From bc474f7d4eff999a3758b575979a1e9c53e2900f Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 20 Jul 2023 14:54:20 +0100 Subject: [PATCH 001/108] draft script --- .../SRE_delete_unassigned_users.ps1 | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 deployment/administration/SRE_delete_unassigned_users.ps1 diff --git a/deployment/administration/SRE_delete_unassigned_users.ps1 b/deployment/administration/SRE_delete_unassigned_users.ps1 new file mode 100644 index 0000000000..4ed9c69056 --- /dev/null +++ b/deployment/administration/SRE_delete_unassigned_users.ps1 @@ -0,0 +1,47 @@ +param( + [Parameter(Mandatory = $true, HelpMessage = "Enter SHM ID (e.g. use 'testa' for Turing Development Safe Haven A)")] + [string]$shmId +) + +Import-Module Az.Accounts -ErrorAction Stop +Import-Module $PSScriptRoot/common/AzureCompute -Force -ErrorAction Stop +Import-Module $PSScriptRoot/common/Configuration -Force -ErrorAction Stop +Import-Module $PSScriptRoot/common/Logging -Force -ErrorAction Stop + +# Get config and original context +# ------------------------------- +$config = Get-ShmConfig -shmId $oldShmId +$originalContext = Get-AzContext + +# Extract list of users +# --------------------- +$null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop +Add-LogMessage -Level Info "Exporting user list for $($config.shm.id) from $($config.dc.vmName)..." +# Run remote script +$script = @" +`$userOuPath = (Get-ADObject -Filter * | Where-Object { `$_.Name -eq "Safe Haven Research Users" }).DistinguishedName +`$users = Get-ADUser -Filter * -SearchBase "`$userOuPath" -Properties * +foreach (`$user in `$users) { + `$groupName = (`$user | Select-Object -ExpandProperty MemberOf | ForEach-Object { ((`$_ -Split ",")[0] -Split "=")[1] }) -join "|" + `$user | Add-Member -NotePropertyName GroupName -NotePropertyValue `$groupName -Force +} +`$users | Select-Object SamAccountName,GivenName,Surname,Mobile,GroupName | ` + ConvertTo-Csv | Where-Object { `$_ -notmatch '^#' } | ` + ForEach-Object { `$_.replace('"','') } +"@ +$result = Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg +$null = Set-AzContext -Context $originalContext -ErrorAction Stop + +Write-Output $result + +# Construct list of groups +# ------------------------ +Add-LogMessage -Level Info "Constructing list of user groups from $($config.shm.id)..." +$users = $result.Value[0].Message | ConvertFrom-Csv +$securityGroups = @() +foreach ($user in $users) { + $securityGroups += @($user.GroupName.Split("|")) +} +$securityGroups = $securityGroups | Sort-Object | Get-Unique + +Write-Output $securityGroups \ No newline at end of file From 3ed34b35f541adfc3c2bd81297dc5e49834aabb5 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 20 Jul 2023 16:38:23 +0100 Subject: [PATCH 002/108] use correct var --- deployment/administration/SRE_delete_unassigned_users.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/administration/SRE_delete_unassigned_users.ps1 b/deployment/administration/SRE_delete_unassigned_users.ps1 index 4ed9c69056..a8477f4987 100644 --- a/deployment/administration/SRE_delete_unassigned_users.ps1 +++ b/deployment/administration/SRE_delete_unassigned_users.ps1 @@ -10,7 +10,7 @@ Import-Module $PSScriptRoot/common/Logging -Force -ErrorAction Stop # Get config and original context # ------------------------------- -$config = Get-ShmConfig -shmId $oldShmId +$config = Get-ShmConfig -shmId $shmId $originalContext = Get-AzContext # Extract list of users From f2bdc385072e7fe8baf3dbaf427d8824890ba890 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 20 Jul 2023 16:54:04 +0100 Subject: [PATCH 003/108] correct path --- deployment/administration/SRE_delete_unassigned_users.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/administration/SRE_delete_unassigned_users.ps1 b/deployment/administration/SRE_delete_unassigned_users.ps1 index a8477f4987..7e5e167aee 100644 --- a/deployment/administration/SRE_delete_unassigned_users.ps1 +++ b/deployment/administration/SRE_delete_unassigned_users.ps1 @@ -4,9 +4,9 @@ param( ) Import-Module Az.Accounts -ErrorAction Stop -Import-Module $PSScriptRoot/common/AzureCompute -Force -ErrorAction Stop -Import-Module $PSScriptRoot/common/Configuration -Force -ErrorAction Stop -Import-Module $PSScriptRoot/common/Logging -Force -ErrorAction Stop +Import-Module $PSScriptRoot/../common/AzureCompute -Force -ErrorAction Stop +Import-Module $PSScriptRoot/../common/Configuration -Force -ErrorAction Stop +Import-Module $PSScriptRoot/../common/Logging -Force -ErrorAction Stop # Get config and original context # ------------------------------- From c4b7688403a9a501ded4700383714c2c3f8aa66f Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 09:45:54 +0100 Subject: [PATCH 004/108] rename file --- ...elete_unassigned_users.ps1 => SRE_Delete_Unassigned_Users.ps1} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename deployment/administration/{SRE_delete_unassigned_users.ps1 => SRE_Delete_Unassigned_Users.ps1} (100%) diff --git a/deployment/administration/SRE_delete_unassigned_users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 similarity index 100% rename from deployment/administration/SRE_delete_unassigned_users.ps1 rename to deployment/administration/SRE_Delete_Unassigned_Users.ps1 From 9a6c2a45992f1891c21946d251f69a619efadb41 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 10:41:55 +0100 Subject: [PATCH 005/108] loop users --- .../SRE_Delete_Unassigned_Users.ps1 | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index 7e5e167aee..1449a8c7fc 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -32,16 +32,12 @@ foreach (`$user in `$users) { $result = Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg $null = Set-AzContext -Context $originalContext -ErrorAction Stop -Write-Output $result -# Construct list of groups -# ------------------------ -Add-LogMessage -Level Info "Constructing list of user groups from $($config.shm.id)..." +# Delete users not found in any group (with exception for named SG e.g. "Sandbox") +# -------------------------------------------------------------------------------- +Add-LogMessage -Level Info "Deleting users from $($config.shm.id) not in any security group..." $users = $result.Value[0].Message | ConvertFrom-Csv -$securityGroups = @() foreach ($user in $users) { - $securityGroups += @($user.GroupName.Split("|")) -} -$securityGroups = $securityGroups | Sort-Object | Get-Unique - -Write-Output $securityGroups \ No newline at end of file + Write-Output $user.GroupName + Write-Output $user.SamAccountName +} \ No newline at end of file From ae00262f4187a81ab65e0d687de334163d15897f Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 10:50:13 +0100 Subject: [PATCH 006/108] unassignedUsers SamAccountName list --- .../administration/SRE_Delete_Unassigned_Users.ps1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index 1449a8c7fc..9574ecb927 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -37,7 +37,10 @@ $null = Set-AzContext -Context $originalContext -ErrorAction Stop # -------------------------------------------------------------------------------- Add-LogMessage -Level Info "Deleting users from $($config.shm.id) not in any security group..." $users = $result.Value[0].Message | ConvertFrom-Csv +$unassignedUsers = @() foreach ($user in $users) { - Write-Output $user.GroupName - Write-Output $user.SamAccountName -} \ No newline at end of file + if ( $user.GroupName ) { + $unassignedUsers += @($user.SamAccountName) + } +} +Write-Output $unassignedUsers \ No newline at end of file From 84eb88f073e2971ac2a1b8b72db56e642515e737 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 10:52:38 +0100 Subject: [PATCH 007/108] negate --- deployment/administration/SRE_Delete_Unassigned_Users.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index 9574ecb927..d22dc53b68 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -39,7 +39,7 @@ Add-LogMessage -Level Info "Deleting users from $($config.shm.id) not in any sec $users = $result.Value[0].Message | ConvertFrom-Csv $unassignedUsers = @() foreach ($user in $users) { - if ( $user.GroupName ) { + if (!($user.GroupName)) { $unassignedUsers += @($user.SamAccountName) } } From 3e3904ba866fc4a53396b94e38ea0558e3fd09b6 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 11:03:56 +0100 Subject: [PATCH 008/108] delete user --- deployment/administration/SRE_Delete_Unassigned_Users.ps1 | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index d22dc53b68..d62a1e0654 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -40,7 +40,6 @@ $users = $result.Value[0].Message | ConvertFrom-Csv $unassignedUsers = @() foreach ($user in $users) { if (!($user.GroupName)) { - $unassignedUsers += @($user.SamAccountName) + Remove-ADUser -Identity $user.SamAccountName } -} -Write-Output $unassignedUsers \ No newline at end of file +} \ No newline at end of file From 34254bcb0f4752fa9fbdcb37430ade0ab5af5769 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 11:32:31 +0100 Subject: [PATCH 009/108] delete the user --- .../administration/SRE_Delete_Unassigned_Users.ps1 | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index d62a1e0654..b6181c965d 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -30,16 +30,17 @@ foreach (`$user in `$users) { ForEach-Object { `$_.replace('"','') } "@ $result = Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -$null = Set-AzContext -Context $originalContext -ErrorAction Stop - # Delete users not found in any group (with exception for named SG e.g. "Sandbox") # -------------------------------------------------------------------------------- Add-LogMessage -Level Info "Deleting users from $($config.shm.id) not in any security group..." $users = $result.Value[0].Message | ConvertFrom-Csv -$unassignedUsers = @() foreach ($user in $users) { if (!($user.GroupName)) { - Remove-ADUser -Identity $user.SamAccountName + $name = $user.SamAccountName + $script = "Remove-ADUser -Identity $name" + Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg } -} \ No newline at end of file +} + +$null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file From 2aa274a44c4148f3f607a8478b6dc8efd7c935cc Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 14:14:48 +0100 Subject: [PATCH 010/108] DC1 script --- .../dc1Artifacts/Delete_Unassigned_Users.ps1 | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 diff --git a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 new file mode 100644 index 0000000000..958dabe689 --- /dev/null +++ b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 @@ -0,0 +1,20 @@ +# Extract list of users +# --------------------- +Write-Output "Exporting user list..." +$userOuPath = (Get-ADObject -Filter * | Where-Object { $_.Name -eq "Safe Haven Research Users" }).DistinguishedName +$users = Get-ADUser -Filter * -SearchBase "$userOuPath" -Properties * +foreach ($user in $users) { + $groupName = ($user | Select-Object -ExpandProperty MemberOf | ForEach-Object { (($_ -Split ",")[0] -Split "=")[1] }) -join "|" + $user | Add-Member -NotePropertyName GroupName -NotePropertyValue $groupName -Force +} + +# Delete users not found in any group (with exception for named SG e.g. "Sandbox") +# -------------------------------------------------------------------------------- +Write-Output "Deleting users not in any security group..." +foreach ($user in $users) { + if (!($user.GroupName)) { + $name = $user.SamAccountName + Remove-ADUser -Identity $name + Write-Out "Deleted $name" + } +} \ No newline at end of file From d051ac624df73862af3ed8f42d1cc0ef2d484565 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 14:20:36 +0100 Subject: [PATCH 011/108] remove write-out --- .../dc1Artifacts/Delete_Unassigned_Users.ps1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 index 958dabe689..a49956d513 100644 --- a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 +++ b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 @@ -1,6 +1,5 @@ # Extract list of users # --------------------- -Write-Output "Exporting user list..." $userOuPath = (Get-ADObject -Filter * | Where-Object { $_.Name -eq "Safe Haven Research Users" }).DistinguishedName $users = Get-ADUser -Filter * -SearchBase "$userOuPath" -Properties * foreach ($user in $users) { @@ -10,7 +9,6 @@ foreach ($user in $users) { # Delete users not found in any group (with exception for named SG e.g. "Sandbox") # -------------------------------------------------------------------------------- -Write-Output "Deleting users not in any security group..." foreach ($user in $users) { if (!($user.GroupName)) { $name = $user.SamAccountName From a7e201ba688a9ab65d3dd655168a2a1c2ecd29b3 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 14:20:58 +0100 Subject: [PATCH 012/108] fin prev commit --- .../dc1Artifacts/Delete_Unassigned_Users.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 index a49956d513..46da90efac 100644 --- a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 +++ b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 @@ -13,6 +13,5 @@ foreach ($user in $users) { if (!($user.GroupName)) { $name = $user.SamAccountName Remove-ADUser -Identity $name - Write-Out "Deleted $name" } } \ No newline at end of file From e8f9cef209666968d20c03f6cf7e5031565972a3 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 21 Jul 2023 14:22:39 +0100 Subject: [PATCH 013/108] perform adsync after --- .../dc1Artifacts/Delete_Unassigned_Users.ps1 | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 index 46da90efac..46dfe1a920 100644 --- a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 +++ b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 @@ -1,5 +1,4 @@ # Extract list of users -# --------------------- $userOuPath = (Get-ADObject -Filter * | Where-Object { $_.Name -eq "Safe Haven Research Users" }).DistinguishedName $users = Get-ADUser -Filter * -SearchBase "$userOuPath" -Properties * foreach ($user in $users) { @@ -8,10 +7,22 @@ foreach ($user in $users) { } # Delete users not found in any group (with exception for named SG e.g. "Sandbox") -# -------------------------------------------------------------------------------- foreach ($user in $users) { if (!($user.GroupName)) { $name = $user.SamAccountName Remove-ADUser -Identity $name } +} + +# Force sync with AzureAD. It will still take around 5 minutes for changes to propagate +Write-Output "Synchronising locally Active Directory with Azure" +try { + Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop + Start-ADSyncSyncCycle -PolicyType Delta +} +catch [System.IO.FileNotFoundException] { + Write-Output "Skipping as Azure AD Sync is not installed" +} +catch { + Write-Output "Unable to run Azure Active Directory synchronisation!" } \ No newline at end of file From ddc018fd77a35620fa1df7994dd5a5f0017bf9b5 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 25 Jul 2023 13:15:35 +0100 Subject: [PATCH 014/108] :recycle: Replace poetry with pip-compile for better dependency solving --- .../cloud_init/resources/pyenv_install.sh | 23 ++++++++----------- .../packages/packages-python.yaml | 3 +-- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh index 555c46c14f..2770f82466 100644 --- a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh +++ b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh @@ -27,24 +27,19 @@ echo "Installed $(${EXE_PATH}/python --version)" # Install and upgrade installation prerequisites # ---------------------------------------------- echo "Installing and upgrading installation prerequisites for Python ${PYTHON_VERSION}..." -${EXE_PATH}/pip install --upgrade pip poetry +${EXE_PATH}/pip install --upgrade pip pip-tools setuptools -# Solve dependencies and install using poetry -# ------------------------------------------- -echo "Installing packages with poetry..." -${EXE_PATH}/poetry config virtualenvs.create false -${EXE_PATH}/poetry config virtualenvs.in-project true -rm poetry.lock pyproject.toml 2> /dev/null -sed -e "s/PYTHON_VERSION/$PYTHON_VERSION/" /opt/build/pyenv/pyproject_template.toml > $PYPROJECT_TOML -ln -s $PYPROJECT_TOML pyproject.toml -${EXE_PATH}/poetry add $(tr '\n' ' ' < $REQUIREMENTS_TXT) || exit 3 +# Solve dependencies and write package versions to monitoring log +# --------------------------------------------------------------- +echo "Determining package versions with pip-compile..." +${EXE_PATH}/pip-compile -o "$MONITORING_LOG" "$REQUIREMENTS_TXT" -# Write package versions to monitoring log -# ---------------------------------------- -${EXE_PATH}/poetry show > $MONITORING_LOG -${EXE_PATH}/poetry show --tree >> $MONITORING_LOG +# Install pinned packages using pip +# --------------------------------- +echo "Installing packages with pip..." +${EXE_PATH}/pip install -r "$MONITORING_LOG" # Run any post-install commands diff --git a/deployment/secure_research_desktop/packages/packages-python.yaml b/deployment/secure_research_desktop/packages/packages-python.yaml index 879788d373..d520b3d60e 100644 --- a/deployment/secure_research_desktop/packages/packages-python.yaml +++ b/deployment/secure_research_desktop/packages/packages-python.yaml @@ -39,9 +39,8 @@ packages: pathos: pg8000: Pillow: + pip-tools: plotly: - poetry: # also used by installation scripts - "all": [">1.0.0"] # increase solver flexibility prophet: psycopg2: pydot: From b176e94cdbdceb0e6c49407191bd8271c637f397 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 25 Jul 2023 13:15:00 +0100 Subject: [PATCH 015/108] :coffin: Remove pyproject.toml --- .../cloud-init-buildimage-ubuntu-1804.mustache.yaml | 5 ----- .../cloud-init-buildimage-ubuntu-2004.mustache.yaml | 5 ----- .../cloud-init-buildimage-ubuntu-2204.mustache.yaml | 5 ----- .../cloud_init/resources/pyenv_install.sh | 1 - .../resources/pyenv_pyproject_template.toml | 12 ------------ 5 files changed, 28 deletions(-) delete mode 100644 deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml index 44e1bb4397..8f450ead3d 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml @@ -114,11 +114,6 @@ write_files: content: | {{packages-python.yaml}} - - path: "/opt/build/pyenv/pyproject_template.toml" - permissions: "0400" - content: | - {{pyenv_pyproject_template.toml}} - - path: "/opt/build/rstudio.debinfo" permissions: "0400" content: | diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml index 5605e07707..575de168d0 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml @@ -114,11 +114,6 @@ write_files: content: | {{packages-python.yaml}} - - path: "/opt/build/pyenv/pyproject_template.toml" - permissions: "0400" - content: | - {{pyenv_pyproject_template.toml}} - - path: "/opt/build/rstudio.debinfo" permissions: "0400" content: | diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml index 17527746cb..059dece327 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml @@ -118,11 +118,6 @@ write_files: content: | {{packages-python.yaml}} - - path: "/opt/build/pyenv/pyproject_template.toml" - permissions: "0400" - content: | - {{pyenv_pyproject_template.toml}} - - path: "/opt/build/rbase.debinfo" permissions: "0400" content: | diff --git a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh index 2770f82466..56898d3915 100644 --- a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh +++ b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh @@ -9,7 +9,6 @@ if [ $# -ne 1 ]; then fi PYTHON_VERSION=$1 PYENV_ROOT="$(pyenv root)" -PYPROJECT_TOML="/opt/build/python-${PYTHON_VERSION}-pyproject.toml" MONITORING_LOG="/opt/monitoring/python-${PYTHON_VERSION}-package-versions.log" REQUIREMENTS_TXT="/opt/build/python-${PYTHON_VERSION}-requirements.txt" REQUESTED_PACKAGE_LIST="/opt/build/packages/packages-python-${PYTHON_VERSION}.list" diff --git a/deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml b/deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml deleted file mode 100644 index 3f0998952a..0000000000 --- a/deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml +++ /dev/null @@ -1,12 +0,0 @@ -[tool.poetry] -name = "Python PYTHON_VERSION" -version = "1.0.0" -description = "Python PYTHON_VERSION" -authors = ["ROOT "] - -[tool.poetry.dependencies] -python = "PYTHON_VERSION" - -[build-system] -requires = ["poetry-core>=1.0.0"] -build-backend = "poetry.core.masonry.api" From 60738a9a1b8734d145e9b2acb3b1cf7ed1494097 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 4 Aug 2023 10:53:09 +0100 Subject: [PATCH 016/108] add pip-tools to NON_IMPORTABLE_PACKAGES --- tests/srd_smoke_tests/test_packages_installed_python.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/srd_smoke_tests/test_packages_installed_python.py b/tests/srd_smoke_tests/test_packages_installed_python.py index a01a2c44c1..28cb1538b7 100644 --- a/tests/srd_smoke_tests/test_packages_installed_python.py +++ b/tests/srd_smoke_tests/test_packages_installed_python.py @@ -22,7 +22,7 @@ ] # For these packages we check for an executable as they are not importable -NON_IMPORTABLE_PACKAGES = {"repro-catalogue": "catalogue"} +NON_IMPORTABLE_PACKAGES = {"repro-catalogue": "catalogue", "pip-tools": "pip-compile"} # Some packages are imported using a different name than they `pip install` with IMPORTABLE_NAMES = { From a9b51439a7f5abc1cc25711ca46081cc6e83cc61 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Fri, 4 Aug 2023 11:16:31 +0100 Subject: [PATCH 017/108] :art: Alphabetise NON_IMPORTABLE_PACKAGES --- tests/srd_smoke_tests/test_packages_installed_python.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/srd_smoke_tests/test_packages_installed_python.py b/tests/srd_smoke_tests/test_packages_installed_python.py index 28cb1538b7..d91d3238f7 100644 --- a/tests/srd_smoke_tests/test_packages_installed_python.py +++ b/tests/srd_smoke_tests/test_packages_installed_python.py @@ -4,6 +4,7 @@ import subprocess import sys import warnings + import pkg_resources versions = { @@ -22,7 +23,10 @@ ] # For these packages we check for an executable as they are not importable -NON_IMPORTABLE_PACKAGES = {"repro-catalogue": "catalogue", "pip-tools": "pip-compile"} +NON_IMPORTABLE_PACKAGES = { + "pip-tools": "pip-compile", + "repro-catalogue": "catalogue", +} # Some packages are imported using a different name than they `pip install` with IMPORTABLE_NAMES = { From fc256acce8c53140bd3f4d1c73a4af11c66760dc Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 7 Aug 2023 15:45:32 +0100 Subject: [PATCH 018/108] Update VERSIONING.md Add May 2023 DSG to versioning --- VERSIONING.md | 1 + 1 file changed, 1 insertion(+) diff --git a/VERSIONING.md b/VERSIONING.md index 203a10a1ff..e072045b15 100644 --- a/VERSIONING.md +++ b/VERSIONING.md @@ -64,6 +64,7 @@ We usually deploy the latest available version of the Data Safe Haven for each o | December 2021 | DSG 2021-12 | [v3.3.1](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v3.3.1) | | December 2022 | DSG 2022-12 | [v4.0.2](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v4.0.2) | | February 2023 | DSG 2023-02 | [v4.0.3](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v4.0.3) | +| May 2023 | DSG 2023-05 | [v4.0.3](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v4.0.3) | ## Versions that have undergone formal security evaluation From 099dc79935461cc1aa75b8b8c227c0cfe6d67523 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:04:58 +0100 Subject: [PATCH 019/108] update signing key gitlab --- .../cloud_init/cloud-init-gitlab.mustache.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml index 8eefcfcbf6..00a48d64ad 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml @@ -93,7 +93,7 @@ apt: sources: gitlab.list: source: "deb https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal main" - keyid: F6403F6544A38863DAA0B6E03F01618A51312F3F # GitLab B.V. (package repository signing key) + keyid: DBEF89774DDB9EB37D9FC3A03CFCF9BAF27EAB47 # GitLab B.V. (package repository signing key) # Install necessary apt packages packages: From eb8d5336845038511cde7dea7bf88f6e7756f1ce Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:23:49 +0100 Subject: [PATCH 020/108] revert prev commit --- .../cloud_init/cloud-init-gitlab.mustache.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml index 00a48d64ad..8eefcfcbf6 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml @@ -93,7 +93,7 @@ apt: sources: gitlab.list: source: "deb https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal main" - keyid: DBEF89774DDB9EB37D9FC3A03CFCF9BAF27EAB47 # GitLab B.V. (package repository signing key) + keyid: F6403F6544A38863DAA0B6E03F01618A51312F3F # GitLab B.V. (package repository signing key) # Install necessary apt packages packages: From 8a0bccb4e7330cd43492152e0b3b939614577328 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:24:15 +0100 Subject: [PATCH 021/108] change fs_setup partition to auto --- .../cloud_init/cloud-init-gitlab.mustache.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml index 8eefcfcbf6..b887420e2b 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml @@ -122,7 +122,7 @@ disk_setup: overwrite: true fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: - [/dev/disk/azure/scsi1/lun1-part1, /data, ext4, "defaults,nofail"] From 08c9a6f488b70eb6a6da1dcfe4dcbba631b821e1 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:25:37 +0100 Subject: [PATCH 022/108] same change for cocalc and codimd --- .../cloud_init/cloud-init-cocalc.mustache.yaml | 2 +- .../cloud_init/cloud-init-codimd.mustache.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml index 43da1b27da..3b43fd408c 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml @@ -161,7 +161,7 @@ disk_setup: overwrite: true fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: - [/dev/disk/azure/scsi1/lun1-part1, /data, ext4, "defaults,nofail"] diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml index f2afe406c1..890c39d5e3 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml @@ -132,7 +132,7 @@ disk_setup: overwrite: true fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: - [/dev/disk/azure/scsi1/lun1-part1, /data, ext4, "defaults,nofail"] From a1735a0eeaa1900c3782f6cee4e21dbedf103413 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:43:22 +0100 Subject: [PATCH 023/108] add *.docker.io to allowedFqdns --- .../setup/Configure_External_DNS_Queries.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 index a86077d1d1..fbe41fc760 100644 --- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 +++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 @@ -26,7 +26,8 @@ $null = Set-AzContext -SubscriptionId $config.sre.subscriptionName -ErrorAction # -------------------------------------- $firewallRules = Get-JsonFromMustacheTemplate -TemplatePath (Join-Path $PSScriptRoot ".." ".." "safe_haven_management_environment" "network_rules" "shm-firewall-rules.json") -Parameters $config.shm -AsHashtable $allowedFqdns = @($firewallRules.applicationRuleCollections | ForEach-Object { $_.properties.rules.targetFqdns }) + - @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name }) + @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name }) + + @("*.docker.io") # List all unique FQDNs $allowedFqdns = $allowedFqdns | Where-Object { $_ -notlike "*-sb.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints From a414373406920f80dfb13e83b55fec641e708ba1 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:53:33 +0100 Subject: [PATCH 024/108] change partition to auto for remaining cloud-inits --- .../cloud_init/cloud-init-postgres.mustache.yaml | 2 +- .../cloud_init/cloud-init-srd.mustache.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml index 16bcb94fa9..2a6c8f707b 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml @@ -25,7 +25,7 @@ disk_setup: fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml index 12065238e6..3635a7a342 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml @@ -12,7 +12,7 @@ disk_setup: fs_setup: - device: /dev/disk/azure/scsi1/lun1 filesystem: ext4 - partition: 1 + partition: auto # Note that we do not include the blobfuse mounts here as these are controlled by systemd mounts: From 0be00893f2351dcffb955b871bd1a72ef0332003 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:55:24 +0100 Subject: [PATCH 025/108] change fs_setup partition to auto cloud init shm --- .../cloud-init-repository-mirror-external-cran.mustache.yaml | 2 +- .../cloud-init-repository-mirror-external-pypi.mustache.yaml | 2 +- .../cloud-init-repository-mirror-internal-cran.mustache.yaml | 2 +- .../cloud-init-repository-mirror-internal-pypi.mustache.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml index 38b7e3cb87..9bcd26b283 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml @@ -9,7 +9,7 @@ disk_setup: fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml index 8c09932601..14f71356f5 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml @@ -9,7 +9,7 @@ disk_setup: fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml index 9f0a108f60..6c67f7d4dd 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml @@ -9,7 +9,7 @@ disk_setup: fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml index 2fad1ab1ee..3507b51dbd 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml @@ -9,7 +9,7 @@ disk_setup: fs_setup: - device: /dev/disk/azure/scsi1/lun1 - partition: 1 + partition: auto filesystem: ext4 mounts: From 17a0900de9663c6dd570b855646bf42f33c01aba Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 9 Aug 2023 10:58:23 +0100 Subject: [PATCH 026/108] change *.docker.io to docker.io --- .../setup/Configure_External_DNS_Queries.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 index fbe41fc760..51558b00b5 100644 --- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 +++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 @@ -27,7 +27,7 @@ $null = Set-AzContext -SubscriptionId $config.sre.subscriptionName -ErrorAction $firewallRules = Get-JsonFromMustacheTemplate -TemplatePath (Join-Path $PSScriptRoot ".." ".." "safe_haven_management_environment" "network_rules" "shm-firewall-rules.json") -Parameters $config.shm -AsHashtable $allowedFqdns = @($firewallRules.applicationRuleCollections | ForEach-Object { $_.properties.rules.targetFqdns }) + @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name }) + - @("*.docker.io") + @("docker.io") # List all unique FQDNs $allowedFqdns = $allowedFqdns | Where-Object { $_ -notlike "*-sb.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints From 154a55a9a671c762efe32e3121a1fbddc1f83f5d Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 9 Aug 2023 15:05:11 +0100 Subject: [PATCH 027/108] :wrench: Add additional *.ubuntu.com IP addresses --- deployment/common/Configuration.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/common/Configuration.psm1 b/deployment/common/Configuration.psm1 index c1090d9bb8..a77c9416d3 100644 --- a/deployment/common/Configuration.psm1 +++ b/deployment/common/Configuration.psm1 @@ -332,7 +332,7 @@ function Get-ShmConfig { ) # *-jobruntimedata-prod-su1.azure-automation.net linux = ( @("72.32.157.246", "87.238.57.227", "147.75.85.69", "217.196.149.55") + # apt.postgresql.org - @("91.189.91.38", "91.189.91.39", "185.125.190.36", "185.125.190.39") + # archive.ubuntu.com, changelogs.ubuntu.com, security.ubuntu.com + @("91.189.91.38", "91.189.91.39", "91.189.91.48", "91.189.91.49", "91.189.91.81", "91.189.91.82", "91.189.91.83", "185.125.190.17", "185.125.190.18", "185.125.190.36", "185.125.190.39") + # archive.ubuntu.com, changelogs.ubuntu.com, security.ubuntu.com $cloudFlareIpAddresses + # database.clamav.net, packages.gitlab.com and qgis.org use Cloudflare $cloudFrontIpAddresses + # packages.gitlab.com uses Cloudfront to host its Release file @("104.131.190.124") + # dbeaver.io From df2671b09d5700c4fefa939ebdd4e1368833dead Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:08:46 +0000 Subject: [PATCH 028/108] Remove cocalc VM configuration --- deployment/common/Configuration.psm1 | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/deployment/common/Configuration.psm1 b/deployment/common/Configuration.psm1 index 9c21a51232..399f554e3c 100644 --- a/deployment/common/Configuration.psm1 +++ b/deployment/common/Configuration.psm1 @@ -729,7 +729,6 @@ function Get-SreConfig { } } - # Firewall config # --------------- $config.sre.firewall = [ordered]@{ @@ -928,28 +927,10 @@ function Get-SreConfig { $config.sre.remoteDesktop.networkRules.includeAzurePlatformDnsRule = ($config.sre.remoteDesktop.networkRules.outboundInternet -ne "Allow") - # CoCalc, CodiMD and Gitlab servers - # --------------------------------- + # CodiMD and Gitlab servers + # ------------------------- $config.sre.webapps = [ordered]@{ rg = "$($config.sre.rgPrefix)_WEBAPPS".ToUpper() - cocalc = [ordered]@{ - adminPasswordSecretName = "$($config.sre.shortName)-vm-admin-password-cocalc" - dockerVersion = "latest" - hostname = "COCALC" - vmSize = "Standard_D2s_v3" - ip = Get-NextAvailableIpInRange -IpRangeCidr $config.sre.network.vnet.subnets.webapps.cidr -Offset 7 - osVersion = "Ubuntu-latest" - disks = [ordered]@{ - data = [ordered]@{ - sizeGb = "512" - type = $config.sre.diskTypeDefault - } - os = [ordered]@{ - sizeGb = "32" - type = $config.sre.diskTypeDefault - } - } - } codimd = [ordered]@{ adminPasswordSecretName = "$($config.sre.shortName)-vm-admin-password-codimd" hostname = "CODIMD" From faa5515717de02d2d62a8a95a76e72dfc2875f63 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:11:22 +0000 Subject: [PATCH 029/108] Remove cocalc NSG rules --- .../network_rules/sre-nsg-rules-webapps.json | 26 ------------------- 1 file changed, 26 deletions(-) diff --git a/deployment/secure_research_environment/network_rules/sre-nsg-rules-webapps.json b/deployment/secure_research_environment/network_rules/sre-nsg-rules-webapps.json index d714002aec..b79fb2eab6 100644 --- a/deployment/secure_research_environment/network_rules/sre-nsg-rules-webapps.json +++ b/deployment/secure_research_environment/network_rules/sre-nsg-rules-webapps.json @@ -59,18 +59,6 @@ "sourceAddressPrefix": "*", "sourcePortRange": "*" }, - { - "name": "AllowPrivateDataEndpointsOutbound", - "access": "Allow", - "description": "Allow outbound connections to private endpoints in the VNet", - "destinationAddressPrefix": "{{sre.network.vnet.subnets.data.cidr}}", - "destinationPortRange": "*", - "direction": "Outbound", - "priority": 400, - "protocol": "*", - "sourceAddressPrefix": "{{sre.webapps.cocalc.ip}}", - "sourcePortRange": "*" - }, { "name": "AllowDNSOutbound", "access": "Allow", @@ -95,20 +83,6 @@ "sourceAddressPrefix": "{{sre.network.vnet.subnets.webapps.cidr}}", "sourcePortRange": "*" }, - {{#sre.repositories.network.cidr}} - { - "name": "AllowPackageRepositoriesOutbound", - "access": "Allow", - "description": "Allow package requests over http/https", - "destinationAddressPrefix": "{{sre.repositories.network.cidr}}", - "destinationPortRange": ["80", "443", "3128"], - "direction": "Outbound", - "priority": 1400, - "protocol": "*", - "sourceAddressPrefix": "{{sre.webapps.cocalc.ip}}", - "sourcePortRange": "*" - }, - {{/sre.repositories.network.cidr}} { "name": "AllowExternalNTPOutbound", "access": "Allow", From f46eb563b39d7511988d964b99729973d45b9b5d Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:12:48 +0000 Subject: [PATCH 030/108] Remove cocalc admin password --- .../setup/Setup_SRE_Key_Vault_And_Users.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 index 7b403758a7..c025a22446 100644 --- a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 +++ b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 @@ -55,7 +55,6 @@ try { } # Other VMs $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.srd.adminPasswordSecretName -DefaultLength 20 -AsPlaintext - $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.webapps.cocalc.adminPasswordSecretName -DefaultLength 20 -AsPlaintext $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.webapps.codimd.adminPasswordSecretName -DefaultLength 20 -AsPlaintext $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.webapps.gitlab.adminPasswordSecretName -DefaultLength 20 -AsPlaintext Add-LogMessage -Level Success "Ensured that SRE VM admin passwords exist" From 0ddac3873c92bf7e01d3adcfddef1146d51b0f25 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:13:23 +0000 Subject: [PATCH 031/108] Remove setting up PyPi and CRAN on Cocalc VM --- .../setup/Apply_SRE_Network_Configuration.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 b/deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 index 401f21f0f0..1ad4e2f8fd 100644 --- a/deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 +++ b/deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 @@ -130,7 +130,7 @@ if (-not $config.sre.repositories.network.name) { # Set PyPI and CRAN locations on the SRD $null = Set-AzContext -SubscriptionId $config.sre.subscriptionName -ErrorAction Stop $scriptPath = Join-Path $PSScriptRoot ".." "remote" "network_configuration" "scripts" "update_mirror_settings.sh" -$repositoryFacingVms = Get-AzVM | Where-Object { ($_.ResourceGroupName -eq $config.sre.srd.rg) -or (($_.ResourceGroupName -eq $config.sre.webapps.rg) -and ($_.Name -eq $config.sre.webapps.cocalc.vmName)) } +$repositoryFacingVms = Get-AzVM | Where-Object { ($_.ResourceGroupName -eq $config.sre.srd.rg) foreach ($VM in $repositoryFacingVms) { Add-LogMessage -Level Info "Ensuring that PyPI and CRAN locations are set correctly on $($VM.Name)" $params = @{ From 50426b265be55c33a382469ac1ed3397e7736a24 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:14:22 +0000 Subject: [PATCH 032/108] Remove deployment of Cocalc VM --- .../setup/Setup_SRE_WebApp_Servers.ps1 | 33 ------------------- 1 file changed, 33 deletions(-) diff --git a/deployment/secure_research_environment/setup/Setup_SRE_WebApp_Servers.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_WebApp_Servers.ps1 index 08709e3fdc..fb220ff436 100644 --- a/deployment/secure_research_environment/setup/Setup_SRE_WebApp_Servers.ps1 +++ b/deployment/secure_research_environment/setup/Setup_SRE_WebApp_Servers.ps1 @@ -56,39 +56,6 @@ $cloudInitBasePath = Join-Path $PSScriptRoot ".." "cloud_init" -Resolve $ldapSearchUserDn = "CN=$($config.sre.users.serviceAccounts.ldapSearch.name),$($config.shm.domain.ous.serviceAccounts.path)" -# Deploy and configure CoCalc VM -# ------------------------------- -Add-LogMessage -Level Info "Constructing CoCalc cloud-init from template..." -# Load the cloud-init template then add resources and expand mustache placeholders -$cocalcCloudInitTemplate = Join-Path $cloudInitBasePath "cloud-init-cocalc.mustache.yaml" | Get-Item | Get-Content -Raw -$cocalcCloudInitTemplate = Expand-CloudInitResources -Template $cocalcCloudInitTemplate -ResourcePath (Join-Path $cloudInitBasePath "resources") -$cocalcCloudInitTemplate = Expand-CloudInitResources -Template $cocalcCloudInitTemplate -ResourcePath (Join-Path ".." ".." "common" "resources") -$cocalcCloudInitTemplate = Expand-MustacheTemplate -Template $cocalcCloudInitTemplate -Parameters $config -# Deploy CoCalc VM -$cocalcDataDisk = Deploy-ManagedDisk -Name "$($config.sre.webapps.cocalc.vmName)-DATA-DISK" -SizeGB $config.sre.webapps.cocalc.disks.data.sizeGb -Type $config.sre.webapps.cocalc.disks.data.type -ResourceGroupName $config.sre.webapps.rg -Location $config.sre.location -$params = @{ - AdminPassword = (Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.webapps.cocalc.adminPasswordSecretName -DefaultLength 20) - AdminUsername = $vmAdminUsername - BootDiagnosticsAccount = $bootDiagnosticsAccount - CloudInitYaml = $cocalcCloudInitTemplate - DataDiskIds = @($cocalcDataDisk.Id) - ImageSku = $config.sre.webapps.cocalc.osVersion - Location = $config.sre.location - Name = $config.sre.webapps.cocalc.vmName - OsDiskSizeGb = $config.sre.webapps.cocalc.disks.os.sizeGb - OsDiskType = $config.sre.webapps.cocalc.disks.os.type - PrivateIpAddress = (Get-NextAvailableIpInRange -IpRangeCidr $config.sre.network.vnet.subnets.deployment.cidr -VirtualNetwork $vnet) - ResourceGroupName = $config.sre.webapps.rg - Size = $config.sre.webapps.cocalc.vmSize - Subnet = $deploymentSubnet -} -$cocalcVm = Deploy-LinuxVirtualMachine @params -# Change subnets and IP address while CoCalc VM is off then restart -Update-VMIpAddress -Name $cocalcVm.Name -ResourceGroupName $cocalcVm.ResourceGroupName -Subnet $webappsSubnet -IpAddress $config.sre.webapps.cocalc.ip -# Update DNS records for this VM -Update-VMDnsRecords -DcName $config.shm.dc.vmName -DcResourceGroupName $config.shm.dc.rg -BaseFqdn $config.sre.domain.fqdn -ShmSubscriptionName $config.shm.subscriptionName -VmHostname $config.sre.webapps.cocalc.hostname -VmIpAddress $config.sre.webapps.cocalc.ip - - # Deploy and configure CodiMD VM # ------------------------------ Add-LogMessage -Level Info "Constructing CodiMD cloud-init from template..." From fa122793f041a022bcb4fdc1c8910485f9f92c51 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:17:44 +0000 Subject: [PATCH 033/108] remove cocalc docker compose mustache --- .../cocalc_docker_compose.mustache.yaml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 deployment/secure_research_environment/cloud_init/resources/cocalc_docker_compose.mustache.yaml diff --git a/deployment/secure_research_environment/cloud_init/resources/cocalc_docker_compose.mustache.yaml b/deployment/secure_research_environment/cloud_init/resources/cocalc_docker_compose.mustache.yaml deleted file mode 100644 index 4f888d0d8d..0000000000 --- a/deployment/secure_research_environment/cloud_init/resources/cocalc_docker_compose.mustache.yaml +++ /dev/null @@ -1,19 +0,0 @@ -version: '3.7' -networks: - network_default: -services: - cocalc: - container_name: cocalc_cocalc_compose - image: sagemathinc/cocalc:{{sre.webapps.cocalc.dockerVersion}} - networks: - - network_default - ports: - - 443:443 - volumes: - - /data/cocalc:/projects - - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro - - /etc/pip.conf:/etc/pip.conf:ro - - /etc/R/Rprofile.site:/etc/R/Rprofile.site:ro - - /ingress:/data:ro - restart: always From 059c325e1f3b585bf0bb0d5824a80573459c4bad Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:20:01 +0000 Subject: [PATCH 034/108] remove cloudinit icon from SRD images --- .../cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml | 2 -- .../cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml | 2 -- .../cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml | 2 -- 3 files changed, 6 deletions(-) diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml index 44e1bb4397..5c95f6a4cf 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml @@ -257,8 +257,6 @@ runcmd: # Get icons for webapps - echo "Downloading icons..." - mkdir -p /opt/icons - - wget https://raw.githubusercontent.com/sagemathinc/cocalc/master/src/packages/assets/cocalc-icon.svg -O /tmp/cocalc-icon.svg || die "Could not find CoCalc icon!" - - convert -density 983 -transparent white /tmp/cocalc-icon.svg /opt/icons/cocalc.png || die "Could not convert CoCalc icon!" # this should give a 1024x1024 png - wget https://raw.githubusercontent.com/hackmdio/codimd/develop/public/favicon.png -O /opt/icons/codimd.png || die "Could not find CodiMD icon!" - wget https://about.gitlab.com/images/press/logo/png/gitlab-icon-rgb.png -O /opt/icons/gitlab.png || die "Could not find GitLab icon!" diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml index 5605e07707..9926d1ed78 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml @@ -260,8 +260,6 @@ runcmd: # Get icons for webapps - echo "Downloading icons..." - mkdir -p /opt/icons - - wget https://raw.githubusercontent.com/sagemathinc/cocalc/master/src/packages/assets/cocalc-icon.svg -O /tmp/cocalc-icon.svg || die "Could not find CoCalc icon!" - - convert -density 983 -transparent white /tmp/cocalc-icon.svg /opt/icons/cocalc.png || die "Could not convert CoCalc icon!" # this should give a 1024x1024 png - wget https://raw.githubusercontent.com/hackmdio/codimd/develop/public/favicon.png -O /opt/icons/codimd.png || die "Could not find CodiMD icon!" - wget https://about.gitlab.com/images/press/logo/png/gitlab-icon-rgb.png -O /opt/icons/gitlab.png || die "Could not find GitLab icon!" diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml index 17527746cb..c8c9831788 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml @@ -266,8 +266,6 @@ runcmd: # Get icons for webapps - echo "Downloading icons..." - mkdir -p /opt/icons - - wget https://raw.githubusercontent.com/sagemathinc/cocalc/master/src/packages/assets/cocalc-icon.svg -O /tmp/cocalc-icon.svg || die "Could not find CoCalc icon!" - - convert -density 983 -transparent white /tmp/cocalc-icon.svg /opt/icons/cocalc.png || die "Could not convert CoCalc icon!" # this should give a 1024x1024 png - wget https://raw.githubusercontent.com/hackmdio/codimd/develop/public/favicon.png -O /opt/icons/codimd.png || die "Could not find CodiMD icon!" - wget https://about.gitlab.com/images/press/logo/png/gitlab-icon-rgb.png -O /opt/icons/gitlab.png || die "Could not find GitLab icon!" From 575343254ea43e741fc3f04e3472924aa40dd8bf Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:45:45 +0000 Subject: [PATCH 035/108] remove cocalc mustache file --- .../cloud-init-cocalc.mustache.yaml | 278 ------------------ 1 file changed, 278 deletions(-) delete mode 100644 deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml deleted file mode 100644 index 43da1b27da..0000000000 --- a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml +++ /dev/null @@ -1,278 +0,0 @@ -#cloud-config - -# Create files -write_files: - - path: "/etc/apt/apt.conf.d/00proxy" - permissions: "0444" - content: | - Acquire::http::Proxy "http://{{shm.monitoring.updateServers.linux.ip}}:8000"; - - - path: "/etc/audit/rules.d/audit.rules" - permissions: "0400" - content: | - {{audit.rules}} - - - path: "/etc/clamav/clamd.conf" - permissions: "0644" - append: true - content: | - {{clamd.conf}} - - - path: "/etc/cron.d/clamav-freshclam" - permissions: "0644" - content: | - # Run every day at a fixed time - {{shm.monitoring.updateServers.schedule.daily_definition_updates.minute}} {{shm.monitoring.updateServers.schedule.daily_definition_updates.hour}} * * * freshclam - - - path: "/etc/pip.conf" - permissions: "0444" - content: | - # Add the PyPI mirror to our global settings - [global] - index = {{sre.repositories.pypi.index}} - index-url = {{sre.repositories.pypi.indexUrl}} - trusted-host = {{sre.repositories.pypi.host}} - - - path: "/etc/R/Rprofile.site" - permissions: "0444" - content: | - ## Set Rprofile.site to the appropriate CRAN mirror - local({ - r <- getOption("repos") - r["CRAN"] <- "{{sre.repositories.cran.url}}" - options(repos = r) - }) - - - path: "/etc/systemd/system/clamav-clamonacc.service" - permissions: "0644" - content: | - {{clamav-clamonacc.service}} - - - path: "/etc/systemd/system/clamav-clamdscan.service" - permissions: "0644" - content: | - {{clamav-clamdscan.service}} - - - path: "/etc/systemd/system/clamav-clamdscan.timer" - permissions: "0644" - content: | - {{clamav-clamdscan.timer}} - - - path: "/etc/systemd/system/ingress.mount" - permissions: "0644" - content: | - [Unit] - Description=Mount unit for ingress volume (via blobfuse) - Requires=network-online.target - After=network-online.target - - [Mount] - What=/opt/mounts/ingress-mount.sh - Where=/ingress - Type=fuse - Options=_netdev - - [Install] - WantedBy=network-online.target - - - path: "/etc/systemd/system/ingress.automount" - permissions: "0644" - content: | - [Unit] - Description=Automount blobfuse - ConditionPathExists=/ingress - - [Automount] - Where=/ingress - TimeoutIdleSec=10 - - [Install] - WantedBy=multi-user.target - - - path: "/opt/cocalc/docker-compose.yaml" - permissions: "0400" - content: | - {{cocalc_docker_compose.mustache.yaml}} - - - path: "/opt/configuration/set_dns.sh" - permissions: "0500" - content: | - {{set_dns.mustache.sh}} - - - path: "/opt/mounts/ingress-credentials.secret" - permissions: "0400" - content: | - accountName {{sre.storage.persistentdata.account.name}} - sasToken {{{sre.storage.persistentdata.ingressSasToken}}} - authType SAS - containerName ingress - - - path: "/opt/mounts/ingress-mount.sh" - permissions: "0500" - content: | - if [ ! "$(df -h | grep $1)" ]; then - BLOBFUSE_CACHE_DIR="/tmp/blobfuse-cache-ingress" - rm -rf $BLOBFUSE_CACHE_DIR - mkdir -p $BLOBFUSE_CACHE_DIR - CACHE_SPACE_MB=$(echo "$(df -BM | grep /mnt | awk '{print $2}' | sed 's/M//') / 2" | bc) # set the cache size to half the size of /mnt which scales with VM size - /usr/bin/blobfuse $1 -o ro --tmp-path=$BLOBFUSE_CACHE_DIR --cache-size-mb=$CACHE_SPACE_MB --no-symlinks=true --config-file=/opt/mounts/ingress-credentials.secret --log-level=LOG_DEBUG -o attr_timeout=240 -o entry_timeout=240 -o negative_timeout=120 -o allow_other - fi - -# Set locale and timezone -locale: en_GB.UTF-8 -timezone: {{sre.time.timezone.linux}} - -# Set the NTP server -# By default we use Google's NTP servers which are incompatible with other servers due to leap-second smearing -ntp: - enabled: true - pools: - {{#shm.time.ntp.serverAddresses}} - - {{.}} - {{/shm.time.ntp.serverAddresses}} - -# Configure apt repositories -apt: - preserve_sources_list: true - sources: - microsoft-general.list: - source: "deb [arch=amd64] https://packages.microsoft.com/ubuntu/20.04/prod focal main" - keyid: BC528686B50D79E339D3721CEB3E94ADBE1229CF # Microsoft (Release signing) - -# Install necessary apt packages -packages: - - auditd - - blobfuse - - clamav - - clamav-base - - clamav-daemon - - clamav-freshclam - - clamav-unofficial-sigs - - docker.io - - docker-compose -package_update: true -package_upgrade: true - -# We know that exactly one data disk will be attached to this VM and it will be attached as lun1 -disk_setup: - /dev/disk/azure/scsi1/lun1: - table_type: gpt - layout: true - overwrite: true -fs_setup: - - device: /dev/disk/azure/scsi1/lun1 - partition: 1 - filesystem: ext4 -mounts: - - [/dev/disk/azure/scsi1/lun1-part1, /data, ext4, "defaults,nofail"] - -# Set hostname -fqdn: {{sre.webapps.cocalc.fqdn}} -hostname: {{sre.webapps.cocalc.fqdn}} - -# Add the SRE admin (default) and cocalcdaemon users -users: - - default - - name: cocalcdaemon - lock_passwd: true # Lock the password to disable password login - sudo: false # This user will not have sudo privileges - -# Run other commands -runcmd: - # Suppress apt prompts and warning messages - - DEBIAN_FRONTEND=noninteractive - - export DEBIAN_FRONTEND - - # Clean up installation - - echo ">=== Cleaning up apt-get packages... ===<" - - apt update - - apt-get -y autoremove - - apt-get clean - - apt --fix-broken install - - # Ensure that auditd is running and enabled at startup - - echo ">=== Enabling auditd services... ===<" - - systemctl start auditd - - systemctl enable auditd - - sleep 20 - - systemctl status auditd - - # Configure ClamAV - - echo ">=== Configure ClamAV... ===<" - # Allow unlimited recursion when scanning - - sed -i 's/^MaxDirectoryRecursion .*/MaxDirectoryRecursion 0/' /etc/clamav/clamd.conf - # Enable ClamAV daemon - - systemctl enable clamav-daemon - # Enable ClamAV scan on access - - systemctl enable clamav-clamonacc - # Enable ClamAV daily scan - - systemctl enable clamav-clamdscan.timer - # Disable ClamAV database update on boot - - systemctl stop clamav-freshclam - - systemctl disable clamav-freshclam - - # Check server settings - - echo ">=== DNS ===<" - - /opt/configuration/set_dns.sh - - echo ">=== Hostname ===<" - - hostnamectl - - echo ">=== Date/time ===<" - - timedatectl - - # Configuring attached disks - - echo ">=== Configuring attached disks... ===<" - - mkdir -p /data/cocalc - - ls -alh /data/ - - # Ensure that Docker is running and enabled at startup - - echo ">=== Configuring Docker... ===<" - - systemctl enable docker - - systemctl start docker - - sleep 1m - - systemctl status docker - - docker --version - - docker-compose --version - - # Set up the cocalcdaemon user - - echo ">=== Configuring cocalcdaemon user... ===<" - - groupadd docker 2> /dev/null - - usermod -aG docker cocalcdaemon - - newgrp docker - - chown -R cocalcdaemon:cocalcdaemon /opt/cocalc - - ls -alh /opt/cocalc - - # Schedule mounting of data volume, allowing non-root users to specify 'allow_other' - - echo ">=== Configure ingress mount... ===<" - - grep -v "user_allow_other" /etc/fuse.conf > /etc/fuse.conf.tmp - - echo "user_allow_other" >> /etc/fuse.conf.tmp - - mv /etc/fuse.conf.tmp /etc/fuse.conf - - systemctl enable ingress.mount - - systemctl enable ingress.automount - - systemctl start ingress.mount - - sleep 20 - - systemctl status ingress.mount - - ls -alh /ingress - - # Deploy CoCalc using Docker - - echo ">=== Deploying CoCalc with Docker... ===<" - - su cocalcdaemon -c "docker-compose -f /opt/cocalc/docker-compose.yaml up -d" - # Wait for deployment to finish - - | - while true; do - if (curl --silent --insecure https://localhost | grep -q "Open CoCalc.*"); then - break - fi - sleep 5 - done - - docker-compose -f /opt/cocalc/docker-compose.yaml logs - # Print a final message - - echo "Deploying CoCalc with Docker is complete:" - - docker-compose -f /opt/cocalc/docker-compose.yaml ps - - -# Shutdown so that we can tell when the job has finished by polling the VM state -power_state: - mode: poweroff - message: "Shutting down as a signal that setup is finished" - timeout: 30 - condition: true From e78ff72fe4b03742f8285f8c1c121ca3bdf026ce Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 14:51:29 +0000 Subject: [PATCH 036/108] remove cocalc desktop entry from SRD cloud init --- .../cloud_init/cloud-init-srd.mustache.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml index 12065238e6..f45df08a56 100644 --- a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml +++ b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml @@ -155,17 +155,6 @@ write_files: options(repos = r) }) - - path: "/etc/skel/Desktop/CoCalc.desktop" - permissions: "0755" - content: | - [Desktop Entry] - Version=1.0 - Type=Link - Name=CoCalc - Comment= - Icon=/opt/icons/cocalc.png - URL=https://{{sre.webapps.cocalc.fqdn}} - - path: "/etc/skel/Desktop/CodiMD.desktop" permissions: "0755" content: | From baf8e4c2f9828838f7b59d57a841add5a04a716f Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 14 Aug 2023 15:00:32 +0000 Subject: [PATCH 037/108] remove CoCalc from docs --- docs/source/deployment/deploy_sre.md | 8 +--- .../source/design/architecture/sre_details.md | 1 - docs/source/roles/researcher/user_guide.md | 41 ------------------- .../roles/system_manager/manage_data.md | 1 - .../roles/system_manager/manage_webapps.md | 6 +-- 5 files changed, 5 insertions(+), 52 deletions(-) diff --git a/docs/source/deployment/deploy_sre.md b/docs/source/deployment/deploy_sre.md index e1dfbef923..e5c5353b42 100644 --- a/docs/source/deployment/deploy_sre.md +++ b/docs/source/deployment/deploy_sre.md @@ -106,7 +106,7 @@ PS> ./Setup_SRE_Guacamole_Servers.ps1 -shmId -sreId
-Deploy web applications (CoCalc, CodiMD and GitLab) +Deploy web applications (CodiMD and GitLab) ```{include} snippets/07_deploy_webapps.partial.md :relative-images: @@ -237,13 +237,9 @@ If you see an error like the following when attempting to log in, it is likely t
```` -### {{snowflake}} Test CoCalc, CodiMD and GitLab servers +### {{snowflake}} Test CodiMD and GitLab servers - Connect to the remote desktop {ref}`using the instructions above ` -- Test `CoCalc` by clicking on the `CoCalc` desktop icon. - - This should open a web browser inside the remote desktop - - You will get a warning about a `Potential Security Risk` related to a self-signed certificate. It is safe to trust this by selecting `Advanced > Accept the risk and continue`. - - Create a new username and password and use this to log in. - Test `CodiMD` by clicking on the `CodiMD` desktop icon. - This should open a web browser inside the remote desktop - Log in with the short-form `username` of a user in the `SG Research Users` security group. diff --git a/docs/source/design/architecture/sre_details.md b/docs/source/design/architecture/sre_details.md index f6b05929fc..03adf9b945 100644 --- a/docs/source/design/architecture/sre_details.md +++ b/docs/source/design/architecture/sre_details.md @@ -14,7 +14,6 @@ This infrastructure comprises: - A file server to host the project data - A `Gitlab` server to provide source code management and version control - A `CodiMD` server for collaborative writing -- A `CoCalc` server for collaborative editing of computational notebook - `Apache Guacamole` provides a clientless remote desktop gateway to provide secure remote desktop access to the SRE resources. Hosting each secure project environment in its own resource group supports a clean lifecycle management process, making it easy to verifiably delete all project data and resources at the end of a project. diff --git a/docs/source/roles/researcher/user_guide.md b/docs/source/roles/researcher/user_guide.md index 402e908625..0daa143896 100644 --- a/docs/source/roles/researcher/user_guide.md +++ b/docs/source/roles/researcher/user_guide.md @@ -757,47 +757,6 @@ They will have to discuss whether this is an acceptable risk to the data securit You can make the process as easy as possible by providing as much information as possible about the code or data you'd like to bring into the environment and about how it is to be used. ``` -## {{couple}} Collaborate on code using CoCalc - -`CoCalc` is a collaborative calculation and data science environment. -It lets you work with others on projects, using `Jupyter`, `LaTeX`, `Octave`, `Python` or `R` in collaborative notebooks. - -The `CoCalc` instance within the SRE is the easiest way to work directly with others in your team (for example pair-programming) who might not be physically near you. -You do not need to worry about the security of the information you upload there as it is fully contained within the SRE and there is no access to the internet and / or external servers. - -```{important} -The `CoCalc` instance within the SRE is entirely separate from the https://cocalc.com service. -``` - -### {{unlock}} Access CoCalc - -You can access `CoCalc` from an internet browser in the SRD using the desktop shortcut. -The first time that you login, you will see a security warning. -This is expected, please click on `Advanced` and then `Accept the Risk and Continue`. - -```{image} user_guide/cocalc_security_warning.png -:alt: CoCalc security warning -:align: center -``` - -You will then get to the CoCalc homepage where you should click on `Sign In` - -```{image} user_guide/cocalc_homepage.png -:alt: CoCalc homepage -:align: center -``` - -You will need to create a new account. -You can use any username/password here - it is not connected to your main Safe Haven account. - -````{note} -Our example user, Ada Lovelace has used `ada.lovelace@projects.turingsafehaven.ac.uk` as her username and set her own password -```{image} user_guide/cocalc_account_creation.png -:alt: CoCalc account creation -:align: center -``` -```` - ## {{pill}} Versioning code using GitLab `GitLab` is a code hosting platform for version control and collaboration - similar to `GitHub`. diff --git a/docs/source/roles/system_manager/manage_data.md b/docs/source/roles/system_manager/manage_data.md index e517821476..de40033017 100644 --- a/docs/source/roles/system_manager/manage_data.md +++ b/docs/source/roles/system_manager/manage_data.md @@ -150,7 +150,6 @@ The disks covered by the protection for each SRE are the - GitLab data disk - CodiMD data disk -- CoCalc data disk - PostgreSQL data disk - MSSQL data disk diff --git a/docs/source/roles/system_manager/manage_webapps.md b/docs/source/roles/system_manager/manage_webapps.md index 1869a82c24..9f739a7bb9 100644 --- a/docs/source/roles/system_manager/manage_webapps.md +++ b/docs/source/roles/system_manager/manage_webapps.md @@ -6,9 +6,9 @@ This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it. ``` -During deployment of an SRE, distinct virtual machines are created to host each of the three standard web applications - `CoCalc`, `CodiMD`, and `Gitlab`. +During deployment of an SRE, distinct virtual machines are created to host each of the two standard web applications - `CodiMD` and `Gitlab`. -In principle, these should require no further direct interaction. Researchers using Secure Research Desktops will be able to interact with the servers through a web interface. `CoCalc` allows users to create their own user accounts, while `CodiMD` and `Gitlab` authenticate with the domain controller via LDAP. +In principle, these should require no further direct interaction. Researchers using Secure Research Desktops will be able to interact with the servers through a web interface. `CodiMD` and `Gitlab` authenticate with the domain controller via LDAP. However, it is possible for the virtual machine hosting the web app servers to successfully start without the web app servers themselves actually running. For example, Researchers using an `SRD` may find that the web apps are unavailable, or do not successfully authenticate log-in attempts. In such cases, command line access to the virtual machines hosting the web app servers may help to diagnose and resolve problems. @@ -19,7 +19,7 @@ In the rest of this document, `` is the {ref}`Secure Management Environm An initial step could be to check the build logs of the virtual machine to ascertain whether any clear errors occurred during the process (e.g. the installation of the server software may have failed). - From the `Azure` portal, navigate to the web app resource group `RG_SHM__SRE__WEBAPPS`. -- Click on the relevant VM (e.g. `COCALC-SRE-`) +- Click on the relevant VM (e.g. `CODIMD-SRE-`) - From the menu on the left, scroll down to the `Help` section and select `Boot diagnostics` - Click `Serial log` to access a full text log of the booting up of the VM. From 87bbadef2b88f313f3d86a6fa80dafbde44ea58a Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Tue, 15 Aug 2023 13:45:54 +0000 Subject: [PATCH 038/108] change reference configs --- .../resources/sre_bluet1guac_full_config.json | 20 ------------------- .../resources/sre_bluet3guac_full_config.json | 20 ------------------- .../sre_greent2guac_full_config.json | 20 ------------------- 3 files changed, 60 deletions(-) diff --git a/tests/resources/sre_bluet1guac_full_config.json b/tests/resources/sre_bluet1guac_full_config.json index 0aed7c6062..ddd8153879 100644 --- a/tests/resources/sre_bluet1guac_full_config.json +++ b/tests/resources/sre_bluet1guac_full_config.json @@ -1387,26 +1387,6 @@ } }, "webapps": { - "cocalc": { - "adminPasswordSecretName": "sre-t1guac-vm-admin-password-cocalc", - "disks": { - "data": { - "sizeGb": "512", - "type": "Standard_LRS" - }, - "os": { - "sizeGb": "32", - "type": "Standard_LRS" - } - }, - "dockerVersion": "latest", - "fqdn": "COCALC.t1guac.blue.develop.turingsafehaven.ac.uk", - "hostname": "COCALC", - "ip": "10.151.5.7", - "osVersion": "Ubuntu-latest", - "vmName": "COCALC-SRE-T1GUAC", - "vmSize": "Standard_D2s_v3" - }, "codimd": { "adminPasswordSecretName": "sre-t1guac-vm-admin-password-codimd", "codimd": { diff --git a/tests/resources/sre_bluet3guac_full_config.json b/tests/resources/sre_bluet3guac_full_config.json index de66cdf330..e34450937d 100644 --- a/tests/resources/sre_bluet3guac_full_config.json +++ b/tests/resources/sre_bluet3guac_full_config.json @@ -1387,26 +1387,6 @@ } }, "webapps": { - "cocalc": { - "adminPasswordSecretName": "sre-t3guac-vm-admin-password-cocalc", - "disks": { - "data": { - "sizeGb": "512", - "type": "Standard_LRS" - }, - "os": { - "sizeGb": "32", - "type": "Standard_LRS" - } - }, - "dockerVersion": "latest", - "fqdn": "COCALC.t3guac.blue.develop.turingsafehaven.ac.uk", - "hostname": "COCALC", - "ip": "10.153.5.7", - "osVersion": "Ubuntu-latest", - "vmName": "COCALC-SRE-T3GUAC", - "vmSize": "Standard_D2s_v3" - }, "codimd": { "adminPasswordSecretName": "sre-t3guac-vm-admin-password-codimd", "codimd": { diff --git a/tests/resources/sre_greent2guac_full_config.json b/tests/resources/sre_greent2guac_full_config.json index 33fa1bdc21..6d0d7a338e 100644 --- a/tests/resources/sre_greent2guac_full_config.json +++ b/tests/resources/sre_greent2guac_full_config.json @@ -1440,26 +1440,6 @@ } }, "webapps": { - "cocalc": { - "adminPasswordSecretName": "sre-t2guac-vm-admin-password-cocalc", - "disks": { - "data": { - "sizeGb": "512", - "type": "Standard_LRS" - }, - "os": { - "sizeGb": "32", - "type": "Standard_LRS" - } - }, - "dockerVersion": "latest", - "fqdn": "COCALC.t2guac.green.develop.turingsafehaven.ac.uk", - "hostname": "COCALC", - "ip": "10.152.5.7", - "osVersion": "Ubuntu-latest", - "vmName": "COCALC-SRE-T2GUAC", - "vmSize": "Standard_D2s_v3" - }, "codimd": { "adminPasswordSecretName": "sre-t2guac-vm-admin-password-codimd", "codimd": { From c3ba9489a034ac2e16f290915d7645ce7224a39b Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Thu, 17 Aug 2023 10:17:08 +0000 Subject: [PATCH 039/108] Remove codimd from SRE architecture diagram --- .../design/architecture/sre_architecture.png | Bin 224542 -> 225243 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/source/design/architecture/sre_architecture.png b/docs/source/design/architecture/sre_architecture.png index e9a44d2ff7aa2565ca2c19f1c8ccb0748fc299ec..4337f843182786359c3291998aed57b7fdde11c2 100644 GIT binary patch delta 137388 zcma%jby$>Z`>h}W+1l1C89?-kT2vJB*YGy}e+@1yE-GHhPK@NgE-L=lmA^0Cxg#JhQQ09F zNqk-M?`Qt|3i8@oE|UB_4Kn@?DYDLju~I?wq5<-;Eh}nPi0A^cBa#*QKJo%`Ck};T zQ6-|NRC@W@s&ZqQoS0lfOh8y%=s$mikteG);7!z(Gk8j33NbMONs<3t6cV~qdAgdf zLI!hl^?K;wYU_b~c#$6Y;JhQ%9Z8{o%~x0)g1okwgKT|Ijar2eQ6ldrQ&gU;of7|F z?yRqMl_4@ELb4?3A#-ZUiA6+^4@Ibmgpk_HIkn4@LL~!{Oh&=MWVAr|Je#Q35bY*kdPQeSX@{{Qb<%p^j`z;3kyjigW+n(`*3>J z|M#sTBEqOJb)pJnygv;}Uzuo&$=1)o%LE*(kbs!D7^kQb;kW6Z-$KG7NQX$KD}=wf zZ|mXUV(ayv&HSHZVv`hy2uS|dA7Fq4WBvQ&|9fsUgj>b_ef{qVfw>EjB4gq$DJ8}K zZB*hy$ZszNknb;&qpZ}4uKi!GCt6)XCMP5jjG`8yMnpn{w1^?QE+8f;^6w>y2>*X9 ziB?!hTueYr>|YD{pNYa5*a+AE%i@Hn20z?T-{u4k?(C7klO3lk=Fyr&$~F-*f`rF6|Ju$AD*X2ww%2T z%=a8JNKlGGf-ug14JC~Fpg=@LB#caOzK%L)L1cqes1vMJ*B}a^M8tbum_Boc<&3(r zqJf_kKJ7x?b(OK_*GvT{mFwP-kP#;;UVd=in8Z{?Md*Qrr-|ioS#dF29;ETdo65TL zy<`Rk$_C2hocGAd4HA`AKAyh$*l;@i@CQ^!XIIO6z6?}Q^S5C1$8|%zB#6H!#7aq8Q3EX!>Y60em1%hX_xo7x6Vv@`A|JWP;We=_ z!CO0=LycBR@A8#S|2awp7CUgWBzw+TTGA4;>LLp|-qXFqGuSPA>a z@{!~~%Y@%dMiP(pDS1aWEdS3oE0Tj{KVb`=PYQ*2HNBQxCgwfA1Q$y1(^=1@0w!6L{z<->w(@elCx*5;~D|Jl1h@W6!VT&xTg z>C^~j_``Hp<-5xlz+~QY6Gby+e61t60fKOMmaE^>K zSm+T1{`{XU_Tvu4%%xEq|4312(FXU)Tj*H zQB05{=FaSReY(}5`yC`vJRffXH5y_R!J>3!X( zwKJ8Q+a%{xvwZK=nh|j=`9;OpSdFRd>63+ZXmKl3qW6czkIxpLgv4fT&}*F3J;Kkg z6JhUvA-z61g3+yU9o29gEn48WFMIN5flZX8fzo5|k|FaIMx&cj+~>m;M#yle?GS`) zZ34t;th05M$t}-o@Y__^T=tLdUHQ^v_Cqn0i-uD-RrdCp(_Ubi%#N!7zlP@g&-{Fb zvGMeZ%8>%yyI&5x%Bmc!22xNX=4wH=4~C8wZ))2N2wa)}FmBiRCgVhYbK~Qu$&|g* z&0euhZo~^Ux$#f!cct%*78x#7sBxztwtc50o7s0Iu(*gfHtW~?hUUAVT6)?{5MMor zYyi`62U!X!aJyT2#1Gv%zAKloS(<1~-3i-X8Sj~>jTPR#HjPOi5i}LF?%(e_YIbif z`Z4gVXDsE^&7wAv@5ojbaV@@s(b`2s{lJ$$0S$5LwsbqOISKi}YMDDDz8#EMLHEQs zZn+E>C~G(wC)UcPa%Th`Ms2Mb=|K@wh+P^;@98Au)9kl|we8FS4ogH5k74qs-6P~k znWeb^;>ZaWn-0kd6kvYVG#!OO()M2do)pSEAti2=TAi&Li_JrD-GTURwW{XkTIF|n z|FIWrqx0eF@~Qq)sEw@9uS*=I?lo$Q z=QnyLe{QV5$`yGqZsgzd)qgpBd82=E)3(D!GskmSTQ!{_K#WxRS!mhB9j>xu7lyG{ zqUXI65-DqI?O=FiTU%=NH)S>}Cez})+(~bd8kCNk*SnN#(d40_2r80~-IEU)lc_c+ zl}SjOet$8bhdd1Pa?@oJ?ReNMcIjJ>q*Jcp9RI>JyU%5Qy%|TyuftqyuW6NiLXgNd z?U;&v)v^RL$;k9z-V{@-sfl`sNria%c?WUNHeAzc8LglK1@ z^R>d%$#xH~Jtg}DVgFi6@qSKR9o1*rJ*m+U(F>MAQo-j0*C@y>`qI*W{k-?-`IUvu z6epYa%qk_}7cIx1jtvgNYt7G%-Z@rye~!3e#{FBxw#Nq1uUySktiV$Pf%DN!iyXJV zgj)2Bb*Yf`rdcex3lf|hPfB9D`tBUB^s0sB8xmJ~VMTcFFhc8cg;!P`F@7g8bLBao zb&G}7!2@)OWg|_tVC1Fn*Rm9!2jW6}81A_8$qUTJ*OtauJ^6%NSBh{_;?6WrgZHDU z4guuZmk_XPRTBx0MH+LZwwOLA$s zdbt{s+Da>Yh+t8>gv(1Uw%um0B)$9l$REFYKZQgf_Z#?&jWs6(zvAz->SJ+)y(8u% zN4c0p+~<)p)!a_^Uy}Q9yRkBZ22>E<}SAlpW^g@C`n&*5ku~qB zL^ndFQ=)TnJ)35ikd^Q0DCm6LaBN$uUgMwf%4$CZo-DsxWNaAVX4vk@Y)?c)`qJMW zankITt5_P-^uEJh5myp^B5U4h?c`Y|PyC6^|3j#+#Y;E(?^zxsQjo#^xcu z&B0d1Pe73tTB8ch9vbq5BS zFAyyi&k>P6y{8aYmM&@seaZgWo0Y7}eo%=)%>Jt+NzDU))%It?+z(>XTBOC2!UAjf zmz;%tE=Fd2;16Q~X;xQ^QSDT#_cPg(ikpjt^s*rp{taHMHh)%p0n57=8jJhUI7O(OZzs2e2ihB|=0!D-0E`+>|$!iGU-q8h=nq zSR|QWDH4g(EIY5m!|s3pNWyvQ5r&4JC^coU&WhUVE3E0_&65YuQqsnMakQQs6bJ3j z_+}x7fa@kOKpZ}NPm%0N{G-d1gxEOO7_Ukv% zKY#&31Tg`S;n$@&YtMW(b~4Wn)b;7>RK(0WuLWj%4^k!(Qo@6xqheKK&{8w=?r+Bp z@He^WV8LJ^ODVB0w_;ZG{N&h$1a4guBvatbV#tH+LPpiY4!HyK>*T3=ZxWO5A&9NClAZk~ zhHFY^`~nWXSJ4_f3mlDVFG<&`$g{W88fX5wdD3c+bgyz#T^vwM!!d=@oU{R~5vlj6lF zgwJnkUZYN6JsXTSvK3i~Nvd9MH1KTCzi*zT<}d?C{6Mf@(Q_gsX&LwX-Q_f!ToHPi zdOG9R((U{855~wt-=9(yhy~~q>7b^ta@Ces<8UnGx55VUg9IEs<5&SadLZhZbrlrl5Q-FH#v{c#qhsZ}8otHXKh@PrUGui7^qQBzu`1jkn`bxYCUv#>MF3b?N(zX)6lq^qgO8m3 zH^{`?zBGNLBq@(e<1Y^uF>k0XfC~S*Vd@!pM7rdImGb_nvAd(q+Z%An=?4PXQ$p^n z2ML#UIzIItsy|Kt%SyWf=3HcTxH2q1>p_*ZOG+%HymNY8dR8k%y@l0-od9|}$dp;l zJJ>j!I@a5j{lds`UI&9>6OK{dO>GyHMt(uXV2i2e*wV~UdHg3uPLI~Vx9hpgh}3f5 z^&-DT9>%4O?#wvZ%6}4#i2Y+r5PN|MspaTctvqNRzrGdqZ)vE2c?AfJMOViGz;$OO zPjY7JNu{dzUa|37O@+jwuYd2T{Y+k4)rA5xJxcA8) z{SN0ddB^e&Hz+FfD$M&S*U9}N$p(*L?d8F@lJwFi_TFIbg@0R%}7A=VZ3kznO@5CyGYL}yj7P`Ii^!r3s33UB;7$2a!cH;(lWH4QIxxYlnp%yh545=qgR z82hPCd%;vXg!;Q2s3;;yvZ}6V?mxmSyC+dpG7}4o;UYe1<~y!WeEu22LAIR^??bC+ ztHun)QmE3<20Z5}Ebkv|qZMa`buiyqjU)x(IZaC+v8{)~q7`dgp;?kPeJoBlZAD%@ z>FgwX1Wh^kdPsn4SqdzU6H>{yr!ZOX8eR(15|@qPzU7M28V=8{)MNXzz`+JThWLCI zy&>zlOs#!1JbWN!W|vPM6P>1XUocD9bLM#xnPFb3@x&W+l7vxS$mYY$f7gPL>idb8(EmDo+(~ zSg6$Ir}DSR=xVlbZWM8s)%;(81b~kMs+W`Ed_AeKf$Wxzm-19Zj(8ikS5v!|Q;{k$ zX@1KoJ5&OCr-jb| zIDMrID_{UW-5sbYG)+hfFjO?Aj(C%b*QDP{gNTpC0iDj?CDP79r}>V#+d9=v|1f z)$DnN9EV_DGf3Z_sLQhxD5iyV$jdt7_v|{-u2Q|0_ATQ(TtIzhABkp=jo}$}FqQHX z=Y|)WX7|yULa$nN6fJp`v2dH0yIMMYY4VS^9HJ$7YCdUGt#k8M%Dc(J*G=c|Vq=Z< zENBf0r&#a)@E4+hjh}YcKgL)Ba;<#o-jgy+csi8-EY)T7-tg0CCd70dFEPo6E#Bbi z$2Fh4ca`oC(-UbU-HLMp-~VY zN^7ZN<3hgCVgrv$W@!7dve{cs<8HSO%be(?8B8kSeL1?>st*3o6WX7puku@qt>=@0 z5K!liFeV`_z-%tGMGRHg{tRw-2>s9#q1WK8c_mY;l>A3Oexforu-27MI;HK~A9qM3 z<4b21S&iMWE}d1)8K-{-3d{<9mwP zJULwJneG3|$x(jk#Rp*Aet=_$coEy1^_ApfXFus9y)MBtouk~ey7bCQUFBG>Y1}$+ z8a%;i+VVMS<@TcY=hU#V@~+d=6vP9^YY47f(TpjK9#i;gH5|&L-?`GPsLq}>A?5j_ z_XCdX;;mzFrtK<#K&sn<*Sw{8sS(2z9r_?S6m{rNbOUjLm^qG#*E(qZ8NPblN^&dl zxHRItb`AZVh}|DkBZDc9HPE=5vNq$EK3yT-r~jZk93WM$A6|TLLPYtv85;|wW@nN3 zaLE#OK{k9?1eH#3MfSg=5m9O7=1^w>7mRz>yh6;Adxm1E>^r-8hoS9DkndhzCPGA~ zb>36Sbfx+;t+WSY3A}`$LkEJ+x&Lt!3YG_zK4w++y75Zg6bd#;cJ z4Q3;8`;wwc+!=_^li_Fv>1ESLY$Ub)PkxeVA0=@7H4{3b((1~`-;_Q~tMk8scyBdc z*N(+~=dwTm-h>}8Dz3|lVhNn&Net3)_;I6<+03zs#!|Bd4G;XvaL>7=?}aA+MEy&8 z<84uEI!OnRaZON16BDI7vt`<`n0Wpq(LVZ?{nyC|6Z>c;KQEoC7y+nF(bm|V-@K;x zy2hA%HIu|+7PU8xJT&gW3kF#bp%|(wX)i@6NwV(4xG7omNtV%=Y}SVRU^g%6uuR}? z2PvPhb?(|l1Fw~GHzpzDKua@(2-~f3FiLfY^P5muj6A(eL|UhI2G${~{qj~KNtPar zJMpm!$E;vlibOs5q5q~VWELXp`RyrYF5@P|=csb7|0TuV&Xn6i8p3y$pSGGoX40(2 znI1D?!|cj)S1piLpF1%5&tbE00#b?QJP9#K)eO>MS~X|V>fj`PGpZY(uE}>kId_Se z{dojAUH5w_B`Uy0f=+Yth>9gSJ8gMZN-v5 zOKb7vMOE%|sdmE%W;)#}0O!Qyi;WJYF&Pv0{nGT?Zf8Z1&HQQOuVVj7xb3Dr z$OC(xk4OlWvM|fnahyM>Wfp#ZLv`*A$f2HlJ9S@m(XidqZM^rwRXS=*Dm%LO?loBs zcGc*3ur&2r*BP7lp+p|txAX52h@V~vz!Qn5C%dg4gDSKsB}3Ayb$83^zF!>tWi3W} z{Zd%L2<`(ZDO@FBMwQZskN{Lc0{DPiSBv|TN-h!CQ~CY6kwA23@yj(?Fedy%fFy#}abuDt=Io343w;4v8dMf`7@sw&F?625q>y&F_*Vgi| zN^R<8dJ*Mxzwcy)Mx|((9URP~SGeQ#3B3P}Ls{_8!u$LGv@WH^x(E6U_&h`0Tz&D18Z7;a?sv&)E7o+Vfh% zar)?Br95jp;7ib^Hoc@r&W*?KiEOd4!~|nm$U#Cys=4jSZ;2D20My+Pp97DGAfINq zRKzW|u9o=Ej!}GeW}51pbn1%X^d+$Bq_0DnVTly~r-WBE_y;0Bcy+UeD^9<^ez4VD=`sskt8S5&8p42yGea%?KCq`iM~=;vuAxV7x7PS(1) zwa9z_H1J>QPn}<&%|PCs6};WJI8h9ZXQiDH^!_=L0BSzEvmG=VP`pV@1~917UYu_D zVnKH7#RsZhL}5!H`5|J`mJ(*JV?YuoWSYv~B#ELv7nu`UNjHw^2?#P(`$uB|2AM)( z+!mqWQ4^cSXe#Zlms0=7*FG2Mvg?oRWyi@STKdjZPe&V-Tk%&rj*3{D*Epw)l$wvz z$vB>=#%=f}xchcCsqikG+~Mx|%`Kl0TguQgE=t>p=$BsOo9l=}3AP>$y?Jh%%AoFe zakSW22QBUriJ=PL{&f8bEBP~Ue7$0)&GU!3!#$U)lV8gP4p$3R)Co~E-9pYffg;0A z#OKI;PJnceJ)XzBV@G)`Rz7bUa5@SsB*b=a+@DYTFQ$3?{%|36Qqr*42$JnQU8mbG ze;S0SU(QR-@m>1@zmzQAhb=U%%sUeDk2au3p!O#tAx^pdU!`-siYGVb5*Ivvq}X-; zs+|=uwhpeg@cZ`6R(CdVtr^}k`up1_ZH!GLbyRd3`P1BdFDV!fpH+G!xFce%A5!z-M}D)SiC5s*4b%@dCDN2YU5=&U|}Q(Rue!d=nz;-VRrH&3{tx$c7fsX z*i|gFmxgZ`umRJY3fS1jNpjO1QUJwF>MiaNgE)}(rEDc-#<|-%=Kn}62^WY9qtn>q zWc18xUHQW=Tocbn1s$z-WCbEFTw$<@Z5Rz8<$m+{Nz+C*Z&u*@T^#IMWg0@WHDB9_ z+hRXXf8i4*<8|xWOlkca@yt}O>AaAMXlT=dOJVH-jR!tMx>H*)h}9a=Y9iOXPb#^w z8Zp!`9{2qnRzPO?mTzQ_r4*yv8r| z=)%Iov$o{|eOmG{u}#KfM>YLNr-Yc|J=d@?a~6>#6~2bJ&b}?8@sBj1&hmVq~59zO%nEhi_ZNWhjolEU*n(S?^^5ZV0xslz}o z(3eo15wsC8?K>vtF)hcG>zLHN(T|$doJGhBTAD-RBWjrq;rOE}=jttceV$Ko(<%pR zpFdg@gICK^$5^_)Ib21~#Y*>IcQeW^benC#+M^}hA9d5gIGFSa+|pMXfShZ$SkRq+ z&6!xBP18=L1kvQmPS!}M9n;SMo4nHb2QoiW&18eA>AWg3E>BNce}08A2Qap9&1Baw z4O_fDjW!4|IhMnvHb0v?lG(QxqfWT9x%!hFcA2e#dVs%saSj$ISr0 zhv~sOj6?IFX=WjBZ$-wQI@coh5XPnLy>UYOlzVz(oL~x=*K@ z4gw^rP8{=m}`uAnd&t;|GysP7HdIQit_TNWu^r@squI6H)CN|4=c!`&z(;B>2 zlIbOCKDpG+7=@hd+nKfm`D?)J+Fnw4EWLe!<~Nb8b+QnMbr((U)QLiMy+*8DO`4I0 z+@6Z8#?LV3ZVat;(@T3h8KUZ$<++DytS82)Is_Q=s|*5m@TMVe+~>4rm}jJF078S| zZK@gS=m^m5DiC6Lgm#pY-_m*C&LHhMZj^xGb$WS1Kbn^p+v3+Sc2O6Yx~2KKM{?#t z*oyII(P{V;ceTr8Iid(3^c^<=Ys9g4J-wZX&uYv1Maf@BnlYH+Qp0fV-DGEey^W4j zK{SssQ)McCq%1+$r^vXJ&l6$Ank9HPKLniG~WP7^OC{65}GKqiwS@h9k__?pSB*L zYoJdegz$Nj82%tj^Zh7;^dRR?pLwg=1QJVFhYOGL1)?<)V2=Hfyf7^mQkdPweAiH+ z`<0a4pVdQ0xWg-@07#@{^-PYHn6m$xtVa58{^;6Rgx=w{N$SC=e=X+rfVd6aYYEwN zMt*=*`cTF&{ZbQ+Uc@5q{)00;?ecA!O2X1m(*EB04z%5{ps{6>Upd zU-o^7kHwsV49H0DLG4z1sN!PyN}-}9%HajzslT2r4d}16v=m` z(CDA;JQv#TB!b58vgqil6i&^-t z7ru~Ti9jSe8uFx;Pxao^hjG94XKMWDezLDasCAYhhS8Elb8x~u$nR;NfxSo~3R55? zBl75kWsu7f5+W6txPZO9XlJcjBL7^f3-khlQvtaNf@W3s0Q+tedv9&JzH+~%$*2DZ zQsY)U-VS@aLw!)Ui0(MLLza*n5G?V}&tR`=o+S<=&%{Dm=-7uN00Z($;zbmlqI@=3fwQVfv4RXh7uo%a&}u(Y1bdTv=7094 zZAF~Y5wEPON8Be$B;vDi`OP;LuuWrsL?U#6oQ=TLY4K-}h>YS86Ym~|^I6p0-%_!@ zR`_|=;EwCGLII82wlf`UN9*OG7ou@Zql4$Og49{Rq*zxNbtdyM^%H@GMinRcd~Qq@y@y2y2bRs zZXHfe`BEn-pAnZIWtW7Z55|AmCt*Wbx3{m4M~s6hcy#$Mo*6w#S2Uv zvH@Gasa1>i_m?}}V$wJ@lRF9EQ9D(fAC@k2B7d@ejb1jOY8r8RJk%WMEC21B$H3A4 z=ED24*QQI#6B8+yM+%XHUkSw_e+`apWqkyXIND##h;h)(ho+UR3C>?ZSp^g}?MynU zegcN7%VStHfBTJrCy3;WeVgCVPGt$fI};sSn*?i)x%0*TX24v=`KJNWvN8vAWl!H z8Kf7}eAAmwPYyj0v%$O6BYUZL+|q>yM>?0MYRf<5U_;^Q!JB<|Dgw409cCJ;r@e-? zvs8`6wPQYmph`yrB9E^Iz-rnO@2I!<_(5iSevA zfch2VR)O?2+-Y8k-)2F*sB;`x-^sZ;f?Lm`8&^QE+yY5gF(HSU;3lgSAT{Vvu|;x( zc|m;28ds(KK{Q&J_8fpLXbJ~RPj9t%DC>#au{QEw0@`$J9so`a=K zH4c_n`qBqWZn`*HEFpTb;i|a2)|qh^76dqHZR|i>1XZ8g_TknttOkoKWhJ1{7tA3z z=M~+%Z(XKpxEQ~J3O=zri8pn1i_=h4q+fFJ223az;NPsNXIr+GqNG)=ZBAliNxa70 zfHk}Ym|DIl^}}&~PIUcS)nsu&Pjyab6>O|k`4qMc0eG$Du~Ku>yo8YBxj1?8b;Q=7 znqH%i%f!PMOg1P>pW9R2iLN15tJ=|`CG-|Sobv{S2Ga|FUQ8Z#bjL!aZvr(~&p z{yX>y_|!MBD7aj$<6cq7WO>L*tSn;3WV3#|TP21SBC}nY>D{~~=}w>tOtwv5#Ws#_ zQ(s4v|FFM5$GHorqrU>4kk9n!^G z-Kii)DPQnI!?98&>((>lOMEMuIW6-JK5?bI*@8incyEC3g%E-_B~FovmV-|RE1Tgr;+rQx6QI!uOt zDwxRh{4IqtxFJF>Encj+b_{OJ0m8t%9}$pF=NYyh<=TtOGQ)iXJa6cQr%gi&>2!H%2@GZ3Watki01L#fF*N3CNb;Q*tBm!wvFX z{76jpxKm!g?Cvysenv>c4aCuUMaXf0YnX*+Q#DgP7FJFY*+|oe=uUBYW zmu4dE;U4&ESWvpc?A_ZY-*1%{IEFJN#+I0#LvK zas8Hk#C<-WrDO=KlyEM>YbCYMb*Ll(ae6q54b_8A>h%q*G>eY~jpH!FQ>AtdMppg{ z)VgPT8T=g?3KH_S(IXs#)zv<~%qm^9MeR!Jlk6WA!qI(ixfF_iwB!7NV=g3W3J9wt zZ|g9=U^s^!H3T9p*iONDM-GQ+N0Yos%K7atO0s7_RV(g4FP5Oz9esnK6CUJ~Fvpv~ zG&>|l-;}aC_CcJ?CI>J(i%C659XSWDF+Z==H|WlT%X&KpD3>TAIs_8{LSyF%n!7!M zu(rIWm#_TKCbMkWLao1eNxwS5%3~b(uRv~WwVR1r#L8^k({H@1)2;3dXf5=_$G6tw zYvwSu!x4V9$*O`<*Jpz*TkU$4QevKJsV&hzZ>vty@R_g>TBV?x8be{S=kTqkCvYpr zt6;;+5qQoS*O+d&K;hHwSD5Tw9KUe4k!W%i?wzYGWX)8~}r|F9mY#a0p zL4VsZe#wVN%8`1>e_`2%VSC-Tn6mM++6zp#M`Bwe+N zW^$6kop|>*#N5B466`*nm%@Se&%&nicc&q`=YI#dS;?PjYG3X>`f)5;GlmH=>g8mh(vdc$kHJSch%@%Y zmghy6g~{&VvhgEAechk&myfL;HPZ$s7~fUVp=(?zYwXr~F<-kZ5caAbh{BfKT@Wbymqbhm_IL}J+7+5$`VkkULa1wnIY-r52)lFX z6^IYu`-<{FYjsoA`lq*a6a!BL{~&I#+$lM1r+CWRYwD$o*=6It6rd1>H&bgKetuGJ z7Hz1_R(hQM%y0DFQ0YxaiHTpFRzDIQ(^I0E0;8KCyk1U;uJwAKv{K<$mwov7wMr4s zig`tRD(deD8?}NF%@fgrlU1K9U9&Y^#W$5MZPhqW3wlL)sKq-7E-#DV1 zh%0xdS(*cPcL2xY?87@kr6cpOCZ6-=R2e*Rygr9g1c`w;r4_u**>)GpR*%9uGEwwp zzB7O1jG2mzPIF$Z#{AF&?)+J)y{I<*{z$dcxCbd^?XF3-mNnk+Zez9jcyj+Hz>ARc z$qYe8*Gen1@*hs*sV25m6@P`hmuB?3Z(cik1%VuzpX~RirCXC3ltS z*#b6L$4c}5$?qxupA7*A%lSP&a@-4q{Q&S`lywQt&x~Ozw#ATJF@_g@w+x1oxqPetc;P zsZ;4yw=%n7dg+PNn1x5BYIgck?zvvTVMTcE=*dj*>Nh?UTz@6%q`^t61C9RU4gW+A z1LaWWJyT{vn)|LDx){{7ZR_LD4gyCkO(S(4Ms3I2vK8?5MG8_$#nDdD+(_JLU-AwuY2?6(`b28})gGG(1yJg-nfP z4h`pRRq@VP?!iw>ksmv9Yo>7O+7HZ$3-p zB&E)Sp;l|330tljPz#LGMK+{qR$7#}BG6sAP1{S}Gu`>Y#q?R#=n#wFq zNOV6bM4g|~Z^1**DOnweu;Ony+WU^!M22(SA8srPgzZLsY#|V`b^JV{Vi}as>Bk91!Sg+uEQBi2JCav3hIB zG0)MwnWxY`TPh?kFQbh8xY4DdA96{(vd4M&(I>=yk9BW=u0BGyPh(WC_J-qFk~ld)k2?Q)f1ki<}@2yhEgX`5%|1m>tk-woCZ;n+4vJht(J*LaZp`?hiaK zbPXT*xX?Wz4vDLdZ|J+M8T)Xhw05Veg}9B!=C2YvKH`l0Z#%ZOUBcH(%Bg1t_U%{H zw))9I)Z<17*UchMXKVy;w63MzLq&$X`hwhs!$>5&_w~ce%zfkq`uVYI^^Pt#`F%>- z-;Clv(~h*!u6r@9^yI{*7S*|le;|=WY0Wu`N5FLobaSy$F5OnzXJyedHS_zno^EA8 zlePF(aHFW2;UU^K+uLynGBcEuA_4%)oqWfMQUo+&d;&fm7qXm8V@xg08=xiY zC<)afx~39ALHB^>=O7WNyEBn^aK68GR8Kh{La3fyslH0C)yOH+(i1O(iWg2yf<{mi z0lgbQzFm$&0?!pLlf`4G?&_u_ej?cmn|h z8Kl>9K9;b2O$!Cufxx&4OLfpV_jC6iA^Uw6F+$DpXFO^!-oV8$g$D%GN9KG+$|F(% zY{(n*Aw<#s4VKOB*F8o;>ab%iuqNJ&8I zw-y$?N@BqdSgP^stm%7{UoV{OIrj7ts;pZ?>6;~IQMyk+>NlPT6L0OLJu?j8(jy%Z z^zfYUC;NajPCI(+V|(2ZUzbJVuABs>EmpD**iycVtrae!kgvY_v{{6Yq{y#>xBa0T zNFhFvP89e5(t&-TWC1;{^sVziIRE>sJTD1hUz*5%zlp1D=@oDz$ufZ19c(Qlh5&&9 zDpKf|J%Z=~eBMC~m`bxrVHBS!8==ex^bC)i`#w`=E`#*5&z|6`mI|P<8Z3nu6_05+ zOxL+fzR?{TUX!}#Yt1Sa@!bx{vlPo^4#E|rz$Oh$f=JFn?grwT(kym<~!LW$1yp0)!1Dt)5NtXc#7 zkKpobYpaF-LXyK;s*Hcd4c}?^jZXHsSB%4(3jR%>fgs_X6P{zmf3<$G8z4s(z%V3r z+ziwz0_%#6#EL%ts*v45pt@RoJD3o@oj^Hbz}gJDw~;%gE<-u$9^0eFQE1wTQUFy6 zgmV`t(A-*XaLR^TNCjb=27%y=k-O}Pf)F@3dAisw@Wq|Ndqc29OT*`NY^sD->&OGi zy|3Z6K(vF>6l@+LH=2Wkl0ECWHel8J#*Io$SS#%Yl5gwhy+*Xk0|Ey-KUf30#tfA# zj4-=}?xdkc-?eCL?9OQ%;^^*=-V}BnnRVr76SB{&Zi4o$dhQ~q-1wP8_TGNj+-*Iz zjFmfB@+c_5R1!!??K?9zExth2K`*M^mkBuI9OdG1X1}jtB2Hs`^ddGd>s9;G#a$*l z0c4!-K?t_KBFH_0EVbDn{#iM8_g5kYUi&6m_35t3!hJa*J{5EAqq^L{DRqtG_Xq*W zKr3`n2G~;=1rP`JH}8JoJ(%4bkQbbCu8c{kh4`q(-l(6@JPyAmcZ)!P_=nX_Fg#?G zo(WU=#UL%U2uMnGppP&UKL)s~N3eC8E{M7spl@h; z@Q!KaO)pE1nhs`!#mV99DO#>d&_#Dh^d;n@U9YqXsD>)PYmm-E0dnxPyLXL%9W1!s zdw#L?e#x&yVo{EPRl=jcoAI%<@(QQBb9K2Ye5aBjVF?@RQdcV6MI~ zMi+FcJ5V5@FO$1O&`X2b{}m{H2c74ZKfevX;e&fv0oXy5{sEw?M4lB`2X7nNRr*}C zgmI^(kKuHmJ67QRux#^cL!+w!&(2(k=R4u1rsr9T!d zYR5TR+PE2|3G5Vs(i53k_F-rj|} zv@t868Bl8aw)9dNAqRzTLJpSo%*-5Xhyjvy0~&&wwgy4;vM1n9HPzK4nobT@Z0F?n z=aG3QniXUVLwdJ>VR;3ZfjVTYP!3Iz8wA9OwuN9ro?)SfJHJ$FQJi-mZn3g}C|f|R zwVr;l`C4MtJb7e!_yv^ZS|4nVMct=Rzql_3oX6DcMcb+k7E7Wn%fFO^v3-p!=r4fC z#(aS~x{8Q~!4HaUd__)m(@Ka0)H7p$MW z2+~PfdIUC>MyX{{;tY=OpYD2k;QSx03Dj5@sO$S9o+WQHST3S5qIeG;R%SGr8xnzxge#2H)~I5lf^I2oh^JVyKO%)Y6JFQXY8We^O=*|{o> ze*miFtOoHjfg?2x5|g#!veYZ_cdrWX77BlR#QW!DxEQ6;{NA8>+6=;DVlS#;U=*E_|N~_eU^Hf z;l}pbZvsGj6toD>joo_ZO=w#>bz2~gw}VCJ>*YLK3MqEPh$jmdmx7Sj~?)G+L;0WaRfD6%S&>C z%6f(&H{aNMb$X%_<4KTZ0p(uIeipqLIQE;VWzVBs^Y!ksVkY>F%mUS{e*-nFPS;Q? zx45jgX3UGWIxel(4=&2=f=|KtV4c;r_rW(9%UfEu_*;$NKD}V9R7r8%Nn!>b@xWm$ zi9y*+`nI9;x2IHE9}sX*JNGiV=zbP`x!q2fE9iyc1GYmT5JF(>mLLbXh47sR0k`A; ztdl-U6!xC94)7JCc2zHbQ5##Z9{#G$;0E)l9YPuM#}{uK6d4ri_2UNT`r<&hrq6Nl z=xB2Qez|mDvzxcP6L9H0k=*hiWe*kVb0b7gHWqsNbQdRET^BG@!CS9AW!)V>BMF|0 zDlU!xv+>|nPjC(Add8p|FnqyPN4x{Zxv#V09Hvyx$oKeAjX9VD;y5BS8yT5iUnUA- z62<>VOafKAtmNqtus^^pi=R%wqqukR6T@_Tlj6=e7Qhzs^F|k+ON^8FPP*AVKi6NH zkf|ExnlbdT2OXR})gn;$l^7(`d-b5M!Ve1F&LPehmm#K`hkY7@Jly|br+ww{)> z<)w%_o;NHqPzPwp7TS*(S_h1`TBTt}4IoDb>9ixbZI9=ePlf1}9N9(+^*huTnt`6B z7=#zuUtL-e5LdqU;Gg2?o;}&QLx0EBq8{1nT$)o{)}R5}8K{KXF^3`i^}hR>&W@9W zCOKCWuVVoGP1TD_d(r-(uO0(E(!~0AN78v!Lb{&onECVXI9LF?`r`fUr63z2UuV+^ zw(LFf^w6by9?>%IG^RS!;GGMU2@X2CLlRy+{XmnR0~(~ZrbN z3QDIBARr)28U^V_2`42WrIaEq3KG&irIm(nJgmL;+UKmj&iC$f_WPcHWc_|?&S#A0 z9(Ro~uIri)l0l3=`@&L)aly)0Q;kbl5sPH1}0V(#Ph&1F0RSx*qD&4*HGb{ z=*Wq9EDxCpf)4hK1{rDJvjG4;`iM$1$xSOM4Uc8geCA_%C@^m7D6#(naJ?Nbt+(HL zWes!Pzs9W6Nb(UOg5h3GQMC&T*c-wlQU{Ng-w^StM=TQR`uJTfxrVUau;IUuR$7F1 zT?rG+d)UA;(6o}DGiwKM1ROZ_sM1$;iEfVLq?S*Vu>mSkk87B9DdjU`Saua58GEep||&;*y^JIVE$d^b?;3DS8_e#p~vH)RTjM$V0DM|dxgf5?1_dS--n!)zTK-# z8YY5$MC?9MS|oaZq%!k!>o7N1mR?D4f?LmOBL{o0H#@i{xOQud_yUCUJLR>ofJV|pLvBNhhk7&0P^EGymPC7#XXVRJ&DI}!H%+rL2= z07E4}t`8iX263oEq?hqHw9^E4ny#dEr9Ceu=oWpxd$hLsM*eoLcA7-vy}T+94?Bxn z)x6`AE03IlYruZE?(qg90#>qUSzWrl2mgp}rqT!t7fMz0}>4c4lwXBg2Kn5QnnZ-Gh7Hc^{IWxW$`P z*^39BvFsqEMO<(6SF?#Q3YV%|COfWHC>{YP9-iqCF zun!RdeVYR2VcJSBgl$6_+1ew1k$HZR0;||OGKL@S2Z{ISFylu$0~MwYMP{`w5c9iH z$5QzQI<>UrCj0@;G`VJFoPAn7R-5j2lg*a630xtS$0?lc+BeviIO)Lrv$H64VZ7(M z20)MqimyHnu)%qQ+8uCg_?G3awKP!ta^axn^=mwiZd1;TUNcK`O|j3+i}{?^{=a_G z(~5YLQ zHMd0>EekHM1Vg%KVcy@3Sz1_!3YN#BKWf<^iCY9pDv;gHDvl{_q~|xQF6GO4()6T7afQLIVpN%Aq9Pn5*Bdg&_mT}t z4Y&vS(%dx6E9%@v)2m(2+q3ZADou#Z;1_}3aK3`RMP3raF}^reeC~x7!9L|%#%4v!;J0CcGDW)j@ z*2Dg=RmcARb3gi63>YqZD70xT^uUNEZE_s=Y;p31+{@xLM+qQVaM8rR1>hf=faCfQsGB4HA#`NBPTe;&I`ayz218F)g+KGd3Pli}_1MNO9WYbrj0U zHk2f51+XY3kY^r507$jI3n?*NkW&eFp^qa|SJ%WX3vdywDROlSM7=26kKikdAtc`Y z*p{4v&uLp}!5}?q^33ocIIJ=Ezmhb$pC^`PkY`T9Q>t2=M{!kko{)x7VGH(>r?akVz^@Wa;{6%S%ej#D10nqKALLE} z{WzR4OK*ZCn49d*(@QcaFdO34OR0J#)d-49)Me?u+$lAP-Eekg_PL9}3yRggqzHmY zSdWYgR$&V)CbZh`W^S_XrQ^OTmsyCg@(E>oKj}TaIv}TdwQ_HkB$i#IzU}?O$BP9- zrSFG7(y}lp0W)gn&R#NtXKPGWxcH{>P~|djf*EmOHtVF=rpT{FRx%I6Lfh*9j(!;ejS8=6=!>{FaKg680dlbg}oV zNiquL+**bS@mSN80G3tTD)-V2c&d$rY$xqW6E6=`K1PuOZIwq57?CDjaFve?jCfY| zn}lDw%U2RhPMcsiQrNj-VELY_-Z4tZOo38`B+H24Tef{Sc z4)3k3dv_YkMy92b4anyLtc{YoKv2l3{|6j(^EYYjM8%xCvdc&Kdp(pMMYHxCnU)Wr z{kgc3$0Xvg7f{GJq3A*3|8QNU8TK_lvc8G$_70=HLqEnqSWsdIx*0R3goqqPbz=`Y z$M5gnEB7FJYc!BdxcJ=S_5iKpKX<_9vw=HFCC_$}N_SlBGKb8*zVyjF>Zb*<$s9Nf zIi@K+=D5ibeQ$oTH_jfxpRD^x!RiO4%A|qpXpZIGO0_G)1_TFZliV^mj~?+nPVCkH zN{7T)MMYk`1ZU!bO){W3ctZ+ru#Z+|d=oROhA?~E zk7v#sOR}6z%0EyNVM#o*_?+oB`2?CAI>#XC!@&@Dj!{O(cqJ4aFDC31CJKz8_DOXe z6r>GOps^CN@DcUBv30A;=kArz*k9v7|F3v|0SRIY2X9-sBKw)DpkOvUz?nU&@5g4* zsJ*##dr`6BYNv`N$)ajG-y<>oSDWF{v5@> zM0Le(my3A_yr?n^?LF?+KcSIKzx%6QQw2Pmmh2%moM03vKD2xF8&z}{e!S;PJ&Go3paU|F z_?McW+6FcgNbyOWfrtlfJd23TcBEJ5w?lrinRBQNke;m^{$zqc=aHB734lVx=}iB&b?PlT-8xN+>D+?} zG(b5L#C$t=GLE`b5R0` z`KKjP518}rZIB25!szYV914E2=HQvrd7Kr%hmbH-FsWRa8=>?R3ksF1+*YUN|8Kv* z|8V|5vGRZR0{_GLLz@4?7x*8}9|Gxs`=VMZsM+t>KZs+&74^(l>~`%tTtXnh zeZ=~Q27=28q}sL;*@`Ct6u@OuV^|89!PDMTFLr~cO>2Ik{q1QWZvXtW&+fs0G8Y_u zaLs0eTQTd8JY11!#ScP!gxa+Wy{cS65+f6V`BA6zC^(7T!Mr{L{{Ge^YZ%Jk#aM;# z4n74FZF>qHZhqzg3Ur&UP#h^KTn((?oTv3$^r7`15W0|n;Iau01j&ekrqhif_D>TE z{4dv!9HjjOVp6ybjExCrX2A-ah6z(+`y#%GYk>a(_WUkHU>5>$`UQTEL{o6}7^MBH zWBjW=^3PlZ3ZS;M0cv~R_+M<^FPCq?4Z^dkm+3!Xpx4kXUJ7@3B}Y&eGh&&m??dtLGX zb?H^+WsmarRLgC^Ij6t$z)tlatL7qhsc)@V1el=*-PN(^cz&VMCvuu_18Sib$>1pp#N}>7XaDTFxvZ0%Z#jrlU>WBe z(|sTvYz9mG)+r><08Pj)E{j|1Bo`#?e*dCZ;qUoDO|^N=qnJ57u7rY3Yd=V?6&_3T zHRTi%Q!@l@)wPE z6vK-zxqy`ARGIB>k_ zWYJ#-0O$fs8vuMn!_TiS`n009F+f&R1?H-4{cMed(kQgA$-|V5y`_Q-t7z$8F@R{( z2}p*5Kytbq){}Os-%#0GxUM*xH#8wO`r60Sj>Ff(iKpes`K#?cfS4u#qy$p-fMtCE zu*n$~+Q9%dkU1m`pf!)rSH9tIE)44vwhIQ9T+t)d6%BJYa~ki!6$qLKv?&YiOid~W=|Z>uJ= zrhn_wm0kphd8{_PJ!m=S^4)tOQEM3%C{p?0zcbDWNPT*>B}PCrDGuP!=qy>$ z(9#gaxlAR%Qpx~uCRG65y4yv5bO5k0onMB<_cLWbnXW;XWcf|`8Qv5LzV&qE*%|X` zkoxse=Tz1xYmjo_-kaDcdT~9HYm-=8RR!rj>Y*eI_Qw`cOyiq*DtdNyMVcw1*I^b} zf>0!lkOGPH_6^sJUwJ|!`-=8H(2t5%B3?eZY3(go&_Y?nAfdWyL(=ERCw{6Q6x=0*o3)X`knOna4*5&!_@XzwDWP z5Ur7*o!iE51Eo>%`#Xgp(Bb?kEQ~B|rrw8amO)1vjE{Ej?g2oImXPI9O1haCV20NM zmS-Md;^PC%Qp)BlgHp3vJ`vTArZdVSZm_D9_fp=o+04fzaXBbRLLKOOp@km~*3z+Enk?Lwy({+hkq{cCBg)-@TO6Os-i=WGSBvY*JMp8C@5|H_x- zve8>@)D|BANO2Zm8xmm3)BG%tm|VK=s(5^r9%O5&>VWYBvEA;Ma`|o$;1af2k=s?Y z_W;}sA24Pqj6=!y(5XuTi%>#89+bb60r(B zwa~mf1^598Nf{+Z7e}|_vsxHq0rhPJYe?d}&B?Hv7!2wvOg@Y=Thv9{1ZSzM6w?2S@^ zHd%H^!k5-QidR781wcUb=_CO-QiLPsK2SfcvI)B4(O%-j-4L33U%Mwo#=q`kN`HPx zY}I#El>Q3F_8db=k?SY^HwkS&flM8Z>pcL#p_K0C{bp9aWA_zxAx7I#67%{oWP2sP zq~S4|;)j^dwz3jj$B>qP+35ho#YHigg4J0DEYr(k4tlhbCb?b!f0=*hVTnmq7r%Yv zVl@ZoBavjYnr-nJ88=Ny_C~2*eCdIKbDG$e4wyph9F<5qZ6A|cfRCjGnWcQm=_p(I zB`j7}jJCAwo9XriP^4A;ib5d&F)t$)3_y?e+JpN5Ym^7B(dSUk(bfA(=L4U^l=jBv zzwV~Ou7G1DRh^iZ7EO)f?WQl%FWl7AiyIgg2Q>~>C=$XC7dtx-eb$i``{`VH(+Zd@ zLqnjpmD2j_=i+Ue4bAqR?d99KwgeMZ%0E71Z2^ld z6`kaqxdF;@XZ0<1R3gurqm-1Jrp^sjZi{_)w|2{u*@nRJc?h^_(ZBXfJ__s!DL;-K zfUNHsO6&9c79-$E#P1g*&4kc;>Unx@28B$n(_H3pn#(5U|JacHhfn|eKMehLQ_~Dk z8UHKufWVRHfA1A<(Br{%4fGp{Ks;Uz^aJnHM0@uh>aOUs=Xz)*V1!)|D_3J_OfNM3SEionDbazH2xyd$f zaCul~c}=u6(ibqkKL9`G>6JMsCZ;W4a*(ewa6Ru@pE;cm6a|>^Vb>Ep``1;eHM$v~ zpK^hAi?AECc*A=-oRi2N(`8zzm%`-RL@b>dEhXfV5IzUwRN?__+hVop|D zfbF>X`NhaiRXJg_6~L~tHTeAGdAbbBYyv>@-v~X=BmiKci7@00WK8STm2VXVuofQB z;3|7wVwBP#>^iRrlZKVGVj!40Wj2wo^}?mX4**WBfNGJj-2fX5KqjWSET=6#mr%Yh z<#Pg~x?uI0`u*is!Y;EP%8x^tCT@+CotUU-rSjgA-YVLwa9i;ia2=A?Sk_L1g^%{KKTe9DalQ0PY*k*4_=N$xs^0&+q{g;^~@I6J}`*!auc6a*e+*85E%l=D8bqpF> zL}J$+9e@;ukXL09wkX&YaC37DL9zf98mXHLIy?`N_6{J7U=?}($14Csu@>{)Ha|)? ze{<&@&gX)ZYa(mXdNR+YECe25EccM@I(lyn!`*%~`qvtzgUysU=5>pb)&)rHB@C{& z`&yhVI@yT-RdTRgZe0)AXhFRiuOmhAU0dGYJs5hSvc${Y^d4 zgVF;?^N0l_6Z`p>?vb{@Z`8oHN&)9Zhm(-UCPK31#y`!yz(QVtP?c-Z^vDII@QxRJ zG~G11td>B(L1g}2s<^Awi~H3ZRv35-(w+%~EmUnJJpfHS7e=YNz?y5AbP#)*0PRnJ zMlbGsY1PG5iz4N(DQ=IwH*b5J-ZavJLAa2?g=A{Wc8^e$FOfnKl0ow zSlJHllPq6Cg~?!lBx$J))PXg@R)aw&k|*UY!&>#IQ+!2_ga%MExfYL|H?tIe7nguU z)YU+L1vI@5^WrEbK>(e#oT4TrlVdK0PfN=9PESinF4SH4{n&T?#^3IWh;-yCtN{mv zHNNU|w(?nun0x5L{teJIL!T13^>Y=UkOb05Qk#2anE~}0>-g$#GIh!;u;d1)Jjs#F zyzaxqL1%^V*wo-RRH<#0O?W3dH{Q$u)@GH37cIa zy;kWnOkG4xL194L7GS_A{O<~RjP=KOzWyh5Y4S`U6LhEx_Tn;oK%!8qI>Je#oL|jy z0rWVr0HmH@yatFNW6#AvRTpy`G)lg5KV|#J=&kBum~u(D2DOx)((p>xdKN2RR$e0`7U6yE2BfEGQ3e($>FO%sQ7I+l1|Z@RnQ8GTV{)18K8ioN?X~cAWTtDi z>sN4T3bdTu)a$)4<>Vf+_I10<&(!_XMU{IFXy^uu$96bN6uRFy4th>jE>u~J@V2U5>BmOZr-0hXks3a+cL5`Z%I6u4A5}pL%Ga# z&V6vOl4$=J4>Kv=WymdppO@jm4r4e_y?|8BpqZ9@zHKCjQB#dPQ+Wy0T*E0j8*p}r z7o?L3()FdGPoN^Ue!Ou#j*TpBI`OiIO^+tC$Fy_2aJ7yxiwBQkF&FvOtxgu1bDwIi zK_pLOG?RsOt*mm3hBrLgNH}$_SdnM=B!XYEQGHP_9eJyVnEqPK8Dg4ADpnEn%-Hw6 zt%WushM8$IdA>(L==wUW_QAwz2x0I}+8#3oUxDY@LH(EWgs0g&eB5gKI?}RZFPQsS zyewVF5c9fk>QIm`0PNOzBp%IvAVa?o{?tY-sZvTKuweJ|`XQC1AD;L^<&>0EYIH}9 z%*mlE`sUMU1Dido>J;|IVY@BJ;9N?DS4pA3qfIOAt}fNut%qx=UCDx$KOcQ$Q{OMxSHK1LTc5UfXjnB@i7A*clSZv|5#J(k@@aGq~bYZ{}8_mif zMAsLA)rvZ`H~by}IyTc|SL^x1Z>`Zo5^idUGf9+wAOw7opU!6>Zvu_=jS4bWm9Ru< zK#R$n8Fo>`jMaPV)3nDFt#Pd=G2+xor{s0nMb_$9I~tGFxxb3JZpOrU zttXx{x^{c_YDZ7Eq)8{WgQJ;@f;n(a1Heo4<&H#VVTAm7}^eUpMyn-aRzL3;hW z@N~|wbkw+QbccSC9=njrcf))1Wj&+cym;w9m5bU9JdY+ra_$N;ZZlUB%3+3O8)FFf zTS?I|jAz3bmcsf24DpyfDv1araB-MP{c!sG`xWZ=Oe#P0Cxa832)2&;l#p99>%X{U zOh&J{cXE9g4fSdxDVv;{ZFh%OzEU+!&(s^6thbFO?;7x$hX9-;&cl(UhqSyNUdk|4 zr!D%8<2MDk+ft<2=)Fcj%IR6Emlwe$;=O70=I4f;Uj6d?mbrV8!(+XN{>hc0GRE7! zL5`*2AS@;IcDzs~bm1<430@#S{lAXO!hqM1~{LrdNV_5@%d78L_ryXa;7jEdu~ zzqnGeI1EUUA%k3cxnVP{Tryb^TjT5M6g@gKOVj&|QeJYkt_#1sV^p*mv~9b1-L559 z#2$213SaHr`<%=J4Lnw;BLAV`=vX{#-^Pm~q88xW+-q&Bx1Q}D-c$3|?(C}d@Onkf z`QVpNWIpK)ERbF9fcasw68qrC5Xzqq%)t!{`6I5e&^b4+_0f`IVUxa2#Y*2wVpR@d zCQSnCgJJUcfai}4GgA8_W9>FWW&hI0|LvcK{+>N|oB!<(|37#(^v})m|7b%QIFjDRWGbEp5;q)3ZQ-4A%#MVU8ihxS(L1;e$grV=K`+pIw>|BwVhtdu_h6BK zA_r=DGo%MQdjv&dpxiKd^RpWVPZ-w-eA-CMxQjMG7KorubWjCZ;DWQ)4A>x;&Js%C;eh!kk%M5;OD!bEd!K~W7(61o4e|hQ zsF&9DD1ug$L4Bc_Bo4?j)Z}gmJTQMgc93QAuIbVug88xi2&TP7Z{D6b? zwpt&{X$O-4cQDgR*5LQQ@YdM}kF!9Y`S;l#Ha+z3u{}#`j|Hc|=ZOx%&x(7(y8ZRZ zh?8^R)Pc$AKFhvC@~5ZE3Oy#3KUZ0wpLiY3>^)hK{eGe_xg{3|H6`^c9u|An?TTkq z`RTV_#hboZo}sgT_+|Cyb*IK)f$p)38PxZ;y~%)E_%{jGtw4mW?H1Od(_3%wd!aMD ztv&S?(S0dDR0|FFf(+jJVVg7@aUEZjQgD%xO1v+dCtf}_msKuk&7M*tc}opNU1lTI zyDrsnU|iGCR3KdrrPAFS%>cZ)tqq&?y)zkW>w6b6oEwhopIP6Zz_U>BWw2fTdE|9+ z?)X3uc-sD>iOu~ELUaACft^qY(bq)T86SHr?#-@^!R#K8|B!Y`-kk4Jixn5v+y2Ju zHr+*ac-1R-%#VwqBBVUsWNPz=X7Ne{ z!=s)F-VwYE=k-034Cjr#?<>8&%5Qdb*4ej56Uu!2p=&ab`@wM-h^ofkA&FzBprOGO zKj)b(&w%3)3r|xIraU%+XbYd$E9=&sDdGxpZTL7@ngLAf8*M!yV?URW>HAqyj*;hJ z_kACV1*LD@rLZTa#LFdr!0Bc*Oef716B}#?vX_Mrvdnt3l z*CNkhVrI2VY4)N!kYwj@BVkRs+MyXau;lBf&>@&Vc>+r~1?+RM0+~V9k_lVy7exevHta6?%Y${0z-o%U zw3gW1-C`v_0PRsJRcA^##go~Jg8eNPjyzamznJD6V^V|=jv;t&A-3v^Bp^75j5Eu) z8S+phE(GEp+bIi+QI~-Id2yod!Kt2E4cPxYxtHi!92OPkKEW)O(3YeY=pD#tchAm> zpy|1&&jfdJ_d~%^#1w$2ur8$ zy2vw<@y;8;+LS9()$tzBB-%3#P8ZvzG>0<+UTlPD3fy}JGJ^<_QJd`NLj=>DE;c3H z+4fPRDR}f$6XD_g!BS_(fTbq7o5Ky)5d;pr)L0B!LBAi~opzKBRFYW`hr7WC*r{yN zb2y0z!8oK>QsB}V$V>{xLG<;rA%dAt$DukM=OUWorJic_zcNmDt2VQq%}}yut6cAQ zBi`dCHxx^Ph`-k7cNw)%V^YtU(aM&;jdO89&a;IZ+g0q@QT1d|MR)S66Zr32f4*Wp z2M?yd%|&VtGR^s_Fr*alLgq=hn06t+`|%>=Fh=r1HSUu~%r%E;raGD!JRWzC6JC$h zQA@P`n{`1(?AOGb3yn{YAr1zzRajD4Z-c ztn<4!B6-?R^U(>gHe&@g=v0V6>uz|1*onbQ79jvRxAt)Eyyy$U?H6FUZzvU)@+?gB zM?I&w<(QGg0x3_tt6GqcS6)x=lZuS+Yv#5NvE?W zYZ1ytW~*K1<7;LJaSuP0(2E#t5L<6mNskDCTYBPnL+2l6N_l>0VAp9sWsO-0lUl}J{x*zgfN%Doo zpLkOtJV((gvbv!z1v)>z9I3F(4sQ@r6FngU1xArQj)njcAXh_vIemr?IY!9noUvtw zDuap(4Ew^7(##(3-4*VRF;51&p;&zf?gIwS{<2zJJBbkaqoZ+6S3ZK{Y0ol|2b%$d1`qL<9C(PgFtLB$lI z+x8qTxKROH)TO&Y9T@R7KDXx=Cwd_y0X3ZDu2BGcpZHz&m3@7J_#uL$Q-C~5&6D2f zOx%6;#)T8@C%#&Jm-ff5??nDg+R}Pn*?5p(N*?dcu7hN|8^s9{V>B+9=a*CiZ?FXr z_;IOFS%MfwT*X;Up9`IwIv-t6)Uh|6DBVtV;%QVu;Z#8|gO9xi!o~~gxW1sbJ65LS z<|ndP25w&7NuC_?7R>)EyX*2{r_q3&7~%HsCqwN0t}5q=4>maaUhbNHR9b(-0I zB}o#f-YZM-dU20C1f_@FcZIFH>E%K5vrOT?jfclZ3aSQh zeBy>+@mE5H$v!p&G#m^Ju7#7Rc6FoHB7=s5!=vWeYVZ?5mnWa-IIY@rk{nguWgG~M zjj6mrYU`7$D-`L^W*6J>JQthsh-{pt+#JLLZ=U_1-dq*D`9h;hvps`Fc$O3*_&n@M z9dsE7Kf|+}8OAFf&kWa~CxNDNmB zBS=QDu@B$_0B1~O`iyInjL^0+U`dSWvb%$Fm*I^{=K_meuP|&&1b>l|^tUf^A&5a& z@B;QHZ!FMny~5h(@xTap8eC_X52lwi(QzsvHWQ1ZC_Zea2m~+_!7F!4eEjZ! zfNuEYL@Iz((geTH0^Ra>7&_*O8hI`I&I?pVdG>N;TOdEI*FhuYg0U4l*GEeQPGup3 z8!8uJqh+QCTs<|KzggcU#Bd@o+HKYyi>6brICIGZbICL4FJ7E{{T^&FE@A|zT>tpu zXLvlMJ~Ei2TX;Q#{P8uG*K1-eIfwgI59C>}05k<-ONj>o%O#MiIi5a%5StD=Fb4cT z%aa?^u)!-8FpE5%LEP@o30*LYBE9_-As}7eLR{23-Hak}!b?Wp*)z1glXGRh;|dDI zmGjJo7+Wg2SFI=~7tUe54n%nZy<|bz{T$a@(Q0XG-&l$CP{bj*)q$Og@p2;$9S~P{ zm8HPrw}~vW<6SYbq6Cq;cB*&2e%BZj;Hl6#Qdj@x#}oaYnY0IQ%%8T!KJ7s|*=C1~ z<=Vr3wSz*x&5Md>J3$z8De{-F9LnFKGs)ns*264b@^p)p7;wR0P{--VQne!scMe<> zKT0KX@s!62zRBb}ZL1QS*KAgy&zmhmZu@6+OWl-knRJ$JLUFoRf`&JUsE7gsK*&Cp zGF-Xi^5Igmp3Ucv8rl0DTUMcCvG@{*pWwm=yRJ=30b@ig8n9e^K{9<-`?ucN3QPLu zG59e+CwK1R^7{*+d2_>o;0#MRlMN)`MT!R(BsNq{#dXMiICzwyY*J^Yep=0~(STha1>yO=&LxR9HbF61v}yk$_EskCxh*;Mv#TY7p-eZ685|@g_<6C3eRS&Uxy7b3wMDf@reC`z}o$ z-er8{uE1OUQng~H%i1I*taa+xjpxM^L&ioq&QcCaY0uTRzVWw0)1Oq{xP)*!(5)Fd zykz7Y(NKdA2rIxPN(N0Qxnw&+_5QHnEJ;R8TdyhAvwrB_31)0}Ab_Tgw= zX<5pJ&|#sxr=Tx7)}RGzb`MWIpsiVQqXj#`lRAXQ6ZSVmVS-`L^o(WQfRFZsZ->AwFJ!9#q@Y3ssE9Uj{Dc;7`jqR=7 zSr!ikdjaHS<~zPP>8&K6=x5H#z0)jeYw}F1)$TtzzB#ma7VBhn{>NL&iz{{e1jvqG zpK)=)UgKD<7y0Dm$yvNZ_B&w=kJ3GPUW{6bg+jwZL}O2*@_dERZgU>Q3{5T?hqA4x zCS632KdI!qDJSb!pzRtUE*1z&Yu;t|@I0N(Mx}6pO8ABCmE*l|6g^V)d#hYGNFt3C zms?3r@P}f=LqCLDyr>v{c+3D1UW25aXivV33b|oA`8S-Ckqgg`a{QQzqdf=t`k}8K zk^o5svcNXW>#Z*7eV?8CXoU`=w3$-R9wg_lV}GEf}w}xkZ|c zhcnCwzEz<;{sgV2iwxyHP5UWG^zqxACp0F(W+o4ifM;)92+;&ksqrxdE!q zSji{17;2ys8R?pnfH?Lyzi`8DMdgqph9l*eAtdLqg@^YdNL??m76m|nejs1JiD{+& zN!)IP#zk9}+2MeHylPkY;b;R#+|*Aq=Z0hXJp|I5)V^qZdBAe(r6c$9@R7IA%RT)^ z6ys=Xf}g90bS0x(uO{3-)NRa$$5;9;IQf)s#1p1m^WPNpzvf5JpWbA2Sb8Tm2pY`3 z?YexZzM%BB!s?w~inu$6|J(J88g>3VtGD;|{1V|A;^(rjwg(o?O z`ByCr4KKHM6}!cEw%V)6r=Y9~e-a`gMd;u(hB0{R0mp0HIs^Vei};YBbKv9i*)|1l z6hlv%rP(3-yB9Ovd#!w)77#P}XoUOJ82(G$Iu5Ng$&iR7F7=LR#sa3MgV=e$BZjD5 zuWMqy`N-zVFM)jh z7N*sr)Y;916K$D#r$*4{)#D<;AmBbr21=H|8!mvnDXB4mQFAw~&hgZs$xW{W`$MmFHDG5?l_zwOTMGRK} z#+rgu(mZH0=lLc*B>A0986``iv*X3;F@GW)9U*HrraQ-JDU-!?PcZYQBt#}_df5is zU)oz@y#8T4-5YyN>HT^oJ|^>(fhWr{H=oV>NvkIK`VV8hG%n*1f0}lH-dWn(u;}yr z+?3fj#KZU5*_ML}o?-~e}el#jBRzS`ideI9$5iVOc-34w- zpLKg1r5B%klkJ=TXo-JPCzCfes|xpl9KVD&2BNXbwk01C}rqmHciS^B2^qfoVp5tY%q zZ+|6`@20}KcNV0~xoNKbo<{) zSw4A<*=T3vEn4ZnmAY5m3%y#)9WPNA6zJ+mbEwo8c`9Y0K@@kpiuBLu~7lm6kl8*SQCg#!j<%BB*P z&e3OMUbQ)dpP1iSg*dO^C*K()H@ES6{?caiu64d z^vv&Gx$^m0hTruU=bf^pn@+CZ9)aAl>U5;#?_1caW;C8~vumX!$Yh8mH||YeOgY}W zilovuNalKG+`{Wo)1>ppE9K?am+Eu8i8=N7n-RkGaRqwl&PwEpOGFpb^`TPpoX$2z z>R0xUM(fkg)QifE4ZXI*P1#&BsB@bl=QlfG^}pg2M>EQcYo33p?P=dzXJSw21MBx+ zZF&V0qy9@@yGOU@UpWs{?pY8{wK&S8@1tp4BND!*6S3^%1&zovKg8)l+Ux~;7Crc= zH!WD_w_)MFCs=oA9dPo}cgBe?ZO>OQ(RM=T(0XUN|FN5k{}?s)@zs+<`JVSCY&zN) zJjEm#c2?e$bZ|TO_||#Qh@=rhG{^!26!@*%bpeB&xp$Smdw!j|xw$lk$!GZO+JZg9 z8A-ojWWs)x9tM_Ehill@d(PoRyc~+`$?H{xQX39%pfG!6IuQIw^ly$DrWK&(Xe!`=7Xl zEplx$-Xxx*-MW(38zT>erQLs0tvBLkXLt1S=inPtSzT46DH=dk6}N193KE|}97(2r zH;eYJMWu-*#c^sl@pu>ogKwG_%h;P2;PacGP#kTyAV=!%@@iSER~4@1#4=GV?9oc! zrA+M6S2>g|3z~k~k<4;Q0m1Ls7Pk|m(*2H|)B^Lsc~`Iw{H7)`nw72h@S8!=)tP?;@onW zaD92c>x#hk!jkm%>czEzAEus*c{1Z6l+#}X>)FHGdIlgZ4K66_5UKpB0En%;w}2>j zc7BZLIHJKP4%c>vVuTc1{mXXz#$)UEcJ4RnAG9+ly#S4$Gws_)M|HLtWutGLC|qf- zOhU*iQfC5JbF}NyH2cd7H^qp^5Af>zU`*EY78fX0og`oI_jgmn&hvC4cY+`9!wQlS%5mGG;v@t+1|}+rRA$ zvamB);o)S-HKz?v zJv=)8LeqI8lV*cEdkDoq$t&=dm`=dZ@p!Yv5n^#O+FZv+TlOY{ZC`JV_zoRX)t|V` z;;niIia!7BLeCA9SuHp8?otBBeTg8@{+#7^!CVvEddBZz^!$MgeGlgr=JSuD_cK(5 z3r*fOrRI(53q5HCj^E0O&@=VOe7*k8!L=XPHjr#O^L|1)S4ss9XV%4hN9awe{1S&R zKy9y(UJg`44fp0u(C5NKh@LW7ev0Qr>sKonqi-(_jXSg%3N(^1NGa8B&FAAnjFhJB zk@WK4!_rtGrmTWjV&vBoqkh~nTZjSG^!?sb(R=T0!H#Iks@Pt*8tE^!Y^ka+Z+SwW z6B;e6JbJPh)tGuYq$gcs#%RMTEUljcQqd22AKhQ@nKLZ$x?dVfhQASE)s;#H+SV0X zF@j{^@I0z2eXC_1di@gJi|=I*7#ccF3h}J@&El>ZZ`MZ1_A`B2(Et2haq$hiE4NNR zmk*}Mu=4&#vklo}PZW>N=OBNZ)*}lse$DILFA~UlzJC?z_vtpAeSVbAtK--Pk$hSh zh_yD`Z|-gEcqygw_`840TrE3pKvTib4SUT;S1wX#T=`HS;ITFy6<46Pdh1q4)Na^n zN4s7VOR0-2TL1i!eVE$p;~D;U?KHd5l%OxjQaDegUfIdXE0*agv&(ezrQyek{M)ND z{5?_xj3v8;>_4-}Nn_-jjWM&`>(E3|`o>nS7;o%n%PrpXX&n&^wC`fgI9pLx%|tJs z4C`X;O>j6(G%8bcMCD#*idOHl-7&{4g5KCHWm#H;PqejuFQC+F_r;hkl~WZOju#Y~ zmJM;=d|9)w8nrUC*#AWM18l@{`ZxBe>}iQJTLhVQnu`y0G|(60o2;xnmI zta*Gvr`>;k&#KdNd-n4Q!x`(bL&FKD?W3-u$~$w;lsD^&?M@WKlJtw-7C zIhu6DT^DkDF70UD_Guh-MOuHFVSm{dwQ_Y4T02j{YYDckKg=CD4Z9x5O1RnST!hAz zq$Rg0e`H9ye$N>;KG-S~-K~08IluEIfzMmGBRHa#TCs|$L@|2E>u}X|;T3Qn%5`$Sdu2%VG4l$UdWWG3-!UD(Ojt?Cj56Re93axY&xAb-kl4 zSK0iasuz0sLF}y-ZhO-w+R(GILZi|Q*-Phs?Cwi%JTp6ID^bI=J9AGAvRv@{XXiAYwN)g&$=O^A6&8eaR%UKyXpM^I z8U8ROKe>BnDO$sB{#HeyPujAm%ORqvu50fj($dndx$jtDhqL<2*Njle!||JZub992 zYwLM}9R|v^aK3{DzNassbb(iGJ;NsrI-XAB9`x5Hd%YfA zzZ<{5@9&)V#Cy)?yytoTfj^kxzSrKX_O-6HHfye^&k@n!D z)rqs9Puz4%?R5eLQ)w-Q$Hguz9NXIiw+n6alXf&waaD686II9iQw7#9YSGsWE9c+L z)9h=@$&HuM&+@nSoRAq8>ZZ6uW>=&Fx3Gsf^j}fe*eTvtJ!xAx9w!@OYe)Vlrk*&-eMz*p`i<+mGBEg%o?J)RRv76WkI6m9!ZV24|Rw5Bd+Y z)&lEw7Lv_b&hDOQAJa4C-^emSb32NxUpEgpx1CZaRT(>^KK#y+de1rpvQ$YHhUeRb zhrYBkJeuWSo;qzN+$;b1!#M1nTC?*W2g2Y@Rmo4~Cv`@R)9lHpZF4#Eby3aqRO=F~ zqJ2*ZYB5BZK~S&KE5o6U;kRCvvFGi+=$lyyXw^eA^`36X(2E^`IB!x+??9`*9!$}3 zE50Ez(uW%_MFgSO`sPHTu{tkyq&VSXUSygV%P%F2iR63pjtuQy!Z#}C7!uQFn!vCg zy2*w2R$0L}`KA^ktu-ppNR<3{1chh7DM@H#dxcjQhwWd4 zo{OojUk}h1AMw@eq*=dC+WYXr}Oy|2wLlR3({n_6@Y{Y55_)(vc`Z~m?}6hnaR$pT=eHRJh? zsGP{gBYptnB(H(u0uE1%@#jOc)13rXHEos96zKU3vC!=MOaM3Us_Kp4p>jhGQgr%t zPy4YFcmr|9s$i+w`ARExuY*-jxmbh8e@N9all7+kU_=b$tEs_mw$EpHHkFw)J-m}y zq6%;WM9Is0tw=`G6RICaLflK}>Kk-3Y(aE^W)2#W6y4dvAx(;Wdy6Yfh+0e~U!z@r;!9R>{-tS0%{W`gJs=*`X8Yw4(J5IW&uR>VH9bDl-aJgG+?05in zT|;E^rF0R5O!`^^w+3%=`jwN*r{gJ=g3IwQRr(v3ZbMwSe@#olhmNSbka9`8AY zHoEclHb+X*t2M5^aqa&yBY0;aQlou_8wz~6LUHMgijQR0@|!Oivc~v&?MF*Rq}EuK zJ(}X?LS*xG9~fKZz1e++Hw2e$QSoPAZe1W^y!4Zbh0Kv*=X12zMF;cVvQIp*o=z7J z85i~3w9(YZ6p+JszWe&~NF|>iuH2>`a49h0JlI>Tv7adNa@M$q8LEue&%Ytr4^`Y0 zDj0edk;udLi2Z%SFTLch`+Q`?tsC|=2%O3cq3T}fd z-RW3~r?!FtY@fb|ndn7NAXzM6{hfoLepZ#s>ZFsdE75}SVXi*7n}tM6EE$x{g#rixHoJ`H&LXo#M;F+a8DZZnzGqi8aCJ69b3%Cphf_D6c(h+qy6T_!6+GF=Rl zeF%mdt!4c5D8J0*eic|MeCI^VjljAEL*2WlTlyr3 zF@?N*LS8=d+&gurG);Ih7W(406*SS4n;_u*Ru&`pWIO_KR-K}rB_>@-QJU)>Be6!A z%Z?Io*%LIXcjcuUuL)HaHwkf&?0+>TIi*%2Io22?q;_KW_5d=&-+5RUAwxOeN#gDP zp*)#f6j3|)nHaYARJ66HnO*wuTB1IdTFTwTCd%`x-%JlB5_v#JJjBKexCVV}zfQ8J zdnL56VI<#!(MOjDI&n6Zj&zUXazWT-ATRbem7 zsBz#v8G&Xe+6sTEpzUvFKUiR7dE|SnyxHV2V^Gzx+eT52cjSEJ&D3jrva)^!iX3F{ zO}trNHb<6{e$r&0#s;6)gv0Z-x)k8W{O0Kmyw*htaN|@cUx(&GEt28fkL;u9d&NXBE#!@n4$F?8{&}EQ^b5 z!svwF_GU_QzQi{_ourm_%34WfaEbERvI3Nrd@@*L#T%#D<(=cbJ5}z3L0p=Pj4G`+ z_t#ISU7&#llF3|s-0QjeM>i0cjGBBTcbCUQibl#bbZqY2k`k_lZz513YDSU6l2;>1 zbF&_;zfItr&0JV(?MVx)9~d`u%WC$4{pfFj2vS;~ht-%mnd}op)12Nvt#iybnAa6A zsygtsn#2mimt^i3S^uHC>}uoH?&;UaR)RPi5&RWi(e3X)ZU>@|2)y%bqCb|%jv z=wdAwHm}JMhN;VE<*45=f2(jOi%s%Y-ymm5y47UbAWr3chr(2lXp0*FbW&=9zq{y~ zLt#-|tVI#4*|3_`9Urb~0lJ^Hs#f0cb`d?-uWjfYiODad=SCI3aU(#FS`gnZg-mGt zm^bE3T;h19Ql`L_$*<`^;$?i__B;>b$ZJJI)P3R2vvYsblQn?8>y}yg9yz1EnUYPG z1??AiA75!*_o3lk5dTT{QH7;Kn0L|)>Z%(By*$SczQiq560-Hb5AJF$j2vVOTxCME zT@Q>|o2XkcKnZwu6BTI}N7N=;4^*o)Yvt2th-Z#1at1Y)Qo-59Gh?#(JAIGW1_oZ# zpk23YRpTG5wNk*+*`xK%w^&t{T_=cOTQ-!fNb%|-hmcV%`Bb~PS3#}Z9#N5y{7{Y`FT63s8D>%bBnj>8~m1eOUi>B#w>Y~ zezY5aB>$ErA2{g~>eonKlOf&&>Oa-~iFeGEI;fq&x%ubNb})IB^X|1&!NAMIg;QZq zvMfW-2Ufbs$PB}OJE^?B2Sd@qnucQDUld3zu7b4Q)wB^Fn!M63bq{UVu8I+HX_?`> z@=Zk!#}p$HNn`ufGKy0ZMIzOHQw2$9?A=#G(7fpr@i;ao_`++zp$`#5l`UOWho9IO zMSL14*rOK`?*vDXyN6{o@1L&%$1$0-a^W}vI)^r-TY?`R?wo4apDy3n*(DsDk^D3s znccj1&bo!76AgH|^}CllPOjXjT6xaOxXPLF&g<>mj`l%E3qA+4hB_h`k54+f=dD}3 z{dv~0yre+W&9!4lC1JkQBzKDb&X_NNG1vTT8rxX=LBJhB{2}A6(jmf zJVWNtHH9OLj+OQ4tkf zk!-1Uhb}$fwZ~8egIkl2UT50raerEjDe~CF%AG68Z9T-4ox>k#G9#6NR)^<``G~c7 zf&-zrGVb0QVs70{(rqQCMZa|u697697kV?Y{bG`d!ZVV~7aF6{#923 zn)fiOLvv3|nw`uvdhZv@e>3uavoD!qQ#h&x0L%mKa?T~6tLf)lPfo7E+w~(j2m!Ss z{wYc|>*qrr+$-mks+iVu?(&=P&|@cY?|lUqMzgxv0K+>75!{{=!|kO|y={q1cnAEs zK8EsZL^7X|dKNNc(IBPe=gW(FLH+KUf}S$;DDO=6NUO`%c%aQ(n7BOPM-{|8(dawq zW@P>yV=uzrR?c_S3F4jTwE7*=)j+Mf=R}vmlpgwV>Lm zXOW0dqy}$5smg6Ga=j?O9p7;0@mj`KVwZ{e*2A_!gGS|$s|4j|Ki)qso*inr;!hX` zz3dIhv8+>`mqXH+xwQ~4W;|Q()7T~_DZi$iDK5IZ`aNcgtRszKgeEIMYT-54sq?`r>Q;$wbXLMSOMqHTVSZG8M?-#mxiI>hltn)2@FKZyO zs&SqGXBnUnU+a7ge!1POA(Vv7e|M2UUM~Qre*7z)^RGhqkMJ5Zs$$Or+jN~!eY4I+ z2E<%{@ZWhy(Zh!7mbxcC^WTm>a4$7b=`3|**CyVRy5Xp-A@!(39usvox{Ey&&yF12 zLT|tHnRZgGq-Z;R)=30wBy;$hDm8vHs-~G;C3D=fZ%Q@g!Ftm!^~WK|pJ6)~j4 z!m-cr&2pI{lhXTYSq%f)s9bTtq`33}h!?2IG(nG|WYvZj7- z?&U`t5EGnUY4}k~+P&;xZ83H>yaoy?CV~qAMpJutVBM! zXSejx3qz$!&E?AXeN5+ir;kNbwpv{z^8lDm4!7+(D)pS}yVcL;f@?D!&#Zql zdCgNGqY%IO2iT{^1sK&h;y*ARMg&XT1N^-D`K*3of#6Wrc$?@;ioSuAR zakbpGn72?VO^q)pEK@yu?&XOibe8CcSmdnE`3S~jD+%xtRS-M_Y_+iv%(V|R|xQx7^ zy*o4}tv$Jf*5urN2ESZ$<_`3;nb7tf9Wi&vVB;YJw6I6&+`zrr=YTBoaxvaUQb}`9 z+q^}`YcbLJuGb1D&D-j82;P!rZ6hZpro zYkp7u?x6=)c7BsdqpQ{v#~G5WsPy|LN!zFl@gQxMQ1$rx(My^$S$;lyJBIbXr|)XB zw&yp{aCTWa>|M;ri&|51_Ha{i8?!qkDN_8Om4Z*Q=TB0$6D0Hz$t1Uap6Q|sLI`ta8Xa-b*@AM;);sKf25Z@)3}OGl8XYOG zuNt%C{E=D6(iNRq`Yf zktxL*Zk7B98lB&<^9G+jU08pyWA%X}_TaS#p4%ENWQkVq!bwDvmjyRJ$tNb1n)&pp z`1Q@(Vh?ZKqC$roS9hR1j>cR(e=lcg+iLBFJygWfD7=yFe!)=Pi2XErLwNDi;W_e4 zbe5F>Xyng|VLUVU^CE^d^0!ay89@4&gD`S538O_=2B<0GsDr2-fsc_Skrf?e&!b&B zQ-O5LiU@$f4?zt2JCQxa=8(iMl9_kdLDxjS+;DA*iZ3v8(Rrcv`dv%__-vtz>wBB5iDeGdH=WT^4T&C za;o?6H-Vr31HyKDlaNv0A|=T2XmQ){@>OLcWX7@QGx(CpgN&97E(wE$Emk<|s9>x5 ziJq9anRnMdkSY_7g(5lmQSUq~hT1DtSydAA zq!3SXH73uqUOns@Iad;OpJ#M#R?WuSteh+-%q4e%0pyLX8H?@C1v|ui^OG77kx}83 zDRg!f<;QO6AQpIvRC%sOU!NbZqZ>(=B*@Afn0zH*IlJKmcIURgP%Bg9G@z+IeJTm~ zCUa;&XQDUO69RA}lUl2y1>)*XfKI1;oVmIs-pPK0|oGJG+&gz!z*y{`;TSg`j z0|xUg?eBVxs}1oed(15nLeBl_v;u3;HzChoU4knsUt1O9p&B3A=f-;{s0<@E`*SgQ+tMQYE7bgvq|TC&w{##)U31H$6`lAGb?1W;{8-&5A5FZbRdz zi^d9=w@4KUK49y;q`sU4!{u$Qeex|rN})3SdJ!5qeD5hVib~~J zzH&i$KLRfjH9fclZM}LSiSEuU00bOPA~ojBTCX6{n{XzjvE1*;WvKGMB{o+ z9|fv};Grz>6(C(KFf%{~TRbCk#y%0b-3Rzpc1#u=e>CtOplL=v6Vt;*F~^h^r7|LP zWAD4LkGCR4Z>=Z;+Nu|i7Rd#b&qw|fk@zGYU9L22UaV2O-x&;Nl@zIRAPXLHRIU zi-8q-WywzDS4;61gBB3rE>Wrd(Q`FGX6+!L{ihq2A8Vuwqw`QWOL~B$gT78nUU)!F zK<-ogn+$uO`4Wnm&*I-L+W)5{(Epw&|1(Mc_eA+0NdoOHGKo>;({~!MA zUy1TxO49lzJ+_(km1VoRdoAG~her(JpVr@O_HP&QkKk{VNLBN~JQbIhjkwfoAg2w__G*(@gzSfP; zFPdb!Q}6IL);~33 z=On2roPw`*clU{Lm=YG~Taj#h;+|J7USE*qP37p!(NR(MuNJP}k1tv$jcFbqx44`*=C$f0ixgDH0SLRl(6g%v;F$XVT_60Bv7Ce+ruI zUSdgt+jUhpE+@_9TuAnU7Is;6QkJ`?uh1#^O2OwbW5eaSCnq2eu_gDasCMUbXdntq zS(~h1sAic%Qd|n;$oV-wTSl=ciRIB7N_k{N3UDI$1x|DcYg+b!FscO}Qhq?(KG-{} zcn!`T@VhJ`R)($M4aSt_ACH@azDd{Qd79k&3}5KnTlPGxp}ri|U1PjHSB`B0trskX_$+JQbtw?r6SG&@T@&c*UcgEk;$zDpuxDu42PwgM)n$(w&Y z2YGn1ZSZ9 z@GAf3V*Bj3M1RYtGdi2RB4hZ)W>`HS;GVbTQjGb{5KQvQrFW5eH8Pmmc6`+Al;Dfe z%@~@sKjR-v@fH~nBHl>1O$3h%Qh0%+a(sR!yqU~#yZ+lyofiegI0Q=CImn5u{0Kd6 zHoTVnb&a=x;QNQIA+xg`XI|i=d#_Xf?rmRg0LN3w4oaQ3^_wL%A?(6bNjZT z6wmE8H6wsx=c%R)Sekz?F_6ujq*v>z;n^;1mOUoSUC}QeOk>8;0(Ys~?M4jmv~j<% z+v--*Ek!Q8UFRbt{5^75(`AH2aIF^Zn=Z~@=F{mX zChS*amU?HNbS8848pRvPrdKc*&~*kb81G86Y(BxlU;ZW&==6+>+PAhdFV^WoeXm^Z z_wTQq=cq2}^gm6SFI3G!;Xm(&hwAqQi0@jquLBN%jGnS?UO$O~*6gEb`}MMqJBJ5+ zb^vYDt$)Iade5exX|e-f>G7Od#4q{>Exl$Q>eT1Wdh=~L&!Mj}V@xY1NP@OGZFl$y zmthe$8B{Csu`h=tkl#rhoGWGV-dz;6dTmtS;;*Z{>7pp_JM>tvKhHdEEzY`Ny)*GE z^Z^=Rfz?u6RY3nWG0zPmA-jR6I3JHgMyt`PiZ|#1$;z4R$??rK?zQkKXt(@nD`fmq zwU3?YZ|~dfVG3GJGHx`?0Nf)Ija2@81#H>Nt?5S>TXOqdq`lVP9Z8q4j7a+QFaUCk zizWLyn8aam4g+!^*OZBC?t zn3qI^ALt7qwJF|{5J1c0aQeAJ^Re&b>e$gf`H|0%&sc*$-)>+rq5SO_a&FT{=S>mL zX3a_yKbz&gjS1#eXN(QxFb2LHq8couo@gYIrIRvIAN&o;$LRTXTdUUsLwX|{zfcg6 zw>7j-I|s4(ms*c^ua=Uz9Fe-c z>pirxtKYglNpnAGS;90qB#MgZsKH}JoiUf!v{AJY9o23;y?Je@`Y|k`M-s*#z>98hR=1W*_n?V%&24f;|MNnMSMgW!@}m39(sSH&Krxea36R%pI)w4 zaYO*vc-EbD0P4R6N+e!?x)J@b>LchDa=%R|(VC-?0zcqd=*8h@9}D*4KiF?6W)XQi36!^VJ-M>z<&ubOFgk)ZBY*Jo`{!0UGQ?OGR#O=;i&M z6$BuWawd;&4&3%U^NJu~q`MK8Z&3-u(}~P@5JlfhW(=9$1|tK}-tJ(~iG zcE2ME&32m{QpOtES#%2mQ00xeKz|DvOK5$F<4;0XY?MV((aGy(x z`KY{I9qs*jv3S(5-ah;lQ)6j_b+{X9blORFU5%DGXpRR#-fj3GD^Mi-U^3O(A)HoZ zcttngiKeE%<8y9n67M9!>-SI!HhiJKojz~OdW8kTlW@^E`nA1p8nmW_5iIOa5ZeuS zmRjS)i{05u$Too9ra*U6PX+-P+lOm`2XSCkyfRWAS*jT@(d1>^k@NVYdpY|8Rfb;F|;)6a5W~hrj92NrIE9ZTdBci9*Dw5z}SQ zsWRx4xZ; z-Y(jX6gX~e?HT6QU)r3}TbyuPhXxjF6bC~-u5cQ@x6-YVk?_lzCK+=4#ht*&bVZNL z$Z#&#%?zb88&0j8y4>$@tABX{64j= z^F!wLn724;S#NVgkr9c~plfcExm_X&6rmN*BxN-89a)HZX?~X1@})B`K>y@S8`!y- z@2^g>KVqdaM#=rSCo8va81yY`_sT_E0g-sG_>{sN0P2ZgSFe%1DRXM*FK-ypuHRW| zT{n0)-;Z|B|GW2uKLop;0C))_uFr9+M~0ynaj6!Jx#d zGcH`AQB-@b{l{6aOO;;~mIbpts1X zwra?TU_t%y-tlYjP{p9Nv2g55fGV9{Py_lg=Iqfu3%4O@z|n+w+!r>`#wc}qDb8xs z%?|Y-q#`i-Z+O!M-6w|&Bm-kc$_W9^-+3)JVhZ$Iwqw4Ip#$# zHbGNrm9r{Av-unm3_3&Ucd#{ynD;MKvgz!l|B#5t0G&Yn1Gkg4&eu-qECW`*O%Cl2 zmwAGMnc_Kx%Yo9Q+=P*I)-wtAbKvE!%sQisMHQAAc236_|ykN?0N( z)qd{v_6e;1)ZETD5>voM&Dy>ZYE*kSS{FFWI}yX~d>wyQY2a?oR1${l?Xp)HM)+PB zUGE}jT?Y;GCpKxL(O{Zd1&%IfB;6VDQ$Pk~es#}MA&hR~xr|&kFT#p(VYb6}UIi5R zA+$iU$J9pi;mnkE$E#<`r;>?q`1;^fKCjNv5GSWg^-fhy07Y{{t749AcY;<2y_u-z zevc_iEiwk)9C%zU+vmeY(fqh6Mq{_$f1j6(*J#v@wowZSxRqTKTrlUXn7a!B@|zmt zTY{gAg4*sMj^zi04WY4#&y(sf2PEY!9C4G3Y)R^Bb$k zGZzlV-{4zh0%mF^GvP-QDJA>;DYrvq1_Tyfwavw0ix96G zekiPk`pX7DXN(es7p}}DIDpf))`sOV=?&DYgABP$+^iy;k=(y52M)c(Oo(7&a*P#{ z57@BVdOI6#5%_}nCl}UPC>EAcY@5_yFqYiPF%y~LfxF(H*&N@e$UVzHve0GtO61x5 zZURw+)xc@F^F=DkZA;yXOcX3FB!IV5BMZ=e0O9{G@F7QmuJtCn(%yo5vOh4=+i|t+ zB$q)-^&98n4C(p}ls*&AZ*HBE4TO3X4|TmQk?q}-Ac~L3hpVZ7tYM8Y7H(9x~17e>A zpzUy9ocag{(N!F+NKU5ttDt7WtoXtV07RR_2{Uj|Wq1m@LH`iC{(*_fWR8M4N!y1D zD7m}nn*?;^uz=w*owVhCajy8;vICbSF_*GV8E{QZ&MoH2ysxv(Z&{mpAViex?;^Ue zj7w|@gkW0%apJD2YNQMpCZlZz@F!7s!NrRKs(jL%yzjIzPsC2}^VG-~y(2v277SXZbvp94Wn}u$su0>wIzezp$KY5 z1XS_{jB1U6yE=xbg0WHy-+@j1BVc_dg7p-8jhA+B3Z{cW{E=i5n|#IFs}F!mWe3!f zT_mcZOYjTKi!^o%sDEc{t~4L`&p!CdZonP-e!3X8cTuGMci;^ZCA{6Bv?XIp9s{}h zk`;s69@cA3$#E`Yj8zYvw4wWP66Izek_3(|-#Negn59g<4oO-VuM?r`#@=}7=VV^r zyLzXzx#+i}-dLiB!VeBk>-Yh_Fgi|yD@CMmc7}jjLng3#;jUK-sNw9FeAs|u{i*JE zU|)dU(mW8mwh>kvT*-Va4n3E<|=o0{WVms?Wc>@{;U6~tgiuYr*nK{O(TszBgkNp z>t#vzMH1^Mcf!qQjDa>H=*-Ji^2;KOPwGbOB3GVXXoJ^UFx)pRLo>?3E(#y`PZ99` zkp%y!1^ydz%a0y)n+&l|51Dt|XG8?BzO(iH0nh)Uqa{g@ny7Q1z+hKQe~*S5C=ht+ zKK8Y2AcqXcYsUMeVRRB#plbkT+%>-r4(>HzHVG@G8uznNw-_*7OEn+)6AQSv+rlZ{pfviHyLqj6q--$3UZBu$ z7Du>tJ9fBQ6}unblG ze4S2MgWXtRbYac~&*Y<>#ZQklaoqI2^t>awBc2 z!8dX-E4Q8F{$7*H_R?TpuAi5K<_dWVLN>3mC8u+ zJVa8u<)1#$Bas_XG_}I!=Qo4k^|O~Y$^Qve2ZoG&a9r8Ni!1X>L99>80w+D=-s|Y4 zqFFTF>u0I~zltL3B93~O_y9QP*XqQ7k=sL0X-hXv z#XYj#&nqckRetw|8EWgRi${4%C2@eO0(6h2IhN1hxLhU$mo7SFbLb0-aiEJTy}1!k zh~Oj_YY@zZ&BT&I03^h9@z#Gz4Ot$h)uUezeqFMzhh8ypter03Aj|vq>gC$F z--EB(8`m;w$wYG5QGoHdwoa-}}KigH!`yVNCWkQ26SXJh@p zP`XY6Fd0g5P5*_k%VbW<6yKW<#>tv_IA1xuKhHU@)Oqh;UY&s4V-Te=dFiqCivx9( zMf#QW59(#j4%7;d{;$dO5A1w?pT*;9)@*!768w+`S(YRaHUYzquJb zqH0B2bC7_F)xQnT7sZx)SudPbI!sWr(WBGq89n{4-%D-UAIwo1f9b?ct^5m<{zp5;OQJ$G5L{? z5~27lru|l3om0E+ytu{?{S$C7joYB>H{EFm%7x9q0YGvaW9rLKjw!J>5+ort+Y4wr0C zPoF6vF1-@*j~n9x3GDjnr?@9Bgy62A>tz3-5 z#E}g=6il8P!r!stDH+{lgFj0KQ->OtvLiRbPc_aqKDMoQ%V`FD^;jCx1Ao7C8>C!@ zRASZ`4g|P-NF$loG>2QiJVc%0j7~|l`{Q|~H~B9uI#bFs;<#78w8tYIT|?n$R;U(M z^&oa;O_TN-sl8hSsrMbt@dq0@DvaDbKQBj+lYpa^jpeugKL50<3- zuboMYgJuuu%r9RzmJju@gOtO}CK{kOp5ZyJ2t+l(1SMwlT^c2(V1WV$wruan*>#-x}l7sHqtvhLgauK9oORE(v*=#B-ql}VPx-1kWN~tgf`K5V00;&}W z10f5K%?of59sDDs_X2Qs_cS2^xT3$zbMYZ~!`X>~raUGn{pyc_g$GHVKQ=MDHRp9f zTg&${n}VW{!IN#5V9N4KcIAnmk>R0VJ09;{Lqv_g>z|;)P~J(Q{AAJo4+(AeGe0_X zW{)7AlPdm7pOJcbq^j%W9H^-%F7WvA!&t66)vG_B!u2v@bKej^OkbX**~+?ZtKt!} zKg2tKMWnl@99H6+t6jy!{FHtFiz{3akKbDD`HrFZ#zCeOlWg4M2kZ14x(wx}CV@Q` ziXUcek{;v0Y`#(~So~-Eh8}CtwqWP&VBSyNT13B|M+!Wm$APtR*%(0(4(!OwvchuA z7hYkR>g<4oS1@asvhTNtoutZ|*)sd1alAUZ+ckoG4q7R0g=giMOuXE9h&O$Wi@1sThU#ko$A zZ4Wa|YD7N9s#HJp#(|MTu|F1-C@&TebNM>LO2xX8j*4v*>G-$OwTaf?jP{%Hex|l` zoO#XPMi~x1oSU>1NQJpOdhc|nmG-NJqLNS|%6i>`{ra93AKQJGTSJFOdcvn%mxISO ztJLi%8*fW~9uy|je6N6I#rNx4Ga-04cFM2J#Mz2n5T+yP-YwqAlQ1`e_3VI&mmJ!R zT<8Rc^>J~Uh&0vmIZ&l-oV%CnBe_3Kh(TiQWy1nq>&J~wSpCI9(O$m! zhh;@>W_8m0?z^A0m1#0V1GDKzr>S8fz2+qnB{vY=2K5fIKo8kUkzlXDH^uG24_zH9 zV`%Rt!i?$GnXH0!YsF>mypuHsJv&`3yYr_H(#0SuPX4QJly$soYsIF=z7ma#l7wV_ zYf?Of7sfI?BVl4^xy8pNUNLJB2i&;Up5d6K z^-;f z)<~Do1R}evJ_1(lJlu3j6|YP{~3T3%oWTdCSkY(?x1*l19#^vs<8xZ--+ ze7v~_VK%)M5NCbVbpbdq&>XW-SG<(K;xE~9rF)U_S;oeOtB+JbM0@$#uTZwNhsms$ zGp7h!>aH-_8F3Og=quw2kGR;|Ju`3Vv+0m0K@?b0w^zEfofe9agxi1MpK9BX)7!R!qv1}U{HHYV@UID3 zDjd^;kBgq8aS#WXC4C0TbO{_-r-am=MfhiRj2Y9L?U_Xc_QCkzQbM*evsJ-NUW7ku zh3u{u?^NxT^NNLniJmKK;Tf*y4jj%I*A+)_L^ZR0y6vE}HOn#vt&qFAF4NhDKN~2f zMH-|idt%o*Qn~SEUNF0!eo?I2aCrXc8}(;2D_4CxIn4_?M z+JZChMsG`#CLzW(nyzJ`_eli_F)7wL;j^1JydJh5Y`8nMxoLS8m{hdb@+t2fxb9J6 zIF9gsG~UC3U`M7qTZ@QB@p|S*=Y?0jSt>|qi6cCc%b3NdX@=Hk7|Yn3p*y5C>MwJ3 zKGGKGG9~sT&Oe@xJ@Cblv3#RNI(%z>Mt2@_OT_ywrMYA+qkkrgtCvSxUi`XN;S<)K zr5{(F%gXNiD^P*x=J@ZU8}wIrd*3aDxSl2bQKF1@U;0zmFA>GT$X)-bUbY@0C?xM| zGOb<+IZ}$|{g(OxhHBvw4$N%@Erf`IX(TOvvrugAOm6qO&jDqs%Vv8zB;jDNLx1g{ z9bMJ8ZtjZ7lZgf$vd}K<;pSTH2^Jj7ioI1zB*IUB_U0Gfcpx+vW8c-NRrHSLT5?Q1 zRpb~&^TTu)QB<#s>1N<0%frRBs7Ut7T-|f`2C z$$kZ41?NqM{qk}X!o_Y3M+wzj{vmIwzDMAqv3=xDEa*h-KkrW7xeQ_LqWBEB=4=!WDn=giNjCL!5qgpFy%kqMl*o- zK4lHo-zL7j6nV$}d3KNRq^Y%W_qWUOr#iW#;Yk4pJR``4*B$yN@U=oW=NS;|bB!{PGR9 zEilQCrF_eFaku3sfvJ&Nzx8X%Bc3FE3J%yFKw_dDR^nUJPmLiNb{4gHYzm4ADIZx` zCbyL*9L`w;iq+{#v0P3v;!PBn&Ix;7izBez1G7x?)niICv~Xb6zhet_f$>lB>6?X4 z4{Z~T2hbpYZ4{huB2<38{9;f1M#e^%RK>PIz9&(?CFsuk+fMD?!jl66WDy>Go_r)+ z@%?1;0(ChLjoKmqcL~_AIeU;_!WK;Tl$(OCwZ(}UTkYo~C-#Mc{UcmPN~wij!z!`P z^%(>?u16L-2`a}Rjj5Ro+gKE$r+ezJ-5qr+ApzU(Tp{rO>;3`nu$qZ4onFoFw)h;Z zt%4hfjx$>@uApR(VObpg8R_H~@)`L)NOX?m`HL9Yjr(`GiWvM<;yb8>JZiHQ_FO(xCYW9} z){(iqmrKmWWjQ<5&NzB{mon({Q7%bby=b;{*~^1_p_URl%FjU(o!f2rp_UBfJ;~|p zC(T&b0siViN{KO0^mhCP+s-U;EiT+&Q~noY7)XOSDL!5W>yy6f>jk& zRNNhhPOcMXNy$wT$8uN{RZ^_tj{k0o^*F;iT*jkKPr@9r7Ao5dWzH~>t#O-=7 zhsg9P+ZO_4o1(C%@Q$&KWWcZopudB_e&_SmFGmAwf6t*Fusv^E; z(s+@oPiJjom@Io9&haisRHdX(&ybUB$jQmgoOa=f*OTF7{d|nKbA^~a+V9p0H6>7T z@&4}O%Uknb@hK>N63W_ESf)u?fT*%S@my@deED5OtIbDU9Q_@xwe0b^CrbCOj>beN z*(YU}KaMr!&l5V0@i2Fsx=x6njIP?CpPq=b6YS;nSg5%9O9+|2{I5mlG9!}8QyDOWh z(4mP|xwkKm3yY17EikNP1EctZuY?k|NG)C=W_44Tu~K*S@P6)r#lQ~{zwr}0yIrt$ zlZciy92{+2-Lb~UOgyr5RB^0X!rWUSo`sLnUD@883U>O{4rLsmT-E&7Tz2rIq&UOA*B)&3V^hj}%@MnMjpt)zx!we>&hHT5w zy#lS=cQ$Y0v|#<8Z>kNv^WxSN?CH`kcbh-DGu{|TQ9jiuZDGNH_2M}ZB_+%EIEH5g z<0SRW))8|ZuOu@b)^O?Gz5U**C#*G``13Ft{VtMKaUUCcLFag?8|H5Yk{LitO}l#% z#MsASd8*7Nqs9C7NrH`ow~bU$X+^*>Y2kJ|>uhGBxiX8)*PZIypSjF~NBz0*5g=J2 zrbj)$fdhL)l#x#g`~j**8l<@Y*ss@}I)NF2bz7FFGj)_Au6HA*Sst0GMC{Rx5fsRl zLMrQLK7RX22Or{UESIjpoPJi37wV9HB%!BAZfxMmDGW$GU}V( zEw21FG7!EBygur?##J0xl4hpEv+j>}<0^JjapAN@Y+ zGN0JoePx%of{KcEe;H6dJ8&!+kQgsLPa4>Q^bVkA^~R2maA5VFD*a+(M7G1r&C^SU z*zyt*LK)>|4I$E3a2NYf*%OT59Np&|?m&Y_)$bB2F$VVf-rN^-M`qy(Jm3!r;830>We+I5 zRLw6HE)noveXi{b%~dhkn{KFV%DH+(d25Qsjmq8L%T=qD=6UY?#VCLkuV(VA|GR4e z3(x7%;txi$U@|)V@X(zZV56Q6&Q4IoPgtgrm;6;~YkBGNl1HXjG@N~}9$*a3JS=U1 z%|;pRO(lOu232@0_DR3!8CGx4=}~@bb#L@>h2_RC!@4U#|K@33w|qI0OymC_#=bJF zs;KK$kVZkeK|#7CrMr<138ke&>VVWCqz)x1(j2-Q1ZgBCq(ee!@KDkqa2NRA`+fI* zf9{_Hk3O8e_u6aCIp!E+uJuu9EH4b5<&AS>0^S;7eI)%!&KtKRo^Liw>TE6Kx$)VQ zKLncaN_;GP-`ysySLX7=Hnr-RIpdBJu%ycG3C^loZ>&wDe^#N&>zO?CIbnNT{YeXi zNG%CrieZzD)ULvM9KIdi($DinaucAk0n6|jO834a+Jzbm2mM6!K~F&MldO`IW4 zqb|<#iSxyWm{h9pKc z%c^Ay6rNvh0MHK6)%E~_=u%TEi|bHLi0jEUwXvfSwe6k1tzSX7Jcinrya9FHp8;xb z^1z_ewx8WE7eq=*71Pz(y`}zsm{d7eoP{rARnicBoOl}aUO`O^yZhJWwI_bAA^Fpn zSXSD@DUXPFzI66;aaZz^|67fU@>;W!^=D@6J0Ef&3CDG1`YSb7cGTg%qTpV7Un-R* zfU>fZj`5-Lm>+aEj%cRNw55k=J>UHHwd8ztEz1XMdArbiZ@=fv`N>H# zzKm1=0#r#---lAmzWBp1J#)?g%E$QV58FZDspz=wBSGEW>S}dPa`K3*D(PN2gNZ!U z&j(p$8Trrk;%=|^v^g=~UAt0RqG0-4hnLPriKr)^=>pOdr{k8l?Vh`_;QPb3f~uZ% zJwOx2N(0#qE37aO6HS;U49h>jU#Q7oj^%Q648}7P`#(nu`d`Dvn7=7z`f2pt>-T50 z0_=l%bW+n)wk5jr(T1;f=2yUj)LGu`AljSd_| z(cc+(C_2J}AuFl^jBUuO5&ZA=QLxi6;zN-(BI3lGc3j}2K; zcl-QmsZJ|7-F&m}ph>;!@H=|&qT8{)76U${SBNqi3u5d0mx52cJbZi>uTJ+d_iN^K zv6mIEyOv6(e*$sutfC7WjD{EoWmOLRvt=@f!y%r|57s`aySqXEGx{;UVt3^un`;!+ z55eEf_~2!mpdPURRRl%Fo5%dAzT{-E8b{^e;` zP6nkO!K%ESxc5LsYfg1v9t{)&(i*~Z&y8#{BWv|}%%u|#xo{$ww_eW4kpj-I>Nr#4 z_8O1wBmIAmy{cOgGaswareJb46;7@_O&2SYm`5zvDqc?$ba2wgN;LsQ<16$`I!NjM zeaW5#KtzUFNRgl+GlW?NNrM7zh43V}obxW`_dLf=VMWKNkZxJDO%JH90ytraK#xq$_fAen)QJQV#YT(9%Pt z2TYIf@dNw96rQ@N^%+zl6YI3kS;cfj%Pu$^_k-2EfGUJ-QrTtFTd!&{IQeWQ{D-v1 zQs~O=<+IU#)|kIHq1wyz6BCUNSA+WIzWKKOe%gzM2<$h!I`n3}v9^d8WPGT0N#)%L z`Wp2T$w51vz4^~Umg4;KpI~n)p+1M)Z<;MpS@T>IB?l&$oqx{z&DNxH%hfxh3f0@q zP%k#LIA3=NqL%6}qGYzr@NLwPoW28@^?YM8g$DqT{0puP%YQfbG>FRlZ`Fb@sqikk zUC0CWRMK-z#t&~gUp;>0y9?44Ickyx`>k9Z zgD!-%Q>yC`G4XN3`pHBq_SJjsY(F7o#~=B8uU@@E*igVq6Sb-cV>O)Vz!ESX+vLoe zh{(d}pb{K{zN+NeL6E3h1VPL{)5*VE5JSkX@M+nhTuSM`0iYR2-@I4Ds60^=Qg3=& z4W4!2y)@ma>BSR{cHc%&AvO<_GBatUq@`D)=*SRH!=JZC;!>Da5{yS&7)ca;zvmL7vRDPEeIR9fM|aT6ohYt;HxMqt@hy$M$)nLhL#hh#stuz z*MY1g<&S-PjtVs@(1cDAD2$AZDA0#Jn@HyBrP>-6eF;dy&v!b5c}PA88#}roM)AZa z3QGkanxjQZj;;28FO;P#HE71d-4$&Qxw;A4t1$Wuqd)w(e6jX>`4sG}FPr(KCAL5U zN_}wo%QvKJuSUE_l_scmYuwhp)%S{c1uaG%*b|?*b*e{F@#2KXKkfP893)Ev6^F8Y zY9I_fr9wNV_nx$UDP52$+$k7Pvq|6^nRcvBBY2^J?R&gTL_Bg%@NwidF^$H6VTmex zERULMdcoS!==jXZ2><+-ohYB+KiNj{P%k}hr|{PWW(TtXBy7`QK7hQ?85Zm9W~`Kc z7Mi8%V@DyE~fpMY5}f6JhW{4}RhvwxhdYX{D(x-EPCyFU}J6E)|mXogM+ zE<1f59_y>)Bdlp5l%T$3=A72P37Y%p?ynq{>w@&3nQBmB&$WD!b-FZE!1KjV7? ztIQ<_`s?eLoFN+CwPkBWge*@dV(Ab+R;X6=Eg~Kcc#Zxn>r&$2U1EyP zS055p<40}AP0q{%IvlJ&zpeA7ayj;=7y53Y6UU{{4pF$jb~Zd1CCuyUPu-d5aoseqyqugNK3()82T^Gy){Hox zpg~kKM8efF%{x=u+a*v?QD+MXmi62(j<(cGEQdTBI0Y$y$|Fzz?bNgqdZ^->XC%=N z$CvO&Ff}rK%jEbySeR>xkU#Y4Ykj8H_F0bguEZK77e*1msOGg_yk}kz6Z|DqcsNri zW?1D5#=RPoV;Uio0>ezlP4Pc3fAwNpalo}!RFM@ZTTW>3=~bV$4~KftsAnl4A(^r0 zmSHrx7g%l?EFU_^*V{sA-G(W}BOKYAp1clmL%x3X#pfYai%|Ao+_g%JF8m?=t)G(` z?fJe|C$x6ar9vOpKaKEAa2TS~4g@hjx0T+$+4da9`-d3)ny~^wG%_bk`sVo(H3)6+zaL zQzNR2rNl#!j_Fdc{F#k7x9Q*E3LBJD>oj3h;-)v20CB^%bZArBO#c3D@?bj&ZfXTn5^&>m9mD#2JYbLb zqW!lrGALM9P&QisZ?UYQ?(M^g1s_qFV&~d3(M)du+-k657g6@KZO0+v=g@6R-h^1( z;2mvEyv&s!G8R6J8#hu2%n_Q zmDRLy3^gs!_q)z`d*SXbw1!?Upl!MVuW?!2IR4wcT8)$mGyq;mN&=yDh^`{M>=id(X^!}TMc zz1w~2S$BjV%a*WCcV%Qy3xZxjA{w%VR$1NL zdOxqDj;&3XAMY@(ZHCr=@Cis)8zW0Moy|puymi)anqz5i+#KVNesI0Lqu_Dg_8=Jj zo=9ugH^#?rVH__bVmXTC1W=!C7d-msl}Qc0n7j#R%s$kFvWv#C|Ru>Ty$2 zrN(Ek>-ZWeMuu9*JW?Nb=#2tR5!$1GbRX2i?JLZ2Cr@z=TBZ~w0K8K8g|%V$I> zozPkt?21W^QTfQsSWjxLP!M1>Fcwz5J?W&Q9`99UqU$e-2VaGObP4xf+C6iZ5zpy} zZq=rPGHaUu{>9#B_^iUHvc~yXE|P{DDcuXw`Lim>O_fl#Sp8`%WG6kT&M>^QEA?jK zJpfK5$I$%2OgLG=LkLsC)k3OAUm9OcA+F4ajpf;hWC448ALV8iVcQHPkcFPfB*7gpCss6A# zu(+KdFRpTc#&b72Ze?Tp<5hsTR7M0?W;6~_wN)y+-pZc}nu*U1j}V;%zqzdtZs8OP zUNLdhK*Myovvk|(yPrWPMpQBe-v=C6`5Jipkx1rH?J?_DIn#^>C1qjI5|Ro$_pZsV z!<6OzQ91|{RgwDw|Kn%1zt2>Mh*rnEn8()k*Q8VCL~lyx{lmK$VAm*CxrQ~lD}Y(& z2d98m-S36LyNBlZC)4yW%~Y<;vB-JtvhG77^$&+~doP)*=+S^27sO>oOc zNU4_|yEzU)5Zc%Fdqq&u6y7TH(CD0(UyLBH%|q{Iz|Chs-xa%@2u61dKX0QF^C6Xw zrsSH91#MuhEmf*~vSCiSi;crB$2lBCQ=2>48!M+%RV| zWrqGR304=C!i`lX+%T3V5U6GmN-mjcJ{@gq@}btUsAu?)aYXXie^ai=lpr+xY7qdS z*?7x{D=4)H^xmgxOIU0xy@#mFQ8wRDh5*GkVm6WnR}C2)*tH*hFqRb z&OB-F8u9^kZgNF7IWgr!gx)ghkwd$Rh^H5RE7YmHOR!)5SA8F6e=LtYbFP{O;Z}U2 z`q#wh2OfYkr+gwCsn zloTshKJY; zeIzuMOO?P^vrJFB6?$Ygm?`etQ)nz7K~Y^x0m##(mUJ{;#idbpgNcS-f9g%1+=k)g zO+E<3VKLaWr7e$N@q@*38fM{SRuUWc7ohn7d0wu&drh4o`fq9g8RAp6EUktn{ODOI z+WAvW&UE)Va6vnwQ&;MVEiEFV#*`(lfUUGj^t zai{kNAqAo>VJR)MHxwq~EP1)-kcksn3k#IyCHwBH2H{8K*Ys1U8>+v9MQottT|@NS zXtu5?Eh4uPQD|uu!PST6Bj51eQ<{jdM7G%)YsVt)lV^%1p>T)7zJt_{PCpO((Dhv{ zh=PNoY!d2aG=%!K@+5}mm+Z!pBCE11IP-!-rTDl+1e(E&Z3#a`{tG%S7I%6A)aRx@nSgk2J0G*`>4GY5xt#2_3hqhZRON-p>btwj{dAWFo&q@;$6i zecrE;`gFRq3onjSB>&f35=>R7(xn^xy&2?F!?4e1^&)@+nA7 z5;w}FI@FFOVSxWp5rO>c6f?(&k+-2&7&A(y_R7#R+Gnfm93tsKxW>EW$9hi{lac6a zPUHt<8Y9U`46O|PZmDLR*XHuE@$fgRcHdtf?Tq1O(2E>=%Q8|*wel{ND8<^Jjkvj` zA^x6Lo#2px){doHau=lhPhzgX){^9jM8B5lD-sf+wvn>>UW!b}e>;e2(*9g_Vgf2! zP1D9~lL7w3KTwBju>QS0T2r5;QEv19cY$~!KSz) z)Fh}t6f4XrDKm(wFzMAjUU%<*3DA*G8QUxmxXQ5iU$zq|pRFwskt@%MrwzUzKi^|n zOR*T6`Ha?0tX~B;;_lwi9DjUy@Gogp@%^=iDjKWXt{kc{z7R4<2+^TGb&Kzr8^3+} zY+pcyb;mrQu(;*&B=o_hnMw-E41rnhH?_TzozmF5pkPWYlz{qoc|J_bR7 z4Uc2>r&=%Ld$uVEGsh}(uc~O;-pv`<=p~(Y^Ur&oHzs?5QV7svPa4)iW7aD88sK_K zl&nKW5V7$${Cs>p$Mg^_nHvf-%28ft@7QY_k}X54d*BWp?PzdK#)1kZuo^DKV}?FF zd^tRR?l`^vnsmxrfJM8^zisLUGjBxqOUTYI-yakkG-)-8-Bbtj0D1N26wblH3}j%Z z;MYO|rc12CvHdd~hys6|u}l}8)Z63pOwWr0@to!a4jX5}Z({`1#$5wZ``<60 ztaDsa@oi5^pjSkHb~}mNd~Q3yRJ%LR(nE?V@|^_iFWw1Ap~5PkFVKd@|A5}(l!>m} z8sRb=BSvDjd2OHmXT%xePrR~1^1k8G;QMTXO4CWXBbsy8rsFNNypg1`AS!v01|aEN zJ3qI*52XLN2w_8YFf7D`Kf;PAkq{p!ZQH{9FphfaHlV+>J~aQh#BcOPA9*4E#J4(5 z&QlpWeMSi_BJk}+$k)U~n4wLabbsM&a6X;y9)xUi27d_x6HS>vbTrZDub`ZNcgsOr#}Vx;{>FCRm5NUTDF4BVGU?&xbssL zQpDFCZcO#u3l1XHd6Dw17uS#56dbyf)|g&rL&3>VC@!~v{c6#jNwYa@d82cx1Dwb) zI?NsfmVcuP1t2@ecbzx8Zx{TjFxE^J%KX8V8;E0$y}j+|&O*Y9osoUI zXS%QpXHz3BB^+*7!yZ?i@4@n+por%e0)U~yT{Zd_YMxl7p!Fpcr~K{i9fOV=Wia2# zcU+ep33-Z9d~SUXJU-ZYYLsHT%x#b}-v`d%NA(OpE#jK*bbE;a}= zIXLw<=Lt0LJp)@!u_81s^#9S3uBFR@bB%8*bJ}t3gtudpnq946_{jMy}qRsvs4!pM^A*Cb9OvF&7Jv%T{wS5Iv#Un9ci$AqVt1< z=KkJFf9TEr@*x>YsPEM53*?RWeaX#i)p^A*Ud6#1Y&&nS|LDR2Rx*xXRgZ+2j=XIX z9HsFnz<#*ja|Q6e+We?1JIlC67q`ktn|bFGIt;bla>Yy$@!KaoW|a#_9lCLpy6!x8 z-WlVoEt=MCw%8MIz%9}&82j==jYd3M>Ke8zTwFxkk}$rP*Y~J6R(e!$;%Oz1-@3p7 zx40+bvD@~nqPh3)3kT8#DDN%p1t!QjlQw8IC7Yb)W=nY-B_yr1=sd|=94y`IBzAy7OM7cM&wSfAFnRg@r7Y0NoF8* z=S>M`pwv>h)xZKh5z_^`&T=!%esJ+_$zk^KK?b2Ba_jz7UXuCNAywnOunYbTwRHK7 z{MTQ<9R^N9!xH2nNsrHI(n5E{1@vWfmTi^o1IUB4ik2VH z6SKD?PplV;h~!kL=xGfGHcI@JCRt1mnq=V$+>>lVF6Yn2-nvhJ zR?(TV4a5r{IHZN}9NeszOdnjl`w+$r-4?7Y@R!jMDS;i^$djm02)~y3gAk~HoqIC* zUo@+X@jsf?sKqllzCo>hXoy`Gm1+y*M6N^hy7Y$)sFei7#37fbdtKAhBrjxzd5PRaneQ)(tNbcK({>ir!eNL~rQiQywb zq#cU|<@Upi{p4k2vflR4F26bNODx1%cIm)rN${|p)0eq=6q&6Mp6`%i(uu%C^I(<@ zuwH7fwVtAlMVkP;(%*@SFFheBkmw}=hR641Z4iQu6tk{xNQwl+35#gQ92o|wW4If? zft$~|hNixBlF?QL+ecJwOgR4ivSIvpu1;J|g)Dq3-4Gar-dg>cSKPPV$}3{8xm@MI zTa#tyuOyhB75aSn_`-wY5gj)}yST)e3T#HO`Uc~|ZM)r3rYIAOEq znlff3(@xHdZf*gOKWPkck?{7vVwd45Qn%DB6mYXVF;Gwl^JFgAjN&;}rPKdo zk;0o2w1N9rYs!hwt+r!$2W&EwqoQ_1HANzRa}oc!DBRKh!grQ3q2yI`NA#0lH#aQ_ zf8_93-0J=UvE)er1?FG%hq+M2HZ__4J>~ETQDi$!Dh6MZ-tV(<+h^a2PBgD5Y#IT@ z+a52k_Lb~aohMO#OzM*{IFqQ-mmyMd0#=eT!s#jk!rTdQC8S)#W=plSC_d%sKrC@B zLh?!Li>k#KT9|zCtjx1&`7ap)$4ktnN&Xi9jk7JJA$$pS&2a)^mT5Tx?^e{V{!!2fT4&%VFewln8j z;!L6zZ5HVOLYK;j5P*u$fkt5JkFORYiWGddD}NG<&p224@L!@YZRnr|L1$-I6LGA+%I}Z2DS_G*L#X$)fGB&O`=#c>>B_%lfIjQ|jeBrj+>K9t^ zQ&C*b!!l9scOy)zC;i>BXPK-J`kM&#eqO#WD{%k=OMdCzR4sE(K87b<-lbw?nC6$B z2b2+RWMgKdDYE;6n%Wa6aB`^xvAX>|)U#i`G+*6JvrXaU!_g|j2Yb6vKD(?Gal-SJ z*giT{BC0hI9b(U)b;mnSAq$IopL_+QI9jB|$fj3$FC3qKj7bSEukA1NPsEwu{?CqN zF<&ncjUUZm1i942smmgfqj4Z#ZA8anPbc`c}RJ#DHcY4w=@Xfd)EHq9sD{o z`Ks`JBy7gSn2FXrO%Bw_ym-LkIBu16PgpZ0x^_bN`EJ&1%#iz7+9tH=OWh{Nm=O~^ z$QJH)))>U3$y%WJ(jKbi@KLH8D?qa<_lRcaV9taQ>=m>u$KI43X0%&W$hlA~^PEnR zS=5I$$@Dnp%KJgf+zm3bgJN+5T~r#+xd&T%oAzM~B>T;_Io3?JkkGA^4Oy5oJIi%? zUM?#q2b&Y_Fby6!W7^2blsy_c@7+Pl6AmdOFEh>a%&1<3! zb=z6cNyBETf7M$O9VQnCbJIeyP+Iy12rL~eDwz0N0&I%Db`l}E6x0Z zw_*bM{(V`YnO5J+eZ(x!>a9xg#REN{00k3Hd%ijYKZqb^$A7#%_=#tx`CZMKawxD< znYQ~Q&D1-j>aC;;d#D#{Ge=Sh6K7;-kf5q#V_`u%a~0z&p*MaSPE24+HtWUaMpD+v z8`wicsa_RwD!)T#6vgxRLm;FrZ)8HJN|%gASmgmO*dRs7oOdS~%aCpNK_N3Sf9f>9 zFkVW%4hGsAFy7UltU@!fuuY|typPU+3?q!$mgch>SYxjsdkh#ynn$I- z$4X1qFK^1JCFhQoi~?UE3A_2e`+>G2b1}ZC<;`oO){8@ho^DgrgY(*HvB{A_nUmhV>U|1+84L+w}f`Jadlb|ycQm82VX_~_@Vo6RFFEjBbn=;8>kJhi{-43y{ zEBQj!RH=j3(Di?`3)p5A+7R5)JEBCe6QEo3O~S7gdu2$F>xsAd!~BXBP=Jz_+8*f6;nRdHgB#@0xK03i60v>^ZHtKVIeceetBp>y7YVF&{ZVzf| zYR|*TwTdM zxrshB$tTrn>ef4Rb+jy?{<+IhltJlEepTHh8X-bG;?Mt&2ZQ|$(p}8dXjj9Z$^KCY zdhw{c%&t38WmW^3IhQQ#WtL)Rs+>c^rf$n5$5)L{u!yzd+lPVls8R50LT6Uffq09> z&fIo~&9L&-gj}{Ue&t(e!nc=3huqMu16e#@P$zuuqMt0t)|iux z**YZ@)e`Z>G=1iEMC@z1Jqy23NI;X-Fo-hr4ri)R>|%^~S6d-K^Xx{pf>_l!v46VmO^L?NF%BQD{<6L;0r-f{7~U$nK1_uQ zJP>rT>}~n6m@H~jFQ7L1Tev&FkS@&-^k<5yoh<$!H?jKJ9*`{R&CfLU9z>~=KWoZ9 zXZue=a#3C}=_qr|2zu^6ww){v=6Kx{#zcNGD^bblwAk!aY3zRn;f+(mRT5Yl_q13yK%R z@TW&Pg|7BkLbuCxMNeF^6bX{TYeTCUf3my4`Z#m~isATZHEglapBo9k(PZObr58Cx zeL}U~e)hd!;8&El7)|OO>wnJ=b4)q{m#01U7Ky&g+wxcqe+644?1PPJ+DAszlGri9 z4!V3;1dMW%^f|R}nA0QHJv=-}GC5y;R-bqj*Pc|1lM)a2&Xv2&52IpXYccH#AvKX7 ziyf%z|KqfYbmc-DXj}ym;Q)pb}s`}LWb$xu!x{e)rcIG7E*DMbVJd(n0J84xogli zL-&+Xn1zjRsmh`s-!umPwl8`DWBpNIY?iXMH4|`pnccjz zXeXAW#YB8h!7NmW(kx?A3Z0_kgAHs=m8I&@$P#te4_1)E)0<4MVH-q)LyJxmZGpyJ$>6OBMR&vZN^6}VfYhIKAVS6y^Ar9v|$r$qd&0@ z7o3SnQrBOkL}0%Y>fiatm%Hd}_}!T^^)x``qf5AirDb>@@ts|-#rw49d$u%}`}TyM zhsv=FhB_&-aKbt-)M1WSC5nng{l&BQ9pbyd zg)%9!06ygyzr;^@W0VA<=ue7TpzKlPpG4=H34d+o%L#?EZqsWmF!D+sHIi*7a|mCK zy6q%T_qVF6YW$15!<_cvw{}OQNkWs#oRnIAn;CKwc_kva5Wm|>!immCoPrZLpME$^ z5cP8y4g_96t;npXd0+txdE&|KI4|J5LbOmQTjubiUa!G1oq=IsDv@p0D&kmZwzlZZn43h{#9(>9K_58MZDVZpjxVFKz&Ft^e_ zXF9i-DeK+qDZKU0>a5iXLRY5l2|twrxk&cCN^dlkEP1>(G^F+N&sv0n6|I7l3bHVY zTjAmZB#I`Ew3L{bm@w-n_dsROEE}#_>9RIJf1zP&d69OZ$OmDn4k=eJup4D|2}vQO zrz29!x29C`;I{ZiSt-3A@_4u>ilW;=R};)%n)RVnMl6Zb%~3ii+RWB?K}_NOqaRLf zrf2(3bvwC+y_**v$c86#w>vTbphJ3sElI3AIThYYZa3_pM|Qbws={6-*ud`9pW>zG z>PUYp{Aas6M^VwYbkzf~!kz%|1S7d33zUjN zRkfqAbP`S@Yg!kKT|#yPLW_uYk^p8FtaL7Os2qiuuQTVZwGzagXorj7m)*DOhr}x^ zrd!_`PA1=-6B!`^9tiUDDe6aS_DX5P$CXmS38#qJoEkb&0uSted+2ocsvLz!RDD<^%u zzPgkpeB{ee2Yw0qiA$uNWETMtVqpp>1S5VlfG}j_w$KELqH1~=0b?LYxP>yCO4DTo zGGj*Qk_GIB^^d(z5bzNIv1FbS={~zM>7HLhZKDf&o9eyoMkV59oj8VxE0;_eaE95_e4sZ0r0PVRw;g{8pcAf}9A% zbwrDL4RKA~;*hJmkGnztZ(|PqAA=6sJhGDQl{9YkK9&Nr9`J*Ko&vloVCXlyos`z2 zV0Q$w@|Ezrdwiw>CT9MYWkn9S)sl_no2FaZGUoQf*i+~3$-n0P8^wM7e{BIcU<}RC zRW;v+gZ|IkF=M_R8re1NK~f+&c ztH*O|qr3aSu7KTH(mxaa^BIcS-F?SQ0BD~;v@2q9j6Ryd#KsOPDX}Z%Nn+8#a{oQm zU1{3&6S})w{&OIKiwLwp8yg!xRZSxWfao^z*0mw6rt_4Q- zEOwFC2R{WN-ADTgkSvpNYqOE7(%$SmU#d{Xt)r?)csQwD)gKDImvJuAb=j~N%kOJo z(Vu}z9WF9K1uk06Qu+%;{%=!`0P zZua*BW^#)Ku`ORADh%#@xEV>e8kRGg*Ev=0SM{Vl;276v z+HUL|n;-d1`t_hxKleS6{`pZNS1}b0^OgN?PQ4?CzKsCfZJkoi)|880LSE}BiIdjj zojSL2ZiP=m^f+lhI1$ajP@bOR7BV7D)Gl&OLP$H+w)aY->&pL^z`zA zC6r}Cuk{HgYn+zE*bHhhg3xh^i)2%uI}wj^4yEuBXfXe%cj)@F_RV=?mq|9$Q-SIeZ8|A3g|RT!W) zun9t@3Py;W1E{uX$jMm{TD;?JH`fv5e71d4K|<8Pt=4vRLc#Isvp=uRSe8sUKB>5$ z$e)c7PQ>PY;oQB=(VSlhMC2535*#ddL%mMz6*#Na#OCYlNJ4O^So~V7MyPM8UOv02 zuV2FnVrgZuBGT2PXR4AXQ*Xl<&WdLAH9rz-xU(=7T* zL^VxvS#41sywJ=^1JNI!mCQXG!!QW3YS+!|^lUU%XYho4yl9P)1q)TcRJu z1;~N)`PjHI{(C&e^T1qdjNJMds8o8D7r1!m7B9vd#LatB$31{HSLt{zH2Bw*VVf6* zS#FPsP}oR%thHXMf%g>Y+W76>i73+J!egKlW2ln zqla=F(= za+xbS-{h_=BcPcSmT7Nt`sCbC3D`kMwqA9vLGSyz|m z)f)qjf6;VEO;z@vILIRlU%*M2#)9r)c5r*)8MXK(YOv_JLQgOt#1)3`fwZ(`?X$Zo zc{`A(uLgdN2O5crKF_3SDH$X#$;&%!U1(N+{j#h z_u{Bg2N;G$8|f%R-LVmy05=ZiEg;>VCr+V+;=uX=}#5ovdo~} zFyw8-!k3rUGAc_MYuoezRDsG3PD{jT zBcSJFe`Mg{=JQg{XeyzQ8yw2+5-3RpXy@TNqW**JvO18B_ZtyjL;Dc1KAB3Zlw}ed z2#+CTc3wZz|Lz0YRXV1#D$Wj1+ax%5i&~X~fyvxtaAMT+=x0@a%#9Tk&p{@ZlFHAv zVuf%HH)?0}#)^Wrd?RO12b(nGXgxNG9e+c`6Z0kz0 z$4996HUcbZZ?v@g*IYk#e_hSgO*eq`F%(6SJwsEBXOzw%j;gdhU=jIz`gp3AhS^M> zX6A{v;gkdFY>q3dY=#2V>hLU^K)~-zAdX%w1ZZX1W{Fr##`ML*R%7GO8dY!sj}P`!`16Pymz+nTX8m*RP`r4+MbpSs_zt=h76M>K)Lkbz-s7MCIq3#)Z@FrjMs7A^x#0>qa9%d0lDHHUhq(r) zn8}itcI`N_$?7S%e8_T|NR~=eagK9v!eV2;bJ<)qyg_EY%B*|1gep>_qMA9#!-Q|7 zf}@_>Luax`T>4&Twq6Y&3F8aIoiKZdDVhKH>`do%wD|;X$;2J5`K8>rjYG4)mJUM9 zruVp=M3PF$rsVadAy%Lm=$YljL<}Z#Nzd=n*MVdQfBUOb=$_in3TTsZ2v(_a0uJUn z+hXD}24XcE)}bHIrzgt79pvZgR5tU@`*Rqf%k;_HOX{`>z$2?*p4}GAs3*CkA?~$R zFvoi|+i{346GgdH(0VH*dxqzJl=F%$5Szd;7JGk0Hg0FH;iVpz8_wml?Gw8zV~#=l zJ&h43lkiZ3rno}0Mw^{$q{>d7?`;4r#lRXXCtP57K|BH+4;J>(vq)9h-g~ql=n1q^ z+MIaE;63QMkZAjLwXfB-n|1!<`L@5^$MWzx0z{+p8iP@r5Bo{gPMWpS?VdQYFN{`?Qv^&0;W3!(U{~v||Zd zMupb)wx27OaiY)(w0rTn8^QOWBaddDVCd1xCoI^Fl*3#VnZ3I%ACP3?)n-Gs5cCJe zN~t;8fD^w6Frgh%^S-EZe0W4Yp**EW?_*LL6(Ihw^BQzsAN-X2-1IrixsD-ANZMO< zXNoIN%`mX~;-vVsxs~4DF9G+X1kY&9P9jb%$`#AV#4_}N!4A>Tu)6P1p6lI_vkj?I^5%&nxnJ1N!=FBW_RstR}ZR)GHlWw!-eS5?NQ~>nNJm0VX2zHPJ znm8{s6LZgV=bmYA9(QhG(`rh?c;n#l%?4hkK-2&5g~Zn=@jes+ahi?FZhIg-&ad*! z^aN$dN5$ZIPqK~q&+T;<-Xg>741fJlj;n|VpSU*{GHZ3E&7;Hvn&=`?h2wDMn5_tH zM(h2A@v>e2oM6VXyl7+0;`5vG8Oc1O$onk>W}Ie|9~%<{NO%DJ>FtK-Ms)8QDx zLWgZp7b-GGqpshp%_B&?z6riOvMS_D{a4hF$BR6N{;TRi!Az%B=sBjsF%!O{%htpk zVborPr>*#jJ1>kkTLC|i@SNBN?LOJ`4frfNa4oGpNIN zRUi83eY(5l8EEoI7Dq!g9mq;ssKPGO1tZ-q?WzEOS2->SIkOTkM86sIsii@-PJk}U z;VEk7C{P!xH)GXnaX|koo?!07`3au~pmr=O z->P>&LOd!Jsoul5?Tozt1!vPfqYr=FRu^Xa>EY+FY~{U^Fat zlIFbr*Ab*K>Ov5zLdY5KmP(L^)V~lRws#w~BV&29H*>#ja7HNL!Su4_MwwfLPlzie zStd$wU-eVjT_{G9+px_vLQln-i+PF7Z)O{e;ulYr&#`^}LiaHn57#=oym7l#3@+db zO}xKZB$gJ(y+7<++LKr2JX|&V5l>k;UJYTzBYQd-CRBYBb~dXTE2tTNFCN0>=vyhh ztLN%#GI(~(dfk!xEB-54L5-?Ie>45rRYT+EOiqqM9!OCTxSbu#Ol%JN@smyE2Ded% z*P1zpe=nWdpb;CD`d=)8ij(F_l-Z861P=aB>4V{%huPuA}cC-2p z1?)q%!l$u3wYwoO*^7pm^`;JlG!Z;T^p8ffYK`^C=hz&%h?r>i@LEU5eD3PrxM^^ zQraKGuoSeO63Fr@uE3{>;(o^6Mi=S1*bq(c%abyHp@jAP*LI3SIl#lA;;z!*fNdi0 zeSFlgm4M^EJ!509|3%jI%lA$`>;vhjfe&z`&2_4V_e-?zqymFb(>|1UBtdDd^VySO z7b-dBrulOF)^B4vNQHeL7`Ry@F~j68G7w|R&#&T{l_yl>M{|H>4Wa&PgZte8%ng?X zOXZR!Q=H{OL1`oo1e3+Y`;go)Dkb?i+pA{iC3WhQeb0iShb&g=se@D0`R8^V_c)%Z zqj*w2m${iOy{iq|K|PWCQ1=%2cBIX7r2spl8r1*TkHf?EF+iW8mW-W74n{c$8Cfn- zG%^e1u)!yK0-yz1Mdhi3_pN7gloGn9$FAv<>y}-!X!T&RlK~x}fG7Oir@~J2kHVn? zMSa9kWkF0PER5O~R4T`@JX5b|NO>~G%B@vUaGC!XV{aW7RrIxw0wN9|NDJsFAzcE3 zz$hWz-Q7rtN{NC8l>6A`UT0nXTK?Ou$6zPV$4}RZYect=K_rF2U*|GMsVn1u` zeVn3aps}7|DSIl3=`jzLV2XS8RgeGSB%Mh_^T__pZiD}bb}5a+(p4k3f}Iq;&no(M zo74|)aX)Y#x8s%HVi`jn8gXGnBFcex>JhqGcjpoXcN6Q;!>x(JFshQW~vQ!#bBq;mCl1_EU0X!}2EV!-!!ko~|x zX$2Oj=gRzG=4j&fS{pCw^qV`(qj-NoC#UDx-C)yTJ}T486ZT~cDa?s01r4u#tucZ@ zG9r;zHr|^EGT0QgQH9JgOtf#2iiM6RHz)B>S`7yvai~?H2^mwwgwN+C+8!D1Zu0l| zYTPT_Ltv-jp7X?&K4gA1bd&mU7C{u2TyJr!cHM|Zjz-~*xe^2c`T;Iv79K;`ibKCe$H^o^NxsnVqZg~ z)kPxzh&_6%Km_><IX*XLjPdbIq7_|N?o1RgL^<)R+D4NMQ>bUTk}e?dqfsBuH3WGO2rZ(t z_b5V|i_zA(1sqwp=+!UTZ{_f3n%p>O??1VULrxJb8SW!Kk|X`>?8Gzd#(kA5;z=nX z(xfQJDl$jAP~AW`;->JYa04yZB)TAwWhopZr=|usg^`DPuF^hdZ&AwZ)6W#u1{a#{ z*^d{}H>nvQekaor3cNv4s59ng_f1GPQI>$3xSR-*i90!lRfPxv3HCSI;G(iY7GK8E z46iKbVXbYs2$Pwqbj{-HU!Tb67RQ#)+_#33U;kK&w5nu;Z}@pHh>q59wg~+~_jjz; z^FFDBWS4dRctTlVJzd45qKNdT2d@wGq$a>M`;&C&Xa@IR%d=lU8pozcjR>VqIeq9% zChSt&A6i5y;h}JEynMgPMsOW^aZZ{#OXBbZuY6bYspv7iVT5DO&!`wP+r2zt zy}cg3K?63CLU6v5A;x+kxm7NmnH>^|H?shT20*o8cbLG`mFGQ*BigwIVNzuQwXOjp z;cjs`((1Z9j+$WEdnYUx*TO-NiUV^p-(%ZOyC@F52S;mJwccmRt%ec1154p##;MEC zbPSGdX_ZvvE(J_eT^NT_pO^4)7F9z{E)Hz>JJfI?5Vp~$Q0POW3!S*c2!}?lD}w?J zyQ%0}$fVf$i6&MkNWBnJGYBYH=NP&ErbTIa1ejgPXC4vwF^;exDapL z4DAO#9Hmk1oq~+}mfgH)UKy@|-CB^5y^;OPhBbs$|GiE2i`9uIqXW;TOq7FGU2`j#WCSd?4Yhd+KKMjOD6=Yq7Fq zttH@EBLPplp1ue+Z)YnJx9J=Gm5No%f_bb7? zL|k`nlNQz!>D^bXgFfYoiRBsh-H`=*;80)j^Rocoh@k|MO@e;L+vy)ycG9Um%&L?v$VF5A*KR)^ByrJ00Hx2FlmE=)VeF+tY98py_;1 z_+GBrZQ5S?0M7XYO^P`FxI3~Bj%|F-xM#Q%|0FlYWCz?_!F^HOP@|W(Id1~O}j*Se<~s^q%DARnr}cv zw|lL?3S#;Y!E7PBN{do>lH_!eq3j?idC`I%*Y?z`K7cbdxbMF_(JJ(u>3j_C0Aagh zr~wTk*Y;<7+4Pzn%cvi%8n|*?&-b$1&)&!j!afq9Tw;1Pqda7?gA~TMlRA$u(OJD* z=a^spgGo^Rhg1r;vq{?rK%Yr*(H9BWk08Pg?or&oLW+nk_l;~53$chp=>*GKb#=z; zwLNVN8j7a<9Zom%Wm8h1GNg_1E??<>{XOW$QP`168oz`Osr`RWPUBU}3my}%6Ncc$ z5}asMS=v9h$EfAeNT*3V`Sl+CSs zO=JpOTSR#|Jzs|8u--HFyMCvpSDrJ`^Pzb9^zjoD`N~{_aHPOxv)Kz8q!OneR0_!o zbH!JKyHMGf76ZXmiklxJ?f-OAfoe3dkkM?pxO(S#2JJPi-k67>L2V;bz*csuxZ>5LW@gKP&i(zx=*3Lnm>FaxK@JaCU$nGL)L<^1+LZJLn)dWV+h5$8==AA`_ zUBO0(cbManxMNoCGGXRkjD_#{u#Y1;YMuvn<5d#{E#v_&P$awXzs zSG7I~9R~fGKIszZkq#HE==* z9Fo5{*nUW!7s&#TuyCF*g6DG4YL-1tq@6F}uKgsi%vrAL-Sfx7r8ASnL4eyw3793o z)K~+2k~@h7+!6QTo_Xo+x(^bsPH(-Z{%rJA!4GNJfXxWMPtEL8X-SPl!bAEL_U{#o zpEAq=5EgEW+_&L8Nj?X~7>sBNy&L-{`E$aQuA7%SRX!X0V8i2PVDPCVClwWu1RVz9 zWApnX?J=J|`703sQHJ}pXOTDT5w3x6zV8utMoi^I?_Ny7r*cs+vKk1agAn&Kg*ye0 zJ>~_yy&e#lnJ_lf{DG;%-n;%f=;PxfU3STy^N>gmE;bq#0(73#Ew^;dlILy1DN{l9 zpI`eS2fpy##ihgYEd(+TCa_`lg@wTWZx~5yw0Lj99F)F&Z{!Fye*KnxIp5`NvB9{0 z(|RRFsgLL208j2=N``YO@53P;cgI{J5^zv7_cmw``xR&pstUYai31ixTnHXzVHG*C z=L{G>3F{ki^Ueq|m+^eubUf|;)l6MxWVG=)xtn{z&k!NeXcn%An$^|Sr0zk2u;fV) z!C0Lta!Gc$FjRHmwm8eGYFONoF^bbRY%M99M0q;-0SQANzFi=J{_n3jDKTsoNcZz5 zzOe7GiBE)Ba-chX?sxO?1`!Zm_b= zm!c;CxJoDP%!%%8lxQnNC{iuSB63YcSvp2A~3#kHgc|{EbhA$n&^#755p=KgOhBdNuJ_D*o>VjX2!^K|Cp*pM7`x57-&i4 z0BDVbcfpu^#L@6vEI@V-pWom5r>p(zR!+V9wQ}MJlzGoJBpsHahdRT5T}*%-iZ~!d z)daROgd4n%DZf8gV0-+!|Hb3EocMe8(*~liYuj%QevZjgcF6M_es||=rvQrC+Q*YW z@ho^!@>-{Txae!pk3Ooy5OY{j8vvvtQd{~Az&ccrfOQCd9FEl1d?%Cd_XtR3=FYo6 z?A1TP%IJ1xxIOAP!^QDOT0fgwcb>3_P(_b043FcFmJiodd!9!>ptt>suHTlrwV=?4 zu4*5yB7yA>5&`TF`U4>vbS6&s05)U1WmV+L<||)5NNQAD$p=^5ynV~*M(vQ?aMZ^u z*A&6&^+(n0D3syzYL`5%RSo*ucci#XPBFTM9f!Wl-42|ch7l#ptT3IL2UEM$trqzQCzKxK{92Ohqy zkE+(2s*0{x-#=_Go7?Ygeg14JR5>{KTHw`0<5`cs^^JC${udwcrehmq=RJ3g4{g@& zA1&gA-{{?~H)ip^^+$6lt)>9tSd@u~3jH_)%Ksw9*-^?Ot-rk&y$thcjTV9QTwGrV4?oN0q_;YJ1-owP6QpQ$DKws zhML!8^ug~l)l;MO&JydRnLA%0twkVn|M`G})DS(8ra5)_;VhP+U_a5kG&>qCiO&;qAd;O{myCG~M zirg#W)Ne<}VUSE~tRHf}(-3hztE1iVe`gxU$R@kAQ1OuE*|TR`i)pu)rvo!%BYV8> zAe&t|T}^8IkzE^|Kaop4%iDRAMcLLw`gs1n^uT|Jn!hvgO1qby7I=$(l9ntmraxyO3; zr_ z>(05|n8xb^_l$c^(^@7k9J20#h=}>MpnA+6W@1_<^e0aYly-Q{^Yrahp24oY|4hkG z{kj)W@~xFI`OIH+MkGER@;LtZsKC0iu^%cWCf>{6CTp7{f0hqcI}aFe{VZe{Q24BV zUX(eJ|LK+=GKcU2UypzmkrOb@T=<3S|G`&qLS?KQgJSvG)7qPJkXm{3uEFD}s`Rv1 z9~wQAMUMA>C#sb3BxHEMRH%pk7+Wt@Mn7NbRX=n*qCPxmJ?}quZsS3UctpLr{fDta zbU($leKYgzRfh@ zpcR`q|62Y@>y}_}g^~Q9L*3hl*57%y`oN0w+(@wFT{UgJm0)fu8fA=v$dZm%Bv!___0I;Ax9JPWpzXk_H0*5H?(lnLqllu- zY=P5rw;rfpm1AWf?wRItsA}66v67qtg|Os@E)hy8{OY#tE$Dse!^d4-G-pH5`%0Gy zH{HHV^O?l>5?#*;5SBghlNEpRQ}SHhdjj%o3Z;3 znHX6h_LVv@NLSDq&8c0Y8=q3^@N@fxj7)$M^1gQ4xlK9esb|p{rZbc$>cefKgwcG3 z>l_%)uLq%8;QH5!^Cs@8f%{?*m#ONp%xmMF5~`~4-T8G%rf0S}bGseJ0N&LZLLpth z5jg(jfALY9&+_xF!wC*)3#_ev9@mS6xVeAL32lU+c42V!slw!GVU^?(9MJlR!*PBP z5$qy{;5eAPh89IQsXQn)i^}a>mLA_wWhTc?**z2hM`4_78ljTf6{T~Goov9I`oQ54ZAWP9R zr8fN?x3=##!)aw*sT~gAvV5P9A@BG5uw*3CklV`nhfuoejF6vZ_Ua}Hp*RcyQyi0M zowtTJc&vi2$kP|@F~@rC;h~wR`3l$#jaDs7d(xmx!ww#Gd-Ln4R_LYaSA?JKcY2Bq z{7G-#-Q;sCVl?MC*DJbQ+=*$0a(b2#sG(+4vu70eR}Es=UPXl95}=Cpp6h@cf6d?N zhihy(29B|1+ytNFq=chZ7E*EavzYoyN?2ChFy3Z?N9l~H5ZWSIdC0Dr(3&~CAmay) zEN#!PZ}fFe5N?G}0$69ixsrk6h69Es&m8|-(Hz3 z+P)lOxSW#OG_ZcU5Y@M!I_mb^t8>V$-sGLbZ0TI%qjnRojf~c<)B6jGAG?WmH}fx- zydM1#-Zb9ewl+b^Gz!<^_IJm}GZ7~IS~Q7#cw9*3=#|J5YPUDKu@zxjG>j)IthUE; zJ4)i?{CMY3y&`0@`cl+Ew=Dif^L!i&=Bl@4VPV_aR(#OH@HT`}ph#vI)K*i@jOW;FEx+dS|W*cX6c zE(^d3arJ+|$ubp0f@pQ!!2`dno~keifl?4}EYQ5>xfgG{JlXtY&zcZ?#)u$g;oF2QKHa#=70nwJ{;qSzJ$$^Nb zyIZyOJ5lu}UW%iU)^ZEiGbd^8sb2Fk_|s7Tj?<)4>Q>Vtee&j*t9pfnsgQFvboJ1# zQj|SEgxqw#HMRV3u{jP6uF}5Vm^F6!=pe!V9p>e)AxJ(lwS44q{H(xZp7VXQchka+ zOY>iPdQTiMEn;ilk0EuG=l+Dp@NUhuHE$ilrp!eHt zqIy@c*Abkm{RzA!D!=gK3di#7p~kG7h@%!EbJua+SS$bJuyH$n#^~hwa7ZE}HeJOpiTchJLC$ryl*SG1q8R zSoY#={jpEE^;z=NYGnbnUH!Vr zM>fXk(PH=fEbmYlfzp>8R&|%6`S?H3B=8I8Y8pKCbxXy|qwgk0`c zlTOj*T@k@|%X3X0r7x?v`$~Hy?jzgbB+01Hy*ECAh(bpF8~X+8l)Buy1}Y^+Cg&CB zluBqwokpbCteQttc4BgMmVO_>(istm6O<2cfe~OIsFKuSM+~C@5020sH7#YI)heK? ze24F11I~il_d{qz|It!xt=pO|H_tn5wnSNaHS}ghQ7-Las0adei||$gA?z5H0B2#2 zlPe61>IS@*sZtJ4|Ir`=#Z+m|p}j7;Aiyy#8;Giyv`wRMIr)UltRzp$Cs!JmKv#95 z!tmiiJcJ>+sHg)1%@=_%By*@@X;H@-?*7YF3HZMWTG$kcvO>5^h8sXP2z0b~Rzt4i z_%tehpf7`w#c1c;Z6|2kf2nu+IUlwlV5{ z=QOA#(s^~ooW&^QJ&53Ql*NNl>-(9#9``uD;JNLrrPwU*kd~TV?^Jo;+U*6uo+gQ9 z-Xq-BsR0`t(f@?PmIWN7?w|Ae^gy@}kNd`YqwtVmV05$ovUv}rFnm`K7K$y{b3Us( zuLLp0U*`YBalB(r2$apJ6(+;P4yvyy*tq5$Yks@FmdPZqc2vm8v1Qi~55)fl5 zalZUW_`NHze~PNP3;U;z^Zzt_#XKdJRxbRM=py(KZ*P+7KhyE6C)!!3z^r zjDM9bAcq6DIF1hPAa#YiCgB287-1NEaIs9X;4M$lj}{R8+QoD98Stcqe1J$VrTGQJ zPgzI-3CMg)rh;89F024?G;o77{~9EM8_fEA^P)j{&|vcGkM;niv+$FJRg1s%EOx=l zNWuZ)C-o#4!E|^4!4_EQZ1DbGO0Gi*G7qFhk&3+i12>WbvwXC1$(KNXKK%ILwJ~Qs zB7pVOe~euVQn3`^<0%3NF;IwrA8zCm7_iFKEPf^+7hl8$2s8nUl`Z+}LZ|G(7*f-t(uJg~!At6RL$2_cl>Tv+Nb;MV zB=Fy*Fq0@?-hF`zBkCr$^H3PO=GT490zgB6VGQeEF)!0kT6wE?q;VEHG}p1@0lK=3Uv&MRzKV8)#h?7VxKulkT zyCtRr&tkEdGvGde4bLKW#}>UAInLQW#8B<-_=DneWg2*vQ}#11j4=ilfEQs&85nLb zf5K%d10WT`@@-&pv-Xa|yB9X^pI-A_qf}G~CPESaES-BUSF9VJ=w}eGtZ!TgE*iO$ z%18AUbW8G=4~UBARc5VZ2Mw57+IN;xKR~-bz5Tq#L*Gyxw-Bn5^nxFJiUl6LB7{#) z|Lqx$W8s5aSe&=PhL9wwY>_{(G@Tk1u$ueGhZd#&;q#q~Ap&zmP9ydbAb%2A?y3x4 ze$b3RIl}$gR&Bu~arB})&N%v6bD%z;n!gc%#Vvoz7z$7Y#Mdy>%1Mk<$E>DT7Xc01 z0Rj9L4dV|60{AC-Fl%7PEGhN7fi`}Ie^SYJ0~B^LscF?kICECJcjha+Vu2SWw#B~; zEQ&3>D3iOKH*q51MWNO;XT>#=&T4Q(E`Uq;pT*DWD`8>VV@Sy0q5n^d`63Mq>Wt{Q zO_A?bG`Na?tp4P%@B=kN6Uh9D{8y0(4XhewHo|`~v?ffs<{s ze(*A;R+6GI8H{}nV>}7K*YE~_o@1_;f$ke@d&=E;Lf`su;rqpwEgE9!qv~9lWTfSQ zAW3oZP{3qCzIHIHk7xZ8UU!(xz<+oI6#P3G;=WBQC!~Z?(NThLOYTUe-V`|Bz zZFwQ>anLr4ePJ>JHoClE$lVPifLjT=1q{ruDjR0Ri*)fj(;}koR=;0744JEaZI5Xf z$SlPJm|+8$Nfb%2mgtZMgECrDO2EOsLC(r)C~N&)YvJKLpXDBQfrPE1RKk;tQsfO3 z%~&V1czAkc^au!^e8hLa_#vrGVSaeNz-!`1UM~YC-4YjPL*NWY*?ga#3Bx+VqV|p6 zp(p9uFKaP?sH#lWN_eE=*kGi%mx1y006*OKN%kZ<4slOv+`!kbDLifyP`v1!dG=bV z@=Yu**je9$AzmpAhMS5)Yy&^X_C)eB11upZnoMm!IpV)X9bl7t6b*p9-L+Fq1l@ZySe%U!OD- zQkQ}XfOQKJ^PT`xaiup{xLc$MH_6Kv84?{*#J=bfDkXpI?^B76J}@lHFRv7!arx;~ z`^x&`rbEH;GY-wv^`9#O&lW74su`Hp=zgWS$`}}=+(fx^W_qj%mM_x!lA8B0n?Cpq z&_cjO@+W{G4u7lYWDuB<;Jg_~t!c=TyuXrTAY{^}LXqbYvj|4+{!qmpgO? zTu%22M02l#4*~pm$jl^{r7LP|5D+>PYoGqr;U$M0MPL=ox3~da%(49O=HSCY)J=on zN^&L-&|+93e_qxS6;rOo1Lf&7^3lVN4G_!jT^hTHJURmUo7-%cNh%4k|46!T;<`(v z0)upwL>7%tOl008ewPOGrc#sSW@p3)vz!}n02zy@%;v+t^HCha!U+KGfG;c}f|v!C z6Y=}hN*AkH5&5rm+|Eq#wD%H2h*ECo>022CBe-~7#km!Rs9plPL)FyOkW=>ftK0!I!0U}l{=c}PEy z4REA>Sg1EJ{Q8+zmD6W?*iZER=&5>JsTo(eXee>73+b2sV=;gVZmJY+N}(wXM3a7x zz$ihcZczq|65{=)4FdTaGVN@#b!9x0M|Mw2L2}J4@G+4E7sijBv-q+s2Og=r5+M&B z&}TZcAgmkglIUL`VoH(&8WDV#rXRS`D$5SzDk}HRX|0lFX%2@g|AbEFV9ugtK2qOe z_lfSmkv%MW=zo)aSZyVFKPmOOwKRt%&i{Sk{^z=J!`A99iMrpZf{QJ!3tKv7pl;SUQUS1^VF3EZ;N|Lm7aOw2P(RH`_ezI*8tEc|zpN8a;)8hG# zp-4UrzCTKjU)ij;DAyTeyxjF1n;)jtd;G$<7dQmnJ7vG`U=A#vLTjeg7Lt8gykMHa z^)AN=F|;7tBqd712&P6-39m|M2OlTUem>A2eQr+n0PHh;B*E(~vrg^rAE$5$mo4rp zBvkOQWqNBW=#=s#*Yo*77c)!LBSf`{s5+?(M$OyaiWXc+j7b~ozfSuWfr`FD(W$a@ zl?HgM$^_7h!y%stE}hx~&`TG8j{hrs;60TVx((2qt(5CMCc!gXX$O3soe|D#E;eaV z5;g2gWt_CmObnJRpT$G68UZ8?)|vZXecfBvwyFo`UyF>GouyOjLOvhLTlL2Xoud5G z5oxFG<)CMND_r334S+TKPsp(e>>1^75Y?YMu%^DQ4Xw8b<$P$;QY!( z6hWbqu7JB&PZf^k)85&)%d78>ei~-S16WwzP5N~a{NDir`xi+1nB&X^Ud_$TC4^%f zC6;at^d@DQHuG>gN;acu@kdK|E!1AyC6b!T>ZT5w{MTtLP4$iv>xNX z6|`W&9Du~kryG=SGod}tF9(|KJJ-P#oWNWETgw02N}84WrFS?Yp|QjYy=?wFI29dX z_#F2q5hw`nO`ln!9zN=9T7)sMHFfx?)8g;QhueKA)0*40wLj#j{$C8&|8BS9D;EbQ z!Bs)wEvI|mqB!@53;u4Hb#>F4v)oBc8f68IKy@l+HhSuzM^lTceMb`|TLM*Z<4^=! zb{8FNp|6qy`()4b*WudUczE=F>W$5x=2^V`iO06I z5m0GKAOqoDRP!VO%kuHpFW^IgHXcU-ZR~z_;Z>{=s1Mon{}2G02LwL>*ca4Gm2^q_ zA>V$Gx+r^MCIzA+lM4V%T_yh}Y6T=`EDlE#BD^!55j3gxwV%vr$Zc-*Jo*o|mCad3 zE%l`FQIyb)d$9$rnc+U4`hdwPFtZ|oeMJC12oFF=aG|^n*I?znDGQr#BPwO{o>FCj z&IoMT*#^aX{^?)0-wgl{zh&pA*)V(idudnu0P0fafGnjs%MKj}lK@=4(|U>Pg6~NN zl4HGOD}oTu!UFaa*IySOf(5sd%Z9;iBjQM#Qo6!DxJJuj^`8l|VWhTX>VEhkcN_Kf zEy2HDWp09#WOsvsykf=qt^$Xg1l9nE?$^_cn4`lEl*1VQ*m`T)`-?LEeZGu;x?Kwm z;eY%wnD=__Y`)X)&q0<^VaT^bXOQWAJ`mT)f|3kCPXJ46`}r!^U5vnyBfSZ{Te;hM zTiN{G_T>Ijrtm_4_ve>e5P3CGFp5d%YN8~K{?^i8|E>KYNzalp?e>iE=9T!nx~4B& z{E%a6R46qdpg?yq#_-6pD0viZ-{0F~L_Oa;ILNI3+P42Ryy4shu}@BTf|{&Hw$h4# z5fKEYvMT^p19n6#AS`2`ZBc;5{@^y3`O4PYOvU=Qrc3$kNPW77NNxCA;!bEpSQ(Qu{?WYUZ_h1!2oFAXB)13?d#ZxDzVLlC#q z!7`G=3W?1id7+S38wM53S=2t`->cZRb=!VTxmHzb);VPCq>=BDsx@uYM${SMOC98P zox?vp$Ks2aixMw_2@e!|Wj3IHj$d8%hJKO?ua93%*4!mdHr^cyie|t_g+*ZlSAmcM zeo0&E;1@{7B#8s1z$c;UjJ{9`rz#5fy7WR8kH~?CG5O_c^J+`v?r*p#!75{+vqIxL zBQ}0%n-3VpxMiQb!qi1selbN?@qsALkt8VzwEQ9kz(*B)cwMpsq5>;D-AP1E$_Vg- zPu>Dv7CGDc@~2JO;JuMZFL|a@yr9!e@2vAR?#ZJZKjehIwNfF+XeoY#1?4)y80{ww zw0bCYU1PeE{(DADSb8T`A@!VAxw4dOHK3CIKchy-Scd@BpH^RQWKyc#?65#r%MBIT zVcT^PcpeqCHATp?>gLs|0DNRSs@woVRQn`d8{)hyxH?$^MHA9)Pp?$lZQ>m6bTZL% zofOH`NZMa7CGCs=KHLwERtdmH=ATm2;Q(LA;3KOmd*OQb_1Q3fO+`A8jjgGu!gKq~ z>#mpWB~K4+Geci)Pb4NTLFDS@iV@&bcimEGUJ@m|X21qg=&tnHJ|8MtQFO15_Al?a z{`TEe2}5pkDVuwK^d#_{Y*f5N@Y3lifRG~p1;f<K!?v!jv*ZrPt4KdOd zc+nk^3`d}Wh z#q_>yk2|gJY(zL3@__Od8!I_nm9T#iO_c%~+Ds<5zp5haRjwp#^j9bgx(arCNk|ZQ z;=K)i0(&kc1`tZ$iMk4k`KaM-{#_9f5tuBzD)hzPoaM`%1!k1m627(N%~Bgx*3+wI zfCnbE!#makyBFHG*%Wic4@~TA5+d5u|Jx>^|D(;jz+topD->=T!&abr*WRVfgr%(f z>5=~f?5^045|qzoVaJGfY{8Z$v=tm1-8S07`V@g84WzsTN8&*s5-$$=J3<4DG+23h zaymXg%ZnI!s!IcnKQ>+{xWcNl^R!0;9X!weF%`l$XL(@q9`MF=W`bb-Y{;!aMuyG^ ztY0US%&U45I8Ib$z~BY~cL_&<0AvW_|39%M1E`3kM%>VBrUO5cXw|M>1c$hAaOl$u zsC;oLuzJ#vU*r%mF!RVuLmWzI`Gn^ZvIBCei92CeFYybPD6Xb)7A3ir`i$6`&d4al zb1#>6q332g{g4$sX7S{*Z(jas85pi>lnuRK5jP$cqmg?M@E)ug9SI}o#{xIwF+G;= z127i^9?u05=XsRS_<~9ooQ{qf2H^rJ$ljMl^DcM;Xne3yke81JUyVz3_IoQM^qrlJ{ca%84FGKnG&Fiqj*xR9oejs}Ja|MJK&{q&@ zR5u4!Uc>pr0?>UbYUA$@Tc{7e5T8@bB)!S<$Xv*1GeZh3@76t9O@JvmjPl@A+#>WR z9Iy~-ZItgp*kb_`Rh+B*_i^d6fPZ2jzVMsOFHEde3pqGY1AZfKu04CYAaUsZ{dPeF zG`*XcB9d`#X0;0G1=MwPv>mt@T-7Pl*B)x@O{v#z z4jFahBbaHYWibG8PZc8wV%;&xK)HIEI=qAA0KIPya%;yRFZ3)fbPy0&=`N)17Cjls z0C!)2&n5^bF9Qa79mu3Qf{Sq$=7li7GrcC08;h9193r6l=pvhLfS2#WRR5)kIjTUI zJIVZ@R6QyaOqrpx1dMT!WVphpNkNCp*gB;au#80cws?Ff;8Z&aLCE~~#Rx6Xeo-K- z5!<0KV7NMod9kpiLG(f#e2G8O{4il|dt??_{ql2|0Co)_OUW)Bcfg7^^uN3c_-1}v zKyhQ42U7d^z{wNGn}qg~t!q;g1(eErro}UQQwoJ$slkpI2$f{x4@jQtvN)3acRN*n zmD+*y;->(R3v_JY=fI_V8UqHN^8p^XCI9g8{LB1LH{FtVsY-JaiUgnWx= zZ$TF35h0Cv#;>e5%3IZg#cE|NDqpBFVkp2i8`ua(fX)yu$Oce}FF2@pLD~@HKVvpL zoTiy(Cmnh28qP$&XVo`zOwnY|(8#iE9vF@twN|)sBg%xA@$X6}WsG}+S&J|i-heJA zkFDu*ozFtu_7;BWdeOEfz{+XC`LFDl9FR9QqXf#S6K!qO4BLsg2YG(!pTgzUQwC=q z&$tVdoA(%eN(d|WODBJN33VW5;0XAkx)^JgDK)?sLi z)E&ympo7Wm3fSU6Hlyb4CG(!?vyU$kFJNnOaY&8%=R?X1Q()BMwjjv} zr%pgBA(8qwPysuzr=)cH@fjpuaml`kN-4dF2dHXU^PB`cpil^y8Z6xq}HvOA<%fU17Hb$db5I` z9_+9wm~cVE`SK7rCrjp9yfH-S<}T>{Mf0XUpvKIQV3w0r)>Z&|_rTB}ElP1f9%Nwj z|2gb%o%F6GdJ|tnlv81x-mphnqEmy8#1i&o7_0)&m)|jo#5Z_oRp@Q`VEJn6F&#F| zy7%K^t!?8EY7636)jP-a`T6;oSWvP*`n!@vxZgIWc4WT|v>FKD(r8k8{CF?YhU~g+ z=7BsY_Rd#`kKu!?2O4Ja%}cq-z&7HG`dCaEIi6PvfCfF-(^8T#(*m z0EXI9M#VcXE}s2Y(h;|WQ=9`_W-=KsnQZVV8wv_I{X~^FY6_N4)3rY_DDHW19_Fr5 z`%*i(bq962F+a7yH9*BPCU)N7l`$?-tK-|KsR>EU3XkBhubUhOtVfh@g@vquNubL({n0pdk6&;_1X3$qUIx+5;1L5&LoTgyqo zFPGr@dfoMLhP^@ zoA;TU>ioFx=2GZJGGTj+j56)2`?ar|Q7892e3jDp)z3(aDr28Z%?L-p-vU` zHxaanj>wvJefY2&E5KY3e7t26SedSwOP_Bm0@U$FxAhySO%v{_RIp@v2|rSCcxuo# z5_pY<`!+ERH~Zppsgm@*j`W9XlI34YTS_;|IRRHy_OYMtd2{l6~js>Y3lTYGMO$*tl zjZb%Riga=f)FeR)cvJORZU6&@g5}r2PddYQLNjm$7cLoVW=iU^zLqgJuz5uPr_D=J zGO@m2sFaY+7}#&EYiwY)6Si{|T6NiOt>$^0=_R^Y(_*PUkjRxtdfSU(Eh(&NNMxVW zb16BH@aD9^1E@+V^{(<{#WdZZp}W_s)}0!EEuB~o0qE( z-ZAmnPCLpAaosHYlsz043Gd-(oLGBNsQV5y@e3(03(fF4 z!_xh?sruhE5?X(_MtG;~c}tqdchAwy7~<#OnXa!LMjTjU3X{?vxQ9eIyL~FL&793& zpDL6f@r2;)l;AY6xo!t6dj)=&#FXJanmh;JKhV6QkHE8jpuS!>sIc3HMx(CpGPiCJsw!?= zd9_kzH1S3K#vWY0Z}MWzKZ@Ud9ILqZw=j{51Ev&RWpw?=ay1LKHivB2q_bgy{Gn!l zpkp2cF8(Iw(*GNJOLii7?d62^)|ats{+t+4bXo9VAABcGjOl98fQQoGkHZ102mAOa z(Mvb(JC)W1dMyM)D+^vGPkwtV_U<+3o8L8Oxhc`pBjMCP$}Z^sAmNf*v+!#oP7p3K zeuIYbng9A#XK&q>#Fz3)OsBexCd7V4j#w78+MqN;;)cPwQ{E>MuZoU@@4GeY+fo(M ziewx0j7G@UZ}Uvikc|CQ9vt|hp1ShNxlPx8s;DfK&ej^TmVY;SeVu3*ooxEc^4_%m z^j7z_bALnh;v+J5tpb($ZSEMv3?=Z>{6Ik{AFQG%`b@vE*-KJl+Pe0ItT6Wg^YQ2o2$~sKQyO8` zSm}95KdYK^mWKWn_G7v@hk1`}*Yp%_UDxPqGEjSFMd*f;&e)1-EI5ACPrfh8)_S&~ zvbz7gy~VxlJ_4MJt1+8U-5M&{ShMI|I60}kCzR`ZXG1w5bht&T9e;J%!(`N%kzj>2 zfo~~+<4OF)fbL2-O@Gs4a$}tJa|50!)0dK>3+#kmXV>1#AR}oXy2YK<0{0xU4{8n9 zppBr7t>C1#db2}5cP%8lc9wqazOjOkHcqkXTo`v3dZ@rJoi-Sf+x_Zd;Si*3V=HM# zE^8LBf}mjLdblBEo(1Z) zPg;aA;a(ij#%^{~!T7gGy!HB*o~w`0eH%`ohDln?q4tKa*^PHkot98Hxp`+m<~tii zTloHDPIGWU4f9KFq{HL%rv;+yTiYrA8sKKWtlZ;>+``gJ+Ce%_T5l;0Ut4zE*y>`j zblV%Q2u%zo^L^t4*Altd$oontZpxI8HZ6 zH<`MIzeXPQ_GPBX#b$qI{#H`8JrKa8!Pchn<-2!JdMSzf^XJc(lCNZr)aH!m6Fez7 z65hQrndo8SDSI6UayZEH>WZCcKdm@#IlWCIcpyo$wMo)g4fRmkFjnurxY-3N&)s}1 z(%vDYUfzszM5_7|hWd+Zff5-h%KNd?K`@TpyMOEM$5FOdL?teG>OW~XJ;KS|m}yg- z8dsmX4V`oIx24hZJlwA4wkZvvJvME#WGTKi1da$X!Rp z)Aj~yrwkqJNhUu$oSSx&TBZlu=YwG zC?Q>7uRn4bIy-t-c$K!+6S=tzCoU6}jDh8$_ecN!Ny$M+mPC^yah1ASWiNdM9LAnN;N zzyF7?w+^eS>(<5vQBr9Er8^V^L?i@6I;BGa=?1Ay2rLi~sZFPZ(j|>j0@96iN{7If zl&;@gJm-DSd%p91zdxSq@_Ka7HP@IU?>WZ3sQ5bk?c3!+wzThdVV|N#Z(0rQF84^8 zZ0z)S{HoT?9D1xFoH-%*h`TQXBh>6q#FxbZAHxZP4@79G6zLdAmNszkyHmBae_`J- zuH3#JSzNV(V>y$b=)EygHzC^9*WkLo$YRy(As3+Ld~Y^en>6P8W}NjhAamzgI9GON zZua57*)3+tzx>Ht3Ym?5C$@NlR5z(voE9+P^NgjMz&g9sh z!{nf60(>-uTQ{a8qoocWPqKcR$FHOJGtWyOuYkWvBTu)wQ5Q@hLV3L7MK#-2=MxPE zZji&($#=0QsHpz+9fdKd$wrCh z5`XB{huRsyHQ-Nv7G&Db3H)_ioyzs$!9*<6t~fU5w#*jBlq|JsT~f>GOqHJ*%=y`U zAhQNliiG84x~zT*5pMjCpPY=JTG~^lT-PD(d@XQoX0I-4Q!3GFy__H0EJBpklBLnD zWf{3saWiLmK;x@=XfdlsfkvOz4(e@neDR%lP&u zG|;I`n_Ni6g5AY^y{qL4!*+fS zXHMT2<%ncPW}&fr+8~wR?h(WLpICtyW0R60dbrwSUExdtc6IJiKhQ8b=@1-&dUjZC z)@eM3ib#E+Y=&NIW_X|RKDscke?UkZCp`$kWCGDy0G8Nfdi}nHSYghg$t(msw2hC$ z3Db800$NH>U)y|d=4ES|Y@o?#9OH!7qvz}DAEGbF9_>+MXeLYhnBRPNg=8&i^q1QK zeO7@xwa;!)@9+86{IcnN7x?I9E#@NaCv1|~%0&z`3Vy+Gn3clf{DwwYJB`#e@>yVAh}yuj$Lv5STUZwQiBNqh%OJUhBvE>V$n$5^mvz-PG0X zojAZZM4$3pqYna~&1}32D!Rh?^<@>B)Y`J~W&T`MeL?=*d`T!JtM+zxU(DINaC@KO zjJ4yoyF-g-M(x?YdjN=WOzkfjr-Y3*kRb!UUMK;06d3r=LTj4?(6-p?(c2S(%wqdT z1OPq<)4}mX&Ue+>av=RgX9zhbIz~I2Mj1QY-!{bar(~jqivF)1lm; z#?JfPtN>RaAcuh!xHlLyZ=o3m2N85=SqJtAqSLE_Q9Bl`#!gZvPjRKW@rx$prFnaK z8RM~x-5q7Q6YL4^qlAmZ&=i^P#{CyqLI;0wH6;UKNi-+wz>55z%wHNbP}CieQ}|S$02MCsDydax8a~^#{Tkk ziVF;YQoWSAx?s5rP%M8c$=Ay3JQML{y%kkBkD(X6M>kaqRG-VQzJB9M%o^?R0@=P? zAM^niJ(9r9*)Dz4j?tLq0YiD?@I_PKKXe=)T7*v~;okmRDeq)e=m7MV``U~MhTbAU z7w@xi6%5TkNsJKF1-Z^c(xF<(Ux-1T&na0>51+tS$uF>kx%st{v9-ok5(U{IW0q~u zl@L%kf=fh<1~J_J`mqa!;8L@=w2jjsS0 z8W1y;k%q5{7^eLrfm)A&lnLDY5F)HJ^K*WH;WLU|tq-9o5h??K^Pwccr=f)R?KsC^ zt|Z5rN3$*DF}jr#8sGLnS2iQ=%krYuY4g%sL9C&C;b4{17y9Y@2wgp`+d62Tp1 z3?*5!B^a5(O3O2bTLHLR`Dkit<)s>%jGMwMjg6?--O&33E9WP5-L5o zw$~09Oh&S4)o{ax|CKecP#Wfx^du|w7RTS%$i742fF(rdNoNUW&?EwUl*cX82)GK` z@Zy;Diek@SjxG1CE{&HO3YS0}#p_bKde0}+wPIQ)Cbe!Xi27gzXPV_#s zzN$;64?P$fV_v(UYz+>^%@DzEQW}or{j3Os(9FojtEpAVE1klY99Q9U0dtqEASueo zk@&bYtS31-{cL<*AGBhQ!yCyXqhaZc4wUojdzvZdw^HUgOlzBd;u@yZF?F$Ey_8`(MTkHxyv9X=afWN`&jsHBNn9b$ zVDMT2*2%?czZ2m~T;01@r?>Ra)owCdpEhN6>g9)ALVpUF^d=r^J zmSA80%AXzrGLf$?y3>{;1;v!pHJbRz)z;;xsWQzFf&7j#BFJeNS~quLD+NP#o-|Ls zU^XF#gx`NRgNu0`MhZ;0e=Yz(-+=mw9+gR{6d8X~e}C3%UoTZn(0P-#xc)R4K$&p? zv+vRaHR*@)MYTEs6p0Ti6I^dV73<9&0_mooR{jTvNC@TXvNxA}SQ6jT=NuXc$GX1h z?!C&{m`(}|^v6v9zYGA?e4x)nBf6bs(?%phstu{=WgDjhCiEgrC|TgZLj3)GFW7Gm z82DOpJ#2G&@78r$-&!=uCwn1xR@ykJ@rQCY3uzp%>*2KDR`|NoEm#l=j*X6HaMc@o zSyo=Y+>1XG;gK^IZTsaSS?mv<&5xzrd);ROd&^;~voRC$$~a1`6d7g6K1;VE zVZLp)>Mw_19O0ym-?7e95T&M5=IszUA!G)i0u+~>7r^Cm{&W65E;=qUacg#+b#%fd zq_64}@^&ignTRPoRWWW~8z7tpbW5%$u^Obxz}7&2Cm1mJhYkn!Y5=tg<_M-FZwVk( z1#Q|oUzhmTy!7mkS5}L&eo)-neLr2{9j$O?6D2%w=@1kW5`9@ODh@MXAZbK7FYD&h zc8{FGgJKBQMix2GxAGQq0MrPPE`4U9iLoTk?&K2Xians3>MYp$&MqBJ8QZ?)CC*v9 z&U5V86YqgE*GCobTEua^cG6$8 zJHxWIj!OBzP>LKsw3)5ZE2^7gr{FWqOrD*GJkNEcJl>}+t_ayjwNM2;TUA@+04nR- z9974qGYT&MRM#=g>_glmS?`j7?zn6opiy~I_-8E^ZaLmRAhBI!U z!jBa(uhYK1j_wy{(v_M)@7siA2Q8^7Zz%^|L1po%Kt(R~&zqWDF&(fUJo$#O6~NOV%R*3bkuJT49Gd&#r`vJwFCN8j73Qu&7f;aXS#UZ=HKcX7FN#D>x>(5r zs7$_JoR(l1mmLyp1F?2S>d<41X%J z_xGBRxG7yx;vnrziFi10H7H|q6%YM6P+$Q10a0Ik6Y>>B=QzdA1ypno`8td8iSu(62jgkH-jv0Gj&kkTmQuc}?8dFvD{@<6OaWoeR9Drr~ zXM1bW=8^KT<+5j<3diN;bEp9z0Eygd9Ek$%*)VU-)bz%M{@`Iij_JUeq$G~ehGucU zkaxC!zN^7otzv0xAu7)L7u25X&z`0lIS!@p%T5kdi2u?3?&&fv-D&hz%Lsv`t^C?u z^=qh(i@0*8L<+M;_YG2);nh}bp>y!W2lpyU$}Rr% zL+;W!)K%xt1ai(N2J1BTJjJ`~wpKbnkdU!u>a!|zR7q3K0Nv!(3iu57@lhMM33wGsq*d$nHzI)?F@Tr z9|1Gegr7p+esQJL>e0V^Z1-RoDgtCubf|5uYv|9gJgZl#&Y}_+baWVKO zAZ0>f1PhKm3Mb~e)N^tAM0Z8l_k|T$ES(4}vL`-1@ib!YGC~xe=KoJ34z59Puk~Lb zs2?7cfI9GJgLOM*3TJZf8=k%jd3*>>k4tlI%_!Q{o<2T5_8&0ls+-tbItR=&CA@&` z=H$1kLsMU}X*tt;1x8Bg5V$vUUq8;t+_ZFAnhihb7s7dbFjRVSqyYd#|HL%t6{B%> z*y!WrC*I7kJU1Ql^GWTz?EoOJUEpE`7v(SnE8ZQTse)(qJyCi~XL=a*)3#p%H zeG)%px_)GNQWa0+X1C^2?%YuN7BFmJO9xD3mH9P2xIp>5Bx4qDBtc)78EyN%=26(S zEZ1!r+r4qQ-|!Awi2b=VsltKjdhVp4m(bE3!-L&f4Yg#Wp=WMpC3(gVyB*<*nUb3r zE@D0;|4U+`^ANa{G5;?v4lE%n;aHu$v91P_4r#wE%kJ#5lm3z2IV$|Mo>-x++UFuP zI{}_gm#y7T7wKw771KU$jRZt!a4)>^r_zX)9w|=b^NJHb-FD&u2>VIz%Q2T~{Wb-f zFV_3hF1Ge6I{bk5V;^x-SVU}v>ry4|qE3CY7TUjbuKf>wkBxrNo-m&(0ZBCiVdH#8OldS@-ww>6f`BP9DuexRo2L$056@ z!*ATXwU`WIjZ_#nxdhoaqLoKS^9-u%k~Onl%`5=6w#y_)Fh8;(7t}e(1gx((sT9*2 zFEuqE!Sxv3zv?lThG@56?%vb^L67qLl)~h&pBY%&se^RT@}|iCJCT#6T9{izSYS>z zh=VLAoR>|dRjXLawDW8=Wd5W|&7nytdc_=OMJocin^*yw~=M-$H*& z^DsR`XyG&oDh{Ty*RFkrEA;jd6?>1fR)tJNlg~$;dy$)F`Hp;%W=7JTboJ9ldDB0+ z-?Wc8nWTOp4!_ilJE`ok8Lk$ST1$+yffBS@op1?|3Eg2w<=)S3Lg7@*qJ3jh@E04# z_N?T5Uayeg>3(^}e^Mgfk_RJ@z+bt9My04V?C?y9xnYSdPenv(+y(7qrC} z#Q=(V04R&LLo&0op@ z2b7&1LWpJKbR4FFBthT!_{*Xi0e!$@07hapN#Mhz`R6bjyYW8>XQtr20Fy+TUbegb zDNtAge7*A}>AeG}I53G{EcBh6v+Pp!;=Do%dblW-JDy-^mUMSRT2!bLBgNIk&!B_? zgQs8!b-46CnALkjhQ=l8vm0UdYMgETC4prdQe(CxLmJuTKR}#0cDc_U5otV<910i_ zo9stN;vf6ORU8LpGDl&D zed5oe#*byg*Vb)y*LgYNN>_<)j@V6{(Am>^7g&1E(a47sVP5jjQZ!c`i!X&c1;P1^ z5pC~YXT`T{1p@}Ug7e;J??z_8cu71x=uJUm0e?BG0kNELsDE@f!-^&OGc5&@PP;wU z4N&R7lKn?kq+F;3iogG2!DuYPs5^5VDH7ps=1isN`P4zK1Yh#7c-;C3R_rJI=W$p< zsi#fluK`fxh^~K8Yb7vEuGGl;9B-c2MFDQb%sxs4oq;}L7GN>xTG#W*PV)ca%<#YS z=;q6jQ00!diZwsz{u!q^xO(J4Ur?i1Dh1p?+z$7K?rzT+59H|+xSXSxYMi! zv_1hPBKVgWZXX330WJ?foB+hI{!lBxl(Qeta6Y~CYBtRDwy6LC$dS&Rq ze2&)ezrSmJpxM{Y>lf=xG1Uie#eC~EJUi)o`EM~#W5Gt6px6l1v)9ZrX9qa@X#NtW zB=FCP6(@VHT8C)=z4LAB=U3wz0sm}0@J2tL9dy8H%@GWA?*l%pR<~*AmN8#Y4}xB& zZPHf2>CtF-B}l^}obFet6irQ%#_@1z*iG5x2%dfT@2zZ}N|l3wX3#JJ6ohXS^(8sY z{3hU(_?m*Pt#91k7t($;gsepWLe=U?=c^%`WjZh!TJah(qJ^J(3A2mzy#VlTinpmo zD{)Cho6^qE5KIgUr2pa(8oZ?=BpkgSegw$Rgv1|i>VCX~?dzHnX+Bv1>}sGigFDWF zN)XP$OWShy0_I-dahOW0ap=lhv2A6W7^HtSB?rEa;X##bt(p$1h7!3!jELTNQm+Bz7Mhg%{=Ogd$Z0yjYm88F)$=!rUPj!%p~nwXp4)wKgxOIdQ&yqPv^r!+KD zE`veSU`wmwIR@9V7_&JeSdglD)+>S+eL+ zXBW=CwBq3S4uiq*LFfYvB@Cvih0}YbnQ2d6TMR}q$#uKCq(%F8QDynZJbENmAxMXk z2yu2^eKsD%X>V4J5ApZKdR{xY|X|J84OL3(j!)B=r*|C>rbZm^9(pK z*rtHia?%n6l|;v>Jp4liS0vlkz9ozA?%k00@lnKHS~BULTyiKgyu=Xj@C-LGUFBM! z$)8wd`WwA60zklJNg*d-4+-7T1If=D0aMXi)%ec(7~8nPT#8vSD-A1)HA*~~9*33$ zLJ#j#9PVv;8l1)BqTZ%7x6FkKT_2EiDA3TeD6D20yT8G9)YN8 z`KTey&L4lnRBKEG@?NZ{3q(fKN%OdNT~stM3fN{Pcl3QZyweqM#mlKJ2@JoWgQtiX zHhlAuBH3N7h445Y3zcsv6$%#S(7$(ruH4hxTZ0W|)(Z<3Me&=IIKy7!Tb^z>oXQUryP{RvC09Z4s+npHyKT(>}36{0!H;38TPoR ziVJcYQ4Ho}$*ZAM-7Vum(I zw13!kq<{TTpz_`_sWRxSwy_s*ssmqDj$(*q7aDRa1o*qnGurc(XAg$YyxfqKaLy_iwQx$(Obv1Kyg>j!kC-HbBgXOgNpg8@h(RjLn$7WOnibhI+M|`F&3xAHmjbb z*`Q*j^+fB^TW|NtMB;ArlFT*=OodMczALx|1{x~g>bxR^0L|>~E{YCbHTe8ss`4Sf8q0k8rr=9yJ@ybx*gPIO z6C%?8nws6kstOiEW|}c}?PlWtE#>I!9FQ)$t5qw-C~dO$BQYwWMuta;GJ<);KEiCo ze#pK85=<`D&_q#ic3N^Q#qd-vR~*S_nfB^C3ZH%`oH$Ih5jcvyB5BA>o_D1IHz87HGm)>6yrU}W9aGUh!K-4E#3Ltep#~d)~1)EF7C#f z_T#Ve`K>-1Sl8R{jFlN3sITpeiyhmJnm~C|nOVuMBVlDWqbBERC)J|?THSvuWotyG zOX(fMtOXfRRbb!)16_sT)B4((mj&{yZc!jl`)g`){C44R{!h(8p2Lp(@0YQE0#{|j z)O6)D@_#K`tWXOi)GHCOyF^K8T(SW-x;r$h+&Pm0{bqQ1nd=^2kvpRHl`?^?0ow9@ zIjBqtf^-r~A}a~pzWpLS>>hSYT^o|f45zziZTQSXr^L=Ga+(k^O&(W>jo!xyUU9v( zU3Pcr^WY~Z{JgCN}W_Q>UG!i>H|yy&{7ZC%t9Ib6RD>mI=dx%amZ;G0?=k%Twq3A#rC1Bo_%- zm*qN%va;;5kb_?jj8(adia0-=wQssEziGR}M#q$?kmtsxlOEHD+M((eALst%jz@kI zkn=ozJus{RD`NYDrar)B3Zp+?aYLU5z0K4Ovx57dB5b+^Bbk`wV~6d<=YVoHvHUN1 zANo&*-)d=<^Z&s2m5%J*xZnfLuZ?eg)~E`Q4^78Ot7Fr#Zb60|)85*pile?VPWM6^ z;fIp!?R;@v4!4%XPCWFCb5_{Q<(k>GWcSr{WhQsL%GMem>3lp3NbZn}R%Keu)IGj4 zm_O>JTC>Ck?Y>-~J(qgmLWj~`m%7OXCOB@>EtsNn7nB-TmN?NK`@9;?R}-223c8f1 zT_CRN^_qg<{bSIrDpMY(xC|NuNGBh&am&^ud*z+&9BvVjk!hh41}q+W54%x_TD`NG zi8vMPf_wc~Foo%E^;>8!{f+-tE3WT-%4A7qQVv%IlgC`G%x-b{t`HIz1NWBHKbc44bqq(xGRC#vG$*VY z9;46BzZTTQ3U7#mknjf0Ij8C1vCgQbU?&0erln^8{Mj0nRid=7EMR zdrTfjjz+!uUG-{Jx%klN{Zp2%wsYdW^*?~ziZ;TgPQo8>C}9rWXCeUfjQI%Umg<5M zYcao;eGiUiNKS5s_P>~|BcnxQnR`EWARAmeLW6jhy19v$D?b-^RepQ*l5u*Y<`oyd zutUSEnRCZ>!2b%}KYzZ78jvqOo<3OZdS7{O$?q9W$Hmh1-DTHm7a^S5o;!$}4UZ&v zkXhY6{FvHzTR`qmOF&-1sCGa}icNx0FI_4`*)%sPmEX-;nz)@KFPmo=pJgN+3hseg zu!M)i8znJfsxsCW;XEjCkYD!uQQu(II$u<5G#i9D#2>t5B9BmdpJ`$jzf_?S<-PDJ zhC@S=y)~sM+;k*wTuCnee$JGg$V0t`lULu_x&d5S#i~tNMFI%R1aCzv(!t{ROd@&v zm7bxOI3XhY;-O^Hd4|qRgxv3h$A&dMr+b*^wS-&YpslDOuCVa_nzIhen$Wi8@tcl7 zXm_BNMjp__!UF2Nkur&C`wets_l>)6=V2~)a~sHcF1xue%r?HQU;0-wL3p>RmO*xV z>ftY8it_>Ti5klS=c-IU;fYJ^JdK<<_?8YI6Jmwg_d(an2n8Q}g>necc4vyc9rGx} zBgLB8aXo6!1vEAds3s;CFP%%|SbVhb6+^uKgyc!Xi~+l5egb~%`qX79TA9hYk!?uL z@bql&k&&;V>&n8km;E#D zKGG^K_GgL_*(7V<8FqE9;eHbPEs3rDEE0)M&zd{z^MRfS5)2N$@hnsOg~|_B+D{SJ z*m2O`z59#&JJWoaT$|XtY1VCnK)9M6rd&4DM5Vl3aqaWw-SgOd%U?A6VQtGhG?-tj zk*vI4!dLvpw(0_b`uBqT_T!6+-{yFmPqn=+{_g$KxD=M59mKW(_YOJgs1J=!$LkuV zaVU?Y{Beg@@1gz1-ie(z%S0py`lr6muM9G=g`^QQ%>le*4r|Fyk{@rA5W06QcgMpY zE?nwJxn8}uEFKixO1~@U=cUraVcxX4yFOWI{lwdl_c6^e-lcqbXO=nZQL3qPK?5nlQP+ktBz6v&DC)0b+f&idw!-ffoZP2!xs^8u-yk z5D7E`aopyB zOTRhTeU@BRax1XEs5NpAnqP=rq-J<-*xsMHy!M{xQ;9LF62godo$helfd$nORd^Yj zi>54J6k0fb{I+@4VkDC<>QWa;+^#$~9Hb`aCIGq3eIi1v^A&}po_jPou#Fx--)f(3 z4SWq}-&tuEpvliq9UfMnR$J3&n)yIb=Fw`U@!bjao4Zcv;_2D>*lYryJ+lKz>eW&x84i*j-c zxP^pNz8X#7t$lUb)07d)8x(M!Be3gm@yp+I-!8?BiC9z|x7@M773QDQ8CebabwdC0 zz{U;yO>9ZI$CQ25#rus|f_naaEQk}@)so*8VR58C{yT-8lCr5HV1^KRfijb?4#(I?y>*jBK%)PF}*qOShUxg;Jqo2zg7OmDLmwI#w^77&}_L1sK z$u(8DEL=A2#~hFQ`3*1ws0{p%+#h1U7{_MTJFqoFH{2W7x#)kz!ijwOv6k2&lmr2p zxDS_j7qc2lBaj}vJBmH0M)gEuOTVWx)NUHK54k6m?42Hrbhvvdjnq#q{(7VQ>+Qhj zmv8Gtcf5L%d2r49lQp_)g5%kX{HeJ0Hm5Suh@9o(*g)&(l*q)LoywQ5SHGqx*_i0l zrz=3NHAM1D1Us@V89d9~Pf|F#znM%xab`>R>BF()a919@7~|+}q6|nGXl|R^ZIwR= zPBF|dkos~`sh(CQVY{C{JFuL{N&eHx$BL^xt>99kHttX9&YXch_{2ebkAYX;g9Hp9 zmWE5c7tfb^9jN4%d-E<3!qeD7s-GF&cj{&#-8TLf+n&xc;RyW*O>j9ug2EcI(IDj( zK#2LL3=`iH=R~=^J&xSa? zc7HT_UP`?bffRa;=j#Fp z)GWEf;})y?zN=(f7}l0B$Tug6Iyams)OpCoar#<~Y`u_gdZbJ*ZJ1;0DfDgcdu7*y z!g20B{xm0CLElo2KBK)zXZw^vcc=8>FagwJ4UP~pRnRdiBlo!>%kTNJo@;6%Z^4{uuusBUD3vq2x*1w~eN>Y(YzqgI&N9HhRAUZOJkw?|lFWt=5KzY~Rvaj}{&=T7D%`XaA)tOTm!#^zEHW z_OZ5jQE%VYS+2Hs?zlTMC|8Xek?MDrJ0hv{JP;~Q#0(aB+k}SZLp5Ou!q#PKH@n=p z8ji{)Neeu_tXDZM<77kid>ScS8ltL+kIuiZB^

^RZM*am$VhBXCIB{0~Ll@h>mV zxoSjr9*G?N^-30neq@v|NDXhUaLfpop{!>&y~rwfvFrLLFkPy8R& zO%U*{W0A=y_Vtdfqic644^I1ccAH?B<*#9t^xFm>0eKQBug+V(mf zT|Vi^Nh7`IM3qmbEEZJfLg1$jeGL5TIivMFSjfar1)v*Nw@t*+v$w}p(v>!&SQBdf zr)+z98Bml$jtUz6PpHfM*MeBm#9lQ&+24p2EpFMF^bv!C@&lM7969frcW2&R$OTLoMN(4hE32`z`wzAPJQUaG8|$I#7Gvq(cV{BA4C#q9@;#&V z#v^CXce-iv`;Vj-BA-|?dcUlm%qUs3tp|-QTJI9>a}&>p0%0?tX*o!fv-+~w-=-9H z8mLFf88b+AF61qGY@E5^s$gq-==(We-QPpx^u&&|!<_4}ypp1p)koVLaYeLC`N zYRa7_?r8hN9R1DaNxCW7&53GECb`%bGyIUbQp&SY8=c6f(uiaMubZcbDCxYiEYyYY zpwc92ww5NIOJ6Dx$8MQ$~lZs!}r+?)eb8`Dw{3?U|p?P+g;q_7;8ttPv0&PqJ1Cc0!wR`&huua-;UK@v~$M86S*L#!uM7 z9vD=%uS9(AQlM=dNE)&{DHST;qe-4Q4*$M4ZOXx*HPQ8hqDQ{i6Ad4)dcvP-MdS4j z9>RJ?%TMu%@VVMJHohy;>NdLJ&bWZ5RhoeoBp;MSf#{05-QuhxviJ-gY#54E@WKBS zNvU@}CS@os%JI~k`snx`<U|GgRM2l8VGbZ7SDPbShc}nxX3>@bXfygKTRq{; z88hC*5t14-F#y{#V*=YMmtwBiOD{2o@a&&zkRlm=9d}8$;h{3faD;pfZ+|OkuEV+S z{n@Vf)G9Y9&`cPR7R~pl^vKd$Pzzxy7q@*@`}odd1o;1wt!&a^-*Ex#h-=vXk=JO% znz3djo`d&gCV!b7-jtZ~(Zy9WZ?7>TflY0EfQslF%lnt(hWa<|G`#q>;>9-%wLIsg z4oLa=W`%Wyfj~VxMaKOapTYPO1|nKt3x-C_pB5oiryF50r}-oLjn6A7LqONStkX*D zTkjr@!&hzww@{~MqoX8yjeg34283sTadd4xR#kbLz9JsjW&P1v^zE`FBv zRg)kJi8=a)wb7sLj|atIzA%m~=LahjZKr{^JvYA-^niZ3-YT2y4WZ+1cF~W4p?jrv z^7oC(wSG`(*nPu&8YK-@*s(RzR~g@7QFAxg4~%o^%PKKW(RRpgBZjb&+LbbeeeQ-Q zKaIME9pMAPJEkd?c`Bs3SzzXlR;>G%UQkQGFQ2b$PB$-^-S%RdGK4}FK$1>{Ps3PI z+KcyE>(WaWm9uy2*YO{0B!gs3uyjEoj7cn<%GkZ^YOh#0Xd*s0Zxk#Gf(I*fRAgz3 zx=a@f)@hzV9+P>h?WMB%{6Z>5Rz}SI+u8#HEDz02$9xJyWWxeSsMu)L&?$q)T;kbDn=j%r?!A{ zdRQHVfEaiv{I3O28SlRC<90d`kB1asF}qu(_lxdlFH zXv7qGa(K9IgeDrlT@1^X-dX*DN~jkh8>Q+&IxM!Q>yG5RIdw@VTvppc_nZaZ=~aR( zt%N*K?aDH0-&6q0pd9uSWe!N0<6Xg8`5*7Vf)3oOI5-Aj%s$i^Ca^M1D$9l5c3v~1 z6}*=tN+bCi1D}oGGOb%kFSaSB+`OG#_0Q_^SF3+}Qwdgowd5zn30B{QOt)5GP1$RE z&&%-NB4R~hq+UmAkPgkH{vMuB+ZYwV7Mu)ho;e}ls83mRw#(|f9$8?s+{m&tcpV5S z;{E@1aj-TsEdKVu@~gGC(PCu9z?)LODa?=PO5Ry)Ux(Izx(LKQ!WlhSB|$g`v@FWb z6Ce__d|U4)e{nas#d1Cu21pCtY$nR9v40x3Pw&j5fV5@A2!XhXeStH8#Vx}H=1x>Q zhl=el@%%82W$%D38ByN8I=7yt32<(22JvUcNf7Va?pcOcPyRAQ5tDH4aCY<<`@!dx+zhs2{?z0YTQd(IcEY$pb2T15gu!+UV zvKQZ@{%%>$JnDwRwJTjWpSM1fCO;LARu zgkVE58?7N^$Ftbil$pDvPEaq#JJl^vVd898LW-r(1@8YjNod;j0IJ2rGHGjqPwhy) zg%%y)-y{Tp1xmT2XX=T7>+ros2dEkk{NY$9Pm(o&Y9%(7r}_MqyFsNl-Y-40fRv6< zj$%0)u#w-3E#>gJ)7rq&dHgr~ZUPuXnvWpc)^vy3fsfHxyiFzaNv-|1w`)t5wl@Q= zyC3+%TTekm;P_88cLP3>981BB662&7Z|LcOPNooCUws4TD^LUlu%}+U$_{IQqFg2% z2tT|=+E?719eq5oF-4h3WQ14o%#b0!ja%tkoanTPARLw+xtDMmxG+HTH=Q7uAbjh2o!CgI0K1)30a5I34Dxxl#=)V_-{^#n<@anvF$$aqYz{V|NZcH~X zU#(uIp1taOp|5;KT)EQ}N|mcy$=()Dv$6lGJxe=PDJGvv0R7AKXF!o$KhuYmeWlco z&1`y4^C>cjj*@{x>x+1*9Sv;1kb=K238+#R7N``UE_5YBmLasUJ#@~LOCOe>6^jJL zi=M*9%$kL-ka?AwYe~wpySOeXt80unLTK~PtALtXha=ia6rVNYYYZQG1rURTDo7E&KEK1oYa0>ayU`In7J#aj&SIn-7X|hLMRX1 z%ux$!-~TnNRgFf*Z6Jk9;%4{l4{B1H!<+DPfn8rs>0*zp4@SB_NINnZe~NHM1Da1^ z@`mq;ThW7k+8&>oS8Qqs`8Es9>=}%Ziz+#00(FQzoMNxLrk}tUqFsMar;`7--2WwZ zz&`_@>i<*jshFEz(+@_Cnu9!lKjq39Q<@U-V5#}FoigQ=DQ7+(_NV$+wQPOr46bDaR*=09 zI4B7cQWiM+_U!U-wgcUEcFq3YXy23|SV$*PWli<$?VZ5W&o-r$<4O z>k0fZ|5neiPyiLLq@NS^9k3&eko%{==4sKc18k9-AUmKIr1JA~YYBn|jV@xljyRyw zdh_o}E9?u=Zi57T!s7-tf2oRT1DPR zxdm@mJFULCI6KZ&^09!>#_oA4Hz8{edN^n&_ks^KzR%uIl}2ZLeFIorsd&s2X;3QU zvVc+{R~hXF?WBK-T8`5E?sB&Z%^CdbkJmil$P#8zu}ZpC;L)HX9F8H=h=cLF)Hs0E z0YZYks3-$-RY^l9WI~~SIbVzKGkxWlDXG&!nK$@3_c}@O3p^(FJBwsum}o1pw`DAI z9u{Al(b`|d?Po+ID!B=}EC!`yCUBZ0#K2{dV9w4DGGrO8P6s(XsoF1@`V^eNKuRiX zgOUC{zbQ@lwf9-l+i1ym}E;f2!&@hT8D?VJIgB zU4Ay&nX-CsRVoNak`CJYsqEvvoI<+Co`SzsaMGY991Y&-41T8za)Jk?!%GST7n;A|cf)tG!BOit8#gE@;y?TQvfYK9)-4YVCC@6S}lM{hnpS^9P z1{T`$99Ea08|LD$x=_RF(h1Zh&xnPRFy-kQar67{-&g+Rs_r40PmHBUnHuZL%usFy zm1fgVtbtzkgRL~9uJVv*Ad}qA>m=!Gz*FKqGHATM*gm?6{jj(&k)o~`(*4KV`@99G zX=rw3v^Rib9!7tL^MeGa{>_OFvhB9;N8*uDlIR}^UP@ztL*Q%fIL+r6h`=R?{ z5IFfeSgKgrG636*7`v=NyXXBY;`sI}-7=&0hcR)RAKXoUZST}u{Tg=wc{uteaAPbz ziIJo_e|Udhc%?LN)hTY_a88NV<4s-e(4u8vSFPmEoW;05lnx8JNh20EZ?Uh>3KF?@ zfd|x03)S*GW8=>`blx*9+z$T@qz2~SQ6S$zoIQC9#AXhJfc;#mL*7y8Rk0Mp)9|q) zJN>o=*YIjYeQaT*aY-@Yy`SGmAt6JnW5V&l$D%|HK=`;JtoZwLM+PpWHJs8y$p>|S6)(sG zjNX$VJk{dJ>;xX49gtN(r*@>{6!hC2Dwz_7ciA!D4_16h)XKi4n9b65YLz`u3X($~ zY*-{8o(<$v3kL}#xs~6TC}FZ)i`9SD{;NWADKF+LNr7Y!MYtA1D`O46QCuE$%lh_&I`1NFW~$ZeU5UY^pz} z1?aop_&3{z6q^A`n$G{+%^+-Me6LHEmIw}EbGdRi{OcapQYU>P#^G-N#T3-Y5Lhdhs`f;7 z$kcDIvF8`JbT1`UztiINT)suKzlCfdKjs$9N&ha2BQ)?4t*%(g9_7BwNDu^D>l;WN z_tWe5)D5+9xU+iY8f$=J5NuPaDubYY=V_3jX2(Fr6C#l}%;bsqpO~@UVP}gO1~wtF z2Op+`Ke41Yt&O#A*RPXtrYZoB=m_T^55>k7Jx=Ykbib*7=AG9Sxh{=eS3qWrG}lgI zTIo`)Ze}RMeklFro&k_PKLV2KO9t~`0V&pbdASakzofEnoZ|QZA9QU_r;cr_;0``* zjxsu9gf9qMcyc(dBZ6imh-r;K;GI~p6=uRT9Ag%Y+awl%i8s8WOVS4?sl}=H!)2lf zm(cPyh&2Rj7(jr3vGz`6Xlr0c*XU*$NUQv>UIM5+xj*1cz{%vd3OnL#XH>w2brFhm zKGRF3zmeSb=6qs`DJZC{?olmuJLjvWO3EC(%pXNPz<&#@TUO5v;F9@L=JbBxV{}@$ zZXxsVqj!YG9fSf6rBVd&hpOPomFiVbbbw{iz|wvld{+5~eO-ff;j6SVH8cHqM;bI_ z31RY35xP0%1c~h0YyD^+!YvQ2wi%P1)?9IAiAaWyx9A>GFlJ49{S*6SAeKs zrr!?LtI$9HUBuJgxRzU#ub$@vrAzM3=h096vU4vA5)AL34h-WWeeB_OV9tYX);o}| z!SU%vpGWTiGHtUx=~;k+)FbDi`Rf+HwLiLpeAEnidsPY?JQI3du`Zi#G6&cOjLZx? zmu(l=9lYPZ`n15kaC)F7GD~Oc%T$i{+2T*jW{FgK$=wW@NKdya3rJ~Nm9e;;%+!{; z3}Yj1XUcb2-G)-mP+B_Sfmg7plk+sfq}%b9H8DV%1knVJec;PXayp?a*DeW4USeNh zeNk5jYhlIJ>(NRz_PIg8jrtybYKw}A!-7a!>3WsF8G<@I6k;Xn(jr zHpDJkZeHCMOhr;*x9hO-o&el*XQqM zUwCu+eKIC?(=H{(J22ZAaui5P!l5OVF>Sp~Bi4Ihi_`DPit-N>k_IUp^g$S$os_1>J zv4PqGUo_|YLm_o>*zg%2x@*-q4RecDdTO}e4FM~0DMO+0l#2ah;O8aFtUh_x6_l~b z@v~XWIdSm^X;kr8!3387Ut?bx7S;E)t%L&7AqFKVC@B&GLx+GM-KlgV9Rddwqz93d zl#-628$>!qx{+?A8{R$q+W&{=)w#UJIp?gscJH;;z3#K)ncRZwLmmdz2tVP&g5CSt zDFn9eWaJ|C5aS6;C|a@~a&f{g)n)0@(TV%HO`YrU9z)3V?FVg)A09G9cHt6p^lK(> z;UZ1&s&;Y^@Q=n^SZ~iKQ$C7pf+C&vPx~4rhTQCTiuC!-Tud)uFWi(!c&yMQo<s1CRz;C#cArU-V{Rtq%L)(>`l{;x_%-?R<-@Q#QeO`)R~MRZaRe>tK%?n=jmS-LJU~foB{8*VifZv7G24^;|^&)1QAz^j= zEbab2NQ7MB7BCo$R`Zu^k>Ou%ztstyAkm$6~;d5;|6u!1h`tBDO0r0Tjq zAqAoFCmR_yzKY6{+u)_sx^Y4CQjs*Wle`%^**q)#`N0}{=9v<$3UMIM_=|T`)keh) zoET2QsD$_d-l9pt*>?NkG z=0-PH%@+fxh+eK*Kr+DFcbj!T7<;#?Wefdu?<)-gK(etZLOlshm1Ul6c)4GHO#Ra# zoLTh_sxG-_U%HHbdnz7c&i4VA+tOnI1;E7FH23S4brQC?c@)B353n@T@3o%3tY|$*|B+n{J-yV3;aD3J>rraAHlldFXBna2kD5WdBta{c2FHN$=7`ikZ|L^fA$_gN z9oy1f$p=9*l{rJNCP{Zfe`&ovj`!oVJq6M4l}#t3>fqxSt0_HU?geH?ELo%CXu-5y zcTmqI9aWUsuns!o_>)hBk9Oym$tdZZxA!;~SJ%_tGOgTdkYF zYK!rYnU2F*R)M*Cwx``r;{FIPMNtIIhR!ajLZ1>w+*&RxMUa3UITvYZ={j(Cr#u zvJgWK%Vy-T6p}{W9+vM=B+I%NC;d_Tg(*i;i*E}&?DK2^!%eVO2bAws_Rb=RR5Kx} zYfTq;+hwbv)q7kDrHR7rrC}12Hg_cXti-jBc&&u)pSy{k@f!}IV`r&eu`#sciKm;9 znJLt_LIZfia@0FZs2M4rQ}%ky$XDHcbMLQVXtO%=0TkKIvr;+b4Es0Lv4o7Z+WR>4 zlUnlV(J4?OX}oq)Lc!y;pkVbp={SZG`H?n@*bxWCWv}|6xnnm)2%PF7)?e?8_Sw_-$UwV zL|Jr(N?rg^a1zgtWIl;aIrW@9KaAPxYFQ!6Y&IQA=EL0(@C$#@)*8ta8&&`n881?3 zTjqS&ss)j@h;>*)H5P9yY7Lm@sDI4!X5=1Y!^DEG0bUB)mQ>&mW5@?}xw3F{<&CyXK&n<<=?$VjBbbl5TG60kYKY~|j! z>>>9N2gBXPaQ`aQAOD#qzEGpZcqL{VEgKUSGBtD!Iy;IYWNcSq3{1NbNzKWrf_Z=R z-T=2Y*5y78W$hs9lGA1x|h{j(fDMuS^wsuO1?Z$}?@7utC|JU!={VB$o+**Ri_+PGz8T zlsNIJCjVG~P!s7w5d4KS)dZVebz%lyYdFZ{u>5TPY4_I(sS2m9!Cx#@XbDxDfs(b` zb6`oPrgehNJ;Nb9hIZ6RR<+pcgi(}5%9{`67w>?BJa*8j`<1=>OD5z+8ZG&|99?ZH zM2^J)@i-@gV>Pc*&E{8o>b_3hJ#XG1uTmBZAp>2>EiS9+^z|eCZBqtiF6u9>h&L@1 zCG1jeW-8}3!b~J#BHr;@6?TThP*awA*U9VCC7aXIJ=GI@*M(X7HR;$>f@VC*kSIdm zX@6$f>7wPt*%G0AAIs17|@xE=gq^64x__`yjO|;D8{*9DQv;F0j9wL&H4isB#c+{C9 ztc?+Ep-JwiLGBWhF3c~+3A|c<%F^>W?(%yc6WXKkW;>k9==QM}d@LwBn_4%yec(BY z>pmK#c#r=vYQk;EbF=P9Xp2~J9xHg+ry56|1GatcVP4ewJ(O56!0h z_2=_$l;1=R(qVpI3Lld&*Gy>9lUpCp(B`Si^0*ami}Fa%h(RwT_BqBLN_y-hTC6hU|T>S~M!jA<=h%*vmTe-LKe)0Oj*JF;=EzzCQEa3%T<*5|G zBouo5LPp8RQ0MI7t@K=TdvUzG?{07Q$dNpOx+qK*cDEW_0{aPb7w{%R5SziuiC|)# zehR6w%!KjxOWuCc@gsZi1*J%?>w#YTqGJCc;JvI5y?}oPK*;tfanXb+=!iTY=S~u@ z7p*%xX7Gmf(*3n1OMRct17*awYFm~y35!pv=Z59^Cs|Oh@8!$>IilcvgV3Qvh+2N%KTs{3NjB7t@3l9 zE<}a)W*9G&ZS316gEW{swDQvG7&`)sT)k>z_D`~h4+(w9QTx7zYrAyF>rV363c2W< zVoKI*2x|GYdb@YxZNgYx#tq6E;6{aOvYIV| z+LiW_pJ)SbZ)bHe4D7GKeKDv@E>y+Oo}Xxi6wLOx0ZgoJ_c_+LV_ZnlsGE8a1Merb z@BT>ktgcwL<8s8aJ9O*Fu$JpsG_}9GbVC>zt+wZI5Q6S80x$|T1LRm;KswM-^?xp> zjVSla<9!&D&B!8`ZRqxV_JFlOUXqSLA~uT_%Typlh953p=w2+c2M!<(se0m#iE~7^ z9t`klAk87@FMEg{A3%^B0}`umrqi-xFQJ4vY1e0jhe?>JHfBUj5-}B#{Y?a)P^#IXQ6e6dad;y zb$39#G3#-R*hL~expY09`|R{T_hQ1F5?V40G8v0L z`OZK zq~x;YDp!IZ5A{Yhhdbe&$wi&;bH{F8kjgT=fu5SKC*J%WM#*{{p}#!(K!y=mHJa;$ z`_AbtzqXg6;`xaX=HH7jW$K8M7EAoUMMymG1xQ(eRa2sm_i)cdp_ei+aR~qNuT01-Fq<{!Bl7l^`ca7u*mT1fm9t>Wvia#Wf9uIyR5}!)C z;yOXVa2_x4p?dxP4E;?xl$p<83_ldkvJ;X*o2p|8bPiP`>k)zX3YBK>_p^BN7~0aa zO3-&+Ynpf19%*CK@+McOUTVHUA3*^dVKEZ&shfOi<7i`+MD>#P61agbDk5WhIFIcl9{e9EO#q&_A zv*XB>!7%_&>mzM{>bh;3V^!h0t8&#$aP&~uzAl&8@a>}AE6>hyFgd%c^xTIs?MDL( zEftuID23ZM0`~*Rt6F5XAxwjeVWd|gv`j{IlHSp6J%Hq*`%ZsmG$m$Nd)5sVYFVFZ z39Ujre<@t5Oijbah>nP>&t?i!Oey39XST!4RCDAXr9aM)p{ObdtDUHLhZp{2Pv*c= zuSrIzF_}sYp&!4g`Pk?VV77c*u9n-QFCKDlW3VzSd3gstQQh(wip!S-ZuZj~NEnFo z<=$Y2v>?2;dRGxNZ@UgDonDR;s&^Bv7T+E8q)i)80HA`liywE!7GLwrdQ)YN9x>;d ziFZ@RyAk?7;>;&k517Bd#u!$3Q2ZPNdEj#}cbI=M?4PZKFUivAQcaaPoT-TL3@czW z+tR@{Q-H9x6icZxPrCdVqF^E?ham^aG9z&k8LC$l)NiWN(rpKguNM4=GM6rTW(wUHeNUFe+A*k&QT@Gk#q9lNmPxQU$c&*Ucm;R76r5FX zyofs$85*vZ{z30b=JT1yP;B^-slZcU2{ooOwLCYYqkxtEaMGcBtTB~L{ zLmBrS{l3$=U!`o3=1uTf<;B~lRlrlz)|Coh=I708kVzOS9ijcnEZ#@&1Ue@h8n)p( zC2@w|G!M{kiq)VqBCGSs&&O!)<87*4% zlN2UEL(ev=Ah#kUg6y5%Y@2?|;2FoTV@uYwQTEQntt#h`tj^otQ-h?Mx+zT?;P8O> za3Tq5{&^+j%Le9KLYLGa?@IXzWV)mCW1&qJu$|-^Kd5wA8-p4356%eU^ zOaR=367{zL1R&^Vs}A^2ClY6Mt@-QN6VjGf#}ldqXFnh`3d_}P-*gKA)i9Q;Y5;TR zjI-)+r@kKwEnKyTc~tnW1y^rCAtzO4xj8KB37zHGPO78Nx)fquWew@nL^irE_lowg z&Hk`WwV5>u%r+sKj^Ss9zD;bwYymNY$HG;=!`V_jprd1_E2ZEb25-(NqT6ZE;R^tU zLU&=^0PhTZY`c@HT^#1!?~!pyWQY>(_30<@?C>i|Gahqfd!D~w$j}8DWgUeSF@=(t zT;k#bg%^`n32V*zbV(lfz}{2Oj8cIGb9ip7diLj>mM>FLt+nls?U9*jSbrY3Ri-D7 z(dM|g#da{;FQ?hPc)Q{TB)J}t0d;IzN);IJ-QsiPH4LxA`&^4gp|Y;FT9w@u2@tV= z#95;Or}lyJj`me!QKX%}d>K&TJajcJ#d~1X%8EEV{!}GjCCp#-SkdIy^Su+732X8A zZI`vWp7c^!*?LTx%Ub`Vs2h^;7PK9sp$B{Mri)F&VEl#lSV(CjJ#86GV-fjed$el? zgZkp{9z<}zTUk(yFwkg{N#2Hd5^B3DvRmLHhPU|~$KR|SK7S^Qf|u>+7Rt5=kb|AK zNxK6;GrEF)S7R}XV+9UAC*)LnD8lQq<~A~Gl{4yrJxeOt^p2Qs*gO8bi~h52m@O^| z1iKsI%vK<2ifs~Z6;Q3Wcspm<@uGldcXMG&LGp%-vDbX1~%<{JS=|b1{ zrN%9y;aWpjUWY5WRqdXUL622-5boYR7Z$rmkm8XX9=SZgEcs`=-qw?#T7i&;ay{`c zC7dngkSZH%A2+j9<*^VNTG~NVUq%9>X6DIYR;m5bGX5y0p6i_SukuGjOJgWQI1Sg0 zAFMD6B+#x%7|Oafb#s(dKRA1R>eAnH@v8sFJJXJrd3v)_J~)4b>%d{Ha|DdT1X8FW z6B8$nnMt<6TEaw&5W)<$IOm>(H_p?2C_JHF2}jht%&abnrL7tv2?R4H?irsa4;E;o ztq8=z2?$j((W>TaiH+S{2RWg(5^fB=6d5VLAv5!}-+t{RC$gdCPj#GquQi7mbVVw= zJMMR?_h+c}S$^0d?F>OWENiaw8$&LUwX2glcn>@Cfos#z9^>+} zxb{nf6kQsecE@LTX{H*(B^AdB^X#P_6q_A99JM!l$2eq&n7E<)yfFvQSid2B>-O=- zo{Py}PazEs)8H5fGd-k5yyKGWqUlyU%{H#G&iU*~7+O$ezLBjn=OuXd5yqbC$dfA=_=+!3O9W6S}2xGpio0K@S5Rz`TWXf~c z>sp`YyrUOyauT0UDDA2^j-`Ml2;Monl7)#JwZKB+0%#{D>_q7kw0t}Ye@YeikRS6F z9UtfC%T9=70ee-Jld{-5qrFf%Yn{{5nWy(zUZ@DmoYHLFI_rMupvz~sf(@CeREn3l z7q8RoA0}|S-@H3y-8iZJW?-|J6_=7H=veu#Gl?V8e=bGJ*c4>VuhQ^gUwC8LXM$L= zN%A3zu}tFEvja}?Gupjhqm4srO105P=sL?6S;rMeA_uekFsqj3KH~z{d9yunIH_-~ zU%D%wsr6sxvgqL>D3KOlyCx>U{muT!Sn={H*L(P#tWgPODVdNr5ZMOws}`HUhQx6W zjex+(V!}WFCS*#=aQpcM#w~Zfsk~e6EYrvhutc3 zCRJJEvOMTUV6x*@={7a$$)ylxXmgS_siWlHPg3n+F#|`^v)!}{U6r?Hw_CV>L3PqR5>ZR7!~XH z&0Wx4WZEuC3rNs%K0W6gF7_aD#ajuss;Qz@IbHjKt6mCxyC)IlJI($6CWKRs%xlDt zRM4b`m~8@lPg_2K6v%;&Ql+E&K@x&S-sH>0sx8I?9jAqR0yK+z+-xLHoLKx`PR%cx z=WN2Z&f4#XKe9dvAqD5-ukHuqA$M&j0RD#Gof4TO7SkG8cOiBXxvs49;G%>~VfleC z?HaJJk&!EVv!XXGRu8D!5N_X|5I z_pc3fVZAAV7iFZNQ4DFn@Bf%%zP%euJ11f2{f!cIK{)!t#5>3~8LL z@al0PaZC+XI%-wO(%9Q*3hzlb&=~GLc6qe*fVVg81+hWq9Rg zZ7+fPt!Br?;mlV^Y&39x4j$_3xkc`-8*uKvpSu>R-a=`6RSZ2EVFqH_~)fTI-Axe6T4JV+R#{se7vXR9$6p+M*e&iVmIsj7wCgr2d$1avis%PpondxaX>avT zbC0K7x@o7ui8kTN_SODW-7I`rhEX5#uKHo+px$cB)KTFq=3O$dQFIs^dnMPyZ(Q8RlES$^VzgWqbS1#;) z4l@{;+RrtuisQj%>R5XoPM_qFf(fH09e$UmU{FlK>`bOUsdM;YipvI< z>MnMcE`~$9R-#HK4JpAp`A2jEQbk>M;$yEQvd4ST5`v_(ETnY)8CEM)yv@q=-gB0P zt1&P9q*olS&(M!&JT$%@PN6RNEplk2UN+!`z@kPcd!$x7cn=$I}9PQRR7a*AE z&(xIISMNP}9oMQf(v-J`#o~jE+Dl0-x>V^V9*-#TJixEqM zUtptvFF@oOZmA;W;3kP1_o~!<$c%Lp{MPKgJxHgB4@g??DpPruc9F)y!soHZwK7ha zZm!BGenGix4ZJ@1A&DV%pWs!S6)@3}hF80U-+8S)j_n>{k(R9EXJK;Xk-$j1b?c4$ z`g{_A3m|)i*{Px19dFzh8rzhZg7X4ehlk3g#2Yy_=}!y>;edhQW%CJJI2R3d@anzf z&wlUn-Y#_K!U%NJefox7^FJ+K1+fiuusnr|B2BtyicTEfV*&BS0c0l~#R;S<#S;bL zM}>i2PmoSM5Xwk{iJxiHN7G(8${O}hbh*+t`cbHc1ZGMCT|zvFxThLBbtS_wnotV(*=758JHItwdyJDEu%Q zJZ*tbh0++qv1k8?YZc;5rFDu|6kF!a-ydPtEbU4--?LY$ivmFOx~pGJGn<$U6`yR+ z_dv#!qC3M!h8^^C-LoExEdr_+{=kt?MdCQV9x%UwH3`k4O5fpVoBfytvfSmzVp{|V zLs-Ma$EvsrHm}^78t`tAq3wGM{`rcy4Tj32%kzA};ogt6%|N^N+C}5aYg|g3!10fC z@*oXDkNJ!-?XharaL^P8ObBM$fxce#vV!%)3( z9#*eeakBR)FUo4S8LyGZo(p}ztS1r6p*e^x?{U-=wFMIOd+Cz!Di4+y>{J<@ObMMd zwLw05r)eA9F+s_8T)CTe^t5uGbgn(DW3nkMH=!Z_QQb^zVqNnKD555|QAir_AE#C`YK0 zS4(kFu3A3oUvheu)Re-sMq@I-RcNttCOi3!oFmSCjy*~K4jMH;-Gpr`xvU zBoHvNE{$2VF@3sB^9PL)QWyFCdEVPW!wE(kObzgAoU}?-`I|*^L9|o5!#@=mSKViW z5^ca#5mwUVoUJ4?n@Vsu(Wv?KRtGTe^jm6?qGK(z02VDODfKz$vn~SXr7hq7x-;#7 z2bPV3>XCNq6D6vjRya*GC{+~|l_3telC0mA$L8mZbk-EPAH}7^ns`6?9$_#Zy?W&8 zv>Xg*X_CPk(qxGGBYQK)%_j&WtaGtPf_HnShF<+V^=Y@0+`b1w7sof{Uw1NaqRtJH zYouuT6q>0|0Y->{$kh-hS8Ne+9A$lTUzN6!*0fKTXjwy8)Gq}z7BxO57M z9{{J&b27Xtog?<#0pM8dznm~ZYkBsI8Ff#;5^2z;z@)MU z(ufM{VqNp$4Y>Us`PFDpjeVZG>b>AZrKdq;F&XquWOxLwI*>kEmU6z)MM*Vdpl^Wr zUP!(g**FB@pSkY(I`4B)P>;9%xI5B3x^?&`QBNiR5D5!5LK$c4G3nLJ_n}!?Moh7< zfbA#~7Pj8C=&{eyjD0r+?dCc@LB7sx<*kogX!$r~S2Jm2_ve-Nw*E9jAMa1Fnw-D3 zn;<>uom-CPbcxC8wjo>m$%*%BIvbS$iWTD}>BHNaAn3InScqs1dm6G~-L-mwVa@G3WuGZs?^5Df{}tYpo4|BetL;O6m z!6tzf0-6VIV06@f!28^LQsYokab^s&YTS zY=4Lk4&n#y(~c?4*ULX1C^v;Nl%1G~sV6^J=)U1`B((0=_$?0Y+Af)2YK0_)7$IxV zWYrs%{k8FTAJe3g?T>!=DPO$mIuwx(bvms=eegU=j(gTB4mbyrH`e$1e|-B%^!~1Z z|HGxwgMoi=gAf1?Iz~B_O_$}SyB}l>>9^F*7t_fSv0S=Toyd}ZVPAO1v!~3d^(64* zjU|tH$75NwWf`i$b>v)~ng|he5hO5>c-O#^6D#$lK>r=}m~RKJddE{nyDC_Odg1(T zW}k_@vA%N2Ry)XV_;hpe=llA>F3qi%e3?O87U7Tu?Q4KyqXcNSz_+ii2>o>DxZ-T_ z9C(VKU%IatSxP&OjCjE0Q4>qx?O%?&`L$hYJ)r@&r zeGzJcSjz^v@Le>4XJPYPinQ*2=ym6UeFg&MKC4RV!h3DSveGQKfJJ`|XVb*Hn~&#_ zE)~Tmn)(y7g>nQ5*r>QK!SvW`u-HWa( zT&2^rkN%#)a!2z$bZpwM8=Vq@-r@vQ?iAh#SIwVp>O95|a*JOV^%9+O|zO zUR7MoQ*$Jm&mQJV{oG?JzKscbXl`kxjuQ*EoZ}&VOt5;P7E;S{Fn|X=ZZvMUl5!d> zM}099>+NiS8+99{u-aOiMG!AH)SP4Z~XoT+rV9zb${OeRH6zXt$|tU%MTO6|1- zvcTi1n$F^Vu0M9^_0ZfjZNmIxH&b3oRo>-d3bo02`+ApIUP?RlIo*0lRRF;BXUNmv zq$~-ZOk)zlsxhoASp=}tthk8w$CjTy18=HM4@7?5rp1QzX&0}$Z;MQ@0_$N$?&5kM z6Y7|!Kd>sU_z`?Z_ld{Apl0y`?p0!dsOJ#7#f1r?cc_;To9I04nxfYNv@AT+Yo;^Z z`r?auA|5Vl8S`quPn#7LAe28kB3EM{Nu|SGRf=_06CQxEJdH`>*#e&k6DN8-4xOzJ z=+lu5NIenP-T@n|%F#1)rv#9x-4Rs-l6yq)u1>0^&<$2A5c*vM69Q8{e12YCCvMP1uDwdHdO*z1cawe<)yt_f0AV?^35Nl=NY^OJ^SP; z(|6j<46KA(Ig>UzXEubcyvolHml29J-d*e!Lwu|su*fOyPve2QHS6uc?bK>^++qY% ztW_DcNnot3_y~k6=I8gPU1WQ=DM0xAkMu$RfX6%3AQwp(67)P6z!zM=2Swkb0X_U7 zX`dhPo7efbhLyhizFEa=I4;&|Dt<4vu6x3aTRCXELtcFJMv)|QV4oiq$}+cEHvZ11 z6w|R7Ht}Fd6u_18t#_pcAUj>rxFKYW6(1x%F@{d_f~Z0eaxG7hD5M0x6Jij8Ozdlz zP|p8R`QR7GC<;|SGV{-DW`PVKzqn@`)Isa0g@8?BFz~i90Lo8)0xcCy4k~f~5F-s>mOrcvS7N{lw?=zzQdHk(56|<8KUzcUu_Cv1Kt0a z4lE>He?*C>cF?Gs^^N!12bNAD2~x2cBw%(A|=F3V?&jX%!YI z_B%7#GSu6eR{>w+Fx{JlU3CksI{B^0StRTWP*lFx=}bEFwOuUcGLXM--!zmi}O|H+WjO6KJU%vxecv=(1G{^CHaI|(@EPd|5^f!AD`lE6NF zGfq$eX+n9nPT2wQ+f!~iv|kRy&gxJvlD?ATMBo6`~fY0nB=3WB#WlP z4{54+{crF=3{W)RgKukhM;3-@vVC-7T^-`o482eREUAkMdrtvt!BH|MOe}!p>yMJ| z2s!G>V6u;XvR~Za?rV?Td*yu+z&@2yE+ArEYfuVVuSdVD%>*0N(-ae~cYo!r+{ecP z!}R? zH?y*0{M5Dwqsv08!HXvkC`AFm*7r(xhT`S^YY26{E%WyL=&i5P_M3e;v4a=EvI56S zOkt*EQ^U16_vh0|hD+Q@+rwGjfkS$7UtjzO4o#Jla1Y6IF(!zxmqypit-Pc?*V$2! zB|VLEl#oQ$Jy*Agq7Rxny9Ef-lu!bc8vAp!Q6+Vu{Dp^7&ROH?=qw?3vZ|f5LZ(zs z-!q5s`~QhBj{Ip?(Tt?LyYViug`8uf{$T3V^PKNEdxe5qH+#m$;vuzY)y;LpMu@|b zKn^93K;I`2dbcil`bs>8j^)L(kkX!v)A;QQ%aOSJQ|SBqy-4$qbenZsUSn>dn_ofX zifSqp@U0|S%~oc3Y)%~7?yFupQ4gBNoP?UAHU|M%uwZ_ZDZ_2G%gfoLWG;3?n zlc2ptj2G&vyfS-yH&1-WcSH4U0PPww;RBnJiwy8J`kqi$%hoWKnVx%VDBK?)(!)9h z-o^|MWT+xNaT8a)HUf#Bm)4|a+pj^G*h3=4)+1MA2dx!4!mYC0hz9d?vLhkod}Z>! z+PJJn{7<@lce=uF(bP>rl`h#ei4V+grkHFcmpgAI_tYBb%)Sp%ZSdb!UXFbJT=e5n z8(HyGn{5u@j5Ka#+WKiKmz#8ac0(jVd=)ph#&z37%7}34c_YAxyLJvx)@plt$R2z{ z`nI+xgHj4oW;NHPhC>750nVO5XdZAsF1O?HRqO*INxdH#Wzds3DX+Ka-_NgVGD}hT z3qHCSgv(pgB^zc(QqvBH&3wk*?0UPuFA;%e@5S21HS@^6YU! zujuY1cbbD-bPRN`$cYGj(g&-#_ea4-m$lX>5e-cNf?0O7J#N?cV)_+%ht5k?YEt``Q$RIs@N5iiCtFZk)5VwZa@*_md)`>JS&I)u;1txlkb|s{#g4!^zpvZ zUQy(b>yC(QUPVV#$kfR#eVyCcjTOC{K?>BJ0GjKfVSIdWdXtSX`Q8igJb|WiG zT$BtV5E9FA%d@lI)5gz#(A5{fy~HPUcqME01~Ga%7{+g@b_kKfSQrfB4=)#}z&YR^ zHGU`sjC#%Qq3uOYmokS}wOf1Wp#rs$JJ(&^i(L-DVF>~?6d5Op{Z8>Osw(u#G0F1bRcSY9>>BUZWTIt0^)mhHxAB?4Rwe5o93sUx2 zBCG*;txR?q&=NG1!(J`qA^%h^A%m9|m(~s}|e;X+V zk)sqSG0?g>rb?q(YEfQh%S24CAmNWqqziom=)jI>2pN9xd3iSJaNBY4hh7R((;dzQ zL*BtH){~CR^iseQESlS1GO(TF(ot7(5@2%HCWTO9X-y^H$TO*`a);O3Qyv}V&&${yu`Y}AUi9ApjD0PeZ`u9w zCxqui<{V3lAB1k7NRhJ8Q|5s9eO8)(-gUdj`gwr5;NXDnPB+LA#F1a%0QR9b^6;DV zxsw%~xP-;1sQDb(0j&6D+cs|I&2or!D!85M5Cr#8ZoGgsj+bL}7KLLuip*sb9Gv<{ul(y`1-NBHK-%bi1;5cIN+{?ctiJNVrQdm@7$Cz~X=S&<-1%faM7NBtpnX zuv{-D&rEEc6xmIC(T<=SbBZ3EJ7J5ND zU;vVkS^E9vtTAhq1K(WQN#>xo@`F(4WD{U=yD^ zwW*dL4aTmcrBWNWl#;iG(cxi{GGH%!-kh68&9Hvf`}&$syoukF{7`VBN1D($=!S5> zK8a5c&i?@A2zW$edh<^;HBla1>_1rZt62SkE*0O1n>*7yz&o;Ms8X78lR!MnDwR+e z#vYOwC0>`~<}jD0F6|$cdoofB;;%kQOi=Gw6xiX%BH9%d+Tdb^cD>pM<33KtFH{!3 z!&?9fI>K~Qu_mE0P()XBWk89yfBKd3tNRqtBcyW_7TmU(xW3C6$t0s&+J|^^9h;0_ z&Y=ac7wMWqKIAn=NpwRXXvL}vcyNoKa65Jyj(lC|ZO-lQRsp##FA7{dUQ^nyPITc; z2Y%88LHK-n8aq}BW8C9zod4rQ0O9viz)-gOLin5fyoX3+N7}1^g)mU(jtPUqEU&rUTBbr>5$Fa%vsZ0Xia05o}FTh~9W7vK}Y~gHRhDE;I~6%|5zgi}z{07!EyBs_9sGHRp=$?BF>{!LNb$R|}5M2hLSRcJQ6- zDZ$FR00RC=PbBm$s$jM}xWW$>VVxa>W6n7pZ^Lt+r*B^ z_u8wUA*T_r=sAePxj|r1Fatw0yrp}y?i4PA=kTm09VXm(iU)?nZ7So7uYnUM^jpHP)J+eO6M7NI(B&)nt_4bSE$mtsrPT&;5y);} zE$_ikFD(=qysJn@uW!IDLnh$G`mH&Oshb>+^)3aUOR=_hZ(r2D0`pi=9S5JbTBzla zp_B!8V}W{BnCnxLyvLK-tUPu#WL`??@xJM{Q40nqAcdS+6%%U zV75aAZ$KVi@y7Q%cZVz+^}8%!<}N%&U9tW!vvGo~)29<$8cmTb5M7J^Y8zfn#R9Xg zLC5xxZ%}cpiIic~p+K9{(t600@H-=%Y7f%EeD(ZOXLeSJ1!fm6x6|wlm716{h3I#a zeSodu%Sq*XLt((d^fvw-l8KHAoRw%ELw`a<2tYPs5Lf$lvNp`|=V`@GJ6*GOQ((GH zlbcE;Lp+xw$~;4aY6KJD_Ps3=MXHf$)Rw>pLo%&r8EWCxxL3q>fP|Qg=Ql~qX_k+sMhJ=C;5v1 z!dU782g8ME76nO~sv=3BkxzZbN^qmDNRqy(csL>-{tYj?)+shWPc_SBg>2kOZocmY z*tFK2ghpAfPb^|m3cfoyLn!o6ul)k%5BNNOFUW{>r;p&xJ){HTF_GWHkod<%bHA)G z{65dgbW$^#<9~nx*fXV1UU&PJmu>Kw{Xp)wV~37eZ;ij5@A(A>bL=&VKF3uUW_5_M zu?6e-KOcNf6oPpK5oZ8dG#YidC*!x3!7o*nm7_RjDRMuB)oKkYp2!SF4vQ_N#clw8 zvuNh~arj8j%HN;pw@7yb6#e!goe&DavzNdeH}fr@m-=Y4GWSTSu8b#!?|Z*#OBqI$ zfuat`|5tqP6Lv}BiLBb?M-fT&^{Am<5-HQu7{qk`@Id`b%?*&`?dx*M^m~&ExNlH| zW{8n~qrX286*dSD5?xy&`-uGY6!=?PboF=>|8)y+U%dm~tz??+>gS-~K#=~gzjej- z_@A~wCXR_By_3{hj+cP2XGmTOG_n25g8#lRR2)Q_LP-^M2*A`u121bJ@)CmP9{}Ih z-;MIY^C~i0c}3Lm^3kuf!2LVyJtFY0JAmWuzbtm(lv?PyWBZ?K)#Cwmwoq@%B3Z(` zUITTAa979xNz~sJ2WV(npboSULSPK2y#!G{7ks<_SIhp{#IKPGcU~qA7F+?Sv6~o# z>6iEZU8Pr4z-9SZaPb537m$_!a`Omhk=)1seDL{@4a|pFhyb%rEgW#K23~{rU3%m| zF-RXJ(2xoMo@G8| z|5OPZs6&oQRrp7)BPUSjD{bfbe_N&!*}xNjusO*KLxA)m94#gaFmL`#X%8fzFR|X4 z2ifl4??73v=$ms<^R%Pl=<+WB`M{lS?-S2@#_4elv;i0lL$vh>SA_P07hNJ2|0 zRHFmrFE7!+J;qpI!-*-u5(o1Bn^9U>uKESJsc>RmZ;ol`egc#Jo$BRb5Ty;4lQ$SC#2HZbE zE}4ISyjqc-`PRTk`GD(}ssY^MU*NfI`=5@gr$UYgjQdrWi|tF~?3S)vi~Y~=%#i}~ zX)u`FSO%ys2D)2R9x8Cj{99e*m+9+3ox`hv>Bx2$EC*#_lDfeETdf5o<=IY)9~-dw z0lX2M4S26Q|993+BMF=?!GB*3b}F>g#*ogt-p0791R1F^p_r;vuC8NC-@l+1D{IpbBZTC9$wD; z!V|jU#er5mtS-{afxPg?9dktA5n(KfLqTjx)j#czY|Z-D zK&@{y1y}w@Ut4gYqbpA6UyXa&HPOOAD`HkPw10KfWqB`=^_Vy6{#_{yX`0Xa#xV~W zy)P^H@A6+)f=Bvt0S)7Cb&q}y3Q@9A!~VUHX?vhnx+eF>-yWcP91lb-QzNMUry@4s ziI!lpzbXR#tzWbPC?p)AM*Kg8lml6_&)|RG`PUa|22hhx6ULz5OaBFdLK1L)FI!L! z{4DgY$l_lYpvzh32`BIQU5Fr60Vucrr#jDX3dyMow#ZDZy^#5>nb1hTBZznfJLrBJ zAS+-PWX9ICVg5Z|F28u8fw4&ld7Gg9OP$NbApw-@`YAU0H;p8y!Q7Vo(EL~R{}Q)? z3FJpr`2Q|n6e-`wl=ye?a3G#XJvRJO{J;8Nf)>bE|J;1nWu~hn9dm^uzyW{67TEpRP9D{NQ)_p!wUv(j* zFCS6o{(V+xfmyM2z5ejG)lN_gOgfvQBHQ2OcnbC*X75pf`2T-e69bL-FkOFfHAG}I_)KW6#HmWvFR zl7Dk7J=Xn=)7h7rI*$qd$?@aPZ#&Z$Uk|)CMe445;H_U@yUx4@{`u!G?F3$R&1gwt c-R2l-Os<{mR)mt;74Sz=Ohz&3 zHM;ljeV*rw_xO%)|KS$qo-5B-=Q`Kz`1JMUvFqV{ct#Ns0^CA;LfZULRzW#F5%32T z$|EMqXTT~Tz$(CJ?damlD)9&?*#R?g4tU3eTUTqAcC@!(6;R;k zhw||8@S)ToEZny8W-d@OeN87DOD#Qjm&bep?vMTs=5FEaV&mxWcRT@p9$_ASR5B!r zTto;=g`3UX^Y3T;qJn~@ig+k)JRvCRHvwbmIj<)kL=?3_z=V3al#B8+Bq~)GWYtC; zgfXG&-%+4qE$%>|=#LK}cTvBu5Tko!AeNai ziS`wMkm5o4(BT4*cJx6yNV7IhU8Wjib1p>|N9dS zF@8a@zx(}XyHL@;KfbUrceVa|0wVvMh_!`{mGwV2AS{e#B8P-miikk;|Lb_70)qd4 zhPy2Z(fqH&;Ry(#ke8S!{vVb=dK(f^87vLKgP?zKLzwXR1<@ZBA>^pNup6j=DhfOS zvHx}t)+BuYZE@V9sLl5+=u|n#E;>{ZLJh9)8X8FrA%_T}Qxze_x1iAfemLCxd_w3Y zC5R&Gx5yP#&wFArG2#EdUjaT*6!N_yno$noS1G9g!H1wK!~W;MrI-I%2Kti#gc23< zUJUm<0!>Q~p{Pt&g}l6p@4AXfMKhW}$dQqAUvIJyDiQEMz5j(=PUkV{HLBs;I>`Q_ z{CwstXzhIBMUEoKMTN&2avG#^QH*l3vU1@$N(U)gdM_4k2)^+0sMzxwAnlK0e*&MpnD zW=CZIHTn*^#+@qSf5*H}_Ic!98D22)-zWY29Pz5-#oeEF&`sZbe&^3 z{@FPR;X7HXQE_3-68EpY!6yIvw_tWrqb2fxcSk~muW!iyB-VWG^<8@72N#fkKOnga z3I1;jc}7MkXxNOEcF$&BdXlX_7W?1@=R7Yw1oge!<6?rVeFFy-kMs8*J(( znQ%Uw1^APE9wEZNlk^|MBLfrila@$6xhegT_eZy3YcT9z(!Y?e*7ZDjC!oJ7t@s%Q|9X6 z3*MF!5mtE562#rbV^L_wudZRp&9YO)mQH{>J6 z3;qYd>u>8KTl~Gt!h2^H;zM^D%QsyYPbczl;* zhwk8YTpOU;6 zha7*Js%+jXahMc8TsS4`jN%boRv*x7?j&?4P|djdao0oav$aU;G1*4~zQk_3NXzXYY z3bRK1I^Qo9?3g~e7Uom*PW4>{x-FWsojgpPe`OK^9N8rE-0eX(3y4 zb<-W)ARxb`dBj}th&NkVzLLMS#1$u0u**irxX z%dEJ6R{T#?CG?Zk)0eROc18Af&0R|ToiC@mL@pN7JWYLW#~fQG%CVY z9KA-XjV>i{i%Dayth9o!KD4liMu{4?4q>Y7bzmG1*rQnn=I^mzjkdXe0S`t($ccDo zuLo;UB_U<}{mZ-Gq9a4TuMp|^q~rFx-9E0@ybFcsn2?I-?XWS{G9|bC!Qc%vt)SIX zU#7sbBi@3b9_xN5X~LZ9bhS!}m!(y&PJVA6)zM^(c96o^X$_2MIUvI&ZYMAbmu6nE z^#I^T;Zpvb^9AUiE|qrsglW%~@#P|oN61|&UkxLw@2i1+4alAP{v3@v`X$a7hr>J?Dp7K7w|#8H0q>#l(g0GDz;GZEo>^pQE^CGL()mkAP2=U=o@ zNxW=zGEK$*RdSt^R7F4A_R^KGE?gv&{Y>&3vHt1w!zFzG4t&>qwY9tzi?fr%INtdW zN+i}p1#$NZ3aANR(u^0MJf2AwCHdr*52NjYiHntRUxl;Z;N&E5d7q9+F9|Ov3utP+ z1%h4+>2KTL*2tKyPcefJ&$B>`Tp}8|e1LV!Z-FFLLY_P#e57BcA${&pxKVIX>epF1 zuVqWeVf*MyauoE7P|2Og#U@f30cFl}ZKIP^Uk9lqm}E2CSBVydxr*78Rx&8zS(bxUbD5Ehe#`2{c1_Kv(jsHR$|p&V3}q3Y1y$>pQG?xEdRKQ3eSo8 zDMF|E6D!y%jFa=L3sKGU5~wo`1tnU*t&UmKMe*F4O@rq;oSo8Z0*64JUWGud-*z8% zo*IXhNY*@(`D45c1`l#X9}+FoGQL~`~pnB z)dHKq^AzDrN!(bN+@@d^E6Hn2I@<@!nZ@ZqYH_*8Lo<@l^k#Ko^#xecD?)$iKln!i zZ|Pc+If>kG3nosQN@32SmH+20{2fB%ikCcXX1#azahk3yeuF-jX0eHHw_<8OX1fpg z=;_AFy)?RT0#`C)Jll2GaZI3)OxsI9`|NZL|UDNvYg+(7bEQ-dwhO=+ZZTj27R{HM>gj!`4@rodK46JboI#hJRq3 z5FJ#Kb(e9oWw50ZsBS1De1C2t)}t&~o~<85zDh8=|6@j3a4tbiM#GSu%_}SZ?a)}R z2Ha4r#1S1_s$IG)UdzOZH14$H22D{PpZ=WO2#X0261>pgPi$2w&HA}G)Q=GN&5#01nL&KvSdzcB1{m5US;e^ zvLpX-R7Dai?ORh|QZLTa|BT*-@D@3_a;^JX#{D-}ECl)rJ(0HSJ1YjSG2d)oeP+NP z7}2lEN^`ZDRJt*dE-zR0boCa#_aVK|FxjWN+f4M@!r>gzt+TC76PQy}y;j3CSqH$M z2MiEiHdWy|JO8;^)Tg?k4Gerq*~oUihw*VT;mN`%uX*Pf)b1O{<+POm8>fI@!G_8W zNtKV-e8g16MUdPln_Y9V6j@YEcu(?mqHoZND`l#@X*K^g64+xF_#g*Bn(BD2B`T{n zlD2XfiDBulPc?BDL3HKxPX)kyGe>Slg!XO%SE`Zza~b?AYJNxJZ*&+NXBsyL4fN~G z(h~(U63T20*w=pK>l8*(3tG;Kh$;lg;uBhv&RvgQMz(x8uHaTGqmsDv#YFmYr^WG; zEcmx?0j?KHNn?iu?_pOlNwWaiRD9`_y?QQ_ zx>#-ze@(YiLEpQ^?BgoK6(RjJ61ICGG$LAK(2R!A1df|en20=}ir+qfY{6BsWB5Uq zCkv);se%+XEV>yct6q?u?mu=UVRBUrO|HemhC)$|Kf|EYA^f}(c)5?PFs%5xj!|rYDnx&2)@tVfu(lA;&d}GBGkDBAr7V8H|j#(Wn z(I{YgSQ=Mk8TiG(Fxs2)XKc++@gtkj^RZwKpV(*W+SA69FNym=n z);C}Cc=B!q1m!A{_bL^kbDc!`PWql5>0Ee4mR3Fu=BNo7w{-A-7nVzs&{7j)2rkX z#k0XlC67?4AQEL+P)oMXYq22(TY^lMN}}o}+M&4QnWn&Ki@m{aE^q&aw3q=eJ_%!X zcqO;$Wn9YmgIX(e_VBx*7Y*W5)z24 z7z|_iIMrWfqh&Ml>Dd_n*Op)RyC1Xe4vNJed}T9VJ($57lQMzujIzlyS?<#lY#HiQ z7J64eZQhywX#Oz?wU`{T^ zV(VXF^wbh(RZhAO318ce z#nVgnRT+XWzIKfvKX$?NIN!Yl1sxNOtlu?WQ<>cjixoM8I#JCttvZZr>z* zD#i*1dj94GKYSrUo|(>&ydBg#N@AYIWbHW^RAdMe;Wc04#qWO7pN8oVGr-ElEG8a0W*0Fx`@^lE1h#O+xx~$OIL5Lw{?aI`FRs9Q z{^7GXr?3i0LP;N55q##W9;{7n8m! zOlHJke)&*$kHu?>+xG`Yi!B%Lcf8Q}_rODvs<-Erlf>P8_I{jK z*p;}p(XcLhNtsxcnKfOp>8%q(QcIZlJJEqjl=0#*+f!R1U$719R-~t>k-TBDUKvOw zfF{?g6l((f4DpQ$FsOqb{c=tDT!Y+KhCO``OJB}d>Nh%RwdNODtXe-+OAwBJd!06G zj#`0&(yOM@r}ulxzka}&itR$9*j0lla`%_sie2JmS6Le3Mne4r%J0WYxGZ!$U>$ktU8OTRXMLPK}1Y;zXI?m{1QYLvC3jaCV7gk(C^55j=te*uaNu2 zSkN5=0TQTtPw8`nz+{W{FHMq);-Ct=#Mk#Bh;kh`{7MorYuJ2 zq%Zsvvw)e#k?PLM{+QXEnG51=2>0Ee6nSS-(g^KMZ55tj+nn-A5Es|#99o*HuU)Nf zrXN*Ll=y@BUf?({-%EVw7l^7%;ELHFNJ$cZyums97n?X$bt;Lo#Rw#DQ`#5uulcOrF5^OCScm1xI3@!Th+A=pk4n7RI;I5)Dk4Iykv{ z=M`oqg&yjDQaaN`Nb*TvqBB8+SBYtkkWqliKV{VtEpB$iCAbQ-h{Q7;vc>Yi@?mNv#)<( z^nd80_>H%FRHF55=+@J#I{1`OCcxLMlYSm?QYT~nz~Y}XFcQduG$L)?e_+K1D;gMS zy_KC`T$^RZlgRg32R-ya&{Jiq^k~S^viP??fZ7 zkZrB~J!|^qh~dzKRh4(=?Yxb#rXy=QfyKhM14;x8?s^6D?dCXhnpJt)8p)cL5(Z#R zo{qqVN=MZ^25IbSV-zZc4k@&m6$sLVq2s9OlV{uWoesLR?Jr>yq@G`wei>hIh?&-;}=SoXNApej;P8+|3(2DT%kBH5NKbW0Eo5m1JAIN&`tp;Mq z?wrPbkibuS47d6oYq5TT^G;;?Uj9ZICjCqG-=JT5Gy9$zp7qFr3Pzkt#>{TvA zLgQ1p1Ht26$_V?flY4^&HvN&FLWm)*6ES`~!07o?f%Hqcszi4{;n?7a z^OFS`=T=s9Y(Zb`dW~vP%`!*tnyChg-o^EMk#T}n9~?xe1ZWw-8dK0&~C;4U@aQ`taF`UT#`6KAoxD6L0pL^SxwHd=`7Dt@*o)Lpam`$Iy9 zkV}JP@dtO5v7s^!6PNra2(2qZ?akL_v5~d7w1ofYa~Q_uJE>xeOScqzb_$<%(YY#J z?i1}NFQ==N8{$i~KNyyYP)qEwa8JI4di?$onX_wN=({(n7%H`==XtW(tQwpo?R!Ke z_@2OjOUaK6#KOGw8q9-`q}3gFxPZD`_UJge|9L$kUw6}!ghs9tlt&1>>z>KRg79DL?WPwg|*6Q;eA9B zeJ#1FpkLYEjq7-G5xDTR$p33Q=7fUCGhU=XXIamEI8DKbzp# z5aGTy7B`%&p28D0;Tu%9)weCMcATQR?ztY1GH+oeRsrF|d@%0`_A};9B$h40@Kte^_mxj$b6tG;nI-Cw z$9C1+@;kW`b9iDQd_iFdmZ)vX1L&P=ghF;BJ-47|i|JwJ-BSBp&~y;sa71;-hE9PV z6Ziqt=rppOm8Zr4VwivF8{GPlpk;B;PnPkZU14i?RlWo{?oiwMJ&J_paWxJDhC00PH~c3yO+C87nDw%dU_=+zGQUqL$zp z7?D#K(Q!`01h9?T+y{o};RMA;f(4_&g71I@>;AJ~2zP4T{*-sZ4EDvOo34w&APD>x z9kKjrO`(XP0-F*~@fYiM3YFPr*QM-I6G!SloE#k!c&;Yd2yA_eb3XbgHJ3~&O;ULM zBemGrz{Ju}VS>-mQnqswxo+%P!|9%(%|sPH7DnjRX90+**AYpi_?NEK6398NNY^>s zAu7d&Dl|DQ{9H^>E3RuU`MBGNX#JDLaZGPXiJP6H`I>om^q+M2`r%W+PC5^0C{kZ! z$G9!_e2L|qtbM_IxLab;KKtq_Pk1xEcfmk8aOv5pDksV`$PTeGWOVPxm3xUxO@=o_f#hv9qR<#>roA2*~IW9CVJNTwt1+Z37RO)o^H2_Gr|7PwE!n&;-pK<9CQme4kvm=;R1N9f80%~G(l}C9~5o9+qTHiqZO%bV}PDO zWxplM7>#k+=~Yw(WRv;tA7AEoBEw|P^jtSKQsn|VG%5{E8I>ryvisZH>nLRuTWiDdPSlh9VI`*| zX3#&=V(ZdlhUV)=>%P4n@wQj$@350RXarXth++6gjh1;x?Cb4kK5ECJ7`rS z=aIows<`}4_T-?*zUfbbr%0A9!Dt=4Kaqd@exC|d1~yH`{LJB9BN}k|u*7;0K{9i4 zl(3<62mv#KYgCM0VHLCXFrXL^Rvd!G^2yPQS|P=ro!`)`)|B^LXy3@}ZZrw!;jTor zzM$7KTRo{VD|B@<=K2;k_26g?IWb|Bj}4`fvIsG@O}tDWP6iYGa?4RCJy$(N8fzUd z>FL}?1!tkt!YKiMP(Xs|Dt8#;TX0^Sl!M3f{ehK!0WP}Kg4&A$#~R37|67imDWr12 z71g8iw6a6vHnY?cG62xARE=@)R{^Cih1&l5WTri;1}SiQHlrGGw9R@R&5v4W555cw z7Y`mVhP4O{XK3g2ZfQzJsvm^5dKR4l+J7=79;i9C&8(AAXo}rPr#)imXQ)9KAjT~X9 z+s>E%a-H`$fHB5FvOV=nDyE*teAT==Si($+F$vROpf7lMv{J0vDT>0lY;@|jQd62Z z1Sb`7SB^V7YWPN^$((sFxmM3t)te7jTo1u$l{?GFo%eH)`XZ@%(tDA~78Pbt#HT_Z z-)<*nB6f4u(8BR=uC%d3KbFSI5h_oLs^@7&-G+_%-OZ{j<8A^=0D=cP#Wzd^Ii%0a zv9JMA1=cA*r37AK`1RV45)VN8`+*2EHAW@4)lQ+6^7-~g%!7S9ZeB?*tK4APNy<8( z0hvzWg1l%XXSA?8*H4SmjG?`x%u#oF!{8+0Q*X&G(Kt>gO?6+HddAd+cl7@l?hL`E%{Ntk~z9bOk;pR4i)grqst2oD`8_5_MBHKxWc2mQ*2-@ z9MKrmXI=GK+o7tDKBtS-Yyr)dYb-PpV_}xJqQ$z}qUT?88U7gk4nSpaw7D(r3a>l@ za+=S0d_G2mRR(Z&9v|Zb#gDeDRak!y#vf=uP^LMa$E~O1xW2k%O1x?+30+g9Z@H2C zsD*%e3yIinOMv;gTyv{Dr7?@h#Pfii)lsc3v4z{cWCad&n+h(s4p|jf*@kadX2dzub#OpY60LF1J#YjR z*_7Qu8dfOZigY2qB)*CD$X_QAfgia zBeamU1$;`uHA4LRfWYv78vKYI6!5`FZTw|Eke@`kZhVw~=jRXtdjBS^L!2Q#xX!gj z+bx%eUfHmuj+Lz=PeXN%kFq5x)Y-S$V5+Dd$e>DZkGwke!UpbW-1dzPV z>U}UdBUlkWA*x98W>5cXG?zYeQ&W>>z1QxD#+Gg9TO`y8ELc9~tHnet(1gDqs zHv$T%S(Wf(rpNagjYH_9oOZ?##nGTPjY%7mWK*CLFHEx z2nWq~oD>DuSPdr1nbsC1UmD zWV_q>Gvu-oicL)=mObozzwz7{Br#6FJEXd<40Wn|_)nBR|9M~R;735^az03L;_j=~ zLZW*kaEk={idHX4s08w8i5+e*koSah<@l=SH$YqP6gQsL^#0C7n?znA=kU0~KA33g z@$=I5;qyti;nuU`4aXyDB){3~37_rG`Noa9ZP+Lv0Ht;}=9qP>P?#Bc?jnELaBwBB zGL%hmPCUU3L`O0756SfLmTXr$;sh1nUZXafhXPz{Gg(v4uhwv~rRsUSR@u41;5kdG zfy#bt-;*kb9r0ZJ`0f$m`PqKsT;us^aqw+1O@j(Mo0n)Gq}mAP27|PbiRTDRq1Z5N$@MVa%%Fe9&}Oswo=ooDGPDF5HC z-OEliI}ia?pw_twk8_{|)V=O57D__+0U)u*EI10*&(9m2+C=~B_sq(`ev)V%s^pTr z*TuxnPqsras1Y3Q-p_bfNNd$#1s1rHa&Qt9hw>rBzQ1vR#sY2Z z-fCOLIKSXVtDHw8p&{fh?z+ebu&2kpuC{Y5t)mb@qGeJpQM8&%>(dstbsTMmOG>?~ z{7~x4#PnP^UPsF9r$txIB?O?-_L>G%NleUs_o){Rha)j4PPz4WvK3&#C9K%pKaH{n zKy@Z=K$_c+-#0iSwpP|ZyWK5=)+T5IR?dv8AOZdK$Q5XA40IoqS_$PVCeTnG{mzLa ztynsr9JXgfo^7Y7VY_ErQJv?58%l();dclol#peV6=jS_y4-S-l@7y{Wd(Lha_v(SL#|?Ic5wh+{Wno)0t&Fms ze@ml3R@cEA{mFt_!mHkawstu$A4kTs#wi>fgTop5e%`CdpxhY`wE*R7jMUypx;dw6 z&7o(t2!EFmpzr~PI^EGirUNDiX)jPPR_VxF(_p6)9im?OseZdlLI6-~HsckAtDy3A z9(ndIda)22>#%#cVtUSj<4s#T#6dz(wfH#FV26cqz!i%}KRpZJXLGBc0A5rAYWz4u zG`As}W5Z!qFoTRqmU@aq1!~D_dAzcCAYWHqh@jK8w-LE(HEEJP|9%M7>gxDWh7d3o zqH)6Z@shw)=6!QF=sFufyGF%5A44h+U@HO1n6MkdtQqCQkA!{sodtiZ72cM#93xwgeZvXv<8R~ zn~l-tVGvRzQ+OV>3mk+aed1sgwXj{RCspNJ6%N-Ul7ewwA=>*49_61)q#rInNVeP` zsS!B(oZV@HgYVltIch7Vix1KqmU`AyQhc@oJ^8fB6d3l(Z1%#TrZ-m>7VEw0_wx61 zG+dW+vt#mrnk3AU+X%3XmO(N0HNL8)&j##zkYXN5svI}sg6R?lQ}=N=okO?C&Nf*u zpks);)k?d)k9iI>52ohQ_y&r|g;+wOp)ev!88SXRF`hF~>xyNMvn zU4kOdeBd=XxvAqxH^r7NHm*ImE>?Jqnh?NQiskaei)mly`8cb#K=$Ojv?2~sD5Scy zepy8nc065?7_P8%{9rgLUZv*7AfYB)xwv;4;RDE^n#ynnu~Mt<7{FCd6tEg=ogXyI znBy3VIM2ZG(p4`N^MY{#w?ejVef`B_1!#_GW5a~|xIOEJ=Um!GKcKEWfBh-j*8&Z? zRrQw-_M}petYvbmR;=D2(Yxd<-U5H)Y|BGG-jg`OO>tZzvL^fCB0Y9QS}%xm#oj`i zc)E0jKw;nagV(M=>31A`f0w8+6zzP`V|Wj}WA)h&lI4LpOL6tRTT0yIRWGe)n-b6c zksyeo_!Ja(kLKU_E|w9`1&*5w1uTGKRp6Z6v=lE-2U%G2)miQU~_lqlWOBH#jmBhd31@daKS;FO(bD5L;ueC(Qsoh zBr~xrGd^Y5+rHqi2m^;#7N&Ty)2~jO1f`#3 z%VsNiNpR2mbk!3C!AJ8Z&h~eBS2(ZD4~(FDf*}M*a!AAPQXU*W`JQkgWqWf7JvtX6 zTSFs3<0sv*^ew^RUEldk%1BwvTbdh3PYbDe6d8QWawk8s&#_bh4*8qi&z|X(m7$Sd zX}9(WVQ$-e!)Il@zMlpPZgfucW)Y`*eTb+4VuscatS*XPrgIICL&rY= z>>u);r&6V1dP$rrM}z?QOv+s~xMVPxm0P&LP~T1%Wdc{je8;QL4W=vJAJfC(_&iXX zveZl}R%$OP+d^#z_{LL(1Rn_2y3!^~DXW%#cMVFmx2?$aha<%F`ITNa9qV^vdhZ*G zV_$~Q6&nd9D9ONAy}!Oa|4ybJYc@=2>>AO_JUX&j((uX>hK2P!Tq4G^ApLPwX5}Id zeAW^D7GrSqjWeDi%*e-}ZhzjIYgbbUmBw$_#L~`NOwvDFv9(SjHFROwoI>VmWyfeQc2ls9x&-amRh7S@fpIg^cLs2^$u8P2gM|vAvS3(@V z^sZUN>u2Z-)X+7Z6}$}_uFkmG8iauhx)0Q0#>WR1d(0Yaxt4@ke8Y!gT1R>jbrT49 zXC^i@-nIssS1{AHmaB){`!19aV$rOtr7$cD=o?ko_5Oluon1Y{H&^Nx1L|lvyuOY| z?N4Z#iL*Fn{yj^}RTc`u;qtsVL!HYO2t$2rsL9OSR9!uWjDSYOAu;zsCN`HQp<>Bt zfu=N`Z4X}(w3r3=5UUtaq(HIXf2FJ;#owdsR+^U zH`8jy@2}tv@-hBFBJl^7Q`yh4gtlxWSp-4S*OrApYO{-sa^Li-k0-4ddP^fwv&QkH zAM{u~(}{O$lH{*Pe~+018P4JzoL<~jN(APnbaYrW- zsPaK9uHjbhq_j6!)UWJi6-n^?c*)DK%=(#0vWR2ysCyQIgMWLaW~E3_A)@n_CR^^Z z=u$wV18qrGz|f3_OF_YW(@3vmra;$i{*r3c|a?E_wdPpCf<*@hFO((cu zT3?9$bpu~1I(Q>Cl#<6*bcup10fXl0a?LigFff%9WQVg`r|n$!FCqN>CS@1*egoqa zIIpnEh7KM_e9gfT4Dn+N3rp*ITB%+Y(9b_VS`nt@)+^ZMzd5chbIM}Cpcrzc5Zw_D zp+c&OOtOIDU<>dtcJ7=5TIy0372&M(<3*N{IHS6U!oU$pIUh52orKbrgRr)Aq@Ags z49)B?<0ZjKcI)Msc}=+DanJpxyvpRq1DUF5O~RX%`+Dh*7*?M=s4Z6>j_KM4$XkRU zhQ>#SxUe+sFaIxHmjBa|;iw!9kAN^Bx!}z!^`74FbN=w8?4o?DWX~*f*ii{h0It&P z?H_t^Wo%@#tts9+aQtgQZ-$}Z?rUyi(^f-FT|qHltQMU8THX$kzc&8C*X|ks+Zjn5 z@qD_P4NWc4A~@haa@hls#*zTNOz)9;7){?@s1V$ls?;&tQz&HcLx*Ahwp&oN6oHr) z=%*eaNR53{r9mH5<*kmO?D@!LG)*Lg4}a7u1&W46LS&HB`J<`CTQ%gcg$xBWjY)-# zF&lRWLY?y}Ktv&UlP@zbMGW$Z9

mhP$iAIy7nC(M+IN9h^pVfR{5;qxgn4lj>-qLnje^;n`flaFaqVT;*g-qhbc;z(WpGT<) z9y?VIv|gZHruI|66R+p8@2P&6q`FVeP9!FsctSi&y2ltWDp{XD4T<;iyBc}NYnRxh zX9W(K^{z=B$>zFAXi`fAj?&oju*BaGN17J9D6>X(j`VWF4XE@IENOD$p03QZSk|&Q zAo{rl-ByO6ZzBukG7QIezO$|IdcL#`ABB$#PX3KQP;ntcRcK#qRB^mc%@gGyx_nD< znaQsio$>azkC$w;yvCv(iu(-|3?AzTP21|Ap;rbcMxC1J)Ywq*hGQu-gh;R1dIoqi zy-*c4mGOpaRnYMjvUC0Ji zubappRXntFM*kyX$NjrJpyp(Up-&oMp6`^C+&jp#ZO(*^~R!1e_ zW&8`%ULoU~Gw==ub+9wFeZ9CxZEq`{OPWC(aFm*RzAuA}#-tCAU4ta#hEtUS4>b^v zSIfX^Ict$Uynd0J#!mgPWZ2sB1O4TqwwOTX!#e`?%&Ede)2Z(>Frh?HE*J zxcJ%AmUQaAXBp<$@r8r@8wxl^OooE)5`5IRKDciCsWOr~?J#IRvC zzG^-mk>QA(Zm?)@DHMzKiRh%!>Q^6*II~MAa_PL^w<<7RHuBr_Y>TqgWI$WHRI_}5 z`(3R5HERm45^f0 zRezB#kMa%LhZ|HGiH&E?V<w{*T7# zAr8Xy4uvfy;jlf-?0Mt)S#7J)C*lc%l?;pam@E@mUKTq$D398yq~n<$=j(7!y9|y= z8m#ICiRF)eB+dyW{3Y`b!Li0%=z{>CXDiyI!QlV|!FLPt2Qonv>GF-L_+Stk2CXr13kyX44M~U(dk) z6(}H2RX(f$g)qQs3pj!XSXY&rU$leliIOgyU4V?Sr-0C7QX#Sk3)2a3;>R~r z@&iQChqkEOY@aD#zH4Io^YS2s1VHNx?_H4)NCb!!Ps!Brs)t4b*~u+0ftRE}8+gjQ zV_gLx|K_0lbQr+o8oJ>JxcQ=R^XU-cjCBtza2Hj_*fXXjr;#|8&QA(N)*$g5w^PvB=v2yDL9=y z$CEskCwbb+67$_M=Uj~^TR~-ZqXLdjhjcBOG!k!mT>7)rN<22rdJ8S{@`qGx05OKV zm#ER#zag&l!jwrU@RxTmjf7mW*nN0D{%CLG-!_jitzFLy_ z6C_OZC%)$@rdcIq$um{bWD(FTBT)CqU0ex17eFi>4!DXIGIdF&Xii-odHES!>DfC2 zI9}mmz@r%hElOCFvg2aU$24C=f`G*bBk#5Hw0U{6m5J)oM3*kHl75&(oT;L6HzWGS z2EU^a=qzIc^BGC5fn&Y=EdptRJJ~7~U{t!%OhxZWaSd9i-VLdp$D=^`G`H2xEAo1< zDo)5IGUu6AsioR>El|_9PE@;CjFs8UFMt;vCt@YXZixQ40H-jAuYwl>47_%iqkBhs z&v1-ed!6U@Y;JZkhhS}XPy4qwG!nTxlKT@bbD)qF@;KW72c!-JBqN$R1(?!q>Ejme z$_X=*+L=&^;J7Ty$1~Uvt+c@vz(hU;{AcJjYJu-Y>6Yp%LxmQTHEvsgW^4n^X#1DN zY!UI28hwH}yWhP#B$SKibN1;=Ya?kSMmK*g=irQVfSlzeuDfReYT9ISJpa#xKsvZ^ zhCJS&Jl+0!mA7SY+|hB~J|syaUBQ0$@%is>#O;$WrtRr}*jFfwV7o-7ec&C0ogCsv zi|H5p*@8o_7{l44lLN7#U58*9F+e>L^{9~xzR<>5EJR?czxI~aA$%d(yQ|=`F=gOd zD|<>5jtR>mUQ;!U+PP*H@|%7e77>i3+bF2IiC2wV;`+5E+zY0D?EpT$(5EvCB7qDe zR!0iraJb(A=woh{0Psu34vYFz@J(WwqWoDE#kfS_eS{^p>?i?*ZCfy$%QO?eWx<`Ga;RY4$yVe#A zw=TTdVX_~Zfw+gU@y)o(TlY8~iqI)B+1b6jNc~;$`UYn89_Y(~cS9i%BmjCFKx&DT z3WK)@q!-fDZaIm=KJU^<7`%`#<=XjT)OmZnk6Hqk13X2C*PwyKo2}R`T&MT^1i2ui z_M*mEu`+EWUMhaA6cAU@R1)qTIMxZ=uxe5NF(46*ZuSG_*6|RS%YRsDI39 zaPl>U5Sq7pU@(>C73(i>D4`wc)I+!;BHwzFTVLB++b zyfW_!x;y4wfJe~!WY-Tztp(JcnS{{QuCeuwc!K8D9FUmYb^98*_RV3`b8pnDvv=8c z)!LXrDuk2&+XJ;%j*X`}H)r~OHQGL2)bl!u%r6Y@RQn|LZyO%!-nSHIy=u)g3qqkf zy~huvf8?60g~e*dOroB(esQl`5%m*zb7=HvsTI0L?W&6@AnULLrQ94|^EF)_VHS$v z!GC2u&Ue5@CJvlLaI%bHQ0Z^f-2YBVidQr|BDP*N^N1qU5(^mHr<`#1YLAlSU;wBb z10B+PvkXgIkG0b<>Fm0bUMq#jdsmliNsS9P(-dt1|J#KfQRd1+T>PYHpYNaUi|E(F zfL=47O9~AcPsJZku`0o&k7@#M>5ar^RT9V9OLISG`W1FURcCIW%UOV6WNs z$>-47<)peOT4c)On^Ah4OkTacMvvfoDAt?H`vZ`5BvZeT{fuM)arhX#PVtBOz7LRU z&RzM$P_pOsp#GUaxW5_t4wwm;0=(JeX$YR76?^XpCaWVvWa@6c_dZW%_+(6)VP4IP zjbs3oJJ~e0!8PGT#ax zGGrqEJJ97s7fwags3AbRWPZP9SCwI`TpozPrA=@r9`S!Zag1U5&Q2aIN!(M|y-WJo zj#}nr9lxni09Z{gynisfcTL;&E{kw&lL}&E@nVDJ>f$~9BNwxNtxDv8hf*-2FGD%& zvkR!lR0Q4{84~<)fo^SVXbG*fPZhsmRIa7zA-}up)fh|TT)B*Llx8^!Cf<6>ZU~UE z6TK9dqyqFzfpRK+aqxC$k?w}B7Q9)4vnco?INN49`FUXKvWz%%qEAOc80^;$br*6` z2pTbQ8+?Lv{^5VwOTc}{mD5*m5U<)mJrk%QGK1-)rcPdy!AA1jyFig{j_o;;1c5fM z0Pw0A9$WA*DK?Pcg=UJ4s{3xc6`ii=(AQ2XhKUW6q2J!1v#s!~9=oECJNTtwI_~#{ zhM(-#SY)uF%cWw_gLip;a4#XGq=h4G&E{=Zl_jzgRUNh=C41cN7- zP73w)-t>3;dS&)wWy$~)nrc$%US(l$8_<|9M}PbXAw$+IG6PwwQtnLG;A$@_zRV4Zx+^~~MT@Ss=8as`}I@KLP{ENri%>LT75AVQ|W>nwk?faIX|SCqep{N4|o&t9OIGT80|{bi!|)QWKAC)?GG z{{G~SD7_gh-UR5Jova~26Hi_GFk?X3vO=d1I&5^u_js?f#c)N)#{Gk34y!P9EmU$# z3Dranl@f%FeY;fGEGer}_4@y8`WnG#6R%vc>buvzJ!IH|BGLiZ-UqaJW!ZOaZr4~? z^`^=9)wm&7BDt72OMOL$?84i5YCH6IuLAgBCne|)V(PTTmsgkO%ed`r@$=RJe!b_0 z(BA0~GA%CNrr%ak`3~NFsc&8_0_W>qS0%m-@-2hgr9gnV{bWZ0RIqv@%gBevGd$9( zoVS_AzHhDb&H?R&kpkLFXHbK;sPfjcAPv4@=X3z#UtF4R`yn-NOeui-cNkO%XK}Sf zwP40&T;Ais=+^M^LD&K|+CSV-fIl?&%s(vMfZZQA#ona02bSQ*#dj_ z@}J>ZdwyXJq7K3z+=%E(l90#@9-8Wfmz9eaOEIuiXHEPrdRlWCx z|6So8fR$M$qk2B}>JK*;l31x^I`}6$_Ea()sskWl1*zxE^EYLlEsB!XN|&P;&!5J< z$^|mb2QpF66JZ4gkx#qUKiQ#`zKy#P!Yxyut}lykvue$MKJ#S}+I7EOF#krT%0OvX zQtm9^`!=4(u|+u+8sCJZUfTj5Lr#GFcX;`v%+A0kV_I5ZcTiKx1-C^uj#k!NbGp5g z6`K(gwkoH>?h)s{Sj;-l*k7k6HPvf!v7z+Vg~j30P&U98l79lOlLua!Ac~BuT&}!* zMfIFzg!c6v*w}ziOa$9n5Vkd;)fpaUm|0y4*~MKdHYxH|t7hoc7CkqaQafZp`&~R< zOO-FijB^KjR|+aspn_UQcrJHEhtt8W5G$}NY1rS+w|KE9 zymd_UBhPo|x1=|gQrUKPP8D|o3L3X-j**6HI?scma*E~CO_(w^t?zqM5DmhxqooB6 zS04uL?H5j}501up=}1s~kney3diH%^K?0hBTW?#cOV^Z3*sS7vRRJ>@RZ?Tw8!F4s zBKU*{QVVXm$xvTm>BZfU8FXml1nDOsNQ1(>0AAQ-@aAlf zSt5M+&84_j^*kc$(E|zH3WAbYDp) zzaiwMQgGRyZgJboIVo%0T)LfgUU zjYZy1N$x$1)>Kt8dl_mkU%Ya5?gr1iKK{usGE{KZXMqNBm*N>z3E)C+^YQxOg}_e( z*Zn8=9giAke-M6a8n%wFqDa_$l6ocqpf`@h3(El(qiguZ>!DtzCEG4kOS)4BUW7#&hc~+JxDlrt+n%*= z^Q;qkGl0uo7rD3ag$R8^U2rmNUAGTxZBp1bpW10PrWJt{~6?&OraIeSv z=Uf4h13D=(4!D+V0JA?)#qs345B77PAKTy+Aik7T$8To zxgbYx?ICN^z658TWV5}~=aP@kYBV~UN4DPulmGQZC0Y>TR*L>F# zQvigi&V2&>C%&Xw<^^x9P8(Lc71dt$3cpmWlZs))%O56U{G_N^_Zc90W@qkoDfEbV zF6EA{wH8cu36wx~N(HS=7PyjOiLsrufesa;iqH7Tckgs+YB)5gJjOOJ$l&jEku!

R)b^o z`d!}7IwvE-JkyxDwPdhq8iYf6AJ`4mn?zdfu6k z_A0?lpzDc7eDHWKy42W6w`$xSBFH@tLsFi$iweMT^A5hj%ro_d!84lT;F{{W`mw{v z;fp(8bE)wkE8y(0OqDsS-!pigqn3V{Aids1!tu~;^NY=D#5oRHnF9u5k`j-+9!F|P zm+aPor;y&M-JNtQZS>WLTIFs7{9Zi^0}ei)d*$+~;L`_1zlwJU_L}yMI0AIy!OjaYdBEf2u3dMsbz1MkMF*_ zX_aUq^}4Rxu=Z9Kov3Mr;7bAIwj<}%@mq~7x~>!59Pap;EhhoOY1=x?Q-B!eEsR3UAb^ES>aNn%&nA$Q-@xoe6%v=s?N(= zdn8h~_XzbNX6X_F+Ljo%s7#2vSh4#EVANn9D*Q!bw%C+6<}=y}ier7{D#+pn&7;h^ zAbZASU5@kklv(o6ma-nk#NyYIe}K65rWQ7BUk1zPf#wV(*5CyayypVpV~6%M z`QjIu_EM}yuwV`$keyNzkNQY;FGeo>dmm|Vull);oU`iGQJEh;450s@Yr-jLhb>lh zh z8X6;2v^Z$?*j{cpaA09HJ+3dcK!_fosQ37a9p$F zM1cn6++7#IBU173BUIp#Meqoy2=0UZg3@szC4wK3$G1p-^IqW=%Ls^EXx7*c7Wk2q zuR#Ci8E!_=;s7qGQNzai(R|Q859COJRK?j4DS+Cr|;cwocPU2^3OthXT#S?7k+A|+)r-rE3a*7 zYdAeAaoSn$8I=5hXahg!^&Jc@6cney27|;zw8^;PF}xsnycyei%5X@c3L6K_HT~_W zC@l`j)1Ul=r9el@08NoBU4V@b4dIeA zfA+-cqGP@+&$5MkAnnGf@P+mDN>{T}1u8lNVt&{Eq0~8oN%BV^I)Osg5e1w$vt3!S z5#F)BWUojZrG0nbwSkg=KhTXNb5BchJ-Vd8r1ZhU$0SdD{sZz34x={3z6P?U#gs_! zp8Czkk=1AvJ-afPeS8^2cImh2e}A7|A?{aRpGXf@f`&rL|GU~H8*Q1`h2UrY&|u%= z*_qc~`26Enm6Jiauw z`%M8w#J&1tdhjnu0*lYjQUOQsqq4YX`)8hv4;`aYQ1L^tbr2T%TQo1wJo7IkXhjLy zk5d|g7#^31Y6QX%YuDw^Wqxt>r#P(9axjRr4QkTi-ism(B*p)J3No}(;{?aIP45+K z@UL2a7g^o+&3S6>)Ro76#zZ15?m89m&6qkfj3;i3r7&xw@LOTB_bB3FJfGZ$>jle<#H@+aBqzs_HQQt$@=_;%i4d#j}#=JiX z_fI!H>GBiK>&z+Ji@lzRm?Dw^N{6Tv>ito?`ydEvFsCBu)y}4*o^CmFElyT+jBY% zPo2mZUde;~Tty%V_<1K+pnViI$72UYb@8#95tN?nFiW{W0j`LQZ;}pQT)Mc_oN3vU zvcgL)`?ZSa_4K8HV8O%4NOo8PaE)999@!CYd~~LLbh(;zb;wFMyBDBuf}1 zBfD~?U-*8Wq(>O1BzyND_6c;KNf0dm>OjIMSSmE&jZ>%^rc&aLb2Yv%*r)RfCuOYD z>IB?Haw(_e8`a=Y1lavO3{g0HH6XMv=njdmmKzbny})=V@_335fjEDH@>=M{nZ zzXF)9z#!7;FXb#FrLv7+k->ES|z&dQri>qK56oN9Tupq{7I*N(PR~r3r zqCb)y&tZ>uKO%n;GE!Onss|WqQd_uTq zgJk|@Tyz5LAphP!XmEa6JrGI$6Ax?zdk6RjP@VY)7w7*sJ`Va#*aL;hYX8-~0koPE zx29nIt9ucII(XkSUt9TWP6zr^cw?%C{N1gg|HQ9bQ75~dqUo<~95@95%L|j?{C#Ww zTgyXWu}@5|hWpnxKMWR^64_MU-30N#i6Q^4>zK78^@&L!s z=(r*Tmsr|lO5*Nkl?luXVmD~%alC-6a)R|V>$%WyQt}ao>gx#%(_S@H=56#`FC+fW zP68DaC=bzZfmDY897qfqm(h3GJgpN;dHXN84S*vAb}OtCVqNmRa%?gkSk2?gD?C|l z&a2Z(u0KiDT@+J_K=xM)@szm@qU_gvE?6nrOu4ZXXmyS0K14q+n@cR}dx4le1L{u` z*pqD&)Gbo*M?ZA-y#cAw`uEg04bGFicMlG_E-UVMGJ1@xUriQ!ib}ivg!=V(8f0^C8Csm+G zfP|{^HNgO{gU1Al|bqr9vb2(hou$GQilRz>bp+ z2@9Xb*3J^VlJFtW{6Cgj6xd>(Wwwj{=lkWtOT1-(G}QG)y-MxWP46=3dxR>eAq!z~ zu?TI;w(#)jER+p-HRmrY0H}>1-jm{I0IX9Wd%gnxV|p;!)mXZJHqbO-!yj#3BMeEF z(3T33uL8$m6eLB$WaA&n)UOVMGl<`+hx!!+cro-p_U6C#V(9;3%zy38f9=K4KUm}c z;>`!Ek_}$v?Id!gNmG~YX@!1PP-VeVy zEWWJi1b~9HPkHnJ9R<)j{KD?N5;H_qFr5p4b_VMGd_Dqcl%FpPce51`@lQ$RSTCH7MuP=O`Ap8#6^^i37=kUuW+t1alMIImVTziVJp zziJ)z&j%Q!4mjbh8rAk0!NgKZw*e$cD>_q~(z>1}nS`G6X7tXr)`NYa9~1ehO6mUK z)a|zIHIl#su-Q6D=3gP3uHi%J_qPsnmAAUfYEPMSsopVWat6jBqmEqxy+krN90xiq zvTFcQ(Ul?Tng@6d9IOH+)q@rTBf}J;?q^7t>?<56{P&mgp8*U23rr6jzyJQ++;%uE zf-BQ49;St?&BVy50HnR;bYq~)mxt7yFiHtf{~o71)f+-b&Yh%QUK=%5^!lZ}>Xz9W z>J~dIUs^|KWxQY49_=m8X#(xJJU|T_sB|)woDMjp(jw%JF{lFn^bNc?Y2nlJE+G4A zxA%eQshhA3p7$XDYjMFGr5{c)GF!0#)S(TSe%b@a02yT8Dhmiy-;#_R~H>Z-0h>fOVerU$7&0J!6vTQ zeu_kzr69varKrRJNN&dhTpEozJNm~m#knT{siK|@AZ$p0va#$YKlB13kNLJ32A}rq zZzbDY?J>O2kV@#%V#g$7TDxE66t||@&JCCwCi*z->Sv628Nf(&1Yn=)URI2vVO0nv z7CSC!jd9%7W-ogC*5H|1DjV=W?@k&;6ax>8l&I3&AE0qKWEHF1nu4J9v|eif?U`%X zOatF{C^~ly+`F9xjb_0L9WEI*=T%b5U}))-deFDjoXfwIJ@LVJKr3ZK@v0SNwE%#9 z11bCf?IV!-*y>$j5&BLO&OPAVy{#zsjN*EAmsN`zs>SlLN1eSTkv;k^PW4ugHj6x1 z(ER~u;XD*b^&$X3>7%rqyc^0G6(@T49qtcsgAVk6uE4zRDhMFAx|snE&)lHgDq7fP zLpHOa=fe#OmGVTlpSF`WB`jj@8`VE2YJfhh|KVODWgu$HmIWMH27rW2bd8eiU#7V* zacrP@dAru&XtxjQ%#D#fq4V)ry=eHD@Ej0Y*#tQUpdUw>E!dy#7CwEPBX7<@P5$sO_Mi4D#_{hYBj7~jVXCbsscOao9Xdh zvSgLYx!Cz^XwssD^7BYP9m3RaGf_Ajz~3&ETlI*fUis%zYF?C+E(a#B{1ukpd`_-46pXM!{^B^epF9Vrb=R zHI@2Roc#vJ|Im}>sIvfANl@c0Zo_gnz-tuP5}TNO?L4EX+1d+iV|JFX;5j2gdB#nX%kDoG>OFVfgrs1au1jl(YZn_*p*Vk^}T4p9W&-QvcOX zTeI)sdg2sTfS1h^omt^9Mn};u-jmn=S@a4$BKw5{YYmCya7Koh>zrDGSgtxDyImb4 zeZkOZKb;hGOJ}}f%#k;I5$qqKxo&|P44Ze_&9W+s<&Q5I`B^eY+$X)P`|UZ6e85r4 zXS=NL<{EHyhGWk5wtzh?P=ti#B5WH z25I^o)Ne;+HnX*-LJ?dILIuwlwkn@j6lc1^LPj{PLnAj%DMr(XWo*2D2}?S?1>D;h z)8Qpc+uMfbZLLq*(t&pBDKNC3pO_^G2%2pFSt*Gd3E`gSqMLx6Q?^IQ|S9xLp6 zVgJJQPCO5awa0uX&<227(Kb)Jj~{a)A|kZu5L_AegQNlN{22?{stJ}@dUh0DQ5MBm z^2HTkm{N1Pz0(qz*a2-L)$mRE>m}FtA4Z~1Ze1gGrFEPz{9`vW%WU(50!eBVgUnTv zb38I-#xa5rAaSZ2hmXn@nMr(q60DZ(o!tvL0I3lxpCmdNAPAKVgZQlYMBH=g=E7y? zPGYjqzl+H-tI9FU`sLTg08xb>#MuG{0IXcwnTbiCD(cUji?n(JD7ljd8s&zs3(M%3 zKX1If&u{!f%yGl>zK;pmMcs?g`h4GI$c{5QO%Q0G#RBm>Z4heFiD*uqxVX0El} zC58NbVj~oy!KvH0>R_#_=f=$EOOcA2?*?ezJVVimR6kTRmjNi5Z&mYIyktmG=fRMH zosTUmfK1&5xTiK6Ln`)w*s+MwE!1i{kn)o4zl{yDa0+}r9SS{3!TF9AwZdGICnLS5b&*V~a2ni&%PDO%N3-4(zSdIz!K3rrRNN`QpZIYyp) zGS`!yY+tIvz^g~JhY)+dFkC9QG*&q!Rd3JP@dlh``GfPd*<=rc+`AB4$Zv>`?94U< zIQb0vT9yLW;^DDsC)7RwN$4%V^tanu*F{-1+{%p)HXnZJOa5A=`R9cu^xs|3{})SG z2rKZfwhI5nH*3klDtA|gN=*fUSY3ij;>CxEd$RNIzo{;hhQYso<5?IPJ`Me2w*vrO zznwUSF$cm*7w;Yt!U$L(sV^hi1YqJf;rh}Gq>66<%|qZZK#;wjF7A}{Q1zy2G_ha) zReT7HT8B=(q=3)FZfOi^&i8EgwOD(rK--zk-uI z_(=vLMk(Da?}efuIs{?T%OtBdIc^2Kjids_XkoPUYBR-2IR~)w+^5bE;p+zIx{|oo z$_In1EqQs+XE8m;`j?geS7hS@b1t>7P|+OIoae?lSQin*)jLm4FA!5am7ngSIsa?3 z_DA4vJck27B}ruLitV6!v%$2ahSKsnc0Z{dX;48H(9>Re?AFE3dn- z0$^jxO#VA}X#vEM&$Qkc7EJ)MNl{g$$QUNb1(>Vrd1<|Eh1tEWP7tLnfksgdXFCvb zxcAZtlutaQG16;cu$Bc}Z<*A%CmtQ{cik(<)Yr~NE;oQYJG=0_Gzp-*)xk>X4NR?2 z>?_qon|7sitba?hmJ@@hhfCRIwlMe1c0nC|eP0f+uD#QXsga;%G(tL_nhf0jB&7hg+%N9UibKsdeeK|h{kRg&mjHf$q+3UP>9|kJZ zM}~5k9R^g+tc;J0gFU5vFBYSWbZ4gU#LKIg-<3l%UEghu-FAXXaS3V{s1U4kPAk+p)7kQ zP}_^84QZZA;JL$d1{{!eYWO#lJ=Ok1VRU8EJaczvzUP4Zj(xafuk)cK4 zG29Oj=7w4NqbQJDXn0_GEC#RHIL?}R&@LuqdQ2MH^X*lqN!Vf)k>#9D{v+1>lYvl~@8$VzTQl z0#d^50KPvHe#6kUa%KXI#RXK&?F3vIcSN4JNy`Y^gPzI?Wovu5Sqk+?w}n%{G9o+& zIBYoh&Ea6y(u2*{?rS115tvZ?hXVf{#RvOTC`NX#-D2sI)8sgAo*|#DTP=Xki#U9~ zbZ@HOkEOL2EIc1@ZHJCLhl&`-eknj{umIp?PIjfryXRmisZ`GskbM1SN6cdq0Y{~_ zdE+f0_Rj)x24B@rP+27amD8J9Z(n6Ie5}djGA{s_b1PJ}rAiOqm}B)1PG}c6^f$m! zcnoMa-e$8cBj}lXQ?Sq??J@vt0_{t z@f@nNfk4X*)Tsj&&%ak(7z?`O4uk}RVa&S9o}$9?8y5)h-8=d;Fg z9^NXpu$XAygk-!olq5CF%<=?2gtR%m&vnQVp+uC`b`?IQpr#H5@yO>~7_B00c;?0) z!gY=);yizGlJy~|`Dv$S8oD<;gCx$9(G!wdvHTiP3ns%Y)ud1Zcg zHa0d=M#d6c6sxf@LHJHwzS^S^<%uj-cUk|h;u{W`=#hILp8?%JzCznYrG5*iP(v_8 zMjjmgZSJmG0L=Y1lo^%_ zcI6!*%_W;y9(b(7M*u~iF9NwmDcGJ4-}y0KB?_eY6IW$K%-eREnNTbnC*xH6eVl(j zOq#B23xXu{(p!uWhiNi~mfai~f*OR#us1+TC=OhnYB04-Y4<8>LEYe0>|Iati%?)Y8*=VHV+lcz!@N7X2BS<+r2^~eaudB{^D=mWbvnu1O^|JnyZR8;tq@Y4}A zqcGw_1Xc@5|I73pr2yOvuKTm?WE>_yG%8jk<#wHS5nEe)58J3jnY0R2F(mGuDWdV% zQXwAAPAjcF{uT^q!Kf^=Qi)K~LNWnk%VEe3ep^7V#(_384*VBMxE$D9+uK}p2FH{6 z`0TrBgIMujd)3n}-I(_Ud~>F;go(Thi*pHFx4y;=J&11;xqDjHV8tj6{nn}*K9I0v z@2I0|19Gq>c}WnZ?$*P&N*|9U%?dqg!`aW-m{>8NEqmP;2L0nQ)k3aEJn*KucH)dI z|Hc{p@Rg!d0ac}#FBLEWivvw+J#Q#SgZ?lNL&Jg4Rj#A&xD>Z{X_EM!AP)}#P%PNm z1x=3>r2WA_#4RtS{Kh`l`&Q}h^)|wZfIOATJVa7R2=1Ff6%iB=>3OlRnSfP{$O z*FmY#1t(*kAK7_EnZ^EOLWMk#I|u_)Jr!*sW^L}x76wHbZ?AJwbKdX{~ zhyFs~D^}Q@pFSJu7ex799{YPNzpveYk%57T01VzhBVfJuo6;x?LC87mh|CZ8Vl60t z=h>Rkzi9PcroZhK==aU?9}M%0UDjoum@?2({PWQN#mMJ;~O^ z_J7gn%h>;v;{L5!rcME)3#0#yyFkDCOFiC6PWp>0>PrILrM3CLZu4JF4*lwk|4TOi z)#T7$aPG+q|7!AI_y7N-pZ{v}Uri2y;_T0Y%m1X!e>FLDQhNQ{$o1di z=fB$gS2u_L2V={>viYwjhkgm@|64Zy)#T8hXN&()oBwKZ=4>hQ7Z`buwPieBd zTg@}K_aU!r?Z!4NFK+KIhrbck5*<2>5tzy@4(y^@p6nC2@zbA7`|Ep_t!2o+WeXQ_zJDyeVZW2AA^dkSO-kD4Gy8nnWtKDg zc4Z0Mw!PwVRc~BwI!s2U&d(HA%r9R)I7Br}t!?kSK~pu~J}lmA?u~FMUD*z1+4pUq z+TPqhTQOI^C&GXuUJT) znrQMKf6g~JH|cIGff?4s@g>w5CJg=<@z?Mce=r$8-z=^TZg!5>%xe4J2F zo66&elY_dN-B?^5hZWL*3u~P2->NW7v~vG}VJg~O(5&JmJ*ZHtuZPT>6sUG^ftti+ z#2$DbH0l&|{UIpE42EaI42VN!- zx*9V!ZR^2>V{x_b1~TLx!(l}D0k_x1^EPJk#tj>mSnM#k7rtVy@#46vU%WMO;kUNo zu3EslFAZLHr3Oyw1$lIWazL7K?{)xZ;CG&%N?M_GE_h#u0;73IU}3UwgHpirq6@Ix(wB)-BsZwx)4hYKJF_Gih~0VdGw5+WZladANf+x zcAFOw;TqaV>Z+^?K`aGDEz&_8I#5`3K!!MaAY0`dflC_P1H zK8pC4`B}JYqrE)svraz7k^s6WYjPGru0SEqMsUQ4FALY)!lJ?iXNtfY{rzJiqF{`k zzmM_nk3rx$*q@r_;kIFqKH*Nh)JvE7F%#rR`-lD>n<5qVExmu6=newB#O9BQ;=tWx zKs%=riyCm75XI?}zUHX;0!==OclX9~kLnJ_-APq-I|Bg^19N1;_080^XCnS>WyxQq zfMzo?uuPI1pZ%oSw1=}zuAndhRT0JSPo1pIjtCgC#2-U8gNJ;kb54mR>ZAdF1)Yr9 z%ADL*n~U@}D^E)1V37*JGv)r{u`}Q?hk#B_WfrxQ$DaK5lo@%kcAMibj*yb7iz7tz z`-0w~01GM}Xjy)N^vp>Q+74&9wkWfB+M@E!X1j$)$5pQ(?L$Oyv)1Eo$n_DahOu!t zMY8^$?}S{k{+GroS_$$xrOg}SIgA(2FFZ2yqPHF?FcAZ`W*x-0xKtGK`Ebo2 zb~~1F{QFrXm0|1t%8gRMB134mGLCw@jJ)Nlo5Vls__AeV>0Lw!>J2WpIVCVQXwWrO}(D`1hg0 zNjTN>sW^x{U&W_UpV*x}qT7j_-lb;<3q)O%qZHOwv-gmIco+z$~;6IF0-qa5jsq zr^Ng#+kT8W)3RqYg=v!qnRH@i-4SR-G=A;i>qkZOq>}9MoOQX#iJePRTiex3TvJU+ z=7M=+rtd|TbG^}RYS9hDwdd|Zz56-u&pmtjKqg$w-B+=d@M<6y*Pd1w+j1bh!D_(? zNMAuP*wv=MrbqD~7o~uoMTADR>ZqkL)N}R7Utb6t7j{(}O_O>5(Lz#x!5eXOyYlCK zQ;ei2&xEWUr4RYJ&f4@ZZ)b5eRX?1W)S}u{r51lsx2XIAJtHb|8zRNvO7!FT;7a;~ zv~!vM+*@)Bh5If+e|51Zx&Q)RlOaf#f# z7v6h2aq~8e2wxQybQ(;`L28e|J4r4D&FA72jtOS9Vufq}Oidthz+x2Eoa%n5@Sxr<|Ktz+*k)z+rW*_u$@3q4YNiH=-HujeOMRgGv$i9XW>>79KX|NyK=h z%Gmi|;y>o-RD9hhgq6xelUeONG}1wOSrh*{jurHU1Zn|?@^SF87LwjSTuHpOVsWXj z<}BkE*5SyJFDH=^9IdYsX~AbhPRny*lJp89H?^6qzG--Gx=8cC7uj3gu6`4`cV~H2 zP#Wjuty!{ht*u<5FGf5M@Es72OP znbx>HpaMwnrXYA*0q2O~$;fJUrp8Te%y-J@S@cfzM3r#@ZPko}HSbN4ED;Zp>Yv?- zJtMAGBE%*s>1E%%CK@~S;vZJq>`FP4<&H8%ML})Lk!-Nm9Afg74eai*``7mJURJWqix{;vVU^jDe~1MqsE@9! znk!Kv{N>AcoIG z&#P|bKZ~s-{ykDq62Ot-tIYbzK4PIH@J#FTtJAbv+);s|<`d*?z>Eo^cffq9k)qj6 zFJcjU6JBd!n9jkt3PW?`aG|Sl1-X!D(TEh5xW-Acx3OIO3PmJVL0-Qm^|`;r>_WqE3eeZ+tr4M%O8jkK-tL& z^7!QN_n(}6-&8jEVf;ASXn`h9pc76!8w_!ExW1{n7)Ao4ldMkuDkwnC5Yat^4w4>Y z3H;;y89uP9_di2;x{89k=1@1w|=erdeoB`|FP`|OF#aD#ovqA)_1=scE(qjtQdy<}i583+J1se0KJ3J3SSN>;kX-QT+;M`u z!8j%G8)yD~2qYyI&XLANY#O>6xSqr&Ur7iMgvY!}AtJ~gD8vHi+$-Ra5fVhDhIjPp zPz%{^_FlTYsr`|z@CM)2=jrEO4+=YGfuBF|CXxU@90Lr5Yq@o@9|F1VaN32AN(IIc z`dkRS1DAtp{cEyA-AW-JSe{IoScr2rv3O*}OT9qnPObNnoeluC4;D-LiS6$P1f;%T zv|5xPrEyorxpEBxVy~7cFWJ@LpxYjIud7LSFoK$~o3VhTAP+Tu*$yMY=(n|u zj~&5?d{wRk&jueqaHGsUrGz4u^c4j;zAcE2R~YLbHyN>lmxRcA+|^TadyLRfVGI`n z`d;f9t{1R@%TvgYU?SkCilfF-2M+>Qf(F8%aD#xSYmlDlc^_L6kN@m}>{I{mxZt%+1EzEas-AaGKwY&1oUN_{!FHUcf{R4{92ZWQYE9`%ku!6hKF z*|*TYYAtz;k4^6u=3((b%`FyDt;9HHi?K(noja1Q9v?!MTcs)%QjN9`$&N^zR4&TX zl@#FyWtW-S1hMnium#6cKI*QIY7tQ)o@uRKAlJf`wpxTMs$Evc%@qlv8NfJj- zP4bPdi^@W~%$UA;+fB4it-K*sNJ4+8y4=0)5#i_vu6Qg0+<<^~`eF0oAGjE~?7aF5 zv{EmT*Ir`Yl2T+_>9Tpv7T#ogKDKR3#oG~;iPaoy5^^4U7+&oVefv{>m(w*f-f#a< zVxa9)*zBARh3X2Ncdp**r=XyY85!~1yqoKE*vXyNW?W(QWI5rG<7AU@H3@*a-7TYv zu*O`(c2k4H!y=R~)#;Qojh__HgQ)%2Kw{hw&F=Ed^V$WC+Y&jg<_FuT+(pr-Q!N^g z!aQ++<**2(56$f#)#>p)#;erldy&_>$38FPj|Igl<_MZRuv=UwPULYH$?Kv}V&TW$ z4QRDzl%-AOU@@~E5a0gnJMgS~-er7kxuM~B@%7&E`~D8sw@OS33pD05E;{_W{PA+- z3ST$HK^#MqIbx+(7_s55=wE%t+uB^OC3VXj*&M}C#DS_TEocRie=4{sNjU)5mup%b z1BG=9%VO#BJvKVr9-^Rjo}Fq~sP@N-T{fwwiwwct#xO@PPR%s&D#_z34WYsqcSG?A zc2pZl5hB@gx}~p&t%%U(8KlXv0dIG3GaBe(6y{3{Asx&P{li8RB$`5E$bIWt_#G~j z`;@K1&Y;0JElnw z^VVNe7B{0hC8HJkVk=FY)sS;Erh#7n*n6Xby}C;A^4R_zJUBSsp$_Ed`nu9m@%*Af zTYK;7VDj@3WhFJ;QK?qv@8f!61r2UGtj0PQ4y$eJCz0;=lMPH$^F3r+P*CEfOuI<( zCdsWyZ!0xSWVpGQd)_k*G)~;@7F22)@ck_r8v9gGfO+6N8i|u4oD4zr7jvP_4=jfz zkVj?vZQ(X!ExjAjr+ga>nM=R>9wx}%Zu$t!t0d2iW2A9my32t;Hk>g|ip@hiGLzb= zGt@4^qI_e{<;kP`rH4L{Ib2@gYO$T%B}}GBXq$(cwM{S zV{qG)3q^HD#gaD>DIV?LaUheN% zylj3ayI`e@S#E#gkqI@Ej4$O_h5dWRrJqV4TUK-1R)4Mt8%S6`-Mig#k*dFFf8zVP zXSQ2txy{e*6sda`>$8p%Io_k9qgy=6sdF6K#M?8us)q1M$nmLgQppg><^$(%52<5l zQXj`V@Pwv9Y}<N_Z`SmW^Dh?&XrPkRutqJMX7xmp^~IiI@7;re%PNX0sEbHz@OWPSd~b=SU-P`)ybA_M_~yB~n!K_)NMJLRlRA96QWTo4*j2$VJQGQ~Pz%k6o_p6*;`j)-jha$3m$_U^x1cqffB><_ zgL*>Ex=W-VWwRf>$0Igxr&kz!Q&YLz%G*cOf;5dr9`EB7uFt8Z2m9`>-)$5qpYTX*b056nkf5>KnyAJ)efs zORb;Utme>&*a}5Z2|k)M*)Q}rn)q~f*-yOnT&{)S#I}~l22=rc4j1^zGKwt@YWXr@ zHb`Ytr1d+_-(A(3pWLzO^n9^zDZ^QdzS+0l05#qON`>#0)7 zcmyG5v7u&EWdr6cg-Nr9H*J!LTqLGLX+Q@P(y7zC&l0$DA@&wV_a)Us{mkmSeJHu{ z0OLac$h~9s20pE0RBe$-=XMn(uV)rxMCNq3o;UmND1|y<0-I>Yf|lMrNN=&fMwR)+ zu^nTD{dkc7_U27PzQpJHP1AwF{co(P-4-SZ_!p+m7*=nNKkvKS6Y(iU#QEY7#vpp? z@?lmyT6A&I(9?Cq$kTg8r|?$!#jNFHoS#33$j;G;HL_0t9YvdvvORaQLi@{>9KLVe@$lW*3T;mlPZ-x6Jt_Ug5@lV<+=trHg(JO%#^d`kPb| z1n-^G9)9!V10982Mo4)DO;urmeG**}Pxa?I*K0>Z|7&Bugf!-c2%7RcPS+fOnm0YaOanY_YK6dnYUODG~e; zioN^%XZ{Fo#*Podb_4R%KeXI_7dRnNeQ`H9;Goi1rpUsQKZ2{EGWe-dc3RwJi?@-i zEyR#Fs2hV)16bV`9=FGshRQ`H#hh!Z;BeK-QBi+j^uWlYb-=mwlyYNFOnu0boNwe; zy?8=8r{lW`~5_Y@3Y|l`qpeb-ka6qkz+tEzQL#8Hwb_L>z3ioR~b=$lxeI%~b z$H>Lf68sXk1L8xz-c3DrWSLFGdETJmNk4V6EYT$+HHOP%3H7Ok&Ao#Ub?!R^+r>S8 z95NI=R>)y&7|U@TGd@;LpEmKCQnPj?q}qSz@hHvlmM4c&+MsEzQXYE7G zXqh#)`?Zj7g0ZHS%o7ti6z5;=5l{KmkkacrH72_@Xf4%2m)HE1GP5tYMqkxUtzMXl zKg|(3ZXFng&++;#Wmi43O$CN8aL^2?$PV>WrJ9E^a(Ks@~|Pbx6XB# zk3STkMbHxLM%4>$E1+jE?>rDUTKx{{MgDkOg`NyfCL^JErua>bGDl&wJcpc&XHpYWK z(qe>f$E%(k@!aFZ)u-lg^A|TrruH;`h!^1V%ocpJuHihDZ%i18+uvJS@8{Nf zN@qdc|2?=yul3t|!E-lh)8+gSCIpOe(k>va_9cL3P8zM^l=m3Fw`J9A<21u~12w1v zn()U$TXX4sl`>D^2rkvS6vXF=mu1egDY9N?lK2guC0$q6kK!wduef>e zN}FGS{3)ARo59+wI%d$$K$HLGp4XVlo5!jsnVRhKHEEF-AV;{Mn z_U_3Si|zRu;>AN{MJWq3Gn>9UJ8`2Sb9^rL=N$$Sn@5G)I%h?g$2~|L9PK03_x)R} zXE?uR0|g|JEF$!J>)Xp8Uaf8JtaLeF6jeseAW_dra846a=Z&D3=TrF+YQWi}+1Xz$ zMOJFPxsJ@3tQ57>z0UhdzQ0q9wIyEjjZ>(?6Vy`h(U=;l-bAj{1^yt%{E^>7yB!>(5 zTAR}r%CDSB){qgP5{OnA)>VNjI}mhlTJ4q(NTSok)++5P7cIierB4k{+|T4#LX(ld z3J!Qa!ecbuU?QV4th{KDn>YLu8gY%FMY!X(Jrd_}w+~p5Pk4+U80x>dKo!L-N=`A! zocL@VneBGXSRIO%6)K{`Nret$V zPIIJfm9b9ASpk#!s8Jm&sK^9eZz!en=}Fwx&d7PerVt)xoR5ErVBhq?sl04bsEBI9RnN^0LL( zKd4{;5nI*k$=8{$&WjKD@0+jFADi?hnjW&rO&_&=cxvaPr)AizHx(H31ewi5BW6Kq zrI|USZ*Gm5H}Bthrbr{|OGJ!81ZZ0OMmRh9eZPUhca5{kXIC{J87uvoJ##!A=d+)4 zEPD8%TER}Q0r~S=8niH+;{V-?jR1%;DPWX}kBSVJbHA1_Y89HD+oU#;oIPGod|o`T z*@c{KniHJVg*p!qXU;O6imn`D%1G%EJB&VkOpnWDCx$H;jx5h(2hTIXe zDAG)djSaX`Dm(A)=dJ2+_`_y>ujg&U`%@7mLQ{3-mEK$tm~6Df?(Vv~0l)j?-qcuF zm5Z3=du-@u=x}Vn1TM-%tvP)WEH^L0mP+*~H=QBb+-#!y*$5gz9(XU?j7unE>E}bU zHph4O#vo_t4s&S^2II%39}$rv26)6TOWuBc@mkZEM^;Vq?`Mml9ToHi`CaHc?* zEH5q%rDW9j_o#5VEKGgC)u}f@*^id7?!EK6RH(0;>0`9Gb=&FHrb%Z1Q&p0fDdr7N z!R~ai(|z^Q3^B61W@)be2mVZFqz7q-b)Sb{mveew0ZsW|pC9VzID0)Zu`yn3jEpR< zwzy4#2rX*;e$q0lN}}VlvWxiHS-5E;>06!-UEI7%z*w%K01Y$o-c~x`)ieQH-NJswtgsv@;Bk%Af^hjQ#!+$s6`$AuXC zU(P`fI#j$?-%t-4CwW)Ob}+5J=Dll6%;tWrp58Eh?NE$&sBk+dE|mvC8}W8zds|j7 zVd>%UZ7o$_!Hk9glBqq?$T|O*ch}E8S4%Z=Y&iYW3^{khP-LuRxNc`9bJekiNx-y> zA%23rtMG!WReO6Ax8bu3|A)4>j*9Z@`iB)!K}u3;K)PG0p`;OM>6BDLq=x1a5l~`~ z7A2%R2BceJC_$tKP&x#L?tZV~d*9Dp&-1+RZ@ufcSnJY1X68C)?|pWD_CBn@1FA$` z)6RZr*c?!84(Mz`$M4J7XVub`GcC*n%9X*!KE>J833hhuQWScAu-;9U_I$*{mSDBo zRB&MYcQ8R#evRw#ofC36N~KrWv98<` zcDrAzDMaJ|CiV^523PdhVOTVvW`)n>ta08qzrZr6U&nD>?*1%zjaaZ+BtL(lzdy=1 z-Dmt8hb0@(2K#Z zUi+#2Y_~Rc>;5KC-!5|kt+~9vv-G`C>QxQh&a)P@q>cN)nH26H*%n>&f^?&~%^D># zsS)}CS{`;{p5Lk|Xs-Ti_8CX`@PfcXf2vR-=*Dv# z_0W{gB-%84{p#3CzfP1i;j~pH%=4p8i{@#ep_&a_SloxA-j1~Nd6NF zjd~J_ckD9<^?A&W0J(Jhb^8KY2&utB9I#h^_{y=@~MkFZ<)IBd~!j(YX?y;{yV?M zd~$0dP8_;(A?~^4*rRQHeA#=CFTaSI7+Ma^00H|qLUC9*+WFq}43z+puFX?(Y~w}F z4T46EiOi}ht6kgoubbjhx;0p@Kjld_wlU9|owE_3W8 z*lUoGt5d9n#!fh^8{yiLSx)%C^0eY!sp`=2g2oiG$8cWY=&vuv zZW;%ehR!1itxn#UYhIqv=xhvrMkPu53pS-m4k z?E#x@*a#WTdUUyOk3ak|#2ZopBx97E_}FM?=Hb5Tc(CS44AxQGln=R@v(qQ-)3pWZ z+=h+E?1u0XAe0TkG+k<1KxnN}a5g9-_&i|ZEHmapv9TiFSf8D0_jIWkY>(kqjptVE zCV^b`E7|84k!3g!rANlFxz_M@#6WOtlw>pW8m%XOjTAuwe(eSMY|=`3$&dKN$_c)) z4G_~A@mBReYg}`#q{*^gQHEt(TR+}DB|QA9pCq>eyichYpUzI;>}9B2b6x7mPssM3 ztQ<5xW3G==MacS^;b+&MuFEqvp(siPJsvN12f7Ad6joaO%4I{$izil>rsAzTcwJaM zvo+8{TZfoUIB>v<7FV7+kU;}kE(f+VAAjuHM$Zucfn74aSnaIoY|lf?^H?d7;MG;u z<2E}1Mp5*m8}h-A#|#)@)_%@J099IqFR2D0bqF#I5`$&m{Y}g(V?eTIWpq-&WrA_v z!-^w;`<}y4Q(@0RzCkv1lX25cF*nwM<<$26UJdCthC?yHWz3@W?SqSA>lhqHLs;cf zVjBNar2f|OC=X|EzE3gx{(e_E`59sI{6iQZNL?%a5GH6Z)VQf?n!FO5J0I9Yl=pe0yA|rg}W&qAlDn$E!h>8zN3W=isS(S zzw`09I8z*(zH;upgZh{HjF~EtIriRv5+aR38S!#1_5DR>tzn5o>Ao8L6kH%}_$}__ zWBr`5yuAF(c)$QhI+Mb>ujI+KjWz!?5>D-RW`y3M%EUfmCLR41{%LaWf3j?SyG+%e z4zHySIw7aASo)b%kYKVQ;k|WM_GlIGEyvflPj!Np>ynp=5E`0sRia!MA72E^GY=?j zK53ad4j(BAk7e_lWrZm=pRmqZTIvYG%pj6vYA;`8l#nNVby+X<%Da>^^K{yykTx8B zf*_^awaWXoh=w4J0uFUOpo@4*DokMVACe!-I-cl?V)4jw3WGSL@q-UPgy#-wYThT9%0$RBvlK5|W z!W#7bzw4qSybehvpfds7z(*khjpifj6Y2PdWQj`9ckvx@_@UfQy~4)2#Cb~sh1<++ z9)@e)uMj@DDf?p#72Ujd;yN7W_;#FTNUu-56dVV;z6+Kfu4BsL46rO7uypHwJ`ByF zJhx_snIt~z4h^h#kQe8LnRG-JE(mOJR9LckL_(rzKZ`hajsd&PJ9XjD;tS%{)`h*~ zDroq>EL#~=I~0@9mj6->>r}N>%`S-7ZttIlULMqOrE~XsNJ_kijN8~BskX%{A8)M_ zA?%Os{kGQ^7R)W?=C;TBo1aQno%b-fB4wsw*iZ2HQMRP2p0lo$^{F7#VQbY|3d8ap-aE>JMRbFd-Vh zdtV8T_VVvr<1kOit^@t1P!f67CB9bh%m~b#FT9y5@3rdIX3=hkb2B(hBGh*Hgl>d> zaXeNYuD=j3eK^ywE^Ao-k|zwp#Y$gAtckVj*=cbBlzfbnGQAna05e&BB{ry@&$O#@-1o}U;oCd%}Bue}PG zcBuP!R-bzLg@{a-ba=ACO3%FnF5FwoC2J84?r=kQ! z04*_Ej~8I@;GUKA=j$8`jR?b-8p9SV^^^Dlb}gHX{fG`kxIOdzfWS`s>9sboLXmn3|9 zn)ma($2~b>(insl8JAhP1+J8zgWqGo7S2stm*Yde2SMFavls3FV_t>jQ*o>B0}l6- z_#8Y-TER|39oQO|QA6ICDXz}u0-NRXLA_DB+!*1z$ndsO2NBEmUMAg;XzN4D;JD_G zP%5qc4E~ii6)*@Guie5_J1UJveq62u)VQz2kf@fs>)%CsN_AarULVw%5 z33An{_^7BTWIGXSLB>&x0@KYsHjR%FD$`HiqNzvs4}70STW5BvZ^v}#GMqQV&VrkM z)9b!L_rw>1#l>n<_H5xO07oK!_Mo55dGdI^yGo@+8!L4I?*607$ffHi7n7<|6YE0{ z=G~wDL6%6PIuKR2<6iJE43gW$cF0xf$h>Pi(nHVh*29dRj!mZ8{ar>_vwQORrR8!Y zIMqN#(&y-I0(Ww8dpNh%Cn@P;qNiX5Gg~uU?`&iHmd&wm6?$9$?4<99%sMx|?vM8WC9{DM|KXr&QwPHVSFQVxM7RHrEV9T8)2Gt_P z*&Ed>-+6SZ>=W0R9hAyHP>a-)oA;lzY9mOusG(FO2ea5=5PFO4r(kvR_1%vMNy0Ta zE5oCUJAv}U94ltPt1(J>A4{apYJf1An}ijTvc9h|KO64HS7E8d9E9Gorp2@6d2OA* z{kuk<-1zWocsd#SyE2-xo}fovqs^Q;-M+gk#yDCwrEa>o&h2-x^U%q6I!~4-=hsxO zTjhsZ(Uza;tPvLLYFW)=>Lf>&vaaG~=#NJSZ>xtTA4dYThW55-ZB*SkgtJ$XIW+6O zG<46fa{g)Wt>Pbr=6vq!<198~ZJT;LExYGw`ulDRJ{&m`7llM%qCAcSx~A{cav^!D zn^sP1@K)o!Hp{ONzTitGLb~@aVlO8rO#1!(epuDij(oT0Fo~-7DVTt2x0ok{>lSJ~ zR6uu)2^RyCSrZKvLn)LGVa&os<9~F~UX#JvcXmoKNtr)lGCT@25`tpcNw;ya@dAh6 zAU%G;$R8iHgDuVzY~aHvRlQOXL29t$02qd3DiLPrekOd!ZXl|*+^P2`>T5}mM(XpV zXWI*)E!S+ecdgnhtyeD)E=G~}Qlh#^kw5l;30HRAI&Qs}Q=!OHcU?nabD$ny9JQS*gLNvkHmCoGQZqtf~0{uVQA0gQQp6_0bxyFHdjZcmMRfbvu0 zsHg^ZkR!2KiLBT{|Ge4Jut&8N0Atw`P7ul+$g@!^pO4iVQtXfSaa1CL=ys&Gnb~<`jeex5TLf@re5ff8xIReVfjOst33#lx|tmS^zpHl8DCMM{xsi%A8 z&%K07QLn48Msc6UaI*<1`D_EE6xy%F?D~^!Kh23Te<2SXc2!#1I2du8OwFFZ69|%7 z>CHcpxwKK@uDQm^k7B9FH5~b~JrHg=@vtD`SZ)%mbSzA~T>osf8}iU#Z&$cdvNqmQ zX<~D-LQ?On1}8QLC=Fu_Uob?xD4pCG1Zithzq$Fl2K4`VbdL<|aa7i6nXGc%);jHR z$IjA((-qepboiAihNdLziHWr|*K5eh9>U;Cmtmy$F23%+;G`o?(ry_Vh5v;HI#Qk~ z9!V@)8wQMLb9l>>jL=yn$PXucjbKT-yKnoe#OQPcgnn>m&mD)-a(SgyBN{~0%Dl#P z1faxGF~=1d@=cd_;&0pIfGQ>iOjZ3os%b!9V}U+;==cjiEuc{bmuRdF^?vo3mq6eo z-8QFPz4^9y0b`F_LXlF61C0SMEQ|01*^>ms4Xd@#a~S;r%7ahO;l}$9ZDr7ZtCMwMB2C_5$10l|1P)rjAkIm%LCs`Z$S zuKkyDQ)g(bZMyCx{3Y0M9}rnBmjGS`u9vMe3+9Du1UR)-AYu`gUA7(Sj*j>nb^CR3 zCyzo34aD>f=h7_E2}LKQERW*@_spxc-=0i>$>nsNYO{Cm*cbF? z91B5!#=Jft;YAE`;vMnUQ{a)!CRtzP{5`8*cN}|)eJ90OetT`(bvI`XQl6VJT4W&IG0`)z1$%Ka0#HT}Zn8X_<<1uofHN@|4n2 zt&WhpBdW?^Cl??T#-LD`1mW5QjZSp`6*Td@Tp(8;VXnE$Q*~o>xMk8>1fZ(cRTB1 zh-25K96^CJ9S?(kyK0L#zhgEC2ZMV{tbQ++03ZqaAGUC2yi5F})pk zuRGW0di4T7T^d3B%w36-nwqsJ(!kZOtK*a1P>WZnl?9U-i^C=S?M z+0X*J7d7UWKD>rw$P{^}170bSVjqe5I2ly^gIy$qEw4fYc70Jh@m8b@V`C^nc?j@Sie9hLN!_iBlGgjKzYSdGcoN z#T8{juGl30uWb51qs+fA2KZ-zzyHC~ZheaAmDs_XV)xyp2$?1m;;Msav-y-LXVu;H z@$3v*8Y1XHl+3P>ua?9?%w&i3z5Iw+vEAdb`=vb(u6Hu?e5;FY6#TABZ4n7kE@@1dPHrIt%58gvwB!Nvb0IT;+j6%bX z17X`TE)_zU<=}8)iHAX)lf=F|xPKdfE@$;7TC(NQNju$EegDP$`QP6C=di&|9`o)G z;0zB!`a2}|uljGDvE9KWwoa}=VAlf>F^W={NDh;VdHEd@29a9RyZc4H>`g|c6F+7J zqbS6Ip^XFPH!Sc#9cElsu66Z(T#Wt>5%}oY5e6ojzzS`q{0d3V7iLygMh*d7u&xST z+{d3H4=(2GKQHD=|NPf#FcR;K{Y?e^t|reM5l9mzzQ6j#VSx9~&k9v)d9dIWx_nzA z%KYMJeD6k_A!2tvBaOf8uqEzdXK^6ZXKbu(h)+5g1lSEhlpGzon?5(*b%Its+K{MK zi#k3UocHoPqU27l&@|OSJXUaD4G=kz0H)Y}3sZbQr_*6m>loW@7W}R6!*&7xLWE5-O@*C#>EkD2ar#ke0NKOUi#*JEs72oo8Q}Z**3rl(Ia zU?w%B$dIMoY!oGGIiD#BL!ZN-eb4r!7N1`?n@`C$8my* z9!!yqC%^bj8eS3eMS0=Yx-Nd($?n~ro9COI&nNv+q##s!ZpZ^WgEX(q9KB*>c|%l& z<<5!O(6h*tYm)8gzveFpV#dn|?RoKB8A{>nAlOe)AzDWXY$&i1vQ!d$Qc^!FK9a@F zW^b~tC?R>o0b)Lg=$kL!$4G(EY0H*C>3r;=bZc*$d1q|nZOiu4HW#&hhhdLQbAQt8 z-nef!qNHAHAOpf~Ry4`U%3>Wvu76w#O!CSnd>!%urwki8mbj;&MX*wZhq1WCWA)HhxTK| zk3&Dvfw4$&#=Izqu%<^BluV{Kx`~O=zr8V|Ez9sln}eXc;CRQ z-~0Qo7JJCgzW!m0N0iSb9*g>(aMS%ksq!e0jNdin6|~{dJ6(eODCsrzTIg1KwYWq6 zpvX^>b>Ns5M8L?VmH2NpSBElWXkycKZ5vY$7jk)Y(l?(6UZE)k{)VO;A>r3gV!Q|9 zq2{OQqT;15BB;W1=Yjql&)E~!vBEVL2QW__(Ap61hJY;^N&GD410jV{FJF$+LYx~X z=e@xxWG*zBzb=bP?PmMcJu_B#)CRw3`NtJ&>ZLFxNkkSr?EFcfde=~jWbj@_JWg!U z7xOWvZ(jm}hCQ6bzjn40v2ld#>i4%PS+UM!dP;qp52BNcUj=lxPQu%C7NWUNN%D8m zTmv&bi-lgt-HGI?#8M^m1JOdER?;*DCC=L0IBzJn_a8dkOZUs(c~y+q9lxCh0$;O_ zY=M<0@hO6iKlqEz{BIs?{*J<1=FQ_yn@7Sk7vC$qKsh^a@zeRvxRCMa$=m$u60n=7 z{wVsAk)q_Hf8Ea+Ozw?8Nt2M{L6Rg5omG9l|Hc-?zuAuuFWvZjU-i35qNO)fBf+?q zPC!85qmTz-fWZ;dXsJJNaV@c}-FgKZvV00PfYjs7AVF9&h)^!-CO zn@ryk6pGCB)|%%XOwk-m!Re&J{(%#$WJaoLG`s~vehikiIUyz~0Oc#}0evSdQq@uZU3#`rYct)eo5ahuYv{wbw#_IX`rT&3 zYaH%=E}cv-=)n47j7fFq}Eip8$hEA4rqxf$BJ1z#XyPs=r zwfc=?b>iOvdc!*p#pErWem9T@DG_!S?;B-38~!^$FXcy?>sgar805xp?^&J{WuM>F8zB1%B2`=)_v|{snlOz?IH4YbApiR zcGR~b`X;UVr;&8x)XmNlVb#(Bcs4x=fz@-}+Dy5#kpu!W)8fK0i*7p$9K$8Xz3WYw zO#Syln>M{a&@#T4FFb^dL|z7gIGYTQQ0VWo8i{Myfcw`}|SZsh(xcP6ehwU7Yi59JO2Ow$&m>JhbuH9jc1h4QlRpsF$hTzfQ~70mnEr z01WHsegzkXDq9#ot$D!%NaJ$CX zo7gcE%~zPwX*xHW<^7!5YB^{SOmm*GeB@tbiXUh4aB^Ml&rX2W(t%0W#V4-HA$`!c z>5gtvw)iJ8MQJac>bMZvdCCC8L%RGZCP5ZnUiFdYXdkHd?XF4h665sVev4|eF)R_` zW@0&|=8S}=>*I~LZ)^bgkh&`Uhp(x1og$iU&_9Zjk^}+v?0u=?$l}g^)BrLA+%CWE z5hX3k^IBT}5!w9I$&XA_^ocZMEwhgOf8ekHxwW`$8ij(C6WlEMS78l@V61y3EdS{$ z{pFmvlS3b`lCg(d-ei<~>97%nisnuL%W5sgo&8Jup9f2ofGAajwFD!BHB~fsYfMVs zfV4LOW4F)>@H^Qe5;9#;&+%}>NGokYkPP9K@NzKKjAFfMcK)i|2| za_KEOP^mGleSUnMFOS9aXButshGVe)G<6tweMJFd7o+{chX@u!m@Sz`!W9k(NC@t( zELW&Qi!S{I1Zp@Or_>Es5=|3@$ySboPrMk9ErZ5 zT!1?;TEi&NK8{88CKL0sKJmiOo05w1GxmAc^hN5F&_o0 z--&ykuPz@geE)opr8mwU`rG4-s?uugkOPKhTm$Ms|9=BrLbB$tXFNNgJ%eHj1*<;5V2;% z?mZ|M2wSks^RprWIM~5siIhV8tt}SJcwGZM$So>x;0NX_{Ax1y5N4N_wct&))~m~2kfuDa?*6(+Ihgh##_e}MT- zY_aQ*b~u^J!SdEqU$BpgKBj^7A?T%_r{Z?D|Lg0sKqj??z5y_HRJnx)^S$^%5YG`~ zdsL+Wdg^T#nEU!||K z%#;an4svPWeFqcc?B-8i;6&9QAdvPmdNg<}OsTYN)sj}cXJxSnTmDH3wyhra{S~Xs zD85!j9LZp;*fm@)rn}0Biv6y8c`Fvr=4B*ql3@jYaRlfiGS4IY*8>Gy*le>w-xgw? zrkJXMVGSYJy6bXHydIOW3A~SyOs6kLvqPA|L8qv=0x;#<{O_TiGUyG55?#euA6|=K z;ueC zW0U{bBi2^KrSJ>sU^w1#xE*gk(FRbWR7|+oroFK>uFT~jf3!WW3>5(JJQn4)S6$b4 zv#xRuv>=x-X)sD9OupnJi?dB97|MRk-dOgIiF9$C7n3fnS}u=SZ&K_-?1&yZxcQ1J z=jv)`BSj^DEfA&=9NrEdP&|=_gRQh_CA90Wwi`O&2Lt^o_W?<)?=PJ~&WMk3RWO4@ zMsEelw)~wrU<#1io2x_p@zu*ZHYdI7Y^)b}LF)tScdp}@v1Dr`+K|;vu=%|s8|VBw z=*Uru=JICLfMO?+V265VgzQShME2?z)iK_5ch!c(y9{OS-P&hcYuaIu?{g}kB*?G> z*jG8$h)kUY4p?7IwKiHgtq8+l`sHG3L~m3fx>0_ie6)9U|n+3n0gWBGGg!i+z?{Ug2Utx*hSW7l#dROUCHN-rdsF^JkJb07D zrz6)p;O3|XGkFG!e-X-fOopOQ`*2sn*)rF zBS%nLh9v9;3_u+S%=YLBX@Jq+F8=y+u-s!*@K2hK3~JkL%mD*cJGY1Qz%C~^r2J78 z+VI@*VGUn+lv>Ls8B|&0#HN=xbs$7y{BzSZ@xjk1uxoKyluHpjB{vnSp4|pl49&A` zQVUDz6LNP7{CDO89q_$wYVbX$E_5C0M$gHh-QYlEiAxzRwAa$NY=eL&Esy+gF|&jC z+C$Y5nRc&1d{HD`@awCbuZue-iEFq69->i{fa>poU3XGws5%-MIDe|Wkt3V`m|ed- zBh7Pp+J+2lWnGaJ!~Apcojcuw9Gqd=AruE}fWWkY=U~p7=H8v_4&ERfW&RJDcNnB% zp%`NotP<+dmRA^Idgo2Fh1I-=UiZ}2rowE;rdF3BCjnF)gy0{1Q(B}CwVh(fZ~h2D z+Bb-|jsT|;P?>`n-g(*okwp-&p-vkK)D+9~fO!_o-!vN;_(;0BOHKxDrEUB{2kn5T zZiB`~nD;-KlBI#!@l@1qG6l4J&wll%N{%8Od#xN;Rgptjtt$OoXa4{4W5B<#*v$z2 zZkV{%>cDIEVyrK9_0Sva&gFoS%#n^n+Q6zsMp4^mnF@&c!#L8od)jDh8`L+;A7oIU zkR&jTS)++_l`8))9dV_ID~8V{_)zWr{?&(7jUNR&;1?hW^+Bgq+Q$#vPCxyCbMvIw z6C{&9LnEyXB65K#xb@Ph!en!Q%+ zABCTkQ310*i8-WiDwtfWL%DsLo% zP*n*h)rEZm0Q5d6Ygv9!&};OYCr8`qps{_i(gJBe{b9UKDV4B*g|TN6>eXbNbIhn3<|4PlBUGD_ywACjs)q~UI-A@S4-G!FIfM?sFkKC z9N^=}oeMV(*c)ibG@mIvip@V*#GL+(y)M`7!|$NlRXD>GT1fw)zJPzzU*KuhNmT!q zPI@X(-a$3YLtNP2|6X-mOVC`RoVMwc;%b-EL`o$_c4Mcaz#Hf!hCueYkr4juWrw|a z@M`CFTo!YKus#08F9hC=+Y%8+Z@tKPpW=YqmJ2+)JSS!`*!(~R^-+ZXO|*c2vFiVI zVnNvwIw?%IUyw8!mN_Kh`nB<`YnV#v%mbflCv5T%-8Yer!u)Of%Yu);X+FQfa1abM zP&oE%DS5NZ`SKAnGjq*v`3t|}9|a0-?(6RN9+UA=_=y~Cz60mf;6pGc4fxNa20F>M z`KR8gv6jfL(R`y?YM=ckdLbzdYAiNkw^@LbnetsiJ^b zCDIQcuUQYI5@=OA%nnXTYSn7rwC;{!sd-5T#>1%$ng4J4mjqgV_P8BR8`6*@>?97} z6PDhjm#YqmpxmyTgn0aURXuq*$>PZlY8Q5xUm9rL{OlhSkq*~+m2*;Hcupg+IGOYL)Q2HW3S5dsVu4!i60PR;+t=l z6)zzi|H}&hX13iPqibx}8YFGMPX4KOI+e3o$^=9##S>xb8S0T_38#(%Psb}-gQ zoJROOq}yCWZtAC!)@F`Lm+^f(%MxY=W5VtqD*aux?hM4zPwKCnzJXos4F@RqnhA!qVQEH!BzPI5!IwlO}iPa(+WvON^tszEV3n$w3C7m{cS z3KI3FMkp12HlA(r-B4`u^A4J~y@arUw3^NMH*SLQ-#_~}Zn9{~adAOw4b_r{-(l7} zS-ctC%SMgN;b7a6WiF^e*-bdV<+2@)DNK$W6HJcotcZ`rW=GQ2Rxl~?4$!|6wEtLd z>CGySh#ib2HJZ*v;ljN(etTXcZB7p96}ylLGInFo2pD+i78CP2(|3M*9@sO8<4C(F zAn=|&IhU3$pzOB&NFD{Ph$?!DMh%dfR@mr9X|eX5_G8G`%gjRX;?q>8K9eW*j42(za~ySV*Ta&%zuaW*g4QNcH&cJ|etE7)E6HYR%hPUQZj1DyXQ$ZcNkVIqJb^>pl_K{rAW2|xM1@ilV$th8*e4Qs{(e>ZZm@@3ia$H!%! zb`MscI=s8>I~63D{dg5_E|R|Kus` zX?R%6cALJ-u?a7}SC+`j=dU2;wgm9v0S?%i&s)dlcb05!@2XQGkVPp1A0krr;I72u zKe82hhj})pU3dE;WAs0>w0M1DAwSwJ-#jO0<7J!ei$pK`?zXt9)M zK2G2239DeSvK##5uM$4Gu9TT~=Q)|K)R2~X`wQk7>zqm4gIicUFu@9ZE=h!y4Y3XA zv!(0>lq4bMlL*1wVl#ms4N&$zMY`G<+2nufU*COS>~v?bx5jlbZ1Q<&V->IKLSN)| zn!4?SH}S8#`-WJc-0C19Y&1n`Q8$FS;NeFo&IH0QG!L1SP54WBubhE69yPih>iEUS6(M?XRn>D%-hiZ?iwm!frYbxK&dBkc)GqAKs1) z%tU!0j;x%xcWiot|DX&WY<|RBEM&X1k>(&4E#snV?h9A2K0agDBKw^5_tN#)JO$E*Mei;ji$bSiGdzOs?z+B1aw2v}jkTDwry>Q5jfdZ_aK9owpA50Xs zC18aVx)%od%;xa@6X*%w`@mg$$gpD1;>LFBl^~MO^gUV9^SUn~?IX*kpc;e|??QLt zP2Z}H*|9Xs!L3gjHJRh!H9~m&xo{r%rQxG{o*WzMEJ8jHit98CC4_gVBQG;F&MM=@L(!vlb|BYuW-qHev!cI~OlT}WRsSHYJ6nBy- z0VSFrg|L|g9|}B&rE41&Y_tbTkkwXSY>ziVRxg`(az1>%R9Z7>47d$=rkN-uO-ywe zqV8SiV|1~w!qHY_RT$84V^m7W5)HUuQT$%}<}m?Dy4T_#8kwF(w~JSl{q$insaW07 z;{J@$@?u-rA|XT@QH;SmZM~|~69TBgwmXrMw{AfXPHlF-YjQVR)1Y4H@(WNeJS($m zUY)442JCZ-8xu;K-nHxjnVWZMiBoitMk)&_*QOKH!mwUQN>9T-Ss?Es+QeW*JOZav zo~$Siiftxs1+$LIF^=u^rRO~_xPGa;dPxUQu8Z0(>~H_bpB845b~$g~VG-I2=P3*W zANI9?spoAdQ8d{lL-;9l?ox=I<`wRXZyB+&w{JDI1!l5E3pxPz3#ygz>8G(pE2PO1 z34=5Bdw=CU<>YB-B)u;vcqb^=?Db_~_4D5%91RVbnJ~IvVJ(3Kt;#W?xUP$ba<4S8 zc~iV2jdUH-9grH)+%L3E*E%hf(l#(VHHS?TbbuEWqun_ZC?ASiA_E2=I(A+AS*BO7i*C}yY`q)3Z>1wC=f2Ln% zch(}`w>Oig!S@%K8$1J8CMc_O0q5ttIClOg^B!-o2=j=4$5mS@thHDm&$Q=?4VFBf zmCbMIM;TLDlx6aHs+5tElLxa6n9a3xx3QbH-BajcYX?5-M~i;tz&0ewkxyJ2k7kjx zY@0cx^9`ZDtbvQKlQQ{U{PDY<&Y&gQC_*--uK0f4Apa+8`-od9F>x~45L@J<6ZaSU z54~dt`B8(pzLaRxW+DwA6aU7H@n?KLa}KJVoP)FHSfAwwRcsD&)oGtSh$t43+pdn( zaw*1RQ9K8JrP7nCyhLCI0=J;}usI`nd>AEK^o(Wx`YlSdfv4rndT+?%05Lox z=NTCST+D@9uhu(FfBCuN()-6yQb})ho;%EnmIDvTcnShu`{)WWrfcn-dbZ9!7x^O^ zrnjR|8ea^K2U+PXUxUxV(}>`AZ)rI`EOo;c2uwRHo07_EUawXhAy z@S1eumbu+WqOZ&iFQOhB`VZC`kT6@9ST+Blt^#GAy(A^)a0;(YmWBydN2VGPHTURg zGVsYF)D4ZQm5CP~B0+Z*>nC)&3Kroj7S%a>8FzCSPW5scB~Ngbo{26?%B&3Yj9Qho zVMKhLo(YaZmvj~u`ZcSftQA}b|ea*xvGj*3udrrz4&`}=8K#tDL`C46jCq(Y0b&VJV?KHBx;e`zclVrVoF{gVa~ z&a6lWA9Z>1D$=+@`XL2MarY35k>BUinEeUjMk#hn7iaee$>8N7ohxOAZ~>l882yg7 z2<<#ME&gfX*-j5$ao%yXtp|VmFbsuwpb<8~&@$hZz>Q%tC|oCMSfEz>+qN4H={C%Q zLhHwj+>7;IDZNSg@PnUL%!PvZed?D%JC*kBg|Ys(v)`I<++Tde(^buV?_%xkB~R8w z>3yfWLg9;T;i1Jc@V!@=cAVl(H6ID1U4Zlv>)yBb=L1^BmJjzf#>sL0_dn~uZiP!V z8-l{Mkr*4*hS-I%^Ge}~I264SryuT#zDsZWlh4b;KJMN{ZOcpVn|GaS@N4k4k@j`Y!bx9EW!F(t8$KR0G{1&X)8?tmT{E zLaQy45>s2@zg2(o&x}m8E_j2|4@S9ffU_ezTIcO%77y_W>gCzQ0=(F; zl&ao-dD6cJJm1n%%+iR(nKF~nRA%O#_6t(kEzNLDdCRW1;$QN*`nr~A`9ti|v=c_p z>(b1R(ZTblshKAEJAbBg*+^Ke%dAEQO&CJ3@L|J-cb#Q3%Vyi+++E zh;D)6&WD9fuO5sM2BkcIU->xoNmZNdH)3MC^A4)x%S$8IB7p_(WB!xjLYRp+gA4!G!St-g zL!880@RUJ+)S7XiKm4^Ot=K6^Q-0gFRzdCplQfaEfoifrBVPe;%-5V*d0(NHb zhKr1DG}d{(;Zs7_tlN$0-mojnOx+pd`_(dNsss?n->05qeitSi+aEcb_)Vix9ThV~ zW&wz+*%v}m{7K*`p0bZFAL@r?A3iEh#?@jB@+S%{CX@*!AI63zTPa!HcEE)dg!q?u z?Kzl&$+H;65tv>K1hpzvIy*dPNp&XhJgkGonU%D&p9WlQ-S~ zT_DKt$F|x%F-xUwHXUz;ThN}$owuLxVV1tpu4^Wy54sC{&s`~GE_mgNMk})4Fd)^v zMElJf;B0}_n)PaySx;yP9Hx55HA(+InBbQD+(Gs$i8|6iPv?xgRJcd1PhLM=A-!*o zYo0Yg4JP|9BXOc7#A?m8t$X7E{J_$-SKGr}?wi9@k*i}N)ztyJceeDnjrHKWtAZ#k z4F_DT2p-IT%uR3B1>R`N3kQmC?t_v#g2UH}pqwz8g-m}5mOwDpr zzr?H-Rt6_IZObx6qU57M8{iZ0?CzJ;1fR0@i{YSqmheFT9Wx?OuNp3b#u=|1WSP4 zj&Wp_!1wV?+c@~PC>7}IzF!;a#27{4>CO$C_*S@0*-)_`wm6wr#Ot&CnZ%3pgzSJJ zKbNJj#3c(h2?^RU=ihCSry?Jk-N}GEiMt9J%%ijF^4MEP>Z0l!gye%_hHlJqUS7;} zQv|Y2CN~EgRecw_<8PS7y;4F3gVrFW%|c1Cc}p$V$7r>cEHKNo6miAdf~F9#W<+B9*eMsL&OTIH{aZ)Ta0WB^<+{_WnbW03CA~V zoQdTZo_QY;@ohIWy2hJv(ze4`VBcTG3;rgxqPCd3uo5 zQpnGYgVRQD7h_ck&@}`c$Uo>aY2*;pcg~q0;lByh($dP)$t8rXi@h#}dd{i+z+>Lu zl`SX3{lM>n<>h@tOY7R=koWGJoekg`!y_#m0yq}rYb<{{k?T@dpm=3LrpZc7*9WQM z5>i$gylxAnN}KEghFj3p?(X|Cl05qs@6YpZ^YNoxZlThpM3L~2wUkzMM;DAJfR6WR zB1r1Vhi=Oh7$vqjyYbMg#+Qe4G%py7Z}f}Xdyxzhg;lcBAxH|;LmpV4@W3Y+iI@<$ z2_06cuX2(Z6eXgU?98vY_v&KKMk3$@dvmI>t={tyj?cZfdDyS36NzG&)gzvA=rFqF zL@~8N*Y)KtF3tWu;lA7a3!4%zkhv)n*Q=W{TM3#D6kdBhcsh5&%{|ulplMC z(rF$H0IvJ_O|#v2ILg{o6j@#RW=?WXhz&gCV}P@m8#c&{0-j8d2!?+8@JspkBpq7i z^0;!q;*edxh0JAO2vAtb!o^!Q-{+AY+5~R86%T=I!JISx|9&yrPeW>7-Y{?I_%2NUMY; z5W+!_T?;!T+)3}ZQv)QNvk<`&jydmzcmo~el<2(WYqzeizR16=iq??y0$mNEma9O% zIL+)8KodyB<6L});10Q#IKId0Z)z2p$`xp8UwP>zZzuLc1wUhOH*uu|8pYif%Z+v% z)r92pP6jT=rr~*4hjj146r+uZ1pZqpop)5qn3!xhSKWIfK5%aCAc1u#KtIhW=;g$2 z{(0NUi61~|H3>^pvVzXRz(hGguNTip#dXn74p;iB5f}rN>q>g>08`n4QJEJ)hMN9C zZ<;a!Z{*tba=`dhPom39FZz7NkWhbKXo(}tWJmhVoFTMO5TgjgB3x){5$ghUbiU-7 zB+E~{`IJuHaA;+{fc*gGjb|%~tC91&zy!Z;NGuz&)cN);D54b}<7D6(-}kZp?%JiH zt-%BMOQaS<-i{CMLZ0EF^V^Tc_C@&=b z$PtD=g-7utlg;|gXl5CRMfcV?KAY$lm_9qo*09&1QR3X4c$ZHX1X0q9J*~7UBV8A& zB`5@C_@lT-n5EK7aWAYPMf``upkrqsUPvzHU9S7yL_4rm{VRIu{N|5$3FEsQEM#gs(oM#Pg8TMDfhX<4|+zbo@MP8w{aT$sZ^>WT9cFp zn^i{D+XWA}f*|X9V&LPeN4p?sZ!|;QO;P;8mfj=pSotGS(J4Z|04?;b@DK3wd=t51 zdsnh}pPm9-%xU)t7))Wg1+8;?|MFJ5g_1~#ro`P_(6H>CcVYOj*WA@2Uw{SfqV0ho zDrnG`2li~O^H!+K>01%Wo?T@WnD5i$f%^JIeopogA&grA_Mua4m&Mfw4pG&DKA;PM zj_OOD4%I1^00pgDPgglhuQC9uCyM(24_9v)Rn_-}jRMlrT}Kq8OG<=8cXx*%As_Cfm2Qxd?uNsmyHh&v#^3+F?;ZCGA7C){-fPV@<9VJr*A#g4`ydSzSOE~D zdWlgJvOUJwUNh!Sx3V~fE!Lf8{m+78mS0p_W)id|4;cB$`)y_|WskNPKd=s&>f(;? z3U;@tuYRJHb7-7G--LN^PzFF66TWUlu5iObpCZAYs7-{xUIcT`mD|r$itLXAgXG04 zC)hHbGnJ;e*7UP>}^R=dBIbNjoAN{ag4e6WaA>6QX1A*F)WX5ech-nlN(&VDXqY1MWjz!}Kh(7Zt<%2u2JPvv;6nx%S_{MEfa6CW591_?I1N{h< zfb|^8IQ^~8d(G}9DyiJ4C?HS!zdW9jdixJE_|0`h3xr+<@PK<$G!5Q}2PaQ*EGoU-F{=#EVMBNref+uQQ zW`=zLYfw`B8@Tod2bRH3v?xFQ;YOMbwt=DM@L#gB2n>I1r!^~EE&KA!1}t=M>Jz{p zR|7Hl-8y9w$x2On)7j4XYUKEI&62$YbOTdaWL@ z<0w#`6zaZa+DQL~v3EOanx+(BFI0*H0(x<#JKA8nTaxZsOJdxnJf8?;5B1YIG%!>g zh)Y_qQsxY8b6Xy5uF$;!Z)U&WJq14?=xHjgD-Y2$;`lMfo)re-MDwO zS`mf57$NvF(11typ_p)}d=)5C2~WEdZn~u)omxP-nJ zXsLR+z8{Pco7Yow10c3^eo;O0@w;bpNWoXwtU@c*swu|ai1x4ILIKz}%V1j91(pF2 z0$h|jM%lB%Mg(gB^Vu|e(Q4hRJry=ht?s;pW;M#ay1$kRN@eZ*09ZHQC|5eZ8#FRB z^qRK5>zq_u&YK}W*!n{_8n9HIMQdsGiU<`-5mICpcTB$b)!>)ZK3Rsl#aro(&F(0cLeM(I_1@64bsUjzn0lRhl|L%_<9w^9#wd+J8P={ZkF8d)VS3cU+xNlyyP9YV~~9n67q(fJdx^xaSeM!39%f)U-b z&5*PU5IRw-Fikb?j-z!=b;yx>)_DB!iJjnlNNra1punpv6|lIPM!y>4^RLyR2?o;k z?D#TqRA9ZT!FSe;-Kl4KAP!eYIS0DrkvabEsQulAZMIXgm={t@1(1A>U^2)F{8RD$ z&`w%gRAu~>j0l)(ETi#bJ|@hk)ih?&T^eA3x8rH2SyB`PCqx18?Zb zSSEa_^nKxjkqz+*<=i_!00%%WE@tvtbPKY#`dAuZw|sKeRCjR%t{gT30fL&CFQaZI zLB$Uyf1X}UI5d!Ke{Q`p_n)sUVukESZe4ApWxFtb2oAS-TpWt|w0Y3yTe2L$@5%P+ zw1M%3$DDX{IxK?Pq+5?KnP|pg3h-BAXa8DGhiUo2QiBpu_%^?eIx*T?A>yBRMUbWE zd)EfByrk!1rm9W1@7&*<#mD<7Y|Pp=MrHkh)(zeuyA}6mlx~w`w&LGbbuZJkqv|4R z`w@@4MMQo0XeiT>B_zSivAc1#U0z)U=Y=t7 zfe`gIaGIAdwfAOKI!^G4{_1{V>iUrg+|_i(7oY{^l8dD zhah|O9Yfz!+!8^(+^xT{EVe>KeG?R+-s((6)H-xc|4#NM%)!0B?D3^cP^upByK{=& zLNt&I*r>unM;F!A{hn^_YQ>7>dP@b2MN|I#>Bry?v7ED#KeHE{{Ze`Vch6C}8Ea6L z$BCg4o^12uf>PCsq3=GTIQ8vPRHe7m>Wp;iS%&>MK^VtBM@sM=j2cw~bzCg1m}N*q zk5Bx|>t+$1j_iuQfj4nnHCC^&7gsN68?~{~jt{*)t;qL-Sk7C?b36kYxgi(E`<4BL z)^Ws=)xSkxlT+$BbxT7_n7yj6iffDRtZgIi$o=Jl7n8ruOx`;u*uO=Y?+9(=#>4X- z&Rdu6?dyO4KtdjySXG!Nl)?&e~3au;^A zG2iHhj)^&z0{q5_X3)rsC@{#6YImI*1=DpO&q0k=oOxuzxmRrZ^T>yFb7=PB2eaD~ z$X0K~XQl`Y1j>-z(09J#9B9Ha5~3Gfb4AinT&#-WgvGSe?)O-OYA-82an(-A{)g)y zobLCSS)l0pyZ=N8NV{D3bbA7grWR?dw$U+b1t2Pc0(A03GGKIBnf}a^%m%(d!@_u5 zl(x!5t?@mD|BHK9Xtmz)H`%YP{Rih86#5O@Q}R!=(CkeI2w4&&vu!Z@7zqW6QzIMs=f+!h1KVN;>Qk9B|3Arpv+s7yr9rAMHZ;?Ay5 zOvs(Agvc$Hz+#DVVzg@&TCuMc-bQ{v+K`7b?hveZU9 zr}E7I-gt(EX@G1G9sq{JjrCUSfA96F1jJEOf7br=a?&Zw`DV8WJT%ScIj#2v9?Un+ z&Zkp$X@Ywxtn&plANA>^S4)o$=IBVJF*O-#e`)=S_L@Jz?oGe>VYnhwA8cYs-2&Xr zp&%%@C;g*InUT^?dqbLYfJ^Ij>%fF;$}ha4b%?!=f!o!u!hcz2kpd7HS&sAzfh98% ze0J5SR;l(skF^UoFUwIGcBgVr*@zcF%kQJ+==M zl<>gN=Y)e@(9qOJ_5BCXx#M+Kx>o)yu9x<_{oivwCS{oF_vFn0qP~&zyretX>W;zU?Z9j*I%1=f0F(iag;*eeTqEQo~cJ zt5cf63m#0Rbf>+73PV`PTOxF9Y$;81fQW!j`A6c5<2TOPe$Y~ERH%TSq%s9+K-z`) za0(x8t=+t%tVdtDgkNy@Dwym$7)r3Qx--KZNairY-GgmZrkCJxyde>owOce{6TOMe zOtJKehh>y!o;lk`9lyvvp{kky%zv}FyUMSZ;Om)kSXTGT0!-ErO0BL8pda7LbgPdI$5T{ z^bm)$6)mbJUr7|3a-}198LN%AF=aAq-2*N58q$VpRaB0ujAx?LenI6B z`CdUz4qRIhWRIR6sEVjO0fv`*Q^wuz&j}U+g{6pSVqgr|WArQ`SiK6*B~D_GLh)z5YkH-)G)G&kzxN5{fV}Ev|`tLo1m71p#2{zu5Fg zp6p>BSGU20$@g|&X2M>7*sM*ty)P0OrdOft(dFO;e*@eWR<-#}nFLPQsF@6gsK`cBXlz!3r$@PUn)zi zy8`)t*a;cMao3)z)s0q3m5XSML+>i$#0&g?AHa|f26G<|XeBi&bVzfy>3Yo5)~XOS z0KzsonPIDf0wv{m+W{)`PZ{b)LokV15k5l=2Ux(;BZGxj*bg$@3URp`RAtCZ2W@o6 z^Hm$U!g%0R( zo6U!vy>Zz&Rkz?}}{qu@bR-%m`TF+RfkB1YsegSv+(P>?C zdVfEiujw5h##+d)?20wTw0!bCKFl)4m1^Au$yN_!F7rN@w|qE@&z;d5E|kB0cCmb=%*Thlo$?oFO) zJJ~H}Xwjj-uz@fx@lP$hBa8LeZ)Cg{FZEqMT5KI=h$NT|EOBlL9kHD5EI#exSIf@M zKJrKzcK9^>0?`@Zdfyk~(|8_QlO}w~D2hisF32q3MLVlE9=wo$E0vbw#<}&K&VVFU z#OEzS!3;1YJricp@#b~$OoYEsj=$z;tQ1O!=j~DXCEw&Eb2m;Y_FKxRyN~c`5MA?W zsJCH3g_iuK3P`J~wk!i1e#v!)!MY4g9bBL6DDx$k=mN`oDmn#r%_?qx1Gib{_AB%L zWw#{4GUp4w3C*p?ia4c}pM`eF5v*?c=WM}OxDid>bKLWz!nW^S+`Mn@_)L+zaUe2@ z8%D@qVLlroFO?EB{nAK>-)4R~{)5z^S*V8MT%?lb=+e3S)9ubCWQ4!!;#EWKK~zK% zH|C`iu(3w&Y&V7SO}Hqe{$YT3phBZ^2nkfwRAJ0GSwtgRAIvugdlK*DI0ugD{@%bH z4We;}^X(vnWzGN&)CBa3WI0MBjnAc4kCnDq;NYq)5uC|n+MG^|THRZ7yWhA=3`P49 z4np5Bl1+yByxhC1_QjA-U<>UDkyRuUR$Bw4$7n%GsGHeVw+-#NWjAChC_$wEei`DIa6+R-2-}?+NHeZ&VRYqDmTQ^|^scui8nj00y?{e`20idfmeeg!8`8E4F zm-0azoYsnE5==mu$gCr;Ia_T(+I%o3^D#QP+UkA8sN2<#pCNO4m0s1b3eCpTZko@5 zeu_Ihg~yj|W)rt%31xI~bd)lShK=6XgGGF#uOAkEV|B_C69OW24+tE_zr~wBdzkq{ za#yp8-xKV0{%mH59)w54MGET$NYjpbULn-kH|Cf$%FWp6)(4<(Nq zDPS@+AhM0-V%Ly<2$5=GC1?$99Uj(rznWOsVsabdV0CWIjo&LCBYU#wIB-(u6z0A? zlLe6C+`5T=&n-6A`k*OY4X4hMKkK7$?5c`nTUE=Bo|}>~mC9&Sv>3y(Z-TNM1r&sfdybBu=z5O>Y6nOyI)!WC%%#Q|11ljLB>vw-R_J__b z%Rglpx?G1Gv1h~Clx0eu1sP+u=za})i;nvgAoXyW zD$xzzr>vpe)4)lQdSI7~{UK-iv9rQL5ZU$DHmwr^K8#8Cho9czDFm*wHvOW&9Ot*S z&k6pctNHM@m9e_hM5a(ZT`jsT%JOoQ(6SATe{Um)O=O}!F$jwz@QRRoKEXVm$?*Ie z$RGx(eiYG_AF)-rUI}IW%GI+Lml#b__)2B)3xW#T(biuH|daM@iniR9|SPy%0b@4)7+UU zN%Yf3E{*7qlTpDt5n3qIKAbe>a{;O%P{uXkhIuF~#}^RPXFtNvY) zDr7^2%6~hF@WgTzY>!TV1A?yCryso0pi}>=AZ?x3>Zj<0CBU#0`INCtWKt8}z}EB! zqH_5QJPfovKT?!S%*Mc9TcIII>|T^`Q;D&6E5xuvRSsUQ9b9>hijYCg ze-)^Fl1@*iL*YV&vOMSq#@xw-{pe(yt$k(1_+qLf17OH>=yRtk*91C2xN-XMft_W!|VU9oiR9Wf9P1as|PlP8L9Eo7!PjUcQr>B#zWF>-Q#A$!9(bwP;o>B*bBR zS?C!>yg#!&X5S-KjcUJU)=v+UI{#-gm(T)zUQ}q2+%`!N2oVJWDJ$#GAG6kdkYBm! zoWm~QZi}kFC*OfR)V~AZrDz|R9pmmszVe4NVgNC8mNsKRkl%T8q(z1DjyQUhO*3(Bd*SVPLrJvesT~`Z~)f} z;^q9xkN)Zzkd`gw;&r|oT8efSHQM#YGO>O3Tq5HyzZ2I3~j#o8cVoYc*O!P@OrDiEy#TMR6pD`h8ZMoeJgaef_gfonO9|dYwcPwo&hP^X&FeNc3L( zs>40a$Q?ZXpSqGk+#c)O**IDNubnw;_B@q+jx$IC+p!BZthhv?osH1fD0@tpB$t`(_f3EN8e$BWt?&2te})UJ{%b*IW}HKiS-Vw(c!`nOMeye%w+4C#{^c`t8na!lGj_av~T$XNBqeNqHpHflQ`(6T{=>NEAb z>ixqIl^;nMP~<$M@}3P14JBvT(nl@Z8N-`*NrB;FXntD{@hzq2dDL!qmr3`T@TU!Q zLk!o?0Rfz*9q5WlTy$OW+~z%g(vcLQ)8jwnRu%c3=ci-o6h_L;WLS+Fh-_zTCeL&y z$*2M#yqcPeU?Ft|@LGg}@Ix!6Rk7cHdZB%`nqd&d`{jrE$gPP<@^LLQm;F6iSI{g} zM*#~i$%DE2(FPYAd~o#TrNbVq{K>`PB5CR2Ol2^w`+ZCL{q0{B=bZ_R(?uMJK;0;F zrF{XY_#Ri<)do`*?eF`Q|KN^hr2o=0pc#PC{DTdP9t$@YITzazEt7okYLd&dY2(pc z1=4|ZAxgP8dfqJ}a`Mp9=4<)iBA=E-71IUvrYQt$z&tQDm*;{o5yUmzeZbd7U|I6T zEWmKJItS0|-4sIfcMt?!Ndo`8lGtv9=&GD15Qr;si&wS2bA7fe3*Nux!8*#6o$r3U zA`40xhB8E=LC0pY53l|%0th$X96&V-RNF>CG>lib%mh(7`dOrUu6*b;wUFl*i~fXn zyHmxP_eI*p%=a<|-wTZO7Mi>mY65H*ev@Au%uAFQ){o@K;NrQToS$od42M6Q^m8Cd zLIj-AS#(Ok8w8L6{hE)VzIWH}&UPkEBfwj6#AhljI33qy;~CZdyo$=qd>%o`hhtFl z5&tR(?BWR4F4hmN!62k3I%D-u3w%ln-W^B$#_b@rY$j9eiT80QY0z=wZrDZ$h+;;8 zP}$v|98(k!+*mjv9(8>2HHVlw(MuA=3T`Z!wlL>pj>53rFaeqCY zufiu93w|;=Tq#X}_z5Z&9$r4UaGB-<$PPHv!mOEU;QD}j&sp9SZZew0Z7FH+nF%>$ zC|!u9#tVO9rq({gJ^Fe7#UfA&BatG-$I8B6`0YWvrv_-Eo2ChRsQ*rUDMujaaUu!a zDjgEmWgAL-W6>dT!6apm$d(FUS!xSdx!aliX|_3(c64&W_0+Y&WtZL$pSVIyHDr&F z=z6!bWodW!r>=3676_F6PY?G0er>DXqs-(;-wZ`i(|=?{RZ>d&h1!bbGlBL?UNB)e z?q4iHfPzqPca=3TE*e8$MXZnzj7tq(Qb<}(CE6NT^MMHk3U(Ao%s03k&sb)JGE#)O zzkq3EiXzVa_8@dSm=inSo54O$er+2DJlyHD5+c!F{oN#8TA%!>L$er7V9;e^d2_zc zXx#kUPja$Ii|{Wwmw5<+9jP+^4YTIO{KIWF<$!;l&2EIFXcmuCpkEV1id-21fOkqk{i{OOi*G zn6kc&vCB^6{H&{4XU#gJ;qS7}xBcsE(G%7hX1g(L$`nawcD`x%l<$?21L=z?%>Mks zcuxror16uA+`W3@LOIb&EN&b1eBJg5Y2rDeU&3ZyD`mWw%m2bQ zf0=mJwpG^En*OBRdhk6~#v3Zz25$&ia2H5~mW;NbFZ_|jh=Y7)4U}`g#r<8)c_BC(`RSaib z93vj%DnvU0|9{Ct6cBl9P1Qs|CxfxO-;ZN# z3T9%u&9?ku9f+deq9ciEfcdRV$&mf_;_V7-GbrG(@@y5 zi^Z(?`!chXw+C-$iA`jXQbq1BB~njbKD7n-1$?fnmKTxftWx5OO@grmeQ(K}HiwAM z88L(RdcFfS&W8&|5z*OU ztdRlPiQopZ)L0tTeR@Fx%i=d|@+77PZp#rV)ToK7B@ljsUd5C$v6194QBVEZ1}HD3 zh|V?o;0|X9lj8mr?zuvYeW{eKQtqz#FDz|I{udD)Vl}>fhA?1vZ`cVJPor+CWOPTM zaH}?o6_f2_Y~jJ=Kp^afeUJF)56Do5b;Trq<#a=Z5~%)=OGLdHI^?yI@QksmU^T2p zSZ7Y;zD*Gw+NZ27|2Ph)6FrpG4GNb}i5`L~{NdfcWYWbJuz0H1PFEc#HVIa4+nI0V zL&XILkP}`x0X7bc-<45}vki|qo-xUBn21Fi>*nIHyTqtbGF}

9G6wc%oU_U+04o$Vr09n0Q5aokuD$EGKu;ic$GCRaI!aYUJ3?-4l>lXOfZI% zpCBdCtK_-H4+kSeeUa!wMZf(X?&p~3(hr(ox+5{DWyfhN9S1rOxi`89f}ZK0?M#pF zJrT1kWCVw!@$gH1)96?LYba!A`6T9CvLI_nakuNkkk160F^4vvGel{+-GU`SY?`AH zo|{sC1y~DFYupe9DYeFW0HNr_h@YGN;tQXk)1&iHG;oSF;Ap1!26XZMBh1&BnBLdMSUz7F94!0M+IH>h`20zUuK&&obS*mzsx#Oy0DLV zVTS6>=W7+wc6#@VqhfO)>YnyGphh80*cX+!NL#e~83gN$WI!*3yIUnk`wni}_^rNT zWtfrs&e?$&%1ubeq`m(mbo7WQIUrTX~ zgc+NU_RoZ7pmjITwI7-&blBfYwPmA7o#I{1IADtHcyJZ^i;K9 z<485WP3bz?>*dDxkTlDwxUB7b;|MGj=u)1bU4zxZWy$abcs(An=jk>gT$|5rLvU~I zH=zo(2=Teqjb0*$Kzsje{|efd>2GI;IC`KU!?9Q}E03i$YK~dbmeF4+Dq zECuE?$aP>&n`aQcmhdu3Fe&>TdU^x}uY9UI9nb==wU5qKNTjGSm3t))nDu<;%xOzQ zR%H|qY9&l_%;*p{w z&nT0+`hrf7EB{R%fz^%eG4bZt@lQLv!D&whrb2k0DCzTxoe=rDe>y}=V7oRj+#P9e z1+kNGDy1ExRg>`=Xf0Eekm^{JvCbt88KkoVh?fL?6DF5cD9(ZbRuJUQNG6AXL&2c zyM?m5Gh&8?H8tno3de5-V_qe<_N@kw&OYr?;pzs4rp^o=r{*0C7|o3&$9jC-V9N*& zn`9QfZyhw|R6!7BKGh6OXD8ppxVGN~w&t&Fu$~E_LqrZkhG)Im5uPEYMI>>VE|zQ& zeiZOozz^ugs=4IcaLK);1oO}TSt!o7cIjIo{CDH^PL}17avK@=EfV&NVf%{6asc?1 z5~9H;gLq|GtA7gTntco;tMCwFO=RrUve|S!{%#PTF>-P@DW8El@UUN5v=iI9&S9xp zG&$zxC+1;YS^LUUANi47(HHPK^qRfv-wetpfNjsF8v{u+h|Zw>n)#=dw%qHlAzm*B zQ@?WFx(Q}Gncx(-Piswh3_<`Hg;-jLz*uhp@)akX20#LLl9*i|rf34IgQ)xhEiT!4wZ(c$!24;GWO3smm*sN$kdg z74?;~fNnQ_nS?PT5gVuDiR^KX$7!pYv+Z$G9X~^|iWCMc%QGB!AdHh%Bv8>NxogBL z-t}b`)-?~_>(oNW#G`sef26}Zx4Dj3yyji3@+3q(r}$E11UG?oyvqzpkVjz&r^dK0&wSY%uVFRa zo7VH4jy5kcCF)9KxI09S_Q-m3Dx1T}q&xXAAmFoFF-&GfX0!B6LABzeoT^<0Mms}T zJ{`dxa??}sNA>}Qiwf>VHgDi2(=|XYRW%wl2n9Ho!Vziu3UnUcA`xhDs7XW& zziF@<>*=M5wcJnVHQj{>d2lr&WTB^@M+z*B2FSnwhm1FOUFyp&xgQHbsZ(BD{sb5m zWAasEqN;3*)N-U(H1iwX4o$&=W2MK=L$MASI$dfk)9iiq<#e?>nzZGKW}Z`?7M1%|tF>2aowNvT{jm2>)2VMxWpY2HY7r_B*`s=h@m5wCA^M#4Ofmi%AP1TQIr(@Vr^(7o}$Xa5*^9NRma z`!9cVLV?9h=OmOYZzVf*=Rq#d8|_trB15KtPekv2yUf2fY;q<>2`3Vr)So=E&YucG zH}-sUdXWu`xXDuQ&6J}(*v_++Fn}y$;6gw%0WQA<|L?=Hkgs|Bhw(WTvd1*pQ4wD= zcd2$teQI4ZZSodmr0zpxBuy^<}|A8MYBH@kkTAK+qj=c6IJ7Ip4V#dw&wY`AUY7- z_1@0cdEUCXIQb|1Sy>LxNy-%BKG7SGwI5_$SD`rUS;4avBkfabOd6TiyLp$Z(;}bl z`dq?21lOM^Ie|>XsDwd<%7J?DWX< z;#}xY@LE2F%ZJR}#8KS3;%cpN(sNk$6DL_S=Bi551CjDtJ^czBocBo^ct-W+x$avk z4bEE&Z};TYD(fg!L6HflEaufwr>dbsfd-d86F(v9mBOt8YCtAv<-IpBUAToDA>W2G zf9hsEswH`c7m+0!L9#F0_TAd-7xRl8#RytH-=yns*!u}LD`W44+TgYzWaue!@N-ll zkFP2px4PGJRwg@Z(mBVabG(}|?QmVKT3$=7kEG8Ds@{o2?~#z3f%B57!oj ze1@)CMo3huq>wxIe}uIF3!nT!{ba}bjV)!(^6bH#sZ^ILfy9{B=QJY&*U)^N4du;P zhVR8QO%&T)KL`!hw$Q>_Gg8s+K8>LSM4V=GSktV;Yiz;SZLGAL>W}UgQxeJ9!8UEc zFOlQz3*)xm4xb@!b+ko1vylQI76KmfY&!msvFKJzI`xG*2Qw^yp9v}WWMc#XqdRjH zcBwj@K&%sp0$gsSY!&BeTBQ(7=Ab|8>(*#=wFM!pr#%(Ecb*bLVOZIcgG9L!YS5~{ zLNIHERak_FAZ1URU!Bj|iyZ|MFtb!kG3cvlg0P8A$F@Pm2nh$$P#3@J77wd@vZ88{ zL9JajGo)4-!0UCVLQVr=jlfj?99r&H1EQK;^gMCNs{8q9XcEIJ5XWs zQW!YNsvba6bNp+ZM*OL6^j1_bx4e`+6C48xh z9zkJ$e}AMY)%#~21lp34Utk~34(6fwypr|Sis9-8QNNxF5TrS08bYg3A_$=Uhx>JV zeW?P-(Tw831X3*4n?1T|qoBB)TeGGK7qngqIw^mRm*D^_QIkfqBR{^FVZEn?gA?P^ z^(T9y8&2i68Ge{X9ACbC2|-hF#(rTRMi-GqdA^u%&kSl4KdBpd_EdTAiZH5Yhxl=7 z>e$7-5G`}P(l0MI%wu_l3XMPPoYSTo7dY`Jm9pxQr6o_3#NFI_kv3NU{qGNgvdVXp zs95(OLY9|-pL>UKHG@)Bwf5r1S#kk=*eC;V2U94Q<={tGU-?;h^UgqR8S$R1&`Q|t z`Pmt9%#yQ@yfsxa09Q0L?(1<{O+(~5q}x}{L_cNbEzQVkZzLA(l+1PDqCyFEr| zMAhlFqNg>cSEfyGi#wv&Tu(zVcWT;Ma4TbRbAn z#Z+0cGcyBO-tTkbBb-8%A>71`HTMjz;dl{j8s!m3_{6y}il=(17k|A~7gVo(nGDK* zy^tSP{}DeH^2*>$J*WBq%+Hwk6lp;TD*0CDSS!%zOoGq(5{Idw6hSmh!t8{Qb7?@N z$i}TyE!D&L-fuj;|2FVsHBO%mYZTH|$%hK<)u1O8W%TJfrAd}*cDvo+90_b>klYIi zPkFFc$$lEQd?)Sa`z6AkDve6|#gBN6;2M$9=)bUSGwh0_C(tQxm9n7B!Fc2ROtH#q zPLj;yLS5u!#-xgRjls2Tl#|c$e`o+WoHzSH)_fopv4!;tg-)1}$q`8n=LKAtcXN2= za%(kOGK1)~qH&Ln&ad`!>{&CzCAGEaYFZT!BfW=vu-ngwR;4Hlt!!1!^TcpM1C&R4 z>K9q}YJnU~kDKiRO5cUd>{;Yf|0Lh`>(F8@O~$ZyAiw=x*j_(kpOk1{6qpW*cQpZ_ zz#ud~p_?-zG{K&e%{jX7Z@g*D7ozVoa9a~x3_22AcY>bHZsu;~K9CDVL;87-JqRwB=>>J*{koRQCXnC`?et=L!7&?BKW|p`baTD}{ zq!8Qu^INASd255}shnaHKt^uuB9eu#Lr$NIYr*|jM)e-O-(p?>WelwwPP;#Sm&wrB zTs-LPKmVNb5LG*>l7hVn3`ACRcE=D?VBTnr`ky78a94ZJI$mC1W_k>&41BO-XAY~; zN)A`&YHrDze~RWxjTa+Y<#W(}LXC-+_YyN~g9ee}PRS$$P<~Hua9WmnU@3!30m2*c z`r>ku-;4DNwT!`>+-!vk`oV)92ReiR%`~CV&{agh+>-VC?PK|Fv-wmQ{Z^(~M^9dMkgs zG>#iFP)iHABnjU$45aW5A2mBNTtqIbt?v%oR$YrV!R5ShKG8qN;rZ>4(^cKLpCWXG5j*vk7U&hA!N z4AUdLFw%sGcvG1LM-WQ-Zv06q&}w;~+8+)A2`T_}0A!cKLmd=ermratCqD({$JgUp zCf&N&Vb8PnRng9=I*MAf$(4zdE6s6)i;M>GW)wZ31oWQNy@V75G)rFu@Aaie6qAMU zBlUT>oL}IEKkC)=-9Fg%@H4S|HENj2d+3eR-4BJu;7VJV^A7%0&)V9etrt>|wl+u! z2kIxYk@tE+Agi*wAgE{78T+lyd$}T{CofLLBJ}B=Dum8jK8*w)H*3%;C8Oj83omPw%De zI%(WB*B)MfljKq}b-?`i+?ZpwN^`9zdw2u4-4|~}YlDp!5)d0wR_Evs&(0EZ`LDa@ z87^#8+NO-QR#J^9A|mSRC{@>p`OKddPP?r)`1%4q2Rz5L3I;zJi$3?{#{x7WYo{-z z_jsE<$$Xhi?bf+apt0r(Hz)5G<63dnQww#Md=8N7tL280OmKy?zOJ{7H-3Ggf!f}( zj|e3Sf;Bs!;d@kXw@OPCY^OuK#B7u|U|G~nHP~>Boo3%d0n7Ou;s2v0XvdA4qmdSg zucA(ChHatMi2H~A0cthP)i+u;9s;SGGoHWYR?e$ADb-pr=f;e*ooNnyCtL}n2Jnjv zaSG~H*3`Hgbr$0VKx|lgDi=UKo8JBDkD150H+&$m#^`VivcaHfCBV|{_1Bb~`f=FA z@_&rE;20U;wH}{G`P_O83D$Qc*khO}Qe%NAvdX1(Kk$@Tplx%pMJM3oY;@d9Z;iyo zs}*O4>~!7akcY{L!xb5%)wji~riRBxsRRROR_0juDcyYWI@qFkrHa3!7+xa9X7 zn;P8yZ{p43S5gG;8k!@X?lIc_oa)O%9^z&g;-Ttz_aQO6hH<5r?6Yq8ZC(gYl3OT^ z!~k*M1t51JhzwE8*9UeZhyjNB1Pr9aZwKR803?!m^i*^FVP zG7Gd68Rm+k_e5tZxL#kOU`6Gz(Sc({E|9;{^2YUfeVs`1%O#m>7Sy*Xk_v-5z%ofkC-tMvFNh!^A4yOq) z5RhoZm;{G7-i3|IIP}kPoXCtN7(yRa55{jb%|i;dzbLjvIgIfad96%2;Lk71nFMdp z{T&}!?2?P#UL+Fw`)+9KrOk%890*jdb7b495=l+|w&fP9=*EU{TyqK^7?y~60>R9CB?rSde`90&9IxNL2Xe_j9cws@oiC*0&MA6Ngxvm*~bKr z#GG!}!1JT=VlB6JrV>Ym{uThLljS!$$Ztfu(BPo3w$b;MKR~ODmezGEFQtTTed;AV zsLFAh`B*j7u7)Z2N0Ui#$)AF`>y! z`50*?xP|;j`O*WB9H)ZK&rj8%uJ=~B;5p5(W7^&vTHT=H@5nN-W z#)CgUtHzAZ>}EetI190EM&p3s_2v}nhJ{s-?tN9ViBWW>;E)PP>c27*R2k=F3`MV$ zVyNEzKu`{VGrlHVH59$7A_LRub(y)4{w$<;U90D?X`fi5NPTkNp3$4D8xMBc?rOoR zw{3oQTm7a;jfDSogIYeNt4(0~&;Z3!y?m49(-**LfUL+Kmj~xecH9sW(n83ZZ zr3;+an)}y$7ABYvHh&Kv=jIQ70e4<#2eV9qL0qjuy3OoJTwR()&ATlANz!%Ik zB6`|GrM9T!+kdt|nUV0GVpI$t(0){V;l3a(e*03nLY?5ss6?IrQOrq}?fpg(h_m0y z;-%wDU_zQefI1ICZ@On_JYE&s2=FH$tVBgZM`~yJUPV&Gl=V@;V&oERt$!wP#KSp# z-E9gZk7JG!cxur07$ePNnb^#u*c4WI_)u-|-%UCCGf$4Ddx8px9Uud2omxdntMNEF z3VoCCEnV|ds0ijrB8?H_<)RltpFBs#^Y0pd=~nm%ivMY6ir+ZY@bWUP3JMA3P}}Te zOl59^*IZKGHd~;84S}VTZ6*x9SF>sFANisMM-&*wQ*4Pw>3yjoqAaQ1JeP;>|9;TVzR061EU0hT%{&Q|Bhp(KSsKCRhyLCueRYGUkUM*gmz_Ww_Bh#M!F+dWiIvA0c1c&j= zb^T3w^)WkSr*>+Jr}#51i&1)){A;UODk-P&>P;{oMe(M60EuTqK}}7HE2Tyh#)cG8 zn)QSqHj5~gq?m(@6=5}|YUOBqBL_i>dR$@WVq$G|zE=%m21&7g3psPr*vz~{XIt;w zcR>EX%&q(F$P;B|WQ1-dY8GW%T1Fn5G1g7C@XsvgCtUG*q1}KTDbwV z3WI4|LTkaTuOwkZ;R$_Qo6wd9hJ=Ta2*&?3O zeMslABmfo9c4c%<2dYASq_Q4Q3P)Vo1ismvW^%qNkvQyq*>YODeeRj-1aQ{kz3h4A z6K#TJn^>w^jRbOM;Xis~DT+n{W=8|MJ3{X5;SEg5HFh*n;S9Po(f)jC#wTmN#I;&Z z%j~I@=ubCT@o;a=v-k-VDFr>t5cNmBUvQ#xBY^;Jg`Nrb$Yp)HCEOx9j~9xGw~r#)I_=5TBQ{%r~DQ4T}dapG45>PTBd zp9!FV^tAJ@pRG}v0ol%s1nb*z`KC|r(fCC|97MmAf8fd=qJ5CbRtED8(~oGiTJJt9 z5LL%8s?j)n|1wuZln4CMv-xc?tpORvTk`6QYx-G|ReLN~d{jSvyQ8xJ$xFh@|bIomg zGp-`CJZs<5nI#bn$~sUg^Cr_PlUHjyNx-o|6OM0_yp_5j~QyrK@)v?lGm`!s;JmuZD(( z!AGzGufTW+y#F`++AtB6i0LAdGJ*qYP_i4#6bxFGLB)w_#A$CF1FXrbwx?FR-qB)j zrV?#oVN}K8O#NW7B^p=w5&={}wHpKc>2DsoA}M=P_&Ctls_f?V6}iEoGqv`MU7%#( z3kj&w>H_6U14z$hz+%rw0F<2tKS9IE1Z8CJ2Z2H%OPTJE_Fmw)Q09DFDA<>|(?11@ z0Y&SP!0nRPhZFQl=4U<%$*sq8iRFr!Jo~G@M~PWWevd6L(vx}Yp?94)#hU#m^Ae>6 zJ&D!JU&@2bC{ScBuzAaL@KM!718TMPl+y)6!DnuN$on9H0}AAZWI!z&z&YL8D(ZcA zHmzG_g%9f3!kWA;ib}xgOp|mL0k4_CC6R8c6Zj_@6HpcX_c-Sz)n`cmeltY`4t`R4 zG3>dhRwnTQlz~A0ZVq>YZJUuQB6kzdNB#spEjR7NOoh7P(8paC)F zr=YYV$ouLfOY5h0w(XxU7>~`15!51YZ}}vGut2$$Ajta#fcA(%IMro2H16OJDWWDJ zq2JTs89(2jRRclnPEXa&G;k(UFtu-Mxmh>xRoKTfp52HdMpA;R8u zJq)8Ywg$JL)a?D{M!P=d_^eQtffdJOoMtVup@zG(WK2p1xWM z0?tO0V=o!_C!u5~QvJt27}dq2wLShubPg0%h8nYUfa`T-Xhk^%EVl=v7-reZYg)~c zh>7g#6s|Y=^Ffca(%4iH7K%#Ckif2ob*M>D$~?1z4lsjerB$@=CT>)-Tw0(|H)@pia|L%jz#VtoEoViUU&(gQ7boPqF$iE z$(xF+%U{!xu8YjS2kSkzsF!4+XmzErp+X(`^fy}=CMd+SH(l($?G~uk_w(~B)Xfj` z7f%zmqr9%eFJhVR1%g(`KR}>xt8{QzK$$J!lLC!2&R7v-9ypo$x~FOnG$Tdz)m%Ck zjuO3p;$pO-v6^*GkxOtzEpsgX!}3eZ?RQr|$ssFr|Lwip9`H%R*)E`hbpVokpPMuh^0kvlao*V`foub=vv zTxcXHU}LI?mjAQAdR0 zy%ev^FE(!QdOekT5vjHlYhu|Ge`DH}?=f5o3(8A7E_fI~#6YbSm-+6}En^GltIu^! za{^pu3tHXqNOt@FE9!+E8=|1iXzMC}#LJtVK~?z02A|aY@kdE3p)TJ$DO|q zeU3LU{AihiLPS_E^zL!RTkK7aYBP#i76R5QI3!`;z&338)ZMV293v@EiPmA6<@?-U z8c)i{$A@@_JH-W*O?B+@hH(qvi^Zb{jNxFB`}2I7L!(X+zM?{m@W*IB>Jf#rFDZfr z9*>oluSKnZ^1xiO$M+U&iN6&6;Q&E19{ET*y9(^_i@ul=gC^w4;j0hA)bZnToZSGzw6F85l$+`=5jkPG>UTlS~( zUqOMTq^A{gXuTC)8LP&8%UACJpAb*Hbu#EfkUdB%5~dOx#Olc{9m9`hxwgBI1%*j1 zVm(LEN*&b8(R}fL!LnYkQ;%pwGY5n)2wb)|@S_GidslK&1$b79sJ1wlzlZ0g(WIbi z@nPnyA6OUUPorH378WGusd87jg|u77)0lgYM6pZz%{_3Nar-;Xc&nfL)I2>uK0k9mG^*5JC1SxXZuGp#Pey=vDv|`a55x82O=jyZTk5JpZ7aI1i-tWX9 z;{FTB^$^w?iq4jVR@};D8DSi3(d?io;YJUa0^}LW9U!DApra5cRwiGnT4SNXM~G5E ze$!4Y(8?kzlph<9aJlv3fFJY(%KyAO2C5jFP~)-x6wD2vU_jw($tLUGmvenf0-u7D zL{w@=afV+RB|J<*Tw@1? z1#~-sGxaUKnL_cwU}6#PL4EEiPeHrJD&o?fV^8cg^S zE~=URO3uF1 z2i^^pXCOBhMMjvSY9XO6MG;6&cK!~jIut1i8ajk%Kz z%r$ibpNN7_2yze@WyhTp&z4*ePqM*%i1`Af! zFmCah(@i{nf+6h(;k>SLw6ZiQw#mi?=7WT%+A(7t@eu>*sX|$x)V$p*JR6@wtOPW4 z5RC~(vx?kSJM=zQi5*7!`&PA{-!Eb#7gRoTh*cdhA~4f$Zw(3#nH^*#r>wv(&~ zVO#8l_YU^`YTL1m>>f&uu|XzuIGmo;4J$l-yWpUq?ayAiTjyqQ_0>5%-DrUE|Jo(g zU7oiZKk~2czQ|t>Ky*;;@zDx!pmz-~Ll&9{T%k(E5cHR~c=gt_U=PvxyY_0bTo4fp zsQQ0?r4B2ySukH6+1rnR8G_d}Jt&qcKS-@%VIn{b#&0gy)t&^{-( zF5n_>8Gag?Z1zyNt@C>q+>_#d#;BHXlZHntx&pt_Zb{fyx{(BA$me;ScSUQOk^vc~ zXwH2q|07rr0+J%?u_a|wK{keM~@p91Orj}?x~!2CLI@gYNW?6$!;di7N1 zsu_S<5WNTazZka|5V|gZ=Jmfo?%uz;YRD;tzSbO&EF_93-Rqbr&0eart(v7PotL7q zRKIyn05~?aS3EA9za;tw3=up#)A?_R|0>N6y;6H09>Ia=+C{|o+DE;yqxplN9n|!g z_3Xh%aFVD1tQhlMqGt<`GhqLm+S_1fZNv1(I>Z3SIxd$8Caxug4@~~vU2>o12>Z%^ z`v&C!Gc&uya5BNB_KggdXAyfuZ`E@~_UV?bIB(IPQ=<6>0D)6j?>ON(rQhHDXAa(f zehv3jk@3;X-a}XD6=VrMq#Wu>F_6h%J1upRX69Uvxja!%f;L@>dOHUdjaF5I(ircA z8Pxfz7Uh8xbGUvn>Yt<-{>Otij9>VC{`dAAe~^j11GH~O`a8<-rU5C^z_YWQ{u7Zw za%H(p_m&(`t!h!$_960I3Fyhh0QORMw#T;;f-?1jAt zOGd0I)(Es*vrUYkKX+TQc>p*-|3Har=Tbm@E*YeEzm&W5Lziw#>}w6aSuTFSt?o(P zZ!j@2KaPg+uaEPCdLN}+SoY(S1#P&DGU_?$GWihUm8d%r3vQ00{nCD*1La+^a+dQk zCE#OrnSUN-(g3P^RQ+c?cd#4FL0uK*fWgT`qPXC`0X7OsTEP_1cG1}Md|73hXa0L@t zUEb3i<9YL)(HDUJowml(<8VtZA>HO{%eE(;yv|o|LSa#cl{5`@Pd^cR645BGwsx$K z)vRp@3*knUK2>PhJ&9pe_QM;m4Z}bB8UA@&q=7MkUxZ6*xa*N^;yLTIU{%HC8Mn|1 zzP+Icq#CX6vaGF{;o4ncfQQ7h%WT+)5?laH;rBl-duA5-pVENJaG~ia=@)D!Xgmms zyLo&h(&JA5l78SK3G>3{)B7aR%Kh=6sok0jBg^@cykNBs`uCduQ#r!0Yka$}eCA%+ z*55fE4^K}P#UARacg1<5pc9J6$>v=Fi~ek@2cY+NNLa+n>Zt16L!(eITZa41M(zE5 z>I)kkWgGm>q>9VbP{}U_zq!Amq$hid%6~12NA(q!v~#!_!Qse*SBB^6mHa8d4b@YL zzAe~?)zSq~mHg)#;7bTL_vbVOmz(VRFpRsX6b0zcspVjP{@NJCFunW8`5YW+KXpIZ zXzSg0j}^3>1+}Be!uI0Ar*%5@8G>4xKHsXuKJP%Qw3bAkSiTk9~Dmhv?3 z@t5aPMWPdwAT-$=&poLGVr5Llgx0W#%fN;!`z7QfL1&Cy(jE{@{#9cK55~k0t`wh3&Z0 zs4*#=e*A=55?eLYToB4`ENE~I-7+YzJXoZ7pZGdIfnpeKOYTUxK>?}0{ z(ubHS!k6ix&4YxM2nJ!IXFU^vFQV?`Y`YD>?=>9 z_PdwI$9XJF=39q-g`Vmp+w|YaKK&hzT_K2hF;%2klj=yLlU7enJ}D5( z^jp2Ly*i1US*v*4t5ht0S7#>i`r_%L%f8uPQL)TG9zu`R@`a5bdsJmkE1W(je}2~F z8`~Z4e!uyk^a-L(iA3>J>W@3_heiq+l3aO_!^OtIhV~7YnEWhm zASe6N*q1(n+q}n_q2KD*T36dFYWKgc^daHOdp%cTwGf>LY~K0FY_Yso_?3^Tq{CU; z8HteTPh{*U{r{_&;QWqpTx$Yttd4xB+c_tU@Z>-jg;;ZCK2xq8gPV-Dhvc`7YeLW& zOtN{;BONW{kbNw|zbpP@Aq6jbFHbRkP)-Tbk3~eN|#6L5AX0t4MFd$ydsmK6r6l z_hdIHJJwgZ)^fKlYO&-xie^IZ@P$i$g{VHg*V=iJ{!Q|>ZgmpB-{@6Qw`rl*WY=zA ziu(-hEPd`1r6?DKI(;Oz7v-(I9PW<~E~4V=YSW9@SUs;lbcjeud&K-vj(yr}=4*`? z72U(FpPfzoWj|#+e_ceZVyd5NCh{hpmg7D3-M!m*ILlKnvCaXv-C1imXrzwv+F6?W zKJmoRJ;!q4%yfCST(_ntP9&;!mDoTY_c9gaNP{AJBFdTP7EkG7!MCZX7t<6bA)bF_ zUUBSsq`+fd=S}YE{;6be?cKHI`>69P)%BQVOff{pxsfmrerqzvx1y~c?=c`J0ufH^ zAM`Bb_r;xQRNB$k(#ahXdkw>$Z6$T9T-W*BfF-#YOwt^oI%)p*(fy6F;iu2yq26+N z%(`|(@CK&;hyEQGmgo0USs+@~q@ZgRW+Q67hGLJDnuwW18Nfv$k%U=(96=fQNU0EG zt-a1k<+IoWO9l4c@wNFJjXGhE+&(J(+Gm$ozbH?G9JlVh>*AY;klD@?uU*XS!Q^y* zr~CAJKpVF~J-1ro?LYGyZ{D!;Lg}^SO~?B@!Y8$=eyE?48g~wt2D>tN+^bsqK^2$| zcYQPigh`B=#z;fWWZ{18^KNPRAsjsmOy~}@Bp&xax#Dr>8ig>P*iW+PWK z#gs81ZFXXv172RTcsi{zbi8);cX-UxE^fLQ?Z@m_cX`7f z@wL9sf|BIE6cYZa<&QUi@}cVV^?>vt1BZH&Toa2gzu$I}F81AIw$xi+L4Ugcx-c9X?1)1i+3+VqM`;u1SmaU>7DQf z=DQERv*FtQ^K(oCTYJrgqR)CV1EAJ?nz;9P!+WH`#L1@CYjf|@htu|yILp}$0iE`k zvJ69awSb|{<1nj95B+ZA=!gXT(Agv*vYAWz8WgX6Y=a@5}S z>MDcbCbD1N?wGmor1gchr8{9=8HbV?XX)Jh zq%t7ouoU?g3U7YS=m!uWi z^bdAo1}Pb(uf*5HFFbj=_;SZaI9uzdl>R2hEaXvn>61^i=8cTEqSQiX+wI0a#fU-i ztnF`UcMNk?w>UTV6AQVP|87CO>Wk|h-YMF(I-ffCCv7C>+?YrXR2bP@`pO0EdqjmA z>nNnW&jgRXx1Zii7t|rr1zIMCrz@!;|4V%0fp_4F8s&?nUs9FHc$I8rk~c}dqn^Ye z2y_Yz27Qbb5gVSURq1ug&+jdBgUK=2cmSm9-vKxe3@~> zd09n=tDZqEP}$43*b`vO>V60V>u1Fqa_Js_Yx@NVKXQX*cUG2u-|D62(YY7K%i6tp z7MT&kh9C8NW`pUO5l^n8!T7K)W6R$SXR-r#mgsaTr|V4UBN2 z_bil#w3dPm%(06(0@KRuvb3l!lHW5cWv&wf)gg$Dw?)Z|*F1|o6unMf?=%o0>#Ei| z7viM0UX)rj*&JDx*=-3oZjQhBK#KX0+MF(V1M6`pu6zG`G=%@6@V@x?(x=CS$jn^L zqg2zbAj$}=&dMb{b{J8X6xn4nypT&J0NO4ytfGX(P=PjqWo$hMHE}5tG=*hs*C~}V zHIKdJi0GevN$49w^#)zL@i8Rt9yqlv+ebN=!oEaTf@q{Rs&Ib+P;!=#1r> z%T(oYPsWbZ;V)J)m$^QrOkCCa%rajSf($F0q067q7y^I{a)+>-=ZFjjh&`!R3%EA1i{pkoj!jP>>bPe}Knfg1qo-x$v z+FlKfRn$ZbwC3qQ-@a|f3eV03oE0}GmHtWu{!O_aEW;gykau3@RxUZFt1Mi)wMQBR zA)p%{rND?2c!4z)XRUXu^B!jkhvYq4v6+oiE~}>@LV9^ep2WZ(bpy^;Il9#920UZ# z|2SJ*@g;A-eO;-x;dm-C>bMiR?g~(2uB(w9SYEy*Rv3O(KMkzT<|t|yP)RiIKeGt@ zW=D;ZgH+?}z~GCrG87&|1maPuhBGU4dajsIM!?`)`{i|w&S!4 z9jk*wh8%3Hf)j7^Untw2lbIN1tjzv$Dopcxn*OcmZiK?QrER_fQxx>5Qk56drO@Dt z1*^G0h^Ok`stHA3@Dw}eKr)ykJu*q24TrMq)_k5D;cn^%%-#mgiUrz{l z_KH~eTX>*m2&RNps(ElL=>jkO=fKw&f-=53TJXU78FV|KMlCNsM2F(3G_S&s66mGQ zVZq3I@47Z(ATYEd7~1&F2-*42QDEq$g9us}P%x!HV=bR^US5HDiNiIh0Q2$=JcC!w z6^8H+f|vguBy6RqkB1k(%_?K6%=c|M82(YD42IwFQ3_WDJ_qpCNL`j4rOx?z3Gfpt z_m8t;g};1F0X!%Bd*l}U15XzA>h8P}L%npo%y*7-N$~XGD}n!F%~wNgIVXpK1}sJM zY>qaw6)gN=Vko(nF_GZ?X#Xk@7J()f#pi;NK)85gSwDr!&Yd*C8X{|ML3WB-HZ#1N zA%yN=&@%-WaKJnIuvX^r2o;8@>dz0}zt)z~kQygb{+&nXxL3`H`}<}7XJg6VRSXny zSvZ>+kSv#b=D`Y8WUc@jS7!GJ!%J*t1aD&7q8Jpd2tuq7`FE_jgzk-m-6a5Dx_hj^ z1D;`knfWSXASdnuxc^H=7`)&Z7A+%=!(pI2)l!J)CoUj2K_d!0QfGh?EEB>ZLMEb^ zBDr9Z(f|TKNX8WvMoMyvHbZd|f zGMz<}8LU=wT>t}yH+caT%ex|V{oEH%1u~L%!&ulJ2e&cTjru#?CxDS}?b%>-P3?UT zewdky@?g1A=_6Op0Tu&O*(*{wI95h)P#jW|ju<86aH@JH3|3$+9QBnEhSa*8jJhco z$)Lr#mXxL9_B$N72Z}Mrco$J4GP`)rxeB`p`mgY8)tKw75YMm?qve0_ewVT10JtiE z_nC37kbl+1mN&1z0O0b!M6hlrMC(YY!Hz>usZCX!N1UdE6i&aupbK4wU$HoUC5{Rp z+!=pR0=!-ts$Ls94SO|TWBo?~p)V_~Sp6ZXvV%XtA1igl34bI3aIO%q!x|9nH3hi! z+;nk-pHMW>UwTlSh@Ge(opHO0Q4|z7jy5nbfN4B|6<9cz7%62LAE5W{&Mjp~3HLes zZ-+{>0Qf-iU|Qu3eVCKHvc~7+6$e6>chLd`Ty%13@QUozOb7UwA0+|1f%2c1I!M3P z=WgmSSk!Aml>l%>Qvi9nytB-?aBN_KC6OLfqb$1^AOixdazSehX@$SJBM0DSIvLDt z69@<9=5O{?6Rr?NfAhu;n(&PB-0Bs_EviX9i6kOMH-26$a?pd}q&M*OHVh|678%pv?*Rbk z%XlBhv{QchjVgo1`{9~F8Qp3TI(4MA@QeISlP^qn@siECyp@X1qoUU^BxFJ@b(%b{y!1PSytpJjs!Iv=nCG#?>%^&fOe`!BPWeWl8 z&|HaELz*&tSLhx-nAd+eDudfX4rP~75lb4Y=v@s_6{ES zUFJd!&>6h2md+nnG*@ko!K=w}elsR!MR|t?r$qj(Gk)Y?%mtU_MS`>^uws?T2C&3a zL;r;BhN3_H%?6bUCP0R#U=B|9q6y$p(H~n3B7k)H5DdxqIxAj6(bx+j574eid=1>U z;PYJ%RR+~0Ok>0xXuTBJp$+kKoCnucPFoczZl9W zoyJ$$hB)0+BW&?_Vp zsE@lE|6ll_1o*j%eLmJafAgc7L6X2E%5O{Tu;(v9SIz7Dx)T~!;W;8yhN>hoYAVSbdqU-$g;pUItZje_OS z@gxQz0Mi#j>d2$El=+f-?948vu}$i{Ver;^R2Of~`Pj{%)Dtn=m-R@nZjsDgM_J+T zwJEZSP@8E#hA{ z6AJO)(+fa@&7a2-2&& zC$m>pQh!l_q2<542BIvd;7|XaJitN_tOmlN`Ylck47ZgNtgxI-l?M*;^%Tg3#U5gv zQl)#jmlyxMDnd8wUZWsHFWE?{m!Ag z((>X8$1bcBIdR9eQ_j=L>8k!q(Sj%aIt4%rWbisK6R?<)g^8m|hC-#y#7%=wziL@+ zaV+;LJj6^;d4AUgim!Zip&2ajBXcteO#wd8FM~kk(5>L?I#2_%c@R}!ntq!a1sp3k z7q6v94mpvn;QS$!Iyn}VLNs-pb`2^|s6Zzsj9!P4&CTyAF?3$8Ig z5}3F0=t$*$Q2ut+MbCjnmM(iFP`Kc*&9)UycMP1)y=Nf^Ubpf#w?T+i*koOwfXCet|)CI1iHr`e=A5%!$o8AV5_WXph ztKr`p%Zsm55kQaXN5CVxT8yVZtt?5QO?5JbrLO@{h0fP1E}?oMtKGorl10wj+UawXFE76j0n%x$I| z8Is)_HWsWk`0S@~mueK<4?-NWopjzYz-}lTQSJU^@zBK%t{jE__p5>ao8)=ZMH<di{A5vJ#q zD2X*32fx9Y5Y`|>Lt`cu#4Y|mfUrKh8#QQ5S;hp$-rc&P{00pVt&M#L*&w!U4G|d4 z{?@Q!PvCNBhG;BTWz?0~Evynl1Ak+*0x6LGaVMsnrpn_NgT7Zy%Z*E8otU|tU;hd_ ztRC(oM|MQY0y4A?z+_<0z61>Qf4u!;7GNov42o>HVCu`67I-&^N*MByzR(C)U#eOg z2>l~HA1i$&M)?K^5b9{2fEw9lGQicjhYLIQYI1vq(2P#0>1`vvtjU!|#|ADCv$$)O zJ%i0{7aAaLgkpLDeA57c_|09@Du?IrXI?TO&0g9fP8pJm5K>}p{ZePcO-E9@`Z+{go1Z`Q2Ukpa$@|<0uwS@@c zpu95k`O@p7N75pvXruKXcj(h?Pr!$YZA0+r^! zKn@@OdQ~ZX4Q3H2`u#~#gnhG$EvKr^Ix(6bb)s?0T-lA-cKM)Z=Q`Fdt^<~2e~%9W z)tm8F8ANv-T0ThDneS~I>#kEPQx>f91|lrmm{*g={{CpghTeCjlDM&qx8>Gm1N7_i zJ)kC$-bv3MAVEf-u7YlcB1HZ3XM<%Nh(yGx3c zYf_^Y$!3BOT22}vBH!Oa!O+@UXkjOFozufQK_#VCbFnD|3r9?nut1SXJ5#fpJOdOg zT9zDTB!(%dkKL#Wc*yYC7eh)H`TKEV=^1?%sqdGS0RsR6&gHL6s}+5PAqaT|KMP9$#)Clx zPz7H+L!J{Sjsj3cAowf86Ieyd0>?(AtaV1Mk^Jt&o&-AIi0UuFB`#nSmFJ-pONDmy zhZ?v+7ihp~b+;OCn-Y+^&>5cxsD06BAcUl@;=y3wmJNuy1!<1hX9}3o+Vn9nrI)lU zUJ4*3;<&?`g2k;ds{iIm6;Z=kQ57w%wr zTv`Zt&s{Gy^SW7BfDl|JLK+53Crv3pxo+{{^@=Onpw&lXwsbGY@;+7ZjCHL@ONG~- zEUM0x}~P0eFP` zdpK{&o_kJl6Ck4_xtrH}+o9BhbgrBVDj)!^$wn(+0cR261MK6*QwJaM?OWA2K>`D$ zY$)E1UrKBM^2ETUNWl3z!U3=eTaR>dO;~GOCO~G!5C*VozAdBrY?yeu-lsc|r*A-n zGz-iT&s8zya@}Jz1nH}?t3dB8&uO7w;}xj@y+hNWlqL^P2_hy(^%ogOge3{*cJ9b0 ze`Yf>Ah&YGjWW9g(SK!{Cr9Zv`CZ>p=dv893LwgyK%4QKaqS-k-hz`%GALludeG$3 zAUge;3iM?$VTG^YdCcUpT-mUX7&S^~S!iG42{*@#+}W=S?W6c~Nwn_L091ATEVF)A zxJeG8NnyV3)~dsM*v8P>&!s%7CJ$66nf`cpxjC-igwyrB0tXcR1MVm;0W(bRQ_IRo zU`bVgmZnq9@&&mq0zh9;vUD|=x?A-DhGRmouI&vhBcu8E6UhLjWP* zW>qdLNJ2MXyuXg`4{H!_+8 z&ML&i66MAltcXhs$F6eyx$jtDe24>l=&)omN+i~aXQnY^ZCKu=AS!7^SJTOwV)lIH zAgJ)Ed?hvNFx~Uw!;;nY7rn2C>ehGnFalBox5*Mdl+6?mwjC@5vByTXq7M(+Qei&` zhIhqr-(W0Ag9AS(?~zrUF^~`C83yDCAz|wv*SDU$v4{tMww8siin_%I;G znoFfXC@j~4rT~aP4BmG+0ks6s1yu#v2l*W;rpo$ar;cpA`tEW+_&b&Z5rdgEe57+9 zt`5PP^X~$g4V>Kx2kY$L6j4?OStGE{2;&?LFOdDoIODd-Fz2dU#53(o`4%-*Q25@X z%5WH?mazN4d1p(TP+V<2XM z$Up%@j5u%~wwSnzU6w=a1Dn~@655|Uwzry`c+7+e6GCm7jFmwMa=Y)B% zxbqwUt@VvL&qm=W>|zk2<5SP`;mMzOARY>?Q{#n!c;{Fk{}!2aURRJMv>^v8YvZKb z#+wV7VEd2k)-Z4#9VvkdPoK3zC*bwMk*U~;+=p%0XkG{R1z;jax2F|MmFZ)1UOaSw zuH9G;e67D|m{UgO_0|@SyBGmqKL#_25mA;20KV$>M>727HB%m9?T6kS(G;g*H31 zl<`jAm?k7ks-?M?Eq1{)^YqwuL2k|j1pt}yOTID+Z&?d``^2}G!VAudQlmcBi)_-qEudDH#ET)f8^k6x#IMnfhe&({T>! zp{Y0$Vc(^xrOkSmVLmCf`KIcbG>w{-`#qT?C{$^q*fTB?qTBE zOP6()`>17ptpRmW<39;52)&gj9A$QZ6aEnP23WwrEZ7mS6X<^h_6A7Ly@A`A1J+bu zLhw$6%ha^CgFio0RhMO%(#7p(6kq#69wxr3UrG5h-WU!^na)E}QCtXEQcR{KSn?YX zW3{LJwgB=sGkvl+!yh7fHEH8&xhIWsX?iA70Y|q&_AW@L{ao<_=vOKZmX`2k<~7?M zC20ydlHHeG0&%ZRt8ErY7wH4Ez{Cfm;;H*DX#<`#JcMP6Y#>zSl8)|o-Mc$0rB|RU zFODGhabILuBJcHY!U>(*)UFcvGLQx8-NdQ3Pxg+l)5fvlaRbVxYu+*6AVDWzFF*Rz z!f14+6v(@WUK!yAj3xlQqLE9s4Flh02AUbSwKLpS25^fQl}nDw)l>@V4ZB?`h4@&N zjwJ^^^v{kHaWXi;&puibOo7yl7#t?5gahEFhGz~*m<`2 z+VX)m5n=w91f>tkYl0pM!>gI6cY@CvnM4FFUV}W>IK3VpD3@849o53!g@=IUBi4Te zwvKhdR#}O#byWX6QrY10{r2)`B@a6-aBLabPADXxHtk9oQ!YV8B4keTW7}8fo4DiJ zFI1E40QCw%c&$RhFH! ziC@vc)~tYIwl1&>ckzVkFG*2`aJf=V(CM9*pS`nkG}Czvs>6SG=jnG2Xc++ch`tMS zlBhfwCxR0wI4iO;hz;g*|8~c`+t2x5EWY%KOXSO&w9F0Ta?qlp_>x~Gxm!HrilY`t zdSN8;X&@jbjj*_lfc=L5Uff)nOY8e3{tk(yBi%FwWic+?W`aCn2;&_FHIYH4oHukH zhOJ~uzo_!r)E}>EJf=qBX4%w(?Fkts0KY$NDGk6e(l(iAV8($rQK)9q_4nE?m)>G; z=fWHLh)TN3{eb!Y3>5RQC)cbv?bFhOg2X>$88ViGeN~^3(T-wU$0A#jEU#xgpU(2d zGgVJ|r)|ibRe(*17e=!1ihaQLP20Qw*Q{T%H#r^9&VnP&U3w8s^%gMJQFKszop``m*LWFu1*s9DX0mQ7F>d^y09D)-bnKU+|Q9ym+ zP2DFVlx_b0TlY}@Vxga~DqKHt^TU0t4q@02FcV@pF?GK625*J~)ZRQtE#4nb@ER`h z#@x1YNWkT<3_%$evftGNwxWqtisS&bxxx1!;*NoS@WBg?h-o3mn*cL}-?peJU*cVx z{_-b^{31!V7!eXj=DrhQ5P~LJ9~9X(!_Em^SXKtWC)g)taJ&Ovaw^*rbA=NE@SYap z>7Xtp7>fw0xg&wmz@3MaL=uhJ9EUKjPEsnA!IPBh;a~@=334n4B|-i;z&r_D5U&H< zy^bKx459kp-B0;n-A;l2f86^4bFGBPQDGUzp&zCm&Pvn5WFbfdvfM&By8{HH1!P*O z!B(ilLpZ1MaA43LJfRHNn6cqyOj~|a%!vEpjSOSMhquoVFnY|tB*N$cj?5c0mCZ;T zKo9nNDFY24aU?;Y999PpaVebK?OL&Uo@#4OG`Rl>COj5r87PAbAd(_HkEC91`wacz zW)O1)mxInL1*P$1&uVahv-oIcLyab*FIDnp*{atEU)^_h7APrrqO9L|CoW=C{JGI* z4?<;92H91KTDWkT;EEtwTlGenXw zXQcE>wHbtxq$ByI2*p)=z(v{&-M%--gL`(fj&pbFY&@1K^dDUN%2Kam)o z;~yW{*Q}Tt7|sO6lxAH^YrjDWtG(NjNKurf7fNvqW%uiJwOeS{nU}JJJ=@}4Y*zv@ zsptq48kc*`S%dP~tDhW-Gm1$bKMaWqSI)DJ-1wSDW;zrYBl{^I(-A-bAt&$<9ePSj zi&J-ZW&ek<6(g`7To-!a`ttM_E^`S_yj*2>41PHNZNG7Ra3sDwQmcF_`8BdY&kn93 z2fbO$=}nb+G#lT(Dk$61{vMoPCTRZ0eKXcRN+P^TNn*s zRQyO*pZ66ZYr}8kK|<>>_}bNePue>=)Hl>AnhzVklSvwTNwvvny$y>>Dt;2y^W)|h zFW=9*Elf=%E#nC;PU>Z?nzj~wAaf_Y(bGW|$$(UP$xj~&bNmv5+{EvG?$W{Fzg=Gt_MebW*?jgumzOnwF z2xp_zqZ)f}@?8~qFucoO%!Px56O{OT&cp$5m4fuU&_Y}aMSj$#ex=u)6OTB^Mpf;e zTojja^FiU(zJ2$01e@4cwJoNdk5iUGi(;+{>CndGP``|_;Q3nhv&10$E-0`|og8M) zb;P?q{^LU5s$E#!Y6DN3kV9)fsEy`-aa>Ja6*|sOk}A~v#i2f)0x`vP{nvZ^9@R*) zcIM$y<0!?7tEOj}7YiR3yp?zl2|A4{ROjipT_#Ry?VxYN?{VU3?SHZ-)N&{-Y%-Tf z6T+Lt=*!mAksNNNcVy3<`Jc|TN*NXEpqCoj5Hp3r#C-m;DT#B&q zB}PaXT(IM|j^;;UIyXS1v8d9V<))%sfu$j|g7+$qWq6(agx)zNjem6zuhDUfodw0$ z*-r;fKNfh8jq|Y4K=Cu&ar2sTar2QBR%7Z5x7rL#-!QFF(3|MQv&lZyWa2xb>bMWm za#muOcm3r3I0Knu@D*)y6}Q`Ce}wxg>Ffun$Gs15)}6U%y1v;VZE8~LTCNnrCzl;A zPQ?LT_1jA@SEfKsAOwwws6q9;%-+N=!D}H5;&MeEdvWgkP|?|)Qsr_Gn6kF4Arij1 zEH8_eKjCB%cA=Y|4w_FTUy>KHfLH5tijQ zSw(c~Z}ql1mclM%_NSbQL9OQ{*0V2dc}O1`M3{)l-C`iM?9<5!x_B72V6=s`EP=Ed zWD#e%IctJ8dsoW`c6M;&@w-BpbrdWfC83_=Hz|JHkedp65Mgw5v!qp%`6YUn_V3um zGrp$A`Vo3if+-=QQG%Q#O(m-8q|AH-0m>itg{Dv-l_B83<5-zaI78fzC=1%Jy*E7ujspCLK%!oY+=q={$$p*g5nqnH7SAs{x1wsz ziULLR7qc4AQtrJzp2?EVHv174B6T&=+rHsZ<0b3%g0&tI{sR|k^=r`P>`6ws_t9#E zup55q$F`HRWlY|ll8!{`T$%&bPjjB%sneQ7(X-*yzimJH`YY zSIPg)=3Ki!R`o5h>&i!~ezWCYpRQt}7zaefXVtMOr+u#Qv8)muB0rNmmG2X!L@Uqk zbovR=W@#R?fB#U^p>#IMcJ|zxTAcvtjarc{E%2WCA@Z~%94bB2YLwMb$nrT|v9$VD zuPW1urYx^m8q%EYb(8nMGel=B{s@m@AOzu*Zo50QUF{!A=`zLIh&U^jxLg=i#&+1X z+Nd3f&(Uk@M%<{!;XM_PT9=rB_ibWBrAnys=Nsia=#s zHYia=+>O`AKxhCH3|VQ|47(efLxQr<>39V#xbytCF!ttbE%mqDL@&*pWQ>!lJ zWd1+ibSK}B8|VG1pRDzJdF1WU3-Cp7v(}b$QR(LBUh+AdC=mFwR!GP;XIVml%<^3q zwK-`vv3hvRx6Jc|mVl*y?D@o2v3}+t#G!^puq+2&B~1#ARZqNqV>05c z52tf~$c*u+(lUdX2j0r6Js;aU&Ve(~`rKOlk@K>xL>bN$#gs9h4jTD_Wf^oudh)|} zDplfftroR;6F2}B!F0mW=_7cV%(doeU)kN#wmf}M`;ld_?2q?=l3-VqJJ0RG%jb82 zFWW>2fovH)9bXwCY~jDhXh{!ULY__pP-LN-&9$Uc|5!VvtIiHlJX>ml%)8S$JoX|f z1Y$~53YQGxXBgF15zrVd#yHb!{lyKTlS)&uuq58wX;(v|$3)hC-^ZpPeM>6eEnRs6 z&JX?xO;Qwd-%Y1Z{X34jGAdy^(f;PtSr=M*)g*ixL^g4Hhw3T|b;vk!I?{54LyNW* zz23GS0Im^n-+E)kWo%j+V%t-G8$z3f<~?EkoWJlva^rBU^gzsfr}WgPfRViP1=IE_ z{o<~fNaZ1e`R6YF(m&t`wiGMi`2NS7EH<0n0x^b_ob)J8$d zrA1+7{nTxyFoYwzdfxZ+mCTpTFqjzs{0dSyP;UPv8hX+O-|kWOsHrQ|eKSSrYi$dG}F&k~ybI zYcio!5P}1zyzIpvCiQ3@$o;n1Ws142m83X++aYa@fdMaM3vq%h39jcD^Fs|=I|=YTX1oqLn^4=WrjCRwlEA8~$m zl3d*Rz)eHyxUaYL8GDM&$j2!@*R|x#LjB0Hnbd1W`?CAyt36O{&D`*)F@E80qoYQq z#8JWHLc^vK+ku@v8@a+SNzz&T%#vOtKbHCxEA+-5Y_RlE-;Y)TTVSA|6Lqb)EfkKM zIdG%|tw6#g4bJu9{my_77Ogd%7#n*+M@Kppnj{CW-#z5hq-CakeZuuDh0auM~N;H15>xz(L^8=E=&K+03Yhz*MQ_w$=p?*V=X_&C`9E z+0Msx*0)yeJw?Q&c0#t7jvRcMF|$!+Y!d>*Z|0#Vn^eK_twMevoFxWw`atjCy0Z~JU>|}Z%Ti!_%ObH zvtzQVqx?OeQe+Zt;73`+T~q4Be#4jf&{pEJ`WAKeNgBoa#>dnwqQomA#L|2xVtEb} zEn8DHWaGKfxXpQAIABCx-1xjIa!B0zdGhD82zi1_<>gNLOPp0qwk;CpUhHqC#5w5c0M}};t9+-a?-PfFSFLNBuy*D2C^?T7X!AdI^sPrDz zE}u0wlD6MCP^V3)_7|HRLtVi`7vfW^I}`NVQnx#edb{XnQ>qugp2~Zy9Q<@zUgu9~ z)}NK4#Ej~d8m&-uz}|AZ7*)=EGsVs&aA zi0DwdiyM_7{K!W|&}+9GqFmR6Wcmzdyz+l2JUh$)xfL(G{azEvtikE8@U9lKsIhu2 zXC7<B=&YjY||b(OeFUS+|rj(6Kt=LE$vA3DyY}64L;zW>gI}N4IZq$Cv6$<(*Ms zG_$o8Sg3F54HaliV?#aq+`-YCAb79nr}f;31=i3&(J5|W~H2_oGouxJsG`sT&`JkPuL zd+c}b5$LBrvzIPQxb3P*KBL7fQHh*xh!0BB0^oh%-FFXdJLFAW zzCRsWY&z2cYqcn)e`?}L7eU3gjz1l9pO zu+hG~h5o0Zi4ktg(wrj_??|v;Oy=^|UU`x_^KG0C_eh1lFpq`TqPJUK=0{=hXcjF@fdKn(qtYEA$LU38(m%=Fv!R z2zqH@iK7^1YLi4M7M##7fv54I-<`QYuPafS8<%>n#1heRv|8}ASRr^n$MfoV;2O?O z$``kL?;i`pWe^#UDyc5fCD`xq@Q%EKWBG7bkNEp52%t?9PVO#++!vpDC+D>}(8t!I!0+&Tee2p!>ob*RfaSdwI z-2%&4o$;^VK#{}4 zd^eEzZ&XN8)N|(egB;+*|J6+iciezpFU%hacjK-Y2xvwYEe7Ev`7@%kZwjuNMl&vX zR&TPSYyFbqQp0~8{bqeT_RUVv@3`PJg$Vh@yCZ#6eT*m9*g8=R_QdJ>(U9hfu`%1OAHyc&fi}rrQnKTKipV5)asZv3@_UoxSoWJ*vNow`xi_nOK*+^!TUyp)!%Oa<#^1DAx(Sc4m+hPQBEs|%>*`8jX;2i z97QZ~()nFRa$=lUErrc*lajHC%i~`sr03gdn^?(*ba#dke|ghkrz8t}YTOKocsDpH z`1zS70z`Angwz0rB}HKc80N0bXZ~o$768wWeAXJ5&Z8NZ{UJ663BpY&c?{nVN8Oy; zjp3LI^t=v$T+S_byHT(-`-{Q9b8t6{)2Syv{I?*kZUvQ?pr32j5_oj7paK(<2qm(= zUW*?FTE3`@0)&9K_wSMy&iT7{Kss>F4R|%6T!9gtfX9vak`aT<|4VNAE!q~+C;~k- z?|3l4TH1~dpVn#7RQaLV#y7ZcTE3Sr7S1!Mzt`ji-7jIzWnBMGJB%KpBNEV-K{sPN z{T;BVC^^zSJ@Z}@NEjpkH!(psWmmixse;)myq1za(2g3+{BaUsWZkE2)W0xX4YbEY%nR z=OYQ9SFbC#PgEXA(zY3Zy5S|ktMy=?=zUQ3tgyBs6-Qn+Yq(!t2~`d>j)^p>3Q@=C ztf&=zFpc{mvmKlgRcX=x)*ssl)$cC6CYTDMAu3m|*OVc(^=#%_AD;Lvo6%W6*=0?m zDoIKZOta~0=|(_`iu`lsL;#k)+y4~5y!O9wxvfV`=%esn8>4;IqVbyhJ(MygGHtiI z*uio?6Fv>fXpbctjbFQq~-l(@m<&adfL{7M%6uU+P0y#;LjdFEIgLb-9&>B&^WR$=S*sk}b8klu&ByygA2U7uV2=Bn@_Pq}Ej00m&tJRs zOUt%oV*!Lhf+8A-Mb0ux)zW1VM( zaJc)~Uw4toa^%p^(9SLe-TSG&WheA^9=x?fd`YaHUb<$1UhYEel6IMGpGdMa2OQ;b zN~RCdTX}AXzXY2xxt~4SmlcwET=zJAkmvf~xjV6*Ul~ttA_K-Ur;m<=aCI^upw1QO>OYhG@05ginZ<oU@pul`Vl>$%&Rv{fVu`pn(ma)iWZytkFS zp7*2~YA=+SSIq86g}=ir=zKCor`dz%VbQd|$ytaQNbHzjK&PLt)8U^JDu9*+50d7u zzb{VkXM0cY0O|p0fC|1-h`DF|qlEu%OlIWK5yzV*&(yT({86>tXFo!mc3Y)v%>IjZ zW~4-K$^p9D%N-{c3B>ghyj1 z4Vo_J-9Sb8WrGCV_{XjYtC~lc?Vwo@cr(DnQg;=QjT1IS8(ahLf57-V=i5pwm>OjD z)-FKfEP{GDUK+)^uRzULNZJ)!_7245O;#tp;=dnlwd)8wQqFiUb3GTUl9S$U7~ZrP zE;gp1$@G!Dfn3nhZbYs>roQ+L5*SC%&?kUn=x6Tt1@8no91->A)bQEr^Kiff-MMH= z!2jYlgf@sGhH|DZ2+o4{Day=e)Hu_c@jwFY^+S&rUyXPpa^AZrTN^j`qhxy0DBf*JrQT;zoRDr`4jQdnPw{R?w|4Fa

^TV??>O>4gjRZ^Bj&JCUN=hpxMGKRt^XY9e>19VIQf5BXNE?sbczj?~ZYdK#|1GcAuY_~HHoA1nkL{AW zPmJQdjBnQ76d444)#LTl`dYyJhU|k<5zrO+sHKbGosVoi&*QVMa;6{}7NI?}TSjex zT#Hkd-t?{g=g^t9YDOz1!GV7u${;BolF0gv^7YG`u;ARceyG6&uY zV;5=_wbpi-<&;&r?BDQmV?&x)U1osj*qBgvH0>hKw|~ow?^*2pDSXKr9q4~e5~==iiFSk{Ax;c(x)Pb?(^YRw7e$A zU$hDi@&h0__`nIht-O8HiYu<8F{lNmVEJC6jubGF!I5b~6AwN8MM)Fq!C-C4|AX5&q4iGWI9ePg?8A2fh>*B!5K zC>?l9*3oZhU}N!U2P^&bN_R*V)joU;4Rjwc4nZ5vMUUWO)6k-0t5xya`v=xAmsWkv zru24+ulZ6puV_8UV)5>L4W!%Y5->9_NuyP1peJF7F#mQATpmPBr*Wmvu1mx5o<2;x za=cO;%|+K%)uwJy^45xO4WGyzoJy>tRp-W&GVhb^vEQqAf1^*ubxXJG-GK)Hb-fX? zNIK=z-ZG$kBxSnzrw=*TcQ_-tYL%Igi5nm#iKF!PqByd1_h%*{%1>v9Y31U9iu9j` zK`X*7dtU-0&*f{Gt^Iw84u5P$Gr?^g+qN~^Da6*N$9O?_yAfn=WoA2z)!#e$C2+@a zn>oD&$xvk))hBNDQC^@r|mj2K%EfK|Uc%8Caq-;D1_3CjDhR7j-yz_{-XeGJk9fd*HF zEJo}gPb8d$7-t)#s8?pa%C{qa?GEkljcJtLYb=8upKV5Hd^eyGJG;zv3oRrvQV_4` z!|8G*%)I?ald?*ZL6Ia6n`GGEw^EXup*1>eQlY9UqNBQZU-TDouEISq$^Bz}0~Grnxod@YFuG<1I^(fQ1ct8j>zCUiCUMk6)08#%OlcOAs3)9#<$ zLB+AaFdFI%f}PnQ<@a*1Gdm}LseB%{WQNkH8UrCsk3puay}F?>rh4bI+io1GbGIgI zh|jU(sj=&BU1*Vz*J-xMA2;>!G;>U|Pb}+h38bipG-IK)wSuG^Mv6D2OQe2txSZC~ z77}OPWVp-2qZ%&u;hRBd0O1EoWxCxvD9D&)*On1xZ!yxYHW*j@>2rW!4-aM7t*ceu z6!e7`qi0zpgQ?6o$F>z(4&0~KW2c8=Y>Q)wt&+_0)DqNI+dZ;v`!(EDeTw3ruGkG}KXVL`BAX7QSjWhaP- zKzTW+Be|?@f9>ChBY2FFKwuMa6RA6W?Ta)RIK(ilIdELvDr@rMvqgC4V1Y_CTr{c# zvypt0^^sbujUMWnEgbn>EnIlq`wp&5f$N&aK)o+S1U!sexc>~f9+a_Po_m^l{2#`Z z1|?JK$0*eN1J)E6Y#x z{s4qpp<|Y+MSlxKs^@Cvz5xB;Aa(-lB0I|&u@vLYV`=k7f%+5h+kMuKC*ZdV|M{&l zD?&6l68qggYoesSUNvKMFXjY_XQ=?Nz{v z@IBoh90-4i-7{<-%lm|4^$+3QyZukW)N6m?f4(viCFJtZ;pPX(^e``t4`YO#k|4rdKp0_IicR>Bo^jlqrTd;bkFxqVS2j3oEU%`r@)Z2sEPo=k(2*0Ye1%~j_--*jGs5(d1&f{;m+OHi3AA9erfBk~ zX2##a{e!cjysYqN22}UqFJ-E~`U$RsEIpjQs*p18x&eNg zJ!$QR17k-x^cA>38i=1NJkuX$;S?th=GBgS`tjNA>ySYH`#)+OBa2V&1cMe;KYTzI z@rW0U!S}?@`YTu+fKvos!xsoA(-00{L;MThEefsQwTO7&jflu^fp@WAmrYO&jNb^* zxWS03rn8-t$Hp`0J_Gou49?&2gEf+~(0`*Etyqa{g_r>PtJ3VEF%HTYGtiXf*Wta+ zW8B#*MOGGTm&^K9<>_dI3#Ta?ws+}xe37xC-;)2Jum3}sueaL1UTY3sVtv1TG~5g< z2u6%FE46?I{v#&92d?z6rUIvzg9D1*gWfQO6S}dJcOjq|O0pRBi!fot;*b=z)RLU6 zqO`3onBT=er<_BMc?Z_FxL{0xw>3vC@xGkx^bAmf!w)6uE)y`#+bWNUP(#4W`?gub*IQ-uw+3aUsxU+=6~GQ4 z2xXO{+Lp7;WEB*yyBvuxP7V?k+*=!0_ir(rzHWRg-74-HU}3N>S!r^*2A*WJ#!3>=d%kswk14dj5| z%WuPP{Jncqm;~-5_}+{q>Z6yW<)r}W^gqgT)v9B-=`^KP55ZM0ufDJb1^@nGI9N<* zP*}^r)+U#apGsS;pOL>$G^|;#67)|3^P&gv>n!-XUBd+2S3*=Z*H+D9 zY`Wi@OG+i&D9yH^1H4%fxNgIQo(H2pDpH$e$|bX-L&tVGOIrIA@DpQ6Scc!2)C&Xm zeqQYcvN~;snh^K4{G(8z-L721jIx^)Bm|5e{XVR3R_|sTsYn>?$r;EVVGrUWow>L~ zXVX$)6qjXWFdQUe;PWVc^azmk*DLpZ70-o66CM{=L_LL&6|o z0pQoZ^>Q~jd0!T<{B`olMDPRq;o5H~_j?qjLEp-#yxu$)c!Uo+9UoC(t_AkXrH7u; zSS{AfxhxQYS+w^_=`lSxbs+85r!}c-CCYTU!=rsTf3!U7^w8mDQM@4-m4?BugaxQ1 zpx+^&;NRIq10!vT5`}d<4*!3Lg8Tk|LBTNmOIc20>!@4VxcHM!#>dmd?v6?!kVVDE z^t%&MY{S&e4aCXB1WeEtacCrD9Zh^~opEKIHa*%9d#N)(!i$NB(pjLJ^z+TI(GSjd z9j@XVyou?N3#p{W4hC78@p9>>W6nhzG~!M`LmzQm0@^e#Vq4j^9rsOT_}O9JzVC1R zfiwEq?#$YXZH2Wpn$(NDUpkA{abYL;2#>*P_At{tR3tnla!d|F%x^L%nQ5n1d)+{O zbiZ|r3F8Netdc_O_>qzzVdWJHVic2Ozmo>%U;1uR+ekYb+}by_bfZJWv8b~;_UIosE(xY`+}J&CdS^{2uXw75BFrmzQvdyxi4%+o3^l=_(v#p@$uQ5(VFx;pReq zdMK)f*xN!q(32r0YI_2AA*>GPlx6+s>vfQA(ZVWWy0^wxE#n)Icf?g2y-{1|WT(M4 zLR*VZT~~{jyD-AAriWKR2I29Ci?hsHyF)^2tf=%1|6f5gtgmzVx@D$9CRpkjSh#3k z^s98lMkwUqEa?K*)^<RDpwN7rv(rIlRKP7j&KP}ny4U}GBAhkFpLq=aMlrHb9R_j6be4b?_ z)ts5!7h#zS(+7m)+fi|&`>a||OUnD&z(rq_#}C4CW1`<%JAGlpaxSt=CoC+;`W-5^g$1%S+KoyV!D`AJvHW8;*ycddbfv z#SLU>b=?yruEc{fkFml=O<5uIuN65|_P@)4qOtG>Kp0PH94pjkCl=0sLT=fW(F&;0 zSUMyzNB%eF?Eir1E{_%t1D6XKmi5@#C6_uzY_gu_Thbgm{#+RMoG(7KXq+YQQ!a&6 zUidUF*DeNUnC5Ehxk^|+0d=|~7z`V3eR%C-<- zHU(uUbo`NX&Q-1nsP%L!ea>?{Y?3Zsp&c&7*i}L3`b~Vdl2rl?3ahYvLNt~)`e_!d z@#C>1l;?y^wZFX2ECo3N% z6-_M^%PZrMaLe%(^f$*CRBBZ`2-q9p&75}`B3gQc51zLSNEdSH>ZD!PAqS1&$e3Gy z;fgi7GM%4VSa^NqW)vo?dfog>{qd7-B#Y>^N>;58xA#{13cIU^?eaTQI1nyNo$m|8 z;1>E?lK&gUGqfh7Y8cVkl@*E%F(bZR{#9;88ib$-Ea39JgE5a^LDOTNwn34d`G)Jd z2?UM-zJs%i&w4RQ@e2c6kJ*9d@=GzxH4o5N&F_54YV?krSgn8YX)hx>>TQ5sK5l0s zFJ9Z;sKm6IXe?42^-S%1B6PUe<5$ zdF(5Idhoe%iu(C4(FB$orN+q@ukL&*%mPK%VjH0TK%!@I`|AjFA+4jMQ*FPlYBG|b z`-b1*AwHcfL}Sr&qW@v`byJ?kC$*&M8hbZ!X`j7&cf7`*UpGCBZuX$(;=gr3HA1lD zV)O(8O#uJJ*(`8E5*Ih^Mi^F1zSQF?I%bbw;sM%gJQ9>TU_T_4USd1Y5+WoLDKc@Np_i;>FRerC0v-ye5qeG zoX}&qVaA|=r$_(Z+oEVwLqQ0mZ)4_V*M2k1xbCztOQQ3@19wF+ErOuEDF)DyGb_~6 z=!=CL`5H@t76C3M^z-Q|vH`bWcRPHn7Lm@+wlRD_!49A)hQ6d{{@6zyvA-urNjD>} z%W0GFEG;smDw{r323fQFE>9lx8)1M%W-O-=KNr_ClU(UA1JBB}K9Kdbq-5XxFCxk^ zA`FJDbcL~3hN>jaY`cWrGF6Y3KWxT&i|U38FjgQoy@^fZW0-_Zl1csdme~V$%F>q0 zi=YR=cNl;VQTxV|FvN_!M>{h@z=91lLPp(dUNd+~IHSZ=EH7 z*UrWNAeB_212E;6+fF*}Ig)fJeXBSYr|0J<>(l4&XnB8iXZa2H?t#_pJGYb}fJbA4 z`pWWA@71jSp3sb$vlnLlRYDL*%mp+#Hb-j_e2TL#{p&^c(NFZ23;~VQj~8hlX6Kq% zH9wM?a(68B3>uprFJwNg(ov;Ub#+X8vCJQ_%GqA!_>pN|9&^IoHe|;41p|Q52#F+l z@AkF4&3NH7dzFjl=<63&QlrjWiM6O5yC-EP7v44ztRJ>BlTSJANe4xsWbQWkFY*b1 zG<(6eRr9xJ9d=Net4iUEGKT|Un_2Z~WR~`<(Gh?K-~9c_r%|kWZQrt2W;d>lXDRDT zo`;NR=AZK>7ycQ)1N-CS2vAH~Js^RJLI9CAO=mQf!4YB0&wrp>VbyidwBz8m*2x`{ zUpl;TATmR|4&NPD8iT^bXkUIiVrE9v%2ee)GU;JwV`Br|rR;mbt4{!NS!j`7d(z^t z_tSLkt)Rxf!i~|=Mbia8bj;f*b!X_q)0qdgbvtLWicya>PA%ECmbx@?f?K=a>on=H z>b|>oV~H!Okd1;c%?;0L;o*Y$6kTnc&s}v)3*dVVI8|qoVL*WPl1`ZgKHse13?;~+ zbw9)V*^e(#g1&or-Xb$sx1%YeLm7#Fok)n|QSswx7HWTqF!Y{}MF_v!cg=7XW1p~V z{9N-hwl!LCfdwma)=!TmI3-bE>z&4$+FqsD*^9-INyoNTI=^UuyPJLwef;Ku2|JwS z8J+RI1(iU5NfyOuL+m?hB*sQI)@D56YP&i;GCV)~`?T8=aueT+{!AaaEg(W!4Q_*? z;J9kh$qn6_x|8i#Xm`$#;Js;LxaZMe2>iN$DkzDi^g@aGUho=(*M))_($}M5vm^_p zoq2aaooa)V>K_{LU;|tgD-DV2-B95c*@ZCmL_O(*Js|mTBO%w7Z@=4qJbdpn|Lwy83K?0DyH})Y z4s*1_9a`ndra3zB!*I?&@vBd69*_?7Db!4HZ4TJ8*|o8x=#)bKM##>1}{pe$meKiE6ArG;JT+ z-Z@X(HtQJ4IC7f8Rzr`2w5RQ?9@UvKwLf^l$pVKP!1}EbtHr9(IdA{=O_1Y z#z8(f){P&RtWc|$ZyJ9S6324R2ptL&CJ7DRxtsXD6 zf|hReMBuBqy>9JK`kJN+>NnXW4^E6BkOjl#2HE1mMvy+k5DB*^PxN1T74*LnZ2!Zr zZCC%l^K0XVg%nMP8V1ooM5;tD?)7W*cl!P?H&7`G9ai9Sui;=|cr3l{$wBHdT>o;v zJ0o$zi)F^rU1;}pZ%%w_QV?+F=()JSmV}0;k7Yy7Lc2I6MhXMRN&hXn0m02Po#+hU z#(j2n_We{RK!gCazJj#;&s&_>(4hh{QP7z+Cn$uxdyP=_^P%^{__D>qw~Xjhck`Qj z6rJ3q+sEcAd=4{M1HaMXj$$X*XO+?eICiy{%1bJid*nef*Kljr&Y#q+d)h$xuAATA z!y z>YD%$kjAG9PRL%049zfM3Rx(5u^ne0&Sb0q@HBYUTRcSIZv#Uqg~dtI=C7d=j&q@U zq{0i}*&UDM+UpS$%2eRLRY))-?N6p!zPXxw;m!qE;=$XH#CJJjg&Ax5TRyIB5C_w6 ziCShSJAiZe}zNBq+GnD(rbl?kmCN>#SX|bap%JYiYgj`r{i?pP()<5(?sfMdzNqTGlu6fobv7PrW(~uMk9c~B_=@8Z5lPx!UO!_69 z#(?Y^DS6qmV1hHre8x5jned9!QLjppxaZyGymFRtFU}+AP`vv|C+R-C`<^qaG=3dU z$LAZz5BAoG)N+kL-ur{mgZE^}*#63(49Z!>iY(jTzwk@)zO|kb&Onw*dpnL>{RX0EQvkf$mFsq#M60Lt8$3)a zKmFIex7qGzu|-f~hl~irr}g1D><&DF1-_#Rk?|MXjY~5jTL%~CHO5eU3D@ToXT=N= z&0!6_zN~}VlGy{b$`K4d6Pe^!8Q$$|E4&Bm`J?YjsDCb4LzT?Ed(1aTQTNa@9B5Ah zJ3m%3q{I0NZ*?}wZ62$_)8DJKjv3cA*=5hpx=&7Sk)bd}-G664QpGkwtj+H!Vy7^o zIgf4Ytll78-+h*p&Xh5w;rdKNvOy|FLA2MMd_8RGXRCNSmHKi<{lg^TT+k^J6@8P2 z-oI?|ie%~zGlVhfiOws_l8Nee|9Y=OUUJN9sZJ)+s(+;UB1yp5`zt#9;IB-4?@;b} z`Z>!C#Y<5! z#>qC@D)9semBd^l?;#CB8w=Irz2&8abBeU`e4;9?qr9^HuZK4+dLzsNiB(SO7gvzI zB|2Ps)vuw8GwpWKhyCfLn&NsXeCPSQds7>Wy>Hy2ZR4JMp@;KypS<-uW;;Ia$XpJ; zS(0D{D%ADBd&jf@kY`$VTGVu;HT-ih89r-1%-h7ygpXrR70`7t$q)}sl*{zu5_)i& zAgbgM>3J{9;_XvNyqa*3De*T^#!c?+ILJQ>(Pd`F!(j>9%?_yy`=cWENhXOaor#Uv zQqv;&`gNa{WF2f$Wykq7T0i2s%Y!E>xX6Cd>mC&SOu+Z_vub;NH%JE;$y1ydP2UM{e`V%N8t%wlS;I$ zv&Q$+a1>eB)hD#CwcEGHCk(C?**P{!Pq^D43L$;2M(^JbXON%y6s0~`hEOk2pniK8 zL+77tDo=E$SuO^#mwM{<8E+s5+mWsloDfs!8Zj?fzaahVC@hIK8jEKI9t8=>{Q9V) zWJBHO!>qcZ?h*vFk1Bay$oC8V2+pXyXxMw8v6aJNr#c1 zB&b3XDorp5IhY;mF9Z_b)lSosooAgZ8!fsOV3q%-()jpl&U4Dy{vrpl+S1QL!cYz! zRjcyaxN}YoZf(1n3{OE>RtH_0cG5e&J0=|t)^4jG#Yav}P90rbTp|Z|{Z2L!brvp4 zni1i`f48kyZH(8yW(7vv!P5_MKpbyW80R>geQrOo?D@!5;W6HrV{q(JVX;rHd$7Tt zKbzMyn<-QJ!%nN%faL;xBm-WksobX8%kH%iMZ< zVQ`W=oTtf@XTRZ^vEO`gYFEu)<0?s2+OK-+4S28JE|;x8;E^=(Q|Hy(=JQ*6sbs>c zhTiUfzby9=7dc@QyrWFH-Z0qI|ihRHVw|BE0}{gL4`Ae`%Ic^Sk-M;S?hAJ z2vHA^1cWH!2<}#8ProHi&wEqaBqvRE2cXWrM*5XAOPar(2+CB6FNF+Q{&&R{9z~hB z42u>S82yu*;GME`OT9e#Ht)(u;m3wY;mavosp>6X6X98MAVGB& zep^UE7uJ>DO>^>|kQtLB@bGrW4yf`(pO&xH)LKH;(YZZR&7#KK@=;LvB zuB3Jiei9c5qB$u-r`P@c;bDG|yZuV^lWEq=9Np$Gs8nY(bx_7P=;>#vF@{p&2(yBc zm8Mkoq5MstSwA(b^@(B)EtH#a)rC_$5!|K;%J5`!5yPUNlfo47_vW$fkD)Z_5c)W1 z)KqMw#V}7UJU$MY_$8*?82Y$I5Bq$`Bv_hrxZZ;?~RK z*$Cck-K1gy%dUt5vm7Vi-P!L;I4Kx4YEl10eG@W4ly3`pk-en@|85@s{MO{?&V+w{e>v)E><`AvL21M%5lTyK)Ez%+pjwj z_nO7hNv6x0O;Fillq0EEa2bipM;GI$kR*?OP&J`kbUVKiYiGDlS8hkQO~k@-1c!j2kw&c+0NV&95OCxem+-K$15I6Ht<dc>{0<9DS?&hlKXqv-D6n?wG;ujwJ~Lkk-B_M4fx0~Gy1R~! z$(B#}m(7>*h+KwaWxAQnGLzX#kEUnUN+ z%Sw@8i`l;;8oAh-M}Gwa2a9M9!bk{uG$tp4UCnut$$3Y7iqAYufLrkmD+%JL02M8= zCtH`N;>fhFBeU9X_)=K;V=eGKbRvJSpkHf;wQ(70yBaG|954NeD2q2}s@gKb^hDPR zJdDHxx5YmbKFF)B$_qk-I-0vviv-vBkERc2v2le*LOjI&6!m&}s6pTBfQZDwI@jkB z0~gR^ulNivr#?004o^K+#i1EYeOX~+>n@mj{o>bO@YHd@&={@Crtr}36NR#*qso3h z`{lyf$f`S;$%G!eA@?nQh~aXQoEh*W5ob#WQDyNW)m3N*c#=r5NPI9!$e*F*Dr=ZO zSQNgFCfS6%NNcp#9v)~)B+fvX$&rIk@F<6rJuzY-uXHo&^X1R@9X~42s=PNgR8fyR zSH8G)bYB=YEkLxvg6mBa#VCttBC4+S71&E0Rj0!d?fNs+1&>(Scn#+~-4tepn zDhsb6N*#lsjHU7%3lEYOvySOq6E{NtE5NXIVgzMixxTCFvB0cvT$)HTZ@VDB9`$Xl z0GNSqm>ISvAr11JMr%!XOc2vVvdR}=f9B;2XXwHH2rPVKWw;W+dAH@NH95BUvvm!0 z!aV}aO+c-EJ-gJ>cJTF;=>@s&N=t7H_-odzBpC9Twuq ztFXc&1qv^YR{je3k=N@^7s|qp!&N`7tnJR5cl>|c?S=<$`qxT z2pQP?JcE@66nUEg=pu~X_%4hmS4K!f7XsI#QUoJBH>QjPqQ$zG{CF%Z zGc&nFHU}J&7aMPDOyWtwq1kN*K#rP1scmTy1GLK@L1%JUBUTa3Ver}iGW^NYs(d>C zodVi%E%0Fhdd2)+Q{I5oP|bjpv%ojCqT1M;(?AVa!E`@CTZc?()3mLnwiBWZNN!w@ zGX-0eeOquER)(y%z;qOzaP60XX^4M3(wX;sy6+OWCaa zs_T(j{S#hs$OBVXrMZK@`#=|Wy_sM#cMe|pgH67yD1svX`sT)^$VfYUPCY3|`!GMH zLx@T@lT(;sgn-P{EVNm}GQ$F7Ch5AE`2-HKeE;3#->}D~%5!8re{Ankh}X1TaMbry zbSnx@8D#a;867pnQR~`;P;0v8{zke~`e=NrQ7pc5F;wEj3-*C#*4m0${nF+~Q30F3 z-k!%Sb{7aQ>x4KJ?rw znNwj5cXVaphD`UH34(UoH&MKVsOOKuUF07G)9kUAkJawl0>c(5zhDLwcRB-?XFNFT znMkUvSHRv!0{x>)zJv2aYAh@R`?JQ!i*^01w?`ROacOrs6PaQ})TE=JJ46RlEjc=| z%EJXTqQu2h|Bu-Vz_ahG<*@~`?*Y~|)dE9ijLp4ev%%kPk*@RF(5Hddd1npxO+NId zAQjp_o%W7+I@mn;IpP(o45o;anfJ7E z8WrDgj3l1zQlqv<0gdWzra??c0<=4x&6hMV_g%}W+x%GcuPwmT`zrip-rQ?d{w;!2 zL*`z^LH<0CeN?4{@YCSU0Ws-&vxkjktJaDA!)M-5<#e4w)7vg$R3}F=*4Vs>##Dpq z9Zv7*c`cj%C@eoQR5n#e+Z*~hR-gf>+vLn(4H*aP5g~)d5%$*T#!y}E1#i^o0k?F6 zY;eY@lBj}Dlh^n~?>4Y#at@;Q;zFNnyK;1tLF9l^Zi{X_k{0IB1#LWZz&!d)K`8## z=t;)7hFxHKVz{{K|C=k)ir@7fXk__h>{#}D?ZdQ0l@oWiq)&?agNX+~Vp#R*9*4P?hM}!;l2K!D=7=NWzSy58g853-o$w;!ZD7m(^ zLp{W^aqT>LPo~{HV-r7I1sqDU&dxDV&X_L{ASy5vE|DIS!#?=^JFG08cI$Vl9;|wR z%XF!F$bg+tGwG>~0I|@$?8hYkI4`6qVk$3}(z~Ut`%+_a4l{N6?m;vHQZLJyBY+%q zF)Gx?f-M zv;K1kqlW5KwpF=yql+W<^7p7_-E?dW9M1r-2}YsBW7<=8RUXOp$9T;K-pE@XAloqiv7Po3Gh(}omO8OOGw!pJUD$b_N#+$VvJ5h> zPay<{nkTay{a^>CAeAdIG>09bMBvB>-;k-8$5{J`?1k+6+Fc_L+(r2y3MI@Wzp0)%+R9#gX{AjL$^} z21YJ!&jb=!|GH$Y)is^ zdf3KH!vvzxOz#H(FHkMx)jHknOyKC`*p`9fU|*>d57?Z`u<7wborNgyj$m-QRDI9H z9o@?GjB0>p(@N6n*H&yXy9}Q(tYQqG@yNH~5TQ)fM<^Ub$$gHE%g<>}3cmF}4UmaR zbth2_O)Dmyi^!_FxHb?w77_O4Q1-`Co(v`nBLF=RT3ysO4{stB&g(U_xb@XB zw`cXI3===ANErv0xGya&$@Xj^?(!;GBk?hN{0#0ja~UlkHw@uctvjnx^R8-a6)pii z{MrUq$`XT+ zuVx{!Xwb5MP;%RPXSmU^@6c~$BX6v2 zh{xqE22-CYoGa1^QvB|{ns+mBE|7s9O^>dnzr|~dgM*|b>#x20)tCRCK{_6QYtq5p z!M|=zH{Q_IF6BtHf|J7ZEx>9cue>{MYus#ObBqWZ};8QeJaE22cisG{b z^rY>|M>C2gDKgVOGCW_FAKayLed&Z+I?Z9f!o_r34kV< zyt-f>5*_vS_fK=FGTOIf36&ZcyyfEg6%u_UB=lqngYRFy$tYvHCs6h^#B)vSBc1o} zf!Ll8tc~r~C!A4gRL|(%S6^teRclixIj@CxA?tXh!zob+AHRd|XM>k|zGh*8fnKG- z7}o%o>gs7&b64vmfz#&~69BQVS@{(!^DvRNg5Ng!kC#QF4{zt>`s%k+dwPWZCft z^~;kYfc*+V|5D`*aBy02Y=9l{_h;}gd%_5GY>Ffh2<$AIM!rch4~cp|tG!y9Qh=Q0nDOCocq!Z`Uya;iUc| z%k=Mv8n`Z5mnSWF)i|}-a#LelP%!9?5|sar*QNium%|Ks?6lO2^QYw`@rHNP=fbF` z%hjd(@1OmNMo1}TC6e@q7=Gbq@ zjefQ3Bywk$Ihb>H`b0gm^Y2;$!SjzJn@2Lzz8^IS>Mf?U0p{f917Q-7A-kS!S3eX@ z&XSU1RAW|?Y{Lg=>dC_#D-j&z+PrcpFsCa-b4{sUJQmV~ohVqhBw&2u?yHw#M!Z}0 z&vbQJj;lV%o}B+(bt@9f|e94_e1d9+BE^0!CXYb$NDO`*8zVtVD8P@Y;x!Nhyh zj`y5S9=tDH_~aqKbyBt0Sxn-ywrUSpW%%i$UXwgk`q<3D-fAZEhk_k7b#^A-_6s}% z@;F5dT+`PYR5f%~FLCRe8^FYQE@_i<*IU5(6 zySPuJso2Rwe^a|2`CSYSAj3;ZC=U<%7pi|(8f3o7f*kwKn-8RPp?iKN_<2FVEBeCh zCPtI%hJvG`xFdTtph^CBfChKwTp6nMJ zv@5wLF{?c`tLaIyuGJ-*o^A-&nMlXnN#WToxehwdKn;-f`{=j(ep*4qnbymKTX88- zRC%y}p($1Hi5|EIQ&O<*Um%L<=%)?1TgBL_mueyN3%7U-H*bokM;qiV72A~O9CU!t zkor3Ek;HT;k9G4v7eilkjw#s$B3y^{jBe|cFB-=McPQ6BU%(iqnk_ev8B%KPe@*3( z>|yjmM%mgoaM_?*}0Ta4G(93ja z^>sIXC&!DbE{+%Jz__hS-UP}_;8Jg-Kj(JEHBcj~W@L2g(hQ=owzG+BqEE|tz(9tC zFT!}QO*bmKyfn z*Ey>U+8^#wkxz@Z5A1|^PHxtLTz!RmkCxYY-|EtlR!0X}3TWD^Kc8mVj9I5gR&T#{ zS?=ljEI!&5>G)BhPndu4j(!6Iv2jgg#@Tb(M*%=CA7mmMmjeH#^3y~esFJrrBJ}z_*mO->g6i2tI2Kv{~J+l+ixpER6lUE(eVa)D- zF{&mCVzU3P$Cz7G0ys|Ow>Yj55sGvzjk}q}W6CFl+V^zuu_j9}?+uHQDv1<+-z1F^ zHC?@`=M2S@HE~Is`l+(N)Y4VN-`WHvo2iIs3A=65QygwviAA{ES3T{2%cEb?umiEL zxmwVTTV>w(=wj7EbM@3-e-s}rF1s#JgfM*JmS{yw$uZl1qGkItpCzN-BPpVE3n6qK zg@=wp>|8rNpQL@Q$)Vk4f4D3+y}*vx^f+)VTyAPO$$7kZ{lTxTfC`XQrabvo`QYs3 z+Fr+mcs5A(XD@cqoe|!$K(C{MzROi0H<9(iT?H2 zh~;gc@~rm%*V|?k)w9 z2I=mG4M;cq=fdMT{^Eb{_l=_Bd#>5>&gXsJXAzL&F@V$T+I?Pddw9{2{VlXu zGit>FwRdd2gNl-`)uEB8mw3qze2Z6w2ZzN6+dH)<^V+^vs}Erl<={@QUq_{Nr#uhU zwumEnpjMnUu=zl7V`z;j>-H+7NS2j=rOk8{SGG#uBcf;Hps+V{^!j;9$WHuT3sW+yJ%wbNbICXTQd zeWpM;KH8X^kgYssNcjMF!D4yHFtBpg8*O8923N03Bv^N?YA1*l0mV@*VaPq4uS#g? zsSw6psTn%yOyb%cx)C}9?}6Iuz{}+Z0sFQI4ehI=6=v$w@5KCJzrl+5 zP4H=vjdbhCl^)2s$hyjk5WdIF!_eBb?zcS1){T%i#-0?xGg7iDq6=P=c?9PrurSyJ<)I zPFu5bvL7w?_rq_0of?f?YjnjRH$4CIWO%J53*fs}Ox%hvgJEC2G+7CmbA_mPd$~_^ zS#TH~i)%?bQG-7RVtano%;obb3!#`?57+TX_e?v+TF3@rb4$2Yb;yT~>Tj5mwET-& zwmgt4)5HfCC0+F7I)838jl-YvP<)kS&9my`4b=w`$8pRb9`ApX_4&y@8B5g4rQ+M2 zAp#;>jD1^AK1wx*G2Fg~Ix0sgs`lI6nbyHV%!IBXp1^a~YYfa;w6i(;$`71B?RnRS zd#`EHA-!#hv4_@aV-g7R>284O3JE{ljLr{EjE>`BrS${~&`F1~I7t)fb6qJ$p%Fhe z3{I#(kBMp=8VB_kt9Wg08kk+t>4{yIa3|0U1N&VYhHBljsIRed~~xEZ+4lM z7o=NR>R@rA#ZQCVLQ;N7ni7}FE7|DWP;S?68+v5L9G*D3yI2`XHi_7vw~W1( zHw>~i<=1XX8{?qu{vM)H}_JJutv7v@~_iD9brk;jS zh4)PQm|_bQBRLo0vc#TAlZ7Y@Dvli{X1Z%~xC;<*WX@~xyCTG%q`-AR3*)})2DX*E zy?c%m*f4sMMhR{c?wOR;Y|AP9<@n9qCQePwlKURP}aQdY#Yie39 zmr6{$J@1L+MmagYP5!=Y`16wnI^FKZ;@6Pi1GQ@La!EDHi$uL)99LSxOREpxjwihu z9Iv19!{$MQynhblfqoPHA^lTs`CDvtcG(xv+V-IM@J1su3C`hK7f7nQx>nBGOyXXeWzuFo$L5JJ=)4x9^7{8|uA z-1=L4E67o z#D!xY%3-Q_>+Rm^zh`+KJ}xqhDRb~U^eX^|!12??vo3-!T!Jw=_NYQr6>;;`u5WS( z@Ff3OwOktfYl>*{i-D@UO3dsRiaWW=y3(H$5)XU~gJ}H9T1r}0NdhMedVX-cx@~0A zvZ+Qqk{(oOEY&W@cR9XFKtCfg%bQn=_D(B~wR9jo$&zEjOrzTQP9Efj1BtQVfU>bA zV~$Ckj6idI(b!EIqOENCCnLr3twk+a&u+x>9wH3EHz;6K&brAmu@SP6JMC1<curQq#%*P^HD8V~@op`+mb2E}u3-0LQu<{OKXWu&o zj8)tv%l2LQqtJ7foua&y(<{rIjqx?754Lahu%0}o-Eab&J`7chxJEleV5h=9C`qk3L~m%)`^5y>9;aQs99{L*Q^@shM+nXiCsX@@ zCZR{i*!?>FMV9bUM~$%U`oT*6HQJM7MrAuht)KhiM03igSwngY(pah4Xud!<6TdJH z@m;#@qw<egci~W36HW zMLcLeR&qRydwZ#|(9OuQE}63#Sm4xkWF5PkPTDg!iCHbhl(ZUHl>O$1zVNS%lyyf? zXAo}~@U^iIXJC-gdKMnk^vx;u%_9Lp=sSVLfcgZQp&|*-swZgQJP7 zVO9>{`jG!fdHxb(eZHeFUC^WN6nDXa0m=WgeGBZxXn>s>JcF%W$1`h}{%#eUhd1{e znq|`^*&>4H1H=PqahI3mn4Y2Mzc==J($`Uk)8F!N^f7mWgUGwsK9#)0Dapx8#3{YJ z3iT4D&7`zQl2-Ixj!@6sM1-~t`DT{stx@KWST`8Q8SC^dLfkai-G|n(5RmHnfEPdK z78;v|0L{mQ*LfzGnTE)0)3ocug*=28iZ#C2*h^(`SFddXp5$!!>G9NVo4rx<2TQpR ziLC}L;q>9Msz}aL1-{7i-i)S9qXOOL+p?`|)+TF*WaWxi5gQLFv3WU;m=}>MoCT^1 zu?|IMnztYA0){8&aHV%3(4)rJkJKKyFPm2axl8LOcbHBXWr}W;rvUYy|9#_}F7uulyH1i%V zBF16rI_#qSRs)Dkqg30&w47nUscfUFCZx6VO>;iLQCc|NmA&63Ob>zU^rbm!ErSJd z!PzXuF-B$!LI)LFQwGxVV$NX)46PBZle9nR+t7T0%(*krLXH-9G(n&BIj*-9KJUYO);OF4?bogOWoTk|P@u zg=-vI_mB?PJ}e)oTOhFzHEZ^k4L=cXk7e^reiqpa)X09E2XtrVyP;&RwSFh2^HCx9 zjND=a6nCmAXXM?yr~w0pAPMZjU(8@A@&4UF9;AZr!ql49>XeOTd-wPy`Z8LAiL6A? zT&TG*exGK44EhjmB!Bxr{Rch+Z>r6-v)+sNgOkmkh@Halz60A42T5Q$T`~4B66$Du z;~mQ{J9N$!T+==9zt*=s-5hvOnr7BRnpe)ZUUZ#t?7rF6Omp;aU)66nqmrYkpds3V z75lHV7#^`@x9*y-OK2P}b(L#fq`YMGZV;N_kau%J(vBzA`Z3~Np1vsmwn3tdR4-`} zibuXiG8f8Sdlj53JG8$P6m@Z&A;7pdr?d8f*X3#UKKmp}b()sf&hQ$$4Fl$4eeNt^sbXEUYklkitsw>0v=TjHwnyn){# zr6`lB$eid7Uz!^;g!aj0V)cH}HJv_J&R_F{-Nx(qA1td!y<@rEQ;2Zb>nqeEN3)$O zG>W)i@kKh7t<}6r&)uBx>19F5isoXC5iVC%U-8xqadux??^21Z()Os)Zdl8cEfshn z2XBTiXR5m83cX{MDzt5&soO@*FCq4(<-SI-0Z$(BjAtiXuB=bZ7Qg^!$c%p z`yv*CwFp&JihmvkIajk%0A0;2YK7?{XOY*VJ6QvuecKdT1_OnmETy8(i;t0k*VSI< z78N^;t@4Y)#1tLzTp`8M3PDMGP~OUm!AeIK|-MRunU6U)MW)z||Qk#Ri^I zn65_RBl<0TjwFyXn}@NHUb!N+!aC6>s#tA~eiTJycgY4azkdPIzk4_@cl*G%qa~^I z6O9z6@hI@5JDgYgehAkg+>-Gp)m$uhh>l42`l6l(!}A+sMzp4Wb9-!jyq{Kl z2vzb39xXSQI1?6Wi&zyTbdZq)12lD`>Vva8W_V(KC_)akM~i&oZ+9`S#@II0#-`kX z#)#PH8idBV;w@x2MU(41j4WH=b4~)3<*wsa*;!z)de-1&zv0J316RcduDP<@=4vq6 z6rPq>>#2hp{Brh3r-n&0j3Tny6&pQ`YNDEBT-9&AmqR(J)1wAH4@6c8Y~XNSlt@!MHao zK%HYIpV5Iw#MwDY@`=F;3#I?138VRqwrj&s`B7^gj&6GwLs$Bu3(LMYRChepu{iA# zHrP^fBl<3e9qL)OvbX#XTmSW>wAKe>JCzCjXeY@^;Oh3f*A@JPiNHssk>?Fav$RDz zWH)swNw(9b36ST*v~A)`RpgGaRP)>${KyMNF{BXZapl3vXn*f_U8|uYPiF?ytO9eO zDyQ6}$LG@dYtS2hI~d1}AkNc>I#!>ZX?|laKHHZq-j*Xb(y6Cx;B)*HsPtShSv;*8 z=i%~c0K3;Mme1-oHJI0FQHADG?S-&p8wjjhHUY%M`@xyj|eR4{qVb1+AAd0 zsG{E=SXOUbXh}{`6yLNsuCl-i%f_e!powrj1e^8~AB`JS$JI>=fs5%EcV|R|V(c*e zQ2&c3d=EpxhP36f2*hvhO!e5p}TNS{uFTXHCu z`>+Cgs4lQws@EZv8iVLfDgW3v%`7~~T1V8k7vG=3{g~HSwrTa2)b{&3X~4f2qXZ0! zst9InfUt4HORYKJ85zPt%_hdFSU1+^;29lR;lfuM)W}d)+U13=M+w>nAMq?M*%(n= zK&&te#TA%-XjO)a<=;CWc$8(^OuyLB;EU(;GGe4@Pz;qV{R+NkgTOl*_WM&~Ce&fz zvx@h-EHlsGj{4hRL!FV_G_$RKa9aAA-&!P7tAHbdG~ar7v$FVbW!)v87Rkm*DHjsT zP?xPV*&4i}ul2~)Bb~HjYs8AIwmnX1p|8EXpa%lbhSFVr7+KW3!4PHxolvox^aow? zT@u~LuD)_n#-9E_E3hY9QI%Gnu}tSBZG(X34whl7abMa4`JD`zsZX%w9wa2Hn^UzL zwk4L{zkG zgz<_@bksdQR)627BwGnYW#}u9&tVw-2)T{*Eq$PqS!8oC&1sV+-^kh{Ax*yhP-cU> zKe$rj@o9{q$VuiEU`Aavf<}Mry6J87SwxZOD*}-A=uxc0xhvQ0J`Z_?=B*x*Xf+T8 ztDmk0;W%yuQDd-&9W`tmyB;k2*Ub2-u7*hR9TYzOd1-{1-$AoabceB`WZ!f-EX(r9 zmFDdg%cA3qraT%lx_;d9_S20_vl8Add6$ zTh%`NPRYaVb}Ef!_(+}%R^s5z4g1JUtf2;-dY!F z5enZ8Gf%a_IXJGv<+-avPI^1+Re@l16Boe!HLt-dRnZvm*&y+j~K+8O3@ zGVMk_8^bu?jFkmR2F!yCB6l2)M3oc_KXDy>uJh7;fc3~mlR1Y;udf4Rrj0T0uy>+;TkmB9H{M0kD&)?FS(hO13-63KPNKz@vsE}I z5mZclcoGxDCyV4PC;~#HQ^hp~67SsUm)xcK4-inTgmpaWxMfXcc0EExT=l_zw?b2j zR>N?d#V%2Q1d04OX|Q7-$NZcH5Av?7^#NKBJ{X(4*z)X0cwlVahsQfAuhy)f?N1c! zCJX3{=j%G}S53Lmi4%4NHjq6aEiVdhmQQblVYgc1cfyT}E(*59C*K}gX^!R_eTex1 zp`Kc;3=+l7`mcqxsp?H0z00@Uf3bjOJKc>b*)W?@E^zlGcp(6DpAx8#q! zx3QHRq0XXt-Z)5Pbhv(O<_Vvs-ZxYAF?JoZ^%gcl#MKlxlW6SdM6P-xyoXDlD|C3d zG_k`?Ln^a`?FZ!Vyqe+`-v9qosYn&t>KvdU$>Q)H(+$lvrZnXx0A6S~?`6{La!_8uy zY99!X*xQW=b|pI!)#S<+AjKosSGE%D7NE=aFP{O5vWTdg05gLu42Tgy@F ze*BAf&a@%4t7;)m=OukeD0PJW0(a+cJgcLwKDAq4&WAK-X9y$%o#|HTIx05`K}h81 z1Xuclb%RA`6^mfScc-ybDvQY;RH)02Jem@S`N9Mf7@b4E$E(i}@u1g4jwv*^;MEDP zrAGgz?u2^Di}8#DYI3PdJHSoqDxmk`TB9XAG9l-{6~w76BjJ<94@Vy4*1G}EM{|>` z{WZ{KI=KO?Bm3rhaR3`Si?doC^>Tmxb7meFirfoRLu< zQh(A|foON!0Jqz!p%G#yJ;_0*o!%68^2NK;0RaAC#wLxGCswuxZU+dQxoER6<0D)LiCZbARTC1%HZoTvor+tP`Eox&&dsmtm z3PgJHy0qc@v<+|j5@Y|Baz+rH)^8Z<&zNld%a=AFgM&~&l+2Ga5~+=_;^g-@$`+=V zfOtVl$*Q9y=zL#Sx#3h3tG`dEmk!M>*LwWdz(gL}+o#zLId$39v^Rp9KM2#)ir4!U zTbY9%Y)fZnnT}qRTM4 zzdzca5jTvsI*Mb4z!h}cLqfITkQEa7_>^cB(P;Pd z!+Gtev1u)C8=N_i$%W~hU_R&2R*iCbY(~WWrI8{P5nklR(4N?XZ3A9?rqf}ABsFbC zdcwQT`_JpI0s++;r3WN8K?g>XcHpy@9_#P-yKD{tv@z_pB#%K@@d7>(!eg6-JX>2N zr{6m^{Cm|s1NB!a%2BdI-myg)eJ>hxxc85xQ9iy_GNRB#a9Vt0k#kNk9Kx7gJ!=fj zFMUnweWb|{Nu*dL&!#oM%U&buk;onOxWC**>o=L8C*wJ9^b0!FZ;z*oWNMGhri%rz zp#1N!0(a~V%rN|F>N%f02mr>PK^cYssV3y5T@}L`SW*i&NGoLpFv2M$lgV2vk!SGy zWxd2(br0CaBvu=eDWZ+-3`R=Sus9iwztY@}X{Y&MCgMsF@BW%IH-- z>ZR6R`ay#@wXgJqa?=*wC;2tb=ly^a5sLyhf$>--*-mMY5v6qL`$uh`S+m668!9$h z^SN(H)gLFem}Uwd?pZ>sJkx=n8X~+TpH(ofykJ0GCnRjbvx$l>o+89VwYpp3)4Yr% z!eET;qJpwca*C8Sl3Ow}1;dXS_LJ?xyWeEnM5=?(=r#*_Es=MhcGQQX$5)1mTIdO# z*0Rp;A8h8#{+RQ)wW*`dqNJi_P|Hf7w?|qhiYeno(ByZcG)Es2iHW2_&wmHsDTIf1 zL<{8efFI>f9Jh;WgC}3uyu>S^j)@)iB%3;CZ#o-md@dH#9pTL`)aFPY@@77*Exl{% z3_j6#5MWA>h+XXG&_jq^c-z3yX8deYd(@_l=IISJtHMH~^7u%d$slnS(*xRq>!N() z)~B7)^Vt>Jvk;N_7FK{O*R8^Pbaq||c#htm2PV;aiZnAquF?;`BW+PklJ`&$&=!kl zJ%|dQeNHYOR2M~VOh@fH*A&PowT7>*ohV{Nhul(8XGvt*4mPNw6OU#uVt*|0f)s6A zpewc~Gg*3QQxXRXD&USaL&nOWedj(oI+ir*AED_(CxhU)<#h{Q3l}{sM4)~`?TjoF zuTj|5C27!IbA`%XHMWq>63?8YFD_$o9&H70HWqBGijg4cuTlng>pCpIm}o z9f-zAOxzf-eoddD*3I(*c#M)E4Wa((LdcXFyR zZ&LQ}E9ALH!nfrGhk?cUH0pRfZZ>(jKP$Y?qd2dKP9fpcznBxm#Y_9g6O9owHN@Jf zdFQ_~N8#u4SUlc0e@`OSQX=@7YT~T|3NjrpR@We{5m`{)?RStJC6pN8+TRME^-SC~ z711bGQ-;H4Nvw{TzXuF*zaQUE5VLb|!!wXe!s3;?F8BJO+z+*#7M8`aauKO<m(jfXF7;LwvSDv+pDvao#N&!?!e%n^t{x9bn*HOFwc-x_b zLu?-+Gnc?zG4mCx-NB^6OsAH=u$m0}%JHJU)<{)j`b;Mkqw%u} z5c(|obl)#}Er3(gMbx~pLLj?zawDQb`<-Yohet`M4U~!cs-@nf6}9aZ!PG5g{o@Ls?lvrS40#`KEHj1Qwy5~ZcUj%#bIY|N7Q-G^ zO5PSe^$YXWQH&c~IA{>&J$HETk@4N@QZuEQT5Ha3koX}J@v1`qA|@Bmk^sg7Of3Oe z%lo-hiGF;tItL!1v3dq@Q=L5wyTP=UznC{YUVp`(l#HKs-Z7$4EMI*fFHG=V6wTUL z6-=?9jofS^;X14>nAy=P5gp9eJN}$XC>DI1v8wZk2U=P7PX=-J$@s|C+fMP7EGP1d zPR2CE$E}7B3KWUEQ+9F)1(|rZpA0NviC&{sdnB4JpA+^B`;{3!rjqE#_k7G^4l$#3 zgli7hFxx&hb0-b->WQNtb_d_3fN+h&K?8{ZOKtjl_Z47Qlvv<>USsW9Iu}zcR54;Nh_zP@0yZ;W7Aufiq2XpxD9w{zK zJqcY?l`&n-s`abBLimnZTA^SjhDui{zL|VZg>{^=)Rs;)k>9%Pg9$%$SiKcaOWAF z4SZmGM~(vP=4>Bnkoc;HA#@!H%f}*M^O*CIwMb$wu zkKMex@XNfbgzG~#=5&G^9*tG*s{~opj;p?}p}A=fa=WMBA9E`R^XwKE}^~oPld07DV)_4!L zvv0PQYD7&tzy1zvpJ#d&vae?iCxQf`3H8jPfn0 z+${UaRoFehaW1NAeE3TwB?^4H*xoCqZ_c{xAS}ao(6m%gGe4Y3gYop}Fo%uzv)4kq zumrh^SHVJqP`=f?glxTZp3I)Hkou?Oxps1w6W2jJuew(6_59A~{l zH(-4R4R?pGgy$EU*iW_E_65bE!0?kwIUu=UVo9yW2OY167Xp+(*}<-3!7+yX>5alh zXLcO7*6ViygwD3l0V2M#XVph~R;U{=|EMI!Z^j5;4@NGu8}8tAcuEdD;CRvQi%KIX zXDF8(FuE0%sr;UB;i8@`uwZ`~7i>5+xmqbcxzp~ShCQI=tI7p8S}#{1LREoML`qxN zVnln2@pLwxZMmM359MW7O_u|qlWqw*ox8WGDzHWXla9gv3UvAFL)U~?n&Rik!a?Ln zHcU|$)LP`!4{TL6#X_j~DXU|B+X;(9{kUK{P*w z?Rk?70UfI<2AB-3EMLQldQIo*qT>=||Dj~h$?WcI>eaFM_^9ZxFFLbETk)IRy@8ci zG4}ATGajmzOYWITCi@keZIkxtz`R1~K(+pCH?>}BM=KCiU*eJ>gJ671N^Y@TzBrcd zp@#UWvS?K=ly>C_N!6ldOrHN^I&znFw3MdT&@0jYwDPx0v-29rs+XleD`OEb9~W)q zHK%dDNpl1Cv}l8G2DpUS!k3WA(t&hOOmIF|F3Ud(q%pM3ZVf;lHE?QIU>=Uh_< zLKNDJKG5BE7f|6G-h1hlv}R_O~ox{v!PqtkHTUo1&*-{B4m!bK;@;0eQ9kA5J8&)Fy5DzYco(i#9w%O zXng)>>2=^3AcfJ&t4)=f9HLMSjZWpGLptQt=eN&3HMH+(geD2qRh`wG>ZRxiR@VK^ z`S?+9mW=WSe5)s??F<}33a-pQOlT?_u5x)dC92j)rjZfVN~C*rlLNaa4FKRQ?D?%Y z=LesI@Rxh_$6jd}daWWEPFX}mGKPtY_+jP>#PVr6B zg6M*#^=+%!eVhVYBhjEIYmxfLT(_d)sSS!)T2-iTF6HU;ThZ{3V2#wbu}BtA=2o;Nc|kW z&<%VlJ@G17Cp?_?#vM8$8CD0uiFk=E7Yu{&$939(iUj@3%S2!(8PHZUvaejZ;C>GM z1qi-~mEjlN3ZfCaDCyU#THbbqh3{}z{>8V&yzWog9c=qi1XfS!tRGQa!$s5dn`^F2 zhM<;8yMRWJ z0|n4`WRisEK-uxS`GD{d5Zec$dA-o5!TmMnF4$6J z?-^mh%#I*9()M01naK^U1|2k=QZSq*Sg$l~%nWbdM5mC#22}|;e=8iOXg*^HA%U{u zBeBPKP^GMlKEM(7lMG}#_JNoZIQ{N|uqh7|$e&^Y4TPvUKorj&+`L;W@mHe=ff9|r zP(N$W{~ ziVDNw<%zY*OHCB0kXxiga8w=U-7n6eZ$Xh~kphv|#phsRIvhvI%25ct7Qd`T^D8cg zpW-g4=sk?Tt`AK~hAc$Dx1a-y$>e?XHPOaIyq=uWg{ehAZ2*pCA_Q}~$@?Meb6{RC zgOyiFCSdU0A84?MsK8Phpj;BTT$q6#c|&>*1aRt-z~wR~B}W1EwY1#V&|l%kr8z;@ zLH(%#NuDP7QocW_IcrYq3%C;sNvU;Px7$a2-T%kdaIZ#Isl;I@Gq)HyT*OfbUlDYHOxS1AId$q<^(C!t%siSc)am%B79 zhmY;G9`FHbhyBvW)HVYhO=n@1Vv7ebAE5$cj1oZIK>!!G60x2lssEP8)SUaV?r4)c zZ^dilFlyZQp{!mFt+eVel;`Zhv;9MMqm@!eG{zP-X25shsb=Xya1TuD4z5_vGuSp4 z?xu#9rs!1!&%|}^K3gd-I*w;Ja`_n3zv8rLXDMQDdX)IOoe?21Uaprx0!;wz991A# zWr^}?Xx?_u4hDXM*CfxRr2|)-URPS--N8tdoke3KR-Uioz=M#LM6AMaP*yN7Wd8Cj zCDQ~jlOZnER9|cEqadr~Rt-J3Mij8>xkR<3Bz!T`0 znre+-=80L6)4{r!@>bnl0(W4uK9w+b{8TnqGk&bt&R3Q?dHC&ZL-*6>(NXikLLmvm zxoMl7cLw_y6?&Tr%8#IrlUWTI@lX}hm0O&ztXTkop(vKg52-eClj~+IEp9?nBllX7 z*KZHomsqee%YUus`=qWu8v|I^k=Gjvg5$P7VBd(lIL;Ulm#Q|Aswa;Mxf<`7-9@F; z!11_U&RWcF{vzwc3Z|u+oD+3!lF?2~X4u|IZODcUjK zhxar!TvqiKot2rIDwv#vR8ShV@midkFNR$Tmm9wh$l0IsZM%QFoqwR|{e4yuu%_XC zCdG}#nI8g7%DeF74$Dn!c{A63)GEibV43hmXR9hvZ-k)3%f=5dU^$kp><@cOlKYd1 znt@xx2mqZkc^Ks3wTtia^?Prn4JTyB3?Gs#4wj_Ogf*SrUkTzO?<U>6WI%cP8RyjLq2g)tH)6ECeA~Fv z_K82!ywd}scxNvXm!8QDK)ndtQ=5OZa%^PTZN}N$*+9;)R21SJ-q&Xdf1h>SP-J&?xvKwpLF4d5&z+wMdUr!Tx(ep__*>2Gt@C0q%KFusg<&0iXQI%Wq>%Jz1>aLrwr}?X>s1;eD9)Jn<|H z2s&q@C=c)tfiz#zt4aC?irF!fX=Ha-qDsP@cSc2Enj__BrP_8ACb1yLOQV#3Ic{_} z^G7y&a9V@zX2nU#PUP^N4i#D*Pb|+i-_E(FUL9(y9tZ8Ws@!D-@LJbmh+o%X;fEQI zeZC027Z{|L0ZxcD)q;+G{q<{|Z4GIW8u18&cbd}#MwYSLkd zY=Y<^O|be4Jh21F&_`LmkP>`xRUUnu_92 zcMEv9QF-|L;2yoyb!e^0XhN38pLSa8_g4VXjrEFz@q&+>S3*lP?1$Ap)h1xas-UH4 zC`1Jt7m8o~E^(ENUx&5%J<#&Vhwe1D;(=59A~^Zd62!>C8AOYv8`I#&D9e?A6z^P$ zVJ3(VK&lTB$Bnz}XW2im+UYaVJ=`JPKmXv0+m1C?9t@c*Es^*uDN2iy|c0W3{7M-GwM4;?N$E?Vk;@g2X zhTDD$$MA*OsJA*agl>(XVN2?Lv*lC;!At~!pI1Z%?YWrYZ64XdO(0?kq)VJK7_>w( zGUM#)4Sr^Mtjg>_vm^E_tLv}l4Cr!J<~(B6aKf1Y+~US#*N;ireg)Ewz|(S3`0|c=`0^Qxcxk5JdG1_F%?9h z2?Rs}A+P{^aF3C7iL zdQtjaEFji5+(cKcW>MgYBWKlciKvl!KZ6^n+>PymB&L-uYTT>S_= zh4Lhb?x)lp(T4tl@%_2}QHe)`ayP2@O1{XwddeMkoG(@mgcg0HID*``*6yGN_GB=k zXhgWH*5sY_fUhme|5uOEpp;fjW>t%pdXEGh_FP3;H!{yU>Qx;TXM}n;nFF%WdZn`$ zs#1vD=1R;-+v{p(;%)r8fK?0P|9zRHZo~lTql*Ii-eB^*07i#6mOeKypJbj=Q1T+_ zb(FJibfyR9gtZ3e>$NmL_b3dx#cpylaPs3Jx!--%0!s?z5*z28h?7z$rAGYb5mRbl_GqbAVj)jbsB#>;eP4x(CSC@w^Mk&ni^sAhF6x`mCzFz_r|)9F zILQJh#SIRFIW_yuWKQ4b`D8j8B$O-MC8472Wj%K3fYBf=8P?KX(W;i%uN_BnsA`6V zpiSAXnO#c2N$>y6h(V6@WIL>JC+T1}dk8qB*!guPlRzc@Wf=8)vYD4nYLjSeJG(Uh^~gFqu>#Ld zEYT0v_8tm2C`B7Sooh~`3ClC-(b+zL7qmDqWJ*eAZt&^L7bWm1siK7VMdUObMOgEK z>Zg;sME8y-^81DP6=KLD(!VerFiXe70GXmk4pX^dAuln>#-p!z7>L12^W7aysqB6b zn`9ZcwqO?qK2tNgE#kWF2SDqkIn6hglRdnR7fmO+VUj=%(1XLxFh;J zd0<}bf4yLcT9f36as4aQ73@jyw795u04!gb=kT@=D{_w(_y6Uy&S5Rdf(g$3KmqhQCV(i-+-ajv~w_ha$ueb@ zdRz%RXixri&;HLXI~`Lu6A-Bp4obo`2Not+At$gsGndW!I0o+?Qi+iB<6P56rh;

^RZM*am$VhBXCIB{0~Ll@h>mV zxoSjr9*G?N^-30neq@v|NDXhUaLfpop{!>&y~rwfvFrLLFkPy8R& zO%U*{W0A=y_Vtdfqic644^I1ccAH?B<*#9t^xFm>0eKQBug+V(mf zT|Vi^Nh7`IM3qmbEEZJfLg1$jeGL5TIivMFSjfar1)v*Nw@t*+v$w}p(v>!&SQBdf zr)+z98Bml$jtUz6PpHfM*MeBm#9lQ&+24p2EpFMF^bv!C@&lM7969frcW2&R$OTLoMN(4hE32`z`wzAPJQUaG8|$I#7Gvq(cV{BA4C#q9@;#&V z#v^CXce-iv`;Vj-BA-|?dcUlm%qUs3tp|-QTJI9>a}&>p0%0?tX*o!fv-+~w-=-9H z8mLFf88b+AF61qGY@E5^s$gq-==(We-QPpx^u&&|!<_4}ypp1p)koVLaYeLC`N zYRa7_?r8hN9R1DaNxCW7&53GECb`%bGyIUbQp&SY8=c6f(uiaMubZcbDCxYiEYyYY zpwc92ww5NIOJ6Dx$8MQ$~lZs!}r+?)eb8`Dw{3?U|p?P+g;q_7;8ttPv0&PqJ1Cc0!wR`&huua-;UK@v~$M86S*L#!uM7 z9vD=%uS9(AQlM=dNE)&{DHST;qe-4Q4*$M4ZOXx*HPQ8hqDQ{i6Ad4)dcvP-MdS4j z9>RJ?%TMu%@VVMJHohy;>NdLJ&bWZ5RhoeoBp;MSf#{05-QuhxviJ-gY#54E@WKBS zNvU@}CS@os%JI~k`snx`<U|GgRM2l8VGbZ7SDPbShc}nxX3>@bXfygKTRq{; z88hC*5t14-F#y{#V*=YMmtwBiOD{2o@a&&zkRlm=9d}8$;h{3faD;pfZ+|OkuEV+S z{n@Vf)G9Y9&`cPR7R~pl^vKd$Pzzxy7q@*@`}odd1o;1wt!&a^-*Ex#h-=vXk=JO% znz3djo`d&gCV!b7-jtZ~(Zy9WZ?7>TflY0EfQslF%lnt(hWa<|G`#q>;>9-%wLIsg z4oLa=W`%Wyfj~VxMaKOapTYPO1|nKt3x-C_pB5oiryF50r}-oLjn6A7LqONStkX*D zTkjr@!&hzww@{~MqoX8yjeg34283sTadd4xR#kbLz9JsjW&P1v^zE`FBv zRg)kJi8=a)wb7sLj|atIzA%m~=LahjZKr{^JvYA-^niZ3-YT2y4WZ+1cF~W4p?jrv z^7oC(wSG`(*nPu&8YK-@*s(RzR~g@7QFAxg4~%o^%PKKW(RRpgBZjb&+LbbeeeQ-Q zKaIME9pMAPJEkd?c`Bs3SzzXlR;>G%UQkQGFQ2b$PB$-^-S%RdGK4}FK$1>{Ps3PI z+KcyE>(WaWm9uy2*YO{0B!gs3uyjEoj7cn<%GkZ^YOh#0Xd*s0Zxk#Gf(I*fRAgz3 zx=a@f)@hzV9+P>h?WMB%{6Z>5Rz}SI+u8#HEDz02$9xJyWWxeSsMu)L&?$q)T;kbDn=j%r?!A{ zdRQHVfEaiv{I3O28SlRC<90d`kB1asF}qu(_lxdlFH zXv7qGa(K9IgeDrlT@1^X-dX*DN~jkh8>Q+&IxM!Q>yG5RIdw@VTvppc_nZaZ=~aR( zt%N*K?aDH0-&6q0pd9uSWe!N0<6Xg8`5*7Vf)3oOI5-Aj%s$i^Ca^M1D$9l5c3v~1 z6}*=tN+bCi1D}oGGOb%kFSaSB+`OG#_0Q_^SF3+}Qwdgowd5zn30B{QOt)5GP1$RE z&&%-NB4R~hq+UmAkPgkH{vMuB+ZYwV7Mu)ho;e}ls83mRw#(|f9$8?s+{m&tcpV5S z;{E@1aj-TsEdKVu@~gGC(PCu9z?)LODa?=PO5Ry)Ux(Izx(LKQ!WlhSB|$g`v@FWb z6Ce__d|U4)e{nas#d1Cu21pCtY$nR9v40x3Pw&j5fV5@A2!XhXeStH8#Vx}H=1x>Q zhl=el@%%82W$%D38ByN8I=7yt32<(22JvUcNf7Va?pcOcPyRAQ5tDH4aCY<<`@!dx+zhs2{?z0YTQd(IcEY$pb2T15gu!+UV zvKQZ@{%%>$JnDwRwJTjWpSM1fCO;LARu zgkVE58?7N^$Ftbil$pDvPEaq#JJl^vVd898LW-r(1@8YjNod;j0IJ2rGHGjqPwhy) zg%%y)-y{Tp1xmT2XX=T7>+ros2dEkk{NY$9Pm(o&Y9%(7r}_MqyFsNl-Y-40fRv6< zj$%0)u#w-3E#>gJ)7rq&dHgr~ZUPuXnvWpc)^vy3fsfHxyiFzaNv-|1w`)t5wl@Q= zyC3+%TTekm;P_88cLP3>981BB662&7Z|LcOPNooCUws4TD^LUlu%}+U$_{IQqFg2% z2tT|=+E?719eq5oF-4h3WQ14o%#b0!ja%tkoanTPARLw+xtDMmxG+HTH=Q7uAbjh2o!CgI0K1)30a5I34Dxxl#=)V_-{^#n<@anvF$$aqYz{V|NZcH~X zU#(uIp1taOp|5;KT)EQ}N|mcy$=()Dv$6lGJxe=PDJGvv0R7AKXF!o$KhuYmeWlco z&1`y4^C>cjj*@{x>x+1*9Sv;1kb=K238+#R7N``UE_5YBmLasUJ#@~LOCOe>6^jJL zi=M*9%$kL-ka?AwYe~wpySOeXt80unLTK~PtALtXha=ia6rVNYYYZQG1rURTDo7E&KEK1oYa0>ayU`In7J#aj&SIn-7X|hLMRX1 z%ux$!-~TnNRgFf*Z6Jk9;%4{l4{B1H!<+DPfn8rs>0*zp4@SB_NINnZe~NHM1Da1^ z@`mq;ThW7k+8&>oS8Qqs`8Es9>=}%Ziz+#00(FQzoMNxLrk}tUqFsMar;`7--2WwZ zz&`_@>i<*jshFEz(+@_Cnu9!lKjq39Q<@U-V5#}FoigQ=DQ7+(_NV$+wQPOr46bDaR*=09 zI4B7cQWiM+_U!U-wgcUEcFq3YXy23|SV$*PWli<$?VZ5W&o-r$<4O z>k0fZ|5neiPyiLLq@NS^9k3&eko%{==4sKc18k9-AUmKIr1JA~YYBn|jV@xljyRyw zdh_o}E9?u=Zi57T!s7-tf2oRT1DPR zxdm@mJFULCI6KZ&^09!>#_oA4Hz8{edN^n&_ks^KzR%uIl}2ZLeFIorsd&s2X;3QU zvVc+{R~hXF?WBK-T8`5E?sB&Z%^CdbkJmil$P#8zu}ZpC;L)HX9F8H=h=cLF)Hs0E z0YZYks3-$-RY^l9WI~~SIbVzKGkxWlDXG&!nK$@3_c}@O3p^(FJBwsum}o1pw`DAI z9u{Al(b`|d?Po+ID!B=}EC!`yCUBZ0#K2{dV9w4DGGrO8P6s(XsoF1@`V^eNKuRiX zgOUC{zbQ@lwf9-l+i1ym}E;f2!&@hT8D?VJIgB zU4Ay&nX-CsRVoNak`CJYsqEvvoI<+Co`SzsaMGY991Y&-41T8za)Jk?!%GST7n;A|cf)tG!BOit8#gE@;y?TQvfYK9)-4YVCC@6S}lM{hnpS^9P z1{T`$99Ea08|LD$x=_RF(h1Zh&xnPRFy-kQar67{-&g+Rs_r40PmHBUnHuZL%usFy zm1fgVtbtzkgRL~9uJVv*Ad}qA>m=!Gz*FKqGHATM*gm?6{jj(&k)o~`(*4KV`@99G zX=rw3v^Rib9!7tL^MeGa{>_OFvhB9;N8*uDlIR}^UP@ztL*Q%fIL+r6h`=R?{ z5IFfeSgKgrG636*7`v=NyXXBY;`sI}-7=&0hcR)RAKXoUZST}u{Tg=wc{uteaAPbz ziIJo_e|Udhc%?LN)hTY_a88NV<4s-e(4u8vSFPmEoW;05lnx8JNh20EZ?Uh>3KF?@ zfd|x03)S*GW8=>`blx*9+z$T@qz2~SQ6S$zoIQC9#AXhJfc;#mL*7y8Rk0Mp)9|q) zJN>o=*YIjYeQaT*aY-@Yy`SGmAt6JnW5V&l$D%|HK=`;JtoZwLM+PpWHJs8y$p>|S6)(sG zjNX$VJk{dJ>;xX49gtN(r*@>{6!hC2Dwz_7ciA!D4_16h)XKi4n9b65YLz`u3X($~ zY*-{8o(<$v3kL}#xs~6TC}FZ)i`9SD{;NWADKF+LNr7Y!MYtA1D`O46QCuE$%lh_&I`1NFW~$ZeU5UY^pz} z1?aop_&3{z6q^A`n$G{+%^+-Me6LHEmIw}EbGdRi{OcapQYU>P#^G-N#T3-Y5Lhdhs`f;7 z$kcDIvF8`JbT1`UztiINT)suKzlCfdKjs$9N&ha2BQ)?4t*%(g9_7BwNDu^D>l;WN z_tWe5)D5+9xU+iY8f$=J5NuPaDubYY=V_3jX2(Fr6C#l}%;bsqpO~@UVP}gO1~wtF z2Op+`Ke41Yt&O#A*RPXtrYZoB=m_T^55>k7Jx=Ykbib*7=AG9Sxh{=eS3qWrG}lgI zTIo`)Ze}RMeklFro&k_PKLV2KO9t~`0V&pbdASakzofEnoZ|QZA9QU_r;cr_;0``* zjxsu9gf9qMcyc(dBZ6imh-r;K;GI~p6=uRT9Ag%Y+awl%i8s8WOVS4?sl}=H!)2lf zm(cPyh&2Rj7(jr3vGz`6Xlr0c*XU*$NUQv>UIM5+xj*1cz{%vd3OnL#XH>w2brFhm zKGRF3zmeSb=6qs`DJZC{?olmuJLjvWO3EC(%pXNPz<&#@TUO5v;F9@L=JbBxV{}@$ zZXxsVqj!YG9fSf6rBVd&hpOPomFiVbbbw{iz|wvld{+5~eO-ff;j6SVH8cHqM;bI_ z31RY35xP0%1c~h0YyD^+!YvQ2wi%P1)?9IAiAaWyx9A>GFlJ49{S*6SAeKs zrr!?LtI$9HUBuJgxRzU#ub$@vrAzM3=h096vU4vA5)AL34h-WWeeB_OV9tYX);o}| z!SU%vpGWTiGHtUx=~;k+)FbDi`Rf+HwLiLpeAEnidsPY?JQI3du`Zi#G6&cOjLZx? zmu(l=9lYPZ`n15kaC)F7GD~Oc%T$i{+2T*jW{FgK$=wW@NKdya3rJ~Nm9e;;%+!{; z3}Yj1XUcb2-G)-mP+B_Sfmg7plk+sfq}%b9H8DV%1knVJec;PXayp?a*DeW4USeNh zeNk5jYhlIJ>(NRz_PIg8jrtybYKw}A!-7a!>3WsF8G<@I6k;Xn(jr zHpDJkZeHCMOhr;*x9hO-o&el*XQqM zUwCu+eKIC?(=H{(J22ZAaui5P!l5OVF>Sp~Bi4Ihi_`DPit-N>k_IUp^g$S$os_1>J zv4PqGUo_|YLm_o>*zg%2x@*-q4RecDdTO}e4FM~0DMO+0l#2ah;O8aFtUh_x6_l~b z@v~XWIdSm^X;kr8!3387Ut?bx7S;E)t%L&7AqFKVC@B&GLx+GM-KlgV9Rddwqz93d zl#-628$>!qx{+?A8{R$q+W&{=)w#UJIp?gscJH;;z3#K)ncRZwLmmdz2tVP&g5CSt zDFn9eWaJ|C5aS6;C|a@~a&f{g)n)0@(TV%HO`YrU9z)3V?FVg)A09G9cHt6p^lK(> z;UZ1&s&;Y^@Q=n^SZ~iKQ$C7pf+C&vPx~4rhTQCTiuC!-Tud)uFWi(!c&yMQo<s1CRz;C#cArU-V{Rtq%L)(>`l{;x_%-?R<-@Q#QeO`)R~MRZaRe>tK%?n=jmS-LJU~foB{8*VifZv7G24^;|^&)1QAz^j= zEbab2NQ7MB7BCo$R`Zu^k>Ou%ztstyAkm$6~;d5;|6u!1h`tBDO0r0Tjq zAqAoFCmR_yzKY6{+u)_sx^Y4CQjs*Wle`%^**q)#`N0}{=9v<$3UMIM_=|T`)keh) zoET2QsD$_d-l9pt*>?NkG z=0-PH%@+fxh+eK*Kr+DFcbj!T7<;#?Wefdu?<)-gK(etZLOlshm1Ul6c)4GHO#Ra# zoLTh_sxG-_U%HHbdnz7c&i4VA+tOnI1;E7FH23S4brQC?c@)B353n@T@3o%3tY|$*|B+n{J-yV3;aD3J>rraAHlldFXBna2kD5WdBta{c2FHN$=7`ikZ|L^fA$_gN z9oy1f$p=9*l{rJNCP{Zfe`&ovj`!oVJq6M4l}#t3>fqxSt0_HU?geH?ELo%CXu-5y zcTmqI9aWUsuns!o_>)hBk9Oym$tdZZxA!;~SJ%_tGOgTdkYF zYK!rYnU2F*R)M*Cwx``r;{FIPMNtIIhR!ajLZ1>w+*&RxMUa3UITvYZ={j(Cr#u zvJgWK%Vy-T6p}{W9+vM=B+I%NC;d_Tg(*i;i*E}&?DK2^!%eVO2bAws_Rb=RR5Kx} zYfTq;+hwbv)q7kDrHR7rrC}12Hg_cXti-jBc&&u)pSy{k@f!}IV`r&eu`#sciKm;9 znJLt_LIZfia@0FZs2M4rQ}%ky$XDHcbMLQVXtO%=0TkKIvr;+b4Es0Lv4o7Z+WR>4 zlUnlV(J4?OX}oq)Lc!y;pkVbp={SZG`H?n@*bxWCWv}|6xnnm)2%PF7)?e?8_Sw_-$UwV zL|Jr(N?rg^a1zgtWIl;aIrW@9KaAPxYFQ!6Y&IQA=EL0(@C$#@)*8ta8&&`n881?3 zTjqS&ss)j@h;>*)H5P9yY7Lm@sDI4!X5=1Y!^DEG0bUB)mQ>&mW5@?}xw3F{<&CyXK&n<<=?$VjBbbl5TG60kYKY~|j! z>>>9N2gBXPaQ`aQAOD#qzEGpZcqL{VEgKUSGBtD!Iy;IYWNcSq3{1NbNzKWrf_Z=R z-T=2Y*5y78W$hs9lGA1x|h{j(fDMuS^wsuO1?Z$}?@7utC|JU!={VB$o+**Ri_+PGz8T zlsNIJCjVG~P!s7w5d4KS)dZVebz%lyYdFZ{u>5TPY4_I(sS2m9!Cx#@XbDxDfs(b` zb6`oPrgehNJ;Nb9hIZ6RR<+pcgi(}5%9{`67w>?BJa*8j`<1=>OD5z+8ZG&|99?ZH zM2^J)@i-@gV>Pc*&E{8o>b_3hJ#XG1uTmBZAp>2>EiS9+^z|eCZBqtiF6u9>h&L@1 zCG1jeW-8}3!b~J#BHr;@6?TThP*awA*U9VCC7aXIJ=GI@*M(X7HR;$>f@VC*kSIdm zX@6$f>7wPt*%G0AAIs17|@xE=gq^64x__`yjO|;D8{*9DQv;F0j9wL&H4isB#c+{C9 ztc?+Ep-JwiLGBWhF3c~+3A|c<%F^>W?(%yc6WXKkW;>k9==QM}d@LwBn_4%yec(BY z>pmK#c#r=vYQk;EbF=P9Xp2~J9xHg+ry56|1GatcVP4ewJ(O56!0h z_2=_$l;1=R(qVpI3Lld&*Gy>9lUpCp(B`Si^0*ami}Fa%h(RwT_BqBLN_y-hTC6hU|T>S~M!jA<=h%*vmTe-LKe)0Oj*JF;=EzzCQEa3%T<*5|G zBouo5LPp8RQ0MI7t@K=TdvUzG?{07Q$dNpOx+qK*cDEW_0{aPb7w{%R5SziuiC|)# zehR6w%!KjxOWuCc@gsZi1*J%?>w#YTqGJCc;JvI5y?}oPK*;tfanXb+=!iTY=S~u@ z7p*%xX7Gmf(*3n1OMRct17*awYFm~y35!pv=Z59^Cs|Oh@8!$>IilcvgV3Qvh+2N%KTs{3NjB7t@3l9 zE<}a)W*9G&ZS316gEW{swDQvG7&`)sT)k>z_D`~h4+(w9QTx7zYrAyF>rV363c2W< zVoKI*2x|GYdb@YxZNgYx#tq6E;6{aOvYIV| z+LiW_pJ)SbZ)bHe4D7GKeKDv@E>y+Oo}Xxi6wLOx0ZgoJ_c_+LV_ZnlsGE8a1Merb z@BT>ktgcwL<8s8aJ9O*Fu$JpsG_}9GbVC>zt+wZI5Q6S80x$|T1LRm;KswM-^?xp> zjVSla<9!&D&B!8`ZRqxV_JFlOUXqSLA~uT_%Typlh953p=w2+c2M!<(se0m#iE~7^ z9t`klAk87@FMEg{A3%^B0}`umrqi-xFQJ4vY1e0jhe?>JHfBUj5-}B#{Y?a)P^#IXQ6e6dad;y zb$39#G3#-R*hL~expY09`|R{T_hQ1F5?V40G8v0L z`OZK zq~x;YDp!IZ5A{Yhhdbe&$wi&;bH{F8kjgT=fu5SKC*J%WM#*{{p}#!(K!y=mHJa;$ z`_AbtzqXg6;`xaX=HH7jW$K8M7EAoUMMymG1xQ(eRa2sm_i)cdp_ei+aR~qNuT01-Fq<{!Bl7l^`ca7u*mT1fm9t>Wvia#Wf9uIyR5}!)C z;yOXVa2_x4p?dxP4E;?xl$p<83_ldkvJ;X*o2p|8bPiP`>k)zX3YBK>_p^BN7~0aa zO3-&+Ynpf19%*CK@+McOUTVHUA3*^dVKEZ&shfOi<7i`+MD>#P61agbDk5WhIFIcl9{e9EO#q&_A zv*XB>!7%_&>mzM{>bh;3V^!h0t8&#$aP&~uzAl&8@a>}AE6>hyFgd%c^xTIs?MDL( zEftuID23ZM0`~*Rt6F5XAxwjeVWd|gv`j{IlHSp6J%Hq*`%ZsmG$m$Nd)5sVYFVFZ z39Ujre<@t5Oijbah>nP>&t?i!Oey39XST!4RCDAXr9aM)p{ObdtDUHLhZp{2Pv*c= zuSrIzF_}sYp&!4g`Pk?VV77c*u9n-QFCKDlW3VzSd3gstQQh(wip!S-ZuZj~NEnFo z<=$Y2v>?2;dRGxNZ@UgDonDR;s&^Bv7T+E8q)i)80HA`liywE!7GLwrdQ)YN9x>;d ziFZ@RyAk?7;>;&k517Bd#u!$3Q2ZPNdEj#}cbI=M?4PZKFUivAQcaaPoT-TL3@czW z+tR@{Q-H9x6icZxPrCdVqF^E?ham^aG9z&k8LC$l)NiWN(rpKguNM4=GM6rTW(wUHeNUFe+A*k&QT@Gk#q9lNmPxQU$c&*Ucm;R76r5FX zyofs$85*vZ{z30b=JT1yP;B^-slZcU2{ooOwLCYYqkxtEaMGcBtTB~L{ zLmBrS{l3$=U!`o3=1uTf<;B~lRlrlz)|Coh=I708kVzOS9ijcnEZ#@&1Ue@h8n)p( zC2@w|G!M{kiq)VqBCGSs&&O!)<87*4% zlN2UEL(ev=Ah#kUg6y5%Y@2?|;2FoTV@uYwQTEQntt#h`tj^otQ-h?Mx+zT?;P8O> za3Tq5{&^+j%Le9KLYLGa?@IXzWV)mCW1&qJu$|-^Kd5wA8-p4356%eU^ zOaR=367{zL1R&^Vs}A^2ClY6Mt@-QN6VjGf#}ldqXFnh`3d_}P-*gKA)i9Q;Y5;TR zjI-)+r@kKwEnKyTc~tnW1y^rCAtzO4xj8KB37zHGPO78Nx)fquWew@nL^irE_lowg z&Hk`WwV5>u%r+sKj^Ss9zD;bwYymNY$HG;=!`V_jprd1_E2ZEb25-(NqT6ZE;R^tU zLU&=^0PhTZY`c@HT^#1!?~!pyWQY>(_30<@?C>i|Gahqfd!D~w$j}8DWgUeSF@=(t zT;k#bg%^`n32V*zbV(lfz}{2Oj8cIGb9ip7diLj>mM>FLt+nls?U9*jSbrY3Ri-D7 z(dM|g#da{;FQ?hPc)Q{TB)J}t0d;IzN);IJ-QsiPH4LxA`&^4gp|Y;FT9w@u2@tV= z#95;Or}lyJj`me!QKX%}d>K&TJajcJ#d~1X%8EEV{!}GjCCp#-SkdIy^Su+732X8A zZI`vWp7c^!*?LTx%Ub`Vs2h^;7PK9sp$B{Mri)F&VEl#lSV(CjJ#86GV-fjed$el? zgZkp{9z<}zTUk(yFwkg{N#2Hd5^B3DvRmLHhPU|~$KR|SK7S^Qf|u>+7Rt5=kb|AK zNxK6;GrEF)S7R}XV+9UAC*)LnD8lQq<~A~Gl{4yrJxeOt^p2Qs*gO8bi~h52m@O^| z1iKsI%vK<2ifs~Z6;Q3Wcspm<@uGldcXMG&LGp%-vDbX1~%<{JS=|b1{ zrN%9y;aWpjUWY5WRqdXUL622-5boYR7Z$rmkm8XX9=SZgEcs`=-qw?#T7i&;ay{`c zC7dngkSZH%A2+j9<*^VNTG~NVUq%9>X6DIYR;m5bGX5y0p6i_SukuGjOJgWQI1Sg0 zAFMD6B+#x%7|Oafb#s(dKRA1R>eAnH@v8sFJJXJrd3v)_J~)4b>%d{Ha|DdT1X8FW z6B8$nnMt<6TEaw&5W)<$IOm>(H_p?2C_JHF2}jht%&abnrL7tv2?R4H?irsa4;E;o ztq8=z2?$j((W>TaiH+S{2RWg(5^fB=6d5VLAv5!}-+t{RC$gdCPj#GquQi7mbVVw= zJMMR?_h+c}S$^0d?F>OWENiaw8$&LUwX2glcn>@Cfos#z9^>+} zxb{nf6kQsecE@LTX{H*(B^AdB^X#P_6q_A99JM!l$2eq&n7E<)yfFvQSid2B>-O=- zo{Py}PazEs)8H5fGd-k5yyKGWqUlyU%{H#G&iU*~7+O$ezLBjn=OuXd5yqbC$dfA=_=+!3O9W6S}2xGpio0K@S5Rz`TWXf~c z>sp`YyrUOyauT0UDDA2^j-`Ml2;Monl7)#JwZKB+0%#{D>_q7kw0t}Ye@YeikRS6F z9UtfC%T9=70ee-Jld{-5qrFf%Yn{{5nWy(zUZ@DmoYHLFI_rMupvz~sf(@CeREn3l z7q8RoA0}|S-@H3y-8iZJW?-|J6_=7H=veu#Gl?V8e=bGJ*c4>VuhQ^gUwC8LXM$L= zN%A3zu}tFEvja}?Gupjhqm4srO105P=sL?6S;rMeA_uekFsqj3KH~z{d9yunIH_-~ zU%D%wsr6sxvgqL>D3KOlyCx>U{muT!Sn={H*L(P#tWgPODVdNr5ZMOws}`HUhQx6W zjex+(V!}WFCS*#=aQpcM#w~Zfsk~e6EYrvhutc3 zCRJJEvOMTUV6x*@={7a$$)ylxXmgS_siWlHPg3n+F#|`^v)!}{U6r?Hw_CV>L3PqR5>ZR7!~XH z&0Wx4WZEuC3rNs%K0W6gF7_aD#ajuss;Qz@IbHjKt6mCxyC)IlJI($6CWKRs%xlDt zRM4b`m~8@lPg_2K6v%;&Ql+E&K@x&S-sH>0sx8I?9jAqR0yK+z+-xLHoLKx`PR%cx z=WN2Z&f4#XKe9dvAqD5-ukHuqA$M&j0RD#Gof4TO7SkG8cOiBXxvs49;G%>~VfleC z?HaJJk&!EVv!XXGRu8D!5N_X|5I z_pc3fVZAAV7iFZNQ4DFn@Bf%%zP%euJ11f2{f!cIK{)!t#5>3~8LL z@al0PaZC+XI%-wO(%9Q*3hzlb&=~GLc6qe*fVVg81+hWq9Rg zZ7+fPt!Br?;mlV^Y&39x4j$_3xkc`-8*uKvpSu>R-a=`6RSZ2EVFqH_~)fTI-Axe6T4JV+R#{se7vXR9$6p+M*e&iVmIsj7wCgr2d$1avis%PpondxaX>avT zbC0K7x@o7ui8kTN_SODW-7I`rhEX5#uKHo+px$cB)KTFq=3O$dQFIs^dnMPyZ(Q8RlES$^VzgWqbS1#;) z4l@{;+RrtuisQj%>R5XoPM_qFf(fH09e$UmU{FlK>`bOUsdM;YipvI< z>MnMcE`~$9R-#HK4JpAp`A2jEQbk>M;$yEQvd4ST5`v_(ETnY)8CEM)yv@q=-gB0P zt1&P9q*olS&(M!&JT$%@PN6RNEplk2UN+!`z@kPcd!$x7cn=$I}9PQRR7a*AE z&(xIISMNP}9oMQf(v-J`#o~jE+Dl0-x>V^V9*-#TJixEqM zUtptvFF@oOZmA;W;3kP1_o~!<$c%Lp{MPKgJxHgB4@g??DpPruc9F)y!soHZwK7ha zZm!BGenGix4ZJ@1A&DV%pWs!S6)@3}hF80U-+8S)j_n>{k(R9EXJK;Xk-$j1b?c4$ z`g{_A3m|)i*{Px19dFzh8rzhZg7X4ehlk3g#2Yy_=}!y>;edhQW%CJJI2R3d@anzf z&wlUn-Y#_K!U%NJefox7^FJ+K1+fiuusnr|B2BtyicTEfV*&BS0c0l~#R;S<#S;bL zM}>i2PmoSM5Xwk{iJxiHN7G(8${O}hbh*+t`cbHc1ZGMCT|zvFxThLBbtS_wnotV(*=758JHItwdyJDEu%Q zJZ*tbh0++qv1k8?YZc;5rFDu|6kF!a-ydPtEbU4--?LY$ivmFOx~pGJGn<$U6`yR+ z_dv#!qC3M!h8^^C-LoExEdr_+{=kt?MdCQV9x%UwH3`k4O5fpVoBfytvfSmzVp{|V zLs-Ma$EvsrHm}^78t`tAq3wGM{`rcy4Tj32%kzA};ogt6%|N^N+C}5aYg|g3!10fC z@*oXDkNJ!-?XharaL^P8ObBM$fxce#vV!%)3( z9#*eeakBR)FUo4S8LyGZo(p}ztS1r6p*e^x?{U-=wFMIOd+Cz!Di4+y>{J<@ObMMd zwLw05r)eA9F+s_8T)CTe^t5uGbgn(DW3nkMH=!Z_QQb^zVqNnKD555|QAir_AE#C`YK0 zS4(kFu3A3oUvheu)Re-sMq@I-RcNttCOi3!oFmSCjy*~K4jMH;-Gpr`xvU zBoHvNE{$2VF@3sB^9PL)QWyFCdEVPW!wE(kObzgAoU}?-`I|*^L9|o5!#@=mSKViW z5^ca#5mwUVoUJ4?n@Vsu(Wv?KRtGTe^jm6?qGK(z02VDODfKz$vn~SXr7hq7x-;#7 z2bPV3>XCNq6D6vjRya*GC{+~|l_3telC0mA$L8mZbk-EPAH}7^ns`6?9$_#Zy?W&8 zv>Xg*X_CPk(qxGGBYQK)%_j&WtaGtPf_HnShF<+V^=Y@0+`b1w7sof{Uw1NaqRtJH zYouuT6q>0|0Y->{$kh-hS8Ne+9A$lTUzN6!*0fKTXjwy8)Gq}z7BxO57M z9{{J&b27Xtog?<#0pM8dznm~ZYkBsI8Ff#;5^2z;z@)MU z(ufM{VqNp$4Y>Us`PFDpjeVZG>b>AZrKdq;F&XquWOxLwI*>kEmU6z)MM*Vdpl^Wr zUP!(g**FB@pSkY(I`4B)P>;9%xI5B3x^?&`QBNiR5D5!5LK$c4G3nLJ_n}!?Moh7< zfbA#~7Pj8C=&{eyjD0r+?dCc@LB7sx<*kogX!$r~S2Jm2_ve-Nw*E9jAMa1Fnw-D3 zn;<>uom-CPbcxC8wjo>m$%*%BIvbS$iWTD}>BHNaAn3InScqs1dm6G~-L-mwVa@G3WuGZs?^5Df{}tYpo4|BetL;O6m z!6tzf0-6VIV06@f!28^LQsYokab^s&YTS zY=4Lk4&n#y(~c?4*ULX1C^v;Nl%1G~sV6^J=)U1`B((0=_$?0Y+Af)2YK0_)7$IxV zWYrs%{k8FTAJe3g?T>!=DPO$mIuwx(bvms=eegU=j(gTB4mbyrH`e$1e|-B%^!~1Z z|HGxwgMoi=gAf1?Iz~B_O_$}SyB}l>>9^F*7t_fSv0S=Toyd}ZVPAO1v!~3d^(64* zjU|tH$75NwWf`i$b>v)~ng|he5hO5>c-O#^6D#$lK>r=}m~RKJddE{nyDC_Odg1(T zW}k_@vA%N2Ry)XV_;hpe=llA>F3qi%e3?O87U7Tu?Q4KyqXcNSz_+ii2>o>DxZ-T_ z9C(VKU%IatSxP&OjCjE0Q4>qx?O%?&`L$hYJ)r@&r zeGzJcSjz^v@Le>4XJPYPinQ*2=ym6UeFg&MKC4RV!h3DSveGQKfJJ`|XVb*Hn~&#_ zE)~Tmn)(y7g>nQ5*r>QK!SvW`u-HWa( zT&2^rkN%#)a!2z$bZpwM8=Vq@-r@vQ?iAh#SIwVp>O95|a*JOV^%9+O|zO zUR7MoQ*$Jm&mQJV{oG?JzKscbXl`kxjuQ*EoZ}&VOt5;P7E;S{Fn|X=ZZvMUl5!d> zM}099>+NiS8+99{u-aOiMG!AH)SP4Z~XoT+rV9zb${OeRH6zXt$|tU%MTO6|1- zvcTi1n$F^Vu0M9^_0ZfjZNmIxH&b3oRo>-d3bo02`+ApIUP?RlIo*0lRRF;BXUNmv zq$~-ZOk)zlsxhoASp=}tthk8w$CjTy18=HM4@7?5rp1QzX&0}$Z;MQ@0_$N$?&5kM z6Y7|!Kd>sU_z`?Z_ld{Apl0y`?p0!dsOJ#7#f1r?cc_;To9I04nxfYNv@AT+Yo;^Z z`r?auA|5Vl8S`quPn#7LAe28kB3EM{Nu|SGRf=_06CQxEJdH`>*#e&k6DN8-4xOzJ z=+lu5NIenP-T@n|%F#1)rv#9x-4Rs-l6yq)u1>0^&<$2A5c*vM69Q8{e12YCCvMP1uDwdHdO*z1cawe<)yt_f0AV?^35Nl=NY^OJ^SP; z(|6j<46KA(Ig>UzXEubcyvolHml29J-d*e!Lwu|su*fOyPve2QHS6uc?bK>^++qY% ztW_DcNnot3_y~k6=I8gPU1WQ=DM0xAkMu$RfX6%3AQwp(67)P6z!zM=2Swkb0X_U7 zX`dhPo7efbhLyhizFEa=I4;&|Dt<4vu6x3aTRCXELtcFJMv)|QV4oiq$}+cEHvZ11 z6w|R7Ht}Fd6u_18t#_pcAUj>rxFKYW6(1x%F@{d_f~Z0eaxG7hD5M0x6Jij8Ozdlz zP|p8R`QR7GC<;|SGV{-DW`PVKzqn@`)Isa0g@8?BFz~i90Lo8)0xcCy4k~f~5F-s>mOrcvS7N{lw?=zzQdHk(56|<8KUzcUu_Cv1Kt0a z4lE>He?*C>cF?Gs^^N!12bNAD2~x2cBw%(A|=F3V?&jX%!YI z_B%7#GSu6eR{>w+Fx{JlU3CksI{B^0StRTWP*lFx=}bEFwOuUcGLXM--!zmi}O|H+WjO6KJU%vxecv=(1G{^CHaI|(@EPd|5^f!AD`lE6NF zGfq$eX+n9nPT2wQ+f!~iv|kRy&gxJvlD?ATMBo6`~fY0nB=3WB#WlP z4{54+{crF=3{W)RgKukhM;3-@vVC-7T^-`o482eREUAkMdrtvt!BH|MOe}!p>yMJ| z2s!G>V6u;XvR~Za?rV?Td*yu+z&@2yE+ArEYfuVVuSdVD%>*0N(-ae~cYo!r+{ecP z!}R? zH?y*0{M5Dwqsv08!HXvkC`AFm*7r(xhT`S^YY26{E%WyL=&i5P_M3e;v4a=EvI56S zOkt*EQ^U16_vh0|hD+Q@+rwGjfkS$7UtjzO4o#Jla1Y6IF(!zxmqypit-Pc?*V$2! zB|VLEl#oQ$Jy*Agq7Rxny9Ef-lu!bc8vAp!Q6+Vu{Dp^7&ROH?=qw?3vZ|f5LZ(zs z-!q5s`~QhBj{Ip?(Tt?LyYViug`8uf{$T3V^PKNEdxe5qH+#m$;vuzY)y;LpMu@|b zKn^93K;I`2dbcil`bs>8j^)L(kkX!v)A;QQ%aOSJQ|SBqy-4$qbenZsUSn>dn_ofX zifSqp@U0|S%~oc3Y)%~7?yFupQ4gBNoP?UAHU|M%uwZ_ZDZ_2G%gfoLWG;3?n zlc2ptj2G&vyfS-yH&1-WcSH4U0PPww;RBnJiwy8J`kqi$%hoWKnVx%VDBK?)(!)9h z-o^|MWT+xNaT8a)HUf#Bm)4|a+pj^G*h3=4)+1MA2dx!4!mYC0hz9d?vLhkod}Z>! z+PJJn{7<@lce=uF(bP>rl`h#ei4V+grkHFcmpgAI_tYBb%)Sp%ZSdb!UXFbJT=e5n z8(HyGn{5u@j5Ka#+WKiKmz#8ac0(jVd=)ph#&z37%7}34c_YAxyLJvx)@plt$R2z{ z`nI+xgHj4oW;NHPhC>750nVO5XdZAsF1O?HRqO*INxdH#Wzds3DX+Ka-_NgVGD}hT z3qHCSgv(pgB^zc(QqvBH&3wk*?0UPuFA;%e@5S21HS@^6YU! zujuY1cbbD-bPRN`$cYGj(g&-#_ea4-m$lX>5e-cNf?0O7J#N?cV)_+%ht5k?YEt``Q$RIs@N5iiCtFZk)5VwZa@*_md)`>JS&I)u;1txlkb|s{#g4!^zpvZ zUQy(b>yC(QUPVV#$kfR#eVyCcjTOC{K?>BJ0GjKfVSIdWdXtSX`Q8igJb|WiG zT$BtV5E9FA%d@lI)5gz#(A5{fy~HPUcqME01~Ga%7{+g@b_kKfSQrfB4=)#}z&YR^ zHGU`sjC#%Qq3uOYmokS}wOf1Wp#rs$JJ(&^i(L-DVF>~?6d5Op{Z8>Osw(u#G0F1bRcSY9>>BUZWTIt0^)mhHxAB?4Rwe5o93sUx2 zBCG*;txR?q&=NG1!(J`qA^%h^A%m9|m(~s}|e;X+V zk)sqSG0?g>rb?q(YEfQh%S24CAmNWqqziom=)jI>2pN9xd3iSJaNBY4hh7R((;dzQ zL*BtH){~CR^iseQESlS1GO(TF(ot7(5@2%HCWTO9X-y^H$TO*`a);O3Qyv}V&&${yu`Y}AUi9ApjD0PeZ`u9w zCxqui<{V3lAB1k7NRhJ8Q|5s9eO8)(-gUdj`gwr5;NXDnPB+LA#F1a%0QR9b^6;DV zxsw%~xP-;1sQDb(0j&6D+cs|I&2or!D!85M5Cr#8ZoGgsj+bL}7KLLuip*sb9Gv<{ul(y`1-NBHK-%bi1;5cIN+{?ctiJNVrQdm@7$Cz~X=S&<-1%faM7NBtpnX zuv{-D&rEEc6xmIC(T<=SbBZ3EJ7J5ND zU;vVkS^E9vtTAhq1K(WQN#>xo@`F(4WD{U=yD^ zwW*dL4aTmcrBWNWl#;iG(cxi{GGH%!-kh68&9Hvf`}&$syoukF{7`VBN1D($=!S5> zK8a5c&i?@A2zW$edh<^;HBla1>_1rZt62SkE*0O1n>*7yz&o;Ms8X78lR!MnDwR+e z#vYOwC0>`~<}jD0F6|$cdoofB;;%kQOi=Gw6xiX%BH9%d+Tdb^cD>pM<33KtFH{!3 z!&?9fI>K~Qu_mE0P()XBWk89yfBKd3tNRqtBcyW_7TmU(xW3C6$t0s&+J|^^9h;0_ z&Y=ac7wMWqKIAn=NpwRXXvL}vcyNoKa65Jyj(lC|ZO-lQRsp##FA7{dUQ^nyPITc; z2Y%88LHK-n8aq}BW8C9zod4rQ0O9viz)-gOLin5fyoX3+N7}1^g)mU(jtPUqEU&rUTBbr>5$Fa%vsZ0Xia05o}FTh~9W7vK}Y~gHRhDE;I~6%|5zgi}z{07!EyBs_9sGHRp=$?BF>{!LNb$R|}5M2hLSRcJQ6- zDZ$FR00RC=PbBm$s$jM}xWW$>VVxa>W6n7pZ^Lt+r*B^ z_u8wUA*T_r=sAePxj|r1Fatw0yrp}y?i4PA=kTm09VXm(iU)?nZ7So7uYnUM^jpHP)J+eO6M7NI(B&)nt_4bSE$mtsrPT&;5y);} zE$_ikFD(=qysJn@uW!IDLnh$G`mH&Oshb>+^)3aUOR=_hZ(r2D0`pi=9S5JbTBzla zp_B!8V}W{BnCnxLyvLK-tUPu#WL`??@xJM{Q40nqAcdS+6%%U zV75aAZ$KVi@y7Q%cZVz+^}8%!<}N%&U9tW!vvGo~)29<$8cmTb5M7J^Y8zfn#R9Xg zLC5xxZ%}cpiIic~p+K9{(t600@H-=%Y7f%EeD(ZOXLeSJ1!fm6x6|wlm716{h3I#a zeSodu%Sq*XLt((d^fvw-l8KHAoRw%ELw`a<2tYPs5Lf$lvNp`|=V`@GJ6*GOQ((GH zlbcE;Lp+xw$~;4aY6KJD_Ps3=MXHf$)Rw>pLo%&r8EWCxxL3q>fP|Qg=Ql~qX_k+sMhJ=C;5v1 z!dU782g8ME76nO~sv=3BkxzZbN^qmDNRqy(csL>-{tYj?)+shWPc_SBg>2kOZocmY z*tFK2ghpAfPb^|m3cfoyLn!o6ul)k%5BNNOFUW{>r;p&xJ){HTF_GWHkod<%bHA)G z{65dgbW$^#<9~nx*fXV1UU&PJmu>Kw{Xp)wV~37eZ;ij5@A(A>bL=&VKF3uUW_5_M zu?6e-KOcNf6oPpK5oZ8dG#YidC*!x3!7o*nm7_RjDRMuB)oKkYp2!SF4vQ_N#clw8 zvuNh~arj8j%HN;pw@7yb6#e!goe&DavzNdeH}fr@m-=Y4GWSTSu8b#!?|Z*#OBqI$ zfuat`|5tqP6Lv}BiLBb?M-fT&^{Am<5-HQu7{qk`@Id`b%?*&`?dx*M^m~&ExNlH| zW{8n~qrX286*dSD5?xy&`-uGY6!=?PboF=>|8)y+U%dm~tz??+>gS-~K#=~gzjej- z_@A~wCXR_By_3{hj+cP2XGmTOG_n25g8#lRR2)Q_LP-^M2*A`u121bJ@)CmP9{}Ih z-;MIY^C~i0c}3Lm^3kuf!2LVyJtFY0JAmWuzbtm(lv?PyWBZ?K)#Cwmwoq@%B3Z(` zUITTAa979xNz~sJ2WV(npboSULSPK2y#!G{7ks<_SIhp{#IKPGcU~qA7F+?Sv6~o# z>6iEZU8Pr4z-9SZaPb537m$_!a`Omhk=)1seDL{@4a|pFhyb%rEgW#K23~{rU3%m| zF-RXJ(2xoMo@G8| z|5OPZs6&oQRrp7)BPUSjD{bfbe_N&!*}xNjusO*KLxA)m94#gaFmL`#X%8fzFR|X4 z2ifl4??73v=$ms<^R%Pl=<+WB`M{lS?-S2@#_4elv;i0lL$vh>SA_P07hNJ2|0 zRHFmrFE7!+J;qpI!-*-u5(o1Bn^9U>uKESJsc>RmZ;ol`egc#Jo$BRb5Ty;4lQ$SC#2HZbE zE}4ISyjqc-`PRTk`GD(}ssY^MU*NfI`=5@gr$UYgjQdrWi|tF~?3S)vi~Y~=%#i}~ zX)u`FSO%ys2D)2R9x8Cj{99e*m+9+3ox`hv>Bx2$EC*#_lDfeETdf5o<=IY)9~-dw z0lX2M4S26Q|993+BMF=?!GB*3b}F>g#*ogt-p0791R1F^p_r;vuC8NC-@l+1D{IpbBZTC9$wD; z!V|jU#er5mtS-{afxPg?9dktA5n(KfLqTjx)j#czY|Z-D zK&@{y1y}w@Ut4gYqbpA6UyXa&HPOOAD`HkPw10KfWqB`=^_Vy6{#_{yX`0Xa#xV~W zy)P^H@A6+)f=Bvt0S)7Cb&q}y3Q@9A!~VUHX?vhnx+eF>-yWcP91lb-QzNMUry@4s ziI!lpzbXR#tzWbPC?p)AM*Kg8lml6_&)|RG`PUa|22hhx6ULz5OaBFdLK1L)FI!L! z{4DgY$l_lYpvzh32`BIQU5Fr60Vucrr#jDX3dyMow#ZDZy^#5>nb1hTBZznfJLrBJ zAS+-PWX9ICVg5Z|F28u8fw4&ld7Gg9OP$NbApw-@`YAU0H;p8y!Q7Vo(EL~R{}Q)? z3FJpr`2Q|n6e-`wl=ye?a3G#XJvRJO{J;8Nf)>bE|J;1nWu~hn9dm^uzyW{67TEpRP9D{NQ)_p!wUv(j* zFCS6o{(V+xfmyM2z5ejG)lN_gOgfvQBHQ2OcnbC*X75pf`2T-e69bL-FkOFfHAG}I_)KW6#HmWvFR zl7Dk7J=Xn=)7h7rI*$qd$?@aPZ#&Z$Uk|)CMe445;H_U@yUx4@{`u!G?F3$R&1gwt c-R2l-Os<{mR)mt;74Sz=Ohz&3 zHM;ljeV*rw_xO%)|KS$qo-5B-=Q`Kz`1JMUvFqV{ct#Ns0^CA;LfZULRzW#F5%32T z$|EMqXTT~Tz$(CJ?damlD)9&?*#R?g4tU3eTUTqAcC@!(6;R;k zhw||8@S)ToEZny8W-d@OeN87DOD#Qjm&bep?vMTs=5FEaV&mxWcRT@p9$_ASR5B!r zTto;=g`3UX^Y3T;qJn~@ig+k)JRvCRHvwbmIj<)kL=?3_z=V3al#B8+Bq~)GWYtC; zgfXG&-%+4qE$%>|=#LK}cTvBu5Tko!AeNai ziS`wMkm5o4(BT4*cJx6yNV7IhU8Wjib1p>|N9dS zF@8a@zx(}XyHL@;KfbUrceVa|0wVvMh_!`{mGwV2AS{e#B8P-miikk;|Lb_70)qd4 zhPy2Z(fqH&;Ry(#ke8S!{vVb=dK(f^87vLKgP?zKLzwXR1<@ZBA>^pNup6j=DhfOS zvHx}t)+BuYZE@V9sLl5+=u|n#E;>{ZLJh9)8X8FrA%_T}Qxze_x1iAfemLCxd_w3Y zC5R&Gx5yP#&wFArG2#EdUjaT*6!N_yno$noS1G9g!H1wK!~W;MrI-I%2Kti#gc23< zUJUm<0!>Q~p{Pt&g}l6p@4AXfMKhW}$dQqAUvIJyDiQEMz5j(=PUkV{HLBs;I>`Q_ z{CwstXzhIBMUEoKMTN&2avG#^QH*l3vU1@$N(U)gdM_4k2)^+0sMzxwAnlK0e*&MpnD zW=CZIHTn*^#+@qSf5*H}_Ic!98D22)-zWY29Pz5-#oeEF&`sZbe&^3 z{@FPR;X7HXQE_3-68EpY!6yIvw_tWrqb2fxcSk~muW!iyB-VWG^<8@72N#fkKOnga z3I1;jc}7MkXxNOEcF$&BdXlX_7W?1@=R7Yw1oge!<6?rVeFFy-kMs8*J(( znQ%Uw1^APE9wEZNlk^|MBLfrila@$6xhegT_eZy3YcT9z(!Y?e*7ZDjC!oJ7t@s%Q|9X6 z3*MF!5mtE562#rbV^L_wudZRp&9YO)mQH{>J6 z3;qYd>u>8KTl~Gt!h2^H;zM^D%QsyYPbczl;* zhwk8YTpOU;6 zha7*Js%+jXahMc8TsS4`jN%boRv*x7?j&?4P|djdao0oav$aU;G1*4~zQk_3NXzXYY z3bRK1I^Qo9?3g~e7Uom*PW4>{x-FWsojgpPe`OK^9N8rE-0eX(3y4 zb<-W)ARxb`dBj}th&NkVzLLMS#1$u0u**irxX z%dEJ6R{T#?CG?Zk)0eROc18Af&0R|ToiC@mL@pN7JWYLW#~fQG%CVY z9KA-XjV>i{i%Dayth9o!KD4liMu{4?4q>Y7bzmG1*rQnn=I^mzjkdXe0S`t($ccDo zuLo;UB_U<}{mZ-Gq9a4TuMp|^q~rFx-9E0@ybFcsn2?I-?XWS{G9|bC!Qc%vt)SIX zU#7sbBi@3b9_xN5X~LZ9bhS!}m!(y&PJVA6)zM^(c96o^X$_2MIUvI&ZYMAbmu6nE z^#I^T;Zpvb^9AUiE|qrsglW%~@#P|oN61|&UkxLw@2i1+4alAP{v3@v`X$a7hr>J?Dp7K7w|#8H0q>#l(g0GDz;GZEo>^pQE^CGL()mkAP2=U=o@ zNxW=zGEK$*RdSt^R7F4A_R^KGE?gv&{Y>&3vHt1w!zFzG4t&>qwY9tzi?fr%INtdW zN+i}p1#$NZ3aANR(u^0MJf2AwCHdr*52NjYiHntRUxl;Z;N&E5d7q9+F9|Ov3utP+ z1%h4+>2KTL*2tKyPcefJ&$B>`Tp}8|e1LV!Z-FFLLY_P#e57BcA${&pxKVIX>epF1 zuVqWeVf*MyauoE7P|2Og#U@f30cFl}ZKIP^Uk9lqm}E2CSBVydxr*78Rx&8zS(bxUbD5Ehe#`2{c1_Kv(jsHR$|p&V3}q3Y1y$>pQG?xEdRKQ3eSo8 zDMF|E6D!y%jFa=L3sKGU5~wo`1tnU*t&UmKMe*F4O@rq;oSo8Z0*64JUWGud-*z8% zo*IXhNY*@(`D45c1`l#X9}+FoGQL~`~pnB z)dHKq^AzDrN!(bN+@@d^E6Hn2I@<@!nZ@ZqYH_*8Lo<@l^k#Ko^#xecD?)$iKln!i zZ|Pc+If>kG3nosQN@32SmH+20{2fB%ikCcXX1#azahk3yeuF-jX0eHHw_<8OX1fpg z=;_AFy)?RT0#`C)Jll2GaZI3)OxsI9`|NZL|UDNvYg+(7bEQ-dwhO=+ZZTj27R{HM>gj!`4@rodK46JboI#hJRq3 z5FJ#Kb(e9oWw50ZsBS1De1C2t)}t&~o~<85zDh8=|6@j3a4tbiM#GSu%_}SZ?a)}R z2Ha4r#1S1_s$IG)UdzOZH14$H22D{PpZ=WO2#X0261>pgPi$2w&HA}G)Q=GN&5#01nL&KvSdzcB1{m5US;e^ zvLpX-R7Dai?ORh|QZLTa|BT*-@D@3_a;^JX#{D-}ECl)rJ(0HSJ1YjSG2d)oeP+NP z7}2lEN^`ZDRJt*dE-zR0boCa#_aVK|FxjWN+f4M@!r>gzt+TC76PQy}y;j3CSqH$M z2MiEiHdWy|JO8;^)Tg?k4Gerq*~oUihw*VT;mN`%uX*Pf)b1O{<+POm8>fI@!G_8W zNtKV-e8g16MUdPln_Y9V6j@YEcu(?mqHoZND`l#@X*K^g64+xF_#g*Bn(BD2B`T{n zlD2XfiDBulPc?BDL3HKxPX)kyGe>Slg!XO%SE`Zza~b?AYJNxJZ*&+NXBsyL4fN~G z(h~(U63T20*w=pK>l8*(3tG;Kh$;lg;uBhv&RvgQMz(x8uHaTGqmsDv#YFmYr^WG; zEcmx?0j?KHNn?iu?_pOlNwWaiRD9`_y?QQ_ zx>#-ze@(YiLEpQ^?BgoK6(RjJ61ICGG$LAK(2R!A1df|en20=}ir+qfY{6BsWB5Uq zCkv);se%+XEV>yct6q?u?mu=UVRBUrO|HemhC)$|Kf|EYA^f}(c)5?PFs%5xj!|rYDnx&2)@tVfu(lA;&d}GBGkDBAr7V8H|j#(Wn z(I{YgSQ=Mk8TiG(Fxs2)XKc++@gtkj^RZwKpV(*W+SA69FNym=n z);C}Cc=B!q1m!A{_bL^kbDc!`PWql5>0Ee4mR3Fu=BNo7w{-A-7nVzs&{7j)2rkX z#k0XlC67?4AQEL+P)oMXYq22(TY^lMN}}o}+M&4QnWn&Ki@m{aE^q&aw3q=eJ_%!X zcqO;$Wn9YmgIX(e_VBx*7Y*W5)z24 z7z|_iIMrWfqh&Ml>Dd_n*Op)RyC1Xe4vNJed}T9VJ($57lQMzujIzlyS?<#lY#HiQ z7J64eZQhywX#Oz?wU`{T^ zV(VXF^wbh(RZhAO318ce z#nVgnRT+XWzIKfvKX$?NIN!Yl1sxNOtlu?WQ<>cjixoM8I#JCttvZZr>z* zD#i*1dj94GKYSrUo|(>&ydBg#N@AYIWbHW^RAdMe;Wc04#qWO7pN8oVGr-ElEG8a0W*0Fx`@^lE1h#O+xx~$OIL5Lw{?aI`FRs9Q z{^7GXr?3i0LP;N55q##W9;{7n8m! zOlHJke)&*$kHu?>+xG`Yi!B%Lcf8Q}_rODvs<-Erlf>P8_I{jK z*p;}p(XcLhNtsxcnKfOp>8%q(QcIZlJJEqjl=0#*+f!R1U$719R-~t>k-TBDUKvOw zfF{?g6l((f4DpQ$FsOqb{c=tDT!Y+KhCO``OJB}d>Nh%RwdNODtXe-+OAwBJd!06G zj#`0&(yOM@r}ulxzka}&itR$9*j0lla`%_sie2JmS6Le3Mne4r%J0WYxGZ!$U>$ktU8OTRXMLPK}1Y;zXI?m{1QYLvC3jaCV7gk(C^55j=te*uaNu2 zSkN5=0TQTtPw8`nz+{W{FHMq);-Ct=#Mk#Bh;kh`{7MorYuJ2 zq%Zsvvw)e#k?PLM{+QXEnG51=2>0Ee6nSS-(g^KMZ55tj+nn-A5Es|#99o*HuU)Nf zrXN*Ll=y@BUf?({-%EVw7l^7%;ELHFNJ$cZyums97n?X$bt;Lo#Rw#DQ`#5uulcOrF5^OCScm1xI3@!Th+A=pk4n7RI;I5)Dk4Iykv{ z=M`oqg&yjDQaaN`Nb*TvqBB8+SBYtkkWqliKV{VtEpB$iCAbQ-h{Q7;vc>Yi@?mNv#)<( z^nd80_>H%FRHF55=+@J#I{1`OCcxLMlYSm?QYT~nz~Y}XFcQduG$L)?e_+K1D;gMS zy_KC`T$^RZlgRg32R-ya&{Jiq^k~S^viP??fZ7 zkZrB~J!|^qh~dzKRh4(=?Yxb#rXy=QfyKhM14;x8?s^6D?dCXhnpJt)8p)cL5(Z#R zo{qqVN=MZ^25IbSV-zZc4k@&m6$sLVq2s9OlV{uWoesLR?Jr>yq@G`wei>hIh?&-;}=SoXNApej;P8+|3(2DT%kBH5NKbW0Eo5m1JAIN&`tp;Mq z?wrPbkibuS47d6oYq5TT^G;;?Uj9ZICjCqG-=JT5Gy9$zp7qFr3Pzkt#>{TvA zLgQ1p1Ht26$_V?flY4^&HvN&FLWm)*6ES`~!07o?f%Hqcszi4{;n?7a z^OFS`=T=s9Y(Zb`dW~vP%`!*tnyChg-o^EMk#T}n9~?xe1ZWw-8dK0&~C;4U@aQ`taF`UT#`6KAoxD6L0pL^SxwHd=`7Dt@*o)Lpam`$Iy9 zkV}JP@dtO5v7s^!6PNra2(2qZ?akL_v5~d7w1ofYa~Q_uJE>xeOScqzb_$<%(YY#J z?i1}NFQ==N8{$i~KNyyYP)qEwa8JI4di?$onX_wN=({(n7%H`==XtW(tQwpo?R!Ke z_@2OjOUaK6#KOGw8q9-`q}3gFxPZD`_UJge|9L$kUw6}!ghs9tlt&1>>z>KRg79DL?WPwg|*6Q;eA9B zeJ#1FpkLYEjq7-G5xDTR$p33Q=7fUCGhU=XXIamEI8DKbzp# z5aGTy7B`%&p28D0;Tu%9)weCMcATQR?ztY1GH+oeRsrF|d@%0`_A};9B$h40@Kte^_mxj$b6tG;nI-Cw z$9C1+@;kW`b9iDQd_iFdmZ)vX1L&P=ghF;BJ-47|i|JwJ-BSBp&~y;sa71;-hE9PV z6Ziqt=rppOm8Zr4VwivF8{GPlpk;B;PnPkZU14i?RlWo{?oiwMJ&J_paWxJDhC00PH~c3yO+C87nDw%dU_=+zGQUqL$zp z7?D#K(Q!`01h9?T+y{o};RMA;f(4_&g71I@>;AJ~2zP4T{*-sZ4EDvOo34w&APD>x z9kKjrO`(XP0-F*~@fYiM3YFPr*QM-I6G!SloE#k!c&;Yd2yA_eb3XbgHJ3~&O;ULM zBemGrz{Ju}VS>-mQnqswxo+%P!|9%(%|sPH7DnjRX90+**AYpi_?NEK6398NNY^>s zAu7d&Dl|DQ{9H^>E3RuU`MBGNX#JDLaZGPXiJP6H`I>om^q+M2`r%W+PC5^0C{kZ! z$G9!_e2L|qtbM_IxLab;KKtq_Pk1xEcfmk8aOv5pDksV`$PTeGWOVPxm3xUxO@=o_f#hv9qR<#>roA2*~IW9CVJNTwt1+Z37RO)o^H2_Gr|7PwE!n&;-pK<9CQme4kvm=;R1N9f80%~G(l}C9~5o9+qTHiqZO%bV}PDO zWxplM7>#k+=~Yw(WRv;tA7AEoBEw|P^jtSKQsn|VG%5{E8I>ryvisZH>nLRuTWiDdPSlh9VI`*| zX3#&=V(ZdlhUV)=>%P4n@wQj$@350RXarXth++6gjh1;x?Cb4kK5ECJ7`rS z=aIows<`}4_T-?*zUfbbr%0A9!Dt=4Kaqd@exC|d1~yH`{LJB9BN}k|u*7;0K{9i4 zl(3<62mv#KYgCM0VHLCXFrXL^Rvd!G^2yPQS|P=ro!`)`)|B^LXy3@}ZZrw!;jTor zzM$7KTRo{VD|B@<=K2;k_26g?IWb|Bj}4`fvIsG@O}tDWP6iYGa?4RCJy$(N8fzUd z>FL}?1!tkt!YKiMP(Xs|Dt8#;TX0^Sl!M3f{ehK!0WP}Kg4&A$#~R37|67imDWr12 z71g8iw6a6vHnY?cG62xARE=@)R{^Cih1&l5WTri;1}SiQHlrGGw9R@R&5v4W555cw z7Y`mVhP4O{XK3g2ZfQzJsvm^5dKR4l+J7=79;i9C&8(AAXo}rPr#)imXQ)9KAjT~X9 z+s>E%a-H`$fHB5FvOV=nDyE*teAT==Si($+F$vROpf7lMv{J0vDT>0lY;@|jQd62Z z1Sb`7SB^V7YWPN^$((sFxmM3t)te7jTo1u$l{?GFo%eH)`XZ@%(tDA~78Pbt#HT_Z z-)<*nB6f4u(8BR=uC%d3KbFSI5h_oLs^@7&-G+_%-OZ{j<8A^=0D=cP#Wzd^Ii%0a zv9JMA1=cA*r37AK`1RV45)VN8`+*2EHAW@4)lQ+6^7-~g%!7S9ZeB?*tK4APNy<8( z0hvzWg1l%XXSA?8*H4SmjG?`x%u#oF!{8+0Q*X&G(Kt>gO?6+HddAd+cl7@l?hL`E%{Ntk~z9bOk;pR4i)grqst2oD`8_5_MBHKxWc2mQ*2-@ z9MKrmXI=GK+o7tDKBtS-Yyr)dYb-PpV_}xJqQ$z}qUT?88U7gk4nSpaw7D(r3a>l@ za+=S0d_G2mRR(Z&9v|Zb#gDeDRak!y#vf=uP^LMa$E~O1xW2k%O1x?+30+g9Z@H2C zsD*%e3yIinOMv;gTyv{Dr7?@h#Pfii)lsc3v4z{cWCad&n+h(s4p|jf*@kadX2dzub#OpY60LF1J#YjR z*_7Qu8dfOZigY2qB)*CD$X_QAfgia zBeamU1$;`uHA4LRfWYv78vKYI6!5`FZTw|Eke@`kZhVw~=jRXtdjBS^L!2Q#xX!gj z+bx%eUfHmuj+Lz=PeXN%kFq5x)Y-S$V5+Dd$e>DZkGwke!UpbW-1dzPV z>U}UdBUlkWA*x98W>5cXG?zYeQ&W>>z1QxD#+Gg9TO`y8ELc9~tHnet(1gDqs zHv$T%S(Wf(rpNagjYH_9oOZ?##nGTPjY%7mWK*CLFHEx z2nWq~oD>DuSPdr1nbsC1UmD zWV_q>Gvu-oicL)=mObozzwz7{Br#6FJEXd<40Wn|_)nBR|9M~R;735^az03L;_j=~ zLZW*kaEk={idHX4s08w8i5+e*koSah<@l=SH$YqP6gQsL^#0C7n?znA=kU0~KA33g z@$=I5;qyti;nuU`4aXyDB){3~37_rG`Noa9ZP+Lv0Ht;}=9qP>P?#Bc?jnELaBwBB zGL%hmPCUU3L`O0756SfLmTXr$;sh1nUZXafhXPz{Gg(v4uhwv~rRsUSR@u41;5kdG zfy#bt-;*kb9r0ZJ`0f$m`PqKsT;us^aqw+1O@j(Mo0n)Gq}mAP27|PbiRTDRq1Z5N$@MVa%%Fe9&}Oswo=ooDGPDF5HC z-OEliI}ia?pw_twk8_{|)V=O57D__+0U)u*EI10*&(9m2+C=~B_sq(`ev)V%s^pTr z*TuxnPqsras1Y3Q-p_bfNNd$#1s1rHa&Qt9hw>rBzQ1vR#sY2Z z-fCOLIKSXVtDHw8p&{fh?z+ebu&2kpuC{Y5t)mb@qGeJpQM8&%>(dstbsTMmOG>?~ z{7~x4#PnP^UPsF9r$txIB?O?-_L>G%NleUs_o){Rha)j4PPz4WvK3&#C9K%pKaH{n zKy@Z=K$_c+-#0iSwpP|ZyWK5=)+T5IR?dv8AOZdK$Q5XA40IoqS_$PVCeTnG{mzLa ztynsr9JXgfo^7Y7VY_ErQJv?58%l();dclol#peV6=jS_y4-S-l@7y{Wd(Lha_v(SL#|?Ic5wh+{Wno)0t&Fms ze@ml3R@cEA{mFt_!mHkawstu$A4kTs#wi>fgTop5e%`CdpxhY`wE*R7jMUypx;dw6 z&7o(t2!EFmpzr~PI^EGirUNDiX)jPPR_VxF(_p6)9im?OseZdlLI6-~HsckAtDy3A z9(ndIda)22>#%#cVtUSj<4s#T#6dz(wfH#FV26cqz!i%}KRpZJXLGBc0A5rAYWz4u zG`As}W5Z!qFoTRqmU@aq1!~D_dAzcCAYWHqh@jK8w-LE(HEEJP|9%M7>gxDWh7d3o zqH)6Z@shw)=6!QF=sFufyGF%5A44h+U@HO1n6MkdtQqCQkA!{sodtiZ72cM#93xwgeZvXv<8R~ zn~l-tVGvRzQ+OV>3mk+aed1sgwXj{RCspNJ6%N-Ul7ewwA=>*49_61)q#rInNVeP` zsS!B(oZV@HgYVltIch7Vix1KqmU`AyQhc@oJ^8fB6d3l(Z1%#TrZ-m>7VEw0_wx61 zG+dW+vt#mrnk3AU+X%3XmO(N0HNL8)&j##zkYXN5svI}sg6R?lQ}=N=okO?C&Nf*u zpks);)k?d)k9iI>52ohQ_y&r|g;+wOp)ev!88SXRF`hF~>xyNMvn zU4kOdeBd=XxvAqxH^r7NHm*ImE>?Jqnh?NQiskaei)mly`8cb#K=$Ojv?2~sD5Scy zepy8nc065?7_P8%{9rgLUZv*7AfYB)xwv;4;RDE^n#ynnu~Mt<7{FCd6tEg=ogXyI znBy3VIM2ZG(p4`N^MY{#w?ejVef`B_1!#_GW5a~|xIOEJ=Um!GKcKEWfBh-j*8&Z? zRrQw-_M}petYvbmR;=D2(Yxd<-U5H)Y|BGG-jg`OO>tZzvL^fCB0Y9QS}%xm#oj`i zc)E0jKw;nagV(M=>31A`f0w8+6zzP`V|Wj}WA)h&lI4LpOL6tRTT0yIRWGe)n-b6c zksyeo_!Ja(kLKU_E|w9`1&*5w1uTGKRp6Z6v=lE-2U%G2)miQU~_lqlWOBH#jmBhd31@daKS;FO(bD5L;ueC(Qsoh zBr~xrGd^Y5+rHqi2m^;#7N&Ty)2~jO1f`#3 z%VsNiNpR2mbk!3C!AJ8Z&h~eBS2(ZD4~(FDf*}M*a!AAPQXU*W`JQkgWqWf7JvtX6 zTSFs3<0sv*^ew^RUEldk%1BwvTbdh3PYbDe6d8QWawk8s&#_bh4*8qi&z|X(m7$Sd zX}9(WVQ$-e!)Il@zMlpPZgfucW)Y`*eTb+4VuscatS*XPrgIICL&rY= z>>u);r&6V1dP$rrM}z?QOv+s~xMVPxm0P&LP~T1%Wdc{je8;QL4W=vJAJfC(_&iXX zveZl}R%$OP+d^#z_{LL(1Rn_2y3!^~DXW%#cMVFmx2?$aha<%F`ITNa9qV^vdhZ*G zV_$~Q6&nd9D9ONAy}!Oa|4ybJYc@=2>>AO_JUX&j((uX>hK2P!Tq4G^ApLPwX5}Id zeAW^D7GrSqjWeDi%*e-}ZhzjIYgbbUmBw$_#L~`NOwvDFv9(SjHFROwoI>VmWyfeQc2ls9x&-amRh7S@fpIg^cLs2^$u8P2gM|vAvS3(@V z^sZUN>u2Z-)X+7Z6}$}_uFkmG8iauhx)0Q0#>WR1d(0Yaxt4@ke8Y!gT1R>jbrT49 zXC^i@-nIssS1{AHmaB){`!19aV$rOtr7$cD=o?ko_5Oluon1Y{H&^Nx1L|lvyuOY| z?N4Z#iL*Fn{yj^}RTc`u;qtsVL!HYO2t$2rsL9OSR9!uWjDSYOAu;zsCN`HQp<>Bt zfu=N`Z4X}(w3r3=5UUtaq(HIXf2FJ;#owdsR+^U zH`8jy@2}tv@-hBFBJl^7Q`yh4gtlxWSp-4S*OrApYO{-sa^Li-k0-4ddP^fwv&QkH zAM{u~(}{O$lH{*Pe~+018P4JzoL<~jN(APnbaYrW- zsPaK9uHjbhq_j6!)UWJi6-n^?c*)DK%=(#0vWR2ysCyQIgMWLaW~E3_A)@n_CR^^Z z=u$wV18qrGz|f3_OF_YW(@3vmra;$i{*r3c|a?E_wdPpCf<*@hFO((cu zT3?9$bpu~1I(Q>Cl#<6*bcup10fXl0a?LigFff%9WQVg`r|n$!FCqN>CS@1*egoqa zIIpnEh7KM_e9gfT4Dn+N3rp*ITB%+Y(9b_VS`nt@)+^ZMzd5chbIM}Cpcrzc5Zw_D zp+c&OOtOIDU<>dtcJ7=5TIy0372&M(<3*N{IHS6U!oU$pIUh52orKbrgRr)Aq@Ags z49)B?<0ZjKcI)Msc}=+DanJpxyvpRq1DUF5O~RX%`+Dh*7*?M=s4Z6>j_KM4$XkRU zhQ>#SxUe+sFaIxHmjBa|;iw!9kAN^Bx!}z!^`74FbN=w8?4o?DWX~*f*ii{h0It&P z?H_t^Wo%@#tts9+aQtgQZ-$}Z?rUyi(^f-FT|qHltQMU8THX$kzc&8C*X|ks+Zjn5 z@qD_P4NWc4A~@haa@hls#*zTNOz)9;7){?@s1V$ls?;&tQz&HcLx*Ahwp&oN6oHr) z=%*eaNR53{r9mH5<*kmO?D@!LG)*Lg4}a7u1&W46LS&HB`J<`CTQ%gcg$xBWjY)-# zF&lRWLY?y}Ktv&UlP@zbMGW$Z9

mhP$iAIy7nC(M+IN9h^pVfR{5;qxgn4lj>-qLnje^;n`flaFaqVT;*g-qhbc;z(WpGT<) z9y?VIv|gZHruI|66R+p8@2P&6q`FVeP9!FsctSi&y2ltWDp{XD4T<;iyBc}NYnRxh zX9W(K^{z=B$>zFAXi`fAj?&oju*BaGN17J9D6>X(j`VWF4XE@IENOD$p03QZSk|&Q zAo{rl-ByO6ZzBukG7QIezO$|IdcL#`ABB$#PX3KQP;ntcRcK#qRB^mc%@gGyx_nD< znaQsio$>azkC$w;yvCv(iu(-|3?AzTP21|Ap;rbcMxC1J)Ywq*hGQu-gh;R1dIoqi zy-*c4mGOpaRnYMjvUC0Ji zubappRXntFM*kyX$NjrJpyp(Up-&oMp6`^C+&jp#ZO(*^~R!1e_ zW&8`%ULoU~Gw==ub+9wFeZ9CxZEq`{OPWC(aFm*RzAuA}#-tCAU4ta#hEtUS4>b^v zSIfX^Ict$Uynd0J#!mgPWZ2sB1O4TqwwOTX!#e`?%&Ede)2Z(>Frh?HE*J zxcJ%AmUQaAXBp<$@r8r@8wxl^OooE)5`5IRKDciCsWOr~?J#IRvC zzG^-mk>QA(Zm?)@DHMzKiRh%!>Q^6*II~MAa_PL^w<<7RHuBr_Y>TqgWI$WHRI_}5 z`(3R5HERm45^f0 zRezB#kMa%LhZ|HGiH&E?V<w{*T7# zAr8Xy4uvfy;jlf-?0Mt)S#7J)C*lc%l?;pam@E@mUKTq$D398yq~n<$=j(7!y9|y= z8m#ICiRF)eB+dyW{3Y`b!Li0%=z{>CXDiyI!QlV|!FLPt2Qonv>GF-L_+Stk2CXr13kyX44M~U(dk) z6(}H2RX(f$g)qQs3pj!XSXY&rU$leliIOgyU4V?Sr-0C7QX#Sk3)2a3;>R~r z@&iQChqkEOY@aD#zH4Io^YS2s1VHNx?_H4)NCb!!Ps!Brs)t4b*~u+0ftRE}8+gjQ zV_gLx|K_0lbQr+o8oJ>JxcQ=R^XU-cjCBtza2Hj_*fXXjr;#|8&QA(N)*$g5w^PvB=v2yDL9=y z$CEskCwbb+67$_M=Uj~^TR~-ZqXLdjhjcBOG!k!mT>7)rN<22rdJ8S{@`qGx05OKV zm#ER#zag&l!jwrU@RxTmjf7mW*nN0D{%CLG-!_jitzFLy_ z6C_OZC%)$@rdcIq$um{bWD(FTBT)CqU0ex17eFi>4!DXIGIdF&Xii-odHES!>DfC2 zI9}mmz@r%hElOCFvg2aU$24C=f`G*bBk#5Hw0U{6m5J)oM3*kHl75&(oT;L6HzWGS z2EU^a=qzIc^BGC5fn&Y=EdptRJJ~7~U{t!%OhxZWaSd9i-VLdp$D=^`G`H2xEAo1< zDo)5IGUu6AsioR>El|_9PE@;CjFs8UFMt;vCt@YXZixQ40H-jAuYwl>47_%iqkBhs z&v1-ed!6U@Y;JZkhhS}XPy4qwG!nTxlKT@bbD)qF@;KW72c!-JBqN$R1(?!q>Ejme z$_X=*+L=&^;J7Ty$1~Uvt+c@vz(hU;{AcJjYJu-Y>6Yp%LxmQTHEvsgW^4n^X#1DN zY!UI28hwH}yWhP#B$SKibN1;=Ya?kSMmK*g=irQVfSlzeuDfReYT9ISJpa#xKsvZ^ zhCJS&Jl+0!mA7SY+|hB~J|syaUBQ0$@%is>#O;$WrtRr}*jFfwV7o-7ec&C0ogCsv zi|H5p*@8o_7{l44lLN7#U58*9F+e>L^{9~xzR<>5EJR?czxI~aA$%d(yQ|=`F=gOd zD|<>5jtR>mUQ;!U+PP*H@|%7e77>i3+bF2IiC2wV;`+5E+zY0D?EpT$(5EvCB7qDe zR!0iraJb(A=woh{0Psu34vYFz@J(WwqWoDE#kfS_eS{^p>?i?*ZCfy$%QO?eWx<`Ga;RY4$yVe#A zw=TTdVX_~Zfw+gU@y)o(TlY8~iqI)B+1b6jNc~;$`UYn89_Y(~cS9i%BmjCFKx&DT z3WK)@q!-fDZaIm=KJU^<7`%`#<=XjT)OmZnk6Hqk13X2C*PwyKo2}R`T&MT^1i2ui z_M*mEu`+EWUMhaA6cAU@R1)qTIMxZ=uxe5NF(46*ZuSG_*6|RS%YRsDI39 zaPl>U5Sq7pU@(>C73(i>D4`wc)I+!;BHwzFTVLB++b zyfW_!x;y4wfJe~!WY-Tztp(JcnS{{QuCeuwc!K8D9FUmYb^98*_RV3`b8pnDvv=8c z)!LXrDuk2&+XJ;%j*X`}H)r~OHQGL2)bl!u%r6Y@RQn|LZyO%!-nSHIy=u)g3qqkf zy~huvf8?60g~e*dOroB(esQl`5%m*zb7=HvsTI0L?W&6@AnULLrQ94|^EF)_VHS$v z!GC2u&Ue5@CJvlLaI%bHQ0Z^f-2YBVidQr|BDP*N^N1qU5(^mHr<`#1YLAlSU;wBb z10B+PvkXgIkG0b<>Fm0bUMq#jdsmliNsS9P(-dt1|J#KfQRd1+T>PYHpYNaUi|E(F zfL=47O9~AcPsJZku`0o&k7@#M>5ar^RT9V9OLISG`W1FURcCIW%UOV6WNs z$>-47<)peOT4c)On^Ah4OkTacMvvfoDAt?H`vZ`5BvZeT{fuM)arhX#PVtBOz7LRU z&RzM$P_pOsp#GUaxW5_t4wwm;0=(JeX$YR76?^XpCaWVvWa@6c_dZW%_+(6)VP4IP zjbs3oJJ~e0!8PGT#ax zGGrqEJJ97s7fwags3AbRWPZP9SCwI`TpozPrA=@r9`S!Zag1U5&Q2aIN!(M|y-WJo zj#}nr9lxni09Z{gynisfcTL;&E{kw&lL}&E@nVDJ>f$~9BNwxNtxDv8hf*-2FGD%& zvkR!lR0Q4{84~<)fo^SVXbG*fPZhsmRIa7zA-}up)fh|TT)B*Llx8^!Cf<6>ZU~UE z6TK9dqyqFzfpRK+aqxC$k?w}B7Q9)4vnco?INN49`FUXKvWz%%qEAOc80^;$br*6` z2pTbQ8+?Lv{^5VwOTc}{mD5*m5U<)mJrk%QGK1-)rcPdy!AA1jyFig{j_o;;1c5fM z0Pw0A9$WA*DK?Pcg=UJ4s{3xc6`ii=(AQ2XhKUW6q2J!1v#s!~9=oECJNTtwI_~#{ zhM(-#SY)uF%cWw_gLip;a4#XGq=h4G&E{=Zl_jzgRUNh=C41cN7- zP73w)-t>3;dS&)wWy$~)nrc$%US(l$8_<|9M}PbXAw$+IG6PwwQtnLG;A$@_zRV4Zx+^~~MT@Ss=8as`}I@KLP{ENri%>LT75AVQ|W>nwk?faIX|SCqep{N4|o&t9OIGT80|{bi!|)QWKAC)?GG z{{G~SD7_gh-UR5Jova~26Hi_GFk?X3vO=d1I&5^u_js?f#c)N)#{Gk34y!P9EmU$# z3Dranl@f%FeY;fGEGer}_4@y8`WnG#6R%vc>buvzJ!IH|BGLiZ-UqaJW!ZOaZr4~? z^`^=9)wm&7BDt72OMOL$?84i5YCH6IuLAgBCne|)V(PTTmsgkO%ed`r@$=RJe!b_0 z(BA0~GA%CNrr%ak`3~NFsc&8_0_W>qS0%m-@-2hgr9gnV{bWZ0RIqv@%gBevGd$9( zoVS_AzHhDb&H?R&kpkLFXHbK;sPfjcAPv4@=X3z#UtF4R`yn-NOeui-cNkO%XK}Sf zwP40&T;Ais=+^M^LD&K|+CSV-fIl?&%s(vMfZZQA#ona02bSQ*#dj_ z@}J>ZdwyXJq7K3z+=%E(l90#@9-8Wfmz9eaOEIuiXHEPrdRlWCx z|6So8fR$M$qk2B}>JK*;l31x^I`}6$_Ea()sskWl1*zxE^EYLlEsB!XN|&P;&!5J< z$^|mb2QpF66JZ4gkx#qUKiQ#`zKy#P!Yxyut}lykvue$MKJ#S}+I7EOF#krT%0OvX zQtm9^`!=4(u|+u+8sCJZUfTj5Lr#GFcX;`v%+A0kV_I5ZcTiKx1-C^uj#k!NbGp5g z6`K(gwkoH>?h)s{Sj;-l*k7k6HPvf!v7z+Vg~j30P&U98l79lOlLua!Ac~BuT&}!* zMfIFzg!c6v*w}ziOa$9n5Vkd;)fpaUm|0y4*~MKdHYxH|t7hoc7CkqaQafZp`&~R< zOO-FijB^KjR|+aspn_UQcrJHEhtt8W5G$}NY1rS+w|KE9 zymd_UBhPo|x1=|gQrUKPP8D|o3L3X-j**6HI?scma*E~CO_(w^t?zqM5DmhxqooB6 zS04uL?H5j}501up=}1s~kney3diH%^K?0hBTW?#cOV^Z3*sS7vRRJ>@RZ?Tw8!F4s zBKU*{QVVXm$xvTm>BZfU8FXml1nDOsNQ1(>0AAQ-@aAlf zSt5M+&84_j^*kc$(E|zH3WAbYDp) zzaiwMQgGRyZgJboIVo%0T)LfgUU zjYZy1N$x$1)>Kt8dl_mkU%Ya5?gr1iKK{usGE{KZXMqNBm*N>z3E)C+^YQxOg}_e( z*Zn8=9giAke-M6a8n%wFqDa_$l6ocqpf`@h3(El(qiguZ>!DtzCEG4kOS)4BUW7#&hc~+JxDlrt+n%*= z^Q;qkGl0uo7rD3ag$R8^U2rmNUAGTxZBp1bpW10PrWJt{~6?&OraIeSv z=Uf4h13D=(4!D+V0JA?)#qs345B77PAKTy+Aik7T$8To zxgbYx?ICN^z658TWV5}~=aP@kYBV~UN4DPulmGQZC0Y>TR*L>F# zQvigi&V2&>C%&Xw<^^x9P8(Lc71dt$3cpmWlZs))%O56U{G_N^_Zc90W@qkoDfEbV zF6EA{wH8cu36wx~N(HS=7PyjOiLsrufesa;iqH7Tckgs+YB)5gJjOOJ$l&jEku!

R)b^o z`d!}7IwvE-JkyxDwPdhq8iYf6AJ`4mn?zdfu6k z_A0?lpzDc7eDHWKy42W6w`$xSBFH@tLsFi$iweMT^A5hj%ro_d!84lT;F{{W`mw{v z;fp(8bE)wkE8y(0OqDsS-!pigqn3V{Aids1!tu~;^NY=D#5oRHnF9u5k`j-+9!F|P zm+aPor;y&M-JNtQZS>WLTIFs7{9Zi^0}ei)d*$+~;L`_1zlwJU_L}yMI0AIy!OjaYdBEf2u3dMsbz1MkMF*_ zX_aUq^}4Rxu=Z9Kov3Mr;7bAIwj<}%@mq~7x~>!59Pap;EhhoOY1=x?Q-B!eEsR3UAb^ES>aNn%&nA$Q-@xoe6%v=s?N(= zdn8h~_XzbNX6X_F+Ljo%s7#2vSh4#EVANn9D*Q!bw%C+6<}=y}ier7{D#+pn&7;h^ zAbZASU5@kklv(o6ma-nk#NyYIe}K65rWQ7BUk1zPf#wV(*5CyayypVpV~6%M z`QjIu_EM}yuwV`$keyNzkNQY;FGeo>dmm|Vull);oU`iGQJEh;450s@Yr-jLhb>lh zh z8X6;2v^Z$?*j{cpaA09HJ+3dcK!_fosQ37a9p$F zM1cn6++7#IBU173BUIp#Meqoy2=0UZg3@szC4wK3$G1p-^IqW=%Ls^EXx7*c7Wk2q zuR#Ci8E!_=;s7qGQNzai(R|Q859COJRK?j4DS+Cr|;cwocPU2^3OthXT#S?7k+A|+)r-rE3a*7 zYdAeAaoSn$8I=5hXahg!^&Jc@6cney27|;zw8^;PF}xsnycyei%5X@c3L6K_HT~_W zC@l`j)1Ul=r9el@08NoBU4V@b4dIeA zfA+-cqGP@+&$5MkAnnGf@P+mDN>{T}1u8lNVt&{Eq0~8oN%BV^I)Osg5e1w$vt3!S z5#F)BWUojZrG0nbwSkg=KhTXNb5BchJ-Vd8r1ZhU$0SdD{sZz34x={3z6P?U#gs_! zp8Czkk=1AvJ-afPeS8^2cImh2e}A7|A?{aRpGXf@f`&rL|GU~H8*Q1`h2UrY&|u%= z*_qc~`26Enm6Jiauw z`%M8w#J&1tdhjnu0*lYjQUOQsqq4YX`)8hv4;`aYQ1L^tbr2T%TQo1wJo7IkXhjLy zk5d|g7#^31Y6QX%YuDw^Wqxt>r#P(9axjRr4QkTi-ism(B*p)J3No}(;{?aIP45+K z@UL2a7g^o+&3S6>)Ro76#zZ15?m89m&6qkfj3;i3r7&xw@LOTB_bB3FJfGZ$>jle<#H@+aBqzs_HQQt$@=_;%i4d#j}#=JiX z_fI!H>GBiK>&z+Ji@lzRm?Dw^N{6Tv>ito?`ydEvFsCBu)y}4*o^CmFElyT+jBY% zPo2mZUde;~Tty%V_<1K+pnViI$72UYb@8#95tN?nFiW{W0j`LQZ;}pQT)Mc_oN3vU zvcgL)`?ZSa_4K8HV8O%4NOo8PaE)999@!CYd~~LLbh(;zb;wFMyBDBuf}1 zBfD~?U-*8Wq(>O1BzyND_6c;KNf0dm>OjIMSSmE&jZ>%^rc&aLb2Yv%*r)RfCuOYD z>IB?Haw(_e8`a=Y1lavO3{g0HH6XMv=njdmmKzbny})=V@_335fjEDH@>=M{nZ zzXF)9z#!7;FXb#FrLv7+k->ES|z&dQri>qK56oN9Tupq{7I*N(PR~r3r zqCb)y&tZ>uKO%n;GE!Onss|WqQd_uTq zgJk|@Tyz5LAphP!XmEa6JrGI$6Ax?zdk6RjP@VY)7w7*sJ`Va#*aL;hYX8-~0koPE zx29nIt9ucII(XkSUt9TWP6zr^cw?%C{N1gg|HQ9bQ75~dqUo<~95@95%L|j?{C#Ww zTgyXWu}@5|hWpnxKMWR^64_MU-30N#i6Q^4>zK78^@&L!s z=(r*Tmsr|lO5*Nkl?luXVmD~%alC-6a)R|V>$%WyQt}ao>gx#%(_S@H=56#`FC+fW zP68DaC=bzZfmDY897qfqm(h3GJgpN;dHXN84S*vAb}OtCVqNmRa%?gkSk2?gD?C|l z&a2Z(u0KiDT@+J_K=xM)@szm@qU_gvE?6nrOu4ZXXmyS0K14q+n@cR}dx4le1L{u` z*pqD&)Gbo*M?ZA-y#cAw`uEg04bGFicMlG_E-UVMGJ1@xUriQ!ib}ivg!=V(8f0^C8Csm+G zfP|{^HNgO{gU1Al|bqr9vb2(hou$GQilRz>bp+ z2@9Xb*3J^VlJFtW{6Cgj6xd>(Wwwj{=lkWtOT1-(G}QG)y-MxWP46=3dxR>eAq!z~ zu?TI;w(#)jER+p-HRmrY0H}>1-jm{I0IX9Wd%gnxV|p;!)mXZJHqbO-!yj#3BMeEF z(3T33uL8$m6eLB$WaA&n)UOVMGl<`+hx!!+cro-p_U6C#V(9;3%zy38f9=K4KUm}c z;>`!Ek_}$v?Id!gNmG~YX@!1PP-VeVy zEWWJi1b~9HPkHnJ9R<)j{KD?N5;H_qFr5p4b_VMGd_Dqcl%FpPce51`@lQ$RSTCH7MuP=O`Ap8#6^^i37=kUuW+t1alMIImVTziVJp zziJ)z&j%Q!4mjbh8rAk0!NgKZw*e$cD>_q~(z>1}nS`G6X7tXr)`NYa9~1ehO6mUK z)a|zIHIl#su-Q6D=3gP3uHi%J_qPsnmAAUfYEPMSsopVWat6jBqmEqxy+krN90xiq zvTFcQ(Ul?Tng@6d9IOH+)q@rTBf}J;?q^7t>?<56{P&mgp8*U23rr6jzyJQ++;%uE zf-BQ49;St?&BVy50HnR;bYq~)mxt7yFiHtf{~o71)f+-b&Yh%QUK=%5^!lZ}>Xz9W z>J~dIUs^|KWxQY49_=m8X#(xJJU|T_sB|)woDMjp(jw%JF{lFn^bNc?Y2nlJE+G4A zxA%eQshhA3p7$XDYjMFGr5{c)GF!0#)S(TSe%b@a02yT8Dhmiy-;#_R~H>Z-0h>fOVerU$7&0J!6vTQ zeu_kzr69varKrRJNN&dhTpEozJNm~m#knT{siK|@AZ$p0va#$YKlB13kNLJ32A}rq zZzbDY?J>O2kV@#%V#g$7TDxE66t||@&JCCwCi*z->Sv628Nf(&1Yn=)URI2vVO0nv z7CSC!jd9%7W-ogC*5H|1DjV=W?@k&;6ax>8l&I3&AE0qKWEHF1nu4J9v|eif?U`%X zOatF{C^~ly+`F9xjb_0L9WEI*=T%b5U}))-deFDjoXfwIJ@LVJKr3ZK@v0SNwE%#9 z11bCf?IV!-*y>$j5&BLO&OPAVy{#zsjN*EAmsN`zs>SlLN1eSTkv;k^PW4ugHj6x1 z(ER~u;XD*b^&$X3>7%rqyc^0G6(@T49qtcsgAVk6uE4zRDhMFAx|snE&)lHgDq7fP zLpHOa=fe#OmGVTlpSF`WB`jj@8`VE2YJfhh|KVODWgu$HmIWMH27rW2bd8eiU#7V* zacrP@dAru&XtxjQ%#D#fq4V)ry=eHD@Ej0Y*#tQUpdUw>E!dy#7CwEPBX7<@P5$sO_Mi4D#_{hYBj7~jVXCbsscOao9Xdh zvSgLYx!Cz^XwssD^7BYP9m3RaGf_Ajz~3&ETlI*fUis%zYF?C+E(a#B{1ukpd`_-46pXM!{^B^epF9Vrb=R zHI@2Roc#vJ|Im}>sIvfANl@c0Zo_gnz-tuP5}TNO?L4EX+1d+iV|JFX;5j2gdB#nX%kDoG>OFVfgrs1au1jl(YZn_*p*Vk^}T4p9W&-QvcOX zTeI)sdg2sTfS1h^omt^9Mn};u-jmn=S@a4$BKw5{YYmCya7Koh>zrDGSgtxDyImb4 zeZkOZKb;hGOJ}}f%#k;I5$qqKxo&|P44Ze_&9W+s<&Q5I`B^eY+$X)P`|UZ6e85r4 zXS=NL<{EHyhGWk5wtzh?P=ti#B5WH z25I^o)Ne;+HnX*-LJ?dILIuwlwkn@j6lc1^LPj{PLnAj%DMr(XWo*2D2}?S?1>D;h z)8Qpc+uMfbZLLq*(t&pBDKNC3pO_^G2%2pFSt*Gd3E`gSqMLx6Q?^IQ|S9xLp6 zVgJJQPCO5awa0uX&<227(Kb)Jj~{a)A|kZu5L_AegQNlN{22?{stJ}@dUh0DQ5MBm z^2HTkm{N1Pz0(qz*a2-L)$mRE>m}FtA4Z~1Ze1gGrFEPz{9`vW%WU(50!eBVgUnTv zb38I-#xa5rAaSZ2hmXn@nMr(q60DZ(o!tvL0I3lxpCmdNAPAKVgZQlYMBH=g=E7y? zPGYjqzl+H-tI9FU`sLTg08xb>#MuG{0IXcwnTbiCD(cUji?n(JD7ljd8s&zs3(M%3 zKX1If&u{!f%yGl>zK;pmMcs?g`h4GI$c{5QO%Q0G#RBm>Z4heFiD*uqxVX0El} zC58NbVj~oy!KvH0>R_#_=f=$EOOcA2?*?ezJVVimR6kTRmjNi5Z&mYIyktmG=fRMH zosTUmfK1&5xTiK6Ln`)w*s+MwE!1i{kn)o4zl{yDa0+}r9SS{3!TF9AwZdGICnLS5b&*V~a2ni&%PDO%N3-4(zSdIz!K3rrRNN`QpZIYyp) zGS`!yY+tIvz^g~JhY)+dFkC9QG*&q!Rd3JP@dlh``GfPd*<=rc+`AB4$Zv>`?94U< zIQb0vT9yLW;^DDsC)7RwN$4%V^tanu*F{-1+{%p)HXnZJOa5A=`R9cu^xs|3{})SG z2rKZfwhI5nH*3klDtA|gN=*fUSY3ij;>CxEd$RNIzo{;hhQYso<5?IPJ`Me2w*vrO zznwUSF$cm*7w;Yt!U$L(sV^hi1YqJf;rh}Gq>66<%|qZZK#;wjF7A}{Q1zy2G_ha) zReT7HT8B=(q=3)FZfOi^&i8EgwOD(rK--zk-uI z_(=vLMk(Da?}efuIs{?T%OtBdIc^2Kjids_XkoPUYBR-2IR~)w+^5bE;p+zIx{|oo z$_In1EqQs+XE8m;`j?geS7hS@b1t>7P|+OIoae?lSQin*)jLm4FA!5am7ngSIsa?3 z_DA4vJck27B}ruLitV6!v%$2ahSKsnc0Z{dX;48H(9>Re?AFE3dn- z0$^jxO#VA}X#vEM&$Qkc7EJ)MNl{g$$QUNb1(>Vrd1<|Eh1tEWP7tLnfksgdXFCvb zxcAZtlutaQG16;cu$Bc}Z<*A%CmtQ{cik(<)Yr~NE;oQYJG=0_Gzp-*)xk>X4NR?2 z>?_qon|7sitba?hmJ@@hhfCRIwlMe1c0nC|eP0f+uD#QXsga;%G(tL_nhf0jB&7hg+%N9UibKsdeeK|h{kRg&mjHf$q+3UP>9|kJZ zM}~5k9R^g+tc;J0gFU5vFBYSWbZ4gU#LKIg-<3l%UEghu-FAXXaS3V{s1U4kPAk+p)7kQ zP}_^84QZZA;JL$d1{{!eYWO#lJ=Ok1VRU8EJaczvzUP4Zj(xafuk)cK4 zG29Oj=7w4NqbQJDXn0_GEC#RHIL?}R&@LuqdQ2MH^X*lqN!Vf)k>#9D{v+1>lYvl~@8$VzTQl z0#d^50KPvHe#6kUa%KXI#RXK&?F3vIcSN4JNy`Y^gPzI?Wovu5Sqk+?w}n%{G9o+& zIBYoh&Ea6y(u2*{?rS115tvZ?hXVf{#RvOTC`NX#-D2sI)8sgAo*|#DTP=Xki#U9~ zbZ@HOkEOL2EIc1@ZHJCLhl&`-eknj{umIp?PIjfryXRmisZ`GskbM1SN6cdq0Y{~_ zdE+f0_Rj)x24B@rP+27amD8J9Z(n6Ie5}djGA{s_b1PJ}rAiOqm}B)1PG}c6^f$m! zcnoMa-e$8cBj}lXQ?Sq??J@vt0_{t z@f@nNfk4X*)Tsj&&%ak(7z?`O4uk}RVa&S9o}$9?8y5)h-8=d;Fg z9^NXpu$XAygk-!olq5CF%<=?2gtR%m&vnQVp+uC`b`?IQpr#H5@yO>~7_B00c;?0) z!gY=);yizGlJy~|`Dv$S8oD<;gCx$9(G!wdvHTiP3ns%Y)ud1Zcg zHa0d=M#d6c6sxf@LHJHwzS^S^<%uj-cUk|h;u{W`=#hILp8?%JzCznYrG5*iP(v_8 zMjjmgZSJmG0L=Y1lo^%_ zcI6!*%_W;y9(b(7M*u~iF9NwmDcGJ4-}y0KB?_eY6IW$K%-eREnNTbnC*xH6eVl(j zOq#B23xXu{(p!uWhiNi~mfai~f*OR#us1+TC=OhnYB04-Y4<8>LEYe0>|Iati%?)Y8*=VHV+lcz!@N7X2BS<+r2^~eaudB{^D=mWbvnu1O^|JnyZR8;tq@Y4}A zqcGw_1Xc@5|I73pr2yOvuKTm?WE>_yG%8jk<#wHS5nEe)58J3jnY0R2F(mGuDWdV% zQXwAAPAjcF{uT^q!Kf^=Qi)K~LNWnk%VEe3ep^7V#(_384*VBMxE$D9+uK}p2FH{6 z`0TrBgIMujd)3n}-I(_Ud~>F;go(Thi*pHFx4y;=J&11;xqDjHV8tj6{nn}*K9I0v z@2I0|19Gq>c}WnZ?$*P&N*|9U%?dqg!`aW-m{>8NEqmP;2L0nQ)k3aEJn*KucH)dI z|Hc{p@Rg!d0ac}#FBLEWivvw+J#Q#SgZ?lNL&Jg4Rj#A&xD>Z{X_EM!AP)}#P%PNm z1x=3>r2WA_#4RtS{Kh`l`&Q}h^)|wZfIOATJVa7R2=1Ff6%iB=>3OlRnSfP{$O z*FmY#1t(*kAK7_EnZ^EOLWMk#I|u_)Jr!*sW^L}x76wHbZ?AJwbKdX{~ zhyFs~D^}Q@pFSJu7ex799{YPNzpveYk%57T01VzhBVfJuo6;x?LC87mh|CZ8Vl60t z=h>Rkzi9PcroZhK==aU?9}M%0UDjoum@?2({PWQN#mMJ;~O^ z_J7gn%h>;v;{L5!rcME)3#0#yyFkDCOFiC6PWp>0>PrILrM3CLZu4JF4*lwk|4TOi z)#T7$aPG+q|7!AI_y7N-pZ{v}Uri2y;_T0Y%m1X!e>FLDQhNQ{$o1di z=fB$gS2u_L2V={>viYwjhkgm@|64Zy)#T8hXN&()oBwKZ=4>hQ7Z`buwPieBd zTg@}K_aU!r?Z!4NFK+KIhrbck5*<2>5tzy@4(y^@p6nC2@zbA7`|Ep_t!2o+WeXQ_zJDyeVZW2AA^dkSO-kD4Gy8nnWtKDg zc4Z0Mw!PwVRc~BwI!s2U&d(HA%r9R)I7Br}t!?kSK~pu~J}lmA?u~FMUD*z1+4pUq z+TPqhTQOI^C&GXuUJT) znrQMKf6g~JH|cIGff?4s@g>w5CJg=<@z?Mce=r$8-z=^TZg!5>%xe4J2F zo66&elY_dN-B?^5hZWL*3u~P2->NW7v~vG}VJg~O(5&JmJ*ZHtuZPT>6sUG^ftti+ z#2$DbH0l&|{UIpE42EaI42VN!- zx*9V!ZR^2>V{x_b1~TLx!(l}D0k_x1^EPJk#tj>mSnM#k7rtVy@#46vU%WMO;kUNo zu3EslFAZLHr3Oyw1$lIWazL7K?{)xZ;CG&%N?M_GE_h#u0;73IU}3UwgHpirq6@Ix(wB)-BsZwx)4hYKJF_Gih~0VdGw5+WZladANf+x zcAFOw;TqaV>Z+^?K`aGDEz&_8I#5`3K!!MaAY0`dflC_P1H zK8pC4`B}JYqrE)svraz7k^s6WYjPGru0SEqMsUQ4FALY)!lJ?iXNtfY{rzJiqF{`k zzmM_nk3rx$*q@r_;kIFqKH*Nh)JvE7F%#rR`-lD>n<5qVExmu6=newB#O9BQ;=tWx zKs%=riyCm75XI?}zUHX;0!==OclX9~kLnJ_-APq-I|Bg^19N1;_080^XCnS>WyxQq zfMzo?uuPI1pZ%oSw1=}zuAndhRT0JSPo1pIjtCgC#2-U8gNJ;kb54mR>ZAdF1)Yr9 z%ADL*n~U@}D^E)1V37*JGv)r{u`}Q?hk#B_WfrxQ$DaK5lo@%kcAMibj*yb7iz7tz z`-0w~01GM}Xjy)N^vp>Q+74&9wkWfB+M@E!X1j$)$5pQ(?L$Oyv)1Eo$n_DahOu!t zMY8^$?}S{k{+GroS_$$xrOg}SIgA(2FFZ2yqPHF?FcAZ`W*x-0xKtGK`Ebo2 zb~~1F{QFrXm0|1t%8gRMB134mGLCw@jJ)Nlo5Vls__AeV>0Lw!>J2WpIVCVQXwWrO}(D`1hg0 zNjTN>sW^x{U&W_UpV*x}qT7j_-lb;<3q)O%qZHOwv-gmIco+z$~;6IF0-qa5jsq zr^Ng#+kT8W)3RqYg=v!qnRH@i-4SR-G=A;i>qkZOq>}9MoOQX#iJePRTiex3TvJU+ z=7M=+rtd|TbG^}RYS9hDwdd|Zz56-u&pmtjKqg$w-B+=d@M<6y*Pd1w+j1bh!D_(? zNMAuP*wv=MrbqD~7o~uoMTADR>ZqkL)N}R7Utb6t7j{(}O_O>5(Lz#x!5eXOyYlCK zQ;ei2&xEWUr4RYJ&f4@ZZ)b5eRX?1W)S}u{r51lsx2XIAJtHb|8zRNvO7!FT;7a;~ zv~!vM+*@)Bh5If+e|51Zx&Q)RlOaf#f# z7v6h2aq~8e2wxQybQ(;`L28e|J4r4D&FA72jtOS9Vufq}Oidthz+x2Eoa%n5@Sxr<|Ktz+*k)z+rW*_u$@3q4YNiH=-HujeOMRgGv$i9XW>>79KX|NyK=h z%Gmi|;y>o-RD9hhgq6xelUeONG}1wOSrh*{jurHU1Zn|?@^SF87LwjSTuHpOVsWXj z<}BkE*5SyJFDH=^9IdYsX~AbhPRny*lJp89H?^6qzG--Gx=8cC7uj3gu6`4`cV~H2 zP#Wjuty!{ht*u<5FGf5M@Es72OP znbx>HpaMwnrXYA*0q2O~$;fJUrp8Te%y-J@S@cfzM3r#@ZPko}HSbN4ED;Zp>Yv?- zJtMAGBE%*s>1E%%CK@~S;vZJq>`FP4<&H8%ML})Lk!-Nm9Afg74eai*``7mJURJWqix{;vVU^jDe~1MqsE@9! znk!Kv{N>AcoIG z&#P|bKZ~s-{ykDq62Ot-tIYbzK4PIH@J#FTtJAbv+);s|<`d*?z>Eo^cffq9k)qj6 zFJcjU6JBd!n9jkt3PW?`aG|Sl1-X!D(TEh5xW-Acx3OIO3PmJVL0-Qm^|`;r>_WqE3eeZ+tr4M%O8jkK-tL& z^7!QN_n(}6-&8jEVf;ASXn`h9pc76!8w_!ExW1{n7)Ao4ldMkuDkwnC5Yat^4w4>Y z3H;;y89uP9_di2;x{89k=1@1w|=erdeoB`|FP`|OF#aD#ovqA)_1=scE(qjtQdy<}i583+J1se0KJ3J3SSN>;kX-QT+;M`u z!8j%G8)yD~2qYyI&XLANY#O>6xSqr&Ur7iMgvY!}AtJ~gD8vHi+$-Ra5fVhDhIjPp zPz%{^_FlTYsr`|z@CM)2=jrEO4+=YGfuBF|CXxU@90Lr5Yq@o@9|F1VaN32AN(IIc z`dkRS1DAtp{cEyA-AW-JSe{IoScr2rv3O*}OT9qnPObNnoeluC4;D-LiS6$P1f;%T zv|5xPrEyorxpEBxVy~7cFWJ@LpxYjIud7LSFoK$~o3VhTAP+Tu*$yMY=(n|u zj~&5?d{wRk&jueqaHGsUrGz4u^c4j;zAcE2R~YLbHyN>lmxRcA+|^TadyLRfVGI`n z`d;f9t{1R@%TvgYU?SkCilfF-2M+>Qf(F8%aD#xSYmlDlc^_L6kN@m}>{I{mxZt%+1EzEas-AaGKwY&1oUN_{!FHUcf{R4{92ZWQYE9`%ku!6hKF z*|*TYYAtz;k4^6u=3((b%`FyDt;9HHi?K(noja1Q9v?!MTcs)%QjN9`$&N^zR4&TX zl@#FyWtW-S1hMnium#6cKI*QIY7tQ)o@uRKAlJf`wpxTMs$Evc%@qlv8NfJj- zP4bPdi^@W~%$UA;+fB4it-K*sNJ4+8y4=0)5#i_vu6Qg0+<<^~`eF0oAGjE~?7aF5 zv{EmT*Ir`Yl2T+_>9Tpv7T#ogKDKR3#oG~;iPaoy5^^4U7+&oVefv{>m(w*f-f#a< zVxa9)*zBARh3X2Ncdp**r=XyY85!~1yqoKE*vXyNW?W(QWI5rG<7AU@H3@*a-7TYv zu*O`(c2k4H!y=R~)#;Qojh__HgQ)%2Kw{hw&F=Ed^V$WC+Y&jg<_FuT+(pr-Q!N^g z!aQ++<**2(56$f#)#>p)#;erldy&_>$38FPj|Igl<_MZRuv=UwPULYH$?Kv}V&TW$ z4QRDzl%-AOU@@~E5a0gnJMgS~-er7kxuM~B@%7&E`~D8sw@OS33pD05E;{_W{PA+- z3ST$HK^#MqIbx+(7_s55=wE%t+uB^OC3VXj*&M}C#DS_TEocRie=4{sNjU)5mup%b z1BG=9%VO#BJvKVr9-^Rjo}Fq~sP@N-T{fwwiwwct#xO@PPR%s&D#_z34WYsqcSG?A zc2pZl5hB@gx}~p&t%%U(8KlXv0dIG3GaBe(6y{3{Asx&P{li8RB$`5E$bIWt_#G~j z`;@K1&Y;0JElnw z^VVNe7B{0hC8HJkVk=FY)sS;Erh#7n*n6Xby}C;A^4R_zJUBSsp$_Ed`nu9m@%*Af zTYK;7VDj@3WhFJ;QK?qv@8f!61r2UGtj0PQ4y$eJCz0;=lMPH$^F3r+P*CEfOuI<( zCdsWyZ!0xSWVpGQd)_k*G)~;@7F22)@ck_r8v9gGfO+6N8i|u4oD4zr7jvP_4=jfz zkVj?vZQ(X!ExjAjr+ga>nM=R>9wx}%Zu$t!t0d2iW2A9my32t;Hk>g|ip@hiGLzb= zGt@4^qI_e{<;kP`rH4L{Ib2@gYO$T%B}}GBXq$(cwM{S zV{qG)3q^HD#gaD>DIV?LaUheN% zylj3ayI`e@S#E#gkqI@Ej4$O_h5dWRrJqV4TUK-1R)4Mt8%S6`-Mig#k*dFFf8zVP zXSQ2txy{e*6sda`>$8p%Io_k9qgy=6sdF6K#M?8us)q1M$nmLgQppg><^$(%52<5l zQXj`V@Pwv9Y}<N_Z`SmW^Dh?&XrPkRutqJMX7xmp^~IiI@7;re%PNX0sEbHz@OWPSd~b=SU-P`)ybA_M_~yB~n!K_)NMJLRlRA96QWTo4*j2$VJQGQ~Pz%k6o_p6*;`j)-jha$3m$_U^x1cqffB><_ zgL*>Ex=W-VWwRf>$0Igxr&kz!Q&YLz%G*cOf;5dr9`EB7uFt8Z2m9`>-)$5qpYTX*b056nkf5>KnyAJ)efs zORb;Utme>&*a}5Z2|k)M*)Q}rn)q~f*-yOnT&{)S#I}~l22=rc4j1^zGKwt@YWXr@ zHb`Ytr1d+_-(A(3pWLzO^n9^zDZ^QdzS+0l05#qON`>#0)7 zcmyG5v7u&EWdr6cg-Nr9H*J!LTqLGLX+Q@P(y7zC&l0$DA@&wV_a)Us{mkmSeJHu{ z0OLac$h~9s20pE0RBe$-=XMn(uV)rxMCNq3o;UmND1|y<0-I>Yf|lMrNN=&fMwR)+ zu^nTD{dkc7_U27PzQpJHP1AwF{co(P-4-SZ_!p+m7*=nNKkvKS6Y(iU#QEY7#vpp? z@?lmyT6A&I(9?Cq$kTg8r|?$!#jNFHoS#33$j;G;HL_0t9YvdvvORaQLi@{>9KLVe@$lW*3T;mlPZ-x6Jt_Ug5@lV<+=trHg(JO%#^d`kPb| z1n-^G9)9!V10982Mo4)DO;urmeG**}Pxa?I*K0>Z|7&Bugf!-c2%7RcPS+fOnm0YaOanY_YK6dnYUODG~e; zioN^%XZ{Fo#*Podb_4R%KeXI_7dRnNeQ`H9;Goi1rpUsQKZ2{EGWe-dc3RwJi?@-i zEyR#Fs2hV)16bV`9=FGshRQ`H#hh!Z;BeK-QBi+j^uWlYb-=mwlyYNFOnu0boNwe; zy?8=8r{lW`~5_Y@3Y|l`qpeb-ka6qkz+tEzQL#8Hwb_L>z3ioR~b=$lxeI%~b z$H>Lf68sXk1L8xz-c3DrWSLFGdETJmNk4V6EYT$+HHOP%3H7Ok&Ao#Ub?!R^+r>S8 z95NI=R>)y&7|U@TGd@;LpEmKCQnPj?q}qSz@hHvlmM4c&+MsEzQXYE7G zXqh#)`?Zj7g0ZHS%o7ti6z5;=5l{KmkkacrH72_@Xf4%2m)HE1GP5tYMqkxUtzMXl zKg|(3ZXFng&++;#Wmi43O$CN8aL^2?$PV>WrJ9E^a(Ks@~|Pbx6XB# zk3STkMbHxLM%4>$E1+jE?>rDUTKx{{MgDkOg`NyfCL^JErua>bGDl&wJcpc&XHpYWK z(qe>f$E%(k@!aFZ)u-lg^A|TrruH;`h!^1V%ocpJuHihDZ%i18+uvJS@8{Nf zN@qdc|2?=yul3t|!E-lh)8+gSCIpOe(k>va_9cL3P8zM^l=m3Fw`J9A<21u~12w1v zn()U$TXX4sl`>D^2rkvS6vXF=mu1egDY9N?lK2guC0$q6kK!wduef>e zN}FGS{3)ARo59+wI%d$$K$HLGp4XVlo5!jsnVRhKHEEF-AV;{Mn z_U_3Si|zRu;>AN{MJWq3Gn>9UJ8`2Sb9^rL=N$$Sn@5G)I%h?g$2~|L9PK03_x)R} zXE?uR0|g|JEF$!J>)Xp8Uaf8JtaLeF6jeseAW_dra846a=Z&D3=TrF+YQWi}+1Xz$ zMOJFPxsJ@3tQ57>z0UhdzQ0q9wIyEjjZ>(?6Vy`h(U=;l-bAj{1^yt%{E^>7yB!>(5 zTAR}r%CDSB){qgP5{OnA)>VNjI}mhlTJ4q(NTSok)++5P7cIierB4k{+|T4#LX(ld z3J!Qa!ecbuU?QV4th{KDn>YLu8gY%FMY!X(Jrd_}w+~p5Pk4+U80x>dKo!L-N=`A! zocL@VneBGXSRIO%6)K{`Nret$V zPIIJfm9b9ASpk#!s8Jm&sK^9eZz!en=}Fwx&d7PerVt)xoR5ErVBhq?sl04bsEBI9RnN^0LL( zKd4{;5nI*k$=8{$&WjKD@0+jFADi?hnjW&rO&_&=cxvaPr)AizHx(H31ewi5BW6Kq zrI|USZ*Gm5H}Bthrbr{|OGJ!81ZZ0OMmRh9eZPUhca5{kXIC{J87uvoJ##!A=d+)4 zEPD8%TER}Q0r~S=8niH+;{V-?jR1%;DPWX}kBSVJbHA1_Y89HD+oU#;oIPGod|o`T z*@c{KniHJVg*p!qXU;O6imn`D%1G%EJB&VkOpnWDCx$H;jx5h(2hTIXe zDAG)djSaX`Dm(A)=dJ2+_`_y>ujg&U`%@7mLQ{3-mEK$tm~6Df?(Vv~0l)j?-qcuF zm5Z3=du-@u=x}Vn1TM-%tvP)WEH^L0mP+*~H=QBb+-#!y*$5gz9(XU?j7unE>E}bU zHph4O#vo_t4s&S^2II%39}$rv26)6TOWuBc@mkZEM^;Vq?`Mml9ToHi`CaHc?* zEH5q%rDW9j_o#5VEKGgC)u}f@*^id7?!EK6RH(0;>0`9Gb=&FHrb%Z1Q&p0fDdr7N z!R~ai(|z^Q3^B61W@)be2mVZFqz7q-b)Sb{mveew0ZsW|pC9VzID0)Zu`yn3jEpR< zwzy4#2rX*;e$q0lN}}VlvWxiHS-5E;>06!-UEI7%z*w%K01Y$o-c~x`)ieQH-NJswtgsv@;Bk%Af^hjQ#!+$s6`$AuXC zU(P`fI#j$?-%t-4CwW)Ob}+5J=Dll6%;tWrp58Eh?NE$&sBk+dE|mvC8}W8zds|j7 zVd>%UZ7o$_!Hk9glBqq?$T|O*ch}E8S4%Z=Y&iYW3^{khP-LuRxNc`9bJekiNx-y> zA%23rtMG!WReO6Ax8bu3|A)4>j*9Z@`iB)!K}u3;K)PG0p`;OM>6BDLq=x1a5l~`~ z7A2%R2BceJC_$tKP&x#L?tZV~d*9Dp&-1+RZ@ufcSnJY1X68C)?|pWD_CBn@1FA$` z)6RZr*c?!84(Mz`$M4J7XVub`GcC*n%9X*!KE>J833hhuQWScAu-;9U_I$*{mSDBo zRB&MYcQ8R#evRw#ofC36N~KrWv98<` zcDrAzDMaJ|CiV^523PdhVOTVvW`)n>ta08qzrZr6U&nD>?*1%zjaaZ+BtL(lzdy=1 z-Dmt8hb0@(2K#Z zUi+#2Y_~Rc>;5KC-!5|kt+~9vv-G`C>QxQh&a)P@q>cN)nH26H*%n>&f^?&~%^D># zsS)}CS{`;{p5Lk|Xs-Ti_8CX`@PfcXf2vR-=*Dv# z_0W{gB-%84{p#3CzfP1i;j~pH%=4p8i{@#ep_&a_SloxA-j1~Nd6NF zjd~J_ckD9<^?A&W0J(Jhb^8KY2&utB9I#h^_{y=@~MkFZ<)IBd~!j(YX?y;{yV?M zd~$0dP8_;(A?~^4*rRQHeA#=CFTaSI7+Ma^00H|qLUC9*+WFq}43z+puFX?(Y~w}F z4T46EiOi}ht6kgoubbjhx;0p@Kjld_wlU9|owE_3W8 z*lUoGt5d9n#!fh^8{yiLSx)%C^0eY!sp`=2g2oiG$8cWY=&vuv zZW;%ehR!1itxn#UYhIqv=xhvrMkPu53pS-m4k z?E#x@*a#WTdUUyOk3ak|#2ZopBx97E_}FM?=Hb5Tc(CS44AxQGln=R@v(qQ-)3pWZ z+=h+E?1u0XAe0TkG+k<1KxnN}a5g9-_&i|ZEHmapv9TiFSf8D0_jIWkY>(kqjptVE zCV^b`E7|84k!3g!rANlFxz_M@#6WOtlw>pW8m%XOjTAuwe(eSMY|=`3$&dKN$_c)) z4G_~A@mBReYg}`#q{*^gQHEt(TR+}DB|QA9pCq>eyichYpUzI;>}9B2b6x7mPssM3 ztQ<5xW3G==MacS^;b+&MuFEqvp(siPJsvN12f7Ad6joaO%4I{$izil>rsAzTcwJaM zvo+8{TZfoUIB>v<7FV7+kU;}kE(f+VAAjuHM$Zucfn74aSnaIoY|lf?^H?d7;MG;u z<2E}1Mp5*m8}h-A#|#)@)_%@J099IqFR2D0bqF#I5`$&m{Y}g(V?eTIWpq-&WrA_v z!-^w;`<}y4Q(@0RzCkv1lX25cF*nwM<<$26UJdCthC?yHWz3@W?SqSA>lhqHLs;cf zVjBNar2f|OC=X|EzE3gx{(e_E`59sI{6iQZNL?%a5GH6Z)VQf?n!FO5J0I9Yl=pe0yA|rg}W&qAlDn$E!h>8zN3W=isS(S zzw`09I8z*(zH;upgZh{HjF~EtIriRv5+aR38S!#1_5DR>tzn5o>Ao8L6kH%}_$}__ zWBr`5yuAF(c)$QhI+Mb>ujI+KjWz!?5>D-RW`y3M%EUfmCLR41{%LaWf3j?SyG+%e z4zHySIw7aASo)b%kYKVQ;k|WM_GlIGEyvflPj!Np>ynp=5E`0sRia!MA72E^GY=?j zK53ad4j(BAk7e_lWrZm=pRmqZTIvYG%pj6vYA;`8l#nNVby+X<%Da>^^K{yykTx8B zf*_^awaWXoh=w4J0uFUOpo@4*DokMVACe!-I-cl?V)4jw3WGSL@q-UPgy#-wYThT9%0$RBvlK5|W z!W#7bzw4qSybehvpfds7z(*khjpifj6Y2PdWQj`9ckvx@_@UfQy~4)2#Cb~sh1<++ z9)@e)uMj@DDf?p#72Ujd;yN7W_;#FTNUu-56dVV;z6+Kfu4BsL46rO7uypHwJ`ByF zJhx_snIt~z4h^h#kQe8LnRG-JE(mOJR9LckL_(rzKZ`hajsd&PJ9XjD;tS%{)`h*~ zDroq>EL#~=I~0@9mj6->>r}N>%`S-7ZttIlULMqOrE~XsNJ_kijN8~BskX%{A8)M_ zA?%Os{kGQ^7R)W?=C;TBo1aQno%b-fB4wsw*iZ2HQMRP2p0lo$^{F7#VQbY|3d8ap-aE>JMRbFd-Vh zdtV8T_VVvr<1kOit^@t1P!f67CB9bh%m~b#FT9y5@3rdIX3=hkb2B(hBGh*Hgl>d> zaXeNYuD=j3eK^ywE^Ao-k|zwp#Y$gAtckVj*=cbBlzfbnGQAna05e&BB{ry@&$O#@-1o}U;oCd%}Bue}PG zcBuP!R-bzLg@{a-ba=ACO3%FnF5FwoC2J84?r=kQ! z04*_Ej~8I@;GUKA=j$8`jR?b-8p9SV^^^Dlb}gHX{fG`kxIOdzfWS`s>9sboLXmn3|9 zn)ma($2~b>(insl8JAhP1+J8zgWqGo7S2stm*Yde2SMFavls3FV_t>jQ*o>B0}l6- z_#8Y-TER|39oQO|QA6ICDXz}u0-NRXLA_DB+!*1z$ndsO2NBEmUMAg;XzN4D;JD_G zP%5qc4E~ii6)*@Guie5_J1UJveq62u)VQz2kf@fs>)%CsN_AarULVw%5 z33An{_^7BTWIGXSLB>&x0@KYsHjR%FD$`HiqNzvs4}70STW5BvZ^v}#GMqQV&VrkM z)9b!L_rw>1#l>n<_H5xO07oK!_Mo55dGdI^yGo@+8!L4I?*607$ffHi7n7<|6YE0{ z=G~wDL6%6PIuKR2<6iJE43gW$cF0xf$h>Pi(nHVh*29dRj!mZ8{ar>_vwQORrR8!Y zIMqN#(&y-I0(Ww8dpNh%Cn@P;qNiX5Gg~uU?`&iHmd&wm6?$9$?4<99%sMx|?vM8WC9{DM|KXr&QwPHVSFQVxM7RHrEV9T8)2Gt_P z*&Ed>-+6SZ>=W0R9hAyHP>a-)oA;lzY9mOusG(FO2ea5=5PFO4r(kvR_1%vMNy0Ta zE5oCUJAv}U94ltPt1(J>A4{apYJf1An}ijTvc9h|KO64HS7E8d9E9Gorp2@6d2OA* z{kuk<-1zWocsd#SyE2-xo}fovqs^Q;-M+gk#yDCwrEa>o&h2-x^U%q6I!~4-=hsxO zTjhsZ(Uza;tPvLLYFW)=>Lf>&vaaG~=#NJSZ>xtTA4dYThW55-ZB*SkgtJ$XIW+6O zG<46fa{g)Wt>Pbr=6vq!<198~ZJT;LExYGw`ulDRJ{&m`7llM%qCAcSx~A{cav^!D zn^sP1@K)o!Hp{ONzTitGLb~@aVlO8rO#1!(epuDij(oT0Fo~-7DVTt2x0ok{>lSJ~ zR6uu)2^RyCSrZKvLn)LGVa&os<9~F~UX#JvcXmoKNtr)lGCT@25`tpcNw;ya@dAh6 zAU%G;$R8iHgDuVzY~aHvRlQOXL29t$02qd3DiLPrekOd!ZXl|*+^P2`>T5}mM(XpV zXWI*)E!S+ecdgnhtyeD)E=G~}Qlh#^kw5l;30HRAI&Qs}Q=!OHcU?nabD$ny9JQS*gLNvkHmCoGQZqtf~0{uVQA0gQQp6_0bxyFHdjZcmMRfbvu0 zsHg^ZkR!2KiLBT{|Ge4Jut&8N0Atw`P7ul+$g@!^pO4iVQtXfSaa1CL=ys&Gnb~<`jeex5TLf@re5ff8xIReVfjOst33#lx|tmS^zpHl8DCMM{xsi%A8 z&%K07QLn48Msc6UaI*<1`D_EE6xy%F?D~^!Kh23Te<2SXc2!#1I2du8OwFFZ69|%7 z>CHcpxwKK@uDQm^k7B9FH5~b~JrHg=@vtD`SZ)%mbSzA~T>osf8}iU#Z&$cdvNqmQ zX<~D-LQ?On1}8QLC=Fu_Uob?xD4pCG1Zithzq$Fl2K4`VbdL<|aa7i6nXGc%);jHR z$IjA((-qepboiAihNdLziHWr|*K5eh9>U;Cmtmy$F23%+;G`o?(ry_Vh5v;HI#Qk~ z9!V@)8wQMLb9l>>jL=yn$PXucjbKT-yKnoe#OQPcgnn>m&mD)-a(SgyBN{~0%Dl#P z1faxGF~=1d@=cd_;&0pIfGQ>iOjZ3os%b!9V}U+;==cjiEuc{bmuRdF^?vo3mq6eo z-8QFPz4^9y0b`F_LXlF61C0SMEQ|01*^>ms4Xd@#a~S;r%7ahO;l}$9ZDr7ZtCMwMB2C_5$10l|1P)rjAkIm%LCs`Z$S zuKkyDQ)g(bZMyCx{3Y0M9}rnBmjGS`u9vMe3+9Du1UR)-AYu`gUA7(Sj*j>nb^CR3 zCyzo34aD>f=h7_E2}LKQERW*@_spxc-=0i>$>nsNYO{Cm*cbF? z91B5!#=Jft;YAE`;vMnUQ{a)!CRtzP{5`8*cN}|)eJ90OetT`(bvI`XQl6VJT4W&IG0`)z1$%Ka0#HT}Zn8X_<<1uofHN@|4n2 zt&WhpBdW?^Cl??T#-LD`1mW5QjZSp`6*Td@Tp(8;VXnE$Q*~o>xMk8>1fZ(cRTB1 zh-25K96^CJ9S?(kyK0L#zhgEC2ZMV{tbQ++03ZqaAGUC2yi5F})pk zuRGW0di4T7T^d3B%w36-nwqsJ(!kZOtK*a1P>WZnl?9U-i^C=S?M z+0X*J7d7UWKD>rw$P{^}170bSVjqe5I2ly^gIy$qEw4fYc70Jh@m8b@V`C^nc?j@Sie9hLN!_iBlGgjKzYSdGcoN z#T8{juGl30uWb51qs+fA2KZ-zzyHC~ZheaAmDs_XV)xyp2$?1m;;Msav-y-LXVu;H z@$3v*8Y1XHl+3P>ua?9?%w&i3z5Iw+vEAdb`=vb(u6Hu?e5;FY6#TABZ4n7kE@@1dPHrIt%58gvwB!Nvb0IT;+j6%bX z17X`TE)_zU<=}8)iHAX)lf=F|xPKdfE@$;7TC(NQNju$EegDP$`QP6C=di&|9`o)G z;0zB!`a2}|uljGDvE9KWwoa}=VAlf>F^W={NDh;VdHEd@29a9RyZc4H>`g|c6F+7J zqbS6Ip^XFPH!Sc#9cElsu66Z(T#Wt>5%}oY5e6ojzzS`q{0d3V7iLygMh*d7u&xST z+{d3H4=(2GKQHD=|NPf#FcR;K{Y?e^t|reM5l9mzzQ6j#VSx9~&k9v)d9dIWx_nzA z%KYMJeD6k_A!2tvBaOf8uqEzdXK^6ZXKbu(h)+5g1lSEhlpGzon?5(*b%Its+K{MK zi#k3UocHoPqU27l&@|OSJXUaD4G=kz0H)Y}3sZbQr_*6m>loW@7W}R6!*&7xLWE5-O@*C#>EkD2ar#ke0NKOUi#*JEs72oo8Q}Z**3rl(Ia zU?w%B$dIMoY!oGGIiD#BL!ZN-eb4r!7N1`?n@`C$8my* z9!!yqC%^bj8eS3eMS0=Yx-Nd($?n~ro9COI&nNv+q##s!ZpZ^WgEX(q9KB*>c|%l& z<<5!O(6h*tYm)8gzveFpV#dn|?RoKB8A{>nAlOe)AzDWXY$&i1vQ!d$Qc^!FK9a@F zW^b~tC?R>o0b)Lg=$kL!$4G(EY0H*C>3r;=bZc*$d1q|nZOiu4HW#&hhhdLQbAQt8 z-nef!qNHAHAOpf~Ry4`U%3>Wvu76w#O!CSnd>!%urwki8mbj;&MX*wZhq1WCWA)HhxTK| zk3&Dvfw4$&#=Izqu%<^BluV{Kx`~O=zr8V|Ez9sln}eXc;CRQ z-~0Qo7JJCgzW!m0N0iSb9*g>(aMS%ksq!e0jNdin6|~{dJ6(eODCsrzTIg1KwYWq6 zpvX^>b>Ns5M8L?VmH2NpSBElWXkycKZ5vY$7jk)Y(l?(6UZE)k{)VO;A>r3gV!Q|9 zq2{OQqT;15BB;W1=Yjql&)E~!vBEVL2QW__(Ap61hJY;^N&GD410jV{FJF$+LYx~X z=e@xxWG*zBzb=bP?PmMcJu_B#)CRw3`NtJ&>ZLFxNkkSr?EFcfde=~jWbj@_JWg!U z7xOWvZ(jm}hCQ6bzjn40v2ld#>i4%PS+UM!dP;qp52BNcUj=lxPQu%C7NWUNN%D8m zTmv&bi-lgt-HGI?#8M^m1JOdER?;*DCC=L0IBzJn_a8dkOZUs(c~y+q9lxCh0$;O_ zY=M<0@hO6iKlqEz{BIs?{*J<1=FQ_yn@7Sk7vC$qKsh^a@zeRvxRCMa$=m$u60n=7 z{wVsAk)q_Hf8Ea+Ozw?8Nt2M{L6Rg5omG9l|Hc-?zuAuuFWvZjU-i35qNO)fBf+?q zPC!85qmTz-fWZ;dXsJJNaV@c}-FgKZvV00PfYjs7AVF9&h)^!-CO zn@ryk6pGCB)|%%XOwk-m!Re&J{(%#$WJaoLG`s~vehikiIUyz~0Oc#}0evSdQq@uZU3#`rYct)eo5ahuYv{wbw#_IX`rT&3 zYaH%=E}cv-=)n47j7fFq}Eip8$hEA4rqxf$BJ1z#XyPs=r zwfc=?b>iOvdc!*p#pErWem9T@DG_!S?;B-38~!^$FXcy?>sgar805xp?^&J{WuM>F8zB1%B2`=)_v|{snlOz?IH4YbApiR zcGR~b`X;UVr;&8x)XmNlVb#(Bcs4x=fz@-}+Dy5#kpu!W)8fK0i*7p$9K$8Xz3WYw zO#Syln>M{a&@#T4FFb^dL|z7gIGYTQQ0VWo8i{Myfcw`}|SZsh(xcP6ehwU7Yi59JO2Ow$&m>JhbuH9jc1h4QlRpsF$hTzfQ~70mnEr z01WHsegzkXDq9#ot$D!%NaJ$CX zo7gcE%~zPwX*xHW<^7!5YB^{SOmm*GeB@tbiXUh4aB^Ml&rX2W(t%0W#V4-HA$`!c z>5gtvw)iJ8MQJac>bMZvdCCC8L%RGZCP5ZnUiFdYXdkHd?XF4h665sVev4|eF)R_` zW@0&|=8S}=>*I~LZ)^bgkh&`Uhp(x1og$iU&_9Zjk^}+v?0u=?$l}g^)BrLA+%CWE z5hX3k^IBT}5!w9I$&XA_^ocZMEwhgOf8ekHxwW`$8ij(C6WlEMS78l@V61y3EdS{$ z{pFmvlS3b`lCg(d-ei<~>97%nisnuL%W5sgo&8Jup9f2ofGAajwFD!BHB~fsYfMVs zfV4LOW4F)>@H^Qe5;9#;&+%}>NGokYkPP9K@NzKKjAFfMcK)i|2| za_KEOP^mGleSUnMFOS9aXButshGVe)G<6tweMJFd7o+{chX@u!m@Sz`!W9k(NC@t( zELW&Qi!S{I1Zp@Or_>Es5=|3@$ySboPrMk9ErZ5 zT!1?;TEi&NK8{88CKL0sKJmiOo05w1GxmAc^hN5F&_o0 z--&ykuPz@geE)opr8mwU`rG4-s?uugkOPKhTm$Ms|9=BrLbB$tXFNNgJ%eHj1*<;5V2;% z?mZ|M2wSks^RprWIM~5siIhV8tt}SJcwGZM$So>x;0NX_{Ax1y5N4N_wct&))~m~2kfuDa?*6(+Ihgh##_e}MT- zY_aQ*b~u^J!SdEqU$BpgKBj^7A?T%_r{Z?D|Lg0sKqj??z5y_HRJnx)^S$^%5YG`~ zdsL+Wdg^T#nEU!||K z%#;an4svPWeFqcc?B-8i;6&9QAdvPmdNg<}OsTYN)sj}cXJxSnTmDH3wyhra{S~Xs zD85!j9LZp;*fm@)rn}0Biv6y8c`Fvr=4B*ql3@jYaRlfiGS4IY*8>Gy*le>w-xgw? zrkJXMVGSYJy6bXHydIOW3A~SyOs6kLvqPA|L8qv=0x;#<{O_TiGUyG55?#euA6|=K z;ueC zW0U{bBi2^KrSJ>sU^w1#xE*gk(FRbWR7|+oroFK>uFT~jf3!WW3>5(JJQn4)S6$b4 zv#xRuv>=x-X)sD9OupnJi?dB97|MRk-dOgIiF9$C7n3fnS}u=SZ&K_-?1&yZxcQ1J z=jv)`BSj^DEfA&=9NrEdP&|=_gRQh_CA90Wwi`O&2Lt^o_W?<)?=PJ~&WMk3RWO4@ zMsEelw)~wrU<#1io2x_p@zu*ZHYdI7Y^)b}LF)tScdp}@v1Dr`+K|;vu=%|s8|VBw z=*Uru=JICLfMO?+V265VgzQShME2?z)iK_5ch!c(y9{OS-P&hcYuaIu?{g}kB*?G> z*jG8$h)kUY4p?7IwKiHgtq8+l`sHG3L~m3fx>0_ie6)9U|n+3n0gWBGGg!i+z?{Ug2Utx*hSW7l#dROUCHN-rdsF^JkJb07D zrz6)p;O3|XGkFG!e-X-fOopOQ`*2sn*)rF zBS%nLh9v9;3_u+S%=YLBX@Jq+F8=y+u-s!*@K2hK3~JkL%mD*cJGY1Qz%C~^r2J78 z+VI@*VGUn+lv>Ls8B|&0#HN=xbs$7y{BzSZ@xjk1uxoKyluHpjB{vnSp4|pl49&A` zQVUDz6LNP7{CDO89q_$wYVbX$E_5C0M$gHh-QYlEiAxzRwAa$NY=eL&Esy+gF|&jC z+C$Y5nRc&1d{HD`@awCbuZue-iEFq69->i{fa>poU3XGws5%-MIDe|Wkt3V`m|ed- zBh7Pp+J+2lWnGaJ!~Apcojcuw9Gqd=AruE}fWWkY=U~p7=H8v_4&ERfW&RJDcNnB% zp%`NotP<+dmRA^Idgo2Fh1I-=UiZ}2rowE;rdF3BCjnF)gy0{1Q(B}CwVh(fZ~h2D z+Bb-|jsT|;P?>`n-g(*okwp-&p-vkK)D+9~fO!_o-!vN;_(;0BOHKxDrEUB{2kn5T zZiB`~nD;-KlBI#!@l@1qG6l4J&wll%N{%8Od#xN;Rgptjtt$OoXa4{4W5B<#*v$z2 zZkV{%>cDIEVyrK9_0Sva&gFoS%#n^n+Q6zsMp4^mnF@&c!#L8od)jDh8`L+;A7oIU zkR&jTS)++_l`8))9dV_ID~8V{_)zWr{?&(7jUNR&;1?hW^+Bgq+Q$#vPCxyCbMvIw z6C{&9LnEyXB65K#xb@Ph!en!Q%+ zABCTkQ310*i8-WiDwtfWL%DsLo% zP*n*h)rEZm0Q5d6Ygv9!&};OYCr8`qps{_i(gJBe{b9UKDV4B*g|TN6>eXbNbIhn3<|4PlBUGD_ywACjs)q~UI-A@S4-G!FIfM?sFkKC z9N^=}oeMV(*c)ibG@mIvip@V*#GL+(y)M`7!|$NlRXD>GT1fw)zJPzzU*KuhNmT!q zPI@X(-a$3YLtNP2|6X-mOVC`RoVMwc;%b-EL`o$_c4Mcaz#Hf!hCueYkr4juWrw|a z@M`CFTo!YKus#08F9hC=+Y%8+Z@tKPpW=YqmJ2+)JSS!`*!(~R^-+ZXO|*c2vFiVI zVnNvwIw?%IUyw8!mN_Kh`nB<`YnV#v%mbflCv5T%-8Yer!u)Of%Yu);X+FQfa1abM zP&oE%DS5NZ`SKAnGjq*v`3t|}9|a0-?(6RN9+UA=_=y~Cz60mf;6pGc4fxNa20F>M z`KR8gv6jfL(R`y?YM=ckdLbzdYAiNkw^@LbnetsiJ^b zCDIQcuUQYI5@=OA%nnXTYSn7rwC;{!sd-5T#>1%$ng4J4mjqgV_P8BR8`6*@>?97} z6PDhjm#YqmpxmyTgn0aURXuq*$>PZlY8Q5xUm9rL{OlhSkq*~+m2*;Hcupg+IGOYL)Q2HW3S5dsVu4!i60PR;+t=l z6)zzi|H}&hX13iPqibx}8YFGMPX4KOI+e3o$^=9##S>xb8S0T_38#(%Psb}-gQ zoJROOq}yCWZtAC!)@F`Lm+^f(%MxY=W5VtqD*aux?hM4zPwKCnzJXos4F@RqnhA!qVQEH!BzPI5!IwlO}iPa(+WvON^tszEV3n$w3C7m{cS z3KI3FMkp12HlA(r-B4`u^A4J~y@arUw3^NMH*SLQ-#_~}Zn9{~adAOw4b_r{-(l7} zS-ctC%SMgN;b7a6WiF^e*-bdV<+2@)DNK$W6HJcotcZ`rW=GQ2Rxl~?4$!|6wEtLd z>CGySh#ib2HJZ*v;ljN(etTXcZB7p96}ylLGInFo2pD+i78CP2(|3M*9@sO8<4C(F zAn=|&IhU3$pzOB&NFD{Ph$?!DMh%dfR@mr9X|eX5_G8G`%gjRX;?q>8K9eW*j42(za~ySV*Ta&%zuaW*g4QNcH&cJ|etE7)E6HYR%hPUQZj1DyXQ$ZcNkVIqJb^>pl_K{rAW2|xM1@ilV$th8*e4Qs{(e>ZZm@@3ia$H!%! zb`MscI=s8>I~63D{dg5_E|R|Kus` zX?R%6cALJ-u?a7}SC+`j=dU2;wgm9v0S?%i&s)dlcb05!@2XQGkVPp1A0krr;I72u zKe82hhj})pU3dE;WAs0>w0M1DAwSwJ-#jO0<7J!ei$pK`?zXt9)M zK2G2239DeSvK##5uM$4Gu9TT~=Q)|K)R2~X`wQk7>zqm4gIicUFu@9ZE=h!y4Y3XA zv!(0>lq4bMlL*1wVl#ms4N&$zMY`G<+2nufU*COS>~v?bx5jlbZ1Q<&V->IKLSN)| zn!4?SH}S8#`-WJc-0C19Y&1n`Q8$FS;NeFo&IH0QG!L1SP54WBubhE69yPih>iEUS6(M?XRn>D%-hiZ?iwm!frYbxK&dBkc)GqAKs1) z%tU!0j;x%xcWiot|DX&WY<|RBEM&X1k>(&4E#snV?h9A2K0agDBKw^5_tN#)JO$E*Mei;ji$bSiGdzOs?z+B1aw2v}jkTDwry>Q5jfdZ_aK9owpA50Xs zC18aVx)%od%;xa@6X*%w`@mg$$gpD1;>LFBl^~MO^gUV9^SUn~?IX*kpc;e|??QLt zP2Z}H*|9Xs!L3gjHJRh!H9~m&xo{r%rQxG{o*WzMEJ8jHit98CC4_gVBQG;F&MM=@L(!vlb|BYuW-qHev!cI~OlT}WRsSHYJ6nBy- z0VSFrg|L|g9|}B&rE41&Y_tbTkkwXSY>ziVRxg`(az1>%R9Z7>47d$=rkN-uO-ywe zqV8SiV|1~w!qHY_RT$84V^m7W5)HUuQT$%}<}m?Dy4T_#8kwF(w~JSl{q$insaW07 z;{J@$@?u-rA|XT@QH;SmZM~|~69TBgwmXrMw{AfXPHlF-YjQVR)1Y4H@(WNeJS($m zUY)442JCZ-8xu;K-nHxjnVWZMiBoitMk)&_*QOKH!mwUQN>9T-Ss?Es+QeW*JOZav zo~$Siiftxs1+$LIF^=u^rRO~_xPGa;dPxUQu8Z0(>~H_bpB845b~$g~VG-I2=P3*W zANI9?spoAdQ8d{lL-;9l?ox=I<`wRXZyB+&w{JDI1!l5E3pxPz3#ygz>8G(pE2PO1 z34=5Bdw=CU<>YB-B)u;vcqb^=?Db_~_4D5%91RVbnJ~IvVJ(3Kt;#W?xUP$ba<4S8 zc~iV2jdUH-9grH)+%L3E*E%hf(l#(VHHS?TbbuEWqun_ZC?ASiA_E2=I(A+AS*BO7i*C}yY`q)3Z>1wC=f2Ln% zch(}`w>Oig!S@%K8$1J8CMc_O0q5ttIClOg^B!-o2=j=4$5mS@thHDm&$Q=?4VFBf zmCbMIM;TLDlx6aHs+5tElLxa6n9a3xx3QbH-BajcYX?5-M~i;tz&0ewkxyJ2k7kjx zY@0cx^9`ZDtbvQKlQQ{U{PDY<&Y&gQC_*--uK0f4Apa+8`-od9F>x~45L@J<6ZaSU z54~dt`B8(pzLaRxW+DwA6aU7H@n?KLa}KJVoP)FHSfAwwRcsD&)oGtSh$t43+pdn( zaw*1RQ9K8JrP7nCyhLCI0=J;}usI`nd>AEK^o(Wx`YlSdfv4rndT+?%05Lox z=NTCST+D@9uhu(FfBCuN()-6yQb})ho;%EnmIDvTcnShu`{)WWrfcn-dbZ9!7x^O^ zrnjR|8ea^K2U+PXUxUxV(}>`AZ)rI`EOo;c2uwRHo07_EUawXhAy z@S1eumbu+WqOZ&iFQOhB`VZC`kT6@9ST+Blt^#GAy(A^)a0;(YmWBydN2VGPHTURg zGVsYF)D4ZQm5CP~B0+Z*>nC)&3Kroj7S%a>8FzCSPW5scB~Ngbo{26?%B&3Yj9Qho zVMKhLo(YaZmvj~u`ZcSftQA}b|ea*xvGj*3udrrz4&`}=8K#tDL`C46jCq(Y0b&VJV?KHBx;e`zclVrVoF{gVa~ z&a6lWA9Z>1D$=+@`XL2MarY35k>BUinEeUjMk#hn7iaee$>8N7ohxOAZ~>l882yg7 z2<<#ME&gfX*-j5$ao%yXtp|VmFbsuwpb<8~&@$hZz>Q%tC|oCMSfEz>+qN4H={C%Q zLhHwj+>7;IDZNSg@PnUL%!PvZed?D%JC*kBg|Ys(v)`I<++Tde(^buV?_%xkB~R8w z>3yfWLg9;T;i1Jc@V!@=cAVl(H6ID1U4Zlv>)yBb=L1^BmJjzf#>sL0_dn~uZiP!V z8-l{Mkr*4*hS-I%^Ge}~I264SryuT#zDsZWlh4b;KJMN{ZOcpVn|GaS@N4k4k@j`Y!bx9EW!F(t8$KR0G{1&X)8?tmT{E zLaQy45>s2@zg2(o&x}m8E_j2|4@S9ffU_ezTIcO%77y_W>gCzQ0=(F; zl&ao-dD6cJJm1n%%+iR(nKF~nRA%O#_6t(kEzNLDdCRW1;$QN*`nr~A`9ti|v=c_p z>(b1R(ZTblshKAEJAbBg*+^Ke%dAEQO&CJ3@L|J-cb#Q3%Vyi+++E zh;D)6&WD9fuO5sM2BkcIU->xoNmZNdH)3MC^A4)x%S$8IB7p_(WB!xjLYRp+gA4!G!St-g zL!880@RUJ+)S7XiKm4^Ot=K6^Q-0gFRzdCplQfaEfoifrBVPe;%-5V*d0(NHb zhKr1DG}d{(;Zs7_tlN$0-mojnOx+pd`_(dNsss?n->05qeitSi+aEcb_)Vix9ThV~ zW&wz+*%v}m{7K*`p0bZFAL@r?A3iEh#?@jB@+S%{CX@*!AI63zTPa!HcEE)dg!q?u z?Kzl&$+H;65tv>K1hpzvIy*dPNp&XhJgkGonU%D&p9WlQ-S~ zT_DKt$F|x%F-xUwHXUz;ThN}$owuLxVV1tpu4^Wy54sC{&s`~GE_mgNMk})4Fd)^v zMElJf;B0}_n)PaySx;yP9Hx55HA(+InBbQD+(Gs$i8|6iPv?xgRJcd1PhLM=A-!*o zYo0Yg4JP|9BXOc7#A?m8t$X7E{J_$-SKGr}?wi9@k*i}N)ztyJceeDnjrHKWtAZ#k z4F_DT2p-IT%uR3B1>R`N3kQmC?t_v#g2UH}pqwz8g-m}5mOwDpr zzr?H-Rt6_IZObx6qU57M8{iZ0?CzJ;1fR0@i{YSqmheFT9Wx?OuNp3b#u=|1WSP4 zj&Wp_!1wV?+c@~PC>7}IzF!;a#27{4>CO$C_*S@0*-)_`wm6wr#Ot&CnZ%3pgzSJJ zKbNJj#3c(h2?^RU=ihCSry?Jk-N}GEiMt9J%%ijF^4MEP>Z0l!gye%_hHlJqUS7;} zQv|Y2CN~EgRecw_<8PS7y;4F3gVrFW%|c1Cc}p$V$7r>cEHKNo6miAdf~F9#W<+B9*eMsL&OTIH{aZ)Ta0WB^<+{_WnbW03CA~V zoQdTZo_QY;@ohIWy2hJv(ze4`VBcTG3;rgxqPCd3uo5 zQpnGYgVRQD7h_ck&@}`c$Uo>aY2*;pcg~q0;lByh($dP)$t8rXi@h#}dd{i+z+>Lu zl`SX3{lM>n<>h@tOY7R=koWGJoekg`!y_#m0yq}rYb<{{k?T@dpm=3LrpZc7*9WQM z5>i$gylxAnN}KEghFj3p?(X|Cl05qs@6YpZ^YNoxZlThpM3L~2wUkzMM;DAJfR6WR zB1r1Vhi=Oh7$vqjyYbMg#+Qe4G%py7Z}f}Xdyxzhg;lcBAxH|;LmpV4@W3Y+iI@<$ z2_06cuX2(Z6eXgU?98vY_v&KKMk3$@dvmI>t={tyj?cZfdDyS36NzG&)gzvA=rFqF zL@~8N*Y)KtF3tWu;lA7a3!4%zkhv)n*Q=W{TM3#D6kdBhcsh5&%{|ulplMC z(rF$H0IvJ_O|#v2ILg{o6j@#RW=?WXhz&gCV}P@m8#c&{0-j8d2!?+8@JspkBpq7i z^0;!q;*edxh0JAO2vAtb!o^!Q-{+AY+5~R86%T=I!JISx|9&yrPeW>7-Y{?I_%2NUMY; z5W+!_T?;!T+)3}ZQv)QNvk<`&jydmzcmo~el<2(WYqzeizR16=iq??y0$mNEma9O% zIL+)8KodyB<6L});10Q#IKId0Z)z2p$`xp8UwP>zZzuLc1wUhOH*uu|8pYif%Z+v% z)r92pP6jT=rr~*4hjj146r+uZ1pZqpop)5qn3!xhSKWIfK5%aCAc1u#KtIhW=;g$2 z{(0NUi61~|H3>^pvVzXRz(hGguNTip#dXn74p;iB5f}rN>q>g>08`n4QJEJ)hMN9C zZ<;a!Z{*tba=`dhPom39FZz7NkWhbKXo(}tWJmhVoFTMO5TgjgB3x){5$ghUbiU-7 zB+E~{`IJuHaA;+{fc*gGjb|%~tC91&zy!Z;NGuz&)cN);D54b}<7D6(-}kZp?%JiH zt-%BMOQaS<-i{CMLZ0EF^V^Tc_C@&=b z$PtD=g-7utlg;|gXl5CRMfcV?KAY$lm_9qo*09&1QR3X4c$ZHX1X0q9J*~7UBV8A& zB`5@C_@lT-n5EK7aWAYPMf``upkrqsUPvzHU9S7yL_4rm{VRIu{N|5$3FEsQEM#gs(oM#Pg8TMDfhX<4|+zbo@MP8w{aT$sZ^>WT9cFp zn^i{D+XWA}f*|X9V&LPeN4p?sZ!|;QO;P;8mfj=pSotGS(J4Z|04?;b@DK3wd=t51 zdsnh}pPm9-%xU)t7))Wg1+8;?|MFJ5g_1~#ro`P_(6H>CcVYOj*WA@2Uw{SfqV0ho zDrnG`2li~O^H!+K>01%Wo?T@WnD5i$f%^JIeopogA&grA_Mua4m&Mfw4pG&DKA;PM zj_OOD4%I1^00pgDPgglhuQC9uCyM(24_9v)Rn_-}jRMlrT}Kq8OG<=8cXx*%As_Cfm2Qxd?uNsmyHh&v#^3+F?;ZCGA7C){-fPV@<9VJr*A#g4`ydSzSOE~D zdWlgJvOUJwUNh!Sx3V~fE!Lf8{m+78mS0p_W)id|4;cB$`)y_|WskNPKd=s&>f(;? z3U;@tuYRJHb7-7G--LN^PzFF66TWUlu5iObpCZAYs7-{xUIcT`mD|r$itLXAgXG04 zC)hHbGnJ;e*7UP>}^R=dBIbNjoAN{ag4e6WaA>6QX1A*F)WX5ech-nlN(&VDXqY1MWjz!}Kh(7Zt<%2u2JPvv;6nx%S_{MEfa6CW591_?I1N{h< zfb|^8IQ^~8d(G}9DyiJ4C?HS!zdW9jdixJE_|0`h3xr+<@PK<$G!5Q}2PaQ*EGoU-F{=#EVMBNref+uQQ zW`=zLYfw`B8@Tod2bRH3v?xFQ;YOMbwt=DM@L#gB2n>I1r!^~EE&KA!1}t=M>Jz{p zR|7Hl-8y9w$x2On)7j4XYUKEI&62$YbOTdaWL@ z<0w#`6zaZa+DQL~v3EOanx+(BFI0*H0(x<#JKA8nTaxZsOJdxnJf8?;5B1YIG%!>g zh)Y_qQsxY8b6Xy5uF$;!Z)U&WJq14?=xHjgD-Y2$;`lMfo)re-MDwO zS`mf57$NvF(11typ_p)}d=)5C2~WEdZn~u)omxP-nJ zXsLR+z8{Pco7Yow10c3^eo;O0@w;bpNWoXwtU@c*swu|ai1x4ILIKz}%V1j91(pF2 z0$h|jM%lB%Mg(gB^Vu|e(Q4hRJry=ht?s;pW;M#ay1$kRN@eZ*09ZHQC|5eZ8#FRB z^qRK5>zq_u&YK}W*!n{_8n9HIMQdsGiU<`-5mICpcTB$b)!>)ZK3Rsl#aro(&F(0cLeM(I_1@64bsUjzn0lRhl|L%_<9w^9#wd+J8P={ZkF8d)VS3cU+xNlyyP9YV~~9n67q(fJdx^xaSeM!39%f)U-b z&5*PU5IRw-Fikb?j-z!=b;yx>)_DB!iJjnlNNra1punpv6|lIPM!y>4^RLyR2?o;k z?D#TqRA9ZT!FSe;-Kl4KAP!eYIS0DrkvabEsQulAZMIXgm={t@1(1A>U^2)F{8RD$ z&`w%gRAu~>j0l)(ETi#bJ|@hk)ih?&T^eA3x8rH2SyB`PCqx18?Zb zSSEa_^nKxjkqz+*<=i_!00%%WE@tvtbPKY#`dAuZw|sKeRCjR%t{gT30fL&CFQaZI zLB$Uyf1X}UI5d!Ke{Q`p_n)sUVukESZe4ApWxFtb2oAS-TpWt|w0Y3yTe2L$@5%P+ zw1M%3$DDX{IxK?Pq+5?KnP|pg3h-BAXa8DGhiUo2QiBpu_%^?eIx*T?A>yBRMUbWE zd)EfByrk!1rm9W1@7&*<#mD<7Y|Pp=MrHkh)(zeuyA}6mlx~w`w&LGbbuZJkqv|4R z`w@@4MMQo0XeiT>B_zSivAc1#U0z)U=Y=t7 zfe`gIaGIAdwfAOKI!^G4{_1{V>iUrg+|_i(7oY{^l8dD zhah|O9Yfz!+!8^(+^xT{EVe>KeG?R+-s((6)H-xc|4#NM%)!0B?D3^cP^upByK{=& zLNt&I*r>unM;F!A{hn^_YQ>7>dP@b2MN|I#>Bry?v7ED#KeHE{{Ze`Vch6C}8Ea6L z$BCg4o^12uf>PCsq3=GTIQ8vPRHe7m>Wp;iS%&>MK^VtBM@sM=j2cw~bzCg1m}N*q zk5Bx|>t+$1j_iuQfj4nnHCC^&7gsN68?~{~jt{*)t;qL-Sk7C?b36kYxgi(E`<4BL z)^Ws=)xSkxlT+$BbxT7_n7yj6iffDRtZgIi$o=Jl7n8ruOx`;u*uO=Y?+9(=#>4X- z&Rdu6?dyO4KtdjySXG!Nl)?&e~3au;^A zG2iHhj)^&z0{q5_X3)rsC@{#6YImI*1=DpO&q0k=oOxuzxmRrZ^T>yFb7=PB2eaD~ z$X0K~XQl`Y1j>-z(09J#9B9Ha5~3Gfb4AinT&#-WgvGSe?)O-OYA-82an(-A{)g)y zobLCSS)l0pyZ=N8NV{D3bbA7grWR?dw$U+b1t2Pc0(A03GGKIBnf}a^%m%(d!@_u5 zl(x!5t?@mD|BHK9Xtmz)H`%YP{Rih86#5O@Q}R!=(CkeI2w4&&vu!Z@7zqW6QzIMs=f+!h1KVN;>Qk9B|3Arpv+s7yr9rAMHZ;?Ay5 zOvs(Agvc$Hz+#DVVzg@&TCuMc-bQ{v+K`7b?hveZU9 zr}E7I-gt(EX@G1G9sq{JjrCUSfA96F1jJEOf7br=a?&Zw`DV8WJT%ScIj#2v9?Un+ z&Zkp$X@Ywxtn&plANA>^S4)o$=IBVJF*O-#e`)=S_L@Jz?oGe>VYnhwA8cYs-2&Xr zp&%%@C;g*InUT^?dqbLYfJ^Ij>%fF;$}ha4b%?!=f!o!u!hcz2kpd7HS&sAzfh98% ze0J5SR;l(skF^UoFUwIGcBgVr*@zcF%kQJ+==M zl<>gN=Y)e@(9qOJ_5BCXx#M+Kx>o)yu9x<_{oivwCS{oF_vFn0qP~&zyretX>W;zU?Z9j*I%1=f0F(iag;*eeTqEQo~cJ zt5cf63m#0Rbf>+73PV`PTOxF9Y$;81fQW!j`A6c5<2TOPe$Y~ERH%TSq%s9+K-z`) za0(x8t=+t%tVdtDgkNy@Dwym$7)r3Qx--KZNairY-GgmZrkCJxyde>owOce{6TOMe zOtJKehh>y!o;lk`9lyvvp{kky%zv}FyUMSZ;Om)kSXTGT0!-ErO0BL8pda7LbgPdI$5T{ z^bm)$6)mbJUr7|3a-}198LN%AF=aAq-2*N58q$VpRaB0ujAx?LenI6B z`CdUz4qRIhWRIR6sEVjO0fv`*Q^wuz&j}U+g{6pSVqgr|WArQ`SiK6*B~D_GLh)z5YkH-)G)G&kzxN5{fV}Ev|`tLo1m71p#2{zu5Fg zp6p>BSGU20$@g|&X2M>7*sM*ty)P0OrdOft(dFO;e*@eWR<-#}nFLPQsF@6gsK`cBXlz!3r$@PUn)zi zy8`)t*a;cMao3)z)s0q3m5XSML+>i$#0&g?AHa|f26G<|XeBi&bVzfy>3Yo5)~XOS z0KzsonPIDf0wv{m+W{)`PZ{b)LokV15k5l=2Ux(;BZGxj*bg$@3URp`RAtCZ2W@o6 z^Hm$U!g%0R( zo6U!vy>Zz&Rkz?}}{qu@bR-%m`TF+RfkB1YsegSv+(P>?C zdVfEiujw5h##+d)?20wTw0!bCKFl)4m1^Au$yN_!F7rN@w|qE@&z;d5E|kB0cCmb=%*Thlo$?oFO) zJJ~H}Xwjj-uz@fx@lP$hBa8LeZ)Cg{FZEqMT5KI=h$NT|EOBlL9kHD5EI#exSIf@M zKJrKzcK9^>0?`@Zdfyk~(|8_QlO}w~D2hisF32q3MLVlE9=wo$E0vbw#<}&K&VVFU z#OEzS!3;1YJricp@#b~$OoYEsj=$z;tQ1O!=j~DXCEw&Eb2m;Y_FKxRyN~c`5MA?W zsJCH3g_iuK3P`J~wk!i1e#v!)!MY4g9bBL6DDx$k=mN`oDmn#r%_?qx1Gib{_AB%L zWw#{4GUp4w3C*p?ia4c}pM`eF5v*?c=WM}OxDid>bKLWz!nW^S+`Mn@_)L+zaUe2@ z8%D@qVLlroFO?EB{nAK>-)4R~{)5z^S*V8MT%?lb=+e3S)9ubCWQ4!!;#EWKK~zK% zH|C`iu(3w&Y&V7SO}Hqe{$YT3phBZ^2nkfwRAJ0GSwtgRAIvugdlK*DI0ugD{@%bH z4We;}^X(vnWzGN&)CBa3WI0MBjnAc4kCnDq;NYq)5uC|n+MG^|THRZ7yWhA=3`P49 z4np5Bl1+yByxhC1_QjA-U<>UDkyRuUR$Bw4$7n%GsGHeVw+-#NWjAChC_$wEei`DIa6+R-2-}?+NHeZ&VRYqDmTQ^|^scui8nj00y?{e`20idfmeeg!8`8E4F zm-0azoYsnE5==mu$gCr;Ia_T(+I%o3^D#QP+UkA8sN2<#pCNO4m0s1b3eCpTZko@5 zeu_Ihg~yj|W)rt%31xI~bd)lShK=6XgGGF#uOAkEV|B_C69OW24+tE_zr~wBdzkq{ za#yp8-xKV0{%mH59)w54MGET$NYjpbULn-kH|Cf$%FWp6)(4<(Nq zDPS@+AhM0-V%Ly<2$5=GC1?$99Uj(rznWOsVsabdV0CWIjo&LCBYU#wIB-(u6z0A? zlLe6C+`5T=&n-6A`k*OY4X4hMKkK7$?5c`nTUE=Bo|}>~mC9&Sv>3y(Z-TNM1r&sfdybBu=z5O>Y6nOyI)!WC%%#Q|11ljLB>vw-R_J__b z%Rglpx?G1Gv1h~Clx0eu1sP+u=za})i;nvgAoXyW zD$xzzr>vpe)4)lQdSI7~{UK-iv9rQL5ZU$DHmwr^K8#8Cho9czDFm*wHvOW&9Ot*S z&k6pctNHM@m9e_hM5a(ZT`jsT%JOoQ(6SATe{Um)O=O}!F$jwz@QRRoKEXVm$?*Ie z$RGx(eiYG_AF)-rUI}IW%GI+Lml#b__)2B)3xW#T(biuH|daM@iniR9|SPy%0b@4)7+UU zN%Yf3E{*7qlTpDt5n3qIKAbe>a{;O%P{uXkhIuF~#}^RPXFtNvY) zDr7^2%6~hF@WgTzY>!TV1A?yCryso0pi}>=AZ?x3>Zj<0CBU#0`INCtWKt8}z}EB! zqH_5QJPfovKT?!S%*Mc9TcIII>|T^`Q;D&6E5xuvRSsUQ9b9>hijYCg ze-)^Fl1@*iL*YV&vOMSq#@xw-{pe(yt$k(1_+qLf17OH>=yRtk*91C2xN-XMft_W!|VU9oiR9Wf9P1as|PlP8L9Eo7!PjUcQr>B#zWF>-Q#A$!9(bwP;o>B*bBR zS?C!>yg#!&X5S-KjcUJU)=v+UI{#-gm(T)zUQ}q2+%`!N2oVJWDJ$#GAG6kdkYBm! zoWm~QZi}kFC*OfR)V~AZrDz|R9pmmszVe4NVgNC8mNsKRkl%T8q(z1DjyQUhO*3(Bd*SVPLrJvesT~`Z~)f} z;^q9xkN)Zzkd`gw;&r|oT8efSHQM#YGO>O3Tq5HyzZ2I3~j#o8cVoYc*O!P@OrDiEy#TMR6pD`h8ZMoeJgaef_gfonO9|dYwcPwo&hP^X&FeNc3L( zs>40a$Q?ZXpSqGk+#c)O**IDNubnw;_B@q+jx$IC+p!BZthhv?osH1fD0@tpB$t`(_f3EN8e$BWt?&2te})UJ{%b*IW}HKiS-Vw(c!`nOMeye%w+4C#{^c`t8na!lGj_av~T$XNBqeNqHpHflQ`(6T{=>NEAb z>ixqIl^;nMP~<$M@}3P14JBvT(nl@Z8N-`*NrB;FXntD{@hzq2dDL!qmr3`T@TU!Q zLk!o?0Rfz*9q5WlTy$OW+~z%g(vcLQ)8jwnRu%c3=ci-o6h_L;WLS+Fh-_zTCeL&y z$*2M#yqcPeU?Ft|@LGg}@Ix!6Rk7cHdZB%`nqd&d`{jrE$gPP<@^LLQm;F6iSI{g} zM*#~i$%DE2(FPYAd~o#TrNbVq{K>`PB5CR2Ol2^w`+ZCL{q0{B=bZ_R(?uMJK;0;F zrF{XY_#Ri<)do`*?eF`Q|KN^hr2o=0pc#PC{DTdP9t$@YITzazEt7okYLd&dY2(pc z1=4|ZAxgP8dfqJ}a`Mp9=4<)iBA=E-71IUvrYQt$z&tQDm*;{o5yUmzeZbd7U|I6T zEWmKJItS0|-4sIfcMt?!Ndo`8lGtv9=&GD15Qr;si&wS2bA7fe3*Nux!8*#6o$r3U zA`40xhB8E=LC0pY53l|%0th$X96&V-RNF>CG>lib%mh(7`dOrUu6*b;wUFl*i~fXn zyHmxP_eI*p%=a<|-wTZO7Mi>mY65H*ev@Au%uAFQ){o@K;NrQToS$od42M6Q^m8Cd zLIj-AS#(Ok8w8L6{hE)VzIWH}&UPkEBfwj6#AhljI33qy;~CZdyo$=qd>%o`hhtFl z5&tR(?BWR4F4hmN!62k3I%D-u3w%ln-W^B$#_b@rY$j9eiT80QY0z=wZrDZ$h+;;8 zP}$v|98(k!+*mjv9(8>2HHVlw(MuA=3T`Z!wlL>pj>53rFaeqCY zufiu93w|;=Tq#X}_z5Z&9$r4UaGB-<$PPHv!mOEU;QD}j&sp9SZZew0Z7FH+nF%>$ zC|!u9#tVO9rq({gJ^Fe7#UfA&BatG-$I8B6`0YWvrv_-Eo2ChRsQ*rUDMujaaUu!a zDjgEmWgAL-W6>dT!6apm$d(FUS!xSdx!aliX|_3(c64&W_0+Y&WtZL$pSVIyHDr&F z=z6!bWodW!r>=3676_F6PY?G0er>DXqs-(;-wZ`i(|=?{RZ>d&h1!bbGlBL?UNB)e z?q4iHfPzqPca=3TE*e8$MXZnzj7tq(Qb<}(CE6NT^MMHk3U(Ao%s03k&sb)JGE#)O zzkq3EiXzVa_8@dSm=inSo54O$er+2DJlyHD5+c!F{oN#8TA%!>L$er7V9;e^d2_zc zXx#kUPja$Ii|{Wwmw5<+9jP+^4YTIO{KIWF<$!;l&2EIFXcmuCpkEV1id-21fOkqk{i{OOi*G zn6kc&vCB^6{H&{4XU#gJ;qS7}xBcsE(G%7hX1g(L$`nawcD`x%l<$?21L=z?%>Mks zcuxror16uA+`W3@LOIb&EN&b1eBJg5Y2rDeU&3ZyD`mWw%m2bQ zf0=mJwpG^En*OBRdhk6~#v3Zz25$&ia2H5~mW;NbFZ_|jh=Y7)4U}`g#r<8)c_BC(`RSaib z93vj%DnvU0|9{Ct6cBl9P1Qs|CxfxO-;ZN# z3T9%u&9?ku9f+deq9ciEfcdRV$&mf_;_V7-GbrG(@@y5 zi^Z(?`!chXw+C-$iA`jXQbq1BB~njbKD7n-1$?fnmKTxftWx5OO@grmeQ(K}HiwAM z88L(RdcFfS&W8&|5z*OU ztdRlPiQopZ)L0tTeR@Fx%i=d|@+77PZp#rV)ToK7B@ljsUd5C$v6194QBVEZ1}HD3 zh|V?o;0|X9lj8mr?zuvYeW{eKQtqz#FDz|I{udD)Vl}>fhA?1vZ`cVJPor+CWOPTM zaH}?o6_f2_Y~jJ=Kp^afeUJF)56Do5b;Trq<#a=Z5~%)=OGLdHI^?yI@QksmU^T2p zSZ7Y;zD*Gw+NZ27|2Ph)6FrpG4GNb}i5`L~{NdfcWYWbJuz0H1PFEc#HVIa4+nI0V zL&XILkP}`x0X7bc-<45}vki|qo-xUBn21Fi>*nIHyTqtbGF}

9G6wc%oU_U+04o$Vr09n0Q5aokuD$EGKu;ic$GCRaI!aYUJ3?-4l>lXOfZI% zpCBdCtK_-H4+kSeeUa!wMZf(X?&p~3(hr(ox+5{DWyfhN9S1rOxi`89f}ZK0?M#pF zJrT1kWCVw!@$gH1)96?LYba!A`6T9CvLI_nakuNkkk160F^4vvGel{+-GU`SY?`AH zo|{sC1y~DFYupe9DYeFW0HNr_h@YGN;tQXk)1&iHG;oSF;Ap1!26XZMBh1&BnBLdMSUz7F94!0M+IH>h`20zUuK&&obS*mzsx#Oy0DLV zVTS6>=W7+wc6#@VqhfO)>YnyGphh80*cX+!NL#e~83gN$WI!*3yIUnk`wni}_^rNT zWtfrs&e?$&%1ubeq`m(mbo7WQIUrTX~ zgc+NU_RoZ7pmjITwI7-&blBfYwPmA7o#I{1IADtHcyJZ^i;K9 z<485WP3bz?>*dDxkTlDwxUB7b;|MGj=u)1bU4zxZWy$abcs(An=jk>gT$|5rLvU~I zH=zo(2=Teqjb0*$Kzsje{|efd>2GI;IC`KU!?9Q}E03i$YK~dbmeF4+Dq zECuE?$aP>&n`aQcmhdu3Fe&>TdU^x}uY9UI9nb==wU5qKNTjGSm3t))nDu<;%xOzQ zR%H|qY9&l_%;*p{w z&nT0+`hrf7EB{R%fz^%eG4bZt@lQLv!D&whrb2k0DCzTxoe=rDe>y}=V7oRj+#P9e z1+kNGDy1ExRg>`=Xf0Eekm^{JvCbt88KkoVh?fL?6DF5cD9(ZbRuJUQNG6AXL&2c zyM?m5Gh&8?H8tno3de5-V_qe<_N@kw&OYr?;pzs4rp^o=r{*0C7|o3&$9jC-V9N*& zn`9QfZyhw|R6!7BKGh6OXD8ppxVGN~w&t&Fu$~E_LqrZkhG)Im5uPEYMI>>VE|zQ& zeiZOozz^ugs=4IcaLK);1oO}TSt!o7cIjIo{CDH^PL}17avK@=EfV&NVf%{6asc?1 z5~9H;gLq|GtA7gTntco;tMCwFO=RrUve|S!{%#PTF>-P@DW8El@UUN5v=iI9&S9xp zG&$zxC+1;YS^LUUANi47(HHPK^qRfv-wetpfNjsF8v{u+h|Zw>n)#=dw%qHlAzm*B zQ@?WFx(Q}Gncx(-Piswh3_<`Hg;-jLz*uhp@)akX20#LLl9*i|rf34IgQ)xhEiT!4wZ(c$!24;GWO3smm*sN$kdg z74?;~fNnQ_nS?PT5gVuDiR^KX$7!pYv+Z$G9X~^|iWCMc%QGB!AdHh%Bv8>NxogBL z-t}b`)-?~_>(oNW#G`sef26}Zx4Dj3yyji3@+3q(r}$E11UG?oyvqzpkVjz&r^dK0&wSY%uVFRa zo7VH4jy5kcCF)9KxI09S_Q-m3Dx1T}q&xXAAmFoFF-&GfX0!B6LABzeoT^<0Mms}T zJ{`dxa??}sNA>}Qiwf>VHgDi2(=|XYRW%wl2n9Ho!Vziu3UnUcA`xhDs7XW& zziF@<>*=M5wcJnVHQj{>d2lr&WTB^@M+z*B2FSnwhm1FOUFyp&xgQHbsZ(BD{sb5m zWAasEqN;3*)N-U(H1iwX4o$&=W2MK=L$MASI$dfk)9iiq<#e?>nzZGKW}Z`?7M1%|tF>2aowNvT{jm2>)2VMxWpY2HY7r_B*`s=h@m5wCA^M#4Ofmi%AP1TQIr(@Vr^(7o}$Xa5*^9NRma z`!9cVLV?9h=OmOYZzVf*=Rq#d8|_trB15KtPekv2yUf2fY;q<>2`3Vr)So=E&YucG zH}-sUdXWu`xXDuQ&6J}(*v_++Fn}y$;6gw%0WQA<|L?=Hkgs|Bhw(WTvd1*pQ4wD= zcd2$teQI4ZZSodmr0zpxBuy^<}|A8MYBH@kkTAK+qj=c6IJ7Ip4V#dw&wY`AUY7- z_1@0cdEUCXIQb|1Sy>LxNy-%BKG7SGwI5_$SD`rUS;4avBkfabOd6TiyLp$Z(;}bl z`dq?21lOM^Ie|>XsDwd<%7J?DWX< z;#}xY@LE2F%ZJR}#8KS3;%cpN(sNk$6DL_S=Bi551CjDtJ^czBocBo^ct-W+x$avk z4bEE&Z};TYD(fg!L6HflEaufwr>dbsfd-d86F(v9mBOt8YCtAv<-IpBUAToDA>W2G zf9hsEswH`c7m+0!L9#F0_TAd-7xRl8#RytH-=yns*!u}LD`W44+TgYzWaue!@N-ll zkFP2px4PGJRwg@Z(mBVabG(}|?QmVKT3$=7kEG8Ds@{o2?~#z3f%B57!oj ze1@)CMo3huq>wxIe}uIF3!nT!{ba}bjV)!(^6bH#sZ^ILfy9{B=QJY&*U)^N4du;P zhVR8QO%&T)KL`!hw$Q>_Gg8s+K8>LSM4V=GSktV;Yiz;SZLGAL>W}UgQxeJ9!8UEc zFOlQz3*)xm4xb@!b+ko1vylQI76KmfY&!msvFKJzI`xG*2Qw^yp9v}WWMc#XqdRjH zcBwj@K&%sp0$gsSY!&BeTBQ(7=Ab|8>(*#=wFM!pr#%(Ecb*bLVOZIcgG9L!YS5~{ zLNIHERak_FAZ1URU!Bj|iyZ|MFtb!kG3cvlg0P8A$F@Pm2nh$$P#3@J77wd@vZ88{ zL9JajGo)4-!0UCVLQVr=jlfj?99r&H1EQK;^gMCNs{8q9XcEIJ5XWs zQW!YNsvba6bNp+ZM*OL6^j1_bx4e`+6C48xh z9zkJ$e}AMY)%#~21lp34Utk~34(6fwypr|Sis9-8QNNxF5TrS08bYg3A_$=Uhx>JV zeW?P-(Tw831X3*4n?1T|qoBB)TeGGK7qngqIw^mRm*D^_QIkfqBR{^FVZEn?gA?P^ z^(T9y8&2i68Ge{X9ACbC2|-hF#(rTRMi-GqdA^u%&kSl4KdBpd_EdTAiZH5Yhxl=7 z>e$7-5G`}P(l0MI%wu_l3XMPPoYSTo7dY`Jm9pxQr6o_3#NFI_kv3NU{qGNgvdVXp zs95(OLY9|-pL>UKHG@)Bwf5r1S#kk=*eC;V2U94Q<={tGU-?;h^UgqR8S$R1&`Q|t z`Pmt9%#yQ@yfsxa09Q0L?(1<{O+(~5q}x}{L_cNbEzQVkZzLA(l+1PDqCyFEr| zMAhlFqNg>cSEfyGi#wv&Tu(zVcWT;Ma4TbRbAn z#Z+0cGcyBO-tTkbBb-8%A>71`HTMjz;dl{j8s!m3_{6y}il=(17k|A~7gVo(nGDK* zy^tSP{}DeH^2*>$J*WBq%+Hwk6lp;TD*0CDSS!%zOoGq(5{Idw6hSmh!t8{Qb7?@N z$i}TyE!D&L-fuj;|2FVsHBO%mYZTH|$%hK<)u1O8W%TJfrAd}*cDvo+90_b>klYIi zPkFFc$$lEQd?)Sa`z6AkDve6|#gBN6;2M$9=)bUSGwh0_C(tQxm9n7B!Fc2ROtH#q zPLj;yLS5u!#-xgRjls2Tl#|c$e`o+WoHzSH)_fopv4!;tg-)1}$q`8n=LKAtcXN2= za%(kOGK1)~qH&Ln&ad`!>{&CzCAGEaYFZT!BfW=vu-ngwR;4Hlt!!1!^TcpM1C&R4 z>K9q}YJnU~kDKiRO5cUd>{;Yf|0Lh`>(F8@O~$ZyAiw=x*j_(kpOk1{6qpW*cQpZ_ zz#ud~p_?-zG{K&e%{jX7Z@g*D7ozVoa9a~x3_22AcY>bHZsu;~K9CDVL;87-JqRwB=>>J*{koRQCXnC`?et=L!7&?BKW|p`baTD}{ zq!8Qu^INASd255}shnaHKt^uuB9eu#Lr$NIYr*|jM)e-O-(p?>WelwwPP;#Sm&wrB zTs-LPKmVNb5LG*>l7hVn3`ACRcE=D?VBTnr`ky78a94ZJI$mC1W_k>&41BO-XAY~; zN)A`&YHrDze~RWxjTa+Y<#W(}LXC-+_YyN~g9ee}PRS$$P<~Hua9WmnU@3!30m2*c z`r>ku-;4DNwT!`>+-!vk`oV)92ReiR%`~CV&{agh+>-VC?PK|Fv-wmQ{Z^(~M^9dMkgs zG>#iFP)iHABnjU$45aW5A2mBNTtqIbt?v%oR$YrV!R5ShKG8qN;rZ>4(^cKLpCWXG5j*vk7U&hA!N z4AUdLFw%sGcvG1LM-WQ-Zv06q&}w;~+8+)A2`T_}0A!cKLmd=ermratCqD({$JgUp zCf&N&Vb8PnRng9=I*MAf$(4zdE6s6)i;M>GW)wZ31oWQNy@V75G)rFu@Aaie6qAMU zBlUT>oL}IEKkC)=-9Fg%@H4S|HENj2d+3eR-4BJu;7VJV^A7%0&)V9etrt>|wl+u! z2kIxYk@tE+Agi*wAgE{78T+lyd$}T{CofLLBJ}B=Dum8jK8*w)H*3%;C8Oj83omPw%De zI%(WB*B)MfljKq}b-?`i+?ZpwN^`9zdw2u4-4|~}YlDp!5)d0wR_Evs&(0EZ`LDa@ z87^#8+NO-QR#J^9A|mSRC{@>p`OKddPP?r)`1%4q2Rz5L3I;zJi$3?{#{x7WYo{-z z_jsE<$$Xhi?bf+apt0r(Hz)5G<63dnQww#Md=8N7tL280OmKy?zOJ{7H-3Ggf!f}( zj|e3Sf;Bs!;d@kXw@OPCY^OuK#B7u|U|G~nHP~>Boo3%d0n7Ou;s2v0XvdA4qmdSg zucA(ChHatMi2H~A0cthP)i+u;9s;SGGoHWYR?e$ADb-pr=f;e*ooNnyCtL}n2Jnjv zaSG~H*3`Hgbr$0VKx|lgDi=UKo8JBDkD150H+&$m#^`VivcaHfCBV|{_1Bb~`f=FA z@_&rE;20U;wH}{G`P_O83D$Qc*khO}Qe%NAvdX1(Kk$@Tplx%pMJM3oY;@d9Z;iyo zs}*O4>~!7akcY{L!xb5%)wji~riRBxsRRROR_0juDcyYWI@qFkrHa3!7+xa9X7 zn;P8yZ{p43S5gG;8k!@X?lIc_oa)O%9^z&g;-Ttz_aQO6hH<5r?6Yq8ZC(gYl3OT^ z!~k*M1t51JhzwE8*9UeZhyjNB1Pr9aZwKR803?!m^i*^FVP zG7Gd68Rm+k_e5tZxL#kOU`6Gz(Sc({E|9;{^2YUfeVs`1%O#m>7Sy*Xk_v-5z%ofkC-tMvFNh!^A4yOq) z5RhoZm;{G7-i3|IIP}kPoXCtN7(yRa55{jb%|i;dzbLjvIgIfad96%2;Lk71nFMdp z{T&}!?2?P#UL+Fw`)+9KrOk%890*jdb7b495=l+|w&fP9=*EU{TyqK^7?y~60>R9CB?rSde`90&9IxNL2Xe_j9cws@oiC*0&MA6Ngxvm*~bKr z#GG!}!1JT=VlB6JrV>Ym{uThLljS!$$Ztfu(BPo3w$b;MKR~ODmezGEFQtTTed;AV zsLFAh`B*j7u7)Z2N0Ui#$)AF`>y! z`50*?xP|;j`O*WB9H)ZK&rj8%uJ=~B;5p5(W7^&vTHT=H@5nN-W z#)CgUtHzAZ>}EetI190EM&p3s_2v}nhJ{s-?tN9ViBWW>;E)PP>c27*R2k=F3`MV$ zVyNEzKu`{VGrlHVH59$7A_LRub(y)4{w$<;U90D?X`fi5NPTkNp3$4D8xMBc?rOoR zw{3oQTm7a;jfDSogIYeNt4(0~&;Z3!y?m49(-**LfUL+Kmj~xecH9sW(n83ZZ zr3;+an)}y$7ABYvHh&Kv=jIQ70e4<#2eV9qL0qjuy3OoJTwR()&ATlANz!%Ik zB6`|GrM9T!+kdt|nUV0GVpI$t(0){V;l3a(e*03nLY?5ss6?IrQOrq}?fpg(h_m0y z;-%wDU_zQefI1ICZ@On_JYE&s2=FH$tVBgZM`~yJUPV&Gl=V@;V&oERt$!wP#KSp# z-E9gZk7JG!cxur07$ePNnb^#u*c4WI_)u-|-%UCCGf$4Ddx8px9Uud2omxdntMNEF z3VoCCEnV|ds0ijrB8?H_<)RltpFBs#^Y0pd=~nm%ivMY6ir+ZY@bWUP3JMA3P}}Te zOl59^*IZKGHd~;84S}VTZ6*x9SF>sFANisMM-&*wQ*4Pw>3yjoqAaQ1JeP;>|9;TVzR061EU0hT%{&Q|Bhp(KSsKCRhyLCueRYGUkUM*gmz_Ww_Bh#M!F+dWiIvA0c1c&j= zb^T3w^)WkSr*>+Jr}#51i&1)){A;UODk-P&>P;{oMe(M60EuTqK}}7HE2Tyh#)cG8 zn)QSqHj5~gq?m(@6=5}|YUOBqBL_i>dR$@WVq$G|zE=%m21&7g3psPr*vz~{XIt;w zcR>EX%&q(F$P;B|WQ1-dY8GW%T1Fn5G1g7C@XsvgCtUG*q1}KTDbwV z3WI4|LTkaTuOwkZ;R$_Qo6wd9hJ=Ta2*&?3O zeMslABmfo9c4c%<2dYASq_Q4Q3P)Vo1ismvW^%qNkvQyq*>YODeeRj-1aQ{kz3h4A z6K#TJn^>w^jRbOM;Xis~DT+n{W=8|MJ3{X5;SEg5HFh*n;S9Po(f)jC#wTmN#I;&Z z%j~I@=ubCT@o;a=v-k-VDFr>t5cNmBUvQ#xBY^;Jg`Nrb$Yp)HCEOx9j~9xGw~r#)I_=5TBQ{%r~DQ4T}dapG45>PTBd zp9!FV^tAJ@pRG}v0ol%s1nb*z`KC|r(fCC|97MmAf8fd=qJ5CbRtED8(~oGiTJJt9 z5LL%8s?j)n|1wuZln4CMv-xc?tpORvTk`6QYx-G|ReLN~d{jSvyQ8xJ$xFh@|bIomg zGp-`CJZs<5nI#bn$~sUg^Cr_PlUHjyNx-o|6OM0_yp_5j~QyrK@)v?lGm`!s;JmuZD(( z!AGzGufTW+y#F`++AtB6i0LAdGJ*qYP_i4#6bxFGLB)w_#A$CF1FXrbwx?FR-qB)j zrV?#oVN}K8O#NW7B^p=w5&={}wHpKc>2DsoA}M=P_&Ctls_f?V6}iEoGqv`MU7%#( z3kj&w>H_6U14z$hz+%rw0F<2tKS9IE1Z8CJ2Z2H%OPTJE_Fmw)Q09DFDA<>|(?11@ z0Y&SP!0nRPhZFQl=4U<%$*sq8iRFr!Jo~G@M~PWWevd6L(vx}Yp?94)#hU#m^Ae>6 zJ&D!JU&@2bC{ScBuzAaL@KM!718TMPl+y)6!DnuN$on9H0}AAZWI!z&z&YL8D(ZcA zHmzG_g%9f3!kWA;ib}xgOp|mL0k4_CC6R8c6Zj_@6HpcX_c-Sz)n`cmeltY`4t`R4 zG3>dhRwnTQlz~A0ZVq>YZJUuQB6kzdNB#spEjR7NOoh7P(8paC)F zr=YYV$ouLfOY5h0w(XxU7>~`15!51YZ}}vGut2$$Ajta#fcA(%IMro2H16OJDWWDJ zq2JTs89(2jRRclnPEXa&G;k(UFtu-Mxmh>xRoKTfp52HdMpA;R8u zJq)8Ywg$JL)a?D{M!P=d_^eQtffdJOoMtVup@zG(WK2p1xWM z0?tO0V=o!_C!u5~QvJt27}dq2wLShubPg0%h8nYUfa`T-Xhk^%EVl=v7-reZYg)~c zh>7g#6s|Y=^Ffca(%4iH7K%#Ckif2ob*M>D$~?1z4lsjerB$@=CT>)-Tw0(|H)@pia|L%jz#VtoEoViUU&(gQ7boPqF$iE z$(xF+%U{!xu8YjS2kSkzsF!4+XmzErp+X(`^fy}=CMd+SH(l($?G~uk_w(~B)Xfj` z7f%zmqr9%eFJhVR1%g(`KR}>xt8{QzK$$J!lLC!2&R7v-9ypo$x~FOnG$Tdz)m%Ck zjuO3p;$pO-v6^*GkxOtzEpsgX!}3eZ?RQr|$ssFr|Lwip9`H%R*)E`hbpVokpPMuh^0kvlao*V`foub=vv zTxcXHU}LI?mjAQAdR0 zy%ev^FE(!QdOekT5vjHlYhu|Ge`DH}?=f5o3(8A7E_fI~#6YbSm-+6}En^GltIu^! za{^pu3tHXqNOt@FE9!+E8=|1iXzMC}#LJtVK~?z02A|aY@kdE3p)TJ$DO|q zeU3LU{AihiLPS_E^zL!RTkK7aYBP#i76R5QI3!`;z&338)ZMV293v@EiPmA6<@?-U z8c)i{$A@@_JH-W*O?B+@hH(qvi^Zb{jNxFB`}2I7L!(X+zM?{m@W*IB>Jf#rFDZfr z9*>oluSKnZ^1xiO$M+U&iN6&6;Q&E19{ET*y9(^_i@ul=gC^w4;j0hA)bZnToZSGzw6F85l$+`=5jkPG>UTlS~( zUqOMTq^A{gXuTC)8LP&8%UACJpAb*Hbu#EfkUdB%5~dOx#Olc{9m9`hxwgBI1%*j1 zVm(LEN*&b8(R}fL!LnYkQ;%pwGY5n)2wb)|@S_GidslK&1$b79sJ1wlzlZ0g(WIbi z@nPnyA6OUUPorH378WGusd87jg|u77)0lgYM6pZz%{_3Nar-;Xc&nfL)I2>uK0k9mG^*5JC1SxXZuGp#Pey=vDv|`a55x82O=jyZTk5JpZ7aI1i-tWX9 z;{FTB^$^w?iq4jVR@};D8DSi3(d?io;YJUa0^}LW9U!DApra5cRwiGnT4SNXM~G5E ze$!4Y(8?kzlph<9aJlv3fFJY(%KyAO2C5jFP~)-x6wD2vU_jw($tLUGmvenf0-u7D zL{w@=afV+RB|J<*Tw@1? z1#~-sGxaUKnL_cwU}6#PL4EEiPeHrJD&o?fV^8cg^S zE~=URO3uF1 z2i^^pXCOBhMMjvSY9XO6MG;6&cK!~jIut1i8ajk%Kz z%r$ibpNN7_2yze@WyhTp&z4*ePqM*%i1`Af! zFmCah(@i{nf+6h(;k>SLw6ZiQw#mi?=7WT%+A(7t@eu>*sX|$x)V$p*JR6@wtOPW4 z5RC~(vx?kSJM=zQi5*7!`&PA{-!Eb#7gRoTh*cdhA~4f$Zw(3#nH^*#r>wv(&~ zVO#8l_YU^`YTL1m>>f&uu|XzuIGmo;4J$l-yWpUq?ayAiTjyqQ_0>5%-DrUE|Jo(g zU7oiZKk~2czQ|t>Ky*;;@zDx!pmz-~Ll&9{T%k(E5cHR~c=gt_U=PvxyY_0bTo4fp zsQQ0?r4B2ySukH6+1rnR8G_d}Jt&qcKS-@%VIn{b#&0gy)t&^{-( zF5n_>8Gag?Z1zyNt@C>q+>_#d#;BHXlZHntx&pt_Zb{fyx{(BA$me;ScSUQOk^vc~ zXwH2q|07rr0+J%?u_a|wK{keM~@p91Orj}?x~!2CLI@gYNW?6$!;di7N1 zsu_S<5WNTazZka|5V|gZ=Jmfo?%uz;YRD;tzSbO&EF_93-Rqbr&0eart(v7PotL7q zRKIyn05~?aS3EA9za;tw3=up#)A?_R|0>N6y;6H09>Ia=+C{|o+DE;yqxplN9n|!g z_3Xh%aFVD1tQhlMqGt<`GhqLm+S_1fZNv1(I>Z3SIxd$8Caxug4@~~vU2>o12>Z%^ z`v&C!Gc&uya5BNB_KggdXAyfuZ`E@~_UV?bIB(IPQ=<6>0D)6j?>ON(rQhHDXAa(f zehv3jk@3;X-a}XD6=VrMq#Wu>F_6h%J1upRX69Uvxja!%f;L@>dOHUdjaF5I(ircA z8Pxfz7Uh8xbGUvn>Yt<-{>Otij9>VC{`dAAe~^j11GH~O`a8<-rU5C^z_YWQ{u7Zw za%H(p_m&(`t!h!$_960I3Fyhh0QORMw#T;;f-?1jAt zOGd0I)(Es*vrUYkKX+TQc>p*-|3Har=Tbm@E*YeEzm&W5Lziw#>}w6aSuTFSt?o(P zZ!j@2KaPg+uaEPCdLN}+SoY(S1#P&DGU_?$GWihUm8d%r3vQ00{nCD*1La+^a+dQk zCE#OrnSUN-(g3P^RQ+c?cd#4FL0uK*fWgT`qPXC`0X7OsTEP_1cG1}Md|73hXa0L@t zUEb3i<9YL)(HDUJowml(<8VtZA>HO{%eE(;yv|o|LSa#cl{5`@Pd^cR645BGwsx$K z)vRp@3*knUK2>PhJ&9pe_QM;m4Z}bB8UA@&q=7MkUxZ6*xa*N^;yLTIU{%HC8Mn|1 zzP+Icq#CX6vaGF{;o4ncfQQ7h%WT+)5?laH;rBl-duA5-pVENJaG~ia=@)D!Xgmms zyLo&h(&JA5l78SK3G>3{)B7aR%Kh=6sok0jBg^@cykNBs`uCduQ#r!0Yka$}eCA%+ z*55fE4^K}P#UARacg1<5pc9J6$>v=Fi~ek@2cY+NNLa+n>Zt16L!(eITZa41M(zE5 z>I)kkWgGm>q>9VbP{}U_zq!Amq$hid%6~12NA(q!v~#!_!Qse*SBB^6mHa8d4b@YL zzAe~?)zSq~mHg)#;7bTL_vbVOmz(VRFpRsX6b0zcspVjP{@NJCFunW8`5YW+KXpIZ zXzSg0j}^3>1+}Be!uI0Ar*%5@8G>4xKHsXuKJP%Qw3bAkSiTk9~Dmhv?3 z@t5aPMWPdwAT-$=&poLGVr5Llgx0W#%fN;!`z7QfL1&Cy(jE{@{#9cK55~k0t`wh3&Z0 zs4*#=e*A=55?eLYToB4`ENE~I-7+YzJXoZ7pZGdIfnpeKOYTUxK>?}0{ z(ubHS!k6ix&4YxM2nJ!IXFU^vFQV?`Y`YD>?=>9 z_PdwI$9XJF=39q-g`Vmp+w|YaKK&hzT_K2hF;%2klj=yLlU7enJ}D5( z^jp2Ly*i1US*v*4t5ht0S7#>i`r_%L%f8uPQL)TG9zu`R@`a5bdsJmkE1W(je}2~F z8`~Z4e!uyk^a-L(iA3>J>W@3_heiq+l3aO_!^OtIhV~7YnEWhm zASe6N*q1(n+q}n_q2KD*T36dFYWKgc^daHOdp%cTwGf>LY~K0FY_Yso_?3^Tq{CU; z8HteTPh{*U{r{_&;QWqpTx$Yttd4xB+c_tU@Z>-jg;;ZCK2xq8gPV-Dhvc`7YeLW& zOtN{;BONW{kbNw|zbpP@Aq6jbFHbRkP)-Tbk3~eN|#6L5AX0t4MFd$ydsmK6r6l z_hdIHJJwgZ)^fKlYO&-xie^IZ@P$i$g{VHg*V=iJ{!Q|>ZgmpB-{@6Qw`rl*WY=zA ziu(-hEPd`1r6?DKI(;Oz7v-(I9PW<~E~4V=YSW9@SUs;lbcjeud&K-vj(yr}=4*`? z72U(FpPfzoWj|#+e_ceZVyd5NCh{hpmg7D3-M!m*ILlKnvCaXv-C1imXrzwv+F6?W zKJmoRJ;!q4%yfCST(_ntP9&;!mDoTY_c9gaNP{AJBFdTP7EkG7!MCZX7t<6bA)bF_ zUUBSsq`+fd=S}YE{;6be?cKHI`>69P)%BQVOff{pxsfmrerqzvx1y~c?=c`J0ufH^ zAM`Bb_r;xQRNB$k(#ahXdkw>$Z6$T9T-W*BfF-#YOwt^oI%)p*(fy6F;iu2yq26+N z%(`|(@CK&;hyEQGmgo0USs+@~q@ZgRW+Q67hGLJDnuwW18Nfv$k%U=(96=fQNU0EG zt-a1k<+IoWO9l4c@wNFJjXGhE+&(J(+Gm$ozbH?G9JlVh>*AY;klD@?uU*XS!Q^y* zr~CAJKpVF~J-1ro?LYGyZ{D!;Lg}^SO~?B@!Y8$=eyE?48g~wt2D>tN+^bsqK^2$| zcYQPigh`B=#z;fWWZ{18^KNPRAsjsmOy~}@Bp&xax#Dr>8ig>P*iW+PWK z#gs81ZFXXv172RTcsi{zbi8);cX-UxE^fLQ?Z@m_cX`7f z@wL9sf|BIE6cYZa<&QUi@}cVV^?>vt1BZH&Toa2gzu$I}F81AIw$xi+L4Ugcx-c9X?1)1i+3+VqM`;u1SmaU>7DQf z=DQERv*FtQ^K(oCTYJrgqR)CV1EAJ?nz;9P!+WH`#L1@CYjf|@htu|yILp}$0iE`k zvJ69awSb|{<1nj95B+ZA=!gXT(Agv*vYAWz8WgX6Y=a@5}S z>MDcbCbD1N?wGmor1gchr8{9=8HbV?XX)Jh zq%t7ouoU?g3U7YS=m!uWi z^bdAo1}Pb(uf*5HFFbj=_;SZaI9uzdl>R2hEaXvn>61^i=8cTEqSQiX+wI0a#fU-i ztnF`UcMNk?w>UTV6AQVP|87CO>Wk|h-YMF(I-ffCCv7C>+?YrXR2bP@`pO0EdqjmA z>nNnW&jgRXx1Zii7t|rr1zIMCrz@!;|4V%0fp_4F8s&?nUs9FHc$I8rk~c}dqn^Ye z2y_Yz27Qbb5gVSURq1ug&+jdBgUK=2cmSm9-vKxe3@~> zd09n=tDZqEP}$43*b`vO>V60V>u1Fqa_Js_Yx@NVKXQX*cUG2u-|D62(YY7K%i6tp z7MT&kh9C8NW`pUO5l^n8!T7K)W6R$SXR-r#mgsaTr|V4UBN2 z_bil#w3dPm%(06(0@KRuvb3l!lHW5cWv&wf)gg$Dw?)Z|*F1|o6unMf?=%o0>#Ei| z7viM0UX)rj*&JDx*=-3oZjQhBK#KX0+MF(V1M6`pu6zG`G=%@6@V@x?(x=CS$jn^L zqg2zbAj$}=&dMb{b{J8X6xn4nypT&J0NO4ytfGX(P=PjqWo$hMHE}5tG=*hs*C~}V zHIKdJi0GevN$49w^#)zL@i8Rt9yqlv+ebN=!oEaTf@q{Rs&Ib+P;!=#1r> z%T(oYPsWbZ;V)J)m$^QrOkCCa%rajSf($F0q067q7y^I{a)+>-=ZFjjh&`!R3%EA1i{pkoj!jP>>bPe}Knfg1qo-x$v z+FlKfRn$ZbwC3qQ-@a|f3eV03oE0}GmHtWu{!O_aEW;gykau3@RxUZFt1Mi)wMQBR zA)p%{rND?2c!4z)XRUXu^B!jkhvYq4v6+oiE~}>@LV9^ep2WZ(bpy^;Il9#920UZ# z|2SJ*@g;A-eO;-x;dm-C>bMiR?g~(2uB(w9SYEy*Rv3O(KMkzT<|t|yP)RiIKeGt@ zW=D;ZgH+?}z~GCrG87&|1maPuhBGU4dajsIM!?`)`{i|w&S!4 z9jk*wh8%3Hf)j7^Untw2lbIN1tjzv$Dopcxn*OcmZiK?QrER_fQxx>5Qk56drO@Dt z1*^G0h^Ok`stHA3@Dw}eKr)ykJu*q24TrMq)_k5D;cn^%%-#mgiUrz{l z_KH~eTX>*m2&RNps(ElL=>jkO=fKw&f-=53TJXU78FV|KMlCNsM2F(3G_S&s66mGQ zVZq3I@47Z(ATYEd7~1&F2-*42QDEq$g9us}P%x!HV=bR^US5HDiNiIh0Q2$=JcC!w z6^8H+f|vguBy6RqkB1k(%_?K6%=c|M82(YD42IwFQ3_WDJ_qpCNL`j4rOx?z3Gfpt z_m8t;g};1F0X!%Bd*l}U15XzA>h8P}L%npo%y*7-N$~XGD}n!F%~wNgIVXpK1}sJM zY>qaw6)gN=Vko(nF_GZ?X#Xk@7J()f#pi;NK)85gSwDr!&Yd*C8X{|ML3WB-HZ#1N zA%yN=&@%-WaKJnIuvX^r2o;8@>dz0}zt)z~kQygb{+&nXxL3`H`}<}7XJg6VRSXny zSvZ>+kSv#b=D`Y8WUc@jS7!GJ!%J*t1aD&7q8Jpd2tuq7`FE_jgzk-m-6a5Dx_hj^ z1D;`knfWSXASdnuxc^H=7`)&Z7A+%=!(pI2)l!J)CoUj2K_d!0QfGh?EEB>ZLMEb^ zBDr9Z(f|TKNX8WvMoMyvHbZd|f zGMz<}8LU=wT>t}yH+caT%ex|V{oEH%1u~L%!&ulJ2e&cTjru#?CxDS}?b%>-P3?UT zewdky@?g1A=_6Op0Tu&O*(*{wI95h)P#jW|ju<86aH@JH3|3$+9QBnEhSa*8jJhco z$)Lr#mXxL9_B$N72Z}Mrco$J4GP`)rxeB`p`mgY8)tKw75YMm?qve0_ewVT10JtiE z_nC37kbl+1mN&1z0O0b!M6hlrMC(YY!Hz>usZCX!N1UdE6i&aupbK4wU$HoUC5{Rp z+!=pR0=!-ts$Ls94SO|TWBo?~p)V_~Sp6ZXvV%XtA1igl34bI3aIO%q!x|9nH3hi! z+;nk-pHMW>UwTlSh@Ge(opHO0Q4|z7jy5nbfN4B|6<9cz7%62LAE5W{&Mjp~3HLes zZ-+{>0Qf-iU|Qu3eVCKHvc~7+6$e6>chLd`Ty%13@QUozOb7UwA0+|1f%2c1I!M3P z=WgmSSk!Aml>l%>Qvi9nytB-?aBN_KC6OLfqb$1^AOixdazSehX@$SJBM0DSIvLDt z69@<9=5O{?6Rr?NfAhu;n(&PB-0Bs_EviX9i6kOMH-26$a?pd}q&M*OHVh|678%pv?*Rbk z%XlBhv{QchjVgo1`{9~F8Qp3TI(4MA@QeISlP^qn@siECyp@X1qoUU^BxFJ@b(%b{y!1PSytpJjs!Iv=nCG#?>%^&fOe`!BPWeWl8 z&|HaELz*&tSLhx-nAd+eDudfX4rP~75lb4Y=v@s_6{ES zUFJd!&>6h2md+nnG*@ko!K=w}elsR!MR|t?r$qj(Gk)Y?%mtU_MS`>^uws?T2C&3a zL;r;BhN3_H%?6bUCP0R#U=B|9q6y$p(H~n3B7k)H5DdxqIxAj6(bx+j574eid=1>U z;PYJ%RR+~0Ok>0xXuTBJp$+kKoCnucPFoczZl9W zoyJ$$hB)0+BW&?_Vp zsE@lE|6ll_1o*j%eLmJafAgc7L6X2E%5O{Tu;(v9SIz7Dx)T~!;W;8yhN>hoYAVSbdqU-$g;pUItZje_OS z@gxQz0Mi#j>d2$El=+f-?948vu}$i{Ver;^R2Of~`Pj{%)Dtn=m-R@nZjsDgM_J+T zwJEZSP@8E#hA{ z6AJO)(+fa@&7a2-2&& zC$m>pQh!l_q2<542BIvd;7|XaJitN_tOmlN`Ylck47ZgNtgxI-l?M*;^%Tg3#U5gv zQl)#jmlyxMDnd8wUZWsHFWE?{m!Ag z((>X8$1bcBIdR9eQ_j=L>8k!q(Sj%aIt4%rWbisK6R?<)g^8m|hC-#y#7%=wziL@+ zaV+;LJj6^;d4AUgim!Zip&2ajBXcteO#wd8FM~kk(5>L?I#2_%c@R}!ntq!a1sp3k z7q6v94mpvn;QS$!Iyn}VLNs-pb`2^|s6Zzsj9!P4&CTyAF?3$8Ig z5}3F0=t$*$Q2ut+MbCjnmM(iFP`Kc*&9)UycMP1)y=Nf^Ubpf#w?T+i*koOwfXCet|)CI1iHr`e=A5%!$o8AV5_WXph ztKr`p%Zsm55kQaXN5CVxT8yVZtt?5QO?5JbrLO@{h0fP1E}?oMtKGorl10wj+UawXFE76j0n%x$I| z8Is)_HWsWk`0S@~mueK<4?-NWopjzYz-}lTQSJU^@zBK%t{jE__p5>ao8)=ZMH<di{A5vJ#q zD2X*32fx9Y5Y`|>Lt`cu#4Y|mfUrKh8#QQ5S;hp$-rc&P{00pVt&M#L*&w!U4G|d4 z{?@Q!PvCNBhG;BTWz?0~Evynl1Ak+*0x6LGaVMsnrpn_NgT7Zy%Z*E8otU|tU;hd_ ztRC(oM|MQY0y4A?z+_<0z61>Qf4u!;7GNov42o>HVCu`67I-&^N*MByzR(C)U#eOg z2>l~HA1i$&M)?K^5b9{2fEw9lGQicjhYLIQYI1vq(2P#0>1`vvtjU!|#|ADCv$$)O zJ%i0{7aAaLgkpLDeA57c_|09@Du?IrXI?TO&0g9fP8pJm5K>}p{ZePcO-E9@`Z+{go1Z`Q2Ukpa$@|<0uwS@@c zpu95k`O@p7N75pvXruKXcj(h?Pr!$YZA0+r^! zKn@@OdQ~ZX4Q3H2`u#~#gnhG$EvKr^Ix(6bb)s?0T-lA-cKM)Z=Q`Fdt^<~2e~%9W z)tm8F8ANv-T0ThDneS~I>#kEPQx>f91|lrmm{*g={{CpghTeCjlDM&qx8>Gm1N7_i zJ)kC$-bv3MAVEf-u7YlcB1HZ3XM<%Nh(yGx3c zYf_^Y$!3BOT22}vBH!Oa!O+@UXkjOFozufQK_#VCbFnD|3r9?nut1SXJ5#fpJOdOg zT9zDTB!(%dkKL#Wc*yYC7eh)H`TKEV=^1?%sqdGS0RsR6&gHL6s}+5PAqaT|KMP9$#)Clx zPz7H+L!J{Sjsj3cAowf86Ieyd0>?(AtaV1Mk^Jt&o&-AIi0UuFB`#nSmFJ-pONDmy zhZ?v+7ihp~b+;OCn-Y+^&>5cxsD06BAcUl@;=y3wmJNuy1!<1hX9}3o+Vn9nrI)lU zUJ4*3;<&?`g2k;ds{iIm6;Z=kQ57w%wr zTv`Zt&s{Gy^SW7BfDl|JLK+53Crv3pxo+{{^@=Onpw&lXwsbGY@;+7ZjCHL@ONG~- zEUM0x}~P0eFP` zdpK{&o_kJl6Ck4_xtrH}+o9BhbgrBVDj)!^$wn(+0cR261MK6*QwJaM?OWA2K>`D$ zY$)E1UrKBM^2ETUNWl3z!U3=eTaR>dO;~GOCO~G!5C*VozAdBrY?yeu-lsc|r*A-n zGz-iT&s8zya@}Jz1nH}?t3dB8&uO7w;}xj@y+hNWlqL^P2_hy(^%ogOge3{*cJ9b0 ze`Yf>Ah&YGjWW9g(SK!{Cr9Zv`CZ>p=dv893LwgyK%4QKaqS-k-hz`%GALludeG$3 zAUge;3iM?$VTG^YdCcUpT-mUX7&S^~S!iG42{*@#+}W=S?W6c~Nwn_L091ATEVF)A zxJeG8NnyV3)~dsM*v8P>&!s%7CJ$66nf`cpxjC-igwyrB0tXcR1MVm;0W(bRQ_IRo zU`bVgmZnq9@&&mq0zh9;vUD|=x?A-DhGRmouI&vhBcu8E6UhLjWP* zW>qdLNJ2MXyuXg`4{H!_+8 z&ML&i66MAltcXhs$F6eyx$jtDe24>l=&)omN+i~aXQnY^ZCKu=AS!7^SJTOwV)lIH zAgJ)Ed?hvNFx~Uw!;;nY7rn2C>ehGnFalBox5*Mdl+6?mwjC@5vByTXq7M(+Qei&` zhIhqr-(W0Ag9AS(?~zrUF^~`C83yDCAz|wv*SDU$v4{tMww8siin_%I;G znoFfXC@j~4rT~aP4BmG+0ks6s1yu#v2l*W;rpo$ar;cpA`tEW+_&b&Z5rdgEe57+9 zt`5PP^X~$g4V>Kx2kY$L6j4?OStGE{2;&?LFOdDoIODd-Fz2dU#53(o`4%-*Q25@X z%5WH?mazN4d1p(TP+V<2XM z$Up%@j5u%~wwSnzU6w=a1Dn~@655|Uwzry`c+7+e6GCm7jFmwMa=Y)B% zxbqwUt@VvL&qm=W>|zk2<5SP`;mMzOARY>?Q{#n!c;{Fk{}!2aURRJMv>^v8YvZKb z#+wV7VEd2k)-Z4#9VvkdPoK3zC*bwMk*U~;+=p%0XkG{R1z;jax2F|MmFZ)1UOaSw zuH9G;e67D|m{UgO_0|@SyBGmqKL#_25mA;20KV$>M>727HB%m9?T6kS(G;g*H31 zl<`jAm?k7ks-?M?Eq1{)^YqwuL2k|j1pt}yOTID+Z&?d``^2}G!VAudQlmcBi)_-qEudDH#ET)f8^k6x#IMnfhe&({T>! zp{Y0$Vc(^xrOkSmVLmCf`KIcbG>w{-`#qT?C{$^q*fTB?qTBE zOP6()`>17ptpRmW<39;52)&gj9A$QZ6aEnP23WwrEZ7mS6X<^h_6A7Ly@A`A1J+bu zLhw$6%ha^CgFio0RhMO%(#7p(6kq#69wxr3UrG5h-WU!^na)E}QCtXEQcR{KSn?YX zW3{LJwgB=sGkvl+!yh7fHEH8&xhIWsX?iA70Y|q&_AW@L{ao<_=vOKZmX`2k<~7?M zC20ydlHHeG0&%ZRt8ErY7wH4Ez{Cfm;;H*DX#<`#JcMP6Y#>zSl8)|o-Mc$0rB|RU zFODGhabILuBJcHY!U>(*)UFcvGLQx8-NdQ3Pxg+l)5fvlaRbVxYu+*6AVDWzFF*Rz z!f14+6v(@WUK!yAj3xlQqLE9s4Flh02AUbSwKLpS25^fQl}nDw)l>@V4ZB?`h4@&N zjwJ^^^v{kHaWXi;&puibOo7yl7#t?5gahEFhGz~*m<`2 z+VX)m5n=w91f>tkYl0pM!>gI6cY@CvnM4FFUV}W>IK3VpD3@849o53!g@=IUBi4Te zwvKhdR#}O#byWX6QrY10{r2)`B@a6-aBLabPADXxHtk9oQ!YV8B4keTW7}8fo4DiJ zFI1E40QCw%c&$RhFH! ziC@vc)~tYIwl1&>ckzVkFG*2`aJf=V(CM9*pS`nkG}Czvs>6SG=jnG2Xc++ch`tMS zlBhfwCxR0wI4iO;hz;g*|8~c`+t2x5EWY%KOXSO&w9F0Ta?qlp_>x~Gxm!HrilY`t zdSN8;X&@jbjj*_lfc=L5Uff)nOY8e3{tk(yBi%FwWic+?W`aCn2;&_FHIYH4oHukH zhOJ~uzo_!r)E}>EJf=qBX4%w(?Fkts0KY$NDGk6e(l(iAV8($rQK)9q_4nE?m)>G; z=fWHLh)TN3{eb!Y3>5RQC)cbv?bFhOg2X>$88ViGeN~^3(T-wU$0A#jEU#xgpU(2d zGgVJ|r)|ibRe(*17e=!1ihaQLP20Qw*Q{T%H#r^9&VnP&U3w8s^%gMJQFKszop``m*LWFu1*s9DX0mQ7F>d^y09D)-bnKU+|Q9ym+ zP2DFVlx_b0TlY}@Vxga~DqKHt^TU0t4q@02FcV@pF?GK625*J~)ZRQtE#4nb@ER`h z#@x1YNWkT<3_%$evftGNwxWqtisS&bxxx1!;*NoS@WBg?h-o3mn*cL}-?peJU*cVx z{_-b^{31!V7!eXj=DrhQ5P~LJ9~9X(!_Em^SXKtWC)g)taJ&Ovaw^*rbA=NE@SYap z>7Xtp7>fw0xg&wmz@3MaL=uhJ9EUKjPEsnA!IPBh;a~@=334n4B|-i;z&r_D5U&H< zy^bKx459kp-B0;n-A;l2f86^4bFGBPQDGUzp&zCm&Pvn5WFbfdvfM&By8{HH1!P*O z!B(ilLpZ1MaA43LJfRHNn6cqyOj~|a%!vEpjSOSMhquoVFnY|tB*N$cj?5c0mCZ;T zKo9nNDFY24aU?;Y999PpaVebK?OL&Uo@#4OG`Rl>COj5r87PAbAd(_HkEC91`wacz zW)O1)mxInL1*P$1&uVahv-oIcLyab*FIDnp*{atEU)^_h7APrrqO9L|CoW=C{JGI* z4?<;92H91KTDWkT;EEtwTlGenXw zXQcE>wHbtxq$ByI2*p)=z(v{&-M%--gL`(fj&pbFY&@1K^dDUN%2Kam)o z;~yW{*Q}Tt7|sO6lxAH^YrjDWtG(NjNKurf7fNvqW%uiJwOeS{nU}JJJ=@}4Y*zv@ zsptq48kc*`S%dP~tDhW-Gm1$bKMaWqSI)DJ-1wSDW;zrYBl{^I(-A-bAt&$<9ePSj zi&J-ZW&ek<6(g`7To-!a`ttM_E^`S_yj*2>41PHNZNG7Ra3sDwQmcF_`8BdY&kn93 z2fbO$=}nb+G#lT(Dk$61{vMoPCTRZ0eKXcRN+P^TNn*s zRQyO*pZ66ZYr}8kK|<>>_}bNePue>=)Hl>AnhzVklSvwTNwvvny$y>>Dt;2y^W)|h zFW=9*Elf=%E#nC;PU>Z?nzj~wAaf_Y(bGW|$$(UP$xj~&bNmv5+{EvG?$W{Fzg=Gt_MebW*?jgumzOnwF z2xp_zqZ)f}@?8~qFucoO%!Px56O{OT&cp$5m4fuU&_Y}aMSj$#ex=u)6OTB^Mpf;e zTojja^FiU(zJ2$01e@4cwJoNdk5iUGi(;+{>CndGP``|_;Q3nhv&10$E-0`|og8M) zb;P?q{^LU5s$E#!Y6DN3kV9)fsEy`-aa>Ja6*|sOk}A~v#i2f)0x`vP{nvZ^9@R*) zcIM$y<0!?7tEOj}7YiR3yp?zl2|A4{ROjipT_#Ry?VxYN?{VU3?SHZ-)N&{-Y%-Tf z6T+Lt=*!mAksNNNcVy3<`Jc|TN*NXEpqCoj5Hp3r#C-m;DT#B&q zB}PaXT(IM|j^;;UIyXS1v8d9V<))%sfu$j|g7+$qWq6(agx)zNjem6zuhDUfodw0$ z*-r;fKNfh8jq|Y4K=Cu&ar2sTar2QBR%7Z5x7rL#-!QFF(3|MQv&lZyWa2xb>bMWm za#muOcm3r3I0Knu@D*)y6}Q`Ce}wxg>Ffun$Gs15)}6U%y1v;VZE8~LTCNnrCzl;A zPQ?LT_1jA@SEfKsAOwwws6q9;%-+N=!D}H5;&MeEdvWgkP|?|)Qsr_Gn6kF4Arij1 zEH8_eKjCB%cA=Y|4w_FTUy>KHfLH5tijQ zSw(c~Z}ql1mclM%_NSbQL9OQ{*0V2dc}O1`M3{)l-C`iM?9<5!x_B72V6=s`EP=Ed zWD#e%IctJ8dsoW`c6M;&@w-BpbrdWfC83_=Hz|JHkedp65Mgw5v!qp%`6YUn_V3um zGrp$A`Vo3if+-=QQG%Q#O(m-8q|AH-0m>itg{Dv-l_B83<5-zaI78fzC=1%Jy*E7ujspCLK%!oY+=q={$$p*g5nqnH7SAs{x1wsz ziULLR7qc4AQtrJzp2?EVHv174B6T&=+rHsZ<0b3%g0&tI{sR|k^=r`P>`6ws_t9#E zup55q$F`HRWlY|ll8!{`T$%&bPjjB%sneQ7(X-*yzimJH`YY zSIPg)=3Ki!R`o5h>&i!~ezWCYpRQt}7zaefXVtMOr+u#Qv8)muB0rNmmG2X!L@Uqk zbovR=W@#R?fB#U^p>#IMcJ|zxTAcvtjarc{E%2WCA@Z~%94bB2YLwMb$nrT|v9$VD zuPW1urYx^m8q%EYb(8nMGel=B{s@m@AOzu*Zo50QUF{!A=`zLIh&U^jxLg=i#&+1X z+Nd3f&(Uk@M%<{!;XM_PT9=rB_ibWBrAnys=Nsia=#s zHYia=+>O`AKxhCH3|VQ|47(efLxQr<>39V#xbytCF!ttbE%mqDL@&*pWQ>!lJ zWd1+ibSK}B8|VG1pRDzJdF1WU3-Cp7v(}b$QR(LBUh+AdC=mFwR!GP;XIVml%<^3q zwK-`vv3hvRx6Jc|mVl*y?D@o2v3}+t#G!^puq+2&B~1#ARZqNqV>05c z52tf~$c*u+(lUdX2j0r6Js;aU&Ve(~`rKOlk@K>xL>bN$#gs9h4jTD_Wf^oudh)|} zDplfftroR;6F2}B!F0mW=_7cV%(doeU)kN#wmf}M`;ld_?2q?=l3-VqJJ0RG%jb82 zFWW>2fovH)9bXwCY~jDhXh{!ULY__pP-LN-&9$Uc|5!VvtIiHlJX>ml%)8S$JoX|f z1Y$~53YQGxXBgF15zrVd#yHb!{lyKTlS)&uuq58wX;(v|$3)hC-^ZpPeM>6eEnRs6 z&JX?xO;Qwd-%Y1Z{X34jGAdy^(f;PtSr=M*)g*ixL^g4Hhw3T|b;vk!I?{54LyNW* zz23GS0Im^n-+E)kWo%j+V%t-G8$z3f<~?EkoWJlva^rBU^gzsfr}WgPfRViP1=IE_ z{o<~fNaZ1e`R6YF(m&t`wiGMi`2NS7EH<0n0x^b_ob)J8$d zrA1+7{nTxyFoYwzdfxZ+mCTpTFqjzs{0dSyP;UPv8hX+O-|kWOsHrQ|eKSSrYi$dG}F&k~ybI zYcio!5P}1zyzIpvCiQ3@$o;n1Ws142m83X++aYa@fdMaM3vq%h39jcD^Fs|=I|=YTX1oqLn^4=WrjCRwlEA8~$m zl3d*Rz)eHyxUaYL8GDM&$j2!@*R|x#LjB0Hnbd1W`?CAyt36O{&D`*)F@E80qoYQq z#8JWHLc^vK+ku@v8@a+SNzz&T%#vOtKbHCxEA+-5Y_RlE-;Y)TTVSA|6Lqb)EfkKM zIdG%|tw6#g4bJu9{my_77Ogd%7#n*+M@Kppnj{CW-#z5hq-CakeZuuDh0auM~N;H15>xz(L^8=E=&K+03Yhz*MQ_w$=p?*V=X_&C`9E z+0Msx*0)yeJw?Q&c0#t7jvRcMF|$!+Y!d>*Z|0#Vn^eK_twMevoFxWw`atjCy0Z~JU>|}Z%Ti!_%ObH zvtzQVqx?OeQe+Zt;73`+T~q4Be#4jf&{pEJ`WAKeNgBoa#>dnwqQomA#L|2xVtEb} zEn8DHWaGKfxXpQAIABCx-1xjIa!B0zdGhD82zi1_<>gNLOPp0qwk;CpUhHqC#5w5c0M}};t9+-a?-PfFSFLNBuy*D2C^?T7X!AdI^sPrDz zE}u0wlD6MCP^V3)_7|HRLtVi`7vfW^I}`NVQnx#edb{XnQ>qugp2~Zy9Q<@zUgu9~ z)}NK4#Ej~d8m&-uz}|AZ7*)=EGsVs&aA zi0DwdiyM_7{K!W|&}+9GqFmR6Wcmzdyz+l2JUh$)xfL(G{azEvtikE8@U9lKsIhu2 zXC7<B=&YjY||b(OeFUS+|rj(6Kt=LE$vA3DyY}64L;zW>gI}N4IZq$Cv6$<(*Ms zG_$o8Sg3F54HaliV?#aq+`-YCAb79nr}f;31=i3&(J5|W~H2_oGouxJsG`sT&`JkPuL zd+c}b5$LBrvzIPQxb3P*KBL7fQHh*xh!0BB0^oh%-FFXdJLFAW zzCRsWY&z2cYqcn)e`?}L7eU3gjz1l9pO zu+hG~h5o0Zi4ktg(wrj_??|v;Oy=^|UU`x_^KG0C_eh1lFpq`TqPJUK=0{=hXcjF@fdKn(qtYEA$LU38(m%=Fv!R z2zqH@iK7^1YLi4M7M##7fv54I-<`QYuPafS8<%>n#1heRv|8}ASRr^n$MfoV;2O?O z$``kL?;i`pWe^#UDyc5fCD`xq@Q%EKWBG7bkNEp52%t?9PVO#++!vpDC+D>}(8t!I!0+&Tee2p!>ob*RfaSdwI z-2%&4o$;^VK#{}4 zd^eEzZ&XN8)N|(egB;+*|J6+iciezpFU%hacjK-Y2xvwYEe7Ev`7@%kZwjuNMl&vX zR&TPSYyFbqQp0~8{bqeT_RUVv@3`PJg$Vh@yCZ#6eT*m9*g8=R_QdJ>(U9hfu`%1OAHyc&fi}rrQnKTKipV5)asZv3@_UoxSoWJ*vNow`xi_nOK*+^!TUyp)!%Oa<#^1DAx(Sc4m+hPQBEs|%>*`8jX;2i z97QZ~()nFRa$=lUErrc*lajHC%i~`sr03gdn^?(*ba#dke|ghkrz8t}YTOKocsDpH z`1zS70z`Angwz0rB}HKc80N0bXZ~o$768wWeAXJ5&Z8NZ{UJ663BpY&c?{nVN8Oy; zjp3LI^t=v$T+S_byHT(-`-{Q9b8t6{)2Syv{I?*kZUvQ?pr32j5_oj7paK(<2qm(= zUW*?FTE3`@0)&9K_wSMy&iT7{Kss>F4R|%6T!9gtfX9vak`aT<|4VNAE!q~+C;~k- z?|3l4TH1~dpVn#7RQaLV#y7ZcTE3Sr7S1!Mzt`ji-7jIzWnBMGJB%KpBNEV-K{sPN z{T;BVC^^zSJ@Z}@NEjpkH!(psWmmixse;)myq1za(2g3+{BaUsWZkE2)W0xX4YbEY%nR z=OYQ9SFbC#PgEXA(zY3Zy5S|ktMy=?=zUQ3tgyBs6-Qn+Yq(!t2~`d>j)^p>3Q@=C ztf&=zFpc{mvmKlgRcX=x)*ssl)$cC6CYTDMAu3m|*OVc(^=#%_AD;Lvo6%W6*=0?m zDoIKZOta~0=|(_`iu`lsL;#k)+y4~5y!O9wxvfV`=%esn8>4;IqVbyhJ(MygGHtiI z*uio?6Fv>fXpbctjbFQq~-l(@m<&adfL{7M%6uU+P0y#;LjdFEIgLb-9&>B&^WR$=S*sk}b8klu&ByygA2U7uV2=Bn@_Pq}Ej00m&tJRs zOUt%oV*!Lhf+8A-Mb0ux)zW1VM( zaJc)~Uw4toa^%p^(9SLe-TSG&WheA^9=x?fd`YaHUb<$1UhYEel6IMGpGdMa2OQ;b zN~RCdTX}AXzXY2xxt~4SmlcwET=zJAkmvf~xjV6*Ul~ttA_K-Ur;m<=aCI^upw1QO>OYhG@05ginZ<oU@pul`Vl>$%&Rv{fVu`pn(ma)iWZytkFS zp7*2~YA=+SSIq86g}=ir=zKCor`dz%VbQd|$ytaQNbHzjK&PLt)8U^JDu9*+50d7u zzb{VkXM0cY0O|p0fC|1-h`DF|qlEu%OlIWK5yzV*&(yT({86>tXFo!mc3Y)v%>IjZ zW~4-K$^p9D%N-{c3B>ghyj1 z4Vo_J-9Sb8WrGCV_{XjYtC~lc?Vwo@cr(DnQg;=QjT1IS8(ahLf57-V=i5pwm>OjD z)-FKfEP{GDUK+)^uRzULNZJ)!_7245O;#tp;=dnlwd)8wQqFiUb3GTUl9S$U7~ZrP zE;gp1$@G!Dfn3nhZbYs>roQ+L5*SC%&?kUn=x6Tt1@8no91->A)bQEr^Kiff-MMH= z!2jYlgf@sGhH|DZ2+o4{Day=e)Hu_c@jwFY^+S&rUyXPpa^AZrTN^j`qhxy0DBf*JrQT;zoRDr`4jQdnPw{R?w|4Fa

^TV??>O>4gjRZ^Bj&JCUN=hpxMGKRt^XY9e>19VIQf5BXNE?sbczj?~ZYdK#|1GcAuY_~HHoA1nkL{AW zPmJQdjBnQ76d444)#LTl`dYyJhU|k<5zrO+sHKbGosVoi&*QVMa;6{}7NI?}TSjex zT#Hkd-t?{g=g^t9YDOz1!GV7u${;BolF0gv^7YG`u;ARceyG6&uY zV;5=_wbpi-<&;&r?BDQmV?&x)U1osj*qBgvH0>hKw|~ow?^*2pDSXKr9q4~e5~==iiFSk{Ax;c(x)Pb?(^YRw7e$A zU$hDi@&h0__`nIht-O8HiYu<8F{lNmVEJC6jubGF!I5b~6AwN8MM)Fq!C-C4|AX5&q4iGWI9ePg?8A2fh>*B!5K zC>?l9*3oZhU}N!U2P^&bN_R*V)joU;4Rjwc4nZ5vMUUWO)6k-0t5xya`v=xAmsWkv zru24+ulZ6puV_8UV)5>L4W!%Y5->9_NuyP1peJF7F#mQATpmPBr*Wmvu1mx5o<2;x za=cO;%|+K%)uwJy^45xO4WGyzoJy>tRp-W&GVhb^vEQqAf1^*ubxXJG-GK)Hb-fX? zNIK=z-ZG$kBxSnzrw=*TcQ_-tYL%Igi5nm#iKF!PqByd1_h%*{%1>v9Y31U9iu9j` zK`X*7dtU-0&*f{Gt^Iw84u5P$Gr?^g+qN~^Da6*N$9O?_yAfn=WoA2z)!#e$C2+@a zn>oD&$xvk))hBNDQC^@r|mj2K%EfK|Uc%8Caq-;D1_3CjDhR7j-yz_{-XeGJk9fd*HF zEJo}gPb8d$7-t)#s8?pa%C{qa?GEkljcJtLYb=8upKV5Hd^eyGJG;zv3oRrvQV_4` z!|8G*%)I?ald?*ZL6Ia6n`GGEw^EXup*1>eQlY9UqNBQZU-TDouEISq$^Bz}0~Grnxod@YFuG<1I^(fQ1ct8j>zCUiCUMk6)08#%OlcOAs3)9#<$ zLB+AaFdFI%f}PnQ<@a*1Gdm}LseB%{WQNkH8UrCsk3puay}F?>rh4bI+io1GbGIgI zh|jU(sj=&BU1*Vz*J-xMA2;>!G;>U|Pb}+h38bipG-IK)wSuG^Mv6D2OQe2txSZC~ z77}OPWVp-2qZ%&u;hRBd0O1EoWxCxvD9D&)*On1xZ!yxYHW*j@>2rW!4-aM7t*ceu z6!e7`qi0zpgQ?6o$F>z(4&0~KW2c8=Y>Q)wt&+_0)DqNI+dZ;v`!(EDeTw3ruGkG}KXVL`BAX7QSjWhaP- zKzTW+Be|?@f9>ChBY2FFKwuMa6RA6W?Ta)RIK(ilIdELvDr@rMvqgC4V1Y_CTr{c# zvypt0^^sbujUMWnEgbn>EnIlq`wp&5f$N&aK)o+S1U!sexc>~f9+a_Po_m^l{2#`Z z1|?JK$0*eN1J)E6Y#x z{s4qpp<|Y+MSlxKs^@Cvz5xB;Aa(-lB0I|&u@vLYV`=k7f%+5h+kMuKC*ZdV|M{&l zD?&6l68qggYoesSUNvKMFXjY_XQ=?Nz{v z@IBoh90-4i-7{<-%lm|4^$+3QyZukW)N6m?f4(viCFJtZ;pPX(^e``t4`YO#k|4rdKp0_IicR>Bo^jlqrTd;bkFxqVS2j3oEU%`r@)Z2sEPo=k(2*0Ye1%~j_--*jGs5(d1&f{;m+OHi3AA9erfBk~ zX2##a{e!cjysYqN22}UqFJ-E~`U$RsEIpjQs*p18x&eNg zJ!$QR17k-x^cA>38i=1NJkuX$;S?th=GBgS`tjNA>ySYH`#)+OBa2V&1cMe;KYTzI z@rW0U!S}?@`YTu+fKvos!xsoA(-00{L;MThEefsQwTO7&jflu^fp@WAmrYO&jNb^* zxWS03rn8-t$Hp`0J_Gou49?&2gEf+~(0`*Etyqa{g_r>PtJ3VEF%HTYGtiXf*Wta+ zW8B#*MOGGTm&^K9<>_dI3#Ta?ws+}xe37xC-;)2Jum3}sueaL1UTY3sVtv1TG~5g< z2u6%FE46?I{v#&92d?z6rUIvzg9D1*gWfQO6S}dJcOjq|O0pRBi!fot;*b=z)RLU6 zqO`3onBT=er<_BMc?Z_FxL{0xw>3vC@xGkx^bAmf!w)6uE)y`#+bWNUP(#4W`?gub*IQ-uw+3aUsxU+=6~GQ4 z2xXO{+Lp7;WEB*yyBvuxP7V?k+*=!0_ir(rzHWRg-74-HU}3N>S!r^*2A*WJ#!3>=d%kswk14dj5| z%WuPP{Jncqm;~-5_}+{q>Z6yW<)r}W^gqgT)v9B-=`^KP55ZM0ufDJb1^@nGI9N<* zP*}^r)+U#apGsS;pOL>$G^|;#67)|3^P&gv>n!-XUBd+2S3*=Z*H+D9 zY`Wi@OG+i&D9yH^1H4%fxNgIQo(H2pDpH$e$|bX-L&tVGOIrIA@DpQ6Scc!2)C&Xm zeqQYcvN~;snh^K4{G(8z-L721jIx^)Bm|5e{XVR3R_|sTsYn>?$r;EVVGrUWow>L~ zXVX$)6qjXWFdQUe;PWVc^azmk*DLpZ70-o66CM{=L_LL&6|o z0pQoZ^>Q~jd0!T<{B`olMDPRq;o5H~_j?qjLEp-#yxu$)c!Uo+9UoC(t_AkXrH7u; zSS{AfxhxQYS+w^_=`lSxbs+85r!}c-CCYTU!=rsTf3!U7^w8mDQM@4-m4?BugaxQ1 zpx+^&;NRIq10!vT5`}d<4*!3Lg8Tk|LBTNmOIc20>!@4VxcHM!#>dmd?v6?!kVVDE z^t%&MY{S&e4aCXB1WeEtacCrD9Zh^~opEKIHa*%9d#N)(!i$NB(pjLJ^z+TI(GSjd z9j@XVyou?N3#p{W4hC78@p9>>W6nhzG~!M`LmzQm0@^e#Vq4j^9rsOT_}O9JzVC1R zfiwEq?#$YXZH2Wpn$(NDUpkA{abYL;2#>*P_At{tR3tnla!d|F%x^L%nQ5n1d)+{O zbiZ|r3F8Netdc_O_>qzzVdWJHVic2Ozmo>%U;1uR+ekYb+}by_bfZJWv8b~;_UIosE(xY`+}J&CdS^{2uXw75BFrmzQvdyxi4%+o3^l=_(v#p@$uQ5(VFx;pReq zdMK)f*xN!q(32r0YI_2AA*>GPlx6+s>vfQA(ZVWWy0^wxE#n)Icf?g2y-{1|WT(M4 zLR*VZT~~{jyD-AAriWKR2I29Ci?hsHyF)^2tf=%1|6f5gtgmzVx@D$9CRpkjSh#3k z^s98lMkwUqEa?K*)^<RDpwN7rv(rIlRKP7j&KP}ny4U}GBAhkFpLq=aMlrHb9R_j6be4b?_ z)ts5!7h#zS(+7m)+fi|&`>a||OUnD&z(rq_#}C4CW1`<%JAGlpaxSt=CoC+;`W-5^g$1%S+KoyV!D`AJvHW8;*ycddbfv z#SLU>b=?yruEc{fkFml=O<5uIuN65|_P@)4qOtG>Kp0PH94pjkCl=0sLT=fW(F&;0 zSUMyzNB%eF?Eir1E{_%t1D6XKmi5@#C6_uzY_gu_Thbgm{#+RMoG(7KXq+YQQ!a&6 zUidUF*DeNUnC5Ehxk^|+0d=|~7z`V3eR%C-<- zHU(uUbo`NX&Q-1nsP%L!ea>?{Y?3Zsp&c&7*i}L3`b~Vdl2rl?3ahYvLNt~)`e_!d z@#C>1l;?y^wZFX2ECo3N% z6-_M^%PZrMaLe%(^f$*CRBBZ`2-q9p&75}`B3gQc51zLSNEdSH>ZD!PAqS1&$e3Gy z;fgi7GM%4VSa^NqW)vo?dfog>{qd7-B#Y>^N>;58xA#{13cIU^?eaTQI1nyNo$m|8 z;1>E?lK&gUGqfh7Y8cVkl@*E%F(bZR{#9;88ib$-Ea39JgE5a^LDOTNwn34d`G)Jd z2?UM-zJs%i&w4RQ@e2c6kJ*9d@=GzxH4o5N&F_54YV?krSgn8YX)hx>>TQ5sK5l0s zFJ9Z;sKm6IXe?42^-S%1B6PUe<5$ zdF(5Idhoe%iu(C4(FB$orN+q@ukL&*%mPK%VjH0TK%!@I`|AjFA+4jMQ*FPlYBG|b z`-b1*AwHcfL}Sr&qW@v`byJ?kC$*&M8hbZ!X`j7&cf7`*UpGCBZuX$(;=gr3HA1lD zV)O(8O#uJJ*(`8E5*Ih^Mi^F1zSQF?I%bbw;sM%gJQ9>TU_T_4USd1Y5+WoLDKc@Np_i;>FRerC0v-ye5qeG zoX}&qVaA|=r$_(Z+oEVwLqQ0mZ)4_V*M2k1xbCztOQQ3@19wF+ErOuEDF)DyGb_~6 z=!=CL`5H@t76C3M^z-Q|vH`bWcRPHn7Lm@+wlRD_!49A)hQ6d{{@6zyvA-urNjD>} z%W0GFEG;smDw{r323fQFE>9lx8)1M%W-O-=KNr_ClU(UA1JBB}K9Kdbq-5XxFCxk^ zA`FJDbcL~3hN>jaY`cWrGF6Y3KWxT&i|U38FjgQoy@^fZW0-_Zl1csdme~V$%F>q0 zi=YR=cNl;VQTxV|FvN_!M>{h@z=91lLPp(dUNd+~IHSZ=EH7 z*UrWNAeB_212E;6+fF*}Ig)fJeXBSYr|0J<>(l4&XnB8iXZa2H?t#_pJGYb}fJbA4 z`pWWA@71jSp3sb$vlnLlRYDL*%mp+#Hb-j_e2TL#{p&^c(NFZ23;~VQj~8hlX6Kq% zH9wM?a(68B3>uprFJwNg(ov;Ub#+X8vCJQ_%GqA!_>pN|9&^IoHe|;41p|Q52#F+l z@AkF4&3NH7dzFjl=<63&QlrjWiM6O5yC-EP7v44ztRJ>BlTSJANe4xsWbQWkFY*b1 zG<(6eRr9xJ9d=Net4iUEGKT|Un_2Z~WR~`<(Gh?K-~9c_r%|kWZQrt2W;d>lXDRDT zo`;NR=AZK>7ycQ)1N-CS2vAH~Js^RJLI9CAO=mQf!4YB0&wrp>VbyidwBz8m*2x`{ zUpl;TATmR|4&NPD8iT^bXkUIiVrE9v%2ee)GU;JwV`Br|rR;mbt4{!NS!j`7d(z^t z_tSLkt)Rxf!i~|=Mbia8bj;f*b!X_q)0qdgbvtLWicya>PA%ECmbx@?f?K=a>on=H z>b|>oV~H!Okd1;c%?;0L;o*Y$6kTnc&s}v)3*dVVI8|qoVL*WPl1`ZgKHse13?;~+ zbw9)V*^e(#g1&or-Xb$sx1%YeLm7#Fok)n|QSswx7HWTqF!Y{}MF_v!cg=7XW1p~V z{9N-hwl!LCfdwma)=!TmI3-bE>z&4$+FqsD*^9-INyoNTI=^UuyPJLwef;Ku2|JwS z8J+RI1(iU5NfyOuL+m?hB*sQI)@D56YP&i;GCV)~`?T8=aueT+{!AaaEg(W!4Q_*? z;J9kh$qn6_x|8i#Xm`$#;Js;LxaZMe2>iN$DkzDi^g@aGUho=(*M))_($}M5vm^_p zoq2aaooa)V>K_{LU;|tgD-DV2-B95c*@ZCmL_O(*Js|mTBO%w7Z@=4qJbdpn|Lwy83K?0DyH})Y z4s*1_9a`ndra3zB!*I?&@vBd69*_?7Db!4HZ4TJ8*|o8x=#)bKM##>1}{pe$meKiE6ArG;JT+ z-Z@X(HtQJ4IC7f8Rzr`2w5RQ?9@UvKwLf^l$pVKP!1}EbtHr9(IdA{=O_1Y z#z8(f){P&RtWc|$ZyJ9S6324R2ptL&CJ7DRxtsXD6 zf|hReMBuBqy>9JK`kJN+>NnXW4^E6BkOjl#2HE1mMvy+k5DB*^PxN1T74*LnZ2!Zr zZCC%l^K0XVg%nMP8V1ooM5;tD?)7W*cl!P?H&7`G9ai9Sui;=|cr3l{$wBHdT>o;v zJ0o$zi)F^rU1;}pZ%%w_QV?+F=()JSmV}0;k7Yy7Lc2I6MhXMRN&hXn0m02Po#+hU z#(j2n_We{RK!gCazJj#;&s&_>(4hh{QP7z+Cn$uxdyP=_^P%^{__D>qw~Xjhck`Qj z6rJ3q+sEcAd=4{M1HaMXj$$X*XO+?eICiy{%1bJid*nef*Kljr&Y#q+d)h$xuAATA z!y z>YD%$kjAG9PRL%049zfM3Rx(5u^ne0&Sb0q@HBYUTRcSIZv#Uqg~dtI=C7d=j&q@U zq{0i}*&UDM+UpS$%2eRLRY))-?N6p!zPXxw;m!qE;=$XH#CJJjg&Ax5TRyIB5C_w6 ziCShSJAiZe}zNBq+GnD(rbl?kmCN>#SX|bap%JYiYgj`r{i?pP()<5(?sfMdzNqTGlu6fobv7PrW(~uMk9c~B_=@8Z5lPx!UO!_69 z#(?Y^DS6qmV1hHre8x5jned9!QLjppxaZyGymFRtFU}+AP`vv|C+R-C`<^qaG=3dU z$LAZz5BAoG)N+kL-ur{mgZE^}*#63(49Z!>iY(jTzwk@)zO|kb&Onw*dpnL>{RX0EQvkf$mFsq#M60Lt8$3)a zKmFIex7qGzu|-f~hl~irr}g1D><&DF1-_#Rk?|MXjY~5jTL%~CHO5eU3D@ToXT=N= z&0!6_zN~}VlGy{b$`K4d6Pe^!8Q$$|E4&Bm`J?YjsDCb4LzT?Ed(1aTQTNa@9B5Ah zJ3m%3q{I0NZ*?}wZ62$_)8DJKjv3cA*=5hpx=&7Sk)bd}-G664QpGkwtj+H!Vy7^o zIgf4Ytll78-+h*p&Xh5w;rdKNvOy|FLA2MMd_8RGXRCNSmHKi<{lg^TT+k^J6@8P2 z-oI?|ie%~zGlVhfiOws_l8Nee|9Y=OUUJN9sZJ)+s(+;UB1yp5`zt#9;IB-4?@;b} z`Z>!C#Y<5! z#>qC@D)9semBd^l?;#CB8w=Irz2&8abBeU`e4;9?qr9^HuZK4+dLzsNiB(SO7gvzI zB|2Ps)vuw8GwpWKhyCfLn&NsXeCPSQds7>Wy>Hy2ZR4JMp@;KypS<-uW;;Ia$XpJ; zS(0D{D%ADBd&jf@kY`$VTGVu;HT-ih89r-1%-h7ygpXrR70`7t$q)}sl*{zu5_)i& zAgbgM>3J{9;_XvNyqa*3De*T^#!c?+ILJQ>(Pd`F!(j>9%?_yy`=cWENhXOaor#Uv zQqv;&`gNa{WF2f$Wykq7T0i2s%Y!E>xX6Cd>mC&SOu+Z_vub;NH%JE;$y1ydP2UM{e`V%N8t%wlS;I$ zv&Q$+a1>eB)hD#CwcEGHCk(C?**P{!Pq^D43L$;2M(^JbXON%y6s0~`hEOk2pniK8 zL+77tDo=E$SuO^#mwM{<8E+s5+mWsloDfs!8Zj?fzaahVC@hIK8jEKI9t8=>{Q9V) zWJBHO!>qcZ?h*vFk1Bay$oC8V2+pXyXxMw8v6aJNr#c1 zB&b3XDorp5IhY;mF9Z_b)lSosooAgZ8!fsOV3q%-()jpl&U4Dy{vrpl+S1QL!cYz! zRjcyaxN}YoZf(1n3{OE>RtH_0cG5e&J0=|t)^4jG#Yav}P90rbTp|Z|{Z2L!brvp4 zni1i`f48kyZH(8yW(7vv!P5_MKpbyW80R>geQrOo?D@!5;W6HrV{q(JVX;rHd$7Tt zKbzMyn<-QJ!%nN%faL;xBm-WksobX8%kH%iMZ< zVQ`W=oTtf@XTRZ^vEO`gYFEu)<0?s2+OK-+4S28JE|;x8;E^=(Q|Hy(=JQ*6sbs>c zhTiUfzby9=7dc@QyrWFH-Z0qI|ihRHVw|BE0}{gL4`Ae`%Ic^Sk-M;S?hAJ z2vHA^1cWH!2<}#8ProHi&wEqaBqvRE2cXWrM*5XAOPar(2+CB6FNF+Q{&&R{9z~hB z42u>S82yu*;GME`OT9e#Ht)(u;m3wY;mavosp>6X6X98MAVGB& zep^UE7uJ>DO>^>|kQtLB@bGrW4yf`(pO&xH)LKH;(YZZR&7#KK@=;LvB zuB3Jiei9c5qB$u-r`P@c;bDG|yZuV^lWEq=9Np$Gs8nY(bx_7P=;>#vF@{p&2(yBc zm8Mkoq5MstSwA(b^@(B)EtH#a)rC_$5!|K;%J5`!5yPUNlfo47_vW$fkD)Z_5c)W1 z)KqMw#V}7UJU$MY_$8*?82Y$I5Bq$`Bv_hrxZZ;?~RK z*$Cck-K1gy%dUt5vm7Vi-P!L;I4Kx4YEl10eG@W4ly3`pk-en@|85@s{MO{?&V+w{e>v)E><`AvL21M%5lTyK)Ez%+pjwj z_nO7hNv6x0O;Fillq0EEa2bipM;GI$kR*?OP&J`kbUVKiYiGDlS8hkQO~k@-1c!j2kw&c+0NV&95OCxem+-K$15I6Ht<dc>{0<9DS?&hlKXqv-D6n?wG;ujwJ~Lkk-B_M4fx0~Gy1R~! z$(B#}m(7>*h+KwaWxAQnGLzX#kEUnUN+ z%Sw@8i`l;;8oAh-M}Gwa2a9M9!bk{uG$tp4UCnut$$3Y7iqAYufLrkmD+%JL02M8= zCtH`N;>fhFBeU9X_)=K;V=eGKbRvJSpkHf;wQ(70yBaG|954NeD2q2}s@gKb^hDPR zJdDHxx5YmbKFF)B$_qk-I-0vviv-vBkERc2v2le*LOjI&6!m&}s6pTBfQZDwI@jkB z0~gR^ulNivr#?004o^K+#i1EYeOX~+>n@mj{o>bO@YHd@&={@Crtr}36NR#*qso3h z`{lyf$f`S;$%G!eA@?nQh~aXQoEh*W5ob#WQDyNW)m3N*c#=r5NPI9!$e*F*Dr=ZO zSQNgFCfS6%NNcp#9v)~)B+fvX$&rIk@F<6rJuzY-uXHo&^X1R@9X~42s=PNgR8fyR zSH8G)bYB=YEkLxvg6mBa#VCttBC4+S71&E0Rj0!d?fNs+1&>(Scn#+~-4tepn zDhsb6N*#lsjHU7%3lEYOvySOq6E{NtE5NXIVgzMixxTCFvB0cvT$)HTZ@VDB9`$Xl z0GNSqm>ISvAr11JMr%!XOc2vVvdR}=f9B;2XXwHH2rPVKWw;W+dAH@NH95BUvvm!0 z!aV}aO+c-EJ-gJ>cJTF;=>@s&N=t7H_-odzBpC9Twuq ztFXc&1qv^YR{je3k=N@^7s|qp!&N`7tnJR5cl>|c?S=<$`qxT z2pQP?JcE@66nUEg=pu~X_%4hmS4K!f7XsI#QUoJBH>QjPqQ$zG{CF%Z zGc&nFHU}J&7aMPDOyWtwq1kN*K#rP1scmTy1GLK@L1%JUBUTa3Ver}iGW^NYs(d>C zodVi%E%0Fhdd2)+Q{I5oP|bjpv%ojCqT1M;(?AVa!E`@CTZc?()3mLnwiBWZNN!w@ zGX-0eeOquER)(y%z;qOzaP60XX^4M3(wX;sy6+OWCaa zs_T(j{S#hs$OBVXrMZK@`#=|Wy_sM#cMe|pgH67yD1svX`sT)^$VfYUPCY3|`!GMH zLx@T@lT(;sgn-P{EVNm}GQ$F7Ch5AE`2-HKeE;3#->}D~%5!8re{Ankh}X1TaMbry zbSnx@8D#a;867pnQR~`;P;0v8{zke~`e=NrQ7pc5F;wEj3-*C#*4m0${nF+~Q30F3 z-k!%Sb{7aQ>x4KJ?rw znNwj5cXVaphD`UH34(UoH&MKVsOOKuUF07G)9kUAkJawl0>c(5zhDLwcRB-?XFNFT znMkUvSHRv!0{x>)zJv2aYAh@R`?JQ!i*^01w?`ROacOrs6PaQ})TE=JJ46RlEjc=| z%EJXTqQu2h|Bu-Vz_ahG<*@~`?*Y~|)dE9ijLp4ev%%kPk*@RF(5Hddd1npxO+NId zAQjp_o%W7+I@mn;IpP(o45o;anfJ7E z8WrDgj3l1zQlqv<0gdWzra??c0<=4x&6hMV_g%}W+x%GcuPwmT`zrip-rQ?d{w;!2 zL*`z^LH<0CeN?4{@YCSU0Ws-&vxkjktJaDA!)M-5<#e4w)7vg$R3}F=*4Vs>##Dpq z9Zv7*c`cj%C@eoQR5n#e+Z*~hR-gf>+vLn(4H*aP5g~)d5%$*T#!y}E1#i^o0k?F6 zY;eY@lBj}Dlh^n~?>4Y#at@;Q;zFNnyK;1tLF9l^Zi{X_k{0IB1#LWZz&!d)K`8## z=t;)7hFxHKVz{{K|C=k)ir@7fXk__h>{#}D?ZdQ0l@oWiq)&?agNX+~Vp#R*9*4P?hM}!;l2K!D=7=NWzSy58g853-o$w;!ZD7m(^ zLp{W^aqT>LPo~{HV-r7I1sqDU&dxDV&X_L{ASy5vE|DIS!#?=^JFG08cI$Vl9;|wR z%XF!F$bg+tGwG>~0I|@$?8hYkI4`6qVk$3}(z~Ut`%+_a4l{N6?m;vHQZLJyBY+%q zF)Gx?f-M zv;K1kqlW5KwpF=yql+W<^7p7_-E?dW9M1r-2}YsBW7<=8RUXOp$9T;K-pE@XAloqiv7Po3Gh(}omO8OOGw!pJUD$b_N#+$VvJ5h> zPay<{nkTay{a^>CAeAdIG>09bMBvB>-;k-8$5{J`?1k+6+Fc_L+(r2y3MI@Wzp0)%+R9#gX{AjL$^} z21YJ!&jb=!|GH$Y)is^ zdf3KH!vvzxOz#H(FHkMx)jHknOyKC`*p`9fU|*>d57?Z`u<7wborNgyj$m-QRDI9H z9o@?GjB0>p(@N6n*H&yXy9}Q(tYQqG@yNH~5TQ)fM<^Ub$$gHE%g<>}3cmF}4UmaR zbth2_O)Dmyi^!_FxHb?w77_O4Q1-`Co(v`nBLF=RT3ysO4{stB&g(U_xb@XB zw`cXI3===ANErv0xGya&$@Xj^?(!;GBk?hN{0#0ja~UlkHw@uctvjnx^R8-a6)pii z{MrUq$`XT+ zuVx{!Xwb5MP;%RPXSmU^@6c~$BX6v2 zh{xqE22-CYoGa1^QvB|{ns+mBE|7s9O^>dnzr|~dgM*|b>#x20)tCRCK{_6QYtq5p z!M|=zH{Q_IF6BtHf|J7ZEx>9cue>{MYus#ObBqWZ};8QeJaE22cisG{b z^rY>|M>C2gDKgVOGCW_FAKayLed&Z+I?Z9f!o_r34kV< zyt-f>5*_vS_fK=FGTOIf36&ZcyyfEg6%u_UB=lqngYRFy$tYvHCs6h^#B)vSBc1o} zf!Ll8tc~r~C!A4gRL|(%S6^teRclixIj@CxA?tXh!zob+AHRd|XM>k|zGh*8fnKG- z7}o%o>gs7&b64vmfz#&~69BQVS@{(!^DvRNg5Ng!kC#QF4{zt>`s%k+dwPWZCft z^~;kYfc*+V|5D`*aBy02Y=9l{_h;}gd%_5GY>Ffh2<$AIM!rch4~cp|tG!y9Qh=Q0nDOCocq!Z`Uya;iUc| z%k=Mv8n`Z5mnSWF)i|}-a#LelP%!9?5|sar*QNium%|Ks?6lO2^QYw`@rHNP=fbF` z%hjd(@1OmNMo1}TC6e@q7=Gbq@ zjefQ3Bywk$Ihb>H`b0gm^Y2;$!SjzJn@2Lzz8^IS>Mf?U0p{f917Q-7A-kS!S3eX@ z&XSU1RAW|?Y{Lg=>dC_#D-j&z+PrcpFsCa-b4{sUJQmV~ohVqhBw&2u?yHw#M!Z}0 z&vbQJj;lV%o}B+(bt@9f|e94_e1d9+BE^0!CXYb$NDO`*8zVtVD8P@Y;x!Nhyh zj`y5S9=tDH_~aqKbyBt0Sxn-ywrUSpW%%i$UXwgk`q<3D-fAZEhk_k7b#^A-_6s}% z@;F5dT+`PYR5f%~FLCRe8^FYQE@_i<*IU5(6 zySPuJso2Rwe^a|2`CSYSAj3;ZC=U<%7pi|(8f3o7f*kwKn-8RPp?iKN_<2FVEBeCh zCPtI%hJvG`xFdTtph^CBfChKwTp6nMJ zv@5wLF{?c`tLaIyuGJ-*o^A-&nMlXnN#WToxehwdKn;-f`{=j(ep*4qnbymKTX88- zRC%y}p($1Hi5|EIQ&O<*Um%L<=%)?1TgBL_mueyN3%7U-H*bokM;qiV72A~O9CU!t zkor3Ek;HT;k9G4v7eilkjw#s$B3y^{jBe|cFB-=McPQ6BU%(iqnk_ev8B%KPe@*3( z>|yjmM%mgoaM_?*}0Ta4G(93ja z^>sIXC&!DbE{+%Jz__hS-UP}_;8Jg-Kj(JEHBcj~W@L2g(hQ=owzG+BqEE|tz(9tC zFT!}QO*bmKyfn z*Ey>U+8^#wkxz@Z5A1|^PHxtLTz!RmkCxYY-|EtlR!0X}3TWD^Kc8mVj9I5gR&T#{ zS?=ljEI!&5>G)BhPndu4j(!6Iv2jgg#@Tb(M*%=CA7mmMmjeH#^3y~esFJrrBJ}z_*mO->g6i2tI2Kv{~J+l+ixpER6lUE(eVa)D- zF{&mCVzU3P$Cz7G0ys|Ow>Yj55sGvzjk}q}W6CFl+V^zuu_j9}?+uHQDv1<+-z1F^ zHC?@`=M2S@HE~Is`l+(N)Y4VN-`WHvo2iIs3A=65QygwviAA{ES3T{2%cEb?umiEL zxmwVTTV>w(=wj7EbM@3-e-s}rF1s#JgfM*JmS{yw$uZl1qGkItpCzN-BPpVE3n6qK zg@=wp>|8rNpQL@Q$)Vk4f4D3+y}*vx^f+)VTyAPO$$7kZ{lTxTfC`XQrabvo`QYs3 z+Fr+mcs5A(XD@cqoe|!$K(C{MzROi0H<9(iT?H2 zh~;gc@~rm%*V|?k)w9 z2I=mG4M;cq=fdMT{^Eb{_l=_Bd#>5>&gXsJXAzL&F@V$T+I?Pddw9{2{VlXu zGit>FwRdd2gNl-`)uEB8mw3qze2Z6w2ZzN6+dH)<^V+^vs}Erl<={@QUq_{Nr#uhU zwumEnpjMnUu=zl7V`z;j>-H+7NS2j=rOk8{SGG#uBcf;Hps+V{^!j;9$WHuT3sW+yJ%wbNbICXTQd zeWpM;KH8X^kgYssNcjMF!D4yHFtBpg8*O8923N03Bv^N?YA1*l0mV@*VaPq4uS#g? zsSw6psTn%yOyb%cx)C}9?}6Iuz{}+Z0sFQI4ehI=6=v$w@5KCJzrl+5 zP4H=vjdbhCl^)2s$hyjk5WdIF!_eBb?zcS1){T%i#-0?xGg7iDq6=P=c?9PrurSyJ<)I zPFu5bvL7w?_rq_0of?f?YjnjRH$4CIWO%J53*fs}Ox%hvgJEC2G+7CmbA_mPd$~_^ zS#TH~i)%?bQG-7RVtano%;obb3!#`?57+TX_e?v+TF3@rb4$2Yb;yT~>Tj5mwET-& zwmgt4)5HfCC0+F7I)838jl-YvP<)kS&9my`4b=w`$8pRb9`ApX_4&y@8B5g4rQ+M2 zAp#;>jD1^AK1wx*G2Fg~Ix0sgs`lI6nbyHV%!IBXp1^a~YYfa;w6i(;$`71B?RnRS zd#`EHA-!#hv4_@aV-g7R>284O3JE{ljLr{EjE>`BrS${~&`F1~I7t)fb6qJ$p%Fhe z3{I#(kBMp=8VB_kt9Wg08kk+t>4{yIa3|0U1N&VYhHBljsIRed~~xEZ+4lM z7o=NR>R@rA#ZQCVLQ;N7ni7}FE7|DWP;S?68+v5L9G*D3yI2`XHi_7vw~W1( zHw>~i<=1XX8{?qu{vM)H}_JJutv7v@~_iD9brk;jS zh4)PQm|_bQBRLo0vc#TAlZ7Y@Dvli{X1Z%~xC;<*WX@~xyCTG%q`-AR3*)})2DX*E zy?c%m*f4sMMhR{c?wOR;Y|AP9<@n9qCQePwlKURP}aQdY#Yie39 zmr6{$J@1L+MmagYP5!=Y`16wnI^FKZ;@6Pi1GQ@La!EDHi$uL)99LSxOREpxjwihu z9Iv19!{$MQynhblfqoPHA^lTs`CDvtcG(xv+V-IM@J1su3C`hK7f7nQx>nBGOyXXeWzuFo$L5JJ=)4x9^7{8|uA z-1=L4E67o z#D!xY%3-Q_>+Rm^zh`+KJ}xqhDRb~U^eX^|!12??vo3-!T!Jw=_NYQr6>;;`u5WS( z@Ff3OwOktfYl>*{i-D@UO3dsRiaWW=y3(H$5)XU~gJ}H9T1r}0NdhMedVX-cx@~0A zvZ+Qqk{(oOEY&W@cR9XFKtCfg%bQn=_D(B~wR9jo$&zEjOrzTQP9Efj1BtQVfU>bA zV~$Ckj6idI(b!EIqOENCCnLr3twk+a&u+x>9wH3EHz;6K&brAmu@SP6JMC1<curQq#%*P^HD8V~@op`+mb2E}u3-0LQu<{OKXWu&o zj8)tv%l2LQqtJ7foua&y(<{rIjqx?754Lahu%0}o-Eab&J`7chxJEleV5h=9C`qk3L~m%)`^5y>9;aQs99{L*Q^@shM+nXiCsX@@ zCZR{i*!?>FMV9bUM~$%U`oT*6HQJM7MrAuht)KhiM03igSwngY(pah4Xud!<6TdJH z@m;#@qw<egci~W36HW zMLcLeR&qRydwZ#|(9OuQE}63#Sm4xkWF5PkPTDg!iCHbhl(ZUHl>O$1zVNS%lyyf? zXAo}~@U^iIXJC-gdKMnk^vx;u%_9Lp=sSVLfcgZQp&|*-swZgQJP7 zVO9>{`jG!fdHxb(eZHeFUC^WN6nDXa0m=WgeGBZxXn>s>JcF%W$1`h}{%#eUhd1{e znq|`^*&>4H1H=PqahI3mn4Y2Mzc==J($`Uk)8F!N^f7mWgUGwsK9#)0Dapx8#3{YJ z3iT4D&7`zQl2-Ixj!@6sM1-~t`DT{stx@KWST`8Q8SC^dLfkai-G|n(5RmHnfEPdK z78;v|0L{mQ*LfzGnTE)0)3ocug*=28iZ#C2*h^(`SFddXp5$!!>G9NVo4rx<2TQpR ziLC}L;q>9Msz}aL1-{7i-i)S9qXOOL+p?`|)+TF*WaWxi5gQLFv3WU;m=}>MoCT^1 zu?|IMnztYA0){8&aHV%3(4)rJkJKKyFPm2axl8LOcbHBXWr}W;rvUYy|9#_}F7uulyH1i%V zBF16rI_#qSRs)Dkqg30&w47nUscfUFCZx6VO>;iLQCc|NmA&63Ob>zU^rbm!ErSJd z!PzXuF-B$!LI)LFQwGxVV$NX)46PBZle9nR+t7T0%(*krLXH-9G(n&BIj*-9KJUYO);OF4?bogOWoTk|P@u zg=-vI_mB?PJ}e)oTOhFzHEZ^k4L=cXk7e^reiqpa)X09E2XtrVyP;&RwSFh2^HCx9 zjND=a6nCmAXXM?yr~w0pAPMZjU(8@A@&4UF9;AZr!ql49>XeOTd-wPy`Z8LAiL6A? zT&TG*exGK44EhjmB!Bxr{Rch+Z>r6-v)+sNgOkmkh@Halz60A42T5Q$T`~4B66$Du z;~mQ{J9N$!T+==9zt*=s-5hvOnr7BRnpe)ZUUZ#t?7rF6Omp;aU)66nqmrYkpds3V z75lHV7#^`@x9*y-OK2P}b(L#fq`YMGZV;N_kau%J(vBzA`Z3~Np1vsmwn3tdR4-`} zibuXiG8f8Sdlj53JG8$P6m@Z&A;7pdr?d8f*X3#UKKmp}b()sf&hQ$$4Fl$4eeNt^sbXEUYklkitsw>0v=TjHwnyn){# zr6`lB$eid7Uz!^;g!aj0V)cH}HJv_J&R_F{-Nx(qA1td!y<@rEQ;2Zb>nqeEN3)$O zG>W)i@kKh7t<}6r&)uBx>19F5isoXC5iVC%U-8xqadux??^21Z()Os)Zdl8cEfshn z2XBTiXR5m83cX{MDzt5&soO@*FCq4(<-SI-0Z$(BjAtiXuB=bZ7Qg^!$c%p z`yv*CwFp&JihmvkIajk%0A0;2YK7?{XOY*VJ6QvuecKdT1_OnmETy8(i;t0k*VSI< z78N^;t@4Y)#1tLzTp`8M3PDMGP~OUm!AeIK|-MRunU6U)MW)z||Qk#Ri^I zn65_RBl<0TjwFyXn}@NHUb!N+!aC6>s#tA~eiTJycgY4azkdPIzk4_@cl*G%qa~^I z6O9z6@hI@5JDgYgehAkg+>-Gp)m$uhh>l42`l6l(!}A+sMzp4Wb9-!jyq{Kl z2vzb39xXSQI1?6Wi&zyTbdZq)12lD`>Vva8W_V(KC_)akM~i&oZ+9`S#@II0#-`kX z#)#PH8idBV;w@x2MU(41j4WH=b4~)3<*wsa*;!z)de-1&zv0J316RcduDP<@=4vq6 z6rPq>>#2hp{Brh3r-n&0j3Tny6&pQ`YNDEBT-9&AmqR(J)1wAH4@6c8Y~XNSlt@!MHao zK%HYIpV5Iw#MwDY@`=F;3#I?138VRqwrj&s`B7^gj&6GwLs$Bu3(LMYRChepu{iA# zHrP^fBl<3e9qL)OvbX#XTmSW>wAKe>JCzCjXeY@^;Oh3f*A@JPiNHssk>?Fav$RDz zWH)swNw(9b36ST*v~A)`RpgGaRP)>${KyMNF{BXZapl3vXn*f_U8|uYPiF?ytO9eO zDyQ6}$LG@dYtS2hI~d1}AkNc>I#!>ZX?|laKHHZq-j*Xb(y6Cx;B)*HsPtShSv;*8 z=i%~c0K3;Mme1-oHJI0FQHADG?S-&p8wjjhHUY%M`@xyj|eR4{qVb1+AAd0 zsG{E=SXOUbXh}{`6yLNsuCl-i%f_e!powrj1e^8~AB`JS$JI>=fs5%EcV|R|V(c*e zQ2&c3d=EpxhP36f2*hvhO!e5p}TNS{uFTXHCu z`>+Cgs4lQws@EZv8iVLfDgW3v%`7~~T1V8k7vG=3{g~HSwrTa2)b{&3X~4f2qXZ0! zst9InfUt4HORYKJ85zPt%_hdFSU1+^;29lR;lfuM)W}d)+U13=M+w>nAMq?M*%(n= zK&&te#TA%-XjO)a<=;CWc$8(^OuyLB;EU(;GGe4@Pz;qV{R+NkgTOl*_WM&~Ce&fz zvx@h-EHlsGj{4hRL!FV_G_$RKa9aAA-&!P7tAHbdG~ar7v$FVbW!)v87Rkm*DHjsT zP?xPV*&4i}ul2~)Bb~HjYs8AIwmnX1p|8EXpa%lbhSFVr7+KW3!4PHxolvox^aow? zT@u~LuD)_n#-9E_E3hY9QI%Gnu}tSBZG(X34whl7abMa4`JD`zsZX%w9wa2Hn^UzL zwk4L{zkG zgz<_@bksdQR)627BwGnYW#}u9&tVw-2)T{*Eq$PqS!8oC&1sV+-^kh{Ax*yhP-cU> zKe$rj@o9{q$VuiEU`Aavf<}Mry6J87SwxZOD*}-A=uxc0xhvQ0J`Z_?=B*x*Xf+T8 ztDmk0;W%yuQDd-&9W`tmyB;k2*Ub2-u7*hR9TYzOd1-{1-$AoabceB`WZ!f-EX(r9 zmFDdg%cA3qraT%lx_;d9_S20_vl8Add6$ zTh%`NPRYaVb}Ef!_(+}%R^s5z4g1JUtf2;-dY!F z5enZ8Gf%a_IXJGv<+-avPI^1+Re@l16Boe!HLt-dRnZvm*&y+j~K+8O3@ zGVMk_8^bu?jFkmR2F!yCB6l2)M3oc_KXDy>uJh7;fc3~mlR1Y;udf4Rrj0T0uy>+;TkmB9H{M0kD&)?FS(hO13-63KPNKz@vsE}I z5mZclcoGxDCyV4PC;~#HQ^hp~67SsUm)xcK4-inTgmpaWxMfXcc0EExT=l_zw?b2j zR>N?d#V%2Q1d04OX|Q7-$NZcH5Av?7^#NKBJ{X(4*z)X0cwlVahsQfAuhy)f?N1c! zCJX3{=j%G}S53Lmi4%4NHjq6aEiVdhmQQblVYgc1cfyT}E(*59C*K}gX^!R_eTex1 zp`Kc;3=+l7`mcqxsp?H0z00@Uf3bjOJKc>b*)W?@E^zlGcp(6DpAx8#q! zx3QHRq0XXt-Z)5Pbhv(O<_Vvs-ZxYAF?JoZ^%gcl#MKlxlW6SdM6P-xyoXDlD|C3d zG_k`?Ln^a`?FZ!Vyqe+`-v9qosYn&t>KvdU$>Q)H(+$lvrZnXx0A6S~?`6{La!_8uy zY99!X*xQW=b|pI!)#S<+AjKosSGE%D7NE=aFP{O5vWTdg05gLu42Tgy@F ze*BAf&a@%4t7;)m=OukeD0PJW0(a+cJgcLwKDAq4&WAK-X9y$%o#|HTIx05`K}h81 z1Xuclb%RA`6^mfScc-ybDvQY;RH)02Jem@S`N9Mf7@b4E$E(i}@u1g4jwv*^;MEDP zrAGgz?u2^Di}8#DYI3PdJHSoqDxmk`TB9XAG9l-{6~w76BjJ<94@Vy4*1G}EM{|>` z{WZ{KI=KO?Bm3rhaR3`Si?doC^>Tmxb7meFirfoRLu< zQh(A|foON!0Jqz!p%G#yJ;_0*o!%68^2NK;0RaAC#wLxGCswuxZU+dQxoER6<0D)LiCZbARTC1%HZoTvor+tP`Eox&&dsmtm z3PgJHy0qc@v<+|j5@Y|Baz+rH)^8Z<&zNld%a=AFgM&~&l+2Ga5~+=_;^g-@$`+=V zfOtVl$*Q9y=zL#Sx#3h3tG`dEmk!M>*LwWdz(gL}+o#zLId$39v^Rp9KM2#)ir4!U zTbY9%Y)fZnnT}qRTM4 zzdzca5jTvsI*Mb4z!h}cLqfITkQEa7_>^cB(P;Pd z!+Gtev1u)C8=N_i$%W~hU_R&2R*iCbY(~WWrI8{P5nklR(4N?XZ3A9?rqf}ABsFbC zdcwQT`_JpI0s++;r3WN8K?g>XcHpy@9_#P-yKD{tv@z_pB#%K@@d7>(!eg6-JX>2N zr{6m^{Cm|s1NB!a%2BdI-myg)eJ>hxxc85xQ9iy_GNRB#a9Vt0k#kNk9Kx7gJ!=fj zFMUnweWb|{Nu*dL&!#oM%U&buk;onOxWC**>o=L8C*wJ9^b0!FZ;z*oWNMGhri%rz zp#1N!0(a~V%rN|F>N%f02mr>PK^cYssV3y5T@}L`SW*i&NGoLpFv2M$lgV2vk!SGy zWxd2(br0CaBvu=eDWZ+-3`R=Sus9iwztY@}X{Y&MCgMsF@BW%IH-- z>ZR6R`ay#@wXgJqa?=*wC;2tb=ly^a5sLyhf$>--*-mMY5v6qL`$uh`S+m668!9$h z^SN(H)gLFem}Uwd?pZ>sJkx=n8X~+TpH(ofykJ0GCnRjbvx$l>o+89VwYpp3)4Yr% z!eET;qJpwca*C8Sl3Ow}1;dXS_LJ?xyWeEnM5=?(=r#*_Es=MhcGQQX$5)1mTIdO# z*0Rp;A8h8#{+RQ)wW*`dqNJi_P|Hf7w?|qhiYeno(ByZcG)Es2iHW2_&wmHsDTIf1 zL<{8efFI>f9Jh;WgC}3uyu>S^j)@)iB%3;CZ#o-md@dH#9pTL`)aFPY@@77*Exl{% z3_j6#5MWA>h+XXG&_jq^c-z3yX8deYd(@_l=IISJtHMH~^7u%d$slnS(*xRq>!N() z)~B7)^Vt>Jvk;N_7FK{O*R8^Pbaq||c#htm2PV;aiZnAquF?;`BW+PklJ`&$&=!kl zJ%|dQeNHYOR2M~VOh@fH*A&PowT7>*ohV{Nhul(8XGvt*4mPNw6OU#uVt*|0f)s6A zpewc~Gg*3QQxXRXD&USaL&nOWedj(oI+ir*AED_(CxhU)<#h{Q3l}{sM4)~`?TjoF zuTj|5C27!IbA`%XHMWq>63?8YFD_$o9&H70HWqBGijg4cuTlng>pCpIm}o z9f-zAOxzf-eoddD*3I(*c#M)E4Wa((LdcXFyR zZ&LQ}E9ALH!nfrGhk?cUH0pRfZZ>(jKP$Y?qd2dKP9fpcznBxm#Y_9g6O9owHN@Jf zdFQ_~N8#u4SUlc0e@`OSQX=@7YT~T|3NjrpR@We{5m`{)?RStJC6pN8+TRME^-SC~ z711bGQ-;H4Nvw{TzXuF*zaQUE5VLb|!!wXe!s3;?F8BJO+z+*#7M8`aauKO<m(jfXF7;LwvSDv+pDvao#N&!?!e%n^t{x9bn*HOFwc-x_b zLu?-+Gnc?zG4mCx-NB^6OsAH=u$m0}%JHJU)<{)j`b;Mkqw%u} z5c(|obl)#}Er3(gMbx~pLLj?zawDQb`<-Yohet`M4U~!cs-@nf6}9aZ!PG5g{o@Ls?lvrS40#`KEHj1Qwy5~ZcUj%#bIY|N7Q-G^ zO5PSe^$YXWQH&c~IA{>&J$HETk@4N@QZuEQT5Ha3koX}J@v1`qA|@Bmk^sg7Of3Oe z%lo-hiGF;tItL!1v3dq@Q=L5wyTP=UznC{YUVp`(l#HKs-Z7$4EMI*fFHG=V6wTUL z6-=?9jofS^;X14>nAy=P5gp9eJN}$XC>DI1v8wZk2U=P7PX=-J$@s|C+fMP7EGP1d zPR2CE$E}7B3KWUEQ+9F)1(|rZpA0NviC&{sdnB4JpA+^B`;{3!rjqE#_k7G^4l$#3 zgli7hFxx&hb0-b->WQNtb_d_3fN+h&K?8{ZOKtjl_Z47Qlvv<>USsW9Iu}zcR54;Nh_zP@0yZ;W7Aufiq2XpxD9w{zK zJqcY?l`&n-s`abBLimnZTA^SjhDui{zL|VZg>{^=)Rs;)k>9%Pg9$%$SiKcaOWAF z4SZmGM~(vP=4>Bnkoc;HA#@!H%f}*M^O*CIwMb$wu zkKMex@XNfbgzG~#=5&G^9*tG*s{~opj;p?}p}A=fa=WMBA9E`R^XwKE}^~oPld07DV)_4!L zvv0PQYD7&tzy1zvpJ#d&vae?iCxQf`3H8jPfn0 z+${UaRoFehaW1NAeE3TwB?^4H*xoCqZ_c{xAS}ao(6m%gGe4Y3gYop}Fo%uzv)4kq zumrh^SHVJqP`=f?glxTZp3I)Hkou?Oxps1w6W2jJuew(6_59A~{l zH(-4R4R?pGgy$EU*iW_E_65bE!0?kwIUu=UVo9yW2OY167Xp+(*}<-3!7+yX>5alh zXLcO7*6ViygwD3l0V2M#XVph~R;U{=|EMI!Z^j5;4@NGu8}8tAcuEdD;CRvQi%KIX zXDF8(FuE0%sr;UB;i8@`uwZ`~7i>5+xmqbcxzp~ShCQI=tI7p8S}#{1LREoML`qxN zVnln2@pLwxZMmM359MW7O_u|qlWqw*ox8WGDzHWXla9gv3UvAFL)U~?n&Rik!a?Ln zHcU|$)LP`!4{TL6#X_j~DXU|B+X;(9{kUK{P*w z?Rk?70UfI<2AB-3EMLQldQIo*qT>=||Dj~h$?WcI>eaFM_^9ZxFFLbETk)IRy@8ci zG4}ATGajmzOYWITCi@keZIkxtz`R1~K(+pCH?>}BM=KCiU*eJ>gJ671N^Y@TzBrcd zp@#UWvS?K=ly>C_N!6ldOrHN^I&znFw3MdT&@0jYwDPx0v-29rs+XleD`OEb9~W)q zHK%dDNpl1Cv}l8G2DpUS!k3WA(t&hOOmIF|F3Ud(q%pM3ZVf;lHE?QIU>=Uh_< zLKNDJKG5BE7f|6G-h1hlv}R_O~ox{v!PqtkHTUo1&*-{B4m!bK;@;0eQ9kA5J8&)Fy5DzYco(i#9w%O zXng)>>2=^3AcfJ&t4)=f9HLMSjZWpGLptQt=eN&3HMH+(geD2qRh`wG>ZRxiR@VK^ z`S?+9mW=WSe5)s??F<}33a-pQOlT?_u5x)dC92j)rjZfVN~C*rlLNaa4FKRQ?D?%Y z=LesI@Rxh_$6jd}daWWEPFX}mGKPtY_+jP>#PVr6B zg6M*#^=+%!eVhVYBhjEIYmxfLT(_d)sSS!)T2-iTF6HU;ThZ{3V2#wbu}BtA=2o;Nc|kW z&<%VlJ@G17Cp?_?#vM8$8CD0uiFk=E7Yu{&$939(iUj@3%S2!(8PHZUvaejZ;C>GM z1qi-~mEjlN3ZfCaDCyU#THbbqh3{}z{>8V&yzWog9c=qi1XfS!tRGQa!$s5dn`^F2 zhM<;8yMRWJ z0|n4`WRisEK-uxS`GD{d5Zec$dA-o5!TmMnF4$6J z?-^mh%#I*9()M01naK^U1|2k=QZSq*Sg$l~%nWbdM5mC#22}|;e=8iOXg*^HA%U{u zBeBPKP^GMlKEM(7lMG}#_JNoZIQ{N|uqh7|$e&^Y4TPvUKorj&+`L;W@mHe=ff9|r zP(N$W{~ ziVDNw<%zY*OHCB0kXxiga8w=U-7n6eZ$Xh~kphv|#phsRIvhvI%25ct7Qd`T^D8cg zpW-g4=sk?Tt`AK~hAc$Dx1a-y$>e?XHPOaIyq=uWg{ehAZ2*pCA_Q}~$@?Meb6{RC zgOyiFCSdU0A84?MsK8Phpj;BTT$q6#c|&>*1aRt-z~wR~B}W1EwY1#V&|l%kr8z;@ zLH(%#NuDP7QocW_IcrYq3%C;sNvU;Px7$a2-T%kdaIZ#Isl;I@Gq)HyT*OfbUlDYHOxS1AId$q<^(C!t%siSc)am%B79 zhmY;G9`FHbhyBvW)HVYhO=n@1Vv7ebAE5$cj1oZIK>!!G60x2lssEP8)SUaV?r4)c zZ^dilFlyZQp{!mFt+eVel;`Zhv;9MMqm@!eG{zP-X25shsb=Xya1TuD4z5_vGuSp4 z?xu#9rs!1!&%|}^K3gd-I*w;Ja`_n3zv8rLXDMQDdX)IOoe?21Uaprx0!;wz991A# zWr^}?Xx?_u4hDXM*CfxRr2|)-URPS--N8tdoke3KR-Uioz=M#LM6AMaP*yN7Wd8Cj zCDQ~jlOZnER9|cEqadr~Rt-J3Mij8>xkR<3Bz!T`0 znre+-=80L6)4{r!@>bnl0(W4uK9w+b{8TnqGk&bt&R3Q?dHC&ZL-*6>(NXikLLmvm zxoMl7cLw_y6?&Tr%8#IrlUWTI@lX}hm0O&ztXTkop(vKg52-eClj~+IEp9?nBllX7 z*KZHomsqee%YUus`=qWu8v|I^k=Gjvg5$P7VBd(lIL;Ulm#Q|Aswa;Mxf<`7-9@F; z!11_U&RWcF{vzwc3Z|u+oD+3!lF?2~X4u|IZODcUjK zhxar!TvqiKot2rIDwv#vR8ShV@midkFNR$Tmm9wh$l0IsZM%QFoqwR|{e4yuu%_XC zCdG}#nI8g7%DeF74$Dn!c{A63)GEibV43hmXR9hvZ-k)3%f=5dU^$kp><@cOlKYd1 znt@xx2mqZkc^Ks3wTtia^?Prn4JTyB3?Gs#4wj_Ogf*SrUkTzO?<U>6WI%cP8RyjLq2g)tH)6ECeA~Fv z_K82!ywd}scxNvXm!8QDK)ndtQ=5OZa%^PTZN}N$*+9;)R21SJ-q&Xdf1h>SP-J&?xvKwpLF4d5&z+wMdUr!Tx(ep__*>2Gt@C0q%KFusg<&0iXQI%Wq>%Jz1>aLrwr}?X>s1;eD9)Jn<|H z2s&q@C=c)tfiz#zt4aC?irF!fX=Ha-qDsP@cSc2Enj__BrP_8ACb1yLOQV#3Ic{_} z^G7y&a9V@zX2nU#PUP^N4i#D*Pb|+i-_E(FUL9(y9tZ8Ws@!D-@LJbmh+o%X;fEQI zeZC027Z{|L0ZxcD)q;+G{q<{|Z4GIW8u18&cbd}#MwYSLkd zY=Y<^O|be4Jh21F&_`LmkP>`xRUUnu_92 zcMEv9QF-|L;2yoyb!e^0XhN38pLSa8_g4VXjrEFz@q&+>S3*lP?1$Ap)h1xas-UH4 zC`1Jt7m8o~E^(ENUx&5%J<#&Vhwe1D;(=59A~^Zd62!>C8AOYv8`I#&D9e?A6z^P$ zVJ3(VK&lTB$Bnz}XW2im+UYaVJ=`JPKmXv0+m1C?9t@c*Es^*uDN2iy|c0W3{7M-GwM4;?N$E?Vk;@g2X zhTDD$$MA*OsJA*agl>(XVN2?Lv*lC;!At~!pI1Z%?YWrYZ64XdO(0?kq)VJK7_>w( zGUM#)4Sr^Mtjg>_vm^E_tLv}l4Cr!J<~(B6aKf1Y+~US#*N;ireg)Ewz|(S3`0|c=`0^Qxcxk5JdG1_F%?9h z2?Rs}A+P{^aF3C7iL zdQtjaEFji5+(cKcW>MgYBWKlciKvl!KZ6^n+>PymB&L-uYTT>S_= zh4Lhb?x)lp(T4tl@%_2}QHe)`ayP2@O1{XwddeMkoG(@mgcg0HID*``*6yGN_GB=k zXhgWH*5sY_fUhme|5uOEpp;fjW>t%pdXEGh_FP3;H!{yU>Qx;TXM}n;nFF%WdZn`$ zs#1vD=1R;-+v{p(;%)r8fK?0P|9zRHZo~lTql*Ii-eB^*07i#6mOeKypJbj=Q1T+_ zb(FJibfyR9gtZ3e>$NmL_b3dx#cpylaPs3Jx!--%0!s?z5*z28h?7z$rAGYb5mRbl_GqbAVj)jbsB#>;eP4x(CSC@w^Mk&ni^sAhF6x`mCzFz_r|)9F zILQJh#SIRFIW_yuWKQ4b`D8j8B$O-MC8472Wj%K3fYBf=8P?KX(W;i%uN_BnsA`6V zpiSAXnO#c2N$>y6h(V6@WIL>JC+T1}dk8qB*!guPlRzc@Wf=8)vYD4nYLjSeJG(Uh^~gFqu>#Ld zEYT0v_8tm2C`B7Sooh~`3ClC-(b+zL7qmDqWJ*eAZt&^L7bWm1siK7VMdUObMOgEK z>Zg;sME8y-^81DP6=KLD(!VerFiXe70GXmk4pX^dAuln>#-p!z7>L12^W7aysqB6b zn`9ZcwqO?qK2tNgE#kWF2SDqkIn6hglRdnR7fmO+VUj=%(1XLxFh;J zd0<}bf4yLcT9f36as4aQ73@jyw795u04!gb=kT@=D{_w(_y6Uy&S5Rdf(g$3KmqhQCV(i-+-ajv~w_ha$ueb@ zdRz%RXixri&;HLXI~`Lu6A-Bp4obo`2Not+At$gsGndW!I0o+?Qi+iB<6P56rh;

@%ZXd14C}xWleV)F3NHn+SPw`QbVr<=3|03x zw;DNyt!$M|-6gi}py(z6F}F2+>)7C1e{~Ys%C!%LJO?73NjLHzPCFA93A8aN7M}&A78Q(Mg8DUJsqu3_RRe z<>axUTWiU#XgvZwK~TEckx+s0Lc%<|lKVt{nn=6K=e??TvKiAJgmm5FnLXd_&&ZlK z{G~*`+?$eiKTNdjmq_g>cC(cAC!McrxK^%kCG?@qIgAo6 zH{;~6w3rrJrs|Yjg}QQ$DEA$g$2S&oMUI`(qvlj<{ru(|b)3nBKQ?@+z=&FzEZFu` z9LS3%M_MwdRU1~TmW@FCP=VEO2xrR8O;cWNEQITDL`JDqmmDp#;=bO4Nz?>CkGVVat|t=~h{7z{FF4j!l0 zS2dVAsSMC^vRa7&WO_uVB~+r`&ycq*Ri~e&f^B=0w}acMC%0C)BjM#g31g9g=j6)PaqPJ>-M$e>B)#UELMJ!`c` z7IU}x$V4x9<(ZI;u`Zc&rPoWJqy@Nlb_Zfe^*gI~vrxQ^Eqs|O3%c+E07BZnB(P8c zWjt4(^?~QYBsTV)8_6wt!{fs~l47Oa;m?lK_cIw4hjPu`*^K(W$raDcY&xWupF4-^ z2t9u)AU6~8NL|ygC@NX4%u*&ti&vI`z+u3QZbS)o6w4ZYM7Y&+7rvP9*Q;qJuQ}B! zF6rY^mFEu3mgiWS%y*bI9z1<>oV+gJ>r39^olH0LUeqGQAaT^Mu=qbESQ+kkjl*ThTxy~LN9WU} z0Xt2>;)l?|{yXs-NN#D^PG2~tc^ec%86GMudOD!|Hg&qxmx6R*!>LI^TkiaJ=J z?C(Cnhw-eZrEF)sGAsbcNJu3CkN-cF&?N)-F$+^lD<;T~A0!~YDVG8(m;Rju1Li&h zeRsIl0j3~D6SdgkpVjzD4YH^N%1;m|MVA;BX~22Z4GXsZT@4a|ZFya|kqSd-&oDp= zYpGPpKgz%?g`+c9{qZQlosEJ56LIehHTpZnH8}2d1|XHNLKOeNI)A`TSQGc}YIgC% z@=Oqaswn)*I?$W-3cooIOMCp)*ZdT4C{*wnn)~LB2oQ9zV|#TOjx_tbn$Lk~l|&F) zHxHaK4JOcn6$s?`qYR1wdl;dsj9{TWTdBYze<>A-|3@_-bP`x7?ZP#q^YD=6gHrBA zKV12<8eb|v9_!|)n_QqXslb@#-}@m(@Mkq%1K$LV#LJkgpm7wWAVrrz>|+?N`#mBP zumV6SpRmt0@Y)*+Q~>(#MnGpt_#c7a1Bl>1^6;P2YPcYv?fE+eoZuM&7_Kh#ICD7D z0jf8-I^oynVF|k5T|rR+ca{3Oelf`Zf74aaKb8D{?JIN=7!wwxFao@F&{d$j?|q}L$P4Hu~<0lI1yP22A8^8dZ7zQIC;WGXQ@ z|FrU)E6iq>*!dO}32IITQ3DeBa`tu1*VOr+Z&?3d_ACA_UgU`Xn=`GwpO;+K2FGth z7xY5@9Je?8&6xLkb!hYo62O-6_h9|~81U{))%+b#B+Eb3;h&lD?15_%I1a6ESi{8a z|9Cy$hhK&lneRjO_f`w=$3KdHKn14ei`U)6|1IyoganeP{!7Lb0Wi%qiG+*v&*k_# zZ`W_|k@8C>=I=TDtJ3iPV+1bq*^0f$*$9n)v%MDHP;uR1Znc|NhIL`6q0FjpP9@A{#ziey_T}AB|{0g@**c zocqt8z{Ye0UiFG6R{S%+-*rM$glU<-Jd$VGLI2XMzm!^h=>A*AZ%p7*HA?E?wSRf% zudH9fr{RwBYwG_}-)pZ3!TzmAc=Zx2;rVx6;76c8c@7-~%TGT(6NLQFg0ta3|K%sO zZ~pTq&{$J20N?b#5&ySN{KfdvQ@VNmztzbTgx|#uKt7LPq3OT7_V;6H7--I4j?Mop zI1tPyLFB)-u0N+$THDfCyZC>-JG zd#3F7pB1%(=jXrMQ2&z`bDe_CR$A%gh7Y#RX|;b#8$!ou($4FNt) zc)CZD>*)V!{{Gcs{!6enrn`Gf&)?1br&>TI0T{sMrjft)xL@|q-#-&ez|F*c*!}0N z;CC~v;Av2nr>FlP!*wP!#)HhKXcPlr_J0g!D?FHU^&!N6noRJ>eL00ntQu0T2nyVM z!$j~|l;Y|@qyWyq1;efMAgjE)Wd{-Dq_@!!)!D3@IW|CSyb8>BC_rX={c3hiICM$L?W#QI&qziR6G={z^mn{f;p_`B-A9{63* zND=$ChUfoj)7cLRxo`YpYg;(E|7a}yLx3WGgT&Zqnbp6iF9qqRaNn$B{naynmE&3o z3f@?4kNs6q=#ST)H28V^OJ| zo-N*=ydfAfX!iVM0l)uuBLZXY)J$SchexcNZDsuZqd1R&o#=t>`F2I^U_%sN`_>1&Z|=n6%FL83_sF5Z@TcE1OGi2l6ac^ Date: Tue, 22 Aug 2023 10:53:33 +0100 Subject: [PATCH 041/108] copy DC1 script into remote script --- .../SRE_Delete_Unassigned_Users.ps1 | 70 ++++++++++++++----- 1 file changed, 51 insertions(+), 19 deletions(-) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index b6181c965d..90a909d40b 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -8,16 +8,29 @@ Import-Module $PSScriptRoot/../common/AzureCompute -Force -ErrorAction Stop Import-Module $PSScriptRoot/../common/Configuration -Force -ErrorAction Stop Import-Module $PSScriptRoot/../common/Logging -Force -ErrorAction Stop -# Get config and original context +# Get config # ------------------------------- $config = Get-ShmConfig -shmId $shmId -$originalContext = Get-AzContext +# $originalContext = Get-AzContext # Extract list of users # --------------------- -$null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop -Add-LogMessage -Level Info "Exporting user list for $($config.shm.id) from $($config.dc.vmName)..." +# $null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop +# Add-LogMessage -Level Info "Exporting user list for $($config.shm.id) from $($config.dc.vmName)..." # Run remote script +# $script = @" +# `$userOuPath = (Get-ADObject -Filter * | Where-Object { `$_.Name -eq "Safe Haven Research Users" }).DistinguishedName +# `$users = Get-ADUser -Filter * -SearchBase "`$userOuPath" -Properties * +# foreach (`$user in `$users) { +# `$groupName = (`$user | Select-Object -ExpandProperty MemberOf | ForEach-Object { ((`$_ -Split ",")[0] -Split "=")[1] }) -join "|" +# `$user | Add-Member -NotePropertyName GroupName -NotePropertyValue `$groupName -Force +# } +# `$users | Select-Object SamAccountName,GivenName,Surname,Mobile,GroupName | ` +# ConvertTo-Csv | Where-Object { `$_ -notmatch '^#' } | ` +# ForEach-Object { `$_.replace('"','') } +# "@ + + $script = @" `$userOuPath = (Get-ADObject -Filter * | Where-Object { `$_.Name -eq "Safe Haven Research Users" }).DistinguishedName `$users = Get-ADUser -Filter * -SearchBase "`$userOuPath" -Properties * @@ -25,22 +38,41 @@ foreach (`$user in `$users) { `$groupName = (`$user | Select-Object -ExpandProperty MemberOf | ForEach-Object { ((`$_ -Split ",")[0] -Split "=")[1] }) -join "|" `$user | Add-Member -NotePropertyName GroupName -NotePropertyValue `$groupName -Force } -`$users | Select-Object SamAccountName,GivenName,Surname,Mobile,GroupName | ` - ConvertTo-Csv | Where-Object { `$_ -notmatch '^#' } | ` - ForEach-Object { `$_.replace('"','') } -"@ -$result = Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -# Delete users not found in any group (with exception for named SG e.g. "Sandbox") -# -------------------------------------------------------------------------------- -Add-LogMessage -Level Info "Deleting users from $($config.shm.id) not in any security group..." -$users = $result.Value[0].Message | ConvertFrom-Csv -foreach ($user in $users) { - if (!($user.GroupName)) { - $name = $user.SamAccountName - $script = "Remove-ADUser -Identity $name" - Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg +# Delete users not found in any group +foreach (`$user in `$users) { + if (!(`$user.GroupName)) { + `$name = `$user.SamAccountName + Remove-ADUser -Identity `$name } } -$null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file +# Force sync with AzureAD. It will still take around 5 minutes for changes to propagate +Write-Output "Synchronising locally Active Directory with Azure" +try { + Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop + Start-ADSyncSyncCycle -PolicyType Delta +} +catch [System.IO.FileNotFoundException] { + Write-Output "Skipping as Azure AD Sync is not installed" +} +catch { + Write-Output "Unable to run Azure Active Directory synchronisation!" +} +"@ + +$result = Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg + +# # Delete users not found in any group (with exception for named SG e.g. "Sandbox") +# # -------------------------------------------------------------------------------- +# Add-LogMessage -Level Info "Deleting users from $($config.shm.id) not in any security group..." +# $users = $result.Value[0].Message | ConvertFrom-Csv +# foreach ($user in $users) { +# if (!($user.GroupName)) { +# $name = $user.SamAccountName +# $script = "Remove-ADUser -Identity $name" +# Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg +# } +# } + +# $null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file From df8435b4f3c1f696db828aba60aa71455e932c62 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 22 Aug 2023 11:15:29 +0100 Subject: [PATCH 042/108] remove commented --- .../SRE_Delete_Unassigned_Users.ps1 | 31 ++----------------- 1 file changed, 3 insertions(+), 28 deletions(-) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index 90a909d40b..0b8d048cbc 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -15,21 +15,8 @@ $config = Get-ShmConfig -shmId $shmId # Extract list of users # --------------------- -# $null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop -# Add-LogMessage -Level Info "Exporting user list for $($config.shm.id) from $($config.dc.vmName)..." -# Run remote script -# $script = @" -# `$userOuPath = (Get-ADObject -Filter * | Where-Object { `$_.Name -eq "Safe Haven Research Users" }).DistinguishedName -# `$users = Get-ADUser -Filter * -SearchBase "`$userOuPath" -Properties * -# foreach (`$user in `$users) { -# `$groupName = (`$user | Select-Object -ExpandProperty MemberOf | ForEach-Object { ((`$_ -Split ",")[0] -Split "=")[1] }) -join "|" -# `$user | Add-Member -NotePropertyName GroupName -NotePropertyValue `$groupName -Force -# } -# `$users | Select-Object SamAccountName,GivenName,Surname,Mobile,GroupName | ` -# ConvertTo-Csv | Where-Object { `$_ -notmatch '^#' } | ` -# ForEach-Object { `$_.replace('"','') } -# "@ - +$null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop +Add-LogMessage -Level Info "Deleting users not assigned to any security group: $($config.shm.id) from $($config.dc.vmName)..." $script = @" `$userOuPath = (Get-ADObject -Filter * | Where-Object { `$_.Name -eq "Safe Haven Research Users" }).DistinguishedName @@ -63,16 +50,4 @@ catch { $result = Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -# # Delete users not found in any group (with exception for named SG e.g. "Sandbox") -# # -------------------------------------------------------------------------------- -# Add-LogMessage -Level Info "Deleting users from $($config.shm.id) not in any security group..." -# $users = $result.Value[0].Message | ConvertFrom-Csv -# foreach ($user in $users) { -# if (!($user.GroupName)) { -# $name = $user.SamAccountName -# $script = "Remove-ADUser -Identity $name" -# Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -# } -# } - -# $null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file +$null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file From 3b9c1c10aa59076d08c44d3e413f1cdf9fb3988b Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 22 Aug 2023 11:16:50 +0100 Subject: [PATCH 043/108] move script --- .../dc1Artifacts => administration}/Delete_Unassigned_Users.ps1 | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename deployment/{safe_haven_management_environment/desired_state_configuration/dc1Artifacts => administration}/Delete_Unassigned_Users.ps1 (100%) diff --git a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 b/deployment/administration/Delete_Unassigned_Users.ps1 similarity index 100% rename from deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/Delete_Unassigned_Users.ps1 rename to deployment/administration/Delete_Unassigned_Users.ps1 From e24c15d1a553fd0c5792de4ac1d7ef9b76d0df41 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 22 Aug 2023 11:37:21 +0100 Subject: [PATCH 044/108] invoke remote script from file --- .../Delete_Unassigned_Users.ps1 | 2 +- .../SRE_Delete_Unassigned_Users.ps1 | 38 +++---------------- 2 files changed, 6 insertions(+), 34 deletions(-) diff --git a/deployment/administration/Delete_Unassigned_Users.ps1 b/deployment/administration/Delete_Unassigned_Users.ps1 index 46dfe1a920..8bc3b35115 100644 --- a/deployment/administration/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/Delete_Unassigned_Users.ps1 @@ -6,7 +6,7 @@ foreach ($user in $users) { $user | Add-Member -NotePropertyName GroupName -NotePropertyValue $groupName -Force } -# Delete users not found in any group (with exception for named SG e.g. "Sandbox") +# Delete users not found in any group foreach ($user in $users) { if (!($user.GroupName)) { $name = $user.SamAccountName diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 index 0b8d048cbc..d59d9ed9b5 100644 --- a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SRE_Delete_Unassigned_Users.ps1 @@ -11,43 +11,15 @@ Import-Module $PSScriptRoot/../common/Logging -Force -ErrorAction Stop # Get config # ------------------------------- $config = Get-ShmConfig -shmId $shmId -# $originalContext = Get-AzContext +$originalContext = Get-AzContext -# Extract list of users -# --------------------- +# Delete users not currently in a security group +# ---------------------------------------------- $null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop Add-LogMessage -Level Info "Deleting users not assigned to any security group: $($config.shm.id) from $($config.dc.vmName)..." -$script = @" -`$userOuPath = (Get-ADObject -Filter * | Where-Object { `$_.Name -eq "Safe Haven Research Users" }).DistinguishedName -`$users = Get-ADUser -Filter * -SearchBase "`$userOuPath" -Properties * -foreach (`$user in `$users) { - `$groupName = (`$user | Select-Object -ExpandProperty MemberOf | ForEach-Object { ((`$_ -Split ",")[0] -Split "=")[1] }) -join "|" - `$user | Add-Member -NotePropertyName GroupName -NotePropertyValue `$groupName -Force -} +$script = "Delete_Unassigned_Users.ps1" -# Delete users not found in any group -foreach (`$user in `$users) { - if (!(`$user.GroupName)) { - `$name = `$user.SamAccountName - Remove-ADUser -Identity `$name - } -} - -# Force sync with AzureAD. It will still take around 5 minutes for changes to propagate -Write-Output "Synchronising locally Active Directory with Azure" -try { - Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop - Start-ADSyncSyncCycle -PolicyType Delta -} -catch [System.IO.FileNotFoundException] { - Write-Output "Skipping as Azure AD Sync is not installed" -} -catch { - Write-Output "Unable to run Azure Active Directory synchronisation!" -} -"@ - -$result = Invoke-RemoteScript -Shell "PowerShell" -Script $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg +$result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg $null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file From 65b2da95411816dd4c76e07c6439720b3d7e9912 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 25 Aug 2023 10:41:55 +0100 Subject: [PATCH 045/108] rename --- ...elete_Unassigned_Users.ps1 => SHM_Delete_Unassigned_Users.ps1} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename deployment/administration/{SRE_Delete_Unassigned_Users.ps1 => SHM_Delete_Unassigned_Users.ps1} (100%) diff --git a/deployment/administration/SRE_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 similarity index 100% rename from deployment/administration/SRE_Delete_Unassigned_Users.ps1 rename to deployment/administration/SHM_Delete_Unassigned_Users.ps1 From 502678d7c8d9cdb5d51abed70b920ee493e76de5 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 25 Aug 2023 10:44:02 +0100 Subject: [PATCH 046/108] move to remote subdir --- deployment/administration/SHM_Delete_Unassigned_Users.ps1 | 2 +- .../administration/{ => remote}/Delete_Unassigned_Users.ps1 | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename deployment/administration/{ => remote}/Delete_Unassigned_Users.ps1 (100%) diff --git a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 index d59d9ed9b5..cfaddec63a 100644 --- a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 @@ -18,7 +18,7 @@ $originalContext = Get-AzContext $null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop Add-LogMessage -Level Info "Deleting users not assigned to any security group: $($config.shm.id) from $($config.dc.vmName)..." -$script = "Delete_Unassigned_Users.ps1" +$script = "remote/Delete_Unassigned_Users.ps1" $result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg diff --git a/deployment/administration/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 similarity index 100% rename from deployment/administration/Delete_Unassigned_Users.ps1 rename to deployment/administration/remote/Delete_Unassigned_Users.ps1 From 04a19125eeb6cc847943fed05b654420ea5a8085 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 25 Aug 2023 10:58:00 +0100 Subject: [PATCH 047/108] force deletion --- deployment/administration/remote/Delete_Unassigned_Users.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index 8bc3b35115..948c614c56 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -10,7 +10,7 @@ foreach ($user in $users) { foreach ($user in $users) { if (!($user.GroupName)) { $name = $user.SamAccountName - Remove-ADUser -Identity $name + Remove-ADUser -Identity $name -Confirm:$false } } From 4e347e2708636349177ef6efcdf547439bf08275 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 25 Aug 2023 11:03:26 +0100 Subject: [PATCH 048/108] single foreach loop --- .../administration/remote/Delete_Unassigned_Users.ps1 | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index 948c614c56..be71b3bd52 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -3,12 +3,7 @@ $userOuPath = (Get-ADObject -Filter * | Where-Object { $_.Name -eq "Safe Haven R $users = Get-ADUser -Filter * -SearchBase "$userOuPath" -Properties * foreach ($user in $users) { $groupName = ($user | Select-Object -ExpandProperty MemberOf | ForEach-Object { (($_ -Split ",")[0] -Split "=")[1] }) -join "|" - $user | Add-Member -NotePropertyName GroupName -NotePropertyValue $groupName -Force -} - -# Delete users not found in any group -foreach ($user in $users) { - if (!($user.GroupName)) { + if (!($groupName)) { $name = $user.SamAccountName Remove-ADUser -Identity $name -Confirm:$false } From fa45085014909a463b4ee23c265d96382e5f9418 Mon Sep 17 00:00:00 2001 From: JimMadge Date: Tue, 29 Aug 2023 00:16:32 +0000 Subject: [PATCH 049/108] Update SRD package versions --- .../packages/deb-rstudio-focal.version | 4 ++-- .../packages/deb-rstudio-jammy.version | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-focal.version b/deployment/secure_research_desktop/packages/deb-rstudio-focal.version index fec4214082..7bd5475442 100644 --- a/deployment/secure_research_desktop/packages/deb-rstudio-focal.version +++ b/deployment/secure_research_desktop/packages/deb-rstudio-focal.version @@ -1,4 +1,4 @@ -hash: 49e24a6956f9f12ffeded493f571cd39f3e6c89411fc60d3bb228661793320da -version: 2023.06.1-524 +hash: 9bedd474cc4060b5167c0a3d8e644249a90594da9005c4909aca1cdec58840fc +version: 2023.06.2-561 debfile: rstudio-|VERSION|-amd64.deb remote: https://download1.rstudio.org/electron/focal/amd64/|DEBFILE| diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version index 6c96a9ac17..3525b57eb5 100644 --- a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version +++ b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version @@ -1,4 +1,4 @@ -hash: c030ec8338f1c76b3ae27997ec4411a0af43b2367dedb3d48e95c319b5425698 -version: 2023.06.1-524 +hash: 2ae36a768da9348426cf299347e5a712f6969438268ff3db246efd8c0d4aa7e3 +version: 2023.06.2-561 debfile: rstudio-|VERSION|-amd64.deb remote: https://download1.rstudio.org/electron/jammy/amd64/|DEBFILE| From 90d1433d300fbecdc35e5d6163c02c8378df0be7 Mon Sep 17 00:00:00 2001 From: JimMadge Date: Tue, 29 Aug 2023 08:51:58 +0000 Subject: [PATCH 050/108] Update PyPI and CRAN allow lists --- .../package_lists/allowlist-full-r-cran-tier3.list | 2 -- 1 file changed, 2 deletions(-) diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list index 9e12103115..e59220fc4f 100644 --- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list @@ -156,7 +156,6 @@ gdtools generics geojson geojsonio -geojsonlint geojsonsf geometries geometry @@ -235,7 +234,6 @@ jqr jquerylib jsonify jsonlite -jsonvalidate kdensity kernlab KernSmooth From 0ac99dee46b633a6d5ed661bfd85f91c195af861 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Tue, 29 Aug 2023 09:51:37 +0000 Subject: [PATCH 051/108] Pin packaging package version and fix rsync typo --- .../cloud-init-repository-mirror-external-pypi.mustache.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml index 14f71356f5..0b38914c3b 100644 --- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml +++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml @@ -122,7 +122,7 @@ write_files: - path: "/etc/cron.d/pull-from-internet" permissions: "0644" content: | - # External update (rsync from CRAN) every 6 hours + # External update from PyPi every 6 hours 0 */6 * * * mirrordaemon ~mirrordaemon/pull_from_internet.sh - path: "/etc/cron.d/pull-then-push" @@ -313,7 +313,7 @@ runcmd: # Install bandersnatch with pip - echo ">=== Installing bandersnatch... ===<" - - pip3 install bandersnatch==4.2.0 + - pip3 install bandersnatch==4.2.0 packaging==21.3 - echo "Using bandersnatch from '$(which bandersnatch)'" # Initialise allowlist if appropriate From 8d548fdf8a1391558b442293868f4d1aa4f151e1 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 11:37:47 +0100 Subject: [PATCH 052/108] add dryRun option --- .../remote/Delete_Unassigned_Users.ps1 | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index be71b3bd52..cc492eef49 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -1,3 +1,8 @@ +param( + [Parameter(Mandatory = $false, HelpMessage = "Shows the users to be deleted without performing deletion")] + [bool]$dryRun +) + # Extract list of users $userOuPath = (Get-ADObject -Filter * | Where-Object { $_.Name -eq "Safe Haven Research Users" }).DistinguishedName $users = Get-ADUser -Filter * -SearchBase "$userOuPath" -Properties * @@ -5,7 +10,12 @@ foreach ($user in $users) { $groupName = ($user | Select-Object -ExpandProperty MemberOf | ForEach-Object { (($_ -Split ",")[0] -Split "=")[1] }) -join "|" if (!($groupName)) { $name = $user.SamAccountName - Remove-ADUser -Identity $name -Confirm:$false + if ($dryRun) { + Write-Output "User $name would be deleted by this action" + } else { + Write-Output "Deleting $name" + Remove-ADUser -Identity $name -Confirm:$false + } } } From 49ad7a00c266e86d9cc78118aca8b63c7c7e7cfa Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 11:40:48 +0100 Subject: [PATCH 053/108] dont sync aad dryrun --- .../remote/Delete_Unassigned_Users.ps1 | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index cc492eef49..6c1d6599c3 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -20,14 +20,16 @@ foreach ($user in $users) { } # Force sync with AzureAD. It will still take around 5 minutes for changes to propagate -Write-Output "Synchronising locally Active Directory with Azure" -try { - Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop - Start-ADSyncSyncCycle -PolicyType Delta -} -catch [System.IO.FileNotFoundException] { - Write-Output "Skipping as Azure AD Sync is not installed" -} -catch { - Write-Output "Unable to run Azure Active Directory synchronisation!" +if (!$dryRun){ + Write-Output "Synchronising locally Active Directory with Azure" + try { + Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop + Start-ADSyncSyncCycle -PolicyType Delta + } + catch [System.IO.FileNotFoundException] { + Write-Output "Skipping as Azure AD Sync is not installed" + } + catch { + Write-Output "Unable to run Azure Active Directory synchronisation!" + } } \ No newline at end of file From b76b52abc2e6d4c0296bb1151eb2259b19687752 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 11:41:52 +0100 Subject: [PATCH 054/108] finish prev commit --- deployment/administration/remote/Delete_Unassigned_Users.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index 6c1d6599c3..bd57dc198c 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -20,7 +20,7 @@ foreach ($user in $users) { } # Force sync with AzureAD. It will still take around 5 minutes for changes to propagate -if (!$dryRun){ +if (!($dryRun)){ Write-Output "Synchronising locally Active Directory with Azure" try { Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop From b9258dd31e60dd18da0da9baa0a099a1c5e7e5d8 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 11:52:46 +0100 Subject: [PATCH 055/108] add dryrun param to local script --- deployment/administration/SHM_Delete_Unassigned_Users.ps1 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 index cfaddec63a..5d4e2b049a 100644 --- a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 @@ -1,6 +1,8 @@ param( [Parameter(Mandatory = $true, HelpMessage = "Enter SHM ID (e.g. use 'testa' for Turing Development Safe Haven A)")] - [string]$shmId + [string]$shmId, + [Parameter(Mandatory = $false, HelpMessage = "Shows the users to be deleted without performing deletion")] + [bool]$dryRun ) Import-Module Az.Accounts -ErrorAction Stop @@ -16,10 +18,10 @@ $originalContext = Get-AzContext # Delete users not currently in a security group # ---------------------------------------------- $null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop -Add-LogMessage -Level Info "Deleting users not assigned to any security group: $($config.shm.id) from $($config.dc.vmName)..." +Add-LogMessage -Level Info "EDIT ME: Deleting users not assigned to any security group: $($config.shm.id) from $($config.dc.vmName)..." $script = "remote/Delete_Unassigned_Users.ps1" -$result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg +$result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -Parameter @{"dryRun" = "$dryRun"} $null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file From e4288fe2abe8355bd5cdfa63978d024b12cc4196 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 12:06:15 +0100 Subject: [PATCH 056/108] param isnt string --- deployment/administration/SHM_Delete_Unassigned_Users.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 index 5d4e2b049a..7045d20ab4 100644 --- a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 @@ -22,6 +22,10 @@ Add-LogMessage -Level Info "EDIT ME: Deleting users not assigned to any security $script = "remote/Delete_Unassigned_Users.ps1" -$result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -Parameter @{"dryRun" = "$dryRun"} +$params = @{ + dryRun = $dryRun +} + +$result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -Parameter $params $null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file From fdf93142ae6788c2ef957e372ecdbbf8d0f607c9 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 12:10:57 +0100 Subject: [PATCH 057/108] use dryRun switch --- .../administration/remote/Delete_Unassigned_Users.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index bd57dc198c..730935ef63 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -1,6 +1,6 @@ param( - [Parameter(Mandatory = $false, HelpMessage = "Shows the users to be deleted without performing deletion")] - [bool]$dryRun + [Parameter(Mandatory = $false, HelpMessage = "No-op mode which will not remove anything")] + [Switch]$dryRun ) # Extract list of users @@ -10,7 +10,7 @@ foreach ($user in $users) { $groupName = ($user | Select-Object -ExpandProperty MemberOf | ForEach-Object { (($_ -Split ",")[0] -Split "=")[1] }) -join "|" if (!($groupName)) { $name = $user.SamAccountName - if ($dryRun) { + if ($dryRun.IsPresent) { Write-Output "User $name would be deleted by this action" } else { Write-Output "Deleting $name" @@ -20,7 +20,7 @@ foreach ($user in $users) { } # Force sync with AzureAD. It will still take around 5 minutes for changes to propagate -if (!($dryRun)){ +if (!($dryRun.IsPresent)) { Write-Output "Synchronising locally Active Directory with Azure" try { Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop From 69567531ea780718a87162437927dfce950c0d42 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 12:11:45 +0100 Subject: [PATCH 058/108] use switch for dryrun local --- deployment/administration/SHM_Delete_Unassigned_Users.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 index 7045d20ab4..c3593313e9 100644 --- a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 @@ -1,8 +1,8 @@ param( [Parameter(Mandatory = $true, HelpMessage = "Enter SHM ID (e.g. use 'testa' for Turing Development Safe Haven A)")] [string]$shmId, - [Parameter(Mandatory = $false, HelpMessage = "Shows the users to be deleted without performing deletion")] - [bool]$dryRun + [Parameter(Mandatory = $false, HelpMessage = "No-op mode which will not remove anything")] + [Switch]$dryRun ) Import-Module Az.Accounts -ErrorAction Stop From 6be3be07e5575a6a0ea0758fcaa43b91202831fc Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:42:46 +0000 Subject: [PATCH 059/108] Force MSSQL to trust server certificate --- .../create_databases/scripts/Lockdown_Sql_Server.ps1 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deployment/secure_research_environment/remote/create_databases/scripts/Lockdown_Sql_Server.ps1 b/deployment/secure_research_environment/remote/create_databases/scripts/Lockdown_Sql_Server.ps1 index a47ddba25b..101c9f2f7b 100644 --- a/deployment/secure_research_environment/remote/create_databases/scripts/Lockdown_Sql_Server.ps1 +++ b/deployment/secure_research_environment/remote/create_databases/scripts/Lockdown_Sql_Server.ps1 @@ -107,7 +107,7 @@ if ($operationFailed -Or (-Not $loginExists)) { # Create a DB user for each login group Write-Output "Ensuring that an SQL user exists for '$domainGroup' on: '$serverName'..." $sqlCommand = "IF NOT EXISTS(SELECT * FROM sys.database_principals WHERE name = '$domainGroup') CREATE USER [$domainGroup] FOR LOGIN [$domainGroup];" - Invoke-SqlCmd -ServerInstance $serverInstance -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true + Invoke-SqlCmd -ServerInstance $serverName -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query "$sqlCommand" -TrustServerCertificate -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true if ($? -And -Not $sqlErrorMessage) { Write-Output " [o] Ensured that '$domainGroup' user exists on: '$serverName'" Start-Sleep -s 10 # allow time for the database action to complete @@ -124,7 +124,7 @@ if ($operationFailed -Or (-Not $loginExists)) { foreach ($groupSchemaTuple in @(($DataAdminGroup, "data"), ($ResearchUsersGroup, "dbopublic"))) { $domainGroup, $schemaName = $groupSchemaTuple $sqlCommand = "IF NOT EXISTS (SELECT * FROM sys.schemas WHERE name = N'$schemaName') EXEC('CREATE SCHEMA $schemaName AUTHORIZATION [$domainGroup]');" - Invoke-SqlCmd -ServerInstance $serverInstance -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true + Invoke-SqlCmd -ServerInstance $serverName -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -TrustServerCertificate -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true if ($? -And -Not $sqlErrorMessage) { Write-Output " [o] Successfully ensured that '$schemaName' schema exists on: '$serverName'" Start-Sleep -s 10 # allow time for the database action to complete @@ -154,7 +154,7 @@ if ($operationFailed -Or (-Not $loginExists)) { Write-Output " [x] Role $role not recognised!" continue } - Invoke-SqlCmd -ServerInstance $serverInstance -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true + Invoke-SqlCmd -ServerInstance $serverName -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -TrustServerCertificate -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true if ($? -And -Not $sqlErrorMessage) { Write-Output " [o] Successfully gave '$domainGroup' $role permissions on: '$serverName'" Start-Sleep -s 10 # allow time for the database action to complete @@ -171,7 +171,7 @@ if ($operationFailed -Or (-Not $loginExists)) { # ------------------------------------ Write-Output "Running T-SQL lockdown script on: '$serverName'..." $sqlCommand = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($ServerLockdownCommandB64)) - Invoke-SqlCmd -ServerInstance $serverName -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true + Invoke-SqlCmd -ServerInstance $serverName -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -TrustServerCertificate -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true if ($? -And -Not $sqlErrorMessage) { Write-Output " [o] Successfully ran T-SQL lockdown script on: '$serverName'" } else { @@ -187,7 +187,7 @@ if ($operationFailed -Or (-Not $loginExists)) { $windowsAdmin = "${serverName}\${VmAdminUsername}" Write-Output "Removing database access from $windowsAdmin on: '$serverName'..." $sqlCommand = "DROP USER IF EXISTS [$windowsAdmin]; IF EXISTS(SELECT * FROM master.dbo.syslogins WHERE loginname = '$windowsAdmin') DROP LOGIN [$windowsAdmin]" - Invoke-SqlCmd -ServerInstance $serverInstance -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true + Invoke-SqlCmd -ServerInstance $serverName -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -TrustServerCertificate -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true if ($? -And -Not $sqlErrorMessage) { Write-Output " [o] Successfully removed database access for $windowsAdmin on: '$serverName'" Start-Sleep -s 10 # allow time for the database action to complete @@ -203,7 +203,7 @@ if ($operationFailed -Or (-Not $loginExists)) { # --------------------------------------------------------------------------------- Write-Output "Revoking sysadmin role from $DbAdminUsername on: '$serverName'..." $sqlCommand = "ALTER SERVER ROLE sysadmin DROP MEMBER $DbAdminUsername;" - Invoke-SqlCmd -ServerInstance $serverInstance -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true + Invoke-SqlCmd -ServerInstance $serverName -Credential $sqlAdminCredentials -QueryTimeout $connectionTimeoutInSeconds -Query $sqlCommand -TrustServerCertificate -ErrorAction SilentlyContinue -ErrorVariable sqlErrorMessage -OutputSqlErrors $true if ($? -And -Not $sqlErrorMessage) { Write-Output " [o] Successfully revoked sysadmin role on: '$serverName'" Start-Sleep -s 10 # allow time for the database action to complete From 6909c8c1d1c68c2b3b4da1f8ebd8c3b048d70955 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:45:51 +0000 Subject: [PATCH 060/108] Always try to redeploy existing MSSQL server --- .../secure_research_environment/setup/Setup_SRE_Databases.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/secure_research_environment/setup/Setup_SRE_Databases.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_Databases.ps1 index 0b7fbb2361..c7e8586193 100644 --- a/deployment/secure_research_environment/setup/Setup_SRE_Databases.ps1 +++ b/deployment/secure_research_environment/setup/Setup_SRE_Databases.ps1 @@ -58,7 +58,6 @@ foreach ($databaseCfg in $config.sre.databases.instances) { } } else { Add-LogMessage -Level Warning "Database VM '$($databaseCfg.vmName)' already exists. Use the '-Redeploy' option if you want to remove the existing database and its data and deploy a new one." - continue } } From 663e35765ffea056c4838783f15b4cac0e3b2d05 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 13:36:30 +0100 Subject: [PATCH 061/108] pass remote script string param --- deployment/administration/SHM_Delete_Unassigned_Users.ps1 | 8 +++++--- .../administration/remote/Delete_Unassigned_Users.ps1 | 8 ++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 index c3593313e9..532285d82e 100644 --- a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 @@ -22,10 +22,12 @@ Add-LogMessage -Level Info "EDIT ME: Deleting users not assigned to any security $script = "remote/Delete_Unassigned_Users.ps1" -$params = @{ - dryRun = $dryRun +# Passing a param to a remote script requires it to be a string +if ($dryRun.IsPresent){ + $params = @{dryRun = "yes"} +} else { + $params = @{dryRun = "no"} } - $result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -Parameter $params $null = Set-AzContext -Context $originalContext -ErrorAction Stop \ No newline at end of file diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index 730935ef63..563657a000 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -1,6 +1,6 @@ param( - [Parameter(Mandatory = $false, HelpMessage = "No-op mode which will not remove anything")] - [Switch]$dryRun + [Parameter(Mandatory = $true, HelpMessage = "yes/no determines whether users should actually be deleted")] + [string]$dryRun ) # Extract list of users @@ -10,7 +10,7 @@ foreach ($user in $users) { $groupName = ($user | Select-Object -ExpandProperty MemberOf | ForEach-Object { (($_ -Split ",")[0] -Split "=")[1] }) -join "|" if (!($groupName)) { $name = $user.SamAccountName - if ($dryRun.IsPresent) { + if ($dryRun -eq "yes") { Write-Output "User $name would be deleted by this action" } else { Write-Output "Deleting $name" @@ -20,7 +20,7 @@ foreach ($user in $users) { } # Force sync with AzureAD. It will still take around 5 minutes for changes to propagate -if (!($dryRun.IsPresent)) { +if ($dryRun -eq "no") { Write-Output "Synchronising locally Active Directory with Azure" try { Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop From f9e8a3cb7469ff487513f93a10e4f72ba6d61b6a Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 13:45:11 +0100 Subject: [PATCH 062/108] change message for dry run --- deployment/administration/SHM_Delete_Unassigned_Users.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 index 532285d82e..34df4a08e3 100644 --- a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 @@ -18,14 +18,14 @@ $originalContext = Get-AzContext # Delete users not currently in a security group # ---------------------------------------------- $null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop -Add-LogMessage -Level Info "EDIT ME: Deleting users not assigned to any security group: $($config.shm.id) from $($config.dc.vmName)..." - $script = "remote/Delete_Unassigned_Users.ps1" # Passing a param to a remote script requires it to be a string if ($dryRun.IsPresent){ - $params = @{dryRun = "yes"} + Add-LogMessage -Level Info "Listing users not assigned to any security group from $($config.dc.vmName)..." + $params = @{dryRun = "yes" } } else { + Add-LogMessage -Level Info "Deleting users not assigned to any security group from $($config.dc.vmName)..." $params = @{dryRun = "no"} } $result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -Parameter $params From c5966141be3050a281536dca3cc4c7f505e0e629 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 13:58:56 +0100 Subject: [PATCH 063/108] add documentation --- docs/source/roles/system_manager/manage_users.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md index 7c832132ff..883db30e0f 100644 --- a/docs/source/roles/system_manager/manage_users.md +++ b/docs/source/roles/system_manager/manage_users.md @@ -137,6 +137,14 @@ The `DC1` is the source of truth for user details. If these details need to be c - Click on `Users` under `Manage` and search for the user - Confirm the user is no longer present +### {{x}} Automatically deleting all usassigned users + +In some situations, such as at the end of a project after an SRE has been torn down, you may want to remove all users from the SHM who are not assigned to the security group of any remaining attached SREs. + +- Ensure you have the same version of the Data Safe Haven repository as was used by your deployment team +- Open a `Powershell` terminal and navigate to the `deployment/administration` directory within the Data Safe Haven repository +- Run `./SHM_Delete_Unassigned_Users.ps1 -shmId ` (use the `-dryRun` flag to see who would get deleted with out performing the deletion) + ## {{calling}} Assign MFA licences ### {{hand}} Manually add licence to each user From d8e42fa14e09cd7787e8d380322f23d9b5c9217a Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 29 Aug 2023 16:11:27 +0100 Subject: [PATCH 064/108] pass pester tests --- deployment/administration/SHM_Delete_Unassigned_Users.ps1 | 4 ++-- .../administration/remote/Delete_Unassigned_Users.ps1 | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 index 34df4a08e3..c09cd6c7be 100644 --- a/deployment/administration/SHM_Delete_Unassigned_Users.ps1 +++ b/deployment/administration/SHM_Delete_Unassigned_Users.ps1 @@ -21,12 +21,12 @@ $null = Set-AzContext -SubscriptionId $config.subscriptionName -ErrorAction Stop $script = "remote/Delete_Unassigned_Users.ps1" # Passing a param to a remote script requires it to be a string -if ($dryRun.IsPresent){ +if ($dryRun.IsPresent) { Add-LogMessage -Level Info "Listing users not assigned to any security group from $($config.dc.vmName)..." $params = @{dryRun = "yes" } } else { Add-LogMessage -Level Info "Deleting users not assigned to any security group from $($config.dc.vmName)..." - $params = @{dryRun = "no"} + $params = @{dryRun = "no" } } $result = Invoke-RemoteScript -Shell "PowerShell" -ScriptPath $script -VMName $config.dc.vmName -ResourceGroupName $config.dc.rg -Parameter $params diff --git a/deployment/administration/remote/Delete_Unassigned_Users.ps1 b/deployment/administration/remote/Delete_Unassigned_Users.ps1 index 563657a000..c154d5a012 100644 --- a/deployment/administration/remote/Delete_Unassigned_Users.ps1 +++ b/deployment/administration/remote/Delete_Unassigned_Users.ps1 @@ -25,11 +25,9 @@ if ($dryRun -eq "no") { try { Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -ErrorAction Stop Start-ADSyncSyncCycle -PolicyType Delta - } - catch [System.IO.FileNotFoundException] { + } catch [System.IO.FileNotFoundException] { Write-Output "Skipping as Azure AD Sync is not installed" - } - catch { + } catch { Write-Output "Unable to run Azure Active Directory synchronisation!" } } \ No newline at end of file From c677c2d05593ac55a8a22032eae0dae688f18012 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 30 Aug 2023 08:52:17 +0000 Subject: [PATCH 065/108] Update CRAN packagelists to include arrow --- .../secure_research_desktop/packages/packages-r-cran.list | 1 + .../package_lists/allowlist-core-r-cran-tier3.list | 1 + .../package_lists/allowlist-extra-r-cran-tier3.list | 1 - .../package_lists/allowlist-full-r-cran-tier3.list | 3 +++ 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/deployment/secure_research_desktop/packages/packages-r-cran.list b/deployment/secure_research_desktop/packages/packages-r-cran.list index 0c716553bb..7cf7e374a6 100644 --- a/deployment/secure_research_desktop/packages/packages-r-cran.list +++ b/deployment/secure_research_desktop/packages/packages-r-cran.list @@ -1,3 +1,4 @@ +arrow BiocManager caret csv diff --git a/environment_configs/package_lists/allowlist-core-r-cran-tier3.list b/environment_configs/package_lists/allowlist-core-r-cran-tier3.list index 23977ee481..7fc527f500 100644 --- a/environment_configs/package_lists/allowlist-core-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-core-r-cran-tier3.list @@ -1,3 +1,4 @@ +arrow BiocManager car caret diff --git a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list index e2dc7471c2..e69de29bb2 100644 --- a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list @@ -1 +0,0 @@ -arrow diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list index 9e12103115..7e629c72b2 100644 --- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list @@ -91,6 +91,7 @@ DBI dbplyr ddalpha debugme +decor deldir DEoptimR desc @@ -105,6 +106,7 @@ diffobj digest dimRed distributional +distro doMC doParallel dotCall64 @@ -114,6 +116,7 @@ dplyr DRR DT dtplyr +duckdb dygraphs e1071 ellipsis From 481ad4097acca92fe6e8e0c5ab25b8c84659558e Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 30 Aug 2023 09:06:03 +0000 Subject: [PATCH 066/108] Fix filepath of SRD build summary script in docs --- docs/source/deployment/build_srd_image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/deployment/build_srd_image.md b/docs/source/deployment/build_srd_image.md index 55e4e769e5..9482988160 100644 --- a/docs/source/deployment/build_srd_image.md +++ b/docs/source/deployment/build_srd_image.md @@ -108,7 +108,7 @@ PS> ./Provision_Compute_VM.ps1 -shmId ```{note} - Although the `./Provision_Compute_VM.ps1` script will finish running in a few minutes, the build itself will take several hours. -- We recommend **monitoring** the build by accessing the machine using `ssh` (the ssh info should be printed at the end of the Provision_Compute_VM.ps1 script) and either reading through the full build log at `/var/log/cloud-init-output.log` or running the summary script using `/opt/verification/analyse_build.py`. +- We recommend **monitoring** the build by accessing the machine using `ssh` (the ssh info should be printed at the end of the Provision_Compute_VM.ps1 script) and either reading through the full build log at `/var/log/cloud-init-output.log` or running the summary script using `/opt/monitoring/analyse_build.py`. - **NB.** You will need to connect from an approved administrator IP address - **NB.** the VM will automatically shutdown at the end of the cloud-init process - if you want to analyse the build after this point, you will need to turn it back on in the `Azure` portal. ``` From c385aa7e46fd20aabb30fdcd3ee6495fe4ae6dc4 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 30 Aug 2023 09:06:34 +0000 Subject: [PATCH 067/108] Increase MSRDS deprecation warning version number --- docs/source/deployment/deploy_sre_microsoft_rds.md | 2 +- docs/source/roles/researcher/user_guide_msrds.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/deployment/deploy_sre_microsoft_rds.md b/docs/source/deployment/deploy_sre_microsoft_rds.md index 40a2035c3a..a850afe52a 100644 --- a/docs/source/deployment/deploy_sre_microsoft_rds.md +++ b/docs/source/deployment/deploy_sre_microsoft_rds.md @@ -3,7 +3,7 @@ # Deploy an SRE with Microsoft RDS ```{warning} -Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.1.0` of the Data Safe Haven. +Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.2.0` of the Data Safe Haven. ``` These instructions will walk you through deploying a Secure Research Environment (SRE) that uses an existing Safe Haven Management (SHM) environment. diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md index 67d76c6270..263bf56650 100644 --- a/docs/source/roles/researcher/user_guide_msrds.md +++ b/docs/source/roles/researcher/user_guide_msrds.md @@ -3,7 +3,7 @@ # User Guide: Microsoft Remote Desktop ```{warning} -Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.1.0` of the Data Safe Haven. +Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.2.0` of the Data Safe Haven. ``` ## {{beginner}} Introduction From 413a9800d54df0314c5802146f3614e2ab1755d8 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 30 Aug 2023 09:13:17 +0000 Subject: [PATCH 068/108] Add cocalc deprecation warning --- docs/source/roles/researcher/snippets/06_cocalc.partial.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/roles/researcher/snippets/06_cocalc.partial.md b/docs/source/roles/researcher/snippets/06_cocalc.partial.md index 7940aa7f2b..79b9af5b2b 100644 --- a/docs/source/roles/researcher/snippets/06_cocalc.partial.md +++ b/docs/source/roles/researcher/snippets/06_cocalc.partial.md @@ -1,5 +1,9 @@ ## {{couple}} Collaborate on code using CoCalc +```{warning} +Support for `CoCalc` is deprecated. Deployment scripts and related documentation will be removed in version `4.2.0` of the Data Safe Haven. +``` + `CoCalc` is a collaborative calculation and data science environment. It lets you work with others on projects, using `Jupyter`, `LaTeX`, `Octave`, `Python` or `R` in collaborative notebooks. From 470128189323c430d677eddf09b7e37d68304836 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 30 Aug 2023 10:16:13 +0000 Subject: [PATCH 069/108] add ssl certificate step to guac deployment docs --- .../deployment/deploy_sre_apache_guacamole.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/docs/source/deployment/deploy_sre_apache_guacamole.md b/docs/source/deployment/deploy_sre_apache_guacamole.md index 9f5f69533e..94403084fc 100644 --- a/docs/source/deployment/deploy_sre_apache_guacamole.md +++ b/docs/source/deployment/deploy_sre_apache_guacamole.md @@ -105,6 +105,42 @@ PS> ./Setup_SRE_Guacamole_Servers.ps1 -shmId -sreId +

+Update SSL certificate + +![Powershell: five minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=five%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` + +```powershell +PS> ./Update_SRE_SSL_Certificate.ps1 -shmId -sreId +``` + +- where `` is the {ref}`management environment ID ` for this SHM +- where `` is the {ref}`secure research environment ID ` for this SRE +- where `` is an email address that you want to be notified when certificates are close to expiry + +```{tip} +`./Update_SRE_RDS_SSL_Certificate.ps1` should be run again whenever you want to update the certificate for this SRE. +``` + +```{caution} +`Let's Encrypt` will only issue **5 certificates per week** for a particular host (e.g. `rdg-sre-sandbox.project.turingsafehaven.ac.uk`). +To reduce the number of calls to `Let's Encrypt`, the signed certificates are stored in the Key Vault for easy redeployment. +For production environments this should usually not be an issue. +``` + +````{important} +If you find yourself frequently redeploying a test environment and hit the `Let's Encrypt` certificate limit, you can can use: + +```powershell +> ./Update_SRE_RDS_SSL_Certificate.ps1 -dryRun $true +``` + +to use the `Let's Encrypt` staging server, which will issue certificates more frequently. +These certificates will **not** be trusted by your browser, and so should not be used in production. +```` + +
+
Deploy web applications (CoCalc, CodiMD and GitLab) From 09d9c1be07166a7bf808953a857e4d5eb8430af7 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 30 Aug 2023 10:16:26 +0000 Subject: [PATCH 070/108] update dockerfile to 7.3.6 --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 85ab92fd66..4a852d8499 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ # Set package versions ARG AZURE_CLI_VERSION="2.42.0" -ARG PWSH_VERSION="7.3.2" +ARG PWSH_VERSION="7.3.6" # Set up TARGETARCH variable to use to pull the right binaries for the current architecture. ARG TARGETARCH From 75ae395cfed35581f0d7d1f3c1f1abc433cda5a0 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 30 Aug 2023 10:57:10 +0000 Subject: [PATCH 071/108] Update core configs with new vm image --- environment_configs/sre_greent2msrds_core_config.json | 2 +- environment_configs/sre_greent3guac_core_config.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/environment_configs/sre_greent2msrds_core_config.json b/environment_configs/sre_greent2msrds_core_config.json index 20c6912ec9..b5ae22cd47 100644 --- a/environment_configs/sre_greent2msrds_core_config.json +++ b/environment_configs/sre_greent2msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent3guac_core_config.json b/environment_configs/sre_greent3guac_core_config.json index 95f59302f5..a3c0c4c57e 100644 --- a/environment_configs/sre_greent3guac_core_config.json +++ b/environment_configs/sre_greent3guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.240"], From 00b03c5c09213ecbbd1f66c8f00c5e52904d4a3b Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Thu, 31 Aug 2023 12:57:19 +0000 Subject: [PATCH 072/108] Update supported Powershell version --- deployment/CheckRequirements.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/CheckRequirements.ps1 b/deployment/CheckRequirements.ps1 index 740f081581..6fad3f01c4 100644 --- a/deployment/CheckRequirements.ps1 +++ b/deployment/CheckRequirements.ps1 @@ -8,7 +8,7 @@ param ( Import-Module $PSScriptRoot/common/Logging -Force -ErrorAction Stop # Requirements -$PowershellSupportedVersion = "7.3.2" +$PowershellSupportedVersion = "7.3.6" $ModuleVersionRequired = @{ "Az.Accounts" = @("ge", "2.11.1") "Az.Automation" = @("ge", "1.9.0") From 782d4da7c5e875e6e3cba7a4fe9b98542043f8a0 Mon Sep 17 00:00:00 2001 From: JimMadge Date: Fri, 1 Sep 2023 00:23:01 +0000 Subject: [PATCH 073/108] Update PyPI and CRAN allow lists --- .../package_lists/allowlist-full-python-pypi-tier3.list | 6 ------ 1 file changed, 6 deletions(-) diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list index 0bfe16e893..a55d0c20fc 100644 --- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list +++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list @@ -28,7 +28,6 @@ arviz asn1crypto astor astroid -astropy asttokens astunparse async_generator @@ -105,7 +104,6 @@ comm commonmark confection configparser -confuse conllu cons constantly @@ -248,7 +246,6 @@ ipaddress ipykernel ipython ipython_genutils -ipywidgets isort itsdangerous Janome @@ -280,7 +277,6 @@ jupyterlab jupyterlab-launcher jupyterlab-pygments jupyterlab-server -jupyterlab-widgets keras Keras-Applications keras-nightly @@ -458,7 +454,6 @@ pycurl pydantic pydantic-core pydot -pyerfa pyflakes pyFUME Pygments @@ -684,7 +679,6 @@ webencodings websocket-client Werkzeug wheel -widgetsnbextension Wikipedia-API win_unicode_console win32-setctime From 6da0be2a97cea4d37fd27f39404b65b0594dce4e Mon Sep 17 00:00:00 2001 From: JimMadge Date: Fri, 1 Sep 2023 10:13:49 +0000 Subject: [PATCH 074/108] Update SRD package versions --- .../secure_research_desktop/packages/deb-rstudio-focal.version | 2 +- .../secure_research_desktop/packages/deb-rstudio-jammy.version | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-focal.version b/deployment/secure_research_desktop/packages/deb-rstudio-focal.version index 7bd5475442..6f11a52f50 100644 --- a/deployment/secure_research_desktop/packages/deb-rstudio-focal.version +++ b/deployment/secure_research_desktop/packages/deb-rstudio-focal.version @@ -1,4 +1,4 @@ -hash: 9bedd474cc4060b5167c0a3d8e644249a90594da9005c4909aca1cdec58840fc +hash: 981fcbb30d5dea283188fcef1a9cdf177bb51b83884a63fd3c9c224d1486b01e version: 2023.06.2-561 debfile: rstudio-|VERSION|-amd64.deb remote: https://download1.rstudio.org/electron/focal/amd64/|DEBFILE| diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version index 3525b57eb5..69b2e3336a 100644 --- a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version +++ b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version @@ -1,4 +1,4 @@ -hash: 2ae36a768da9348426cf299347e5a712f6969438268ff3db246efd8c0d4aa7e3 +hash: bb6b3c21510abb18fd6e697567d7ff3d4135bf7980cf25536753e9ceac60c82c version: 2023.06.2-561 debfile: rstudio-|VERSION|-amd64.deb remote: https://download1.rstudio.org/electron/jammy/amd64/|DEBFILE| From 067d75c7d24da46d4ca6a21dd18126ec73fd9cb7 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Fri, 1 Sep 2023 12:04:11 +0000 Subject: [PATCH 075/108] Fix typo --- docs/source/deployment/security_checklist.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/deployment/security_checklist.md b/docs/source/deployment/security_checklist.md index f8dcc553c6..07e9339f2e 100644 --- a/docs/source/deployment/security_checklist.md +++ b/docs/source/deployment/security_checklist.md @@ -687,7 +687,7 @@ To test all the above, you will need to act both as the {ref}`role_system_manage ``` ```{attention} -{{white_check_mark}} **Verify that:** software uploaded to the by a non-admin can be read by administrators +{{white_check_mark}} **Verify that:** software uploaded by a non-admin can be read by administrators ``` ```{attention} From 51e35ac251cc35b887fe45ef8210061d46e707d8 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Fri, 1 Sep 2023 12:04:36 +0000 Subject: [PATCH 076/108] Update text to reflect changes in Portal --- docs/source/roles/system_manager/manage_data.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/source/roles/system_manager/manage_data.md b/docs/source/roles/system_manager/manage_data.md index e517821476..9ebd6013d3 100644 --- a/docs/source/roles/system_manager/manage_data.md +++ b/docs/source/roles/system_manager/manage_data.md @@ -23,7 +23,7 @@ The following steps show how to generate a temporary write-only upload token tha - Click `Networking` under `Settings` and paste the data provider's IP address as one of those allowed under the `Firewall` header, then hit the save icon in the top left - From the `Overview` tab, click the link to `Containers` (in the middle of the page) - Click `ingress` -- Click `Shared access signature` under `Settings` and do the following: +- Click `Shared access tokens` under `Settings` and do the following: - Under `Permissions`, check these boxes: - `Write` - `List` @@ -70,7 +70,7 @@ The {ref}`role_system_manager` creates a time-limited and IP restricted link to - Ensure that the IP address of the person to receive the outputs is listed and enter it if not - Click `Containers` under `Data storage` - Click `egress` -- Click `Shared access signature` under `Settings` and do the following: +- Click `Shared access tokens` under `Settings` and do the following: - Under `Permissions`, check these boxes: - `Read` - `List` From 0c1597abf7affd7baf9b91ab1f5624208fd31b64 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Fri, 1 Sep 2023 12:10:23 +0000 Subject: [PATCH 077/108] Add warning to useonly phone call auth with MSRDS --- docs/source/roles/researcher/snippets/13_MFA.partial.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/roles/researcher/snippets/13_MFA.partial.md b/docs/source/roles/researcher/snippets/13_MFA.partial.md index bc4812d709..2af52825b3 100644 --- a/docs/source/roles/researcher/snippets/13_MFA.partial.md +++ b/docs/source/roles/researcher/snippets/13_MFA.partial.md @@ -147,6 +147,10 @@ This is known as multi-factor authentication (MFA). #### {{iphone}} Authenticator app registration +```{warning} +If the SRE you are using will use the Microsoft Remote Desktop interface, do not attempt to use the Authenticator app. At present, only phone call identification works correctly with MS RDS. If you have both the Authenticator and phone call set up as methods, select phone call as the default when intending to use the MS RDS interface. +``` + - If you want to use the Microsoft Authenticator app for MFA (which will work if you have wifi but no phone signal) then click on `+ Add sign-in method` and select `Authenticator app` ```{image} user_guide/account_setup_mfa_add_authenticator_app.png From 5d3717f7e2e1c145a0f2f24f9645e6038cfd0d60 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Fri, 1 Sep 2023 12:12:02 +0000 Subject: [PATCH 078/108] Add warning about MS RDS auth method --- docs/source/deployment/deploy_sre_microsoft_rds.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/source/deployment/deploy_sre_microsoft_rds.md b/docs/source/deployment/deploy_sre_microsoft_rds.md index a850afe52a..3ea0cd14e2 100644 --- a/docs/source/deployment/deploy_sre_microsoft_rds.md +++ b/docs/source/deployment/deploy_sre_microsoft_rds.md @@ -211,6 +211,10 @@ These certificates will **not** be trusted by your browser, and so should not be To complete the account setup, follow the instructions for password and MFA setup present in the {ref}`user guide `. +```{warning} +At present, only phone call identification works correctly with MS RDS. Do not attempt to use the Authenticator app. If you have both the Authenticator and phone call set up as authentication methods, select phone call as the default when intending to use the MS RDS interface. +``` + ### {{nut_and_bolt}} Test the Microsoft RDS remote desktop - Launch a local web browser on your **deployment machine** and go to `https://.` and log in with the user name and password you set up for the non-privileged user account. From 3eadac7c83dc995f9f7d4b3b69f1849d5d3cbe23 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Fri, 1 Sep 2023 13:47:53 +0000 Subject: [PATCH 079/108] Update core configs to use latest SRD image --- environment_configs/sre_bluet1guac_core_config.json | 2 +- environment_configs/sre_bluet2guac_core_config.json | 2 +- environment_configs/sre_bluet2msrds_core_config.json | 2 +- environment_configs/sre_bluet3guac_core_config.json | 2 +- environment_configs/sre_bluet3msrds_core_config.json | 2 +- environment_configs/sre_greent1guac_core_config.json | 2 +- environment_configs/sre_greent2guac_core_config.json | 2 +- environment_configs/sre_greent3msrds_core_config.json | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/environment_configs/sre_bluet1guac_core_config.json b/environment_configs/sre_bluet1guac_core_config.json index 2454eb73e8..365ae14a8c 100644 --- a/environment_configs/sre_bluet1guac_core_config.json +++ b/environment_configs/sre_bluet1guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet2guac_core_config.json b/environment_configs/sre_bluet2guac_core_config.json index 2ada45f6ec..15d96d2cda 100644 --- a/environment_configs/sre_bluet2guac_core_config.json +++ b/environment_configs/sre_bluet2guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet2msrds_core_config.json b/environment_configs/sre_bluet2msrds_core_config.json index 13e8a4e218..f5174dc929 100644 --- a/environment_configs/sre_bluet2msrds_core_config.json +++ b/environment_configs/sre_bluet2msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet3guac_core_config.json b/environment_configs/sre_bluet3guac_core_config.json index c14e6af1f0..eff5d1e24c 100644 --- a/environment_configs/sre_bluet3guac_core_config.json +++ b/environment_configs/sre_bluet3guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_bluet3msrds_core_config.json b/environment_configs/sre_bluet3msrds_core_config.json index c83c0833ab..56381578db 100644 --- a/environment_configs/sre_bluet3msrds_core_config.json +++ b/environment_configs/sre_bluet3msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_greent1guac_core_config.json b/environment_configs/sre_greent1guac_core_config.json index e78af97072..10cad425c3 100644 --- a/environment_configs/sre_greent1guac_core_config.json +++ b/environment_configs/sre_greent1guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent2guac_core_config.json b/environment_configs/sre_greent2guac_core_config.json index f0e726431c..091a74e605 100644 --- a/environment_configs/sre_greent2guac_core_config.json +++ b/environment_configs/sre_greent2guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent3msrds_core_config.json b/environment_configs/sre_greent3msrds_core_config.json index 1cd114f919..118e24da48 100644 --- a/environment_configs/sre_greent3msrds_core_config.json +++ b/environment_configs/sre_greent3msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.240"], From b0a95b982d8cddc213125069a9a5ac3503869a4d Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Fri, 1 Sep 2023 13:58:37 +0000 Subject: [PATCH 080/108] Update pester test config files --- tests/resources/shm_blue_full_config.json | 7 +++ tests/resources/shm_green_full_config.json | 7 +++ .../resources/sre_bluet1guac_full_config.json | 45 +++++++++++-------- .../sre_bluet3msrds_full_config.json | 45 +++++++++++-------- .../sre_greent2guac_full_config.json | 45 +++++++++++-------- 5 files changed, 92 insertions(+), 57 deletions(-) diff --git a/tests/resources/shm_blue_full_config.json b/tests/resources/shm_blue_full_config.json index ddc78b8f59..7172383965 100644 --- a/tests/resources/shm_blue_full_config.json +++ b/tests/resources/shm_blue_full_config.json @@ -150,6 +150,13 @@ "217.196.149.55", "91.189.91.38", "91.189.91.39", + "91.189.91.48", + "91.189.91.49", + "91.189.91.81", + "91.189.91.82", + "91.189.91.83", + "185.125.190.17", + "185.125.190.18", "185.125.190.36", "185.125.190.39", "103.21.244.0/22", diff --git a/tests/resources/shm_green_full_config.json b/tests/resources/shm_green_full_config.json index d47cd3edb8..65ba0efadf 100644 --- a/tests/resources/shm_green_full_config.json +++ b/tests/resources/shm_green_full_config.json @@ -150,6 +150,13 @@ "217.196.149.55", "91.189.91.38", "91.189.91.39", + "91.189.91.48", + "91.189.91.49", + "91.189.91.81", + "91.189.91.82", + "91.189.91.83", + "185.125.190.17", + "185.125.190.18", "185.125.190.36", "185.125.190.39", "103.21.244.0/22", diff --git a/tests/resources/sre_bluet1guac_full_config.json b/tests/resources/sre_bluet1guac_full_config.json index 24f1f18747..61e843d6b0 100644 --- a/tests/resources/sre_bluet1guac_full_config.json +++ b/tests/resources/sre_bluet1guac_full_config.json @@ -151,6 +151,13 @@ "217.196.149.55", "91.189.91.38", "91.189.91.39", + "91.189.91.48", + "91.189.91.49", + "91.189.91.81", + "91.189.91.82", + "91.189.91.83", + "185.125.190.17", + "185.125.190.18", "185.125.190.36", "185.125.190.39", "103.21.244.0/22", @@ -1111,15 +1118,8 @@ "instances": [ { "adminPasswordSecretName": "sre-t1guac-vm-admin-password-mssql", - "dbAdminUsernameSecretName": "sre-t1guac-db-admin-username-mssql", "dbAdminPasswordSecretName": "sre-t1guac-db-admin-password-mssql", - "vmName": "MSSQL-T1GUAC", - "type": "MSSQL", - "ip": "10.151.3.4", - "port": "1433", - "sku": "sqldev-gen2", - "subnet": "databases", - "vmSize": "Standard_DS2_v2", + "dbAdminUsernameSecretName": "sre-t1guac-db-admin-username-mssql", "disks": { "data": { "sizeGb": "1024", @@ -1130,19 +1130,19 @@ "type": "Standard_LRS" } }, - "enableSSIS": true + "enableSSIS": true, + "ip": "10.151.3.4", + "port": "1433", + "sku": "sqldev-gen2", + "subnet": "databases", + "type": "MSSQL", + "vmName": "MSSQL-T1GUAC", + "vmSize": "Standard_DS2_v2" }, { "adminPasswordSecretName": "sre-t1guac-vm-admin-password-postgresql", - "dbAdminUsernameSecretName": "sre-t1guac-db-admin-username-postgresql", "dbAdminPasswordSecretName": "sre-t1guac-db-admin-password-postgresql", - "vmName": "PSTGRS-T1GUAC", - "type": "PostgreSQL", - "ip": "10.151.3.5", - "port": "5432", - "sku": "Ubuntu-latest", - "subnet": "databases", - "vmSize": "Standard_DS2_v2", + "dbAdminUsernameSecretName": "sre-t1guac-db-admin-username-postgresql", "disks": { "data": { "sizeGb": "1024", @@ -1152,7 +1152,14 @@ "sizeGb": "128", "type": "Standard_LRS" } - } + }, + "ip": "10.151.3.5", + "port": "5432", + "sku": "Ubuntu-latest", + "subnet": "databases", + "type": "PostgreSQL", + "vmName": "PSTGRS-T1GUAC", + "vmSize": "Standard_DS2_v2" } ], "rg": "RG_SHM_BLUE_SRE_T1GUAC_DATABASES" @@ -1302,7 +1309,7 @@ "rg": "RG_SHM_BLUE_SRE_T1GUAC_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "vmSizeDefault": "Standard_D2s_v3" }, diff --git a/tests/resources/sre_bluet3msrds_full_config.json b/tests/resources/sre_bluet3msrds_full_config.json index 1a59d3b537..44c1673fb3 100644 --- a/tests/resources/sre_bluet3msrds_full_config.json +++ b/tests/resources/sre_bluet3msrds_full_config.json @@ -151,6 +151,13 @@ "217.196.149.55", "91.189.91.38", "91.189.91.39", + "91.189.91.48", + "91.189.91.49", + "91.189.91.81", + "91.189.91.82", + "91.189.91.83", + "185.125.190.17", + "185.125.190.18", "185.125.190.36", "185.125.190.39", "103.21.244.0/22", @@ -1111,15 +1118,8 @@ "instances": [ { "adminPasswordSecretName": "sre-t3msrds-vm-admin-password-mssql", - "dbAdminUsernameSecretName": "sre-t3msrds-db-admin-username-mssql", "dbAdminPasswordSecretName": "sre-t3msrds-db-admin-password-mssql", - "vmName": "MSSQL-T3MSRDS", - "type": "MSSQL", - "ip": "10.163.3.4", - "port": "1433", - "sku": "sqldev-gen2", - "subnet": "databases", - "vmSize": "Standard_DS2_v2", + "dbAdminUsernameSecretName": "sre-t3msrds-db-admin-username-mssql", "disks": { "data": { "sizeGb": "1024", @@ -1130,19 +1130,19 @@ "type": "Standard_LRS" } }, - "enableSSIS": true + "enableSSIS": true, + "ip": "10.163.3.4", + "port": "1433", + "sku": "sqldev-gen2", + "subnet": "databases", + "type": "MSSQL", + "vmName": "MSSQL-T3MSRDS", + "vmSize": "Standard_DS2_v2" }, { "adminPasswordSecretName": "sre-t3msrds-vm-admin-password-postgresql", - "dbAdminUsernameSecretName": "sre-t3msrds-db-admin-username-postgresql", "dbAdminPasswordSecretName": "sre-t3msrds-db-admin-password-postgresql", - "vmName": "PSTGRS-T3MSRDS", - "type": "PostgreSQL", - "ip": "10.163.3.5", - "port": "5432", - "sku": "Ubuntu-latest", - "subnet": "databases", - "vmSize": "Standard_DS2_v2", + "dbAdminUsernameSecretName": "sre-t3msrds-db-admin-username-postgresql", "disks": { "data": { "sizeGb": "1024", @@ -1152,7 +1152,14 @@ "sizeGb": "128", "type": "Standard_LRS" } - } + }, + "ip": "10.163.3.5", + "port": "5432", + "sku": "Ubuntu-latest", + "subnet": "databases", + "type": "PostgreSQL", + "vmName": "PSTGRS-T3MSRDS", + "vmSize": "Standard_DS2_v2" } ], "rg": "RG_SHM_BLUE_SRE_T3MSRDS_DATABASES" @@ -1324,7 +1331,7 @@ "rg": "RG_SHM_BLUE_SRE_T3MSRDS_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "vmSizeDefault": "Standard_D2s_v3" }, diff --git a/tests/resources/sre_greent2guac_full_config.json b/tests/resources/sre_greent2guac_full_config.json index ca318c0553..73ca82eae5 100644 --- a/tests/resources/sre_greent2guac_full_config.json +++ b/tests/resources/sre_greent2guac_full_config.json @@ -151,6 +151,13 @@ "217.196.149.55", "91.189.91.38", "91.189.91.39", + "91.189.91.48", + "91.189.91.49", + "91.189.91.81", + "91.189.91.82", + "91.189.91.83", + "185.125.190.17", + "185.125.190.18", "185.125.190.36", "185.125.190.39", "103.21.244.0/22", @@ -1164,15 +1171,8 @@ "instances": [ { "adminPasswordSecretName": "sre-t2guac-vm-admin-password-mssql", - "dbAdminUsernameSecretName": "sre-t2guac-db-admin-username-mssql", "dbAdminPasswordSecretName": "sre-t2guac-db-admin-password-mssql", - "vmName": "MSSQL-T2GUAC", - "type": "MSSQL", - "ip": "10.152.3.4", - "port": "1433", - "sku": "sqldev-gen2", - "subnet": "databases", - "vmSize": "Standard_DS2_v2", + "dbAdminUsernameSecretName": "sre-t2guac-db-admin-username-mssql", "disks": { "data": { "sizeGb": "1024", @@ -1183,19 +1183,19 @@ "type": "Standard_LRS" } }, - "enableSSIS": true + "enableSSIS": true, + "ip": "10.152.3.4", + "port": "1433", + "sku": "sqldev-gen2", + "subnet": "databases", + "type": "MSSQL", + "vmName": "MSSQL-T2GUAC", + "vmSize": "Standard_DS2_v2" }, { "adminPasswordSecretName": "sre-t2guac-vm-admin-password-postgresql", - "dbAdminUsernameSecretName": "sre-t2guac-db-admin-username-postgresql", "dbAdminPasswordSecretName": "sre-t2guac-db-admin-password-postgresql", - "vmName": "PSTGRS-T2GUAC", - "type": "PostgreSQL", - "ip": "10.152.3.5", - "port": "5432", - "sku": "Ubuntu-latest", - "subnet": "databases", - "vmSize": "Standard_DS2_v2", + "dbAdminUsernameSecretName": "sre-t2guac-db-admin-username-postgresql", "disks": { "data": { "sizeGb": "1024", @@ -1205,7 +1205,14 @@ "sizeGb": "128", "type": "Standard_LRS" } - } + }, + "ip": "10.152.3.5", + "port": "5432", + "sku": "Ubuntu-latest", + "subnet": "databases", + "type": "PostgreSQL", + "vmName": "PSTGRS-T2GUAC", + "vmSize": "Standard_DS2_v2" } ], "rg": "RG_SHM_GREEN_SRE_T2GUAC_DATABASES" @@ -1355,7 +1362,7 @@ "rg": "RG_SHM_GREEN_SRE_T2GUAC_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2023031401" + "version": "20.04.2023082900" }, "vmSizeDefault": "Standard_D2s_v3" }, From 3f04b76d72472e1f670bc47c8747f84e654cede9 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 11 Sep 2023 10:03:17 +0100 Subject: [PATCH 081/108] Update docs/source/roles/system_manager/manage_users.md Co-authored-by: James Robinson --- docs/source/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md index 883db30e0f..c83a2c80f3 100644 --- a/docs/source/roles/system_manager/manage_users.md +++ b/docs/source/roles/system_manager/manage_users.md @@ -137,7 +137,7 @@ The `DC1` is the source of truth for user details. If these details need to be c - Click on `Users` under `Manage` and search for the user - Confirm the user is no longer present -### {{x}} Automatically deleting all usassigned users +### {{x}} Automatically deleting all unassigned users In some situations, such as at the end of a project after an SRE has been torn down, you may want to remove all users from the SHM who are not assigned to the security group of any remaining attached SREs. From 656bd1420d47d160996205de73b7880bc6573840 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 11 Sep 2023 11:30:19 +0000 Subject: [PATCH 082/108] Finalise merge docs from latest into develop --- docs/source/deployment/deploy_sre.md | 35 ++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/docs/source/deployment/deploy_sre.md b/docs/source/deployment/deploy_sre.md index e5c5353b42..fe95d4b391 100644 --- a/docs/source/deployment/deploy_sre.md +++ b/docs/source/deployment/deploy_sre.md @@ -105,6 +105,41 @@ PS> ./Setup_SRE_Guacamole_Servers.ps1 -shmId -sreId
+
+Update SSL certificate + +![Powershell: five minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=five%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` + +```powershell +PS> ./Update_SRE_SSL_Certificate.ps1 -shmId -sreId +``` + +- where `` is the {ref}`management environment ID ` for this SHM +- where `` is the {ref}`secure research environment ID ` for this SRE +- where `` is an email address that you want to be notified when certificates are close to expiry + +```{tip} +`./Update_SRE_RDS_SSL_Certificate.ps1` should be run again whenever you want to update the certificate for this SRE. +``` + +```{caution} +`Let's Encrypt` will only issue **5 certificates per week** for a particular host (e.g. `rdg-sre-sandbox.project.turingsafehaven.ac.uk`). +To reduce the number of calls to `Let's Encrypt`, the signed certificates are stored in the Key Vault for easy redeployment. +For production environments this should usually not be an issue. +``` + +````{important} +If you find yourself frequently redeploying a test environment and hit the `Let's Encrypt` certificate limit, you can can use: + +```powershell +> ./Update_SRE_RDS_SSL_Certificate.ps1 -dryRun $true +``` + +to use the `Let's Encrypt` staging server, which will issue certificates more frequently. +These certificates will **not** be trusted by your browser, and so should not be used in production. +```` +
+
Deploy web applications (CodiMD and GitLab) From 15936985e2b4a613534f06e1f67809dabd78b67a Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 11 Sep 2023 11:35:36 +0000 Subject: [PATCH 083/108] Fix linting error --- docs/source/deployment/deploy_sre.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/source/deployment/deploy_sre.md b/docs/source/deployment/deploy_sre.md index fe95d4b391..74f909bb48 100644 --- a/docs/source/deployment/deploy_sre.md +++ b/docs/source/deployment/deploy_sre.md @@ -138,6 +138,7 @@ If you find yourself frequently redeploying a test environment and hit the `Let' to use the `Let's Encrypt` staging server, which will issue certificates more frequently. These certificates will **not** be trusted by your browser, and so should not be used in production. ```` +
From 1836c9f68bfd9f1b1b14a75cd84c55126c8a21a8 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 11 Sep 2023 12:44:23 +0100 Subject: [PATCH 084/108] Add @craddm to CODEOWNERS --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 411890bbaa..85f3c50e40 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -10,5 +10,5 @@ # We only plan to require code owner review for # main and other branches that may be deployed from. # Note: /dir/ applies to directory and all subdirectories -/deployment/ @martintoreilly @jemrobinson @JimMadge +/deployment/ @martintoreilly @jemrobinson @JimMadge @craddm /docs/ @martintoreilly @jemrobinson @JimMadge @craddm @edwardchalstrey1 From 49f2993d7213e5888d1c26c7d812b7b0c5cf4fc9 Mon Sep 17 00:00:00 2001 From: jemrobinson Date: Mon, 11 Sep 2023 11:54:08 +0000 Subject: [PATCH 085/108] Update PyPI and CRAN allow lists --- .../package_lists/allowlist-full-python-pypi-tier3.list | 1 + .../package_lists/allowlist-full-r-cran-tier3.list | 3 --- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list index a55d0c20fc..4cc0064eb5 100644 --- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list +++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list @@ -74,6 +74,7 @@ Bottleneck bpemb branca Brotli +brotlicffi bson build bulwark diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list index 6a9b7deffe..e59220fc4f 100644 --- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list @@ -91,7 +91,6 @@ DBI dbplyr ddalpha debugme -decor deldir DEoptimR desc @@ -106,7 +105,6 @@ diffobj digest dimRed distributional -distro doMC doParallel dotCall64 @@ -116,7 +114,6 @@ dplyr DRR DT dtplyr -duckdb dygraphs e1071 ellipsis From 4d25c34c6565aa5ec9b6782662a06c36c176117b Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 11 Sep 2023 12:53:33 +0000 Subject: [PATCH 086/108] Remove pulumi testing files --- decmatt/.dshconfig | 6 ------ decmatt/newuser.csv | 2 -- decmatt/testuser.csv | 2 -- decmatt/wot.csv | 2 -- testmatt/.dshconfig | 6 ------ testmatt/newuser.csv | 2 -- testmatt/testuser.csv | 2 -- testmatt/wot.csv | 2 -- 8 files changed, 24 deletions(-) delete mode 100644 decmatt/.dshconfig delete mode 100644 decmatt/newuser.csv delete mode 100644 decmatt/testuser.csv delete mode 100644 decmatt/wot.csv delete mode 100644 testmatt/.dshconfig delete mode 100644 testmatt/newuser.csv delete mode 100644 testmatt/testuser.csv delete mode 100644 testmatt/wot.csv diff --git a/decmatt/.dshconfig b/decmatt/.dshconfig deleted file mode 100644 index 8dc381495e..0000000000 --- a/decmatt/.dshconfig +++ /dev/null @@ -1,6 +0,0 @@ -azure: - admin_group_id: 347c68cb-261f-4a3e-ac3e-6af860b5fec9 - location: uksouth - subscription_name: Data Safe Haven Development -shm: - name: newtest diff --git a/decmatt/newuser.csv b/decmatt/newuser.csv deleted file mode 100644 index b451974b79..0000000000 --- a/decmatt/newuser.csv +++ /dev/null @@ -1,2 +0,0 @@ -GivenName,Surname,Phone,Email -El,Vis,+447751185480, \ No newline at end of file diff --git a/decmatt/testuser.csv b/decmatt/testuser.csv deleted file mode 100644 index 8668f0f9bb..0000000000 --- a/decmatt/testuser.csv +++ /dev/null @@ -1,2 +0,0 @@ -GivenName,Surname,Phone,Email -Matt,Craddock,+447751185480,mcraddock@turing.ac.uk \ No newline at end of file diff --git a/decmatt/wot.csv b/decmatt/wot.csv deleted file mode 100644 index 818597cb4a..0000000000 --- a/decmatt/wot.csv +++ /dev/null @@ -1,2 +0,0 @@ -GivenName,Surname,Phone,Email -El,Vis,+447751185480, \ No newline at end of file diff --git a/testmatt/.dshconfig b/testmatt/.dshconfig deleted file mode 100644 index 1ea8e7bcc9..0000000000 --- a/testmatt/.dshconfig +++ /dev/null @@ -1,6 +0,0 @@ -azure: - admin_group_id: 347c68cb-261f-4a3e-ac3e-6af860b5fec9 - location: uksouth - subscription_name: Data Safe Haven Development -shm: - name: latest diff --git a/testmatt/newuser.csv b/testmatt/newuser.csv deleted file mode 100644 index b451974b79..0000000000 --- a/testmatt/newuser.csv +++ /dev/null @@ -1,2 +0,0 @@ -GivenName,Surname,Phone,Email -El,Vis,+447751185480, \ No newline at end of file diff --git a/testmatt/testuser.csv b/testmatt/testuser.csv deleted file mode 100644 index 8668f0f9bb..0000000000 --- a/testmatt/testuser.csv +++ /dev/null @@ -1,2 +0,0 @@ -GivenName,Surname,Phone,Email -Matt,Craddock,+447751185480,mcraddock@turing.ac.uk \ No newline at end of file diff --git a/testmatt/wot.csv b/testmatt/wot.csv deleted file mode 100644 index 818597cb4a..0000000000 --- a/testmatt/wot.csv +++ /dev/null @@ -1,2 +0,0 @@ -GivenName,Surname,Phone,Email -El,Vis,+447751185480, \ No newline at end of file From 614142b11c80a1f148a8e70c01ec24aa4863c175 Mon Sep 17 00:00:00 2001 From: JimMadge Date: Wed, 13 Sep 2023 00:25:08 +0000 Subject: [PATCH 087/108] Update PyPI and CRAN allow lists --- .../allowlist-full-python-pypi-tier3.list | 15 +++++++++++++++ .../allowlist-full-r-cran-tier3.list | 1 + 2 files changed, 16 insertions(+) diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list index 4cc0064eb5..e160c08250 100644 --- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list +++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list @@ -37,6 +37,7 @@ asyncio asynctest atomicwrites attrs +autocommand autograd autograd-gamma Automat @@ -240,6 +241,7 @@ importlib importlib-metadata importlib-resources incremental +inflect iniconfig installer interface-meta @@ -250,7 +252,16 @@ ipython_genutils isort itsdangerous Janome +jaraco.apt jaraco.classes +jaraco.collections +jaraco.context +jaraco.functools +jaraco.structures +jaraco.text +jaraco.timing +jaraco.ui +jaraco.windows jarowinkler jax jedi @@ -558,6 +569,7 @@ Send2Trash sentencepiece setuptools setuptools-git +setuptools-scm shapely shellingham simpful @@ -606,6 +618,7 @@ tabulate tangled-up-in-unicode tblib tdda +tempora tenacity tensorboard tensorboard-data-server @@ -699,7 +712,9 @@ y-py yarl yaspin ydata-profiling +yg.lockfile ypy-websocket +zc.lockfile zict zipfile36 zipp diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list index e59220fc4f..4b1441c1af 100644 --- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list @@ -380,6 +380,7 @@ quadprog quanteda quantmod quantreg +QuickJSR qvcalc R.cache R.methodsS3 From b3dbc96729f2d23c65eb5fab6a8b2f9f8d1e695c Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 19 Sep 2023 11:31:59 +0100 Subject: [PATCH 088/108] :sparkles: Install a basic bats version --- .../resources/workspace/workspace.cloud_init.mustache.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml b/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml index 17471221de..c4216adb76 100644 --- a/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml +++ b/data_safe_haven/resources/workspace/workspace.cloud_init.mustache.yaml @@ -104,6 +104,8 @@ packages: - libpq-dev # interact with PostgreSQL databases - msodbcsql17 # interact with Microsoft SQL databases - unixodbc-dev # interact with Microsoft SQL databases + # Bash testing + - bats package_update: true package_upgrade: true From f37b3055f7a7f6bd192f73227d3423898596c4e5 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Thu, 14 Sep 2023 13:19:43 +0100 Subject: [PATCH 089/108] :sparkles: Add a skeleton bats script --- .../resources/workspace/run_all_tests.bats | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 data_safe_haven/resources/workspace/run_all_tests.bats diff --git a/data_safe_haven/resources/workspace/run_all_tests.bats b/data_safe_haven/resources/workspace/run_all_tests.bats new file mode 100644 index 0000000000..b843d046f3 --- /dev/null +++ b/data_safe_haven/resources/workspace/run_all_tests.bats @@ -0,0 +1,92 @@ +#! /usr/bin/env bats +load "../bats/bats-assert/load" +load "../bats/bats-file/load" +load "../bats/bats-support/load" + + +# Helper functions +# ---------------- +install_requirements_python() { + pip install pandas psycopg pymssql +} + +install_requirements_R() { + Rscript -e "install.packages(c('DBI', 'odbc', 'RPostgres'))" +} + + +# Python +# ------ +# Test Python functionality +@test "Python functionality" { + run python tests/test_functionality_python.py 2>&1 + assert_output --partial 'All functionality tests passed' +} +# Test Python package repository +@test "Python package repository" { + run bash tests/test_repository_python.sh 2>&1 + assert_output --partial 'All package installations behaved as expected' +} + + +# R +# - +# Test R packages +# Test R functionality +@test "R functionality" { + run Rscript tests/test_functionality_R.R + assert_output --partial 'All functionality tests passed' +} + +# Test R package repository +@test "R package repository" { + run bash tests/test_repository_R.sh + assert_output --partial 'All package installations behaved as expected' +} + + +# Databases +# --------- +# Test MS SQL database +@test "MS SQL database (Python)" { + install_requirements_python + run bash tests/test_databases.sh -d mssql -l python + assert_output --partial 'All database tests passed' +} +@test "MS SQL database (R)" { + install_requirements_R + run bash tests/test_databases.sh -d mssql -l R + assert_output --partial 'All database tests passed' +} + +# Test Postgres database +@test "Postgres database (Python)" { + install_requirements_python + run bash tests/test_databases.sh -d postgresql -l python + assert_output --partial 'All database tests passed' +} +@test "Postgres database (R)" { + install_requirements_R + run bash tests/test_databases.sh -d postgresql -l R + assert_output --partial 'All database tests passed' +} + + +# Mounted drives +# -------------- +@test "Mounted drives (/data)" { + run bash tests/test_mounted_drives.sh -d data + assert_output --partial 'All tests passed' +} +@test "Mounted drives (/home)" { + run bash tests/test_mounted_drives.sh -d home + assert_output --partial 'All tests passed' +} +@test "Mounted drives (/output)" { + run bash tests/test_mounted_drives.sh -d output + assert_output --partial 'All tests passed' +} +@test "Mounted drives (/shared)" { + run bash tests/test_mounted_drives.sh -d shared + assert_output --partial 'All tests passed' +} From 29983957baaf30f03fa9e43155bf47b113f40bd3 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Fri, 15 Sep 2023 11:41:25 +0100 Subject: [PATCH 090/108] :truck: Rename remote_powershell.py to remote_script.py --- data_safe_haven/infrastructure/components/dynamic/__init__.py | 2 +- .../dynamic/{remote_powershell.py => remote_script.py} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename data_safe_haven/infrastructure/components/dynamic/{remote_powershell.py => remote_script.py} (100%) diff --git a/data_safe_haven/infrastructure/components/dynamic/__init__.py b/data_safe_haven/infrastructure/components/dynamic/__init__.py index 2fe0f8decb..7c51c1d231 100644 --- a/data_safe_haven/infrastructure/components/dynamic/__init__.py +++ b/data_safe_haven/infrastructure/components/dynamic/__init__.py @@ -2,7 +2,7 @@ from .blob_container_acl import BlobContainerAcl, BlobContainerAclProps from .compiled_dsc import CompiledDsc, CompiledDscProps from .file_share_file import FileShareFile, FileShareFileProps -from .remote_powershell import RemoteScript, RemoteScriptProps +from .remote_script import RemoteScript, RemoteScriptProps from .ssl_certificate import SSLCertificate, SSLCertificateProps __all__ = [ diff --git a/data_safe_haven/infrastructure/components/dynamic/remote_powershell.py b/data_safe_haven/infrastructure/components/dynamic/remote_script.py similarity index 100% rename from data_safe_haven/infrastructure/components/dynamic/remote_powershell.py rename to data_safe_haven/infrastructure/components/dynamic/remote_script.py From 415c68a4a53ca5f6fb36afb706d60724c3590c56 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 19 Sep 2023 12:18:51 +0100 Subject: [PATCH 091/108] :sparkles: Add a FileUpload provider --- .../components/dynamic/file_upload.py | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 data_safe_haven/infrastructure/components/dynamic/file_upload.py diff --git a/data_safe_haven/infrastructure/components/dynamic/file_upload.py b/data_safe_haven/infrastructure/components/dynamic/file_upload.py new file mode 100644 index 0000000000..067d150dd4 --- /dev/null +++ b/data_safe_haven/infrastructure/components/dynamic/file_upload.py @@ -0,0 +1,117 @@ +"""Pulumi dynamic component for running remote scripts on an Azure VM.""" +from typing import Any + +from pulumi import Input, Output, ResourceOptions +from pulumi.dynamic import CreateResult, DiffResult, Resource + +from data_safe_haven.external import AzureApi +from data_safe_haven.functions import b64encode + +from .dsh_resource_provider import DshResourceProvider + + +class FileUploadProps: + """Props for the FileUpload class""" + + def __init__( + self, + file_contents: Input[str], + file_hash: Input[str], + file_permissions: Input[str], + file_target: Input[str], + subscription_name: Input[str], + vm_name: Input[str], + vm_resource_group_name: Input[str], + force_refresh: Input[bool] | None = None, + ) -> None: + self.file_contents = file_contents + self.file_hash = file_hash + self.file_target = file_target + self.file_permissions = file_permissions + self.force_refresh = force_refresh + self.subscription_name = subscription_name + self.vm_name = vm_name + self.vm_resource_group_name = vm_resource_group_name + + +class FileUploadProvider(DshResourceProvider): + def create(self, props: dict[str, Any]) -> CreateResult: + """Run a remote script to create a file on a VM""" + outs = dict(**props) + azure_api = AzureApi(props["subscription_name"], disable_logging=True) + script_contents = f""" + target_dir=$(dirname "$target"); + mkdir -p $target_dir 2> /dev/null; + echo $contents_b64 | base64 --decode > $target; + chmod {props['file_permissions']} $target; + echo "Wrote file to $target"; + """ + script_parameters = { + "contents_b64": b64encode(props["file_contents"]), + "target": props["file_target"], + } + # Run remote script + outs["script_output"] = azure_api.run_remote_script( + props["vm_resource_group_name"], + script_contents, + script_parameters, + props["vm_name"], + ) + return CreateResult( + f"FileUpload-{props['file_hash']}", + outs=outs, + ) + + def delete(self, id_: str, props: dict[str, Any]) -> None: + """Delete the remote file from the VM""" + # Use `id` as a no-op to avoid ARG002 while maintaining function signature + id((id_, props)) + outs = dict(**props) + azure_api = AzureApi(props["subscription_name"], disable_logging=True) + script_contents = """ + rm -f "$target"; + echo "Removed file at $target"; + """ + script_parameters = { + "target": props["file_target"], + } + # Run remote script + outs["script_output"] = azure_api.run_remote_script( + props["vm_resource_group_name"], + script_contents, + script_parameters, + props["vm_name"], + ) + + def diff( + self, + id_: str, + old_props: dict[str, Any], + new_props: dict[str, Any], + ) -> DiffResult: + """Calculate diff between old and new state""" + # Use `id` as a no-op to avoid ARG002 while maintaining function signature + id(id_) + if new_props["force_refresh"]: + return DiffResult( + changes=True, + replaces=list(new_props.keys()), + stables=[], + delete_before_replace=True, + ) + return self.partial_diff(old_props, new_props, []) + + +class FileUpload(Resource): + script_output: Output[str] + _resource_type_name = "dsh:common:FileUpload" # set resource type + + def __init__( + self, + name: str, + props: FileUploadProps, + opts: ResourceOptions | None = None, + ): + super().__init__( + FileUploadProvider(), name, {"script_output": None, **vars(props)}, opts + ) From f4c3d701ab81989226cf2b7756499f9e0e73b7ab Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 19 Sep 2023 11:21:08 +0100 Subject: [PATCH 092/108] :sparkles: Use FileUpload provider for smoke tests --- .../infrastructure/components/__init__.py | 4 ++++ .../components/dynamic/__init__.py | 3 +++ .../infrastructure/stacks/declarative_sre.py | 1 + .../infrastructure/stacks/sre/workspaces.py | 24 +++++++++++++++++++ 4 files changed, 32 insertions(+) diff --git a/data_safe_haven/infrastructure/components/__init__.py b/data_safe_haven/infrastructure/components/__init__.py index ee872fabe0..6fcb8d3f9b 100644 --- a/data_safe_haven/infrastructure/components/__init__.py +++ b/data_safe_haven/infrastructure/components/__init__.py @@ -20,6 +20,8 @@ CompiledDscProps, FileShareFile, FileShareFileProps, + FileUpload, + FileUploadProps, RemoteScript, RemoteScriptProps, SSLCertificate, @@ -41,6 +43,8 @@ "CompiledDscProps", "FileShareFile", "FileShareFileProps", + "FileUpload", + "FileUploadProps", "LinuxVMComponentProps", "LocalDnsRecordComponent", "LocalDnsRecordProps", diff --git a/data_safe_haven/infrastructure/components/dynamic/__init__.py b/data_safe_haven/infrastructure/components/dynamic/__init__.py index 7c51c1d231..4fdfb12dfc 100644 --- a/data_safe_haven/infrastructure/components/dynamic/__init__.py +++ b/data_safe_haven/infrastructure/components/dynamic/__init__.py @@ -2,6 +2,7 @@ from .blob_container_acl import BlobContainerAcl, BlobContainerAclProps from .compiled_dsc import CompiledDsc, CompiledDscProps from .file_share_file import FileShareFile, FileShareFileProps +from .file_upload import FileUpload, FileUploadProps from .remote_script import RemoteScript, RemoteScriptProps from .ssl_certificate import SSLCertificate, SSLCertificateProps @@ -14,6 +15,8 @@ "CompiledDscProps", "FileShareFile", "FileShareFileProps", + "FileUpload", + "FileUploadProps", "RemoteScript", "RemoteScriptProps", "SSLCertificate", diff --git a/data_safe_haven/infrastructure/stacks/declarative_sre.py b/data_safe_haven/infrastructure/stacks/declarative_sre.py index 439da4b8ca..907ebfe667 100644 --- a/data_safe_haven/infrastructure/stacks/declarative_sre.py +++ b/data_safe_haven/infrastructure/stacks/declarative_sre.py @@ -253,6 +253,7 @@ def run(self) -> None: storage_account_data_private_user_name=data.storage_account_data_private_user_name, storage_account_data_private_sensitive_name=data.storage_account_data_private_sensitive_name, subnet_workspaces=networking.subnet_workspaces, + subscription_name=self.cfg.subscription_name, virtual_network_resource_group=networking.resource_group, virtual_network=networking.virtual_network, vm_details=list(enumerate(self.cfg.sres[self.sre_name].workspace_skus)), diff --git a/data_safe_haven/infrastructure/stacks/sre/workspaces.py b/data_safe_haven/infrastructure/stacks/sre/workspaces.py index 2821b6f669..64e0c6d4f3 100644 --- a/data_safe_haven/infrastructure/stacks/sre/workspaces.py +++ b/data_safe_haven/infrastructure/stacks/sre/workspaces.py @@ -14,10 +14,13 @@ get_name_from_vnet, ) from data_safe_haven.infrastructure.components import ( + FileUpload, + FileUploadProps, LinuxVMComponentProps, VMComponent, ) from data_safe_haven.resources import resources_path +from data_safe_haven.utility import FileReader class SREWorkspacesProps: @@ -43,6 +46,7 @@ def __init__( storage_account_data_private_user_name: Input[str], storage_account_data_private_sensitive_name: Input[str], subnet_workspaces: Input[network.GetSubnetResult], + subscription_name: Input[str], virtual_network_resource_group: Input[resources.ResourceGroup], virtual_network: Input[network.VirtualNetwork], vm_details: list[tuple[int, str]], # this must *not* be passed as an Input[T] @@ -69,6 +73,7 @@ def __init__( self.storage_account_data_private_sensitive_name = ( storage_account_data_private_sensitive_name ) + self.subscription_name = subscription_name self.virtual_network_name = Output.from_input(virtual_network).apply( get_name_from_vnet ) @@ -170,6 +175,25 @@ def __init__( for vm in vms ] + # Upload smoke tests + run_all_tests = FileReader(resources_path / "workspace" / "run_all_tests.bats") + for vm, vm_output in zip(vms, vm_outputs, strict=True): + file_run_all_tests = FileUpload( + f"{self._name}_file_run_all_tests", + FileUploadProps( + file_contents=run_all_tests.file_contents(), + file_hash=run_all_tests.sha256(), + file_permissions="0444", + file_target=f"/opt/tests/{run_all_tests.name}", + force_refresh=True, + subscription_name=props.subscription_name, + vm_name=vm.vm_name, + vm_resource_group_name=resource_group.name, + ), + opts=child_opts, + ) + vm_output["run_all_tests"] = file_run_all_tests.script_output + # Register outputs self.resource_group = resource_group From cccecbfc4b1af26bdd917223f4d4ca033dcca429 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 19 Sep 2023 11:22:01 +0100 Subject: [PATCH 093/108] :truck: Use one MSAL cache per tenant --- data_safe_haven/external/api/graph_api.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/data_safe_haven/external/api/graph_api.py b/data_safe_haven/external/api/graph_api.py index a329b50437..1b1a00b677 100644 --- a/data_safe_haven/external/api/graph_api.py +++ b/data_safe_haven/external/api/graph_api.py @@ -361,7 +361,9 @@ def create_token_administrator(self) -> str: result = None try: # Load local token cache - local_token_cache = LocalTokenCache(pathlib.Path.home() / ".msal_cache") + local_token_cache = LocalTokenCache( + pathlib.Path.home() / f".msal_cache_{self.tenant_id}" + ) # Use the Powershell application by default as this should be pre-installed app = PublicClientApplication( authority=f"https://login.microsoftonline.com/{self.tenant_id}", From d9edec2b5f449b9b14694cd9db7e670074701bd6 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 19 Sep 2023 11:22:54 +0100 Subject: [PATCH 094/108] :recycle: Simplify SHA256 calculation --- data_safe_haven/functions/strings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/functions/strings.py b/data_safe_haven/functions/strings.py index a3dac5e106..27089eeaed 100644 --- a/data_safe_haven/functions/strings.py +++ b/data_safe_haven/functions/strings.py @@ -90,7 +90,7 @@ def seeded_uuid(seed: str) -> uuid.UUID: def sha256hash(input_string: str) -> str: """Return the SHA256 hash of a string as a string.""" - return hashlib.sha256(str.encode(input_string, encoding="utf-8")).hexdigest() + return hashlib.sha256(input_string.encode("utf-8")).hexdigest() def truncate_tokens(tokens: Sequence[str], max_length: int) -> list[str]: From 29249df465109af3e3904247d38ac9acc69fb33a Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 20 Sep 2023 09:34:08 +0100 Subject: [PATCH 095/108] :alien: Allow multiple FileUploads to run at once, with each waiting until it is possible to run --- data_safe_haven/external/api/azure_api.py | 36 +++++++++++++++++++ .../components/dynamic/file_upload.py | 30 ++++++++++++---- 2 files changed, 60 insertions(+), 6 deletions(-) diff --git a/data_safe_haven/external/api/azure_api.py b/data_safe_haven/external/api/azure_api.py index 552bc35713..0ce8044bce 100644 --- a/data_safe_haven/external/api/azure_api.py +++ b/data_safe_haven/external/api/azure_api.py @@ -1084,6 +1084,42 @@ def run_remote_script( msg = f"Failed to run command on '{vm_name}'.\n{exc}" raise DataSafeHavenAzureError(msg) from exc + def run_remote_script_waiting( + self, + resource_group_name: str, + script: str, + script_parameters: dict[str, str], + vm_name: str, + ) -> str: + """Run a script on a remote virtual machine waiting for other scripts to complete + + Returns: + str: The script output + + Raises: + DataSafeHavenAzureError if running the script failed + """ + while True: + try: + script_output = self.run_remote_script( + resource_group_name=resource_group_name, + script=script, + script_parameters=script_parameters, + vm_name=vm_name, + ) + break + except DataSafeHavenAzureError as exc: + if all( + reason not in str(exc) + for reason in ( + "The request failed due to conflict with a concurrent request", + "Run command extension execution is in progress", + ) + ): + raise + time.sleep(5) + return script_output + def set_blob_container_acl( self, container_name: str, diff --git a/data_safe_haven/infrastructure/components/dynamic/file_upload.py b/data_safe_haven/infrastructure/components/dynamic/file_upload.py index 067d150dd4..231b583430 100644 --- a/data_safe_haven/infrastructure/components/dynamic/file_upload.py +++ b/data_safe_haven/infrastructure/components/dynamic/file_upload.py @@ -2,7 +2,7 @@ from typing import Any from pulumi import Input, Output, ResourceOptions -from pulumi.dynamic import CreateResult, DiffResult, Resource +from pulumi.dynamic import CreateResult, DiffResult, Resource, UpdateResult from data_safe_haven.external import AzureApi from data_safe_haven.functions import b64encode @@ -51,12 +51,19 @@ def create(self, props: dict[str, Any]) -> CreateResult: "target": props["file_target"], } # Run remote script - outs["script_output"] = azure_api.run_remote_script( + script_output = azure_api.run_remote_script_waiting( props["vm_resource_group_name"], script_contents, script_parameters, props["vm_name"], ) + outs["script_output"] = "\n".join( + [ + line.strip() + for line in script_output.replace("Enable succeeded:", "").split("\n") + if line + ] + ) return CreateResult( f"FileUpload-{props['file_hash']}", outs=outs, @@ -65,8 +72,7 @@ def create(self, props: dict[str, Any]) -> CreateResult: def delete(self, id_: str, props: dict[str, Any]) -> None: """Delete the remote file from the VM""" # Use `id` as a no-op to avoid ARG002 while maintaining function signature - id((id_, props)) - outs = dict(**props) + id(id_) azure_api = AzureApi(props["subscription_name"], disable_logging=True) script_contents = """ rm -f "$target"; @@ -76,7 +82,7 @@ def delete(self, id_: str, props: dict[str, Any]) -> None: "target": props["file_target"], } # Run remote script - outs["script_output"] = azure_api.run_remote_script( + azure_api.run_remote_script_waiting( props["vm_resource_group_name"], script_contents, script_parameters, @@ -97,10 +103,22 @@ def diff( changes=True, replaces=list(new_props.keys()), stables=[], - delete_before_replace=True, + delete_before_replace=False, ) return self.partial_diff(old_props, new_props, []) + def update( + self, + id_: str, + old_props: dict[str, Any], + new_props: dict[str, Any], + ) -> UpdateResult: + """Updating is creating without the need to delete.""" + # Use `id` as a no-op to avoid ARG002 while maintaining function signature + id((id_, old_props)) + updated = self.create(new_props) + return UpdateResult(outs=updated.outs) + class FileUpload(Resource): script_output: Output[str] From 7a889ccf9aefb4bbb9a520d39f80475158806765 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 20 Sep 2023 19:22:02 +0100 Subject: [PATCH 096/108] :bug: Signal if the FileUpload could not be created --- .../infrastructure/components/dynamic/file_upload.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/data_safe_haven/infrastructure/components/dynamic/file_upload.py b/data_safe_haven/infrastructure/components/dynamic/file_upload.py index 231b583430..cb9f5152f1 100644 --- a/data_safe_haven/infrastructure/components/dynamic/file_upload.py +++ b/data_safe_haven/infrastructure/components/dynamic/file_upload.py @@ -4,6 +4,7 @@ from pulumi import Input, Output, ResourceOptions from pulumi.dynamic import CreateResult, DiffResult, Resource, UpdateResult +from data_safe_haven.exceptions import DataSafeHavenAzureError from data_safe_haven.external import AzureApi from data_safe_haven.functions import b64encode @@ -44,7 +45,11 @@ def create(self, props: dict[str, Any]) -> CreateResult: mkdir -p $target_dir 2> /dev/null; echo $contents_b64 | base64 --decode > $target; chmod {props['file_permissions']} $target; - echo "Wrote file to $target"; + if [ -f "$target" ]; then + echo "Wrote file to $target"; + else + echo "Failed to write file to $target"; + fi """ script_parameters = { "contents_b64": b64encode(props["file_contents"]), @@ -64,6 +69,8 @@ def create(self, props: dict[str, Any]) -> CreateResult: if line ] ) + if "Failed to write" in outs["script_output"]: + raise DataSafeHavenAzureError(outs["script_output"]) return CreateResult( f"FileUpload-{props['file_hash']}", outs=outs, From 05c8a160ab5478cc638bc7b3cb0b33f9c7579ddd Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 20 Sep 2023 17:55:45 +0100 Subject: [PATCH 097/108] :white_check_mark: Add smoke tests --- .../components/dynamic/file_upload.py | 2 +- .../infrastructure/stacks/sre/workspaces.py | 42 +++-- .../resources/workspace/run_all_tests.bats | 156 +++++++++++------- .../resources/workspace/test_databases.sh | 51 ++++++ .../resources/workspace/test_databases_R.R | 51 ++++++ .../workspace/test_databases_python.py | 55 ++++++ .../workspace/test_functionality_R.R | 39 +++++ .../workspace/test_functionality_python.py | 37 +++++ .../workspace/test_mounted_drives.sh | 66 ++++++++ .../workspace/test_repository_R.mustache.sh | 49 ++++++ .../test_repository_python.mustache.sh | 42 +++++ 11 files changed, 512 insertions(+), 78 deletions(-) create mode 100644 data_safe_haven/resources/workspace/test_databases.sh create mode 100644 data_safe_haven/resources/workspace/test_databases_R.R create mode 100644 data_safe_haven/resources/workspace/test_databases_python.py create mode 100644 data_safe_haven/resources/workspace/test_functionality_R.R create mode 100644 data_safe_haven/resources/workspace/test_functionality_python.py create mode 100644 data_safe_haven/resources/workspace/test_mounted_drives.sh create mode 100644 data_safe_haven/resources/workspace/test_repository_R.mustache.sh create mode 100644 data_safe_haven/resources/workspace/test_repository_python.mustache.sh diff --git a/data_safe_haven/infrastructure/components/dynamic/file_upload.py b/data_safe_haven/infrastructure/components/dynamic/file_upload.py index cb9f5152f1..731a662899 100644 --- a/data_safe_haven/infrastructure/components/dynamic/file_upload.py +++ b/data_safe_haven/infrastructure/components/dynamic/file_upload.py @@ -29,7 +29,7 @@ def __init__( self.file_hash = file_hash self.file_target = file_target self.file_permissions = file_permissions - self.force_refresh = force_refresh + self.force_refresh = Output.from_input(force_refresh).apply(lambda force: force if force else False) self.subscription_name = subscription_name self.vm_name = vm_name self.vm_resource_group_name = vm_resource_group_name diff --git a/data_safe_haven/infrastructure/stacks/sre/workspaces.py b/data_safe_haven/infrastructure/stacks/sre/workspaces.py index 64e0c6d4f3..fa854168f1 100644 --- a/data_safe_haven/infrastructure/stacks/sre/workspaces.py +++ b/data_safe_haven/infrastructure/stacks/sre/workspaces.py @@ -1,3 +1,4 @@ +import pathlib from collections.abc import Mapping from typing import Any @@ -166,7 +167,7 @@ def __init__( ] # Get details for each deployed VM - vm_outputs = [ + vm_outputs: list[dict[str, Any]] = [ { "ip_address": vm.ip_address_private, "name": vm.vm_name, @@ -176,23 +177,30 @@ def __init__( ] # Upload smoke tests - run_all_tests = FileReader(resources_path / "workspace" / "run_all_tests.bats") + mustache_values={ + "check_uninstallable_packages": "0", + } + file_uploads = [(FileReader(resources_path / "workspace" / "run_all_tests.bats"), "0444")] + for test_file in pathlib.Path(resources_path / "workspace").glob("test*"): + file_uploads.append((FileReader(test_file), "0444")) for vm, vm_output in zip(vms, vm_outputs, strict=True): - file_run_all_tests = FileUpload( - f"{self._name}_file_run_all_tests", - FileUploadProps( - file_contents=run_all_tests.file_contents(), - file_hash=run_all_tests.sha256(), - file_permissions="0444", - file_target=f"/opt/tests/{run_all_tests.name}", - force_refresh=True, - subscription_name=props.subscription_name, - vm_name=vm.vm_name, - vm_resource_group_name=resource_group.name, - ), - opts=child_opts, - ) - vm_output["run_all_tests"] = file_run_all_tests.script_output + outputs: dict[str, Output[str]] = {} + for file_upload, file_permissions in file_uploads: + file_smoke_test = FileUpload( + replace_separators(f"{self._name}_file_{file_upload.name}", "_"), + FileUploadProps( + file_contents=file_upload.file_contents(mustache_values=mustache_values), + file_hash=file_upload.sha256(), + file_permissions=file_permissions, + file_target=f"/opt/tests/{file_upload.name}", + subscription_name=props.subscription_name, + vm_name=vm.vm_name, + vm_resource_group_name=resource_group.name, + ), + opts=child_opts, + ) + outputs[file_upload.name] = file_smoke_test.script_output + vm_output["file_uploads"] = outputs # Register outputs self.resource_group = resource_group diff --git a/data_safe_haven/resources/workspace/run_all_tests.bats b/data_safe_haven/resources/workspace/run_all_tests.bats index b843d046f3..800a55cd3d 100644 --- a/data_safe_haven/resources/workspace/run_all_tests.bats +++ b/data_safe_haven/resources/workspace/run_all_tests.bats @@ -1,47 +1,92 @@ #! /usr/bin/env bats -load "../bats/bats-assert/load" -load "../bats/bats-file/load" -load "../bats/bats-support/load" # Helper functions # ---------------- -install_requirements_python() { - pip install pandas psycopg pymssql +initialise_python_environment() { + ENV_PATH="${HOME}/.local/bats-python-environment" + rm -rf "$ENV_PATH" + python -m venv "$ENV_PATH" + source "${ENV_PATH}/bin/activate" + pip install --upgrade pip --quiet } -install_requirements_R() { - Rscript -e "install.packages(c('DBI', 'odbc', 'RPostgres'))" +initialise_r_environment() { + ENV_PATH="${HOME}/.local/bats-r-environment" + rm -rf "$ENV_PATH" + mkdir -p "$ENV_PATH" } +install_r_package() { + PACKAGE_NAME="$1" + ENV_PATH="${HOME}/.local/bats-r-environment" + Rscript -e "install.packages('$PACKAGE_NAME', lib='$ENV_PATH');" +} -# Python -# ------ -# Test Python functionality -@test "Python functionality" { - run python tests/test_functionality_python.py 2>&1 - assert_output --partial 'All functionality tests passed' +install_r_package_version() { + PACKAGE_NAME="$1" + PACKAGE_VERSION="$2" + ENV_PATH="${HOME}/.local/bats-r-environment" + Rscript -e "install.packages('remotes', lib='$ENV_PATH');" + Rscript -e "library('remotes', lib='$ENV_PATH'); remotes::install_version(package='$PACKAGE_NAME', version='$PACKAGE_VERSION', lib='$ENV_PATH');" } -# Test Python package repository -@test "Python package repository" { - run bash tests/test_repository_python.sh 2>&1 - assert_output --partial 'All package installations behaved as expected' + +check_db_credentials() { + db_credentials="${HOME}/.local/db.dsh" + if [ -f "$db_credentials" ]; then + return 0 + fi + return 1 } -# R -# - -# Test R packages -# Test R functionality -@test "R functionality" { - run Rscript tests/test_functionality_R.R - assert_output --partial 'All functionality tests passed' +# Mounted drives +# -------------- +@test "Mounted drives (/data)" { + run bash test_mounted_drives.sh -d data + [ "$status" -eq 0 ] +} +@test "Mounted drives (/home)" { + run bash test_mounted_drives.sh -d home + [ "$status" -eq 0 ] +} +@test "Mounted drives (/output)" { + run bash test_mounted_drives.sh -d output + [ "$status" -eq 0 ] +} +@test "Mounted drives (/shared)" { + run bash test_mounted_drives.sh -d shared + [ "$status" -eq 0 ] } -# Test R package repository + +# Package repositories +# -------------------- +@test "Python package repository" { + initialise_python_environment + run bash test_repository_python.sh 2>&1 + [ "$status" -eq 0 ] +} @test "R package repository" { - run bash tests/test_repository_R.sh - assert_output --partial 'All package installations behaved as expected' + initialise_r_environment + run bash test_repository_R.sh + [ "$status" -eq 0 ] +} + + +# Language functionality +# ---------------------- +@test "Python functionality" { + initialise_python_environment + pip install numpy pandas scikit-learn --quiet + run python test_functionality_python.py 2>&1 + [ "$status" -eq 0 ] +} +@test "R functionality" { + initialise_r_environment + install_r_package_version "MASS" "7.3-52" + run Rscript test_functionality_R.R + [ "$status" -eq 0 ] } @@ -49,44 +94,35 @@ install_requirements_R() { # --------- # Test MS SQL database @test "MS SQL database (Python)" { - install_requirements_python - run bash tests/test_databases.sh -d mssql -l python - assert_output --partial 'All database tests passed' + check_db_credentials || skip "No database credentials available" + initialise_python_environment + pip install pandas psycopg pymssql --quiet + run bash test_databases.sh -d mssql -l python + [ "$status" -eq 0 ] } @test "MS SQL database (R)" { - install_requirements_R - run bash tests/test_databases.sh -d mssql -l R - assert_output --partial 'All database tests passed' + check_db_credentials || skip "No database credentials available" + initialise_r_environment + install_r_package "DBI" + install_r_package "odbc" + install_r_package "RPostgres" + run bash test_databases.sh -d mssql -l R + [ "$status" -eq 0 ] } - # Test Postgres database @test "Postgres database (Python)" { - install_requirements_python - run bash tests/test_databases.sh -d postgresql -l python - assert_output --partial 'All database tests passed' + check_db_credentials || skip "No database credentials available" + initialise_python_environment + pip install pandas psycopg pymssql --quiet + run bash test_databases.sh -d postgresql -l python + [ "$status" -eq 0 ] } @test "Postgres database (R)" { - install_requirements_R - run bash tests/test_databases.sh -d postgresql -l R - assert_output --partial 'All database tests passed' -} - - -# Mounted drives -# -------------- -@test "Mounted drives (/data)" { - run bash tests/test_mounted_drives.sh -d data - assert_output --partial 'All tests passed' -} -@test "Mounted drives (/home)" { - run bash tests/test_mounted_drives.sh -d home - assert_output --partial 'All tests passed' -} -@test "Mounted drives (/output)" { - run bash tests/test_mounted_drives.sh -d output - assert_output --partial 'All tests passed' -} -@test "Mounted drives (/shared)" { - run bash tests/test_mounted_drives.sh -d shared - assert_output --partial 'All tests passed' + check_db_credentials || skip "No database credentials available" + initialise_r_environment + install_r_package "DBI" + install_r_package "odbc" + install_r_package "RPostgres" + run bash test_databases.sh -d postgresql -l R + [ "$status" -eq 0 ] } diff --git a/data_safe_haven/resources/workspace/test_databases.sh b/data_safe_haven/resources/workspace/test_databases.sh new file mode 100644 index 0000000000..69fd7a456c --- /dev/null +++ b/data_safe_haven/resources/workspace/test_databases.sh @@ -0,0 +1,51 @@ +#! /bin/bash +db_type="" +language="" +while getopts d:l: flag; do + case "${flag}" in + d) db_type=${OPTARG} ;; + l) language=${OPTARG} ;; + *) + echo "Invalid option ${OPTARG}" + exit 1 + ;; + esac +done + +db_credentials="${HOME}/.local/db.dsh" +if [ -f "$db_credentials" ]; then + username="databaseadmin" + password="$(cat "$db_credentials")" +else + echo "Credentials file ($db_credentials) not found." + exit 1 +fi + +sre_fqdn="$(grep trusted /etc/pip.conf | cut -d "." -f 2-99)" +sre_prefix="$(hostname | cut -d "-" -f 1-4)" +if [ "$db_type" == "mssql" ]; then + db_name="master" + port="1433" + server_name="mssql.${sre_fqdn}" + hostname="${sre_prefix}-db-server-mssql" +elif [ "$db_type" == "postgresql" ]; then + db_name="postgres" + port="5432" + server_name="postgresql.${sre_fqdn}" + hostname="${sre_prefix}-db-server-postgresql" +else + echo "Did not recognise database type '$db_type'" + exit 1 +fi + +if [ "$port" == "" ]; then + echo "Database type '$db_type' is not part of this SRE" + exit 1 +else + script_path=$(dirname "$(readlink -f "$0")") + if [ "$language" == "python" ]; then + python "${script_path}"/test_databases_python.py --db-type "$db_type" --db-name "$db_name" --port "$port" --server-name "$server_name" --hostname "$hostname" --username "$username" --password "$password" || exit 1 + elif [ "$language" == "R" ]; then + Rscript "${script_path}"/test_databases_R.R "$db_type" "$db_name" "$port" "$server_name" "$hostname" "$username" "$password" || exit 1 + fi +fi diff --git a/data_safe_haven/resources/workspace/test_databases_R.R b/data_safe_haven/resources/workspace/test_databases_R.R new file mode 100644 index 0000000000..a261f21532 --- /dev/null +++ b/data_safe_haven/resources/workspace/test_databases_R.R @@ -0,0 +1,51 @@ +#!/usr/bin/env Rscript +library(DBI, lib.loc='~/.local/bats-r-environment') +library(odbc, lib.loc='~/.local/bats-r-environment') +library(RPostgres, lib.loc='~/.local/bats-r-environment') + +# Parse command line arguments +args = commandArgs(trailingOnly=TRUE) +if (length(args)!=7) { + stop("Exactly seven arguments are required: db_type, db_name, port, server_name, hostname, username and password") +} +db_type = args[1] +db_name = args[2] +port = args[3] +server_name = args[4] +hostname = args[5] +username = args[6] +password = args[7] + +# Connect to the database +print(paste("Attempting to connect to '", db_name, "' on '", server_name, "' via port '", port, sep="")) +if (db_type == "mssql") { + cnxn <- DBI::dbConnect( + odbc::odbc(), + Driver = "ODBC Driver 17 for SQL Server", + Server = paste(server_name, port, sep=","), + Database = db_name, + # Trusted_Connection = "yes", + UID = paste(username, "@", hostname, sep=""), + PWD = password + ) +} else if (db_type == "postgresql") { + cnxn <- DBI::dbConnect( + RPostgres::Postgres(), + host = server_name, + port = port, + dbname = db_name, + user = paste(username, "@", hostname, sep=""), + password = password + ) +} else { + stop(paste("Database type '", db_type, "' was not recognised", sep="")) +} + +# Run a query and save the output into a dataframe +df <- dbGetQuery(cnxn, "SELECT * FROM information_schema.tables;") +if (dim(df)[1] > 0) { + print(head(df, 5)) + print("All database tests passed") +} else { + stop(paste("Reading from database '", db_name, "' failed", sep="")) +} diff --git a/data_safe_haven/resources/workspace/test_databases_python.py b/data_safe_haven/resources/workspace/test_databases_python.py new file mode 100644 index 0000000000..37a37acb91 --- /dev/null +++ b/data_safe_haven/resources/workspace/test_databases_python.py @@ -0,0 +1,55 @@ +#! /usr/bin/env python +import argparse + +import pandas as pd +import psycopg +import pymssql + + +def test_database(server_name, hostname, port, db_type, db_name, username, password): + print(f"Attempting to connect to '{db_name}' on '{server_name}' via port {port}") + username_full = f"{username}@{hostname}" + cnxn = None + if db_type == "mssql": + cnxn = pymssql.connect( + server=server_name, user=username_full, password=password, database=db_name + ) + elif db_type == "postgresql": + connection_string = f"host={server_name} port={port} dbname={db_name} user={username_full} password={password}" + cnxn = psycopg.connect(connection_string) + else: + raise ValueError(f"Database type '{db_type}' was not recognised") + df = pd.read_sql("SELECT * FROM information_schema.tables;", cnxn) + if df.size: + print(df.head(5)) + print("All database tests passed") + else: + raise ValueError(f"Reading from database '{db_name}' failed.") + + +# Parse command line arguments +parser = argparse.ArgumentParser() +parser.add_argument( + "--db-type", + type=str, + choices=["mssql", "postgresql"], + help="Which database type to use", +) +parser.add_argument("--db-name", type=str, help="Which database to connect to") +parser.add_argument("--port", type=str, help="Which port to connect to") +parser.add_argument("--server-name", type=str, help="Which server to connect to") +parser.add_argument("--username", type=str, help="Database username") +parser.add_argument("--hostname", type=str, help="Azure hostname of the server") +parser.add_argument("--password", type=str, help="Database user password") +args = parser.parse_args() + +# Run database test +test_database( + args.server_name, + args.hostname, + args.port, + args.db_type, + args.db_name, + args.username, + args.password, +) diff --git a/data_safe_haven/resources/workspace/test_functionality_R.R b/data_safe_haven/resources/workspace/test_functionality_R.R new file mode 100644 index 0000000000..94c351e7c3 --- /dev/null +++ b/data_safe_haven/resources/workspace/test_functionality_R.R @@ -0,0 +1,39 @@ +# Test logistic regression using R +library('MASS', lib.loc='~/.local/bats-r-environment') +library('stats') + +gen_data <- function(n = 100, p = 3) { + set.seed(1) + weights <- stats::rgamma(n = n, shape = rep(1, n), rate = rep(1, n)) + y <- stats::rbinom(n = n, size = 1, prob = 0.5) + theta <- stats::rnorm(n = p, mean = 0, sd = 1) + means <- colMeans(as.matrix(y) %*% theta) + x <- MASS::mvrnorm(n = n, means, diag(1, p, p)) + return(list(x = x, y = y, weights = weights, theta = theta)) +} + +run_logistic_regression <- function(data) { + fit <- stats::glm.fit(x = data$x, + y = data$y, + weights = data$weights, + family = stats::quasibinomial(link = "logit")) + return(fit$coefficients) +} + +data <- gen_data() +theta <- run_logistic_regression(data) +print("Logistic regression ran OK") + + +# Test clustering of random data using R +num_clusters <- 5 +N <- 10 +set.seed(0, kind = "Mersenne-Twister") +cluster_means <- runif(num_clusters, 0, 10) +means_selector <- as.integer(runif(N, 1, num_clusters + 1)) +data_means <- cluster_means[means_selector] +data <- rnorm(n = N, mean = data_means, sd = 0.5) +hc <- hclust(dist(data)) +print("Clustering ran OK") + +print("All functionality tests passed") diff --git a/data_safe_haven/resources/workspace/test_functionality_python.py b/data_safe_haven/resources/workspace/test_functionality_python.py new file mode 100644 index 0000000000..9ca9662d98 --- /dev/null +++ b/data_safe_haven/resources/workspace/test_functionality_python.py @@ -0,0 +1,37 @@ +"""Test logistic regression using python""" +import numpy as np +import pandas as pd +from sklearn.linear_model import LogisticRegression + + +def gen_data(n_samples, n_points): + """Generate data for fitting""" + target = np.random.binomial(n=1, p=0.5, size=(n_samples, 1)) + theta = np.random.normal(loc=0.0, scale=1.0, size=(1, n_points)) + means = np.mean(np.multiply(target, theta), axis=0) + values = np.random.multivariate_normal( + means, np.diag([1] * n_points), size=n_samples + ).T + data = dict(("x{}".format(n), values[n]) for n in range(n_points)) + data["y"] = target.reshape((n_samples,)) + data["weights"] = np.random.gamma(shape=1, scale=1.0, size=n_samples) + return pd.DataFrame(data=data) + + +def main(): + """Logistic regression""" + data = gen_data(100, 3) + input_data = data.iloc[:, :-2] + output_data = data["y"] + weights = data["weights"] + + logit = LogisticRegression(solver="liblinear") + logit.fit(input_data, output_data, sample_weight=weights) + logit.score(input_data, output_data, sample_weight=weights) + + print("Logistic model ran OK") + print("All functionality tests passed") + + +if __name__ == "__main__": + main() diff --git a/data_safe_haven/resources/workspace/test_mounted_drives.sh b/data_safe_haven/resources/workspace/test_mounted_drives.sh new file mode 100644 index 0000000000..a1812934b9 --- /dev/null +++ b/data_safe_haven/resources/workspace/test_mounted_drives.sh @@ -0,0 +1,66 @@ +#! /bin/bash +while getopts d: flag +do + case "${flag}" in + d) directory=${OPTARG};; + *) + echo "Usage: $0 -d [directory]" + exit 1 + esac +done + +nfailed=0 +if [[ "$directory" = "home" ]]; then directory_path=$(echo ~); else directory_path="/${directory}"; fi +testfile="$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)" + +# Check that directory exists +if [ "$(ls "${directory_path}" 2>&1 1>/dev/null)" ]; then + echo "Could not find mount '${directory_path}'" + nfailed=$((nfailed + 1)) +fi + +# Test operations +CAN_CREATE="$([[ "$(touch "${directory_path}/${testfile}" 2>&1 1>/dev/null)" = "" ]] && echo '1' || echo '0')" +CAN_WRITE="$([[ -w "${directory_path}/${testfile}" ]] && echo '1' || echo '0')" +CAN_DELETE="$([[ "$(touch "${directory_path}/${testfile}" 2>&1 1>/dev/null && rm "${directory_path}/${testfile}" 2>&1)" ]] && echo '0' || echo '1')" + +# Check that permissions are as expected for each directory +case "$directory" in + data) + if [ "$CAN_CREATE" = 1 ]; then echo "Able to create files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_WRITE" = 1 ]; then echo "Able to write files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_DELETE" = 1 ]; then echo "Able to delete files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + ;; + + home) + if [ "$CAN_CREATE" = 0 ]; then echo "Unable to create files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_WRITE" = 0 ]; then echo "Unable to write files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_DELETE" = 0 ]; then echo "Unable to delete files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + ;; + + output) + if [ "$CAN_CREATE" = 0 ]; then echo "Unable to create files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_WRITE" = 0 ]; then echo "Unable to write files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_DELETE" = 0 ]; then echo "Unable to delete files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + ;; + + shared) + if [ "$CAN_CREATE" = 0 ]; then echo "Unable to create files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_WRITE" = 0 ]; then echo "Unable to write files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + if [ "$CAN_DELETE" = 0 ]; then echo "Unable to delete files in ${directory_path}!"; nfailed=$((nfailed + 1)); fi + ;; + + *) + echo "Usage: $0 -d [directory]" + exit 1 +esac + +# Cleanup and print output +rm -f "${directory_path}/${testfile}" 2> /dev/null +if [ $nfailed = 0 ]; then + echo "All tests passed for '${directory_path}'" + exit 0 +else + echo "$nfailed tests failed for '${directory_path}'!" + exit $nfailed +fi diff --git a/data_safe_haven/resources/workspace/test_repository_R.mustache.sh b/data_safe_haven/resources/workspace/test_repository_R.mustache.sh new file mode 100644 index 0000000000..03568b1e62 --- /dev/null +++ b/data_safe_haven/resources/workspace/test_repository_R.mustache.sh @@ -0,0 +1,49 @@ +#! /bin/bash +# We need to test packages that are: +# - *not* pre-installed +# - on the tier-3 list (so we can test all tiers) +# - alphabetically early and late (so we can test the progress of the mirror synchronisation) +packages=("askpass" "zeallot") +uninstallable_packages=("aws.s3") + +# Create a temporary library directory +TEST_INSTALL_PATH="${HOME}/.local/bats-r-environment" +# TEST_INSTALL_PATH="${HOME}/test-repository-R" +# rm -rf "$TEST_INSTALL_PATH" +# mkdir -p "$TEST_INSTALL_PATH" + +# Install sample packages to local user library +N_FAILURES=0 +for package in "${packages[@]}"; do + echo "Attempting to install ${package}..." + Rscript -e "options(warn=-1); install.packages('${package}', lib='${TEST_INSTALL_PATH}', quiet=TRUE)" + if (Rscript -e "library('${package}', lib.loc='${TEST_INSTALL_PATH}')"); then + echo "... $package installation succeeded" + else + echo "... $package installation failed" + N_FAILURES=$((N_FAILURES + 1)) + fi +done +# If requested, demonstrate that installation fails for packages *not* on the approved list +TEST_FAILURE="{{check_uninstallable_packages}}" +if [ $TEST_FAILURE -eq 1 ]; then + for package in "${uninstallable_packages[@]}"; do + echo "Attempting to install ${package}..." + Rscript -e "options(warn=-1); install.packages('${package}', lib='${TEST_INSTALL_PATH}', quiet=TRUE)" + if (Rscript -e "library('${package}', lib.loc='${TEST_INSTALL_PATH}')"); then + echo "... $package installation unexpectedly succeeded!" + N_FAILURES=$((N_FAILURES + 1)) + else + echo "... $package installation failed as expected" + fi + done +fi +rm -rf "$TEST_INSTALL_PATH" + +if [ $N_FAILURES -eq 0 ]; then + echo "All package installations behaved as expected" + exit 0 +else + echo "One or more package installations did not behave as expected!" + exit $N_FAILURES +fi diff --git a/data_safe_haven/resources/workspace/test_repository_python.mustache.sh b/data_safe_haven/resources/workspace/test_repository_python.mustache.sh new file mode 100644 index 0000000000..28e46a23e1 --- /dev/null +++ b/data_safe_haven/resources/workspace/test_repository_python.mustache.sh @@ -0,0 +1,42 @@ +#! /bin/bash + +# We need to test packages that are: +# - *not* pre-installed +# - on the allowlist (so we can test this is working) +# - alphabetically early and late (so we can test the progress of the mirror synchronisation) +installable_packages=("contourpy" "tzdata") +uninstallable_packages=("awscli") + +# Install sample packages to local user library +N_FAILURES=0 +for package in "${installable_packages[@]}"; do + echo "Attempting to install ${package}..." + if (pip install "$package" --quiet); then + echo "... $package installation succeeded" + else + echo "... $package installation failed" + N_FAILURES=$((N_FAILURES + 1)) + fi +done +# If requested, demonstrate that installation fails for packages *not* on the approved list +TEST_FAILURE="{{check_uninstallable_packages}}" +if [ $TEST_FAILURE -eq 1 ]; then + for package in "${uninstallable_packages[@]}"; do + echo "Attempting to install ${package}..." + if (pip install "$package" --quiet); then + echo "... $package installation unexpectedly succeeded!" + N_FAILURES=$((N_FAILURES + 1)) + else + echo "... $package installation failed as expected" + fi + done +fi +rm -rf "$TEST_INSTALL_PATH" + +if [ $N_FAILURES -eq 0 ]; then + echo "All package installations behaved as expected" + exit 0 +else + echo "One or more package installations did not behave as expected!" + exit $N_FAILURES +fi From 15668ecbf56c6d1ac0a0becc59221af2984039ec Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 20 Sep 2023 19:23:14 +0100 Subject: [PATCH 098/108] :arrow_up: Add dependencies needed for smoke tests to allowlists --- .../resources/software_repositories/allowlists/cran.allowlist | 1 + .../resources/software_repositories/allowlists/pypi.allowlist | 1 + 2 files changed, 2 insertions(+) diff --git a/data_safe_haven/resources/software_repositories/allowlists/cran.allowlist b/data_safe_haven/resources/software_repositories/allowlists/cran.allowlist index d65ef196ea..9624ec7060 100644 --- a/data_safe_haven/resources/software_repositories/allowlists/cran.allowlist +++ b/data_safe_haven/resources/software_repositories/allowlists/cran.allowlist @@ -1,4 +1,5 @@ DBI +MASS RPostgres Rcpp bit diff --git a/data_safe_haven/resources/software_repositories/allowlists/pypi.allowlist b/data_safe_haven/resources/software_repositories/allowlists/pypi.allowlist index 3ab3c07dfe..704937893f 100644 --- a/data_safe_haven/resources/software_repositories/allowlists/pypi.allowlist +++ b/data_safe_haven/resources/software_repositories/allowlists/pypi.allowlist @@ -15,6 +15,7 @@ pyodbc pyparsing python-dateutil pytz +scikit-learn six typing-extensions tzdata From b039cd7eaabdd76da11467e04aeb0cae07f06b9c Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 20 Sep 2023 19:32:59 +0100 Subject: [PATCH 099/108] :rotating_light: Fix linting errors in smoke tests --- .../components/dynamic/file_upload.py | 4 +++- .../infrastructure/stacks/sre/workspaces.py | 10 +++++--- .../workspace/test_databases_python.py | 23 ++++++++++++++----- .../workspace/test_functionality_python.py | 10 ++++---- pyproject.toml | 4 ++++ 5 files changed, 36 insertions(+), 15 deletions(-) diff --git a/data_safe_haven/infrastructure/components/dynamic/file_upload.py b/data_safe_haven/infrastructure/components/dynamic/file_upload.py index 731a662899..4f1f259c47 100644 --- a/data_safe_haven/infrastructure/components/dynamic/file_upload.py +++ b/data_safe_haven/infrastructure/components/dynamic/file_upload.py @@ -29,7 +29,9 @@ def __init__( self.file_hash = file_hash self.file_target = file_target self.file_permissions = file_permissions - self.force_refresh = Output.from_input(force_refresh).apply(lambda force: force if force else False) + self.force_refresh = Output.from_input(force_refresh).apply( + lambda force: force if force else False + ) self.subscription_name = subscription_name self.vm_name = vm_name self.vm_resource_group_name = vm_resource_group_name diff --git a/data_safe_haven/infrastructure/stacks/sre/workspaces.py b/data_safe_haven/infrastructure/stacks/sre/workspaces.py index fa854168f1..fdf3d46c4d 100644 --- a/data_safe_haven/infrastructure/stacks/sre/workspaces.py +++ b/data_safe_haven/infrastructure/stacks/sre/workspaces.py @@ -177,10 +177,12 @@ def __init__( ] # Upload smoke tests - mustache_values={ + mustache_values = { "check_uninstallable_packages": "0", } - file_uploads = [(FileReader(resources_path / "workspace" / "run_all_tests.bats"), "0444")] + file_uploads = [ + (FileReader(resources_path / "workspace" / "run_all_tests.bats"), "0444") + ] for test_file in pathlib.Path(resources_path / "workspace").glob("test*"): file_uploads.append((FileReader(test_file), "0444")) for vm, vm_output in zip(vms, vm_outputs, strict=True): @@ -189,7 +191,9 @@ def __init__( file_smoke_test = FileUpload( replace_separators(f"{self._name}_file_{file_upload.name}", "_"), FileUploadProps( - file_contents=file_upload.file_contents(mustache_values=mustache_values), + file_contents=file_upload.file_contents( + mustache_values=mustache_values + ), file_hash=file_upload.sha256(), file_permissions=file_permissions, file_target=f"/opt/tests/{file_upload.name}", diff --git a/data_safe_haven/resources/workspace/test_databases_python.py b/data_safe_haven/resources/workspace/test_databases_python.py index 37a37acb91..ab0f01a3fe 100644 --- a/data_safe_haven/resources/workspace/test_databases_python.py +++ b/data_safe_haven/resources/workspace/test_databases_python.py @@ -6,8 +6,17 @@ import pymssql -def test_database(server_name, hostname, port, db_type, db_name, username, password): - print(f"Attempting to connect to '{db_name}' on '{server_name}' via port {port}") +def test_database( + server_name: str, + hostname: str, + port: int, + db_type: str, + db_name: str, + username: str, + password: str, +) -> None: + msg = f"Attempting to connect to '{db_name}' on '{server_name}' via port {port}" + print(msg) # noqa: T201 username_full = f"{username}@{hostname}" cnxn = None if db_type == "mssql": @@ -18,13 +27,15 @@ def test_database(server_name, hostname, port, db_type, db_name, username, passw connection_string = f"host={server_name} port={port} dbname={db_name} user={username_full} password={password}" cnxn = psycopg.connect(connection_string) else: - raise ValueError(f"Database type '{db_type}' was not recognised") + msg = f"Database type '{db_type}' was not recognised" + raise ValueError(msg) df = pd.read_sql("SELECT * FROM information_schema.tables;", cnxn) if df.size: - print(df.head(5)) - print("All database tests passed") + print(df.head(5)) # noqa: T201 + print("All database tests passed") # noqa: T201 else: - raise ValueError(f"Reading from database '{db_name}' failed.") + msg = f"Reading from database '{db_name}' failed." + raise ValueError(msg) # Parse command line arguments diff --git a/data_safe_haven/resources/workspace/test_functionality_python.py b/data_safe_haven/resources/workspace/test_functionality_python.py index 9ca9662d98..855e5e5f15 100644 --- a/data_safe_haven/resources/workspace/test_functionality_python.py +++ b/data_safe_haven/resources/workspace/test_functionality_python.py @@ -4,7 +4,7 @@ from sklearn.linear_model import LogisticRegression -def gen_data(n_samples, n_points): +def gen_data(n_samples: int, n_points: int) -> pd.DataFrame: """Generate data for fitting""" target = np.random.binomial(n=1, p=0.5, size=(n_samples, 1)) theta = np.random.normal(loc=0.0, scale=1.0, size=(1, n_points)) @@ -12,13 +12,13 @@ def gen_data(n_samples, n_points): values = np.random.multivariate_normal( means, np.diag([1] * n_points), size=n_samples ).T - data = dict(("x{}".format(n), values[n]) for n in range(n_points)) + data = {f"x{n}": values[n] for n in range(n_points)} data["y"] = target.reshape((n_samples,)) data["weights"] = np.random.gamma(shape=1, scale=1.0, size=n_samples) return pd.DataFrame(data=data) -def main(): +def main() -> None: """Logistic regression""" data = gen_data(100, 3) input_data = data.iloc[:, :-2] @@ -29,8 +29,8 @@ def main(): logit.fit(input_data, output_data, sample_weight=weights) logit.score(input_data, output_data, sample_weight=weights) - print("Logistic model ran OK") - print("All functionality tests passed") + print("Logistic model ran OK") # noqa: T201 + print("All functionality tests passed") # noqa: T201 if __name__ == "__main__": diff --git a/pyproject.toml b/pyproject.toml index e033e8459b..45d64e4052 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -152,11 +152,15 @@ module = [ "cryptography.*", "dns.*", "msal.*", + "numpy.*", + "pandas.*", "psycopg.*", "pulumi.*", "pulumi_azure_native.*", + "pymssql.*", "rich.*", "simple_acme_dns.*", + "sklearn.*", "typer.*", "websocket.*", ] From adabb1e3d54a7d4ae5c15fc9e5c7cc5d7c94357c Mon Sep 17 00:00:00 2001 From: JimMadge Date: Fri, 22 Sep 2023 00:16:38 +0000 Subject: [PATCH 100/108] Update SRD package versions --- .../packages/deb-azuredatastudio.version | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version index a68729c515..c3b2138e29 100644 --- a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version +++ b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version @@ -1,4 +1,4 @@ -hash: c105a5286861ff1f312ab699d5810af7dc0e668917afb1f80c4eda3a58bb8d34 -version: 1.45.1 +hash: 6c75efb8596d25152bc44f6f59a4b96cd013219b0c87ae2365ca8f69fe29e206 +version: 1.46.0 debfile: azuredatastudio-linux-|VERSION|.deb -remote: https://sqlopsbuilds.azureedge.net/stable/88c21b1725a3e79440027bdb7b5a55fb036be0e2/|DEBFILE| +remote: https://sqlopsbuilds.azureedge.net/stable/39449bbe88a0bc4092c9b205cad10d0a556beffd/|DEBFILE| From 549a3fe1ed61e52a77bb87539e958706a82ff239 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Mon, 25 Sep 2023 13:46:58 +0100 Subject: [PATCH 101/108] Initialise workdir in StackManager contructor --- data_safe_haven/infrastructure/stack_manager.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/data_safe_haven/infrastructure/stack_manager.py b/data_safe_haven/infrastructure/stack_manager.py index 0023ceff73..0acc55b7e6 100644 --- a/data_safe_haven/infrastructure/stack_manager.py +++ b/data_safe_haven/infrastructure/stack_manager.py @@ -39,6 +39,8 @@ def __init__( self.work_dir = config.work_directory / "pulumi" / self.program.short_name self.work_dir.mkdir(parents=True, exist_ok=True) self.login() # Log in to the Pulumi backend + self.initialise_workdir() + self.install_plugins() @property def local_stack_path(self) -> pathlib.Path: @@ -137,8 +139,6 @@ def copy_secret(self, name: str, other_stack: "StackManager") -> None: def deploy(self, *, force: bool = False) -> None: """Deploy the infrastructure with Pulumi.""" try: - self.initialise_workdir() - self.install_plugins() self.apply_config_options() if force: self.cancel() @@ -357,8 +357,6 @@ def set_config(self, name: str, value: str, *, secret: bool) -> None: def teardown(self) -> None: """Teardown the infrastructure deployed with Pulumi.""" try: - self.initialise_workdir() - self.install_plugins() self.refresh() self.destroy() self.remove_workdir() From 9381ebdb67dc5a3e9ca2132215757e0e18b5efec Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 27 Sep 2023 09:29:15 +0000 Subject: [PATCH 102/108] Update devcontainer to newer pulumi --- .devcontainer/python/Dockerfile | 11 +++-------- .devcontainer/python/devcontainer.json | 12 +++--------- 2 files changed, 6 insertions(+), 17 deletions(-) diff --git a/.devcontainer/python/Dockerfile b/.devcontainer/python/Dockerfile index c40f477b70..69476a8654 100644 --- a/.devcontainer/python/Dockerfile +++ b/.devcontainer/python/Dockerfile @@ -3,9 +3,8 @@ FROM python:${VARIANT}-buster # Set package versions ARG AZURE_CLI_VERSION="2.42.0" -ARG PWSH_VERSION="7.2.6" -ARG PULUMI_VERSION="3.45.0" -ARG POETRY_VERSION="1.2.2" +ARG PWSH_VERSION="7.3.6" +ARG PULUMI_VERSION="3.80.0" RUN apt-get update \ && export DEBIAN_FRONTEND=noninteractive \ @@ -22,6 +21,7 @@ ARG TARGETARCH # Standard install method currently does not support ARM64 # Use pip instead - https://github.com/Azure/azure-cli/issues/22875 RUN pip3 install azure-cli==${AZURE_CLI_VERSION} +RUN pip3 install hatch # Install Powershell # Pull different binaries from Github depending on system architecture @@ -65,8 +65,3 @@ RUN pwsh -Command "& {Set-PSRepository -Name PSGallery -InstallationPolicy Trust # Set PATH for pulumi - pulumi installed as feature to work round installing as root ENV PATH=$PATH:/home/${USERNAME}/.pulumi/bin - -# Install poetry -# Respects environment variables $POETRY_HOME and $POETRY_VERSION -RUN curl -sSL https://install.python-poetry.org | python3 - \ - && /home/${USERNAME}/.local/bin/poetry config virtualenvs.in-project true \ No newline at end of file diff --git a/.devcontainer/python/devcontainer.json b/.devcontainer/python/devcontainer.json index 191bff51d5..6bd56275ee 100644 --- a/.devcontainer/python/devcontainer.json +++ b/.devcontainer/python/devcontainer.json @@ -2,14 +2,8 @@ { "name": "Turing Data Safe Haven - Pulumi", "build": { - "context": "..", - "dockerfile": "Dockerfile", - "args": { - "POETRY_VERSION": "1.2.2", - "VARIANT": "3.10", - "PWSH_VERSION": "7.2.6", - "AZURE_CLI_VERSION": "2.42.0" - } + "context": "../..", + "dockerfile": "Dockerfile" }, "settings": { "terminal.integrated.defaultProfile.linux": "bash" @@ -24,7 +18,7 @@ "remoteUser": "deploydsh", "features": { "ghcr.io/devcontainers-contrib/features/pulumi:1": { - "version": "3.45.0", + "version": "3.80.0", "bashCompletion": false } } From 0eea359b5ef6a8142c15d30656253e34bf9604bb Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 2 Oct 2023 13:39:03 +0000 Subject: [PATCH 103/108] Correct missing deployment name error message --- data_safe_haven/config/backend_settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data_safe_haven/config/backend_settings.py b/data_safe_haven/config/backend_settings.py index ebc20e455e..61816839cf 100644 --- a/data_safe_haven/config/backend_settings.py +++ b/data_safe_haven/config/backend_settings.py @@ -88,7 +88,7 @@ def name(self) -> str: if not self._name: msg = ( "Data Safe Haven deployment name not provided:" - " use '[bright_cyan]--deployment-name[/]' / '[green]-d[/]' to do so." + " use '[bright_cyan]--name[/]' / '[green]-n[/]' to do so." ) raise DataSafeHavenParameterError(msg) return self._name From 283f0e93e51ee7d2ec76a468c5eb64c4490dff19 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 2 Oct 2023 13:44:33 +0000 Subject: [PATCH 104/108] Catch errors when dsh has not been initialised --- data_safe_haven/config/config.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/data_safe_haven/config/config.py b/data_safe_haven/config/config.py index 06e3398c52..fb2a554c9e 100644 --- a/data_safe_haven/config/config.py +++ b/data_safe_haven/config/config.py @@ -12,7 +12,7 @@ from yaml.parser import ParserError from data_safe_haven import __version__ -from data_safe_haven.exceptions import DataSafeHavenAzureError, DataSafeHavenConfigError +from data_safe_haven.exceptions import DataSafeHavenAzureError, DataSafeHavenConfigError, DataSafeHavenParameterError from data_safe_haven.external import AzureApi from data_safe_haven.functions import ( alphanumeric, @@ -352,7 +352,12 @@ def __init__(self) -> None: self.sres: dict[str, ConfigSectionSRE] = defaultdict(ConfigSectionSRE) # Read backend settings settings = BackendSettings() - self.name = settings.name + # Check if backend exists and was loaded + try: + self.name = settings.name + except DataSafeHavenParameterError as exc: + msg = f"Data Safe Haven has not been initialised: run '[bright_cyan]dsh init[/]' before continuing." + raise DataSafeHavenConfigError(msg) from exc self.subscription_name = settings.subscription_name self.azure.location = settings.location self.azure.admin_group_id = settings.admin_group_id From 36f1fff020da889c06eea358ead0f23ef8339670 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 2 Oct 2023 15:21:02 +0000 Subject: [PATCH 105/108] Fix some linting errors --- data_safe_haven/config/config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data_safe_haven/config/config.py b/data_safe_haven/config/config.py index fb2a554c9e..3b0c9463b7 100644 --- a/data_safe_haven/config/config.py +++ b/data_safe_haven/config/config.py @@ -356,8 +356,8 @@ def __init__(self) -> None: try: self.name = settings.name except DataSafeHavenParameterError as exc: - msg = f"Data Safe Haven has not been initialised: run '[bright_cyan]dsh init[/]' before continuing." - raise DataSafeHavenConfigError(msg) from exc + msg = "Data Safe Haven has not been initialised: run '[bright_cyan]dsh init[/]' before continuing." + raise DataSafeHavenConfigError(msg) from exc self.subscription_name = settings.subscription_name self.azure.location = settings.location self.azure.admin_group_id = settings.admin_group_id From f597bea2f3710ae890237582f5178a729b7b5376 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Mon, 2 Oct 2023 15:24:20 +0000 Subject: [PATCH 106/108] Fix linting error --- data_safe_haven/config/config.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/data_safe_haven/config/config.py b/data_safe_haven/config/config.py index 3b0c9463b7..1acc30ec90 100644 --- a/data_safe_haven/config/config.py +++ b/data_safe_haven/config/config.py @@ -12,7 +12,11 @@ from yaml.parser import ParserError from data_safe_haven import __version__ -from data_safe_haven.exceptions import DataSafeHavenAzureError, DataSafeHavenConfigError, DataSafeHavenParameterError +from data_safe_haven.exceptions import ( + DataSafeHavenAzureError, + DataSafeHavenConfigError, + DataSafeHavenParameterError, +) from data_safe_haven.external import AzureApi from data_safe_haven.functions import ( alphanumeric, From dd9ad38d7382c139b43a61ea522643429cf14f43 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Wed, 4 Oct 2023 12:56:20 +0000 Subject: [PATCH 107/108] remove powershell from Pulumi devcontainer --- .devcontainer/python/Dockerfile | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/.devcontainer/python/Dockerfile b/.devcontainer/python/Dockerfile index 69476a8654..a28ef01333 100644 --- a/.devcontainer/python/Dockerfile +++ b/.devcontainer/python/Dockerfile @@ -3,7 +3,6 @@ FROM python:${VARIANT}-buster # Set package versions ARG AZURE_CLI_VERSION="2.42.0" -ARG PWSH_VERSION="7.3.6" ARG PULUMI_VERSION="3.80.0" RUN apt-get update \ @@ -23,21 +22,6 @@ ARG TARGETARCH RUN pip3 install azure-cli==${AZURE_CLI_VERSION} RUN pip3 install hatch -# Install Powershell -# Pull different binaries from Github depending on system architecture -# The standard APT method currently only works for `amd64` - RUN if [ "${TARGETARCH}" = "arm64" ]; \ - then \ - DEBARCH="arm64"; \ - else \ - DEBARCH="x86"; \ - fi; \ - curl -L -o /tmp/powershell.tar.gz https://github.com/PowerShell/PowerShell/releases/download/v${PWSH_VERSION}/powershell-${PWSH_VERSION}-linux-$DEBARCH.tar.gz \ - && mkdir -p /opt/microsoft/powershell/7 \ - && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \ - && chmod +x /opt/microsoft/powershell/7/pwsh \ - && ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh - # Create non-root user and give them sudo access ARG USERNAME=deploydsh ARG USER_UID=1000 @@ -56,12 +40,5 @@ USER $USERNAME COPY ./docs/requirements.txt /build/requirements.txt RUN pip3 install -r /build/requirements.txt -# Install/check needed powershell modules -COPY ./deployment/CheckRequirements.ps1 /build/CheckRequirements.ps1 -COPY ./deployment/common/Logging.psm1 /build/common/Logging.psm1 -RUN pwsh -Command "& {Set-PSRepository -Name PSGallery -InstallationPolicy Trusted}" \ - && pwsh -File /build/CheckRequirements.ps1 -InstallMissing \ - && sudo rm -rf /build/ - # Set PATH for pulumi - pulumi installed as feature to work round installing as root ENV PATH=$PATH:/home/${USERNAME}/.pulumi/bin From 6f168950b8d9ad6608be4c88d4fe250b0690658b Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 9 Oct 2023 11:02:40 +0100 Subject: [PATCH 108/108] :memo: Add outline of code structure to Python README --- data_safe_haven/README.md | 46 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/data_safe_haven/README.md b/data_safe_haven/README.md index 0f6f1b0179..83feed0443 100644 --- a/data_safe_haven/README.md +++ b/data_safe_haven/README.md @@ -77,3 +77,49 @@ where you must specify the usernames for each user you want to add to this SRE ```bash > dsh teardown backend ``` + +## Code structure + +- administration + - this is where we keep utility commands for adminstrators of a deployed DSH + - eg. "add a user"; "remove a user from an SRE" +- backend + - in order to use the Pulumi Azure backend we need a KeyVault, Identity and Storage Account + - this code deploys those resources to bootstrap the rest of the Pulumi-based code +- commands + - the main `dsh` command line entrypoint lives in `cli.py` + - the subsidiary `typer` command line entrypoints (eg. `dsh deploy shm`) live here +- config + - serialises and deserialises a config file from Azure + - `backend_settings` manages basic settings related to the Azure backend: arguably this could/should live in `backend` +- exceptions + - definitions of a Python exception hierarchy +- external + - Python wrappers around: + - APIs: Azure Python SDK, Azure CLI, Graph API + - Azure interfaces: CLI authentication, container instances, fileshares, available IP addresses in a subnet, databases + - Utility for running scripts on databases +- functions + - Various functions that don't fit anywhere else + - string manipulation, type conversions, validators, lists of allowed external FQDNs +- infrastructure + - Management of the Pulumi stack, which handles passing the correct backend options + - common + - common Pulumi transformations, enums and IP address ranges + - components + - composite + - a logical group of existing Pulumi components that is used in several places + - dynamic + - a custom component to implement some functionality that is not natively supported + - wrapped + - thin wrappers around Pulumi resources to expose additional methods/attributes + - stacks + - definitions of the `shm` and `sre` stacks +- provisioning + - all configuration options that is currently done outside Pulumi + - eg. Initialise the Guacamole database, reboot some VMs, create security groups on domain controller + - in the future this could be replaced by better orchestration options (eg. Ansible) or moved into Pulumi +- resources + - configuration files and templates used by Pulumi (e.g. cloud-init configs, Caddyfiles etc.) +- utility + - Useful classes: logging, file reading, types

@%ZXd14C}xWleV)F3NHn+SPw`QbVr<=3|03x zw;DNyt!$M|-6gi}py(z6F}F2+>)7C1e{~Ys%C!%LJO?73NjLHzPCFA93A8aN7M}&A78Q(Mg8DUJsqu3_RRe z<>axUTWiU#XgvZwK~TEckx+s0Lc%<|lKVt{nn=6K=e??TvKiAJgmm5FnLXd_&&ZlK z{G~*`+?$eiKTNdjmq_g>cC(cAC!McrxK^%kCG?@qIgAo6 zH{;~6w3rrJrs|Yjg}QQ$DEA$g$2S&oMUI`(qvlj<{ru(|b)3nBKQ?@+z=&FzEZFu` z9LS3%M_MwdRU1~TmW@FCP=VEO2xrR8O;cWNEQITDL`JDqmmDp#;=bO4Nz?>CkGVVat|t=~h{7z{FF4j!l0 zS2dVAsSMC^vRa7&WO_uVB~+r`&ycq*Ri~e&f^B=0w}acMC%0C)BjM#g31g9g=j6)PaqPJ>-M$e>B)#UELMJ!`c` z7IU}x$V4x9<(ZI;u`Zc&rPoWJqy@Nlb_Zfe^*gI~vrxQ^Eqs|O3%c+E07BZnB(P8c zWjt4(^?~QYBsTV)8_6wt!{fs~l47Oa;m?lK_cIw4hjPu`*^K(W$raDcY&xWupF4-^ z2t9u)AU6~8NL|ygC@NX4%u*&ti&vI`z+u3QZbS)o6w4ZYM7Y&+7rvP9*Q;qJuQ}B! zF6rY^mFEu3mgiWS%y*bI9z1<>oV+gJ>r39^olH0LUeqGQAaT^Mu=qbESQ+kkjl*ThTxy~LN9WU} z0Xt2>;)l?|{yXs-NN#D^PG2~tc^ec%86GMudOD!|Hg&qxmx6R*!>LI^TkiaJ=J z?C(Cnhw-eZrEF)sGAsbcNJu3CkN-cF&?N)-F$+^lD<;T~A0!~YDVG8(m;Rju1Li&h zeRsIl0j3~D6SdgkpVjzD4YH^N%1;m|MVA;BX~22Z4GXsZT@4a|ZFya|kqSd-&oDp= zYpGPpKgz%?g`+c9{qZQlosEJ56LIehHTpZnH8}2d1|XHNLKOeNI)A`TSQGc}YIgC% z@=Oqaswn)*I?$W-3cooIOMCp)*ZdT4C{*wnn)~LB2oQ9zV|#TOjx_tbn$Lk~l|&F) zHxHaK4JOcn6$s?`qYR1wdl;dsj9{TWTdBYze<>A-|3@_-bP`x7?ZP#q^YD=6gHrBA zKV12<8eb|v9_!|)n_QqXslb@#-}@m(@Mkq%1K$LV#LJkgpm7wWAVrrz>|+?N`#mBP zumV6SpRmt0@Y)*+Q~>(#MnGpt_#c7a1Bl>1^6;P2YPcYv?fE+eoZuM&7_Kh#ICD7D z0jf8-I^oynVF|k5T|rR+ca{3Oelf`Zf74aaKb8D{?JIN=7!wwxFao@F&{d$j?|q}L$P4Hu~<0lI1yP22A8^8dZ7zQIC;WGXQ@ z|FrU)E6iq>*!dO}32IITQ3DeBa`tu1*VOr+Z&?3d_ACA_UgU`Xn=`GwpO;+K2FGth z7xY5@9Je?8&6xLkb!hYo62O-6_h9|~81U{))%+b#B+Eb3;h&lD?15_%I1a6ESi{8a z|9Cy$hhK&lneRjO_f`w=$3KdHKn14ei`U)6|1IyoganeP{!7Lb0Wi%qiG+*v&*k_# zZ`W_|k@8C>=I=TDtJ3iPV+1bq*^0f$*$9n)v%MDHP;uR1Znc|NhIL`6q0FjpP9@A{#ziey_T}AB|{0g@**c zocqt8z{Ye0UiFG6R{S%+-*rM$glU<-Jd$VGLI2XMzm!^h=>A*AZ%p7*HA?E?wSRf% zudH9fr{RwBYwG_}-)pZ3!TzmAc=Zx2;rVx6;76c8c@7-~%TGT(6NLQFg0ta3|K%sO zZ~pTq&{$J20N?b#5&ySN{KfdvQ@VNmztzbTgx|#uKt7LPq3OT7_V;6H7--I4j?Mop zI1tPyLFB)-u0N+$THDfCyZC>-JG zd#3F7pB1%(=jXrMQ2&z`bDe_CR$A%gh7Y#RX|;b#8$!ou($4FNt) zc)CZD>*)V!{{Gcs{!6enrn`Gf&)?1br&>TI0T{sMrjft)xL@|q-#-&ez|F*c*!}0N z;CC~v;Av2nr>FlP!*wP!#)HhKXcPlr_J0g!D?FHU^&!N6noRJ>eL00ntQu0T2nyVM z!$j~|l;Y|@qyWyq1;efMAgjE)Wd{-Dq_@!!)!D3@IW|CSyb8>BC_rX={c3hiICM$L?W#QI&qziR6G={z^mn{f;p_`B-A9{63* zND=$ChUfoj)7cLRxo`YpYg;(E|7a}yLx3WGgT&Zqnbp6iF9qqRaNn$B{naynmE&3o z3f@?4kNs6q=#ST)H28V^OJ| zo-N*=ydfAfX!iVM0l)uuBLZXY)J$SchexcNZDsuZqd1R&o#=t>`F2I^U_%sN`_>1&Z|=n6%FL83_sF5Z@TcE1OGi2l6ac^ Date: Thu, 17 Aug 2023 10:17:08 +0000 Subject: [PATCH 040/108] Remove CoCalc from SRE architecture diagram --- .../design/architecture/sre_architecture.png | Bin 224542 -> 225243 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/source/design/architecture/sre_architecture.png b/docs/source/design/architecture/sre_architecture.png index e9a44d2ff7aa2565ca2c19f1c8ccb0748fc299ec..4337f843182786359c3291998aed57b7fdde11c2 100644 GIT binary patch delta 137388 zcma%jby$>Z`>h}W+1l1C89?-kT2vJB*YGy}e+@1yE-GHhPK@NgE-L=lmA^0Cxg#JhQQ09F zNqk-M?`Qt|3i8@oE|UB_4Kn@?DYDLju~I?wq5<-;Eh}nPi0A^cBa#*QKJo%`Ck};T zQ6-|NRC@W@s&ZqQoS0lfOh8y%=s$mikteG);7!z(Gk8j33NbMONs<3t6cV~qdAgdf zLI!hl^?K;wYU_b~c#$6Y;JhQ%9Z8{o%~x0)g1okwgKT|Ijar2eQ6ldrQ&gU;of7|F z?yRqMl_4@ELb4?3A#-ZUiA6+^4@Ibmgpk_HIkn4@LL~!{Oh&=MWVAr|Je#Q35bY*kdPQeSX@{{Qb<%p^j`z;3kyjigW+n(`*3>J z|M#sTBEqOJb)pJnygv;}Uzuo&$=1)o%LE*(kbs!D7^kQb;kW6Z-$KG7NQX$KD}=wf zZ|mXUV(ayv&HSHZVv`hy2uS|dA7Fq4WBvQ&|9fsUgj>b_ef{qVfw>EjB4gq$DJ8}K zZB*hy$ZszNknb;&qpZ}4uKi!GCt6)XCMP5jjG`8yMnpn{w1^?QE+8f;^6w>y2>*X9 ziB?!hTueYr>|YD{pNYa5*a+AE%i@Hn20z?T-{u4k?(C7klO3lk=Fyr&$~F-*f`rF6|Ju$AD*X2ww%2T z%=a8JNKlGGf-ug14JC~Fpg=@LB#caOzK%L)L1cqes1vMJ*B}a^M8tbum_Boc<&3(r zqJf_kKJ7x?b(OK_*GvT{mFwP-kP#;;UVd=in8Z{?Md*Qrr-|ioS#dF29;ETdo65TL zy<`Rk$_C2hocGAd4HA`AKAyh$*l;@i@CQ^!XIIO6z6?}Q^S5C1$8|%zB#6H!#7aq8Q3EX!>Y60em1%hX_xo7x6Vv@`A|JWP;We=_ z!CO0=LycBR@A8#S|2awp7CUgWBzw+TTGA4;>LLp|-qXFqGuSPA>a z@{!~~%Y@%dMiP(pDS1aWEdS3oE0Tj{KVb`=PYQ*2HNBQxCgwfA1Q$y1(^=1@0w!6L{z<->w(@elCx*5;~D|Jl1h@W6!VT&xTg z>C^~j_``Hp<-5xlz+~QY6Gby+e61t60fKOMmaE^>K zSm+T1{`{XU_Tvu4%%xEq|4312(FXU)Tj*H zQB05{=FaSReY(}5`yC`vJRffXH5y_R!J>3!X( zwKJ8Q+a%{xvwZK=nh|j=`9;OpSdFRd>63+ZXmKl3qW6czkIxpLgv4fT&}*F3J;Kkg z6JhUvA-z61g3+yU9o29gEn48WFMIN5flZX8fzo5|k|FaIMx&cj+~>m;M#yle?GS`) zZ34t;th05M$t}-o@Y__^T=tLdUHQ^v_Cqn0i-uD-RrdCp(_Ubi%#N!7zlP@g&-{Fb zvGMeZ%8>%yyI&5x%Bmc!22xNX=4wH=4~C8wZ))2N2wa)}FmBiRCgVhYbK~Qu$&|g* z&0euhZo~^Ux$#f!cct%*78x#7sBxztwtc50o7s0Iu(*gfHtW~?hUUAVT6)?{5MMor zYyi`62U!X!aJyT2#1Gv%zAKloS(<1~-3i-X8Sj~>jTPR#HjPOi5i}LF?%(e_YIbif z`Z4gVXDsE^&7wAv@5ojbaV@@s(b`2s{lJ$$0S$5LwsbqOISKi}YMDDDz8#EMLHEQs zZn+E>C~G(wC)UcPa%Th`Ms2Mb=|K@wh+P^;@98Au)9kl|we8FS4ogH5k74qs-6P~k znWeb^;>ZaWn-0kd6kvYVG#!OO()M2do)pSEAti2=TAi&Li_JrD-GTURwW{XkTIF|n z|FIWrqx0eF@~Qq)sEw@9uS*=I?lo$Q z=QnyLe{QV5$`yGqZsgzd)qgpBd82=E)3(D!GskmSTQ!{_K#WxRS!mhB9j>xu7lyG{ zqUXI65-DqI?O=FiTU%=NH)S>}Cez})+(~bd8kCNk*SnN#(d40_2r80~-IEU)lc_c+ zl}SjOet$8bhdd1Pa?@oJ?ReNMcIjJ>q*Jcp9RI>JyU%5Qy%|TyuftqyuW6NiLXgNd z?U;&v)v^RL$;k9z-V{@-sfl`sNria%c?WUNHeAzc8LglK1@ z^R>d%$#xH~Jtg}DVgFi6@qSKR9o1*rJ*m+U(F>MAQo-j0*C@y>`qI*W{k-?-`IUvu z6epYa%qk_}7cIx1jtvgNYt7G%-Z@rye~!3e#{FBxw#Nq1uUySktiV$Pf%DN!iyXJV zgj)2Bb*Yf`rdcex3lf|hPfB9D`tBUB^s0sB8xmJ~VMTcFFhc8cg;!P`F@7g8bLBao zb&G}7!2@)OWg|_tVC1Fn*Rm9!2jW6}81A_8$qUTJ*OtauJ^6%NSBh{_;?6WrgZHDU z4guuZmk_XPRTBx0MH+LZwwOLA$s zdbt{s+Da>Yh+t8>gv(1Uw%um0B)$9l$REFYKZQgf_Z#?&jWs6(zvAz->SJ+)y(8u% zN4c0p+~<)p)!a_^Uy}Q9yRkBZ22>E<}SAlpW^g@C`n&*5ku~qB zL^ndFQ=)TnJ)35ikd^Q0DCm6LaBN$uUgMwf%4$CZo-DsxWNaAVX4vk@Y)?c)`qJMW zankITt5_P-^uEJh5myp^B5U4h?c`Y|PyC6^|3j#+#Y;E(?^zxsQjo#^xcu z&B0d1Pe73tTB8ch9vbq5BS zFAyyi&k>P6y{8aYmM&@seaZgWo0Y7}eo%=)%>Jt+NzDU))%It?+z(>XTBOC2!UAjf zmz;%tE=Fd2;16Q~X;xQ^QSDT#_cPg(ikpjt^s*rp{taHMHh)%p0n57=8jJhUI7O(OZzs2e2ihB|=0!D-0E`+>|$!iGU-q8h=nq zSR|QWDH4g(EIY5m!|s3pNWyvQ5r&4JC^coU&WhUVE3E0_&65YuQqsnMakQQs6bJ3j z_+}x7fa@kOKpZ}NPm%0N{G-d1gxEOO7_Ukv% zKY#&31Tg`S;n$@&YtMW(b~4Wn)b;7>RK(0WuLWj%4^k!(Qo@6xqheKK&{8w=?r+Bp z@He^WV8LJ^ODVB0w_;ZG{N&h$1a4guBvatbV#tH+LPpiY4!HyK>*T3=ZxWO5A&9NClAZk~ zhHFY^`~nWXSJ4_f3mlDVFG<&`$g{W88fX5wdD3c+bgyz#T^vwM!!d=@oU{R~5vlj6lF zgwJnkUZYN6JsXTSvK3i~Nvd9MH1KTCzi*zT<}d?C{6Mf@(Q_gsX&LwX-Q_f!ToHPi zdOG9R((U{855~wt-=9(yhy~~q>7b^ta@Ces<8UnGx55VUg9IEs<5&SadLZhZbrlrl5Q-FH#v{c#qhsZ}8otHXKh@PrUGui7^qQBzu`1jkn`bxYCUv#>MF3b?N(zX)6lq^qgO8m3 zH^{`?zBGNLBq@(e<1Y^uF>k0XfC~S*Vd@!pM7rdImGb_nvAd(q+Z%An=?4PXQ$p^n z2ML#UIzIItsy|Kt%SyWf=3HcTxH2q1>p_*ZOG+%HymNY8dR8k%y@l0-od9|}$dp;l zJJ>j!I@a5j{lds`UI&9>6OK{dO>GyHMt(uXV2i2e*wV~UdHg3uPLI~Vx9hpgh}3f5 z^&-DT9>%4O?#wvZ%6}4#i2Y+r5PN|MspaTctvqNRzrGdqZ)vE2c?AfJMOViGz;$OO zPjY7JNu{dzUa|37O@+jwuYd2T{Y+k4)rA5xJxcA8) z{SN0ddB^e&Hz+FfD$M&S*U9}N$p(*L?d8F@lJwFi_TFIbg@0R%}7A=VZ3kznO@5CyGYL}yj7P`Ii^!r3s33UB;7$2a!cH;(lWH4QIxxYlnp%yh545=qgR z82hPCd%;vXg!;Q2s3;;yvZ}6V?mxmSyC+dpG7}4o;UYe1<~y!WeEu22LAIR^??bC+ ztHun)QmE3<20Z5}Ebkv|qZMa`buiyqjU)x(IZaC+v8{)~q7`dgp;?kPeJoBlZAD%@ z>FgwX1Wh^kdPsn4SqdzU6H>{yr!ZOX8eR(15|@qPzU7M28V=8{)MNXzz`+JThWLCI zy&>zlOs#!1JbWN!W|vPM6P>1XUocD9bLM#xnPFb3@x&W+l7vxS$mYY$f7gPL>idb8(EmDo+(~ zSg6$Ir}DSR=xVlbZWM8s)%;(81b~kMs+W`Ed_AeKf$Wxzm-19Zj(8ikS5v!|Q;{k$ zX@1KoJ5&OCr-jb| zIDMrID_{UW-5sbYG)+hfFjO?Aj(C%b*QDP{gNTpC0iDj?CDP79r}>V#+d9=v|1f z)$DnN9EV_DGf3Z_sLQhxD5iyV$jdt7_v|{-u2Q|0_ATQ(TtIzhABkp=jo}$}FqQHX z=Y|)WX7|yULa$nN6fJp`v2dH0yIMMYY4VS^9HJ$7YCdUGt#k8M%Dc(J*G=c|Vq=Z< zENBf0r&#a)@E4+hjh}YcKgL)Ba;<#o-jgy+csi8-EY)T7-tg0CCd70dFEPo6E#Bbi z$2Fh4ca`oC(-UbU-HLMp-~VY zN^7ZN<3hgCVgrv$W@!7dve{cs<8HSO%be(?8B8kSeL1?>st*3o6WX7puku@qt>=@0 z5K!liFeV`_z-%tGMGRHg{tRw-2>s9#q1WK8c_mY;l>A3Oexforu-27MI;HK~A9qM3 z<4b21S&iMWE}d1)8K-{-3d{<9mwP zJULwJneG3|$x(jk#Rp*Aet=_$coEy1^_ApfXFus9y)MBtouk~ey7bCQUFBG>Y1}$+ z8a%;i+VVMS<@TcY=hU#V@~+d=6vP9^YY47f(TpjK9#i;gH5|&L-?`GPsLq}>A?5j_ z_XCdX;;mzFrtK<#K&sn<*Sw{8sS(2z9r_?S6m{rNbOUjLm^qG#*E(qZ8NPblN^&dl zxHRItb`AZVh}|DkBZDc9HPE=5vNq$EK3yT-r~jZk93WM$A6|TLLPYtv85;|wW@nN3 zaLE#OK{k9?1eH#3MfSg=5m9O7=1^w>7mRz>yh6;Adxm1E>^r-8hoS9DkndhzCPGA~ zb>36Sbfx+;t+WSY3A}`$LkEJ+x&Lt!3YG_zK4w++y75Zg6bd#;cJ z4Q3;8`;wwc+!=_^li_Fv>1ESLY$Ub)PkxeVA0=@7H4{3b((1~`-;_Q~tMk8scyBdc z*N(+~=dwTm-h>}8Dz3|lVhNn&Net3)_;I6<+03zs#!|Bd4G;XvaL>7=?}aA+MEy&8 z<84uEI!OnRaZON16BDI7vt`<`n0Wpq(LVZ?{nyC|6Z>c;KQEoC7y+nF(bm|V-@K;x zy2hA%HIu|+7PU8xJT&gW3kF#bp%|(wX)i@6NwV(4xG7omNtV%=Y}SVRU^g%6uuR}? z2PvPhb?(|l1Fw~GHzpzDKua@(2-~f3FiLfY^P5muj6A(eL|UhI2G${~{qj~KNtPar zJMpm!$E;vlibOs5q5q~VWELXp`RyrYF5@P|=csb7|0TuV&Xn6i8p3y$pSGGoX40(2 znI1D?!|cj)S1piLpF1%5&tbE00#b?QJP9#K)eO>MS~X|V>fj`PGpZY(uE}>kId_Se z{dojAUH5w_B`Uy0f=+Yth>9gSJ8gMZN-v5 zOKb7vMOE%|sdmE%W;)#}0O!Qyi;WJYF&Pv0{nGT?Zf8Z1&HQQOuVVj7xb3Dr z$OC(xk4OlWvM|fnahyM>Wfp#ZLv`*A$f2HlJ9S@m(XidqZM^rwRXS=*Dm%LO?loBs zcGc*3ur&2r*BP7lp+p|txAX52h@V~vz!Qn5C%dg4gDSKsB}3Ayb$83^zF!>tWi3W} z{Zd%L2<`(ZDO@FBMwQZskN{Lc0{DPiSBv|TN-h!CQ~CY6kwA23@yj(?Fedy%fFy#}abuDt=Io343w;4v8dMf`7@sw&F?625q>y&F_*Vgi| zN^R<8dJ*Mxzwcy)Mx|((9URP~SGeQ#3B3P}Ls{_8!u$LGv@WH^x(E6U_&h`0Tz&D18Z7;a?sv&)E7o+Vfh% zar)?Br95jp;7ib^Hoc@r&W*?KiEOd4!~|nm$U#Cys=4jSZ;2D20My+Pp97DGAfINq zRKzW|u9o=Ej!}GeW}51pbn1%X^d+$Bq_0DnVTly~r-WBE_y;0Bcy+UeD^9<^ez4VD=`sskt8S5&8p42yGea%?KCq`iM~=;vuAxV7x7PS(1) zwa9z_H1J>QPn}<&%|PCs6};WJI8h9ZXQiDH^!_=L0BSzEvmG=VP`pV@1~917UYu_D zVnKH7#RsZhL}5!H`5|J`mJ(*JV?YuoWSYv~B#ELv7nu`UNjHw^2?#P(`$uB|2AM)( z+!mqWQ4^cSXe#Zlms0=7*FG2Mvg?oRWyi@STKdjZPe&V-Tk%&rj*3{D*Epw)l$wvz z$vB>=#%=f}xchcCsqikG+~Mx|%`Kl0TguQgE=t>p=$BsOo9l=}3AP>$y?Jh%%AoFe zakSW22QBUriJ=PL{&f8bEBP~Ue7$0)&GU!3!#$U)lV8gP4p$3R)Co~E-9pYffg;0A z#OKI;PJnceJ)XzBV@G)`Rz7bUa5@SsB*b=a+@DYTFQ$3?{%|36Qqr*42$JnQU8mbG ze;S0SU(QR-@m>1@zmzQAhb=U%%sUeDk2au3p!O#tAx^pdU!`-siYGVb5*Ivvq}X-; zs+|=uwhpeg@cZ`6R(CdVtr^}k`up1_ZH!GLbyRd3`P1BdFDV!fpH+G!xFce%A5!z-M}D)SiC5s*4b%@dCDN2YU5=&U|}Q(Rue!d=nz;-VRrH&3{tx$c7fsX z*i|gFmxgZ`umRJY3fS1jNpjO1QUJwF>MiaNgE)}(rEDc-#<|-%=Kn}62^WY9qtn>q zWc18xUHQW=Tocbn1s$z-WCbEFTw$<@Z5Rz8<$m+{Nz+C*Z&u*@T^#IMWg0@WHDB9_ z+hRXXf8i4*<8|xWOlkca@yt}O>AaAMXlT=dOJVH-jR!tMx>H*)h}9a=Y9iOXPb#^w z8Zp!`9{2qnRzPO?mTzQ_r4*yv8r| z=)%Iov$o{|eOmG{u}#KfM>YLNr-Yc|J=d@?a~6>#6~2bJ&b}?8@sBj1&hmVq~59zO%nEhi_ZNWhjolEU*n(S?^^5ZV0xslz}o z(3eo15wsC8?K>vtF)hcG>zLHN(T|$doJGhBTAD-RBWjrq;rOE}=jttceV$Ko(<%pR zpFdg@gICK^$5^_)Ib21~#Y*>IcQeW^benC#+M^}hA9d5gIGFSa+|pMXfShZ$SkRq+ z&6!xBP18=L1kvQmPS!}M9n;SMo4nHb2QoiW&18eA>AWg3E>BNce}08A2Qap9&1Baw z4O_fDjW!4|IhMnvHb0v?lG(QxqfWT9x%!hFcA2e#dVs%saSj$ISr0 zhv~sOj6?IFX=WjBZ$-wQI@coh5XPnLy>UYOlzVz(oL~x=*K@ z4gw^rP8{=m}`uAnd&t;|GysP7HdIQit_TNWu^r@squI6H)CN|4=c!`&z(;B>2 zlIbOCKDpG+7=@hd+nKfm`D?)J+Fnw4EWLe!<~Nb8b+QnMbr((U)QLiMy+*8DO`4I0 z+@6Z8#?LV3ZVat;(@T3h8KUZ$<++DytS82)Is_Q=s|*5m@TMVe+~>4rm}jJF078S| zZK@gS=m^m5DiC6Lgm#pY-_m*C&LHhMZj^xGb$WS1Kbn^p+v3+Sc2O6Yx~2KKM{?#t z*oyII(P{V;ceTr8Iid(3^c^<=Ys9g4J-wZX&uYv1Maf@BnlYH+Qp0fV-DGEey^W4j zK{SssQ)McCq%1+$r^vXJ&l6$Ank9HPKLniG~WP7^OC{65}GKqiwS@h9k__?pSB*L zYoJdegz$Nj82%tj^Zh7;^dRR?pLwg=1QJVFhYOGL1)?<)V2=Hfyf7^mQkdPweAiH+ z`<0a4pVdQ0xWg-@07#@{^-PYHn6m$xtVa58{^;6Rgx=w{N$SC=e=X+rfVd6aYYEwN zMt*=*`cTF&{ZbQ+Uc@5q{)00;?ecA!O2X1m(*EB04z%5{ps{6>Upd zU-o^7kHwsV49H0DLG4z1sN!PyN}-}9%HajzslT2r4d}16v=m` z(CDA;JQv#TB!b58vgqil6i&^-t z7ru~Ti9jSe8uFx;Pxao^hjG94XKMWDezLDasCAYhhS8Elb8x~u$nR;NfxSo~3R55? zBl75kWsu7f5+W6txPZO9XlJcjBL7^f3-khlQvtaNf@W3s0Q+tedv9&JzH+~%$*2DZ zQsY)U-VS@aLw!)Ui0(MLLza*n5G?V}&tR`=o+S<=&%{Dm=-7uN00Z($;zbmlqI@=3fwQVfv4RXh7uo%a&}u(Y1bdTv=7094 zZAF~Y5wEPON8Be$B;vDi`OP;LuuWrsL?U#6oQ=TLY4K-}h>YS86Ym~|^I6p0-%_!@ zR`_|=;EwCGLII82wlf`UN9*OG7ou@Zql4$Og49{Rq*zxNbtdyM^%H@GMinRcd~Qq@y@y2y2bRs zZXHfe`BEn-pAnZIWtW7Z55|AmCt*Wbx3{m4M~s6hcy#$Mo*6w#S2Uv zvH@Gasa1>i_m?}}V$wJ@lRF9EQ9D(fAC@k2B7d@ejb1jOY8r8RJk%WMEC21B$H3A4 z=ED24*QQI#6B8+yM+%XHUkSw_e+`apWqkyXIND##h;h)(ho+UR3C>?ZSp^g}?MynU zegcN7%VStHfBTJrCy3;WeVgCVPGt$fI};sSn*?i)x%0*TX24v=`KJNWvN8vAWl!H z8Kf7}eAAmwPYyj0v%$O6BYUZL+|q>yM>?0MYRf<5U_;^Q!JB<|Dgw409cCJ;r@e-? zvs8`6wPQYmph`yrB9E^Iz-rnO@2I!<_(5iSevA zfch2VR)O?2+-Y8k-)2F*sB;`x-^sZ;f?Lm`8&^QE+yY5gF(HSU;3lgSAT{Vvu|;x( zc|m;28ds(KK{Q&J_8fpLXbJ~RPj9t%DC>#au{QEw0@`$J9so`a=K zH4c_n`qBqWZn`*HEFpTb;i|a2)|qh^76dqHZR|i>1XZ8g_TknttOkoKWhJ1{7tA3z z=M~+%Z(XKpxEQ~J3O=zri8pn1i_=h4q+fFJ223az;NPsNXIr+GqNG)=ZBAliNxa70 zfHk}Ym|DIl^}}&~PIUcS)nsu&Pjyab6>O|k`4qMc0eG$Du~Ku>yo8YBxj1?8b;Q=7 znqH%i%f!PMOg1P>pW9R2iLN15tJ=|`CG-|Sobv{S2Ga|FUQ8Z#bjL!aZvr(~&p z{yX>y_|!MBD7aj$<6cq7WO>L*tSn;3WV3#|TP21SBC}nY>D{~~=}w>tOtwv5#Ws#_ zQ(s4v|FFM5$GHorqrU>4kk9n!^G z-Kii)DPQnI!?98&>((>lOMEMuIW6-JK5?bI*@8incyEC3g%E-_B~FovmV-|RE1Tgr;+rQx6QI!uOt zDwxRh{4IqtxFJF>Encj+b_{OJ0m8t%9}$pF=NYyh<=TtOGQ)iXJa6cQr%gi&>2!H%2@GZ3Watki01L#fF*N3CNb;Q*tBm!wvFX z{76jpxKm!g?Cvysenv>c4aCuUMaXf0YnX*+Q#DgP7FJFY*+|oe=uUBYW zmu4dE;U4&ESWvpc?A_ZY-*1%{IEFJN#+I0#LvK zas8Hk#C<-WrDO=KlyEM>YbCYMb*Ll(ae6q54b_8A>h%q*G>eY~jpH!FQ>AtdMppg{ z)VgPT8T=g?3KH_S(IXs#)zv<~%qm^9MeR!Jlk6WA!qI(ixfF_iwB!7NV=g3W3J9wt zZ|g9=U^s^!H3T9p*iONDM-GQ+N0Yos%K7atO0s7_RV(g4FP5Oz9esnK6CUJ~Fvpv~ zG&>|l-;}aC_CcJ?CI>J(i%C659XSWDF+Z==H|WlT%X&KpD3>TAIs_8{LSyF%n!7!M zu(rIWm#_TKCbMkWLao1eNxwS5%3~b(uRv~WwVR1r#L8^k({H@1)2;3dXf5=_$G6tw zYvwSu!x4V9$*O`<*Jpz*TkU$4QevKJsV&hzZ>vty@R_g>TBV?x8be{S=kTqkCvYpr zt6;;+5qQoS*O+d&K;hHwSD5Tw9KUe4k!W%i?wzYGWX)8~}r|F9mY#a0p zL4VsZe#wVN%8`1>e_`2%VSC-Tn6mM++6zp#M`Bwe+N zW^$6kop|>*#N5B466`*nm%@Se&%&nicc&q`=YI#dS;?PjYG3X>`f)5;GlmH=>g8mh(vdc$kHJSch%@%Y zmghy6g~{&VvhgEAechk&myfL;HPZ$s7~fUVp=(?zYwXr~F<-kZ5caAbh{BfKT@Wbymqbhm_IL}J+7+5$`VkkULa1wnIY-r52)lFX z6^IYu`-<{FYjsoA`lq*a6a!BL{~&I#+$lM1r+CWRYwD$o*=6It6rd1>H&bgKetuGJ z7Hz1_R(hQM%y0DFQ0YxaiHTpFRzDIQ(^I0E0;8KCyk1U;uJwAKv{K<$mwov7wMr4s zig`tRD(deD8?}NF%@fgrlU1K9U9&Y^#W$5MZPhqW3wlL)sKq-7E-#DV1 zh%0xdS(*cPcL2xY?87@kr6cpOCZ6-=R2e*Rygr9g1c`w;r4_u**>)GpR*%9uGEwwp zzB7O1jG2mzPIF$Z#{AF&?)+J)y{I<*{z$dcxCbd^?XF3-mNnk+Zez9jcyj+Hz>ARc z$qYe8*Gen1@*hs*sV25m6@P`hmuB?3Z(cik1%VuzpX~RirCXC3ltS z*#b6L$4c}5$?qxupA7*A%lSP&a@-4q{Q&S`lywQt&x~Ozw#ATJF@_g@w+x1oxqPetc;P zsZ;4yw=%n7dg+PNn1x5BYIgck?zvvTVMTcE=*dj*>Nh?UTz@6%q`^t61C9RU4gW+A z1LaWWJyT{vn)|LDx){{7ZR_LD4gyCkO(S(4Ms3I2vK8?5MG8_$#nDdD+(_JLU-AwuY2?6(`b28})gGG(1yJg-nfP z4h`pRRq@VP?!iw>ksmv9Yo>7O+7HZ$3-p zB&E)Sp;l|330tljPz#LGMK+{qR$7#}BG6sAP1{S}Gu`>Y#q?R#=n#wFq zNOV6bM4g|~Z^1**DOnweu;Ony+WU^!M22(SA8srPgzZLsY#|V`b^JV{Vi}as>Bk91!Sg+uEQBi2JCav3hIB zG0)MwnWxY`TPh?kFQbh8xY4DdA96{(vd4M&(I>=yk9BW=u0BGyPh(WC_J-qFk~ld)k2?Q)f1ki<}@2yhEgX`5%|1m>tk-woCZ;n+4vJht(J*LaZp`?hiaK zbPXT*xX?Wz4vDLdZ|J+M8T)Xhw05Veg}9B!=C2YvKH`l0Z#%ZOUBcH(%Bg1t_U%{H zw))9I)Z<17*UchMXKVy;w63MzLq&$X`hwhs!$>5&_w~ce%zfkq`uVYI^^Pt#`F%>- z-;Clv(~h*!u6r@9^yI{*7S*|le;|=WY0Wu`N5FLobaSy$F5OnzXJyedHS_zno^EA8 zlePF(aHFW2;UU^K+uLynGBcEuA_4%)oqWfMQUo+&d;&fm7qXm8V@xg08=xiY zC<)afx~39ALHB^>=O7WNyEBn^aK68GR8Kh{La3fyslH0C)yOH+(i1O(iWg2yf<{mi z0lgbQzFm$&0?!pLlf`4G?&_u_ej?cmn|h z8Kl>9K9;b2O$!Cufxx&4OLfpV_jC6iA^Uw6F+$DpXFO^!-oV8$g$D%GN9KG+$|F(% zY{(n*Aw<#s4VKOB*F8o;>ab%iuqNJ&8I zw-y$?N@BqdSgP^stm%7{UoV{OIrj7ts;pZ?>6;~IQMyk+>NlPT6L0OLJu?j8(jy%Z z^zfYUC;NajPCI(+V|(2ZUzbJVuABs>EmpD**iycVtrae!kgvY_v{{6Yq{y#>xBa0T zNFhFvP89e5(t&-TWC1;{^sVziIRE>sJTD1hUz*5%zlp1D=@oDz$ufZ19c(Qlh5&&9 zDpKf|J%Z=~eBMC~m`bxrVHBS!8==ex^bC)i`#w`=E`#*5&z|6`mI|P<8Z3nu6_05+ zOxL+fzR?{TUX!}#Yt1Sa@!bx{vlPo^4#E|rz$Oh$f=JFn?grwT(kym<~!LW$1yp0)!1Dt)5NtXc#7 zkKpobYpaF-LXyK;s*Hcd4c}?^jZXHsSB%4(3jR%>fgs_X6P{zmf3<$G8z4s(z%V3r z+ziwz0_%#6#EL%ts*v45pt@RoJD3o@oj^Hbz}gJDw~;%gE<-u$9^0eFQE1wTQUFy6 zgmV`t(A-*XaLR^TNCjb=27%y=k-O}Pf)F@3dAisw@Wq|Ndqc29OT*`NY^sD->&OGi zy|3Z6K(vF>6l@+LH=2Wkl0ECWHel8J#*Io$SS#%Yl5gwhy+*Xk0|Ey-KUf30#tfA# zj4-=}?xdkc-?eCL?9OQ%;^^*=-V}BnnRVr76SB{&Zi4o$dhQ~q-1wP8_TGNj+-*Iz zjFmfB@+c_5R1!!??K?9zExth2K`*M^mkBuI9OdG1X1}jtB2Hs`^ddGd>s9;G#a$*l z0c4!-K?t_KBFH_0EVbDn{#iM8_g5kYUi&6m_35t3!hJa*J{5EAqq^L{DRqtG_Xq*W zKr3`n2G~;=1rP`JH}8JoJ(%4bkQbbCu8c{kh4`q(-l(6@JPyAmcZ)!P_=nX_Fg#?G zo(WU=#UL%U2uMnGppP&UKL)s~N3eC8E{M7spl@h; z@Q!KaO)pE1nhs`!#mV99DO#>d&_#Dh^d;n@U9YqXsD>)PYmm-E0dnxPyLXL%9W1!s zdw#L?e#x&yVo{EPRl=jcoAI%<@(QQBb9K2Ye5aBjVF?@RQdcV6MI~ zMi+FcJ5V5@FO$1O&`X2b{}m{H2c74ZKfevX;e&fv0oXy5{sEw?M4lB`2X7nNRr*}C zgmI^(kKuHmJ67QRux#^cL!+w!&(2(k=R4u1rsr9T!d zYR5TR+PE2|3G5Vs(i53k_F-rj|} zv@t868Bl8aw)9dNAqRzTLJpSo%*-5Xhyjvy0~&&wwgy4;vM1n9HPzK4nobT@Z0F?n z=aG3QniXUVLwdJ>VR;3ZfjVTYP!3Iz8wA9OwuN9ro?)SfJHJ$FQJi-mZn3g}C|f|R zwVr;l`C4MtJb7e!_yv^ZS|4nVMct=Rzql_3oX6DcMcb+k7E7Wn%fFO^v3-p!=r4fC z#(aS~x{8Q~!4HaUd__)m(@Ka0)H7p$MW z2+~PfdIUC>MyX{{;tY=OpYD2k;QSx03Dj5@sO$S9o+WQHST3S5qIeG;R%SGr8xnzxge#2H)~I5lf^I2oh^JVyKO%)Y6JFQXY8We^O=*|{o> ze*miFtOoHjfg?2x5|g#!veYZ_cdrWX77BlR#QW!DxEQ6;{NA8>+6=;DVlS#;U=*E_|N~_eU^Hf z;l}pbZvsGj6toD>joo_ZO=w#>bz2~gw}VCJ>*YLK3MqEPh$jmdmx7Sj~?)G+L;0WaRfD6%S&>C z%6f(&H{aNMb$X%_<4KTZ0p(uIeipqLIQE;VWzVBs^Y!ksVkY>F%mUS{e*-nFPS;Q? zx45jgX3UGWIxel(4=&2=f=|KtV4c;r_rW(9%UfEu_*;$NKD}V9R7r8%Nn!>b@xWm$ zi9y*+`nI9;x2IHE9}sX*JNGiV=zbP`x!q2fE9iyc1GYmT5JF(>mLLbXh47sR0k`A; ztdl-U6!xC94)7JCc2zHbQ5##Z9{#G$;0E)l9YPuM#}{uK6d4ri_2UNT`r<&hrq6Nl z=xB2Qez|mDvzxcP6L9H0k=*hiWe*kVb0b7gHWqsNbQdRET^BG@!CS9AW!)V>BMF|0 zDlU!xv+>|nPjC(Add8p|FnqyPN4x{Zxv#V09Hvyx$oKeAjX9VD;y5BS8yT5iUnUA- z62<>VOafKAtmNqtus^^pi=R%wqqukR6T@_Tlj6=e7Qhzs^F|k+ON^8FPP*AVKi6NH zkf|ExnlbdT2OXR})gn;$l^7(`d-b5M!Ve1F&LPehmm#K`hkY7@Jly|br+ww{)> z<)w%_o;NHqPzPwp7TS*(S_h1`TBTt}4IoDb>9ixbZI9=ePlf1}9N9(+^*huTnt`6B z7=#zuUtL-e5LdqU;Gg2?o;}&QLx0EBq8{1nT$)o{)}R5}8K{KXF^3`i^}hR>&W@9W zCOKCWuVVoGP1TD_d(r-(uO0(E(!~0AN78v!Lb{&onECVXI9LF?`r`fUr63z2UuV+^ zw(LFf^w6by9?>%IG^RS!;GGMU2@X2CLlRy+{XmnR0~(~ZrbN z3QDIBARr)28U^V_2`42WrIaEq3KG&irIm(nJgmL;+UKmj&iC$f_WPcHWc_|?&S#A0 z9(Ro~uIri)l0l3=`@&L)aly)0Q;kbl5sPH1}0V(#Ph&1F0RSx*qD&4*HGb{ z=*Wq9EDxCpf)4hK1{rDJvjG4;`iM$1$xSOM4Uc8geCA_%C@^m7D6#(naJ?Nbt+(HL zWes!Pzs9W6Nb(UOg5h3GQMC&T*c-wlQU{Ng-w^StM=TQR`uJTfxrVUau;IUuR$7F1 zT?rG+d)UA;(6o}DGiwKM1ROZ_sM1$;iEfVLq?S*Vu>mSkk87B9DdjU`Saua58GEep||&;*y^JIVE$d^b?;3DS8_e#p~vH)RTjM$V0DM|dxgf5?1_dS--n!)zTK-# z8YY5$MC?9MS|oaZq%!k!>o7N1mR?D4f?LmOBL{o0H#@i{xOQud_yUCUJLR>ofJV|pLvBNhhk7&0P^EGymPC7#XXVRJ&DI}!H%+rL2= z07E4}t`8iX263oEq?hqHw9^E4ny#dEr9Ceu=oWpxd$hLsM*eoLcA7-vy}T+94?Bxn z)x6`AE03IlYruZE?(qg90#>qUSzWrl2mgp}rqT!t7fMz0}>4c4lwXBg2Kn5QnnZ-Gh7Hc^{IWxW$`P z*^39BvFsqEMO<(6SF?#Q3YV%|COfWHC>{YP9-iqCF zun!RdeVYR2VcJSBgl$6_+1ew1k$HZR0;||OGKL@S2Z{ISFylu$0~MwYMP{`w5c9iH z$5QzQI<>UrCj0@;G`VJFoPAn7R-5j2lg*a630xtS$0?lc+BeviIO)Lrv$H64VZ7(M z20)MqimyHnu)%qQ+8uCg_?G3awKP!ta^axn^=mwiZd1;TUNcK`O|j3+i}{?^{=a_G z(~5YLQ zHMd0>EekHM1Vg%KVcy@3Sz1_!3YN#BKWf<^iCY9pDv;gHDvl{_q~|xQF6GO4()6T7afQLIVpN%Aq9Pn5*Bdg&_mT}t z4Y&vS(%dx6E9%@v)2m(2+q3ZADou#Z;1_}3aK3`RMP3raF}^reeC~x7!9L|%#%4v!;J0CcGDW)j@ z*2Dg=RmcARb3gi63>YqZD70xT^uUNEZE_s=Y;p31+{@xLM+qQVaM8rR1>hf=faCfQsGB4HA#`NBPTe;&I`ayz218F)g+KGd3Pli}_1MNO9WYbrj0U zHk2f51+XY3kY^r507$jI3n?*NkW&eFp^qa|SJ%WX3vdywDROlSM7=26kKikdAtc`Y z*p{4v&uLp}!5}?q^33ocIIJ=Ezmhb$pC^`PkY`T9Q>t2=M{!kko{)x7VGH(>r?akVz^@Wa;{6%S%ej#D10nqKALLE} z{WzR4OK*ZCn49d*(@QcaFdO34OR0J#)d-49)Me?u+$lAP-Eekg_PL9}3yRggqzHmY zSdWYgR$&V)CbZh`W^S_XrQ^OTmsyCg@(E>oKj}TaIv}TdwQ_HkB$i#IzU}?O$BP9- zrSFG7(y}lp0W)gn&R#NtXKPGWxcH{>P~|djf*EmOHtVF=rpT{FRx%I6Lfh*9j(!;ejS8=6=!>{FaKg680dlbg}oV zNiquL+**bS@mSN80G3tTD)-V2c&d$rY$xqW6E6=`K1PuOZIwq57?CDjaFve?jCfY| zn}lDw%U2RhPMcsiQrNj-VELY_-Z4tZOo38`B+H24Tef{Sc z4)3k3dv_YkMy92b4anyLtc{YoKv2l3{|6j(^EYYjM8%xCvdc&Kdp(pMMYHxCnU)Wr z{kgc3$0Xvg7f{GJq3A*3|8QNU8TK_lvc8G$_70=HLqEnqSWsdIx*0R3goqqPbz=`Y z$M5gnEB7FJYc!BdxcJ=S_5iKpKX<_9vw=HFCC_$}N_SlBGKb8*zVyjF>Zb*<$s9Nf zIi@K+=D5ibeQ$oTH_jfxpRD^x!RiO4%A|qpXpZIGO0_G)1_TFZliV^mj~?+nPVCkH zN{7T)MMYk`1ZU!bO){W3ctZ+ru#Z+|d=oROhA?~E zk7v#sOR}6z%0EyNVM#o*_?+oB`2?CAI>#XC!@&@Dj!{O(cqJ4aFDC31CJKz8_DOXe z6r>GOps^CN@DcUBv30A;=kArz*k9v7|F3v|0SRIY2X9-sBKw)DpkOvUz?nU&@5g4* zsJ*##dr`6BYNv`N$)ajG-y<>oSDWF{v5@> zM0Le(my3A_yr?n^?LF?+KcSIKzx%6QQw2Pmmh2%moM03vKD2xF8&z}{e!S;PJ&Go3paU|F z_?McW+6FcgNbyOWfrtlfJd23TcBEJ5w?lrinRBQNke;m^{$zqc=aHB734lVx=}iB&b?PlT-8xN+>D+?} zG(b5L#C$t=GLE`b5R0` z`KKjP518}rZIB25!szYV914E2=HQvrd7Kr%hmbH-FsWRa8=>?R3ksF1+*YUN|8Kv* z|8V|5vGRZR0{_GLLz@4?7x*8}9|Gxs`=VMZsM+t>KZs+&74^(l>~`%tTtXnh zeZ=~Q27=28q}sL;*@`Ct6u@OuV^|89!PDMTFLr~cO>2Ik{q1QWZvXtW&+fs0G8Y_u zaLs0eTQTd8JY11!#ScP!gxa+Wy{cS65+f6V`BA6zC^(7T!Mr{L{{Ge^YZ%Jk#aM;# z4n74FZF>qHZhqzg3Ur&UP#h^KTn((?oTv3$^r7`15W0|n;Iau01j&ekrqhif_D>TE z{4dv!9HjjOVp6ybjExCrX2A-ah6z(+`y#%GYk>a(_WUkHU>5>$`UQTEL{o6}7^MBH zWBjW=^3PlZ3ZS;M0cv~R_+M<^FPCq?4Z^dkm+3!Xpx4kXUJ7@3B}Y&eGh&&m??dtLGX zb?H^+WsmarRLgC^Ij6t$z)tlatL7qhsc)@V1el=*-PN(^cz&VMCvuu_18Sib$>1pp#N}>7XaDTFxvZ0%Z#jrlU>WBe z(|sTvYz9mG)+r><08Pj)E{j|1Bo`#?e*dCZ;qUoDO|^N=qnJ57u7rY3Yd=V?6&_3T zHRTi%Q!@l@)wPE z6vK-zxqy`ARGIB>k_ zWYJ#-0O$fs8vuMn!_TiS`n009F+f&R1?H-4{cMed(kQgA$-|V5y`_Q-t7z$8F@R{( z2}p*5Kytbq){}Os-%#0GxUM*xH#8wO`r60Sj>Ff(iKpes`K#?cfS4u#qy$p-fMtCE zu*n$~+Q9%dkU1m`pf!)rSH9tIE)44vwhIQ9T+t)d6%BJYa~ki!6$qLKv?&YiOid~W=|Z>uJ= zrhn_wm0kphd8{_PJ!m=S^4)tOQEM3%C{p?0zcbDWNPT*>B}PCrDGuP!=qy>$ z(9#gaxlAR%Qpx~uCRG65y4yv5bO5k0onMB<_cLWbnXW;XWcf|`8Qv5LzV&qE*%|X` zkoxse=Tz1xYmjo_-kaDcdT~9HYm-=8RR!rj>Y*eI_Qw`cOyiq*DtdNyMVcw1*I^b} zf>0!lkOGPH_6^sJUwJ|!`-=8H(2t5%B3?eZY3(go&_Y?nAfdWyL(=ERCw{6Q6x=0*o3)X`knOna4*5&!_@XzwDWP z5Ur7*o!iE51Eo>%`#Xgp(Bb?kEQ~B|rrw8amO)1vjE{Ej?g2oImXPI9O1haCV20NM zmS-Md;^PC%Qp)BlgHp3vJ`vTArZdVSZm_D9_fp=o+04fzaXBbRLLKOOp@km~*3z+Enk?Lwy({+hkq{cCBg)-@TO6Os-i=WGSBvY*JMp8C@5|H_x- zve8>@)D|BANO2Zm8xmm3)BG%tm|VK=s(5^r9%O5&>VWYBvEA;Ma`|o$;1af2k=s?Y z_W;}sA24Pqj6=!y(5XuTi%>#89+bb60r(B zwa~mf1^598Nf{+Z7e}|_vsxHq0rhPJYe?d}&B?Hv7!2wvOg@Y=Thv9{1ZSzM6w?2S@^ zHd%H^!k5-QidR781wcUb=_CO-QiLPsK2SfcvI)B4(O%-j-4L33U%Mwo#=q`kN`HPx zY}I#El>Q3F_8db=k?SY^HwkS&flM8Z>pcL#p_K0C{bp9aWA_zxAx7I#67%{oWP2sP zq~S4|;)j^dwz3jj$B>qP+35ho#YHigg4J0DEYr(k4tlhbCb?b!f0=*hVTnmq7r%Yv zVl@ZoBavjYnr-nJ88=Ny_C~2*eCdIKbDG$e4wyph9F<5qZ6A|cfRCjGnWcQm=_p(I zB`j7}jJCAwo9XriP^4A;ib5d&F)t$)3_y?e+JpN5Ym^7B(dSUk(bfA(=L4U^l=jBv zzwV~Ou7G1DRh^iZ7EO)f?WQl%FWl7AiyIgg2Q>~>C=$XC7dtx-eb$i``{`VH(+Zd@ zLqnjpmD2j_=i+Ue4bAqR?d99KwgeMZ%0E71Z2^ld z6`kaqxdF;@XZ0<1R3gurqm-1Jrp^sjZi{_)w|2{u*@nRJc?h^_(ZBXfJ__s!DL;-K zfUNHsO6&9c79-$E#P1g*&4kc;>Unx@28B$n(_H3pn#(5U|JacHhfn|eKMehLQ_~Dk z8UHKufWVRHfA1A<(Br{%4fGp{Ks;Uz^aJnHM0@uh>aOUs=Xz)*V1!)|D_3J_OfNM3SEionDbazH2xyd$f zaCul~c}=u6(ibqkKL9`G>6JMsCZ;W4a*(ewa6Ru@pE;cm6a|>^Vb>Ep``1;eHM$v~ zpK^hAi?AECc*A=-oRi2N(`8zzm%`-RL@b>dEhXfV5IzUwRN?__+hVop|D zfbF>X`NhaiRXJg_6~L~tHTeAGdAbbBYyv>@-v~X=BmiKci7@00WK8STm2VXVuofQB z;3|7wVwBP#>^iRrlZKVGVj!40Wj2wo^}?mX4**WBfNGJj-2fX5KqjWSET=6#mr%Yh z<#Pg~x?uI0`u*is!Y;EP%8x^tCT@+CotUU-rSjgA-YVLwa9i;ia2=A?Sk_L1g^%{KKTe9DalQ0PY*k*4_=N$xs^0&+q{g;^~@I6J}`*!auc6a*e+*85E%l=D8bqpF> zL}J$+9e@;ukXL09wkX&YaC37DL9zf98mXHLIy?`N_6{J7U=?}($14Csu@>{)Ha|)? ze{<&@&gX)ZYa(mXdNR+YECe25EccM@I(lyn!`*%~`qvtzgUysU=5>pb)&)rHB@C{& z`&yhVI@yT-RdTRgZe0)AXhFRiuOmhAU0dGYJs5hSvc${Y^d4 zgVF;?^N0l_6Z`p>?vb{@Z`8oHN&)9Zhm(-UCPK31#y`!yz(QVtP?c-Z^vDII@QxRJ zG~G11td>B(L1g}2s<^Awi~H3ZRv35-(w+%~EmUnJJpfHS7e=YNz?y5AbP#)*0PRnJ zMlbGsY1PG5iz4N(DQ=IwH*b5J-ZavJLAa2?g=A{Wc8^e$FOfnKl0ow zSlJHllPq6Cg~?!lBx$J))PXg@R)aw&k|*UY!&>#IQ+!2_ga%MExfYL|H?tIe7nguU z)YU+L1vI@5^WrEbK>(e#oT4TrlVdK0PfN=9PESinF4SH4{n&T?#^3IWh;-yCtN{mv zHNNU|w(?nun0x5L{teJIL!T13^>Y=UkOb05Qk#2anE~}0>-g$#GIh!;u;d1)Jjs#F zyzaxqL1%^V*wo-RRH<#0O?W3dH{Q$u)@GH37cIa zy;kWnOkG4xL194L7GS_A{O<~RjP=KOzWyh5Y4S`U6LhEx_Tn;oK%!8qI>Je#oL|jy z0rWVr0HmH@yatFNW6#AvRTpy`G)lg5KV|#J=&kBum~u(D2DOx)((p>xdKN2RR$e0`7U6yE2BfEGQ3e($>FO%sQ7I+l1|Z@RnQ8GTV{)18K8ioN?X~cAWTtDi z>sN4T3bdTu)a$)4<>Vf+_I10<&(!_XMU{IFXy^uu$96bN6uRFy4th>jE>u~J@V2U5>BmOZr-0hXks3a+cL5`Z%I6u4A5}pL%Ga# z&V6vOl4$=J4>Kv=WymdppO@jm4r4e_y?|8BpqZ9@zHKCjQB#dPQ+Wy0T*E0j8*p}r z7o?L3()FdGPoN^Ue!Ou#j*TpBI`OiIO^+tC$Fy_2aJ7yxiwBQkF&FvOtxgu1bDwIi zK_pLOG?RsOt*mm3hBrLgNH}$_SdnM=B!XYEQGHP_9eJyVnEqPK8Dg4ADpnEn%-Hw6 zt%WushM8$IdA>(L==wUW_QAwz2x0I}+8#3oUxDY@LH(EWgs0g&eB5gKI?}RZFPQsS zyewVF5c9fk>QIm`0PNOzBp%IvAVa?o{?tY-sZvTKuweJ|`XQC1AD;L^<&>0EYIH}9 z%*mlE`sUMU1Dido>J;|IVY@BJ;9N?DS4pA3qfIOAt}fNut%qx=UCDx$KOcQ$Q{OMxSHK1LTc5UfXjnB@i7A*clSZv|5#J(k@@aGq~bYZ{}8_mif zMAsLA)rvZ`H~by}IyTc|SL^x1Z>`Zo5^idUGf9+wAOw7opU!6>Zvu_=jS4bWm9Ru< zK#R$n8Fo>`jMaPV)3nDFt#Pd=G2+xor{s0nMb_$9I~tGFxxb3JZpOrU zttXx{x^{c_YDZ7Eq)8{WgQJ;@f;n(a1Heo4<&H#VVTAm7}^eUpMyn-aRzL3;hW z@N~|wbkw+QbccSC9=njrcf))1Wj&+cym;w9m5bU9JdY+ra_$N;ZZlUB%3+3O8)FFf zTS?I|jAz3bmcsf24DpyfDv1araB-MP{c!sG`xWZ=Oe#P0Cxa832)2&;l#p99>%X{U zOh&J{cXE9g4fSdxDVv;{ZFh%OzEU+!&(s^6thbFO?;7x$hX9-;&cl(UhqSyNUdk|4 zr!D%8<2MDk+ft<2=)Fcj%IR6Emlwe$;=O70=I4f;Uj6d?mbrV8!(+XN{>hc0GRE7! zL5`*2AS@;IcDzs~bm1<430@#S{lAXO!hqM1~{LrdNV_5@%d78L_ryXa;7jEdu~ zzqnGeI1EUUA%k3cxnVP{Tryb^TjT5M6g@gKOVj&|QeJYkt_#1sV^p*mv~9b1-L559 z#2$213SaHr`<%=J4Lnw;BLAV`=vX{#-^Pm~q88xW+-q&Bx1Q}D-c$3|?(C}d@Onkf z`QVpNWIpK)ERbF9fcasw68qrC5Xzqq%)t!{`6I5e&^b4+_0f`IVUxa2#Y*2wVpR@d zCQSnCgJJUcfai}4GgA8_W9>FWW&hI0|LvcK{+>N|oB!<(|37#(^v})m|7b%QIFjDRWGbEp5;q)3ZQ-4A%#MVU8ihxS(L1;e$grV=K`+pIw>|BwVhtdu_h6BK zA_r=DGo%MQdjv&dpxiKd^RpWVPZ-w-eA-CMxQjMG7KorubWjCZ;DWQ)4A>x;&Js%C;eh!kk%M5;OD!bEd!K~W7(61o4e|hQ zsF&9DD1ug$L4Bc_Bo4?j)Z}gmJTQMgc93QAuIbVug88xi2&TP7Z{D6b? zwpt&{X$O-4cQDgR*5LQQ@YdM}kF!9Y`S;l#Ha+z3u{}#`j|Hc|=ZOx%&x(7(y8ZRZ zh?8^R)Pc$AKFhvC@~5ZE3Oy#3KUZ0wpLiY3>^)hK{eGe_xg{3|H6`^c9u|An?TTkq z`RTV_#hboZo}sgT_+|Cyb*IK)f$p)38PxZ;y~%)E_%{jGtw4mW?H1Od(_3%wd!aMD ztv&S?(S0dDR0|FFf(+jJVVg7@aUEZjQgD%xO1v+dCtf}_msKuk&7M*tc}opNU1lTI zyDrsnU|iGCR3KdrrPAFS%>cZ)tqq&?y)zkW>w6b6oEwhopIP6Zz_U>BWw2fTdE|9+ z?)X3uc-sD>iOu~ELUaACft^qY(bq)T86SHr?#-@^!R#K8|B!Y`-kk4Jixn5v+y2Ju zHr+*ac-1R-%#VwqBBVUsWNPz=X7Ne{ z!=s)F-VwYE=k-034Cjr#?<>8&%5Qdb*4ej56Uu!2p=&ab`@wM-h^ofkA&FzBprOGO zKj)b(&w%3)3r|xIraU%+XbYd$E9=&sDdGxpZTL7@ngLAf8*M!yV?URW>HAqyj*;hJ z_kACV1*LD@rLZTa#LFdr!0Bc*Oef716B}#?vX_Mrvdnt3l z*CNkhVrI2VY4)N!kYwj@BVkRs+MyXau;lBf&>@&Vc>+r~1?+RM0+~V9k_lVy7exevHta6?%Y${0z-o%U zw3gW1-C`v_0PRsJRcA^##go~Jg8eNPjyzamznJD6V^V|=jv;t&A-3v^Bp^75j5Eu) z8S+phE(GEp+bIi+QI~-Id2yod!Kt2E4cPxYxtHi!92OPkKEW)O(3YeY=pD#tchAm> zpy|1&&jfdJ_d~%^#1w$2ur8$ zy2vw<@y;8;+LS9()$tzBB-%3#P8ZvzG>0<+UTlPD3fy}JGJ^<_QJd`NLj=>DE;c3H z+4fPRDR}f$6XD_g!BS_(fTbq7o5Ky)5d;pr)L0B!LBAi~opzKBRFYW`hr7WC*r{yN zb2y0z!8oK>QsB}V$V>{xLG<;rA%dAt$DukM=OUWorJic_zcNmDt2VQq%}}yut6cAQ zBi`dCHxx^Ph`-k7cNw)%V^YtU(aM&;jdO89&a;IZ+g0q@QT1d|MR)S66Zr32f4*Wp z2M?yd%|&VtGR^s_Fr*alLgq=hn06t+`|%>=Fh=r1HSUu~%r%E;raGD!JRWzC6JC$h zQA@P`n{`1(?AOGb3yn{YAr1zzRajD4Z-c ztn<4!B6-?R^U(>gHe&@g=v0V6>uz|1*onbQ79jvRxAt)Eyyy$U?H6FUZzvU)@+?gB zM?I&w<(QGg0x3_tt6GqcS6)x=lZuS+Yv#5NvE?W zYZ1ytW~*K1<7;LJaSuP0(2E#t5L<6mNskDCTYBPnL+2l6N_l>0VAp9sWsO-0lUl}J{x*zgfN%Doo zpLkOtJV((gvbv!z1v)>z9I3F(4sQ@r6FngU1xArQj)njcAXh_vIemr?IY!9noUvtw zDuap(4Ew^7(##(3-4*VRF;51&p;&zf?gIwS{<2zJJBbkaqoZ+6S3ZK{Y0ol|2b%$d1`qL<9C(PgFtLB$lI z+x8qTxKROH)TO&Y9T@R7KDXx=Cwd_y0X3ZDu2BGcpZHz&m3@7J_#uL$Q-C~5&6D2f zOx%6;#)T8@C%#&Jm-ff5??nDg+R}Pn*?5p(N*?dcu7hN|8^s9{V>B+9=a*CiZ?FXr z_;IOFS%MfwT*X;Up9`IwIv-t6)Uh|6DBVtV;%QVu;Z#8|gO9xi!o~~gxW1sbJ65LS z<|ndP25w&7NuC_?7R>)EyX*2{r_q3&7~%HsCqwN0t}5q=4>maaUhbNHR9b(-0I zB}o#f-YZM-dU20C1f_@FcZIFH>E%K5vrOT?jfclZ3aSQh zeBy>+@mE5H$v!p&G#m^Ju7#7Rc6FoHB7=s5!=vWeYVZ?5mnWa-IIY@rk{nguWgG~M zjj6mrYU`7$D-`L^W*6J>JQthsh-{pt+#JLLZ=U_1-dq*D`9h;hvps`Fc$O3*_&n@M z9dsE7Kf|+}8OAFf&kWa~CxNDNmB zBS=QDu@B$_0B1~O`iyInjL^0+U`dSWvb%$Fm*I^{=K_meuP|&&1b>l|^tUf^A&5a& z@B;QHZ!FMny~5h(@xTap8eC_X52lwi(QzsvHWQ1ZC_Zea2m~+_!7F!4eEjZ! zfNuEYL@Iz((geTH0^Ra>7&_*O8hI`I&I?pVdG>N;TOdEI*FhuYg0U4l*GEeQPGup3 z8!8uJqh+QCTs<|KzggcU#Bd@o+HKYyi>6brICIGZbICL4FJ7E{{T^&FE@A|zT>tpu zXLvlMJ~Ei2TX;Q#{P8uG*K1-eIfwgI59C>}05k<-ONj>o%O#MiIi5a%5StD=Fb4cT z%aa?^u)!-8FpE5%LEP@o30*LYBE9_-As}7eLR{23-Hak}!b?Wp*)z1glXGRh;|dDI zmGjJo7+Wg2SFI=~7tUe54n%nZy<|bz{T$a@(Q0XG-&l$CP{bj*)q$Og@p2;$9S~P{ zm8HPrw}~vW<6SYbq6Cq;cB*&2e%BZj;Hl6#Qdj@x#}oaYnY0IQ%%8T!KJ7s|*=C1~ z<=Vr3wSz*x&5Md>J3$z8De{-F9LnFKGs)ns*264b@^p)p7;wR0P{--VQne!scMe<> zKT0KX@s!62zRBb}ZL1QS*KAgy&zmhmZu@6+OWl-knRJ$JLUFoRf`&JUsE7gsK*&Cp zGF-Xi^5Igmp3Ucv8rl0DTUMcCvG@{*pWwm=yRJ=30b@ig8n9e^K{9<-`?ucN3QPLu zG59e+CwK1R^7{*+d2_>o;0#MRlMN)`MT!R(BsNq{#dXMiICzwyY*J^Yep=0~(STha1>yO=&LxR9HbF61v}yk$_EskCxh*;Mv#TY7p-eZ685|@g_<6C3eRS&Uxy7b3wMDf@reC`z}o$ z-er8{uE1OUQng~H%i1I*taa+xjpxM^L&ioq&QcCaY0uTRzVWw0)1Oq{xP)*!(5)Fd zykz7Y(NKdA2rIxPN(N0Qxnw&+_5QHnEJ;R8TdyhAvwrB_31)0}Ab_Tgw= zX<5pJ&|#sxr=Tx7)}RGzb`MWIpsiVQqXj#`lRAXQ6ZSVmVS-`L^o(WQfRFZsZ->AwFJ!9#q@Y3ssE9Uj{Dc;7`jqR=7 zSr!ikdjaHS<~zPP>8&K6=x5H#z0)jeYw}F1)$TtzzB#ma7VBhn{>NL&iz{{e1jvqG zpK)=)UgKD<7y0Dm$yvNZ_B&w=kJ3GPUW{6bg+jwZL}O2*@_dERZgU>Q3{5T?hqA4x zCS632KdI!qDJSb!pzRtUE*1z&Yu;t|@I0N(Mx}6pO8ABCmE*l|6g^V)d#hYGNFt3C zms?3r@P}f=LqCLDyr>v{c+3D1UW25aXivV33b|oA`8S-Ckqgg`a{QQzqdf=t`k}8K zk^o5svcNXW>#Z*7eV?8CXoU`=w3$-R9wg_lV}GEf}w}xkZ|c zhcnCwzEz<;{sgV2iwxyHP5UWG^zqxACp0F(W+o4ifM;)92+;&ksqrxdE!q zSji{17;2ys8R?pnfH?Lyzi`8DMdgqph9l*eAtdLqg@^YdNL??m76m|nejs1JiD{+& zN!)IP#zk9}+2MeHylPkY;b;R#+|*Aq=Z0hXJp|I5)V^qZdBAe(r6c$9@R7IA%RT)^ z6ys=Xf}g90bS0x(uO{3-)NRa$$5;9;IQf)s#1p1m^WPNpzvf5JpWbA2Sb8Tm2pY`3 z?YexZzM%BB!s?w~inu$6|J(J88g>3VtGD;|{1V|A;^(rjwg(o?O z`ByCr4KKHM6}!cEw%V)6r=Y9~e-a`gMd;u(hB0{R0mp0HIs^Vei};YBbKv9i*)|1l z6hlv%rP(3-yB9Ovd#!w)77#P}XoUOJ82(G$Iu5Ng$&iR7F7=LR#sa3MgV=e$BZjD5 zuWMqy`N-zVFM)jh z7N*sr)Y;916K$D#r$*4{)#D<;AmBbr21=H|8!mvnDXB4mQFAw~&hgZs$xW{W`$MmFHDG5?l_zwOTMGRK} z#+rgu(mZH0=lLc*B>A0986``iv*X3;F@GW)9U*HrraQ-JDU-!?PcZYQBt#}_df5is zU)oz@y#8T4-5YyN>HT^oJ|^>(fhWr{H=oV>NvkIK`VV8hG%n*1f0}lH-dWn(u;}yr z+?3fj#KZU5*_ML}o?-~e}el#jBRzS`ideI9$5iVOc-34w- zpLKg1r5B%klkJ=TXo-JPCzCfes|xpl9KVD&2BNXbwk01C}rqmHciS^B2^qfoVp5tY%q zZ+|6`@20}KcNV0~xoNKbo<{) zSw4A<*=T3vEn4ZnmAY5m3%y#)9WPNA6zJ+mbEwo8c`9Y0K@@kpiuBLu~7lm6kl8*SQCg#!j<%BB*P z&e3OMUbQ)dpP1iSg*dO^C*K()H@ES6{?caiu64d z^vv&Gx$^m0hTruU=bf^pn@+CZ9)aAl>U5;#?_1caW;C8~vumX!$Yh8mH||YeOgY}W zilovuNalKG+`{Wo)1>ppE9K?am+Eu8i8=N7n-RkGaRqwl&PwEpOGFpb^`TPpoX$2z z>R0xUM(fkg)QifE4ZXI*P1#&BsB@bl=QlfG^}pg2M>EQcYo33p?P=dzXJSw21MBx+ zZF&V0qy9@@yGOU@UpWs{?pY8{wK&S8@1tp4BND!*6S3^%1&zovKg8)l+Ux~;7Crc= zH!WD_w_)MFCs=oA9dPo}cgBe?ZO>OQ(RM=T(0XUN|FN5k{}?s)@zs+<`JVSCY&zN) zJjEm#c2?e$bZ|TO_||#Qh@=rhG{^!26!@*%bpeB&xp$Smdw!j|xw$lk$!GZO+JZg9 z8A-ojWWs)x9tM_Ehill@d(PoRyc~+`$?H{xQX39%pfG!6IuQIw^ly$DrWK&(Xe!`=7Xl zEplx$-Xxx*-MW(38zT>erQLs0tvBLkXLt1S=inPtSzT46DH=dk6}N193KE|}97(2r zH;eYJMWu-*#c^sl@pu>ogKwG_%h;P2;PacGP#kTyAV=!%@@iSER~4@1#4=GV?9oc! zrA+M6S2>g|3z~k~k<4;Q0m1Ls7Pk|m(*2H|)B^Lsc~`Iw{H7)`nw72h@S8!=)tP?;@onW zaD92c>x#hk!jkm%>czEzAEus*c{1Z6l+#}X>)FHGdIlgZ4K66_5UKpB0En%;w}2>j zc7BZLIHJKP4%c>vVuTc1{mXXz#$)UEcJ4RnAG9+ly#S4$Gws_)M|HLtWutGLC|qf- zOhU*iQfC5JbF}NyH2cd7H^qp^5Af>zU`*EY78fX0og`oI_jgmn&hvC4cY+`9!wQlS%5mGG;v@t+1|}+rRA$ zvamB);o)S-HKz?v zJv=)8LeqI8lV*cEdkDoq$t&=dm`=dZ@p!Yv5n^#O+FZv+TlOY{ZC`JV_zoRX)t|V` z;;niIia!7BLeCA9SuHp8?otBBeTg8@{+#7^!CVvEddBZz^!$MgeGlgr=JSuD_cK(5 z3r*fOrRI(53q5HCj^E0O&@=VOe7*k8!L=XPHjr#O^L|1)S4ss9XV%4hN9awe{1S&R zKy9y(UJg`44fp0u(C5NKh@LW7ev0Qr>sKonqi-(_jXSg%3N(^1NGa8B&FAAnjFhJB zk@WK4!_rtGrmTWjV&vBoqkh~nTZjSG^!?sb(R=T0!H#Iks@Pt*8tE^!Y^ka+Z+SwW z6B;e6JbJPh)tGuYq$gcs#%RMTEUljcQqd22AKhQ@nKLZ$x?dVfhQASE)s;#H+SV0X zF@j{^@I0z2eXC_1di@gJi|=I*7#ccF3h}J@&El>ZZ`MZ1_A`B2(Et2haq$hiE4NNR zmk*}Mu=4&#vklo}PZW>N=OBNZ)*}lse$DILFA~UlzJC?z_vtpAeSVbAtK--Pk$hSh zh_yD`Z|-gEcqygw_`840TrE3pKvTib4SUT;S1wX#T=`HS;ITFy6<46Pdh1q4)Na^n zN4s7VOR0-2TL1i!eVE$p;~D;U?KHd5l%OxjQaDegUfIdXE0*agv&(ezrQyek{M)ND z{5?_xj3v8;>_4-}Nn_-jjWM&`>(E3|`o>nS7;o%n%PrpXX&n&^wC`fgI9pLx%|tJs z4C`X;O>j6(G%8bcMCD#*idOHl-7&{4g5KCHWm#H;PqejuFQC+F_r;hkl~WZOju#Y~ zmJM;=d|9)w8nrUC*#AWM18l@{`ZxBe>}iQJTLhVQnu`y0G|(60o2;xnmI zta*Gvr`>;k&#KdNd-n4Q!x`(bL&FKD?W3-u$~$w;lsD^&?M@WKlJtw-7C zIhu6DT^DkDF70UD_Guh-MOuHFVSm{dwQ_Y4T02j{YYDckKg=CD4Z9x5O1RnST!hAz zq$Rg0e`H9ye$N>;KG-S~-K~08IluEIfzMmGBRHa#TCs|$L@|2E>u}X|;T3Qn%5`$Sdu2%VG4l$UdWWG3-!UD(Ojt?Cj56Re93axY&xAb-kl4 zSK0iasuz0sLF}y-ZhO-w+R(GILZi|Q*-Phs?Cwi%JTp6ID^bI=J9AGAvRv@{XXiAYwN)g&$=O^A6&8eaR%UKyXpM^I z8U8ROKe>BnDO$sB{#HeyPujAm%ORqvu50fj($dndx$jtDhqL<2*Njle!||JZub992 zYwLM}9R|v^aK3{DzNassbb(iGJ;NsrI-XAB9`x5Hd%YfA zzZ<{5@9&)V#Cy)?yytoTfj^kxzSrKX_O-6HHfye^&k@n!D z)rqs9Puz4%?R5eLQ)w-Q$Hguz9NXIiw+n6alXf&waaD686II9iQw7#9YSGsWE9c+L z)9h=@$&HuM&+@nSoRAq8>ZZ6uW>=&Fx3Gsf^j}fe*eTvtJ!xAx9w!@OYe)Vlrk*&-eMz*p`i<+mGBEg%o?J)RRv76WkI6m9!ZV24|Rw5Bd+Y z)&lEw7Lv_b&hDOQAJa4C-^emSb32NxUpEgpx1CZaRT(>^KK#y+de1rpvQ$YHhUeRb zhrYBkJeuWSo;qzN+$;b1!#M1nTC?*W2g2Y@Rmo4~Cv`@R)9lHpZF4#Eby3aqRO=F~ zqJ2*ZYB5BZK~S&KE5o6U;kRCvvFGi+=$lyyXw^eA^`36X(2E^`IB!x+??9`*9!$}3 zE50Ez(uW%_MFgSO`sPHTu{tkyq&VSXUSygV%P%F2iR63pjtuQy!Z#}C7!uQFn!vCg zy2*w2R$0L}`KA^ktu-ppNR<3{1chh7DM@H#dxcjQhwWd4 zo{OojUk}h1AMw@eq*=dC+WYXr}Oy|2wLlR3({n_6@Y{Y55_)(vc`Z~m?}6hnaR$pT=eHRJh? zsGP{gBYptnB(H(u0uE1%@#jOc)13rXHEos96zKU3vC!=MOaM3Us_Kp4p>jhGQgr%t zPy4YFcmr|9s$i+w`ARExuY*-jxmbh8e@N9all7+kU_=b$tEs_mw$EpHHkFw)J-m}y zq6%;WM9Is0tw=`G6RICaLflK}>Kk-3Y(aE^W)2#W6y4dvAx(;Wdy6Yfh+0e~U!z@r;!9R>{-tS0%{W`gJs=*`X8Yw4(J5IW&uR>VH9bDl-aJgG+?05in zT|;E^rF0R5O!`^^w+3%=`jwN*r{gJ=g3IwQRr(v3ZbMwSe@#olhmNSbka9`8AY zHoEclHb+X*t2M5^aqa&yBY0;aQlou_8wz~6LUHMgijQR0@|!Oivc~v&?MF*Rq}EuK zJ(}X?LS*xG9~fKZz1e++Hw2e$QSoPAZe1W^y!4Zbh0Kv*=X12zMF;cVvQIp*o=z7J z85i~3w9(YZ6p+JszWe&~NF|>iuH2>`a49h0JlI>Tv7adNa@M$q8LEue&%Ytr4^`Y0 zDj0edk;udLi2Z%SFTLch`+Q`?tsC|=2%O3cq3T}fd z-RW3~r?!FtY@fb|ndn7NAXzM6{hfoLepZ#s>ZFsdE75}SVXi*7n}tM6EE$x{g#rixHoJ`H&LXo#M;F+a8DZZnzGqi8aCJ69b3%Cphf_D6c(h+qy6T_!6+GF=Rl zeF%mdt!4c5D8J0*eic|MeCI^VjljAEL*2WlTlyr3 zF@?N*LS8=d+&gurG);Ih7W(406*SS4n;_u*Ru&`pWIO_KR-K}rB_>@-QJU)>Be6!A z%Z?Io*%LIXcjcuUuL)HaHwkf&?0+>TIi*%2Io22?q;_KW_5d=&-+5RUAwxOeN#gDP zp*)#f6j3|)nHaYARJ66HnO*wuTB1IdTFTwTCd%`x-%JlB5_v#JJjBKexCVV}zfQ8J zdnL56VI<#!(MOjDI&n6Zj&zUXazWT-ATRbem7 zsBz#v8G&Xe+6sTEpzUvFKUiR7dE|SnyxHV2V^Gzx+eT52cjSEJ&D3jrva)^!iX3F{ zO}trNHb<6{e$r&0#s;6)gv0Z-x)k8W{O0Kmyw*htaN|@cUx(&GEt28fkL;u9d&NXBE#!@n4$F?8{&}EQ^b5 z!svwF_GU_QzQi{_ourm_%34WfaEbERvI3Nrd@@*L#T%#D<(=cbJ5}z3L0p=Pj4G`+ z_t#ISU7&#llF3|s-0QjeM>i0cjGBBTcbCUQibl#bbZqY2k`k_lZz513YDSU6l2;>1 zbF&_;zfItr&0JV(?MVx)9~d`u%WC$4{pfFj2vS;~ht-%mnd}op)12Nvt#iybnAa6A zsygtsn#2mimt^i3S^uHC>}uoH?&;UaR)RPi5&RWi(e3X)ZU>@|2)y%bqCb|%jv z=wdAwHm}JMhN;VE<*45=f2(jOi%s%Y-ymm5y47UbAWr3chr(2lXp0*FbW&=9zq{y~ zLt#-|tVI#4*|3_`9Urb~0lJ^Hs#f0cb`d?-uWjfYiODad=SCI3aU(#FS`gnZg-mGt zm^bE3T;h19Ql`L_$*<`^;$?i__B;>b$ZJJI)P3R2vvYsblQn?8>y}yg9yz1EnUYPG z1??AiA75!*_o3lk5dTT{QH7;Kn0L|)>Z%(By*$SczQiq560-Hb5AJF$j2vVOTxCME zT@Q>|o2XkcKnZwu6BTI}N7N=;4^*o)Yvt2th-Z#1at1Y)Qo-59Gh?#(JAIGW1_oZ# zpk23YRpTG5wNk*+*`xK%w^&t{T_=cOTQ-!fNb%|-hmcV%`Bb~PS3#}Z9#N5y{7{Y`FT63s8D>%bBnj>8~m1eOUi>B#w>Y~ zezY5aB>$ErA2{g~>eonKlOf&&>Oa-~iFeGEI;fq&x%ubNb})IB^X|1&!NAMIg;QZq zvMfW-2Ufbs$PB}OJE^?B2Sd@qnucQDUld3zu7b4Q)wB^Fn!M63bq{UVu8I+HX_?`> z@=Zk!#}p$HNn`ufGKy0ZMIzOHQw2$9?A=#G(7fpr@i;ao_`++zp$`#5l`UOWho9IO zMSL14*rOK`?*vDXyN6{o@1L&%$1$0-a^W}vI)^r-TY?`R?wo4apDy3n*(DsDk^D3s znccj1&bo!76AgH|^}CllPOjXjT6xaOxXPLF&g<>mj`l%E3qA+4hB_h`k54+f=dD}3 z{dv~0yre+W&9!4lC1JkQBzKDb&X_NNG1vTT8rxX=LBJhB{2}A6(jmf zJVWNtHH9OLj+OQ4tkf zk!-1Uhb}$fwZ~8egIkl2UT50raerEjDe~CF%AG68Z9T-4ox>k#G9#6NR)^<``G~c7 zf&-zrGVb0QVs70{(rqQCMZa|u697697kV?Y{bG`d!ZVV~7aF6{#923 zn)fiOLvv3|nw`uvdhZv@e>3uavoD!qQ#h&x0L%mKa?T~6tLf)lPfo7E+w~(j2m!Ss z{wYc|>*qrr+$-mks+iVu?(&=P&|@cY?|lUqMzgxv0K+>75!{{=!|kO|y={q1cnAEs zK8EsZL^7X|dKNNc(IBPe=gW(FLH+KUf}S$;DDO=6NUO`%c%aQ(n7BOPM-{|8(dawq zW@P>yV=uzrR?c_S3F4jTwE7*=)j+Mf=R}vmlpgwV>Lm zXOW0dqy}$5smg6Ga=j?O9p7;0@mj`KVwZ{e*2A_!gGS|$s|4j|Ki)qso*inr;!hX` zz3dIhv8+>`mqXH+xwQ~4W;|Q()7T~_DZi$iDK5IZ`aNcgtRszKgeEIMYT-54sq?`r>Q;$wbXLMSOMqHTVSZG8M?-#mxiI>hltn)2@FKZyO zs&SqGXBnUnU+a7ge!1POA(Vv7e|M2UUM~Qre*7z)^RGhqkMJ5Zs$$Or+jN~!eY4I+ z2E<%{@ZWhy(Zh!7mbxcC^WTm>a4$7b=`3|**CyVRy5Xp-A@!(39usvox{Ey&&yF12 zLT|tHnRZgGq-Z;R)=30wBy;$hDm8vHs-~G;C3D=fZ%Q@g!Ftm!^~WK|pJ6)~j4 z!m-cr&2pI{lhXTYSq%f)s9bTtq`33}h!?2IG(nG|WYvZj7- z?&U`t5EGnUY4}k~+P&;xZ83H>yaoy?CV~qAMpJutVBM! zXSejx3qz$!&E?AXeN5+ir;kNbwpv{z^8lDm4!7+(D)pS}yVcL;f@?D!&#Zql zdCgNGqY%IO2iT{^1sK&h;y*ARMg&XT1N^-D`K*3of#6Wrc$?@;ioSuAR zakbpGn72?VO^q)pEK@yu?&XOibe8CcSmdnE`3S~jD+%xtRS-M_Y_+iv%(V|R|xQx7^ zy*o4}tv$Jf*5urN2ESZ$<_`3;nb7tf9Wi&vVB;YJw6I6&+`zrr=YTBoaxvaUQb}`9 z+q^}`YcbLJuGb1D&D-j82;P!rZ6hZpro zYkp7u?x6=)c7BsdqpQ{v#~G5WsPy|LN!zFl@gQxMQ1$rx(My^$S$;lyJBIbXr|)XB zw&yp{aCTWa>|M;ri&|51_Ha{i8?!qkDN_8Om4Z*Q=TB0$6D0Hz$t1Uap6Q|sLI`ta8Xa-b*@AM;);sKf25Z@)3}OGl8XYOG zuNt%C{E=D6(iNRq`Yf zktxL*Zk7B98lB&<^9G+jU08pyWA%X}_TaS#p4%ENWQkVq!bwDvmjyRJ$tNb1n)&pp z`1Q@(Vh?ZKqC$roS9hR1j>cR(e=lcg+iLBFJygWfD7=yFe!)=Pi2XErLwNDi;W_e4 zbe5F>Xyng|VLUVU^CE^d^0!ay89@4&gD`S538O_=2B<0GsDr2-fsc_Skrf?e&!b&B zQ-O5LiU@$f4?zt2JCQxa=8(iMl9_kdLDxjS+;DA*iZ3v8(Rrcv`dv%__-vtz>wBB5iDeGdH=WT^4T&C za;o?6H-Vr31HyKDlaNv0A|=T2XmQ){@>OLcWX7@QGx(CpgN&97E(wE$Emk<|s9>x5 ziJq9anRnMdkSY_7g(5lmQSUq~hT1DtSydAA zq!3SXH73uqUOns@Iad;OpJ#M#R?WuSteh+-%q4e%0pyLX8H?@C1v|ui^OG77kx}83 zDRg!f<;QO6AQpIvRC%sOU!NbZqZ>(=B*@Afn0zH*IlJKmcIURgP%Bg9G@z+IeJTm~ zCUa;&XQDUO69RA}lUl2y1>)*XfKI1;oVmIs-pPK0|oGJG+&gz!z*y{`;TSg`j z0|xUg?eBVxs}1oed(15nLeBl_v;u3;HzChoU4knsUt1O9p&B3A=f-;{s0<@E`*SgQ+tMQYE7bgvq|TC&w{##)U31H$6`lAGb?1W;{8-&5A5FZbRdz zi^d9=w@4KUK49y;q`sU4!{u$Qeex|rN})3SdJ!5qeD5hVib~~J zzH&i$KLRfjH9fclZM}LSiSEuU00bOPA~ojBTCX6{n{XzjvE1*;WvKGMB{o+ z9|fv};Grz>6(C(KFf%{~TRbCk#y%0b-3Rzpc1#u=e>CtOplL=v6Vt;*F~^h^r7|LP zWAD4LkGCR4Z>=Z;+Nu|i7Rd#b&qw|fk@zGYU9L22UaV2O-x&;Nl@zIRAPXLHRIU zi-8q-WywzDS4;61gBB3rE>Wrd(Q`FGX6+!L{ihq2A8Vuwqw`QWOL~B$gT78nUU)!F zK<-ogn+$uO`4Wnm&*I-L+W)5{(Epw&|1(Mc_eA+0NdoOHGKo>;({~!MA zUy1TxO49lzJ+_(km1VoRdoAG~her(JpVr@O_HP&QkKk{VNLBN~JQbIhjkwfoAg2w__G*(@gzSfP; zFPdb!Q}6IL);~33 z=On2roPw`*clU{Lm=YG~Taj#h;+|J7USE*qP37p!(NR(MuNJP}k1tv$jcFbqx44`*=C$f0ixgDH0SLRl(6g%v;F$XVT_60Bv7Ce+ruI zUSdgt+jUhpE+@_9TuAnU7Is;6QkJ`?uh1#^O2OwbW5eaSCnq2eu_gDasCMUbXdntq zS(~h1sAic%Qd|n;$oV-wTSl=ciRIB7N_k{N3UDI$1x|DcYg+b!FscO}Qhq?(KG-{} zcn!`T@VhJ`R)($M4aSt_ACH@azDd{Qd79k&3}5KnTlPGxp}ri|U1PjHSB`B0trskX_$+JQbtw?r6SG&@T@&c*UcgEk;$zDpuxDu42PwgM)n$(w&Y z2YGn1ZSZ9 z@GAf3V*Bj3M1RYtGdi2RB4hZ)W>`HS;GVbTQjGb{5KQvQrFW5eH8Pmmc6`+Al;Dfe z%@~@sKjR-v@fH~nBHl>1O$3h%Qh0%+a(sR!yqU~#yZ+lyofiegI0Q=CImn5u{0Kd6 zHoTVnb&a=x;QNQIA+xg`XI|i=d#_Xf?rmRg0LN3w4oaQ3^_wL%A?(6bNjZT z6wmE8H6wsx=c%R)Sekz?F_6ujq*v>z;n^;1mOUoSUC}QeOk>8;0(Ys~?M4jmv~j<% z+v--*Ek!Q8UFRbt{5^75(`AH2aIF^Zn=Z~@=F{mX zChS*amU?HNbS8848pRvPrdKc*&~*kb81G86Y(BxlU;ZW&==6+>+PAhdFV^WoeXm^Z z_wTQq=cq2}^gm6SFI3G!;Xm(&hwAqQi0@jquLBN%jGnS?UO$O~*6gEb`}MMqJBJ5+ zb^vYDt$)Iade5exX|e-f>G7Od#4q{>Exl$Q>eT1Wdh=~L&!Mj}V@xY1NP@OGZFl$y zmthe$8B{Csu`h=tkl#rhoGWGV-dz;6dTmtS;;*Z{>7pp_JM>tvKhHdEEzY`Ny)*GE z^Z^=Rfz?u6RY3nWG0zPmA-jR6I3JHgMyt`PiZ|#1$;z4R$??rK?zQkKXt(@nD`fmq zwU3?YZ|~dfVG3GJGHx`?0Nf)Ija2@81#H>Nt?5S>TXOqdq`lVP9Z8q4j7a+QFaUCk zizWLyn8aam4g+!^*OZBC?t zn3qI^ALt7qwJF|{5J1c0aQeAJ^Re&b>e$gf`H|0%&sc*$-)>+rq5SO_a&FT{=S>mL zX3a_yKbz&gjS1#eXN(QxFb2LHq8couo@gYIrIRvIAN&o;$LRTXTdUUsLwX|{zfcg6 zw>7j-I|s4(ms*c^ua=Uz9Fe-c z>pirxtKYglNpnAGS;90qB#MgZsKH}JoiUf!v{AJY9o23;y?Je@`Y|k`M-s*#z>98hR=1W*_n?V%&24f;|MNnMSMgW!@}m39(sSH&Krxea36R%pI)w4 zaYO*vc-EbD0P4R6N+e!?x)J@b>LchDa=%R|(VC-?0zcqd=*8h@9}D*4KiF?6W)XQi36!^VJ-M>z<&ubOFgk)ZBY*Jo`{!0UGQ?OGR#O=;i&M z6$BuWawd;&4&3%U^NJu~q`MK8Z&3-u(}~P@5JlfhW(=9$1|tK}-tJ(~iG zcE2ME&32m{QpOtES#%2mQ00xeKz|DvOK5$F<4;0XY?MV((aGy(x z`KY{I9qs*jv3S(5-ah;lQ)6j_b+{X9blORFU5%DGXpRR#-fj3GD^Mi-U^3O(A)HoZ zcttngiKeE%<8y9n67M9!>-SI!HhiJKojz~OdW8kTlW@^E`nA1p8nmW_5iIOa5ZeuS zmRjS)i{05u$Too9ra*U6PX+-P+lOm`2XSCkyfRWAS*jT@(d1>^k@NVYdpY|8Rfb;F|;)6a5W~hrj92NrIE9ZTdBci9*Dw5z}SQ zsWRx4xZ; z-Y(jX6gX~e?HT6QU)r3}TbyuPhXxjF6bC~-u5cQ@x6-YVk?_lzCK+=4#ht*&bVZNL z$Z#&#%?zb88&0j8y4>$@tABX{64j= z^F!wLn724;S#NVgkr9c~plfcExm_X&6rmN*BxN-89a)HZX?~X1@})B`K>y@S8`!y- z@2^g>KVqdaM#=rSCo8va81yY`_sT_E0g-sG_>{sN0P2ZgSFe%1DRXM*FK-ypuHRW| zT{n0)-;Z|B|GW2uKLop;0C))_uFr9+M~0ynaj6!Jx#d zGcH`AQB-@b{l{6aOO;;~mIbpts1X zwra?TU_t%y-tlYjP{p9Nv2g55fGV9{Py_lg=Iqfu3%4O@z|n+w+!r>`#wc}qDb8xs z%?|Y-q#`i-Z+O!M-6w|&Bm-kc$_W9^-+3)JVhZ$Iwqw4Ip#$# zHbGNrm9r{Av-unm3_3&Ucd#{ynD;MKvgz!l|B#5t0G&Yn1Gkg4&eu-qECW`*O%Cl2 zmwAGMnc_Kx%Yo9Q+=P*I)-wtAbKvE!%sQisMHQAAc236_|ykN?0N( z)qd{v_6e;1)ZETD5>voM&Dy>ZYE*kSS{FFWI}yX~d>wyQY2a?oR1${l?Xp)HM)+PB zUGE}jT?Y;GCpKxL(O{Zd1&%IfB;6VDQ$Pk~es#}MA&hR~xr|&kFT#p(VYb6}UIi5R zA+$iU$J9pi;mnkE$E#<`r;>?q`1;^fKCjNv5GSWg^-fhy07Y{{t749AcY;<2y_u-z zevc_iEiwk)9C%zU+vmeY(fqh6Mq{_$f1j6(*J#v@wowZSxRqTKTrlUXn7a!B@|zmt zTY{gAg4*sMj^zi04WY4#&y(sf2PEY!9C4G3Y)R^Bb$k zGZzlV-{4zh0%mF^GvP-QDJA>;DYrvq1_Tyfwavw0ix96G zekiPk`pX7DXN(es7p}}DIDpf))`sOV=?&DYgABP$+^iy;k=(y52M)c(Oo(7&a*P#{ z57@BVdOI6#5%_}nCl}UPC>EAcY@5_yFqYiPF%y~LfxF(H*&N@e$UVzHve0GtO61x5 zZURw+)xc@F^F=DkZA;yXOcX3FB!IV5BMZ=e0O9{G@F7QmuJtCn(%yo5vOh4=+i|t+ zB$q)-^&98n4C(p}ls*&AZ*HBE4TO3X4|TmQk?q}-Ac~L3hpVZ7tYM8Y7H(9x~17e>A zpzUy9ocag{(N!F+NKU5ttDt7WtoXtV07RR_2{Uj|Wq1m@LH`iC{(*_fWR8M4N!y1D zD7m}nn*?;^uz=w*owVhCajy8;vICbSF_*GV8E{QZ&MoH2ysxv(Z&{mpAViex?;^Ue zj7w|@gkW0%apJD2YNQMpCZlZz@F!7s!NrRKs(jL%yzjIzPsC2}^VG-~y(2v277SXZbvp94Wn}u$su0>wIzezp$KY5 z1XS_{jB1U6yE=xbg0WHy-+@j1BVc_dg7p-8jhA+B3Z{cW{E=i5n|#IFs}F!mWe3!f zT_mcZOYjTKi!^o%sDEc{t~4L`&p!CdZonP-e!3X8cTuGMci;^ZCA{6Bv?XIp9s{}h zk`;s69@cA3$#E`Yj8zYvw4wWP66Izek_3(|-#Negn59g<4oO-VuM?r`#@=}7=VV^r zyLzXzx#+i}-dLiB!VeBk>-Yh_Fgi|yD@CMmc7}jjLng3#;jUK-sNw9FeAs|u{i*JE zU|)dU(mW8mwh>kvT*-Va4n3E<|=o0{WVms?Wc>@{;U6~tgiuYr*nK{O(TszBgkNp z>t#vzMH1^Mcf!qQjDa>H=*-Ji^2;KOPwGbOB3GVXXoJ^UFx)pRLo>?3E(#y`PZ99` zkp%y!1^ydz%a0y)n+&l|51Dt|XG8?BzO(iH0nh)Uqa{g@ny7Q1z+hKQe~*S5C=ht+ zKK8Y2AcqXcYsUMeVRRB#plbkT+%>-r4(>HzHVG@G8uznNw-_*7OEn+)6AQSv+rlZ{pfviHyLqj6q--$3UZBu$ z7Du>tJ9fBQ6}unblG ze4S2MgWXtRbYac~&*Y<>#ZQklaoqI2^t>awBc2 z!8dX-E4Q8F{$7*H_R?TpuAi5K<_dWVLN>3mC8u+ zJVa8u<)1#$Bas_XG_}I!=Qo4k^|O~Y$^Qve2ZoG&a9r8Ni!1X>L99>80w+D=-s|Y4 zqFFTF>u0I~zltL3B93~O_y9QP*XqQ7k=sL0X-hXv z#XYj#&nqckRetw|8EWgRi${4%C2@eO0(6h2IhN1hxLhU$mo7SFbLb0-aiEJTy}1!k zh~Oj_YY@zZ&BT&I03^h9@z#Gz4Ot$h)uUezeqFMzhh8ypter03Aj|vq>gC$F z--EB(8`m;w$wYG5QGoHdwoa-}}KigH!`yVNCWkQ26SXJh@p zP`XY6Fd0g5P5*_k%VbW<6yKW<#>tv_IA1xuKhHU@)Oqh;UY&s4V-Te=dFiqCivx9( zMf#QW59(#j4%7;d{;$dO5A1w?pT*;9)@*!768w+`S(YRaHUYzquJb zqH0B2bC7_F)xQnT7sZx)SudPbI!sWr(WBGq89n{4-%D-UAIwo1f9b?ct^5m<{zp5;OQJ$G5L{? z5~27lru|l3om0E+ytu{?{S$C7joYB>H{EFm%7x9q0YGvaW9rLKjw!J>5+ort+Y4wr0C zPoF6vF1-@*j~n9x3GDjnr?@9Bgy62A>tz3-5 z#E}g=6il8P!r!stDH+{lgFj0KQ->OtvLiRbPc_aqKDMoQ%V`FD^;jCx1Ao7C8>C!@ zRASZ`4g|P-NF$loG>2QiJVc%0j7~|l`{Q|~H~B9uI#bFs;<#78w8tYIT|?n$R;U(M z^&oa;O_TN-sl8hSsrMbt@dq0@DvaDbKQBj+lYpa^jpeugKL50<3- zuboMYgJuuu%r9RzmJju@gOtO}CK{kOp5ZyJ2t+l(1SMwlT^c2(V1WV$wruan*>#-x}l7sHqtvhLgauK9oORE(v*=#B-ql}VPx-1kWN~tgf`K5V00;&}W z10f5K%?of59sDDs_X2Qs_cS2^xT3$zbMYZ~!`X>~raUGn{pyc_g$GHVKQ=MDHRp9f zTg&${n}VW{!IN#5V9N4KcIAnmk>R0VJ09;{Lqv_g>z|;)P~J(Q{AAJo4+(AeGe0_X zW{)7AlPdm7pOJcbq^j%W9H^-%F7WvA!&t66)vG_B!u2v@bKej^OkbX**~+?ZtKt!} zKg2tKMWnl@99H6+t6jy!{FHtFiz{3akKbDD`HrFZ#zCeOlWg4M2kZ14x(wx}CV@Q` ziXUcek{;v0Y`#(~So~-Eh8}CtwqWP&VBSyNT13B|M+!Wm$APtR*%(0(4(!OwvchuA z7hYkR>g<4oS1@asvhTNtoutZ|*)sd1alAUZ+ckoG4q7R0g=giMOuXE9h&O$Wi@1sThU#ko$A zZ4Wa|YD7N9s#HJp#(|MTu|F1-C@&TebNM>LO2xX8j*4v*>G-$OwTaf?jP{%Hex|l` zoO#XPMi~x1oSU>1NQJpOdhc|nmG-NJqLNS|%6i>`{ra93AKQJGTSJFOdcvn%mxISO ztJLi%8*fW~9uy|je6N6I#rNx4Ga-04cFM2J#Mz2n5T+yP-YwqAlQ1`e_3VI&mmJ!R zT<8Rc^>J~Uh&0vmIZ&l-oV%CnBe_3Kh(TiQWy1nq>&J~wSpCI9(O$m! zhh;@>W_8m0?z^A0m1#0V1GDKzr>S8fz2+qnB{vY=2K5fIKo8kUkzlXDH^uG24_zH9 zV`%Rt!i?$GnXH0!YsF>mypuHsJv&`3yYr_H(#0SuPX4QJly$soYsIF=z7ma#l7wV_ zYf?Of7sfI?BVl4^xy8pNUNLJB2i&;Up5d6K z^-;f z)<~Do1R}evJ_1(lJlu3j6|YP{~3T3%oWTdCSkY(?x1*l19#^vs<8xZ--+ ze7v~_VK%)M5NCbVbpbdq&>XW-SG<(K;xE~9rF)U_S;oeOtB+JbM0@$#uTZwNhsms$ zGp7h!>aH-_8F3Og=quw2kGR;|Ju`3Vv+0m0K@?b0w^zEfofe9agxi1MpK9BX)7!R!qv1}U{HHYV@UID3 zDjd^;kBgq8aS#WXC4C0TbO{_-r-am=MfhiRj2Y9L?U_Xc_QCkzQbM*evsJ-NUW7ku zh3u{u?^NxT^NNLniJmKK;Tf*y4jj%I*A+)_L^ZR0y6vE}HOn#vt&qFAF4NhDKN~2f zMH-|idt%o*Qn~SEUNF0!eo?I2aCrXc8}(;2D_4CxIn4_?M z+JZChMsG`#CLzW(nyzJ`_eli_F)7wL;j^1JydJh5Y`8nMxoLS8m{hdb@+t2fxb9J6 zIF9gsG~UC3U`M7qTZ@QB@p|S*=Y?0jSt>|qi6cCc%b3NdX@=Hk7|Yn3p*y5C>MwJ3 zKGGKGG9~sT&Oe@xJ@Cblv3#RNI(%z>Mt2@_OT_ywrMYA+qkkrgtCvSxUi`XN;S<)K zr5{(F%gXNiD^P*x=J@ZU8}wIrd*3aDxSl2bQKF1@U;0zmFA>GT$X)-bUbY@0C?xM| zGOb<+IZ}$|{g(OxhHBvw4$N%@Erf`IX(TOvvrugAOm6qO&jDqs%Vv8zB;jDNLx1g{ z9bMJ8ZtjZ7lZgf$vd}K<;pSTH2^Jj7ioI1zB*IUB_U0Gfcpx+vW8c-NRrHSLT5?Q1 zRpb~&^TTu)QB<#s>1N<0%frRBs7Ut7T-|f`2C z$$kZ41?NqM{qk}X!o_Y3M+wzj{vmIwzDMAqv3=xDEa*h-KkrW7xeQ_LqWBEB=4=!WDn=giNjCL!5qgpFy%kqMl*o- zK4lHo-zL7j6nV$}d3KNRq^Y%W_qWUOr#iW#;Yk4pJR``4*B$yN@U=oW=NS;|bB!{PGR9 zEilQCrF_eFaku3sfvJ&Nzx8X%Bc3FE3J%yFKw_dDR^nUJPmLiNb{4gHYzm4ADIZx` zCbyL*9L`w;iq+{#v0P3v;!PBn&Ix;7izBez1G7x?)niICv~Xb6zhet_f$>lB>6?X4 z4{Z~T2hbpYZ4{huB2<38{9;f1M#e^%RK>PIz9&(?CFsuk+fMD?!jl66WDy>Go_r)+ z@%?1;0(ChLjoKmqcL~_AIeU;_!WK;Tl$(OCwZ(}UTkYo~C-#Mc{UcmPN~wij!z!`P z^%(>?u16L-2`a}Rjj5Ro+gKE$r+ezJ-5qr+ApzU(Tp{rO>;3`nu$qZ4onFoFw)h;Z zt%4hfjx$>@uApR(VObpg8R_H~@)`L)NOX?m`HL9Yjr(`GiWvM<;yb8>JZiHQ_FO(xCYW9} z){(iqmrKmWWjQ<5&NzB{mon({Q7%bby=b;{*~^1_p_URl%FjU(o!f2rp_UBfJ;~|p zC(T&b0siViN{KO0^mhCP+s-U;EiT+&Q~noY7)XOSDL!5W>yy6f>jk& zRNNhhPOcMXNy$wT$8uN{RZ^_tj{k0o^*F;iT*jkKPr@9r7Ao5dWzH~>t#O-=7 zhsg9P+ZO_4o1(C%@Q$&KWWcZopudB_e&_SmFGmAwf6t*Fusv^E; z(s+@oPiJjom@Io9&haisRHdX(&ybUB$jQmgoOa=f*OTF7{d|nKbA^~a+V9p0H6>7T z@&4}O%Uknb@hK>N63W_ESf)u?fT*%S@my@deED5OtIbDU9Q_@xwe0b^CrbCOj>beN z*(YU}KaMr!&l5V0@i2Fsx=x6njIP?CpPq=b6YS;nSg5%9O9+|2{I5mlG9!}8QyDOWh z(4mP|xwkKm3yY17EikNP1EctZuY?k|NG)C=W_44Tu~K*S@P6)r#lQ~{zwr}0yIrt$ zlZciy92{+2-Lb~UOgyr5RB^0X!rWUSo`sLnUD@883U>O{4rLsmT-E&7Tz2rIq&UOA*B)&3V^hj}%@MnMjpt)zx!we>&hHT5w zy#lS=cQ$Y0v|#<8Z>kNv^WxSN?CH`kcbh-DGu{|TQ9jiuZDGNH_2M}ZB_+%EIEH5g z<0SRW))8|ZuOu@b)^O?Gz5U**C#*G``13Ft{VtMKaUUCcLFag?8|H5Yk{LitO}l#% z#MsASd8*7Nqs9C7NrH`ow~bU$X+^*>Y2kJ|>uhGBxiX8)*PZIypSjF~NBz0*5g=J2 zrbj)$fdhL)l#x#g`~j**8l<@Y*ss@}I)NF2bz7FFGj)_Au6HA*Sst0GMC{Rx5fsRl zLMrQLK7RX22Or{UESIjpoPJi37wV9HB%!BAZfxMmDGW$GU}V( zEw21FG7!EBygur?##J0xl4hpEv+j>}<0^JjapAN@Y+ zGN0JoePx%of{KcEe;H6dJ8&!+kQgsLPa4>Q^bVkA^~R2maA5VFD*a+(M7G1r&C^SU z*zyt*LK)>|4I$E3a2NYf*%OT59Np&|?m&Y_)$bB2F$VVf-rN^-M`qy(Jm3!r;830>We+I5 zRLw6HE)noveXi{b%~dhkn{KFV%DH+(d25Qsjmq8L%T=qD=6UY?#VCLkuV(VA|GR4e z3(x7%;txi$U@|)V@X(zZV56Q6&Q4IoPgtgrm;6;~YkBGNl1HXjG@N~}9$*a3JS=U1 z%|;pRO(lOu232@0_DR3!8CGx4=}~@bb#L@>h2_RC!@4U#|K@33w|qI0OymC_#=bJF zs;KK$kVZkeK|#7CrMr<138ke&>VVWCqz)x1(j2-Q1ZgBCq(ee!@KDkqa2NRA`+fI* zf9{_Hk3O8e_u6aCIp!E+uJuu9EH4b5<&AS>0^S;7eI)%!&KtKRo^Liw>TE6Kx$)VQ zKLncaN_;GP-`ysySLX7=Hnr-RIpdBJu%ycG3C^loZ>&wDe^#N&>zO?CIbnNT{YeXi zNG%CrieZzD)ULvM9KIdi($DinaucAk0n6|jO834a+Jzbm2mM6!K~F&MldO`IW4 zqb|<#iSxyWm{h9pKc z%c^Ay6rNvh0MHK6)%E~_=u%TEi|bHLi0jEUwXvfSwe6k1tzSX7Jcinrya9FHp8;xb z^1z_ewx8WE7eq=*71Pz(y`}zsm{d7eoP{rARnicBoOl}aUO`O^yZhJWwI_bAA^Fpn zSXSD@DUXPFzI66;aaZz^|67fU@>;W!^=D@6J0Ef&3CDG1`YSb7cGTg%qTpV7Un-R* zfU>fZj`5-Lm>+aEj%cRNw55k=J>UHHwd8ztEz1XMdArbiZ@=fv`N>H# zzKm1=0#r#---lAmzWBp1J#)?g%E$QV58FZDspz=wBSGEW>S}dPa`K3*D(PN2gNZ!U z&j(p$8Trrk;%=|^v^g=~UAt0RqG0-4hnLPriKr)^=>pOdr{k8l?Vh`_;QPb3f~uZ% zJwOx2N(0#qE37aO6HS;U49h>jU#Q7oj^%Q648}7P`#(nu`d`Dvn7=7z`f2pt>-T50 z0_=l%bW+n)wk5jr(T1;f=2yUj)LGu`AljSd_| z(cc+(C_2J}AuFl^jBUuO5&ZA=QLxi6;zN-(BI3lGc3j}2K; zcl-QmsZJ|7-F&m}ph>;!@H=|&qT8{)76U${SBNqi3u5d0mx52cJbZi>uTJ+d_iN^K zv6mIEyOv6(e*$sutfC7WjD{EoWmOLRvt=@f!y%r|57s`aySqXEGx{;UVt3^un`;!+ z55eEf_~2!mpdPURRRl%Fo5%dAzT{-E8b{^e;` zP6nkO!K%ESxc5LsYfg1v9t{)&(i*~Z&y8#{BWv|}%%u|#xo{$ww_eW4kpj-I>Nr#4 z_8O1wBmIAmy{cOgGaswareJb46;7@_O&2SYm`5zvDqc?$ba2wgN;LsQ<16$`I!NjM zeaW5#KtzUFNRgl+GlW?NNrM7zh43V}obxW`_dLf=VMWKNkZxJDO%JH90ytraK#xq$_fAen)QJQV#YT(9%Pt z2TYIf@dNw96rQ@N^%+zl6YI3kS;cfj%Pu$^_k-2EfGUJ-QrTtFTd!&{IQeWQ{D-v1 zQs~O=<+IU#)|kIHq1wyz6BCUNSA+WIzWKKOe%gzM2<$h!I`n3}v9^d8WPGT0N#)%L z`Wp2T$w51vz4^~Umg4;KpI~n)p+1M)Z<;MpS@T>IB?l&$oqx{z&DNxH%hfxh3f0@q zP%k#LIA3=NqL%6}qGYzr@NLwPoW28@^?YM8g$DqT{0puP%YQfbG>FRlZ`Fb@sqikk zUC0CWRMK-z#t&~gUp;>0y9?44Ickyx`>k9Z zgD!-%Q>yC`G4XN3`pHBq_SJjsY(F7o#~=B8uU@@E*igVq6Sb-cV>O)Vz!ESX+vLoe zh{(d}pb{K{zN+NeL6E3h1VPL{)5*VE5JSkX@M+nhTuSM`0iYR2-@I4Ds60^=Qg3=& z4W4!2y)@ma>BSR{cHc%&AvO<_GBatUq@`D)=*SRH!=JZC;!>Da5{yS&7)ca;zvmL7vRDPEeIR9fM|aT6ohYt;HxMqt@hy$M$)nLhL#hh#stuz z*MY1g<&S-PjtVs@(1cDAD2$AZDA0#Jn@HyBrP>-6eF;dy&v!b5c}PA88#}roM)AZa z3QGkanxjQZj;;28FO;P#HE71d-4$&Qxw;A4t1$Wuqd)w(e6jX>`4sG}FPr(KCAL5U zN_}wo%QvKJuSUE_l_scmYuwhp)%S{c1uaG%*b|?*b*e{F@#2KXKkfP893)Ev6^F8Y zY9I_fr9wNV_nx$UDP52$+$k7Pvq|6^nRcvBBY2^J?R&gTL_Bg%@NwidF^$H6VTmex zERULMdcoS!==jXZ2><+-ohYB+KiNj{P%k}hr|{PWW(TtXBy7`QK7hQ?85Zm9W~`Kc z7Mi8%V@DyE~fpMY5}f6JhW{4}RhvwxhdYX{D(x-EPCyFU}J6E)|mXogM+ zE<1f59_y>)Bdlp5l%T$3=A72P37Y%p?ynq{>w@&3nQBmB&$WD!b-FZE!1KjV7? ztIQ<_`s?eLoFN+CwPkBWge*@dV(Ab+R;X6=Eg~Kcc#Zxn>r&$2U1EyP zS055p<40}AP0q{%IvlJ&zpeA7ayj;=7y53Y6UU{{4pF$jb~Zd1CCuyUPu-d5aoseqyqugNK3()82T^Gy){Hox zpg~kKM8efF%{x=u+a*v?QD+MXmi62(j<(cGEQdTBI0Y$y$|Fzz?bNgqdZ^->XC%=N z$CvO&Ff}rK%jEbySeR>xkU#Y4Ykj8H_F0bguEZK77e*1msOGg_yk}kz6Z|DqcsNri zW?1D5#=RPoV;Uio0>ezlP4Pc3fAwNpalo}!RFM@ZTTW>3=~bV$4~KftsAnl4A(^r0 zmSHrx7g%l?EFU_^*V{sA-G(W}BOKYAp1clmL%x3X#pfYai%|Ao+_g%JF8m?=t)G(` z?fJe|C$x6ar9vOpKaKEAa2TS~4g@hjx0T+$+4da9`-d3)ny~^wG%_bk`sVo(H3)6+zaL zQzNR2rNl#!j_Fdc{F#k7x9Q*E3LBJD>oj3h;-)v20CB^%bZArBO#c3D@?bj&ZfXTn5^&>m9mD#2JYbLb zqW!lrGALM9P&QisZ?UYQ?(M^g1s_qFV&~d3(M)du+-k657g6@KZO0+v=g@6R-h^1( z;2mvEyv&s!G8R6J8#hu2%n_Q zmDRLy3^gs!_q)z`d*SXbw1!?Upl!MVuW?!2IR4wcT8)$mGyq;mN&=yDh^`{M>=id(X^!}TMc zz1w~2S$BjV%a*WCcV%Qy3xZxjA{w%VR$1NL zdOxqDj;&3XAMY@(ZHCr=@Cis)8zW0Moy|puymi)anqz5i+#KVNesI0Lqu_Dg_8=Jj zo=9ugH^#?rVH__bVmXTC1W=!C7d-msl}Qc0n7j#R%s$kFvWv#C|Ru>Ty$2 zrN(Ek>-ZWeMuu9*JW?Nb=#2tR5!$1GbRX2i?JLZ2Cr@z=TBZ~w0K8K8g|%V$I> zozPkt?21W^QTfQsSWjxLP!M1>Fcwz5J?W&Q9`99UqU$e-2VaGObP4xf+C6iZ5zpy} zZq=rPGHaUu{>9#B_^iUHvc~yXE|P{DDcuXw`Lim>O_fl#Sp8`%WG6kT&M>^QEA?jK zJpfK5$I$%2OgLG=LkLsC)k3OAUm9OcA+F4ajpf;hWC448ALV8iVcQHPkcFPfB*7gpCss6A# zu(+KdFRpTc#&b72Ze?Tp<5hsTR7M0?W;6~_wN)y+-pZc}nu*U1j}V;%zqzdtZs8OP zUNLdhK*Myovvk|(yPrWPMpQBe-v=C6`5Jipkx1rH?J?_DIn#^>C1qjI5|Ro$_pZsV z!<6OzQ91|{RgwDw|Kn%1zt2>Mh*rnEn8()k*Q8VCL~lyx{lmK$VAm*CxrQ~lD}Y(& z2d98m-S36LyNBlZC)4yW%~Y<;vB-JtvhG77^$&+~doP)*=+S^27sO>oOc zNU4_|yEzU)5Zc%Fdqq&u6y7TH(CD0(UyLBH%|q{Iz|Chs-xa%@2u61dKX0QF^C6Xw zrsSH91#MuhEmf*~vSCiSi;crB$2lBCQ=2>48!M+%RV| zWrqGR304=C!i`lX+%T3V5U6GmN-mjcJ{@gq@}btUsAu?)aYXXie^ai=lpr+xY7qdS z*?7x{D=4)H^xmgxOIU0xy@#mFQ8wRDh5*GkVm6WnR}C2)*tH*hFqRb z&OB-F8u9^kZgNF7IWgr!gx)ghkwd$Rh^H5RE7YmHOR!)5SA8F6e=LtYbFP{O;Z}U2 z`q#wh2OfYkr+gwCsn zloTshKJY; zeIzuMOO?P^vrJFB6?$Ygm?`etQ)nz7K~Y^x0m##(mUJ{;#idbpgNcS-f9g%1+=k)g zO+E<3VKLaWr7e$N@q@*38fM{SRuUWc7ohn7d0wu&drh4o`fq9g8RAp6EUktn{ODOI z+WAvW&UE)Va6vnwQ&;MVEiEFV#*`(lfUUGj^t zai{kNAqAo>VJR)MHxwq~EP1)-kcksn3k#IyCHwBH2H{8K*Ys1U8>+v9MQottT|@NS zXtu5?Eh4uPQD|uu!PST6Bj51eQ<{jdM7G%)YsVt)lV^%1p>T)7zJt_{PCpO((Dhv{ zh=PNoY!d2aG=%!K@+5}mm+Z!pBCE11IP-!-rTDl+1e(E&Z3#a`{tG%S7I%6A)aRx@nSgk2J0G*`>4GY5xt#2_3hqhZRON-p>btwj{dAWFo&q@;$6i zecrE;`gFRq3onjSB>&f35=>R7(xn^xy&2?F!?4e1^&)@+nA7 z5;w}FI@FFOVSxWp5rO>c6f?(&k+-2&7&A(y_R7#R+Gnfm93tsKxW>EW$9hi{lac6a zPUHt<8Y9U`46O|PZmDLR*XHuE@$fgRcHdtf?Tq1O(2E>=%Q8|*wel{ND8<^Jjkvj` zA^x6Lo#2px){doHau=lhPhzgX){^9jM8B5lD-sf+wvn>>UW!b}e>;e2(*9g_Vgf2! zP1D9~lL7w3KTwBju>QS0T2r5;QEv19cY$~!KSz) z)Fh}t6f4XrDKm(wFzMAjUU%<*3DA*G8QUxmxXQ5iU$zq|pRFwskt@%MrwzUzKi^|n zOR*T6`Ha?0tX~B;;_lwi9DjUy@Gogp@%^=iDjKWXt{kc{z7R4<2+^TGb&Kzr8^3+} zY+pcyb;mrQu(;*&B=o_hnMw-E41rnhH?_TzozmF5pkPWYlz{qoc|J_bR7 z4Uc2>r&=%Ld$uVEGsh}(uc~O;-pv`<=p~(Y^Ur&oHzs?5QV7svPa4)iW7aD88sK_K zl&nKW5V7$${Cs>p$Mg^_nHvf-%28ft@7QY_k}X54d*BWp?PzdK#)1kZuo^DKV}?FF zd^tRR?l`^vnsmxrfJM8^zisLUGjBxqOUTYI-yakkG-)-8-Bbtj0D1N26wblH3}j%Z z;MYO|rc12CvHdd~hys6|u}l}8)Z63pOwWr0@to!a4jX5}Z({`1#$5wZ``<60 ztaDsa@oi5^pjSkHb~}mNd~Q3yRJ%LR(nE?V@|^_iFWw1Ap~5PkFVKd@|A5}(l!>m} z8sRb=BSvDjd2OHmXT%xePrR~1^1k8G;QMTXO4CWXBbsy8rsFNNypg1`AS!v01|aEN zJ3qI*52XLN2w_8YFf7D`Kf;PAkq{p!ZQH{9FphfaHlV+>J~aQh#BcOPA9*4E#J4(5 z&QlpWeMSi_BJk}+$k)U~n4wLabbsM&a6X;y9)xUi27d_x6HS>vbTrZDub`ZNcgsOr#}Vx;{>FCRm5NUTDF4BVGU?&xbssL zQpDFCZcO#u3l1XHd6Dw17uS#56dbyf)|g&rL&3>VC@!~v{c6#jNwYa@d82cx1Dwb) zI?NsfmVcuP1t2@ecbzx8Zx{TjFxE^J%KX8V8;E0$y}j+|&O*Y9osoUI zXS%QpXHz3BB^+*7!yZ?i@4@n+por%e0)U~yT{Zd_YMxl7p!Fpcr~K{i9fOV=Wia2# zcU+ep33-Z9d~SUXJU-ZYYLsHT%x#b}-v`d%NA(OpE#jK*bbE;a}= zIXLw<=Lt0LJp)@!u_81s^#9S3uBFR@bB%8*bJ}t3gtudpnq946_{jMy}qRsvs4!pM^A*Cb9OvF&7Jv%T{wS5Iv#Un9ci$AqVt1< z=KkJFf9TEr@*x>YsPEM53*?RWeaX#i)p^A*Ud6#1Y&&nS|LDR2Rx*xXRgZ+2j=XIX z9HsFnz<#*ja|Q6e+We?1JIlC67q`ktn|bFGIt;bla>Yy$@!KaoW|a#_9lCLpy6!x8 z-WlVoEt=MCw%8MIz%9}&82j==jYd3M>Ke8zTwFxkk}$rP*Y~J6R(e!$;%Oz1-@3p7 zx40+bvD@~nqPh3)3kT8#DDN%p1t!QjlQw8IC7Yb)W=nY-B_yr1=sd|=94y`IBzAy7OM7cM&wSfAFnRg@r7Y0NoF8* z=S>M`pwv>h)xZKh5z_^`&T=!%esJ+_$zk^KK?b2Ba_jz7UXuCNAywnOunYbTwRHK7 z{MTQ<9R^N9!xH2nNsrHI(n5E{1@vWfmTi^o1IUB4ik2VH z6SKD?PplV;h~!kL=xGfGHcI@JCRt1mnq=V$+>>lVF6Yn2-nvhJ zR?(TV4a5r{IHZN}9NeszOdnjl`w+$r-4?7Y@R!jMDS;i^$djm02)~y3gAk~HoqIC* zUo@+X@jsf?sKqllzCo>hXoy`Gm1+y*M6N^hy7Y$)sFei7#37fbdtKAhBrjxzd5PRaneQ)(tNbcK({>ir!eNL~rQiQywb zq#cU|<@Upi{p4k2vflR4F26bNODx1%cIm)rN${|p)0eq=6q&6Mp6`%i(uu%C^I(<@ zuwH7fwVtAlMVkP;(%*@SFFheBkmw}=hR641Z4iQu6tk{xNQwl+35#gQ92o|wW4If? zft$~|hNixBlF?QL+ecJwOgR4ivSIvpu1;J|g)Dq3-4Gar-dg>cSKPPV$}3{8xm@MI zTa#tyuOyhB75aSn_`-wY5gj)}yST)e3T#HO`Uc~|ZM)r3rYIAOEq znlff3(@xHdZf*gOKWPkck?{7vVwd45Qn%DB6mYXVF;Gwl^JFgAjN&;}rPKdo zk;0o2w1N9rYs!hwt+r!$2W&EwqoQ_1HANzRa}oc!DBRKh!grQ3q2yI`NA#0lH#aQ_ zf8_93-0J=UvE)er1?FG%hq+M2HZ__4J>~ETQDi$!Dh6MZ-tV(<+h^a2PBgD5Y#IT@ z+a52k_Lb~aohMO#OzM*{IFqQ-mmyMd0#=eT!s#jk!rTdQC8S)#W=plSC_d%sKrC@B zLh?!Li>k#KT9|zCtjx1&`7ap)$4ktnN&Xi9jk7JJA$$pS&2a)^mT5Tx?^e{V{!!2fT4&%VFewln8j z;!L6zZ5HVOLYK;j5P*u$fkt5JkFORYiWGddD}NG<&p224@L!@YZRnr|L1$-I6LGA+%I}Z2DS_G*L#X$)fGB&O`=#c>>B_%lfIjQ|jeBrj+>K9t^ zQ&C*b!!l9scOy)zC;i>BXPK-J`kM&#eqO#WD{%k=OMdCzR4sE(K87b<-lbw?nC6$B z2b2+RWMgKdDYE;6n%Wa6aB`^xvAX>|)U#i`G+*6JvrXaU!_g|j2Yb6vKD(?Gal-SJ z*giT{BC0hI9b(U)b;mnSAq$IopL_+QI9jB|$fj3$FC3qKj7bSEukA1NPsEwu{?CqN zF<&ncjUUZm1i942smmgfqj4Z#ZA8anPbc`c}RJ#DHcY4w=@Xfd)EHq9sD{o z`Ks`JBy7gSn2FXrO%Bw_ym-LkIBu16PgpZ0x^_bN`EJ&1%#iz7+9tH=OWh{Nm=O~^ z$QJH)))>U3$y%WJ(jKbi@KLH8D?qa<_lRcaV9taQ>=m>u$KI43X0%&W$hlA~^PEnR zS=5I$$@Dnp%KJgf+zm3bgJN+5T~r#+xd&T%oAzM~B>T;_Io3?JkkGA^4Oy5oJIi%? zUM?#q2b&Y_Fby6!W7^2blsy_c@7+Pl6AmdOFEh>a%&1<3! zb=z6cNyBETf7M$O9VQnCbJIeyP+Iy12rL~eDwz0N0&I%Db`l}E6x0Z zw_*bM{(V`YnO5J+eZ(x!>a9xg#REN{00k3Hd%ijYKZqb^$A7#%_=#tx`CZMKawxD< znYQ~Q&D1-j>aC;;d#D#{Ge=Sh6K7;-kf5q#V_`u%a~0z&p*MaSPE24+HtWUaMpD+v z8`wicsa_RwD!)T#6vgxRLm;FrZ)8HJN|%gASmgmO*dRs7oOdS~%aCpNK_N3Sf9f>9 zFkVW%4hGsAFy7UltU@!fuuY|typPU+3?q!$mgch>SYxjsdkh#ynn$I- z$4X1qFK^1JCFhQoi~?UE3A_2e`+>G2b1}ZC<;`oO){8@ho^DgrgY(*HvB{A_nUmhV>U|1+84L+w}f`Jadlb|ycQm82VX_~_@Vo6RFFEjBbn=;8>kJhi{-43y{ zEBQj!RH=j3(Di?`3)p5A+7R5)JEBCe6QEo3O~S7gdu2$F>xsAd!~BXBP=Jz_+8*f6;nRdHgB#@0xK03i60v>^ZHtKVIeceetBp>y7YVF&{ZVzf| zYR|*TwTdM zxrshB$tTrn>ef4Rb+jy?{<+IhltJlEepTHh8X-bG;?Mt&2ZQ|$(p}8dXjj9Z$^KCY zdhw{c%&t38WmW^3IhQQ#WtL)Rs+>c^rf$n5$5)L{u!yzd+lPVls8R50LT6Uffq09> z&fIo~&9L&-gj}{Ue&t(e!nc=3huqMu16e#@P$zuuqMt0t)|iux z**YZ@)e`Z>G=1iEMC@z1Jqy23NI;X-Fo-hr4ri)R>|%^~S6d-K^Xx{pf>_l!v46VmO^L?NF%BQD{<6L;0r-f{7~U$nK1_uQ zJP>rT>}~n6m@H~jFQ7L1Tev&FkS@&-^k<5yoh<$!H?jKJ9*`{R&CfLU9z>~=KWoZ9 zXZue=a#3C}=_qr|2zu^6ww){v=6Kx{#zcNGD^bblwAk!aY3zRn;f+(mRT5Yl_q13yK%R z@TW&Pg|7BkLbuCxMNeF^6bX{TYeTCUf3my4`Z#m~isATZHEglapBo9k(PZObr58Cx zeL}U~e)hd!;8&El7)|OO>wnJ=b4)q{m#01U7Ky&g+wxcqe+644?1PPJ+DAszlGri9 z4!V3;1dMW%^f|R}nA0QHJv=-}GC5y;R-bqj*Pc|1lM)a2&Xv2&52IpXYccH#AvKX7 ziyf%z|KqfYbmc-DXj}ym;Q)pb}s`}LWb$xu!x{e)rcIG7E*DMbVJd(n0J84xogli zL-&+Xn1zjRsmh`s-!umPwl8`DWBpNIY?iXMH4|`pnccjz zXeXAW#YB8h!7NmW(kx?A3Z0_kgAHs=m8I&@$P#te4_1)E)0<4MVH-q)LyJxmZGpyJ$>6OBMR&vZN^6}VfYhIKAVS6y^Ar9v|$r$qd&0@ z7o3SnQrBOkL}0%Y>fiatm%Hd}_}!T^^)x``qf5AirDb>@@ts|-#rw49d$u%}`}TyM zhsv=FhB_&-aKbt-)M1WSC5nng{l&BQ9pbyd zg)%9!06ygyzr;^@W0VA<=ue7TpzKlPpG4=H34d+o%L#?EZqsWmF!D+sHIi*7a|mCK zy6q%T_qVF6YW$15!<_cvw{}OQNkWs#oRnIAn;CKwc_kva5Wm|>!immCoPrZLpME$^ z5cP8y4g_96t;npXd0+txdE&|KI4|J5LbOmQTjubiUa!G1oq=IsDv@p0D&kmZwzlZZn43h{#9(>9K_58MZDVZpjxVFKz&Ft^e_ zXF9i-DeK+qDZKU0>a5iXLRY5l2|twrxk&cCN^dlkEP1>(G^F+N&sv0n6|I7l3bHVY zTjAmZB#I`Ew3L{bm@w-n_dsROEE}#_>9RIJf1zP&d69OZ$OmDn4k=eJup4D|2}vQO zrz29!x29C`;I{ZiSt-3A@_4u>ilW;=R};)%n)RVnMl6Zb%~3ii+RWB?K}_NOqaRLf zrf2(3bvwC+y_**v$c86#w>vTbphJ3sElI3AIThYYZa3_pM|Qbws={6-*ud`9pW>zG z>PUYp{Aas6M^VwYbkzf~!kz%|1S7d33zUjN zRkfqAbP`S@Yg!kKT|#yPLW_uYk^p8FtaL7Os2qiuuQTVZwGzagXorj7m)*DOhr}x^ zrd!_`PA1=-6B!`^9tiUDDe6aS_DX5P$CXmS38#qJoEkb&0uSted+2ocsvLz!RDD<^%u zzPgkpeB{ee2Yw0qiA$uNWETMtVqpp>1S5VlfG}j_w$KELqH1~=0b?LYxP>yCO4DTo zGGj*Qk_GIB^^d(z5bzNIv1FbS={~zM>7HLhZKDf&o9eyoMkV59oj8VxE0;_eaE95_e4sZ0r0PVRw;g{8pcAf}9A% zbwrDL4RKA~;*hJmkGnztZ(|PqAA=6sJhGDQl{9YkK9&Nr9`J*Ko&vloVCXlyos`z2 zV0Q$w@|Ezrdwiw>CT9MYWkn9S)sl_no2FaZGUoQf*i+~3$-n0P8^wM7e{BIcU<}RC zRW;v+gZ|IkF=M_R8re1NK~f+&c ztH*O|qr3aSu7KTH(mxaa^BIcS-F?SQ0BD~;v@2q9j6Ryd#KsOPDX}Z%Nn+8#a{oQm zU1{3&6S})w{&OIKiwLwp8yg!xRZSxWfao^z*0mw6rt_4Q- zEOwFC2R{WN-ADTgkSvpNYqOE7(%$SmU#d{Xt)r?)csQwD)gKDImvJuAb=j~N%kOJo z(Vu}z9WF9K1uk06Qu+%;{%=!`0P zZua*BW^#)Ku`ORADh%#@xEV>e8kRGg*Ev=0SM{Vl;276v z+HUL|n;-d1`t_hxKleS6{`pZNS1}b0^OgN?PQ4?CzKsCfZJkoi)|880LSE}BiIdjj zojSL2ZiP=m^f+lhI1$ajP@bOR7BV7D)Gl&OLP$H+w)aY->&pL^z`zA zC6r}Cuk{HgYn+zE*bHhhg3xh^i)2%uI}wj^4yEuBXfXe%cj)@F_RV=?mq|9$Q-SIeZ8|A3g|RT!W) zun9t@3Py;W1E{uX$jMm{TD;?JH`fv5e71d4K|<8Pt=4vRLc#Isvp=uRSe8sUKB>5$ z$e)c7PQ>PY;oQB=(VSlhMC2535*#ddL%mMz6*#Na#OCYlNJ4O^So~V7MyPM8UOv02 zuV2FnVrgZuBGT2PXR4AXQ*Xl<&WdLAH9rz-xU(=7T* zL^VxvS#41sywJ=^1JNI!mCQXG!!QW3YS+!|^lUU%XYho4yl9P)1q)TcRJu z1;~N)`PjHI{(C&e^T1qdjNJMds8o8D7r1!m7B9vd#LatB$31{HSLt{zH2Bw*VVf6* zS#FPsP}oR%thHXMf%g>Y+W76>i73+J!egKlW2ln zqla=F(= za+xbS-{h_=BcPcSmT7Nt`sCbC3D`kMwqA9vLGSyz|m z)f)qjf6;VEO;z@vILIRlU%*M2#)9r)c5r*)8MXK(YOv_JLQgOt#1)3`fwZ(`?X$Zo zc{`A(uLgdN2O5crKF_3SDH$X#$;&%!U1(N+{j#h z_u{Bg2N;G$8|f%R-LVmy05=ZiEg;>VCr+V+;=uX=}#5ovdo~} zFyw8-!k3rUGAc_MYuoezRDsG3PD{jT zBcSJFe`Mg{=JQg{XeyzQ8yw2+5-3RpXy@TNqW**JvO18B_ZtyjL;Dc1KAB3Zlw}ed z2#+CTc3wZz|Lz0YRXV1#D$Wj1+ax%5i&~X~fyvxtaAMT+=x0@a%#9Tk&p{@ZlFHAv zVuf%HH)?0}#)^Wrd?RO12b(nGXgxNG9e+c`6Z0kz0 z$4996HUcbZZ?v@g*IYk#e_hSgO*eq`F%(6SJwsEBXOzw%j;gdhU=jIz`gp3AhS^M> zX6A{v;gkdFY>q3dY=#2V>hLU^K)~-zAdX%w1ZZX1W{Fr##`ML*R%7GO8dY!sj}P`!`16Pymz+nTX8m*RP`r4+MbpSs_zt=h76M>K)Lkbz-s7MCIq3#)Z@FrjMs7A^x#0>qa9%d0lDHHUhq(r) zn8}itcI`N_$?7S%e8_T|NR~=eagK9v!eV2;bJ<)qyg_EY%B*|1gep>_qMA9#!-Q|7 zf}@_>Luax`T>4&Twq6Y&3F8aIoiKZdDVhKH>`do%wD|;X$;2J5`K8>rjYG4)mJUM9 zruVp=M3PF$rsVadAy%Lm=$YljL<}Z#Nzd=n*MVdQfBUOb=$_in3TTsZ2v(_a0uJUn z+hXD}24XcE)}bHIrzgt79pvZgR5tU@`*Rqf%k;_HOX{`>z$2?*p4}GAs3*CkA?~$R zFvoi|+i{346GgdH(0VH*dxqzJl=F%$5Szd;7JGk0Hg0FH;iVpz8_wml?Gw8zV~#=l zJ&h43lkiZ3rno}0Mw^{$q{>d7?`;4r#lRXXCtP57K|BH+4;J>(vq)9h-g~ql=n1q^ z+MIaE;63QMkZAjLwXfB-n|1!<`L@5^$MWzx0z{+p8iP@r5Bo{gPMWpS?VdQYFN{`?Qv^&0;W3!(U{~v||Zd zMupb)wx27OaiY)(w0rTn8^QOWBaddDVCd1xCoI^Fl*3#VnZ3I%ACP3?)n-Gs5cCJe zN~t;8fD^w6Frgh%^S-EZe0W4Yp**EW?_*LL6(Ihw^BQzsAN-X2-1IrixsD-ANZMO< zXNoIN%`mX~;-vVsxs~4DF9G+X1kY&9P9jb%$`#AV#4_}N!4A>Tu)6P1p6lI_vkj?I^5%&nxnJ1N!=FBW_RstR}ZR)GHlWw!-eS5?NQ~>nNJm0VX2zHPJ znm8{s6LZgV=bmYA9(QhG(`rh?c;n#l%?4hkK-2&5g~Zn=@jes+ahi?FZhIg-&ad*! z^aN$dN5$ZIPqK~q&+T;<-Xg>741fJlj;n|VpSU*{GHZ3E&7;Hvn&=`?h2wDMn5_tH zM(h2A@v>e2oM6VXyl7+0;`5vG8Oc1O$onk>W}Ie|9~%<{NO%DJ>FtK-Ms)8QDx zLWgZp7b-GGqpshp%_B&?z6riOvMS_D{a4hF$BR6N{;TRi!Az%B=sBjsF%!O{%htpk zVborPr>*#jJ1>kkTLC|i@SNBN?LOJ`4frfNa4oGpNIN zRUi83eY(5l8EEoI7Dq!g9mq;ssKPGO1tZ-q?WzEOS2->SIkOTkM86sIsii@-PJk}U z;VEk7C{P!xH)GXnaX|koo?!07`3au~pmr=O z->P>&LOd!Jsoul5?Tozt1!vPfqYr=FRu^Xa>EY+FY~{U^Fat zlIFbr*Ab*K>Ov5zLdY5KmP(L^)V~lRws#w~BV&29H*>#ja7HNL!Su4_MwwfLPlzie zStd$wU-eVjT_{G9+px_vLQln-i+PF7Z)O{e;ulYr&#`^}LiaHn57#=oym7l#3@+db zO}xKZB$gJ(y+7<++LKr2JX|&V5l>k;UJYTzBYQd-CRBYBb~dXTE2tTNFCN0>=vyhh ztLN%#GI(~(dfk!xEB-54L5-?Ie>45rRYT+EOiqqM9!OCTxSbu#Ol%JN@smyE2Ded% z*P1zpe=nWdpb;CD`d=)8ij(F_l-Z861P=aB>4V{%huPuA}cC-2p z1?)q%!l$u3wYwoO*^7pm^`;JlG!Z;T^p8ffYK`^C=hz&%h?r>i@LEU5eD3PrxM^^ zQraKGuoSeO63Fr@uE3{>;(o^6Mi=S1*bq(c%abyHp@jAP*LI3SIl#lA;;z!*fNdi0 zeSFlgm4M^EJ!509|3%jI%lA$`>;vhjfe&z`&2_4V_e-?zqymFb(>|1UBtdDd^VySO z7b-dBrulOF)^B4vNQHeL7`Ry@F~j68G7w|R&#&T{l_yl>M{|H>4Wa&PgZte8%ng?X zOXZR!Q=H{OL1`oo1e3+Y`;go)Dkb?i+pA{iC3WhQeb0iShb&g=se@D0`R8^V_c)%Z zqj*w2m${iOy{iq|K|PWCQ1=%2cBIX7r2spl8r1*TkHf?EF+iW8mW-W74n{c$8Cfn- zG%^e1u)!yK0-yz1Mdhi3_pN7gloGn9$FAv<>y}-!X!T&RlK~x}fG7Oir@~J2kHVn? zMSa9kWkF0PER5O~R4T`@JX5b|NO>~G%B@vUaGC!XV{aW7RrIxw0wN9|NDJsFAzcE3 zz$hWz-Q7rtN{NC8l>6A`UT0nXTK?Ou$6zPV$4}RZYect=K_rF2U*|GMsVn1u` zeVn3aps}7|DSIl3=`jzLV2XS8RgeGSB%Mh_^T__pZiD}bb}5a+(p4k3f}Iq;&no(M zo74|)aX)Y#x8s%HVi`jn8gXGnBFcex>JhqGcjpoXcN6Q;!>x(JFshQW~vQ!#bBq;mCl1_EU0X!}2EV!-!!ko~|x zX$2Oj=gRzG=4j&fS{pCw^qV`(qj-NoC#UDx-C)yTJ}T486ZT~cDa?s01r4u#tucZ@ zG9r;zHr|^EGT0QgQH9JgOtf#2iiM6RHz)B>S`7yvai~?H2^mwwgwN+C+8!D1Zu0l| zYTPT_Ltv-jp7X?&K4gA1bd&mU7C{u2TyJr!cHM|Zjz-~*xe^2c`T;Iv79K;`ibKCe$H^o^NxsnVqZg~ z)kPxzh&_6%Km_><IX*XLjPdbIq7_|N?o1RgL^<)R+D4NMQ>bUTk}e?dqfsBuH3WGO2rZ(t z_b5V|i_zA(1sqwp=+!UTZ{_f3n%p>O??1VULrxJb8SW!Kk|X`>?8Gzd#(kA5;z=nX z(xfQJDl$jAP~AW`;->JYa04yZB)TAwWhopZr=|usg^`DPuF^hdZ&AwZ)6W#u1{a#{ z*^d{}H>nvQekaor3cNv4s59ng_f1GPQI>$3xSR-*i90!lRfPxv3HCSI;G(iY7GK8E z46iKbVXbYs2$Pwqbj{-HU!Tb67RQ#)+_#33U;kK&w5nu;Z}@pHh>q59wg~+~_jjz; z^FFDBWS4dRctTlVJzd45qKNdT2d@wGq$a>M`;&C&Xa@IR%d=lU8pozcjR>VqIeq9% zChSt&A6i5y;h}JEynMgPMsOW^aZZ{#OXBbZuY6bYspv7iVT5DO&!`wP+r2zt zy}cg3K?63CLU6v5A;x+kxm7NmnH>^|H?shT20*o8cbLG`mFGQ*BigwIVNzuQwXOjp z;cjs`((1Z9j+$WEdnYUx*TO-NiUV^p-(%ZOyC@F52S;mJwccmRt%ec1154p##;MEC zbPSGdX_ZvvE(J_eT^NT_pO^4)7F9z{E)Hz>JJfI?5Vp~$Q0POW3!S*c2!}?lD}w?J zyQ%0}$fVf$i6&MkNWBnJGYBYH=NP&ErbTIa1ejgPXC4vwF^;exDapL z4DAO#9Hmk1oq~+}mfgH)UKy@|-CB^5y^;OPhBbs$|GiE2i`9uIqXW;TOq7FGU2`j#WCSd?4Yhd+KKMjOD6=Yq7Fq zttH@EBLPplp1ue+Z)YnJx9J=Gm5No%f_bb7? zL|k`nlNQz!>D^bXgFfYoiRBsh-H`=*;80)j^Rocoh@k|MO@e;L+vy)ycG9Um%&L?v$VF5A*KR)^ByrJ00Hx2FlmE=)VeF+tY98py_;1 z_+GBrZQ5S?0M7XYO^P`FxI3~Bj%|F-xM#Q%|0FlYWCz?_!F^HOP@|W(Id1~O}j*Se<~s^q%DARnr}cv zw|lL?3S#;Y!E7PBN{do>lH_!eq3j?idC`I%*Y?z`K7cbdxbMF_(JJ(u>3j_C0Aagh zr~wTk*Y;<7+4Pzn%cvi%8n|*?&-b$1&)&!j!afq9Tw;1Pqda7?gA~TMlRA$u(OJD* z=a^spgGo^Rhg1r;vq{?rK%Yr*(H9BWk08Pg?or&oLW+nk_l;~53$chp=>*GKb#=z; zwLNVN8j7a<9Zom%Wm8h1GNg_1E??<>{XOW$QP`168oz`Osr`RWPUBU}3my}%6Ncc$ z5}asMS=v9h$EfAeNT*3V`Sl+CSs zO=JpOTSR#|Jzs|8u--HFyMCvpSDrJ`^Pzb9^zjoD`N~{_aHPOxv)Kz8q!OneR0_!o zbH!JKyHMGf76ZXmiklxJ?f-OAfoe3dkkM?pxO(S#2JJPi-k67>L2V;bz*csuxZ>5LW@gKP&i(zx=*3Lnm>FaxK@JaCU$nGL)L<^1+LZJLn)dWV+h5$8==AA`_ zUBO0(cbManxMNoCGGXRkjD_#{u#Y1;YMuvn<5d#{E#v_&P$awXzs zSG7I~9R~fGKIszZkq#HE==* z9Fo5{*nUW!7s&#TuyCF*g6DG4YL-1tq@6F}uKgsi%vrAL-Sfx7r8ASnL4eyw3793o z)K~+2k~@h7+!6QTo_Xo+x(^bsPH(-Z{%rJA!4GNJfXxWMPtEL8X-SPl!bAEL_U{#o zpEAq=5EgEW+_&L8Nj?X~7>sBNy&L-{`E$aQuA7%SRX!X0V8i2PVDPCVClwWu1RVz9 zWApnX?J=J|`703sQHJ}pXOTDT5w3x6zV8utMoi^I?_Ny7r*cs+vKk1agAn&Kg*ye0 zJ>~_yy&e#lnJ_lf{DG;%-n;%f=;PxfU3STy^N>gmE;bq#0(73#Ew^;dlILy1DN{l9 zpI`eS2fpy##ihgYEd(+TCa_`lg@wTWZx~5yw0Lj99F)F&Z{!Fye*KnxIp5`NvB9{0 z(|RRFsgLL208j2=N``YO@53P;cgI{J5^zv7_cmw``xR&pstUYai31ixTnHXzVHG*C z=L{G>3F{ki^Ueq|m+^eubUf|;)l6MxWVG=)xtn{z&k!NeXcn%An$^|Sr0zk2u;fV) z!C0Lta!Gc$FjRHmwm8eGYFONoF^bbRY%M99M0q;-0SQANzFi=J{_n3jDKTsoNcZz5 zzOe7GiBE)Ba-chX?sxO?1`!Zm_b= zm!c;CxJoDP%!%%8lxQnNC{iuSB63YcSvp2A~3#kHgc|{EbhA$n&^#755p=KgOhBdNuJ_D*o>VjX2!^K|Cp*pM7`x57-&i4 z0BDVbcfpu^#L@6vEI@V-pWom5r>p(zR!+V9wQ}MJlzGoJBpsHahdRT5T}*%-iZ~!d z)daROgd4n%DZf8gV0-+!|Hb3EocMe8(*~liYuj%QevZjgcF6M_es||=rvQrC+Q*YW z@ho^!@>-{Txae!pk3Ooy5OY{j8vvvtQd{~Az&ccrfOQCd9FEl1d?%Cd_XtR3=FYo6 z?A1TP%IJ1xxIOAP!^QDOT0fgwcb>3_P(_b043FcFmJiodd!9!>ptt>suHTlrwV=?4 zu4*5yB7yA>5&`TF`U4>vbS6&s05)U1WmV+L<||)5NNQAD$p=^5ynV~*M(vQ?aMZ^u z*A&6&^+(n0D3syzYL`5%RSo*ucci#XPBFTM9f!Wl-42|ch7l#ptT3IL2UEM$trqzQCzKxK{92Ohqy zkE+(2s*0{x-#=_Go7?Ygeg14JR5>{KTHw`0<5`cs^^JC${udwcrehmq=RJ3g4{g@& zA1&gA-{{?~H)ip^^+$6lt)>9tSd@u~3jH_)%Ksw9*-^?Ot-rk&y$thcjTV9QTwGrV4?oN0q_;YJ1-owP6QpQ$DKws zhML!8^ug~l)l;MO&JydRnLA%0twkVn|M`G})DS(8ra5)_;VhP+U_a5kG&>qCiO&;qAd;O{myCG~M zirg#W)Ne<}VUSE~tRHf}(-3hztE1iVe`gxU$R@kAQ1OuE*|TR`i)pu)rvo!%BYV8> zAe&t|T}^8IkzE^|Kaop4%iDRAMcLLw`gs1n^uT|Jn!hvgO1qby7I=$(l9ntmraxyO3; zr_ z>(05|n8xb^_l$c^(^@7k9J20#h=}>MpnA+6W@1_<^e0aYly-Q{^Yrahp24oY|4hkG z{kj)W@~xFI`OIH+MkGER@;LtZsKC0iu^%cWCf>{6CTp7{f0hqcI}aFe{VZe{Q24BV zUX(eJ|LK+=GKcU2UypzmkrOb@T=<3S|G`&qLS?KQgJSvG)7qPJkXm{3uEFD}s`Rv1 z9~wQAMUMA>C#sb3BxHEMRH%pk7+Wt@Mn7NbRX=n*qCPxmJ?}quZsS3UctpLr{fDta zbU($leKYgzRfh@ zpcR`q|62Y@>y}_}g^~Q9L*3hl*57%y`oN0w+(@wFT{UgJm0)fu8fA=v$dZm%Bv!___0I;Ax9JPWpzXk_H0*5H?(lnLqllu- zY=P5rw;rfpm1AWf?wRItsA}66v67qtg|Os@E)hy8{OY#tE$Dse!^d4-G-pH5`%0Gy zH{HHV^O?l>5?#*;5SBghlNEpRQ}SHhdjj%o3Z;3 znHX6h_LVv@NLSDq&8c0Y8=q3^@N@fxj7)$M^1gQ4xlK9esb|p{rZbc$>cefKgwcG3 z>l_%)uLq%8;QH5!^Cs@8f%{?*m#ONp%xmMF5~`~4-T8G%rf0S}bGseJ0N&LZLLpth z5jg(jfALY9&+_xF!wC*)3#_ev9@mS6xVeAL32lU+c42V!slw!GVU^?(9MJlR!*PBP z5$qy{;5eAPh89IQsXQn)i^}a>mLA_wWhTc?**z2hM`4_78ljTf6{T~Goov9I`oQ54ZAWP9R zr8fN?x3=##!)aw*sT~gAvV5P9A@BG5uw*3CklV`nhfuoejF6vZ_Ua}Hp*RcyQyi0M zowtTJc&vi2$kP|@F~@rC;h~wR`3l$#jaDs7d(xmx!ww#Gd-Ln4R_LYaSA?JKcY2Bq z{7G-#-Q;sCVl?MC*DJbQ+=*$0a(b2#sG(+4vu70eR}Es=UPXl95}=Cpp6h@cf6d?N zhihy(29B|1+ytNFq=chZ7E*EavzYoyN?2ChFy3Z?N9l~H5ZWSIdC0Dr(3&~CAmay) zEN#!PZ}fFe5N?G}0$69ixsrk6h69Es&m8|-(Hz3 z+P)lOxSW#OG_ZcU5Y@M!I_mb^t8>V$-sGLbZ0TI%qjnRojf~c<)B6jGAG?WmH}fx- zydM1#-Zb9ewl+b^Gz!<^_IJm}GZ7~IS~Q7#cw9*3=#|J5YPUDKu@zxjG>j)IthUE; zJ4)i?{CMY3y&`0@`cl+Ew=Dif^L!i&=Bl@4VPV_aR(#OH@HT`}ph#vI)K*i@jOW;FEx+dS|W*cX6c zE(^d3arJ+|$ubp0f@pQ!!2`dno~keifl?4}EYQ5>xfgG{JlXtY&zcZ?#)u$g;oF2QKHa#=70nwJ{;qSzJ$$^Nb zyIZyOJ5lu}UW%iU)^ZEiGbd^8sb2Fk_|s7Tj?<)4>Q>Vtee&j*t9pfnsgQFvboJ1# zQj|SEgxqw#HMRV3u{jP6uF}5Vm^F6!=pe!V9p>e)AxJ(lwS44q{H(xZp7VXQchka+ zOY>iPdQTiMEn;ilk0EuG=l+Dp@NUhuHE$ilrp!eHt zqIy@c*Abkm{RzA!D!=gK3di#7p~kG7h@%!EbJua+SS$bJuyH$n#^~hwa7ZE}HeJOpiTchJLC$ryl*SG1q8R zSoY#={jpEE^;z=NYGnbnUH!Vr zM>fXk(PH=fEbmYlfzp>8R&|%6`S?H3B=8I8Y8pKCbxXy|qwgk0`c zlTOj*T@k@|%X3X0r7x?v`$~Hy?jzgbB+01Hy*ECAh(bpF8~X+8l)Buy1}Y^+Cg&CB zluBqwokpbCteQttc4BgMmVO_>(istm6O<2cfe~OIsFKuSM+~C@5020sH7#YI)heK? ze24F11I~il_d{qz|It!xt=pO|H_tn5wnSNaHS}ghQ7-Las0adei||$gA?z5H0B2#2 zlPe61>IS@*sZtJ4|Ir`=#Z+m|p}j7;Aiyy#8;Giyv`wRMIr)UltRzp$Cs!JmKv#95 z!tmiiJcJ>+sHg)1%@=_%By*@@X;H@-?*7YF3HZMWTG$kcvO>5^h8sXP2z0b~Rzt4i z_%tehpf7`w#c1c;Z6|2kf2nu+IUlwlV5{ z=QOA#(s^~ooW&^QJ&53Ql*NNl>-(9#9``uD;JNLrrPwU*kd~TV?^Jo;+U*6uo+gQ9 z-Xq-BsR0`t(f@?PmIWN7?w|Ae^gy@}kNd`YqwtVmV05$ovUv}rFnm`K7K$y{b3Us( zuLLp0U*`YBalB(r2$apJ6(+;P4yvyy*tq5$Yks@FmdPZqc2vm8v1Qi~55)fl5 zalZUW_`NHze~PNP3;U;z^Zzt_#XKdJRxbRM=py(KZ*P+7KhyE6C)!!3z^r zjDM9bAcq6DIF1hPAa#YiCgB287-1NEaIs9X;4M$lj}{R8+QoD98Stcqe1J$VrTGQJ zPgzI-3CMg)rh;89F024?G;o77{~9EM8_fEA^P)j{&|vcGkM;niv+$FJRg1s%EOx=l zNWuZ)C-o#4!E|^4!4_EQZ1DbGO0Gi*G7qFhk&3+i12>WbvwXC1$(KNXKK%ILwJ~Qs zB7pVOe~euVQn3`^<0%3NF;IwrA8zCm7_iFKEPf^+7hl8$2s8nUl`Z+}LZ|G(7*f-t(uJg~!At6RL$2_cl>Tv+Nb;MV zB=Fy*Fq0@?-hF`zBkCr$^H3PO=GT490zgB6VGQeEF)!0kT6wE?q;VEHG}p1@0lK=3Uv&MRzKV8)#h?7VxKulkT zyCtRr&tkEdGvGde4bLKW#}>UAInLQW#8B<-_=DneWg2*vQ}#11j4=ilfEQs&85nLb zf5K%d10WT`@@-&pv-Xa|yB9X^pI-A_qf}G~CPESaES-BUSF9VJ=w}eGtZ!TgE*iO$ z%18AUbW8G=4~UBARc5VZ2Mw57+IN;xKR~-bz5Tq#L*Gyxw-Bn5^nxFJiUl6LB7{#) z|Lqx$W8s5aSe&=PhL9wwY>_{(G@Tk1u$ueGhZd#&;q#q~Ap&zmP9ydbAb%2A?y3x4 ze$b3RIl}$gR&Bu~arB})&N%v6bD%z;n!gc%#Vvoz7z$7Y#Mdy>%1Mk<$E>DT7Xc01 z0Rj9L4dV|60{AC-Fl%7PEGhN7fi`}Ie^SYJ0~B^LscF?kICECJcjha+Vu2SWw#B~; zEQ&3>D3iOKH*q51MWNO;XT>#=&T4Q(E`Uq;pT*DWD`8>VV@Sy0q5n^d`63Mq>Wt{Q zO_A?bG`Na?tp4P%@B=kN6Uh9D{8y0(4XhewHo|`~v?ffs<{s ze(*A;R+6GI8H{}nV>}7K*YE~_o@1_;f$ke@d&=E;Lf`su;rqpwEgE9!qv~9lWTfSQ zAW3oZP{3qCzIHIHk7xZ8UU!(xz<+oI6#P3G;=WBQC!~Z?(NThLOYTUe-V`|Bz zZFwQ>anLr4ePJ>JHoClE$lVPifLjT=1q{ruDjR0Ri*)fj(;}koR=;0744JEaZI5Xf z$SlPJm|+8$Nfb%2mgtZMgECrDO2EOsLC(r)C~N&)YvJKLpXDBQfrPE1RKk;tQsfO3 z%~&V1czAkc^au!^e8hLa_#vrGVSaeNz-!`1UM~YC-4YjPL*NWY*?ga#3Bx+VqV|p6 zp(p9uFKaP?sH#lWN_eE=*kGi%mx1y006*OKN%kZ<4slOv+`!kbDLifyP`v1!dG=bV z@=Yu**je9$AzmpAhMS5)Yy&^X_C)eB11upZnoMm!IpV)X9bl7t6b*p9-L+Fq1l@ZySe%U!OD- zQkQ}XfOQKJ^PT`xaiup{xLc$MH_6Kv84?{*#J=bfDkXpI?^B76J}@lHFRv7!arx;~ z`^x&`rbEH;GY-wv^`9#O&lW74su`Hp=zgWS$`}}=+(fx^W_qj%mM_x!lA8B0n?Cpq z&_cjO@+W{G4u7lYWDuB<;Jg_~t!c=TyuXrTAY{^}LXqbYvj|4+{!qmpgO? zTu%22M02l#4*~pm$jl^{r7LP|5D+>PYoGqr;U$M0MPL=ox3~da%(49O=HSCY)J=on zN^&L-&|+93e_qxS6;rOo1Lf&7^3lVN4G_!jT^hTHJURmUo7-%cNh%4k|46!T;<`(v z0)upwL>7%tOl008ewPOGrc#sSW@p3)vz!}n02zy@%;v+t^HCha!U+KGfG;c}f|v!C z6Y=}hN*AkH5&5rm+|Eq#wD%H2h*ECo>022CBe-~7#km!Rs9plPL)FyOkW=>ftK0!I!0U}l{=c}PEy z4REA>Sg1EJ{Q8+zmD6W?*iZER=&5>JsTo(eXee>73+b2sV=;gVZmJY+N}(wXM3a7x zz$ihcZczq|65{=)4FdTaGVN@#b!9x0M|Mw2L2}J4@G+4E7sijBv-q+s2Og=r5+M&B z&}TZcAgmkglIUL`VoH(&8WDV#rXRS`D$5SzDk}HRX|0lFX%2@g|AbEFV9ugtK2qOe z_lfSmkv%MW=zo)aSZyVFKPmOOwKRt%&i{Sk{^z=J!`A99iMrpZf{QJ!3tKv7pl;SUQUS1^VF3EZ;N|Lm7aOw2P(RH`_ezI*8tEc|zpN8a;)8hG# zp-4UrzCTKjU)ij;DAyTeyxjF1n;)jtd;G$<7dQmnJ7vG`U=A#vLTjeg7Lt8gykMHa z^)AN=F|;7tBqd712&P6-39m|M2OlTUem>A2eQr+n0PHh;B*E(~vrg^rAE$5$mo4rp zBvkOQWqNBW=#=s#*Yo*77c)!LBSf`{s5+?(M$OyaiWXc+j7b~ozfSuWfr`FD(W$a@ zl?HgM$^_7h!y%stE}hx~&`TG8j{hrs;60TVx((2qt(5CMCc!gXX$O3soe|D#E;eaV z5;g2gWt_CmObnJRpT$G68UZ8?)|vZXecfBvwyFo`UyF>GouyOjLOvhLTlL2Xoud5G z5oxFG<)CMND_r334S+TKPsp(e>>1^75Y?YMu%^DQ4Xw8b<$P$;QY!( z6hWbqu7JB&PZf^k)85&)%d78>ei~-S16WwzP5N~a{NDir`xi+1nB&X^Ud_$TC4^%f zC6;at^d@DQHuG>gN;acu@kdK|E!1AyC6b!T>ZT5w{MTtLP4$iv>xNX z6|`W&9Du~kryG=SGod}tF9(|KJJ-P#oWNWETgw02N}84WrFS?Yp|QjYy=?wFI29dX z_#F2q5hw`nO`ln!9zN=9T7)sMHFfx?)8g;QhueKA)0*40wLj#j{$C8&|8BS9D;EbQ z!Bs)wEvI|mqB!@53;u4Hb#>F4v)oBc8f68IKy@l+HhSuzM^lTceMb`|TLM*Z<4^=! zb{8FNp|6qy`()4b*WudUczE=F>W$5x=2^V`iO06I z5m0GKAOqoDRP!VO%kuHpFW^IgHXcU-ZR~z_;Z>{=s1Mon{}2G02LwL>*ca4Gm2^q_ zA>V$Gx+r^MCIzA+lM4V%T_yh}Y6T=`EDlE#BD^!55j3gxwV%vr$Zc-*Jo*o|mCad3 zE%l`FQIyb)d$9$rnc+U4`hdwPFtZ|oeMJC12oFF=aG|^n*I?znDGQr#BPwO{o>FCj z&IoMT*#^aX{^?)0-wgl{zh&pA*)V(idudnu0P0fafGnjs%MKj}lK@=4(|U>Pg6~NN zl4HGOD}oTu!UFaa*IySOf(5sd%Z9;iBjQM#Qo6!DxJJuj^`8l|VWhTX>VEhkcN_Kf zEy2HDWp09#WOsvsykf=qt^$Xg1l9nE?$^_cn4`lEl*1VQ*m`T)`-?LEeZGu;x?Kwm z;eY%wnD=__Y`)X)&q0<^VaT^bXOQWAJ`mT)f|3kCPXJ46`}r!^U5vnyBfSZ{Te;hM zTiN{G_T>Ijrtm_4_ve>e5P3CGFp5d%YN8~K{?^i8|E>KYNzalp?e>iE=9T!nx~4B& z{E%a6R46qdpg?yq#_-6pD0viZ-{0F~L_Oa;ILNI3+P42Ryy4shu}@BTf|{&Hw$h4# z5fKEYvMT^p19n6#AS`2`ZBc;5{@^y3`O4PYOvU=Qrc3$kNPW77NNxCA;!bEpSQ(Qu{?WYUZ_h1!2oFAXB)13?d#ZxDzVLlC#q z!7`G=3W?1id7+S38wM53S=2t`->cZRb=!VTxmHzb);VPCq>=BDsx@uYM${SMOC98P zox?vp$Ks2aixMw_2@e!|Wj3IHj$d8%hJKO?ua93%*4!mdHr^cyie|t_g+*ZlSAmcM zeo0&E;1@{7B#8s1z$c;UjJ{9`rz#5fy7WR8kH~?CG5O_c^J+`v?r*p#!75{+vqIxL zBQ}0%n-3VpxMiQb!qi1selbN?@qsALkt8VzwEQ9kz(*B)cwMpsq5>;D-AP1E$_Vg- zPu>Dv7CGDc@~2JO;JuMZFL|a@yr9!e@2vAR?#ZJZKjehIwNfF+XeoY#1?4)y80{ww zw0bCYU1PeE{(DADSb8T`A@!VAxw4dOHK3CIKchy-Scd@BpH^RQWKyc#?65#r%MBIT zVcT^PcpeqCHATp?>gLs|0DNRSs@woVRQn`d8{)hyxH?$^MHA9)Pp?$lZQ>m6bTZL% zofOH`NZMa7CGCs=KHLwERtdmH=ATm2;Q(LA;3KOmd*OQb_1Q3fO+`A8jjgGu!gKq~ z>#mpWB~K4+Geci)Pb4NTLFDS@iV@&bcimEGUJ@m|X21qg=&tnHJ|8MtQFO15_Al?a z{`TEe2}5pkDVuwK^d#_{Y*f5N@Y3lifRG~p1;f<K!?v!jv*ZrPt4KdOd zc+nk^3`d}Wh z#q_>yk2|gJY(zL3@__Od8!I_nm9T#iO_c%~+Ds<5zp5haRjwp#^j9bgx(arCNk|ZQ z;=K)i0(&kc1`tZ$iMk4k`KaM-{#_9f5tuBzD)hzPoaM`%1!k1m627(N%~Bgx*3+wI zfCnbE!#makyBFHG*%Wic4@~TA5+d5u|Jx>^|D(;jz+topD->=T!&abr*WRVfgr%(f z>5=~f?5^045|qzoVaJGfY{8Z$v=tm1-8S07`V@g84WzsTN8&*s5-$$=J3<4DG+23h zaymXg%ZnI!s!IcnKQ>+{xWcNl^R!0;9X!weF%`l$XL(@q9`MF=W`bb-Y{;!aMuyG^ ztY0US%&U45I8Ib$z~BY~cL_&<0AvW_|39%M1E`3kM%>VBrUO5cXw|M>1c$hAaOl$u zsC;oLuzJ#vU*r%mF!RVuLmWzI`Gn^ZvIBCei92CeFYybPD6Xb)7A3ir`i$6`&d4al zb1#>6q332g{g4$sX7S{*Z(jas85pi>lnuRK5jP$cqmg?M@E)ug9SI}o#{xIwF+G;= z127i^9?u05=XsRS_<~9ooQ{qf2H^rJ$ljMl^DcM;Xne3yke81JUyVz3_IoQM^qrlJ{ca%84FGKnG&Fiqj*xR9oejs}Ja|MJK&{q&@ zR5u4!Uc>pr0?>UbYUA$@Tc{7e5T8@bB)!S<$Xv*1GeZh3@76t9O@JvmjPl@A+#>WR z9Iy~-ZItgp*kb_`Rh+B*_i^d6fPZ2jzVMsOFHEde3pqGY1AZfKu04CYAaUsZ{dPeF zG`*XcB9d`#X0;0G1=MwPv>mt@T-7Pl*B)x@O{v#z z4jFahBbaHYWibG8PZc8wV%;&xK)HIEI=qAA0KIPya%;yRFZ3)fbPy0&=`N)17Cjls z0C!)2&n5^bF9Qa79mu3Qf{Sq$=7li7GrcC08;h9193r6l=pvhLfS2#WRR5)kIjTUI zJIVZ@R6QyaOqrpx1dMT!WVphpNkNCp*gB;au#80cws?Ff;8Z&aLCE~~#Rx6Xeo-K- z5!<0KV7NMod9kpiLG(f#e2G8O{4il|dt??_{ql2|0Co)_OUW)Bcfg7^^uN3c_-1}v zKyhQ42U7d^z{wNGn}qg~t!q;g1(eErro}UQQwoJ$slkpI2$f{x4@jQtvN)3acRN*n zmD+*y;->(R3v_JY=fI_V8UqHN^8p^XCI9g8{LB1LH{FtVsY-JaiUgnWx= zZ$TF35h0Cv#;>e5%3IZg#cE|NDqpBFVkp2i8`ua(fX)yu$Oce}FF2@pLD~@HKVvpL zoTiy(Cmnh28qP$&XVo`zOwnY|(8#iE9vF@twN|)sBg%xA@$X6}WsG}+S&J|i-heJA zkFDu*ozFtu_7;BWdeOEfz{+XC`LFDl9FR9QqXf#S6K!qO4BLsg2YG(!pTgzUQwC=q z&$tVdoA(%eN(d|WODBJN33VW5;0XAkx)^JgDK)?sLi z)E&ympo7Wm3fSU6Hlyb4CG(!?vyU$kFJNnOaY&8%=R?X1Q()BMwjjv} zr%pgBA(8qwPysuzr=)cH@fjpuaml`kN-4dF2dHXU^PB`cpil^y8Z6xq}HvOA<%fU17Hb$db5I` z9_+9wm~cVE`SK7rCrjp9yfH-S<}T>{Mf0XUpvKIQV3w0r)>Z&|_rTB}ElP1f9%Nwj z|2gb%o%F6GdJ|tnlv81x-mphnqEmy8#1i&o7_0)&m)|jo#5Z_oRp@Q`VEJn6F&#F| zy7%K^t!?8EY7636)jP-a`T6;oSWvP*`n!@vxZgIWc4WT|v>FKD(r8k8{CF?YhU~g+ z=7BsY_Rd#`kKu!?2O4Ja%}cq-z&7HG`dCaEIi6PvfCfF-(^8T#(*m z0EXI9M#VcXE}s2Y(h;|WQ=9`_W-=KsnQZVV8wv_I{X~^FY6_N4)3rY_DDHW19_Fr5 z`%*i(bq962F+a7yH9*BPCU)N7l`$?-tK-|KsR>EU3XkBhubUhOtVfh@g@vquNubL({n0pdk6&;_1X3$qUIx+5;1L5&LoTgyqo zFPGr@dfoMLhP^@ zoA;TU>ioFx=2GZJGGTj+j56)2`?ar|Q7892e3jDp)z3(aDr28Z%?L-p-vU` zHxaanj>wvJefY2&E5KY3e7t26SedSwOP_Bm0@U$FxAhySO%v{_RIp@v2|rSCcxuo# z5_pY<`!+ERH~Zppsgm@*j`W9XlI34YTS_;|IRRHy_OYMtd2{l6~js>Y3lTYGMO$*tl zjZb%Riga=f)FeR)cvJORZU6&@g5}r2PddYQLNjm$7cLoVW=iU^zLqgJuz5uPr_D=J zGO@m2sFaY+7}#&EYiwY)6Si{|T6NiOt>$^0=_R^Y(_*PUkjRxtdfSU(Eh(&NNMxVW zb16BH@aD9^1E@+V^{(<{#WdZZp}W_s)}0!EEuB~o0qE( z-ZAmnPCLpAaosHYlsz043Gd-(oLGBNsQV5y@e3(03(fF4 z!_xh?sruhE5?X(_MtG;~c}tqdchAwy7~<#OnXa!LMjTjU3X{?vxQ9eIyL~FL&793& zpDL6f@r2;)l;AY6xo!t6dj)=&#FXJanmh;JKhV6QkHE8jpuS!>sIc3HMx(CpGPiCJsw!?= zd9_kzH1S3K#vWY0Z}MWzKZ@Ud9ILqZw=j{51Ev&RWpw?=ay1LKHivB2q_bgy{Gn!l zpkp2cF8(Iw(*GNJOLii7?d62^)|ats{+t+4bXo9VAABcGjOl98fQQoGkHZ102mAOa z(Mvb(JC)W1dMyM)D+^vGPkwtV_U<+3o8L8Oxhc`pBjMCP$}Z^sAmNf*v+!#oP7p3K zeuIYbng9A#XK&q>#Fz3)OsBexCd7V4j#w78+MqN;;)cPwQ{E>MuZoU@@4GeY+fo(M ziewx0j7G@UZ}Uvikc|CQ9vt|hp1ShNxlPx8s;DfK&ej^TmVY;SeVu3*ooxEc^4_%m z^j7z_bALnh;v+J5tpb($ZSEMv3?=Z>{6Ik{AFQG%`b@vE*-KJl+Pe0ItT6Wg^YQ2o2$~sKQyO8` zSm}95KdYK^mWKWn_G7v@hk1`}*Yp%_UDxPqGEjSFMd*f;&e)1-EI5ACPrfh8)_S&~ zvbz7gy~VxlJ_4MJt1+8U-5M&{ShMI|I60}kCzR`ZXG1w5bht&T9e;J%!(`N%kzj>2 zfo~~+<4OF)fbL2-O@Gs4a$}tJa|50!)0dK>3+#kmXV>1#AR}oXy2YK<0{0xU4{8n9 zppBr7t>C1#db2}5cP%8lc9wqazOjOkHcqkXTo`v3dZ@rJoi-Sf+x_Zd;Si*3V=HM# zE^8LBf}mjLdblBEo(1Z) zPg;aA;a(ij#%^{~!T7gGy!HB*o~w`0eH%`ohDln?q4tKa*^PHkot98Hxp`+m<~tii zTloHDPIGWU4f9KFq{HL%rv;+yTiYrA8sKKWtlZ;>+``gJ+Ce%_T5l;0Ut4zE*y>`j zblV%Q2u%zo^L^t4*Altd$oontZpxI8HZ6 zH<`MIzeXPQ_GPBX#b$qI{#H`8JrKa8!Pchn<-2!JdMSzf^XJc(lCNZr)aH!m6Fez7 z65hQrndo8SDSI6UayZEH>WZCcKdm@#IlWCIcpyo$wMo)g4fRmkFjnurxY-3N&)s}1 z(%vDYUfzszM5_7|hWd+Zff5-h%KNd?K`@TpyMOEM$5FOdL?teG>OW~XJ;KS|m}yg- z8dsmX4V`oIx24hZJlwA4wkZvvJvME#WGTKi1da$X!Rp z)Aj~yrwkqJNhUu$oSSx&TBZlu=YwG zC?Q>7uRn4bIy-t-c$K!+6S=tzCoU6}jDh8$_ecN!Ny$M+mPC^yah1ASWiNdM9LAnN;N zzyF7?w+^eS>(<5vQBr9Er8^V^L?i@6I;BGa=?1Ay2rLi~sZFPZ(j|>j0@96iN{7If zl&;@gJm-DSd%p91zdxSq@_Ka7HP@IU?>WZ3sQ5bk?c3!+wzThdVV|N#Z(0rQF84^8 zZ0z)S{HoT?9D1xFoH-%*h`TQXBh>6q#FxbZAHxZP4@79G6zLdAmNszkyHmBae_`J- zuH3#JSzNV(V>y$b=)EygHzC^9*WkLo$YRy(As3+Ld~Y^en>6P8W}NjhAamzgI9GON zZua57*)3+tzx>Ht3Ym?5C$@NlR5z(voE9+P^NgjMz&g9sh z!{nf60(>-uTQ{a8qoocWPqKcR$FHOJGtWyOuYkWvBTu)wQ5Q@hLV3L7MK#-2=MxPE zZji&($#=0QsHpz+9fdKd$wrCh z5`XB{huRsyHQ-Nv7G&Db3H)_ioyzs$!9*<6t~fU5w#*jBlq|JsT~f>GOqHJ*%=y`U zAhQNliiG84x~zT*5pMjCpPY=JTG~^lT-PD(d@XQoX0I-4Q!3GFy__H0EJBpklBLnD zWf{3saWiLmK;x@=XfdlsfkvOz4(e@neDR%lP&u zG|;I`n_Ni6g5AY^y{qL4!*+fS zXHMT2<%ncPW}&fr+8~wR?h(WLpICtyW0R60dbrwSUExdtc6IJiKhQ8b=@1-&dUjZC z)@eM3ib#E+Y=&NIW_X|RKDscke?UkZCp`$kWCGDy0G8Nfdi}nHSYghg$t(msw2hC$ z3Db800$NH>U)y|d=4ES|Y@o?#9OH!7qvz}DAEGbF9_>+MXeLYhnBRPNg=8&i^q1QK zeO7@xwa;!)@9+86{IcnN7x?I9E#@NaCv1|~%0&z`3Vy+Gn3clf{DwwYJB`#e@>yVAh}yuj$Lv5STUZwQiBNqh%OJUhBvE>V$n$5^mvz-PG0X zojAZZM4$3pqYna~&1}32D!Rh?^<@>B)Y`J~W&T`MeL?=*d`T!JtM+zxU(DINaC@KO zjJ4yoyF-g-M(x?YdjN=WOzkfjr-Y3*kRb!UUMK;06d3r=LTj4?(6-p?(c2S(%wqdT z1OPq<)4}mX&Ue+>av=RgX9zhbIz~I2Mj1QY-!{bar(~jqivF)1lm; z#?JfPtN>RaAcuh!xHlLyZ=o3m2N85=SqJtAqSLE_Q9Bl`#!gZvPjRKW@rx$prFnaK z8RM~x-5q7Q6YL4^qlAmZ&=i^P#{CyqLI;0wH6;UKNi-+wz>55z%wHNbP}CieQ}|S$02MCsDydax8a~^#{Tkk ziVF;YQoWSAx?s5rP%M8c$=Ay3JQML{y%kkBkD(X6M>kaqRG-VQzJB9M%o^?R0@=P? zAM^niJ(9r9*)Dz4j?tLq0YiD?@I_PKKXe=)T7*v~;okmRDeq)e=m7MV``U~MhTbAU z7w@xi6%5TkNsJKF1-Z^c(xF<(Ux-1T&na0>51+tS$uF>kx%st{v9-ok5(U{IW0q~u zl@L%kf=fh<1~J_J`mqa!;8L@=w2jjsS0 z8W1y;k%q5{7^eLrfm)A&lnLDY5F)HJ^K*WH;WLU|tq-9o5h??K^Pwccr=f)R?KsC^ zt|Z5rN3$*DF}jr#8sGLnS2iQ=%krYuY4g%sL9C&C;b4{17y9Y@2wgp`+d62Tp1 z3?*5!B^a5(O3O2bTLHLR`Dkit<)s>%jGMwMjg6?--O&33E9WP5-L5o zw$~09Oh&S4)o{ax|CKecP#Wfx^du|w7RTS%$i742fF(rdNoNUW&?EwUl*cX82)GK` z@Zy;Diek@SjxG1CE{&HO3YS0}#p_bKde0}+wPIQ)Cbe!Xi27gzXPV_#s zzN$;64?P$fV_v(UYz+>^%@DzEQW}or{j3Os(9FojtEpAVE1klY99Q9U0dtqEASueo zk@&bYtS31-{cL<*AGBhQ!yCyXqhaZc4wUojdzvZdw^HUgOlzBd;u@yZF?F$Ey_8`(MTkHxyv9X=afWN`&jsHBNn9b$ zVDMT2*2%?czZ2m~T;01@r?>Ra)owCdpEhN6>g9)ALVpUF^d=r^J zmSA80%AXzrGLf$?y3>{;1;v!pHJbRz)z;;xsWQzFf&7j#BFJeNS~quLD+NP#o-|Ls zU^XF#gx`NRgNu0`MhZ;0e=Yz(-+=mw9+gR{6d8X~e}C3%UoTZn(0P-#xc)R4K$&p? zv+vRaHR*@)MYTEs6p0Ti6I^dV73<9&0_mooR{jTvNC@TXvNxA}SQ6jT=NuXc$GX1h z?!C&{m`(}|^v6v9zYGA?e4x)nBf6bs(?%phstu{=WgDjhCiEgrC|TgZLj3)GFW7Gm z82DOpJ#2G&@78r$-&!=uCwn1xR@ykJ@rQCY3uzp%>*2KDR`|NoEm#l=j*X6HaMc@o zSyo=Y+>1XG;gK^IZTsaSS?mv<&5xzrd);ROd&^;~voRC$$~a1`6d7g6K1;VE zVZLp)>Mw_19O0ym-?7e95T&M5=IszUA!G)i0u+~>7r^Cm{&W65E;=qUacg#+b#%fd zq_64}@^&ignTRPoRWWW~8z7tpbW5%$u^Obxz}7&2Cm1mJhYkn!Y5=tg<_M-FZwVk( z1#Q|oUzhmTy!7mkS5}L&eo)-neLr2{9j$O?6D2%w=@1kW5`9@ODh@MXAZbK7FYD&h zc8{FGgJKBQMix2GxAGQq0MrPPE`4U9iLoTk?&K2Xians3>MYp$&MqBJ8QZ?)CC*v9 z&U5V86YqgE*GCobTEua^cG6$8 zJHxWIj!OBzP>LKsw3)5ZE2^7gr{FWqOrD*GJkNEcJl>}+t_ayjwNM2;TUA@+04nR- z9974qGYT&MRM#=g>_glmS?`j7?zn6opiy~I_-8E^ZaLmRAhBI!U z!jBa(uhYK1j_wy{(v_M)@7siA2Q8^7Zz%^|L1po%Kt(R~&zqWDF&(fUJo$#O6~NOV%R*3bkuJT49Gd&#r`vJwFCN8j73Qu&7f;aXS#UZ=HKcX7FN#D>x>(5r zs7$_JoR(l1mmLyp1F?2S>d<41X%J z_xGBRxG7yx;vnrziFi10H7H|q6%YM6P+$Q10a0Ik6Y>>B=QzdA1ypno`8td8iSu(62jgkH-jv0Gj&kkTmQuc}?8dFvD{@<6OaWoeR9Drr~ zXM1bW=8^KT<+5j<3diN;bEp9z0Eygd9Ek$%*)VU-)bz%M{@`Iij_JUeq$G~ehGucU zkaxC!zN^7otzv0xAu7)L7u25X&z`0lIS!@p%T5kdi2u?3?&&fv-D&hz%Lsv`t^C?u z^=qh(i@0*8L<+M;_YG2);nh}bp>y!W2lpyU$}Rr% zL+;W!)K%xt1ai(N2J1BTJjJ`~wpKbnkdU!u>a!|zR7q3K0Nv!(3iu57@lhMM33wGsq*d$nHzI)?F@Tr z9|1Gegr7p+esQJL>e0V^Z1-RoDgtCubf|5uYv|9gJgZl#&Y}_+baWVKO zAZ0>f1PhKm3Mb~e)N^tAM0Z8l_k|T$ES(4}vL`-1@ib!YGC~xe=KoJ34z59Puk~Lb zs2?7cfI9GJgLOM*3TJZf8=k%jd3*>>k4tlI%_!Q{o<2T5_8&0ls+-tbItR=&CA@&` z=H$1kLsMU}X*tt;1x8Bg5V$vUUq8;t+_ZFAnhihb7s7dbFjRVSqyYd#|HL%t6{B%> z*y!WrC*I7kJU1Ql^GWTz?EoOJUEpE`7v(SnE8ZQTse)(qJyCi~XL=a*)3#p%H zeG)%px_)GNQWa0+X1C^2?%YuN7BFmJO9xD3mH9P2xIp>5Bx4qDBtc)78EyN%=26(S zEZ1!r+r4qQ-|!Awi2b=VsltKjdhVp4m(bE3!-L&f4Yg#Wp=WMpC3(gVyB*<*nUb3r zE@D0;|4U+`^ANa{G5;?v4lE%n;aHu$v91P_4r#wE%kJ#5lm3z2IV$|Mo>-x++UFuP zI{}_gm#y7T7wKw771KU$jRZt!a4)>^r_zX)9w|=b^NJHb-FD&u2>VIz%Q2T~{Wb-f zFV_3hF1Ge6I{bk5V;^x-SVU}v>ry4|qE3CY7TUjbuKf>wkBxrNo-m&(0ZBCiVdH#8OldS@-ww>6f`BP9DuexRo2L$056@ z!*ATXwU`WIjZ_#nxdhoaqLoKS^9-u%k~Onl%`5=6w#y_)Fh8;(7t}e(1gx((sT9*2 zFEuqE!Sxv3zv?lThG@56?%vb^L67qLl)~h&pBY%&se^RT@}|iCJCT#6T9{izSYS>z zh=VLAoR>|dRjXLawDW8=Wd5W|&7nytdc_=OMJocin^*yw~=M-$H*& z^DsR`XyG&oDh{Ty*RFkrEA;jd6?>1fR)tJNlg~$;dy$)F`Hp;%W=7JTboJ9ldDB0+ z-?Wc8nWTOp4!_ilJE`ok8Lk$ST1$+yffBS@op1?|3Eg2w<=)S3Lg7@*qJ3jh@E04# z_N?T5Uayeg>3(^}e^Mgfk_RJ@z+bt9My04V?C?y9xnYSdPenv(+y(7qrC} z#Q=(V04R&LLo&0op@ z2b7&1LWpJKbR4FFBthT!_{*Xi0e!$@07hapN#Mhz`R6bjyYW8>XQtr20Fy+TUbegb zDNtAge7*A}>AeG}I53G{EcBh6v+Pp!;=Do%dblW-JDy-^mUMSRT2!bLBgNIk&!B_? zgQs8!b-46CnALkjhQ=l8vm0UdYMgETC4prdQe(CxLmJuTKR}#0cDc_U5otV<910i_ zo9stN;vf6ORU8LpGDl&D zed5oe#*byg*Vb)y*LgYNN>_<)j@V6{(Am>^7g&1E(a47sVP5jjQZ!c`i!X&c1;P1^ z5pC~YXT`T{1p@}Ug7e;J??z_8cu71x=uJUm0e?BG0kNELsDE@f!-^&OGc5&@PP;wU z4N&R7lKn?kq+F;3iogG2!DuYPs5^5VDH7ps=1isN`P4zK1Yh#7c-;C3R_rJI=W$p< zsi#fluK`fxh^~K8Yb7vEuGGl;9B-c2MFDQb%sxs4oq;}L7GN>xTG#W*PV)ca%<#YS z=;q6jQ00!diZwsz{u!q^xO(J4Ur?i1Dh1p?+z$7K?rzT+59H|+xSXSxYMi! zv_1hPBKVgWZXX330WJ?foB+hI{!lBxl(Qeta6Y~CYBtRDwy6LC$dS&Rq ze2&)ezrSmJpxM{Y>lf=xG1Uie#eC~EJUi)o`EM~#W5Gt6px6l1v)9ZrX9qa@X#NtW zB=FCP6(@VHT8C)=z4LAB=U3wz0sm}0@J2tL9dy8H%@GWA?*l%pR<~*AmN8#Y4}xB& zZPHf2>CtF-B}l^}obFet6irQ%#_@1z*iG5x2%dfT@2zZ}N|l3wX3#JJ6ohXS^(8sY z{3hU(_?m*Pt#91k7t($;gsepWLe=U?=c^%`WjZh!TJah(qJ^J(3A2mzy#VlTinpmo zD{)Cho6^qE5KIgUr2pa(8oZ?=BpkgSegw$Rgv1|i>VCX~?dzHnX+Bv1>}sGigFDWF zN)XP$OWShy0_I-dahOW0ap=lhv2A6W7^HtSB?rEa;X##bt(p$1h7!3!jELTNQm+Bz7Mhg%{=Ogd$Z0yjYm88F)$=!rUPj!%p~nwXp4)wKgxOIdQ&yqPv^r!+KD zE`veSU`wmwIR@9V7_&JeSdglD)+>S+eL+ zXBW=CwBq3S4uiq*LFfYvB@Cvih0}YbnQ2d6TMR}q$#uKCq(%F8QDynZJbENmAxMXk z2yu2^eKsD%X>V4J5ApZKdR{xY|X|J84OL3(j!)B=r*|C>rbZm^9(pK z*rtHia?%n6l|;v>Jp4liS0vlkz9ozA?%k00@lnKHS~BULTyiKgyu=Xj@C-LGUFBM! z$)8wd`WwA60zklJNg*d-4+-7T1If=D0aMXi)%ec(7~8nPT#8vSD-A1)HA*~~9*33$ zLJ#j#9PVv;8l1)BqTZ%7x6FkKT_2EiDA3TeD6D20yT8G9)YN8 z`KTey&L4lnRBKEG@?NZ{3q(fKN%OdNT~stM3fN{Pcl3QZyweqM#mlKJ2@JoWgQtiX zHhlAuBH3N7h445Y3zcsv6$%#S(7$(ruH4hxTZ0W|)(Z<3Me&=IIKy7!Tb^z>oXQUryP{RvC09Z4s+npHyKT(>}36{0!H;38TPoR ziVJcYQ4Ho}$*ZAM-7Vum(I zw13!kq<{TTpz_`_sWRxSwy_s*ssmqDj$(*q7aDRa1o*qnGurc(XAg$YyxfqKaLy_iwQx$(Obv1Kyg>j!kC-HbBgXOgNpg8@h(RjLn$7WOnibhI+M|`F&3xAHmjbb z*`Q*j^+fB^TW|NtMB;ArlFT*=OodMczALx|1{x~g>bxR^0L|>~E{YCbHTe8ss`4Sf8q0k8rr=9yJ@ybx*gPIO z6C%?8nws6kstOiEW|}c}?PlWtE#>I!9FQ)$t5qw-C~dO$BQYwWMuta;GJ<);KEiCo ze#pK85=<`D&_q#ic3N^Q#qd-vR~*S_nfB^C3ZH%`oH$Ih5jcvyB5BA>o_D1IHz87HGm)>6yrU}W9aGUh!K-4E#3Ltep#~d)~1)EF7C#f z_T#Ve`K>-1Sl8R{jFlN3sITpeiyhmJnm~C|nOVuMBVlDWqbBERC)J|?THSvuWotyG zOX(fMtOXfRRbb!)16_sT)B4((mj&{yZc!jl`)g`){C44R{!h(8p2Lp(@0YQE0#{|j z)O6)D@_#K`tWXOi)GHCOyF^K8T(SW-x;r$h+&Pm0{bqQ1nd=^2kvpRHl`?^?0ow9@ zIjBqtf^-r~A}a~pzWpLS>>hSYT^o|f45zziZTQSXr^L=Ga+(k^O&(W>jo!xyUU9v( zU3Pcr^WY~Z{JgCN}W_Q>UG!i>H|yy&{7ZC%t9Ib6RD>mI=dx%amZ;G0?=k%Twq3A#rC1Bo_%- zm*qN%va;;5kb_?jj8(adia0-=wQssEziGR}M#q$?kmtsxlOEHD+M((eALst%jz@kI zkn=ozJus{RD`NYDrar)B3Zp+?aYLU5z0K4Ovx57dB5b+^Bbk`wV~6d<=YVoHvHUN1 zANo&*-)d=<^Z&s2m5%J*xZnfLuZ?eg)~E`Q4^78Ot7Fr#Zb60|)85*pile?VPWM6^ z;fIp!?R;@v4!4%XPCWFCb5_{Q<(k>GWcSr{WhQsL%GMem>3lp3NbZn}R%Keu)IGj4 zm_O>JTC>Ck?Y>-~J(qgmLWj~`m%7OXCOB@>EtsNn7nB-TmN?NK`@9;?R}-223c8f1 zT_CRN^_qg<{bSIrDpMY(xC|NuNGBh&am&^ud*z+&9BvVjk!hh41}q+W54%x_TD`NG zi8vMPf_wc~Foo%E^;>8!{f+-tE3WT-%4A7qQVv%IlgC`G%x-b{t`HIz1NWBHKbc44bqq(xGRC#vG$*VY z9;46BzZTTQ3U7#mknjf0Ij8C1vCgQbU?&0erln^8{Mj0nRid=7EMR zdrTfjjz+!uUG-{Jx%klN{Zp2%wsYdW^*?~ziZ;TgPQo8>C}9rWXCeUfjQI%Umg<5M zYcao;eGiUiNKS5s_P>~|BcnxQnR`EWARAmeLW6jhy19v$D?b-^RepQ*l5u*Y<`oyd zutUSEnRCZ>!2b%}KYzZ78jvqOo<3OZdS7{O$?q9W$Hmh1-DTHm7a^S5o;!$}4UZ&v zkXhY6{FvHzTR`qmOF&-1sCGa}icNx0FI_4`*)%sPmEX-;nz)@KFPmo=pJgN+3hseg zu!M)i8znJfsxsCW;XEjCkYD!uQQu(II$u<5G#i9D#2>t5B9BmdpJ`$jzf_?S<-PDJ zhC@S=y)~sM+;k*wTuCnee$JGg$V0t`lULu_x&d5S#i~tNMFI%R1aCzv(!t{ROd@&v zm7bxOI3XhY;-O^Hd4|qRgxv3h$A&dMr+b*^wS-&YpslDOuCVa_nzIhen$Wi8@tcl7 zXm_BNMjp__!UF2Nkur&C`wets_l>)6=V2~)a~sHcF1xue%r?HQU;0-wL3p>RmO*xV z>ftY8it_>Ti5klS=c-IU;fYJ^JdK<<_?8YI6Jmwg_d(an2n8Q}g>necc4vyc9rGx} zBgLB8aXo6!1vEAds3s;CFP%%|SbVhb6+^uKgyc!Xi~+l5egb~%`qX79TA9hYk!?uL z@bql&k&&;V>&n8km;E#D zKGG^K_GgL_*(7V<8FqE9;eHbPEs3rDEE0)M&zd{z^MRfS5)2N$@hnsOg~|_B+D{SJ z*m2O`z59#&JJWoaT$|XtY1VCnK)9M6rd&4DM5Vl3aqaWw-SgOd%U?A6VQtGhG?-tj zk*vI4!dLvpw(0_b`uBqT_T!6+-{yFmPqn=+{_g$KxD=M59mKW(_YOJgs1J=!$LkuV zaVU?Y{Beg@@1gz1-ie(z%S0py`lr6muM9G=g`^QQ%>le*4r|Fyk{@rA5W06QcgMpY zE?nwJxn8}uEFKixO1~@U=cUraVcxX4yFOWI{lwdl_c6^e-lcqbXO=nZQL3qPK?5nlQP+ktBz6v&DC)0b+f&idw!-ffoZP2!xs^8u-yk z5D7E`aopyB zOTRhTeU@BRax1XEs5NpAnqP=rq-J<-*xsMHy!M{xQ;9LF62godo$helfd$nORd^Yj zi>54J6k0fb{I+@4VkDC<>QWa;+^#$~9Hb`aCIGq3eIi1v^A&}po_jPou#Fx--)f(3 z4SWq}-&tuEpvliq9UfMnR$J3&n)yIb=Fw`U@!bjao4Zcv;_2D>*lYryJ+lKz>eW&x84i*j-c zxP^pNz8X#7t$lUb)07d)8x(M!Be3gm@yp+I-!8?BiC9z|x7@M773QDQ8CebabwdC0 zz{U;yO>9ZI$CQ25#rus|f_naaEQk}@)so*8VR58C{yT-8lCr5HV1^KRfijb?4#(I?y>*jBK%)PF}*qOShUxg;Jqo2zg7OmDLmwI#w^77&}_L1sK z$u(8DEL=A2#~hFQ`3*1ws0{p%+#h1U7{_MTJFqoFH{2W7x#)kz!ijwOv6k2&lmr2p zxDS_j7qc2lBaj}vJBmH0M)gEuOTVWx)NUHK54k6m?42Hrbhvvdjnq#q{(7VQ>+Qhj zmv8Gtcf5L%d2r49lQp_)g5%kX{HeJ0Hm5Suh@9o(*g)&(l*q)LoywQ5SHGqx*_i0l zrz=3NHAM1D1Us@V89d9~Pf|F#znM%xab`>R>BF()a919@7~|+}q6|nGXl|R^ZIwR= zPBF|dkos~`sh(CQVY{C{JFuL{N&eHx$BL^xt>99kHttX9&YXch_{2ebkAYX;g9Hp9 zmWE5c7tfb^9jN4%d-E<3!qeD7s-GF&cj{&#-8TLf+n&xc;RyW*O>j9ug2EcI(IDj( zK#2LL3=`iH=R~=^J&xSa? zc7HT_UP`?bffRa;=j#Fp z)GWEf;})y?zN=(f7}l0B$Tug6Iyams)OpCoar#<~Y`u_gdZbJ*ZJ1;0DfDgcdu7*y z!g20B{xm0CLElo2KBK)zXZw^vcc=8>FagwJ4UP~pRnRdiBlo!>%kTNJo@;6%Z^4{uuusBUD3vq2x*1w~eN>Y(YzqgI&N9HhRAUZOJkw?|lFWt=5KzY~Rvaj}{&=T7D%`XaA)tOTm!#^zEHW z_OZ5jQE%VYS+2Hs?zlTMC|8Xek?MDrJ0hv{JP;~Q#0(aB+k}SZLp5Ou!q#PKH@n=p z8ji{)Neeu_tXDZM<77kid>ScS8ltL+kIuiZB^