zuv)4?BY@VlNkTa9LX^+5LaE_`+=ju})A{n_`!t8PQ{Pi@Q>F+VN9tw5UCvmYlVC=a z9DE60s(?GQT}oti2&3$TSqTApBx~&q#yvvi%KafFDZ)u-NX!^A z%B`#dak`t8$l)fV3N0wnN+iE3B)GRHR1v7b4XP7NjOO-~pe;2lvN%{t9!sR8?cm7# zxqYqB-+1P!z0PBrmQ{TUqhQ;84_{8NBB5}QMu=B^?P%)2!P{vt#Mz_K&?3jG zW?h3LLw)P<7psxjA%e*d9u2Iqn6KEB*VIPAp15wfx zNeXEae7E`>e5~BmLfBV@g8nuYyjLRnD(dd@0(~{y zh1>6=Q5s-}YXgdYW|Bmm6`A>R4~P$W-UJobQ~q#&&-PW>I(z4>4%w4b_RGcib}CmT zNCJm;xog_iCL&vtlH~E{>QZzZ4-sw=IwHa?Q7{X@-}H#;U$@?q?YpGHtc_M?QZ*_e z*K$HhlWz`TB`(tM2p!k~$1u#&W75sR7AgVi3T1~$SLN0UBOwujY+aJ&}P@sR;iT&ZC0qB@aqp1h*BGb?JDOzqx zU7x=m|6z5y43J%BSwf*R#&%H8H+X>Zrm1$w&-_?mFkP@E4KFd( z>tZ8mTHnf4M*M}3U3Xo8_^kmBIJxl`Wb965%&|#q{)30RR0l9{2ik?g!9a8Q1=Njd zxSZ6tJTW;*qZHBMo>TW)A5fE_VI{s&4~SFw(WDnVf+#FPA@&mj&n<=om6Jo=BzqMIC{NVA$ZzE-XXxYhdU)R_PRBFu z^lf4?(K5&OZl8h*05amsAC?uJdg}5 z?gVqQtIyX#IDaMBhuZ5xv@l? z-8*!xqLcw{$d19}9&66iC+7RQ6E9rTKS*(GV@4b-gb52@1hHF|T)6;8MDZL((v_R= z5w>3kXjn_h|Mjs-e2zPn*1&bt(3fTdgXLnwaj^j|E12DUxC=(vr&W0!cp(IkDxN9*4hB)|&D zW>I*Py)#`=4l37Y!xYU{m@91dy@IB6omA*+pAc^`pIN99bzWkP8d&bOisHjGeu+#_ zB)f)}&aIm8Wh6gwBpO*sQ2ez!J#%XzBj3M7$ZD!=J2?P82-`4Y11XF0ghFwmzbYYp zs1RvJr0o>WM^Cz!6}ld98r5v4-+eZ1vubl`6;U}8iJpQD5kRsmY*PqUnVtwQD~vVP zEuz8Q#BWx=x3HKr^CZN})`Xtn>*ETpM2UUqnu;mPf?{Et9oOmBBq)b#W~Xh1Jb9f5pi=*a*JMmhUkl;o%bLk%f4A{M={*L z_HHgQ?pbFMf+9VDH!K=3>l7at?q=p0Dh*ROHDQNP(LfY7`ZlY5k-fdRB$;$0`F+lcnMf>`@j~-QOiI-e?Y}NLtQoebJDQOGf&pfSX~hdPJqYBv8oDhzG-M2I0mNW!TxHGmua0xPl1o6{5r zvmpbgY+Tnpi^*rANI`J_r!3dN5Mc>Z+?glMk>?}7#!aT>W-jXh|I!_cD`riv=IOB-Z}v?>9k7Ki8Ch!>T`@psjR$#rRHbb3kF z4unXlw|cO8bk{B6>PI$>^cBodI2u#gCN8E6F-};trH&bv*Q4adA1Gd+C@0}9=H|#^ z{lY!lVB}q+IF*nIR&Tvu7S~RRgDM8)`rS4o{a%H0*+o{jiMi)1g&uJ=pkt2Q2tx(M z$%}xDeoJUntXTMDslc9B9#SU$d-hBUo<)HL|1KcD4O3Xu>+jW*u#R0m4FqrjUSrMZQb8ssDJ=gK!@`G7(45* zDBJCA6ADO*fOH5F0!m3YND7DrDBU0oAf1B_wjWq!a5xvhySf|qGm901CvPhZ~mJ73V;NJX}iKR?@} zT~$Kw>_ptqYZ{r>gJ%|kY+*1i*%7diw0}=VkC1CuT}w9&5J}qwt~RxS}K+v`$>|G_A|wb zyjnuEfseID4xt7k4#$>4$n+KdeRE6aAPYK*CS&oeYOKBk1tpsOXInwTn(4K?SqWe* zqL7IFBsgxY7s*vzT>6VL@n#FJ11wNDtLQ(@N24s1a-hv;yvw- z-wr2d>L%}3b-#nB`NIqBs0~8> z1v&locvTg3u>)6zCPVlSiy9z$VFr|KuN?|#IB~uzMlk3%Op<85GdFxyn5J)rYqU8l zdw6j!7>c6ia%wz)K;x;5iWJq->i7{6$MgcK^)IA_-G>N_J|2ChJ$-yxnVmy!HNAfo7fF<;VRerSU&zX$g7_k)7+2 zI62MqVn|N^9o;7Aw{L6H%iMSZLJ5Rx5=8Vqr$P}Xh}&GkTB?0~GO3TtndfhA_QtxU z2xt$=j=mY3Ssy@_h-{xc!G2crVRZ1tI(=OoKiRXIg3i%RBI#Icgwttg%u0b+w}Yh7 z4|TSaiq@OC8{<7JKOW~`=d4oE-48E#D{}Ps$@AoW9rS|mYbCX^@{Z_2>on0#b;PvYPxz22nT6&CAqQep<^Rq0utts zTWa@f$PtR$xLNGaglr5F>mMS?8zsHu60(`hN9X!djvll`I2n@KQLGMOVAD4h^+<^y zHw+Q(kSr~zN+CN71VUJwP<|S$6fF)7k6mj6urDeXB@w->d#z(hVhk5K?*0~*C~)=W zKxJkA6#ts7J1<^?V`J>aZ)vYTMrkD+6*|twu+vI^>!Y3zEzrS@v3uT}N@d|?@|ek1 zTlONxR;Q(oP!e9E^{)CWjmuZ!FA=a}p7JWU<&N5V6o1H{^@#CDLfnU>Q{?j^O)l_1u*hu6 zB!fb)*fr3_5{{*Scn}!ZQkRF-w&uM^*udp$&cdag zF>DS9{Y3MwtXEp~T$^sqG9DP|U^;v9M`7vGGvAB1`$&O;S7J9~4c%kWy=*Lar7=Q6 z=IO{z2Hj&q++J5xU%Zp!$I6@i{pvkB3?L%EzC^j0_>MbXu|riDA)+dG3I(mU5Txx< zySH4)gxmV*FX-553LE``R1S~e5Oe8|9AJsXvfhm~lY_4T?~R=bRUg&)Ha&^WR+cBn z3a2}g`JS{hkY3iAhIYFjVUx%8wLXto*e-OhN4ioa1`rn$h#0rg;Auh;JT6$(&tEd` zpe;kAgV$0#qIXd+vcpZn)+3RihPAKd>6gjoa}C`N?K);3b5%E`?UKyJ;Pkkz@WD?S zoR*VyhU5{1nGL7iI>fv*0d-fF33JN3VjODme8bc%wmo*n?DH)qF87825wogBDCcHvSb$@c`R`1hKdY;p|D#!<#*C@$w|?iatiaz90GSHj#fG`wxoV?k(c6WwI7+7Y~(BJjUFoQ+PZGKWch0^y1)1WD4f6( zk;Te7qPW{Fgyz0GW%>uAAFT?XoAexxkWRGvr=NS`cq+J$=Y8Afjg+N{u~ zFia6c*PQsvp2H>*-cPoFw=<@C;f<7weyR=6aqYqvY$#<(rnf-i6D zJ2z*;v0Av>-cCi(v-3nQ+q3y-f42`IlM)7@5qDUsQ1JC%bqK7J%O>9bk{?6Ukiu`S zx|E8lwdrH>U6K(;M$Y+h)z2!}Bjn+?U@lQfN7F&CBtG*+pLX9TuIX9}N<%OkT{z&?j^F!yhr7g(Q*mt(=P-ck6^?Z-UY701O7!Z)F(ROG+!!o zD1(-DXf1z!=OGzLcd|kE5em{#g#0N3Ia8op)y&SeCHyrH9RmmxEN*(2x$esoygz8b zS94|kto5yxd^!59bsr}?j742qqzJuzpOZADLS7gRCrp{LjZ65%jBs7|X(A*W-)-6?hdD-GWM)va3loZC&Khk7uYjb^Q)f+F*;u1sHE$nJRv zh{}5yuie*>t}-78&est-c2tUOWiiB*r8a?X&(5F35H+Ik~d|4UK%iSuz`~t!3+p5;PCJfdvd!d{-1Dlne!26FBp6cfv7)p|#e1cnli_PT+q51H5_mDD64F5ORwMy( z%MhFR7k$gvYjj}<&8s7p9AqTyNweR-bOZ=IveRK`|0q5rG{?kBMV`xi^-a%D67>UW zPN|TRic91%w3TpV(HK9&3QK_$=T~@+FLW2_6=`|LEVxkGszx{dg8w?LC@@~>Iox?- zm$SA9g_n=Ol;p@pazd|3(k2V!Nt|9w7P8eRVXGBlYS*|AZ(P2x268cVeyncD-H~c8 zhw)|mf-ZZmii!3(l;I+Cl%npfYh)c_X1{8vxt+X)rx>76iNCQ z$L*tu49iTZANF)xui2MAt&%Q)4T4?xH$yE3&>Hv;Nl%C{L|fZD0s?M1IFS5xv zzgV*4CM7EpXM1moTM&|93y&)j2dZh^sNZ|j9WT1bRW}(FN*yQp@P;w&Gg||lPdG=T z;VGw`fx6C+63S4NxLu5-g1{-nn<{|0BOddOONyK1nqfAHk>b;g{hq?5IPpTl7)wBc z=vWY8Va&=gqAq}kjvNujND~j$@sP7u_s8}4?3)&j?%7g{f)=QLw=c^~52-a`gQ~*Y zl!d*4Ax|@rkkC!wrmZz#GS-T)gIt+0ZaCkIxRK_o`g)&^R2M!l$;W6`%sP~ZOV>g` z3ITGs2Ok?Nl^?cU2(12fZMRapIR(;@{JfcZTWrzR5;X%~{>CBJD(~p;FXX@|U}sq| zl6UzsKEZDLNA`KjT~uRWFO1#;+9745rP$cOdnEg%kYC5`gN)w^MoDO$Q}hP9N9u_o zo`gxWg;1s9H(GTvc8ie{wG4j3SJIhqdz&D$;P2}4$19P(@LRvwmmWp2ki%Aq?qMm+ z;rvpzI%B^}6U<#fJg)44*8I3)Ax&@hMS40!tu*d4cEMD>G~RI?00$Hu*ny5T>(=<- zskyd@HNr8X$bq3L?-~e#+~wB9Rceu49$4*$qKgV$5N8>?Vz&bN}u z_ziNBp@yp5>h6x8 znqEXt_@;}y(UtbmWv1iBN=AT5T_U9Dd{E#EWG=Q7omT6$PTT^a8cf8lOnuj?K&SLe z=9i+{(*^CgiImljb%BW`%UZm0PGnq{W$juixwt+AUvw+*yGdr|YHf)U&JOSbHLgP9 zk{;$a`I9fr2lxXi(cz3k4Z?ZHmZD^bz7U_ZrYL-~UUo#2xlTpg z>-0H&>u?CUSS#W)x|G~w>QP&I&FTJ0!%c*72Y<6a|Ke{=MQ_rD{C?JDUqZGKOj%U| zf48B-0@*KLAy;7H(wk8c7fSA!kEaR59K(n%J1!u&W+D`?7?HyBa8dfiu<44Bx|jSd zpcYUFixq6lG%QxI%7@f^^IlEq_}H>*3ewZCl2zI=I{;^gz4@Mz-D(aWca6~$r@G2D z^LV<=>5X@0fqa6ug$~SnvP!lhdzd&jNXKh1lYL0&`|j5A3lEDo$_V|0>cSX>VP*^v zyu-_)ISgz=N+zc{S*Hpa^ecHtFC(Y$4cUACel}41%eQ8~W3LVwBHvFX7DLnCca z)ZW#WpVA+@?Sex$U({$GMwqj0qf8Qt=4g$JLKk8LZ1f&}^p}l4b{z4()o)s;fuY3v zJqW_`@^pV8C1pMhQ6iII`~6nrzRd~~*S)Np)`t(F9>$^}RRYSw9chM{?ugiX(O%27 zxujp_KCg76JJT0*xY*9;S*m|4H7`DvXLEKwCZ>o7tx8p+Mi<4@skUp4#f8%}@NptV zbj-vRzAVh92u{DIR?#f*cR<>j2Kp5}4$NR_tl{Ls8eMnq!o&(_q4xI<6wrQIztzhW z?()W_f+ETO!^;Jv46}r@j{MU1=VKJbo6$5{`#wNS&iplyxI^@j7P{MjyXJUQSd&-o z8jZNs`qc-pJ!q=lofc7N8SCJLc%#?++D-B8ft1TKGoUK}D0xYGmU3xfh}}6zV3VqF zx`z`ZGDR;9Kgs1Z^$KuI869=d!hFFiS2zXDIU31NB@gd%sK;00KuEMZywr`pWY|ad zF3NbzgPVj(IQ}W?Q`m>+L=MGLaX^}-2KHE#X_F|Qs zs1iurMQq~nkA(;rCRR7j1m~tDF5*Zifv6LULAO_*$iaX+e+Fq1ihz zlhuk1sSbaLbn|TJcXfy%&Hn!0Oauu&mPfm*^d`I~g5PIO)^E8vpZz!Be64EYeLpnC z#OJyVM(ByPa)jR+PDy%zU67B!_yUvQPwbp4RARP1%_mF<>FuJ?&kbG=2EjaC$1_Ik zzJ~Ne+#U;{g+nI~QM>A8<_zPEAaUYfe`gQYHBHhh5HWcg!j+dl{c+gJHdrKo)&kYi>iUrbh-aXl?ac@ z1Ujv9p?(+feePn=dxECa479l7gE*_wHyZx5hc9Fkmj*t6Zoa5#qVMx-Fd?0~=Quoj zq8x+Xyc@6Cu@t#in}QP`wbPa3e+jz0kK5tm`i+x!FWAC$v)rsI56MJ9eWhA(9d~OzMUM-N958> zE!>0lOXzpRpPK|i*#|q5{<)g2pwBtYm4=+jZ^tAIovMU{K)bp#{;mA>O+iIj_m;%_od0M%QWIk@h&OpAEVG9yiP!QW726vP)W# zj5x2oTW)4kMPOdqHartTrRrWX(zFIPF|F0FtPInuTQE36mDVA(hMgiM&k`G@g2s{@~+LKQqGmNcOQft9MhiSE(x3O0-R1 zl7GTIStqJN7IqZE7{}t`i)+_Jrnkcikg-lw%69V{EG(hTy+aDpc#uoQ!t*^ThT_Ql z27WeZMaz6lQdb0j2<#VlAhE=IEZoHx3!Y`G7bTS%6PX%~M7U~l^YkJ7ZADB_`~g9w zy=+ajk^=#ScDQbR&E`60p*vy+{2UK?bzU44fz`K5Zyj``Lkh@Q2ni`NCRp-E3b8^X{Um`|I*7F?TLbWMIOD2C8ZqSY!kp09c;Ly zSFc{RdoqNoXyDbEKN7mpA<}+r?7={$`rQ=*-i&Vip7n)8^O0lsK!f0=ot0Obo{%yb z`XyTLu^py*g`_L|;U-db>Rir#orbzWqlJND)Ck-k3%wO470)thEv0*Mz1CPF-kOr0!`ldNA{1_z{0t8zPn)`SgD27I`ens%`?% zqk62~i^;e3xXW9%UU@G`8}h?d@3@;`ya<~*q@~7^=+z|U(r5k-?Po>~SpL_bRAH{0 zwL>HwCp!Zc;$kfEJVFS~395otA6MC!p`yBM49S3tSQp}C!X2JZM zy?00FM22MCai}V(s*P99(oojiyr}4CtDPkDhuqqiFwn5pc*(=Ap?J+(O)=#gBYTQ~ zU2BV5T`X`;stS~gS7IP3@B2-(N)^8}Sz*57c1qJM=xQ{SSr6q28N05z*nmMh)gV$5 z<&P}`g@575VfF=0Yj@}Hb2ZHx=7onX$q!JzZhV(JfGNpL@^LlX{dgsPyH*m%&vauF zYBf|sZ-!5_xbHZ7e2ax;qH(s-D3YE@!JEqYlNV6@xZZ(Raa66(^emR3C<7DREDV{3 zZf&i#)R%(>9-K6;hp_igZn$a&&{x-0S|raYFg{D{m)tDRvcI^x2xpQ$%CI#Y-TjPc zNW|!{MX#{MuN4-ZsA{&dh@di{8(Ch9eIIsZ5hKBXeo$$hqn%eM$&y$tB|J*hrv zJEQgx=EGBXd#f|`>o6Imo20jT^}>6Vcc>WQNcL*dSYa$9sA~&{L|dC%;kszrT!xww=_ERS(xLI zBC<+zB1T(k1C@UwKWvWp#P7i>Yz)r7_)dNL=leA4v-5B@I%+9mf1ih?-0nj_-8SwZ zaliAfyh-bYi#7UKiS*dcR=kPAuBjh%Uy&ZC%`{M$m@bRZhbKp!#kz zTJqi+yVML6Polc0rcm!bM9Z(9+T)~?bN+sggnVP9;m4?b`6nLDv6n&XAVahs$Mp!2 z>DM`G4ONdtrjqV>QWJMmG0C5p#?nC#H-pUN8x`hoJ3hh(FW7$Ico%nW`3Z1YFWKKE~Smu6`q544oFqt7M4QIK!`h;axBw7Yi!vN#sAW0s1TVT0YiGl@}|2Q6d3`1g(;MC}8p9wUp}PUmtD1&t3iUIbl~? zbHa(h2Q(xVXrGSy?9Z$@(dHI;5`1E$14@K<=gLW;J>xd<;OAkqg3qGwS~!(|Y*>W> ze~vf~T|NFtw8HLU323B7gN;58E6B2`GRAdcsUF+r*WuU!0VCJuTdANFGmAuB^O(mE zYJkFTmB}~q#!~5L$DD#@8atr2{Oa_MqidY9W>3Kl5beqvM;ch^nM(RqxdzLuca-{{ zIC15brr(YBB<4ThzfB8m_2qvz&Wg>m#L~D6Ftx(7Iopx}LEb9SH;FxdbozPUCCnTD znw_`&HX+=ufk-$s_MO=%;x>@IZ6#SV2$S&~vvGNrnaOZ;;YQEg34S|Ikm5EYI;wTc zr-q64XD$G8O}tvW^phyI;!dz`3(tM2GP5!-wUFmVFWg*y4Z^k8^6hFXLL`EY&;SYf ztZU+%m**@2xXqR$^lS2!xuUzF%?}LL3HHS|7_?&^uKw1ZJe9{lXclX)cgfOz?6cQW zeh=(MTUp^;rDidBaU4S{)jijClgi_$Vk#P6ccgVi+5&%SVBrH(3Iiia#ELQXc*2%e zfQ@&o(dsY_^}>~8a|>~TLYQ<^;2`I2M%`^b4wWbAb_x@kk8s`IKM`&kex1j` zcj4ZzCu^R=73nInqj$t{5k;J0JytI~nXrhi$Vm2H(q|g`*?ZXU&B}K@WZ6ev#ad~i zsQ|Yz$TL4HiT>@~T^e+Cs=2f+?mY7^=qG9K%@~!V=^pS*? zpW->Pd75p`D9X`)5gWl{yA?G4Et^pE^o|D*ihBL8;jwL0so+ z4I&TEMCX})Q;Y+Fl>N}VTITI+Hn$nxd;hBzy>^`yT-8+KuId>j`Lzt=S?k|?|BJRiHspL!pUyK&&KgD|}`-dVRQ-a=# z%4n$FBYaIPIXjux8e7yOIt&4D21v}sK(&;gdlPoYf{4B$cLVod>cYnxO{+ijg>6I_ zkSOArTRA2`v3&dmWlMAQ$JQQD;${|grT}>+vJG%Pr!zH@-V^JX3A_BumHrDz?Dw~t z3E;{&S>EBEZ#SS|yYVzxiPxgsY_o}2x3UUMf*p*`i}=lAfW+`3oNBo?^2a&kcpU$Yto_gN{m);^tAf<4e28JxxiG~GuQORvoX8yjc~HSJ zY5)6DeqWr-8=$oL(j-Ii;d~%sgJ^P*zomTc{Q1{H^q;@*<3zX1zKR|H^A}|z(DaiC zv*^a(yzc+}s((Tkwt^bq4f!;J^C!c2w%n1Sm%9^{=m+P7iGTj^|KaQ2VKfe5cr?55 zckB^rV|o4DGkL##Lp)DhkCbELKfLBYMT#W4r$jQ=_=@%)R7pGf<4~(Qviu)-r7GB>p-3^6N$^VK?3uP5yoqO6Z6o#8!>E=}nm(KKy9WQ? zoc4b{UO!`Wgf`rsiLpIPo~j#7hwfWP0$P}rORxNupPdN; zLDvlwIR9pZh=QqSna-x^+%bfnC4V7|C-b@b=<|v2rqS-#;CeO6@z0Aa|NXI-`-6$C zoQ3iF`D#!cEmH#~ck*y7vVR(6|L0=@a8XtC^|aeYY5ut(z3BBs@E<1G=YjQqU5MB{ zbbwmsQJvpl6#9<4HirDK7oG=b6Z-c}Qt>tZ+~9IQ^k=$8dENidob+FU75yV1$^$qT zxw~gR2jGvUD*eW}IHPec%msgUBBELa*KvFN?u&k&vnSabcL8wok}_@3jI#tOR@Fb3 z_kZ1o^N(|i9&e|ck8Yr8>*#;%@@y1Xe{<9rp!Y=v9eizEf1-&M{caboi<17$r^$(a znqQHTyys7o=4?L2MnhI?upV*z&8TPYwE%DQOu*>k@0-DdB`yY$OS$K zjn-&x|VG%R;g@T1r0 z5Az```TWE6{6;&~y81$)D6z}Vg*h&K z5dV^~!Nvc#;%<=@9W|fE-{$-Y56!n{l%hB=S#vLCNGCzSnbW#HuX_Gz3BW55t1uUQ znvgOag`;UNt3z-*#w*n1U;ftP*v100%P+ZGDvE!uEK3%uTFV0rT8|W1hyB~J15uL^Q1ei{M zRMo-gn*z5=8hnE$Rc!`cE&Y6Y5;)MV7L)(?P*n=x$$Z6A>pq`cDe;gVGjG1cKXlbA zp=^XChN9IDsxqHvtxB$u_1`efOdlU|`Wp}3PZ7QGyYIMpzU9g`?%yIlJn=MQ|!9xX@<-?~l$$LfqNe3Fk~UB?7V(uGIYMzTO31Q!(aG z_~WX6!O-`7A`R{%Qt|nG^Y`D!npG@#tnXPlPS2;dSLg{l@&@`2aAGCB&Cm~2gB~P9 zmt5TT8+ytfx=nQY{&-x&2;DQ@1qX>X2*A6q0`h_t+)Ni{Tia^$DMrf?po1Jgxr3wg zO*FpS>_ki7Wl;6RtM7~#Go)YQTT*o=84xf})rvBs`1{^?a3=h9AX~mv31qU?UPeug zd%oaomF+unu?CHtW`YBF^b?i$ipO&bCUA|%@Omq!KHtG&narh+sSMn{E^DLI9 zxn;|(xWK^uPVo)vTy2wfrnXru-fz1%j>dUT?DF(JsadZlm;fyIBc)XUU@3%y5B#8s z6jyl_P?+526D-Sjt9PqhR?+t6C4GvtWj)^W0$=K`;(Vl$Or^uLrz>z^>H!q*;ocYH z=+fcESzuZ`4R}#}yLoO^TpY{bBt3hpYP;VGdhG)!EA{vQ+YRD_UHfF$F>5=3RJ02d z99n1mR71&QfYcC~3Ml??fj+u4xb8izU1{C%PDzamrM~n1qzFJknz4qS047B5{?@N6QQh?_(fp%x(epdYH z+5kwW(U*YIrseMOn*;$%vEq$hhJ^wk3H$_EDI}w6&&1XHR=&)+3&>A7w+#7S1Bx_m z1qpQBpFC}DfuA2%P88u?KKYWMzdA_$a{n9eQRe}56beb>sOQ+mYMq?^t;G~5@H9ky z0E=oaw_aduh-we`S~%)6WO&ng%to#1A`Y}B4$ZKUci@QT;WnG?3}D$MUEU>(kU(jp z4Ltf5LEqsbXkO&q1xsB8+R@AIow`tP`5-pw;swlQKkur}e{iBcp*d0hcl^3%$Wr$1 zd>yE}Bj~LZI2{lAZpXeMK-OgfZIbe6_eUsQSHLciArAV?vM@eh^XTz%bm4kDM=M~V zcAy@(dTChfE2%rMJeUB@Cu`x-Cwpr5UT+c~Po5mEF%GJ{GO^y)4b7kLN?d>fYksebdv5g}MfLk{=T-+V(*e6EdVcI0nLY#sJ7JE@b^T zsEjuL^2D-OPC|KhLb*G~C~@myT^Tii$)$ReNig>j;QWk3)hc!WEr2H zrb}e8Hs2H6la&Z|{JaCeXp)O1%UvHc^x*(iCQueneENYS-d~oT{&WnD!IwLYq_*?8 zj`Q#pG;#+>_xtY7Z2`v+gS%oeWgFL3=?v!yt z#W7YK$+)Dd6|QX0?oX3Im$seWm7sRV=(5W~qm{()8ma_gu<-NrKC5KwXEfxiY-8@1 zmONvhd(GI9Jv(zbx$r~H@2TJ0AVO;TgIaN8g98?(-S zA6kX^^7a!?m`U^VeavF@?cAOB}yu9YZFEjC4d!ITJ$Ufy=q}Gl>&Wrxh zz0~l#Y`C9XIP?J=Ywe>lyauU?IC*{LR_?PG2IT2KrTiYc4D(JNHQ9;m4C3(s&= zIO5qQHybdZwfaiAu{oTN;?^RhPu#VQ_M3&PquPD}hMWce_i|!WQJase&oXayU-|e3 zcBR&_RP3+az(FWRbTwZSX!sKp76r>eI|Z}H$PH1?rpPwpLI+-!#>k{gu0!ueX|Gv+ zr!;WC_K?bZw*t{Mu9hg2>)I{4@FN6AfS=?dlLR(s-O5A~Et)`{$l~uqNhx)N>=Kj_K z<;UwsBb<2esE5A`bc>kwGK#%I&oK3v?rwak8(=+`SSjXbJTCV5`Am&#-0vHYQsD=0 zlpij`dX<82k$eT{IwZs=FlNs-8GIW_bTZ2g)EHoQxX*7h}`-Ehd(qo*xxcoi4mhSbLJlJ~~tynjelxnfRJcPdZUhlkIVg%|lnzrvY*#>)vrgsf~9|kZt*waDZ;1W`nuhQW_sqL%Tj?x4$lZIvTi8dkrV~?c=6rZC|CVpJ-_9wDl9L4snq1_cDs0 zU8ugYa#;)}dvCUlQE2N$?Kc#GN)T~30SOI1D_6px5l7%&FQV{_SOrxPho8K9Su%<_ zpw%4t(mw!zs%9e01mU+0?+=qxKl)A`{BrFY7IzKDJNJ^b9%U^Z+S@nqew9hu(hn~e z+Rof4&rDA5Jk%z?nv6yf+5c$KvVX+(Q$n~iBYj8KfU035!5)cS#SjYV%PR<^v+9W9 zdpRTgJ;9z27^d-5iwu&aLyUiEwS9f_si>{m7mv)>Jk0DZs$qEyBh8IHv&5WQ$-6Bi zQE(CSzNI&){pAvn;h4mCihUp{)`o~;7nxD?<;lD(xUo3*?s3F&yVO?6<8!E=whRM~ z93T-ck0V1MS{^$-Qe5a zD54wE^7I8dmhf%~6_^i4dw5__5`(#It+?EFF}nAzrvWM)Bd6yjq(Hy+-&w1z&?CX;dPTy#02*LlRkRX&G^> z-b>O%kv@kN5=B52a~LCSG2`b52zOAJ$Jjspdd)bATbT{z{Nsh_40v?%Q-yezy!LT7 zUmPcEreK)|_lbAq*wtQ?liG5-v*Y#ClX_E8;>q3a3B8l&k|ias7G#qF4@%UIiDw$J>P@xaSFeoo9dFD#^A1UIz5GoYH;PQ=PUQq}Xz|T}>8l3wd3_rf?uj^no-$=HJujDvGtM z@f?}pa8W%H9VrNL+2mc9{d6H3J8iU0VPjMl$MC-9tnl`SK(%<$umr34sKD)({#xEv z&RB%A_B`ROM<3MQ-~JLBr)n3n`RRcXD_xI3vvY21#+Cc+!RM!J8BENaufamZCvyHd zyjBZa=xx}=G$IKYSGdWm#B_guD_+kQBMK55xCF+m2X<5l3fUcw6l2K4IFHlz0Goy_ z5AywmL;A0{Z;s|AEg4=_7kHcmZVBkR9>Z|UMqG`GxaJzGn|2N3WNg_y0#5K00Caf8pRUR~OY5;kfq5k^f-i*{vc#9uJbiM?i#WoW3{(lF? zMV|wOU6S82BCTYTBRi|TPGBK8ol+(KoX!uOEm}AmUqDBncR0zHqzMcRXZcF2aoozM zpou7)5}?nGSAfLa8ktTX4CJaqj%M`6shs^%|pO zBBTr2%tWbuC8TVFWq!zrXZo`~ZWz9Ob^POF;z=BX(tIUC@rU>i9KyVw`|Y$uD8W!j(dV~Hv)L*XiL z7_m;g)NJveDO3gxu6)pnTUYbw^S2V60Nitd;Flg~ymvJxrH^`Dia1tgElD1Yc(T zLAhvCL~^OdokVkO!^nrx^Yk+A!IZnS!>zxlR5zz+yQ{gob%0JMmD{^!YuShD)Pz+s zFvye2W&OvOheZ%OYKERp>}8YM!$^7Jw$fVng2XVE_;8KnTuf3JPB^{Un&_Hk z>7AP}PbJ^MJAuZCPw7IbYq+TURLW_qErzyD-Ul;Z)7M)do>8s{&FkpJG{UDLpOw!% zc#t6aQ%cWB;rr}|egbR)4i9*t8FmG@%c^Q(3X(A`M88O#og6G(Ui9YH0dG~h$U%ZE z?bMmwt*aYPk1Jwc?bBvAtb2p@a2FRb=U;pY`%u9LZlmQQ(KsJ7LZ!%7or{COj5*fu z_`I-L8+m2KbZi=&ZVvmDQQ2Q%v__M4mM5KT zuCd35dN=Tl4Z)g~;2YQ=5PAn$7k)L_6jmYFU$A<#qSg7@xP^15P5uM2bgpc}yr||2 zp3E51D9&Y|Q*fW6t;IQYU>s>oA&AB*71a@K_IS%C$ShQa*1z?W@vF_{)0sz73p}7^ zz_mp>c}aps=G!`)-!`e7GP!WbbFsP(n%b}6H8j`RaHJoZw+VA&>v)m-pcao8{MqX~%SDbU{vxuZil=0*{ZR4YWp9#w`ddXb?~;rocC`BH zU|OTH+=1GIDf+Ts+J|ghW2@*x#R1ZKz*R1pkBShse;h&N8m$hfQoZx9iEKZBJ)E`o ziK=sKUY)DAuV^tF zIG#cibRT_|lWyE>f+(xBRS%~XdV|aWPRF;KpBK3TiPe6l{cJ5?_>K}NT3e$vot#L$ zhIv%C&c4%?&(ACIBLYp8O1B;XnnK)M_m*App-hf`#>qsAuPq5m?z`5S>Q{F{B?^6> zC+1DLLWmMfP@F$9^!N%#V_HlRCb5@hA1+GDR#$HK-+dyQQKxhty1&NA=Eodf35);b zG#jNflt0IJw6{h)J%6~c0(sLfpTt*BME&#Xr)WK9K|V=hPr)*(y{NL=%0NO3^L03n#m^6bceK>`PK)Eyme|*50`9*3i-xlV zVpW>?wONF^77wB{b`>neFXJf?^arf>)>&Fsa)eecOxBNTL{j6|p-?5pMn_&a03yN3Bpa*y?b8`tXBWDx^{NQ}3ihD-Rs20J9{LaXfo@4XlWF z2T1uf!khdKZ!^{JGBj&SxJ&aS-CmaUs$HYyrAvO(-{41HGa-8_0;fnFGrnzjoy9C4 zm0AdKuPBd!*k6-4two+Vb&Ildy{nG$Tl;wmA?gEX<~?KqYU^4}vL~mn!V0_7u$*o^rJfKW&NJ46~|NQ`;sv*_e@$km>s5dsP4f#}@xlQYv&DSFN zo4oD(Go~IpCH?igaGI^Dq*{FCUVy;bfu^sYd;ZslQP9^jA-si`eVlk}k`@quLTWwS2LVm>3uA0Rg?9z1Zi2 zva@9E0lqr=%$wh%$_p2DKM1$I+tfLJoV+19F=LC6&cV5Oe7OUY$TG)EPuD*VoTIsi zBZGf85VPD8Pov1jHvZ($uK8Vkx?^mm#=6)HKGv)9_WvhCMUye)6it$d3FkZrh!KQ% zVP)SQ^M~421ut|WH0hgnq@2flRWeS1lc*Y5H#9ME?zP?5ANqXMw0)Li#Vh4#!<`>u zvG^)~;-ft9Y`>k3-fvSQZivbSs-aP`frnj3VKu0YSXzERYRk-w3}amD`R=4d7tLN{ zh0iHP?rBWdh=lE4xMYTC1Qk&++Z;|DWR))bPK?eG+U&|6@OM$hI1avCRkCp z3PJT)jz{qG0f1KHD1Y4xjP9?xY-P5kL-ey74b4U}KXV)_zB9KcK6Yi6E_*=M9-Aa< zj(c5hD$clbmpN0}=;={m#Aa9>yVNd%t0Q1I?BhW7nx>Ry6olwQYQUT^h0WwEOf|2O zx++Bk5p8nbpXx>Jm3%~6r9BJW@!G2@q8?&~09Zi2-E#;W$Gk+!LYL{Dfi%NW-gJ*+ zK{HpH14`1?qXC99U4#o5IJ`q)ki&iKpF{L{Xa)|XC6yk@XqBO<1-ICk5ZtOzRt%U> zre#3gw4K5=b%_@BGE&f_YEMlHjgg60{J_^1z!msZy1=FwB|3@)SRZ7(>-f}i**??M zC35v%@}jjg*p_Jx^U@P=C$6!RG8|Iog)r=G2jx zZLJ6$1=@w+*32B?O#Kt~iHhMU-C(Pvp;47-WI22jUfgnU3{%ILxCDh`^UruS^B%7i zb+P=wB%r)i{PSTI{mM-Gj#^TS)Twbt{r2P*z(bfN$s%|H0_3K)2k!Mm zOCvSqRZeTMNz9gNUnPBFTrM6K?cO&w4>Y+TkXB2=b@hH5p=fH(rseG11>Ie|?32`Y zZ+u$%o;M<&x`reuI=~c#T`CE$I!3J5 zTEm{y(RokZFa_GO8rQWf3EEG!Ao2RV#!@$g)k9a7H(9!r4QE^-^tO!RtdNhUJ zZtmH3IT$kVWg+jMjaWII_hBE>=Jm63D@TPoovEH0Kzqq-|gg?(=*)?fw)6qB>x;G*9{R7!w{$a9Da-L}-MUVUEn&ps>rdz~2=QGwiCXJnfl!EnfmmhDYki=oz_ z=1Z^vGm32FZ0f^$$OUB8jfa_p?KrMxN5sV9HwuW!$jxuRUq2pGPCc5go>L!#*E}YyfVZ!}9GA*^(~?;*kZX%(LTcGKVNwdEt`(Y<|%2);jIyc5GDMBJ^{^#*%2QHA|TcaG`_lScGK zFQa{5DW%a1(uIxG_;+mkaD^54;SMh6rhMjjBbZu;T|38xH{*71zI>TnG}2M*l9Q%x zFka1VOYmsJpSS&>2<1^Md^CDcEfIg+p^;R{4B^BJb`{c8HHg51Ra-B%A6kU~e#U@X zQOE+PO%oveb`%q43$SN#QGDdC0uc9EM#8?;(wXovV6JO3vV7U2-kBwrimFT8h}-D+ zcHu=*Ef(3MR_tx1k>oSzQwWIb|5x32$2FBTeNuDmAo-^co-#q$MCLy-0@y2nqoyAyN{A3(4;$>^{%q?z6m~=g*hF?hW_c zIcMfObLPyQbH-^d$5DdI_K}fMX}#WJjD_BZVhGQo@?*)z_gS$kspqFKr{hkOtX@7V z1ey}Tll|uRuT?Eu+wm(D`QBSN6sKJDw5uu1(aj8nH-fGl-u|-HdOF6Q%(IPK7nbL3 zjtF;Yj*K545p4#Zg#!gQbmUdCRONX&h|KN?cMg`b7*gVm2=K5c_|JTG->ERoAiTTs zvUJa*&KM*fYF8*324Cqm?t!&rz4nl4KiQ$3&K_tiPr5=9Y8S_F{c+$EpW5m;8$=G= z07zo*P_Td2J6Yk>4;Dq})0XZsKJUnP6_-mWBSt#fcGYo`c}s6`Z#*@|-xpxI)Swtj>{f3KYMN!m}_gaTzP$-s=~O8a`gw_~V3;U%(?J zbW%92F3}V4y5tNG{JCQEW9hD&&HrI-Jj@Pjh>~m0+tQ3o5)f7v=SXwx{_3C!i{Lze z^fSdkUV7y9va-Tr)>~wx=XR4n8iGMvY~5gumNOp7|6u)D;qA>4u;Nl*cY={hHkbHT zW+yv7UFHy5^NA#xFG46E=j}3Uu#hqZvDC(@u)W^5!FP^+dWs&GcRem)Hs#HJ z7z3^phqU~=zOP~jP}@H_i#vpi@USC(-HQUt&<^%aH2ikR)upO1>W=Y^6seH$-{e(3 zTm_ErHFtF^Q-3h^<>G$LIZnsp5*70e4cw@^cHcAFB+B032ZKU@dtJ{;!?AlS_7$WI z2#>2(+%Wt~djIiu=(Ss*I+z~>qNIi1x#A%aE*QAJ zs*zqmdq53rd29c&kt58{1n;fe;KAVHCA!0#Z!iB#^EmBIjm){aJ@u* z)-cT=cOIEht7k;4rBh+`s}i5>0##7k7_)2##R-$=jWi!q6@$fTIy)0EJWxeu8*$?;Q$Py zqg&?DE9!AoWnlreCGtID29=pjuC);>rW-E9iX@VnI$_aIm6;hfGvhR}}hZ2Q^wmT$mJQOVuCOuh6MuXv!iRoh)%Y8@t9dg)(>*sVmlpY@O z6A4x{v@l!4TJIZ_!f~E53Y!Olng>z9o(OaQ-pkJ8=->&ZH}G2?cQ)n$RH{+>LE}yp zGaFh`c&7;lam#UH;a&M)a6Py1iKC zQ=Hx8EuTEZfE3a-$Qd@~HTM}zs93{Rx*#=mXIJUp-dP>2X70$u50xVdXUg;g1R&pU z$@v-hogau^-NsE&PSG=$ywg$`xq5qsY)Klk6jk}5Gzf;6tVRXgkC zP-KDxY86VX+!sl=q&MJIB$sjL5EBf^-(rlS`SZA&Xnp+jPg>V(u;EFrrm8 zy8@v`7CodIyrW@CA^t&pCN^-Wx1I^o%8xAhl;LQ>k+*eIL zP(7eK&WnPs*<$rntKSaAPrg^l7IqWEm4!|WFPn~=Y*X9_VBVMVLzBw%m*W^3SbXY2 z<3eT3SDg006roT>B3OX0N5Tc6$#b~X*Y~Q}VTP!SkAQdex1z-#J-oA5fuRDBIjT#{ z%xdNquz-Pj+J);7-ST}twu06CUXN;M3*4+kRj0Xf3VMIkcYk8Dcf`&lWiVU^`bf_A zRbPoHG)5BFGmQ4&V!=Hri-9cKv9jKWSYrvZ+g3sD{b`qIXVBuY)JOiKeuLqYciKO3 zz9$?k%G5g+7yIP1ZfdAA>u=8IQ3Bs!0k6`^2QNFsBiUD#kMnirlkCQ9RE?YrRVjPf zD_#529W9<1yy%R++dW-rh2GB*ft{dNSqC8G#)n4M2)d46wvA;bzJ(GO0CINB`?E~y zF;01f)3f_KZtV`8Ed(lX@K#h7V<6l@`--(zF6Crn;`p>fu) z@62k9)rs4C?1%!)oZMfjra3C(r!LiXjo&Wpju6CoHFZXY`V6Q%sElvEt?oSNO6VPM z3YcRZI&Jsn2KKu$xN+!-Ja0^yEz)RM@dE8$N5vePcH4S*!z{j*)WTJqNyJsPa1fte zTix6uwk=QtL*hf(30;nW7zkQ>Wm#XIQj{dhO_5lR(p-J~TF`Zg+ccoNL|N8hBM9>Z zmE){)2De=W7CL0b)sBTL2U+?Rtd*+@bU-O`Yzep2aBhL%Cik*y5INlB5=n zg6J7Zctg^(C=FYihcKr?k}(1}Q{UWn2g?HLCS>`Y0|wk4)-~@2Q@fjekpgtA4_d#8 zS<_xk_U|Rh6%=z3YtKcY_08Q><|;8jyNPwnlEhFq@&&XCLL4B7TQC3C3ng0!DBZ}H zp>)O)ZEK4cVS?nlFq+HqDpARDBQKXpcO4bU9}sujSa~ioAm{;zCzJV5Y?lk=K<-tpkF; zPBTfc$|&0MD)D~Wuj-J#xlT_5Ej>7YIY+&LSLx>5k>eI9I09-@HR{II%zgWAkS?!J z18Uw7M5WcmsLW2h;90K0E?Flofjkfm%K9PR&R@MA6YE}3^}uAq%SxS-Q}6ujC(D?Z zoF|1B^2K4;#@6dj1VC0Ngs-OFAK3n6tKYs=U{dcqBnTQ^|4}fP5%*-&X>~#xFa4>z z)>#o3`+@gtSWn1=&o};g(l5rCs3aBeLmNcCP82k{dzkro^4^lyRwJ07;~Hjaoa=iG zLqszi^w^DUmv4WA!u@H~((N&aghJuxrY}`XM1c*Z(PXrn-p>+pR_M^63iVe69NLOp zJCj|j6Eq`G^27cDGNJo)^<-W%_Z#;WT)L-6B0o^u z*Fh~8yo&F^?U$^=G_^x9k|p?=cP~OCnv2Vq3NjZnTiOja+*N_l5NKwDZ1~6}DH+=M z2s&`$?p%n-S1B^89qqHYp6FK@b4{;i0|)HQV=@it2IWzMG20dyN`uGD;L-YYAhvG2U-9DG z3%j4#;zzK(#A-~I4zQfhJ#j+hK<4AivZT5_$#loSGlKK(rXPnS09Hv2q>L@IGqLLu zi~W7R#R(@Q&)+%O=F^^hL}oR|1`P2dV`VPt6RK5P3rR!d*s6!}&zE9#rD`#t>H+b+rd9 z7aBA3%h1RG=b|B#X~-)$VR z2AH{osUAqn!TJK2#I`9V;M*J*SpPGtb8rdU@~{em&NyNTfo-lsgw(b-f*R+DY<1LY z!#MyIG7$qnDkITC>TxkB51U4Q7((?<(q^ZZqk6U;E*1`f7#_YBw)biaJ0y7G$gh_x z@fn)=gaEu+a=Abg@1d-RdmqVBWe0vn;`4;_Du!zg`6&Cx;x(4I6)se^BwRdWfWeGu zl?gV*ZI2c->cm?o=;BXeYW>@RgV;_LH(Ev*zAa>v<>KJ!RasgH9+*h!>kM^+XJaPw z=FfIOmtWWv*>hPVOZZ}5II5rVIiIP{$%2(h8mlgaZ+gXrLX#j~aCaJ7pnpL~Zm0)` z76P^%(kpsvZcDkHp>4{?Zxj>{dx*jZ4c$t%yJl;hr?h;&o03B??e8m?>1o8Eq3T#sn|r&L3glcd*j0cgM3p`3>*q;)rrYO+AH#+x?RKf+3gS*BvhFxs5Y%^1I9U5Aj(NvOD}_VJ#dy_ZD4-@_!qj_ecB;L_iNn5N zZ<3N{d$`UL`oe|5c+HC>dYRzfM#_I`heg2NTU51GSWl;(&K8(aou(R~R`swXmbcA9 z{qk##k`v#I(5uOQ(=vQoQ*_T!V_F(Ar;ThZP5s@OHS1gtQNtQOn~CmW%Vk%ZPWYhs zsMGe#V4;a)j|w8R>Iu}$hF<~s_14>h*&v6T!D1mN`u4wxWJk?%YM7O*^p=RTCXvs+ zP=m5v2%ginQ92~w{??)Ig$q79p*}6t!_q{AF#1i=RFBsH?xoG2zcm9UmTk{BegPpB zn)o)0&#AtRGhXRuPaJ0gSDNrw zpnuM~!vf5>njP{Huz7CCZf~k}s zx#052b+hl@%q!=5VAnt5G^Z-UWvX#kA3tcGUjd77!^p9AvO|&j!OLA*$kg|UsW%m5 z6c^ksVyznI)DNNgTZt|Q>?md;$^*Y&)?org5^PaHi*&>8Z`KUgFHNq;`B4nqo~)#F zl(Px9d0ho8h>6STpo(sx``x)0VNm$@-$mU=a%KR3l|0pEBF;M-hDs`X1P7~QBkiaa zA6e85Kk1?|U^vbr?43iCt)_y(5G-VEmowe_D(RuU}Uz~OCBCdbak``L#&kK#45 z6A3HQE$=J!dp2?Sdyg^agv73GqwNL-r%=XPazG?j?}5&_Jrb4Zx*;#0#)|X}wJElX zdauh0hkSac63%r&0(EJVk{&@F96+pHpf2Lyo=u)s(OHX zkz{mR7u|sg8@(06W8<@qIv0SkI)2Urr`aK2&h_0DSkk&g^gXLkFfX>6<&o;!7yWaT zT=XDh(4&^a1!sCV`ox8ST_m3Kw!bbeiqJ`+4GoCSM9gO0V(KiZurofAdXe=Faq`wseC)o9Hv2_pIItW7d6W&}LRFu;jZfu$oSL_7 z`reh~TveE%J9+%m!l$&T&CsZN#O0g}UtCW_$(eSoZvXTQ3~)Io^;;V$6JC{u5MW=J zEnMe)w75_>pF0Cv$680lsSF;wXO@F$cZv6Y@aUc1R(A1v)d=EIWl^qbc*34q6bCy2 z5{pSIqkQ&ZIHp43i!UN5>SVLWF4!Z;Vx5pT85~1yv-udgw>FK-kjc<49e* zUPnDxTRw%CeLN#iHv~pCt0n`aj2C;ICxYF8$HZW88uKz880N2;uT^ck;Cltp(^9wI zF8eb=SkM*aIEe+!_h_D4yAvCSd20bxblD1u;gHyVN$JpS# zFo>EZVEO9CLx8f~HakFORsY^tjVn?RJugY_)dy3_@VXro%wQNViOmow#((?dg1yts zg3TXqUUO4yiK%|&aJHC&JQ15SUS%*bt5BbYpw-p`mToqiwl5cPI5%6$)N1qfb6oM( zm~JX0+6SOs-9|@-1yt7>s*(EV@S->0!V~f{vtl0=8$G_aNnXSPD4}8HSqP=6+O{yQ zj~dZ@XJz9a<)c9tv{o zPM&~}PI9eEWq^pYbV91h4CT}#Qs}JmrB1$DO1HON%SmF|m^qC~`eTuSk03nffFxgK ztS%ltoS+~x+=fjB_g1zC&Ty1Y6d7F>?l)Hyxk2~7Sx{HOJ94lBJs4COX1Q_vpnc73 zA_lT{8oFMXO&tdoXg;UHb(UQ`9F<8w@hbjWB0eE|{8h{KDBWXgpKQd8!v$AMtn(dk z7V|R)7wNlIGM`*&GjS)>Km2q~Ll_Z8F4W}e_6D%piBjX|KT!zM&>(r}{xW$#V2NVf zPYk!Fc2Dh{|80G!w*HwXRCu&I5d=^|#f+5*{D`{U9x*o0=i2HHZ*$!@a6&9qRm)2q zagW}Hy{ga;=>_7%ST`Y9vf7h^RYBFnBj@c1T~i03>$NGQqQt@rU^WZ1Nht)d{A?bS zH#`zb1Muqak$3S_7vYl|ZO2Tj-yjl-hsT2E8(D?wo@Wc_%&{iQt(Fst{L{$}OquYz zl$Cjs>1+JQ+6i(=%1Ua*8Xj&BW*S9aj#2 zU8_OJ>i%RHAo{B&lmL9%T2-?+6SJ_`G#kxo6az_nNp|rGH4gu}Eqj%;@ZGtH3*OUT zC15TOClml<_wGN$`r@Gv(^@vnRQn`Ft9jDicTw`#TTsV9Cu@EGf^y5KVo6$6G|N+? z%^+e-Q*{5w8ofwx?m&$X;78F}T^y={<94OA@>1)&x z`3j0+8??C?TQ`8OUiIzNg>v6~<;Sevkq6POMJT&%J3U{3Mnz?wcwm!y6!16QXq5*& zAO1}UIcOeV1$@uI+sq*FH-vsMa2i~{%2RBdvH)Ze)r#8hAjI@H!~Iy7&3n}9j2pUd z(*ldOD(io>*{s|iPbyN;r;97d;?7 z6;}zC2CyeoGL}7dK}8jb0zE|=^(8iwGFsl)1|3EyMmDB{q4Y(rM)xKpmb&P`~te zP`&llV4Uo_IWcCf*Y_Z~!L@}xT!rYQZ;`)74_t}%Uyg5^5?p`Z<}3Vg#SuzzjCE9* z;*Awm`OGGsjqHZy?&U|S=psr|RKP;@@OTm!si8>3*ez%&e(_u=UcgQ0=tt=0m{fM@ z`! z&tKTE@)zjeliRj-3pHAvPrE(?^Ws~(D6T($Zgt(DPrHU5(sK0M7@JiKSV?M8$$=9m zw|#~0$<{ylV6SvurVXzTnKuya4}aX|JLxOmW01ZQ*XEPHn)+k|P`~S_MN6=7pTj5x zLX*4&CBXcJ4L3d3gN_dA`;T>p8LVQv-?Sx1F(z0E$@BF-A6zl%R1He*!WdUQc<^bu zju7HJY(nI|tbi#Tr)i0f<{YeDzz1b&Uy z7tk$pi)y`Y2>E(~mApL@dI@r&XR&JScTqL3yW2I_TW*=TgU*_ta;k6e-0JMeNlf+$ z3l(syorN>*jr<$Cq7!>n=Ct&&H~AHv_!rbwnVp)PI!4p&Q<8>*S`d&n@6a?NB#d=b z(4lkkeeT?|U}RZF(WM1-XWGfBBZ~6f6y+)L(FDYs2RgZXMC3YLEs$=e6&z~rNH=qv z=B#p>7SM*4+kSK1dbRluXRUO%_h5pYaaHH{K6%CV4$47$<@1m=f-Ad%+ZMQwK6b5l zNHu%gy4Ig)+X>-wRSHl++R)CRtXgE!M-!WX1@OZ_1hFe_@LG)(K*Y_yx4>2JB@>h2((mC6)5 zXD4>1zt&nO$K;wmcPkQMAf*=w?j=-%O~gCN)@u`{MWln;(09*XV)*a$Ff4cx{fqFc zxtpOspJCkM#5|W*2F;qKQk9Wuyec`CMohgXv<|51@ip}vBcY-ha2r!n9R*KK89jCz zx?WEb3PnFxXOVTgVwB86q0eMt1IWAdXnw=ovG1G17_}g9Ppu+ME#lq^xHBqL7LwXz zd~^ofCP|*&=z&rtr292ZL9J{V{Vg=@+8OWJoUy2LeitCFq#Gr7)t`HtiT==63y^@< z3yYlvh{FDGag&nHA#ZS-teq*2Qt~Cr<9k5t95Pvyw&Eb2QnwrhRSfEVVeMN4>nhGy z-|UUiq2g56b*#6(@aR)#JZMcfhNWLQW!71r%b-Q+%`X2uw}*C5uyz1jgO9;fstk)3h>i~jM$hg&Z^ z`f{3qPfzSVDQmQn_=jgcj(Qne{0~01<{v=;)}Imbg1+x$PJNKomc+$ z;D1OBj7WmxFPMMDyVFK6{6!+7o4dwysWX^6?%+R>+IfS#gzzh;riM2=;b+m4odJ0K*zUO`}*|S!Mud=efUkS3wdarl+mjwqqnsH748R z#gWxL>8iCK?miINosVsx0F@L&Tz2d}KlnMWLdKl!$ls~_`g$bx$V5?2|wD9gz&ghJ#AYlVOZ9X{tmc5Qn2y_E1PE$top;5mqN zlw{X{C{Z?5y1u&x@X$5je(|{@^qwx(g95MjU}pNez4`YqsY>8za!cCnlNj8V_!;EK zNb8ARJLsASzL;3RReh4dY8SfQ`}xN6-IeVnD6{CFa0NSN#EUKkDW`>v2=8?8ZBg}lLma~WxH`}%8qrc7_o`m*zvk4F)AgjB-X$15b=_5XrSyp+JHK^^}uo3^Z9e4+Pm3*VNY+m8SkD*W++NSGss1^m&PAy&`bPapS=&Eh<0S?%p$T!3`!S+bow z`uv9n|3Wp~ite4gs4QTt=S$bYky6lXO#cNJ{|3lB9Y!_hVs{j{)D#@s{nI}G+&7S9 zDcwS%3e~1}T*ad6jA_P~zKTg$`(;;8hACVZ92>TxbZv+IYzOE8hf#C76=5qHKewy( z5-zO)DD=JjLB6i`uhv8Mzq2=rXb;?Q_ShwRTP}tyV47 z?_=7nA&XuleTulF@2$nq(;t=t|D-k}%%DlMxXo6+qY*=rAo1~ceLDu_9|maK&rB04 YKb7-S?bFx+Ch$+|y56;tE4GjS5APdu;{X5v literal 211127 zcmb5VbyQr zs+@!bsj7>kg|(eI7?^D2PiSVF1N$jP=~;@SdfNH-adHwOEfQAFgLqY2fIH(#Cu3m1R9qJHpAa>-y8ZL4*JsOp?4dBO(XZc$!sROqBl3cK$_;bin?>DHvzpU=(OXhi$ za_TG#WK3|8i%(ri2Se6p&gHB;;$_W2OB#mhzpe)%5x0UgZg<&cf?6cqa{^eVuWu9KXWDn#Z|ndht{s2L!+w3&ZPm$l z_2IBgt5|8aKVvg^4U}Q%5|N1mPWcoLL9ja?0L~7W{_VKet*+o@zeXBCvIb0I^lD6g zxaN{5oIhO^;m|{YD7a+$>aIi0T)RIK<}p!wAxTB{hB8{ZW$gsvh8{w`#ZkMO z-*38pR)smXRo51@sHu*!%Cin`d#l*f*iVsRo2zu6C-5)E9j(2e4Cy)W88JLNpz%ZP;@joQ z`HP&8HYuZ87YVp!rdya|HWj^b?RJ*YpB?!p3Yp()2J1fHs(vzaHD!y6^N-*rxu4~F z>8PSTLxF*T!A9=W{9tFnQ@D+{6_dhvT`0dk&e*%ewMrMZM-jnQw;xBqa3NidkqM23 zE_x83f{oE&hJthw;M97*ESaP0PqDKSjYHgu(b2+=_2R2Sa|cZr3p`<+fh%pH@uDaP zBW|&`pj`CL&qC)08(v}GQNW3dAHhMgNi(A94d6M;_#}u@B1KB?Bx+C+jfhi5KxBk6 zN{%M}l*OupFO%?-Kp`DYbd?owA@GcFqo_%UrwyA?g`7ibl#t02rX`3K$DAIq!p@Ax zE}%M6Yrv?I^2m=pa=wG`B03iZ7Wm@!G_X=zM7A0W(dA8w8!f=DlfX_7ULRp^_Hw4{Ne8N6QK{hVW{IU!FBSJ<{Q~Yv_IKj_+lu_Ad*0Z zbkRTLiZm%0^l*Ccuka;XvvX1a1xkzzN$-3fAAI%5<$;U=s)73fg8{RFAEq?5@si|t z$=Pz?g*q7V8lv=6RTSrxL{tW3?ui@8jeoGed${oO#WIqykZLD*B*Z7wBmk3M>Ds>N zMUhaYlK&e2#aLjM*PzP$wT<>&L#SMcD-+vcacu$TqU^ zz*^Jhe1X5>UiB1G33wp6`~RG9K1-vW@KiFyI%^%0<4T3 zd$|5^)ABsc|C;!EEE;LRs9^XG6RvQi<&P2Sx zdN%soL%KgUC^kgeT)I7`n!uOS0xulz5VwZafxXKyD2q2Eh9|?Ju6Hj*ZptZm`=kH4 ze=O`0&u{n(mpgkbPmXol@?E|)Fr!sBBxBAlXBobp*tOX6w`bF{%`L^jIyO?YC}QoP zO>_aa|8FE+J1yplB=@9wTWcFU>$2Z#-FTS@q)jBmK zK+JOHuD3g}zgSYU^R<&|vbCRD>Z-4AR;YcQt{%C_=u8w^>{{yD_{fD^C;LOTnYXZ= zNijV=%r@-Yxob`{H!>@?r*ZB!g6IC=f-O+v;XopWyDcEjp8sP&2`3YAwdilr#{RbK z!Jnfa4C+on~kUCWo4}oVDkR`HMxtBjRmh zSD{QH!?+*BOoW{#cT6f_hrClHLV7|X-k#ng9rzt>o%S8Gowgm0FSt(w&y3f6rwUid z*Ey%&e;$K@X-0vY#NFL*25+u!9#0|!W+KwO7Gvp?U=?77J;ecWqFTmYTT_8VVyR*s zzgB+9^e*%UZB_NEEXSSMJt#j!qb;K8{`pAoAQYLjo2*r3DxU2g?w*G{)=~MAO#V3e(Hs<>CEdB0?2H5}q!vw`4%`lkT-81}?lh<`2paB_uih zQ~=KinOx#rW@WM0rhyU6WKhaX7)<9w7i1yYUTnDo83-kq(QPE z%}?bvwq-w;={;9<#o|3>K0!@OddHIuH*qidm$*BX4jn_L8kXR!ugTM6hgXX?K*S*E z3h4DduxXlQU}8GF?U=nQw-=DRvcvi7Kf)IJiB?uTr7GJFtWOeLa0A zeUG!rC6`Py3`t)MvbQSnS;UOro#(Ys_jO6_Zh zcif}9Q{YD@)7n$DQ~ba68M%DWGz01V@pUp=8|*U{>yXDH$Ed~}E8)J?`W9`B?)=QD z7^}FQ@zxZ+NM?8RKVU==b1Cnwtp(D8ChPf9jDuyos+n8L&Ze@lqH0NTO~2)NBz2F;((n4Y$f06n;id}MEZ5|2 z7r*IOH`!k85PlqIes9&8-{pN+n3Lv@{NC8wTVyiJd{BL}Zrp78NYY*O`NK?QE_b0* z*qh*C`J!TZYRPCJf^*X9%pQZwowJ0ynFQDSSL0x}`Dbq;Y%@`vpoZ_#)m0tE90ipO zOdK}Jxd64$f~(*u!18o%p`C_0yXA+=+enl8*OJLx6cOJYq}TE3dT>kBoLd2ptqzdg zMl{61XYn#z`)ohFd|mBW!DsO_vgtbWZY}avd`)B!(~dJj?(}-We_RPYWm{Zzq+D-t zcb%Dt(+kp@ayZ=Z^DMbi{#^HbgnJylINhiL7{B~_FpB$Jnctpwelj`gkB-M6UO(US z5cX&Ee=DolgMXJBRF5ukpIQSFouFKHy$uhDwB;%QA0Jab${sBz5W{g^KM+1nO)o<> zs?+MyAZt=PxcxfMCyscke4Tw!Hx4?_{k0!9p57l&g-IrT6rZ0O{9kBhN=B#RfO=h$ zzO6h7JglVqBY^TMFc{d(4EUZ3d$7Oi;Kur4ui=p=uDSAP_sbfgJ^p5TLRBK>@0r5T%~{y(8&VcNmkbt3=EsVFNJ&WrUA|lJt4T`#cXQA$A#y7> zHz$4;77q^(W)BW#M;A*LHaAO=CZ>+=ZbIbb{|Ne@*MHroIl%gVB{{hM_pm?%WclX`3mY>l%m4HZYAX0o zDZi>Uz}!wp(%RnK!4)J!n4O)KTku~E{+~<#EAsy|)&1Y5ygZ!$x8?u2^4~25S^gQp z{~6JLP1nClLGvYyAjtARb1#g*3e7JIS`I>MNfiyyH^e_{16sL8&G;Bdau_$8MT4L>>=3_jsMNfCv5%??DNG-vStu~_N^hxeCzkXT#-4^nW9 z|0u~eoAkpVs4St%20;Bs2}6-|eJGZIPEd}O`{F;GD9}937At+p{Y~;8O%bRvWx8nF zL>7-aAj#NnE$~0PV_DMmR3<%IK@*YxXof(QWmyB=K&w-9McKR50{NeAyLeGOJd7?dDA+}D}*F)Ir&B*ip^!#RQ=e^E+(V5POGg@%AF~w20 zT2U|%lje^2mDDM|(KlsQq)EtXA_qQi!JT9A*ZNJ@E9{ErN ztQp01-LLRZ|Gu5sUuShrw%l-= zzBig_cyl;OxgTww$Y6VzDqpgVwA!*;s`zZJoqh6sJVDvz#M35af_h%w@+V`4DT&#K zj`^1UP19N`mHtT4zI}1+w-Ho%0)jX#=J3Zac*i?i)PZrba)>!TxE33$RXOb z!-^s5V2qN7XVfxE(z|%oemYJwU(~{Smeg^8{75g^f6cmyhnJ;fZoyJP9QoZX?_oA{ z#qX%*74?&W3eh4dbH8rndA}Y{h93Y#fz>OyfAPER9bd2WnKjYvK2I-PWX|M~fuYME zXBH7j`xvv1&V8_ykEf{Bz}*RsZf9YaBC*vQU(>5S8)moU4xI2JX~O?Ku5q)W1-+k} z3f)id^Yllq^&%3hP7{c{Fk^f8d7e@Jz#t+7^)@8)DD=`Nzf2h{eB1FuR@Z37wpRE3 zd;8AJP5#km+RX*Y@$2uAto=^l4|zjhWG^+?2mPYrQDwLFB~juO7G7_MoMh-ZV;MDe_W zNvGWZ{qy`!o>UILaJA7^yCqFT4i)GEYkRwgpxb&JF;|gkklWquHi!Ayc$3gT(mI;r z*{F@z`b)fzNcpRZQ>xuSd=w^)a>}YhyVA)*Ro0nyDBc9l296V>6u)kqE4%C^0pb`J zj*LgD^a}7)Zp)4;Vdjy6SNMG!+w-+OAc6&B5$13|;iDNVIjEIGnx4Gn(dgNwz2iyh zO+55L8#}>a5jzS{X+_|t>n7SJSWo>8y}s&uo}!CPGK7o7m+e06oT5$ZHGJLreXD`p zdD=A14ZyF;%LgG?l|Q?f+@q+skIxPs+FeTp4f;BC?d|l_V;mpLEbBlcf))RRBl;vJ zg_pk`m*S?w=5SQsQ1vf_^ye-I5xyr)0ZXk$|7&ZZXnhM+AwiB21c6Q|6E_#A;M;Q0 zSX@fSM#3xGeNAE=E0^>4H^VoqCLv9-$I~>`N9qPgVx7f9b=-dfx8XL>A!)rLjC|!C4SR?-B*5wK$p7 z-&Zwn$fIw|-5yNDUKJ{&F@IWb%hj3=B6++SW%MP(5v5f8+pY8A3N>@S(fL}5o@;yn z=(Jhh55*0kInPCaQ!zYM+LkLc>;_q5Jb@pT##%T7H1{X-(Hfj`3;n&iCAK}aDFQNH zbcrJMd>4N1)s>rmifAxvD@V#y`|R#V(;(Xo0j2ihH>fM)`&&1Z2K?~7wf7J43CY4A zlHu=%8<=^;Vhu?nsA;!3=AAaT=*N712C_YY8B6<7-&0+=Ze+Xk@xBLdyhd0w$`&Z} zIJ7bX?>hNd+j-oAaB)Zlk1I{laYNwwf|T{fi#MANHGI#vZOUk!m(~Y0IWdW`Y!^Rv zAr5mphx$A@P5>ziH{Vqp)x;QAe@!bibfM*TEYnn9L766pZ!VFByV(Vk$;+F^E@)P1 zXpNM59VEP`R|LoAGd$1q~5vl^3;Pj6vW@Y9u*9a zX3=tW3GgzMe6-0B``Vfvd4}+7FgnK_*XTB6*{%8M`{^|qJ)DWq326dcG&|QK55O!v z7A+V5uppwQ<8SFJah<4Kzu}oT6Z=mzQQWL11s5~>cO-E3C4+V;VFx-6nP8c>|JFO0 zva2MfJhH@HSiI$V5&^;f&kY_*2SWaJFN&E-GfeJ3b;vS%kB8;*Fd^N15=>ofD8n=}U!Jh;;O!$Cdz+sLDtsvj&w{#rIf9Lcj=s+AloGrVK zW&xK9vcX^1f917kmlj;?l=JO{IusQwz@e*L0BnlrZoMw+VgMMS*nTlY92PNz!alsq zgEUS~3m0vF=U`BBnzXa!uY*a(HZ!_rdE35%C91Hh13|8~Qrkjb7a8sGbr6C)Cp2>9=V#QQoG*lo_H1~nO;l3A5#;XU?{)>*3p>1V;S1oocYM|n zy(|-k67BZIuEB>c(Nhjk*Iuie=a*0VEHcVpP=%53%*j0}C3G_)x7K>gzjt6isgjd- zPBqs*#!K`joZAcyWcj^jB#isps_0X7J#=Ov_u2Q)fY6z#`%NZ+ho}qd%N+q*xPFtn zAi&)7yyASONzRY2Mp4T!DczEOz*LyoM}LkeH8MRxN()-kUKgn7{r*I+pr2 z;vrHN`#gi#UaxSs^_1-Gm`zy!i)#fs=QE<_S=TLR-$+h@)^d%Dc689petD4d3W_g0 zd5J!~WKh89lrN*WH=rg0r^4JO za^-h5Kr~q7PA?_Yu0eE*TXW@?^sO&Bp0jap7n29y&J|dJUGh2D$5Awz?O-r<+0moX zC{YhF^S&ag5uQ@sE;N<#_n?Wn)<+tj1bzDZxQw1S-B70WH#MFkm~QqQtD>H0>e_q_KXiCwg_LAs z!@lXUwJc)I@0qSPLpNii4amU3t?nY zK3c9mz-a4zYve~6gW$3UEvaCyx4g|#I7mYiq2-beCIPLOxK8#xCTGhSp!Br>H#)03 zF6&ffnENmwRp;O;(v-L$ML^Qq@D(_SpLiUCr@~sT6MR*e8#ncvj3`M9z^*%+Nj5)u zS2C%;4PX7LNbsmy@`Tiv3;~UhZtB?m{v!%brMly0G~w#|(cipl&FjjwxCk2V!RbP| zWRU)0(96J)`nUQA7o>mAS3Q2fsSq2HjdAVB`R1^Rba@|_G9J_j(%Q>ZvYV3%it$5> ztd>spc54>a0p7`W?dXjtqc!Le1F)!gl?u0VMq!&Y6yiBE;1tAa{9lY zg}%m^{c1fZuE{U^Qc0vuvj=2A!7IVBASc)V#An( zzR6mR*P#<8nOMl#2C2cyBpw-kws92q@1M1A30BzX)`fIIZ{)iy2L3wgQH05F_;GJR zHzn0$t2HyHlikdGq#zfL=I5O5SUXz~sNiD5dAG0+Da|^C#E$J_DbsT!C%d=$gI{l*@~6Kq5>gn`bx$-#nYl(S zem3Gmn+_HiBr)iDwU)X({3WYJ%}2AE{pYxVFE%Z2FAx!fW}R;q4PkN~;BDD;BO@6> zwE`0npe}U@o?YO!&6u~l0)1CS^0~tDLe@ypFx@0H{QYCJzc>~j=uaP;Y_yK%Yc{z9 zxq|ZA*vW2f1b;M_k)De-gBz zLnCNbq`QUmCLY=G9}F4Wxn^K4dOf(-<3KU2Lw=|NnP2`L3l%ZzDRw}#+%6!dbrTb=9qpX^HDh4nG6mWrw;0f$^g15YeX8K?bcz7Zm7 zGnqmia}kC;-gli;MS)GoXVkI6GoRd_M-*~g%&VuBi$ZAElq-B+A6{su?yOeNJjs2< zHQaQ8R2Cd7U{kOJ@81) zq9@?un4>IP_!fQH;;;)-txc7hLwd{ec6KxHa9E!rzs zyD{F>oyeUI?&EEl?8Dm3vRn6A5>xulm>zLZC5!)Nfpt?HZk~j>Zx^s)s$ulSA)U+B zOR36LXY*^^NKE%*7?d}KKZ#B%%mxf;7F5Q)S{WD5^!0TD~k3 zcn@!bwePvn7aZ-*v4nNXv&w_o+TFWbLXVcdU434ixDkqO2JeD1zr0AjzHFGUJtl9a z5zlGZg^#}yY>-`5`$ZO0_jeLaICVw@MEub>z0bTB)>PjVDL<)4ki}d%c#UVu>*W$b8DIo?6BtG|FvuUOTADZ0?T_<1J^UeToUoz;7_y<+wjT8}^F#!a2DP*vl7kb^Fs8xOAs;?QN zUZ_*b;^yj0e!XZ{Ar)M1v`rh&;25qP`^k`&?S0WYQz(b2M3nwyxzOQxJMR2-^Jaf+ ztTz}I`qW}7mx)Ftmvd3I*tznPvw zPZ}G)istaUE0T!57R2^KyElkadJFpyi}>juOaUD~s&s0_M}IO{uD~PB7R`cB4Lije z`8^j^>bI)7W?FxwzTwM+*>3&2l$=lB%ffP-fxS|03Ce z1Scq7Z#TWQ0qZx9^pwIi|rz2IZX>phuaeB9APz~XQBN=3u-_Nqbr{$?t1!fUP` zfhCDu|Jil8106kHo}Dape|&9$Ogy)>N0NjO#PIZU4kSnB>yhG)fKLbwi%*kM?x#;h zYoBA77JCrtqYJv+uQ3i=B_pRrGrY55>v9Mld4v$ScOxSf-~_zn*XxVha{hjUK&U4F zmsjj(TJ5dWz*VhH1JwNUmk9F^S6+9=@}+qX8}cNBAHtm`vd;5}1gV2Gn154?RP1Os~(;%Cfmw*90W{+FAM^vP&w(+d!c# zk?=>aZ76KCk%dN`2Txi<@AfeWjp5cNwG;0u9Xi{_QcN4foAb7?YEgz$J-$cri$HHj z#wE)(-nPeIK|N|uC?k&VbE$6=Wfv}NodF+)g>UaGdg(AH!26QDhpM>`->#;Q`Y^wE z?T?*9^n#x)R~Ho}@~fLX7!Ka3d!(ft;DnXT_Iim_Y*MhgcKzme>t3)O@=aB1GQKBk zHMb(2!I@!bn1ka4p$Dl(b6=w#UZsX%Ru9+tsRmolh*2N;F3Pg*GqB{&f^PohnYA9? z=>1szVoh?h|HpWUIOY(Ix1&5rTBQD7xxA@i-ctMEIAY#*DMzi+^5Ir5P+F^@A*aNaL2 ztPdB;ZHn$uJ9_#&3Wrapp-mj$8oP0OkicPpz$T6CM;XZw-0~^YtevrSScpbq`X63b zKkuollG-N>U<#zUlq0DzZ-oD<#J`6Y+ud+Tu6R~?WUzvVKDHkDT2Krw@wh&|5KUIr zyWbNZ(kopCS*e`^zY#fa!gBFr&%}!byk4CWkar=vbr&bBohQQ}!%CkFp)|I#;RTr+gH5aeYpB=MS98% z*D5cnnXY9C`+CXh-#l*mkHzwASV^LkdUtx=@3micAsWC)LN~9uM5AYiXu;rgJ?%s% z9D&mrt!W6L;ghQEmum)o-nPAx+l+*h_~Cy0nNWx3Kst{SLX&3bRaT~VB-#rdVT~3z z7-ibAy8C*OyW4hJ%^{9`Da_}xhbBp2z1C9ek$iW)s+|kcue_(VJNePf7!ht!*s)oL zj-W_}%jf&!n6{Dceme`4V39%^w|KgEC_)B1$lZ3I*UY;?3+J?3`s*V@L`Ge%!*=E0 zIIv*5(qK)!&m<{h7|dG;!Xqsjn^BFas*f+)FS*GHFT0rZno@8K0c6SoO1Xl%Z622w ztA{Yi_>@9kcUQzwoBtMGlI=m0_1NkOY}vTwggaarPPHx1p>VlwUEVKx3ZcPYCQ}6D zbJ$dE%S@hTs2nC9f!SY~|`BvMv(-Wvlli7C(k!lZ&Dm2n*fCq7o?B3%^u zz0J1|nSU3S9-FA2=RAKeN;3AI$xEiEmjne;oyMn2q%kGw3j6M)q=PYZtHat){VIi? z94+RD5x>tl z>Z%0SZ@zQBzb;xr z_F<+$$GMAzR$8Poz6^|qzDnE=HFoEfu~wRR%K~NwjQ}^>im}BY6U+h#q3Lb=$(*gb zU=@;8Iog>wSvu4ii#MqQE0JRvQ%)Gg2pPWr6BYV}vZ+z^TFTEn7H=AK7;v;$>|Xqw zi!syNEPPR%e8qD2ktgy%%l*YN>C5aefN3Xzw^VSl)%KObR>$_kiPQ$pqDIAw_ZfHT zcH6b-A<rSS{jRAWG?RzBf5yQet#AIohWtp5gI(l z)qKuh?%I$QcUfXv>(tXSuL1P@At?PNT#UZ$ivNd7GxPO1aBUZE(ovFoMaJZ)07rAg zB6m}PYZNxuvpTSsOU&6)d{{>kxmU=36BEt7T)Ne+PHFgrgmWd_ApRC_TW%QRAg92d zRcN<-BCwX&%+T3)s22_1F(fs3+ppDP>*g;gv#yyx~2>F@4R@U&o zB&B{TqNF;iz*bqZ(8I@?7dyQsvMa-HDpKn#kF;hd5hBusX!{wymzvP~1hE?!Mh5G< zqHbOw=#sil!I3EK>cSXU1vq3#7YOG2d|&*+eYs#JvSKs6fXc7|AJIJzL7We*Z~prOx_lBRlx}51XI83F$G(-KNFM zc$5Bhu9u;z&u9C`=irA3)TQ($YE9*3>G63ryX>X{&1pOJWTXc*Yp-i}+lB{j^tGQ& z{3(&qy2pji#DQc&m~@ndnt)j$-ML(4YI^Hwlwq1|#_5|sk>NEVNyEa2vPn1rAg zoEe@xtfHoCMG{Q6!76cixKkqnrMmS1zux9_p^BOwE(BqzMj{-A8UrTZ$>(N-hB|0i zhQv2zt8NKAKLP0fu{?*9pSm*`JqB{xSwN0A2H`A%0qGVlw_Q4)jQHo0YqtN#^UWd9 zKXcu&{hZrX`LZ#XYJjrZe2Vy~TZr7vnBauhc7gHvQj2XnvBd3T7c zR;oZcR#6gN5+j4pwK!51a$620A?B*kxHrhcKZ4Uvk6Ev2Ji?jLBO4XnxRR>a5JY0n zZE)P&AcU}wbk!_X73&~W?Ky{hLYaog{nk4Q3Paeupyn6*yd0O%nm+x?<-UQ>9}rD| z2sVbvrpfOW%}`JR`|!z$6U{5l5Qn3_*Z34olL@bxa(`al_{=;W!n0>O(_?eo=cd$(K8S#Qo#J zLk(U@fLBnH;xV;OKBj`9y^-*}IBE+$s>KJLh~w<}CxVIMiG&#Rf?~k-qmKa6 zlQxCMT#xK1-t7kueYh9Od<@bc=pp}_3H4g}_ASN_S#s1%VYz#vM^yuNj9t&bT2wPq zBs$68#N=`jEgN2}qytV<-fg>e-i(Z^Y&>)!G){iPPG)O(W4x$pN3D}8m9Gi~sO#Kz zSlF=v{ZTlIoatoXG`GI=aBbS5V%6_uQ^2NPT5G>4;%2+bv04{V4OmGPiB;YHr9 z^A4G40WkP$nf2FvYdvu!B)J79+gH~;WZ_b_WSg60L+yB=L+!MUvSq^D;9_XB;J}>+ zIei_SDDuU60wN5svNt)M?b;DP-bs!AH0I!;7S2@#{cANeVCk z$jOb}>M^9qk0ULL<jO-mjvC8bh<(>hQdQ zx=<b=N;IA zXxT_4!h&CrVHgs{VPnuEp<$|Y5s;v`&^$osF+*MiXYuckUOwCTaw@cVQsh`| zK+vvOOOOg7D$sRc06D#Z%$-ifyz+r$Oi0mVkFc1U* zFD)o{^s{4LM*SQrl*Z|7u8n0Yn?aK{xtO)=3&ziu;n3vgqF>3+RPI-cHP}yIpI=2D z<(m%|GxD2{QEOy(YEAOae&y%PrdMJ_I8tn589m0%f{mO)IY^J z!%8VhY2K-9`LQboIGLtSM!f_4+~v!4Hm(T%h(OREEhRm@rD13b=NR*z_grY1!ceF7 zc(`M?b(>ek;}zU84(PqUx;>(I#%+DpnEyEgU>sQsLx6M?#5J zuq)4jdu@9>1m;H2G&$&U%0sOPr%kThe;fNyFh5@~3u1TW(nLk7cc+1&I3Xp6lN6`3 zA93&A;ZGG>P6dFbdw@&$h~hTh>F2vKY|7>S2SQsuL3UqkF)Q`j8g_eKGx))io%fTiEOA zTwo^@&*=?>-Uv>x8IB6WU>_2HGNHgFqgw564(l!mM9#<44FvHQRG=v`bR6#Q_(EUT zeY;le0VoS7T@pKZJiEu`&MODbSTP+XedrCFKE9JZ-$dFJwQMM{9y842k00ULhI@Wp zeea6DqRhL5BLRUF^{#tS(whb@oZwMkv z@SA;R!PF##+M*~Z#oBSQ;V#4Nqq`%Vr%8kc&1!CK#eqL`Y)o0%eC;9yexm>AEsq-out?%uJrkK$8kI89q=AF%EqTtv3803L~97J!qv9DO2%Xs zfBK&gzkOnUT!wr~h_PlQc(}O+QGO(6?-G+M>TJV9eQ{VJ@WzYy6Ie?2+p+6;NOI=) z>KV;U;oZghs!wQ7kF+2jzgwx`^Io#Wd$mD(Ov2#B?z^I_?ipe&A{74bP(++eIMM@! zD^#^9ooU1wI4bGFt=!!bpkETd`$sX8M98s7oWdyDnGC3weZ+~_FAqZWDwhl0E z3CrZN%`}hjx@g%&sTcHnd-_|ayL}7$U%@t}2nd%Es$&$2q7Q(H2^L!FEUp;9-KYK(bfXCm4gF(@8O+V!?tx;0{`d zYktv8g0}?yJO42NN)T$sdi2XX9rrnbcoxehV2Ss~6hku83H15Q90dap37a{!Rog$d zvaN#aJ2w)?OeZ?mILv!69HDzVG!!Cg106k4CbR{wIB7se#cv)GT7rYM{O#aLl; zmr`6&!yfnugj(H)2%cywOLX}k!11j4ah+WxxioT6;Jx;qxr@fI zDO+9*Sw4K*3h>+RnsJW0{Oeu#+^;b4!j_p?d<^X@MSP(QdQ>&vY(!NOuNf)T-e{=u zVVQV)B=iyXqO5|;bozHY1UlZ@JKHTjdN{)21m$KtTm!Iuomu4iK|15jjI{FAXcuz3 zicAok0{7`DQj1g&@9Mxy-J9g;d_(cKd_Fb0Oh~+hefec?_L$zN zxdlT*eF9WV&3AN&8lFUy?yuXwjy#O_#Tg8BhIpSGNI&mQTlFPxaddVSi@2)$Z1FyL zf)M4accdv}o=miSo260~?S;`Q>w&(($X$_5>M0+Lh^4(QoUJ9t<6CpU)$`3qz>Udt z;oBt9Sep)C%kYa9bYSr2vQ@s#^8Jwvi%kQw_L6xs)x4!kJjFvRn!TOO3LYG%F+fXi zTTXmPCju-S>arKFpgjGHt6$97ZS8)j=U$n2A5iK@LY83hVidx8pxl9ot$KZf^2*^T zcQ@MT(W)US0M2f*#fF+b-uIzkjY#_oYgu;X?8f>cv&6WG)VO~qz`-h}b`|qQ*!Zy? z=#842FwZYtv+SbyF-I$Qsf-%aUm)-^g~1jUYWl*JZDuKA7ZgMTDa?zRM*^irGi33^ z+l%L6AKyBINZvk7Jrp2r3AfG4$ova&x4imhXWkT5VYu_=Be(UJW(Eyo81K7>9p?}n zi{L4sm3`coc%|TBNy$FTd*6{LS05BC_jy!*YlKPP63G~cZGL>~suXGZ$icIxh{sA> zW-aGP7s=7VeW$5R0hGo1n4qrW7%NHX|e6T&&%v85U(H3kxXtsOH6W1Fx_Bi2>VziV}6shh>&PZ!-0*%07cv{5P7E@TJBQd zw!PgE)^XmZ-81=zu7jIxv+iZCK+FnAB#{SG?Dj?0c1)3uANB@1pU~O0>5=y8m zZi%z2%tYeNPumzGO`sSivz!!7DGMR&{3SfEXN{&aEEM)CSLT>E|LU7ZPAF1E z9^dw+XQ_U+?f}})o?i6m-mlNi{I;^=#+D8!B*=2`_NgHpQ^e7-+dYtx&J;y8hd8EO06f`mOo8edJ*+?+Eqh z70~Le%eQ@eeqx7U&9IL2^yf7(r)PEM*O9;9)9(o??j6)6FJ^S_r;!$;Ps7AG)eUQU zr(kT`3L@#L!7O=6D|@#Cy%82}!&>qgD;*KU;wRr^Ub1lntrLH*;}gCG&+#Gl^Ep+o zqvhVg>2rvm@?4|O_^`UBk-k78O$urQOive7EO%a{4ts{PQ&WH=zTNrN{UuN#G%Y2dq4}aigll)NU}Knw`nWr@(x-F^KN^P5 zx&T=3qu1k93Kuh*&y20+aa@0lnJRfeZ^K{Y4S*akk9b4-AMa1sPoXrtoA;UI$PZQ^ zx=yrZSj#fnTd;798>AE9TYH74*zr2`*3q+)dU1od&Cg{{jafq6@Lx>0Z`m)a4n(K% z;R{_?&sr2S0as9EB^YK-F^1R1TdnGiZd$FYhlWjN$&XzF&udNcM=fXCMz3cb`*lZs z$yWc68Qvx%-ATr0UIlRPp{MLS7+S)tXef%ILd=*rSJDZ%K%w#!*TvZirE7G0$(ED+ zt5UNIXH$c?pTUoSm-LkQyKgYoCwyy;tPQ8$?_67{F{fb;2ii%HcIjSdbK60L_Bhv;M>4@_58|awmQX|$edXE?)TLmF z^w2+Em+uX;F?>HdU*Wgq>iJ7TXdYT|k27L@3+Ay_*DXbIApyi7y3^iToY;0`lyC2V z?X8Avpf|W#Bam!jwc*!aT!;(rVVDi|GmaHUlFPQXuPcP+*Bb$ku(nv7Nm|3H(1k^H z;(9|ivF_Q@Q4%824;R}^B=$aQd6#o&USyrPXS%*5ZGun2U&@$>!_&1XQU^RXMO9Z$ z5(9Yc<~mCTK*Te}nIrS-bH`!u4i=s1AC;F!hA<_sLR3RSa4L2-$)2|da*ZHGWsA?_ zUdcl8ERVwbhwuoOvtx5TdKX8QDDiK+8gL=`rUI+Ah zv6da*scs&Fufiek9?#@b0P&|7Si0ZpgcO%73x!#Yd%!$T%1Zi1rC*XbER~ZdVOOV7 zWa*$xkdRi}+>T9WZc=E`nTI%`|2?J|07VG#B^PAy#%+kP6+^FXm;Th>^h|w-p7BE& z4Bx8oXEg;Bhd9|+AgC~dHq91qc=Dhv8d{I@7J|wdzoTyVrIST>(PGM6Duzg38_HxC z{V%ISI9lS_-#6-;ul;BLam+Ds-f_hl$9bH`LkKm-8dF3ECm*jk z*fgSJOcmnIDn8qFxACn-9%T?`P53?Dj?3{I8c%_p?o4E8MWnSdOHF51fG4-+Q$q$Z znZ7eWf7R;7`FyS+w$}K9TfZ)2$XI5+ya141oQY&?gtW`IhMD761cdzX)%*P2_wY2O z;dzJ=mC5woDF|}1a-CFa))&>I2P8Bz6ju6kws=Kp)uKKW6-l0MIK9X@sW&|wh{B!; zfnb{MV9CS6@BAq7It`}&@@zmuGW9yO{mO58jMySty=DIC38S@1PE;s+Y1Ego=Lvf( z^TTi8pN*vEkJL77en_zXVPY6M371;B@7ihrn3DUO`+W=QbOS-69C z2_YE~hQZgj0cFfSPhx}Ftt4gz<9`EE)O6)7Rk)8YyQ&9*KHR8Id(#yD4j$^r<1WN9 zy!HdFvliKc!!Gy0Q{FPC1sq(|nLf!NiK9bv0yr3sDXV6_)>CC~St|LJ_YBF2SCDH-Ic5^@ zg?sSRMIr7aW`tb>&iQt8v+mH~1EQrD*cnFv-$m$s0q9-KBdetfAMJCQ2|OBf;!`BzFGxBZxNo zTS#a#Hj;shWTgGKt`fjG8pcg;8^KudpCVcG3d*)#YB|1Gi~PuyasXjn@5hE%Gysn4 zctIYk#WeGC0XOIAmY|Sh5JUMZbyL)o;QHI|Ov+1y;bA&jxCxtOWQoHnnrr>V?U6r? z;O6}mqSf%hf3#cgquZuX5-cLRUsi;Wo`Lel4XANQ6jYi`(BZHJ#InWFsj@2S0=Up< z65Ma_D>OqO6GyyV+gpCUS! zuk_wNr%U%9TSpDAH)Lq>_%au)cl`Oo&azE)uMNQ6gfD9awjRwN|AJbXp*y8$-@P$j z7Q_joI{Y0agDKiUjyvJxnz7!WF1&nEi4Z8cr`HvOnf!j!Ox|Uk<0G*aAyg$poqe{a z;Jhwzfs|Qf9V=l3X}HAfV>(ysTvV>8G|TLzRSP|Kc8gU7C-5p@2-g-JL z@Ue=Fp*6g}=AD!urI9##wTZA*vK7o@j&I=A5FF;rIvDH>W2;c3!W)D({>!^tg3tFX zsoWCZoVQ&Om4)Ejp0%SJV!1}L8Qn*PX+4yy8`He4vPmm`x^V30M{q+LIl)4H2#L5# z7pZjP)R@8MsWBca_B}?eC(8o8{0^ZZXb2LJ=X$OGid`CBlcSTuy+leVyQ)jm<$3;W9DHvg3d?-u5OdJ!x;V#kjj zrG-z^Z*j@Q?y7#*Dt_5@aw}6I-7?p;#t8jvo1N$UF-yBrq4J!AuHUN;MzQ(sNQ}=m z!vRDo%b&T-i%MJBbJ6$1A1ANoB;}2HbK@Y4sCIt-Wfn%gD(yCGu}fT9HoY&P+dS+M zraJ+EGlarvoGfMYAo~w<6+-JB0TXsI`Nb#$m-v{&EydHdjCs+UBzL|I2l^0RGCGZy zPfNcq+(tX@jp;fL$|~0-*%HjPotopeJ!OJ$eF$%~R$}aB6__9P~1m<=-w1902p4^Z0m~3%E4=OhvM4fC#Z9IuaCnxZGag#s5U0|`ypjgtU z&~cu1WN~ESLwINcci-^t?xWuf024Bu^UeFPiz%xI1T~@^*kZ3L zF`@H3-E|hjwxE`JC864W2dPpi*I6J$nHmK*tDeu3C%D|L9+u0A07czJF_OwvLL?W9 zada_i@YC&yVrtKuqrjU3&->6>8b296;|!{x7K!ZdNK`nx>5 zPu>`-z{I&k1u%G!X+onc_2oHq{aQVc33@sf?>PKhd&p_w^+qw+4u|}o1Aa!YFG2}Zn(L} z^ddCxhpn+!<7U;y{5AX*two=Qm`y{S>U>h}ttz*#Js~swoA#=mum*V|vRijTGMXum zb-JYL3!$dh-?O( zBDB&Uch)xWklz9tXoX4EsGMqLoCAJxT)H4F1K-wN2hZhuD?Ltk3Q3^Pm01oE?zlv> z^EVrI|0+Lr1Sh6Aa`lP-#}*1yEAt7Vi_I_bDo%XNcf!nMNL?S*aO?muztphHo%{(j zq0mLS@+ZPhu*kZ>VBn9jtY%8}vu4}x3n7TFCNE68WwCgadY!BYCa z4w#z^Gnpi+qz-;X5A=Q&$n9-@17ZVVx5IWs39X|!>((tih)4O_EJU#@uRNH7uM#cd z1;3e6o?Iexdx;1fI{kcw(XMe#l^V_`tPX6XcX`kZt76=rW}Mn{gF_?H@FMgy@d ziV7B2L^;V@ORb*M0)qE9)mn}-M(@+;`L?DjvzvZTzJ*yqion$s!w}=E1V#eBKlN30 zjn%>|VI829hl4xqkLo3!@A*;BN1kYVU!w z$4;%)f*Bkiq<#7qjmPbXwQd>t-{~)0SYv{6;mbl<0Fir`XxEZLj=Fv#MB1x*mT_-T zWK5S^(716BT7XVhG1x@RaN_D)4-)Zlgl`u9q`#$Cnv%Y;lI68+JrPwwweE^xfTY72 zM?|RGwiyW&I+|@qwkO)UFLC&elI-VcL; zX@CK0?%^WXX`vVNVwH`X;px`ycY{l|Bz97oC2`Ra(ThjEZ$9UR=r#q|(?uc}lSS@n zDJ7fM;NXe0%q49(aYUxPhxPGy6xNqV$=f2a1mOtfA(myC7p>FwwS%-nj zeWh?mAVx#GD@eelrgM#v7J>x(ek?#8{Z+pW`t+s^;dYoE-qjWpDEfW*iZDu3zh{Pm zcrT|!J+>yiDH*wgDxI(9ecj1W?RtWV{Ty)zQrebAsZ)MUW*4c#;6jHLzVK`+n4QLk zyOTL|en=vat!MJdS_cMHHNJ@s#?G=Zf}az2jANEMnw2E^w#vD+#?$NzE$eI1Bi%wp zD!@Ix@(_0ql%Junc5Chwi%KkyP%O9nA%!i^Zh&2a^gbP<80RNNcgg8+jcyxc!Z1;y zv7cz=POSbexLt+!B)$0kne;E>dGdO7y^JE*?@X)6vsL90Z1wm0kmTn1>Kct&PsmDs zTu3olaK_@Ks|XEjO3wKje7g#2?-x()GEBPKeF3Xl2TScAIjW&JIiRnO<1Gv(G%B4T zbJArVKS@B4#HQo+>E5Lm4Fd*Z_EXaBcFT4tseCrZ>xpOQSo?)h&1k#p^YJXXO0V^0%vn<~3`eD{G?ho@L_s zya3-SvXU{w8+RHU@y_49qFpu%YmYH~uh9b?+uafGoa2Wlo!sav?8;{v2}{2>8|^vG zUvv5_eaBxw#*9@OSS29FBt2XphAE^cJ+9~Ho|H60MRL?c=zX4Z;`a7_X`Q2@IcLh? zBw~YA@)Z(v5jn(f-&9q|RhyV`S|lkV8y54vf=~N^Am?}Rdyj)(BLls43>-bprek^j zWa%WO(%vw()Vw6}L)no6W<~da*Csm{&(O)Z(G`sS^ZtF%_~R5-BN-_#h}w@!9~EZM zWx{L@n6#*-vo(d)9BwR18c19ZtsV=FP8gwn`sWf|F=XN}duWPcF;w!qd5MC1uPQpj zp0njxEqv9#HtSL=RLl+_NkbQV4*8h_%~%X#+r3v`ayyZ40G6`zO!PD{7@IoT0g}#c zy*U3ey9C!XjEGl_$7!FiHsc)i&e|foK#0)(_k{W&??Ds!-dr7*IK5hlNf)(03jAF; z%!ri1Hiz@!vO+RtT}!RN$kn5)jqx(=IUIi>@9 z7SOb(-R3Gqv++#LNb&z(aK#x}!Fd%4`Ur80lzEH@L6R1Z>`c=ATR;HYk*{9MNA4#F ztyEF(5jWPbkto!heNI*pwQp#`l1d|g$$fuIu!-^NY|1nz9`nGGGh*~2)vUm{B!C$A zNK{KE=(R%r8^Tn`lo!0mdcfKv7~-9GwFg%lCtGKgV}R2rKZUz3*4r?GPR>zwwSLCo zg3mCPuz48;KqdQngBt3Im8yef zX$P7>UJVsrPnP zQbTp>I{#Ciu-DjAw)^OGf3`yV47tiTG%HhdR-bIvn(9%(08E zn#l7(EWo()S(I6BmCRO$CNYujq#5zO6j5!tXLYArAPse92X>f?R5fg)!oeOgMvueO z#wD|flQns)*G@HQxpCEr~=bO5J6h2MCMi+`o@l92he zTQ=EL3VXLyv1>zao`gh)bKtenmF`FQHPrOr3fkKkst-zLVdVAJQA6DVZ!;!owA5;X zEg`2O%og8q(<$u3z8EkPq7FmEvW0kFiFpgbQ3v&uTp~jOAs6j|l$FksA*eV~!<$a3 z=5;fWFsH(dRevAd^R7hT?MhIfa3ZU!zoRd;WqdnbdZmvj;YkSU2N}fhEQ2MD!xrao z6ups_OAd~um(;UFWCHV;grYwrkIJfbui>`gSY$;O5o_s}WL52vMfsP0X;1RawHYQJ zdrc2(8u(EkP2jpeKZp57uNO?kw{<<>dbz&oWr8WPaZigF)I=g85i9gj*I68rQE1Zu zW&VJ^c$6`5jzi#$J{49V@$oci;W|KhH3(E9olt^&uZm52L!wD}T;#_%1&G3&SDP6J z*%}1)E`p9sy(Uouj@(N_@bYhJWaCXJ@bJor*P3vJ#LYt`f8Sb$Vgx@G5L9U2b_j_0K{N z;b72_@Ie2uaq10(b9$V4I)I%$C_o>KJ_+ssXjIQtFW1Se;krIQ;4;7@ID#{Eg20oL z8rd?^qe#=PAa@Z+;o5KICM3%)G`UpQSk6u6)U>0hM?Dty3upIH5uYwsDOCEfJI&%9 z)hmy=w(kVAkQ&xM$;y2tBDDMQS$H&C5(B#*ZYg>avCuq936YFca0PjQA8nnb+@U3|3Th&KFcFa0b*D_+Pnq5@)0U$;O-i~IF}C(8DfW^%0_w{W+#k`aV?gk*I>QLvcd42?#EPh(h3XR3^pzL=>d33|5B4hsG){zkD( z8THyTNYTk^wyqe#qzhZ#+NSW11Yfobd%Y&Gc@2o1Eclj}j1kwsqMNx5X9>RF{4u|d z3ddaEIHxzHKOSjNxJ6GAp?9B7aOjGQ6VaRKD>O zG{Xe*t`4DK5OryIWfOEjf{;tR;ajpTtBs_s$ppV?)-Q>rC9&7$uqK<8!KN(-%=U{u&~F4*m@AXZ(+?L(O&2;uCtbalZyr8RsP)4m7JYi;{zIaWWLB!O9QA8_mn( zI-%H7lg$vvbdziG+4#{lr0vI&w>G#xG*2Rixj4R=r~aHqU+H&9SmzMO=II%F>+wVE zLa4Piz_?G%J;6tHLZDT)mu^0#)GaHY|9(d8`Sp=nWAPRNB~U-Iw%76%wzt_cr2lqZ zz~E;yL`!A`&Oe#LU&4suaB-~$yEBTs!Q4tB($&u9zXl>Rs{jgoPSU(2 z-##8%KyW3?iMud;PFvHDk85<@{Osca{rqN7jnUj^jWjLRvXjEi4}e-sQMcGGWmVvN z?he_!*BblSjimuU6^--0x7VasgaA6q{%Iq`2pKnY@~Kq6y>E+d`RoS@mBsS%#W^MN zWbP~?9FLp5@Z+J=wnnN&Se83q)w|UE#B8l#n51w$0ulN*28$!#BZ6;YMjv22&e@(k z`4qA{-JLH}I&3i5A2otl6|=;Ug$JC-j55bQ8~j)9Uu8`xFEMhrE_ ztx<8v3~YQ<70ptCVzxpTwpjZiz8D%H$Z;08UTqhPiSt!%3eDn+ad@xrK$5_(%+KfT zBKg2SXT_IdAz9~(ADL>h9?x`)t>IYBF~WjS9)gh;~qWD_In_#^)jDDNWv47E?*!wLdG*XxAMlq@@`zd~_{GloJ&3s1vOpaXi>E zTRJhWT`+fIW?}7X$EZklie6r>v}ulM%-tJD=5PJJt5V^QF}>4}cU~ALomHnZm0{Su z)aUh(Y858x!dTK|XZIanz!=0kI^qPaMpb*faQ?mG#bwwIgG(Afxpn=#5XZ02^* zipfRo63>oaz>c8tgd;oQuchy2Vk$t=y7QRc6adVp*vlo2Wl(kbY(O19xWiUUB#QN` zvNZNqH$U}gU(?|hr$%NL&D8R*ugc2O4r6x(@-grC3Taa|;>zm?5Zx(OkQvd}Xq95y znfLW?PVmXxNLUBVn#;9oYYE@SIMuVZ+D^{aR?ZpR-nc~PapO1eytb{8bP3l~YIygw zFw6b7rhMn)d`${p<#VI7jTV-~tIoG&rlqN)st0LBbnipnC29*^b$*w4v+P7TU#{P!4^Jb~ZZH`Vr}w26K7$+DE<^WJ-(5rMX^OW(yi{iuV9684Uc zH1c=I*cO3aus~Wk@vB?0zZ&WG8<=~hew;cmBMk~Dkm|qW+|On>PL-JUZU#~qNh=5Y zh}64L(gYmgBX`U!-VDBX_P@IuHWuUkJH*rgOWbhf5lh=)e~PFNx0B~fQJf!&asG;K;m2g5UKCW@zdrTE9t ztA$_Q%WIL0P#scyG1TVY?qdfo-0pWeTX$~U^wzrJzuh09dj#FTM;QB^B(s(A{)=6| zp=GE)+}E-kIc5X$VC zuR@o8$++puS5XE?(fnFRuo0036jEtx9I3?7I*T6Hdlm9Q5Z?zny>kBRCtti7kVeqR z;+@aC9mO8`zoGtkw)^4Ya7Cf$d5$nJcX9lF60YO14d)BgOwFgCGy-vW9~2}~UpJGe zh@4_s6Suiofxb9e4OV94HPD*P*6~>Zh$x?1;r4BDGy_0ke_LUJM8|9-%l~eP+vYwT zk40qB^Zr)h^jRY|S>NfwlHji99;e5rztzt50uiTiWdT9P)8I#0+#n@PqscwyVf&Ht zfppZPzu`rM&CPVPt|v27x?nZVSW;RgH*QSzYvb8UmL2B?o&?T4K00yxfR8K=0(uhW z6ryjg{mn6C1>|{^mEh?rxltgTo`torgwJwOj7DmMU{K?35|(ErOPl4 zc}k!RrjjGjLCp~zm@+CQ2LnwE&qcE|_fX~oDOKgyuj$hHp?NPfRi znq5~n=2238sPk2cuRhv0o2ro^MUP-H*x5Wts30}>D+aRk% z$jyB0)ER?t=lW6C2t60kq?7+?GAEV!CxL8((&D=PBlo&(h#VIfnI*J*qPTsv*9)iEKw=*;{$l@fY@2m4N!?nYXtmIuN;?%-vD=j& z5}aKwN`W?F?6zhEA{oO{Sxve++cgP|7H}XCz4{Om)S!@8>D$XU6+!?_isp%Oq%!OY zYiXp)DLHuj$;PNN;EB8nZcbyRqG}YrNp}dYQl<#J9m7$Y6=*)H`miAr!-yCyOQv17 zWNQ(NAqMZQ06!10q@vxm-`+noOz5*|tB9 z9zr?z_UY1yF$A7U6v6$OdM5T2#y>?DmkB!t*Qt#^Y zM_CRI54R^*3b?2*a8&?smB=j|sTDBnfqM?q? zLMCOEs+No&h)?UK+K1)fR*fq@@~%Na>9urfkeL zd?dGW;+miO8l|Pmv{(1GF<%W?3BAjJ={HR_ZJU9tGS=YHn*g{W1Q>>ECboo;N|(p4 zT17ZxG>xhkl|2~+X`piRG*X~hax~Mg#x!y2)<#qTD5So2dctO*#%uGy% zu(7CX>PwBPJ|d@iQowPJDN-$#S!{AK0-sqeXW6&r>dJTL>W0VhOzp{XXI}X-2CI_( zT{Vk)5FoD~;<=caBH@%m9{Ev&vIzh7R*`uuHh0&_=J7BSvBRdytkjA$o%g2cgHi=a zFtU(ym0RaZfu#TPJDY2)PmFtj(&d^qFZHlsjOjqR8-@XB8jQ@+8V{v{2ETHt6i&-5 z+%?X>tB(UgZcH$jIiU372RGyaL(lmlda8AXQP+$o%{>sNy2o~6hTTYbtApolxwJ<^ zrtoZvum{jSD|E3YS?y1JottB%eQz^m?1_4U^4H^8Vkce>d${a0?j4_W+pzEM*RO`qzq>l!ItESX13xlF$1Wx)TCVQzuFK_s zRtMGVR2sJT-;l()+A$yc6QAk2RRXuBi-JoRdl6#;{f9Raf!TVU&gZh7a8AL;i~&UO z4wooxL;~Z8K0>9?anppHMgCP<^kxfgt6aMu7;^8Ghbs$vj<*PQ48f%TUpWT}qc_-< z19!LAxuB^WKQ45*wBD~i;P3Jgk}qHyKg}|II~ntd?dv*v7*iT|@P9YT6AYM9^KWd3RN{{DM#!ze4zA0hW8=4>{cgX-`0`9G@U zd#g}`r!C@oO#kmq3IFjM)0jufdpX}74NL!rGdc0FRJY~ZQ2zdH{&A_!QalW+1=nQq z|7=*5(jJ!TB3#KoUHKor&yjyvs{ii=|82BM{@)D#{n8cszqLeV?Y=CwdbXzWxv;7n z0NRT*P$(2#QvSFyU1|6MXtOGCu)gafnW;9$aNiUe#U?q)F&-fQ`>gEWH-nH2_UA*2 z+~9k}VW-uuU~aM)pnuYT3#7Yxe&BK2eC9jq!p^)}|CXeDw!c7dHRPW|E%Z}*I93vz zzVMG`=l}eZcPtgy*)rJo80iNWM{A#e%t-~kCy+tOH6Bja-%&al^m+{Y4wO#xRWHC@ zJ6ldo)lNYRJD^J{tsV z?qWY`)Mt#bpemlxUZ1VL*B4E0ixLZttDsXaBQ$o`)D&Kk)-)@PEvEOUrtM8OCi_3% z@;`j`UMI7eM1nrl`2q9L_=By?!6*k>Hh~>OWp3N>~qo=&<0uo6-mAXhUHOpK&3``z~V;!bFt!J#S3w zh+(TWRr+E8j4GW+dg{NKm49&kpZtLNmiA#;K@_%sD#jz6oc1QHBjybaWeb`(B-l7% zn!lf~a=o7TPvel(S8z0Z(z&%lIWd5p(B*cvj+Oo`Ls0kU_mpQvlC>5y>)?0^&ZXAN zp9GgTC&LdB^@CXF!}$`iFEvhl#={j3XM?Txcl1DBj_qCz5J!vEN);Dt_Bfz`=+DpgL56DJY>W z%W-cuzyZkZ85H#ZQmoPTcwyE1@A#caOKk7@^rn5F)$hNfl_#R-`9mfUEF)Vg^x9!A z0ihOd9<2VClrphVgG{aSgkzS~Cf^oLL~=MxM{~Hz7_>luth$hu_d?h6_R9_ULEci< zftTXeXl|}juFQwO)Ij(4BJ~k%TP)`56~St^+{e^f0=gs{pv5Roma(DhW-x|2ax1@H zvII0B$Rx9y8nj+{?9bIf-w&nIp546#t)W{nztks+)e}HrLIzkl_j3nzs=V^XYrCXB zT~MzRz=Fz`WyZWdm~T)nQ4fK>gP-UUuBH%) zw=3x2WG+d)&IRgz5){$olITuf#IVxcKvm+n4HlyhXs31#d~AJ?6%2Sn@U+%-IGz8Y zoa+LZG@X;z?(G~u0g1V$fABGZjk{<78m2|)J0f1kSb+T@!SPBPA)*sPn97gVdIveC zw8*&@>|?$qvXHM9lKgz=@gU5MTv!44Ta0mryPCk|I(8%7s&Tna^E#jtMJhi#K!+sT z|N0>e;6JW|yov)zhLFO$?~$+kICMk__>TL?^@~TKwk@DxBjqKxb!)@M-e`C$)@>foD4;B zg69px@J)T}W=Q7K)=4WHa023rQW~1^U�}-QD-hb$4PZb#y1SofZZ@@XcF%nNW+n zl<-()L3kl9Y9p2gIkYzlf>vmWDaktfY{rvEaA%#))6HS5ChwHD3b>*VOgYt+Zn|8) z{e#hn5^_SO;oD+tr>Zq>y8zI$m2>F)wWu{RbQ_oPSvuf+)#gq6Jhl@F9#hzX7#1IVA*LvZy9-U~Z=ET9mpKne#qRm?$aA7|)a$AvV;C#BZ(if&yj!r`p(W1$@7D-eM6<$rKY(g|!`W9Q z42(Um@d!So(v!uH2VY`wUnteyTm2ULDEmClLgnc`1*M^o+sSvX$c-M~9@}1`XKETo zafe;lP`~bHx_p$ya!&KMy}xJ;D!ZSeI(OFJp3Qas8p)RJMiXD@xAr(md2ImGk+)mf z`$8Wm)0OYSKJE{uPRBcM-AwZ8PvV|@Dgz~rQG9paolYlvGd(U#{Fdm`&_9h{|fS=93&2nfb-=(xqpLj zY7{{hMuf7C>rtYsZdZZzers`aF;Ic$b>9^gI*i6g?8bb2s7StiyM83y!G9X%1>e zc5uW&82Bt*G(f1^Ms;)yD#*Xva=ouQxcz+`E1l%c8!+a@oDA6gZ9CuChD&6ow&fUB z`s3ePJr_snHWZn|fA!&=^RLXnB1e}M|7QSOy%gbIV|W+NG1>P_-2)pPfmDp~9qkF4 z$VG}lBIWT0-cO%MnI0lR9k-)y=3%}Qm8Wqml5WD!Yo`rDZ8qZ6)kcpEcS`Hf$7!FD z<-&o-d|SVjm(mgGahlECiN==GtvXg!!T+%DvJ>ejU-H%xSX2ntZxHNaOLY4 z&aZ@}erSUOjF8juknEIjxD^n^9=l9q#7`WTweyr%Ft>uE9hSXdJ4PglZ?_OKZY8A- zbD7)=%`|4d0q7O;eVW5$k!lcpSta3WQ^_r_e)3d z_^fX8#usoRRL7;3-FFWC72I46m9%|Kafby_i8nWJS#BP?QPQm$zh_^*RA7j`CF=QxITIFhup_| z)}D=31#$|aNMwBJu`_^l+xbbBQR7RIoU_k)!u(u6n0|r?Q1mL=8~vtxcbp*PZbv?j zvuVgX>zZEPO8FmM&cA$;eFE@2`&cE_x7P=)#CW?_fxq((*Hi6=ko~^XRs)yKxxQj9 zks6O!z7DOKy zh^-p=md|o<-cym9*V^W#Upl}5YV^Yl<2qOLJ<)$m8uFF(BG-mK2dshRJy?k^Xzdas z*nLhdCuuf7F=%|20>$LPnA6}1vmXOz*4^5qW1)2_AeshI2Rn0GmrbpQuu?%$$oFsq zG;yMXnNaVX8T(m4km&#kgzyBeDWiQk0cMER4XncQ^~P}}SylfT4eRFL9l)0>Y3QDj z`!mVxfHwkmjqzng8;q$#Di&kNp}f&q2PzYspK=4~nY51k*SX0Pw_Aq)}$zsPdkySXf~fLmV-M2jr0!3IiHSiChJ;o85?)2*a^fLorC)=Q!HzPGi{HJj9MSIVIWwI zJ8`N;9WlU9@)6qq5RPLv5>(T&?Jlz6b>3=wD{18ysP9Rg;r8L;B;!7{yy&tKY?t5T z%AJWUhDD>B9YIC74q)9@m(Q~yop@f)E%EsC(hWZKMl>K6*&a8O?B4sZ(%(z$Ip04x zEO5Px{hE8lZ}q+Ei8vFj_zJSV7o@_z*Q)jQtm16ey!Ry-)kbCXxhVI7>En}k+?YLEUJGM zX3^Pl`qsrQ-JR9xKbX7tfWBl110u1T&BXC4+A20*7|xD5l}~}w&0)uJvF>frC;mlM zS0(39s1$U(3^#9p`7P?A=!U!kx?1mn^XFb?gAS#X?VNOhRhP@N;0rE%3N zlu=++?rBQg%@@2i=(z&cA)r{VNO5WTJ1xYrd+ zX$EBmdejj81QY6-g#GCQkMl-nt0=_1DqhQG-VK|#{~>VvU&~GiMjY6{5HXpbDVP~< z^DBxlBmLkY8<`Jg?usC83L*0~2*xBN;p^LLM#qb5SpBMDWFRT|4yrYZ8?SQZ;1r?GAm(m_6GQDE z@S{dT$3LPw?j*je2+>XIjX4<>6m&apT#|33PjkdQhA*e{tD?nEf3H{7g(VAjTz~m9 zrPzZSB{?k~8H#i+GM%8QMzuc!Vi;I`+X|rTP8}i(B!R%vviZi+ z>j!dCL0!VSe$g!)e`=(Uhhm@Ru%Ub-TX>s0gB}Sif_pV%FdIXb`wg2B8@eW${>R;M zOX9*$HkyBBg?0c2TTxSm4PU5^2H2WFju`(ZuF615r#ktn zmp%#4rn%=Ymne_LpWN;p*ekzt&iMfaWOiM` zG7uVhIR(201g+JtMW6=0a5Yh_!X%gQ117JoszeTMB*TvyoOXc@%(hi-Q#Sw-)`&aR zTdyXHx*OiWGqL(TmkCH*1J`$on@XrD!;{GeqV6}xgPkB8O8V4m%D7yhsc4+{)K28* z&DB(E+3bfTqj+TJi$tS%jiPuqHV{;*2ZtUXzH(WuQsC*X>287q&O1zLyKt(u>Vi1y zuXu=o9tHX!!w=jBs!A^Hew~?7C|h{#@2AyHY=5+6bK!8(V+~9_R&u6z#i)s!#x??A zwVjoIhWpCgZwlTcSAXYxn}3DvV+5itbZ4W!(&sD4bMlGIq%WIKM_rzhK2uXErAZR5 z{{XUJ^-@y8(T9LJVFF87#WLzUJC+%>?Be*aX4uhTRUcVs>`zs+a}lzRCzkaq0W7xw zTkWLHPgR<61XLJQaAJY1k-%*mFB+*6M1=yp*b9$~l?pIo`4hG>$-tyH#q>rMiTNjK zep>>QAmqLeVviyQq!{1cw8FgPqN*DpXN4YQ@}Y6BcFrIu&Fy(>=qf=xE<8zbX|3kP z_0s)NQOJV*nEZ;Y?v;{}z=%{R8BxC{ z`xA$|%myQ><9yt|`~4#^ZEd==bu*#BWrg_&@?10P9G(7+Bx<13k_%VU$$n#ZiP_Nk zvq)+j8xZCpd)}R76c2m_{-W!U3JLPb{bD6hf64v4)bFG8VA4~7vSfI;o}wIuTZ5(u zg#Ix>0EeZCJp)G}=#yxD13@^XIr-)=P!J8IS-LG68|SZi_i#GTa^O)J>-A1AqJNqP zlZ;-i)-d@|2Z{nfxTjT+=MhG znwU~O#6wRR`ryIrK?}DPiJzR6d0E4I?t`Y2EE`JQp@Y9N>cm$d(4;TkX6cpflc6tF zq4d%hZOUBMrbG_V`MCGx^-BDql^y72RX^*De0Wv;hK=}Q%^tZCWz;#$0NT2TJkWJY z!>lm(xO)Wldj#+Pn=fHW;HE|ZtNF+ccEF_uOVjj^ee+WenzGRo? zH>Jw_i6J#X^d@EEyL4VtZtRX0zHlYgFf+RQWf_1%K2PK4>lt| z-IY!YV2vvPEZtY>0;5X>IKV|!gu;F3yt@iXn~1&UAh3;C6n~HlrqQ8A36W98dft2=3LODAYGd4ly51^kLyh zK^Ufy2yO!NLIJWEt1+^MEb_EzVEK}g3y)+#7|qv-cv}pqkd=NihCLPo%G&MrDm_R$ zUfXfT*#a5y^iA&>^o|aFqTDeyeIbm<Zs~t% z0idHH6k5mL@~d1$ z`YLP5x7PMcc`<+Fc99+i1PS_;o@b@)^x3}FJi0}i*6KCWXb~!Wbp~l9Jfjk8=+6pkB{tUI#WO8iZ+2brR zv38r!7gs>gN6&zW{Jf1C4bp+uF^*H(m&v`XE2n!}<*l~{0?U_F=B9V8_qW!Gwmr{_ zYx#FdsyhIzWZ0Jo&hjF|5r2yGaalSj$rXXz52O1ByM^dQ=2`?V<6mge$E9l>%9OHM zxRtO6wmgl~DaU+F1c2(tx+t&0ne*1i2*u?xXciyx=qN z9)bZ*MKa?oqEea4P=1b|ifDtrCU9j&XMut@r11@X$u;KX&5rNH-JfcjWEQPG);&`n zd;s#gdHjfrjAD~GdtR}Fa83Oauy5+DCxL$i>~KO9oJVsGbBMCABi?#qrq^UXf#=hG zs3|Hsdz%<|!#_m=)dsgjyP;PpLoXh;gD1oF$GpEB_Uw3B{SE8nEg<=Kf;x>Zmmr_& z1K4dlr>^5dN%AHUq#CPdAkQ{=Kn1p~mUPu7vC@}~C^c4}>}sP8v6XAAOQ3}qWLQ= z-`0!PeXHAUCJ&Z**PT+96yU!&!thwgUILeWAg|4Gn~7?vg!}e z=I_pRG&=oJc-$-pX8Fl~0Sbm-gH?9K=vZyRnm7S*#WOu^5ag^p!0+JXEYk%a67CtZ z;?fRGNkYt@$>wEWO|@zNXhD%_&``2sUgw>~@`WC{egrER*q+R;yU`H39LQ2XX4#W3QPYbMUV$e*kMq5Fq5 z0FLo}GJ-5GvLbyi!16NfPi)R#Z>5b5SV+iFz!b%~*m^3$64U zcf>5>q}d38iF#MfY5hkt@=&C3^#zdy`iiu5=xgo@6sT*qOC!dg|M*i|)U$NA`jP(T zr#jSvQ7F(4_;>Mt;^rQ(Og$1TywQ#r=;B9mw~GGq>-BoDXRvqoRsLkaA8z8!iG^47 zZ~;$xIoGwB!x2tT3-Y0!>TN(50H8AoA8-IGh56|y59b3Xg3#~(WADAgsqW*r@rv7s zY$1Dv>`~S+i)@v$Gebf)hs+!!gzS09tjvV0jAMoD5Lw4MwqwuueZJk@&-47Q>-RkO zef|D^{;ca9=llK4_iMc0?-oGyGeM+qJMTy+4@l)Ya%!iuK>(Rk)MtU$bh#zA+U`HT zd{aM*5JxbVI_%`9(DGiv969I~f&y@t3L@;B0ES4aI)=y>C=hjfTt~y^2koe2k8#_y z-eVBp5H%k4IHG{u&KLzQiu})>IREj718`H>h2{}lJDNwz`m+OZw-28@;JEo6wC!p< zb&*(1wnRb9cYf-#4`uDw><~&<4LCG_hKmLOf!H4?g{TjOCD+I@cPl2nFd1l|O%eg* z9c7}PI?0@!(0I02YW|8dkpKcgpVHDy{_|8^CnVknnBa#(p05TF%|F{PP+m<|m{PX`0|pygkpmj8Jm)Ch?I zgr0o`g=s9ZV^2Rwx3~#T(_H8OVw+sCEs$sC?E)#)^c%IS8(6K5iu*s$>OcYE3bY%K z*cFR7C|1!BZlk*5cmjOE2na>g?+&V)gRV}Oe_z$$nlG&KU#}d!#PnzptQJ}+3=p|V zPv1NT@-Znm2{kpqrM=lv{~UmB>_OwXjD1-%o;kRU&4GLtb(F7>33RFC4bbt4)b*S2 zU482ms}Befp3E`pH2%a_>)TdqNiZmA=@zyBQTCf%S}V-YJsE90qi!MNug9X$u9+vs z$@b-)H*B|S(Tt04Lzymva$_d6K>Xo+E%%=;LLgHIWi-W*K@1kxeYb6(m0bBTH%5ty z3nG!?4jF=&s+Mrxk{@LB2!>q$SM{JDdr+SjrZrK^8T`I1dhusK~pouTkFu(M_@*g^f_q zT`F8|C|0co38Xm$Pg=vs%^_hAKzgle(7_f3anszy2EKd4Imu7PZ40gx7L}_}A=kim z3tag2=@hWA1fUVG6JG}i*Xa-RwBd@ES_MFq?m(3eDNw?#WZh(ix%U*oqI|Y%QVv+^ zw(Z%01+agJ;BW&-djSP@nGX_H+CAV8js}w&s6a!o;Q%tF{{%9?=}Sy~DM%Ua^6QFt zdl`2dPH56=s77WrT)w9d$bIG!J>qtDDd#{pKtQp0xUd$8fORIFaDIh{^+Zw|KtHT%_picKvg>Ri{BK;_N@a`$g#8x94@V-QlzFcNB}kmUo|0 zD;5yD0U+Yu!bT)GG4c!sP#zkn&LjXb=^TR7YwF$<{03{$H|sQqtGA}$b6P)HlocMn z%nI%oQ%w&{qNp$AV4o*PY6&S0aX7N?A-Hneq=_z3-4PIMIJBU8&ms@0gDBX}HyzMZ z$R;kk39q>m3>D)(Q2fi*%DY1#{`8_YH)86jUA&=LfVaJ>f=ls?B|z0Z2l-v^Kfjz3 z^m3@?mby-`R}CbiGJUpH7Y^iq33o7j3SBP9Y*=sWlkuCMjrNw7f)E{mg7iSVpa)!P zjh3ol?Nat{<{g&E;oJ`B6S5I~%hw-v!){`0UvkBR+f=HgkQ0WMm~!dnM}Kboc@H2-hk(5;vsQyanghr>1d(4sfn=g}VdK6=fo5^DOX5Im-p?M}*A&4|dSvsb1$8 z(k-BQ5|ILShqed=)x;z0 zKjpu~jz$5W1t-IcwT}rg;+3~JiLaoa-Wq?JQ`UCX$W6`TD{CkM5@{i+#=PNZv5>d- z9T#j2h#xJ0ReRKV4sDXs`fWAhD;52UL~RSqK3IhxU~^^T$9sSTtfpWgY15PO(Hkd% zCvScvyn5C(Sf}wH?{Fbn;L@Rsyj$5U^_x2d!X6P6IO)UD!8u%U0K|WJW`{!816z_g zgoJ^IKtp1;|8|c2U(SRkcVlJ1p@{~lfXLn-Z2eF`#1`42JAvB50C9L_Ahr%It{T5# z#Ry8~C25y3C|o2A&;@bb;g%z&_s?F$dPGsH2@tfMN+D6X)RsMwTXt z2lhT|>pzCY#O46~g$G$fgGsK962K8WlhjdNt2xo}b$AwE*--6D$UIe(P6QQv2)&@NB8* z>OG{SJk%$9;I)}oQ2Zw&*Y7wi>i}}O`7UnU|Btf@-NOI( zcU1oGxc&cL2O9ez?)DixsdJD1@9R|l5>5u#Ux9wO{Eh$d>IIkB68oi)@nv@GhVI|1 zTPTJwl3rZks{fBNbDWxMiI4wn(PyQBThNU%EA5YF9|Gyix3}II+58LM>rVks+pA&x zk9;Uk1O1_kUx)wYmCeEcn=5jMq+XKc{*cF@nBc$sppX-E5mtBf#{PNK<4EvD z+1r~@|6;+CZ)5``kSQYx5&Pev0WB?b^GD7-;rX|3Y6Avna0t<3`e$?rphrO958wC~ zc_{EIxEX9Orl$QdBZo*qqx$79egA)XNh}ZeU={8^pGt-3E88c}AztSHBuL?Lg0BT_ zml^W>{W`MsDG;EUeTl`sD7 zzWN32jWZuNzO=tzDJv724sFuNwtxHPZ#GsC$J6uAbTk7FzSB%1d_>`2ro$~0{N#qH z82+CH(8%TlvMGWAm7bKi47jDsz_w$O3_@!4QSsV)Xw{rt4X%G%RN~O0Iyp3y{{1&; zEpW-wp>EjbpyLZVH%{xr2bq`gkg2u^;6n6>kz=vp=o-kov3`~EZv+*w7PRaz&Xu~q z-%|*ekYk_|(rSV^LCL7ndn(y+4cPu!0j?8m$Qzn$!3YA~|DR-E){|IF47 zt~by_2t#ABxkv1?S1Fzf23ogqLEB_{B9%Sh$NblbOj5YCZ9CT6WoBgOuRGk3gcEqC z0g$jPL22Wew=FqPg*OHl{y$tq#2(OKpO9Di{XN+42zP^*aI?Vwxqm8m`4uBCI!g&2 z2YZ3!4cpBjEjw1aA@tFcZ}~gl4cA?u2lUmN0mZ$DAp4Jc_eT&-hmKk6$m?D12>yGO z{?BzJ^p21ij_!ou=sVJwgx}yeuvyit^vnK=N87QQn_@FH((MGB5{R36y?-goF9+~G zI`%>qivb0MnwKUyu>~hn#B~|l4=3$)jl4su&m8B@jl?I1L;2}K_+bu{V*fAwx=Ee| z3w(aKcOroPcPh_aV)Z}OZGPzJ7LgMF=a$jRszb#!P-Wb+3+6gM|54yXK{9pjfBkHQ z?h=90zT8QQfT-ggc)96aSv|M;j+rwhIYZ+u)ue}-{nUZ(2aL=}-@O*CPO`MMGIaX= z`S{X1?_4%smm);SyH*%~_6ywnJy1$BkS<#d(x_TOnLQdxDj(!S$f*eQFg6dNlck=i zj1B$y`y_8_;&1|hD>(S7A-4~(gV82amwo>q!piK*B&Ai zn!(7zCP22?M@@l`trX~(+a#*Pt2@i`QhJ8LkGg+$CP~9q(r;S7sU6!GM{_RZlaQ+o z97l}C0e~j~LVU@sV+DfON>|^TW?IOkC&?G$A^}O@1ah7rD9XnofwWGwHSGDI_nH3P zf`Fo;8|d?gn4NvzBM2n7`#yuk8prTCz$AY{S>+|@UWWW~%t>D-)w6tY!TFZaG!1@Z ztU<%*+cL;lcr`1Y4|2qw_-r}~^NO!pUV>02l&}-@_Qy48GT2?Hd>rItC53#Cmh{7_ z!yBh7Yh9228F)7kn^=hckt%oD0s#Q#c998G{o=mp{Td}da_UF!K8cAbgmG$Fd!Q?6H>)bdtF-JB!xgVlPf7q}j>F(shzb4Ul%3qFWE z{^PlYB zPkVk%C@2c2a-uD$nT0hdc)bD)Vl^;f@QzdIXpn>1&KClMb&zaBjZ(^eu?F#W`57Z+ zPuu2%s1|kT(*gR2cy9^r50OditteX5F{H$6ukHbcJXl@ui&)~tH|N&X{7# ztjFl}6(|X2HASp!0fOLUHx}9@r2wFAZwLVNh>Yp5BLL-_{?UDy3DfF6x6$zoQ_t?X z{l6zYuvrVbV&zaHf5ZM`>Ohan+VAv#&-!Gr2#|1;22^LqjAr8==^AiuY(rcR=;!D) z?z_ATxM@Pj2MdugE!29(_fzu|f^lqxe6xtOt2W3os9N3#y=&~fEE-~Weym*30x`<7 z*&T857foIeI1h&Z0=7sJn{;R8Nli%O!LOHLefca25O9r`fz?*f!o&2aOAiJ3KuU;5 zE(0E!N;{g#UK^GS-eTRVqSv?Bt#444kY!_LnFv0+0(Izaw1m%qaktAB5S|U=ji-ii z@je7tW+m1YMB7O3Gy+F>3%#RT!#U`Ekmx?0`?HZe z-59hkcHdEeE7mE84Q3WkD!%c+jAo7*-1>7p`m=y5S&rea?!V*U+adCG!CV1_Tte?Z zmq_=AmSZ_+GKh_yjtgx}XL`Yo);t}WyEH%}orAr3#skFEk+rQNsi3m=XjR zhX7?}zene1>h55!FgYQqZ>C`WJ_xqcU66)+zBm@^Lb%uAMfzaOTL3jX6~*@x*>R5y zSyZ=qh+QjW*8M2`iM_QKkMXU?wU3Qa=Z>8A25Qq8`^np13lO1Aa|2*wn;N9orwKK+ zvP?sEl$KFIld){yWu~BgcPT2+aHITok9(ld^K~ISx}Ti&8Ys$*Jj7&cHD>l>pzU+S zGed{UVH8I8pvK3!yYYo09K|AFvYU_eUV(_Q#O_=D;vip$rUi0#yMIv5LB&;o9v?`m z%o!^IIl-&?W`PQGS0X*agsA;|Wh6?m9Fs@NrXAjD)lsqFq&&DpQON_Uh7yzHz&* zP}@Qi?N}^Aa2fJS!n);+*Kd+>xu;}>5`9T;KaJ(;~vf`0cilUG(BzeaPq@d({n@H9B&v8 zg-gR{0^)}kJLLI2$DAFW1bnowE4Mn5e=>G#oyZ9?=+>~e-p~gPLq;Qu!@3DOJX9ZN zlD(#JDrOqUc+wly>@YxZK`AbOgFIioOMGB!mW#uSVaBO(!|r8*A`X8S)jp^Y|lovj<=LP zok|PjqX}1E)gnBB2ZCm7r1IKC+61Maru|OZUJ6OGz8`sqM|*oaL@G z*aydxtRLln54%t@;chM#_qnQ>2q>N4G^on;=&i=;;q2lcc=YWaCGtB(MiV~`QfQif zHqL`Un?QOC&_#$&u1r{anzj6;KC0?uNYK-VTx-CFbR=Kkl5$fd`3(4BIwbZWcM`)p z1CW9+o7Gch-m>CHtvUwM5|CKnTKH=lGQqWgC3O|jhxDh)x6Am3ZBYoqfjlfQ7Seai zK~5o%oZj9;P^l2P9%zP{I#iR`p2ZY~dwTH~HFqi#j_t4}OM@Dn4 zSk`3J3++!M30TA_Ep|4-+9HCcRNK~{;Nclq{dg1AluQBr7a+H_Jr2*6jcjJ`rMD7w z0FtyX1Lob7{B3`VTAI02q+G*co0XLC@cDL9V{4#%!*0u}(sSZ|XRZD-!pBWXXy9P9 zXySBF(F6o|yFHi8I+fl|x+w4sCKbU;`n4qc-r-o~)K~O*1T(9htoPW~k}RIA2{LKV zy#9epdch~y8;Dv6+X9CP`bWS83c{plCLf7?km>DcuU=V_AY{9k+TL`LalS&ZK{t=z zh2Lieq*eWFZMlfS4Vv7G6mco_11gE7uOxo;brFJI$wbqWh$E+{yd5k!(xV+xS8t7? zb&FDtF~GE9dVZ`2v#E)8igKEIZ~)0B+SmNW(;5=IUHs9foRL2OG-2rTDxrol<_fmO z;;M$)8HuiuJBdBOFVS{t4IyPV`Si>6O70}t2BNua;@X(D+O$fI&iI*ZPcT>d?Nf8$ zD|Jp^G_9Hj_PzTtiV_*XgD6pQ4!rH;hb`O9U#qj|&sV%)Jl5S?Gls#=nmkNKiLM*{ zT2O_DfKjgTTTI`or>Kg_(S)OPt&;N{H>s|tv$x&5ja`@m9#7H^%$<@R)q7o{7y7c5 z=2Gt%)a1t@U0fKImqhRJRc0!8{|v|GnoRLDdfPrLR$qTLw*zt|r6D044bsJ<%w-xt z%rZJ&^h~lNO70HdM8s2i*k|&^lBZBun&&X6tD;UoIXHOLw$45cIh>5~4dKCXvEB_2 zIlv#cHlSDcD$hJM2;A2&fH%xFXw)q>w2B~qZI_F?%2IbH_KCB>Y^_XTrcGh48J6M; z@jC5N)bKye{tmSioUzbp7cO=#<&w2(s#`8{mRjj6>~`T<}cuE?1JiOa{x=_?j(^ zn363%?NRh8?Ca1@+NuoZ6vXb-ecBtMK)dv>pQaibp$zZ$1^c4XXhLW)!3-N3^?>Y*~qd3>X%vnPXisycvlq;_QWywVTD&a*7Xs zEs8gGeu`||xs_fzZ_MsHg*W7lNAfiK6~6h$C2a5Oi)Q1u7?+hSjrM;=s(ctbF7Op8 z^O=8h7Z2}w*BX>Y%21}VnyNW%FGFV^L?5JL6{0UPRRvj0GxnH(VjCZp1eg5qK*`;CO((NgJi4cH1^n9M9a7IAh;iS{e zL9gj0yvKyv+jip27qL-se5MDLrM~>wZ_PX0y7i7&=O*AfNxD_6L9U4{3B4dEzCj3+ zPWX}&NAgAvwKVaJQ0d(qNJOSk63)f=%zr85Ele;SFBy}%PgA1F<95G`OOyP&)8ntf z9Pt@*(PqWpwyWYs#EnWSGIaiIS5s)aj^1th^_yvKiec-g2e!@&QV$UT8g{nfyOCtX z;TgN42|Kd5+PK!QBC+l~j3RDK+i6-NQaV_zzyz;%U-5@_%6Qz=Hi5H9SgtBhhscqH z*sy;nfw8E_0M3mIZJIKjz zZ4`=y612}g#xxU4HQ0s{M;2Ukl5(Om&U!4uqG_Za#OQXo(nh#{*T=)c{)eaK3281RK&Ah6#S`d#EG)Bn7&Klt=sY z%VqG!lfPBF7C*mgFXa&j4<=bWHMVHPX&ZDG5_AOSeHNHBCf(IyfR;=f2kB+7`l~mX zrGj&uc~q^$&Ib(#l!NXqLCPwz7ngSc7SL`e>AWP1i z>wz2u*<)^DT!M-f4tN)jyyNaM5>N<@yHafD`K)NB70Y=Eb60~C?jat}J9Z{32~)Z? zGa)$|q!@HV`$4Jd*g4tOrpq`a^KDYnkyg6YwP_PI7 zRpJ`12%i87ZR;BD;L>U@zt$f#qZ%-7th>|+YMYFdzywR(n zN+>I8_BaG{c|Tk1x3*8AcucR59uMajOW_{If;TYYV;6`aVer)ltd)xKa`IgkLaFcFWJCMnMCNr9|z zk6$s%U;vS z^jfy|!s5!W{JOO4eUGYmm?FF>VU?`CP8Reod$!O~Rs5aD|JF>Z(wCW5X+;Vhm$j{{ z$$ZnK7{&vmWM>(4I^SjO?cLYqS|=`lQYV(|pcws_p!#q1jrIW~{}r`l)GN#^=W4hq zIt&Kb-G`%U0j%jVll6)>xb{^VDqjKe)=Uy}%Ofv3HS`wj$hi}L5@DvbK$d=lGNHP% z_!v9kuT)U40oJKoiKr4wHeulF`wI`A_XC_qyctPrp;65Bm#}$cj3NXiOJQotcWGDY z_%xLZsIvcRxYbIQnj2+X|40a{jZf#!fgl=sf)E`8)~F%--DHt_itD*m36}wmq}&$R zu=$qnD!yqS=>tCng8_S+ECm;lYgJlEj8c$&WJ?|+GyHM88zri~;S7Ws^I zwvsyueYzY@5-sUpyV(=a5u1I*2tHmr<+Z&#-?mr&w9qrG_!h0O>yIM#`iC;wa&7C| zUL{<_sZJVQu+VwiZa<77*@)}o+v#t{&8M^^8p0G@?DkW2C#FGK)0||?euo*u)T6R& zZXwf-o4X)zjYg-dsMp!ZUn1q`bU_n3B<;i~TyHgn3b?edn}+bEW=(sGi*Q22@$G-a?# z16OE*jZrH>`ez0j#ADSMMLIG+=ghCsnuQB&jc3+9NWB`T02>7)1|ItM3TCuNd39{q z%k&$U4CZ4xh8t>Xr}G^%ENKBd*?J3pEJ?YN|7A->uCY)31&=aon4@4r<6}F7Gw1^ zU(0y&kUPYc^MHZC5my--fa6QmDUoE*=l5VKuOiANM)nI%m0?MI=KuB*2iooo;#3x4@Oooem6V!iCvc!CIfn9k#JI>>DBb*ZOku;;MaQps0l*&1?8b z2cxI4F)Rj#1bcg>W#;6gG=H-7&s&r8T+zYK=V#|ZXOrZ}@4QqQi+35E?TJzJq>=%xL z=g>aGBZVin|O+C!u2w~ zC%Rs|gr+1@GS{G!@4P~;PqEHgZ*lJ}xn0#+{3~xWr8jrS&OmIeCPTNT^0p@YpvWR6 zRn=&sO2SmVX+VvUj4IDkm#SFADHWDI&sL|qf1B}HLY;nNppYDB6MU5Aa$KHXTC^n} z=uA3qQ1*10$hTfIcSnvn>zfP`t0etWn7EXt&56kPXY7UALryp-ceNgektpFL?)um_ z>&oWv9OUgedu1UpaOs@ra6uT4zE?e)Y{~Yf6Y%kfjkFakeh-h~8E1#fLyU(I< zE$T`K!JMQF4W>Of*x$>@!YQSBJDXGRGT){Hns8IO&1P7)ufXEV_7O}JB`3DswdtXKNiyt;0Rc){LR zW_m5Aa9vhQUQ9F{^-5ewsd?(fxJ1)5r~SO9gBSTF0)26(Vp%*}p*09T-TB4*YB1X_ zPA*orY|-zbkBz!lqGrTVo|w%2g46N%DAvvNi4LI>f2&{A?=>`DWE*>({gdmnD+Xj{ z8Ogj}xb>JkeZjF|snOurXj{ zy)kwB2KDh8KI3aQsqM-=2pP_XY;M)O_7)3m9`lQ@^e^u?rmu;#(yl^_QfLF&p@oyzTv!Ued**y2*h3-^O! z6HA>Fi_|;MdZ=JDFR=^HHWYXkf>>5;1m}5a~SE*mz(u zWp^N*DWdz#Wf^Bj7PXKv`2DkC+yNKq2S(#XB<30(@PCxO{ z1*@)z3Pcau>$M$zpRpC@`7s5I^m9uUu(-o;i~)w?h;aD4Ht_=3Yk5(4F!2GK@0rCZ z7uUV_RDx1_7L%$9lRQCcG!ayTqPkjQDLol;05x^&I@8&*S7?H zd_404qcl@A-5Y|o%vM7%xecSv@%vocs1t3e=xSzGc!vwAWj$|h!`W#nHRaW_%0lB{ z`;0&Jkan+uwSOhMef{Q&AycjwH|p@(8+=D5q5GJ9nw&YNJW0|70vdS098sd7ApWns ziN^^+fjmruPF_eny4vylfjt<@&V!B!hcEa)s7~T}N(j-0`<&)EC;aN6tAo3hXuv@H zh*7KO%T!LS)z3&8Mw@^|8ST%vpG9?5rQl z3O(%WR=li-k`eLc?Ax~$%Fz1A0qc~}5vp!#GUrz}A*cfEIqf1>UW=8e>7i&@s+7ZE ztr(yU-!mvh^YQTOY-^xW136%0wU%b*js^sj^&7^%KVrRx$G4>`(eYz}Mtw9MKgw!s zeo{RP^>`_PyNHOE1hQ<-J4C(e?NImUZnCon2Raqr3#zv}fzs=6OrG~MjD4Ms0d)yTYK$}~EvX0$)2i?>EP|PnX z?cuQI9o0`E@E{Vq`cSt$&Zh=bHDtJGH7Q*$L*s6Cc@%AK=i_8?2>j_?RSfqfdmgze zm$;u~iXn5#>lYHfzaQOC2c@AH#}a9i6=Ica*+(J|6uO(Q{!d zm+`;1A?KsDgNW^mErATrLhah2jG7a~0|LpC2m)q$VZ^1*I2C@h>UPwiieC*r^B(G%18V%;}n4C>(+gkkv+gE^0#8F)-D`^JHr zsr`0!EPbC#eVX_)$d%>Ir5NA6!)3+&DV=pS?jDD>G^qOpv~gZbdLB7sUmP~K&fUU3 z%!k}Ke}`RAuo3L;msC?SaRZyZ$rKKp2gtEWm%P)AKN-)*zukOGJDeOD^BVU@W+~!( z?ILMr=2u=flbjuQ-4oss(V8%hKUcb~p>Wr?PKl!J*Y0;8f%dGHhAF+gp2R@G_eVF< zLiMDaypnrfAAYQ+T7d5an204)NXu46%pO}~yvVFB#Nb;r9f6=rRhuQ*X?oIv$$9@4`W{`ZqhnI!3f+_15|_yUyX!IzYKt;@w7g49>jT~|I>O{TC?eZP(`r<XO#0=h}TRvM!inPR3=uRHJFSJ@UD?_D6+qJv%o4Vti3r9e+ zVH%vd7{sRZMqbYfFfb5r{QlnM`z91KoU8;#RW6!#?*2zL@h|Xhj0iUFV^DE!{QUWX zX&pn_+tm-MWcls#&fYV;o|yijUAU}6x2hSjH=o)pBTS<-vK=s}F>Yw}HTsbNOx3-l z@^J&K6elRsCphvo$mF*N33*$F?V~NkS=fyfSY1s1@UQPT#Jxzw=!t;{o-pwODnB6) z2c4#fni+fz{_(A+<6k|#q+FkjtF7x36PmR5v#nD; z$jrolZ6CxP7>IfD-eLY_NJWW#>L3Ow9uDm($IIGRAG-~7Nh_J;gD4IbJ-b;SRYR6P z?CVTw_Ore(+3)VL*wO76)Lu3`o$S>#s6+MWK(?zZ;0Q`oBHySmEV1}<((MCw(9{{W zx6@Sy)dTQRp_L<-(9?a`!Vk_scYq&YuB@h0`2dt&I_FR^r{_C>?JdV1pOcqU#1hTj zHbFUa&Pg)7VRax;xV&CSj#e#p6<+vZxj;q}BpdPojx!>kzoz1pxk!Spf4^u>k+JME z(4JZW z32}Q*T!ZE4i&G$x3VTLp%IZ=&36iI797rS533SP>vn11j#M)%r{1l6;HF{yja1>27 zeB|q2d~LpiopGpl#2nFFjdgRCW#?m=veS7|jGu;Hn(tJ8P%5{5%sV7OX#QTgg$xL&WHgF0Y`6Mg026xg7KU*jS2O29Nrey#bDQ2F4TL(TsCoa(3LIwS3= z;u>vXmS8yZ9J1|ZE}Yrnx&vMJDKeEvyH+Q3ev-rMg4&epJDhdagOQ;XKLC@8qJH@r z$j->#lR?h2KG<%Sj~W7{OXt3XW5xC&U1cX<>|E@EeJ3$-TT+KiV`_hSd!2dt@s)DH z-kL^{76~ElTd@YtcJ-azbaCh!Iw+X#fxmt`VQW@vA5cHi;Yuab0x`Ee`YaONyYMHRWXQYA#FzK-SBef+R2*&ewf_v>tl-%^p zuXyE7l1f?#)Uo9+2c~;vU8A?^*=GqkFe>95RL#696z|H?f3bNy8+qVY(-Eh;8XtOf z?i5Y?;PXQa$VGyMyw8bL0`05BeJR5}rCevfBWyBk#IM)Y@&1p0TMqaFAIx!MA0X^Z zA2w8L_BMXw`-$lFU`jql?GOeD*5htp`WnGS>hfMEpj_k!f;OAhrm~3Xm%D*>n6Oiv z*5O5|xUl5zO7B7<){LO;;_tVu!Ot;7x-XxZ`#(reY)8tVO@Iw6-&!q}t21QUtJx5~cJTqYJ6Bv*w!(7Z(PR1Uo((~lKa6}Pz95O zu)28h2mz!AD`gw)V{b2zl1@V0&za*IbHdzCGhur{uGmJc1OGq-Pb>lzRo?8@kgkbl zTnYC6I^;Y(k4zyVtH!6^yzREgirWrOFq}@e73a`1g(}if4aPtAH=5K2jDh!+++}$h#v-~8&{$hf;O#8t4F1@D)G4E zJ_q@jmFhCJEdbc%#pn{KAROH+6wQ*T(5=jOa82hrj3=bdmZPs+?1<&*mws{k2-@iA zcS6YbWUS_&r@Zaf;^w`3Y3iM&C`l3b<%7hpfMum z_c{M{a5wPkDnNt!p$i>Bq+vrp6nPhp#qOT}ldFRd*6PhDoD2+%Pv~iEp|c%FbcD0* zHymnHD$$Lf|O{ty1gziM2=8e5aY=#!EeU|5zRi~Zla5ywYu!N<+I$DME9E3 zRBuKS*RqN4iiB7>zpb}O?!Ax1#9@#_`4JnX$t@@o{ZJ%;8_KvJ*9H!#lazh;C{UH| zZQS+Xf@bNfCbzrze8;{?H86dXk($T3?W5FT_GDlw>&ZP*c4MWpVe>IFsf)UyvRDk55>@vFg z9OCLjh0}UlR-PNAe2&BUj1+_{VXsN2HdwYmr#S>QrVVK%;JM;JZWOO7qF)u*nu zSuc+!4r_0oi+rj>QR3+kNH&Qw_t_(uHB8jDe{K7OE^K|?*;^L3a75C7gnd^XtBI{L z|A6HvxPRhVh@y1)R%!+3pSjkO^u3Ze&|`(c@e#q`%FW{8U-yBkKE_#lw&+<~wJmKR zp!~!D86s!^iR#G}Q|=;H4D(=innuNP2Ulb-G}ltN#^jIft`~7Jixh$4+*ItB+2fK$ z1-MV`u7i$&joKg%-1r{2dL5@`qJZ4hWxbttUgi1J(AnQR#RnfS;#AjEn6xE&(}Q+B zvGljY(jztw145c%kuf1~EWhYR;L)$rkqewJgXaI@X71-(OffYbs-+5NWp344g-7N1 zJ|LAPw#=&1sBV%}PAzGD#xs2;(es7e?NNg_Dz3iRBSBklb$L$1B*2UGo#*Da?mjcV zpmKcym8ONgJyl^~Zo?_P)n4Ja5EZ=KATHDFs3}!imR=vu6k^ z-DtydZx$ypn}%bMGwQV0K*W?PJci2(lX1mvUW$U!Z@)Cz)NoWS!zGY0JNa}n-ZfE{ zW=i;@+w=-lFzkyx+Zj6T2hSim4OS47^tQN?~P&Q&ki>q zQ;^O)r*c*nZNJS!n$!xpG zNitIQa5Bu>szarlUiV2F{1z9;wurs9XI@da(ZVLS-Ep?=F2iR6MK|SDt=@@ql1MZ5 z*Ar7(aQQO!w6F&05=Y%@1jQ&CS6It+k>3Nib9@$?ud!R-A{})z+*x30?`D`tDcHe7 zlkEja`@?(CtO>qDtR{W%_v{)ZCH&6LKO+ac`aNG|9>iU6|boFv0G5L$$V9th)c_Uo#lo>%M;yD!>icC^ne&)Ld%*y$}#93~EcjCz&-b0<#GqE=MPH(yN{`V?2Q3f3L zLfI2Tngy+#L}yZGjpk`N%%z5+z^#M$sips6SxEW`sGorlV>sY&%9a@v5JrYJ>=iq< zO;?!XWejEEI=sPfAwK%lq>`>}Ya}3fjR-4SNW3;sI)v>3myrgCv&3^XWR8++X$!>m zW)(_ES8_4VKq6&aKOMyVl!d7sL4uMzrVCurs=V%BJ>yIx40iCn7dMe(W0JU|uWHU;0lEIc;u0|QT$^ei%n~-)tlr42U(&uk@$xI;fUHEOg0sr95h{A9gjKA|my7m8 zJprNQc2>)=Prx;8WB84)V^!*KRD+>p=8uv@XMu#^aaLd6li3s+JX+@Ife;~N%hn|v zM?PQ(DV)M6;Dmn%B0tWkCnKoPG3s+|J$C~9FA=2AAzxZuq-UCk8h#h3?@iT4VQY|@7z{^8Twr4H zdM|j55l2bXYDo zXxL6D&Fxv$8oOG`QQzvEKG=Pge&B6Kga|3BdfxH-5TWTzZmE2@G?)K=9MMzdXeP!< z{rp}~Vp#Mk93&F8MKR(TEjbn2yi%t-_x`!nl%}{Q^feC8e()B77B>y!knId-u`9sc zfATEX93^*yvAB3XZCwGzE3L(C!BLMTfz%T4#mn0}5X4C+X~>!x!3cCrS(#WOj+KAGhHvsn0t zB8MHHHrI#c-k8g_R7j2odj&v{V8x_5d0j zVSV1wijB2s-^Ho7$ptb)s?k}vEr0nOuSn7$%c2e4;GdWC%gPs66%uu{WCW=fu;O#i?21yhr)?!Xs$WT^;N^0 zC&rD*eMvXjVCFAMsEu)4EvJcT^A*--FR2davyaX@P4~Ed!4Wwug!d67c#TQkHz(}VBCsigP2i6@mRQ0(Ip5P*J(UPF74^`Gp!z3*X!r|D^gj56pJKN6m^a&4mPt zI?78Yc*#%HP0nUAnIix*5b?5^D%5M7Y@JPpy*$!Ylu)~?WPL5^R;$;m&t&5oTMhTrxfKm@ z8J1H6u_81Q<>w-W3Cy->#gwCb$4uKVIEV);U&$tMJO|fYWFg0#&)ihPMnsvJ2K#2I zZIv;P{q>(a;m?dF4Tza>FCUq3AwCGG+h}I8QkZK@6&7?{xj**g1x{YrQhTJ#V4^=n1 zBbg(O;6BxQnIW>JJt1_`ae?&Y1Q>Lu`-42j<7xDmYQ1>WOz-5oYmgf|e*@gk!&Cmi zeRAOXlTG}^SGr9=&oIn8 z@4MIDYwfjvD}HoPy>>TZSbxfuE29>DAFqw62j|T%uO-p!3Fry}&KJqxA4TQ-rDHEn z3rq!8tyq@^*9cZ^$JP7l#ac+>n$CVo$DH|(D~voVAu_ETIZ&pA;;)=5Hx6LEh@N!M z5Wl8ETSivJT(2;OJ&+E|M?L6|j$@3}JR5#BIBY4c&W7rk_6B>`3IE1Tv&0BlunAH5#jcFS4o$E+QHpYI{3VSg-)3>Guz!blLzEJKwcMV`p#T! zd+Vp>XYpHjgP2nQz9o~=BHqQqK0Cpf%mjOfODy5a5hio4krMohzM|4>eXY zj57DIBzKZT(p%E}WPj{?@{EbiODgziJ)B=T_F8x?B!xV-?Bj^6_PO;& ze2tpU1droOS&Y&jYP>JMuZ~!sjy$M8Y`VDEz4b;_;%6m269xL6_46S!>OeZGQ?Wr) z{0iPxiuGX>vMcEN=3Z(c?Jvk`1-S1I#2%I^OUKny4`|y*HTBLlr{8uZzp`q z;oS}tOWD-d1^eEI7(RnqfkyQav3?R?Ra8^?{U*>E+zt+f-xqAV@U566 z$F4FDb5vjt_^!VHr!mlvSR%7P>0kw7(3J_5%0TW!tVqeY5&TmRmQMRT``} zm8gB5Erd;2PL=G5-Zp*|!Sgu$tEyj-_5?!?Apd{vquPWjH{)@CeDztyC=Z(l-Up4(&rCnULn<)gY>66IJsT~kc@91Cz_t>^GW35^q> zYjMSi9tH%${bk?X&%tQ&Ddf*rxq9&tv-5+8$qEtz@erO@!yNdT_t_1VfSwtDbUE`@ zy;(uR6$gL4D(7~|_vCWfx_oQF@Jb3Pfgk(;78$}TWJkrRM)E+N9BdKQALs3{e#?%d zloVcjlg9!{u%4Mu8eRs0xWpF3ib+q(;;$FYhbT$8LXL@{6v}#=Oep?#_8Vq-r9?}mc-H8|n~AKe8NQxR3Ul&nZEUQ)U)^0jug@$l zDfw0GsUfAG^j#G|)IJ32`Qm20 zxy_N(Q#R(--n@3-OJ!#ZH0svi1#exA;d$@Mdp$6Z$(U7aQgSM}REN&9_FaV)Z!4ST zGh>QY!}(61a^{&0eyf)9X`0H_nHb5CtZY?>65R$qD{lL4jxD-uS({kv)zw8zpKO42 z_>j&Q%|rd<$v{`rOO}vRmUAKtg20G<;%|>STNTfmNP-pL@S-hxf{yln(|3Jxi3%C( zZj?Sf4E;&ll|eaTRhL~*I6=Dc0rUyOd6jxp(=B^l8diChi8I9dXrUgDET@L&Uf}+| zcn{^UDkceQcW+H^_1&{fl%YIoQlH)nf161Q)YgISF>f!<)9_QOYraq@!4P`5S3Aax z%~>t+ub_EvcYl+%*`GPp1E%y-T4;aq8;d0Z&QtzsN-ewV^w#q150v3tYGbUDTr#~N+JB7Y7)(pL9GlwCwI}E~uCAfc zPD1b5w%--bSMCxmb?=7NJ}T!#h==I?K$vrk&>o-75_K*5Njf{D$PV8Z0f$r#m?Ud} zs_jWLWOsYmulWD&aB8fNLF20#@i!O04?o7J)*DkiI;*g z0V=_@sz=ZO9e&1D^x<9vGu3>GQSeoa+zm;ut-_(*$=b46IT{VAI>0oIjbwSxxf!!- z(}gv!=0R1Dqm`>eG*s`3kxP=Dst1z}y(JBK1G7Z?iZggf3CYBF)PZro!oNhVY?Z8& zTPIfK?MOn5xif=Kf6-o#LsEkQ-?SPr>TViFD0_TzIETFAV|kKDER4M$4+J}se7@+4 zG7*!u*$hJv%mfbv%`=o@Lu-|POB=}C1aQau+&40XkE3>kfKKP~jiE+zBt8U5C*`GK z^k>fr0~SeY{O*;ehj6wp)lFC1CAGQH!JRQ+)pPhsHCV4&ys|VS$*-?YO*1KO1VHE7 z#G;w}!qR@=T7*c~|uo}|m zhjg`$h@lEhm3;gIwGK2Az0{tC8M>S50p-uguvCjszCywlfBdKl& zj_?eORFw><9}wBrEM#3sA5kmZw)t7dGACfA<4|LJ-OFY~A83B~8t1)}IR0F4Fh8B@ zn0Zid@2vR?nUhBfjkjx3Fq}A1#a-r{Z7(xp1>BUx<~p7wOJ}6U^2=wbptXS8?Ju|U z{S%*fqyX~W5mJ}#kmpb%#!!OAzb{^E<-J@SmZHKFdkKKV_erdr&2X1S-H`jjNP^T5l?XV?3D_!@(<{Y}{BZU`rE=ljbkT#O5iKMgv}eE2r7?<%CW7+{a1tCj$|K?gc$Jo= z(;&Oqj_mMp){tb}@^3_J@v<0P7XNjBHgJC*-%8Pc5;Qg?Dz4ULywU_&q}C3o{__Q$ zmM@bVT4>{-E^6>b>~IcOdH_qM)m(I9J@3Im*pHQlHiba!s3^&5y%su&5g#gas$iVN z#Kbw7lJWUBLb1fd=Uy~}0#ePnVYna~Uag0axKkHB0j(&0|J|N!Ds)dKzoWGrxl3Qr zbR*C2cq1z_C}?4(9p%)#;D&GB3n`n(l(&aiYZA`)vcTpo=T5(E@AJloD_ zOm$w(=oB{GEUUc^3pp6sRSA2B(yo^NOd{2Q!`7U4O&MjOfM#2?zppA~nlK`ev1fZt zb4(}l*%ew8LIGO~EowhOk1QCEoJWs0VM@dqXbB)RhZYe7-ua?q@!gdFkDeNugJh$R z&I&C=oh2+WZmdDJG(!r^wh$Zds$&u;&CwCj9YfYYsZBc6p+fcVd}5db~;?9 zElnn;r!4VQiy(+RT=GyLP|`>i8X3h6Eet6~%cY)rK`+W!t1IE9U+ane5^%rd5XrAC zde8|e5ErCJ74gKI^(J?caK!zHw3E?SS{QE-s!#>;*e&B#L#Jc#bhA zRQc!boAY1g9Be4;Tf`rDEJuH>e$Enp{czrnbxs|nl%u(Imh@G%R*Q(~tb$}=G%1tt@GM>rbgnfYAEzm0G&!d#|PN5|$QSxB!hHat4r-kV8`bl;h0p zL3=1B>Bjr=>A&{G-@oGvvG4gT6i6|#!l_UONmc8UWcEBd{gddz)46dWN9j)Dm zkKACk|Nd^Gy9-diwxM~p?_;P-$-IyltH)>UIRiDPR-oOM!4muggX9h@5?!9~U7q2G zC(BJ46h!Y$TTOPIe^lm?acQ$^QwK}!>!MJa(X3CDRd&54o|NOR|;f_i5M#-ieoC zk{b=!#6Pyd(LeZLYjWTJaXI)}L>(}!^Br$|8~HwU|J#5C817f3c{%#AuklB{;d3~! zM?uFM4{-6qRC*HsNiMMe-pszT!ses!#91WaPg;BrSI`C)Kwk-4)M$0r%m$2Ex=yh^ zC#5aG(tdurTbB6fdiHFx#&Hsv-x@k9=Q8aB!quz~igg?G8G|n?wq{#RYe@$w zYh0{Occz6sH*||kTU#iGs7~=RBCDk!<0zmKgO1lyEY0*e2 zTr$o#o9#qfa{edpro1K{{Y;@kJ)o4ta~8^`0adrtJpb$?=eP7JZDebB zhnHPu5VZ7t_oChUCzxS_!qCuW|I_aZ3^M0T2*5MhfCVW(;*+z>&HpvMl` z7%gJq(nbh2vhWEh3+f#JQYXiW>ZoC2YhVo|Kcgwhfqf`Om(m+)6J8)~f<@o!-+K9% zcK(as3t8a9dW=eJk`>Y2Ke>(W#+%<*K(~RBX;+xvF1r8r8AY`Ci}Yl{!K;rE1|@oY zT>6!WQwRp3+^@?jZ(1JlxP}M<+WgbW9V%6eFb`2kE-ZdQ04nRqEgG24Lo{`h^&~_FDGS=-6FTP84AE5Ngfl2H8q z|LNer(oI%KFtA^4?*&Mr*SZ)aRn^gJNqCteL)@{4ccwsV0j~p*kk8{{OMM{}FM@5M*d&bOvskyw1OVPU)LqP?Cs0m! z32t4ez{G~Yy`bJW`UyBYKuu9E+D&DIreAm+ZBIUoF+;0wZ%f0p0%QaHs)4!))r3@& ztkonG91JKhI4Ce_jsLbK|8gAhZ@@Tm8+e$aHAzM}V^p3$eT$7DrpggkEgU73e>a`| zaCInUs@{D7^k-Ush~f^c7PZKeWH6+jGFo->rA~ilcpW>qpV28w*`IUIzq}ieEJPDc z&BRCHtD1O(&SlvEf~Y@TtgITCnQJleE{ZI^)mJ=FQ| zi=#?f327Ja2!_s z`98onY&n=A0TvIeC|cgg>sQ}r+Gh$=J=tSb_gIbZ$%nj$zt4Zt*rAG=NVe?Mia@4$`J-pLGH zF#p%QMy4QdoHE^^{GZr-r6e$CUom<|e#;qn@Zf4fku1gkKph~aIN-5O{hw|Bb!*jR zeF9l##EQyybUwe(Wd0%-pfHkocd7 z4+pFkRva%$=d{0^sU75Vod&j1{QC{>um5&sz(Ogry68~t|M9%oFGF0VagL>5ar~PR z{P~xv5pvW`;9-J{KxnI_Y1g>7Wk~s>}?0=@7=je4o%sI z1RO+u(ezUMCsQ~j2o!uuaI^{X`x{spz#FVtElZhyKYW-5a^;cwN&oTv6FI@6Pqghl ztodtJ{+<4{$%k~1VnLh||9BP{NZV$n%nJ@Jf442D!NI~)%SrKl@ke2-k#>rjv*hpX z6ddCY5E{mWtApqtp|OFdUPzQJyZiTd-j4ux-Y*asC;6>hs)EP~6g2LB_K$)5OToe3 zA(xuoex=)=i!+cHXI%9+{s(LR9&%lB3;p-9g5YY2WB)r5|FIY_An7>tKh^*qkNhHG z;jF)tGLUT)5>|_u9v@eAa7c_A5g z_di(M;=m_Yqw84B`@NLFAqNOA=Y($ZKbWTZ|8dS&B|!?BWcpJ&@N55Df&S0e@DT7> zoXAMbe+&vaORgmIf7Z*toL>|i*1JgU`5d%r44ebx=U}nOA+rQX|7BeMy}SsJ^1A!* zK>7Eb=X${5da0*k<>fyfZm@&Dd@!G@W@8W~=~!|QSN`v12Zf(00*i7sLg|3>M*vhv0i>3iEB?J5gz6#H zvBXDT;?KpJ$cqPqmW}@d2^0ch;k=|8_=ljepK{P){9`o#<^}Lvae7hzA@z^QFQTT_ z`VXdC3F%-c{dnKR^;hE#y$HBCTvv`dgbXSJ5cRS?(G%^g%oY{e{75k^N!Rk+O$piQag!*Of9I4zv>L2L#!);f&Ae@iG00KBJLpn9|dD?1Eyw z_ZuUzfK^)c89sHuNq0{V^0W`~?i)54Z<-0bt0v_E+G z+3E7dAk;joY6I%@PUu=VzfC%R`S!v0Rz%Yb^yIo((tRg7*}h)Sv?MqtVEE0Q6_;t{ zrec-#Cre2<7fXpG6J&ia4QL(?k(5nPGSZN8zb%PgS6MvmBY*eEwTgr=Up=r&X-VsS zxX$|M&7@C~H0K*20!cFPiXG~T!@}HeQ=st4)*gxUhjs5)( z^XJIf8ZCaH4vs*SQHz6_Qf#Iz0SPC)J#p$O{C%J?CkG}j*5^)hy}es<{(w?%%kzs#VR71J6@T+`JwJ;Mtxk44pDzd)CFc7^m?JU z^fn?OVNWXYvSPma)_UVz)0&y-w57v`hbm7xejGkzwK_;=)vvTCh|^`RqZd=~aogA; zSIcI1!bE8;mF5y48sB+Z>1J!k7q_=F7aiWeR;gW_Y}>*Pm58ioC{9(Alul6B&chCD zk{u3=c{k~*x1*OE^EDG!#kZMD{Y9UlqW8LR%#Gw^I(?EFd%dCEWI^pH76{ux{wurY zn03!!-|$JQ~#|fIH@pg zNEXa!fy_UZe{;6Awc2s=yTh|U-@Q5cG$D&;m!R-m7$j{Ypy z;lT1xLo!HYF+M=hy6kjtmnU03?~NMEs(?v?F_yr`M9+fdr5^(%h8?6-ssRThLGlfm zq6E$_n`#k9HJJRoWdu`PF=LsD&J&c0Ppr&O_^!suvM%fP3caZNlKJa3c1deVS3X}j zr(l+7`AK*=zcS3KmrM6f=V8tfu6)YjBGMP^n8EPS!s9e2CPB#%@&?~t2WnZNr%j#} zvb$YYN-F)9-TIi1|EYUE7{CpA=ohJ~9}$z5>*pidrT1vkzHB#~2}Ty{hySxGgka>} z1t#3~?PApL4IcC{eAr}d5m8?wXoTpY0d)(<4iHKQKu4% zG(1c_nyh8E$%8b@VWvr6_Hs{=?+%iQEe~K#+I23Yv)CtSc#C%w?47BcWd=(W{HUb9 zfyAHK5tr%i9PdRAr^T5HEAW4 zGXn3<;JcPx^SU=025uTVT`KKFCX1^&Bi}^J;B~lV{OM zdFt;3IA&^zk!vTNR()fY?No$H#yZSLUEx#b_iCAbH_vA1|A2m+p1L38%Jo{xXI}}( z5}5^H5Y*CXHZoxI@=__8@17Uw6y7Q9Q(I@gw4;H)}_8LnvERf7-HBZ zLs|=~*}5N`lRQ)Ppu!}{qAH~nFn&2BxAk&&)la);%H-Dj*j?=|I>I`Q;*KPni>s2% z=WaY4`MLEv_QXWm=Sw<;63FUQA;~ljmp#y_P^$fIo07R8?D_M{r0XMu!DWdM`&f6 z6zdi(O!xE;=czA)n9fXKo_fkFY2Sm7pb86vD@af+R?UJG_yj3{2T{Qp1d4R#>J|jP z5ti0E{1Dc!bIHj7=vIsc61>%~v=sVw+aULI@YQjOm#ci^omad?93?z@?>NP#m!xpY zpM2x~QR|#tONd}WqaCfV{mLA;4amoCABO2fMd4BM+nz?pPzv;eGAv84&1Edc04Nf8 z-%Q;D`0D$!#<-!VCyPK;(1;;Q3Y%kPDWKY1y~g2($DITa*jx8>Csbms)2b_Sm~AnR zALaxbj5b1*n9uEFhC~$?cf~i8(U|?GqHjLWp$4s4E);^(D0R!iI$KXJy3mnw3;3KWadYe&DbJV23Q9+#Yg&C zvVjKqnwi{d5BC)P0STOFbJtlFy4|yt!OW7)o>axz9NzP zUyGDX0kQ?zf<>7y8@kKAj4-(#^lN&-A)+3<9uBl!!`S<^fHlI(bDxEm47`Kf!J+^CL7ie{Vc&1k7x>`go_Sn5jS5#C$9stg*FfV*o9tsbmt_l?TE{NOZH zcs_p0T4(WY+)Y`uu*PZ9TfRUhnloN`hdWEJ(t7V#%hCJpz=5OV=?#V(t$J;nLBj}Z zJ?F-)n=guLcqd&ZW|kY`f|O|3BT=sJEx#x}j4qbtTv%8^-S2LCnWZa7POgQ>7pe#t zv6FB+s3hx8(8haA$b5gyOsr z74s(>MAp>YETh!#_PUY-=Q8hxRy;i`c9bu=&wo&rOC%W-uH)lokoP{VVJmemO{Pd2 z?d7L}Yh(TlJ?4XgSGTynp)W-0*pz)_q}5ul@I5Q|v_rB|=S58t`a zmWNGRcS`m{y;?gPYu8rM>QN|sFU?PeXVfn9s8zNaw{k7d3!-%LVixi=Fj`r3pJ1=5RduxqX9 zDLLs_g#ItYs{(n#8b=H?{N8M!2_&jpAop&2QvKKURde$xNCVmII~_Ce|J*3xJkwNZ z(Mx!YdU;F~=DHXB>mvJ>^UPGiRH<=e)8r%9h9Wb!I;(+K!^IDHs3koLwe(k&7ki#t zP1U)Uc93c;nY+!bkD?WzYfN-pwGnE32?Di!!!?eE{mCn8!7TCnwj}xu{PLI$HCLCgk3D=@J_|V1QeN+5 zZ<%*t2WE3<`LTb@SZ=qSYlDZ1vY5YZR^!Ds_Rc{E>nhZS4!d z^o*E8R5{RMKS{}_j`qdE`3l9ZD8VpcEhY?YwdJI zo*DAkz>ySnZ`gE0rl9z`+RG^!`B-PdSMhi=hj=lhk;zxSE19b;fCtFH_7#^7`zjM3 zmHn4DaQjwfzD7#w^ zV9w+P)Y%_kwqZhMJtX~$GV2s(fQEi(Ls7YFL2qzt(t9aa*S=BSdGJ?Z_|k&~TvEte zGZKdTFdWpNb>k^dl5feqB!o1Kzt)Ip_%9KN7xz$lTT?w?vgvh%T5ZPOvr=Q-F~_hwo&Ik_x4*ref$cZRfa@aOu6T(&ATmGt{+P~8iVXt zme5>db(;1EA2wPw`PI$^#+;TKrh50{5m}~qr!O5)tY2?4Y^S0VPZknBT@pIhkea20 zxWn9XRoSUF@IopX+JqY6j9=lgrZ z5AJw`;vDBf`c72`68er*_wUv{rMvDTIyrWn?*qIktfqm-F9XLt=`}HtEI#8;IUo+> zq)Vlgtu>_PP(#}VvaC0cbf>m2;x;73DV_wIC(s#>F)emY*i|@Rukn( z72r?82pn43%TbKL;Ac?2e0QST`g6SDZ8D4Ws}y_&)$t%tLYuLpif9aa)C*jjO>(*)9ZC24 z6+^<0)RZ~(8oeC1ajU#{O&HrjJAhI(Y;5sZ2wq1r$S*W#?VL+Rd&p_%gT|3)-W|Pu zN}NR`eOQQPo&{Lr)fxr6m3+{~$m_b>*0JELZ}h9I{pjVOl5qbhU&aM}_+%dl)UyDX zW^{Q@7ej?nJR5ZU<}t8+hAxif^kA^9ISlm?$Q&5(6(1H2C(j&ZwS9K0Z)uk)kD1nb6d<#wc9-ec(L zaw(#)KgJMZZxKS>Aq%@zn5YkZwsw5QAmKkB?e#<+Gd28k27g*99_jp0NuL1*`x)bI z^Eat=BVMg1+iu{v_dq{4L&A%(30jrBhbUL{35_zuR(2V3c^iV)ClE|G=DDEqi=rP@ z`2*WM7#-Z+;UPbo^}?i=McPD3Dxz+s?u$-+t=TXwYJ!@`@>GI~ad3fTaNqgJ%waqJ zmIA@i&2w7MGCi(4b4P*}KV9W%pk1qFD=B{77r4vccf@%dBX-=Hlh;+~wk~z~?M!+* z=@jx)akZcf@Bw_Zq(d`XU?54_6WaIQ>9IHOw0`UVy5hVn`FQZ>2h*tdOs(8b>@mCt zKB4Y+n(CBi(di77Tj(?PZqjum`Toj?r^w!ckycNBQY61=PfVVnMNuY|mn~)JBYap! zYEbv|fJ(}9=TqUJI)7`i9~4DlE^X8Eb05}Z%^t>%q)U6d6nh?tczYBJ*?bhWmdmZz zZ@QjfBW@^03w8|;v9LD!T~9B(9P+a5Wu*(NE7lITdFL=2Y(i0Zs`|WgJusXjC;4F+ z1P<$r%-$P>ndU!m5`s9U?#I}_2&|2Cd(^N)M?yFsRnHNr34PO-$(QG4BdjS28IjkG zz+TRbI$(^O<}lTi<0QUQCw#m4Ei#GmpMD_e$m8eThIi?|&-f%<@Gf3yB#1JXzRxZQ zkGe(Dm&i6knv(iO1Qm-c39WZ4CTb63ki|(8CEtk`6l(Zx7cabe(wlt9ap&xTgcA}~ zX`nJ9nu{~<1-*a^I5g+kAFHJB8&|VnoJc&y^^&Od)S$3Pq)MuEF~%lSO$qBWT=kp@ zIJ_%ByNXd}%%Oy$iW%N#Zy53zOd65d0oAqwF0qRsX?Ni&U=t&Yg}c-Mh9PPWYJ|1x z4Ws*lQE@J$S>gjywO_A|>Pv%5zWYu&NJ*q$xtK=vdt&5b1e+6J4{jY@`Y9fYaRZOA>l64$a@2myUL4?EGEjmwhc0Iu_k-;u{M>*L-(;0h=yI# z+Ro6`Bc&iN%0dbd1YcNHa+Le(pj`xO((u66X|0E37WB4W=QD!l_3zNZcByVc@g%DI z6jKFT9*!=zgzR$JwX%3!e*ACMhcQWs~H$3i_CqeeSIr^y6>w=4d-< zYz78ulddyo1aWMOO7^H=9hoj{5h^V{*AQcHVWUH;qWm}U0i$Ejw)G14=(pRF%cGBDjP7Bt!({KRLId&5Gf5tsEij^@4jjpjO_q8q@1rjeMoM31 z)|%w~@~xY+Hb$?zEDMyc7jegRemT@k$$z9Cal_bqIRy*7ZUKV3?&|~{R>Qtue%ZW*qzY=G`-eBfXblt@}Pr)xvn}=jk zxnhPx0jN33FS4?L6=yuk%oD4F(PjK#!XZA%Mqu+gb?R;5(#Hkr6e{&H!l`v~uQ>)6 z0c=B`&~4EdEAeBrK3&>#Td#s{EN8%v#9#32)8@{q1H9DFp*OXbVSwp9hJj>TE*Om5jYG{N%9t|!1t>)EuuOJcd)w=%}GgF=~*D;toq!%AZP`OmUb-f zS_a|H=t#nuj`qvED@e%1eeU?Ow`e!Q8+X$~&X$Pzi`0nDohaYrFYkXuWO?uRl=ZLK z4ACwAuN;RCB(~>5Y8Chg+rz+SwVuam$&0(i&JLK^9#G%1ji2eN-JD-DLqj8~!$N>l zcP3n>KH3dJiIM)KcXYDR+j)KBL&*=aRZ9uNx+rQ5TnY_Ai(x7|Y>Se7-4;Pa1w^4PdVPLK6kLu#*C{#h)kFz{kz&#$(5Xuulp_#q~`u^_6Mu{YY9Z z{Mho)A>wVb%kxy(K*{36o~<8MA5d;cIXuMDL7@{$K$;II+ZV8BbAzPEB+X38pW@1M z8Mk97)LwEwD5tR!mv}4K#jM%~Ae!(ynsA&_f?AwdP}e)hY>pK!2LS!Zui}baO$HVWhs0OG6u!tB&7e7+O{J3fa;8Iy+hiwQMcWe~izz^Zc!4njPDkEUhlrfm<3k}I$! zBDalGe2CKaQFGJ)MrJgCSv5kD6#!^|4EAiUjYG!2Xf{4OhbD)b;m)(Gb_GSoLPbNx zd$4uqYS7^%;hYe}IO-}C!KPqp&Wq(P2l0dL?dQL43jAz!Kyj=X|5aZCU&GkzQ%lAz z-8e?$^p#f{V;Rby+8LfK{4!)i3Atx>6)8NEeCutn4D+-u4K+5d#smSv8@`4PujcLy zmMFxa?8D>|fz(iStqYUbl90z?yC}n8oQEA@3@U`poy!q{eAUEB2VUop40HBvA=j3Z z0b%|Rb-TE%(n41uRj#{cbFs^`F9lc8hb#rBZqEsmIA|Do=+0cb)$$W2V0SUI#|~iC zxDF{lGK-T+fgIhs#|%8;LA$RV&fE`FU*V5U((=zoRb|@t_B+}j?rXh(pziQGnR6i` zLP=FPHJJ;g*kf~9q=nFEq&ZTjh}b)rq=iZqua)k3N!`$rfM#oqmw5;7nVZ;csUC)} z)-8w#{g8Sh-Qx54xQ8MuwOZe+xxJM3F&)*_Te`GiPBCIq>x>_}c+K)?+`=v`5F4p3>b207YD;f<=xL48aG4eshAyHjq1WV0v}|H>o_|;7!)D$I;qoS z!X(jtk%oOVcx%}q;Z5sl0@ncBpSbLw$axnsm@mZk@$e5KfJ37Ct|Mu&_r(R`D{O26 z4K*M}mbv35+`1tUpq|>TL4j389PfqT4hzb-S`HjxAh}TGwRjLnQ$~Pr)PfgdYNY78 zSgBDxGr;=9YTu-!b}3Kbt}4l~-zH*|-6BtdAr>=|ufXDC1x|HCmJ7B7^htR)1fmAx zCDv&BfI5hiYNm1y(Fl=xin(HP-&A8V2IpKOP55Udk)Xs585LD~NIjOuHA^>f$6WyX z(p%?FdesZAzMvJ;gyv$CIbHcKeIzau?-lPJKZfCJzf~q^w(n2oIskNH;}M=uh^zV7 z7xBqyzQT*7spfHd-cDZ=$z9$9qNaZYB5}%iiqJC`$zbu3FHnM5>c)J+Ma_B9@7qE0 zzBaAq*?iLNUUg{Zc;a7SYe?Lq>`nKmbM4sr$H!8aFx~KE(fhXxmjPD1;JJtDy?FiD z6ukq_-FOOJdkDHr)+2}3K~k4P<(d}A|9$(&km^EJ|K&{^O`D20HIDN*bOHA$(aa%+ z0k+&1fMlUs6=%|i;W=K6L>${-XY&+jy?6lHvaKneR1vu1V8F2r#}_qB^YG4oK4#BJ zU`JmU&c&^B^PoM>7R$uxXKuzA4o~KvBi?(Q%@bn;gd+sysEn~+cct09PC!FsF&I6x=p1Dj(8AA4~Uvy;ip8Q|Q8!yYtFcWaQ zxCf~ukKY7bF3L93=F&{gx9NYMA!L>2x;miwj81xyI(JIxLM=a$#+^4j01la#Vh!Lg5Yzz#!JvgP``?9;VRZ> zE*M;3_`dO3Q)?wLWy5b~Y@Q_R%pWW5mZm1$puB_BUz&yfk=jeQi2sej-9}(`QXdI~&edxNZhF7}twS_Qbhs0}qkZhbWC5|Iq%=sj3@103=1Fuotmr0|Wa0viQ zWr}wALnF!S6z6C!G;>1Lt}Ke%!bREjwnIL4B4Q(p;?bEYZ%Wvg3c0Un_yRV!Px+f9 z%!GAV;@v_@QKzgl>OK(1 z;j(W>a;?^QoD}GEp{LLxQYz4M*%uEM**~=*Bzs^QJ=CR?^z%{f(h96$ep}*RTd5T2 z?N?Y_{u*cQ-(dX|Qrm=Gh7ebY+iZ~LH%^m%iy&KJEbjIS&7+=IdtD5QKHuk)EwM6e zHTU9d{gi3|XVrx1-gZOQL z?6-M|Hkrvdbx0iy+Z*sdpC=PkgQJ0$#K`W6Y*m~$o)T9(#ty0l3Th51Mj*CS;EU}Z zQjOp>+|d_OriKL^&mB=CC03kqBFMyv%_=G2YU@84O|`DjRAMXnq!ps|z!`XZv`dsd zVW4JDqmBO;v%<{Pid@?97*1v`8rQ8Y9D~XA4vMgFZfPOXi*`xV@v)6V1qRZ@~BWF8s$B7Lep*dBGBAh^lL!8{?5Fswwv|c zoRRI+tNVQ0eJk2`phtIPhR!O6>~2~X%!CUr55e=c6lFJS3bAvadZ#N4a|^R2;Tp7QI&@b=ii6kYZ@@jn={Zc%)+eW1EL&8~C1qNO6*`AA@1)%5K2w z^*-JUTnrlQ>N0~geA(M4^v#@%vHOwn(8~~%E{rZ=$Y*FMv1YhIP`;n{himhQ(%==W z?mSigUrzd}u1~#V__*;R_Ao*lT3_PD8m68$=v-R8aG!*CzbCvY+q(VeV|v`j_jITK zGcyUMflOl336;+NeF{y4!n?SoiyoA`()1^JlG4G&W}!S(+q9_dgC>Nggu~9@x5ktP zPG&zwXX|>GIJIvBN>tjJtM+$hxztGwKvgo)u#RDK^OrTjpp@CEgQ8#{{4mJn3gl>C z)WwMpj8D4Q2$~a%-B;lR4WL#qxiq&z7Vo49x9DBowEh$iqWu%y)pZzG>wq~ek3>6X zeBJ{dRl3*pBU@D<^hk$2BbQPv1*U28pfi#(A3IKY%Lm5hr({5m2pxn zX(j+siKNfusU?_urP_-Rm4Q;WPXM$b8&R+Ikgi~pc2!?r8lkdBU%zlzfwhc|@>D}E9#TZx+bp`&c= zH`w1ZwY4pYF62a~EsyApJ(VddR@28;zq53gZ^Vz1^yYoqoE8bW+ks(0!{#DfvH>Yx z8t^aebiJ%+4Fc-^(`pVvs)Ze-WihIr%gn=5tuc}HtA(Xj{Te2I8WV)a8Y>a%K9xUP z-O*|(yC~lus!umwo`$K#pts|dGHL|e3d+V$UvcHc$-nfb$5RKfu7qd?xj_9L$JYA= z0$j;AUw&HC(TJhQzy$W+7olza6R~`}Z&~`a>6e#&`8nc8tQ&Ro9&3KA0(sVD<8IUF z&XVgVpGH?r-@G78q4>$qX-CrSb@j2SL8|9*$JjSTgN%DFG;(I9Bly==DG8OlZoPkb zw}G>OadF8ai>WcT^|&#*Ac;|u@_Ph;B^R{Ri%0KsU1qL$w-Wz2<1?d&nf{U~On!)M zEwy-=cOo?c*Du)kc5mR9mc;H+{Yn#QVbG!U)I-@Y{NSoLEhggO9I99~TZh=I@7Ej; zO^71)x+u^ZOk$;eZwLRKNB9hbq-oEx_tkNw#fX7gdiyUdNg+#wmYnx>#yLeFxrF-$ zBANH0JTAHWFHr^Y(r(G$xrxvgQq|ZF(txTK7<{fJZ)1zmKXDdNUHt&jWJRcbAjcgMW>9OB{MfPdS0l|!D%LNxr=P=}J?OMDm?_;&E10A! z=(V;y=vH2z9Q+9S)xY3b(1q=TROWtc4>OgoE0~|Hhr{vAd>Td5{T+hmMnI@n$i9^gw zuQU>7hpso;gX$`$#vZ@r50wosNi>9^L?jzyBlZ*;7`p%*Oo<>m>C*3CnI6ByaaHNWY{;)}WKtIX#Y1cA+CJc6kTW00p!(w`|{xeI{B&fp6El zul9pA=1jPrm-bOqDzk&Mx-+eVg&kO59Av%aiklzxx7wfEpIIX7 z&8IUwE_(8;y7Owl3EP?El6KAippaJBgA=E+>|@^O^@g`Yvnt#XR3}3OpnL=v5Qyyf zJ}71RiQSRm#KpNumSuJUHoZhPb&AH~`0tMJ7@45Vmu|SRG4>ryp+2-N@|0%HlV`kC*o{qc9q4er^5BMQ`%--kP#6;pSo1UukaZ6lt@Sne_$*r&euMERmtS7QTMlt_rp#D0~%oibwf9z{RrjrH$=7)waTqdy zrGyP>#s{7|-Xo}}?LCRAT52yDO`%9W>7Nb8@@Dav{4E1 zL{tr9KY#81$SZn}d<{vh0dVSzIe0Z|phbd59|UzYWgD3dn$b~tsEU2gh}vmz7d z&_?-FU!=R?Z}WO{SH|uBjva{hUgv1PwfYQs?ecN7^M3&b7>dw#JgxiyIo8yRSg$mY zlr#WVK6B=5rQ)vYMcrT3`ym*KxbQAcX|DUZ;SLi^Kh0>bBKy=dv>Tp|tfN@XbtUjT zC~$+Mi&bP``G*kq@g@$D<*&&7IAP7kyr3Hb1x!6AGb-Y)yd;@a z2I;AgW7(t+T(M(BOO7wqLm3x>$g5Zcf4l_gcWcJrluVN3`iwRh1PB6$OU#%Vih?U` zhDvqvVILvi#O3LMv+p2;(a#)BDNx!g#r{joX{r#Ds)q@qcU}oD1Tv2NGJE>d{4n{I zd`#xV(NH6{3qucym3`1E`am`W)I~!9nSEMdR52}h1V@o`m`B4P@o{>Ki})eDNN^hJ z-+h?Hp~b*g+9tD*b~lCJ&5uy$|1tI!Kvj0_`nVEO3L8*Dx&>*F+@v7gCEX=0wdro9 zQ$j&XkOt{SX^>XBk=%60Z|(Pezi-a@&N=`2&p6C>V3g;1*0a`qU-uObg==;N3{AQR zJN0uL0DhTB!7P>C8ozCIism`qo>CI&e9a53*duUj_zX0;eaJY_Ma=t>WoPSuUwz4 zI&WR-Z>WnHCRK*ahA>;Q>BTYG@mNuH*-4J}1(!;C5Al{_OZNwkQx6?eBKuC4p)yFm z&5JMb8s2tZijEf^9Gv&e!3#2~Y}(Sz>Q&(_h`k$B-(>gQ&wc8#T|qi}8K>KP(oiDd z%AzLR0JhTBHq;+kkE;#wq5IiCyIicHaQxt3hjP}Sr=Vjg zzwMae1tGgX^PDxTmkVMuVT>6Sc!#z4M^eI?MSCazS=XAvxo8cLh-cxz%%gLSI>Z?dJKNmm-xRR{y<8X@a&n%DAEF^ z3l^r*Y@s8?UjU-0Dpl;SV1U@f3Hw}1$i^98x&v_V5QI>sD>Mi5eFDUlx0lD(ETSCv ziNYb*wxHE=ULS~?uCZxM{;_&o=d@x%3l;l5G|qbZoxRT5EtGKPct1cCTU-o%eX>-)c-w#fp{)vNbwZ-ZpypQj9 z$E?VDJ9XE%y!z7!gam@J=l0^#>Mcp#LP#drzkQ;%BfP@J+93EljvpPGaZgibf_=G1)0SonRy4mA>ONz|fNifK9sx{TyVHgLT12Af;BJZiB6WVm#qg z5f{HtkcRY~asdm}T2Ckn>Nfb>(-k3u2!{nwk z9Tf?0W)3Bq`iX`B3zUQ?ML(%gYV4|V(f(PoIWnVQYFfW@s1hF)?9=`f z#GiVZsxI2z#0$0D|F?SXU-JTqkD@tvS+vf*sO0+G=gLnOMypriFWV+iLKs3Nc36Na zg=SmxhNf1dPAx zc}hFi|9l+=1gyzTdE-8l2BYOo4^mWV62)L4| zvKZW1zCRU5(48BP!7~^oBZBIVU-ts==;aO3?8%56=p9M-q+jVB0WH`YDMDvx;-RCA zm`){deMuXunZcY@*s=WSMkglA?raAoDePR2I3t{oK+l!s!sfE#&2ZZBq!Q&&WSf6* zt_?W3pZ)*_dky5lHsmAalLVQ$DxWL2fW{}P>#1#5s5f?SXYeE5h;jc4V3`*+*sCd( z_v2e863ONjiSlLgyxXT$)`t*!&y~i;SfOtG`r=qF^hHXAQGc<)E0VJ)j+155$_Y8T zRtvw4W&28z6Adqjd#_pJc7FMamoGzL@zCG@<*NjoZysd|vRph7-yAUj&$@99!_OeL`NsqZR;1 z{RX$PbpSh$ygybj*J+DUFvF6OI@I9}#ZrWILhG7yO_jA6Y8T%~1adcPpK0I8cXC4e z6VYeK3RmK9wJ;1BikKWcRreQ3>k^*{cPEZieH)>tGwmY><4gPRq@{ z{^8NG>ADNckZhTRq_no#aqZQWoH<)s#Gy_51SvuR7EdFEooUi>OhF&DG>fajH|GCo2k6sWbqM97#k~VvnB2z8 z3=In=+H&)Ss3ILYT7hE9O+~xaxA``?mFv*}aK10dL}Mq8lF=4i{2I`!iGM0Vf9i^$ z$E}*6krM2)czbb9k#?`Ls0Os*c6d8eBpgedns%gNF9Tp{BB6JkFImuSC-(ZHOzFYm z!UbaXRzOkNZ|nn>^YkF?Pgi9E{B@vd!$*Ia5g=oHe4oA#7jl;Bsz#8|RY#a>TY*Yt zq*D0vg!{?T8@5@3#o+yuDZ_Mnz#V40yniP+_DOJ0E>Plp5b;|NensFzKp%5!{dqTGc64IaqOccU^Y52N@ zSuh2dR8ZH*6ewoueK#OtkoH+^VsI8FE_F)QA`Eivq9E%|4=WU}X96)y<-8V@WL% zTaOpU%?rL6e+I&KElKGDXSng>T=&!y%FFcq;CuYuD)qM446P-?YnevhY`RvDj%up< zk8sQqR%L0I2!KozGL9S;)*6-=sos_KC-ce}L+lbFNJ;-}#-wEa#V2!Nk2+P0tMVOX zY#arV*>x@qxQk{xt)t)zvFoc3YQh^PpI_BKJiI8raD5srIwkIrdo20}r>iJCuQ?jm zQ_7!$z9v@Rb~nZR*sSJvST&EGx=z;M-9`Rh2>RN=8|_@VF+GFqNdE4H$`;v}DwT;a z=R1|1_if(|J$CNY>ZPErgF-nTnLCFycv&bUVDmnNNLDLv22JkP?LCNc8`m)X+KJDP zx`K4y7$sPa{*C)|?ii;~{$33r+YIhW%Z2MqGx0_N&D<-2P>%7_iVRh_eT=DmF4APQ zBl{L05Vm&U&pP`ivF1y(jH`-cs4tqRal11WqmJl?n4+n!yi?ty{~`H(JlJNkMd6lVmv?&6p< zT@*}nc%IY*pEeGuOsI)q*2>{f($Ces8Jw z9QZ;>34PDjtdKdTmX*q|q6eLri)-dST}=@zrL6?arvY{0XsP%!2MLdLJ=XsLP4l4B zVuCZaow6o+Y_qH6_7_1`2GmJ!e)~B29mUQ2nYHGtY1cifl9`s38j~|}>BZ-S<6(a! zongX`ta{aT19xLb#+pd2EIfaWb?_bqbkRd2N}}80k4bp#AIoFY_`DmVqxDH37xsQF z0*BBn@;^F-q7$;y+oq&D&a1g>3wRzE60|LOhl^9%M{dpG%X-YRWoeZIPob((iX48w zla=2=P~c_*}X^6DnQRYV(kVzz&>}&misJe8oHb=Wd^&GsQzi=cyOJ8#A4a( zXcO=nV+C!qOZ?`nW4zYvhS6ia)9+**{xNafnr485IWEiitQ|{0sEeNtMa+{ZToJfD zP#{?=euFnsN+}w|2Qo>%YjraY^aUED%B!EK8uTFq^=9(hPJ8t#XHN3`CD+B%v8w!R ziR$7g;V84qfp`SA>IpXtNyy>>q+hCOqIB!eTX1}k4zMKHq@7I)yfLI^*uDtQRc