From 50dda1e3120d2729fb84d1ecbffd78c375e795b9 Mon Sep 17 00:00:00 2001 From: Tom Morelly Date: Tue, 14 Nov 2023 16:40:29 +0100 Subject: [PATCH] feat(boundary): add boundary lab --- .github/workflows/bootstrap.yml | 11 +- .terraform.lock.hcl | 20 ++ Makefile | 8 +- README.md | 6 +- boundary-config/files/vault-boundary-k8s.hcl | 27 +++ boundary-config/terraform/main.tf | 174 ++++++++++++++++++ boundary-config/terraform/variables.tf | 3 + boundary-config/terraform/version.tf | 22 +++ boundary/files/config.hcl | 69 +++++++ boundary/files/vault-policy.hcl | 7 + boundary/terraform/boundary.tf | 61 ++++++ boundary/terraform/postgres.tf | 87 +++++++++ boundary/terraform/vault.tf | 29 +++ boundary/terraform/version.tf | 18 ++ docs/assets/boundary_arch.png | Bin 0 -> 88392 bytes docs/assets/boundary_k8s.png | Bin 0 -> 72612 bytes docs/boundary.md | 68 +++++++ docs/home.md | 5 + docs/kms.md | 12 +- docs/troubleshooting.md | 25 +++ k8s-minikube/terraform/kubernetes.tf | 25 --- k8s-minikube/terraform/variables.tf | 3 - k8s-minikube/terraform/vault.tf | 26 --- main.tf | 43 ++++- mkdocs.yml | 5 +- output.tf | 2 +- terraform.tfvars | 9 +- tests/e2e.tftest.hcl | 41 ++++- variables.tf | 8 +- .../files/encryption_provider_config.yml | 0 .../files/kube-api-server.yml | 0 .../files/trousseau.yml | 0 .../files/vault-policy.hcl | 0 .../templates/trousseau-config.yml.tmpl | 0 vault-k8s/terraform/kms.tf | 61 ++++++ .../terraform/{main.tf => kubernetes_auth.tf} | 5 +- vault-k8s/terraform/kubernetes_secret.tf | 77 ++++++++ vault-k8s/terraform/variables.tf | 4 + vault-k8s/terraform/version.tf | 4 + version.tf | 48 +++-- 40 files changed, 910 insertions(+), 103 deletions(-) create mode 100644 boundary-config/files/vault-boundary-k8s.hcl create mode 100644 boundary-config/terraform/main.tf create mode 100644 boundary-config/terraform/variables.tf create mode 100644 boundary-config/terraform/version.tf create mode 100644 boundary/files/config.hcl create mode 100644 boundary/files/vault-policy.hcl create mode 100644 boundary/terraform/boundary.tf create mode 100644 boundary/terraform/postgres.tf create mode 100644 boundary/terraform/vault.tf create mode 100644 boundary/terraform/version.tf create mode 100644 docs/assets/boundary_arch.png create mode 100644 docs/assets/boundary_k8s.png create mode 100644 docs/boundary.md create mode 100644 docs/troubleshooting.md delete mode 100644 k8s-minikube/terraform/kubernetes.tf delete mode 100644 k8s-minikube/terraform/variables.tf delete mode 100644 k8s-minikube/terraform/vault.tf rename {k8s-minikube => vault-k8s}/files/encryption_provider_config.yml (100%) rename {k8s-minikube => vault-k8s}/files/kube-api-server.yml (100%) rename {k8s-minikube => vault-k8s}/files/trousseau.yml (100%) rename {k8s-minikube => vault-k8s}/files/vault-policy.hcl (100%) rename {k8s-minikube => vault-k8s}/templates/trousseau-config.yml.tmpl (100%) create mode 100644 vault-k8s/terraform/kms.tf rename vault-k8s/terraform/{main.tf => kubernetes_auth.tf} (92%) create mode 100644 vault-k8s/terraform/kubernetes_secret.tf diff --git a/.github/workflows/bootstrap.yml b/.github/workflows/bootstrap.yml index e57f438..4002f52 100644 --- a/.github/workflows/bootstrap.yml +++ b/.github/workflows/bootstrap.yml @@ -6,15 +6,8 @@ on: jobs: bootstrap: runs-on: ubuntu-latest - steps: - uses: hashicorp/setup-terraform@v3 - - uses: actions/checkout@v4 - - - uses: nick-fields/retry@v2 - with: - timeout_minutes: 10 - max_attempts: 3 - shell: bash - command: make bootstrap + - run: make bootstrap + - run: make teardown diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 4790096..1b68806 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -32,6 +32,26 @@ provider "registry.terraform.io/gavinbunney/kubectl" { ] } +provider "registry.terraform.io/hashicorp/boundary" { + version = "1.1.13" + constraints = "1.1.13" + hashes = [ + "h1:aAuYsLXB+MiLGHW4krsOD9K0MHoc+1OPGJOEokETBxA=", + "zh:3197dbcf6e78908dab24cce7ed9982d378d91ad1ab003ccc819ba2a41d0f0837", + "zh:4af8fd2efd24d23777324c2ef13ce9a008eb4c616ceb71e7574f486cf098da35", + "zh:5fd9dd22b5b45e6d5961aea698fa6b69951d27f3f4c29fb1906df7be0720c53e", + "zh:63ecc78590ca9825abcccf8cf4cb474a06f94ae8f34ee6d1e9f723aab6577cee", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:84431995b5c765aaf6673407bf1209e3938fc19960eccbb41e7838579433182d", + "zh:bb0e148845c87dde168a7d6873be5ed3472d692bb4c1d07c286f5cb6eb5101cb", + "zh:c7bfee2e0bf02d33ba1fcddae012206ef5eb2bc3507543a9bbbdad0e3a66ec47", + "zh:d27d7e1d5895fe74370ae50e1c88beaa1de5b7e5c4bc9751d9c0c7121a61a3ac", + "zh:d7596b58460f4d90c59de6e47559dad11df64834346cf08f5e2d67f2e8a7a295", + "zh:e11440c92db44f62067a7e556df5bfb783eb361841ecef5d6fc8c1fbb83f6d44", + "zh:ea118a0d4c9db95e13b430978ca625dae295ea8f64d9a6a042f53633bd8bc6a3", + ] +} + provider "registry.terraform.io/hashicorp/helm" { version = "2.12.1" constraints = "2.12.1" diff --git a/Makefile b/Makefile index de705d7..fce60a0 100644 --- a/Makefile +++ b/Makefile @@ -12,8 +12,9 @@ fmt: ## fmt .PHONY: bootstrap bootstrap: deps ## boostrap cluster - source .envrc + source .envrc terraform init + terraform apply -target=module.boundary -auto-approve terraform apply -auto-approve .PHONY: teardown @@ -36,8 +37,9 @@ cleanup: ## cleanup docker rm $(shell docker ps -aq) || true docker network rm vault || true - rm terraform.tfstate || true - rm terraform.tfstate.backup || true + minikube delete || true + + rm terraform.tfstate terraform.tfstate.backup || true .PHONY: new-lab new-lab: ## creates a new lab directory diff --git a/README.md b/README.md index 9371865..6ce93c0 100644 --- a/README.md +++ b/README.md @@ -26,10 +26,14 @@ Please refer to the [documentation](https://falcosuessgott.github.io/hashicorp-v * [x] [Vault Agent Injector](https://falcosuessgott.github.io/hashicorp-vault-playground/vai/) * [x] [CSI Driver](https://falcosuessgott.github.io/hashicorp-vault-playground/csi/) * [x] [Certmanager](https://falcosuessgott.github.io/hashicorp-vault-playground/cm/) +* [x] [Kubernetes Secret Method](https://falcosuessgott.github.io/hashicorp-vault-playground/boundary/) ### MySQL Dynamic DB Credentials * [x] [MySQL dynamic DB Credentials](https://falcosuessgott.github.io/hashicorp-vault-playground/databases/) +### Boundary +* [x] [Kubernetes Control Plane Access](https://falcosuessgott.github.io/hashicorp-vault-playground/boundary/) +* [ ] SSH Access + ### ToDos * [ ] Prometheus & Grafana + Vault Metrics -* [ ] Boundary & (kubectl acccess, SSH) diff --git a/boundary-config/files/vault-boundary-k8s.hcl b/boundary-config/files/vault-boundary-k8s.hcl new file mode 100644 index 0000000..7d63eb1 --- /dev/null +++ b/boundary-config/files/vault-boundary-k8s.hcl @@ -0,0 +1,27 @@ +path "auth/token/lookup-self" { + capabilities = ["read"] +} + +path "auth/token/renew-self" { + capabilities = ["update"] +} + +path "auth/token/revoke-self" { + capabilities = ["update"] +} + +path "sys/leases/renew" { + capabilities = ["update"] +} + +path "sys/leases/revoke" { + capabilities = ["update"] +} + +path "sys/capabilities-self" { + capabilities = ["update"] +} + +path "minikube/creds/minikube" { + capabilities = ["update"] +} diff --git a/boundary-config/terraform/main.tf b/boundary-config/terraform/main.tf new file mode 100644 index 0000000..4a14052 --- /dev/null +++ b/boundary-config/terraform/main.tf @@ -0,0 +1,174 @@ +# The global scope is the outermost scope. There is always a single global scope and it cannot be deleted. The global scope can directly contain: users, groups, auth methods, and organizations. +resource "boundary_scope" "org" { + scope_id = "global" + name = "playground" + description = "Vault Playground" + + auto_create_admin_role = false + auto_create_default_role = false +} + +# A project is a type of scope used to organize resources such as targets and host catalogs. +resource "boundary_scope" "project" { + name = "minikube" + description = "Local Minikube Cluster" + scope_id = boundary_scope.org.id + auto_create_admin_role = false + auto_create_default_role = false +} + +# Auth methods allow users to authenticate within a scope. +resource "boundary_auth_method" "password" { + name = "basic" + description = "Password auth method" + type = "password" + scope_id = boundary_scope.org.id +} + +resource "boundary_account_password" "admin" { + name = "admin" + description = "Local Admininistrator Account" + login_name = "admin" + password = "password" + auth_method_id = boundary_auth_method.password.id +} + +# Users are entities authorized to access Boundary. Users may be assigned to roles as principals, thus receiving role grants. +resource "boundary_user" "admin" { + name = boundary_account_password.admin.name + account_ids = [boundary_account_password.admin.id] + scope_id = boundary_scope.org.id +} + +# Roles are collections of capability grants and the principals (users and groups) assigned to them. +resource "boundary_role" "global_anon_listing" { + name = "Global Anon Listing" + scope_id = boundary_scope.org.id + grant_strings = [ + "ids=*;type=auth-method;actions=list,authenticate", + "ids=*;type=scope;actions=list,no-op", + "ids={{.Account.Id}};actions=read,change-password" + ] + principal_ids = ["u_anon"] +} + +# Roles are collections of capability grants and the principals (users and groups) assigned to them. +resource "boundary_role" "org_anon_listing" { + name = "Org Anon Listing" + scope_id = boundary_scope.org.id + grant_strings = [ + "ids=*;type=auth-method;actions=list,authenticate", + "type=scope;actions=list", + "ids={{.Account.Id}};actions=read,change-password" + ] + principal_ids = ["u_anon"] +} + +# Roles are collections of capability grants and the principals (users and groups) assigned to them. +resource "boundary_role" "org_admin" { + name = "Org Admin" + scope_id = "global" + grant_scope_id = boundary_scope.org.id + grant_strings = [ + "ids=*;type=*;actions=*" + ] + principal_ids = [boundary_user.admin.id] +} + +# Roles are collections of capability grants and the principals (users and groups) assigned to them. +resource "boundary_role" "project_admin" { + name = "Project Admin" + scope_id = boundary_scope.org.id + grant_scope_id = boundary_scope.project.id + grant_strings = [ + "ids=*;type=*;actions=*" + ] + principal_ids = [boundary_user.admin.id] +} + +resource "vault_policy" "boundary" { + name = "boundary-minikube" + + policy = file("${path.module}/../files/vault-boundary-k8s.hcl") +} + +resource "vault_token" "boundary" { + policies = [vault_policy.boundary.name] + + renewable = true + no_parent = true + period = "24h" +} + +# A credential store is a collection of credentials and credential libraries. +resource "boundary_credential_store_vault" "this" { + name = "Vault" + description = "Local HashiCorp Vault Cluster" + address = "https://host.docker.internal:443" + token = vault_token.boundary.client_token + scope_id = boundary_scope.project.id + + ca_cert = try(file("${path.root}/vault-tls/output/ca.crt"), null) +} + +# A credential library is a resource that provides credentials. +resource "boundary_credential_library_vault" "this" { + name = "minikube" + description = "Credentials for Minikube Cluster" + credential_store_id = boundary_credential_store_vault.this.id + path = "minikube/creds/minikube" + + http_method = "POST" + http_request_body = jsonencode({ + kubernetes_namespace = "default" + }) +} + +# A host catalog is a collection of hosts and host sets. +resource "boundary_host_catalog_static" "this" { + name = "Minikube" + description = "Minikube Cluster Controlplane" + scope_id = boundary_scope.project.id +} + +# A host is a resource that may be accessed by a Boundary target. +resource "boundary_host_static" "minikube" { + name = "minikube" + description = "Minikube API" + address = var.minikube_ip + + host_catalog_id = boundary_host_catalog_static.this.id +} + +# A host set is a collection of hosts within a host catalog. +resource "boundary_host_set_static" "this" { + host_catalog_id = boundary_host_catalog_static.this.id + host_ids = [boundary_host_static.minikube.id] + +} +# A target is a logical collection of host sets which may be used to initiate sessions. +resource "boundary_target" "this" { + name = "minikube" + description = "Minikube Target" + type = "tcp" + default_port = "443" + + scope_id = boundary_scope.project.id + + host_source_ids = [boundary_host_set_static.this.id] + brokered_credential_source_ids = [boundary_credential_library_vault.this.id] +} + +resource "boundary_role" "minikube" { + name = "minikube" + description = "Minikube Role" + scope_id = boundary_scope.org.id + + grant_scope_id = boundary_scope.project.id + grant_strings = [ + "ids=*;type=target;actions=list,no-op", + "ids=${boundary_target.this.id};actions=authorize-session" + ] + + principal_ids = [boundary_user.admin.id] +} diff --git a/boundary-config/terraform/variables.tf b/boundary-config/terraform/variables.tf new file mode 100644 index 0000000..e5bcf4d --- /dev/null +++ b/boundary-config/terraform/variables.tf @@ -0,0 +1,3 @@ +variable "minikube_ip" { + type = string +} diff --git a/boundary-config/terraform/version.tf b/boundary-config/terraform/version.tf new file mode 100644 index 0000000..30dc18b --- /dev/null +++ b/boundary-config/terraform/version.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">= 1.6.0" + + required_providers { + vault = { + source = "hashicorp/vault" + version = "3.24.0" + } + docker = { + source = "kreuzwerker/docker" + version = "3.0.2" + } + boundary = { + source = "hashicorp/boundary" + version = "1.1.13" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.25.2" + } + } +} diff --git a/boundary/files/config.hcl b/boundary/files/config.hcl new file mode 100644 index 0000000..a91f76f --- /dev/null +++ b/boundary/files/config.hcl @@ -0,0 +1,69 @@ +# Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html +disable_mlock = true + +# Controller configuration block +controller { + name = "default" + description = "Boundary Default Controller" + + database { + url = "postgresql://postgres:postgres@postgres:5432/postgres?sslmode=disable" + max_open_connections = 5 + } +} + +worker { + name = "localhost worker" + description = "boundary localhost worker" + public_addr = "127.0.0.1" +} + +listener "tcp" { + # Should be the address of the NIC that the controller server will be reached on + address = "0.0.0.0" + purpose = "api" + tls_disable = true +} + +listener "tcp" { + # Should be the IP of the NIC that the worker will connect on + address = "boundary" + purpose = "cluster" + tls_disable = true +} + +listener "tcp" { + address = "boundary" + purpose = "proxy" + tls_disable = true +} + +# Root KMS configuration block: this is the root key for Boundary +kms "transit" { + purpose = "root" + address = "https://host.docker.internal:443" + disable_renewal = "false" + key_name = "boundary_root" + mount_path = "boundary/" + tls_ca_cert = "/opt/tls/ca.crt" +} + +# Recovery KMS block: configures the recovery key for Boundary +kms "transit" { + purpose = "recovery" + address = "https://host.docker.internal:443" + disable_renewal = "false" + key_name = "boundary_recovery" + mount_path = "boundary/" + tls_ca_cert = "/opt/tls/ca.crt" +} + +# Worker authorization KMS +kms "transit" { + purpose = "worker-auth" + address = "https://host.docker.internal:443" + disable_renewal = "false" + key_name = "boundary_worker" + mount_path = "boundary/" + tls_ca_cert = "/opt/tls/ca.crt" +} diff --git a/boundary/files/vault-policy.hcl b/boundary/files/vault-policy.hcl new file mode 100644 index 0000000..b55f0a1 --- /dev/null +++ b/boundary/files/vault-policy.hcl @@ -0,0 +1,7 @@ +path "boundary/encrypt/boundary_*" { + capabilities = [ "create", "update" ] +} + +path "boundary/decrypt/boundary_*" { + capabilities = [ "create", "update" ] +} diff --git a/boundary/terraform/boundary.tf b/boundary/terraform/boundary.tf new file mode 100644 index 0000000..348321c --- /dev/null +++ b/boundary/terraform/boundary.tf @@ -0,0 +1,61 @@ +resource "docker_container" "boundary" { + name = "boundary" + image = "hashicorp/boundary:0.15" + + env = [ + "VAULT_TOKEN=${vault_token.this.client_token}" + ] + + capabilities { + add = [ + "IPC_LOCK", + ] + } + + ports { + internal = 9200 + external = 9200 + ip = "0.0.0.0" + } + + ports { + internal = 9201 + external = 9201 + ip = "0.0.0.0" + } + + ports { + internal = 9202 + external = 9202 + ip = "0.0.0.0" + } + + volumes { + host_path = abspath("${path.root}/vault-tls/output") + container_path = "/opt/tls/" + read_only = true + } + + volumes { + host_path = abspath("${path.module}/../files/config.hcl") + container_path = "/boundary/config.hcl" + read_only = true + } + + command = ["server", "-config", "/boundary/config.hcl"] + + host { + host = "host.docker.internal" + ip = "host-gateway" + } + + networks_advanced { + name = data.docker_network.vault.name + } + + lifecycle { + ignore_changes = all + } + + depends_on = [terraform_data.wait_for] +} diff --git a/boundary/terraform/postgres.tf b/boundary/terraform/postgres.tf new file mode 100644 index 0000000..db10070 --- /dev/null +++ b/boundary/terraform/postgres.tf @@ -0,0 +1,87 @@ +data "docker_network" "vault" { + name = "vault" +} + +resource "docker_container" "postgres" { + name = "postgres" + image = "postgres:12.17" + + env = [ + "POSTGRES_PASSWORD=postgres", + "POSTGRES_USER=postgres", + ] + + volumes { + host_path = abspath("${path.root}/vault-tls/output") + container_path = "/opt/tls/" + read_only = true + } + + networks_advanced { + name = data.docker_network.vault.name + } + + lifecycle { + ignore_changes = all + } +} + +# improve this, so that the container is not created every apply +resource "docker_container" "db_init" { + name = "boundary_db_init" + image = "hashicorp/boundary:0.15" + + env = [ + "BOUNDARY_POSTGRES_URL=postgresql://postgres:postgres@${docker_container.postgres.name}:5432/postgres?sslmode=disable", + "VAULT_TOKEN=${vault_token.this.client_token}" + ] + + capabilities { + add = [ + "IPC_LOCK", + ] + } + + volumes { + host_path = abspath("${path.root}/vault-tls/output") + container_path = "/opt/tls/" + read_only = true + } + + volumes { + host_path = abspath("${path.module}/../files/config.hcl") + container_path = "/boundary/config.hcl" + read_only = true + } + + command = ["database", "init", + "-skip-auth-method-creation", "-skip-host-resources-creation", + "-skip-scopes-creation", "-skip-target-creation", + "-config", "/boundary/config.hcl" + ] + + # allow vault access localhost + host { + host = "host.docker.internal" + ip = "host-gateway" + } + + networks_advanced { + name = data.docker_network.vault.name + } + + lifecycle { + ignore_changes = all + } +} + +resource "terraform_data" "wait_for" { + provisioner "local-exec" { + command = <QLw7gQAl(g8(kUR_ARsNBlG4&$0uq9Nq;xkTBHeN5l&)v{yWao1 zKgb21bKg5=X3wm(CQ4mZ9s`vW6#{`^yi$qj5az94s5QjjhA+Kblw7s$q z+U(rPhdkK5p1YQ{sn0^O5m6GTQG%3?zrG*&^yX8&i$f#bg5!Sd)?ut4TSv|Kr0w`@ z>VSkLRmTmD6YN#$K&sfF}j72!*Jm(V%$`r1KwY7VZk!YOzNESoDF(KMc3XmzaW zNJD|HZHA}_ji#*DZ_Nf@G6UBo-tQS}g&nDJ7ZPqxgxfn}xkQY{WMi60oIdzD{B<4TTW4Y;O07a>WrJ%a z%w=l}J4)-jE1=hEMN3I!lCi}gN1&`S?hEl``o;UAdM%PbYKbL&Zp8Q*5&3{iBHeB0 zFJk2LmkDbR`?RCeSE1gBBV066RqMWCDN)lkjs`OxGrb7%;{C*rh*-AD_(bQ#(FxCE z+~Pd&8A43kN4>cUM-JipzT_y!{M3-tCa?JH?Xd+r4>k`0GAwlj%SUB@@+11Wj|3J3pjHw&e?LxlL zV1-IVU|E%LYD78ire;Eh&Mn@etA_W+&caL)xpLbx%Ta+Lgz6Ib=bNt6np05Cv1ym#AIjv4Yvu>)O{oA;1-4=tk3wH zEKTLl15=hbs|L27QPc>s6V{nlEy%r3g5DZ!hbhN@i8G9h4)!{Kxi2;6$JUFgfpf#J zTO|7BU__+@d%bzn0Cyy;wq}35z)*a1V?q>h^N`>?`2$sJ<4~2S6v3w#0mJ)x7iSGW zeXY(5e?}TBc=c(qXHpDw(df@c&OU{$h2TaIW)Zh);95=5a7;yRdWFL?_3lYG;tT~3 zhy|F#;ZOv_hmBjbVvN~p5GCM8V`JmgP@kW-w|TBD`O;hv?8$x)11hIPd;KT zIA`jVZX{@7thV${$;#JK;2j@Op6U&V++Ot`>c>j8vdd)fRW?GCXE$P;dR{{H&D3b` z7kX6-D?Y`%Zu?ovR*6)>U_$BLna4sy*nGEL;f7$`hF)sQkY%U@b&hH@vjsy^a5j38 zy-ZBKU>zc)pIAJO-m*@A?XK(7t8q6w{Zzeo{R<}*OmiM&7HnB#((fc|+0c*)K8q#| zt&*Zzu;r+t(Z}VY=Ni-xS=X5tph`Tions@N^2%~tSg%vhNwu=7({!-!J--q% z=!nX~Ta2~kML#JP%ls^GT&P`vx5IOM@w<^45+x-*!fR2)nDj~-+K%7xvEW$-!`m0i zh+Xd|kIaL*7&<3rooB@o5X{k)N~gM)aqsb$3>Fz8PHEuuC@T5FBe?rD%aW`16^w;* zkRT5Bn?a^=tBk183Cwho=~89dip1oFOQ-xA_RYl!#9Y!g+$7^dzrr8>aH7*ZqZ5dd zhCi`qNb1s2b;xlS{<<&xha!WaQtdNxRww;kh}|r*%rWjhB>P;Og?^-6U8Zos^zh_G zAr|$+?AsWwya~pZ?{=BBl$~**#RV8|7x)|SQ`tNTezQQ6J*7%*DL$+4M(l*@**n1N ze>r7zABmbM^o&|K(Oql9Bh^DhiVT+%wt`2@k^Z`-R_JNQ=l#x@QISy0WHH=F@-Nd| zF5WGwl}Y-p9x07XBmpK~+=l7Iz-w$VDk_|Egk3rzYB;^;$*)zWzL~6&0g`*2whyhNlAKox!KvhxIR8URYpIoK^)TeJYH_|IyL9dQlZ05N=i!OFo_%3@G{WV z)eQ{nsM^mgx%m6nu*Dq(g5Hy!o7?Wbt4W(Exo|X|BLcoDn=?H%<#u^6r_7KvW?foZ z%3;`)pjfOPpDpN8*w{$q@#m{SW0i3mDkP=`jA$Z`Lg5kXx(F;PN=nLp7I!c_JPI_) zh=~Q?AL#LC$tqp_-JR0X(u$IyO;Pl4cSpy-D7YmfC+{tH8Q(a)zBz}vd{L#twVB90 z+~0rMuA-`Xd2vDWfQN_2sFsUgv|D2_fP{o}a(;4h0w$<_6BiRhF67!fUQkqIVQr06 ze?DEIdv|;5{Fwy2(*Kq>6K85_>hSPz&VdklFo{tO6ANo%boBGoZhL!smVnbbwxE!Z zH(1}$&@1xq^9u{lavGgh+TS0N;_?Uy%`GpBb8&I;@c}<&H*DhM;tGDEu7OI4C@X<^Y`}`w7s~v@Ob~e&^j+SSKMPS`O7?5R780A&u>lM z=iA_*Ce`ow0wc*W1s8hlhWQzP!5fba!7($W|-{=f}^(^8vlt z@5a^BQ=rzz%jhDNTN{|P+&g78H7a3u=z!6H3%g0X zsF+x6suVb8U0tHf?}>?tbv6?vQ@a@%8D(W7@`hUMfjNr^3xC@@J$3nv2Vol#_B>j=z7~AHF+M(Cp<7MM z6(zGioWiQ-%AJ9qgAHLfZuNS&^-zZmx{z`T3(rqYeX!OSrIc{p zgzho*&jNdjh=`~uez(}sy*Mor{(%Wr;*Q{F$#{Fk&$syt`!*1;X-3g0hrB1wh)34>*4k3 z1~Bex1z?O$P8@Gr7aE<4hU?kvt*y6jFZQEk;4!Yi!ZEP0ibB^N1tqexvs-~-zaLj- za04qjAPY?}Xna?2V35iO&SH5v&Z&lN|7XEVJ&J_}-~(cuoTiy2Rr@brzSONYmfhz` zR9I~FcC)sY`$i-YIg7=Wy0&Q(u%UTRXHa;ids8SqS#Y05|11p}wcq`c+Ama0Oe{m0 zfiQY)#*~v7Goo&;(k`<=orxH|5OU|&u0R(uWtcZX6y5jJ(KOSVjSvkHKC@)E<>>0J zXp*VDn^(mTafuOp9vdncXF(jka*P!w{l&S)*)S3d>BFS$Z`e7GGq(YG3p9 zYeMiO6dZJykLxaQo{+Dd*=Z$`YewdHD8pbpKURVXzh z-WfxU=n>DuLjI=CgpU~k7o%2F-je8=vmiD!pRtp73{0$t)7@xbKSX2Anb1wipg_S56Hf!?!|RplIU@#da`E zj?-gfxP9RYnXB4wVbY(u7#>!1fH#^+l7Q@i84 z%DEHJ6tq-r*i^pJ*C#1Q8*ko`9aPq~QXpe_<%bwXv=j=Ce1QT(CfUVLlr*+5)O9@3 z4xIBw2wC#4;o)It!5FdOL-jmBM8*jOxXH3u_QV!L`6a}>Cpzv)YYCIOlB{gNhmZ|lXPjn2xj5@TAoo=HS+nR$)PbzI?h zE;tw;TGSnf4%VA>vV`N99~SM8sDPedXUPu=xctUqf=*1?_PQLyH1fQlvNdh|xcGqSOpgtc1;kQAgv- zoJ5UowmNp9$Ks{G0BYsN%z8Kz9G2{hwNf-g2S1jjOxKdt9Yi_P1>&vQK8e zE{SgVCr^7#j-u-DTlvsmA};5r=l8!%Eu=0oiWG?Kb7$*ijjEMQG~9#?g-s9VD9Vs) zDDq^)I4*2#Y}nqJpCFuJZ|i(BW@lz2O7_>+G<9=x!c5##ImdD$g{pux2I{_!d#Pal=%i{EjFq2)Zu8k*ZVezt--q*e^1G{ z02@Bik%r-W$n>n_nW*8P1sO#Koyh6+YVuQNlYzWV8aZX5l9Cc|oeMZElcOUg(%~!! zt3_ysZ=XrerO`vZBh7yW=*18ck;cNZkp<;&rJbwPm(I8kk|tHu+H{-p)}!U zW-E~{stqq%d+tRO>L;WRMp_eIFwUfR72A5&d;4!)w%c2VGNeUhkp>Qfh?= zX*Ysb%PYN#Jbj*5pdBw*eb6J$Ka+Fi+IS%obx@l8m9W}>m)0&J~* zkjeKvJUpOgu>VupRnNec36)K2eCz5475Caw(9erTv@%JhHnh0hohl_GB?Y;i)EQ9- zuj^p^pf&0!UmtZI`S3I8@d=u6)--y!Upw?2BL-eH1e_iIyRrqomK-G`L4?-W3Q4Zs z2^(${#8s<# z9n~8uPE?+l#yK~Jbt6of=$8;e=_fCQb7Uhj?l$3XPZyB#LW91EKFsD*wT_EThkQuP5GGZ;}>hs2%L%us~k};#JB}W zk=I;5*_;4qfHo4}57QAe;OL7S8I+{$pfT`s^%=Xnv^l zkhI|*G2}Bp?Zxfs$Fp@z{6C-1WVx1ztZ-4*8E4RQm0W_uP_G`}usNlUw4S`K`$-nI z-Bz8lU3jm-;2QSDBNlnRg_CtF&v0z5@Mf(N`Iz|Ng-nBg^T5_FZ4VzhM?ws8VJurG zBg=X3#T-4~GUI))qm zntpiAtJJ7up}d*)t6$lTwA}kg_DNe0)Aj2#Pn(&dgY%jRn;0X^e+!Wx>>d|dKgx!) z<}0)xN{Jx6Ch?R%CFg9_9NFsY*-q_|WKaKJPTpE+~-J zQ{bFAJ=fcXPeZU+6L4crm!hna*%+?K;I5EDm2N+s`Q8*5so!W!!W(D}!fDYhLq!%3Z#UkDY<})a!P~D8?H0UA%I9mr9p$E z(^AWHMe9cRmBr~~vm(czkTVC|D)o)O z-0#sxE6{0bXwWdc=l*zss`17c@AZ2#pQQ{=B+(&t*XVoy}`wK$$r@u@bFJAc_ z`>tfAr++CcyQ%27tpHUY$VO){oZ4>~81mHUa93`|J!Aqs2)!udU|@s#>Sc^ zsGWw;)-GM^p?N=shW1b1%gSvZYREF$O;5uzB7Up>Uc#H`lf&}N+8JK+!+q2a8L_f;HNpw)MjS_W63doy;) zCew4luj$T&yWB9|6xXt=hqOr!_6v_*D7IMd8AlYe7A?Q+6UC(XbX9Wa`4tqgjo-hE zUi{Vq)89tpX#F`kX-3>1&CxzPGvf&=ew8f#9Du$2_~EuB@Xo9ZM!Ko-20O z#}P1jd=(!be>_)L+S1ZeUw;8I4zJ%ocXoDwr}?hjEti*<%YS*BNMqnYTSliqLr4dE zB9u5aw5Dp#URSJenEAA5?YtI4B$U#bl$Eqes1u#VZFjn=6GLsamnc9t6sSZ{C5VAI zMxU6{+*RzL??no=7UEQ?D=3i4Ryyjw-?tELOmU{4oh!xwcLS*)Y{=5p&(CixlaEQ_ z92Vf4Ow=rncF1hgPbd)C+sEno-532K4GV*#I&_VxZvKamh#ZoqCQ~TCSdzw#$*NHE1R2ikeK**EG(?2qvOY;PulMb5`3RkO{0#jDzbNN zZ{POgH|q_GB9n`%&$z0H*H~EmdFdkintGiFm-Ep@J5I+Vap;?|1il?ZG zrQ7|B#g#M3(41Lx8$skVR6ERYGl*E9GnqbV$W#|6wPi+g)2&CMl}Ts0im8%qNZZTZ zdECa@T3AE`l*4+0)NUHRo;VZCnB7~e-L#Iz0e-9Ie2~bm>s2CKi%hO$U*Dw+!wEuI zPbT1;A;if2K`y4`f(C={sT6nPC`82n7GUY<>VgHWw0NLFtgWpBPKg2&-2#plg;b^j zj;{ia5vZ;^fB(kM)lVC9Idw)K$5&mbw|Hv&-VG|bk2wQo2yo!&F zeIYJS32}uL2n8|bcV9?RZs2@T!;UZ12_>NK7+h%Ex(f@V;RxTJb{bijkZnUuOHef% z8zIHTV7SqDGDxP|)c?4Hu05PePgPDwEsgd~jUj0WV3k9boXjPx^PiNQ2{ch}o%tkh zIFztKQgL$C6jLdf{MHhgXip*oy zbtX@@GXPl8%{CE);cXJi~zHG1(RukI`CxUMhKUABT*?0z(NQx@hFl#W!lWo!>QdW2ij!M9W|c|Dn zwak8$)%0$pO2eFVF~Zl;TYF^GO(^Evx>@{SF!^TvSJYnjK=UYpp5|X5=Mg~fc+tyDq7bFga#j-<&NH@ zB*1bK>Owbh;3*OK-pC9V4#OzR;Ggj?psG#m=@exncn0A*msqn0Uf34|<5=q(x|-oC z2D@QqV~+=)>fl!e?y*8rVT3pqLoO%)28sz($tky&g3Ub zSm4bz_^);bgSw)mgyDFcSTD%Gc{Zs^9}US`mkJWZ6UTUr5P=1S$#iZT%4E6gCwObK| zWzUjtO>(CYg0zqzxx;u}=L>lLHS{1nX~7Li=4mGO9amFHD4hAIvdL`QotOdXU^s>l zCCc5|vWd|Ybn~^f&}^y|F%k@2gd4)S4PopQDnPWnbd5V0Kqj#XFA4nnoQg&giX5xy zbi(LjM3W2A7#G@*nQ|D(%+9W?ET^N(OE(q3b~52)!d4A}m}Re3Fq1lWqC^-THpwwL zQ*Rm*Fwtitcz4dcK&&!;F(GXfy~@53pyMUC$uihb+Z36pMIPU-_(6{n-ut=Axm=Pj z&BDr=Gzpua-Ht`~rd0$udDLt-qZ!YGS+0pW{b)G)DkX$!Id*phX=69T;`I7J>mF7L zYE0}byoj4I2SL+Y{~>L~84n(8jANO5i)bsHY z4>rz3@bt$~iTrV?@3Fb%{Q0w%ZQSf|ex5PU&(+Ak%|ayH43gHAd2ZXXyV)5mQAmzW z9r`KovDE4D!sIE|E>q%RS8e92fxyg{r1nJ{H@{^f?C&_tlaMCUA;TW7YLbk7eXP@8 z&wiyGpTkq>ubsTpK3lH)SgwUXD&ZXjkB*a#AH7XMK>z8d`?+#XL)kr5l$d-ysL%t;*+gwVUzThpX9)lz(0L~D?4hL(;Jn*YGCARlMZaoWGXa=$I$B9+Qjvg;$9!py-DxMpK~ z9r$<`xYF+L`;JSc@Y&bOzEu_)NNdG@KS(OxzJ1FZ>pBkYfL-Cg%QV;XHon^RKQ_Uy ze0;otcvZ68VS7~o255cFn%I|c%Al@ zl1JcBgNxrt;N9Wl?oo+~O5lxd;I7ZxKh2*6KAlZIi{(l;;@Kh>nAXG)yh`?UihYDb z)%B4q_$~2_8P8auTFurf z-wjV(I9R7kDs$kECiuxKMj9*q?l{rP%5mZJ&OiBWl#DsQD~{w8*BUK-CinO>gG@5BYldZ|5;Mr-tn=7-?e(+Q;_4rvG?Q6%H93( z^q=3tF^6+?u=*L}!}cl1bZaZwzOZN_VmDru=aSazr@AKo7puVtAWu|qro(;w%_wnk zs^&*aj=9q8c4x41`<@}`X4FQUhx2FP!E6m64|7GmS(1kC`-p?p3#4wQ-o26DeQiXJ?{T5M`eON(WF1<>f4&dR*~}ow0`7+4y!^mS<<7 znr{^8J^uU5obyXn2$M5L5FAZ5L>)DMtYjcNGeg|1i-htI+d@I8+;g@2Gmf6jH{-jD zRmX&gDlj=Loh&v!F3)pwhv;!&S2AE^8SZJh@j4p(juS4hdp{SK#R-YvGCR6t$j&^O0MzNm5fA`62BX$Nn2|l>f zZ9+VHD9bqT;Ue%REzr2J>M<$r9)H?>pn=3fvP>@Jjk;c+X-uCvVBTT#7Ww@@2;l#f z3WVwFQc`Ao!9`K8;CNTjgT@)iXc3`XCqWW_=F#nET*uOX5HL)9 z`OwYHC3LFxbgx#Rt~YaW8J*VBQZ@7Ycfe&`-d4=RzpQo$kI`f4x|i|2|ISOQ%!~~0 z!}=LOjoyQWALm{7R_*QW&DHq}I>#+UKw;TS3xvHSHZfe~cKb6_B5l313NuCTQu-7WaAqs z@c8)nx+>c+lUs^3fCCc=!T<-dE=U!Yg7oiVfYQu4G?bPidrrR)5JE+jg)mqpoli~{*kx{T_VAi`ZxO8J z)>Iw<9{m0Bvj2vhF26mFBKg2tOnpPcV;9wZ7a&1_kl<=P`dG|))fA-NCMJP89v8q# zg@uKAW5q9iC)v;Z;qJFSG+jLYTvCWyfyaa&&>`W(U>cSJ`L`)2m63qa*JFFFp#ir? zEEk3g2S?ptH8+PoG0)HCH6At;?7X^$vCpu8&~KS-tL;g?EP)tBcYR+c_GB!5Cb|k) zQ(sNW^Ap02($gmkx?e?>5Olj8J-#1zI$mg$$WZ1Q=ToVutVE;^H><2Lu^|n&TF6lL zG0xysLhiKDmLI&Quu%o(lv57S{P_u^Hqe zXMm*!NqLD``}Ml7%2b+&RWi18vP;=FpWyN2$;nA|CT$Ikg4c(yssCdgVlql@K+I4x zq>1m+ut23pAL^6)-a`70SkzvKR0Rn>TOBft0)tp_h)T>azf*Hh5B;h9{_i^d`3>w| zN5|{?c=q~PK}o}9{L^*3fx(+eYom_#$BC!=iE5)C?=KJZN2SMw^6*wt}QC`G+iJMPmafYij#N4OoxC`px{g5Uw9=L{Big8)M+C0d>}^%}>^riG%GH8deFBnKDGKe78r}dgOuP12FmfoG_cf zOB*sWQfpTDCVvGfGmjpZ>=y`7!aI!shv_)JY|i6wYtpFZTcT%N3O| zf3tG4w0NHBg)fN!FN&z5cAMwJP66faZtnkj&iD!W^5^$wlELcK_(AZDZjW3iB;u&1 zq~fUfSOtifcpDq|l10hz&Jh}rfd;KId{6Qt!P8y4fm#n0gmH?65{P(@jR9eCriH#d z7L^$$-ZtYJ9T6)_)#!XtHrJ70w%dIa4^p;B0}q#YfmXTJ+dUt1Yin0OQDW$Qp2_Vm z&!>x($3v5+!w(#7q0j6x`LmJ^a;XSpbNz0oI`COJ0NHsnKl3pf#eEwGx}@$!Zr;%$lf>E$-h^TwL7H@EToIaS#7BGnA$i z1sk(uoCI5%IM3r4CjyQp6afOKNTd1sypE$d;_gtJyf))Z+5BYiN6py6V95(pVsA8? zhL=I`owG|nOzx;ms=qKHORrB&Nj#obkar%RJ1xzNii+Z*ha=r0KWB%j-o$wVZYB!=O zE*nw$?^gEbxs5AFtv-h)k2iVydwZB|zB|)YPw8#|M|N0fsMQ~-br@+0c)0yff^r8i z3pXq08J9G8`#;*pvo#whYdtHEmyH{z8IB8YO#Dt|{aBe#B15{%5n!Sj${%~sQnSdP z3H?Qe1aLB0Nn7!847i)xC zx-TfkqsQcmHqIOaY=o=W^8FXA^88kRxBE7tu zzw9`ra`Jn+TX`B%Ge%zBb!Q-r^#j-KQiEfbS^9+d-6*JqM1X_0F24%W*3lgpHb?mI zLG|6x!m#yJS+c-uyd;u`UmQ6QI0CJP2b*8nB4#DPP#;{wNI!nGJq`$v9@M-$zWvWNLJx9l>^?TvC-9TEY zj-*!~ERcCnav-+93qnb6H~;=7jo5+@Zepd1FR@btXopR}Ax~xr99-;MFZ|7L42*vl z;qq1c6`8onMn6a&A65ddVdD2xPp4GRd!9pn{+zwG@3;i-xQ`BYPG7jBdNc`4AG35? zY|=2+c>JZr@zBk2-`&~S86WVs2$mO!NnToBezuinLP<&)a9dV-QVj05@ zrMV1<%XjP1CJ%ci0WguL6>uqny39D>W(x%3hr^ZouM@B--mfj?w`z}@PnQ|(28~W% z_3O4bsP3*?Zf_ruFRQ;ARoK0;vg%`$xN&7ksj8?*+TTJ$6n{|46ZbjTiNa&Nf9yn- z_$#$7_!|#Wp8svW#%hF6IqKWL-GtM?&{FI)4IFUcRhi-;Q2}JRqz^e(A=sb zNhl=3LD=f{Uh*{i6=w3A-R~uK+B3n}rsU~R_f1J?acJbV>;PPl1HV!k11e*vx-<%X z5Rnyy5)>ksDqAM!jzNs9805m5^{V(+qC&bYDa2CCZs}*)JLdtK(AkDCwf&MIhb-GS z{8<+_50HdcrOwAfo7`M3<0!?i`R~Fw{MP=(CWAL`+Mgb%9F|*~ZP!v1ieiu}E*Jo6=yIXdxePEN@ zxXz=>T_%*y_-RiZ1j{-{$UBnT%s&*tj%va02$^ugLiSs_GF}F`_QM6KbNU4^zrck< zMP$nG4;iKW-9rpPpdNKm?g-4K*re=<(^~8t3!dZWbN@_3{s;PQ&TR4TT`)F!+Gh4{ z3milNo)3MTT&1X!SbhB*If%!J;RY!Cfb6nlDkDcE?@Lv=rmrWyBGwraLd~QK#(P%e ze>KXrUpvT2r+BTn+`P+D5Lqe-7nNdESO3Nvv+_KsP(A!C)(z}FUY-uxiTZ3dhffT7 z*8hr>=OSG)_?_*ShfaBF(j;Zpy-O2Ui0T))<1Hy#NX(|HXxfz1`qN;g#3wgu2qrST z_7tb=cJ?P29+&iY{XUU9He_iO8YE}TP~2fSh#)eiB=cHxq4h-8CSqh2S>2B%6l5fF zP7J10)u5V@!^5_vCAhrf9;$m&I&!4`-rFLB>1bEcmdB*btIoyy;fcvOl&bB-w4{f*n*RpDK)k2LkRo$ zA$iW`DE`-sG<+{yuaDu;V4n~@hs@s-%9{il-A>KrYkKaqH;R!zj5)<9On@j7c)6Oy z1MjpuHJUJsmXsNR)YSLPOj2|NyvwcsN#1?xY(UOvT1!TGC&>u~5&Y zb;3bmF+wuWL){b?vpig>>ugeZFtrha7R|Q2O-|J3ohY-M9$EWnP2rxECJjYJp%~3n zuv8G+WR^(PTwXD46?}saDv7?1?#Z5?ZYj*aPb)?mZ~^K=4P9ME+zA#lEhac@irZ)|y=OW3cM{8@*)yChUp z1J%P#hIZ=v8^uWd#M=mX5%IposzU|cvlmuN8^Y=o38rZodl6k~PK9cgC$lUP*LX!!Bw4MAe>GCR`ExN1Cs z!5;ElYuNn9{Dw|;e(ig!vS7Dd#bS4(8IS2ERC@SN10}54PQNaGFt*)1*QygnqRU;- z8Amzl% z-N2S>Kk+gfB~kP1-;&J=03j-)$x+P{a%0FE`^bq;FN*qa6eHin2pi4F-h(NgK_ijA zus-7E>1bF+gN~R~Quts=C8cOKyAhSdkbgruQHuHS;NalssQ-m{s#O$*Sa&l1tH@AK zw~VNO?0n7HWPInU*ZTU+;BxtIun}@@sjH~Onh|%uLiu$BFSOAj@Te(k$qx4~tHG`l z5KZ@J9@0?%H}u$KiZr;Eh2ow!#QxAUDuijy<|mNRyO1T+@)4oD^>6(w2?Zk7`FeZe zz~;rx|Mvn^C=Cz~@~YfBWR`p*?L$uY{T1It8^WE|j7k5Gr^J*obfZliwB%;F)|3LH zfG$`nb!lk{5XG4#Lly6LMr88n8Txu1{MU(J)s)KT=(c|W{y_h%Kiw`OErvCkl3pE#JBHJPN?Vi{Nu$v4o}*2*i>rOV*th216R8(w_EXjUejA@DwUnWP;X z9*tZtZY(URVHN|DPty{l{~Z$QXkr{fp5sDyBP~{-Id(FJijbU^_Z%S#xB!^3r5zTI z4i2(2GT?@anit)f|JxaS5}@$U$<3A1(wy-~v^R?JsqJIVQ;1W)nI<9to9Rxi+9e&8 z33G<0S4E|V){8&xfMugrpu#5dfCv|ehwIr!T*y0C;)}921kY|Z;Axj`HSuosfY7QK zVXnQm`Axw+nqo^Tk@U`{cSCDr9X#1i!Nu7x9r?Mm_{eA6&XX(++`jGIAHy~T=NwWs zKfu+;dF0QvHkwV>llIZnmcR~d-(Uu@4Qo)G8 zhFXK8+c;0gD7?MT%3EnTvA9hjQKT)xmXKX-y`of^;;b<&XoPZv+~=FdUEzqz5Yx2} zVeAQFZoe9zAU`_obQyFqbUprBH#qnfr=*bYMCc6f>{QRpAnxO zRl>Ax+p*;C7kaa)U~}Kr9zF}k0_(Aw_nn(@P%m$@9H*{D6JsngRp^`6QpfSMF(Gm2G?Em?iROAMf^uY+o0E#m*GNQnYu<8Z^!G-yGP=W(Vgr9ic zftBd{gW1Q2I}an1I_p?vJ5JuRaKk}ZTG-|;P~k1Xhn6qFgJHCSbh)ZCJ{gq_P~Pa zL;oqJzVeHSE&ciP{`T)KpZ%Z6J!XuRdz4m~{@hy0r$UhY>Pl zv|LPF{Bb+W>Aj~X0JQ$V&WB!)gF*=CO$1>8e(heR4(;7I1@ka&b}cR}q{T;F^Qcr+ zQ=0%LGSJ@-fMZM0ZYbosIhgod9=+#FRaI&Rzo=*{I0k@20*atxg`>)CyxOqYb+r?Y zPBOp}^rL`<{_A2Ql}wKTcgsKS5Eu-Qsj{)rX=BRAQ;K|X2WGza)RT+GyfsF`EinsRm zWK>k1IySbpU%q}l1VDmUchbR5ckqBLPv$dQHXr{A-6}&ndwYP=xEkeUWC;2E{lcWu ze|_y`V6Xt@`HEde@7^6a-O>+FMqHHi{d;06sz6wdXB?$ired*SF);B8@MM5P)E-B0 zr7D-ikqgy&IxTc|1~tvqI6{a?NahwAt`6pSgd(!PF#qto83xt_21;>qRiuUua0RfR zHsjf+!gpAdqD@XK;zSWO@oR?97L=U(U9!QkHiFFpj6tf^5QVja!vUakd@ozY`1!YK z^Gh4Aay&0VK&5;buI)Lvzc~ks#zl-|sAJm)M!=|=Es4?T#_l}sEiXR+_Osf!ZBJ7X z2z)`a9@t{YrQXd|6uGacv4=C{w>794MOgDrc*a=b*@$pfybQCESJl$4e} zGr$I$1^(_?W!M~|%5k59{YiliSmzb+srBLbCRJ!gW+vEjk%0TAMMT@KY>B`CVE(}D znHWM4Kv?#@IuZjdR<4rPzcW_9i_$A2C%g+x;Cx99u1xnjyZlB)(|Nr+&D59YgGb^k8yLZMN0c~c) z(lB#Y@L8aO9Yt`X zz?S#}#V;`jJ&z;!3E)IPt8ogr;#18vxfG2=j0sg&RxZ|9$m{6vL9pSIHOEP8Mmb|Z z5NmAs9%@bTi(C*}5ssRW)yd8dpnP#}Nh#%eNQ$)2Z$^iQ%m1XN*6PJbQtBdiYTj`O z!Ak7@h5q*TN8=$O*dO4I0`C@yW97E)n2W)E{o=(7SKq`%eTKm`a2MBn87AgY;lYOT z0_^wKB5wNr$#x7-)zyFhUS(o}1;D2-;lkm!e(krnJ_nl+>hKg#S!2%1_rDPiT^s2XBPjB81}$ik-vQnhw4n3SUtG{|e3(E?J7L+P899G>8)0iOP7+ZY+coduKb2 z!j+GOcP)eGRpnb8lJLv~r5$P`ziB-~N3aglAE44-;uI8wQ7Zd7_G1y~2FsC)r}DJp z*#z5r{S`TJ=-Q83Eb>6VXS}tUcUyCYp7c*^7E?wYFw}PK!gfI1&6w@8#Y`05rjT_I zDYSpFoEGi63Lcs35e-?Y4)V$#3F7EQrw(RJ4XIjz4toPRBI~Pbr=Bk?UC~JU{e{*f zd0OM?R5u&iKNNOiiE8<0-pxF8TQ?1cc~nXBm;7%`i!+KtVfxDRkDCm%awLh*9%dKh zd8QmZYV~<}>te}k83!Q}tm>^!CK!der_-$NIP;NCpHg5Hme? zx7InXaTUvWXef?SVnv7B&n^==TC!*w(^!5kb5ok9@kPQQt@-Lr$)GyZT2P=B9d)_J@AD?ypZg&O6$%7e6?OlxZHRBZcx_=mYwYTfQK#Iimm@xRJ=e{! zZM8chAZxtZ>uoV|Gd zKgtu&1Vi5}jkDskQ~?Y0&2++c^wbgF^B~;QRM=x^RD<9NUEcj%b3F=f!v-iIP;uaU z;fap{S;3$r{H4JONp)Jt(vHdXLUpnNyRjI|tAlgSzsy6-AxZ$cHc{7q^r4OZUsk?! zb}l_HZam(fs0UetU$nWCwx*J(sHhQ$J-`Rf_aJZRZ>FM@@t>K7x$eK4-Us#T6x>|D zZdjCOu=hBaOMin8j-~?|3bp@Cv*H=W-^nv%r3I*`DxW7bU_S7+{iHHUOEuN}(ukGDdpS3Oq1?^q-tC33 z%^z)8rL0N}--r}q>UA-5<*o!W_=)s`)gR34H9H|`55&$YP9G8vby}&cPaT zeXTl#ml)N|5Swjutia2eoh*Hi*?Hc#(w?Qi3*M`%)CkU&jVI9e^=;>ovy1<*e6N1b zZs94Ri|R0I=0Q%L0xi&heHOTAlTUgg^|!7|g6fmqz|ANAa721WDx}(9nm5{IO-o(3 zi$2a;i!pNUr;sJ}!UJqp{bR1T{VE~t-2vN737`l0ptST!)8J}W~DU!e<%#FJeq6Y*bV*+W{w&t;h8uR&8G&t@#}N1p#F;SU5axm zwc-PgU(79V);I4Jy_C%!8~}X{SZulDs{#sXwsWy2%4Ub{BZkz4KUw`+ONv!~@yaUM zVqzZ#WcQUHA2LpAGfoaWBsRq6^`(quUqj5tJGFdCW9S7`DN(cC*NJowVVR>^^pgvmI}Rdua9#ge!{{1`3G1Z)xi?}XN{)_SL=i~9RS{)j?wk5VF@WKB+Z2wIs>WnYk;S)geWO#?J z`CMIh7Ha^H2ieL(B}%iH|8!T+uVy zkBU18`1!Y*rl(a{Y$wRmI?QXBuKt$y-e4@^EUMYh*ZF*1hl0`+8ur((uP`#gam?$X@dwbc)!KQqrF!uS|L?{lt$v?Y?3Tk90na$6?@P{4uJ7j-Uc0J_3n?K9# zw#YjOyR4-@Z5K--MQ_HD-=;!+e>KIUs(Sku`6KMW4vMf;#2+-~+4Xq*OL_|>y)oT* zTPTYAj>xsZRN4erLOOjbmb?b@eD#}2+HIbJBJ=_3d?^76f?57wl&}{Yii=-@D@B{b zS?rB&`kwvxR(ZIc+b^XnmZ4qyNiIQCSvn#qeSnbDO;kpY{js3mA~Wq(uBxtJ-jM$M zh?}X-X zhm^}bqgK0zT5f36NeWHhK{>MBW>~z>X>teU*R1@IB1Tm7sfPPDUJ18|X+ShAE5iTK zn$pb7KczgpjcE|1B4|>z(Q}7|q>O3w9*!Z+Ner*Wgb=#`1Urp;cZDw$()Pq=AUn_# zRh&I#wjO$Fgo2PQfWKSu)-!1GlP1q)D34WgPnj8yu<+s3rnd_WxS}o_KlTFmxk_&< ztgW?HwNSAi^F4Z+&i^Qbc=TP*1{$_IcY>Eeu&?~$M;gw51#O&%5w2e%cm%?<9oUl^ zyjJ6_5?Alo{5$gOG5?KH5;28wcdFUv;!*)tY$Rb+mLvb|6GkKc%_WmE7rmSh1yiPa zVq93lC{~jQVQ8c8pPii%5ZnOJu4~Oz=DotWfjM0po&k%dZ*D2~Ut?WYE_r|gK|v-j z53&}$U;Gx)2%7jWf9zysWuXaY2{*7J@4Zj|PN}lG`sH{TGkF;2nc3&8tl8Sd^ssLx zt_WPT8G13YX1}(lof(bASW_Cr6bm6CFZ9T73fKP}A$}h>8^8qKbjJ|9@n?afTe#@( zQWcih+CUH~|NaYk3YRGtor^ohEFW-~5zpR0)(vFOECxkF;*)9eLX4t4D_Q6_lRPVF zE;^l3&!k4NM$ifV288RpfAduB{{7c^H+tqZW?PPq_x3j320T_)$FAqc+HqYqNyX2B zKA-)a3X5=uSB*0DUmC)oo}SyM;&kfWTlac#KC&#fxZO=lPfjo6c${PLn2)F~4}uM_ zUT0bgDBbkt8z}npE-@)dk*RFlhF39_LICH#d4-3P2mdv{T4;573a>L%RKRUKXRdHJ zZg&?Wu3#?Ja`fLW!M)67p`j2DCZTLoz8dzzsCy`q{60(U^6DzA2m=9X&?4BvYd5A8 z&v?m3BxxFMUOsLkBq}aGJwEOR{;X%|ZWb{4l^j2TM2wja`RRQ4rh2Cd@U}C~)}EoC z@o@#bX`sf4pj2Yp$LlF0326iUIRHW&JuwM`6xrl~!EFu7utC7NXK8LNQlsKV;U=7+ z$Px=+6fB7@GZN+DSF{m1%wNIpgpkP|1T74hzF=^}aZlwP{r&s*$OwRDf%}c0S1*$! zb~w$u{UHnIDbLTzNdqGzIwV%;PXhd58!Ia=?qXyRV{+aVM6|hm1aa2jV!Fph(zA44 z)!&SX+(<$iN>fWekw{0tB>+%>02rkZ<3xy**l8dO+7C2#Z~(9n{FN{T@sbgWvBtuJ z1P~8GiG)o9G?hNcv5geSRWeX39<{a__m+LKVaZ-S&dXB;%_+o+)P3guF5_$y<_PNv zP~JN)CsmkY^NbHqiCDs;uHHK$1M?7iX6LBdb^=H=sz{m8158bA?QxK+=H*$8N=f?K zVYY<*t+ohF))?yv9eB5glz~rVSDhlgPLJt0x*!@hJb_PUxkMRIYeC@S(*&5 zQT}0bH7p)~z6847I|tWE7SpF`!ca8Z(jalH$jgZM_x@G3+@4;O*PKHBu&qGy45S^U zrKN?J0w@Pl>Dv{XF6uCpiJs2gG)QoQ%!{P-^cS|aMa9MPt4g{%{*>d@p`kCK!GoYA z0C54r05G}(cZ7tFy-x&ya)1fpNnW{fB_bjMST!?NGX3Bs`+m-zyFTZhE-o&Bn5bPV zomJ-MgCL>mY7ozIqmcIwCLIA`|FU?tRLYg4r9UR1I_B6D*pq6MCPFx}hzGt0@!$^ta2iVRz9n@tG;b^qt|^b5*%u#wuc z;lwXDyvk7@t^hP0kB;LO=cSI3l0oKshN+QgV* zALSmcg$_we#G_QK}Uw`YzR1h$G`F{ z4hdXq7e<(>d7R{KY-|9m0%olzV~&g8xv2hJNVtvB8fljnJ+nx7=&0l{6( za^VGIvKtaN6504-m#A}$VY*Az(zCJ~V8~+0B=550k@)W>V@cDa=p%NAos$kaQh~W4 zq2I%re%ySr^QQbDU5wwO`_6N(=S9@gzG8zpZvp};Y*SizdTF<)$V-FK(qo_hrVHB- z4G&Wi-^|o3H1{;2_rk1}VFR2CNgVK=zL}o?wsQ6$6ANhRa~A*sBnL#2%tVzR7<6B9sX z2zkTB#U)v4pz9xp&>|5L5oBgg4pV5B0Civ52264HJoar24GkR}%H*=&K1!+3m+svt zs9xJOsh$AzCnh5!BRQEp4PQ2k&x)xjF7=7bP;%X3vR6ugHk`*qI)Wu?eu z{T2@&=07m1b1GF{)$>u_OU)h(!q;I zu!C{^QN+Z5vh<%{=OlAxd4o23RHOs(UY8^atazYkSOw{73W`wD@06}nP>kt2s(k)# z-5r3w8v^|gFn-5JN8j4oq6cJ}f>WBqez01hQL=-U0&=plw4%Pm{>zo(_wii7oISQQ07*55B1R9h92roms1R4{{Zu!iD^`^ zn~~STLV*()`ta~sY&Gtj^eSVUp?#_H*Xqh=_ba;W{<5h zKa`B<;3b!7wGqk?_MViWrxzB+LbHZaqGvCH)Ri5%R&B_xM$g$ei>eN1qR{~10?D=m zDET&Dt(xuHzkc%4#JBc-Sp_8}>gg0HX%yy1IeaV^4#IwJbj(Bib`(M?f4CCJlyy7( zr%!#WtD_t{1!a+QLsELJl(CiBBKnXdjQX;>>lE8XMos<8z`QCnS}^IbpjIN4u(X-j z2l0i{hRf^Y$*Bjx+saBxr>Cc6c-T&Nv6bt!p4(Oo)pSro&Q=6i-gK9imvPbaZqt2D z6nzXxw2#llC}s!c-1fFZKr}qrNy$khdis%oDrpUe3z1VZaX`b{66ug_6|!$Iu>(49 zSntdU#H88-c;1T(3joyUFj6%!NF!O;;;OSkj{ns-cS zexTcKUw!Q-1Fq{)#)PBQD)YAuk)GG2P@u?xrvV*;>}W^c9y=CFR1Bq0Wunh%5jm&D zF4*^7=433mF^MJ^%dgq!Kf}q2Z%_CvcP}8i&mxzqePZI)ojYT& zcu`n&Y_zM1Vkl{R-?q^9{^zPMF-Zxd&fgVnu_=57T5)!lyE#j z`$@Gl{sP(Tiz59>rR>3QTG6VIjO(VJtD~Hi`l{z_X{Gw+Eeh@rk?6sqn68EO^(O`f zHs#~G@vr`H$7t6#G^8%N0Z_>I3s;GSz+S?K%v6Q_fiIuldsUWUK)cqQ>oq?x#hV{7 z29WFM>i+!vM09D_Er@TE*NWlFomu5&(x>5i@q$SzdU|@y%*;?zWv)#e?%csb++Q3G zp6Zf!BJQ`i@cO+8PNEfX+GL1(DX#g;RfMo|yBUI^8%aP=KCv#KiVp6)#pFGPWmL7R z{wXplfcL6o027LV2ocCTy6S|=0$QulFbc(d;h#nSYu#C+?aqt&qmz@j-}RB`cyqSU zJhqQ+ryA7ENNEi={ZBff(qyv0O;S+&CcHK`U-&tvf>hQ(OUtZ!qOpO-fY6^W#C-Ay z_ai43r|wGw+5)_%Eux1TWF7WE`BPC*Wd)NMjdl9F~vuM{eIjA1~xcP{QUd?8G2MWqB>?$ z*Cno2LfB#7CeE4}pfheBBKfR_%0Xa3I8p|aKc%mR?Hr?s9VJ~jk{laLN=7z6==qjq zh1;TB1bW_{p0JWfH*kcJ#cHSkpyweq0XJ5$r1$Jl(|f*PdS6DPcnnCY36s*!*G`z@ zLe@elAyKt7I^CsZqK`4mPF*nLWHp%TEBh=MrL5-?D9jJvRk+6@gIK*QchWWJO|r<*D>@5Mw^D-gxtB^`29m@znMC`a3&qfCEIpQB?BtX>9I8QD!{McHIwJ(#X^n5^0=nnHaiTQOG=`GY}m}Fxk94WzNPfYzkkgkC*p%T38Sy6 zbeD2*DG-s^uQG9eXCszr%@*!DJ}wwxC%Imkl_kCS2OUZ&DAX3ninOw_0uUo4Wc?~W zWy{XJ0AI_zl!TBidTW0K1j}ma=s;_+3$z#*mEe*7Ofn0Y6Rr*<2U{+R0rdp}N}#CT z4}4n#nDycW@%D zSaZ^%oY=@4fsnF@kc?L~qwdVzZ(*T)i*T>~bwl_lFCbU4X*n&fxboo8WBqt!U7BE* zfPtI2iI!y4jI!ON6jiD75UBzyi~n}dgjt!s?e}HFVI?7lM9>J+(9n>O%nDzp$J)?L z5EVH zaujN@i$pF8i}sZGX3?~KqDF`L(|;Uc=L?~HlgWDApOW!I4whONW#Zz#UUO4 zs89r9v~=Ewf0{4OMQ`7}EhMBB#F_L}mcHcFC*_<8loT=cc(#ZLUp~r;ntFjn#)V8 zg6#B==KpB{YCP%PXsw%-xdc>WJByi~s%8&Nf*h2);h(?K2he{xVd+{KNcEvL26^GT zjE;K6hy$DDOBR5~d8{(K3Bg&cc*c`)xdXgG!LbUB8pycwD?9;MCdT+^2BV}oVJn56 z>G|MmETR6aCP?De1f*1uqY|yE@5sgGOwp*;Kao+Yu6$ah2!<-0#Xqw*Z`^A~FvtwY z(SMI)rN_FCr$bgs|Kt64HDIa5TYSAYs zevEpfR?gtG%_2$qv%{?S)$*jsUH0xJD;pbL7t$rC)aYPEqBe0ZTLLJ*aO7-lZ3QGc zxvV_u5sY}xhdGdQ9v&7Z>T}+pQy38$$>LYA`P>uNTJy?{sfPi~k}6M?ay2(Lx_27J zZCILrU%dVlh*c$5l4wCe@m}uSa(4zj>Z};TO8dh`=!WXBgP6OQQtWGG3j6@`UspL| zua4}isYZWlaVVWwM}2vtNt`34*)h%Rk?mC8^V((e_Oj;sakOXRc6P1PTAX9o>g2ag zt!lZ9I~!VM`b8UwlNx0OLIVfSInnr{9bHn9KU3}610Bav7ig1j_mRB#S1>HGG>Gob zFf$#wVEGkuO;(OQv1yKuSw3AUC@)9rk|Ex_GUY&)0ITSX#Q4f1Q?$zZ^IQxC(RxFw+H^O?mj{vFY_%mB6h%M8%tU3cz z=AL&sox9M&?(Fn{g^_@O+2(V5D3S_~?*rrjZBD60kKbQcoH4tsc#Ojm?G5qdc;e&!K}$&_;-qAPAbKL%`b z^~Z-;tu;{Ez#msZvIa)nCohOUM@?Gc+G(5%&c!^^(W$cg^JRX1zV$VZvIM|q{V8{% zj1%wt_I#MDDcCvBlom53BxNHsvHiCPqM>)YZe_5(Q`%+>ume2`)c)e8V{1uC$@@Jv z`z(@3H0HgIYCORzY%Eg_*&o*FxY!63HVD;r;QxOvCzofKe}m^~OLXRaZT8$N!#|o; zkQi@J3`p#N_pAcXg2MbI)fduC?oKt>I|AqoA`@(c(^B;AQg)P_jEus&1c8wE?oFbv zUib0wr1qcu+xUU0K+odzr#|Ku`|Uz_Z)Yc)CwSNJvQ15{64HDZth}w-|B~R7Sy=cU zdAekY75bmPYze=es=0aYHxrm(c~koE0{t!TGF`Xm(SG0G7q-Oxx2eCa@Aj=*`S0Ji z6dwnCe+qNk15#y_to^sp>tO6|24#G>T((-isORB7&>w;b?5^WNuk-pZbil5=Scg48 zB;wwuhqK?pK$m&$dzI2U>!(c>JP{b5vN{^WB3JxkGko^9x0Te?SRCu6URjDfmrc{u*RM1A7Mhw$Bhtjd#RbX|f)0C#!~*Tvtnlaa zt~O?t!U=NA^6>_+%1WFc&J|Tp$NXbPJOw-I$-yQapP9nhR&GUc#rL51tTNqKiQ)`% z)a+p`yUR3MKiL>Be|AeH(G>)ZzP`R?Wo1TVMJaJfN1*5W2#G3dkq0FCc%&f=FP!P@ zWHef==0AUE!ah1Wx=em}*?g8aVoe{=e7ddde*6b|-eVjr6DeOZZN^YF)o*4yxB&<4 zek5g1;c^bmtR{Yo2^@N-n?3_o6YK2ntRar>24Mf^Ux^eI6=QPq>%!}lUszdfJwp1c zYied`vFGwI9yFuQ%)!p5XeGrl$2F+2;;B>?F1XP+WYw^rtZ2xNJ;T&b#L)w|H{f4$ zbHnP_!#qv_~Nnc2`D}3rB?HIa*E>sDqfWq)K!-xbQSgc;Pr@(ve(0@*EIZ zTQFo+j`8F%4Yw6aSyH(}l#2FP;V$~y@}hbo#W2{j2&?Zzghp zc$fpG#L7?YU@-*|<*R0huR~`KXWhuM6M)JRE*mthq**OHG`F_zwd@5`Us3!(CY2OX zX#C`xG?O`F+fN&zoqO_@$tZO23`FAZuT4+!vMqnltY|*J`=ik#3Pe)tzb|l>*)>pb z(S&e4J+d++h2VqiP6aj$yW{|;h^(o1XDN@5^FQk!vKDMUuM-lzv?V7cI65r!pJ56w zRWXE!Fe3d)Y3d;^!T-BJ8o1yxGJgNM{vn~0mm%b5Fz={!rGpt8k?EuSN6*s|Rv2CM zI5YYG(GZhdi%kr)6}mC*MLlMA@a@sdinxS?fs{J~FRDSncLo6-582-#GYuQvFBL_Q zs}6dwao8jPD6xg|QR2gLa)wm9EZMMl4!!L^L3EgijktI77dbzKxa!?rSLkxUHBQ9s*l~LMA(7em3E?<;x`vugaDQHv8E;taxj3AQg3A_?`xX)tmxAcL+swAR zJ3D9G#L;MI=r-6Z-9Z!`M$UOR)w!nPQ(Rt>seIJNiIr-r{ROwnzj8M||21v#0uI-fVCmR?ToF4r4F{*V4T*Fo+ z3zUAFnD{gEJ`P(7S2QQ~wn95o_YI9{LF#W}i2W^C@TmZ>iHmzf&&vJ|PuPV!P3<7c z=X4I#v`{upp+evW|5)8KZ4cM0b7IT1it#$Qh*B_Yc^_CIdJqE-7qap^V!H&4zhG^b zPO>rC`~;lFqA&R!aBB-!H4ZQSeICT)6&{w1scpwP`-vUVUjj{r3w3?)7 z`r1P(C?OL5L5h$qJdMD>K%GKu>u=#y{5jexL(Tn3{6W1&L_|?AQi(V&fGFY(x8tzyl?L#F-}*D@59bpnW{esCT3(k=9+jG=J{RX;?%J_ zt_#L<{I5T4_x}Y42i>IZxhjNb$7L7OU6X)Zc04;dQ1@3bbh?aC_hA)Z*FF$ zP9|&60K#HEulDejmD*jio_-D_f|axO?AP;RFdWE}$%sC?lhgpaA}KDe!hMfDG)q%c z6QzoQ9|OPG-Tl1IxriQ_L`4-eG$b6!=)DE+(xAz+w%Nyb_;Gh2p5A)(FKLtNak!%b z?%nYJZw9wYR#R17A1Pck!nr8ZU6u2G+`kPBN793keG4%Ae7P}L6 z76RV{ik+-2eJ?2)EoYKWUqtx>fRH_kK+tyIa#78N$Ryb?adkSRY;&XF~_m9tV-sKgr4P5uIIKNrKOH6cqj) z@7>Ui_u8CtxvXXPgU-KDg5BrYY#VNlQo5lb6t_C3<=Hn8H`qe)2nh|FJl%>7#o!$c zu8o%`csC1FDt{dPnw|VrulUW=Ni0`3R^_I}n&hcdqOe>)!v1 zQ4&S^%v(aD`Ijgu8V@iAw+4aaJc6rV;ldV9@@v+kX6w*5X&b-}d%l$hU`d`zQkFWa zf-~D4)?Nc9P!cgRg2QC`5ZY?WHy;N6F&6ZXjU7PSc-LWGK}H5kkw-y}F!P?WakzfP zHdZItiC{cv>*(NqT%}StGJ3HEpw7LWUVZ?sz2O(>59-T&Vh1|`GzJ+y=U}bAzcKW3 zXp+gux;K#*3SAd0)xN%WWp(wArzISw+xzgP!>-*zJUL;@U5pm^icce4A|I8`{;qo& zcecr!m5r^|`|R%55>g{CLC~NW(RmA7et$olKY;ZAUi|WRq7bh?y-7H+zx!)rpsgW) z!sf-s2yA?3+;z%$+xFXRPvnQ@*MxeFAnm?5-FXmi4h_&<7)30)j=tDWLXo?rn(PGe zRbb|Tg_}RvB)a$ZWJ;V6EkKFS(PLp|){^X*Zbn6lX@7ll>PPwuexL18`7};viN=eq*J&{{|CwNY(d~a z083gycLd-)0?Y&iB26t{rx0G9eNTYm$9&X!@rdQH7v&Ie^gE0Zl*_$P#7jFxb5T|77FYM&{BOC6XhNUI~Shm zSp`3SeE#s^iJzkkF}DY1zZSc8Mw1uw{v8DU$@br7LRvn`@GX0L#N23iFgY!)ZMEa_ zviuu-Dr+7}21Z7>1LgT1Bj9cbQWBDwm>7he`U_|U57tj;O;e-4#~WLARpI*9S6rvO zAIy-Qb?WH_Gr6w1`pn#%>F%!kG2KN$lPsA=r4R{DP{37eY*EgcpBCjs21leF_CV=T zS5l*yGEa|}4L(W~>?~Xjmk!Ok>%0c(P=)HO^!{Y;tv}pPk?PbWS|v_C@Qyw%WR(jOra?Cdq^uPYI7KNe1QIV^5Pi7s6 zLYm}G$)}8b0yU{nl=I7f15wziHkG4r4$0turJu(a-)x`ead(gOUZ4v2e#+h4;JT%m z_E`kcNzg91a_NW(qbP?`O+8k{X~!~WyL@*n9s+#m^8c=W$&DZw#JFE$z7r3n z8f?;0H$(~Nbe{f+xfvE5?m63ai;zzIbW5JDHb)Q>AsK*>iS%39ML7N-_b0uj)|+vW z8x+*RKM+28gJ93`mbDr$rPvkB*9|JuOrcT_NvcQ5G2aqgy}~;x#_G{XQ}#Re%RI@z z4ql*irh3Kqt3QUsoSS#JF%aN`>gwu(9_|!8ZE%*Xtgovg4Z-$oRPxkMDVJK%IxeRf zuG_kRV^o`c^4+gae8aIpdVkk*GdBszc?QB382JGOlU8N4hi5Bw;QkqoWr$rRWmIITFCI^D8O_oqH=JJ(OW zsIHbte-;uof7NLhF{50ha{^(2XJ-e$fBRgVL2?t+mD#_4U%_=^a6Hd1EHpt_;FCHh z3sa}4N-6h$-YjMn0nt*5+MAJk+y4r@KG}R$bG*M8mURg2 z-vtDgXR­2L7j?~Urti&WT!!y#F$Kp~VY08G#kapM-mWqy8g0#E#DI3oiCA&u}; z0qVzfxMpz-0Z=XupuN&0V-C&gvj~fbc(=jE#dSXOnh5OAs#p1)S-}0~wD!{;)?>`= z>j-*o?#+=$Mu8|e89^NsMai4>mwj_68UzMS+ugST;}K9*=5k@W;R=!K(B6QigsVA2 zcL>T5NTR?az!B65$Gr$u`$K3j?!NjcI;dF4%e6`tUTTU}_x202^~jN;KTQnK12_XB z%STtIY=I7l+Bqp%5Uj3U84==`vA5ghlk#t6NyC+;v>R>s_ z%E**_0x1Hy>p28lQ*c`Vc5vNvW_5LyQW}K_AIK2BvpW3X;&}C`l_DELGJh;TCkMI? zvD}BZ-;LgeU?B5>NB23gb+os)AN!$Iq;m~Tujd2E z;X+?Vvw2TEDAXowgwoU~NJ)19a~0c~k5zke8<06OU7_2nvpyH~Ok7;zTwMJV6E_fR zE$;~r>=63W{2P+I2vd9>Ie`dPgS6s;Byz0)b!TUAS#3c`obPVJeAMX260)4)OmyrG zG!ddn2KlX{1Lh|8rSF;0(EhBjB0ZutJq5*-O0qzgb>+vA6|a+hul@072;VX20%ISD zOCjGztYhGXjmV(GF8O79oOxob$L2Kk>$x-?pdx+%eONmsNJ&<*qr_vl&;fA1e9~E6 zEpCPgH&M+ZEa@m4!CdFQ#?Q4u>Y$N3M;Hg)E5dvS2Qy-l_nVi5e98Gj(mhW zwP`8zk#L#9Kwsabz@_TiZT%#DBdDzuKC&BN&dl|lk02n@*$M_3O(3AVL zrNNitlD$Vpe<|SC)j6wzjW}OGzIWlHV(hKWiTY|&hwZiyQnt`(Fg(U{KISs&7kB;l ze)PWlryfRm@h!le@7VnOH}NusUWSN(rpC34j@Fg#|7OrAQ-txrO|cAE z1cBEmn)ZLK;@^kD+M6K(sb&}m27`>HgT6s(z|Vsz!wA190_OT1{-vwyJ;^SQ;2*!m zxp4J(pdEv^mzJ0)3}=K~_I;7fg4}^2Sb$iN!e(k>0`t=zR5ha-JCF>4A_bram||5j z)lsqv@RY>?REEa*QXgqjRE77Up%QDf`zo6RdzX)m$h-^4e4*Rq!H)$^m+DFU)nvTD zF9QRca7N+~CInjp*J}i=783<1Jq9fe%FGl2&~^T4Pmho!gFBBW;9xfh^%>6^aVE|l zgg&2MgA68aICQz2Wqu|Z8ymymS+Q&C?7Z)fea+XgG1~e$59LkoLt_&C*0d(bI7w3* z1IG@S;$h5yj}wK-s&PNY#x#o+$|DaSpQgJt04AD~9*RG#1w$S#-3<2e31vmXe*lXl z0!b7V9-3wKF>{>a2HI_`xOsOr42SUM(h#$txVSi66519_Y+d=r_gBnBHMG`kJiX9X z!~Co=EI|GZmlOc^pL3UU(0RrMU5I z%M>3mD+3*C~Zf4~_oA5K#XH@CiS^(_^K04SKx zJw`ri^IP;DZuelLq6>mrOsH-uh<2M6m`+2}!!f(W>9JzfSWJ{%Nh zz^_`}^T8uTN!Ccnm&u`VCiCHW|a zh09wx#&1q7lCOx>pI)ITnlb>ZvYsbYAzOd9cbLA5oAqb4OB8G_Sn`S+R7ed~$Mlqy z5Y%0Ot>QUTz*bLvopwF_yw>i|Y1hO2I_GsjE^e!^koK^r5?7&HgcrNt0ha&)e~@9q z&vA|C4cT=vvU?W2iCr(%L_81ez^{X_v(&wmVT<#=ojZz)Qv*Q3u*|Hhd_a8F;q~&UnWB7rD*Fw@W z$~X2Uezb&ZGpDtVM@Q8x57H+qpFi>!zRo@Z($WilmyOEjwF%|ru@7U=Sd^xrd2~LW zho(_thI)EOFtI`Yz0bm~)xnH1$LwVciG+_h3ril5m%3!=5Rvbn7>YPsI6D<*S%^oy zd#Ds}TNSOZi4?+n_Xe{8Y-@zC++q`pEOGP5u>>>cAi>HsEDKBoeE|N~A04p?p69=m z-d^1D=Y`u;b=co=smK6;whs}=kRt*^yo|hjPr`{sQatFUpj!Q~t}L1z?$~JvBlzr$ z$1#(m7HcN4y@ZcMv*Ba;NjZp0_Xx@`7`(pfjoqcZAdc}YCOTDd+bHL?s%@>T&UWbk zv;f7?_Ew5r8&e)&6pD#`NK;ENHC|151;>=&iZ1|Xum&#irO>R8JNK*1TE zr)O7a&YAfn5oowi6oE+2^J7)&B6&N^LBDw$iQyY;u2-a^TqaQKw~37qO6j}TQI01I za=Q@3W&2ei}lXy z{wNmaS17Ev{)Fo`jv;*(K#ysE&}wV^l-~1nj$FmzjXV;N&GqR78Sxr)qVHpE*4v!VmeBjb#&PJEX z%|jAXfERM2c^w|UZ!mJYnaiYe8})* zLER?VXPfdP$n^nG(&Q8rbii;!;|!wnyJcwxsv7t4R)%XET>}rGj=hIkG30!}A+Bq4G$+}n1p}~aiGa|wZZa(Q`?y7HKPQHJf z^ywRLDz~}0t0&eq^%a(HuI(0mE~3B^)cygCOu0oL2x@XQ#QQno=%1H#ex1KXjRG|NBQNV5tsD&iONTrYh5 zc*#>il)^s2$dhTzmlV8m$RRRStrr|U&`9W z66E3G;o=(Y>5=*TCMd8&Mm|H>%>fK~rXA-|az(^4;-D;p#G^*l>C14EYGaP=20LKe z;jn@2XgrWU|^9Xi5N)(2csvH-m2%S9+j#E9Ge+T}Iv2M7m53sqL6j8pN^(I^zE#C>n&&sVw! zN-GMdi$X8Yi$KC_>Hs3tVtOQ*H1Z1|$M6myVFN&Rhm(C;-1T3tmWPt&qb&2@Olq*= z!A!8b`J0=80pwhm5Zl2uq>%?~dFt}mTQ?=@lh&d;Die;ryq zAjGFVHXFg~vD#%{ZDj(?Uz+GMp%gl=-9eCu3lzMG_=y2B89i7Wa8ol>qUfhRucq(& zdO}PK-~%v^UQNAQ4v|;I`jsEyLglD?+rg#GoYcAti$=Ga;;J6thKy2C%%m$KpTudG zSS(p}^|PKaj7V+Mqjh><_Mhnug)Apo=Z%5_RuG%UcFC}WOxkh0b8cqqVge2ypfsRS ziDd_6ec0~)1%v^CsGm~1djUHi%eIFRWgHGFlIrJUTSfZBV#ap2vA>|-zCmnQ}40Y&uW!Rn!cnn#r0pDS1fQVpStp4Dq zh==;q?*X`^Mrp#OwN)ezA01rF#|-q=oz*g*;^0&Am~Y4B_QW?rM}+(m92}ekN{*YS zNExygVcya+AZnVA_ERW~JneyDg&XMMNQFq3Lg`G`ojx{k@g@*dO3KO}ebOt3`NL3C zlLR$$8C3=sqk;FNhHai)hBhYVZglh>qO;=5Na{6T45rt0{pdg8$;u)xdm^s8+cwr_iSU8G~51H18{E0Ez+2PeoKk2#A^PoqOZ9oN&Lk z3B(4ff6#(53>LD1fdNZ_k6P@LG^Nie-z4!E`?H2ZEm^<34D?B)0eyhCw>K!~zCb|L zeH-FEvf3tY`sO0%vQDt?P_I*Ih0h&oUr zfy^j@^Dzv=CD_-*xBC}!w zfbHq&0;-pRT|jOPZMF?bO+NXn-vYr;QB?d_O;yTJ#4^)aM;)254*>4(gvf4f9Uai? zuS0Ni{O|iMCi?pNaO3@{OMp5Q(o#`nLHujiCTi>%w>Dv_W5I~hFWBaS-IxFa6bWHF zz;IEtq6-eM$8Ed;4f}hA2!W!eR+9UG#S6YV7)s#Ul4r=wK}#FdgMtw0JTn`cPg5^k zUQ6^n`G^k13;^PcP8b>SlOWO8I1%PFNX`P>y9a{Q(gmL{tc*OrO6X|`y*>(&Y;k+B(tLn!gzi+-NkPA4rYA8`h&m!quLCU;sVnwbh%4S4%kbaUe;t2E zkoedT-pIXbec)YtTW*xwGC zco1Qw@EA+$=;&l$dwWfqm7boSm9=2-t>BH_&a+_duJheNc{*^&-Uea9znRv{I0Vws zDi9ex8-R-T+hbDkfk0u7K5U}$)gcels35*lSdyI__Yk{(~*2V;;C5bXONmHM_Yz%xgQ zAbh7@40Lu1`<&lHNGesSofi&T!ruAv^((U%`@jwy1mK$;3hq!drj$bkz(fycBX|oc z^#NB{0`)i#CG{_njYp2s$Vz=q-mMdH+C`b9SZLT{*|GzEuD zXQ#p}K2vMAMgH9%Y#cqu5V+><9&0)*gOOV`F3PYXSiH zhGpgCNXp7`zP=btR+iS#va{nswAcvMfA;~~1!zuwHv9M_$oE<}Lads!H0DwMZbU;v z0{~elY0hP0%^*qSbv&Wmhl}L7BBS{?Wjt0aNJIh<(m7h}vq18gm{fsV6xuw0f6R{2 zYnf9PkR0|KtQ#-{r=)nO7LUE!n3O&CM40-Pj#z{FZfJGy%2oXE5Zl+XYj&RTLHnPn z7V4=2{~^J!t(3dJvx9?Jo2;FaGfZdw7mOm3;bmZO*jv#C3>G5N0$4*qgWKr7r};tK zpHaRFNzWix4tIVqFz1pY5F~cPDzE*QMpCW(WH{~$j3P{fS?Nu}YD0~68x6;bJcwSm zmRJqH94j^gE5HxSA4=B==(U~;Z2J6bE$MiZChR@ytf;7<(CK@AraC`5BwT&728D?Q6$)Yb4NGsY?qaD#~#Nlts zM4&siU=n{ekZO;eiL#^l4bn$ngiqPiYnZ?-fKL?AfnE##PsAa(zt;B&*C&GB1Y&d$ zt5r-uIs$V?RL1}D^xff9|L^~{W29qt>^;)4M~HCjJ#vIfc1BqtWbZwWO~{s!tYohu zD`X`VLa4W_6cOLs=emBs>*}wry3Tq%@8^9#?#FN+%H@mW8h^+t#{=a-=Bt(p9uP!? zV3@m~KXIGx4cy>xjsSQ4;nfBR)Y6ibo7?usB;>&*L=m(f&rE<5&WN9|aN@eH5ile= z3Woy*&_5F@7Xx?ST!Ja#kFKnY@6Hl{x91luTuBc=nG4d^mX<%vZXJ{0H2{P;;ae}k zH>SW5x`Bt@029%?H9K|&vV@mcQvkw~!IvIE3MdEEWcSMtDF~rzba*S-#RHHiJT^%HR2Ag z+PzXfpBqXvE@rWV;(WK4XIGrez6 zi-L+OE;%{P*SRK)7=@x7NaZf9BxJ=PIIK`UuXmQ&gMLkR_??+&zPepzY)$!;($FTF z!eRe0ZM$UYt5?47p2)%u$ooG51Q%XdlXj)l$AV7(KmW}zYhIxrz*8dU3^QD4*4g=U z@$mP;_TOJWr^I-HM))d+gDs33A&!uSh%=}t9S)WV%A?e~~F0*}Ou&QJM;h0qc4kubL0$pT5#*c!J^oEsHU z@@~HanifGpn6;4@<)t!fbt4mdY{s;E1hRiZUIc{PIb%|o9WK@REuZR{?;lw5)lx3} z(%<4@=JjcllboAp!+fAi`OcN7BlG3e%TLLNG@O#)c95tp0qAsgc6R%sZf@MGryg%Pq|07FEr`W)N)!A7il8X}GQ#aAp*j|7AsKpZhJSJ=Zz6ioWH zIpV@NtOk3V?H6F@QU!gU;;)GwC>5gU`0Wr%L<2sa6&jOE?Tc?y4?Au^jo~~TDV`kK z0|O+Ed&=m9TmJ7AU-%sTypsq~ThgzxD4>HB*G$tq>mUq!r(SOGIo02o5`Q^)h2p zV&VogA-*czS6?;^41L#pbit`Q{W5HWE2f6R@bEJ2p%a5+sWdI-X~T<2ZyDkN>4q`F z8g`5}Sb-0K0gZ4Irr=T0scm}6DK9zY;@)YXN5Hkh;oiNudEtl@%ep`N`w}_2;D}H$ zB^6)T)s!lgze#i}`{x?hAMP%+pddii-(jU^W`;^xD{4(kS-ONCfh)lWdMtQ!c-h03 zV2{Pa&Rz)m6G*jARG<1)@J3&;VPe9tVEvA9atgHpMpsK(TNw#w!nC^Cq87wlZ8_ym zHtPI0BA+sz^MMHaMTK{%LLaJAZ(a8KMrKky^FKuvZiQ*`z7d_8)s<&t?!{V>m}Okn zlV3tPsMi;hK7ocyR^oHx+1feEaLz~q`~$N3Y#M+0gcI4;Ol^V!*29`l-eoD_(7xGX z=#qzD+=f3W{dvo>?$eL)rkF=(XxsmfO_y3xv7Yam>D&4KkI?1IP%vLVF85Al#Au!i z)3XZ;MRJZ^3PZ~1Z&>Uh6wQhZD`&o&Iz@hdmywmh8Q~?zIyQkPnWxpX90nm}TR>Tb zq}nt1eLWu1lyA0p1#&Z@ESZMQ={NmQX`%BvEEgw zLWSJvaS62|0}(Z+h9PqV2OgdEC%Iy3YwCCumoHo{#eIF&$=8{fm;~c&?6LNyvu}Vh zR8U|Eya7wTG}{oHp8ebU@6J)=_wR8N6E9#rB1jhpXHZ0>4!C&jpQ-TDFDKjzFtas+ z-yOyri(2)v%(99{Pj6LD{pdG0r6VrxQ$=Ek7^BJrBE*(tELFMGZrBmN|KUY2PWy*= z-5M4?vE^!CP)RESs(#>wz2(!em&O^*QR=8&W*W=&oJ|60NLM@K=%?(?WfXmbRLzJ| zMTKJ$^`eIY4=+PIl7mNIt!I-wf&+s9-lo65pVPE+R5>SJ@x%QGz|hVFq~i>>kfc;B z?#fJww2_!ez~{h}8f>r&?dV;NZXH3_3;WmMk&#&Pt%9o~SBn7Ih_VJ*#aofrUFxqW z0QVVdP#Q`7amO%Aeos)g8Xxbiy3Q%zO{ZMGDygq&JQ=!GTQsFW;^`A=rPD9KWjn*& z3@d41PxYC_O@{C;VT{t#t8*P=5vyUy?+5-kmw0<~&x&~O=Ibgcx;k*9vt@Z1C2o8t ziSh-m|z^c$nTKECWXw;u^r;0w|PExVJSG zRR6~|XP~3g&69>9;GxbCBoz2?IPcn{Ex;k~nZunF1lY^P zf_0e8ucpCPgN?^A_0vOwVf4z_OmW+w79cR)|9-cFUI1JJ%xh=QC%5E($3mtq&@iqf zD@X?pPAaLBbJXx)3FFtEJ{{cTwewiK&rB*w_Ja4-LFk z(7wJ3K4YJ%FaZ4nnn;vG)ctU0@bSTa89}R>04F#*gFktE6=8Z?zqD{%A1qgbVR8lz zBG3krGOX?)X}tJ&lT|T1o;hhT#BZ}JoN_0`oZ<+Of^_7GrY?=ILGE1naK1`jv<{OP#ds%qJaIWbp}=jAHH&zRs8>`y)1x-LgQ9 zXNJ72YE7M{kW>z!e1y_d&Ileb>Gu(i#uDi^&sBt+CSMx;`@s9hq z%bs&WJ)OEyU+$`#_*dQ=9J0Ea!)#jr_{bQCaUM_1u&AhB)D=4NFvHkz@C}8ebK`7I z&&CKxZ@K(*-N+>!sOQVeK!(8z((lUg)4Mok`vaLA;EXgH#O(dd>vhQ~na+~A0BxOP z`2hN5R>y5~l`g{c11x7kve_mES+etc@e6#*FycYk1;d)g({b1->*k2t!>ljV={$Ye zkfDGUa|qmA26}oRo^CI=b@TcUe;n31YMdDQu>oXFQuY9j@jJ`<^$V>)!-y-ENuu@b zn(+*=rbPa?*c}X8HqfVJ*u73SSRJbQ$Ud;LKZ338 zkDxm(;Cl%LNd@7X6nvPf0bne!cN@mL54p;2R9N>%8PUN(|5fO>&!M^~bSezASV-Q^ zlXRjP5od@8y5>PymZh_gCBXn!#A}6l{CHI(Rk|=9a{2+D2&C#;N692ciEsTE6$4I> z)}7*j0T!yP%pQ0$`HuBkFr2$i%Rj)cxtv~wdw-7q6v%tnyf4+l4-H)mXmsoii(Cx+ zlmGeM(ciz2>=-ZZ^|ieDf~_H#n1HOo!h(PkDTZf8q*P4AfuJ^jhNNTZT2zhJ(&s>3 zdy!8|3r_%^XrzEL-H@9_t%m^!QH!ysKc{OOQFJIxN?N-&)L@>O;6jApLV0GA8mv7p$HZAI z0CGUs{U^gy{TOfxc*A$nhNd^%IJE%W?FK*w9u6Sd)n_`-XXCV_Lu* zSZMm>gm*2!B(IFU>`n@0`^P7W1RqPQrJ}`gEG~$T+<#IQcsK+;o989zO&7lZH?jFy z*PZ96&a@g_k#OFY#+RtwhZ<_M%fxeZOPM?ao}F8u(Q9>RIjga`rCd)g7U;ATIgod+ zBScSTmzS3Q_qqM5gv34&V3B>$M?qgH0$sU*mKOfI=O7vA1HMW$C8M~_YeZZzC5Z~0 z%z(haJF^8~dq@o&+0P+hriPK-%D>Ml?Z4 zLt`UQVb6}ngOeEdpKu^lq9{LuYHG&WWwGnu#=QdTym7aiGzs`(&*F-eI1!q3%#@;h zlc^jG_&r>cG7!!1gN*C}xLh``{@#MgQ2`vf_|l%)4zAMj8vySZhG)U_s)mO5z;;b* z*(^y`G<}v1%!fm#H*w5Y-Czp^<(z}Fh*eECBkL#Qs9CANG_(z`Udc3DtWEsFyA~;A;1e%j{YO>nuhz3gAk`(PSa!SfoKQ=2o)^2-D6uwP&VvzUlvBOzoTT=Cm5yn`4A$fC|*efyDyPF8nZ`D~(D@X~P!2 zs(!hF$l(+ds|Okvm?S)bP0Ke>xyc_)-*|rk5ORwqM{3Llz>?n9xM>r*R)gD?K;xhE0$&o)YkD9v^&PGsaXWa5bCKva%A#Txw05pCvbD z^=iu?BE$;?1tBSW$M$Nrtn(C@E`hQQRx^E&5poRJ5fHlkJK=q@DODN@7W#rrq9A}K zo(tm7l7z6)N*kN@e+%nv&+h$aHYkE3L@YGL?uzG}<8*HPZ_y;d#I8tgxPcJj!#l-rs6QFUr(s)Kxb52B@dJ@U<;?Q%P%8OLyOLX4B zgiSgE)P3T;CA7)n_y4#6AFl@h4@91+asz&W#KSiu1GrlxlB!7H z={Sm_z`A5#<7@b~p%~2=ZzgdF_pJ*?)@{1M2r;7chu0qNOmldZT5$+!Y|3cgpyLx$ z!ozELWmf9DIZB8h@=k(BZPN3!?6sWAds`&+5-i`%GUP)&d^7j9W@Sl3gE*$g#fW$UT5B)|0=38-6b=8st2%^6MTRHP zj`O9(qV5eL#ZZ(0tVWiaxD;!yu+0oV-7sc9qD*xWj(uxX9-lO|#+DV_)`T(6!u`e| z9!TGEb#(=3L3Q>uigsN!w>(3ecPJ(%|N07UB)+sUeaB_%`%Fb}DU-BL^wp-6kAG-0 zUdj*RA_~gx=30(l(`uyC4%*vxSx)Db_BbP z`Ah2I5r(txNCG^#*QEmvSI$>U*<$0)k^tU@!4s(<>4;RDBKj^ncK!9!X|9aE57e)i zt-#VK+`x|}k zn|&U${mVbl(OD3BkMpo{YA%$98}0JL)M=g63O+Xz+n5p3ZR{8_jF@g#Sp7!2v;G|t z&WJ?R92sX-RS$V`3MNLo(v?p4KXmv#Z4c4#m`Qf8&)I4ZB18w!gPR8=No&9S)l%ts zneq^Pp7}|(D2Bi6rAjCf*Z&OrgkTvGXELRV*!=kuz^0UaU$K^1c`nGZ@FLM+>wdD^ zJcfv}eww~@a-h}ogIM`Pho6LfCS^Zf7W_21<9d=)!?pz@j?TG*Edr+$vHZ?nYX#x` zZ|Wu*V-t(@BM_WwMqtniVl*d~i+4J#M-bHV>9x**lD6q3@yvb?MYq+gHm|)r=LbU) zt%$Jj02661aD-tYTL1jHYwXp+d$>m4kAC_3>p*|*2t4)?dZVkObNq3xOPz6{SggeA zmrGf8#R-pa3GG@ckQKdJZyTmWwb@>Wi|BtYcfy@A+BO20E72u-<-Le2gl}KVDByqV z+Z8CcEpo+7GKN@UkbM9*!S?wKBCn6uA^V~I^SLEv(AlvYM?#sq89xHSIcg>C;7v-5 z`!zO%HKhzN*SH43Y@m=YNEw5t5%uk49&ZD10R z{Tx_q;C1$q28T4Vu#RU^c}af}u^PD^;wyWlM$Y=zKfnLTS3%+S)E&KeY0QzmNN~rL~qtVb7M1 z9JSt_ay}5qk2{hGYR;ohmwNxk;PKx5`)=x~Y{v}C+-6)`G2Q%}udPHO_E<0RXI~Ln z(<$3X!$Vd5*CUOFy8?}cyRHG zwjR#|{bOQ$Vek)uX!5g|@{8x9i0ZrloQtkL*}D8OP@l4OTKn_^-{|jU6lE0T*k|po zcY{;LQVUYVc$Aebo=DaKsfu(E<%&tsz}_qW?AN;Pn5a$aWIks*XpmrK!cHffM6VW^ z`_ALy6Yns4R8&iN@Vj?M(ZPq&n=MLm1#_C$ZZti9;`^~X^u`_4PmKO3+XS=B z40_%mjc$bSYtJ_JvsHe@Bsocqk4nVxl6GC!T4Ka$IL-aiBYexHIS@WUrF}6UUBzO* z$;CZjE6dcdeczV zHqb#`S5dc}$u{#1f*N~p{4b2dtd;@GJJC7ytVp`h#OulEzkfCf$X>fB{>lcHCXb#~Y15AB2K%b|CNO5&)2T%r*fLrU<6a^; zlF(O{n%N#I`rl0=3}XEEv?=!!qkS$G_twL-!qz*rH4=R}i}Sw<(dlCcn#`wkW5w1% zpZ>8gl4FqCIyx%U%=uh#G+=f;LQOMfs?3m8=+5^VB}+h$tdBj!fZ|)u6Rlp-L*cU{vnbOjx z5&rwfG6*XurVA+t$Z3%wl92|$vd*WjWVXQH%!|HcBC|qR3Dw=v+};^{-&jhC6+3#d zcyY=rBg3ACBdW?qb_fIIDO`>Q-eB)tQLzao@0E?WebiV(?v9O~ds}0W$=wa9f966A zE?hJj&KG$-blRw3&;$b3@7_Xo9=F$=p4`W*r>rI8O z;L@*=XxtFe*VV1D_(vMy@zF}$?8bS#rxgBeIn(j-(I|KQ{f>u+;XCFp;%=Ip>CE_wA@&ZpflX~@dJ$Zj|<`Q zJKOOKOg8P!@O4qeKJ;uT^#A^>qaz@y7u|0~>GQ$7W6x2;l!1i)*Nwt#TXQv|9yJDG{jQ$+7~^Y)dFYYR|9*Q!Ao{J;v_{R; zVrcp_*~NA0T@1EI%6^Do)s8@oaJqhWV$Z|wtV+@Oy4^WMtp5c!cL|a-kx_kcKRZ-X zWyciBNyK~K?MyTEH2aJf0h=W|@uPq)5VER%PD8$*nW3j7Ay(GZ(#l!qjSsrLcOt?$ zvb3|~Zf(7MpGNT|??_w6(Z5qA4hSWM)X^& z88sbfUQ*DkG1YnS00Qq;h&kI#YE(~kB1A`ALG1iv_5sTvSTDwCSEq<9@yYB-)l>F+ z-seENw}0-@s$4TH`A_RU#WxDy=T()Kbt3%NNY${l7EvS=S81D*H7JOl+mTdk#)!(B zbly7PSJjHk!B8CFe4kehfO?+5Yf3XUr@)Ci*U zW)A|ta!*{@a&dy{Ii&)_A3mUJ zjN@M|f5#vAU?tkKy?SL-bU@NIa8lf`x%!O_BP(kp(FIAH%Q<8V&*UZ8vUr>V0zNIf zk1~u$h(XIk*-u1(522P)a&;U!bEhYQ!5$Lyr@qh!zbFv$j{G5r)ElKge5SVs}5JPig-~haASF= zgrH+;JVb2MOGZ_TiIp`}5JjE;%a~oSFm$5Wxme>HHX*hOPG|NQUzBy$p}B45XMpxV ztzkPoNjAOntjfaJIF8$UTa;v-Jb^o}qAc$)i*(xF{^w1%db887BBx(LaR7;#ipTTg zG|gu#GViv0&i1mp!A7=FB`Q1CD|OuBR|W+EXN3JcNGyOy0k+=&=Yo@D?!P<+wSfQJ z^-V6NISR7-%5mC(6(>YOfnl?iXh^ldtclBQm5@C(tIRv**u@j5ls9@&`||AINB90c zIFd6nGebz(l1|7*YiVmTo}(89Z%hQzJQD&+RE^TyVq<1j^nUjYKDfdW#NL< zMm@=hpx@{fj>$@u9p?-l@HVS~mjqseap8bt{vjZW9q>gUQrIl@FSEQ3kO$ycSM)>l_$@-J(;JW1@hPOv)|8A*I^JjkQ&;LCts zUef_PPGFzX5KGS&NxHQKj+9_PZ+PVI@A`nnkD8^WsJOVKL_$dDv!mpWyaDUe-LT^L z%aYvk!_DiD3Z4A@2=E^iq^3?zroz@Q)1I^3S&U0fEHEweFkh)jU%Zd9L{QMkB!SxD zLuKG?UOV&mDuhu(5`%+2QkE(Zpv#>D}Hr5!z^ z#)V?`EV$C>8ehDaSl^eDl$@TOh2PSVq{eKh&V^KYma@O8r3K*GZrDci@)DB=)Ez!) zc8tIjfjke&X4HH|NTM|E*iMz#wR(!ClmePJ#qEMAeKX2<-uR2n9L$ZQ)CL+fNm8 zv^TuupnjZZxjk5ruAUJb5g+r7%)G02eK7v_@jrN05kD0?*=#&9GSF&{)cTb=?t^ z!tikzW0bYvm8;Wpi|#V{Z{DaipjRr({p>B7Vh;~5SM9+R3V<8z^+%SyFk2d`Q8n>^$NcK^Pu_u25vq?(`wi&m z{$)^Gz@-L^De!c3pBbDaM(Ps^QtrnL*}-PX4PqI=j$cS9l6+fJB@dTb7vgLQj~Of& zU~VH;4*B#=F5h*a?jq6DrWcq?gH#ll_pqHaZ1=Y3cQem~Jlwq8T*%-BEg9LcPR9q1 zAJ}L|3st6f?QhK(5_+#w=~K9m*>m{o%uI*0q4eC`FyuEGSBrI?n}qSAR73%>0JK83ROjmt2Od2c^vC9>WNB z)z7*MWGG2#d;89v&r?$p0C>sBAY5*Z#luRmFDGl65))Mi9C-`NzwUt(%b9rJpnd=l3z@Y}1Zf*%gzsKAn= z6pZfAI(wvDot=k&98ghGDm_uPw&t8^9PpC5)7twJG#JvZpAZXGU?I`6@St)2Yb}kI zk_-zKNjStUuq6*Jy8|lQldF*tY!XBl_-Ka{1}E^(2j0__o6q6=K%s-fI3dm3N`~Nc z?3O@XzYC%CJaC4H@Icdoq(V7jOPQ)rjK=uO(T;cdlpiDJ?L=I5)i|gvn zI8{ zH&5Ar*zpB)c%i4KO~0C8cGrw$GN0xDl$5pc?Q+9cFFCWQ#KXJbeVzQ@j@4Cz|7f$K zG{#8ZHL7k8*hh}9hdTvdzH0u3o=S!VX)RzSFd}Yy-gsJu@RC8ANfO9u>e>b#}yB*FtV`x z^6xwca$uh@4slvCPPIKKIM#5Q4ZGlDQxQhS&!K_pQ4-7-*CZ zFL-IK8eoihB*T*O0M%vRruM{RY3$L5LCKAJZ^ukx)zmd;EzSeG2b1!TfB#H;ox&+8 z(f!0>rNAewO2F`qNhU7_9+8NYRO<1irKOFHY#uEfj~HeDzWiW)QiH0^NUs*&bm+1Gn z?c?KPYFa*j|CqxTDr{G0KmuJpb%>hLf)j?&*vyR7AMG$(ufyX*w zUX|`;w#c`i%;1HcYHx0Y-J#Ld(}TK4{8c&CuAEvTu|EZ=Ru6+>Nr^2qThe(KAo}d9 zLZ%b?@!X9|!gN?|Y7CJwUa^xT6Yy|iXP@enKah*MW^90{?Qx+(*=pgSP{D;)_Gm~| z6!qWs_C+EB!%L4ZuM(n|%P1TgTVK2YgBT7va^Awb#@3Yulr+M9yNslitS0CY@-RHI z9YL2dY3H1{!hcy9FlM}t-uZK@90;(QBT&Q>JZLon@ zb~mGYLr=yHt*l3DI`zL!y41F7?Xcy2HDmJ+^f-)+o9MwYuNI!yXxoULw{IOEABTVa zN~4Aq3tvB&kkOG#ntj=Wx)RsdkTCZH{9~x12|Iq$nL{ygmb834f7d~>2J$EHIpclJ zY5F|wue!ty>xgBw&!_rW20Y zI>%fJGC#D}9pytCHEs6{QorK+oZY7=^r!sBl?+qq?67Bho^Jw27%pI91mc3a7uP&{ zsU8(#2`%0~C@ z%4qhhu~L!7EnE}6TG`3`R=DPh()8DR$d6_*^Q3bWD3b{;aEs9pI_3%S5$~Y*zM6P% zIA3x+cHzhV`ITN)MvXDcjE`{B4R-W2{`vylZaYZTK9-r2(fmR`Y3if8ZKz)a&tVuG z)1gdz^CWxXPNc_-E|nEa!_)f%$cj->R8#WQru}ptBPR)U1lLOfj7g0+f;wuF7K1Ry zZ@EuCVWYlw4}P$b>mMy_bu~C_L>*)@kqox#SZo9o+^Q-txdfBo4x4i01Z4G!Stg+x z$B6o6@!5g~QGvLxjBIdUfes$nOVm}Qdb%dNS_$p`ZF+n+UOUB+bSQ#*;Gd^<7Xl7Z zMWt%W%Aw=yu*~`h*k`TjmAJN+qF2t&BSJKHqU_8`j!8<@A@8U{!N!zPS!J-jhm;Nb_w&q7&w0l%w{}V+iQ+goysL3 zE~;_yFqn2#R9euutdAROuyD{i&it7!5SZY^7hB#NW_|IcL+wjro%FORE+j6l_CR)4 z4(A*h`h{e9`RZEkuO^;us+6?TX9r=4lYQ?O_gAw@3Q`~cvC!jtsHGJ^ot;c71Cl<>Dmbq$wZ|U(A9p-}{HDwzf7FoAJgbG-i*dx}{0i$cPS+%fiZ9 zTUF)RdV4AN;$0?Ru3opQUqy58MssmJBDPF~R01aRN|FW6WLb7pVlM_7Vxdcr)o!Zc-`w~{|s9pKErXi`igB`#DGqT)k0{V>Wp`$#<8 z(RXZkZ$xuk0#&kcf4~Ec(Zt5;SLkS7Hz}@)sGPiD{40v=YnEtvW%*Pk)sS6u5p`r7;%cX{JRNBg3B>(Cjry?zP#^gg{iBmAg%;pjFK|7NnvWTdpRE!wQl2Sh}WkxOgh<1 zB~<$c{r<4OOe$kg#{sK3dP95~(N%W(eLS=Ue=xur$l_C$OMb!ngJ%-uhAe*V&MqM%f-U}m6&a_9KpQw1SG!LXBhod6bl+vMA!mSt3;xdYh;;wZb#GQyp>axl}9ye0JI-KFSK>yZ^oW>0Y?@{;sfQzvQ6t)tZK) z|IY;&KOWUAviY!_kZh(a6hAp$45U^lXam6>?J^FkP%R&7f=^YSYWA_@;*Qci5BLy^Q|43QueeajL zdghqlia_nT+eczF-%PQTZQH#SU=|II;SVwm*q#L_Uj)whL|{Ovv%KZy-1762*h z@BWJh@*txhS3K+R$ry}Xs&iM-!XYuK;w;q(rQ?YjokjJkbu>X*L%jKaVKjNa>ZzVv zX5OyOpA0b|cIH%(7`EhlaER*W@^tyKM${IN2qIV`iw%GnP3F58`5C~zhlj5O;(%#y zC3+aprNn_;+%~K+$XtW6gFzfx_sA9tBqb#5$h$SpLs%YIzIFJbY)d8`rSll0V6uWm z7%ZjZiZ>4a0(z7&#@gwKN*oZn_431(&!G$MrUtATTY`^Unm$-zjQwhFj1qBm@vr+R z#>fT>1yNHFjEFurxoP3g)UP^RUt^V4==W_Rl+Ykgx12xgwthuMvb@;bE)m|X+LwKO zVC-m~8A_z9WWJGHb{%i!9u+^nvudRL(EzmP|Ey_SW4U@-;X6`00oU}xZ?0(yw}se9lY=egtj{Od*rwW+bm zNG>hhtTe00(OxsL+nnavrDjrV#oV*dz$s4;#SU2s*h%ME2l7Ys#6@Il z+;@nDBw3b0valZ25zKS4vk|A8YV`M1!(SsL*{zFtl-r%he>;a*SS8q-ljMt`|Li)~ ztQ~aoL`X_Wb%M1$jDuE{^lJ6skpeSZclQ~%p^7pkTGm0l45#H83kOw3s9twkFmYf7EiuioqO__w8PDUpRATh!cyh)!QurS6Oy`G zH*0F-FN}jjc~uo6ZN8hY3!XH-|oUWc(_0NWYL7#dwy1 z{CeOIBZhC+uIs#*ItYl$V>j3!E==87SO-tqcTl@zHk96+T_7-BuFB!7jA&E|gi>Y7NFnT`q<@hz)w<@Ok!I8yG)yL!kz zgBM4KS`X%e-9&REAc-i%&ARwH)q+4(4$YurZq8`u5_)|2?-bti%a<>y zE?%TK&*!iNd>b;tB$=o&w6wH^0ee~;NF}3dGQ84YAq1JZKQ=b-SZ`CZF93B$fV}AN zD~p`Y-*9BZ?Y|>{x&8d**ODI3t~v?ZKHp?LJRLf@6 zie#GFH-~1h#+G#iZz~ERK^b3P{5Aqf!q4%Y4yAkRR^E^ufq^szVflG+5Xg8y1)u!Y z@%U-Q=*S4+kNtBygRPHJnf8N&gMjgKP^o6Fb#--t9STUNAa{>E5(Y^#FZgQiKHh2u zzl$hq&{3W4L@PEmHN9;Z-S4QXf`U_BSGNcjGY`iV_z^IGs=q2oP=3uK;5g(s%0dlul!Ref_hg{&k{HXly?%F4hUe^;%U{Rz9VhuoLh6 z`@K3MMe}k6F&7KfVuv3%a)wRb#?HXv}x6~894wZGBLNm3LL|8@f#St)4gDd%-a!$LI}XHs>G1=v(UCoAmS5wICy zKReV&9&7{}I|xdS{sn<0rFaf}K>*VB{5}MiCU|BCBl`AgbhV!%nkRcH3 z2nz^=wB=Iv#}u0ZMI$H29E*)aI{z=w_a@!in@e|ffuj@M4{koQk4s>=Ej;ZFx(;ebM|J(j&;15rN!Z$Y1oZ(9*i@CY z)4Z>{>x8obE7jn|;KTm&P61FguulP-s!lL_pW6Hc;$7Hia-xH4!Cvu*X@Xq#uD^T% zynE)v0pR!Z@3;Oi8%!ff$j!@T^YNl%V3?hr7Nyk3kPUj**!qRSIzM)}E(xivr*}u? zmT+`Gei<4z5fDm|h#VdtUj*Al>{V$=Nx=9r($gdQmw^%v%y$qiRL*K%p{yt`Z~N>T z0fZF`6_x%EA3m(E+R3o6fw}O52lglj`0CD~BR@-{bog|_bmZPXKK`AS5h>`Alt~4^ z>OuEqRYIy)iXMSm`^5_+Cr{j0AkNDs!PyM?5CB&PzlvG1X(XAV;q8LKwYY6-6iFN5 z*ZUz0p+uH-bL;!N@`bs%Z4(QitOmWbOuoM8DG34o1ld&dp8VNNUC{Xr1|(IgXl`|$ zoo_^rIl`Q!u-;n(TrK3Yg?29X8 zLl8j}K?XRzzZ03OXAqMU_dNY1TQb=M;8EUKRL{PLeTds)>%aMX72Us^`vDC=SJ=L& zqM_$@_Qs#@$ZD9)pHhN6Sm7>``>|oFZ25~&s}*%8JUd(f4_poHt%Zv zig128mL#wY=A|Q7Cew5N@ZZm$3`F>HNKR-BdTo*ScX!49gTkj)6795;Vrqn9{}i67 z5=@2*?JfaaoRxKEw&3i%jXPiGEq0$}+_cPD;gcW{1Mw5gS%eQs9i>uHEABF&y=a3V zo%l;4LGX3qc&zoLC{s8(g{HCzh z(xQF%oJ=5&;Bqf`5bV9t*U~!rezO~L1@9$z-5QiLm4$i^|Kqx@p4R+}qCN&au6FSr zN6?n3mplU$zk%IBwB-2(jePGKLdsVa`UM}mY)c(h)LBI$!j!`&vn!9om4T@b`?cp} zw5^%-Zyws5kD%i_JE8-xN=u>ioV#v7b+om$g>MzfAu`f1xN`2HkA(d-6ix--9oXyI z!$UyX?<>#Ny}0cqcf;5?gcz=O$n3tz$%6O6Pu09oS_3l<9`7#*E>9<4AAqHtw3BY0GLEUKqApEi&Q5tzWLbb8uO6m=35 z?BTI{PJX}dWocRP#s>BbNTLX&01^9-S1339!uFvNd-g|i`Ot$iv7JMv|J}&6%>z_ZlJ=cmzw|tJFrD+~lL)bew zTnB#tcK2D303E?SRl}n`ZVtO>bxkqK{plM9&CtVuWjMH{g8DLy!|TzbmX|N#ynX-f z{6M*M<{}b{BvLc_+Cm3)Ho>eSo6c#|34*@_QNbp>Vpw&WP!0U8YCqyTgK`3*{U+Es z_=8^L?rFKe@`Y=-1bgB)DwY<~y$H3sNOBZ3R`EzC78Voi0ie2|{Dy=#1ZR}B@r@hj zYwaDmPGIKmt_%X(0Bp5>!P`>~8dl<%n4gDR85Jc9E4~2pp$s{UCqKV* z=7GV-K`K*TNYsd5F&%run zU;g4dA|(MbPPhdvW|mKYaDML3`=Q(VKO%brJ(bh||O_(}nHU z1xN3Sdh@}KqB~1F+WtBslqLt^l2NB!UDso_UESRHBY1qz5|aZ&34Shgar`^7BVq zXBVFSs;H{6Kr=*H17x33Sa>m#UHMRU{y*=SUADb=YIz9qbi$G?;RQ;@o>Obmm&<0Sz?Q~0e$@M6h0^zMu-B}@4ocZ zI6n*3IfpCTI^mKm=IzR^lDLH+XW%E;!Y^(|Cu>q<+QafnG9cIO!eD4PdGlMV1eKzR zw{H=*5w(`L#T)2J1Id2q+RZD+%>BqGj}+~HRs8cHsO~BfKE%40I+s*`QOex93IbBL zIU+>WtBN6@jF=#3C&N>Qg`|Y6NK^Y+$l^u6Qhdq*%8~EH%5I{f=y0Tw-J2Cg1~oAS zh5U8mO5v6LBM$C{c?d2a`}Z$Uj`dA)9rUkFAP!WNh$4VpqM}H)$cyKGz?$dr zKXUFy`}!;1EB`Q zO_K&fMjYaPb9p(*xJhCErWX(%^&S)beEBU?T^R|< z-7pAA>jtqVzky(ZbEPFrT2Ru@Q>Pce5e6y{r)v_DhLYr5PXviG%gfdu`r(F$1ugX4 z${d#W?yW;J4NV}p-?o9xRrVe*;J$#rj55+P=x7ZZEI{$zC|cl3K`jfG7Ek2;Jbiu5 zj{TS^qd>m^uL|g5f`4LM*wOC(ZO^5isRmkK~~A} zhJFAYg!L{-jLSpsZz_XXkB8R;0@k1byKBoaC=J~J4uY__0J^8#>oV^g8i8Z;;7bQ% zc`HyR1ty3uefMeuM;)lQkV09qX3&?S6m6RzCaOES#E;=`uPPGQ17jAqPnB15MuU&C zf`>M}5JinJtF6CdEt%ZuXFq*wC(fBrcc(jO`NS`JYIlHn@se*)fX&JKG7)CxZC!nT zdUJ+f7hTg*f-LbZ+GBt}c}S_4~I4 zIul~iuq(sjA|dQNs=>6FzsJY$L+c^tJNzDkTmzz|m@CFKJSUoQjhm{|LlA+0(Hj6+SZ|9~Y7(Qsh@=4~hnHZad1-+)HwTx4-KFi_#7yen*6;m>(f zlJG=~Nn2iFf6X?pHQ|ItH2REd!rdq6nk=}{rT1}h zsUBYk$BPvG3X14{cx09ESC|(*f8P3Y9Gd6+7|&K-T6%VJl3LNFrvhH5y{*j(6H!OG zXAjU(RaM))aW?m;R=<6|K@UJ5;);Fc3*aJsEMEXK?%)fd+bS+fChzEnpC^@HQuHhC zZK#=agcd)Q$HU9(^_r(`!uDsE2QDr*=OpA5C8Y6;=NJJs{wKh(jnL(y2%* zoemAs2uMhSfs~YVm$Y;%AxMcL-K8i?r@BcTu=XlPZ74F>oy-$7uNk2I3 zT>7qpk5wRX`B;+s@5_q=@7L}%{>{;2&xh9nCF$&Hv$Jz^k6+KcewUXgt35O~HwSH6 z3nMby5qouI<+oe5t)n3~#h>-{cqVo-0{V#SdR|*c+u+m|Yc{rZF?(4?CQwszt~tAT zyWAdEoLSmj#zgOinUCh?z^yPz0d3xcBnGn{Jl z&RnQc0nzcXPf)!vQxiQv{KB-$gh(W(N>aVe0LxJ`H|%WtU_OBEmTz&Fdr-7I^J8%_ zQD4R6tcF+BlG0lsMTmOX@+6xntRRC6k&m2_npj>zkWNpw}(a_Psd-caef=^J;b*=@sOU8%ih77So6j)?d zpgR8%K0&+ zOQ)10yEwguE;TLfWmZbN>$>cba!4V!`Bu=$7WbT8W$dLf8MPR}{Xri32PJ%iJ1!<; z(@8ieSWIk6%=Rm2PuJz=llLng9_+y^1J56;YxI%2I(_#JOmWU_Sr@Bkxd-`!m?u~7){uh@))^ZG4MuA#S71VO^J!WX*|QMlOWkjBB2 zJ!eH$y_DP!>mryoqv~ui(Yf|tAbEq4q2bR@)Ex}SDy!a2NPW9?54E);2bzPM$|AWO7(AVb%4w3M#cPTh*j1OgJXQ!pDZ+TywjtNy~Kluxz9k@`p2d$ug z?~ea(Hzt1 z3{y8rNBM&(pm0}<+K0=SwZ;+xYTTdIReT)mSSIL>f~4ucPI!XB4x|Q*r^f;GRls9{ ztPD71fLVV-o7_)@DJE?HP2||Z;O7RQ{F~{JenzFVl$2P~$r%|$ctio1f-qVlaslkK z3JaZU>*1wnXrTE)OR)eo1g?KGw6_p}{ZHj=Z8stLL-Q=c&5bcy294Y5daI>f*(M7i zysUPdF-a*Sn9c#MdT2=I(3RU8%2!aIf~^xsx)Auy9-i*I|C{_MK%ez`EmyRl79w)v zY1E+B2yiFUpu#dqyi+b(1fW4vZd4k9s@V4Z6Hw^>D)MuIa+Q{%fbspi1$uSu;8q@p z>Eq)yjw2;8F~m_;ZBM@}EibDoD}%M*BeHg&ac_-PbUxuWjmU26D+S`_!NKV@TJcGP zN1bIKa|&{p#@6q@!|8;|*cspFF<3o<%as5!=1}yd|AR4Nni+*5pxI+CRIxe5O=)=A3K2kGqZg z3lY}tS!p-$t!{FsG6obJxQj<=YG3#3g@u5W6jld?a?}0P4KN)E1_1996!sp$l`A&x z-jNIa0|VhNf6Q_QrpG(EOp&8Km^UFByt`%Ow662GT2x1lJ^%jmn@yc#erc&HS^ML! zRH%;Y*B2j^8r;fE`g`gDuTNNxxw*OSk0syc=9n1u0QvSHaH^5jn+>}9mMFLawrfDu zsH{v_5R^jcCTt&{;nhoZ?$+0PE|8K6-^xr*HsP0L0N|uI%%%?xoTUdnUmtEveZ6M( z@iuSkCsgJ`)YE6r9AVkb_WcuV3&)<1eYSr$_LTYdobK?GUjVz|=tcr}LOrUJvD*Rs zJR_Htl)8UdcK`Y{`_gMSwO72GlbwAG=;G)9E~7eP$WxTLkU2d{p7O{R>(vEc6t9rb z*wmD!hCvQ`{sN%L9iiDiPd#Cp7iJ!6y-7kaMxvE0M#}HcI@kId zONWMl*P4$pymD%ED6mb23`85R!cZbWKlBPGA5aQ9ZQ@g8|RQJI2}6?&8ux zt#hzI1LXu*T7Zf9`#y;E&Ctt)=eVx?qJQBeO8@@LmwlM%fbu>pQ3eC?FavVngvh9a z_I&Wb>Y#W5h}h(dh z!(kpxAAlZ`vQE}jXQQZdox}D|o_c)%GxirL`IoPaPmFIaFD}^@6o%1g;Y-1O9t;)G z>f?IcR5j&%qI`EW8I^|TM)(ZmnI|@R+wyTY`;2q%_6{JJc?EV zs4oYwe0xEa1=TzFdcsYEY`a_^>$p~FVwL#lY7v6NKiQsv~7>M`prOuq? zWoKitF{&B;Atj8GwBNe&V=bEM#*cT|YDh~}wU3`TL?Cz~aXxFiFe~K5DBw4Tb2T7^ zA62p1@kY}UhSTBISyQ=oa{mardJ|;kVc{kfJUBKc#LvGMEO7>?FyOqu$art8Jp}tU z*rQ{7HVN@&6aUiC?`*?*D?Kgk{j?Gy!XCmDNM1)$3u)-I^6xUKYxxl(L*PgNf}VsX?5eifPsLx{e0`6KYu8^*u&;w z77wgS&}2?yXZOp?gcaQ7i+y9xM}IQJYRznojJ+4Y?p`?Z&TUTF&neu}AXo`N9bkWe zkaX=-2Ga&r$E+rgxVZDe($!LzPgz;qAV3Hk+1%VOUvgjB+4)#hfBeXCtJmKRCyeXa z7QK=K-7G5(KK8X?LeSKD+x3Y_fw%ipEE6x`y9L3G&3Fr;`f0UCk4A=_U%HO&!p^-8 zw8sFtGUTBKZ~d1quR>6_dN2D+fj#I$N5+8bFwTItS%#RN46v~Zejc*I=|uE?#3e;V zQ25=VqK2;Rx%b~J7;Y35oq}_fKyn1|ohEl`hw%KfVXmN?zfk#Nh6Rb;A()fhR?z4@ z3%cvDgCA4VR?zYTOspSIti>@nIc2M{adD}3b7{X7b^YZ9MJ*^a!WP4&?cIeLEM$z?rGmiLIq+cgX*b1k zmZ@fJ<%T|jqq}BmGpSara*m@r<)>xFGBoyQUJ|Z1{4Q27%?MOIu>J)j#16{}NFi6R zU3<{1k3zQL@ckSe6{@7pQowchgx{IujcY>J z^AFVTVNtB6{RLE`fOiPf+d64HnNk2%6!z#3w1-?P^>uU(-j;eWv$9@x%KiKr^t|ENH#zbz#R6^w z^IaDm)U7Ncq7{+q*UOAbur;-qe9}$qptGH>KP4d8G3)uY>NGSo1lnyPB9DKm4lJ&? zdO>@r7Amk*2t%rOebMQ0{#w^%#PuS$D|I=b_+-KnqK-r-D=z!TljZ-kT-(~Jb<8KG zH!n{D$}iTeJr2hg%NoXe@Lc$0rv#sQ`Za=FDK9vanc4|)o&w<(akgb!6- z@et~e>1iuKigz)-C~1F6f4h2M^ymV(%6-{*vo3a(9fw^a>QPlBC>SYdN0b+`ec}k8vvYpf15zSp2`2c`Fu@1T zJq!Sbp|S!$sm9k|?O`qgb)DrxN8z8sC)}g`{U^hZ8=?7tVF!qzK9ueRL@5j-8PEVo zVq)~<&$NQegqRC?ZxE?zg_1@y&x)!bQz{J~X-C*w$}T~cGvp-iU5l3=wk1rv?(qvY zURv4~dbTH>4IIBoEQ?uv3^s5J z2ryL|Pp7t8wkX_SszHbKTsf_F?0Mv}fDc^mBV*6&Di>5zW;L)|0bP43il37zk=cTh z7O?PJ+jj@Il|$HFg2pX!rTX<@Nns%*0Y5qb>H(Rv^6OXd+_8c72&feR-+_<@4{On_ z0mdZsII30@c!i8$82AjDV^GB}`#g}NNMRNUzCbvqB5#=}2!Tlx_8`0+`!bm3y27rq zudfegvjF9Ul~et{g9+GG!a^6evi+-0078Nv4`YR}oafVZW0n7XAWh^)D7r*@J z`t_(xMXk{+qVJtR1<9_sH76s>nta~-?}demPdf)CJ9kg7iHa?}z^Olf`^Y$bJ2PXv zQQ~A*olZcy%lv-hN%6@1xy@Mf>JiLR!D8q8!gkjuP%LLgdg!?&H$PclTe}kE2Wh>= zz!n`c^b|0=DHNGN{e)0?hn-!WY;5ZqWG4r6r@@Vf6E&}{D1*%wxH;5kk?-MT!*Tk! z{=C2+QA*YEeqv(@_a7A7;}a9W`+S%onhZfNF76#$4DZ9+>i^CWo#js4KF0St?Kwc7 z;0BHulNJ{cHM_g_-C1FuWv(aedE#Vj><#-!SYC;wS%&A9l{G!D1iL%{n|^?iV~7!x`qJus^dCtOM0b%u*H?D@jV3WdOMQ5MJ^0709$T9H?2lKQ%uAnDrB# zOG^B`yAX-9)#RV821PrT`BZQ`hNKGI`0??R+L?bPm6gM`U#}4n0cD6WAS^r_K6~GdnyoZ$#%+GF8P$1m2w1G=zd~q^j@)T%^$Kc38J0K%* z)O^kKewCe7{s0gjN7jIp-23i1V+9>dP$%rp>2grseaiHC8`9QP5|Mz!nHeyh4Zv`Ve7a)UJXmEB+hxk9&>(TKd3>W zf6Ndwc01kp`uMRv2A=45hApEFBzrm0jQBw^HsR>WNt}vC6{8vp?#Bj6~7VMG&P2mJc` z_b-fa{Fh*SS^DAu*o3 z>Sb^rlrWG@nJ$|ulUBSCM;Ro0SpVQ4&Ju6Y5Wz{f>%s&zrWohF!A~|UY#M*I8w}8z zSOW}J(a~`iesk8W?u!>20*%Ki6=TXs1r-%fkduSz+zViQ^1hKMh5#5`&%!M3e(IYJ zPk$zk?%QD+hK8Q|e}(`&CVeJ2L>|-%dZO>0t*TJ4n{&cf`ap*?f_dX>K)4kFY5)u& zVbykecDyU8(R}_2GHL2hJoVnJ*gEKco!9VtK61YRSPdM`SZkY4aHGIgOY#wHszI!_ z!$}2r3Y%ex>Xo|<|J6TnPSw@>Be+wjhmE#FU820;DPCyOikox(K1XJ?}R zQd_&ndwp~=QYa|XVI|&s#RDp94;SiA0DNImL}wJO_feUdt7{SpnzqhW*szRYLiDnm zG>ye715QlHl%&;{akM(nYc(}Z5-ebFNcMJQ71a?Ey}q6XHQmMb;D?4Ef7`Lsg@>FZqpiWYsCDjW zAoHC6ofecsJE#B1ISryMFqs;JH3|wscDexx)pGJSHTAKc-m0D8jn7>y97|5OimXPsi>(LU)v9>iJh}M0$U0wA#`3mMj$ad0(W7v23{!4%*@gmFv@_q3|n8q zt5-n}2yQWmf`abR=c0#G>w5HGKDoQ!RA(d&y5 zf;^i0p>KqHx{hNQgC8_U7urB85F*be_G-r*5J)99uapu5sUxlRXt5DY6v(=Z^HT^y zAfL0QV*J&%9>o05^`vbksvYkZ-%ZII8XQ!ky7vd@-~#v30bsSeq@Bzn;l5`rNDY0L z(xH2M!s+P=)y=42Kla%{)~-{F}JrHP8q@-LX?>v6MUyY z`At3t8o{$?a&0v=VDUm3WDjK)wC&EXoKw=sZ`|O}E#qe7V|1tHp}NHLrqk`?gY+kP zwj%)xqYj*L*46nuSBv;~GPWh#0Cof3KCX6lb^vC1WMGfG>;Z*+Y2&#&;9d<~rnCW^ z29A^`;3E#JH{+B3M1Wnvt_Fjog|QX`yyeK)pBE>=hP@?{qPO#0G48?CZy0R?P*$Rbh1I zV9FLF&jjkja0NBLVv384uSuNQd3!ewtb#35-9n^@!$vy}OY=JFJXV3BtrK7e0Q@3P zR1hOaRW>PIIUMFM24P%>tGaDtJ}~=!7Zf~d9FVj+xVB%STi&8?Lda53luRU#NG zVxR4M_2v)x{^UJmGt|-~6>Bt|4uQK0X$!4&Z^PqI0tewFxCfK$&SNX?gd}Y>-RQ(j zD>R{udT|0Pl)Lb+&hfXmcOKbAD)JwPf`$2-Ay`hCP^4@ke88t?Jm{veZh01Pi?Zx~ zi^rT{P*i?TxZgh&rn_CJp#j20`n(BY$sg8Cc~5Mdjov}lCkk#|bdd3W*wCqsMGw|K z@BxqyD2dlV$xrO);2@nH{nwT~?33ls6ey-4>HuKY00dECPr9+X3j5VDNDH}p(D~;a zJ3?AjSC8SwS*hV9aVzE&hX4psPgzxU=95KuE*2Q#FdAY0@5|H5YcF!(v(i1*((cT8J;Elp z!iDXgvcLL`jnW4p#GxT%m%1l7+j6-%^*6mDUge`AU-C%PE3@7w(5IhpMmJvh&W4ae zeK|zR{Z6YWn2fOUyHV=QozQJ_)gi~9IVOVT##vZMOS6i?$G#%L{q?(eJo;IpUN@Oo z-XgOj*vmED2U~A2I7k=dbVx*!NC#Hogy6D-1+E4R_*sOaaip)y5I<|jvkq4jZTya& zh%-R-xc#@_Cq3c4Z-(7QgN`js1iVw^z$!Hjjn`Ztc}i+3IhRoy^eh+@EviBdilxD! zp?VnPKG%j20N@@134ZPHRN_-#|lMu4IV z2*b`JEsZ7nA$^l|*#OO^mr;~d5F!4CRQLpo$pk7|=p5bPn?Xef^#;J2pGiqIW2E8l zK4uyBgK0G|vH1DbKqRvE`h%xSt6G;i=b(odI>qIRLfehMap$Te(y9eq;@s(@KML0#{n&I)3oT_ zKQ>I|%&ci4td7rFZC2yupI{gB?);{-SLj%+v+u1?pL2OfPTi?5anKU?GWo@$j&~ig zY%GlBu}_l7-~0u&Y5A&1MP)SI@`UcMZ=c)JyxMTQV0{2NlNw?$un(XZ)8YJ~j0YNBaCHl48$5D^UtUkRu1FnEUtc0j%g|(A?oE1l=jy zLuRWLCC_9Hlyp#V@QnM~-Pi0`3N4{2irnL}`gK;?fvF~}M3Gvt1CKpa8Io<~`^Scu z_=38&un7SYf3yMCWjv&1(cM~08W^i+5;TUfx6-a{>dQE0Q4`@k_FG+jc z31j$?%%p=`T~l)cg~?X^VaBic9Or)Ktt!kD4XG(8DsmL0PNWQFOV(NMh$CJsCRJ>? zOa~b%E&v6s!230K=qpSpa;j6VlQZp+O3u?tv>6`3;u5SUm!Sq1|F^0NTUPjh5A5OL zA>gG9KYuR!{t__VXfl=dwg!yi<+ArV1{VjN;b}~i2h*L7)2&9@P;^agZSU54K-H9O zUtKG&bC@lij`|_y3`3j%sE2GDjPk(P6Nq?kHqY-Vyl+ruM=u3;QB{z*=C&!5Af=w# zAxVGXTfOrbBd@P7H|=FPS}P~lAI16IgrHa$uJ+Y1P-KeL^XDdjL!&#?1;SRg&N)f4 z(w7CXJ9I(s3|1ka-Cqs>23TJ}YzD|a&|N?M!219#030+7t5HIt z5#SvEVFRdwve(=Jmd)g-0iLeuP(g=|Fa$hl_QTB?OBFPLvib@+rzi|fb7A^)|IVE? zKsqF*ePrLaD3n6>y)s1S%EuCzQgoglJ(caWoBlZ>SsA4%t?)xh{M+5Ef*V&6A?5rT z;S>l20xxp#Ys2d%L!)??#p`X0ibt*WXoeUA4uBtpmq6l&1wWMJoil8~1Q!;N zCnH9$H+sF#cfnRb0ZIIm9sF}--U@W*zhqv~T>@$4lKO*jXjb8ap%((Q232(DGwl6f zkCvKelN&t|`g)nm`#5}GpUmw1wDIC~(KK>7ji(a696(oSi9u_dooI)-8~+2BCV}FI znJsYPbhWU^4Vk#U#X9l!zKh`2sjQC)-(E*;v*ruCDLewSAREFL5t%B63XhC9&tP;q zymdNI`DaZaM)a_Kf;tA#-;vkcxUQzd;d}i~NO-4)0hi4o6G*rU|9+C;a5vpUC zX9GCChU{#q5e#D?%6MwNP9Be7Dqx!ZEGX?EoN3M*1IeKMASH4<^FKYvL z5#i|@^zwpxSL@k9R0D3V8=J;!B!VHL`r@be#m~324Y(!7;Q`}; zb4=noIKTf+NZc1ayu4M&?B?Q$$18>?*VD})!xmzE_=7B+RWo@oEtYm{&@f8Vxgh_K zplV-L8=F2hRJ&S_D{z_lqU(Td7aVnce<$Kgbaw;lsT<^Xz z@0X&}_Z2Ep{Dn*WLV+R3Z5?gtVthEUW%)u^Dy>IBOMuD|6?f4}5{izE2#NpGhwCrX zqUbPv&X!wKvQ|S>`Dyte%_W;$;bXOI8g4X?bAw*Y3&XW9$moju7OU+%A~nrjH=Z5f z%98ih;hg3UCVmJK%rw_mbs)ZbFBE~(KJdFe0e2o5Ai34_>%4W0WmR}M`qdJ()>~iU zSK@SfALJQgevqJfi&h$*QF1jK&4{m3zR;td$}z>hwu|FVY`XoyIqo;EfQ50>_|alj zRUBKhqQfzA!W9^aE2y_CbMmrM2)4j)-uwr`vMj;F_lKwQsq*eTpU=ia%9t*4be`6@ z{?=oRk+-}gEsAe%W6?1>qm0EeqtY5_Xkip@oEqWRQB`1a1rwm!UJd>F_2jzBTb&c!vb6*bF>JMqe^vsDX}nVlhl!I#?6n8mdj%Ix})asJv ziIy^vD9nQ^ADE=#SE@<7o%-wISmh7}?nUL3&GVCJH@CS^1|}2G?fCjm`(IA?MPNnd z%{jidW}7_N#9GiTT!7qEg#FD7#6^GsTV((f@|kA)vP7SbqFQd)@wkXT~8QAb?+6+9M_FiD=ug zkW(U4(Rhm2l6|7dPsZa*r%kBXioi1?2$p>Ix?m26f(3!f!dbDtCuGXOFhc!&b?M3D z2N}F1q2>ubA+YI#wz)qbIj!p~L+cW;%r4vOn}~19q@3?khRTofBOb%Qf^?8G7{USqfkGLIRdc?Wl0{!u*SO3HeZFD_8<^ZM~zre9MJbl0yn}hk)`3!4z(hwzdV4VN01l zHxYzv38#C-2W?jCkr(?D|zW{6Hzy3p>s z@x5%IVKcu?cE!=RuOO0o%t~B8JLD1}QL7{(8nMhxp(Z3KO+9{U!iJ+5P<8LeUprZ| ze|MPS(KA$Yz$uhMztmKimkJ1RI}x~e_x05WUpp$h+=|PWf-YRR(9};yLkMsD*790^ zpq3!f^QW9VndT&B4GYVUcxOB{`|w&t8sX?CEH)^@;claRA_wMT7%M+#9{p2V74s*c zda9af`^0-e@1)}5cK{Cmz?a3R%l96Ik!<{y{t}BxN|bZ~P8O$`2J5mBLx22#E zBf0Q|J88vNKIdxZmHzsxrJLWwCFLL8V!2JQFOWtTk?iwSipbo;pbZZntE0*Uds$Lp zaGcG3Fm{(XfpLf)OHtlAZ~offlejcS9u+P*LZa9M`Zz2yw{#m@y5;b4C3|*=K)7%Q zS|m94El3!4Uu#@df3BmYt+J=fgdiBu;XGViUZd9ImS)5gAe@>disUrpGWv`f+)iIG zlSU%!_^5h09RfM&@bP^{;tUPC*cqglax_@5vlP_1x&l8cxAF@KYpRB_cFk|hBnmr>C-h2jiv0{w z6*UV1gNK%iisX19gsrp&EsbB5-jE`r<*3m@K|&zOzJG`5#W#j0<~d4s9-+Y@cGIjh zqyf|je0nk;2K|jrVg%tpK>M!UKVI@2B1!x|5IUG_|YHOF){3!(1aWp-9XuD#iIwI^!8C|D&1Y#}(kHJ-}%$nv% zG%=&(rx5D4{&5Hgts)zJIknw)AB|LYlB-bzBBg1>=05R=2Yfkx`JX7h6R2gEzmPA= zMKdJhhERC`01rO>Udd^2Q~(_`q4tf;4~I@7wU;a0x(~?hByuJ+kj);{w!Of%YqPF* z?(Sjd^^!$7I+3c8<$9cZJS1jA`APDmZFU)aC817HKqA_nRwyx%eB(e61CDfeXNN=# z^=%Y>JhUWix$zo(jdCGM>^!8ZDGxrBga|r4M9M|5{dlB@<)%l+OUq^AA3|}}<}34| z9S-6*H6q6GH+8iCzvPDZY>qY?sH`pl0p9-X5Yve}{%(=q{q*GE3TLcfWAA9=3 zw;<>raOs&)$o1*^TA28?8MC;fNe~FNWF77AVm2&{0qU*GCPTZDnw)ZdZ;}*>1(hRx zkVuB?etonFA;L%fm0S9pGre3~-w)i~re!QecFNWr_&rPtJxxs@%M$&G7jy1%CDGd2 zFcYjdDs`1p{9*3HmxU|TlXDhQs1_KLW1y>s8^SZQ&lK`AGYx?vxu-h*A~OI%FX^L3 zfQToNUUhr--a5O3ZSaStLxoCYUdijHg;I}Xva#F}Fh>D*xeicbFjW21{TuzKJKhh* z`Gvj9fYUUkPYR_OG+=g~4P`r77~~r+4m;|9rFLbwIEauu%E-g|l*)y1*iUQ7X{uQz zj)Fb_`KSq}C$x)|T&x2hMQ1*kd$%T>{I_MoTah}wkMAjNcl)YGcPK&Tnvg^f@WTUx z@e_&IjsG6lQ@ft4t?+%>>6R~g@teZhxl7}JTQ+}ZZj$_*j_|Q>&;9brM0ym*{}T3! za4!0iS_?~PQkV^|t%iCE(r5I734QB#xx5N?gx`Zl%i0+Pm%GjsyY_rrLO7f;4-WFR z;mAFexWn4t=!0P8d!Q5m+W@$yhMb9AI|_RtOZRbnI`?u%7WKa*EiL*zz-4J$G@lek z=HdS|MB!i3%&HA`AZo=Dos|DnXA)?qtsS-#GSN!M!n?6H?#)ET&KiD$@cQyoC34@1 z>q^{-)6DQSQ&C^<5AbhTWGw#U{1E-$bNr9o%9a~s0*yVZ>R#2-eFg*xLTg^P4neRZ zHRAK|yr1!x$gi`lUZOz(%V$K~%DLWZBk?_~UO%xeJ0&Jbr zeh$>;U?rtsltgRN5>XWU;`gQPtduZfcTgodGDS2WpU5Zvy~n%#uf^EER|xqp1hn!0gvlwO`q5F$CJ_RCOuD8Si4Nw!YspCx5t8`kR=+t*HuDkj z40L8-Wt1M~vPdHD=w~ew$#@_(evy{ORiTQ!^hI;P^hYwz#V3g0pD!Yv?Z zdH?Kv?>QqqL=!)G$k*sL!c2l)kEisQ)>}4ag;+t>5uce=D4xvx?g!k+re+)@UyAml zt9q*}*+?8UuYRbvO6caZV1Df(o_U>=nb}eU^LLwtw$|3d(F~z9@+}m6)mFn2vn1FL z?=6Ha20aM3<7@h9r&D7l#a!it^Hiudw+)V<4Y4GmjyM9^Qe3!XX_8Aui#*Z z(sU_1HXpagCRI36F=X+wu{$K(kU<8qr7Q-j86d(GeXvkfd+9Y*qUql}-|(F6daE$R z$mjWOZf?S8Ir?pAED5Ib?y1hR0YWa!pf9JEiuNs};CF-*lofp&%jdZJMHYqh5qLA) zb4BQLS&85c9qAx)d`3xmem!b?bc*v?)Pjdfa2>U0+6&gXkEdi%oyXEI9RpYM;P5aU z-+Oa%-SWz(26sg%b{SASwHf=1U!j~;yFyPlW9d7MVpo1<@J(WNCg z`H_;y=-uINb=rMgiBlUP>V!7xE$erG7kfK;rJ#(UqgIj zU4KPLd`CZ;H|Z;`z>RpL#KBQJUiP zc)n7OPE72@{--Cuq9|=i?rJ%S=j@%85KD>=@Np4W4z5HCI?Q>p#-pT*NwWHI+itVH zNFoXSJx@H}znOK@u_uuUg^3<$gL2bAR3dk{Sc|5Q7^W9I`jq`8_uX9{q|Uy4=RVbr&8g-Ru^?Ft=!t z!P0_`Cs*MIl>o~QfXsHa!0rJU1{CHD77=RFFBpZ4cRXcfS)paQlFfCET5xvT6$U#N zf1wim+5G`;d6HiRA&Krt5!on$n_pjrcG8}kKJO&V62DLHgS}e(k49~Y`kKOB(;(XXR&?p2_AOh5Ww#Igy^=wwpaIdg2$4A84^WiwerKXWe3ogT` z76^uzop(veF#lVW;!1&^wd3M{w=ncqe2__qkinmBCUl2!9$f^F%0NJTvWSL*GA4cQ z?eE_bbN>v?jGP>4Cz90c8!7LW?seyYMzBLhW}+%mXxephO-1$49iKkFOyQw3G6ac} zT~ze?qTwH`q2Fq2r=>>N1oW@WLfs_NY5*4?TJ)5r+&|Rm)xTHh!Pq)?s^>{$PZo5Z@D`73yefjcMqsF?AA)ABJ zY&eed)(iDiMcKfc3`vt@3XcMK-t+^S74Yn4`};*YCDI+lqwmG}(CFVR%PbO}C!Yrv z3)#3Hk+JyQGD{IU@g{jytGcz?B(zK|Bp`HI5g!3Oa@hElY?c7*+tBf+Y)^HGi23&_ zD6dJ7^hTwLJPFWtb;$lvQuxlG{5EYDCVoH<2&I)_s$%BM7dt1B>oCUFh)W6j#-q=! zFo3yxppJ*PU!|Q&z)8gJ{QGuL!3Rz4l ziyS(!n-Ylw25W!~9+;7cp4+vz)ezRZR1A4hIihm`vXl)bQvo2LzFrJATO<3B6k|eG z(g5Ls#PMs+N(zEz?c+ZUrv21GZe`5^?w;!2wKr%6=tv&s$MMJt(Z^B5M|bC$04gS` zvzRSHLl$Wg&m&W=ppe?1R`c{vf{vK6dmMeU^=0-B!R1MA!g9Hq62JnScud;~&i^94 ze)BfOhq!8kAg*N0r9j&T3nU;y)RaW2JB#FoKD)=Mu^Jp4j86~0P@{0IMy$drrJXtA zz6{vRn6x>NI7WsP=2aV%_{{VQK_i$_NW%1ltCi+5HvJ%)TZNi}nn}{>rvma_JWq#~ zOl|}TouI>_^|lFO?O(XC*n9xHuQmHCY@aT(lB1Qs=q*RtR+i-u>l916S-D6_!LZ50 zYI|vT0c~v#E)x{zkHUyeD;_``^p z%AWGx8`7p!e7E`Ad6*@!Vi=Ya<^yzNm|H_a7Aef~zFACS8Z>=CK8w;s4JLjIg~6k2 zU3zGA^@2#*;pK`)ausoQKkuH4=f*oe#Fvu(5pzX(+*j=B7R&U90xf2oHhf~k*8v^q zrt%Z^t z;mOBn)YZTi&-!{;O1yafT=ez9^T)4Gfw=T*7L^^qBQtU@xHUO7PE$>{?7gjmjD-b+ zFEcWPPdHT?=_q52qj|i&EeUp5PEsEJ4jwFf@2iVSPo5GY1h=;c$=ozAf)~*haZDc_`4vf?bUqE~v zC#2rFQv`yEgPlZX-<75DlX(0;ofUtb zzI~!>v`1me@`Li+$H-%~eL3TF1E`OaebX76`#L&W9}UWL>T>GJ%GkIBFft)xG}#<5 z48CZRe5tAm(47yO`H?gt&VYCSdbsWeyVXa<`mX>2__AiR2AB_72oE&RA#tsO59&#T z1LrMWC@;f4l$L^62`q`6TYZuE;THV*HnBT8f&-X*WSyd;tBZ8JSG>&2qq5s@x_Jt^ zUF{UL0LhU!>5IB?;|9p4BO-Xvux$sepA%r#VfMVSP?L)VH$xx|H#Cgr93zOMX){yew$F~L9@Nw4$CSDUr%b{d1N9|K-!n{9}? zl+73ZaL+h+K?2`XLFxuA8o2e5mg|Zvml-wzo*N@a10o8TE50oL7mL_sbZ~GFfQA=9 zI09$7e6Sy$9vce{0p^Tj=IJCHx$%L4UC;pj2zjEfH4`bL4iHVCM9&=V?R$Zv=>@2O z6&Bp4EUj9?K_RehUB<1p>UO_niUA~ge+I}oz|D@Rgu;p`mJ&UXAkARuyIK-ecgW+BSGNspJi4O=LdGRTE|GC=j zN?bUanJvKLp|H@X)CGV`n8OA=EiBXp8n)l0!|xocSO&&3kTnj3IIF>Hd3E*ACbmyw z%^Y5Sw?(dlru%jzJ$8J|osr@qqtDh8m5*k|E36jo-Na|sFoCF_j6>X;CbZyC-L`k7 zoQ>sF^m$Y}8S-Yn)Amoq4l19jurMr|%>JKzYrnZ(qX4}wJ( z+q4(>1B}V|JgwQY+AX(RzMY*`R04i{1J#@eF@twdF zeicpRuK;uH9z9I7K?grmM-I5NmOoJRV#@`ER`Bsok?{6<_3Df3awuztp#6N?i?34$ z`4azD0X4k|{EImF!v)sBlRzT{HW=H|M}U&`EjmEBd>q2o?*rn-lIq%u>=t`)kWc2x z8~%2b0ASECQ7zup)z0)7Yo+kAya|W~conFjK<6;PA2&Sbhn(aOOaf|%`*v=k zbA5SHjeDQ=Bf~Fqg+;J)URO|csU4V)?Tlf>rdwuN2JjW!8_?Vunf^K>4oH--rKR~C zh5>%S1PU&vIZD!ft2u=^dV3k`9>T|jLMJWv$oAiT&UAxmloh76z1riZsTl{lb=3x; zG~FMiv{sk{3JP!Mv|pE@q@tQn3+LS*e)-Cfyg9`*19X|7TsCe#(hiHo#zy>2UH01T zxcO2PqR2~(e(%f8bATT_4B~qC{xjwuuu1_v$2%ga8m1|tWCUNJVT1ZeKp<1pKBu(t znvd(GZGQJY;Fbhj&SpetJXV^?&ku2B*)6nmRN;l=3yqEfPz>~ZTwK>o12qF)Nupb? zI9h(De7TOLOCh+y{Dx^D05ck408O;3H}5mK(^Xtc>;`>YjNl0&#O;#OV@rcF4E5f${FAYd21(MMvU$dCID*(Zlmqj+WdT0K0eY|15<24r%uC*Uc-y! zg$t{Zo3+jj4ZA>Rqot+-?EyC+R$Xd_!A}|^HgkYRVL{=8kypXs_T9g{`}UERL52Oo z^+zDJq0X~Tn-}2F!*1pyNhy^akC_m{Fw_)ZPE%{{jf{yj$2p0q&B6ipy1k8L>?+jx z@zQO);Uo5xj`&o4AL$`C=j52eD+p3-`t|Pj5R=XmFG?ZFViX9*$KBhnW5Cw{r~tai zmS*P3Am|Tqaim0)&(F^TmeXtFnepqD>|m&F=&PAovbEIX*C*Gnd9FNoY&+RMFmaO* z2Z|5i2IB?eUGmME*h2#~DcuGIVjdw>CH(x&zpkUX)ESEdH}k!3-j~RR*{T2l!IgTFTS!R>0(F1} zWT;jOB~?}OSTOLQu!;J7lf9UvJ%RhJ(TNzN zy5+GfLK7wDF^wrLIg~2PG^d3{{|v&_EN%)Q}_P=b|!=-Nd}*-)xp+f zzsLHbit|s`?*Fg=VyB(lg!F91-wgCk@~%72cpfsl6UMSXs6s%SSoU>{Z*~5LQqyc6 z?dw3kqF=UjC_$G^1AF`O9JZ9aP@iU=N94PaT@B!|2O>}BWgwm9>+1{SK{)-Op9bHv zwz^tKLPCO-)e4j?04V1M$TEyvG(cw{vICeIpua%y+no4X3ZzT`{-#x-$-<;k@=PcI zdG%0LwYR4yFaCCzG<&trMx2ic)#NOecUFCIaaGmm_`QzNl~<_`(@&sz$e;u9W6f3x$w_xCVI1S7n)vCS4n zLKIwDzcgM{I!!kmB2p?S5cpvh;Ia#;G6`=2-I)T~%21=yX?BA^0BI4e@eFf*<7DR*| z!6Uo_kqT<*At01e6ZKTjY=N9C^Z?6S)yuHU{Uk^02{399B5(ZH0=an9Eb6Xd%^uuf zI{?xrHtgkM%*0pL*FAp6$SEm?k=8$EJOXae1&C#cVes64FH0P?b9t$&MH{QBC1oZi zW@cu_Bqz`9x_OEl4g~!>_x1JKe(CC3l|2XT349(~SpoZXQw}PvYu>+GF(N@H=#07G2o{}2lgRA z$OWOJQ4m0e5P{J`!^mRD!=*#%;R<(wh=>Rry#7J?hEY>9p}=T%0k$0EK;d%B05{f2 z>wO0Fjy=%1qtx^|iOXF2ZOQ5$+*9#%|4)?Xx|#RI+s2uLKb8O8vRi_`)MlD6^BJCH z{d@ujbp5ovPeF=~Vf|lBGZHMmHwQ8M3EkiD%nJtf*O+NMLe1EC%b~iks3=fd!#rf- zX3S#?u8q7K$uoSI*!L8i=uRl5IjYb`5^W;wjw;uD9 z=IlH`W#z!V9>XU?-;c^+1NPd;KH$qQ)~zIJfs%%4QZKf^5__dN*ukNKq|U6e1|1OF z|EV8S_<^ng`Vc>RVoDoPX;9w{q4k9Ojsl{ce3YlyQ`8>g|vVD;IYcU zX4L}V(6`eeD3*89fJY?ebfw3|IfD19W6v!jIVKXYl^_aUxI}x@1Ug->J8xxrLc9Tr zkLQS?3(Hd%gbykUEf^|@K+!e%qFTsw)YSozZ%ZB;;wm2Rpyj3d8Jop#Ws*;73brN; z$vVmdP`8muO+UHw5}(oWn(R&XjT+4q?)+<%X^BrMg8C*WMFj<|-|8mPCnZKP^8l0; zLuG)o?k1W6w232VOP*UBvAq?}-1{=RUyWOyz2ZdXn~**%#VGz?N#_9%_5a85GpbACPAa70 zLWFc8d&Jo!B%7=)zkj=VPbqpuWN}3kP4=%pzFuiMd=8HLBN!>U%w@ z= z75zeuma%g5rku016#DK!f$;d<6qx2d9W2d)bZBVsyeAxC93J)$THY)L zdUTWCo83CapKJ&_&=XPQL9%9Eu5ifB#&>y&iEf-SH=$rt9Ln_$8(ntw@nV&Z*prT|97Dbm0)^^ z=@>1aNa%~dNh*j1SSQ0q6fA|>gHX*BEMMBElYtIJV(}pWz9O6s!Pj{NMwr#*W$;a; zf>gMmuhro7$)^DbM4EFiP~AUzf2$y!)?mlD-+cbl@8Z7=+FDw5o`VJb6%|m7aE??M zc4>1R#lLJ?O@lRTRVy!fXLa1`&({pdk^uQFEL8?i>b7BKQoa35G6Ra@q;s#lYB9Kz zzA)E#hK5c=B3SmNM+GenZ5^>Oo%H_JGO$GVmhQB=xd+`s$@LC(L#J**C}ftF7=IR_v*EpPB!r&( z08N|R1P5VNu0ay)691A&&vhXgO1=Q4t_e+gWBg|dDM5~_7y6gdnZrEM6 zLB(9*k_Tuk5Yl(<*w?ndPW5@QzjX8WdTVryFTg+GOVe{xO(?KssQY^^Lz0{=%fh{A*>Z5 zmtE_M``hkUa=f%#|pLox6^xn632A$^P}n{e-vOYu1f87kdC%PUgr%@q2+SB zsfCkz(@#+f7!d{RG}N{;lb1&BHU=@EuaGl@Gw0l&Iprng%q%!`YGsakB@Je%n?V7u zz~_-5$P;sp)W+0^`Fw*~BkT4#otlCy_LbY9%2H-INAy4&Hke&t|4Xl}G4OOA-}%Q0 zf0v6iNa-I-a z+zQn_eP;GKM|o*zlR$W1@ffKk9NkP>aA0t07v2Zjrbdyey=4ElIy@Afp7sC%<>w>^ zMP@PV5Y$yv>JkUdj-sO0)XpTZar6Fr_9@qzC3P0IBuhV1E`#M7dO#K4o{pG<8Is@+ zl8@~JvUS_Inm90WZ#SVi4mgnY2E~K4j%4~7Dt%l}c}-p*YFbVGgn`3;D~eJENtU@- zTVU-cE35bITVL!B*S{`4H!VD!D9qEz;=H`4(ZcPWbOrFP$r0tywvVR!D`tLQPrdO6 z8-ise;ccLch~6S&@I`f*GII5ktS_YBLal;ZGH4-Vs%QY4Ks?saw`A+l%@@ zNwRB3=_>vPL7t5mM#~^W3 zSK6tlLilf1a9YMH^L>Du2#aGn6kgZ8B2?&ts$dQU=E1;QEdZ;)5On$`M}zfI;_B|| zdi>;xl=mM8HMP^NOaoL;t>em5a#>Ybh^j>DKpB`<0!$$;84aj~kWAHQ!gx(w7f{3O z?IlUyvyG`~Z&Ay}BaS6{tOHRP-2#Eq0AGCcJzzoI)gDw%y|WeckfzS5wZJ=jaC-JgV zJ#SeH>=B;r#&JVAvK(U>ZYOXve;UK7T^u)^GAai z3JNr3a!8UGEjeN4bHrTh?L8%$xKzHL6wI_j%?dIH`KO(5V{ zj2)G&;q218a0QRUpb;pSf!r7Ff7w}a0zqrbD{vzU^7A=M^I7m#$+@=41qBwWp$odh z`KFFUfv8Prd10xQtrQH#09F(b5ZI}#BC)s_rXlmWYxeOeF20CAjXxf^>F9u`9abD` z>$fe7xE_$t2-7AZ5oOw*q}ry6xij^__YdFLrAVtZG=%|pASGq;ePiXIf=BaDbftoa z0lvkw3*#c)z*8HWsn-*l>E$%;sSOH*V;{~v zp9!iayh`LyuutY#$TelkZQ?wA>?J&ZsTVIE`d&tmANram-`r6;qs*8EKck>Fr3a*e zpzLuFJxOLXtS!eLi-NZ7t9?z<@O!%NxK+&S|HQQ;64cC0DVqR319gr^{RFI+WGI6x z%*%o~_b91ZGRIcHDtjNZN8N5hhxn3sHvEq7UFB9S#DglG*^y}5f!BBx_+ZI{@CBcv z_&IiHU~|3joekg5_}chn1|DUgWjZilw21_NuXTpN41wm<29bRI*4VH-3GV=I@8 z_B5j%vY(6Rlu4@9IVNizK7HY{yJE@bf3wX~;^6AhdxEHG85@YElIRYuO6K?V{4STe zP8s1F)U2fBgaN)5ouMC~@V;7*X|Na~8PIoTL?LW{65$ zH=sbg?CXX6-T~E4G!|XFaFR9N;~XNZFCMXlQL7|v;j#B$HW`*gMbDC|E_amyb!_mY z9yTVx%}V?^#TND+9*cmnP_yPPVXf(`&k^|`e3C6b+~bkdaZ#kpL=uq;rb z7pW~HBAKJr2FB)n_^XXbI%P^<6r62OvJ&qjaE^M4NAAk3jyb>pg;^6g(K<{uH-*x7 zeqD0<`*$Y`+m=8<-gqn|B-F%s`ov3LL=dW2?wCeju&`^VQ&p)vqHjJla#bXvSlRAH zjH{k_-+S|0Ge1SoJJTVXMvAUv$4{f?L31v}~9nDs6;~ z)DNN32vramz7K0dsmj*-=;ZaST{i#u)=rj?(tLY%EA6!;e)-{>weNH6G?Hd=r^4c! zV}ue&Y9j$@E{SLV-jA&S6f){zEE_H)@}8fQJww18^9eYcLxxGIaGU5~dT0iJQOE5kcAY}5Iv&Jo` zqv7c)PzXO4LGFARf;Bc{iin9Wq(wxFTN2SdSx|5 z3i=M<5(i)g^gH3$%9-=*({q5Tw6wH9q*qBv4jPPdah(1l`7X@9wA8;pymw)SqO$ANJc7s$BMWt4Uj^uYQ~I! z+8P%(xBK@9&MshHvrXBACWa)CT^t;K16^$A??JA$@zb`mAaDV^C1kk$ff|ISiHSOw zOWimi;pJMv>;_e*+N`V=0kz1no8rt4A5vhSKITYN1B!C3l zNlxMY;#$D&lbNoGtwHd>cJ)OuNF*C7F=}bwi0tKbpV&=(9pluNEI4%+@VuKz|u)%>iH&?(aTMx0D0jrxIdpG zS%t=(i6E!qoS={VoU#edTqs$>k$7Ql4p0veibIm5eQ2I4D<}Yw)7BOeTMNZXXe{^i zEq6k7c$fCCKS5nlCpF6J6dwLE2Y&Gjlg(7)RFMI+7&Fz#}54|VRxX^(q6fZZ?5 z&()dq2_0~oxcrT@zH~m0hQt2%>(Bz1gngPYbHi%wGI$1yAgrP;n4%8Qli;@ot%MJZ zB>;tsdT!805SqB+ma9SNsrR3L7#1J-O<~-kYZbK4oN90R%dv9xUsQuogi;CTv#x_ zSey1U^%aPm={mc4=Lc0rUe29cNJ)r`3l1Kwu)nkC%bpNM8frO^ZT570bmk5Fj44CF z@bb#)>N98+wTWF%Q2Fy^rTli#dy9@}s2Ria0UcM+@j?k1u0G)6Q^h?rXMcgYcLItQ z&|rlV#e%W-x*Q@pZPn<#!&ENqvogq4K~Vc?$)EX~#G=smA{BcsbrPMJNq_F_5{&{2 z%F51~>vJ#2h~R+M9x=SLHufm_At&<=Ev*h@P=H=@MM-6r1|FDiVG?PMrMa((`SVCEq2t^5s!?|=&hR3HoL2KANI=9sVmO(rBILYfGmE^(p&$uqt6 zQ$ypSB2N})h$#ciB4E@6y)8fiz+Me4dtk7DaprysH>O0da-P(MhsKnNk+YAP~j1KJ7SvRi+sUN2V*VQ|LUqZk3|drLV$Z9*fF_kNgWR&fxVDBSQlS zaQyyla1R1fw|2IA{^WzBWl5UrY;Vm|{jbK1-Hyz9Duktm4EGr9{O(`5P(?=Cc)a3Y zOXVgJK=!_ScOSG&-5Qb|Mkp*6I22HUg~IJViQ`3@`5@R3DtYkvAc**@vuG;#^hrIO z2{4=I5tWd7AbpwRk#B`t247%NHn9KDwzj*wy$wNx55Wn?+udCX!AJSI97&QiVcRT` zI|!E`*Y^M*F4eT}O+h#vz)gPRY`ZqNt8<_lh_>qMro991RdhVO; zT8{C??pP91t`#?`*^YxdI-wKDU>wilRL>NVR@74(36Ll=-k%VBsqdGxfP{XznH-dy zO+cgoat>gqH*EE*WX6b@^Uza?Fw@8=>ggpB7a!Z(mz0+Fc68`fSOhEbo{vZ)>2Y41 zxbz2V3;n~xFpxo;;;|xl0XPzm9VY+@XW?X0B+E`t_Jeu%j*FK! zRp`kCthm%I08s?>_4)Fpm*52J@qj2r+tT`X54)KXxQpxR;Pd+f<8ExpE;tvj9BfdqBAv zhhB7=gx7cb-rrw;!%0ofvTc;R)FPJMQz47;-?N@>(B)oD_m0*)M|~W@+MVh;7pDUP zY|yQD$YzvvbW@z5g{KJ#MQeI$e&yj(11Tu$;?`ckfhBH)J!>3qec(!7Z&jm3bu(m+ z^Kx(RbtM+k;bnRn3MkNXJ8$a0VOGZ?nf?SI2+&Qur*^^@8dtCFYZqa?zooVb{09IS zK_4*)hoK3SWe`r_(Th$`=hJMiH+}-HW%fA|bO*|d(1->+I<6TF%k+K-H_7|{@85Ua z>a3!2r?QRBIo3?#q5!olu?os<09F7|l2vj9^I18)hR1r#ADo7+B^T`Td#fby6dP3F z`8_n1;2gwWl6lwA*dv85oICw`#WfJikeF8*8m5+4!TPbm^13dYsoBVuA)wyd{5$^! zRh7B+-I|GV{a0ktu+}SpmQMGWPwVY-H{Z-LpTAIkj)8&UhFaR{I{BN-YaNcC(TGN5 z;8`^a#4HCZr7w#kAbt@+alQ&T?(gJLTw(ki?;a#`SmG7yNCH?Y`SX62+;Z4SeT~=C zYS^2*TU!WedHLg``|<=k!-+LIe^|@fjwUA(T-(EEY$#Z`-rgEhs@;6r^KW3!X*bR5 zQP1n_nJPE2aw9!vzNc~K32f1gf63^0`BJkVEoS@p&&1q&%SJ_c`!_4{RR|B6w0h|3 z`ka))CvMtx_4ukkYfG!o)0lQa&n3mgjykzgF~;lt?ewy;PNE3@&D6$M0teP9-m=y! z$~f@#^1KgzWH-}zl{Ta*3qmn30xsr>@nP#$-S6r2lZNDoFFJ?M@K*vzqNx*VwdR(N zn$J9(GEpygjiWN1uJ=0mht*cr+Mf*!!pe`cYz`S5zM|T8rrpkb?&}O-u-DxULgyt8 z64^}l{%U2+rFkwbswIk_@s>uzLAvy9+esEa z#(T8VKF@mnFh-Vtpp#dSaZQ3m_LSJ(%IYf~_g`Jrc3wWLT1;Cl=DwdesxzlcTSG-tTd*z1@^4%1_3EhjJ8X%;mHC9^AM~ zYZcbV5Yr>DroOeeI#3!ZCD2bq<7T(Es(3nM$BRDgs2uw(6Hu@^)tj+ z>Ip?_QeZnPoO>1>MXLJZt!L=va>j|ip8I}p+Y@L*1OjOgGDwIbvee6!aJIj=GfMgZ z@F^z!pK<@;j}ld;*UFvY?JtGN5B?V`prakL@!sdfmV zgbUA>oz#yKeil}GQ0^Tc|2dckpKM<}IxX~Jv6@&(-swLw$jWbz#V^qwr$Bu5`q8to zKkhT?wSVPpd*q5o>vfA3Uv0pEz5B~pM5F@3zlq*zfj=#Mwp!%BeZB4)a>r2C` zeqJ>mtC5>~4Fh!%mziAho_2kN#rxBz$?>jtkqV3dT~3881BbinzLdUI#hymP5R8@9 zyI`qj6QZuI%~dTfktn$vIy0HDzr7x)R4afoS5={A3hq~*KkU`|BzY*SmA*boY{`9M zqEzR#-vb)~U^}5DfE6mtyp&XbaED8ZXM1^uHl+5VChcRj7hIyfDhd}HQ&$ht#gvyP zqMw9karGWt2yZJ6%X!YXP(#CAH%!Ct6m8*1J6W$qSyI{|$aBWJXMgoO)f=7c`f{h6 z2=B8l*<(2ASkE&!SE*A_Ht`5u z(%M`%nOX@e8BzH3p zLdIfrH}`mb)0mxDONxMrF6vW;$w8?2bK;f#?}ATuV>kJh7K(=t;`MKNaw}=u^Y674 zxG**hHa!`dD}1jhVG`u4$imW$ks+uO%mpj5rckJpQFQ5UZ4<2~$NiWg~e%|Z+C@kLQbfuFNP3` zy|bJ*4;qmy_%|ubkG4NAB|Qkn@+vGpTW(nkXNwNtAP1)Th>p6hI1--L@PC3v?z~E`xJ|uL6=Mb;;wG8 zkk8-u`LATQK3}$BMI#XH(l|HwdJ#>f-AwYO*H^UmwWSl|tX~O)u>BdL@!}cay^TQR z^WILELHQ3OMw%Utr4CTb)y&^=Ydqa3n4bBg`o%msIo*|9y2RUpw{h=1jCA5oom9XTB2JOrrX=%cL`y4d$-U#^Dn+&e1&2dlc%J7ATdr~diBgT zS9`I@9svYV)zn6 z5dIg3V?c-@?v*UCI?No=j1Nq>GI24Z(XUGCjJf4a<+JbqD&M0P`e5TJ;kv)peKG*) zL@6!E*L^U|NB4EhcPvKYLqM60D4L9+<4>)mu&_6HjQaa6#F;%WSB(fT`&OxWRPN*L zh+A6{`H^?rtzvJyI$p~5=?Bz=Bin0VL|w`sJQljB=dZk|>}i-`v%g>WXHSM%$a(rU z@xJo7*x3!4cG?UREvpDDLBy?dIqA3UZc$lD>AJzlkPQ9CwFp)Ab_TS@O~x~UMgeCs z1)c4tU-yz@9-Pie9|(*-{#Z6VFVMy6X;V_{{+&oHH{-P|K2l$^b z6bL$U^v&mm>Q7vuMM2AqW`rKY@s=6ecj0I`qYRq zeNdEGj65&Fmx(1JJmpEV32ru@{5&Fv)xiQi)N!q56_M%^h~nduf_83KP^_iin1FlT zcY}ezWN#gQQi5uO5Us?)SpIURim|Mm;?Ssg@1Vin{`NA|q(H!i?t=pU+?=Hb{ls6C zOc=IUFv0RIEqS9^`R@taA&BHGS$1Z53{$=q2%5KqZ+fkzI@wIu?=DLFpT3fdR!R%=Vp zlm^+KyRxq_ng3=jw)|U*VPm5tTa#$F`kd`!5xK$!hDHi``5EcPsH@G`lQ`Q_WNV5qKb6iWAF zshXcm>#$_C7u+0v6c+*YQD}4(J2WBGG#TWgjkz_&sDUk$O{WJ z&Y~l*A!X%vTF?dZClDQ!YZq=}==2iA!fu3?l}zM6^SrE@W&Oi8{hU*x`Pbue^z#J; zDV0>*orT;8R@or>mrulZkt}7pJP2v6>cR@jxI72q`+%xbxQHPJ!5$YQJ#+e!z#rz+ z0g4L*ERKz;DO3@OZ96Iqm%*`xV2`gE#lM}7yU1Pt;X@Oosvbj29PBMR2y93SFMQl3 z=%Y2f)_cQZB@S2z{_H9W8FrMLETyb=+B0u9act z@vX6M-#}Y{zmeVxk- zMsXLoW3ZLH^?J~y{?n(UMdHvypm z@XsCV<+VpNc|@JUQg0-=L$z*EgSTEBDL7#XN)6uPqSrd%(6|B0572{_)Rz`|O1>^G zEpA7h&e%O%JNomtJu7l)+i6#-aMfL)dszLh;hCpr0rKyU9}k|aRhJ>A_V#{(a;?eh*dvIy zoCK2Qhx(NV&p#C`llZP#k*_aYfE_zl-bBaNcKK0yk2DK`1h;i`?CQdJyStY`QdVLS zPbbuYYfEq}g!grIkP65{KJnMDr6o1>qKVhTq}~PiOOU-||Dc)=4-ebgGoKx;9yp5*vL4OOx`QgE zTo>6nIBnzRw%hWT_S!3Wzc6a^du?x}mzFf#!#e}15>EAd-ZY4=kN@X$8@K?~{6l?Z z@vB|px4fg>UyKUJr+PO-!@IjHD=Sgtz8`(WB!owFPK@n6eg}xdy-oi+wBSF6D=5cC za1c&iU0Df6Do9F*!SEffEg@T9vMH~w29d&B6$~T`UzTK!v+TfLy6E%IWo5X+5RZDe zxfgoA_k1Y#{AVmAO?K|CNg;2xJAh;pvTRJr()py0cAp<4>{cTyf6o&LeSHc(oy)^s zP(f&AFc%h+Fo1S8k21QX(B_fbBgu5Aa_S7OuJ$;4BAZ#@hE;s{u;{~!Ie$JqUBU}O zMPSi=U%S6FyM@E~&TakL0tYHVH-0W}bMt6#@~AJG%mEaNv$K?_`qCOVs35x~G9r2( zRhkSBotwkp?+$Oz6XxgUa>@o=BvS8y&f?9!10b1!Xfj;A+rZOVU0vPTSxETt(d)VQ zzo+G#=CibyCoW%Nb_`=7DO#u7HbX;C83|8JjB2WoBT9F706FT1x5)p0$Z!RZ)bobl zl10S_wYoe5F*Viopd_}Heh~2}?@{S9pSk+TCa5{t+u3#ZJYvBxL(tR2ry~{~7V%Ul zYwZ;8GxhfN0%-GLWl~T0?v86@M8wNoMUr6k$B!~d9pO<|2bQpFVJ(OGmkOw)N{NXP z-vkYpPCkD8cxm8ZcGlU}>vdAG3u`OPLVN!(cqD?jxCL_wZ{z zUk7eCij@FS?Umw@<$B!bO~a4h-x(nLPK;EoKiV*jj@a5S^`z-{ynsF{r$H~L7eA!G z@EyXV(iRX8imQk2aGcrZ(6?=$DSwF6v)#_t*|vJ9mwUpM(fk>R>82d=(;^`$)yEK5 zW#QtH8$C#T5XKlTuV3L*!Wpve-qqD3QqNmnpo3uPtPt^U%8>lVgXGGb_sQ&@tcmVsJ6 zE9$u3yoY3xD!skvf@X1&-ejS6<%6|Oen3=Vb9yz9Y@fn?EyaD}XooQdBUzHIXJo z#ZUM)y#X6;BVAH3pi&h)jPt$z_GO(ly8K|i!$O=XJRD0UNXRM|l*bo4sb7-1HN+AP zH~M<-Df7<^DvEL%vmPbO2#gn?yxhi}rot-wA zB0&#h>fkJxzES$3_so6dB-`fyFCk^(orv6l&~QRLs`*R&?otZDWu< zWkGM=P-7Ou&l&RZb6^Yl<|Dl{k(!Sm!|dog-No^7t-y{*DUOgI&Md8uSz^Vm%)qyJ3VIo=!9*%sbhO z4^cGfbq~9XZ%o*}j*!1%PK_?mZg(}05hq201@(y}%zfL~po+o{mGJP<9+yoeh&>8c zMfNdO4Ec%FYD0+EO38>bx4)@)#YZXOQ zm8UH#@A58QlB=-^u2OA_TC~s&|24q%M5tSFbRcC!o@oC1VYYZ)@5zzs!aLE*L>*h} zMdqNYjgbSP^)Ne|*y}R>sL{Abl!$|Z5iB9URHd+=Ds{Uu2=2iv|J#U@f@JxpUto$O z1Wc1TTHl1)eu??n?>e6y&TMz+AN%%eup2o7F(hY+5XLiIbP8*=ol=>7=6QtZ zi0yz>CFfY`PXp^sGR^mLp6Z2kh^Q>qtf>ds3UY-wZ=D|A&1m|!F~+0w=8XM#%lg}X zODK&J6L%vd(jn`Tw-(ju&i>YiMk;UBavH1NK|zv-(z2JqCce$QE3|pIdPwhtj8WM+ z2o%%)jCkpr5nO@DjPNwzM&LewpKpBU>7UF?wD6OooaLZVFT#F*_{=KO%8$Ox4r$#? zB^FMDkVY0s+AkUtmIunR)87Q6zl2rUq-Tn0npjz!+P@<`P%5+`=WL|ym4;Pg&U2+| zwQX7+AIbG|M!%?<&$MpO<%)iHsxn)0knMdwYluejn@J8U16*>W-;gir-P5k9@^BXo z?(;9NFJI6eVDQ7CpC0!whp_6gwA$+biJB8?Iz1_YVjKnaQn^~Z%)2*nj zEi!t}URhQbGW$N*DwrIA55iJn`hUu|c{h~E5zFki1mCy03jHv`QEL?93t~9mhE|_F zj}}C~o%sooW@8G|_d}^Qf^M&sGo>^}KlVZzGd}Gh^G&v1Vd_e`r51@bvpqWq+My{M zW6e&_wM}tbKf}4)TiaVL8c-nSvF^+zlg$V#nX=)`m_8|IWaB+JoJehW4ab`*Q#CYu z``W)#)NHs=q0RQ{SM-c0SAM=uy!R`Ig{A4smS7Xh>g>AWRX>G`NhgPGm=|0srqt%^ z!fsQ15;jt8)NjkNA1%4@+Wp_Tr`KwDRTTtV5z@T(Y+Jk$(GMv&Mhwl7JCap5WHN$KNf*rfs*CLF^U)8&$jFK- zu@yIBut=2I4U1X|W1V@S(v0K6?^?q4165D)AfjR~Vg@)n@bdp`{uNCj z9iHa>>Qu5NIEOarc48eVUQ7GkALLD-{#=}-6qqBA6?2=o7x6AWN-uSl+(wnYR<2Ee z$+FOpk%-&B=Gu2$Q~AZaFCXupKK<0fANT@}gZghLq;2%YFk2HB_@hKRD+&rW#Azoe zGFhos{wWtD1z6rERmhm{Gkwo}QLr!QRAN7WquYWO_bQ)kwfqHOVILl{^=DSoy!oi$ ziy)6OH*mwWq9`zoL{8J@t^QnzMHShgfgM$~b+lEZ6*XC~vk?aW#?v-P;ESHL*~ci; zq}uEttKWt1&MVv+`pJVKCXo$p8M;hYJd7bO!m~#;+xN| z40Yj>;U8QPKh-_uF6(^FHST@l?KPA7;GG>qL>q-4B(Yyltayk^iD2p75Xc63usW z<550m$Q2&dzsfwY9_npm)?X__#EF}B-^*g-eq3*6v>Q-;-{(5(aZLX=5ych}G={Yj zd5STF6_E+`Fi_>r-=dJ3v{iqi&Gv%gm=LLvz#-suIiiKC}j2 zPFg|P-!l0JU6O&&Su)@9T^B zN)$~K|%P+6;FP*x#H#xm$Z*uou9u;ke#%QiV z4%1s(6BoV@$tJ4|HjS+aKo&*{(aiu6<0JGNPz^ zK^FK|-8(iTx!FP{)sun*gp$xb1=`|iKGg;BXcUS95HREjrTV{HE- z>o+H6(0O}?b!XIvzL-u!Q!4d}pw}g6UiBZH@HtoB%l;$D8v$QRa(8egG7nz<55ZYU Ae*gdg literal 0 HcmV?d00001 diff --git a/docs/assets/boundary_k8s.png b/docs/assets/boundary_k8s.png new file mode 100644 index 0000000000000000000000000000000000000000..52e7f5827b9b19ee008f0f75560c1cc0fa92bade GIT binary patch literal 72612 zcmce7g;N|~(CxA~gy0Ur-Q6{~+v4sX+}+(Fxa;B`oRHw|4k5S)cX%Yf?|b$Bf;Tl) zGdndkb8pY>?$hV=Mk*;tA|c=*0000aX(=%k001%>0Dzc-1HNCORy-zqKR`N*N~^)a z!L4p7{(Aq3>msh{qWZ<$#ofrs3}9jZ#mGJ$Wu8YKuSesRivhf4JXkLYtzea9N>xmK^3+ zF#p7N`;+a;V<35qJRV~(`DfIwt8G8oXp-e{QnTiqL?oZM=o);`5@TA&t;$Ufm%k5a z-nZT%5$@MU^c9)MbZbXiEqHqVOU}8#{?OTa2LynahV;hSU8ITc*GQ$aSy^hFq%yogIB6QWJW603A{;Je+@3!L4d-x&+n-#|OxKU}XUC*OcWtGNr=rJoLMsCM*%1-Fb+v@_8 z**M+lG9yI)|GxKs1~TdNYIeOuFzEPqw-_(n_XfmmbN}71IvsY8{+(@CA?vpB{&)Ep zQlsX-vx&#v)XM*EZ4~_fcx&*94|1;~!G3>80KliFzgU0fee7D2a1YrU9{){akmt=~ zY~C>&NgUl-KvjxE;G9Kc&@uZag6{pWAXtPIFb!Ll4hcmrCfqwwrF#=fs{s_P+eijr z3=QLRyQb8{5Dq%(>;9c{<411s{9JwP++xB>asp@o3D7~zGS{exO4huB2wmm8Zn~bp z^I|P>QMId!F`IC3Ise<_`3G z9jQ&|UZ}`cm`~$x&Tn3|!o86dUY8?K4e@<-Ve?zV+%1l+^lP=^) zs&CJZOkhWqPMnmnRhLN$K?sdyg|@ciBh`^?)sGb+4gvAugmFu9*yDY!jdr=uDh$6zRn zMJS2T(kOx9s}X+Q{$!ORE@BprIrzLHOvw(3K`c!d8igV!j4uC~ISH5!SAjwyEi68< z)BM7y(0hmkkunm5*h?*~5iU_Jl()`>*e0_0Zj*pPUBW>v*kVsVfHIUYJS}-;ECit1 zE1|D2>1TG3HHel!WHJs2tX*Te3*!s0bNO85s(vgL&hI{_fEYmyP2^pD zobo!kxK?%iFi50`vK}W!H7+Frfpm=f3-Y}Ilwyn#4eXQp6>3n>Q0ns1T`YDjKryCX|~emIO_= zM;{f%t7QTQvJhz=TO8DQlO3%GEFa3J2xR8BzBDIPxAG8(VGgHSi|zOR`StFbK!?_V zZSG@$x}O3r0l(LY(DS)TYp2`Z!W|BxO5zAy`A5N*-7+Enr_`S3XpiAtih>0s+Z(~# z65qV%tBQv<8k-x@4xtXaqg^hA^+(Fp_R*2_O2LP>*Wr7@J4RPq;vqPru_l4WWAHH1 zgOTsD?0ihp2~=S|3jOt;a6ckN0^Jt0@5F_qAC~9#qPgB)?!q)Slx9p1vZ@hq=B5|P z@k$l^gJ9rd3ugpe4(@v%3|hO-&v$G6yCjG!t6KVu z#+s+Wzz>LYYTB6?=rYaT>U1%4k`50?+!LAqB8?3ZYG5F(EkxF*)y1Aiga~M6Tt3wb zke=qr$!hp3Ac5F6i{5AFEivA2?|18(?U%>!(+T!zqPHV~i|stY>z}PmkMnPVIW!0Z zdvSKW^-GWac`<~ktTMO_gLzZ6zPktO?(#23wQl;3vD0cHz;uM6fDGTslrH1n`)`Pi zfsufzVAzI9U%#zIf9Gd|SFhs%8{F}rBtQ|66i+KtgnjNzElR9_l@^1%Lb`);wK_nV zf-E+Pz6nM-m3&s5*qqWBgG3$|xSd9I*Sz;t24I-aED@Mu4Ga_!OOc@=VMm`gWEZuB z!W9#bRTCAHZiGWDEEZNXls3z2z1wsoC>!`2ZjS?sZ;3}NGtIP!BUGRxXb5m{0OmQI z4Jf^GO?Roa`~H49&#>oN&&zo*!iFEyKOyZw!d-NZ6EC$~;s!<~QqwH|AUbl!! z_q5OL{|sb#zs-KRIPd1ay|f8)J|ztW;0Atw-evpR`4U@1cGB~k;*stx$lV8>sbiuS zBHy$|1Og|>JOoo3LYpTI9%ZN11&9sDZ5Al0LKgM63Eh~1ko#nIxqK4 zYFx}ImZEX3Tm*%MIM|#4Af_>m3e`tS6G4k6YR^865}>af#&6h*^F%^~4L6FjJUL_1 z5Y^Rg>q=l@_iN;DG!2*wgMcy*O*4y5NjDBjgFOPww zA!+L!6BWFz(TV!f z1hPSjWrjWtvVNrouei(E;+u!g-JkDR5Jr^Zl-1t_kQs$8BR=KepDb~@ow}Y@x_@0z z9fzTcW7v4HGCx z(|t)g<U?s9*>hVu?8TsNE5c6j|Z zTTE@>k?g)c__6MLwW{xI@|F?)wa0aHt|f-d&JayL|DKHLIX#8j z`dJVR`__s){;JV4Cd&wvE^z6fBYKEfy9O`BE{>?eV!cixhr4%~U2HtTigkOEKHW=F zGQE(#?g}k3VB^a2ch}yx5^3|gSYDKL%)=~y?T)IfJ%t-7+yrXdGQB=f{gxDR^O2<5 zY#^f-e;P9gCGvgxIoVB=Ir%ou)!{D0&9^CZA=%ThB=WR=E_hp^sJQ0va_|2Jk*xMf zZHHXmHz`G zdTlp6?w|fzqDS{PzsHFVopX=y>*bdmp)(?#l?(iy`t5;Az>k+ZqNmf%{%74XLcpK; zvNWOR@T`rOv-O@o=wrcks;{fapI+~=cflpMLfEIW7+;J*0!8V?~?+(ln_z%WFy6Vw@N%rd{Kha?$ zMncwOCYfUqt5T^^>5P>?y*m}`RB0KcHUuOIJQ+I;3kd=yv8qvG_(c6~iT}mw5RMwm z?(doUV7EU93tXL^m(}M`1uJR>;%d_Y6Zbz2-}>qmH_aX4#gqq@^fqDw8OKc=iL(ak zo0eYIHWfDhG~7|=vj|rN@zX4y z&FtNE7u~F68RO0e=;$|h+ANM0J*8?cKfw{*Ps}}ST5#!`i5r0*khu2VehFL{tkXmQ zs%A4iHsg;vHUn?PX0nX-8Lvm2jImaj1K9ZZ$_qR|e;rGU~sBB*bq{@6k_Bsnu$J$dAQw6o2*nt^ZpCJp-h4 zQH#^lk9bUjhYt4E_1qi=#6v;@JV^j1sf;R#NKgY><9C3nooNvNXKzw`RRu9k8_`xd zJy&V}Nm(7P%|g{}m|0%$kr)W5VqNVsgKpPbgJ<4o2+=xAELf*~u1BIrDR+Y}M+Psd zTAEX3ckcerr`7b5T0l6nVY}51rZ%TbzD*GxVFIF`1Q9S$5{3wZ+Q(H6Yyk89n##xbI#7tVe!^h={s6W7c)#ra{dl83Qr#Ruc*M`z=Lo1Kf?2JJ0A0V0X(3prJ0Q98w2x=$eW1)mC8kMnpLVP6A&_FNXOIGy&+?~ z@W;h+hx=~$-k#7+>(X7*PaGICp0po@!sJO2maU_1H80Rp>Ch6W;2@ra_QAbGP&6HU zKty7ac2HspwV_gwxH4ATfoV7?8iPhjKHGAnswz8b0Ad$e&s#XU`>P%&&+>}vc$!V^ zxm+u<|En`08~~|z$74vRgjjXDk2_-+-+=FS>x~@t<4QkU_^n{)E>i2zQb@+(pCy4` z{}&h?2NviAh)Y0PnwzsgB|x!JqXt3I$dN2LPX8Ji{nK1K+_6DDn`McyV{SGU<>M#b zeH}V1Tl-TJ(R8P9z(j>!-uhWcxy4Wj46%bYux+moa5$#AZ2Mnddl*hRB<7-R$EdnW!~vQF?->|@YS zW>_&-Z0BI)TPx!g7LIHuMVs>pJwk4~3pHI2=0!rAz@f44RAV)qQN1#b-L&*v=>dq1 z^QG-)BEh7jc!@}2)kndZz&M)65ilZsK0<1XH5^({NW#8n~G|u;i7&9v~ z<<$BTP**hoRjy|z>5xIEJ@1JZCdkd)6D9E#`)r{NQ%(*)g6h*|yYt|Z&6gk;kS4C< z9a)Z_X*8)Z3s!vsH?bxl6mP7~S;yzpHT?XW?3a$0-#L7ZvP^L=L9S&C@0D$H@W0Xu zxh^Wm3B?7#kb+8@)(%D>F2sW+_+UsGQ5@5Am=@X_@T7?56R@&wvZL@(sFp@2rY zG>!XeZ!d46oX0O4OpT4j^3OZ*lbd&0%RR5n6Hk79ZhE=vt#|j~Z$G=w+sD87yZ0P4 zx5~@u*H_-<2~n;(wH=Udyx47cZ|)5bHyFSK?qn96I0H~43rV7R=V=F53(2ntHNtc@ zTb_yDY@hvUqFOhqPJJ$F-_qO#nR(a-D<{+ZAC*1VZAL=T@1I)-KHX1* z05?6k^&8lzd6z?Wc~Ou=(K9neA4<7g{hl@n8Gqk1Jrguhm>Fma@l$i2r@N<8lXa)kEfv9VDo2g zYoknXHaQoJAj{8gBQ|`kL#g;(}%EECGIf4FsPQ{ceZjU;9ry_^{1|u3H|8 zB=@`jjQ=U=P_O!Sl6Fq?w%^10_I>m4wck#o`+4O|Zhxph%e|E?L1wrdEjAE+(bvFY zb%KmelJ|>;-FH^}QE1~~#x3r5*z_kx`JG{agoy|Qe&*4{2xI1)z;LDzCMnd~^m?h9 zm+=0eY^F5O5{0J$JNqOzHEEh?B}Kt!YC~hReGTTCl}|J(uI=cf;-5ba49Eqg8>4Wj_Wi88S9~2@kk@GT zKl~b{X^s~n8YqSCBEJBk@y;t`EB@mZ7D%Wuq5?%l`#eOpr-jci~~_X4d1L1 zS_*;IM2ujRWd`_Azzp99sKY1^`4BO!Mh+HZrUHl=N%TSiFvw|`6NN3S!l|3>x!{VZ zkq}fxiZi7Zhy!M*faH(>6%rQlTBJf0{FKaS%Z0Z!?6}tnqLcePf9S>TkYYGY?Z}&> zD$a(~d1*I-L7x3@I=$}!MnOffI9*9Bh6F)eHML6ZBOpYKHj-G48Gagos3yZ)lu#J> zAwdozkc9_Dj+!=KB&A$UI~5fasRBoAN^wum3<*Vz5sb=0MGD6HIj2^I)o&<4OFTx+ zPJ*fYp;WXS2bY8rE$qp-ff7epsX&-U1;|4J1+6T0+@MEEoRE`RiVCEjC8#QC_mfPyH5)!~jT5x59w zk$_@*JqXhT2@DIdg_H_3sCq9SH~`dG0Wkzc2nx~&28lu{s#rcL3?YmhbVN+l6g>E4 zY~yC)kmwb)MWq8q8jTkOnGBj%zeuliW|V$emDmqA)8laEbA3L}+|!)ce%R!;n0;pk zWt_4arWLD3uYV8|bMPo1D?krJC8%Ks6eu=()yHj>B7qF(61-M=KKiP=)`9f_MNtf{ zLDg7VH`+;!qUma+$|~^l$~j+6853P7prdHJGY5)5{M_>MTqbxN88gH{T0@%q>}LcZ z1x0@;jVPXYs+t(Oj4M#o6#z1UQAP^}=8Q>+l*h3^H)`PO%$m6F9%bX>c^-+H$+J9` zW@En`{pDO2cv+u^6X9%GThvEf#H8l?su=CW^SywsnwXX96-{R25t`d|pZwVp4MIti z+szo<>Aurf?Km@NC8Kjyt3f**+chq`VSXcgXvT#;rnVKx*XAf?i5VF@qMnHWJGf|v zq)133Pg=?Ju%-d{>==q7NDVza>SVT}4XHP?(2qyvdFa@AT^T~|vc;|>5(s=%CuIMu zn!FR(Rjv|{xsmf)XH@b=Lb9(r&@vxJrDLIFG>9acQ=6hy zA+yUq9aofX%@rkk+3>RZ@tMsvbDP7n5Yyqx7$Ks8<+w4WRXD117vw9$y@EG}26%MX z*-j2Ew9@G4=z_lsiy2pCve#ns*qDQ@&12WJCDp@W*lb!?lhKo_)nz4Qc5|@z!~PXX zWRnKfHQMcNnA!9sHmfJn_%c1qh`39KoL4@`JKj}1pc2K{gA-o2(CIi}5|A2*mdGs5 zZ0bu48*J$%FR5&K*{oIWUHZFsV6!sG#S8jpE*0e%Mbor% zCuis6tao~{N&Ft%zXa(0rPagAk&3E(vT5WG#g}avek$ZRe${U4PB-?fX2!E0h_Lvk zAgt51Mq^{-@-Sch3k+nG@A|klm^>{&fc?E|~;NFYTDhfVbODk=5b~ZXXx=X)y^So8N z+F9t+U%jOYUQ<$3Iuor_JAr{gkzdc}O2PZYumgoeo&$3+yg^%f1`;Ay-ouIAGb&#= zxrnWc{>S0f5d_!_?}>_{Ih>Hvvsx=NNxSTmXwiy6!kDcJdsN|2S=oq2kI(ZXzEP+Y z1a3HRk40nOy9Bi~_`9K}r>BpPkF_;8Bj(eMYP+ofR}9t<>oZ({?Ml;OhDGk7TgUr2 zX}+H6ZYcaKRppg#44~ycU=%>$5&4^Cna4lB}O})hM{U=ibJ%7i`g%kmd8}M-&!*H$%Y9t7+hJt7Q}O%w&JXU#jxh+0uGQD^SaE~*X8Q{+ zoG5QHFusjF|H7e_mB=rX0{<)s8e2o@&oY1B7VmVcuvlWi~rhK39=Z6onZL&1YQ3UNuMU*L>8h zIjky941Oi0FjJN*?Mu&G^P65%MYRi{Oaw3NZa#FFp;nkKGJ zIUt}Rk>_=PMTGU|k%JXvlb?Bcq+}X@1@D{#qKXEqUe?@T;f-?40%+>|6-6_&vPdQa zIyfL)DCXM=hoix`I|Xe%aZ9P zPGefI3u*N_kTgMcfA&~FC`-q1-NC%I_pTE}SlYt#4q)m20oc-lfWDQb5!y~#ns^(r z;2gIVFl#?&4?Fq}YeNWPEw&i?Mp^;c(qzH5u3`4zGf%C_?{~E(tb(snN`P;CWJmjj zL|>C++B}ZGcswtZ!~pJ_nk&Kn^DmafVWOk|?FIOY6WB%J#4Sk?O5wmFk)Zicid4dM zt-`akZgVMzK{p+xkvd$08eRu0j*RRRCddr`LZYvVs|HYl85bHXS~~~6SjbrTd{r3B z?|Nx7aTS(of}>tGn2{$j*f#a&llD6uZjld;ryv(stq8nkw?a9>h4hOpay@VsI4#Y= z4*4M7^Q23-FWUciaZEHCmXCzV%r~S6bFlSWR8sNM>v~bT?#`}lLf;G*=kX4<2|NDv zgo(x}I8XtI14e~#Vc#{!r^QUy+ZQ`~&Th;x8xi|GUcCqIFc8ra?MmiKPw8F)U`fr% z70Jt9N>GD`;`8WVE%q0v{$0Grj!36$4PeD|0##I{)o4vp#QJ_a6w80b;*N8k`13bC z+hnS>G`qDl*ndsU{9c-$7rp2lIoA)x|NfNhtAKwohrPl-ZLSnxWgZ3I(ENTJnTx#k z=@<9J!}os+K2y65K@IGrS!n?Ki$Z*oWL!SToz#I~pZ}l2!Xdwng@Om|L`;wIHd zKq-1hudnTtJPAq@5f(DWvUY;uhxRo}9!39&S2md|49veP`H}o8+zIwOl|fly*)BAs zJTvuVdVOH9-{GM|`^Tr3oY}xy+5gs`)yNv%F=tIxG;7X&fnGYhpvJ=H&_-l$+msQ5 zh_vxde?`NdhCj;<$Y{Pb6X=AKVg@Q$VX~Wy`p+aPZ_;Mxs*(&m%kP+oZKnD&p!iJe zm!QVJXm~!FGLAA314=AZdW?i(?k7+V1?oF>kO~BGej7HIF#7}2^X#?mf62`Rh%P07 zuc7!YM|@XCSc-G}n{;kt*xGSGDSF_-8Pa*dt}a~miL@OfCO|BNRJ3wL9x)>^p=@t^ zqwLSpY{OEjoBEoE__wW@lcaG=2vevSwLo%b8$y3Vzud6fWm?8#_v8P*A$RN~2q}$M zz40O?2NNnlO3zQ0n6%1$czzVLj8UbZw9jIv&!AeH-W{21R&Deu7(R`YJJ`}X?wGrS z^@mB#f~;>EnTRBn4-_UeW5*DS0Y5?t98}*Kl1bNT>G)*OxvjkRq~>NE$>w=iYN1`* zVf6cvaCevO^icZLWhp2EBE^MDQxAh$j24a{iEoGAk-IOHcCA$2oi*X|K)j&)~(! ztPu2`hfPhW2q<2SBG;^S)Ve!VcpK9g;5NYowKcr#Qk|SZ zQZarq@O#M}*64A029FN5C|bjo(kG<`6ql>D_BA`mYZO^S3BLTx`K~|OMu4PH(7izOKXn(}e;gLDCgD5mGHXD^DE7i3=N-Jz0km%kd^U{A-`Qy?u5;L~u# z2S4sDuZ@iOhK~v$BiC$Z7_@%AwM9%e$$%r7mV=UkFcQs708rCHFxO^4|8pcqyjB4I zcek`ejD2$IQbYPj+=Tr$Wh;5ul{pbGs-13X4SAXRA8XM@D0p0D@5;+;&HY?uX^5f* zr3mUFl^7HyMJsYQM%-!!!y7hzo!;dHDLW2|3Z>6ZU8*Xmfj}&p7xeV=tqaeGzTmCf z@Y6)duGCbt!opG!x#}^a7}}Mz4-qfa@dSkazXHbNuFSBJ?U!fUJQXb#Ic;-kIbEX^ zEVX6^=5;?plu%2DdLWtoCqX!TggQQYAyFEVB3TA6Yst?Y1}t4(y)kz<#ou_5!i-xZjf2x-9n#I1v?(C+JbzTC*rZ;Tq(bC7Eo2H) z!vIY`l%fc_KKGu#9q!B+;Zm+*T zGM@RD-rXnO?`(a$gF|MZt_V~@Ri>zB+*#2K3PGs=Lo1Et^P|E#(?MR3ydZ~$@9(sq z<{Z22Fs-83bgB)`Yf}I-5$Z_En-L(2ti734VAGn({EG}w|HZ+N`NGw#AF@xun$p}! zGDbrM*mm%I?v{jB{8qa2cueVReqAxeXJq{*(8`Rf09YhBKNU8|HqT7#G(w>T;9enIOh8Mga>eH}j)DU2MePOaQXpv{kN?hi= z#A1)}vae+I1+nAA-Vx4k$4)>O>(aT)sCwCrr&#JXLON$R3#;k`kOd+dvV)Gq&F|+8 zhbYS7#&M7!)FWH2#f``sT`KI=ua1Vr;f{KsLC>XHAyr2OoYl^jD1jv?GExQjv5i9a zkg#Xn?!PO1A?u zKPK-@{aiNw&*1~Jdtr~JIUQsPYjQ$A8~_8Y5D-KD6E1cr1}K7pehL$2(;-T!^-N&U>P%71z9_fu`2*Sf0-Unw^YS_%(sunKE$6kK{peUNKk`JgV> zhge>MjfyIySdY@c@6iU_9|KT#c|UkGtiSrA%DC zz3omK9K6sfk4fsU0eckC-0g+)voFn`x^@4bmo)#fKuE#W>N zdNKCYDO|SkPPB)Vd&B3u9VY;25Ks|FR8;oTJl~35&iQfkvhn?YRV*ZrvbHWkb4+r4 znXZzJAf6;k#sqikqw%MU5ts6KFagfc}i=`KLiRN6+Ia$HWp-gsS^!J(LIFe5cH zsR}xI_>{AqZIQVG{NeM$d+Bv68k6d+21gP~)6o}F&by)3hVR-;Td{wlK0j_fKw0Tm z8cJtUrPej7!JvhmfT89b0A$US?|yYv^nE?QJm=?}w*E@0TrL;K!?Q}YgP{_z|7;*c zxDTC7DFx=O0JR80qhO*msnHdadr^k(?e<rpEI5N7U~||RvQ@0@#eJjCxvM3 z@=_sF{mT75ds`)CLsAjc-oT!jOC!t{6T9eXvrVU=eoi?q2LdUw zfU7BtV`8;kmyft{%un*rRQa>8x3|ieX_i)yzh**2L7QSR; zcOm8Hs_;{AED@0(BSI<81cnrSozJ>oc4r3%;#{vV(>@?Bd!V3WDMKiWU&7SMw1-4w zs8o=OmTW~aJSeX5*V`c8emeBMoG?)&qBgNq4K7iJ6SK@0C8oqm8Ay4gF@~c!jokhH zYr|oa>?L|oL;q&xB&T-D#(g(SyKowS4hp24h0LFC2K4^1Zk!g(#W!f9e6cVmfdU{4 z+$+^?s!n5U^KTYGs@Q@k2EN&?w#YJdHAN!iojdZxC0hpJq*lj(mT)BbHZ_85kF-jWK z6*J@#2&y^5H#8Q0@MO2^vo%X0R`Qm8a*Y#N8#J3M_{k;Eja6hq0q zNFTw`=BKpZ)2$Y8Wwq91kGD?zYGBRENuL;~>ftAr6BZ{I!-WeLp?LU}cmj#4EIO%V zO1d2)CIPSbsTVzbz?^T_Rk4=8ajE?lt0`Eiy!};743QNLAltt>vX@%UALhkKjGg0Y7~YwVQ;+PEGjJNRPpnO zl&h*JS96~C*!1qmI*he(nUWSVFvbHBED5eqvt>U%*--6%XnqlT{3*6U0}Lv_aSIZF z-8UycHM!P%?-~;w3817I`e1Cx&Ql-q<>W_Mx8Lt>Nf_Dw9TjE9)O=G~0PalG@LaNB z?jcvjOz|8Fh#GES1&SQw@SV40jB5DIDp6I1G3v`ECN3RfjWs}9#19V{s)S%PcO6oo z@QbxK0hu)JTHBrAx3A>aR)r&^)e94*JilGDHTHh>nuJbPA`$9RwaR_RiA@^+#O3>u z=3zIl-;q>mATeWFz4`&EZC!nRKg;va-Zd-eCUUnhgKfRIZvL1TaqVRWC&!u!k_M1eIl;`^wWxg5G8?iJW6Q5or7(LUx-$l9!)+DYSI>m*=^RIudy(0isl&t+{}@h46qnpEvY9J zSORx!<=4Dtg!#Lg^*cZ_-&_gzC%V~jrQ$LqZ2Y>5Rf~zSo5be>W<)5Yp#)l&;miqn z{{mf<5m&XhYL0N59|yfN0eUUGAJsdc!Nbj097&19CL^(;?ZfQB5tgT}-k-AY=9|@R zj3HzI!o;d9nh5zoR*)n%CLXk?iQCoq!{Rya+Jn-VF~dQ)%)RZ#9cQpz73!I@>jFe9 zdbX=jC9BP*Yw>gRm+Q05#Y~IUgl3s0DHs}xp!ynL_W}Qn!%SgOlJ7yxO0puTm1*-c z(bV%W6dmFxBHn=#(JT>Svw)@!FZX@?#pvg|XRg;p6TuEV zBWPEM3rwPE(q6d2nB15N7TGnj(0Z5=2}2Dz{S_DW^u;KRB_H`+n+HqPu!M6m*ROBy zK6(7QP|yu56~L>o%skF!D8{PQzMGnfH7#)Fr2S0gapNgw_4o(1Ydg}osIGmDz4eK=lb{rqY3Fv=~xjrMC=A{;#()6NFydvTPIp zOt@4VaQaMiA9UF}r~gjZM{LpO!Ou}2(veVOeO326M}F^puvb(7F3gom+nH9^I5@4? z0rQne+W8NxXq0;1)VVSUx|2(#^T0yWCV0 zW|XZd`{wiRg|xa$V8jO)ZeA{KCy&78syd8<#ELhY%X|c_)~1kUDN;%mY2qZ(kSHAb zF#Qkfoh3QUf+D(ehdcGzD>YoYBje~Z!;R5{yRm#Ok791$R<+^LM@z<-FxQQFWQeSd zar2YT9EM#W$E2BRrbIeW*ICf zsB|;Vx@T#|gvbA$s(-zJh9;rxOL3tm-8qb6M<#@%q3-LCv+X+MwXwjHrwL^(e&t4q zD#7?zQK{^>we+saa!-gP$e}_}8kg(r<-g{>lP&{}3*1#IjkFiE^zR)TMs+h-8HMmo z2sNdl)F|cUv<0Lr5=q4sw9?YmSz4~WYz1hz?8rvWhRHvThDEf}Zr=J4*bWma;55EGaMLrb^O8o8V7XYOTG6q=lqlQe&X7 z>XoJZC<-$s&cIji)6kk7RR9hY{v<8nZ*k5&nQWvWf$ouL4U-r|YH@ zSe$6pa>h;pOAV){bJntPHL!5An8H$GTF^gtJ0AdcGG*S+YZ*66$57?ue zCk43^<4o!+3`{Y8TiI_f=*G)I3P(|kAc3EnVv2e|U(lNXS+dtbvB`i+IZ9MggI~wy z)Oe`9`T?Y12-gXBkdCmXgqWdo$2Tu;w^Os6ul7GC4xL6zeXN5#)yLxc$G1r!EiKKQ z#!DV17+y-w@^$uPp>qX4(#&35$EXwfV}i2Gic>tup)lQe5kRL9aVj3scoFkJ#OKx@j54Ski#L3rw<2)Wuy^~4xd()&12_Xfiu6b|j)%g5 zw%pUKOzT^_V*l{JnxA7Xb_Kc!NKjZ~u^SDZvKXxp1y7Sk6CG}z8pCF! zx0Lcw29?82#wI>Cl*o_H++EX3WL_n3$y7pVdc|Dhy|Mgl$G}2SKwwBGASnfWG*C%_Arv%J-2<^BpREfvYeZr?}Rh+nryELhc@QLORr<8AWO^+r__rS3IxSRlDnL zww+n8w_wiNHE|@FnNofTh8q=?3{Dq8nWZ2JQxij^CvjZ$u(*I-*3i1n7k96y7Jm>^zXl7SDob}+jBW^VY7PxKu{GrFPv~nMTExX1ZV>|2Qh7J zpJzyfSMv>g)1HL`OMA+zqJ3JF8DCrES9lKx=UsKX5>*AH%{+WFtjjx!5J%t_(PrSz}c-v0cWa>}HLL=~+*69Nol z>QFXBUYuRCx7u5i?2N8Q51c2}@^?G^ROjX0I2^QTjqBPC%gDMNl67}FURbgh7m>)6 z(WL3yGRfxqE*hPaRqw2QmEV>06#uiNJH>2`HRH=B!HNl-A>zvLp9Z^!iNj|K?0zQs zv9+6T0^Ez|nJp+()!wsb3&=hO9{sypGq^mQlaBauEcmS#;z~_&NG7VG+JOYQOrLzb zJdJoZIkHOVmDe>JF#lU>R7LL=D_w-C7%NR(WXFX9?1Ux*v_kqQK;&IxUD)=0ZOtjHpHhO!y+G@M(G!N1+(}E!$(8Lh0oEJ^D z+1?AhiU&}VQ{X6HJ9voWQ>F;at#2!x+e1;y0p#R7 z&(OU}ot&zBth)MOTSg;Vvt%$Qf@-3=sj=@s#bS^BQFEEvskWw&Ny! z&z#*iJohW;x=-!Cc%RxBc+bjnz5GIc{k61|o?+A+Y8VV3;VQPCtwn4+H#2oSDue2k z=Gq`9i$*INQL=m^+5o%fa;Psb-G71KM_2Q+U-h>1_?wlR`68JJ);7}D<}clps{*QE zEer+@16JQZ8E1<`skMSL0?eC2GhbX`Z{sR|$hsAh3uCZ+;$iuAZuq>CJeoltYvVKA zpQYb}|K;0QO*dTja8rWx|;$>%N$H|F=1ilR=2>?Ncin6PM!NkxXwYYF#a#R0Y)m*J;*L+&G zaI382Th|+Gj0tV^B9@=0tW=-|)h11jEs7?3c9-nD?p@2VkJBTxr+s{~rU-=3_JE-Z z_r2Y)scw6J&4hd0MVx!*i`|!=`=n^u5*26XMi$Dr?ZCjm?(S|(I`zM6B3|(EfGnQ> za)>Nm*L~g9;N?hTFc$wSdF0*7p8nD-Q$Uu^0Ay`A*mH+?+cfV{y#(P63cCK5aam1kiAJE1dHSBo8zBEP)5m%*A=TG1b7&v6NNX55m6lHL z-#dF;dKnAjB&_;1sVOQKKnU&tQSl7ZOo3tbMqM3fxsZTV-1^wvpHp2L1qualpy95j>#5Qo_lU zuqw}Qn$j17IS|~{f(3Mv0|n-_^PabkWn+8 zxtCDh229GJ{-QQiwHycPSB2#%&-5^49crM$I^6)vWs`Z*rv+QbL##Q_=pn_ak;x`YbH??0SjkSuo_-3QafWRaMc*~-X zth7J82};gUuYIhD8if@~J{D6}`jw%RC92=`%u-XkMzF*pF@6Qc*m50DZiU#<3BX~2 zF~*21(J?D=G$oh0akYkoj`6A{Q7Z+B2C)x|i%OCqM+~xon#Y$CC3B=I`J5DSPJaW_ zxuJ@h%uFOKU|b4vBGnqHYdo@9tSldt&vpYY?aky%ihLcC*C$)fxX21!MkLO0nW^wlb|T3zfiqSwIRFcX@+283JNsTs5T{-JHqD zSVk{rBT&1KU)?MT#Z+q>-)KYrV+fhTv^Ens*yV~)=c9y^seJVQTebt^r7|T#N*ra^ zIbU$a@2?)|=8 zllYuBsQ8^~usVAG70`%fAHhR4W$k^x z1^rc5jel6ydjq~evT~`;m=sDZiK+r|H`i)D#ERW+j^8$r|1WS}5-`W|*g^Ob<%Z{X zJxA`ZN6xJQc5<1F>;8zW_YVsU!^=QHc;uhdCD9lJ!aoeQ21SS1G>8iDKE)v*wE0N- z$*FEX=_Km(Rn+LWQPUw4N}#G`n3`pI5M3mB`9#_{202xNlC7LQMD8NC5x+uhJD9?B z;Yd*ehT8sO0X`j`gOhWvLrY;sLKKCj(jI-~(}E9NK}ivn36R3m)Y@UM78sm_N}dpP zNFIv*)fPvwY@Pv3`*V=()Z_L3e8aQhJea-xe)ylp2zbyAXto$n>V3)XZGYa47P*O3 zK||*ZxboT7Z?qU!;@Q0KNA&M@iv$~euDhRv{$jhiF#{Snw$;%FU4d9hc60IgSopjLD~?1Bu(E_^WDksS*0@lvM zXBvy`mvSsu8@X-@)c*H9m8KhcuRFBH5(_Np5lX3{LGg7^7uES)*nQoreBIYL`TcP^ z-hN71;*Fc(KdTnFY%~8i5USr|@3q{y)g18kxp9k%gh0;;+{j$<9fF`C z$)zjWu>maIgSm=29O8m=mod|gJQF6)}P0o5Hq`*!16&Zs?p^ribwh$y2 zEoB>lg@p$XsqcVdt1+6joNxF(T6Sl?bX4uuqGpqK=uYPOV?l*z-Lvwk42iC&fk z&#{&GgcS@J`x3=Ijli7U61!*;1N<`)TY~NJ9sY%WWu^DqF{YIW7X*tCd*P){TF-hruuKlFDJK@B4E2;X|b}~9IaBT=I>3$=AEsY=c z(o@&Sf~)r65Oei5-gz(Bq+%jjpJ7i<%ZPQK>)Ky6)&VnJUU!bYAMO;lwM(y}z3e0N zrm^h7!NKhbT1JYDNQ1m_0s;a~ofj>SkB_6E+nuKGc#{(}pUPZ-uP+K02VX>n!Dz44 zhioqnaWkl$1cRz~Ue($7jsp;n1F_-laJm>(arfE=KIFqGWL~YK0VS@(& za+7V%8#uluoi8(yhehER=Hs#LF77(NYXg|&&}@A&k5mdg4CY=()8pHJwq(xP=hQ6y z`cwxce-{!Wp}@1hVYXyIATB1ARB?OHpQjNTEx*egNzDs1H`5(}p{=b3r|Ms4?)SW1-UVneV1t?B>Di^T8h?Vy(2t1}dQi=MgnIAxd8#$)_CB1Nk4y96C2;2d{N~E)$o5YDFd^x4x>I5_o1+bu;dQ zQKdzBMev3?z5>zJ3D z_yAwfT@E#UK41-4#nczFpArh7ND5{+%3-Zc9bNsAanOG@5Q-@Bc@zJ&x&5)Z-1FFM zSKDp{D#z1&=DZ4;M1`$Srjt$3ryP*jI}@&*-k*Ex%(%=F6G$WH9o}YX!DUMOLTwOERD~;FC#Hd55D7Z^)Mb&xrR~XX>H=bb44zBZud7U9 zECuVCxarK2n~4 ztOnj%zrQ1RxI3R0h_kJH3zS)IYZhpuN#)5UbZfCYPpbXKl%@U*aBZxKf6Z-N?wc#z z{nG~y5Yt45GKg(3XKhyGswP8&hYxOA_=SF5K(Z>Gc=mTvL}A#B9dzmRI~G~NyR|?I zo8tE5OVw+%U}0h7&vZ(v(FPLQTFWF(D`MAVIpnVlsnHM@`efC0K5`5nEWQG;2@Y9y zmb*}zra3V6=IN*T@&yyy;pi0tO1Z3rQ&8RzvX>TT3FdZ0mZXK1k9sE+KfXD(?~8M~ zUQSf1W@=CrD{KK8)GPq%$7wBSF;&_c zg|>>Y=OUIn7)XqaAxg7zT3HT^PTWER^wfL)LcrErxvUvC#y45 z`v6B=lLU1$7joXa1MSHQ4pWmURQ6!=t5H((F)&KR%>VY?Gw0B`@YEE@3kn=IZ+Bd8 z0>1c-ng&zkKaQqsRU~a_8uy$QTpm%>(BHtKI--=UI)1a4#%sm=NqBJuoOA0xGb$wW~68vJ(0)b>=oL=615B z5uxsJRuYo;Ma((AmWOlQe@S=WA9c&T6d@8A^x1(Jc;v9W!3mNpVt}TGmqllz6U2%1 z)Q1axMZ(BFRXL=F3I&6U$w;MiR)8BBWeIS?L<^4o$mhlaeAnV4tOu5qE9f4_V28Ky z`n%eyz?pho?pJze>?v^+s}HKh*lK;fo;;@Rg1M71=n(zvay7Pmo9-XY-;pE!cfR_bwLG`#8XRT?y%42=NMj{| z0G_CROou3Tn)v#jakzORS(3yO^oHT*F4O2i3d^EeY(j0yX2~#|l_(P_3Q@eqQ4>0o zCyR`HzJT%T!RPtr;wH^@VSV}fj9YLvUvs8-d1_#PDI}Ji;CC2*r$&dKQc-Cc24zSf zIP#(txKgGGL3ZWXcSoia2(3{tjNso1AJNn2Z1W?5l#aFu z^tt@*;p=mh*U@=QbZ4DHZlz^av{VH4E5-(`lm=|j24Mq1q84-?b5$RFLLIRb%f*@T zpY~f_FQDO4@8g=?*D)xrJ1uYpwR3Y^F8ojljfmrWz-YYM?bG_y!eY>NO}PCmEg>=3 z+WX-U?-K4s1`!H`Cxd|}#BLD&+Wn~)7r%CuR4J|r2-OV5JbR6yh(v&L&^&8#aM%Ba z^nPyrFSAME$Pg{3HE=p>!1Nf*MHx_|9yEqNTp~7dG{>aT+atX||LrDDD$I)YRE0me zK#UmpV55yyK_C`Tv*fZk%;nhCv=lflt5sa+FSGxbw(?QzL|WQZshRo?kdHR9m)n}=V(e3_C) zxw2u$&q|N1*T_CjD3mSz&0iBuCLcWEbFSP{9sgaLSe~ut`+1c*-EOP?fzWS}$gUHK zd=5;^V)9H{g%BLJvJ6ZuFyakpayl*Q2Ay8c4|i|=H_p6nwl@9mI|HtRe6C2iRiZog zVBq*+93gIWk#`}N%*IjEt|xMUjP~uhj@;Bs$0)^y(`BRmLAX`OeRDA?h+;CrY!~R< zB~t?VNy*fZrHh4!&J9s1!)iaj_l3L2MDXmfBtG{aG7X8b23&F%Cu_M3#C&EfT@K8A(;_v>tlk)VtBI~WBdO=~LyMy#DBKU5D`qKCYMtytM|LCCmM<`0j~(nm6dYw}O7xdDW905q9Ma zy&#I6g0@>BJ2?O?oQtzp{Mc#XFLmX5PKn3NEoFw#Y{7;#1GhsKV=CXk_~{<&=MLJc zc(D7v`nO2RYWm%Igo}I+411C7H}qkaiqKe_ZaMEH!BE@sZBGtAzjBjyqle$g*oo2&z`JT5q(1=_yR5MtF)5HV}jPq-l_S5XCcGLJ}xo*RAFScEL!Z{vdLC`0rwEj(MvoX_Lq4JM= z$hH~iz*zfp&=&m`KaK9xEk@9k61{HLpiDrVGARN7ZR#8t@Su2r+v{RzJ#;kbpwHjS zWrs1Mj8u)>XOARFuLQ;~)ojL@Us)#C3Ff1jb(p+AZ=jb)qXBJ=77X{Rkco_%x{)fa z*@Dl1=Vss~9g4FYp4Q~B`Vko%tejjyq__T?v5WunGo|MZG)w4o`hc38YmugFd>!mP z3B3=&;J7QWq{P6P8Efy=avi4@86nhLopZp*=nfGTn~u8dJ1D=>P+?S*T+!N!E9&Fp zb15+#gwjj?5sj1=X8Jv5{LF^Gz^iniETY3I7ru?%AFrK$314+wk{Ylz z9dx~vdfi3WTri87+{wV%uoBOFNL5g>O2AV@7I>h&!8TKbh%V5lE$^)gYKAurc;Q)I(mVDE4Ai{{p}lLE#WQw13uSupho0<$r zt7AJ$h6{Ik;dSjo*?4yzRT%UxUGwTHW4&;uEY&y4bU$Pf4SYwat*kWQgb%ud7J+AP zKuc!R^bt?QfbCwNK(z-7J3Bpvu(zE?h5d*O&836Re8yBp*AG2j@!|MTkHq-I=*?dv2IHMM@bC{nfp<*dZ&CX%rO5K-@wP~ zNxN595o#o{5f@7qG7ENzY=-r5{O+HPyBRwdlk*^FZ_WEH{CqbjI_z#R;XOn1@AC{b z!VVJ=?r&c&qZ3XYL*)qI*OuM-`ud44s&_xD1nqMbrE-+=x!nDY&sE*@@m!G`m5=_})3=t4ZVWvmBBb=t(^#Y$C)AI;3oT_S3{NlG zdr?4TQjH#a)<8V5PZe!h)8lE;+Z!{3VkPP+M}JjhwyR}?m~bP8-A_ZGU_g9lkB0Sf z(21uVo6x5Pxq!Q#i!q0%xVaQQ3a`Xv(S9{{F?(-u{nd;si7rwS106PPa8u~!@*~m> zLA7rUOU+zzn643rqB1U+;;!s>a&vPJP-=^9~N(x}?`41XQIC&wUpV1mwB_d8&;g^^>x?+w-Hs?q?LwOvQ%FyE* z*U4Z;yEe)bnKdK^7FD1q-&@?*l!WcP5KGVcY%X{)p)RW3LM2+7ERZ^zPF-9829|~;OMkGz9nwbNAY>-vI~`4 z}QY?X;r2t#0OGSy${T`u2pTTqsQxSABhn>-)> zMZ#S``xL3NZmJZXYD5A$Ab}qm5;!5gOC%m94ow1G;dG!HOGfUwiAHBLr0(_I>tO(T zSju%l4hISlD5_3-F9(GaixACXn{{V@a006oO^K{Izh2P;d*4^(cKaGG8c4^hj=LJ7 z06m$ZsWbvT2Um!m^zzTz3%gO7K4v_IF?wW`Gl@m!$1q;qX)Y#Yf|w3#nA^jmHtW~T zE$FzWgQijA56i}1eLyjg1?3tZ4@2jEb?7LJJXE{*G z=;_OoY>g=5sAA#D<@0ikU8woM4t7n#uYSLx0ZPGm763@~ z#*nFx)ZAb(rl15yelv2ruHRyYF)5;f0ixFAK?sZlS>H1imJ)FUVGK% zW$d16<{WV+36Ly*NpL}DG zQSHmW4$;>uPwHOXQKq^EZH^+{6%ZDTSDE$XT5O1*)@ri(V{!>8kmO+@CACl&Ry5idddWylr^lAF&Jh( z!^Rldyn-(HJ@({CeEle}7{zfD!nCk0B>6rvFY~g@9Q~aRS_DGzZ^*paoPesQR9z1{3Bx9ADKyiE6C?7JT$jOloX4 zuaf7O@e2?Zi_(Uyr@wz*zj1>ZL=LHZ)qV1@6GAH@mmmZF(m_D$im7w)@IbD#I*~dL z9siW?!FmC4@Ac0817CM9Uw8BQ@Am@RFVp`is7SWI;sRJsFlo$j}1gyRHwT#5kk9$A$sLeTq z+R?T0(eSJb4RGq`_gyGBo9lKrpRY$wV(zLGAy!p#048BG5GAr$%*5Bn_hxsu{YcvN zC|zKLTHc4pKF0Uc_tnC3lXC+x_o0xX5)F2GE>6gCvxQ2_91jh)1aXvWU46{j7F`qw zW1Aw!#E2zNgh?bP8!49r(;!9;{KlsGL>W9wct zT=+II-oW!;Xp_|xXyHTe74F6s;-ASyTQ|^f8dd0i)}!~$us726((uZAc~tnZ;p;j6 ztL^15Tj*Md{{jFWYAzZA6Af+YhF)n}QqmLLRnks)e#}Ege9P~#O#HZ7E+H(mVCaz| zwm0jJa^xJ|k{svO_CAk!i6ivsPO`x434by9C0P51=Y24f>1Ds*k4MVjL98$RCdb0` z@3E9d2`sf;3MKJ!?y9XwXf!qY#6CH*!(&V{bC#lfEm4D6YT>O#2|@MzHL!*uASffD|X zO1EdDgN!VI#GK3H`FssH#U3<1K04MM>|75c->)zAAyojlXin0N&Y3J$3|2@E6pVTwS*PWQz(-Ne}UhdRI_ zzt89H-PPy6&3KW|=k%WYQqs@saFOT#+?`<34fk~ikmd6xIGDwdvL;|N4v$N;CNwc(54662U@zDH414hC8CLnRim zSw(~UFop}2HO!{2m2-bNcr6ugs$G~hXtLt8Y#E&CoL2)yW9UNE{;;S?5J3TCm2xpO z5tW&fm2HRjrTIIHe>ddwT)48H107b++}+oO{Ell2Y8K@x;M+xGfUrXh2+Dw>$epU> z5<6IFV91#tR4{wZR0O8-|FZyF%11x{cCjGGc>m)UHi08d{1#<^YVI%FvGWVD=Q@E#9R?U8QwmM5Lr>ebfZ8ghW6N zRgBN+BP0AzdpWbvX5a&&p-*~6yzpe?Q3sVr}s{&B^HV7>l(#xbh* z&z3$@mi)Zg1Azud{KJFf-})#WzN43EgDsfCa~IHckrJvp=K7S3a1iG9H8`VkZi<{9 zO7?>qnykCpjs2?eOR^pNK-T%jk^uP5&pXZ|GE7# zBwiLEXM|5>l5^s+_v@3}ZV9w7hegks1RbAae|T}IL|F=`kf#!wBkB)Gma{_-I<2Q< z+h?W@CBLds3Lw2#+obgS?Po;_jxf;h1TWhE8K(MBpp6_PM-%}Ve+HjHO997SrXq>a z*V~L~BEZevZg2*l${08hHO;L8Qujg8nBdW9VFSj)Sb>D@C<1iE7AGDlNbgaip39DU zorVm+YSpBlp~qs)pbdfE=|{PR@G9iEc$grZ!UQ4)J^5zRvM_+@z{fkf6-Ah zNlwzAgo~9JULae?TB{La7C|Uoa$)K#C9oi8Bt92W#!BUGVkw^>v1Z`wg>NA&UHqtO zS$DZ8<0}zGX6Ixiq~HirqoApijnN#fiZj2IF()qr9xUo7*JwnukRz)@|4LMG{m)&j z|IzLXA_AH9ejoqWhA_8oG`gK>i6D9HXWfB!t-HP6pZo{8r7`P2)`2LBE59qB%$F^n zt6b1Wtlj&%cvjcz|MqwhaDyA*LZ|;lrXWIT$!lR5F)xFvO9r2#B=cE#dqv`nsg8gj z4l}^?P3d7&8$It7!q&zbyN?zIVKZgX% zh3?EqI&;I%($X((a~B-PS+?0b4#qC-gDZbYMIsNE?MDr-i7sk(7OT>#IOg`&|7%A4 zIelMWIo01-v6h9AXlm@KfR(q2kdP!#(hclOIlug7x-;CM{=qV_o}C&14SpIU8Y|fAza1a2@Y?fK!JXH~2&Q&AY)K8C zk}7tZQl9(wrlktD#|L*z?{K!v7e+;XMnjvcGmO^8RvnC94l5GfOhkuI%K1C-n(5_r z1|iXva{R}~y)=e$9RN7DLtmq9?Dw!wpUmU5_P$~spX)M$zoci5bmS&~M${l2zJ%CA z<1zrwYSiU$4;Q&PAiQ+1BB1RQTRDgl0^IJcaGj{{bP#l}gWECyvhT+a-3-QRG7%s~U3 z!ZW5i)RHBW#*d>j(H_|mCaeHz0E!aOBdGR8Eka~t)fp1N#EX8Hrn^7zW(N|;Qgyab z5_N!xiQuX5H<0M_U;&-*`TWm&kp0wd?$~HH9Q9wpq_{0a^*ess{`%~G+9H(tJDn>4 zdi|u5FZ=x<JCQ_$r2)jQRrV4S zf{i~R!sk=46evq`U$jP7r%j1bC|mT6Yz5#e83$)X37}Gej4DK=)0qn{{Zju1r2eh2 zqree!HH1NMNXNz}MJHfMQiveFo}&u|3e(eWZl0>l6vM+1G`K5(QP4p4!Ro&=UC!&u zLf685qp=u-C@)bgKzgmh5KDm?01GCf*Kv>_UwhoSottxwwq{XfoG9t>qs8~ga;sZ@+ECUiL)Svkgme%6p;uu+acR|j>$bYi> zt@rEAYlJA!Kp!kzR0kn4;gAn2T8ehM{>Dtl6mP`keJ2D$3$&wP=+F~QHQ^XC^yG1j` z(`V^gw{|@y?c}`t8~UbVi(#$cp8-c9H8hcPktbO3#Pw82he+!AUc8N)*E7>2ky}t6 z6(uq87(xz6fb{xdr#Dw^5H*n~Ev6pDMfDpO(Ygh?sRLoiC;>(7`=Pt|B4$Q4oG7>^ z1Ginja;SqkQVje!p4Gs8!@@>};#q~3{j46!VeF#%xB^9$>v5}~N$L=HL+md)xC}fp zyo2d7^>DQyPIwc1X*stos19$(YXc9P0I6L`GwyvZ{EEwJ03Q>YxcG$BQzl|j1UHd$ zSyF}Tgd#7oK`ls6quq@?Ofc4+pPjwkruUw^L83(S-q9s3W41jk>8CU6yMv&^4WFxS zxug(Nok~p*P`s4w*kLoB!*{k^XMI?_KyzK8)%2GwRuAb#{XLzH3#mMS^!5Jm%7T!@ zpOMIP(Eg6nkvC_sJLW?09^VIlUH9wo&-yeGTKtfsSLMZhHvP*!Wrn!s^PYz!?ldxu z2RZ^+HD&|?d&5o23KRV=xJt%oFm(4iY&l#bo_kPlMF``kUv-&(f=i`!sS>K+qCX*aj zQ#}7m*L z?%r9ENs(x9fhJS$5%DnMQKp z(s2sZm0f9m7kA|?jA?<9ltO^8lyIi7)n&5VNB09?T%JavX=%1!acDV@^|3v!lJ{_O zSoW`8vw0knrV2sO;o9S8r?ViC{Vh-k+7?+16yz8>i?aotM3Xz;|7?^R!_F4EP4oX`z;F(S%LQI(k=#xjL1P8&DvCtk@pL2pS zE#RTAv2>?=g>_Gu^1~8{A5!X}Io7fR;86K@$P=VoeU((%EPsdn9#1J9wahb6FJ=fM zG4R)FH86W*| zhIc_}OLPBZpC)(Qxw73Ud>=53t=$DmO1%BoPG!#c9u6R~=5X009U+lH)`6k?Fd$At zIWs-eP!V$5i{*jv1oc`1Zl?=Wav7`JI7vTrT})u-Dm(ugODj~?4uLW9#V0PL3apnK z`P6_>>`IE+Mr35n5mA<%$Ei3`PJ}_tY%B9Aya-9VvBv!+`Lah#(S&iherH+Mz)sk1 zDuXN~Sd^u@Jl-#zFZyF8%{eOD(8rA#Y8k`5pv$I)PNt>iVj|7`cdGlhqrTf!;HF`7 zvzYl)=4XZnpu(6E)8sHCuj)uD+B%hs`njkQO*PB-;6M`qSavx0@-6YuCgRhetB-*< zkdRZbwE52AfNTW;n9eEC7{Tf5F(OSV4vUz{5zS@B%fUbysTfgL@^sCA{|PP9zG%P3 zNtY%E8Ne=xIM8=_zSt~)SYxS;60B(GY_U%FLujQ-e*sUUM$2XF`e(voctR3YTUb#cz27lyiV@ z`Bf{8YqiBssb@=YWjWTr;H~n9zl0sXu(QxM8POTEY~ zJ@jd?3V}f5_g&n8n`q-|gZA6kvpVA*U$1t9mL+emp^bDk5rG9x*mvCOW>dUNP&j0@ z(GrwS5CSpC|IJH0`NjOoLd4HzoR2>wPN#a-nDtXFBm0cvJ`l}qBgKc=`s2vY4zY4G*o zaGNEO?aP{F*h&;X%y=#l@02*zX`FxxCd&FyT*+c`;n91{jv5F9IuqLImObn@6R0V9 zEu&lQIyADJIJwIk=mi4|k|+c)p+QGW)K4GUM{ZYgn*ljxmq#wRS8vF84C)!~T3^%( zFjt>fFy9&ug?0C9b2M<_swGflFwpSR4$`}(v(xH=l~uht48@VUr=Prrka{)O6@_Zf zCOK!iK*d?)ItW$p{d(|E8uQ!Qa?dxbNjzg+8q&ElA>4=Ht_U4F#L$7msccXUe+2Og zDtUr0>)W61*4EZZRAOkJYQuvA^N@4B(ivWAni%!sN(>iiw*hojn_R#3sMV*MW10;2 zXM{DuXe0`lGS3Sv_Zwbm^(!kdg1v#alW}WlyjZ_zr@coR6QQFSMpMIjbYP)AxYy=_ zM_W3qziII}ac}y-=;_SXbg6k%{+G|bqOtaOy?B0nvftu!JtVD!oJ_N<6_ zbvazo1)BsWEe?^JRsc<{+Xt{RCHNOF>TJg8d0=7N9;)lZ z#iFYhcNB+Td2x7I7;bQ)#WJ4e)D8?(3U%t#M#Zl?c0n9&%`2|WEh>- zyjv;wE)GPxu?HtQ{IB3Z&Vq>VlYh(T*MqYl7|N;bUl?e2?ST`7=kvet?Yq1u!TVVW zJQ6sPW;Fq1Mfy=AdC&vna+J(zq8%A6FLg03<#Xk?sELX zR9RzQN5@yu9Lw#>@k&+}bK2ja5dw21>0P8;hTN)xh2W%>yM1i! z?N+b!J(eKt*ozbR=CJnj4|A(0hmPL~zJ&%1hc{Rt8C(o|@AEJ#sH1K%9Sl1>Jp6Bh zgowj*{etR+by;5>+;JGg>zk+%;l~%NXgbKc7M8^A%PT&&3|s5bIA>_olF{|3A>_5o zn_%}yi~-?l|94Y=ZCeGw6!1L@7QT7Xg8A{h0kyg?_pQny=Nxz%{W09#9lAxr!`nC9 zFP&h-JFiFt`HR4upJ3O^(9|j5x1Z`zWg=A!m2?s>@w%oyS2wReQZUgF{=uc#U2heP zhnt;`tL2S&)~rEbMMR99%h42Ft)6xyQ-qy;5&igEejy5w`2$o%inOHkr7RFkqU?;S&t4jb=xiT z8)W7UuGh3~MVb1@-PQShoEgt--(P7mq^>*lew1*#g2F+I-?^}=lr%im*#xklrzuWs z`h4iXGR(w!N%@O{&#|%(`7Cr{0tm)uhW7Z(6|EpTPQo&aW`ppC5q}Lb0@VAlb}#%O zd!O^mJbE?eJM{VJroH~ysOkfPZw!Z{S+^d#uUbnCAi&G{9K2`u{pVu14`{(Mv-;ud z*c#K4mwI`IaCrOu4()?F{4kJ*vr(J*wP5khL7)W433G~R{})E+|MJJU=a9SZ<}@6H zE-83aWcjFcd&zd#E&>Uix^51$o!qCVvbfJ4*PV>JJR6#qlE1s&t|W4Fvx%=loDAj| zO_B={)nOztke;gR&M-Ht6m5h4OsFgO-TLvtKEI@eo_W>J-~hs7R~O zYdU=j0%@Z4Mg8FB>?-I;#t8x}MF?}-2Ab47=iI6f_o{5(X+;OiP-RDU?P-?twe?mn zS50aSIQShpu=^INcw_DZwQ0Ov^RXr9`4W>|2>owe-A9Qyt? zcYlACDVS-79eJ^82k`vGpyjD%!##;VTJZX?^|tAbtEGBU5{1CUfy2*JL}k#@DPUs+ zhpI(I!X0S;!2;NV%ZemF49$;f|0%ZHRR~H_pM0o0NL9a-fDA$yu>?lVBYk}H(+3S{ zhXv(;KY~W`4|z-?Rp0=$d?QSs&OO8M?|!}?!8^SK7`@z7GzQAUlC9M)YY2(0Vd79iL%_$ek$`~tD7gxugW{%fr#500&T~P{mjFgptqe1Sr*dZEZ-9-#%KO=dw^@~ z>tbxY4PqHzKr>$d9Z1r)r!602-<#o{9%0r8dC6{}ZbBZ%E>QYt>%W3%YpwI#vhhJ^h=c7oq3H2j&HAh=!5*1zYtME=WJ?`Uf&)fV3W&;Y=~L~l+2t|ZP>6Ji#rA3yP>;(4G|FxAQXJ55)&B^@ z#P?!O+)8DZ7q#q_%y0z;G7fh(bPw*zGfyrsaEgX1*rFBq^}fHh4Lrj*pnxBx*bF*; zY;Sj@t|KsdjGy|wo*luoUNx4;55=1DHmJ=U?>6KXsvjG`S<5qFjt(6ul6Veo?5A@4}ZfNlU0}qu_NP;7WQ-s6htw#&$!XhmvhQYa219M@^o$|emG1E^b?N)|e z+O3#*U`s<~{3JmA;t)7GrIdNerY%hcRrES#KrXdst4lFZ4aL>ov=h>J0X8?~g-t$G5 ztUrUxj-dn;1&;ds%B}en_Hy#D8<-~)C6`l$%i(RxXIG`Ma$w41>V6 zwTko{T*s}yALnsE7-k0X%8W>HArG+#NwK6_VxVM0-M+k7&94EcR?Tv!iW~v<9NsdM zf(wV=7XEv}XOACc9Zf|A5W0$l%OD?*s|+eEg4g-Cx7|Tx^I~35(aLF0&$Bk8rB%}; z-m-lJgp>@VQhtu&MsRL7GP~}cy}tSFnv_zVNIE~EEFkx`2i)-Gmwq?(rHZX&HG!r? zc?lDGXI})nG7+s=byD*X7%T!f-yv8K)gnFd;WpjIN5{G{4< zF|=R92~G4>tOeq#qJp>Pdw?&}BI1a+xK;V)ur2+165no{>0Qo}EZ z!Qo%!TFRwEC^@?-Y=*Ya?s^p33qjgnw46S2)pj6k?X;@ya|RS{qs{ld{VPN2_kJ_# zak-(}Yl;SyZs@+6!{@pMiu(PRgNG!ec-UGZLeAgi?Bw^ch7MLBKgE$jNyql8RfOpe8!<17NJlU2 z2oG@AvC!?#pF5eOO3ll!MTzngHuCzlV-L4_ml!IhXKVv4lz&i&N4hh>!0a3kU#3q~Xw z#w&eCK^$a2gSg`&*DN5i-1gUf-OAvSO9sb8Xt#Vm1n~UN3OHC|k|(uDHgDq5<5;{u zz{YrO?k@(^IRV_=sOwKPjUZTCMjr*S!E!KzJ8R;|a;T{u-7#%?*w zkGK)qCG|lj;%#xTGLM$Y+?}#-_uR-U)bquyOmR3r<%$#VH2YN?Yd1e6w@;^9a9sPK zBG3{!L?Lc!9w8AJ`BeU@TRFqgj`xMID=qi*yfikc!lft`6zyb*T*ot02dg4#`wt%DJ2tOV-bb0FDesjkePKhrB#e5&y?8?_p?~zK)D+d3CsA z1U@rp>r^7a{)-X|(}jHGzi16NzZ(WSu<5E&D}YOSV95XbvCeTBfyOm(o+Zg~r2qwC zzdj3*g46`C(}cA$d71EG4^%rw?x=%=d*}5S99K^?Q-0;Z=6>FymK$5zK8h7kWStWs z1vHgD&$_lW&}Rs-$HX|qC#@3SFAZDWF5J95j!mL4g9B6QypTE84uMJ^w~W0PO7IXsL6PT2tM3>E(&qa>%RT%k;ij3 zY^SKx9M}(qay1mAuyhkW&IyzI+PL{gIBnOqgCx*^E?)-JyM}J@s}<9-wWQig2Q?XN zTBOVbaRK+9ccLvq7hErC^(gG-{R07?#YUS}+v>ISjh9F0_} z0y3qv-4v9p1_SsaIJh3Jvg>{%5#zbOGn3aGMCu8I9|!af@`~bQVwx|*by06`4p?Ae zeU-ResT4`cf6X7p0Es6gIntD?rcK4CnRQ;&H4@Z@ABg#zXFP;bRdpGq!rCGN0!oOj zBSB(5cF$q1Q7)mR=gplAwx;U44(`oZ!fPl}EEbjG14P4sHTu^(?yz8Cslju2HLMW_ zns(^{m1d9&ihE>4?-UZl;~3`FnnABtk$3N$*fD$>(Uyd&eo9F zxp~|)wuTtrTI3b@m_EPGyM0nDtlbXUpI#g#Ev&k$K)PF=m5M3|O_sxn{BJ#*<6V7> zaR!OrH}`eUHo}INh?4lgTl+w3%JxsY+JnN#?_@ykKZ&p5<@?1-f_U= zC1rkRx%aiGl%n3|%Br+(cI+Aqd0i-+8hm7>$5zV}Yp>ZY_e_hmgH-t}8W~gikFj3G z^d-j)?vyjRhzvWlYP36hM*^R=Uw^?dF1dc)Ckcl{pQ0Fs3VLPHdF6y)3Ugh}8*Jes zn8(wYewTF)vY^rZe-;2UVO<%b8roanEw7Z>vK>}g=wL=|wSFx#EtHLD-~;qT*$eIH z3F5#i`sh@1MK_^}Qdh(Z7Y;C;q~l9lGeHN$3K0msp6oH9EP1xSHIWNm8kq8TE%iT~ zcJZZ&U5OW0ek3MzdT-trDSSglNqu{KjK4a&ByFq@+MvS)UxbNoz{ixWhQs5lj+;Wc z^vWT|WY-`!bn|bumSyr#F!JkHc7`BS$LrS==87Hr?_p7m>ZQlKNJlr^8pDoz-897~cdLUU`kDnP{`Yd?$# zy(nn(>wW%U5LGkT&^6p*l4UukAKI9@(%~#rEwkqJ8|BQpx)QN5{kHKwN0y@V=}fXUiZA)uSO&0ka;Z0lYI zoWOujPX1sf?)9{L%CdIa>L{$$*~nxA`%yX&*BS88znA|aebn^iei<-S4jWp2Ia`G? zCCTG4V3ESEd9i(JEZF)4~~9bvJn8*D*Go(q*cz#t~SZr8LM*QW(ODz;rLp0Jy$aS z*%q@iLRKA^msQJjRx*^Fa)HD^Q%G~ine=*rX|=`z!6Lj}!jh?kDvbppFNP^b$=!5= z_Pz7}(R7tzRdr4D(j_4XNMA}ML=@@nl5Xinx-LkkARyh{-OZ(uZfWW6?uPH6@8|RQ zlXK6RJ$q*M+B0h{bvzh|U9{;c>cl8(ZSk`XK4N}yRFL@8KPtSC5{nV2v$R*m>|w!v z*6B69e|pBMrsqSz1Mx#+wdpXbHE}(e?_lLwPG2gZ6O)&gxnOe`gAxUw)y8aDq|^Ok zNNZF%SzcMCcP)}#8fb-%kp1C{-(iOMuftT*oZG>aS@4+=UT!da?A=SO)7}o^Nz!)x z3hAh_*iwnsra@B+?GMV%BArddqcsnIHfS-aj04)BM&;*;8l@_#L435==vv}rPlDc;J!4Rl~wIICx zl!B;6%l2@vDVk(}@M*eGPR;e_JnZ12P5r5=2)~VUjlIFiTG>2%=b%_C`ybUy?jg=X z;w}eU@aVygI(P%mBul7 zNkcYk$z+BfuvW*0;bD>4{d&$L9bIH@j+^F4!R|t7q#tp4^xu5t$HiVaea8g0Zfr`g zeJSy)vvXbLQu{1dw`o z+sjl-rcsnlm&WR!UZ&J(DQY;FXzp`lA9_#Cz7bw_anUf(Od}{Hfrd)!V8cyPt zz$ma2r0t7oLvwWWSf=LwGVHcnn$Uwdqw2+dxNbGcub7!GW7&_81G?ZZE9T~AJ~}5CMp=s%iVEtTuzQAbQxLgy5F{z&_fUDT}gP4P!D)z8DT{G zndC@HXuD>%w3u@^4Q9?R`pufZ1nhi5EtkxjV!r98MFIl@kg91qIy@{=7)~w3?v<0+fbeewZY36Q$prI7y93tgkjAP%-z{vI2?%Q7rd$6<2e$ zE0rKzq6W&eIg+g0yh>e*qX~MRcs*fR#ntviBTN1X0vl5&+8>hNE$Ct`E0I&Z-B|tY z@MHLmKrmBWpZIlX-zqi!DpJ`6{YYG#%A4$4D~`sBDznSYsju^KHJ8KdCVqC7dm4JU zMSo5d5Z{?keaD73>CtorHA^dfIjpEDjq>fUJ|KI_>f35c*Y^1KZF>%LnDpBqSM5dj z9$U*UOPlWJ;QSkFOeQFeT8XFH2nQ>96wak%KV_d?JP7;zk7Zh02c~0gZd2jUEaDX- zQhMQU=BXNGS<#88P)K<&td{cVN*2;dDdvIuwwIO1WT>k9QfU!mrxL8!SMI$d(h18n zV2*>#<=%kp@OCJProo8CFE6txq#iRpRf`=`s{<)nk+gtw(z!& z)52Xk*~wL*`dw+?By!n#;k?ab+@JixelBpti|U72<;!U-r#fb5e|jDV}6yK-4tM$ zgXzAkyu_}auV1&Vrf2o0ccHm|u~xKd(-|7MpDvM^zeFHvJH=7eBkN3M1}A3ham02G zeXpEfy#4C!`bLw=q}fwdXZ><5A1AE2uh-8zJ@27suAhwBbtOt!G#=d1$LCpD z?H{F;@?pcv&55j<8eF&k#6E=E{20wRNd|&A@9bx8&xa2I1tmlOH6d3!z5IEHD?y*zGU-Gv$6^e_#|h zcS&2tsj4_sj0{7j?zFe*w&nrxv(ti9w+|3m)vt7rJ(f47d8EXw0aHQ^x4T6PJcj1S zKMhM`*CY|(Cj376=_Qy-yrD|ylap`GRD`1LNm6iHV#{I#OavrtUCHL|PUKJD2c+I= zNqV7GC#;QoKJFA`1q5itYRB;VNPUhKO%d6nD7Sfc@cLK9Ez+JtzJeloo4sRL^owN3 zV=yM^u0`Vgg3c_|;Fn3^SX(NjF%Z{S`UsXPDf@h+b@1GLFzg^btO1@ z921;3NQu{ni@SSQ=-Rej6R9beWAu$cRyp*noS&A3jOrGUBJcew_JSXXoC-o6nN8Go zmEP(u`qu8ahvzT?TSJPfO99Rk_&EB`B>DD>1Injj&yB>!)cQMs!OIQ6{leV$4FEnr zdUrYd-VNkti#q}11h&cF($dKCf<^S-DC(>p4b^(ZmDWU}~Na9n67 zCEn%tZkiawyS?s^?{?{k0rf~}Q{rP$NqtS2wag%d!^*u!sAn&H-WeZ6r3Ch)SXrw( zdfIF`ZEZ5S3e{#QmTTiGxLW`4Fq(%sZ+o<&H5W|Q;xR3y4QNwydkh`+JzZ@c96efx zwQlBYxh+9Oc2eW*)U$MF2of9!r~Sc!R`7I=^JVNy+D`6QjR9diA2dklX%=vB5a0r& zsc8plD3BYj8oHKmR4tkhKQ>x4T1tLf&0o5@9;6hbkE526-(_JI^@-?RY98;Rauk2* z9$3{T#Oxa)`+|)3PviRh@J8eQ4SwDc$qe^HI0+YTQV|bZbFzjQH+9zF3Kwdt$5p5F zdx;TV%)Uz9u4In6TdJWmq~fH+pLA$8?-o6HfvEDBHFvNGu;A4JRCxWQBVQw;$4+xJ z;oAXbZf?y@oD7U1Fa562H);3xad$wMwU`7e@n^EO$DTKVmA*7bk3nQSKiffr1iwVT zxNr8`|HgpbEtDX(B(~ zAk(y)GdGXW0CeUG)8oNXn_`l8y*ea!343hZu0?cZgYVRjB7`1mbzIl$@1)s2yKhy@ zq`5yWKHa1pdff4)p7!gUt)gF#myq4fCG0KM!^C94IV=8ot45xEh6USzK`*T*e=sxl!;UJUXF?ZD%~rdQS`TwJv@vs^=hs#yE|8^*Hq9 zCS*pLUsTS>eb_{v_P08+aKI~eF6N1>o;NK{)vn8L*_`eR(OBo3oxW}Px~nR`^|q=-b-?JA{JaSO)^9lDcwZjPY*i?+MlX;)49W9)v5!o@a zuvlPKX5wiCwtpak<=4RV?p6N<>Gi9z_#S3h^um61HWiiN94@le)+gG$t#B- zCXOMT9Sj{5^3Dp=Yt9SkCK(w*BIbH`=JjR!=^j$BQ>$SkeEUzORkB5o`-+)B*$1*M z&H4_|eShvFnVbGCjke1EyuJqOb}qiO$HNiXJJ0P(9}#<1oPNl6@@4EZwW!IrJEb9t zJF{D_FiDR19KMaSk*-A$)J4zTyjfRzbYVnHJ+cfK)??v%+j6P}^=8qK-V}90RzA3!$p5&$y~-(@7yg!8&xdDi7`kKE zWndL3wP7M0d{GXSS!O8ZGfH>A=m_ux$nUPg8j!7wVS*vhOX4l9G&o%IV7*i_NAc^! zwaGO&t#95Nw<<9O;g64pN1FCs)cA+xj}DV5)kmJTM>uJ%)<>iIcT+=ens>(@Ra@Cz z%fqx5l80KbH{)~}6|{EYGSx3zjB&hW9j?a)I6DN6FpuINPe&;W;=#p?)FQO1#t;Jf zzC+LIr!Lo`haT3Y$BQ+c+hLnoSFdG=FLxBN!X+xx-g?7K$~4f9deJNsP*pXF-|Eag zbnQJbax=WRW9=5FEMj0bSV;Ava1ZU(SnlGWvTI?Q+exjercb6u<6c2+yNV)1gL{wk zbnz`|!=d=^hSKRj@cn?tu2CCI1>tGZ_YlAbOAlw(jAq54Y)?LLrM%6-P~iJ&y05g4 zLz}Zsh$@b9nCcD-2_Y#QCNa@~!S1CUiVXn`;eNmH{GMz!na%YQf^aS@A*}PocM-een2R?1o8Z*rb zS7f_9g$H2=T)Wh|JbgpSz0$gR+8EJ?Gh42Ae@=RJk8pMx18UEsk_;IWg#6w{c{3u- zP)P>Pq=hzU#}NF?-s^*V+|WDeeaUlTxD_GftEUb~+a@FZDt1PJ)oT4Vee6H5pVN47 zPs`+tqcX&}YdmZA33&n|aFo06J`vV@9|`&xV~z!H9&nNY9PGo|*+YJFObV?2v$wxjbR28?}XDXR?Ob|kVnUyyNs zh3#5tr%_%CMAII>nK`G=D1xruLM{DI#Gi!r6}YcG&NUG^c27HGyhqlg^G{Vzk6fyr zONVfG{+<_;NS+s3Bh9+@qiH-rixcex4lGqA^eVW;Uf^*xJ%3#z(<7-7?8HT1%jr zh;Ls~#kv-#p6cP_*1LDAB==7Dsmvh3*wdxm!u1cjy%*=7DIaLDe&Hg&`)0w*o(}) zs4gn}RXovr>(eLI*ww7V<+yW*u1!n*RqbF_m+W!l;OV3)Dh+Dlc;_!o=5eK5=B}M* z2T_RY)Zv?*^Jw=U(lS-+)vYN+o@w}%%!Ixd+0LD(r~Zp&Yp;SPl=rc|CJs~5o zF7by&Fuq=2ZM;@pk=uj)o6;GfoI=UL@1?stgta`mJ>4<6vp+sH09d(k$S}q~DM`Ue*;Gt|9eqiz zPRy+PJM-gG^gt6G#-xOv3*RqcsC#267=>#s1>48*y_HYD>jEZ3`J>y%($7ms?gyr2 zf&Wh480nR;;#G&fvdgutDGw%P3osRuv?!IDq8=qTsMCBG^Wvq%)CFT}fuB+51P~Pp$fld$STj<)?6R z`qLa7#JtwBTj*uUO}esVA}~KBFXTp*Y!T#o&U-xcE>MCw>jp=wU#cgu$^Wy!phO^o z#o)X0`&4fZ=$Y|XhNjuUn=BOLpI`iVo7XH@d0R+A-C-?aK5p%7Z|FJ@7h2Y;$$n4` z(Ik@I`{+Z6yuBPjd0D#j$8%U@C$}znk1^{d?&sJsISjI2^qC)}gemB9&L6|}8}pg( zp+`%KnS^a`2x;`|5md;iR`fMc6G|77Y#w43kT8^cj4wh0?%*6tO4E{?IbjpfcW=B= zAZI*k7%eV%{>3!<;#eGe)n+mmw?+;kI5J4dF=EYR{?dRo__y6H$S5Apq!U=t!BTYm@2CRqxKU4rojhQkWD-C zNX!tvL}!R)u5Dg~B}upO^n_i&=k6Huy)`wy{utA}37lSa*2Dcb+{f9?Yt5L7*Ue7* zP+g*aNl{6T?<2&U+vKBkG>EhuOecF}9GBBNM30xPe_Gu8140@5EI43d@BAs*c_NVm z{pWpy98fjh*p3J1HYKxjx?j7B$#IGo&Hbv3%^PH+R6pa4Mw|1tiGYH{ncrvZgG>V| zXV1<0A)mht6}s`4Z1HcWpIYK2U@2z>b~(-v zhCT$?q5J4w@F&x$lw%u0)#~y%Yv@vc|HtiP3y=j z`4)=5=?!tHIq>$K?4FktMl2B0YC-sZ6_p-pSI3B9o~`&ct?h{&Lht?{ za2b27#W6x3_2~nYC0}V}N9XLhw6>~8{Vb%AvNGmaO+Z`Fa$)pbZg_`DLPSh_j!9aE z7(QVut7OSn_l2I*jvDKOnEW1v3Jn>j!|GCvwIxX%FeJdHwWE z!SmakNhtB3r?<)5mRwF}-8#23DSYRV`sT773bc3lUk|7bT^`+wZ4(EJH1qi0lmE!% zs@R%8FDz07U~kX$>lFhd4nIW{h%2T2gQpD~MgFOrjy-k#8jDxkXk~|wQ(VJyO55LN-u-;Kcz^lS z?#Uy*_NaeGq+|P7_Oy=y61&s5Bwa!^)hMeopo8%$A}oJ9dz*+IFH~y&wDzSgS&ptK z)#rVX{+uuX&L7N&C@wAL1z@Vk64zwpu?me6KAF~vHNsC-jDN>Kfn=yl@qY+xcTUQ6 zw62hPKVh_`ry)4~MpEVG#V7lLb~nXCn0IBq)k7;=Y%C3WLBQo5e0ydGRJo$*Wtm#l zs5hjm-p+EoYs#&+CImW0A{RJOF?V#(dgd#p?R?OUc`rNX`aO<1H`4!e+T-bdRT|61 z6xsZI!sjKY8&L`69BHkki6qbuyY&8km_aJ$jXxTPUzO@&)r?dQm*KmUUX}0Yu*_5h z*Xmux9^!H#$#MraixqhbJ2`DcLJr&_qSrFc8{#H^iI%u5cEiW=TwGb~9nSDV^|Ib@ z{RUwON!C2nlq}A^DtbM6G$4|yfzWt}IQ-Awx+#l6%_o-RhI?k|5HxoAD`7Rv3(Y;U z_(}`V(`xEW-P3ReTZ>_b>r!pPX+OQ}^;AbkU!XSUqUTE0_{FpZEqNJLTck2%Kqrud zQUOyr_M`eW`@E?zM#u)HWqZ&YHO5V0ZDstAQOkk?TJ>4>E1?+do*(lcT;;8$T=Gk% zy>wF=jA6pjOV*qO1QkP7R=4r0KA;pcpAi0q{UsL)zPh6~?7`CF1I>FFEoqnN;(~Ph zVMp-g*Z;gllQUvqTK>%|i9JrWjE#QSm% zIjnQ09}0CA^94&l6f2|QU%$}0WZYL7S)}HVq4~`ppFU5n0+lrx_w#UT9BL{ts{>hD z*p}nHX2xW2t)Ji1xS7{!DA^kASFWM;y6~=9oP|7`p>7bu3t(|a^$~nw@?8f^eSH-w z^SBZ>W_u$XpmX1SQpQ*NwDs6mH6Pp$+&jAuFMnMZ4lQSGb~d6+(mQYxsU;UgM*3{i zUF|^}N=m-;jy1$+^bc&}vBz2tsg8Tf%YWa2V&#o2QzBWZq1!xxXIiKqXh?CqI&hNE z>UqlNMywrU>}c4g@wg+hG003gMLaom9GX({CODathpz zoMS5>RG}*tPEewX@32plS;OOx>fo{Zk^KJ48ZUzymVpTDtXLL8hz398!Q7^aMc^zE za$ST5*r$EhJEV%<0HWL;oxDU*8CUJ9coz*CW=~L+-K|4}g;UJAPzUGcqg!&B>UUC&>@i z+&mH2N3P#&#hVuRDJx93iDqC+n|+STVJQ^OuDFcy=lg#zfa&yYurmUE?=|@5#RKH~ zvju8Ke-2beBz;s<&j0YD7^#k5C^i%P=N1VE1dBKd#`#0O9Il&=Q!W3bF&Tp7mHT_s zWhflQCx+_pAp&W5=dtijV6Ahx9TFaB4ZuQ3Uz#tylVk27j!ywW-YUxt_kHyCN#?KW z6`N5nZII&bu6&V}Azz`}7w^P%{`vmvzjqKEPQgc0K{r?$Y(RmAj>c=7-aHl9SBh#4nQW%p^RpH5bUA;NUycAn?m}{+w7ZxPnUq;0$#um zD55~Q3;WkWmXFmcXlDkc>IEfh@q3!x57TF{@B-x)|Gu-W!cNeuiSZo6Zv?`^q)__$ z&N%gh&OqRB4Aj~^b>yP+!UwDd|LYx)Wz4dMzS;gZ=!aY|DHQstv9W91@l+4L8e%~K zdqfMAV+#*HUypX6Ea>#?N7HyV*R%eNCA5Co;8=i=gq)|~ar_g7HkEM`@LIcnF+{*> zh>C~+ab5jj@{6olrkkbvRqn0pU6>3GBG)Ku5p*EUrOP(QPIQt>oeVqh!%V-5T^TL` zm&+PdIGXCCCv)a2LPlhtjem~&YSNvJNPglAgGNrGd60q$Hau4p;YqNXSj*xBcT#C0 zYQD*&`cCoEuW@x-MhJo8WZg?>(L}?}6YxHS;OFI|?^PR?UEorLs9qDxQ-kF**Jt8n z1Jh6KF;=Lvy=-mH(XNO-!~LIJ=gY) zYT4XZS>NU*rvw3IbfePa@I(v0;Ez9Ga)Q(lV-E()ZUOOxf4rS&)1tOi-&@z$&ecnB6Y3Bi+iG1LiKE>^{4;_3^a7{k8! z@yEPeO}zi9))NHg@Ti2R4-{P*KE-*ChPZ|dHVMkipx*ef2{OND6NHrskC$#LSNT;c@2vncwH}_9FD*Nt()}rCL)Wn7 zw_WTusE-2#gNH>c@320awuUtRCRZZdTl>k}pvPv+X_Pc@Itb^Zno6%rVa;jYc6?*w zW{5`Ya;DK0qV3>7^qV?u2LX{pr6o+iY-GGZmF!BCY+T0t2AhCi=a@~6CF zPvVaT8;j86$VGIv!TS?2w!vPu&xvs<(Y+Ghy(Mc^v-(lJlRq;T{RB1an!*veApWr? z&L(GYv7o_CZepE^g@w1*i79pcV&am4RS&1&5dO55_JqoCL^ZaTJmhvO#a-2e3w>|M z4_=Aj?P|GZ320nc*09xZ)JB!0>hO6wf&8elzi3271|rIkT&<0?)Y~7}Yc0ApVW<5n zehH7}YpASzXl4A;UW>Y#{MZnMUs>hgbmLxI@Og{+{Or;^b70+LaC6G&jAd)K`bffe z{{6j@m`M|{SD+D$+$){|`T#f^IarMge`v<|y&#sOSsj0KY{;*Ab&Sm#nP_+W&de|s zioNN<-^n`Y1$2Wv;k5y%)e>L3yW$jTawAZ?mAYwx$d#E zmZ*&EFy+l>m5Tlq#j=n*2cs)~yadAUU&LS?xUaT_A(OAwSRARGZ<41|2PrsP8eO_- zjm@h>BogEKP0sS3<|3?lxUc(?3bh(t6A#9VXCytuh?gp5YQ^k^7sWh(wpOA{Ro)n^ z|0eOA`Bt8ErkcE^jRQ}q?n=a&63xh6HtQm=@nH2Z+UNJXq(FO0dbK%E z)l2Y5C})AKB`J4zDBs?6!VCeZS-Y&cKyBC;RiX))T;gpO zQ@}(vRz%^452~(*mjbV0KA!oO)q2ql5Tb@d!q}gO+NXZgqHmwR1Xodz@hwk!9yOyKx&wsY-UaEKnbCRT58OkFC+Fh8$WxR<7Em-%iDT{z8Rtty1#GIkK0oe<1$f#j zGO)?3l>XlUZMdICl*$MvIf^CcL?3IUs)H|kt^Q(TyW60uT#_|9wdrlZT`0*rE>#`Y z3OzwsYWyF<-%{$9x}PXKu*;9R_cvL?{#15hImL?CzHI1P=HfJw7*J)ycet-VTRJExpzm0SK{M2QEF zr{#8Eu~1@Q@N|HKYgj_0e@WH+K#lb8R&_C@%*Y$Ov~BY$9BNE#w9}4HjN?JLL0I&o zJ7YIBDUWbQN;l@ZIhxr1GI05ubG*nd+%BJRR#?m`TS!L!Q({L6qaY;KI)lfKXnfUz zbhb|=`3g^_@yeO8!=<~nuaqk=9McCOvdXjDBrS}X<8(br_VUg>5(fuIME>U!tm?UL z8g>oFS%aKdoG(HpSQb zFisLvZ5VISAMZ@Da6hQXL12hZpeKX52!FN_28}9qzdDNxr57?K@KZKLxRglgx}CZU zd{7;7|6x1VR$x$SnoTG3ZH9Jj=z}T|1NGX6>3b>rE00!BK)r2eXJ^IckL29sBbSmE z?ub&%rk2(9A5~5rk93!wi>~kZy2ds?c7I1ERMC#RDR6a4Qs;zt_O1PjT2 zKA3TD)^#67%vQ!Cs0li)#Q|1m;WuBL_a{V@iSz$=s@4UuWK*(QDQ6O7i2HQ=lLQ zs~Jo{5a9E``$?Byr@s>grB+y}0CXhCQ{>Wkw8AmeBDjzp|DXX6N0QjJ%SHVP5Cu^R$+9Z z`=&Tx9^KmdMTihME}|3Gfxrbm)CG1i`mkRk3pHDBs(-QQm(m!i&yhZ#C+)$Buq6{} zoiQN~kQi-TAMm$CtipE!+fGd2>m*N?YxE=M`;4O@LKKc9?vgxGgzf>qcQk4XSCfA+ zzgTz{=T0-it=9rUSTG-xzX+5w%ClC%GAie0yhJi747emoOd-L>qMCx4M%Xe#Sh0Uz zrH|_vg#7|Bs9fAy!<@qjyABE@)>=dIAzD~kI~$aZ=Pt4G{!8}DS@Haw74N)cEKfa6sOzZ^Uj9H-&RA<$&T zRVVGxAaU9aFQ@9RwUedgD(tTU)a{Yr^&RnW8o6|1uUDqPYIRr&R><$f zGe@;zxFT8Jp)O0GZ7V0E)ODT`r@F_gfPAP}*OCA>j$V`b|+364J2_gJm z;QWC))^apTw&mh45)GuNh1+v{bxb(^7cgjlw+p zazk_B9iA_koe2InH8!?Czd&82(3s*3+=_n?g{dFy^y?o2x-fnkKx4SBL@&8A)?|8h zwodCo8`0xP))lX&H>EsLB@6Nt88jf4KOOv8m^?8_gK=qBBBr1}qvHn|W3&w#;Jged zKEO;Qs>mhw5P)9?(ev6K1X!*j>En#sD46Fdmo{PQ95M-XCJWYKIHIhb2(BrAh^*TDa*QOndC8$Qn0dJfR!0XY|v5 zrN;Dkcj2XQ>%3L);wKpRWfF-QWMQLxri2B*hprF}io|dtI7uQ)YT1b+b6xgcGgQYQ z312TM0jpvC=Meda>D1wJG!=87$+5BQ&Vl31#rJdz1E;=i3hKvYdp0YEqLL)kg5DHe zfe%|>5zwgI{`Q#5XpN2{;}d^ce&6D9-Y&EuJ#9G)eK&0%a##jz?yr$d%CLoU;rU9+ zpS3=;lTb+t>Srn#n*FyR$uFf(L~1;fZ)+g6HlbxMET49t9y_D>o`?btogKo7u-0RQ zY7yHxg$|y^>4J*kUyruGPz$2Uxes8_FEtV9e7;5){y|K}bM_(1ONwg1OgHv%-~8c- zw2P>8SG$^LV{1gXrq;cdf|Cf|92Ti^V3J%AQ3*_*4=X_hyK39pCh-eK__eLTzs*E< z3X-ZUE~LnDRFBOt$rS4`GXDX1#shL@{2tnC_E+=aba_#M#*suE@Ss=HttISb`25dc zqR%*!b#nCj;Te+bN;ZT*5bJ?9aNY=*#G z+paFtTLoKyKBi?k5x@TKtLh6M-7dZ1QEZaT4iMhX)#2NxV`e0sb8E*#b`v4>f^;|u z?6>}Xkbg0T9o@2ea)B#l__;%EucVG~ZjsGu_Iii!>3l%@vXVht2#VNFC#Gu^OG7E( z^bq!b?${SUrqPK*xU$fk1Lx;(85+&=QM3K4X_vnIE7z-o=7-BUiQMST@A9%{RK0f0 zM9MvJQXi}GE=k4df>!^G8l>F}nrH)@&yB9~o#`a-Maf@&Dqy{ED6@H}!I{?Kf@wn_ zB#z||2pG6v_#wcA?6drtTpgpon5C#NF^(mMxo)#05@Ao`V?*M1no_&fT_g2ch#_!c zyzmzPtMURxu!^o62bGlQZ;`2mi~{5a#$+2+AUGuZpHQfne%cGV+znbR8N0;m&I zSc><2!>P$R2IH|o-V`GF7ih)D8KnXg01P8wL-?gn9Ge)ofwRiv3wsp)psQ_T5A(<# zP>DgprDo;%5tv7Xm2pEp3ZCzKBiK*-#PH76i2Ze18CiM)`+fVF%cPjS)9DpdpJj`e zcHd!s#qgIG5B}`q$5;@EI&J>iJ5@z4+5vbNLiym?MTxH?hZ6v|jC*;(WACP8LQTmY z?xU=q4#Zln#QD@2R|qkttNz&$&nXWGdptM(QMjmq`=?b`=uc}Vm?Z2r zP2i?NoO+)s%D=mKKtM9kaQLuaYPJD>ZIwmX467KjEBgDD?nex*qo%KO8rn4{s|zIf zk>p55=yshbt-8+zJrGZ+s`yw`TMG*d-TMc-?aR9-&0fO+S#|smC?14F(%>TN&4U2O z?;}T{Kq2+_uKJ4;wXa4g0Dqxel*DH3F=Vc7KPrOnej1h5bkuS;OIWJ@YcscUjT%j5 zzup)8ZB|bBFq@jX|3{^R&mg)EN|0aji-Aq`zW|u-NkO3*zy3V4Ce#rAWz_T8hjel0Ae($~`<+SAPXg}Fj_CPC)mmg>=;(e2@T`XWsi#mIkik7@O;Jv(s=K%lvI zb$6q8SylU<=mjFc9ssD#F1kKPgZqv5V)5`kx;*XkLQ;a%Vv_fmo-W%@jrNxve9Z@^ zCRcRi-nz9-h-h#AX24)kdf6chKuFg(RsnYT@K9S>`H^xON1Rq#MrIh$d(sD{5(0+! zioHs`VL#)EtRJ~16xaXNYO+)f+;ecaY65WV>TO00zCczaoEuNkn%mje+iaiTvP#O zJ>I+){Y5~>vry?XAByJ+zQ;-^*I^rqB{G&j5cTiY3)Q^fkEJ>aJ8Os%{(P){3`vk0zg#o6Vzq! zoG{Vn`y`-buL=+`gM?@s5W4=|Jw_O9*S}r>)b`Tu`_h_#HQ@v3nmn$YJg)$m?>diz z=GIt+{)?*0I><&S8{ko5hAM^19~Hs}f?%;FoslGU*;<(j(UKAVnJ0wUp2u-NKAXq& zlKb&`&DwQtuGV_#5nznMS5#C427aEl0F53k!GOTioxkqyf`wWoUAFDWTxK zHAecT??3m3hVy%qEy{ZDz9iZ1EaiXe?^v^Vb#RyJcG?H9u#&c&to3-Vi+QXAX1fOV z$*DcxmHlg}zQp9@rpMd8s+AgQ!E%A}sXmfwetGx8kIPF-vz{~WN$Rgs*Nkn5@oz28 z>IIt^|BhC{2cxvpT=JcC0SdnWb%i-2gUxzx1i&)512C8{4vY~}HD8oiFEl{*EbA6n zTU>;-eRWGHBcl1s!CIX++>Q(DkAa89p!D9t*b68rTM^n{bhABE5OiJlbh!kOR=129PNKSM`pZtnuxSoZ+o`|&fSC&1qM8Y5uAN~V`zvTtE%ALyY! z2B?>wd1^m=0&+PU{FHLVEj$=wJ^)uT&(|j%o(cq_+-#8h7fC-x4(_XZY^VZSm6v}7 zW&x#RBwrYy%Pi{7_+jzrVKHg(JQvVmy@?Pb4V-_j)#cLP{(#Gb)r*bXaAOF3C7$Rd z2l(gTf<(mM@Q~{m&{|s4x#|D=%x9M9NJQUu05#wRZt^>n7@7HFI8^(Hw zfS5-i_)0=rnE`&Z+0KU|1sg@8xCHhCEW^)d)Ez$fXZDJXsc`@%nFqj>^AsrSwu%GD zfId^1lHFC1HJ%M~>0DOEH6KFC8UbpmDtp}=OjcwcYA-B)^ni0o@xYW$VR|WiV!Dh% z5BYNb{}RZ|2qzEE!!!Fuoaas4(&J^_lFMGn)sp8Eplp3*;(2L8RaE$8#{ei0FO)+CuZ(I581i2LB!iw+r~ozgX`bt4 z-#iu+zwf~MGQNsIFYYK+{s8ntUz#U@uD@&9Yz0Rbulgmz~5 zAn;p<_@X-O@OcE7!AjPv88bZie-8x~p*>Ro)p8vd8&oq{R+&#N-bU`Tf~WTHNQMO* zIDW|G-=TxD^64Z7g5Qd(cOjxt>pw5v^ZNNyVL_Kb;&iG+5*PMLj_s^|E?Tc&KA*7J zc?wPLhu_%tgNm}~Z39t#F2dqdN)jh+-l8--ES}c!F*jR3$$7a_eC`!N%nX?F`Fpyt zA&icqO{7zGZa5lLE{02mW7=m>Y6v|7(jJQdj*@afPKU(fK z)0tlF^$H$U%8SG;7(BbOc_bA0v4qCCpv?G$1lk}$ z^t?Z+z+FY487=C%4E(D$C5S}SPR(>qN)l_DlLvYG+g`mFX?rs->rR31%%chTa^`jO zEV%HTpYd8k-tof_t8JSBIAGetzKPCBkg8!9F>qg_!X?cDqXfT>5(x4K(F1d7Bvd$h zUOn*FK7X^74dJZq#{h0jV)o-Yo!hyYM+-?>J_sF4g3gih*RQL53!L}6lpRhjIakSA zB^%2>Vetv}%< z0_B_ps-O4m@_OFK+ zE*ml4)jpp>mEU|rm2fFcVeIDus@s=+RxsAwrP4^S8L(hHMC5#b+;`N4AAjkolo9ey zBVds|!zMcgL`#D?T6RG(W?MuO_0*0(1EB=jqI16ry0!}(fikwx9~P$fLwF1Y@BMd! z)??S6BTo?43PogeWkZM;kgWe!F@EB(R4yW9KFZoEd~33K?Z5&T;RIoeBy1n+RgNqz zJRO(Zg_5Qmyi##Sz#tb(zB3W|2X3K4#{mF6U%X0^x(1<~^R))scg??He-?)udkqzmHTkv@F-TXpmD4i6u(gvV={|c_>%LLGHSt1q~{vh@GzXR zP5O3IsE5zq$=L=^LE{TOERsOEmE2hwvN%>1!P^8*UcW1?R9Px})V=@r0(kaD3Hx9R z)iOpuBhkQP3?9(rV39&^2P4d;OZ5vo=1b>Sg8*FMdqts|PZSpV=Bwl>Cv+_>#j@3K zy3g4tcps*#{$8uMNB;hX02atq()dE{4XtpF2dboI@Q-w}Jo-5!iXDs>-0hRNl9}l= zzRU!g@CJ{r0Lc_u8I==<$5!)NQp;KD5&`lTB(jcn*NZ-PN zUkU=)nQfabv8D`_?FrbNe9sV#oMU640!Gs&Q?Z>Z$@e}W`n?Q6&fyQrHz@EKXt+<| zb3YYZJX;sS#K7K}#Cr4bY8owV?_X3Yr&_-@yDN(@KIqt{1>OOb^{EmgQ&Ja!oyu-$ z)ZyqVH9jGQ`c(P=>v*1+P;XWf{0}6=o~U*@{7}Y%BM+~X&QWme`mPmI zuUR1X#_`*_9!IBgJo_?exC4dOMw<%vCrTJQMsL$k{&XZWiRx^t43*Z#oI}@<=B@pn z#I*r3`{A0Y#jVA|D(j`WILeT;Qkk@>X>IeNno9$B^T7`-5yqv%H-nQyRqyAo@29mJ z9B5z8{PtxASCrx|A-Mhx3CpGFQ-RB$?gp>pJg+O#?iOZb0UcYni#Rn~7j(X9@bxEs zrBb@SgK%F&{!D_lp9~|$S{3#s38l7ZjWiKJYIx}D{s zXH*q9{)*~-dLoNOo1mGxpp`Jl_#<11S)X#lUH0FZHqNFO9>(05xXc9LAJu+KjhyZU zIAD7oW>h?V?`E)ApN7L^L;=IFbdEb-26jwHnGesuXsP+9lru572 z=v>L*>vO#yP(iv-Rj(@K*&=#Po!!X*%|UNr_G0x0(beBA!l?kDfFC|Zu1QxRE#6_! zs*~Sb*~ZDwcD2rg{I2Uj8}kG3%c3vS{V62%;9>e;)|MU$wpvg4Zm+Y#7>COH%(wbi zES9vd9Ov;vw*f%3T_nq&PBI}%&ScK)r|)ZYT%s}uaf2T@{B~oL67f!;CWkSzia)L| z%@fWKSh)PM`hBeC%6S#ct8BG z@CG9@f)9#X@>>P$CZ8~Pmz&r|e|~vaJl3OW2l}?XHh{x-4OiCVjms$G~yt+2#&3)+f3M|XTOo~sWdPqSAZm#Q8o3??5cE`yUBR`-#+En}Ry zf`=J5*7HQW=zc_P74&`a^H#;$7qYzlEGSca7yV~0x&Ek4L3%X08e0Hj>-ml7IpHk( zkVhawJES+4C0lHKp+T6q72Z^X8vAFYhG-z0wqWb5K0nW!kUgn-MH(d#|^rzoii1jWCQj`7CH! z1IIBNQ*%p9eWpNQh1^Izrb3w|88n_o(?n`c_e~kx@$gR#jnc}E-D584a2UNcV;_DC z@X{Hh4Ck^VxG1)%(2yW0YsJRmDt~#cR)utYAQDAMIQ8q2H5fLR|Gg88jnM7K!4}lu zGQle|byflkCV5PsWzFc_&l5-ANi)MqT`F5`Npv1(tLr-_YOK-VQp&|07s8&)R!t_& z8b#?4H_mFeYpSO|f?-Y`A|5kxkvh$v%D!I8jE_;Z&gAHuywp%k9%V3Vq%v!m8pbaG z)BlgAYYeZeYuYi|*j8gVW@Fp7ZKrYLq%lrx+je7Hjcq&mPV>CqkMn0=XYW00?KQJz z&D?Vj@uKG5u9#m;CNuc;r593Ihf7*~-P8!M&?c_da=>B{o#$no;Mbr$oRzO?|unD;^nCHQ6B9}RFD{>uK}iG&Z|ZRXbWUnEY=R`CY_*E zi)Qv+Kl1X`G@vQ-z%nclDR@-mcA57c2btjx>2Q=E7q%;Gf28#FEybP$~}JOh*eYFf2tL=@fkWhtA!}01qeWNEEI)IJa?I zN5w={&yWANL;EPj!Xq9sj)4*MiN&UEC`cl|LD6*3)*<{<)*4QN$tz3Qjt148jahXH z0{w6gQAqPR_5VT~Q(gwwvl_s))%I&c6Kk>LIGsYuzd}iJv`{TIl0dns%m?CBAPY}P z;JPl(ncfi-N$CY+n9wbE866Oy*ke-8BuQGS%O&yfPJM%AfVt0Jmk>-C7QvPwF&9Jx zvDaikA~lHpUd`}tcWc&92q#H`QwX4i&7=2#*E83wA%&ko6rmnbz(X%%5iS#={ytoY zT!1q`Hwh9vL|3|0L890IWnC)p-4;g|MZ1F@$7C-i$FD*sL4-BTKpk1eOxCJK6kprq zWa0ey)Hs6K$`X|kp$1RvEiF?SHE=Mn)rdg{$(x*C0gR~ZUcHmJb)KAA!;pd$wtnVR zPTBbDso1{|0X-fawPr>p#(-$42m`Bx4kSp;ZZZIdD9@RhPDP4#y*y6RUJ*gPfuuOI zO6ICD_mvA4M!+7NA7j8nL4D3$9tq;0aA{6}k+Kg0M|`J;$A)MUqi3TG}qkR%bS*N;=}9s6EV1 z)21XSM$>Q-)}Z)%a?7n%fpOAhFdc))O;3FUwU<&T7{61^tq0qFyqnUE*fEV_M zH_pBc9w|Hqdc{6sp(u|aUb%f*s2-~4eeNQii&!ZQ{&fZVE#%{>LGEWQLxz4&rbq+A z+ev`aC&Vw}tCgR_=!x?nYUxm2t{y0k36ds@OK5bGFD$=S2gmJVm`8X4vuc#FrTYpU z1GhDqq0308ZNrzTR&$uCObujin&{<9hK_A#I=BMkdHjrQn<9|8ZD0B)z;3~uEG@M@{X`PfRRxHL;@W0%JaQ@V{FSJ~x%v;BQCt_C^`!Z6e*$ATN zT_LJbQ#tSW&9-%W7t0?|bg}~z(`eZlJh&5p1JML2fOV6qPo@ zuu&yJ^V_&-hf~PDRd_NcKM&~>es0>JC3iRc^T}k1iFa|t2+wEa1MeaoHb-q0mxFU8 z+0P$&iCpk zq-&5p_}TmW(&ucjg%E=CU}epob8N&8lg)&m#wB}=wzZfTyuKi4VQCO)cP%xoZTOX= z$#=_m`h4boYTT&ufHUBX;=%Jb$y4>fAR|MiEa5-^ zVRQsEp{7Ut+ta;q6r6X=;aPRE&*V?ulf%7jGuo2)aZ&6%aMF_p5f#mX@Se@o(a?P zrq62o&NtYAO@tiHi7?#}lcck9S9E`dYx}aZ9mr+sg17Ae202%762Ww8L$o_xS~Ds4~^H zL{zi{=5spTEZNZwfTr^NODXCPD2^CUfXPQG1Mf5NciKZs0n!2!$Qg<3v>yNI2U%O9 zbWe#noJMnD=^JR3B3OXK0Pzq#86w#=&3tuOa!Mnd3|@L;t^2FVQRY6C3VJPsu?N6E z3z5!?bs5-pmF#Ab;4g?N!qZN7s(wG8&35W!@1{bL zaT4>3@{{8T{32U;7j6WWe_`U*noEN>797!&-IT9YdL6Y<2jHwJE8w=(HXP#6Q|~<( zx+q;+Na@j)vQAO!z>tqx@m0*ITgfL4z#3SI2zp-GL`T@x%1C1zk#|5%h$ME!bGUHW zK=zyw!;L@e21yLhk1B?c-r_cq+QY`CFS2g;H6s3tQf?Z4c z4iOO+wMz8q5LrW+)Fq{{9^lC|QcbUrpx8QUa8~MO7Av#4%RXsj z7Hy9(hAxIeKmvE87j4*j*=V@2r?8#Z=m*`l_o#>11YCFQ6a!~L*!#~gGiCx#MY9aI zaAM|me)^bTGINPcSX=FofuMc2MsF(EE)%Gzgncyzk`NLeL;?h6y0f@Qlq6e_HCaui zcnsb9S3mYuQ_g0HVYem?)%-qTWJxeiXz4Ng;mFGy8a42A`+(w(g&j|z#TAf=t9tP3 zpoqW4->`pL{d*nE;BK=5qmL3Dd6!2JT=|0X5C8sE{Ck>3gHl6eIJbeIOd&96&?thY zLq_9=ZSjub;wulPG#y9wHfMF=AV?Mo2IA~@i&Ae>I!9TY-?sqQ6c@oiJw+WV0-D>t zTbe{0;CRGUCu14M)z&7XUb6uzfE8QgLm|gkPLKKBc5lYx$8jpEx|O8vA1PFbtYswo znEXv#QXH;hC&KE)B;GUHo~gU`?ZS-!Etgc{REusTmHVz^z2K` zcSvMvH0qgDl9Q;f@)i01wLD@$Yp**jTCBqB54a=y`hp`0S# z=Ta_*6tG{dHpXq)w+B6pa+ca>Qhz$V&jnr2Z_=~>M8MmFV#k9sK65xw)F`=ZBcwbU z?6r~rBV>}$Y!IlGC&yy$AGmDm-i7e>NenP~HJ-{fE%H$w+1xIV3%$upooHt~HV4!L z$(r>I%6UU*^YP42HPOBv(G5k|^_78pw%7d;^0G?9sGHF~2m$(X04;ntTrp|_B8c>k z1b^8SrTu~U3&FALSD()^5=ga*#g?O~<=w0B++y;z-&k>QkjB-g7o@>7jbYhbZY z1JRi2X{s9%2k8h{p6-AC#8_3u^gMp6b-Jf`1v=S}w|-3sI;YZ8$zqWMv4!fn)T#Kj zUL!9Xxw1zYDe^k1W$^qh6ZP{aq99-vS|{+xQZhb+;}{k%Jz8`)$r#u&{=inF*w0q$ z&uZLS7|`IQ`zYypjfOAn_ER6R%s}HH@;${#zl15L@8T&8vvYUD>pE6!>Z<$Ziy{@c z&5dXe!RL9zkZDMvLzYmotY~OEh^UGV9U$a)-%K4HySQ~h z1an_>+sbS~pRzdz?&Pg|{31gh$q1i%U)4=JUWETI?$`6{SG#b zSye;1{N1d%ePX?K38(AFLbQ7Ler^@s9F!X-; zduDT8%#*Ui8q;OD(*ixPG~c);HBwJK@vODw0yi5e^}djBcN1fNjIeh-Z@dMo=>TSb z8AAsps!s5TJ#^`R)=phw53oFHdV$7Zy9(O!%L$$ny1rJ%NV7y)DzMgS6+T(7363^Z zINHIuL|^H*yI(pLZJrcb)c0koWGcS9Ju4jMjPr17Sk4vW9Phn6*1j*zu7vlW{>l9O0=>2IbeAZw;Is3VOy*X`WJ5%Xr!Cohu?s*X zl!PgDMb%Io=Sbm~kZyC81VD7Y^wKC9GIgArSNiJ5oR6h-83=sHtRb_AU>!gW`H8dQ zuiR~&HNVZP%7T5_U`y4%*cXEQ1q0}`{0nPaQ>}zVL6BmD@81sm(_f$YX3Tg2Ukrg^ z%#tZUud0R#KaOew9E*Qpg0`kl($el7dUie_5momc4ZTwkI)9miDh>GtzN75YJy?=ZR+OZzUN zo;2Jo#3oPXs158Jy!c1INU#4LI8)%_t#?S@Jt{$kWG!g^s!d1HJrg4*magy_Quc!^ZJCajqwfU$sY`n7?ZQYuj**$f7Axl4RH zQ?V`MegncS(XlHiXh#CE6f3U?H)=Q6$@jaFyu=oN)2&OFKbl`0bGY7M?!Y*b%~rG{ z7DpKZmlp|%EBi3@lcrnQr=#mV1JcX{_z`GZ9tHCky@Flnq$+JZm`szyyZDwfIr%L&nWif`(MB%|6oI4F_&X9U9 z%iTJ0pDLJNQ2b>Bsx_Sz0?W;Pwq0g#%A^;SXq@%@l<0s*jf zW%UT^UvJ7WO?i+_ualtE)*B>2nII?9 zn_JH(fsLN<0U7jP4fa`a<^ho-En+`dI;oc(s-y(L*4#Ha0`!9Ed*EFm@<1$QyJ#n} z$&6>TD+c{E&#lggV8e4!S!U`vWls=iE2Wrg?()#rV7l>i9c{HrZM0DWHxotrjHPQZ zE>Ab^?;bt|>bTe7m97ow}f8(OoO2RF9TzRI4ZUz$;CsiSf7C$Gnlxbl~PyC-i?8*d-xJViP$ZqABJvO}AK26wK#ea-5h2S4f61K8y!aOZ zcbgyd<3khsrcTHR?&sZO=fWIEPKBv3>cdRxqYH-L;lz!>P?!A+q!wcsjw_ z>YwKOA=$sSVlw;NGa&|Sn9UIoff0lAYT1P?U`L)ub6NCpnW5IY{4f0l73OysqwrvL zhdjZTVx|YmK^(YC)}q{Sq2kbZM7VYQy#QO_a_B8W$xY*pd4aEZIm!_p6(QlTbXVl- z_ouofGsQ_`aXo%7_;S~Lx}S*ZgE?_@i&ef&qrU<47R*Hz=BP%23wAUx0bWs(QTf`= zPO~-3(0nx>@58fAomZFdFQ$T~HY*3LBD`}apHWUC4sbH;qZn}JONWZTcJ5BPSa{V0 zl4vFa^rOtM3Pm4dw(Yq0)K~R`ChHFsb+=?AMXm2A(!WO$hgJ4}x_;os(r&m@()o(` zV5_(J4J=-FP6lxG&U4|)JLZa=Gcx;9SNNi4kBP)ObD8(4T+FV$SyC3zq&Lm?IyZQ& zWEz;gHu0u!utPi7v>dI%x*Z!gh7ZqhX}UtZRQc}je!PnPew#q_-YO$Vx$9^Z#*BP* z{#g5q{%?gNrJFEnIqS=;KJFVO5%j#mi_EDG`p*B^g}^g?ikHmF9rr(gFA|p$%mp6| zHX05iGY`8UgrP{PrBTSwSuu*$7#YbRvnFVG#ae>JRX>7R-LA1gVimeK zVeCji{JmCwY_+zkKjK$Ib{=8r)c&rnr9-%hV#p?Ysn&ZY zeW|qDetDwZ_ZU{GX_jv50*cm0R|1U)$uFh4gY&C@S5vXyCW6PMm0geU_@b+!h6`6a zjygalhbZgQGOo;(y>igU*LQcKHTyV@7eFgA|8N!FM`Qi|IaeF#x8CYhY=+Z^Tr=Nl zSE6nna|jX)dB(avKZ(}30KmJl=bqO5*5owd>e{sD)W&CC+Fp9(`5F(d8vl%gVzxqs zWjFr^b(nlNq%Q>#>6morI|4g?&?L1qukf;@k6#7*XR*; zPvMYLQnu25@knrU#xOlC|D~guM?_?x$o%WA{`!V`rnm?8sle+b3Swgb1 z&p}aC2wvz008nYRvu_!QAdN|+c!BV_GH&7C(O-W>NP4{QLLU&xQ-UvXKx<2a1#+$R z7AJknK}H&M@4$3%u$3W)SKJJ02NndaQ4p;)3!LE%@rQSpWnyJSTRKEo)b7cLphnj) zbZ-QHgZa$`DWWdMM>2@Wgg${u)3x#RMd8e_wmkWTYs*$hwN>n3 zGuKCrn-;83aluiglO@&L8adFGCu&esqYdu{a|V~a9wEJc;`*1^1{{I;qQ`az>Y{Bf zFrx;X4NTqEE0Fg;6qu4Gt*}#%%-2b^Sl^$fdbj?d$@;iIxC|dik8L+uTl7B&2Gim7Yf@Q-c3*jFwq2AoQtLKmF>DCq;-1DVRR7D}NL2*jV z$7%W{KnFNeoW7LFMuW8*(@p!aM5zl)^@4QaES@V(-o3?`H_AUn20ezaU&xOGm8?Ib z^M{LVJ`f!wSp}9hRQCe6J-n6<5=g$WX`LiqT3kToUFwg%EF~R`+|}*KZ;F#k1ro_-wJUXBfwZj zh&qosQSfZpO9YD0C^+&gs{GTaOj08}CXk4B6f(PWfUL~UABVN_X*d2frBqS`cl&gY zsQuOzeQgXRB@lr0Aa2e6|E_u%xmg4Q+V9XJ)~K%gjh?!8i6mB&9Y{ zbQVHPY03FQTu-G{hL3kGdOU@kAf;ge6~YFRp5fmzK(W58fvoQ091uQEzl8v9Y+{RT z8bhO&Lxt(3bOA^khY>#y+9LsH?uFt#D}fTVpPum14C#P+XV0aO5O56iv1Y zJMTte1L^0KG}2WG^vG))tGIa1hd00E+>##2++uR6j(XOu%gbzG4q=<=o#G6CMTN6B zDRwf}N`;|Ii3vTCKYsbeRk)^wfkE|6gA<(eP(*71H~dtbycObRmmGjjoH4uN34(8G zwF~Zdy0#e95Qz!uXdH;$0!1|DsV~}+h6l@keJYvV9K_IXyyuh4GFXhP(o&A9uhB9X zmr@afSYKVv0zOruR>Mqhpcc~R{ipJ8pNB+1EVkF}UT1NL8>2WcWZ|wM+XcuFQAjN# zs>uifssICZofx?i#eS52+QjaUNp%eXkcc6vuAS1vStl4blAqp#k#XU785!8|o{np3 z40lm{nXwaN1sO3#QC%HrU~NHSwSD5d*B-rLx+2W|fAFwzteMpqP*5n+Ne1-~tJ5Ed z&BkLcqP4f=*?!=C0%;+)D4a~r;u%e}Z8hJM@a3Up)#D?Jsp>?2hF7M>J^`|L#0lcX z5DxUWsKaCvHx;7R6VxrfDxD?M>HF0+=VBUZkRC*#j<_FH$HPboGE~MQR_Q|L{lD_bE)y|?bOrDv?o|HFDJ+ya1z=ebyTJDBr*V;RNA=lxm zXXB%dDT|b&do#DKI#$j{Cqh1n#ARO^e>0y3?I0ds6Hm{yT(+vI)+i#bQBJ|nvYbDu zi)NG)JV{LRFH6(Vy?Xz~fO@Jb79Xv~(l_mY_ZEz1UXsSZ&eP(b2YFC;RUxRKdUmWR zhF?hv!pi4=z0=v|vyF&nzCgy|AEc4&Ka1Mi`b3OS+J`Mt!4$p7b8OET9~u-Fo_iNO z$-v6p53XZ|YdWP3tI1%~vi&N4q@RA}w&^}VW?JMr55FI z&tbA%vDVo=!CD$|tMEcLi6iAkf7-AMWjMZ*yCd^A3If7tJ15Fvzh%XEType?mN-b% z_1Fo;+?ZLNb4oOb8+kmp`zsi{&z>ZwoGe&j!|J?AYl5@M^s_vyxVnvdYx?B=q3OA8 zT|Y`pXKU`m(R@anYIcNEH@}X~@`}fXU>H48?k?}yV?Wm(G)7oHB@XIA8o^?6p>YJ~ z_~=^_KY?BI^5r|H>F{V94n2+@$ME7WHT-HLC{t;_q~6!Ze62n2r#P1}qG4LnJ01_> zjgR9X<%_|g0{wn(MMI4As$nZtHB!!6z93K7NwB-bq7v8{+7Y;p zbhkFLsvUfF?N@a?Z?KuKkr}V~S+8iX>a0K13#*uS$%{zCsBaEQrcDf=WFKeiX$0vN ztH&9`O>*1GlxqQL8xySdTzXn&`eA07%igmOyjRISyH|2_u!`!Vi%#5+hl8pg&#Qb_ z86PJ~srpADAlPS31iBwJU9M*rAJvO`32&n_BI0PjySx*A zJUVS$H)VOeYO>vH6!FRpd6&Lkylxu#o?ra%daGwR%A}9;KA>RJduhsgwfcBrZXpM! zG$Xqv&M z_j+v-=y+z>tPPYomG95!eQZR3%(?Ntk2#eo_f>#72!1qvyf5>;2u)^`8?&eZ>}V}+ zHkF=iHXg>ZUZycqw8@!lj7493f7HJwzxN&ZK4)btl(Ht`A-)E>Wxh{;ytep0Z`OWm zgS!pz{`S&I=yfjVJvmG0Y1_AZt)WWNqJ2~KI#svv9yrPCt2skRIy{!yYM}R`$NRMY zvH36~tr)9*vCr3j zRn_tK^uQaR5#Z@CU$DF%{Px0k+ne>&Dfi=Q?axvPduY(lSIhSszQ-`T4?;Vhr`<1% zR8qR}VI|4$-cYNb;J$3dm&hCIEs>T?tzPXns8P4AYqPIvnqe^V^g^r{{N0x4#nPU{ zRlce3LC=%H_}}PQd?T)E>vktRhLJ^dI;iEoFbesO%l@UP+)cJ%m&CIk%A=i)L~Boq zXwdjrMcAkgUu5!gj%ns>P~w1LHUV*>YBAHIGxLBFheeoPoLN&%3!I;C;hQq9h6r`l z@c3JWIOA_T#2=tcvQ)&Z_wWW@Suc1@>R%T%bBCL(*Kx>Ib}&OGFuGTOOHoHwmtZ-7 z0Evf#K|#^3;DpOe+aoQmNmyvIjhub@Q!)cIq@UzLjq5^l4x=L9Jjo8vo&CVX;!GUd z3DxWFrhS_nk)4vUHOB831HSGAwu++McP(4`iUnvg8cchV9tejHUF)RImYFrkO^pOa z-SyNWbP$SCkncZa4-mmN&cjC2}JrT8@M_RA8# z*21NHm58&WFOegwTb)ZrQ`w4pnZ9PJV4pGIl!Yecj?>eum{nv9#5ESAu&L(Jux5i* zBW>mEMxY1N=DY7_-6@lDNpS~(_dkMZJ|84)0fIO-1sTzJ+hCMF1av--g&Z%G+f6M= ztI?deiHUM#NAu>tts8T_sV4TiRFOwv)!Y2K_dy0ME z1rn~tk5uKZAKJv8zYttI^(#WCJP&H3mP5pV`US56TVlCAM{J{L`|(!O@9j4TmbG$e zyfhH3US{aVA5O%wPn{-@%?2-ZcTSwYFgteD+{!j`kiw|B93OjG%U*l;EC(R8&KZbE zowziuSno&J#>S0G$+><@qR|^+7&ohn`=+jF?p3+Bd{cfhGv;XkMcU(acao{Iy*3j= zM^yQ;_CTMX*Fr2amhM?D=gF+4&1ANb7nmYFT446jw>&mBOpwos@7j6~*R@6_<(vdy zG2MJ_WnbFE4pS-QG-aO7*`t=?NvANAWr1GLW=%><-*;VVP$d46ZRg!G<84qEmJ)D!yEC%aL6f2jm^!COTJQ!#vri!{5Q43qqgR5G(KT>tF5Rxv$YXh^V8P3gz z#t9K1k!dm$Kq2ZTm_#UJ|Kh5pwQG2=U(nORxXrMUmqpY-7)ov@s4kfMSvX^F2aS6Nsg}GfBW`!^-*8_ zdz2w|l;EL&W@G%kA+GMR3XDHsGf3ck>@c2;R!?2$CAQLQWC|UZzGyWCSw7-DgOy{K z4uYl^e&4GgFtHTvrvAHaf0fL`$1+n6Ct9r6I7dZ~L5?QW+)POii#Y275JoPZjn
Uy?V_7ceZcfp4Yrfq$M*ZKdw41Qna^T zs^bgnx6;)iVTt8|w|V)>c6@|ud8>+KzPF{_>n?NzfZtclL$;*SC4`#&>vfh1rRu0I zV=s^Z%d(2IrH?t^$opQzMQrbwKR=~ker0v>>`Aav1PMq{k)Gr)$+TK9SE6F`td*VE z-o%~eX<2EjI{O_zEzP^w_@fN)_-^@dXI}NE-yc3@O;1|acWyQl9%Oa`d&vUzJ8zRs z&!vj89<{98ZW8NyKPEyTgNE0->u&~khffe$Hk0vJeRez&vSK^tV zz%4+TW!XyQD|z?k*C&5x5PtPy%~O^WDIESOsdHKwA*KrUQRpZN+NYF(CyVBAwW6t- zA6CuVYDdgaG?Um)biXvtEOo~GLFSgIU=vHPa?_RP#)Q8nP$aL{D0hO4L-~q_6#q%7 z&@HuuaJ+S^!UqYjv_kH0mBptNBb33wET~0RPWDrfly20M3nFjL_w>uvFoI`zw*Lco z`pH`$6Jl+X|D%20Gbi1j#CGJ?=?cY)LH=h|Bs^;AtR?|JrQahUweV+1<@uH>lA`J#{@ep>$i9uf#1+^L3U8{q6b?VprEM+G zs-$6+of~<()`8fvBkUZB%yzFCN{Qr^YjL~aFZfu37;tk20l zaJ4K?J!XnJa9OdZh9&vYFJaGml%$J9$wbMwf zpBm}nJP;aMT{h1GY-dxH!isByeo0MLi6m+cg&CEXmj-S#YHG`Cb^jh;?a=*`R$qK< z8mR_5Ew#WX+cJ1^LI!auwAI|l;vLK3;yY)H_KDQ9;yOV4%_+G;rw6loyn`8OznkulgPob zhzF;q`W)@7rSfIDNoRW&7qQPicmZKT-6-)|;Iimz_2VnWRLc{V@#EwB*&XYElU1Zv z<@k}+RqQr5`0r|PtBOB=ReMp$N4vNuu1aw~ao9g{{^)c;4JJQIYd7O&G)TD8`o5@d z_ZeYsCuJQ#{X2YMYSm|$%BTNc7{qtFFq&#vd0by1pDN+ojnD-}{s=afVRBThBWuMG zWiDeZ5Nf-9{EdoF&8Czz{4aU(Ad-B`1j<6|W$}2D+FtuXq5~W>7;U0LVcayMZfpnu zJ5hak!AF=)NFiFtJkITMEr4ByF|-eZZH@D!k73QTIi2;K$1c(pk-K86QM1?8^{RM4 zYkTXw_UK0;J9)fbqg&VAtEVWm1xqTwt)s6Q%hHn^u9nh3pgN(U+pL6*?4M-NBL&Hh zX-sMS%sMP%z#~yM%vqi7#G>Uspu8@G6|wfU3{WWDSxK1xLz6s^^BJmIeFhVJ9w5$T z0U%pY1?x*cPKjzBbcp_N{UC3DQ|xuOCZ40V9Bk3sJ#q)sS8yg8bsmr^4-B9CVS0HV zaL$^YTLzc3+X%T2V7s=f)Z8)!&!T8gLcr)b*xmuOL4wnxh!GPX&goE2B|hu0o#YuD zl&R7}`oTwkJ3Os|$cV!JWih>yBaB<&FR^Ub1O;|BgsVV+P{2>Ub-367*ERUD8S~m& zAl#=(A6_LJuNCQ03^s6dV`Pg6^Mgi6`Ugpw^s7;)z49l>Rm6V`rSmYCs)8nxz&)0{;E9HE6i)>3!GG5Mj+f9u;Orlh(2P#pA zlL~3ck=T&gH4e({aSeJS)-Tju40vfR&{hFYO{ZMp>Smka{-$0OBJ0Pv5b-l{i!Rko zY7W7F0!0)5>z^hT+n<1qK7Df_EHLh0b`|0vJ5(Td0s5jSS6babO{^*C*IapTRQ8;>fSS89Xh-eMdqOA*^Vwbs|V^ zjTe|}qhhRphbH!LFr2)N-?0Cw?g}X>T(@eeDx)Mc)zfTdW$Y#gicm0fmTW<{sBve3 zs?+KMeL7R1v-xc+H#d^n`0}xp#T1ph954E2i8cHeI{Mxp4w$7Xw z{q2uCL|KMiH$KqtM|)Z_?_73FMMnX|JXql8)Oab5&l6+0@CTkW z9sMSk2gKv|%y?K@DzlCsT4O^()K!y8G_^mYZyW7K0#X#l@EH4>(n;1PV^r!v0C`&C|*d|q*P%QbN4lW5-qRV_(i>pV)nE2TfR{TuSB4tAjv!qpfGZV&t(Xi$YX$vw8)g6LXgtb|>dy8n zzhRpHMzp6av$ls=MU|ysUw&Rsst~~d4XArWzU*_f=o$-9U?3d=a7B8NB$$E^gf;}x ztWVke(0?<^F7ePf!Z1*)t&dMc4&hlY_nB>wY!)uieE*fi8SVfs6i1WBI-l{yNp+8l zbTo4uV@YD6!$O|zAN+Ie=jXn23hO_!iQe#n?$@tzEob=zdRSi{fG)Yvjl={QtUb9+ zP2^1UGT3%!N2ZGsX8=x!w%zQQXWFD%wbVw0Uc%fndn8K&tag%U?} zsSDbep-J@*TmO8e)Y9kqHLE&0)!($p<+_jw*ui`kL;iDcp%TbT{L>{uR-mgR9_vid zp`q4D5N=tYliDN^Rv`(ZeHf-YcFGt2ZV;NSW<~?AAPHAeN-EuvM3|RJVj}Xc7^8j$ zDM=zYF1e}P66dDcVks_&waYru{AF!!oEmr@P5dtvYNIGjqcWq5@BB>si1tKJ@>L=Q zb-`0+{#G3zjxGHj=JP~fLXJLV6}SYj(p0m$nrus_lYeK%sWL>7Ubn?#OfmRH1FY|= z;`!X}Y*8Jn!@!I$IlYOk7oGyGc!cE@>#&N^bqY3UV22vKt9PJb8P*{w4cvX;TLbbr zjK8vI`Lgv@aN|6ddw>d&y2m7;T>%M&ILe2?F5}0iu0MZ|txg@X?3!)Xm$IZ%IibNXnM_G*w*lnqb?5l2zWj_2^8cvIN=VqU!h zlda58#ft7OCZjd!!I(~p7-{~JEP+^Y2_#Y2{Ez6pXH>W%BS8p3T>ScA_PHr6Dupts zw$zYg3OknYZv4U@HYGVz!|=O5-K2l_!n7n#2JHFr)jG@mv9K+C)8|n@?LQ6*22?iI zLBLQrJ+adr@$K)$Ipwg5y%XSJqie)F(Gz5-fXk}fJwV!=RUK8W+`+BN-TlTovrJzY zMY{TvFZIi(W!^MVvbqMX-uHDB$k@K+?Z2DRXu#5qo!VD&-7)&3%R-_SQMTaWM|q~V zJR@4PpeA%OZ}BkSHt9On(CQ3dVEBoPrxE|$LAk|J?=edd72KX@3mPA`Z)?tG*aiWL@30&Et;>SBiuP*&3daYq6FkPt>ZkG=}bHYj>QUMkDI6 zXWVDqPgyR5ky1`+!MGl_qsRWM2_XMmYv)As^@*pDQ)az(N?nWoGkAYruHPrFpEzXGvl2>CL{LTED4Qss|!2VTEQ`F8rG?d-nfws0YObnttFddHXY{ zns3oZK?$mp1@AvirNRc}K$ORgR=s^pK|pX8|6u`aawb-M8}`Nlmenre`5E?uy=hA0 zr8zjKJZZmSfHgQ(wEvS#csds_j7Ws!bg@CafVPnr_w&p=d|hfeRoyJih}0(xCi^!ZM5*t8XAOH*g1A+~^b5 z>Jm%J7H;P61(k<#KS9uns4;di!f7>IA3rQy=^Qz)&(jEj17#@-%utZg@)kh@a=^6x z=M8a(^3&+RzJJ`G^NQEDwIV(~c=pxG`)2Us?|EjXhD2N0&xxl5OE=fn1J}vd?|1Vp2W|*QnS&XYs)238A@OG@tE3`( zCRJb}drJT_7`PpyB)(KW4%ZxcKTsg%>HG^;f#PHCF0~)j!?Xc-GXA3KqAL&2I6umh=c3{gdP9A zHV&NTPb=gfLb8~U#s#D5A=5(|b;M+n0z5PPaf_0zWUFca3ZpwZedh8T?S~j3t7EJAr3Z^)LO%A^@jqifTKhIF+80wawGRW zRu+?CP;*~!ut1Awwm%J5t`bWIouB!JRZ~|8W>9ZVTL^d$HXoWxu2m{tN9_KF`Ed`3 zBLirTXP{vJ0#Yw566?RQI$*fLq!-)z=j`dV!&c!$JB(8dW6^;V2kp?sS-}|m3Qcgy z2V`l_L#PsEF?{`ZxfN0nrl>K=HPmS$XCr_ujD)pih!O z>E5?2uAr~t;fe9AVu9im5m_h;&i7+K=A`EZyCr#_)+=yGgMn~6U;icq-uoE3izCPZ zxmWXs=hOZg|L0v8_>n}8Lt(=IU5EWQz3GM!@+bh_vi#%TGSP-5lZ77+&9T%~hWL$$ zEZmyOUKImpP&<=z!jV?8YYZ<__64Qn3&qiPTD)UcKN6F*o)4FPgGBfs+)dh9lPo+U z2FXOdAl0z`8_=K_@XPm71qToT1Z0P9BE5SvNT`N*_?(s!B>0g)!?QUu9W?Y%@qXLO z^r*(SL`HNOd&~1>J`1UPTU*nr5=Y9*2mDPI&Ova6}19b^%uh?)W? zfbeqyu=XCQhGCG+ISWe&h`UAj^Q}|b{*;#W35ky5P|{1rM11@b(Th|VcUhil8H-z_ zaEFPotmG0tOfUYzcbDuHV5NvOfVU&|`wLM9Q)}T6cHTCN7R(kY+AwR7eK;~GQsoFp zNw=tTCimfnW_5ijU5`9}J_?b19v2M=OtDl%UmR`PLcmpk`FZBuJ|oug%x-Z>_xDoq z{RAHG;?7J_#Cc3YHYU7%Rxz_FmZzzH)@7bE`NahO7X29i%#%ehO2A<;l!cYoGfKE( z`S2IwbY~Kvw#t%m8trwZE*3m{T6GlvURAW4V1Y+BhDFFWd`*>q|C)`8K)4E8Fg<^= z3CI#(QnzqY<<9t9f9tBp@SIUk6k_5=;NMC0)cr7rJTFJqLuib4qK+qb{Ot>Ps{e zrAo)t)GN2BYwK4yk%ggY8=XPL8Ua-mkF~V`4Y(3PLZqGD@fjd{bsm=AwW{r_++$S1 zz)GLLIzH8hSwo1}MRU+01fWJ$axSk_hjL+T1{=h-lrFa`-^}Md7bWr3?*bZj9LEc_ zxkOkD6(@31#>BRLL0}9>!CKd399kL6SU-rh@3Mex^|S7AjQsHmpSwM#eLxnB>+Zy;7S2$c$`dRxkI7ctz9c({Ikn&?s^ z!wc2lotC#Z9~}y>xHqM;c;3fq7BhHISsidQjIuNoJ9M1$k6|l0ub`4TKVEwnc@e5M zW$gTtczj>?5bl1QB+r7-hBYSePnuYYjsus=%%`>u6t_fW**Qh{1yj7sh3J{@)Hp6@ zQ+5MD!PvMg*qBaTdDoy+;#~ObfBX?ql_82Y1j=QML{Sf%_qcs!lvq9>gP2B{&lkDe z*VcMKt92N9{BQb>Iz8XjK8ormWR{=peZqPnD$zf$YPa03;gO!u0Zs;_Am0}?)3TiZ znJ5a?e|lF!%I@KKy7X2($HgVY`lHz8mFBnaap|h;@UuOZqi>nK+zA*U&(LTG4DdiX zs<$x)ak=#%FeDI&2gN`BR8eDjqV(lr=gCDui{FPBw4Uq55i1*LlOV!v{edRV6wuDa z);Hc{x<*#3MzbOiLHWktrzES)}Y8#`b73LwIyBnzZm9v+( z3Bia@?y^;0`N*Ae&1x(}K^5}*nf@M<+0KaA!c*G(^+jjvifiU1^GA&dfzlH9LUqXD zR0APxEDYAlETL7oj_)-0I-FEGYFUb0zWOtLq4R z!A=g=jQp3IxouFbv0)6`}bnAAt^ZWGXX?cd?H?j=+rK3cyO04rC}txOWSK< zb-X(Y-*K7$;W|m*Pr!`E?|&P`g)%dO=dl-BvF1@0{oA*+mFw^y=gv91y90}w{tDhP z7@u*s3B!ZpgsltA@tnE7`6RhaM6gnJN0#%wlmA*f>k3I<#@m(IM{1`p=n;vm~`+5NzI}^-n*HJAYWgH zq%T*`5m#OxFrxzO;Xw}h`ru;((H>8Z%A9Wf&X8_nq-j-=(7PS^I#qt|H{=slx&QE& zozjxXRJc&)fmO0RU)N=}{gApzA-T3z1g$piyx5;}f{mBgs(l87d+6NUn0#Ko6m3y} z*n~!0z^$Zk3(n!4D!rSW-DR0+k{ZO-O3w&ii+I@It3K2ZpQ=Ym366;H-!O@k&P}(n zYS1rqz+9}mEdLU`B*Z&A7HqeM+$--LJk4A^?m$}3(4QkI+)3@WxTN?r^XtRblv_O2 zzhgO77-7NzGvSniX>K|5GHl5$&fRzhTMhB!k@wbiU`aM@o@CMa#vbF`B>Ce6GghYhQ!ntC3rI8e`V^CZN_O6x8MN78-O^X18b4 zti5U3UL5W%ipuv+6TlmhghGbyjqTzJqh!oDV;`&`38l*;7S3Yr!6vz`(KcVm7|6(?C;O^)LZJcTFQeM`=jD*Z$cx=L#y+` z8Ou=2DS>+`-NEk~hLPL2Lf2iIjeoe?Zl1t+3-k%M9SIfn4mIXD!eL+g2eU8kT*VX! zpl2Er(*=*n4nN-LvQxKMa=~srskD=R1ZrGLnhzR1E}a{>dX1>V-klpAR(4&2;}=Pb z?*wFaYVo8}<{ngRA9y25w1}A#9y2oRFP0v>=l z9hl;rg8Nh>dL)^~V78ObE`IS6lC@8nvIAJCX;A7&%pS&i>jh?^>$mE#yja^=quJK> z-xYdrM6egtZ9ReQRi%({!y9mlKl@7WMQSts&N;GC(w36y&%c}=ILpOV+y2McQwL2G zQw1)5e?@Nk@xU54hw!R8V)9Q!WYQ_62OshKFIFf7@44wZ9b&ItOhcD41b=P7!q?BA zijQyhpYWE9{t4h!Zwj!gIZxi}U>RHF-N@85=2!TW;1+$|nR&SC`vhy8m~R<_b#GWA~fS8GjQgwr6ReESd1YszhgTLKcV#E!XQ7G39c6(U~qxJ|Y*FrEnOl zvYbt+JmiI>uou+bNAIle=i9oDb60?u9Mk0&XG=;(N5n=acj6 z?KB)7$!;5rI5}w8(mF#N4V1K47Kr#VC(b+CVSA@LGvV!Aoy&njxD%f^!PzUI^yy=w zVO34ZKVP1B`#al9KdS!LfGlzZ@n8K!uj}u_Yy^*E!vezB4B4ZdRMyG8X{eZXqj(6b zv>^!D5NyW|MIweTot}(sO9v{&qr!iE{&93SC z*!43=l)bdfRV}qLNnRU!cXUCv;1mF4?D#_4H4Jt+NNdp1eb_V|qvGjNbOO|KNp|O> z>*|$S_ob|CtN}8p0&R5eN`+gE!7EWPAIS7jG6sy0fvJJ{ASFJjm*fBXzN$ykyU8+5 zo-+kn@Aq5?bI+3t13%l`e$C-Y3Cx_T!6l zqo-`6lPVYDAjTrOaVS93Ywim}g1mDgcq50hq$A;>Kd2GJy>&`%wn0VkEKm1YSsvxY za^ia}4nw`8n0P3aQN*t*;A2UmB=h&3F7r50GOc%(F>3iL*K87nZwedH zY_!ZBPM}Oq#3?FA{|mH_;SOb#*r`6;g2^CPG(s2F3Nl#xzGH(Azh>XlG>*%N5~vSj z-{+IV@*Nrtf4&L}z+_gq&35AwHR(Oix~`Bn)eVSi?gX(x%4K>2{P72jnr~Jatmn_l zmnbw?SOFAY1of2mQ`9(r^316zQeYMeQolke-h}`D>@L$rYI3t<&n-U_FBr6p&={$6 zw=hSf-oG!$*-&W*%K?D6ikB2nN5N@~rRkj)gV}J-DcDf(&jvfp;8Ovk@876mJa_@k zAkkC1sp-MIMgo9oTmMwW_s%A=z?EC;ur~6(O)+`DuyC=Ye>EQ&JQ|!G97a)0R>IO8 z++s4sesHKN$m)QTJQCRv&YaJ%lLv5FRwa2D=7Nwv=580a;aV4_9@3MSt0wQ-dwy`R ztMo%RxRhzL=WhogBVdeL9B$sFdOODJ8#;!UZx%3i_UnsAM%%-WQx$7DZCjnqDGdLn zuzr2k&{B|2h4Cm<h=}F)e9FoRz+9&r=J+_s!-QG#jID^~7&Pd?@D&Vc0;< zDkdyop0%ofoaU4>QP(n_SF@~EyIhsKGb@g>;z9RVbT9pIbU6M~UT& zgFQ||$EOz(>7AvRk>*f!*^Pw9&opdwfBA7Sk2q|Ksbor0Eu-bklWNqU$_5-01d6n>T9@rXxy>!ya-vs4s+d?Z{{2;9RqEt{rli5qP)_()t#j+oB9KDK`1L<(lqR0D-#W|9y z{i#KL!zI#IY|Gl@_-+GcxP|?zJlRe=Am?Uk$H>e8Y1COp7D~8}N40`n%$X zE)N>o_k{AbLmchR5wAr7!;|cVUxWM9c%J+av`LF_5$RP+dEE!iiw(f+3`kwi%OXb4 zTnO9o%Dxgnq9)(ZG3J)skdYtRcgsEp|Cv!AKI4Q^ywKW$ZKERz2JolmKd1K)ZM-aRQ|PuKT|yW|G-qN>ID_aL zfR}dHVRM8+#c5Y<&0l^8c%-ES%8>--%non`{90F$a;uz#T^j4u%Zm{`@IocTIX;>& z>Ls_t^@oXD5U2$9H6)eu_j+BPp$sQ4IMfr~-v?>uCX>leA1gcqC`e+xANa8_0_Yy{ zk0oyS4o@|t{w*Tcb*%6I<1G!o2nNv4>n!1k;~;u9A;d0W{nRHX59{F1@(9p zTYwQ;S*nAClIRiziRQ}WhQ!y-n&7B@q$AUdgY*YgR4phHFl&lIC;><-@0h)e>*Pnn z6#v{^ZnO_CE+IsHis&9NBl)Noqcb2@$%{JU@;N`BC9ewC0H6eUp58y`X1N1mr+SWo zvOI-V?X^BVSu|md*(SFQ!>I;Gh2>kpJ}^x1*xZ|ZitgTbfk{uNGLIgw>dLUq(Vq=F z9yhf@4%E(u(qeb<0Z&Ne;%!opHTJa6dtm$?O1u4)K!pyTHxj|-1_aME+f8cUP)v1; z;fk8t;8V^03z>Jqf@7g9{8z3q8%y@ayp{pb+CMFeMmsJz`9JTE7W)Je+L#8ZsL#Fa zs+#)6<#=+k24x@@C+t8xRNzWI8jj@UVV29R0!&>{;w)PJev_J5dQD&sFy^E((oYi@ z$9ZM&?678+zE=Q}O2%i$Z+d1b&`V;N6GRi(xLJbMI1|pLi{>N()(t$IFQ3oTe!hrk zGkB||{a7mjq9p@C7&|~7Vu`snZ!Gqmm{s$g# BcN72s literal 0 HcmV?d00001 diff --git a/docs/boundary.md b/docs/boundary.md new file mode 100644 index 0000000..9393a74 --- /dev/null +++ b/docs/boundary.md @@ -0,0 +1,68 @@ +# Boundary +![img](assets/boundary_k8s.png) +> https://www.hashicorp.com/blog/how-to-connect-to-kubernetes-clusters-using-boundary + +## Description + +* In thise use case a user requests kubernetes cluster credentials (token) for the local running minikube cluster +* Boundary then issues credentials utilizing Vaults Kubernetes Secret Engine +* the Token is only allowed to list pods in namespace default, as configured in the Vault Kubernetes Secret Engine +* the user receives a service account token and can then use `kubectl` + +## Requirements +For this lab youre going to need `kubectl` and the [Boundary Desktop Application](https://developer.hashicorp.com/boundary/tutorials/oss-getting-started/oss-getting-started-desktop-app) on your system. + +Also in your `terraform.tfvars`: + +```yaml +# terraform.tfvars +boundary = { + enabled = true +} + +kubernetes = { + enabled = true +} +``` + +You then can bootstrap the cluster using + +```bash +make bootstrap +``` + +## Overview + +* Vault is used as Boundarys KMS Server using Vaults Transit Engine ([https://localhost/ui/vault/secrets/transit/list](https://localhost/ui/vault/secrets/transit/list)) +* Vaults Secret Engine is configured for minikube for creating SAs that are allowed to LIST pods in the default namespace: + +```json +# https://localhost/ui/vault/secrets/minikube/kubernetes/roles/minikube/details +{"rules":[{"apiGroups":[""],"resources":["pods"],"verbs":["list"]}]} +``` + +* a global organization: `playground` +* a projet: `minikube` +* an basic auth method `basic` with an admin account: `admin:password` +* an Admin Role, so the admin account can edit/view everything globally and project wide +* Vault is added as a Credential Store, and has received a proper token + policy +* Vault is used a a Credentials Library for Kubernetes SA +* A Host Catalog `minikube` has been created, containing the Minikubes API Server as a Host +* A Target `minikube` has been created, specifiyin the connection (tcp, port 443, ...) +* A Role for that target has been created and added to the admin user + +## Walkthrough +* Start Boundary Desktop Application +* Connect to the local running boundary +* Choose the `minikube` Target and Click `connect` + +```bash +# create any pod in default namespace +$> kubectl run nginx --image nginx + +# create a new context +$> kubectl config set-context empty && kubectl config use-context empty + +# connect with the received SA token +$> kubectl get pod --insecure-skip-tls-verify --server=https://127.0.0.1:8443 --token= +``` diff --git a/docs/home.md b/docs/home.md index 83a46ad..b9f3456 100644 --- a/docs/home.md +++ b/docs/home.md @@ -21,10 +21,15 @@ Bootstrap a local Vault HA Cluster with many useful learning labs in under a min * [x] [Vault Agent Injector](https://falcosuessgott.github.io/hashicorp-vault-playground/vai/) * [x] [CSI Driver](https://falcosuessgott.github.io/hashicorp-vault-playground/csi/) * [x] [Certmanager](https://falcosuessgott.github.io/hashicorp-vault-playground/cm/) +* [x] [Kubernetes Secret Method](https://falcosuessgott.github.io/hashicorp-vault-playground/boundary/) ### MySQL Dynamic DB Credentials * [x] [MySQL dynamic DB Credentials](https://falcosuessgott.github.io/hashicorp-vault-playground/databases/) +### Boundary +* [x] [Kubernetes Control Plane Access](https://falcosuessgott.github.io/hashicorp-vault-playground/boundary/) +* [ ] SSH Access + ### ToDos * [ ] Prometheus & Grafana + Vault Metrics * [ ] Boundary & (kubectl acccess, SSH) diff --git a/docs/kms.md b/docs/kms.md index 4b2a7d7..0e357d3 100644 --- a/docs/kms.md +++ b/docs/kms.md @@ -49,15 +49,15 @@ $> kubectl -n kube-system exec etcd-vault-playground -- sh -c "ETCDCTL_API=3 etc 00000116 ``` -### Deploy Trousseau +### Deploy Trousseau ```bash # troussea has been deployed as a daemon set in kube-system namespace -$> kubectl get ds -n kube-system +$> kubectl get ds -n kube-system NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE kube-proxy 1 1 1 1 1 kubernetes.io/os=linux 116s trousseau-kms-provider 1 1 1 1 1 46s -# a config map has been mounted into the daemon set, specifying the vault server and the vault token +# a config map has been mounted into the daemon set, specifying the vault server and the vault token $> kubectl describe cm trousseau-config -n kube-system Name: trousseau-config Namespace: kube-system @@ -75,7 +75,7 @@ vault: address: https://host.minikube.internal token: hvs.CAESIJGPZdckGe6vN3-bMUzBmT3XywsQ8eNMWZljladJKsszGh4KHGh2cy5Tb3dpQjNjOEJuWHM2cVk2anhNcWtFSEQ # periodic & orphan token -# Troussea creates a unix socket on the minikube host +# Troussea creates a unix socket on the minikube host $> minikube ssh "ls -la /opt/trousseau-kms" vaultkms.socket ``` @@ -104,7 +104,7 @@ storage-provisioner 1/1 Running 3 (36s ago) 5m13s trousseau-kms-provider-jrflz 1/1 Running 0 4m28s ``` -### Verify Secrets are now encrypted +### Verify Secrets are now encrypted ```bash # create any secret $> kubectl create secret generic secret-post-deploy -n default --from-literal=key=value @@ -139,4 +139,4 @@ $> kubectl -n kube-system exec etcd-vault-playground -- sh -c "ETCDCTL_API=3 etc ### Encrypt all existing secrets ```bash $> kubectl get secrets --all-namespaces -o json | kubectl replace -f - -``` \ No newline at end of file +``` diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md new file mode 100644 index 0000000..1523736 --- /dev/null +++ b/docs/troubleshooting.md @@ -0,0 +1,25 @@ +# Troubleshooting + +## Teardown Environment + +```bash +$> make teardown +``` + +should destroy all terraform managed ressources. + +## Clean up +If you wanna clean up your development environment enter: + +!!! warning + Use with Caution, check the Makefile before running! + +```bash +$> make cleanup +``` + +## Remove `minikube` cache + +```bash +$> minikube delete --purge +``` \ No newline at end of file diff --git a/k8s-minikube/terraform/kubernetes.tf b/k8s-minikube/terraform/kubernetes.tf deleted file mode 100644 index 2a32ffb..0000000 --- a/k8s-minikube/terraform/kubernetes.tf +++ /dev/null @@ -1,25 +0,0 @@ -resource "kubernetes_config_map" "this" { - count = var.kms_enabled ? 1 : 0 - - metadata { - name = "trousseau-config" - namespace = "kube-system" - } - - data = { - cfg = templatefile("${path.module}/../templates/trousseau-config.yml.tmpl", { - token = vault_token.this.client_token - }) - } - - depends_on = [minikube_cluster.docker] -} - -resource "kubectl_manifest" "secret_store" { - count = var.kms_enabled ? 1 : 0 - - - yaml_body = file("${path.module}/../files/trousseau.yml") - - depends_on = [kubernetes_config_map.this] -} diff --git a/k8s-minikube/terraform/variables.tf b/k8s-minikube/terraform/variables.tf deleted file mode 100644 index 6d0d045..0000000 --- a/k8s-minikube/terraform/variables.tf +++ /dev/null @@ -1,3 +0,0 @@ -variable "kms_enabled" { - type = bool -} diff --git a/k8s-minikube/terraform/vault.tf b/k8s-minikube/terraform/vault.tf deleted file mode 100644 index b88fef3..0000000 --- a/k8s-minikube/terraform/vault.tf +++ /dev/null @@ -1,26 +0,0 @@ -resource "vault_mount" "transit" { - path = "transit" - type = "transit" -} - -resource "vault_transit_secret_backend_key" "key" { - backend = vault_mount.transit.path - name = "kms" - - deletion_allowed = true -} - -resource "vault_policy" "kms" { - name = "kms" - - policy = file("${path.module}/../files/vault-policy.hcl") -} - -resource "vault_token" "this" { - policies = [vault_policy.kms.name] - - renewable = true - no_parent = true - period = "24h" - ttl = "24h" -} diff --git a/main.tf b/main.tf index 9396e4e..0025255 100644 --- a/main.tf +++ b/main.tf @@ -7,7 +7,7 @@ module "tls" { ip_sans = ["127.0.0.1"] dns_sans = concat( - ["host.minikube.internal"], + ["host.minikube.internal", "host.docker.internal"], [for v in range(0, var.vault.nodes) : format("vault-%02d", v + 1)] ) } @@ -16,7 +16,7 @@ module "tls" { module "vault" { source = "./vault-server/terraform" - vault_nodes = 3 + vault_nodes = var.vault.nodes ip_subnet = var.vault.ip_subnet vault_version = var.vault.version @@ -28,6 +28,7 @@ module "vault" { depends_on = [module.tls] } +# Deploy Mysql and Dynamic DB lab module "database" { count = var.databases.enabled ? 1 : 0 @@ -36,15 +37,12 @@ module "database" { depends_on = [module.vault] } -# Spin up a K8s Cluster -module "kubernetes" { +# Spin up a minikube k8s cluster +module "minikube" { count = var.kubernetes.enabled ? 1 : 0 source = "./k8s-minikube/terraform" - kms_enabled = var.kubernetes.kms - - depends_on = [module.vault] } @@ -54,9 +52,12 @@ module "vault_k8s" { source = "./vault-k8s/terraform" - depends_on = [module.kubernetes] + kms_enabled = var.kubernetes.kms + + depends_on = [module.minikube] } +# Setup Vaults PKI module "vault_pki" { source = "./vault-pki/terraform" @@ -75,6 +76,7 @@ module "esm" { depends_on = [module.vault_k8s] } +# Setup Vault Agent Injector module "vai" { count = var.kubernetes.enabled && var.kubernetes.vault_agent_injector ? 1 : 0 @@ -85,6 +87,7 @@ module "vai" { depends_on = [module.vault_k8s] } +# Setup CSI Secet Driver module "csi" { count = var.kubernetes.enabled && var.kubernetes.csi ? 1 : 0 @@ -95,6 +98,7 @@ module "csi" { depends_on = [module.vault_k8s] } +# Setup Vault Secets Operator module "vso" { count = var.kubernetes.enabled && var.kubernetes.vault_secrets_operator ? 1 : 0 @@ -105,13 +109,34 @@ module "vso" { depends_on = [module.vault_k8s] } +# Setup Cert manager module "cm" { count = var.kubernetes.enabled && var.kubernetes.cert_manager ? 1 : 0 source = "./k8s-cert-manager/terraform" ca_cert = module.tls.ca.cert - minikube_ip = module.kubernetes[0].minikube_ip + minikube_ip = module.minikube[0].minikube_ip depends_on = [module.vault_k8s] } + +# Deploy Boundary +module "boundary" { + count = var.boundary.enabled ? 1 : 0 + + source = "./boundary/terraform" + + depends_on = [module.vault_k8s] +} + +# Configure Boundary +module "boundary_cfg" { + count = var.boundary.enabled ? 1 : 0 + + source = "./boundary-config/terraform" + + minikube_ip = module.minikube[0].minikube_ip + + depends_on = [module.boundary] +} diff --git a/mkdocs.yml b/mkdocs.yml index 9ca06a7..2870242 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -36,7 +36,10 @@ nav: - Cert Manager: cm.md - Dynamic DB Credentials: - MySQL: databases.md - - Troubleshooting: Troubleshooting.md + - Boundary: + - Kubernetes Cluster Access: boundary.md + - Troubleshooting: + - troubleshooting.md markdown_extensions: - pymdownx.superfences: diff --git a/output.tf b/output.tf index a313c73..8c81e2a 100644 --- a/output.tf +++ b/output.tf @@ -3,7 +3,7 @@ output "ca_cert" { } output "minikube_ip" { - value = module.kubernetes[0].minikube_ip + value = try(module.minikube[0].minikube_ip, "") } output "root_token" { diff --git a/terraform.tfvars b/terraform.tfvars index afdef11..018df4c 100644 --- a/terraform.tfvars +++ b/terraform.tfvars @@ -20,7 +20,7 @@ vault = { # Dyanmic DB Credentials databases = { - enabled = false + enabled = true # enable mysql db mysql = true @@ -32,7 +32,7 @@ kubernetes = { enabled = true # enable kms plugin for secret encryption at rest - kms = false + kms = true # enable external secrets manager external_secrets_manager = true @@ -49,3 +49,8 @@ kubernetes = { # enable vault agent injector vault_agent_injector = true } + +# enable Boundary Lab +boundary = { + enabled = true +} diff --git a/tests/e2e.tftest.hcl b/tests/e2e.tftest.hcl index cf37aa4..1e2123b 100644 --- a/tests/e2e.tftest.hcl +++ b/tests/e2e.tftest.hcl @@ -1,3 +1,24 @@ +variables { + databases = { + enabled = true + mysql = true + } + + kubernetes = { + enabled = true + kms = true + external_secrets_manager = true + vault_secrets_operator = true + csi = true + cert_manager = true + vault_agent_injector = true + } + + boundary = { + enabled = true + } +} + # only create vault and tls resources run "setup_vault" { plan_options { @@ -73,7 +94,25 @@ run "mysql_user_is_created" { run "setup_minikube" { plan_options { target = [ - module.kubernetes + module.minikube + ] + } +} + +# set up boundary +run "setup_boundary" { + plan_options { + target = [ + module.boundary + ] + } +} + +# setup boundary config +run "setup_boundary_cfg" { + plan_options { + target = [ + module.boundary_cfg ] } } diff --git a/variables.tf b/variables.tf index e4e8fa4..11168f4 100644 --- a/variables.tf +++ b/variables.tf @@ -1,7 +1,7 @@ variable "vault" { type = object({ ip_subnet = optional(string, "172.16.10.0/24") - version = optional(string, "latest") + version = optional(string, "1.15") base_port = optional(number, 8000) nodes = optional(number, 3) initialization = optional(object({ @@ -14,6 +14,12 @@ variable "vault" { }) } +variable "boundary" { + type = object({ + enabled = optional(bool, false) + }) +} + variable "databases" { type = object({ enabled = optional(bool, true) diff --git a/k8s-minikube/files/encryption_provider_config.yml b/vault-k8s/files/encryption_provider_config.yml similarity index 100% rename from k8s-minikube/files/encryption_provider_config.yml rename to vault-k8s/files/encryption_provider_config.yml diff --git a/k8s-minikube/files/kube-api-server.yml b/vault-k8s/files/kube-api-server.yml similarity index 100% rename from k8s-minikube/files/kube-api-server.yml rename to vault-k8s/files/kube-api-server.yml diff --git a/k8s-minikube/files/trousseau.yml b/vault-k8s/files/trousseau.yml similarity index 100% rename from k8s-minikube/files/trousseau.yml rename to vault-k8s/files/trousseau.yml diff --git a/k8s-minikube/files/vault-policy.hcl b/vault-k8s/files/vault-policy.hcl similarity index 100% rename from k8s-minikube/files/vault-policy.hcl rename to vault-k8s/files/vault-policy.hcl diff --git a/k8s-minikube/templates/trousseau-config.yml.tmpl b/vault-k8s/templates/trousseau-config.yml.tmpl similarity index 100% rename from k8s-minikube/templates/trousseau-config.yml.tmpl rename to vault-k8s/templates/trousseau-config.yml.tmpl diff --git a/vault-k8s/terraform/kms.tf b/vault-k8s/terraform/kms.tf new file mode 100644 index 0000000..dd47d92 --- /dev/null +++ b/vault-k8s/terraform/kms.tf @@ -0,0 +1,61 @@ +resource "kubernetes_config_map" "this" { + count = var.kms_enabled ? 1 : 0 + + metadata { + name = "trousseau-config" + namespace = "kube-system" + } + + data = { + cfg = templatefile("${path.module}/../templates/trousseau-config.yml.tmpl", { + token = vault_token.this[0].client_token + }) + } + +} + +resource "kubectl_manifest" "secret_store" { + count = var.kms_enabled ? 1 : 0 + + + yaml_body = file("${path.module}/../files/trousseau.yml") + + depends_on = [kubernetes_config_map.this] +} + + +resource "vault_mount" "transit" { + count = var.kms_enabled ? 1 : 0 + + path = "transit" + type = "transit" +} + +resource "vault_transit_secret_backend_key" "key" { + count = var.kms_enabled ? 1 : 0 + + backend = vault_mount.transit[0].path + name = "kms" + + deletion_allowed = true +} + + +resource "vault_policy" "kms" { + count = var.kms_enabled ? 1 : 0 + + name = "kms" + + policy = file("${path.module}/../files/vault-policy.hcl") +} + +resource "vault_token" "this" { + count = var.kms_enabled ? 1 : 0 + + policies = [vault_policy.kms[0].name] + + renewable = true + no_parent = true + period = "24h" + ttl = "24h" +} diff --git a/vault-k8s/terraform/main.tf b/vault-k8s/terraform/kubernetes_auth.tf similarity index 92% rename from vault-k8s/terraform/main.tf rename to vault-k8s/terraform/kubernetes_auth.tf index 9b1d2f8..92a3d2b 100644 --- a/vault-k8s/terraform/main.tf +++ b/vault-k8s/terraform/kubernetes_auth.tf @@ -30,7 +30,7 @@ resource "kubernetes_secret" "service_account_secret" { } # https://developer.hashicorp.com/vault/docs/auth/kubernetes#use-the-vault-client-s-jwt-as-the-reviewer-jwt -resource "kubernetes_cluster_role_binding" "role_binding" { +resource "kubernetes_cluster_role_binding" "sa_validator" { metadata { name = "vault-token-reviewer" } @@ -48,6 +48,7 @@ resource "kubernetes_cluster_role_binding" "role_binding" { } } + # enable vault kubernetes auth backend for minikube cluster resource "vault_auth_backend" "minikube" { type = "kubernetes" @@ -55,7 +56,7 @@ resource "vault_auth_backend" "minikube" { } # configure vault kubernetes auth backend -resource "vault_kubernetes_auth_backend_config" "kubernetes_config" { +resource "vault_kubernetes_auth_backend_config" "this" { backend = vault_auth_backend.minikube.path kubernetes_host = "https://host.docker.internal:8443" diff --git a/vault-k8s/terraform/kubernetes_secret.tf b/vault-k8s/terraform/kubernetes_secret.tf new file mode 100644 index 0000000..a0f142e --- /dev/null +++ b/vault-k8s/terraform/kubernetes_secret.tf @@ -0,0 +1,77 @@ +resource "vault_kubernetes_secret_backend" "config" { + path = "minikube" + description = "K8s SAs for Minikube Cluster" + + default_lease_ttl_seconds = 43200 + max_lease_ttl_seconds = 86400 + + kubernetes_host = vault_kubernetes_auth_backend_config.this.kubernetes_host + kubernetes_ca_cert = vault_kubernetes_auth_backend_config.this.kubernetes_ca_cert + service_account_jwt = vault_kubernetes_auth_backend_config.this.token_reviewer_jwt + + disable_local_ca_jwt = false +} + +resource "vault_kubernetes_secret_backend_role" "role" { + backend = vault_kubernetes_secret_backend.config.path + name = "minikube" + + allowed_kubernetes_namespaces = ["*"] + token_max_ttl = 43200 + token_default_ttl = 21600 + + generated_role_rules = <