From a35eb8bbc11593c3f85ece4ce8fe3e4c5619cbd4 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 19 Jan 2022 14:17:20 +0100 Subject: [PATCH] Merge Fabric FAST (#435) Co-authored-by: Simone Ruffilli Co-authored-by: Julio Castillo Co-authored-by: Julio Castillo --- .github/workflows/linting.yml | 36 +- .github/workflows/tests.yml | 72 +- .gitignore | 5 + README.md | 14 +- .../gcs-to-bq-with-dataflow/README.md | 4 +- .../factories/net-vpc-firewall-yaml/README.md | 26 +- examples/factories/project-factory/main.tf | 8 +- .../decentralized-firewall/README.md | 28 +- fast/README.md | 87 + fast/TODO.md | 23 + .../assets/schemas/firewall_rules.schema.yaml | 29 + .../schemas/hierarchical_rules.schema.yaml | 25 + fast/assets/schemas/project.schema.yaml | 57 + .../schemas/project_defaults.schema.yaml | 28 + fast/assets/schemas/subnet.schema.yaml | 29 + fast/assets/templates/providers.tpl | 30 + fast/stages.png | Bin 0 -> 279088 bytes fast/stages.svg | 1074 +++++++ fast/stages/00-bootstrap/README.md | 310 ++ fast/stages/00-bootstrap/automation.tf | 107 + fast/stages/00-bootstrap/billing.tf | 102 + fast/stages/00-bootstrap/diagram.png | Bin 0 -> 42583 bytes fast/stages/00-bootstrap/diagram.svg | 807 +++++ fast/stages/00-bootstrap/log-export.tf | 73 + fast/stages/00-bootstrap/main.tf | 32 + fast/stages/00-bootstrap/organization.tf | 205 ++ fast/stages/00-bootstrap/outputs.tf | 113 + fast/stages/00-bootstrap/variables.tf | 100 + fast/stages/01-resman/README.md | 196 ++ fast/stages/01-resman/billing.tf | 56 + fast/stages/01-resman/branch-networking.tf | 59 + fast/stages/01-resman/branch-sandbox.tf | 59 + fast/stages/01-resman/branch-security.tf | 61 + fast/stages/01-resman/branch-teams.tf | 165 + fast/stages/01-resman/diagram.png | Bin 0 -> 233671 bytes fast/stages/01-resman/diagram.svg | 1340 ++++++++ fast/stages/01-resman/main.tf | 35 + fast/stages/01-resman/organization.tf | 136 + fast/stages/01-resman/outputs.tf | 150 + fast/stages/01-resman/variables.tf | 104 + fast/stages/02-networking/README.md | 338 ++ fast/stages/02-networking/data/cidrs.yaml | 15 + .../data/dashboards/firewall_insights.json | 68 + .../02-networking/data/dashboards/vpn.json | 248 ++ .../data/firewall-rules/landing/rules.yaml | 15 + .../data/hierarchical-policy-rules.yaml | 49 + .../data/subnets/dev/dev-default-ew1.yaml | 5 + .../subnets/landing/landing-default-ew1.yaml | 5 + .../data/subnets/prod/prod-default-ew1.yaml | 5 + fast/stages/02-networking/diagram.png | Bin 0 -> 141184 bytes fast/stages/02-networking/diagram.svg | 2788 +++++++++++++++++ fast/stages/02-networking/dns-dev.tf | 53 + fast/stages/02-networking/dns-landing.tf | 93 + fast/stages/02-networking/dns-prod.tf | 53 + fast/stages/02-networking/main.tf | 72 + fast/stages/02-networking/monitoring.tf | 32 + fast/stages/02-networking/outputs.tf | 95 + fast/stages/02-networking/test-resources.tf | 100 + fast/stages/02-networking/variables.tf | 253 ++ fast/stages/02-networking/vpc-landing.tf | 93 + fast/stages/02-networking/vpc-spoke-dev.tf | 105 + fast/stages/02-networking/vpc-spoke-prod.tf | 105 + fast/stages/02-networking/vpn-onprem.tf | 50 + fast/stages/02-networking/vpn-spoke-dev.tf | 73 + fast/stages/02-networking/vpn-spoke-prod.tf | 121 + fast/stages/02-security/README.md | 323 ++ fast/stages/02-security/core-dev.tf | 64 + fast/stages/02-security/core-prod.tf | 64 + fast/stages/02-security/diagram.png | Bin 0 -> 93474 bytes fast/stages/02-security/diagram.svg | 1157 +++++++ fast/stages/02-security/main.tf | 47 + fast/stages/02-security/outputs.tf | 43 + fast/stages/02-security/variables.tf | 185 ++ .../vpc-sc-restricted-services.yaml | 88 + fast/stages/02-security/vpc-sc.tf | 167 + fast/stages/03-project-factory/README.md | 6 + fast/stages/03-project-factory/prod/README.md | 131 + .../prod/data/defaults.yaml | 24 + .../prod/data/projects/project.yaml | 100 + .../03-project-factory/prod/diagram.png | Bin 0 -> 57470 bytes .../03-project-factory/prod/diagram.svg | 1530 +++++++++ fast/stages/03-project-factory/prod/main.tf | 56 + .../stages/03-project-factory/prod/outputs.tf | 20 + .../03-project-factory/prod/variables.tf | 54 + fast/stages/README.md | 29 + stages.png | Bin 0 -> 39873 bytes tests/conftest.py | 13 +- .../examples => doc_examples}/conftest.py | 2 +- .../examples => doc_examples}/test_plan.py | 12 +- .../examples => doc_examples}/variables.tf | 0 .../__init__.py | 0 .../fixture/main.tf | 0 .../fixture/rules/common.yaml | 0 .../fixture/variables.tf | 0 .../test_plan.py | 0 tests/fast/README.md | 34 + tests/fast/__init__.py | 13 + tests/fast/conftest.py | 48 + tests/fast/stages/__init__.py | 13 + tests/fast/stages/s00_bootstrap/__init__.py | 13 + .../fast/stages/s00_bootstrap/fixture/main.tf | 29 + tests/fast/stages/s00_bootstrap/test_plan.py | 33 + tests/fast/stages/s01_resman/__init__.py | 13 + tests/fast/stages/s01_resman/fixture/main.tf | 42 + tests/fast/stages/s01_resman/test_plan.py | 20 + tests/fast/stages/s02_networking/__init__.py | 13 + .../stages/s02_networking/fixture/main.tf | 31 + tests/fast/stages/s02_networking/test_plan.py | 20 + tests/fast/stages/s02_security/__init__.py | 13 + .../fast/stages/s02_security/fixture/main.tf | 109 + tests/fast/stages/s02_security/test_plan.py | 20 + .../stages/s03_project_factory/__init__.py | 13 + .../fixture/data/defaults.yaml | 45 +- .../fixture/data/projects/project.yaml | 112 + .../s03_project_factory/fixture/main.tf | 57 + .../terraform-bootstrap.auto.tfvars.json | 4 + .../terraform-networking.auto.tfvars.json | 5 + .../s03_project_factory/fixture/variables.tf | 61 + .../stages/s03_project_factory/test_plan.py | 20 + tests/versions.tf | 43 + tools/REQUIREMENTS.txt | 1 + tools/check_boilerplate.py | 48 +- tools/check_documentation.py | 37 +- tools/validate_schema.py | 67 + 124 files changed, 15562 insertions(+), 149 deletions(-) create mode 100644 fast/README.md create mode 100644 fast/TODO.md create mode 100644 fast/assets/schemas/firewall_rules.schema.yaml create mode 100644 fast/assets/schemas/hierarchical_rules.schema.yaml create mode 100644 fast/assets/schemas/project.schema.yaml create mode 100644 fast/assets/schemas/project_defaults.schema.yaml create mode 100644 fast/assets/schemas/subnet.schema.yaml create mode 100644 fast/assets/templates/providers.tpl create mode 100644 fast/stages.png create mode 100644 fast/stages.svg create mode 100644 fast/stages/00-bootstrap/README.md create mode 100644 fast/stages/00-bootstrap/automation.tf create mode 100644 fast/stages/00-bootstrap/billing.tf create mode 100644 fast/stages/00-bootstrap/diagram.png create mode 100644 fast/stages/00-bootstrap/diagram.svg create mode 100644 fast/stages/00-bootstrap/log-export.tf create mode 100644 fast/stages/00-bootstrap/main.tf create mode 100644 fast/stages/00-bootstrap/organization.tf create mode 100644 fast/stages/00-bootstrap/outputs.tf create mode 100644 fast/stages/00-bootstrap/variables.tf create mode 100644 fast/stages/01-resman/README.md create mode 100644 fast/stages/01-resman/billing.tf create mode 100644 fast/stages/01-resman/branch-networking.tf create mode 100644 fast/stages/01-resman/branch-sandbox.tf create mode 100644 fast/stages/01-resman/branch-security.tf create mode 100644 fast/stages/01-resman/branch-teams.tf create mode 100644 fast/stages/01-resman/diagram.png create mode 100644 fast/stages/01-resman/diagram.svg create mode 100644 fast/stages/01-resman/main.tf create mode 100644 fast/stages/01-resman/organization.tf create mode 100644 fast/stages/01-resman/outputs.tf create mode 100644 fast/stages/01-resman/variables.tf create mode 100644 fast/stages/02-networking/README.md create mode 100644 fast/stages/02-networking/data/cidrs.yaml create mode 100644 fast/stages/02-networking/data/dashboards/firewall_insights.json create mode 100644 fast/stages/02-networking/data/dashboards/vpn.json create mode 100644 fast/stages/02-networking/data/firewall-rules/landing/rules.yaml create mode 100644 fast/stages/02-networking/data/hierarchical-policy-rules.yaml create mode 100644 fast/stages/02-networking/data/subnets/dev/dev-default-ew1.yaml create mode 100644 fast/stages/02-networking/data/subnets/landing/landing-default-ew1.yaml create mode 100644 fast/stages/02-networking/data/subnets/prod/prod-default-ew1.yaml create mode 100644 fast/stages/02-networking/diagram.png create mode 100644 fast/stages/02-networking/diagram.svg create mode 100644 fast/stages/02-networking/dns-dev.tf create mode 100644 fast/stages/02-networking/dns-landing.tf create mode 100644 fast/stages/02-networking/dns-prod.tf create mode 100644 fast/stages/02-networking/main.tf create mode 100644 fast/stages/02-networking/monitoring.tf create mode 100644 fast/stages/02-networking/outputs.tf create mode 100644 fast/stages/02-networking/test-resources.tf create mode 100644 fast/stages/02-networking/variables.tf create mode 100644 fast/stages/02-networking/vpc-landing.tf create mode 100644 fast/stages/02-networking/vpc-spoke-dev.tf create mode 100644 fast/stages/02-networking/vpc-spoke-prod.tf create mode 100644 fast/stages/02-networking/vpn-onprem.tf create mode 100644 fast/stages/02-networking/vpn-spoke-dev.tf create mode 100644 fast/stages/02-networking/vpn-spoke-prod.tf create mode 100644 fast/stages/02-security/README.md create mode 100644 fast/stages/02-security/core-dev.tf create mode 100644 fast/stages/02-security/core-prod.tf create mode 100644 fast/stages/02-security/diagram.png create mode 100644 fast/stages/02-security/diagram.svg create mode 100644 fast/stages/02-security/main.tf create mode 100644 fast/stages/02-security/outputs.tf create mode 100644 fast/stages/02-security/variables.tf create mode 100644 fast/stages/02-security/vpc-sc-restricted-services.yaml create mode 100644 fast/stages/02-security/vpc-sc.tf create mode 100644 fast/stages/03-project-factory/README.md create mode 100644 fast/stages/03-project-factory/prod/README.md create mode 100644 fast/stages/03-project-factory/prod/data/defaults.yaml create mode 100644 fast/stages/03-project-factory/prod/data/projects/project.yaml create mode 100644 fast/stages/03-project-factory/prod/diagram.png create mode 100644 fast/stages/03-project-factory/prod/diagram.svg create mode 100644 fast/stages/03-project-factory/prod/main.tf create mode 100644 fast/stages/03-project-factory/prod/outputs.tf create mode 100644 fast/stages/03-project-factory/prod/variables.tf create mode 100644 fast/stages/README.md create mode 100644 stages.png rename tests/{modules/examples => doc_examples}/conftest.py (96%) rename tests/{modules/examples => doc_examples}/test_plan.py (80%) rename tests/{modules/examples => doc_examples}/variables.tf (100%) rename tests/examples/factories/{net-vpc-firewall-yaml => net_vpc_firewall_yaml}/__init__.py (100%) rename tests/examples/factories/{net-vpc-firewall-yaml => net_vpc_firewall_yaml}/fixture/main.tf (100%) rename tests/examples/factories/{net-vpc-firewall-yaml => net_vpc_firewall_yaml}/fixture/rules/common.yaml (100%) rename tests/examples/factories/{net-vpc-firewall-yaml => net_vpc_firewall_yaml}/fixture/variables.tf (100%) rename tests/examples/factories/{net-vpc-firewall-yaml => net_vpc_firewall_yaml}/test_plan.py (100%) create mode 100644 tests/fast/README.md create mode 100644 tests/fast/__init__.py create mode 100644 tests/fast/conftest.py create mode 100644 tests/fast/stages/__init__.py create mode 100644 tests/fast/stages/s00_bootstrap/__init__.py create mode 100644 tests/fast/stages/s00_bootstrap/fixture/main.tf create mode 100644 tests/fast/stages/s00_bootstrap/test_plan.py create mode 100644 tests/fast/stages/s01_resman/__init__.py create mode 100644 tests/fast/stages/s01_resman/fixture/main.tf create mode 100644 tests/fast/stages/s01_resman/test_plan.py create mode 100644 tests/fast/stages/s02_networking/__init__.py create mode 100644 tests/fast/stages/s02_networking/fixture/main.tf create mode 100644 tests/fast/stages/s02_networking/test_plan.py create mode 100644 tests/fast/stages/s02_security/__init__.py create mode 100644 tests/fast/stages/s02_security/fixture/main.tf create mode 100644 tests/fast/stages/s02_security/test_plan.py create mode 100644 tests/fast/stages/s03_project_factory/__init__.py rename tools/tfutils.py => tests/fast/stages/s03_project_factory/fixture/data/defaults.yaml (51%) mode change 100755 => 100644 create mode 100644 tests/fast/stages/s03_project_factory/fixture/data/projects/project.yaml create mode 100644 tests/fast/stages/s03_project_factory/fixture/main.tf create mode 100644 tests/fast/stages/s03_project_factory/fixture/terraform-bootstrap.auto.tfvars.json create mode 100644 tests/fast/stages/s03_project_factory/fixture/terraform-networking.auto.tfvars.json create mode 100644 tests/fast/stages/s03_project_factory/fixture/variables.tf create mode 100644 tests/fast/stages/s03_project_factory/test_plan.py create mode 100644 tests/versions.tf create mode 100755 tools/validate_schema.py diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index e39194519..1610f2700 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -16,6 +16,7 @@ name: "Linting" on: pull_request: branches: + - fast-dev - master tags: - ci @@ -51,23 +52,22 @@ jobs: run: | terraform fmt -recursive -check -diff $GITHUB_WORKSPACE - - name: Check documentation - id: documentation + - name: Check documentation (fabric) + id: documentation-fabric run: | - python3 tools/check_documentation.py \ - cloud-operations \ - data-solutions \ - factories \ - foundations \ - modules \ - networking + python3 tools/check_documentation.py examples modules - markdown-link-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@master - - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: 'yes' - use-verbose-mode: 'yes' - config-file: '.github/workflows/markdown-link-check.json' + - name: Check documentation (fast) + id: documentation-fast + run: | + python3 tools/check_documentation.py --files --show-extra fast + + # markdown-link-check: + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@master + # - uses: gaurav-nelson/github-action-markdown-link-check@v1 + # with: + # use-quiet-mode: "yes" + # use-verbose-mode: "yes" + # config-file: ".github/workflows/markdown-link-check.json" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index db3ad488d..ea8136579 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -18,6 +18,7 @@ on: - cron: "45 2 * * *" pull_request: branches: + - fast-dev - master tags: - ci @@ -27,6 +28,38 @@ env: PYTEST_ADDOPTS: "--color=yes" jobs: + doc-examples: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: "3.9" + + - name: Set up Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.1.3 + terraform_wrapper: false + + - name: Set environment + run: | + echo "TF_PLUGIN_CACHE_DIR=${{ github.workspace }}/.terraform.d/plugin-cache-${GITHUB_JOB}" >> $GITHUB_ENV + echo "GOOGLE_APPLICATION_CREDENTIALS=${GITHUB_WORKSPACE}/.github/workflows/fake-key.json" >> $GITHUB_ENV + mkdir --parents ${{ github.workspace }}/.terraform.d/plugin-cache-${GITHUB_JOB} + terraform -chdir=tests providers lock + + - name: Install dependencies + run: | + pip install -r tests/requirements.txt + + - name: Run tests on documentation examples + id: doc-examples + run: | + pytest -n 4 -vv tests/doc_examples + examples: runs-on: ubuntu-latest steps: @@ -40,12 +73,15 @@ jobs: - name: Set up Terraform uses: hashicorp/setup-terraform@v1 with: - terraform_version: 1.0.9 + terraform_version: 1.1.3 terraform_wrapper: false - name: Set environment run: | + echo "TF_PLUGIN_CACHE_DIR=${{ github.workspace }}/.terraform.d/plugin-cache-${GITHUB_JOB}" >> $GITHUB_ENV echo "GOOGLE_APPLICATION_CREDENTIALS=${GITHUB_WORKSPACE}/.github/workflows/fake-key.json" >> $GITHUB_ENV + mkdir --parents ${{ github.workspace }}/.terraform.d/plugin-cache-${GITHUB_JOB} + terraform -chdir=tests providers lock - name: Install dependencies run: | @@ -56,35 +92,6 @@ jobs: run: | pytest -n 4 -vv tests/examples - module-examples: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: "3.9" - - - name: Set up Terraform - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: 1.0.9 - terraform_wrapper: false - - - name: Set environment - run: | - echo "GOOGLE_APPLICATION_CREDENTIALS=${GITHUB_WORKSPACE}/.github/workflows/fake-key.json" >> $GITHUB_ENV - - - name: Install dependencies - run: | - pip install -r tests/requirements.txt - - - name: Run tests examples - id: test-examples - run: | - pytest -n 4 -vv tests/modules/examples - modules: runs-on: ubuntu-latest steps: @@ -98,12 +105,15 @@ jobs: - name: Set up Terraform uses: hashicorp/setup-terraform@v1 with: - terraform_version: 1.0.9 + terraform_version: 1.1.3 terraform_wrapper: false - name: Set environment run: | + echo "TF_PLUGIN_CACHE_DIR=${{ github.workspace }}/.terraform.d/plugin-cache-${GITHUB_JOB}" >> $GITHUB_ENV echo "GOOGLE_APPLICATION_CREDENTIALS=${GITHUB_WORKSPACE}/.github/workflows/fake-key.json" >> $GITHUB_ENV + mkdir --parents ${{ github.workspace }}/.terraform.d/plugin-cache-${GITHUB_JOB} + terraform -chdir=tests providers lock - name: Install dependencies run: | diff --git a/.gitignore b/.gitignore index 0f0dea4f9..d1a5e47c4 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,8 @@ bundle.zip **/packer_cache **/*.pkrvars.hcl fixture_* +fast/configs +fast/stages/**/providers.tf +fast/stages/**/terraform.tfvars +fast/stages/**/terraform.tfvars.json +fast/stages/**/terraform-*.auto.tfvars.json diff --git a/README.md b/README.md index 16227335c..c1fb07bc8 100644 --- a/README.md +++ b/README.md @@ -6,17 +6,17 @@ This repository provides **end-to-end examples** and a **suite of Terraform modules** for Google Cloud, which support different use cases: -- starter kits used to bootstrap real-world cloud foundations, and reference examples used to deep dive on network patterns or product features -- composable modules that support quick prototyping and testing -- a comprehensive source of lean modules that lend themselves well to changes +- organization-wide [landing zone blueprint](fast/) used to bootstrap real-world cloud foundations +- reference [examples](./examples/) used to deep dive on network patterns or product features +- a comprehensive source of lean [modules](./modules/dns) that lend themselves well to changes The whole repository is meant to be cloned as a single unit, and then forked into separate owned repositories to seed production usage, or used as-is and periodically updated as a complete toolkit for prototyping. You can read more on this approach in our [manifesto](./MANIFESTO.md). Both the examples and modules require some measure of Terraform skills to be used effectively. If you are looking for a feature-rich black box to manage project or product creation with minimal specific skills, you might be better served by the [Cloud Foundation Toolkit](https://registry.terraform.io/modules/terraform-google-modules) suite of modules. -## End-to-end examples +## Organization blueprint (Fabric FAST) -The [examples](./examples/) in this repository are split in several main sections: **[foundational examples](./examples/foundations/)** that bootstrap the organizational hierarchy and automation prerequisites, **[networking examples](./examples/networking/)** that implement core patterns or features, **[data solutions examples](./examples/data-solutions/)** that demonstrate how to integrate data services in complete scenarios, **[cloud operations examples](./examples/cloud-operations/)** that leverage specific products to meet specific operational needs and **[factories](./examples/factories/)** that implement resource factories for the repetitive creation of specific resources. +Setting up a production-ready GCP organization is often a time-consuming process. Fabric [FAST](fast/) aims to speed up this process via two complementary goals. On the one hand, FAST provides a design of a GCP organization that includes the typical elements required by enterprise customers. Secondly, we provide a reference implementation of the FAST design using Terraform. ## Modules @@ -37,3 +37,7 @@ Currently available modules: - **serverless** - [Cloud Function](./modules/cloud-function), [Cloud Run](./modules/cloud-run) For more information and usage examples see each module's README file. + +## End-to-end examples + +The [examples](./examples/) in this repository are split in several main sections: **[foundational examples](./examples/foundations/)** that bootstrap the organizational hierarchy and automation prerequisites, **[networking examples](./examples/networking/)** that implement core patterns or features, **[data solutions examples](./examples/data-solutions/)** that demonstrate how to integrate data services in complete scenarios, **[cloud operations examples](./examples/cloud-operations/)** that leverage specific products to meet specific operational needs and **[factories](./examples/factories/)** that implement resource factories for the repetitive creation of specific resources. diff --git a/examples/data-solutions/gcs-to-bq-with-dataflow/README.md b/examples/data-solutions/gcs-to-bq-with-dataflow/README.md index aa6a6eb70..055f93ef2 100644 --- a/examples/data-solutions/gcs-to-bq-with-dataflow/README.md +++ b/examples/data-solutions/gcs-to-bq-with-dataflow/README.md @@ -113,14 +113,15 @@ You can check data imported into Google BigQuery from the Google Cloud Console U + ## Variables | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| prefix | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | | project_id | Project id, references existing project if `project_create` is null. | string | ✓ | | +| prefix | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | | null | | project_create | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format | object({…}) | | null | | region | The region where resources will be deployed. | string | | "europe-west1" | | vpc_subnet_range | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | @@ -139,3 +140,4 @@ You can check data imported into Google BigQuery from the Google Cloud Console U + diff --git a/examples/factories/net-vpc-firewall-yaml/README.md b/examples/factories/net-vpc-firewall-yaml/README.md index 064ee30cd..89af153ec 100644 --- a/examples/factories/net-vpc-firewall-yaml/README.md +++ b/examples/factories/net-vpc-firewall-yaml/README.md @@ -136,25 +136,27 @@ web-app-a-ingress: ``` + ## Variables -| name | description | type | required | default | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------: | :------: | :---------------: | -| config_directories | List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml` | list(string) | ✓ | | -| network | Name of the network this set of firewall rules applies to. | string | ✓ | | -| project_id | Project Id. | string | ✓ | | -| log_config | Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging. | object({…}) | | null | +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| config_directories | List of paths to folders where firewall configs are stored in yaml format. Folder may include subfolders with configuration files. Files suffix must be `.yaml` | list(string) | ✓ | | +| network | Name of the network this set of firewall rules applies to. | string | ✓ | | +| project_id | Project Id. | string | ✓ | | +| log_config | Log configuration. Possible values for `metadata` are `EXCLUDE_ALL_METADATA` and `INCLUDE_ALL_METADATA`. Set to `null` for disabling firewall logging. | object({…}) | | null | ## Outputs -| name | description | sensitive | -| ------------------- | -------------------------------- | :-------: | -| egress_allow_rules | Egress rules with allow blocks. | | -| egress_deny_rules | Egress rules with allow blocks. | | -| ingress_allow_rules | Ingress rules with allow blocks. | | -| ingress_deny_rules | Ingress rules with deny blocks. | | +| name | description | sensitive | +|---|---|:---:| +| egress_allow_rules | Egress rules with allow blocks. | | +| egress_deny_rules | Egress rules with allow blocks. | | +| ingress_allow_rules | Ingress rules with allow blocks. | | +| ingress_deny_rules | Ingress rules with deny blocks. | | + diff --git a/examples/factories/project-factory/main.tf b/examples/factories/project-factory/main.tf index 21e941c71..a49fb9934 100644 --- a/examples/factories/project-factory/main.tf +++ b/examples/factories/project-factory/main.tf @@ -101,7 +101,7 @@ locals { module "billing-alert" { for_each = local.billing_alert == null ? {} : { 1 = 1 } - source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/billing-budget?ref=v12.0.0" + source = "../../../modules/billing-budget" billing_account = local.billing_account_id name = "${module.project.project_id} budget" amount = local.billing_alert.amount @@ -116,7 +116,7 @@ module "billing-alert" { } module "dns" { - source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/dns?ref=v12.0.0" + source = "../../../modules/dns" for_each = toset(var.dns_zones) project_id = module.project.project_id type = "private" @@ -126,7 +126,7 @@ module "dns" { } module "project" { - source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/project?ref=v12.0.0" + source = "../../../modules/project" billing_account = local.billing_account_id name = var.project_id contacts = { for c in local.essential_contacts : c => ["ALL"] } @@ -144,7 +144,7 @@ module "project" { } module "service-accounts" { - source = "github.com/terraform-google-modules/cloud-foundation-fabric//modules/iam-service-account?ref=v12.0.0" + source = "../../../modules/iam-service-account" for_each = var.service_accounts name = each.key project_id = module.project.project_id diff --git a/examples/networking/decentralized-firewall/README.md b/examples/networking/decentralized-firewall/README.md index 8bf401351..96c5ac2f7 100644 --- a/examples/networking/decentralized-firewall/README.md +++ b/examples/networking/decentralized-firewall/README.md @@ -21,26 +21,28 @@ the two). There is an example of a YAML-based validator using [Yamale](https://g in the [`validator/`](validator/) subdirectory, which can be integrated as part of a CI/CD pipeline. + ## Variables -| name | description | type | required | default | -| ------------------ | --------------------------------------------------------------------------------------------- | :-------------------------------: | :------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | -| billing_account_id | Billing account id used as default for new projects. | string | ✓ | | -| prefix | Prefix used for resources that need unique names. | string | ✓ | | -| root_node | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | -| ip_ranges | Subnet IP CIDR ranges. | map(string) | | {…} | -| project_services | Service APIs enabled by default in new projects. | list(string) | | […] | -| region | Region used. | string | | "europe-west1" | +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| billing_account_id | Billing account id used as default for new projects. | string | ✓ | | +| prefix | Prefix used for resources that need unique names. | string | ✓ | | +| root_node | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| ip_ranges | Subnet IP CIDR ranges. | map(string) | | {…} | +| project_services | Service APIs enabled by default in new projects. | list(string) | | […] | +| region | Region used. | string | | "europe-west1" | ## Outputs -| name | description | sensitive | -| -------- | --------------- | :-------: | -| fw_rules | Firewall rules. | | -| projects | Project ids. | | -| vpc | Shared VPCs. | | +| name | description | sensitive | +|---|---|:---:| +| fw_rules | Firewall rules. | | +| projects | Project ids. | | +| vpc | Shared VPCs. | | + diff --git a/fast/README.md b/fast/README.md new file mode 100644 index 000000000..c3e7fe5d9 --- /dev/null +++ b/fast/README.md @@ -0,0 +1,87 @@ +# Fabric FAST + +Setting up a production-ready GCP organization is often a time-consuming process. Fabric FAST aims to speed up this process via two complementary goals. On the one hand, FAST provides a design of a GCP organization that includes the typical elements required by enterprise customers. Secondly, we provide a reference implementation of the FAST design using Terraform. + +Note that while our implementation is necessarily influenced (and constrained) by the way Terraform works, the design we put forward only refers to GCP constructs and features. In other words, while we use Terraform for our reference implementation, in theory, the FAST design can be implemented using any other tool (e.g., Pulumi, bash scripts, or even calling the relevant APIs directly). + +Fabric FAST comes from engineers in Google Cloud's Professional Services Organization, with a combined experience of decades solving the typical technical problems faced by GCP customers. While every GCP user has specific requirements, many common issues arise repeatedly. Solving those issues correctly from the beginning is key to a robust and scalable GCP setup. It's those common issues and their solutions that Fabric FAST aims to collect and present coherently. + +Fabric FAST was initially conceived to help enterprises quickly set up a GCP organization following battle-tested and widely-used patterns. Despite its origin in enterprise environments, FAST includes many customization points making it an ideal blueprint for organizations of all sizes, ranging from startups to the largest companies. + +## Guiding principles + +### Contracts and stages + +FAST uses the concept of stages, which individually perform precise tasks but, taken together, build a functional, ready-to-use GCP organization. More importantly, stages are modeled around the security boundaries that typically appear in mature organizations. This arrangement allows delegating ownership of each stage to the team responsible for the types of resources it manages. For example, as its name suggests, the networking stage sets up all the networking elements and is usually the responsibility of a dedicated networking team within the organization. + +From the perspective of FAST's overall design, stages also work as contacts or interfaces, defining a set of pre-requisites and inputs required to perform their designed task and generating outputs needed by other stages lower in the chain. The diagram below shows the relationships between stages. + +

+ Stages diagram +

+ +### Security-first design + +Security was, from the beginning, one of the most critical elements in the design of Fabric FAST. Many of FAST's design decisions aim to build the foundations of a secure organization. In fact, the first two stages deal mainly with the organization-wide security setup. + +FAST also aims to minimize the number of permissions granted to principals according to the security-first approach previously mentioned. We achieve this through the meticulous use of groups, service accounts, custom roles, and [Cloud IAM Conditions](https://cloud.google.com/iam/docs/conditions-overview), among other things. + +### Extensive use of factories + +A resource factory consumes a simple representation of a resource (e.g., in YAML) and deploys it (e.g., using Terraform). Used correctly, factories can help decrease the management overhead of large-scale infrastructure deployments. See "[Resource Factories: A descriptive approach to Terraform](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c)" for more details and the rationale behind factories. + +FAST uses YAML-based factories to deploy subnets and firewall rules and, as its name suggests, in the [project factory](./stages/03-project-factory/) stage. + +## High level design + +As mentioned before, fast relies on multiple stages to progressively bring up your GCP organization(s). In this section we briefly describe each stage. + +### Organizational level (00-01) + +- [Bootstrap](stages/00-bootstrap/README.md)
+ Enables critical organization-level functionality that depends on broad permissions. It has two primary purposes. The first is to bootstrap the resources needed to automate this and the following stages (service accounts, GCS buckets). And secondly, it applies the minimum amount of configuration needed at the organization level, to avoid the need for broad permissions later on, and to implement a minimum of security features like sinks and exports from the start. +- [Resource Management](stages/01-resman/README.md)
+ Creates the base resource hierarchy (folders) and the automation resources required to delegate each part of the hierarchy to separate stages. This stage also configures organization-level policies and any exceptions needed by different branches of the resource hierarchy. + +### Shared resources (02) + +- [Security](stages/02-security/README.md)
+ Manages centralized security configurations in a separate stage, typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's intentionally easy to extend to include other security-related resources, like Secret Manager. +- [Networking](stages/02-security/README.md)
+ Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets. + +### Environment-level resources (03) + +- [Project Factory](03-projectfactory/prod/README.md)
+ YAML-based factory to create and configure application- or team-level projects. Configuration includes VPC-level settings for Shared VPC, service-level configuration for CMEK encryption via centralized keys, and service account creation for workloads and applications. This stage is meant to be used once per environment. +- Data Platform (in development) +- GKE Multitenant (in development) +- GCE Migration (in development) + +Please refer to the READMEs of each stage for further details. + +## Implementation + +There are many decisions and tasks required to convert an empty GCP organization to one that can host production environments safely. Arguably, FAST could expose those decisions as configuration options to allow for different outcomes. However, supporting all the possible combinations is almost impossible and leads to code which is hard to maintain efficiently. + +Instead, FAST aims to leverage different reference architectures as “pluggable modules”, and then have a small set of variables covering only the essential options of each stage. While we could expose every option of the underlying resources as stage-level variables, we prefer to provide the basic implementation and encourage users to modify the codebase if additional (or different) behavior is needed. + +Since we expect users to customize FAST to their specific needs, we strive to make its code easy to understand and modify. Root-level modules (i.e., stages) should be low in complexity, which among other things, means: + +- Code should avoid magic and be as explicit as possible. +- We hide advanced features and complexity behind modules. +- We prefer as little indirection as possible. +- We favor flat over nested. + +We also recognize that FAST users don't need all of its features. Therefore, you don't need to use our project factory or our GKE implementation if you don't want to. Instead, remove those stages or pieces of code and keep what suits you. + +Those familiar with Python will note that FAST follows many of the maxims in the [Zen of Python](https://www.python.org/dev/peps/pep-0020/#id2). + +## Roadmap + +Besides the features already described, FAST roadmap includes: + +- Stage to deploy environment-specific multitenant GKE clusters following Google's best practices +- Stage to deploy a fully featured data platform +- Reference implementation to use FAST in CI/CD pipelines +- Static policy enforcement diff --git a/fast/TODO.md b/fast/TODO.md new file mode 100644 index 000000000..0ea1f822d --- /dev/null +++ b/fast/TODO.md @@ -0,0 +1,23 @@ +TODO before merging + +- [x] fix tests +- [x] fix linting errors +- [x] fast-specific .gitignore +- [x] YAML samples thingy +- [ ] stages README +- [ ] fabric top-level README +- [x] proper docstring on new tools + - [x] validate_schema.py + - [x] tfutils.py (deleted, it's an empty shell) + - [x] check_boilerplate.py + - [x] check_documentation.py +- [x] remove GKE branch from resman and update diagram +- [x] remove GKE branch from resman and update diagram +- [x] modify github actions for different fast tfdoc usage +- [x] add roadmap to top-level fast README +- [x] update modules references to local paths + - [x] stage 00 (ludo) + - [x] stage 01 (julio) + - [x] stage 02-net (simo) + - [x] stage 02-sec (ludo) + - [x] stage 03-pf (simo) diff --git a/fast/assets/schemas/firewall_rules.schema.yaml b/fast/assets/schemas/firewall_rules.schema.yaml new file mode 100644 index 000000000..1fd96caf1 --- /dev/null +++ b/fast/assets/schemas/firewall_rules.schema.yaml @@ -0,0 +1,29 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +map(include('firewall_rule')) +--- +firewall_rule: + description: str() + direction: enum("INGRESS", "EGRESS") + action: enum("allow", "deny") + sources: list(str()) + ranges: list(str()) + targets: list(str()) + use_service_accounts: bool() + rules: list(include('rule')) +--- +rule: + protocol: enum("tcp", "udp", "all") + ports: list(num()) diff --git a/fast/assets/schemas/hierarchical_rules.schema.yaml b/fast/assets/schemas/hierarchical_rules.schema.yaml new file mode 100644 index 000000000..0e0f7b66a --- /dev/null +++ b/fast/assets/schemas/hierarchical_rules.schema.yaml @@ -0,0 +1,25 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +map(include('hierarchical_rule')) +--- +hierarchical_rule: + description: str() + direction: enum("INGRESS", "EGRESS") + action: enum("allow", "deny") + priority: int() + ranges: list(str()) + target_resources: any(null(), list(str())) + ports: map(list(str(), required=False)) + enable_logging: bool() diff --git a/fast/assets/schemas/project.schema.yaml b/fast/assets/schemas/project.schema.yaml new file mode 100644 index 000000000..f7f897307 --- /dev/null +++ b/fast/assets/schemas/project.schema.yaml @@ -0,0 +1,57 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +billing_account_id: str(matches='[A-F0-9]{6}-[A-F0-9]{6}-[A-F0-9]{6}', required=False) +billing_alert: any(include('billing_alert'), null(), required=False) # If set to null, use defaults +dns_zones: list(str(), required=False) +essential_contacts: list(str(), required=False) # Also used for billing alerts +folder_id: str(matches='(organizations/|folders/)[0-9]*$') +group_iam: map(list(str()), key=str(), required=False) +iam: map(list(str()), key=str(), required=False) +kms_service_agents: map(list(str()), key=str(), required=False) +labels: map(str(), key=str(), required=False) +org_policies: include('org_policies', required=False) +secrets: map(list(str()), key=str(), required=False) +service_accounts: map(list(str()), required=False) +services: list(str(matches='^[a-z-]*\.googleapis\.com$'), required=False) +services_iam: map(list(str()), key=str(), required=False) +vpc: include('vpc', required=False) +--- +billing_alert: + amount: int() + thresholds: include('billing_alert_thresholds') + credit_treatment: enum("INCLUDE_ALL_CREDITS", "EXCLUDE_ALL_CREDITS") +--- +billing_alert_thresholds: + current: list(num(min=0, max=1)) + forecasted: list(num(min=0, max=1)) +--- +gke_setup: + enable_security_admin: bool(required=False) + enable_host_service_agent: bool(required=False) +--- +org_policies: + policy_boolean: map(bool(), key=str(matches='^constraints/[A-z\.]*$'), required=False) + policy_list: map(include('policy_list'), key=str(matches='^constraints/[A-z\.]*$'), required=False) +--- +policy_list: + inherit_from_parent: any(bool(), null()) + suggested_value: any(str(), null()) + status: any(bool(), null()) + values: list(str()) +--- +vpc: + host_project: str(matches='[a-z]([-a-z0-9]*[a-z0-9])?', min=6, max=30) + gke_setup: include('gke_setup', required=False) + subnets_iam: map(list(str()), key=str(matches='^[a-z0-9-]*/[a-z0-9-]*$'), required=False) diff --git a/fast/assets/schemas/project_defaults.schema.yaml b/fast/assets/schemas/project_defaults.schema.yaml new file mode 100644 index 000000000..113fe26be --- /dev/null +++ b/fast/assets/schemas/project_defaults.schema.yaml @@ -0,0 +1,28 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +billing_account_id: str(matches='[A-F0-9]{6}-[A-F0-9]{6}-[A-F0-9]{6}', required=False) +billing_alert: any(include('billing_alert'), null(), required=False) +essential_contacts: list(str(), required=False) +labels: map(str(), key=str(), required=False) +notification_channels: list(str(), required=False) +--- +billing_alert: + amount: int() + thresholds: include('billing_alert_thresholds') + credit_treatment: enum('INCLUDE_ALL_CREDITS', 'EXCLUDE_ALL_CREDITS') +--- +billing_alert_thresholds: + current: list(num(min=0, max=1)) + forecasted: list(num(min=0, max=1)) diff --git a/fast/assets/schemas/subnet.schema.yaml b/fast/assets/schemas/subnet.schema.yaml new file mode 100644 index 000000000..add0d74b9 --- /dev/null +++ b/fast/assets/schemas/subnet.schema.yaml @@ -0,0 +1,29 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +region: str() +description: str() +ip_cidr_range: str() +# optional attributes +private_ip_google_access: bool(required=False) # defaults to true +iam_users: list(str(), required=False) +iam_groups: list(str(), required=False) +iam_service_accounts: list(str(), required=False) +secondary_ip_ranges: list(map(str()), key=str(), required=False) +flow_logs: any(include('flow_logs'), required=False) +--- +flow_logs: + - aggregation_interval: enum('INTERVAL_5_SEC', 'INTERVAL_30_SEC', 'INTERVAL_1_MIN', 'INTERVAL_5_MIN', 'INTERVAL_10_MIN', 'INTERVAL_15_MIN', required=False) + - flow_sampling: num(min=0, max=1, required=False) + - metadata: enum('EXCLUDE_ALL_METADATA', 'INCLUDE_ALL_METADATA', 'CUSTOM_METADATA', required=False) diff --git a/fast/assets/templates/providers.tpl b/fast/assets/templates/providers.tpl new file mode 100644 index 000000000..7f0ce142f --- /dev/null +++ b/fast/assets/templates/providers.tpl @@ -0,0 +1,30 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + backend "gcs" { + bucket = "${bucket}" + impersonate_service_account = "${sa}" + } +} +provider "google" { + impersonate_service_account = "${sa}" +} +provider "google-beta" { + impersonate_service_account = "${sa}" +} + +# end provider.tf for ${name} diff --git a/fast/stages.png b/fast/stages.png new file mode 100644 index 0000000000000000000000000000000000000000..6d1335bbfd26e685de5ea051ed84771d0b1cd88e GIT binary patch literal 279088 zcmeFZbyQVr*FH=Nf=Gw7pyH+*X_OQR=?+1rG#xJ{0L zfI@?Q3;3kLD`f@&;f|S^sOZb*qN3C-INd7no-=2mio`$BBc-D3B#()1ejtd9PL23!)y{?e zHUl%W=39=@OP%SNkHatXctPbCycc@nJ}e=72qMj*u|FdB_NlFJAA{AL|*cFg!qsSA9dW*-RkN#4DGuG6vdGucNP$*@6Eh5J`WT&{G8CyMf$V7`j!}z z*n_W&wvfw&w3C@HkqlIauaL=99tVC_Tg0|-<~OkoLsGiGjc3x>NNin+$Lt)hr5SG8%Sma{ct%Iggbn#dcLZJ{A znShtWX#7nJcN?+oe&nGy=A=HQ1Y24j>NC4PmC9gu+WaIE8M zjo(U6!bB1kiX8tm7A;wXxjGWN6A#cc;ktF#%*Lx7PS6|HtXrkS$*rrvY*?6&<7XyB02%uVq8jmYn<`hPLF*3 zQia8MNsC1bex9bXf(OAphbg>HGqX3izfu{9=VK#!pc&CzViHb=d!!53pQDhb%98B|OKO`}gY z86A=MgSlQo-}zFskbZwLs(?zVsUwf3I+9rS3+!x59lT0)QBI%WC*7`XuFa<-#L%*j zIU zb^hT`9*w?FC`{(%-k?g(K7WFp@V=)xa-Q%PbM;-}PkIehb5p<6kOK8(-aPn)_vB;2 zN5-GZ&)AXzzJGWV^@emi?e0%En$TA2alD#YU73f*_$D}!cszK=xG}y~jdYEac)qWt zY#*F_HF&PAD3lph9AE5XA8Q{z_;g)GNsU9vP6boxg%W-?VP<&dmMVX`qsmr=CY6T2 zrR>qemMo;m=#bWQ`)-iPLEFK83CenYz zu4U*rxrv=l`L(IjD1t+tt*R@qi?(xVS*uH{>y*)w=?kMDrfkMvp)>_0r8L-e-e#@`I~Y+~SfieHXU7>>6iZc*L6s6R65G2rphzdv{X;r-kszNF_#gh|*9 zj6Vy1n*Xe95d3NKkw+4TCYeT6Vsbv}jdQHIoKvdWVos})!eGY748M$)zPo+>tId6@ ztF3+6k~6^tLAWi0E$`LkHrGed-j=>qn)jp-CCBGUx9u$Y6}rc<(DSGl|Ix!uIp+kD z*m8kA-7h*{1Tr6LaJabJI_&#|g@mbqwhSc$;<%0svJ|o&m)s8wi-;|y%{9?pEiYN% zYjz7@q4ctQzxB}!zgwO&I*Na9^+DJ3$>(STx7R>xRRh9yh7~H4@pt5!y#uT%W6FY# zzfd*mHS7@l!c@H-Zvr#PYj+P_N+{vWRw8-Ki0|k-nvBu6vH5wkYmCa)z|L{`a3y_l zyF;ntMGrsCFz(7{d0Fl_0V~^>Mg>JivxIqmqpdJ&voL#~JE5{6T#Fk&6JRfF`A?pm zq`ZIkzWx1lW}6bW+(7)Jct^9!hQo&g3B=xn7Xru$KVtgW2i%vdzXcl?7+b{!c6LWi zvA5WEzvrc}YgpNimi!jUu~SA9nXDqdvkd99(bg~2-+oVr*+4u@U_tQ0--c;ltJsCD zR=v2~!FS>d^hIsN?hEFy%CLxVPu+Gc*EvY2aQNk59iyGbhHcMMj4F=WXSGS~d*!wx z^jj*Qvg30oYbvd=>}1=boh;~b1@)G7OI;|8;@oxITqn`{#MiQf^Rd&FbqWc7 zX(#tF(DYa>gXc)5dH(wPRC872NFvvMbhqHbvGy2QVOi2}rsIZCb8Y{*ex3UzRbA?( z?SaT3IO4-JngzB7)%cqz&+^o}nK8N}IxIOhHd0om{CF;@X?^*7yZPO9+m`G$Spr#3 z_9txZ1*k2sU}DN0vj|S7xK_TsR3pWXny-fPy24z`${TAL11sGh<9J;n9FBhRUfRj7 zc=S+J%z7kUB(F48zMzb}d%3(fF{j!yT-l);NtX9Z+su+|$Z^wrb_jpuSzcU4cZKJk zL}y@W%yS-_8B(w8bMDI{fBp(5-5I9x2`8IvkDupX&@{2zDM^KMU{e>z9$WESl2o4r zDi5E`?bXm#)3GG9$9rz8?*<&@Y*vgNtP|(4MDsQ9<)5)_2M0xdiS*EE@-n}ym+$IZgL` zDz>#@G2FKo$eci#yI!B6j3BlWw=3M{VhR`x0FaBXF0JetF!<2o+H zcZ2Bl#AaSzGtCzlEEBK3J0Y0HCkuR_|A^jmN9#Sos`t}Elr!q~gEc4Ki&128lJtL{bFQt78NNX+*L=jujCf z-<*SlfZ$_>fO2z=Ch!~n69W7PTHpLe{^E^*2KlY7nOT`xX@oGSsi_5QUmNo&ib>ow2mTVIF}1gU!^gtnh&IFvnWanaS|H_%k+K%@6BEPRAW@Kk*Yxc(8%*L7;e%)6FHV*cJG&JxV z{qb|%Pa|iuf8EL2?q*oP09oMQu&^<+viwiY?9Gh-Lo@g{*UhfRb$vSl_{I2MnmHR; zs*9Of0aFchO^BU?gI(b2K7ae_Up>8Us$yqkD{5l}w6quc*J9l?{_~fAZFqH0jep&f zjg{-kpYQpnum02&J_tTVBRd;Q2lynaSew}k0bTu{KK^Sfjej*0V&mkzY4qn$|Jp+R ze{AvRPygCN-qsA5h*$8g39;SW;m@DloG-uvU;IBA!?mSdeF~VG5QYHDA7(3rAv?ST z7_tb$bFrt&&WM{+Xi*Qu&sk?HW2Gd!HE_g2?jZS5>xRwgZ)^1w$@#3Wub2766v9SSM5TEj z`XV4Ap`hbXi@f{q2Uh5JtZ0K7|8GtO&UuW2LViN?zh4!8x!%%u?@~%LUqATYx^Q)G zk^0b`|K8I-x@d)o{=_^+TH^m|eDDt6{inmg4E!_0zs=wuleqB>|Cq!-Ch-?9`j1Kc zV-o+E#D4%y{{)VI0>@v_?EkM#qJFp3u3hRK0{HT_Ozac3IFF;TwZabO7r{a>(`ZgJ zMNRuY@qu=R{8-1)S3bo*F&Mtn+)R&sN&WfpOai6nueo+E%j&)6a3jnc01qAm?RIkX z5S+6+O}m)*)s5)7<*r6*ctD2+AVSd0;@zK^J>BcPJU6DMAAwo@Yu| z@&dLo@Pef#j7Z~kXmK;CMXFWV6gN}JpkmQkEC!rxfbU`60WEPZSlZ&O%7K5m>H(ML z3fFTSGxC>^>XKlv!i;^}e9sIL=O~?Dy)WHiSUTf*YTy5yF0H_@rL@x!?fTBF7ATai zt4TBn<=W%Ba}5KP8+lr~&=Vq*Al~Ju;+1%}^h_m)YLMqSbY$TBs|NZFqHDSZK0-b0 zDYh9>>NbrbcNkPyt4GFWq%7p>AlnK@zWapQW5;dAqI81$+RG-2BH=%hkt&<S?%l&c+ z7O9@&vR!PAjuva_+^*WuE$WhXLpt3m(;Ii1@lfJ_>t~TyVa#_tX*Xct&orz%XN!By z3T>WK^C{isTTN^)SZE2B?-9OqH=25Oio~WVf}(l}&G)i;B2}+|?2C1^aEVrk=Nwi_ zC7mQzp~0SqDQoXBnN7bzTwBWO&bRDWlYG*h5$JBN97kLZEZM+vjE%0{yw~OFjMelgjLyLw%&P`Lwc5A!uh7jz-_wN5Q#uim69PE_~aj^)%VsiYLB6y z-?;-uXZ5>ZaXe;{Q2IV_KFg+ZExov#ZzJ{cY(*Fu`G?9)xJK5T{qlnOd3J88=74?* zqQ@L_&^4W0#Q^I#O_glvr<5l)U<*%TI_bPMQTcNHrRhVQ6z)_ZKpa0-3Jyb z@muiWvTmTFkaxK%J;Wnr}m0h3HUPFKj5Zy~pnsa(&>?hp1lTR04~ai=|p zjnv7(_n@Zd$&y9k#RAo(6ns`KN;U4^Y~w>TaNAcp2zp}Bn#A}w_EO8p|3Qay z&O$30l%wq|^OeZvRL^P_6%k!Dbv>jk$tN|t?C;aONHvOsLtMOv9wP=gH%rWCn@YRCJ z={wI5=DtSaU}1GwAGE(XS%GL-SEQLf5mVm(iOCWhq2oAK+%L_L7Uwk08%QNwyDY{A z@u=W@y;WQ}olzXT8ApN-R z@*FBYlrv-3Be({vHsgB_nt6Uwy%)?CubWn^Y}~YDFQ)T8s+|{`YFU-2z{W>vhhGjV zzF<=646bT>6f-DL?4LQxT(w!~ea3xb(V4%n>JIx~Fl@z{c8F=wUI-l~VW-LROcjII zW-c$BDo?ko{I?(po~~UN#JbM+n|7QW{K{qkzqGwB+hiNCici7Scgwf5`{QkV#j|)x zH@f$qohIM5a9*Ar@Q{y~Hvn!^wfIHy77i_tKX@?C4=mK%J>r(3kuAX;7kSx2%qdgP%yUy!$-9 z_(=dk7#^YP zx;9_tG378KyXS8DYj?aQr?1DhiBOGz?(}r#a{5jGDt^UAUKRa>8W0AOcTx-IyfF6! zKazzeI%v>DJ^QybljF}voG;tK0+6bKOHZ&bnItvjB;Svz^luw&$ zx-5nJ7p83Q-C=~8CFeocI`l4V`)*}TQ?^LKy-e?Y@Y$n$u|z$LMUiMlYs>I`FAS#3 z{SQTol&>IRRAMT5b4!tW*5B$hG^j3rwJ@|q5MKa(Ieh;^#l48HWR7X%V#@6lyi1}n zo);%QUd&7Hk|UPHc~5?5zhxS7&<6ZgbObTkK|^VOi_lSl;`U2(4eL#Rfr^1_BVLa2 zP@mKskXK&CGQA*dHARr}=o5>3(sERJI=RC10-GZqJW7CnJi^)X5xvWs8paPH_2kK( zKt7pM205_~?Yf^%%xv#PtuGkzqCFlWPvF;;KDn=AHkhFx7=d4Rdh$cXY`)Q#t7RmA zks6ZRrQkKa4n14e0M!}I^g33|zQ_rQ$r6FvEJfs-G)vV!{=gB%`ms8>4+J|qvqrP}xFGY9KSOA%Um_Ty%d zq29A47O%_`ioEU_%ae?hpe$Y?`BUA)hR)SV7xMzeyQ?6<{Z?A|aKwaVC=oNl^ajl} z^1FCus>Ad|7-|6TmEHCgl911mSLit)%M-qyKry7J=h>Ehc)sIRw~CoXK8l8^5DBw` zN7k(m9H6TZ6n(q#@dG@tCtZjnB7GNI3prNcN0@}Di^uVlQ@(aX=Phy_+qQ>kZx@rvV@Ce9^}h+4!HP)xwq^$lR<++A?0Ep?>*CDT(?lbg!F2k%!)An z+wCU+_VJN+QBElBp;!qMc_!5IjR5_jw1cgH~l4$@vU2r}Tn=>&J39 z0j6V04Wh(+6&y)IkoIIC5aODRQ@Z(22e#4Q-lYH-C~Tj=0IO~Zx{|HilcF36_euL} z7D5Xr-Dp6xC~faZxyL17XHNKrfW=&#Rlz~fRr6xkM_Aj>Vk0|D@<~?ai^(bh8fCpW zxeEBcdr8O2d5JEC0t*-ML{RJGy#z4q;2=XCC}LR4rp92sAezEuX*DG{PbNjRE}v(k zNAOsi?SY}Ef8FwT5+aUtvU*Z zaM?GGO;+0aLHe0U&V3sfjIhbXtg&OjcbAb&b4V7ASSIvI$EI9FIeM=Jn8~gCv0kUoGg(RkU;RuZT?p3KyPEb-RuX28>x9UOObj7s(E@??rlzs(anmLco1drl37K6QIC+8 zKq3R$MNVNmebZSk6|C3C4}UrHX+L1}+Gk5VQ)KkGKUkN}_wHd&wS(l{A`H66qL6tM zITvm1U2zw``WVT$@O>e$+x6VgnxUssbeCAjy3j7L0!T(y8!>~+>*Qj9=MZAmn3^uV zDjS&hXPFMkAM(z3Ut$1Zf7K{Dwa`1&tXv4<_q+9~bA{|+bG!PWo69Bn{x5&Mvt;9m z09BfonL@ec^M25n=)92?{5OMPZC4o(l2jxpml~yMAfM3x$uxxoO;laJa3%Cum%V_QYQzF#n3m~Y#NB4O7-cs zDg~sSJ#rVN(?n4pfe5r4R&G~rtn(26P=E($Tp5b3V1Z|fqVcL^))h+;$+^lkUhtsK zH?@Cw{|dk1X2i{qTCQ4l3^b;}DH7HAk*!CF+5{S$N&>t5Rt8{L@iv=pTPW0uC9~|T z3fms7`7z`@9#?XK6%!yz;G!s>zhQ@!?MqD!`E-3*LU;Eo)o>UGK!iW>YF3%Xqib}k ziKz|v0W6kREicsfIv>J>lZEFKKis9q_)Hxm@Wrm3_Ci@#U(+ltoc^4vk2ymg*I9eY z1RpH6RNNzUn(9oXDu+Aj4)|FJB;J)?2ME<`b3RmZkvfhV?I|*mMFa_uSX=1^f1?pS zFONNTHQDCsLV$Zh;K9%|Kh||U6BK+mEO{m~j$kVqjxV`b8pP}R3tA{+_H&5Eab6y> zh_k+gI*5%rkh*@6#5TM-tNbqRq& zY5h{n#l+<3IqZXxim(swNY}$>p0NO1T`-M=ojoZ3B0B-UY;5o3l`2T`QzWIwVV`l8 zzf}dBl9F}MbY9zO)y#RGvDe`J{l?v4C@7uVjGOTJdB_wT>5G2j)vT&5Z-?boZEJoN z4vu;`Hq!k}U1g%lmJ&59PV_|rKmaU)x)7zTDCqF7J@OqSEz1J&uAN0VUi0qg26Lq8 zUF=7uks}O#&vzBQ`#KNAP^X|*Q?+JG`Qtl*QpggTf$VWhGx=j>CF^43tPQ+@_$AzL z=KGD`hg=rh(v2wJ)FX1abXWzzKtpihAljWRPFsdvl*dP+Y2CybcP0Hef|Ol749aYXju$k_0ZS0z%TCKkCGX1`uKJ*cD$xcEDd zz|A8`2X)jx@w1pr@Ei!i*O{wOnk`9X3+wvw1@%j)wk?=WouE+|1X4D~$kp`iOU+V}F~sBEO8rEvTmDGPLxYPy_Zk#DeY6YU zvbtrzO8`}-PdQHHI&0-t(|S5B$QA)!x31bO!lOAuifzlH8mcR|SE>sQD}`FcwK@T+ zLu3(z%(^^@q`9*2K1<^S>@7uC|FqkV4oBhZA_2CVEr7`D6fvZCTXCgXR1Xo08mU1@ z6t!-2BV%0v)>$+}#ix2|7MnJ3#vE};j~T~U^^aTR>ws8c!Rr$O;c+$EpF=Z}y%;50 zbL9Gha;!I0c8X-Kc?TzP#!kL3sM_E`9IP+SFf|#jPIO^@Ys>Ak{C2zFMT;E_R=1*HjPD~(X~g;G7r)BO^$q)G8X8s>N-Z=8GI*zVr?7Ix9sway#)UK8 zz|BL8j+>i5y)tApK@yxZtz1Mture&~djx>t{5P3x>Lqwe^(v5Q6g4#}ldJfPj*~&y zD{N=OBsHYzaVfLeo^nfh$y7VQQQ0Ay&?@3F?RWt06WzGvE<&ppH-f=xoQS}wFL7Ts zvcF+;$uEE6`UMx6Lx0PXAyrUt>txl>iOx7l8Ahac^WyodMZTGXG~yGC?_-mDGAe~Z zM=E6;2AW0d#O(%ND2h} z$tR8`9bix3<GV`G%a{J_0l>tt&kTfab2nN-lSZ;LiH=P zxae?|ni=+MhbDu>kXx*{XFL|fzpai>LT=@|D&tp28}x*xi+`sYG#%YB5Zcurlv4)~ zoF-Gzy>wlV=qGOtDv!o3{Oe#If+Y_7FUQ3vaxS9Qq4!FBqDveoz0URsytdM(iyg+9 zl!UGzDXTi*fH~_9y2cqj#)JoQi2A$;en{-?=J749%_s&?zZ9HzfO>XZ8<>a%cy*#2 z5OVzy;-a9*d`)g*4sBB1E@t<&}XQPxPt~)1#A__^< z;r%`mGa}2uZQl9O^;^2+#G+E&kD+07?To{FGG$pzyF<5zBiX_suJ( zT{j46Svz@GV!Ifu8LrlznpG66qN?%m{2<|yF`Y3GA=MaU{NV{e1^mWX;RJ}YqkqFH zQqR-HuYN9G0?QoIyMB+Q{lsLD3jf5lor7Uq=xvb3mg_ z@hEWx-I|B{cqIve*$KCu8h_rmwC3jkaRsg89!!;zUht77v0=P~78|JPx){k;bg8o=;o|6$Vu}-GT#Ia1_&s=Hhcb}e4Hd?vO5jvy>fs46?)0T4) zTGr3M(#hwIJ)F((Zos&jkH;u9Z}={fmDYg#0^>Nz9>3-cBEHQR@pp=w8=1(a5;=WA zetq||`E?B1$Ekq%F@x(yeH!>Fx0}f9;4wfUU)6}Ypb?L&ie{8=+&sp*(yZ%fJv@G# zFO+4R5(+{}oquIg)rMT^n6^lJg+jM(uO^t;n-3db@z|&WAEqriCp|qe6tbp<5?E-- z%=xwxF)h0(=8(U}wRBNK{8_=7xnl9leA9XqsZhLsV=FIPiMoT|3bo#^pTzx|7P%?{ zqFK`;F-xnEF@QL|7_Xe$Xpba07G#;%6 z`-0T8(xP-yhYs?dq-#v9;3xbNg8_Chnbn#;5vgJPEq%hIm`!{BM7szP!{8J!&ar5r zoK`ATHmvw7<<5hFdN#wxBU}g*g(l+>spcLrh*Yr8*KRRXGW|0R3xuSyFz#K7ao^Mu zyFpgzI>A$+0xN(8WLpOD+VV_T7Sa4#0SJqMk=yw*&e$yEAOoqED4w#Rv*NusHWHy5 za6MGEULoM~_W?Qnp#;~6+!knyXhW1^TC5!ZR`FqYzI$3!c6oI!j6;Ga3tP(XRkfk6 z;Y}zoWyV4Lv6MI))z8RRV&FQ0&Popmi@+_w!9117eNx? zj1Y9Zpi0ZylVw52PR@-7m4Ke=cIS!T#yUt`3nEl=5Vx~g&=J%WK1fk$^o{Dyj~Gf@{8f1---zzv zIUn|fDIFG(ziq@_`?V0vVq<uEsit;~m^-=YVZp>B z3q~bZS){;===lE2Q?JW>$Q0;()VzxV6w}h<+?}4DpeQ!>&ClCSFW$OsSD5sv4d)~S zBC}J&vh(z#*$i+KTx99A1t%3%i=pC0i6g0LzZD<1uG;eBS<3bg;Hggzg{HB1WV+hn zno(k}0+4Tu&2senx~w>Inz86mJ2JMw%Mxx6-HCPml=V2aRAYJ2IuL>T?%Ba4dKEle zkH$;};2KMGv!+M9dVVlb9l!?r#ffzW87&H!lDC`y08b$5IxN38yq{P}!B(T~;CIVt zREr|_O zz-S0j$|&FYYc^lg&gE9wjBZV4q4vzM@7)aGkJ`dI*H;o&an9cfDYS>yAj0QnY>GPiS`X*Np1vO}hpx9!tQ9jeF#dQz$gUMbl&}MK7za_Oih1jL&KfKt3gkU>Dy= z;`V1hU|V;pmn`wmoXGL*)+1X;FlUSlHZ-aJkYIzh1F$$Mz>-t+*}W^&B%*}`$hs`L zE$Bi+O1@1+=~1D899NR>VXr7Q7lEd*y@8n82pVydt4Cr7AV3|@KUEhf_q+et(7f0-+9ckk-5|5#xb=PqNFHK6!j&S}idiR! zlYnN96{n$*zY$@he|@&yVsEwNC;@=baZ#QrdnJ!h@ri7q)p8-F;^*sLN> zOs8hJK{6A7dg+=zuKxkc&og3On+^8kl@En#O{RJfaeXa7=ZRD9i(R(DGdb09dV)sM z4No1&G*QW#!pi%4hGN!CHvCGZuc^tIJhf*G?K|hSv`A(NW`WbqBLDih^>5rX7KbGP z_c+pOQ0K$>FUN+8n!9w z;s$UP?qdSzsMqDW|2;vtDr(#`XqnBzk?s^ook|z)ocu^Hr|}?vl$iFZRdJt$*;iTa z=NzsDxs@T#dCI~T5;A(k9&&r`S+Tl6_OAG#o1b_EWaHoC>`77-ex0E}1fQim!d+EE z;w?`LtAlZQoy;kLf)RkU15X+do66vHCN+$zerQp{VMrxLS8_2Im}0vRDWkd`lK}6V z3gM}P>Q!zQc1WKfYJ$+H!|w{8?J5pJG`>|JXQbbyi?df8aPJDTDrKrmQ&rN6uB2W6t=LIN{Z(6E@5h-8VWPyFICzDn-nLD$VZ1b z<*h%K+F`g{6P!fcR-2&k{l@`VbukQiru=SKjm@0p~te+mk?bV z8pOAr5xs9*{6#X7en|vq+jQ_of&&yeF`jHDO|S4C_A$5K53@~sgSxtS2}QqfDF>f269mHGq}=Z;;cfl1s7VQpouqusD*?-|821%FLvh1WqBXF=(b8&xLcGGW7^Cayxslzn-;OAG!c^^jByr+Y9ak#nQLmu<2&r%dXinLq zC)83k4bAg*hayTU7-yq7FWG8(NF?^=NCB+xQ!+c;%n~O6N_0s6hTxcolCRV}vUr>l zu^&)*t@3LrbCH5H<5FDRsu>^M)I@CEj8I^=CqQmx{$T;vuzE_%LVF8K_3qEKUkv#zCO{Vl*>v$N%CIvkbDY7O zxv3-{6DwmKBNk9g1m=&lc;gJ=9h+rBk5Xj1Vpf;yepH;Fz{-N3h$9-cio%YoYU zM_>mfk=pgj!?P9SggP>peU^{cqi9lNZAFw}KpljZ?$+KxWZjt&ACU1^q18{|=QKn^Z60c!Ym+FWX!0|(nBNaRQVkB>6jE`3}vAEA+HnC2*G=fX-cG7aD zo*}R;@tlmev)qV@GDv8Y&iZ~c!;S+!KtkKT?O|l90K4LVXmU+ow~h67sx+~Vy#hRM zO4gofz0ufBqFNPK+)kgJDnM$`PWuoVC73SMfjvT+?rY)L3vhsM-GaxH>7sr-9aLL6 zXTy5!VC^o)35jc$Ta60TtZ+#1FNTQvaVuqWYkJ&v;Y_v%JaBpxhU|^z1WTxw6o&Q9 zyU3k~ndO?34pg-iMVj((y>QzqQEO+Z;h7lv&Xg`N0aUG!m9Ci7fznNxAh~7JfFfAg zp3NkDAoY0-$REkLq^3l;7)aigmUby#^G^zwcEQ+#mOEw-v1z~UuRaG!7C{6ijoWc&LD)Xu=I35n`ZsIG!s}~tLFp=QvQ~cdWOBtue8kW~w z=z}hG-Fd|RDp-8CXTO7Grk@s@A`YH)B8q#6n>a}??zRjN78!sh$cl#8krQtP*|s-) zfB+7fM%*oXtf4>vOA20R(~k{+g8lm(X90;@8~Js$877_T4Ouu_Ao9sNk(gSwcPKybuV2h2JFL5-%|t4`P92AQzl~Tb%SO$K&Oq zFZ!-138G#ut~L8zd;yBF_?!GUhd}S6_c^n}W%n2vb@OHb6s1`74)R1Oo=$vMj-Mq? z{D(p}JTI5*^-!K8Vm__FG?KAw(zeO2MBx3)J_ufq!?=e~$-Ex}(Fi;*aY!!kg7{4!eSN{q@z^={0NDyn?B zgc}u(lwWt@S_zZ``FsBa*mC%M(%5=-e*C_`_ofdy)A0;Fr_tL$>WctKMs-3t*LwiW z5eldz(P0n_(EITDST@aN;ViDJDkp6GPgCw3`Q)K@$+9`}aeT1Dvvft`NuN|8n%5Em zEh#*axulYCjaU)Do*u^+_b#l`7+g!GirjVoP_70(+XKem&Q|Uj?J!n#7{x zn2G{|JDF7B75_y0C?bzkgI%|k z$$1K>x#*3p!jcpY%4~I(E|1#*B9R^ylq=NFmptSINGs9$DI^hYRa>RmVJ6^f`bFJ4 z0|*PSQNv)SbX?y`@lzu}vNl~!_48n>R45Jv=qV!IXohCvwYEvknhk{5PIHB&n;?3w zGYhW+m85ie4Ffc!3nTON+)eQ3@X2nTR~#cl?zd(KMRpJ{`n*ajUP{MHN~ zUZFf7ou`Mfny~gl#|WO=1BQRDK%LIR4;@sp$bzT62x%#rq$J>A#T7{O_j8SCe+9^P zg2Cb1dMC^xi;M9pB`A*sB*C7y2qAHRaBvrA&X#%Hbfjfi@D2``fgD1O&@kffWtY3% zsQjHFzuML>6xlTfUSny0*e7{>#CmeQArO&jhn(R*DsD2C5yC2&2(Yl8tOPu{&t}s(9Y0)NNl}tle~_z zo!nqRmMkKPcN;T`+)|;Km#s8za6Zn$`S$zPR=`x4;Y;5Xz3SJalLH#F8Biy)H3SvA z>|TQ;Fpp-anX?09)_(&$-$y!mJTr7$P!AN=`tcmY>l=#+MXsuSqqKO^wZ2~abVQ^n z>hJJk&?p*5AaDEaRR}bS&G5Ry5lH+n1(I@Qkul3t+;{{;YQQ5POo~O`SpT84KES1= zfs(+td_aYaQuXSzl3(O9P>XwdnD2GY0608bL8Fr3E7KhWFjX!fG=gjKqkz(9cqyeH zn(f|8=8I_{aufsgt`I_1_4^(`xRV1a#~f!=MB08YjSx{eP=nSV$TO{OwlfK^HM1Y6 z#Ej$oF_wkT#{oX6C_}+;W8o;qk$^xk_Hd{Ax^ev`p7VYi-2kvWN^AKQK!rd*xm~Bi z;Yg$ZE?jERG|x;kR)fYy!aG^14#)w-GXg5tO5@G#ubtfQ9e-_$@UME!5S6kVG$&7f zPv(C;-@X8NoRhiMB}?vl&2Nn8KeS040Ma9TOxy1N;roBT#{c7fBTB{*IbA0v{ywgM z|3rroP&EB*;`Hy-3dGh};??2DRwJZGp$h=h-Al<*;1@JGQ{Cf-jW9olj zsDC{9-~9AHp8W5T?jNA?x2XOPQ2Fgw|K(}_0V;n7Q2*fYzk$|&aQMHr%pxZ9QN;E19(!H z8b#M*tK@KSpl7+xq#uy4*{So|#DP=wjZwVsQbd0UT4q5CZtmeY?j%@J2l6{bfW$E7 zjvO2RpXX42_O`(3ySbwStt9pfQSZBEr5$hy4S1?|L@zF4+PUV$)S7L) z&(B7S8+bs~vR*qM^FC`7@bE8II*_URn<}A0vkTj>A)rO9W`AoCE#P9lmuM{=?AKh#jY-C_@|n|i z@H?k@=k6IG*WPLYlvZR->i0qEaxQ{3d?$gNM*SOWC7CwLc}~A}=giUwBjpczcx;Sf zPyvxj6p%rjCh1E4_F}L*7+|$Wa#=F`?7;KAPv3Si!yl0oydBUEmfSn?k`ZK=yek4c zX0&>V6sha!Ap1}Z5ni!D5`dIumUj4)L#dyEW$@y%rY!%vyXNaT zRJ1#73-SWt&4CnOB?2kKC034N#q_B$0HN`-(-7C+)Q8HKv!Rky^2gJc`Ulb2_oBT6 zcN1%PgK~kXe*osujR{lCJSnDq!Cc_1Y5naXTK`fd5fZZ8?C|B}w|KXUPwfs}Wv!!} z*4v@s4w!IX!KyPm1hPprp^6F9_1fy{3!1Lk)&w4v1n=1xd+e^kHPu+VfESp|ta{Nl z(|fhIP;Pw$tOW5bnGVWdLsFs}s;<{Up#5pwaq3DoWjEG6J{l}4E)!C2cNtP{TWwN4 z#qSEo)33PbL=wx826W?MX?7o9=*F<$N29Jep=PF3t+5yiA85s;b=Ar_10J?7s5cB2 z{Fn^)!tWT1>(fg9V}J$WqNrqY(+p%`f%7>W%*acEaHVzzCKPikX?c7=t}yfxvR>Z zl+Rq-Df?S-h%-K}JXsJAM#tWZD&mz5Vj(01KR zi!{F*<(5~`&%fU)hit@G0n8G6BI>PSuQX(sYQ>Yk_P4$sul%&`Smk}7_Z^D(W$gz} z^qAbF>O5mZfbDglNOV`cxp3O=LP+ub`X~*J%F{j~Jf9kHMRK#5kc3PE)?=g;hK{TE zSLin*87`BAHg^enEH<~f5KKaB^}9u0uu*K!`!jtRb{?TOD{;z;CDJwh(f&{Zp?_#( zCM@1#`=p&46Q%Mgu(Nq4A3FSfXS0G=;=S$*UNkC&XOr^xu>ZC(P5sSZMhyH^&bxC2 zm+{g-oro^jB;JF$=4}7a47;V9mpw4fu5mLrqzI626ERVjqgJ{y4bTkg6`)MtoX!NU zTnj_qcWufxv(ZBx7wL)#>pBL(-Co)u4JQ265x^p0&@BbtzfTxJ#IpYNC%r2x)~kA4?;R!^;)$F}p5l3cA+9gc>;jwpZ=iT_~Z zO`xF%WEF$GPc`{{930}siFF_6mUXY2O_uXO2)$U*$ZO8p57(9|Ve`tKFVO*SLr^v* ze)VAWpLaDZxSj!@Zt4C$M4q4h^=K=n`F0aberfO{;Qn-|S#7&f2YO$n_(eC@LH2gC z#NO3!;zzMNm@h5TN@70A(uem+#0JGSr|)x?mncN$TYpSS757d?DD42BMP5XNuDNeJ z*QEVH?pn!+Za!e9y?TH$3LW83(fuoq0VC4C6eMlQ5Rh&ONoqh_4XkOn#F@|jP`qKt6LL6QT?hrx(6I4R`eN)D_hE)yab+K}Yc))t%g(yjT0MrLu#@sa}BFrTLdU%H(tYA1p{?K|qj7Kt+BzHYCA?d+NAe^utoWj!7io@z?vwAme|(J7JVS#pGK7PAm%0Y=+iOiYq=f zs~f6!Ac;<9{o+&hC8?$NOgO71NCW9L3WKJfA=c-c-5Ga*4Ai5S6vey%sIbnykQuoO zcS~g~dZ3lQmUyXg7s9)k=PyMDAXL)?DmMiu|KeSDl)-9xZcH^7FpH)oEPwr!`=Ynj z(<+(abDmirGMBPnmoy-W=nQ|wOm@E9Wm$>5eAb)awhR^`jPj~=8Tg6Gq#jHAK2IiY z0y2q_@EmYz9Jg2hIPDKh171v%u8iex!&h=NwFqoc5f1PxT>Ha1&ZftbMi_sjkMoGs zO@Ev)K#AWdCw=e5hMP)5Ofs-F{~i5+!St+KfjmAw$jA?ErE%8X%KcSiTOtL&70Mr>0|z2$X zUqQ*0QleO8WIsbTRUui?+Bt;fq#z-|MHIPe-w8#K3T%Q z;m`j*hyED*|NG5fEu*=qOaA8vhny{mMqd2sH+?mbZ(BwRg8Pkjx~Ag+7FIV)`m+#a zk#zg!`%Tv~#RqnFlj8hD8H%M%8mmbDt?kVrRp6iZP6|Ly5p$}7oc~~6BoxK+^S|Wh zPIubP3>!4`8W4qeCZ^4i5gz^0RZ8V$yYr~@pP*0@DPLt}L4qe;?=~Ki`h~yD=l>_c zW2N<|BIQ5KfzB+V#?4S0mKpHO0kDvmp*3zZ1KC5r{=W5iHaDt}fdX7o1mhfHi{DIl zSWd1uB&qC(Zm-(|LTX;=P`QVb28+A{(bHtu(J5G8rztX7r|~d_gt#5uJel<#>OzAGYOg)mMzA%2PJ2c+C3pBEu z*rR-xv0Fu_#rQ;nBoKIXs*U~EpR|ZqmMFkQH)ZB{)jy#6#vy~-xI5U-J*2{d2xGs! zkA0^t)ix;ud>C-PtjL#wM&}O1ozZtP*g$E&xLbk{yWeyS!cSRPwUF-SFC)GG(;V~h zKiSWh-SNoaK{l4YT|dntA6OAB6;3*}wMELx(72j1#GD9+w%E&abO5ME_^*WG?fxLG zx3ACwUy>w{gJH$z=Uih%iK3v4CP?c8rpOyU_x(?_P9tonntCQvMBY!Kn|l@Q?at$R zK8;u6zvKPc{~wDiEJPzV@VV5qe3b4x zr0hd~x101NjAh<&4f{Fo8?meDd>qQ-X|zD>QeV`|pWlepZkK>yIb27AT=Jf6>9ch) z+K@+nJ1Fla)cDzcARDFp&;3~}t60p=rqqh)uZCp*@^}BmCuDUz_i<`yn`q&iXI1oA zZ8|@^vR^hTE&hW#wu?G{tp3u?aDe5>GToDd&QFX>>YR^NP$_%*WmIka7VMjZg-?Ie zNCrkgA2PVz7iWds444egXTl&nT84>-O?w?X0b2}tJ&F3PZN3|X6Ig=wi9|-mRS9S! z_ecPqK=NR)58i6gl$B?#^GM;f)6HN;*5i8umzTgo zq+Qioy2`cdwrX^r!QQrh`g5hpB2yWYy;jVroZ_~hXh+!7x<30u5bvLMOG6xOX`=#n zi>{EDe1(1FAlA0iK^Cj%9wJ%!^=9x2O={uGhhY~V5o=(Vzp9(u5qiD($SKO1X% z8$rrnUES{CuFvB=%Gh=SC)vq4D+dQ{+?yl_FxG z>&ZbLa^W`j^IGp8*Zz)isdbT=*__+cL#%g(bA`c;oJY{CpX4;`2moGEt=zH#WU6B<` zsUXm`(@xJ~yKQ{Js2>M9X}yE4gTGsfc@ri2?*4tg12MuKKDaeuD0;61@tHC5{QzI) z11C`j=V|C#C(}WqJA_!<&J2z$Nk6VWLZPp`&&Fl8$S>=1hH1LlGEZWx;bIIfn|h5wzSAEKR`1|b~0SY&OOG4Z=id{C3+3^OYjmd zVfl2CEvn}h;z>;c&WFZ>3S&7dzdz}=xy3g(D2rZ_^6>JexF-5eZ2hcZ&xLB;6<-S9 zPTt8Wm`#ii_xb}x-dA?q7RO*soc z3#pcVeDGexCh+TlVao-l-a^~c;TNc4kN)4o6(!ODK)RDYToxCv#h5*ja*=BJtDrnC zAzCt?HBgL9L5$RHRPcZr-|0JG92E^H;Z#>&&+IqBU#LHu|5irI!OFg%l%svwwAFu1 zZgTieBJcdSK~zdOlfC>JLj;WpkR^HT#zOzSL#4;e;z!N85XPNbF7~M&Db99`lK~6Ged&@$zL$0E zyr-WZmmlNwF-25i)U}&2l)EUkeHoM+VvV#oi2U06Uch9aY4^^Gl^1V@*~x;F-RVf+ zW}D0M*Suoyi22OM-RbNTWpY|x&O@K^jjg>@79(G2qlQ}QpGC@|xB3S}xX>ozbh~1f zd2yuKKYe^gscQGpY0Z@K5z0T0w{KBX-t6u)WOiu!2L(t&z7+>LlolQ+W=BE2<1h1U zH-en=3CL3Ws|ZYX`c0GzoMJ7sd6J)yQk_B?GAAfHe1=YlUf+H%OroF)y#>GDi(=vyQiWy!%!mS{B-AwFBJ(Xasn${Qr1H-O z639@nj-L!?wj&fM*810!s9aor3+yknrE@|qOGci>TByDnYjfe5o*CyeYE>qgxs&qb z*I~|KrR7emt<|&N&p7+6~*6NNzJt^~7^xIW}L_nnZs7N>wIk4K@vSEm) zhsU93icWDd-hgcie>WS1*Y+2LxgvACCX~ zEYY0t5*uq-!(`I4br?(m=0&iwC4Jvo+t5G?;bA1Ue8SMQn%NKofCMiLM>H5oOOv`K zg>vG54wg_00j&2tw3kWHrt;Zlx7fEu-M8F63*!RcG!Zh74nl@vl?3dbJw#Lmi^{{| zT@=`$=;il!D{8c(GP(wiJD#=I-6rv3lHb@TfCok-+vPLMs~r*dlp!x$wl2|c&VHp(bJrJWnCfFd)G%vIBu=_HuLu{+y^{^?{5z{+I_iVKesYRkZ9%6*{F;9hKRL1YwC{#6(=yZswNJ2hs8yDM_ag z2qYVGv$P`W0SdOzK8t@eQ&P7S0Y)Lhe+GsaEi-D8Qq; zv#&Nx!aN@$*uIu}Q?&a>8aTh`BYES)weDl&b1T{$^*W3uwzVN)$&s(E_Eg7B!6B*N z8^%o3kZ%jk@5QN_e7V0u`_4?)R$oONcc9JVusCt@R$|>1Ev%kt&GKYQeWvIt zrEI8g~h&`pxdJw2REms@i1Z) z)Q&`zKg;zKCMqSMI-unX|CdJ?|2)Jfo~dibAs<6xiAtp4>WgOY+pzP@pv04gdLz!) z{Qi=B)Cyi_b%i@Wha3vz0re6RED6?U^U$4p!HP*V8r_bva9`HpoAmbEb+*t@*{q-p zpY&eEl!^n*A&bn$RQH2L+X;FS4&o0M{l zcFv-fv$m5Y;4@Fgeup;&rJj%TihTZ@NECHBaHYp&VIm;hzaRSitd`xH=_;%6Ywnn+ zM|wJG1-<7FCgWVaBamu`12yl&;T=D*q5KSo_w2e)l&EVMo*)`p5K~ul_{9;rLxB`g zu~qzlapi>#C?9*-E1Kd}rWjD@nDyqVD?r`yuGUOymmE&q0lhq!%jPN0KgJt9YCT~! z@ch;0x+?0BtqcW6h^!{Y{fN3$P~E$J{Ktzvk?kC>0#o=Q_e~W;P`1~=(PuglyvKMQ zQZ^y8GR9kmo(Rblk0N^Xkiqw= zkC^qo?l5D(;?QnpDI3$qbhr>-bQ5drm83 zqPaL9Bcc`{VCAs_z4{((CNOjRYjeWc+;OnV;-iKc&jXo?LS@_eQvnr+P23vTa>#M#Ea^rSVbAI4OhOT=Th7kTIoR!9LH2EzMskc7jD77^ zky5%wPK?cK_X~`aZ@-X(x0&b!VuGt?L_Ku&auSqpp%B^}b|zeda*rdrl((L(^V6XI z8zsR#)6-8X-xrmcoTBj>vXfm3u0lhCv+M0SgBK-H&vzF%l3KUcN%4H$Poc`RO%xWH zKJ9qz8tUrRS^Mr@d$EKQ8(DbbajolZrzj6>c_9UPx%8$nZk|wmj~msCjOYWtxs4*0 zu5m$!R*oh0^f44cfiBRHuyAvPLYW#5x;`E}h2vSng_-!fDkj1$+X%?r$rt>tD?W@fDLY@n2 zez#4ZNW5pNefH+!Dt2`n7^#^Z4~y%hrR@(tO&2_Jo2$Rp+uzFb^whYhy6Ok5;Q}YVkrD36?*!2E}`&@5^ov);8?HJSGs`M~Ktf9BE>k`8^`Z#tj_eQ501S@Tg zapwapNIz5a#-Lk-?8|Jd?NtK7_r=~j#XhX;-!X2;WQX85eW!>@`y0i0e!644d?a-aw?A!GW{=YTy|U01 zBVClDabKq3&aFHvnBAuD#ilB%B<$@uAgoR>EFyf%>4t|`%~buH^?aR6!wEYf)75e+ zMF}r1A=}o80P+HCz~MI&nO?#5W6#@mZ#ZQG?OMA*d06Sh;N?|zO-+ps@^hR}3wa@8 zXJql)%Wqr^65j#wqOQ(|lv9Eu!uuf8$^yP2>>$J?7|QZFxqi%pDN-o~ASdC2rx%3s z80XPrJ*wX)9SL@3Qc39l#;c^zj>}Vm|c#PVIO7Rv^^t8F_c5cd-Zy4dyb$_B0azf-mcdycw(B}f?E*9(nubWEP(YI^^*{s) zl20`!v1&cQg~2uLl67nXo2Ie8W5OV8-!rqmhTbtlFG8}qYl1hTW(9B{RkS5+{hUfr z5{XLCc}8=umc;P%fc-z$6nZ(AJ+2RJri3xJ0QDW|9z<*a>t~*xH%0vbtD5@u`*SiP z41;1({e!Ss8S1eNFVkd!3srXvZRg!4(p+9mJHBJYMnqyp-i)D-f+Vz`=izcq%M~!T z&^Ra`I;XfJ6#1f9b!5Cs_V)P5h}-*~dLx+j#M@h~ejFR>qu_A-i`PkjlZfkeRDc`K zBfoJ)F;HTIW0{J)JZ9Yw3{5t(RIrh}cWG^@9mE$eAn$^>YW!nDW+iq&K;Xy0!#3+T zQoVd1_{+rwuTWSF+}PV;K3<0d#PLHT^HY1pl$F12Y2&+f+4$#h?yL@}pU-{Xz0v@e z7<|UfcAc9dPTn)0pa(C6V#Y|6%KDxk7Wypq(EGC5z3Qt^2aby>7>^B;(TqFe0Wa?L zC{*NKFdxbRy}Ge_En$kn&5j}M|WzGXJyXE^TSZQPpKXF8=eO5d&Ba`9ImNM3+E9X8PE zVM67VRV~ro=sACa!OjE>F-KE*;1id}f7Zd@hMzb+C3H7F_`5Oa(Ql1`Unq29yR;I! ztO}fmPoh<|B+%V6gCo{cFR?}1-%DD)&Sayd4kf=ClM{G2M`J!zfP>C@yj_>`1B0LM zuweTgwcI%y*t*XC>~S5-9l8jTo{(O~M}qtFeH$Z3+gXkCo<5d%jE!gR&%M@@8}cv} zQ$(cMHu~1BT&xy0d91zfKTE4QdgQf_d6=!fW7s*->!^hHmaQ znpH4iP~sw2Du1ZowP~{(cOv_m`x1O7chq_x-hKpMATMxXZ`Xt-5b`N23%HIOr+8nh zxFUGACMrdJ^Dm(d`_Ay=J;n7k2Mz14RdDc;u)xsBuKmqei)qO;oH^{@6h3q zxh^#Sl+7a(qlp(V!%uPQN6&1R>woQUNA8Qk z`mq<&0fvKfI^B6n-1Z7NbM2O>k8Pg4`XU_FM|aKs*k5V6hZ*<G8I;8Fmg4J04fwHdsu`{IXo|qEz61y$22#tF)c_p(xrDqsEH4c&>E7BCn)Vh8Y#P%Gx za0sL(h$2ct5AYibSt>ggyWf@67bI}6>LInY0n(3u0d#p(QadZoB+P&3!B_B)&(1V( zX${hK$e;7_@RVw4-GyJhmXJG8lD*B+BX`E$3JU9;;U%5sXuRF@@0OZxJ-8PCtxEKY ztp!wUJ!o1;y*B^T$(%`$x47U{B!%~v0C{K8k$4OR`^Gz5chc*WZgFW;{wczZ^^HA? z3hxFxt}Ql74hM>oijq80@Lgp0JL%ES`nqW;-OWp&F}3rk*sbEFQh<4R&5BG~#6A4Z zyH1o-AS0$%X(Gt$Z0ceAXrR=g`2o2RFGp*U>eyZ#gQ0n;m4FZYWCL}f{e#*?W{c1W zG@-Fpcyh>WzXuq&C+c%SwdAsp5BJxg;}tjxJ;d5`e>m3(n&4?j3PtXuF;@|dc(P_@ z`+Uoig!y#MTnUAVe0|A2R@A(lJHsUM94*nIVW&H7@ngW{fCF*bth7(sE91XGO5lzP zit4Q@|Ni^h7pKNm>4}L!y2w+?zn6w#HZ=mUVZ%-(*|fhqqd&ZS8KDmSE%x%_VCd4$ zNt(2zy20Wx8K!F7_sEBOoX`HYrF4~H+LD(8^=)lr2g|AR4r*>Dd@(;Uc z7^zb(d^7B5a>yg|q#0mfMM$<#gD57ONi{RH??cEe6Hg~_JUGxR6TO~xbj>|^l^#X0 zFoKwE1mj@VNSvSVpl6oK@Pue`x!>SbMK?;xrnjBHAi`R6nN6aYMiM@O8IMq7Zj z%gTB)&1k$o>{3aI&B0M#I+tG<6&3m(aqdq@3Wf|<(HTKb3NuXV9e@$k`~0@6&~2n0 z@5C9?|1c-<|b(Pl+7#C0vxod&t%k zS9!;1_Mmx^&Ryotzjzj=j>2k}nV%mU%VhvY{6anrUy+CHmtkLXt+=+-xWnqa)I@#H zo-KI}^-T6+@8{V!ojJk1MS~+uSwH{Q>7+Z*y+M0=@{8MHLz9kO(OGmOLq=91Wiy7` zWfUc}8U|Mq@?}Dmext9aql<%W4JlnkPd)w7m{YCVR_m@48vNm#jJ^HS$1&Yq!8ijm z#2pI}{4aytLO4o^AFBvshH9(R?)47&;b4$-i<3f1F#Tz(HSlq&Jo;r=O_`~!MFXQ^ zFEb`He65;))H3wFzKWmacH(-D^_<(jR{;Mz#ycApYG(Z-T@9E~kLDBBjrXcK!uX{D7~$X_v9P6xP99U1B=|8b$x0*LnRW9ExtZbX#uaqi-~W za5i*s;GhHGjjPz$kbv1!LSbh1OKnktV-Gn)iOgNmwH-IRg7jZ=fzY?z_o4kK6vSy$ zHy>^Nk&#g6cl<9ami-Qo>HiIv_(5K*eU%OS@y6pbF->EiGOv$zOqUjvW5V;jm&fNh z-_}nI4BZ_q`}}L>-$2m83)<_sQylx+wDuxP@e(Ok@#*m;<(Jk>Ij?X@WkWm$v>oG` zfedCAZ+eYfheJxna!i!WyT)naqU#eUbUX<9P-x57J<216>S>hN%n(vb!rMh_N(ZXn za>+P`8uOguzH?`&UgduWe9&=rN$FL3-&U*v^;H5cdStWn>iYalcI}-2Uz#)4^eODn zE_2SvE|c&~X;@>uWEH^`Pma^C(Tpv0>)x=k+e`=<9-JCUCsTa^9p#%rx4Zj58Jw$0 zTV0af9+F7v((@J1B`3P*I5Oydb5vi$436k*R1U%^&b|2F#3ji4!(0t@JsWIi*XGQ$ z%gPvYCG8;hEzy48gATU@FWnjkHw34j@;N6)zsN@93#g8(cdesb>}LD$k|`z0EY23SqV4+Os?w1UTtG36vul4iG)!)L5VJCO zgruIdR+N@o+ku6dnU|!d5V+kJznq~ZqPF3cx8C+y$#yc;Dl!$2usNJ5X`@wH7_r9- zsUT~Sov*iDENS_AchGGzkaA_`FdAj@2jyjPAi1kuOkq;Ye`cO(zI_puMkPp$!|I<3 zCXsSBCLQ4W%EHVl+E4yHHfloLWUbGYB`ew?SFa@JtG@3{^Hiyfp>Q$mXJk=m25I3% zI&fBHKMU41N>ayMa)pn2-&ZIls&z2ygYM=5 zUaD!u*48$~^->9e7t0uSf0%?U8RK)>_X<5bC&;6cVU|-y*t6aqA#I23_Hx3jE1R1o z)DQ_v+8k!}8B~c^PTOB^41m_q7AxPN6*J&)SP@jjeQFrK=xtAii|^h)J}Ub7ip0uotEWa4iHnNSv@rV zOBwmMhNnOpE5V2AGgH66qF!W!w~hqc!-P-o|KO*;kGI#Tx3@k|B^(I`uw7&DU{4>u zO5MEP(7S14ySa3ah+b3ikWh#UIz8XlYmEuE*`xryxI14eWM*dL5KRB6vrbbNY68jI zBzLA2-0~>8pe4GJkm^%Y(tLAw`)kW}T%)1*Qo&tlV(~i>xo=Jgm$;i--!Bej4uAhB zf&Nem!)3C&(h}xj@^KB@^`$?u175 zNc&kcRRD@IaB(uISygkWiHN68y$pQYru=8CvVK$2b7BN@Q$^R4T2YgPSkbU>yHd9j zMXS7RNysW=I37S`Lg=&%XE%->y=Du_^~OBIoa#i1SKMZB(>-P5NteyE9p>KhlIoQ9 z2RH*!wR&_EVRU52?RDv)0@uTjCRS^Ao;OpcyHuOsvq{|m6 z9s4xobL@Of*-93s z9(sgpf^G!`Ltb^iqG-LKE;qUhBb3InB{ne^thcL$o8lP-y&*@P;1bBeEl+kLXo+y8 zF;eTvw1J737OvEmbyLORRj2ypCuZr!@Lr%K!;h@eJ%)HH5EBy%tWMIEG-YS|m-|rtanNCXl??IHOIEA9jZ#y&16*GS#;W)ws5dIDol@_E>lAoV^T0IPA@y#l9 z>&Fe7qv|})xGfhZvYWy-DuIOJ?EVMyN9GcS7MD(g?KZ*WlNn#ig=dl}vmcUd|(NFUnU_bv@rP;dgD zMkp%LibAn0-jv9c2G-QIf*EYstK-|SzXsjY7oFRIX*Ru(GA`iT8JA`yCTn;-nYdI19e+1K}cc%k#t$=fsNf-{QhkY|C4fqwhVSNzbLwK6)9c%bnkh|=9Xwc z538YZuu0vfPu0o0ypYK5OF%MeO?* z)d>SgPJ0}!#(5bmdTm-*<7PX^U)cdOzcZA*)xiiOM6~>oNj6sK)pC0zecv2}Og%2Q+oY&?O|iDRAz8D=rpu6zb7hRDH(BQPQ<+DIV|&({vM{+*Kn(0LID~UK9>u)2S`g-bab2Q7KIk zqXbCy5Yc$n1`SY8{wCiK!x)(9D;-jk+t;$P;+K>Rbkf)Ov8(qB`yfnCuJ}ih1kmC4 z)7LMtxPDfbGzXU4(8+sRu@k*PmzUQf);c|RWl+Y(t~+1J7lh)+nW4ZWa^kxSLUL7b z1VyvqL7j~uCRQ_%OXtwO%)*XYKbx+cU)OGo;Cf9+rRc-xcu~i(g?0(3TJNYi8ixN8 zx7f=BTT5d5WE+A#LAYg=`8rGZlap{o48dYfHu0`KvQE{H&p4dxip>8~WUT zD24B#-D|g}4=Yq)@9_NU7D`qN8j+%-jsbAsl974ej*}h;q?%V{sovko?a$e8w0D68 zU!xA-ZCuTAJ@kPslI|npUj0Cjw}shT1AX8-EgG)y6N?)E5!DocCyI1Wv*WEkyYF2O zkhBKQ^q|Ch+eSN+|12|nOE5m&Yh9mO7muOvLm^v^+N`HEYBpYn$Bh3_c+1rSyooqN z(xDw535Q~Jyj{Z_ZH%jEU3GpV`1u9$kcjl)%=P(o@_q|R{r4~O54ku#iP{g0yY})I zLeL$+d7BLE(l7y9yAxTb$;nxXo#NN64<`4BL*lzP7419E$@w&))0$;w&VUYOj#i)I zW(Vhe`LR|x8!d;dUy(^;RqbbS#}*eyHkKC-HrrQ5_me&Pu{ySHNHM$?a#LElUAq|Uh2nTo~{|h6FFNLt{ z3=jMxL%Mlz`)?9>qcfKDuUCn0TaU&QcWyg4KE9B+rGpjIMDmX}E@YJtc~dge`%yF( zFyl_fVlT<@E!{YTZ4nzrEd%{~?q)yhp-Oa9V*w&=9cNUL+}_+=G8%{ddLQhi$-AH? zlkPS~2ENSa+QYQQ>bPW{r&|H7Fq7PP?X098X~~{^Qfy5*YK+%bbSNx}+O$LS^Yiu` zpqmWoV>aU2@S~`s%TC!^zdr3W?zNo!=`E6&S5lD&Xk~F zN9zsg$_cYAgW@!gxVJ$){F~Nuz733333Of2q-UKbz#6@1mJq#!xbDP(Ayot4HA2^^ zms&|nOZfCK=k-zQ%&iPBSzmIyxyJbQi(!0@Br-h-J7tlFSNsAm7uPP%*zbeb0eI3s zY7*|3_Vs^b{PE@W?;k~5*E=)3#r`*(o&-vKyhd#RMauqCW2{ck}Vmg{7%pw%uBDF^q%-c zs1DxIQki`kV{GU0J8@?DGz&C(r75C3G-vixpAacv#uKwj6|s1N{+WpT+AI<`_jQ+NU!>NTXmjHlB@>g(Me_+ZOG>ULTD%RQ{cF=2V@4;67zBu_h0jgvr_y4Qgaof! zFG1K+kAdZl-WcSf!7aFB#H~Id#OLXNHp{Y+(iv8|i9O>K{fsk|23X=vrKIyjhtP}= ze#}q}Pz=MKB&kCAGZlHIKCRFu@w#UxVf`Du<588o9E+Lxma3+E_?70S@{Ag0&J zbGMXDYoe~HuDi9X-Oxitb1fQA?eI6AsP=7pvh%~#G`P4^Q?DhYG3RtFHq+3!?WTP| zD^M|n`%zZIjouYZo0iVW`bwlaO{lF68->#hE(Blq{nc>TaqU5OFk7Dyd9$#iuAbEQ zj+$%d8w49fxpAkQbxyKCrs;FR<7@P%E@{%ZeIl>*C9p(K zJwP8F?!`?%S^}2Nj>Gm@9SiWd?6eUi>25zs1x&lDxP#UfVR(HL(-Ah7OS_pnQAQoP zC4FrsP zNX((~L^`X%c-Jp=y#Gy8Q?X7{+hXIsZZm9Ne!D>fT%D>|A8JUzM}?akp2=M?6h_oX z;dxO&n{jYrK|$|SGS~VUbK@A=NIm;~mWTgg|AuR>X(XTT1BGjND{g#pJ9}@85nzZ)hVA=d>O^pm_$=2GDdndmh532}bQ5$M^M-(?C7! zJ@XosWU%jj{#FcN&D3J^BQo3Wfo&bSx7|$f0H61`W}m^=9=@6?QH~#q?#@EahFH<7 zC+fBH-$K@087Og;21;85HXWo-pn=lG!Og-gm(29k&+%q*0FibXZ#{j0ABygT&76_k z87)Uh{z9D#U*G&jbg&K0wV@1YT5y&rxxtjOP5X{@!xSQXZF01u7EIbzCc-c96^SFn zIFL&AB&H<*^`F^?K$^!+2L1hmDoXhCw{1eg@!sz(WxiXVo}E?6ITE~D88gmp1bGMN zj-bmgP_6VHMQk{L2SjAlOCOFudL*64g4kb!{G8Qmg!?S5^zX@`9l4`r~c}Pt$4vn{!v>PF~4=*d&)os z;CyPbws-nbqdO1wike#8W#ec|8te9`ycEx=6o3~&kt#t*s1Y}Wy-D)s%_Nm%4;^W) zW{!k39+2)(ZYe&T%9xJH6DKV;vC{C=li=si+%B9BIogz9=M6d~zoq!@F*l5`7t}N% z*YEv0WoRi?jA64}1caR^skxDQ+>C_@&2G0s?(-N+ypjh}hcP z%q}NKp7|Ml(lAI&?gkV04JU~d+BEfrEd7ezBzMnix3e-T5Q*9YQ-<&h5@hx= z1rHzah;wqvGyE##hpdDe=RF0uyf7lQK}BF}3Yo!0Zi|3le{?lPReZ%4xH*z69yFX@ zEW)vIHl2yqhC}ii(j$N|`}A=LcyjO>7&aY9hw*~QkC3B0Pt!d&zImnk?CD-D0Q=7l zbsqACY~eiRYUcp*1Mupf*Qi)05k~MY33E;Mx_Wn^FE3$?sQ}Qm)qo1DvW}!UyJ~GU z%$+PFgM9GfXWxRn&F+aRDKoDFmynP9$qPD*%HQNseoq1ezjT|}86tv0wPRm#Q$z}4 zMg=3)c~F*H)19y>C8Vi(3mT=i>Qx30;{n+ah33I16} zt2t9Q)p}9}La$7VyKxT8&$n) zzGHC_#a)PbWsLrp|CD2-=$qKMPeKxjd(Qe)g0zH=-MVJ+#gOk3mLcDHS!t8jT}lh- z-dUNE4&=cmtY6rUL{R-?0*e~;=u=M!l{;E-@?p(OJ@wP*c)f_wUnFCq^)l^SzuW8e z-u7=0RpmRZ0~+n}X{Ba+F)X?u{7JD96#{pVA&SB^WnCe4wJuNTcYe>^M+I%?qveW7 z$Vepd>=@opk88hlV^fbayS^pNuExlccFC_<$lC<)e?*p-n721xw&RQC=|W!{qy94{ z{=ttjMT&^2w&*ytq{Tl!KmIt1BTgzft|42d3lfi(O$W;oiC zRS0IujZ1ow*PYKH#4XX*y(&Zffi6d}BtTLrK7J}L?spw#tb2Pi9PaKHO;xQJ*`O}6 zyu5yNRQgQ{FFx=O>79W}+sw==6b`yM(Sn~WWL|_Narf{(@QyPC$K%R>+9*9@tcuoO znUEiSU1yw&>+SFKney$|XJU@rUme)lU;fiF_~eTBJ*XKkdwTXz)zsmr^L?&N%{X8a zBgDj?9)MREyx#5c{23Pa451y;59Wr8!I2x!y&lJeG87~?R(Ty7)2nasb{vn>w ztYoaLN!oReSkNv}j5-W>dtF1-39Vd^O-R(L{?3?5A5QT>jX^n!l!!UMz@pl+STV$} z-gcpQFL1z zvMckixm^-rTYIG`8(q%Gc%Z4dF=;Q57nvleBD2!-AR;3QzDjOB)vFW^TE4x;K0QBq zC!d34Uo(7R_P$WrLXN4KD$ZLBZ5m#@uD$y7mbgYsK@JARSJKg}sCeU}^<*vD7z+|G zWM_yYP|0Q^rxVp~*ld4N4qu<|p#138ru7>zV+D9ai0>wxAUm39!`!E}Y+-J$vA%nN^D+Ed|=az9J&H%;^*FL&5}xY5+>?r!5&uyd4`AxtO25{07U>UDf#e5s94 ze2hk3LWPA|$iaOd~109iMA(hw*EEB zfC=8t&PG(}&2R?akojgn$RA65;X&QMUO+`J+X)u=XIy{`+vUZ&rBWLXelu+UtdNLh zh@?@*2DXh5X@+m@z+TIZ8fMqOWgC8s)XC9NL7RX&M1q01TOAKv<*^?X0WP6Dp;>-h zY^;)9IoT*Ku8PxnZ%{`}6!^r^#vkYQ_N-5hEb77+<+S0O@7yU;2! zg{8^O(dFdisEUHOo}`hc_m3_s^|XYLsG?xns!;ycLMa95l?OUH0rS3Fj6hWRso4`U}ci_3n0Vta4m`CwVTei=#OEUeAFWimu;chT;gQ9)9Zmhok=c_@s^V zmguDaTY6gBwWyR5B_AI|Ci%0|yChnqjYsgcT^E_+gzPz&oPMFjRhz`7I9SP24V1dD ziL5F#UmO;)_ExwZMjfomijjUhJ;hX@uS9bCJC+QBB#LQoHG2r@=$yk-5*gy-65LpL zkqU;YG0kfL4NK~-wmNrU6wsAhXx`G&c2ZKxjFr3k{LVT=_w3?Cv$DSa$$o9E-Utti zU?MY1DHAV!%q{=>muUYtvHnT;F-ByWML@J@sK_kxb*i%N>BdID!lM2=D&$&- z{y@n|?`L?oVliJ0;yI9=8?0oj1zx#3uRz7cyFPO}4YCTj4?vlid7akvxhuL^{R%eC z=YLqS2tIfF##CEZx06GuL+mu3(N@gO%P$^5bz(U!krxo~)Wyf>2{P<1S_=&gEspF_ ze0&dTEz`1>;sk9uyE$ptD^qixt|qobKho+Adw~rxNMJ4nM7nxEmvl@8kiWh<5MrbfMV%^X#dsL7&|Z>JAVLjfdMq7Tkizfa z=k*dI-&u>05$hJg%Qa`^t+t6$vazzF(u%yYwY63q{cwX8u)ewb{vB!VbZlr;7`+xB zF`ahInzgm{RO#6(dwY9=PIk$AR;lMJulVHY4#BW$+B@gdQ`xlWJZI0g#=N*38X9d6 zf|A7~)(AiM|K`1^Z)X@2k^JkCyv;&Q1H5Gc zuP97hEJ4*SXX=%wq0eKqv@L_lpIEFqa{tNu`ro6oi0)C>cv0I$qvL-w^dAMv9Up%lBVUtAJdB$$&8OQYe`R!RO)%G zHm{;7t-RCgUH$a638bpXkaqco*W$XhBz`QZ5UZd`l1eJiXx`EI;Jfg<3C@;wuA^dsZ>#WCkT|8 z-WK+5OZfAQjL?%!Sg^9zvQTge9wvA|M@11cl}6>veU0NW#gB;<$Rf@|v9x1U+}hg^ zDl|(vu$`6x2ls5n#KXy$TN(xq0m3fUP9#Gb9iHlTVV@Q3AOUArS1&3p&dCeJ#3ZmQ z$>g=9r0)X!6;L0)>nmWOQ{1M`xBt`>SSJfO=A}0NM1p^9%|Ckt2D=OSfq{u2l+LAJaw;;D=*iD5`pxpcO-`ZapzkL!K%0&67gKD^XxdwPGdj@_$*2M~ABH2`!Jbiptj+<}gp8gt`H zMTJa$4D>h!4>yG5I{A1&lyXa>3})D@SLHU`RmQq<>4D;<^FlP$uSo}UQlr$b0a(Zi zz8SP33&IC#hdXYbN@!`pQE1PO6-u=^LNNfFue3-SFPlk#Dh(gD%H4txC}~vHTC0ABWUh}8l3$bQRh;AqKe{x;v}csl%fL8b z>q8J89o-@%?{O2x?}uyr7Wv(H?*_bDJGw8iK|w*G@`sm1AAmgoYJTfZ5^f?%ItKqA z6aODu*Wm;wfjMq?8p!mM7#P=-F}yD*5>KLt1hsu2ER2o9PNrN+jlNfk^2 zPA=Rwb{$PsS?Xr))JHl3cI-o@go9=G#U|bWr70%W^CjI>tepxS2;xq`tqpzKje=t9 z?4~{Ar8GKY=x6R(Dl;!zG6QEr))5_e-xLb4&M4V$gfd8fc&-1M?;5oE>eq2J#YO1Q z@{jQ*_WJh~;v~pXh%;hVBwRwjck(<@z{0`LGi)Cu9syL=OpNNdnXLqts=RxbH72cg zKM!tdX-_he&e@wiP!PE}yLCNEUdH$Y`SW=>y?w8VB$a z=}JR_3XT8&TVlXTA(9pvb9t%ae(ffwqK|z`f8`4EGKc!od}esq4=5X)sYER{KHiup zwzCC2iCma51OOfF%vax~`$c58WeJLY!N5pRkPTmVZeoKIhY^QIIL)t!)IF_TbIH9} zNl2FCq+5%ENBGH%VkMFCxgIMVFQ(^63|df0Obw~A8Z?*;6UD93Lza=FtWh(aF=2w% zPp*vgey;7oj7ik-0jN95ri$Q}4g0KWb z;P!mpfv5%#uSujN6o@vaT{}TR-W>{0*;uNA&D6hJg>gim(@-fX>9J`ya`K+SpfcC) zH}6njyzhNU9HGJ;d$)Fv#GNj$$5gtnH)ebB-KW*xbbk=PFXeLylRB zT3RWCKUy^L(Z3?Y3Hw4wkg$|e&s}2E{Af-f6?t&?K;lyK$43lDyl*tMWd}UWzM5@r zj~HEG^kP(%dPs!3d&{(w*L^SoGC8s{JL^uFsreX;2fq8F0WS7D%)7f) zo0l81_3s)A1_>Q4U|~V~O=JXeP zOis#i<|sJj6U6XYm&q(F@_w6)V3*?A)`s3s668}N_Q->pwF`7qIN1)WGB_^!337A0 z!6U+L1o=(Gb|Ay{Mh$d!b{73WN5_n5PQeS&QZg_=t3B!NGk20kHOU<%myG#T-EVWl#pXhULbU#SE;vvOVao^Q+-;z1K(M#Rw(8u0R^+l;g*+K2&X zv8-oe89t;$$CaU>G@kO<_yaW3xC0Y|>8U!UckGO|%-sV|GN9`Q45fHm_$G$Gct81K zP&SDrJ&=n=Eh7xEL`6j{swH>pn6#qOC&iaK5mdpx&;|W>SNK%2E@1={w6|x@ihO}M zHor@pq3k8!!2zG&n3cMSE4%4(d*_b*%mIkO`^*N?nCm-pl!kd_m|H#6qSv?b9&puI zcVjM&O_->v298nSeDgCH*|<21UcSb}maGUV3L0P5MYcJTN#ow9g{i)c^{9#1`%7-PP`utV2Ww4>&( zRUu^gpsVX0Dub4vwHnVsVaDKjae=5Zkl`T-cS1M5P#zd7p=gJM$|(O{YGbjFg3>;B zk+5iIp84aKgH`bu4Wj99NZ=bHyMv78W;hEf%E~!;^idWC6Oy{?>u0Kvy2efs5JX1= zh?*l?-?v3Z8IZO%z7M>HiHNPmOY^p!0VE|SLO@y>kCm-PLD_?r8@E=$!60Z{;_<31 zIN`;MdvO9R?KiLp&Ja$PZsxEe_($r#H-8}7e_&I`8%iQOI<2}d3I;L6fusx+$@&Ij za`IJba5}?J zot2^6bMs`=CED6nNw3ZA%(|lhXxx2LrZ@Um>q{Elahc{ef0D1FlOi$|76=o^TI*Qj zxrrHb_v3(2WRy_QaA()@zakk9xtP3Hkj3@+Z3;peC$8T|2jfVN>+>&LcLPwOy;7zs zYHFV23Z9;A2gc|FLOI@^A3=%TNS>%86z~1&s;dnY6@zvqAjJTjPt#UfI`UINi4VpN zb;fBN3Y#_d^ulVXF=cwNapl|CXNoX+3UL^ioOciPi__CQM80{CDa2y9bP%$1e6(~l z>*|c+-;*D?2}?NFc%Ds)G^B_rT~q}L+v(Xw<(I;RWo-c0HEQ|7Ig)^NDpC^7L;e|* z0bu9p^2s843JoUklJ=$}BINE5drxSRji|me&F{npRRIJ~Zc`K2!?e?-+}7@fC{l#= z*4lyK<>=8Z-|tEz3Ci(V6?p&+?#(PKbdn@R%%j+`C9@fkG&VP0;`(tQZeyVrs>@oH z4syudIoV=B($G^9h^8u)utLRw;ro)s;-Cd3p0r3P7eOj z=Lr_Vf&zSFE804PBO^fNPUv{SYp;HUURHz|PGSyRnp2MQT1foT!(h+9N(AuX3t@o` z1D49DRAOQV*J+>`*Oh$Ic=T&wjk6cmcGX?Lv`?L}dD&}H;cGk&YeL#E#ZKxZj>c(e`@udcqMVWRh62@{!~&e&etmDn() zB-bZJxejhtGSkEn74=tkvQA&DcYcpM@_o$Dw@V*0YgXC7fOPviRsmm;Fc!bP{aIl| zIW;Has{U&`<;b&Rpep8;gJWLU(l83s2>}xPhMf)o{{MuvVUR%d9q!*8Z1JBR|5FUG z>mYk(h-+5{1sO*`e z{b^#u{HdI*%c{V9F8u*W%F0bdtqZe4rDFX7i*H2$f}3x>yYufGI?fJ(qsghFqf-iP z=j^P0B<6u<=kkgG7qut5m?-)>Eqg=Bsi)w}?X4IF=VV7EDM0H2Hs%MUHo1K+uT#(P zRE+Pu-9QL|ud8zH0ZlF^t{J28B1fm74;>3UF+cySQZs=BJ-WQOF&-42L2aP1MJ4tv zRP%iZw&bNGkSv^7UYIg_TuxGZUk~dnQbI#6L>Qvy0C4I{-#vRoL=!CtYuG}>sde+I zsT;*ZP8fAYoyREx(f)|X1dw6RkG#H|uR-p@|4G#SL#ybf3#d9G8tq`~8|I3;TYhNo zpHJkkKCB<|)3?hK_)kob>h0dPg@v6xh4dlRL|M+2j^*^^WbdZKgF{F=LSz@H!O#ic zm}lUK4rjt7`1sLP!BMspHPyK4nu?gAZ?C$yPehTLdvoxF#8_&f^>dyKuFb`X-%4d= zWw()(zxc*MEcPpDppM9o7vp#8;XeTjkb{uzXqyw?5O_8^e~RF<8RA0$RZjT4fSJZd z&A~)B<%GzSr|kOAe&+ZJh>FJ9UoSL##1oIf_-P`O(qs*wx=`4cUy`OMrWzPS{216K z*Mh1eRU8P-4f9F+opylHT;}k4&fL@?v*=e}(qjpn)8BX^G*jRZegtN)DacuS$_HXk zw;9BsnbHBnqKY($>KyMFFesm>@jq6$P7Vx7yv{S|4gcSs-3LWdV52KERC>C$k)yd{ zUwA9HMNa#-{&jSqQPIlsuSMNNB(Z>XVhtUGtJdKUK%r zlSPLEx}MBr#{&=%m*&Z+!U?e;`R1!5_5S=kBL(mFSB;I0m*y=#d{jWra(QJrb~6Sx zVsY`U*;tzjMrC{~Hv4#f|Meg8KW+lB(|gQ92>*!4pEtauL}g-{Vv6Py6DV7Idz00I z<9N?%r8|uVI@y~gXg0-b59<{hl^c~B;Igw@s0%>=_v#R$D>&Lx}mS`xv=O9g-a-$t*|Ud+gzl~gZ~!0|Aggs%P(X@8o_blRxRQ_w zc9JX!6fCIVpGtweVFLq4QBhIWAX=X$>vmwE7zQ^ckO1MMgJn{ei--WqA?-Y(rFO3C zh@5zv;ezG>6c*IgQ1onxc_ER>#n;sxmP}UL$ zxK)585WJvcF*h^A;lv7}edb?iVFz|nxnG9&F1#k=7!M^K2LN=(EZqF#uhR-g-^5pc z+chBe^Y-ST9}pHPG{wXV@q_sNUSN=Pz>E39>TRiNshdoWOmz!$z5uwoPQB{}Xbx^} z>I72mD&>rTw>`;&y^f1iCUY6|_^cE&lZ#T!d2)NxIR?z$D=*03$tH4EffYwV@yr73 z95zZo@NPllm!!)B*&IobWMAodu}Up4NgSC=DRUR#AE@=5wHJSO|0l4uq_P^l%PD87!BS_FQ8Zm6npDZ~%#( zOOEJ~#WRh)o$VizX#JF%>&4^(-6g!Fv_X?gIj3Ry*8RV1MIk8_U6C$l+xf%$JGh>9 z1py0UV_Cglt{w2ux3SyRZ1k=1WE5CZQIiQnX9UOh=Cbf|!wHJ{O0arOAXT)%kZs(&CP;&h>vy|%12Iv$$nozm0{ zzVZ|kwKtS_{JGjjax4gIYI7fjSc2yjWt8QH1Qm)2swNip+T3QPs~Z?_w2btqQ$$SA z9uTG^Hbgf9gAm#?UN@dh0)#`aZ~SU&odZE4+|&Dt;bZnr{1|;0w96q+K(vyhadeXA`n8!Tn=Y_AeZm?1um#3&f0y;clL2sKyH~jqTYF(IOeTgbn6i$gp5bl#vnf?euvx zwBdKpMwVp&d(L-^BSVrYslM~Xr)5C0xjC>Vo2XQJYBVCL%gOC&@Z>-Xe1ar&5ZA-T z6%w1zi2uI=_>WZP#Cvm)8E$VC?mOGs<^mzP;xGgj(z7qKedBX_D&;i20PvGn0GoX8 z?qN3RZwIu=ao}3%lV+)mozMaXV(9CTYQ&qqGEp4Og%4{T;I-}TULyWMRf*Ihh_rIb zX2$xJw|A+t5p%P%V%*A?(Xi7Bb>af4;Wg13?RJB3=(zZ>l~K@8PgFQa7XtjTjm1tI z^))v>q{HcHVRkmWJ0LayZ3r6?I5EenlC~!z!hVV3fTTbz+ThSaf=XYBz06LQw zxd752uFmos0IH0*K=Sg)xGAX;%9Nj9O;f%0fMBaoQd1Mu(<3IEFjeY3aGD+;m*_kI z6>#1SI0@=ac#k;Iy%cTX;YHkeOPR01 zxRc+oMQLlNy77S`p3#Y-5D^VYY&J>PdGSi?YgN(YJ;W!isW1bu^}_jK=hl<8{+}z5 z8~h`7a?1Nm24TXteH|;N4d0Z$KI_gcKwK3{!ihdn_dt^H)`fwAAr|yXnmJFFFtXsy zg9uxTlB%jK9=lCWDYue_p^8-0dSFoGhCyspT(=&rNF}~=UR(`gSbx+y!sdcUC*Y!K z7^FGrY-!jIu(LBxSECZtG#46c9NpkUTo74nAh!q&jdpfpf+G%Gyvx}2e{&yeL=YQJ zTN968@Ncr^T*WR0J;tB>Y06VZVC2qM^RJo{27&+t^Ol{Zd!Z2gchdNcE1bl=I-9s< z=(vPG2~aNtAK2RZ;-wO)+4mYrAZH+Vc?gj(Ay!mb88Spm!>Lv#rsL{lO(G`0*|d>JV9jc(5vqaybie%9l3wBRi&A~YBXD3n@UJ@MEK@#YtA(<(Srt?t0Mqpz(w{-mBMFUusI0g~t3+tRyXS zM;P98d5ywJFkXIU8q&=*y_>E3@Op zgL7*bsH}l6rTR10BL^hpbLbPG9!&~X`WQCLRXL~tQ7*&~88r4BGi4b9vvZ^zcXFT|Kb5mirl=)5 z+LuF3l-7G$9PS?q43mlt*&H01 zA#y@tAQ2NnMDn?Hawg?WX--*MOGP(%!h=325(0PlG17i(rjV<;+LOVgK=M4e`AfrJ zA+Aprg#wTr14h?eK{enZUaUMPBL#GAVS|C;1#*N|%T+5x!JOlHa&#og*A3XojE+pp zM@@|w01$IUb_$G!B{qDJW@9_6k+Zo;*JF_g9Fw{a;(S;5;?1eW!A4~fE~bubHQ%xVP(PftY6&V zVWb2EXDsC{ zV5LJ~WW2rCepM^nt4F~^5(YTQ8Vb5nfJ9gDJeX8gQ|s(1r3i(+$_A()$6S#NAZe%y z7Xa`aCD^6=3;<(cZfTb{H1aw#ICz{;Tu*X(xQzF%uqiKobESpKdne)#_4Jt#0()PG zP4A35_h+2_9~|?B3K%EzMa`CdQbPCn3#6X~)SMWs7OT2NEXg8xlqqEukeGo+rK9v9 zXlIVI>59nyl@(b;vJHli(mmwLD1_a;Jt-8uEOSc~f-iYSMUEC;HC4=$=?`Wqikgz8 zrS!2QcCJjLwuP3MwipT6J=)zyqluLNGKk(*DBj&sRx8L~q5rm&y4Yw`)bu++&R_Q6 z0kj`xLzedpvUET|u%9o3iKnWj_M=s#g{0C9l)NY5+KP(4TP`9>vWw!J!zg(&y}T?0 zxU;RTt?7Nc5dv&HJkgtg06J`Q<(;CEB8pcwuN`!d&C%9lmd^lhlKvhoPF*EZq`0?V z?A7$#EN)NKQz^^NiVToQrpcB=b6Qx`W_Rz!IAx4pjbTH8tH@n`~|EN=!tdxVBGTUbD4krC_{&WfK~5#PLo$0`T|E zoaVdE$4ePyJz`8~AwD|oW=jHrIn z0-Qv;&bxmCr+z&lE?ro-t?wA)d8OP`V^nNYLA?|}3Oi@3hr`~^j<9PXyhS-E5Svf< z#r?00)-&(VB{biDHK)iPw_c4Hy9Ioaipmc5CL)2z_N59&jLSGgz6F1&p-@7_4^r?{ z1Bo~<%fX6A%gi~%ZcXdgz zMPyeu`Q*X^xe?8yT|SYq(EUmiD=j%C_f(p&SdFB-EE|L1Jgkq3q*-t9L;5wDmu3X~ zR^Y}~V4sHw{3j{HehW=R!T-(zC~LiR#*xQo?-zj}6Zr47rU{8%_+4|(FNYW$mFRyi zjZ8@Vm2e`qw>72{5NU8hvd_QMMKLuqV?HsH9T}OW2)}!)uWbd&?@cCvutnn9?%5OQhOhl=E zF~XQEgCLVHpHHOPoQ%szpal_YLQ$6M;1X!4y))x@yVOYb$BK$WpyP8+u5rOdg8k)^ z@exp!E%iWO4v(ihsm^c+czz#UJ(Pm7Qed&SG2$*egjK>SN%-Z}N;N1z2^Bnk02cUs zz^_4NW4S=%;o)JdU`9PyH>?`~A3?;E47BTqCDcr#I~3)Je;(2cr_!Q|i%z9VVJnF% z3H#vq6ZaNrYH5jfdkEQDk?xPpw-xjDB{flL2>;8H0*ky%=G~CibPGMT`0ZQ9k(jl; z0rS((f3iRv9uk}$wfWf#K+);wtX%$_oKiB{Y?^@(gd47gjV*d19}eFGt-7YHscHZX zW0KqBpJibrT0AmSz&xo0X=hvTJzkA;KB?G2{))%b^AkBYtxkmUy5b~bz8Gv2#0!YL zCDzZB|60{xq$rirLR!n9BTp%Ok8|4 z6kJ0+hN9x4qrGojBB(*$M0vM~!@8=nX@*8d10;u(q`bYbQR7CMqH$!D?8i~jlD(yhmUaouH=yYZ-M>io>?}t zwpR8jM5zCSbvLnMng?FZ|Fn#WMi7n{;bNxKs}p(|)B*%LOjF9NgtQB*eHdfJU^_$& zxb$ypB;sFd(PZJ;%`Ge#k<8%YrI0bOi3zbnye8q%UR+!X*HQ)KUPOE>+!kRcXqSqc zdBq`9R*&rH=bpmROGOn{D109Oe{F6D9Jp8!r%#vcKacmv%^DJT1GPq6YOWmE9z0Ng z_q^Ng5WzA_#lQlO4)4y z^b?D|@zcMb6c28EeE_eVX6N5#>>qpfW*-vhrax@JOr_&w)SDd}MEkuZG8qD*MzyiA zY7)OXDg;P)fC0J8O5}VDPPdf0$jow?!lXmV$v}g7_*YinW}@t$dw96y)Qs-{Bl`6W z;D>%3?#Bo?7D@$wjsd8390f(C9P8twA5m+WMD=}64Gk(otf7bj5_S0D<_6*9U}ZWw zI$|~IZ`BGJE$yNU=16(yK3E!9|J%g=>X)p5CJB<L9Wd0^g~}!!#wt&jC@>hu&o7J0-*$0 z7qNCRU|cXliB~P7Ag}MFGsIk2>uaQJY%%~f+}k;g94{zpk}J1JPLeb?k47O4ke#%n zM^-q?8GqM})f z#^uX5-O=&Off`E63B@Si0+E(@jcR!?q4H9#`l0GEKH9s>!x$iCZDwT^mzanxDIpPA zYcV&}xRXx1KUZGg>!D1bYGRUqf7Sjg4(pwZpp>-q2yixTNeSKH=xDsraQq;7f_C;X zFquW($AHl5-Y&taZ|UQD02c1arpq0#(Vdn}EBR->+k#Z5MKk-=k2^SedHG>heEot9 zXObB^6yT^DyO5Y>n3Z=`j{$sI5gGr|gMYa?WABcvE|S8MB1T?fPm_zGdz{@ko!@)# zl?6Olk%*;A+h&{}->!;zikz3;C{Mos(KrNb`NQgpbH{ml$wnNxr*v2f65G~yLn*Ph zMJ=^fL49tHDQtLi@Pn?dZbrjP$FSB}Ypf2F-@`Y`g(%}4AV8PXbL>*3p`StA z`x<(_&b?$XFXZGH2yIcs z5VLZsrE`>|M`r0B+5(R)+q8SXY~w;{TZ1e$n%`z;Yk#8jNW$3R;`-YRj|JXnt2wRbUZw( zPbhmT)6r|7VrUZrbnS?es^y519c4{uC}?;RWyQYjf^2h|l`xJxzzrbbbMfe>)bqe0 zz`hYmm!-LU+iKrv7hI+P19ijTaG!nd%<%(jcO$WYP|b!~xTga;$>>Ex%Za-!?(Lp> zyZN&J8q1c33w=+2|7SaJ8d}&U;@_ut; zWG>Z#6mU|lfK#(is>*x6RcrxD>3`lg2Sp4?P-a8=d@%hs1XnV)( z;yM^86O8)+_dv0NN=!nZUJ$LRJ64Y<=oeAb%Sw}#72e5-3A6aYkQ4icg01;2V~TlV zTGEkVr8Rp<6Je2`^qNdJOEk8NH0qs7AGae-scD#mdSy;t9t$;a>eE^yGU$sDO@UVSS|&_SpMjm=Jj}UT597lEV8ujaWE^Kj1O|rtbfbn|4HkAMEE^1SU*BBDgi!biIsNr zv!nU?$|tbTn3{o}nFQSeoe>!N1@ya)1k)GuGwcKjw7`SWvFF?difv{Zh=z3(QgG7> z&z8Kk&Ym`=xuv6`8c&6J&|(nhbWI;r)79;O%|i7TchP}{ba58Za?vPQV^s7x#Ivzt zmjTK;0Z5|u@kaK;y#F1R1^T-Y$WfKxb#4s>Lx1t$x6<-P(;NP};;aA>!M>3OOu4J3 zR4f06>~$@i?+ct#P*qj+b#sWeJk}(`Lyhk&X-vY+t+@qQYxOIpxzVi8{ErRGuKT5z zu%q0^JU4(jp=M-cykxV0LNO^;D@AP}5_GrU3}+vjlIOP)k+*HNBj*SW4vw@aYwX(_ zqK!{PgM2r}a~78Bx>u+i@%aoM8!3he3kF;JN%?)KL78i&@Z&D9e-m+U8`O^Q1GZLT z->&z{Zq?jAHt+OClL5Dug^H~Lle`hlM6FzpS`1o$p`Ih-Sg1$u4gt#UC^WaVRlvnf zG2Coo)rX5Hve*w_qhfF>+0|`g4jNW0g^yTE0yqVFoV`V6jD(z$uPkQf))NxtY^1@o z^yQH)%LhM@#%LqT3yaxFK*3Ex{wo2lr4Q4hs2e%hN#G|W!s+cB7rUJ>uUN8ke*Uz*Ir;2$P}Deg)V<7q8ui)b z@IH@=(LRZWlkhpDB0mb?fPJM$J|a57ayqSpr}JV=j`=1MbWge?UWZ$SzS6y&(Tt zDF?eqPN%FHO)U$ha^3N=0aAbq9D{h6F$P8?>*r2R4woKn3+>|vn3rK7BMEnO6G#aI zB-<*z%5Pik`4<-#(u#IJ7}pi6PzXo*_J;;-v9|Ks9}aC!rNa-`Ll03_tF8J&NPv2BwPf-wet((X&;JB4(}eUM+7bO&iv3NB`GDcklwSUSoeq z>Ho&0z$fmhU?l8xolzNLAIK>B?l@57o?ZL*3;{{AfDi=-d^qj!s`JiMJ_w*YRLtKu ziIs&#a&^)Ya1RP|okaDNOY_ro^fXGtBZKyL*bRn)w&yF6P=q&w$Spi z+WmGaWA@jP1U_R#ax(5s_p3)DoA!q~6;;)w2U_*ASmrSvWwg#`tXySt`9Ssp8rq)Dn>;7#{S%Wrj7DV!^}7yGg*>5kSW zcWVkTQH#apZ8UCIM>83P0*#l87TW;Ss77Lz?m6eZ|Jm)!h|lM)(bU{*^keeN_xt=b zr{uN!(Y-GT?UvT zT2@w7CMKpW-C@7#3d~uHdaDIBXMhI zXLzyJVtcQ+oGrDa(N^+_kw_QQjq;TAL!=>^ zKzUjFamuxI0&nB;1Vl69k2kTlrnqo%#7FAdHMkz{KhHL+0nwngh6F>lyd^Fu6P)3o zUhC0Mi01RsZct_wqS{}46w>;2+i4&Us&;++cbO6J;h9t(yKm)Q4;GEv@mgQU`R><| zhg+{!xh=Xye!XtH&i?TWtNl7a+i^yf*^?o7831y!?Lb{jU8HfJd@cbYAVzfsrr+8; z#OD2i8)j#-t|oXtX0;0#8v$O{EM2pL=$Y! zcegN>oDa%Lvmc_i??z+~TZb1!yv!kLxp};5x4EtJ{5}$)_)9<~z^OqlB0!=&joX>a z+P>*=>D!|k-|fWb#k=Ko-#!i`JNNj4!J`g6sBF3lmoc~1%?d{s3`TFS`^{G)fj}sc z%+Uq79Wff(AX2>`txp}`2#f(1vn6)R2Q&KwX*x<8EM!CWJG|eD^>(-Ly^t&Q4$U9Z zrLW{{+P}ZF^8AFg=*{`=|3a>R`}jl)hz3p7d@nm2)oiiiir=>8dk`2&snfwCZG=84 zEZb~K${TdNkulYzlxhaWpw5PQQ__1N-by={B!ChILh=}{)suNi0*<1SjowdW%pMxL zDsR=Y7*Vgf+2Jf@cilbN<*Hqwxp~q-eHW_Icy&Gh*win z6M)~B4Mj5K=0-)f|H6i~7zT&k3NVcmL=ZspjW%3?HAd<_XXY0aW zN5>!}w0`v>s1Vs>SD19v;&==G2@kjcy&}#6$k+%$e>%8-7?X4fFhz469bxtt1_lO@ z47k6!HJ?UuFh%IcA-qZ{HR5b|Yf1om%~CM5rgrSb4d?T8lZ6ZOYHOSOQ?WW;;1HFj@ucIS}g+!>R=X{{1ro|FLz=(?-OjcFSm_rY$TtjlW+QIMod6fR{$L=ov9F#Fv zOppd5aw;V+t7tE{fsTIO)Gr~9%iyMPPBFESygPW30-|dHVt85(4i{n~dyBB(P2YJ_ zVAuQT_efve1n1`FCK{k{LW^fQfAdfu8Xn%>`1Cryt4ruCSqvXHVyQyU4~0T7^F@Eg zxBKtx-{*fleEY@9AbN6gBrYJF>HKgpH{9t5Bl~I%VUAqHUsFyf7~&4lI*YpYlRmsE zk2|OO?>B%5O!j;hl|s0eFtZ&LP5~qp|&> z)CMOZ@B4S-n=Y(2U6RET!8L3SmMn(Wb0v#vI|chN72*43!@asCYi36CS;n;w6QWpy zec^b$?>F%nVS+b02(sUZFs-_ujfinTgU`7@)sw=Ou3=v^j(Lp27K2v8El%dzA7@%9 ze&Tj&ub22+e0_$|@}vTtQTaM35kdd;=6~4WP1tF!20U`|hF_oDKBvIKJo8X5W5KMC zgk!-IAd8u%*P-=EmkW%dyqO_DX9Ah=E(g_k?17sq9AQ=s#MjMm7>5zzwWYOJlTKiW1C|LW_qs8v#vA2F<~<*W zwF}*}%edd7go40Pv9qh(EQ6aPcCCc>&6v<9wRjbeJq5UBTJ`rHwVTEX`+&Az0i{;e zeOTJIK1Atbago@S2DY5Oi7-$wRMNIvC1XFV?`Fz9jrxJ|U)HylTl4%PrJxXETqHSh zL`1|V#$_0A?4td~m#!Z^)C}*NaS9S}eHaKH0DUy!)Llrkea>WjPXdDyKXV6nas8_= z8>3Lj_iD6OB}s#!L;t;nC1?f8&YV5(FV4^BcckQ{0p3C+qC%nr!$-6UO&P57$?Ram?rcU+~Hi_T{|qb;bRVDaj-72N;}u$Id%EtBRIwb z2il9mdGUH=nk!<($g)>xFyZwNyAxR!HK6bOtJuVKf{@X#F_z6s%vBQ@oZ+oG($dn7 zSXixqNef?5N$`q61mCR!IOx^mqN4PU-?e+Tl97?kkBOIa)QR3FH9G>(bfMbhvl$@< zhS5eB1s7%)QH_m3tVOMk`-g5M%@0;|jskIcozX-Q)lTkPpPF z1IlHP{epiLbUR2}gVH)r30wd7gp}kxAD6K?iJms#rx*kX7obWPm0!Mm$tpzJqgM&6 zEO>)H6cki4c5PQS>Qs#!|8Qv{y`_YlRAh7&e06zVog5SMif^zG+TQtIlYW!ixKt54Vw{o zHVF&qv9X57&S41E>|7-r?-C-AuF~o+kH6Vm`JOavY6P(1v0K+baXP`ssjUgr7>2mj z=Mu{ZyU#}uaLa_@_ppHoi0cp(t)DjDE!FjH3P8OQ+<6>le`3HT4a6-! z+a69B4#l8_)IK?zSYD>HWyaMR)!!7Ww?oGUTG2kQj_f=+`!~ms%WlpYS9nt zZr)r$u37u1SQq5_yZFfR{YLe=m#{Vah?Cu-Mw16?iIK_CWSp8f*567}TPG?_;k(heK*=>Lj#j0J~Qik0f()ssl}G!)F|!$wUoysziEg6yg8Vq%#&n0hHZf6ngqL+h$VGYxvM_E0adM$1T^K}&#GAS{QTngp zRyqV{casXt5o1;@`x9YSK?%g$4q!rd+QDWM`7e*?0JNi2=Q@caWl~xJvzLdL?>v=# zba_f6>6<$fuDgTk?I>|VMoM1+Lz2!35mH~bm-t2sF0xdHV-PQeKd@+? z1pOEg{*@G#X;|c&9g=s1?YOfW%`#zU2b`bV-o)Im{_dk_S<@bk2S0(mF_4dlp)GGw zVq#_{r=S1=5ZaMiFMt$246Y36V_$iQu=7Ddi9y2@iZq#VsdT7z3%`?=}ACo{j^eL2x0Poka2EcKEzvJWC@8iX8E{ zvUHL7oWOo?a*~W`(nCbRk5a)%#HXQSlEuSK4x?2QaxYnMI^R{qpk*1V`oig?qEH3D zK*S-WYEiOi2qn(ZmRqxo|6Waznl|Az^FH$pa^K3#OeurZikM7*kYcfeS7P8@q)ag!qXB-#{R z0CKqCt1Mz05QH28c5=&owd}CH9`p+HUWVs-&F>T-!Ay$s*X`tB$tWq8wCZiXF=Sl# zP#)}*sjacGpatx9+qiGy)y?ldalXw*O~Wl%;YYukzde-QAKG}u;8{25otNQw9SwY` zbGqgZ<)*a%5N?0apJuQS__R`(s6c)gb8==w~x%*Mu< z;Be3vV^!C;MRckrq?m9GBw*{Emjun*!K(#<&2nmD$td16wa$r&)c_X=2M-^cxJzYb zX^tt9$;w(U0puutu<%?xtk1(95HthmQnHyJWoq!t+9YEFJq_4_A1U zsmsgDC|1{odyq=X%7=dS)+^@a@-<9Jb!E3SR8)~KV2~0iLPA1L0f0JPI1h_RB#=^^ zXwlEn4zS@3$z8!7!8pqREwlhM1c|qi;-11i$7tZd+P18b*u(!}kpGJUnWe$lA3^=T z@NjS_@DaxGuib#e1`#-jing3ZpY)TMu5M;18xt$^aBDE;J_mzG445@ne}M~Z#vF*C zwx&i>Tf0QS*1u>5w)X3}${7w)CklL}dHfnIyN~+TPSTt$9ddx_VsM=^zowHi(a1R#GexZ z#eD9a+hH&RsMvA8v>q1=U!+{e<6`DC&KC^u*9~z&I|N<;&hWaw+~=eg@y^BD$57h=B(G zPJjQ4#gHfRPDywwUZH|>J&XPipXC5a)a2s)D+>jf`a6%U*=|hUE5;nOKmu!%!w2GB>Mw#Z(096}D@Li}5g-k%)lObMf|8Ne_BK4$`YuYbPqL^V)_RE^(h{6OrdA~%Bwhl8i%RK%J;vWFM|Jv3_9}&en_yj;EO!Bq_<$z`1q+lg{#UY!8xHu{j z5P;Z^#`eRlv6#!{XC}|hR!muPqKB<>wfS6`&g@=pJcv)n^~aa*iG&YF5LsIFToa8n zEoIhCKPZ~vI4YlFosJYZ1>3C=^@OL?-oG~GKlh2K;Qbu6E`7k%VWR#>(e@q{J7+$8^NX@;I-iF5EEg6qQ%iG36!Y2rg3{8J;E!uvsHK(W zRIt9u5sd^%h*Q@l0(W~qe#BH%5ZB|uhOfF-@4_hug>Wc;-(|1PPB z&Ickkc-1*+fWTy5b;+>=qTU1V7YONI*WIsX2Rf@N!wKrpF)#)%=H9=4bvNH1rhwes zb~{r(v^P^s@D{PWYv$mIr#!?wo7J+xVgK^$uKgD?l5{t{c-i_6p`Dd&^2duA^^sAa zVY2h2L=Pgk^d&MfJ02(wItu|mOAPD(F!Qx29fR*>5%Ra zkrIX&O6gEKrBzx$8Ug9;JzN%Y`n~Gv}Or?d$r~{>ieoM*XYa zaqg|tNd>Fa!)l9X`;WprTxM#z>>s*5lzl;MYD<`8xqgQ-qR{B!WxxKoDt9;KPp}#F zZKOPutk}kmRVRJ9;p_><@{BF*yTWm(M-%)^+U#nn?sf-<3Y4t{8Ui zm)RbIVc4KhBi%{i)96O(cFnw!1_h8M#3;A6V(^@KdF!14#`s2YrHgyD*JK(EpKJ^{ zWvsyvjx^Evc3vELO76GA_e=GQG+%eZ2-V_Gcc)OO_~5l_J6DE~PuMpVP#m3s6hD-( zoeF35ramUDPno;LN?sM(+;(FNFc8h(-~T%Q71L|K(Vvuto;M4}A9Ae<(b$dQ zAA*|DJ3ih>($5E>3e7%QPtImG#ngOap(oP5XKmMRrGoPV@A`7KMdFS)LnBrMF^9kq zocI!~RWWy6-ye5D=TO-9;g%G~+&h<)Xzo@6Fx*=M?!X=VlZ|5Yiz%6z9Phtxa62h7 zBPP}Ep6ZBhWqQOc->_`IK+W*SMh?z*qQ1xzQCM8hYU!EF`lADE4r-frsWIhYRSW(b zC=~=Lyx%smfN*=HUC_Js8^lOO>!gW@?sw#6K4Y*uA?}3B_^+iXV2sg1DG040irabB zU@EZ4buy>0n4l2}!TwyQtp=^9Qq^f`c~U5ah!%^DjLB>Wh?!E?(0C;em&cEej%j0& zcbSay>73qIPQK_H&E)X&SwgR^ZLXP>FH?}mZ-|Sz8)Do|AD^6VF`whT=Rbw0?{?U7 zd~9G>45K)D(odF^Fej^%dJ5LZbbUj>QS`$XqoZ1DvDaw3<<(@Nj^6>tB#cpz&?5FU zIVFWzUFt_&r0KVnTTktVuJvSmJ7^ldM89cFE6~o{L*xC0=JBe^N4%)@tYxM?^z?8acnw*7_|on4>)`nH68^%>QxE%P?I zySuNeKfQY1cDGm8oC_c*@%zar%bLf&8-AG1^OEBs@!=Cp-rKpCQPI&zyBi&Xw$FHF z*C8;H-)pQn3yprF`3J5?;9r{!XF^g^kz8IWWZ~URZ0N&|KU96HSa9i%5n+yvXip?Z z;`|jMJr+nTJjet9o(9XfZNN+8im5uB9 zgU4rm4ld3U26av~wuk715!c&CeJ%2My!1j+SzYX7t!!^B>6kX#RhOG&GpCW+6I7~2 zy7s2UO!uZ60b~RqSLsCvp3>sdYHv4D9E?eyhVd8qN|cPx74x_x#6`qDQ8MMCIX6vogR`i z)V9;zhaD@22=L^nr_2hx`ur924A}F?#tFkAHjyFKBG>PLHl-I{@O)0Szd21^ap^Vn zfSJ4bO9++QX8qF>vF<3A79d9P{`l>ed}YeWlNHhVjQ*K0^aT)KU=P-@ti++ki@p?MW!Ig8x=>6=w zkF5YNrlqfMJMWsCm&eG(r6%M!&10WJR;F&NjD78$;|$%##)g)$F?%SRfc*FL)3&W! z4qqW+;^L~5RCJrJ`^)ps=oE5pn@y_lp zrl#NS>{>p% zrj=NVi#6p}6_0zSB&Bi9Tz%PKd_0yzDU>Y+Zj(Rv!H+a^ymFqi;j(tFzIq5fS2R% zEa`ukVBw`zvmERwkaI~sysKfBJK}n6E-NG+JK-tp<|>^}r`*7C%6(Ujc(I2n!y6ym zV%pnfLNZ=s;oZy_bQO)#!YYCy?JXOaK8=o+3R^2iQE2Pn>uDJ5eU)x@o~$sXRZjlW z($B~u>{9{ML0?k$amRhtL=LM8)zOYzlj$itlO3ii1aH~iB_Sf3&Ul{4v_)q_y={eg z*ubt=&U1^oiMa)*GETQlPxY$)=q4gAF6CCh^0l@7O>fkP{KAScmNNZ~h)XT`Z&kg` z7zgCoDnDP$m+$K8wtEr2Yj@pcqsE9pFn6?c4YU?KIh)EYF{|g9u6< z5o5US0}(`^MW@0oi7#zoW0C4jbirv1pC%V+2Y1Y_ zkz^!KzIDS?h~2{1iilphSI6VUgG)urVVJurGN4rawnD}tH;?kx%c)aOVkz@h1hPyA zb|Z`z$J4^oU-kX~yJHS4OmT(0z`6yiy#+TnFR>ziB0K1$8VG;Q{wA*j^ z_s<%FmU|5#j}S$f?tK8VC@ouRgI9r?`4f3tuRH4^(BSgB3kWE(MF_dcJ zvrp1Q*;iH14Ca`Dv2G3B2kZ)L0d;KjoL#pm4CkO_LPo9-H?mH6wtLI#YJmE9C@rTu zR3t=D2O4-EE^@ZCw75^`>i0RlTVNu27*PGg@aDUEr@6O%s=^Bl-_8$(KPaoHyr6Jt zcH@fZ_xSTseW76Lme{s%W%=tycr1r@0Ka<`?M37)^7Z=VcN47aBp{nwfw5E;CxTh* z@iNp4B|&w!2x&pGGw>K<0Cv1*K6)0}*6Th(TKQ7ii#tT_M&{Ehd|X`0%95GIu`%|E zH(mr3gasY>v{)64%E_eq^w`@p^4$cmvTQBrk+n^}U%#t_Go{x~g^j3=xho=9PG@l& zSBIDUOeQld3K=P6kvFn`kqHSvqS0v_Hf-IY7hnTA6%Y>6091PGK;c(vWot{p+#nZm zlZ-d9>-y8;;EOjG7rsEO{O40jqRbN1P0N{Ff7^H33^0_rgC}+B+wQJqwS0G+4y2oGz`e|1J{l;G`X#0MDn*9oAi861J#`>1AQF z(2A8pD9?cb>GRLtHkh$%*o{aWH@IDxSKTo~JFF9pV+%rabI#{g+hQ7∋TAXU8M# z2;I?t2GrRDh?i{gL@4Fzt4CYnKbDWLW{01pHyXUBD&!N6#lO5=P3qoBFDnfF`$ zpEk422OErs;#2ATe-*{L%D&QmK;)W-`|Q2@t*L3^KU&YW3kcLj*R_5cTdrKMgj~B$ zfZ3R8Rf0aGpPVEmTj^C(lVVnM_Jh|x`4;q5+Xl2+<_1#LMrleeI@XrUSmzZu-t`(2?k)OGpN6D?2Y57qre-w7 z+$_`Ie7u=2!bXs)h+%GS{uL$FsCfU=f2P_pBGN$aqY;p6GcYpZ$SYA_eTuL;-W-gf z&FtCj)c&oe{Qpm-@Nh%O$s;=9A`Q%&z)2An%gxgOfW^)#*WG5=LWCGF7aLh~1$`kJ(KS{~_*hZG>PmBO~jxqwqV`=hBZA zBlZ?+)vw3h5xgrC|JH~q`Zi~}!NtAm5rLIs*GlFp=LNC$&_8I3G)4vLF-F}y|7%I| zy^B7NFMoN-nJ_(VSNW2g`5vl}X)|h=XmK%GZ=9{r($WHvC?S=#%Nj0@0fc7V-r4>Q zHDZOLQdY+df|W;0lIMyuF*T_|3~`6{%Se09vNESSuTAt}ugR@E4q_DP@aQa+0f1SV zOKQ!s-PS>i&A~Pn?BU8z>4$Vt3{Yw?x)o0vbLqx&-1m2gYo>2hk9SF&#YavBip{N9Sc$s7DMrIhaCCFyWy>z(S?Ku8 z!%sgbi8+6B#S;=tM5kZfdE9rKuBq*suBoP=`Nt`%Z$6Gob92nW!L6rMOguaqi39}s zxuvrrX0MHFAKjnoOQ4_nZ;+Qs5mf%ZBMXPWPV(GzZ6bo)jj5S{$7m~u2ASnbcfkQ1 z;{A*4vpqR1$y{nH>X2ajkXl1ibs#=k)1%DO!7;5iM1;ZUnIxh)gmBOiH|F~F*lElD zd&+_^`{WFBOOI$6<+F%qN1~i$RdF50STrd~R}N+-yK2R$5%146JbXt-X*|wuS07 zBvXU5UuK(ry|RZWvUXC)j&CR@C1md?k8POz&(mtlL#-Xnl+e(>;+LuH7*Gl?AD@gd z8OJ&U7yKI3@ErsR$0oX+G@X0HG4j)PS@S$c>{B-$t!6R29?TRa+WIMx`p4(z!qtyHgye0)Lh?#P$VD?8jPBRKD9s-h z;KuRkQu04v5)RSj$pXGZR5v?zxbXCznuv1?3`>mS*1P{%JE&$+g#f4_nCxq~|MtQK zW6HI;3wH#qSyvwrSK^LoOFl+9_mt%qFz>{dV8QBVh=^N;<4Ww)gt+P(2Pym=w zf;m$cpcnEE^648k0?%Xb4h;#z#}?aE2l$4K^Lfhy?cT%xtvTw03_uPHeLSpA*T{@tbV_m%8~+ zXKAYbDkrBe+cI+z`?sDvsFEP)OYW;G1GX{;M~G%ZLgG6CQ$CWHfPZPE}P9qjVij({DqTb**bzih#_Yw~n z0PWdy=7q;X=sh!EKr5$eAC#Whl1WW577zp0oiBK8OqT28Mi$j$tH@sjeFJ@oy=1o? z28l9gi0zFqv2bx?Immy@S%SWy#JDg;P1RSS)7?Kzo6D?U1-5b+u2vrS{TSU}{<;33 zcHQwdABq(GI^kW!HV3@CF`)p1Na?N@RIZMS zP2RLpD;n^Vx~=KEU{?5xd+b#34x30+4E|JaGp)&k9oNo(A93)IntV8wAQoIv!LPY# zVck~b4LwNvEofpgKt0Gb8_ic;o#uVSv{!*hunz3ObOmU zQ=;R#5t7S9tWTx+4kF*vKJq300B>@e{TFMehbr@=Lti3eVn&v|#T-pQ`fJ>g2J8Hy z-r&$@n?%5XO+Zf0(HDtR>(y_#|E{v~p@R0tCM7hU(>VQZ*;a8#k_@$YH4vX{{nK}*2B;SXTQoiIao^ABU89O8@zhtZe%6L&v>?IBbHPHW#S00+zm631gsw5#(Mape+4+a)*$JSIwc@;R$k)z^LYCv=;__9% z-2&9>;yI?Rf3*d1@`Xg->J-Xj7ZU0U{5K0gM8v@LwWV%QD22hIk*1h1kQBL!_TN)a zdM@OW*w_7GLRf%&1dp;EARy-Ts?W$Q7B+KfxMb^$K!hhulvAe~W*|d^lfp(+@epvO zhUeo?2?QsH8o^`N=03XexPCb6Jn~XUn0t`WJkboYcMpnY@OpzhY|99gGZeR|gh`T8B&{6TM11WLC zKWKb^6C$AFe@338XKH92hj#ePPq{YcII1Oq9WM$ELUyAkGlqt5=kSo4|7Tl}ba3x& zE~!?!w_ZfrhM*6NLUP1IDRP#Z(Q=ZDNHY7ivd}7hY zRLnL7`pujWwa!hdyJE$>{u^vp{a;SZJpxc`5XgaIDapnUizd!Qz6AFBKBS0%7eBiX zLIo~O_O!8->nR75;{AMyOz6?KAS_QjhMpP!^(}9X56WwTWl1!D!SJ{b{^2zOY0B}O z5ISNNfmtW5=g+MSO=Ev#vg1Xgbt)u(>g6RLPRF!primqU=Z}I(z3-ajdT9W+YbIVD ztBQ$6W_`_Ucdc$5$A84|K#o2z(7kAW%7m)^6Xpc=FL49c>F#GNZ=SiXiAv{P0eh&` zuj+eEXR&JbW7w3<*Z&b7tPzTsnAjYusNMf`KI-{RR6iWsAcS6`thD6$#f1Uzq|n?U zNc91=dhi?LGTQ&zjsE<0Go-Dp4OZgf$X5hR%SR!uEU9>05?H7mj!?RDxV?i;dJF@7?z5)Uqk0#8iUY zJ_sP{v$uD8UfheYKOeZ+&8$)8#+zKGlV1}XjU;mREgd@ShR^SnzaB`|!gr~5HRt{DaMaSOod4V@AUsW&YxxTr-R(gP!`XK4CvblWkKR=RzJlwtn=?6SW%7bIkd zB77dnBixzy+hfo+hx0;TPkCj<;&FOTPEKOwh`cMlxt~z*9b)$J3E}%Kk|2U0>!uJN zovZ?!JgxAheNGOo+MH|NHwZKovl@nrL64{}kJ3))&6SH@FYYc~X_Sud1oo_#qHKU>o$zBVg ziyUO@qF!4zQ*X839p?Y~_{%tu##54v8%U%Li|cvN2iPCFCruhml&qEIHAM&tqJeQQ zdXVjf3TL4IG(K+u;q*Ga;lAFRzY9p8$WtHnIM~$3H!n&CNtU2^3 z8$0NdEY&uB@dsnrdm{1TZjl4)kyMN%H%s z0XU}Z9rnrT`2cN812Pq}4Ae@%cKHt#*usK>FfpJKpqO{#-xPjG^WvEuelE%6N7(l6 zZb}f^(=pmilEvA#AIc+GjtOIzcvj_;bOqgut9l&=Kr%t*UP-h$l;W+!uq0vavkVJn zr$v!fliEv2NH#z%`K3ONjp0h&DzHv+*ZCE3q3BW^_~c>u7}H`3t&!zFi!o@xI5&## zXu*aF(%jm6oHVth=XMoz_q1TAH8nfkQR?OEBp?9+n?L`;L$@yCuRT&fHCxYH4*Rlv z7E2Cv>FK|g^Gc_lpti}+MK7J5$g4jN3_J&*7r4i;lV2#ieCu)6;k`KAS}MG6pSsx) z(UPYn>c7cyC-T~p^Yavx1u5{X_9dCjSnBng6hIq@>ERC?vXpOcR&s$r5tOqkwUuW{ z{Gk5BUch>S;yMtfkU4K#I)H?SYP_M(f9%8mJ3DQksHk3Lt zkYqg>B6K&%z%jPKySiCtxa(cA2Z+-UJXP6%`RxY*lByUJf?isBn)VhCgkC=cN7}Ct z5D+-d+d;P`3ZAyaG0xkU%QmMlij?YNl>)K*ZEjPJdi!S`g8~8SY0-zwhX+#myiaay zHa|Y6N>rto#O_{IB8Ea~{K$W7t3J!fLNvEuTg^+J^!8X-ah+ILV28f?SM9QVEC5{0 zol3HfM8sXbOP@^-$JAyx#C;Bl176D0!W$H(YWYUTG3^dac;0_as_aE|CF)p5z5~ge z{A!BH#>`<7fUl2rOLmQ`WTM**)OvsSoX|D-F5_-diVl$@MgrH(7} z1>l)CfbY%IadT{!i1PAeV{82{y+YeJ9M4kA;M1w~`W1c>;gjZ6R8Z?}-~H7rTiuJOYqwVmcpXJ36gO{#ys9P=kDZvD3;6xzoZ~9d^|R*yR~vt`?c# zc>o17(`*@-1I5I|RmZ2Iz87d`VZ>!%pa+mV^F{s(LXI(31@5!Cd3tpFkVveaHd!V9 z6qYvG+Y4MoDVN~$p?)R-M_ulqG*FP_Nh4jI?d=nQqHIWnx&<)s@QYC2T2%Z-qt|Yx zT8nCyq)YP=y!H^-TM|*8`o&*A&+%H{wS4VoCm{9m??oK;=n5<*7{LJzH(rOFULh{qO;`(wIK0>mq8G{6Al&%4T&`NWzW3hG)A}x}))dayPFGVSa@F=vdgRSxEu$i1@3`}i zX2=EJ*%Vn58G6=wGXa(vLz(y4$Y^#P)6vc*HiRCLM1`qnhd#xM9ZRD@zD>P*Uyw|) z+Mf_AybgwPBoAnt6!RoQn8v#D=fdrNL8)5G4&Xopm=9F^Ad7?Hu9HZ%)o9jNwEuM0 ze)MSQ{E%H&^G+XJqIvuyL=1u_WV22BDKh>>yz~>Z&xca{1Tbtb4d||P%-WXl_on3H zVwQ%znt>SX?Yc2FLhK-DhCk3o4Gd+8I~6I8wO2m{2@{Z8A~)`yO?>=W}1hlk(NU!sh4pEdM=68wY80mrSFB(lwIU>Rolh4&Htae^e+|}AM}o3I!9=&>bBx*qXZY{ zZU0>pQ4|KYL?4ua2WtFTCvB=hatgf+o0ZuhcW`hp{f^DJ86`6Pw6a-IKj>)?0|UN7 zVY_IA;A2RXa({k)c}J$%Soj-)98LPl)}yzV(SGytV*4)$KO(v1pPGp~X8`v@@_D92 z-2(ZH#>oO*8taj}pd`|GQAFX$T@vfA6*p9R+A-aQ@HhWA>zP`(MVRFgQ8FDWLy z;<_F|gNQE&rajcAa7=Xb9`rhG`k)~yH^RLGhdK4Z%*+hRuRK!$ADXqC!{ctI*~;?C zULkl*_p7v&jefL45>c3#n5Z(&8fI+w_-h}tm>q5b7lc&K2g&Og-{HDrjA7@ zeM?^{Lu{F-bZvZY&gYTUggJ7MoK+~~m}vDti2B_SwhH)}A9$P8%PucFqiSkRVy|Oi z6})cwu-Ef&(|E{CF%};;vxE{4M#;}8B>TRvFA}4ju+%7TK6cw+Gj~*XetmnDD@YcO=*QR-0+G_44Wc!qq8(b;i3<)-LW%v|pv6)+4JDObZ9 zl~h%e;-2hTddEElcJ;l}5q98J?W(t+uWJFmx_!B2fftE<)ynkpnj{ZA6GU$g-TMXf zOZ$>PK}Z4sOoam0>8aB+9K*cdEqG^yMI6UrwqYo=k3g}0D*vTiFf2cVz9}x;X9%2U65{56}Q3eyUv(9>)?XYYCY7f~?e@9QE+lA@r;ZM8E zo%kD0^wG6*ySH;_gi1ASLmJo+i@9-wAg%i$?u0##@*heMHN|w$e;S!#Rp_$*I-6mP zTyA-g*VoP7*=S?zSFT(T1@jh=lYoc*77iw6he;xLpB8AruQ z8LQJSXp(*H+7Be2=Bq}@50^7bPi+|J5CR_WC@uS;)k3Dg81CHsz~(Us5HRfS>QV{| zeKo%!(@40=QdTbcW!{Y=)~WpM8YlCZce7-(^|z1B>CMlsZ~fimB?y@n7b`e5Ai{P2 z%BMEyz{SZdiy^6uMu({Ry7KT-#Ix}Jnr2FKhN=1Y3}S*cgtB>$o`9YZN!~_BkEV=> zOA`5k=RWzJ&>&w95rdynSa>^l8#|#4aVNO90Ki;Eg4b_x=>me0Z_Z8bCa+^8&QY!8 zg$5N?U^s7hMTIlr+U=IcW#V+?Pog< z`ozl0+n)7d`nLfB^*EPFgRe#4I<3@TGMaWBDDAuwnOl;}%ME`(``RP!T@296X#8+V zQS-8RL`E#U=Nm&TxLZGH)Z_DJa#HVDfRArm(zl z;-bIx?^6Ho_V%y5`HLGy-U9MAclSR0_qz?8Lr=&(bY4}!!Qghb>~;-(2m}VA1BCpe zBzk?Dv=yW}p?3tv4Csr*&Q4#Y@eB!C+IIT0qrUHi(&gk3#p2s7hM4V|b&D)zugg+o zko=*`Jp@;j@7xwL#SZcd8Pbj|9Z_42$d`b(>{?x_11X$ItE29Hef=6E!+X)?JVi1s z_K0nnvgPZW?3lJi2ibQ%9~=lCXd%Y_j1R(uLGdI@&qG444UT4PiKTcvc9>HmX1^uw z2rt35wO1<)ix?iXedOi!W^QZ&SRr5(D?#h)R`23G9I?$sVxO^(SPda1OH0GwdjOC3 z^a2wjPt#`8DcdieAwC{O#t znpJ3H8v{1t*xn3Y2n3WnCiQLP4pMlrDx;o#r}~zwL0^AAUkLDn1HhDln|s*&@S;rI z=b+9f_f{EY&sX3=?{({;vfX!Y@Z1}=mZP3-n8w=dW&O(#1h5BE^!ZmV+C>;dKNAz( z9!Z{IEPE=oDPxaM3ig8ZVnqbf-J=FEE4hB5x(iZZ zEf+JXH?3tywqFfn2;|DDF#}z;vnM+egCJ4T4)4|r68t*^w zIqyq;EuNn{`XnW@By)fwj#b1&Le{a)W+Fg$Mof1 zKPHKZ88r$enAs(KJ^%FA4{yRANpPEh9(vlzK0gR2eMIN*WC#Jz51u>ob$@KYpl&838{S5dYN5y()S)C0|G@^t!3( zaiZJ{FSfp% zf<&+(iC}MHtYs!O05{?n({xp1T)U=fMV>oGqh`*jf`QQepsK2)>`(@yY|nbcMohp* ziGCgZ2BzYHwr8_udfGwO0X%5}041;NAVl(0j9LO>AviBlU>tVvr-b89pNi5Qv1&*f zD6E^um+OQ=NXK4VdhEJlinX7im}hSV%aVu7rm?S;R92GILt1`b?V=?7af3#FM_nYS zBsCrkTE}ne%u=j|Hxq31#C=lw`ug0#tr-B;GINt`uBJV{O8}M7qOhtlu1{ySQs2^A z4wIYG58?gN^`HGmGu8Om*Prju-X>AS; zp?}zVl?e#f{|pZQe&b7vPFPg<)GM6tsi1lfI(Kt_CIOBwGy3<5^LDw2g3ku?gf?W< zBo34Y7#QDMJVx*Euzv~v1hj{NAMI$)Kmf0B+~xP(Bi?Ik;jFMAcHOi_0wBXs`*!_7 zc__QOoZRzE(X7!|0ei2&HVRZVg0VPqrg0+2%1c4~da6_^Z`0}RL^Nq0I-48D0 zi)iM{l-Fv(x@Wc+CUI|DYK>#(>b-IAUUk!g!{h(Zs4m0M{JPCd@3$!@KfnQ ztjT*CS%jQN(srv%MhH=oQNC!W4_yUA>(l6#CtG*y#WzzuzZZHD+!pKaXjh(YZTc0T z*0)23XcB#O=#d<1?Cf0_sDI2A0ZfftGmTG*o@}`Bi*PcI1pcc@O@N5$B8*(?I~P;) zUfx*T3A9yr$7M$#mwp@sdRV36z7;BeAn0^-LKJSE+XIx-A9J9GG^=|kH_*xHX~UlL zM5!*kbM4~-3pckq2kkA3vyhMwle1@8P-5Ej8yz%0xV(;FR+y{jEzG)FG6P=T0vNIC zIQ3OzR8%5&;8Aqp=YJ-#KKTg0{lM!V{PznsI{yJh{~IO+Sc6D+Nf)o$pzuRTrXUUn z4+g@r;|4^rdIY#OqL4P9#q@yl`z=+I^-{3h4$}sUkWs!G9H++AWx4!8ONd3D;i}Zj zg)4iaWVfYZ>JT4J{zGMObuLXU^b$!$&wuuI7AWI)qb4)E7f;#<@_{Nz>1wO2}%%x6~ zW_5}%Q+RH67Ls5CV4ZMOAm!Nwr9K@U9VAx9ZcPQGPI&X}CL|=lDNn%Q5C3|6+;jH? zxOI4duKxZ9pSUA79fdVima3asf3NFLMF*7rx;i(p=W+;f*4MvYKp*EQ1fe9gGdR;eAYP!-+ns{C!VK? zh#x6Ux>P>>@yspt_O0K+Q8jTnlrMg zx{Fzzf2^65lw=`FndRDnLr*v0eK2ot(GBFS3}RwN!1MwMp+>~o)PA{3ee?+H)*X}= z$C}WtQx$~U`mn;uT~ri7dRU67zY^$?z|pO>DITrNK zPWfBM7zCljZVPTJHE5(TWT^+k-4_jvSXewMT_+dNrV^0B4sz&CeLs-vR9}~ePp}EO zd&YODK%ZjfXy!^{d}qZq@YVM@Q>4tTz|#{Heus!5pj;6QqX-1{B#aS{r%&IDv8euf zGd?y~c2q^IRa7BMX3v_Kl;(WHawrAxC;meL#-3K0v7Q4upr}DZX_}2(Sc(`PKm3@w zu^1K|c78hwDIM~A)INZi}a5E8L52g#Fd7{6v+4I#1-rVwx*%+dmX!dm&z`T>q;50gmw4W|@taCj_SN zthO1TYCSnLH!J4pLCK7L3-5V;SiPY*i8u%rra^aM3>wZ@9nCp(az*AX+il+$-af}G z3zvNU+SVko?K>fa5S3CJwNL=j!$gg5m9p8R;-3)>Y_r-d+hg;gd58~qDj6y zz~GAfcI$R82oNP~jx7%%{ZtA9A{{17#TN0sJdNroRLn6oX@Dwo^By8=XJW>z6;D`1 z|8?)X2=mO?vs*n8GvWcB1=UJaRk6DFT;t#LgM1Vea>0NdCMJT{A?R#oc5&=Wu;BY( z3=CQP%mGq}*r=1nOE+1(4Ae0KXQyl1e<=__kXV>&b6<~$U@HeGWD*HLd|T8uQ~Urk zQID35_3@px#Bw)|6GjMK_sG30o5sc_MHObieI`C9WH4OIG++S2we(qk;2ikz+G(Ev z=xEbdyMY8E%g|-i;7$EBEp7bFt6!bPA4V*^sL3V#b<%a}!WgsF-)U(lA}tB7N;F_p zbUK?&;U>g3Or}n)TYO_%iul>O?L?G+78Xsg63n2cQ#~X!q?2HJxkb=XsW<=X%iC_~ zowZxHHNFQNy)E0NI?h?{6|bPT{TqZJsct5s=9JJ0HjJ%@;EZ<=MTnN$8;Yqg>ag^} z)QWC=yNr=`WdWM)`6myIOHp ze@OcP>r@zFQwzz^%Wa*6ZoTu>*_+itlid!Zhz8O^INHR_1Y-{E@zb#+AnMewEwVLm zm5-p`im3;t0HB$n4e~Wtb`3imG|xHyHM2ETZ(D}!!uUbIlcWHy4oL3Ro9HNiC;I>I zuB|Qq_vY6HKj!|$q#BQfdMlZN9}#!9&1@Hoy?h0Yh<}+vAFHWS>lf&<*F-H#@5Ns_ z8L@^W{V2%Br$s+Tz`z?UOYhQr#?M;>#09JzY{{`ViI2jr14L-x#Ea0}=SBp58EE(z z<>^fu8yg3&sa>1iGyvMgowsN`s{A$C+39oyrD3`uNJ=qIL}*wKtj_VAJRg5?qKyiEcSVvb~tF<6gVRWY)fQQ^Gh_1)8YK zRt$+hPPKnK)9+8uhOSA}lu7)0>3`TV^<>0!wNYGkP`-@LEf+cVYQwey&rLmuu zUPG7Vhtj+Vdai-btImScLfX?UBvjF~`@nwU@!^BnA5Ra{?&|B0-b+ugfom@w`gNZV zac*TFH|3QbW$PdQi&Z{ms^U^Z9>5=O_FV^;jDgbUD$a^EW?rwYt&N#x;ivyF(@ngD z!@zwPQ^eTS#k+{e+DgXX+*ir8fnxNj~_8b^JhKb2nkuj^{ zP+2XDTBHi0J^xe4va6MY();r+e?u8|k+2WH zq)@q=C|bu^Sq2@mr~2n*=LM_CYSDl9PXGCyW)){zMD zSrLzXCb4wLQgp{%fKSZEVx-X4<|LKl0~b&k&1_N(>=i<;0M zFVg?wq@a&5w0C5A1otB)Svh)d-OpDl?&;hG6t%n%IyNaZCp^;IIEmQWU3x*u;3q7| z0pTSu%OcP}JdniaCGb_@WO+%~&yxchG&jB8uq_afa*y*qZ}lUf6=h;Bnt~|qWLrBp z26R+}TNxUfGJ!w#_y3^mT1SZ1*+wbuc7Ih@JK=bh)XT5m2_}jc8^iDf1yFOK{qpFIU(nP~cmf84SAd`%z@48^cbr zj^vaNY_>Khv-IK*fnFqP+Ty|1CDR`EbiIHl{!PVV6=LFcBo;=R5;0}NZm*vzllNc? zr_Qb`R>v`Bbqtt_a~k)uD?Idu;rO|n2*^Letv?ghhyth|+l?Yk$@c&l)Q5@Nm!nY}Nv!5~XOUVMIrW`wNIU zc{(~S@XnC?=^C2CBZ|FrE|}sW%kBcrB5bz9*-0gz$>@b@Lg-DfI&9cQzHT)t4-D|V z-pBmfq{I-3Y}@fPjtIr?$XinvP*(LS_^Fa2HrMb+oc?F2f#t{|61DfO=XU}6w^aYL zK}o9+l1{wOR-}E4eG|yI0eFKg7z{)TgukpSjkQejhv2814OZ{mK4+mp?jY1CD9KHI zr2YLHVT?K&sa3IfOOR~o*r?fXMY!q*VC$O3USi(d++w7s|ImDXUK)2toYs>399REk zSw%qN`y$1zBlew}f|arG10y4&#N;uj9Tidb30-2gUKOvy&Hp}xNE!m{0W26U_oM{oRK?kkw>R0}VCrw@-@k1rTyzxQ^5amW0sj=;;+wI*XYJe`_%jC858rPmKVq zL5o2d*bvsppSh)^B-u$Ul;Xd9tao+`zaO>MWBUt=t7s-ax&GJ5Pf%UdjV_(*YyaQ7 zKe*}Ad(f%_IH?=@0@7lu+asR=dL05*m#*VD+jH`FR(P`X*s%u2gwh{@yxjlWbw~)O z@zK!{+)gJ)HgEg|QB#^S0k#-AB6xLmHAck7{n7rGA2$g+hCB?;5}+RmD7>J7H|2Ht z2FnZ+We1vrJFa2r>DkGI%*HyN`5p96oI6VXiLv?TrSL;tYxCpoJE&dh|9r6oYa-cY zx_TTkjU?B`@$r9x*io8oNH;SRa=N!0(>%BNvvlYSB9iMrW)u8_`E7^Dh4bzZlXG&E z#~HG5b0$PZ@%4SY7dO6Ay#!N11Kj$fg2F-wNBWyrH0rbBO*fKwi76*0bQE}Ke>KIv zbn6_;0jm`3ue*qQAN%?e3DxVcDcOcIMd_*f?XNp4vWbPTME)z;K)ni3L)7J$f9qQO zEBMV4oG{{+Hg)fgPH+@bOCUVr_up-2;wi46V$PWJ%ng_@VY|yYhyuZDL!W#`IK6*r zb`P}_ZEU<3NTZ@~b+I@ zBr{e|K#hZ!*PAln3M+yt+j_@&z2ajGzTc=dNt#H1>reDr2S0mJ28+DbpE87pn+Lc4 zAJ^3x-0X+&O3RzB+P^mW_h=X(^KOqWW3=&bJWRtN7Fp8z>M!fwdWn#_|EVO>o}IHQ zX1-QBYh%}~EZp4}h9sWY$bqxJDCSax z&gH;+y2sI9v%LBcion6>{n<`yUtE^ZJf9i#_I*k>ls4kf#&V5NOKbJXyeifXa{5bW zpG`?g#q_{NfaE(DGmS4MrDd;U`%=YU${b1mPZj(U3bvrYw$+^fy<~sCc;D2~V3c~U zL?k4`B5!`YXWT=_k-r-}#wM_%*Pg(Mz~V6n4v|TJ3`Az=Cp#-o&xKeHVp^KUQcpbe zj>gc-a7ah0G(e+a6gkmrYtKzF6)`WJ+educFcmG=)qO zGwU|8+3JH+F=a{E6VLpY zxrFHwc@&<-M@K6c{t!i`-4K5FX1^2eJ>41*VQgYF>*2|jtq!G_+1WWrT3OL7sVqyj zu>R)&m_GpgG!-yyc=sS}QEI>c^R-79JTl_8)gPnnp@E7*rD=ok1V1fpaC*Q%8U}|_ zR!?GcRF;#TGuM~51rLF+jYKzr(qfjReEFaJbsHVlRFLRPdmQJqkBuU@)eGPaGpRil2a=+mRp#nW;k$iB zMzaj;{Br#R_q{nKI_}OI9OL1+e~+{we&G*n@J!RQ(@Q@Br7GVOf?zSVOAz?VxWB*8 zCn8eJrKhX~63<5b7~Q*w^?L#At5Wj%^=V02PaJg$NN4ugLn$|Pb#*1Pe86Fd{opV! zk3CeF2kVweO?Y_tI*0^zJG*R5L`Av)DaDh!5^S-%2M5Vm)B&GjHkR8%QF__CNW9?= z>R%T1TRBVQ&SVQIbUOpz;H+GLAx$+J5r6*dG*PUP`IO&s5!OC18COu9L;pNdi6aT zEgWe_&!ua((hlU7_ij_ls6g6bj{@A?pD$z2;e9{^;qk$89mGyMD zg^PzQTz8f9avlmyAfi4hCh?p4E=qgWQLF&J+}qNX1kH9ln1kR%k}=io+PRg{(>Ik* zRGk|(Zl~!UEp$I}auUoy<(&5daiBB3gg;27aY?3#^Lh`oZ11^IInFaDsFRYIfxTO; z(zlB}=F=_aRuGGwL;@1r)M|TTsh&?YZwd}QeyC3q8!6a6^5lGh8I^h^<2j}(yl?0l z_U$rUxVgRV9O)7u=gN(XcbU~UHB9p-QtBR)bh{?Q(%rMHzuz8Dd00^X2padRf+aMVu{jIN!2+^v=etm6i6#$NAll40~zN|S`eTeG#v zyjUS4erAR*59eEfn zJ{+1d#u3dMoGwQ@_^@TJ|x($UfG-!Gcl_@=gM^X~a)o2$@uYls}Y^ekF-0nzX9egdid+ukll#SNl zJRI>D>>eTNpr>Bu-z5Gs3jD8MG33!g=#4MgL@ZDRL7E1K=Jp=w9LKCGqHxo1PExc7 z)$)exZ*FcDG`$;ExoF~D-_GaH-HgILUdU)r!+W{v-kv9FAZ^6TDK9CScp5JB1j6c8jNhYn!?=@g_x3F&Sea%fQmY3T+D zVF)E91*8O|TUtUw!uO27Cw%_P5APS(u#DwB=RW7`eeEl>Js>-3g?0Iov(Py;q*vYb z8)U`nhh57}J=0@og^2{%WA%=bP8nVAemL=m-S+PvI9#{2!MDFrfj>AX4@j+O}_ zIx~JJn@o?$M9ONHlaxY_ho*C1)|x2bEY{to+QJskB;eGQf+QvURhK(PeGx%jf)_oX z4Uh5n{UDGjk_<)=N*A!TpAFd!GOB@#OuA<8`z*~#$6S8w_jHGMJSI|{^|+9s_9~q2 z_Z$3GtI0I@PSlTgFJ8Zf3y$k5yL??7jsqIcAvHVY>SIHkfq~)uDszj+wo)*~auSZq zc^xeQK0~sKLWhI|Nph`9v|+P^x`~Nv+zGYv9zpc%ckjNw!7va$yknU)3nhu^NVh!j z-aor^pIbzP)s;#k6y2#)B)r|AF@1heBit(Hw21cEa!x0ej4<>8S>~L!T&g6B0PYt2wusHo@@cVFN4KI?ij+>QPXwDvW?Z%Fo*wk1>q zu)$wpy*;)XfB7xg1Z`jWS1Q369Gn3*lNQnciLUt%{_zaLkk<5VEJ)dx+0P zm;PaYJj8)rO|iCm*_>gLcL!|=M;M1WQL1IAr7zqyNz~Midm5=(tNima6GumN&uzSo z8>o$9MOg>PMUoW93N3)hJODg~?gyKCQM#WTgFY`%6)h_{EYi@lfu){p30l)u0|BPy zHv4)o&iYa-5k_FMn3Ij+vLsTln^UuJPgg9gygnIi1H5s^wJZ`bSDL?tpW9gqPT2*? z{&3|(`YiL(d}JH?IW8NSRFZ60CqKQHc1R(>SZ`bOIMeSkT+`apl51uhn=@w*qy`ft zWUhb)Pep%KxwF4N0ocRVtE;}9?&{8K_fY+e2dwMy4FCOIF<`%|Df{TZx%Du_Hzn1_ z%1Me%MKK&8D;93SkdS3w{AEq&WF&)<(0glDU^l~CZupY5^jQ%}%Kb^Ld=7?@HOsiH zEsnd_&`db6s{FP-0;@+^BayRmGI9=GsP7lWNw>P4&j=J16(1;R1$(=9ewnL^ON^!G zsjO_@v{+1;Q0WwUb7O5|?HzJrqOq>x?(%V4_X?c6122?OPlFX9H76{q{UijL+uM118gQ4h4AByQSClS* zoThT7G-8C+O~|oA7tq7_@Hwi6#9%>sR~~Q?QiLO|K0XXke|;UK?Opq{CmncnN7=(RPS! zKi=x$WSlM6P8jZr{QJ%Llc0in&Gf9Rcx1%c(R$4;sL|=SOs&Zd56(nj%Gg$r0VlT< z`V0gdvDbS>h9>NTkXMCbpIjyV>EI(}qrnmkIrypnLLwh(4n#S1l+AOUz@M`Cf|Zl? z1N^JIn;f;LgI90c20m{Zr)(jUPP~09A3iZsqiW!1>CuZ@lF!nRSvtQke<|F=(NR7P zF=CoBv-Y$os)_B*jj@$>tof&q=(BoNnUCifw<%D$G9~r8T`pDN^cslRnD8}?${+F$5c(+E z1rZ-qWi>ZOxPt z^y?AOHrQ5!$jEe_!!;`v@2_=c-(U)e^LQs*yYmvihAs>yHS>wQ@d*1uHWU^Cmu zJae?xi=D&zn)%~3)m~ACYuf}_zRi*)>Hw)><}Uhle)||WQ5QQuD;s;P0;dowD2uOC zAD>7r?2yR9mA!2YqG$KtH8j|?&${)GQxuUCnKEAW5^qDIlbky^$ZwE+-3t2Xv^ptD z;9`M9b}SP6`$z+Pdrhj#*HcK(egQ`;#3d75(V^I~~8+r2mHe>U3JKVx(@VpKwU zGq{5DgW)=mfz*>U%zERVv*5HOw6wfS$Hh>*2kM<0h#wMMi{#X_Vm@QgCpM=ygKlkm zbOwvbNUb4uFV80_x{Dzyo!sHcblPXND zH7Y+hxBWOe(EA8@qp4$6Z{ETNSWgkyB zyHT;tVX;FjLL~7PL>#k>1&xdS?W=A|1KPJP+Z3wvjM_JFdzH-{bI=u!-FB!eF*DGl zVCqOF8n&nOCfUpeMPs%CuFj>v`|BY|d5$a&ysXAPOF|qzq-PM=%O^52I#O+y)H2!Y z`#&7IhsjlYxH3HW9JXbdU%rDU+mKj9hsd+fP8(-52RBu)X_h0WvT8OkJ za6tAcq#LII8#7nw^b}6i7e8e;Q!k_CHqpLhH*tS)oO=5E<#O>>PXFT`Tn=^MgSdPR zCM=b5Q0o4^2fFlq+;@R`h6Qkwwo}dc50kvC{;)6&r8Z|2nW&N{8{Rl(eeq zH}Csv&@y{}Z(73sKhw$o0SCaZXdxU20U_shQg6*Sj@DiB@@fJ|A~Zk(Fp%#z)ck)|qc9fAP!}frHnU zFX<5XBIWMtsufc4WmZ7;)OG!5LUmr|Po8Mgju34s?2p_1d_N?(J{g7I%BD={YowzS z5jtsgw|+{z2*)|Rl=k0V03jVQ>64qQCeG8KaUZ&Y`4Ch$yKzZ?as5f)y7*yj|I|D9 zk@&AY@gFhQ-Od&15DpTCJK+yEyf858+pE8lCv)%V0jAPYom<*r!wTijb%thDZJYgN zfyQyP`s5YHBm&zeTD(}$V>MH*0*mpj)_@O0c{$=ImEt_3 zLTY0Qii>$;Jz$=qyPb^4*Zc3cef!&L#}}xmsg=yXJ~iBf8#xnzuvqu6F(AkR8UWUhKDPjszSS{#=KK+XVilE0%*>LW=82I4(5*BL+UD z=gPZxFE44rd_Khtr_UCkdTWLF{z+j;W}zXn*+um#V8)kn&t#q`8tI`nylOo6fZ*D* z*4Pp&GMaI(-N!d3Mhw{Rp@@JeT59bKEk2>uQ6q?FMy2k4Q%^<`MpIH;Om!va)d-pH z$PY5Im{Qvz-zUjW)3<6mB#URs703LXR#Tfke@+^j0zAF#vp0l#^!X@6YeE2{g0pia zNw|#&UHWab6QKEhaIMDz4-31O?seL&0c-229bOF4ri??-)l-n-Zi0_V)a!V_%{l5YY6j#!5SvZ8#y#vC3_dzX>u&wYh`mwZN7Lbg1g3_mYR7{Z2@poj&zOOcewZRjY6w!wMIss?)cEs(gHAPWa8I)<9QF|%(~&BP+231tgga z{B;!bi;JN({cOWRFTB(6d%z8h%2d@>wCqz`+o`IX)Zc|$3_P~x_H48E-x42^#5%(y zX~q2}eUEZ~NbFl_Wc_0SKz|E#I#826^}hnkU^ZMopqsjXpRBN6&2;|DFNtlV9uc6_ zhJVE)Ac~?WkBuS-td|->c{!?_$_ihKBqlXMs|1d9Rx}-a`b1DrTKxRQyi~(ufR3av zK2JzCV=Cd{9(=6T78=nmvkg$S!klIhuO;v4fYre95nUyHzsQUFMC*b z#%>AZDU)G#Z60Ec;LQzX8XbI5uRHa0?-6ZLPx?mFiL$DAc56h=e#0i1Ve_+ht83o( zP88_b1=fE8%;ItO!wK4Hh^kvUr$UPV_t|D!V)i?C93iqm({xFY19+Ad6x=p4#@aXp?4E zPT?{YLLbbwgMiG3cp!cz0Y*beT=wx;C@NhK&pe&Ky7zaX4PynMd2l#y8KA}fGhq7j z*I9v!HCH7hQSMKD8mX7?z@Jc4c~g|9@@PUR#c}yt5K9{p25VC%jEPJ-;;qrR%Ctbw zTUg5K&a`9}hS%``N0hu?<-(ySXg@qN? ztc$YWoAn->PmrEYdQN9tT7!Yq65ToPqgY1S?5Zlw%a<=lG7hW`<>eFr<`;3QJ#d`OSAK!f$4O&;6lzsIlY5jpwtAGJk~`aAYp{pT+pQASG=Ux5d9* zDZFWe9i(zY0XXm)%7^(mR>;EnGBC>Zz*h0Dtcr(2MU=MPLt75VCc(- zk|9&Q`-u}jXuw1AI)s@X9iBXj%JqyRr%#faCTPRE zL(6jN+<8lKML*>FTbij5nvnLlbVp*h-Ueh`8a$x7T4R$u5GIjOY7E)3r^cFAwxRTVO;fIXOA8*On|8 z>I|o0R30Y(GYPa7R|XHnSGtJ|xoI4)HSuuq-W?j^sd&>bi)nln-`4It(93pPP<|@! zfCCX=cC8Hw%7m@uENfb+nBOQxd`-j0$aUInk5Hg(CTn+WPe)0`xdTA-0dRT~+yv8- z=ODVtxQFSxfq#+LnnpS+HuP#K!ss+p@HYrC2}VwShgL-gj8@){my*y_QYoAG9Oc+c zwpzHY%olZSb3DRsbQ*g`Yv0A4o50SxyuZfx)Yb~_RpMQ#Fdi<(pO8f&6^F2afak|6 z_TGtDByD1g_)Fg==JI-y&2N5rz~18Rhktoz!67_$=^`7y6e+G6xo-KDyCPUu=}RcU z0bu06w$sL$n;#(yY7x>_%-rXEpNS%dtiDo1S({+V7SyFuWH|#Syqmg5ax?J)lfj(o zBFS~n$?#7?`VpGLJ_j3=jb$dOAzZPT-i_9hddVwC(ZNX^_b4gpGE6%y9`gLCUH4?Y^vOxC>dqcJpD= z-V+nkObGGMElrvt>sp_JR`}awF-#wvz1T1+z5vSlQO(9O;j=^)7g4E(T^d!Ko$NoW zkv~4qA&p&pHg9(BQRb1`)r6kWqu# z8OIaIc@T_D(D#Tl&3bzjR6*LzbYV0ttn1F|O^O%Q(Hw$~6*A{XoeNHf?}@t&4ktN@ zPj^Tds|BaN(7*RRYZoNppqL1Y;zFeq-BWhJDIC&i-y@=p!$MCgwYyH9YZ_^HbrUJu zbD*T(0l&My|CNpJfyB3j^yCGCaa!ANHp8z#++>%Wia;`#39XGlIGFBqb$-_;mMWrm z6$yX0dm1u!md~aM+G0;7J$zxe8KtTb`v$}C z&nuTVna(0kd;|fr4Rs#jwt{0)5fH|QpmKFPeBC8JQ6iE`QCd*?TqI$(d28VXgdy>Q z-?W9ria9cvNM}BH8*lHb!<}8D2iI<pCFR;^?|1*W3qUZ#mTPcAN20k%})kEmZ(Hu+k4kq|Q0V5Th?hb)-4@lQQdt<*Uo zt0~t|`|0Ons-CO)hO(?Bfv5hcVfc%teCh|&65xy!l?9vcfitvh(?RdT>|KExG1-Gx zIvYSsl(Di;pB90%gG*SNf^a@JH#bCC7TY+a*m~;p!)fgmK^YQa{TZru?DowQ7-j5EapTQPYdE#eQL+=_->Kl1l;uGF) zJXY7zdVKT?$QMZ);7_DCM$64Q4tNQq*XGVM9c+Cr!<<7qEB%i`{hzmn5}%BGDBJV} z*+vQ8fD7*P0X`1|{D*smMWru50OTM#Jo=`%UFHFu@4nj56$H!|doga<_>y1Am!Qf6c3aJ6a94%f>6|#s$g=9c~%)t4Ehw^S4Dy?ft!4Y88d#S;*#-wdJQ%ZW;>}gfhP3)*? zo-IoAIy| zc=Pm4Me-}hv#G0UxP}uW??w%uraS>Ms%qg++rA))Y6>f(8PmG zWy|Q(OUqw6zf_3|`t}Aphs4&&t7~iAnLYMk)D$q<4#o?Hx6rL8$&JU!QT3-@#Hdkl z{*pRx)9->hTDbRWRKvQ#_HGe7&Bjyj#Kgp1pd{2W{89K247Y z?yiU3q&mI_PKmiuQd)XOv(3xZmhyPbf=-GK6gopuPY0A&a81SMJK%m&v_fO~ zcF2!UXj@p&88C$dO;@o1Xp8pVD*x(8y58^rV`#RjjM|(!_BL+4S?T~76ga53Mptl4 zL$}z1Sp0v+F)IW--8io%D_+?7WV8OwDXD)XUl=;bW$4q<=H6R^uPi7_bn|-3g8kV+ z=}fZ5cR}0YvV+5YG=lDsuG|VhV1Soq=_epL3!B>U`16zjk?(Xh` z!6<|DiJ>7zVzHw)yaECW_wNVJ%?uA$tsmgHW{T@ya_yC<3Ealdn-Ef}ET^(veX@2g z=Cp&mvfiKet1)YG(=io-qlDdGOx*{6-Cu4>V1LykJ4of>*4TWT)$IGBJYsEV@QuQ> zNspCRaH;|jOqfPYdYEP1BU&NrLe|^&2K+N5p4GKKkuxT}h&Yx|YrW2srq zCZqd3yd7LdiC8&nzm!!EeUfh@tk{`+FR)_SeBYR__owM z^#ob2jbVxMM60Wt&V8Y<4Ec}9aoxneYRgBGE*hbA&P^Gu2FISB?IV@~rPNz)7-bx9 z`e$z;=4_A_n<#LATWdEMym7OmVQ_3wJm9`bN$g7vr)Y0T+vu-%S$^p z=nW})?Ot|Zf^AACI$yxo{6f$p{nyKP9V^S~6e%`yOWHEnbxI!5&O6x~Pc`{XUQR+T#6i7aY zyS-8ZGeAgU)8JqQJjoJVi?!;&rHX`l^Gj;06^r6SF#6QA8D<+|HGUi1_^nLsVODqe zS=iO`vsrF_JfP&Dx^ffoLvj6Q3V!5ifi#&tLd~-My&U6!%W5=yFYmqT%?LC@SkB`em%Y0AA{R*yFRS^$r)cs2t%QawBKk7`MaY;o|nr2m14S%EJk|m9Y#A|8tnfZzTEo>^fU zZ$(xu;b3kM4Tcc6=;;mNU%o0`9|f3rij5#UDXB)g>q_Tb;B*~~eBw(jb+B#7d>$eH8XEz>t^bC+q9m|e?>X=Ie+<6~AH(pmg0~$?VvXhruU^~Q z6fkA1i6CX_q2~=q#*cs;JTO+qwY59U9Iq8jPx|yJ=&hX53Is{HI!BtkG;|@rK{cMc zoKKYJ>BHMvW*-k8p&$1ECB@E;yslcpEojo@=)}{L4{5~Bqznty*Hlbq#*Q#n9Fiv~ z$;k^(hv-H79+r~`1$RF9^Q&)~#=dOsAvXU6Fa1Hn!#=EW41^-DTK1U;;IhYEU3V&G&1{l!)`@ahaueh@19;1R!{<0WA z{pP&4$IZWd+;hBN#e1i-pD=5>91E#6Gdz>uSdQmUOf+yNEYMC!52;HsHgGcf8Z0aq ziXR2%Z>h_hj|9nd$*(ada=E^gFwVL%$nx@yFCVjN{r#%fUNckml13~$a(2fpE-sc3 ztsD?Sh^%}b)zygt|9<kRmA)rN&e?a|MdYL1WfywQi{mP7lqgL!CylgVj0ry zR?v0S!_0_YdfZR6RZCC|Ah2p$)MA zvPyy|0fn|@Bjl~{U%EHgQ^=&hU}HL|Zh3p^!fn(U15nnjBfQ=azurd%QKg7w=ETRx zM`e-Bhuh@jG4Ul*zAocOEU&iFhA;swPafdyQ<6UGMucv9b&jH6)l?g4 zXqWj~Sj;jCedpA!qYKv;f{>GwYZ>#JK#&eRj~*F19oXuJ#i%$)%Z%%SBOE_#fZr59 z;?U925y$-w6g^ACD=b`-Go<;U?f}HbQ)!HLsD^XCeEBl_LApxnR9a_;c9f2=(~+?b zS5@kTMld^&b<1->35i4_L2*Sry9LckjqNCz7OBCu|h{O&$I>9ylin_SAO_ z@doaHU&j9^XWDL|T!9YD^Iq4pKqizWGgm=oxJKT@$eh_1O6&W+C1G2R{L)7cEFP9Q zLQ$kwSn282tc%zbgB}GDM@fAH zxN!qi@*bqm(4*RqtiuhKKvf7=1h?7sT!E0Oe==bHXHW{3bT(Rpjioc@V9v?s7R(tU z#AjGs@_vZY9f(7D`Mz9@k2O?K=ouUzVHEW}>r+*Ct*AvBM0G1Dq=1b^h_knM6{!Pp zB#}ls8DAHeisUO*_CM6YMo}JfI+`cT?S&7MJ zh+|Ko>V6Oo%=3DD_#F)M*+7&o)rjZTSeVB0V2N$2dVY&)jhRONiOcS=71_3j{=zH~ z(4RS!R#jd1CGzk>8t#YF)5C@| zhKy37BjLQ`;DvmtDgENMAS-u36Z)Q&UM&8v%}ar;IPORv`+^}Tw`O%umrZxi%7xz& zeK?YhgOzuk`q#_&cvg>1i#b8UfuY6WDiT?x)oU%7GZxIk_?Q8Dmul_lK^C>2!O+=h zdUCSB4%&~eDexa40+Q*6`Is>qne-r((T`OQzJXoigBmpLUwRwVH%2Z|o-EQwY0yk5 zSAnly7(gG;lRQR*8PUY)nRa#_AgJY`HJC|fXsbWv2P}!7nI8jkM;suA`%D63SG;1xLeikx9gY`lSrKlt_w~)rqRN>;#Kakqx8cl@_>m zSG64=p;?Hj(6b}E%5tZQ%A7L)&o*f(Dbwl>RXYu5UNd8=7AdPqM7*72M?q~J9n`V< zECvbjd@qV+vJkekHa1)goF`)X3FtTLgEJ&R^si>}HAOez=095*v^aJt6v8tQHo=ShIchJCTG>eqzVjZ<03q}fuMCrm7ZJu&XPqEOmv6e+wEty1L z>hc~ii*n^#iyax^i$|0e?eak^g(A0i|pElI82?}y+25&$t^t7HJLxd;_B4Wc8 zW}&UGt4ic#w%pL+fa2b}a-pT0jO^nrCZ?pY&n{D9ML49=>-0Ex?>VwxBaD`;X6nN$ z**tO3e^T^pE%RzLg_^;h;DAa&`+HhDYXV*OWWC=6d`UmUHmK0hNJgPFbH`jjsLn?* z1MT>PkVtCI-6U=k%PHMMlNY!)6Yl1jLQMm=a9 zB#nOOsXwl(3&;Ux(o7lT#x`4oH5*qhB6P=-)R+ZM1fQ{eZh9kY9?(D3PVxSfJNY zMu!6R`Re9Phs)88NHLE$hA&>eNU@Er#&O3-=P$3Uq?XqS$`095*@*Yuy1q(jq-&6k%#+X0J63y~ zO)y^Nr;N{^KZl1VQ!VW*F!zSRZlbJgU4xqlBmU7y&(gomp6RIbzHILGM5#DAEB4*# zbgv2&PnsN5feh<@7CIy~N7T%KFK@T4t~th}uY~l$4bPr}{p9;+4vhqkYNqoI+31 zXW%G^nF%EJ0&YSXWL}Hcls0m9`bA^=g{9gj0;bV5<6**_;qw z8x>f2)6Hn-Kb$cBT~gnAs{%UWe#to1s511*y_WXh>Q=xv)B3CKm0kkq!&Z=HIQ6c*A*R<0KA+li%G z(+J0jJ_ua3a(>mymA4`wOG2nYGTRhaRwqQ=0Wyl`V|3rdCM+zBiD?Un%mgNs(}dVn zKAf6X_Wc4U?0n@O@y)n{eO^i$s#wodOW9^6`zLN+8qC>0Ik^OPdSIV_s-%PY)ss07@L3c@-vMqa7i4tGyM~oMI z#*|-*awVa}8xrRNxYhfp2O)Dxost5f6$v3S6G2}^RQ%EhG zH8!7$gn55tK)t{A7KgDa(87!hAEgQ)sXx+Z zx&5={Cd0q3M_k!h-(O?ie|bnW1Ch6n#hq1qGr|WR&XF z?BviPhvyHU3`b?(4@UBTy_^scqw@S~(gPk6n#G>VV^Nrn_9z)6H&rTE508bmz&r9A zd1_W1D7E;y%C~ax&%h)Lh^Ea`rnm11ifZK z{~+Sy3wIR^Fs{tb?nFO7Xc-k+nLAW4k^GS2{!OB@y*9yb`#`@~ya{Z4f=HW9 zeCx*quW>s;B@i^LdXy~ZE>7yq*?XkXk>r*^T zSLX)sAZqxSL%)TWE{kY+ozI)vWEv~Mg$FvhPK{EG&uBu^3PmPeTelRZN=x!Jp+I$| zMSs#l1pfU6g2dbfg)g0w=x37yH9-BVu50+jlx2Wfy2!w3V4$RKdkAEZ`^kP1Dw|JM z4J-6n(|=Cf^1g#juOh(bHvb%pHxc+5v;TLa%RtT74i(k71n}%@FPY-^j z2Z9}CS^71^n?5A)qUx)b)1jnI=90?l>bjFx|5{O2T202YpfZYWPV$0O2uYNDU=x(H zrZRq${+xj>U3O1h?Q)7S5HN%AvSG^nckhQ>egKqMU0)OPxQ0FxG;e(TVjLOQXy{o9 z%Z`tGao+r_v!`qNF;gg@^Z670|) zTBp15H!+wr18QlBjEp8q(10^i!u@*Qo<2Q_g_$eoWhabUNl8VRv83>Bf?P5|h$?O= z65HS*-l{)Rw*l1@Q_3R&G>gwAlhC^^Pw6qI@|Uk(Z5M{krL zjY9#o3fY4C){uK?_q$n#lKa=MLOERG{tu;w`}*hr_W}3t7PR<(Act6N=5}Yj#m2qA zKn~K^fs4&OT|+~D-}WF!FRw?^Khjfgqjc!GxDdsrS#HdA_{!W4eBhQ0V}Ur}u4=9j zNbiq5P*D+(%6c(hLMyXTt{)Q8bkvqDYn~mA1Td!|XHr5ko5M$*Mq!3e20iP~fT=H@ zgpS$M!P{$96O#&UxKAt|7alpcBk<=eZW)-dAJzkcbBg6Vo;5kQdGktrFj%~{BHQsj z^)vfr(a$>D9pfS(;p{)a7CZ&3Qc-pf^!*d7{8yiiV!3spIkp7wmFlq`m=Y8umbTk3 zO1Iv5Bm=t~K#O@LlBypam-HpS>U??GeEpV3&f*GBp@sPNOjS51^2gzYAmmoQn0tD~ za2GBI5RBy1ybh12zw;0Dt@WP(y z#gNe`sr1{C(^z36ELaeJw#*1A2sPx5gAl&J+^zX(BJ1mqw6#N!jU_T4H(iM9>rQA) zEX$Glx%XHdnawBvINwaL{*-S&h;IBAb^qT!kRMFRWDd^EwzCo>RO~@EMcB?bEOlQ= z<6#yR*<~bhgFYn@)&mC4j@@tF3w4-R==n{rC)~bPw{+SP;K)s-7CV3mA8#NNvv9b_ zs(R7-*2f>7)K>ws9(tF9BT=U+`&PeZ#6-qZuP5!&A+_>Li^XBixtb1D8maEznv_E~ zCeFim)f-C*-Luj@_&F0zMy**Fo(YLRB0_F32fg0=>1`vKDzUTSQokqDgAn{Z{&OIe zlb658Fj>VLbz{U8YCUvE$dz$k2v7Phw(dUoQoiu#S@^Hd*wZ_f-?ML=L5opl_BVlg z%m@b{2(N~0Hh~S$jZklfhI>(;v*qzg^|qhAVFtQhbt7s@4pQ_@DW9+3#>RxuTCd2!>5{ExUHlnFaWnloBe!}+ ztlrV%vb2=AVh&_26E`6Pqu4KYN{+1H3z^jP{8Dq{)>j#**jRR%?xH3yt66yvadMV* zHV92_)O^28g2r-7c!I2b)A;iz47l(~yZv_;dm?+(98Dy-I7s4cTQ*4>z30pqO9nOL z(w{${wY~9=wr?1wqgp=D-5t(D2em)B67uP4W>)T{A3o$lE&!s5m3j8-2A%F<#QVRD zd{JonCd4~*t=5Jm0qomNnipTHl~ZR8`LmSdmG6}zKgtA~hqKHM7ti!)kDpZCI_vpYJHCPNwre_p`f@EL&dV7m>-1|sOTh44X89j*w_>hVX&b%|s(NU07P?N+q zwt0yBiG%(T!K0-W7yPs)E7u5?Pgv9hm0}bb70?Fu4zk8BeZ4HY+k_Di zQ`7~B+nuhi3QW~42dGd{;6YGum_(#`>SAu5g}~KlrwT#_1idcFH$QG?@KfIpTk#W8 z_R;fAgGM8PIK?ylIBOr(w^{374C3s6_e_z{?Ce`t4LxhenI2WC&_)-taZkq3iTkM& z(b~jS49;_{@zn#L#j-2mk;SmZzX$C8lm%0W0HY!Rz2M|{ z=H|IQ^J6bk1iiJFM@r~Lr}p##%gDu{iLe-B>Fc9Y8tzq!Iep>l&R>yAb2FW*2>rw9 zaBAz&9WP@Yh%OfPH4U}rw^!91Pt7{gbOfT;x}CcEdvt4}{(0tjJP8*)UBklucKub= z8$-9rzGo`)r}Ix7opHyD)6#fnV{KIjweb`-unWPrDp!x(r~gt zhbIk$BOfj@@=MWBvg)QHK-rg_jbYj7xFW#RmdDQS%|!Rv1aW^@Q_C(1LwwRKt$Kw% z@-4{rv>DeqUYQ@ncTG%6s&EvTc`5OUr1Mkf^YVK!Iu=jd+>{)$`=YBGJ`$V0aBVaj zw)q8IDLeCJiHN zUbXP@VuH8ok5pp^I(y|+*>YwRU!;}1Yn$5I;+(xok&_$muKf^9%}`e1zr6RleL>%C zHJHiIuFO`p;uyL5bI^GfeEkX8 z0u>;X8e2{DmKe+at(p*mVitzK*y#PlgNHwcp{pQmt8UOuW@E z&9A@AWLdBOvg#YleBG>d+)GluEs6|`yu(aWB~>)CsEE#;^w9O{)!nG%>(W^;Wo#BS zKPeD1v$MS|-=16JDaFYE%1vEu60Bk4)VreF(%I~J6TP*t9}q={#qh~by?Ba?qZxrw z+<7FF1+aGqro^N){_BH3%C6nh?FF?YR15|D z@D^-tIepQ;E5kSpMjd=oC0s{0W?IR(5-*ew6t|O%OU*njWXs8H7`B_|zJNvd%;gq1 z=A>5Gm%GF&>94z9y@TUm#V?7YCJ#4QXqnfNc3$4lMYYD(ClT?>RfI?4EPc|}RGkH( zoD{`HC2mG`qw5Q#X>tg~Z%-_6+xhTpX+?j%75P5P$W%($k_9|N7v%`r76^z4g%5F* zHNj6+C`IW^gUf~RaIn?Jzb%vu_~-OK!QH~;H1EENKH zKm}tg{xAe=@PstuKJP3 zA@Of7fHvuT`tAra3LHkNgb)iJL*R)!KFku70i!hOvN&K80qS7AYtM{S>e}1;@{O;R z@}pnA!^x5mZv_i}`~R_ZmH|z^{o4l|FnXkPN=PZ)ogytMDWKAf5|NN*bf|=sgmiaz zDbk$|5GiQ|1kvZ5{_c4Gx4yzx+pg=3ZyevxA;qKd*#mavUS5Mw_x z%k*20X@TZX&c0F^vZ$vlzMtr@RsI--djhoOXR>In$}_`ID?|(sCO$N}Zs$Rr9)mjl zTUg>#x54*tga$GS;uy%Oi_h+Quf#>i9?XAxU}ctm-||wb!itScxLUIL*)vui9{u;Z zf{z^CCe{xlj`DX!|KTtHB<(yQT{A;GUG2tx;OKU|Vs+>00CN<);=^!I*7`ZNR`r*+ zhgo znv#*>z7!2mzQRHfJ_y^{QMId98X<~M6KF;}7nMuAM00V0{ZO5b7IY^z;P=++{RW4J zlOW{KvSL|Vbxakoo|o_8zb5wC5uoJtMmXSsM|LI7OLpP&wUte58VDu?nSv$feedHQ z-x9E5ch`RTH5LU=T(~|#| zu-dZTmgd`5e4MwPr%wzfFQ1i&mHXYeEh=c$s~p99J@mDGjCKjZM`#_md$%W`LO(pK zc^dh$Ka%TEmsk%_eP9j2ni(FXduUhjZcy-U5SUVR!6^(5 z#EU5(nibCMhb6#2tP!?*1C|LviY6r_JTRrDNKVpAY2qj(RY&b97(a%yie|6>?`|II$E^B2 zpOg5@MFI7}0EO^J$BR#1?kl5~G}s@LoVV@ttHv9Z_vhrvj1~MeWLe;ji#}#+-T~*e z`z!698XLPe#6pzGx=VZ3CTY}bjYL?u1mRiG{HOc!UvS1zXb?s>DDYqutKx%mA1lFa zRIs~rzyP5i4aMEBc0bc|>3X%{msPI{F-mO7Y3BLdeovVHISi_Rxkau~%R23?|Jgg> zNvEJK2`3pQX_R1ch77)s9_cV8x-BfMf+0b&MMEiQmHX-y`R3fh4ksu|yRC#zs#*Mc z115F7#10s(h~;zL`U}4Mm4F~SIt}>n?W>9lzAQbu3l|6)1w{P{;|M#-#4gin;0i1LW^DmDdVS|AshRN&b@|-7sVO}> zJwuk>hoL4Kn#|H=TFNQ|re;wB^0_<3Zq56Rg#B-b%n^ue;6FZeRBBuI5NKP_k@4dDu!PnaRJ@9GRx_q}CJo!*pY zCR<-$Uk-P?Ph>bC+Q`dl>$m_a2rpl~R5dkS%5QgRc%U?Dl423BF8o*05S;P1^5G!!Z9)Du56XRI35`TCYds z4G!KeSANT?v^oQ<0Y(#X@xzq+A-t{zjobSiAvj8#R+G0QMp5^d1%|`8-CgR8nJteg zI)Pmcc*r&4C{aO4=Et6NYYL*NN>=3drTbZu-*x3m@879<-hmD9(Ohv1KJuMgTM0dh z1^XKRL`T1uQQ#ra`stj1WI2uhuiD|i3TWMloj@jyPuK)e@esisy6n{ql|fh6Q*aE4 zFfd8wTmid-L>(D+kBPV7u9D9Brj`3x!}&RcT{@;aCF5WQ^an}P!pdw*d`R7p(&t~9(tA|ftJ$ro5yvz|pp zX57U>(!+aeRr_e|e2~vVY__&GQ_z^DZvH6jZhlD>;=6YWMDK>)Md6iGskUR0(C!>l zPagS)wvv=NeMqE$R1F)aXB;;>`;fOpQBbZW#RZ=Xxj&qwEh!IS@5Y1B9&qaF7ZS`BQaa;@mIps>MRW9bXD0+`L6BsS zD&i$>M`FKW*!Sb z0W?DwpOo|nrOJG-r-SkP6vnYBL=MgX8vz#4$jO-V?_p!Gk$5hylEjooX=c8ASp_ia zHE+Bw;+$!?`EA?|cSdpf4I3Xtovy~%4ySz3CVG3_f)Q>}o%4b4icU;Kq=48Ho1^#Z zb&k0IpuPYB6NIUXZ@j7gcEYh?q$oB#FUrbz^>&1ImHd)Sqf{(ui#fo11^5hZZ|xY1 zR32CBl4d8RzpQn>^lz85v1;fqn9uV3%F4tv4vj(DE3(rcc!9n#JRq3E-GF^agd#n< zG>tf2%jj2D+Zo!6Pn@Gy9q+_8D{I8;4aJzyoBHuCAu|z zaE#wAEcdQ{qZ{+xBv5>L%fJxuZ_PefcmyCfM#K(&`DlGBD%uAZdFFPe<^gtDad|m> zq~ck#!)5C?l;eAm7Fv*wN#OG{ct8y^HEF7WnVq4~Jzrc$d%MIRKYWXdixFvaQ0x=@jdZK=JYl<&-@$^fs$dIwkljE{v!mhr zdiGt<<+J=z>j2u|br?;CVF8H?c?l)Drn2XbdFU1^s+|6en1jdo$;~wFa2A&?V$I%& z+>n48aiGujY;aosvV6n&#Jo#KDG?`j%noWyRM@yB7NfVjzb!z^CYZDD6({2a*w}#^ z3%Dae)A~QHD(dzkO#VCCH3Ip#F-iJghhY>IElsigOJV3<>jIiQ%#NlvdvF-3v4B^v zkdQE?VXlp)QxgDk`r$m29y$b1EZE%a>}>tk7={U3l>M;pE{*254Nb* zuZ#cp(UgtS|Gg%#_{$9f&U<+@KDl~E;rB!9qj*W!1vg--mU_!TxJYf_#bOc~8rnZy zSd~4(t9D*{V%iWH)BNz!lYXbW=FXXp3sa7!F_c#uR(t}Y6>U3@AXVe7gdsk7<@yAi zw~H%E$eZQ7-@!8>6KQCsu}DV9_&C_!vLPYeZU|dJoyl7{Bo$>1na@7Qi&04DHWZqe z$BIKjIT0^FGXG%+ZWgJ;&8C?A{rgb_hLf{BtnoITq^}-KKcd|`BTxRDz|=9oA5sD9 zDfTRX17SOE4#@o<&Ui{uL;s0s82K@NDBb4QH2otB{MV)P&$^Yx;pXP1WGBMQO>niR zz$~~?8Pu5?tH~lP{+zz&gC6*^(o;v zS@6^O>R3-OHiisB$0Y;xP44Zv3lwiKK4GMlW)H+?w8T`|+R5uLHtr%;7NPiu)?vE&}dwY|2{0+>> z+;v;2e;b-rrKA+<;8ac=JRh_A3ELbl(e3|F2K(oAJFtN2+Crl%*I$meK~;=4@i}P; z35N^9v)GA=jgi>YtBnx1J5F8Z(mAO-PeEXbxJxA++?mucLW>i z8&GeCzur;n*hu{WDZRMBikWkJ^k^O(R~>1fPb8ANKz);oYuHBpiv*61Bzi^eeD74A zo{zMO*WMh(b!h{5NCpvM8MCPF8LJ7L@V?8pbJ|<0)Pnr?X|Hz?FQmM9!E$-}<-Vai z6I!tCiV56T{OML9uH$aZqK>(_Z~E)jflt1lASg}()whUj6rIj1c5A+j*RKGFt54z{pKS*Ypfo_(oRh9 z8B{8rT%tjp4_S(fi*>7~RX9a)4Rfun_lI7Qlkfky|G2r?XGvomM_%7cD+|AKPnBgRQHhMUxGc5yN5#*bicj;8vxLl~y^n8Ts_cq>XSkdj_ylOh zkBBOsO_xmh@raoUkH7KRZ&F$LKH{bJ<_%4E?x_E1&F+?v$e;en90x{MMZ56MmL%a{ za+!G9_b^Io>T!vfjIQFyV>e~(ybr0?3L-(Ej~6Un z)6K-#c%DDihnPEsxr2mMUUBZNuiz_;po_Pc*tY=<7(Pj(K$@%%|qk^I}8yjUVwzl#zTzfxZ zZN`}pLYD$fuR-KtrGHi(<*Iglbrk?NJa`Ptg;xn{jnR2+@*2b#e1WGfV5wtrs}OTG?Lmeriv|1Vokp z7I6Lh4;U-Z3@hP8mpsM~tl6RP0JYlIYizK5S;vsTIYq;)$j2j|-)uh(7h2pK>lgME zdjFN1N?bTi;IcmiH=Fv zod<&4tB?x-Jlx!`J3-lk96Xx^fU%C1?{eE+n>**~Lj9lyWAZT4+7n7G~BSg-YY+JUfOr6oxb{xUVpKUQ3GP>k?6dM}xp)jWe@ z=Q}0j(nE1sl1>H+r3*7WPI4ly>B$BkEyiM`@QB6cCl?QR?}Sl;)0$PTH9h84nm+nO z#EU();|VUTCp2`Au&yLriY4 zb%b%*rK-NZl4%_I&C8q|`6dv`$xWHGG}EjK(36+V4f?ba#}NDfc=y=mu8D&xak7^m zY8xtQBD2Hk-3;4T!)Q#a5?bQ_VTIgO2BHtrPmAlp zLxL=eimI3rhi7UvwLVt2fU1p~8EH4M{jc_Aela1|y~pBjD?Ykzn%-0Kqmk>hv6`uO z`s~&FOxDeW2XiPTYgMJU#J`1^OEtiQOU>=^Ux#=GoA zsk_iwChZ?Rn(2MpHE!!@ioJiWxU_Z(Tnk(v$Uv_+{_U32o7oxNFQU0~_HJUr8zjHx zt^w86y6ay9jVi{+UuBta2_Nzl1|kbhXOp-2@wKa`pA~*NGt5@(v@9_^Mu$`m1B_Xd{U%_v?&4x-Sd24Y=aBrH z7Ju5%VMa}zLppQ?h*rs$`z>0UnUXhAj*1AwdY6yRr{4jDOey!Y*dTr%uxU7oUmo6a&+>UZ<7Rqry85~5;EvxYIR(XgF7qSYnw{Eyljq>j zNd&(3YO%CpIay41s~-+gG+peJY&g02q`iE_6Gh&$C$Z$Az|^G_P*ZAD}ZonZw0_Ug59LA zpI&IaKEpYUaF242K0|g~Eq1)Kj+0_5(9B3gLAn4_ixoxm2mVVZ=v`AN;9u9zN(~f3 z-+SZL@xE7wPoGa?LBYV6U*jqaugc4LPcGX1F4Y;HADsD*E=r+xPQ0ud$>0Ru?8ah- zZZ)2x;9oCMNgT=3-buC`jDf~a-B-HC#`L2-t{-p2dq74!M33yEqVSv-84c|2W$Q3w zn;g~9=S+@d>?YY|af}I9Dk&+$XkL+BpI4$1P|~ALFGM;LQx?2<^=gllYFgE4_Nz}}d{-{yD3(a(BBWnFiHeDo zS$bXP+*HcrQ_8#$yGP4}vl%@didnw=yy^(I1Xd?>P#UIuo42p)CqIdJjn6cUaD$%>rgd zz|;U`9koI9>yU^Q0E^A`0I)SxHoEq{+}H^)S2!=L&s@LQLS+|8q^8RX&~}NUJHxz>Z|bE zb2vsBF>zP_VC3xn-ndu4`03WK<6HV<&HS&gA3Q*8Grmz+2JoiOS0W`=la}9Ny;>Ed z0e!nnl)Ym=4U^#WdbgF5=XuAGvdkq%)^SF1PyyTBhGYD1Q`8dz< z|0PCO6%7Odx1nQ5mv>|giND%h0KpBkWN2>zkUux6^aYTID8q%03C)|h9LLlfemZ4N zZq>TBaV?r4Bo%8-nwo8Fbi4Sn4Kt!I^lSx5tk9rqw*?7pTwB%QRQv*p z4t?pErp1iS@*c~lWhVR+a&R8)j;lSFp|XY*&hz&AS0J(RIop4=J`hJEqThJo3p_58 z_}cb4ZxQ(gUo(wxZvXx$HO)l21NO}H>1t^I(dVz*lWfwSwzh-N6i_~N=)H5==#as- z23X}+;|x~`u7dI{tL8Y5;M1uSTe4)d&!jKLq6|ZyKO^t8t9X938-v(1J9w7t^^N=l-Wx}FaeACKAa(Z9tPV6p@& zIyVT`IG}GBb9!RXo)WFMeMgbgkH1c8T}H$pd-aTsZvxIQj7#;qsU*jxFcF1dzSPk!WD)_OCmZs;Q%qBgr^vAyr8kdl9t&DK6rG%7&Jj7 zf)gM9q6hjb(TE9iMq$!oj~Mt+b>@K4 zyf0s9-wm0xAJE8?`##F%Z8;B!aq`a5>%BOEa}GC;O7BnS>_%eeNKJ+K@uWj0q}?)BxxOgZfE^`_hDTIA=vWywZn%KBih;JBTj)C9d?W5VMhC| z$2hd^(qFTQQYm>GrLv_Ep_gaRe|gE>NacaXqOz2Qf=Bje;q2z&xkg`a>L!T_uVBLh zvylciyF@>cL=YkqxTCyeDo>-xynDz)loa3FHoe%Bj4CLeE ztAhtlvf(T;w7!WU06nVK{i2)gziUnZv{+^NVF8t^$n4zwo3Ad`cUiBC%^bcP6Rr=0 ztSP;@xBhOV5Fod1*Tej-8Rq7PJ!`S;DPY-g3#T3D>o^J%qkHq}3@8+-z z^Alv<3k;Q5+10nvD{xj$rM!84FnAP1YQjlq(pj-|GB@!!J?7fnTLeXf8VNejhKeRN z)jyQeEkRY)aXv);qfSd2_?VCtPpaOUYCJE!QC8DfXRq zW?H2~qx;<+??n1eShr^n!p%LerR#|lJvCHPYU<|_b4En#ofHssjRF%VNtX6bE*Mr< z9eYYJaR_b0l3Ns)c(u#&^7czV~dAIzw?<#v(&3@DTb;R&%T$JqrRmdH$ z74L$xhXTJ)PA$&O+iU{AW*XY{D?7Bwht|Wyv64&zqs*{*rD5urqtY5No)2&?SixxXc-#&38aT6=8?RE{wZ$ z2z=MUSLl8w@#IT9$}%eGOcIyS7XA_oGDfhoap|Y z=ltuBHC0O+8}(9m)gr=JA-1u3*4X7w<#%L}KgY&hHAgack8^d(T*(nyC8gYFCha;} zj~+dW8QU^7Y@l+iALz^2g$v62-fff}^}~9d9Q`NBKizBDsVtS(Vw~nw71sR#{#5&yEE^ zH0P}-18zX4R;xD~8*}Wj*vU|n#`??U7o+DP3SF2o=h1b+mro=#4cP+*c`HiZ?U>k% zP=f&J*Y=ZBU^78*Grfw7ybwv)ooLv$qyI!_&<^Q2mKS->$XqqVrxZ;NQMtOh`b-?t zcw;JX@8{m`k>oxD*t&NCXH!aV>}H5C;v@(O^&Ft{Qsfrpr`dWgT&;DQQlhciA2KLG zMw=#&6W)3m_yT4c?^wIg0K$j(#jY4AbG9vRmBT77pHn?=`?*z7MMZ;_p?ceHrr5gZ z$1xpk-5euxEx- zQbWf0!DJU>Ra(`)%-YmxvHKKDoD}h{SwY{=Oz+QB4Gb0D!wyT|;R1#heszL^g0?p@ zJ6f!f!dlYb^CC!seTeB{kiQDj-wSGa>tAZaS&d|JI5mgfA)mAHlcjv0VP ze|AC35>nt@r{izSb z+`0wuAbTRbc5`jITi<&9xPt+%+5O5eT99w`c^QqfM7uJoH1d4z{UNK znCONWx}xZ}bBIc1kc&N-k4wzr7rv#2Va;h7IA$x`$Gu|jY!5UM-Q5@mYXqqSvT!f2 zEMgia<8$dHC?Hv`8+s=jEHUgk*xvJB*V! zvXr%zh0KhGFvx0rWSH-0#>R-d=s3jWxt$#!FXejOM_U@2jCl4&1okDoPinPSR=O+x z;{_)re-0xHHSR6?$a0`>Vii zaM$TxNr#9?vlg*ue}nGh&FVRlgK%5iT?KeZw|{H5Kugxu<=NsqqM*g=fUu=pk=J0QA;8@H74O}IZ*LnagiKVu5)0Cy9V@2&>$6;uA?F(bDFij*tLR(0OtIw0qW1>g4X^{U2_aTh*{&9{*?&a3-E-hujR)LT75OQ= zc1CRNez1%=RkuR}vVIG$+ zUl!;0+gulvv zH95s(Fzyx`8@3bKB1!D$MnvBg-9VJRLX`dFo{r9HyC6UR+KA8N)-}e1WBAFqBk6Dx zo|pPR3tSVZeQabD92x$yz8x7+D5cqDs5}VRE(j#WiIgyoSjKYYn`<_kd%0}8d}!r! zh5Z~oH0-C8lEtY#9eiKYy{vZ%u*RT&`1b7+o%@=rR$!j>_SQz(@iG7GFb8RRMyubZ zBu*Y4x^KN4x8P%lqJiKiQrPzp#h(>jMZLdj7&EzV!=n$-p)~GCgTv$BO$GW+X#MuN z&&sUL2c9*@Zho^2et+H$*xSp39hhr6aknuwow14NgeriD5*or)#jRK;6%sR-w{Q+!7aI);Xi(<2R{ zRPeqS6@FVawdqp^Ot@o|e<3)**E)xX-4zR$-G+FM=d9x}{iI%pMu_s}bb^^@NL6#f z)TEZoUU`^m^E4;1-~BR;mD#k{Ntk}%C9HgFJDD-Y8*05gD(?X+50!7t0TnHWFm2QI zzh%pK7|YaeADJ0Y>pQ+g*cR2Iz0S>}#lQvv!@;T=eEE|O zcuw-?q*T~>qV+U);WAU1pz0(FkujB;z$jL>mNZJO*Y&8$XKRe92|!Z~_PUGi6@0yT z?^@LN_(5I}OUrtUja^*R0$Hp^Jt4iM?PJ3X`7ieCQ-^-z6V*o|6r~HQ<-hwDcBqk1 zLGjctf3)iV|505U-dU^co4&i_>NTF{YR^rgs*kZwN(!9lUFljJWsuZU^+m=zyY_oI z1gWucT9ny3hF%r)qt64xmP3^(&jIe8KQ6GVi@cTC&d|anmlrCe3tKh&!S$pY)%9{< zMoTzaT5A1J9EFt+pM?5KmkeE>O5l)w#p+G%^9s0*e{a9}xrZnCkad2DCX|Y!Jj7v< zJlTx&&!XNr^>6lwBF2%E`sgfH~-^}E0$WSagVBEjUC-OmVRfwDtiW;Xv?!ELT=7{G9sQS?)Ah%Y-8J>7uWEFGoTN8IbKsK`a?%&9A8?(p)E( zB^uHSC!=?t;)??Yd53X3fZxBC@&kSaNe&fl2Ij|!$stPu>2}C^(qc6!*BS){g=_zrRa&p^U1W8Pb1-J z5uRDh52?z*p@92!;R;2>{{h^yO2q4j2LUGg$@e(mnpKIx4E=yA9W=Fg1J{GkBkq61 zD2&o5w+|x2ec&qbKMz|s5)G?I+;3l5Osr{QVJSs-@3HkAG%sBR8;A-ve&wQksbUH4 z7Ng*ML$9!yVlZM%nl>}J+iUVPE^S0U7uf4;Gk7dT_YVxTEeoH#;^eJ%R{rili)K-E zkC!nJpQ*Ai%iTbh%v8Jfi!K@0jYc+(vC$D<@-glfLT^RIa*2c*{56Us1+>^_=ez-1 zP%9&-g-CI=DE^BYtzyZ4xc9n@pa;gWxGhb z>Z4dXiBEu1-Sz|603oSi8T~X_SEG}l1jw@f;=H!uNfkPG$h*askiBfdG zmx~)i{Wee3ze*@jeRU^zPVj)S%#7VERJlYcU#`$nN%<9ZRzJwpjP9T%JgTW_4^PeV z%rbEuUt8;bPcYjE(IkVfc70^;O&Mur;jYGDX~jyWpILy`I@u>^lnt|qJGB7{TNq%h zuuzQ12k00Xy(wp`Ve54V=8lc;l_p7hi{x&HcKh6Tr6{s>kj*ln_oa?fBl&8kY}%-~ zjZ--C#_RVk3ev`MNK|E+@wlX<JtzJ{94Kd;)z{L6vH$O?_VNH-dr z3;KZ(17Ha{YU!fFy0_mzRdQEXiDjq}J3+bQ%8@2vwFH13OvF7fI;Z@$WQ@bqhWf%> zUw<1n2KE+=&#K=DK-X1K&BI_OCmA-LxHr82yd!_z>tz`0mo8)_0-p(OVPwBGjHFP*)I zOjfLVW$s` zVQ%hBo59<>m1B7e+l(SkTB)1g*1DS;6fG@oqU@<#LA~=uLI=bvR(AFG&@Lt zKYMhpj!V{aQ>wLQSeAjIN!tTeEUa)14{9v;Yg}~Tmj6LdIW{P`chHy_-q~&TZDyF` z)zWQ@%dX8EFoHlkx;L4bndIt^^F8VBc_sxm+WPy8t?|9~dp4^icmr!S8B<~9`$I40 zMw7~kD75rQMq&Aw*z)Ki{Mki&a>)lijV!C~mp{r+bZ~}SF&6Yd+ZQTSvG|}!y!Xq; z29xz{5*B}Wnd1x<%d*cE_7N%KYdlY^(-O67ucO% z3aqo)7;+QB2cy5a?zzfqFny4>pnr-)pNwO;+EUr^_~!U8avgl407K@F@F~ zs!?*rFY@I>O9=xX{~iJn%Cq8*UzZ&s#11RxHZ4w`o^?y8khqJ;U%Sg`71CFgkrE`2eq|miGXOK;li_$I;YsOoAWE(wM7{9^z8JZK=0)v zr0;!LfMpLcxttM1E+I0?x0_kLElb5=`*z5)P|j1Kdof+|KPc8J(>E}wae59m>fjp5 zPV~O#I^^X%s!30_LPtSS9KpP|SQDP*o^i(8euz<|`@s1IATfs1`+tCnA+^2sPRbE# zrDX5;teP|{p>@JBHH-D0HH-TzKhecX`5dxw*YZ&Lg~5Fi`&X4i&%bxNeAt~Ejdk)c zz`=HKbX2E*w#5WG)grM%h`wfI5MFd6+tQOR^WdTJ^*9+`EvauWr>3VuVwV^(%=$$C?j%ZkdU>@t$=;x2?h_XmSN{dO4D&QGF=m~1JVBKMT%h@M!NJU6eE-ER`}IHoXApDUiME?c8cwq*k>+pG%o5|; zyO1?=TlFt0wNdnB>tIN%Iv}HET{nJ^_P_Cms%0<~sDk9Er$FHy5TfOlyi>NI+&h*s zA<9pm9@vJh53t3g$bG;!rCl=vC~{8zon&V};L=Su6=$9J+i7BNfvRSti!q+oo6p&a9JheSiQd zS`>?yu&X#HXUX#>HSla@%EPITF*C>|R)`_^rkl&_F|D7_MDt*=Jy5O%@2a)Jb@PSi zqs4k2{!&L=Jw&UaS!B@F^6CQmM>D^xAwPxZ_0D!Lc$}(S5qAuv9RYFmUl~?!6ezYF zF%Mn+MQSXYNV@f9$JJzRVQC8$&n5<<<+K2ujIGT)!ovNvpfJI~?1YeV=J}rED|Qy~ zr`w7J-%41z6F)8hfvz~hggpkuOaoM&{NW zr>Qc=9XZQKGuOR7M@ZI;C`Cm@>C_RAC1WUo9 zgnCDJ-@L)gMsT&Zu*woV+NtzP|GQm}NuElSn8ZGzJUn$_!SS<>q+}2(ig& zLTMOdPg7{xettjMjOnzsgd1fDgxR>dK2Rc6yQ^lJFs=-3H4qHIQ)Pspb20MYBd5?9 z?tDAw4T-#_@THqO%zC!^&0vHG7o09q&r~m-!Py0QHC0pl1NQYnbnB{9>=C#3r)WK>jbYy9 ztEu_Jx>tZqprwrvD9_8T(f=dC{6{*5np{NnnQz?gsI+7*c3d>sa<2+dBkkOL`HhuS&OJ9B2u2oO~^UFVJ-yE;S$zg7cC%;afTI3~75-2Y? zu+|KO;AqTDq619Q0Gc>Es)0>-zmK(#UrdY@MHHMNI+*S3ezvjW28w3IYhy~OQ(HsY z%-W*9VAl2Zd95Br9~M7i+8x@!NF7%5$AcRz1l>Tiawf-dyO~6!U@Ek<^_fQgOcl@n zsb&88FCRPn)G?WGK{NGgW_Ef9Y3TVOu8S^F_6ArFcp@y4{p@T%gu9UT_pI9l0lr-l z&(%s;c=)H;-1@_ZV%J_!rk9p-G(_EV7S9fzyr$5@Ul>;f11uNH>7B>u%#%R`PYX;7 z=8-QM(F%CDnBDR@xsM|vDfDP*?BtAe@`7@#KtBaj>1k&20JKw8%&konrd>7GrJyn# z%S3`3eGueB3{fcr3UqQ@%(z=6UvXk9=|gg}Au2tb&f?F$+%R}yMje%;nd8=*-oMt8 zV#RWDihTZOC+LQtDZZ;eKG|-!GlsvGL^X;t-Mf?lOmlphHl=-31pKMnw%^0y}G&0RC2a2 zi(R>1a4rON+G?{*Dl4nBExT_r?Euk>Rj%G%!6Mbj4Iy;=mrv;;^L=BL1gJwP>>fVe zYz)egbtOJHjeW^HyJ(9s&ne0|@wD2`uR?44Ow*F~eo=pMgg;R>BOw8+XwYI-*?3h| zynN1h)x#ra@hh{h--rf5+GO)WxnzH?eL4sE5;Bq4`SHi_$3mFv#MhXd`C7@oFJw51 zN|u@~@p7yAutxf7RmOQ#kH_(G$lhP(6aqy_wzR!iMAhCb2n*dcP9^lH`hBH(jFmAn zAYw2=v4p0l`^Py}VoiFe?^x5t^x|LfdbO)#`_rJTEOa=Pc^=5pVB~`0V9X(v`F_e{ zLiw2cF>1kSI^5~Zk}aPd!%#k+xG-`%vV~gG&@jqERa|+afw#7AO?2eY54K`Mm}c)t zW3W=Eg^g~qw*7oP-htBypAP~K@vh{wp~XPDf5uud8Q3x=A|Nfj&&zqsWToFMB}f2~ z7(55{JT-0TA9_{b+iHiKi6!iP4W|`2RDJBsJ<&_1!N>z+%X#;^7G0k{8{Biwk_Mn7C;ekE{P96>VI-|(eSKR$) zpurw@NJFTSjawB6bo^vcYXz~1)s~U|nl5ryI>l!QquK-y%ix2m=H}PhDUIp>RA(k4 zWnC;fj8^@nt%D|amh$gC2K%6(=3V>W_5l>g+e&ehZ8cIf9HWKHMM;b^%?!EXr z{dJ;vQN0$cicH#3!&-CT_Q&ffhQIxcP6P8Eb#_GB@`+K_Ftc~-ek`@aLV zh+0Kt^o717nNekq%aojnV!^8&hJtj2l*%@FfTyOBTL{Nw z=7ll_q!bk0d@e^EqU7Gb6&5gUD6QX+qf35I78=mOt{x>+Ke~&oc4OgX3jDwv(1B+% z6F4Y6Kvu2+id2Ru3UHA1w#5`7kp6_8v}vSz&8)x!;W4Hw~=P}&nlvA1yFqW zDwg~O=P%&{gcU708BFS()qy!IuS|g(u)7%NI%LkumHuZGA-9xmr{*k8$y+P>?CFE+ zgoO!4)B^Q&%z3|ktJAH};V!aLaarbIlYG6=5bq-Mmge(j>@+b%fPG^y= z8%f;Fz#d$B73#sP63@POc%Ag;=fx z**plcadLW*{n`%qr!r8I$r>v(Un9?j@Wq1OpR!cfQ9=6%F_pfd{{=Ir9a+-S;^{6ZuQFUP^7^9Xz((~aHZ*Kf7LK4wRR+=>gAhBx?i~5HU}||_^rWWt zr8Z@R`JLa+eDe*q_%cmPI2)X{@9Tli;!X@^$&`^+Z?yb}hD?N31+q|5HIEu5=ixwi zi&)GaQw6a?H*-L*SMTq|Ht`n!W8exU5>HUMEM-mE-T9p1PbBn#acp|BMCADE>yd8O z#`bzP0r3&@{2Kt|pnF_fHU5{-0Y-&R%Cq5~c600;jO2YD6#jJo1`Hh?>W8$oDO=fN zgUh?p#_X)Gu|W#J{rRAh?8qrlzxYUyK)evQN~aj%s;t}(vMr3_o1R%X29yZl1UpXt zHKfCB`P3RmXXh1iimtwq$mr5WK@t+s2(^Mne@%Gtg6`dCQ`%!?CM6fjhb(}5 zbE(H=Vs}Q57~fi!vU{`dty05P`kyNikr{CIj3TQn)u86WWqF-_VcEH%utlf%N7{^& z;A8$skYG@GHqRUXPqhanA$-8{i=*yQ;1)s&W0!R-*IC(&QxN1kCyV-acOtk1gIcsp z9Tekc3ucZ1?~eNe_7~|PQ4v`iJwp?^!~1U1p+>m8$}lS9fr!o|X50}(v_0qaRnCpW zhtgW^7^A?dZ_Qt@ z+f<6kQspA!v*h=YxN_;#QIHumG#w4$W=CJEZWj@RGheJSHO`B-<9t=6p`l9aHX+tT zaiXrbR<5p>r0M!eSxwq|qBRU&>P`%28J;0l0WPy_JY4gd7=ZZ}DZF6eFLqmZ{^F3H z&yJ3-nFbY{EmO@M^FUGu1*k@K=cwLsl_HsYiUFgPi^nL)ZEbB$5n)uJV`QWa3K;Cq z3l)c2O@rz5uA5`Tv;?V}=Y$nSMf@ib=c8b(Q)q(6WTfcOwnMq-tuA?S4ViR<&OJ_X zc}4m^vyF_;FwXJo^o`^>l#fv4K?9LcyytRICAtNyjHA!$h=|mLcM_!tcn*H?l>LDAT8#3TW5fUj-|C zevLIN)YvY!1pWPy6REO5oWUrZW5m!{UsT9(?=k74#r5>KZCPC(l>(oOMPWX*;n1$s zLTIPo05LT|v)BCvI>xne{dxv6>=U*$Rq7dt=zE#=VfWd-@ z4*G^U&|@ix<;^5m{HbHy${RP)*<$AHpklV1Wgd|tkJ5cI3MIA3-2~ZVn5|^Y~Fq_%6GWc!*xy2LXSwY`lvaK%% z7n;3aIO-<&Iy>7FSa@UifttfjQMFHLhygZm0vlsA%Juk|nZ8*!O4S}?XVmpjWzlq^ z(_VFw3&SaQ{3xcugHhz!M{%v*-Ckq~Z+EZV->{D%c-ieb>Qsv7hcHTa_OLOei!Ivu zk2#OwpFPDV$-}1v`1{wQ;HOsi; z;^Fto`)_Wx-(6Klq$Pp&{)VYx+_EINh@4qG*rt1xZCgaxMt4V6_pWdL=@xX8c5brw z))bP&ych{l6@o?(F-T=!Jz-WFKjYzS?;{Wf=_w`#6{~1Bk<=)i%v-AFq4~I#7kVkl zJl~tD>aI@rvrv+(8}a{-t*?yAs_nK$M7q0MI;6W(x9q~I}fQHJx)O{$>9 z@^N_VOx;XN0Wz|CJAHIWfqL78ZI6T+a^zHh7g>K=)^fJioiHEE$aS;2Mof@v$>`6N z2^1WJyOoK9mGa_hrI?a_HOhQ#0vXwQ$K1&)(3oicftf;~aI1l;NfSTKK06+)QaF9T zEMK%%ELsqxB1)zRI^M^w@53nQ3BO??V5h$)|1kxi-76ftcCL`?DM3OykwfoYusFZ+ z2IFqAcx(NK7|Jy|2XFdB3(>kUXU?99ajiB1T&@6zB2hBlYvL@3i*n{mng4)r(f9?M zf|{?*=M<->1CF6(TbP=b-XX~W=q+Uk_CZH~2zy>WkMrHjZDv)Mx~R#|`=B*+6`Led z6-z|S4@4VDE$|u|?$l(R$xv?a5xT*F_)9XX(qtm9N9u(ZFS8Nr%qdJ#9&vCOiVx*( zqXL)5C>;Z}t?A$x@>u(92tPu&v6GV4)h^CnUsoltBKAw5ASd_kUDUVf{*hLeUjn&f zs1lhx-`#xW2Tn7V*ncp6v`6QhbnZMHR9~vM#YEK9!cB)H`%vZwZiaylo z0aY%HogSG`1B+h><>HU__Q!8UoXxIIVQZB#?w9EUhd3rfcv7?@!{7ndo(0GfUKh=v z#sPlhw}Vo$;9=a!>FJ4Is3{>w8?g>rqe#Q^)ZO*83UZX%tngmhp>rhJcmC|n>qD!! z8*-3XTP#hZvZdTFYQAD|t~ZB{Qvs92?cLo%FYgT9P`6ZqtE(Gj`&#z+o;k~pAcO5Vgyp#CtW}gLAR3MO`gx+JC*Icv>ARxkY5e4s4P@vbqvPtkT-Sw0C zc#xM4Aje2-_Aa86Yvze_%_S}U%NE`n&utblkaA1~00B;-(a%vTw&5UUKX3p7Cg2JQ>w7WtsW&`wb~An5 zk9=qiLdqtHCk3{g4JaSLb2nmRF&Gr;%j_{(z;kIN z%+YDTC$0z-oKyNc@dXTw!DQS6bRT75wbeB>sv0V!`JQgf5aO;wx59Z4O@uJU3~$1A zom5M4hbE91f`0o3?-K^*)~NuCjn=kS31UwSr&nUdGy86gRz46PIBfy+9ck7S-iB5x z?rejy?H^HE9O3LXqr1K$NQ|{Sk#yWi7-T(e9v(B_q|})-HSmmJplg*^m#8lQ^!!a8ofMN9VvKbrPW3xFPCz;6`uvaz`4YHhAbHZo%*ld^zD4UytP>@+5^_xElnth*QMjGoBe4^~q`@LXRXK^YVcTj!K!*p2c@ z4fOQL^nqG~lngEE`A!F7=4#DwrxJYpmYj0k1)Fb_1i#yy+8{yMr#-4=ER>XSw zLa#y;?3ALhk^#wW@1B0K9i)y0i^(PL!C3e)>t-HR??Z71U!#{Mj|+HW$5Rn z@pQI+V6Q!Ao$7Sj0}MDYXJY#s?HJk~z{Oy2vK5GAoE*b0L@{F^r=@vcJ+xO=5^sBY z2fTV7YhNy@N!^>9Yw5kF9f57W(GVpaVf9>cJ{{{t_XQmsA;zy1sPTiC!WDmuJ z(&Ori8)X$+m}YKKgn>cNgSFEunVzIwJC6$-OB4mz8-^b7!t?XNufSr0?g1LUfv>Z( zw`?GpHC*g=w9WhEm0#U1gEgTssRPq|EpC#ExMEF0X9CR3KTeh9=zb|f#Yk#d)u@yl zk^If_I{8<$Ae9L*c{@}+)s<DX}wbX;P#Iiu5?NPvExltAKHnvhc`4;0;yPC5U8t2 z$$ZBCfb`u_sHULBwYK7J0ASFUm)e{h?d?)DzM!MdUG(siZnLW@G)mdfU#^^N`El#e z1TEV+aN9{pk9~X=jZFHI6->BnjtC5rfA;(boWUCzK!*n`4okpFp_{FI$@pN#QiD`% zcw~44tc&LU2@L=*wt>zoTQ`?Hxi}#(_u%?eT@m8fV{ut-@=D~oDW~tI9KgG>u^bY~ zlkK1`XOjQ?wd?g{vEMwBl{Sn!lnIgzMX=8v@){8A1-xcM#E=j);Z`a#eEHyk9syIZ z{PG-itiAf?LFfmkYN19W`KGL`QjoZXot!15TyrSan5PiZsyWOLOeY}PnHzAGc zfW30FW1_tbxVRH_*A1k| zHFdyjJWvym`&v+96~qhDo80re@O07MKJ1WRum{)+OZL*{c>^@uAT zW{Hr}h{lp5#f_M z+77K%N+!+@RDSz>76U(!Ber=bQMp}Pm(RX7<|y@tg#r0Zz_&nai;}^lXrcbT>XL#a zK;)v)0RuG*D7&JUIKOrCM%hu7M(%Ai+P#*-l04uEG~Cq_mSJmhlwGe(a?>gALf*hP z;#D!nbZ$?_qhMeE9F^RA3kO1=WfexB_k7*crewzbMnb@fptfUTB5oWUAYWl5Qt85B zxBx5z2qM1=Kq0)bqnNLPyMW6Z;>1qC1A>9A#uv&DB}{N?3fmaipQ?5&>3fJj(^4_# z>FM}nUwigQ z_@SU6LsbXP<*X7BU2`T}4*y+zT&Kuq)MOU9q^R1~?tIU6*)*)F9l z@B8Ob4Rx)WSlO`QDo@XcS3ZYhJU0ouwfYpdkNqLej;HA5ydolGzyRj^#s)^z$l#!h znD~t95gIMPW0cldE94SSh>btnHJXpnPdm}bgqHNfRvcr;gjRQL{~dOvm<$|*xCm|> zX6dM0TJ;D5ra4PGCO{4X5tLopgX}LI+EHmf#G9pOzx+YX3WFc6Ogi?9=p`3s2yU&O zjh}bMYrom>Bbb9GGSv6=({&7dgHN9}@Cvu%C*FCeTpy?d8*3ryaX&H*MLX zHCV5b529BbveWgk*dI~NS;0S+2d!zKY#q{9{0w#D`cusiXTYqdwh0+gkg$h`T-tKi z7_I>$44AxpRHzAo`tXapx3MN&e|GvsrL(CRwfe66bBvDSzoA_bA`U8cv z_fN8DFF`f6=!U=Fiw%7~P?4)v_Uz}c{l=)l7X_$kIRZvQSR zd2nQ7L4Ant6P5gdssNkSmk&X|puw~2(9=ymfU%bb5^FM!(kK|%zz5vjy+gYMastS?bKlI=^u&dx0fA5w zYZhCvUK)nL&H+m1#bm-Wsz08O2RzKRcE^RXdU$9^>bR5}U$*(O%M@tcM$JQ4khDAV zHR%3yDFO($bl*k}U6wb?z+QW?B!*Z;#^JuTwi+)d_?Gb9Hn8!4WX8_BaxeDZrtzz@ z1CDAgusSS|to;uYmi{P2IGjo?*Qqt(vF$D!C>akJD~O7L;mp-vI2k_VX00&(fg*i{ zfpB!XSh3x--Bh7p_VC?qLM!)z+stx3nNKWUF=!D%?j+80VeVens~j31=3vMRlP*!@ zm|R}o_uEYYxT2y3kxz+TtsR(tM?tFnG7c6$G>y-dgT>Rax7WbLjtWK>{jOv035G@X zK`9nsAHC=wv1T3DAR32_I9sg)W(Sy~qvK-Ug|B_;>_SQWJyHqn;LE{3q28Go42u*x zXzYkA`6tTeN0Oc{w^d6Z41M5S8<9Ag#wM~@7wxum;j$UXy?WuT$ z9>s@Q!FUV&5o`m3?w^lRmf%%~Xue=pK|vDKPBhO%UauY(N9x&@?b}0wO)jp-2D{>ne*KdS zh3}tTm~ml9m}v$=2MUM6EQpzh1_xp4OTGexW-$XyoY;WW0@b{J!Ahfy7&kU@ZA=|> z>T&xlcdtIJcE-AX@C~;}ZP%?@`IuPwfaD&v63m!In>0#@X?l2MrDU%d4NdoDQ`10* zm^&j*Kk1grc33#^2dN$}>o(p-zSlHZR0PbBOuJ*l$w{1mW8-n_iJ|`}pN1PZEBWiE zwmWDJu+R6_S7`WRB&7s+SzmMek%zsMG*j`S?AwZ}bb-~*lyU%y)2jl=v$iW^8AfUl-WI+y_ylh^wQPy;W& zH8XJ#TnOpHd39`I-~2i1yBGB?Qgyo00k@&v{ z;`R@k_k{Teo*-6H=*BA63gf~{B9hS{bY~#PT65aAho@K{V~dL85%7EtV}%clj*=bN z|J|7K*-=~A3#CT23{g+DZ?I72!kYoXJ*v(Z{C9e=)&zv%FJhVtn8*)cgcciZz+R)e z_BI+e209(jm{>Doxy0+=cOVRw^+oM0!ouTIiryS@31pX|uWu&G`-DVDqP}x(VvpSU zM_0^kn4Z!4a9FreI{p$8=fF#n;5(yxKKyxx7TH?mu#AZ$0EJ~?VL1)5+e@A}4Ly2g z2>JIzP86`NUOYG_SO4EyO8?p>b82Uo$oLlyO{=xcjL0ui6K)WY&}DHGg|GpE7?5Bk zGhKxMq^Bp}@9=HF(G~=ax7$kB4>akkaVl4F|=TdIpKqt=9ocY5h@zSqT*Yo z{w&MB#MLFm5NH4n9Ff%s{ z#!(Egc^Ohbp6ZH+?{hYb!hB7>O`P>wGgn?stceLhH1TP$l~Udg2GN%0PcjC4*e zi_9DIQceAqW6udW+G&@wLt2Ie7J`h)#Yy~=UG1#@!sQcx0XPZcdniL?$^IR0za|#{ ze2_VPFKXf85t~2Um`7?x^;uRag@Qr81I}Sz!#-A#3EwMnppg0Sl82k!wnq$G6o2YY z!DQu|walV8*C;W2Uo&PG+ZzV)jm?Q)zVO+Gl~d4>)4hef;f=`(PvciRVTTz?B(bz~ zft`{oY~;ccT8;W$cd($D9gFW8p^-9s!_R*xUC1G%uAHVZ`D5PFegl~{z8fuKAqFUW zM3H+jKazAK%)u9WyFdmDPOFLdWTf-DhU#^)r zfRzLo;-#ibx(5B%S^RzX#C$No-c9V7(~9k$eZLogYI#U!8I%Sa;{$RhU{Zrf4c;x7 zg@L15Qb;iwXoZ3g&_7XYUt!-wNQCs|*#w(I1*Oc^K~E`SV2zHCmo3(zMmY*SjEJlt zOKpI4g{Ok`=pbWoZRX%)$Q?P!m^tf}NSNRiM1l#$VqouVZ;P%F+Wx)X>++qP_;;8K z=4>x)YJQ&w*tAR(p&i>!#o5?qT(L}H-=LObL9#j82pRplhx(lNy?xe>;I(7;@5=+e zVFU&+t*o5?r9JgOuH&O9Sl~A!O1UQb#py*ln>5Ykz4VU^;P$xK1O(~@Q!BTpO(zJ%2iUQRrWG{TG|5UyNG%^1Dhrk=olh+17S zR$V_n_Y|sh0D7cweFP9B8vB_-`i+K)>WmWuqd6KFB)^Nb9&`B{17-ni)7Wc`SHz9h zm0?aFVg+*y;N{dRBSD)0S=i+hk!6-{SM17I3xnthFxPJO@}%ax=-&8m9iC2D@bjl$ zi{6dKe{b*KXaDmrF)BDf8|irVOVMqn@3SYG%?87|OgGHD1}ZI}mQ^)zcPTBjq^hQQ z7#>Lsu33hh5IBGqmN+tv<%eqBQd&w!U|l+i%?{jHe;7se^J0MAjf^hPDmF@7OH&ix ztC0=^RTX=W6azbf2T>fkr4s0^dv&6qmO0bHUh~5(li`2)P^qI*OGj0$XwJoj?*8s# z)9Ljc0W-NWdf6jx^q%jofMnz4#Zjm)E!^P;XeN+}DwOc)Qur5O!$$gTiJDFfvC8M4 z6K4a3BO@b{1_lP}mfruH2JbU4aP%hoAJ_JuZv?-g>>r#Yk&P3$X}x0_TwURLea-N1 zIQs=3jRG|lb|#D zQJ~QjK!M;Ok3DD3T8l8oU4pT=3mt(EMaIcl8Hme9{7Pe`7LQVC35a(Nj(*H z`7GiCzmw;GEgJfDk%btA|NjDV0Ax1mKCo)oFP{nU2&ik(0`y6aSx%-#F#79= z;JLsSQQMTC4Cr?j(gK)hijame(fjwkLUS1*(qB<9xkw3*^~k;9)pT_;zetEY!a&G` zFu6ht!!Py(^HZqmZ>M#Sn%6N;n7=s{v!5}bM@v@U061c06dH2u1M7D9IGwPuT}8!^ z(e8LKdqwOq-M#<$4JCEKRXu%v%?V`7MeL2TNmn-3&TLLwgHoqe(E`aDsS-XnCRQE& zQ%e86@?RGK5Zci3<@oAr%4|%kh2Ofau6_WRM4l+iark%Utv(5Gvr~}K zFbKy>a!w!^b|J?=2B4&a4+(SLb+!#~V;K;hlb2wS&R34Zq6w*)l2)lLQGA<2iDhPj zafsd0HZF)2bv7|Ek>=_VYiBng42q?T_1HO#61W@-@?fo_qnV_t-8AXX@y5vbqk#t8 zF=FgD+A#p}Z=j?nUtlitldph%7okwAW^G+wU;)4aJKIRk#=#EZq8aX*^}nNy$7{4{ z-TO@cf1}L+F?hdRy5kn@uM-`f`i}tHB2aF~sGFIZ`kad8(lFy9;Nd`qrW6msV!Q#M zcHLj#;H=q5tJgJH*-u3)gv=ot0_;t60!!^-gmZzMBv0sS(}gauk?NZyYb}NkJv}wk z7-X2}PqO%I8tt{o9X8Ql{se?I_nAzWEMv?)YhtuC-CT?eu7>05Y7lOvhFOhNI>}W; zfBoeVng0=LSST_2YKNWMe1@uJYcahwS}E>K6Es7xy`73PfSH%ISvi%#QEW|O^>6zwn zE;Jr+CtSObH@rQ$U0tvF!S>k3{@Vb>1jJ1)TM-jfY#lcKfPp#_sNAsSh-t3uoDm1H zZvQn;oxsGzMD6|@hb`^xo*a65`p?H{x9`GqkW&mH#Pi3T+iWgQ1s3+Ykh*J3gkt5j zx3wUJCM?((1jFKp~YA;6y^*jW5a5;ZK+ zS|!!364CHI2d=D`xIMEbeK@=v`)pHTcTa2?IuJtR{$Xu~Eih@oL_l20Wnv|@yeOHN+1})$RDXC0Eq*W|SR@OLl zEt}KM=fAJ;o=@ixHkv|Z9be8KLOa3p3H%L@Xmz7_*Y$|FnwwjN_yqS_QJAyH70us1 z@jod=+v^{_x|h`Uf6ZP}37oI($q@hwVDOD3V+zANZankh@pH!KxzA41iH6~X5@BrW zhxb1|YR~&59O!4FU>{`T2MYmV$kZpS>vbVP(8AGjC@k@Z&mPS(;;_zMjuL^nR+<+I zB&>t?m6;ULl=74*Y^-A5gwDHn@5-|Qmmq{3XZub~Ze+o68z)$FI53CH#UpIwfEpby ztPeJUQadX>R6P5@TahH^7p#a)-_Ac-LnX}{?Gl;8Tb|&tko&ex`if3-Z*QekRtq-( zUrp@a=cb@hN+ER#ia#6*sGw7wqp@zD{H z!XEL6eA%IPun)#I);`yiJ1Yhai6cS`T`RHyS0HIjr6fS!hy4jfle|T!Ck+L?DO&7M z69C*b;g)&E}1)WG~j5XfvD z*e=BNRn=4mfZY+DVKUZ8Xd;>3TL!9djg+LJ+B28rwbJ z6ZS7v=%Byss(3@aA>33?r-l%H9^crmY#;g-80dWoxV6qj z=y-GZg0hcoa?k+eofm^+FAXHA4Yg5hAY){xh%B?W%UK?28t_~onyZ8o7Y>pW?cBtL z?cR3BT66*UbG(vIwAfoN|3O;)brF(w07O6k_D)s<^jSiDC-L^#&gqesfe%Osy2l`p zWd2hTzrH5`m9Wcp4_+?5*X;F}TGLdfT5r2rOA;jH3ne#6iA{Xjj47lYj9n!O2Xx)- z0k94Hlo&>xj5)q0z!dE~%E%*CR^LJDA{1Czkf%ZPUaZ~1+yE( zoMesX^v2PJ3jjvKg&&F*0Sw_jK2L{Z`<#esN2C4bEdM_A_0hyE(Bv!#ycY4n1uAttH`?6^qaOf-4RFc;6)Qe&V(KBy zIO^Cd-c|4r#r<^N0PTH9BB*1Xlpub6-Me($@TD^w1d|BEq6d}gXMmATP~zoNUXbM_c;6N`Hl{__0fmAJfc*Zz0S3SL-KQ&9Y$DvOT7^pa zn3Ad*JhwaV2`^opWFj2}>5c~(hbh+Ky<@PLwDge+x#O5_W;6HtWuaiNk+>*C5~;ez zc37m6kUz$OSL{DZS;m9`qyR~tBs8K>TpTSyv>-$d>En&RaOq;>_y+VGO_w$zKz?p2 z+GrYt{j_(LQZreOgx>S3EEAi9?&ncGah}-B)?!=m&``nU^tXGz4BnY1!v}5`+{w8X4Xq+XAbO2Q5J%S6HlAgMiFSNFA zg3}*s#DxHu!3AjK`LB~Lju}Bd+Nro{%DEfVzobM(T%0rGfJ)Q1%*MuIw&f=W&iBYQ zIE#B@xe&oH)U-?h(q==xSSlVRriuKns}2yZjfjw@&@>i?S~&~LBUb6kPA6jkYS7(? zWhZ~95J|@641r=4a=FqZG!PpPhgGHoEluD!n5dXNh2xJyjlBL~CzPC4R2}KVRtOY~ zU{PeNg}ZkddeNL((cC}ptEiyA*z-pw7j}k+dyik^8+o*cM^tkVgHvEWZSemS!}ZG` zh}mgotx!eVHk+a6aFLa~N=CLYSp%)m+jND5TBA?i!g1tz!mXVH66BW(*(|YcZT6Sf z_i3RR_%5z44=~ZhrTy0gu;o%=StkGgv;W7}3W7Tj`xCw6QE?B3@;xi5s9*ypU;ZPF z1DNZ847jrL)MOb0&kCQ9_<#X5dWkt?x%hP*o2%lYjM>%0uds05Zc+*T;I5jG!uyo0 zq>3P$g=X1Ax?(NFoThc{JR^q^%pN*j1I1Xx=AG@`)Hl4qS+R6>u75>AG5Ce}peNt; z-Xf%O0P9PA=975MNuYTDDC2KY5gJm>vk|W(Ee90C@f<9L5IdAHt#;TjZKhZhjJwPu z4}X35ig!*iupMUYf2U+XGfNuG&>T8iAG zEK!}$ktqOl**qni#Hp02Bd;g8_!w8@S2R5Oj?%#h4su1ieaAm9|Eo2G44r1j6b*C? z_&bTQI=SfZFIcjrB{m)EVa7@C(uD1eOB8a==QQa@WyS4-PsUxY8v}EP!X3NblG;K? z{4X_z6fq$09^qa){>z#UIJZtnl+G0&cV4&0JZ{3GGs%pYV*-D?X$ZoV%cmZG~F$ET;D8_vYhNkt|;%_wJ@_?WAr zN_Td&ALYKhK=qS&r7^yTifB-ghlWtpr$j7=N9f-|XTb+Kh_H(uEHir~dZ9c(<_)p; z-TjqZiyLK|J7$@;<4&7S{Tx#_6fYJ7t+$46`CoohW9~Pit&6Ej68-u!lhb(@$Cu2d zfrsZ`KGsOFB1*Vs9o@--S6TMU@8VWnW^;>?`eMw%{bgeNk1{i`Ch*5zK*3kDUJZLq zr@D6ypw;)G(V0L4T0Vt`z23$)0Z;dt)MEvK@p@rbVs?bO&aUlgENkFxhlkAKxa&do zX;>{Q#{gzsh|fuhE@{W@rd4k9PgJ+y=i~O!Z76{|qLnqSHsxIP6>1t6ztM|stMac6 zt50$lT^`=&QZ<)b4(Aw5hSzu`jBQq6<{!W>7tTusOO)k-K|dxdli{?~9Y# zel7b%P{s)OXjCE|VlaBN$6JbXKF8i)FSRpv_&i#0E%>SdAlGfDtlwX?9rY_djXxLo z=}WeIJRogXX11Ue@Qe_!@if?A^6Fka((b%xY+WpGHuS8ok??)!VKKck!8(a6^Bhx* z;d4+peFW(x-->wkb6HrHvOIV#;rZ#6w?C5BAijvaW+O#%`X8ahqn1Jtg|}>lISGaQ zRWxx^o;-?g1-{*kkBkj4`t5l8v2ipEi9s>2rSaX*+ijb5{I>JB`87p>yIV|Kkr17fC8w&Sk6J#^2G_!_=>z#RgrR+4<2+ zL=%29>W?uemoGXsYB^qLlV5e8(gMhEIOk1i6R&S?hX~w!)uVZDOVfGW)cnFSW~}06 zt4%K1n-1#i5?5Mo%I5o8)-%2Q$Qv1iM8~h^+Lj-be%*N`pg>k#vJUO$Gx~7HdtYsm*1F-sFqpnj4aR40c39vnJ-2m}nWjpCd-SMtCP)Ab8ZnMDL$7*5djJ{X{c) zTr~tZhK!TyPj)$8V%r&?*5+7PrY?e7KwtHq?y09T-tzl57&uBI8o$6M@f9nJW{| z?FV7N7_5H6B&Mo9D*8&rgQw{7Kk+8On8d%4Su0EhPHm~aKBc$g;D|$6TOc7m9ztuz z4o6f7IW~7aFZd|94l{aTdAjiB^D*mce8yh$^;(cz%WSi}?VrKUzyAFmqWVgrEumvS z-@PN#`~GWWB)34OUX9Z=90(m`tHjBb;AaD2LchU56>2mkL_>z`& zUD9xly!m+aa%bhyb;)qafXMxlU*RY5yc_W%|Cz68CV=+zm*1K9-DMUszF*z_PEbdJ zz}~>|MmmweH=PTf0dw&0OoIsmEr@PufH%hTnZJPgYHL2o*P4@QRZU z*Yjkl0R*M6E|vQ+YuBcCzso=vUj4(ti$}AktrYWzw22w+$AlI(4v^=ow;lXtffYQX z+~fSt4F@1Efk*1DyNg+l4gl$Qd8BKBDSIT?Q^5aXa<|y=Vm9Cuia}z1-(B!5Q*XDh zy^@gfk_r3sdH?0XiRC4M(R&iQoB#1kN5T^5zQ|7BpqIk&L^Wy1M(-}Yc7J8Pv$ZZ%Pg+d`cD^MwD6KXz^&@;RXPYS)Xr&V%Gs+?vUqOvmls<-kc6XTKo9& zbo^HAtD~y@MNiPd#>0z|#9?J30XO$Y9U`IbyX#PsSsl4cBZ?cNO~LnK;^GtCcSk2f z%Pt^U8Q;{B`Zq151WN~FUO&)2H1ut;n4wh8RW+2xpSFQ8@9&q!wG9KY#w3Vb!1>NV zlqsTwMFN%$5FQ%=DQ>@7U)l@o>z5W9!AVE%WU`xfezc^0HB3)%TZYW}HQJz)%f99| zz7?+F@~|>D1@e2`)KDqQ^1Mj70{EbddB+xJ=5$5<97WWu;_*B zh_TDWa89>*S+4jkhZ>oBI1K7iSSKvTz9>S@Y7yfIjZ)Dt3;UJoBoa4LfuqO^7Anqa zT6fHtSL9DSa>fY#z@^%=2dDm#3&V6W;ec$4KKOZ%MM2=g?3!#HQM!(h&y#&I`9`5b zr&77Z>;k!RQaVVX=ZF~Q+}94eR;vh+tr%_rE%X>hEL9sq7~=(A8X7#%pO_dL_#%iU z0T#s4@pvCfdanO%G5{^31FxTN1?0z|)YkhD>|i8OH-EX(bjOQg8b_1V9cKu2Gj4v) zGK%4EbCLy@RJfw~&ezI%PcCY7eL_u_9~u`Bk9(w#P(&bUdWqB3^cFN zwRGT65oCDv%5Gck!XJj--h4{ZmS20hC|KFZwhT^L1dJt@@12fGfmA#e(uURErH+?Cxs}}<+IxPBE*r1tZkDb{~URH zpy0tOGsR&1gy}PVR7`})reZoN(T3))m8~jDkex8QV-H07odjV=(yIH>dna{!d+7Z9 zA0?lC0T(Bz`QoB6SfrKN%u{JpFAU?TNl>wz{6T9`*ZA zw2&4Dher%Q#3F2NQ4|#?4)GJJs}bXU6`-a=SJNM=l@dH1W|yQ=`ZeXPE`aT-tMQU? zjzNKm2_`8WORHVenzbz7XA}hd55WwaAjf9Y#a@a9=pM>KgPolnCEa$R0dS_Hi;}T? zqUVOnk1xL%3hi}RPEge%>Dbb~yckT!aEC`kJ>(T+rWC2fH2ySg+GWP$u*qIJO%*pW zfg~YVvqDDBmJ9*WZLT4$O5v1#c!xR>k|fJED6SwB$UJv*l0t!EcTg?nyn>K40R@_0 z6XBSHTreXBLnVz@F^K&%5=TJu>Ade#a3$#{A_|-U^I&hQ-0ucNGZ#%Wq9koSPn?jh zXZU&bRV$cu4T9O{8BHR5=pUi;@U~FHj*Wg71HA@eZ_?@J`1*-KZYH> zRe7ub^5cs_pKIIb{90|PQ1Zp+c1gVdT%hbNl+FyK=}}Gbv)*yuo-OIwB?!)= z^5090nlfo`s~m;#jbj-gRxsDMUa+vNn7^NI~p5kPS@ak#Pk zFBgEoW4fF%#&;GuZcPM3@8>b=>rW%LDV`Io3H?NEI(A_(F%zF!c3xI4{7Lch3*Juw z1+m*?Rj4xSc=zWryn2$|D!w!dye_%ZK`7hranW4MW0;#QSufdXAdg6Z&y_#;<0ti1 zcgDEj%o?6Vm!0;0(@X0!=4&vYtr@JTgXOHZ;s~lo#2G%9Ti(rkv7dsWHdg@7()3}w zJh3&u?Bli4Yf0TdjrI z`Yh*qK384|(*TH6n_bU*5W_44L}O`I-=ZEp?p?=kb8r6j6-z znOvsI=6gLyqz_x#1!#wd{dWszD1#I|5XT^ijF3`Ak%kV1*Z9Bg9jQ`Of7;M z+4KifEYz$H^n9Wa!ofOq=#>9+-xK@*rQb7KR;J$pwb-^$o4TGGiVq+|a@cqnbn>{D z`Cv*lDJ$iOo8dUA!hIOF^;^t^ylk!V^9=IT^u#&pL+TMDaJwqCS|ULC(OmbUXdL^n9gpiPGqCLy9h0W%U&;K6bn=gx zr2h2xzb~xDC(;}AcHaaFHZ(g86U-I+c7mVgz?HMwyom^hJ6JCu=tj?sSk zJL}EhLEjN*{Zn6PYJW<A?VYO z`};l{T8MZg8@#TZxzDu@#-tK%8#hQl2z7-KUI_(9(#8Dt+zY~mJY7N-8=Pcdc{W(m znBHpp+DNAaGUery({`gA2A8EGNBai@GAsXi%nH_=Zh+d7pgDDafs6D&g2 z;V5X2_o&I<1lsMmJzdVM zUfKiGsPBnR^Yakg!SPhIT~29myLcYn$-sV^@X_;Qw*}w4d7a8n?l7?q-{&8xDS<9# z=WC1|1xu%X;kte|LfrP<*k)qriGWuKt#)#pdCn3@6N&4OVIS6{pSkMmUr>SwW-_aC zzr*D|Ev20vAv_L^A{dZEC5Z8#QHp|gDyQozxzWO(JyyR9sz>NMc9GT@Jr&{Fs*x2i zo1PHyTXlu5x#*KWq!~FGNbb#0IiBTL{qjj^#-`zinzfcSR}0VrOkXU8UGzarqsJR* zUkX1;7a!G5irhn?qGeQPeBjk%VfsQmPfS#`qq&+1PT_y75PI$+%@*}O3{748-p_N! z7G@>|O`d03#V>{F$+r1w({CYRf>t53$sZ$9@KMm8_w54%L1p*-phl*O71)nH`e zo)M27vX-0^lcLW-{u)=$OM1xAf@9#tiWMDqIg9V|(>e4q`Yq+jGBEP(+8+Xcthk3X z*`21#%l7`r^1F*JH|(W^i1*lSWscE5+M&x9fA@|C8A#b)){xqByMjJ*(H=Ud%_t$f zLq+?xpL^TxVELV6>*ghQygeBZ-STSwB;O$?LFilBBx{Drs3Z8&_?xv37mYyL@7dBj z^y(SU>@lMKagEZFEf$6w1XL0PTA&67Ax_Utfj*zC)z$QT+#!6=v)HR{Cp$JAXRwL= zU}YplQEnZq#oGz57iCL1z{Gx}^*|G4h5a(sLZ+_};sI8TL&k z+TX+}$=AdJg^zO(b-<*e=OsoR@h$L=%I_f1vN;jiHSBm~-FX=CNQ(JVG!0Y?z9fym zr6EB7n=}KtbAWA-pyEdu`EsUA1ABSr{jRYrMJ+h!cy{$t&0#bt1h&~PTYXd^KW1mi zcHaG0zKsmw{q~I_=S9@z{&gGY=K4ogv)P|=gW~4ADn9Mrpm*HcJ#gq2CNs@Z5YlBq zlrbz1H|Sb17EAsQb{%8y7ods!R~DABh;msL5aFdHh_TwvS1BRH2nd{3U#7|NGCGHZ z>_&Y>KW-d7MN4~Qx&KxmSDgAyJ@MsqZ|0&P5NVS$QZ@P;Ac&n5MY6ud znI%G6Vv)ATM;-=1`QfqkCH8we^tWG^<0B3q*@Yhjb>C3K(+KTl`Y=V|*tFPrJ<$i% z20OY{Y39;aquhwRJ1nLxC!3EBSiT{$2Cc|k~%r!VS;@KfYxf*3C zT0kH58q|;3VjT))LgKwA*exvh{SdD{PGp_uhI{EcV1Jv&Us>0ep^fbpLtX3`kXY%P z+KS-?#lr_Uv0Ps{9SDq%u?k!gFI`bk=BFObjx3nz=%Yrv9?zSuy!R05l!c&^F?$Z~ znzGH~y$oL*_7hweIsB4Odf!P?MtuO)(c()CUv-~s!8lvUyp6Rk@n(K(?XnZhLuX?b z=9}Svrq2|=EpXxLYmG!fy%uTWiOj)d;>ZE0WG=gL5N zj4<lk zOTbd~_`!4O`o(#9*_eR5j*09u@^tjN!Slk4Z;q3kT`~8>c2Kp@pM;J`7;KJNqjaNJ zA5jmkMLL~rrU^Xr^kq+P5#3Ty#e!PU^&o9FW>8BDgA4M;auM}pomv7J-4Qva27Gj? z=pa6IvLT;l^l9zoiVdLBFT6H-c14xN_RDS>SB0FlQIKkW`M#uzf?UWQXb%A{EAHv1 zKB@$PtC2?%&3A9ya1Z{Trr#fYCa2f0cvNBa?jhyHo^I0k=}LKAEtu^1_e~4qk_>0y zyXASNa!|pyxRZ}up=^s0Y!(VzkYC*eIfaksQ%p3|x+oCXZNfgH6(Ao^YlasUWNfi- zK-c@mTD$Ghlx~yyy?}A=cmCADP~E20fau1B_xXwpp&8@P7opA7$#kM^Q@1vAU##^T z0y;~oDh%f14@Z>xfXciZobC6299~9TM*I+pqDB`jEw*Yl{g23IpAk;we}=+mvmJ3v_0cc6yLx`P zC}A)iR4*m#i^i9F`_RNu8HUqnR=GKTSCpb{@{GBINRiGlafzb^~97O80_jM-t|AgsQutja%hNVCMYznyn!On9!;z zGrfHF;=aF%Ru?6EV*XGwAvZeJf8KYW-OXY+Pn9G~OHFO+)l|0o%-HeVQ}!v9uF;_H zh9HGvWB->(bRK^jTCz-Q+HAR&Sbw@ZF@fVR6z8Fj$`(M^j+(!{;f~8J1%oy*HBFxP zS%qayX}4!fjs-?ySe?$Is8QmEqo6hTZK-ZeH}4ose}>_%R@$c~$0Cn4NE2d>u_iQy z(*T|M^7M@Gk+-C>Rz}l>yC6HyPh*slF!U&GrF$K%IV09%KSt{xrkQdPthAg8B1Sp` zM5s79gNuu4bmA**2w8@HV45sh4qqRdJm?}4FsExO35f`}nwp)<7;6z(*SUa}!wf_U zfBZ--zFV#T(VS?RBB`d{zwN18VN`9VnqXtvNT$T+c~wh&RVj<5q7aLVn$j_4bAWQg!*8bx$*JWR{?5dc zCiUH7OV=G|A`>LD#zA(#`=0qgoaK~rphewR=Ab~*w^()R!m;y|8@in`wCFIlKGv=@ z^U!*DG?_9{oweT1VmU9U?){n_84ZU%J9;F7fnmyi(dT}iSKi-78_%wtcCH(}r!>2j zbE;z-k_4JMLz!^wI)M6`DZxn!4zIg=&CH%=rOWJ`setvufqS%R+gYB8-SDTcOc%G? z99D|E#fi^2Z*@+TmV}rmCtB2rVBz5AO5~Et2i`U{)q4rL!ASU8)3Z7LHrK4(W-REh zwmt4wvmF(ar)b_cm#dRXa+pDC>)>JZ>g5m^#xur}(WKgblS-P|8}){e;Ngbt!$-uT zME$|!f$%a(?0E|tR@P%>W6J4wh8?F){$ zcA-9xAhDU|(DgGiu&Yp&x=4uEmh)Tr-Kfuya#Dq@dYm)e-}kTW=W`L!)RC2K*Yddi zKeE0$EXw!!ni3WSX;gB7r5mJc>7}Gwy1Tm`lSLflzZWIz~I-f3$lj(mrPZw$@8l2HeG~WsUl;%(-+?{G#LLrv>#URQLS>3 z8OnQH3ko?Lok)Vwqp=HfpS)>ZIY(RTZNBuZ^mK*Om7BLBHzwpAH$9}fT|LUP62e(6 zcFGvS--I9day&0SyPd{(;_sEYB_A{~ya@}J*%@(Qp`PP>8d_L?(xLuMvj_-lwA3Er z8I5fa^{<=Jny}(1X=(aNx^JuAJmvnO&8{qN#^)kDR87a4I;U^oyk2wBPK1Z2bN? z$-L11!gJ)vk0;S-h&Vx9t)YpBcd}J-=V4&U&G&sQb2aA9CfiT@59at|V**&g-9ca} zzTP_p8YbuFGjc@6(*jCLbrqemh|>?eZd%?ebxC{%l=w%uK!wZg^?TQNQ~i3@|0MJ9 z==)s|0QfQJIa)M(0ixrD*NK7~RY%#5anV!5Q(-8J$O_N!optf~iHcx-{XXoc+5-nd zmy6-w_7?1!@~o^2t81FRvb8so3$0NhV9}H?aqSE;NsQu2w9%i?|W)iGt{2^{`CGwvAf&L-i8xJv&-Asib?J` zWlJ$dmANqLf{^Q~I6C=1kG${{5i{}PfUqR_9ToL5-Opw%-&Wm@4($}_f#jj^30t;~ z8m&uPbf%VuZ>`{>eI32+nkQY8Y+ZNY(}&-YDN;65-RDb}1|>0BGvnD>n;FP$%0uG` zd3j$h*&=3UTFx{OyXn8T}fC-C#PJIXzF4LIe^6 zfRESGGaT;6abavy8>(LrFwn7hBK7COZR@#}c~OrDIM8iWqq0#F@haqk^UWw3UP{u0 z)P~;KP#mKDunPPHl$=gDHrq3>SJvVrNVEfiLgLMF5(#w560*(kn$r6~l>adYeYD_+ z2zJJ0TZLifb@caee>K*So=z{tCr*A@ZSUXGKDh>t@4M^`AUfBcV)?H>d_-}=xbZFW z%ct$0RyDlrk%P+0|oqY$F0y zF=LKpzi;bjzfQR>*8vBCZl6-^8=G+j=h}n?PoI^TQBOq#Bei#X&}lZV-Rg8<^I86- z#oaVejs)kkswTj%qT*~IxU^Y0k_XxR}Q-WXk$=+HQ)^sX;jL!(YB^Re2f| zZRQ3-(UNRa$Y#P%f0g_HwsTP}*ZC}=8u=9TV7WFh@PJPq|! z)24atmVg)=t%k6rrHo{&h8X<@kD^6?=SmUEo?_(>+^$LM4td&23bi_YtcG>zui=W8 z=sTnyyV>d-meeF9eKf?1YusdYSC>;OUOE(lxAh(tBz@Gmd-2I*;r0Zd1Ug(ZN7Vx2*S?Wxl+Cd2g|aP*)FK2ENePK4U5? zac@PEWLZ<^zX3lG@S7FsfCI&^s=YjXYl+tI2p55SET0#Z{2(zAefrPqmQT-Mj)B)Xa3*j2#_$1V z8p}5*lv{xb5jAu&#HsZV^g7{7@jNfdMOPeoLOzp^kYc9tX5yzY8p79WOW4GQ>8MIp z;O~95j>T;}?EKuQulvo2b&;kr_5KQ{TqOm=8?XHyzT^qvG=viZGqr4xcmkR0amOlG z(L7_R&HrG{BUBV4QS?OILFpIFDRY4+&=85OpgMdjcnzwOu|ArJ^*V%B(e8@46J8ug zi^*9PG;$&$(t#r@MdBAkMAZa7PD>ea%Y_#Y$FntX#2@h~uHd;rfUbSs<+0$|W!WZg z*{AupaUUvUsj*wSWaLbuTgU`knA)1&uZahU?PbE6&F01RM*`Teg*WJZj#Dhvg-=Di z(?+ju!dPZ>R8-&-KA$8fW?Q5R8+}DF7u3?wms-6$YNE1797uit(RFIVQqbqYIQ({` z&*pgINfhZA-m(37;;+MXfmZD5*iCeIA}#lulZ&k_$URo1IzA~_XxLao-6#_M*^BQz zT(Um87NtOo{Nz7Nj~HNi>9 z$9cl3N=+$?n`E~E%EtdMAm>C8Ox)=>Upth}_f+0ck#FIPob(551RZ*j(TlIGEtOxZ zhQ;_M5cR${OOoRkI0ZtxeVagO*W*UwmCGFXk(DsN5xv?$^Eq5+n+|A)2|MmYTIdM%W&8IZpRJKlls;dyG~~$< z@!sW60-F&vn(@?&f8*vNXK#7qc3^Emo)JCDuZSBP-{o@Make~AGZBQjX!NpK4_VXE zQr`!;>s^&b);EE3zSJsvx!#_qT4Y}|tEep*A<70myCF*3+s{``qML=T_rJ90n{Zk5 z;Uw8<^l_Eg+U|JqMDH8U#-(J$D{sc`Ez6-Zu=42g7L0rWe8JpBEJG5 z0}D$5?`EgMVf*FVdU4;)k#B%LDoc)eaT`YZ+WCrDa&H8zEzxuy$9XW5CQH#kZhM|X zZa`WC<5&CDfCrii+K%EG<06j*2Ft9Qcv*RQtx)QXG-iEBpx_CgS(c=;Gwz80Y-!2R zD39F>UJt4+($V~Vos34C^An;QXz5<6d+I8U_^x@*W2) z8yO(fZlzTbi=gOIu?WICIgRwqs({jtVPHr{o#CXImRcumTCQni-twKj;*fMOBK+S* zOO!rWSaPvAM>SEAk_wZ%aCa5F;-}6|LA+-F!OO>|%s?QPfPribq%sC8;U`Y{Jk@lO zyDF z%(wcZmwW<7ImOhOLlWsY(Uu(cRmGPdb;Vim4jIbR*~!VtcgnRJ7F|6yGjEdcu+R`) zkuAa1hHU|b3n+MAU2e07b5(gs?f;XVgJ)&B&-EUvS9!OCpHtSBbyJ5V(n&kCD z^_vV&Gz>75e6H`GMKzK?|NQnYnN~7KuevQ;mDAeyN-0P58?NRhRlBS z>wD90?Y-)}nXeoOa-83H_;g#-kxHSxejyQ9AN5TAZES|mM=G*&B_(_4nzj%$9(OeCsEUw^ zH5b!`*5gwNv&_fZh1%~>#-g$C*e_R;^K@M~i{yCzlAUWZOQB_-mhh4fIr`O{NzUw zWP*9F1bzaM{-9wQl!n&>TJH`>wuWR3oqV=LpMT|TDJi++Jsn(fnG}8$eQ3@8&{|Ee zveR>Hzkk-o>GSi3;z4H8^7ad* zaOY6;1@Aa>#ab1$_7i9p{Fl$ZXy|Xr+u4!odmK-{-VN}$Fb%y220W}=ww@RJCTJi| zjCrmGN-6VSUuS(w9{!RPCvuqVhVp*qoY$}nwN@0Kfnsgm`wIR5@CG?V^yKHSllHZMh#B8Y-55xbmdUB+%vc)ez}$6fGipD}8sncp1h1O9N{U8iV+w zC{Wr^N=S9aW}d(N`I9iITYdT>H`*yZ`@%M(=UJ~_CP~IuHf*_5DlF9MHX47&Y&h4S z4`ldEW||vb4W(lWEw@C&31^>2`o;i6;EwU9#bwCD*z*Wy*TG04cM9;4>gWC?LHKc~ zJPI}h0nWTwteBoidCv?nhm4}$=f}cQ;`dT3lQ$H|x~qGt-Wb15S0xB?&vn&J-^D2C zH>an62?E785PXcdnSN!sNF_F;oQdSXqSxLdHw6OmYk#m7Y%$VaIlhz^|5tE2(m(<8 zVEph+#>hR>{VbP=b=$s>#CGt(ass!9F&X#AkDXlPBmw6#Hw#B`0NH+bT$&#HTe+mTd{*(+Oz<0)_2F1*+|lC$|mg2mg7EzWdp_r z6&=guNDYvAvy*vmfrtf4;j7Qs=;mVmPe1uF+WFx?2^X^(EO|1x(I>uTHCRma6?!8? zuq@=iavMZ{$Ty7>NRJgT<5bLL&*ZTig;4}tMR)$Xu#V>Vy61l%=}Z4{TxPMZKrOxR zY-jOw>KFf^zj$=Pfs2R`Z!lL>=gqd#^=e#KMkvb^a_`KQWzN!@lzOGd7aaT=K6=Zr z@GW)`Uv#B+33o9G86O{gdal=o_w~&cT`8ggPTZ)_CExX;3f&kC-7k*Aj=(VM#F|4- zy8|xvO-}35D?lcM-5hv-m4xqI${Z5EoM7>MQ_<{y-lbFqYfNYD{4Ph_FDDEH^|0FZ z^sa7)#I0zWCu6M7KhJUpx(i9fHlm6hb}y4xSX=lmdyb>F|- zxfgL=eAa8{PCsNfvh=#PF=#=BK(yw!4+>PWcc`ugxNU@^h#w#C`I?FOeHWBD z8*M3H;HfJ113~!%x6xkI2DDY&u^>@E9y`a@vbd3=*E6FvSb&;5==?bpwDKEn7|Z>rV@qNQOl z!JCRBMwhF#vHjX&))M{@SsKVeW%N{3UqSqzG+F2ea}m`0c@>m>8m0Ayq)U-6MLu*wmr&fPEj{Ug z8lPU1&)9yrMBD~ke*8b`w$8Yqu0u~1pSgL!J7S)QM@5;yX`*#h`bmG=0}aR$(FIT4 zvC_j}#s$dK@vxKRHt+6P{(MsJs_1TSc12@I_w{Ch=Gi!j5))q1iiLi0F=$LFZ^RgH z@;s^*IdP)xv{U`@caCc>h9@tXCSq28eF$wGt8f+NnU0@vFnSs@U{PTrfohTd*?9G0 z=4srR#^j;K20i@~{eTYFr$p^mx%V~EgM>e}f){HF**dRurbEOAC<5-}X-M~CNoqLb z<`=%IU9Jvew-BBk3>Y3G*u8v|xTw2SqVWYDEvUUZ`L0Ih$*m*0`3^r_ojW(z*PONI z;$UbV;`#_4;99p#1OH!$B{yb;e~`{fP@Uc+EW7(Bxzq;w{+Nf?wUSBzGJJy_o+B_LO~hauY$PHlNcGwdlcP~ZYw^C|L$-Wr zup!SkzuQ&0aqIo-Y37EmOpC7H$&=-=LbuwQ={~vkUfCVJ9@h!4SARR+i-gu)Pr;>H zn)W@HNAQZi+Ry^uTusMGZ(G#6UooMDYDxl0B4(<~iRMo=8pJGo;kq%#Rl=#_N^M`; zPA$J|S%KkE4oJMR!)H5Z%zju&k(ce{Vv~L?Rdh_GrYr>@L|qdvk!trSD64^fU5p20 zYcwOOp306)(M5Nz@Q%S04=>ji?Bqg}{xMEnTivXMWP=FvRty(?7&0g${Z>$etI{$I zsAUGyk|dsOc9Q0T8c+T*nl4^6nH_tr9gLOP)nywkY?}n0;?zh4i`%@-mYkY0`KFuJ z?6zndfuQG^afQ&?oGA&|sKPO|?bkKNHYfOXGrSH74QZr#)DNTT=6`Lb

k{h3SCi#D+_vW`G`b*exTmEtl6CST4GobCvqpnX78wqNwx zez@|d7*giL^c$bskFx|S0JeKFAnn7v^yH_Nlkii_2VjDm&o# zo7v#BsTr_gzRy`r)_qlSE||#WU7twD)@QoIqDR`sIqhTYOHh~JF|EGmuEg1-A4#Vd zI%yxND|y3b|IHm#Qv4>3kb}g=mHy8A90Wq8oKB2X z)`ps`$KZB{6hdOZeHvY`iBHH+?8A_aN;lg`X(GdhujRo=^&HL3arbYk1VyO-f|kB@ z0VY|W;Hpz#x}+IDjc}&~S-&!8_{(>XB>=Q*Qk3mObrS;gD(SYQCA9%EzWayXQSz9( zT#YXe8-!nSRK8t(6O@j1GMNh%H=o3qQ1PUh<_%BU!~d@`UH2@`Ru7x?nQ+CoGyC}{ zZkS_r31;&1<`oYUW3^_VWeeRd>x#^mnd7_}&xD=Cqa~>=?*>=ZAb~78L$DOP+!$T) zT76`lC(UMF-g67xl`~g?EE+^kwb~(7+N)D$nQq+>nx~5k*GE(Yj3Vadgvpu7V1^-d z){5@v)9GEF@nLR~vJZ{Pk8(@paGL|JQN|Fwaq0f_41rhqhQyz>4WbAehkB7#{eTE9}+srH~9IX$k z_uMzidQY`8DVUI$q_!Qzfv=s>dw0_VZ%nYd>u+id_(V(_iZT%|_6cAkS3M|KZ8Wsh z95z#ziM`9JBWG{+qh{w8y|c z$%{C6A*Z7AX#Yu3EsM7F>iz4KTvAb6{cpo-zTHhs`|Psj_2YBn>;4u-Ew!aVV@k}v zpD$H58H9v-Lw{sHeNC%fNvX-a(7zEhvs#mx(xisEsx|kkrXzf?O zulm&!$LAK6aX5&Xi*Hny+8{V9#0*K$$D21f;OjPx>aBAhK-2hK`IMrYT_OV&|a*S z;zC3>qZDS>RM8pgqXy9e>xL0_sy6HoP^Q9PT>*IPfc#A~`6s3{)W)1olYP%T`*Q@u zEVyJLl_L4FvIl<6Olf7NOuR`!@WffeE-$m@NYZ`*2C%k zdSsZc5K2?c1|%>)sT%_v1zwfW+x-&XRyZq|lV@fXif615rc3lZl)_Q+I^?^66ZDl!j z<rv`TkeUEMwo2>9{qod~6Rp z0UO)hIU66g5>7^QcbyIA6;fmv5T?)H52Tz5uf%{P_^m9fkVDBZ@FJ9Fg0M*Ke&zR@ zv0iy$y{@bls}y52ipJMFV~>={3<@pcWvrQBSZXB&_(6brA2FmvR8c^hX%l83UV!X^ z1NP=Bhm(OK9v(K4o~&%GZPGtYVK^vnD7&Hc1bD>agq0rvO%iX`-LcIxa2!ppF|)ssZ2qCWnqbUMQm^ zB@$&^Ay}o2;*MCw9>n=#iEB^>6%l=dcA&JPLL{M#|uLl-;`Gx^MIYAeyW?iVPI8q|m-*7;w*Ox}^BrZJz~*@Dc>{ zC3UY^5QnIm)k^nfR1Y-o8RNuP4nv4kRlnuFuu1*raJNPQK?Ad&v@m#g!i8?-L{xHCAuFZXhQ)qDdS~Y4RW5ka%n@$ub8~0}v4D^WTwiLp3XPC1{G?nhamZWKDyWT~wh#8^$R4FQ(eG z+T}`#VTmTRFU0NulAt;J?YWkkV2tP}^ESu3RZASU(C_W%nb|L5 z{$&&5GWj#8K~o0f34<&hEltx!TmEix(O>%m&x#|!4C6DzgnFBv&mNOI;HXCH45`R8 zB2(%(q6J%@rYg9vCXISnzT7wSOdaRdz>Rf!10N>6^+okx^xNY}uS$XeGM(NAMOy#+ zQs6(0#R5RIpz*J0xy6fzox$kH=8b-zO$0WfNjhRhyhWfA6%`fA{iTmNJ0v?Jny})t zB06&a&dEKjuWup!Ot?pgL-aF`!sgbAW(O`G7$O9gBe+89%(>L5>ymL zV1k!;t8*;(53ktGivzK&f2L}SykU*fc=85*pdDjB;nt#$7u#&VIu0>%$okBt9(!#L zV{q~GY!_9g6Tkm=SIpyqD&pYus_^oUPbmJ8nEbc7A2A~hko)6dkqKoNub!~!c36a! zlU`UuVx3PSEywg*ME52+%erQA*2`T0STW=Rs|7A}NSag|XJLO(xC zcsupGDuZEqU#-{$EOE@_xMamQ)Tls1_gR1ie5nKV_*1W-pkEO2aw828Jw>qBFJ`cx z#DquS3}0ToZWXgcQg9yv{O)s=J8f|086B0tWTMS-mD;Lr}1m#P|G2)9tF~ z<3dthd^k|G%65{QLH_y#f17c3HT$>#ba%dm6^ol6t=2b$H&IT`l7Iqp)&~cLvl{g zVVnpV=Qn}LPj3izH}!_mIIQXEd6W|}-E_`gn$cG%l2#g!BAcZP!y8q${kOVQ163tq z0BB}%s2CU-U9rrF9|0<6s)kjT5DKeWc*CGnVE#A63XS=(q3|$KLiODGLE zGU)`7owk6ky>$xZ6gD^V6vcBAiShA-C^HitGf~d123mdVVG;sd0>sE6E$vjN#mZr& zYp2!+NghIw6xc=`45d=#B@&xppJzeVPM{Bp)J@1HEv&B2O-TUTR8UFamW`Lkuq;;2 z1kQX5eiy3V>RIF7Ff8#CsjpC3^9)LrSci#gqKywT3;FZRD=}bqcdV;pe@Wq_v_djw zbuztJ-zOwLN@3_f;BaUY@8$)}YCynD|G!-={LYWTC2$aG%70fO|J}g;C+NWmmlr~{ zdG%`xGgh{BKKnkzq8`aqfnF+HZSHEXhR{Mh0dw)m?Aw41YUU~swtZYPweNF$0jT27 z!nt(%v>7^OQludT{E>Vp3O7;;Msx~Gng}9L^yeXiGWud~Z*MaERA;fF1OUZcjJX=C zljLfAl=KN{B)n^^`UKM;0#keHix4-0GIU77kKwmpk6r5>fC%S8rMi^-sH0u7k|s!r znzB&h6ednQg2wo$D6FS4`gEO4JXCl9*;*^E2-#{opEJvU=e^E=JqvECx%{=3tFaKe ziq!!6E$-)<6-rA=+Q^a?RVDyDM!>-T!Ld-VEBuH``Q6O&{$*VMi?+rh0cK~48atr* zHq4?zctK+VhHg6jJ&=w^{@FfKFu1v<9xs&LNlRP%JwRO3{XHXXD7XWIAzoGr)tgR^ z#W?sUBN!zzE?NWK9L&gp4iT~fh$qInkOxT)FJz1`iVLSG5~IE>2p||W11W{84jQLq zhl+HlPuH3>lmmm`ssA*>4Tl2hD4n@9!0u=}BAPTH)3{svXNZ_Q;o;$B8`{rSpTeyv zk&%&4j8c|`NhhOxwC=+-xiJFC5XX`Kv>c?_ymo+~i8PLG_n(M6iaR%uHS4%kxn~dp zMMA%PS37FQ04DC|Cc=mT=B)Vyt-7KB6a?__ueU0h|F;VZ1u^YWR7vxyUgG~)+P`3$ z9||hg)&K@gQ?bj)S`m}=NhosiwaRA8YuzzYB;A-|M_taOK*qg6v1?c5y!o80lEgfU zQzCbEcNM;H#J_5^f0?T5pZ}4FUiBHi>mwfEE?8Sr zP1;cZf}9{g&=ZPIBk1|FRI!eOW7tCx7rye7Qh!BFzI0uiFjLv_C4QX(6A$@q=y|qj z_lf*`fIT%gxa{WTi2suW>G%79ZXY!CX5X3a?gkC?Avs8SMT39ZnI+f;x$GIkDvv=G zyrA2I)mO+)3k+lAOcawmfsN!jg#WdiqbDdQzr)oTX6vXZ4{qKpBTGt#GW6nJV=_&C zn0wLE8h3+XKmW8>Mb71Yt096lIwG{DZG)!e*_?K1`k`sTaHz+#y}a?vI60mFMKEkq za2RReV*=Cp|6t_b`%4&HSNL|a_w$#OYlw~xf7NnrhBPLb84J}FD>O(W15l2lsrSm> z`AM&gm~n#K7SSMgW)MNoj1G$wyIzu54w#7mJcLmGDy%ZdtjSYCI7~{4k&=Rx)Gjd& zERO!;`~tJ8Jt^5ryT!<8+UB!nAB+K~&dsPxql$qYsEqXv8j8YAqZLwreflT$U%^a_ zH*PS!BN((rMI5piDMpu_aS_070)eu5ZNIl!;3a?|NDOgl?|qD=WKSNE8yW6gBaK>_ z-upw~ZUx_B@V{mOkiYV7S9_7~1S{kYrGCS9ck6R<-V}`9K_jqV}{AVQP3jS)a355L9MN|ji3Xtw*BSNOc-qiqTm?n7t4@N^L%6D z+t6vvFpT$9lAIokpsrrbTq8xNJ?gYAVeS_eF5ydSym+ve%^||PB-4v+(|vO&8LH%X zATtRwHX|G=hKi{QD`P;DsVI6_W6{(Xv)GFk=W@zY6BhWh#?msxwSk`%BI*hLSUX>jP-u&#vgyDJZm+lzti1;FxWgg zn2w7})QfA#q=&D}J9SZH{_|%xFQnju%mE?AY-afqWAv(rcDKdhLe;Ruw$;*{ii7{m zEC!woRcOj0lmIUP;@A5b6+JD*9z@Qk%Ip7x zcij-MeMd|?{MFbglI7?VZ6uGwp<|*slZKj$$7Z4^{wvforNh1Ap=047FgQrG%PU3; zJtUgvXCa={*RgQ=&Wi( ziXVC(;w5h=jp&KO;tP3DN1sN>&{CEy4eCu-xK-psgF_FyxQ{x*poEq4Q_lGjAW0CD zWa1;#rT`;=^ai?lWOn6~dmMp)ZQ%5}?n-7iHz5iz-pzCKS5}|0cAfw=Z&R^@midk4 zSyB5f5>%CZ;i-$Oc-~5N)XkK~-1N_1`zk2br7C|>{RS~4rl%Y92NmnI_NTDJe(zqgkG{eklYawm)|(LO%@$CRi*POwJAnWjcI6w+!oIt}?(Hr$FQ=m1=#| zAwlYL%EDs>b`6a6SK9LgqdcrY^3R_?mwwyfB&(a+pe*GU!|etF>vZwEI#BtCiLFHO zcy**e735M4HfrkXD3la~Ho|!OaY30QUqRP=_oLd#sZdnhAp=76knvc=6l@T^z7Db^ z2(vXjBw`98jzn43f%>&-AoZ`-UE=Cs z0eD;4Nr!acu<;r$U}&H4w?6q8Th5IA9PC-0_pS$0&(JI#f3K?BX{xG3Vo#hN=f)Ff z{&Ti+vD7Dt6d&xrZhny&m#w?~7XB98*pVtc)W=sCFN!x_aGO{qrF|k>BIVBpj@jdO zgTGQdC91f;-1;FCIqu)aLNww0C!}1U1y2l%GgfdCa3$j5Pd%-=E30V`ZDXQKGtk+k-%IV;tu|B;-6PyBn3k0Y>Kfmd=UuUJoou zy!g1@jHB@kl`kG4G&H`1#{fR=8mch~25xI4{M1g7t@(`2V(tOdh{7T?<QDFw3EQgXlD6Hw8-;= z+&6ReW^r=AUt681=)vi``C&{3Zhn;nQ4EY|0J<4D*@B1tZu9<9wUv|*5+Xw*el8^v zd`ycFeqKBd(4pdj1HCLgQtbkz%3qE}hUpjB8*!uTMRO@~XRUM67AcAm8-N>IMhaUS zt2ebO8*NSu(u)_euYBS3jY~fXHFVR#4SZCH@VYD?ve;e9)B`^7-z= z98)8T!2#unF~r@bYOn}JFY@ry=WJRSvC1t$^-rqXI*CN@uEX`ypc2URj3N z(dwFdsy|Es7s@TNZ=&dw?0k-|;U^Ks;hOjLRHou$WJ;un2}B_Ecolydb`{K>3b7tB z0#bqvrsc!{0FnpbH>?-e=Y!jo&AB-GRj@y_R13D$hxqjG?OBpCvNUEfCw#$X&tb)G zF~#mF%J}oqagpK7jdsrHakW%rh9LLS^Rz1ol1i2Tna9xWiCbD-l@G07E)NmAO|)G5 zz#$Ye%FAqetolq73oz#x^MXhF=TD_e2?WV}xKAy5hhXxS+vjX+9wHQVI%oufkZ1a- z_e$m#kAG4ZhMs3mQ#D)9$1bX>=**V}^)W)094gx|aH?K?eEKC<*teCDaZ&IkBE231 z9$o|lNXea;!0ziTa`|nYcg@J{W!UJ+1(ga8e78tLHr@K)J;q;N) z*ao`C2*O7zcs<8s5quFQ?yVJ}K>O8pLg)aOHilwXO;dnLt48fo_WDg9P5r)QGM}@R zklEj&sC52YGM)=FEoJ?x{VVrj*s;OsZRz6tOcC`JK~fY)-IF9J>3;E|59SrzS269yr^*0x^CJEF&`YW_4}BXuwT8dc&4JqveOit&W5et1g& zLTKbqrrAtQiI>~f$+@X(RU;`L?g&U990x7ea0g|Id@p(UO(eZOl=*C+OEF{m5D~l> zmKlwmZ79i86-GJ+uxS(+tg|4}M4D(uB3%J&RH~WVki2QDQ~Wm2m)f5o8#FHanuGk;qBGr}oC;C=5U?{||^7D3VwH}f>YYu0^ZVyto=RU@&X)V90SR7Y>fl{&oF(uE9l z6B7KiB)To((KkioZ1#Q8ud9e>=Y_^YoJ>O~lAM1~{;QDg3HucFX{(aAJrT!f?`(=2 z_weAtzgTgj_2R1J9Me))ob!BG`ny!?|2ngt=^YK)A+cZ-Ti3;a54Mdj1X^IeX^|JlUgs+rlJmWbH&=r zOKfEi%ijT1S6AL?HaL}Q>WqxeaxaP(we!ky z(1Hd%e*9hpBq|;>V|QRe|L0ONAPIWmo&V~WokG4YI(2W%b~!!K=&37|nVVOr)@c#L zjjo$?Hk{0a3#}qL<1ivqHhC3v|7Kp#sg0UcCAh+$kweh^{Z3n4pXxbU)IFg? zVk9+{es=ourOPzKRf8em`%hZ8?TDt2#@0P@VB&0j~I>S(1q5FHu1YQRB*1yrTZ%iOXz4(?-K=Jac(-W3z+z*;S z;7ClG20WFZM*1E5{fVVWQe2~c1?&3erXyaQ$$aK#HN>@8DvG-E%x0y!nV9FpK#Cp@ zmbWP(?JVG1o*|i~=USlTpr9b>6P0A$x1kXW%`G`!W|~VnJA)bXL)BHv_F@>P>Ju5~ zN9(z9hgXklYn9Q=VK{jtlGa$Xs+#bJ+QSXfr5WsrkSJDwFNfBu(y5vGgJcjSett-# zqr7VxbMlOcdY6yf|4!X};TjFU1rF+ug~fywGhS6!O%HCq2!3SURyyAHn)K=!^hAu~#b2bv~;wG@_g)u1q?o7dtX42J_D??NjX!C~F;8 zMKlj=!%eZlShsg^RBr$9ot+@Pmq=sVkun9h`eYJpjkv+c6T`%=oSc0t6N_a`vZb6q^@&G>eqckpD z8b#I5#Y(Rt@!KCZ3y!Eut1Ana_EDX=XazF+-x2>h)!tjkkU86mGbvu;w zj1i^v$q#_=$OehklB6Cr&r)7*x*q}2QW6#4lix!KIfN8Lk385R6#{o*{SNBub9IAh z@Mpq{83b{jlVw*n;Zrgc_DSdYsA&%}jH9P;hzaa0>ETSjy)&cDAp`#bRU**{sQ$J) z6=luUnKpbH)5L5gZsES42gU)plr#ENmY(EQs~_g~4y>9rPhqMtI(24#7>GDlMlGo3 zPh_U40|QIRKQo;q&=D#hcU7>=)>c+mJ3txW3l&5$*VLS9Eh|?tNzFuglk4=e#lT4D zWub-yi|VFT8lQHQlj2O?Q=@;7`%R1VQ(2O+#>^ZfL5RKs0aE=CJap)GVSm@f1*8gl zTPL7uYS77hK=l{_R;7$S6|*!l(P_Cm5#a9>;LI)jwjEd1wBg!YNW#0uK^4Tkt;|G*G~7=%^U!=+G5#`Vst{2_dL_OZ)V zXH(9xD2?5{%E18&_DrhYPwm%kvg;^_@FWNzvsJk+uVvRD?F3dL&&HpC?*;gK{FKU{ z%?dLGHrcv4Y`wu`<6L73+6T;C(gD_sy&nTG>ThMZd^2o+ z31u&2B={@}WtOCvH&UKCgw59SwEJI2RcgU37MMw~t)Jutv{sSl4@8i-Z{Oob$p9%* z*n8$V-WR@Cn5Lc!_htl7a16>wsVgfha5r6GR0{iEm#stn2)+%=tPp#tR94O=BdJEJ z;Snx8n~0#L2*#nGv0d?z7G7kXLubUpOG+SMC`*Xgh=Tpv+wyXl-JmXdJ5?IHG4vo~ zIgn!inDPh%n6=v#?oy3F>+vD9O}e;P7;;b3n6=1y&n@S^2RE8sF*Y5bNAnztm7D4z zxl@;tQu>sHsX3M6LYTEve<6H>zrx)E_KT9gbj@dAvr>kbU~d?ToqO zbbm)dO?K6ZLEsU1{Nyoy_OY2Fm10-abxX6b^0exSLwAuYr(YR^5-h8+Uru%DnNa39 z2qFPTgZx5!xa=oOY>~GSd6*%!p(kcj)6-cS)a{?@pq|R5=%(L$n1XP?krj{HxlF7KNL?O`PX-7ida;nly&n{Mq>DdTY`^#aK zsi337K=jm4yvLr^74ZxPz=M=kAPPKOTHWV8oeu8RIX6P8plIaboENv(n|Xa+ch*QS z3{hGac%CtP4fppZCY5sn%|x?d@|x+x1Z5#}C!Hk<4vs8u|50`Um9w>^io)JvtR5AF zc&*7^W&*pQt3L^NUb9QD1_y@%zmEXi1bY+C&Au1u$Zi{yuZ3STrtVjlmpf3AIIysJ z|B0G@h=`b&C=IU!_WSlVncHGGfb7KmE;jetL173HYs0Q5jKT zYqG5nd$oA|jx#WrN)`?EMoql6-PZp9vGo=}ac#}oFd>5`ftjGeCAhn5aCdiicg-LP zfdIkXLvVMOKyY_=hr!+c;k@U*-?{fcRl7DbQ^ioM-K+cQr+f8-7IH@X*BW7i`kTz!L^*Y1!qPnO1*r$!W$ zr=|}LMPVzGvL0H>j61ergL_*|uUnBk6+o@xJ(_UUSm%JOgv;@CaX`2qBV?01{grO& zf9g8(Uj#803brara7bG0sZAaB?ZA@VMbp?brZUw@oPOVX;)0uSe~qtPeG-&;o=4R# z(0tj_|AB4){IRP7Q1T?#;cv?imMwW5WR*7&b~NP(1^5)KENOY6F=DGSpeP?t%xL=oNVtI zjmD^)dh(fL`l$EQhq=flTMKWcd6}IXe>z_KXSg#-3uPac-`G|n=KP$kE{fhEty}`@f zj-Y6VO~G!Npwqb=x_!f6iiNl%q1BTAzFH?Ru-Il&(vs^R4sca$HF?}C;8ba2Fhr=j zU!S-gP#d%{XZmxKQ7nXrCsPI{WJ?e|ek8w8`}jdVAlTU4LFzaqTdz65M@2y+9|ins zda>CjuCr6)G6W+s(+4nxY5(qRv9K&GQcx6ZJ^@>FWVO*dMBQYcAR*IFw;@OpOv3zU z)93RajsloLDuQ@%f+zlpdWwcWqWTR7{uD~YVW=o7n&zqeTKN8K`ceFiXf}bHltgIk zWPT{%ee4TY;X)4!OL8VdL4>$Ag@zHWi1zcS(AD;E+gC_F_ z+`620S6@Bws1}4oDY$BP{LFDQ7K;`t-Ved-{STOhniF_fG*kZA<5DMF4O$~~9tp;4 z@dP|Twk%ph4*$E>|FpK3-zg1+F$;mt$tciVCt@*x@bn@>-5doF(V$XB#s!`1WI$oF zsIU+zlrIFCoNcvxce%yX>N9XfR31JS*C6)`R>h6n{rx?txc`Jt+~9L%qU}JX`&MDC z;BLo+?TLxM0v5c|nAo6&tQkfDbh0iaLEt)9j!H7?EqpZCR!9hBy0cl>F?)9hkBs~l zNJ9(r5gINZ$^>gDQ@?rL_`~(VtT6nz%B;p1=&C^^r-nm7h#`C?WMe&Kd5*-R`TdL` z0Yg@titt_sCFYHgS#SWsw6xS!;W0)3sk-W;KDV-_W3l=)92oLla2TSKixXmL*QOVP(Nh&gXHJpJZj}V)FZMl2^hCB9}ibXqbZ52uEW& zb40$4@{B}ROF_-I5f;|9=ADY3Qcg0?&~<6O|4{_k+7+b#%!CAYJ*^l8%I2KMZ$s40 z9LaW=gp-SARs46GpCts0&uYDU-9cnzpir-_liG7sdX?vUHdh)6)BDy}bDfWiN)ZHP z^e8M*VD$Kgj*pRx4i(5faS`l(CAm-{)R7g^Cnk2N9Evgv&n(YCuATXgSf=!3yZtjW zdLJ|Zj>lUEe>a5|(X6;_D$cIa^8v27xjtR5yEKf-HH3i{NUt6UiB45JN-0aRh-$$) z0BA#jW%2Ln4kkg?AYY1TV~a5Mx5@ckJ#TCWH@sOG6Jre+*k%2?uWj-WI=C7o`olrBQn zQ=Q=kCJuAHzd5UT#NTHXpqq#jHjz?6Nvkm84bS=T$Jg#2J6oT1;a}bJ%+OERSmyr) zivAgc{tis_VK6Fm1|{)xoafxu=C#0xML7BX8st~`Z*$2hl#q+^R)Z;(_VfZj!+4Yb zJk)K1vhZ%!>1zC790esK!njPk*nz+zA{@&pGE@6fb2s^LA0w-I~M4(6Dn-mWtPv#Hny58KM!bPKHZ&g;@N)5X6STxazFfJFw&Dz>c9uh4I$TeSB~t#6xA>ocg-ZGZdN%5|*a@JG zl0Wnr5w`Pd5YZ?BqQR&Nn!mxV9`}RyI4q9=I2W& zUm^z9>XH!^mHoWDkE)EC*n|#(bDDz7=h@ocD*D+cPDBK*{`mZ?yG83B?sj*3sS|;YpY3dyEN*KP5iyl0^zc*VT+O$%Od1i>CJvI!sqoR- zkdt4bMzeORoK9xiAd=f5g>g%|om;N8Id&4fJdI@5~vs3EI&n9@fe z_%ZS?;~J+l3E#wJT-Ch>m6rXG<;(qg5Of6uen;miE6Jic zp2eK8c_{C`dA!XwGl$|LHQW#KwW!Fn5(N*>2EfRxa*`mX-8Z;6z)Znj<$akJZ`Z!( zC<`?kVc3H5pDqj-m0LKIk<}%5A!_XeRFsS%>+9LFu+f9bmz#C6`&KBgd}dDkA&34g zU)pk#zpLCnAEqIsepGGfZc9sb9=3G;NCVGEf*PB7#t6m+f?gYRB8D0Xf(Y|7L$XiM z6}u4mF+}7z-n4>>5+!Y~uBYRI1dl^O+H`9lI0MB6<$sB%wA^l0WutN{vhLzOQb z_aR#)M4Xj{;`kB5CG5r8bPhaHa#A{@S!+))2_F}wr%R~x%PlO0cy`48RtPJHfrSKk zK4c^X%pz#+tO zhkO5yjY~4@5(i4d85;7;}Cp^|MJI-r8~bVmJIpRAyn2k zK1?vS(Lt0<9A|BDkRPfghwIMDJDl2cd065Q3I0t;p3pOY!RGjAtUy8jhpl^^NlQP) zhu_zhpA_7UR*n~;W~p4|J1r|y-z7F{oY;u(NmKuk7!&Ml3OgVKL&7NoXV*y@5<&FV!or3bg%?PMvALBj^qjk&p+EOsASoUcLtgvgf_d2Yh^G&|!Vc8_v_*F!xu7eH3<4H}#y}zQZ!0&#Tka zB8_${4cgNxu^&#WF1ZQ+X&pWkf*n!E#r5QW=~6>wKmTzB0l>W>h*X0kaj(BdByJSg zTV$_NejK)OAOw)aQTIc2v;F%|5#vuCEc2&4SU7<~Ejp2GbYuuVc-k-py$#{c4%PF4i8FjC~NM8RLeFJXrjn-lGDT&7B;GlD=FKa zDypcMFcL7|Hwz;M?bU?$QrTB1hp3!Uis85+#Sp=ss-0teBtC)+So;((*tO7El~U5wHD3I>`UNmUYHtU8;)H)Y+X;u* znPY~*!&b1NXm6iki4)i&PFU7Ko*}17 z`4}V3NhK0D!XjzkN5q^p423Z8n_xXMh{&O9vw(Ici5LS1MNX{tLsk_3R|QL^fS={% z4y3%500|)J2gPU*xlk-RzDg&G{KHN1F~I9yCxdF%h#ji|0=Y$s@Hqxwv-PMXs_QD7 zi`0EXLaOxK;6A3|vFNK04Rt%_%2doEtu$P+LIYX3qC(Q+owF{JFA-0Dp@P@N+RF4d z1fBm+xE-pN9S#F0-s-rn_4g)(s*eBn0y+VR=s&L_27@t?BZML72$!!6fvwHe8cvgv z`Eq6QT}4^&Qw^)5QBoToLDrlc6xNcFXm(O?`-oo(a%+~}wrZgu0fjnzk(BM^Y6W}0 zdej@xzx6VvrlXI&ilE-z zCGo2m^PZ$`#Au@QF21)hbpb!#lL&@H(lWhI)ygIz4ae^Dd#mKmX5Z8DUSD2)r(V^x z=zBd28C4%m0Hp8ON`sh+X{^iJOV{&H0N*`I@6An6<795)NX3V+7XDym4PD1jt!*oxXjafsqTFdY8j1#PuDE;p{bx%* zh<^?seXcN({(lSo|5jWDK(uKwE&zo{$ZhHNlef8;_5chbw`mYyRk+g4HOa)>6x&cI ztkE%R^=-xTs^P*Z;;DhOu4d9+0Mc>7uXuJ+uYk`mQ?rvczfuor`;<==ot)N{+|BzI zsoanTr#OoXG`nJ-M2DhtCZNUdw z=Ht2yJbL}6QYk_6p#XTvO9h3i%u_rq$igQ{@Q-dEA~T*e0SIWeS}X> zf+6^852y&BAPyhMfz$EQv-jd3>*=y6Wj(iX$Fg&{7b$omaGWGG*v5G-drtn#Y8xQ7 z6T=6Ps#8p$sd@KAd->{<0oeQXFFy=yX#e{dt6CS{)k;=iQzCVd zb@&OTa*ar^PpwR6DPOtOgrxn8#%Hfu=WVdVlI?uD_8tHEpc`U40|oITHr5W zdu-VzcIH|nLC4kIbdcCm`PyuM%CxE=YwqG_b+g9!#r=tqwU3QX>20t1=1AM~fl-Q9 z{82(cUnL%*`(Mi7Lc-8hCgM^&{I>uFZN+{|zJ_&pL&n+l8hR6vpndN^{pxM9k(HGl z+v`vVZedLbj{|lm8(v6A+3YMf8ee=yit%DNj*15>E33)f#NxQs`V6Dsn=F)d8{w>V zHZi(ZO1aQ5LVtX=OZ5zDL&*v#beRQSxGLZLoE7TlOfKR$=Sh=3AL{La*X zQX1=|Au-SpV=9vKPJA^n=(cZ$i1RF$$f=W+XnA9?*lksbo#oHadkUz$CN>3GJ(VFr zCs`wf=H|omEzPDEpV8Ip=KZ;3k%8QN6ln;D>%z3wS5)6sknBWt( znqOR__BYmSMFWqyjK;JQB0FSPJHtj2j{Wc5oPlMYzds0(vI~FpcO9|c{93ncdFOX- z%h7jh?;n<=KPWK5dznhd-f7;ku~Dg^19A2OgaLTJ-eN4bpCZDxDHN#S z4|c2QX_+iC=u}wKbG*efHaAa5TGWkPRqBR@l*AMm{;$MVU98$d5{7T0$weg~BY9nt zr2IV1L}%}=84vi`7oI9;N$^O1ZUjpxmo>zHP$$zxHKK{Pht6Qn2{))IYg^$wxUG## zbbiOdjb2LDr8ithqT&I+M%hX#41>_~GZ-;pyGh@_BqKAbI4`wY_31K$>N@$h_MPJS zn+1JlIdKOKlVEair0y7%-MlP+Nl*+aG7^;HPJHi~4axJXL@B~|BE zGV4)|Bt>odsrUjqU$fP*dH3hoZJe%m_*IoVV?S*V= z+@FQeD%8}Js?nEBQc#G>FT3bac7s_OPX=Q~=JB}>QaNVNQ;DJ8_2rU>g7h?WH1GH@D1%ysTI*7O9>63aJpw+*UoY@o$N+1j1jQmf(M z;>RdrxJJnFH>Q8e+QKi!q!TD9mo3beM(gRB=e>N%6cO|j>E zz{V1}%U$Pcwj>ln7t}sQohly^*>2PtJd*#25Lu5GGxo+T1|oiuk?l!)&H#H|GH}^0)Sz$B}U=f z@oF0iFm;LV!$XXs1Q|hs7o+=UO3rk@j}T{AtUNq4;OM8sJYvftByJn#UUAWKIuT93 zyRQlo4>1>Vb#Y6kVj~lEnmVQAVYz^JF$>cP3=GBa$0Ecs$BSevPfG+6{&4=C27O!} z6flOr7#!`?-T;9OA`&^QTR zN#oT{Vx3Aj$%$@BAag^RamgDYWkwb2CK|b+eQS63kpL1t$7aiz3aeE@n+mI*2w4rp zhcm?M)+fJk4Q*}WKFM!>mMqw~o|ZiX1tq0yx&r5yW$~OCOzZq7y%|sP>31V6P7cq+ zdxyKx0ogv9b%x|+!`A3_ld#LSO9SpTPUo@$MpY*qjo%QUE#?73YtR|nYZT#)N zTGmx(t4!PLcrWr7W375zo)A8hM?O6|{?61b`$p^P(N&TDxLvh5g)_uXC|;}QN_xLk zMi`BizCeG;b~&E6g64eLWR-RGC~NPR)4V>#Q0HbV09kMrq()Uw-tqU_ExS5^-VGhy zFK87av}1R4*!bD$BOjnN$5dg2+QPZN=Pu~mw8+@)PSmf5E#Z+{AeEBsh5zKndI7C)&0>CK~KpQ2h#FP%3} z2IJ$4h4+sohYKw$I^w@S{oZblkB{rsUU39B#78bvEW9yb%(UxZx_geAX+4#x`uVF+ z4bpa8cQ$^tG+rt^D*OoU8me3RSV2A7a}RfnJ83<_t;{t-kQI74+Ow14_o^y7|2k8> zWgEjR{rP3nw>!Pp$mL*pmTXQqm#DY@UpD=BVg?ok2|oM@5F{72!VSew%2gM;_d_j8(J_;nvAcLCdLeF%n=l=8@qbE#8ucbqI+(NVa984 zcX6Hflr7wDc-u))mVnPtFY<|nC+xako1s;(^!d+D9+FYQ(pHPR>zowR^V;xbHKsCSi>un> zCkaUN5&efrPA&Ty%LB37Ki77t7V_H)|F*!_>rNPGBlPX0ZQP45!)A)R_e$Tk zf9T}cG#7XZ*1YJ5Y?kLgC!29Suv{|mv$Zgg(X!GJ7^hT>!c4VMcTz2Eud-6w^z4k6 zrCycR>f`h{MEM9kdw`IR?)DAv|A!0lfiQjr;ounfaDU-RB>2S8%b7-KQl$n9EHkjO zv}Nhcfe_3Xpa)4L0=>WNGIU)43W4e&1(N<*Z`VLN6bia`AqA}!l4mL&L9W6Tt7ho> zcof*Yg5Qn9LL*Ns9?8eKIUrHidzJ-RApt!iur%o~L0rH=gJgN3{GbrVdZ*PfCutlg zA%}uMcHTIEfi#d;7CF;%ct7lO7498pDZk)iWXPxon7Ak`ux11$#P1@J6j%zAxsS!v zR#+*q!Vym}QT`-ORDS98T%^Ack(v`jJ)MvNz#VUqRAF}`7t2?$)n&u=taM;`t+jFF z97v{nA2m|wy^uc#Uuy0^ETwjOXBduuc(bDy^6twk086TY@yBt_W)U^p4r=Gkk53R-De zsVldhgTR=-*j)Qxs0&Sk{eRHwKa<-mK^PPo>`Wmx_Bsh6zld8he@Z;uNW-o7z2h1P zG9k#tV;1lt#aWENxzg7p4m`-!?G)k&%#3UY20A&&k=#v%Gpegw#Jeg;Dm_CUDNUy{SJbt01h=UxMH!a3$TOsxC_>ZbvM>Y?^ZZ6QcMdO|JXi+E z@ZnX=);{YNfUTxQ8c=g`!?zNNa$2(5=qDR|j2k?gtnPm^0c(y^KcsU$7denr<{$Ts z`FBl-1$D?Lzl%pg+@9p4k>ei>es}P-Khg5p# zkpB4>mS)Jx1guC`Ls&R{{Vs3ARb!;IT>8Koau2lOJFaolM>gH#feP&r@$0X)rvqYd z{A;(iyW13-3J}D6#zH$J>^GD4Zm*hVXyn}dWrdlg@b*D5&?bfIbC#%-s*+U&-ZDed*k_U@GfgYsJ;de@| zZ4>mQbKfA}`$hIZMu%)#sLlQ!g1VKSv1m=g9Q~2Xx(plrWG^HQS18Eqd)kj2I91zG}XP34CR7_6o zuLdPD)3BF{`hN~|cD$!^Pka(Wbn7Nl@5>ZG#T&Av>mYsMkbZVn6Q$rT-yUYMN&52e6a z7laN2@)O-2P5FbwJx~Fal~v3adAs18xdTr#;-~4-gT(ttEHltU=&Hi z{9?!Nt%T1PoB;oVUx!R>quv`*m(=}v1cC2%?rvO&ki z%^4OIh(?o7dLO;Y;uXlfWDsz&HIU&b>fLd>m3ltRUZIh0Fj>HeH#RKr)P3aCKOkSL z?ig7SFfq8~zG%$Q1i6#%yBB!SyXP`nM_b>jp{Dh^Oe*_P#P3k^@VMrmyp^G-{!{$v z96|DOj1M%kWzPTPsjU&n-j-XT1z8bd)NgH6fjnKNo!wfu(Y7@lyNd<6ZX~o4*FA2= zTRsL9MPZ14h0}k$N`Ny;N^-p`(j#}L4tz7*DB;D5Q!bju%hNw5?G?hc$(e$uCSkia}S@D z;N6k6d#-=`{pW#uT}qo@PXY0p=6h{HWR!)=p@ zD~%W8uo=z!Rc8Y$OSZLXx2OQcM2C`xlbyP`Y^q{&q$I}3gY8OGU8B+uywAancthlz zjmJA}f2@AdtAg?WDpRBi8{93eP_-Bd{Qpq`^pp5-m{dI?PT>Zf2&aS+hD9c%n-oDA zm+Im%aPr&7OBY$)78f~WAK<~%FFWxNkjNm8pCdtUKnOe7gTh|9FVKP zhxTj!R+GTPG;2lF{g)ev$I@kn8u6g9nE;SWC^b5}!dmU|LR_HEY%69TaZ}R9qy&Z| z>v-`=c4PZuSo&Ezn8CgllWQFmK*ITU?Qs_hdgdBXeJ>u*io78l!>adJhZ(gV3dg2x zcir}b)NpLUDuF+_Mw>BUSDs- zNXX;T$Y!?l3fa4To2v`7k^bQ$2G8&Y?Y!%4ZU2WQOC!?jtK!@9Ww+AMidJ(HB*Lfj z6%~yuOQF<-!GPD%WDx-&$FT`%tj-wx6ff?`lvJ=|tTJmS;-8hmziq8O37~WtxsHAE z_2kv5m;)EG%VI1`U%7gg2oW8dCSyZSv0*s|J-6B*4nPo0FYPc<_}bZZzcUC-jSi4V zTy+V0wZHkZOVFJz^FC}!f8w_zGFrrf6JI9`5Av|e6n97j(qKCrMBLDD8DaUg7tG>^ z7Y@>ch>?@?;|6uL5ZUm0ex3Xh{|WwE;owVa^`bXQ^-EelI;kMMHMnAy6c+vH1#?k% z`D4cbQquSUgFcJgUss05gB>ijK*??tdi8=mI|bQ&K=8+9rkrDIji&AjeBxFE z&ZEz*>hXDFX$_1pW<8ORLy*_1KjDR@!^Nomvk4pNvF8d;UU&N3n?*Aq-Pige{pYh+ zAC!sb1yp@p*8H1{hWFX}v3eqe@fNnIQPrD|5+bzCk7BP2CO2&C6FRV;5ix1zH37}L9hBE^cz|P%O52h zK-61z9sM{OmlX92Hkp<5CXlkw-ifFxw??*`!!|l0r6fYUAv*K5bC#ZiYp049GZg;i zyxxIMIt-@5EESK5vi^pX`=3H$9;jS|YF9lV;T}DRl@F%?NjysqBdswke9+Bn33F`dY+<=f*F&rf-o|@m<5en2q38YnL{XH!!&@ngrav}v9RGJ)J znx0*kQ+)ObNrtD3i+=ceqhO2UaV`nAGgScxFd^jSDGfd|5lh=G;F%G>b4`98rBXfZ ztb2Xi?4}5UQr=-ti*3K+orR2y(1Ac>5MJ~)HDXwCVQF!NSvXDP)-YQ}>%u!u7xthd6|F`ofI)S%qZ-#5(#33_(1~27&8;(&#j{R16His7=%oV;4-i>EygvprlGi9Ah(l_y? z&m4k;8h>G&k1rT!&!(K=-!YEETS-~TF>on8+77@yYRkdf5fR0WvvxHye@L5Jpuz4N$hb%Ohf0GlHLCir+DvF+Z%}Q_czP zOil%pdhAeUBf-?m@jRP!L51+HPKZWuAfuK#0lv-VE62>t( z>k%P#VuQ#0IU@drIDkxNjnN|9?KS=f?vhWh`~r;i3p?GnkTKZ0|NNnyq7TSk3dn}d zxc6MAqQLF|v0JDisLI#)ZE(voER?ZLvdy21b_ZWIGq41A!-+Wrx#HH~U+1&fFL1E2 z&xO6<<_^{jtFhx~HMYHL&Z1E1(BipF-yjd-0bl%nKRcWal9q`%92c zX~B(ILFn~?xE*ZBml4wR%peCSKbQWJ#>b~X+1LSJ__|o3=P$(~YKy%(#>^>1=Th;MPE?Zm_xz3ZHxbknvhED_ZYj!ADph?5lcAW@qQ< z^vzgA^@hZq?zFPvpLCcs5fo5XHs$s3vq72deT6CFIGiYRoyZHUHOQFoRp?*jIvD1? zARt*43Fr4#!Q!!LpQJL1=yc-*Ks+XJbedT{(saK)uwK%pF1kz1paR{9$Y;2d?;9ke zwCEkks8!9+Fulb}{(929_Az^S5F>ma;*glQdCRxCoPO^UowA``m+;tBhAJd$KN8EL z(E;1F135nLzF2C}mrF!QLDhANdpNg`OoFT~pOJ@)@JNc9a*q7|{aZ;}^)I?n{OQ5{ z!-o&2v$odaIf4W%1Ny1px4>6rpZo1em< zNi8|&-Acyud~t+DyL;>PdQ!?6*Guf6wIODjtzChJ`R5h#%E4oIq$=Me8{87?)4Y(3~v*~l`_nU>svf?qUm7gC^Gg?Wu^^Z)F&CJLe;M0 zObMN>)0Qb=0yN#_wDYXx_SBjhAKzy(8_|M{^aMk&glX_lk!QY8RE!DVHTX?%a~)kM zZ@z>`tn?-Nd$(h(=Gu+mv|5^3|CTM<)2&9`-lv9le?5jT?WdIk-PM0={{>Wh1_+0K zzAvj=bLt`i#|gKGYA!T-=70({dUVUia2O!7beDD&*wdAQe19x`2KGahxb}jEqH{V0 zi{KHyZk|L*dHUT;kMFYQo6(_O_Dsf_Xf`#<$njaG6ck1}^@ zKUiJM5zAz?h2wvzG=a%JGP1JL8pl+8LOMNNm&Kf)TC(*5Z>0moJ@8*YkTkF5%mwccYXmVxTquaB(|Cw-VT|sIAn9xKmV8`Tl8>J%|DdhlDl%Yagnhq zI`En6I^g!aRYs9-azDCk)MKQ*Immc2b3ac$;NMoY35o-Lm@dh7kdM=5bR}>*Ufi&Z zBlEP)ni(@}$$}!#tWJWtSjBH%6mE3!MjMD|50!>|7q z*|`8t7wUPZj-^5+)6?vGXT*N(TrKAE5(cLLU{$T{IXuQqtmMVdA`l)Lk;Ytu_ey0e z1$4HINlPQL&D2wFo;;Vv#pUH5(Sae90OD|X(6q$Bz$lQD=W+^o8h;8ZNs(F9iRC8N zgo1V>fH9BT5z~5wmTTBq-J35p4E)j1t@&9LW}S#;oR*1c*~@dDRA)|1b@sEAL`dCC zMr|~IMQh61rCzvYQGxZ3p6B!GiHzlsm;oGXts6TJ%` zg5`+r#>BgjVr_IvyxpL$@m|5I}WiCVAhsD#2!6BrRA&!bq3UDx)w zMM!OOiZ{ewb=vdv#ITUGeWBhmxKrPvp6b}RG#Pj;U@|ho&XOGAP5w#YZt+)7SjiJ&sgq6whJWgtA+l(G-ileG~>Ff;7w9NZGg75vz zU%n>uno~!<6+Or-ec#nQ&9cqsxuvaUXD8WFf2Jk8q4wPL)_U3D3wi=(lIrtKlYq3W zYRSV^miXW~+66(i=>oZa@*4L`s0TVg13w%dm-~O}f6!0v&W4^anCmf>+8Ite>ywo_NyKofg)&ar_JRZK8z(b@1&j`;4uMQwa3`n;iw_%Rk z<=Z+-2=LfHtaF(0(Q-2CId7RCx(@rD&Wr{zO`w>`*cmDPc-lApKKaciU73Fh??VrjI#C z^7rwQrR!)9|pQ-oKo1)xf}h-pUAG zwXNZf&vI+6w;p~pYWezn;qNq}du^naGugS-8TPC6-T6AnbI0R;;iUL{CweGcrH5^}fuJPpziTy;lxDXue311QIwmeHM3uo%Q;p zKEZaWT2GGOFbv)DBUIS0*mpPNV?d@;LZcdA-fQ`(y8+KUF}S(3?YGcBtMFd%!C1*C zyQj5jB_}3^uPpE#F?0W*L=0z3WXDvVzd?I-LZ+hi*qCyJ9f5mgFV>h}D8XywG2yhd z^qgqS2HXtxuk{;0LM79^u0%;$lM`K71F$pe%LS?XL&<1ZjF)AkLXo#((dy*FR4xlX z(YWMhJl`aoJ=(88PIuQX&c{%7=+siRzW%ecw>nE#1vzacL@A=39mE7DFv<0-?Rk7}iU&1?|IP__->x^n#N zeHGsG!%hVS+?YK$f5^^`$NlldJiz!`MgOr=_N?uC@z^rzaXzorA)N1dW5J&~v3aUw zrBU`JxnsP)uOqOxS)6p|vc}a<(s6&x>vFRB&EMv`;a)->;oZeA;Mh%ZN;@ikFmvv4Y}7w8#Ps<6oKb>ByD6)ZRuSQjF)j{0skdRe)~&+?gJh2pe~R)= zNIf&l_)tzwYUGRmDpvtCHs#?(L{EbH60DRJ3sm)AYqlz<1(O7dy>O*2Pt*3d$;Etjd!A?q-6Bj_}bc&{aj zzCb5%7at@ZG-7?N|8%#r)sUypNJ7%(DdgfZ&1L^1p=Di#Ys-}40~StK`U{1Wz}KWh z|7o_T?rG;BnsdWfM?r;%!{FDRi#0%B9>^96Z*|Gh8?kB{YsbUNVOO3(*_BZKS zlRjTQljX**GEREwo6Y50+x^KvU!hqziaho76RifpH22OX-8h5mw8A ztmBY_=!x`t%y|kz#+<)U z-?)YC0b(K*o4|%>4vdDBN?~khItIE@pY0v)M~$z;lB#IZ^RIE&2fk8IIDwwu>eUKV zy9}2dUz|4+5eG`pxjqa#F(q2J-Kg?FY!g>e#^>jW>8N@4)uC1xQ9x8MB%{i9D&_)s z^&U_3uPnSA9UvwqE>qHvH|-nDbMQeki@ zUbuUa5=GKjg(Akp_Wq7ux`>#ZsElTmRi7kM6>`MIMmu6S@|!bQUqqp{HU_`Tsh@HE%zs zvLxP`ud}7l;)^WuMbnrMjo!v3w?!3N%2QqIu~A zj!Sm>nJ|9)KFuG58|>ubd)vH<&b!pVOjh5m@LO@)aMaIJXtURQin<;^wRi1~uc@hB zKoPR%ymy5Z-MJEU7I+iXOVj(0#KBS!kPa$3M&va@zQ}*5i09}4)!y#cwf?jdWrD4v zMPDCa^eieWZ4l;ny2K#B8u^N(6G7D8_88Ce-NUx$4G-MJv(L^~f`u>nM@<4Z@ggGh zOV5ET=TGkQ0i>J(x;}jid{@B?e*s8kL`J0{D)WHHzq>+ST-|>!1hjS-9{4Rq2Wjvw z^ian~qW5TMbO$qPy-+BFGq)Z}5M%)LWv`tS{4FEuleUU?^C_t&glc2tW@$b5ZA_+S zXA>RiyrJ#df8hGOd~^B#^mG@nsDe|y#?|JU9n+SNnJ=+!l>>J;^Ws$5&JNFcWLeXi za(bmq|7<`{5}XKt)te8|xioW{p=U8}Cpk&FxOtie8$tU{(Y(K9yIZ0ZTaG`8c&?6u zFm`F_-H_Hv5E&I6K*CJ}iogmRjW#hozkNxi(lK=il+k?}+{TQHN+-`t_X$w2*_0c+ zzIEh#zJ7w3J8e<$n}`PwE#felxj*mA-HwW{2sn>rr+-p7UnOmeKVNymEZZR%vz|Q; zj9j!&jl^vHt%H&Dd>7gFBU10)urIOs%DfgXFRM<+BVrG2(bT;imTxqtIqnZ&G(t@(x*f5@R%_fj@(?gO5VLmv`uJnh30_0_>}TXz&&vI-gJMN zRUM4Km`Fsj@N1>J8DlXR^00-viI#DjU#B{F(8}Dw2e4gwJmA^dD&rlpPT`ElZ9Ro^ zreF1`j-8rXYs@nyv{!UY#vrVZy*F9-D>z`o7DZUn{d#35{lCEO-@vz=8PR2zP{1AH z)(!YbLDu)}4nZH7xp%o_VR5YXlnBQsivE_NZK`u)tvX{ z%(*&)-f+$7azyf86degKQfrDXGtZrRyLaE%NVxOof#MfXx@OsV)C##DN%#pbd^X>v z+vl}O%`B4K#Z;TN!~3zG4Avu&9#IK5#Q^gwz0q?p>4WIMU{VM4YucyDY@m`es9G+PZ zt-s`hKG2=#tv%I@!gLD-JLWpx$+#(GqNH#YWkcE=$&bU06<>p8-wjoMBJJ9*Id-t_ zSI#RT!4S%D=w~kzrbZpYKGiSb_N!sF95fV5{#F{8Ne+ZEz+IU~)84|3+?m8$wmHk@ znEQaBkjB^dC^+Pt@b#E+(3Y@2bhz8DoIsJ`uSiCFS4VSY6>jgCnVCs$z371m2q2YA z4L#rPyv<0|r*6ER3_@>(>B4-c+^Nye$R^fzgNCGqjVgI@It~*x>qqjlm6E{cK9W}y zAPw#j4hnp-d*Oe5`WCR3cRd%In;*djSxtH3t0!Rn;40|D(gB?iAPkReN)__DzXK?%%BF#=I*v$X)6oBl1VBpIiS@~GvuC;Z z;!?bLBFvR7Od8J49g)~S3E}xS*-d%s@bCx;AD!N#aEBo2+K`cv@3u5gu*SrsS&~e~ z-?MmD^lVlifym%{(zo(mFlL*dWXs<5mahH0>}Qd?UT9r4x%k!G?ffZ-D0_nut}$8_ z=G9sf8Nc@76S2zg>e*z5n95Kk(n+mDKdeSRfV2PY2C11dCw++sl)agAM~+H(lA|e~ zT6o4;1&4k?Dq!^W=d7~&w$&q~6VIzuk;Bv7PIap4gY-g2HXkFdQ^@V{XlSzQA5GpQ zuLt)`zT@F#p7WbPl7rbpI*%~Oq2Zx%{uTf4{&?*!hkx)>YArxhKv1+E`JZj_|3r>2 zV0dlOy{EoXvemju(mR&bpK&3O&%9)ygbdIY9Lhq&%OHl=3r?tXe&Fe9Kp6XRQo+n; z1EfGSpzCuVVNcSB7zodY=R4`s6!$5n_utL8Vc+WM*nd`3R8*`JVUi&&U1pvzG-O_j ze6DX$qMBvWhv-n@yL7U>re(w@-`@f(f@YLyl%v43VMw-htMX5T z4FD!Z_vB6&MgG^!6sW0mUx+92CWOr(q~LcJ<}=aU;?)O z>mF>rv?XJ61QIo2dKeQIoiwvqVlUrigzylQj92uWKkUBb;FK8~sP5$m6H~#_HYE7o zZog~5YU)y@8DQ70;^p<^dZ|X-eAo_n0?By(Vr^K89PEV`$RpXvBQ*K6HW6Cg7e{)= z1V$5HBiyFklD7gWkP-1CpHVRuR59VuZ5du0)faGX_@mW~dFju)JtxDs{b$``!6i{-~%RrmLgGHu5V8(g}z>ums+ zGR$z`ZUJg(k9OvYbFO;?ngIM1@{Yr5Ny$AN5Hbec(rLcd3#+Vq_0+95$t)+^-EImk zR5m?XNncT0(bSoem31>)ygCK!wQ8HxqX(sBVQ9;?s1m~5zC6i&7EjmAut5xY6V~(S z>52cR9Lg}ua+{(7m5#ULwsYobS9JjOovUquu*3iRw!j*nJimk}Lns+*x?F;hU4nSf z{i`{fMISxL4M{<+x=DP8LPMg#x&%wU9VyAra8;y`P%As;vVYO9# z6}A>)GE5P?j(j=v$$IzjP|V#0<3LJAmYvq=?>B8x?2xqwTU)qFKLyDAwz=`ukua=d zK)@pAV!%b#w2~+^c}ZE}@uZqshDXlc9*Yj^`o0-E2XJp20b>%1%tMith%_$*T5lF{ zlt#6SkuX-yX^~^W*Ti1Q5bGq@AJ~`eNz`25pZM9_c2yll8}RCd9Ji*ljXDY3HeI8m zINq z4xhTk^eqx{*rdM(C&hT1#&JVT*?Lf1V0?VX+O2gP+wBjoub+r5)8tL+y>ov4RcLHtiD$YSWRrGT_r7NCO57nR zgDZK*b*am8RO8ujXjE+wv^X(G4k4Bprju;B^{VFdjGbUxJNp{Fvv7UH(Y1bTi zM%^9`EXJp+XiGpUR}K>Bd*c>(WR{jA`f8-*{9N)Q0XWI|B_$hEO(_0H59&kz!?O;c zveI{L&fyHd{O4&xe980sCuKw2z5dr5zuEvaA+B+Hm9-TVlAds$a^t6bdF6OSSC#q? zFeS~_M>k}yg@yfk=@xa|+HTU9MjJ00jlBC|niz4LSAt@q;@KHu1HG)&wUwnt<5JSG zACvSKGoM5I3$r7Sar8~qlibC7Z&6YJYN*A&@58D2ha9Mcv3D+Tg$RPH@PK8*k&vwF z3PkpGFY`#|j+a5DsLRd>F$@aDF_+f{;+m+~K6Z3;#`%aky}&D5_+T;8n3`(0P%TvC zFQ)f!Dzatk>jTyU6vKZ!S;!{qRY8T?w)|^B1p%zm)LT0k0quXLtpX#ut+zSAi!Y@ttQbF**G0o5Mo zyE0Owk#Ee4@Jj&y2Nmc9EdGdyfFka>I|uT}X6-FM^B>V0#Kympyn`{$Wa{J5%>QfG_x4u1)KSRXu7I{gM`zTF8SA)(cC zxu!67tQ{Vp&h_Y0At2nmn(X~j3jTI%;;&fYL|0HeYN(B-@o62}J z-&6HE&fH`O0dD4?O5Yp<+zlq@TTYUTKD!)ha{w@RBcN9HRYlAJjBy^OTz-k0EBCgq zMCX8K!(oCE2M4o2ALF~r4l1Nny3UBR!xkdvU9|^|q-h<&7uewwKzIMZ%1Xz1k0Eeb zOeIyWXf5WS2f=b(Q7U#l>qY+g-M_IFs5wYaFIkj`XTj4?ZOH@+fS0)BCX6AJah)L_ zbrphMEa@PTW%~h6bwjQ#02}84;b&PhQE~@Bun}!I8Cw-kw_QX7(D88{XMcc!OYKK5 zTBtmBUwpEE6 z(sy@$366(r`|U2!#GcnTHGO16b(t*|ZhAJGvw!*OVK>7A>W&uO?S7i0_-#{~YEj^y ziVhSme|~ZgcY)%`UppyiGDt83Bm^RwgriNb>hqiNIE1cKQ+ftH6o~HbpF_C#_~U3^ z1_p+70Ce@&dE)N>Wn~s^@Md)S?A0>Z&(Hr(zpbt9``WW8X0Pw)_?YDR4BFoZD1v6t z92pw=#iMcD*2E+O@B;bh<^g5#^7hJh9DDf^H>3x5j(GOZe<*;vIBfgvMbsJl@-VmG z$_vvIlDJkb$mdLxC#`)yDcQ6o=^`ScAZsIi{e30vC5Fk#6emrr4@}n|_Ma?^2uj+q zE#LSS1S*)(i2hhpQ6q7NMcopBaO*bZs`CGtgOg`O^z0mCh`(XX^`;EM6Ig7kH+FXq zVOr(pUh;9#nKHGW9ADQOuD!tNe~JG#$DjSb5*P4eNFrNeS`xpZVT-V|IL`r3|OPDn40Dtm{ti##QRD&4|K!+3&sF>&4&jE_R{z0 z_y7Zulszi2$Uy6*9vc?H!#KYg#u?23O0wZFw|cXZQx5o~d1Hn`IfkoImsv z^K3ynJDRyem7AOP*&*+BSOg>UTc29Vt40oO%nt~eQf+zodGtwHvs_ho@C-09S?tH9 z2viy{GsC*#c}jYmez!il`nUi3^n3>O_4hx}VUqAO#0iOsMW;?1kb21c8fXYpP=X5! zzn6^af1G(K(B;JS{p2^%VMRk$f%N0Jv%!Yj5U?w zOfd=1QWU9d0cs@~v(S-O05f1vai}IC0@h$nWTK->o1E0`z2&kJqBQiKOG#z7fT!Q- zXg|4E!MN*zRzR_`@_Q$@+P%!Nt0>+>5psCSO2?8b_>Aaen22|2GKv)WqL%#S*8d;h z3R(<;vV`WO+<2JUpyY$n+2MtE7(m}uIW+QuzaQq{)IRcGRTd; z!fWR#h8gLY_$M2PX>qRufdvQh=2@_+$deZ0-R(%1Dsr#W0kWG$9=fRJQilS+7md};IO2408v^W1GcziUlH@GXnq7I*igx3(Ipt^4}>pyAKqOxC; zlQa`+Y2NK#rmBd{5Pk}I;%D#!!YLgPd0usVtG=MYbci!|?wy;td9|%Y<`4HprQK7A z5FgRm9EQDP^m`cZN8r&+OhJ)i&l~Gp1{gg90=j@=r0ymTbNusA1ewlxauHYuwNXCR zJMlLR;+ULPe=a%xb%@{(HX#{agb!KdEl%8P6u}sfHZ3&G)9Y+kAed9M!+rp`?eV7R zdTWje?VCvW4ZWu&vAqu^nF_E0AkJ76Q~n)KE7=?h(}~%#ogFR;7t?(0#}H|qu#iUs zmTS@qOf>DK4cch4{*$Y;17-{v836_O(zDst+_f4IL1g;x?~GvFr9!9v zk1UY_;%y6B-cx*qp2-{Hi{=52oZxi0dT-2o4Qvj)$z zj~#Z^bX#1AN{0a_X!1-mT8tf6oP7V zFkUJ7zm0lNc6tEY8J9CTD%}$kfv@gKAm~(c(8Guv?=Rw}`nsia8l%nB{{H@(j)pC= zmp{CHo!$lk<~&02`cp=06hKsbz=>0k@AW8LUeKLXg8jZUague0>RRE2!MRhkeBgq2 ztrsavMKY^bcQa9vbCpp|mxpRE2UsQxP=!hIlC`450OLcDKG){o7gV`iAYHr@m$jzl(K zqmubU^dfJDUDH%jWvjQhLPu00VxYN*ZJ3)X{vkZq#0{^QkdvxoUrAWa*qX~P*$FHT5JaLF(IB; zMbRVBo1exi{wTy38Ks!DWn4{p-D8EiiK_ORx%cvDqOSd#xWosjmC_$Bgc!aSy(U*x0% zBuA~=$4gItcFb(a>^44mgUghU9l_-cvBN-KYuM; z|A0qY@wcr_VVv!h-o8Ia8yyWzl{U8%&&6meP*WkuX{UW;s!)8uScqYm6wNd=%n2$4 zN#8XM2l~br5ZPCO>GJHLN#=pMXMD=q_d?%zx$wx6_N@gy-BBwsFq$jJa4up7##`=p zrSCDA$IB*yH!I{F3kW9HPAxi5L`JBhQi{(`#u;WcJPoE5vx!F!^b9vX&dk^%N4?re zDjY?$3T<}gX;L{;bAjg1L=O+4wEo_FNk9p|=rpL+ZQ1JO+UEqjLf%DC%yn zE;NVT`wxclUqwV{G!Ef_wCKd^%IY`7F3+#X0Ge8Gz1&b}8wHR^a;34+^t6nkZVISY z_eLB+Jqu50XV^|%!77Z-XpX7scibI553M4nIwX2NEDypw{ z<}vQ0jr0+ZAvroIenLXRnQm=Hh6RU{%mns&M$pB@qipQ!!@j8qyLpKtYiz5#O(Smxg0T$pw1HcL0K$QFv7n=TN(p>6W?4 z7~!Sr10SnJZ~|QJUs4$j&fueyTt21ulcH8@oP5kK#_5;ezCWmWMb6AEc@N?sg-J*X zEyBt@-M{ruiT>{tBN>mQOrpw|?@mvf8hOq-dN+wJUdF^54Pw-QOG&BgdG5}g!5449 zL9T!gQrIZKk~iH|8VZ&sbYTq*=}e+JnOT}D3Qgzta*jbYqnsgi%8e%Ue?)&$N-|x z5E9|Lhz#Ub=2~mQi+D?dG2}0X?nReNES9yo-aBfWZ;SXg2>F;wO+yr(^^=|^hMple z@z)^?D0$KwU~%;Znia=r!|T*OQmeEJ*RIY^1{v<+CE?{vbc>5}$MnyKYJ(YvEkLY~ zUh{k!_qEWi=$1X+b!A;813)*&2}7gw9Oh~Mdgid4!3x`NVm+Ol-Gr`9z5l>pG8k)k z{g=oX0xXUPjdT6jr5kT#q#0PmD_mCEx{UVW8P#AE_`uCGA_8;Y5mAoi0$ZH!%QzA? zKbwihPqL~mLEuDDY84d?-k`5ERG~abQ6$=@Dtw<6;@2ysp{^~yeVtVOI@QgaOG)() zfNYEl=BUxoQmeN=Kn_sESAZ$c9G_AX!dKlSY76D}`{(-nX;x-*Xs69%<%w2)qs&o~ zHqovoZ6CmcP%noWtD|zOMj~C8s=jIAcpzcQce7X5%)g8%o+#|I;JgDl*bff|n2?a2NAJeED@Py! zWa0)evCzCMF6^4eJd*qlU-fQwyAuKHHkg~fo+GJ)c?Dm-URb0^b)(_=a~$&$?DNnH zpjY_tK{^hnqO5Ih+1>a_TMSjl=JBNSt^3@&19%O3F#|(4-|!8(Wr(mt?LgI+lpVPl zv`@{C7_zcT3K|wL(1#zp6tHUBb$#8;g{G+fGF) z{{4~TtT87W0;Wwd}x3l`J&g8&Tv08XYABj z%57d&x#f6^5JZl^QM*r^f|A|Gaw2O#KfgNxY-|fAzYtdKgMhV`+hQ>kCS4v{&l+dW zz)0VS;QiT#Z2j}76Kv3ur0#RA@as3^vOOAwKcPPXH)}2@_Jl%oP|a4Ji-~{P8){bK zc<7lBz=RLi=_xYmP3xnphFJ0i4q;)N>xX={T#brHD3xl%s^GF$Pv2pfeCcU#zf9Zo zC(u z2?3id;orgnfNhMZMRDa%G)E{n603cs`5L4!rg{Zm0Nkk8Suw&21`DiSGUQUFp*`Lr zIF`Cb`(Lr&LS?W~Bq=H655|VP^y-q7p;{!sz}?7YkKVJV3qWW#?Hn$w@4EIG<6+ty z9@u9<+!dfqtL9jDJG%iT^5#jMQ>7*n_B8sYtfkiDef+hDB(eND;Q z*KS_WMxry}r!?UuMkkfnk-2*omOKC+apHACP!~1QdLZ*8`v9Oe8x><6dyg@!|6~Wr zM4<8@mF3{Q0v(9myuyNFBINVqTT59RK8G zuyhg$De0)D|EWvYy@u#fqDb2}#!rZqy$t83HI<6S8X&`sM?I|T(;*`QXT4`ulBGI3 zw&AKGrfUdHdvn!JxvgG+U37muQ+E9z63VOKlNveSGHp?&5+N+)}LSgd_v8ozqtljpuQl7l4Yph-Q zJ6lIbWkLf~IAHE%^m#H7Acm;>_+ZvqedLV&f7rwR^vV*TTH1O8Q!egmeH0DEd#7bd+=0FNvF$xf(d` z2}(-*b1fcTanGjrmb#rizvsu)>!N~U-|sD&v0i)uTrKHlPociiXA|ZTJAKb*y(wJ4 zZ4GR3nZ#3bKTLfR+*Vr5vdliRO9{CzvndR4x9+rZHAnd4UyK8t-oN^8;FvDr3Ke)X zHL>4_Y#12UU*jE9w>o@OKDHopnEfA1_V0ECUJkJFJv}#Mc0$w2K+KqQWj^J^igCs|LnkxU{evQaXcdxF|Z> zovJ4G_2j5C5DBeAOkXkvuFF|~%nPSPsa}*qlvRy3?g5iez8;`Q1Zoiq&?8{VVwjs? zKr4|g7#6GE!wvG|L`(q_fH<|0?)xaFM#gwl;PBvZyMUYo?0l!=2GMS*fRR2p}P*4NrQhh)Cm=3wo@1mc@<(~BzK$*omweS>>@H<8B z*!++AckPi3O8V3~)t)u?p_ZZD_Cz)eUZ%kg8{y z(jBhp)EGmBjbKQF-r)oi$^*b*+#u{4ZSK~>>q)@C_dd)_%FL_koMJMR3!T12A=PRi zl#KoeXe`A76>&Z&4yroB?=WS*yGvZiM%2{$QsHQvp!DId|FkQC%7V^cHDINT_qqQP z6hR!g;P_*gOIXhAky?{I$1n-Aanot>BH0S;?C3JUYQSz1 z=)%IeXT-el8el|gML(~RF|6uF6D5!vX~W|#%+9Zia*GmwU`pIv7xUm z0>aO4V_1Oas{oZ=j|ay7HQ=pv*I~5OXD+n%&f?f-^QrXG)sQYh$a`m>@;v@QSYHdC3Bk31oL*U}Qw+ zx#LWwpn_If3rS9`2|Jb@Z+(5;`$@9lqLf+t_4s2Zo_7)Fipq>@%rVZ6uGE@>1glQb zLoIx*YwK&VdmJAkvnk{rL78YqXUZD<#`zw;uLx~~k8*$iA1?p}D*9FCp{uYLlBNtd zLd>p~XVo+mE|}8setPFy%?@n@_0`Q0EflSXT+xUA*GDoGr%+z7Csexh)tY@y5<>gB zi~?R0x%?stVYtvpY=}oXrk~15Y|iR?HHkpKBC#v>B}Hjr>WgJLDewJ^Ol*D_w}x$E zJ?U6G$OdS>Gr$cwsDSAB81Y(oKLU}GD_2Ttq+}0g!HYaS)fUN5h?w`5OEQ=!>3KmQ z5(4zE+<+r-^&8LbpzcohxN^kCYLVfVP8_C;3#Ds|Dp+hf%9rkC5?YzVl1oTS-w-%h zcw{3!S;3b*t6BZB?1%38O~7(Q_-y^<%b?fqdmS(~k@pmu%?vF#uaU9Lyq#vIo4lk} zwz%59!!FfF-(1+WfwKPFZa(=Er_r)k4}w$VG$6c5@FOLeG0X?M%e(}>?Es&{O2*HMZY&c7*XuE;>Am%#QbWDiY#n6#&Dg)8=^!KGP;R4@Sq+OMyOYSHJrOMY*!=t3^wXv z8mczru@-`exJ^(7rJG+#`nBCt|u;k2M*P&I&KRoO8W^+ka-?l|slLy8Txi`K4P&xj4 z9FZwssv3$-h~bjF3$zz+98v=BtAof5ZeqN?`biZlA|!|NcNwzZ>AyLmB8W{@5P3pV;E@XE1Lx1V< zaxI+uM$bI$VrrK*Q2ueG5-VkXDyj@&l=U1!?%8LdxXrP1m6Vmu5$~@V zub?t|1iG(0hXCPS7(T!~Qq9MApEy6qxWDSbhTOLG#!~_P9LiS(Fd+DDug5^IKuxw8 zcDF%8&!D-F2smSJkmj&OWjIPj3z?%zQ=@0ye|(IV_X+RY)@=(C2dHIPYGjg~u?cs< zIhLrvdbJ)JyeLxRET1756IaCJamA{;2t1cPhBsT>7q^^**7h43+#dsAD6f!E?>0YE zifzi-?a5v&cmWes(@tjZ@ZfxLNaOzJ2&T@54KTv#IcJcQh6kI9D(}xe>}NneriFl( ztxQ2zWGnNGp`C@th~R0vU%5R@lz>5jsN|9I)kaw}wa)w7!YD&}SO-0jPR7O%(v7H{ z=q>9A(U91022^eXBL)427eR-j!+sl%X~du8d!3mKNL1${fha=7>@;xiPWMpt3>_=g zfB~|qQp~k!#_{^P= zY?+g*i_GLDOj6I(7712r?r^t=c*Nkr_b0d(fQY_6j%{*$7+Azw|N9+G%IV{c_26d3 zq~m&Zc==U*S*}eZ^EWbj?;W^m(L?&|d$A9tgM9Py(kT|N4J@bh5OLrP6AtvpR%TyY zBhvwr>6Y>9S~O^dur)W54F3Qn+b2-7>JffrQ~L-mAF8S5gI4)1dB6xNyp7@y4F>|q11`O!S@>oy*Hj7e3 z;}H5@BP1*V%$R=&!TLb=uk|Q`@yQ}Uijg=2Qm~7ctvO?aGpwcEO=HT&1bhB68tW{p zgrN$*gSziqzr&AE8v%0cI=Nz7c4B+@c!<0_C)h}iP+Idl(wl@4 zh4u8(W;#i;V4q?qCYPpcPqT{gW&lfNoU`E0E2cmQmIF$|z>88)UHwgoBK|g$E8vsh zclbgdB`SfaZRon<%Ub?gl=({)QZ0#>^`4cl=HV9R^EG8K^%Xy_R}%++GMXNLx+atn zgQJi?RekiC%S)jz*rlF2o|{)hDgF+l$iy8<(jU7WEj1QJZIN+G+IDs*X(@s|DTwl` znmuu|w}F;!t?n(MMRW5TEpc*K=_q{aaBnC}`}M?chzSe_L1Eouln8iQLbM|B!zS9u z+ys@Ac=5^MzUYcS;mJ$bh+`wf>l0v>E|iEOQBwQl!m39y*TUUh{LUxm-)PH)N=D0q{#K>lz(dzZ&)gSat1P`^feQ#Z<5H9bneZ6}<>%l~ zC-Cj%?aHPgH?Aj$mJgX%IiqJ}6y_&EIS0EK!NC)AzsqELa;C> zD?w$J*$2BLJJE$@{HTqAnryt5J%XcaliAPrOg%gb-6QXzZ2vWOGvdMxc+^KmqjP?f zi~r620(PHycA!P!k|cWZc<{xQXz9N`@*~iZcfFS%E)+xr@h4&C%73=Y9ULKBGw~Yz z0^O2>N?kMKIyZSG)nAm=!5BrxdAKl6Nec6@r*dtjh`L&(BaHeli z-rG+(Qe*zhXa4pRT904&GBf3ZR+FgVcLuo%?tXypM>QwkH@AGkEliPru`B2&5;E=Pm zq@Ajg20L>>A>l1U2*f?~Eiq!W9`H786n=lp%cm?}L~_$3BDcR^Dc3nn=Bh0SenkPk zPNI8=Qutu#sWVvLZzyWOchyz-2;dUMcm2P}YfT^&0wR&1!<4&3$@qOgbF1e^oV>hz zFeQ!KJBj5gm)&p2Foj5lWdepTZx|M;(loWbBdGx&9EmJ9@mvkjg_#EwOxE3;7V<{C z$oo4IiwW5M2nc~SD94KUGc24zb(~W^CM;MTk_cSz7<=bCW)zGKV0iHMbtMw=J~q@P zv5Z$wMQQEgnWAzgYev&tg0z=KRYgsD^R%7mD}G~@&YRyKB4h0re_8~f$py>bd`4>vcIzVspO%_l1 zgE0U>>HqrVLk66pqQG=IukMBS!`!B8?awG)7y*GW6NEhv%O*e@GO)1B)zV#(G8z>Y zc_n8hi#}dAJSCPm){MDcETt{QT*2@S9hH+K%R1BIr7z?Hxx$_Mu7 zcj{$?V_aOm5uJobaR8o0;lM~WUT01G z|5}XySsQ*%oOA>@9(o6qUPSDr9}TP=Rt5xrDGyRCi80w@q18D$ahD1x*1Ik=yJ=T* z5zMH~|IZlqwv+E%ktEZ-UcJ{^U@#Gc+RchepPsxL^{5Qo6ItPP$-o2~$Jp0D; zIcb~#Qiv!LT$zopP!b@5KqmX3O2GqMu&~s#Tc@TVq^@p~h%|csR?ZX3@Y~SBH^!KF ztH2y`;SOOB0S%@(F7v4EDxOWXC^ewo?kqI!iF<9iBEGTd%*x5g-_rqHv(zrIIsegf zFkK-arm%A|CXWb!LDa0$D9}1Wp#zqq_gall#};@qfPNaab*u z597ep0o$UtFPur=BtUvvN}7vJc;XGSVRq>K-f>$D6Km*0F=G@eaihw8K*`5o1>UWp z6$%UjUU**xr)Di*Y@iH~g%hM0P~pI3SEt8)|yH*pM&j#NCBJ zREHLQ%DC;qfZ7Uq1|=Gf8W}bt%7bO67Ax7#Sw`Dxx>Ap0jd9UB8@ z;`?6aHs){baRdY#sq1Nw+Nyc9zxy0e6E^(Ha*ya7?guJm3>rsS3JsSjU5rOH(aya8 zP?{SLmu_5!KAB{_wXCHWPz_v?0dw(+yXOPi7MILsEha|vKL({GCP?}+y7#^{3|8(#6a`0jwFM~dk zw3Bj37h=(M*U679@X);qq6R7tTIe^5z41Rh%{P|;ac~S>4)n0f1s|8ILaIKLtu zg%Es(QlcNstL$0)BKwob$;XXzHR|mQ0$gK-_8Ny%+R}*Fe(f8+BJWte2q)4>a@+Ih z7C96~LgJ;1yH~j-JvHvk9wz39ZJl~rrm%qICV9=r(Tz3!( zKq8+Iv=SRjK9b^h03uT#2xTj0FsNk6SYy=SjJTqIK8PCi3cm{kW}>qRu_%Di{4QR5 z+XrrNX_TB$uoX6 zBYNK3x22>iEUMm7fcca{x1Z$i>dg@ptxbFN&xqyCgNLPzEL@mLZQAnl;a}S&#^p;* z8yn;;{cY=BzKEPaI4l`Zb9{+vdL#6gnj<)!yeICv$%#wQz{pN^`RF9B zgvnJC`%)9G03p$oQ1CS1xV3vLL9zJl@klw`X55$uuzPH08vKNA0q*&`b<=#Cl<{V| zD3uwI@!M2rz7zT1XGEr6bPce75|?07_EGS$11I{eQkN_9&-O`cc`7vOeSXt5o;K<& zXH&TS+cIoN*7X^Y!K4GK{fohZd9&ZiDztM8z4O@4)8Luvtr_H=yJD(I3kDVD{gY=t z(ZOQS_n$Kh51|4^IFm#n+tz=5d9EOo5;Jfe6VgF~04aX+M>;4V3ulc&Q!{2$?Livc zgBZBhs@lTrOWKYjD>8ltbVE{7?aN$U6C`1mKCNfeyT--M$?&uMlC&HzFXEvXNp#=| zIiAl$)|hwn$a!EpYvCr7H}ss0+yfr#J?bc+n*8q3{7XYX-RZTs6o6E+V^&6T4G8%) z@}#|+DmSMxrG`SSWOKioc<-ReFTU*n;MYUWanqv;0`+Lfu2>$nqW`nxe;&DKSLYBW zZw~Ca|4Bsue1o;bLmSG7dre($aNhgsvFI<~stsf%DiG?izpd`ec!tUvmv@1oU9YC+-P} z{Rn@1hmyTLGoWGrv=54+(8~Pel$@K(%G%p&Ise$(NsJr}fjr+R2Hm3jnFs4HHBTg- zjBW^Gr70d6L2=|m(!pW`plUJi)pbBi?)@a&-~at8crH`K+ch14COMez{Sb#Oaz#Z( zdfjIwMc&+Su2tGhYh)EjSA07YK)&$g-rK}{ zNG@5wFQwT6k2mMltXiPK^<1K&$~*=GAC5=RT9xPmMA|U$L-|I{m?d97syq*!64pfF zhV5T~Ot6*{QgP1})IOCOJs6n_HzEyLRb^&{QZR93G?vCko@G$8a$jSYJ*_fnU3ky| zH#O>^;#7o0vdYDvgHy;N)Tm`i$NNHnJ71I^G0@R9u+=I!RlFuWp_;3@h`iCwxAv&p z6a~80-qZ8_QJ?}=O0qn><{IfI7k3ShWF=w@>_7UK9&@~}PxrDq`O^Qpr}@_#4>ki2 z3|Da#*tV9+bo#Te@FA^>fHheLNP{*d9D^RpQcNf141MJvE(rPLdFJcgRNRI-Q;an{ z3dax1Yjpu&>7+n4b)HC(ckx{mpp&~XnrmV8kv%^m2zt4Cf({*v{dczo3UR5m9x_RFc-;CzN7#H7>cMk;NyS>Ron0!vPpxoV+~ zBe4Xio8m}&iDwFR|H7V$rb}l#tu_+Kv4F$Sk~yH6{h#^=_-6R3K9b~h`x~mrj=h1m zYHdwkHb97p7JFkNCZTKJ#E$(5LVf+kj*d^A(gg^RhbS}uC~~Ga4eOv6%G@;2`#cy_ z_1m$Ab|!9j!}JcqLV%|7Ewx4&xsXXms>1x8oF@LkCb(LcjU25hNJl{P;#Y{m0TDj3 z7I%|0?5(r^rhsDc7ev~@zN*KxNo`r`?hP)#xM4%PB@32R_jTr?1Vv|RQQt*;&31e!CYxaNH-tu^d9Kj}H!1ZylhK~hYfWWk@WmV%b$;H2z zpKA;_2zeP_8ZJ)#YV6lDs9!#i*fI{i<62GbGvJmQsk%9#yHd_5G2|(+J1x5y-`Mn? zgKw~5rzmabcEYER0B1vyAcdVH1OHZmGG~}l|GjX)g@vsWu1e3uB-Yk2ah?oyvO?)R za}#`-m}s>pm@b+?+d{%ju1g34sre(zO|;Neo`Unhxhswf*O+{ClII z5V%ZLMh|3gY-bk1S$9%;cv$QCIW-lP6pIyAsudP-U=zO@J-BaADalW@jP}W0y0w4OIQ?ds!o&UQ#VFQliKh~26n!g8}qI$0~Oh2xSz(O@z_P$(o_8rI;*uw)4&K@Wz(C{o~n~n4gpDJdokSxvR z@@NtHgXK4Sc6^2sK7Ol+-nqCj> zb>b|xe*9}78nS1<^+QpSeINs1FRGb1mUqa_FQ)fRd-dtFCA|!KhUMaUzb|5s{W10N zW1WqSExUGL+2>MW5OPQVcTZ0;0a8Ihft-noBXHE+&Bsppeu_JPR|P!$V^@XRC~rK^ zWGUZsim!-K-|O00vyUC>RwSSLpQdq7>aHe#pLaDRdmjs{v;YcJYq=&{JA-vAQT|1ai9A)xn!q0LCB$CtTQO8Yq!E=g8pQFcGe6i=dpGWpYYNNprIS zKL(4p(D>k4wP}<6&`Zrg;c^?&JpV%}-_r$$lGauumg~cB$H&vW_GZ-;6hh3s7aokV zqDrA2r|$J{*As5b`8O!NT{)?J;;Z#-M<;4)VW(xzGUfKqPj@|lKQN|3W5Evn)Sx^P zQTIolhITH7~H6gY`kECil6+Zod`5ldA7i+6%h|GK;|VJ3VLM z9G#~_;ZsR4u}IhrjvHz~jFxxAj)|4q%>$}zw-O_N z$HsorAz_g;eTI)t$*B=@ndSLBX>QEk&%q7vX~;f=vUg#=8uCT;y)4V^c&M6g`LV@e zH15tuwTN~aeDi#Rv!udN6Vu@Pc=c3H?leICwPT->Eg~arOcXBT~Ca(*0!SjB7D{DD-Xb`e@a2R8HvdDTA zc;ugcGbl47Ba!9z`S6$AqX498+Oru&stPuOy3RxC_U~KS90)}JVW}g6k8k|2V~|>0 zR8$S);c~K7Syz`{W7f8dQTX;X3CTQJh&!V!bp@F{cFTZG=IkNizpPib;qDLtlY{qB1B2%LjsthB8Q<0CS!iP)*U3Q%b{Dv z6>v$EQ*sS&fa{HC#>B?zu)RIG=rl!pK);-Za#gAWZh;ri~z1r7lr*0`NEAhM3 z=`MVVqQCf({^}-~>~XO7Mw2%YUhTku@}|`X4k!_wp|LUN)vMV|fAyo}$7$QEv}uE3 z6Ba2C<)b!-x6DP{0CAFSfX~}gtMeX7`P`4UL8l_VI|Wgmzn4#2+cH01j=h=4mATUZ z8;adVNqw1-_BqbSb`@cZ#a6_|Rxszg-?uP8$TGUJhU6W7f&53L{U5o!UJ1_1udTxW z?UPunVG}<3nOe_V$i|jkB||i;hjKfUg4MgZIe|;E4{k(n<6XXp8K68HhpJag`IKqJ zyiVR1xUDJrq$YQL%V591KJfYc2CnjNWnKvZty5>MXfmYgj3|dZJsnfSn}i9d)SG3N zOPj2V3n5#v`0JnXK^}`$uk0P$m+|}_ zP~U4VJy2=8U$t2CT>re9jzNYWwO}=V7dvBoKP}s>Lmdtm-d%kBb|&=sc(#P5x_Y$V zPnDfB=wh&?-zSdtvt|DWzkmJo``Yb)wu^3Yc;Tz6r$-$W_j7~ucG9Duui2$lFmv6N zuP@FJuj~o*^8Z`dv+iNN)VT^g;!d@@5_~Rm%8rRo!uNH zx(M5~;i%BOb8r&>q)X|r>#H`?Lz?o%xmwH`(W9d;jTdJNZ-b01pZ@e(8VbR`w&m6O zMS_1Ubo5UH)I$mkqxa=k+5VPQL(&k?I>xw4XIJXo+@)K|uRJVPlYqn2l`8M7k?buk z4QQyOp3gJhC3T#f^y`(r&yP{wuy=4?)dlXM?&$_alou&&QoS!=OaS=7AZ_-WhY?ZeKa=jZ3`lTXl+ADf+0 z0@fK;py<19?VHrTUtV*z?0f=Jgc(5FU}EB%yZ^M?oi@*BAOn7Uv3>hDw?nSi^Qq77 za=87%V2_3#?9HoAMp6NQFgf$x|0*lMJ%ge3BwhocYqJXkDCdSV`BHkEIdQHfy-#MV zD6f8Ad*~L}^cygwKF~|90ZF{HMCUJ>q}JKa?(Q1C`C#Cx#$Yqs(J`JO)*m=H=Zgwp zuLtaSg>1;9vzk6ZsPe=rbCTd{S$tZd@{rFDDJZ56Rc8sY&En$XOt1(qpWF0D>U*t2 z0RT}%NM;>&WXz}a96VZdknWT&De3OmfOI3B-?e?tIluG1pYIs^kL?)XVBhz>ueH{kbIob5 zh#yZ{u=}j#;u9{Bv=#IHyw^>)7kH3#?v9_;-JZ=oGn|{5p-aD>-{|jZK8`Ex$>lqx z`+X_IV$JJ%*oIuaNlQ;J(R{sdz*to`RPtlGwDDLXohZE$f#R9TPaA&N0}aUl2;qPE z2K-mUSV{p#gbvD#=Y{JIxq(FFaHVA49Hb0fT%oQA?@q?G+s?Qt>L+F*4zuUK`If%jyA2(}qcYzwW$LzAI3PdONLUr#oe zhNYS2)@4ik`uQ4nKpD=bt;1#;?!OAySK*Ua#dB+mo!u|p-|Ad;^WSB#OG`+^fUA|@ zxDbGAT9}vDlW|dTe|~?LZf|eDnZtLIfx-Eb?R5mYQ?}cFor$2_=W+&;|I|W4V8az{ zkW!2DU$gYTd+jK1WK>dRboM^bJ^m(jCJsSVCWD(-Wa=MM7^G^Wj~H=W`0&AeR7UI* z(oXfG9(uybnEJ=eZS^THS&Y#c#qvCH7VHlXF+qgGH-ky?*cVs;+SlDegpc)m4{)3m zMR^_r6AlWpkmABZF)@67qs9=1J^;k`ktyP1GAXTJYsN!ZO#0`D zl?W6@Y|^Yz+Am%04&cNBzJIfDecH`?ZJtTt6+bp>0UQBZNl8g3SK$Qgy>%ODFRa6pO4B^f z)QEHfPY>KTxF@b%@8&uJF-YPAiCy3I_Vs0FWC*T|V+c)_>XZ`2EM851pY;zjy(F+| z%)t0=)Q9_1$;L%gFMVdmn!)$o-qQWucS0WL_d>Bd^XTmJq_CzdeBp#b|BBe<7p5Qy z@a@XUBnve95rBSmVUq4q1HCxg1{p&MX~fAWPtC*H&1hIy#+>PC(%mZzjf@h9655eG zE`N~Rk#alj$JW<#`TSNE6%8;1JsnkoCizCH)1q%CTguYxth&eU?;(C2a&mG*Lqic_ zw_WD8oyMFT(asf72|c}x*!cKfhbgUG&cxKUKLEcoo)7D`;0MG|s%onHFmcL_MMyfkI^O9Cruhec;;d*GG9N1t zL9adyzcS8Yrkz*pA5>)Ts2F|Lh-qv-1Y~vqFCne(ha5b`F^{Sm|Ha8In@6yB@43ag z$My7Eiqjz1Z7k;;)H0k*rUEUltpDuBzizQ+p?_mlqU_suB9f`hK2GFAUnB_A$K}yj z(w`7AJbkL)b#$spxb%4N)N^b#j_aY}Jf7~Fj?J$bIIK^HZKOYqVImsmc{N>Bc!nvi z_@KMYxGqlJUv9~I(d%4|CY-!tYPqq6H3SQ6hE?~aUbm9p?^j9gRZE)A)DuV^9R+{< z__2PWv5`mNdlc(KB>=5_f+S* zXu~iKtmY&rM6&j(-zjO>4N;Wg-g}dump9xX_!2>{Z+H9PAVJoB1^c)ITee@@h_7Wc zGqj3h+sf-YdER+7-1YLj<=(@?+<+p;mhY@Qaw`{-mFlvdX#0DBeP|g?5PdR>wDEGC zy(NDxpvlt^;tG))w!E{QE#xp^`VRaQ`1R|B^#(t zqcjAXq>W3j?g~qr)uHW`R!hxz`V<^H9bH|$BUxh7 zaH9wqJfw1Ra>v!B9u_~pBqb-WRrE1_rVxwhpMJK_3psD|K>lPG`5U@fCm==X|K6H4 zsg(4hem%)dN-wdT2$3gf=g0H#cTKrzt`ZI0O*hAVcJt|Bx0;t6IVoFwmp^4qO(@J7 zAbuHMknrUs(9B@h3Y;LF=X^q2p$%$y<){dB%#Qj(1Q5>*=&RFxrxp#zgT>;ZYV95` z7@*M_3iCF2OXH{Y*F)h8^@BFKQ$-#uM6ohx`hm*sn43)m_^l;WsIgam2ya1N5tb(R z;UgDe`(Lu`pKP%CfOAopn%TkTI1@TYcN`IY0vG{+N%JtX+}&N$@`bo=9b%>u4}NoQ zSbp+0II0|zcjSF3vR0JdM01;&_fxNfRfnGSTRF*6<(M2l98fX!0zN}BThjop z(L|_E5~NF*-*C{Z(H$v>@`+j7{isv^{rj(4X%EL)5l_LS*ZGuy%yfTl>8>UsxiSK- zyZQGZceSK~lhb!xII_$E+Fb(_2iWvrQ11A?LbQO)(~|D=wA9NZU>YTbvFSv9rp6+< zwfu>JH|>*ovd2GIx9rldQz9%HpuUgRd7sWlkh1w2jDrrv#%Bzxxn)`N1{Bt*Qq)G# zSIQhOmI-0DsP9_mVE5d@#Q*lM_k0*Jlbiz4=AAWd8;L#{;X4T_QX*KTP>mJ%@Gc0K zh$x?jT6&;Z0_7E1EnS$IxQyd^=JoaHLx@nU`O8?a-UL{tH*dZLPR-8(YP=pG=~{1# znT-b$206P|T;N@L-+n0H-rRl7?vpp0iZnu1;sn54#%E@wS`DJrczKy$$g8GNR=qbr z05VHKSpIyXn&T(^`=qkkSBXG5{<>-Jr5tv=UVFH!>=eMLWl3y1Bat!vmp6S?8HJ-( zA|k45YLW)j-%_j#vG*$~DWQr`hbmcHm(AOB6NOr^9k>b?ovkr>sgd%PJf!T=m1?qlNV= zr;Z=4mjg-S?S^=rx;!~KIgdd*qk8=NceORj6rLE`kpREt(cEjfbzw4{mCyTbmziI^ zdO!JsCf-6r!u}?jdHwDVj?=kTsCRrkcO6FYmrxB)7zHbYrr%kv&Sp6`SAYBF{QK)3 z(byB2^>&;jR20=hL_9$(KH0|97Y#^qDmKdxRoLq2XDdQxTys4M%T&9ocP61J`R->wR@)oZOj2(G`Ur&Wob z)l4@-9_nd`(UX%4F*fYJ7Gq1LVDo)6-qX_)=7Cvk61#k3$m6s|fyftRBP_VfmTukS zD#d}*hV+w`Il|$vDh(e?#t3rVxUAj0&!gFm2fSg2dQC)gz8wrHmY^rIeJCVZ@{6Pm{1k6E6n z8y9UD3A`oZQU@~(8~a-?LYty?wz(P$79>t%1V>}2z^~0~%=R}OfqOHRVx-jVX7GS% zh$rja+pQeJEqqtlwBW&LY}I_36SBseA!fgooiK@U8pxhKfm;r>+ak){zD5R9s zo1;7`ikwqkj_P)sn$WUikBPhJtr$>2Xpe}=I>G7SZe=u~|%g@h0>Y4t1d~Eo8eSnx#Sx;}-x4S$f ziL_QNj}Q}WW^M`MqPL)*NxgH&u@Qg}<#4%s850vT6S~V+T2K%}U|B18wl~La!rS~^ z(BB{R$UKd2Fm#e<*X!ZgKrdAfp zdW8Ev_sc#-n?eny`Z zwy#n=3bgEzyjKhP+My;mqAx7gpDL%EKxr`J9vR%b)*o$a7{=6mk*VpnSFH|-U}Irn zSxYi2iB3r&433OU=;{*n*iU!errUG<)nk*;5YEc@ii^utd_XYDL{WCgz9^^sapXQ% z`lNyNpM|k`Y2D%mjMlUNfHVK28tQT)LTRJErig>J?^OxPS45H(DUNl(QPJBA2uhyB z%j3`ld|}O^k5uX#$yX&cNNnL174eq@XC@s3UHtU)R9nGg-fZX%~I`dP3!Wzl&R9R~BQ6%>|?ZrlUFq0D{HOy@J`iQjtO z{Z4OKDGRO9TLalA^_ypt=tU)Rla57m|6DJ3AMi*vTjO&6&2iz-27Xd!kwQ8AkHEN( z>iw4%ZO-fIdF)~3rVvbSP=*$E?FZ1e*Uqf6&$>??&9iQ`Uy+qxL#miA4DILt@nblvr6;4e%S``jE z%1zf`LR$lUeLoS#Hn`4%*Lan4n0# zBABi=OW zLNo<`KDEf5$kLwx#!LcD0MM_|bIR>f{{;fPVDag=P-QN&wLVb(*}Daz znhRoqiSZ_K<~h$uc%*1ZkSJMrm1Gv>GePVCI*;v2hyVB_d(VCoa;!k1i&_b-aTW*w zWukt-ER$~gKnMv5X)tKicXg^{!EH^4skw-7)bxby#Sw@kU*K($S5ly9h@%}I2~pO^ z&$_xYH+YlAbjsX`^=xW(oiBkxgpVA}a_H{$M{`q5kssAnHA8a?HZ)-ALs`+~lKm6@4c;^8A^ z7g4gLA!lj4K4bnn&9!L%u&>1~H zI|GVsSX?l#}gQ@imuLXUW{au2Go|j^pgPjREt> z2#Y9ObfnyGPMhaD3zw=(!-j0>Nw07DSf35DAe<9tJ(i0*a?g*PRAm*Zs;eh`<9Zw3 zWP8yw!db5MsE$QiDg|P;guC;sW6z~-#`Y?oW+-Su)12Q+Tj%|IQgE>5ih7@;>6dz* zH!Lxr!oX4roy%U86F%z_pNpO}zkzV}MOsMLS17UFj8THPfkBq%eh)ta0>UwXja2r* zsNe$N4l-*a{TYy`a5yT-G$CtETnbPzJp81kHuRmca2pRz#_pb;tsOZPl_}o=B0y8# zffTMBX*D0KK5 z2nqi7%tPRWt^LWEl?MW4UIq%mYYUJvlgYeYe=0scj?Of%IIH8RnxtXgB6IG`Sn}Z+ z)W4#fR_9UW%8LF#vw*5~ZKHf;ra)guJ01!7Fgt~e#Z>@D!1Ne514l@BBAw{*Q{Ryh z=B>@m@xVs{=8?A4c2y9}8e`K{zP0C-DZUi%ZSris>@19xN5q?G1W!=FC~Q=AA&%4DJO8kW&8 zEV|Sm;c=Rd=jEEbii(L>V1Blel9KJ1H2cr%rF+k{uTDZtpRV5nrgGsHl6?vw$Z7jf zm%Zw#UnzEj(Mxw{-yhYdw=X=jv9L~pfrG_!mKGK`yF*FT-qZDYv>N7=nWLn!JZ z;<|l}-G)rvb^#z@ri8{xu1snPQf+(buIehg*FC|lqAbHlK`aT7srVDk_8;-$f8IoW zMTGP5@p%ozq^YS3+Zat0+X2F~ZLluITM`BO@XVNsi%VWDyM$TmO67VDr&n6Ivy{{| zoC;nKml~xUA3wR%8rKKqse-9Q1vJM)(Gbxl+FKSPpy@p&to&~;fJ8YvqKK;#`VI-T z1>dke-Xj#Jte^P^**VmYu2w#@4bbrLXg+cQPEys-A3>!KRp>j8k~S(8`zBV+!diYH z?jUYV^E_;#R^~_Clh0W=MTBe0#p&lzw+3 z@@oQM_J)1&4D#yg1vDL*ZP6$~6dX@)0mM4Kv}22x z|L!OGu!G;A{23mW(pd5(`}_{XQ*A|B=q| zH3aPm02x}P5rusHvhA@&#Ja!b*C~-?=hSE)n%%YEZ0YniY#kQn%)Fs8Z`zOA&^o(rAKP_qv0;8g!0Gu`P7oGI{^uovW z063*-YKHwXHj*ex2%DK*n&7}VnssWq*4kUQ-6{SqVPR41*zE%`V5T8MVe`EBL1O9? zLt!v9G?V}s8+ozP1;DXfaacEA0)(zE(197R5+UiIo3n2fc%5OZ+rGCkpD*TQBw2OL@8R% zOk6?&4F>;BSu5{{jCNIG*G;l9hWy4x&2+b21hNVF?aWZdQ47JaPam4Mw@n$;{j3MH zGa@0Jf*qiH0yjv926|;x*DMqEHJnDa4#M1sKSFXcB zb;f|>SP2UY+kWzvzC3#3Hn*XB-O@kKrnj?QyPEcB0nTB;*=D0~ln=+v*oxaEfwgca zhRnA0oWcarQ`sbk4<~w)!3ZVnFlguK%pzOTmNkht;_&d5ot&YFzd1c)6hkt*oVlUA z%|gG%;xR76xQ{LsuZJF{Cg8~2LEAbt_{ush!Q9E^QZ)-5EQ0mktv?sig{CBmE zU)7|{tKM_pmFFWjtp1`?LfCAD$UJtD6 zn`7kW$a-um)JH-_Va}iLT1kM0_a5#IA^WXfBO%3KiXZ3)sex{etaRU1p<5rie)cif zGVVQ2XzQQ*=mhZ|MzItV-AZ0Ua-n~1KD*VSx^WN*_DAU9^VPbG)zthyeWL5mQY5N2 z)*5udI&_4GpvDnZygehOf8}+{RoMr@B0GEJa2!8?MMPv&!eYEQU8!@GE5ehTS}~B# zTvnU^dv?dF7bws92s>D;chyXnJ+8ZwuTLxi8zWy){vltw*5cZ8jeMoR%mT4ZvlbF;R(hK7R(>B>|XT}=AiSs6q9;|SrPEa48qL825lARipK{R4Gkcpf6$ z655zpxy{Y>JM<-TW)RLp5(B0i&(0hL6&J;6QYnMj?Q#yU1R9CwgI}{uI0ytU#4Bu$ z0ha4qNr{YDUWSe}3)k;{78Q@GMcdk1(r7Cf zSH3#s!uI~tujU^t=_r>Fv14Jcq-gz#WVX&bpw_&ex$u$ z>vK%ZFHnin>Y|4JJkheKAazkzmM8FU3o3IGk0Xo*hY&4_fLOXH;pEaVh~YXNM5P1ZoidN1 z`kCudR7fd$U$RlpmIP&wVO=ME)fCj!Iz^W@{ydZTs9QOaV35Ub{bO#=S)bNPfM$6Ph$B` zdjoZY?M*e=^?Ux zsGgxxQg`%;C$sla9M=$N9D4`yRU=14U*wnx$RSE9F# zx!+ZS*>+A~-%l)67kHSq3ojLLvh-8hZpA!j(*_dHo!fT_*L8r@4uq4~tpT;iSf7Ht z{4davGk;(HXUoys3-jyzc*`KW*x#Hx_yiyLW`XP(UR;z2d4(8veN93{(9b$yzn_Jp zqgQ1Dt3>h&CU)#XZ-(=1)nD`vjrBFTA-virQhzF z7%kL0s5>jl$?17|W_<^Uitk1BH_AI5bE6^RNC0z#Uljuo`TwZ|wT=(fVl1WX~vi(}5d4>ECY=u+_KVWC6tbA>FJvk8b zIhD=_u4d^+J99=!hMeO8Cuy}qIQ%&mE~+y(oEtc#X7F=yNl13~eppN1kIH`@aNOBR zHq@EP04-VLJ*EQclmyJ%`y2waWicD+UfO>o4XN8ZJD)wS&wc_V#W*M&6cc);#zWsf z>{F}Pcte!>Nd5u@M>AeHb;rUM9gO_kALoL>o)0w?lj#sd;iU^ ztKE@iogB6!KlsFoh6#Q8r|~^So(=8N$B#h|9hRtW!-FG62WhO|;3wL$2>%f5#VpYM!L{tfmY{1)K?%i$2S%yKFpY*~{TB61 zrAg%OQj3nPpPye$QW8CcstL&G;$bu6WbMzk0R{vE*oqW*SptYCTBEE&?k^vT6wV1- zph#WVpps82*Oqf-;Dr;m$u;<;N>oa!F3ER6SVT&MpWz%Rp7yDJGP5AP04d^s9rNq(yyTI!CW~6N6bDA0s8W_0rybI~$RdkMQ~P@unX;1XIXf zMQv>voH9n`%*^spEi%Bn;1(0LTM7iSw!-S~7uA3MT*@*C+?5ieNZ`)@08sx;EjGpr zxN8=>W4_&WMNnRf4w}V zA25pf^`at_kZbj>p;%J<;oc74_zXuu=#(-kIEYwf>rTdL+b~O{gH#PTMIQ*EOA!%i z%^u}}B+`TFiHYKpqXl0xzLYF1Z0BO9Fxv070Rq6g>V&?WfVz?R=+3bUx`?n$=+C{1 zjUBPSjx*O(V-|@^(3beIn@%HjADcWL;0`^_2!U0<2@u~wM`mU^&r8M>>;9{cbf$sh zB6QjKyIYkvA|Yv1)T=#O_ymeSOH4&i;XFQT)t&q@G)dC>U}_n6Yqa*7i_4gCwSNT> zE6&+oa!Yj0HI@lzR@R@SO4!>&b?dNR6UIAIN$5v=bEBM`oNO5%r3LsUvLK12L%))m zI94}cG_TfPb74Vr8?+DuvsSyi_s)Kdd;*7m#YY35Uxv~;7|9yu(ZLZlZF~Rycr>Pi zI<)8&F)jSJhup^nrK3wk((v1!F{x$OvdYOn#HTns_-4kmkPYn$nW!Y}@;j?SFuK(7 zea2%cXPO-7A4h+xY_Km%cF#LBEB9|$Tl>{aLMuj zIaI+By>TxvI++JkYEH&MRy1m4NSvRdlzr6`QoNf4bO2iRFyYR z4lkB0TpMn@X!x~RZfcV3WZHs@GseM3<%{Dh=Uz zaWkZ)!a9${P@}1-sjGyChRaM+BZ{WN!cMBFB7cq$>1XDyu4*n@8xpefGQ1t?%0D+( z^xt#+Q1m;yyR}t-m$07Wa#U?i6+Au4zJUL$B1p5b&B%G@-+Oy8G+535K(!7;EAozsIEo@gC#h$X7 zytJD#aB?brj6P$@DC!^hBCzx$W^7?3UIF=V*hOXYozL4AS;1c>Yp->@Kz!A&{xO+o zhHYK~{xu2CrJ6z)PV!&xvkVM!C?-saF|Plq*>82Nx9u>xG0;)9^DUhRY>qC?ft$-i zR6bX1n3c_zdD(xh{QuYSC4(81UcVfsS{*THnL7)Wft_p6C-7w3qT*XQ3UPpvS?>yj0P$EqmQm2Cm72X2FV zFq;@mnve)HJbCIToaWGW3>eerpw{bPz2XaHz5r)wi=i%&{fEsr2(k??)vwFvFJW>w zPq1sT^HD0;POVwEb^U0Qdv*EUf1e)zd4Ci2z>`@=L8Vk|ab|)FR18aU&mccxu<>#z z1pn#Mrwr^6=yZ=<1 z2(0HS>2=C-(m`*{S3eLm*JuS@xuZUQEWhv4Z8W`dS2f$^a=rJxui4|;{yR4}ciaxy zy>aF2;IjK|_Ky*F!&<;+{JX;bzc;!QkXH2aymxa0jPusSDvYr7LvShBfQ3k+yyh1s zv#Hs;myekH@BG$ACl*#Mw6x-G#ifEi5A;fJQ-Y&E_KR)=9JAV*1ZBC~5FFJzQx@3q zQ-pZv`Gy`$U|-^hs|h3c^ZZ@N+Z^{6UvTTpWUpYEoj8_UpSVN}qdlsuBNQCwdd2aphjBgtkq7qej?7s1`G24EzdrlCIH=Tlus$x~krQ#K z1u$p<>3Oi0`x|hnX>V`0#}4wH*HM-s3#$~^+YS6O5EK5X0xW(5U+^T2lhboamrgks zgCWm7SHlwMV^msrUWqTpic%+4(4KAgrzSKq=uh~uv1tHRtMb-gDup9sp+4-+(5RMQ z2E98(UgoXYWYI|Ar}snZIAVq0#5sfT;!+dITy`qLb3N}-qA4yiK+pWG_{VzH`nfL3 zpFcca;Om0zo|Jgn-IMSB)b6$lJLi#;Y+Xp#zr?jW{W75+aMF1kQ~!F0lO9;UBKVZ- z_0OGEhOhnjz97X}-$38~84Zo>2Qn$?Vg~$Cjq9e_E2P2XkVl3);#BY%339i$2)5sj zzce|$OxMLDm|>p@w#`4udVr$BD0xK@r2Xu*-+7c>gx>gfpvd>dim-mGUO zb=eE{UF83WLwq_>?Hx~P&(j2($owy#5=ygFR($wqp+auL#U(qoJTHNbqPg|t@Zx_p zVE_6j6b(LzKR7IC*z21}5xylUV9gscKi2%QSYV`q0I#-`h>+OBY>6-(dX*P#BSH0! zIO`jUj1-LgWh87tL&#EFAMad;id3d#v#fbp$%Dd;?rwrw>{_d_moT6?LHFE-u06NI>2-Fy5x~Ry|6COTYu36Q z1*sg&8Tu2?jmptv@EYF1drFg%k_xclu1Pv7=lq1z|8k4mH-Ww*XNPB^DNIVu1&lQ( z`v707?q20+;ce;cep8E!x~nW_W)v6^#5(wcRm}KBVcdgxTyXFuKJNpOIYx>L7s8#i zavEPz0+2js|O9T?)Cx-CYrVK%5B^ z>F7HI+7>V~&C#i%=1s0i=?q;@>}1Ju7W~0RL6S1Hby5A`JSni3(UPp}-$*IPEbBsK zr=t;By+*zS*&o(7smIB4fPj;mgH_dRS606%gQ@__J_ zP#lE@khJjbGdkS*ZsviJY_ES+* zhy`A^@|v12v$M0ovWvUO=;&zte7A~@hZ2k($S*32y}EJ@4h{Vb#4s+`b4!e{ojTwm zKlJhUkk?&hNK)n7Hkc+E3lEReBzfi$VBH;B$_bCE698YaD}6B!2X98L#92nf{$IV~ zf0{;M1*aqkJ!L=Zg$_sU??mirOps)?E5B`-5r_SZHwyvzBqYw;7XeE|tk!41mIQ8| zwhf&LCGz1z*0sCJ zpQC*9W?Z9wFUAwvrR4&KKC{aF+EywHnG_DP(#ER*?-$##7Bu?RK_ok?_!o+dBO-p>`R zk*{6tlqS^Ie+;D0vU2v{+<2sO;XChny=U8nXM*A{k~cUg6C9a-?J_+)O!|ju1?xLg zb2Ha8%BZbghkhhIfne7QudozIwq171yH6@$*bHooV?fpF098bqa>voAkGH9W=M-K6-1SVClB>I+VaGXjtzL{$fh{z{fDfwtbU?a5R(R zMtM9au^U&_6UXiaZsG< zo%mOfve9s_don|xX62z>;^k|tKMuTR*1+sJ?3>Ig;ced)v4=%S_)A1`u|?8Jw$!mi z*!sb89}UEX*inSjva`BGLn0SdT}E;l9f zypx}Sf#G=Jz*D99{`Mfb@9t`()Y3hY7E4plOFXdwx28Hhuox;RSbWeMK{v08vDx5~S{+5%| z3loI7Kz)$=sUgV$B&J_Ub?-LC_)SZ|g2;8hiyMpehu7OV$(FB;FE%d`~8Sm8ajSz0{<_|HEywf2?MwM@R?RpCF63>6WVoQ@?Y0Sx&I%9~rQF zqQJX%W&QyHA2Kjks0|D*J$~YBxEA%$hJr{(L#?-vmGYlR%_9k=Mj zJ)TJ`2|1%gX==eV12eyX;I{7TGzvigz0Zu6(*l*1OP@ynZ4nEM4aX(Wn*shQRe94W za~_+*B(IUgB6-ig&~ZqBwdOv?1}T^r63C?>A|+ZjojB7*qGapn`V`~9AVIo(n<>@5`O6a;N=jeH@2jxYe5>w3#hv2;h@<>T4$aZXZ3NXO_h&+TZu?zeUfSoF-gy~dlI131Wt+KE#SnvZ9FgjyGroH{gjL3gN3~7+D2NU6 z-FUnVt8tPZ6P5a=m**`fF%=c{^TNwbD#RjYN-$d+mj(oi@tmb4y|+<^5QM)-NQVV) zX(Sk&{a9eJX66D$wj{=0GkP*ayWR^9<(HxcLBlzNZl>57@_=R=qZ0YZi|^7=i; z$H%*95%~D{VL3<h=h=+!TPsiwk;ZfSrXw;9oo6(l74h z*>VVh$ke{O3QVHCrzGqQUxr^?Mv9@d;ylD&`8qqton4$Y78W3Y9Hx^fCMxp9#_Va3 z%dhd5&XDG-Jr~RE9bv6 zjrar}L?i+KgHywf&NGb1(?od9_lhr^ggMX|vk$et$_9UV&&(`o7m#9gZF%a2XSTM! zuAa`wl@5%TO_C!$PqK~^hulREwKf3F9mV8%6uQoKzU0+%XX%H;zT{q6m%=iLeb~>g zvT@zb`*+oQD;@li4YRM#KJW`c*v7Ef4?(agu!H#|fgoE!QpwIIpXj?OM2f;A!qHYJ z&cRM^Zq~`0dcT(ldlio1C>WoEQlx$=DTtXQRM8#DHDHk}8zY+nYc^Tn8IyB}vZ6ZK z3)$S>XT~rO$MSoJ#|olw3=G%;AJ_@A_rG}~(;aG9P|GJfk#Q`6hhM=dNUm)ptX)D^ zFGK<{e+VKAms!JrEJ3a$GB;d>xi*;{M;v&z<5dGWBqvabgy+iedxEY$miwSl zp<7m1_v90kyWlyIZ~paugY0*L!W4#5z@_I#wh`q53$Ql>zIK0o5cxzOu-l@a!*>*@ ztqQuE=Mg>ur6nCCPKBvNkdkrf7prt)O3S200hdQZ;6yg*_A2J*P#HImW)RIQ^hiVL zI${TLFRzwGk`?rhQoRsm-zT-Rq_*gp81Wl`f0_2oh@??ra>W@tbUjW??6?Mp)w4}(3MMIQI*Vw*jZbUJT=bfU|w*QVXZ;e519YIOo z6OBz85df3})QX&pOz;XcJy#{c2g!nhgOVZ;*@s8NU$HopK)(m*9GhAflECrER{9qf zm?f3$y}e0}YC?~bULcAc9Ua+%bFddU>Ja3EeHR#mJIH&k`N!-FI1@O*WqvCwE1OwZ zwxdBQa?mH)2Wy4@1z7**eW5RqkBDY0tCrDo4a&gO^4e)$lVN7H`#GeSey?lee3%FE zYeVi7PYi1W1m0*I%q=D;(f#3C9AndO_MSw=ao#@idPb}-qfl%?B(E{0%cui9*Mk?a z`Zp%=3f~j7i~iF)!u}j5OxjY80xx@A90DpjX6|`}?-q1&BV~A3_h=U-*ctj$@f2+B zJwyEW?${6J{Rs16TF+UB*~Oa4GuW8!mfWvq9PXH0X=~cn&3DFZHvyao%y{p?B0{gG zv6dC%uP_C~$vo`WTjOc}eCPgCuKx2z8O{f^z*{H;_70L;)ZdqQG?Cs-zXc~U3FUh& z4JKC8*YxzS<&W8m#-iVKz2DW_QpQozK3c(-2CzIxTl&9!IHB%nAe zS-L-(g{C6s3=?Gh_P9l;a2xXEjU=$6u~_6V_!VUGR_zl93!7^DXTa?_kXVOOzakYF znegj?d55H0&gq<`!*3qv2IIFPnKQQA*&HmnP11vgIVC{Nhf0I<&VCIT+?|%%f?j-Z&Qwh;5lE*wM<*tXEXRO#jWwB2+a(Kd z724jhxR1O9jzW~*7hMbMiklL-_iKg0@JM{wLBmJ(eZeuAl5+Z)jMZYJnzcIz9ubGN z0Gs7}o@Xp`&NadmMZ6gb$3enc(rP8nUy3!T;MOnTRD&>R8?2scJ}N4wv*dk60MH%a ziio9}@HyKGsz_KI4+0doNS;UC8U<$S3a5Req;V~y;ThLQv>sz%p^%ofp80sNIST)+ zeAU2pYCny*O)*RJ11Xp9MUVFUgnsw()g`LxLU_^Aqxzir@Uq+{j%rgJ75EW3fmU@Y z`Pm$DiIm7Tm}9YAP|cE`@CAYxm6M8+Ln<9x`v6b^JSzaUbemJeT|CUp8O^fj;@@n= zbQw|~kbBO}a-X^_1YK*nzL@{R1G@V?;5!F%zv6s?Tb87UU;M4yuDj7x7)o`gNXMCm z+SMq)L|p(Y!_)#q3nxb~I}Kn|Ve%`CW$??`^Ob(!_~(nKpEX0Ud_6SPa_4Y)7|36w z0>qH%qvYRYy{^V8*(Zj)jz6dOfO*t{H?mujsmWfu4O24==48-&cvuE=0R&SP5!gvI zZsNbUK?ieDT>yo~U-76zd3ftcXFyWzYk^&zdcoRGNw;3hKZwaO>dD!uB*6c0G<31m zGdmpsWt^N^chfcFJBQM`m(!G`FgrfJu)wmx0k$)?jU`ej=`k5rUa9s`yw|poBE1ld zGk-bG&dc25b^s^XPlQ$?X3hT^ZR5kni_)Fkj0`f^76zyXuI_8q3$I^u6`b?##ae(! z?tKS$4rQem4(Q=m&VUk#Q;^{kCx5w`Yz2X+3El+w3ed4Eu#8y!J~gRk5bGGg#7PJ` zXaCoTPYuU0WSEm{ih0)0>Rto!k-+Jm8=f||tZ-2%rz|)KPAk~ox1?iWhzoc)ckYLR z^BX{U&;A%8!o00^!HQ>^`?0voN-zzgr6}Oe2lvwYow@(*A#ZOU=)fY;BA_Bh4qyL2wypvys%`HBf|SCLN;-5a-5?;H zBAp_sYBc0M9A>ExyHz-PXHwYpiAo}gW_wMt3&$Z6F>#Vth>&!ko{_zXWi%MNe zsvoREPF+q3oEH(h?9@RW34N^8)Zvq6H*O&Wo4j5li5>?BOPk6H42OqLb=BQvO|yVz zw7X{h`mo^M)~_+X|0~hDZgP6T)1`VlD3Tf;`UZ+6kN5N~BL<59OIA3ek+>w&Kv)4` zP$E6E6jLZZ2vVp-rcLAaThB7Ae{Kp?pP9RGRSQ)MaS3r<{t(Rs)V?nOy>{H{YBA`& z;r=>-5N+?ryg+5%#ssEu4sNDXTIkYA*;=P@Wgn0wqC&_D5#yb($ZS9Sb^hUk!@Uf0 z`U6zc6438?eFSY5+ki<##uq8t$+ZKL?g`whj*&#f9*7W46Vi(;3Dv-JykqE=CH%FI zW@7-6{4w%!+BcZ_;mFvw_bLB#}Vs?*Pyr zdVG%DenSrC=_|EgP9cvlX=2jo`0Mu}&&FpKvP4N13TecTX6lxn1gKQg2ofI10AyWV zYU3U%GRD!ZN)>=g+Ply8*;D+7MoWW{1n#Ws!DzNwiGH{rN){iUxLc#Zhyrou6AP4#YpgHMV25w@0y0%g2_;@xB~9QF_tv@I0rY40y&k zR-2(65x%pa;+D{-xL$S}G=6yNKW-vh<=~Hm7iMxui(`0wI;wWW<-Wigvye=)rEsQYeKpx@}tK_qxprv3Qh-$(;x7(H=hdVCPV z4C@HNI)mnt`{O+xs|aPMifaKut`YuDZJzaGfUjKxOK;K!vZ!fjc)zi+QSG2Jq73iN zQXh|@_20m?v`ZnVkSPBoLPAkhpC6T0ZaKZUA80}l_E&GN_|obSn?-V6y=oTN#c?I$9|FQSOT?@f=Qx7)P3L=~NC zQuF9}nErC0zgGp`XleT*LBz8ZB^F`L^F;mmdxA1&Y~-$e>$#S3r+3=*9zk6N4YDr_ z-u*;&{}o`f@t6vAXh4?dsiWU@(cg&LFJr-{@bS@m>GjQZS!K=Oqu39ts8IgJ%3}5R zp`oGiJS>UsBJvRo0jPU;7#A_jo@5QzdF-ES@b^8+E2KHhaI)&}xdLc1eoig|K*-Rq z5Ch7I#Rq7hOBlvPgbTPbGPoW*122j=98!-_{S#90y6zM*$;GC{L!S-QVnxb4>g;SH zkSwRFD%Oz-1dfB-CvZFe&U=F#$Xx|~7S@X4k}3|_g+*m?e#pf}xb~)ac*~JOE3b73 zd`%{knj)JM9?=!mmp|qF^y5)YfVSwWC!Q({t#PDxa+s7{=(@`BkQPEpnoTWaQX5AT z9Hl)BKZHpmsR$;*jrTzr&8nJ3b~d2EvWU(LWs>IP?5(edLfA`3FsPR;AQp zJcZ^c_lrWN@U){-xuqj87#rb8#&4d)64dr#7!wjwlX!Ss#JkajRw_HXn47yUL5O;Z z$jEYh^5}N?YXRa!fSZ>dZuE!($hW1h8WIsr6xpsh_w^kXxE!>9kenDrZR29*H0}uI z=ytTzY5aMG?7vRe9TaYsF4o8OzOtf4*8*pWKAB1UEHo`roBFmA+ovq* zabQi@fAI))O#`Gd=`@JLi~K{4q~Rw3{~e0`!dyrn2^5Miyr!Y z-@p^>@$>xeThG^kyR&XdIGcb@vgntp&*S4Xo~H+sWoGXVFr2veUs+}6WRKmRxbMfc zp7qFN=Rzb`Dvm(!yr2nN-}HZ0P&=&LOCxK z5h?Er@&lY}bVrgM0N&iSdliR#V#v>J>b$n~xJ(AV(%}K;)bSIC3JWXZudD)92PJ_^ zsclA_1~PH$VE;j)5$^!}d$lZlB>DvKJ>N&lPy=+Br=`s03s#GB5K(>DQk4APMjMc~R0LAe7Eypb@M~NSLu2CoSjZ)q1qf(zI zMD?5iK zVOFUx{9;}CodQy&I~+|xYeWXti1mc;6q+kO#)$Qh##5bK%TXbfo40Oj7Z_!Vhxyl- zM1C2uzK9W5uWfe992=XkqS8pi58_vYyU8gijoKTw4=`EMqsbK72%T=hEBfH@WT)jZ zQ8RSrcrM9$TQa-Kz7>D{`h|j^$G1E7fwfn8qcT);zak}O*=@8mdmKWxWo6vZvqAhB zlZA=H@G5e9F~&vN0A?+TC~(-)BdOZCs$_2W!S8-PKX?b1odYUKN`kuGLvIUZd5AH; z<0Jb7en=d-+57jn+8(6=GtiAtz4_wX%hwKGM%U?$7oBhFsZ`i8oj#^2PP~@oEeNai zqE1m4mOHaYtSYgen@!s?`X(_hMku6wV!DuW#~o3Ab2oL8l-Z}U#U(1vo?hZ5xMSfx z!E&{w0L&2tW-!(-)+~oNf-SrsRTJCo&s3{8RCCb*Ik)jnm03zv%ahxh3{c5WrWSct z;?p%kO&^WEyt`oxlhnVrLei@0E}(OvivW$|7&Mq$F#r5I<_64ChRZA*ypx4~pL-hu z$QZoK@8JGMeDattHyue>+o06KUZOcmbKda?K8lAi|MiUjpFQvcL@e!==*i;fbfH~I z$8bR9os4J0hG0JZ2tn#fY><2RzD53K!V;=7A1r|6?$87Z=C5Q-nH^?ixEjc26?;kf z`|qOA(okc08|%C;Q^oPidX{(CmyIe5|9*JF8OV8;!T5%1&Ol}F=MJI<8LF}o#s(g@ z?90aZkf7t88%oTifPWN5rVfSCv3G&V!B?Dk(v|KFQ|urdI!0kxc& z_(43-kCGX=f!JA){Q}*>ey)A<0l5<#i@De`9_fXw43~IP2bLEKoV4>s87C}$bcM!w zwfvC)ltR$y@r}Erl(Bi{!n!@H{l*EGF*7OxPxPBrnxBq()~h%B?FCkGh+UkD)?* zXH7mlkvjed(s;{V>Mjm9sHl~bldy-_kFlm*O!>g(}hjx#7x+F% zfgtV8y}L|-_aT(djFqZU_?dTurdWibE1&>Yg%uT#g!#}SCwpTf?wn#EqL-0I`8Ks6 zO%Yl)vz`oE&c1af)xfseXlVh!diaGUHCw%udOL0AVxAJ&#HHnCg#2S^1~rRh0HLJiw~Duta&dWC zTP(Nz?&?!{ASs&r^iLs<$T>FD6{oG-!6K(52kk&`%k2uIe^h)I`2ZDbVYZX7=T;o51D9si1L zd~(dj=}(qoOC@o&C&vD!W=)IYFTTDxx&*qFjIg&$&pD~y{YU@a@B9()GdXuG6Hxo} zCH`|yh5{iE3IRlxyIn;@YwPU9UBS3_5T_RsU`T7%0v8vi(HJVug2GZRnhD`$tVdse z${G z!5CP(1R7&SHsghNYu>yG8W?6$ZRVb~b#!r8?~Vj*``rz3<`q^Y%!xwv&3 zbKE!w4V$>(7~*nSWrh)x{3PvMayg}%B30#9=pVtO9}llz~u*3;P#TPix9pOqQiw3Z zg&qYJ?2`3XmlmZ6vTaO1HDqGQbW0OsU$Y$NrNqUx*^`wUXDeG%( zirW_ad`h)ZLUrvYw|aw@3bndFQL1+^^UDmIC1|P3DH#M1KDZCzul^T~@b@%rd1Pe! z68qZ-xjW%Muk*idDioj`?b&EDQ*iCtHQEo7MN=aDTGvg6OuRn8aYKQ?*_VuORQ8>w zztweGd)2`Bu(NYn5Q?-My)4WnESw!A3RdFT>3}Knr#JYO%gNE^Gz|N1GzT$X zg0|a=bBcSad?L#*Zeh-BV>t;FuZc8D#J7ji#DKjPli<$5fhq+BF-G)~i+WOKem0ZH zy>0H}QO6IB^oUHYyEVAYRq|?X|4EF+XUu4XGttM+j*gle_+2uur?iP8NO||;p-=oj zVm@57_lhrF!mtggGm}I&PGA0H+B~1U{%k!BBR@YTMpX`8FWW%s3QeH9KOzkqFUBDx6R5hl`()|@asRq-ic=ZAKk?M^b*M3Am z-E`hl?3B0y6=HGoD27VRzxr_^ew8x|UaSZ@t>l}PXIRk^o$;5dH4YC$$8ls&14RZC ziLHDdJ?gx0-#dJ^P3|h9OGs$i^x)a*v)WRCI;hvHF!B?)-`WxM03uCMZ(DnDm2D@D zBX^(NQaPn#nUR%MJ*;q}ZjZ0z0Q0n0PdfPFt59+YacIEK)>ix@`80p|$M0|4ojoF* zWRH9mTHn>5EmhqdzARswO(P!_gL|Dbq#6Vg$&-+ao*p;J#Bxj$vVY^8ZW?yfW2 z6fvswNrch{vt+S&u6lH$N!cpOAHU7l5!L)`w#u>Bh~>Xl?>~{@p$=eG;$0A2?C;#9 zrEDFDfC`G)K`!>>mfFBZ@Z+@@FywUW(oMKkq|L)WwxcH-B~nVPCn}l7F8g z@LfVz4wM$20QsG~@0d+!bR;qKwgRwP@VT24vih1z)E}u3IM+{^o?4Z#8#f-39{I8U zqCy%S9WbM-a_+TdQw&%gtxNYb-QOV^aAxaBlMQe%;gU4#8AzG&U;{kT4?LPj*HO{G z4$wACL>`3vO6ji$DoUzYY^bB(6vp_c3FUTGqfFZogwFCXP}OGBby7Ffp(!o3X*vUB z=xvHS6zw*_QYZ&d2w~0Rut59atR+p5!kUCeH))X1uKBlNL>+y5*eU?@ah5)DvGeB| zL_lRFT2k=xZ)T+}S8+GKZ*&t8^mtsP{zJ<}GZ-MZhPoj?R+9MbinUl1*k)ad97W%( zINSi)uC1w1A;^B%1aD+xv_%r93FBJQY#!JhX`nTmEsU`HKf(4f4HUV^Ya z7N?QSYDZ(B?c(ba0X-Oh8L%Iln&lo{_6x_!Jb)h9pA4*5nO!QA+=GSa;M&S^cJWaz{s1=_H<@&^jx1pkWTu(8vHEv8jr()*HB1d(0C#58*qv zsGg{s21XLCkcdil*hwo{~38%qXhym>lU7(p#Ja406sxN0j9`1!KP`Ev(K%*eB`6D z=K>r-#N=EOM22&Q-no-xD+5d3R>R?%?V*_fc7q0A;yt5%<4^%cD$fZ83kT;lNWOgD zC}4O1VsdYg6n1>IY6UU1coKIbjLp@>c{^mESN|AMjf!LgxV^CGL-LY|4>h2Wp0I12 zx!P<- zN=jtfVD*Tgf_J%|K`%hIm;$>AX|DntTb`?TFaue=lI928i^vOBfM) z8YQFvlJ(4l2C-AaWT6I9BvLXm^6pZ@4PvVm4x&Y$jx^EE1@L)&a;Bc4gK|9=^l_8j zdl$B<0t4z_wCm&-oLuKk{K=rdP?Pio%mN|!hO&LKd!CDhV%~c zwU2^kDg&a?D(!T2GWkIl7I^GFuA#O469K4fZ+9yP@~NN92|1izBdkFQ>`1LxOP6NCGCu4URvDW& z^9V5Z?DXq$wP=euC-4gxcyVJ?2O?1#Grid8Q^C?;JVd#E! zbvSGg@u&T(5>)($(62)jM3j{DZf!((XdHvDZG=uZeWLn?`aVifVZ=a{9oFDZ+L+HS z;!SQ*#$g-dJnBMq%?Lyd^AIV@S)i{^-zw^ppaQEr{a^+77Nmc3<9*aW`@oljHbrfQZw zeQ#*nawJ_1OnzSXU!5&JfK#UGH{c|)>SW*Jn}Y?|p2cPUkX-uY3=kJ8Ojs#%iLH~6 ze2Fb}Evm@%@K;9XyF{M3{Mq!4l?z))^%MEZ03y)WURGQW#p zhc^-2ZSmyZe`e{QH-}^>l^mnSufpO+%I*^pjFzRL-=t;!+LwQJWll}bh}b*6Gx~vw zj*j6IS{~JyCx$wuGOtq4TjAPj*)&)p-ru^;+beq1Q6c&+kHg|=6!fjb4Q*{-jCZ7i za>Tk=;Pa}&ZY&Q5hIeAOo?)axEBa~(Jc;q~OVVG3S5CPIadVe+%idT;p>61f7VW>e z5pyez)gwL!pYjyzK6f2T?niqneDb((GvQ`6_JDVXo&@}2KthFILBFJR+1=Sd7FJR6 z>q~RqY=RI@q?OfWnMjp`&MV@vh8&fryE*msTD=7%t4%*IcGovj?Ivucdjw@Z!0-Yd z7ruETCgh2biH=MWtff@FcIY6kG79q0Vnw4P>r0WKFsIVzvCJFK22rzQB_r4r?J^dhR)8;Dhs=0VoE?6 zZI~iUjq{bYut<#jh78P--PlUDwK|?jre;Bch>1uF6X%bBbYc4*Jq??bz!hq8dAg48 zXMD<|*ZkE2fkGPN&bsjUgygayHVF0YTiPZVG6{}RIsRm^<5Dj^suHw{YQM6#Mw2Cw zlm{)j8v8mB-RB)*Ws^UJkU!gld680xZ0&KUSx!z*vjNyc4AG!MO~G(s`j3K9ghvpt zD4C=Y1tt~iKqoM3Fz45hh3M*6(NmWOAm;3>PFB~>vH6N2~JT_CN@lav`9 zKm(etBlyo%sh{P<_NyhllW6#fut;;fp%K8eU|taVb)CO>d0iQ+j{;0t>_@W=(_2r!2+h zO3GntgzH8-IQ#c81N-m2{Myn-SjUdTla7t-ye?BTAt7O(ajyNfVX&n+^Gm>T%#jlD z1tukI2y~!G$A@HPyi|mU^L8F=)B|vF)&dEXVdh#<^?udUKnuGl>V`}vaG>2@pKo>@ zj8hS10@hpV_q3mn+dj+$ijB@S`biF_)oe8gcAx2&h1LPpS|xyCH{Jg97DbCua%#F5 zs1wP(cu}}e<8flyKRjGJIi&Bp)P_6_cv(KJ#@$%?UAk^B&w=o3*;!?TOUZ9+?7|)y zwndtKaHLBY=Ry?1yMt9e%|SRo`!>(#pWjASpZ4_htaaac8vhaqdimS?+UV-003R^y zE*oGv)%2*BLuM0;y!~ZwB*mxE(X44`@E3r8tR$m&E=0*{^6rD^Wr-Is>U#n}C4kc9 zAq)(Ys~pzl&wp$_ET>^-_!2UCa5qk*#m4APN8 zsXT4CZUHJ5Y+jsa79%n?E(#+OXr8^5kh%c6cg1(#)9wf7xWc|F*m&naJ8mcB1}egC zIao{+kY&B}dfz3<;)hF#gQYA(5Gb3+{=!K=$&`qRLR5I;4Z5nTsmVnTzinjmljpw{ zZ>Q4AHe!oM*F46IE$PUW8^j*Jupf;by;Xp@oQ5u1nV|%-|eUa`#~Sr_zEW%LHPI?D-w#tNnYf0TAe9C$L}BAlQg@A ztZ0Zk8gCx~FnLLrrMk5Pgyh3D4_Bwic&(!m;V3f;ON7P+3H3cfRKxT0bAKz>;S?T^ z^!>#CO)Tmr1PS#bZL03ZOL!kJJYDQVnAP#kJH>V06~{;b41uSzAf&Ll<1hO2>dVVr zX9Qh9RO=payrHjY$94^WQKuh8N~nd%1KL;-n+dktT*BYl*iaazm=S6_UZ{Ugo5+VW z5&)L|0+H2Ln_H*_2ml=Ntq16 z;Q9+G>%~;NcP}UpN~%XV6I&aRv@#yNJRh9#!|uKMl=zNY+-q&PlHaog0PR$l`T`}s zk)?$K{%EZu-b8!%meteC6kEqh16L&oSwejL^ZGQP!+P}-jjF%?-3eR&&`^97z<^D8 zFA$R_ASC$MVo_1yY>o~NH39ft`rgc;L>j89RGAlJ`D+LtAw+mq?)VLDbNOwe;iuFi z(Mqp#hwX!diA`)}`R^nMrCzJeI)rVZjPo%}`*aOnKxVTqg|L#6L2 z)G@$J)tec5)Y;z$d;xi9R`VP~BaUN6&5JhM{lq_;^=A8M9ZoLd`UeEmhRLYsu5L+S zxLB{wKp*=*ez6zbB=FEDfRb+qZ+)UvU->aaIH=%V>1?m5^V zHqbVyB@3hqGffyV^nfCC-+g{^?-hc~Xg0mNEgJ}tH&_nb2BAQAZhgk8JmF+_a(5rb znS$Mpm%Rv$6<@ym36wA=2EQAZ@M+T0Q`(1fO(^+fym$#0t|lTwMBylR3cr1G^2TU+ zAf9##wCMG)*Oy980VLC4!F`jWdU&m}1-Q7)G!k!a*3H^}rhdC-y88hQBWNkt3?8!- zh`LPn?oN2eQFzkBlIDw@;#vX?K)e{0jKaM70mSYw>YTGM+}FZ6uH(d?QZGI zAj%rmbih-<8q?wB-;Q}dU%KcL<8dgz1P@=me0=EXHL)BxjAV$38%B~;29v$=-U&V^ z6Y-=2P!jAY|Af!TVW`%aT`XEO4K;1k^c)<9c9ym_JgK?U7zmd!*_&v1WT>2F>bdyP zOs|#70nAD{YU&Py>G3Z!9dsCFY;LmO#yVeK&Y#s{U>Lt~?k!D+$f5cnp~{+A&Su$H z#u`p!(-kwymG`>L2^5giU6v2Y&5$!`PY^1uyvq?oN~lX#p@6I!a-E+3=${htxaHZGqJ)X z>7RA0a+GIMKc}0mE&@*}SQLUC+{cE|wiI3i5Sz2+luvs+vzGfzShfa-hj}KOIpN9Q zLe8)-oS|+K>GnM&f^|4wq@~g-Ixcj|yo8=$=LtFsv>PJ-$c z!<;a7pPb{9>k1bQD#V6_fPyXoxaodpAv7)#Z1$jiz@UaHmG?e*k49~oy#=J%*pxKP zq__OJF`|~50zzL!YWgQb90?;YFfMe&m zD>()#vG~+_cEg~C5k!cjBR4qDyioIfuX~ffKk-0&zy$w8m3xC~SM@d8izcHFjq}o& zFf5@Xu)L+dCz_ghCI|HOA#JGHX~2rpt|M>O?!5uF81!bc+&tp^JGeQS1?CtGNzzV< zn2ZEndJ%C{MJja)VuS*A+dYz02I1bWuC2TGG1MPJp1SM7xSxqRep{J$T^#pkA*V#4 z#0a$Rmagmc_uT?cc$F^EmTHkTurz<8LF39PUarJtezZHxo@jWuWt|APvt4k`=$ZuT z0(gwlAceSkl5!5suBuYQR^4*I5=yM>KRCATHLX`GyY7!az}MdDHaU9y|I0PMOOQ)i zsIX2>x_;6-zADqa(~{NS$0hl-5exEA4F%M1pFGhopbSIfD^Z2TPt{sv##0o0dnHTv zP>QUg69*G>!qKYoJlTdUnHMBs`Z6V>PpPP=P%LsAnK8Bm1)Dc^4s9RWzH^`#IuA5? z%l^<+8Fj`$K749oq0oS7S=6jSy~#U!m15zqR1s+T-?{Gz>qn0>R{=cE|F6g5YUsO-)vd0WCZ;0QZU{Q!RK z&JDN8tXD^Y{nvh7P+xx?G%3}~W>uIp#u3=k)Y7W|K{sQM~an9t^!MDk-4T%wU^QSJ(4LAp! z2*ZKS{hr|ME>>wFnGaL%frs>{d8;TLom990F!ZfdtE&~kjgw+kJGd)Gw)paww<9m$ z+f<2_@EVLyOr$7To170NSR!v?;Yg`zcz855HUiB*{fw4Fa6AowsD=qbfH3{Sj)cwx zkWB)a5-LA9#wLE5LMiWPM%<{{QFG(w=V!bccxK|dElQM`z}z^kW85(N z{Ze1x=QM$~esq5JS=D&$C|jLGQcoVus48&os($$KmZxtsUYB%JJnz6_w=`E5`@XG6 ztM{jpxuQezJyP`{@aT2K_t+jptSEFzZ*QL0sWV`KHa!sp|SWB&qlT&<$Y%2C_n?yx(}PGx(} zD17B09vpRAtFi%r09Ke($0~^Pa`x#%20>EQInsEI@@|nd+Q~dHBt^yj>!>2^P@r^7 z;@FYwJ$bJ+u_C?BP3^70@FS~0c?9HGnI+y9HEG_eC+%WzF5-XNlBRe-(^f zG6jmt_)4DJns8+h5)&E?(~;m5~tNhGw0scjI|o3w7f~ za}s$DM7p`CoRC*CEa=%lRiEgD2g*}>QfDyqTtL%+1=gS_ub4FY^Jm59Dziaa9v%(g zoLxgR3Uqft`O!`DQHW5?(benJR3WpcKyav5ALs&@ryh?8sTg|h^SA>>os-kXOxQrY0e*qY}mQ6`#$9W+QLmxKC52Ot0E3>PrMr)z`xg zh1K-+$uDY|0Itz~ZsF;br#OD6D}>eCqYZ*=r!y@eYk8y8yIecpanmE#Y2!Q75V z?yh-X&-eg`YQ=g0{|<{z@^&o5E?J4sr}9A{F2bWw_+l%^qXnFA<-*^W0;)-cP$i_j z_e}0_5$}sG0(~Kw(qG*Ve5imBNZHur;PjVWG6X2Np-MNzb1y-Ab%Lu<8VfKQ4|S_g;%ym*KXNWZp}HSfzvwu;}or4{g(+m#SQuU(Z19l zN2f~#psxps7)r9To)s1p#RQ<^j-;5BhCX>j2*o;3091nNgU^{lZmXrPYv~cGM2nWq z#sD;Mm&s5cdhh%rW|f2cD+M(QGBU@)*3r8tIT|dl2X+z$H-e`6lK8T-Z@DIc5t9bF zFr7)<;0JH!;P3Z-eGgf{eJ}G8Fb5r`(7TjQC0#2A`VRo3ogIxKO86_>MZ{rB)z_{f zqT$Bkwk0rZ`OI_FzfVF!;-R0Dlk-GFW1Y(c!HyfQ6bs)3)Gz6&iP9Beg#RTi`#nSo zdvAnu^V&J`|4$@#D-@=I^}g?cY{sI15Mn;h@SDPbpCp3JPeSxyB+-mc3Mfcs2?Z() zWVD)9m6zx*WprREqD;VRRPz~JKOOA?OU=qq_Q5(97;FsBxN%AT+lXiC+t!@Vs?{$h zOtz?mM&y6K8l+QfC~GCjqVT)uGOe1$JQ1nvWPzmRoEQl#{sEBD8zuXqhQyiJH}`;`5cjQ69LV*5}sNj(hFzp#&Nt+D>C*V_OCYTTPuthqs;c zpt4C}E3_W3wgxhXrp7DaPo6rOG=%fRjS3jglV3SWkW0qd%+&N-Kb%F=dY_mlw4i>4 zu+iE$fV>k>gYi3sK*vTa0h;fvl9XWf%F2rA`PcQxl${g1mZP5dS&>?M=CTYy`pav! z23Dlo?Z5O2LDj&Q02Sm0N_?n4xaxJJUj9pe!z%=d+-ibRCN|uOtUf2te7eb`o|`F) zk>wC0{$TzA*@EZOy8XHRv9%K8*R&LI>ti@Yc+?+B$DIQ^lzwa#$hPk7+}YDJd_iPn zv{(|({VL_z(=tlWvKi2sRhae*Wx~Z3cQrK)Tw6CE#Oy5{SC$3@4&%x$<;F}dGF+x* zg*1o$PD|g;Ag2~s*!->HnQ3aYkAAp zP{YL3R2IM*o(^Rg+ z7oNb>IrS5Ec6QWDoSM}x1uWOBUm`en)7`&*e)%=f6G1jSc}fh_*w%rMU-W9EkTTG0 zdboXN?YVDWeV>(8k(f<4x7qhQMz51PEb{^sX}&zKo}CmL9N$Mb54oPy%79H_i1q&` z^Y2Y^i57YGdjdUCG4JOB90uH8^WR^)4=fBZUuR1+P!K7sHO!8_aS-xnH!F7#B28JL z&k74MJ{ADpaf9&CIq?XJ6dkA6TxtcH2ht|1e5b&y7%ftltFUNCki$3{Lhw4(v8&XS z{_6ZfRId&YVdeL<7C+`@2YHa=+=+4ME!AUdoKD6sv)yT~#`@|&%e4wevUgbIKjpB} zdf{4=l(f~Ky1BoL5Lsw$KxzYWr)!|yk~`;hJdAQDxp3$GudDJj&;;;@a}%bCzr5Og znmXdBwl6eZ_wnQ7b0An{;qwLI(G(wY&&RFE0L4L1RW$}ENzGK6gdp4jJlww~BK`^` zX2Kd9MG2$lF@&!bv>-g(^PZ;dmxIp3{iZEy@4GD)883gHe+B-((;}=tiJO5#7NVOj z=(CUD@loM6e3TeNgmoe}C0nlmi?&vX5*{N8;^)DMQoViKvo3jyMvs-Lz3UT4tc|&s z7W;3>IHGa!0ysoy)6xs-dU$xE@l~V()VHzdzv9|=QcwXVaaIu57D`f{+>Y>o!3zCk z=^ijBNb%C0PxuOuCSpPt#tPz1ch9X~*dzvi=l`70IVJkpVouxkc})|UxNuC4BnMYv zMuuTwQ6Z1(u=;_tv|@21ClWCZGkTwJ`d>$hMWLjE&{k$YddrnP5 zgQhG4ERm}8%v-IeIU5lb(Fr}f@hkDi#|TesXh)?MaFa_(14ewOycD%%6%~&`z>twM zaXAyJy*}X#Tww-5BEce3^Xu%_&rISvuVw6~(Iq9U!@oc}K_tA?6FLR#!Ci(eNg2{$ z{!2fyVb=OL;El6YW?^1mJQumr^V3A&)mK-bzMY5wMLc~9IRag&)!FSzt23@6N6hgR@XKzvfXyg1k5gc0qZ+ioT43lDBWA4q!|% zJR7KH9Gf4c{qCsJ_~mw?>Qq}MyKr;#ERM}l>(zbvWUtaAD0+#D{9`XD0DZvtmBz!w zJITtD4S3|ak}}n74P@hm{On^WCt_=piYyYC`mYIz`gRfs$~%)!H(4&1h4)nLgTB11 zFeoarVt_|LUcebyfzkCAYA=ml-iGny4{+_bkS1g~I%L`&tnr^mY&qchxud_FBfIMFZh>E1~ zdTO4Yy{gCIYLzN43i}1?D)Pz<2Uv=n$t085?kABY=H%Sm_9L=uIf*>rkryZ>-1x9y zFnHrpnseg!pEC{iIgxILA_u?LdpyXBeQk(ZA5@d2(ar9>%+gGK1o5 z6dDmuct!^0^!u0Zi8&fv+RL3;>mju3 z!S)lNg8@iyVOgP;aqI==s@N?p7xQ5JB5i{`dh0dpOe!RcoL}#%<$5vOkAN2{B@0Em zK^4Fwi}ZZ|&aYGJRcLsyyL-oLMNn{{mh2Fs*;0LUgCg~YD*#LCu`DywhnUfQoS)C3 z=&*Jd^G(0T@DV$nd_1gZDdx{U^mhJ=x!`=oj=mBUbPnbJiXu&UZ95d`pY!StGMWs5 z`(eTtJnc2lM=S8Z)_Y{z>M^?{Wwui-;cMbNMHV1EzD%=sLM&<{h#0DZxKE_RMun`i zO{-J5jL8Hu9~poBnyK0I5aJw>Oz$u;ARz!G?$m*O89q>!j8K}$?A1=p@aQso+ft<) z1^{FoeD-z-UhXqe{-dF$r%O4?P zY4}PdPpIRwJG{inZv(Q?V?Z~HPH#Sw2OY^@isqCNHHD4iX>8=qfMTpPI+ZOYKJbje z(C!{N=_lZq<6E3yA32zLw8)oMED^u{&>aP4 z)1CwDGG9gP)HbXBYV(ahn0)}wuGsX1EPVrNZy!oOL9vEAB%2tH)__4mP0UI&!6Gbt zD@;Ccj5?&J=bMA2d@L#&+P0a>OYv|$1A`o(cE2n8&cDT4#8Bnlq`{Te_?R3J4Ekgr z@uEF`d5wSer#;S+a>5%QJFMH7$u_QYe`;^H$$<2EjfTO$^PgtKpErjpD1ep^fRCe{ z$TSMwb#A*oc`xx-3$A0OGfXk<_&2C;A(T8!986e|4rK;vu2%&Q+k$P;Nbf=9r}G2TEUzlH$*a*Yr+dq$sK@Ow~iHV4eVNSo9L&f)FtR1{=W{FDzvM!-f? z>o&v7>!OLiJo0DAf~)}6sjo%u{W&0Sl~BJhd_cV{ zV4(nys5q37Gw18EgV(}-g=V8zJLUky;@KXkY@wJ#6#t84C2J%I)}oROeD=?w{?F7l zB1LH+F<6AK7|hQLM&<$pt^gaYQuQ6a-v`-uAeE61wyb1;zOEKuzIxZ%x#JR;#4|Am z!N93o*x5SR9_KK+E9Iu0gdf`NX(m?deEZYnVtG_h=C9z{SS_4`6>)$bK{L*AA;NvG z9v=E~aBw6RoLeSDng8`bM!G1sk~4_$$o?{f2q?ohRO=iWAhMdj=*RZ^>3>859lUsl zF{al5--?fC8?htkcKAkJU2_n9)`ht@hlU#GeX2gvt%kzJ?zEul0|cuC9Kq=TgJX8E zJAkq>cT4Ln%vp($(Us(%mq)JXp` zgxAe>ux!C0xGN6o8HK4M6L6kiDQN$4u3Nf=3|E{iGc2Pi2tO4WFtFG>Xl1r6Ra~m+ z{3`0V(v1chO^k5eY9bUBo>&l$4GmgL2ME3$r}A=g;Bi zGk5N^q1{&mFg5{~d1l~e9SvB9-&YqO-XpJ zMv{k{w~+Bp*sog|G{03mV6VhrunNMB%@htRSd+MTjlT>~dNs|J{IV54!7IHxwX}S_Tcgq<0}Nw{ zZl!uC*70x>k7CWcEV4;2SabCFy^Sf`IBi&X+)IgICyvgcfO{5 z5G;MZtf0DH-)*C)H#NTHt5Q+D+b4Y<9`}KkJrkiXnfXC<^Y7qr7Zg}EJJx-ff5RZf zks_scCrSXwj#a0okMut5F{WverR91+snFZ9clJKMuvOO7RK4|&Sse2;)NN1yJ7=7(%FcvKDBw4P7!Dj1vzs9~G>Gv3 z|6jlW0Vq89r)D#D?bg)PT~6QP*T4RbUoyV$M@B6GxEJMv-|q7vtxGN%&;syjTI z$L^#kwI{dD!<>k;ZjMd_yYlrfRNdgrO&Y0zVpTd%GHD*Da}|R2hK}YFTF_zQnx5ak z3}<9ugS%ULYtIqq1q$?hk%RrT)au9)D>yu);p;~439|NMe=zd9ZKKpSvCL>aCo(c? zaxE*928gsV$0bwO2$(+?=gZ>y4(ck2H2F!Dc!-yYith*1Z73@1T*k5Fp5X9H zpPZh8I`O61W!V#=-f^>%jcN)MgL#p>8>&Dyo0e8P*AVjskc%H1%btrg_wmfhu9Aid zN{BO(6A`_zK>b-;)c96u;g?af3y!6YP25ZqjWOHPR5@MCDuG;S=leIZ!ex1e%#4iK zA$eT_h&Aaui3xlonG^Y~a&-ZTJ#cinZ+FudofcUObLa=3gH}}6>7Pf{F9_3K>dPULkIqEBUX zDWqD2k4pBXxa?bd9eDf&0DOsYbw5TxR{!@p4iuv|h}`H;-njlPMjj|2EvN$B4n%tb z$c1m!WqQ>K;w@XobBaF1Y`kyb1wV4C- zqgqC12?<%AQd%-pteG*V$_ zdE)fg-cjP?60U>ak(=%joz#!W!osKm1Zb)O*B|tvrU%5Aq;^XoDIt%4k0_VS#Px8#hc3rQp956z z!C{wQx3f+H65fxdX7puD_*VsViJ0hdzH#2NHj@(JI@lg&;@L;wL*oBBBu(OX9!p%L z#suPLJrX)o79(i{3iH2U0bdRuXM653wt$i6*>yHR(I+Fz!J}C|1NA2NyrIjq7Tk7` z2JXZh=wAoljFSfvK$6YWbqpLr;EmGlN-%}Kiy}uKoyz(S=(QaO>5_Lc-=Ah4e*}TL zU-6J%R1e>b*!$AJ^GylKMr=%$hLgnQg#F8NDXL5|?jfDjXSuxwTjg)^jJoPipZJN}|X{+mzz-zB<} z0Zm#?Ceop&xu|INda6woJ1OWlJ0I_a3B;g!*EX}O&Qw0*kgz~x$Obi1t?440B~k3X z)4k5^ix)6{cB2WSytnlhP5L*OG66)=QZVu25)nKa?YJ-R%0!k>W5vuykhe9IJ)FPi zbSmunF?ack35J=n)+b-WKLqm<>@9 zcRdo7q2%S&hL(jofq*5t0dlW$)#%uu|Dl6VAwhx}vx|1c@+Vo5$c45L;l}l5?y73Rcw!Sdl{ zX$N)**~y0-cvr*B1$D!o*VSWcjA{d%OV+}!W0ry{DvD~GAI7P9r2KhC*hJerx&l#N z$D2iC2m7NRJqu8ib_3ux!{eF2^+Bf+|4mMI03B8c2!VQmzh=)_=p9zuU z{15y08U-?Zt;gjEVk&HFEqqpPhbd=Ae>K3uulVOlw1>*8D#s_}OH1@>0_+rKEarZX ztBV^3`O{d{+oDprxXV@3971UlA=kvT$>G5vC`8k0k9Z1I250xoVzaa@etw-B1Jtl- z4ddkiYmleaoBl|%(FpfpVx`eEHic;UayjTl-7(d>^x|H@W4O{Hc)st>P2Fqlz9!YT z{_-VWuJmqv{Q7mALuZDIN-$V`a094J%h}o4^Fs=xq-IvFZ5GW;^OasoR30+1f#d51 z8vFtKEbWl8LRW1$NzcmO{Y30?JXTRwHq?7p>G|t)yHDszRJJ2%YJ{Z11hUO+$k)|Wn zNJ>eWv_vYEYvKmzxr_c1!A!0cO$_!At4G=RD8K-}bFdhMJRYuulPO;HnHG`xNbtq! zz`H`s=7F0hj7XtvxOY(kaL_AxR&S2n8cdIkV@2qjmK4>Al~Z=W|x}{2mC$ zfC;n$2V>zf{Z z*qWJ=4ICpHd0m}9j->M`$;gDPc+cpXD`;vadLg@sP7)K;>Pz@BQucG&M5HzQlh2Wph8_!z?_q8jIo?Oy zs23PmU&?_za1bze*+6n^D}~o{vz`VpG9&l+jO%0Y(f-8?ae(^#eg{bi=AwE2H0Zw3 z=e1ub_p8~@b~C`gtM{Db&DE}Uc6ZPVd-w?26}z1M3z$j@++Lq<8B<)%eKw5ow9R0! z0o6uZhv>=D(h>_JBO{za+wy%vX)FJYilEi=>QH?m^e^M{#|+*$t`Dyq2`)!Iew-Tq zW9$FBmaBwzimB`CEj9?rI4PAm3Pethv;S3FgTHh73L#h;b}qqPL?t{yjS_UtP*F)~(g*^1LW%8hI>Ohm zCTs7!F&tMr^8Tb7W2>LUehP^Y!tD#JRMzo>nr%|o$m2NZ95zrkk21L9WjImi86yB? z<74Y;YttXUJB@MG3xw>;iCxAUcpWz2FFbfeSsc)e9&$5wfBVUE`y1NV<95IchL0=< z%@gNF%ANci2$GF*KGSKtWGfQ1X# zH?I%2x<3UoSK9JBi2z-ho{0%5{wL^0&e6M5m7hQ|QqczkRxh~m=l0i+_l0pgZtt%$ z3D+bN%po07jl;;0+fJR090sK7@dq>EdW4S}!zC&jrXx;{G< zI!>LpETz_a2`9x0ZDb%m$%Dnrrm_AScpP3C`1Zxu z4Wu)~7B#t%7(Kt7cS9zxZlyegHc$qR_m1MVm=$T`sQY7(L_TS+rG-3%0ub_(n_FdR zOsvviSNHjB0Ub8GI)haU$Z`d8WDmCf6)3pKC>*zuYt8By)y*G1&sPi zFt_CEe*Crw{k+Rei7cokaLum|O%?Zc9GAIoDVNmP$jizCciA0RV_fIHY-U{#V-F?^ z^@{1qT&iFHb#*+u@o=tS>K+8(vod1ZDPqxVh-X+8vRql3$QeH4HZ1Hz*9U zxBXnb^4S-?438OzjYSL+Pn5#fQ@#UjuhlwEO6yz7Ncfqq{tfZrt}< z9hZT_&2I}n@J~8*AHjGPRaBCIud#&Xt9JY0vEOYQVS+?3a&G2Z&ZnKz7Nvnfc+v(? zE20p;na&b)J9*eBXH4`yWK{{Hg<2}qp2hpn4=uL-Q+ za+vp{a@8fApz}Q&X{UC)55{~Z|e zICj?jinRmqUlt7qgLjP9Suy^)Krp3EA&s5%04?MAlfQsK#_!<6-@COE@ROo#CGLZl)(2w9Xb zeUr-(sPO4yR>FX03!rM$GeN#j1l}CU$1`vP@MgjCm$J%M#aGeLY?LCh z-asn#Lm;`Byl-Xp>`vMl|7z zFtQg1{Hg$5wG$;|0rQxZpaqOwWn^Ue>3Ajeo2^Jt%xUe>8rN3poqmXF*aUN|-6f-yLs;~Mdlsxv2gGpqSmi0Y9$U9JRcSEfQpHWHTQgcs% z-T6uKXj41LHu%?KAx#aZejo(@{4r5M5!v4-wz1G)4wPw5gKZau@u6TkKXrN}}X z`?i{5_UF{ow_~1HmvkbBA8sGnE;f4+b#K<*N!$)Q2Cct`G9ez%ggV;3^!)ng!?}$U z;K9Hjc(@nfxIeP_(<#j`eYcf|*>I7{U+;ET)sK@bn62eAURyS0z&O+X%Gxv3rcIyKN@IGxD?iMkKdXy(MqMn(m&5n#hh(X&!umU%_fg-h(8Tru}yXTUww;zKb! zmDIIQw*MR+DFYs_&%gOQ2@Czpj=@jNze%dXN#dyp}s7e$9;;YS3V7ooGNMLKKkvCK$7tfABr`#XFoXXYb&X# zjYWlp;$$ZtE!!VuXQ#8SufN>3HYenKcX9gQiv_?np88F2Fd^XtGT93-3-lPXEdZFU zyo+)>pzow5tj<@_?VB$J03Q_qC&xFd)3c-HHq*sM+slSNqj5X+ zZCO-|@D)jYH-cax&^Z2;VA$pH;h}W5fIcvZ6(RuZ=XmbZ{zkEIvnW8ac$*eecIf-Y zHpL+t3mbcZcYIW_KXTB)q~B9mPDW-BB+gp2S#@)g_5i9?)ht!vD6Bhe%whsVy5?}H zMWeE1o0x2x*Rt;CH+W)di;exu)>GthivHL@|MI4$AH{aC(KW@8p--P?k>0%}cKFR# z|ErP&{*O2W>OfpHV<6fo3FW`{pIiSi389w>YDL=ST7XwqSb~#HhI`_C>vukS=UpU| z&n89icS%nqDilb&o6SSQgFK^w6`j7;N<%kRYkR*oYncPAYL>mo$dDDPV1xj1Vn*70 zNy(qtKZ1$2!MJ&emT&M%odR4K$?}^6-L1y+WRLHzdOVrjmnL>vl_Nec?)8cK=xl{k~ZvHiS&BD zm5X)N!9d9v)b^X&EZEw64~AdkYTd zARgT`S~k^~8R+V_$;}j+%SR{%m`fjL4T4ei3l`TM0rh>`g^U6}C05N{gfewJ5^q*# z3x8qvKW#7gpB55GWGXO%JkrPXq#PY6xOHWXk_g>YG?e1*Kn)$;C$+83N5GFO0(?YR zjh7)kk@0C5mL=r?c60hg3BW*(+`fGt#3NbcBpd+lAfDKJF>F|9);`ukGrYiUXl5v! zk10n)Q;y98_&TQ!oBbZru+I+@(;8O$^#o_#d^|7K!zxBvSvD1luCKin9zPb&uVk+5 z#|E^b1b7~A605#hIp>$=!u7e}UC;vLo)uzl-kbIO*zV;P%^*9SJhxE-mjyRQuZ{mfB!cW7T@Oysv z0`LQ(Tz=|uT4otOlHGFXlvT;LE8#yk=yze_Vfdu$gLm(uO)((U0Q`#g%gWGw40XX4 zeCXgcc+nhz?6^&1x!kE2SMCGoEj3hI%#`acgrJl(LP6JS2uk0e*}47!!r#eF+uhSM zvIm5vX7hS5I)sw)a_+K$zP?mb9TZixT4H8;M;=j|s!z0A;(DTP=RA9JO6_5`mCbph zOD#?)yI(MC4Aj+MyIusSu`n?y0ylXfSx1~C=Inc+_0rWs1J%*XA5$KIkUcQ7yMKLK zP*h}HRI?c?_RQ^Ogl{#R%3tcT5kxAOOKto^asq$sxC4N52260{4^cu|qd%5cOf*;* zE5-Y~6|#{MI-0N3aVk+;y;oM|hG92$q>leP7j8iaFa$d$tNfSCO(LX^Vt-HZ#XFz- z6iVz(b&C5L_Pedkcv5T=f&Kr4B>F*6z;;T*#_P;gIgp{zL^@JGc30ZlT9j4-7$QI3V?zglO=eiu zLfeXb=rcEQNrwO!;bQz~e79?g#>eA6?+DZvTx%QQ&q57sfO8jpTM#PcS4d2{&?rS#r5BZ($mx? z^kCS1>|^{vr5di`of!03J@#lpMplU2_L16q60HZzB|q}}*= zcT=gXUxm`)qoM!hhL@Am0K5rHo^fLj+~m@(E-w|E>>QBpv+%#SAM7@#`6N)>#63)W zM)c{z#`xyB^{zv;*zfg`73tzxSV{fplFr(*uunV}-uSpH?014^1n-^$edmj8AnZGD zf!U(cyif*($k)oy{G4t{RgVqlK4p6abvTg<7G`+Hb z_7m4%(vn3zK{j<2Z#fQZyX5uHP`dryGl9 zC&)^)1EMh+T9qK#aNBE}5shYNEZ2qPafJV?*SJc_Y&?BBt&!jp)Gs_k9E(Y+obTZJevC9#ySYE5wTNJ$hbL7ZLl)^3A|x zf`q-st_H7}UCpX=(dfpe(tXGktT_qXQW4xa{W62F^J6X?G`^iiyWtrCzQ;)n++VY2 zGb@lKIB9zxsAw2c;w~3KKtPDGq;s+eL8^4rEq(r&V|?hV{PKg|cO^A#g|bC3u7$6s zr#yXd{|Qo99?GlaG8Zp8W2wRm*RP3l4+d^7i#Hz#y8F9!2fV^pcNBQVV@ZVcL-=t+ zX{-brvf}81)ex_npPQ{Bg{{Zx=X`R(WfssD&F?yc96hjQrOaAvwtVHvSE1}yxk!FD(0jU>p4dI`eO%7+A$c?sF(-eJCP#^B-@xy zcwjt;Q=QtBwPNH?pL6o9aeE=(7OZJ=F>wpXIYaf9lLuN(&Db}}shl#Rmpe4N;Bd=g z&^-3ID3nhd5~IiY!jj)|f;N@QJO)6ttjGHl7&1RQLI4a^&p9MgzK{21H*)gTTp4WY ziQMj#mZ_iZSwVu}z?EeyHI61$C=nIXi9-|)M?Zf0`Mdr7_okGVF79?l;Fs!{{9$;tvTfm=Oo6rrpJBXu z5e>5Xez{?CF8Q`VN?x0W`SaZk3MNrQq`rYiPX(`@*i7M8qL9;o_9j_?56?8xI&R^D zA=C8SFF{;rupAT>i$YNC8h}k7cm{t!)%cVk&8XQ;6COJ>WiKcz9v+NFJrAhgnT{1T z8?nlYPpz)c1E=y(hNefueTN(%-IK(0iju)4t4SFV(NQ<-ZgRzK+6B*;87q{QLw)k7 zcS;ekS02F1B4b}oXGg=@ZM3oDDwoRM9rAPX*-r^HZDhU_LtcI`E7tgUqt`mD_f zVkf~%wVVR9gB3#>c}qPltqSS)T7^*j-M+8$X5#NPyS^aZ1(&l(J=S82mHd_t@e{r~ znAUuhebl^$)YKrUW@x94V_>&> z+-w0_*dd<}^Lv6rOuLb^T-Q`12RBQo6 zokavyHO_ylMX+;^A+J4snP1+8pOdb285aZ9+Uts1y*03);r)gY8NXI6iU-Z2?V#cy zAaM!C2p9mJ(HBxVberf#zfP>RyOGVrtEXDl*3{gaQlCRrS%e93`YuZ8 zCHf4_GxAlbc)vQ#B1o~BtJjT4M;}=~-(A+g(EE6goT;+`(PvBl@|)TuS!HU%XYvVM zLsUqH&{Dn~^Vi{b?`?WzLGak?1!i4OdItG-ju;qNT1Hk|qkZ6FDFb385!ixpnKCUT zfAH^43h73?qW&lqb~V1&u)A>f!C(-~OU2VEJ5{-CH@F?*Mr06T=qHO*`O^8+^HZ4( z2;%G*=?h0Ue1TmV4!*nZMcPWlm>HFz96E_-r5hq2cC_V=6@!L!ubBbBmigQtLqj^F zQR9KR7oR~TA)175;jp^2RFN|35)@V6UGo##fQ098#>I{9Jd7U|@$0?b$FR6k3Ml`} za$Bm*G>&s1s+uJ*22Y1MJd#+DfUN5f-H43zDvF5fGjOG{r&*qOgEJJ;4<_Uk;xA>s zQcxZ;K=}xC4#+|$t#c6lGLl{tJ7|?|dH4ks9k1a5cJMno<;Zw%ab<$qP^rdcxV@1KS%3i-G#n?+LgQAky@6#!&%SZO7~wrUc=4fJ&9`6GB^EBV-;Sj9qmjZ zx&h?|ne@Zj+2!3Gqe{|7@5~H{^w2Xt;^kbzomU~OwL^@KjWQ(!r zJ*$4**@NiD_@R0^Nj~Fo<5R^muU+D;IaKofshWhOB#-jLm^mmiY&ijg7RmQBw5=iJ zX+!_{`Zz7!hSGGmV=GT%$mswFm=tk~Awt-^iW4e*G`tobNWhDaAANfU*y(-*2XMg< zK3pJ!EYmn{hDPZ^Ak7mFU<$)29LB`XEFVyP!CWTwin||}Fhegl^2kLzA-#{I(V92J zbC7a}Kw15{vdnMam>C|`DW9e2q*?i)J1SM{?;fFD@uMlM$j{EbHeIL8(n z7hBYLAO@bvss=oM_rVfUb`7RMfdtQ?zr@Ev_yNl*Jz)W3qi*=odxItvjuFeEOnOz3 zvjov(`T29equm#!@?8Xz-WM5Jky#>Md#7ggd|u}^0teMS&gk8MHwJ*m<$P?yPgx93;$uL^9lXv;TOfA>@1AH>|K4MK=zn$Vhjj$v#l zg|kSvy`$^_3-e@*=&PjiI4lyr;nCWllDR0se$uP6!$~DsOcIu@q#sQyB5%MOr&Fp` zdJj2Rc2E)aIl|uTcqGnq8BDV{fQkW~l zpK|p4-2W+QNkG&CQ4@b@PM7R}ASd{5R!s%XUpYoS->;DQ&>xD$)W8IeE;)x#{)>v7 z!>ClCM32R-Mh_-tX6y8Q)NzqVJ_+8+;t*0_ruWWLNZsg=AS)bUl;C%#k%u|O|FUUoVPhAStAP+zq88&&Lt@y<|S(;n(Xxi#L;UOSOvalphK#Z zO97`Z#g{K@2#V1HX^?#vKaP$}YUF#SFoWaXhEbk!O}LA9KtKRqPVi%Q3r@|O#s`Fi z)Jn>x`2;(=a${4R)<@@_vUB~_0wvz5RyeTr?Z#0;%_jomL zx?Q^a-f{r`h<c%K9S$)1Q=B-ehf#9Bzb5r6Xd z`1p)6Iir+xsIy%&FImLyTFjZ>?GHbs`?RX0PEx3L`EtD%l$gf13dMd>v@?QE_Hg!^xEE{`K^6pu7UF z``_clf?#(X5n9O;6N+UQnT*ot<5^;1>RUe^UQ4zwm=z zVkjnK9dvN-E{(M2*&XVozF|!-!lt}Sm-1nlUf`U??XT7(-5%T? zNl$EW0O>ANXY&_dH|f|a*}@vzYz5;%o(hM9W5#(!&HwDTZ|_<0tMMQupawRV7?%*(C9q+rDA7k_=`p%6%Dx>i+!) zZ+JkH>6f(1vz?-3M^!~_#>EF@Z#rLZmDMZJ#gLb*b+?7OK86baHZEGw2C!^BfE3Y4 z-*%LM!m=@*wIO@CJlk9rldN2HvOabddEpb$M*K-K=`+w-8ijNoeo3>geBv>BXA8h^ z9d>di<9e_mkT``m^gJfX^s_Px96e~LjEk~S4{{m2u!@R`(#wFH&Ms+D5^;m^F)I=5 zJF&2Pb(UW3^S6)qiC%sybO+e*k44Myq;q>>;(z69js>7m9%5wRfBV+7|EY{*3Tr+$ z=rZEHr%^{m*mQKy^A=|{o2i*k4+j87X>0;n(B=HzYRjvmp$|1pAHyUgBQa<3d*!@-9P)%!Xq2QXp<-C>5`nG{_0rD6*^<&I zO%@rZiiI3R9}#-qKqtIlS$;yAz@R|qg-7}6#?FtCn#tqv?jr{9_sNo-3a&i?szdH* z0A3AdjD2mf2HTwT@?k^F^eTuEiun%@RV@e%ab2Zx{qCD=U={X(x2S zfgJW3t%o`s%G7Eu-R?2|uGpD^BBV zBjjMg*1HiG4gK3S&upUwtRCKK8skTTabRld>M$`eyWDA;`a;70kQ3bRcgf;KH%#x` z+(`kdSzM0BU(?FCKPrA}IC)=6RbD<0oJ92Cl$vorg?TktPT{eVQh{2;4Vi)!4}m$sVh5aQ(J-Dt zp;CSQ(jHy%f=5uw-qDdowjk7VYZu6?q{@V$JA5DFk(!*$=^t30z3D~-n`ylQQi}(Q zI*ihmQBcoG`+5IkdTK8tX(W%`b$QH8oP{vc7h*!KZ^i60$Gp~@hP1z0Ir(} zHiPp+3&@F?(ol|HID{}(1!@Tf(8Ta}6Of>k7A1(@UOVN^6@%dGXrXg(ve0-HUHzkB z_L)-6lTCKVNAN5D>nDJa5`i!5b1%7>DlF>5LYgsKQ$cs7Au1U{ib@4*ra%lJaCefR zT{sJ*Xk)P#bNmO8#8&v??kp z{2>Yj)EWxsh_Xg+H=CZY-rP6hZS){zvQ4yIm>(>~CJoOWnXyqvnLx_+-!lF_u^F5FhT)e8@@<)%+UuZh<9l3n(3TEDGVSHDw;ki0SM^^piC8+3@ z#2BCO1JW$)<9(Pbl0mWQ3Cc?vC}o2gcPKWl(j?T7mTqCJHyj%G{{*8V&2ylU(Kyv*o(Q4 zQosjh&JU0*cS#;I9{+u8sEv<7Hn$XlPKD(cn5k1ylx$JV} z4igQWgWyY-UHzC{4)4Vp1jn$<#>3J6g#{74&V)DV49gpv`F^V_M+g0a72=e1C1DB4 zI*_G$D6|2Ek>MJe7#aJg-uQh3Xva9gsoRQZ^Z;I4$0N(ekTRw`pk1>>lAm+~{VlIn z-NxTg>c6jPMCHX)IMufS(0UqK3VEgTA(*D0*X#WO*mQpX7~p;YuceTpqD#Z*P{9W% zi3C6GP(8#bA5=H|KK|^vUhfXHkf`%<$SPJ&y?t&>24e6I_jJm)LodKz&aFGh@SbmP zlg*>#D4XCl7Ppeoc!ROoBvQKWFvxtBkFN_sFeIEi54{vwwvpS2jDiC*W zR7a~BDCPEnahddVw_ODG5&?+ny1E6E&ngu3?PnY`<@d%7(d0s3Wjmfoxi%CRLv|O7 zk`>#Ns51}q%OwSwo5>}{g6plVXHDf@?K%ka`1g9AzOO4c5V~8rT0KZW@=`zcXqmQi zb+x#^yzD4&iNAhkHbU5wtJE}`eKq&lC%OPVSq|7v)a4GD~VvIbMIbat+K#Ns+0NRGRFpV z46Ft(WRIVVTErdHHy$O=vsYaAVRU~@_~GxDzY~yF3w-IR`0w-i&v$EW8u{eAsNG(n z`IN}?^8y1>LRLdYno#W5pyOCYE`<7LQ5ic&qb!(CdD3ID`)%6Hs&+I}h&ee|WV=g7 zHdIM$OWYWF;%y?cLwH%ePU1bS)~prP0!t;WQQt}fYf90`n8-2w^Rmj7f)Ke-NQvhx zoAHC~cLr##v-t&OKSmICi3v+5OJ!u8?~#(cJ%sKoGs_5AX(=e|s%+)oV}-sJh^&}z z@xXaHy5% zb=MU`;UP-@g(NMt@PR)9<5KxRpc|gJ;QOvSR|+wT@4tLh#-M)7l&JnG+*Y7vV!o*E zyP^W8w!=R$1Z(j8swMwkrvJ}9JVcJWYt}o~RqH)XETWm;tlME#(eafq*Y2E`+tKlq zF4xOj%FWp4_X`_3ne0t_6e%g9=5VR2)M->%a z1@DpOMjtJ2&;oE;%e1?!I7#6G@my8x#nsiW!_h;==@|Y3q2Ype&n|iLnfmILTh^WT zrgS5UFuy+03HT7X?t{E`x%1d27RRDRm$R$u%4r%LHt1I!fB>y?OG{Xo5SYhPx&k4W%tI8Jg$SfPnoYCv;Y{5>dtOctUZ)p| zx*nA&{9xOV!vJ(~MeK`B_SxG=O>YBkaL`}Aa!cU;DPoqa7#qrM@pI3oOfe$;`sRjC zuvA5QD(=ntmoLm;9XLFJ-c|8XjqNd%DDjA;PT{?_hW^_t?un`{-J&u)atZHX0eVvA zo;HY0!={}H*?MSndS6jpY--@A*64rGq9_sd!7?-dZS6NU`tPg%`$N4465^ihKBz$k z--+E%8+e`GWElBMiH?y`LZszbSc`axEUHs^Ny~bs ziKm+^d2gu`=NQ!6PznmncbrXSeZ<7XhRpjm>;`GXEX-x~7re#-EJsCOl@Q^7W zy!pI!pGoJvp40oK>%(X~(o`(chsdZXj9>C76VEF~zuq;LC2j_;7j-iQtgyWocfJzP z(@1I(H&^DO%E$)X@5u1VLYU~&);V^Zhk5qP9y$|{;2+kqG5>vK;21~0cAYLE zN8e-2@XxLA@6Q3ek2?njHiPxfq|8pr}K<}S-bYDrgk9)`HPGDzgMxmQxs95$gcTB zx1{MnEs*B1e9eqh3-1N<02&R`^vLHu!}IK4VRb#PO_>W+tyC3uwwLGzEn?wghgtAl zEHjJUvTFbyIAu|WLjdLj!J#viatS0>=@(V4qEzIZOUGajD>3|@;c|R@Y+gtqrB}1k z{+dpZQ@!!w%O{n1t4~7&V2}3>CUr65%a7&G7vwHEn~4%1hEZ8}3NW(q>S08$$xq=S zazw6gn|wzdpyQ`F)WqLDTUE8zB5usvAoJurN2}wfq{1SZ;}DiZFcJuFt#vxZ7NDr~ z)UD$+6mZ0P4S*;*S}n^x$lIft%tCH6Xlr1&q}g@L|JDH+2=N){yvxUgRI`NV_tizH zv9@2+DVc!7{!nzoQ*grn3@7FTrUCDff6M*fONsa^yqvXS8HYNq|9hdd@IY!tBf%$Q z)ZLSPlo1J@mm*X|Ty+N^)?;d->A^AzbF_vLHajHOP-!e9GbMKn9TqFyr!b#}8-F^n zkeoVh49MS|G8vu@$F9CU{$d+<^04rm!yU3RZms~mEwy^1X}!YRI&I@Rr9j26Xo%L;B%>bk?MXEbb=P^HCDxX$^k75DML-iT>oBU~Pu<3i0k+sQ z6lRkD560-28X+tqi!lPPB1CRp{i$X->eG@eCRr;Iex1(4V(F1(w58@nUF|}9ei~(L zc-!eKGU2D&z9k~;hh<5R;?M@N%_^l3jowcWA)>8+p`g4$jU6-nMHR43U2Q#Ur(5G$ zp{YZ$=ZRXg*RgU{Q1{09#h`*nz5I(z&)9&V5FSdrz=x>2gGx;}Ci?}snlln(UuqTSDs?u3T#s`nYytZV^<<$k*Yb(57cU0hgMnSBl$+0MnH+#Fs`Tnq zU>Yqtimw;1Y5)StpEW>({yFXH$hCY?YGhPQVo!|VN@Jkj0yy9qxV&7x4DQY1JpCg0 zB}|IR5e3cNU;Nj(6huFvc1!6e#rRP}R}J#P1b`9iY^X$|Xb8*^P4okl z?C>ohO8L|9=mF)L@o_l{Rvkl^L`*V4%{2>@T#7$mR*o%*G%p73;XlD%e}89xe-Ktg zsD##VJgKE))?bBc|6< zceJ9&Do1vsIB{!eaY@N^rQ4`9v9GT$-h&6=iJ<(^Ryn!tT$pHS=gQa6SSNYWehni^qG^SZq55>zT^?;W6Gm9@Zm47W0~@wACP&ace{S zOR1pU68}#i+<6>tqK-#lwBw(QjFSpp4J`b%qC8&jZ~V^xpVbT zXNV`wO7KWopEar%J>6ent>jRKQQ+;2A#dQnMh1dey;lgmvKWMqxX2jxV(<70bSTS#=M8)8Iek}_LykPlhSCpQ$SA+7oR`ru58ei^g(D?D-s8Q1{dR*a6x~n_V zf{Z;X>xqemoe%Ra_SM@NU@;X95WBseT!I0wbea*36CK8%tm$Z*Ss7f**gdUKTHr0Q6o@xZdqJw}gjE zt@w1G=<#vi zFsSndb@Byq@sbWRhi|TaC^X>tzO213Dr$%w9=AstzZPY3kN)R{b7NDwPUZ0Gv$d}d z>uCdL!p{D}A2Km<;s6Zq3`^ag@VJ|e%FF>j*YhQWPKrc_#}^(y=aHOGGwxbDf3GRGU^bx(Wo|X zoWA;Dx_Q~~I{8h3+kR3U%b9>|-CC91`*K{UUw%2qRer08=A_{l0DBv2}+IRKR zgui%n9`*Mz{6D(hGA!zMYa12>0ZBnX8YHC!=@z9!T3ST9yBonErCSt~{xTZ{VCati`2iCK-M>d)GX%R$h)y;nDz$1o%X)Wp zD{rha6q)Q^abBoy?W9447edWI?)Bvy6=kcUQtT({MTNI)+N`*YxfY4v_`x8=Nmqzr zn2lYt#&m<+G58mc3A|hxLo4dAFKH3|B-)i=IpGp%NdZ*V&h5t;BPV=L^++gD4A^Qn zP621GImktm7BE-c^#%>knxL|0lcj&4YAT-#N1-#USIk|^bx+$c3c=zW*})-!J#qXn zfa{gKXPVAw8*g=(XPQt4W046m%-X=$sM0wkHpmKAk|1&al1Kh(w_YU&H5KrD`;)k( zYpkcA687>y>=v52%!jEFsxz?XHDXT^yE%^OPZQDtm6%RjTO0X64#@UhQV`h-_!|_L z0?xn=p3CpnJDlW-^Z;-!`W(6_%vd4L!EKK17>tR1lP`@gtM~Sc!)jP2?x=!&5q?{x z4+9nfk%yW^vp5Q{{x%=S0^bEL-)nb-=zqe>qM(uiJ~NqU?3h6R;GR}?V4&cmMS%1h zM_8=)C+Wyo6#t&7E>cM4A9-7q6x0C(SL}Y*2cgz*sK%GCU+IC@R#eC?!ifv;L*_R( zh7ik`ZItlkxn=SdQg7gCVREqi6S3_B?0~~EzZ-cV_sF}daTBFZ^aT1JlwG3?keEy& zZo>)mhZKYCUke~a;yDT@uV$dUu5Ko<}mDAiq*`vGS7nR|wHxd(=L z>QT3kANOmXQ_pQa`@}hieKoH4JJF}S+b(@^_coTUY@>Ecl5n=^7|!Cm(!G=)V3BN= z5KiDB?#fz9Ki)o8PY zYFp8qM%xM1`r}j#&znwy!Ki$Li>YEY;K-V<@H;zUWU>jjg--c)oA<(YUD}l5@wabk zYke7-TQ0!dlWX(OWBolb^E&T8E@|ia(2AD~VfOp$+ioqT2~&F_tLrR`eb-{Q`Lmvj zKeX1uoH)iz%>2^5j;Rh0j^mLGrq*n%LP3=z(k93UF><09{iI@Fj1MMmy-DaGRq+xUh(S z`T<-*^l`zquASzS79x(8?Yw+8Q3r6GpCNL|5aMIrLMp%WCA5GiJsRS}l_1q2#Zqw- zmPf;g3AUxYuURcDERY=rL1UZ!lljyY69XgqYQM!0q0sb7`DuUDJ@#SkxN(VajHglm5THm_jrmBu=F|15k_t{vfsG8{cq1)#4#&8w4{f5V%!J^!n z8g>zaIZk}f9GSQ7!5?h(7&YX~gQoH>8%($8JgzU!)(TdXCbqZk+7fN+O~1HmbJYNA z5Bc|UkX8XE-Fl=<5n(rsGb;2{1CI?djL0v%5Wel}yL9Ls-VYTgSN9RZF@?5~d~O4` zXZ(S*V{Y7H<>QFch>`yTRzszp?LE)PC)AkvRw{ zJm}GVtuJY>1|fK=O%Y!uBl|UGtHy{E-q1Cnf5t97S@+O`*+kbY?tQ79W!W#D;egZR z=f)v(fL6&{#>Ve={{a?Y4f2}*Ak*`q^gTCvrdFn9WEAl;#-1Ju_NmsY!Y_Y6cmDlm z*S*r?$n@kQOVf2{Dic)!Y?{ZGbMlsL!+mLZq03)b6rS^xI&lUSDNP`4@be!d%&mYs z3C$3&RS3eVi+lZ7?6l8+?e^9|B@@dmmr4al5~NHl>dCV3d?-Y={y)~SKQ63a?WQpfT}J;VLo(D zn=dT9akyKj{j=qC$MsVxyGt=jci&U*5{KL}PbBDkqj{D+;YA#;buE6yoL?6qmt_5k zvnpSASa-iniqriMANfhqhDJ@J5Mr&vRGpV;BcC4eidM+WT}DzcOM( zb9Ybw@QjR|^QY9K=#j%nw2YV)CE>9hf~-6$Q$Ge}F~?A7p*ju8w&t_YJhIhkm>74m zMa@NTE+(CrT?)|$a<^q|$Nq!-zCS9Vg(=@ZertC9*ynp+U9c))K0SAP0zzh6d$+6S zL}lFcv!T412@wIzNVBa7J0;jj{_W;~(@;vm8ZR|N; zPHA$d{^y6S_i?+UXe6C=#EOINp(yd&7q+=vf(V%&pqgX_Y>GBhi918@gOBWz_D5j& z*y17w-OPoF{x7OVBGRSLzTq`690_#Z#alAtyI`>23j=H-j6Oy?lK|0 zGek;jXJ_a5{7ftN^ zbm|74R`JJV!gF~MWn~$uyld|gs)b$ zh&@d(@M@U$)_a-N_rjq7D|7NZI|6pKJFRB5mk~8Jre{|w{N`Q@CP#xTrPm@u)A|^R z9X}zt&qa@}DFLy8XOOmO=I*1ZZyIh*^`sZS6m>uBn9tr3Y>Of>!y_63X?L{VykQmb zbgtwzQkyRx^>5uRRm&gTlCojExr>0|=@liqX&x#4^3*WvEQhMU;0=FEG)y__1SKn- z(FJt>2F1--mr@jUYztf)0r{ZNmCgh3M-dZhJ5SrUM^&MgxEoK{c@y!TP|c&A?)*TH z9^b%~jH>eJ<8AV3fqeD+MQ8a@hbv)%f#NEzBc2aswD$Q9f&bzL$c^KsFsH`4JnZAJ zArGV85did76yzMh^mz3(qBqWc)IfX=U1b!=z6)N<;t@zVzsIiY79U1JLhEFHa(`44 zbfQ{N9cSk%a-eyDhQX*M?Sr2`*)G}5-1+RgUAt*Hji&(|WQ=Pcs&Z2PdAY?&9^_z+ z*G^4AG3TuJkujo>hPA{xdJ?;x3uRKbR=X>F+)~qFlr~a0YpAIj2StwGvBYLf#bP02ZV+$9gp~MNo*3tiQ_J@ke0;#@7F@!#1ZW_arjnxMX?aw z6~ZISpVymFd8{V6RsU`^SX0`Xso&jWTs<>vPWVRg`fzq=LC(YC^LL-l(k;1*%P}`+ zlB}!^!>en&AJOyfi$gyc)94fQof?XD8}tU7e(R73zE5>=s*GdIa7qfFDwr0mc;Vf< zin$uMK{@(tFG{Mkj@mHm{R$h;))%r-&7S1AuO}~C0y;jNC(_~+b`b7Hwi*!Qa0djO z>f4Y>(gmb;;+yWaCr;kZPtU1HJz2%uW2qR)xizwR$eGeiS5;BXo-zX4JDd6|53(j)BT=YbdrZogDQQjX7>R zzT~~-f>NPv-RuQGL+gPV`q|Ka`Vm2xQAyJs;4}=Z1R+0J-W`Eh)()Kkqk5i*o~3s? z*8VH82V$t1xWT3o$nD&peDjpjAZp3L2w-!2bv?zdra?YR?gVRtu4t;;_H|$HX9C9L zXA`VNF3&+2YJ~8iOdC(6f0XUz@g@$%J)rz>3|K@Dc;SzQ0FBIxPy}ly0-Wal8(#Q7 zAJSJqw{2Wad~#W5wPB2O0w_d z7r5*`a6GRY;WEv^=f*%g+)3ZG|En>bYv_Hygc^)sY;BEPM z?fPq3!s757r)dM4SD#U%)-jPnGd!HO({;KI=L9O9zr2Wz6xviEdA`T=IPI6Bo9NTB z#gnrdEIuLD`T`KH;1%AhAuz%`LdXWg+t(vtK~nKDIpw&12+6aP0F z+W(q?g_Z7YA}!Jp5CCeq>XXv@bsk94Pesm3QW~JLy9aGQB+6**XOf6}{LK8a)Utez zCa^9xTMT<-^V1l+l#*FHG(0O>7xD6q4XV8}>uFL@Y!jZwfKEbNX~PYNrt~> zg8**^EjCXkkU43W6u(2#i5hJ&~iOKj|4`s%z=zjg|%P_kyp|d~P+Cw_)WkbW9~#5nEdS1pKL5 zx3Vs&2Q>14JJtEjt;>Gxup3Yh^epjIR8;V{+9!r*-pk2-k!*YPibtjzl`#c4bG>zo zY1&H79s<(l%^p)@0%9Ggp|=!3vl?`>r7WvNeJ*9Br1VK8IDf+%YWsY2FBA1}x>ad} zgl6^HPllt!eSo8Yc^9)V_Y4V`!&RKU=F1Gl@?DndOi>0yD+~6S*NWNyUQ2&I0`oMx zhIxfxAS~G z*%WgXm>yW8*9r(rHr)Yawg${VTwtyzFjo$7%L! za4Lw{${s*0LsA8toVndIK01xoIjqnTI19n2&-?5!_@%#|(5``Yt!X{0!Jm}= zl&drleUa$iW5MxcvTJjb`N;|XZwin5@5 z)_dH%dj~RI*1+8u5Wf9e=S8kadA|H9HOlKoXXg(4^{DmAS3x1nmDw?lvcwlRVymMb z5Gqm8(E0#qN!t;MTh`KGAoZ{s(d!X$7+AY`Nov+ewaB1qs;SY+ENv(i1KZHzkXYx^ zEKp}B5{qXWT!hXAhDJ`_mDsV74eGo#v+2?a{TDf72#^2w?t0Sc)WiSbr2OBjCXPlk zESsB1!f#!r=L)AdJk57nYcPcMea=raqr7Rb6Q)h!8_%t3?X9yFIj#}$vZQz0Hmx); zes};U7=TZf=-bAVsfk0#X``42HH!7C$2ADcrbSP_SggMlO*??H`(4PUH9R6>Z`_e` z68gIj8BRxk(YeIL#Pmk>8-dBr??+tkr{2l_rsQ}`#&cuIsTv5J!F%!)Q|2toq0kv4 z{ZAjl>Ogci`IqoFjKDjbdgkC&l~fC!J;*4XELk!$H3cfU%+jKlg@lqM3 z>-N@M?@zV_qpN=GSVvTON(u7t+1d*Ue2(9rSHsk(wf8n5FG#eLHg%| zI5!^CGv>$WAv>sgA(TFQ`bqXXg`P*EE@Ngr?H;BR4$|aS@hvGA(ct8s%ANZbRa)Xp z?r{8h9inZh03?|YC*%}jYi;^yG?p7E9&?!3Ik5%n{5UR?oH6eqT->rH7dZGJtFTv6 zG<0#w-P6+>n{j&;XFv&hN(8Y1p7%ELFJ}BWpvfyui2TBJGwb7PyeHvmFSFC->>n2g zOJfZ^O5}IQnw|pkO7r+MLh3!>d{d=M&%)BD=Lg&nl1;om0zh&act18Ny25s6H_kmR z27PyN)?0fcMIHAmN3SoA225LXzd~#DUprC8aL1SaGO?xtRp?3KNEGFeisg&!=I3_@ zT~w%hnx8NT7-Zg2-{oWTrv4>pJ0S{zKtYA#e=Y=wR?Q5h#%7*6a^5Q_)m1^v<8nzT zl@gxV5y4x#&je}M3?j@=W`$^9_V`ZZK$Rlh>YrM5Lmlj z(S)38u~@Uh1Oit26@^@PIQvc?B4F003Eu5ucFoDy54>^Xf%#V@3(eVUU|XzgI+VU^ zUTJ{4Q2=h;RIwAFai^G=p(<0wG_a+0(J}EXq z@3(E(<#n0>LK*A-5@ecFg0qnaSF7ej z<;#7?e#E5No;hu(lt4<4e7O}q&|R(@{+#>$wNlbl7H!=Bme7P+t#@3B`$ehf`j*vh;OaXQvex1S^so;C-$Ipo6&EIP2w-gtv4;ilztWL!YIyYcz(ji908mW5`ucgG* zQ5;61L&L!k`YGbcfHF0hBoHX05TvAJBI}WK3*!>sV&#zNtOaQmh>=PO3i0oWjzOU6 zw0PTf55tB&fqE6d@~!EQbIa*vc`XhQX_qx=A|&KqDfD7uhDSW3g@_Q0LBVa-2AA!! z|61S*BB&;V zQEdO5!!Kx&ydV8kBcYX!h(&0QNxa^VfnjD3zcrFvG888c=-J`d`1^a!#s8b&KkSNu zMdcKn>U&DRjwF23y|8wGmM1&YORuV;$zU&@d@}7dBVs;3x9{BaJJCJKy?t|Cl<9gU zV1th4N4|lUh6bacr;Gru&(Tk`Z)w%Cye7qQ0+nJDO2T(3Y6+KpUHM-%MT^K@O*k@I+*$l0hf`3&0mGjmFq6U zcz)!rSJm@%guCyechEWT@vNF!2mYI|r}TBRjTh@FI`#-TANpWRwrkiaU}ez>2u#0? z{bAhI3s4uPCr1FVvnoAvZZYjpdf3+1Hd>^`L4RBt{goXm^R*gbW-x&D>=(k;N&sO` zv^`k@CFI9K*h?``F)D5=ri(JTX+ud9T)b*+;j6g`2KeY5kN9CSByM0M)aQ2xE?9qm zY^2!j+tQX>&!iU?--zC2QmX#A*$}&PV5uhG`fD}ik3y>KpHWOY6yfzxM^tqW$=ic7 z-SYyt9jqaow7~{Q`S9@2d0#RFD>~pl8m~KDk!A`0+vBI-zI|IQ@4y)|5hgsk*vQzf z$QC=V0OCI;_xE(v-v=ERRP@cZ!O>I1=HTG%PMQmR=l}dHcH5u#6a>_%6JjPa8~67q zaj1^Qx-B1stf&nCI665EFoWrW*JIHgybg;51ERgB3+1gmZsy``f>Jvn94XyxyR79y z$D3m&z$xTgObjict6X+rdq2t$bb*NO51wxDcA*fl>zRule57J*zE~&gibLqh|9e3E zuK%cRH=Qw8Phj=>aLjrdaD}{2HibMZ+@fTA3J=dQ$9{_a`5uF}g$i+IvIC&;UfqGW ztYO1TkwSxK3qzN0l}~3d9zKj_ytNAnBelB|YK7yrFd;!AmGfF4ZW&h{3T>-Q)V$Ec zUky0Z!l&KFYg4i@CVP>U$2Dv6w~rN0XkQEPid>9_I!A&z@K3T!Bj0`I(|V_ zlZfh02g--FEZ)YgNVgPvMU2z*ue1^)*%>3bKeL&~!1Baw0e;Lg8yw~eP z|BN8!zR1q}mcG9bCLrK;02R_7lacOfibs!V+__K>z-q?wO8spC_`Yf3mK26>%EcIf z?X7?Iw;%H(Lc@&*RxVn8vIaoXz4(lroa_}B zuE=o|VmqmWegfhg1gp?^XRLe44YR_HKk}3a1u)7mD5aY3)q-&rxI^DWAI+H)I0-*G zh8doY(bbJDfCzh=v3W$&c4)&=AAc#PcbhNpi80xmtFQ3A@zieetiA@yuw;*gW}mg) z+6C9C2YmdD_nOP;r4~bRR{X{;4CekRqW@Y)QlhsS{VvoJjSr>tlWcEq-=$PFJ85lu zW~N8Y-F&NdiBsXX!cyaf>v6Sm*Tcg%Pa8e*!*w>`YEU*mgK^(aKp7{+J`gVW_Oqwk z++CIM&0!bUhx50gCl7E)=!aTvKkB({-^bY&pK?A*i)2Q_YLVP>-dtuO))!Trzd6=& zA*f()>Y|BD_IUkDp}6sEnuF`K+}PR^`My|-U>8~ncKpY*T%rEl7-ccT_NO`YP zQSH$U8=;G%90Fd$R;a9G?4K!v)+KaY{$(Qxvw#JSjs7Ispa$gdolB> zqSQ@Y6vTm`w6wern?$e3G5G1Jd}g)VXF$@8#@ z)mHY`Es&wtJQ}PUqa=@~{;)Zc9XhtvU5_m^57Klp0)2~-z8cn%Ni?eak!>w~rA;?4 zyn79skuvVrc#t`=wT+E)71CCZ_=tEp!GvwcsT<{5(MH{fB=uC&oHC zK!Yn?$14@vNFX?H=H9Mc;_p!h^BswQzB9DR}LyZ^i8X_uyKEi=3Nlf{<+ZaNg1!EEAJ1 zh~gCAr$lXzS+j++l57^yJFN&xT)xO5-G;k;KYxZs;g(%fBNfkaE$OJfRS~#bKdOOY z1ZAY_^KYZ2XJ}?e{n}uYIsfaJr$QyyL{g6DDPJe;2bg%wf*&iZD>!;gfQ+ ze$L<+wK2hlO`^EQfz-6FT4v-sAUMINv`uj>$EG3;RYJD;(#mnPMOlTZ(h{9>npOFw zGDa(JzU9v_z3<9LV{E-u8p^=ByiBBo>|FVT-Y|uQ}3z{u#;GwgjYPmAPLcg}P2}4pk!uvq;ku-t>#KymYP1uc2)}+OW_$cgEIP)@i z%|67$JQ2BX&-Cos2rg>J0D6lSS@F(pmy1oP_-m6m>wfi&6^)#NszjOa>1bo8N#5x! z1{ASvmsOTFugJ7O+I9>(WGPL}Y(+P$tRAge5=5g^4V=aDu*~tUs z7v0fTvog4$;fQX|sy$=k6Osiu%Y zvZwrkb(qS{PwLx%Q@#B_manCNS0JsoN>{>%PkyBM-O{%pn_^~XS;pQOq>Wki>8bxB z5al1Li?BDaFI_Z6RheKZYkXgWHV9gYg#i;gwnh2MC4AJ|I#V5?bnipiG;WHOR+rU& z4@h-a@9lqsv5ldCr#SD#&i^d}VE!yQ{*t7P&sQSjwetNI9B`V`sGgxp?_Q%E{h7f+ z%+CFVhnE3@_~afptpeisfAGN1tR+Za6I_2pO)u4utgkeQiT3NkIaI5m0T zSCt$8VUyn2XTaHE_vM?9RmO;h?s#W<%z0`vC%suwMrQbgM)0Mm6S@nYOnrPzj9SYD zkuGoqi02;U?|4j>o0qqBFhNW>a&cFg@YiI`a0}msdIzK&f-R3!y$`@}%}6x@vwEqKk_*7; z16Jj4VbwLpc4l=-Mycql-eO?oxT7()y~yg)`z*g3v7o>A?CH~XBYj(Yg?mp+``8;4 zw8RC)bAaUg-$4_1;(&^86kJC~XUE??=}x}UGN$k7-(NNVpC<0Vy15xT#6z@dvGV_zldL%5}?b<%${}p|FBx@ucX5Im!EMOpeCkxsBQd zU+zApVx4NasCMi}L_~S0vi2`5WyoEpjCANeKDI6)lu1Ce5L@#g6 zs8&aB3_%cp+ObLLhyT(Z|LZ^XT?4~gaK&X>Lw`fc^Ohba&$xE)-=uD!hx+4-JXuUC zDtb-6e`8j>5?(IfCG>&PL7I^hFe1~^(F#9DA!8u>$HqP;5%sQH%qxs0{YA)_6CPl{ z1U7DQ08f=sQHehOJtCPeB?x%vYpXHJL^)E9kL!A{`5vR_@dD@}r?FAb!0*PT?aA}z z#Kb3vm{9~dfp=hMwpRHo3ou_3fTMy?_weLO4V6z# zZsWkuQZK`OA;@Y{LrdQz548$$U(Q>^Ku>mjwFEA;3$suo?!SA;0R4N0_&}-Ug#tzd zUO+&bs%3$SJ*rde+d-{+fmmqhg9)-_4S zDbYIUR}#bbqotITA{3hd@I==3Xim*O=*dZm(J?lSxTPh;8-OG1c7wWSwefbKIb?GW z{DcvhouBS0N9p;SX1dxcK^wc24X^Yqs&qOjnQacJvL}GFXn7in9L$D}P6Z(0yspRO zk99PqNk2tn(Tt?nH5cl8P`f{WB_rhp z1`XbAFd)5JO78S10OsJ3O@UHelv2i=kU-APnf!V4izC3c=(~?AY>z$*U?7BfZ6jb9 zBZ$f7j~%9p2DxgB* z_6!V6EDK5dEbC?AAiw_#Dv1ze=KDzqHHwhL3saOiZ|eS+;#iJtsKifFX8OtB^IwaR z2EckkDA5dr%7?&IQaVKV%Jp2#b&dHLRLx{t0e7EZ`yTDLsIu-9zwU@{Idp`Q4`4@$&?~y+sn8PL6D`X{}^T{dntoHJ*$Q@f65m<^G%{m_mT%k)E_zJ>~?gua+ zXK6f)c=7P|UqLPZXcYrA8UGAuapzR!yp3F`s?3x7=2@%4| zr1 z08Z!BqpP-@5L`#3x&K(*-Bs%Ttg@hNhDEVcx)0oNSX0%L@(26Bty)lX;=L2UA3v8+N=mdsGjhZmLNK+Jb$FkYCy?PW?%)c zlTe5R=jgEboz&utD-nMP_mHrfR={`UXBDZa!R%5`mN|^;pE-4WM6+qF??vzM!RWJp zW2Knz)K~#KsiVXc(bPy1yrKu7u$^S`unW!OcB|NEPn-z*kgsvszwAZBx6xovIwea{ zr0pfRUZtP=At0qSfHM+bQ&nraZ&m-uTSx zWwkcvGxgcNW7eDccheJ)wy#*v21PQiZYb1KkLDv249k4sx~5%H(+`nR(DA6n z-+dSNJxdqM>xXIT+VI#5QsGgTd!Vl-ndzisM8YZu*E5Yc%(DGkN34aJYbzZ-<3X&z2Wf93&QvK$FhW&b9HOKQnH2%(hEy0etwS!t?b>I6dyd zn4;1tM`oOQg$!XnM7P8_CeETFBgUqXD`r<&{yW`-9lm%SU<~$^Wt=FCRDlJu^4Z)n8 zOHzM|4WfbW+op}PhLkJR(8J?S(DqeP>Gf}Ob1~c0U-t?Y?M+wo2dhHj{ng@mR~8T8=_(LfCECUa58P} zr^v*#@t*LF{M2*(cEvpU@o$sG?iw2IWL1qIr@QPN5hCTA`cQatuR>?=yN6@=>RVRb zn&MPCm;|yaMq)EaLF3pj30hD4d@$x9Ra~kit?ybXzncl+d3|Br?n%w({fV zRyI4M#iN~WhA?Zq!v8j76iSijGFuS=!IzHD_`-=nqRuv9ZE!UMi_gp^?|bqhjT^2& znQtkSx5CpUtf7m~AV*ldA+qoBbA{^ee0h4v*R@IcqL`#tW@?Mg&O@F=)zVfn@Ij%e zhD)e(A6u=pV=2QM*pBZrcv>1@l)NT<(pPa9B!~Qb^Oj{oc~te;vu*1dXKan?;KK@d zVV!z43K{-m`6;%xh8@X3^z14S9G98yo!F}K(pBTk4nyt5efg6>&->HyTgkpNW9gbZ z068Csl%^a!iQeK7Kr8AM!uY+KT%r^4dcx6rL$2?3Rjf*br`pgRERnGWFzlAEZLC~MfMkoVZ*z0Z%KNM9FovOyVd+lh~t))Q|(?mSm}bi)kO zZdQ#ev#f819C#=aCu#_77gv4>P8-FyRAAbq=kSoFK<_=*J1Sh)(unS@o0G=RN>k`F z)YaH<5Bx%)v6Ip-*e{8AsQw;K|NeoOIDoJgZb1BC3VJ5w9^PvGc*>F2c3i=B>;|`( zx!G^`4!h|~2aZ5FPD~ij7=_!shMr%CqOs5MCkNeA$QN?o-vpG;n+28``R4VC>wJt` zwgwK2vF&PijlbSMqiVVAsupW3tvhR8f?%;uTd4f#T5+SW(r|K}13=T;oRq?}zE#AiW=#Mp0H3*a1fG1(NhJ z@cz^;V72E-!rp)30+3;`_bL-jEL1tO-DaXkNs)=BjgK&zbF7-@8s?AE&#Xt&OrZ_^ zJW(g>(B7K{yvJ%p2MaSD_SSe2~t->Sh2p^5G*br@`QO& zoejRFaNH^;k*N;v_Ez>ij49IYlf%Yf$=wAb;Qb)U6Rf5H;opkqxt18@*p@)5q(?$W zdhEf?6dk%UKt2BUC}&g=Iw2=d{d6h2r$+sg+#lmNDT6lhaS@Q*?L18Oy6>Js<5tX; z{i_b7mb4+MOaYLD=HuM^`ATu=b|61*Z3Cl~9*J9jtJv8=v&Xa0Vc1UrlSx zZpKbq?m%UDbL>a2Fp5P+-x|9&lRS}Lk*fYfPX6qR24Rk4C+qFTuAQG3{Iy=`4a89s zf?^_8#QY%!{!y!OnXp<7S=yLwKPKb)!)}Ug^8-}YuGx_O7%SE|=waMLn~CNR&8b$K z6`V$Skcac`ePkz<>n^Z$pDU+~D?NCccKfR#_g~x$bI0l;^5QHS#ScEpGwR9M1)@+D zxo)I&e9SM}Y{I7&|M!Ce(bph;LWa6$;GygQgS#cz5gn&nvF#D!jG*^R1q_t7gMJ3R z#$p`>0uk4igvKOUH>?5(Jaid@8A}&?Wibes9Y+|cJli+E zG&*@A@Nz?WI3H5L(<=aLNky>%*v5?KvDnR+7&al3`2%6cTXlGr$lb*dhb!=((cVcuU!|AAl#$bu?YC( z5GyoS1zg^ldK z7#xIP%x0odO<}Sr@M{aSy~XVdO>sI^a#;!IizlmfKUjW-ie+236ynJU8vK1v_rw4N zKaigj8)GV9>|zuDX2880L^yq>#7Y+i8vK5+ps%-3Li9v|^GR$`u)@%8EItsvT z#l;HWmedR6P$PnMe{G$btlxI4*+9eB%51%f*73d=Pu+gUEJKZw3?! zr>~GN|Mz-j zW6XJPe_4*7*V6g&j#a;L%p8-GCx8fXFI8Uh9IazVkCPlyE1VtHOg)|D^_k_frcbAF zb5l}`r+)Pk(*lE2Avd=|dO}KHvl25yeV3#t+$}ZvD%ykK-IHpb1{kT!d`&GIO@w;( zMXlde?Nc};cSdDmZIrEcPL=LFs?1DeTiXQYHV`_)?UO21O=fp_pvS$Sewtf9f9qt+ zwV@0}v#v?Z|02iSzWRjzv1T=Z<}3KYT>iDTY1hW2djwAHz#hYQBxSLWWflZiwYK*)UE}Buk!{x69x#Y84nbiA_V>cummr2%y;;$vP(3Ia zb2r@1+nA)gu;#>s!%O=BBq7(IgWgob)rDwV{Tpdn!%xfk9|mJK3k2zZg1O$tLTudT z9HgT;b#*l0OdS{u1Fz&=e&G82mRze(dZ(fD(rJv4-}A-(?3l}bVwe}VeeCvI+J7B! zSol*}2VMHOB2`AiAAS*lThq#k9Deot*8&?ZcZ>x(UZQQlbu(W}m#=+C2jN`47e&0Z z|Gj_#iSN?{zg`WELVy2og+rIo#2TCDtM$Dm!qL3Om53{>>Jr&=IN8Z&FVd#St55X|Ai(+{Hp-?pnX>m$m7adZR5GQ|rVkg7 z!@Ui&w`|t7p`>mx5c3OSGLhk20@^KBH<1;fEa-j@$OkTb28s(ck!mi&nq>z1*h-r& z%vYm&4y6GQk+b?CHekbhy|o)_p!SRb{$_0(P3&Ca07N)9o%d=rt3K!i$g!@b=;b1s z*jvgB@*)*qCWY^XkcaX2I?4mG@8j@)7iPo{?(uK{Y8GNN3gI6v9%=~Kr2%4 zd!KOUTMh!siGgR%)~MIQ)qI8J=#!X1hziD+lUnj2XR-LwB~|#=fSs=s$?bNA?bI0t zK^h3KH_>v#C~I26wqx3Bxx1|(t7SC?+FoYI!H5~hVpy>@xB4&}d`Tl9+f?gAc4?*G zWfGL{w9Ksd?B*;2?mBBz+>_^{cT3<7WNQh1ikxoD5-^Jeen83mTeVEnTCZ&=Z?i+t zU}ecJvt~hv<|F}y@_KW|)2a4=6H>z|{@o@3wMi_;=iLMZkSlpi{+P!ugw`~bOd{^> zH0vLr&J#0BX&G22uBx}bm}uIkCF>{>I`%}JcH0**J6fu+LHTlUg?azgy9iA62|LXb z-{GPAhdni>8j1Tp`(Bb947l%#7GK>4J)i!9JK+r?G&$}|OWKKJ5)2;K4Y&Qp%T4UFFE~=rTt#S{jBD)gOZSK6F)7SJpB>rQ;Z{= z2i1U3D%RXwmfd;&7#O;(e51i5$HbDET@@VgYbHWsyJ5Su;Y-V9Q42G^u$5~*pZR5& z*zvIB*WH@g(p0*(dPwq&`w`aFw88=znvL|)Wm0dG@$ey9xN<`L1!dgiT!_RNnesnf zhV?vhVV2H~;dYx#Q|rjkt@yhm%^zo=+C9-<%nS~voH-X~KAW()gs4Y0zj6XMQ#;@S za~)P$y7e*Q1)>{GOcg((oVhlR>tVC89dLn1`l$+oTS&$S)$(3m3_8uw6?$jICyx}6 zJ#biVCo1Fvu+VX#E5tBCNohxot5{Sz1=≪⃒#3VfSDVfw-bN4wS_=7FAc}o-oE6r z81fi&Vu0TaBf1cdOM;B^S0cjm;>|QS$N6FucHb;6tf94R6SAstmc{YCFIo;+T2!yE zTJF4V4q(lv)t>GQ5o$+m9uWC(7<OWeNsv)>C-0ET0SvE35anGgW=WatxypYZ(a3Enb2J@~ zBC4_TXN`~Q_)1@;p&s%==ZisKfqV4(#GeY=FMdoJM~d{C-0m*i+C1OknQM9EPz(** zzOxowh=eK5fbiuV#h1PSzP5}8U8com>0W~0MM9r8K|caG-rgHOlpjTjkh0hm+&=?3 z5`ABE@BZN4aTJ3Xhx z(?ElxHYt4&Xh+O`|hKZNXIR{Y=Tf32QOa1uAzZZo^U-XN=(?Lzf{i#*r zStr<4RodAO-r!+}0AX4^xYq-X>VaHOrLuQBQj^$>Z=Ik$&pb=O zGy}E$i`j@zyGfb>3+Ler1ys~605^CB`g)G=hU;La^pj#ULJ)0jbuimE-_O}{ z_H{U+<$7(cag%HNHHW84G(>i#T0KVAO-+OBWXXfa(7^AA&#%%qg+1vO+}Z|Tu}N`g zmEb`qL7yB|A$w&hY+*wIWK7iv3oFOPNa6_OV1;zrz4022NmoZ}Rh`IzK%NtHSpY}< z622ACU1*BTiA7Nb=5b?v8Qu5&3fH$Jkc%BNFqEv=Cs>hUA-P$D*(0hF`PyrnJY^n=(Ocr#RYN{|PHQ|jleNt* zF+P^;v`Q1z!{lP{j*V0&C66@IdJHnfwfT743CL+4UsK`vX>E&s^T18fG|yX}0r#?c z4s}?6Zyd|l)U$f_E-S<9W#a8fzuOJJW=dNex<-K!$K)}sjxiUz;`juZI`Tgw&P z(mn<5`A|+VN=p#CrA;KRR%P#$)nWa@1F4-4$|V? z;#2)2I(rojKF?mYbk)Z5pB$wLJX_+>VhE+dg4=@6PmbGV4x*rTj!k?f+{nA_mfNDa z1ZTUrsPVs#kNOK)Vn7ad(a<*90(((*e9|XHYZ6{3(;zoe!)+nXBL9k?!ecf1gdx>y zum0!ZTHp5BK!Ezm1&BFbAm>?I+UYxOy44}Afm*=fRPdsa3pjHQluuiJKpgbhx>i^dG3$!o)`$Xnu&t5`(# zTA55lwhP4}UdH~0MA2=SFU0G$tFfx*bXnE@wgpT@i$~%YdY-R3}f=F(>?)Wf5ECQDg=-!JBmb>f0Aj&a5%u4+(R1L~O>jsJm6s zF2QcEeNHSS4m)gjIlL2nvPGdQEGa*{3)-vEl+koyJTi!3DIeChV%!F&reL@9R&AD* zv-h+C9tmB-H~0vPRW3hu;VOHFqyrI=*Qw)WK)AQ4A<&h{0I82E8iWZK$tnHGrRs?<8R} zPxLUcdOMab@cB85SEp>?=CGNekkuTCTgZ!ZA{C?s?9|O0gZntx*fCW~`_m2DHl}Y8 ztZv&JA9$aIf=u&5kN$W_TQJCL@;iW{9pdy-`&sCDEZ2;{os@@|vCRCK%N#~2B2k{7 zKt)e$Wx-0PD6?iAuu(|uB5hFeng$Yz_yUDJai%dd76yd9`LHcEfjtLu!8Ea@pVaP` zzyo?3Jt&Y4an4M}`YR7@i;Fp-v2!k>WN|g+Y`-IC=plZ#dfX&b4;yfcK@FYrQZ*pf z;+~(nQQO_LRs=Z+)B~Z5T-YKbyBT7%9M}^TbI92NaDc0TLZ+!$k`&apAoL8Ad$3D5E*=L ze8hx59>VR4;=BA(U3jYjs3LxSF-6CYXR;8`ecAo+*Wl;eNK*!=-}NAJa9e zUTiF9u+}r&YUJ#nN~qml*vkuO#-(2_9ub%CR{2oxe&qC?nxuZd!^R{`0WWDq33prF zlnr0srJ+hRxJ;zYgbznqmI4!WP=mvcBU|RXhTy zF3Fd+n%nDBMH(>;ruQ($vn(#2(85B3QGVC*v^QRw9-i(ywbq*SuRe(}>v=kJfj$$g zFpFt5O;>&t_!pxP4|D7;B;OybU1QN2Qbgn?t+iGpNt4m4JhtC~AMQMsXN`8dyFbP5%M zJ}?6-S4R;7Ve2lrG?htWfK0IXvn=$?c}v}5p;KdpV0&J_7d3-1AixBxY4KqMB5ca3 z^5j5>aJg?MID}$nRryObckP9ofJ-v(#a%PeCv6i1ER8QsL8~JSHdO9kcZc5c&Z|W( z_v(wO8LtTn0r z_JqE_4V9gm3AAYhgs6fawS*H7NaN_=j==~lCT}&rjM0~_r=0gQvl#i)nz85 zIL^4>k{W|vuOJeB@fl9qe^3D{bKJ83!Jn6xM@&crcUqM<;RdpNmYTadZrB(Ss%Dkk z+{T=3Q;4On#a2@b;QGd@p`ey_Yc}xXkK(>r%M~C~2a488L{`yFEu{y#Nynr1s?*I) zP97t}`I@(vh~=PtwOx+We-p|@(Hu=9QMR8LKB~-7rRb*lVn(Wb<0m3%LD(z$x48BY zZq3INRA&-J2g@Hl#@ssGJlE0yfcAIshK6HIE-Prxb{m}}>rfYARy(UeoLOT#YhA~h zb{Ya{!Eyp{WzKG{ZS=X=fyBvNMj@cg(w#%;k%)UZ?L}R>4{3&~t^N4rHUHYK7Uw4W zaD~r9J{cy@qxBuD_B{+ZgGkSs2ko@M8*WppW9EI_nodWa)UhHa_QBoP--Nd+o%GGx z;9ECR&JDp?Xj#)8kc2U#BJuv4P?ed&*uk}CdTaDXkvi{qj=bQOjtoSgWt*m`xaM-& zsl=(N6h&ZbX4&O_h*ZJJ8rV5PI;`|ocqOUIm9Tg9tOIDrjac z>#&sE2c`R^4%}L(<~ci6#2lJkV{_`p_3n-(%z*3hz7Ei{MlZxHz0P^zf54&@ijgbD z{FeTrs{tdv+gL~L-K{Cr7i5I z(@qU$WI&D)VH$T7i5JEKu=3D4zIEeV&)%3#P_nLQUMl;PP;19VTIc~goP6gG@3GSr z1JeXm_ejWPNug}46JssG9pQOLWl~qBMj|d38=ZK0!G{Il=;rkrvoce}JyHuhQnoR| zpw!vT?Hmv*#Fc}0`x(p8f5Xa1wbqDo1LY2E_5i8#FMZHe^3CE3>NuD9=&D|kN&I|c zjBl++iC_VleuS0bO&(F16$5z0_wf2llcx7hCCN{8+NsUQKjc@mqWl6WtEz`EQQ;1B z-mZLb4e+a?w<#;&leCTz!{7e09PPx8NOOdjP z&@6P15G3J2T3(1p78eTya2^74M-ELLaohN4(hOcnQRi$S6Z@dUC;?)#2Aa}YUg?fl zezW2M67d+ZY;OSw4>&YiS9v(=V;0wXNyGHniUgt}++Ia3edqu~8xu|vu&F0yLvh8Iqlongabc-h` znHiI?NrDI8^r+|kl+kE*6k4GG0O{$Z4S-X!vg`lM4-PFxUs18>Izge9>J7r1_p|r1 zMvblP9tS+{xaOUy*4${XjspBdy(r%Q*|BVlq&IlmoN+B+iZz|HYqdJYC^zjr=1#74A7QDAHdM(ohXEd~<+}2#(b(wA!ZO)1uM>Hjf*k~Wc;WK-JnF0(zTZs z#rC{WXy8_8@w`omm`nJ+>oZwV4y`bR8T9(&U15n|U4Z{SO&AA#%ddiS3jmj(BP=OwB#bX#-!uyG}4p|KMH-o zX6b@JiO4-0tGnco{dBhHVuzufkd<(qTlmJ@zNmvp%a|N7UGA6t&;I)?3A(Q&0-Y4%IIo1?JsN`GbOzOO8xN-8)` z@B{`|r_F0Dv_#*wS95HON$n1ODBC0GPbjtSMXqaQ;sNh%JfLjcIJ8O; z99@5YLcStR3ANrSs_-SX-;9P8IxFZV89aK$WcdAD$#E z$$&ZKx|*k)Klk!it~uMemJ9SB^NS+%9eMWos&h5|A^Bx}-Q@xn@RMlDi&DYgD9Tz( zzeP+a725pZg52mqXfNrzNXiF17w|X)TC%%+x~AIV)JL3J`WT5% z7`ov|R{gT+_1-;78&YrX-K>*f2Z`X1r8q(M zH#%@jIQ(?r95qxK+M#60nC#yN*H zjcB0iO5!yi({&JX$Oe~M;u~VrQ=+`Pr~F~#xb_R&pq!*RyOZ7;|Y!n++k2UbHP!S>8sS1tAomSo9Y`TNrUSt9Lb zwtesaQ%TA{W>d5mI9Fk{>tXT#T=&0k{_QI0+Je!$!v01$K>c=w{SVXI)$DK7t>1=o1$j)tb*NyDDk)0CQbt5|@u + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/fast/stages/00-bootstrap/README.md b/fast/stages/00-bootstrap/README.md new file mode 100644 index 000000000..621b42b53 --- /dev/null +++ b/fast/stages/00-bootstrap/README.md @@ -0,0 +1,310 @@ +# Organization bootstrap + +The primary purpose of this stage is to enable critical organization-level functionality that depends on broad administrative permissions, and prepare the prerequisites needed to enable automation in this and future stages. + +It is intentionally simple, to minimize usage of administrative-level permissions and enable simple auditing and troubleshooting, and only deals with three sets of resources: + +- project, service accounts, and GCS buckets for automation +- projects, BQ datasets, and sinks for audit log and billing exports +- IAM bindings on the organization + +Use the following diagram as a simple high level reference for the following sections, which describe the stage and its possible customizations in detail. + +

+ Organization-level diagram +

+ +## Design overview and choices + +As mentioned above, this stage only does the bare minimum required to bootstrap automation, and ensure that base audit and billing exports are in place from the start to provide some measure of accountability, even before the security configurations are applied in a later stage. + +It also sets up organization-level IAM bindings so the Organization Administrator role is only used here, trading off some design freedom for ease of auditing and troubleshooting, and reducing the risk of costly security mistakes down the line. The only exception to this rule is for the [Resource Management stage](../01-resman) service account, described below. + +### User groups + +User groups are important, not only here but throughout the whole automation process. They provide a stable frame of reference that allows decoupling the final set of permissions for each group, from the stage where entities and resources are created and their IAM bindings defined. For example, the final set of roles for the networking group is contributed by this stage at the organization level (XPN Admin, Cloud Asset Viewer, etc.), and by the Resource Management stage at the folder level. + +We have standardized the initial set of groups on those outlined in the [GCP Enterprise Setup Checklist](https://cloud.google.com/docs/enterprise/setup-checklist) to simplify adoption. They provide a comprehensive and flexible starting point that can suit most users. Adding new groups, or deviating from the initial setup is possible and reasonably simple, and it's briefly outlined in the customization section below. + +### Organization-level IAM + +The service account used in the [Resource Management stage](../01-resman) needs to be able to grant specific roles at the organizational level (`roles/billing.user`, `roles/compute.xpnAdmin`, etc.), to enable specific functionality for subsequent stages that deal with network or security resources, or billing-related activities. + +In order to be able to assign those roles without having the full authority of the Organization Admin role, this stage defines a custom role that only allows setting IAM policies on the organization, and grants it via a [delegated role grant](https://cloud.google.com/iam/docs/setting-limits-on-granting-roles) that only allows it to be used to grant a limited subset of roles. + +In this way, the Resource Management service account can effectively act as an Organization Admin, but only to grant the roles it effectively needs to control. + +One consequence of the above setup, is the need to configure IAM bindings as non-authoritative for the roles included in the IAM condition, since those same roles are effectively under the control of two stages: this one and Resource Management. Using authoritative bindings for these roles (instead of non-authoritative ones) would generate potential conflicts, where each stage could try to overwrite and negate the bindings applied by the other at each `apply` cycle. + +### Automation project and resources + +One other design choice worth mentioning here is using a single automation project for all foundational stages. We trade off some complexity on the API side (single source for usage quota, multiple service activation) for increased flexibility and simpler operations, while still effectively providing the same degree of separation via resource-level IAM. + +### Billing account + +We support three use cases in regards to billing: + +- the billing account is part of this same organization, IAM bindings will be set at the organization level +- the billing account is part of a different organization, billing IAM bindings will be set at the organization level in the billing account owning organization +- the billing account is not considered part of an organization (even though it might be), billing IAM bindings are set on the billing account itself + +For same-organization billing, we configure a custom organization role that can set IAM bindings, via a delegated role grant to limit its scope to the relevant roles. + +For details on configuring the different billing account modes, refer to the [How to run this stage](#how-to-run-this-stage) section below. + +### Naming + +We are intentionally not supporting random prefix/suffixes for names, as that is an antipattern typically only used in development. It does not map to our customer's actual production usage, where they always adopt a fixed naming convention. + +What is implemented here is a fairly common convention, composed of tokens ordered by relative importance: + +- a static prefix (e.g. `myco` or `myco-gcp`) +- an environment identifier (e.g. `prod`) +- a team/owner identifier (e.g. `sec` for Security) +- a context identifier (e.g. `core` or `kms`) +- an arbitrary identifier used to distinguish similar resources (e.g. `0`, `1`) + +Tokens are joined by a `-` character, making it easy to separate the individual tokens visually, and to programmatically split them in billing exports to derive initial high-level groupings for cost attribution. + +The convention is used in its full form only for specific resources with globally unique names (projects, GCS buckets). Other resources adopt a shorter version for legibility, as the full context can always be derived from their project. + +The [Customizations](#names-and-naming-convention) section on names below explains how to configure tokens, or implement a different naming convention. + +## How to run this stage + +This stage has straightforward initial requirements, as it is designed to work on newly created GCP organizations. Four steps are needed to bring up this stage: + +- an Organization Admin self-assigns the required roles listed below +- the same administrator runs the first `init/apply` sequence passing a special variable to `apply` +- the providers configuration file is derived from the Terraform output or linked from the generated file +- a second `init` is run to migrate state, and from then on, the stage is run via impersonation + +### Prerequisites + +The roles that the Organization Admin used in the first `apply` needs to self-grant are: + +- Billing Account Administrator (`roles/billing.admin`) + either on the organization or the billing account (see the following section for details) +- Logging Admin (`roles/logging.admin`) +- Organization Role Administrator (`roles/iam.organizationRoleAdmin`) +- Organization Administrator (`roles/resourcemanager.organizationAdmin`) +- Project Creator (`roles/resourcemanager.projectCreator`) + +To quickly self-grant the above roles, run the following code snippet as the initial Organization Admin: + +```bash +export BOOTSTRAP_ORG_ID=123456 +export BOOTSTRAP_USER=$(gcloud config list --format 'value(core.account)') +export BOOTSTRAP_ROLES=(roles/billing.admin roles/logging.admin roles/iam.organizationRoleAdmin roles/resourcemanager.projectCreator) +for role in $BOOTSTRAP_ROLES; do + gcloud organizations add-iam-policy-binding $BOOTSTRAP_ORG_ID \ + --member user:$BOOTSTRAP_USER --role $role +done +``` + +#### Billing account in a different organization + +If you are using a billing account belonging to a different organization (e.g. in multiple organization setups), some initial configurations are needed to ensure the identities running this stage can assign billing-related roles. + +If the billing organization is managed by another version of this stage, we leverage the `organizationIamAdmin` role created there, to allow restricted granting of billing roles at the organization level. + +If that's not the case, an equivalent role needs to exist, or the predefined `resourcemanager.organizationAdmin` role can be used if not managed authoritatively. The role name then needs to be manually changed in the `billing.tf` file, in the `google_organization_iam_binding` resource. + +The identity applying this stage for the first time also needs two roles in billing organization, they can be removed after the first `apply` completes successfully: + +```bash +export BILLING_ORG_ID=789012 +export BILLING_ROLES=(roles/billing.admin roles/resourcemanager.organizationAdmin) +for role in $BILLING_ROLES; do + gcloud organizations add-iam-policy-binding $BILLING_ORG_ID \ + --member user:$BOOTSTRAP_USER --role $role +done +``` + +#### Standalone billing account + +If you are using a standalone billing account, the identity applying this stage for the first time needs to be a billing account administrator: + +```bash +export BILLING_ACCOUNT_ID=ABCD-01234-ABCD +gcloud beta billing accounts add-iam-policy-binding $BILLING_ACCOUNT \ + --member user:$BOOTSTRAP_USER --role roles/billing.admin +``` + +#### Groups + +Before the first run, the following IAM groups must exist to allow IAM bindings to be created (actual names are flexible, see the [Customization](#customizations) section): + +- gcp-billing-admins +- gcp-devops +- gcp-network-admins +- gcp-organization-admins +- gcp-security-admins +- gcp-support + +#### Configure variables + +Then make sure you have configured the correct values for the following variables by editing providing a `terraform.tfvars` file: + +- `billing_account` + an object containing the id of your billing account, derived from the Cloud Console UI or by running `gcloud beta billing accounts list`, and the id of the organization owning it, or `null` to use the billing account in isolation +- `groups` + the name mappings for your groups, if you're following the default convention you can leave this to the provided default +- `organization.id`, `organization.domain`, `organization.customer_id` + the id, domain and customer id of your organization, derived from the Cloud Console UI or by running `gcloud organizations list` +- `prefix` + the fixed prefix used in your naming convention + +### Output files and cross-stage variables + +At any time during the life of this stage, you can configure it to automatically generate provider configurations and variable files for the following, to simplify exchanging inputs and outputs between stages and avoid having to edit files manually. + +Automatic generation of files is disabled by default. To enable the mechanism, set the `outputs_location` variable to a valid path on a local filesystem, e.g. + +```hcl +outputs_location = "../../configs" +``` + +Once the variable is set, `apply` will generate and manage providers and variables files, including the initial one used for this stage after the first run. You can then link these files in the relevant stages, instead of manually transfering outputs from one stage, to Terraform variables in another. + +Below is the outline of the output files generated by this stage: + +```bash +[path specified in outputs_location] +├── 00-bootstrap +│   ├── providers.tf +├── 01-resman +│   ├── providers.tf +│   ├── terraform-bootstrap.auto.tfvars.json +├── 02-networking +│   ├── providers.tf +│   ├── terraform-bootstrap.auto.tfvars.json +├── 02-security +│   ├── providers.tf +│   ├── terraform-bootstrap.auto.tfvars.json +├── 03-project-factory-dev +│   └── terraform-bootstrap.auto.tfvars.json +├── 03-project-factory-prod +│   └── terraform-bootstrap.auto.tfvars.json +``` + +### Running the stage + +The first `apply` run as a user needs a special runtime variable, so that the user roles are preserved when setting IAM bindings: + +```bash +terraform init +terraform apply \ + -var bootstrap_user=$(gcloud config list --format 'value(core.account)') +``` + +Once the initial `apply` completes successfully, configure a remote backend using the new GCS bucket, and impersonation on the automation service account for this stage. To do this, you can use the generated `providers.tf` file if you have configured output files as described above, or extract its contents from Terraform's output, then migrate state with `terraform init`: + +```bash +# if using output files via the outputs_location variable +ln -s [path set in outputs_location]/00-bootstrap/* ./ +# or from outputs if not using output files +terraform output -json providers | jq -r '.["00-bootstrap"]' \ + > providers.tf +# migrate state to GCS bucket configured in providers file +terraform init -migrate-state +``` + +## Customizations + +Most variables (e.g. `billing_account` and `organization`) are only used to input actual values and should be self-explanatory. The only meaningful customizations that apply here are groups, and IAM roles. + +### Group names + +As we mentioned above, groups reflect the convention used in the [GCP Enterprise Setup Checklist](https://cloud.google.com/docs/enterprise/setup-checklist), with an added level of indirection: the `groups` variable maps logical names to actual names, so that you don't need to delve into the code if your group names do not comply with the checklist convention. + +For example, if your network admins team is called `net-rockstars@example.com`, simply set that name in the variable, minus the domain which is interpolated internally with the organization domain: + +```hcl +variable "groups" { + description = "Group names to grant organization-level permissions." + type = map(string) + default = { + gcp-network-admins = "net-rockstars" + # [...] + } +} +``` + +If your groups layout differs substantially from the checklist, define all relevant groups in the `groups` variable, then rearrange IAM roles in the code to match your setup. + +### IAM + +One other area where we directly support customizations is IAM. The code here, as in all stages, follows a simple pattern derived from best practices: + +- operational roles for humans are assigned to groups +- any other principal is a service account + +In code, the distinction above reflects on how IAM bindings are specified in the underlying module variables: + +- group roles "for humans" always use `iam_groups` variables +- service account roles always use `iam` variables + +This makes it easy to tweak user roles by adding mappings to the `iam_groups` variables of the relevant resources, without having to understand and deal with the details of service account roles. + +In those cases where roles need to be assigned to end-user service accounts (e.g. an application or pipeline service account), we offer a stage-level `iam` variable that allows pinpointing individual role/members pairs, without having to touch the code internals, to avoid the risk of breaking a critical role for a robot account. The variable can also be used to assign roles to specific users or to groups external to the organization, e.g. to support external suppliers. + +The one exception to this convention is for roles which are part of the delegated grant condition described above, and which can then be assigned from other stages. In this case, use the `iam_additive` variable as they are implemented with non-authoritative resources. Using non-authoritative bindings ensure that re-executing this stage will not override any bindings set in downstream stages. + +### Names and naming convention + +Configuring the individual tokens for the naming convention described above, has varying degrees of complexity: + +- the static prefix can be set via the `prefix` variable once +- the environment identifier is set to `prod` as resources here influence production and are considered as such, and can be changed in `main.tf` locals + +All other tokens are set directly in resource names, as providing abstractions to manage them would have added too much complexity to the code, making it less readable and more fragile. + +If a different convention is needed, identify names via search/grep (e.g. with `^\s+name\s+=\s+"`) and change them in an editor: it should take a couple of minutes at most, as there's just a handful of modules and resources to change. + +Names used in internal references (e.g. `module.foo-prod.id`) are only used by Terraform and do not influence resource naming, so they are best left untouched to avoid having to debug complex errors. + + + + +## Files + +| name | description | modules | resources | +|---|---|---|---| +| [automation.tf](./automation.tf) | Automation project and resources. | gcs · iam-service-account · project | | +| [billing.tf](./billing.tf) | Billing export project and dataset. | bigquery-dataset · organization · project | google_billing_account_iam_member · google_organization_iam_binding | +| [log-export.tf](./log-export.tf) | Audit log project and sink. | bigquery-dataset · gcs · logging-bucket · project · pubsub | | +| [main.tf](./main.tf) | Module-level locals and resources. | | | +| [organization.tf](./organization.tf) | Organization-level IAM and org policies. | organization | google_organization_iam_binding | +| [outputs.tf](./outputs.tf) | Module outputs. | | local_file | +| [variables.tf](./variables.tf) | Module variables. | | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| billing_account | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | | +| organization | Organization details. | object({…}) | ✓ | | | +| prefix | Prefix used for resources that need unique names. | string | ✓ | | | +| bootstrap_user | Email of the nominal user running this stage for the first time. | string | | null | | +| groups | Group names to grant organization-level permissions. | map(string) | | {…} | | +| iam | Organization-level custom IAM settings in role => [principal] format. | map(list(string)) | | {} | | +| iam_additive | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | map(list(string)) | | {} | | +| log_sinks | Org-level log sinks, in name => {type, filter} format. | map(object({…})) | | {…} | | +| outputs_location | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| billing_dataset | BigQuery dataset prepared for billing export. | | | +| project_ids | Projects created by this stage. | | | +| providers | Terraform provider files for this stage and dependent stages. | ✓ | stage-01 | +| tfvars | Terraform variable files for the following stages. | ✓ | | + + + + + + + diff --git a/fast/stages/00-bootstrap/automation.tf b/fast/stages/00-bootstrap/automation.tf new file mode 100644 index 000000000..f55cfdc54 --- /dev/null +++ b/fast/stages/00-bootstrap/automation.tf @@ -0,0 +1,107 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Automation project and resources. + +module "automation-project" { + source = "../../../modules/project" + billing_account = var.billing_account.id + name = "iac-core-0" + parent = "organizations/${var.organization.id}" + prefix = local.prefix + # human (groups) IAM bindings + group_iam = { + (local.groups.gcp-devops) = [ + "roles/iam.serviceAccountAdmin", + "roles/iam.serviceAccountTokenCreator", + ] + (local.groups.gcp-organization-admins) = [ + "roles/iam.serviceAccountTokenCreator", + ] + } + # machine (service accounts) IAM bindings + iam = { + "roles/owner" = [module.automation-tf-bootstrap-sa.iam_email] + "roles/iam.serviceAccountAdmin" = [ + module.automation-tf-bootstrap-sa.iam_email, + module.automation-tf-resman-sa.iam_email + ] + "roles/storage.admin" = [ + module.automation-tf-bootstrap-sa.iam_email, + module.automation-tf-resman-sa.iam_email + ] + } + services = [ + "accesscontextmanager.googleapis.com", + "bigquery.googleapis.com", + "bigqueryreservation.googleapis.com", + "bigquerystorage.googleapis.com", + "billingbudgets.googleapis.com", + "cloudbilling.googleapis.com", + "cloudkms.googleapis.com", + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "essentialcontacts.googleapis.com", + "iam.googleapis.com", + "pubsub.googleapis.com", + "servicenetworking.googleapis.com", + "serviceusage.googleapis.com", + "stackdriver.googleapis.com", + "storage-component.googleapis.com", + "storage.googleapis.com", + ] +} + +# this stage's bucket and service account + +module "automation-tf-bootstrap-gcs" { + source = "../../../modules/gcs" + project_id = module.automation-project.project_id + name = "iac-core-bootstrap-0" + prefix = local.prefix + versioning = true + depends_on = [module.organization] +} + +module "automation-tf-bootstrap-sa" { + source = "../../../modules/iam-service-account" + project_id = module.automation-project.project_id + name = "bootstrap-0" + description = "Terraform organization bootstrap service account." + prefix = local.prefix +} + +# resource hierarchy stage's bucket and service account + +module "automation-tf-resman-gcs" { + source = "../../../modules/gcs" + project_id = module.automation-project.project_id + name = "iac-core-resman-0" + prefix = local.prefix + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.automation-tf-resman-sa.iam_email] + } + depends_on = [module.organization] +} + +module "automation-tf-resman-sa" { + source = "../../../modules/iam-service-account" + project_id = module.automation-project.project_id + name = "resman-0" + description = "Terraform organization bootstrap service account." + prefix = local.prefix +} diff --git a/fast/stages/00-bootstrap/billing.tf b/fast/stages/00-bootstrap/billing.tf new file mode 100644 index 000000000..6f163ad2f --- /dev/null +++ b/fast/stages/00-bootstrap/billing.tf @@ -0,0 +1,102 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Billing export project and dataset. + +locals { + # used here for convenience, in organization.tf members are explicit + billing_ext_admins = [ + local.groups_iam.gcp-organization-admins, + module.automation-tf-bootstrap-sa.iam_email, + module.automation-tf-resman-sa.iam_email + ] +} + +# billing account in same org (IAM is in the organization.tf file) + +module "billing-export-project" { + source = "../../../modules/project" + count = local.billing_org ? 1 : 0 + billing_account = var.billing_account.id + name = "billing-export-0" + parent = "organizations/${var.organization.id}" + prefix = local.prefix + iam = { + "roles/owner" = [module.automation-tf-bootstrap-sa.iam_email] + } + services = [ + # "cloudresourcemanager.googleapis.com", + # "iam.googleapis.com", + # "serviceusage.googleapis.com", + "bigquery.googleapis.com", + "bigquerydatatransfer.googleapis.com", + "storage.googleapis.com" + ] +} + +module "billing-export-dataset" { + source = "../../../modules/bigquery-dataset" + count = local.billing_org ? 1 : 0 + project_id = module.billing-export-project.0.project_id + id = "billing_export" + friendly_name = "Billing export." +} + +# billing account in a different org + +module "billing-organization-ext" { + source = "../../../modules/organization" + count = local.billing_org_ext ? 1 : 0 + organization_id = "organizations/${var.billing_account.organization_id}" + iam_additive = { + "roles/billing.admin" = local.billing_ext_admins + } +} + + +resource "google_organization_iam_binding" "billing_org_ext_admin_delegated" { + # refer to organization.tf for the explanation of how this binding works + count = local.billing_org_ext ? 1 : 0 + org_id = var.billing_account.organization_id + # if the billing org does not have our custom role, user the predefined one + # role = "roles/resourcemanager.organizationAdmin" + role = "organizations/${var.billing_account.organization_id}/roles/organizationIamAdmin" + members = [module.automation-tf-resman-sa.iam_email] + condition { + title = "automation_sa_delegated_grants" + description = "Automation service account delegated grants" + expression = format( + "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])", + join(",", formatlist("'%s'", [ + "roles/billing.costsManager", + "roles/billing.user", + ] + )) + ) + } + depends_on = [module.billing-organization-ext] +} + +# standalone billing account + +resource "google_billing_account_iam_member" "billing_ext_admin" { + for_each = toset( + local.billing_ext ? local.billing_ext_admins : [] + ) + billing_account_id = var.billing_account.id + role = "roles/billing.admin" + member = each.key +} diff --git a/fast/stages/00-bootstrap/diagram.png b/fast/stages/00-bootstrap/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..932dfa8d869f3fb88a155c4d5a54e594bc4a1c4c GIT binary patch literal 42583 zcmeFZcUaTg_BRM23IUN`1f+)EMUf7M7K#v+-lZxhvo_Xh=`D31wqdv(uYp=cf{;ahVfznVWCZr?8!NDO`K`PwE z!GVl||5*txf_Hu_n*IWR;kw*aM&OhUGA!fZFyp8w+|u$iS!;nkW6*BdKQEoOF}*fH zQAJUO8vyMfw}NF51|r+9DqiTmu+?`Q#=E()dg0uNYT8@zmX=%#O+ZxNb5TRyZ}j}zGvN7u9uuTM zzL@*Lxc2KY&BRS|A;nyo&*4r&<~$@6i8!!>Ae@j%CTD9wmG$~F2jUO1=+ zY)6{W%sux1-{L=}@W0mLO8oHGgClAw*9{9RV(%KBK(+D%d;L{Qs|FxT@oT_Zl-T4j zi{rpPdsWZ~Y4ZM1w~WoO^C$HsY#h{4bK7=pdY>iquY{yq03T>)0IP|csNaUP0{y;3 z9a~q>uW{)X5(k=JBj02JACd$O3M8V*fa(ZqzfE@sn zN=K|`ym?fSM`;_B`|K&y2Z=_kcji|2!_9)RA39iO9&i(fOll5Wo2vZhnxX=urY&>T z5A2KRWXcXDXOpl?ET!b3Bsr<=VKA|1Afkt4_q~zrEMRF$+ptTD zJ=cQ}>(5XXEbv(|z+q2FFfl8x4QVdwUSXCndDcfl!de&eHz{%GkH84CsLATWpbQ8! z;x@*;7v-uh!ZjKLyFibC!~lu88zIM;$(=3&rw^ID!Zs{kn)|=AFg=Z}jl%m$9V4H^ z0wHVryxNe)=IeyD{dm2LiRfs+w`hmeFnrb;E6*DtPY!5vQB8*w(GHxr-avor3;iQ1 z?X`bx56ed_lbO93ED88v~-9k5gu6I)#zlm|$|!Kkq9Nw>}LxYkY9 zPB-1@Oc8foWB-SPIZLWcQHsuowWc)=m$3Gxcf1`+wy={F8{d0~dhXB}cOenI3P>3< zA>7f>wZ9C=B_y49bkC=;LW_Kp5tz@uc^_jun*Gm?5=bbh5fB+{?70;;p-9g4m+@d3 zr`ef!1A>Gykc_NSmM;e`-k&eED_=+iVHGDA;)(i}hR@PW_z0%99I&!pi2&w(PifxQyC z-C<$`IYtJszjyz`gcZ5aU$%(VS+tLi5HZLzOsd~$f#=fx(en;o0`O8=+%gpXe3uq{ zR`M?%rCs*4f}dl^u85Y+B)EKGXf{*&OI??Ep1Jk@B3q` zIXFC#Uy?iPZ}sd8+cM1XF8uGC=kJ-lA^Iu0*Xe8W&7~Kt=nCv04)|->Et^!8 zb^@$ZVeM9QTmQ{ukRYR4KPbu!jqc?ubtad}@VEjHg zR|0SWq|0m6&CtrC@$gH#R}`RCRIVYGi+ z*2Q>(bo-MoYNKD#JIYB7dke&*Dub;lIX;vr<$9_Z0T#mF+3}x@srT1bUi(~P!ULIE z_V%+_XtO4Wf~U0AVQ>`XZwUyjbOxm%+rxn5WG+cGsY8_h>@Z10Il3 z-d|x1YdC{Pr9bE%q-RuQ!p%xIcqN0vQXCGgQZ;$AHm9 z6YajAxJMQls$@A{@256+|M6zv6>YPfu>*DtSdDu(W!VVfPo61yrH3QV_@+4}+`t;j?@|DK_0fr7XBTe@U|e zF+gS8HzpMORdP&nisFov91Ae?VfiJ5j;huk|Gb8#_q&KeS(d=0%Xfc@~3=V^4Qoy$kBv=P=g3>cqyqn z9<2*_;bnUFbC9u=Y&Y7i?xwYq8Nn9DQ-7tZMMP9v4pRr?i(8jpVa`JR)wwHE4@7OJof(HxBhTPwmR!zO+ zk0*HTOgft~UfV4%zRw9^ixFRwGyL3k61wO3%5W%=xB1>nO$n5T^|5&+SB%(R1zua? zc4N~M=HlTU8m7Rvix+=*<`qI-3 zG3u{bU-i!WE~=*qUs*E!B}|;r`w}@f4&#r*-&IJWiEw2SCh<65AsKJA3gejFjo$V2 z=y(6+y2nfxWxm&(CbsuIZ)=Y}!};9*^h#oZX2&g&mu608q~&dmx72ph)MPO#FMC&| z+m7;dl;PCFBN1_rCMz!VWO^p)#2B@mFZfQLx6MW^*|wb@=j1R@8<5Rrmoa7@d?R_l zdX|whoxl6=>{}SK4%NrW*YjCf_=ee^vYB6S=^%|Cfvtsn!exLRjWr23(lV)kI6CpRY_FQiksbzrk>1M zXZft&IdvjR?pvTTq#244S7~1bUTP96bgT?fB;QO&MU_O3`|a7~(B4vb;W?FZH60GP zKOdAT)A+7ahq9Ed;Y{$_X*)F^@2k>c=AAgwflcVJ6!%w=^A`^_qHM-6YR9krH{D93 z^I)~3+{HbQ-`P4ZzG4_rK1}#f=UrY$$e&vBY}KmoTmU}$tp;hc z*d~$}uSx2^wc+t#>Z(G@Zn6cL;lv(Gs(odg8jZTKo(Q|HU(V^yaIisLSuc<0;%B0F zzA-iZkS_Z6a)=dBPvOEURdvi9#mD_pccuAaFBT5CBe}>f^!c6VNmv1`x~! z+2Ex}G7R;@Y-vZOLAJGP3wLxn3_aFA>2!c4eHHa*Y>XpOs}2Ju(u32D&-XPM6?_gz ziq&DY*_>l(qeqd=t!|-+^}eZ$XbxQRif15tnCJ4vK${WRJ+U5bSC?O&S}pETWn4^L zzgm@LQS(XP*D(Cd43n*!YT>)9-*udumKatVY~x78tyAbWJTQ$f;4ti;+7b=d^(S;V z?491p5`Vd??bN~ug7Z($y&xzu7ZfKecYg>A!aSd$$AS%B?4`=K%1dU+cj-e7y0(^k zK0n~}|H0b|l=b3tK=Yj5f-|N&g2|vv`hb&UCgMTATbFQ{ouSMxd?MN7T2016c|Q*C zbhU|XOim-qE|bT|**&>m#jUSQB#q@6%aT6IeE+80;Ch(sZ{v6v_i5WgLqb)OSV7M+ zXPbpHuy+~Wlij@5e#dWnb79`!44J@Py5nqJB!}?;lv}>%ZD!Pr9hF) zH$i2id=VBWrvWjcv~9^_eaqU)nweHUBPu~@*&k|T!TI#lo=TL~it^mD6*3+3roJvA z%gZ2qSR(Rv0oa@G$Enm}K9#Xg!^t{Svrhg4>coOv>n+v3#t5SXw4@U< z?fpF$D{o9@kS!$aWbf`2L@m7c`3cTB?wTdzcgeZH-rX7^s%6NXV8GSKVFy0KUUspLw5FtPCMy}=iGz+kpsWj-AB2r&4V!p0XqOAZv53XL4#14W11 z1ge^q-03PHwu*RrF;UJ7xNm=FT5Ww8ASPXDuBMXv1xt)$@CezCJyZ$6C^Pg$0kJBK zwIY000uUPuc}mO?unnq!)G!e{XA(fn+q^p^K@JNL^xw|hjYq2ivc}|GqSf|*gq8e2 zB(mKN{Hu)U3cWgH0qjqJ#OCuHw!qo%isWYxcnsu{njyBzhMNk=Ho;N$))QFHLer_@ z(W_WuG}lC*LHoe|j2Q<@x}^cJpAl4ss*nYM0twu7{;UiUz=};Jcl>=7sFPBOZ}76> zj)8wQ30T?-!IHrK8l^Jzqr3sJuN1s>Nzgt3N*Of9&Ph`Sr9Zo!0&|h$+&l@jK^fD_!|C1;g&+om;+*&(g9D|JxT~kziv4mGQt9RgLSl?x* z)hB>?#-fuEEw64w-*kTwPpeqiGs+|8YD? z;3ZM$3tUVOp0Cp(bC`5j+mfSq*oytAv7MnWzLxNf-Bs!8(qJftUoe z1K_(3WAz3;3*vySM^9|&O$|`0XHwk*2fgpWWfpt?1>X$>e4_!6v?-*Y!f}s*bF5qR zC#bZ40tCt~GtoO@^#JAL0C+SO>>CKU1%b~#qgpxlVhI?VzI{K*hK5*q<@+H^W>b=P zAu-;L7lN>M2p^|O6G9CXVTcp27>A~TX_<#eP(tTazHm?JF2t`;qrz&F)fd*d!#MdVlglUYyS9>l^hb2P1W^%k+~?ZJ@_q7 z5kqrfv&)i3iD{e3ysox($OR(m+*hxbafSi{aMvbli6}TVM*U37iu3aDwrAd_iMZ%+ zucz3Jyii%NO~5<}9#a!+31*9xsw!!Id?NgaN{{84GquhPy9OhO|9 zI&}+jna%7qN>`aOv-*0l{``!;;=#(zd*jpD0{Vrep7)-&CeL}#9A{&sTN{E6f{%xl znL=kJ>%y(3Nn~9Ovd4VZtyg@msIhP!MNnqaVvs0HcBesUYCiLH z$NOi4GKI#33!nFEE63La?k+CXdmHBasHl^^X-6`bc>RY3zZ56Aw~L8v%Unm89wzpd zNf~(ph1>czF2BsE*;eSyzr?M%=cP80wp>;}7m4RRxGN~sVRXcG{9)H8Vd-RNXsj>g zD7gFNaOXx@hkmOiS7bt}e5-dT!Z=2g^7AdoG`9KS?lU1t&Xtb-inxl(%~~0z@o$Tu zphKrWd;abYcPbUaci_g@1M>nkbIhJ4(e71`FBsVL>(<@U`^CkLq$?zXbY!+I_WG}= zB1Q$dO}}fGnTH(xY})v&aNfsT&hS~IMT5-$5W?KSo4|kiPU@?If4x(8Bo!U+slTcF zgjMIB((3W>uItF65hCl*TZL^s@uS=ef7abGQ~%Qd-&G0x!v_1I<+U}2WW12Z4+M)F zDxlAVP5mK^I|=A8*f{@arI1s{i4e#2X2BtP_x#H8o5ZzU(xW;AwFK!U33So{tcHb( z)NWS>7&*p_J+k(MvXdMX3KgvtyUH6^ipbam?uoe&_aF*8UW2iwm-s@mEYZ5CsB0zwYID?4h!%5syS}n zQl&C=Ov%4=-)1WiqMlh22BR=7u%l!QM5*cn?B8uN)Svf;*3RG1cK`CfM0`}`E~O|%-p zKXv{41)-`*JFtKIU56_Z>s)Rj5;9W*hX?wTBBzNoVQ@-WzQGo=`i$%2+z4k$^4vMmGHD+#R zWtCM{-kF+aHKn|^ubc688}r&!XKkbH+>f78;@;sl%Q{H@vz-yfa9n&KL`fkodvcgq zfE;`9kzhG{MT54+A=m9t8cm|Pg9d7b2U%>StT_#J{@&vktBA-0NQ zqHSkTlI6HXB;UVg=heXDlu|*~)w`{J%ie`nyOLv-ejzIW;9%{V0WE4uu$F*AcpE2f z4ta%Ip`+&mg4nifXs+CJN};9w=7S<_6cx9Fn?Z+FxA>?GvG?>NU>jAwihF{qj#^3U z@CiW+vgPEQ)n!XJ6aW6aVV4$VyYMsg%Td9FDD~BH#E_pjERtF2_bfp4Ff9P26U-%m zlMDl=7Z(Nn%)Um%X(xW@<_`(7mH5=e>7?HK!U^cs9HW^;{^QhzfPSMXO@+s9!^y5{ zsRGg!GtF9cRfGaoQHA}pHKg&VVfH^Uc0BGHcYGushMP-vnR`p=PjHZlfhe##V=vmpWS^sX>3Y+lUt<*M}dCd$~8P2H~1_y$n>uj zBG>tn!6`*6@VzD&IKV7on?8S6aQ~0%Jwn$#cg83ABr@Xz&M1N zIH+3}kowFpPwcz`y|bktA;m1A+kGWpo4f*B!xBdF1wo~dxp649)Z^o$ z;l=`Dk)EMjaE6d{9cg5s@iq@GdoFV}ZO5Xt?N3@iB4^K>oD6ryc=WBU;8F}VAMm}dIhvi{j;quQLd>9=KM_xx@ z_EgamB;;HoKt5>!)e_`RMBwNH&VNE;V!^G`GF|v#aq9V8qmN(}LsQ&{tArQHA{6i3 zGYrz>i!>8LV)hQ}&GuDtK@Vuf{GBip%rg^kKn-R6^h%4)R^oQr-odj?gMEdfWI3ES zxhJWnFY`CPY=5gIYd?!aV^7|nD=k&vv)mA+kjZ;l);36HaG1Igh7StE2Uwe>2R17X zv?4BqG!w((El|)Z{8s}Xbe3wljnvohfL$>`(~RK(tT3m4>y_<237(Lx22`vggu&qs z3na)^T5GDb|FWp6TBqCtu+cjIOA3SCkRI=Sb|Yg zPK8TP=+r6oSL6UZARZh7e@S&{-w*D*5B!1vWV1U!35xeEILJ3;0uZ2Nkh+L}ad_-& ztObqlhhw>M`5|&o>vdVwlwOpcHfW|ya8+Bt&9LmX_~=W(>QjJ8{ajsD-fv~htgsBR zJAN0M*e+{g5E3f9TUb`s*OZ!WC?lrxp93K6g(#2p^^OQNO?E|cC;osQQ%`8L1w9re zV8)^ZpqX0cb7>qx?gYo}M6{ICa|(!e$NQS)A+b%{S~69206xTllY06*780$Y0_|Gm zxPD-Z#*A{JVCn#1XX|L@3K)D=0g`NjNufCS{$N#$4n;|YK|}DAFG!NHPksN>YQv?$ zqBP7%dsdiMAV`u1gOxFy0cE)2^m^Sy8Fvqs>L}mdfI5wwkXlERC^!3ZFZAotXuNg{G`OjN)6>XSE zFY}05-X-l{x+v`b7-ycI@^%^b=dvqzV;s0bCMz-bJCW@-0NpYe6+J+z*in};8ZXek zEj$KI+Rd$OA-hu_AFOJ~`+qYx@HH*mosN>zd_-vW?kRK1Affr=#6TD^VF!zVeyT^X zX8{1*J&AMo% zFp$j#>fH5<**ccQ?6C_DvG!&B{zY*tZ0O8#Kj=RpIkQ?+|Jeim=;`S)a~DH8dXN0g zpRF}}AHF@%Wx;&j34yeKQ8|7c_&$T7J#*`py6s$~o0n4Lu^k50BpbSh3)4ym*=B^y z>=ZtWg6I&{_Wm+8xotlGvxeg{_k>v1QbOs~Z_FRQlC1qyXUm7MF60?UK9>uKtlT}; zEp78eK#4yk*@j&fRK5YsztE`ybhK1Kh|mp<27vrAOpkxmaYJQ(sW|k5q*ncU^d~~< ztCU?y9Ey?><)zBqjq49f03x!1@*_(f$*`mPaf9~{(UWFr80qyHPlv~EXhNg zdrMQo2#f%&2}du$niicv0_OUYk{Q_nl9TdjnJ6X1`JiUDP|JVc6|ygr+S@d88?*N# zx8{{0rENxgl^*#f8E})>z=5&^^c6@l>5B6%uFv5Mp_ihut=jX${v6Iz^RTtmtEZl% zgtci%5&plUcCHr46nA0QWMQ63zzrJn1<*rRnclvkP^MWqHr1FLUisp+lr_0A zD6z_?o_?L%rqS?GgH_iMz#GEnV`ZmDe|$WCF}B;w7CW1tYBF*(K00bySYp0S%Tpg1 z!8J-1JXEC8&IV-32!l7>g6L2b2BUNp(TOy{&Wm%X!JoaI5$8*>L3%sxJR66fbO?4| z-p+7ZEqy%~O8w)?E^c%c3jl5;`5M@TM@3_lU!hWZ_W3^T6rUIBD?YL>qma?XeRznKghcgeZYcanepU?ODRs2YZL>?<;&EREB4<~ zd~SYqrO+wS3%I8#{RyRB9WsgHV1hqK9W(c?vBJjHK}HlYqt=8x!rI7Z{b)ym*-=Fn zzI3`#lb<7#S#M2E)ew7{OH(VDrPp%|D?YrVRTBKy_<8%Ptk}i~%X_y0-gRRuW&KLk z0PD_(ZiCfSXvqP!0cLR5+m{!)SV#FvvoFQ&T>^Wjf{bAyd)5i(`uk>hmd~9ywN?V8 z_>mPnHYwGv*7x*icakRD$f5YVF9K5r_x*euGL0RpQev1OBCp6qe?qi0-0mLIA;#F` zZbs?<8dN~Y?c-Dwvz_zyRZGgg)Om9|=M~TL?mTE9c$@+fg{A@q$)I_IYtkkezA+eObo1ixQv@3$b`CAB$?Q@>>kqi2J9v<%Qw#OxI zX+zYu6C^FRpNjCN3@jCm>vEAy`9=+vA<`~(5yMif-*|P)M*HF(=f{pH#XGb(qgEQQo_<-gDHd6+hJ`nPa}9P5^u z;c5OB@K7G$z{DthIPBml$Tv2)HXbVNTtMUi*(Gpen3`11X5ycetmH;pRR`%wun|n) zWv!BjOxN>9hmCPm9u2@JyyrI&yj0uuQ57Ay7P@ zmfAXIAj{6aGfDv((Z#z;n$*G))={^W|DH?1f&Bo%iGk>^f*7P7JZGxcQq(=6#%v*t ztvu+R)DY+IPjQ}dZJI&qZEiDoNM|TWi5nH+MFuL~!>j+6C>$I)vlUay<+$p7wfSvuM$kK7A(y%5y&URgtj|5m->*KSQ4PVEuw9%^P zC1a_M{b8+c>|;TJ+mgOFq{dQWjl6YaR&Os)xnA$Xy z4bkoc5~dX^>z`Lra;%8l7W>V%vzp_JqeFBG^VjGdo9{?wYkt?E(Lenrrw>a>lp&N( z;_@Y3PECH~+pVvlr?Y64p;Q(|uH4Ud+`%3@THI!Qr!MP z_Z-_i5nNmohS9Q`?E*F@KbOwM6wHl(DMIL!?5_Tjmlv~98Aml;qwrlA!yB(Z_7&Hq zG@E|Ge74_kr+3&Z-)I8CZz%dJQQ&cMG12qZ8*F1&hL2?C-j}lIl%UkSUAiqFNl zZI>T<=R{8BsGH4~offzT2NGI8C7$gJ!>`3Baxs2)eRD}S;ozeh%zh>{l<-1P(cBOH zTRux{!q-2EMX?ypUj~JvM^{8C9G4TIDU#w6_Vh5VH~`=C8{4hx)H=|Yem&m5)h|A} z-RMO2on(**Bd~X7TfLUty3`O{XRJ`?_2amFNu6L0e@Rj8$$;kt;c8oaY`c@0z#amt z$Bv3F;9Bmev3e?A4}`(g$V4vw;>JV!n3>?)23}gkM|!gG*qs<5bnSLluB0_wkPg-q};! z_<47$E0prHgW7W&RQEI^RZEbZZ*ri;B6Mq*P5#+9?T0)P}|P*hkhlVdL1L zTPDL4bx0Z3N!$*`Jt+X!9A?7Y0E^Kr6u$@#-cNzu(A#t;{lq@vaWejd+zA3Ew?Vee?bqeaDK2 ze3J&aVcXombOIRgQ3`$nhWfmx_AqTtOc5B$gb28nxI#J&Oe_=K+$uwPnT3J)d1EUb zzeNui)&tijq#oHb!o z7 z1q~9$;k^DE43GeHAo6-35)NRJOZv5g9(M|}C?xBGp_yRxV!bB3LK;3xiUnBGdG7L` z=YM<{R+Blvj5`knU*s4Gu{2P9fudjPOM=hd1go_vW}dR+20@<^*1nko_eqSfvEzue z3J-3Eoy~Q4pf3cg2V)+SU$-n)O96;cm(8sP$1Mly@@7w1!v`}5KwZKp>LskjjD^Kr zWyYNX=H?*ZAE?s)6)5g!43nXwG@!MsuFned1oQTjyz!Q@{|xGmVTT=Lg4b|h<6s94 z^afz$_>W$(w;oDu`p8wyhx2>9`>KZCjr|BMKO!5rJE4^?L5PGC}~wrRfSvmw}s zgY>-=B*X+b;hriSppL)i*#>t3tuhi8NjXRzNQ+aUDd2uZ6Iki%RoS}fe@y@P0C60; z8+tJj@4@O<2j^FOgM0xu$67BGwtwkdd^XVci<*MgP!hKimE4^VrjD6$1+lVWiCn`2 z!(ukDFMh}C1~W3}heO_Vv1_#08*cSkKnCk%mdBtGD24T(<;^M=P-ih>8AUQr5CbBP zz}dY;%GRg=k=NLKL#4SF3hpOZ0L~eSxS9Z1G^+wOtr?n}#ftmStTQ10=OP*KlYi7H z_itB0m~r>9k^QE-y*MEM58#Mw4}pFz(a)=WGErqEU@x7aj=iIIhCS>2b$ty~IKN*R zSRF(9&A}GHGJn5Lz!da)tXOp__|l)3C|1DGlx{F@0eJiSb@1mp9^g=QcG`O*{tJ})PYOxB#g_Lu{1YZxePwRUY^>!T{v+EaB>s731M3>=o5#Y0sNd& zJMX0e8EIp+OGrbn2I&0pC_o1vn1ME|^ujKT0}77& zf3bfV8(N&4#;;@d?1=^D9WP`&XK@+JL$zxRla1xD!0;Nzb4k5rMlt^mRqxl#qiGEx!Up5-wO z)7HkG3MX~&iNKg9c$*754R_t|{cY?5b=aE?b#qqVupIs~bOU5R4(7%jNOV(Fv5)Bh z@foUod|L&O4)Nx*qg8xcv6IctO3$r1vKuRjj%6=1o!?%0CUn1}!gPJQh2H;k)l}Kx z5R`0(WNqFH$-0{>#pR3d*%s8KCsIdQ+!h+gY2LDX8;RY2xe!t5M_GxBLpiZ|u`-iNO=iP7z)TDkM;0GfajL0uv5!WO zudqA6dJ%lL@bH394R^QNKJBsjT9iha;8#&z{3t=t%4j5bklfoLd#n>Eu?i39qlokN zuhCxadmY1%l~WYXl5bP*hXx9sq=s8#+= zm$OX370=4_qty?IFl^Szrlg5jVX5(!gI91XP3v4D+uu;vWzB z+bfO9?PS(hu>*NtO@)_0GQ?Z!~CjV4|bBQRjt>}k>P-xr<(5g5`<-*3ESZl}`D14L7d ztYRQ{q5%T`8A+oHCL+sqO}rHCmgl;oj7Q8x6M@qbLYh1_l;GsIzz_*lcjYCZgH%$$ zX@VT!)Hnc8`XfX%G*bo5J39E3$WZa$mGFDO6aG(_B6s2dvK5){(24&Ye1MGqOe+GK zCn{(X_9Ky>YhXAC-2^sjOfJZnGyhvG|AWwPg7#y#bppr>T%*)@R?gVz(#(A@>G^-Z zb-`&p>@2CupEQP@5_OvPP|2-Fte44cy?w0PJZ|v!RU4iJzA)$)MPPSLbKO)}ZU2u8 zm;EobO=X1n8Cy_U?b2)9vTbJ9G&xmca^rgJuGz+yPx&g*ceIotKW$yfO4k{Ym|9K~ z1r2K!kb=Y>s9%cDof{am`W3m;DuQ_LHFL!|PKP#apNPSE?cUQl}QsGBX0 z^NjWcQauVe{j{-q+sqKZO?^r;{YHIAI}1e-8PV}<|Mex`*Oyf4s@0*^(WMCE0IwW` z@k_G`x(#f;sFBtkB(8$1a*T845f-h`zB}hAy0>uXfzIhoZcLfC1eu50`cyti> z!d1#kqTRpgBOun`t$`2b2IQNU!56Tt1+j48x3}Jy-9zR+1#DOa4-_HWZ-IYZCcKz2 z_nSTot_XO``hhS%%oE${ldQDVWKaOXCD*Ki8;(-KwxK($wc)eBcd+%FejLEBDQ!h+ zo~1yWv2)5I)|-B@Y7Bog{( zH-FY57sBR`Q0k8f=-;C6`Yjj)#0q=ejLlw05%Om@|GTPXzrmgyn4tPV@dX|W7Y3!$ zE$s3TNIQSa;t>TjK}GJTuOe>XeP-J0@o6fhAWvf<4*Fyexs-`7V=rXfsTa28i7@k^ zL9Ba|PH%HO&zO;O8fzkO_duvzdU&Dm8^LI!Qdf`Wt;cWQ(58zsy-V3be!6)J7DA-k zLCFs4(bT7L7c9w8i7;r>B-!*>Wbf1}nV$_CqI8Pv$BNXZl|i&Ze3_$?d52b)4a3ue z_g+ZRSmnmD0Mn}e>(7DBK-TkYLkEsCOqE^x-!|{~nJ*f3*}R``HeJNFLPR#77poPJ zO*fK#(mW@QzwO98+DN48gQF@zT)1*}eoaunG~pbA`=ayC3j+>TVGDtySV^j&>cv~I z#}}G@=+X8fF`_sTDo@Ff`J`X#skQAG6)pRfg7?;OLoZ?qi}rHT=cjccxP_5{t}p0b zIVTET_m;UBBT2OtWNnuNYyNv)pmalZP4o{A3=j=nt;mK<90A4tN+-DP_Gz&;4 zw=UbBZ;=+6_&@?$8JUxLiuBk?6^e@Jg2DvkH@KHrh21#XOIZ{v`H~_K#^I#?rs3!W zBy)|gi0!$%p!upP!YP-=Hh#aA?h>oSQL5^aiFPw5_g}6EdP27Ffii7RtBe|gvY2(7vC$7KvW$|paZ%43S^A-i)=uzN?URyeKn$l>0?q!-?ij4WzY^rKcxR4KKbF?rs z_Aa$3nl5yyGsn`~9i(n*$Irl~_ak?L8|gUK{(GW#g+)$KdWVEW*~R7aVTssDxD z{WHk7^^Co9#lAsahVBnv-+Q{3mw4!M6~v87ljA8FOUYZ5eu!!J|u; z(+z^EWA6&Tth+?z-3)$;pa;+1d4D=*-;`&nrF`hvW9aZ&I_J&D)33Q+VmU}Lcseo_ z{nB&>T~s@S$DMILdTe6x5mjNmhQHb0keVlZHx><1r!StX?hiOxx$FIX;{X>>N8;LvK=XUg*7_?doabt%-YCh-^bZSBg(X_0!triBAtf|C3pjg(K$ z`ue?Q47XkaY$AL4`pOx&7{_=d$hGyRs)j2B$HZ1Y^gP>5*nNz_HCH1|FO})}oP1OO zX>2jS1Za{yA3o&CV+a~MIL^siWFi@FvpJHkg0Vlfd7Fi9vhgKbuXM)uRPH3y;ZvOt z+CejKoIdYi32A)bde+zLHRFO^mHEZ+&9Uc)DNM{C8eRu~=9-MxBTPCiXAy9^)^6zL zvQ>SkdtWzHeKmRPEjm{4UgZN@*ua*T4t97Q{pM$ni9V3iIYGemqag9e@OzLrmzTBj zPsk$z7n;BLP(DiYXK!SS?i^9wJF>lyqo4iu>ArN6nU}f{z~Iu^ItW0;r^MC3OAK1# zTdD=aCm-!lyOVVH{C{fCfcsqGfenZqpZEb@q0cSGMDRq%fzZp67vEJoq zRr8XDa$vi-@+&c({bsxRQoq|^2FmVx^nTOPR@evEv4KvG7DPkhe8Kajnple;AM)bt zY4NOTyk(OW9&9}7GI>JiR{T>ww;E5fs9%qZYBJ@xmN{bDvk0WpD)3-`ocQAaA5 z&0r_@7R#lEb;oiK>sBMv_wi|%qDG&=K+yQms-rO0CT2g~wh*^rX1tRSxO3*!^TN67 z()4lnQzW6A@F-tj-miW0_x?uFKi<}c>J(aTGw4-7TMA0MKCF4k!L19~CwZUFcu{zs z+&O98Ads5z;Y$cWPB+gjQP67}`CLO8S{2f9^!+s*(5nolBO+3AP6UIksNVHb#hA}l zSpASbmFgv=>bTF=fX3h|+-wOrm_KjNdbe<3Gf#%ZM|kaAga8Qo_B;`1QFw@WB^}HNqoaE47+t7TZwZ%SotVpa1el23WdEZ#|qIbDT>Fe#j-z2tiYv?FSw3m?r3r%DD99__SX(xU5=Gq4D9LJEfvi(P#9xke z295>oVa)u;t=mSK`)W})u;+dDg|fCKol$8Y5>j=R4?@ASeuF} z4tR;mU|%f%HPBXnS=&wr7efh&c82y4Ghg>RZzd;gd;dpgQ& zo|O4!;z2Q=YTG_@ycWE`qcA`y;SKerw=r@yUzLaN`O=Nt+Ho}ZEV$jhp@aY7zS)$! zOIBe2AQBTw!kHds{dn zKeOa?$XhA1!8tSTzhN_Yypcr`C%z%Cjh@}~YHM1&REWDH7&$&l_+_`I!)xX(nKGu1 z>{09UV$t$92R&^e<8KTxz9Pg_2Zrw}Iv~i4J|}%YLWk0__vck+xd)HyE^A<65*HdqRr{V79_O;7#4?2JNkSq_mw8b-CHS30A0~ao zpV(>Ks5SotI*X~X_?53E+qm#4FMNFa(s}w?ayk5_unrc-KjeC7|HDoF%h6RWPE$0w zIrn*q8q&TFDZ#_NIGwVBOXKY10Oby8k3;OfF4X?h-n9^!b=q=;=`?RkwsP4 z&soG=Z?n%*wO87jAyN&PP1WS)8@Ekh?`^ zH}Hm9_iLOVF1$O7d(-=7{NrQ(C$<_FlTHdee$*0o1srGVZuX^g?1lxlzo7`Ij#0O; z_x&~$*}?uq_Cm3CswN@z3rh8*?`P*fS zU#A0z{`ld$RG_5(ix@u4IA?K&8XwZ(#rA+4hEir{ZDuSqdZ$X;wL`Md5kB?DHap^a z@mC#XcvAhZ?Nw6wQE&coc?W!X{pC5^^ZpzTa-_*WY9w;;DQ4469x*S-s^25C$-J?C zBh|C?s;xk+(>7`lS*`~~=TWZK`Te&MRpRUzPOVGjceoe8;v)P~{?*qaUU(^NdC)jL zdH$I5wZlWkVTqI1h8Y%wp>qMh%RqnUF=~d9-^`t{Tn|0D4vnF&ty65k4bbQrX(A_6 zb(rRnC|S0%QH{4U4t2;DcjgUO7{Xw#v$(7#T5m;BeoC=Ouwl=q-{6Y28 zjq(2F&puwMSxCJhHJ6fyj8JGC|Yp;*v^ggo{UV!lB1r)b6gif?NruG&E`DYxFWivqm(g zxzG7mK~2#7ca?|DWD_2#ih82{(w1~rHJ>BO=A5$7a)NZ7SFX>9?-HXBDO^*Uug&&* zWfGBksceqq8&-ooXkQ1-AxqR`VW(ZQ`|niI0f+g}*&=lGw6d&rGy?egW3*q>zL1i` zl=@VVMH>n7e7C*l$};2Ms%Y5T*276p_3r6cBDx{kR0}bPJCE+`pX<$^Pky(uONpSChz`mYJw`@mRdsrMDC_(>HlJODPPSHLk^$ z$GArFtS6&xn|>6{*Ig2*h5`^y?`&{EMdNS>D}SqR?)Hu$*SW97aL7Bb4`6KDv!9G% zI3*(~*ZURqtJn!c@Z*{y?RNdu7W;9sJg^>$W6hWRgL@=$IJNt6Qj2#y^G>;Ls3`k% z7QZWRTnRtTz_>8`;S+>Qv_0t89wY~4OvMk;wbmQI&}cVAYVa!R5bodJM&6;@QQ*KRdVOZ6;| z&rtLh6JzvVPg?2V3#B7wfkHfKQls9Rr@uxQU|MU*$uK+y;dgBh%VRJn&Zc4|N$bJ( zFHGF?Rn&dbEcW1*Z5>p-IV?TLH@{Z~swcd|bRz-$kewo-jEyPDru(&Cq9oUev!CIm z;{h4`*u#*%tkul+coMqnN4Z$LZOQ4#?J1o>;D3gCx7f;ZT=Sa zu#C2E{HCc{*e*EM`o>Z%kM8)c_zb@6D#p*YX)Pfh>6X%J7$M5l`FI~X6Qjqsf$U6( zSk!ofnz$FzRjn^OssS}+gFG*aG$VBCdI3w{p|J8h(D*WR@&{bI-(GDiD;;)AW6>2#cw#|GE#tKu2aXe-EZq{dt7<3a%JzVzhm8qAAV7YXU3FoYBMe1=C9u|GqYkl@iY!wqz zh0aDs@Ool9TCM#P>o?l30|tQnp8l)G*7U`iTAODNiONu5+ow0AuMSNW*aXLhT|MGX zxcOAApndmoDg{D(d!RMzI94HtLTdP(alD$&fgGGn6 zByj&8*vCQ0gI}`vJ}DqrFArx5yg=X(4$u>GRLKETkXceI0nT(+C;J#5R&7LOIk`6` zPrVOHs8C#eg8L1vP4YeZ8#*3an~2k#<~xX?NWPJq1!A_Qf0&Yj$&x9S%X?<5+SAjm z?l@dgzdx`=LzWvePbO}3z5IL3{xNA8qnY{KwJ8mWn(M9Q9^x>jhJ$dTjfldQU;rY9 zdr5y=y0*V(hQ03*qg?(jc%0!6Y8tEb=r~F!uB_j+_J3Jd`5`DQ;oLIQ3%lXiBX0$p zdSj-=-Z7qqQ60-=wQ_5dXflBFOHUoXlnQq1Tb0hMQ~vDgRW;&enRHnsWgGCx2`ebO zfR4QQdKrE>X%P9v!3QWA(>u)CC~yp9Uu?l8vfqymeZ%umyy-lq4*2%Pt1~3_s$Nhf?nei-j2o|k85gxf5jE>wS%h=SCA8r-Ee6lTX26pI4(?*!477=b;=_FRah zt>RM5;JhmxyQX?Dw-dqy*Eeowq)WsN-`T%ShN_DbT zv33u^y^1wy)wcj#H+kkC$x4f%X<9X)B-oJzb-5~UD3WfE3Ne1eaV9TpJgJZH)4~GC z6SCe;h5M89#@YMjAbgkNfz+JZ(iatFS%bUvgo#^fDR$mh2)*SC`reVKq{-#g@^kB! zi8*Larjt6axc0%Xw}vV+FlWoJGS*a?-d{#7WVQdqBT2IzLowzf69!ob^yAesyvU(Y zNlL;is;E@K-b!PP-?F6X8%D#0I}w=YOfbf zT=Yq?W0QuX<(Iy?j7aoP$wLTj!VK!$$)MT!5fJaA`I47-9*eu+c*!Dse!}I$B)P1D z^l%*wNaaw}Q|;(sme5~b^JIyJ9Sp#c!4=!w4olacWwBj<0C9rKE@n!zZ@|ye<$k#T zzkF$`$EP-_O0iiS9YK~oISp$`Duuab=QlFu>Aqy&&LowJa=U@O0vN`XHUshc)x(SR zIeQe?2GqxkeJPOUk}6cO&=dM$2`=Z2WL5u^dML>*tiqw4zb0!zDZ9~kDw*wSsy(p8 zGy*r1F*wCyhM8eV&`w6|3Tx$ft^}pAY6!<_+v+c;xfP6>NHHg#<4@tPjd01*^50{jD{6$;t)kvLV-k0schG;D>jy{QrAHK{Wdof z8Kvv7y|U)Ij8E8!4Vkfyj|N=bbRy)}9jRQ!kgNPMMff{z=#+Q9+t@_Zi|i2A4l)-Is>F8^m&eH z1l78G6C8nXt?EDF+KtzT!`{Dj$2o;?4xGGS4Y_{rAFYkv|ElOyvi+Q$;4=}TggPRs z`@sb!$wbW_`g~rNWVY0(h${Blo6yB4%IIC`nz-loYG?M>DFtYi%21Ce3=vge%P8h6 zag}N}D^LcFPezsjQE=7z&r-4AG2BS|84lPmDk3D*~A-^%_m7)&@ELUv#%b=H~WbND54Q|VJ_ho)UFRi}LiwsmsQazt-b0lX? z>?i#?P!oeFpZ#94-|(xzF`RyhXb+WYo+g1 z$4_hkv3M=r^=zy@ZWagjOS2v=KfcSb@}lI`>@zK)`XRXE@t|S0;BhKVCXv>%AbcV11_ zn-c;SyiD_$lf)&d={R6BSrN+eZ;a1&bPeM6^uy=0Rkk>2IY$>7qlxA64xMzpfdm0o4>dv>;%5n%8EdFV0T#c`i#DTvL-AQXpJjSnI zyODgzcC}a-nB5Z%@T#a=*C?^|!=1mYqsvgDjd-{gQ+S+|`>8B_ctwN2V0b`x?Mn-_ zy!Pd7c{&WaYaKn*?~Xvja&cI=k1M8Mf=q8LjV4{I?Y>dJZO0mgW9JuHmR+jxmh7_z z%?TxZNPMFw_G|Zz&^nd&axHbL=klM7M^Q2bTu{*IBcw-+)ZQt}?|KL@nPJ`4=W0rg*Mz$$S9pir`}$9R^D`7JDHg)qJ;z{w z$z{W(CXeiq7&7`_Bu9QgCeteZa;HseYUuBAd;Tk)G*jJ_@(Lwv)E@ zvrgXjA)e498iAAGieS}#pgm;zXeV$h?v&Wr8c7FB6B#CW{|m@13Vb;c{?Y%s&8rvf zx#WzKA^P9MBn|*cca?~qk$(Aq z;AN{q3vKG3h z&^*`Ixe__vc{LYRU~hATN^iLbx&1+KLc*(7mevawlI_K!7 z*Cx9Bl$vR5SwR!RE-aCn#NToyvNYR3&6weVh$m?CwK3Jy+K0$W@6@yG8>52NZPw#G z`f|^&&4Mqx=*q&;3WnJkUOT@+F%I_H9|)ejjro2*HiocwkGQ=zK0H^>Da(Gv+J1i+ z8bRw<#ueQ3H~|cQUzIL<@=O(yi$@;(AAx z_cLA2NXv%U8R-bFm#$(7&g?Dpss{7HiLvkZ|6!7yq5*}e5*Pd>(_O>|EPjzYM>f5mEPN#46M>)4>>pn0#7)MmD?Kn>9WDI?md$@+6n>BB5od4A{jF+n z_|hTT!=&YAgFfZkK)iL>--q^xSqL{aa6nf#**(K|!?zUwA4e(2R5m|XL3hAUD93H`r zDu*yX^lbdXPYcZ$!8@cLq8z+y6*W1cv&9)~5Wj%p4b9&*GDD_3htYue=6 zY5Z2Mbp_#CUSdB!$Zv{0q+TVmJ@9N?#Ak|s8{ONKr@62t{PR&W__uef&7pEPuHsx> z6xTY#+Rem>;7N0o?^ZE-Q@&r>P9~$LFn6--fi8oBguNTOf!=wbX8CWuyUqz*KQ!4i z*Ov45V&@UXGJiikiNtd5#y2p*;j4+Hy=KW{hYGPuJaSY4yT4|OFX~S|c|}GJJ5QE+J-OZb zUQW6lcT;8?OG(T+$Bo#@9A16yjab;s(leSK>PDUlv(Y%68Gf9R$fp5@h z6w4u0vfOu%?nk}ia6u=I@!KNnJ!e8Whs9I|Q*nEwyPcDYG`HE_VL_B>bD0oD+-R7v z=`ansj|%iKlbqUiehPny)SZ_tiH zS0bM!0|q!*#k@QGSyiO6__}s)l$uWIx8iAyE;L=zAsJ1^ zjJkJQ--avl4-agzRoh<^DUE3m=#X3v(cQ-csmX@=;Xb(% z;yqk`#W8^rl_5kr;!o>u2|%`dn&i{?J7@>1Z?zE@<%7P7|8ilZ4!T&r?GoqnJ4b>w zjP%Q!`c+PIe;s;_LoL$nncjA?@8bSGYk^!T4{fLj`K;P6=DX(9?Z9Bc7c%iTUiVd0 z=I`8$Na?K`2Yk96t->5%GZ~2aczs=#D}N2vD*9Y;U8wlfSKH2xf1lYdHc*E8bwY&) zF3`37&b&gNw8x>)*ZN7=#&NplDEHv)0rWBt_EpJ&qE`q{S-*OUEtYS0A%C5Ov)0|% z?F&(PSp1^oVhIH+%Dk{utT3c0Fw&~#geUx0tcA`h$+S=>w-ELpQ1n5tE(CVx9yITW zCV`tHR<4`Has58LDt^xPuU%65UaoNH3#c`Zb}ComM(Uaf+zawLR|LOzUuhBC1Rx{2w-7 z-Oe7Dqd+J34>q{!MyNJtK<8t(xs((ypj01~X3!F*JIjmv9oPfW1byP%%P+U@u@*V7|rNsbCrVhugK>|BxQ3)kzDnOTx-y`Ty9c2_C9vo2Xx z$#Zq}XGHCIm^Zv9?ES`ic`y?}gd_XZi7Z2`T3;3DhPg^+()`&uNq7dK;Y30!o0k$Hp;U2OR?m52;{L!Q~StI_DFy;~hbaqmp0_;6iKf*c}e z)|4NYNIy>ttQZuG{p2E}3R^Bk1vh&@RnXW5iqW9yS^B-dX|i0;!RtJHB#IuF;O5H< zM{N8-c5UaudXjdYja(9zDKY$J#pzl?P3@^teV5Mahj5g1<@-73!&ukyh6$}#a4nPl z&x9ZGYf0aKOKI+EFh-OTqtw+iVI?@gALaSNS{g?1EsQTi7N6B2R0F1uad4WtDU^)F zhgR)EioB4E{o2{ZE1KHMJ>aBp%D^oSnbt%fVfFn({2aN=lU?S*!kP8e@@_U>TM+MW zET8R�p0B0Sg}RnZKNt5SPJf~{W5LM8Z)&U; zMM1~4WrpAv^;-p(T|#*KN0j7Wh+bJp2VqX~9!4 z#SM!ZYz_JduUcP; zxG0UEY7a03a3L&vrcZ>uKSI^gUe7I^-c8%tK&YAjwz0YK`(zO9M)C(Av8zR}4?&}z zpH1*GCJe9C$ne2Fv*ohAc75LMvVz6${DARH`aa&JBWp(jxi$fH zEIYHPVlv(nwY6-ZzNb9h^(x5RGHi-bVSde>ss_cXTu#F^-AALXZDY5L`VO_f$-P&s z?2xd|hdO;z7GmUkvPP znRB};1m~ccMB+ONfuLW|+7BrfvE#cI+9=$%vMPXVY2a74U3Tk}`Nceix~XNH<3jj5 zg`Is`5b`@@Rg=n@o4TYVwHHpd`t)C18di((dtR08AMdj_4u;f~COVXGUSBohp65<# z?t2&7_&0S_LN?jkEv7Jjb&7dKhTrgyBKG^ zv`j&KhL|K-<>^~{{AKXHlcV3QjuXx<9?1>GQP+%s@h+BA_^Ph;Q&*CN_=mQsMd37E z1hfy=T|LK5!$ez%mu-7Ir6y#}I4iSCPB?9@uM4%vulHkGnv`oM#9+|k#dT|%CtdU* zWFZ--xex=v=+9-aSS#AKPH)*CE}Zg*#;f~x7Q0`heS8ZY zC~9+w)ztFrr5SG4CGOYhaQ?k&4UF{AhQ$U&o=kvbG<;_22 zfiNJ53i~R9DtfZo^5dAWTJ=~D703w_C<{+nukv?1YnF|F`7}la?N2 zuiTlU5<=o{TK=HJGJ^kq;Q!}I9W~YW4yRL`f#n4Q>X*tSozD-3^;Lw>MWVH1b=s8Y z6__n6(Fg$6TbUPuRw#3Hu!NcU=c{hCdK?;M)O%)x=n)beL4nV4rrf)pJdimJIs*_Y zT_LdSzlI0o_;eAGE~T+I90fm->*&FjT$U6AtdHcPFHA{8(g5&u|4W_?`V)>`^gsom z?>_SIZrqUnydmJpBEPGF_}qcD;i^k1K&K|Y`Se;m?dNAgD;zxs`y~jF6p;QlM{jS? z|7)#l-Lj6T*ajx-Nrxz!=A_M)e#%$f8$0uTZGAuvZfUM(3jQ&a@-lW%NnVbQy7<%5 z&>K%+tuSHZ`;#Rq>;Q92t151NK#c^H!4)3t_<*^OpL!sLe<+#3aiAs8RJAkUkU|*y zY$yLaS#aNOFXP6jSbU5+6(}R%P1=7tT0LlFb7>_4I+Fh?R*(n$2*HMq3UM(TKGfDV zx%cQ<(Mm(Bo{1dT#8dpzA0RSKWNcC>uC4o*LwFR><=*kQo%UeJp=jFd#0aJ zKtA)6C{~dR|Nb)qC5?Jk8n6gg_$)7;oA)4JHp;*Jw znuKvPffW;mh!fOj`YDS6ER)YuO$T{arqY_`b9+E{*2u8It=>23Of<^rtUp?o_2M2^ z`&*B`=V9*dhDJR(ys_xZ$HzKbg7kw#OZ82M*M57SVgbwtl%%$LE2#*K5d`WN@H?O?Va*^#Zytq9A!G@XRUd zR0%<)%}5vEX?;hr3gTzNp+V<=(b);lBIZ_m#H^WSBw#Bk^@W%9zotobRk#9+KWKKg znBO8Hxv+*0TJ6aK-=#I-=Wc%ite#AJgiaS4@PTExz(Z%&sIWn2c^tkhufdF*gTqXW zTX)w%GH@nuy=N9s6)=`D(_7W`XyGeKb8D-90;eHIu~s>CIa-;=JGFPgz zJf{&IF^|RF%EJ+6(OZmlJ5ymCAaV&)sxeNW;cAgn_djnnpkdsIJ8f_T?8ta%WPuzJr|%IZeK@5_&SlV$ZgVt)3_Q;(UVPX z)?1sG)sl~D_h$&0%pSu*0-Gu!GhoGYdW=+Zask1-g?R2SeQ&90Wumg>(oshRFS{-K z`IIQ;>-kL zWUF~S4(r&SYmSR^zu)M)5>@gyAaRR~ZT?~Abi3Xm#zqeExvh4qvF{{U?&#)X)KvfCTJmx)`@7!D| zJD`sH=~-6*ZWLFUnldlw)%0@-Yz7eW!09ifZyzzRe#L&g-32~?o*$8)Kvcdjgk$Gditoew$yf#3ngQEQ_6V5a&u(!+pV?DOu?_YEsFXyEb`y1^1yzR$Dmd- zdzH4+F{nou*Tk1+`%;sKWRpg()81Ik6lKSfg#O29bWa?v{!tavZ}fxvpUwdEUMY%& zqdHIMqCYupqs?qp6LReoqDw%%t`z41s5IkPwQ^eX2L~z)W85Fl-2sGwDJcrnK;xTj zaLC1k$zm`&cm`{T2Nr-h12f`u#~RItQ;JBuUIOxLx1QQwUk4Cz%Fb^}jP}1oOczDH z?U6ER_6F=91K7mj%h+y2Iw~P_HCxQuLAC7;^GPO(J`N#lFHHoh>+5bDgW#i?rAg}o z6rIeNw{Q1ZkiwxwWt!`vE-|nXM$o&Qn6YBS=NhmV_eZ-%%A)buh&dIlmiK_B*J1yC zaA!FCu=9fuY)y4|S^r%~WI&Uu#6|UxxbDH1{bauVS<$xp1W(r|JWtZfeyUChus9U> zunFM`>ptlK(onjGF1lQk@wYjkh<8!dq>P(&hNt+jK6Ki!Z>Sw*qHGdwiybZ)f)%}B zWZu>ITI#It)`*QKurJpy{CUfeEsN^Ore{bO;^+P-cUG(8Jl`$wx>9?HEz{*Sok*LM zl$0Y-vN6RI5lRqh9PwdFw4^qzs4hXVi!IH+35FeXv|pN4a;Ljqj<|mES!&sFx-fy9 z&|vuF*-94gins9J0n^Q0?kO=w24sYv8air_mgIfmJ`&CEMr^j-`7^h7HQP@4XNe#e zbG?DiD=_j=#R;x4mcL<;RR=XlkMvM5Jq}txgk_MN25r)dJ?sMd3-)U1Q=M$rvpoRH|$EkdX6$XAtR zLyDAj&q>AY%}#z+cuV_bseLjhbrHe9_a^!`AIhb4UeuRPXR|fnZ8Fy@H%#wB0D-=m z({k6h2E1CkVONV%WI#*lQ)C%%GcqtIN*SD?#^|GmalfmKsJ=bHPGI<5VErY2Rdys= zk%nla6*(5-Y1Q19(*5bSiQK&KVv)76zJ7YaNk@tqc8)FJebl(kU|Ws;;_sCM zg7^aZNe_wVm1s6%NFU8KasuLb1NzglC%eeM8;f=&$ZX+$?&lNGzVD|W_~Yr$d2@=hz1;$=q23xW-c2#-23S6txAdZdQdI>Ea7wYpW zWfY`)gR;utxkvX$NzOJ_YoD6{ko4LkwINR3XJ(wtC{c_BoFzLEaI;Ggz=j(^ZrJ~E zShoM}X1fxWbhguvc=kq8nKJ|RJ^WyiEE1$q02AOfMR7fS0|H$5O+3uzOO&}u(01OfO@2u0q}9IAr+r#0?@ zueUP>@H8YVM*Hsx;9oF+L&~SC{yw(=ykW`z)f>iyxg0rqfBxUb-O0xDK(4wO2FQ^D zT1*p-%_~xWj+mPMwRORDr2zY2UBhFoWAW@)?g_aGig6hI=cj)&Sv7tmu=vsZv|-Et z4K;>md31{8fG;3~vK|Vzl=A^|sQ)Njo#67H4=E$nIc)wPxd2Xy>+4AWd5qT(#s!al zUcCRi6Cuf>ri@+~d#zJ%u9L0@iONN)RWs^}W& z19PifV;xw+r$6Ly{jr}d6M zU(*;&Zn~(`{%>NFvGBs*>YnFh^j*sDcx@aOumK`rh6&ft-t{eU{-lp~K#0b|GL`}` zj$ZYm&b~iD33Rr1)dfiZk(f^u!QDAXh|de5ZDhXuKVEy*t>!dYNdH?z?b3n7jP#;*T&?4wn8 zaUqD1DVmdLGsq2JmV46tyGx^VRtC5L%=Ck(s>;zg>J8zhi}iPNa{_3G3KovV`Ptc( z*r$TUUNL|N#pZnQ@+(*on%hqok$;^TUGJm88f`Qk=|eUbHi7D@h6(LK#O`;s*KZb= z-u@TmK}T~s^If*oVgD%e@r?>){3PS3{c1*6QHVaI*IxVW=)~%|L|bb=+NxHg#H)M55N6>)9PL0CQc%``ZcsGPnC)#Q~kH2OfM;+{NZo4 za2G@?zM_X#_{N!&GHxmKxrff!oYA*~mShzM!6kd6siHZo&-eyZVo~D=` zfYfPguxxH-<+;6%y!%b(Fk#gGx`&UTW3k3?SMi#M3{=wF@rm+*nhc$Py2}I~CN>f3e^e^dg~?QBJ0LblwND0J!Z}$WQwVvpmc=<;IZZmJ+7rB%}NyfV|7X7+QM+&QlOrid*33r|-1CP*$Ev2Zz zQ=auIQ>D*M!X~Qb58BnWRD%5* zO{S+!ZumHI@Mmv$=jGR42GdhY-=ejKG6R6D5B@2x?RSp@lvV|xH~vDY{2Qctp=amy z=T)|b<2c7BsVm7DqI?{zB!4%n)MB|y12O|1torsD0gE+F14Wm?@i4JaSz6GK0{{fG z(d?WKr@RS?N&!Teu2499mx@cUjFE$JSg|kV1E!9cI72dTuXwMM88G90WLOP6{!)2~ zI1MQqeXlE*4v6{&d5$;o?8lN&Ci)xtzQ5wq5nweYA9ePEx;?E0N;mF4V008kO@kLW=^CbV?A zChtrB^xaJ|mrm`w*A^Mk(I)u>CAp%i)`r4JE+-(xW<$8|AZ4)@EesUF4+}A5?;Bm} zlYi<%A){Bi3lI7vXz}S!cVJpdX8xz>uoZ$qod#>>G__=6K%A6;Df8v_3lStsf`xMyWn3Gv!ax&LbM&JL8r`_|1;6I;2tWpCLpN zsG)B;?bE5Z0Ui#?@S^v^%Pq)=g2L5x*nyb#JJFdbPPHp|uTnklZ+a>oDG9r$$r^?J zF}=fl9zW98V03iYWfeSAkn?RniWd*@Nx}2XGTr6o!CB0ZA5LU3-!V1zi>H@%j|D6bpFg-JArX+Av z-1IHn6jc%vrfqpaL*aC`L2-MU^wmAz{&V85bqfZTr8_$&>%MyG{(ik??0mUzs>27N z{o9=Ou{vs&3WDw}&-R=Qx;!#??VI6*x);0Evq@;Jx}}S?=tj;th5^58SKi)O&KykE zvr3Q$K!Aq~t$$Ls$H=up%#|6geiCk{k$Yp@<{{@6CBDQdO`zE!P65*^sxP3#Ge}1oacPRecC6>ajC#vi5Dwj z9=GFzji)~OTA9&t${Fcwx1UHHw5F813LD}gqC9UVTNa)c2y#ebOuW_{&o{sB+N{r8 z72}hY1E??%+meoi_ZN&RrlRx5%Pso|S$GyzjuooYfxQkdTkrs}wZ?~C*1@%<9M*ss z*v==_qlkr&_#_9k<47b7Q*Lhir52J`@t1`Rkftk; z=r5j)Oy7j!;>Ao+K8ESE*aS6Fn0*M%+{0b?cvi+sA;38%Zrtz9-Ri`Z6^LHFJ6A*E zR4oh)!tuM!9Y4(kO2;s3m9n&ll8!wNvYU)8WsvC9voUL>#}pM&)!EF_0Z{CTJ(k_0qxXJZXZ?(u05BNGTHc~MBK~wAnsGak`3M_A|ENY7&Un@g+-kux5X?Q)c24b!sKbJj#j(d=>Sg7Thf^bSD# z=%+|+hlGI}3-$Fo@9O65c=o-X@!?UgB^fOz!%tZm3u3iDvU{=>-5%cPX*Dm$6Er%1 zkn6yn{OvjG6Mk5b;Th`Mp3+lvwls#wcNO_Kf&LM-azvIiEiF2#OfFs@Vu%Sw&PSY- zoe|p(Une{hCe^q;ltG`uCZd6nTk%7{ zeR+v~vnFu)gfY3?#_gPSc`~wHPx!0v+ybxc4Dr{ypRs9xC!6P_ISewm-F7?0F0N_{ zmZP5@TM0al`vyI7{qJtKGZW!Q&7=_T#)TGb!Sqi zltzS%ZYsqRqsVp-g}w8IKxfh)C_pjRZldsKrv#aAjdokHcP%H-10*jqKht)BK`}pV zkFi!j<41Kmu?Yu_QCo$}bi57UE7NbLguDU^xE*~ycVjFs^K3NcUG?GE#B6`KnvXhj zGE7SAo#CZ$%qz0a#JWdlN(V+SEc05bJpr$m{G5MkZF8k*_D=Wpmb7a~ za$RnX_dq4WpaQSchKS!i?%aHrrd)Ge`W4tnfv&o2+=Vmgzxwx!WSYA+Ciqy?w2x+4 zoPeWpgN#kVrr3%!Mims{X!6gn-M96#=WbqpJ%#}#nE)>G_^4nXGA0NIpI2n$M?{a` zKI5`uW{^X<=Z_O}9OQ5ji-vWxvj=!Oz!Cq0K|z zO9Kv0#JU|z{2Hzkj@|NNzoCW&dXC(K)k7)yx8zeV?-``N8Azyc$#5XoN_}t3-CLrj zo#d1Dr34_}!teEITO7Uputr?N2|16bQ<1oW&yP&VEoVYBtGBvn>0$5icPW26nMFHc ziNazhfef!>8m0l7WkbK__Oph-#sIP@D~*(t?jvia!nWv%Bdxidykl&Dw2GHeZQ|U% zHv{FRpZbI3WB<8s6e}EO^#Ny06|#CDcw{f~{F^Mv@+H{Gx%z)g&#`3&5#&BF;w!jA z9WG9WX}+?0o#p7A$B}E#jhFgc^YKo-!}HD$di}j}cW38aMCNya@b@?iT5V^<^*I<{ z$PnuhZd7}g9^EeOx>C`QQ8@_*ATM4%;FMl>eCzC6<^PPm5<m7B?5N|w|JbJJ1HQgTn6c9qWYu4=3h@^{b|rbq+X|dIuY(5 zIah1sG)&q@XdqwGENXLS?%+uPZako_3U)LZ`Iq=p)oiSS>^{=ZJtoABhLcTmrL2a1 z@#sHdi;qKo){9#K&kym`7Xmliqkf+AsUM$QXb-`I;#0rhU==5$5??*2Qd4u>E&SAp zg!D!nglqqPjS+Ej=8N@6%}oP3xeUer2(7=9H}~Vh-P~WWp4+_t>p$XTugU1&SeNjH z7k{r34VQ`lfD~W3ZWp^xxF^63v&XNXh=1R8Ox;himaVd2;k^s&n@<6YJ(!mIO*a)n zTv*+-eHp>%*f35T&OUMRWJ1awb&l6~FX1YqJE8J2bI}1(N%S~^yl<*<%V`DJ{;;!W zP$jnC3@d2JL?t3wg)(|H{WW9*CVP{StP_(A}PfjwSq4$BU#{Zfw(PO|i_%?jr z&s~Hy2|rDhg&?+ZkxS6b?sH`7t3(~OwJmx6y1#!T5w*iAfl%VTA2=>zKGf0O)JDuf zu3$*H@9AD$PXj(C9KpqCU$ID7vRN5yrEM5I+-TK>=7iUHIi)9GHc>Gxzn+f>MaQS+ z6|G0me#2hu(n~NT(L|xbyyIrgL-nM@iLB|~zI7C$|0cK%wq$m5)jL6&7#Z`I9 zAZvz*PFY@#Z{n-KD>sy<&1krkrs^Feof@we+~WWx*x}ix-X$MAT3LEG`x_sy|E{xw zTQRK1JUXJ_je?XGlz3snDdK_j^dtou*@&3=V}rqjMC(}_X-4T8yjQ6|TG#Aok^FCY`4X5_HIuje` z;y-iU>cH=J$@RJLpou+qK0ek(M$Llsw()A4JTvzk#(mo5k}cW^ufqvlM?dqj@GR+H zA4)HmqrbUJaeFB&R2~dXz9i72UrPfkl`-bFe%95E&6`?9iIF23Jv3H{8=S=znE?kA zIb_C)ZBf}&v)}F&)sNr=YJZG&t;kf_uxK9hSFF+T_{uHi8)QT}{31*eoV>daN4rtT zKb3ZT;io4@?ul_441k}dfbB+P+ZHEDGp^pd)myuvd=F`@C0#xC!SVLiLQ3tUA1idu zIK$RiIS=Hng<2WmYa+z)LGA0&$Y#)r9w8Dh&=X-EezF=`>6IBV^sdwF_3ZRXp`w7N zUPo#h)h>kf?+;h_dkG+Kh`32Lg+K#`sHOhQ0%j^G?Hm1(U2Rxg<@33;NS7e!k|J8_8G zkn>J;ZSt$8+G+`p4>GUd%1+Di>$|&hr)i4rh|l32J^E1>*7F|!%cax0ER)2nnOo#2 z^<4MaVPipOorKo1S$2@lV(cA@og@W)sJ+92*ktY5e%&6UG4&p&ve5oart@~7!jPuq znv=VlbHA?7tll`ogmh+%D@Y|BTon-bG;+IfKhH|4H5j84MjbQjRWp*s)pL$e7_!r6 z`1qy7nHjVYSHt8yN)vcx#mA9#nKc%1=>OJgwd=!su)Bq^T6kMdGV`@+OS%$F>nzS% za!osO{jExkxC(ZR)D-razx(Q;#pl)#K8FXIp2_AZcp7yLxMLK9(`{eWGosR5~yVpWVCKgEROUTN+=d zlnt&3Ev8m{lZ?>-{ZoAJk;Kk0*;@;4*~Kb<831FE+mL&b1mO}l6A1N5g>6a& z5a}|vmDZ+q)3QX`I%CI2qlga?Zlt~;$(4*H;l&=OY{k~O8sX1?20_2|Dbwz@TXa$j zWpnrUG9weZe8Y9!l;>i2&h{&`N7oC!LjATEs;|AaHshDZ=DBL~GmCbyzp+uZIe(bq7Bt{y>HFe3=rDj=l~D*BmE@?(7WY z>@+-d#)B5*2gr6Zi-*wY2YSJi*fSC!tIZq{KW@K1D0s$=YfkkA+b1RxN7KHq+XddU z(2O)WavkncOk)r~-Uk`>)&`$h9-r1&#VGdiWytigKlh>XI-wq*5O`Vj!nPRcv7FXp zwaJK?&N_R;9mnY8u~>@bJnG+aITrP9z#NbkN+p-p4_@7GgaYFk2rJ%fNkwO771AUV zOTnO()S{wHL(~0D^HcoXrMw7BZ-Z;D0ox7nGeI!>yW8V~W2%y!d(p?SH>-kKK?a}~ zKqiX>0xUHKeqXvj(e}0**%aQizDu{Un~|FHTBf=CcRX5hOF(*b|?m zeyC$r6jjZ;r6*9jJ5U}pOC^$*pO+Yh=Xk6B>MCV}4ePRJhQ7VC%hyh%6MkrHPQ>Vo z0xuxPJ%r|FXW{OiWv}!+DA?@%e#4?X*0i!x(}N<$CD%FZd)CJY&=@GJql$WZf#=j| zBiCsWxhl{7sTOw&%23vFx2X9Ypp{W76m4Z#?>5XQ%!CncNx;LS0Bz-adedX{@J;<@ z@NqMqhR6|k@#lH^=~sf$s|Du9nw3Q6YtjCcC87LvO<~OLozaPg7rvmMC$#*PCOm_A$F%BL|?~0R~OI$ z7*L_Ci}TiWfD)?RaEqO9AslkJ5qDFi`+!4$>A9HQZm{F>EZtrCe7(BO3X@4IBO-mnx7Gc8I z=MMSBy24g4`9}!7fE;t#HQ;~VLmZ#)xU=$VTYp2;V+>@hbF9h6oOZ^2L31gvYPk~qv_&e(&*8)W8{k#+@iHr)nen)F?51p zr%})>Q3;stnh-~+jvjaO{+aE#kYd+w#_&NmQ$%hLLuY{n0gpym>$qyBLko|kvH312hadN>lxlDKi_?qj<{pbG2#A?Mk{uH zbDqpMKufUWTl|q@V*xt{8%a_|jsR&GsiX5=Q^o}m>%3VEzpU#78+(2nm6t_2Fnzi$ z!kK1hVmLy-YLULjEy4WFWH_CMOd&@>9C3o#d`r1@Q4?wD@?KDGoT!qK*M{WQa7dRA+Qv3QuJ>HfQs^c^IR zclpPZDI4?y-wPA_G+sA+)_CL>;VCMgJIj^3wG`CHuWZ^hL**~QLXuscc?a@@4@i?_ zi$013d>*bi!L~gZM~&W~5+ye=x&(uoJ@Z7h-IM}Iehc0Ph;Oa<)lq^hBX)A6@79(P z@o=XnS{)GWkW{Izn3aPdBS}>uzT%$F*TNB&4fc9>$W95|u9%=D4iLlzWMhVs()H_o zezs)9+PadPzgwA)^s{95Yd@Z3Jvt)1%B&q{EB_p5TkSLd%o%{3j zI-u)l&y-_(YP8q`6Ug3F7vkcil%LoIhHzzXa|etHl8-0r*JlILUsorrqtyEd1frVM zzoBip<3IJ>TI>2SHk6L+gD@~~T3j~*1q0XxY}~cMN816TtRXbAB!?}}!g@Rp7BW*} zG_(HnzV7(pn*3sMQE&d!GB*nZry_6(N%^mX8R1_lyXq6T`?XGqM+M7i2##uY-1Al| zCGV~;%;m_8BHpK_CyAW%?BnIDW>ek`*%06ENjM(@Bn2wI>SG(Hi25cW- z*D)xWmG3DdDR!}OQj3*hEC8x){Aq(m$&Eh)fbwi>NCvyqcLEl&5!Hdl)6f&-9e5?#X0ttw6l zn6nLlIola|2ohz=q%fwMKnqe^ZFbKF%)iR0sBY9ihs!}lnQ|%OkjNiN9CPWMjnC2! zp1p4vvz4!QeBoXeoxKk4E9jh4va_J`F%AYY3jiy1fR9kQI>e@ z;ZReE2rwAgG(w0x}TP8 z@iJ5kN%1NhEJGDl^`?NJ9_UF@N$-CJ!k!Y|klabDv=dBs2h^`@T%MAg%Kw4=Dw=*; zi=sWhQqHzO2whb;>EdMT%_XUBm`714;G*OXT(gIID57vtv+ys`Sz!R0UJQ)gt!7R` zBPy>_V3f0q$});FX_DuOw_LXJdBB#@{cu~H|6hh3R3>XE%0vN_@_7of%RB~32d3S{ zW!TUOz-jEzgX(C=Au!I7wWBr*Ok_V$TcAGCk{1LVaV~LK{3Yc7U{VZFRQ+4a5_Yop zQ_8JOKFls*ioK%y-~+ zKqZ)jC-^wpcvE1)9)5W$!~h4bg-M<{`8E{=`G^=aKAkq6jNo4YC*8dC|7x%o#Y8zw z_cz0mj+rBS8tud__{RIpCL!E2vD5(Yd-fk6{56N~y3L|vq^R6Y^z~)A|J0jyY*yQE zEwG#QCeNmFB3znc*lYONN+>L2XwA-vLa5LnwhQFk9Nq@mJO6(Dw+wD&4j4G15~JZ3 z|FhfQ?dO62K~*N(JdyuC1*DpM%gV}j*LVr~uk94(-_Iyv^iRsWZ)(hdfRFx7lN%Tv H=h*)Mp1sHv literal 0 HcmV?d00001 diff --git a/fast/stages/00-bootstrap/diagram.svg b/fast/stages/00-bootstrap/diagram.svg new file mode 100644 index 000000000..06fbe8000 --- /dev/null +++ b/fast/stages/00-bootstrap/diagram.svg @@ -0,0 +1,807 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/fast/stages/00-bootstrap/log-export.tf b/fast/stages/00-bootstrap/log-export.tf new file mode 100644 index 000000000..682d473d9 --- /dev/null +++ b/fast/stages/00-bootstrap/log-export.tf @@ -0,0 +1,73 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Audit log project and sink. + +locals { + log_types = toset([for k, v in var.log_sinks : v.type]) +} + +module "log-export-project" { + source = "../../../modules/project" + name = "audit-logs-0" + parent = "organizations/${var.organization.id}" + prefix = local.prefix + billing_account = var.billing_account.id + iam = { + "roles/owner" = [module.automation-tf-bootstrap-sa.iam_email] + } + services = [ + # "cloudresourcemanager.googleapis.com", + # "iam.googleapis.com", + # "serviceusage.googleapis.com", + "bigquery.googleapis.com", + "storage.googleapis.com", + "stackdriver.googleapis.com" + ] +} + +# one log export per type, with conditionals to skip those not needed + +module "log-export-dataset" { + source = "../../../modules/bigquery-dataset" + count = contains(local.log_types, "bigquery") ? 1 : 0 + project_id = module.log-export-project.project_id + id = "audit_export" + friendly_name = "Audit logs export." +} + +module "log-export-gcs" { + source = "../../../modules/gcs" + count = contains(local.log_types, "storage") ? 1 : 0 + project_id = module.log-export-project.project_id + name = "audit-logs-0" + prefix = local.prefix +} + +module "log-export-logbucket" { + source = "../../../modules/logging-bucket" + count = contains(local.log_types, "logging") ? 1 : 0 + parent_type = "project" + parent = module.log-export-project.project_id + id = "audit-logs-0" +} + +module "log-export-pubsub" { + source = "../../../modules/pubsub" + for_each = toset([for k, v in var.log_sinks : k if v == "pubsub"]) + project_id = module.log-export-project.project_id + name = "audit-logs-${each.key}" +} diff --git a/fast/stages/00-bootstrap/main.tf b/fast/stages/00-bootstrap/main.tf new file mode 100644 index 000000000..49fa9140b --- /dev/null +++ b/fast/stages/00-bootstrap/main.tf @@ -0,0 +1,32 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + groups = { + for k, v in var.groups : + k => "${v}@${var.organization.domain}" + } + groups_iam = { + for k, v in local.groups : + k => "group:${v}" + } + # convenience flags that express where billing account resides + billing_ext = var.billing_account.organization_id == null + billing_org = var.billing_account.organization_id == var.organization.id + billing_org_ext = !local.billing_ext && !local.billing_org + # naming: environment used in most resource names + prefix = join("-", compact([var.prefix, "prod"])) +} diff --git a/fast/stages/00-bootstrap/organization.tf b/fast/stages/00-bootstrap/organization.tf new file mode 100644 index 000000000..04be206a4 --- /dev/null +++ b/fast/stages/00-bootstrap/organization.tf @@ -0,0 +1,205 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Organization-level IAM and org policies. + +locals { + # organization authoritative IAM bindings, in an easy to edit format before + # they are combined with var.iam a bit further in locals + _iam = { + "roles/browser" = [ + "domain:${var.organization.domain}" + ] + "roles/logging.admin" = [ + module.automation-tf-bootstrap-sa.iam_email + ] + "roles/owner" = local._iam_bootstrap_user + "roles/resourcemanager.folderAdmin" = [ + module.automation-tf-resman-sa.iam_email + ] + "roles/resourcemanager.organizationAdmin" = concat( + [module.automation-tf-bootstrap-sa.iam_email], + local._iam_bootstrap_user + ) + "roles/resourcemanager.organizationViewer" = [ + "domain:${var.organization.domain}" + ] + } + # organization additive IAM bindings, in an easy to edit format before + # they are combined with var.iam_additive a bit further in locals + _iam_additive = merge( + { + "roles/accesscontextmanager.policyAdmin" = [ + local.groups_iam.gcp-security-admins + ] + "roles/compute.orgFirewallPolicyAdmin" = [ + local.groups_iam.gcp-network-admins + ] + "roles/compute.xpnAdmin" = [ + local.groups_iam.gcp-network-admins + ] + # use additive to support cross-org roles for billing + "roles/iam.organizationRoleAdmin" = [ + local.groups_iam.gcp-security-admins, + module.automation-tf-bootstrap-sa.iam_email + ] + "roles/orgpolicy.policyAdmin" = [ + module.automation-tf-resman-sa.iam_email, + local.groups_iam.gcp-security-admins + ] + }, + local.billing_org ? { + "roles/billing.admin" = [ + local.groups_iam.gcp-organization-admins, + module.automation-tf-bootstrap-sa.iam_email, + module.automation-tf-resman-sa.iam_email + ] + } : {} + ) + _iam_bootstrap_user = ( + var.bootstrap_user == null ? [] : ["user:${var.bootstrap_user}"] + ) + _log_sink_destinations = { + bigquery = try(module.log-export-dataset.0.id, null), + logging = try(module.log-export-logbucket.0.id, null), + storage = try(module.log-export-gcs.0.name, null) + } + iam = { + for role in local.iam_roles : role => distinct(concat( + try(sort(local._iam[role]), []), + try(sort(var.iam[role]), []) + )) + } + iam_additive = { + for role in local.iam_roles_additive : role => distinct(concat( + try(sort(local._iam_additive[role]), []), + try(sort(var.iam_additive[role]), []) + )) + } + iam_roles = distinct(concat( + keys(local._iam), keys(var.iam) + )) + iam_roles_additive = distinct(concat( + keys(local._iam_additive), keys(var.iam_additive) + )) + log_sink_destinations = { + for k, v in var.log_sinks : k => ( + v.type == "pubsub" + ? module.log-export-pubsub[k] + : local._log_sink_destinations[v.type] + ) + } +} + +module "organization" { + source = "../../../modules/organization" + organization_id = "organizations/${var.organization.id}" + # human (groups) IAM bindings + group_iam = { + (local.groups.gcp-organization-admins) = [ + "roles/cloudasset.owner", + "roles/cloudsupport.admin", + "roles/compute.osAdminLogin", + "roles/compute.osLoginExternalUser", + "roles/owner", + "roles/resourcemanager.folderAdmin", + "roles/resourcemanager.organizationAdmin", + "roles/resourcemanager.projectCreator", + ], + (local.groups.gcp-network-admins) = [ + "roles/cloudasset.owner", + "roles/cloudsupport.techSupportEditor", + ] + (local.groups.gcp-security-admins) = [ + "roles/cloudasset.owner", + "roles/cloudsupport.techSupportEditor", + "roles/iam.securityReviewer", + "roles/logging.admin", + "roles/securitycenter.admin", + ], + (local.groups.gcp-support) = [ + "roles/cloudsupport.techSupportEditor", + "roles/logging.viewer", + "roles/monitoring.viewer", + ] + } + # machine (service accounts) IAM bindings + iam = local.iam + # additive bindings, used for roles co-managed by different stages + iam_additive = local.iam_additive + custom_roles = { + # this is needed for use in additive IAM bindings, to avoid conflicts + "organizationIamAdmin" = [ + "resourcemanager.organizations.get", + "resourcemanager.organizations.getIamPolicy", + "resourcemanager.organizations.setIamPolicy" + ] + "xpnServiceAdmin" = [ + "compute.globalOperations.get", + "compute.organizations.disableXpnResource", + "compute.organizations.enableXpnResource", + "compute.projects.get", + "compute.subnetworks.getIamPolicy", + "compute.subnetworks.setIamPolicy", + "dns.networks.bindPrivateDNSZone", + "resourcemanager.projects.get", + ] + } + logging_sinks = { + for name, attrs in var.log_sinks : name => { + bq_partitioned_table = attrs.type == "bigquery" + destination = local.log_sink_destinations[name] + exclusions = {} + filter = attrs.filter + iam = true + include_children = true + type = attrs.type + } + } +} + +# assign the custom restricted Organization Admin role to the relevant service +# accounts, with a condition that only enables granting specific roles; +# these roles use additive bindings everywhere to avoid conflicts / permadiffs + +resource "google_organization_iam_binding" "org_admin_delegated" { + org_id = var.organization.id + count = local.billing_org ? 1 : 0 + role = module.organization.custom_role_id.organizationIamAdmin + members = [module.automation-tf-resman-sa.iam_email] + condition { + title = "automation_sa_delegated_grants" + description = "Automation service account delegated grants" + expression = format( + "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])", + join(",", formatlist("'%s'", concat( + [ + "roles/accesscontextmanager.policyAdmin", + "roles/compute.orgFirewallPolicyAdmin", + "roles/compute.xpnAdmin", + "roles/orgpolicy.policyAdmin", + module.organization.custom_role_id.xpnServiceAdmin + ], + local.billing_org ? [ + "roles/billing.admin", + "roles/billing.costsManager", + "roles/billing.user", + ] : [] + ))) + ) + } + depends_on = [module.organization] +} diff --git a/fast/stages/00-bootstrap/outputs.tf b/fast/stages/00-bootstrap/outputs.tf new file mode 100644 index 000000000..c25b90137 --- /dev/null +++ b/fast/stages/00-bootstrap/outputs.tf @@ -0,0 +1,113 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + providers = { + "00-bootstrap" = templatefile("${path.module}/../../assets/templates/providers.tpl", { + bucket = module.automation-tf-bootstrap-gcs.name + name = "bootstrap" + sa = module.automation-tf-bootstrap-sa.email + }) + "01-resman" = templatefile("${path.module}/../../assets/templates/providers.tpl", { + bucket = module.automation-tf-resman-gcs.name + name = "resman" + sa = module.automation-tf-resman-sa.email + }) + } + tfvars = { + "01-resman" = jsonencode({ + automation_project_id = module.automation-project.project_id + billing_account = var.billing_account + custom_roles = module.organization.custom_role_id + groups = var.groups + organization = var.organization + prefix = var.prefix + }) + "02-networking" = jsonencode({ + billing_account_id = var.billing_account.id + organization = var.organization + prefix = var.prefix + }) + "02-security" = jsonencode({ + billing_account_id = var.billing_account.id + organization = var.organization + prefix = var.prefix + }) + "03-gke-multitenant-dev" = jsonencode({ + billing_account_id = var.billing_account.id + prefix = var.prefix + }) + "03-gke-multitenant-prod" = jsonencode({ + billing_account_id = var.billing_account.id + prefix = var.prefix + }) + "03-project-factory-dev" = jsonencode({ + billing_account_id = var.billing_account.id + prefix = var.prefix + }) + "03-project-factory-prod" = jsonencode({ + billing_account_id = var.billing_account.id + prefix = var.prefix + }) + } +} + +# optionally generate providers and tfvars files for subsequent stages + +resource "local_file" "providers" { + for_each = var.outputs_location == null ? {} : local.providers + filename = "${var.outputs_location}/${each.key}/providers.tf" + content = each.value +} + +resource "local_file" "tfvars" { + for_each = var.outputs_location == null ? {} : local.tfvars + filename = "${var.outputs_location}/${each.key}/terraform-bootstrap.auto.tfvars.json" + content = each.value +} + +# outputs + +output "billing_dataset" { + description = "BigQuery dataset prepared for billing export." + value = try(module.billing-export-dataset.0.id, null) +} + +output "project_ids" { + description = "Projects created by this stage." + value = { + automation = module.automation-project.project_id + billing-export = try(module.billing-export-project.0.project_id, null) + log-export = module.log-export-project.project_id + } +} + +# ready to use provider configurations for subsequent stages when not using files + +output "providers" { + # tfdoc:output:consumers stage-01 + description = "Terraform provider files for this stage and dependent stages." + sensitive = true + value = local.providers +} + +# ready to use variable values for subsequent stages + +output "tfvars" { + description = "Terraform variable files for the following stages." + sensitive = true + value = local.tfvars +} diff --git a/fast/stages/00-bootstrap/variables.tf b/fast/stages/00-bootstrap/variables.tf new file mode 100644 index 000000000..9f102c77e --- /dev/null +++ b/fast/stages/00-bootstrap/variables.tf @@ -0,0 +1,100 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "billing_account" { + description = "Billing account id and organization id ('nnnnnnnn' or null)." + type = object({ + id = string + organization_id = number + }) +} + +variable "bootstrap_user" { + description = "Email of the nominal user running this stage for the first time." + type = string + default = null +} + +variable "groups" { + # https://cloud.google.com/docs/enterprise/setup-checklist + description = "Group names to grant organization-level permissions." + type = map(string) + default = { + gcp-billing-admins = "gcp-billing-admins", + gcp-devops = "gcp-devops", + gcp-network-admins = "gcp-network-admins" + gcp-organization-admins = "gcp-organization-admins" + gcp-security-admins = "gcp-security-admins" + gcp-support = "gcp-support" + } +} + +variable "iam" { + description = "Organization-level custom IAM settings in role => [principal] format." + type = map(list(string)) + default = {} +} + +variable "iam_additive" { + description = "Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings." + type = map(list(string)) + default = {} +} + +variable "log_sinks" { + description = "Org-level log sinks, in name => {type, filter} format." + type = map(object({ + filter = string + type = string + })) + default = { + audit-logs = { + filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" + type = "bigquery" + } + vpc-sc = { + filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" + type = "bigquery" + } + } + validation { + condition = alltrue([ + for k, v in var.log_sinks : + contains(["bigquery", "logging", "pubsub", "storage"], v.type) + ]) + error_message = "Type must be one of 'bigquery', 'logging', 'pubsub', 'storage'." + } +} + +variable "organization" { + description = "Organization details." + type = object({ + domain = string + id = number + customer_id = string + }) +} + +variable "outputs_location" { + description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable." + type = string + default = null +} + +variable "prefix" { + description = "Prefix used for resources that need unique names." + type = string +} diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md new file mode 100644 index 000000000..f5e69cb95 --- /dev/null +++ b/fast/stages/01-resman/README.md @@ -0,0 +1,196 @@ +# Resource hierarchy + +This stage performs two important tasks: + +- create the top-level hierarchy of folders, and the associated resources used later on to automate each part of the hierarchy (eg. Networking) +- set organization policies on the organization, and any exception required on specific folders + +The code is intentionally simple, as it's intended to provide a generic initial setup (Networking, Security, etc.), and then allow easy customizations to complete the implementation of the intended hierarchy design. + +The following diagram is a high level reference of the resources created and managed here: + +

+ Resource-management diagram +

+ +## Design overview and choices + +Despite its simplicity, this stage implements the basics of a design that we've seen working well for a variety of customers, where the hierarchy is laid out following two conceptually different approaches: + +- core or shared resources are grouped in hierarchy branches that map to their type or purpose (e.g. Networking) +- team or application resources are grouped in lower level hierarchy branches that map to management or operational considerations (e.g. which team manages a set of applications, or owns a subset of company data, etc.) + +This split approach usually represents well functional and operational patterns, where core resources are centrally managed by individual teams (e.g. networking, security, fleets of similar VMS, etc.), while teams need more granularity to access managed services used by the applications they maintain. + +The approach also adapts to different high level requirements: + +- it can be used either for single organizations containing multiple environments, or with multiple organizations dedicated to specific environments (e.g. prod/nonprod), as the environment split is implemented at the project or lower folder level +- it adapts to complex scenarios, with different countries or corporate entities using the same GCP organization, as core services are typically shared, and/or an extra layer on top can be used as a drop-in to implement the country/entity separation + +Additionally, a few critical benefits are directly provided by this design: + +- core services are clearly separated, with very few touchpoints where IAM and security policies need to be applied (typically their top-level folder) +- adding a new set of core services (e.g. shared GKE clusters) is a trivial operation that does not break the existing design +- grouping application resources and services using teams or business logic is a flexible approach, which maps well to typical operational or budget requirements +- automation stages (e.g. Networking) can be segregated in a simple and effective way, by creating the required service accounts and buckets for each stage here, and applying a handful of IAM roles to the relevant folder + +For a discussion on naming, please refer to the [Bootstrap stage documentation](../00-bootstrap/README.md#naming), as the same approach is shared by all stages. + +## How to run this stage + +This stage is meant to be executed after the [bootstrap](../00-bootstrap) stage has run, as it leverages the automation service account and bucket created there. The relevant user groups must also exist, but that's one of the requirements for the previous stage too, so if you ran that successfully, you're good to go. + +It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the bootstrap stage for the actual roles needed. + +Before running this stage, you need to make sure you have the correct credentials and permissions, and localize variables by assigning values that match your configuration. + +### Providers configuration + +The default way of making sure you have the right permissions, is to use the identity of the service account pre-created for this stage during bootstrap, and that you are a member of the group that can impersonate it via provider-level configuration (`gcp-devops` or `organization-admins`). + +To simplify setup, the previous stage pre-configures a valid providers file in its output, and optionally writes it to a local file if the `outputs_location` variable is set to a valid path. + +If you have set a valid value for `outputs_location` in the bootstrap stage, simply link the relevant `providers.tf` file from this stage's folder in the path you specified: + +```bash +# `outputs_location` is set to `../../configs/example` +ln -s ../../configs/example/01-resman/providers.tf +``` + +If you have not configured `outputs_location` in bootstrap, you can derive the providers file from that stage's outputs: + +```bash +cd ../00-bootstrap +terraform output -json providers | jq -r '.["01-resman"]' \ + > ../01-resman/providers.tf +``` + +### Variable configuration + +There are two broad sets of variables you will need to fill in: + +- variables shared by other stages (org id, billing account id, etc.), or derived from a resource managed by a different stage (folder id, automation project id, etc.) +- variables specific to resources managed by this stage + +To avoid the tedious job of filling in the first group of variable with values derived from other stages' outputs, the same mechanism used above for the provider configuration can be used to leverage pre-configured `.tfvars` files. + +If you configured a valid path for `outputs_location` in the bootstrap stage, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's outputs folder (under the path you specified), where the `*` above is set to the name of the stage that produced it. For this stage, a single `.tfvars` file is avalaible: + +```bash +# `outputs_location` is set to `../../configs/example` +ln -s ../../configs/example/01-resman/terraform-bootstrap.auto.tfvars.json +``` + +A second set of variables is specific to this stage, they are all optional so if you need to customize them, create an extra `terraform.tfvars` file. + +Refer to the [Variables](#variables) table at the bottom of this document, for a full list of variables, their origin (e.g. a stage or specific to this one), and descriptions explaining their meaning. The sections below also describe some of the possible customizations. For billing configurations, refer to the [Bootstrap documentation on billing](../00-bootstrap/README.md#billing-account) as the `billing_account` variable is identical across all stages. + +Once done, you can run this stage: + +```bash +terraform init +terraform apply +``` + +## Customizations + +### Team folders + +This stage provides a single built-in customization that offers a minimal (but usable) implementation of the "application" or "business" grouping for resources discussed above. The `team_folders` variable allows you to specify a map of team name and groups, that will result in folders, automation service accounts, and IAM policies applied. + +Consider the following example + +```hcl +team_folders = { + team-a = { + descriptive_name = "Team A" + group_iam = { + "team-a@gcp-pso-italy.net" = [ + "roles/viewer" + ] + } + impersonation_groups = ["team-a-admins@gcp-pso-italy.net"] + } +} +``` + +This will result in + +- a "Team A" folder under the "Teams" folder +- one GCS bucket in the automation project +- one service account in the automation project with the correct IAM policies on the folder and bucket +- a IAM policy on the folder that assigns `roles/viewer` to the `team-a` group +- a IAM policy on the service account that allows `team-a` to impersonate it + +This allows to centralize the minimum set of resources to delegate control of each team's folder to a pipeline, and/or to the team group. This can be used as a starting point for scenarios that implement more complex requirements (e.g. environment folders per team, etc.). + +### Organization policies + +Organization policies are laid out in an explicit manner in the `organization.tf` file, so it's fairly easy to add or remove specific policies. + +For policies where additional data is needed, a root-level `organization_policy_configs` variable allows passing in specific data. Its built-in use to add additional organizations to the [Domain Restricted Sharing](https://cloud.google.com/resource-manager/docs/organization-policy/restricting-domains) policy, can be taken as an example on how to leverage it for additional customizations. + +### IAM + +IAM roles can be easily edited in the relevant `branch-xxx.tf` file, following the best practice outlined in the [bootstrap stage](../00-bootstrap#customizations) documentation of separating user-level and service-account level IAM policies in modules' `iam_groups`, `iam`, and `iam_additive` variables. + +### Additional folders + +Due to its simplicity, this stage lends itself easily to customizations: adding a new top-level branch (e.g. for shared GKE clusters) is as easy as cloning one of the `branch-xxx.tf` files, and changing names. + + + + + + + +## Files + +| name | description | modules | resources | +|---|---|---|---| +| [billing.tf](./billing.tf) | Billing resources for external billing use cases. | organization | google_billing_account_iam_member | +| [branch-networking.tf](./branch-networking.tf) | Networking stage resources. | folder · gcs · iam-service-account | | +| [branch-sandbox.tf](./branch-sandbox.tf) | Sandbox stage resources. | folder · gcs · iam-service-account | | +| [branch-security.tf](./branch-security.tf) | Security stage resources. | folder · gcs · iam-service-account | | +| [branch-teams.tf](./branch-teams.tf) | Team stages resources. | folder · gcs · iam-service-account | | +| [main.tf](./main.tf) | Module-level locals and resources. | | | +| [organization.tf](./organization.tf) | Organization policies. | organization | | +| [outputs.tf](./outputs.tf) | Module outputs. | | local_file | +| [variables.tf](./variables.tf) | Module variables. | | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| automation_project_id | Project id for the automation project created by the bootstrap stage. | string | ✓ | | 00-bootstrap | +| billing_account | Billing account id and organization id ('nnnnnnnn' or null). | object({…}) | ✓ | | 00-bootstrap | +| organization | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| prefix | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | +| custom_roles | Custom roles defined at the org level, in key => id format. | map(string) | | {} | 00-bootstrap | +| groups | Group names to grant organization-level permissions. | map(string) | | {…} | 00-bootstrap | +| organization_policy_configs | Organization policies customization. | object({…}) | | null | | +| outputs_location | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| team_folders | Team folders to be created. Format is described in a code comment. | map(object({…})) | | null | | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| networking | Data for the networking stage. | | 02-networking | +| project_factories | Data for the project factories stage. | | xx-teams | +| providers | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · xx-sandbox · xx-teams | +| sandbox | Data for the sandbox stage. | | xx-sandbox | +| security | Data for the networking stage. | | 02-security | +| teams | Data for the teams stage. | | | +| tfvars | Terraform variable files for the following stages. | ✓ | | + + + + + + + + + + + diff --git a/fast/stages/01-resman/billing.tf b/fast/stages/01-resman/billing.tf new file mode 100644 index 000000000..5fcb39f44 --- /dev/null +++ b/fast/stages/01-resman/billing.tf @@ -0,0 +1,56 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Billing resources for external billing use cases. + +locals { + # used here for convenience, in organization.tf members are explicit + billing_ext_users = concat( + [ + module.branch-network-sa.iam_email, + module.branch-security-sa.iam_email, + ], + # enable if individual teams can create their own projects + # [ + # for k, v in module.branch-teams-team-sa : v.iam_email + # ], + local.branch_teams_pf_sa_iam_emails + ) +} + +# billing account in same org (resources is in the organization.tf file) + +# billing account in a different org + +module "billing-organization-ext" { + source = "../../../modules/organization" + count = local.billing_org_ext ? 1 : 0 + organization_id = "organizations/${var.billing_account.organization_id}" + iam_additive = { + "roles/billing.user" = local.billing_ext_users + } +} + +# standalone billing account + +resource "google_billing_account_iam_member" "billing_ext_admin" { + for_each = toset( + local.billing_ext ? local.billing_ext_users : [] + ) + billing_account_id = var.billing_account.id + role = "roles/billing.user" + member = each.key +} diff --git a/fast/stages/01-resman/branch-networking.tf b/fast/stages/01-resman/branch-networking.tf new file mode 100644 index 000000000..3b2911973 --- /dev/null +++ b/fast/stages/01-resman/branch-networking.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Networking stage resources. + +module "branch-network-folder" { + source = "../../../modules/folder" + parent = "organizations/${var.organization.id}" + name = "Networking" + group_iam = { + (local.groups.gcp-network-admins) = [ + # add any needed roles for resources/services not managed via Terraform, + # or replace editor with ~viewer if no broad resource management needed + # e.g. + # "roles/compute.networkAdmin", + # "roles/dns.admin", + # "roles/compute.securityAdmin", + "roles/editor", + ] + } + iam = { + "roles/logging.admin" = [module.branch-network-sa.iam_email] + "roles/owner" = [module.branch-network-sa.iam_email] + "roles/resourcemanager.folderAdmin" = [module.branch-network-sa.iam_email] + "roles/resourcemanager.projectCreator" = [module.branch-network-sa.iam_email] + } +} + +module "branch-network-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation_project_id + name = "resman-networking-0" + description = "Terraform resman networking service account." + prefix = local.prefixes.prod +} + +module "branch-network-gcs" { + source = "../../../modules/gcs" + project_id = var.automation_project_id + name = "resman-networking-0" + prefix = local.prefixes.prod + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-network-sa.iam_email] + } +} diff --git a/fast/stages/01-resman/branch-sandbox.tf b/fast/stages/01-resman/branch-sandbox.tf new file mode 100644 index 000000000..e40aa3fed --- /dev/null +++ b/fast/stages/01-resman/branch-sandbox.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Sandbox stage resources. + +module "branch-sandbox-folder" { + source = "../../../modules/folder" + parent = "organizations/${var.organization.id}" + name = "Sandbox" + iam = { + "roles/logging.admin" = [module.branch-sandbox-sa.iam_email] + "roles/owner" = [module.branch-sandbox-sa.iam_email] + "roles/resourcemanager.folderAdmin" = [module.branch-sandbox-sa.iam_email] + "roles/resourcemanager.projectCreator" = [module.branch-sandbox-sa.iam_email] + } + policy_boolean = { + "constraints/sql.restrictPublicIp" = false + } + policy_list = { + "constraints/compute.vmExternalIpAccess" = { + inherit_from_parent = false + suggested_value = null + status = true + values = [] + } + } +} + +module "branch-sandbox-gcs" { + source = "../../../modules/gcs" + project_id = var.automation_project_id + name = "resman-sandbox-0" + prefix = local.prefixes.dev + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-sandbox-sa.iam_email] + } +} + +module "branch-sandbox-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation_project_id + name = "resman-sandbox-0" + description = "Terraform resman sandbox service account." + prefix = local.prefixes.dev +} diff --git a/fast/stages/01-resman/branch-security.tf b/fast/stages/01-resman/branch-security.tf new file mode 100644 index 000000000..94f68ecdd --- /dev/null +++ b/fast/stages/01-resman/branch-security.tf @@ -0,0 +1,61 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Security stage resources. + +module "branch-security-folder" { + source = "../../../modules/folder" + parent = "organizations/${var.organization.id}" + name = "Security" + group_iam = { + (local.groups.gcp-security-admins) = [ + # add any needed roles for resources/services not managed via Terraform, + # e.g. + # "roles/bigquery.admin", + # "roles/cloudasset.owner", + # "roles/cloudkms.admin", + # "roles/logging.admin", + # "roles/secretmanager.admin", + # "roles/storage.admin", + "roles/viewer" + ] + } + iam = { + "roles/logging.admin" = [module.branch-security-sa.iam_email] + "roles/owner" = [module.branch-security-sa.iam_email] + "roles/resourcemanager.folderAdmin" = [module.branch-security-sa.iam_email] + "roles/resourcemanager.projectCreator" = [module.branch-security-sa.iam_email] + } +} + +module "branch-security-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation_project_id + name = "resman-security-0" + description = "Terraform resman security service account." + prefix = local.prefixes.prod +} + +module "branch-security-gcs" { + source = "../../../modules/gcs" + project_id = var.automation_project_id + name = "resman-security-0" + prefix = local.prefixes.prod + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-security-sa.iam_email] + } +} diff --git a/fast/stages/01-resman/branch-teams.tf b/fast/stages/01-resman/branch-teams.tf new file mode 100644 index 000000000..7967fc9bc --- /dev/null +++ b/fast/stages/01-resman/branch-teams.tf @@ -0,0 +1,165 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Team stages resources. + +# top-level teams folder and service account + +module "branch-teams-folder" { + source = "../../../modules/folder" + parent = "organizations/${var.organization.id}" + name = "Teams" +} + +module "branch-teams-prod-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation_project_id + name = "resman-teams-0" + description = "Terraform resman production service account." + prefix = local.prefixes.prod +} + +# Team-level folders, service accounts and buckets for each individual team + +module "branch-teams-team-folder" { + source = "../../../modules/folder" + for_each = coalesce(var.team_folders, {}) + parent = module.branch-teams-folder.id + name = each.value.descriptive_name + group_iam = each.value.group_iam == null ? {} : each.value.group_iam +} + +module "branch-teams-team-sa" { + source = "../../../modules/iam-service-account" + for_each = coalesce(var.team_folders, {}) + project_id = var.automation_project_id + name = "teams-${each.key}-0" + description = "Terraform team ${each.key} service account." + prefix = local.prefixes.prod + iam = { + "roles/iam.serviceAccountTokenCreator" = ( + each.value.impersonation_groups == null + ? [] + : [for g in each.value.impersonation_groups : "group:${g}"] + ) + } +} + +module "branch-teams-team-gcs" { + source = "../../../modules/gcs" + for_each = coalesce(var.team_folders, {}) + project_id = var.automation_project_id + name = "teams-${each.key}-0" + prefix = local.prefixes.prod + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-teams-team-sa[each.key].iam_email] + } +} + +# environment: development folder and project factory automation resources + +module "branch-teams-team-dev-folder" { + source = "../../../modules/folder" + for_each = coalesce(var.team_folders, {}) + parent = module.branch-teams-team-folder[each.key].id + # naming: environment descriptive name + name = "${module.branch-teams-team-folder[each.key].name} - Development" + # environment-wide human permissions on the whole teams environment + group_iam = {} + iam = { + # remove owner here and at project level if SA does not manage project resources + "roles/owner" = [ + module.branch-teams-dev-projectfactory-sa.iam_email + ] + "roles/logging.admin" = [ + module.branch-teams-dev-projectfactory-sa.iam_email + ] + "roles/resourcemanager.folderAdmin" = [ + module.branch-teams-dev-projectfactory-sa.iam_email + ] + "roles/resourcemanager.projectCreator" = [ + module.branch-teams-dev-projectfactory-sa.iam_email + ] + } +} + +module "branch-teams-dev-projectfactory-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation_project_id + name = "resman-pf-0" + # naming: environment in description + description = "Terraform project factory development service account." + prefix = local.prefixes.dev +} + +module "branch-teams-dev-projectfactory-gcs" { + source = "../../../modules/gcs" + project_id = var.automation_project_id + name = "resman-pf-0" + prefix = local.prefixes.dev + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-teams-dev-projectfactory-sa.iam_email] + } +} + +# environment: production folder and project factory automation resources + +module "branch-teams-team-prod-folder" { + source = "../../../modules/folder" + for_each = coalesce(var.team_folders, {}) + parent = module.branch-teams-team-folder[each.key].id + # naming: environment descriptive name + name = "${module.branch-teams-team-folder[each.key].name} - Production" + # environment-wide human permissions on the whole teams environment + group_iam = {} + iam = { + # remove owner here and at project level if SA does not manage project resources + "roles/owner" = [ + module.branch-teams-prod-projectfactory-sa.iam_email + ] + "roles/logging.admin" = [ + module.branch-teams-prod-projectfactory-sa.iam_email + ] + "roles/resourcemanager.folderAdmin" = [ + module.branch-teams-prod-projectfactory-sa.iam_email + ] + "roles/resourcemanager.projectCreator" = [ + module.branch-teams-prod-projectfactory-sa.iam_email + ] + } +} + +module "branch-teams-prod-projectfactory-sa" { + source = "../../../modules/iam-service-account" + project_id = var.automation_project_id + name = "resman-pf-0" + # naming: environment in description + description = "Terraform project factory production service account." + prefix = local.prefixes.prod +} + +module "branch-teams-prod-projectfactory-gcs" { + source = "../../../modules/gcs" + project_id = var.automation_project_id + name = "resman-pf-0" + prefix = local.prefixes.prod + versioning = true + iam = { + "roles/storage.objectAdmin" = [module.branch-teams-prod-projectfactory-sa.iam_email] + } +} diff --git a/fast/stages/01-resman/diagram.png b/fast/stages/01-resman/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..d1026318b47fe76e33a2bacf01bb22fbb057607b GIT binary patch literal 233671 zcmeFZbyQVd*9QtHg0zx?gd!r{oq{w1(hZ7qbKo2rQ3**wLg|n$=?-a0=>}d#}CLnsfeUue0AN$Vp(L5u+g>AYe*KK2bzKxS522a6=CD z25_ZvsaXdB0mIZ(R8&DqRFp!&&f3V-!Vm#L@?E$Zin`J_f;g?v_wT$Q{pj!)-de4uqw1a_D5+fs~~$ii{ldc@>p9e1OnnjZ*UL#06U`U!Gky-CN& zsA$Dpmxre8jOR>G%!ldyCW3IYXw28h%`FP68wgW%A0)RCDQI^hl(wnR z_z7R=&|u)qaG=GcG*;qqi@uA#VR3tQ1V;~1IIwMAx)9-e8TM`mk}knq&jCih|3{|V z*AjT{&LG6SZ}(BZb-Ynk^$krME1$F|QW#?vaq`ZTt zn6pbek54(A3XP;A-+6wGMCDPSui6~8xg(#kT^N$my|vrMjg7Qsn6`PodD(mjkHj7Y zODc{gH}l^i8N_C$08fKNlPEa7xn*NWaC3T%U;5Q^<1`GsmcyL~-M+{9$}wM%}weJUZ<_cWOPY9o~$hXALt9qqOOh5jNXJieCPLB z=m`&Tk?0w-3Il6R9x z?z1a{UlOuP4^pFqK;2_9rW2-F8k5p@_jjK)N3ked?|p9#J{y@*iN`)pCuhiS8h*S= z4@Tk(=6JsQ>K$nd@fVrlXUJrlI`Sy0LkXn^o{n}D!9U5*%4p;Lq}#O3w0U&|=~}js z`?l~&f(0~Kb!gjeFR*EBtWfCNHS#Y`%c>EosUhG^5znuzFc|zGdCkn|+J|3#tuB5F z_}O_%h`E21=w)*(bevi!a6=FG2qA`U{#y#NG-+-b&JQgS+%mrXI_#(ffz?XfiLQwC(h^+KgmKhuGjp7%iY-D_Ww&5FK&*~ot=_pTsT<5;V_?qs= zjWQH9c@)Q+6<=Mx`%s|XOuT2`h{Gb9eM_Pde^VUky}|?HcM^&r_7Bi+QQEzH$VyHl zrg{&*RrNFRAu`YF7~w8T%U064TfOh99t$QCNsBo=!|lI8>gk+J&yM!=33Yx{{0%ZWew>GV*KYT8d9j~7!{hU^0%^L%vSVgUML@-eQQ2xyH<{!f3zNr1?3#j>cXFb@p?mKK zvmOuG4E`|L;8-wGHtRRl9&k*N8Y~)oX)4!G-%sDipYEhlDC3`PnA|itW7avC+0UEg zAd@8#ohzWor^+YqlCft6-5zDKm*nN-P2_crMdlr|ms{pfG_aT9jqXbBPP0ynPlf!v z?O^G^Q!!GJQsLsDFO2UA>FDuI$^vXX~WyUc#SD zJ$VDQnde{iKR$l%S(nhLAO98ejl8#PgF?gIhH&p)Z|ndYN|a<4aiu`cJF%S0#HoB8 z)X z{zFzR1Mv7Nb}HG2rVhghHhGrH&cIH}j`;fe(3yCc``ZAlBb2&yv$23ij7TICwmvlS-gzxx&|94nIanS{JV$gFrv$@JT4!G@-WEbl41B;NcOv>3A( zG9I>=&F+$ILfNQ5PQNhYr9(L<9#A%ers~mtbbZ$T7ThSVPAV2-Gup@AqH!mb?)_)$wgOG z!LNcK*C;?E!L$|{?AI1uP2uTJI`28ckfOuPm$GONMaA){!V5> z){2>p=6d(#okr}@TRSm^-EBtD=hbN7n-Mq2vCiuD47*=&`RL!9zDIR0Cy_T%DiJ>s zyMeyGpx&&$qCueE_$`+N&i$nOs^a4_A8j0C%;X@S)#kEWm7evdzfJc`Z|TA6>HXQ< z^YdqGPnN_~aDLFOmj0I4>T;{g!zi{Twn{VZq@s6mxl-*q3J*dy*=D;Re#d=CwJPTr zPZU$ezo{Fl6Uv`KrNQRpYUi-!6ZSq#g$8OM5fIC<_agII=A+_!fngCbC6qbF+CR&R zXL*}l0+`4=K(C>1O>w*A*`q%4ZT@`FDK##I(sy%-W~s7I2xL&MG9HH^*X$i&MHXEe zv>!^|sMoNLcYv;XGtT(PIJeC;WIn!_H%p1=5j`&W-Eb0G&&sOrYUc>K-3t(SVP`RQ zZmnIZU8bAw{@|@eU-_q;vHX^H(T&d(=}qHj_za<8R;FS0J{TcS-*e2Z)W;vm*zp~T z945bh^}6l#WX3loY`MO;hjC!jiiRDkzIZ}!{4@S*@n55RSo>TTsy+o9w3*Y3Tjwfi<0;h$+lj4KQc*0Y<(fE!&+OvK!5EuHF^W#Af7p%jK4L*mR6Ay zOO1L_nZvuW&|R6Dhz%LWu!^vVaChA{E$8X95TWq%{#tsF#)@6{e6%W#ny=cp_MI}j zAzG-4S5{m$S#^aKCg|z6D2O?Aj)2~RZiy4AVXUi;i<7-mgLBp{-JnMOmfaGF5L;dq6~21w}sx$_!8fe@k!#E;@q~>ObZfQt*<4 zq#>>&G?ODWbnZhLW_ioY6U~*8LkS#PQC$MF``RNU1*M6D8Q>Mc=9=D9{aV*^^4ibm zcH6@Jo)K>*QOvP5$VY8Hx|e;%%81q-(qYQBwwAOs;k)hhIi)9Wb0e>-cFls-I+H&W zVt>femXF+W6ii6AZW_T3iEZWG{A{S$Uj4y9URQ`?L3w2GGWZ7h#dgu~te&pGJn zqFXn4`46|mv!unQ3K_CUtn-DNRr$GZBq-90r0BXj{)2vk=)qwu5$NH z@s7ZfXelo1DPoVTQ_k}}f4*{v?i54W7{q$bt^PC=MH9P?j94i9XyR<&4H^fPAot?0 z*x{butfsD_W{Pi%b6->62-wSBEg#ulCd_4u;%(r~J7HN14vGwobkk|_Fgq`w4xh*p z^*}y#$Z)ZMw3sigoN>ua5!Xx{cAe_T$ZK~u>^rR=3x@3w@2wsEJl$MP3zP3YPIZ6i z#(4hXJZ00of9Uws>Gbq=ZW!MN-K($OMn*^*M$`yJ$_PI<#>MZX@uOp*Ch^x|QEbG2 z*{b5Eh(qYFm)j)iwz{D&WWfo#2f;z`(>rLScvVr3$r0YlI-wn|t?YRF{?6WhEeGPO ze$+ZbQxA`+=Cd=VvFBeP2qtk!{BLOAqIP3wy~g|L{kY)z2}RrX5`^b$_?p=DwI3~K zddZ2wsL~=FKY-jL!cbkx=;>1gTHrG(0y5%lgloVjMBpC+A~6E;AD0a!sVuL7 zwI$>8m)0)~867QcVDljGJMsb_Ee-9TQ#e{$Sb=yQ1@8Ybf*1GoTN7ku=j7!7W1Zh_{j<|QA5{Sv+KF0Q0#Dit{v)iv9{%;_g6ZY z;Xd)})yq%F+nEB4cn;f|Aj@AX{Ce%L@%&6M;r{}LKauvwRRC&&X#7n7fvq4K<@D|g z1O#COsV9$>9T8V2)WWm}VugVTY;MmtJ^O>4jF|RUY zsSv6d%Uj%y6|duul9RWWyV5HC=sGG6h43o`M5O=e!w)>;9FN4{tCfUTNtMk z+w%%j|FQhh0}9_kYC&w=E6)FlB5LZYbEED^3FG9*yOKS;5~;v`9<$f}&n)?iZ9hM} zqR@;#;FrA$8)0K!o48;5pVR+-A0!uSzRw z(jn#*@$yPI{`&QvqsGPO|0A^iq7~=KHpvx*kKieI6E$h~U3bG(`AFfrz;#vOBe~ti zd9s2V?{o8tv?km_yvRW!EF>4Kbt0?=c5#6E{_MKX`F%+e?g)zka>r-M zc=9*OeqHzS?qFk508vVRE0e$Kczi%QDvh6S!JFL{s(CPzoh}5ljudo#ZA+q z63*v8aGa9}7MS01V|xAWJ%l^a*aufTWCJeWQV{c;;M;5L2GTTkQcFL&+#2@WL;tKy z?kJ^|3W5b2Gq!y^c*IoWf1%X0ZtA~a#9#xJDK^^BS7v^OB=_|6-0BwEePLe&QQqkP zp<-%n9=szxOQ+&}bXPiX%nhEWxS=PEW4Y0}D|rcAF*lI53A&bI=2s63lX7cvw?V~B z;Pr9b^P%(2Hz(mDb}4NNaiSS4mGF#~u*3Dcof@Q&>f4tb4hN&n;Fj2C@wz+B-r6K# zdzTI`y|ETLh$v#?#?wnX01S;j5gKX|W`h{p%S&6=cSP-oaxwZmWW!j@>@&S;y$Z+l zc>BLf=J9ElzC(SHpF|=^Em2X)$<@i-lxCKeS?Pfb2A%i=EBT6?CTB26bx zS>vR6v%bi=Xt@-X6sfAa{K(oJTBpoWb8$JY!&b+Jvmok@MqQAJ+r$1#GEaBxwS z?_QaiU)1Xiju(9zQZiScnelN-9BwzH4{+}VXr-4I_ zJ(N#3`_Hoj?ay1MlUcyyAIqlM$o*3mV+Q6AA(QIl-2#Uq786wh*zW^Lgg6%%KjLl^ zbiVUfjf>wuZ#@l`=<6|H@#q=n-cKs5Wo&%Aj&{k>%*VK06>ZL{ zN}9pi;(O6UCBt!nrNzY@4`pL;l+vCC$>f%8Jm}t8ZSZiUXERy5{aI^&izFX(yw;V< zbl#f60u7)!T#Q@zekcs?iJWSQCv&F7BIAyM-sNIrtXMr6r#cnX^*HQ2DGePoZrk~m z@3>Uo;j9usG@V!I2i1Y&wuxwgkiaTE`>pLocjkGI_KV@{VA;0u{#;`I%)L~dvb}Wy z9C@KV3;t;2BEh|k;DyIYGrUW@UUiDE7`)0EYi3>_%zK=1Vyy}dYcL@91(8`UpTvOo zD)vjyV^KnQt&Iq2iuS|_Xl3$B^*p$&PP60}9e~Z_?e02IBlk?YZC97A5bif`(&MOV zE865NnV_Xw`V+>xQCXeM1llgF-f2?V+Du_d3w^DTF*%DZIFi!ULn&d$= z;GovHysDzzYh~@l**ot4#>Bd2Pn9f`E_bSLcVv+Pdi#mXR*3OTK6W6rfXAak$viwo zEt|oUgVji@fF1*J2xm1TI)qfvv1}VuA&FSMLmLKS)SkTaWW^NA>&WfYt?F=;FW~*>IS%WMgtfNjvQe!0+b)FgGy?+@@ZgF0 zSmKW_YPt7kVKh)q`RtlxVxe-^M;-wJ#!uv+g-*YT%DrY6YwHd${aA#L7g-t5E}Yv5 z3Dy~bYV-2)&Uj7!qyVsUEM?o=OK0@g!|HM(($ex!xaBfkG`7OY)ug{0qM*gFv9FXsCDu zSW0I5sINi3MWdatsRJ8%w1QoE=U%7V_<^k$q(V29lgo1W_U74A+P8a5Ba6ptC+qY- z_B78}ppubCPeC%<MLT?!|bbUPr@GAp~^ z-GZBQ^lHi*eaGRYXbGA?ygCp%#B|9{&LEkh6u1oWf4?Jge2|vc8SF}r;i3V~KN@W} z*!IrZ%!(hsvqaQFP3HEHj~8S`ug;&Rkh3iSb&UWoOFz%)_J9^1VwuM3)sUARZI4Fs zikg@XW#zdp`m?y#qj=_QGx1OhX>J91oU0hW&nyf~@@F&d4)~_@aNgjke#rVATUX5F zA++8i?TbHCB?Wr0KsZWkZ>|-MBp8ZGzLc%x8X{sslf4T#lMETjl@pn+z{rTI+a6`x zU-<*}9Knrqi#11|W+Y^Er|ie5rQIWI9Ctih4EkI&a2V)JB}zuNyE^ic84DV@3OdG4&`eY%y?$cjDOcMtFmg!$Wx+?efuy-?JQK#rW0h888q4N=@iLlzVy3t?{ z8yEN3piNncu)UI<{ql_y@A+p^L9yS-gm%H#1 z9wK4SBSZ_WzDrtD$4ub3>@g^g7Mx-?L7lgDTZAr7b+mf9Byap~U?AopmM-@BbpA|U zrFI%=m7+Qwsme&oOT?@q^x+S|xt-Q&>$L}+T9t3VqwOkf(7JKiZoRF~`7mkR!An`Q zSzYUwciO23zM1Ht+Hq95T%i(+nD=yKGb%-T)RaE3{J^(eWCER0fXT?nEu{eP1@%zD z>e{VEhY{Pf?s?14`XdrTwknZ(sxh_nQ(vL}Q&l-Ks5uIzjlRtXJB!x7JAmipwWnwk zJ`rTpcG4}aEiAgxgvD0^CHAE;{cy=S!XgAuK~x~!MC?w!$bUv`QkqX~Vv&09Nym7~4^|k5 zG6H1^V{4shX{wZ6=jNmw3YkYw_90d>Edi+%+7K#IF<6Yj=mZc3Y>KRo z*U$kY85nX7<;*@jln+RuBWU^ALmgBs+v3MbZoUQ{DlFeNjvu$_iGBB>8RE`6XiqO5 zbhqcQoQn`;kGvzeU-n*J{%rF?<(Cv@os7_c4-hoNlyVOCeu+_AMy~}`?JxZ3C$U6B z({CiCIc(eZQD*j8Xtn&8*iysqDn-eo&8O7q_x0fN?S^NsqF)Nw{;>Ktbbwg%`!|P6 zv8H!TUE-+^FUlt*qwp{%G0);RD1weP2O~=(jCv_;iPxyXqW%`wzG#5tS6Njvtt#Td z_p`d|)u5J8YPEJwuH#vO;Kul&8az^{4up5CxS9uSIYnw+d$#ti+X0l8Ht}6?x8mpn zgnlLU6PY!swIEq-`DyOSqkivI-#)F{lZ;S_U@~*Fu50EKq~%U?8$FVqHEL5+ow+S? z#~bqihV2&P9u=;m0d*pbiAxCm)0ttse?>8h@YO8hBD67#JtHC_x~79kxl*?)()@c2 zB#fmJv&AEh%{swkE4lp;P{+$eU618wAF?aei-gsi=bjC0|bqG7PMK{zAw zosz&73Pk+q`4FCw`f2UC<&iZuC14hOkwzS%EhO9mN-}iAcJCZms9E0T^m%r@K_z&#D|nRNm9dIkpchY`|HK|}f(0-;PScwo z?8OQV$jH~MY6J8qoz~H+Er~L_RY4ccrA8# zV=eXM7=Mw;Kf2b@AhM#*SkAvNg2}I4$j)^9tU+(CGT9;HyF9ty5af$H`6;`7CtURu zM%umBpKEl9e9!0f?~$~Zh#HkSjUN|Dx1}aI_Z5CovzFOp)8evZIzEWNb6rWb7(4k| zNHeT*SLE1c7dpZcF+gv+SRjI9wd7YgvmBhaX3IUs>A^f{E@-Rrt-?~{BNOuOjZEd) zeHH~!5939*`)A5@N(t0!g@QCMnFeC zO>PP3g3K>(dRo=U@;L?GY(r(7$6P2O26eedfgZgY4h!FqM| zJx#4KX?MNI_(bQKmDE%Ns+I7gB;wj&MFZRTOYr!^x+mVF@a1G5{QBr(;k52OZrN(4 z|29kUUF&yxCyPzP{^u@Bt(76ztgb0P~y@}*4ox_4CF>%xT=SWX4Y((Ve{KX5-IuYCtY zC4I-5d^8J3ZRBfRrffGFGzrtLC^j}#J(ngL`T6BwojdC_<$~D7mW~jmaUiVoGhAd0 z^paVSaC6hi_Aoa9LUJu94}+G#cSUTPXl?kBQXiJo1D~U8L%V>%kXg;%DNjn`F46w@_o`44ef=Fc>L0nfwbhB>3%MK`N|}>X+ROIt!n9d zb4|udR$KLg1r^4X8s}&}%%D$IQMqrrxte_Nba!n@j>#EiBe>;T)f9}lcS*SYW||ikah%0Pp@rEeAWEyW}Oap zQ-}ql$H^(>W{V5iyLY(qZ`;rUwfDbefl7z;1Z}m=rrkG>VG+{!X_n9&8I#bt*=IFc z*q&+8l2R((oE}TM(O!&n{_-PFJ(bR*rxSU|lkZ=O5RRTvc(qv_thUT7FijG{BI6M| zTT}+G<76+;%ocagDo-$@hM;Oz|as-YWc7|)q7?pKK_BP(GD;%0&TlS~_BOZkfrS{r%Rhr+Iz>ljSA3Cgky2%64u=N-pc5m3$d|O+IxBNg z<%RW`kr^wOLmjt^OAQwHCSc`;gP!x#^JcHeSaRbI{`}byAfKIu)fs{;E4QAf%s$9F zJXrpEH>u`d79#Pi2+FnxO)*?tiTU$&&Q&Km%`v%2QgcbnUi~963aIy9^w@e(CrQc9 z@Z^aYXcjlVTrgEGzSlrN?>5DEAtdxvCjVyV^W0(&_F|EX1x!l>g@M|3J3_ ztjK1Tz5*}Bz9{xTm*jx8`9%Fq;X0#VH~tr|(!BwCIr?{{;P4I(TRn+^wqsUe6FdGD z`Kc@l&`Z30^x$7PeqmF>m_QqJ;QNaxG^F|@V z<>>DVWIhDwP-HGO!glug*)Ue*c#` zhxjs90)|g|U~eGM_SHN0*cWqgaT%!~%;BeI)N^|_;+(^fv$?{z7DzenRX?=?*zMw)`UMF%$oQLWzufXfBmhD)ef`d>3jbd? z4p%&|b*|9^33Xjv)Nj3D_)iGu0Q3$Vp+%F!mB&Rf!05T54ixHMd2+x@+u+fwNobP2 zdo$|t^a_LG}h&rHN4+V8HK zXb`|ggYzK$nE>ruv*#6|sE{r?1 zH^i^zL=ilnGXP-9j_m$%Rc&wsqKxG{ApQ8)JzvfLt6VCY&cp46bY50H!=GIPLk)h11 z$izOU7{3J~+?L2-=rBpLcrY#Bxenjn6Z^272sQ36>-rY1*5)H^IXOADRfmov&KV-W zF%10TPs?(#f;`Q^$mvE%u;3@q^zna)2LTx48{t_#5&Yq<@_FcL$jo%hK>Iyg9~h0{Ushe|T#~ zO;#oX`Z%o;T^B8_!3A^MpFgGx9J)X9aCBAMI04|U&*ovH%j7cZ_*u3UC6iQMo?>x2 z0x}BANrn&Rqx%3$2nD(?Ct)i1+>0kv`8%s(hAm%A8%i9f%ZHMZb6jyO&ysjHL(J78 zEMakA)oHW0-)ob;RQZhb&VpD16(Rv6Wo_`hml#C*@|1r_HNhDvXdyf9a@7$ocVG`F z-~yQA$PajUMV@*t!w%zi>vmreL+LjGwTe;~{{Rp0a0D$3zfAtGD$xHHfW%Y!WT`7+ z4&V>qE((X(-~#v;JNwsu%|rn2{4k>D!SA==UQrP6Y+iQAxm4u`iY-&uH8nM79k(|N z0*j1xlaeipt3-gg6V=fGS{=(8i*gC(o@VI$uIC>%8Dl+{3-g-BtgF;Y zI`OWL!6E?w)6KhDGt}oUPsJSaYRwg91rT?bBx#*Wh6OUT3Q0- z&p2+!A2uULAi@q>EeT|}j&?^Z;e-d<&2*yh(hC2M>}?pbYa1V4>c7Jk8-OoQPry-< zsO#liF)~P407y1-fA{qLzi#0oYOm1&k>{5hO}JA0eGcJHSQ>M3JDTE(P`#lFq%rz# z#d2`e>i6jpJfmQt`5_hOW4H|eU7s+rg=gzH^BgV@udBP+p~XzsEKj6X@&;(HzGygN z0M6z+S=_V(SZ!P*HMEKh$Z|4I2-bqJ+IW9U3O zWoM2y4`}eteC7fC?BZX(Na1OQmVNd!kpCv=-iIs;kOP7LZ$=3CC|C7krcH*$31Op*!lvg;(_Zb*})EjY*W_eaS%l z+xBdnf#Odr*@{KP6;+Lh8L;t)$pcsY;*T6QFuu)wbI0o@Wc|G-d_6CooXl+>HIu763X;NBqS z?sMYHRiHn3^X7rVP)PXWWf`uEg#8FZ{<9&cDR=0E4GZ9axPU-bk05aOOvii*PvEz# zE?oye#o*d#)SWBJ;D#7LvBF1(t2UWNVd>#SF$ddKQRfH9IDvWP?G+_Z40t`&N^^6g zi=4QmF8|1l2oFH@3NGCu+!^rk)=_lorP=K=vHG#7x- zKXd#W{$X3tR{)gehL;BQ73l>840Kd=wAd*B+pPbvt1bbs&X{P0a#y4ms7eCW+{zN8 z-+Ha^>G6CFYqaAT#r`7__yhlvPXZVg20<)4fBWjsztHmr$cQ)}b?{!%MhHV;&ENl1 zfPWRj{|^;_9ZQ<&GJZs56Oxk+d;?o;0LA!zj^yCra5|Mva47_Uf!3Z9NXaq%v@R&9 zLNpSMD|jZnQywRWlW-&(73V;h0zGkHz~N=y4&(bh!~nYA42GvC(1jyGRk6H~i38{S zBoT}D_UL^FC&{3sBXlm^g(mAhect1*Fns}|nMR?28Z$5uj~dU>&lQ83WEj7)vLc@- z77Rz>(t*%0hn2ecg0AZmq2q~|K%tf_6}A=~ANl#3gNV5Tj9>l)2ztcyeRS})3-+4d zgpbL&>hRz10)RX**sG;~O&6dV_Z0JYLX_|}x+&yubs1dX2{Zq7KT#8g7OfY`4JP-B zrt|H^rCte>BNLN|H-4nIk3Jh48Xb&+qB_ku&Iod@*#0&zBGLq)ybkR%4=)(={xD(i z39Kh~*V^=5#Nc35RMaiMb$I4g(M;7};XHMesxS8Itq z`{Fyi(Ir-g?cXDEqL(mtc4LV20tYbSgr5(^&*=03uA*B{9{5(HUIHb0QVNchiwl_E zcn>b&u;5Dgn_1)q$LsAaJc{^;jwT=kg=O-bpZ$h09zYh6BjP!f#L+Fzb zFp02INtWphU9Y3=mOhD_k#)d0Veu=REBqI=l9Wo zAYox*%FFR9X4(jzet^%WeWCd7?*-va`l|q?fs86V6z=igUx)pNJG8K)A-+;na5UsH z2>*Eg5fG`XN;kv(3hRF+{pCYC?C8w>hyQX8?RRSa_X6;2_A|@4{0)D5H2yP9(4qr_ zw(DHXvtnjU5PUD?Nek<7+|nDmKrAyq^5l3gF+|A4!V&9CH2G{Sy4mArQ1FF8{{#_0 zbv$TcwfYnFFLc9S?k^D}z?g#CaMd&%bw?K%zi$-xUnl*Am!2?G-p7dim;L@S^3M%@ zhjoS~qn)mL=HWUFm43|d>%70s4x|$6KqTgDy>Ro&D1*Hxq2A_-=bI3bs$s|N{#OD> z$p1Ndng0q@o)s0o-mCHc9Q{LLd*_nzN=rX|O{{}WEZ2Qk&kq-Irw%R}_kRSAK?<-i zv5-LgVs?|3U-$8r1B-#8XbcaB%hSx@n+7X|-!&xea`)aE+bf>W(?J=Xb<~OwSNdnF z3ns7*2bPGwK!3q~L6|m2sQt!#34vWmCNkZ3Z$&bZ-|;tQZ|r}!%aWPTI7P}JRb)7p zz(E>3?2y1PIWkEgUt`P93AG9|U?2rc@VU9u8cD+u6oThHpi#m(7ukw%Av{SS09@<+ z=HT4ma2bhaV@48EI!G-N_S6=j%`Ld<;w}fg0=D)BqI63;3>gWcNAy8Op zeQl;gd;E{8TwF5~2)I@8!Lb*klqE*yd+3R7C-ptHE15k`2sycx7^6P#n*-Xw^3i=n zQ^#`$2P3l*vr86`BGISCpPukJ@0hGkRC4V>#|VLDAB$mI*a?U2Ok;Z1^%YUD;GP^s zIrX;ZBNVK=zBh3nK5-kptpG2?PcQ;dZDvIC^kM?({YJP=AtjkBPrzDv+;J(LC>;8F zFj`y1ZSSNp-(jmEYTrx~I;G*X82)Z~YTB3D zv^gU=6wdxjln@_c)VPqu~5L4wU<{sc`^C!JF}<{Q?XQ5>5)ee#RjCujS$ zLi*23&zO5}z%%#N0GL){BS$Y_Nf>xN4(7;11%D&X=J0k2BMGZP3ABjalFtSL#?Pe3_CU6dCnWwR~85WXO;Dc3@_N2TtkN0KY7 z9%m<^v(QdL(>0otLEr@nrfNlmdcYa_>b=oP_C&Z9P*K?N7*wX9#0wd4-3Fm#Wo*iZ zh8s8}x8)^Yf*bo7rsZCdw-Q<+{*&Ge?{*`O=7Gfkzsf;QF_(xZ?OOsp5juFe=ng(d zE@;#fPK&XJw_;4QP1U}%Gu84FFlrMirO5?)dwcUIM1XJ0RGL~&)d)mIN6#7y9cx&O zm$6vY94@!MqM-=f67Q03dA!5U7ArBs}2|}o_PEuLKTcgPpw)Z zkE1z?@1@G62g?uyw_Y=KBV8-&+1>mmBhk`9vzxze<6<#6K|lg7Y1%ur?CI|fLFqdh zZ4nka@0DR{%JVo~sfxzqu3Sou-b&``bFlryYA8*wTg9DQv7D)1YNd0s6*^zE> z95l|T!V@QvGwl5=Mb#1m7CYVy_J~0#>3x=Bic+R!Rc@$|%4IcPcHrZ2;Ny6@J2V>u z>UwvJQhdj}cItEuLYZ?oUJg3um>bM{)BoG+fnc^F4e0BFr7g%V#ZxKBy;g<>g|XdT zacuWh8SmU`H{xoZ+uUVI%4Z}lTo(^YU+J?l@rvt{GskW2Z^~T#*lodh)kuS+ltmy8{{!vM_&K2A3oj8`q|q0jL_Mv(2JHJ z(#>Im;3f^@*l?6IX#uvFwX})enp3EC3%2{l8%c?fT%AfztFmctSD%8fA6w?WeJ~iv zRJqnWkp3)rrl6gX|d435WwtPt-s1*vW z-z$wLCKswWm&_g;zx}j@?*@p-@K~D9t$KG*%cXjXnSUtz@x9MnZ?3tTwyoG_1JU*J#W-%jq151N*~aS-FVFfM zZZASgY<|>vcCFMm)wmtce4~yJuy-}Ckb7QaAGQ#1hwTMm)@_$kBE_RztlO_)^W$XH zF7>6gI1K3wL1$@N_hn)~F1NC9K-kGCf+@mVg0nqF})zlWe_OLA@+xYA9ahp#JXiK)y*&(i+)H)&6o;UNfj$fKaQ{ zDzIoN0JZs>ylnA7Q(s)D4;E zRY$BhMu?~%@2_{iQND)%L(Y6NCy&I)Tj1*zo_VqCfbA>)Ld_6Kn|1< ztfuQkRbo9whE72Llhe1vd?@!I@BAolxEy4>`F@K+o7HJ=#CRJ=omXz>XeDo5G40F4 zr3K5Nr% zn>kMRda+!+NEiK9%74wa|IWaE^urp;6I~xJvN%DBV$6nykE~FTQHPb)NZzs)Njg?f z1$rMEP(sg_x&0cM@Pb(d5Ds>fp@I@~0*4E*LT3ek=v7H@B(2J_wj1sw$69(>Tt+@ESOD3;`te{ zL~G@d4N*?onNlk~GP;r!-=L1ueE8wGlKw_4WbzwCNoJ__cw&8PovCW0p0P9Kn8qYR zdP_b3g&54MOieRDb0bFO&G!N2S@#{2=4#&{a#TMyQa9@7PQfs@iVk z5jta;O0n9S`{rdvHKn9LAIOm-#rv8Ky1)sDpzA10HKz^o<+#-2xYU)a1n(i;-Jwsk zDQAPZI?+S%T-Lg->n>CN&CS?n%X9+qBA}&mJYkuYj0^e1Unu_Wfkb{{seN9YaVhh+ z8NK=W`%uA1APWs27AQS@>BF)?Plxw#0mS5bPY@~J;2osQ2MNkug=K+juT7Q?l^0=3 zD34~4LfWgik%6-&{WTSDjrMx2-!U1Rk?h$-?MZvBJc&E5S*TzUJ9NuZl) z%9W4DDKnK83bw8Uj6C1UDZu*fmT0h>Ok%~38}RMvth_FWk4$A~3ME6IZ6pvYf*>k% zHIYFNpGvr=+D$qwI^0pSr9>xW>^PP-c-o?u`bwROiqt;}{5qQ5RM8c1bWq@B9sKcN zspGxUTGI0!`SUQ8ncglNnxY8lC}UPxD&$U}ig?($8Vop?GLS@7y#U;^j_~cK909zI!|EAdn)1`24h|`fi`$MhL3JGlR3^OJ6=RFEMm?{g zY%MQ6YPGj8ℑ^%gDhiSe6;7_3(hXGXc(!Amr1dp<1$~gC1p0>&d%-$7s*%vwG=I zz|fW_a~cxVC@T?>I?EpKadub+i`WdrWd@ia=Of1PommgonOvvQ4?_}D;xwwA9cpkj zd1s13LxZFy3XSD;IdUGO#e~z+D1Wr*?MYcG>jJ=mSYO1MQHy6UyIs9-ZoJ<0`a$_} z<@5N-G~=Zau1=Fu91(gXi+uDqUnyo$4J_7tzck2P|A=}#$W^oN#dLQXJ@2{bFwxzE zVm-%0`UeE)h3`n&Lcg;n_i!Fh3J6p~JPy0#%vAR6A%+eNIx451laytQ;`k3=K8MCqw`MbfU~yNqmFBE zqQUE#umYoBd;LXksqf^8nh;yg9-W$6czCUysZcjhPOdv;yFr6E$1C+`BJFDv>!<`r}hh_3jZTLE@$$reP!J)fk_{HvQzyQ2N2&*;iE)0X6c#hM9W;=40UT2AflHhj@cojkPYQ?^iKCc*97(Mg zC%x|0AUs-QIRCxRSsha^T1G-%OeEJKwX|xUVQFmY46K{D?!I5S1T*JD%H{EAJ84ec zYWa3y6=MONegUDwpN%WN>O$O3pvhTXcy`ElP|zYvkl z&dx4@;*Yh-7W@46{()ce)`wZ8rCt;B zU0*Pu9A0%puQc{LE`W*LAbWtA$SB5jG^J zNS0EUDQ|IewgufXsYrVVuLQC_DY8Oes*qjlvcKl4N)+xKqGdHwT&1d8iW)coLMuff zbEI(F`VcQ$yUkbo0XvI$-s7-cFL%)>OzdK136^2$Hvq@fEDuV7SF8U@VY-hn=awEZ zS-gypAm^tpy-%I5d3PTbm$0T9DLQYC%N}j^d}HSvLBiK8;H%x$stw2Xy3_E`eXlUS z(`Q+`pw&-4Pp2~C>@fbEr^!vW_At7(eCA6G9f6%&v%voNhZ{E*T9i(Eg5AR&K76RE zP30`&|6|-)_F4DWuU}n(xAJHo+C;PuP&-@EA+PA}W~!xV`t;KypVm{C)Q+Ya076E$zfT_FlUWiZ+irn88woCHJqIF=qkLqY)Q8+Kc@=j{SpS%e2e_z?b5yn8Rx}=bjMX ziGJFrfn!mfnz2-Ff4FSnJV!md)P&Bqq8S;Ek(8D>br3k!Y8)IClv;a~Rom7eM#rG% zEKslFaTw|GN!NKP%i!~(-E)DRYzRmCAP)lx2PGCQB=fT0leuJZmRXYTF<>&5`WmU=UpTF zLnAD6wPnNWxlvhehx?mpz!Cj6;dZbZuk((q4Ceh<&$sJfjOKuDf6hcGt9TxUQ3;IX z=J24e6z@Nsdt_fS4fLS&;R@T~OZ+_Y6DiYecW9(NSGhf30b9>H<#5;Y(0Y1;azSdW z=HTGq@o?J%)jHf`hy_z*Y1LS#Q2sUEu1s7U@wn=sisotB@IvldZqHg;V$)Ct!!Eh1 zN>5-`r-S%uLf%*Viy!JV;Zq<$Sru|G`CUf6fP7csStVl9u~b-M&9#8GfnLZPU0cud z6sVZDvTpES7%a3<2}J9z2_jSQ&8yt3SWGdf4Q8<%tK40XqB&UdCyUEle}7VN$$PC+ zL3X0TkV*i~u@4x<0X{UV9llUHo6Da~{80?@dl&VXKd9dCkra5DQ^=Z?vk9KYCZVT?-7aWVz&Y7wVi(;^1U(Dwf*ONX4wvu`ukFu| z99U6MQZ|UXKw?T^tgH&VGP zu8L9V^SZ1UQrkbhp$`X6U-ZcCu>huZsAe|g%`bUKVbEv|$!F2pewFXv(q+aGq;O%R< z#GlneXw_w9Wp{=E2lHcXe86Q(ZfBV}_t8;YINL4oxjI()45!%W+@{CkX8XwD{>Y?g zgy2fug{u!hFtr|2cVghC{gj+`Pwu0ujZ-8n^}z-&#zuo|nG?}Nn%~cJnQBq-U zcJc6FF^z{hfX_Rz4=Af%hK7}=`4ag~~ zk$Zi=Wo&G${L};;!sjG@Dr`$E#CAQ7{u7B_xj!}h%3>%>JsZA@*cBEGn??6U*Htfd z&Vi94Yn`31AdH7H!WJI~1OyO^CWVF5RCEe#jrv^Ou$?BZoeDXa3R$7v@BpGEt%Uh8 zxxhkbDr`l}dD(|%PnX(;sbb++3ie}{=HuGU+ew#hR4DyiR)NT=#wClB?qF9?>JpN1 zF)2{&HRO6auFBOovK0El-ez-bEviggMd_v#*+FgI)6~Pwk1B8zbzaYs$>@`%?ZVb7 zGxK*H=E+%_XTE;&Fu#n8Y4pBenbCi2?^~Xg^rGv>YC9$EqMq^MSRqeAnqYQ6vzWNJ zX4lHV;XDx0jK=Tko2nPvx{7oMj=Wp+0H8vzq3@f6xt0TFPwJ14px~uWM9Z0A2iz@svCqgf z5ox7%ej1zQjFgVOi|P&1{J%$3oW-g`->5M2{}e7n$G{^x*8pb@qORA^+=RvAR$bF@ zZhbpsD*2x9c|f(=VAM@9w1xUmCKp+Y>*o!z;=*tR#FjESILm@l=ED}=_~%VwGe4NU z&bh)P)?)4iGAU6`Od_@uqE5Lbv`jw-6pj)la!^i|;ML=wW3$3m7%t*-aJg*J75zeQ zL~lQ2BMNp-6lPDB3vIs=x?AS7sQu1QXS-fy#f2~;h#GnC=iT+gEP4Ly1jcVcj<;>t zx!M&`_+#fj-tquSQs&jGSKQA(*~AixxPFf`S#d!L($>~iyat!wZbl{5DDMl0m{KmM z5Byrzq5Gm51R|dYpTGH1CYCo;f2v97a8*dw8U(#N-us+fooJ4^`6><=@%BJK?`;Ej zspF*3)_XA{=i{;vXx`62r8DwHNTvI)$OSuZpi0-E{pvoW5HDF9LL=KI+OJZz(`Dqa zP`=s>dd0e3tl_=iH@|NQZbA%>5S&ooi|*6p3`7SA|Hdrt_wdG_>a za&B%eu|UH7NR?2<7@oC+HM}F*`KRp9-{wvAS>RP&qK*4?u_-l1fxCCtHptA}oUv+g zcD7-0|Cb8;AD(C!7@fv&P1dhV>V47cyY#V1O>cdSp&HVHV;hJ6`VnM-C7?4N!7MRr|InqDGWTJUbfM{iy(=y|6>A>S&LQFixQXEtB^EN>9zTv%DrI#=l z>3`fkkg;t58QXJTtrvfC)phYOsx}W;EL0m9|K-MnhuEi^`buiMo5!}U*Lrl~+paz5_+8A0@8AOF7UttDVQv96Z$e~N>S zf(q}5jVX`IK_BxP;YkRow(zddpi9b2d%CUVfAww`O1u@b@| zP$jt1kg!czoG|`-cL8Bc05hQQ%9Qwte@*GU`MttGyr23*E4v&n)p;d4;eHo>x18Sa^0}T1F-Bnf=~D|1I!_*I0gc{1t$4Ih_w14|%7!?_J z7c|{=ai2UKIjf`sp?efB$x(Q-A1sJ1W#{Fw;l?$k_AQifAlx-(NX4`2J3jpW?k*rV zl&p<^hJKn}@SZ}u@`${mLhag{DmJ_`XHp|0`^rrauq0_&*|ZWhLIf9Ya;BtLH6w@{ZlZlAoxxy_C)t%^KNkZde#EL37$*4c7H~VMQ*gQSK`=BYj z9EL}xYWTM>qfe~RihGhuMn^@-6tJ%fB!$AoEW-EYp{7*K49^dn8eDJBO7HLQn<;E? zTkGo5u5YZT#w~1L>$jVA`5js4C7c7n-A}3i+?i8dopurZ3LF;I0Ebabfo`pBeCnR0 zjS*i&ObZGMa77;?*Mifb%I{OKZ?_N&%x=*`^lse)1L2z|$Saa3JkfAp>m4TvEr6S( z5ftU{)3#5@!TSEuRPD-z-8>6gzv;OqOw(05#KkAw%6Alu0M|;>9t_uXy1PGVUWkLG z7zrdAy+=6baCjEpXgo&Wyd?#ys4!j4|A%Boabv%vZl!+$vrQOY8@b-oY*z#a-=?Ij zso#WU*2j!|ELb+Z+^MJ<_XC|l9sGpQ?>YIUYQHlDRySmB81w#YsR{Gpd`o=F{QNo% zZ^I+Z=D*Y7m)CScy#|QlLw}dS z#}5t&X4hXH@$buP4u!`9TI&CBqO{uaq542)~^Hf zj)Kr~;{`YVbdlERe|hvg?OS&n6Fx-+Dx5*urIC<5S&9nYsH)+fk#NDK*~KzF@?%p% z!U;pbr0w5_WeWZC)m%@igPUBr>f-vFWQfjHz*(fFr6n2;LNf5eRFs#VFRpRdtIGG%`;UE)oAXeX5%HThafB(syf9MG_P|Yna%0l2QJ|~mo{W?mhrNKvP zINz^54LC$~ot=4r@R^8?iixrOeA&w9*nJ~Sc8$ZNum2x@(ZxIkQLXl=vj z$<>k)+Mkx~2xU?U8*15ItP+|Zu5j&hnP5BE^gMK;prK*&%ozU)A^XfGn`24Bcl&!P z!!9#0FtMssRs+bz2Eu)JV6Md=632bVz_*{9YS9#g{wXI?t?E_JlGJVO-V^91rWYdNj-u5 zSLHXRrc8I@54Yp#Ygm{&hK6E6rWc=?UuXLL(vr;%0IyZF&l%}}P_+~Q`0a+psvPL= zRctjoRVp0F*VJNSVop~qx?9&wuxgdQrgois7uXQWc8!N8!ULq`OZHNXXyQT6Xn*vi zkgDUbB-`hz+ASwFGhWvXOHhI0p=kC_Z1wA+#GXI~M=Zz#?SEqs%0TocZSy(KNm#oM z43JhJ2VcEnkWB@d%R{XP-GO=Y{e?^w6D-zhwjO4mrPwN7Qv-}bdxywo+wko&1vB{A zW3u*FvVv;RlQ-uF!iNFClnriG!T@ClWChkclhhz|&qTOR*g*yEEBeFlUq_^0>og%u zTH-_wzeC8^R8afzE-FbO;?qd4q{3co;8(RK`=!zM;OnoeqUHEmk!PrQ6{kkr5I1e- zG9w?9OoXlFI#pziGluZ5NPq;SX3a!BS@HhHfP$M~28TOS_?@Bj z^zf1&x1#16lvPo1qs}!Bw0pBB*#WQ&p2=J1?>7;9rfKibsHkX8KnY(3w}TAhz^Xi_ zAqSNjCBeh(7M1-zzWx}#h2l5*eTN&?hsx_Fi(A~}hg?k3@wLRxCM zhwM9&dcs^+`dU1YGcD`Oo16#D%29%=ku8eq-~6^|_C`*fPJoospI{>DMRLOrA8ybC~70)1|ZDWmKf5EpwrTe0;Hv8$j4rnv~oIyShTh zRh6U07j+P;UH8UlE{CRy$FXZxy4`f&EE~yDd<=d|?7-LrJ#? z?#{hbQSqdR4*{ryp1evquFXi3xVxZUBdb_*8w0|KCbkIJo>7`FX$H{mu<=#hl&j7A z1E8KyG$1REu| zK&V#vkSi6PQt{#seF4mjPuSsU@gDG+SjHV}72j)_`)Bh^i<#?lxxSGmrqL^C!dOc! zGs=_R7s5gmDQ`2aOsM(NCC!yv=l@rfSH%BFLB4U|^X$tv^4=m%B&Z(QR45FtF-=S9jUeNKfHwt+ho( ztc#gBPA;?-oY94^sdVZ{BahL19#f-?R3a&&?7?CJl=TdWME8aoCVK zTv;K{D4$DO53YLG6{fYuPuuU8G%t~{AokHsESxEna#O4)V?*;|J!`2<;o|(2vO3=7 zVWxb|*D8V}+naCI``$H$4&#drtGv6H;#gc>nNs^sJEi4|#l9wu(JQxu<{!NPYC~=* zM|aCRwzUXYY-{R#NkXvMmS?SNQ`E7A7On{n<93BnjXkCBP;Vv&C1vW#Q=G9O#M^|L zmToNTtUHU&ER&~~D_L&TjMSTl7`?DFh%9u=W!pIjcFgOClL?qS*(e3Hj3dfRnM<1d zw7i`TeaaBr@(9f7TW!X&V8BB^^M+uWHR8x_`NjR+O|q--E_m(kswmBlT%sNGQMfpY z))!_ih-a?p6mD+q3~Di%=wh!WzKwTl-0Hr=tbS8{cZ_rxPW>9NRdrc zeF#o82s?=4;7s;J`?^ZY_1`dyKN-er12e<~4N5~+|p&&0;$N6mOctgmY$hM+dRj@al< zNKV&1F+b9$D*%HaSsaxSm2bdPV4iAzFLU2pw9UW;g1aOM#Ds3-MCD5zR!Yq(mkQa8 z3a5yzY%g1!_%zaB?i!%ce}-j}D1J7uGQPft&5oKRUM~#n4sof)&8=(#(GzU3 zfrv}b_-WK;Z;HNX8G-l}F%;bLMoK7}xln7Td}?wBMdfci;_lsc&2noG_W|1mdJLO> zyD7S-mEK)O(oEjHQc^i}^P{?857~SoQ-7*?#n-{CI^y^@SuACyi#p4jg@9p^p|(wV zbt4EnpCo}GF%7k~@+w6S&Uop-xM;x1^j10_67hOQ@Yl* z&)k*oX4w3qlw=2v9Fy5gOCM^@M}6>fRg^4`dOskNs{x#|<4uTQR1b@Y zE6r|it$KbO;}JOXbkp?zn9wEMLVe&rF;_}$U0_?9IXZGVoui=WU!q1siT`SOZ%9E( z>8!;3*sMPp!c+{coZ-?`MJkSeZ|0xA|C`vLvx`^t)|PXr+qPXLgO-+-+2O%H)ms%u z6sUvuKJa;nLNeX|(CHB-!Y++2W{Lj8%h9~g0H0*G+Q&Tn$Qu8l%8s2AH0IWOAP-<{ zKJceb60aPX049E>)*p^Ym>op5qB5+0?sN0+QSB*VFrG8~>5hNe1)~W}*di5ab-YCW zZQco(*l<3Z__?z`C<7=AN?pSI{QXy176yvgsCezu12l@R9_@`C419sLR*_5i)cg?( zWs8-MC#nDPd#*wV70_TZCaDUzCjEuDxIdnVdM6?gcukbl97;cOAc&XMZEx;$e0jyN z$~fe@SnA?g5X&Af?K2G*!)L{ zIZDk@P<#yGU7JXDc6Qop1vlQ|vFfAxm?S7c2#d@+;uU|o{+EH1Y-N|A_;1Y)es%M5 z7(uA!zb`n_=f{hH|A{23u#%VU`a8U4df!{C%rT{}udm!uR8*8jU8?Jd^JW>AfEKXb z=X%ia4~h049x#0=+@s0GX{N#ThoM7s45}--rp^D)?r5ww-lc^8OaHqy`NwQHptw_H zKk}F|g5%cn{{te`d-%*CL)qU5h}PTQ0CJuJ;I?i-pfEIMV1_2O+ z+!qLiySq?kJy!Bpiz;Es3l}b!+1qoZO@WAcndAJ2pW%a6SAb;jJ1PBl@-*k74QP5` z4@w-%C4t$IN2|_6b>0CoExf}BdE9sGwZmaakw=2cy9Ps6Xy2X}^pQ9i2ZeL(Q1rwZ zy#@7c^$9YlAs2kD?asr;m6eri??T)yeS(fqIi^Y=poN@yai8rE*B=o8M051{EC1OJ z$3&(6p`nDcKp?d6zc2Vrm;PtB{7)niN>G*Nz6)4hUKY0&--aZ>+raA4(NV^SP3lhG zCDR<-E)RyX5;3s4>20Q0COB?hf00+}vKof48t5)0HlV_oWo_lOu^F08z{rA`GO4`3 zp4Ejde&-IEl5Im6OHiDvNP-p?A~eS{`TJ#=LXS&b&#P}>Fv#jin6zlsPg)M$i0~K- z7HwdjxP+0z*4kCYkdj;3oi}wNHxX%vNwdc_vfiMQn>wk(AG;{#mEC-c?a13>FTY~xTTdGMx z29WSRcImGCW_M3#mFA^xSz!$|A*oB?3tbkB{`$gnPWRZpEZI~JzOJ?Tep<+0X~ea+ zZfIu0Zd2cxzs9}c78PCE-tM3X^?I<+7w-8!fZfKsjW)oI5$Tn9vjXoAjSAuaqDzjI zMgK*Y{6}Q`N1FU!qf7oTGyneuQT?vp{tIyV5C8qcZ~K2Uz~z4sn^(YK1QBEr(a}=2 zOws__y1ly6qpz)^(t}sjKAYk&^hXKYUI{3lJZ(DABZiUUr8X`2$fTpA169ZoQfnI> z8L5WQwzjsOnV!CDJJQn=J~D2L)hVgqRMdPzige*ml8?O5nP;mZ?*uf(X+=zIDM69q zn>TNOCD337U>#7YBsd0TBJU0@i->88(VGZZL=9-@N+>dbFjMF+cX`-f>R{1d>F(+g zRJ#n%m_!(HE&iDgLIvSF?)!H%XI~}|h!-nneq>C@Tjsp151vFQ5gidx=VJnTnlbCl zuvnRuq&!#iZI={C#yfpF859-+>ja4a9dQt#Zkj)V^j2YtKq?DM%fn+e&VM|&BN;Fc zu(sXJcVvffab9n_IfBwd;v!fg2xTy@xgpi3EK8of#xN&T53sM|LdN8-nXt zbLPLk=AT1R7YEB~bmnnjrxd7mOwn$Yi5H9wrWS}g`9XiH2^PR<5eUC0BlBJ0trp06 zRex`ih=$gUfBu*@hb6j#)m^#^m`-~v7mesWUefE zZO3m9W2$4d>JP)E-|bIDT3K2$FNV&82=sJr*@7e}C6f^l5OATjs+ch@`#-$n$QLn( zTI4IW?yy{tJLM|YVgTh=$=I~-wc)C-1$UoPxO$OH)RCIcky(t*49a(vLM=na_{z%4 zG!mm`P|skYC)l2z&c-RbF&rAl(-s=6Gbf|MP}*^Cqkl&%i|nhtk!)H1A>LYZ3g&=u z$Iz}xM-$&I{$g2}bO(RN_eveZJ>u_5>4LS27-b{?*k5!DE8AQZ6h z-hs+oYwus3y&^|}vD%&@HN8Cq=%G&cRrZJ$cWlx&D{P#VJ`n`t?v*sU%aW zI4&A<)?Ipo%Tzbn<5*4TmRvVvCv+&76^ph>^2MONH)Z2pp3?{(;gZ6)|7~I$X?Lev zc|p_EEsP@=+#Y{NqtET31_;4ae&vv+L~cIrS8){_FJe`KQ(Vv7OBvGmF7Gz|;3!J-jNnNsTYtk?KL~15ABkB8swp>EgLto+6M? zRdd+KruQXH%sm&lI@R{(DqIx!_5G!1KC0cmG(&Z(B;Bb~2>zf9q}Epxc~71=k*~8` z@8FI#k7)ZTDz{!g(6iJqjgoD+M#)``zV1b_P*8d(%!GT} z^=8z%??wmnTY(|I*C$*{CtV!_tOqT&NGo2LxM*n&Wu$pt(~6tB%VuabA-rhVUunj* z7*H0P(}gO^=vSbP`t&Y4$8E-5ha!$#GWtY*UeoHHnw6E2DMxZeBksJU`#z?brDJ8z zU?=yB4MTxIt zo+f3$uJ-)FWviL!Hcq#J^EXMrsg}a7IJY&n^}Cg2kVYDP;jF=Uh7}c!$@~5F8}P3g zEI`WjOV9>c8wvPtq%N1Rn6Z{MpZgeGSj!P^Tm~B z%tOlC0QKl|eoAJrY3e>RT-bGQxpwuM`e~QGTm`HteTlZ>DkzsU_R(L#)6=tTAs7XX z6=uQcfkEi2e2vmYM3 zDLi#scNVk@l!BsEg5?u)mIHgq)-_rov_p?^$=VBA1f$__csnS!ecYzpc>}_M#&R9)2w(Y*b0dGw`8Iy9{!=a1~>{C9q*dfz_bISMW_x_SSC8kUT)sBc) z1uh1W^ESRkDv`>uWiyRe5aSqGmM&kii%&$8kWGfR;b#8D-!B1wGg09=WLzQ8sgng5 z)(Za`o3P22_?CDT&3Dg8&rws$03Flv(GLu^>|1t|?77|MpV7{H8Lrr?01dCV7lW!*Ssa(VBHnmE{=uAq z8LDzL;T8s%*&f+!kmtvNV#hS?OOunKeTPX0Br9lm`3lU?x`SFfQxoI-6DC~L%p8We z_!J-H!rKc(lA3LUGNV!92w^51iDE>1n_RdOwj>>*z@#NLEe_5I%H~DPVy`(E=_GxU ziy`CVnN}yT7NI(NeUCv@1@~K9tZ@}*+XjERfT0H;uph%M>7%l?akdp*QOQGT%8Q-xuczVM^rh1qVU0G^^L9THZdyQ>dM|T>PJq!xc9Z6BdHA4EE=Qy2R8kj_ z7KG6>#q{3mv0P5M^-Sd~W3KitMi9qWT%VHcrVXibG3GePECU!9L@1uH5(?pB{~D<6 z?fD(2*}}QO%(URF=BGKzn!5M9z^p8(66b&16N{bXU_OhyA!6!6q@l&9VIp3G%C&h@ zf})TIw96t)r#^}KgG?ClM_Z^>5fzaL?(7t{m9DNXoiAx#&4IYJHR$bBH(9aMmDjwu z9!QER5Vx-sMqt_o5o~;5>tR}OG+^T)W)V2#jMK?g;a4YxNDRuWZbx@+SWT=WJ?2k! zA0;ocaLe13KbK6*G*sRwnu;7@vQS)22fgW9V_ewSdZa=~@|Lt_PQqfu`PQQg zHgsqha}!&CRA^YT5pV8Eu1eYM2&9N|=%`ovGq@B2i zn!isH4BBMrX<$POaE5jfcu$efLCOkr;&90`U9NFsxOe@ui5X9GD4aJa&Ia_e4TH7; z!l)q(aw5u47RvN`9yRXH!fk9esz@{n$PJCEP=0_{Yx2E4)Iw{zUs0u>>)K?Ga~6&H zLufz%$kA19yF% zX3&6V9|(kAW6KK8D!(`fmQ=%p!-O}MuM{Toe&gdE3n63-kJ^{vAuq=j5L1^ z@u8uCS;Os%k#g=%iYc|M=3O%>PnA-GP0jw!a0k4qU>%B2sRp}4eJl&0AJ_18Ce+4~ z!ueF9c3N*J*J|Rfm623MydrcqSnL%7IuOxq%UvA0k>=M>jyNUeAeARCSEFXD?XqDm z*%CV|DX?4G-VJ+D`(=<^E@d0& zFw$m>E?d)ckYdv+i<(@1Hl1Q|l}czNbO$cqe=|b9=dAHpVg>N3L`e!H);KETCWeL+4Fu8lL;heQ{~Hgn9u~G*1Bekp zL2tHnK%zt-f~BcH3!`aJL`nQ}X~$vZ;42xOIH|It=9J+*dWi`~yF@RzU|s)qF^tH& zI8j>79r=k3OAD64@D74h1J!FatbC?OSL0?xVdy|U(oVKp`7;@LC5LLb6Y?1_Y!V(| ztm@?6u^w<>%K!c-^Jd=p*eOZbxCNQX+{P4l(T6Srh;g<;^IWwFjM4%u^%#{0P4I)@ z)q3aii5w{B6_Ftp~u!ZfhHfh%Hwo#pF8h-5 zQ4a*qi_uz}nx@aJQ~IUpqNw^r*rSAYcR(n7bFKZkG)H1<3CGQjS8-LZ+uyDBRdzZA zWxYnWXU{cwS1xSj>#`1&II#{DvhA+ucI=VORdT1#zP}H(;f|tD$jSaxF7FeOQ`F9E zWpqh#6>Ni6Weng}IX>u<1jo!1Ot!CC%JNh>7b+-57t5mZ;Cwa{8wTsJluSjTtiR&F**oNpVphx5Q4H4@P^ zUU@#wSB@Bp)$*aL$1vqyi~(kj`#}C|zQ+_I^@1)GIYDFr5mrWBf+x2KS`?OZBOXpR z=TI!DGl{KT;ktJ1x#Qw+EPw*PhC&1W<>Q6z&m#%Zf+i#@LTXlv#Y|b?41CT@x~22T zft4}Q7SQwr^j>~}Pe&mTQDZlu;MtjLs!iBAJMUW0}4IVa}!+ZY$wfq8dr@<}^)fj;hDhxqPx_7@Of|2c}qVRbSJg(i#?CTpGnVjk+6`Bha zmgkGwGG50C@U|wyLZXyV7mVYZ#d~u`T{VmboZC~3aPpwB zE3*O@O+3cvDM=p!{49inbAhqIg@cA$^m`j4Xo@CMS9&g}k~Z8~G$uS9v_juVs)r~R zvo<4?2r|nNNDS?v6M^a3?yOC_X%LzQ*`c}!wvuD0t!;-=ePQ!z^t}Jv-Q=23j=l0> zy}H$IIwAE=Os`s~xe;7=ePWNn7S??O5^I$9 z$tvbdEhbhITvkRtog|RZ^Mf_UHyN66_Q+a{3pV=zi>XcvqbcwU&F8y@j@sMpDci`E zLT;m$f(As2RDCm(#Tt?qEF{GhIddihBHLi{dBZ)cmc>=FJnkgC?2mBLp|=%G7EELt zY!>HQwCC@(#70Yts#zyR?-ty|CDSL19b?NrYT#h+2bj?0d~NVR(7BzJ&I|=$TU;kL zu1JMF5HqzLsdS(2*07d_Y+|TkE2fb}pZHY-Y2w={F)JIJYl})OB4&`;?8*kk@g~J| zbGk=W-3Tf{ID)#J>G5Q@y!9+fWz51Fn;cT6J70Y^-f6$*IKf*8JXsk1D?FbO3lT)1!f8@ih=BVxw$0DmhXlXsKARX zvAj*0ObTY-5&?aEo%?Wo>$W4FBa)9&!0aub1$!QoDO1meqiW)pAmp-0w@h4go!@Mu z-&|wy>W1yLvJ(U0S|lMzJGy8jl0_p3+JEX0stg;yUOZ3UHwUV0*xVzb%Y{p~x%PGE zXslAVLfwViL5Pu0`;BdPJgO+Ql|>^L+&jG~Wxl zZ8QXCQcgpXQ#HEUenaeiO-9ai=hlY3RVrv=yqHg2mTzpZnmb1?;aK(I=3YOSX%4n` zarO1s$8B*HyoW}&4j$if95awwyv@tueAQ}^yn*#;s}9;Kq)2Bk5?D<<&d%W%2rCRN z=&v`XK4E3VUT6i)#e(cfo^{?m{M7JT$JDlIZ|3J*BNx>7(labHRQd}p!Cll`x4Sjf zX#4Bqn4fOUnNA0-Z)>-4ImxDC`lz%oRAyyx?sS{A9@!!_&FnrLT%eP z`|AUwwaj{kw~_J>`y##)TTMu*5wJ9vO(xEp3hkDqbyRx4KzMe9cE<1X^r9Tdze))U zE^J)(E8qt)S3!hP+i+{WehriSpDID-1NzjWx zt4X8_I9=eeoL1ZZRW|GCudu?JxAC??aXp~V&?y&Cuj9QzcrLc@b#Tanj7r+>s?N92 z9)9@TOw)tZ&!?WUY|D(!*l%RjMGmj^&ogugN73k)z2lUFHYzOpvJIyNQ+$tdu6XB? z3sX@j1JLlLV*^FdmjtR>x;JLg=X<*ZrtLOr;A?C7ruCIu^GDBRyO~!W=8(l62h7UT z(rHu`JrrfODJVmc&iiZ6Mk@PPjY(0{2@6AMlMw5M1~G~io`%Gf?1I+E8MAPWz5#*g zGiNllorh5M;8Um3r7fWS-X8><7&q1Cb8!y~uVSdSHGrH$*t1$fL7=da^jjpGp!nu0 z{FW;y`-#<;XfXCI(x)VJ4&wd%HkPeoO@27K&wN+WUVAOj@nCPeT&1X&<}V|o`qMpG zipbLIzTI)I9pr_s$24(2_DiKDP2_Bg=eOh>%S6mKj9@#OdgFfeG2^vhm(HOh z*ngtg;3rYR8~QAOx0S*{9v7l#dc2pE-+FwQey%KAa)m&(0FQU4WTb+d>@W1wpUuPd6Yec}=jh=uY3 zjM#Jan=Sz3j}O(J85&+>^Gu;0Q&u0D1uvy-rNC(0-@SLxFuip*B0~vl9M|!PB!0r0 zG2P0@&+o3}i3!eWY~xZxt5>~)V>rpSs*}x^r&;A=^EK?kQ_{&j6zahg&pU(Jmvn?C zO8pM)nc8d{-P!X5oWR!*rULlVnI{?P{n+$8q_+?-i<*-kU_oN7%pXj^i3!r6r0a`+ z*;DFfdN<`6LaP!vwQL&ioZ_1N>!?t4DS9Ou)?YLLoF0gcVS(VV#8h6KI#p!^Ph z9SN99g4kOo4DBwz+N3-AFwpPVHi)__sk~Q)KP037M$m$*?=V=&$RriyIXDO0Eo&Xq z+INHg38^>7Ekx3t4|ZTYrYzps(+&MT-I=fY8*zDLg3iObP)>F?$rHA2 zjUq?N65~qEk-9r0l|;0y<`}sjk^O`v+BETc>TA{M5IWc#oF|mk)Y1=v^}5PeRY}m_ zQSmt@gHwS(uNs&gOV6wtXEYmj75#J4BAA_6h$*2X)8lr1%4etEh^azq6IdL;0^U~# z-F+hYi%p!H)roT;O}|dMBvrmHh=G)aL~9NUK~J*Oq+O1dLg5kIb@oC+jwX$h1_+M= zadY;`s^nx?j#HyAQe!b99f}Rk(1G{~zL-&`^yqj^kjoM?96xA`d6rOEBg5```2=8L zkD$2Tq{%{9iWpB$ck6)Nz|$KBrfs18CfuEAeGfU9FQy%Y-+0}38n~8F+Ju5Mfk~dM z0aDY|{n$wYH&6i&bPOh#;iN!+J&9%awvmvg&LpPpDxl{TqE_WFJw)rrIfJJtxvhSi zwo;)(8(H`MN}eAwU-K(yw=OXHhIhqnMCg_X`d!)^^pi2~FEbce8u(yxHS6&kEH?Lk z?dvP!qx?QxWW8AKQnonE{hqym-5|ym&C-(S>3gp)5#V?oa=MFH^Z^=G=9vzqT|+ZA zrMvc<0E*W!G})PvxtfEVQS8b)@btKhewNldnNFBay`95oeE3P9x6OP%=X_+gT7fZd z=fw|3;-UoKgNXT)=`=6TJdci^WgSuJmk548K(XR)b9y3C^WovxH{3jPf<-zu=jTCT z+(kAspDiT3u)t5|Wv{ztGWS%P0wKSdu7#fF&hb=zu%qE=v*PT+k50BCh#KZ58niWxk*ejuQd z!5LW?vUUVZZAZg8>yLJFK*oxR^&C&3kt!P?NGH8l)#o`Tg{&r*qKm>9;3tttSBIRp zAVTxKp3%K)1q5el(a*yC&~_v@!rwm+w4!hfeK*n64n2=n8SBdJAQH2%udmR26_;kP z2`N4ph@_LS;RAkSdio z@)MvxNvGWrQT>vif1~!3@txv(7IlrF)^OgakyVdu#k;3S{27H=o+&|<*h&I+@aRc= zi@G#WGpj!3cf<5(Xw3}5R8gV>>4S;u`h_S$)WFgOX3b+>>2o&?TmpOsu^Is^A=*%f z9OK&MqfaF6VoYRyH1v#oDcuqcF(dlfCz$A`+Q!jh#Y#o8G^;$cT(Nu@I2fV`zue*p z3k@~O^1tr8*Vxd|vHb}1li`bVSf+K8AbQ0c4WRkv*C{^Qi;INzyo6@AhEq&>y110u zy`9+`;ztQuJ)Ef;jEztk%c_AFcm}b~QrSchy)H6)OK_E3o|9$}uIXdNX_d&P2e;P~ zRF4=QXgO*>R5(9X&ZYMZdPMaZ4C17|TQ6LEZ=>PE#eMzWz9fL(Tpq)BxS=OXcV09? zrhGuJcv8L4-0V69|A#)KrEiWqYi3$Kz&4eVkqNePKxPFu`lE(ZE#gH)OL}fk0%9=m z6N)2;(2B$f0V9HbyiTGAGYQx%;iCRR!`Y(u;uK=Y72CiweefqGBa;G$J~>E8KdGC$_Dv;ChU%v6xbK}StrDw# z4BXD*J~n5l+wuzvtk%Din(aFa9KDtSong}_j&p(=wPIjBPNK7te)8dMxQJRF30jOb z>Y3ip@=+%#j&2Zz>7EH&eS602w6f0;ou>g`g{?`?Wm9r|V1>2Cu!^vMThcv+|A4?b zB_$>DBVmxmcVR&F0S3ZVHg@i&3S)rvRR*)ItQXjReYUSo%N1^w*XShR}r-r!E; z=@M;SN=f6}5S3mKj*i0(_mbe8t_|tqM&BXY5n!N~eJ2sU^75_^eRbuHEBEf9F1=3c zRrzw?=(MoED%QZo+q(B;paKp{SJz6^3S+LO5l?%F&nF>%5;Pg zB)zwYj2-8CwFzS8SlWZ5R(NAK$6T5gcB1pQP>;AsfQ~NXbsLSXKiuv;ZNG1%5JU+q zQ8dqIL}qj68U?Q7{k3SlU@N8!-HxO|{VkkNSga*O7ezGiy5*XTB}sPxL@#;uq(Sf9IF4g;Bf6^xi?8?>Ba3w2X0*&Roy>a5nFMfFba;V%zp*c=~$;HLx zWoT$h!>Oy7m;c&1INo-gI3f>e(Yb;!DIY7*qo0+K#wZHqwmP`)s6SAk6w}KHalA0& z+3FF4jnHOG7tVdD3n*IKz|c3s&zQk}Ea4>>Si-YS=MSTOr!up%@8Pzcz3Y2I*0iLg zgxA-YgFld5)}oG*j&q*F#_wb)I21$5!=sYp!Jz6KaeJSd3UD$3sWT+eh-d@a*;36Z zmn#9Ug2|3cq2U(KF?}64;UP6SUaG^ve+#QDWaVt^UZ#u&H_Nd+_U{(2O zj2|E-Vz#_r_2lDz`UPWj=o$hJ^tDiXBo#+)#3jX*>WI*qN02=5!qUG(%R3X*+ZBK5 z5*qrGoKZZy;gYj@PSoYEZaMqegu%X$OB1Ry`tpo_w>orXu0vlKlTvLg#HczmgB1 zj@8PCJ#gpdo6p(Us7avVe2PQct?y;WPyIA1-uM37Cypcfzc>rD`qlSWv}nG?*uR!E zK^}cfiZR8sZPJJFiH_!GuDyilTMFoNU3Q?CEKk(W@#BoXKQr7)D_-zW=oy{Y zOX2J0a`e}#$X#N+dYLa=5OqE4gO+356s7KE>}zm^OyovPLw$XF+~?63cx;~9pKVy$ zzfVlye6qUCmX~C87-(n1=1fOy`qy6fZ{v60L3sElu*zc+IcxaT;c2&3Gb?YNGaGV2 zX_Jeb=#buU3v7KV($#&~av zl@91nFRb$-KmZ)F@+Dtq?vl&V-~JqOG}SMV1UEFh>py&w-xd@nH6gzcI1{jIH{6@L z2kXc-#!~*wN0IBjbZRl2O{ZI*1J?eOPT-RX!6Wh(^Y5C>!_xc9XV7DpS5D}ipK<@* zNX|kZWG{kabzf02Ss;h*eEJx1kgFm2(Yq>fbR(#yN1R4(uA&AG#(oh8JrMaSna&0D zAcA&r+r?^IBaUhDm)vAM7ZPhNAR$sM1KA08J1WbsoI!+KdI&@@Ejj~X0zuQ=oEN?h zw33JzAg->C4)Sn&^%G2R#izEEtw6{|TlOi92jZsdg98?s!YuTCpf;7o{q_4ol z3dj1?qCLUaTTjIQ64@uvfyw%Ys@&rJ1co*J9!fPW(+RgZx)m2F9__bJ^wqX0>;pkx z0dwP80HORm3NXY&(=vsC@2!4%M~2!BFjle8Au1Z-v#yC$WE_EHP$ipcAYlCbv-3hlaoA5F6$H(=xoMzo0uaJ-P4f2&I-TL-pXlUr1 zOj_E_8D=LDSXn44T^!ZLm}8n`eKUT`?ESe>XI82?nvnrvS8WESC2# z#}#o&XQjQgQcxn%Vd5ppk6r*kJbt4EGQFe9=aG)_z>TA1-uH z7Fx&vnNei=VexE3WK*3Q!4HDjVYSNU=h+(<6lB>Om%UX67iQcA2DUkpZ!zj zzB5{yj=Uj`#luZ~p_SPW`dnWMuxam#Oi4SfbD%x_CuertTB0bn(It)(%j7e_mL);H zZBiL-ncu_7AZRhSrXlMz~7>q0aFXtxame+m?d;j|~(z&Y@0ZV)kl`ozI zlI-OhDk>*3g7{l=Sa}97D9RIW`JO;mOa5^6tI_F19=du-tm~w{rUcDhc{(Fhpy!7z z%>s=GhwnYH^mYjs@qT1^95hGySTruT$GhADU46?3N7_@~AB@T$$*FSseE+p?8^yp^hP36MzxR7eN|x@ z0Zx3U$C;iCEJ+fJYRz_KF#vQx>zK^Pi9jxI7#`bSoJ0h(d0&l_Q_TzJ27Y+Ly@m^$ zBh4nc2rR@=lp2L$j5U++Cav7n#1Z^((e~>~HyHcbVDLg2s~Zb8cIFLlwIM1J-~h_d zgFU=|)<&RpDEP|L7o2($gWoaYGxmC+^dasuw+#|K7-D ziQ(plLrKMkva#eF^Y={ekT#v0nIF;tm>k(l(X zW#GszgM|T;NB8b^6puU?&OBRPYIHNywAsR=G~?ml1b}>PORqX+H==8g(j+d6JohI| z+Gf4v5DdhV8J+q?{#&^BEV};}Wp5c3Ww^Z$(+pArC|v^rN;gWEfV4q(cT0DJq#|7s z(j8JmE8X24(k%`DXTbA&KfGVgS&PM53=_}X&%XD*_O-9Q@3s4@{FC10Q~-XyO7ckI-NiYH67fLR)Z-qiVH8zsu zb}zWL-W-(F5xsJ=OyqcYc?{h6i=*uHHKX=bGPu?b?!aNQoIT9;8?%m><%UFWZBS4N8mPO06{_1HY z8;Yt$n6B$5@jKvQdmAB;sz?yAR>EL5a93rLjKu zW#Phu(w1D&mpPY*8FAasKyMQPm;II-&7Fxn-0mKjR5g6?Mev1K2+BL1Y^v4(=u#<>>teZsq$hID!eX zxrP4=jKZIBT1XjluSuu=SUyGNep2|D^TL=f`=Gv7RQQk-O3`-obZRxjU=>chICh}V zb{*-Xu8OMai#KoH*q?03QB?U0A=&8~8|VBD0o=slT*B7}tC8?QM|mgK8~*5}zXl6G zU+rGYXyF44^da3|M51&A&{(n@G|JveV1cRS81~HXe!#xD(<)h7{-*HFlJ5tNDmLut zW$}RT{CjL@t&IdM5mkj0CV4B6Llhx@w`OK$zZTXh1$zeu zCJPn)_nVUYcKHBT6OgJ*`T8te)jpw>RfaR`Y&?J(2zaTM z9Z6O8G44fwMbZ?lGJolMAm3#6c`J2}w}=F0NdXFg13R2P>Y)b-p9TOD077zc%B}(c zp5wo7tyHOSKLr2*0u+x{R00VEJFKMg%xsdhJ`MCIopK%7w8*t4vfjRK(vFnvss;Df9i0kTR=9cBTfSeqcZ5q` zV7C)s?%I36F#yxyV%yq8>i{CBNyU3I(4JK9{mID*SD|8w0U&CIeZUJ`#mbT4U7bwT zleNJl29)l_4yYLLcmM>*^!1WHKYL^&0qPM$Yf7a9-h=gxy(SR`P0qvRC4hx>-VT3| zRSfzw(6iUArWY==^?0Y>r6O>>0?u;xgF1P%VX?zU7}B>g|>Imd_N( zZyw;w5tR=c&UKH=ut^>4)&ibHL>N;W=3;-aZsa~X;aC1};- zXN4=kA(7^EYJUy|sc7LK#7O#Jk=9w2Y-9f5XV0G1{kD36xI%yOxe7yPGD{QmTh}SH zy=a|MAz&?F3e#xX3iKr@KAz5TXQGgAh3kKsqI(+;X zWU=#%@#2BeT9E}}ehNv8&e1Nz?U!Xc*i8s|?K^AE!OEq;)~RjeYZ*h2!v+uAwa=f! zma$?QH+KXa+A2fD9|z$#c}~S3nfxUeY7Y?)b9&u6Ml;4KfiYF4 zC$=ZRJhqeg7;`8;BeA~hA9i{QFZmTfo-hap+pR6iK+a+H+f2uJmtoJKJLLf^;38}v zuwC~^!5#mzj*l>&P>c}uCnw2o--tH)2T$}1mN*kaH~^Nv&7_Ti_?PMO?oc}yNXK<+ zgodnXBxK0%CExg{a7bKoGQ-))$aTN_jN{ac)v{Y#x zACbfXnKX^R$#AS4l$=GCE)&_(LI_4 zjG8$`0tL?wm|~Qwm#IO04jCRGK$LLVYUjmxG|fMw681m?z%q+>+#}n%xU_x` zJW>*;S>_^990wXnVhs>dqYsh3JFfWoawH%9WKF5&&P+3Ezx$wuY3O`p`@qe}5;HMuZ)qzb?814ZOH*}u$+9#>eW`)S}6Z6y{8l`Gpz<9-*0TLfgJc34O5(OE2=spGbPd&l zeTWnxLJtJG*u<)5O=ZT=lj`zzwhGDy^OICdGu1#gPsdH%2z^zqq)G=o_>ras6AEz1 zlXw`NaRZiQ4^VF$RNE1k?=(5kyf}MWwRa<-j|tm|lo+t(fscp}P=H&8Sd16Yz=-5s z+O|(_3g3ib#4@N84M$xmZM3aa&R!dB(Bbm(a-=|sp+6DwI;Jw!RR!>S-C`{b6tZc2 ztEn*O2K%Z4z!J^0f2n)?`#B46tFWvzm`nJo^i-K(m-yVL33s{3Y=BC5_-EyefAs^{ zX@DVbg0~xZPvJu{0mPm0+Z5P2abLgU)&aO%BOGOT8u+^kpk{_`Bk}p+LxzrzkE=k% z+Kp~suKt^%9BSZ4U=Kgyocw+mL5do8vBMu88A3;<*D zfhi>#9CzYo#fbScV&mf82jEkwgbacIRsp_wB<~${cUKpfH0z)HiH8$&;H|St(cqZ? z+zPBfn{&vmZ^R^G zO6?x%z2BZI$_08Cd0ht)tK@76N54dC_2tphvMxCCa#X4$#wsFvOd9efzjy5I^aPsn zUQ45Lc{-k*zSpV&ZFZ22F%~^}@SvhT-qTjCU9xR7aBR=C0Z08cJ-t*Y{k4O{6Lj?I z7npvWNp$dsel9Ew3^FiRj*N`_zS+x@NxJ>@Bl9A>0`4kSV#Z|eT{C=J|6XX`mC=8P zKz$c&ZcEH&v7VW1dofy_i^D(%HSV#~r~80vmP9Cv zudK{sRcPG@3M1sX#-?yP?0$ra72R_=RIc;<&>L{TDN6QPfADfb2xL1t@m#?+ z(h*e{OrCA##ANyxSHP}5bt-l~k2SP}o|{gdW8^21e`G0a%)-^Qa-l*@0-S{Tm^$;`|ooW~7& zivpXZJqqC+OcyF`%+ji}e}g{KH#iRM+}4H!h)n@ba7uoa@JQ`!d%SwG761WEf))U8 zIaaI@uRWxHhA8D{e@Noz^JPO90W_#u(cb#Za2&R+D7(=$lJgIcQHnYt~kqmlI?P5z%g zqYM^zoJI__*=TeF)DNHkD=qv_?-4@byM4rvMDq_<{+A2;pQk;Cv14B|p1EQ_?wSAX zH&_w~R=)vB=zr>@|H~5l8p4Vk>{V0;kJ6P#Ncdm>UXcQ*kXLOc!~feQKV+BBqcH%x zk_l2?6NnZjL@Lp&qXPT_`l__H=tBw!)JbH%AL_qdQBLD}C|5tFQPlR*h)m3S0+U=RM|ch`WqgFC6vCe@bZW@ zkJW(6voI;ha<2AW)5QvUzIJ21Y!c_&dZ#_&VD(==y8xK>+Wl|QQ+#}BYwMD+QXL(D z2OyZ0E(7vt-vCP6y(`Si_0rthovXuIU-nvWlk;<73a{ISE&K966`xF1D23ddEWc;- z6QKAeE*8Z-vvAsGxL?$1q6GK_5N~{PP0zZ};*DlxIzP*vI?tE%`#tLS#p*-x9FT{d z30xW}uaktaXQc!dnLrlz@SN@BcV)MvD(h(}S~)`c2$FF}icM6Uzs@($9(S?}p6b=D zQzD0V@%i%ireJn*EP6582MQRtU_$VVIuE6sK~0D|c1rZhSB8Dua$4n~=QY3QWl1p>wze@A}r`j_h@dZ-c-o8W*M=u-bQ4puu`;6V1 z;%KD)7pmM~Z89M*%|)Y~iSEjs_J--dyVKMZUKbg2@3EJgc7dS?$3VYFH!wGuAxk3S zI5waYc1MIu3Pi32j_M`#0MTX#g=n!!t5Lt-8Of(Mv`MMap;E&-cY~&Kt5(Y z2mLYqj59~2Pu!Ge0x0JI)Vbw?mm;k~VyT#IPVV@(ckOQ5^V^R0mFp`%dMnIk;nkq} z$->cp_dC&_)A4=at+t6vDueFxCfr31;%X0FJX8$6rU>`?p|G2q4oW+_Y6sHK)~}Wc zE@W9SR%oKJs- zAUENp9_x3v*G4_xUaAM6l)3^6!f}>>HAZIUIG~K*4b0?N2UywTy_!X7fc3*5;~i^t z{#5|Ly_VzuJWlFxhRJ^9{F$}_FJ!;CXS^qrX|I<{$ck#O1-q!OsF!UvK3 zr#eRsN7td#uT}iU)NI@4Y|#6rtjcm?NNbqab$UcSG)#lb;(3fvQfZVza-F8vrE|>l zasI&i3{}Ch=E{~O$wzlB_g$<3p|y8*$#V=ejDr0qv*T?sH0H663T*G^Pkk>Jtvh&HjKf=0r13^(0OD5;EGOL<9crRu1<33dKWSSOhY!?C;-&_v<#v zFSiuD>DAOq6x~lY`tbsevL7&UY)f8-z;l+#Gv}32miQ|SY-72>!2#OnQreWDh57OM zoPiQ1iw7bv|1IFcLsMR>WZQT}tAoov4;6`Domw(DpY6SvAERnp#m1EXY)e0J9k#}C z-5~Yn=#eV>kBw0Jiqn)i9I$Df(MD{$g$xy)e-IKu7JGp>XmD zyaDg;g9*bb@cISDb{bYn%}z{5`k!?g-IVr9&cnZu%ae%i2B;{ZL}|DL8h~CB?N={< zBlttiipa-@(M-ZO)1srLT&zw56U^k|IN@dT>A(~SuE1I7r!ULW_?$~h4fz3V7~O^h z?l}rYW3~w;cp_ssP-9`0YxgGbE_`EAe3n7;O%RXLpI-LrEY|m8f`^~+Y#3OYnN(s` zptgG(#rEUzDz{Lu^&Rv-*l3_3SO-8^`9&=xTlb0w*}24 zo5Sw%PkXo|Pd|WO%RLG*D1BA&TA;Sso)A&XSvLG2Ns{o{0`~A7zqgyI*!yP%#5Moi zO^U+zwF(PWKLxNzK)VY``4< z2z_BCe*;`1Tu74`Dbnzh1r835^}FkX^9Drs)s6`J!zB?d(ZMtU8Wt9XI3|spW*(pz zv)^=W-TZ^vkg^TbRydmXF6)!)vNq7~pw+yNKhaH_o#gJabPWLY-eT|! z)=7RvcF(9;t9ZhL8ckkQgffhG3}Xeq-;Zv*AFZmL}6}+*P9p`b^&u+^8!sQ zCW^iQt*_hMfnX+pGep56%{!R?hS`eWCYZS=cMW)B1)y}1>&*aUY!%AGt0%z7S3}@S z+5<9an4XoHgNH|jGD-CHLS}*O6y@SU^SyR_nC&+JkRRvyUm~zg0{FlP7}%sf71#|4 zC==HL6xX?8T2~DORdVm%ec`lO(A=-zVSf4Y<(J=K1Uri&W@h=;h&R?tu~vNvY`i)j ztg{a`7R)D0n8boG&=RzOUcMi|iqxk%@6Wviy2VHCqfnqBbU;G$J_rtF)zhsicAs7x ztu2mG{io8^`95Voa2SIvCLRh9#-nK%YPyeNHmgkw0VURZy3(Jg`wJ35*!#-eWH)#1 zxog*s4US(VBO9(-Nz6yQdQ8IR$4#^GcMiygHJI_W;$EXqY^@3?fqKZbH0nlGg_dlt za&?$T@s8@MIgHwF@6siei>6-&N2a}lq*`>vU}G1LO_Bp}WpOaglP~0n*^W6YrZ=#*P5`JV<7luLcvc_WvZ+*Q*BLk z>+YzSPSOQGo>RDAwI#mZP4^+t_Xo_o!J&n4e)P_YAba&mS^{%RuPNw^T)ugykdo1~ zNVDO?L_zc3CiBysw@#;FXWJW6&Dwj0zrOFk*EoB&z%in0(&7@7d|7<14sYQP2zhO=2{k<5{rSnAz*OQNBDPTdxz_gUZk3A~;mH%yM|`LcZlOB)%*A*5YGdwFrk>^3 zia>`7$Rg;0~MTX1is_)IbiS@jllntxs;(V>1)}E5%=}?+^k@0)CCNV=E z=ViCoMIEhl@><}K4fFgXGnw&pZ1N$se)OtRPUgRTzW+27D{AT+Y^G449^-7em2Wut!UuJp z^G0pcevH*!rUDzSzqd}WomNte{RO#r=rqO)g(Wcd_c_vS;w?wWhu$rs9*}+CXs;}u zt`{;8#6QOndo})rUg#g|qz~xmnEL+u5uzewmp0$2Z^E$=2k0+20aCupl`xj7ggij( z#je+e#8m4GHUXllIwdj=SQN!=w%&1P4QO8+4F=r74!+DA`(kIJ43FSf+pAGRaXXU& zO84L_5zfF#z~QXt=cbKhU>CdkBL?V}0i%mhpJoCxJXCXkXBOjRipUz5)NC{u1n-Fa zBIVfXcLr?$$97RO`LTB%VjZXeM@kLpmp@}r?gF|`s#SZEP}1!LdIG^(avH#mVP4J>(unh54&s7MXbGX`F^~>vc(6! zUMt%Ae1Bfh8(nF=^#lOk-EUiV*ZeNb5AN{XjxSdS!qsg38UrcDl`^tq65<(Jhmic*f7`xhKBFp7wv9^Clax;;* zgNBRF2sxnf>YCFpD>qBI;&~$D!cR3lUFuPOE($?SQGQ1E?BQTPK&%m zT+Z7~I;FS9+0PrJDBKAGO;IQpVLm=hI8MFAx~MHrciCli0@3ZrrD%Jx=vJXDx^2(7 z@g$g#%=24Kung+^$ySct!NW& zjas0o>Zx!#cE;(U$o$&5O+T)SIaiS2y*RHPmZ! z)y8NivYkBFdcMB+`u%Bcat*~8`eam8DK!66C2_Bas?Xh1&pn&_o7krdYW$KxU7O#x zS?+fl>t;0QJ4(O^H+L+R{2j)B8p7Dsh!aN zM#l#;SGm$54JXe|IJcx$eByd>d{fTiGPT>l7^2e-cAGwCI^*tIaXOCzl%P|6ulmeMu}9 zf9Chy7)LCehI!qbQ3z)Du$gEbgfJd0(4mjfuFIHvmga;LP4sfWH$Ptcb0lBl`y57m zE+&S;gr^a2T+3f%!MezXpNg}%9E|11v^d1Fxe)u>qG@L=`J#)GxGejL$RgROfgOQE zLZsZ|3)Ct_2|_FcZw|$nCVc6NH`BefT_JXRUyC!#N*6t8TBuYktAWg<)}E*BhsOkz%{ib~JIIXiL$0Z?k$knNzr`BF49K_}%M zqRcl$f63P_n{9SbVE)3Y*DF8U{dwm_rI@>tMQs2d{s3mqv0F~DGC|uiS)rdqzM&l9 zG_~`^jYoHu8+3k3tYv{ddGe&{oWq6AzZSgkI~vssv6dwS@105&36eZ`VYvnY2Y(yW z#>_=cAUR`~h{L!G7=Y?{bdmbK8_c0?j6KnZO>a0XsGvyaFb=1@z-B-ZABWtofn4Q&~<83?c-(@H9w>hz2hE zZUC)vX3bCP&yz?Yz@xnW?h8u8Ddh|QC9H<22(_JeMFT8K3w=xQmf~K1M>3+CRDu2y&x>UnN$8WyhVVnbeUtb zb>~S>7S=8~jaRQ?j7Swg-zkd~{BV~i@2HbtY{CVKv9Zz5x8QGXH5S8k)Usw z)N^wuze!;3NMrUc-W6C2&3R2Gv0RmQf7sZWKi&SKe(vvou%GEY+#JG!+tJ;~#Av>Z7F9!K<-YTwz*@&}sbb~^S2XH>iidMd?l-RkPSCDYOL;I5p!=OAwBf}>oKdyBdLgPRoR5r<+c zK#yl4*eb6xwx$;^v!uw-11&|#dv$oQl{Lsem_R3pjlRPxcc2!(m`#~Ppeh*S9eN*F zVe!2I8zaBi)5e1(v{V&2t~idMRq#6l2LcTAzlhh4BP98(6NR}QnVm|DLH)|AV*~yD zBMbd~XD&K_Z?Od8+Wk(yKASzgsFms5V0SXK*~;CHEa$kA>?^mPbyVHFj3lPe_Xl6~ zei3W1u$hZZR>2PXse|bH4=BWDWAb&g93#@;9Rgm_BUZ`gdstE>)fA&t!> zL=Y>D$)C-o%}WI>V@O4}sU+%3LrB&N$|D@J4&IgUt_o{N=RF1XP`e=41b{0cO*H#vq?;OQlAm3O;$7$O_ z$~~oLedU9@J3pSAd*XYTsRpwOf~1!I}uE^b&MtST0utyyLI1uGT}TMyKG(SnGb@EquWyg_2o zX9Wcr52WM^`9qN87EpYr0jO3jjIp^CibX|l0HWq~J2hn@_gBR{N47CMlts-*uMv6W zwA2F6)B!u*WIh){3rOPQZ-9ef$Bh!*L|p#%FqGDMqu0V^Rteo5Ma>`*iif}sQ{h8; z?j^GnQkGkrPN415O1)+Zw0c$h*uZGGAygb9By*4j5j~0X`mKl0Bv-&tz_RoCaW9Jn zB=s$p6RXQtf4Wy8hb>nTJPU_gTLU*jaHS4l2r(j`$NgyfT{g1W;pd<#FoA@A2MO`9 zk0L9fe+ZU7>Ri~kg$C;+JJ1O!ybW$KY***{;``Pjz-zadHv85UeDVgFc`*K^FCIo4 z^)4faXaV_%H1Lm)8(59SVYEhc^gm15KbVTpfnTK*HL5}O>OB`AHwcg19(O96by7&G;^K(R{3a8 zyzh9hciv(+c=@P@cRcT!H9x21uM{>6P7M)qcZ9khw`TvozUsfOUOG6V5cso@@{WE^Cm4+^&s*kP zwQ?9_H_!Yr#7Kt-wwxgFC+K^C#Jq#bCORlR#B}Zs?ny{WY`Q(F(fVgPiM-ulPv9#O+7#FjSRd|xPfQvQ_R&5KLr z&HcMC*h}y5PTUDUs9!@4X7r0f%Z8^g!d-j(I-W(6^2#{S$nVo85ZqqPI@<5I(d1|6j3FsU?&t)DX$&6+RuvHLX@6$rM((mIad9PQHE331+@MlMUY1MyA43cv_ z&9ExK&Aga()k|HFez&J%Y>u;NPXl*Qf}{&hCjs`VLxb*<_Mp}HwE9ki-7w6_SNA0A zbx&^~qUnXI5RBY%Ak!ZuuZ9SAzN&Y)-mqrl=e}gtUY_|L=tY3T|L^OCzWv_zMqGbF zXuo=(w>JhjdRlc7Q9B2iLzXL)&g&?RUU`U&kOdK=Z+IG93qoKfYQ^@f6yGtUIqPBVKQ?cY!!Y;dh z5hOeVVgbfXSxSY<);10X~2M^cCu$?qMW~ zm>LLT#swhVgq>ian~Y#ke|GCx46WSA}`3aVD-Yhlg6@<(@N+z&D!o8@t6 zNbR(?wc-18TD4Ff30B8u5Fxd^&-maLT<5HgCsEaS+~;?w$?7828X$nd_ryB~$*u_> ztxq%%XBZM5+O42td5P+HnM|;M0?t^jGV*NuTE9Y#FR}0efi>hr_r;DRJty%odS}__ zQKt~$CPb9u5`%o`jeADJqy4_rxpTQ}f8Qi*-rt=obmQR#U1{EQ z(z1lt=z)A)r&by@D5`D{?Glv&jOANbpYW#;`3JuXZ*0UQHR#|mtaQuzpys3yr1@gYfSigmhTNbONXQAqM||{}M$-fN20=EnwCso-NeY7eVf5(_ek6sHOxW8>u+=%gaI=w0$ek|9T?Fs zx(b>J!C<4n_##=B-$S?&rsH-+zLy~%y!>&6+mc=4{(gDv;8cQc&9|)JQH|~Uiw3;# zL~CWi=A$_lJPuU9Rk=hnUqIRO@3hHG1Fk4nn?;h4qk#B(FncRF2}h3-g5=lAHyMIM zeQKg}AK<_wO5YZyq{M>vb6A~OTnxN$$uXCOW`*{S{Fm$zt4p=0iv%Gw3<5Qx1auPt zxd9@eK*i*yBAsTh8H>15hX~?2@>h0P+C4zY$Ae}RBGQlM5_!VylF9*5Z5&+Y^HKmK zw*hAr6ff@Gpq^vl&|s{v-Jl>&1E)aFH|wyXy6Xhlrrh;y!|&Z(o{)DhB^DPf791@Y zGY6dWssh8OTfk+sjjp8{H6?eZZB0q59{*`gZ|?qa zE=TnAKb}DIN39qZ(+b;3<0`s9u`z4DTSqrnxzd`kF#Ap9E)=0S2yvx1RI9?gowlvs zArFdXohsh9I?Q=u#~Z#d1l{_-c1p`yU%eYYaICMT;yv^JsB!p);CI267$?e|p`ZEg zBG+rFtlyhP3>>0Z+Fv!4KUuZHNE;}d+Urf??3oN^lb1AQHJIQX(5hY7JDN%9y(7drbNnXJ{vmRBs%}oR<{4yRmt0;Pm0sYkRqzw{tXj@chbcYrN}1?ZDQTY@|)4P>$R%cW>p;UmjK!61;>{5zY6^w?qzIg*^3Xbf@rV*y780bhQ(h z%lTIOnV2&UWc+=Qdji^sk5=Wp1hF1nZ<7nnY5Ps1jIerJHtTt^ z{jm3ONmD^2CmbeWr;DA!F_=vyoooSqnuRErKU7M#j%R9|&=T#i&VtY0n}Js<9XdDE zRfCb&Aw4_sb#Mwd#M?Or^`8PKmMpHCCgr zh_nOxho|htfz_c?h0~~Db;gcQ%7^7r7H!6N4xK~@HtGH2ugrDt<$KVbbI8#N^1-Q1 zj31cNc+3?c+$Zuex!Y!a4U6oZN7m0Ab?VeN1RdjN^3L{Fpfl!4sN3Rt@+o-*g~!!OW(OJ zVr;MxFfCHi$!jY*B>lG6a&3}G55)Wcl8YD`Wpz2Ow?C^__+nps5{`=1K>F?}XZ~iS z+p?C>j&s1Q_=`T_pi8NM@{*qD$s|l>$ehUf@>ob!e+u)jxmHj`@k+C2j|FL)w>qX( z1)zfwpo_3;#5su|9r;k77t!{g7(@%S#LDfN1Q-D4aXYyOicZOeR2Hy zIA1R1o%l4dQ@n*3=vwszB_fz_r+TAONlN!N{AB5sQP0zKJvkiaV<7#tRHAfBhA*R8CcIGm~=-UZfU>PF1}nQ)!u-Nx|IO5BJXbQS;DzVfM|7+(o@i&2b0Fn zs9hLQa#PXFv0k})~&#a5xBUO z6=Ea$=}LOj6T>@w$?SP_C){neyn}E&*t-b%u0x<1VNSowqD(8Tz z5KLyWK~wdPjiPWRw3HxS?BmwX323b&>T>T@=}ytd{osqrXNIlY9JdkS@60B1Lh&pI}^xojg!xr5wY ztC;#~*C%xlZV+>THUPL^A7Dnk6f7+H%ov^J^xZ)rnEX!-KGQ7Yt=mtB;Gn9kMK0Ix z#Cv{Vt?T@fyfB%mpqwZ_dT`Yr+8oj}W`LJF(oVp*gpR(!mJg zwR~4`9TUyYBJv^PiNTX(#eRwUK{cUCWzWSOArD34KD8g676h@B))P>!tJq?32T&_! zIdPlU!{{TwF=T-#;=cJ{j=>PQ-yk)#Lg_B!ZJ+)Ri>0$xO;;W^1#R{ycp0tg8^2|K@UrmZ zC3JyXtt0(ZI79w2KaG=GPOY;$_$-hMZM+@K8m)pO-K2!N1N?ns%+bT3f@om`po_A< zLqcpy9P~AuhjX=#K7p#p4AN8n*{q;m@S6oBA(>TAR7p*lx7l`CRIS=PRxt7~1*p>x z`%#BDEhVBaH2k!jUil!d^s@2=g%2I0foY5`##T7t6YT{LqJdd6<>hAqC=}i|<;fIn zN>~899^5D{^%0njmG{Jtg*u_4l9`sJy##2W-1Z$?SL;hTIk$dheW_1?#slIM<8q1O zz%K%0di3Ad(2D1F`#+3gSPFx4YCPMXkN~gX@@?&J&%Sd~Uv-+bNJMP!u{_X`vmbt1+DrrmKM& zEoJ*mwLb~TWnp1zrzcwGUf&{L={qrZQ^<_mGkK%+nN<7cCu~?6O>VhfohKc-VLVEn z(f=aIb7XiI7q+0^?iN!r4s(m{+S+l~AHS&ox+^{3*pAR7w9)ejWi#=bC#@^K=sdDXD>Ils9A5Y>cX0d^?YyTzVed$0@q|&w%<7VKr70W(P zC;EL}&Q;1?K9Gh3!D{F1=CMm-$r9o4@T`VKfU^1OKG)2~m}CqvT=3owvPHF|=^XN} zk6GX7O7W4;Xlk6|o<57;j`#^kR`FK3IEUtgI0jwjD)K$2V*+9j4kE%J4^evK8_P+}bjmzy|u3qma%lbUi&-@Dvd!L%%F7a1PM? z)!4E$zg<14eUhir9)$S=5XB*2+v<4VRx|1}@$1GZ!^f2dEG!dw{y_WGM=uVXfE)sh z0OeM+_uL1>ht^S=;F;euPP+^%j-+(&tLz>(6%P4wI^D!x2=Y2-tJ!6D!w-jdh zk|Yt5n+TmQ1lkcbfJ#h3A5nP3Z~xSnvru5DQ?c9+^QOkSu*`ju+1Q; zEJfLlNL-I>mMbRJJ#za*^{Ef2f46C;Sln4z3{>K<$&&xuuX1}jS2Jv?Xw%bE(53SS zzxcJ2+=N)bVbfObYS4z-)MqP4=4XBioeS z+eZ!7p&T6g1kDeXA9d;=EJM$aLOe$Gz1N%h9D)1UPNxlB?NcIWHH~7kUHs{~DxQ=K z)d9%p-uY#VKBQ-HG!tjWu8-*D3tm@mx4q3= z;O3T!PAyB3>?YH~_cx}s7u}MPn--)T-_}VN3~6D?o~!V7<+c&fDC!z zyeB}L%eb74bGBqbBN~)(aQ$0>uAW+Qi7-=4*8{24{4lM~cFUOb=XlX=X`(`Lfsemr zVOkWw$7y(4LynZTjmwm`2fD2elKp&W?QNh{g< zB)x0&!@|k8i8@A8Hvc)_6>whKDJbDQi=v3 z4x+B2wjANDn^ZB7TqWN=FlGMkt1GDxASnZwA)Rt=hSlr+6QO)W->I!pB_YKi4eyXA z5rI8e*crZU@kt(8w+q>C@z}HxmVXSo@S=a*55gpw%jI+2Uc2jiuvKsf9Lfsbe(jTB znZL;NjH*c#QKp#VzmPFX#*6(gg)e9AN;Gog-hXiA^@jvZtIwS9`d^~ItR#=2_cb7Co1sXQ%i}b4b@?_l7sT7rO*t(~ti3B?VR87`} zl^1O&&s7P6^Ih853pQ+@K(vnH$_ldeZOPy3aD$brg|m@ZCsmrYO9qV3?^b90onE=> zw}SzK3i`%$;-*YB;?g>oh`(C*=CaR#dQIj2IOWsUl&A{Md9{(`@05zs?fxrRDj-~d zqY9{aZbt8KgzpXqNb5A!mDl$G_1K6R*nT8n=@&Guygcj5C1j}2?!;@&<&C;SU!?Q= zJ$(i#28p)ZJij^`LBq+Ne>sAsh-!OUqEEE>^6uOKa|SN5w&`kjT+#^RjjTR7xqlJzGph7dAU$6fz|5dp4#f)kncu^p47AKz&etpD4)*kX zbpd_p6A%+N5&u{(s(rsZTcZF7=mVWkc$KyaS-4|yUCDeVtAU0n&!y>I>$L^;HuwPrw;_Q;r`G{&u)hD^}(-HrNE35~Ot%RB(~}ttDXE-=8cm zSQAOTZyhz5qvB)4;4f^;Y+-FZy2}kKFvR-^fjr+{oITrpmlFWC;NHh{q0zh}h}T3* z2!bgbr6`}F310*%k|vl6x!t5-F_DFcE&s+nU;N;5%V{jxoE)FL{?{)knjx2|VNLG! zg!As)-CEd>SlT|h#-+EM(N-VQl=O`u{4(F=wPMTWK_&4;GdXQv8}QKqg-i+lQ_Ypr zgz?mW{p!EI2?JK#g{Ydn_=B4XncXELk;}U{h2eDfM0!8mvu^|9?b@=c3f(Jsf_b&~ zRn809Sgj}dLcAKMXDajqvjWQo-vb2+Or4bc?lsTf3MJi;!C`|$>*0OFk)G@w9CpZ* z!XBLKfNsk7+d-){9m*DZiYAe->ugviHQ9d|>?jcq38M_hDG3w2*!x`VyJ?3*<$l5) z-$g9iC~w|pvb*0@@>=Wk93)5F)iS9bckaP@A$PgUmx`Q*O)L0Hs(&wXs7R0eb(_W=JnHQ5n5 z{QeUFww`%Fr>}ZT5DOr{b##vdrUuKz^P?U};dNKn3O=n2`WXQ3i3g^XD=oNgk~J^n zf=5QDdSV$o3)UeWS8Fi}vh2+V${7=_{w2tc2fxIEvBrZbvy%Wp*acqm@{RjJBi-ge z9e*wc=_|!Rr7+K5>g|NhS%|1uE{l%5>8O(4c!^f-y&+s$|8V%CPf_>dzz99-UOI9F@8 z@b)4V)|ZTc>*GV%ka@&|w9pDjTmL4K>#_8U?orXOYd}Y6eE!B>Sga3QbnGe}1LbAu z4VDGfmv6P@e+oK%Kr8V}Jp401zrJO8-}*tn%~Y-3J_*6RF!0`q{uE?6;8#um>9fp> zbp|U28bhG>IaI#Ee2@8Z#o|75F+u~YE7x3)JP0k^7au2CkZ?nYYv09HwZA=xEP_+xo4tQ`g&+qCT5CH`qaHOuFA&b7_8F>2MmfX& zAA9c|6jj&kjS7N*WKkqY77zy{=NtsdAPO>M$w&~8oIyb(O3p!YPD30rl5-r=fPmzj z!vNkr;PamMtNT@*bKd`M)vek^O)-1#S*usCPOJOZKpGl#=g#MYJ%2xnNh&2LMeQZ+ zY9*Fg*{uzyPT)Yi!TJ4-t3I(75)#&N)>RLg9sOzB8qn$~=8|8~agU zBaYxH;UY+#c%uRh%{RlpRwz|G%CuEJjBJEX{jCZAtqo#J%LY_6$;#XJM>n3XOH6s4 zMGYqCOAcvK4aC}vIiJj59}~k%ad6z ze}5aXp<9$bU1+S?W^Vf2fb3uBnWgc>i8cm7F;?HBQKU5D5JGzI3P)*wd@jSYy5A== zRars{jzXke+$oz#j5LKdcxVnz9lH#9D_Ink`wv)uBRhS+6v+xzc}MG|;*e)iQC{n~ z-m_iatjwp{X9WaUN|uwp<)Zk-auAu{oyR!Y%v^QcKW{S+y82dSdtIRkGJ-R}Tsc<4 zwRr3+u?Jd2;>*T_PlNm0_dek*%r6o7uN{6B;jo{xxQhSB-(UdB^k^-s0cbyY1B3Jd zj6M1>7K?`kw1zAmh;w9yDD5y!I4x z|6zCK!Yq&!=g^Lc%ynm&_e2y43O)VoyvKkp{-D)vB7fO!PY1wI270Asyr9&DAoD$W zd1vYBZ5n_ifs45PuH}+q%my=@xnh;nE5vCp5PFAG)&r@ejD8sS6Wwxha=(kJ=N@4G z3U=ah?vdb=9-DEt1+w4cgUPsij3`E(oQXL7PdYr(L)q$q(7Y1tk?z1HyY#gFB()AT zxv(q58y!bNlx@1kHUlaG*yi7X{8BTY)cxQ0CiHh6w*65f_##2#JCt;0)xt^h(}7?@ zJnpNT^I<Z6=y2~yUV(pg?;fQ&Bs z9@&X0E=sES`-m_+%=WBQSjnaMU5aOg{qu8c`N~Xvn#AnYdTg&z-hrGiTf$`JcCYK) z{wIHQH_q?YKh5XXLrytA?|$YsPue~4UQ9k|XWX@g=IEvMc-m}8Y&+lz9+zVJpx^)6 zGWV7ibxGp7mQgy-ls>B9+&tf06evZ^Dv2%R55-p=^T_t2|TK=;VlT+EP zV=A{b_R({n#g%Q0O6pzK-NErl$>ZIc$l66=X_=LV4SxA zeW7khPvQty999zj3wu%bU1Cf~mZ?VU9@+f%h7g*;P4; z1}{mE7%|0C1pISx%c;MdK8CXS-$>qXhC8h6VN9&_Y@b`M+q5c-hYwil@TK(phfLRE zk;#?ihoPMib~;yisQRPBYKAEK`ur8_nMNOPqC4&4$_S_i zU;7YvcEOAL6`k*$SJW|L{tkA=o6{orc6fK$huq&q=JVD~Ne}?o7SK$GkMqVWRp)ML zn26R7sgc8@C-fI=N18zT?T`mCtyVKz2dQ9r7~4~4Ei8hc{*-8mpx(iRBFHkJ={5(wA=8PwCGPd;mA zi|}EUXs@pq2Q*<&I*SE`{`!umyR6Wl!tm2Z{lipwmJnjA;&q1qhX9{rZDtX_Wy3IG z20hR7EE56y6@_^24>8maEr0?Q=zaaKDsc=^xrm?1_$}r8jRO}HIJ(XY=-W&<0Osi! z=X+tjErNSQg~=v+a%W>|%H2Sgc)ph&LCV5%uXHd8&FSpYIU4{mccZwxMN#qRX7q5= zPB&%mc$p`FTBh++$w8AZLuH+Cy7uKXpuN50IE@agWIwIE5Q|qk$u<*0gs67u)3x`? zCf6$-8*e=BJzDo=IR356y|8Q5F-pqtSpSu2>t~moZFo`0gKidB&=MbPHI$co_tRNu zU_8w8EG=co=M+*&ezNhHVQF+MRCtSl*B@>lNlB3{g<8~~o?A~RwQ6ti7!GI@bHYCX zYE6+|SLaV#_TP~($g{Z|wkN&yCCJ$e_KU3+X3I_;D@e?EtW`hwH%jQ;#mBv%BPggQ zlG^b4H0-cx=9%+(IW$UaW4+T~OAj8S+TiT-)NK=*(kF(fHk~v$$&+*8)$o_OivCfwMr=wtL8P;^AaI9CnUs)?cwwo>@ zpN8kGOPWu-x(YWBAnYLr7k;)M)^8R9I_EdaUbJcx&tuJK%7;vOUXI+| zm_$y#M&x1!OeH8{YKlvf)j^P)Zz(_^9;bgfj*Y0)u`|lOg z456s!Qy`+Fj>#YLSwNAf_|?JNFyel)F3=#H(WO?CG6#78e!e8A_ko7vLZp7=;0Y=e0E1WL01dWbKPQh>)P{Q zWR}w&$LN*UMJwSU1{FIH*4WLGa|`REG7KHOmwhhvbQfJsR2Of;VntO{={?U+BhdzN z{y7k#RS_=B-%Og8@J44fW&7|-X_w3q0M))Yb;|1iP9azTZ94p(*?HAhQ_{{=58EJk ze+bP+Z*K*SMxzGix=PjK)>vbflnb{j)LU1fw>ut$um#l8I; z6B$W|Otq^&=mGf-?sHu#QQzS_7K>A&lkn3Jn3ZQ+VD&Rl8~6BuSJHTqZ(_LN_n~mB z`Jn`>Gi6Y$cS$~CZLR@&-M{chQf~slkLiE%Ugaj5C?#={OKLG@Kmx`T8_f_A1C9vS#lX6GojM`uq17`ldMq zb?hM4;2A}TiW2-iu|ptoM-NSUXKfLLJric|8XbF? zt!6ScT?(g+OX0!QWhXv}m7PUsMyApV!K1kR1*nLWJjMH1&A&mMyZv6%Ddq-pOo`U} z<*r`+bsS#N;)h_&L33p$lQE7Z|B9JGFeuGcRWWSEztbL&Os-| z>pi41ZY+C@p%3FmF!$hm3v7feN$@)$LGI z6rl{UG@09=-zy4KpbRQtkjnEQH{exIrX)$Xm;04!nQMf9E-p~uB^9Ew)J7#D z$g{Eeo&-ab-5|IAXiQk7^T#{&V~c`FK2j(Ss|FXg>0QcwVVDu zbP1wuPgqx6*;hZTWb2&Q@Vqr}4|Ts@HVrFqS&`nc914?oXVNh;sbHCcJsUWNfq9ov zSm+H^o%4EmD4T)s;NY!?5GbCOK=ukg)k)NFUkjak81#j|^V^;J@D|YHR`M#dVF@73 zf2>V zt))#r&4RffA_}%e=N51EzJs-$~W{gdZyZ&4^c@Yd+ zlv_%sxhA|Rp&)O`WQy3OLAC>+E&VNv7iP4VX192Ro>y}5cuTu8^hgB=$33oK3 zvZRr7Lvn;f8V?4Jo#!xmLkWTGcy?3@P4?wjr+hfgqq#u3-VlvQF=N!VFl8ou_~Y>( zLapvV^<4H_!_=UwISs?)I}3dH6vA}z7Q^+1P!j?C-A_tqcx6vIYF5YND3;(1xSJNk zPk!!kJ;0Poa}6caP!9?*JrO(p#s3G*T2Gj{+9vm$3_L<4w${CrGqAb;v_p3^4}^ zB(V394=;{Ya3rkuxDRLI@U2J7RcAYE(`WCFb_9r37EZh_GO>2QZ<+@%Bs;Rb)IUv= zzOn+&+G4M0?nrG7~8us}~JBddxMy1WqGbd3>v z?+UR#+6qtnlw=L_Fkb6(M#q|z`X%^C>9Qgobo8UQ>CY&qYkF&TVZ0(OfRPtZQ1p@p zEWt$tk_Ae_kuZ+-o=dO4u3YlmK+#1c0x^Dmso}psi zy%?VzN9xT-WRM`C^Ded~7=@4>7=WnA9(>FdqVtTW>Cxg1rYX{!61xLke#|oSL+#V< zNCYk9PNDN{&xU`!^4~tZP8NIVp7w^Z1#y#cb(=5)NEkLOBhcwJL99WU=X(BjxoaC` zDu4281G8)eJ?4*jsj48w9rCG8Qvu4qSSctu1e2x5-Vb$|hsQ~|Gjr7P+i#GyZ|Y=k z6FL6~ynNcne7Uudgp3)Ie=y@^p(5fF$bowYG;bmNPEzn(A3|vxL%xxg5Q5 z$S3;|4{y-bf%yT5qg&H%3IIM!$tIWGD<_%pkmwt{xqpcHFOY(p4<9K3hWi(4Kx{75G?FJzp z#9QO*KkF)RVd2rpxSwd*7z|i`XsW)i9ujKnJd%2;+Gnm<;&C;53EOGB1iCfDlI+!k zbDyH46TYz7=^pqDdL&#Pt_bZM7I@z4CA0*! zVwdSM?zygeHYt$umZm#(?t}zBSd7#~NqbrZIVh3{Dm!a4>Ve{E88j&|G^w=vXbDhD z?Ww4IiT->JCe$`zW$1#Bu2_=;?~t;muqzKZ|dMBYdN zTk6rmXv_bxc>iPa-Ip45`d^RsR))}`-j^!COvNMqk4T2x%6I>>G5`Nt`QK#l|74~A zzqyrtCccHHc>4te1W@41Ij4A=tVJRDMddB3qM~A>XG+^-59TSUu@ z4y3cny^sIFXit-8Yk?bnWGN-X6T!lbz!7^ImJ3uakv=< z5t_suvcdlTe!FtmPo2CgX*8=RWIbqB0jEL*H?I~Z{JLQz4dV2fsaGfTkwEk1kpp3? zj_?4Zbfu;)Dhz<~vBL-;5eAuCr9}4lpVWab_Gze#o=^=OyT$}dn>;X)Ixg2O(SXsT z(hkL;`4(}XF(oD%`&sqb_!fiF0#PhrVNng@)o$MJ-TlRw?crkJ!|Q0(vS} z5p~YPTIrL3(`Co;$;pMOfJ=IYMk0$w0YicqFf3PoKEAaC!4+^MxYU2rUW$p1m9eg0 zpb4oTqonlT1jjdsgWzf8TksX2v0S}Ug0?FzOP=obEE_;FT>AotblRaBG&>99X^0&Z zQf}Myh+c;u+->;rV;3b)v1O`Nasf{WNd8A|GC)v^l;*Fxlw=w_Q@gtOVE#f|j zX*2x}jX+&I0oe3%!n7cZtJ~!MINAQYo_kv4yz)iB9G-*Ng{er0i-q>Qx|G36FQ|#b-P#()@=K&(@ZPmU5fgQ2#Y#5$GG20 zQ)_`{6hJds(b3}L!@#OX`il*I3?g5PR#!?O=kdYC6*pTyO5-07`$)kV8s9vzHil#k zHczyBuQ|1McVsSWA_9{Wesg(lG0wzG5RhH>q-Qf(PZy3yZa)~)MQX=qLCr%^BGq1- zIxmcgH1;&*K)tQGeo|=$mO@+FPRwiO4F5|21an_|;MCyTnVRXeayPy)0qx;h{=i$iUCt)4;kczzKlL zV@hmNz0w*Pdczd(K@U0hxG}T@t!YINMm?On!Z#9P_j+E1TNf=~p_#ZOZ(E`h?=B_< zw6Rg7NyyZy`dtwba)18D#KFNi6XOzX>xp@`!mIictsHBwvde5ajb(M3wW#l2<|#lz z2SsX5rL}5(?Zgn~qQXr#o$hv75GXyz5MU(+L6mZ>1?^aMr4vC-_=zd%u>U0*;~x)p zt-^0e-sQTF(hR0HzyLK zUVF+3Yfzs)MfZ#U`=dVLxON{uzQXg9u3e|sHMK5!^U*7iq!NnxwfQLnV2A(YwRw^l zN*7r6RGh?UdPVaurSCX$my4S)+@(5^=k7V)6j&nCcMrTWXhyBVxOfDiNKHBc%>7&p zRE2jm1XgP*I5NW8k;US`s05HBWzn|FHsm!EwY>YS5Le|0F!Y89&@jc8s#(dtcG&#* zhG|5^Mx@z+X=g?d-k`IKoOzlq)-Sg9JHa$0fjHta$F2=^#RphYm9MYz4)`}-0V~uk zb0_2}i6WT)dkO=Sy-SkH;yKS zsU08XxzB&g<$8o9s^04x~zK;`+Fl`d=Eu1FuVU<|G}z(zd$I3`+p@NiEGy-mDr9LfY%58jlk$Sz0QIQotk_x5 zveltL06D^3V^q&1Z~UJ7O@7ajLLxj2IgT&>0Vrb5B|v!`Fb6c$bh@1RX6c%lXuXV! zt7y(QxWJu}v0_7g-EQa>=gtIth0z=_As9BvlE6Y#VZH)=*z_E;_<-l7oEcr|8aDO< zpq~W+rqZ#+SdqYHVDkdIv9L~b@eQvn5@H&nUlDgKWi?2peaBKr5Q9iJ0_d#3BOMF` z0*)by;u@@f4U2QESD?d+;TR#b-&%urrKtdOdW;^$1#9D=N*(dzs4|boU>vwtMGcKh zBsXt{os^7D@TXCYyhX-edVXz|0{pFMsqZisB-8zGuQVm3Ijv-!`2v{e|Mp=(M0^8W zE{1RQ1EBw

$(RIY^{cDiuq{(){xt@A_QG2T)HV5XypB)e{E>6oifCKlJT}0mcnd4f%+@0XfC1 zTT6p@sPm%-pN#Z8j#qyn4l+$tS2DL7>5)E*StGlVYh_rU#kL{1FPsu3J!VqG zPtR7w$u;oKWR-+HB&~ak4Nlt<-DatFcAavHE$w^5EN!t(t83!b6hT@Xp^hOSa)euE z!DFNVa%J#VKX|3JQQ<+H)L=Lt?q;!>=4RC9J@dY9$`EB1ijPyP_ot}y>U_b|>0p@2 zDGA+%m4ke1mbAaP9Wrtqi(8e_^t28z^KMv##1wFo$W4C%J4_kDD+#b!zkhlI^J zcT%R495)>^by7W6Lg?Yd~s>5?2Iyt$(Esi}!J{}#8sUkE?%jvO?Ra_g`PwiL=C zxYeo-6K)!>>^9W4(ZkgV`#XOH5)=mz15Sg|KVgaEmv@%#`Qw_*3A=R3mYScY4Z8Xp z-oX(6NL(YSe((~MYC5GCGsOYpo6^!;aV(?eZWt+Xk~6;Ky<2EY=~$vRVzfB^4O0_u3^X4F(|~p9U+8Qz-f##TA=*%tD%c#w>{Q4~ zQw$hFimR8+7qGdwx!Lk|*fDe&8$3HT(i2$IFOYL9G`^s<#zmO=_EWy&{pHtHHTg5! zBRkqi5R`>8RZ~9L@x$mhgJjG)*bhHspoZ<#f>#d z;1ftoK%sHLoJO4M0h>lig$D;Jt(h`?xyTLZob!_;zD#y>65{_w48Fq~={u-9x&uyB zWK?|SM^P1ZQCaeryS|DU66GSqxMC1wIvg~YO!A!~@yRge!PemOHHc_2qjANt!F%et>J+AqOQZcf9moKvopQ4u`|zR&S_CqJ_5@kPE(FnyvJjgkK$bLl3(>n~oUb2jgI$ zC*Fcx`}pTg#jVhMBI&Jmg4LZ`0=MUe=eV=FXVkch3!}?67~ulu!rJ2WMq z?&DtV9L|hb&*AijS7rB8c)jWA=jx|3b`N5CnLV{7JEEa;JC>{mx#&gimTlgMB=hA< zNpP(+SaZW_?E3cGw@=0NNnN{Z4!n&8XT(3op<9U7**0&N1vB$ad$2kATBV5;Ot5b9 z>o4^l&tS}+UdK7Y=B5@0-i@!MG;u7OeByzwCoAlY*Kmj*<;&eD=rkNuanP_7!+OO2 z77ex-o#9&Om7lI;gL*<0{o5blK&LX+WXGlk!y)*EN~+-c8jn-QMpPna!<6qx0w-9u zimR3;vbE%IAYCeL2NR$r7!EH(eJrIOH-NV)=!5P!%J6p+KMT6!AI1_BzZJjj=Xu`m zAb3w_+N9SdG2lve=;V8aM+>!GsZEz~g+rGI0^gjsGnk5zD%q}6)BBwLP|MQ9Er_!T zh&|rg8VZ;`ek&@bq-8nPxOFnj)Ryld97~1H(~tu#Gh+>D5RAFsZ25`#@@IG6Pk@t* z)O9#0F?cg3k^Zo$ng>Ph7V^`q>HI(gv5uIAt2XPU0SID!+uRA>(7#ig9mzNokt{R# z!2#QZ_d_L?hrwTw8+-@FY{trb{n*6K!%}iu*t+-Q4zJs@iWHS7Br@t}KV1pK-lk zt>Q+%cVMFV-K`jlcQ}O@tGl>vrjd$`%$bK*F>U$rL|%qp8ER{Vm9?kB$c^v874dO2 zV}?Ad7rUZ1tMnnO%oYy4#E?*C4VK8RnmNj3g&X_AAFwY@0gJ-aLKW0+`*HLtJGyFY z>f0BlYD?W9EtVq7xZS)LZ;-b#B;1)AyyqePcr~TWb{XteSWOLKf%=)4@(=x=ylRbCPR}yH@zEoc!R!rgmg-k?B2K4jiaRG$EOW!x zzK^VS_=B``+9V4YIVb*}^3-CbMWcNXJ=*d%7Ok*d-hs?`=ufgT#UQ?ph$>1nnwh4CfDp`V);WrH zu4Y%>i3qa_!4A|KW$hTdoOjt=<&CdE@=c-w61SU^4aK(}lgG{7a9X%VWSa-DIFbroX)VaBO>}l?L+e>2g zzdn6n?3J)R{C;};vu!IHYv_bAw{4%+##&jtUtjq=#C`}4t(tGRM5ox9<=!rCGg-ND zj*$_^2(+P|54$@K2sf4td0((BIVs2lGLkgck7@h}GGYSDh%VuC_$Fwon7H{$78H5u znG1MzNTRP!SSvy|t+Z>6Ps0Vx3@e{jq*6@CjVh39JWz=FSrdVf7MqqH?Y463zUKIq zGBv%TYhc(LuSVMZk2fM_hxV@c!XM%4p|3GAH8>8`dIV` zJgFI)r-nRw5%VC_pAe|njaycK<+rHofEj09&9z+tO@LnlR&w=xZ4M89oelz{KTveb z^+NGb;q-ZTUCi)6uqPgrrT|)gv8bDRa?5FELa1iTFF5No)Ie?*eSu9`-@yFA>UeK6 z8$z5`9olb~$QJ9#mP2-Qn{_J7>dUluS?w6+GaT_0CU=t!#0?HjA$;mzosTp}>n z=AmGuP!oSe z-N)9}x$%>9L+}eZ@L$QnY&hW0*yB%G9>OsK?r-WA>7-5Hii4qW zG~Wf`z@V^ej=D0+HKSc5NHn=!XfnvWeTv~$3`8|oy=yoR)kv5A`?=k zc-E{rit0OKV6!GIhUnXQ^x7XrV5+Tol?AuvUNVuGVZ;bXrOa+*1n}XWR(aV}SF0uWC1yB)HS2)jG zl+mrY-AtM)8u-u(6}P^R!pe2of}ONEA#L zT+U7?CKO6$_cEH6vN$8Mn%VeLv2_K?}{r%5(~e2{bsxQ4~iBu&U~>aBI>6VlVfz*j=e5p@}n$1#GzR&G`F8|#IM`j-L{upVGkdr#^e91O4+6`(TaquWqY37qc_V^ zOgR9XhaQt>Mn`T}72KG}Ln>&`DKtB3{R$4sUkT7Tz04-mbpgc!slyIGYw5` z9-Y3!5nV?S9(e!E#pfyJ)AZ=IxmHaUT|~AMPv^lS4oZ5^wAR4pC#pZ~p0Lr>*@y|* zkE#@Z)eaE)OGHk--QFEBV+M^V`m)Sn-(MKyP*4Qx64>OM<+p#3+$FJ^l}y3&A${wF zIA43_mf6W-#IQEv6TiP5GVw7pEh&p%%Py)lSy&bzXzMOC@3%fyWpe6NyK5c5GMpy{ z(at=&4TCmkG7>-zR3>6xL+l)5&9l%;;Y>wIM|yX4ZbDgOoIc+=qwnR6qaFNSwlXQH zv^6%_`KW4SW|4z#T~bb8^q6vZal%F|JNCyAz*pk)sn1p+=@&A=it1p3^gb6l|$T+$!BhqB^|4TPe;A)%cS< zLtS@PifH3^-(XOfl>(G_)45&L;**;@Z$AK6D&wVFSNs3WBsv`EZg;VqmU)s z5fFeSq1&1+7`G*uoBuYQ^o!s6M~teJpsfs;J=X%6DsUGik%?}aHE@hM0B4+lJu~*g z=jrSer$C}5_g80mJCn#}6L5D87gXe5OqhuUFk$lcfP%(0bboopQOo(>iO%KISq2RUBjdpolCmG#x`P74Ksd@gsBv};#%M4+A>__ zl}MlyNF4xsaE<{R9v@#`>5E?iAX4M|u*e`WKs{m&693+po<(g)Ri<`eVBj8odM}VS z5Ql^2TaorevmJBfTVu5So{@J3j}jls1rq>=pD!nfM=501dyg9$8XB5ERw4&bXCpvt z8LXLN*yxG5A(t;J2G&%p%hv)`PfIaB{1^{9dDpxEI@8Bhg|;!BbHJ z0X^aOSY!o|+GZ)7W*4lRt{khaW~!2oS;3I5WcP#aonX#^y_Ppqf;#s7+&d*+R|S90 z=C8NswLfhB{_|~TzG?ny@XuvfQ?~s8e`hj)S~nG|vv)N#6b?O^{s0FWukiVA63RST zP~u;H=mZpvMsv?({R*s9MGo`%(;@p;ZQd$Ty4N3Ev`GeX4x4asr62CpYU$}hddM|uvX z){*B=&S-KJ7%TaetiqPArUpjFIL!PE!oL}g%ag9Iu68o0u5xAUFV=IQvGu>{YuQ51 zw~C=Vb{cvfm4A}hCj&%|(%&tmtex}KL>Xp;)BqENmv|l*d=FC++~#sx`0_Zkp7mrA zK-P4shC6D_!LyZ;H%fy=utarV<{bU*LX^gO9Z zt!=toW=$D(n@7w^F$!4C)lackF%aOo9lU(3!)2%2fYes3sIq4CjXym{djX#6+DxPP zs;e~dV7yp*q{mY0=v_Z~e5AkRJuu|3sxUC-J9${i>x1v@#Li*qEXHEXipyO)@ zE>GPey_yU=@toieuv(yiSs)2cVo;7vx^8y&%aqGI&Jv(I1-eVb@|R}mFqBlLJ9ZKp`9 zS^%~E`f^niTHUa1^;VOgc3K1LtwDZ?(SF z-M+P;)z|?|Ww#H9>0<}{ykWfoeAu4*L3+VP>`R$I=RhY`=N9bQ)-Tvs3Ty(NgCdAR zr=!J7dS?ru$;u8$@BEt~11aa^+l~j#HTzkt9^LkaAbDGkyE|QUVMjj3e8WJSJ?Y)P zfX(X0W0uY>=$6C~)#=xR1$?hbs?>(Cxf@52$LHyoeFo`e^$w|>{K_O*BK<>424zbn zsKZP@CP#e3CcU=(WVC{rs$X|=v-e=Ae{l?$?Op7f=W{~Q%MjOH2yOSBI zL{^D)7t2TQ2%GKouOw<=#B!`&3a8pet{;)BUrK~+v`AkRliCAVyJ0AQhaOdbKVFUU z+JiSCNJ&r7+}G3su}d^xeh(=}+dl@^GHp-n#$Dq1y|&4Ll)rhOwaZ$>oE(qLoas_b zLo@Hy@$smG`xf)=P}*Ueq$llvkOEaFc8HW(H=7dlyZH*tdT&3o4+js?0d?gkR zg+0-dqb36x8>Nau2VT!b!WrDgg8@9Xv%uP5H&R2-1#G=Nyc3}LLey)ADTL#vPtG&E zhFU#^km8HUHmBQ zOTId!yBd)*WRI^rm^2JKj+e-oj{x-Vg}$BdPv>7Y$Xce(aa~PC!8{0uYxVKXX_`ft z7?w`N^auBP;^FB0rdHo1E5}m?0rF{9uk+sT)LiAZI*wDuJN$z#10=tgTV8Hx1mDf% z>>Li^yzs%G1kQ3v!14I{pJ~2GB)IsV{2(=48A#r&D0E-pOx$W?!S}E;%M23p2;J5%^lEibsE0m0|7}5pb>jvyZ-5as0CI48ny8+l zo1h+nYb6ERwC_qhRgwoC{*blwgK)4%<-bCcqDDdWi%DM&?ZlX6KLo?KinHG>$*piw zKrGEpg(Dpk9krw(_kbhUotm~tQw7;Oq(tw^S|Zwm?&R0d2V?WcU`Zt>Czs*jg8K&` zG?D3y6Y2a;w4=PeLB@|69vdW@_!9Y;BlYR!)7jiBE=1hZ`KC>s-2J=EdLEMV)*JP48ozBln;b}(@;^($>l^U zgtxEHR8nX9jj~AWWcQ}$Q%F9-=HP}z20Dd?&&}Q|QhaNR&&q#hbl(LKo?ChW!Bf|Y zeWC{1ubN>xPVh&Y&lsd$4h~M1fWI)CBZ;nK#%MU5D_jX)#XWxTwMgQ4Jzl4FU&?~n&g zwBSb!*ct20=R&$!)4(DwJHus>nK(d}KBLO1kJ(q|GB6#!TMOfY$9k8=5@yh9IS!>G z#kDI3Y?aj_DFFtkVo$)@LsYOw?)2MuR)FY_`Q;UK0n;Fm&upDz+d05VJmUJ|Chhi>pHMIQPxQyBSlr zsAw?x1u}$`3c5qP#Zn)fPL@)wJ_*}O=*t$}|4HOQe!e|lYT)Okv!?ty;mz8U^D0|w zNIDt%cD~e~p~=jcH$@%Cc}l=fx1s^Ld^V@xsmJo55}u;V2J|1YpseWHM$M5P?Ker) zq;KRq?Ne1#0g?1n)?0xUO+Ujc(J6krt0Qa*&%Qh*JNVWIp>+V=-^)Q!?U@4qiwqVzm70Q&TbG|d3o z*+RbYQ8fl}LB)_`N69erF9SP`bi-0Q4XDofz+g>DM44Wr>v{cat?Z8IFKZTwm}4R+ zpZ33p+|Bm!u)aDGxB2jrJVT&MWYXmH7zeS;=k?J(Y^G9FH{5BP=<9r|^r&1{ILYUq z#8F_F+)=Qt75DvXt@8Sq&CcZ-i^?K0Sb+f2chslF8oL@vQkzbkg)jvyZDWeHvCf#w ze|CTvqt-GU+>3JC(Nxo#ZF~_bG8ub!Q$E# zvL?htk(LY|^!j2`CTn=`5l)wf@d|ARQz$O%XRxygNoy>QWo?fzPzt~HlPIYR2iteu z8n8Q>jGkG&4~&(6QEN12S2)`yL*+4M%1(`ml7S%}qWy=|G>P3}UVHU7XZh8v`(b}0 z!<@*5q-jZO3Hufn| z265h=y+?_idNw{lT_F_TzPL&y>gg&VKjWt{Q}yiYpE(K@&sId(R)PE)w{34k!S-R7 zKV&e)-yrk*eH4g+KYx=>i)u5@2>?wnVzX2Y+OZ*Ms%FLxB=UCcmg=$GcSje-UR~w$ z1a)TYX;Iv7f=*>UPz20@3rgYN?q>b9t10Agt^+b*iKTVyG)_Lyudr+YQE(RN81h%f zGk-e5erB5Npg!O+DJ{Ab=5?8&1$8Wvgg!%y8s!!Lb4K~_dEd#OHmd7i2&y&id729e zkVf%QLc5a;kP@bEM<52$483rK*zJZ3<_Rvxs&!BFKvR0mmNTk;-;b9j8t(~ahHK1H1dvG)3~Wh5g_>L? zPTsbLO*4iq#)I5ID$28Ef&Lxxr@_JL_*SLN8ThAA1Pu4g_8HlX89iF!_m?1}`*hT} zZqE$EUt0zT6JaqRj!V3@JEb;ZB~EBLkDk-$hm>KhnlhDI!~!540TD4T9(MH$$YtO&_q3(&(pl8i2wPr ziQ^(he=fbxtg;p9r)rVe)g5lFEp>7)jzGS^2S1T8V?d0^xSMa}9%}|`?vp0xA=W&waTD0Mb^J)a4l)4Yb^m8PUbFL~q}Hahc2;*4)f4`89JbO` zpZ#BoHm;*_^wlI=7=D<^pCx?EKD}yfB(W^NJN%K%>o9TtiDm~g1cMIOpOlis`Qvr0 z8rzS{b!D%E0MAvyd0P!#m#kfq_Pn6bw`Ojiym0o1C8)s=eS!sTgO&G_9o#K<19*MF zUVl!#L@lZeCd0&72ZHD*=mr4jaN_{+rw`9C{IFApU7$b{*VdKqrl|K^^!qf+-ha^> zcyw32SmMsKjpt#aDkn+J^`1_e@UC;GV0}jF9l;&LVlggMl*WVTlHhp4K*Lo)`X1n) z>3E(mZ@gKlBfKcw!F*a2#@9y$v{_A=OmajE9Nf0p5B*$ua;;y|FSSuUC3W&@=1s#> zicL?f&5hpo?Wd{ph5Bsxy}_zXC0J5zVq!xt?yd2mHyDKv{G#x1|K)=rT^_b9kTPGr zhv>uM52Xrwpu@u@SYVo!@Fw?aulZN##L9gsL#8nsk4-HRYC$l*H0cqR-=hROAmUJW zI3UPc7X)iaYhg_KC@~<$b#zqSbhVwkvhEGNY8L@ zqAbY%1N~JT5WLZNG0D=}KGo;tB*_Ud4FBde91Y195MsMY7bdh=fQPrVPohOkrZM8wJP{be10F(~ z?)}V6sm*9uYRTwy6t@Ly!RuLNCQQ&NRleQ}5dAcD^6td&vY#Ziv#gVHbMCBzH&lRk zwzVdr%&u4rB4-s(reQMA-tgEbkS6@7#%{=Seq#3(w8)M5*VcDW-VYWP^rdFyw%O>p zQ%3qF(Zuy|(*(H=$j|$(<_X%HS*n!}DDY)LM*$oLK#q5B{JG`OceRU!JfIwz;|2r{eH@6eJA6{*PXTxkQ1Q&X3MLp zsnTS9F3S_4Qo^PMTpN;Tw5MA+w`sgas18(Lc^WvK20O{|8T`;`=Bw>%m?E&Z_mpIv z!1yrtvqu!%CJ)uR2-!NQOToHFDN})x0Kw@dZV=zK7{k&sv)B$)sVU-&wb^=Lq@B zu2<^Jf@IQ>1V#a>=m7v~0pa(H+WS@=>q-Gp<@znCqICF-!WD%2{|`@J85ULBwu^vt zcOz0F-Q5V%B{4M84boi#(vs3$N~d&6=goh$< zti&${GXBA7Kh7x!o*QYclg1-tbxT-g&e#-9<=+F>{6l%$&bUI>Luek@^M2sgvExdc zI=ROigp?X*;L);Qk}1p8l@M749F=~iyW)xYeYy(;aTs%@N4MtqMb)&v5x{wzg z`?%Tatt{FQEFl7q(7aIXGgsc5??V*aNr@*ZA=H6iAkBtR zRN9w*Jwm4y=<=UqyWd&&-0*+o8KV$CAEK30NiSlE{Xll{GUGOV($A9af*B-XI;?bS zFWL@Ztp1ftJ=S3=VX2=hipN6a7Fs;+uu0hWCQmb#PV7s?f&R6vauH1S;>XQfe#T#X zRU~>Jt~X8)mN}-Tpng5}V4>%7J5L0jX=a2jx}lCk*`~OGt4g~dpQi1$-TT7tDN-q4 zK$oPnu>Z0W1>Vw6W3b~Hn zCJ4`L0a7yU!N9{UTXog@nP32vyoboh<;c#RNxmhLRZMK?roIj_1l#>W8cGX&^(H|0 zdoCf)`BKRDOc&I!ZZ=5ZlFGLAgM0_pQpfjr7PI`*ws?O5rDl3&1`l(pMZ4N-PNcqx z(KM13>Lk#G1t0p=fcK7=AAnns)aG-iXF>ot168fha=67?xrq;wD6qJd`fq9u&{sal z0HWp^{iZbR{zug!6F|M7lDH3%*vMOH37qm1ns8W6@U9Bi{uAcVh)$y}Tlr0PP62+7 z6hU1V^foziR$)2lgk9-XFZEzEW@XV+u!t}q{1O6q%^?Clk%{BRpl9bo|~wZX-<9_aoX}p#2*C$6cYi+`kaqb%vH?=YOW2+ z&*c(XoWvS(f$3@4C|B@Xy8?p4gJ!BZ3nvqQ8|Y+8G?Av zT>dHfq!r0L>FPObL_$QR$4kY8wQFIIF?6@)uhpfOWeI0Z>8XC^XRxSVVAaANrVk~i z{qE0{#0G|Kp}@{bYvQhJf!A-$Q_Lb$)CzoVp3%fZh6j9}^t^+QFL(KUqN{K?;(}ji zoF!T0wG0ZdaD?QUj%i@@Y|m0t93nafo`zCWxEpEo;Cl_62}C4gRxVP4J#fon;8bkF zEkqJi>(8bY8mKBOuF?;uN5<%$kF4n}=r;6vRFlLh5lrO*!dh9gTnYHpw9dWf(!PbjCX*Yd{Ma^L@ zxJ`ls@=6R*NG)MPBwL?RRg{j+Lzr{5+BoD1^(kNaS`SeSv<#czg-q3)bR4@^lk=`y zKoGG9R0Wzz`MEns`Olh??M$!2IoA8dq9}#U%L=I`VsrctG;_~E+9*n)E>M{wgI%TG z)b9YLUU#R2$Pg}3k4oa7k3iR=+` zb$eYw9P)%sNQ2Qu#zKr9S@IkIkl&B6uBVlRSo$&ZH`hX@(PyFOo`Kh%-u0z!o}Tdr z_>>aU^MHc3!`fFzXQ9k6M3Vwx3g}p78p!Ti*%gOCiJ+clG29VDl*(I(Pjc+dgTe|K zY+-AI)TzI)H`VtFr|u!0l_tBl#?f1h@UccuUwf04xkT{xwb~?N30<;0hNkF*1N=%! zMxpO|jHTx#AlUOU9ijYLG+rrCH^(Yg&|eyP(r`4E)u-O$l0tM~!;kR3{(-z|8!tQ3 zbA+ih#>Vz0W`$%CW8oO*KC-b$PTL!Qu$9#JjADm9B?>agqauuJwb zePh1tMLt;u!F2{lko{s!&qsfk4R?u>(BavSB9GmMt{_6w{VS&ZZDqOcEE z$Me}RTp}};IcbD$;HGMBAcck9Lq@0mFo%2~h3V%f({f>3mFQ=ktMZZcC&ak?%E-Nj z?4RQ$pR7U<6Mt*O>ggK2t&j=YNwvGI&q4KY(b^vs5rSk zv0^c9%fjqr06_36^#H!}Y(!4SzOvJKlPXt*IeQ8bbTmNa-@M_|dOjr526g6rD-3KL zwNsU4u8rXH)@NRBp0=+ZWL0UIi`J;}H7Z}S)CVw<@c@dUziTWlZ%%%BBzMJ;VJ}x% zRniTKSetuw0%ghl4{YNr1<3Wi%O5V&Yqz)P9 zcI30ON9p0epZ?bA_5nw)WM|A6zHd_KkmV^n&sjSYCCr>LA92IPYm$384)fah>B@MG z+2|}P%WQJ*(TDX}@)IkYcg$VDyNpR0f7lPARA^GC^~<^BPB#fjy8aW*PKCcpAWFTj zKWr3|l-X;)hqFetR=v8=K+o~YnpsD}pe%FqjU{S0$ny7vM((h+^egym`H;<_ECg&z zrwy;ISTO_&tRn-;#*e!NIbVBoAm;fqDJKG!AHwZET2f=dtlw@pQ`Eohjd?f)L0vh{ z%>${{`%>fRZ5&DIK1(g%eHFD{s_VZh7dW4nF7Dteru3kiPc!XaTagbva9o}~(fUF^`&sLP>X(|#`3A7ye@%x@ z9El1*u%JnA1BQ--_f|s>VQcuANNdLk(vDNA4(x$|z&V>j?p@`#uZ^LbMG(+oL-qzE zeB99ckxr`|Z%c^cYZHo4J_MV%j?EBsSwXs~dgp)%O^Bx;G}1wCnVjp>j&K|#jbvR~ z!n2WwY2&tD92<-Djvp}?nNb!R&_1XZ9Lku{!?qCcn>$OYhZ6vj!|t$Goff}31WDLu z9rQ2-gTs8%YU2ZD!XaEn_%G`w%dcNgStGUzu^uvT^=+NvF!3Q(t3es9>9MZD;ja#cNQ|+rJm6A=~=dY#ahWc>{UY+#ui0 zUpJ|!=1cU5AIt-*p8c=GczX?boDAezfBx?1QgJ)5L~66W-n7@NKLp+$R(Y;N+ckC@ zm41P1V6~`EI6x2}uNIO|JFcwLpsO@0t$KiPT`lE_NkjUXTf!4nbay6xU#IuETCnti zq9~&`Wb2|hT*{`>=$0`CG#yh$Y_NgsV#EvZ>&ElK1Y22EMM9g=8w+{8cK#4m1*6xjpi z+D6JQ)j(RU}9E3&i8=77CbOn9^vI7EG;kG@$k8| zHN#5`l3Y%)&9Yc3{mX6=;VH=ilc6`Wf@oUcbp-@)@9og#0D>9rM4G;1OMht^;}x^b z-={O`r&{Y%9cvx0^#+?Hv+v{zdnREHw>eAf2KauiFAMrBqqn}>0jw)+`Y^{U)2Y{^ zN+_1-+*j84k~TE7psI9~r6Y#4SP9%|7{{du?9 z5RpUa%rCxp!k5lj#4f5my2XPgt&%AU*=@B%?~+J8AF1=ux_QPOB+)6GLA-Tt_tSCu((zpD7hdi*)I4DA1Z3IlxI3Nv7_hH63J=F|@T0iTkngQl{+$6NCfCF``=n zk>6PLiLkEHXWydA&0>ZOfw1r5sML0^J-3^jSEoCV=Ok+7IgcNQ|N>AvFG(=Ys7r% zTJU;)UC2+t!4LKH5w5rR^NYE8{ygRC4T-S$K!>Y?IU{Cy8C+IiH#0Sm_XX(E!ts&Y zR)Wf+kWJ#9JExAT`7C!?@n7QaYxq0o)oSMIh44oG@b@A_p$#)C7h8( z^Nta~oz817ey&+|g@v%-l)2weCy#TnSGy7)WDM=Xa^>56=SwOzhXT{3BCg&|+IR*& zg<$db3FXYaRcB=Ek={}dN%C87_pY@%G?jRT6ARHIkxAqdkXykU{EAzOuk}{ik|hVw zL#?0r&1va)n_(}!*Sq8Ix*ez2BCd)EEs*^tl_GN;O+_ur(56YgHek0rnsJyfO|ljj znlr{pGWaRQT0%F=M8c8@rvdk9Rl}))N+?0(PpY-vdh?*QIBuE};uHY}F>DMD_a_Im z*P3h1a^qR{+hO9JX(7(d80@d>W#FM(U(&D=BZ{u_Y(UIzX$72GO-7y9Ds2rE+3RiSvppqOgZyD3NF~kTnQ$Uq5DVHGb6<+O+}LI3J>?IY1$s$#8>b+*uDvr;-&HF&CKh)?%%eD4tRA!C2fZ<7S;H#YA9{V%ab%6t{9)G>0WAAKer#kIgUb#BuBj zzAz2TzD#f_rW9V_>S3uJTV_X8+vj3F;JZTW;N< z+p6wPK947xPC_tUM(1(eA6Co z{N;Yky{8ErIzFNBteDt$+9;cr-t1+7i%9vt?_p%7xs|-k_b&ATEY-H#i~HFV9gt)X zpyG;#-JM`HV+x0_!eK$drQ@);;%4F%E-M4Y%2ewq=(9e}i-0+XCT&V8$Z=KbD`~Lx zeF;~Sxq&pQ8R+1x#q@{O3$7}JRY*+)lCptvWCZe_fV2haAWVY>jQ&!QsztL^O_}-hN zI31^{Q*vLIBi_E9hpoVD5r%f4+gURQGukrjxjE4~(UYG7F?lSO} z{?;e#;PYE5R+`6T<_T*}vwn#4Z11yDv}nY`v)kM-PhsNvb#5|!ZSl=eJ28-R_P<<= zGAsDALM;a7FqU$7?sYEEuNym3J%(HNckJ;?*aF9cg*Aw?b2`RH*^Ad}p1HZo2ICiX z6mKT9Fa`u@{|Jos;boBIr#F5x~ zp&yntS7U;zs8K&dRaZzbDof<>e%3^Fphf@;tHHc47?e9?z0By2Fd-;BLY#SrZsPz7 zAz-|-5{H2THwsq@cZ*m@zp=+VQe6lMP}K3u9Ga$&YgmR@E)-wCR&zo`SvKP9T3UmW zv})X3C)y3dP0xWL6M$iY;;=Fxy;>nnEq6HMWdd(Yl7si;?|hYOO4k~vC46=~Ou4~? zdc9Q^beVFk+CgXPhVYGZsjjPT(QZ#?(5-gYj9IST68kg64@Ot2HPR zt9X<;ReG}r>krd5$F5y#Cpl}TNxsq8t`7p9sTOYfUNT22&L0bK%@onh5UKjnl608_ zR26}9(+nD)UY#ADpX{q;pnceV=$);F0VvK0*RRQCOO~zAxG+$ChkBr~cri{+|!$N@EWQEh@u$5zrLR0o(q7j^yeam5boeN9^^73tdWhIAn^Y9zhf z;gGQAo!LKdl;JeU(kzP#To;0BrAF@ju0BgNL5|FiJ|1085!HDUzTFn6N0l%eR>ly1 z29f>LwDVnMtT4WMG$rHROfdm!0f!3dLYRw_0xNj4J({ic&B<>!Db$)#Ha9A1IW9dN zXuxmL9`BZBXLjixrhJJ83F*n#UqJ&t!&yX%=qK&q{I9W8YcwX1w3n59`0U%+FXcHg z24e78W=4~CzTEU1kNc~aae91=OaF)!4Vrmxm-|66u^PEh{AJ%s*AuLZ*pLcs?H*9P ztBOll5g7y9|NT0ru4P_KUywuthh6sMtzl&t7j6bYRVJ)^I@KC!8IN&Mgo1omaD-%B zo~xcg(vjv(Y)s=nAe}mdg@Z*^dt_`tV4=Vt0Q|WS^~Ow{lSvO0XGW4I$)e0ezyE2R zKDf|p`7!=*?!?(RO+jRBk=Zc4fo5ZI=JeNmUSXh8WDfzi`C;uOVBz|EjU5m}bJMXv z^;(VX1;rL{$ev2(+l8jL{1{T35T5=vX5(I3X@3!S^=UHGpF%Hk=FytGz7vwnbZo~@ zaXK1jaYF1LuaTr4%d!%~{=JY09Y2PoO|7c=PgDYnMcDG)cUAw96&;X9QVQFjs)``i zIC&NG6mzA%&uJW0^k$?<%69pAIx$@+QgOmfX5x^q$r@axe_M^>*!w-Q%H#ZUwPv2N zVzGle1H>PSaQ^9Q7NjB$-YRacWnXmbo<#KP?q&%c9HT7WDJtZYEtpTTX082U6Eus0 z-Aqnf;|bAcVj6lfu0RD`7FLl>KL`l?azOW72r7r3LSX_t5t^WlDba z=J%M}sRq#(%e##4HJ{B!mr~&BzM6*Gvyr&CzP$Tep1Dl~NCckvq06fRI?}g*))UWY z$G;O`&E;Z{!Djn@pYs|F6ve{PvkCEAu-zYDiJdwP#b&-`qH&xgL+lsc zrm2>0cezbG%3rYQwy>Ups4qM%}K&>vF!PJ0?-RSgfI?q)*`v(+^G&`iPVNHGtl|-pr zJP;Z&8xIF-5v?a3_rBdB?4h2M(C)6xwClD+_k?qbVQcnbReWqqHY79rbJ+s^?x;j`>>^r9`y+olzL@ zu(qhGrISnQVPs*H>ndCHf}N6H0qXg@5AZQ-CAymz>O=+uiSy7V6B|y1-M2F%wn}db zSoe6-!6e2+1J)Yot!HY-epl$RRz8UeU2fB>e9j+J7&8ni%CYH5j%_jbQt*c>^3< zXOS=aL3lh&|Fm<*QU6Zz66C{gJc?q+{TQZRe_Z+qA714F+SE%h9Bsvc{9slF40c45 zNKvUxOE=IWi|@Ey`XI*2bHHS>8Wg&&{8{@WBjy7VBp1BR2QHeUxMWAaL!zV7QC0Pyhp~e(aC*^QXuAj59^8FjPUdehB)YPQyZH35@pKEaH1+MYnofC^V|w~R zA!nnX!NYH~hlJ+W){Z<2XKpe#?io&K5Ca|n(dhLGXK&W05hhv~-j$f$Jj+uKz2J~Q zsv!s5rY=^G#?lIE5E}Rnu^;zMYPref-dLM%#UlF}o z1hm}pL%nf{zCzoDd`+M3pp;%}9P|0pv$VOSpK@-8h4P{tgekOpg*qvs>;`mNgi zIwoOg-~w?gDPiH~{+ZW2dZB{OyIjrb#3Rl=%NGgt9}09=z83;wixZ>` za>r(x6B>XSucm}r4CJ=QX})a)N?y{4Iw)@N8GR6g`(&epO}%e{cooq19JLXZvEAZI2+eV{q-G{;WL5Zc`sx0{ljPvMhD~&#AQ5#b$Yg( zh4vj@TJA_x#5+Ktav19EO!jK*3oka8JSRd79FIl{-rumE&cZh3xVKo_*1HsiC<^Fq2|3*C;tM z?*jUy!Ki`kx5vAS+$RVv3>8SqxKab$LcgUV zOF6`Y&k{)>F>NXvZirBnC-Guv_kk@@>J!~iMH+`k8WkJw7AE(JT_d8Ic$domR+lU0;KCNq9Q#vU}HN~@JKdbLV%y=j%O`9k)(ChOetl7g^ z&_=@sF?W2IMvZnf`&=m`?Kc477SL@#9K!9O@l-!4cIcdE2KW2EVRx=NfVT}Mm2vm= z2i17*`@S>N9g#b^Q(i2ZXle_h|H}eE18JaY=sZtIsuy>+%ns?*0($byKdMqnlEyh3 z64RlItR|Vo)3%L3I^hN>Fjgz+G*wBYxvI=7CP;{~w}VUYopBgsZ1$7yH@F>egNsl$ zr;JRuMnE%BD*~iFw?T~`Lp#yPz6r{KO^aDo=l{mldL%tGXv?L7IZa6p`z574#!WKK z@RVwT`vp_|rKU)`$_WN2QjnZ(qwwzgc%LQnowAUUMc>-rACY%Nq2`bZC0WY??3WK- zYllX=#yWSqtWMt1=zJh}aGE)W-GKM+RUJe3xiZ&h>1CYz@_%xf-imA)lT}of+7!wi zy?I-=dNosSDEK3c@CWS#pEzfWuD-o6ez28NWq|LW2EhffXDvHdu5yDm&^#=RHd1El zz2A=;?X%i~IcvVr;4O44e=PfQm-|XOI#Xk`a*+h{KdJhTX90ExAKmE~h|DrENoOX+ zVD<~ZCKFGi#&+pB<-mY=VTe}#_IDfIPurW)-7hu6xH*bx1DyJkY zCp(@Maky8f-uYHSSWdnxEA5&javVL5A~;@Ido*QHLTN8aM^ z0^39u-$S_O$l_)Wnoy~ds-YC=`;-Fq*NscY!teRu7B_@LRM(vCJ`alXeV?x>yRw9h zKp^Qz08dq*{@@qh^XIu%gQTZY;Ij(Mb0R%FOW`CV$38p(z}kL&%R7JtDEm^FJ7HBN zB|(Bjk#$SqIit*fE9YixDcXJ(>vWkt;gnk@=txxGL*f>pp*Z>}obOB|Cxbwgz1oGS9nc6}A)#Sll8AV1 zCU-mIvOY`n0YR<>3j)d@ST)b_j`&iV!|gN=JA_K^P%d=uI&TXcQerBSj~$v2j;uHM zNK=;iuy2R^OLgtpYBWdNEnd5C=_YO|sipjkE0oLa5o61`wG5a$n+5Ej!D1jG(+#z4J94e^INX<1 zN6*AMpDY>`ly8Q=JkXrTXMDOES3uf}FJv)1XA+O0sPfzdTJBDD90R=`$K@W~6JSi{*Q4T-assEM>(ak4>Q2(9Fr}k=&`wKiu7I+?t04)j^XvdKD4qgcNYxse&Dh)@P z4JY*a#Q(%su3)a7xlr@;@wzL}9HibfLsN`(@T=zu*i&YN-Rk3GI~ijio}JnW77RX`e;!iv3B^w_L%fK237z(OMLIhb4n$5VS)6+3RK#~&J&usL2LU1=ry$6ee z++F2@YHJMeVv4=>RRA;*z!~giRU5(9duzGN^vww7aY>160wD()6wE?w2O701wcke5 z>!WOKW30M0CbLx}E@{E1Rh}KA$Z;<5OcY6mdtO|c3Ee-fcN+E@Co}mcg)bG;O*8zd z0Aa_lES%ichtcqG*N&O#iWOCRW#VPI124-;_Bzn#_Nsn7uJ);>W{_mz0`3E4)Wkvb zani{Z(9V_ePDWC*K2Z1}oa}~sJtNtFxTeR(86Ys@?W2UMz?g1?u}rfkq=EwH@S^$b zp`3`wC}Ew_4FL_=7rP^t;f~Y%n>SO$y=iz^5|?2pX(dh)o9#fo3-FYADKh};!u9t1 zaDK`-t=vcw}jrYtGvcb?kShch7XjJ!BW&fUIPJ5 zx43jFwy=lGh`Vwve|li*ySR+S@jc(4ti~Po!O8)#rd!!SV1<%ajeZJu)nEQZ7tG>W z7ka1+MH9gQ-Qs(@MjW~b1`~Fy44lS|=>VuHm-F-%V@Mw9LJ#s$zDXcflbJw{*PqB^ z>c`*I3SyqcO-ixMc30%(9=u#HxI(IoWRSqi)HieBS^Bp~v*Q9JL z+E+Le^dgD45}>QDlawG0^6VI-e0NVzUs2JchM7NxYUb?s={JvnaZ%))X{#4UCR`ie zIb58pEpP3H`ixxmA*})sf(=eYQ#Wff`dS$${qqBNd*NBvQICcsO(j}ml%l*~D4rd3 zp^^AfOz}Nb(u_x~NZ0@A#0s{WDq1)bX(}O5OTLA?G=#O#eYo9JF~S2AIY0YN`LVN3 z#?o;H2oh^&P9kJpFm)S=YgE~u_GUsy8flDh4fVKbb+7?)bzXd<@<%=HY(zMoC>?5l z2W3|b7F$Wxs)cLi)^2PeUa=RQ9#H*Y8cxdHfwT2$=nD_2=nw@S(nCrUwi!D2HYhym z1obMZzbHA~j)s|RvH{b~hXW&dTC6VdYi*3uM>m7LS-PXu-HkqA9q0zmi1Ry z&sKkLN;5(M6Q87sv=&Ci(h^Ks*-%Ug@ig7&40T*M?r_}yLEKVB>Z(x1yzydhsrm%M zDXNf36??>&my2ln)c0;?RfJnYrjge;8&DD)`(L#pI35~}5@bk!1kdbi>a9Lq|FBti zPEs`<75o{Ot_#2QU4BU?il`2QK`+d)Ac930KV+!xntfZeRc>DMKsIx~Zz@p2^A7=6 zb^*RMQP)evs`NTN-}59XIqhdkxzMnk6YDj*1X$e*G>#z5C)% zcH4L4KPY)CQZhX-TQ^q0hg56H0QIlTyrE-J*}gUW;=1uL+HPA;iCKrWsbY%$k=v&1 zWQDFx*T&+QJY1G5=TG{u!X8~u_;w7;HP`f$U+eAC;OcQ@d~-T?D-hqam8vy6lK+6c zq!baHc#y{~XdONjaF}$w5jb_UUOzdW_H&uC#mhqeieTA0@T8{gF~{io+aSy^&FQ0uz?{*wdR_fP8FZNgi43_5R z_Ls+zR&3*n5(iVX4PC#*GG}VY2gZId4nYj}&GG0%@KyMMTS>vSYaI9#B)m9dr`NL3 z=r-mqS1r_7GePgO7LWueB#?<(R|b5GeR+Nw>hOce z(qNy$YSK%fqg=F@&{g!+^ZL1ad!Dq5s{>q zU>1Qe=mOt!_IiDZh2>udp3sM5gqGM>TfO-~MTNm*6n^WRKprGjc(031f(n-k;(%sS z9s75Uqwy;CyPWPOg*z^RS)D4S2|*HvOe4V6n=BgyIz;qvs0nHi^=_yOib?UPQCn|qV8%mw7W4j8IuzgDAq;bt|SsO`Bi!+K1rs9{>` z)DrEVC7mKuxy*<14}X3#1Q`bO*{+e! z0V(M~sE`7-dbS�yoK&cX<(l+#rV=7V~#THp{B24uyKEKTVRb$Zi=Nuk&HXwO#Qi z?`xolovoGi&Hwa_U>2P#3uzkWUpyOI(O;yhdmm3H>x-;loDo4%CW)vot1}jk8hInS z@9eFKlmeF0HCf0t9{IHE9f0s2;3df9xu7=8#c1nw3kaplFnBk z)(I=`OAk0RQx;O?vj~_OKksaWutOjDqh_)0u*L#&HLn3}V0k#1DL>{j4qqd#r_FhP^6 z#bc2!bU~`1Ana=Cl-kZf`4HD3eH_HPo2Y0i%u0D*4*bMSD5Xw)nkY2;@0n!s4B*9H z0hz9|U$kXop_0tGjoVej-G-u-6do`KmJA(c)!dJ9?lu-J*Py}wQlXMnyM?P(GW}jH z>y4hDk2Oi^AKNv2#9V4V2aWzx?j}phOQg^#7|n88c%&hpS&o#=T{b2Gtvqv+l-ym# zwu+&ts%moo^>>>UesS;L^tz%FI%T^wpmE&kj$oEr-;~m@HZLl@jy!BDAM-AWWnXf) z-p^^>fmv*ON`Zj||3kn*RI*+D#s8&oJqL2J!DHflA?l))DYZS31Qf54fwQ_5f_Ii? zo^`5=lj0E7DhOAFU~YLKaU}*a66K7-GI^zH^*fU~oL88~=tigT*8s3LXC(}qEfw2- zjzfAbZ*>o1iUk&`3=gS%_Gkj-i@tYVPAfW?q@E7h*THEDzsr+?-i1(<2coV#xI<6k=L zf=3)@Ml7aBiqgud{tdR^Y1BMFbO)yDqz+P6c?X0ND}J%5-BuRzB~+H{ zl+Cv|7^b;PLVKOwGm<}7;K8q@^#W=3Zq!}%*Y;Dx!XtJ6FBj}Nx_gAQB(#*pslK=( zf<;1D^atsp`H9bujq!|m$OO;$YhhBdR2j(>evrh?&nM@pkhN*EhD6t|wMP}aM~;t5 zHWqkeS`p6~4#2-z=3pcg8FGiIHy*Uon>sdfgyp=~&=;8?4r`>;-y#pZmQ?1G7%}rQ z8+Fp7@$VA$+(U7j|0XI@91d*w99FUcJ$Y7~y4J+&IL81AspCMa`V-&=A6x&|--RB> z3`TFz@om9g*!4MO=;AharDQk{B;(q&ByP4(|z=m+X2H$ z+!8tocv4zi`toif9R*PmPU%%z;hQLh5_5%WI;+uzg+#6Gx*t{L20tO^)Q_;#Ejy4( z-AEl>mv(^y!MpU2IPao9;vjS*1`P>D^q0tA-)6sKM~=qiuCH&y@08P&*V~# zEr~r`y1t#)p*rn6_da2Mn7GM*=fB-cD&IEBPV|PH+<#k*CO{7E1tLzG(u*raa*@$d zw%in{bR(_+Nq=XN`AKHjjG*uRT#mDmckG7qhe(!!Ru=_HYvU)I_@j$KYhQ4Hox;RE zm7m9<&}4YiE6^E)3+&+~^L#~#Jdzh{iq(+3!*2|tUP5+j54Sye99O1js{!*)1lmvT z(W(jG$wRLEMBXjX#^($#UmHUje?m)@K?>;6A#2IO4i`U?*J^$Y;{_ZmO8&bd@JklY z8sK3QJp65q7pS8nRIH8+R0Dps5xQ9!{oEL@`q1``@F8|rob`L~;OP49OGGjWi5XY1 zo6S%f?qy9?QNoe~5npIUF5PxTVPPMS)-I69@*LNN_QDQRqL=M8M?O5+RN8OPj{&UDc054 z$juQp{rq)g*|pi_fvZ`nwAWMm33wH7!3BuDVfJ0V59^q$VnO1cjBkIgh0 z%M4Hja9W+L%;K@tl-^IAYry|3>^whPK)M^*+LhgB_7|GKHjp!3TFg~|QUQ-u#`Qux zS0AG3762*HhV9ggdNk?x%$_u=KV;oCQNxnwcUv`^`b!z@t~YtFYWs=iz~3fTnA>Kc z9lO2`UDqA0-al%}PUdb7G$w^EzOU#@?@aYxd&j}Sqr3|0{(v@?ol^s=wyT|4*P#+U z^e?_PQ&%ksP}$88zZkQ&YIF5ixZB|{Eai$P(*F=~H}Jst33^r9<^aoYxVlM$Ociu~ zI=*av*f?>jf62W?pWTL48NGok@!urmL{t#)cf$Cpx1`vmWXhyGI*eP9A}uS-DF5o% zyIfySkHN;y9w~SLe@ddGBy4?8^ZV*2i~2@BL$RB$P~posuea9`fnc-A&NXVJr<8TW zQ1Wls7VTDLL41|IO~OtaPw%SzcUy9tBic*U!L91*YCcTZ94v9w;kC>^Uof?`tLG(pdwf};gK)W4Vw147nPeGl&MJdb+~8}W=cKUz6peki!p z_1~s`in>!^BTza{u(AWjC>(r08r}V>sLI(BV4M z7Ojh{hIqM-EaE+Ral}$?O7uJ z-AW|{*A7(p7ogfE#}6Q z820=;1_7FprY!GOV_45JSZ^6R7WdizZi26EkMH2>A6z7T7C3CjW3IeR%O* z7`yo@4-FejS?YOFkdW}~b8i|rYI0{fyzYr|fFUE@pqK8?!i68pYscKw%a*Zlb}KL#U-&t6v=eQhxA8s*Nv z?T6>e=k1P&HGJL&Z9nAIRL{OUV4wne{U0kTk$dV;a_x#Xg(MC+z&%ZUx&40uryDZJ6tOnU87D zZCURRxq3XzIJ#rbs91v8p*{aM&);0F;@S1QA5Uvx92u2!JN72$QFJF1t1(l(qLAKl zX4%gP>5FW{F`fB1~y6i-(RNSsRb79D;{^vmuj2^$lGl48UpBU!O>nz$p^t5 z1Ul7@-^4Gm=4?WG{-)#f;p8Wb*?u~7*K=%3$ zS^fTmKDJ-=`c;))&Zys2NW0;w@Jnw{^(>A|rYH>|%7#Z`n4R|7{<1s=)V~is8`htoc5Na^nP{rw`7u zATTtYm(x*g7l)Dby|2I76*l_MRv1M2Of+VeOSP0|0*6n;n z+tMB3*xH$NVfpLzqoF@H#FBsdcPh!*bsb$XRi)VYHe*tNVMu=WHfZNx22>jU>RXDE=wH=7{6tN1wR~>zf~@AIzoev zRM+M$U9EogCFg{Vp8Y#c!UfwBPwCo}BZpT)ZG=jHHZIYw|3CKLGAyd?{U25YBt%de zBoyhClpds1x}^~qx)G2VU@Vlf0Fe$Ea_CM)0qO1%k!I*d;J*ev=je&=@w|Jk>-oLm z8urZId#!ujz3%n7b!?(qgZFOI1#oguy=?V-7KKry61RQ0cBic%g_LV`Y&|Wfha`?# z{QZ{Yl2uVkoUBp-j~Z}zkF_`41@qCZK5<0E0SW?KK@u!KOks!Ugsk69$jD`XPqMvOcfq?f5PKJm!+E!Qz9tXT7rI zJqnzsgoNs@$#oI#g(xjo)TbU@#@9;^=6HIn)1Vl5xpAW64mG}(`jN4pAJSNhcE2pD zJRKE2WH>LTwb^Q=GGMQhg6)Wz-EW(z<<4S#_M297V@FG#oA;N2D`SnhJn z&4lwE#H`%!FS#oh@t`U{bDS@JDyw3=on8Ereb)L-D5@_+saxE2n<}1j^3YcQ>y>l) zNpq&6-^?vskF0|z9iz@v;*r-(Z)%N9p341|2}hRV6W$|o-M@q#slT&I%H1~?2H%W2`gr<4aF7OOTNIp zf6+Q#1o|cj8|1|j3Y6H@i#?UtvNGQh8WyI0XMYv69&wa1E=zt;y+*an?wF91mHHHO z|CkGSWFX}4hV{+jXhfm5WS0+^QVXkKJZ7hrEyU^V!_u$9swk1p!=?F+*{kubnd*H@ z8on+@!kCf9$CR=$g241`*(?^mT8uGDgiq_A?%J9@RE!+ji{X6}@{Cq#A>Fak=7vV( z=x6Qr2Z9CS4tQTID2k^g$rg_-#0djE|v{F}*u;m&4@5ZGARv{qz?4wu&{ z6}K-p4ZHH2?JJuv`lyWYzK$e}*ztdII+`=?Wv;CbLM&QuM0;QMk+ttTDUJLz+V6^M zlZ9yS=6K#N7HrCQncc%1GIaRz6bu?woli?BzW?BuN#8)O(rg5M=1Z+Z^|{eLE9SA@ zSDC_YXIC+%h`g^j6V{Z3TyIxuep&2eRGV$kW6me?kwWjXK+v(=_2l~3o1}W03~ti; zS9P80IvdwEG-gIQ4CAn6ZudS>QZw$dYB8?ceZF{%&o*Z(IB{O*y&?(KeMTJQBgvEe zG~d>Ao|v8pxfhDdiFU()gTsY+rxW6lSK<}8J+)3uYd(F7Cg>$12x~ud-{j--tfC!5 zZ`)Tp2?2!nI3h_2?_YAuTVKTdCONV=EEKH`Uy+=O0WWe>)QktGU@4~^fXhv@G|xWM zr9*bH>C&-8Z!#sU-`sq~O2`jlxTl>QhhsEY;M<54=;zrdZ_gFLCN0hyHh8OrEDFvN!O_3jT49fA_;5 zuR-Xk;{VIAPQaaUi5?4bNodP`GnT)0bJ}Z2;Vq8(&g1w;88Qy*RC$jQ6E(;`VF+zB z&jJhJb_rsv%Y549yt`R$&X*0B^M!*z)HFlh)^SVL_hn2!)^w9jYHu`&*X>27ID;ub z9%6FE(XEW?Tx`cqW18otHqjZB{ie%-Xq&?`2xZv6nkl#A`*C|Z>YfDSOuK!u`p9PI zlaf<6z9jX8FnK@ot(f_9kc24AQdLzY`DCwQ-ol&>zUFy*4o+z>JvNSn>iiY&+}d6Z zLmIr<^=rnu0jDDjubqIO!>TPYde_K!0LDddRR4Bd>y)4Vs<8FW(^DsK_+ubqv?aGj zyp`InP%jM>yvGS+Q{9AH4JGpIOpIGSk*O^&FTXh|AA!z(+Gr=FrZ&{lxgXMed}7~9 zTYtm4RDy0V>%+n2gqhmG8-q;L=uA?ER6pMJGSE}wq z3iTv&i3bkhzPxmM%~pz^zs?bF^)0CA+YT!#r1JUtHf}cIieYMooWOX=!84$<=a!1l zd>JdYmR%&s%oV32H$#Z|MrrN#ZC9M0U`X%jB!aKbngHxyFT`?|VJ_qUcymX;hA z78a<_$i2LJ>Y~7US#ly+5E;n08`~-7yc@O-4#lCNXQKt}qXYy5cIn)otoRlh>^wZ8 zcT%H|A=3H3krEZPMv*xn~{3i&|ybXmrIehX+7uqe8 zQc!3b5*^AaNFHq`23f@wiAlO5pU2Eus8^fet*oMjPpe&O-=HC~PBCFg!RdzM>@E4P9FJFVvsS{BsneYbI;}&n*y~Z10IS?oq)>`cX-4GRxk6<0>>sv`)mcW{vud*tWTfglm zPew7zzD~a1BtrpdzDveWO7OU_xafgse{w~?eD)I$pljjt}M+NaZg=rO$4^v z^A!0&rk{${ggIV^jxs`U7>Ig0Swc?CJcDY*aKELzp915{GNLazK}t7$BR2Z=hPyy1 zj9G4xw~w_j295z+g0uF4jL@Cp-JRF>x&Zzs#eEu_wyHavzP5KxZie6fDzPLr>?>_x zYwJqkp|rES_ti>K+bs8TtJQ`I-u_bv3`YhA#i`t+78wSVuWK-g7V~zgJyo9U+P*iS zzXe=VHcr)Eph*U26%?f?nuy*cNu7hrQAauiOU`599RaG86FpY8NalEkcdgsQc;mFO z;o@acHD~y{_K@wTt-jY1l7g_B$oP34;%T^QUx>v!2Qj&ci53Zr5`o#oAnd&{+bz-c zJ3sq{QCC%}rap;v5^1!(7|@@{KeHvrU#Qc4Z-&N&#pzUsW`Bl3`UybN_;Xb6gd zpGVBf3h%nc3euMX^K~$TYV`2kFzT7gpA51w6<@N^b{R+Rs*vO%lJsBU2aOr&o z7@;3}gdU2644_UZ0ReWTajIu8;nE)avP2X{{?#sb$&HR(X$bxKgq+~Z-*+fY%unt$ zKexYo`kMmrJ1+L7`unl8t@>6GkV=1H{_`J3(sNVNkf`bz82mcBTk+-AWt-hd%>CVnrrC?~P1N zWyTz5qu|85ZmStDH?VxG`JUW>(iX5#XlE)PYnHtkVRjsX!LiRhPO%XB7?&Tt$&|Yp z;(_{jkhcIZyKh_--xk)w%V%UX*{03xErF`p<=T7hQrBdVC?12CFIzJF|_)A&jP&F z#Ql(J^S;hOM~Y%kO|Y=Kx|%3hZL$1#%dqFZfAxM+@UzWa$;DH@v`jtm5GBkc))Uf$ z9eexx?|Wi4Jtzhk0KrV|!e=W~o<=3zf|vcGrcW5c%n%{sY7%NN zS$~BK!RrNZdlc!TFt{TlvZEwK3c+eJNz>zfnA&&bEgZ!DB_f5fqr+poT8cf5rM7(9 zU%KbJ=tHKk0LyR=O|ejL?twlqAjCU|nY3Izn|E&OHSCvcA$*7!ot_v#ARR$u}#H$)pI3CvI|z=`StPH$9ec1!#5K;K>%F|B|R8W_lKr8%3S_ z*=MZf$Z<|_%V7=T2ySDCCo-2Ry9Nh!SI(;ZNzvQf z0JFfmz=;(PEwHfU{<1hw7E@JRG45L?Y8EJ2VX0Ao)O}V6>OuOV0(FC}3h^FmVExmg zLaK1=MoK$3q|sT9A3TIKd!YTB#C(OHN;FTk>~(pHF1@ovXY@xIK-!nz%n&BLFyA(e zTjk4Z8)U&~*Blkb85^BDb;wsBKJDRA$C1rpjfn{N#Jq(LkAKl3WXOVv@rFJ?d|E`c z52F*zzE^F%pIR<<%w=uvhsE6XQudRad~QS8{-Q6ub#O~sc-Z-}y(@xoaX#fnh0BeX zh80PT(|77QC#<`1(omnsm0*+zZlfwDpSF|mrny5~9Zf8G6fOM(ZoiD#-YI!O5YMqiaMSh{Sj zW&3*D`VD!(=38Sz6I-R}l&mUjy>ZRWjrE%({ z_2l5$h5sZToFFGFds_*azGw++((Vf{kOrIP)78N!;kZ19c3;E^eol?X^B7~5%Fr9# z8*vq(8^bl?ad~C2&J|NlVV2hwhDPR`qdP&n@6?+N3VMv2>G;3SXKd(pVlSZ@zxLKHidZ@}%ixtB>{~Jn&vu`Myi>vP|2Sx4uPnTy6+$FoIRIpHq3LR`&^y zn`NF`{)K-MslRa`cqlOlC?6v}STy-Yta6yAR;*oIv1`v${CLlO-iHe_VeSBr8N$AI zmyJb9(y}~%Yu&?VsIAIcUqZ;bd78wZ_1n6w`6ZL%OzLr(nvMC?l)&)`;r zS%Xhpg}tF3HTIG*c`s>w5Q^rygc6xDYEHKlkAgzDlcR=`twm2G@KGf~+YO5;u?OyT z_n0a+Gs5iG?5sIi?NiSq5oiBdn3;@C0ECtMr?>FjiMBT73RLkhQ_VTMZ~n>ei(@i^ zCdF2iC588w6xxNk_JBppizkp6bM4o}B9EAtB%kcOO*S27yHb@pKim8TwKA7QvrS)) z^xi|gi`GXS+D0RL?{}gt@88fFeXS?y?O2sJYG-vaaV}Lk_7V}2jPR2E&*^f5go~#- z%lFqV;wZrl!*R}Qbm+2C7KBDbw#G%|dUj9t^*a`C-|b61Yyq0!usgQEcYN$_es(%i zBHHTX3xr7te$_5d9ZS6VKU3o`I?sd+i;9;>>7?P|Q6Py@kZ^(cZR!Yt!6No3yUwiA zI#NdWyf@-Ib`6PH2a8AvZ>Ua9?20vn{oGfwjGP{2nUJYJ5%On!{U;T}B8{Hm7(Ow( zbe0Jz^jfr#_-&7D$KuRaOh}}zl$FK9&4y@G_wX8zx_b{e<6q^<8!r_xSmsAGl4)vA zYkcl#dSE8->yt}MgGgg1Xxa@H?nX65A`JS+TQG`SLIUMsh6<$QF`4^hrEI6Gx>Z?^S>IE%e z^nqce|6WD#JH!1mo#1-pRv$qy-Qeem)d~ukXZ9k99*}Y8UsIYI93%@K;Jo!47C=D} zZKa^4UJS@pAN5P`|H&TzWvTyoB|Q$mIlUfZ=)sFY+~`gtBkclED~GPqc~K{qtCjSw z=i5&3Kd|zjcwF(>F_lei+6H5tH69hX1m-8X71xDaEp*wq^*xdCD{GdaM6YX4kP*IB zSZdIc`h~+qyRF%seNM_wFJ65Zqs*Y~ES-d1LnuwbLwxcf&?ba~mYeTdUNI{=9Qo6b z{{COcDg5JUf3D%$nBkmB?+r6V_UwU@PZ7X}eKv#DunO2D^*B!JQH!O7nQebIr;ScE zK)o4S$f==?7zNGt#5X#mWsy3i;>cWZa&5oY_@FnbkJBK{Y2WKWBYrOow7kuBdY%-w zJY3RF>%DlT+sxQ_{F6w!W)s?VB9z!M!MRE8lUyH9QXcLyV&hX{E%B>ke~v-$y4<>Q z)mZOn_H`Dt;P6dwlX6V+VB@;*y1AZ!etz{jIhO&BQ zh2pdstp$cTBXz(nnc&Q5^}JeDN<_(+S93LJ*E}3bBg%z)O+y^?j-J@8IT)@fLU*m| z$;fosO>{`PP+~KfSSb&izqKIW{)_HE$bXW8hRd(x0@}YUcBE$+<|Xi7gQ^XCUN+l* zYRQ>wOqIq$461LEUMQzZyB7k$78!2RgETi|*rry+?sRmJ5gOaA!hByg=T`2gV*BAm zTjTwx)90qM($gD3SDCXFd-Ivdf`ab0IB{G35{DuHbu4HnPdO#(m2JwOc&G;fk+zVb zUQSfMmJ+Oj-2KugA=)2XVE6oWD{u9P8lj0dOl7ET-$y0R007Nq}td~PiLa*jcIP5mG%L^Q^K7GGK;%K*h_!Oa-iNY(cqPgzW zVbJk*5%i?Xh3$b;6Ipu`0d!pK3qvMYS}T`DQL8%p zi{XZIJe-ycQ_`ZoUrSMg10^{9q<2;vB<71i5^Kn{h zrAnhlxxbodfj=Pw8`>9Yb=w1vOP}YW58S`nwRIg<6o>VqgnpwB9zh zId0peudg9eimV|4Dcr4IO5TgIPGf}+Z`SoKR-tkZ)s zhT2{OhrjcFZyc$&93&7wWp+LX-E{oPE(l}%1 zI?}DBiseV!{B_X0*YAghhfz)JIfX#j*|YW&31J^!G(MMX8nknF+ShX&Dzt{8y!m6( zw1IC@GU~gJlI?e08WHwh%xkD!<5iU_%4-6+MP{Plgi29y@sK>|A>2$ho@W*SnoYW1 z>>dHCxOP8Z4N(l*{W4&_Gb~oeRwWieu&Z zXdjRjcy<%_4ZkXhJ=80av;pVWkG_bxAl0R;Y@91!h+dJnr`E6iHVh*}Gl^9=c?M5L z<5{2Ra-|sntkJqv_5TUVL7FAmStbftp`olwc zPwA7l*QZ#Hz&WI%J8yZgx4A`Kvr3(eJx5?zv$B1YMo4LS7oY}hzA)jjmxntzJKzrOCawA zX*Pe465Q$+6HX`KtGN7MdSa9UkJ3$eqIi>82eR5zKP|4Ev91V3*aw_Wq*!z@2O@8PlR$3nD=`jasJgSjrajEL*E8c}Ipht+9+KKLR zw*|#_hHOnQ1oWPa^{?TzsXr=oQMkRu0Uh2$kC;d%#Xl`C@ZOAOSo#90WSrJ*HLX=| zb~@UT)Brw)y~IvG=|#I7%9s zTt<}xK)$L~19)p>U-yvQ-3rg~VKg7qU~Gygw&~4S(YP8u-<6_p+PHuJ*9i(76S+dB zc0ED0#t$U6h%8IItaS6Og66YD%aF{|NsJj{L`sy+NoO>v1?_SpA|l=ysu4vQbr;6s zMX3ws)TWc3CciNK1hHDVT2GBa!~fujiMY-8d^kfZojj*KYmng2;1zv`0*xO`8}z<@jKhOJ0h6v*1Hpd z7^ozA9wp-p4m&l^FVE!_hc(q8eKQi zIFNYu7pa-uxSU(8@4X;`2ibc$2P|71V z1JcKT*tq}oDg0d88V{mr@k@u^P?VT|CdPBCsLvX36Fj>Gt0#lCuW>6})Vi__$ISbY z8}ykeO2wu|T_AyjtP-|pt&Tx-XT3#8i?=F8#TA?{A|TBeS#Gi*h2jqbrxZ#mpTp`u z8?Iwiws_EK)WIK(r>x##Oj0Uv$FnMXyT~Byx!o*p%3*dwHn;C;(8XNND5C<9LNAmW ztT_ZdFgo2)LvFf7YFoTjiRpX-jB`%1-KueteiD@_i?`J}HxPJf>aY1MLl4H555^cl zQr`t{dLKEy$Em?o0NS+Pl9!j?(C&O1e$^qWdgIf(`?sU5(#g7Yo9{Ms=y5yM5D8TO`}GhU75C`pS&T_S_NKWxK|h2d#EN`q8IjQp7%SMDtaA>b|pu zXf1yq7VGKl=224xqc=;faEVy;6bZkA9LciAefma0`%+Z)#wfRS2)VJ(6^@)mP0+r) z+RjiZByCZrX)FcmSaYz|96>pUrL>*~VTT@cm81K@OTX1Eti%9q*=0luofh}keX%5UGp`66u|qxDq^%LxR*il zmXs74+AWdJ!eU!^q5wEC1Mx?@@y0LUTp6j64QT|E!VYRq3HMG&?l!7~MujN99toSv z;xUW6*JuPRUxxwIubV$6Ib6kWuX|!g{vAA-v)TKXxswzf|F!kq{rDJRlCK_gul)t> zhhi6pT8DC8X!G=CB6isMY>G z)ThSaO;F|D@Fv_qPmEfx$*-`=hBJVWj<)4-3OxhXWdcqwB@Jzxz*Z|yEE-b%uqj1g z$jA^JX240KHqg>=VSB5TqCVJx&0e!31J?u4;l?|IWv;2>`-=s)+0?Out>Z})Hzx@F z?m87gnq|%Af(eE8*-qp+#OF(*&olar}cAYcVGblAgVAm1wAU zaL~GB)Lp-~=sEVcn$q8I3Fbs+n3Ssf3q*~(XGFSDy+1s)Bjj3R_<&79nGq2yrKfG-`i$1F~=;;{1n->0p#y;wFw;R9Cc1wnu z9LJzRsna_&aM117pllD@xL+g%GYM&2BVmrMLBn0SQp*SmR19S`w8$*Ts7G!+jAxmQ z_8mi;plP8R%6n;Xp3{`wnsH64WTa5p{UwhYTV~}L9;{cS*t)WVT_kphDZHS2D9!2C zXiIy0`-hHN8=j1z(Fiuw@-iWcjmgTPl;-i4&T_bZgVW~PKcp=*U!hY@r!8Zyy3Lco zt$N+=S`qvdZmI&PYV0INF<;xc#Wx_u>74et>$!ETEFZD^ay^-TO(8303hRfK$%i+& zlq6CtQX9^}rrWeDygXkX%xI7=zHQ8c=GW;Ibqw=1@MT*+>a^h)wCm#!H`h!`$erDO zPAgECf{5j4!4&Mu_cCm@AFCXU^O|S%UO<*8p0tk2SBE<~f;Q#1v?%)nk&cD-r2BFA zCefe-`vB~^od;_M1b$q&GU(pNi_hh0ap8I{PcS;eWI0{R*P7Usy8Xx^SaKEMZlL># z+elJzMr^XuMUf%jH{B9Bs5;)~`xor*qqlzkNPGPAC-@pxhG>fR?!Lf$RFf%C_m#8s zyjb4WBJJLSg#%g&FZ#kd_+zH964P&kV}2&l7+r!~3PY*Ob_KiLRb7{Y5T^}!7;f{4 ze7zBloy5wb_|Ak44?}_JW%8j6+!VmU+&^h9>oO3*sXxMR@lZ+=?_T#ZTX;-_hHm*; zTCuAZ-GUAyR!T||9vQEa<)0emS0WNLd7_#?-oXI|gH7xLf5WzXSOsb&$X|u9hG=aq zkJDj{)N+#^s-%Pt7g~37WD{n*vI=ZdkIo?Zs@6&K{Fhyic~Yy9U@O=2eV@JKSKnAA zPswP+=!_({^>NtYNm-?vPhF}Zd4|{%y!)tVINPT9$T!=&Wlp$AIa*~^IGJI3L3{c1 zLLIsBnGg-0uK0t&_=j^>(ehq0PCawK4S7F)fVa9lJ#C?(oijEz)*PYb zG=jF7D~Fjm)l~PUlI*O2(@<(2*l7h-YAgf!n%vNP6A@g7R8^n{0Pv1cM<4)~7CC_J zZ#{fl#=?UfsGl!oeXF`Pg-m-V?W({8hvWA*J-tVp-*8F>OZ4gG1atwP3vp!NjqRl%of z6T9m(s929NTm|dEMpJ~AovkhYJDn(HSJ2oB096aK1N7ECj2A3s+4Xt9KFBcx}&{K&Ie5f1;Q1NnPpY7mNzEcVaUX-WfL~AXvq; zdZs7t6^F^9c4y)Vn`fO1A^b(_0L3mFjgFgLwKeo^(eC!txkHV)NyOG6@DR>Yj+5AV z9BlSK&4uDO?1K)@Qjr#JAenOUgi?cFZ-!Q}>r5Mwf2vugN#*mv2#rT&00_L7jN_J5 zqp66mnpy|L&zpw;zaciD5(w(Vh-E2iUd*Y~wIQ)tV)x6-_hXCvcgkwV9m}T3x(QUw z!qFhbedFVjeWtG}{Q&$msoPSv>w6a4T}IO2wPxVuJ2VxGYwrSooW#L|%C@X_dl^KL z-B&-{n(CCNqp^M7JXSLk=dJjo7zNU{ITJ>6H4nZPMNS1h0Md2sYN+3vCx$Z^>N_ z*+}BuZZ^+KTFnG`Cikp5E>C01jb$K|3P#jRuK?)m0J@9w#2D480Bmc6@}k?)Q%Tiom*8Cu5_pe)-O4fPCUAz zGYCTWs)McJR~)JBKAOC~+dCc0jUX_87L?%A~@ZEqaU6Bkvubz-$s!6UCs}>K`P?1@7lAlmr zi?aHy=krtf{P3$_RIScCWW;-iyja&D+d=1 zFfK2w3k?-Lu)4j8-xsUDcE z)e85 zuo8Q=IW^FD02jC+vNgTf^^x~-mC)q^3gm={UzcZ(lkAb;#xi%5y-g|f?zi1vcsdF2 zwD{q+Hm&UB%&5_1Nk4f}-eLBHQIE!l_U+?vK$?w@-oDE6&><~KcA&yawho@_|MEqFpvXg18tRVmMn{jD@y zE+x#A`&zm~?0&dIzp*dJOpryUCkzCKsiTxZ76cahY3> zH`#AH35}30$(Om2_g(2)cd2a1e_Wj6cPb?+m{gIX7wK1#(ud5;H4QvOzS8r!Lhf0F zav2hb?QNJw(NrhjwD-sxx5dL|DOxf;tg>xrO0QrcGQJMGmX4xb7&j}l519+sE5YCl zV#On(K`u>HHwWUb^%lDopsd^o`>RbI-f)#HnK~A8rH%smz2M-%<*g(ok`l#Yk{7A2 zJeoXeXHcqy#T7o}fW<+kafiV(-ECod&Ge?Q8#(ag5lC&3?S^){i|z({n!A4XY-Hl8$S7q2ws!ID81bzE zvk8hhu1Iy2s3foNCA7aWYal6$z$ux$%|GvmLnd)$`WvYn+Xv0i)*r4%lx7g7%(-YU zMIHXoF6wk5(kQafY(@-U*IKBZtVi=*DxM5=3X7_}ocD-e&P}Bj{={Uvih+`_Q3VgH zOqNV7R=A0t_JY;WjZuPp%l5cuC$k3Z*-z1coo<%=wY=tPt;xa|?F*A2;#eN&HUW5TYJGgYDO5|8PI)fW5aO()wvp2za8!yg)B=iqHbiGg!D)H!S5K)$1y*YhiEFhwx*@74JVkvL=y zR7+`e5FQ8_-fDMh4?=n`jg*-wJ6|pI-DIvKfnswM)2PAf4pB&V^8MFrMGglj!}*zt z0e7JLB*($^WWQx%x3&bkCn<4!BKTiLcgIB{IBTdb@WvLE-XZYbY#d5@jUx|1nD3II%U-%qz+ zKV!~Go%xw}%nzzFbU4>QzBn+L6@T5p2wvZJek{^kP;i*e=dH?z2IVjAo{XeEQy^QH zpW`#do+yV!DEqoSERnrwX>+&TZ;U_IoE5q}R<%`gw0(3oljYeWar}X=OryIFK8?(?8wlsFPUEl|(oymj-iUvuOuJNb z%=oUtK#;;2jnJ( zm4rt5lj4;_!(^2QKPTO3-7`DlKK#rrH@eheue7zi7d+>hB*ji}efEJWip%}2xJ`}( zdEHqb*@f?LK;O5!!_TP-PFsmY5>N{cfK2|a*MaFjd$y2-iJB`x1l z?}*>p{_up@{qXDVGg*j-MtZ2}(wMeBX=&;vX(R$tWx7np1(jqks zRLW%Exr4nBe95W4L_5=)bV|Qkhn5xtc|X&8lgX^uTK6SqbnF=o<4}?>q)a?C7ge*) z2S^ts8uf7Ap0CE^1IKOVI|Mx+Z3M~M#)M1|2v zOloY!w(Cuti4DY8uxxdwX&!0`Efo-|Q(Vx@_#%dZ6pAf*&s@;g`;uCaL0?{Bgtoj$ zpio1~`maGZD5%vfu+WtlnXu>sMU$cgsVP6v{*MX^2rdQz-D4(pC`EYP@cj77 zG26irZ|g>W<(RFHg#h>goHNZru3L-gi%}re87GIm0Q%X%?5isG#N{fK+-5_SbAPs7 z{=(N(R-k<4HrKzQT>bG5a1x6>7bNPQjGid^Q#D>s(OV!s=AZ=NHXSJTUhpy=6h1bO zLtwiV^?6mnE2@B6oCq~4O*!l)X7>7Cp%tE-X#dM1=8{b>!NLfl;E0Wc+*NZqjo5?N zl~vV3X5(P6-Djvg!#FPu%I6fK=@kFAhHC)Cjxd6@rlaiD*W>UCfE8ah>$d7dU{u3Tt zaK?d@o_)t|xAFn(Q#o05UsUb~qS%+t&Uepdgfk9ha%u4xzC;Zp40UFyslo$t2HHhQ-4wkWdh z5iY8G4J7`zidE)zVT6!j4-Qct(ixuTwv93^eH=FV+&*dIiljHW3NsGVICEcCz)TVCHW9{g!<9-WN>z z6+G5KGneg#>eBheJ)>g9qWQ2g?T23#lY49o@5UKK1{Uz-D!J8*`*Ti7SuMO0986ud zDxyR=^Crp;i2ZuaBSZ^e3kcRubn?f#icEqWtA*|M+x(far4oGDDJk<#Haw8Wt$!+L)=>{0 ze6l_WGOW7Icf zo4=8sAGr9pZ+jkqLX_kSOjv+N5^l8!a@po@X^!}A*gT~XLA~x2E48z_$EP&=`I;EL*v%zKQ3euyY{+nH~w7eH5|6hYVjScwTw;8=A)-89lfj=>XWPhy{CR{C>bz z7F%^D>5Y;O{nJUBU=~n)`ZDsd%Olh?wQoEe#%((1cs5sz8{#nzs=uMsmGMKT)B zT+z{mPe(^=`g0WZc%_K+(nG%i?))%42q!pwfm)e(pO_9dY{3aUva?k7Kc5K5xc&*` zu8J7sLm!aYgHm@v$1ww0Wb*d{t4d}t7;my<34F>HF>SkvtOu}-dNOZ&$D!ig_UC-U z3rp?#+TD(!=fe=2;wSY!`V0EW)uMB>`#JV`!rf+l0DQ?S{y(im5?BdF+9LDXtOCFa zNZVq!ps2-=1Hg7B^;>Zt^^Co~oUwL(%CCQw&p{|#dC*OVe{hJg@fkE^r{Fx{iJ(6j zlpnb42f`e$JERwYMQBf7RKqUN?f&cz#1p9-S@=GV(tc*55G4{-_xAVZgnQ=V=uquGiUhEbD4at% zFW3p`i?QDp%2^GzJd`tV+bpq$e z!5hD>Ga)9Q!HJUStNJ!S7bX91RZDdZ5cbj4mc`5eYSI5-10H9fc9dc`1%91pPGAtA zQHrE5Sh#;fb^Sxo|JSF;tMD%$w3J%^P8)*#;d~znI(iXN(Ubq=k6MFREt33Y zdYVCR!G2Cg3Txr1pGS~@jpa~2$Fu-;>Np)89dq7^Co~?vKjadaLGlIbE#jYV_}O-S z+pkKP#tgHL{wBacn|!cMd~RdLL6#Yg=u!r2nqZ2tw-n^drp-$Fr#;WV@X>cwOG=iu z2Pv#QQFvEO8KU=4@`NTpyDVZ*-GSW_MI!#mEB#GRe|u^N4u%%pW5j(T=qYvjp)%JQ zs)^EEbN~w>Ds`H;Co5G7&RHh@+J>7A>2+<}_jto8^k)t(pT`|Wt7>uYK9{l>Xu;r0 zWc!SgB-))$h`_?T@9?tGd?!?61%(C?**4ygIB8wv6J{;?mo@pD$#1fvPm!s8dU%gl zJv|Iv#P*y)J}Wb`863Rh#+A!#m;PV`4w@(9%+!q!X&y2(HK4@LU zL8?g*EdBTm)^gR07vcDFw{u+86Y1^f(7{DY#&A+WzC%`n{_ z?+AKrMGax+x&4CzGQmI}>Qvgl06iI)pUlc4t$Xj|Bf*pLI2iy+gq8epev<6C=ib@N zIQC71_yj+&RD#_}tRxxJ&=>+3 z!S{GKVj%pis(?x3uy7z3{_fi@y+$ zg!x(fEeTkDDO48^&PH6i8a37D(R;5WBXsL*^EMqapRDTwW+3t7lxgx3dWGM4sh8!M z%D(4Rx{V#B{WTLscrW|R;Jvc$T9@_dA^-%4pupG6JTVjA>t$|5juDPVvvY|6j`dI4 zkq3^kJH|kKOH_*iSYN*3s->-gIs$`SpXG;7hA9LXc+@afnI`YOlbKNG{(hrk1bFC6 z##VPW&Rm=4TnmJlNw0TXy@H=>MnN&BxiHL6-r<0zJ$&~R1Wy_j(FUpeHDAwlfX zC~LzFPy7Ch3!uRTyy7rA461*X(I1A=Qw$v2BG}hoJ|==5CC?PvL;3&mq#!Q&QSsL= zGudj`{f9F);Dq^kEG9-GPO>0fOUs$dOJvdCP!E4&-5)gi-|34;j+2P#7!K>=U$a)< zmZ2vdtbm)B$si}%7{Ecl3DJ}Ji)@6L2Q%9HNo?siy>Bq$qVTWd;653}poH5M3)2H@fG4L=TJD4f}(a-_A;1diy=dt0KL!DgVH#69@ZlvgG z?nf+mySBA@rMF~dHBE8uu2n4$rTgqIi8mj#NhcnS9>qxepE!wui9U2+e-0^oy3hXH|9I#RUnQtvobRM!MAH1rIDWgOFb#}{jOJE}>^~0q zx1SzQ3oeIyUB))7(EWeT@{e0OlE8TM?wE{{{TpSz-$TU+Cal&qbn%~Q_{Y;B{*WL% zFrH4hoBsc%`|tPs-vay#=l$OT{BO?tKMD93(f|LU3c6D=3oGONlgdqah}AUpI8pt> z;bG|A`IN^56(W-+ewM37Z(Lhl?%a{#nB{6nS5Rjs1U=Ts1-E|W{s!R)SIuS(X1r>2yyB_%sg-6PSNzS}Kzthu9ZYs%Tbs`mogEO8Cj%%uP&vB}x3q9POz-*rK2;qxw2Z!oXHXN9WER zu0WcA3e$0%=m!^rvYZmv&=2A750;gkp{#Y`!-OfN zF56B9!o~)|?oJ2C7OjAb{+xYZ0Oa&f4*K}vb7@~Ai+wN8$LJn{ zQkcqt&psKIpKhqGPArt2QPu3~W%KwX^wYe0jOiP~^#cJ3VuIN{z-t}HO|q1qSbc8V z^D`P{8?&w;Wsj^WfN6A(h@8M0kfw0GqWDvB%N_OO?AW zYvs%it2@i?Z&1=t&$u@v9s;aDPnM>+C-4C5hHaNeKQ4y=`E_TLQ14G~xctByc_aGvOlLf^5RL$O|bG z%-BT^pMeh!%XU(H@??DW`T>n%qt*R6T9?=t9Zc?P03z!TV>{3KY_iEk*Faar%#9e# z5aNwC$nDM^{eS!hO?#8G_;+MjTaD=0UR`obU7J_SypyM6n^l>i)mm1P(&qB~L4@U4 zYT0%;(^sY+6)^k}?weBHhi0xK*@_3`I)aO*k}slPADILk7uIWK!9NlNT(>$84{O!B zsd8pb#fTJ%kPpeE9xtgRwKS?jP9M;YKdbp^?k3mZmllb2l&vO}j_0I`1W&cW3P)4x z$5~Qwsa|%SGB2dM92%P&NF3KvB0h&@X4jP+V@+C8_+oe?FeLpw-A^-CO@Rb9PJ0>X zruct8{vv@3xI*)_8R|b!4^5c_S`1-7_8g`Nzd)@{L`;Xk6uxB-D!ngmtt0EPAj9p4 zKeDc>D4awqG^ zQQ(=@X5siYt2BONhfo$%mYnGbUlCD_sa@84-=6UsbG&)J`QRBXil!+i zXf|agx?K=Dhb$jr=7v>bmg*?bN|JK9i5m@(=b1~%XBp~-Vu=^ju;|I_g(LY6zKnaq zi@y$k)0p4L3fCt4n5j8qUf4KUvB#n~wshHfYK*_ky1F!9A~{+6nAOq&O;`D^d}kJ!dZ6ue_`olJ@MTD#kxRbFUM?DY zL-sLJ3yZQwmKemIuJ>`UErO&nhp|2?zpwU&d`Vex$~>?5t#ei**-vAsCE&J5Ok=QM zsvl2oc`~NC7}G3(U<8Juc9afS`qBn1R|?beK-v6QObf>)7K<*qUi#}@rt;^dFZa@p zt;pG2m4&=0wv<M;50W(*uG`KLAo9Bc@)iPARa%H?6Wp zSu1{vtt%O~h2OTf)V$U*r{}X16Jb(x!8(wL@_V&h;rN$P<2%RRPuqqDroTF$4{$6Z z>ic>=GuCW*YoE;jtFwa_EGhqeXBdian~e3K8@Q6?D8RgOwGyWGf=( z{U_SZXM;96DI;h88jzS)j$ecA-R*K#DfFKDXc4mZ!^^|@bDho7V$wD0*VqD9lIPgM z+q+!7EtnCXuG?fQNJxwNYK_5%3UV(gX=ccc|tF`W1=>SqIjP+r!DEOJU;IhOmIQMUDCs)r6nwR@Pr(tnDvecHg8_icU)^tb~Ve zR?Kplg;bMMJHDOfRG7MZM7Sl{z+%SAP?`R8Q=$N-nZaC^q*Q5Z08JH-$Cq>cG#(w5 z%+TAU)U(nQs`sGwB(M`&&caCPV{G=cHb_fjOYVwG_0>vMSiXLp~ zw8>UpOp#ppJj)FJ_Kx=1Q{(WI0&?z>y!#k60n&X3H4qM|C;yXu03znmMU+$fAF+@7 zlO|t5NMtt#h_v|6W)dnOr~DeNI?YK<9+=L+kBp*d1g)lh3r~j|7Tw`s-MjGb2dr`)pxttw)Eqnr>Rq{C^%+3M$fpWs zQyX^J?OpVd-^8a4o{`VYS@fBWCfs%;=;SY?4=Nu5uS=dWH~9H=3F=!H&G;20?omz) z@!~iTLV-;71KP${1F4%!d2p7b8}H75B^*w9_45)q4$F&Wak&&5`C02zu2AAy zEp_G%KF9B7&yW;Xa8rUpFl>V6`ApfNgu=IvRqV*gD3(c0Sc=3n%Shgq)gsN<9SYzB zJE!v4Pna%OP(R{UQ?q%SboGrltZJ&MWTV8Z1C5Ld`5tuuVgo5^G@`I{B=JB}-9bT) znRH+-cg?@eb|KT$yWG#NOcz}+3m0;<2!CJD|7xBKJnw!KAma#l=LxbWNguVMLfmS< z;ZDgR#EYY^pWTAW&`aAMOsuvQ%%ZJThySOS)7q&%3BKwpqwOP8BJi=6<5O>SrlpD( zzm;Diy<&e2*j*iIzH*hH*m(O_^Q=uu1yg3E;-}9QqR%~EE6XG);!$TL2`GL?4-j&3 z$nga^ze)0;QhVs3#)CU^MW+nxj#(CxFkRs#AaMdp8iEVK5jyr`*QRwnE5Y=DzwSqnh;60~ENSSetdXBUeeQ*4cDadV<4NiK z3h!kaRrAOu$0GR5h8d1Ep$|G(7s8hm`emZZe`b;r0vQZC1&+FW~>yEfn z6)@SI!<7yLlgrWtbD%WU2UgdELCn1>0^Mhb3%)Ap+e{YicAiHRb(S!8oxQEFcZWK* zN6LVdOK1}XLa^1SPD42nW%J`xd9Qh16=ORq9LPnyS6dlsDz3@+eH9wOmg#6tQIS7E z(ja5%?p_a?lXp}DkB29eDIVsIBhx0a1u9IlDJK=j0l!NCTI)Cdgu6pIf!a}87E4;^ zrB#R?#UIkjs2`V3JE0WkP92cQ-WKRlu6+4YIHel2+9G0t@2D0{vnwyWl>FO#|KLX> za14=>4k2FDu{xJd$^w@FLTSyJjq$H-9J)u662+5t#>4=Ay1chU@qLb}%vv z)3c}3(FbfK8$}{hS<_P>PP1)Ds*23Bf;nd}f2L2WL+U7L%N{^WVQ#?7N5A#tk`enr zS?E58y1XbG*W{YFBwt^r6@tMeM3Bu1C39es904hv6?R=xC`l<%s$Awo^Z5?@@9EuP z>96$2=BCYk9+jm2hIO3Y^vWl`*+XC%cZIoU|N#87M2rv(az7d%N zQw~2|hm`y+*Vf}>v)SEuq2Ns&E-;S6<7;Z3t=owsKA`!-uDCCoV zX-8ooooP|vxwCI`e@+8h%~Q>pJIJ}~CTG8d_*!@ByBtJOe~%_6j$khbsNqiLcPAVl zOmena{N%QT#H(J5^Ukdfj_u`wjua+DSV&*{-sR|wM{0w)Bo$GPChgA@{Mz;N2GAEH zVCO6EekGxbe^;oj2MqL_PuX|)U?>PkV0INtp#Xpa(SDA$uS2%UKrc%FP?`URcr2(1 zpQva~&R@%>$e$Di1GM6B#O$J3&*|_85*y9}q3WCEKk)rzEA2H(yY1RuzTJ*?19n0? z^E??HPBEzG13!TnPasVXQ9`oT>zu#-LiRe4@U-B=-S6xp?l6dnv`GtWlljqF6T}5K z5T&a+B-8-)5ND7D#6X-SS=`?<-u+AM12qA^XE1l~f3IkCVA6g}L)q`xQ^66($}wTm zZ(7TN82m6y64ZWaGyt0Q7rT7xkUW#U$i)Le+y( zJAb9}pydOYiy49>GuFy!9Mq3_rC(_FoVLN8BMCs73;-OGjncD+$-fUiCZ>CSCQU@F5=3H=uHr3r&A{lM`?U>-LYg9wiuuWR2iX*o5&nC`wBM+B z=m#9rvW}C>WKpK_X^_pu$*eCOh~*tM67E1dB7eO0_xtfG=kp!|i>vYM&fI+&kk-;# zO(261RjJ4^_%$7rS= zKA2mlG!U!s!hX7+iJ^m#@EPlhq4Ke6wRCNM*+q`e8jd~{Y`nMm9mn<>0S9W~W2F1f z^1uJkYIwfGOcbdpE{uX&9F|=$tDs2F>eB=D(qUOJ(1;M!x%VzI*94_I*V99dL*hO~yj{CutVFhSNm_Np8+5_N=aMKDLsJ|5K9c4+kcMm1pFK+U zAZchZvox;9uhQjN-h5lDw~rh0Pd1>EvpMga(j9H7aVDuPzw-*&8__53zkUjUZ1{3qB3Qs`z@bA1eAMRmjo%hhNMfv(< zDOtJ`lv@`pP4Y5&$?XAfvJ3~iC+8R-{U<#hGloY9iptxb_m!bv%Fb3kpQ&PH^#;VW^q*aMrmux|STDYvX{&>tr}A0`ET&o}Og z4KXQ5b2Q$5Ns$)NR{N3@JyY+OXZZ}%T!r7f1ION9yc^)mgQ^s1L_%`I>M_k`^x2W5 zY5d+9wO+T*=wfj4kuHTEgDf0jJ?uz|{E`DNX^tQcNLJ`7o9dR8dgc2!m6SOSHy`3h z`M--em35#>x_swR^1nw$Q=6%#6&ktJ1yBt6lYWsY>Vw)vl8SJ6<&sI%zk2+WM3ZJ? z3uK|VRll6}Cx-p!qkn6`f5~kAw~v_J0NT`Y@(tThkoYH2{%1-5Tfjf0_%A=SMksGA zN@N@T%rFpm5;6P4TdNy1+7;h0swXh}yM>Y36-ks2iftUW9NpI3?X#;9PiHH`bh}SZ z>@~>UF)ZOYe(L1u`V*o{PjPbVb%ZyeHf^Ta)DyRDppyBArJXelA5|k zr1qNh#U1QW$e~IPyWLODUX2-TBR2Q4B)a$7+uOZyjE<9~N~`N8XshwhJC-C>P+kC_ z+Hvoa=MzdfN_#^+?mLOSB)vJ$Jc>;8`x4jDfOx28J@@<(9Gt1lsZ=2N5&dBg!>q#m zqUd+3@wke~nGGd{r7$IOEY*3IswGw^#H(`aosG*Kdwag6?JfHH9mjSkBXg2h!=-^F zkA|kk%7GB-vp$d94z`Jlo;+~18nHRL`zNx)J?ZF zb%37Da`4a;oH9KgXq?_X^L8Nh0JA1zP=yQ^_#) z-F!D5Q;UqQc&Ff|5Y15r_Jg-CRxJKC6GW^v!0YYrhF&-(%$v41?ph^|^1&VE6`JIx zm|+;>=X}%g5Vs7qh~*5rBf7>xH}yiCdF9+-*$#P0XUo@%^MWhG=Zf?E+Tyv3G)Fi% zI2>%t*e>h|L^P(38_Hl0ws?xrAe~|6|6uGK#o)k;=GQi~jZ8*VoC}`0a?*9~MV?vt z?LVO2#25GyDGOTWB){#t!;#f~v-e=bF1Ib528$G~xQsJZcyjWU{BG*eOpp%3Ip9+g zQNr_VFb&wgvj60W7qctOYweM$Ut-DP(;ZGrWlWJvl_?=b*nSE}B@n}`Kj?k=gh zgvdJvjID_3+;X~6d=nEhx<06$fmC9!D-tYy%uEggx;FJXBHC7Ab0ZC$Z171uFVudx-C zn=^U)^B(z5bFaKN^JgZzc%>Q)I$VMu9*L}bUVj2}3Ia29iYxQ(+Qkef$*=do2VIR{toQ>1_j~HiXOgO9w|908k9=^A2WP=vW_ zHA-DQJ1KF|D=-Tm99bpB(;_TzE_Fjmj+O-#={z~9Z;~tifUE-3$5saEr zfW%Vu#@o$krOjd!zxB5^sJFXOyexaTxP2Z%^JseH^(THd*EKa;l*%F|c5=Py6AF#P ztGPXKvSM_4)hoGq;i+^QUqDbSgoJ+XmP zVu)1m;pIhx1JJRs)3J;<=^i5=)H%=3BbJJ zYMQ&-mX~_uUB%so>SyX4+vT|06(?f`y}sO&FLrU4-~7D&S;HDeY>1p}?a_@W>@EwA zXzckEYS*2!mQqADED5nV1F>{-VV_%$d~%C3Rd;z=Z!KVZ*(FlSBFMpi&s-@SwaT;q zhB;S5e5xaKX$fVLYV6)Z!$(+L4bZS&r<{wYZdl@mmTKs3x>kgfKQSwJrw>ikc@H z_bMvnrj-bJE)6qpC>Dw2J}ap*;ootG5&zh&PbJ>SC#=V7MiBA1!2mwH{o#5+q)J(d3cytCCE@_zClpMrE@mInJ334U^L(-)v6~{Y+yua!i#DfC23khU~Oblcmp>_4&t5+>BOZkLE8>fuS+8XR;SSd3Rzj~Ww@0N1z{pF zTS=4VvL;;3Yz|kdxLMNdKv_GIc7w`mbgg9*H1jB}ujJ3Yu}(Bci5j!D^ubtX8Y;%u z%Ln71=Mm>?f_R;ahuBiLN4-K##9UKNW!hyNJ(8Y3Z{O~29!%Zb^a~BvLb}J*4dJI3 zL?f5Swv_!vbtIaD9VRL!KWx_ejhmF+Ze33LE0$Mb&oyWl5g&I^$|ypr>TCCA5OJOp zgT?t_mUdDE#@k136El^z^t(K<H^Vox+CEck*nhH{~o80jXtA7cF?F?9-XeFVD#-N?)OB(i!k1I8Y zd6fbkg|v@Z%S0`%b1Im~811&t?9X~luD@V_IKIvGpV~@fSYaJ zN-A0dPA|N8=A`Sw3kXheJm3E7?&hbU{UxxHt>H?{dc}C)TD)~l>P1N`H5%VIi!O}C zPnEjVNTukQ2To5mEQo~nW$T`uC_3POnkvXa7thv~|3{(^T-z%w7s86&8Y>;WXFBy) z!6b)ZcmKsW=zUN4_E1rB6M&2j&;-uYVU{19TAR{?p#C3B>$4?j>6M` zLuK?S=4I9nt$OCgh7oMt0uJ;XWulp!V@tL(s6BcMi~>2{J(G3q%Llc7W8BzC_Astg&QEcBsyMXo7V=yOi#I zL+d*Kr75IVV-7)Kdz*b{nmEOkS8E(Pi7L7awak^{EDPd9+hQ2U?smm~-<#f|wzNnu z+}h4iBljW)MmphG&cwHQZNlD>2$gYTtV&~Ttv*~fXs%`tS(Pv0+$FOu?exDN%x`rnyf_;+>C>h$=rC)nQv~{N$))cBGH%Dx1trXS<1N z%bpjz`z4t^EDk zuY=V#u2Jg!QH3oxIArD))Rg=rEQiYlc^=>*iHHv-FRYuABs}|U9c{Wk`qcONc;Em6 z9B!4%^2s zSMf4sAV4UTVUX z#4Q$f_OnB;+y!_*Kk)pIo+-CuA}i5DQq_Bfn{%QmPj5LaYTAjuY0~xaYi&#!HH69y zDe0OQW6*K;J*yKoOMLr+Cz~{%L$Moh!Q`pBPmv0ou+8nr5Wl3j5^$r=L={i&c$M4p zTe=5mD4UdXE~fQR`bi#Y|DxJ+xafmL&l8HfqKK~V8Z~&UWD|Gi>`Lq6s_~PnooNg! zGi!B;6W*p%&e9N+37uNE_F8hqM!ms8N!@ja6R|H}b{|WOpJ(1Ps9KViD@l4!^V4#J z4+DS{dLmZH@(gp1!ekwDq+BB8W;Q#poy1KIGgCQEAHR05O6)rm_i6ror>0kf75n=6 z3e$%i*gDrbXn>^iOLZ;3)m2HjJLOj?tjv4YZ`V)8XK4jimadL!(XbDSF}~*4CXw7Q zFy~5Az4%1H(&=gR9BEIK9Q}#uAfjVy613OHy)4=6lHtt~jx5!?oYj7MQGfMES3~z< z`?GuSb+m80+(r?4X+9LQ1~5b_v0}uo_whA~p*rQMWKvp39HwvQPV9S0H5&4s2(Nxf z!m%4m-tWB^dX0GNQ-cWCqe}B~*fW#MFNg%TnUcIms4H=$W3s*C+}otP^AmdVd)Ibx zae?~Ubpp>j12+`lU$^Y8c%*t9>?+RlcAD0_>(iz*_&_$#A^I|tB)VVl_B)^RQAlR4 z3OJPSyp!_kvm_)rNSkhWw%pR&VP;n8C*6|~crVKnft~F9T0MyN*$G>+?uq5#!ny=D z_Srn|yrIh;fd3epXDLU7itp_ihU6-()N|HZnVpi?>))o4IfkRsuy2#Nu}w;y-yp&3 zBJ?^rc}Y;ulom}WD2@V0ivYO4!XQ4R*BhmlI?A%4P>C8ed+j#%;kw$5=3Hq92Q1De za7Os@O3uBXDyjnzl^74~CU%ldKs0h^r#)4XZb2$y%yLCJgjY~)Ja)yq@#Uwg{6Bh1 zCX-zfHc|sUwRShaEmI)sImP>OuU!}(#a)!a%EIMxW8JdnD7f{b`MDrSp&#z`q9?X8WGx1JA0F8eH^llRAyX&R(z zc2+i9^d^}036oFMP!-=QA&}#KzI(Az8)`Mu{;x$9*GeZ8TykW$hd~n7W_o|!tF*B; zi@T^YH|u+n`lQ~W>7Nh)5QsyFjhdOq-U4mIfwlug?{86SQ8iORJK>PJEl0h`q^uI` z8wlpbjAhtJ&%=k6#h(ebp%^KpZ?Tsy$64O@91U1D$p8Atng0bY!n?;Kt{!0Rbal;< z_de#kt2279%Tq%SpO{v4b={9IApWz?19wu!+u22n2P$m0Ta&uoc)@tL0c3I7A?uAm z6gg*-0`A6Wz42DewO;=m&4xkwrSQ3Y`?%5(2J=}l;*#@lzkJSK;T<0V0?dQOB=l2#x48J!XT`UH zJ3<&Lt)z&@n{(y;d1ZTZEio^YxwM+j$EY~zUThGPsM)hSIW(%S6Uy*8hipjQlZlP# z&FqdqyZbluD8e19h~r5C4gC20$Z__djXt?_(fU9TbmwF2EcLu%y1NH`LYtf6#^viY z`+F7X6&2Y8WBiVnqMO0)z&^f8+WVWj|9<37t(saC*$lLv5PKnruv5w;-qScxdAsT3CXDzc0KSHtVHO`;*#ZG%D0k8Bv#$lA z19hpyuR9l%v?*(b(Q04y4Q^$0+X7w~ok=#Y>^ws#`&`EkuKUVa?5BkA|QGr zipQz^*3Su*bd46<1>MiA%SZAGhr4%Ja`+Is4I{2U+3D6C8L^pJ3dr|tdz(MqYSb0A z@r%b9dn2$DlpT??b3qIwzlT{)2mOPONk1qXkP7dc{~+x^4XcBaoGWLYN;MCRyO|+K zmWQ6s8M&Zr)eiQgW?J><_`rb;r#937Eb*g&|Kxl=1FC0^lKEhBv&ls)z0(x@$yZEgDVIT0 z(iH}rL7b(nla`)tbCL#(^|v8suv7E=UcZmT zR!(7|_~W3*^xbFv0T``NP*?0O$8+oqfbqy+ZA^2S_#I!(v=^kxi5~me6BHq3uj+Xv zA(pcOZ&F|Kc?muBY3T@G^3k%n_oefmpXXdoXoV&i=P<%rsy!mczn>oaa(q_qJ-_C| zs;<61WT31XUEiITb_qW+daVwKOK{s6H2RjdOlG6;%&{{py!W)BWtZyX_8j66x^S$t zKoH&edpTgM&PJz_vH(q(TmMCVN_6LMza6pp8d3;Qn}6t-La6zy?$~iK=Z0hV*HjuS zqiw!?Il(pJo^iOFJ3ZWn!29=dtS%$E;I{j<%0gy7FVSw7CBVn+Pa)F5?>@9$%Hyq% zcUW_V+d7`itvIhQidgN7ra18e4u_y>za4sb>tu#X(fGK8pZH%NbLED?b{?qB^O5{q zU5&s@Ahsr+9Hg5M0*AR1VG)8WLFU1NnXXyXpa>jdb?-gH-X0*h+@HR>Y57#u0j@cv z{gh$?E;0GzYI_Br@pU#9?IxDJONIiH?~jm*!fF?flL9~`G4&d)xrw0XU3a|Xi~g?U zX;nbr;kK?Y7=FUYeOY%k9!RJ-J&U&7Nd{82r1&Aj5amQthNSRUFCa|+f;M|81cdYK z>!C!46UYLUBF~+pXc(2V@H5E6MNW1;I=3hEUBd~VNCi{}Na+r@ez2gR2Jub7FmN|+9pubK>h*cv~dz|6hpXA z2D7Y9lWLK4EQ9&C=%#Rw4!ZfEaKvINJNqZl<4jtsiIxmvapSRP-E>aja zi9F>%lTJDP2w}M=m@?e;{69vN5PV|0`m^}Z zgh$`5N#Q%e@|D=+xu&au_pBD$O*!uz)W82=1USjn(1_e=tVceHWQMHArI!Xtqx>&6 zB0DnBgq*Kv!Xj7=POcv5!FGl5zyu-w@5*_r5^A?wrsIL`YG!MTU&HtCQ_~-$W6u2+ zbL*B_R8p*Xr|!Ke$B5SpJL@Ow1$Q*z6Xisc!g4{ED$lEx)2mA+m1$f|?S-y0$Brgb z76&tB)ggT(aZjX9HX@%GB*~1S30T8GyAZ+UfDEN}g<`?+6<;_uiD)$|f3PU~3qZSd zBv{J7S0euq(p;`*^o@k;e^zodR~KQ1BEY6Bec}=8PwO9~<4eZa&uY?~xTvAXmUpw) zwAVa>Xc)NH@3z~9dxBYIOoo4|U%@<=NDt^Ew3{S6?=J7IPA)NF6`iHX$+dDIqR^Ll z5^-|S5S$Fk|Bv%mmeheq2oW^Umq|yv@zrNLC@ir;1Fr$ zc1f<>OuOBU?}rX*oj~F<5l7pp_=8OcQV$XefhPB)c@nFN9Qm#+X`A1zmOmp}eVO6V zoEEWi-^>#LZ`)eINZNTe^4Q&PoR5}O5X&+%J4~*; z_La)IVsdU0s8LXexMpquePP||TaWAj_ZirP2J%5%xa;mjwd*(vWXwK za4@&{Y*HG0{_`B=PMri&*>X>)JtIh;G+>r35Be()MG zd=zNER0d-)Y}_Km;s_fvWNB0>9@G5t0!m)gdBkVjVGNFy8Oy(eL>F91&tdv*h=##z z&HVhwI4B6)t8t$90k*E7xuZScI({=2;l2Lm!|JoN7`krFp79HB5>Uq5U5RwvzDFL@ ze*x_r%3Ljc@7?o-RARfg>ciGGFDE$5Wp^1<97*as0p{oR8chgp14eOJ9*&Jxn`~Y& zfNo7QKrCa7H5O!Ln>3)Ndv?m-&u*mkk!mG}pO$kTO!bGQ%c@Y;-EJ04T00dpiB))m zb`5|HpL2gd7~w9K8)mG@yRtPT@5ULq8fVjjl6a_?+qz!6jW8+B5qBxS8#sEeY1iag zHSO$N$+cmph^P`WOK%S&0YS61oTq|4$L*i=cqToR$!N{D6|Y0SRYIZ(L~yf+94ryj z96HkoF8J69d@v^SYm7#O>W{ksNYj)i)oV`HdQ+Z?ILfZ~MSuH(qHEPwt@~d7AB|RK z2%+3S;Fl)F!@zuh=Nj+H)dSoh%`)=)` z@t7289|ybp8S4j|Xg?@&zEc{(4siiC^x+!Nt$U^`Xt($5GN@flBrIIe6%DRRLF>;wYu&X=GV=CM z{J4A#*sk+Ox3@g~CYsC?Q9U5@#9DN;9bdfzQv-D)c z%j#R2=dyL6FLqKVC(Y{WaoaNYCJv0nf0NG|<#y`qi)@SbG%No2_V$R+G{?t5ZI!gE z2SiBkn8RFdl#N)x+ZuNmf4?hRnCpZWx23u{V%k~Rv2*txn`E~A>z0F}%YPg@s7Duo zW6OZ2{JkDIlfsAc_mM`8#yszSWek54UvQNxm-T>|Vp2e1+QQ-8T9mxKia-_74f|wQ zOe#3AMH}eN3zcBmlmCi!Ez1_S_K+=gbI{8%8)k)VH+}V1|(@2tq_tbJa-@(W9c@e7~;Cea=GjhhhNLg3fTq2JPc(p&0 z@(To~H}1dg>x#gss+EiIrejxTQpXwhryCwcaf(cB{PfjoDj5`19$f2_2QzVMlmQy} zr+7K$p_EXV5%}`n7qt8LFRLMrRbx;#j_)Y2DVRtIcR`ATNTRw4Tum&4CmPzDx2Oaf~%a>)}zTNFE_0gQQ|{?30sP(?MF82 z4u_ri;e)@+k?LVL=+>~iU&!FS8*r=}+%_~&VwCBClJSzjcNgBs`-76B5JZxaXG4=k z{_PLF(VaKUlif8T`N?*r+C^PL2ZeY)_>ksI?FRL^!wAGDyBxEMO#U6^lo%Pt_B~=h zMLN8B=1w>{2|xg!PbJ7i!~3%B_RYe>DYmTP{(sjE(1#g0$0@O ziti_z5EPXxHH@0_; zjF_+Z8vT1SL)sYiyGTL1%aZTLV#b!W!Lc-PqycGv*4;eK&&3P2OlG+O>aHDS81zCj zyt$=PCdd<`v%>WFR#`Q|?Pg$tYT`5j^bfpJz1^3`w71nZvD=3J_VGk!Z>ej*f;oQB zCX$iVy&a4HKofXR6MLgH?gSKG&xl9R_*-e(s=*}6_jZX-ly<+OH!-1VFt?8bse6ld zlh`;|%D04w7*n*n&)pe)!(t+b!foy*)grVuzuqp+&)zmhl+2FkBLPX-Rz#&PUhlb_y}eyL0g zi3Ka9a8Rv?)?R`6Q?rFDa!v5WxqeG znVBf}Kb5N*Eh2aOW$*v4*^q*{wUzE6*W&KWmefojvKfG7JWrQpwOP1D(IU zn*|-iT}0zL*0jBhP27mdh~ zjhH$l$X@O1sY7LKWDf%#cXm@5t2oYm_4rAoa;Pd!$6{W@{WiJA+!{L9O2?+{qqhJ% zCqy?yIJxdAOVG663SDZxBqpYx6S4kSs`4eFKPG6VAX1*74h`B{GZ0ysO^=Ll2x>me zi@w+NoCjY%Q03D4BB?i)zQ)oYUtc6}Rfg1Y{_}_lsaZGJBrUpcc_;#O`)0^a$KK8d ztsWcZGE*&kj60O}cQHh_H#5mzmO2Z@2Nz!)ED+&IKj>j4jjFs-j|6msmbolgRVMLD z2MdD#Z++ALY6izLJcE*U_L)eE^YP)rPnj2)!-NZvhu5*_ojIbkyDcQC`judL<}*79 zF_Vay(o^*T3pkAU-h1cd0N6ztWdlH&>nMYKsK@-q=zaAZxmXT|*-PKt> zj?Hu6%7BuBoS3}d?t=c4aL^H0*F@El6}OVQ?;rJkZF4fR(W_=>%p3G~m-<><9O#b6 z)Z^`f*6r}E;vIEw;w;Z9C@4reW5$*Py^{Qv%2ch#RGBRdd&-S&{1cz0C6m0BLWi~z z%6|#_5)Fg$qjGxot?G~-e;Sbv@l8Liy?@c7Bg(v6hr+6z@7$&G>EDU~i1U-0uZ`b! z@_q_mzL0C_EzSMUGhUoRjipPtaGjAOyp<(e%f8bJpoguU({Rz-tS<}ni74Bo{lT&aCdmCHoJi?SH%1s7I- z*3M4!EQ{8aeXHJSUg9)V)S_#Ao)>T7Ib;jR*E2KI1YE2b_aU2Wgy^%$I(EHrygiH- zrppB4)=p0ju!|W`h5vXO4lbeFOwGO9@l-II(U4T;?+yWJ(oqgM1&W&%5HccS@t0du zbVi)UiB_(aAcXl1RJF;>Iju%9Erk#fZcZZ#3_)AT*YUFr#96JN(h>ZZhcpqRggyw2 zV=FT~J>5I6;MVZx!_k$W&8?^Z%JSDPcEXmAPHzfJ@;bQO$Yd5aV<2^z3@z|s>x#4V zb?EkWD=@R1bG{NW>N##!bWUwNLXxd@b#`GP+kE2AFfaCBztpRFKCh(8WkGqAsPF2e z1D{lZ+v@5IVw#H>!6h;#mQWcyuRc@;91nG~W?lv(WzL_`=U?(GQCbSf5Or>3 zjVhhVF*<7oKOu>Z)Nn0oKH=up2m0$ldkZ{q!zN{Jw)pMJmG;n?)SznVjqIB3Y_2BT zXvw(JV@)I16hUWM)gg12GM@5^$bCi)-S_W`Qd@*A%I_Ckyz3SS`s;G7Esm7BPI+KK zg@vp9YUlN+=vB|f!JFKU9v&X5DLyF>XTM3d2^K-)oGhp!b^>?+8m>~WX8z2&kqP4Z zv6fS(PdB7TDxM|vXU~5JCEilx-M||4ilD#z>Ahe+aW)fl-M(bIB5=QEvtBd=oIHsw z)%Mm=d;v+VSU^=+gC=HCr2=hgmi$Y*D;<$+F6iG0Ghb91qxBR`2c5>sB|VqNEx3iJ zar%W?A}~|uB^3|pe*-=%k)wu~X89(EjhCN5SO=nU@d}#{Xf$CQ+zAC8U{<@!0cl6X zUye*iUk;IW-L*4=%2-bI)c`bQ<_&HD1o!;0@0<6}^dx4w^d*{CZnuR{95Xb`2!q&&#H7Y%XhYGR?aq}GdqWhDKzZa$r@0z+S^{^ zg2h8hbeo*912VME`^3F`m$7p6)N`$j-bYC)9%CK@jKTI#XgDKyQ@pKjujK~|e1<7< z0_P*W22AwtZd*6l(@RgaX_%x(R_e^fRjK!sONyq5B2*z2k&5z6>Q>9%-*dua&8%x4;lWu>GwntXT9&%nYvFYAX0N4`cEq(2p;;oxta z1|5WqaNG6BF&R{j?E~nM1t`cOc)NAjTLMGjwmS2{5zxO^69hcD+|JU+Zx67=mMC&NIP-VMQV`F16@ z=R+irgmJPg6Um#8T~^?wntuHWpahin9?msLjx!VbS20ifho-ss;W~fE@F!KKzOCAU0O|tb}Y3N?zzGtQkh7#Y9JE zxJ^x=9P_HK1g@rYG9J_Q*=cBwO-*l^VXP#yZuw6!4!V{3a>^hUTVO=DDQBLQDEcKg zI;bMyxIJutdmxm%aCc)9`GL?MEj4!EVCn@fb!T)YW*`RA2yB5XP!; zttGoT0MM8Ht=s*P)U8XEuO=^eh-2Vow06an>4VwSlnG+}O8CFJ^n)X-Z3G<%nD zTU#60-(MV?iDn=05!)6oEIh_atxRRbz#noo_!-}paFt<^2V+3q^{vnr2*i!gyxK@) z|5xI)Yblg?H}2t-VMz`sH;9Z`oI1|L+yen6;B3Ezk6s6rCj}kWy*;d$|O|RdUn(%ku zUbIuHaBA)wRD3>dU7@a=n2=y5Fhc*Ysj6aPX}SJN723~0@GyLY3l(%<6hJXRN;Ywf zkdmXelHkeJe2|J!bdfirbh|j(!AmJ>bfMXYIYh#57n+F(J^y%m36;UN9{zePx=%tf zI#b`rLnPU!Dn%Dd+uc4RH)J<6?;xvmfi<`1uOiLyEqm@>5AT!aRa^MU#<+}+l>q4H z4Ovt&2iwCh@8mb0)1s08Rx7!Xvvxzfa4TI=+XYJ$DpCPbj;Iydo@!j zS#hJRgE4S_Gjczk)MGl}ZBm>37U&0@Ov0?zJ?h7uP!M;Y{AE(hU%mW}ouvv_eg~9K za$m}RA8gO)=0KI-Mn>vRS*m&LU;QRZbf<#w%t4p-)?N2Kqs}mEct#a5X=#tKKF(Kp zWh(qQ-Xx!0&Qs{o9OBRsV}H!Q2PzTc#}`}Swx`8qEnkIwKIB-3d;$W^JrJaKuVQ+W z^04U3H^!^az_CtXzfmG(41gh@84S2YOb%uZ{xRzZ5vX#|aj4%7lv3pNT*_chxr2Ir z5$*QjyvSK7Yi>?oa--^>-n|6mpLllUgqyuY)mpz<`QBr*VWg-^-2-zt?e86(FE}S< z@-JpAXscQe$JNLsSL64F?qiC#B$7qXwN8f~!J8%;@x7Bx$Yc)ZzmYCtYk8Ins_NE# zm&;d`uDd#5r+cW-F0||Yu!c&g1J5$R6{}OxdQ2mMo1ZvE=-SVoi+a#M7_?|tOxtsI zp=3vHo~c)*OjSTFH%jt?xQyZ0AcyPr+ljvvjWi#8FNUYsc9k5p@q*Xrqf+ zdxb*<)!d;z_av%tCF~GOm{!!65`X}}xuD%rkp?8KK?n#zaJw^HC?~a+auBS~>VZVV z-jK`Pe~l^0Adc|8cdtx{{%qY_uvOwnd(3{v)3{qfDm-InnMLc#hEb@4c8LG`-EIJ#y7x-{$h(@^Xs0UbS=_5mzBTC)d%QVZc0Xpa9di_j=LF%zKf*=VWV1 z3cKIXqOE-!)gPFZ)%is^F>={R_Pg>93EYqY2Xx(M+TQ@6@G8DMKR=S?g%DkX_1v_* zeK-NKqoAmm;)4GA7!z+@R}vNFZ#&aW*T`&uY#;y}@wK^PVLxQ;0!>3oJ_bi^*1grBz%@Rn>Z^W^bfMxXKdOw7BSm_vAj2BJWe6t`fTZ zaR)ShU+vi6?eK|tGPG)5vt~XA;#XlIuBi7&*}M|b<$nqo&I}$$B-6{FT3^^3IMBmw z&l&jz>D~rfA+^{6wH&CSp1M+REaa zeo>Y>KD)^+>OBshsY1>&ccHOBv~gvGT;G7KGpw=(^C{j1o08}_cd9H&Ej2}hW`9H5 zcXw;ZdbpiMHMb92ZqZl73)?i|Db4P?P~u-}(`f}`1f zyc%zrU6YxS(cRjroxkl|I@UjbM>vl;_(3>uU|X7#4q7!GsY*3P<42S>KV10Z65Y_N z_KCeEuTVAaw`2Evboeu-!y0|LP{NGU$NqNqz=sQyu1(4ujuf1TpKRjvnKbdeeguxK zl0k()`R3iKk+&(q-6Rw>6p@L1#l68u2 zsSllmm;|o5ra1G7HT&G>OR{EKoW2Vx<#V;_YR9b7WmughXw=sbQjyFCdAn^~26NeZ z?XO>y_2;p$SGjO=3`UEx6a^ktuqgC7+dK&8;&)2dlm~6o=ST*Sy#TIXyawivyTbsm;pv~n{)Cf>PEpDhPopBg@ ze`SE+$d$Yv^=qLUW@BC}>ud_HBKvKwf$leF!b=?d&-IjCiM_Yi`9v|s`fex4O(6ZLm_BExL=uS_)>9^*Xa5|AF2Bs#f{5p+2)rDfgv%$tul}rXeS5_T0!WiaKf>~)SpPYzgokZ%g--?OvJa$N;=6&E? ze%n&8=5Q+gBp{w*Adw^}y}$iOuj+nYY5Ii$G3vLg;y;wQsv8UDxSz^6@S; zd+V!v%Rx0PKEmMkF0S|WJ5Nq?2psNN8-T&Mr&PPgXac`IjGgbT96u#B+Sz?2JC^|m zA~nQ)!c^1hsCx(FF$cV5Y3!XzlKq}kDVp}Jhc|K!OFn1VU+f^}Y^IPRZVhlVf6UB3 zsp2Yx+9Jrr=c#=&#;N@{?ZVmk07pD zGId=$r6lLMXp-N)x_VzWaCftO;mLmL{#GipGi|Utn{d>bE3&d?IqS*G{&o%wrNt$o ze-*G4i`=kxv`q1tezCd{w7=ot;)2@3y_va$vy-N|*>@3`J*@~Cw9n< z_yLfZ(F49Ftdt4T&}J$XDi{~wQHN}iHV*h51x3~;0;;p{A#$aUDC#Sprno&H_?nAn zj@i2clQ&tsCSDVA;g27)?QB#@V(fV636@EjCwA8N;kV+}uDr9*2$4$=JsacU zpeyD(BR4VRCdsyN!>xOuhPW168p=q@doVOP;dfJsbEz0eLQ;~G)#X#Puu_mzFc~{IP;_q@QBPVO!icIznxooO0sVJ+L!m8z{3#<**P>yAyERUS1lr z*mc}zCBlBGbudVJ2{m5b%I^}nP=w~0aAK5_L3+?aP-B-d%^-vA7^LJ+O6ux@iY*TT z`|mqsKXjQz6LD8jD`*8_CR^piPFoDJhfiPrMKhO(N@f0kO%0g-6C`8 zQdfU(@TCi8+>!r}y|0d{di(ZOL1XnrCX#yx?>-XQj)Sk8bwm+ zZdAHUI+Wg|w1B`{Ur-NtkN&)4yf?-j0xSdw{IfB9Wsc}-T z|D{;E!0zxmnkzSZA=+*@oXq|sLgxdK&6^yXX*T;DTSRG4cDi+@nn?yAflyUUWVrX+Lu7oF>WDR;=ZSZlQFdMfq}n_^sHz(g>sTqh|FSn0dI0 z!svwcI;us2n>eawA>IV>79))5rHOP^$euv8l_!PE2Oh81M|7?deA|z=NU(pn0{brv zq$q;R*T+lRN1i85f#O{?X=^dVG)#^YU@uj=pj;S*fEAc=e1{hM-e%7{pB&x2wD~FYtf;+_9w>5o(npw<$(r(%jOL znBlti8U^Cd)e0d?4m6*@y^=RFBFwNYp}aST7_+d;`NYt$L-YWYoFr&kFf#Wc9yp(>emIlyRlv}Rhbd7?IJ z_Z{=scXFdD7ca%?hM+vIVsm)Q_}}XwPA3=ZnHW#ESD(BxLl_@NTB4gP8t3~emzBw{z3rtL6kO|1 z*U?qT>CGIv+YY(r)&r&m_}fnf6W)7XAZ%@1*M0DSW(NqI^;TajIGc^v1trYfpnXxT zK1se=C(@DewISoxP>CILTBjeaHXe2Skn8rmMD-0?2O+us(|n&1tBn<38x6t3Gl|*U zvj4pWnpovTff#g9J8InK{* zTF7eJHC^1IuZC0$m8gig1NDk9uLDy-hCpyj~EaKZ< zq2t(iD}`K4QMIhfRVM0IkcQKIo{maWubt${eo?B~2YW%z1f9OZeb>d7UXrf6{x3u7;P9>aCPg?)3;FB%*RsG^T@$b z~ZAa8orXZjRI?&5fL=hI$sh_u;7MOUs`LSbRCZdB3S zn|~Ktu4Q=JVPY#$Y8kcQQ)qmj?A!6j7Ts1-p`(oBL&pWpXo-xdNan<8wW6Iolp(BV zx@9(R9ZyVuEKhvv3wLd2l~Rm&0(XhLxEQ+5nI?OaT1#+{z8H|Er1K!JWTDu&Q%FQk zjfdffJA&T8l({0VwmDZn?+5dJZs}KgS|>7sJwu`BSilH>kcd#DT^e(S25m|HelyM=AZ~p- z&I`68C9qg-#Xve#VXL;ew%BT>tmeR4iyTp5P9Kz)ifyu(==Cbh#*#|M06rTi2FL^_ zg;V*4q(@uvuZmMxmYCHMVu6FUV7Zgarr4%q%h|~0c%;jUXAU@JNhPI(M=|89ZKdd610GMVk`d&z-4_w)j(%*HrMKxEnKXyrhN48>@H7i=VKtRQc! zA$&D2>0!qN=q-3xqY4=?o}DxmTKmSYkaY$>KHnSGxG{A1;F)?#^s$eMlme5qgi6Zv0Kr#oNt1dvlFm+FNTzIV*n6 z6G-!$tjcjRCu@$+^GhJrO&p)A8puD)4G8=^T#kzUF_+F)TZao_E9$U*b$Ep-Z+2JIs&1V)hyKY6mGr*>I^p1j6Uc|RJiYm=V_Emzn^hfdr(Vxgr z1edKZrX~hd=(3X5%cnklb4!Ap@IuQ}P$QYMNvfzQ_cLY&cBX5&srZCs8eD9#e0v#T z%c2Hh8AVFi6M|IzG4)1U?F9iz8&fEGs@pC9xXjRzcY@HXkkyQSt2e9O+TJbZj1?g9 z$oT3<4lZAqCJ%2c-v%>bCt*Masp0}aH_t_4nZ*))Nj2r&4FAjfXoQf%Ai_zz*c^v@ zn28iD7-&HY`0^=()^QPhtD#G))#jSgv@I=3j?!etO;wku!ig!X2fk{($EkcakgdJaogjKE?*fmDK2eLV944d9ka;NqH>|( z7Z&a(w=kX9{i)@^Fb4Z*L*xp^19G5t6|S&aeWpZBO@*0UE z^pWP~g7wzI3UL*(_Nq^BcIcS+ccqEL2XdcwP5DS#Hz)|8WZ}CnwlS+ylw8{7ZC7iSt)t9|WnxR+ zsH7$z6y7@pF7;YCniCwN6j#`Otrl4uG1@?MWjmsf^>kh!Z7mwO< zp+*HQN+l(&JpQXEX~ytsMsIKWrK?QR3M;xB4{o@ulH#Gi67jwt zaHg3NK<%l`f#|h}Zw&y;P-j3~gOp*cL3*ZFA%ncS#np;vM;q)WQMX2z(&sYFefkd+ zX&E$Ag~_NU{}bVZ_ICC;oW|SFU%`jFgMV$86t(BFYIz-h%9`wh$pr3V6Hp=(>08?> zF|I2e6OLRi=`na8W!8hkCMmFB`2s_H zM;=~i8K958yiMatT4YAEQ&mFS`9444L| zGr*oXM1&5QCnsE(3Thj+sWrIVn!$KPKv|T~fFYPh1g*N28ne29?91!T537(^*Jo@y zKi$-6_`(~e+i-uhf&2Va;c~BFv8Gxd4eDECoyg(L6g95m_wQJ!KTPa!N^viVVT zYuW`5RkM?Wnr&^m7$09KVEf_RF7Wlom|GIe`MD!CN(yBq>x(qxRCFU+)t@23$wj2IWQ09**tydH zV1(FG_|ajW2xw{g!`xosD3-H?l|LJ6U<)Jg!D&z(h+*Y#RDQ9 zJgLSevP2M7o9LKW6t@sxQ0P3pd@*vQ!7huuRm?DnxhZM0D8zR1?>t`aR1{-@e*(E% zk6?^H8xs|KaMu%(wogY^RddWhgn^pseh(I5eUe8jw!Y}8j8}k<%*+Ff?_mLr|89WQq_oo~C;U2BZQOHdH z`0s}!`^y)Rp!I#e1GnnYC)~mJVs2G0Z^Wky7 zIb6WOxBK;{Kh4GkUF?Aq>vsgEe)DTMRm9>E$L`>)_3xXthOWAx<|95VPQMu&+`z^@ za&#mjCPc#{()9Q%aILzN^t;pNHaRMfNM{_|acw<)*Ziw24}i8ldGnU^$VHn^?!lRA zGV@EvuEHtM>31=0wN?FDE3~3C|W&rk_Pa&zFb`QoApCJBr!A5-zQnF!}y6dzD{> z1Kya>vZ)$_-`x%Zy!NM0Zmw$Le!B$&J^NHOo%F?Fgt));REI> zD3DhPcssw}SL}xxIl?k;QK`g)t~7WVEOEuOPNMs5MuiY~8wv}|nnv~lE~`>!va5*1 z_}mI^uK}^0l5SnWT%s~+VTnVmVg?2IBTWQ=ze(V#5B>qEG|Uh&FkQHcfclTApciqo zXugDJU-kyQoGX0ICM*)!C~ql@rXtyB2o8&taTrwwq<&Zl)SQ%zxaPV>qcsKwhYV{R zFKDjgq|tp99#;W`erL$lNJgs!#I;TBuzHV{=a>}1$6nq}$bSCxdUoKmcB8z6pf*ds zeQ)aoWm_GaF%5|Mr(di$TpIjw0?Xt)ZZR=AXd>he-@|0TBLXVl^P(@~UGo42k2Uu% zt{;*Ky{HVus;bYa7AbokBfZ=g`fT7hl%UY&{E1?BUHQkBxd^cpZOxL=(a^U<;&8-o z?yj%NG=B&=hM2zyWFdNM{b+^*FQJmdGDG4N6q42oM5l>4Cuhv{&49!`1-xa=_u;~! zXp;hT;JASl(kg^tMA3=+Xx^j}<;SZ2GuX^W1TBsc{76;p{*?KbHC* zUc{XSc<1PDvfr!wCs6;lpAtO)VB|4a?EljhOh<@#7}mC~p07x>L#^QJSJ4UH5QV^Wg>mG%x%D;KkapKBj-8 z#=p$MQU?fns>p`)Cm{WouO4j5kpke_={noP7rFdqFNoW~?BA?Qo9+F>1+_ti_q_0Y ztivYhm+S&Zp=?0V+h*#u|D@ah&e$G9kbx7`?D1^%-;8NTE1=H2s$Hn1>G^`s|Q$T2|Q==`Y*L>*?;*-PR~^avLr*IX3&?u0d-6fF_18N3UG~rB zfc0pbxzzsT*8fV95loP1p}nN~)fax!6F?x~ycMmHa{u(fua;H}=^mDs&-Vo$meYTs zY9$K%Q`5cK^;4T*Ef-)5xA^#=+B}3MhQf>koyfheKa~&k zt-F<7Q9HdxGe5Np`W1f=xZuzMyQ`ZFHLCg5mkxilbr%#Lsc2D&>SEwSZ~mV<$PEeMD#?u{p@|3Ngq!%G}FK({sB*C}j=xAmK?i$jMS zLBALDf4HD&5rhi=eU<1VP5>mUJ5-_3ts}nE z;or1J7BopDZg^Ec?tZy6Kp+5LF$uvx$oKmfEFlnlW%rS?|9Zb8FX(2z_X0RVmSS2UNB^Uk zAxqp4Z~I?(jUdA$x%DVc#3`Hj2-%4Q0WwkKr|Lo-pR~>ZWV+NOV5RU&;{HUUHmu|F zR_k~Ae!3&}2#F3;pQRGe`c$C>=|O1wCuRAUSsf_>eF+=Z|I|%84!LQSezSk-iGvMz z8ZWNxw)AoKpI$qrdYPLPcw9m^LD zxl3bQpqR3fH1@<1)Ip@-V=J1aWpqHW80Q51q`CjQdUr&S{`iFnxYczRMEL>trkSIBlyyWlpxQC!1}5B>U=( z2Ssvyx@!>}FcTS))E(U0qaSq?yrfguS$u!AZ$x z&RnU*%0sr4ND#rM-*R?ToAc_v3})(~(aOXOW@qCcxI9~TKX#?a?s_4#0b*?_!co+I@70Rm~#;j~?&k_?8eQ?4+v7ya8 zB7ez$u|7{p(ovsPw0qv)$389lprcylXAJ9Qb9d?dAyFm3?(3J-K+eB-`AFHeYmV8F ziitxS(hhRq-X8UMJSZQ1{j#LjspmY&7JKRG39F0yU>4_#24&WTiTlz$$X~wG*x}D} zATlmg*n}U*oj<=#==XtzUHkT~1X{b|P26^!GXqd@4~k6&1NiPKoSy%qd~0|bmfp3a zzN}=!?)&B9DLDJ~0(f(U+25TlS#c0Kp^Fqs5T}q$nMy!k zlZ86b{gIzHEe}~6!}lqNFVFnlZyTWAm<)_B$bR>wLvw=(ybWCXAEo}OtC0=R9VQ`> z{9oYrUmP(A%eJ7l)Uh|CjQ-SDVgUBCp#yj3PwgKcK5(>?&Lx3>?jMo#nlG?t*|~o^ z{?WGq$jh8Ga#1n=aHJs%;vTv`Ie+=w5G1ufObsF=V!II}2qxKoOPxmuA@FFW8RFYy zn8rRI2+&1vk=2)v!Bs)jBEc(}5+pHap|*aMduX?u4++I7nUA3MPL=B#Ej;ueRcUsa zs0G#j2^+izDuqsPGJ-kX4d~z7Z^x21RBfWe{(|fv>A@G+rd6q5+x4T{NBD#2lTDSr z?x98emY(2|5cg3)_znI4e|{wN8xBm10^JaCzIjBne)2bu(Ae9c{KRj_eB`6HAb47Q zn(5I4bOPQjkhG7Qd39(1yK$0eTMevvPl_R701txBlk=(77^UDHU>GPe&SsZ-L3IT$ zxobr(n=9q~@78u$a8`o=hHoclDg1n$^RI}Z2TsfPYwq8rJv_=$2|Y45m;jW+8Zq2E z=>2nK<3}j=Z9K3yaKC8Qy{Ai*f1Cb@Q@5{H zaB}F#7GEQG?+D>~FW6kDH2YS&;3{;d8p0 zur(-4R^qYXh8P=hv_w&yA9+Mk{r(OJmeK3>Z0P2BCbobkl7=$~?l!!PDCs2whK;g$ zDZeCFJdo%m&UjBaV>W~9f~qNDqNS39cCUZ`(s?hqmF6W+nsk!DC#3J*Pur@|;h17n z2%i5@6sV<(cq}24z;0(ahM%_YwWw0b4uvz@iU|(j4w&Iz_BL2cnJT##WeJfXP72Y` zi%nNV96fUxM1$%o{V7{x%HV;asYp) zq~r3b@7WFZeR$7$Ltl{-|4&ckpFlh3o6e>SUVjK?ZTEm;t4}B#&1U{J96yl(kGekR z6;c18A%iOdG`2y?YyU=U4u3?%2iEhxXVM?)x_$VAA0q$L3w6jRyeIwm4 zYDRMF{L$#>7}oay82>K=ey!I3%YdIG@+YbNUk&()AU`Yi|1AibAWROa@G<(Q72}a( zDuhGod7uBwmEphgKyHHAtSO$s&2PuAU(5fu-65d<$>}Qge+bma(ITM~A58YhUt{gj zIV&NgR%GP)!yJQS2q|!UA3%?gIy%hH)c?jHkV&{mJ<6DoFFRut+o)FMw4c0_Y@b(VwX!*Ewh(u=@m zi(kWD(p?SHPofu6+Z^mODrT2w9EQo;yykQzAx}$+FCpwu_ay8H;-&MOm;))q;VNS4 z`4T`fZ0iS@57~SdO6;B%>b|*m)>n9!o4{QcwssM9ed?a{#%Ec|K2@)uQ=D$P5{sTP z^`?kcGg3M!i7CP9LTjQx$qXG6%|TG6@;;`ZCMU0=m`s_9luT5VD6*Z@aHQO(nEX+YjsKge|1y5%)U#lpZYydO8+w;YfX73cDG z)5vk@T?;$c_3-lxUT{-C$!VLC_cr{c`DpXyRtXu-3v1yZ=}?n1(yReLqrLY_|Dfwg}q{{AAN!QnSK4zBg2j^Bjv=_+!ajKFJl2 z6*r<{h$lO%k_#;v85b`=iPWDAjYSUi>;>vKiY}_g@TD6o-Y_+rWBxgbST)^K$MPE) z9`c`6Z7bEZUaG|V@c09-vYcoYmJ3h23_%hlTv^v*U zn8}xAKgr8Co%w$D(aMJlYvM0-^Hd@-7Q|Z1ZRs=_o;OgxYM#QHQ_ZgZF#AazA`a1I z#5AtH<-7G~8QmQy)R3XGrOEZErx&=?xR|w(XVmDdtxXuDn8$Z{H;`lTVV&nnCVlS; zD)zloJs=A;Sbz?DZf6)hYDw{`yp4(C5I(4^A$KcCri6R;Lu1?Wn z7PgocwFsG#nupQoMg5QVK@LuM@+C(pyQ)-%28m1#(pj5#SZRhTEXLX*V2F<1h=8M8 zGd*C+mvjYH939p<9OZS@yo9@49I^-i?c1kHLz6!7aPx*w!Zth9Ebf-IkA)OusPX(| zRD7#|NO2)rNtAnKwfh^bZ4iTHRjVJEV~8c#kfgqp6CDn{%j>*;5ff|~sIKZw9=7TP zYYN(zHyk(9x#Lw;($48;=CXu_Nh50jjat3hcdG&?|`iK*m{>{XVdF5v#&A+Gh?4_ z<>q$O;I|qJ7Ti*7tv4vjh*E#vY_U|D@J|K| z8=W@%Pa{kV?{I%;b(NcM(?W3yndZmI4qEmzO+t$l%7kMq61EZ+NDX zxan-BLs{dwxGd)Lfqo#ZlLF~n^N?>*%k@QsXMStgg_l}{J&M#DWYFZGWOPVkHEeBA zvl|@e_6BAWN}Q6X{$3$kWB0$USoFa(2@1cSjjzTBO_W!WIEpI! z#;KA3Q*hKO%2T~=M;gX~ZWn)f$cK^GMQ=51w81R*DeD$U_*3C8h$%i4>25oLaK6hG z+`fz%IN@M0#3hxrMQI(sS}2$)Tfeq&`%dMI$Ty`SKoH?GGQDBeU@_pEF}!cO7vQHN-HymPaW`P4AhRL-8KC z2wHoInm3GaxvxpDzIAB2{eFg8fjHAv<7mwrs>j?LVGk3P)CWu6gRCS|B9*@Dhk`^P zY-pj)8+*(frBGaKJu6vz8R@ff1IyuB!E-%^benG&8j3mYdUdODb5PUP26cN6f5_?S zc>eQ?*e)&?Z2Rxg>>s?~{1}3gH^bZ*R+Tj`mFXm0UNc)o?!=|}LqgP+fu?BwXvR{l zdt&tdR*gfimuIwxI^EbB3zWN2bKkCM9}EtxY3>zlfwzRzFKs^cZxv7Rbnj%Q(G$WH zmkkWooZnLH>K{mlDjha&^QeJAQ4cC}pzqPjIYom-(bw&Ylj3$oz3cSarjXJQ*(0V6 zXDkp~4I%2$B%h02x{Jy4D|$e^iXve3yt(N?&Rtt-rOxU5RY=ZF&gEEc<(q@f@A3Nw zoIW`8u2;U{Z38%Ss@Q>)^F3#oncT*n;4S|7Z*<#k`8b&9{^&S257p>UR_>8^AX5muB#Y!Kl2 zAEY0{H%^YebX0q_u%tjUG|g-^MdYGK(@}lBDujNkaluU>1o+g5PXvV>GLwbbvzIDcv-zzcQ~DX?>oY|A6e z3uK=k|CW8e?}eJs$PP9W(BgE1l%J-gQT<8z;zyhbzHG=`D~5zr*evmlf>tPu0sKIV zm@?2a3RTlRP1IxWgy%H7aP{tpFWZ{6c53iL+j|{?XLnv!%rRwmKdjSJIpLF^_3RbLi1pLp26-5>t2Q z1rQ**DJND^JDUKiJ^wBg=UF~pWxijVx|&sq6r6t^%C@jOoUWJSqSs|-lpmvU>zU81 z`S(t8m($GL_PPdTZpN60rS0si_Y|5hwdcB_TKI*%uL``pk=qU4?IGy{K^>x?DSnQ% z!ku_Gld3RM{D=Etv}=z+nf(A~wH__hz|c?gR%C0%lClyOy%c=Wbn$NUK+#6c}F3OksE zw#)VO!E(NbDSV1Cx&4Y7ElZy-NZ;!;&Ja=KjJ5R_q3T~J6}bVfc><*qPYYQ$p5bWT zUq!+qdyIkluSQpnI`qOiRYPB`gH_xeVgpXbZ0r3_iHr}OZ`IeL3d>wv^s10~B#P4G zyOxRz1!FuWY3Lm4$XCkubg@qQG+t0uDt~!6j0OsBtE<-%uuknb+{$rC%_VI8uuM9~ z`GSdDf_XtrbCF$wG4}61?z=K}Bt9bL@vc)y?ir`MS-U28@<6lFg@@+HjL zP2H7}VA+!Nj+FfXXe(=km?kGQxAa*FOGuw7MwYO12glgw1@CSPTEJ)12huL|OsbHC z&)3B`I?DUQ%t48yH}|Oc3%!C>WR4uL(c(B6M~FfbxL5&`cCQj!uc`j)7G+0(#PwqF z!BYiSBucI#t+f+l%GWxaxnj-JD)#an`(u;rysO0mg--K>LE2={s?}$U+)SR5^=G)~ zJr5XvQL9s&wZJ^Tj&vB0Qu8LCEeu?PE_?G}X1V5~cSXb` zF9_TqBWBR&s_9_Jlt8PYEIP#mz7OhQMWqM*Q^f|!zV0QGfN~`dy39b2hR0D~21UhZ zd*T`7)h_9)YL;gPN>7wq(#Hn4thB?}9^S$n$k5E_=uxFoK}Cu}ef+;Um)O&Jm7^(( z!Zb09t1adXS6?yuf5{FB>YnvkGjN-a-7?S8X~uNkY+1wh$CGG{O?!1BX|gk&m~c^} zBEq{nGH5{MO&LUfc$}D)gJ#i}+fNHGEi&&EX*zb~esbp-$}VShzHFwrONU#*BpL8( zaf*9pV^K-ebJ>7dabxJvNN3NQXe-+<~})(ZMves@m|l8(_O^Xm2+ zMK|89lL(eOTF~%XSyIl2zeyT$*vfkCTfTg7D83d3e4eZ?wLCF|Vgrh&PPP9?L+D}TM^UhdmMxmvZU!Jh$CF;27 z`s)+*DUK23DM?;zzJ}?(<*XMXZ6_WkH_vz7-*;%hxe2CkMc=jRY_XnE7g-##-Pq29 zzWU`sCwuo+V{>~(yJpLT(sF_?mf=)-A*KBi&zylCpP!<>)ySocp58}Rd6^#qA?K&# ziCym@=SL0p$ij@L%-%thi=X4}(=L3A4QC$PL~Hf(ct@-jCpA@XN*CIPXLsHvgcyaf zRd$^8=(FDW^4R*(+?qlot>Av8bLI|O&YB9Bg@ZZQjU2XSrg3@SqS&V>YW^qs2L-qQvkx5d+@|M%blU=&a7g!5u!i zjL`;4kRP%qxSZBim{t>UnFwW9pfRclDS7{_U9pDDQj=39y7Br%wYB}I+U3{de?y50 z=ols?m1^b3zjQUFug^s33B`q|1#j4DwB{z7Y(=%``kr#|^}Y9f3d zyj(X~JXQKn6kVhZAGOdcV&Mo)oD>Gvn~DnWm!MUyV^ux=Yl>-JCd>-AzX5$d$Qe;~ zy{>V+$C||$JLO@HR8gM=;-m8d^VkTZ-GZ|o%Z2{CARrdkiXH=QZ(^35Z>D~7KTK1g z)h*Y!C?nS-tDG`7Y9RJ;aPWcS`lt z$7DtLL)6<*c9R^@jo4aLk1x2G04rzAAv93Mv2lU0S-Rb2`33AQRe#%!q7#RnuxQ;t z6s|0culloxB@yO?2x#%qp4Ld7dXVd^|7yRMyn*tO>qDMB^%lHq%#FQFB12EI2-?rC zZ5naeIIz;bJQwe-3z?uz^ilI=wcUX?uNg!Jsw$Kdm+QEf%%AI=U$Rt?fGjUd7h2e| zUy{WMqd_8*K3BvS4vF0A6lXJMZM!Q0^fQ{*2S(_3)K7qxyHG*hKS%%%L#HZ@i4J&1 zjyBH}WSj6@$4H?bp`N9H0feBKk|lQUD)Ys7#Tn+3Pknx@FR##a*a^s80u-9|hkupQ z2+SHHZDK;=HskC)$$~H!&WTQy7)7WU8h<^)D9hfg6m?Dp(*!aU zQ}ck5GT@&9zKHf~%)2a_Cc$YsRrm3o2IQUwv;S>`-Fq4Mz-3Xmjxvm;xwmC^Pt zy#}fK&s0HU%yK!mKKbQP+x*OrqmB}?_dy0Ks16%7&o0kC-8R2)N3k#c`5IUl$QcYG zd6O~7s&Nvp*A@&sFpN(B-8Ml4Q$|;-Vw8|z$neCIZ{#h7GM;VERADf0HO`wLZmg@T zkGbskT7xg1wA4?@nB(0RcDkr&Ml%jI!B~|Al|}+4B~)!rVCXWA0+B;&7N`GMWi3W5 z4E0Hc#|feV&+e`+!@cSX?Sp)!%6u%rj{J(of#I_~3YG2#J%RSneOd!ovE81nAqQ&A zYti%70OvySpu)!=wAi8gh%U;hO3yS74w_%~`bsW*DfHiN+iQa!u}_v0wWxPm)8H)`3^ z5`1v%__sgTXpVEizcMh+M=Z1Hj-LTZSzJf>D#* zU9QM$ZYh3gzUbrj_>TYnump=$J=vbsG9?}F?@&r$P+;FXKGTpK%CkX=e;lp-rCi4# zE!zI>4*povRZ5mJc`sWY8$0QsJ@pd23s*T#%o0~FDekD<1(Dgt}=-qqn#lZn+Xw?j0!Pmo>Hl7?iH24s%R%V>4TA5v@5O3fp?!I`D%} zup`{hjj{$3U)DFErEiZrjSGDnh|8PhQ4!8StbL}tolJ)9FcMonffJ#jzkK|nj`NT_ zz~io=6De)v5M5H)$Wg1qN5c@5cRzlDzcIQ(`zr&X<>O;$?H4Hw23jqX(pSHI;hsCD z^j$`W1@6mWJfZlgB8hLpwJ&CMaCd*y*}!EBukVEYiru#OU`B%9hw27lh*;{W030AN zU(XmwiK&N=P>DL(%rxXO@OVSi76L;%Xt#cTx%&PgMzuCbEb{8cJkLydm<+k-qb9}^ zdWg=QPkLE_bO*9Vdmw8Hp}Y8JI041$&M4&s7k5;QCZ(=sNY>$ieW|(^v-VH44iOd{ zLl{)6mk*NuAT5~s!L^U4x|JPZ0%^m%Ps3-+W}80%G9g;f=eRkgUHUHF)zFAfZ^Ggx zg!tcaMu`_JKJ;paj2yU}DAt!6EYK9)KyhCWeWZa*yoAY_VSLv*h%k=ym4%Kn6ZYiL ztZ)VNH|ej+S2J==iEn*p+RZ{~b(DzmtI5Au#Xfwz4!#$tdEB_{b6L~~>&F?4aXB!o z+Ki>yVQOEycKo5}wz8VFN~5lgCeCIUX+(3Dc^I6EP{p1iPt29P^mv zgrEBq^7R}Z8dVasu{*e#ix0}f1m2xpVkeN4xdYz9{wx3(=^ApP2u=Zds=S;K4_!GT z%5O0f^?_){u|KBIS zX!t++WHl?q3>3PZ@H&UrKgw|oE&L3NF|RzGzW_A9SL(6XrC*enzn&Y@FA9W#Hxj{) zlP09AJd#cdATM+odDc+$qscmF`-XyMR)S;9I8hsZa;a3LxQPLmkrzMnY5Xx;w3a*fC ze<|NRNOx$J7}k{VT5CeMgJZa5JswZkzI0;HoI2Z4S}E^<-}VK5AYHVO3=r2mdnej_ z3aR%^2TQSJ6(`Fu>W-mt;!$8T>gPrgL2H5t2>m%DMM2iH!zo5~hDGP&H^E7EH#HV= zL1}&}s7itD!0;{qK8AJ|9|*vV_?~#|2Z0?J9`siG{#y;xq5O6lUm@XgyJY404{d>D zzc?mPcbfhxp$avF9&>M-Tp)`Fj)k+*u|y6YA`5dU!ir= zNx7i3Ke4KO-%6^x)T0T+ zl6UU6$=Zr&z_@LQed9^`aeT?JfhORK+GX$q16sIx-}$OAO=Y8juwV*uupDh9KM<8tjov3O)Mlpl5nVz{!xcM=JJn8646A7>vUrVLiY+VP7=)r7( z(v{`U3{?}K)h}9Ay_o2UeGTExJizw>-_P7=)zm;QmO`%BL5Ayx94nt`yB>W-%YRs! zM8#i=lM!0A!10+zvUd}oO&OO+Vxr`sQ9z3*Fn9{AM5r5fx-)$a{~;4J%mW&&H5wZ| zVFi-E;kVC#wFg!UCj$KbK^F=_w5F=Y$3_@auk`8B1*H+-M}Jdm*<4xEyA`S(^BBMV zUDvo8SPtA4?TuGxv}Vh&R0-=hQJXG5Hs7!ixpW@=j0n)dcXTjIpTleCB+%00t*zwc z;brS_!l)g9=t2T)Lg9#LV)j_jb2?`)OoPDx;vFR9-A61 zXn_S(z#JnCVhFMO_Mze1+7ZJznOaG=aAe9nhK63tG7aI6*+WC=qjiOG#y8JYF)Rn; zlbZ{Jo!)_jxj*zp@DoecnFd)RPE0^UY#*@n{nx{QER&|~f!7bI4)(O^@rR>p`SuTc zbW5_nDf{%fVKfLc?`b46J4Khh#$xsA zL}F(^d@VcBpR%cF6w*NPA$_$4#EXTKgFXhiFslpA_}F#N0C^n#n#w*r!^hZT9)-I| zOkhg^H9t#Ko;sV%yhD%Ic+O+?;BCb88Q_5eBQqhRj{4@qWI|@;vALfsE}Al+O6a%! z?4t>^L>(M0F?&sk;M*jc5>K1~re8cc#~r??wMEZZC_>#z_s}1D8^wXdU+jFwfUml7UCN_ zaVH%J$4fM`N{W{o3rnW*ijHcx9-KRlP6g4|nR#1rF2wtXy(O5b+OV{4jOAu_1;hGO zJS`G9JZ_y}iB)ZmE1wY`;ICs z53s;Qba8hLaof}7X{IGi?vLO zFE&APIi)oZ+Is%JEl5oBzEF|nmvy2FkrI#gj}v=;3`TA;XZ z=@Caj`s8!(F!^D!*eFZXby9QaOmT-$%ebXYOn{TpM(^6wD0Coy7(xJ>Fdff4X6%U{sk#9R3IO@!0kKRnCTeyO@U=&%G~^;f+n(jzN=f@ZNUQ!krpcR?3B z$*!#EG6bmM?&k=q#-d5z8gF99r8jwU^*}r6z=FS-8{@ftFN`-D6PZ^8T&SQfY&h%6LT&X#aawFA+S`Mnb1+rHTV zEABG6ERY_ib3X=4=J1pE@tQ>H8_6tnXMnS02kglP?EB&EMTM2_5 za=7i0Q~5a8{#{RG-NWtoorJSQtE{)eApGXSdvxMdG->5ega*p&80O4RtnVsc?(04a z$*34mAPKq8#}F?s0y*l3&t!i^ycg=17bPUB>=n3>nb zMHqC2mCb`VIUtfXnu>h3qXE}*9)1z^@F}#9%YdNpRCiUwNQ_SkxNc;f>8nW$XE*cHY*+1N)+_bjU2QV0Aj zZUC(dIdpaG+&;%}@G|2}`&n>c)@B@XkT029SfqS-@M%eR{C2L+`YB`d7ZdWa#?Zb^ z(VrIqZiHznO;mq(Kc(2qHf;JXSK5>qXpco$}4O+W%1CGOOu$`AM0J5=qnxnhU z+K+}>JN7|L==hd4FQZMwb_{`}ww^CA@$}4=zTf2$B01+pEo=_YLgnawM>r8nolhVK zvX+_pGJ*DTLqCHtLTZ7pkDC&a@&PZb){gXY{nol~};@^7#e0a|>@f6~S%t?&? zg%pxSfjAa`kg%tgRAC2_f1m?xSZGW3rG)A4t`x)CI^?>C3Lf!5yM_Csn^d}Qv5FKb zM}>Y6$f+DlgWjz}^DYj~ObS%a;Zv88FzlZCh`vACC(O3=v#qRyZ0#3_)AiX~g(+0n z8>34gR{;pi{vQN88UtqRscMfTlYh>4Cg7F`&fM0MH}srvTp@K`rVUh@cx*oT6$#&h zbq>oczRQ8;4G4vGJV^e4 zLV(K93UDwClB|^_;;RyZ3uyypjnYav~SDqIt2NB*Z|XqDhMDwJ2Zh35Yz1ub3hE25zytIp+Go z9Mi!-S`UAwln+S)2P+ zJFm(i9%SU}bW%BwE%v&Pd^d)iISy>oxVV*4ZEe@JYx>#{1x-}+@Q+Q*07Gf+>_>;`Vp+2MMWx_XLRmO@x}NC5t5 z!2!hF81^_U@Ith*8Y)x;jF+zM40ACtoAXg78I9omv@yxZrJE2d+?oQ+>EIUUQy>I@H8vlHW2zHTl`bFR=3 z5V=wWVLWvqu%QEQd63(4yzY|v{9{|aVV@K=+9)X!4JM8z;%n<1XQ2Zq~~!X0u7+mo3( z7ApUbVZ4|RFEx8D`X)Wo{I5ZXc_$fU`^}#$+~`SiUyS>bGu&Z)N2O(vahG`FJmk5_ zoD`?`6c<~&C1WL$FBzBM8k@^bcKQUgA_^I_D=sw>VkeJpJB+r@WiPGZ@)umm(d9fi zFgqibFVm%klg)rTB#-TH;Xvi~_3rn75HY}_cUy4}A35mn>-2B_!~x)4x_;P3|9%$m zX`MJY&Aj!E-Fu*)7DYyRUYpe+N|T>5XaCXVN|-O58S z<3G!z5I~sk^7B8dsYyH=Q2t11B*JKO(QRi5OXhQ(F~U!Ez2Sn}lBB1@oAlI>w;tQ| zrOJ4EeR^zq@V$uh0c)F&IfnZvE50;iG5N-B=cqoIdDYIRA65#^HwY|QPXhbn51;R} z%(N{pvtDA)%s5NdDKxbeEsJp5-2i#vHX~gwpl}FLW0nF5&H&E%MWEpC^%sOz7y4>q#VGbM#_RWtV^0N))?Zc*lNuabeGogx9q{ zk1@?p3_{{}xN+ytNo3DEoGCufNEhVVKef>R++(Z0$xv7C(-rxI?7u$0$WLf8=f(f{ ztV^DA7>dCB5TYU6TZ7^5s zG+RnH7RNuxAmz3Y&Nt(yXf6GcIJgl$@ZjC^Po$&^^D9}CSQ~wVBpWwlA?Msjz@3Yo zV?xQmW;&%aFI&R@*3+a|Rc5@}fWQGWC90K&GEL{O^`R&h4{jXO*#ed~>g$zm<=2P{ z=ANxg5%)(qcl?dB>>Z#sD^+O~J(-bnb22=~hDp}6xtK9q2Su{^<#a|cE~yrC?!`fU zb(ewVYq{GL6&MuYJZoc6s3*r@GhJjgHPIII?EDn6hohc(Z{>=zW8c}L*-1S)b@fY3 zm-T(4fR7slvot#t3`2ayP|I_UsnQ`lJy*J0L%{j^+{o_ER$cI8Hl_x(d-%K=Z>~=Auc+168zLpVCN4Pt8 zKb+4-GIH$8Nk|1g{&mb|`lN3r8NLc>e{UC!XFyD_fTv7xMP!rq#xV7AG&wJ2k7gcx zp;#}xHn2JF7~uB%?xb-nI%Lg(ALE5z;X2VOs?n3hMgs+Z>! zDvEgdnS=FvlLU-u9(WY9P44}3Yyf29eI0{y^(D$vBAmzda4rVdAG~OgvVJzD%D}v1 zTLcue$AXF)|DnJ4%yw(a-FiRiF^A1Jy$T;2%7d+~0yEdG+5?90mV=*bKGubzbicvm za)SWSs$~=;MPL%tzd*DdKUlATVL3^})8S>!H^r(1nlzGPx_p0RK@6UW0f%_J6p*A_ zU;DbduN*9m1cSMT*_n({La&DeEraM+-Sgg5m)V5pnK_b4Q^sRH_x6`pJX^|dG<>Oe z7Hc<`-&My~w%5jz>Z(K_kBy4%?QFacA1xJc6IzB-*ZUTAl?0kBk#|Kt`-Co-{LBkB za}&xKlIrpIKe)TBZ?+qtdS3d{dD+g>w`sBt-$ON5Sp2DLu36J0Ca-D8Z?!*t7cWt&88y}Wq4)7cgaz@S=LoCtUXy$i9Z+_ z;Un)G*7gaPsIlhOo&2&AJqrry$_%S65nAF(6BBFn3kZyOH#1MS{8S>9# z5F1gl3Cm?0H=fEAC~Krzv2Hg$pZG)lhGV1o7Fo>y(W^7F%9iYJ*&%VoR{EAcJtzod zD$W)xDj#KyhxKOxxh4aCnb~6H5z@cylw9WFC z#;BmKF53d;V4^5)YBI+?`P3D&Hq34m{|_2q6*cQ;p~>A zRrF_yYwg6VZS`krWIy&=-B=#G$*|RlYN-mZi>|i5aCxas}d&@_hhX|1{L04uZlx^XVt@) zxo-=&RF#0?^YX$no)_H0CTk>dsLOu!SEHs9*y8wt(zP}Ey9ckZ$QQTDm3s7?@T>;= zgf}OwB~Fc~`Ajw!^=an_MRg?0X*t(E4SCCR`^pyFXD^;(EP}!bvElAS-kgaC$t=Cf<7i%OvAV|ryG#vx==dWFKptIz>B~Rb zLU7oHDzBUqvu2ku&j*Yb7os;X^D*w&Z%Z=}g@088*QO8wt%wwan5V7w=NLkGkO_H;! z8dP9h!mw$Aly&&SBKH`=E2UzXgc)G&51V$DcPD>djxxLro4&)f^3%@Lvz`$3Ej(gF zBvELGg*%Qv)lg^=I(iwukB0v+^V>fxUOsZAAlZkdjZv)ja$?y+9AG*|4pkbyy&z+v z=eV=nTM>mTBICd7jV#Y^U^z!H$qXhJULa4)do&+1gb%4!_)R^x*7Oozk)=90vS-qm zMHWC3o6Uxadq^gk$rtKw#p~lEW#GB(s-S_ORQ9B5QmLm+>3S*;&hIIC1$9j<>U#ry zE1QaK2pwi)F3O(BuvpZhGgEqiCme7?&vBi1QZVy(&w~)KU2?Dik+$KpiX^h^x_+AL zL*ZS?t9E~$?ug5QW7SKqc4t@%Ogz?0KmpYYNa(`Y1;jYQZ7n7w-k8FI4k+~B+3K@A zoSBn@L75)zW3KSeGeu~~!@9!6Eryr+@1k#T$Kjl$urqv)GcYSF)tZgIG3*1lYZ{$= z^~b|xq9;#uZBI;VKC4eD{r$b&fv&RnQ?^VCQ1A9KpxmxvFDnyd?rZ4!M%16Vuak7J zZYB@cV(^M{SzQYFfP&c4Sj7r|xc-QOl!g-dHROnJl@FJjPA@W!mLLX{w)Qnr@%4e& zae<9KJ&lrczO_F4OkN8tE-k@}-l_Thfx+)0nIwES9%_I+c!Y?a5@#1i)GDV~FI4Dl zW5|!@W_@L;K-%V|h%V6T=FgHA(CVu^_HxPxqJKeZ9x`smBLH4Nk3>w}^enIcnd-3T zpj4kThh`S6-E&4lMlojcJ0Xc!wr;R0%sw|{Z^SCl5AY1M3p(6ZN<(2XG5weCd28=u zj5_n2q$|x|f|%}NoM@^wcoe(CpV&XSu`0iPY# zuv4;!zr_i}LM%1ZQk6H#PwrdM*ea36Hh`1b;R(M&OO}{ze@^gUS{W-f1n+HzltBH; z>Q~K3j+08&>`8roM&>C@Z-@$vRW%zL&hQykIlgBQik3`Q?!YKxikkxT>j%IqX`ZO{ z8Bv4m^k%zUK8p-HSqr4ZTmYTPp`2kr?jC1`ex=Ar&XOOp$ddK0mK_^Wf%O_V7Vi(# z9<1MWrgb5$s2Tb5-14~Nw=(GHwN)Cn9A~x}zzAY|SF|lTYgTK*?;Xw^V-P6$Ol~b( zP1VPsiAI>$dH90`bo-r7_(V}E5GVYVAOFYgCmhR1xF^c)T3~ocus7TmQW}o%`{A0J8A}zcFk2GlofA*j= zJSCc~ZMwMt-B+P%mq2W_V-$_QGzGc|$wN)s(zxK$Fz;sCBnmFSVpjFcL3fp=W+tzv z(LU?79T=K-SD_p}cs}paqj;E69Nn)GgtH~*T2CippC>RK-6MymsyYuj5S!amZm4Ie zo)uvTPja=fERhmfqR{M}FgV#jkv8QqxwO@%XS;*<wwb1jURXN5bp^% zZ5Su^k8YG5tU4vXUbiUPExIxM+~?{;;WSAl`?+J*f! zi;XgkosAW$+cq8q#2nL^nxA3zJ2FWbfq122DQ`#K1T}oAp9}H+mq_TAoD2R4M>LeR z8ky=>wqS3O*Sz1xav`o@)W@zkd=H`D9>bx}ucuNLfMyvhx>VkNUjd0K<&{ubm)Euc z5@C7;zaLQjE=Ie|)DKLe^&$(+=@(MYzUXof~(Shg1l)i#pJ1AJ(&32mHpN#8j zJw!z5gfm6L(um5}n6QyUh|~&X$J@LianrJy5BwUkJ6PF|ffiD)cV0O6J>A$TI668y zJwwm*C>Q^3qPAu+NZhe;e9{Rsxv6o%x05MpQN~r(Z>#&l@S7{Ccs655+dEzn!|Py3 zUepDJC7-g^=9}1FqTGcl(6ig86-4Uh`9X)wTfRwxjJ|e0@19@tk@qMy$*HO5eT`rj zHq<19ua#Kb><~e$9u}GsWYRv-dnf(}#;c^OyX=7Slw)(fzr<-|J)y*-`{E;Z-*v0K z;Uh}+?6aFUoN5I^L<62nrlEwcnhH4P~{;2oeu|NMcWA-#eJa$!7P-xuFU5ezRJ z`DA0fzu1@NEp#)_&a98p4BaX8m>d7j+M={Or847z9Wlmktegk7K0+lBQp+gfVu9gD z6fpYl41>z9W{+&d#B~*480F8)-ly1UgqAjl816vF0}?`)xgm=-Fx=xp2amPN2FQiD1FI9{{D_< zave0#79&|o5wwIkM?BwOX1pB;e-tb#Cu2}3VtK0`0({$*u0-@&s9{Qf8 z>Ofgw0H@!VX|AiCsOh)$<=hYos=lGodwEidM0#o;wZ6m&4#Z>Koh7Inz`EN?gk#SLq4t?qx*SGZ($u*^U_@{x|gu&{5Z!0ZQS!@5cL z&+}EI`!oCs-iSnA^!OTp6r7gzP;deIN2$MmZR6q4JfM0Qk8kP)<7e^TQU?|%l)*2rNDk#*kv1*4wkA-vmPPlzOd|&dEy91KELP-=J!HBN zDLdJpLztX^wE3^UJthvZ|8(NH$dgEZ4X;AwGH{V~&?)vOkEl3~@9F0C%I<}$?dus` zujRUX)OhCtV7ue(rx;U%hJuwJ7$CE}RNywLNlwuh$e?$g##!*xK^?tK^m$ zoeKtLi^N4f(~?83j1Mle#VQhcQoppyR8TRXzm0X^(WCRd=kzdl;xl7_Ctot&B3~PV z8<*I<^DKE+He39iQWjDCz{!qDpZqN4HZ&ZbsZa zFJ4~zWDW*tyRO1s9xXal3W1l75PK#J87vPsv~Cf_Z!(zm6&3Y4oOSIpv@O!vNnGX~)$^OY%lmfm3-6dkDL(?q z*wLzYy9lQafkkTgZYDTG{lNu!K5|(?Z#`qO?9&Eq;?&8c!cfyPHU;R;LT4m2)oU?z zG-;Stc%-O|tUMr9mm)eOXj|_{ywJ_oi=>Qc3F=&SlG*P#*esH1q{Rfqm_zF128-ME zh|Xr7St)&b&Xp6fnad3ad#a>9S!$|mSyYib!RyqfDR74PIo_dL8e)wS;}(7EYF^8lQuR!L+!Ag|+hk7krD@@D93$hlh&xzUk11?V~ zsy?IeI~Unf0QByqzU}0n=-s1ZkdgO;ryHEN+lN+`+e2MEybsjWIu>Azmt=hBqgP#| zeTL}s{SSJLix29aavZ`Bo{72$N`oFA#XFevW%pLsek^)S>Xgm`BcK5Om^@t%$_tlD zf+yp-nJ~m-^k`=`ZT*4nxh=P~Pf(R&Qt1X(b}vj{Y*vfc2+L}m76(IjB}(=nO>Jqc zlQVOo9(vw-RERy5=un>F_|K4UJbsa#P)2Hu7_+@gr4R5DkTg>%dGBXb9E6~UvA_tm!)ktrI=38PeXm8*MsI<=J3f%h^k1X=hnBEfNj`4d6Zmvy*$yC5Venc z$>0$><#I4yG#Q(ey4hUHff!?;=iWn0t-2HN3xbkTopZp99?q18m|J8^1jDJni1d{CS!DrR9@mWnk4 z<*XoynHgxp%Qu|a((7R2^UA(o1kX;9g$Rzw*pC|nb#|A8sB4=Qf08vG* zfavVOpXsb-Q&Ps`J9%}hL5OSk#A5%-{J=Q_Oz8k|aX}e@ZD>k=aAILe(&uA;EKAQB zVT%R7$1ADh<@koa^Y4k-wyIo0Hd7%(&}48nld?u^L7sq~m;-1c2A0 z8}4c(ff9X1qB;>Wx7Ny|kc$O4#X3HwM`#J%!|mda*?H~qKE0=^wp6;R{JX)PCc#-K zb#cqhI(3I2HkF{%WS*oT4tH=cT)GWXnczn)0m9mAxpJtMoPGn6~E_JabUWU_=e?T;=FxS&8f% zCHAEWalPIr%q%*(J38qYyBcP-5SHtYi_ML?|FHfPc3W9rY!M>4-oK%qC{CdJG^C8g zU{x-Rypn}+l?bp_I$IGY%j*yCw6sK1y0i=Gt^T$M;5-gxZo*nJTJA?VK3K`j;p7#) zY*>=oEXJDB70lzGNl654QC8!zQUxdj&;Z>h!#bjnlXMGmKuo>Hxqet_+^8_jZuvgX znYVxt)9F01KJ$kSus<$A$|v!HK`zD7vj^g8K}PyViY8K@*@kuYdpA|%K+g(r(DVFn zx%m!n>L+ea7$p;q3z0Xw#l0zieNQOlqsK@5C)_ZahbDUBHJH_(TULGu8bjJi2!S3%}h zc&aA_9U=1+7)UkYiWWHbsR`m|mrmk6Ey^h^?XKSGqG-0!nzfOK9&0}v4;4WldNt@W zinp0prf<(mfiF}$*;Lv!?BJev&T|fBbQ0p=qvio}ee0Rk*=EYd{i7~{_DaTmd=^8C z@fm)5xySCc9eHB~VAlfxb}f@FngK$u$W(0N(hv>>N21`+sXksqb5DKN(jY6!OkE(f z49kP08Iv-6M(hl7{}PwTv(hjzOoe@YtWbdG^N+V@cr-)w z06}C@@kXED0MaayC!xr;ug%|sCdp>|nu*MiM2akcCQCPOCpPJ~0ZKjo{yQ%xmt!Y* zd@Y97DU~d5km`N9go>HMBR3f9-_`_TV{+-3jIQ4$u?r?AJ2j;=>ZK%eH&Fdc#TvTL zcUQo))$WKyCBO0RW1dAeoV@Huz65LS*K@aj0O`%UTub~}YoxEpNDEL+jLedBiEdM^ z_;K{O+%B~^%lG8biONC)VpNlQ(o-e-Y?x*2RmMA&KS?j;&lry`n?oDZo7CG-)enbb z`{VPcxzQJ)nWZ!Y4El`kLPFw1vEA6IIY(UyuHiCW!e8NNy=VMXi2M-ds!luXGc&Nb{kMXEO_TIiMp6zIR)LC?KowUziYJ ziAg@kY*K4WI3Wj#O{Q@EVqH^|f%r|Y-s`OjK=8rmD3oGYY)F16!P@~%FXk&!Tl=Dt z^(ZUv4gJg{wPmN9i`K%IgWbxf7n6pL=~hnx&Aj=JGLE}1f3$-a@{(Nz!#$L;7lL~* z!pgmy{g{F5xhOYp$}Rch&W^;Idl^E10NMlu9M=8J6kaabFsgaD$GcYfR(^=F@vCXD z{MJsXGi~I^PaDRp$1t*E2I|1W{?ma+6#cue5`&;bwCm`ZqGTaqq#q)Er$WzDsAwGG z@w2)4i%PjqVjU$hWvJG_}B`ANuul2?^r0p)#$i%HzT< z6bqS7hIxC$u3rEx*fx8@PZa!$z>aDLZ)+Z}Xlv+U&7Rs(*hBW?CCfvH{raZFeVgkh z=^CybOt!2BBA?p|r5bu0G8`WrLGxF<{Lo>`|2u+v@e^zSp|r4a`mVE#Aq*hABfZI- zFW`NWp}xX3rd@r-ZMIhnDgeJDGF--ciGb~B3EZ>^6+05tm3s5BpwZ3^e7?qsTu%>X zpZzI3v>7DxY5*`mfurnc%+&@}AIO@C_NzaHxF$WjYQH=CjtA7ZZ6Nj0N(NQt*qv&n z9Sv#t4U1vgRvv_Rm_el^xEPa(^tPP?@WE!l4LjXmjk&aO6buV{QVsxZ|9=JCrHh(i z-HS@WsE*V7-^Eg3#?~2?TWZD|Ei8WP=-ti0v9{XXrI5*sH?vFzi=R&5tEoXjzk}6A z>H(#QxhvUQIDGF^x!)9R+&S{_X49g=rHA3!i^GM?kuC>26K=DQE*VgAr{btE}Z7d2!E zWYPV#PAZ+9N=>+%h^(>Sf3gwHR8_l5s$BRvt993!kkOM9yiD~dmmW~PXiG;8z|SA+ z<&|(6Fu<#_; zhhBJvZ_kMhLe1f($uV^57tEY$9FQf__1X*T8{P2VM$4|v8*MEftZ;DiY}5!% zV{u)Omp#ELzW4Rdsm(trUOvtTD&1RU8+8e>p*t=%_NS8!R2W}b3fwRgScDDdo~%JpFsJi22(Dxy{gNfo0v>sTbbGd!qvH(uw|q_ z;vTBjJFq=PeiWMLwylbU^rsao%)YHju4FaNQthvQXU_`W!Vt zj%#CC8SyKG+7ynUcv{>j<*&^aaxkhS^e$P1=t_u`SCn|n!6SBAJtMpe79t``u6#@$D#VIK(PZ0Dy8aRC%lE5 zvtRxp|AR2j8~60ds5lYgdL3fjG%!+ z$U$XDw$2n*El(>q1A{#QYcy7#`^e zPlJTj9r;@eEY8pd;&Jvm%){O7oUAGKI*6u`o~jU|$8+x5UIjq%WG8qh$9{c2kDJw{c;!ju;GQVza81LF4kY*TWv z!7E21NIB46s(C+CV{95zi)m4J!b6`PD66P|c@vP|xHH_6C)Xc>j){&0RFpofU79It z_4M1!Ahvp^tD{Q%;XFR6bn(W;$QJp%Ch6ADJn8a*Aomqks=iSIY9Hp@`v< z6CqV7u7j2F9%JuvW=Y>Vk-lK1T^$A@Fa;2km{yy!{LH{^(8ODF4*kA~eu z1ffQiqZ$AGu@?>1^|zrRb(_*JX11*%bKrZQS@a^3df;&-nDI%Ok? ztyDF)KN=eq7mqiRF>e}4-W#7xM675S<%u=qi1P!uJWK3pJdiN4ng8(7vdzmb(vi$* zJ&@Aiw%X_rFKdyZdR9i30@sUA3bop09rPLh;A{rhwo4vRuC2j|LzWH|#dJS^ccAJ9 z5t-tyWNAGGzB+CKtu~f(`4)WxOK}=g9qqhv@o4mV;zex&|BIVX-baU^&@M!eFBZrPv&6_H`MxT?C{%HVc&p!DlV)`EjX#e4u{sBwQlmZjK z53U-frZE03vimQ7jqm}if}2Y_+y7>CpQtPPIW#Wu&z8LZZdz{CzTbtg3flk0=rsGO z9x3dnoBMw;h5vu5Kzkfe@mhUD|DVj-fB)`{5wNwNL`|Kk?T7#U$A5pMxf)pU3hC+N z|C`ZiQTvkmzqWNyV}t+cg%un?t?cqH9F#VR%{}ZO)`t3}qqL`x6Cjs8Qea{67 zAzEha27&LvfGdXySX{drXg?yVJ^F__RkWp5$`0N`-$IXXw2yXZ0mD%Ie)I}R!Kl%) zXTE4L`QppVTwzIkq{pOI`)Dc85JfcIX;=m>u0N({|BA=K0?eD`da9!Ieo z-gB?Fk2E+J)*12XnyoW!U^C+pZf;PLXlCYmK|jpzNcd%zBZ}FydK~m?S7A2UPpSY9 zg-$raNT09?uoHy%hnNF7bK08w#VJ7Ff9v@lZjQfjjL(cf*A;k9t?0~?2l;XidngV< z4B>*42AXf%;_xvbTvGga+~bKpVTI7RDta~ypjg<;c<=JBA=0?eJy%+rp0;&xey4K( zAVgbN?n#2xnrN569`ESr;d4~WE`I7L-*8NfzKTih1ZUTU*w|MS+NRDUOi!h|Q(C-k z@g>kIA6r#|S}>7Z@#$Mry|(KXk=v>IUnk*Mjcl3ownIDCu^lEz`5 ziSx`Y&mL=q&p@(Cj@>DCxh6dm+jTTVTDrm~BSkpj)AWOrud5U_H8@`|eQx4Zf0VzF z79A5ar@#$%L5#|cD;!0$K01eUmbxKTA;_QS(6`v+QEWu=&QIvu3cirm2w|^>beAx&LNlA0@xtqYwL_ z=dsbuM7?0{NNelPqlSufg5E8DHWW%VpD$s-ASD!|_zCs45^kg7V3tFY9u16+)xFR4 zs`4Sw+{$q+Z&oO~^L)gcSX+({)5LM_9u7sC5p&1N-ffE==7cL#Y?2Giv%w;1&#&YG zNG&u_JNeA8=8by^B-Xvc8oKmTukn;iQ@2@b8lK00YFl@I}DH7>8vE?cv-2PVz1u>AQtbL2LMgRQ6{?$YU4Q*G;pzhD<=)((5an}cz99JMPe5F& z4Hblp^iQL~N54McIi<*ZFEA_1c0j#Q>h4nV*&lPabx$2VlFB%M>c@&_rJkdf7M#2q z_<+k`U{S&8=8>@wEv)~7$K~M8fhhM0VUyDI_F5*aPWxb)O zHxGW@?}|ChMkSOUT5`!K`b{-)gG4{DcC$C1X20k(z_Y;A%mpl98l73CzW6tYBxMgAHZ(7ig( zf*`NHZh}2XkvcTb|9h9~UM?!s?0nLmmaFb!T+778oIq{#zuy4*u`G@s3Capt{Bm#S z-NRj(4_(o zDvcD-f}r=}#J4oxJTV}zrkmqVz2f&m0i;v2nvs>BWBZ%okU-Z7K-ltV>xE^xWUpQX z7y`J=2Lhn-g2@6u0m^_g>4%8=99B8g3n|aH#Xa@M+kulC;7`kL(Eo#Q91T$GaM!w> zS(Q72IOR9>ZupmpV|Asxz&nbcjcOgiVLfeub)5Oy^T&a=z7k=7q}wp|6gvYj)t+OU z_$@7uy8H0E^>s?`N7&1#Sw;`xZqC5A4YQ_uRgou;%3nSLT?zR;{4^_?ZC()OI~$;T zEor#@mSN}LD55Xz4?q34dM>JsTtywCDgTQh>z~c|(J-Y&oZvRGk^WS{wnG8iQrRfCKf6J}mX@8bKQawmU zg|)r!dz$0o`2I$aip^|*wt$dGkH4YWbJpK8(d-7?j!PXz`gm!KJ$Ohsn{1Tf4-0wA zt;fe^6M`+y$VhW}-~Rj75iyFxq*mMa?rS0NsiAH5b049t?}L;xt4dMrB-*NTzvdT6 z%TWl=#KnabvER-@6!N3RFxuqiqPuMw8oHmrIpCsSZC>_NydvS##cSqK^S!BuccNRL3&e=SJmTBA%`W0%F1MyJJH?AI#BA2$GdEt?GEqGXuA zTDJxA4f&uA`A!JMZAA&%On(qZinV1vfB#wa@$Fw>Z(1`zCm~zFnz+v61Yetyg6caD zfJ!nl@3E_*A{?w*ZR#_Q&*ibEe3*P<{j!S!w35^8?}k%Jz5dy=o>PT}o*3GMjw&J| zV~8$=B6BKg!tRGQvHO!ybt5b$t~`H)aE)uD(R!_$KK^=@Nvt^Ou*Tn90ICHM=Li?I zwL0gkW_^vyb%2Azn*d1Rnn6jY_Q3YjPO%My0=cfWF=CEKI< zJ3W`|JnloC^o_=czUy?j?LvmvI`DHZvZH1aMskTxnAlcQ*pxWzNriBV-gmt-rG5s+ z7sKk%mU}N;&5oX_1%QLEX5WSZyy`CzQ@jT_WY5i~lbNy#i1=#^r4tixnNLg1DOOh7 zKE8lOHd$`pyPI#Qjvs0jyJ1*ct;ILXyR$R>1UuxV%l0XVKIELY@VV5&37}gNklB|) z=4)xXFGB(->>M5#=Z8_od-KuGaoXASg!P2Xa{0n0BQ=r&)1*9STy>MxawkgL%i^wO z#NPBv-Cq4Ny&|mm*<0pIyx*Jre|byCb?R_2MhAx6gBdjTJMX012o%l$xNz)=erABA zKwpYn`v57#1zXyi-zqmYTty~_i95Ph2q$aJ5n>S#Ni8HVcnQOV=HO$h_|3CWckBp7 zdB*|vajmlEBc;`IL$c)*=y+r{KiDE=_C?6|Q2rAjX$7+nBwNZ~WA&QY44 z%_T|;e|DpBun|BMqJ_2!0abaCT1x#W^ZuWlLd}|W^v58v*p5OU6}$A>qI500p|9XN z!%#SUkc_|Gt5rNOzxS|9qV3p-qfGT41quI0iB-oqAISy zJ0}ZqU7S{zDn0T@0~o1hOwiM!Gzgb$A-0>;)*0F1p@0mUw}WM(N4(#Sp$a_n(nqQa zjlMC9z+g7_&oz*f&n;7FWgY4wR7Ypq!j3r3qQne>lHp{@Rd} z-ayK&florNWI+e)bApvqXIo5(&{S@Pt}{%__$u-(TQBI+UxT7OS?Jw^WcSt%Dutb1 zs>BlS1>ybct+P;6)(8TLI0I{Xv&WwR`=k@(JY>k{X*&9lFZ^1RJZLCKTmSK|=B$^O z0NCbZ^qDPcLB(I1DUFqeTv({iWIUCR7g-#=#0A5TRQe=(z-}@r_RS!5GGtmhb6ix~ z?FXa@dMPZs9}QEC^u^-HvB_<=dM)FAnc{_6jnI*E`MbTzPOiegk9YOeG+iUh^$L9O z8fax0lQEiZ45_Kkd%R9=wOs>sJHs+@{v(gs-`eUzE`3JcHy!D}=CTNhJZIHrlgV5h z&aKUN7sl0A6OE~(Yi_+I83>S)EK@+?V*R0V;&hx zM4{)2K9Ecal`w4BOcWu@q_jwDT0=0-X&F?A->JT)~9{nv>?A@D#UqbjyaC}>} z)Y++9YSIu)(+^KAgiom_Ct0s$MtThceO6`6pIzimvJzkQ ziR?IwkrZ~`Lmly*5#AKGqNyJj%!tBWwZtoNs@DeUgO10`=bC(D5sNAo$LO};<2Qa8 zsL2Ou_sPmYM!{cJRK_E~yaXTj5UN=Xdy!U2V?XESkX@`4^nm-bKf)=!s`O@-PJu8XY^84xzGF!TJIny4Qtg(Xr;7>3o(Oxf@WjH{L<1Lqo=b1DesrLn5HolD z^$g&_0hHc7RoCdnscdwAtH+Ha`F#zbMQH4ZDU&?$X@=qYTvr1Kh&@0nqHo`YuU8!J zbP&o+&U3;mt(SLpJ4GIA@Nh+-=`+GaqHa&LW`+|@Gw&%6S!T*zto^lotC0aXLp?Ji zhW#7dPsUJ61RswyKxwEuC??RQ4c$;0Vb{Z~Mz`=T(TANGgFUfpPJP?5L}MckW*}tG zrPc3-u!$QmFt@^P_qZ|r_|;ShU;->Od558;#jp7C@+3CrT}$TWINgORlWZZG={Dz(eXZONSxi~)VW&|wc1UW1{P zXlKc4Fux=P<7WWX=NZtI7cpojBwLgTi3HW(rf@Q#)wUY3wj=SM`srMa5w|^kE8gPS z$_=&9#$Q|N0XG(S0L`a0TJgAlMFhY$od`5PROgqHH!$Q1l0i(Qd;rqxt?Ef({C1-+ zpCVN|Pn}pG9y(|tltYFKg655tZI+we3?-0v*h$I`d)u?~vf#~^P??*jrq2FSkq|m< za%=g1vHsz%(Vl=gFi6u?m8@(m(*JG_X+2P^aA>#ZUY zg|4JB|EEJ)G!A#mV(h_&qAL=vL_Pm=j(IhM&p*}Ij<)j-P~(`Buag4uj;$%^Jv2O+ zv7q>jq)}R-Ms`M(%Wu^o#WOxa6Mw!w`7dp`^r&uIGQZ*DV}@gnsr!i9{oW z-p6tpTvGxmS%DDMxvHMoc}B_N3!bn$DH23N^D@Jok=i*2!n|R>7-9kxMUMEG0aX`UnS4WVlv zr+AepiNa8A0hDmjoYgeU#>}a{!$dKN_8Y&#-(E1 z?E$EZo3RB!P)thEyucdW+T?r8`ig6@HYq7Z{ z(z|r==<`YH_Qwpxo?HAiP}_m zWFSpR4%M;V&I7G|2lleCb&4|b`h-!LG1!^X+E~3Lu^xS+oXY$nnZNp31T_JGPVBNE$ zm)E_W$r(k^9`%&amX*aT^n`c0p%Rs--zWR18gCY?(|u8*nM~vw(Ziuq`bolX zIXmd_(6tz4WDO^mO6FsROOUA#*GZNf*Rq2cq!JMg3-m)?<&XE5JN?{3n9+aVN~ew% zlWOE?D#iV}LWz8x7z6ZxAfJPCW2Oy}efRX2F>o6LSSGRtVYE?UT6tBp5=QQFXN+$L2^Afp^n6Ei8Rmdj^%LPTMj? z8Y)NwxZ58Y?GaXaSqA)mXSugxYn8$E?wbMPU|6QAf2^_@ICEY#8OnwSB8CV=9`od4 zkBAY3ts9~jRiwnEZ{|3f2umAT2>MGC4ASZ;5FC@FJ}=PYOR56s9Q8>7+aE64i2E7D zpP-lt;y~qo^QxANq$onla6WA6BKWEdF%Yh=;phjoaW&rhN@$|SoPeacUF`1eC!ipd zzV>xac3)dWfu8<5&L@0(JJF92>CSf%d_{?kotJ?Q!uk&=$1E9hYpq&3igIW|3EU|KBIHIVJ!X!tMc|Y8Q-`sksx>qnxSj z&jR?p{P;QE9Vu=Dvo+J8{Gr}!cCcO@;9Ar|$ja|RnUh(-l^E8q{qLvTw%#hoi+?hq zM-v76XuH-gxWsyHNVT{O47AB3RKe$L1zbgeAUzHU)V3mLuz&j@R1ijmcju!6m+)Ca zf$9Rb%81Wl=3yywZrmKnJ}2j%f0_FGmpX#hRjAnYS~HLs85SXzFVd`C@ReF<5A2HX zna@4jPg~G}6_&P{ohD`21S#5m39J9Wb=`e*O)JL%H{E#Qmzbu{k+;O5xmqdwR+$!@@_8Pyq`rnGCr zT7L1QEB4a~dc33lu&)93Au34nPFl71PEIqYepFlRA5P$=AK5ySu*UBF!Cx?Qd+ z?{haywLjix{rulCGkalfC+S;Gy5J8NWB_-YlQOOI%%2Y`-iQVC!Y$(<%tyk-+e|f_|aU@vI!PE9;e=y6ns1~G9 zppo2%$Hf7q@}Rn!XGSldkdDe7o{#_h^u({7*+1fKY8Ol9-D>;}6hUhmmXTzf^w*K< zCt8V)>3^x8H@bC%Ak53PtE_^N6OA z2igeQ$Gt`_vr1bMNxjl>FZB!A%lJ-KVA1GTv?o-N3$TFsf? zXBry+@*{_h+qt55@8&Y|Z%Nx_oy`jzNDq#FY~!`DqL&NpvAHQ>ZyYrA`xzWZ&*TN* z+*l>-iL`}2+7lh;!3%tJaW}ySJ7x`;J1KW={dT3T-i|z8z zgY#?qpr|g)#+6@IidVCp_O66$Wp-&YR9Y|R<{-7L0634pw;*k$6oY!a#nH}^8OSAV z(=4I|htSCl;OPv&M*@zY=xeEyqdX`*gyEz#WEM}R1M>co`q+z$aXeoCxJ<7j6ye}C zshz59ZeF-e;tK!-K8hIj-qO=Zl^6N>OqO3C>g*hQ)2?%JaySWSy#ZQJQ7I=D8lM;V z5Wc(IPD>Ywn6w+Dtw43T8FB$iX~z&J2vAReFP0kdH@EW`*L3p6>}kHbAiAP}PJ zluobZ$(E$#MApjzicgP4+f^{ZLZpOqL_*0ozxRzy7R#rD=X4&=NQ=oCDBi9;Hw`33 zsT2PF(v1jQQ4{G+J21i?=xwBA8H7qmZcL8Im76n<_6`nS^WQ1+CwKaOWz%mClOFxh zql+&v6APDH{~!ae3!quX75M2MUdApQSFTQ}u8>(&>loy6sk#_0ziq#qW78Jfq9#2O zy<45fV2pvhXW)63*3gifn`_;jrX=o!7dEVVRH4Yts-N7eYamq~sbm18YJ1yw(szjKXkzIvhuuhwt~eZDuLux}+k zyMZA(N41Go3SWNJPafiOuHAzhqV2UFEHW_{lMhxD4oZ?hFu`ZaHT!D?Dliyqd83mD zT~I>2U~FnCdYFMZI)s(KHS(&8b^m8A3d=Fd#v<^2ZktOM=cJvJd`UW~$|=$VYlfoa zACqd-R=_uR>Ig4pIFVq7HShrCQ-31HvoYa5r`1oMQWc%9n64&#&8=rkX>WPtjO2HQ zx@@CkSozhP_cq2-W!F{Awj)n)gCw?m>{y6(T;#}MMy%@N}RZ~X`XCAb)+V(k2= z&mxl_WjR}n(z-I!)i$;_GFGvRGAO!(s$9TYj}9P>`D?d2Tr$w;C-Un>;Vr`z?okCc zJ9W?NJGxpCz)@PR=t795`vpP@+5qz6G*>!xyd!v^Ahf?(!E!0ti zNKQ85!KXs@8uS>96FtAZJ(nXEyuF!|of0YOgfDmZTS*){BO5J>os+)8p-uU3z%(2{;r5!tJf}OQM^z5I3Ot>_?si$D_@!?ARUdjOTMg zGc1;<&rpbEcH8*Lo%y}>Q792(vpYJj$k=@x<)XmF$@x4^eA|KhM9!ki!65xT`26Mp z(WmQr#k&>7GQKX}pw~x~%nzMbHD^A3RqKpEBD*j;Q1A98<ZaRONp_^{VxWkT&r9Keo>Gf06ZcVb#&wI#Dn|0|$h zg!0fo9mGlp(|h<;D~(2(X7%K1Q-#U}Lo_8u&O>)D9N~PQ<+)_IlgoI=D|N~lGh$cZ zI+8^i^U6QQZ?47Lwc%pQNV{Y4-@f!S7&7Zy|8p%e7f}W|EnR{(c+s_`1YuBpld-zG za;cUi4H>O#7Z7=|80&j>l)axFoB2vOWoNF(zj~q7r}TzFJp8nP$}qlnpci>r-%e}y z3%cyACI!)7eYlQ5s@2E(nVqG|~muqs*vHjtahleNj{Naa$Mr3!0j0D8}V}_8! z(-En=eS_w^EDR=|0UQRa>?ofN`H(({j|D?ZgCiTRdPnFy+jfMHX+hKMNsfMU|2|i> zSGQE7``%PX-quLq;~BeG(|e&w)9IJUwW^Cmo82UZv9_=vO87nPTNyOs*dPoh22`B4 z=FbUdrd>rO8XXu)&EQmXC8KD^vPW~iA`8vzVz|~$iZwrs*G!r{3K+`Pswj>lW?RCS zqplzzVfz`LrO%AZM>AE3)Dxw)%#MueVX?hb-K)e>CYjgNic(jNBi~~D_dym9w-+Q7 zxwmpKz3NYs#m7M9DhM$&F&*gfzTedc`iuC!(8&`a9N<^w6Ul5!BG)u$ntXZe4RjkT z|H6Y3R?C%q!?N(~Qx(c4UOb+UYlLNqdxjRMrs%y32Gu(*(818pr>+hG6^^au*pOD<5~TBn(&p&hTGrCBm|q;f4Lf#+Y-_42AY9(J$S}WCTJ(QmKE>xzzyu3USuL2m@&kVe0FdD4oz&G@d zHaBjl>$IY{&Nm!+Eyg~Y+YbH*i|NN)o)E++UwE-;3~OtAI0?D2Q>WIJhNf`v;EYV% z5ZB5}p8F8`d-IRBzwgs_f2o(;Yif8GngSF0Q=c^Jf7Z=-!Xu&Z?*;zfWu>XWFi^N! zsYYK-OhR8Roh-|(Enuf=?UkC}w!_0hgkNPZ%#+|TglH+#`63Yq^Y*2^qB1CyB|UUr zE5RL4D^v#jJHM{5(oEAt1X~Peijw7WP?@K8f%W@Z*T^ccMetONJk@s!S73I2|@_O+oGM;)5`v<LJ{ItIw2^ktk_oB97YeB0pun=j?y9=;kAN;vnBcOEl{cNNABP8MGC^GkY{c?pyU5oY(6Pv6R=w62Cy z|8bu-(f3&X;8ub!ru`q&y&nscsrZBB2IUCVOzNH$B8x*Y zTALaTGjB39zx99D5LnKfRUGq~naeSm>*;y?Z%S)VJu(maY=b5dZyC*_P-+(MLjRBl z1hC!jL*%Ny_V2rvR*OkiP_cghku=Gg>GUQ~r>qO5_XKJ+Fjkc$hD#T4y;|wG+~zjO zX?D|3#CjJupp!zbSGT2etkFC65h19OL{uY08#vY=f+ReZ#(|;j06>0%b?2Xu;3f#DWLbA5sTAywo#o@vp;g8xy-cH2Ta5F zGm4x?iD${J4`ZDu&A_`%3DHuFBgB=3-aBpgxd3!yh(^rD%;TNbXt!*Bz3NEttvUOU zeu^{Sm}}`X;SY4JiUn%^sDPt#$Z?i9!MBt=#%%O@+_d2)u~&`}fB2!#(YXKWR@KHv@5`tu>2FZWnK;QNbbAaTNW$C24$Y9 zD>Y~?Ko=EN)m0Cr&*Zfot?)+;sl}m`t{$QP1SzucFoWh zCBvn~$dV)+?^veMFLCsBW-Bvb6)Dpz6SC1NnT=f15DLn)~%zPc_%p*B6o50VTqCrrGm| zx69(ZkOCGFQsS7V`!M47v1j` z>z0fad-nURT~n5Iu93H2E8IFbMNyJNjBWJL)_970i|^r^2oIdW4`_nKd>Cm5F{j7+ z1Q(%2d2%c9cn%grV^gEg2Y#>Uuwr`dL2{2He0~0ez_ny%N!RUOQ56w7mhtClU0$cz zK$Kk-6kW3Ato^sdmzA$%!L|iy`aEr}F^Y%I8q6K`HNGC9Ayol;Q)N4h>PNr%q)3iK zx!&jz3JiyzTFMnNaI#nb@m*&fAsI;FCLlNSbM7BAeD}lgwp<57l!zh@-YYk0e&69` zXJ^O3sDkpx&h#vuNj&0g!=D+NdbW}Y^i`MV5+R-Rvu|f9%gIJiy>$a^k$#)k^Pihv zB_$x5UJT#_u^MDA6O5=#y08mJ&jS_j_luxXCjPmr09Q7N8gB+;mrq6pRlk^%Y6@!% z0uz&Blqh|)-P)unRrT}jTn6p!z~jTuJ~m9lW1qm@qE%i$>Q?yZDj3YrdwXtWd9tJ_ zVZx_d58Xj@MuU9){?GmEmK-En<4@qf;RmDWaRo3P2&%f+&d%q! z&G)ARN|V#@4ayAjw!FhIi7!O57qH>6%kk_-fdh@>yCi*6!&~>;Nc)z(^5*wxCwVlR z6y@Sg7W(@7v!K~urlK5F?Xew^Ofs56O>2@P=e^%L$hwu!%x+!Fwj|87k0J@i4-tjE4^!(JPIH%reu4Px z{@%IC&opTvZjBc`rjZFfd6yv+g)x=Dewe7OuI$4cvC#90KmOfAI2upFkF6lrXnfSz{t7mp!=L?cRC9_m98ZDsxIi zMRDn349D;<6pCbPLd`GDljs6#Km9$4BpT2zv0zywC}}w@b|;-Ne#GeQ{D;!POuf#> z$@MJ-c~#J^6(#9gEf)$xu#g@Dm8^M;#Od2zaq7;U{3SdrsUG?dw(Od?FM+bHAD^2e zLO_E#m_lrSze>?~*tFMAbr{i0woLLj7X4`HqTG|LUFC?^;~ogKt9HON=bS91Z@2Sz z2yD9PAK>(~fIQtyXd?7?FE@^N%_iDuJN zsGH%SvyxGa$OqvGdz<-8`Qw!Nio`=59ARq5qjJy$lbt_L&Ds;mj>}rOYVcgs?5>h9 zmBS=Tl$XZ9l)jt+_02}`de!eR6fIRnS;vg3012c)9oOLH)URki&<7tW# zbax#z3khj-et+K_cy-i|S&(3r-1ve&B5JP<=#`JV=pT8W5cr+v)7M6-62%@dYl6_W z6Kf}WV}rrY-p7q?$H&Q!JoWkP{R4%^ZnzTjzD@=e;Oz9>q!SvEm?=sYPMi-tjVfJ@ zDlA%u+1nhG7OL>ujBl_ZCJh zIi)o(wBhxt?t$xKu5!x?-2MR5BpL5qUPBzY7Lu2X)H{+JVV?booZX1DIiMl|>3J9F}Wx8J!f3(g6Pp)bCyuu~03EnvU7TSndm z#$e=m+!`A zFtRsfWTCbHC^E!HlcYuU71~}N{9xRF_;5EPhkt2n@HK_3Q);4+-r~cy%5~A)Cwv(bRBU8?e~G0juhrbx9lB<#%1+$O^tJs#^A2UqLJ?iRp42zX`Z7!*KEU{;x&6F=yMSTmQx8+~$JYmn zJm{U*uqL~TR-q@goxwKWxdTojtZ1KSBk#AA8ag+I90Odh|FTNOMK4!c$fZB!OLB#c zyqp{y@dqBcADaR6A;XT14Ng(ikK0M2a(oqrBTNzGvMNae>(5>dsJKz`xkXPoVe(^rkYc&wo#U;YkxDoH zk*TOZ7`zVdlu!9Pd;fUVE-fj&j^fsk8cPY?)eTCk=HQ&Xq zA?nbTb4~+q5Vb-p0u3q_h};Jr!ti6jxI@A7wPLD;(yW-@r%xq53D#Rm!$N0&>F04S z1H2^86G|C)l}m3DD;Nu9A6261o&tguOb&2QbB?paQl#45nemsd8e_0}Nq+(iC z0oBY1EtA+Qoq1n%wfW6-JA2<~ZUz!EI@*f^LtghvL+q<`@`IT9lAjET`uflosw1PYLxhZJdyQrt+Wx84Ut4J4dFfY0+`zWu={ z{VAr4iYJ^R1D8c)$aX6`Fo17@eBfv08$3FUNQ=rGZoXcNoK$;8ITazA6&>Wi(h}Ff ze`{?I&3m{oL%Ki3WDLQN6bl;TVz>j6uEP)KL|j``b7zB@W-85fw)*9L1$D`8^BufonEQ z9vGz!rsj{HuU^QUz!~+tUv5eDE`w8F%^UZKVnH@UNj~Zfp1=Rh?7CEcP6l%E^z?Ko zP3Zo1_t9g4{Hj2n>B{kgM>%Dh9nPcafE0pD$W;pPM413{~12p_Bz|ox-X& zccIju-$D^)$P2SBv-@tdpTyJN?LS)9S{?ybFbn*=6nly#|I=r0d%hM1{Wv3vW8`?? ztp-_=B%;CcH~*KBQ&$uyK9)EtdgY4@JXss$s`PzW+}TSf0@1h4`_O?u^UIHy617e} zlr}#RY0{k2>_4K6S*s!M(1?FYqPn$CHHiGud(U#=`m;LaPC|l<6@gh71?x@k>n}{4 zEVIL0V1b(UC2>tYTt^PegWBucF3NWNnUOg~464`xZ#?BcC)GY{1}3KPORzFWo-6fThgN-Iik>G{|VGDFjvDi?`c=H6U=Yu`?V0x;2fXa^2Td_R~6y1%mrz7fIxX!nB-JCY+}ODK%&nbDs=*Zr5Q^?0GJ zyn^@9sRvdgkE>9SKYTh}`>)2w4n{1CYX)Wsgn$c3P%PAfD%|aNCp7}42Nd~85mAC8 zFXznCH3f7H@m)C+l%1(;8-5xkwVhe43sePPCD75v*gP;NsY^O5s4sI=&nNs|EOuIpv>+DWAB z?DL+(!$T>SEPv^QD%k;uq4%_2U=;zT>0%Mi1LSqvYd3xQmPM zES$}jw))3qw+m-2_FFmix*-%h6Co7Df}+rK>Z{>>^CCBj02$a9IpY&+WrgO1EEY*!^?G0-^*lGK}Mu)=~M20+kS@^N~^Mk6)t?i2$;Ge zJ&XY@FOCxoN>h{Dw6;MF#+7JKv@3nSMH%MW$*wN5=!I$~A-oP{r?}|*s&{Mu*C3M{ zbynn9G&F}Vle8wUl%`BTH2RUVyy2x)_B*Vb7z`#&aAyUS z)vp1hLgvM)%<@$9M(l}~43S$XZeuiqf^b)v!!c;)Ys}mYsp>-|79pB>kt$AGF!PY1 z-12#$FfG|vJqbvMAH?Bv<3{q&kh9V*#~{7Lqz%Z63C;*6f9~L0l2rN&6}LZqLhG;A zikTnzh5MHaw2F+MZ!i~>UUl1lOx%=LKU@$ey}Xidbukx_qe@=x>mS$@@e;Qzz}(_B z#0Sx4Uo-)M?=5Xn)inb7udYg%0;h4tjw{X@dJ^072qKFmAm1 z((%gO2YV1@eCj;NS?51bp}^DN;g6-;k(_O;mf|ZExbz|u&ZJyMqr}5T^Uu|#e+zP@ zNz(-NT-9)n(7onY6uVy9)#&NoQD|wor6(cBNiFk@-HM*+QE9XBtTEoI$zPJ-_A070-sS5a;pqK0Ji&y|euX(z8!8<_B7r%u9rlsuRz>{Lz;h;Qq%|T6*!*Qc7Au`6RQ0eVzgjn%z0U6r< z*cTXl{CE|_I<&KAmlVC69zddXK9lalji)i%Ad zmuP%dYAjHypLh1+Pkd&i3!&jGdDd=>q%`4Y|6kk^EsfGNd0-pT_k$RHXVoG*xW`FKBqyr&QqoO`qn z6U3WU+#IQzV@@%SM}yB`8Kz}ZPH^_-ZF&-?`k-;mC=4@<7whgpO=oGux4*m8`+6IR zR5ZUTHCiIx%-K^gR9@bWfGJP$<8>4G5`-QP-1+{YhwR4$+lKIZ`5G)sM7Ct2d})wk z*{LHDaqGtygQuDF7=qREh_j{>+L-1wwpA_KmQj#v~&i!q5&;)L7sI^as_cr z?uFlxE>|;faJMKvkFio^ZKkrvu2VYN62*~B;2?|aeaQvktQ1X|o1`3PsCjv_<4^Ax z{9h{F{}q|u=EUK+{dGw;Ip|W1{j@bpibvxro-TImy>4+Y{}PCkFxCtEEj zl;R4ie2O#q20TS@p)azgPcqwR5~$U`XWy^0!eIi5G-nj6u8dY*_|cY6$V*W77I|Lh zz!Ekv7~k0Tq-Wycb$KzP>H>w9I*qSaorMsu2scX9!_%|q3iP1;`y@mPn*zo@htrY2 zKVuNJZ{OGoaMO&zA1O>=)*%TvVYrVn1A-wDl(88)B~xcbiTEwCllvwV2CN}RE;!BVCYk{ufelhuor zKJGx@2{0L4j}Q5YbKjjSPKHMbyIC1zjV+#mmV%A6@Sk6?`;P>ObUU}jMkO&oe+aA_ z4u|UX&1~pJ#Rz_u5{{O8ozQAkipfgzB$FD|9{8gr3ANElND=+V`M^8J9mDXP&tFiB zv&Ib&|0OpIq4ND0ifDR)fBeblend1U1>*L`_$SdtKmXdFLhr00Wxc|~HR;Cr#F@SC zrTgJN8{N*xXZe1TGrl5#2(fgW(R9*K}^%oVQEUtXR=BghItfzQgBzc z{&JO`a>WX;`prV>*+KoX)S@?{?rpi6T z3cT8E!E>)$hhLc2*^PKrVxBWo>PEv4Zm@_kPD!D&G4DCZ96fGUJL z{8o55$!-!hu-2H%9c>dflm>&di%O%xuaCZSEzeBeJXSpJR>VJ$C3EqWgNHYUyBsbU z%^5yC%*<8)w+jE?tm3CPK@8>HaM5T~R3%SlJOpO%s~GlWZqZuF%<95d$!elv=pSsQ z`$U{0zr9RmGMXS>@-@_V8D1u>Zd;(`FNouVB>5%@(cBM^*Z)jBPom?WysLUjYn9sb zspcQ?WmP0YNI85&qo((cfr_&o=l!25bs72?9##}t7{b(XV&wc&dXmJ8=vdy?;b)` zlH{BmsD*=>3;N0>iWvJBqL0S`e%>VJf|=DOL{iBa~ih1S7RDQlPaZ3dT3 z@4fp1M027MtW@9i5^Vsn)>}o;cj&>D*5${rirAKz^I~;Z5Ht(?b)&wk`pI;%bVK|} zbcb93J!XOKn`!@lQV*=|30!peO@W+$Qj(UX0GOF_^tHh>-Rp2vtHctPknNAC4*C84 zULEtVchsV9vX`f+1Ca7&GmVZsPd@8Y#fCy6O4T|)lPGCTGgdEv2-iukn&DK-B=$+} zT89})LT-wD-{Y;m2GtmU2Cj1iqvi{KG3}Fpmde*tb3S`|w;5Xc70(5I(Jc>ulWSnR zehM1zZAA;|fYLu6hk4&3+KTm~BVe>lJPsIhd7tYA^b%)6Ow;nZd$OPM5&54_B$cfu zQH%X)A_GrFr+rs~bMBlNc#G0VcsM84QiG=8Ms$(SvgmeHlQ=Nf^30*Xbm!jVj5cVN z#Lb_S>O)7b05bnv>l&U7v<&%eBBw6~RHW2vO@Bx*4setKzeOqndJXu*K-%49Y}^$s zr~Ra{iVW1Q0mq$Km)HDR?OSE3WO*OQTwdV$?XF3a{^9q*&M!UkV=hdS>7+=Gs}`|>|#tL7yg z)_rFPmbNuIl!%b)1n9f!i=D$k*QP+*9VA1_od`9h%0i4B7Mmj(n+IcNjbBHj&ZlI- zRJDL6#%#aX zB=|1IcTpqoc09bWzqK-5M&PiFHQUd{rQFpXU%pE#8xLMEYsQfd6A>rE){QFt+03Pl zZBTMPlV?BB8^d1Ed;^jorZ zWw41^3@A+aQaXocM`LaGwfFSO03zHFqLc4Qwn24jnHT)g+kSma{*EHb;xOX~2g;e8 zPj`^o(khT@+RB%3qKh`JfkM5jtoq@P_WT_u1lLfm?~6xwPjo}W&c^;6nWyFqkw4GU zpRNq<-AGi2vQ;Bb8e9S?e!|;d2tx~_=2Ah-Yyz9tWyi7Xiw9oQoH$}7I>Li1)oN+@ zt$Z;<#>H`y-iL_R=XbsM>MI5XQ3@lCon%?@Pr&s{K6b_G!Two;wiugdVNq*Md*!On zLe8Aq)Cq!>f8mYuTPP*{he*_6&luDhprE!9t(6}y)bg}K)R-h>bl8AaKLS)%AqzSu z*%S`5%YOl$kEp6yCuz0FLE92*Vzxcd|I5W6MHQyVQj5!Q)y9j$$i+qgHs24{CIWD^b`CqG&voj>V*~`&7VjpVr**m z3I29#$s-CGGoJ+4QaeOm>`h}mI+bcezAcZpUM*#)6cUM?6ma{q`)%@P|K9PA6e6!z zH5Ve5QPg_mOp^L>)XNWN%z$mW%oW!i7pLMln7Z{(=fSyy5nB~@&wL5!@RwW9%x9`R z?{OVy!ZOXM(Pus}*V{Qu75I~e)N%Hic0XjaE7AK4Jc&&bGf}8T4pje zR_VjMm1aezK4qzSsD=BKK9+vLMzkC_gI|i-j+9ZT1E)=W9hx+@26HijfXM=G7IV6- z3R6~#(Pw2}Rg;spgBx|2C{a+PSC!>ub+!vh91IJ=qVEjHKL~CD;jLRD&4;)cKk%4I ziM~2jF6~?MF^o}?X?eqO9of@+w)DI#)}P;+DisLTTyh_P3kpGDGiGR2w)YTuS{frm)`*>U)Uz9X7G_F$uZ&GRqbd~MLl{#c76@Me!^1Gt0)RZ62@Hg4Ho*5H0NS=ND<_M?4!XYP+NU_I$JF5N(!oxr)7~ zSD$wy3{5TdYIvL8_R6Efez5)>%R4cb61MDeipkFm%@?#`r?x8(e3%Z*`qInx`=+kG zwQSAhJwnLMf1a1=!we=>EUi%j}OJ!H>t8zfVj-m*lKSBoBc*&j`}j+%20eR0O6pdZiD4j zAd5g;7~a!)|KMU7VC8Gm8}>ybT=}~UxUzfB)#R1kGBJgh{an3z#h0`)Ly!LHMnoUO zPpxEeTTJ<+lOMxnt++U-R8!>W;)piSfgY^V^WGpK`Su60(%=VIUcKZ5wNG!{Jg!=f z(3x$FX_;bD5(ZO(V1}a5NM-?-12A};{(c2(HQDI1vJW}x%;dJ@b`nhga6GZ-O}Qpj z;uPDn%+zPl_---7dZTJzgmJ+dO~Qcb8{nl=HCoa)l2O+ zZIwIV#bk{=7doP#sF$#bzt9>np+Hi(2PgPg-DJant`=6!teX6@TQ+GfXdqkRrcA*w zlGX!IM7y(#8R=|Y%Y zOc#xuQlnxr+80vSf!VcF8#7?t=ZIybUZuG=8WQvS1LuK-PxW>`64f~Z zge-ka?}(d8PCZ>yh*I|>QkbllP$x7$LvKeCQfk#$qvt&7%Y5eG=tz$e(`2^3q&j0SxMK0RDOZoA@ zG0>Okt>t=z))Hw5@Qsx+WsLpeO-el-iK4h})fhUCc<1Od4m(;0Y){SufAHF~SX`p<0v{00DvGDG(xV09+O~<}<>WI8_%*QmY;x@E%Da-`ybCk z%)~}Mv?H&a5K+Q~iAOiWI&(^Gb@r@0LjaQklmOYWlIPmVKK3uZ`@Php!t#=&YUNXm z?ZiS zUzOssHe{5R!|G3{WIuabJpyhss?W^_by@^BHzR=%@bSMu$hVBoO}1cZ6>T7RV5V_O zZ1biOGlu4^dKwu3E;P;1O7g4yv?ey9fAQtxhte=&m%S3}*n@A=JGTm0Bk4T9HgvU6 z$ON3QI|q|s37I2IlP_KzW|inylz&VHKQU}{v6>_AbxbBAqowiehn@l^XL_8kFSS1~ zI=>t+0yIZ4W(aElfO(>Qe6AKf&8~+%+Y;Jraw)`iz*NBphF5ax|D~J$inh%}Y5jKkbL${CMfO?u_4xX9C#_DqP)V=wZWo)OsO$@v>XIBL?t(QJ38UskHDL*(B; zUVrzP@e%w>=fk=2yO;V~j^Jjiy#*pP=$C#nvOujKXzm6gV3ifo&y9y%pF$IDo}X*1 zUwTCa9n%;@)6#j1eu$+Q;omMxoR+U2j{5d)JAM1-KU2%uCdl+`O>{l5K-7fX>1>wh8&kpS%2RjUK&lyek51@o>$hD~Gxga1P4$sHN>90+Bxp;>(%zgu_D zki8ttceXjCnx-~G&fG{G_PJ_#p9j|C(4VQR9a=D>-@4=){V%zpeFYZiB zI*Epp((p-2*0@OQGV<|i8mvMO2;@p*wItsar}zy(r7%z+;9!^dv|m!u)|6L;BPOwx z={nX1F1i7%9vL)BH)3m*tPOZre^t3#6TjeBv_Ia)ne*XN-B9t7tBjl&_0LYac+=pr z3ZMzA;bd!G$6)NLn12=+tuR@Nr`ZA#$eVlO&e8c6DF;SKl*<^0CZyESv2VQZTS|cF zP107biBjijNM20Hu#~IJgZWxl{z~usOc>JyP!oe=P3V3fDpu*3qDSn|lg|QQl5o~7 z?;aoS#_Rs2u~x7)0ffnp^OyUESe7B{QfkH2w8f@>I2qI0fK zsE|<%?EH2T;)w&l$W^e9D$5smYzm^b+H$tKk(cLlroq`s)9?8!@DVIR zGaOnGk6KNqvf|E6$rj=7V((GoQnC2}4yg}+nBINBk~$8K4T*|-vaP%wzx^IY3Vs$5 z=%k)+Hx}zS%Py7Xt%)hdFZ=lg$q~?%xV2J5RKU4Pb{>=_hOgG&ZJ@29NCqjIfQ< z*~B@is|D9yso#vtFFDz5-Z6g1YrH=0B4C~U(ekrJw9^{HfnVy(d%AhaeSMqo*X#If zMi`3f=q>+&s|%~&5R-0yqEbXE(Rnkmw_?07 zai7#BqgTh#Ox)f7IV}5*%#%k!Jgl7P2T$PReRx<;Ri~&E9*#uUjx1yY4%NG1i1#+1mV36KGNYC52ft0!pcx#(`u7th??<Suls!g63YDNz2;8CR}1@G6*XpGN>jMaAcu$rZot-1 z9|Ok!{gVJ~#KoHQ@Fa?2B4Qi~qQ5iXn*!mE1ZJB3RRh-~5(KSL9XY{J{3j(3X+#IOcIXCf*goi!HGgv(F7{wA`eF-u|=p;lWxLu

G z1SwVH8o`~b1cu79{E$~J2t&4%uYL1=Kr8=A1EuwJ-vIyiO5^fdTQKi=zla;-uVk1C zUx*p0`)c_wv(rW*qv7K(Qkn;?kq>=;yZy;pq3H;mi8nTKJ!7#6Tx_3eLZh#H1Mhp4 z_43dYm=mO*?=uLy$nc#hmgh-toPJ1EzII}*yqK()6ajg#La`Z+7&ditJF9GxTw&~S5X_kr~f{Y8)+9w zJ@1DPRz~sI$}_r}l2t<>&cvOYQ9LD}tsGNtu7tJZoheTER%IEnPSpL&w;Am&KFmHZ z#dut*<3nlF+HhpLLRFlE0%4Z>EefqsD2S%YKH`<6)ClZz9KW2KqQG_X;QFV$DhdW^ z`Y>YA=r(`Ka_xp?>x0PnOUOhcFX7I)@&&#UA{!ct{vrlXslV;vE)aQCLYHBuG*$c0%+mJ)vK1dl z;>Y6kW%6zVjXQM&3vjl&NyvH$Wa5Hz`-U;2k%Kl;Bvia18tIitAjrWObmFhHR8Hkleg-UdvNJ^tD-Gpa<|1 z0Nz5@#e|@fPt>RMi+nb3H@w!Jrk=s=a75&$l7ue$-@gnork$O+uu{kfIcFpAa#2m>;baP20|y#ME=J7x_$W!1%M z12Jxh2BCZgE};cGR|P)jA!HjNUbLG?9uE+o|GCE1F)mBW*l3@HwZ`rvCRj z`g{g~##N7DMOc44k0dC3ZU?0MJ?n(O?QtJG1zOK%2XGv-m^$R>>M_#K*Uam>@sUuY z(cVa)p84L)F`FEq@n|vK)0Jj}7Y+2$Fbo|4s&*e>JIjoFtKPAQX2LE$C-O5sh=V{* z=DLz47aZ)|LQ4xgeiF2*&{1JUTwH09GiN3+qQ}60C2|>vpNc_pLdZDvnDUhcDd&22 z0}K78=Uo{jd`4mr#oga59$Q3n`KgjW7#VR`8u&yHovBBt`s^W_IcTRxl1M}r+Qn(4 z&h0m_Xl4_TOPH9LUAd5@R5F*qndWxk%(L)%{lyUjEc;n9RpkX2p8W-J13mRPyv-UC zqb^_5NwVjBj%?aB`E@q=OIkh1BNTGka2pfp>CdBlcB%1C~z>|VNS-H)Pv3|z)M+=Dy2YMsfixUM=amluc0S1_%dt>i)~S^N7t3%yrss?A=z8@Y!uW94*7w)*q=T5orDkop)G81{}3ie*AnflGuB>ovg^f zlLZi$?V#T1O2Ev{#El~(r!dGnaZ&lnLm09#Aq)TgVh{8ah~SBk4|AvRZE zp>k=Nde+vHF30G1wXb~@8saMyrtoa5*Cx7rl#cu)S6{EptbQ10$W>_KJkfMG!F2rd zf!hD(P5=g36gD17rHZR|94<1zy#ggaMSig0`xWzUl!8t@Y26A3W6VyOMU z2xI*Rh(I`DfJMlOanK*S6cw`vG!clG7 zC}o{5ieQ4~{??zm`=DlpqWJ$aX41inVOgqXK%?qq;-+%<>-Q?J+Ib8#{XP|+wJO&! zG18twMvv1m&&xkP z@9oi>=)K1WygwJb5w?*hwSXVz-#;r%MDd||mgyq8=dwoZAA_5HVb8nj!ewC)pvB`V z!H+p$;_T5(#=h%Kv~L9Lkno__xy4S6|BvWhn1X^CGj&ZmQhXd`H)n~N1bW9%Y8|+e z_E_l~ctE>Pq0hGHvIX+DxPzSTtgvUjNvqPW-z~BWC1h~Us?3&bspYlFle8>=2LHERE-~yf zsPsi@HUJ@IAk~9zVa}6m_!~~T(m8=Em=X!1%}g3_-?g=VOOml>RcB7r8E_A zfqljQ*@3T7p9^J?kc*UQM0^jAcQLr~_1KcRo(yTV*jkzcnA`raY-;S~Mueu9GjfI3 za2h*4gT6Yq^CNDb_5U0KHFDJR`h?`VuLHs!Jqq$ldr97%hrqlAysMt~)2+O0 zWqLl${-EiH6MCP2t|$V3=PGSpwoGrL8vmi2EDICkN_&Oyo!f6B=lAFD_1ApH zT-SA;$MHS3^H?q|qx*8b8NP=1yk{6(pJSYxa%NP6EXI;X*7o>~9$+WLRf~dxGCq7d zlG-@qmS^Zm)5P#}XUJB~e!k8g4(;z|+_`?tg{7MOTFu_Hz05)iSt$ib0xi36cS1HC>?PkXz#SIXa(ijZ2Y9Y$6oWm_I3K5Ti@s(?}F5I5P9 zn0{Itgp;1RnSj>kIqe1{`VMfu@ZLXb)~@V-F)wBvXurKhNM@H|^CB6m{3V5dNtY_- zw6#KnasGJnVXtn;LCf*O%&f{Ef*nWtwq?0y>1)5nJ!==4LpIA2;%kOabqmx4y{nrl z6i{t~8+E~h6&h^HvIRTiHmqC<{Vf4EWOqgd@V=A;r)is)1yGxyAYCht;<#f)Orvtn zn!%UXfVOBm0cPu*kgqp87vqvmPtTcPP!!*8LR8#4us|urP;4~{+f-Mp=#o+XeG6lT z_?R^tX9K@^n{vL2zR0ej_)4eWFUYU3xW(OY6IUp)dNU;W%BIHpv}8>Es+z9T1Rd{; zau0lP`F&~KLQ499XnI9~R$kL7@h>SCUaNU{1qTrK@uh;r5e&on6tzeIX7ru9t-ZW5 z=@)%?f3&{eky)JkX%m|g{Z%}DCf`~A_ir`6>WLWHC6l*E9WnK5j$MlI?)XsW>MI*L zsS6b-$5)93^QqJ2DVT}t6d+7%1L?S++pp|?jj#-;(a_oRWWIa;Q7dgRk=^lH`N$G3 z4ga8HE_CA6heU8h{ndjyy>>*TgucH4)~rz2nT1=ADnT@Qpf%L?9gJDF6ynOi*agcC%x zyN(K5|8yv{bSd*;rZ%AnS1Xu0C^scd{q|L9eqQF`iY4Rq6~R!kyP_XYc+Kb$ z`cb~<_dhtDCpy;FZfI3&>86Z5l5WcLTuGOnVYr7K$c!iz=Ob=YaAt5A-TQ>Q#rGel z?z;dPI7E<9uPqj~u zdFKPg9n3wKc{KWfMUDF6mc|v*k8e9eR-;Q(hXZC37IP(G`=zXg`A=P$;4Q9n3a2zu z0%vVRHpl{?e>j1h7wZ|V9iaRvUrwa4?9w>@@b+?MCJr@kOkyeyu}7WotzVpI5NbZ4 z1Flp{9SuP)X`E=@2$5Kc8h93bP;D@BqYzsTWj?~#mB$Kb!^m<~9`eJS;+-y&bhs*K8F_ZGD&dm&i}%NAGi`4! z-F!xJEdL_1Sx%5MOq?b(*Z2&huWv|g@{XR z7tc#Q%Ge!}q49~~Q8=#ivrkXC??ix2>rVO<7i81*305$G2V53Bj3l^U?`?ffE-`;D zmM*%9znFplP#YEkQ3XdZ^d2C!MA0?*YqSuDzmV%~UTef6=I2 zIDSi9aR&bp5ntL96JyfIsAnW7&Dr6u_f&9G{fP6I44_k?ITukb2?{DElqFug?=*&G zmCL?*!^4q{d#u^Lk0OE!64bQa+^cVuWq&mmW`m` zw>u%2cc#!`n7ugn!WHL^w{8q^V7nbQzHiC;b&D8s?)&gNu3B-)t5Xun9_KyQ7Y?IL z*e>q3-~uvWyP&FLgb;mjhY}T)Tws-IuvW3wb0hw&L!Ylgc9urbMEm*dnq=^DXLI`9 zcO%I5pw-GWS--XybpeCqaX0BnQ4NXFvvzW|Vj)`(%E{O%E7ystQG8t(#L$RhM4!R^T!z0xJXBAIKXXr!J6hOE7U!jNQ+<$4ww-M#a zJ3dig-a+P*^$-QufbV(jA}7fJu-G~^u+G2uo91k14d z2c3KyXY=3QL_n21m0t?MR#-GWrUaty?otHJPBZ0CcUjuH@8FQXuj`f6;cc@pLL9=- z=uFHY=ZaoU*v!TbZo4s?qb!=4@4TTLmr!G;@)OCB&jW#CU)|n{n@i}vi1gk=#!E(| z;B0Kr@W#vK&s(DJE>~5Gc;5VeY=5{u&-bzH8lo?G9$7Y#U5A?=AzP(HXcMHrrsg#- z+^3p73@EM&{mOa|hiI=;Jb-aYrqm4RP%5T#ZP_P*cFtYN-?h%?*a(-6`ir7`uMP$y z)Isp1U#C#SsMVk8O@#e+SPt6;UvMSO zL`2sA;l{hu-LlJ&)#`7Q#XT@^zNR|BnVA6ZGfBVi!uenYBOZ6uf6?1Lqk>1xWbdN-&491l~T zkm6kgBTiJj8+to$BBHW?A3W|*sBinsmDcFhh13KU6SfC=&$1~8y}(WG>x5_FRtx4c zt~huE1nXOtt&oR+4gw@IETO+!j|R`Eqh)bS3AhnWuX31^&^Erzod}fZHSJfa-}iOE zr0b)>*jNZqCep7DV6i`VRt@zF-Nw?WSXVb}&$qhcrf>9Gapy^^g7qJba1iD$oF`I6 z+}#G!1c{ZOpEiyU=Cw_(yZuhS)sL)(5~Wv-^} zY~1>0mR>iK*ltzpe}3J7f5_)9yYOH_(&cn|t2*nX6dJAvY#bg$R`dF03L$ueb^s{9zClu#=az7&YT2B)$}XMkZ*y=bDJLM^e+xRZ2|-?usv}y)6G( zRtsq_E|V!{gv=XWe0$I^%?MQ7yP(m2{QGz*8drO*%#7sLuL<=Sch>cTNnkL`mJRJv zlSSV9AM4W7eY13j7Kd?m0+qtRmJq_>g{scx`c@SX5-DwE0zKt4%&Tv)wtUmpgc+XZ zj}llrxOSAo|CgDzY_(mzY{a9 zqEV21Egqwy<5t0S*nA&^4MPa|i5GeBq?bFHK^~~gY(;7f*a>+Za0)RdJ*P?) zJ1$fco+_$3*(f2)>E)*XtmlK20D`)x5G#A{Q{0|Y97Tu6lsTO?EptKyD__<22$>o?oiN zo>jOq*qQIsG~HX$_ocAMOH6AZR~C}wnbT)4)(^fG3@=L5d|54dqZsHwC!s3qpNLz( z)fD-Tr_ej?2_5s9^e2{`fx7`7MLYq@WibJh>==(*v+GAo#!r)a1G-Z{$dn6*s;dJ&lDq!49p4_=iy#wj<3ZVnwiOH5;(L#haTL5KaHBdn6M0T7L#^ zcR6OKsh~0KT8~2-t4gg9#geL(D4DI#i#3#{qdv|RQfDb~u}BPCc06@NwNh|jR!1EA zqmzbK=Lzv=RC6yVh&(PM$O!prHC1v{iUILDN2n?wOHhhw4rm8Jz+^bS=U}n#`0MKn zf-_&gP^+5A>EtNOSka5@av68N_7(_W(11g}kE`Y{HPDL&RDx$qwncOUgWuD2Cc*7G z6YE?mS6QN($1bhzpxNZ>8a$;?5ANnxpZ6jM>_7u9?=HkRT7%3ekHo<0}z==OEVC@~1C?>}AuKAwxu{DkVXA83#G#p2y*R zjrhF^7>f^K^sk7QM(fOba1^ytD__ z)mMh5o_+aKaUEZfL$m7!`!V}9)gH>xqBN528ZSZ{U6*+4kY;J|i`7(|oXbe*pBGRs z>x~PUi^4?fz>%-sTwDTX?NBU&kLtm$2!B z6=BaGfGp=8Y+0+_8Yo!uL%cHzA3j^!X!yeuiw59>ej;>h4y`*EX{z$AFZUH@`_=HS z8v6%wde~Y(c>8@2u0#tK)iq!XnEf;xrvhxSi6R#)Y0gZC%!yDl@=DX`g&HUM z37CCULtJ;xjQJDMzzNFPCcK-thr2uD=BlShS|F62LZ=mB+*s84#i0+p4@`Y--#_}b zBUpItVUn|Chorq5PJL#eCQ$ex1_ccGJ#Ks$O&feI`m^Q{XUD{+^-ALY{Jml^5A)Wa z^Y#^^EU>RdfXTyWsc5D^F)`n1D>Q2a^mJ$@7?{7N$P&~CAUN%rzS1Xymv>L8d~6Q( zy`GF3k0k9B=)lg&=bU`o<0JKph{``8EX3a>itWFMLZRHeycjpv=2@<7PxJWh3$~t` zo!w7M8%bUu6OV37*9=g^uicDhaH(Y~0+sc=`lO$KNenTPzCI^v=_c1{o9a`hMPAjD z+xX%vD0Kh8z(wNNflu6uYBdnv=`SqX+uQbTXMqgYS0shI+l-GkZJCeNLkD^XxM8r5 zMC9-e4!JW}AYPImJc47r@S|M0zFm;uP5T&Do6?(_@6&wVZoi}#O3T~GZc2d5*rKya ze>xHHE#>I&h3#vVFFG+YUA0OQ7sC;)#~yQGc;;hBZE_2P$qdYGZEp8sgC>^J=MQ`= z^<+}3zECv7!w{(zY0scisAv@?3B-BK!nd4-iq^5P9G22AK6X>nZj30-4uRV#Sclve zecEo9g#(>WezCj?{OE%Hk77bOB34UFyLx)q`KIaX(OS|`J6y57!(k2fS=5gfr84D# z3fiZ~ZY4sT!V=diiCVMSub#-aKU5O&D`{Ty6)hWSlq8ETmhS>{Gm9q zIunJPzpooUe10c%!J4e3m9@GP8LT;21Ic4Qoy z59ZTd)=LOZdHmUe;dmg}*@dY+wlwxdXD99lVW{iFyF)9a8kw{sbo5vC!vNS25=CSR z1r(x)7nIy!gZ!WUuL=zxIwd-X4iWe(bbhel!|L?}n-J_ccu0=QKUy4E^v`BcjL^Sdp@Um{B72jm@0%G}<)% z0Xj&~x0eZ7#p~+4bGCdLL^y)A*^5Lvrbs#JmQSYoc86d+E+qZ|UJy|=zSFEYG0t3# zGnMhW&a1 zp>1gD19ll?YiZ5TC$_H2@RodHFOFi(+egK>2u+yDZqa{GF_BnVWoQM={scxIj)(Qn zH)tLXF`8oX^eEY92+B#Z(NOV*Ig&$rBBbJMZe!IlSZ^saXI{ zogodh)U$6v#gndX0XUYuzyf*K+6D~fl97;(p?xizxmaGk5?c%bc?n9plSq#J<=VhS zP&#~-!TskshF#oka94O-aYoj$RWiTZU5(p>1^Hg`GSBHF{#UOG>#BecfJEhwM3$wb zXgg5Ghr66W122M4k#NyGm1FJS5MH9=SNO)Pv-xXPLXc1`__~p*UEaYW2@popOl4*< zXhlt$v7Mg=Zh;wGasVkTM-*BgQ%`3!Yg19A;s%a*{%Qu$V+k4-3^JJ)9!TZI2zVM{ zBC-YhZSm~m>oC+CAT5{XMOQX#KgQ+H&8))eb3`GB+NsnwT}OS`9v+u?oWZediwmTH zohF|Cm}=y{>@l?kFp0$A1iwFjbqeHEKDzV4tuunu*;1V!Pgw94eiY7}`FefU2@ajH zva~SldF8_k_`@}THZVYc6oYsL)Wrumhn5Q*sCI?7dJCz0u(zDuxU@nVBQpiF0vbq| zpoWQNy+4bS{)ps}epd>-mxe@XJp41T=Vouwxs`7f5wpgn6`dqNoKWtVGZF0a2cmxk zI_eq7;MeH+P~w^z-&Yo2ckb&4xjIGjOp;Rol;H7X>4%4s0ojN6G`JdDSX?H^2s?LuQoKPR%qm6eFnt^ zJ0_0mT3x)pllc(vj)MVuKqUm1LcOglTs~!Aa09fBsAYZNKNby`Cri431%VwNLu#YI z&YWC`$^p!?yQ@wBG2z--?+Iwx>M?K z`F4>(=NL%9SmQssE_{Kmzz&UEliPZXfV;l;rxY#-0{=BD!Zz)fjg0xMLNP=kKSCz53uX@R z49&oibd*Iw^0Ay2!}ze#b#n{gjeU~}fNp=vFdl4UP7h@3F>E7irdupx;@j@PUYiBc zqoH#Fs_Ji^)X;sK7pbk05C>bTc!qxYSP4+cobH?2<)=;QQ_4UaLo&AcSN{)5L+28o zBZD?wV%uZ2#(4%&aStH0-(BB`GB7Pr6(jxP@t&J}@@Q6JA)}58#i@}wO7mpB?gnNV z@+U}s!OMUAsBs(#d7w`F+ZU#B06wg6)SJkkXCMC{3^|xzkusMeMGzMfPU9SKZ`V>gtZ)}4gl8aH!r5`-eUPr>-m@WBRpc@id7T~ z;g|Tgg!^}t1?6n;`~l;C_nUvBH~Jjqpu=Qc^%oiVn-?>mSyKAD5zC+Jx=ZP5f3y&| z7m@!CeYj#jd;iU){lY0>N@DmNc?tR3(3WBA82)Xh17q}naPV&ZWZgfJ`oA%>>jceT z);MBCb6ygqwHKODHclv@djLyK`krC;lWZ<(=={%Fh1iu^8tUDz2+DNHDPvUMcI%Ag z6E)tE`&|0489;HzZ!$`O4H&7d*wyHB;&->|d&;{>GlsAOMXQX>FMwANz0I`CkM?3RBJtgb^nve^*cea{?Ge4Nl^d z-vK}6w`p+{T@+{80sUR&=LP|^=E?tK=f7q0|FQFb;rpKy?f;8(j{KmnHSaVER$fb` P0{+fv8=iTgiH!Ik&?yTP literal 0 HcmV?d00001 diff --git a/fast/stages/01-resman/diagram.svg b/fast/stages/01-resman/diagram.svg new file mode 100644 index 000000000..541db3f4b --- /dev/null +++ b/fast/stages/01-resman/diagram.svg @@ -0,0 +1,1340 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/fast/stages/01-resman/main.tf b/fast/stages/01-resman/main.tf new file mode 100644 index 000000000..2aedb7ce3 --- /dev/null +++ b/fast/stages/01-resman/main.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + # convenience flags that express where billing account resides + billing_ext = var.billing_account.organization_id == null + billing_org = var.billing_account.organization_id == var.organization.id + billing_org_ext = !local.billing_ext && !local.billing_org + groups = { + for k, v in var.groups : + k => "${v}@${var.organization.domain}" + } + groups_iam = { + for k, v in local.groups : + k => "group:${v}" + } + # naming: environment names + prefixes = { + dev = "${var.prefix}-dev" + prod = "${var.prefix}-prod" + } +} diff --git a/fast/stages/01-resman/organization.tf b/fast/stages/01-resman/organization.tf new file mode 100644 index 000000000..f96ad16c3 --- /dev/null +++ b/fast/stages/01-resman/organization.tf @@ -0,0 +1,136 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Organization policies. + + +locals { + # set to the empty list if you remove the teams branch + branch_teams_pf_sa_iam_emails = [ + module.branch-teams-dev-projectfactory-sa.iam_email, + module.branch-teams-prod-projectfactory-sa.iam_email + ] + list_deny = { + inherit_from_parent = false + suggested_value = null + status = false + values = [] + } + policy_configs = ( + var.organization_policy_configs == null + ? {} + : var.organization_policy_configs + ) +} + +module "organization" { + source = "../../../modules/organization" + organization_id = "organizations/${var.organization.id}" + # IAM additive bindings, granted via the restricted Organization Admin custom + # role assigned in stage 00; they need to be additive to avoid conflicts + iam_additive = merge( + { + (var.custom_roles.xpnServiceAdmin) = concat( + local.branch_teams_pf_sa_iam_emails + ) + "roles/accesscontextmanager.policyAdmin" = [ + module.branch-security-sa.iam_email + ] + "roles/billing.costsManager" = concat( + local.branch_teams_pf_sa_iam_emails + ), + "roles/compute.orgFirewallPolicyAdmin" = [ + module.branch-network-sa.iam_email + ] + "roles/compute.xpnAdmin" = [ + module.branch-network-sa.iam_email + ] + "roles/orgpolicy.policyAdmin" = local.branch_teams_pf_sa_iam_emails + }, + local.billing_org ? { + "roles/billing.user" = concat( + [ + module.branch-network-sa.iam_email, + module.branch-security-sa.iam_email, + ], + # enable if individual teams can create their own projects + # [ + # for k, v in module.branch-teams-team-sa : v.iam_email + # ], + local.branch_teams_pf_sa_iam_emails + ) + } : {} + ) + # sample subset of useful organization policies, edit to suit requirements + policy_boolean = { + "constraints/cloudfunctions.requireVPCConnector" = true + "constraints/compute.disableGuestAttributesAccess" = true + "constraints/compute.disableInternetNetworkEndpointGroup" = true + "constraints/compute.disableNestedVirtualization" = true + "constraints/compute.disableSerialPortAccess" = true + "constraints/compute.requireOsLogin" = true + "constraints/compute.restrictXpnProjectLienRemoval" = true + "constraints/compute.skipDefaultNetworkCreation" = true + "constraints/iam.automaticIamGrantsForDefaultServiceAccounts" = true + "constraints/iam.disableServiceAccountKeyCreation" = true + "constraints/iam.disableServiceAccountKeyUpload" = true + "constraints/sql.restrictPublicIp" = true + "constraints/sql.restrictAuthorizedNetworks" = true + "constraints/storage.uniformBucketLevelAccess" = true + } + policy_list = { + "constraints/cloudfunctions.allowedIngressSettings" = merge( + local.list_deny, { values = ["ALLOW_INTERNAL_ONLY"] } + ) + "constraints/cloudfunctions.allowedVpcConnectorEgressSettings" = merge( + local.list_deny, { values = ["PRIVATE_RANGES_ONLY"] } + ) + "constraints/compute.restrictLoadBalancerCreationForTypes" = merge( + local.list_deny, { values = ["in:INTERNAL"] } + ) + "constraints/compute.vmExternalIpAccess" = local.list_deny + "constraints/iam.allowedPolicyMemberDomains" = { + inherit_from_parent = false + suggested_value = null + status = true + values = concat( + [var.organization.customer_id], + try(local.policy_configs.allowed_policy_member_domains, []) + ) + } + "constraints/run.allowedIngress" = merge( + local.list_deny, { values = ["internal"] } + ) + "constraints/run.allowedVPCEgress" = merge( + local.list_deny, { values = ["private-ranges-only"] } + ) + # "constraints/compute.restrictCloudNATUsage" = local.list_deny + # "constraints/compute.restrictDedicatedInterconnectUsage" = local.list_deny + # "constraints/compute.restrictPartnerInterconnectUsage" = local.list_deny + # "constraints/compute.restrictProtocolForwardingCreationForTypes" = local.list_deny + # "constraints/compute.restrictSharedVpcHostProjects" = local.list_deny + # "constraints/compute.restrictSharedVpcSubnetworks" = local.list_deny + # "constraints/compute.restrictVpcPeering" = local.list_deny + # "constraints/compute.restrictVpnPeerIPs" = local.list_deny + # "constraints/compute.vmCanIpForward" = local.list_deny + # "constraints/gcp.resourceLocations" = { + # inherit_from_parent = false + # suggested_value = null + # status = true + # values = local.allowed_regions + # } + } +} diff --git a/fast/stages/01-resman/outputs.tf b/fast/stages/01-resman/outputs.tf new file mode 100644 index 000000000..67fce0bc1 --- /dev/null +++ b/fast/stages/01-resman/outputs.tf @@ -0,0 +1,150 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + _project_factory_sas = { + dev = module.branch-teams-dev-projectfactory-sa.iam_email + prod = module.branch-teams-prod-projectfactory-sa.iam_email + } + providers = { + "02-networking" = templatefile("${path.module}/../../assets/templates/providers.tpl", { + bucket = module.branch-network-gcs.name + name = "networking" + sa = module.branch-network-sa.email + }) + "02-security" = templatefile("${path.module}/../../assets/templates/providers.tpl", { + bucket = module.branch-security-gcs.name + name = "security" + sa = module.branch-security-sa.email + }) + "99-sandbox" = templatefile("${path.module}/../../assets/templates/providers.tpl", { + bucket = module.branch-sandbox-gcs.name + name = "sandbox" + sa = module.branch-sandbox-sa.email + }) + "03-project-factory-dev" = templatefile("${path.module}/../../assets/templates/providers.tpl", { + bucket = module.branch-teams-dev-projectfactory-gcs.name + name = "team-dev" + sa = module.branch-teams-dev-projectfactory-sa.email + }) + "03-project-factory-prod" = templatefile("${path.module}/../../assets/templates/providers.tpl", { + bucket = module.branch-teams-prod-projectfactory-gcs.name + name = "team-prod" + sa = module.branch-teams-prod-projectfactory-sa.email + }) + } + tfvars = { + "02-networking" = jsonencode({ + folder_id = module.branch-network-folder.id + project_factory_sa = local._project_factory_sas + }) + "02-security" = jsonencode({ + folder_id = module.branch-security-folder.id + kms_restricted_admins = { + for k, v in local._project_factory_sas : k => [v] + } + }) + } +} + +# optionally generate providers and tfvars files for subsequent stages + +resource "local_file" "providers" { + for_each = var.outputs_location == null ? {} : local.providers + filename = "${var.outputs_location}/${each.key}/providers.tf" + content = each.value +} + +resource "local_file" "tfvars" { + for_each = var.outputs_location == null ? {} : local.tfvars + filename = "${var.outputs_location}/${each.key}/terraform-resman.auto.tfvars.json" + content = each.value +} + +# outputs + +output "networking" { + # tfdoc:output:consumers 02-networking + description = "Data for the networking stage." + value = { + folder = module.branch-network-folder.id + gcs_bucket = module.branch-network-gcs.name + service_account = module.branch-network-sa.iam_email + } +} + +output "project_factories" { + # tfdoc:output:consumers xx-teams + description = "Data for the project factories stage." + value = { + dev = { + bucket = module.branch-teams-dev-projectfactory-gcs.name + sa = module.branch-teams-dev-projectfactory-sa.email + } + prod = { + bucket = module.branch-teams-prod-projectfactory-gcs.name + sa = module.branch-teams-prod-projectfactory-sa.email + } + } +} + +# ready to use provider configurations for subsequent stages + +output "providers" { + # tfdoc:output:consumers 02-networking 02-security xx-sandbox xx-teams + description = "Terraform provider files for this stage and dependent stages." + sensitive = true + value = local.providers +} + +output "sandbox" { + # tfdoc:output:consumers xx-sandbox + description = "Data for the sandbox stage." + value = { + folder = module.branch-sandbox-folder.id + gcs_bucket = module.branch-sandbox-gcs.name + service_account = module.branch-sandbox-sa.email + } +} + +output "security" { + # tfdoc:output:consumers 02-security + description = "Data for the networking stage." + value = { + folder = module.branch-security-folder.id + gcs_bucket = module.branch-security-gcs.name + service_account = module.branch-security-sa.iam_email + } +} + +output "teams" { + description = "Data for the teams stage." + value = { + for k, v in module.branch-teams-team-folder : k => { + folder = v.id + gcs_bucket = module.branch-teams-team-gcs[k].name + service_account = module.branch-teams-team-sa[k].email + } + } +} + +# ready to use variable values for subsequent stages + +output "tfvars" { + description = "Terraform variable files for the following stages." + sensitive = true + value = local.tfvars +} diff --git a/fast/stages/01-resman/variables.tf b/fast/stages/01-resman/variables.tf new file mode 100644 index 000000000..c1d63c86d --- /dev/null +++ b/fast/stages/01-resman/variables.tf @@ -0,0 +1,104 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# defaults for variables marked with global tfdoc annotations, can be set via +# the tfvars file generated in stage 00 and stored in its outputs + +variable "billing_account" { + # tfdoc:variable:source 00-bootstrap + description = "Billing account id and organization id ('nnnnnnnn' or null)." + type = object({ + id = string + organization_id = number + }) +} + +variable "automation_project_id" { + # tfdoc:variable:source 00-bootstrap + description = "Project id for the automation project created by the bootstrap stage." + type = string +} + +variable "custom_roles" { + # tfdoc:variable:source 00-bootstrap + description = "Custom roles defined at the org level, in key => id format." + type = map(string) + default = {} +} + +variable "groups" { + # tfdoc:variable:source 00-bootstrap + description = "Group names to grant organization-level permissions." + type = map(string) + # https://cloud.google.com/docs/enterprise/setup-checklist + default = { + gcp-billing-admins = "gcp-billing-admins", + gcp-devops = "gcp-devops", + gcp-network-admins = "gcp-network-admins" + gcp-organization-admins = "gcp-organization-admins" + gcp-security-admins = "gcp-security-admins" + gcp-support = "gcp-support" + } +} + +variable "organization" { + # tfdoc:variable:source 00-bootstrap + description = "Organization details." + type = object({ + domain = string + id = number + customer_id = string + }) +} + +variable "organization_policy_configs" { + description = "Organization policies customization." + type = object({ + allowed_policy_member_domains = list(string) + }) + default = null +} + +variable "outputs_location" { + description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable." + type = string + default = null +} + +variable "prefix" { + # tfdoc:variable:source 00-bootstrap + description = "Prefix used for resources that need unique names." + type = string +} + +variable "team_folders" { + description = "Team folders to be created. Format is described in a code comment." + type = map(object({ + descriptive_name = string + group_iam = map(list(string)) + impersonation_groups = list(string) + })) + default = null + # default = { + # team-a = { + # descriptive_name = "Team A" + # group_iam = { + # team-a-group = [roles/owner, roles/projectCreator] + # } + # impersonation_groups = ["team-a-admins@example.com"] + # } + # } +} diff --git a/fast/stages/02-networking/README.md b/fast/stages/02-networking/README.md new file mode 100644 index 000000000..5d7b539b4 --- /dev/null +++ b/fast/stages/02-networking/README.md @@ -0,0 +1,338 @@ +# Networking + +This stage sets up the shared network infrastructure for the whole organization. It adopts the common “hub and spoke” reference design, which is well suited to multiple scenarios, and offers several advantages versus other designs: + +- the “hub” VPC centralizes external connectivity to on-prem or other cloud environments, and is ready to host cross-environment services like CI/CD, code repositories, and monitoring probes +- the “spoke” VPCs allow partitioning workloads (e.g. by environment like in this setup), while still retaining controlled access to central connectivity and services +- Shared VPC in both hub and spokes splits management of network resources in specific (host) projects, while still allowing them to be consumed from workload (service) projects +- the design also lends itself to easy DNS centralization, both from on-prem to cloud and from cloud to on-prem + +Connectivity between hub and spokes is established here via [VPN HA](https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies) tunnels, which offer easy interoperability with some key GCP features (GKE, services leveraging Service Networking like Cloud SQL, etc.), allowing clear partitioning of quota and limits between environments, and fine-grained control of routing. Different ways of implementing connectivity, and their respective pros and cons, are discussed below. + +The following diagram illustrates the high-level design, and should be used as a reference for the following sections. The final number of subnets, and their IP addressing design will of course depend on customer-specific requirements, and can be easily changed via variables or external data files without having to edit the actual code. + +

+ Networking diagram +

+ +## Design overview and choices + +### VPC design + +The hub/landing VPC hosts external connectivity and shared services for spoke VPCs, which are connected to it via VPN HA tunnels. Spokes are used here to partition environments, which is a fairly common pattern: + +- one spoke VPC for the production environment +- one spoke VPC for the development environment + +Each VPC is created into its own project, and each project is configured as a Shared VPC host, so that network-related resources and access configurations via IAM are kept separate for each VPC. + +The design easily lends itself to implementing additional environments, or adopting a different logical mapping for spokes (e.g. one spoke for each company entity, etc.). Adding spokes is a trivial operation, does not increase the design complexity, and is explained in operational terms in the following sections. + +In multi-organization scenarios, where production and non-production resources use different Cloud Identity and GCP organizations, the hub/landing VPC is usually part of the production organization, and establishes connections with production spokes in its same organization, and non-production spokes in a different organization. + +An additional VPC is also deployed by default with the provided code, disconnected from the other VPCs and hosting a single VM that emulates on-prem for testing purposes, via a Docker network and containers for VPN, DNS, HTTP, etc. + +### External connectivity + +External connectivity to on-prem is implemented here via VPN HA (two tunnels per region), as this is the minimum common denominator often used directly, or as a stop-gap solution to validate routing and transfer data, while waiting for [interconnects](https://cloud.google.com/network-connectivity/docs/interconnect) to be provisioned. + +Connectivity to additional on-prem sites or other cloud providers should be implemented in a similar fashion, via VPN tunnels or interconnects in the landing VPC sharing the same regional router. + +### Internal connectivity + +As mentioned initially, there are of course other ways to implement internal connectivity other than VPN HA. These can be easily retrofitted with minimal code changes, but introduce additional considerations for service interoperability, quotas and management. + +This is a summary of the main options: + +- [VPN HA](https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies) (implemented here) + - Pros: simple compatibility with GCP services that leverage peering internally, better control on routes, avoids peering groups shared quotas and limits + - Cons: additional cost, marginal increase in latency, requires multiple tunnels for full bandwidth +- [VPC Peering](https://cloud.google.com/vpc/docs/vpc-peering) + - Pros: no additional costs, full bandwidth with no configurations, no extra latency + - Cons: no transitivity (e.g. to GKE masters, Cloud SQL, etc.), no selective exchange of routes, several quotas and limits shared between VPCs in a peering group +- [Multi-NIC appliances](https://cloud.google.com/architecture/best-practices-vpc-design#multi-nic) + - Pros: additional security features (e.g. IPS), potentially better integration with on-prem systems by using the same vendor + - Cons: complex HA/failover setup, limited by VM bandwidth and scale, additional costs for VMs and licenses, out of band management of a critical cloud component + +### IP ranges, subnetting, routing + +Minimizing the number of routes (and subnets) in use on the cloud environment is an important consideration, as it simplifies management and avoids hitting [Cloud Router](https://cloud.google.com/network-connectivity/docs/router/quotas) and [VPC](https://cloud.google.com/vpc/docs/quota) quotas and limits. For this reason, we recommend careful planning of the IP space used in your cloud environment, to be able to use large IP CIDR blocks in routes whenever possible. + +This stage uses a dedicated /16 block (which should of course be sized to your needs) for each region in each VPC, and subnets created in each VPC derive their ranges from the relevant block. + +Spoke VPCs also define and reserve two "special" CIDR ranges dedicated to [PSA (Private Service Access)](https://cloud.google.com/vpc/docs/private-services-access) and [Internal HTTPs Load Balancers (L7ILB)](https://cloud.google.com/load-balancing/docs/l7-internal). + +Routes in GCP are either automatically created for VPC subnets, manually created via static routes, or dynamically programmed by [Cloud Routers](https://cloud.google.com/network-connectivity/docs/router#docs) via BGP sessions, which can be configured to advertise VPC ranges, and/or custom ranges via custom advertisements. + +In this setup, the Cloud Routers are configured so as to exclude the default advertisement of VPC ranges, and they only advertise their respective aggregate ranges via custom advertisements. This greatly simplifies the routing configuration, and more importantly it allows to avoid quota or limit issues by keeping the number of routes small, instead of making it proportional to the subnets and secondary ranges in the VPCs. + +The high-level routing plan implemented in this architecture is as follows: + +| source | target | advertisement | +| ----------- | ----------- | ------------------------------ | +| VPC landing | onprem | GCP aggregate | +| VPC landing | onprem | Cloud DNS forwarders | +| VPC landing | onprem | Google private/restricted APIs | +| VPC landing | spokes | RFC1918 | +| VPC spoke | VPC landing | spoke aggregate | +| onprem | VC landing | onprem aggregates | + +As is evident from the table above, the hub/landing VPC acts as the route concentrator for the whole GCP network, implementing a full line of sight between environments, and between GCP and on-prem. While advertisements can be adjusted to selectively exchange routes (e.g. to isolate the production and the development environment), we recommend using [Firewall](#firewall) policies or rules to achieve the desired isolation. + +### Internet egress + +The path of least resistance for Internet egress is using Cloud NAT, and that is what's implemented in this setup, with a NAT gateway configured for each VPC. + +Several other scenarios are possible of course, with varying degrees of complexity: + +- a forward proxy, with optional URL filters +- a default route to on-prem to leverage existing egress infrastructure +- a full-fledged perimeter firewall to control egress and implement additional security features like IPS + +Future pluggable modules will allow to easily experiment, or deploy the above scenarios. + +### VPC and Hierarchical Firewall + +The GCP Firewall is a stateful, distributed feature that allows the creation of L4 policies, either via VPC-level rules or more recently via hierarchical policies applied on the resource hierarchy (organization, folders). + +The current setup adopts both firewall types, and uses hierarchical rules on the Networking folder for common ingress rules (egress is open by default), e.g. from health check or IAP forwarders ranges, and VPC rules for the environment or workload-level ingress. + +Rules and policies are defined in simple YAML files, described below. + +### DNS + +DNS often goes hand in hand with networking, especially on GCP where Cloud DNS zones and policies are associated at the VPC level. This setup implements both DNS flows: + +- on-prem to cloud via private zones for cloud-managed domains, and an [inbound policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) used as forwarding target or via delegation (requires some extra configuration) from on-prem DNS resolvers +- cloud to on-prem via forwarding zones for the on-prem managed domains + +DNS configuration is further centralized by leveraging peering zones, so that + +- the hub/landing Cloud DNS hosts configurations for on-prem forwarding and Google API domains, with the spokes consuming them via DNS peering zones +- the spokes Cloud DNS host configurations for the environment-specific domains, with the hub/landing VPC acting as consumer via DNS peering + +To complete the configuration, the 35.199.192.0/19 range should be routed on the VPN tunnels from on-prem, and the following names configured for DNS forwarding to cloud: + +- `private.googleapis.com` +- `restricted.googleapis.com` +- `gcp.example.com` (used as a placeholder) + +From cloud, the `example.com` domain (used as a placeholder) is forwarded to on-prem. + +This configuration is battle-tested, and flexible enough to lend itself to simple modifications without subverting its design, for example by forwarding and peering root zones to bypass Cloud DNS external resolution. + +## How to run this stage + +This stage is meant to be executed after the [resman](../01-resman) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured in the [bootstrap](../00-boostrap) stage. + +It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the previous stages for the environmental requirements. + +Before running this stage, you need to make sure you have the correct credentials and permissions, and localize variables by assigning values that match your configuration. + +### Providers configuration + +The default way of making sure you have the right permissions, is to use the identity of the service account pre-created for this stage during the [resource management](./01-resman) stage, and that you are a member of the group that can impersonate it via provider-level configuration (`gcp-devops` or `organization-admins`). + +To simplify setup, the previous stage pre-configures a valid providers file in its output, and optionally writes it to a local file if the `outputs_location` variable is set to a valid path. + +If you have set a valid value for `outputs_location` in the bootstrap stage, simply link the relevant `providers.tf` file from this stage's folder in the path you specified: + +```bash +# `outputs_location` is set to `../../configs/example` +ln -s ../../configs/example/02-networking/providers.tf +``` + +If you have not configured `outputs_location` in bootstrap, you can derive the providers file from that stage's outputs: + +```bash +cd ../00-bootstrap +terraform output -json providers | jq -r '.["02-networking"]' \ + > ../02-networking/providers.tf +``` + +### Variable configuration + +There are two broad sets of variables you will need to fill in: + +- variables shared by other stages (org id, billing account id, etc.), or derived from a resource managed by a different stage (folder id, automation project id, etc.) +- variables specific to resources managed by this stage + +To avoid the tedious job of filling in the first group of variables with values derived from other stages' outputs, the same mechanism used above for the provider configuration can be used to leverage pre-configured `.tfvars` files. + +If you have set a valid value for `outputs_location` in the bootstrap and in the resman stage, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's folder in the path you specified, where the `*` above is set to the name of the stage that produced it. For this stage, a single `.tfvars` file is available: + +```bash +# `outputs_location` is set to `../../configs/example` +ln -s ../../configs/example/02-networking/terraform-bootstrap.auto.tfvars.json +ln -s ../../configs/example/02-networking/terraform-resman.auto.tfvars.json +``` + +Please refer to the [Variables](#variables) table below for a map of the variable origins, and to the sections below on how to adapt this stage to your networking configuration. + +### VPCs + +VPCs are defined in separate files, one for `landing` and one for each of `prod` and `dev`. +Each file contains the same resources, described in the following paragraphs. + +The **project** ([`project`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/project)) contains the VPC, and enables the required APIs and sets itself as a "[host project](https://cloud.google.com/vpc/docs/shared-vpc)". + +The **VPC** ([`net-vpc`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-vpc)) manages the DNS inbound policy (for Landing), explicit routes for `{private,restricted}.googleapis.com`, and its **subnets**. Subnets are created leveraging a "resource factory" paradigm, where the configuration is separated from the module that implements it, and stored in a well-structured file. To add a new subnet, simply create a new file in the `data_folder` directory defined in the module, following the examples found in the [Fabric `net-vpc` documentation](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-vpc#subnet-factory). Sample subnets are shipped in [data/subnets](./data/subnets), and can be easily customised to fit your needs. + +Subnets for [L7 ILBs](https://cloud.google.com/load-balancing/docs/l7-internal/proxy-only-subnets) are handled differently, and defined in variable `l7ilb_subnets`, while ranges for [PSA](https://cloud.google.com/vpc/docs/configure-private-services-access#allocating-range) are configured by variable `psa_ranges` - such variables are consumed by spoke VPCs. + +**Cloud NAT** ([`net-cloudnat`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-cloudnat)) manages the networking infrastructure required to enable internet egress. + +### VPNs + +#### External + +Connectivity to on-prem is implemented with VPN HA ([`net-vpn`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-vpn)) and defined in [`vpn-onprem.tf`](./vpn-onprem.tf). The file provisionally implements a single logical connection between onprem and landing at `europe-west1`, and the relevant parameters for its configuration are found in variable `vpn_onprem_configs`. + +#### Internal + +VPNs ([`net-vpn`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-vpn)) used to interconnect landing and spokes are managed by `vpn-spoke-*.tf` files, each implementing both sides of the VPN connection. Per-gateway configurations (e.g. BGP advertisements and session ranges) are controlled by variable `vpn_onprem_configs`. VPN gateways and IKE secrets are automatically generated and configured. + +### Routing and BGP + +Each VPC network ([`net-vpc`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-vpc)) manages a separate routing table, which can define static routes (e.g. to private.googleapis.com) and receives dynamic routes from BGP sessions established with neighbor networks (e.g. landing receives routes from onprem and spokes, and spokes receive RFC1918 from landing). + +Static routes are defined in `vpc-*.tf` files, in the `routes` section of each `net-vpc` module. + +BGP sessions for landing-spoke are configured through variable `vpn_spoke_configs`, while the ones for landing-onprem use variable `vpn_onprem_configs` + +### Firewall + +**VPC firewall rules** ([`net-vpc-firewall`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-vpc-firewall)) are defined per-vpc on each `vpc-*.tf` file and leverage a resource factory to massively create rules. +To add a new firewall rule, create a new file or edit an existing one in the `data_folder` directory defined in the module `net-vpc-firewall`, following the examples of the "[Rules factory](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/net-vpc-firewall#rules-factory)" section of the module documentation. Sample firewall rules are shipped in [data/firewall-rules/landing](./data/firewall-rules/landing) and can be easily customised. + +**Hierarchical firewall policies** ([`folder`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/folder)) are defined in `main.tf`, and managed through a policy factory implemented by the `folder` module, which applies the defined hierarchical to the `Networking` folder, which contains all the core networking infrastructure. Policies are defined in the `rules_file` file - to define a new one simply use the instructions found on "[Firewall policy factory](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/organization#firewall-policy-factory)". Sample hierarchical firewall policies are shipped in [data/hierarchical-policy-rules.yaml](./data/hierarchical-policy-rules.yaml) and can be easily customised. + +### DNS architecture + +The DNS ([`dns`](https://github.com/terraform-google-modules/cloud-foundation-fabric/tree/master/modules/dns)) infrastructure is defined in [`dns.tf`](dns.tf). + +Cloud DNS manages onprem forwarding, the main GCP zone (in this example `gcp.example.com`) and is peered to environment-specific zones (i.e. `dev.gcp.example.com` and `prod.gcp.example.com`). + +#### Cloud environment + +Per the section above Landing acts as the source of truth for DNS within the Cloud environment. Resources defined in the spoke VPCs consume the Landing DNS infrastructure through DNS peering (e.g. `prod-landing-root-dns-peering`). +Spokes can optionally define private zones (e.g. `prod-dns-private-zone`) - granting visibility to the Landing VPC ensures that the whole cloud environment can query such zones. + +#### Cloud to on-prem + +Leveraging the forwarding zones defined on Landing (e.g. `onprem-example-dns-forwarding` and `reverse-10-dns-forwarding`), the cloud environment can resolve `in-addr.arpa.` and `onprem.example.com.` using the on-premises DNS infrastructure. Onprem resolvers IPs are set in variable `dns.onprem`. + +DNS queries sent to the on-premises infrastructure come from the `35.199.192.0/19` source range, which is only accessible from within a VPC or networks connected to one. + +#### On-prem to cloud + +The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in module `landing-vpc` ([`landing.tf`](./landing.tf)) automatically reserves the first available IP address on each created subnet (typically the third one in a CIDR) to expose the Cloud DNS service so that it can be consumed from outside of GCP. + +### Private Google Access + +[Private Google Access](https://cloud.google.com/vpc/docs/private-google-access) (or PGA) enables VMs and on-prem systems to consume Google APIs from within the Google network, and is already fully configured on this environment. + +For PGA to work: + +- Private Google Access should be enabled on the subnet. \ +Subnets created by the `net-vpc` module are PGA-enabled by default. + +- 199.36.153.4/30 (`restricted.googleapis.com`) and 199.36.153.8/30 (`private.googleapis.com`) should be routed from on-prem to VPC, and from there to the `default-internet-gateway`. \ +Per variable `vpn_onprem_configs` such ranges are advertised to onprem - furthermore every VPC (e.g. see `landing-vpc` in [`landing.tf`](./landing.tf)) has explicit routes set in case the `0.0.0.0/0` route is changed. + +- A private DNS zone for `googleapis.com` should be created and configured per [this article](https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid#config-domain), as implemented in module `googleapis-private-zone` in [`dns.tf`](./dns.tf) + +### Preliminar activities + +Before running `terraform apply` on this stage, make sure to adapt all of `variables.tf` to your needs, to update all reference to regions (e.g. `europe-west1` or `ew1`) in the whole directory to match your preferences. + +If you're not using FAST, you'll also need to create a `providers.tf` file to configure the GCS backend and the service account to use to run the deployment. + +You're now ready to run `terraform init` and `apply`. + +### Post-deployment activities + +- On-prem routers should be configured to advertise all relevant CIDRs to the GCP environments. To avoid hitting GCP quotas, we recomment aggregating routes as much as possible. +- On-prem routers should accept BGP sessions from their cloud peers. +- On-prem DNS servers should have forward zones for GCP-managed ones. + +## Customizations + +### Adding an environment + +To create a new environment (e.g. `staging`), a few changes are required. + +Create a `vpc-spoke-staging.tf` file by copying `vpc-spoke-prod.tf` file, +and adapt the new file by replacing the value "prod" with the value "staging". +Running `diff vpc-spoke-dev.tf vpc-spoke-prod.tf` can help to see how environment files differ. + +The new VPC requires a set of dedicated CIDRs, one per region, added to variable `custom_adv` (for example as `spoke_staging_ew1` and `spoke_staging_ew4`). +>`custom_adv` is a map that "resolves" CIDR names to actual addresses, and will be used later to configure routing. +> +Variables managing L7 Interal Load Balancers (`l7ilb_subnets`) and Private Service Access (`psa_ranges`) should also be adapted, and subnets and firewall rules for the new spoke should be added as described above. + +VPN HA connectivity (see also [VPNs](#vpns)) to `landing` is managed by the `vpn-spoke-*.tf` files. +Copy `vpn-spoke-prod.tf` to `vpn-spoke-staging.tf` - replace "prod" with "staging" where relevant. + +VPN configuration also controls BGP advertisements, which requires the following variable changes: + +- `router_configs` to configure the new routers (one per region) created for the `staging` VPC +- `vpn_onprem_configs` to configure the new advertisments to on-premises for the new CIDRs +- `vpn_spoke_configs` to configure the new advertisements to `landing` for the new VPC - new keys (one per region) should be added, such as e.g. `staging-ew1` and `staging-ew4` + +DNS configurations are centralised in the `dns.tf` file. Spokes delegate DNS resolution to Landing through DNS peering, and optionally define a private zone (e.g. `staging.gcp.example.com`) which the landing peers to. To configure DNS for a new environment, copy all the `prod-*` modules in the `dns.tf` file to `staging-*`, and update their content accordingly. Don't forget to add a peering zone from Landing to the newly created environment private zone. + + + +## Files + +| name | description | modules | resources | +|---|---|---|---| +| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | | +| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns | | +| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | +| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder | | +| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | +| [outputs.tf](./outputs.tf) | Module outputs. | | local_file | +| [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | | +| [variables.tf](./variables.tf) | Module variables. | | | +| [vpc-landing.tf](./vpc-landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | | +| [vpc-spoke-dev.tf](./vpc-spoke-dev.tf) | Dev spoke VPC and related resources. | net-address · net-cloudnat · net-vpc · net-vpc-firewall · project | | +| [vpc-spoke-prod.tf](./vpc-spoke-prod.tf) | Production spoke VPC and related resources. | net-address · net-cloudnat · net-vpc · net-vpc-firewall · project | | +| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | | +| [vpn-spoke-dev.tf](./vpn-spoke-dev.tf) | VPN between landing and development spoke. | net-vpn-ha | | +| [vpn-spoke-prod.tf](./vpn-spoke-prod.tf) | VPN between landing and production spoke. | net-vpn-ha | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| billing_account_id | Billing account id. | string | ✓ | | 00-bootstrap | +| organization | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| prefix | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | +| custom_adv | Custom advertisement definitions in name => range format. | map(string) | | {…} | | +| data_dir | Relative path for the folder storing configuration data for network resources. | string | | "data" | | +| dns | Onprem DNS resolvers | map(list(string)) | | {…} | | +| folder_id | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | string | | null | 01-resman | +| gke | | map(object({…})) | | {} | 01-resman | +| l7ilb_subnets | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | +| outputs_location | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| project_factory_sa | IAM emails for project factory service accounts | map(string) | | {} | 01-resman | +| psa_ranges | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | | +| router_configs | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | +| vpn_onprem_configs | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | +| vpn_spoke_configs | VPN gateway configuration for spokes. | map(object({…})) | | {…} | | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| cloud_dns_inbound_policy | IP Addresses for Cloud DNS inbound policy. | | | +| project_ids | Network project ids. | | | +| project_numbers | Network project numbers. | | | +| shared_vpc_host_projects | Shared VPC host projects. | | | +| shared_vpc_self_links | Shared VPC host projects. | | | +| tfvars | Network-related variables used in other stages. | ✓ | | +| vpn_gateway_endpoints | External IP Addresses for the GCP VPN gateways. | | | + + diff --git a/fast/stages/02-networking/data/cidrs.yaml b/fast/stages/02-networking/data/cidrs.yaml new file mode 100644 index 000000000..5f453d8d4 --- /dev/null +++ b/fast/stages/02-networking/data/cidrs.yaml @@ -0,0 +1,15 @@ +# skip boilerplate check + +healthchecks: + - 35.191.0.0/16 + - 130.211.0.0/22 + - 209.85.152.0/22 + - 209.85.204.0/22 + +rfc1918: + - 10.0.0.0/8 + - 172.16.0.0/16 + - 192.168.0.0/16 + +onprem_probes: + - 10.255.255.254/32 diff --git a/fast/stages/02-networking/data/dashboards/firewall_insights.json b/fast/stages/02-networking/data/dashboards/firewall_insights.json new file mode 100644 index 000000000..e829091cf --- /dev/null +++ b/fast/stages/02-networking/data/dashboards/firewall_insights.json @@ -0,0 +1,68 @@ +{ + "displayName": "Firewall Insights Monitoring", + "gridLayout": { + "columns": "2", + "widgets": [ + { + "title": "Subnet Firewall Hit Counts", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"firewallinsights.googleapis.com/subnet/firewall_hit_count\" resource.type=\"gce_subnetwork\"", + "secondaryAggregation": {} + }, + "unitOverride": "1" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "VM Firewall Hit Counts", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"firewallinsights.googleapis.com/vm/firewall_hit_count\" resource.type=\"gce_instance\"", + "secondaryAggregation": {} + }, + "unitOverride": "1" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + } + ] + } +} \ No newline at end of file diff --git a/fast/stages/02-networking/data/dashboards/vpn.json b/fast/stages/02-networking/data/dashboards/vpn.json new file mode 100644 index 000000000..4396cc00b --- /dev/null +++ b/fast/stages/02-networking/data/dashboards/vpn.json @@ -0,0 +1,248 @@ +{ + "displayName": "VPN Monitoring", + "gridLayout": { + "columns": "2", + "widgets": [ + { + "title": "Number of connections", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_MEAN" + }, + "filter": "metric.type=\"vpn.googleapis.com/gateway/connections\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "1" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "Tunnel established", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_MEAN" + }, + "filter": "metric.type=\"vpn.googleapis.com/tunnel_established\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "1" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "Cloud VPN Gateway - Received bytes", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"vpn.googleapis.com/network/received_bytes_count\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "By" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "Cloud VPN Gateway - Sent bytes", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"vpn.googleapis.com/network/sent_bytes_count\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "By" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "Cloud VPN Gateway - Received packets", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"vpn.googleapis.com/network/received_packets_count\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "{packets}" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "Cloud VPN Gateway - Sent packets", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"vpn.googleapis.com/network/sent_packets_count\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "{packets}" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "Incoming packets dropped", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"vpn.googleapis.com/network/dropped_received_packets_count\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "1" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + }, + { + "title": "Outgoing packets dropped", + "xyChart": { + "chartOptions": { + "mode": "COLOR" + }, + "dataSets": [ + { + "minAlignmentPeriod": "60s", + "plotType": "LINE", + "targetAxis": "Y1", + "timeSeriesQuery": { + "timeSeriesFilter": { + "aggregation": { + "perSeriesAligner": "ALIGN_RATE" + }, + "filter": "metric.type=\"vpn.googleapis.com/network/dropped_sent_packets_count\" resource.type=\"vpn_gateway\"", + "secondaryAggregation": {} + }, + "unitOverride": "1" + } + } + ], + "timeshiftDuration": "0s", + "yAxis": { + "label": "y1Axis", + "scale": "LINEAR" + } + } + } + ] + } +} \ No newline at end of file diff --git a/fast/stages/02-networking/data/firewall-rules/landing/rules.yaml b/fast/stages/02-networking/data/firewall-rules/landing/rules.yaml new file mode 100644 index 000000000..e72b7c9c7 --- /dev/null +++ b/fast/stages/02-networking/data/firewall-rules/landing/rules.yaml @@ -0,0 +1,15 @@ +# skip boilerplate check + +allow-onprem-probes-example: + description: "Allow traffic from onprem probes" + direction: INGRESS + action: allow + sources: [] + ranges: + - $onprem_probes + targets: [] + use_service_accounts: false + rules: + - protocol: tcp + ports: + - 12345 diff --git a/fast/stages/02-networking/data/hierarchical-policy-rules.yaml b/fast/stages/02-networking/data/hierarchical-policy-rules.yaml new file mode 100644 index 000000000..0172a3091 --- /dev/null +++ b/fast/stages/02-networking/data/hierarchical-policy-rules.yaml @@ -0,0 +1,49 @@ +# skip boilerplate check + +allow-admins: + description: Access from the admin subnet to all subnets + direction: INGRESS + action: allow + priority: 1000 + ranges: + - $rfc1918 + ports: + all: [] + target_resources: null + enable_logging: false + +allow-healthchecks: + description: Enable HTTP and HTTPS healthchecks + direction: INGRESS + action: allow + priority: 1001 + ranges: + - $healthchecks + ports: + tcp: ["80", "443"] + target_resources: null + enable_logging: false + +allow-ssh-from-iap: + description: Enable SSH from IAP + direction: INGRESS + action: allow + priority: 1002 + ranges: + - 35.235.240.0/20 + ports: + tcp: ["22"] + target_resources: null + enable_logging: false + +allow-icmp: + description: Enable ICMP + direction: INGRESS + action: allow + priority: 1003 + ranges: + - 0.0.0.0/0 + ports: + icmp: [] + target_resources: null + enable_logging: false diff --git a/fast/stages/02-networking/data/subnets/dev/dev-default-ew1.yaml b/fast/stages/02-networking/data/subnets/dev/dev-default-ew1.yaml new file mode 100644 index 000000000..37c28f031 --- /dev/null +++ b/fast/stages/02-networking/data/subnets/dev/dev-default-ew1.yaml @@ -0,0 +1,5 @@ +# skip boilerplate check + +region: europe-west1 +ip_cidr_range: 10.144.0.0/24 +description: Default subnet for dev diff --git a/fast/stages/02-networking/data/subnets/landing/landing-default-ew1.yaml b/fast/stages/02-networking/data/subnets/landing/landing-default-ew1.yaml new file mode 100644 index 000000000..5af68db6d --- /dev/null +++ b/fast/stages/02-networking/data/subnets/landing/landing-default-ew1.yaml @@ -0,0 +1,5 @@ +# skip boilerplate check + +region: europe-west1 +ip_cidr_range: 10.128.0.0/24 +description: Default subnet for landing diff --git a/fast/stages/02-networking/data/subnets/prod/prod-default-ew1.yaml b/fast/stages/02-networking/data/subnets/prod/prod-default-ew1.yaml new file mode 100644 index 000000000..7a77f3097 --- /dev/null +++ b/fast/stages/02-networking/data/subnets/prod/prod-default-ew1.yaml @@ -0,0 +1,5 @@ +# skip boilerplate check + +region: europe-west1 +ip_cidr_range: 10.136.0.0/24 +description: Default subnet for prod diff --git a/fast/stages/02-networking/diagram.png b/fast/stages/02-networking/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..c071ccf1bac3089172b7d67d195ec93fa161e241 GIT binary patch literal 141184 zcmeFZWk8f&*EWoZN*I8GA}T59Al;2fcOwjlB8@P@5QCH`2$B**hf25P2n=A*DXG+; zbmNfH?>>j?y59SK-sgMX`}^_z`+lM4>~rt6SM9Zqwf6a1OGEJ-`BicvBBFE3N^&|x zL?k#OqLT`wr@<5E$M;@=KPQknin2sSUDxJ`h!}~KjtklU zIWb{|273Gdvfe)vOHs;TcZkqjOb}6TdHlWxUQo5Rw*Gb5<0LUJ6OUbgPJBmEXI>FG=aR{l{V!q4zOtPUjX2?2h>q3~`SWQ@4?X^*Y$ zOM#bn&d#48@Oz&LtP;pkd%XT@Xqp%4MiyW!bCNNe!Cm4Y4EdJ~4#M_wZh<%DoqFjA ztHh`h;SIR%4l9NcO>o-LSxWgpjJu1LIwqJJOoe`{#BfY7FPJCzT}FBk7$eUbsrJe3D|$TDT`<*YiNs?frorN{?wA{2)rs)5EBjR5u0YaxUlX(mYVt|^L_?ChRr#^n zFo3aM{;J>Ku|7vpSPqj`w}EB#Pj@{%URD4Q+>?W%B5XAeTIF0@C>0wZhQ~7GzP&tn zz_AueK~RzaunIZV#NP3n`e01ngw+R1KyUz~vj2S~c#xR=9M}sO&3NHN1HI}=!nDL- z7TO#aN;M)d0r49WSyBnG>Q7y{=g>^%fJ?L^{rpZ42R}npT0IELa|2XXJnnA!1-MV4 zSrl{$68B3E)A;5Q`hMWDnbOREV2T!gauCzi(hf0GB1n5DqB+l#SO7BPoVwRUm(O3 zAS7t$L-fpF<`kqrq|rqLQN8s7Ypv1s-YbU|M{8P50@)==o6HN|AdxzXbT__e>Viv} z5=49yxfCtLdo)>*_9i_$MQb2l7=hBbanyIRwB9vBaK)b`B1*ovUPPd`H1ETe4#0uO zOaz}L^A?gj`uqzrBEU1EC>c^eb|6)+U}l=1X})_LMu(q@E!)cJ){cq}Eaqlkp*W-h zG$rd~SN75vJ_>#O$#AHw@!+W&J_T>}1k7X}ZO29qX}~qW&R;DTwGASG20SaEyN!h& zbedjaQN#{N*;nMCMyi%??i3e~*{J*MH>6KZ^<7qO{w3tGfS-1LXqGP^AkQBsMd_YSgf%v zB%_O&^|z>jjCk{>yOr~MH$R>F4S zFWJPAMTbX4(f)56O) z*-%xw?_M93GE#Zpd;b2GL$sAdU;S(Kqk~>|?+=KNuK8)@=7UwX()=0{>RH{Q1A^C< zAFuCP?>YV1l{Om@KEn-HcjbDOTblTEs>iu^Kfrs^&h>|%w`W1yC#v)&W8}b<6q98? zw{iyBi|O$59W{;<>W%TG-xM3;*9Mx0vS-Y``+r|wTG{=DDL4#_xW>7<^JjKB0ULY{_9Szi@k#bdTYx~wVDn;vv2(? z^>kgN5^KQ){mOyw-`hVt`kGNyWu(`D?+0pJC^SkZXaWhd&9LIVptFMIo3?9v=>y8E zM@!##Tcgu_X4~JdHSOG~{o_#jQ&3f2KDuslYk$4|Fek@0!A_LM0`^32@CQTK<`+!e z$Zm^ND)PKoYUNR5#Nk-f^Df2d-kYoYGSXEx4Uq??EHtjT2VJOk%yjRKBh9+?o2qh)XkgkrM{a03YKV$BQ&U)#Q4o_$4Vr@s#y!KQFufWC*$M>XdJ0;E15`8=K;|kxs zbZGVdxpEYXZf7WO$S&fzLHYw2+5HOyXGwVraOBIpjlF$YLlU`&_kIql&qu%V+;y@3 zCm%I+TUv-B&WSGmBrr_=eyJy*5gPuik;TPbLb_}WKoo~U*EpgdqMX}W;_*QSfN=*d*Fva2BPM@Ptg~({EFoF-Fi;B zYQ4e2HA;PXe1)-P-I@V$xuInd_PDX{)%ge?v7*cPtqM)EKEq#``o4QxOR<*qy9xU0 zIVKf}9YMl-CY#@3cfW;zkDWy|EF>D!OQ~*2tzf(?nkfxz-nG4HgApn}OY%@U9{r`>A)5(4-CW4z z%c65a{j2-!&73+KkE|Fbhr7K7q8=*53|S^uRu~o~_{21qnjMS^QXHW=*$cXt4{QTc z+qhF+9`;EnU~_-=k_+gX&Q=Qc-3Uwx*|OX%F^o_j4K&$n)0UJal^JZ=hoH&OW1*vs=IeumyyESwV9lYf-a=iI50t2T1skw$LXXauU} z&s8<-Q2x@AH{CnyVY^dD%l^}m+Zl=HKe_?q=TC!Fq#=PbnzsiHZL~XydD!#7$`KG!d6FAl=Y$r(Rp|eU4Xg|62)+fJ{y}i8? zo{dSV>q6!Yq;$fL*Juy{eG?<}LBiwTdY$}%M`w=dAlGQjNAR&6#N{dlGXF)lFC=|GWh>SDXEL1$-e6K9+?+@X#Y#e@%IE?jQQH=tZN zb*)PgnWfWnn?J?+Yl4@}S%$qY?i?S3=V9bPUA0@7k%Z%)2{Pi=(R$zdrO~RgG}QWJ zvM>#zdcbArM@esgf5UQCfbL{F*q7OdUfTv}U$NiF)wA#8t%?PZ1{}F>oNzv(@e&-D zs%;l54|<;13$9sxfN^k->pI1(&h&n+ETBycNeNT==;?cCHW=Hz6B2trs<%a;%ykf# z=GZzwaXDE((9tA0N@I_=YM||N2<~vDjvu!XDq41Z&?hor{mV%VmNv0?DAkVPYk3b` zebY;9)&M8#y>@^Cmek17-9ZhB#s-i^o^3Z?=Uw`^`TRI0(T?@m=NAtOzWw-N;~*)B zNu>?%Jvir3d|-R?x^O0~A{E}?8apmn7$_cgJq@wd7%aS(@EG=*%j5f*J40E{_CsUR zap7A+RlglpSMs+?Ll|qZG9!yO$r>fLDr+xOVF#+qA5E`W8f?Z(S?xW3w;W~_lGBzK zg4?>Gx;vM70`^<)`TUR@!^dBX25DOh#ow{NIt{RcMvm@B*y8HKAMG@H#$(&k(jOWU zhH$xOI|@H2NDXlte#6t&9-4E+PS@}0k8_q~)gB~EieIh``mDD#geee12v!&pB}y&p zXg7cFu6UtdwXmGKyQq3J|I*vKo2D(zyFI_F$0X;ShwjSmNBv8*3vsK8X&{8!6}5T= zIc-@e_7ySp++IODj8y8&V{>oyaTogJH$2|$8_{7`Ph>rJ?i_kfsMi|^I^_YIA*3GU zexdh;0e?~|P4h%}ZS>I(&OhWj|5W^B;g6&{%QT1?E6qLBR&cTGgu{ojAIa28jj>fb zeWKFWbsyh0zz%W0cnaquZ0>1N{(5rF=dNMo%%|Hpf%CeNR^!fM_tP8!?Yo>0^Qgyg z{Aizm-Jg4S77$FDbtUjZPDBO-F4LNtLP-^@@dns=I>fW87e2I2iU{Qto<}c2uZi|X zJwsD_KC;lhWz_&@lJ#OBW)2cI@S{ILBfXm}aP*`ktu-@nWpy+Q6Il1m5%_dwRryX; z`c%xYZDYKF*?gt)o}rV!P69n!8&ida;sE-B(2& zXKQyHiqJ;8;k6SgI^WM3bX0F2o-^p2>vr{7&k7r2T*iFi?zxf2rSb?qpqgs-sgzn zpWQ}p>qc;|hG@?g>ic&g$FW=Odp%H$?dX^QrDA?sz_(Uqb4Ir+DJllu9Nzd2g1UET zN3nY}L9lU`np_p(18XD_dFy+@_+1v?7WxY`uBwSP}CpSo~6?@vDL z*T%jGNwm1}M?J6Bo<}6WIWouh2WjLchtPd_#Tqoh`Q+?t;j6&g^t7;)5xfl@n08yQ zvZ7-1HKv7igf|jD*{tYlXW2=CH=vce+UyT>mF;!-Cjlx1l@hb=^XH1-g@{k6>%hc` zNcO?@k+Yt2-NlP{pXyB_j9_1yMG8_mhCxOIE1 z@mA96om%6jh98tUr+~3@=J2x-HZ=uJrilFg^DZ>mMRpB2Y!&MjJngi8_b3c9liN`n zCkZLy-!s1i848hKDR4BS`0FB18P_HpdNY)Rgd5;SzCPbX>cB?vos#^7M8*Z!&0FiB zKM?yGLIElv`D<@`^)ecv?Zc*-8j8AymG^kfFZ_2RO9-g6XaRjje{9bFvnrCk8Zj=V zy+b=~-4=5jS}7(@1i2mw=2QIWa*i<05@dJifQY8!DWLFue?om49+Q?HA$1l13Kg%Ag!?0bNY3t!~ z+y9U@VfXi*TT8F8DDjn#lavUMY8*w%`tpK&I7In<0wfqeN7$Yl4ehS zN<4862=->zs251Z*QvNnp>+DWj1idK@>e?KWKNLkB?8^6N9jV$p6N*V&o{)$$q8}J zsyj98KjvIDa#jOUJN8r*^M6j;NXcWxOs6w>_0bw)WI(hO{fVsczbS9YW6!BGobM)i z4FL*7Bz78a)3fjL4aLlgP$E(zd!W4n;{jVoX6N^EE=(*>MQbWxnQ;62lL2)sYM=5^ zs_ZqETff7o*uL~1r_a44LKyX!+Oe;a?jfl4(9qKa_4>&UG}H%Q>AmMB-SZv0s;eP- z3eb_iBgXptDI_<3gdC)mjB0?hkJ@NUj-j0gz=+)iU}KdIBee5qe)kme&4j_m9{B7`D@}=vv(9uT1w#CN7RE1n1Z;5sv1&JgD3Fq$ zJ5I@=uxm6rx7T5Du#l>4<5TXP`yYrP6WF+F?R*IAWT!bcm0$uy_@=9nLjpJkcwEJ< zn+fl49GTBf3x}4N)8x<6Q3pn1*K2hLQYk#^CxbrJOo|Z!hPigk1k3i=mgy0xcl=!< zC;!_;-o_D4grR|Iff*tp7pgg_%3aF}Spd5^{ zkX5$o&C|N#D^YlJh%i~-L|(KVPyzjDp~n!E6vTc4hMP!mw<73+GxWyov5!vabA~Z# z$ZpBY5Xb%x&-CeE@D)}_n0+4~eLW2sifSB}JfP}5wjm)Y0!$|LCDZ=DP$dSfQDsu^ zQwy!}z5a0XKVz}+a;4)~^&IOkZ?qgU69V;>o>{!!nN0{lzRrn#w8SOQsVSeBzzV5L zBH*2^I-XyIz)8JeAf%KjpqiG;!xg<_V-B@%+NWUw*sOz`r>bnxd=@Q~J?%88(||E0 zu>XPquYnD=O)4I5gOn8bEKg>>gise37bT&juw>wgVl}ceOGAKc^_KLOc8$tA$`rnNcvyL>+N_eKb&I!4rO80FMLc z@TW;mvwWD@iL+Qz?M%E;G)!niY@x0EA&bDH&(nFjVSUKf1Mk#&SBEd!t0u`qyjcX?Qo9 zsWVxVe(sd+ub%*JJgwqRFnuk0FwyW+>;9jB!KZ|U0Rm3`$0zCm*z|oW z$~jHoC4!&JJOWdG2}PYGeo2*6`3)vWKM=moadcR3kU3(A@G-3C%<{dD5B1s(+=j!E z+%+ie+`f0FEkL-ku{>V_2-fUQtWArc7j}$MPZDbFNZ_{wal=WX0^^Fd-KFwA4T|Np zTLOUqN2*#ZslK7~HBmzPH$WXE+VJG^VcFh=fi=&^n#SuxAWeotCzKXfxS+-Z6wwk6S8*mKw}?_hLu zk%m^7|A^v2{oB=05lISljI~{;824A((Riv-RF86zb*tpzch|L~Gih%GyK5~PvzEp` zTBJ4(NC1rP@lMx;70iPkiN&pMSv*bITKVwu@Z!9Y zq}}{)K0EyL+ivlDqocH*Qcf|a`H*|#`tLHRRU1b? z@_yx{!u(mfSXlVRv1INV;&5tYZz^f45ILxbQMdDj#T{<6*ezaPPXED=bKGs~zH@i0 z>1OukqT=J4!;=WAT9UhTw)JAK=(5AAuXD6pa#DdFt!)mx_mRUgHi9G=0*m{=i*udWo`_6P(9WCQ4U)R#ZWH`aN1M zlUu+O7Y3m?SZngCz6HOQ=Qv{1NEVTiFyQav2@60`=vD?*7yvI(!OXDlr2oZa=MZr| z$5sBV1D;qi&Aj zb}9{hW3{vHy%I2%2t)O$$kgoj@h03NBA{s#g!~xz99D zjkdzfe8?T_1(6->GcS&6UXs=VU*d7I>9`_9sYI-O8DWff`xS7xt#%t{uU|WaNuG%| z04X%hLGSF3#}U`xV9YJzzFUkm-(hXl%McV2GDhAOrd?J|^Lk8c{>wG>5sCp%`|1wW z<3iwA>{9$5Mij3pa5OH#iS=b2hOxSbllI^5f2MCWCyDS@(0GJwtQh~0*EL$nFg%j` zwlA1-HXRP%F3ZjmpPFS#ZEt6XFAv+* z?f!K3`;&>wA2b|`B^TvX9cejmOK_i;2jYHnZ6H_Th+|wP#7>NqBomCdx{XY3qZcZ^ z54~4C$48pS)QxlBdj9zpxQEmJoH?P~xz>qo@_V&jQm&YxpS|SGrH6>pze?G%-jVH@s))t*AWn~g}Z?B(Rioa;& z+6s1E!>GosP|y&KOxvGgpB_baSHKR{%wSBeT*GlvVwz!nTvt=>=qaUmZw ztj=v2C(P)Gyi(sL;O%(WFmeVv87ewn!^VXw zyO8R+5~+B@LyoIWpul{Q-@BY!*CVS`mD~AG1G`jDpxLP; zgV0=;nx)eAg6@j$Bt%^mB9!6iPjjsJ^YK<#*PsuQzWbUwk5VF+b8$EVfC? zVYnPigV31IdR+Zln8x>NbQ^zIPmuD(`p8#TUy{pvtC{TDHzdW4TVg5v=0G4V&z+4< zjWiHbzargRt@OEtzDA3#pt@Dh)C0hyGg|8StN}}7rdUk?Y?d`T3JN0o>^=#0J5+XM z>XKP^IdZUOF41@eG$b{RjgCHS<%?#gajecXs6Pd3JAT{Ca^(sn*Jlj|ecYFA2i$2~p08GZ5EOD%)5Kt@geJN?DkGe0Uk55R}ly zBhKa-km$2wV3|c@1?$l>u^oq%)$LDn!_ih^Sq2UB>DFEIoaw?iRQhK41Fwg2X7vnQ zX1T_FZUBoV;wSFL+DA01SI>JoPIQWDUW|J^UidK+=%ov%O^u+v`c`bTXm41<5{-A3rZ9eHDgOt4X_X20hvgJ89s;TmD)CNR+YJaKwmbT2T1J#8bO-A0z;>M9lgUIR+ zvgItn%4FmwSaAZs6t3lx!fT&Z=(}cFmjiH=GsBoHc9j?Ne&!;=_?*?Q?q^{HPQu!z8i!I++eL8u_Kr9}`PlId>5+0k#8_`nFOfe{&M+ISeeL|2;aNAKE8g8HwsOg&i zp+tJVh*Swj8FZBBq`LgTuPrVko^6z^_~`BGF)fDK&SZte+#LAR;j=^K9)YfYFGZyb z;;(eNsd|5x$`Y;VkeYco!rO^WE(yIZIT}2Y>}%y{GoX4&Z%bWrm(;^+V13ZY8dfWC zXbw!szNz1>OjE?z*loGYBC!hl`HA3wQ@I&Gjv-dsLI0~L$FI;!^ukvDG$B&2YE`(A z(fLUz{t1m)Ti8*unoBB-MR2<<<42y{o(Z}bH#}TwUoRNwby@#Xv?q=Xf&oO<75WLm z)=x%CVSHAfAyp*+-V;QTS*}(|!NS~V6ClPR$Gppz=V*1x9CR^GdHuThtPyS3q}*U$ zmc5Sp5#7hDs@yVH3MSNN-@ee;)BBZ;wt>;A(jZ`|E=dI=wD-$yqWN)u(n*N%Pf z7?M&Oe3^!4=C_xp_+AxaTl#~J-nIF3W+jfArNHeZH&_S=wekbk)5?BlNZr*_Q&Y&A zKbIs{*OVPWe&c!{SD?!s@6hMYTg7<0QP}s51j)z2u2lZIJoDRQGuh0xon=XdP9ff> zlj;vbg=@p~Gn0o>^JYJB#*2G@;(>jOdD#>dQMTfL)d+K=)Fo}5|`+Qu(VN~jy$xWHE+WB~p?H{oCy}tVvD$Ty6Wg zi{`iesNDv9&N;xY;nNk$9H>Vo^K~x+A&>3%m$}xM^g`%`-9mq^H?!KQID?E_n_h?a zZ3-OSdLp?tI=8bUa(DTxlZWI}RI04gyxl$-*&DykLfdxn|5);#cgWnG8+y9MTN@Jb_VH)MEDE0c{xLXDHOTI*@?%JReE8SD~ zGH1(dkA@#`tMEk7={Ba+s@HW_r1&6q)}{>t5=P=-pY@tV_XMc5j%?Fjs)(n21t+Ji zGCvS)YH+ESca?WhnytyJ06MdLd^vSjPzzt&!=H)3Xn*R+%AA1Ob{^`;(o#c_Izo_Yx=zv972ewQr@IPlDqp0S+=5Yt;b=$(6=GRHOvEHo+2 zgQcd!UC=Sf%`#)W38ZY&MSAfmx|%25Id^`!<%3Nm~wR8ahw4P*I}+F{(-AP zk6A z0Kc5fPIQbbgET+!U($SN8*QNe#1X+zcpUIDf}tmrNgk0v-AFvSjBkiQMe3A@sQ+nb zB4+R_l`?A|c#V1xx(>$M;xqs|03lrfC3qSUJGc&=Q1AP zwP}31Ai+P7Ky?|$*NmZ`An1sVhJ^YdAdiSW@Ebt^pkJ9^TU>?qHK74^vrY49KLt!s zKt_5A2!I2$TR;P4-b#Si*8cQdB_PtovS8>NIZB0xkkq2diOC>tJ&(R;15LyX{TeC9 zM?kQgKyOvZ9{IyV4FF^gl8}%?y-ZdO^aM_7-2kt7?AsipHz%NtD>0L@@Bjk*lu!AQ zfX++KPpwP>kj+v-r3NMDgwqhz^%2a{=zWUE7g!6uJ*2Mva#&YQ>Q*7z^Wn!7GhQL- z9g&N=ezW-nii7U@xnqS;A^}lIm5D~_P{EwE2P35rajS(6^=to4{f?I?j#t#H|L_)4 z%Ui%e3Q3i)#K)$^uBC*{eY!Y5ANlTHpz#Fp4(-lOs$8;##O0NhSO5YkXZOjsf>KXL zEKxN6H2@gdKe!MM5*4r^?KU=~AJ7jXKOM5OY&gAAS2s7~Qm773;dl^MVMGx-;VO|8GP7uF9Jw9$vk%4+U36CJ&naex`?Fa*oz{YzA25vTAcQ-j} z!_#<+`dcu@b#buuN6F*Ny1Kfbm#7e@sPM#)NC}(xFUqn(c8MBs=KQrc;o(pOV72jx z=c^L6mJ`-(**F2zXa$65rQ)ySX_KT zKF((_+=f@dP?@#oa^f}cLhoZ8C!YNm?t=AD4x&n z0ezdHFc5TwkI&n9qS;LO9A`4NTg9vxs3-=3A|UXTn~oQ^u>suQQ8WUVlDfT;-Cn%(s1By(LG5*AkC z`&DsswHfp+bDlS{3LgO0k}u@cL~sGJfCx&qur~yqdpiM$pixu_JONx2#eG>)_J8f- z{0SO2lj^amEbX+iRWP)@e^33%N!n--o+Hj{&DNe%4+GsF z32n#6bcpd;l9iZvIBL{_653WhFfp}Knvq9gjJFUUpC-4SN87`zJ?qW+wkKF(x z;NM+2EaVaZa?J=>);=Rw&Bt7oyd8{jF_m42DwbWD>ry5gQ-USD*{#098ge@ppxp-4 zLRatp-B=AxbqVMXM^MmZ!nBO1A?kQ#8ZO;~oX{ExwGSiYQWI!jynuuXl|3I$zqC1~ zK?oXbnvnctJT6*I^XLzIxQYtWd(}E+j9L7GMW*^ zCB#m$ZLF}2)p2vwn$qLV^3;ty+g1t8fFgQJVKrJV8-!Fu!(z+%gdrlM8zao2lG>yI)?g=;gl zY1LGX%8csyIn1iFbt{)Q-JD*ej=AkRDerVNh8ai~I*3-SmpE2g>$^*QKic|2{b8kKcCr1mkK=ADXfExR3e`W{EL+INfGYl@(Q^W_KvFEM<1ur+hm z>}OR(<=4RJhzLno;K+#OVJmw(Z*;`ksAAn|_c7nJ4l$qVj#Q~ybMIa%5(#h=dVFbY zhql2;sZBf`j0xj3+UYR8UW)WRva9Si8@y$G?K=nV!H-CE_t+Q{_v)qrK2{|-*~3f4 z(WjkbVp&VWXG;k)dLZYE&k|1b+3ExbCRa~sb^wZlp6R;GL(rE?AHqydq8C555mwx) z&Tx3&$a$e_Z-okN;(pM)E%``$-mTMG%2FAV9+7;9LPJ!ZtL7)OruW&cwait|;+rSc z)5LHyaTw#r=WHE|euzxFxg6cAk3(x7s5|cdR%~Am-nt7Jqp?EJ8Nz{P2iaZax(p!f zDP~D}RC*V~sn)*1@~qoxq*9o@9)*P)U+_qJ#1|P&ck!b0PC{*9CvUu>g(vjEZkhvtV09b%ehl69|~_I2ScYA{ES0{X*4inu7O^gY0~f>72$gww{bAR zaTQBB`Je8NN09|yySMXIiziBToW4c;Tak?PoS$Nzck`rt)G4Hd%_X1$k zdWuyf z94DWQe$?JjZI)Wat_R;x*z0wJb*j)H#{V=4TWrkr1Ysol6~nITyGVh11x^sWVL!tm zj-a`RFxeMVW~F{VV74nDEZ921-yOxl?Y+qzs&(EQSxZY#ysy-`t$bvD^43%g$GJGY3_Tld~yu-~1Y z;27TvFJHp3nC*3(qgCweJGdZuzt>=_tw`b7I=FApdAYy^YEma6W?}(8TbC*eZBunZ ztbm8KR^l_)TzOhS-%pyAriFWZYr9vNw$R01jrO{ltF!d85N1ikVbGE-wR!ut!Pbw) zq-;j>eLmo=HKcU6LE_OVTwbzpzwwO<2aRf+DJoL`b*0r9GS*+4$yzR4CEe6>>;7u0 zuj8s&Y;I5=>^9A#V#$NEMqYzMgR{OUi-7%k?g*m^jm-GXq4bCrcVDk0SC7v-#c(@s zx1)RQcTQvx7v4XSIl{cjOd=`lu(fe9qwwIvsK=^gY)79@s0crC2R3_h-WvA71)eMA z>$O2;@3ohC_8Dzbu-tV;Uk5JZKRqc&kHg+MR1g9)~%l3i-YmWK*H`D9 z7Yi|M`i7(Tr;x%cGZm;acms-sP&!v|kmgu_6kFFN<9F+~$=_|QlkeA4^`14W zd-$3Oz&C|;d)#JAo|+iggPoqmT{5wY6~TGq`@fi~mKVp%ao>aQ(71j#^LD6zO(&`s zit5Ab%ZO%19=rhP2piX4=4r7UpTiR0s>a~2K{;N;omJ?;4cjKr0APDI^GTt8Zq{@ZI8YB!=y&j%=ZV9(V?<%$NaLZbd8rmwgCE8ZxhZ(|4?u~ zI<%)IdrjA!AM*ZI!{fP_U@LmmUp}{-2?7DHt;;EEy(@>8*)P3Z51m|`IypPAouA5) zWy*wi1CjClsO9R#qQyl=04_MM)^4}iW~U6UnpBK9)^t)M7!H32h5*Q-*|Gj$OA7Bc zo8oS4Za>lRI(A>jX|Si~QOc}UR}wN9vsheTH}0m7_888Vf}IV!)xQ;I>Xxv%vt73> zsoIplSp+cXaj1w?s@Xh-L8NWg(S2`N2vx^mhZ`+;NAnNPPZSO}&~cv!@t{*n=@C)@ zuD%Sv6qccrYc+)q#yF)bZs#Yru{)L58rYidC1{2?BKu)twN?F9(>+`-LQ%+(aM8s- z^UmvvQn8pewLRYVnvF@XRWT338N`bi8l)xGKHMZ$AAn2!%6PvR5g~P_#u#3>wXP}E znD?eHShCPRzZ}&kA;R!gE;F;O`&4%F@G3fXtfpW=de8G}k^!BaYl;DJUO}J4)h!qv z`1*m}(L>O#b5v_kMn#Dbyx0Bd_|Rwk`_Nx9O({jzyFc1mX|%1fxNE$iLpI+LggvTs z8|t5^P5a(a5Z!Gus#S_Y)>z0i#*p7eKiVpMJH9_7ET1s%A+THJq4(Sr^(&y%rsw^M zA=isu3U6%n6WYXBHkL|N#dUVFdsWAK+|OJ@zz#R|g~Cj^;aVQq5%VJ*U%7B=DHmr) zPv@^2@LJ!u757$bG|BAxvc8BpHPOjkx>F?odee$OLYgnzv8Ar{+W^U7s-n)_Ldl*xp|KrICE}=Ly z+-XA(GPpbzYZ=J(Qj#))gKk9Cvvh4>PmDts?`D{7}UVkzcDOc)zY}7-&Fv`oLqu2OgO>`#0QlSUQ$g>3FkVsB(;- zzKBrxFy^)1>D}A8k*U-5xzyZfUGWC%IbaWT`6| zqwNx&Xv9i?XF2nXn{0hU?JD|>hpsM-^rZUBZ=4ysIgEYeA~a@cha1_2ZG43rI&@k3 zw$B_BM}%}8Ky`~;d>sI`-XSv&X^^nm4efcscvM-v@D-UFRNoK7LSyvyrcs%d5%T-a zZHloMc~1GP{R?$GN+JzO+2b16vwrVE^c?)9LG=`Ad^^pOHOBTLi}{i@R+IzRF=Y3Q zV+L@hY+UJ?s9&&XUvXPH*<=$Gs@l|VJMK1pFH8~(5uNOOV&)@}2%SHFu|b1v0P_o<6iwJNc!cl>Z`%^Z>0>^anbGJo@|!j!%&Hn*dXGjqoL z%t@`sKgNcK-OF-CzpHa>8oRB=9{u?eS73Nfc#O^7k>8bz0$jp4$^m6Okt#I^Fe4%f zW;@Q!hHKYg+}7SLDfM26X5|EA6oC(>BKgn!b|+Z zQFax>L)K}_)t&uZxYIR~71Yqht5mYtO4q?U#^ee0%*3wNWhZjk!j(RU(tN|>O4d;t zLz73QL{w8}@U&A)l<@l?bNiB5^{~;QAu0817A7&AfnQ zg+H_$R5Z3kk|#Qqc&6W)!M=8M=I$803b!1CjZ`=1J>wVdw!4|M-lT&x3OGdCDSN&lUKO)}9*eg}e4Fc8S zxC5s;UA6jMjd$%d8`sNf^|~MQt>ZejbjI9rzjS(~B9d%NCcS=9n06YTD*saGnUEA_M z1!aW`Vn_`m-m-!1qu(torJjg<5cV25h12s7Qrpig2`x9%#TmR1ZPva!`y~6lYO~f( zj)aTUYW-SD?3;4_Z##3Ar(QO``?8eG-@VYR-rQf9Cf3DXR8{#F)mJrF)3&1N>(L== zG2<}4Yd=%qJ)2}L)#Z3Cxb@VkKLksVC^O3uyx{K?aGDqLM@MrOiq3a!TySlh%Q$Ph zbWo5EpPH@}U7XS3jv%jicaAw)k-g9=;YOsSgQ%@!e|_37b!Nrz1@Go|T@ZL2mPe@} zggd952ZeOk=iGD;OuFsbF`atjoL1L#jjZcU?pns--sTNhHUj6ynqn|LUunS7TF$4* zE&HuoZ>7q#=;xEi6TI*7ujn1$h$3e;#zOPfVQ%*Mamj!1Toaua@;2y>A>rq39ljsh zX<+=swLk#`K?0F~+vhaluD0KEO5nJbf5f2~isxbv!pnwmPHwdw@ju{sl@16EpF^9t z@=A{+7g=ZLFBuv8lV6_Y|N0!BypJEc;qk;Oqvdw$^|5!1W|?C~ z{_X`}2GL9EKpHqpDte^KqdIX-JUk_~X|Ua;5|4JrO`HN&KSGeD5wxgsN>yzkvx0=B z=X-@oh-CmC@tl?NxP`Yr8H%_1iV8-5hn%++{Z>!DjEoa#dtqC9=40MnvNu7OWR zW(y}c(P}MpeNoO|$G2m)tD%;OtbMQdi?Vt&&f1T@}G!5n<~eHzbrdTWDL6co20mOjSN%=!Tf@;l9uK z_bQvT2g4s5vuK{06ltxGe<1e)lL+0vb#$Sa@Ic>@HJZ;;@4Tr4Z(&8uQ6O8 z)+5|ZDy;@V+Q9Vnfu4;!WkY?Mb2U#G^VTgMPzG^=WcZ10cLM?2`=kJHgDki@!mNjL z@7jn`v6s5BmD-Y|`||W)!G3o--O#c~QlS=elyam|bky2bfbF8beg6D#sKlD=QNE_8 z1nf3KvTx6zPj+(szy@qeo+YA#`94_tbK997Ld?Jl)?@6G)gpvmT9#1gm0Cbv;wKz- z-u{yE_KE;nO;h9iytsKyYI%#tAUl$;JQtIKv&y?HI2U)IobAk4(BnBS|LT)H6Lihl zgP2VE4Vd3gjp8oh;`qP9QjDN26U;v>*O^0kD-~d_C<82+pE+>o!8aQ{Aqvc)hSSL@ zepiAi&q2xLV(Ux+xj>=U`mR8h{KDdcLOuJ%4s?IS);n*!%%|hhlwTW&IP_C*OG0hs zK~Nj^lun!fF`P#NEqSmk>ah`U!*+E|>d#W^ZPCLZ|B4e8?CfjV)}9tej}XFX3pvpW z>=vKZKI zeL2>{$5=->vM97g(Px+|$=!2xwqXADPD8+`o$>z*xX$6Rs(}>JFneiq)w_7Urdzo^ zGdnwz3;m`mw50-bJyx9)*EnKtJ=ki^1#He^-rq{30dAus|CR}KN>gZ;lF~r6nnK{! zL9>L@-^B?4Y;rHRw#Kb4zcD?74Z&cz3*sm=mJ3n3_^kwSaf|hp8{Mcbi8>9bjnfTD z)=znD0h|HuUs&lwTnJA346)Q7wES`=d$8CMWR!CULRTIXeH%0yo+ek{WDc7*ykI5% z?E(1Td`!zXh4ZNVrM4gqaHV5zDk^~lat$I?jMUJ}e!$sLJh3A^O9(0Qlz_4uG-}b2 z6W@gDVg6wXlviRv>G9NYeFVD3PtH7Xim+_Z2_WRNQPqJllX{G$z3o}Rr*U;zEkME|n_24Se*_OR-KmENgb{`|^c zM!f;9^n>#Fx{=r)u**@)@>Y09mumKrR^nUpo^F)Z_ z%!L~ z(;ZKBY!l=pAfVrMmj%_GQqOHiQJ1+lF7EDdGYN2k-4FD-gS&oFYHXIHAD#G~ZP;s4wKYZ@_S?kRM^G?r6kP8h+}_;;W|G&O7)fBxCq-g# zrIF#@TYFLx(8bTGHP0CT9E?6C!0UesXbjvx!JkA5ts%n77mT>+51=zm| zu$R!n&Q-~ChTy(JTTHxSC@Cv7nKE1S`=co`24J{7@7AfrI|W6>2ixTzp_{Wdt_3*@{4d4 z={cyR({r4JipWGHSRihXo3vfq;^H+KmWKJ)1lRZfnt;35jEN;MSU^~~bXvfIgBVX+ z>QBXWY^KL{!Kel9GGf}Eo_)rB{d!92<}|J7N=(Sh8!-G`MsB|_dxj|9uey9s?(>hR z->cO47ZM1u1!Sve;C%AWHox8O#o?IX4{*2pG!ORP2C8^bwx~WlSU6+36eLC`S*z*fmMw|MI$n zTv?0LMIFAqXC7m{3~sF?%>wS-+;_N3itxb3;gf=VYtVH9~@&TeWW;uWE@IvsXP$%K$$iT zM;WJSv?Q}c^Vun_3h8rqw=j_zJ$<6Gp!2{O@0bj{_Ln434uif+^w0W`X8$AZKG_NN z)jP{ws5C9Mq-g!5(zS{`F}a(gPyux-VAFZjA4jiUE79t&^td+2-E!9Q67C%M77`p) z_CE>{XzsjTDUJe{0V2pB6m(V7D;gn9%DOshMaTuqCb`uK^#FLAXPJ-Dj}MPtg4;YQ z8)?wZ`lcp@1b*xAWYC4qXWN@m=U%^Ey9(9G`d9hu`*s>GY6kh3dT$OC-Ah;GdH(&b>1+;7krM3 zXE5Vp16=(B|E+&_O7_4wjIG~_O8#(By!RV(m?tEb!r$jUsRxs9q>m%j{L1h2t zjDCYIrB3$-zbkLwp!(p-4C8aPQ=D-ZMZcw@H^rY>%pN9RTTyBG_>0U|%`YrOmpSqSNfMO>Y*4Sm)y3sLjW@`4 zA4osdz`K1tCwzYZ36N3CanJun+gnFP*|l%ODkvxoD$>%@(p}Q6phzPvIW$A3Qqs+k zQqqzGI5J8%QbP|gw16;l^Iqfq+`spE*So%dzV&_oxCCad*!$dP9Oto*T@1P!;J$Q4r#8w-s!p{al$B+UNd-k#V#6LQ@=i@<9B98X* zIYZNU1yP)^2VNoI^5?(UJ;TA}3=SVL+=qWXuQQBV0wHk_Nm`7aLs@yEg=HXZSsgw51Nu?~QPkn9$CfmnEuo>eS3KXQMP`7rfWA z5gE?F7zS-tzcHW~DSqSOWIk}#tjf2ec2hcQ@}||+=zOceev+_dLLe8cLu;J_opX); z&}}ku90T%er))RjTCV_)1x}`O!!KR!Ih>x*br?RWLs0PpPO6#F^}nMR_QxLzC*QRi zp*z3Hhv!`CRuGd%*KxI1&A;=hR;s@tTDq=trqlX-*NvnWeGhhNIvyqmEZkhTNcRU;1&V+m zDWJ>oAF$--Y3289mxah_+^?S=+~o8dJs4bYcOZ zm%ivPsZ&s$0l*%8$G%2{4S>q*&{+_Cex}Nno8ecV&^)q~VY{8~`s*7NU0}HS>H%Rw zLqoBcdj9ocTZhnWv=Bg|GxVAy!>I7Uydc{^PIDHcEG? ze=KfkT`MDY=2!aGLQ11o+e)KxRP)1~diwVn-4@vR6*YHGuGUW+69ccd;_f+)%?q{W zf_NS;bW*ZXV)mOqnkA0MU=~Kt&n%mr_am>? zU7brVw=%8H*7fDRYo?spPJ%VQFzrrAf_*WlM9)q4dX+5EU>@poWLJK!xnAk!=2TAb zn{Eb3v#g7qjsCM6^uI&VGZ~pq!`27Tyf%w++n4-0(@ii3!8d3jozB@`$SnoBh4{#N zFxB=peT^;U8q`KiSU4{SCxW{*eJ10pI8BA(MmM6%|j39*hRtSCNal zzJBph=vWu#IF*rtMHAYs-4FC=?v8mk|9D3-3(X{CK>`vX56YfK2tTrApLE|UmvS;6 zG;x7C=z~6d5k1kEZE@tdY9nubH-B1I%e?`JY-~{U(b4_iYf~ogAFkbpFQw$@;+9Ho z=0v|$*O4mP1fyVaGCMY;dQn;nO}wM=6e0ZWd1c`1^zOk0&>NVh_d ze$5q&Kiu{)IpOO?m&_$9%VVNdcDfqA(Suu`HNk(lV$$%sJLiJYeBO z0hGl%-_C#z#av-(qaZm$x?_5A?H^2!mkeB7*(X}b$xrGG1VY5IhK`vvaxCC`7P`2` z-tbXCNw%i}ysX}@O}z+$bS*Qq#Ot&giZQIUjLh;vdKVS8mN^31QK#|9&wsQL|JzoA zWb`l@O=9UjijxUB^UZaC>YR2rl!?^!3nMGfpWg{P7qzZm|J1ECu(~gJrA=RSr{BcP zx-he~dcxy;!lkrZwy|c5;{tU=2X*cK%V(;Hm+l^N6bX$v!dQ z?W_o+cw8Ja^vXh43SeB;7n(hB5>|kDUuux#O_G3atKQ51H!=Sws7zooKiVyW*w@Oi zBTEHOI?k`T<5qWO{xm!4pY=v*ZuYGJIfs}&A1iZ`l5d)g#?k!@J~6glq&SVL&+FLI zAf5a|Q-ibOeYFn|W6sj_OzFS?c%O)434_LLY5FKcY7p_7?9*{|3W)vJp>OnKuG)@F zRk4e~yz^a-w^h`8Imfxxwd(K^)3uQ@Q8G9cer4Dg>q1PSn9@!=MOs(2+v|K`o1v^< zbMMRC082QWWgw0LfJJB|KEuzE`IQtml1kiGl{&WlU1jOe3pD-@V_#DQ|yc|A>!^JrX2GAyD9nMfrMVReTW*X~QQWCk>y5&|* zg+!y2g&>W%1ic%}WUmWZB0?WfY8p2`*I+XFuF{Zx;>{WW)tGU$@j@1o+@KyRmMV3_ZG-)Ui7NWCQcCkvEyjc=UZl z;2^4AX9S?=sXs|byx&fisQP%p#^3lw7lB&D0})!>CQK#oWsDiLziOZCKvkf7JHq`R zZhR~7*Rzj^-|3ab*ZTyjyB|7cgO9T=FGrlTmdY&q-%fZosTEf8vo@o?Lzw5eMFhEy zJaXC=SD#?6Dm)F;RBN$4^tXZ^09DYNTMWj3CpQQLykTp;0_-eW=;e1HCH5s;UCG_u zmMp29DxuGg=Z{rWvG92pt?{k4*7mJt3x6jBYSG2KDpw7PFLvJMu{^@ zk>~;0pt}>@hi8$P>_Kk zphxSfW&!10YrAM~t7}2&_qgJEWj8G0fk=La%{cz?s--aq8A2;snydu3i7hIym1 z&zS*WCk2=L)*!H$l<&|3rqFwk#ca)P@_MeJf{)3{7RJa0f3!; z@bdV7v`^e5@Wrs8S0BmX@(Pdu`7giPj3oi3uuu+M1C5peyjR}9O%A#^ltGNhkYoaL z05~iIz)oF{6@1*kr7$gSm*@U^j;0cqC{Hz;64mMLVqU_^Qj zlB(eTZ{NUZ#N2xprhkcJGpOd3ma1r%zLvLnJ8KIh0{yuoe`DP{XP`n4e2a@3G;NjL z1o-vI>cmQ-z{{=vDt9#OFmycQ7sHMMP;!n3Iw}ASQ?*Tz@$aC0A;r+e^GHB{m)d{u zs|>MqKb481P}0XPGC#xWL?T`ZUr0b5=#J{g;7Zs=mPF`%?y8t z7OKjB6YDUuYWnim`ihde%!HD|=rLXg1cC%_+uF(ldS}N;&r_6KZdC0JMtwpP;)EfrSjO2c**eRTkP~ z2h9BWTPze;x_7BNpx1|(&nB67otel^$jQl3C6Wy!-irxx;;7UrDaxmJR1t2>IR7{U z1+1bqzsLgjbu8dHTsgBP0i~sXFGavQr$LxyAFbyH1e{mcpnKP{?~k9za&omRlA&%(+7OD_o=34Ojsg?`*sL4r~C z3H}!=rP2ZH;)XO1d=SSa`4310q;K{>;dh8ng4yvGyoa%M>F@!7GLIQsK)v=~5hmb` ze@y~-_yz@o6vkGTFzvoT!VFn_U};{e@u3E#8~-!Ryi=&(ug*Cqg0XNvU?N{R77VHiomOHs>vyuji=;OYG@ZK4h}nDJFO)#_$va?WS%}I!#s2%W_y70P1_MLz-?8?+Hn5ce(;ve;&N<^heYz0)3&~gQ=#!N(r zn8iPmSib-_7?MMe3Jr0>kEY&6nCUZHzZ(&K7>*{ zF)>Fu*zzn%2}3!G6nw{)bOiWtzg;tE#Mo-tFUW@hQ!c!EXvBps9<40k z=a6H`dZpP^|3OCMKJ^SbT|kgUvR^pGi6)!EmYV-|08c{j)i;Tfol{{*b!RwYQ5&7D0 z-_8-yDvHrLX!V^I3?K4}wR{YMV|!NIWPhTNtSzK#Sq4Nc;OB%HB9<^C5sw;p4{$x_P>CU)1&N4>V}+0 z1cN4-``p-fRntY59?etE9M#^Am|O>1~LPX zlj_cQ1Jus1{Px=Kt3lL(`)5TTRe`-~SwHZ!ZWLK!sn(iNN^u6$js9uWqW+Nr0)(Y! z61cbS6cK~bXW>?Q7U7?$dGXP@4`gO!o^D`VfEDgv7ZA%5?AkH==StFbjvB~t-YQC1 ze*j0D`wEl$@w+!s-@>Unv45bvKp{nEJB_%JYFwhU^U_yT` z4gFX0;5YEX>KkDJxc@N1VHT3|-BC0{gq^J*oTZRkU!VK%-fiJK0g=Mr!%7=8R-A2y z_)lA2zleR35HJ53x|u(ewJrJDK-walnJIgp`VN6PX0v6IJpbS+Cdi~+06mIWrv$po z8nu7}=qLA+m6d{Z;hw~4k3MB@)>uaJs0(*)-c+iNX!QS=2dFDVLp=GY8BpJ^c*rffm3Iq_WOu%1mBqtabF5#NP zSDz>o4 z>k&BlY<);oRgUuZ(!zr%(_vXs(7AM8;A~b3-Bq(%&Mbn_;7GKBjsB+TITuKRnQQO} z-A}}S45;}53)vo>Iv81joMD6leTv^)6t-1bJ(sp@&5Oxmz*MUK1`4}tdg22l35eJ9 z7H=-lJHhY@Fe1EzaO!Yl*rrgDINet2jW0VRj`(@ngmAG!mC2~#86qrb4@A;gv7Q$J zIKOhJ_38!D5g_53`|4n0Ch!Dx&wH88<8@Gnga5gtF`&3ti9l)a=iPiaMf)iRd}n8D z84OUCd+}IPtM`N37@vnmxm5ujQWZ( zUJ!lDwc>@b(Z6kNL?(jdC@+_lhtc%J*nmUd!BqXnSlRn?#}yoYmFMGhc?)3I>~R+p zHNVGShWRlfeq~(9`oy<4c-4W$6f}A3W;ENxKpQCT(&r5n)+Ekq5zev#OZvS66ZJ?H zdA@FZc4-*$#{y#(#ZOMCNo}{>Z$Rho(vRS1G9@NQ8(3sLEqi`$AxQTsG8cwPlOor!Q^q1VjnPyty&2OzvjO?$@20&?v6ZEp=JlbGt}bXZ0o_jKI$~=p zYE!J+OfJrW43%-gz9a=1fnvhf(~XNsMAk7Qi0NHPe|;ZlqX?LgRLC z--rd7wrN^C%|-40VQR&8ogkoTjY$@Nxn^;U@2bIJSWno}ebLqQ zp5`lQ# zXSi0@aB__bfb(i=MRSFi#v3_s1BUA-?QG&^$!~ zj&3=)zh}zq{+3Np!>ntqo2lk;gH_Q*iu66IQ3lL@BmOwGUIZeG)0c(uV%80zJEr!y zuo4g%Cnu61{_^lPyaUp*3%Y7lqcvQ(37_t)`@O*sfQ z4T$cY`)t|V@_)VPf0h#)V7xI*mFw>os!ls-`pesls>F)~=R-La2i30pi4$!^w!68a`Zv%5J%dVC;sMe;_> zO9|pt+}U`O*6(#dcY%@;l3>`*9d{B5`V%An~z3*(+k4hdAB0 zp(K~q)K9MXe~U1Pp!k-9mMLlAS~xTWgbdMq+kFhmqzLS3(nOi#$|R)y)lJSUEPD*P zTiF6_ahj+sJK3`rGxk8N!%pVhat^rVaG#-d0~3iAQ87%|Jma+9Y!^Il7d6-6<`@`j+;Qd=u&=G6>8|qgtJE$5a;jT7) z`}*&Ty=XIjgln4ph^KGcF83lZ@DB4ke$ctCLgKfCvbL8V?C2@Eai3L2#rQ6P0=`mQ zXz4c2a8$*lYDGd7AucqacKW;yLuVaYPn6?U4)ygF^5K)8hgaQ18L?Bn!tf5mw{)DN zF$upkB}G2=YpUnzL_!zCDu(Q;n9#@BIND%T3VxLY*L|eVtknV!+B(6>(Cu_p$2Pj+ zV&JZZ$or2@U$@ldv1npRLBVZ?DShqAFp`Kr*Amw-w(v>l+Vk`w!vs~Lj7M@x{XG#y zHMsHW@|GEVJr%HM!47tump$e<14ny&7*{CLvQa( zay8P_HC8fznACTcEeIGQ${PZg6t=Yu=97d&vr( zRzSj9xX^Sh&FPF|1|2V;Ym3_XV>9|>lC(2iD`q*X9hFCvYDTf2kM7dAnsF4p+>WeQ zSVJpbw0NcEf(r(8j@i^MGelfIGoSF=3{n3PK5#(7rW4y$ivdMZ{lN@>-r4mNEG!{{ zph&Vx-uIL*WFn#GNnu|}K>~$abOQx8#Hn`o0!r>InH=q&RVLGJEhoyRpz*}3$@2DGji<^# z(f5>I}d<-G!eTi;JU@~=M2uUJ}GWUxP1dLM+>JE?~9`ELLQy+VtN|jtD z?^D-s|M_`DvrFQ4OBLqbt?I^pM=&yo6!cTWu#y-g5WU>xJyiHbAvxQ#M{0+zx`S%) zC73GUV$AkeSW4+!2bFLUbl#Kd)ECfPZpZN>C1IjG4S@r6ib{euqJTZDa-z4!9&i56 zn8&1XxZ98@4!{RMegREZ=!X`mrM1nu@6I&f0pj|)3qZT~1P3u`Fn#MyD7fD;m~EM% z>2ie$=_1k#&9~hvKr0@M=1OIDB~`zo!cNUib0q^wI3R(`KK5qDVN0M(1SQk;wf0O4 zx1wWytn`+m%!jGrrr$hwzI>ML58!?A_4Ct5w(614wp)^Q{(>{4ltw@A7v%DI+k!8t(8 z*qN-I{m$azUpVSd<#IE^YG%Rcn=&GPX!)VYV$AQZ-p-)@W$!l9R&4-bU_Mh=L5^~zxCPA5EFsUw zb+nEI8!F02hx4ilKR&M`1<_|c+(~43sfnEo=3vca+%hCOaw*fKnl zFA?-<@9<|5smSUg{eBG9j)(Zhd(V}rre+ay&4>JA45>HJ3zHrcxmIyS-h)JCDQXe_ z!kdav8+mk90d-dIql|mV-vLMErVUO*+(2{jm4P4=Gp+A7uaWm^if)cMlg!JyKOew# zAo(dT(kLd)kkMb|DFiQpR~;;+3$!W(k)ONhAL$N_9xvv*&76KII`Y0w;N7$Kxr(K} z-gEVo|4NboSzhb@dV1@gb%b7~lk~M5r4~GgCN@mS+vwps_2W8*TdKd`M;ok7*8V(U z40X+04vvA&uIbw^Gp&a@^rK1h z8sjoH=(diy^f^r-?QK_|MJ%lyUem&p=yz32TE4GK?o#9{v5E!gQcKL0TDANx97S7Lqd4K0UjHgcR=frEvHs zy-)e=*8H4MPEr;2!R&E8QIt#&#B#*>*oKiuKzz$2|ia2w5tx+d(kaPc)cH8idz2<0#Z|+1oKMb8n@#ma< zUU_?oJ4CbLLa56rqHIz09w{$iH9W%e?nxf}TG}J(pXtZv=C$R=Ulo;v?N!=-9)sSOVh%~2~N};t4OCt!9cr*rU9n>q};_uPEYP9tQD*Dx|)0T1(Gu&J0$wI zvL5!?Al`ghbQOQySLeSRQ_!32df1=`?;BAR{c1_03VWoe9VzVP7i9}WOI{D0XDLLC zl+1pL+nxNq5xpQ)hocdAsnNml^Q+`+$S!MHUmJo6w z%bM-dgzzSh zV4B9DV8EY7Mb}+9^MtdEaB_D|O1BERNT}Pd@wv5UCRCm)oTzCKN*r=+usZ7SR*RM? z|Ed@)5a&H+{?3^XUaHNMYA8Nepgo(IHfxe(XzX|W?B;{|%QGWh!OV;@QjkfJ+5y`g z!KlCf*=Q;P8r?b_jZByeU0!VVE-oJG9(v!#hC^g~BvSNKz;&N~4Avoy|b9T-1 z*ud5)I&@ds;nAe&t{O*Iz?3!3IQ#NFUD94oJ6v>XmI^N3h4uWV+t_xTl|H#}n?pf* zY3Z2RVydB&tddgqUU8R+^z2i%F1c_A`8nLX2X3Oc>28cyj4X2lkhQ=H$eI|cBzpBs z@@gY8u;m4IJUPX)WY%Y>nD8I=fkLD3bRFrYnj9p_Pv1D^v&YaLL8yGmiW;5j()5u& zxJGrU>&lSM?%2^&!90rZ^lUf~Ne0vGppq`I&PX@bHn9~lKmWK?DYQOcUE@m-MUMF7KIv=?n>&a@g9hlY4k~F{owLeI;AT= zi(-wZJ>g+YuUd2+d8hMCKCi=E3N%EZmqtMd(hd2xpSme|U+jEDZ0X07Sn1~&h- z3>xedtWe7Gt5uVOGGHiuWgLSl{u{K`Y!$AbV3KO zxw+g$e_osV?ld4WI~#^KKZkg5px4x4uY}ShQ+}2SJFZdDBFpfjoCnV|QXk=N>9?|k ze#=3dYWec-jqoQj3M@$qfUMZ$VUa>#jL8!Dx;loL(f-}T^PHS>GrT7$CdWCN{zCJe z>BBM2L@qu&2i^kyBEFp!j}O?;y3uvT{<_$HPxCq;L|^@^E8n0rK8lt~hS)Dmhb^xu zg#?UD$78mV|E z)RKqV<^EmN=;O}6v+OG79l zNI}{+z`v{RGEEickB&Cw{Ic{;XhRt7YVh)3;Um3E^G5k zrni6-CM<1JoT;_RXBn3~r_93jw-jHlEoLb(BOg=~slu9<0lK!uUIF9}ZO8V|m(}Pf zavXPp5&m0+4gu9!24;t&V}!AWTl3$COGYGbWqCT|D-Fji1;3$COL9^cr$s1W4{E3! zqxnsc=og_0V?5Hm-WpuTQtK_NZ)Ur$x!1qtZl%MzEeV)hx~^_5d{;NQf7e9Mg<$Dh z&T2ElSp#LznfpQtIYl@r<_+!3WZ9V=M6aS=9kWs6O)5|GOu6U)2P%LsW{g9@mv3&u zrpH}KIIrGEuj0kF67Krahwjeh?tfo3Tl`S%pGV=w;{B4hVZtN=T-T2q9hJ4Wu&=oc z@B9wXIOi7MOQObO$C-T%tA``?)81F^&$G)zw&e;30I|w1 zq~15`haSmGlw$>MOIo!RDyEpVo90P-_prJFbmF)pMzA+L@N6(>6|XoJQp({_`oe0WT_siYV0v#gYx7Oaz<1Sk{GK6_0MMh3`xW z>o}!P2|K@Vez?!3GsOA~zk{lq-|@vmIx*(pgSZHBJDcZ0Jp^9(i>oosB*ilyzCKF< zANa=Cl7UcEBiz-sx6?G5$x#}XbJv``U9fn?^qz7GblTCYwJBjKa&5Tx%csQyaytCH z-N!Fry+$IEtW5mVZ!ctX9QT}uhVLpJOmmi0h))y&nuKA0UCJ{wg2->RN_Kma1OSj4 ztwttr4hirREIZv1C0Y@B!D-5cSAUuXj*r(}&hvRWbEvwpc&s@Yv?7F$U7sgG?{GSU zh~r*;;|{5N-03oX|2k4wsu~3!?B{XXccU1ueX0ca&I;4JUfQyWwaH=|Pv{|6;g+Rd$rXo-T&H}AO%qkA_lxq&E0b3^PKPj9?6b?z82|4Hm9$OId`&MJKtd6WPfI}IrD)8Rft zKIGE$m0~^PWlX5OEPGS_k*6DGaz1mC{kd7|^Rzp;gC*YUbHNF7LV>%SAAhLNLUyp=;ld$EW@{c<0Uf|r-la5N&j`fOwc*dop7107hVg&w0ca=Z_m z=?}Vhzo1nT;SV(od0byUivyBLlGms~nq1)M7Dln_jirYGa79m~NO|`-_hCZ_)60J7 z6Ep((u;#LXH{`&WV{8MeuCc7^`~l#}Oig?n9#6hT3T+Q8MZT@eo8E+#^8SKvMdG2- zCpL547iZeM5+Q-Y;_SyZ&|l&c6|?=~DfUDQ^P0ssOypm(mlc*{{5=`2w<$rM!Vfv$ zD%*?Y(fK5v0Vj*)2ceD2At0znWrSZne;Np3%6Z?= zobajWbowhO=oC69)sit7sgiRF#v83p5oMiVL9*1#?*)^Qfp-%{NEIYvb&@Rlb0nmo z4!1ymI9oG#QotOA^NaO98I+*T9>yex165d!2CMfo`ON#JEa9pngf-&#g(IylrsNMo z!)IIp>PtwuvtQ>|Jk(%*2ZR(9`JOVmtNMt`1Q4)p-QC>UpWqVZXgRBhe8rjdNY=); zWB)|=lTY+hbJ1e>O=tb;a?IAkU8NCfX~HT9lMqu8-;X}w+NL8kzP0+TAt{GvO>L*C z5uh8ViX;Ou;P@iirSdXjnYFrpNp6)0*Y7&tO$bGfhD$3bM50(KSkTs)cw!Ul?zg`H z$KN>L&D4e5PJu~T;-?B&%}Gt~Shz1rRTrJCE}Nut8=<7II7N4swk!LQulx?R$Ffr& zpoW5PiX~okJ;-p(w9I(#HFNT<2+*iZ3;5IwbypqlVQl8UCM&h-#%=X99k_l~T}i46 zn?U&4f*##o04kF;D!$>nZHh1##w^~`;3}kqlW9&@W~CgR_P6!ZGv0oj==UunUi~`N zR!VoZlskge;?z)k)35qrE1kl1r@aNXm)<&vD5tItW$VM+W60WF&p1dd7T)`j=3owp z&KOA zt;8)ieuucOZkQ9xsCHcT6d8p;uJD>m)N!|%dI?G!QKgSMY`zk$v7e`v4*i!4knym6 zB(AtJ?Tj;72_UpFJZar87dkdrvo+BHYUJ7VZ<&R+1(BJ{Uj@KSq@`)sjx*Wq*&O^} z=QsC^hPkDL%xu3;V+s6n_ZUP-x>{DLJ2-+Xmau0yIBkf+Sl!Q`}sRf>wyLw-qGFf*5>CK1AQ?9&UPkWh#Y6|__j^B z<(D$U!;Dl_(Ci25mXN=7%j+rNcwlAdpWY?YKuGQQTIr_ez#RSPPJG72fLh?b9;Fwj zR)NjCm7l>&zpB4|rLdtEbN5iH-O2FKznrwNg*6I>s|&@c0hrp1T(;x&#P4jO@wwOa zjg1D@>7*Vy`yk~$%)v!X+8-LBhv~gy>owembjXwi5;x z{yqjPgOKFsd|#8|ghjLVr`;Kc!4bvykg%*V`r!0|OhNmp(w4)dVcJ1YWvB8kLs6!; zTetwHQGhD-b7s+ADl~!`DnA-q#eBWKiJw|M`0l2cWGfLh)yyj}{aLzhs8#meb3FI@ z*l{18Hw~8|n3kc>$m=9}Elx}~3rmM!MW^5- zAxq;T&$!M0*feLO=qz=Id2Y*Oup2A#%Z{~)6xoe@@=xhwl3%*CiZA!tmEknWkr(E6 z-TJ;LYDL>gg?Q*OegMycUM>)1cik1S*G+=bte9rgpH0rS1LxPjxE->+gUjo1Pt$eA zw=ZXO&NtH|BQv`=PPmV^pKtL_uHbR*#S?z5%KrLXL9Iw(>G!rK3VHW{?2@ZVrTh_) zTYhGmS5D;064b^)a-bC-j!jGGRtzq|Z_;ZA^pS4rXTbK<;WR!|q=4uWOArsZ_3K&l z+(S2=KP#7Sgi1NPV=Cm;P>LtN%c~pxs(5>28cqXIED-PaW$X}e>Z3N9OOvkwYZePY z?cgw`=_E42(^{gwKwUdxwlGbU%6PkXBZbLU-A#s6cz|bl{iFJG`dHG8!9Vg)k_h2* zf%+t;EOO}%Dxyq$zWr)AO+8_W8%s(Wm@FgD&!wufm(MB}M`5V4=VLaQUxjx_JeO#Q z->NhDO#%+>rLwkL(h!08YNq2TIaN{*>5aAY6i(m$q=hfVnuQ{{TnM(KI=Z<}WLS}n z9AScyV5ccj7FsbOr@8mGD;XUSi7{&O3mZkjRfDI)gf1&_a}^xu$8+Cm66^^1(TYhr zCS|;3Y>Yy&_OS+k7zdax+hrc;wF*U>N@jPp?1)l}^L#v^A@7#uH*dF;i$CbI$sxyQ zB0inl*H7JOuf3<5Y<*G3v4wyC{@M~~ZK=ilo>qcuMXr5OMeuQh2I66rq@P!&eUbka zFE5*Au^qgLO#4^BeKW+m{J?~m3Q2ODaBD%X38b@Yo{=YkD4qIeKL6&h2d;kKX>nEl zdsx6|6U(_`Y;b~F#>PifTy@NNElBfL3AKQw>yEHDJW+P8?CxSBy z@x@>3r%jUY-AErEU#&WB`n}VtR4<{eB`NtF*#l9*g)IkoV&;0ldU4hn5ad}i4bm8h zUtn?*CvCf6@Wl|8?cU=*Sgb5H&WQIr)WDo26h__`2DVdKJP03-Tuxj@S&e}CZ6dL6 zM`9(aslSkzE@0jlKd_F25YY~ux!N!+G0BJN!{ap)!?ABk1KSsRpUZY@U~i%5e^f;0 zM%EdAv#gn4?N5vQqO|XhZJnbjZ6TaLTZ}$)^2>T5I^(<4RS;pv12C zurDVCNt^2V&vV;rv*B(yvri_CTPp7suT}0okCe%2^W2wcBUg)|-9ba=SQT|s{f{_y z=0Dr(MLkhnp?tk=7xWN+h78+Sxh!csYioE&vOl7-xLB6a=~7mPiR<;~%<3CdM7EbI`ERbC8XTuw(W<;p+l=X9=IqyTk4%ux~Gs=dUz41g^wd~inuA>>z?E* z5Lk{{;;m!+3xIg*gddM^Os+bQWy|@#R$*FgbywlHP9uI7cJO=ESf0YX)?Q`bSfy=x z=Ze$c-9EgwUy^<6(T;l`-3h~f)>p#5ih8qZHC!>b-FGIxRlG-jEiVXQt($bxCg)H2 zjsHFYvZmhyw(v){<1kqh$rsYv582?Y-&nK;DP8$>8)$0-g1U}Ep zd4-Gq%|W$P$^Gu(1tmnM1xf#;8Ykt?G5cBs*Ey=0w;x^0qVNOnP6`t;;9QSVfFQq^ zl`J#@f7*zkCg1*o7~|WH*aItx4Zc~gN14QX%SH&9yxjJgYCOSgJXKY zn#L#|krxCWbia|ZP?fAF&^ zy7VSCt=1(j*lT0=eUN$CVJMW=t>IO)H`UMB@M}n#Ar=nQd_9&| zy+;ArBz}KBGd)(PtED^}%jCR1dmGC5E`Rz6Zh|z=umvubMf?&td-ny&7q`EwG^AY< z_Da0c_tu63Ra;OQdi<7;g|Cyy4+>C+@ODp3%T)m#UZTg?f+wxk=u&(JZZkaAHRJhL;WbtHBqE}OiY zq>eF_1(%HRl-5mVVD$Ry=evg3LeFdPuL-^{7JL83x(&cT!^?5H3m-Qtb)1*x`0cIR z08^Jd^LczCmD{Mk{bcE|fy;Y)d(c7)L|7_-_54<^UI!nuq>C*6H{W0!-J+U0@$hBB zPfPyYth`=)i~{VDFZtW_uxJRPzy)2iCv@s&XEO=pwk0&A?Y^;*h9im@sZt#h`0{I7 zRV7-ts>H-2v5N7H75SaV22YBWo=UaeJ>CAGkuEx7IxqO#ai)_G(}2zh8n=5G{FMRI zi{>Zu1eAbXk?)hhrC@BSa^obt^&)5N#ZQHNxQkY zc!+R1;J&CR5T*F(9o~%|86zvZ%IA}00cL{(e<9H-%^aQlLC*&fW6{=}_yKtTk(=== zo?_lVjxmiBRBltqY&nqh^K^<9hdkRk^ue;O`oLyR2k=Np$)dsUtUT#D$7kj0$Wsq|;h%;L=yKsMPyhOr-*i%gU)As1RhkV<9UO zDa?!{9T9jOL$^=!n-x%2F*|7duIIe+P2v#%Muvy$T7Bf6W*|}9@`9_pQg?_p0OzUFv^p!_|F(*<+Jv| z6m;|I9R=R<3xxWr1mDJ$ynl0eWlG460_AuP+b08w#g}TqF z7r1scHV5ABM{DR3K~at`ZHC`!)5QfpdeJ?Cs%xo54(Kg)t3b+Su|t@U${)R(UsByQ zl!{9?(;gJlOWU<9@AmTMdU=9zFef?{SPt%(C9QeKE(OfUa5#LtVo!0oecz@|2RSvE zP1?DTlU6UZ^?RLJMAWV@vs?ofxn2Fv5()HYy_5LQ5C{oNr=#oT#Ku3vO!$>T)xH1`6gN)*2-*e+m_w%?4uizmfi|A4^n{b z&Z^>5Wt5}NTiW@nYl=E~iI8R;hW7llmh<3B<4&#@+fy&)+&yg`;%gSGkT?S@0O1ro zg}kA^sptJF0M`71Zyi)(LbvaGgs4h@d=gD6X!>Ie5H#)yFRDslvns^AaeERWOuw-4 z&U;#i4F+QqMx|zDItetGzaATc((nl*I5*#iVlK=KoE!sd&Yz!1>n5uvQ~(H8MrsTp zWaJ$`apMn4*j$Lm52}waX2XvS1E^6Sjsd(YnYch(9<%=KWXB~}2==>C>6?%Lb3@D-1q zRyJ{GoHWAWu6EyAuy1bvqT!ABM$txu1is=vC=Ci!Evm4yd)2ZJ05tU}S!KI}(O>WX zXDb-YC^i?NbFj1Ki<9t4Y43~RIH&^lxcpQ3` ze(AsB2pY)eFGv+FV^Mgjj4|j|fEM(C6eX-dL-+IM3OK(QX61TDkJ^#Cp#+i5GMuih za-|n^Ko;2Er(deV1P5Mk$xuB4f2rx$?D$pQzQpfq}*HVCU< zX;F(k(WiqzKlyyXlqgV=Aw8=f%S(gz40>ZZ8%tj##sos4zSw zo_LTiyJK&|fEgw=y+$LkK|GdM8)0@GsS zUGjgY|2q;m(l>rI^HDH8b{incG573F3g*tL^v2Deb_rlI_b*q)YlkUGj~v-V=s;1G z3@`C8s}`@W(El}d7Y4_*xK*wE3V6A8UHd96U~60Wx#^8yKl2& z@BfrIxy#T$ub|+I7v@tZ6bQ7S1kfP3%Zm9Yyb@uQi@9>{L0Q56N8q|h=dvQe1x<`P z*qWBd0Kb^Xx$Owg#C%5Mu)$Fw?+)abM$LCb-=gSW{moGPlTppMJZUc)Uge zA*k}Xrdq0TRHx2k^G$tWA1ndv=GV(y*hzWDUnnp`kx@Dtdk-^|w}Z;wu-`GmOu(Xb zL1Kp?OVZESY-44m67yqNK`2!+q5>B?;s+w8nttp+tXMrK!jf;Pw8)4%{Lde$?Tx;7 z*Jd`p>;)MQgP$|(&A55JgJ33{HAq4H#j#3;hIkB8FMbo^<-YC5Lgj?ae zdjAuMwj=ERPDH19tDWJ3IM%nZW&aejwfEQ}=J4ZJs|;rnScc*yIXSco1h%&oWJqpd zT>Jxe4cN}~Y^Vmri+)-PFSJykR)3P2ze#q|Ww5eTV`Dqup6@JSCvxq~Lt?a#h>J2N zubC|}_z(2Cg#nHjYpjw4?a4Ta6M>KKMU8F0XT1k)lziQFPbp(Q`<^IvxQX*R+OcLrAbwDw!wKqP*Ur-h=p9#BkI}^T*`cY&DvKX5 z+&5j~Marp#Z+ICwN9nx&dWZk3~D^3L{su z=5415^pXQe?NLha{4amG>dxtSsX; zR#^(e%@X{I@5@M5^LZ1tuUpZOU&t+4@&ammv+QD8>&uZEIY z2D+Bx!=OMQdA7TI+pfuNhspq}+ZzE+Ly!En*hQK+EHux~;1J;#zLYU7(S0`(AcT7d z4aQ&YZqP^2!oX{*5V{zxw!#j>P~2$3y2ihe?yQ^%-Sx_O`RAab>CLTsIL({5P7Xkj z*vd)c^5ZfI)FZ+`D-BgNCWxp9$XFk2bsV==+M@` z9m3V4l-5wGZxAwsUsVM&O+UN2x(eN(djjl@dh_K`aHedKE?u(kpI`_iiP^Xn$YA)# zDrp=o|AviY4h@(K)0`jC)yh$0^?(l5{ILWn50{+vAMyD4n?t@y6DSj0kATvoSwLJ=*ZCFsa4n3mQW*`+WfA?;yTLOhm zT_Z;6=G|M-CFh?lOktmk{iv7jVjR@C`uPkxPbU%|HN*Mh8g;~f5}%a;$*-Z>%c_ij zE4W*R1TrsH)fRR>`0ndF?fz(=JuDf>zloVrIIdcLMy>M0d1$TZ)u+m`M+~ncE7kc* zV6W~33oFbtKPzBEco4q1X<)rY#D$aoSqw9Wny+g(r9m?-@bHn|&lCdpeoiw79L$CA zO}vEIupjqJz5bYm1wiL2pWo~Ni_@b$DZ&K*?K9s*&T0X{5R%H*qART^8@~!1ZWOl|3Air9RPo<4DnzV zBp(e-u_)AfN_g5gwFk<8R`I8pNK*Kv z#m-cp?yzFqf7aVC3Fb2;r3xInQ~g8qR+ap}uJu0$G+$a(Fb{?P-whkX=FPsgkV5(P z8JJ0&e^MPMfLnGISUAJpPxTy<=TE@A;GfiZy%TA(ggd*=KYk{-2u+xrKWNh9d6wU+ z%ky@Y_unGCMeK|K&%`*L;xL`^3GAfkhW%AuqA;w`{O+lnJvTM%X~cv$9(~1ztf!Fj z@I2pXwkiW}3s^xqM4PYfgFENHEUJQKvew!_Oj8pqMvYyu`NMh0*Ha11N_xPzRRIT5 z8NZcvSgy&bKYFL4{L^3tZ;a-zIR-}A__2SmUFkl?|rJZ=IFH2HVbD8l02HU9GE`1U$ zNr)9UmJw!+4Q#ViCi-N%37hu&FmwZWWXI5;mTd{JY_5*%akA&xJ;A*nNQn2Btgi>C zq6X289A^h&X2h}WmyrAV*d&^*CAI|1SQz2W#eVwUKBLCr?>6ButeHjx04t4;AM2!> zmC}UfXP@v?QNG|s1k$25Bw~w;i^7m4@TP;_-}22)E1sWjSfC}Q19xjkIXq18aFk=q zHK@D7Y^HZtyxkj4qb$$S(KA1?N66oj>@2S-k@>w01G| zsYQvo{_-yxOXG!N$^Z35N)Pur<}NsCRrXGrcXMkkArMiwzndJM9oBG{%0-%p{?b5h z(UaZYChzz;pXW46_u_zk(Ri9&PX~!hKx#1Oi~$2wX{JMeS$l~8cNk}cSdkhcV`%%$ zbX!k#0giWB0CifO!(!n5%a*1}l9?G?KTgV%?V`xcED|dSLAMKQWXcu~xI=6QIqN`?F?xRbXya^m84reV2dM z3Q^&yl_f5mC`z&RJv(i9q)t4U&yq68_#vAEm*G1cFaQHjObCjAQ4KQ!5@CK%Lh2s$ zi#Y7}s13UpS6W);D(FHHFx8$k%&SZM_HDlfbfMU6*j5)_Q+@hD_??Ktho( zY0Zsj;O+JsJ`)$D?!tAQ#>Rcet)h0__fh^z0Hji zQunv*@xBXj35G4--!Cd{EG%}>DX!cvZNk_|alsf7JZ{F)h5)Iq!S`J}vw9m^Py7B{ zZA5MW1^IS><}d%SJE3~LJ)9gA%Gzk<9%egJTyf@fpnS373*xww4&+myo|dImCwcD8 zf&)pv-+BTHXZYP`52Ljd_$<#Iu!q0HIxU4oJxYh-uP?cblEkA8U~UymRF3i{(q~zi z_+Gp8;Jw$9Y7jovHmJ2DP!_(>aAYnHGG)hErb_|vZz>cwkKWWhJoKTR9PTM5U4@Xk z0jPe+3}Lu?)B0=x$PX!sTOHr_@pj)oJ#f)ecZcii9<1xa5FFA$-r~&Eu@#HjCttnL zqZ>whSsI}CzTvT=tZcf|sCYCEL}Jo!2WL6Kf?g-IfR4uj(KLra60BdBUUPm%xbL@C zL-ZE|M+Ny?mKJ526&X`Ld?=7FbEv{NL3_zs9n3QBOhq6Y6S99)GizXLuh1pa47wbd z*54jAoi>bmkEp)cEi$}klq=SEn>T+UaoCB*MohZV-rk zn+S6%_Ydy078RkTUv<;5`#!v#vWQtyq~1I*OE)swW;0i2(w717{b14mh40gxo@&~w zPqHnG1os)Bes$m2>QeE&QIB%m5czBiH>yd*=TLo#(GH_7=)~;axr+1{0A#%fv zOIcU<8@&0)sU3k=%IcGf7_Sr&l$^psUYGvylwK@i0S7h{ry-{39XqT^+nJ%6v8e5K~*CC)oZ63os(cLuB3R zx)t|c0J|>5*2e3E9iJB(UgbEc#Ha0T`gj<^DQwyswtk$FrfQPSX!P33R(MKE* z$MimeeDg}b24mSY?ls7BP}Q5w=V%F;Q^cpaZfIqcYF*1rx}(LoZxD)6u2QF&Q3ig; zVVSilfeXAO4V)1-P<9O8@l5HrC&|7P>X#X}qCM@si2cDf<;Az`pn(=pA);qI<-R!i zqtBbotQ;E7tSn3&F^L&s>=l}%80lJCb7uwC&L#R;(#c7=WM|3uZaKWE&$qv2MZe9= z%%~NPaeiw@0au{?5Ccx22*3xs*i?G(q`NFsJL3#U3h*5@KUufuuQBfy3g8=P=E<9h zvL0Cf!_Rk(DRk0aE}t?b?L6E+^z2nrSkvnF&SBBzEbh zn|g^>ho^2X3VZf0Nw+@HCYkE(U$ye7XShaPE1HDvll{fLV{yf!TrqoIRTiMvR^P|L zhW|zz*@MIQi0!-k`8i_4&LQa&pTBxYZQ9YDwJjb)X}CRx%<^ktl5t*4n4LPIFhUNm z$M2(~-jceNZ=iK-oV1!r#j6p~N3Rs0n_cq)6(;L{X|dTQrc>TeA_^Qlc4yd@@(_Mvc_D{Q?U%QEGR^X22Z#eN+peT- z&)K$}9qt_`-LvE~zH@M>h4Zn+sI>~gvW>X{0s_P}Jt?0cbSsMI%mX5^S8us^WUq!! zJezzaZg(jA4shi8M39?>vTKp#dFY_SyGH#!bMlrx+iq*w@{Ei4{yM>Rpf{jaH<$c} zUC%?(*F1&R8FXqqD@)@AAECo#_)U|9Q|BI56YXHO}YmwR*YQNU$_NMW>AeHg5w1DxQJjO7nBieg0%9wk0`#860$ zNp~_aalyKbi>165ZT@w~nS)M&GMtQ@z+(EFTR7cnh1VF9>B%9XzZ#3NYCP98pe1AK zMF5>6aG~5B*NE}$Yf6;v_7?6eS1aFeyKEpU`Ion`!cXM|QI9%ZzuCKk*KOP~X?bz@ za5q^Aae1CrQ^;3y4#0is^v|Fr7|x6H<2pPA;}G^ z_h%)QM5O`_N+ET1bbp8WR=Z*C)Kq+y6yk!YB89Mj82U8CKyu*c*0x~#`UxypOPqKK=ko?6f?jaNr@fn zL#PcS->RDlAWjaHA{$e$JiErPwl#DgcgLAXJhP4b*|+15tjY%+_L^}&!Cn1&xf6aL zWfi!MzR)jnE1uGwX0*btItW4Q2U({BRq>?Nh}WzTDz5Yi_;WO%Fgn zeq1km$8#%in3{GACuhF9BQUoKEloM8q6wrr^%B&t`J?$e$n2L%!pz%jHsh%#DS$lZ z=2HK3|MfDj$D(W~oI&(2m{Hcg#ih=HBe@wuO_-d>>!*4rjoNN!TQtd^VhHZiTIHBX zmYtbZ)`43()@I9-tCac$mgZx$`E;O>~y~)>rV)Rhq{k z{U6(I^+8yX@k-PD_F;qU@ijiP*4x^f>dao4SK>JAl7$6XD*iyg7hrgELH-HZ<+Xzk z@v)#ou#|lFXD1pde`xMv*ycOC+~IJJ5WXbCUGG6`EU= z?$F4Pt};HY*;TE!3UUaqtZBdkqN1I;9iI~v&kLBv|J{oxURg+#21WVZpxz+C$9|XC;F~{% z>U#pe1Kl@tCaz-yGC7vS_rfKwSkZnlb-f^ANUH# z_mVJ8{3f7RZVY*=Li(~}i;m7|#n`Eun(3l<%xw?L?<+uFakK~M(%@hwJYGdU=F{fI zA+}&Fs6kouV&|;7lS%FYdhyBcgv;!wPI^v-e1|l31h`5Zbe*B*a-X8R1pslH#f2~L zce--2%49>+3rh<#ju{r(WVID;Ypz?S1q%RPH%=b&IhTi29t@zWcBbu+N4q2s#!PSZ}4z80qTORJwj>%fFvK)@2`8fQwfDH!l0qNWZ*Gt#~3ewX`5FHvT6Z7gj2y!^6aew=lsICOK{ z%q&65A}WwcMFqO~)QS4<=@4nU*KjThI>p#Y_u`M%KRIIl47fP#Jp3$QqkJH;uot%< z?cD*BWN$UA#2e_boAeOG9xR`FpbhZ>U$!CNPzLN8fh^T+yuqS&|gCDn$wu! zKU@r|G9K$v=dQP&Q!KyGXT@7%w>Ued@MCYxNxokUA98l5jVe`c`hQ-1<9q1Q*N8D7 zZDd~>5J$BFpr<`wW>B_O!YN4+CbY@p=4HQsynr)o1$82Og5l;=H#uSeJZT>axt-#Z zuctAQ^cB7Mgm15eMJysnctDv|Gm8iRT&Y?3&zNNWaqDd%X9oI5`@i05aS>KoJOTgW zRYnjhziIBzxB&rQbuc@ZljKl%{R=eZXe@bV_Pu;+2Y2mlK!GKBP|W-qEf%Z9fr{3Y zjvH$g>qRY9e+s(&aEPLcM683T@YPm!D{*)7Yi$c65R&@n)AOD7VkL0O&TnNzA&b!_ z;l*lfTe<-fE_tO&$+LJGZQypJ7lm2rpcM4pToF9RyA4_8O7I86>s_)9tT0_tTJW>w;UR1WnC=`l4NaVGBP78eLL1=ETQmU~rH zVV*lZulcKT!?sgyaxsR7bo={*0ppC!t{RD5|NHb3=F`inKK1zH>CxsQRN3JW?IcK- z^Jc93;P#pO-UV^1&nP(7&aM`alMp~vx6N6e+040|E34)`yx&*amHbaB!xl__Ri;G9 z#EwryuKQIY3cOFpC8q82ti((%sq03e!AsP;W>m};ItNi-8n*|(5>i}hFgKE&4~Apa z++LmGq)T}bsH$g0sU%DMjIyf62{eVTka-5u@}(hw?|nJZ%iI`*+d!;N`HVSD_s$}s z@ajXDT^m95dmUvmkOtB|RC)^wW^pTZAS^I1m}MxYO$7KcK0t&O-Rek3@+V>UV#JY9 zu5vJR@>mg?fB!cc;={e7MzGdD%XM|>%}`FP-Vnm)6e|&kN3lGIF*;hk@)IwJI<1ST zek*5x0t%q-!4g2>F zbauA75gx>|#18;Z(cH=(nk$8H0In zQ15t@$U{YHOt~_1{A;7p5Z3^??J?ToLv2G4vG>^p^N}~J>2(KGdO4?$Mvv-yJXgKM zuwuR2hanhx;#9b`!8W`9cNd%aX)@lfaVCguELmSsuDUlg=dnflw($klEXpJ&r8%xe z-KiwM5cjo_n>-AP%r3VdZEc>_p9|~yyZBd#qm%9LP!DTqs@P^?vV%%~Nq-f`=(0vk zhBNx;6i|My{>7wPS!hvwnZbv0bO^(e;^!6<%4-lkhia8y?}xZ&wSDt#v~PD7^ZZpzUwa6bwi?xweTmZg zcikckLeQf69?GJ1UD&q}K)Lceee3ZqyN%rJqi^nTv^&wz6SBuqAHeCAe8cIlClcAg zUF`e#rx1Uipqvh5NmT^`$YR0c<1qL?0s$OX{q*W+-~k$}CUw#I=(&^VU4ATy_+gz$ z?6^UK0Q6dzlb~2{(}OmN?sb>XW?3T4Qn4ZC*qKO0w15%4Iaeb}Brg=JwK$zD+gl%- z#wp^jVmS6C>u;nsZGLj&*OlwbZu(rD#m|bY{(S}`YdgM*y0?g2!+T*FJPmAGUEQ@A zjmxaXXi7DRs9fIIN!K1TFFz{X2?4r>euHd1a-H1H)(c@7xY{X4CZr+Pw=9+{O_nXwr9JEfbDBpt1zmsjpnKRhi~q*PWU;HI;Zyf*~G5M9eL59)8C zJo2CaY8^9+r>(pcQO$ZwNh?ot`C@zP1uZz~{Y*4^$+>@qc62t)6vyBoEWQ%~> z*7CCVT&rLp0_LivgGD^xs9uVyS7_YA+5mx zhI9TR%RmS1oBKYWYMFBDbLC5S7t{3MhYge* zB=(>lhQ+5TdUhVz%$SLUnj6EIr!wmnnLkm*X*QQ;TQ7Ou&=<^0`#CA7t?V{AV?n}x zN@j2kD_s)=j)$e~S=cCC%(S+)t~XnBlZ@wc+4rMiLF|5DDpur+x(R7TgluL=eaIqU zQSvQtqKnX+e=qY4iqP#r-r+XLQm54>|MS!jnkiWse(ri$Gppmv70Hjp1p;92D0|Kd zR%nk~jtVw^h!k-JzW*?3L$ImwBJKFjx(9Q@)63rE!k>H_iE2w=!pMV>-Ob` zYkgq=-{sdK5&G@6yq6a{{ZQTZKuu}Q-9ubD^9`LceUK`(e~kofvi|ob0GiQ3{i#p&9xpLFPtYjwZ3pL+W+LOt9LMK_ zMOBWL>Q|9wPGXC+Y}&G$>!d%+AWs4i5MJ+pk0l=Tq*#ead@0LWt0F1O_{ql`<2>(q zG?K;5QYD;F3vH>FcFygENlAx+pa-vW=~H0!+@4-psbO1{;A^fpqnU8 z#oZu}6Lqw26YD|#EHY=`B4 znd@y!IvCo0c~xyYC%=ZO{lTGemo`-OWr-NJlh-R6MrJZ02C5GFlpE@ymW0a%c@>VD zEhPl1{&*(uxhI!7<*oIkR<}CqL+DN}ksz=EI%cBdaHH@pFE2kM#l-G39QF<%}xG-gDQ- zYL|6cqm}NKtMO?rV!^#YcR?cs#M6XxfvXi$oU6ri8G+7bZx6y%Px8QfTIsPAM_M0H zGj3b@QV?{#I4Vvp`nCP*4-x2V;Q?ho&6b*a*Vw#H44d#xZtwy2W#fB3&bX?uq+q=b&u)IVIISi=921 zCFhz^$*{nQ+qe@Ebhkp*fXg$iH=CGuaiQT}nG?l+qrs4KnVP)H_bfBtVPK5rm)~yJ za4Sl%#g8bn9`2P_-^IV^EJTkj(QayJ#|cQ6yz8_J_2uTgbh8&choF+L<2oc_HVZ9f z!dcoBp00L(!K8YLNO2>D5Rty>{dZYY%Mm;B0Hhni0(q^nw{hrNv~btK0xLWy5Fnmoq-io=)(y zX>E|_i{(^7k$3rIeZ!#}RJ>~bSH8Co;^^5Kxw*zKdI@(W!DGivP5QviaJ}qe{h?as zbeTz(mHGW+8(ecEe<)^Zj8tbXd-tfd8_4>GqZr6FdW=f8^-cBTMB6!soT>gyxBYY} zN&3LE(#zM!?way=SqL{zM|Oodq`=zUWD7{XwJi*rGE7kooiD@9IBKkaE3VUx6O9@% zhHw9RQd+-;(w7O+d_Wdp97>My=X_xvzXwx<)0yNhDE+zCgTbh93L%6ldAXJk!e8

NGZ@;#C*C>7?XTUkt-9(V zQ+IboyYI&H9V?PtExOx|%V^{6SlzZBH zlN!v&r?{EIHo&#XwFEDI6RlF_K@{%}3$kFkQ2bDCpSvr6pZRA0K`*H6Pyu>Bj>rq{ z9A;V0`-E}57^!%D{fWbjs=DKDfVUeGU>I{qvM~suqd5PSA4_bSO3hb5BjX<$VkbO* zF43Kw|GQCIjwX8G_zOAJybNXd{iarS8}(vvMwFvnx{ecfhk1H8Z3-sKePg0GrGd%b z04Ms;8eh2-2f)O&#W1a~Dqi)m;77#!20%x#M3h>*nJt#8LszKMe1@o2LV~ zHGRf7yJ-e_Jumdx4ir*fp77*jrS)!vjjOX;nIvdc z9{7zjTRGwCS4d=#KRY+$T*;1eK7q@ZQC_+gyrJo$(Y?01fR4oddRV%kn`rcaJFc3k z7&i%`zF!o@i9TAhNtu7W73j`{oBvbm1%eNos!~C5=Xt}jY_lV(a%sXBuJ!9AYvyiU ziX6Hb7RxJ%xu>ViJj|ySg^CM)Ifl&2i1x{SG47Jm5?{ZBs8gz{E0Y;fmUG8um((pE zzq)0|hlX#-|4k?E_*iP? zG!+9thGHFs8-*Y&03odCk>@SV1Fz2?v=$57naYu<4^s~uUUx&(7>NW=144zXSc6Ji z$3>PbK1fv<33xZdkCqN+15TV^c;OhMHog(Oj z3ZcH}1{GmsBf6a>czSn`W?Osarv5&n;4R7ab&?0zHmVC89#8TFTCi;l&he5l%U1cA zPc@kr=!a!6MXuIj`uS#5pxdDM=N#@YVKR#DwdOkUYzybPz_VO+jqwU>2(7X9FTUhW z-D)c=Im9H3;)Aw?pl@tE{g4>FTvMs0-eh^k0ZF;aunT$Yo$zAy%*J3*UO^G(#ddxi z_)%(3>15@DuEXszyV$u<7uhyHn&zPvAUE~4P%jPWGz`vemlyRd!`Z1*`g38h*kvld zyH6GNpfs&_nHkT3hRNQ-?ph_XeBpm|lCOIXgnJUb6Ii zUs5`@U_Zi42Y?dz6#Z);0w`ns!#?bVxKkPEAs_ov1eAE5*Pr~ZufcSD1JZF4oqJ{B zpfcY3I^()3@fG=Q1fDhfYobXg0*uijPb_5mTf#%dko56pQM`DW_tUW#)c^I$M?LsS zLCTrHKY(v@b$UGMZhkIuc3Ab2XFYiS_HsJRldquVWM$r72H-@tjScrMxwr;T6cuPN zPt_eT+1rIKtMceOgJ%+nc4_b}nc1j+>hFHJn9K~lKf%%SdnPC3qF(WJgHej}8!z!S z+V<9~Lj@`2XZ*?=lxf9X5vaGLqdni0LimtFvQ=u-uAPilqm&Cv0#fH-P#dZ6zBmSO|OoYX+ z%cAcqTikBe$^WJxEm^}h0P}#u7W(2^@$9hSLi_F{ntR4!P-k>uR%9%U=DhiOiS;YX zXbE&XWRq~TPUz!+N4(z?YlglmrqN#7Q`!M0p`w_46aKV3Yd>i;9tJ8){n()xtNiWj z_ahsb^^^}IJ;+UHBi?uIjLH*jnn{uOaHoo##!W61?{e%m3yiZ_A-jx~`Io=L0JF{q|N2MG`cD2F6Y* zecJMzPGA9#(D$5_7g`d7GD~>cTLtHv0$=eCyG{mD1oCx55hxn(%qLm@2?%y0SrCVogNOAhHEo1RmU4!traLg`biF7`8#}NBHHcC{RwYDq`vCHTi zG`1NP>`0G#wzWj9yLNd|xrqK1@k`9&JT1qklT#YK{~P+lK*qs*^Jb0+ok~c)DR+kPDxB4{e4xl$RBY!+HN2?b5N5L9 ze7zN!J3s}JmRlT{jnXtL6B&^<1FlhD5K-Z1N!NOQxQv};Ttv$JoakN*C914G8y3_w9cF0N zuaC~rMSjSY;UDJrcMf8o5t;S$0O_c25KCtS@*ePkYDqVoGm&UYxph`f+&u{+@loQAc-*y{zvTpor)8 zV3CuRD&$LBi%LG8^fQiHFJt&kd?emX7;4UmcP^=!>Jv!>TTxKA4cYn>T8NkW2 zC72wYGiZ#>=wNnGYP>{TcI#VM^TiNGg55fkyj453zslp$W_qE%+Wum^_mPW`@qAvL znNVCPiR==2mY?+-EbAY-!uvial{8d(c_Z>FQ0AQP39S0<6w#AmNVDy^P;DJwtIMnj z-L1w>o#OSPATMlji!(HgbN>Z$cgRtU2|44zb)_O}F}k17D7`xUU$>sM(ymq+3B+x= zNX0qc*u02+J5JA2GxbG`Dx`gshJTAkkQ(EC14dC9->N!KE_{t*v-e{Mwm2Mj-yV;;eVk$#*XHQ2 zCua+3j%XS`137Q^-XF|OxS@H>-4j&~#RTJ4+~F_@Sfk-ZEONv7lrCMtplYAr!3GoW zEa~1*QYn(XD}GZwRgd3T65v31podHolNHOp`&8F5scw-*~wlaQq z&%Zm@80=oO^yUA&Ws7FpyZSiKyV{+cAh~Fs?1_CniMn=o zG0I*w`Ac+b+=tTUJ0=*VlrpI|^Hj36_b$8Ks@Z$@Qe5bAVC?A^-Ns|GMK9ad!3AmL zvu5r!kw@}crJt!kEj=BuygsVj_@3oFj2wyZ@QqqdcsIWUUgbp4H zEylt3oX^)(8go1wF|HaHxqOb05MnCUXfdh`ndhVeZ!DZA zuA<-W-=tPRtIGgqqr@RtEt5!X)%qc)A^-(t-ogL*89W`2i2q=EO@qsE5o* zz6S?+{ouOEY``ehsd<+Ec()@vWnLNpAiBy%eq)55aZDmNK!)vLi_BmID*Ev8g}(Pl z1&OtUg0DmRYft*m5_s#B>ace6isP`hMi z`XBM66!ksS{*Tx9%+qZ%3(FZrQMRS9WH`kuVIH6Q@ol8!)^)kJ_11TC-q7Pf+vXeh zqPz3#?nSvFX|AsRyyPn$vrX3~Ly4F%q3pBvh7Y@HZ!WcwG0UhozI=(Fp{9H#&p*&g zD!{~cYo`js6=`hPSEK*B>Ae_YD5PY2?ohvuWJ{7wn`~7W{oNFr)c1RMNK%R4rZ@42 z)1_;aC+ZOa_bXrm+l)j7hb=p2(dt+X;d^m;nxF372hDuR# z#1~cZY`oPmfxnLd9XtC@Lw8@#tBz)9_Nc&Rw zT^vt)UYg$g+4cEmV<6oQqtABI5QF;*a>r5P<@05xrJxW2y&F|GWVt=-3FySdV}%~@ z`_7=V!$($Wv~-GYRq>AUTK5+K#TV_u*t*bcWe~-_As)>+Dw#$6>KZcBg+R9j^p@o` z&c)s!Z&+ZbJ5Oa#YG?z$LLCYmc(CB+5)Curlg#NQPRrFz@$5Xmd&=z0-v{*CvnX~G zSsIf+AB3!rlByUFlCFL3$I^2%fzKnBnoyFA=Pk`f;sPXNp|wVz`%gk=zo_Cd;T#-y ze@!YlStxiu|CM%k+zGP@KgrL&SJ0_1D1jOT&_@aQtk$D3@EYl+z?eT<~Uy+5E z;)irqY`Q9!6mb|(<{Gt*XStRhISkT{nO*9eyC*9MLxTB|fgBI(h2{z4ym&81gt`7z zwZieIx%1ba=^eXkxBqQyz&KkT8RTmaigk4a67QNKw*tR-qOP}Gxa49F;9g(oeY9TA zCWM%Odf}yk0|3hU$8WYyub8xj0HPz07`KlBxhOX|l3}`71khlIk+p^tlwLn1Fm#sF zJ=v@qW#nn1T!T?1g*r4U6oFa)+K5XADGp4w9+#l;wSJcK!=SQSnEp}dOQrAyL@PB2;4}8tNX?4C*fMqB^K&ba$$<_E(S4mW zOSK^>t}gQ7J`o#H{gIQm`TZ24TOpqu|9InH3RrWAmaNe_J^h z(I`>FLV*Xj3j^$8=01}g6k0>>N&;3*YR6~HXkV{_L*kI4fIa@BW!bI zc*{m&0i2^mz{;v99LCEI=iLxk`NxEFRMH2Sy>$sgPxVlgDbCa0WXI&n+k6K4zz;<| z9#bMeV3+5t<8P~l%QTxeyvQu)jVcW=j-T863koZHqkfk^KY>$7Q~039T)O=wjJV*> zbTR}yLyQXEx0bN4)U;I3=qi8*AH9S7^Eug$8_Htzy53&M=4r|Jx}6T)$_q ze?Aqv90yn~k@kt=Z(`xHJkzLv;SRex5KHg>6n~wH-@Y#fIUT$J9il=USQHW)GG+Yz ziOFa>xyGzNHM@z32vI3#9$8%`?AnH%$3%-alQ7H2^)=^0y= z#rZ%z6MTy!--NaZ8wY7}Y81QGGbE&@hp+;5foMfqp$oGRPaDOol^(&O8?4 ziyDZ}$X|p=wUf!1rwDm)(kdpbB`Sh^*z55^?$eo?Jmf{UKSl!wSy6-Il45c=ai_UZY z3Er+yG00yBJMCL~i;;w|czj<@A$Im)CD1|mEG3q`)l|V9xjR`cR#ua2juAgxl8nROE|!IXp-wQvABP_GT+Jl7PLLE0xiEjHL< ze)`l9zvWMq0_gbPvEWMIm#`=$2o)g23J8v^9O>iy&_!^lXSmg^J?cIxb;zFBL-02=dLt@le_`}qj{roWVN3j0r& zv}jcZHPPWp1C*5H6%(iY?k$w6F5wMoR&rv$e>_6qby)a%DA-i&?PnnN-tJjV1_!y= zbzZZ|!K)y^K-1AAV_{LckZs1w`XCVg@Zf`vj!qt@uq!Em)G?kpEpGJNPsyK}(6>1$ zv9b>A5hh~#eFcn9$&a;`L&~$HlayRCjP!W8lN*^kL!IV% zi&Sh$p7qjdD}}U#Neq#G=Tr+F0ClV&wl$lp`#p(3&_G!+v9J{Pl-Bbz=(KSFi2p0C zK4zSSa&L33r)=P5+I5gOIKpfpJzq`_t!&SIu4(nNpo$Pk8_naguy;K0yYWxDtuM?a zKcB76ESU8BdU_UF7Gds+DOojFRC&=Cuuxj$-bBSKeXY)XMnRsNyHtF8F$;Wk$5;(( zsQs!=eBBI>{-A%dZb?Hk%7JbdCI0SO&<8HQ<*74`A6Q$dL?tZlh+h>;Oye6|8M28y z^9dmxqv{MS8h{`pm~Mu^w(d?4Jy_5bqPDF#sDbQf#cdM({O&YM%;+-SS><{sa=_Ph zTUD3kIoyEgmXF+nY3tt(9?9l7q{w(R#DB_A{>goS>e>-5WvdBeO@qA&qr3&WxPiD5 z72bI__XlMCJL+K^7rgVj=0H!fcGf_ff))!UyXN(KXbHZh{_T<@43xF>{U5zrrwZ_y z0js!O1d-6sUAMuWXCb!ab-k&>u%b6la9t9dtYG1PS;zRmI5DAx>4Z?eVE$(W%K*>S zxCoF<|B<4(@qzC9Il$<#j3ixZ!}#QW3ozx0g(S8^`+$EcQ8<9O?l@;N{O@{t*tGSL zz$tf&ZvFTlI4m^#c|I(vz;b7t$8l<>>gs@X$jTYpaVVWHO z{g^P+{r~RuVUcUVvtnaWSe^ABrZ{Y+rVpm9`-uK&I3(M{nBtoM^Xxzx=71ASe9ltt z_8+-h>=1U)9FAs0{DcE84$z*oEn+V?*Lh`{qmH*cML zY&!Fw)B(*2e5_z8N*EU#A}SA)v%DVEWq~Tqa`~QTH*^I&nPt-+RM?Gc?z+%7c=kyr zR|n;n=i>40;=%E`Cq8+4d~76n36BnB^%r46Qejj50g0)`$PmiotP0j z@^y)J`qj4(HCjLkiI`rZ0SRM~|lrU)8_??YNfYG`V?rjG^5jK7IMu zcz$mw%3XGp&8oDc6wg1ol!7-&T?=e_D`6tBY**F=+Jl!%?bU$IEQa{0X+^5lmqbT5 zSr{UsR=_=x@VQn#2x*S1L>Q`bHCgr8_KZX!qrcH52Hzv||09zvjfgUbeDP zxM9@=Q#RB9osHsa7ys-|dSj}g(F180qmAD1`2IgvryKuegCoHtDTEi7r^B@ty*?#Wdg_X<`d7{cTDgdl;x*!o*d?9Qq-}itIvV- z2vOxX+bklcMmea*;7n?Q)0+09s3!!TR`%VI)1zl<8cl3J zCl~6xyaYQc5_TrDIE5YKqO>1%F`|$w0MuU(bDm&t554MgFn;vX+q~i*|$^L561=Sc|JSBJ3nbv4aaJ* zwQ)~E;rHK*gc^q!aP!Uxy8T2Yc3*6CEm}XNT^nW_Rvu6-hPRz97CG$LRf3?<#P|7p|~?O zp(5dmwI{b7P~@O~g@<49H>P9AxdorN7*0Cp(XW*(;YZyCWPko#N3Q*5V6PTjvZSdo zf%8;I1N>SL6hHa{kAIz#VCCzbucawAsjgb+FIkzrHpVCw$$uce_50~xN4C5gWWIl+ zB43C0=;_2lx&HP^38ge^AowbU3}@@}eA<)Cro349wHz~LKi|J`0#lo-;y!Pus(W(fF`65LdsG<{1`1coz5+4S&s) z?DiGZ>GbN?|HIgKhr`)@Ye(-SN(iDP(V`PAdPqbUy$gb%P}2O7t^J0j5JZF|ad>i72O% z+Tp_hnL=Bcig=OSzo+AC$zEe%fSRUStS%nYXw5`x719e*rYieX1VMvciNKt;M?}Wf z0ob5ahle{*YnT0TN-5X(*lw(EK45Y?b92(*JVYgRsU17Ctj35}`(3ymA0JbG7;_eN za0m)KowET-M;zdoaDID@Ar6f6qRbH=Oo3XjdiW@M93M>dDKkIeFDDa{8(MfoogLgX zBb5cD~rEx1DeX!Z%;=7QQAVM3n%`75D=S1B8jVntBrY zjur#dSskA+?hlNL02~z_pEA{0i0qjf8w+>MwtKFuN+g_a{9dyIgmiQ?!fih{l6JSm z4-djRi$WeLbUXjf$G3REpUaNS0%WUVXf5z);oor4g4QD$EiH;WB5d?y@#!gdmYQwN zf7F;8sS0Sb;RimYr$}xZ&p6HIDqv7|BU)&$de)6(N3x+Btd*tRefJiFeWB!SL-f== zHnHWM8IjDBzdnroMAq{KCTn-3TQk0bN?&iOgD=*SC2I^F9l50dx}xRwWJy*&Z=`M; zFr+Ih%m2$%0qNiPvvA-lU;tGh93JX7afH$_>~-z1ZWbmy^GlbM3K^k)(A63L#8ngI zoR(6h{2Zw&I07`ti=;LMcWQ+`X!E}qFzZR-x0D!CAg@xnTh)O|OvK&dzQ)aa@jvz{ z1qv`a*Jve8;uy>|TwoDFPQQ`UEdF4tkwZ=K6Z|F8wELakyDUUM)OJ9T^#Zp^+8uBP z_+4xYsm_5(W^z71)AmXJ$-6JR&teJx5n{9f1nFp`@bK1Ky~_Nv%0vCSrlr?`@^UnJ zw3mwq)Wcs^CY#;`K2la%rMuf-mDkFQrrvB;o3mp?$H&$WNU@%t)%ynAzw#{EW;4nU$DU+eG2R_hn z*Tpdd=rw3+&1|ce^Un%R+F^s5ahlP!=kxn$bw4R5T}qn({WtI%yWATtRgKQ{%5_k- z+Dd97$K+HP>d5T_`A|0ZP+$Q$DhbX?E#-+rO2dz{B>Kni_R&b8{FHlX2~X#3Yg&&a z@2Om)y>z^cWyPQ$Js1dR=S@l%h&h!_EaC0+YT_z?Ke7wiD#*= zw4M$!5wJl>Ejy#}4e7eBm%?jBogJ{RBxo@Zb7``olt07XVP=F*-t?PHm*Ro;ThACO z+i!e6Yy}#w@VTtW8~Yt}vkdFh64m}AT*?2>AxWNj((;xouIAyr;kWmrIkpgtP!3#z z=*^Jff{qI1ojdtmR2T)%zk4_uEL?&a0bi&qqR{Xe?X%Fg2Fj%}Q=w2-@0PLtZ*Q@I zu98$M2j^d-hYM=29*KK$fx)3Vv(@II2L}P@J)2)^u?(k6fw!{B2Wdb7I(`4%-$1F4 z&d(2?MrZrUt~L3b*gcg}_w;ZzX>%{z^Thz&)HVi*>~|UgwR_CnTiS-qxL+x)$^*7q zO*>9Bu^2e^`s+&X>__5EX=~X#j!t+yr{?*!pdxV<$?`(p%6UiQ{U?R0`b0P&dw6Z* z-hmX>rpZYOExj=JN~V6CYd43+33BfXXC)s}v*~9|FGCcCx`fNyIf}19X%i38o$@;8 z&D;o5r6}G?JyUNMfEgR4r7lTzSAT-R|9DLH;Qacam$Cf}=d3W@NdP&|QIrvq7xU6i z;|k=zVlk9VVL1%t(xOUgEvg2jx z;f~ctJ~r9{hjz~EFygvEr+M4A(4ev-lIrwC4eg2nI!#*nLkX7xE)*b<7nzd2!a$uB zC{(q$LCY>3z6kPZX()XJ@44gpw4M=9yo(Qx9>FToS8t8E$~b$p9}48QyfkW+LUSO@ z*s#R1Yk<(!1WFDbQX~f1Z-FaSncEZjL)E9BsG#ubO_WgB(8qV&B=%;10 zHnTsI5f56XtWTk(=CfCY|0YK=E$l&@BOiiU3M3!UzSQ;&d>WK)usqIgXENVV1P$zNq)+*~f@M=5Cl+6r~LiKbC2Qvi< z@=7@$Co3j}W-9XYk`1DPaw{+TjZ|fUW37Bo0d@Lg=_IEmu-$Ti4@P?4XR|93s%{fx zqgR0X+rULj&OEvpuzCN28fJWpc9}26t2SI^KQO0M1P3Vph?$4G=Zhzaj6EQr`?g6jeS?^vZ+|F7# zGE;RZ*?6MdCG~0b#&z-5bHwO$!mkZ3_B;jswoFQ+6;wl}?Vq=emAD!<_v8Z61#`UM zyOf?U|0-2YkKAiLEwAB)XdB4{BG?vUke)t?4puSywNnqY zZ+I#O^N#iI$!@ zO1jo#r=&fOE}Y(NH(1{fIBRL}F99~fksrtc_%D1#XY;9%KfYu~+XgwXlnb6djkk=O zRA6PBV8*2-@tl6gmRkK*F-WDPM4DroZ-f6)KJDsP?1r7>X{+iwdsK?Iyg$B{(JLBV zx{&#az3v~^Sx(OfQz^UINhqFKbl8x_nzug)-$xhb(6L!oWaT-?5pTD+&PpxKcKy9U z+TCxU5@+C>^fat=apqsEv_qX<9gVDx1m4sY06FsS{0BqnBCG8;JMCOY1QA_5Tm<4f zx!6K*i-7kALqBJOMUFzF$;8?;hO(uXQig=R%A1@nEf~M-4vK~ToMR@nQye;BG3kdS zityoW+Ud#+MW?pwDNhu0?^G1Gj2lWyB%q;}8EZv&Ij(dYOFpURA-TVsb(&RrdG>N= z4I~hszGtClbjiW1#E4|4ot}op>%T{Ms`!>i!^D+sMbu%mw;pQTq**VV`Id#jmS(?` z?TfOsba_#*{YI7WYrF{y#_zs8hrU@BjtGj0ziy`-+c@dh*c1IzXLH_+Zlk}X{s4Vh zglR1*rQ)!_NtszLb~2q9L?`^dx1x`oH%~MwZ%eal$L010Y!Rzkwz4^as}PZu`Uy3` zq}P0+KhmigKynzMkt((2rTtAIH7<0ZdX+3Ik@3lfDGXS$!0V6n8}wo{FIxx@lR@xd z%fSV=Ig$Wd!FdI4v=Hz0npb_gcVEQfhTm}M2H!+K4k7_sWVcj0sB3w@#eL8*_3RPG z3wZLJc-vS0Po;P}IZ&Gxf4hsOrohpCJVZ8e*gb6LaF{zGc;K2otNomK&@n4Ao%-}F zUKTB>+hSv**jx3Hs3Y+-?eAGzDYwkON^U2h!RF;2{^`I)^@ziA+2@r!6Y8Sgs zUbkf%jR??|?H1ZZ{9<7NZ`}uxCh2=}M(p3h7?3sMtM83hR)afWE_AR?**1F;?CGO_ z0=cA#TzzCZz)#4gOSpyAiU~TNy!xe%8)Bn&j`FU=Q)8XjIVu$-r-4&q>UkflLrIAJ zc!4@d60OHcEQ*%uP|B^Whv%&~H&W#f&zB8^QurJAZ1C&`4jyN#>vGPN|HTuB!{^d$ zXCXVTkh4j&@PIBCSnCYhl*wmSSdx^V*2~(IHD(v<-NVm|F_XP?afvNSb~ALYn}xo( zd{(riCj|Bd^5O@`P%=ZiZdt@yvRT`i`0JB7R5Os!wVhz?TK&uxUuo9PV5~boK5ntY zT(l5gA<(j(X8(y8k-~!)>HxbOh@A@UAcbx5g6+icC#-z(r~Jh7py7wb15?Xx_tn(J zgj!bXWuNnkHS0_a#Mq)(3|k!zao5PsinWyM&z}r33K{i`Ofi$g9!(t@oVeyOeB_G1 zj6Ts3RJk(F&eY@`4D;>p&YW>sdK{v*_R8t6M){#zX{d<=2B?E>-)6LENR&ipBG-5+ zeh}IE7|Uk%uwaG~4jB^?KYU$xB?U09&@qcCq768Bvs`t<8wU?#F%=$*(mZoN{cx}V z=eQba`T@9;{y`8^kj>5af!Pet>9F9?NEOy7uQU3tfQ54Q;VTrbR^Ly6*5ZQ=?=!?ThH6? z>$3`1NvEJ_K2w)M70$@X;t74V$nNe)#ylc_L|Rxivt}jlSwBFgbwp(s^<)J3@c~K^`XzKd?jOnDHF?X(x zC9#xO6PM9GT}F^dnNPJD(k;EcM4WBaomcZjLWFm3y!VBl0Wzgi@zLNZH7W@mb01}0 z6-&neVgvePoPP^#b;&aPCcsMj_x6pX#k}Q>uh-eiTp~w?zx=}H&T(}mcj%PS<;;Q! zIu)DNKFW)U&o^vsN2KDfq*StZ_V)F|eYaD(?QlfpK7XLoshySgte1eKRA@!g1zeJG z2!5>(G12xP+9xR`%f||v`eg)oY(AqducS3%Nr~*l%BI31w+C#1dWrWiOU@K4%Qb`d zL&Ga&4hdl_69#^}X$uV5J}qf{&!e+5EqhJ~l}16R2TtHCVT79I2^F!6DQ`+3AwB29AZ@8&9B+YWVt39{;j~A5%B` z>l>9O=xJ%_3a8zI-3(jto}E6gsk&2#OU?N3fTIKuy}}0dSHJi~o5CS_29)5LoyAVz z)qats!;S;43vuxC{+?c|HtKB&JLsYFO}0P4)k3pvK}-Yhmsl}fnL45}%etVxjU^tl z){q3fFH?gpQxJ#0n|sy+$7?2oT~{G}5t2LVl9S{{Nf0v8wvVXp!zOEmgz4rFJpvmIQObm%?Y?I@BG7_N1`=%6#%E2<}E08jW< zINCf6y!O1#ap%3fZH5@MN9OGe)H2l-GP}V;J zDbN@`-Un8Tq%ea!7iP;pT1O1by-a{dbeWZr@lgW{;|Nur1}0uN2|TXmZxy>IC4yN#wT_0j)9jnn5Y zTCww;wPR8<(Qj0FO0E@LC#`X!q1;qHU)LXTaMCC0uadL_jp6Do2_78 z=)_pQ*(N7I?lw+>0E>#oWCqf0M(4;8MG*_VeiMd^@q)F%M+?`D^)h zt>`aNs4JT)Sxblm>ho1s;L=(6BY3hSzI^ssgp}d-At54V`i9%w_^b(gTU8@<$)&p& zh_oy(&&2(vF?G3+t3g82>Qu}2Xbv|f$)YDkwI!u5{MMgipDeTi)n87XxC>6fGrjT8 z8IMHAVJA3nk|p1%&gk$U5z~Q4L09sVE8VR!Njd{koW99?L1{NkL@`}eL3~V_itez8 z1N@HwEOw4fgAEbejMus%7+rM!DH%@|A6&+Svd(hs6TzxjnzehXbv-F@gw+qjGv-GQ z`K=HP$n=-D|EgWE6SPIJhw0^?Hy5Qf<>_U9nj*pg33xm`0^yz@bEpX!k6~G4dWZ}q zk!#ss5fngZ4rJ$lQQ>{hEcz@aKIZf+a4D>4=2xdAekPClx~p}OOJ+jug3I;_Gd*7e z>Y4(^?q&8o^mJH~?z`w<4$nNK=c5a+*_H}!X6E8Ks@}(MGp8>}>>&}tC*A-C<&J9M ztx&Ms>&Tb(HlY?R?)w4i1|nD6W`wD><7jq4;u-rK+;U^w4N6!IXcX_>b4mXoke5$M zn|8uX&60U`j_{6 z62cx|t?&?oGxL&oi8d{1gDXS~tK)SEwnpAl={u=pK68)Vzvl?xUD*k!EqxC?BZ7WI zI>2bL^dSTv(SBCd+d1ui6D^;6E%DuO^E*brS@aq=>b-kG|LTb@H~{A%==a!`#-Yj; zu*9zHTU6k@Gs7Jeet_?o%>JUUsmgL7!{6}7)mpC~KL@Y+7pd=V*sHAjju4^*Nsi=G zC{WgGxjpr>cn5RCks>WFUoK3Tl9NTzRBnvL^eo3+RL5se)tpjtgBPFWEXt=gsjTyd zgi!5bB_`K2_t@RGzUnmEkh}eY-F%;)wKL<)Ce;DAM4MLh(&twM(W602P< ztNB`Gqv_ZT`bpSq$a(QY-xhv|MW<1&CHuNnR*EJP5WUF{gCDo0z}7X!3wP#HKF=V7 zZ5h2RUK_MKoN=<}n(o_``GXBRcvk|;HcKM0mz0(^U^De#6Y;RABmL%ky1IB_p7l1t?0NO*jE#{a!uIc` zj?MezC)-MjL2y?=h+WSqy{3ttagg`U57BHL-j4z8a>)gD>XANL7-2 z4`k-Z7azuM-xxA?PWBwK@l;lur9tJc6H)rcKl9LM*%5Kxinx-FL!p+5jA*IF^l3lM zx~ZU7`|v5Q{3)5Y7@@{5H9^CFYohHmhHetpa-ei(9}`q56LJ)S83-T0NU|^4Vr(=}iWR<^Es|GkKNE)E{R3p}Pa zWJ7W%b05vkN#r!Z&mddQr$&22N~#wECAUjg7M-_cHZ^He4b8EM{)5iy&?c$5BK4jU z3Li06q`rb`&jG_~toKf|-@MVHSMB5ruPPp8)x8rJ%aX0cY$YTzGBmk!tZYLsmc?an zj$kl#b_vgE=l9Au5UHsnYuvi}l|zxsXq5HS%uJQm1vtfaVI{khqx+Il(ic~?@WNN> za02kan*Rq=QV>t}BfGghwDk<0Ylu7^o9+O?9ALXWDr@k2<&QB1_9yxU>d3Uy&jqvQ zmEN8#hmjvASr~{u_?VS3v17sxKI+n(m z7&#hpfmcOi8^&A9k05~_a3k*zWjh{Z3U}hEpsMf3Lx>{Q!f2Punm!nqg~!>)nJh|g zn=%lBS7&?e)QyD3l6hnOE~(M}I-$@RQ(uyHfI-FeqpYl~3#bj*YT@zNc@YTcMYQa< z!3DT|c>Domrq|F@#q4E`P=~smQ;m-Fw*2@y=8GhwxyKb1zea76&L5e14$bKAIrVob2JB3DooQVguiG%W;4^ABRKRqiu$ENmk33+ zS(N5l(req69N zw(uVI(MpinnZz_R-mPb|f&sAI7E21@;&njtz*CFsh8OGmj6(BbXF{cs;i!Ql@|1Cj zS)<=WT~w0-YDJ+={w20;p1*9K;5D}j=Z{Ok9IoHQK9R`&I{Y! zy88-~h-y3HpVS1`lcN3tF&D-B!C7yl_9`y9fgECXCtz_;T(DqsnRfH>gDc`uz6U_Q zZe1-hCzmxkuu_dVv2W$e1cm5fP-pcp@b+D%Rti+ozIR0|1&|On_H|l6;0YWfB3q2)W4*5q~j$ojo~?Jid9Sd@K4Ow_&Yj{(OlS z2^n_IZgD{}fau#jPp!}Bb4II(lU1^XdB2P>^hugwNZpDZIFMdd=CWcl%scN#DK0=? zgf}dvVxSzsCip^Q{(7!`+g|Er{7Kah$#-E~ZUwneh%rN+Pr3(S-+#Cq2~)2hrdH{k zc`&2N>r5{?YA@QV;c;I^907!=tD8mY>XP5;#jD-TXHI|$HZ%wu`|kZndg)?|V2+>< zv5XPJ1-b^P)zec(XnOz&+a6^-v!$%MXw@28TG|e}o{AjP-=f7IZ0v-vUQnWXTubR9 zdF?OLKDs@g?2=tFdK;TJonI#TvHVn4^Wt0D4sR#y-Es5WV`mvj{6G3?LQ%h{vDW+S zk6BFIm)9Y`VUx;5iyej!d|Oqvt=?38tl6Dj#_d z=B{?u{Uw^)XJO9;T;`8`C6j09&SdgzIQDIdlvPh;TNfoOd?%`J>qBv$XD#N3N^R-{ zrk{B&Z>X8g@8Qapj#vhE$+j&L=Pzn%{g8z{&!hcNhV?kXD;D!UHptWWtEhjZhW7;t ztj3r=W9d|$ysAn)kC!CcmT+}Ews&m)V=HBkDhg=S>o6sLV9?XySw$A$#trB5HJkNL z+zj=+E*LW=Wh){rvw4a)Opn%I98iNtO$F&sC7&?{*FB~m(IIO!y&Tsv&FjIw{6iaD zrz4qx=<*2wR!!PB@Z{1Wx&qY6p%vq@!E6$u{d`$ltN+&oW8k$sId7$EUYSVLde7J8 z2gkwJ<;)@JNY(bLy$0veGb7<8-=>bx8{+yM-($(ty(GBSQ`77n?*Y;6xj`>VCq>I2 z5^n7NIZ_9Oj8ZmE+fCc%F=ep1DKvTOyoUnLDa3OaI{*W8{06;|7L4t9;rr-nZ|a$7 z$)JpeXFu~hu9p%{Dm;Q$c8cUXr}X6CcLW?&Xc*Hex&l<0Ez5oPqc|3BHOU=Y&b-?) z(ceU^KN>BezOpiuYnW+)d*$dheQOO107>b--W=%#l=S7>20HcU`)^~Ox=GF)di$kK z=qa0Q4d#>b*ZR)P^mcE1r-O)dE(yzg#7@3bp{yr##b3T81a;qw>wDJV2>+CpMyry- zXRbl(*MyABUn3N>9_+ZQwxn05CvyLcu==HrJ8+OLZ7|IYu&o~C=BZ)+DJP2cWS#s2 z8NztkDm0nJv)wrWKK8L>!nTxnrQ#n{@sb_kzCaO~nP_PE9d~#zdFGIH25)G)J7~s* zRRL!zce8m5JzqSrtk0VDd4Q#LUABE3;U^Gfg!>S+o)q^te^mk1W6{~gfa6;Z8aoBXTLqTOXVa1cJCpc^ObtvH760ge1z*UB?S!!}> zY4U>`o}yl(msqP-{CY@%`%pkBAXb_qq-_hRi(I^;XNlg^2HwH%0{yk#hw%FF6)Q4v zj=VgPm{cca`zYX>RR(S%)q9_+BW@vf4ujH$60a4+dl&nL1j2(w#8djvaVS&i+)RJc zUK*|zDOThMdNZ0vF5O$>xt=Y_a=2zkx{+5-;P?R%_$hdEvu_d4RlWa719d$mToqNg zG~+jn>RrIAmDZxGuT!5)PBVJ^->nYcp$q45|W_~}{0QU|8*aFYm)JdqidWr~(Mfq`xR3W3pekcenu>|C+Fe6ks zcd@lvvXmv&Mf((eQ_t+Q_9t{Tlz!kH=}%lWCB}b|s?^ytltdrb)ayvNnUwdG*^v*} zRlT~N^!Py=zKZ)}Da~75Ze8KAKAEIs*){Q0O80KiuYfQsO%K3To_GR8294L70Q6F= zWG8RaA97_T(FDvAx&hJ~Vk%gTgPJgno`;5S;REfGj%3j?h<4&k_)F3Z-cNpGtB~(x z)hFQX^;Ok@2re53Z9b58|Hzb_&K@XdrF6KnJl*GQi9kubQbkhJtfTcyO5g1nLa>{% zqSyGrQ?Of+^|0mvChS0JJ&GSgB=luwWMKMotT(EZj9B!uuCG|izQ>7-_59U4bY`*E zx5?=5Atx)e~2eEH9KQ|9Q~!mH5txfFRh?NDBqw zHK4CPGWa#(QRU?E7%s8OZxSMQlO5_W@Qa@0CPax*#M3cx^BM8J`d zwHdaa3kQq9t~P}e=~8LIC0`%L--(>N6X#h!cid@)_dY!M4;CP|=XPCcbOE}>7qg1t z(Lsy;Y@9y8Nmp!BX|lBZhOsznrim3pN3xg&4c?YD8Khv}&K!pI!I}{ZBHNDK_{fSD zvh!b^?=pmWt?!9SisFD^pDayz#MZ{OeA=1_5Gif*HVKw5=YKEUcvQ(99liS@HlKQ` z+aL^;l@d>FGYnCoI|@M3s6(Dk>8Du|_?LIoi>VEZjM?9qN=BVvMa>4JN=;~cZ1|T~ z#Z9nXff*0mZ0M78KxcMb<)`jX8*ThdD1@d(&Im9O4q5c3!BCql@19wiTKZr}$5s~4 z8hbX}ySC=&(>q_nxq=bV=mEOlPG(Q8*L1U~kQ*=zG0ycrm#?;e(`9wSE}F7FY0XT( zI-FW11as<&fhqw{r+X$~$?~)KWEa)oLro1C?wZwmzhDQ|FS!->*=VvusZTM8?HKXg zE@9bIk`=hyDkBThsjCOR0X>I*#9bFk{d|_J60;LY%cD%%^Dd{1ugNDScg%l$Yejga zP4p)#RQeb$dIK&P`e}nNsc>SUAM*$FjIz46TVBK9zmYZwB z@Vw2`jFVfZ#l~dFn0O4pLF7M#S&OBLGMx*$>-YvwZw+x|>PmVQ(F zh9|AM*WB5hlh5@SV3l8`M$5XW$}jKvz$8(cgmrB4fLVGMZAY_vVu}y8WLOaSdsCpe za53_%?I4nNMgnnM1Au5YHXP7)8Ko-*b5Sz~O}{r97J+D`6K6_=E`JJK2u^f_1Qouf zbGx!<@ZD@KvuU5Y?yT>D&_Su|Q+r=xL%5>)eM7j z`xLGaK^VAF`-B0cq`||?{&1J1o85utSp)fVISiqAYv^$|#1OC{a<9+E0eIwNu-k}I zT-*{R@ViLVTW_TT0KcKhVbbh}4QnDoDA|bhmCzF=ki)nGc_FIebt!`UA!A*yKJFuf z&999ZN>JCnzSS08$b!PUUIoyfnsJe)e7aq0w=Im(*1x{MH~P) z&FG+_$ft@DrQ6z2b(%&5E`vQ}y8H9m54(LkZ6(z79MS6gY9Nxr0jpt-y7es}6K|=- z&t+^oc(#yF<=etocQ7eqn!#bW)O&*IyCpLiJ%?MD@GQDVNa_uaTG zwfy6^HB&BDqIi3LMN%k#OZ@W=6K7JE+}&JfXR7tLZbv$G>BDSm0Kb{l2GoUJ40P2N zz*)HYa2q*y@-mzu-9R{7Oy=G-e z*2(<`PUVgPnmz?|x5{%H3II2c(qHFG6aa`kBc}o!*xb%jWQDd@$)DANJDguRyz(y> zgAWS?o^<>q-ZHtQSyWvPvV1I;_wfaN)g&iXG|UV~xAV zK#}gSm;FA)o{%?r=RnsMg0j{0h_nV{GZR2PkCI#eL7(bH5x=p;hT(LnX)2uof?~Y` zaH7u=^J(aDfYY&9U!5HM-hdD)F)eTPDu#?aIyW|yNXlzeC#!b4Io0d zLah>uyGQDlHs~r|0Kx5N_DUv%@9s3_N0O64%qQ?;>ldmV^3%0F{@2%P`L27TPR}!g zptWhr0=#vY0N^+wzl=BPhogZCJ=M?ZFmQ8XQ>wPZDJJ6ibiHPc(jCORy&S-%{x6W) zGa+uTFPI2iLuBW`c86r`v(K2igy&SS$RF~-n(R!-3d-lo4Bvy4@5ZV4HaV{34XP*d zdT~)~*bMJ}>?>RZ&yN}<71m;;VMM zwW+bv`@3`U)Nxd)O7)-JK#8e5jE1W zu%6oJy*w3M(+Y;+^k{2pFapva!h7@eNrGzd7d%jjHsRjh-tP|rDZ-A1b74u*uQ5a@ z^=m9}fSS!f>31h+!G(AriDamZBXgzM{*OM%Lkv7 zB|php{PON;`u(W2{oeB{L~9F?Bixs7FNeZklZfLJyG9CT$p^-1?m&E?k1W%-Vvb#l zdsVv`F%H7UD37N*c`2d-?@%6Vjet_MZeKHi#QFS(Io9|fe>eymzju`CG5nfMTK@R4 zn3KIVE6dbjp`MCcE9RAd*XNMR#NXe8%qaEI>l8Gm$vvoL5}fw*_6f0v@OTK0UU4#s^en zcr6!tL@A?LZ_Ng%So{fqPWP5%$%32VPQ25 zcM=YEeiq#<4}dhJqHQ0ofsviLvNkp%!XVq;m_-hEceZb81>Y=xBdu%7SSwOnWAoTv z5ZkX{o-DrbVW)g0!SLEq6`wnAdu&{STuA63r0yT{%F>jh%>Y_llzhY3=xD>++&uA? zRcjnC>DSM=J`Jk(jK38d=H+Sf(#bzMK8ghBAgoxImvOVrj(Eb*y;pi5{8oSe-`1|# z)#8(`11H~uj0oi|-%ZZ+jOmkEUMZvKNvVauJ;X=#1bc%(yq^0A$9tk7BEwnA_i;k< zgD^o52n5&tY0zrupdz4O@&zj^2|$2SdbND1axt?Dq=c`do|d^@?sHn#!>D;9j%{P)U7|2-Ij|86FrF^P3$u z&F=fQsiXn}VZl!fa_IQ|074^NK3vn=Y)T3kO~dZidLJqvRN$JF zMa9CxOU2h=^x{iTk53+%1N}7eH{67mf-Ot@Wiy1oBPO$DELo-Rd`3A>alVqHaFs@}f=~*s0$NPo)Z}=+*jr{LIs0{uOmq$gdHpv zw3F@1fwGT-ZyZQ8pNr$1!>S^CiIMkXdkOzy&E05~)bn2qp7NH>gR*m;xyxwq$(MB;D~DQT37QRhgv+fNl~oVsa~fa`g6T*gGayke!cG4 z`W+*^03R&nJF!6XD|K&(U}Q-2w%Ur0wVTB_tb+45%yw0Ab+Vr0A>?dt0fRah1V~?- zvG`Ipu#~xg9A}q`#*XoKf*9`CMEmjnkm7sUx7!Ttg;&8?pl)r=$_F?hm4MCL=h9b0 zt(#PoO01oXV1f`NgIAP%vK>Z=&`;Z?H%mNNpVaS>qM_TRUNUx^$f4{{&so4nMVOk; z-^ozk$C1aVy0d6Me#W)2BSY>SlKW$<1Q;NMtx-b)4lGgCr>}7kFm;@D7_K&EB*>u| z+-eRWip^xG+RsJ!8S}eLHQ?+&$d}QFLV`l>1N0kda?J2>7CQ7%+_IKch7x zl>p10?)4Cey=697DI0Vc&E+RY50nE>6`%t?sUiVrI-l3S2}EH6U(|R2OuYJRF z-4TW`(EqwR17)gdJpFX1=kseEQ_u=cj-Y zh{cr@zg@crI-a$n`~8XTJy%BZ+R^K|;lJNe(`)$c=w|{H(jkMz29<>-Cy`@r$+xwO zpTp{6*vJx`9L`cTFb(AM7kx)lz7IIPYG`}3g(bBnyRDP;4EjZe*8G^(=nW+WKw-;E zJDUM~UsKCI**o{UNTN9hr$a zr$TGuIFcv)fRnHdaC(P@5 zuL!XwXTng;g`t9i!n;G(ctwZBW+2wXhOA&GSbM_AQSG^Bhy{btivdwovRzF()SKAs z#g>-)l}n6}r)-xp7#tz&8jYCZ&{f~tRRswhoMg<1i+gbv^DkZAeDLhJ~ zg^lgl7@^hVw~H)}Q%Yj`*}utSv~!F$9608S>scNbvno*FV}n|}yuSN;J&Y%lmg5Z{h)tW1ck@v;Q(r!G3ps zR?$~KUc%WsugXj{ZxYF!s*>xt<0(&D_}!y@>xNuT=_#S8_WL6==eNJcq3dH$>Ai1I zU-L~`Ue-A3(Q4T|-r=K;WF!1|hkp zYG}EKo)Te#jJyi@9UFjCcb91^;m)Bfm|57N2dq>@bw2OiegLdWIVKer!gF^v7${cx zeyUUlxI)XTtB>3}?};x17t6`XVUbFpWVnnQ@1LBUbZ@iH04Y%5Qu^j@{-68;lF04SQOPW@ov9ym9*Rl>hya$Q_BD4 zu*8uHKnf=j<5tY^xeNI48tKu32dsk?OqI_3KyV0f^t&LyO&bUxDa!qG9KGux!ol1+I0ewgE5P+t9t5hgPn(>Y zdW3QWD)Uqpa1iL+QDCpEmXt6-sa&XZHnj7SGRLnc9cx9;_&{Ge0RCfRKRYD5gDw|- zR5o$Gr{zD}_%ur0pZ$~8#+xyHPE>_}VS2kAGeF0bUT;7 zzyCidq5c*%SKaqxp;xqu#Q*C5A^UxHRD(q~;Q~Of0`3r5C9ls<3wZqr;@Q+sxyTe7 z1^$t}xGpC6se20$6aYdJKd75I5($>t{FO*ZGszEo6XbyOJXO#dTJ1e z;oNV7X)Pq&CF7;YCwZ<>P32{OAocQKK^m1pFQ+ofgq3HuNN7xksn`#1n4^H3HSl-b(xc;saHCRuZKYOx(Q$)iF; z^)tNp)VIy$R)pYthXy4(8(6uZ4yezLE3y{kRO*De^vS}iX<7-;e@w)m;X60zp9w1! z$S`%lS7W7PA{cy%wbOQoYyhTHiU`QG?VSeL%{+k}svPVJWaJi|0=Ocf!Y|=-*400yv~DKu_zSc9zeW)_~=`C{x9L0DI6Z z*~k@%XR7qQwT`jbg-F?n3q@FZ@-7S6hIp>b|VV{6mS2>hWLj^t9qHW&W@`)?lZFt6urm z+^Dzhujd8&k;6h3##!4qmL%LdhA7YDylrT)FqU97kMXm`2Y-Cy%K7xc?=`|<#ayx; z;~$=p25AOEA>y@f#492(`d*+$2TCxqoQ%9|h-qe~L}t0PjJi@J()OAIcOugC?|?a7 zzuqxFtyo+%=sK!nW;T+0o978Q($EFN>+O?n8l$BUfE>PRtR2bmUz&L5cH(d#=}?|W zLn4+Z+fz7Hh@szg)vK!5VdkpAc2qV6IM2lL)8R`)yLpY|R}G)q82+1~KE zEl7RM**U0dKV7a_<8VJC$v`t{wCv{7(tCHjFP$F4!a{aGVWt@4xKu-R&UbIg$v~BS*#4e&q@mI658!>M(r&@ng!i6}KDS z=<*b>$XM%E)Rj%^X(6Nr8ccf$T56qlG|*=QBPnEo_=w?`JLRo&TRAZ^^d6J%u)bK} z-gT~e0H$IP#H>p1rtiujU$hyZwXQSrKdg8{<-`q|A);phU1eW;In=x`VC3Q^J zmjVF6Za!%Cal;Mt;j! *}w$iq+HquD#7xAA|jK5cD36;urS+th06_X4^fG@wm^) zlpb736>N3Nz}drdK?*v*Icql?l>!mwn}C;u5voyT`PAKaW$4A<0OrUOc&#Y=9zY|m#u!NEU23V%q#!)Tolb_gN)kEDg}2N6hj~VzHf8S+!{#0Ha#h#a zzTpE3Z4-w(nEv8rG$?ad3cTv(37m2t0ov$%oZXq-D^-wXFJqveV)~mlG-Ro)f?c04 zDOI|brCUmn0H~1=pE&rhp#*+(yuvUG5+U^ryjo?1({B1Mp&7Qfw?8>_WQu#O;7Okc z+h6>_1Pz7_$a{1Yu9$gD>6~AT1je|m_K@f!>~KMMWJZaNw$mR~eFLjsE6n_W)8xy{ za1>`KHp0{-TUa6hKy!89@#dY|t7|ssLbXuSWAWW}W#f%U7tf{}tU64@M#Kcxp9A=T z^C3`x<*^9BwWJYq&42giM*7=Z8f7@u$JMZVp;NBjyt@_SSJTiop$@d($bi#aJ5bgm zIktH${Uv@-)g%%!AeSBy?tJ>qB?Eka*{J<8JP0~v1az^ESG=;+=@xu+@s8du!QoLrV#V3k&eAf^%E!;U zj!0szJ~y}1MY#_TF$u)I-R_r@Eo|xhq&8VJ8U_&Xe#6FYNv)F%tTExmsLvx+`d=#i z;rtG>e0h#rxjcqZTab8M4wTc9wR@2-SK=d}_QmzK5w8E4CfwDCrAS1zr&|9yXy1!X zyvDBgCER{pc!c(N@zXH(?Bvv^OZ~g>H9`K`6+Ysx(M!||>n!8`Yq+q({!%*xwKvM~ z!0!@uZhC%tw#HFDpYYnu4uGXCEZHrW;}DU(y?zmC%-dxAR2w&fS(MEwPJS!^QJ^o-Z z*NVE=e@5(V2-W;`1Yi`ZzZNYik+9!TfC^EUzSj|-!d}VPThiDBh<=J4ie!2~6g*I! zt^chjMzRRKO&$2r4%>|_;z8^uVs$7y>+MQ5sOa0=1WJL7Xti-)kDU8Fp@O{Qj;IQ!#%QwO5WAZw}0&LKrS)joS zvIS84wP%;nEAM)P$CVxSqURgC;;kb1OM|@lPQv(#_SKj(5*`$P=TXH4FWlY?cX&hu z+KhUc1>Vqd!7mHfgs2B!QkbQ+ejN1zJV|rTTh(6UaBprb+4*tq0hh5jPRA;5^D&dq zw$&{wAWSiFe)WaSU+8O5%Ebd%=0#K`h9SjEfB^Mvyy31ehPYS=!0rt#N;rLHE+cZ( zG#*BEBE*bkEYT_u-aS%KUFpc^Zuutc|4{bUQBii^`>+y%gmg%E2uO!?C@G*I0@5KV z49(CDqJ+`{5+W_#GIWWQNY@ZUNHcWvp7HrSpYQkguHSmsdjEl0v*y0;IaQ=9RFG@P(7SxftIR1_A*k38$N=~Ft71{!d(Y32>J^s@&b%0R z=SyMxs%p2|c1J7Q&HMgfz=o++ytGz+Myxn1h&D>XZb2Z;ncZXoJG38O>q5qDW*(GB z$K0puW?$>siwt3Y8>;YU1M|0=nPAwo7@k;NEzkQjkP}i_bCE@z^V=ZdB-}rh_x4dh z#wXcttt9@5+lNvw23Ce0;&5U7bW*Fc!HtJ(+9&4HtzEkV3(-dl^+9{T?5GK(uFPlr zn_V7l;~qBWPF5~AYJk{HnAq_@(bMYreb&tG{ieUz)8Esl%IeP@=|TWL?Dy+5c1MdhaRDW}UOw zx~a0+;9e9#*WL2VF+1$yM+lwXlf?Gx^rnfR4}KpzZF}h;E9~aluzfF%i-quM#g*SlLGdQpfzW(Azecq^2fdI)p$wf=%C2Z zwJg@!8&K3+(Ort2X8mXg>cQS5ArKX!45C8sL6l35IgaB$$G$JEgk;z>P-=5Od_pUV z**lPiq|_pT0#-(vP?x}~KRK~X6LbPJU*S+hbT{48T)2g8!8F#;g=xt42+in<=Gr9ID{?K8F^QjQbs_?Cely<-m6b0dxrFn zfrCCYS^UDwqFAgy7KyzKn8qu=Xj_Z>xz<%!$-6ACS?q*rix8ml&?Tn*eb-xz; z1~>J{{URGl8YzgCTGImS$o4;fO0uT{~Hz#l( zf|k=R-ZvwQ*;rxRN4<6Z$~;HUe3++rbQW)=qifz<00I-IG`~`l%a-?}s4JD@S{eQx zrJiFm-#)3+iM z1a6)7o}!rSFB|FJPq%`dxapw?HP{C4m`Z-A`D|lM&^lMFS<|;wZ?W4D7<|xT2o}JO zcO@e{)$8wY2*VHwtay+$9sPG%}v~4E4Mqj&V6%BG>852y<*N_LY3FL7De&Z>LJAw z36RA%;cK?s$0P+8V_0o9K52huTb%q$E3<{P3r=4$qi&#P0&3Z@;aLw{Gqy(>((zi+SrgTK8ng{stNP;DMb3f zP13(==T{JmRMARIB|ndF05?}9q4no7I;A}kUru4256vY>qoDd{cFsg~{s$W)#GHMJ z>cPZw_(`*My7H^i){&>KZ8F6!g|}If!}oGO@;>)n)DC$%HxfJnsImU}cVL$Ww}r1d zh3{FdN9P|W@aG#noGW4kqAS;xE+5)vfGXAL?{@z`NxP(qI|s+3I1eAGn;R(kV?W1( z3i_Bms;KtL6g0M|!P5w6vr6|}7ZXr_fliybvVOI+alJl9%`Or z{w8OE???8(S>awksz26aP3vL@kw;fB36o=Jp*bEhk9cO2MU>dJth#? z)d!n&AuGM1N3l<(GsDx}M>V#O4w&4uebC5Wm_`~Vpe5dczawr_q5wY2)luT;t+4vX zhaV@jpk;paVy6qCd=DjS?_ljrw7?D*Cw>Do5vMmOnF=n;?#~x)Tf%sl8^{Xz>a>Ya zskYzS21nlhG-7@Y5goG|P)sF?=S_&0vDz&noUk{V!B#X^Zc0@>)F)y&x@nIJD7?K# zi1t>{A%{DxhScwR((X;`X#``t+f|Dzw+|ws>D+&6|G4Lol3esk4#OKZJTs(9VwB@6 z+qG>lh`U$YBxt{-R1ndVl)v}${17fRy|L74P0@)D5e)}QOP5#Cq_qaEmbIH_7fP)p zf$QsMM>2S!kerCHJ>(<)>U;AOgAo&9PLtKj#vdFeq(47A8q1u=(KFzwu#&cl74^<2 zTp28)@%BO7UGqIQ_}uMSC;2MZ;<%tHc(CEOZa&q)p|*R;R2qE4)%9W^Kk`8tfTef0 zvh&&1)FVo>zoLMRe|#EkFig=-ArW^HxO}fRO?rUr+0R73LEl7nT4w$2v(-L%-DlYV zfa*&Dj1{Xepj6f7elvlUasDG-%{rQ35m#x#^!U`z=lj)GnIFT~g-R_cq4991DHUOm z1oIZjzc|BO#)+`f}2CI4IlV5qq+EoUty-mMTn$fJR^z!WTmsSkyib6!WcIj(&X%OodUa2Q5 zOa%+a7~+yu(~v$K5sq@xJHAnUxp{`cMaS3XSLxn{_+!6~K~lTG)ey5EP&#DMvdyCZ zK4v;>c2VmDb#|bdxG90$N_e^MdtD$lc<$u3t2GKhrTYC+x^E7BOz{Kes;-pt;th8W zU0j(7#j8H+eI_0h>G$Zde&}GEA%^&ES*#HA!oYln(P`vF{Ke~+wuQ&v7;5GUTh5Nb zsvYGlQ>$tDW^`_+hO0qLj5p1b&3b8ZF&30gCYHwrlu2iNlp~9H7wOu>4~X_w75m&p z@#*SE3CpP6T)sCpDBJz(qsY2*0VqmQ@bVpna)A56Ar z=V+!O!6Q;Gczs|;;)O{JjYd zy~h&e4xAUmB6fY)aCDrk)V4GogB8C{`linh{yec6pdU-Z&K=7L9(^)L{{|BJqG({R zQC?G6=hu|47H=QeFdktC7Y3oZ{XEE^D?h*L87lmE4}N%&v7NeJbP>+*;YJrrYR`3r z7PV~w5$fpw@%IxHZ<_?wdCvP$Oqc}t+1iz^xBxvuYF-WE$G5rudJ;w$m@pz)OMzDF z*r>%1z3AE0WIPzKqYlwPwO706*2F#Zq+RO~-G)f0_V`MlcyjGQS4tn85_=XK%MBue znT7r91%u&2&4&2Hy0z7vb7||RH_aD29n=t*nPIos(`4QoyUeHl8e*-I_4ga!c~0Br z-{(_n!*zZCV&czwffy`Cj_1h2Fi9sdr?9Y>qgXst&PeH5H~n~|Gw{bdvL=jH2IhZq zeQ+LaBT*$eAiw=m+}kTZ@i$^SQdD~(BgD?D(6~&#mAVWOgj+0Xz1OF7-s(rta_xKq z=*7os1|$#p3EvTQu49pMNNm!*d+89l-3c2AZGMdbRJ)kWNOuXwcCZWe?$p#gE)~h& z?DhDXpED78lIyRTQde3&T`S*mLrP=m2hH4YxAq#Vv|HitfqBL9m3|MHig>1!t5WJS zR(#Cs1M|xL_VvF`$y+oHvOO}WMK-@Lih?r$@yM?N=IT<2{%B~C~A zI|6?O>tRKn3)nql0zOeZVS<-gU^7~@h-O?jx>!)fmMJ4bL%yU;FAZvG-@H;&UCje{ z*6a)I-^BlJhJc1jxjHux|m)3X$Vd)jTXTY_wWtg12Vv z1^y$CnHT|&P#~#@_~-Cueia2}(w_)oFj3iY5^!KmGZ|g=M2v{?kQd_bDaI|!?M9l> zDWSZQE#lEeb0H|d<4ek;hoO^ntFs@l7x&hQq8xBQ;qEUvqL#BVlF#IVITlb94~@h) z=)cw|kYgbctr;Ei4Pc18&?Q}6-DKUP?mxph$Y_W!`o|v&tfm>SAKb;#3Q|Rf%qpLK zVbxs<*0)|#tD?XhWRtrEv3l;s(H_E^3sC!B|I<~zUnABxNqoTm(%@PhW*&3Mk#eAr zUD2jD>rY!EX0|n1E6f#M@mni(t+nB?4@ED6aL02K#2?~F77)1w+zrnTXraTS4GWk0 z;92SaHZvLLlo(dgUijjt*c-Eh)q&E9%!_Q4mf~B*6`pZ-XD&WD;C%_$5w=m2&En1* ztC-L1T<%5ZXKUErGaEKTo4XuC3(-#njw3=p4(DugpnzIJ@+O;YFl^QbMrq5a7?A_e;Wa`3a00Eus^R{h2Wgx=LEHqI`hf0k~6Ddqz-*!uBQjXi~k zCfSFW5AMMt8=eGdaXzzM*e;>9M^+{KN5|*Wgn;0c_JjLIefe6g)RWdSa zhe3T?&0bpg_cCbYgtk%*<34bhax8#ExYjyLa*!RnbTV|fH0Pk-F|tj91*qhA-Qw?T zq9W~pL_L?sBK1!&5WxN#;3a>HJPu+aD-hay`4z9Z;aglQ^^@%l^y_BHFqNG46k%yR zx^E1CifwRPCP;KV8tWnK+>vU|ueIOV4C&@Nvk(V2{`*exGk-ZasNv>F1dme9tzOnf z5o-^URk-kBXKF^A>bVa9Q~PD1xLVU?J{ahmDa!&@ZxoeUAcTOO%I>?%f3Z2f7vQG& zI&uxoc7L~q5x{0imij8x_6$VW__kPb-Aq8!ckEy70M+Hh8ML^T|IB$*9Q&)oTeK&@ zev~LLN`8OZnx@pQT1i%d;+lz+y?7V_e(|8p3vj_C(^RAX&d&l;@HCxwthsdmzt?aEC4ruvf7s9{QUga*chh&KXlyCH}3B4$}E7`>d;kg)jpZpW~%yPn1#ewTdde;xnl;r1Q8G5Tyvj1f+FFH-?y;6;>1Equ}XQJIf zQqkvJKn$A;z%(qBL|!NMiE5n9W*?j z)&v`?s;H?&Y8a^<Zj7)RX5qP&Bc8-aR@yQ6{r;DTKAg@kM4`hW=TP2P28v98 z$}NU<8-l6!G7c9Ao_ut=Gf;6Hm!K~2uZ6j%)t3Mb+!s)^Gofq!{qw@n`GX{_nJ(G(#!tgQ^J3s&Q#0EA8y6KNMu z-wq@vprc{Qzb)ONLqMDtjs~0KDjRW}+$EEf#>d$3V(G89-I#(hHV^kK8+W(KG&MbW zMlz>6Mg8A3KjsqIzIntOSGFOPGmK3v>^wTg3dj>Q=+;I;U}e0K2W_&Y;7t6x-V;$$ z`l^+Aqq(T8pw-W|U;y<M7-8oRu9ecuJ%P$b_-nb* zz%E(WnyP_gtd6p;gVShm*vLyQa=?HjMsa34gDH}Xgahl^Ns&r#K%bR|B*>#yLy#(p z*vV?3yYZ6$?}Z8fmkU8cOZ(vi9dKQ))~o%$b27^tbS}uSOHRc??TYaGKm*xxTJ%M2XYEB9FttS!$65!sI04;F!UAv-Gz?VqL0eQ& zBwb=$V?7U)&VTWX3Sh-mZF`meHgiJ*DX|I$&Y9{yjZCoEFCdvXc+QW42&|MxCMDB)`zbDKh| z^1pNQ3NWMp-_HjsNQYAA0*)|DDzW?lIf2UFBF({e>UH+)FhZ3L$oLC<< zVY^X|zqx(j3>NX?H&FklIGOXD4-{h4NPl~mgw3=q7*h-gUq>V~8*Y_=ZiS8L{{I+h zU(<`D%?Shr!0>M^SUn_XoT_WNasYHcG97cSy*&2AFkaubTTaB6D3^10iwVpK2iDim zTfd>0!)yt%Ji|8oN~Fl!zUcHk7`(Nr$Ph1} zy$hbpc7DX~`buy(TNxKr3~1Qcj3G|7)E||<7JL=_geNeCEs#xRd-H^ogCbG=cFb*g zMuw&tn;XV!BU3P&vrHY8^7Ch2CmV(D>^L&7GslPl{YdwO+molXQVSV=$NC6~_PXNI z??nYne}D||h{jCXoe>CNS6tupnOs-el$uBFf$@i;6x-}2e+hj z&shs%&<*Awe2ghBDiixyy}&FWBQ&e#nMHC1o1n7 z_$izeoq7^6(l%2TaJAXw#dj^*a;A>B`MEiezEk}ekeLUF%;2lReNInDq=(jQh;f7aK# zc6Rt)vC-0nGO68va$5~kr0GgDifZb`XjUUt>r9!kNmRuVkJ#&<{6V&IxoD84Ccnvw zVv3RrdRj_{uUTIL^@G&yGh|1~DTyQ77xV=_wS)8&e)HLnZ@cZE=sjonfK%OcL2Q@v zxuC3!XL1wd{oYsCm^>US^B?1A11jMWpn5@1t&q$$G8SL<$&cfa%@!a|Ya@^>$lE;`6)c&&yB7nf+Pcx`}{*MF`@_&N@xDukoiC*RkrdLG)S^UHA%{n%4j?Yo~&`)UcR3H`hr48M0)s>Sr z14ELHz3&2)tBFXL=dO;a+UuSWVsQzHlZUiA4AJv5L3IX@rm?*Qiv@v~-szu4XaUs* zDV5ynLSN5STHhY{`Z7Heu=}@@79=JXy;XU04-EX7)I!^+CDI)LaT*DOpWTWbh`~n@oFEUE~T|4V09? z@oOq<-Bsg(N)rnSiYffE>71}zgn(-j5n;SbEmCVXd%Gu_?fLGLVHWl0t*)5kO-Fd) ztlqzbd{Y8NhsHek(YaErl3`?DN7|Bttq#9j#NM0|pf?lQ82O*AD8`-L)BT0mSl@_v z$hR$Xxkzxwl6krDe53e;Jej@nw@-B7pKxkNKIys#^ldYVy2iG?L-pMBW|_t^kN%iB zaRF~)DcV|9^(-kGJvnZLmXlD()q803fP<#7tjv{^V?{-bIf4Q9W5h*)t5kSkZ%KSDe(9xLG`S|BAM)*p+0~s(Z~OXp>qUch3{G(oW2(!OmnW zUKdbfQTeGPs7+M4{Cped6cc82olgfVXFE|_0|kWo)U0bnCuxo-_Fj5L=lr*H5SuF% z5+uStqfYLP_-VhsGpgL0CLyl+pbfAJ4fwXL5?;wY^qb0U5I^64dPR80-64BHU1n@l zRlL#dzOI}gd!O9)Z=$`I&=A0ethdrA1EcwZGm;&L6qK*2TdIlYx z(`iCZV+e}upbG=g{)F5BzJEpr+y2wP6jo#FYudus9ZQ-#uwNVZbHJ$8Ake`ceh@`x zC5em=@+ksJ%RV~|Jz}AOdtvOU<6}pe7~1#t@+5cbM-wipI3bT73a-fE=V$t#!}oEa zu4QIGW>u$*rJ7j*&l)*9~QYr=pm-kBDFs}26> zy@M9hC2iz~PyGqn^Vyu0mXjht5WMK5EPF= zrEMQEbI$3Cy{!*^@&m((kje&R!#e2;=Ff9ySI&=;pDJk6<{>iZeh1L`#Ac6~N@ou_Yx$vMrS$U%DSzy--^!@x=b| zDoGtD{;|(SG+u_6V94U=-MsBj+xKa9=!akfDWq+-t`>jZ^qI+_?Zk~(=()Sl^olt_ z878b=MPRROlq7X;>USC-)?Ww`qgjBd__7I;ajC?6vdEf|VM*OSYZ!btZbLBk&+wCcJ?3m;kWWdBMsuKW{?C%IXhS}l^QGxHM)N}q$F?ed} zYLuM{>}sP%sQJVaM{TXs>B`HQJ4HIf_dpfKuQ*GPslEtb`+fRb$-wEl5ZtZ7n5qOq z1c}ajKA?nMPlzpmto6ylB7hxHzI1oDIQq8pYh9z$;Li)TAceQGf?ZH*DysH8^|W%I z6Gs|xH*B>e?lw@q$Na|r=VC`hg)>6Y&}$`8c#N&b@)5{i=!t54-3Ls#{JxV0$W0WJ zCOGbRl+x}=x+VsJ!}zaI+V__;T@)sgjv05*e+oEESEnxVeQbLSQ^#mBtsT?R4v>P^ zo1{pEUErKx?gY%uvA^l`mb!s7pRv_K=A|9W1Y6dOyQH{G7X7;$oal^?Wsh}iAg?ob zP89eu<4Cl|QbD=#9!2N!`S#pCgr1Ka@j>27>F3m?FzAe@(0h8Rv~EokWeca#_GHML z5*(z}IM&1%C~)aO>pCYk@lwjo?G=6*b$R&B~Yik7h(#9?L(7X7;W}^QB)?!-X7ozi&Q7mDyR5|D)Cf z@kLO3$e_*`Dc7eTQQ4Hf$5olMN*NVjE_Syf=*xDN(wT2Oz86HM-;_)o z-274?SX_*tr>i@OW4Jt@XmRXYlTKNnnGN8r#&U6-9l>ieKW+uC@ttHtmtL`^gI!%i zXUx*?8$|-1JORbe31%-I?Yf+_dJ{q#@9Ep9Dehgb@cS;cv#e@F(+ss6JVbVP;>keS z!Xk_{av&TO^8=8j=*?w``Lh^5K4H(DS;S`Gt{NR5(#Yao!AAClR&9ir^lWiIPh(3l zp@{J%zfbu5)x}iiTTz+e7bfxyfq%`J*1wAh4{e1IQno#~B;)T>z+rQ8<*Xzp@37X! zeZ7HKV&*jc3 zl#8J_6+ zCpGd6kQ>b7nKG{r^LyH!1ZVinuF2eZ`52!a%T^6l5xCa3NqxZL=gz#CUF-Hb84vO0 zkI(5L3xMqejWNNMDa(8w2;aG=yJxv=iKB$&`uKitomx^Ca{Yvj&qp;Tuz9yZ=$MX{ z9^r6Z%`s>|+|l1lv?XD;7%}v<++XcZQwaNp|3W_o`JkAbrQmw|MRE_nU))J3Zg@KD zVz=<};WArc=ShJ+)@2>tciz`N%glMvTP!0D*Tv6qh?d4E?Z5cFgQjr=+wo$c#r)mE zl{*cN%5{e1TN$1?EJb&p1)Q!DiqCwh_kE40&lMbDqOtfZFpPKp*Smw{n44!u@le6; zH~d4GaZ;-a)hS3d=4AJ|2@x)R_3n|*bS4TW_@t-|x7UMRk#AEyz>gE@=E`{{6YeXN z;d@!0m5(K}Gy63onE-Mk`Jku==M@CLRRLFBCYN3Hn|UVZzmvBVNCfM&;2n7c3Z);G*Af-#>MAJqyB@_xN>{K1 z^(Pv{%}>&!Sx-IDWg;si004YjiL5_beK+8@s_M@sbx+^Rbowy zxKnte(I#+{L3i!DNX1Vo;s<+t^Wyww>}V$8i>|SvoCQcVb1Q!U~O~hnlx09@h8(>z1J0( ztmKM5PQu=~v>as4{w@Fe-JKF7HrJS@G$J{iN9Hn$NDVzB!*y^{_Hr_Zf2TQV`C2Mk zld5-BykPx3qOxA*Iz7DR;#C3CoRQHwYD%8|vm;{4_r-ol{KThpMW08VX+Crb@s{^{ zC7UT!vYxZ$N2oFqCrs`mPL5|Fb?#5h^Ax&Q zbi7ZrPXG@nx1APopc>GO9xu;QaQD8f)-RZKJ%Ls@10kd^DvaRzwR5ay)x-LvAsOMA zAwQ1D!P<7XZPfa4hxN!YnPYywLH5z32A<%u5{KT4C^CZ)$EM_0HZVo0nnol-K$p@nt?hirIFXTX8LvXlBgR}Q+XBz*s z?l(Q>%hU}(#@;4)O!Y|!rvH->ZUZ|&kF8jN&h-&Kz2viUHV$zqdse55bu(D6l=M3K zQPLQnD&@1H;rPim$nMFZ{MxQ76fqvpN{$;!9m+U2FEAdo73Q?zd0)L!9A*eMqQz2GDs$p9#Zt*lTiP)B{m1=&sX9yReO5eC zd0KCqcQshphwkgn;3B)bee=tVX}U6vCR{FC2c|el1U|T3tm76U_~%p|2os4Rh6XGm zeNw)zoA6Md1)ms?P%lWDus!y+3m`_t?#?H2=}sFT8d4bYc8v#QU#nod_^;j?oReAW zXo-(_|GS* zN1?LH;H30YstY(}bhY3xNr_=62Q#V@54t%Fs_2~Yq|*$7JB_iyRsAFzbc55N2r@Df zif;W0U)fKwMJ{heJ*h`B4?09Ld#E=bHMO7Kgh|SBL^KrHZa8ZQL8m;M7l!kA6*?1{ zns5d>reZSOItSOEwBO_>-;%l2uM~WLX4^qaHQZNoFD&2?E$%Zep&FDOo@%D_$7r9k zGdwBV!t)_r)=xbQt6GA^ouR>g+`h+eMd_ruGwD0#{p`4r$9qY5&E7-hv{B876n4Yr zHg;8*j`yi4HvJCgtjz4hVZWdq?AK2uv~MlD`w_KE4kdDd?Etr{g&R0jWzIW-gPsb_ z&F`8daEx|ccl$asEOS-ht>}crDYNKvmCI`T3u6c#_aO+=NAZti)0=|QE-RkH0F{=frV+jCKe0DK79ha>Y%Tl;WwCF8N^cB+sWp>KAW#& zB$dU92+i*|_BI|xv{>OE7v~NI)Fk8D zzQmABF!sF(&(0<~JUU)1I*A@~?3D&K$gwF8lZzs%#qN9#KL={5Ms;$JW9h7 zQuP1XH=out`~kY-mEsvi5nCr}T#w~y<&kBf)%aN~e^x+JGFZxoz!Y9dkeyp&VJKME zIfFG6g&>gm@K`Nlk0j5v+wG!`UAz9~Oz4iHstf`w>rt|%-gM*fTqoy^49mh9=9y~G zzy1Dn!s;rK3I5dg5s7__{V&TVcVm4IV)KNFZ!KDz5}6JQ&1i!PLdUyefn`^2xNy?)~?;uw$q<$Ub*K@flzL&upY`Po? z>A8edgVwP_Y>^T2%dxI4V99XR$|T|}X?T5pOn#F_f9|LWi`)ttv_I*3E9yE>{p<_v zb%yR<`eSSrik--WW)$yM*#oZGu zV`Vd&>eFi-PGk}~3Py$$ub@_wQbot4%HzIg(PTZ1_ zH#74NawnI_uhcg?)-Sc|C=@scB%)2~l0P+;jJ)Mp)-kWVD()-H0qC8(kZ%or+Xo&r`q&G+@7p2vD3>Pw7s>HeWfd@9V*fq5f9F?k0D6Fk*Ul z(uWW{^TNu<9aqtGVl0DwjPQQC)nljECb^Puy`HT#tKA>$6OWH&*L0-3&q$dKmD7RS zL}C)}l}Z;9g|GT0I5gb{Vo9UrN;@_s&Cy9s-=j1q z)6}C}GutyQKUo=^jU`^!&TCs|mJ_8cx{ZCI z6qiyY<`ZY=?ra`CUz?wUZ-q%JHdqy^HOJ$AG#-pv>XL-x$?5$>3|!6`y04hgINV-4 z_&DTKNfTS=`|0<=K;QcMt2b3-$d|W1UtjwV@p1|iqRBHPdyA9z-5@!9*}}n*Cvq`= zTt15i1LgTpwluRVrIJ0cei#+qr?K%(t)nS`@>t2u+8#sb3oe;Vq-cy8j3k|Zuz!;6 z`7J5ZQ|D!A_dE(cAD@eQ`v={W!goqXwA&9IqTU=Jt)!`Ny95zfZ}^u6C23Qa7{{$V%b!-RQyBzcr4?aXpo#M?TT40v}L3F(r9 zkb_xY>5|Vvp{sd{A=6#gdA`%N5w zUT8Oa?QKXB+>a7XS4lT5l}MeJIO+C%e7A=H2bl!Py#`3w^?JqgEpf|i*4u_~+MeAO z-bhk=2%yg1E8%`ctI|2>t1P20nnqH1K-kLazAH;@*OzyF#c?h zcQTH3BY}MDs6Bj<6*M4~+5Hgz>6+3f{_j&*J*JJ;nSSFtX)S_^+!tTWem2|CxJpvh za(7jxQqiW|>JQV{Wj`NY$8#~}uKmC$xSrca;_2;5i0)r4R`&GMh`&{syOoX*oM&e~ z%?p5AN7@wq$Y6Qc7!_?xq^R_S@2aua3fYW8^bq%nKowRTC7<)`>=50Jl`<0vd-RZm z$}yne(YLTUPFDnsBT~);MAEG1w}KLa==WzO-eD$-igVO>K6N8l7L%kjeN!vnNxfOW zW_IinFE#xkVReqrePfjWlQ4dE+o{=E>8J28s73hizL%ZI847m(V%Il@4K9&&=>r65 zKQ6kGXwE?Wz3yxL!pB!B{i%jIzVxp6;uDo=d`stRuBLEL4I}EgPoDV|WMXWYMB#c) zZ20_}K^|x;rV`^8;rlLeT=kK*CyCl4EnfFHBYIOeBo765tqy2XJ;h$Tm-;BYqn?Sp zAyy#SOsvJf$xH#K9Tc>0ceOJL#s3F}(EBe8@e8jr?GqQimMc@=JW}B;eO9;A@~(~L zZw7boj86m#{?(Ox3Xu-88O&@>VltC@5tei+;>32{zeMS82?6?PYI8b@&Kv3_Dg9Bv|upz#>-L(I1rhaPXz> zW7||UYaYw)yXZE*={`EW5=zLK2e~(_#OFb@ww2Nz5;xAn!`Krk53Atmt%F>3dM^M7GTB+F~$L2NW`E!9?C+RhAmc?`x%2SD2ghYy;i$-VAkbSeT z?bf|o!Oda9O`7-HXD|tZ`)X77$DjtB-3G$XbTZ``WU(PPyPGK{_UjW+Uh;ytVYLA)S$p zFQxF1U|E~Dby>IA9)$)H?hyp3OBp!*FHHGrvtCiE7g3@pYoC&bIzww0w`8;NE|t`a z-#GV)_uKB`jLD_H6(xe;*Qn@t3DmH_WAM<1v18aJpbnbkyu1CT9GI;?Sq)F8-rH_% z4qVk$^?#=7YRK>8Yhpf`c`O-RMXp%krhykpiD-L8Nz+wdT&xqWITwNQ4;Xc`Iw{c1 zP>)TiVV???3#9* z4m~RB_Gq8y{msQ=oK4aEf#?w!3H!PSJdRS@!yip;?X6q!^@hzQ5r`Nz#|SGh66%5L zF<%N3KgGtl1I8ric^JkghW|t;(-suIu4XHuf{M3iT|3)RZc28t){hthq?OP2k8TDR z8Dbh~)bZ>-1-eE~p%h4R8Y5+5#$Rrzn38y+eYr2xfTz@GNDv!=Fgk)Qd>Gb#oTu*?)_r(MGiFaW2LYTBcTw62f^XOHEpc< z(YHiBsbUG6rNjg!eRVbYuQ>9i?ciZ)e4!f*4B*4xp)m?m7EF_^hB4i*8#Ih zyX^=$B6jes=~n^lQ)TLd26>yL*QS{GR7flR){GqTaVg<<5ypcH>G2k)hdzl-Lgly| z%fXRQ+y*q(Wi5pfg81mXRM^8*4lJs)4;aofj6>Pl2$bb;(b?vtRRNKhmL11Et=Kx$c46ll#)D$TR*bN6j?7F*|elR#7mBXLoYNi%?VU9akWh zvs(T`t(PN`d`Bk)=9-$kNg3|$pLHw3DbNy`LD#r!jS5_X%W+%o38OO-z5urw z#2&>1&le7Pg|2fSeCWDu?0RyfH&%n@Y2@LPD7);>H86;K~z z1S9mHJ`^q|#KuQsfuEn>ab8fSQhRAkN7cYuK2vS+8((}D47PW&OmqsQ9eYDZ0=jpp$}tU7ssrqWZTxcLYb|-?L<;#5* zCsNn7{>MIzbsd4j!=&EF^zFlK9E541FCO4m-0`w06=`s_HIt`?R z3o627(NPQPc0vIsb`TZAhhED!3O-IYl+4UIKde?5OwcEVLp8B~{c&_qnKq`oTsZXp ztqZ>VXCx|*qgb+k;!RRe|OLU_X-RRwKPrmPa z?|bj>{^N5DbIv|{@3r>YYdz1ism5=HhH!#|6+R|{`pNIFjo$L~lu;9#jYU-*KKD4p zydEG|D>Qzk6Iu#moNJ&%ulDqlr-y^wX)0tzuKZ#_RFCH#S6{e7xLUJ)@=HD;=mX)c z(}k3aGUt&ZOd<{pXt`<|jPDIR!x0u14#mywv3Uk}IG#cesKsJ_ZH3WC`%^CD`8`@u zv~CgFR%AH)jXo{ptAlow5&eAEIq>axZ=T-;zGNd1Smoo}C4f2%%wIM5i2xzwru6K6 z-*$2kD)~maJr)PW#eaDJ6%NjA@c&*Y&tGC+AONmgQG3f$E0z7bsK2y^p}uSUD>Af( z*IJby_wQ#Ybcg-A@(B2kd6Xr4VZE9KKAIj(Ttn1Swh|1Obc{RR}MiipOcpfxyttEiRWVBJ7~6s-|F zp*lf~jr&6jJ9_ET09gr17=%tievtVq5en?O?KAm^6 zRPs1E&zhZ{7XL8dPR5uqbY7B8DRhWIC|Y@eS=os-G&Z()Hm}=0jqyQS6AV>rOmnj$ z*0e{kglf*e?XXi9ocq_-#zg+S#`GNS#Id7*AM`|$=x2_C{qih+@`zae_jqZ_S*Co9 z$L2)^c@vcSIIki3s8aOtzCotCaJB#*b@H;Ap>h>?)LhomJNSO@ihpGe5hnW~$*x9?w?eS&a@xUOwvn zQ!p7l=wA{nM&%*Ay#xMGDVemy;coERMX_VBMn182Cik4X#58wNRZvzgxAYCR-JuFM z9_wCHgW9?P^ABo9i184cLHkaZGED_~{B-p}traNt!(cbu!Eje0&Q z8T}yPdDadit9+#mni?$knYNv(WST~DDkfX*4wuv$wmJNoZ>jHOvzg>3s*V`?VADZk zV~KI?`fulM-8<6NaX!C*VKAsx5D`rv_ZyPMEzG-xG9f#_#)8z>K=aNou*)obK|J8@ zLT((_C)+GH7K;(-!{w5E@xcoWT2jG$oRL1J%YV>HGkk z1&$rb0v7d+3hjsy5ly`Te za?UEA!G%5|P(S#E5(-cO&jz8*hg;x+ySXRUQugyO(S+ns05-w{uduGJ%tOoVPcG*o zw=+k4^KBVm#ZQPC_^eTTq14tl@c=RP8^aubgdXQrJhb;+%HE7;=Yb-#zs?~>vu>}f z@FtD@@q?&av7sl`*2B~&pK?#qCQ+9DBM$G!eeM`UFsu&JY@t<*pA*>;XpONL72GrQ z4ReZvI}9fdVd@j|0&@SyHOl`q-D8&72Jwj&^}*UPL`Ffjn`A%hT^ICVy?}l0q>UXn zA8+XXV8h8X(qBH(mYqa}&){a|q>WyK4}H$8rv$!Nj4F8eh$BE2s$aGb+jxutz*$GXh%L&2y9)7-n z&4mx~Zni!mlLbA9tSVdG*(@ut!Q83aIv(Qs!s`J)Iy83}%oQ|r7l}x~HG$6UC##Y& z!&xSAqoSED?ZIM(+Cjxlp;~vGZ1WWOlxQ&Q{TCX0@lZe-kB7Y5yUH7dt{IU!<;vT; zyHW2-rZ4L|M{YK_DgBnkA(n53EZWVff3KKgtD;=3BQpdJ6*2a2%;AA?GTa(b60t!HXY=dGTOY~VRlK* zo?6UTxJqxa_*Y4P9-m5*gS_?Pe2cx*96zwXR~mWIR;ajB9HGvS7iJ zi)`PtI>gr%wUQ^M6OCWirxsxC_Ux(;{`G|#wR8l;ZTy8Kg82x8W@|&#-jZ&<9Wc7; zwHmr8DijD;PKx)6FhvNu!$qbVALN|9ihwTF`8Zf$dB%90ctBKdk!6zBC|MjI3}k)Z z#^0!_Z1+1zY#$z8tophkf(ycp)Mulqd4xEq9Wb2JjIo_cZC@u%=AFVwX+z)`WMG0V zsG+U7Tuj}dg5wc-YrV&>FDe+9tcZI@`ad>f)#08K^<`eaDI5&EU0Zz~L0=#Fme6&; zBoP;4-tX~luJ0aakM8g%$&9}KyI&h?hg~6JZt-(AzvNzwD$lL>_K+PdGbX1^Gkq|mEUCfRXfosAuE+v@m3aa8Vo^$E zQSDv752y)KFU!Gz7@@!|+3q&+j4`t?(39W{?+{?JR9?lyz|!^cRvQy;_Pz4x6gC9- zsSbrf)x}D&I*-LS%GT<4Z-dM$)}1+bUK_T%NWD5%1-?Ro6Rvj^qzEZXW21IY=}3~U zLOuSv2J6r68xdg7t;M+*)!s6VT@D3M119!~@wvqQC=(6k_a)hHngi~7G)nG2$7+xx z)p``V$h5|4f86?w#?tT^&S}&Wp)ipqv)8_|%@8oWXHnnIAAqRN7NeSW(yz&VNB?wh zQQ4t?QMva$*{5*hZtL^b7l!QJ6WY&j;Z{60)d44HuhYOa?#pnQWJ%r;Z)t6V2~^i# ze-fS-8F(=-XTb)tP!B_uqvd6QT}1tO=dKW_FiwlBFWSw2Y~r?3_TvIMVelJv3&a#4 z)A|fPY;zLJZ6%(DA?YqY&G<)(J$N#nDRgoNLOOMyRDOg=;`lk1T0?Ag$y9@{JJ5-L z%PVP3_bVUgwlvW?R|C6ZkO9ZdQQ8b}FOuOYy_pYJpNm ztgE)>dCP(H4DGGNfoT7h1p)${>F}60AKP`=6o|B45ASM+rLM?*rfi3O zBt??}@fZwjsQ|+KRxa5z&s){$K&mBhsxqu)m;o2Pt(Mb$SP`Rw6`hPHV)E&X9M9J> zySJnf<|EUR(YT2mTCayr;(2?t!Q|^EX{=`mB6EvoK|nnN7MPPA(pKu#a`yHIzF*-% z+25o$L*9NWyCGc2{stpmoTG@V)q-m;OA5NpxS zvb|M=j;b}cjh6d;bF}+Y zlhmLTH8bOE#@D)$4np~^zoxPYj; zJVsuBgvnAg7h(d|fnd`0Brvstgw4-%@WH&M-+TTv<4xa%iW zQC%r#Ewm;l2kMHvWt@rq{oK(3(8N&-uYI{1_I*W5&}>wdyHt zjn{!sq=473dh>T{$MKXN#G-lCyOyMCw!Mq}-nvgecCc5N{4spOQ*Dq&rWse3ratg$ zL)ydq*RcnTPb_?M?m^dU3+9jZ@4O2L`9WGu7!6FQi)g*mMFROPyoQ0+2OGWhPPivV zO+oriB9S%6o+r@knrRw3NY#b0ZIX*x)S{;vun3(su$E3a#J&2bK|+W+97d%4C-&aS&1ItnbZ7`i6dVAWofs&3qfgsW=>H#taDPxp&T7E0ITs0++Z0T1hl%__XW0 zq4K4M%XgZ0<+7V!TXZ7BaPN18)=gQPp6twmtVrk35aHC+lzk6--Y>0NQCcLZh3@!7 z?^M|XPD8%ge;h)mI5qyQFXWH!MK_Ks&EXExbybPz@=U?0U4M?(c95`U*n72=T*?orx1ELC^ak|SQdH3c zQWQ3g?GlNu-|Kj~XS}Ddd!_fq5LQ<346g1mRos?sx+W9T-)$FZm3(m(dz+OQnel|3 zv}y~+xO!$x7jn@xb$|HbR*qQ$b>pnZW)UWdeHV?}X>OX=lCzuJ5;&xy9qxW05!KfC zzVXbQOSimTv);Uz3oN5mCAGMIkC~dk=ekMV*cmkZx$3dj%YDS3g7;t1{#y<6LIa`u z_HaFojY|(fbcq9b%9~?mfiGrd9uCAeJ0qlAX?%@l!nk-}9Xqk{shf(k- z;+W6L76^AtRoTeM`K@Gy(6+V_NaIQ4$2&f`>J(`-)~;Vk)Zf<<>Fl?VzLC zs%@>iuuN4~9qCE^v`Vn=T88`Y*V<9AIn*&8K=GDJ9*8t*e`Bw4RWy`)NpJ8MM$5v z0bj&r?!(}BgH6qns!i6Pv=G5i3Kc{-*Twm_Y5PaP_oFt7Jj+iJ@!8Phe!RrKu!WPk zUMSDf?ojOBL^WH496ITXOtNR%Y-+#Q%mcx3zC@d2MHTq3?yCjA%l3QHb^>UnEqPK$ z>=!3r@fNI$f*r#|DAk$gX1;!GX?<`#{k|Tb`RSj96CkC34b}Ad1b8ifPHzs{+N{2n z`LHlQuj1txE13gnh!sC$o0+57=&=X1w6%}>mN#dYqSz+l^_(_S2eC6t7KY2NL^q)= zmE>6-;Ea*wE5(D6rhI)%>f#h2JU2W#l|SyJ-3<@;B@YT@c9%-%J0{D2PdwV@7dm?h^U;kTQ>gv&#+O_PO4a#EM!X9(HAM47Prer9il&bm8^X%T7i+7`r_ z@Q22pmwP?o$P}jAGP?{|1!kRUJXH{;%<%wR=g4fa>dLk|B<%Cll z{OevpLf_YAoN0hXBN?AatuN^+C?@%_Sw1b7Jq6f)5^6?Xg*61`eEimvEz4(!%wNwT zH6yzwS_{8xk6@z!8TZNiL#HT&PC_7BiJR!+Wt+1=Tr~)_xO`4+DI?6$$TDfWMkdu& z-b>0DLe=S|FO?)>OTUa)Go+_^58+0KI9%#~3=Cd-Q<{hTwIbpsw>Y*$uo9$Cjy)f0<|#k1pKQ~rAn`A(=3NHVeShv zhq(Gn-;>>0ZwK2cI7|dmJ*}20HJdoOUIkfRO4CuK)V%f@gu4+3%*nRv@3}DF33}3o zN{iN81F)4VT^ZQtYPx!nQTA$1Gr4MwII88a)jZpJu)|h8a!YMGLux#etm|2?3Dgua zCZ%qXmDQ$V#k11~BDP4o`OF61U|h8bQ-=n?x^$gUTOiWDZhjAJ~>R$4jJr zJXDt2uJ+gFtlI0M9oJ2{~>4+Pl9v)?f-wO}4OeDs9y&Zocu$5>l zYo2axAP)3;eXhn2gUOMq{LlcetNu=eQYICkuppe)4_QB`-kKE$zjuN5S+ukhspzf zvY8TjEzkV${<;hpLH3r-gb*>4m=^04q9}PWfv>KEF$?Gxo!j$$hPZE+1rtjej;G2~ z>+alIb0Ik}5#jN*u>B$1S$J_GXf%<5un}aoBy_@~#JRlD0BOj+k587mGb`RpErnp+ zoxMsQw^W)M{?KFbF%&9Z_LTfp3g4X*S_&$+qO@nu-Q}W)8i`;imx-tIb#L$|@2DOd zU4C&?aevRNKZiK1BZi-JO~BZM-Z4sC?Wx_1xKomp4)@ z>$^c07jrdx#lf%i_Uf}_Gn(i&2UyGes@F5XBUXN@`Dcfks=hL$#q)xoC763V@zjke}rZGvi!g3*B}UTN9Zw$2!tlV`%Yw zTavAf6l>fjU4iw^&(P=|bMCkkaIMJfbatu29SE3)I|@^0H2;WoxmAfH^lAhB!)iJu zBc*3X|8%!CM0!H9lC1}>o36GYrh^%hrZ_>e?bAt(hb;Q)=X;)!x964TEPA#~1WRu8i^X&0}K*rrSE&DYoZXKA*@if@Y` zZSRH7VwZUh9!RRhrEGRi+y*o!dG`rWTB2U_Oc}g4EIbGp=hDOqWCAvKQ1L#AXwrcF-JiVSAa^Q(tyo_dsh|p;&xDtz-iLkywdY!a`FRz z2OWCHA9-73-On{ya5{)p6f0(j%5KOnNjPHP+O+Eh|6%sPKj_mF&-@#OYrfo>Vl zA7L;v9H9XwI%HyuCFkn)qnMgjTFA}m&xgVdD_66U-WnJ+H(G@>WU&~C;BkS|CN<~@ z)YPlyW>=1z#Jy3o#A$7SMnNh?jyK-99V$DLyW&?|J7tT=Vs=<}SXb#=@d_4=uD3U! zRe{NsJ7zpMUZ|8g!#jAh)0nkjFvm<{wKU2Uz5G@TQS|k=sPqaX+$RKC-9g3oZz_!+ zj1giYsY4nX$e9^&n++IYmg!UvurL-9C!->GP{|doY2oQqBhs$V@P(aD?*$rtrg)>(5^Grx1DU1Q z%UmzE5W)ABIiKX<>R1QHM)2|dSo1TyB=KGNsBrs!6cd;h;h){Ql6-h=OXNycmdKd* z#FLn}lI8LGF5fna1oqd%Pb#d{@!mF;bsVQ1X!KDIBr$yQ7*uH9ufvKm^Ds{4Wcivw zClD?00`G#AVfFGS*V?501Be&x3iBg)m{li~(Iz2!w}&$yFu_YtCj6)fwjXUqFD;rm*v_W6?6eIO z<~~t_kRBEfzT@i4pzJ7krat6(`aQnE!j*Nn(s8AyTyl1{U7wG?XVOh9&>uO|y=L{I zJfJ%rz>dFld$nhZ7qVY0OKnvO%!Js#UwjJOha@6&*rvYXxb9HTk`s`HDhT>5$M-3W z;7?0}l==n?$mKjoYwHn7d8&__pFqEFo8HmGES^~tbMeG7hw5!j)C+8S=ovbl^ z?{$CiFnbiMU*V6~ngci~Zo2wbSN&Rsr#+xad(vK}ixWq>9kz~w_yp?Aq6Fd-hEhOY zKiP#67g`jxZ|Kfu!QQ^CNZs%0Zi8tWeHWo50@4Acjxv1%@AY1^qO%&4Q%23VkZD%; zN>)gEZ~0?@&Y2v4-d{y>tZI6L9Os8F9tp0hMN9-vi{WPfN!8GG)m%%6a3l>pFh!(& zC*coI?{pVimMzmf)zCJbxvE!dn$1axO@BulhQnrTIdeFh7r=;k@tx4nCS)`7j#Jogq+x@z z?;m%O*hM9fx}QozfPm6>ZaVd@b!?p`%uGK|_|b6F;*)gH92Gc)J=pVxCQ3fqEJ7mj zjo*TwPqcn`LHLF6v?_^goB&0d! z5^Z{~YifGBOTu$Sf^DY}UaTzDcFA{#ao_CrqbiFapd^TB{U+4S1*+KeAgO}v6n&3< zUM~7L88=VDRHOZc^E^w3SXhXQTHapaIKOb#aeWdqh{jA!t0{m!gKNe;^R4)uQE;B= zB(2P^`hJtmU)vN~&xg-&J~*0Wf0BDdTwlG`*PN)<>2*bA5=e&=sjzhUl2_aKz%1(v z-?JFz6QMLmyef^;- zoDDhoBZr~*DL4I9PvsIah~TpQLW33|!OmGWupI}LEfTkvOO6@%7H`eptQ|}U)bY}l zG0#mTmc{6#Zufwy^P<{Xe~j0iJXQTj>Bnm)aH&q0Lb^}ibG_*3DEbx&3A)OOoU7$| z?KCjDb(&&u-K0-m@(2f4 zNLPdq_bzUK&m3GT`j`hlkTkrPHQzY0MxEqqN?qtEiI^CJav+U@JgY{R`YEbg8$L`v zniKLW!BCi`jYLD&<}73n$==?KHdWF8Wfc>bd~oeLC@J^C!c__q3HkGgxs;QAWx{FI zdk|e94#K)q=zcO9(bulU%^cuKy>>1rY@TJ&>^<5xshwrfOYtCue;8}tbB=f^pU#}; z1I8i2_eR^+Sw6gp$Va#k}PY_~i?%xeJ%OKm)jA|BUFe{-kF9 z(0z&fF6BJ-Iaf}3^VWdDOA8*;S~6m_59_mSHf(}92PBl3%-^8YQwD7370HB+a{z^9`@nY1->d#xaL{Q(|3ht7PoB0&t3@;|PdDk}2 zIM+X+)yq1IQPr3Ykp%a2l0}4)FufUfy?3y^L>zhMX_I(#rc;>!> zIn;AsSr_~c+AW4ANo>=68QI zi0An7MIa|IePZEoseApX(MS4#_u0-LuNa(#W^7}Vc#R_T~|Lr#$ zT#*kvr_ykys1Z&pUksxqEye^O&qM`+C?Sr~ufyR3BGK-du zq|t*}W|c2+IF_=z`%BA>p%)9r{1IpANrVC`CY0?Sj0pd4B;CxwxF4caN>;HxvN^S7 zKM}T>EZ*zJP(8Q|Is)nY&bqu57XFBc#Ew1BUFE6v)cPT4)>W%7r{uQlNq3Tz5>Lh- zvT9Iv4g|8E z6??*jtQD<97WxSkMf|$>*1uYmmpjljfy|q!gh>C?BhvUz&J3Aio<;7TQ~4^@Ab+$& zVK4no*eN)~2{H*U(f|knZ>tM-AW4Gc! z>>u|w@3wdMMasS@Y9LD^T+$7f24Z|3@bth7`xT@wgaZA~_C%0nk!~qsic5yQO%xX& zZtTjR?Nff!UhFqm&sK<=l#A%d`T9NR-u)G%mS}D3jXPJ6>U5X6klATGK_(6MgNLP; zqo&!=og%yuS|{GVj8^nN%%lT-G*6n~oDnxi2eEtvSP)O%+SZwTM2XiYn?dANpGllO z#qEiV4Exn{tE}1YL!t%;%#HmnkoyajRjLaImgVQEYwfd1WmRX9$tIy@P6?0S{=_vM z)UHMkDNOh;a2g?i`^dtFn_8TT@3UzA^_W44Fiq? ztrJK*Qvi`rYf6#1(b2E{&hD%lKEW5M^Jk@7^FYL-Q*TFr?OEySr-xr?-$?hcAXFqN z%Xgm4z^^M!I>Nu$d>azoiEO%Tem8>UlQuH6ip>QQnWJZ+A|@tMmP+qOAH>i_t(s1L z^cYya$Gol+(mpdkZ`2(VRQ`$B|2ZQ<_A_$~BUS>GiLWz2z~eRzO*tsOTC+)*^l7b; zcHFS44oTx(Z2XagX}AhIvugcteN7F*CAQ`MRm>MavtZZh#(^}>V!$5veT+y2c3IIu zcIK|*j`RzH$MN(nhl4RbQ|JRHVk`50f$`A!>mE7L5^dFf(f2VPPN!?EFVhZ$g~Lag z07J%SF=|q=$!qW%&Ds#Es?<7A+55eo>urNudvRNv0MAMe1*%4&7sG~+(rCK2oxS59 z=FMl@@z%GTgpH1A4Sq=1UT09@C2Wbkj2jTAW-cXO35%#&n$rn!X*i^L8VT=VUhL;I zDd0h&{X~PG=!Dj!hj5_^DZA7^rw~^0`hEgx;nOWi6oM&1Y;T;i)^=TKdgc|V1fUKU zlo9nPkUJkpJI;v22=m~E@>qIgl?_3U&-X3FDSLxP5=Tpo_zYcw-U%FqAFY@f_8X3a z{Jw8VP!rs@oi#aqg+O{JJVLFPVg^omH0Q$~`6fgH!FSuf)Bj=P>9D~FuK7{JZtbTl z6*1gRuZ23T!NEIsIIf8q9s0?GBUedmEch{sRqyLC!_&$%XKcXyUu7CqN=0UWq;=*B zCSFx2q7Z-kcEHvwch+V6jfgy}(@KvQH4G}aA~kO8`yMPFZvvK92sn^qqc#f*+*Y;# z%Mz=O8zyQ$ro;zRG{th%B!A_jWkKvMr+d-7JwDB!EX5uklR?$R(rc1DvNP*x@kLLV zZa0^1En!f@8|LQ1=h@``gwCA zDyqrDsNHZ0(8~=QuHy^!OW(N;WI$a#v1)FhTkN!^>;e^MtrR3!9yZ4v!x#r-$T5uP zW5hvEUJ_0Gs=%y~@Su9X(Re#kw^sO@3F#+JuJ&mZ(#OY%(kb_r=G2$tJE9e_#{_0} zO94qQ+^-G~-TB1DCyV8DB@P|$DqwNLPYy+;9E?Z64re%)&H4OObCnzlS1_s4bQoYf z{h(j>`Y@IG(eA)3kt9H~G+j>fBBbWiq52IE!%Mum6yU?2sDu=!v*Zw{i! zxD(lIAg(B+frA47ps~0U^L+!jF;6-#c00P_{#5FYY3x5lcoz+7yKfs$+*Lmz#JmOx z@{HMD&tKf2w%-$&N@>DucMZq2iO_r)P&g3=<{eL|pd!!C#<@XJ_Hf*!&Y{UfrjNV6 zkAlWe_-=>QQ1FTG2^BhGk8xFITVadh5|oT*&;bn{0C~xpmZ$=lv6x~ZO$I_yRDMKT zi8a0@Hrx9Tjfx3!U%6*vekafUZu0Fgzgo>~P_d`1C(sw=H!=>yf?^~Ku!Kh>b!=<4 zbb+(mMg|1UfuNtrc)R^%_>`dlw~a;tu{ElQ2$ejC&{ET^A&==EsV%mePC}KKeYX)r zTaULuZ;45VOE*+^bizTFO4@SQ`~COf21l7+QbZ@5tLooKxE2mTp1A0=bzWv>BtPQQ zZ$Sc;{}z~fGd6lOVPo~(SImx03E)GbEf6Y8pd?PcA)Qzy*4md>N-&)`7-PH?jh8W% zSp9&->(6&lDX7-Wz^ejAjLWB=_1dY-sHu&=l$6;dmg%~e+L}hX|q{=5f9AI(WSq0`ko5#z2glKd9?L~&joui#&% zCBW8Rhr%Cr#`$L_oHuwEPf?ZmwcJQ-kA5Te-Kl zN__8FSM*|8)W=DcdKTA2*f{HNr=+&S(zgozx0LXz78{3Kp1w0wZuEg4XPrl(0LYzV zCFX1xXy8(0cOyR#YWjH@zr>={MUAx2Kz_IS^`Q@pROXUg+1`1mT&>;rT7$AaMn~rt zNeh4-P2?>|tZ0I%%Q!EBH0Mt=e>1Ldx?m|Wq!W@;Vdl;jI~j7o^hvvNR(E*D<+5Gb zTL=q4v;GBE%lJvEv(t0Dft3HU9h9yMuM~(tFyN-!HG@p&@o$YCvm6qgwUu;=%flc+ z!#P;T7JD-!Exq|G=i>bD$0Q8%B51#v5kCe(y5v7RRQ77DPe-K7<)>NHkIO=SSZ&vG z&H$h@9e7;jBjD%(-V+#z+}k_IPIdW_=Id5h!sM&kNRp&dqDweuu!3&c;Ot5xFa z?XMyR7}^;`UDyMHcgW$r`J}R+$x+Y(>ImI_@|vGEWfkXQsgu~V2)p+etKslj_?J0@ ze|FS>xsanE(45uCh4p89jI=)%tvXM0Ca? z8k9Wn^y-EWDK8h=K*RTQ$n_rdAE;R8Ry{-6+xBG1tcX88388u4#zmC0WyQF6r%7C_ z;Pv?6o7*!zAFT8gh~Hl6aFPyuq%?qBH3v88*^2D5&1J+WK)u^EB3pOnIDlwtVmF=lV&d%1Cv9bbk96PLuGNz!W1JOxV2=icqRUPBk2tuuevA z@b`n6bqHO`n#`p^%*~FnJ=byXLSna( zxEFX|qTPqwVKyOxLFY2I7=~kPtvEasLao^qC0IRPu_=WsPJ}=wekxav@SQAryc(>O=7YuQ3b48YedR zK3W%wW!5p&heB7IZ`S}oQ2l<%no$Sbv1TLqF`94w>fgLZYA^6W z%(n`0FL4C9&{T>`w}0vWTx2u`vV5dpua z>fiKB0pYp+Ml?ZRhL;K$!bi3({{ieS%4SZ$=Z>lAvDf4TNpm1nN&%WX2Gs*G81(V) z$O06b1f`uC5CbmeHx=*S^$Y%6!~YG0Dga`GNCMSFHMY2K=imi7qmloyfEAYDWy%A> zboU|y|FPi-dZ4%ou>jc^A7}DYOq%q?F&XV zskF@Z(*(#=D90a}==K%np-3ndfXLNfpQ{A_ODPDr!)53bc5?5REDpx4+xH>$)lz}( zPW3}mQyQtTjnyl+; zd%iEklBIu$W9zw|mpm;*K|^B~`jpWuLWrL~yy4=WiN<(JGM|m{CAEIqxr6(UFj1=l*@5kO|GE_;Y3j$30KMlL5=x>voJ;816Fu3lKyfKRSl zdzrn5&5G=JDUdL^8z9Nc8#wEEVmj7}%V&1JMQQy^?#^vrLQxM(y5oi`jMc$(vj-5v z=Nt)uBBvlzQj>8N!Y3+-H`NA~#6LJ6jb1P>CQB7PI9LVQ#8tt;c7e5ri`;)w6TM{V z=fMCT6w^P(BDi;Nskwz|V%&)^B<7GI;f3d}B6r{u8p8QIZ*7$C3s|Uh%!motxp`7D zcibJ9XpltAR?x+pb16tnM%!xL+jn`H8T_3PMHEEH?J^qERCcdw7-ldcoPYmn!1{x9 z+8a`z-VDKL|7m%*?%}Hi^n7!nXCK<-_+y(R*EP4UVr~*2+dJVZ#zj>_Aal3Q&#`&= zzZ|{QWU(&2!vI)CLx?f!X?Q$qRZ^wr0X{2Wv~s*O1&DjV1+H#=#DVv3EC3dCUjhA{ zkv)!_9MjKt0tqfTTC$%zaVFS&k)l)6`h5A>G(|<-$?0Muh`Ri=H zKgQQ)Kr=Y7E8-TO?28$&(iG?9uLGHkEVP1|?^=8aa&!OPi)%lbi#caj;M#iXUY}gk zH%s!8MtvzNB8g|K$}TGEaPs1O-fHpTn8%l&!oB`1o90LZ7vsw?&LZ;1)ehU8wUyMW zShaS2Zo#j7flts;?u>tB{}U|FS5V@#FKhW8jjRg>hbRn> z55^1_zpLEY%$A7SpzwR%ZGQ3uMb&;Aj|C_)c*xHuKB~V8WW3}*T+q**c{~nf z-rL!lC6LJP`A>5q$ik2_cUX-*JtO-+tTX`pUPi8peA!R~HvxRNMebJ{aizey;rI

;uZN62NffgoEw0po9GHjos!ysX#h7-VR&%>-c3&iuXr+SuPOYTyW> z10kXS`fE_iBdlUf`G*;Yq84_J}%Mr9j-ARvO+m0GUAA1^hVA6mm>;aJuk=^8c6ps7e zU&^{)4Q*RN@%!%?ziA%Zf{infB-26NneaJy9HyonNIK?|DY2lwY{?8h5{eTRB4c=o zjX|z>mZ$(}Q=Ju=7vLNplkpG3XJ524InA#E_Xe-{DFnrw9NeDsj}DCE{8YpEN*Q%u zdW=*QbG`qIRlg?AD-_xKHJaA!U#?}~6FCMT8Z!MKZdEQ@+#Mby|N0-I=6?{N|3+0U zLjgJe>P{o@^4!Vi0E_W|6Cy#^{EKG}UId2*xGw*Eej-TAuZW!csMZSJ2Om)?!BQg# zzo8bFjazlW#Hc@jAw~^&G6zt?P-%E2$I)BfoM|hpAGPy4kMJ7@TC5_*uqE-OHj5V+ z3Ea#9<}yMYVsHbrulMet1`%`yN>@OimxKx2#RI9&asPe(D@seTJF!r4uHIduUzvp8 zXwk%q`(<6{@tGIJ&|a_@pl+4a$XrB-Lye{%v(-E&al-8dMSlHZj{NEuU-Ib*0DIoe z>O2?6-&J7^uoZS&?7snfYh#%Yc{61?cx5`TY?M*a zCzsOy4dMFr7D^;qZoxDaZ^axRw)f(T5(`)dbHc|f!F2lxUb(1N3r($FLBQ_MpT`xo zti_YUcxX)Ml0Wa+$|);rEbITQ|r+F1Cv? z-C+Klovo_HIV?u zxMf1L3?iuML0hsIOZ33NJt9cPa3KVp2y)c%HXGRAOABBszjbd5QD-3E+@o7>Gpc*Q z#v@r0%w+SBVV(}{ssY==1W@^I2@2hzM$NRmxN^+jK9BNv9u<&Xnn_t1>F*-Pb(n2|=i!phIQifThmfCu90yR-fd_XL% z?G|T%gMs$HwOh~`;>j3*@5C&!9|ttb_g6~is3y18-%s^}UUYG9^5!*gzQT3@A6=-p z$HIw`!n`Ixzhl&}j#?9F4jErGa=FqLq(Sv(NIHD4pWsdrKl^MVDd-^wy!7wV(3-uC z7jd|LPe5036Iy>HG@}QST{2klZnn_Ha&N2>&ctE~vJV%02i|?6_Tk0U+i!9@yJ(R@A;>lR5|L-ZK=zIA{=i6A~UDpxBgIyZDY z=>O=Z`2;9TlEpvXe7V>wI+xqlhb=;bFCMJ>!HloWWI_MH2)$hF0Mfj8kBr&?MX+A1 zc?FujPDA9(6Kc|#lZL;yOl7qt&av1JN&hCj3%+s?t@~0BOo(t+<`6<0cFX6U2o7cOS9a-Lm_T-z9-Cgo+0QTy?Oq z#njy5Z1Q^w9FCzG&;}^kVXh?vQ?4G{!~P~(q0D3KIcgEZNrB@4{Y1l|yKZlQtYe&R zERaDhq-r+P=@tZPNZ<*gJkJ`10hVq$@HMtj0^dpH6OWx2_x7Sx#2xF zSc}`M3XOrIx!j#}=?9)!>Yspm$Tw?Qe-8!(2L%x9X8D#Mr40tv{TY`iNUmTikj0^x z&;OD|8Mjg_0pvdTQY|c3ctJSs5%-VKni2B+&UVlOVZO_a$vTSA8jnT&^$A7<$FoNU z+s}z00ZgQ{?q4IxyfdsusT$pWw(4J0OnA4;GGaZ=7K4cKtSqOf14TbHJEdK_hRE!? z1=QjMCLCyRUHmfeF{gl$FGBYOPl?Phtmb(x%VN>}U%xt0yhHeBlJ5X+8zx1w0z$bd`3-CXd@p)Yy4itTfSWO#*Iv_H1*zp_;ScSn8! z@U|mKimhF4hfKjiF99u#UFtrQ-C-`*tw9rOPhtT!1;YIKp>uytQ&C7apLYF6BThaW z)OKykc>6?=5pgO1EAtwJR{^F&oG<9Cy0pI`oFvp zY5@_=SYL|;3DwC`V{}^IO9yHxuZe4ti-y%y8=wiW>MnI;`M=he&sP6m4Z>Lz*mHUh z2k8&$MQ#`-M`?Y_1TVmDwo4tEONeH;&Yfli(yVpZgvtBem2Hcp3YI^CK^m=YGJ=Kh zAr@J~-E@?dRa}B`R`V}l!rZ&112LFd$>MJB)dP}`^!4=*d?fJj@r?lzbLo5@USm6n zb}dOKT-DyTsRO1PBWW5S!1-t6<}v?`LYuyFJcGwR+01WWlEj5qvjzBin-I6L8}0mh z_~_T6gLxMh5;;7#+t!NfdED((xk!fnfTb2n4dISUl_Z^vih85U8@n?Kp^G zZ!^xGh%`;76J#Z{W^*pS8Dy4UIXlkY$BuK@#j1}@k>|u$a!R%FQF9E>YwY~YZFbAE zZ_K*tN#ocFWr0)GqGx3q^eaq-Vf z$!CG`@Efa^!g0VgBUrqq^Rz%?)qb6OQzE{;!<_C-pgYW!{DeLbBQQ|tv#o!&45m4T zf&!)s7N(1Hu-(k<8tKnWcSV^(!*G8tDo#A8eoD_3_7S5SYf{|CV$=EL#$9cVQ!Tx& zW&^R|37IYM7(CefSp2xx&1X$3U32$rz^(I$rcGaU^yKt)!?U13kx=u&M+ClO#4wlo zpJqKr%XH*Oa*ZCa4=E!4J z$8TAYAn0>yX&sV#hnpHaPt5Pw>Zl0{38joL46hY)8Z2yY6qX2I)kx0MH)ieRG~BdC zm#pUPX>rw#BxUbuo%4OhWPUk@@erPHwD&pzDHB*Dq-t00?FQw#AgJth;?!G#Q0bfX z4!BZ?=R~N8=4e?*;Oq-qL5tY+RYrnN+QS~Kzz+s`anuPHP=FTQI%g|$^$ha`Rk!Sf z+wf8PWMdIZX^yRIzEk99T8LqUi#`-R1mb%!?SEeOQ{G!==w?5uNzmn-#+TikYmq~4 zf%{Q8a$Fz3b-HrSODCFEQ2qMi*X9y7CCJ4=BXHjJ6tXkJTb!;I##?bAl(F~>Y}eIg zs$=i%csLq4_o66tINyq9OC1*F62|zPw$Y{b=cfo*U{T)TSx{|QdU<<&Y3f3&U`*+=2mfPBq^Va-3_5Ie0EmLMYG2N0XFk%OUXP1vWX0S3{gm`t8US9OP^jugj%ZZRm z5Bv}hK@!BiGKGKBfr2B@H3tXz$>+t-eyMx|Z-2CKD#gXOUhX!b>sH+odREq*c6|ov!iKQ16450bk#@u@gXI%QMz+c&e@I_a~?!`m!oRn z?s3nivVXMrib>W>p$lyh#6pF4b;*2ft4nZ$n|;iytL|0!$?EZVmHon-A>N>dlO(mK z(3BH9r2W~T`N+hM=-qppPT_|;GkO~~dS-8T2`@ZgJ4r1LM!OfwO55UWf14t`J$h5; zY4`Hx##CqD5$>i@yKD|*q?zkQoRt0k87fCPFT_w#mINzHxGm;OIVvQ9&BtevFg-iL zq*zyau-%9BC5#Q_nsyn@ZxS}IRWaJIZR{cO4f{KGGEp`#QnS#=eS3r2Txn>o8D6z* zZ*6URRAcXI>Q6Zp;~TQpJaKz}=GdcZe|G_9B;bHx`%Ak^Yg9tnHd{>FM$PqNP4nag zYCGWF*}r)7m!?Nls zu+<1Lvzh`{@gS$vb<>C&q(YLIU*I| zdx&9k65Un{ezc8qQvrTp_Um7y79J_Y$NwuOuiO+Ycqkvjckv|h8md|@MDt>t)=LYj z?!>$PLm;G!ssDl$(f0eb7Q%)Ykw1UHSUK<8?9uklxi{Rj8r$U6sB^s;qUC~c5Pkp| zBH6q?Il5Tx=DsPnOyOw?>zjM-AAf)#J80p=M|ieY_lv_X?wy^OUU$MR@gYXg>*}fk zw`j{0mB^dVO7u|uMAUIt)RFUEps>%y{_mo!FOu_K=1u-Xy|T`uBl04B_aIyBCz*%S z=_k#Xi@Pg(M-XV@+0XD_`&nOx20bAYaQdF(#HbH94h_dWF3Vd;d9$WVm_gbyv&z*R zjQb?xQs>1t`Gt}b|Hcj3vz<6`??lRxCYXq0@5+l^U*El^eUz~O5r@kvV_4sjd`8*< z;)4FF(r$WkOJ{XcKK<$6Xc4x}CjJ5CeIk`>k2lw4{I&aAccyc&`Mz+%`31s1uNkq6 zHo67-YF9SDtMe8oPZ4A3QsIpccl8@@9lh=AKccTvZ}Dq7Nc zC#PT;?s20R-FH5p_ARg0ppMV7m}SYE{_z7Z`b0g8?WWb*E-vqHS_a1soa7Z@uDf66 zlSF4%T46>4QDztN%e^UR;(q6*uY&#jk6=}afmyeNR zpYvL@e@>h2c(dZJyhvpq0S_T29hOi{j{KYbPUyh{#Bcfzt5y@rM$~ci-S8mot=ZlB zHtMZ5DH;l{KRCI)9hbQyXD}*wV2$|G?wC-WWaPx$6?K6RSy2ly*YT`)ZKd$xJgv z(A^=1{`yGGh{MQdh=X#H-8<^^DmBRr@p6}b+pX4Mxx0JWaQ{m=_pS{MikLw0vj*nX!+Xfd-zj4f6mRR02j=3iI zdk-b7HeE*=m}}fPtS-Q~uQE7hPCr?uNP9=dbE{mL4SL_4%@LU&7($4Ob(mFRh?<0j z5hgBu4)y!%yXR4Tf1@v1Q>J!zVa!ZR)tg3f!b#VXhI2IT zL)bmwoC}^v%jTm6z9se%Z4Xr6$@?--+sxR7QWQBfl%FupHs7DCpjpqTUe9oPkyA56 z$R|}_=$b~oiyYy1IZ5AhUFVxwm+^e@wzGEDN1e9WnR&ex>Tk z?uiyg7tO2A>i+Cd!+j(96+gNg?`ie@kqQ1x^C)^g&Fgi8>BYyqe(NC%uMaSGoAvj1 zmR5cQgjtNk9CqF7cUJBKH!$#ZaA+^i+os*Q-g`xAh!EJ9 z5neL@oreJ9RmddJNZBFNUUw`za%DV)*sBJ ziO$xA!2BZl_cNt!^8AMgk@m>6(mULSPb`rH-5QMX^+@t(mNN%7#7O0(LN9yAb#t6f zJjl*!3VTVBd^%o;Um(i_cEtmEOWSnwb#&t4-0-a^?ID!;C<#Nc6qXsyG0 zPf=WS<)u?}yp^w?Il1pL>;>d%t9GHsUUAind@q9kV7U$D-1y{VF|gUhsSMu%Cvs}f z9pcN`QLeFjWATfArEBuK8+La0O_P48YoFN6U6S=_Wr$~Dt5Ze6LY8+TiBhYT9!xi-7#!P)aMsJmCWyMM3>gZjbb>RApE24-MJMw#{@wNAyai)53= znm(h!bKN)MD*nszRRe#m^lr}S_W$bKq+ZaT{ee}9z_#u^zZ;#fE9`rAAgs6|PQLJ0 zm}`>Ot?VA;@_i!8y>C-Iu2Y%&EU|w3RCvI<4&{!_YGLVvmF{zl!kS_I7k{>2><%Pf z@JvsxZijkbR(xHNXSH}fTVWZIe$cIQG2?c0*ykcpD)cCkiy%vLA6rpe`;PN z#*{N_{u%bWr?*NX=OLsF<^C`j))mEn3y#E}hw9oOmAUC~UJBK9>ot2)*xni=P~!?m zC31h3%^{}nJF?B1+c%`M7jk~-bL#kjs4j*zyNM3f7|--%=-a*;RPmGR;kGI?BJ-&& zOTc$#R979WUuyQq@HP&PwV$<53r~J}hI<`fUsWkWIH%_?*~J}0=gm|>Pl3_u<}jtT zw5H;S&lR4N*Yj1dJP_#iAxP+cKU2jPxYu8_8%aw`$Lzc5-upAuUS~IYS5(`}Z5yTV zyXN4hp-!FYSIAA1$S`8M+F)XP@7QotXOiK87s0Pu+rQY;i&Ku={A-_U3XzDa3nbytYo$BKqabS8hm8 zs3@YcIn;IcQ2}8}jJn0n2F0>O8f-+Ye!(#%el*E|cb67YF16h^>z!|g3xRBVDI(_T z=c>7D`3;uGati(h!pKmqJC%L#k(e$F=MB`7Gs4Si{7aQ@)`>Qq*!y%Ep7%a)QjEC0 zf1mJV@$WYUKD2h%t=**cT+JXP*&B=P{uQ%R@6_PK&ap>Lig+z@3zwf>4l4b**4WqP z+uk3wQJ6sOFRoqnM#@dar|_brlu4SMFu_7p=u&>N`X~e3*sptzAXoyOW`Y2=_mf4Sc5Ptv&}MSruseKIBUG(_-7cgRCnaQ~;bK~v*){ej-Xc_MD( zpGP9o)YjVU41^`#AA@`~-pNW#F3~b$@79}eYyCcTsIyGXlBb@LRKTUl8po&Dw|_>y z{~7UZ!TCz95+VdJFY5J@dzbjqpyuDwG2{N=!$v=`?yy}aCdsY z;H@XTl`ULeTf?-nI0=8bdV+k`HD?QP{BfVSssg16X<%rhUaVmBqgu@WQS@7F#AkQ2 zZPxI2V;l9%XtQKE$PKTh6-Igu2ia@!$h$H73Q23oAvv*1;?46=iB%XctO!G3u2G6( znq>D8?s~A)PVWNokbk!l5e+F-@~LA>2bXMVt?IB=Abn+ zn+KsvfyGyYkF?tuE7Hk4^b1VEi}fo0J`+-V&%rJPT0p^8XkaYB)hgbxuKIa_W`>k;!>a~(3xdMbT?ibnr;b`k}H!nr7fGcKC$<-mcE z-JjQ{{SP&vE);`e1%p)_TzRNa<{a%{I=@q7*TDeU!l3|nljj&YLPP&R7iuF$wo;)D z6CJ!IK~d%vJf?!>df-U_%R+_93T|{RA`l5D_Ytbxb-Z;Zgx4 zf&6hx%OS}N%MP=l2osab-f*}L9we4I@|zU+_g=~O5tx3D?1*Mb=H@G0AdMwczaMYH zYJcrq@$>%hh;)VE=&5(_O%N%UCxxOY($cyZDvUE_PO)$lPl*@?UMl=|E&#Q&0yw~h z-=zT0d1vn9Q~}DO{Q^bWe);jnj%Tnr8^?ubRZBnj+sy=XMgyH>W8u)CR?pIQth_Vi zGGsfv^V7{%{E)h`tP~lR+MDgSl5Z};MTnOI?Q}!w$E_5Bmrt~es|7xhb_X`>-Ukr2MvkVp7hBFIrP$j~s`_o%U-@qI$21wIp;({P+^ z*Ulc_{;qpt+Q~<|nc>Hf65HpQPTE3~q?IdI*S`!_YF>4gHZa;5?|trE0xuGGaCdj( zi8|Smt?`Cy+{nEMccHp%58zN8dF{%=Fx8M#du>(IoN}iT4e01nrWO5>v04Og1p#iG zL9?E6EPb~Oe+~zE{{z-HeA_b-rs4p(xls$lgEXvZHmVZ&@%`kwlo>xAmddfv%!uH$zRc7|Z zb7x~>*4Fk(v9}v~E}~1mkW3pB-*#Hl)M9SG7+0VWU7{+~aCqE*l05s2!qlPN{PxZr zsbprJu-SvBs|s@xgvNM_vo+SEyqU%`coWzSnG*9;TheWtbx9c+Dw|SbQ|3dvbw?Ex zyN$oN#kXYl8#8EpWp3bGQaa)SvL-6u9)`eVo^_Algut{bs@~pb2ykX3Ezc3RYfi(f4Y~-nnU+E) zUMEH24@>2p+$&FL4_(0?AkxJp|3chWQEbN=u1VbJim^d9sk{VxKO7m{$s7FKJBbqC z^oV9ugt*=Db7wOjhC2hjJA$7+s^xvF;gha3`;!Xe_Ws3(;Xog%?{OX)c1{(As)L^%w$P?0dxi)mMl9zB->5Pb8kNdCkHXB{i8}gC{ zJ+0W#2GpJboGr8`*ub)7-bCEALh*BadHRkL#rH;SYP`S=Gwj;F`Mq7U+DZx)U1&Sc z{%WG{q8~lfw`+U%?$F=8KOU+%L-l_2q~{JY)FI9EK|VJfVpeylvr&np>y9AM!tXBD zcj;z?Ba^KUn%zCE&5P$mAT5&5jkQbl9qpRV#3yda3NCeVK8ynj#r@{;XXyKhK1ON4lRZkoT6|zEH}{G@xE?^H5GwiOh(7 zdRuKXw1_@#HgO=yTv#x5a_{6F_vITu{(}cPPGf&`!sx$8XYF+=d0zS=mSDZ(Uxs48 zghf5)iKElLuvzu3@f?W#+w)7hD{XSjV)^EJ#Is94RN&KB!^x)04<*7+W^%SDSTngM zTlOV1GlxVxk}eN_MD#o9mY@F~JT(kj2{jc<|L7J*-?_F_u66y$lv+d&_!y3plFJB= zmzxXB-Z5YS(8-5=^TWVn-v9fL(_pW&9w)cAMspvBP5R%burbC2qe6GH zqN85OCGO5W;kH{Ro{N1$#cNphVteEVOT1p{}3_J)&K z>Zmi-)y8{ne;QZ65iIwaz)m2UtOi|_VGxtb3IZ`GLT@X(51 z;FP2n#e+z`dXyI3rdI`59M>gAmhvk+(<;7wSJ!qKk~U+$ov7*QWZr!#o~;#0GLI1b z5pi$pQI6<>uy=orhR?JEF956`wZDkcd;;&3OmK_4g&R*0AOz5KL*gO^nGDfOoEIL; zW-iOFQss;QYx0y+Z7^Bnc;V4O5;}TiYs4?kw|#1Lnu8m#xrXs|xlOvDZ!ob*jz#zk zx!V_F8pX4>7^CsNy@j#AC?@pf-qL>M^Rj2+?&ZE`81={5zeDL;1vx!s=zK2T)$hjl zea6X`n*Qz3q&y#XxMpf6*8siV#zdl0nTPm2)dbHmvN$e($oXCIY~eu)cW1s1@|&b5 z21QofS?{IrWA&e|dfm*o=h}YzN^)MsUfTf?z2EJm-!_|h#iW-uyD~Ynm1Ms8k{nS$ ztH#Yr3no&N+W3L)fY3yYfN#Nq*%JEvJ_6fAS3I}n`XbfE%@n39X~mDr)^!#vk57gz zGg}l57n&IlXoH8&+_)FG``qo~#WTH9NcK^*Sh4q{>Z}j`cn~)W0@U!TtnCClDtA$M zr$S76xuDz7Z0q+fpHF#PT?XgHvSr_D-xumc%1W-@-Nfu@f)H5tx3~d$B&QA{&!#j6 zLF!|syXGv*Yc+YffGrFr=_0aM$eq}I;us-G>Bz9$ExivuPdty?NHwE={|_#H{*k;>VhD*3o3?B!F3Tgh8ge46{51Gz!8fy%Y|&ko{{jZ0>g2~6lNiC|4_K+YEZ(E8#!== z_`Od&rg~CDbi-i#T-v_fgDTh;4`S`t`=vJWKcj;YY2TgcUhm?k_~f8rEd1W~5@-DO z)GSxyad=IrHl~EDu)ob@Pn&Y^#=YlBcYsSX=TXX(`)}Yv0+WPT;Vrbf={G~%^eg`- z8`0`5r`D*gpRt@r8tpuz)$(ryavw&$TX#~AhxsRqp^l69f6izvXUxy$X-#5NE?9<> zi~(OT2rZcw*R^ll?{qpi=h^at*NZ!ByI;=8T$~};-KTmZwid=YM#*&b-4|q+j$22| zIkY_UsP>2Do0a1x!7z2YYrod7`74j%SBoF7s@5Qkn!kR0c<)$B^K$9}TYb*8fq9v; z=&#Z`+h3(U?M`_Vy!z8VYYd2c7uW$XyN#r2B}YuY@W5_Ys^DPq_Tz$p&^{^u_Q zxO=ApM|tK?p1Xk&0xML=Z_ES{N^J`fH(Z%^v~yINAQM$wSJQWWyVU?8M^uu~XF0BT z;^okscVW$z;RaTn-ObgU>L65*Oa$}&6I;wzc#tw!D#4p*gYVtiVo2ra*f+G#bRGK- zcT%$W-Wdqp{0*EW?(6ArN;@|`cnM$ZI--knp}E)HF-YkLHH;Rdk*_taDjL{P<7xr# z^9mLu!!j5ms|jGP4VR=?iC$u$gTTb=jmVoR-$JS1vQOn5e_DF`8Rfn+eB^wr#yG#+ zd#aqKdR=<(96R_kN8qGXhhuOO%RHgVk%&7xx0b@14rh`DAb0x| z+y)1w+Vs2|6%>;{*fCX=%Pw=X>kZt@^Vz(Q{7k3H?#7sZkeZsRdL}F%oClby5STMf zEn(VIc*5?~urr97ad22T;YE|wQ6Jlc3D!TlL3(C?3>+jArO{_A02??GkQSTO>u*Mm z`5DOa(;QJPSQfsp_(VSxeuS-(;KPIXJyDRged-hmZ`x=~+lL53z8Ja@bWw9Hl;(rS zM^A!yHW`>QMeG9M)!u0$m3}E;qrA`G{0>osz_wMAfp5jgj;6$9doT4Ob*N;N){~p+#L?# z<~l7W?mG+2Dt6jjqKy-M{w*hq{iXS681~?~(Pz}^j0KGH$V2h>-AKCs5v4F9OCL5m zQa+ftXPCsx*vuaFdBX7}H#TSADRDMRvpE_&1h!8r3{C`MA;tjfK0#uThi&MH4=w3x5|FOj7t-keF|g>(2! zE6;f2g6@+>-Q(9PmmlbPbQ0~2xc$W2B504nkn9}08mx2IX(=5zSgm^1-l#x?{fY~l z9kd>d!yrNS;B%vvT2;hU<**OrPc?4k{F_s{HjmaS+RcHJ+guK7*$A6in(5@61SGvZ(R`3ix#>g0I9WnHbYtDvPno z<;GCbr|?18=e`$mvpN6=bW3FDD+mBhd;j&rZX!FymFC3mwvb_TuxZ(n7eQ}F0=}lY zYyA_rY&UOjD){&6d6OGJ9d@UFSN#E@@g2*Ax^yr%3NY1#f%F75P~rW~?dgY6!N|4A zvMcZY3-!BEzw~)Y^1$qn`|Vf5YgqaQ1nMqVQDUkoL_B13l9^*<*9*vxWm-sE%@5r-u|i5 z`!w16U`VkDkuzi5FT4ku&t^&!bO<0n;@ACO+`;vTnAG(#kofNu`s0U;{WzlOVtLy` z;8*f1%U4NdZfaUX=L!rYnCymE)%SK5l)a8@NcI18YKWmzU52!W(Kx_E901s0*t{$kE9G*Z3jq?^2$^^K688yTF9;ujuP5&MNBz&FKoyq%FiG*TqS#LSwi6vKp-K zTp_y}i=o18dq$SZd+b$T&@`8Afj5}$Lo?v}>+tLN-WSt4<#9)b}fWNe~ zw95B_YkI0i{+uX-rPRJn)+7C=j>k8wipu#sMT+Tqw^F__yDzOl=Ze0fO#)0IG%n@< zUBT8jJ0eAV!qT$ntiYbCcY*QQ&vVUsY{gx1-u(s&?e~&&DUQ7r3~MMe$kQsP8)-43 zUmtBO7#nvhl_NEuw*-Nqs1IKz7P`$(fQh|7i|@wtKG|uia#H_dH#Np0?9Qjy7jS!J z6hl{c9E-RwPyWP#*Xq4d_3S)MMP+>^0e{!o>j@yNU24!D`nh#@2>ZK)HF#0!I}mH0 z8w(}?t$g5@koL{s;~Ps;7NmR5nG}1`m;s_INWT>i2=RkK&9XSv_rABOJqU+1rh4=> z`*M!VbcJ|O-lJ9~<%!rjZ+Phf|7L0GQGIIher4Z_4_y`fUww;JcxjHrNN7JFS6hi7 z7iRK7C3*H5IRz5BnTI0hHktsgH^v!Q$6GN8lC-c8fvB{aI%gy;kFI9YEewu^M%N<# zKx$bS)(81HtPogufSd*`_$N_Cb)NwP{275qPaR`!;cD;$LwzTDxg~-Nu2|%Ng_{&g z^UEMPNx3W@qi?R^S$U>2JAbVSUd4wb=M$PWhwD zQ3wTBW1X$KmS23Nf4?R8Q}P7a<`5LANJ;V6PH|EpQ5YM|jJW$p;#h6I%&%hgKg6c$5r-Gl1#8d|UVK;{CfH=2-)5 z(8`&~x^)cX{eTsR_B51(#(Fs@^2CP+fc*ev1cPbiKg}w9g4Vo^&@|;g{c-;DKU8S{ zL!m2+R$qb)X!N7V#}`sy)=ri96%0FeV7hxAQkQfGUGoR5*D~1_z(2BYbJQ@F^P5gQ*PCoM08=_ zQzRy7nMO4EFuVZV8g=It&>?z$c>PfJH~@XaeE{omV)XnHRJ)I~zj+dST=vT&krMzT zpmn73*?tKM%C=7C>wB7fg5)f~B#F_AF=Ln}Kr1F3B(TAL;3j?Z!-G6(9h3v5D`dmb z7E!*Ji-yJi%@Hn-lp z;j18HDn>#V6sOpyAY%ij7zL*)-hcHeVJ19=m(Ibp>b75~j9X&Fx$2uhg%haM z4E;#xb3I0M3#!mIvlaHc_%@K)S$q2FKbg_v#>z8S01q=GI3I+P{AD3GL=BUJp*c=12M1WHPen)^|I2oicQbm;j z!vysFZv6HcJRVP=z_$vt3--$VlkL-E(C_C+;QvI`CloNP(Y9a8 zEZz98qs-Bd+ezf|gth7M(dd9t4@?z3+=hv`LBmq2&^Am{^h|?U;I<`Z94cy$`uhC*` zR~IKqrqQAT-))2qi0pJ>4jJkG*JqSS`|FkYl=a|H|GbL=bLEzJPlwhZ{^~yfFuk7$!OUr9j(8Elv%1B zy99Kv_I~=;tL$t@`>XRKIhpmz@+=bJnB(nPRy~*lKW1-=WhP|`#Y3zla3Gh;#>U3- zVgz>-U2iK@61S1V^$MPnA%V?}Wq)$)ujqYza*k(8a?y159Sm?yb#+sy#Cxf?d${F! zqSoTkFE^enOW!on35VVq&_N zhGPi9ldnsGlf&*VF4aouLOje}UXib6&bsXB(F45N?_dA?XY5xuN+L^{!V)t6nWGh2 z(nMC92wi9p^qZl4AwAQyG?6IFZR~r`Ow=`SkJ?6`4l-vLWAQA{*Si$xJGS0Q;X;4| zhUE0CF9?V@p(c`iZ;4>fwq-iYr@Z!YA%zE8E$0b)&cTyuX&TQm#C#j}tkjVMWP1$X zkSPH%0^Y}4pHFByG@oG$YTX1J9i<6%3u!Th1 z^3%7A?|%!7iKzw-J=sy+P9bZ7a>W%}$)$9*>cMr&-oj-EI~O-XVdks_Fae|`UF=x_fSy4eyr z;yq8)TP}kJ4X&ocw<`;Uew7xdAvw3oppcO;WDlR-oGsJ03PCi7)Rfj6vm_`VPxdtW;!)`#1kd zej@XXRvijoImi?~8dHyi{ZZs@GK<>USn$ijN-CYvE7U*CDsi1qKyqd*y=5ydJG+jo zay{csx%iUx$N_Uku3;xatGBn-cKJKxI_Yo?Vc>UmMgPb_F$UY-J7^hpAmQ4GEP(a? z^t+1u0p0hGj@E~!9sHy>-w7fzi(H8_@9RGu6uU^Tc+46{f9$(k0PC49$b3wZeh?rt zW5&z~oG3mAi60<6E^Zt1#w4ckB&k9E6=YIUeL#)RTEb&=AR!MXPC5T0ZBbLfQ z#rQaxQznNn+^tTKGMKW1IOsGG%Lza89kKh?H>chjd-z>O97A0z>1{V_Z``n+rDK)8 z)(d?3C&s2?7^(pDQP%t6Xx!xoTUeu*!4y*RiL=U3u>e4xgzJ5xG^%={ukTb&3Ayl|XQA{ZmK+-u_%;`{TdJW%^1b0)<`7 z&@2h17J2`k?QYTYHtJr7Ik=ABe(7$xF_@2E)Mfvrr;G#@{fmEFT%Otzf@V111RDQ zHQ#&B1`q_xOkt%Bi*0n+Qh`%^pBRl5ClMD)go{aDVhY!Ufc%C40z1Ghz8_70;o{82 zkBYciWra)9bjT8*qDKER8EyUW$+|aoC(Uy%US9d@4L0X4)m5+{&6WPqu`Z>kPcYx{ zS}g2KPh*jF#Aiw#UWgcutwJhyNz9$0QmJFRxhfs^-D&mTi40#?ClZDXVGxI_kaOKa zA7byN`-q>$F6v*DXavQ=DFgO@_Sp~jaZ|Sv7IaoeB^X(wR1Y_Dyb?Nzw$A3zy9yr%~$m9N-5$* z=-EY_P7NPIoV+D*M*N8(eM)9>gwoBpC0i$NoDPpqCth z5);XFtj?p>Q;HV+4$DA@eA2dapRFLlB$eS5J*GM=eA>Y=wnElUxJZV@cT^@lPuygO z@kW+QP%M*fwkFylm+nNn41p-x4kEZOBhyIR(%gtJXL~qPId%A}`pye+#*sdU&$l}S zlNzJG;(fHbo6Bl95^;Y_EJ@|JO37n67+R7pQf#(9^JRCfQF$CA8ft$KsueAdlP z#^D$1x)&kK+Ch5(8GEO$&Q2uql3U$xW|>*pQ;#@US({k;mQ3JZ8k0`Zy{+du_E?Nz zra2yiXUh3pQ{KPs(8u1T_hl*II<()pePUVbJ!oBE`EZSh5N04cgCEU3R_xA9A7ubM z#+=g4rHnA`U4zS6afd@u*!(kbQvH0Jw5~smXM?lm!|dFDX$Umcwi6*f?0w!OJo|KB zmpt_c`SfUKl~*b6aiEmY7ahqk^rmwq2c_vG{fSTwTHIr-Y+t}83vKs_ti87?(Qgoh zeHc9^y^w)F+C@N=+?2^K8y+_%wwz!C0?##h0UP8%Ein@b7L^{y{=W16r!N+hD_w-u z0D1F8hUc?e<-qCK-wk80Y^8A@kPxuJbKc-Yokj6VO$B8T*Zyg;#E?rp;~woB1|UN^sq?5 zYBrEsaj$>v4j%A`7juAwk1~HWwu}eS@>}v^#xyqm$ecCc?cPV*QZEnYBW6LLEAata zwhf6Gs^`wZ>AoB5*muZ3qFz^b(i#*>sS01z=!{G?g^67EV=_BoG9`zaYy2M=-kA3LjQ9z)wN_Tsp&(kiKkh-GAylYFlh z1`hUDhV(O!hI3Gfi;(+xkf(I%i^^bUk%(~OJrxFf%(s|5PP;)c7FzWEzV*UtoO3FQ3)j|!$b2bL^Nr{lJd>d1YreZdSq#OW%E4Z#Xjsb<2M$S@Jb^5Gh!%`}eeI#=^z?Q| zJ@w7f1_!qgS*X77LFAJTMjSih4ZG-n3GlDeFokCckfs#H!mPr$_Dk3h?-wQ31 zkINq-2Ucj@Evaap4gFAhrx1c;D}vE-2+?86*$Mrsl2*q@SxNpXE2r;zJuY4G5s2hZ zg+tr)KHV*Vj)EofP}HM?2R}Woq@zV`;Hh_ycDY$wPOz%amJKh1UXaQQP&C1(G{Tj0 zzC?SMp9xBFGmy5v>ZVPqRwF%bV_5cIoGvg|SN~FJdHmw9g+SgG!Hd})y7`7*PrHYn zrJ20+M_R2c4T;!ai>;hK=)VEDvc2hyn!4F}tba6Tl;?1~ivzFxi<;u{Sri6wv&t15)M$;v@3iw~rv6;#r-dQZV+7Pe3fz3&dzpA>Je5eZmSBG>sdFZDH^ zpxri+-Au4x%Pi}7v2wJ*%wpWa3btWQAdaXmS7COj4{;p>uXWo(xEeM$x1hDr;S(#c z)uP)PNw7-SIS#b~#K9DC&933quo!8>xW>WsQiy3jF^*IJn6j~5;4LksbODs)g~Pq( zHF4$j^4K=L^X@0F@S9BF)|Z5}xAAMzcHz=ppC39o4v#yHjU8D@`RTE|MdHi9-Ijf_ zU!qLHt> z$bb~kh>Ho>uM08Z6G`A0qP_)Lg@icKw53Hg_F-aXIDY`IHvF1zW^RpW>YkJOPUm}i z(#vnVG6C_MU2b1c7>!CdInT~5!gH^CSVX1{Ros6-Uj;C1#()HQcYtB@yjih$v`Uy! z&XC*cO@~Q!9qIW-@WYl5DqAj46${Wm<)?9H)M+mbE5$2^1-wpCpS!)qPPxsty-=+hQ;weW|={D`*$PsSg+09K)QDt$5e8F)o*` z?Kml3@yoy{Zy>00PK?#u9KF^IW9Mw6_6nV4CE4tY91T5Tz@A==`+s>2*iN@C2Jg@!_^|~@MgpI^7LHyW@Ex8LtM(Rb#w(id8dHpv*%cG znHbNbmhpnz4Mq3Ub_<{G7bj6g9W4gpw=6YDf{asWzsENU`#{bpn%TVzzH532|H=y9 zuzygZM`Rf)9}}1SJ8?-&#Y5@00lkr&77r?9bEP7lYpL#k+S62k_E|`s*8g5b+ux&^ES-w!}26(-A^NY5SuSy)ApVNofWt) z`LvpnedIGDePAcrgp}=*^4JgEA~J6dmG4NE@W1yS>XKu&VF}lgE4)0?N9;f=BWTkCuM=1DP2`-4+xY zP-#lCtGOQmUZZT*lHa zT8|5l_c>sl0_C1KyGut|KAXb%UN{QH2tQ%`;aA;FlQi=h7#kB1AK||i?ldVKm5Q^b z1GZf9&8@fZngtj7Y~s#m2lJr(ss%GId&!vL#u@H^=U%*s?tE0u{cQ7TN%0?hOYdsN z>ZVtrrazO5-#zT`cGfYU)$rA&;Y?82+?m=r`h5x|)tnpUr=*)P+rwXf1c< zksd$7HpGW`??GUBJP13GDy-(_p?lD9mU|zeVbw{((DYMkw!>RHe74(`v7*(RaL>gN zH_WScU5fs*vNIsYlVv%5~$c96AeP5+i8Yq)$Zp19Ec zkM-CGF@uVzQ1xBju}15@RgUE^UGx^c%MX4%^DvBb6yS>XMh~!aAh*3%jZ9Fbn-{%> z13%(1O|t`X-<5Q18YZb)d4r@I(S%1nS#5f_$nHtNqMlA^+76s`Jj`eZ+nO?^FO#P$ zC6P!12uBM64UBM}c>hxbwhEViT{g(kKU+ER*Kk~euR1lwtoLO#aa2#QI=no`h1Ahn ziG0#iRtqyq*KG{4qDBM?dEr$mci)~P-rPyoDM%wGG0gk`>K0>5_yTC*LsQBG6nT^R znJvhOOg1yz`x93uJKL@%-|@OV57#f(q{yzg&YkfbiLLipI_IJ9cn1i{_#@qs%?&(= zLj{~Djz1t7#8wkuB&$L}7LOfnZ5R6vQqJGapvvm7-sYs)_{P9>^}%9|pkahqEwyKb zOT@foWLmyEMgFkU`t9VOhGRiO9u*Yw@-c@{yzA{_f^y?lf*f4Qgl+ssm+rksN7C|9 zyhoB1?K`{(@Eb$3Z2<(19G)xB%vbSH_HS^AHAMfHrvO}^wBfK8=ZMLMMC`>W^ zP{1)m@0tIf{ITpLw(K`8j>Lu4%&S)N94`gUg6xSFv)2dmq4TzMC#fy^$brbBe0zx+ zbzxTmvn=8#a(}9tu(q2&2*-IX+O|~c9RFlK;O+J}vT!buc6=J--B0R9YO2NW_n0kr z2tECDIg=s|c|#bSx^h`pjhH*=XjWuCH%J-!znXa$X}_+ml*;#!sqp9);7htxg8Z|N z3PTOGqSK-FE2-mhIH`QdXG^W$w0f5oyv8u(skfHmb;)nE%2_X|kKV_Iy^K|5m3azu z-%mjG?3p@wgzyDq`wscvAA^WG%3b5iM#nwH$Fs??UzMnhP2kh zZfe^mcmj=XbpOGW>Dzi6>lF*xqpM6&;f^3Wl5st=%8wTK))lnBqHrxC-#kNbhij<> z?z)Mby(oPDZ~C8eet>Xv1;`ai<2FF}3kvUFF}G5&Cj+b-k8X}_n~JjP4KNtwQCca>fZ%$3`<;bF1KkqU$-QoJMre_0kPqx~h<4RN*=~wKQagxM zL`G0g|E(mU;a@|9))_dlCb(hz0o@V9VL%sD+Oq_t-=d?f}4SSV6&CMMK?d?YPi?)J(lP~2@}og0Dg{- z0%QTK4nOsu9UG;j+oW=CZHm9!6s!;eS0K*Wnr*Vj>v?V^aYLiB&+v`GkW;6*A39ge zDiSOZ?&RQIH($|xv=iE-;P7JXE=i@QN41i;%_q-=K8wLzCO2p5jOw%Nc#J5~y1aUykOqhx3_#?Jqbb&-&u+Dcr1+b=SBILz z^JepI?m<^t_(aEFu$a(94R5^l_wY8oRJowKfBe+zfB5x#z#t99^T$c(f=k8Cp5JAI z_kYiujg3xy9ezHcYdQPg^FBD54^7eh_&-rJU@-pQ$UXfJk+{%2h5{v6KR%_7vFZox zFM<37pl~HH$&}H!Y`Y?o(<{Fu7Hi}+xYU&g*PJfUw1-rGZgsRB@u_0Dy zBJthf`$}}0MiE-CZqiag|M;^EG=Juz|I(T)1oj5g3=oTe-NFW{`)(XREf46SAE3a9 z2#(EvL?<4a=xoET`6~SXrx~jRz}*`l2c)#2E3N6@?Pyw!oys5;@WP4*Yrnw_KqOqW zNR&9Kl7I_L1hpruR191F`y~^Y@Be~HanavB@c>Qf^~JJAZ-0A=F7AP!b;v8bZ+0p4x@u3iFHBp~mA979GE)FXj8E&=YAjp7Y~eWKBH|3}d0 zqIpE!%#ujJ|1|(1i_7*bApdA#blSitxun%Vz?O=74^e=IMdgb(7#jODp21buv;6MH>L!uLq<=(P0dap$|YMBhE6zy)O0Rmhh5D@T! z>r5ktSuzyU*l4ygMuG)PSJvj3!eF#-w)>U0xBc4w6?J28;q|;!l4-zuAkv+s4*h@f zjbpLBfzBQX#@^Ob6wa@mm!V=!n82<>CxzeyjNn2(x<*H$iv&z+Fi>Xvy_w4%Y{rsNa^Lx=BSMrO=QY5o%9@V7o zgRj2IG3?)4BX|6{)j-rc4t%T&A~_A}1(i%Os3+&CybE6A!Cbvx?p?AMazJ!Zv~)JJ z-S9Kh6FPZJS5OZs4ྫ?eh>ak<+U#s>2yad40oTZci*8h-Q0+{9Ro@0%k{)c1= zaQUcB#L#iI9beDXo)_6heml#2OM$~fE2%ugBvPc6aY!WXAWPppy2tl7%(#0LueqWId7@zD{PS>=T$)Y~X9 zve$$8`T#}lUlZyfMESZkOElb*BBX3@Z*RH3I`*L#Ia%ZWsifplkIcFMj&xWx$VTjN z1;AWKd?RaL<=3w?!Nh1sl|tR(*X>Mx$S5bRT(yqtqcf-blkUB=WW-JmDGz;J0Fx*R zibChBd||q5yZ^<+IQsXA(Rv$EzdN7`V&`))%4t(?lav|4M013CC55^;MfoHrXVg)n zqql9+JrkE+Jz+2~u6AaW0^>K>+0X*5X>NUkI~U6^2-=RsneqRfIup}Ok0l7NRDUn_ zI8JJRv?y`0H-is6{r%^*3K03w+>Dc0Pbjx&??k2u#o{u=g^SXs zDvb)03*{)B8$)|f%=JxTL%EXguIVzw}5)AzlmYGr$XoF5nVF(7Ny;}r{3A$hqw+|w(QM_&l~jzChlrOQqI08V{d$3 zb=g%BbvY?CqBC)3%>AT(Ue12`);2qsu<7$4u{nMIeqk206{f^0!bgpF(&M_3c3N!@ zEaGtt4(Hs)Ccnz_p0td)b;ht|(QA)rdx5@eP(xlN4$r@ z2w>@1gGDEE{5v~@@Vd*ScDPt9%372JNc1=@W8-dAnbiBHuoZZPY%WrYmT+gt(y3$K z1T323maCdKyJf^S_}UCR9jeI*&0ECNPJ_v@KIp1!e(|0AgR<;b?Ltm(VoErSX!lyg zMMYO_wpxAh>y>_U@QXZ-{~TN0q&dx)WA#Je?qQL5d080l=!14S4MHDs!61_ zL%>|qp%PjZVZ)xXYdBgW`I(iJ*i|g*FA{n1-fxMXes)jyWini@{q51f18AYN1Ad@* z`^{M0KmKcXnO6{a8XQP16Zf3yzu^tbWQs`l@WoSqM`1P0MN21=BeKpWDf{Kc$|YYU zDw$BA*U!hNZpTwPjbCQMfzG?wv^2ELWS}yBIu+AttZHRE??>0_hQKOfM6_0y-;vlC zRksr9zjnMwzEVc-d{&=llji(;wx$L=c6IR3b}$zUEcBfaqY3pK*C&>TfB?e_F<#o$ zft;cFS!|lBu^i9z0zs7k>9z~jURLz$#~W-{n_jB0ghTesMU%6SJ?fr**z|UN?;^J; zU)?f?p!JaH(e{!IyFU9mdWtpE>|?|zi#}Wm=4i*O5#HV^mHZf2*qoo?SjUHKVM)e0rIpRK3Rm!0^I-4=%psj)??}w{WCP+(&_tn!5z=q2) znq2a9+>EPRO6ks!fSrj7QJXz#HVQdXUAmdxIJr%S#@LZuRA5J*kOr|NViUnkBOlO6 z=CiS5E;kv)`b<%wJxY{Suzz`?NW`b*;3tzDy&ZJKP8_yKF?dKY{-QfOzufUQwX~(k zxQCW1ilP$(k>E%o_;+o*?)v0sczCNQqBz0h z<1+6|xuO43DRam5-0i)7<78i-r5ew1YSvLg^MEO;UKVb1vlY)>%#aTzB^dM|UlHMa zK;~)ev$v+Ctwpu`X_2?blhv{Mu`R-we)6xL$tfWl1`g#mL1p_vVI;7S9&vY}AF5A_ zk5}JSTX%yelW|6nq5jDQ5OD(NY0h>U+ug)FB1jLm9%5J!5wkb?U;@wW$TqF)O2{ja zYsl6}V6~jS;C!PXGuOQ&16NGs6#cYPF3@e>3OlmHcqtP@Y|{0B&8_Domwv<5xK|bn zv30Cr>4;0uFj!Pj(1E8LSmhTUT80ue$x1WZuCG&n_BSrl*Qe3XvsQDIcr81FUyqbs z=&ckuT;SuuY%yJ@SiEH{pd+?9nEqd4L_B!Nh$q+t^a*dqWPo5z8Ae1)BG*&eOHQM zRWXkps;5S{fh@`8%V2S&{hkt9!nLZAJ=(Mt`W_ zl?@bS2USvrP1O=&Xi+$}QP7@Pr>|fF zNB((C`ZhQ!5>;96ADp^&Ou!>NMFTSd5|{1bYrcfov0f*6&nLM1WEdFt=*W{esOHS# zN^b4>m#6Onydkki0H|^FxIQSfNzer8tG(q&pLA3y!M(?|Yk#LHT3ik5x@_~xvP1eH@lWk`w4w$GqcQvv5r#~HGSpAj@}q?1+7Q=H$fc#f8tDMbyc(qZbg#jtBa##v`JGpVd= z|1rhX-Rk*z=Vq0%f#|v+>&f?DTSukI>QeAo`7rqy(UbgwX#q7uM-T+7LBoAtV%%VB zk!IMcoF6CGZ-!WmnCR~5}6gu>DJ4~8iM|bX!eH>=j z9D^FSf0$eBJu1-JZ4yNrVnG6yPY1zVX|zHq8^^jUA-8mW2vg)*MZLave1*Mn35ULB ze6|0T8-uBD{RaNe27U_B%1wRn_k^8LN-fD5EDC(fcxNxiThLt!euW1DL|F_@3^U`vPbJ!1~mnMwyyT zpGB}${MJhDqFkjnTuU<>rtjPD<7!FVcoPKSGvXPzkRy@w)ew8jelxQ{Y1K{Yy9ZOS z9*PKMoJv`zzBG7$YsLfJZiT-bkQo1hK&FHP(es1!{a5uy)nxu&GcA{WA0f3#Ep>g^ z%p3>uIlZXUPE6^d4gG4W-*gBAadP$WRkf7N(vnPYhAyMc&AVz8I9{?nK8z6Ma^^*& zx}{Dq37nMqx-jS^+L%@Yw^Q`gW2!T&JCBDyiT3$TIcDrHz28>^ZU^Y0-yd#`C}3Kt zfQr)+KTSz1nxn%!u2UxVV10=#*ushD0-dJG2~7mH9yn@n)lZT8l*_g~+I@}E!>5WK z9jk;Xc1I#t^6yY(P`{V?!F`|kS)Z#g)>;@Py07Gn=DX{4hF4Cj{VW=ir=M#SueHnI zkSxD3pzv#j13j36(Ww3JS>@$*X0yXe3GK>PAA7fC(eiY6`>DwwG0zIAt$0iDo>1>3 z1YORn%TvXg?w?5&Yw~1fh3o&e2>z2lggcJGXF-xJ5DTL3AKDZO!Th{62|2t9tpuSJ+ z&)=9mEHMUg`zUVzEuxA$xjS_Mg?HvU)YAmf+I7D_Sw*DyRortHuXIwT|IIO?xSyMi z+A=)2fjiNlW&KEGg@ZAVKh3KXzlwFXO*bc;4`Fr~zMvb$HO(gjS*5lZW%aI&2f3~6 zn(SaFR1C2w&%&Si`8#xns-uHLt!MnPQaIf_5utLF%&3`CbN7eQt+u(*NBWj%u=(C{ z#t#!<=l;!C@1onYW*dl;&B%_0HxfSIT|EV(s#MX3&q@8#N-K|QnWoboEtx3p<(7PA zWW72xp;KNMYkY*uY?3@Iatw2KJsjbraHd>*hG)EK?>?Viuo=-Ui1!pvAow0#nmR~Ejmg8M zU!*@-R72J$yWdi$p(Maw4$il#77bVqdw-99Uw(2BVXIKTf>^v46-tUZduI{d@bssw zvC!{SCD?U64Qa|BGh{d#o<(*E2_!4DrIi|_6ZIo(`PB0fIVP|&5)s?Fqqc(N2H(Ap zno|Ca+tBHoP75Uc9OP6ev(Er8o}M{Ym`oEU)`;=L?n|YSqnu+Z@a(L^THVUiymXnM zhA@B|!0L3X`rNlburOII=C~A_;i_qsZU*kQ3MCz|fFP6t!V@Pezz+t#MP3as$N<}1dZSwSfaM1G=LTkn z{S83LE*6XNm8XkqRFm<2|6(fwqc7?cxrmagD^(ckyu<#$uJ0G2in zaNhq*fkANgsJquim<-rslYDN{Wh+`B)ACSm>g7edCZ~?Qh)@GtH3qk3lNhN!ec#%1uk9v3jh(qdqD5p zl za1H#|;X*tC6s9jTyP&Ka?%>^jpr+0HY;%7h+?1{4%`iX!a-eK&;Wz@Pi)ujmHazJT z4==s=3#9QiUXBL5kiGUI?`s(f3!IYn%R&{)#{-QTxEFKjU;n?Hn+2NK_fsEq1O%Nz zwSF0tC`$(E_gIr(K(q_czI}A{`}!N%N+_hWrh##Cks{XtjqH&D6Hf3KJxJovZtuFIq(_feo)6MnPp?3%0o4qjrxfwlpXG5p{YUO2xDE`XF894ekSDA{3HqRb zju>F(P^D%d9B_k8ZkETSp$LeyL(>KhO&go`*Wmp-5ICzCDyId#5rpLi3}y7eM{vt! z8Yw71QxcR1akK!kOaXOfR#WC3sAO4C%Jo1T&~4Y=cSGZXfsX~Pc79H4P+JutaGMU9`;yQ0?0(JO3d*LFm{DAN z^H~BGy&muuzcfdHgsG$Pw9*EaQzCPcodnqdXu#FquU*zW3`&H#R=nv0l&$}TnL{f^ zH%O?Z3`$_i)yUv|b4z_2Sr4UHeRKKv-W%37i)@1Ua=A{$t+|2}k>WobYeQCL`*#;lvGJ6%F=d}3lDgpijXCJ&#e zhGj5#Pr9b8N_eje&plOFk41vu_k1i)@HzzLFR*sTGD(T=pg-#rs--M0T5I8$r=}%d z;!zMpow~hQB%dBHxvlcZ@JcP`Cy)draro}xAz^cr&p%NnOXOLWWOk?3} zULl@iMyCl{JxoL~hAI5@9(t^tl3nsM8mpWnz=M3dnfPl#Ri?4J*c?GQ>1oqSz3-l2 zyK!h+4Oawnmo_n|+dHAeRs4(X>;_cRIL?2cyo5j3(S93ul|`rKbG@fLlU`(7`&AzS zs^N@Wen=Fy0Erb@bnz%w`AT^^lhB?la)-Qtz-RVP|0D2Ri}!MB@&RHE1f}A;%yZc< zy;G@g(4v|7O@qjKfM06gIi|L&!i_j#$!C>|((RzMBSBCc^PG+&;V0R*2_0IBw$iov6NQG+S2E>&kLhXrcj{3RIt-4GYvS9 zwlDANhvZ}T)+HuVY4L>#;Mwf+6ak}F3v$%|>cGsyQ4=6V&T_6>&i`xu{PEsOlBf2_ z-Y=~tGST9>EWAq9_&=X2* zjcnu>(H}gDpZ8^q#Qp)EzLJ*x1tiu;#~>F08cff8?b4741G7W5@f-9+5}(6m67p^6 z3`4rg0>mdmP-!MHnI=YFcYoscib#B*lWducCSHZZSdq7rDV4=Ce3$RcU&%w;nT3ls z8fv@#;EH>De@JU~Z9tW;yS#&nvR|Y{Z0|#bP$ zR{AjE)j+Xde2aji!#KA@mGi5J^(m{Ltl4TO^k@SfjnnCRL7(w!DK0JjFD6=W9Y-_6~6yzxPkj_pa`=aRdh)8z>wLT*t&xHp~)UEVeGkwhLt z%cc-)x8;Jo#YwT$4L5APOf6QvFxucRpHV4HRzzHgBjXVl5Dlb-iMPNA*$_4Nb0+Xx z5b{8f!WN#=5efpZ(o_o%znf@NvwaBIiDpb=rhaxtNqf5f<9a(ru+!O(gA``0bNG>- z`iW@Zn&4Qqcl^--sxgDUQOK2zMC7nDD{rCT{3O(Iy0#S|=(}nrxD&ASF3hlirfg~e zY$a5DewRDK5x$2P??GX}a9U|ssq>NZ^5S4l2ClKgTXW;!@^tTwsqMBxKI;*YH+ktS zLet(2yK6H1b`*}KYS5uUz-80zhZTXCGeOg}xe07)qXaE^%~^<7Iq_ueVLz4R;v|+I zQ^4+H_xIZ2ToUnXk8S)`#(aiw4&1Q$^F+41UX}24;Vid{Mdk>o zm0*!AarBMVfN))4!zX|z*2*1*aWtmU)p{m9|2wHCgg*NllOQV%X2*SLX42XjbsPa? z+<~g&AI=F8|&#bn$cWPBF(CTmJEdv)mQ zKwJ;~7|=|h)4^=<+g{m%uTns9=Ozpn=0+gAPoXvPJ(v01ZEA_7^_Q2z;dZRQ+TU{J}zu@@ro0g4eW4@|C zHI<8oAd#G1rW8R_THJ6p(oNRJ`)GGW|F-EMLuvcu< zf-ng1-FKB0C0bhKizM)p^2yJu6-Da5%Ncwpu8+C#OH;t_9hi8!R##0z*6*{dY|hb{ zQa#-{_b)Aax>dW&$gk4I9QajDW^0$B(1m;Uog$&-kBLI{2G+pJr4p9w3)RQj5LG8lcagi=QtFRyPB}jG z<(m{G_#OE@7vG76IZWi2+|*CpD?~oCJ~#r`yk@qsezi8f0!iTNfhQ`3i{aJp)4t=~ z&kSh78keK}8lR(VxwojpCsFULN7VWD=yNo%^~-b{Pj+>w1N2GF%ku<~LsU^uIU3IY z#@Gca(>rZ&O1=KG-(Jl1?78tQQM6sl4c9e!#{Hh6H9Op1;RBlRx@ZT#*s=YfNG^N3 zM#qn;&vxty_r}^C&AQIff79Pf2N{o!x*oE+bcvP--tuF-6L3i4-H~+^k9WLPbB-vd zh^Lw;x(*io9HT8{{fgg?4~i$r|7@ylO0QeHHyD?)T-_!ch|D9M_CU8z`YZtM`Zd-O ze$jwax19sBb_PD?Z<|`!kfXF9o} zon7-4^yja#+|OG3StQZz< zKiaGc9{$ZKpBkSDBNe4;x#J5kxRbc~4->N~-Y&{aXh*<6z}71D%@4jas-7&VV-gq` z7(u>`RsXf=jCH1x%Zc!%+=|+8=mU#RND>Af`4T!taDCe6cdwC>X}Om)fkxFfe77cD z)Zg2#T9R73y4}n>$rMLa82S8pwSh%`vh~FItg1}LmTv|2r>^t)2w5{KBa%`uqf;xf z7p;*?q(4`WsP>!V@Ril>t}y%x&$orSjadYPCnEeVe|7Me{M-hM$1i)JhmZ^zS7#mV zEZ5HcbEk;jy`&nExHoQj?FrwGHV0Uk!}r!#@8WAiDp-`FIRz^T^}j3XD^^?cc}-n~ zuSA<39A@#D+M$6w+$xB`?XQ1EJ=Wr$dnM8^=xT&r{prRdd<8)shiV6u%|_TtKY_8o zZ|nWKwTQy*`!YZyUwp(qv1NwT9elrmFlpUiZA(N91`eNSx*Gr2ATp zr5V;LZA~!jJcW(A-$c~Ki7kdPH1+h%mpn%-daXq|(U0RigQMi~wf6VFjhO_MaQGz) z4DP)-aa^IHxIW_H_&2QP;SsWoxgXjAF6oJy5cdH*13;$_@yzrY-z*X)U}G^5ZambS zX5zQu9h#TKvcS7L9N3)(+bWP)0w&!%c-gJed(QYHQk9*H{n5A;!fW4Y_AL`kXH$;X zj2i5=gn%)BG4{ee3-;uQCK=D+J%juypI)ld?bsK-@QKq_hHo&wxEQY%o(j?Gkg$fn zSP>^`w1YB}gb=w*RiD*kaEAH9EufB~TfarW?2TeHaj!>NnwF`js4YoWAlj3m;(Pz&QemItYZZn@wjZC`su;zK`gt?d{T!u5 zk9_T5&@1F;yVVSytG9LR`p6UKxbHv~(^Bt3DzrCy5s{WGv2F%uxN z6HM>~P8e3OEcD5hS1)a7X97HG1YL3U4A;P7)MRy3?T0Uh$zp4dPjdF&!0lM&yjdZF zVw=BVqTV~D37a@gL>()-kBu9#%(Q<0&;;_@8Q#VpeUAb?A*djIzQ^Q^Y%8=Cy2_{4 z5{DZUt@IO@rU{nYw#_}&`WSA{N(xfL2n|I|ztqWIV?z`qFENpaJ2lqs)!hnm(`JGl zIg|ZxHHh^lZ{xijV7cu;`Z?N?s8zRpxb2HK-?ULoEXv&{P2Hbn=r*`+}p*b5Nep-Y|6+iYCvIyV#sN|^8PZG75 z-7a6ryq^03HR%{nPgDG??kUr^CF)$BI=-WkXY0w7%N6ymOZ)BX60o~G3a>XVPOZ2A zVxWWs*%Yr?e3l@yE_Ys1u5IyiZYFF9#z8QVo2$EBptbnP2v+`K`gK{C6(-t9Q z_g8RaXI5je;gb`<^IK#M<_G38{3E3_NcY=BelAxqa<5r4pz`AN=F=0K52dDcU5V9u z#y^*MEB#;$u@%lM4}e?+b%2}K3+;cJIP z@bt@Qne6xd9pbSUkHL9UQcQF@t;Wt+UI8AP7T~bLQHntG6V{z^?$VZpYpjusXpFB4R85zrg4T>}CKZ?&du}=j0B%;V5q=g0s29EOs z1v%~E-I7h~jpo`lD!(C$y-~t|I+Lg{GZ5ILm?!dF=`PAg74jgcK!7>WZ);WB*4brI zTP8}l#PQ+;{2OvJtDo4DNF<%KO7En0O(Dz{-6mGL9oB&*j&eNr+wn$DuH53QOK7j^ z-ism;tRmg$%VpxL>;hTlu-~({xtwo#zMGO1NwB;Xp;$N}G9GYrbY%TF&Z}It z&c5}T)ei{=%k8hUZohVEtwqOror|@0>}_W6MKF5q;zrxAKKda~vUlyCWsYeQ6Mlf4 zVYrFBiA;%U$iAuQ!0+;nR}EKjtmDc-uxqtS1W`Y}T1x`-*m5&GlzPhF4@rj!7ZqJ} z+u=XDO=AU|)JRLHq{n6}Be3|&@ZaQFBMMhRs(ba4Z`8BR64YV&I{eSywMt!l@hW{$ z$@7+s*Z|UD55^!Lin%v_?srCH=$J5@X-00WA1j}HbhwG^ZWEeHNjq&*M;YX|OPi5; zoKog&w54r!M0Tetpmg-J?HWUenk2#cjqQcp@C!{gvL8PmB?PesDe^j7g=^aJ4S2TK zjb`?>sA2*c6tIgN{{xZ9Bn|Fqso~NVo#qI3gLI}Ql@s;>#&G$ZKS&#{FQ{wuXhdJs zOYI$hyEkVff!~w$3(q#>Uqygf8jiPhY7d#eROO5Sj$i^{V~ay@-WV77Vv0Qx+(6e! zS#YJt$ngG)M6W`RJC(5T>%E+ z1(+F$c-A8KF<+3$_F2|@dTgvu4HPSr09RW(C2;P~i?Qz!Dl8E2l$DcW2y`qj;K$nv z7(4r1gw)B7f#r(?!%YCreuCe^fzaU;*asR}Ebl-gKDp`JQe1!+-{qi_T>!=Z0kUkZ z>c0k8D?(S>^4k(zLLCrvv?WdPj~=*yU?Etm81BXW00cmwn9vhp8sQ5SEeH*4?gi^N zEV$y{C7AIYl!mR;8UtEq2SKmh+42*YK<@7?stqA%fc`I_@7DQ5rNuCgIm^qeI#!y= z7OS)K1I&Wg&M)2xhChi4CMy-Ize%EeH6l9peh|hL%r`-sBXtzbhNYzw_@pednY=8B z;Wa?1XHk)b6Z&4u2CoGLZC3f0_Ks`8(+M!KmNA zVufIZRcE&I6M)z7@L*})vhay(>nq?6SyS*4hPm5vm{_mDr~X0-&_mZ8wi|8`gR&Z& zIb?${f@^~|b*tT9V+6BYndSK{5cB_G!-7|A7&4~y`V^E{L5r_oKF2(m=-T?$c*E}c z;bCpulDqKK`ctUmSv0A|dgtNK>(r^=TU={2^3(%^0LBOEZ>U2r|M<(rf-t!DUtjsh zTSQ<;u72kFA8x^edHq`<&@Hl|V9bM-AN~(THRfD%L$08MqcFhN1I0%QCHGB3{uc?a Bibenc literal 0 HcmV?d00001 diff --git a/fast/stages/02-networking/diagram.svg b/fast/stages/02-networking/diagram.svg new file mode 100644 index 000000000..52f424f7b --- /dev/null +++ b/fast/stages/02-networking/diagram.svg @@ -0,0 +1,2788 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/fast/stages/02-networking/dns-dev.tf b/fast/stages/02-networking/dns-dev.tf new file mode 100644 index 000000000..3c81a93fc --- /dev/null +++ b/fast/stages/02-networking/dns-dev.tf @@ -0,0 +1,53 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Development spoke DNS zones and peerings setup. + +# GCP-specific environment zone + +module "dev-dns-private-zone" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "private" + name = "dev-gcp-example-com" + domain = "dev.gcp.example.com." + client_networks = [module.dev-spoke-vpc.self_link] + recordsets = { + "A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] } + } +} + +# root zone peering to landing to centralize configuration; remove if unneeded + +module "dev-landing-root-dns-peering" { + source = "../../../modules/dns" + project_id = module.dev-spoke-project.project_id + type = "peering" + name = "dev-root-dns-peering" + domain = "." + client_networks = [module.dev-spoke-vpc.self_link] + peer_network = module.landing-vpc.self_link +} + +module "dev-reverse-10-dns-peering" { + source = "../../../modules/dns" + project_id = module.dev-spoke-project.project_id + type = "peering" + name = "dev-reverse-10-dns-peering" + domain = "10.in-addr.arpa." + client_networks = [module.dev-spoke-vpc.self_link] + peer_network = module.landing-vpc.self_link +} diff --git a/fast/stages/02-networking/dns-landing.tf b/fast/stages/02-networking/dns-landing.tf new file mode 100644 index 000000000..611410b5e --- /dev/null +++ b/fast/stages/02-networking/dns-landing.tf @@ -0,0 +1,93 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Landing DNS zones and peerings setup. + +# forwarding to on-prem DNS resolvers + +module "onprem-example-dns-forwarding" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "forwarding" + name = "example-com" + domain = "onprem.example.com." + client_networks = [module.landing-vpc.self_link] + forwarders = { for ip in var.dns.onprem : ip => null } +} + +module "reverse-10-dns-forwarding" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "forwarding" + name = "root-reverse-10" + domain = "10.in-addr.arpa." + client_networks = [module.landing-vpc.self_link] + forwarders = { for ip in var.dns.onprem : ip => null } +} + +module "gcp-example-dns-private-zone" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "private" + name = "gcp-example-com" + domain = "gcp.example.com." + client_networks = [module.landing-vpc.self_link] + recordsets = { + "A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] } + } +} + +# GCP-specific DNS zones peered to the environment spoke that holds the config + +module "prod-gcp-example-dns-peering" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "peering" + name = "prod-root-dns-peering" + domain = "prod.gcp.example.com." + client_networks = [module.landing-vpc.self_link] + peer_network = module.prod-spoke-vpc.self_link +} + +module "dev-gcp-example-dns-peering" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "peering" + name = "dev-root-dns-peering" + domain = "dev.gcp.example.com." + client_networks = [module.landing-vpc.self_link] + peer_network = module.dev-spoke-vpc.self_link +} + +# Google API zone to trigger Private Access + +module "googleapis-private-zone" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "private" + name = "googleapis-com" + domain = "googleapis.com." + client_networks = [module.landing-vpc.self_link] + recordsets = { + "A private" = { type = "A", ttl = 300, records = [ + "199.36.153.8", "199.36.153.9", "199.36.153.10", "199.36.153.11" + ] } + "A restricted" = { type = "A", ttl = 300, records = [ + "199.36.153.4", "199.36.153.5", "199.36.153.6", "199.36.153.7" + ] } + "CNAME *" = { type = "CNAME", ttl = 300, records = ["private.googleapis.com."] } + } +} diff --git a/fast/stages/02-networking/dns-prod.tf b/fast/stages/02-networking/dns-prod.tf new file mode 100644 index 000000000..22977348b --- /dev/null +++ b/fast/stages/02-networking/dns-prod.tf @@ -0,0 +1,53 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Production spoke DNS zones and peerings setup. + +# GCP-specific environment zone + +module "prod-dns-private-zone" { + source = "../../../modules/dns" + project_id = module.landing-project.project_id + type = "private" + name = "prod-gcp-example-com" + domain = "prod.gcp.example.com." + client_networks = [module.prod-spoke-vpc.self_link] + recordsets = { + "A localhost" = { type = "A", ttl = 300, records = ["127.0.0.1"] } + } +} + +# root zone peering to landing to centralize configuration; remove if unneeded + +module "prod-landing-root-dns-peering" { + source = "../../../modules/dns" + project_id = module.prod-spoke-project.project_id + type = "peering" + name = "prod-root-dns-peering" + domain = "." + client_networks = [module.prod-spoke-vpc.self_link] + peer_network = module.landing-vpc.self_link +} + +module "prod-reverse-10-dns-peering" { + source = "../../../modules/dns" + project_id = module.prod-spoke-project.project_id + type = "peering" + name = "prod-reverse-10-dns-peering" + domain = "10.in-addr.arpa." + client_networks = [module.prod-spoke-vpc.self_link] + peer_network = module.landing-vpc.self_link +} diff --git a/fast/stages/02-networking/main.tf b/fast/stages/02-networking/main.tf new file mode 100644 index 000000000..fd03c287f --- /dev/null +++ b/fast/stages/02-networking/main.tf @@ -0,0 +1,72 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Networking folder and hierarchical policy. + +locals { + # define the structures used for BGP peers in the VPN resources + bgp_peer_options = { + for k, v in var.vpn_spoke_configs : + k => var.vpn_spoke_configs[k].adv == null ? null : { + advertise_groups = [] + advertise_ip_ranges = { + for adv in(var.vpn_spoke_configs[k].adv == null ? [] : var.vpn_spoke_configs[k].adv.custom) : + var.custom_adv[adv] => adv + } + advertise_mode = try(var.vpn_spoke_configs[k].adv.default, false) ? "DEFAULT" : "CUSTOM" + route_priority = null + } + } + bgp_peer_options_onprem = { + for k, v in var.vpn_onprem_configs : + k => var.vpn_onprem_configs[k].adv == null ? null : { + advertise_groups = [] + advertise_ip_ranges = { + for adv in(var.vpn_onprem_configs[k].adv == null ? [] : var.vpn_onprem_configs[k].adv.custom) : + var.custom_adv[adv] => adv + } + advertise_mode = try(var.vpn_onprem_configs[k].adv.default, false) ? "DEFAULT" : "CUSTOM" + route_priority = null + } + } + l7ilb_subnets = { for env, v in var.l7ilb_subnets : env => [ + for s in v : merge(s, { + active = true + name = "${env}-l7ilb-${s.region}" + })] + } + region_trigram = { + europe-west1 = "ew1" + europe-west3 = "ew3" + } +} + +module "folder" { + source = "../../../modules/folder" + parent = "organizations/${var.organization.id}" + name = "Networking" + folder_create = var.folder_id == null + id = var.folder_id + firewall_policy_factory = { + cidr_file = "${var.data_dir}/cidrs.yaml" + policy_name = null + rules_file = "${var.data_dir}/hierarchical-policy-rules.yaml" + } + firewall_policy_association = { + factory-policy = "factory" + } +} + diff --git a/fast/stages/02-networking/monitoring.tf b/fast/stages/02-networking/monitoring.tf new file mode 100644 index 000000000..7b8b70c51 --- /dev/null +++ b/fast/stages/02-networking/monitoring.tf @@ -0,0 +1,32 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Network monitoring dashboards. + +locals { + dashboard_path = "${var.data_dir}/dashboards" + dashboard_files = fileset(local.dashboard_path, "*.json") + dashboards = { + for filename in local.dashboard_files : + filename => "${local.dashboard_path}/${filename}" + } +} + +resource "google_monitoring_dashboard" "dashboard" { + for_each = local.dashboards + project = module.landing-project.project_id + dashboard_json = file(each.value) +} diff --git a/fast/stages/02-networking/outputs.tf b/fast/stages/02-networking/outputs.tf new file mode 100644 index 000000000..4efe9bc61 --- /dev/null +++ b/fast/stages/02-networking/outputs.tf @@ -0,0 +1,95 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +# optionally generate providers and tfvars files for subsequent stages + +locals { + tfvars = { + "03-project-factory-dev" = jsonencode({ + environment_dns_zone = module.dev-dns-private-zone.domain + shared_vpc_self_link = module.dev-spoke-vpc.self_link + vpc_host_project = module.dev-spoke-project.project_id + }) + "03-project-factory-prod" = jsonencode({ + environment_dns_zone = module.prod-dns-private-zone.domain + shared_vpc_self_link = module.prod-spoke-vpc.self_link + vpc_host_project = module.prod-spoke-project.project_id + }) + } +} + +resource "local_file" "tfvars" { + for_each = var.outputs_location == null ? {} : local.tfvars + filename = "${var.outputs_location}/${each.key}/terraform-networking.auto.tfvars.json" + content = each.value +} + +# outputs + +output "cloud_dns_inbound_policy" { + description = "IP Addresses for Cloud DNS inbound policy." + value = [for s in module.landing-vpc.subnets : cidrhost(s.ip_cidr_range, 2)] +} + +output "project_ids" { + description = "Network project ids." + value = { + dev = module.dev-spoke-project.project_id + landing = module.landing-project.project_id + prod = module.prod-spoke-project.project_id + } +} + +output "project_numbers" { + description = "Network project numbers." + value = { + dev = "projects/${module.dev-spoke-project.number}" + landing = "projects/${module.landing-project.number}" + prod = "projects/${module.prod-spoke-project.number}" + } +} + +output "shared_vpc_host_projects" { + description = "Shared VPC host projects." + value = { + landing = module.landing-project.project_id + dev = module.dev-spoke-project.project_id + prod = module.prod-spoke-project.project_id + } +} + + +output "shared_vpc_self_links" { + description = "Shared VPC host projects." + value = { + landing = module.landing-vpc.self_link + dev = module.dev-spoke-vpc.self_link + prod = module.prod-spoke-vpc.self_link + } +} + + +output "vpn_gateway_endpoints" { + description = "External IP Addresses for the GCP VPN gateways." + value = { + onprem-ew1 = { for v in module.landing-to-onprem-ew1-vpn.gateway.vpn_interfaces : v.id => v.ip_address } + } +} + +output "tfvars" { + description = "Network-related variables used in other stages." + sensitive = true + value = local.tfvars +} diff --git a/fast/stages/02-networking/test-resources.tf b/fast/stages/02-networking/test-resources.tf new file mode 100644 index 000000000..8e54717de --- /dev/null +++ b/fast/stages/02-networking/test-resources.tf @@ -0,0 +1,100 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description temporary instances for testing + +module "test-vm-landing-0" { + source = "../../../modules/compute-vm" + project_id = module.landing-project.project_id + zone = "europe-west1-b" + name = "test-vm-1" + network_interfaces = [{ + network = module.landing-vpc.self_link + subnetwork = module.landing-vpc.subnet_self_links["europe-west1/landing-default-ew1"] + alias_ips = {} + nat = false + addresses = null + }] + tags = ["ssh"] + service_account_create = true + boot_disk = { + image = "projects/debian-cloud/global/images/family/debian-10" + type = "pd-balanced" + size = 10 + } + metadata = { + startup-script = < { + address = cidrhost(v, 0) + network = module.dev-spoke-vpc.self_link + prefix_length = split("/", v)[1] + } + } +} diff --git a/fast/stages/02-networking/vpc-spoke-prod.tf b/fast/stages/02-networking/vpc-spoke-prod.tf new file mode 100644 index 000000000..574af7574 --- /dev/null +++ b/fast/stages/02-networking/vpc-spoke-prod.tf @@ -0,0 +1,105 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Production spoke VPC and related resources. + +module "prod-spoke-project" { + source = "../../../modules/project" + billing_account = var.billing_account_id + name = "prod-net-spoke-0" + parent = var.folder_id + prefix = var.prefix + service_config = { + disable_on_destroy = false + disable_dependent_services = false + } + services = [ + "compute.googleapis.com", + "dns.googleapis.com", + "iap.googleapis.com", + "networkmanagement.googleapis.com", + "servicenetworking.googleapis.com", + ] + shared_vpc_host_config = { + enabled = true + service_projects = [] + } + metric_scopes = [module.landing-project.project_id] + iam = { + "roles/dns.admin" = [var.project_factory_sa.prod] + } +} + +module "prod-spoke-vpc" { + source = "../../../modules/net-vpc" + project_id = module.prod-spoke-project.project_id + name = "prod-spoke-0" + mtu = 1500 + data_folder = "${var.data_dir}/subnets/prod" + subnets_l7ilb = local.l7ilb_subnets.prod + # set explicit routes for googleapis in case the default route is deleted + routes = { + private-googleapis = { + dest_range = "199.36.153.8/30" + priority = 1000 + tags = [] + next_hop_type = "gateway" + next_hop = "default-internet-gateway" + } + restricted-googleapis = { + dest_range = "199.36.153.4/30" + priority = 1000 + tags = [] + next_hop_type = "gateway" + next_hop = "default-internet-gateway" + } + } +} + +module "prod-spoke-firewall" { + source = "../../../modules/net-vpc-firewall" + project_id = module.prod-spoke-project.project_id + network = module.prod-spoke-vpc.name + admin_ranges = [] + http_source_ranges = [] + https_source_ranges = [] + ssh_source_ranges = [] + data_folder = "${var.data_dir}/firewall-rules/prod" + cidr_template_file = "${var.data_dir}/cidrs.yaml" +} + +module "prod-spoke-cloudnat" { + for_each = toset(values(module.prod-spoke-vpc.subnet_regions)) + source = "../../../modules/net-cloudnat" + project_id = module.prod-spoke-project.project_id + region = each.value + name = "prod-nat-${local.region_trigram[each.value]}" + router_create = true + router_network = module.prod-spoke-vpc.name + router_asn = 4200001024 + logging_filter = "ERRORS_ONLY" +} + +module "prod-spoke-psa-addresses" { + source = "../../../modules/net-address" + project_id = module.prod-spoke-project.project_id + psa_addresses = { for r, v in var.psa_ranges.prod : r => { + address = cidrhost(v, 0) + network = module.prod-spoke-vpc.self_link + prefix_length = split("/", v)[1] + } + } +} diff --git a/fast/stages/02-networking/vpn-onprem.tf b/fast/stages/02-networking/vpn-onprem.tf new file mode 100644 index 000000000..d06a0cdb1 --- /dev/null +++ b/fast/stages/02-networking/vpn-onprem.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description VPN between landing and onprem. + +module "landing-to-onprem-ew1-vpn" { + source = "../../../modules/net-vpn-ha" + project_id = module.landing-project.project_id + network = module.landing-vpc.self_link + region = "europe-west1" + name = "vpn-to-onprem-ew1" + router_create = true + router_name = "dev-spoke-vpn-ew1" + router_asn = var.router_configs.landing-ew1.asn + peer_external_gateway = { + redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" + interfaces = [{ + id = 0 + # on-prem router ip address + ip_address = var.vpn_onprem_configs.landing-ew1.peer.address + }] + } + tunnels = { for t in range(2) : "remote-${t}" => { + bgp_peer = { + address = cidrhost(var.vpn_onprem_configs.landing-ew1.session_range, 1 + (t * 4)) + asn = var.vpn_onprem_configs.landing-ew1.peer.asn + } + bgp_peer_options = local.bgp_peer_options_onprem["landing-ew1"] + bgp_session_range = "${cidrhost(var.vpn_onprem_configs.landing-ew1.session_range, 2 + (t * 4))}/30" + ike_version = 2 + peer_external_gateway_interface = 0 + router = null + shared_secret = var.vpn_onprem_configs.landing-ew1.peer.secret_id + vpn_gateway_interface = t + } + } +} diff --git a/fast/stages/02-networking/vpn-spoke-dev.tf b/fast/stages/02-networking/vpn-spoke-dev.tf new file mode 100644 index 000000000..edfe4000b --- /dev/null +++ b/fast/stages/02-networking/vpn-spoke-dev.tf @@ -0,0 +1,73 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description VPN between landing and development spoke. + +module "landing-to-dev-ew1-vpn" { + source = "../../../modules/net-vpn-ha" + project_id = module.landing-project.project_id + network = module.landing-vpc.self_link + region = "europe-west1" + name = "vpn-to-dev-ew1" + # The router used for this VPN is managed in vpn-prod.tf + router_create = false + router_name = "landing-vpn-ew1" + router_asn = var.router_configs.landing-ew1.asn + peer_gcp_gateway = module.dev-to-landing-ew1-vpn.self_link + tunnels = { for t in range(2) : "tunnel-${t}" => { + bgp_peer = { + address = cidrhost(var.vpn_spoke_configs.dev-ew1.session_range, 1 + (t * 4)) + asn = var.router_configs.spoke-dev-ew1.asn + } + bgp_peer_options = local.bgp_peer_options["landing-ew1"] + bgp_session_range = "${cidrhost(var.vpn_spoke_configs.dev-ew1.session_range, 2 + (t * 4))}/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = null + vpn_gateway_interface = t + } + } + depends_on = [ + module.landing-to-prod-ew1-vpn.router + ] +} + +module "dev-to-landing-ew1-vpn" { + source = "../../../modules/net-vpn-ha" + project_id = module.dev-spoke-project.project_id + network = module.dev-spoke-vpc.self_link + region = "europe-west1" + name = "vpn-to-landing-ew1" + router_create = true + router_name = "dev-spoke-vpn-ew1" + router_asn = var.router_configs.spoke-dev-ew1.asn + peer_gcp_gateway = module.landing-to-dev-ew1-vpn.self_link + tunnels = { for t in range(2) : "tunnel-${t}" => { + bgp_peer = { + address = cidrhost(var.vpn_spoke_configs.dev-ew1.session_range, 2 + (t * 4)) + asn = var.router_configs.landing-ew1.asn + } + bgp_peer_options = local.bgp_peer_options["dev-ew1"] + bgp_session_range = "${cidrhost(var.vpn_spoke_configs.dev-ew1.session_range, 1 + (t * 4))}/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = module.landing-to-dev-ew1-vpn.random_secret + vpn_gateway_interface = t + } + } +} diff --git a/fast/stages/02-networking/vpn-spoke-prod.tf b/fast/stages/02-networking/vpn-spoke-prod.tf new file mode 100644 index 000000000..a6d1ea166 --- /dev/null +++ b/fast/stages/02-networking/vpn-spoke-prod.tf @@ -0,0 +1,121 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description VPN between landing and production spoke. + +module "landing-to-prod-ew1-vpn" { + source = "../../../modules/net-vpn-ha" + project_id = module.landing-project.project_id + network = module.landing-vpc.self_link + region = "europe-west1" + name = "vpn-to-prod-ew1" + router_create = true + router_name = "landing-vpn-ew1" + router_asn = var.router_configs.landing-ew1.asn + peer_gcp_gateway = module.prod-to-landing-ew1-vpn.self_link + tunnels = { for t in range(2) : "tunnel-${t}" => { + bgp_peer = { + address = cidrhost(var.vpn_spoke_configs.prod-ew1.session_range, 1 + (t * 4)) + asn = var.router_configs.spoke-prod-ew1.asn + } + bgp_peer_options = local.bgp_peer_options["landing-ew1"] + bgp_session_range = "${cidrhost(var.vpn_spoke_configs.prod-ew1.session_range, 2 + (t * 4))}/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = null + vpn_gateway_interface = t + } + } +} + +module "prod-to-landing-ew1-vpn" { + source = "../../../modules/net-vpn-ha" + project_id = module.prod-spoke-project.project_id + network = module.prod-spoke-vpc.self_link + region = "europe-west1" + name = "vpn-to-landing-ew1" + router_create = true + router_name = "prod-spoke-vpn-ew1" + router_asn = var.router_configs.spoke-prod-ew1.asn + peer_gcp_gateway = module.landing-to-prod-ew1-vpn.self_link + tunnels = { for t in range(2) : "tunnel-${t}" => { + bgp_peer = { + address = cidrhost(var.vpn_spoke_configs.prod-ew1.session_range, 2 + (t * 4)) + asn = var.router_configs.landing-ew1.asn + } + bgp_peer_options = local.bgp_peer_options["prod-ew1"] + bgp_session_range = "${cidrhost(var.vpn_spoke_configs.prod-ew1.session_range, 1 + (t * 4))}/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = module.landing-to-prod-ew1-vpn.random_secret + vpn_gateway_interface = t + } + } +} + +module "landing-to-prod-ew4-vpn" { + source = "../../../modules/net-vpn-ha" + project_id = module.landing-project.project_id + network = module.landing-vpc.self_link + region = "europe-west1" + name = "vpn-to-prod-ew4" + router_create = true + router_name = "landing-vpn-ew4" + router_asn = var.router_configs.landing-ew4.asn + peer_gcp_gateway = module.prod-to-landing-ew4-vpn.self_link + tunnels = { for t in range(2) : "tunnel-${t}" => { + bgp_peer = { + address = cidrhost(var.vpn_spoke_configs.prod-ew4.session_range, 1 + (t * 4)) + asn = var.router_configs.spoke-prod-ew4.asn + } + bgp_peer_options = local.bgp_peer_options["landing-ew4"] + bgp_session_range = "${cidrhost(var.vpn_spoke_configs.prod-ew4.session_range, 2 + (t * 4))}/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = null + vpn_gateway_interface = t + } + } +} + +module "prod-to-landing-ew4-vpn" { + source = "../../../modules/net-vpn-ha" + project_id = module.prod-spoke-project.project_id + network = module.prod-spoke-vpc.self_link + region = "europe-west1" + name = "vpn-to-landing-ew4" + router_create = true + router_name = "prod-spoke-vpn-ew4" + router_asn = var.router_configs.spoke-prod-ew4.asn + peer_gcp_gateway = module.landing-to-prod-ew4-vpn.self_link + tunnels = { for t in range(2) : "tunnel-${t}" => { + bgp_peer = { + address = cidrhost(var.vpn_spoke_configs.prod-ew4.session_range, 2 + (t * 4)) + asn = var.router_configs.landing-ew4.asn + } + bgp_peer_options = local.bgp_peer_options["prod-ew4"] + bgp_session_range = "${cidrhost(var.vpn_spoke_configs.prod-ew4.session_range, 1 + (t * 4))}/30" + ike_version = 2 + peer_external_gateway_interface = null + router = null + shared_secret = module.landing-to-prod-ew4-vpn.random_secret + vpn_gateway_interface = t + } + } +} diff --git a/fast/stages/02-security/README.md b/fast/stages/02-security/README.md new file mode 100644 index 000000000..4ce5019af --- /dev/null +++ b/fast/stages/02-security/README.md @@ -0,0 +1,323 @@ +# Shared security resources + +This stage sets up security resources and configurations which impact the whole organization, or are shared across the hierarchy to other projects and teams. + +The design of this stage is fairly general, and provides a reference example for [Cloud KMS](https://cloud.google.com/security-key-management) and a [VPC Service Controls](https://cloud.google.com/vpc-service-controls) configuration that sets up three perimeters (landing, development, production), their related bridge perimeters, and provides variables to configure their resources, access levels, and directional policies. + +Expanding this stage to include other security-related services like Secret Manager, is fairly simple by using the provided implementation for Cloud KMS, and leveraging the broad permissions on the top-level Security folder of the automation service account used. + +The following diagram illustrates the high-level design of created resources and a schema of the VPC SC design, which can be adapted to specific requirements via variables: + +

+ Security diagram +

+ +## Design overview and choices + +Project-level security resources are grouped into two separate projects, one per environment. This setup matches requirements we frequently observe in real life and provides enough separation without needlessly complicating operations. + +Cloud KMS is configured and designed mainly to encrypt GCP resources with a [Customer-managed encryption key](https://cloud.google.com/kms/docs/cmek) but it may be used to create cryptokeys used to [encrypt application data](https://cloud.google.com/kms/docs/encrypting-application-data) too. + +IAM for management-related operations is already assigned at the folder level to the security team by the previous stage, but more granularity can be added here at the project level, to grant control of separate services across environments to different actors. + +### Cloud KMS + +A reference Cloud KMS implementation is part of this stage, to provide a simple way of managing centralized keys, that are then shared and consumed widely across the organization to enable customer-managed encryption. The implementation is also easy to clone and modify to support other services like Secret Manager. + +The Cloud KMS configuration allows defining keys by name (typically matching the downstream service that uses them) in different locations, either based on a common default or a per-key setting. It then takes care internally of provisioning the relevant keyrings and creating keys in the appropriate location. + +IAM roles on keys can be configured at the logical level for all locations where a logical key is created. Their management can also be delegated via [delegated role grants](https://cloud.google.com/iam/docs/setting-limits-on-granting-roles) exposed through a simple variable, to allow other identities to set IAM policies on keys. This is particularly useful in setups like project factories, making it possible to configure IAM bindings during project creation for team groups or service agent accounts (compute, storage, etc.). + +### VPC Service Controls + +This stage also provisions the VPC Service Controls configuration on demand for the whole organization, implementing the straightforward design illustrated above: + +- one perimeter for each environment +- one perimeter for centralized services and the landing VPC +- bridge perimeters to connect the landing perimeter to each environment + +The VPC SC configuration is set to dry-run mode, but switching to enforced mode is a simple operation involving modifying a few lines of code highlighted by ad-hoc comments. Variables are designed to enable easy centralized management of VPC Service Controls, including access levels and [ingress/egress rules](https://cloud.google.com/vpc-service-controls/docs/ingress-egress-rules) as described below. + +Some care needs to be taken with project membership in perimeters, which can only be implemented here instead of being delegated (all or partially) to different stages, until the [Google Provider feature request](https://github.com/hashicorp/terraform-provider-google/issues/7270) allowing using project-level association for both enforced and dry-run modes is implemented. + +## How to run this stage + +This stage is meant to be executed after the [resource management](../01-resman) stage has run, as it leverages the folder and automation resources created there. The relevant user groups must also exist, but that's one of the requirements for the previous stages too, so if you ran those successfully, you're good to go. + +It's possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the bootstrap stage for the required roles. + +Before running this stage, you need to ensure you have the correct credentials and permissions, and customize variables by assigning values that match your configuration. + +### Providers configuration + +The default way of making sure you have the correct permissions is to use the identity of the service account pre-created for this stage during bootstrap, and that you are a member of the group that can impersonate it via provider-level configuration (`gcp-devops` or `organization-admins`). + +To simplify setup, the previous stage pre-configures a valid providers file in its output, and optionally writes it to a local file if the `outputs_location` variable is set to a valid path. + +If you have set a valid value for `outputs_location` in the resource management stage, simply link the relevant `providers.tf` file from this stage's folder in the path you specified: + +```bash +# `outputs_location` is set to `../../configs/example` +ln -s ../../configs/example/02-security/providers.tf +``` + +If you have not configured `outputs_location` in resource management, you can derive the providers file from that stage's outputs: + +```bash +cd ../01-resman +terraform output -json providers | jq -r '.["02-security"]' \ + > ../02-security/providers.tf +``` + +### Variable configuration + +There are two broad sets of variables you will need to fill in: + +- variables shared by other stages (organization id, billing account id, etc.), or derived from a resource managed by a different stage (folder id, automation project id, etc.) +- variables specific to resources managed by this stage + +To avoid the tedious job of filling in the first group of variables with values derived from other stages' outputs, the same mechanism used above for the provider configuration can be used to leverage pre-configured `.tfvars` files. + +If you configured a valid path for `outputs_location` in the previous stages, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's output folder (under the path you specified), where the `*` above is set to the name of the stage that produced it. For this stage, two `.tfvars` files are available: + +```bash +# `outputs_location` is set to `../../configs/example` +ln -s ../../configs/example/02-security/terraform-bootstrap.auto.tfvars.json +ln -s ../../configs/example/02-security/terraform-resman.auto.tfvars.json +``` + +A second set of optional variables is specific to this stage. If you need to customize them, create an extra `terraform.tfvars` file. + +Refer to the [Variables](#variables) table at the bottom of this document, for a full list of variables, their origin (e.g., a stage or specific to this one), and descriptions explaining their meaning. The sections below also describe some of the possible customizations. + +Once done, you can run this stage: + +```bash +terraform init +terraform apply +``` + +## Customizations + +### KMS keys + +Cloud KMS configuration is split in two variables: + +- `kms_defaults` configures the locations and rotation period, used for keys that don't specifically configure them +- `kms_keys` configures the actual keys to create, and also allows configuring their IAM bindings and labels, and overriding locations and rotation period. When configuring locations for a key, please consider the limitations each cloud product may have. + +The additional `kms_restricted_admins` variable allows granting `roles/cloudkms.admin` to specified principals, restricted via [delegated role grants](https://cloud.google.com/iam/docs/setting-limits-on-granting-roles) so that it only allows granting the roles needed for encryption/decryption on keys. This allows safe delegation of key management to subsequent Terraform stages like the Project Factory, for example to grant usage access on relevant keys to the service agent accounts for compute, storage, etc. + +To support these scenarios, key IAM bindings are configured by default to be additive, to enable other stages or Terraform configuration to safely co-manage bindings on the same keys. If this is not desired, follow the comments in the `core-dev.tf` and `core-prod.tf` files to switch to authoritative bindings on keys. + +An example of how to configure keys: + +```hcl +# terraform.tfvars + +kms_defaults = { + locations = ["europe-west1", "europe-west3", "global"] + rotation_period = "7776000s" +} +kms_keys = { + compute = { + iam = { + "roles/cloudkms.cryptoKeyEncrypterDecrypter" = [ + "user:user1@example.com" + ] + } + labels = { service = "compute" } + locations = null + rotation_period = null + } + storage = { + iam = null + labels = { service = "compute" } + locations = ["europe"] + rotation_period = null + } +} +``` + +The script will create one keyring for each specified location and keys on each keyring. + +### VPC Service Controls configuration + +A set of variables allows configuring the VPC SC perimeters described above: + +- `vpc_sc_perimeter_projects` configures project membership in the three regular perimeters +- `vpc_sc_access_levels` configures access levels, which can then be associated to perimeters by key using the `vpc_sc_perimeter_access_levels` +- `vpc_sc_egress_policies` configures directional egress policies, which can then be associated to perimeters by key using the `vpc_sc_perimeter_egress_policies` +- `vpc_sc_ingress_policies` configures directional ingress policies, which can then be associated to perimeters by key using the `vpc_sc_perimeter_ingress_policies` + +This allows configuring VPC SC in a fairly flexible and concise way, without repeating similar definitions. Bridges perimeters configuration will be computed automatically to allow communication between regular perimeters: `landing <-> prod` and `landing <-> dev`. + +#### Dry-run vs. enforced + +The VPC SC configuration is set up by default in dry-run mode to allow easy experimentation, and detecting violations before enforcement. Once everything is set up correctly, switching to enforced mode needs to be done in code, by swapping the contents of the `spec` and `status` attributes for perimeters in the `vpc-sc.tf` file. The effort involved is minimal (2 lines of code per perimeter), and comments help identify the correct lines. + +#### Perimeter resources + +Projects are added to perimeters via the `vpc_sc_perimeter_projects`, and that's currently the only way of doing it without generating permadiffs or conflicts, because of the way the Terraform provider is implemented. + +Once the Google Terraform Provider [implements support for dry-run mode in the additive resource](https://github.com/hashicorp/terraform-provider-google/issues/7270), it will be possible to concurrently manage perimeter resources both here and in subsequent Terraform configurations, for example to allow the Project Factory to add a project to a perimeter during the creation process. + +Bridge perimeters are auto-populated with all projects configured for the connected regular perimeters. + +An example of adding projects to perimeters using project numbers: + +```hcl +# terraform.tfvars + +vpc_sc_perimeter_projects = { + dev = ["projects/12345678", "projects/12345679"] + landing = ["projects/12345670"] + prod = ["projects/12345674", "projects/12345675"] +} +``` + +#### Access levels + +Below an example for an access level that allows unconditional ingress from a set of IP CIDR ranges can be configured once, and enabled on selected perimeters: + +```hcl +# terraform.tfvars + +vpc_sc_access_levels = { + on-prem = { + conditions = [{ + ip_subnetworks = ["10.0.0.0/24", "10.0.0.1/24"], + combining_function = null, members = null, negate = null, + regions = null, required_access_levels = null + }] + } +} +vpc_sc_perimeter_access_levels = { + dev = null + landing = ["on-prem"] + prod = ["on-prem"] +} +``` + +#### Ingress and Egress policies + +The same applies to Ingress and Egress policies, as shown in the examples below referencing the automation service account for this stage. + +Below you can find an ingress policy configuration that allows applying Terraform from outside the perimeter, useful when bringing up this stage to avoid generating violations: + +```hcl +# terraform.tfvars + +vpc_sc_ingress_policies = { + iac = { + ingress_from = { + identities = [ + "serviceAccount:xxx-prod-resman-security-0@xxx-prod-iac-core-0.iam.gserviceaccount.com" + ] + source_access_levels = ["*"] + identity_type = null + source_resources = null + } + ingress_to = { + operations = [{ method_selectors = [], service_name = "*" }] + resources = ["*"] + } + } +} +vpc_sc_perimeter_ingress_policies = { + dev = ["iac"] + landing = ["iac"] + prod = ["iac"] +} +``` + +Below you can find an egress policy that allows writing Terraform state to the automation bucket, useful once Terraform starts running inside the perimeter in a pipeline: + +```hcl +# terraform.tfvars + +vpc_sc_egress_policies = { + iac-gcs = { + egress_from = { + identity_type = null + identities = [ + "serviceAccount:xxx-prod-resman-security-0@xxx-prod-iac-core-0.iam.gserviceaccount.com" + ] + } + egress_to = { + operations = [{ + method_selectors = ["*"], service_name = "storage.googleapis.com" + }] + resources = ["projects/123456782"] + } + } +} +vpc_sc_perimeter_ingress_policies = { + dev = ["iac-gcs"] + landing = ["iac-gcs"] + prod = ["iac-gcs"] +} +``` + +## Notes + +Some references that might be useful in setting up this stage: + +- [VPC SC CSCC requirements](https://cloud.google.com/security-command-center/docs/troubleshooting). + + + + + + +## Files + +| name | description | modules | resources | +|---|---|---|---| +| [core-dev.tf](./core-dev.tf) | None | kms · project | google_project_iam_member | +| [core-prod.tf](./core-prod.tf) | None | kms · project | google_project_iam_member | +| [main.tf](./main.tf) | Module-level locals and resources. | | | +| [outputs.tf](./outputs.tf) | Module outputs. | | local_file | +| [variables.tf](./variables.tf) | Module variables. | | | +| [vpc-sc.tf](./vpc-sc.tf) | None | vpc-sc | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| billing_account_id | Billing account id. | string | ✓ | | bootstrap | +| folder_id | Folder to be used for the networking resources in folders/nnnn format. | string | ✓ | | resman | +| organization | Organization details. | object({…}) | ✓ | | bootstrap | +| prefix | Prefix used for resources that need unique names. | string | ✓ | | | +| groups | Group names to grant organization-level permissions. | map(string) | | {…} | bootstrap | +| kms_defaults | Defaults used for KMS keys. | object({…}) | | {…} | | +| kms_keys | KMS keys to create, keyed by name. Null attributes will be interpolated with defaults. | map(object({…})) | | {} | | +| kms_restricted_admins | Map of environment => [identities] who can assign the encrypt/decrypt roles on keys. | map(list(string)) | | {} | | +| outputs_location | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | | +| vpc_sc_access_levels | VPC SC access level definitions. | map(object({…})) | | {} | | +| vpc_sc_egress_policies | VPC SC egress policy defnitions. | map(object({…})) | | {} | | +| vpc_sc_ingress_policies | VPC SC ingress policy defnitions. | map(object({…})) | | {} | | +| vpc_sc_perimeter_access_levels | VPC SC perimeter access_levels. | object({…}) | | null | | +| vpc_sc_perimeter_egress_policies | VPC SC egress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable. | object({…}) | | null | | +| vpc_sc_perimeter_ingress_policies | VPC SC ingress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable. | object({…}) | | null | | +| vpc_sc_perimeter_projects | VPC SC perimeter resources. | object({…}) | | null | | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| stage_perimeter_projects | Security project numbers. They can be added to perimeter resources. | | | + + + + + + + + + + + + + + diff --git a/fast/stages/02-security/core-dev.tf b/fast/stages/02-security/core-dev.tf new file mode 100644 index 000000000..4862ef528 --- /dev/null +++ b/fast/stages/02-security/core-dev.tf @@ -0,0 +1,64 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "dev-sec-project" { + source = "../../../modules/project" + name = "dev-sec-core-0" + parent = var.folder_id + prefix = var.prefix + billing_account = var.billing_account_id + iam = { + "roles/cloudkms.viewer" = try(var.kms_restricted_admins.dev, []) + } + labels = { environment = "dev", team = "security" } + services = local.project_services +} + +module "dev-sec-kms" { + for_each = toset(local.kms_locations) + source = "../../../modules/kms" + project_id = module.dev-sec-project.project_id + keyring = { + location = each.key + name = "dev-${each.key}" + } + # rename to `key_iam` to switch to authoritative bindings + key_iam_additive = { + for k, v in local.kms_locations_keys[each.key] : k => v.iam + } + keys = local.kms_locations_keys[each.key] +} + +# TODO(ludo): add support for conditions to Fabric modules + +resource "google_project_iam_member" "dev_key_admin_delegated" { + for_each = toset(try(var.kms_restricted_admins.dev, [])) + project = module.dev-sec-project.project_id + role = "roles/cloudkms.admin" + member = each.key + condition { + title = "kms_sa_delegated_grants" + description = "Automation service account delegated grants" + expression = format( + "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])", + join(",", formatlist("'%s'", [ + "roles/cloudkms.cryptoKeyEncrypterDecrypter", + "roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation" + ])) + ) + } + depends_on = [module.dev-sec-project] +} diff --git a/fast/stages/02-security/core-prod.tf b/fast/stages/02-security/core-prod.tf new file mode 100644 index 000000000..f259a488a --- /dev/null +++ b/fast/stages/02-security/core-prod.tf @@ -0,0 +1,64 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "prod-sec-project" { + source = "../../../modules/project" + name = "prod-sec-core-0" + parent = var.folder_id + prefix = var.prefix + billing_account = var.billing_account_id + iam = { + "roles/cloudkms.viewer" = try(var.kms_restricted_admins.prod, []) + } + labels = { environment = "prod", team = "security" } + services = local.project_services +} + +module "prod-sec-kms" { + for_each = toset(local.kms_locations) + source = "../../../modules/kms" + project_id = module.prod-sec-project.project_id + keyring = { + location = each.key + name = "prod-${each.key}" + } + # rename to `key_iam` to switch to authoritative bindings + key_iam_additive = { + for k, v in local.kms_locations_keys[each.key] : k => v.iam + } + keys = local.kms_locations_keys[each.key] +} + +# TODO(ludo): add support for conditions to Fabric modules + +resource "google_project_iam_member" "prod_key_admin_delegated" { + for_each = toset(try(var.kms_restricted_admins.prod, [])) + project = module.prod-sec-project.project_id + role = "roles/cloudkms.admin" + member = each.key + condition { + title = "kms_sa_delegated_grants" + description = "Automation service account delegated grants" + expression = format( + "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])", + join(",", formatlist("'%s'", [ + "roles/cloudkms.cryptoKeyEncrypterDecrypter", + "roles/cloudkms.cryptoKeyEncrypterDecrypterViaDelegation" + ])) + ) + } + depends_on = [module.prod-sec-project] +} diff --git a/fast/stages/02-security/diagram.png b/fast/stages/02-security/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..779c9039ec3d929903113b41c5f0f8b29084291d GIT binary patch literal 93474 zcmeFZWmuKn8Z`<_kcLH<(%ll$z338OaD^+?+=nYGREiv{RhJI)P zLo5%9%)y$AIt!5+V}rDY5%(E0gcV`lRekve)3fAtk=(F3DPy!DMCMN$T<+Ze@2P_qf{}ascxPtcK~3FzF(K=R{{|_#{9xWz z>Awf`|G(k?YjgP0=iU4Fag&pVE7SE=n%^U46wC_MGviI0edMN-^(aA9ulBl{{v)J! zRN)YgEWJV0$Aw7I7j)-`b*(yDPgaKVhiV;-6wvmk-3EJN?ustjNS={1>a)LPZM)Nq zIwADm(Sd~VTn@YqheMMh*gVk}&D)n}TPjLQk<&hFrM0-rGglWgOTFyniR66N$CF|HM?4CwNCRPNzGT>@l=QXIZ zewmn@tUQ<{ZnZgGUnKGKY(AQMWJc6u^=T0YjKoRO{GEB5h?)Pw~3TWGir_avHlJlFLFB#El^9zJ~A z6?Xbt!>o8_Z;RTyUE*S2d**oG@4_wq(Yfs{v3ArzYfDS?Wy+V+R^QGK-y%gbIUdUW zbL%goKY*t#d^9YDZs#I(-fvAY3z%T`r+G$GP4i^)!vZejJDT7upH)`I2=y$n_dojv z26Q0~pQ4D1B%TwPem;buGa91_yZ_4cV$%$rHaV^%vG`4D@msI;RHsTJ43CZdD) z&r%in`8wvfh&CTvO8?)r9#@LVctHhABq(GI6a6f*hl*5o+p}0@&V8N`X_gJ~8cd_)=TE{%;%bk-Mg%8ZU+EYDW)rFJO#=VhI zQ#1Jq5uD{1Jl%{i9_euul5T1k=a0av3kl@gIeB%&xe_1oYWXkEe@Qw&6)%$|N^IpB zHp0{-cg6O9^Cl+QA;=%4g-RKIaZnzpvwL_R3^nCRGP{Js_lOakj=hZs_lfh{3E|xZe?T}b)ra$En4o9Prv%d zA7!-1ByDX>F>gRf!_g2^Ll$7F5<7F$E&tY0*W=NI`!`otKvi{7EI7JsmVUadQa*?D zvsPjZm5rg0(S4wKex6souO-7on~Q0LS9AVt3hI&h0J3q^det2N*tStXc*%^J0C{v$ zS2dyzjq2GOIsW7^ImT{Kn_c{ky8kS=Eh8y<$@buBpIZf;FkK`9 zQ}3%mBqGYv4-CYK)LggA=A?`7It2d8a_}*fR1$@VUCb9xhEB>5%@qR31$F4R<-=As zf<+qGQ(1%dbXbs<8tlLOx3%9bg9b?G+R}!h9 zg&V6DM~(KptglkVGuM-gE23P>P%A*|k1At;JEpUY>x$+NKC{bCCm(*Q1^+}8c0zIc3oiTce(C?7xaFzyxB*1}9GscSav?iVxoBP{w!X)5lK&Y4>YvulBQoYn6& zf6xuy<&l!-Ct|S;HEnsHAs)Yf~B#n)f=TB))sT+r5&HRmRD}vb}`1H;7!Y zCPkCuoah2R|0!xCakc)irqiWcNJ$8MkJS9~VBapbT|IiF{NyMyf&Hl=({nORRDJ9g z;R(i@i9v=?ifHUh@z%k;Ze>Si=Yf;#RE0T){alybFqBbZ=R{vYvE0>*sdrPHa$FPw z>d4lxh^=sjSvlkaX6(4ocPvCOC%d%Ahsj^Z*6ckNi7mCwsi6+zY-FVn#BHU#wSxkKfEC?n zaMQbdFfgij)+H!v6UA}Yd2l6;$h^$>@R&R?1yx_D_)T6b!ttw_?MgRCQ(0bjhh6sA zhip(|&&DF?8UB+7f?%{rIq>J}EUmBi*;kS#=rs!lyt`Fnyi<>mc{qTy!q}-_5^ii+KsOjrg3Jjx;)hjP+X&`spE|`8nGaN0_3bDDgd;Kb zGVey7ybe|u>g%UZciv%Xo33klDnN&c_+ZF|dmj^UkX)oRlYbBx2JE1=Vbv#Z`j3=I)69D`)Q?tdhtyl6i->Rod zNIp{4^XQ~o*Q6qgCTJOa;xmPtp9c$RYnXpoSvU`uLaEmH@zvL)n+h@_?&X^Ouutvr-_awN5|SK7IP6>@#-)-CE&RB=D2YwI#oA-iAaj>RGbC zKA{~+oIH--MnNU+^YFg&PYyKPJF%;)Pio3yQ-bUxJRF7#UY@QF7rrv~+xf%`aG;Wk zN^}u+quqfx+x$)pJ{G53U=S~={`#hX#=a`@a-`KFg9Bi0*7U0PZ-P5$B0T1D$l34* zCJC3WB0kK=5nw0JjmiAWve3wh`w0mNN&G=bl=mG{Ph~9eRrb*z>gx6aBtAlsoS1k_ zci10;WRH$NT4S%*^W{rYQ(LZaryhvX+wnWK51@nt>YBa+E{stcA@%vmK?>X80^m4ZUEQ2+k$T8(LJCe zuOclIf42Rm#Gp!ESw+Pk-#4xwE6#sosxCz-fvM-6X5PcM*+y8XsYZHC>RockB+OW! z9?8E18*}7A75$&AuBZrk<>)PMI(d=oy!lG~G(Yd86?&j!YRZ-Ew;LHn)}gC##c<@w zA!BV_5YN2O^)dn6^W-;%DRdeaz-fB`ci=RtMW<_9HYW)&J zl+yk9)z!V#==$|<;kiGVMIAt5df|n7vovU`R(nbqH|z+~Y$ z)DGb=hVg2<;kRzT2Gny@BRn<0u5)fVDTp^aefZf{RZLvmB$FsoVEsp<7k>l)cQn*g zR@IUb3UG^9 zs@3r0b@aC%;e83iRMkm1wLOmG2jdR#+;$oqHiV&mfp4v5!LWMDXt`tHD#c%*~1QR9fHJ@j8-%zpg5 z)R)pX*BQ>)$6bP4%YL}}U8TW&CD)RKu6rO$ym++y!v}q(nzrCIgoJ*dxqZYDB1~VU zQAJ57?M^9|-j|roEYeDEz_nMH^?m;ur)M9fdJ3c;iqC$t`aD-^GlTz#6;;_J_wY^S ztZBl|U3e+@GZtWiVc|R)QJTivcvKvKp0DmpF0K#Jy{)Lwl#AEV(^D}pNOPE~RXg08 z;T8}OP#%zqw|hD?2}5K$^{3t|i=e5*sg=bET9Ldu(Ky-e#N%}I|Co+L#v{em@SBdY zZQHq<8=>&}gCN3Mv8dJm%yXi~J|#ogO};r?B;q_6$&s@I%j5KDi+i|G!x^8J1S6^~ zQ0MBOfk&iniQ-lR-jyzMP}5WEneysP-&c_;GY8@;i5%NYTr$ zP77ZD_^uG)J1)Rv9IC{8_TLdO%a6_ZFle`KHms#WXUuEbk0xxgbsWBsz}D5$ z`IRtuBDga{IL8m5rqJ|=+p+-_cSSwl*~iZG+4|Cto)i_AY0>qU?LKUG^={aY~Z>@UYY5HC5 zi1Z6`Vuy+lTS|c^i8;3Sp7ix?IZswA{q)@u*FKq|DY=b9!2qg;juF*M6kQrY7+gA- zb|y8=@2PEIcPuR%X8#kj(o%BN)RZl2(t($d7m)tYIxE$17&3|W`Fh5UqC|rY=^hU4 zrah0$t*cqdcJv6~atM_*Eyv>eAQgFC2ErKmXxb5(n+X~cAhE@y_UeRYJltFULii#w zpAi`rc+G&5hK97LH4rk1cj>ATKZxcrI`Hk$BO`C!hBlM3t+Er@J2-}-u(Po6)P#}s zP1n2W1l$u<4lu}BOd&o_=Z%W6#N`ov$LvD+S6us@p=F8ytr-2!8q)+lqla@wQv2`6 z5zuxogjz0%lqZld8)iubOTVjjo-q~i+ALv6P2+TFPo?1|+ttYwdfEXc?|ORhU2m!( zbO13dR0QWN;chw3CD4rM4SD;K;*sP2eeDw3pP${tMk(yW?>IrV?S=zrc=N>burb3g2Ub+jjw9zr9&W>q=g=IXhlZsx^hVR7ORFxx`AyC8errju! z6}*!-G-~~eOC5J;^J&y+I%o!B(SIlhy^!9A(zOR?LRV%;7Qg)dmbWyd!d){Y*D-Rj zKdiCT$KCqS9v!(LVVn{fp4ibamkwZ8y^~3! z{-wr1&(4P&M@$~U63FM9a=Ur5l$BM!-{r}#)nBJB`6!D-D42`4QPPvNbaWW0{kDVd zNcfF!^8$4!i>4@Yi4qc<+WkJv*cfUyw>aJ*5OE3y%310V4ZDK6Sl7zTd)tkc7_jy7 zOol=@CO?XgQeW@!<%)d0VFSO?PYZ583@nMag8}T*vV-!pu6+RlMtH(q^I!DDxG*6mn@cR1t9NUrcqgZ&++1LrN znKfF@HX9*1MfQ!9mVr|2D>1F{FavGv$K%8(%3D91bqE5AzgdU9{A_^Q&AoWpF^39`^dydu zXZT!4*Um!%+ufLHopB+HxG(#&g1x*+s|R6AjES&~JG7O&4)5!W>f+f#^$m!mgYqw} z%I`774{?pI{cbG#7rzEFwRf?+Ti1!0eRvEE40r)pZqK&HtlgybLH}lJjma<`ODnqw zkeJ4JB8SkI9e^3xcKad)o_E9esbNVIiiq=bzmxT zVnO{uV$xLXRg8>`a$PZZ*&lbkz+nHCG!ZauSYBQI(9s`7v=B4*7^JDUyHRPZ5%Rug z8+BhE>UcmgZpUF@gdMnpsxPcIzOZq|RO%^;QcR`U@@g}mgLsjs6dL6H%~yDv!Z_fj3Wb;- zd%!w;R|?j}%uUlRGq$r6rCv02aw_X(w9>6MAWtw_qZ?WsuXr4TgZE88)=bwG{)neg zBRiSY^jUkQu^bg*t-SSTwJny{JQ!yDf=ATR|Z@q<&k%Yk; zuhiuNr2}YpivdDSw(0_z-V#9ZRq|nF>1^;Tos+i&IkSnMK!H*Olx}H7hJa!TE9882 zqN-3N=i6#6?2h#t)KpE$%Mb-g?E=*}fC9hnW|SBM3KmMTR!bv=Ji1#Tq-9L^O8oLO ziSq+EW0xS5zK!5rF~bB#Yt@SL$ZGBmWh&Qy8le zjs*5(>mSt|JU*VzC90Jaeh)sg=u75wT^(T+1`r_Mw^TM9*R>Nz5Peg)3RN@ibsv`h zchV(JbZ=JFRD;SA(nQd^L?v^B3$&sE4*W>zhT<_R4}nraRjqSdX&PgZ?i$U~v{hqE zkKm(F>_*V0tJa}b#Ajxfwv@=@oK$t}G16twv|(alCBg0yDm~|P-}^PF5#bm+t7Twd zw@MOn+(9A3MXQCohS^n9Q=`mpao2|1U5$F=^1Z*xew$yYbB_*nIMRS%KeBYk@ z4r~ubW&4#n@gMwgpoV3ZgT#mR>YxNPh5p{)RhK>O?0?b?93@u`sRJ`|`3sREdPMA~ z`c()&D;Jk;ysQGit;Rx{vh7{BRzi2mOd54Fb?q41zixdIoZ(Q6+FF9dJx6Efn}Y2` zdoNntN-#h9M#CMafV~#sS+RU^dZ7I+z>}zi{O#H`M!d#FQE5n6-Uvp&Dyfl!l zDTvu8r2%pJ>*|jgB&e0XIh7p9uzB;f49%WyfMI0A$a)zRc@_ync!Go~R039Zq~Dk~ z&ZG<22Rn`JWuu`CF7_laa&r&b`aHdms3nnMA}5B;;ZX1^E?HoC2qAqWC6j$9{Y-=w zif1UpeV;#wqYvvl za&E5wv<4DjyEZ({=2QAjruU5=;jyNhbjJEH2#FjhA-&{FVUV7%h(bIGTW>o5+2aO} zH6|=lF85BvUCPeGjVaV{RI()GTesgO-1(t}&^e^OIu4&3RTESB5pcFq5U%#0buVF* z1C5Byl4HjZ2uHwJ3_bIobYD&YSL_`e6jYUuiO7lOZW*r?d*HbZ%RMA!*Cmt3qn$gu zZlov@CEVRZJs)xrWjSrveQ?KgHaR$iFe~uV+pObav@7(ks^oDyo+|ZQphYAT ztH(aQhT`|o^!I#$mMAT8E~IuN;m|{%=CAKN@`@o7KpaNiY2s%>Yz316M`8E2NJOVL zI(BN@xUW5RxlZ+%f3ou&|5Nz1y*!6}%$*fQiE@`;k=nFZmq)FX@-*|8M%A`)D}JsZ zZI_{!V@3a!GCCi}`pdfZsVx8%G2W<-GTn zV(^y}TIkcx0XN3}m6e&vDTFc9j}aX9QcfS)=+|E=i|e9dcQVc9b^8-kh)9Hjml-au zJO|IM#jD_Mn0l!`sn9JLHE0%3xU5+NptUqLb6LAW3j!1Ti__)R+x0ubH#8H|2G@Gcg{^tg*|iK#TiFSTAG1*xI0>x4^nevIz+2 z02+K}kJJ6x=yao3x!?Xb1uZi(Y62q5AN^^3R$t#pF9&r!Qp-S!WC1%41up|7GU481 zR^EH+4v$QleQF-+=#UdAT-Nt-HTEO2%D`;>$!$h7uV-!n9_Uwz!1)tuG(l33I7~!T z6s9y$YMhvKYXr^eSa~*0IZ1ADt_cMN#UjX(PuA#n708qJ_uWr^9<}@`8fJglb!Xu0 z*`+)c4?S%}?eNeL5Nbh$oNHyJm>LaPZ;7R0?uusfAv+_ z46;26uF%!fqx^{rWp4I4sI2xFKxmTcjn}&sN?E6~jzchz!vvm>e56IwjsETd^N0Cf z)7ag;J++s__7P`mU6jt%MBd%#JjKO5r}&`p{C8D~{w@2Q^kx?zl@1I>mf3mG*1Ls*eNznEfqyRPJ?^a2L;#glmKfF?OADoXVW zGF?$qlkpNnHrN}TrwZR+AFm|nTTf2VEouJ}+D&S{xF;W|9$!P2_*7jOJ8J6tDR|O4 zFg3~lby<)7!kD7{laUB)GvRk3*cQ2O-n2d7qQ%4#?kwrW6Zh#R?0)4^Ugt_J_0VH^#mIB!Exz$#$>fXz?zrm7>d{ zRg{;!`YwwsSvBG5@d=NIy4 zSSr726#a1AyCb#2i*?FxgFQMx*KZU9-ze5>T%JNHG8sv>@)Bs@@3h%7xrofw2@jv0 zU6ZA0$iz7na4Q^#Qx)E@Xx*bTPeJP3rma_2R!(=+gpEMyT4M#-h6r$w!%ANzFsa2) zPaA)x52st2`*NX5r*a>g`oFVw$f;>eQ{Tc>KBd!_$RaI(3I2 z3paZ67Xq?b+?gep$2$vC|E zpd-Q^drWkrxrZFpr99I3!R_kwvmKK)2Lq* zAUht%+mC9N@C(K1PWuJ~K6)xM$ImXjRp>4UNLj(-j14piwiboRNw1OYby>>rGk%)- zr|v_?P}WJz4TJqb_R!MTw=Mqdq70V~cu96ort1|ow~%n`lKsSoz^j0X4^JO|te-mf z79mEyeG>Zi=o;?#_a}#c6s|7->o%kYuVuYPR-t2o3a5t~AXgV&oo8f7xD|X_YyEIm zD82Q@yk|}Gp1!}|2g{?TH*%uKjv59hJ0#`wb^$3|nMO?m+B9DR`S{RMy>&}&Vr}y* zI3WbPnLfuyS~_TwAoAQSf-S0goU<*K9TQ`VwiT4+G{h8@krC;3SNrX$I%m>5uJB*` ziqStH*hW-Um6ettuk%{>lS$*&*^&ZMPI#mrc+CRGUy*Xhw}-eI8gIW2r%FmFRIhpF zKaq!r+HADhax^Aw=3Lrxw+@)_yraO={~PSVy&>utJTH)juuj@&I%4loW9-o5KLT3- z=KbjP!Zk(DjpowAmpx{bR8fJLo0^z#ih6A(Hv1kaJ32bT==!;k!wx!>UiqKy$7$xt zD~*+zpvv%(0Lg@8M0|w#da>%H?q3rRv3=yv@Be7M@M!e)B9{28>GK!PuqwBL-i(a* zwK344TlH@d`M5IJGN||#B6x{O=UU?)7K{WK_%bYjT;a-8e?=uVrU^mAOXf0Z7#Gnf z7Yy@r(w8k^%sr*yKd_6_9sT+Qm!~-lY79+*ChLoqJo5DP?596sX=@7jB`PL)4L`20 za7pWNu^SLXDiK2}UdnGyC7OeM9;H*xzj%zs5PcT~+`95U!%-ZU=qT=e_M6ss- zTnQ}$*(mg65)p7bWWh0X0`n0^)qjgZc<%GB_eY>ykuC23qa$k}HTynzY1e(OuO&;6 z(~ohHg{92`p=i1q|8G*El5LlPbz@YZ%`D{yz(e#akKKNj>%in0+-J(`b~;up3+j$Y!%X5Fv7b){-{CfoqXO*xD(` z{UW}>7yj=IvU!;}|NAEIy8gG+bI@9lh5_>N_eFOKo%{4>8~!cFK~X^((uA)sasB&g zP3PpF>;Ey#XTV09DmZ%2y6QhQbpj14`j1vQ4RQkbFx6m-n%V1Cwax$b;kt+dXjxYt z+xJ-kd3hIgemhtFjY*?td{!3KLBIs=VCnfO>8ZXdoC79~K$ zf#JO5A*^7YDH~p7XA6Yiegz@a!bI6<`;FFMx z6isD+NJI^WI{!FRNcj(b0@?tP`A)6Ho$@Kr9j|wkn|BZcuGw1iJ7o*t*>@EBasSLU z4J{Dh85b+vhVBFOQ-yC$cV7-UIih$#IQ-hgd=_$}V6|aDx{+(oMg)c1D*4iG^27x(_lK+T`Qv2Hm?(Np=J zpW9g5rYmsog!*2O)P_@t;LmORCCF?MJS#G<7c)7obPoQj2eSNQDdwUd#B%HHJ3)=t zud){xqWH(FoWZT^EjKiH>H=Sh2?Z{PJQ$?~O4g5m42l6vJmR_G=D0>OgyYb@4gUim zBdLv}A$d2^4H(Ea6IdbVvSNE1IppQZ{JAy@7@$b^S7U`<2W5fK?U-6L^8eRWipqC3-I%IPgL13 zGBbbvAU#ThoI)VvcZ_(OpZ}g4lP86XApC}Vfr<$*+PP0lBOTY#NOIqlhzpqy0+a?f z*ZGeaJ$-#xb(E$GkbBGs`!TMb{(d6Zv(QP*9&|)1H!<1`onK2!hY2dLeflEh@O@eq zjm&@BC9G82ULX|%PjjBat80M$lF|}~z=bskn1}6VTAD4btU{-6DmXRLbpAZ29E@@~m1ZD=S_3;Xr z66C4MENFWqf<_Y?1_>J;04CF1_t4b;ooZ*LA+hFoPUi{f2A=C}?+$=_c;k0sjNp)(z$rp#ixhP#vVH8%9dYdAdhgKrH3`LlSAY6u@$}uFD1$ziV!;SoHF&>qsrOth z>7Mws7aRaFXM2K(7r?Axc}{To1e52NbI`@v5f(0i?Nn{4`{uNPe;VtDO~CGk@>NL5 zg|c8ENyIxFZEjhN$+aBaUNqn8y<%;%r|n<;nbbEl+FoER6BuJPj6Q+ zf_O2yd^+PxhsA@Q7fv0Zzuccj4@}M8Uu%pjEh86~mU=ouv6h;TekKUmkMb9%#Kq;{ zq5(g)Jl5R)zdHCi9}@$E`qM?d%Jx^kv)g6^>34*4E1uk*x(aYg25&v=TUea?ElDqkdyt>yXC4$k=1z_2YXm$6Epz(MLjtR1$Nq zpWcP#n=SrlmYrcZ*Ulgv4N^tc?sDLdVXZI7Yx%lN>D)vM)Ku3Q|0C3wL&1q5`i&d4 zQzITwi@p@@Ba^(dwlxj0o##cO0GbQP!~CT`ID$@VPXiDxi;wid(&GIc2SO_5UZ0Rp zHdoDrrZ9|vbhV9-U~AtGt>`Bu;f7%US_gX>{qp0=3V8WkCTTbdA`E!2p5SO}X^pr! zHvzo)%&eX4m1H_(-MG2?{VJ2N-i)QsC~J?>(ECh9-7vnH66(P7Yc)oz=UrQAWUM;W zxb^a&{QI*SB;Un2h4h!yxmX=o1UQ-|4Ot{MK?!mrB(;Jv`luxPM~ev>m<*I}(_7br zw`HoyF(;+O&kL)c?aaTS!>PpiW<8C0A|NLZPrIyrEcaJc3F1Nb(`qo-G`xC1rnd{~ zQ;-Y#Y-GnOVMna`#ZuSw1e=CF2VMI#OB)+I`x2lruIuCXSOMt)rWSP5;_~vNo&=y$ ztbEN0abFu%i+z$0G^Qay`6O(fyDf;g-~_Yx_Vs-y%_6VJvKh$GL?$wXOIy@}R&9gl z2AjC=;X^ZhjV2Ne3(%PkqGX9nf02wN`m|PQl!#xkeQr<7%k*u}^IM&Q7Rr^1S58X2 zk71PLE(i3Bagfc9f#T7r+}2ywkZ8Psg%w-d8b~~p%@uADsQ>mecyGB*lvh%cy-JB zh2AdkCL{r^!+MG)1fyV-uFai@9QTi_Ors*?UnBFaOR&(o5 zqh#iV6hF#%&ce&e#qWl~ejTuJJ@&O>0d}PTA#sxe?9QK7zNDIcT!D6|tYN=-0^8rB zlGWZ>4d#r7nvXw;$S^5Y;$^1~8<&CjFOtYgPj%BTw^|Y4+lZvKB-IkubD`?fl}r5k ztE3EEr~0gWzBI`6CmwQJPnB7u11hQ+5Wuf;0y^;DJrxua6r)KP!BM$ufwX?Nmp$KW z>u22kzBO5B+obvef7FnkL$A`C6jZ|!J8*ei@ z))zHMcLmQ(eN7i#u9{++xglWg)0p?ulkC{JIni1@s9F}ja>;{x?s?mBzK$;f-3Xk{ z@uBQFi=*era7=#cYCkEVipet-S1J8B6qE!IxaqE9n*pS>r(FNnfve}}VRel0gOih! z>&WN5Pj2B>fM{>SW$56e} zw6JGqV4^#XWtiy!n1#Wl_D3*00qh#n#rD9F-d|?}Q}O}&$tK0^aFh@P(4=y=N-r*v&yD6>b`Ks9xCe{NPJq*XmJ-bBR zJh40fg6vpe#2jrFIs^zQsXp$y<%3F|q<4CsNb0{A>lF`w-I=!etSiiy07rSvYZav& zn;mcAwiuj-{Old>A}KEW@$bA>erUw7$3C&?84TamursnDi`eE75W zwzs=ZCV!aFF8*us##&PHadCrQ_SX-y5Mj`78QoVNeQ){ecPj74r(104Dn_uM*Fx&+ z5Z|GJcna_p^h$HbH{u}ZW4Imav9a0x_r3_~Tm|7<`WO|EnA@UF(d-zJz(P^6G~}H4 zGT3??lZS@YDxJ=} ziSLoDR(CsXBrFQ<@iEjDHfx&uyrylbkAq4+U`u<6)VYy26%6at^Yp9*$H>@dLp>kF zsaiT+@!C|Shtam& z5riq#)fceq;N*x`s_mVEqRFApbsVF5(*Hf}~5Sr$pMA@@4%J7+O)zW3~p|Iy^6aRfi zB{f+}?_Yg;T7E?bO^*`7YU3DZlv0Q&ThTl&x%}MFrdn*};B&Qb_z=eWg)`xLVV0nC zmWCzjPZ_8Y)D~*p@S8KO{W*DVS1fgZtJM6pkuCCGa{0AqUHxxMfXg-IPH>+9M^53y z5IH%y-P5)5K7e^jjY%|3?h2rs{?jx^=7-NfNrs2-DnO?4rVt5MmX{Z&3DON4pL zNtpfDV6^d7DaVP$jPQhkF|!`FGyCJ)H3@aCV%(IT0?Ir%$)ik4o3CGU=^6jN6kmec zH_TcR-EFsWmz8-=ONUJ@6*SMjZ8#$9Z{i}upyGC&66yaYA{p2AV~`irAPm6Dy>(cK7C(2;*dY=Mo81aNRYJ6%M->kBJ!bZ!ST zxq08>T`c<`k3BPm>Y#&8!};QxGnu~fHbw60$Y0-p(RP&d2PwM*k$DB(R$RaaiTSVB zFe(FY_0bJmTl|ZpI5ytLmQkwpJO)3f^;xqw-Y1>zsqs2H6mX=Do8I3jPWm;ft1PFJ zhux!|Bx>y*pSwT@qLG_ex>k%H|B`UVnO*2^d??Bbz$5;U)wpX7>p4|9BQgOZ8p$(< z#y={FklN#|E-*svZ~ia>P1%B7N$KZOS=W|zphqu)-2cQVE6_46hN1&EakRF3j`S2* z28pW&EmVwWmvo7ENUnb!S@q|H5xMvS^H*h%oe27H;koVD{^74?$Z3{*W(= z6r*^Mk{Veomt5vr8M?yPf$phEI}@6~e~KH0F&*{;vOd1TbaG;5|4`5^(>z&(BsyKpDOT-6}+FBG$#1H=fv{)BPPK! zYgvMG1t-;%=+k;hOpYMudt<7ZkbVJ`_MmGJ4rc}t?CokG%t{c!4jI3HRM&c;wuF1% zD0XcnUWH2&W39pnH8-y&*z$BdKK$IG(Q8W=|52>bF>fy(>OHqF0%O|`6+=RiwH^Ec zYc5`Li>7Mzv*fa1*OE*cqcWW`8`o-6+MeUaWD$q<`=0T48}pLPy6xB@{p=p z>lLIQlXKKjy3Gl>wzWia^W5zve{FmVyHfgMN7lh^^n}5X1iey2wT2y24K&8UVDF&z zvx2E4YxbrHb2n>p;&m40WniuMz6i`t;Nq)p3}gPc7eJmDt?WaYnm~eChw(*qfazEQ1qL#fI{!1W3 zF=CjJR&!g-j)@Lk>vnzH>Hf;&DZl1%C|$Lw-;Uh-qSI3-dR{OKH_TevT*e~J0IM2f zCseUYL-OKbX<^)Xhk&hb$8!ue+JF*p7OSM&_pMnY>iArO+HRgrQU0m1ij<+xOD7)I|wtDb-1|%|i_I0tSxZ91@z`Ynb*7?DPheqJ`Z?C*PmgFV>$X6L1JC zS+01H^V+e{w~4umiiqG~@+j<7KD|!EiqF7i#t6iMB4Lmb{97qpDM4x6_nM&%U(Q4>;w?9uH)n~Z@ay`uNTsz%EC`pC&>sgaGy6QG-vxn3NMg@4cf zzJpo}3@d1#P@FoQkUbAUB{nc+5B>BjpOpragEL>L>`olVm~kSVvr|z#UagKw`GBM4 zz_@C?tyBY1wry;kpq^5Dj!4f&5}Ra8L!O@pLOsjGOPj@@2#E< z<*Q)TS>N_G?LwrzQ%tvjYtaB|1m>Y)Y4E2K4Hdc&Ya4=b=ewSnPJL@^AI8*o5zqB^ zxxwxMT zYDum^iL;UnabMk1j8W)Xh-5o%yo!pdqJo3oUEuSWY>0AvXPx^2;u~r!tIiXlx^M69 z0y+H{8T-M@LK7&B(m!PVCpp__noWN^M$ z-EQ&X$b@`PJ&jIGwlKE`jvB9Ud8u-6Yw=rCi3v@5E1UFeruPi`PmJn4A2ys%3E0I4 zKj0xD-~l30m(laTlv!|8=DL++HN`NCbKPDMvuVCOU1M{82x`AF9M_J3j2Oi`7ZvRi zcLnt+g#0!uF`L&zdv+xJTi(GfFELM>=A+mxKStoo>k#hxiQXas?mVgOxy$a% zDA|XwW5H1zkBTteTIna$SXVUy}-#6Ta zXk8ChzZa-;!dfaoAN3%$3GhZ`@9j$q_5PHgJWUW!$8(TrIPd=i#{7t1lfxihE? zwX`fA>WI$_ycX2xsr^q+OdXwv=JZ$A?UOI|zZQ*URm_i59rRRoWyH6O~2aQ-S?4E7eOo}H3&VOt8IwpyAG>cZi9`>$M zy%;5fz+9+)=gRjY!>^j}Sa5KRphPL1qA1^f*_-^EpjwnhW{SVU+V}Uba+FPH_`Ua& zH{+A=Pev6uOA(}Z6}oa~kIgf(g7GpNHycz!QD3tLL9iWXCG)178o%@}l`QapJRgo+ z<^5OUbGc4@0k>RE8KAcyP~vAlrBIT;jS5tChDb>h;WMNramMB6=T|=Y&ZdpAgD=eQ zG%Z994mB`-v-ZT@d5AZUQQzwF4B546LUa30^z5zU~tK$I0>rLkFQ=O|BuA=`n1pnx3 z!}rzqm3C)wOqPbGu`B2g^xjktg}_mKkLSX5;=6!+J3TUPXx}&TsboQ5SJb* zO%v8j1%PjWm|)_$FrXuFXoDlO1+}CFpZy-zkR%opBqyGxAAb_<=S0Y)%HyAnQmX=v z`lfG9DFZ$g7If(-n|baiyQXR4BWn5B|0O@UA`g0bT8d>ao{eYhfB|c*3p!&dP20Y% zqI*~aIOzvnJd_FA=t|)Va-5ri+Fg2VJFl0@N3dfadOgMyt2NBMyu3KmQFJjMNyBA6 zbnYWT!WcnE)rWB2FI2u(sqcZbMRM!+eRl&*P1@^Yi@;OxF>G`k1p^ii|H+H?)S}vi za~faTX@6r%FOr9EYG>QHKH$P)g)8m@==-j)&H2(L10r0r@j%jS@(azKxJYer z$@6X5VOePgGTi$gwmY!Y%ofbz{`$HP7GsDy79y&MsovSUbX{Wdv_+n=onlbsv8TbOvU*mJ3Z4&PAkQ??(R5ZRk7>HpbvfI7D_JX3ts?hzA%P##oPt z9k3XlkIsLJ)~Q0*2$+v#P7Dg~?r>IenY?}31Z?y=cNObUu}G?8t=moUyuJ_~h=Bf{ ziTA+k>r9<13r-h%51i5(XIt1Pyb=}`R)&M4f~xr~JldPBR{`F$L1>oXi%o)Ct74_9 zF{D!0Cu>y16@+wX+Mvj{g{|b_z|Fq9miJ1clAj^N(0ik1EImf6a^yoa`-1Qt`v}Ky z&wzpx4f3_H45x8SyZiBYgC*t7hv|&2LQjdnF|sOM&n;0;5eZ#P)Kp@_63Tl)w%5E_P0Qu2W|qD-sVfkH2sxPb zk8oLCr$%sHzcX&2C~a?Ww5tc*;kSKI#f5Ohmvgq-4Z@PVbRqzt;I0HdLRVBc~O;s%m{re`9*vK3CPXc(2Jwsu}G zTJldOCD$r#D;LkAw}q4JtvnDuW%IM!K9SKgi_Mdo+8TrJ1pep<_ml7K>E3=PIm4$Ej z3eD>(IJ5ch7Ih6ul*W?J^T%!;a`0#zZ~?h8|k!cXQ!j;^B!2@I$O<`I7j z#4RF+YFBRV*PIJxSGZ>!H~G|=i!viDDh=Z83Yc8#dx|5E!}W>Br`4)rb+hER*CKu? zcB{I`za`Pn7Wb_s#~W$4Q3UD?MKvkh_-@}~a0SSXfI;6V=q)U(v>5c=EN-14}G)T7r(hX9Q z(k0T}-7O*U?SuEd-+lk_jp4Z0A#rxDy<*O}!bXC5dr{e0YW%vGy!r8;`)p)h@U6hk z8!j>45q$Z1`M8eEZJm-(@NG#55{CS*J=l9m%NQs#mPV2zqW0@M4l3o2=|Zq^kYq&; z-l8m0-nUP4B7V3BLJM2kh-02Jehf}If?@w(KM0D(ZbtX!07kk&n6=@|(Of0p7+fkeA#{7?sJDKk$)bJ_m z+)j53TV;*N*gEeCe#9jpz@YNl_k?aBqXn!}K1FXO@IwO5Qd|iKHvRfdyslkotYdG) zYw7RzCDp}(BqWLOI@z}G{Sbrs%5FE~n4nK79%%b{XJ=`#?-~xH~226vfB?dhz7QE3jXYmQQ zi7MWIlu*6|dMzl}53!j`$OYe`gz&F1l;5R8Ljb1CbsOTV=*v;$Kk)ObDZB}8DSKu3 z2oIHQT8S^N_!|z%fsn5|q3!`@jsHc^G>7A2hRV%_r%XC{)pFPb-vly73B6VHt2lD- zeI@ze2>|6f`@lPn-jls9-LvKUFCAQwnVl)6%7#FVq<&h2Bua??wd^w=c>I}PV`<*K8l_2kNGd@i}fGU7xxT}Bn)7Y z@g$KblY7=-&tx76uFVr%DXtJp$6`b8hP8+9y+B5oFNf6)maIX6#$+GZXfXT0rp~xTP+kB@n~4y^_2vQJcNrPsFL2F zVYEF@rtp{Xg)@~gqe-?!h&`Gpe5n-^%u3&bH&uva0{s@3B8u>qf6fu=z!xlXMZ4b3 zQYM!OVf&$D(a}o>AKgKIMAe1qIhSlEkrD)Lago-)JD@v$opa=m{P=V6094-4e~6B9 z*AK5QyNZ`zDM3imUo;a6n9sIWJtjGR?qvN8QAY4DH6?utbeeDcAd(L&e;G4ns)$v@ z#NlX%PdYCBL8O(Ylz@NW0yTb`k;F3`ytxy0iEj43a}tyVh@}q~67D{k^C*9LjBAvo zQu+l^_SpVp=}r7lA+sr^lZq8&5s zD>Z;eAxviax_-}-Em-oDP?4-d!SmvkIesT#&w*`d%EXBA|@^u<|pKgj1q1pnFY0y49 zM8=gu41ArxaX(7?dO*L~t+ikAT15?Hxtr)qWnfw*YLs`@0#Hkhu0SUhyW2?8wT z%|-rZdDcPzbj+(%T-hA9K4*Y|;#pPd3wc{=r5PU}aq#GUpvoCls#f}hw=YAXzIK*8DBMvPg9)`fR>ArPI3y@d96i9TjzX5a3fn ze;@1YJlrtE6f&dsq;F~vTjzxYa*JXbb@JfnQ9xf0e38mR)&lhWSiqG@CK-CnX7)!` zLHf-HYdiM`t>IwHr>hxBVsH?S#HViFzd%NW*5ukAat8I80CtZEK>`@XQIK&DB^3|! zaWQ6>pP=b=w&>=&-@bIpR#f9mRx+V7vI%^ zl4hVT#n8~uis8+PA!+Dh22$wnZubI!>x^Wf&mLj~L!2e~cP?Ug%=V9cs5lI7If}LM z=4$T+rz^El;H$yG&O9UucYz-m=gm=La&qi4`FkE~PxCx+ZzRuk8jM3}iw3S9pFYA~ z-U{NrnKro?eolSmwVGt%_Zx??wBe|A!hZ&FWCH>M5cD@bW*MDS)b&6=+ejdZLJ&5S zGyew;_`}j8ix*dbf0~QK5x$s6(Fk}O+aWb31v0ZY&3DNkMG(Jdn|{@DKO#H@+RIT9 zJiv~S*5tBa5C_;8a7Ga&@4v~UD`_8vbV2Pdn$#abA_vGd?+`Vt$-wGC8WKog5Nn0+ zM^a@c_bBc4J7rAcvLAF(7l>H;e&JV|i93i5o@21ry&n^~SbuCN;>P;cc(%^fZ-^@C zrsv$9Nk<4UOI~@C2)PZvss`FDnuo9fzEWmPx*!razu6on$PdGg_&{Rlp+}&V4BT=O+$~G@FnP_6n*fEgd+owSo{PdiO} zPyW_$J_a*>U7_{hKHgydH%k^$QVn(W)>MNB2ayTz$5=*~&ykUl0|z9GeAUkO%h}#x zd*Qb?X1uPYqLu|r*660rH-J;ls}oT=I1>aW!z`gJ0YYxa%GN<^L_y-& z7+;1;0;}grysFpcAz|pd#op%$-mjhhuplQ6Fz#PP!GP1~c_iVJ#_!m^zkHX94)O%6 z$s0H5VsOAv`k6Qvv{xa&qx80h@dvdIh$>CTKKc^Pk zq^yS0JfiB2f{{Or6W|QP#YymKL?WK?tQO?o5gTHsNWf&U&e!z@!6+s2H%2$#ATGygobgHj;z72%gr@D4kmyMbHAoQH}}jrj`SgIlMB4uV=Dga@Mivya@wp9mo?2&J^&FOwYlbEana z`6C!@px3hd2XB`5e)vDGv=on65X0^|D5Z&}DMgb%?_g1VapQa(`2rGX9hJNayof+- zSie1R8q^^77H~-U0Fu$8BFbe-N!-I6?KmwhE@|$A)ejUn5)qs+Hbg?};5PR9>y=2}MKjkMq?dVcDO*`e6IM_YTad8`ZlYDwM%`_pjOp&y#e;pF{h37_0nlFATC`u4c#wD`K0YZ# zc2o#d1;8I8ng0lqCCip5L*;vlDbp@`Ff@hWY!FGejn<2C^x)QupbK>Q67oi_ z<<7@6`v8`?{B_12P55E^@gpn^NlQTbn`cUV6wGZU)6b>@z4w%-2$Xp@#)=IyEtfXk zBz<>g>vdNq(V2}RPfO#tu_1&kkU%4UAeqzi4h@II@D3u$=l&i1&%T(=!XgdnaZ>@; z5*}iRQI;?b{KB}qPp)MZbf5Wsqiw3V6rcJ2YzCj(TkFfgl7}qC2Q-Qh?m>EG8Jy0T zrk(I8Lpr5&^{Le#;Y1->NG-czfVktF%vdQ#tLmF7{!>))?fG5_$RZqJV0nD7(+5DY zEkNPYbKm*4S;E0&j!;$1A7M#1KrAk0$*dL+=3ie@=Vj7IAYHDcU zmtKkk4JE*eF}JYj;ThA*!2V8W(p-L)F68c^OW91a6(VR4e<*<3#sXsX_u-V@#MsBW zECR^_OyAPvH@F(4?D~v$RD86*_FnXX;_gA!B&~}nr>{ywK z0F_OqBsrPribMk z`S);6G%x5J`)dK`ah_ zGx8q5J5eE{`3|T{`vMRfS4r^`KyHz)GynN9P7QibB;n1@~DcMc~uYWl# zirEurnr#j@$wX&8WogZhQCfCnZNNqKN{C+VVA;2uEJ~>1}q&1{y>)32MwFf^U^=gPr8C zJ?e4p)O;y!#bW%kr4i&eg6^hQ4@dF3Q~{W{XzMO1$ZxSlaX4Vxw_UExg$bOb@fN-R|VVaV#FF%>Q=^nED<1!j<)3_ zs>Bx7)@8i&igEd1sUz-JYqFNMM8U@qmMBZ|!F;&{*3C>s8{P1)$A{0PA@Bnflatlk zhZ`3FGfjgdVTVL2R^_;GQ+IlREcjZ8V!KXhOVNc6cxmMo9 zcoF(zmB?Yg5&?etY4L~rXEKo0&6S1u|CKxZ71ks~?8USd`sCXu&P+9L*M+O9*u&*e*`PC``{pdbKA2jZWvNkA?uG^1@%`S#5IM4ey2 z`#|iwva3?nrBGA8WW!6s3Lv!=Xa!8O^rv=jTgPnSR!_D0*SzIFh7s%>l!;&m;Q{!9 z)`wG>Mj(2lEu+{1$VZ8kR2qn*2*E~;L2~%rt9>q!doj0uf2Q~Sm{7;varUG`PHY+O z{|Xk0dI|CGKnN!p=ms!fHIPyJ7-FutkQq%~0h!0<6zXI(Kp6rO-gt6gZA&xz8xVtS z`UBg&xr{s<^>uCtHW+YE73AH}oc+jWAp_n}Vu(k?G@nzvZCO*LZz&}2NOWlZV&F+5Zke2)icg!RO8uZMH?o##jEtwhOpMgqTm~wJE_^l+UOy2R)6R&sTWICeWb$J zONoQx0aL>|TK}s;S$(xw-d1#GZkLun0Orf4EYlJWKh|d5OrRp2qM`Y1^7=P|dL4>N z&i0od#x5qhwqLq+*Aqv->~C5H*wIu`5YGzgSAWqSP9Ph;UsJxEu2MC{DUHsq%T83e~Irz&Xxy z&seQ;Vr&_8XlE(+o0W$vHlE+2jnv#C6SVo&=v%N)0)r0gDC>n8XQ=^5v3obDfo3}1n-Gguu;4CPkkFGU3n~hBuW1$}Mgm|7iyBO2>z^*e2Sr zPMLUgw4>?8=BTjj^-eN3;gg(j>LK3)+DaLaE}>%A_?P?!_A45Q=e#tZ|5U|3-cUlg zu2+5WE>NL&=m-kPDza7hl~gkh1|~TSv=_PkMWbZAfI?K(CW=N`8S>4~hY6jlhdX&_ zOiQ}JwvbJqWyAF)JZ55_%Gr?!OjY<`Sor-dq6i}@mp2A#bT{MbY_txu#6{0lqdQk5 zraF}@vSbsOiP$BK3Vs1j%p?1M%fCU25l{%{XT0dw!zzOC)zufx%PwLTQtUPQK9oP~ zXY?)`%5S&(0bjbLRzj z7SoKGceYOBO8Xu(R08TwFE*>j-<$E*I0fNAbplrs@Hz)JmnfepKxnZ;QF++V*r$zx zprP@{hmD9BbXlUSumvDnM}~R2ZamLZZG;{P9C(f~f3UwV`yrpz>T$p`qLnl@;>6dmsJZ-Mc7C~zUf#nQ9OonJIyCC#)4VNirP5e}KY+ZeJPcw(l<*OtH3 z^K;wyf?HBji?Z2+&)nsw`cTazMd|bWZuKV`?F2uow`&8Ty{yq_lM#ScJw-Y~^wA0{{jNWBP9H4TrHnb}-%MgwF1*76c5Pg!<_BJBfPrYG{<(c$j> zUHLbHOr(=EU6~kD-JiBA%g&8rY{s1p^0sso9Zl?rwH@?pD@wb3SwQ8LRw0=hIMDbu z0d;!~e-M(fECTKLT|mt3+Y9U|YLM;I8E$b0Su=!wm9tPK35qp_E|SE^fjym;q4eI} z2eSo8N91Eb0R$mqlE)B+X9#pkSt^4zPn8W5l#ej*At;a)39QV$wR@-yY@<`m4ol2x76#Q_Ps*R4ztRn7 zu49(V3bUlE|6cJSWb^27Vpj)zseF*1OM5qMOncN;gwFfsEOj_tDJIh=C(Y%h?BRP| zE*O6^6$>U0lSaY5EL$hYAc6>)*P7^L7L=w>h^X31Y|APuD<|S*>jL$3YkvZa;|oc` z$(GUQxWi)JXER>5c0%gH2uH&kZcBOXB$75V|mU)deB!WgNh zs8L4fC!0R|2vYE`ezAOUE9l%0sjw> z`U1aOxP8<0Ar+jZ4!u!jalYS-$s_xn`@_P-{lghq!srjl1+AL!_9xISJ8b-iR!yh{!hNbL>I$(e)Ch(ylUT9nc?RDTaMZFhj*>OSDQt?g#>V?W0 z2H7#WS4(;vPzjWg97foRUhZ5ODT4$C)f{F(K&fde{n?Yu#Gj#or4kqC_E`6EP2sC+ zY)#x#{En+RHJ^>_K#q*lezxw@fTIQh0NgTijQ;y^xV-|W0DB?D zK3Xq(FlF<>GkLrG&}_{%_i-m&_EYtQ7}Zpx8@tTrhKH$Bevdw{dcaV&XIX!_uruUP zd$H9Xt;$JF!=oP^-GBwZ5vJ3JhlR=eActBFic9yR*N>J2AeheZBV|J@*L+**zrii*mp;*IE5+$g)J{ zu`h-v1c!Sy!xFt=sY&Nrxe~WhbpH=mI?CrCw)LVNw+lu|j77@wTzYX_3!M&8NpA)1 z`Rq!rgKQ)9xp#4D?3XeW!YA|!UJkZ&8#6R76gATl@NNoX0p1arYI|YN<h_TvF1*GZ#oGm znP?nRZXjQ?3wlmRno?K39*yEmRy6Dzqr_0B(QPN&`b`A^Ho z@{osxEFONG^R4yRwZEwxDC)Rbo45l%U0B8LP1MNJA8}oMZ)j`Jx}`e~C>SQxnRO;x zx!LJuNm`Q*Iavj?!SttVHqG($(MZu1-6PX)XLSG@a0a2;!jwRr>Giw(iEV1W!@T%MFh*xv2CvE)9{^qwm{A_&7Z#n0PEL(Jj+5--93m()WAyPI2&yO&6w?O@Mu7zW`so;kY4p`1Jr64b z--yxgCPpNkldafJ(1JKKQ)7?SqOX3el7lqwXYw2iKU{cx#vRilKYY$?9w)1~A;;NkE9LZr>9Jh#%kM^&WA*+pETc^k-S(u5 z*KPYW#nkz+2P>RErawazZB}$XZqeytd7z0FN_YyCW_#6{aLzUQpq6-ay(a%Vv;R!e z_YgcWP8U$vYrLF=5kkoi=^dL^v3 zR()dAucq0#FmoWqzTqWc_?o72A1VISUuusXe=Xjnzor=9yFGRVYAsu%g_*1;vMlTVpH=mkN8l?3fu;1A3X6$cS^)Y{bxE5)Yt?hXhGd2 zj))rvYhghe)Sknq0TqX*=^c4Zkd}#xtMiKynFTSOyQRX{goi+ zdbT-ayWpg4WM`0+Z6d(yCZtAzqW$p=%fx1gY)~I?M&4p9t>G;EIh#G4Qz$O1(9c+g!s0>2vKKd-+1WQbOoVUTn=@n6uP=;McSj9t`SnZbQzlV46{ zw2vgWaU5~?iC_PqY(oFsQUBk&_jlIaa!3#jgX>`OdM&8Dk;bUE$+h$E;8Z$s0W_D{ zq)3I1Jg(K{m!^umm6;7;FGso)?dLR1?Z~IPDp(7C*T-oBA}E(>M?|0Y(Q|Q`DWbT6 zl}e`CKhwV@@cjFk1&hZjc$BF+@tpfBXH>)$#`wBu2-j@wm^DcZr55V1-gc;vCly-= ze~MO|NJigt?{GPCaA0vXD0+ATveAtNZJTXHUr%ak;h>)GI21d5QmZM?V~2av$c+SL zKDf~nZXp>0@DK|{^z_iP>7;vq5En5q=^;xNfWT`^*hP#yGfd}{7sI*)|>~fZ3AEB zq=&h<#n4w%-?+UVw3O1G=itz2T;6-|KbArC69p8t#Bcw#BLggvo?O_j_s6MX3eS{q zX||A6k7-d>!q4=V+!p<*oQ1lCT=Ra6N9R3HlSAE<&(i65y}^%OPQ0f3f2^ki!g@Z1 zqLDYML*)|{JxzK)ELnte{_v|Pw*VQ{tC4S});@W}S4rF=A-JqPRgRhP2NMn{{oz|5?x|C>RJXtTa^){Eir5(}ZYX%wsDEG5%*M zd_*h2DIPd1sGh|%!Xr2g(PxJim`L>hphWUTMJt%rP0+OWx4KCA`C`O(_as6^e`MfZ zZti`jxq)_+@{M2dqGNCaT(}qUgOQZL_NB_u>V73hk`YHO3fh4Et(ns74c!^0UwluA zekba8oF=pP-f`}gx?R60H!!^6_tn)H_o$i>M4ocfjt5-u-o!=4z*$OVNhr1vXiks? zcxbq*OfDx@7 zd@Jw6aqj2U|6{1uK(6J0LgW)lf#fTR^%k`F>wVL3M0)hC*t5^$YRfS4WcnegfZ1-{ zkz%=d4?Y)=-5hH4zR~J`5*{Pr^OYlyMo$eB;sOL)$^kme5pe0Ba-CYEWp^oKcBY7e zhgktM^5J(q%-opyUX@!^#0%cJ?g?@zv;FWiDg-q%RWz#_wS1c04-MkNI>CNf=f@fW z-ENkeLMFtez5%7u9L?sS7UnC~l8T9q1K}gm%HWl8VfwrrKcbv>8F$xA4btC9jVe(Vt z#v=tX3gkBMvm=n?o|`3s>#A%8b=+J_c@}@oU2NQfN&?fWMNZWGb+S9&(wp@As4kts z&JPJTC`KU*m2bUSAir*=$Ju@+a`EA+QHo>|K`#WzS7XowgZTXhuJZ%bk}r!2-fLp8 z@gy#bg5yCA8FT-Qer{Ci0H3mY>UsgEb)za?#>WL;1OGb!ddP@}fLk7=`c78O$a?K4IPKaPK`<2$iE`h4PcY3m_B0qiNv!wNHJJw+0~r?ouR@zp4R8QCk(NH8|ad!d?@MDUu?=&cLO^wIhHC^AtRlk)cp7Go9yIA&T?5zQ z*6M7t8WRC3lM>ALeZpmH?^IdS<;eV0uShgcd{81s*CDpDP$6jlIid3cn-c*cN>Px3 zu6EIVw9)A3cJBx1|4C|frwlp2D4Ev*^IV$rSVt}7*ZZjfTVx~W(ZdJ4Xzal>Cu^E_ zdd>Mq#>S?$MzX79S1k*pm1kGc$DZ;pdn#;=R2R9Lr!Ft3DG7}nCx^^hKbR;hJof$m zE98E%ev#+k7|~#%wL_=cz(XD{kd}C2M#n&x~Yp9?NJw1Fd3Z=^)u>@;X0ER z_ejZ@cM;zWd5Y_(55k{kJfhK%rFQ^Kt&9?6K+KWbDXV zO;!0T^CCkIEV(hklJK;gL0aX*@j$v8QSSV8HBl;Pdbc7>DX$Ao|1?j)G z7mhHs}NnQ zyJE1zy*q<*g1UrLmlcw=#kq$S0~(!8u-0j77b%S;Bxr(0XLyPeoJG`qu~)PlD}C$T zFYd^b#9qbO+VqKSY1UB>lPICF^EAGV-6{req296@Co7bh#@CGS0~UCk1EV8=sZYc? z8)>hx@eFefOPsZUaaQea;+eBC;@tD?iGlh$qVZA2GRW0wGJb!Sq^9Uo;S`w}wk*$@ z^u;Sp)WNjYUHv_?W6zhA_tY_!x)*2!bgmA;3@3EKfJm!oS+mV%u4Ue1;IQTFS$m$3 zl9*qQr|u)$Yi_4~{G8U-8Q0$4ap~#j^>;>c976)sJ9W-Aj%X#lXYisnG)^{mH1@ZgJ9}f&2_&BPM)Z<~d-b*gUCmcTVx1L!q&w9|Jbz(W2(~}NA+Ps&S zdZ#TJ3*%f-tZbO!QS>ppo^X%s5kACuflbev&n)Bnhhof!aSV}gRXMFr!gC8M zvp;%Gn&peoJ}CN`^yWJalsUAhx2B;+4ly=io=) zLUE}B!_?ngo4z!HMe-s<&{-VP7nTOv2D4d15SoIzlaH5W?WxKG#f;PG3^CN@)L-hP z)^uw-(6~-;)O|K4d)4T9vPLs(IEyJ9C(N;*Poi(KY_gum@y|J6uow1q71(e%)^Ua| zf1k8S`qESQY%5;*D1?<`=%S7C2)8rd>XX!w)9M@sPt&1AM_PL#AP6M}2BK)iCiz@L ztZZz!fru3Ik^Cdzi~P>Y%R|RR_>b6fM$Ny!!kvnZWqewtqk`X4?$3YOOA44u;F&pG zX|75F?>a#iMp1w$BVwJ0Wh1efSRG|dBn`Xcqmf>lv?}@3_-*EE7FV9i*yS?B$T-j@ zq(=J;b_LA3Pm@&Wt6m}F8AXfeM7FyejgBWvR1VRm`NY5m_fGOh3l6@K6|;x>BMqfi zu%^Ko>~@!B?0b*h?e)3n+ADZH4VkGaNA%=Rk}p)}-1I%yH4_TguCb#a@!j4Jv~XdI zQu8YbhP=R+E&HhVt3~q_=YOyOw|O!o=sEWIKuO26@TvDB^B;nIn>U7qk6hM&HLGiCPVL3jZX`9H#(7)0a4vf*oHr1vs_Aa#vXj9~q?&>s zn#;-Nt@lSW7RgfQ?$QwUCFc?e746PFBqB}|0X_cDE2&1*_a8x){m>W9jmPBW4 zitYN^Tl9?Fvx3k*n7MB*Wo3o+*C~&oEZ>;ArNNQ2pX^+uKayh@m+Qu#kfhP*!kosU zH}Z8;qRt=RZaD8cYw)J>_E(YR_u#5S@ept7TVK9ce5A=le|BQ78n_eV&_ z6-~xrL*zL?96tf5{z?vYJsS3U4n(`jI3sK$f%6^Epos@`2l>WX5WAyEyp~K}lI9}Ut z{yae6KDW5vBAlg<^gH?YAC6b-<7HDPEsG4g`6&+ogJ z3O0H)RkZ$I{b~A4_m?L-(FS5E?-C`SpYG1=c=rb0BQ&X6jl#o^HCh;Bn378}Ks0G8 zy!-gz>mz}Ml_!2CG?cXG&gUx$DFD@@TdJK`z>e4U%;Q`tc#J7nG|Hxk`T*4d-7I>v zMepdb4^mGg@f$G;4PcW?(eK9iBEl(||32vojyLTk8@$9><2!)X#p@0DU47u_6u^cc zPoo*mxn*(DaDs7UV}bOD4u>=oD@3;F%^awO8a7M=_491)EKT9ZOo95fPNmwOV|tDX z)Je4Gz5ebL%3a{|;z+KJi%22yv*TrD=u|#P`Jar+)e)hx6xDuPjkmQ6@AkKPra#t- zACy{Rmcg-3aRpuNwq0t(TQzy9C#iCYSn}=<0oYMlbIATQeIVfBvV#^C6;m4D`Zx?- zlWg5Upq7pZsf5fGryj>qO8XTd%aRb0k&}(fVY@uiy=J>0e zS&x%AZ#$hm+bg={_r(_)1EXvcUkfAb8?P$y=*6nK0@9*jA&N3&AVW8!+7aJb0@H2q z0^QLn*N;H-RM^BUt=1cRpBHFOJC3~2{4k(-uk#qqml>vhtZyiA{wr-X(M*|fv4}{6 zQSW0Rsz>x#`?NnucpzJ}#bE}qfWvMh(b9@I?9_gutG_!;@EbKLoowTVWc38_N^lE7 z91QP{WvFa&%e8tQXQIDCB=MuHpCai@}7U_9HTn_sz$cfmtvuW!TchIPX$E_SU`Eu$;noTVFbnWshJnn zFP9EPXoUZr%^V@1H;}MM4{-rfL^`FiU>6aK1EcXl!gwCC^^c_ln}?2OHhOb$2x1Wb z$9th3Um4%tTpsmL#gNIBnk!;NEk|<$=|YK^{Xw)32qNGH=w!KUE${xmdlE1wye!oJ zkj@Oz z*cYC1ianq?kJJ9HKy?)Hbhm`i_&?i*3AT+Qwi@OCwk@`)nD-}-h~A0%(59F0%Xq>W zYb~?<7g@i)NQG{X0pz#%X})df+DGq(nT8yB)^7lvKTg8$&;o z`G2x0_zFI`$`^psZ>xlHZ-}~BI+Dy5kUOTS74;Sz)2MSlx?|HhJ3GUHs70S*Z0xIn zE0(k~`dpXOnKzG>pfD-yBhAK(xW0LeAzZe!I);H9=k_fqV3$%R`^$yjfTQod*4 z0=9`r_hLdDU9I#wZ40oXF!CYByDgOjb0{%kN8|+lo~@ zvo`kIsnp5}&~~M_yBOetiOeD2h84ksi&4e~EFry|Y#FWQXjBz>Fkbj)HuS|Rl3gIU zI<7_zI>HjJ*I-Tov4JTZV$iA3ec1 zLo4%okPz05Ft%j7Vd%Fvh6U$WWu?gF!b1f*6f3ze?*htdV`-?HDP6zryt;TXp#{Y9 zO2?Lms1-naSNrm2zhUAb5?ZBn8*ABtGMw>x_p0+YHm?D7YXv{KFRF%%Yn;Wn5}pi? zt$}2b%aoO{g6Dc{S6e8-6p^u)!V;6IvMC@ucwKFr+%@pd*(htCu?lryw2E>C8DqpS zB|&-}pGC>dUsM~cTDM=C*li7<>3tIdzj6d7_*kxVFkT(6d=IowXMyig zXYHzA#R4ryHSS)4>ykRy}I;0Fc9Y%^8n*vObUiTm6B-RzYaV zZTdCFgg(M}#hg~8OHQ^Igb{&xds&51pe0+?6y;TNoM9`&;JNp!7kK zQ)1Re`}+uh>^uEai1`lSj`ofEqpSKeb-trft_W9!N)hUcB`*gn1`NNK^g4=~AJFIo zc;qRn-MCrmdi5ZKDa;J3B8@Sc1U-`~6%^a#_nb5S+_EK1Mb$sj#e+NViHBJu&ZRn{ zBxT-~GVscXVG&F>#Pk<4qW#^3ys!{r(8-dk zpl1d8PdyAyva#ETThswuif9}r_}{CGc-X1v_Rl6KR)cFTQZDpCy1cGE%1j3ko%vrc zN*bKrt&t@Z_D8v22JQm4Ij5`-=!hxOxuTIsKO|3stnSe`n9R9C-RO7N{XUX9QE@gF z6=U#NFgIQ|%H*s_M2H+T6v?&xK=_X3_VaVNfeCpY%C{Bp_pJwGB7>@+vX5L%);j02 z=aP2x(&oNa_umGJZk(W7tjfGGjiq$hBV!=AtEn=zj#~wQRg-*H ze=IqYpN@a>zPUzJ5_|)HX-tCd%qgJN7_4?yKa--{zy_PWSl9P~C8FoP zPn!bre|`6#Ok;*fMYCztR{-1-J9qXcYYp2XM0d6I*1i(kzGNOapy?UgmlOH}9c_!8 z7&?iEKkna-A?guW_SSbH!QvE8AZZam_7d?1p8BHwbw89Q9=_`6X0b{_U5Cqsx2DPA z(f6WXK8n|AUD>_NB9YhS_l!cqe_USnDo2)E`_UQ;GN)O-#yXg&5>03&#U3k6z8H7j zZ+x`=rvg2JDkD$NMHdvNT&W2Z8WoBS>TO1q;W3gQV1TWj(ueA(yGq@A*mc>>I|mBz z6Y_K;v4 zeQbh{d<@DjQpXC?MYVUMm>0o-~c7i zuurYDTeC)%VVn5U)}#SwAUOi#HAj;dbOlU~hqaZgSxE8niWGr9?zwCjNL|HHo~(>f z&+b+)J@_Mt43Yq!GOHhe^Cwz{ut<1pa17r9L;~^A?KUevfJW0s(|PeEQByh*eXRU> z&SMVGHB19ikjzJ09ZF>z7TGWZIfbb|4aZ;Ev_Hg*W)-mDC7t#xs@-F&KUVGe!S-0m z?>Tk>;EC|Y6hBg!V)+P~3OZh%9pHZ-({m=ue87V`iD@Jz`i5w;#M1kg6Sgy+&TEVS0p2<(dBIu>h2rossn&A_}JmcTqARv`d`gDP-h_a^L-{ zHF4yZ{}>BjRm@)+ZG9Za*tHR}^@k7*4C0y6&F#9XLdf@CXp^jtnk% zgueV}Gy5+tLev8_=T)th(7Cw}=>Oi7e))(1LhF}D{>`il+b|Ir)NgbuS>I%RfV$3) zCxMd}IS(fnaV5~k0pR)Po83HJ7ZAFmJfQslncjcu*}i9(sL2po-%JUeMJgrrQ>%l; zHeb%BhO;)dN%7s6wqjgOAoTzTy;-vP@w?RqU+8Lqh;fUlDewWQ6{vXPz6JUNM(TQ? zU@A(X0***9Izi0;y&ngZpcR)e!mm3+M>T)QfKi~3!dse%XkOS0-1tp*>`b$M;0-5j z;>5p@vj+7MX{v&+SuyM{?i2u(E_{xAj@ZkfnP{)`m_EVVSs-|jQ;mr@m;akeMx4qo zG$kfVY1%baMY%)v_rBBZBLO)(0986oFGh+vixvdI<%8)r9Bk8|TdFHidGb&aj@=$$ zhyp>I7e}_*XhYonDz_7>IUEj}J8_UK9i!Ks%R{oC+3NQFgg7d`X4NPrvN!8_ov--v zKW>6%EQ%xEt6-2pkyEcuWQLXD{8CxE;MVnPXvQ70%j9=60A6JJc=vKOrGG0VjXLY2jOrW^6X(5i z_W}3LD2h60kZC-tNHAS@3H!9biG>JVVk6GwiMY1PG&D)lPj2- zX3WJR3}G+m17WUHWw+yQtIDR#QV9G}L_K{@Ubs*t+jUd!fcY71Vx`sQ@w2XC(8%P% z1oU33Ki|}BBzitc+2m2`fUsh|Ko#7FhSNqK7&rvVhw5+4Vh9aDWe-0ect$=^Orbyp zs@BLOar!S9v9b!-x}s0E#-?ntDGucv)&N(WH$yrcy{tmgFhkzKy!AY7HCKu;BM(@R zEYJ@D;at$*7-JjWzkk2dE~V0D^HeOk(iVW5`@~pnYf&Kh=mZ1^ERM`QaK}u<+axKY zQjnlw*+2sjoSj1&p%^XKbCv42M%x&n^pBE(dUpZHm|rsSQme0`GA=nSE>8P(`=f0ATe~@(uChn>^-& zvf{{HUwTl)Jm~|^h3^781zac~ zC><6dNOuV+poDa%Gy>9ygn_hx5(yhkra^l<^_5`_w&AcjBo$n zdklV{F4wx&88eP~%wyWTsbUXm+e4#ROW`p0PgCcd?GY43d3uAs-=8Wj7{J@?__}+wL6=#sew#MrSo+Ma7UR2x_t@ zB4<~;%1b#6Ylkn{(`>1h!hax%8C|<-J6ss}x%!-x?L2ao#Ye%q^j$I;{104sn?{8V zGo3b4D($h_s8YsbV?VhFCREJR=S|w+$vPn(>PWibs}Rj$@KE|bp$dB;$WO(DoEN+u zt2=LUQWclW?t#YOkQe5O4n%M1<)!PPM%RumElm#{9OSdeK{oDBSKNwVxBJ{9aOUrK zWb%drso<#xH)rNL<2#|BA`houtF__XUfK*1y-)Ms7wv?7P$Rjc#3-?7jA$ zfbFoc29pt;!m9d(_oX*cF;f}uwgSf>P&0#(i_dHEPaMar8dt%L`H5k$iCsJb&h*l@ zz{GPy&ZYDrMF;z6^U_{;(FYd4qgQ!_bNcdIXS-oGp6FEutCX|POJ|F~xw_cOm(i>a zJrCVgbB!_0u6*XylP>zM$zWg3qs(D)09+22&whi7i76|x-REf~iUUYZxUu)oB{_qGN7!@7?2@N)fg{EuD$P8E3~%o~C0q%Of_FL*P65SU0j4;Z=CQ2xcM|6IjC zi8GBfd=fXFG;xLxhP>&g7$wf%A7U|9m9sk;>Jj~?(oY}KIBjz`o^dh3 zE^e!ss+++Mw}axJySELFd53PwCknACqBO9_RPdG2itu2|+uUw{Kf?zc1om{3rV#Qn zzW?jXj^cC_T_gEN@t8^+EW&3*-ehiz9f8+v;w_vHe^PPBT~tS^Ua)8IZF?bylzLxe z>PCCwi2CRRe_plxvkYiO+m`ni{mH;IGDkwlK-Dc7-UjM=W9^p z&-r4p-e)66?89xuKAamN&O42%Mc0EL{!i|Gd=`pfHCBz0PySQ?yj`qG+bHKB=S>V` ztf)|NZpGsj5kCVb^%4Q{hXptr@^|&+%UMu5ttz}KH(`m0iJ8*>a1Y=O@sT&oL{f`D zyayXWQeINs5tqXM#}ZQ+Ups*u$3Eb~Ms-z2*=phxqLVF>p2A`<(5onr9B)~uFMRD= zN48EF`7TsL=sY}3EuK&K5lGqMDJszF4~7M&;OGrmARf$3d3SN&l*qW3_ss`0IAjbW z9vy$GQsO5myN@n`Gko_qy!i}zWLUXonN&=)aE@?sN&At!2=-|P+4NrII)p002RXNt zndRK{ip1wX!SEFB2CcVg9IP+N(LT4;xhQ%bv=q7}o$wC40+{Cf&yt6bAT+~UGM}+$ zjsj)~wt0&TF`R64O0zy(3!;ZlzT2)#elAhuit2oLhKn%M5?QY^VnM+1Q&WI7nfelC zY6a9@6^mecBq3zJ-9d(hoD_WVFZzhx!27@K1|Jd4iQoXte?_2a;E32>JF<^t6B;u} zbc!Eb_apkt1;C|+ZIwxixq>=A?f>s~{3w14_4WEsn8luZbjkr?g71!FDijToy7VE) zp3i}B`3=bpxg4=jg|95L?;Ln&X_BWgg++2gL=A-!A~S)%QMuXwn$m3q(0>% zARyVrjS-lGz;nEeE5Qn}oX(?4UKThNNG;S2gH-!8YAkc!nk_~b_JelLUbkH1gSfF*rH_qxxK(D=Z6VBsaP zF^HgAUujIq$DaF)rK_%fXCv{%?FCqEx$aj)!0vvB)1>IN@GVvJnzf}R7q!QB@(5r} zBT#Y?a$SzOt{|;=s=;}ouNh_lw(H+-WtfBM#>LcF3zBAX7^GX*BpoYEGj$dSlOR8g zgP3KQa`C-*q<_!SPa;R6$Y0~);Ve$18PrD3&IE| z?d@)d_$Ur!iElfmBqsm3dv~r|#eqC*MjKS$^CS_;)=vNQ$N(?;At*|AK=@;a&%m+i z(R&eRwV0+-Jur91eJf3&)q6?jAxv2O<0tKy2cfzw`Lv0aMXl_NkTI3^bs2 z0CfDlT==#l4wFUO_H7uv_&I;E{3ndtFj=#`KQ9FLC= zIGN(<@T-0Ck5_vclOFRj5s|xmF7WZ8n6juN8i<=oG>xh9`jc=>IY-!qKUtHzGZ zKp^i$ZLB-O040mh)h=7#%(&y4h7foK#K>$tU-YIhB>fU{sN0Ovt$kRu18_j<_dU)! zX8X}mVGuk5ggtNzxcu?{R2u!0*RHPBtKql*K?Kda{Gl-IF8jZuqT(j(YCo< z9n4jS`=&<}i|zYiOOYtVVpmZb=NDnbMw!%)_0KF6&K786m>7vLE7GCDcEe#>m>O%e zd>1hKF?>-wPd1DG-vs8#Hu7oZ(&RNEuiYQ?6Q({s!~aszBW+lsPweP!M|gpQLxuKV zLt(L1V2sr~aIlu(#7%!}{3H&T^WP=9-oe>TA?j)Uh=4hu2JhBubEjI0>5gvmDtuWj zx5xB(Tv%;eYWS0$hx;j~6;>2ndfq~b(H;cj)rYa3{D9^>GS1gX%J(Ng%(!EW(%HJY zn8q@&FXyDLx|f}u&Bw`IP*#M^!)ZGXOi&FR%z^ix%0KMx?xI^clLyETK#6H=IT_?> zV<1(=qrJ4x!_W}1Q+9v0t@bSI$Gcj)J&N2BsCXF2)``QaCE-OD#I}!^z<+w=oKZUV zkPcG!kHhVLj?qpG&k&dRc<>}94(UztGHxRnHv?oWe{>*;owo+2i@CRK3jR61k8)gi z(*ZBj+l1NlD|-g_)$ID!`0czS_SE)BKY$S&{T^zz9?60gjP#4rTtp81vpXYN-Wcud zjT)2mor)PYVVJJ=Pl=4JJQj7&gQe%hG?$i-W77eYcuig`gTA3wZ;PQmziRFrukA3G zTOT(&C1xw9-J^)6YmYZ93*+f3<<{h>+ydi+qU#@wm`BGh6*MHActmHcK!HR&EC?4! zjm{v=g{~0@ivt3(PW^)?M6ciSdb2}y*ADKrGpgKn#MI+g&7`g)dgUt@n)=7jNE*L& zhPqdKZKMWm7pfQ1Mq)KGdD+DAP-;>{2ZY3^NCp~OH|7x)(C@4mF`*^?zndC@kS9>nlmhebJwa=!V+ zsr&lfl7PLZ0S~It21sj+QG*9!lX`e3@4DbAeP4xnK6@D&M+> zar>ZzH!Sg#R3efz^rx+?%3_)0bPGrXw4h#-4;?QpHnOz$ex~XGzFvXR@A{HY(4DT} z`>E17ROTNN@)usLwzaUUy#Y6G6gSYzY^+O_z25z`LR~qS)-qE2s3ec~ifp)DyS{}! zy>f)EYdd=dUk;J&HI zsJMhv4dAu~ojzQAfV%XdKn&>^0c)^<#JYmz47yZDk9K~QPjEj2^WUeuPxdc+Mu6RZ zB={Sh-aO*WO1eek*PFy0q@z6wf;nIR$O!lM{djgo(m-H1@o?`htJ>bv_?G@|Zo6c4 z1NqyoSb#?&-4}eYmFm@m z?#hs1n7(J;yBuYwD#>so$pX~4ScjFH@FTx1Ql6Q0HOWFHr3YTAZ%!?Z1vMP_KXlgGid+vsl33w1IpzUCG z&z6P^JSs?FrxE)!E4s(Ou4!c`-!l|F5(AFj#U_|XXBk*xqi#K?s-$_k17bLmQJ!P0A=QOk( z%r{tyzmZn2c`Dd+`wgegJcw3v3cYUC=_7V&3o3?EAtGA)RzWAQ@G;4A0?@6HR2I=D z<=xvAdbs`5gjMmjaBH`+Ez`6N<5|`kMg=h>ZURY@&Fk)JruJVNy~{0YlrE;Z%Zab7 zmfL@}22*EIGW`xu;e+b0=Q*ZKROIQ@1Jvr|F+4rDtsisH%WH}$HT3<-&_^KLc*ue9 zMcZE}>-TXqazGgmr4#it98;@DjCmX%uotgJ0J%bn8=TLj8ttbiwMUAp&J~&IsNi0~ zt$+fD-mSI**|tniU@qopK2~puY#IV8;EBY&`40+udM@uWP@0suLV< z9ct>vA8>YGnJqm)z@qx=kj#^4YNbt{dwB6E84g7HsrBo#R)Ei{=LPX7$H3}P#_SU{ z5Bq0C##tWAx))G1UnIo!&Mqx2b;5+b%i%`$GS8VWHWF*7$ks22pCfA;`W+b+mt+1$ zovAD`AIH$o^ zI@e&y21SD|PPQ1*s`P-6MBq(HXam&GwFpfQko&8Rf@FWlSV$ z<_yIt`arLyA&AU_t|*}-4qN0B=7(q$GsNqG%_!>#!ip5~M4* zh)*vBezM@iTh@E7(FU$maDcVGs5gBF$9@|}Ms2=H6gR?@pR8Z|bw1FVHbtdIB(i16 z)2)Ig;8P4$#lA(XzIkjlT7NtD3ikj+cWzS_J;KIuLyH4Bd8pI<&X(_>$I>K%pR$~` z@g4E>5jCKUR7b)De<@d7v(Rhl$^}&&=3$I!>tU~Qw|F# zEMa-)$uxU^cT~xGWO-FDieQs5E=sJ2VW?Z&jsf}(G6M;rSH+AGyXPq_Yivau)s;S> z$g1329_er6e9c0Yz97+z_;-(bjr<#o5-dw>3KIWtBhW~R=ao+L{d6QkR>&ZKQw7vT ze9S0@M#OJ#B7Xa$v^bUUXhM|oRsF+`RmJj=erVH`%c6@klPMLA)}=+y$!KPs}qHmgaj?z0G1; z;sxyD$Q-O3vUeC-ogs`Cm)ATQT~6)_`79p0tiphvI{r(@$k>7ud=!SV({I-Yd}Fd; z=_=5%7FkM`2*A4Ta857dvEifHNbkW}j+_6pQr7I0f-EBtD$G~$Z%dY-F>>kkb-g*knSVQx$KFcu{5OodrL@EqZdM&r)od~xdBovwntS`6aGq*PTPt7l zV;GwCDDmU`>xf;A5T0fgM$KLGvx|my@pUlJ=|mm@R31r=D~}i8Moir#FTlNwn20(d zd8ZnfokwV_ixrF^zpmariU4b@Tc2Vh-In6Wp(pwm$}n@{RPOCE7L~cs1NR7=-T+3W zII}a(YcsOyMn(=VE(n>HG?khwQQcAHe=g9P0CHf%whRqd9`ORJv$p*E&gRAFA%-w| zZiY+yaU##e15h)8$@Gyt-y@3N#IX8LAr?+uv5=-u$>{)wGhfK26s0m&l@6*$tbS7f z92LYdA%&F}l?-I}R4E8_#S5#G0ODIYY3apQo@+zKuW8V<~DbbJEFQ|Rh>My1H z$D5|$i#DXJ5ywLPti+|Ebe}t#t^L94#}g5qf)9S^Pv(V=O1r_><#-sO!1wds|KtMX zZ!3}`ZeStAC2kDnC)@6m0~gcm7*ChItnv&){mKiaGaDqv#IgYO5Jbq%miNu7vt4I$ zlP!lCmA!*#>nvtB8L3YU_xnca8xhtReco;B?B8S?D9h%bP+1h1P;KWFyw&*&NN>ed z?(F;_o=EWv_*19;H_3w4BU}mz&*eImo%+wqqK2!8q#>cnf`mqf(HlxTJY@n76U(fP z&M7J7@0iaso>3gzn0Po%unxX{r!8FMN9E-Kzn`0i_RWE0^|2bGEtzqa9wSC?0t=d6 zPYFV|`y{Pq#Rg=`zv{aFclkeX(u~M>Cjy#HQd>jQ;20Fbt=5Wt_8SxmX40 z1}jf(+_T+ct;)jt&Up+XEQ=(B3c|uN-phHs{ZF%ijnzL7yv(@hn4!^+e_fI}Jsbf9 z?7CjotDKPeu$o@&Rk`@0Z#K{je&cbKi+cph=+Qu*tE~nF`x!+&8bPSV8G7!!OfEnL zbsTBkuOD(erevi7cYy8lD*NstayN8B1#$~>DPRz8~G*puMsaab8CVkk7 z)db)}(;`u_w};czhnAu+qR!}fR_-QbSWTuA3dhCMHmDzIiEd?4QXwaQe?i$(PAb@m zeX4pXUjmW?wf*3dt2i2Xu--bLz^_~5n&)sbM&}Gri3TxQAE?i%04XqUU?I9Hy`L4r zfBSx@JKtBXv78PHFnzeU?KsK3yY<}$5IXIxo7;h7NS{s9r#(IEHsRXUmh*P|e+umy z0$|$AKQw$9xZGHLnKT-5n1Np*E^jfJ?wkTTz%6)`wrvy-A2<~UYSmu{PgY>V`V~9^Wb@x&2AWjZe{Lg} z$XkVgNy~T<<77j+kmpXjky2UH#+}BcqlD=n`4?nwVqVOGQsT?+*dB+>OiVZowYrBU zz1krB0PQbu#^tU)=J7W@ZN@Xz#0HQobd%#19>%S?BV;5;(N3+%V@*HRa4ftdvSBFKqQKTta;lYZhPp#@~{a+)#UU0f#u>r`STs6vp$sQ z&DQLts-#5ZA1)dGgbM$uI0vXAcffR-KvA)iNI?aVRY;Yg5uzvoxLR%xH?G(Lk}9ny z(FdCDmj*DQo9e+xg?Q5{=c!|91c;pEk+z6##!jA8H-gjnim?)C;~QejVbA)y!%lNl zHd+Rm=sY5JzEFW-P!MM%%&kHt5$6z^-jNKg8T2&d4LB>gZADa5dw zBK5==b+O57#TyxlH1F`ZaM@c)qBma!Wu^t-Md!GNdvs=4v60zy-%5IVQQ2>$Y`;it z6qv&9XR!$%*tuz5`3yF6{bs5tsYJu5!6TOhM|H?vmT6Cp7XNKLLJBKL{=tevEtnAs z*U#^Uxh$cK&{4ff@LRX-?O8#8MZsTZ&(@nO+?+ILtOd0^fj@|Q1Io!+!V4I<8Ft=$PpuZ1oRhRCltbn|QY_#Z^39J^1-aB?%Cm z@3KBsJT)8D%UQp+NgLCPzSO?9IpkDDd#Kpl*H`U@97cwR`)38kTuMxKgT7FLDT&rlk8JEkm8 z+o%z4yD{I3Bp%O$FiDQol)R^4XUSgLNo@pU_pPUd;a4lL7!G zyM4SFGgnN@;IrxC-cXdRBuT(aK6F&?5kIbwT+_Tv*QiFOL=L^`C><2x0vJ3QHq3!% zXq0*g(*wHuq`DGkWVo?onq)zBAoi-Gsg#|2$CF|DD#TK<);8%CeOe(KW4c|0t%KY) zsI@_^FvfHC>BqYw_lCKvj;o(?hyfKI%({S!8Ff7uT5|YcY-0r{LaPm?785OJBE4rFa24`REs>EZsv1mo{v2XNmkuJr^d%ug*^^9V68x$uO4R@TIuOC@2LJ2r* zlqVTv)j=WZd>(Z3ej?u;$oME%2O~r(C_V#1z18XRY7|h$4#)}ahzy;&^srG$aqI&9 z&y7Tk+YjNt|LmxQ02?KQZ82jO4Zb}I zonKq`d^062xKS~t!;oJcF?zs=(5w(HN@@(e4@aHXaC*Ko5J5fjnL_Y*m-fKvPEmwQ zcH&?TUegCvQ7&ZSb)>K6rDjt`)`$FjlaCbVGgMhph_RH>X z=KIH+rI!~=hvAaH!3b~sWc3mTukc=$4(0;fHiZ5P$Q)4)oalc`c-+bN@9PtH#}fez zVWOAoi)(09yK6*seSs}EKVwHRHVj4DRg>0D)-|(NkS(xvy6Hu>rHzZJMJe_JE<@if zaj^zu$~Um+%$Hm6Q-@OA+<@93QxgYaB6>Db~@{eBnE{UOiK8x||b ze5voQQUkR=1y+8&j)?~y;NHq}{hz1neiVJUWHVa4u&X98hG-QYPOm}NWyJ`k{pmNm zn_a+l+>H8)FM|5Rwet!989qD_dO4p(?iLhmm!|elw zUF_s0ejzA=c1f*o^ee|Bme9^`REyjCQ>GJ7-m6gb(>{Ld-2`igM-|G}OKGB3kt*TF z=zD0w{$KU`-yQU<$fdm&NF1K?eEwG4TKg-^%(lh&arN-#$oce7V;B|Sg zkeSIldTSI2PXimVrf+d&vY&Qhou2reph;oeOKn!Uub4za*#BJQB(%h|OgJ zHbXAq<8e)2E8D+Z0Grcki~ahLPP8rGF0~9JyG5)BaDXKXOF?e_iu;P2ReFcYfuZ^>{`iYgy2=U^OCFo-j^tWi=Ix)_NG+?%#UFp0n@e_K>SyQuor_L9h0fosbWmU*ZntzJ=e71(mS_!TZPjF=R2GAw_h2UvwHXZKID=JCtI2YrkyERJ+bm2Ihx`97`d*N9z{Ek#G}V)&l+9=SF5|4&c_rmQlFg5hOjh z5Bul#@~kYcO_cU=o~`dhs)rE;uV(+844P0auv?|l<&sM`z4%Y%jp~lB#Z)o$n7db1 z-_Fk16!csdw3zQn7P`z}wFNTXJA*@QQJCp==n{)gYZm9kC1*K;OME93hN^|EE+UX` z=j7r3q|=(3G>XWWVfRCT2~q+i(J9L40kn-+${y{pPG_}KAAvnR)m((sh~N)rUdM3lFI3zEu}82 zr~>#YiJxS zi`Np#N~*7U;}p)(hS8|GMq7I>e3EV@)E;Ud!05l&hVvWxH%)A; zvSR99_!~h6P^TPgLVVj=>6O)3@{2uDs5|A=z4=W)QtH>&%5K05b?_q^>H%o0MQERl znM<158lA{|WO)$;K1a=j^LX@b>~X`+u0qLbPgFW< znDI3M|XS=gDtIJ!iVZ-L+VXqKUfX}z`iZ5!ne^7R`3Zj#1 zzyLT3rXLdN6uM`{md!A3iJx+)$vc!>|EW0{IAj)k+=NOR0yo^!k~Q@XWGzi2HF9L{ zqK*3n6wd)E_1I9+5Ncz!?LIdB?hvBH*J*3!+01X~`W8%rP zIylWMvP5-fNg2q0I=Y1!cU6#BkIIZ8n;@M%=GVBBa%em2+PQLZEwf==$eoOXRp0J` z^xG%=`~`>fK_wo+jq^eH)2&R*-h!ZxHToly?$^j@W`e|bt8|%Bw7=imBNzuk`~;F^ z<|GM?TZ8pPOSJ4tfH5*EY-Z*;d*vBM`?rOuOAt;Hpz4J@({+n7@<-I@-(NAj+9g-i zWtXG4^5S~fSt}gZj=`jk_t0RY{LRd*%8F%a>EP?H7`Ic(AtN2JXO7G8$NGlqSILiq zbA(_*_Vi^uEXPyg&}}rv=}}=#;P6!sjJ9h&yEgC2XCB)*wx;Xa4QULXuvzBLBN28p zk4dT>7v8kFewW=c(A;w;09I+m2DVk~-n)*KQ#lEI@z)rcPEsikJ&m38m)M*O$VsqX z6zyMzppDjEeQHAs|0fh`?G^6?&qpWp-OB81DDh**L zF{pI_UFjLx%bJ6Id%pksT~PKrJ+OJ4NF)-?Cwv&{5>Wnhea!hg5GS##l_?Mk!WWx5 z3UVGX-0I#sf9!LDlRH*=lTaPP<&(bBz_sr7Wiz0ot!@b`WV(*2V~bEkqYinsd$e(Rd+J5%`ePjhpWvlQ?drz{Fl$imaeC=eYR4hVjbwaB~*_8&ApOF>Fgsy%!H ztqj|>M_G(@^sj&45gaAL;I)#~1~p;$qEP=q>0tRZk^UvG{r?a4|M3-rV22xO?hF^h z-*z$lgvO#+2%cl0J;5iV12tOV-~dFOwri*T|6BGI3?(Npu)9wHG5t&I-2`rchIl~z z!U#|6{ZZElazy_gLf|U{djL74G%C=MSXgX)SLMG>DRQ-O;9%awYUZQu0gfwW_o?G( z?qBZ$y}lq)eCofuVE*+PgiPn)EqZ(UxKV$S)Zk-%xqrQ;6)vE>VMh!%s*4uN*~$NT z!oM$?0rKti!v7}iBYyJe;z=Q-$Up5qf3D)c-sRZ|c!mopjTipB`tRHRS&l$y$cXt$ zogs7h?*$^1x#SI1jI}stFnLIN>;2<1C~7SW*HLuj0Mvi^b(bFetu zhrM^#&NuHa`C_n=>+brA8*Xq14B*hyN;W=^j=C4iuR9mX?sf`)G3 zvm|3Qzi1kLRHn}1G`)h@WDe8xG4kvn>+{wJ+XCbhEI?3S8qEyNx-tAVS|vhd)&p%y ziYZDyxqb0L@mHIeU5T@i-cF>e2omqC4Xz>&9MD@sn+>89E63w%1|)oOq7EQlE8q~aWpu23V9Od!T((?8Ye81rHrrr+{qnF1F_ zNBLF*TJ~SZYKbuGo;E2blM?T9olfp9ca`4h03FapRnsCXaPRUqX1Ww`dA+xZEoHr! zYh*^Q?P{7%g9@!s#^5Ia-w+5T-mpK>=;2rFRHMi&m-hsMrIimi3xqQLBl8CeM#{yl z&wv=NU3poTU4_$~%6h*1@-Jl?6!O0oAM<}MaN`+5+f2od?Go(spACA1g2>N8q?N_-j^`2H^W*3iRh z0Vlh~C6JBU5}LMfyEI;jRGZib3-V$o(ud0CY_XL5mKXwR6`cll`8){oUwFrV7%90M z|3f{GZX;QVr#1P-9x~Qr;KJ8bf0(p}LD|6_O=m#Dng9UDUM$PSG zTGV+7?%ufjxLlh{2B{vL9&N(?*QYoQcN69oDwjk%N6s@cw$(bKf4Tu4 z_PuT@=l7?8oLlL4C5J>X=S?&DmqZ22^%{n4?1{Y$g)$#j+Klh=S3v#KSNLAmVf1rs zfE=x8lD^l7>FlJ%R=n9cW$kAlAnEny>w@vIga+cdlA2H;ipt2tqwM$T7lWa5TVng- zYJzlTZbnBiD=t1Rk;C8%`iR{&*E-3-cDmEh^e%*s?TxfM|7I>dI8ULMZpNN9X^>pQ z%N$RDLYVP!Eu&Voi+Oy`7zc|Iv5M*3Y~0dJyFMrbf7DMEg!#-9wn7Gpd9KkUuI$aS zbiMJI(I6Z9Y`BlarvG zzf(@%I9@riS+!Jx%g%`Zc{}ipq`83Z+^+Neei1DW%(1TT9l2FA`%$MP>N7{NsbYiHSdg`Yba8^K>UEdR(RdI!7vN zyycpb7%vH{da0RScKD4O*fA9?5fx(E5^_$?>$c4COquxj_xqAbL|=r53%xLzt7fQb zg6>VR{A$orZfCfx7x%#8Rm8v>VOz9*)ftkWC;Th6E+afk&Q|R??ZxfnP8A*ng`_1> zD1F?+I4;tofJRdM%Y^nNTP+gXdy1ax9TA84pLwy^_;~F971MmY;$DiaN+m?hJi#7< zrW;L9*UH4O$qIc`E>s3Uc`$|za}BE;W|WXo>xBoxcjT2{m&eFqkOPg$e8`W;*#2Nd z>7e6P!>^_f`gg8k&Oczu)N5$@iKlRoevFK-;bvYLM!FCceBAHO40YD|X87N}fW=12 z!EsbsIgXVGy%iSv)$* zg))EpaRipaz71>Q;(hakuK5<%J{HhE*L*eMHfq*$&N#m-n)Qs4J?5OX7xQI#m-b@* z=Dyd3Fe;_uWXxaz=ZY&Zu5KR=m>9&O=ugmN+s_Mj?M;6y2q4B(?bne04kp@ki6H@o zwT`1=0g`H8nNWmq|a|Z~lp7{|zHo z3veg?YD5~x{9%EtGW_h|?H;D)`LU6+-4zjg1S0mcs-bx*Kk zenj&1YPH$w8t=TqqB1+3*5Wd@Tb#!}R5>!WO#jlbUF*|lJK9Y=o)4Nf6g3^{gbe%i zuj%7!GsI5{u{G8lM5U?5u!r7`uc?1?)qD^Xu9qjS-@P3_7-P3jY;BkTAm$$Hd*R!3 zp|J$KnRCSJIm}{ALZ#5?9S^!dJS&wkMTB={qv~}FVTzx0|Q$tD?8s3 zfob~Ph66YCxmxJHnLG+_m#5 zK?+dkl4E&aN_KzrRYO@&<%6Gga|Qki{I7GePXv(ta|8%M?wNr1sIIAn6^qqj{&ha2 z#LT~b<2o*#>;>GjtvOJkXZ8Ql@{@dM=&F5iCU0Zynj&4xfMEZVS{tyN>AO0+-Tu2_ z8sUvHvTPhvHnND?S zaC7nfbBzaW>28W0$ zxu`w&ipUIa#2t9RC<4%V*jo7k6T$BQxtU@{EB|?n7ctYp-Z!x^UupWcPYnHQ_CfJLn z$p2DTDKpOm@!y@nTwQGNYSDK1?nY~}#ZpwN&4k9g-3dHz>8kL_f7qZxj#lulV=!eq0 zfaiT%*>#?edql=Jm>dZJBZ6x3ItDj%IDqn&wD_UW{j#hL|Euvm%%rl+Eg$)B$zI{F zC{Oa6)*5LcSI-+OGc9806PWm2XY3QKww2Q8;bn1K6)_JXyxl$AyjT&D_?sT{L}I-?;?7Eojs&WOJ3oR z5u_&>a~8D*?9%oV=PLeqKrG^WQa?+`QXWVxMwTTl=SCHOCN#$Mb^;NF&~QXdcIkHr zzZm7==M*B5#~YckA`kKrD(C6ZAC%5M#75fsj($};bMaxuHA?_G0Q{FGwmMNtfGDzqDw6jvhA{Mi>RIva)4t~JyqkBJ$TaMveNJV_r#Zfj(H@Tk|5kHDzo`^&by$3SDT zP5uqS-=yp|OyO^=ke(W!cT2?F_8+ZL*kgnxu>FS(`MULxqF+X_Nk^ z!6M`khP^mIDMnh9+Ro(_@7)(8z{r<{vN@IpWdlgOXeBX`C}c?XtuZErN0)t9WfYCd z&bovs5h(&&yR(_X$d(~SDL7a{!mF7Uuj5!%@!y!m7l|+4L)1L1zw&LWt&whyyXoqf zW$(>ElZ_$L2%2oUUkkhNppC83SAei2h{)}rSxUd4G^TAp+Cj_I`n*k6+*BH+oN;zz z{Xy>8CmLhyXSgN3A{S+u-d%+X`rP}oVtjBrE6!?IsK-r%=_!7Z>nVAX;GA=p4KgXR zE7lr6WY%ucXnMxFV*Gx)5a$AC%2w#%;d0%nhx)Uxx7@pBQYT>Q`Ai^drOEktQ~kFw zrgAzsxDJ-Ip}XdS?N@&P`2GESn}z(S#jpK$SG?U<(S+7FG2+?SKWf}Lf5N^}?|ztV zd+|UnN9U6v_YT#T=~$s}3jLPOVnc7*%@fumCY|OQcXkf<5{;#to_iRS`d3r$P`~y& zP0{i-EA@($I7;&G&q;J+-#3R3Sqc5m=fB~LoNc(hrP2|A%m=!>qOGT=*D-cxfM#7f zb}a~KQ{$#x58C?r`ksa`kO@O4Ya{5)h5+bBZ@a`Y6f$;^YG<~=KQ=a2r__=Nj?A?$ zmJE$2pWxC_H)d<*1P9#$&A@A@-BFD_|_N4Qd=>N2&w{H zQj0y2E9x`Kh3~fbqvr>uY$&fSI%bZ)B<%<;jKBz5!^~;_&#utm;%=WVgin8ag2IE< zA~kIunTQljEyr5p_wEi1guDtBqZ_?%e+j84sI+h;QchBxr4|i_QjbrstOYI^|IDP| zB+*WnJW;x-qF1od;{^uan(%in@z7d^^q4+8DJLs;3y(A5(#Y`ev+8Q$X%*DLBIi4% zhDvk(PXf2f-=}SNERZt^y$Vuhne$<{ES3pbIXTa^$9%6SEu~!g;F3mqM}uOhm*oS+5>Q!*fiMy@l8w5A zM~g|$TiQAliqcujdoE3nbwW`b%Qi_{d_U;#qdo)qwbHFplLvQ7jR!IRasd=Qr!PAN zB-2$~vv|$DwgjECrR++S-^-jA)TT+t8(-f{KH1E~Yyaj>0yiG%!GxSg5xaDRf$NAl zrI_dzqhSlaF)^Qpy1Fld--QOb;$hDr;-r#yvFCo^J-GhB2hp2CRLf`;@@6Q;ri8m+ ziwIgC+!wh+pmht2P3^w#Phs4`8NbJ{6=OK`dXsH!ZNaaUf;);Y7h;7Ky#^CU$*4FgTiz|oG@cKRb{6ZjgK~ZEX`p7fsJet$>@Br_=Jx<+|h)M5z})HO*Wol4ii7BXq!;W6pW2WEb*a(%R@h z#zxZk9`QC%K~|@NIL}oj#IVMN-GCXn`>hMeU~%6m*IUvatJ)%ClRm1+gH0XS_m`O1{`c;h*6E*&cjRX z19`2J(}wcSVHom!j+>1Cv8Vs6g{-*O7-4M3tFdn>>=9}Ty}UsBk$5)39!#@46Runc zDwFL@T;(FbOrQSr&iffnu}FsGVCvo!ZbI;vl2IQ^ehxWaX>UgY=FDX|zOD8HW}dv1 z#!7n#>6;NH$`XBJt#uwq{!8TLHvjQO|M`VR3P(jl#e*9wXpH8LDw9Htn>Ca^UZgx@ zx)2Kr=6G;N^b|)jt+XQYNV^gTO7$dbi+G7%x6qRT#t5jGt4k z{DB#kss28S0YYz?RF-FwrZ!29kOp(d?4;N4nCRL_0t=J%J3bcZ;3{}VMHoR`QNhmh zhB1^| zg=flPR)Xl4dfbmvGQ;0J{S8ENmzxs?Fj^#60X-0jAzzH$dry)E7e~g6;Vqpd&Ob+! zj_?%n`5+;{zvj`L!?ha}X0+#s&P>qb8Oqh2w$zE>3#N&Kz%q5|q?@_)&oJ%U8H&^f zCJL(kS^DnV>gps3Pu65_O`95hd*yUSD_4i;my9Tw*(cxRy$Gh7`+KBllu-1IQz)&@ zKyVM@J~&(-l25<4Oac~H%c?yLY z)xH?xVQzdiM}J2w@%Q*Q6)i3DAqI#GSSPjxI55eL>a7h>Cof~-7QU^tK39Sq+`ZUF z_mu-evAPWhKS{)VOx+Mw_wCyC%i2Zaff-rY0l%5QvE&A`AQt&}f=j^j=K4S95L zZ?B2%_Yzjss~lI<61ne4>&Gxanu?I~^+?fYhkVB0Ci0N&hII!K9Gug};EjoWS`?Aju=jRYN5MFK!Cl_>>xS(N(Epfx@9sPXp zNpM~~*@XnsJNHgAUN*D^Ig%3lQje>%XkT)k3r1#+h{b(fwY&`}YD z49d#p5^1zPh5g-*)>iHr;#qAQo17y5y#dej45{;!J7mxIro4v9hnAtcCo?MxGkogQ z7LoOr3y`W#;3bG!Ra`6nPIaw%zv^J|yu*&cFo+B;qZQvhCN`F>WIBh&!RLbY$27!n z;Y2QnD&h9Rhn$}qKcXEwD;XYsdFLS2i{>DMYvNsktD?`{Tl@N5(+r4YN~@~&>JkY> zT(Hf7`4of~*@DlV6SUXwK=-Pbs&0U!9p-qsRpe6OblvyzF}lEOCGRimE~*f(HL|W1 zu>^0MV!6q6G}3R)$mSz;Ftc-q3OA&~baZqm!}axp52mgcgDsXQ*Uh6%ZA4TVE)#dy zhk;pT!CqXIiuQMf8XGg$dBqzjNg8rg3}JXi!Oto#jWwDkpZHNElJGX8x%Yjs;H#zE ziM4A&nboU9tz7gW$jkk3J`D_f{qoi~iZ_MLMD4z`hpOCDmf+>DQF3z*rk@BIG%9za zE}qgz5(k+L5$IJv(VpiVY&#|Eqcropf0bUs9q$%T5n6WU#!mAS+plNnl2Bt{hr*PD zmvaZlnNPe3|22+`sKgP>xesFiCIg2nus|O zT-B&nH5?feJQpYIlATAtHGaR%E=)muh5j(gpo=tirQuK%VR%1!-k+CCY#b${2`li| z6T>g)pvDtRo-d+p2Di>ytIl3yc(0t#&}S)W+(VM&WoctmLMj{1s4PI|y-aG~n))Qr zd?wnnA(&>WD+4f3-7|N=Ojkk|4f_(o9G>gC=PId^y-8UK$Eu;kng!`_J7OMY;PxSnUm-D8Z{osjJczF%N#hM z^_%IIYbWyY?fVtVBImJ~AMi?!mIB-l>U-krOoXru`zqRrg8r`!n5HOeXh6ZRa=k1{ z{+;AWZ=KdOE`wU|*F`KNb3}(C6qS~;f0DNLO%ZW-enT5$^YJ6s8ZvcUJFa{q;Iigs zo4br&zF#3qMm{RG_fa*L`5bK`ywOi$(t0&y1JN~EMmcPCKWv_wywE`|b1jOU#rc0Z zo9Dj#SapXBtxtYuLu8!8y=DCN6LOx zOu}6;L4-64nVq*VbsR!px#Q1Z5XBPJw1P#KD_jyt%Ds~`!Sr3Dpn#7j+5M*aH%!q( zP(INAlHqx4Kw0Q*biz|-bD`&)q9y{aG7eo?;g4&`W*5(DJij2TGl-PmTU(Sr#kD&k9I20~@oK;(#vD1s{zJXQzM8)L8Q z?L1dtA6a@t0NINN5T~kbmg9jWfmi31B_fr!c&oXOz2gJmLEQ}0bZF1U|zK&Qu=NZ zSar;`Mv5r@Kc9>m`aXia`C4xP-K+lW)kTLdL7} z@_Mk459?u=aWgZsc&8y0EW;XAwEIvj!!O=wJdZGgd4P}8#D44k*K3O*OqJXdMbz-6 zj`?DU)-4IH9{%eij){Y{@!&BDa1gU_4PzCASwigFm5iE!E|a93N|uVB0OQ`shvg5x z^B29k8qPV$b9ss2ni7G)bg!!MrPc%RD*1(ll{^=Vi~6ZRUN87Dv4DLJCfY`hiurNR zt7T8X4{v9JwokLiHx+4e0}$}0!GixkD~hS9(+Cg56l5)`hBclQu%Bu?V6=)oq(nsP z^?aEA_zql8IAkeiD8FN92^`*XcrVd9aS4mcBIig<-n0uj7q8kDt5LcHt zoP9MW5Wp8&Mc$?&pQa=yvrGw1ch&`d>L>|@JVwuMg>`OHz3;Cgl9ylg%g#ppF))c^ zgRVOioRXl)#;v~c!JwH{4a_ZoU0XQhBeCGyWrw!D*7V?i9Gti@vT)h`rfa>qm3Q80 z;0UzaMCazg{NXZ_n4f%%o@ zKrBPab>b{HSakc}7Y&l{WIC^I?e#AIFNbTSSb>)Kul0!D=NDq7a0pXy?Up(F|VjklII2;Qc}mqa9;rb(DO=*kq9AGI}YuS~E({D}i+r-}N2~{3;7RP9ye1`>*w9lF0Wf&_!IkB>)Th)ux zI5YF9<-_R> z!;#wp*bx0%CwLml>!Y7l|ED4+j`%q6Z@g_YW&MJxb#Q`I5}6}nG}bUCtb4hZ*^7(g z%ezwW=#P{r-XTD+jVj#aIUJa2Xi>WGvjel@4044-{^0cjB_3li*WNogNODw77!0qX zc`#R7>dj0u75+noq02a`mU$6aqA(qDjUvtEt+k%_nhHMBlFC#6@0|+vd4!-i?GD^e zDrKvy8$bL8dz-%Q6?uLytIKG10r;mmD88B~9Q|n4*)XmK%8oj-2;_P!54PD=?tSoh{#o&#$4ipBi`uO7F;_mIpazR&$MFbWxF>=7&kyP#($Hjt4O9el< zd!AX@a}|{vk{EgY+}D>PGA$~ws?)>biSg%}8{uESEE-FgLd6TPk84aFcc&d`-jmIDdz2FD>+hE@A z>G$v7f3$A#norNnAk%d{fErT=nYCf|5AK3a1s_#sRWBGnQ6h(t--MC$TQTrTKgYt7 z1BdekC%dR3tkX#&ksm9GS9q9iyJ+Q2AB}W60oQ3`O3m>nabu0&1N; z2rQap>_P|-6IatYZdhHjoM<@mV-JKQxa)!qTi4F6Jj!MhAb)!vVF(+B(eH`?4yTBc z@?T|4--UevsinlK$SwFW@l~rap$N_{YvlI!HUW?Wq*OXNIeFvNoTeBVWk}3tEd?44 zgHqV+z`+o@&GioqVB=kxRm8$M*lYYKdFl_s0%sx!Vqyyw6}T%{h7H8Po25Q4 zV}_{j{z8G!;`hX-rnBPJ4}DLDadZm`xa2;_Yr8%!n_BmH>fHd;NsvIf^oS- zQBOg8d;7flg`NhuSuLZc-xxAb+vSO&$+!h$&Ok$qU|iO0-${3f!g2zvLEE2yrK z5{7`GXWp2PZckAWi=^{$8N&UuoU;>pYIwYbyPQI4DA+AJ_}o&zr-)dQa1$bw2vke{ zKvf7^JL=cE0wMN@_emeU40_4Kb?F0_K8hCLO7LsF9cUG{Bwhs?4V;#fEYz)2Kqpdw zV_QT4)K~0=4DNmz5b98PUsPuJ&QT7vJGY*u9TIpZ2Apdh0v!9(Dq;ADz&N*oEN$8PP%$}0ST5$VhLIxMrtb? zV1>`M`SP^W#|LrxLvTMl-j|eDuXCP(7$H_m{ zHEe?if?)C@;em(5jssris_O#i;Y4s#K^f`^IJ@Q8@Vwz=qNHccoWfh-xNnTshyqfz zrZF}pIPn?IR+P0wV2)FK1y-F~mt_6d|Dd3Sg7O;UUPy#;`$i&ssQ!@{U zmWY*`ui0YH9JIXcit#@5MSzTHLe{c4Ru3PcuH(=WWj83ocgu0o1=To&3!oQT4vx%B z^^kj$5OU~&aykXVD(RIgL?)N(R?`mY@0s(+{w_Q(>;`qH7C*E5`>K++%-^=3fV-4C zCxIvhMFx*SUqw}DxpB&cJ@dpe;3RBJEB8f316?c}DlTWY=%auH#-VmSY|WnAN>VHc z9O`_-hfTp>u(G1BIyHFkkIV&E&z}B$8~FO;pC8@;`MfV*h zA&POpw>v`Xuck2R8HP&o$c`olHeDC(1 zzr~U06wr~fFa0XRCkHm@l@D69&f5+}aQ@2>+uvzWMIyk8sI9@~FQ$O#&j%@4Bs_Wg zP=<&1OnI1w<|!LL!hJnifW$+j8iW^B_&f?LEJM}t3O|%pCK~25EuM0C&)`AQ*EDVq ze@Oi)`{5lnz_aLc4oBcikjR^t96j76F;VY4X{c~`3 zBAiAUqzuczw_y+RNl|*SuOP8mwkyAnM{Y9-P+9J$5Q!;kiMYl?r&3f+%tb0OCNtH! zZwx(84-snFPPik&S}Qo-gii$sF^=yAwN{jgmZE+Vy7&Jj*#yhuQp#qPoxl$NXlYM2 zkof!lv}-bI^j|`Osr;tRhV~BeaVq%MhrP`Q!>7WkFPipcj}cv)&8JVo3RP&AP#zzD zaDWsDK03u_!S>J5h^M#{c!n4_g+0=|#mA4pI<}R`6Jj=={lcqK>H57Q)z|G?WsY$snk@9-<%klo+@PK1oD? zn(*092Pvj4Fp-1E#Xk#oGY~W8@asuq<|r6j6Zg_-6G;?Au#%%-X~8tTIHO0^o$CXV zLtp@YJC@s6BgRV^sgl&Y_#%uVrn)&-t zKRDfofN=mZ2{tTPa&^3MxWl(@T6Zxbj)HR-b~P;7+LhGqz|0{RLvcApuA9?dKG^2$ zUKu)qro>N_WF)YQ3-32Sw-uok~HIE~@`JS)Pg&A}g7rxOc)XSzk*72&+4*Yu>i#o9@l|?tNX9o}@pdE-r^JNk5oiuXaW;@DNGbVrG(@DheC*YLjqG zO zY94jnt#3>5wdQ!K4%hP{wVF}4oSq+>SvaOEI(|(Fj<;;_FWJV2n5^+@3xG;9$L3rFI9=&4p zUeB3SiM18Ex3|o_dPfTwp%}QZo&*|`KX^DIR~+M(h08m;m91#A%Z466dxqZ|KDqVC z$u&%#M89|^6Lz^4|94SYf5Ey6urDyQ5V?Q^w9VFsdOBgtl zp)VZ0K4aC2U>W(qnTtjG*DGxueDf*v6g9QFc^)uw-`{)w%X>*$QAnVYGo$BAcT$+` z-bL%nmoLpp+=&EVgZ@`q^`xRS=oA2F|5DZJpYp&nTCfyfK2?K)3Z7f3@M+Sm{NU18 zbBz@-i#v8m%bKvRDD`kVE2kRKkv+;z;X-}kxS`pSK-ifaC z1?-ooy55*7(ewgj`^oY?(h4e5VbD=3;5Dlzbt?aP(cpBj(Pz)F$NfrcpVX5#Mfh#r zV}D?Mjl3O`_R~ybWeU61m-Rb76@5=QvjzMq9o)7>tvDm=BV6dUU0is^5%CTj=#{ zWO>KGuawQ@@g(G4Sf9k5`7?I~r$s8pl);juQZ9|=i(MvoJTwtKW(3Kvz*LXwI1Fhb zreft=7WNGASl+OwaDO7&h~MR)&Lep%<^(ncExLMex*Cc0>n-)Tl2`mGGyJOc1|dtRtj{!KciW2-K67RY!#|Q+X8XGwcJ7U{b1Jvq4@ff^MPc`dnkkQVoZXJ{ zLM@Mi>}s=VE2ry1b+XyhcDhaoMRW3A`OQeVz2iYHlk3|S#3V=tdl9(NU^xl$h5r>$ z6Xv=1&F6*g@aSLXmpskE0T$wAS!zifH(L<#~?Hih6evz4(UNjqNT#0H6$*t5YI^L$*Nlzi9V+0~N;$n8g@!nktfn zMQ|65*`*jrg&7xSlPT&}G$rqVcFlI%>06!%z^?4}v^$kDB~x8?U}A zH_#ns(&F<#=84@fK2oLY_&xTOa0u@W#SdU7~_?$jQCnw&^1T ztou`9!WR3Fw|)?WwfJFOj*mk&!}7Kf$1x6NucIE>o?oQ@I=HS-I9}^?w_|a~IhuJ@ zZcZzTO84wZOVwyl6HAZeI1(HU)R7n*d43SqZurOVg!=HnielMsTIi=5PAGm*!t=`E z$#*CcfYtWTj3~-JyB3VSUvrle)3<1a|N2CvLnh0!4aG6d1-_}vY-?Z`NjQDN>g)`7 zk-)0%$EH@l{r6l9eDjurkN=32I5ug!iFmmT>uo7w+#RtGIV=|@xT_}Hcxx71!LoTQ zLsd`m1|ik!tyYTNY?pl-&$W<}0NSloH_Taf-O$Ao`O6d3rBl=NcrAT)-L!o|Qv@tlVl~E+w=Y9XYq~;ymWJO;>e8j;Ahp~n=ZAax~bOR-_ zCG@+l^^5+hTw7{E$ff-o!P(IUH$Ji%ZgeMx@}_8b>MJeiROwM>6SSg%3Gp8fMcwqY{n@w{sk#_34; zTfMkjm|t-Izx;v)q9U@nJ`d=My^Ami?TR~9i4t;EdK3faP;*egir@=u2bQby+TAu1 zj_5hZ=#+(&TV2J?65D})W7(6EBK^8?&m&G7Ck>+O&nTnz%lq$Jwos4EWNX;V^LoOD zg63VXsPVN0i|G4%OLy6ijM{K^8w%{`{(2U%Qv;NOC#QP&7qK}_QBoqWhbDz~& zB;n5xh9XpUOczoAd-eVaFah-OX{@2S%{)=PDNe22u)?*65lE|=Wq*F&fti;jqJ;b1 z2dT-Lb6b4pHtuTVbUUl=L%sTD+hf|Pb1gWz4AhoI632CA3HQZ-_rtB|q*@Nk4ry+m zv(qyFT)@B0Kq$3xZnJEzM2V4sGiaX2PsEs0(vWP3fSJV{1D_@yO#I0F3G@%EEJ8qhzK5j}Zp8nO6fq!TX(*SRBZx!TpniEzAdikrkr>vSy9n|Zd9 z-EU-nPp+n$mpuIj8ldMi$zCeFzi&C<8zs&ADQSNu&r2FsEs#5~*RXgJc(>Bn>(u%M za;ijSrMXEs&g__CeU^)x$?QNxbZXQ7qp5H-<=w{nr=I#t;Z{&$9lgN>@|v7_Jxzh0 zAnDDW`X$5)Sox}e85AhsbKS*(vL!_-BDZX0(N#M*b`D?j6aGeU!PVziDiyn8oO_pI z9cqhfFEq2g{TI^9`Bh!{lyDZ%>ME_irfMzLkl8Qy{qad(JWBYU2d^=BWHfUY?5r_E zrdIGa78X9Or4PTK2~#Dumc9t~v^A5WOK3U}u3FO%GokekPai~%2pk*T>A*g$v)l4N zH&bKsX-v3`#1ph=aiW$i3PhZKu4DUJ12K!{IUpj9Xn2l|+9Nenzy{*lr!t0C`!ahU z3d)h_lTHF&`OIi@y~Xm41ea&U!=bKepTXJ;#a~zT0)M#hY$f-KZOyD_$IaY5|4T_0NQ`y3&@>Sr$3oL{ zAJv`zx_RvQY)2O{5DT6hgVv!4>hnt4#P0A+2cl~f!q&$GWq1V!epJEyEUf6;dbqQL zKugf|%GsG$UO_=sRn-^tQ?kB&qZr%znSq7?IvD(}M-+f?$PVc6RMpo0DK(Ojc^n!R z#tC`^5Mn-bFbUN?i(W$ok5`I&>ZUqc^O$<~0X=<@n)9%0bGRdhau1Tus1y6ie zfZ9x$ZPjhYSdzf6cO6z~qQV#P#5}xNk~0(!LOn6YrJ}!|$OQcGrvvw;Q4*BR7=6jD zKjVNd*XXaQ{j)c}z+to%hyJ)Fic$-->|yWfKUPqU(mD8+H~sE49sK0Pgo#`<(0w!p zRZ@PhTmDNI;4kh}C2>rim2h~2xqR^`i4c1r25t<7B?AeFAyl+A%t9Q+sw!{Zz4^R9 zUEUFyfRoVN+-y-yDckF$sI2^Cs=TP^85mvZ_D9Bs{C3cLA{hl2Ho@cu%)HWm_0id6 z*N-Ro*W;mfhHEyX=_c&6+4cKpyuFXmE`ro!Q9T^$@oBHP443m?!ItFu-PQH8tG7R| z8wq5*kS_LQJhwgb*{^iY$SDcUZ5NtFS7WCOl=r=RM7G&<#iqi-=omE&>zqJO;=EXe z_P?oS26*|6AYS25GZt*h0Y#}_*_G-atA%#!Oe#wSm_9d*)dpm_?LfNtncev0q`4Gw zlFs^`?KinhDI=O`fz8w}VQdY(kqk^B)Z%VeK#clZLjw`u+3Y5|w$Z63LY|6T;o{@N z2Li+Gw^yg(TcY=#T==lDlZaYWT(k#N+M%yKlG@R8lSduvGw}K*J5(!;VZ6XJU+r7-Hk^Mj|&j#!BG$bN8xX#A06gHdR3iopN_fD z^IV4{CTwyh`vVwt0K|~~fKHKMo^4Yq5iuo&kg&Vh318op(tJ2Iq^PLKw1*?Vr{`&@ zve+HY?qo4H)n#h`fME=uG{KY&P#j=jVv^UE!7{YdOrBS>F$C9l>7u5GwLhEIhBgA- z{pkYPO~_Hw+V%Dyz3zdMn070rTGq4WCRL>pB5fyHkkGLlUbZMH<~QTbq>*>+*N^TK zhEuPLNmvfs>x>y}BroOkC%RW!oVfSfexSCHD@*U(o|4ul^ZprD627 zJqdGbZsB*MjfW(E_4s=4#BPgBxZng@ed=%D5?*E2NwZDTa&u2iE7bxCt=I&NdEN=l z5$2>>O8_+iEy8fCLL4Kdtc$(DFRGq{r`K+D8; z4v%r$iD3yAdA~F0zMbSD@Z2l3br&isNWZH8kl?Z0>b;Q8na_SF^kQ=XE<ca95GpZxktP5X9nXCPQExMov8 zZ}kWu1POH3jagscTC~e$MN!KFiue*JXn0{$sbI<4FMVD~R@H5}-YM)Z9g{f-NI}lN zuB&zeH28^ta6gKhC4D{0YGi3_f8^Yy{1`7c85s=E8aELgEMg~m92w{QnN_S>mzT`j zByluTlC;rA9`{H)ay*oF-h5Z*Y0=8yVrt+sd*c1lqWda>N_g;t_4H;(i6Gw&k>~sO z<>bdvDag0y^4}O_u~?>AsbM+S#mn9OPJc-aQ06bJUgIUQ&*bwY5ahDR67s~EKcXzI zMX%Q*r!4-nre$@On?NYgs)VTLK4-st}TEpg$jbTS1g2f z`dANP@VGc1^`9FcMX`Z+yRN~taUOc*Z!*6G`1pfse|ybMpAaZtnW3j3m`#@%)qy1m zpLqN>iykU$0BFiW?NnY0uO~bZZES85M;SV742F0i7-@sTFSGt`cTn0b-!rk}N5o?W zY_1cbqlwFU1hy^S*s#r8jwM%vLsFerdbTvfCh89tevS>uy8~PpK98J$Q8Wch#B` zf0we}yh&wfKm`HkXbSJ(bNvs^XuaFlPrtLazO8IKatWkAM7qY3A{|sE1`hbAx1YJmR#9j@^*PUqeAL^EB~9!L2#9^qF)Y zAa6bfbFhRb%&J|3^j$Gj_^{z`O^uLLI1DDuN^`WGT`RIHGB*ti-K4ZME0RxTK%Zr` zs@FB`j1e9$8!0TG(1wqWT-OI;O*ex=j=B7rxwAa_W>npl`FdP_cxQNhU&6Xah(Pt> zPw&o5_~KbqKJx>mwtXq0ZaFgbr`;2y2`@hVg&hft1SiBNG5QbZzeH&}Fzg**<(L3> za~!@>iS_bBgfjHvkHd}VvO%8YA~IfLF5;CyoMgZ42>SuzSCbIl!2v?SFM%sINS+Z= zCnUT3r$z?NsO(-_GM<$fctY$^>+tsnpDEbqt_iXFTpyqEfQppc`3vX2PQ$lN$xuU$ z2TU3;lxp~+)_XsAH34xGF#Dz?w}v0ow^f>&N}`f}^e5I3Q2z4O{QSXBFK%~r^ZQ}3 z_ji2omWYGDaIa6EWHMJwlwlv%P#$aK@L_hOM$R9S_Si?KpFq-NTe0+xgz%pFQg?=O z?)2(fW%dM7K7~wLa!g|^)*IF1074K!uyufRUxqndHYFJ5Wd7LpH;-tn44Em`L^-{h z3Cyf4AM}Kpc!xx9{MMYWU~@E6Y;VK-n#F7>Gu@E1AjGk=RXY~NiPqD9&v!kpU~=uW zb$VU4ABj5RwIq=zJxY`<*;)q;66muNbX63Pnu8T?5S;+}>Yo`NsQB}5{BB@iFWf^l zgeBJCHuKgvQyi$Zu&@D0qN!=;g$RGtDN%4sLt|t4=kt%$q3oD*WJ3b>X?1sFVk==f z+Tben=R8lsGURL`t`y=mY+sJ^VZZ%B;CUeNQ(g2+#NJhWbK{K?Rii^pIW5Y;XvJVf zCI>D$@8wa3O~dFUuD%}#+nThqcH#gK{t>ypEwSV z_~$@g+rIz_Xe5oe)(KEUFaZd!t=-+QM0i>}Zvr<{`s-e?kG-vGC~*pG^__D0CB_+0 zAbfM&BX*C8W8{4K#Byev=(8}{+WLB0++{k~9*|${$dV4bUeCQt>a58H4K=rojL*0x zUvDu6ZVigvm~G!*vbR}9_NfRqc)FUWq3U1+;_E=pF8j?y6$z7`Wh<3%{ypf8)btu7 zQZggUWqho)5*iw}WN9;fQSV1~A5HEfr2i(kuZJr4#69}0oyi*Mi^>8YuRHP~T;^ZD zF9l78E_VbS1L7ty!#mVaVSpx&-j8AJ1oU>Ep`fCoVM@R|03nc{KY#jMIJ)|J@1cF2h%X z2v%J+Pthf19UqNaO_GKB)XUrS11-b(TB3mePAzbZf`Woa^A01vd5>qqiLx#W zii$b`U;eYJu6>(Wx?6V#W@;o9X@b*`eISrD9p8hEJo9AtjhE^-e{A{M|>qW~PkMN!2$F+6J<_h}o6giVq?;?umGkZ0?LUwLkh zVtA}wS?&KMY;a??U}Su^BtZD>>aM1am?)xD@VCJaN~lzkB#3}^I^g%+flJ_4nHqx- zOlwrvaZEZ;9GPBh@PgruE7dY=VqOXdX^soO$Oa`o#k!#{zZ5GOj&_6ktFT|UOp0uS z17A;_T^)!eI6N+oB2`^|MJhb4V;1V{vMH+=28&PvX3Y}x%;jo)nZQk_F_^wakRh+1 z<3cFPJQF2hzPBF4o|P4h6JfU28`6ubAMm|ZxuT}aWLFCl>RZ7AhSAWw(q5Y^2a7XyUPibV5qNqUKzz=)oy!&GyTo6 zGR6|3Y6!6FFHU@CFs+ojW0;)!&H;d12nN%G#Q9Q~G4UWa@;=Sa4`DS3Q*;AQx}T{(0u~dFE3k)u6e2!_G(X(mbl1oU1SPbp?> zWpT_JL}TWUR6(dHCz9uYJuKiDx6T-;?;?t>F6>*A8o;?Ha*}&7)mT>0A8>JS#9l_W ziX%rZlOVmQQJ~KVivtf9MK_O}dOvvc-R>XCca%rBN=hE{Ej#E0J@2_`{5iSZQBbR! zUs5aQcZh(e1YeRt5Bsgd#y9)_+3!)h=j`w@cB*gR1^|2nVV1u{PF2-UxnQLa#&mgn z*+C2{mw$>BUdpt!7l&je|(Xr}lg%6UsB@vy1()z4YG`jodP1TpxciZ>&4%;rb z#Cb9dS1&SsSkV6X3)a^|b&>rl>`X47qM@~T*1V0I|HBm_O>0wUGTZ_QXaIOTcePF% zaFy|A7AC!@3D6%TDTG-;;Y0aq)_<=AmCDq+uROor-cbNFS%2)RO14Kso0Q*DpbKHyHVpY4jwSB~m!`Un}$9<;9r zH18xYHT#*kP|erIwX+Ab1E{sN+sSXcu5pT{47{6*n~ci!`N5<&*7>>dcpGi+-mFp5 zlfm8Lu8^$K6{)d>t=AUA8J#V{*B;^uLPu@-_=_NX*ZAsm*4=BoR9bREDRQ}8RZb(Y zH4CW4zzR&@@jX0_JO2&ufj6@TpW3e#NNx5foB321ihKPc)z$MALzDB*hO!OnrJQim zVu2*K+l6!ewPzlq+D(yC^CdOnG7u&F|4q5l1jA*QC60Ow#Ittu_Soie1`=ZhAb&?y zzGh})bBb#!vI+mE5=a zMGs^?M{dx;4fJ(SvbodN@b;pyUZreS7lw9^qQkuxeGz0!Qp`t-*7%~cHa5nPlREPf z429up4e$J4|18Xig|l@}r({CMdSwKIHr+0BL z_A3-VyN!vNIh=uwZFRm$+Z9f$f_(!8d;nWi2f&6>}B30i_24 z&&OD5%6|6{Rm1s7q7s!VyIoq07m31d_Ua~H|IKPxeFC!@%QqJ@ed>6lQfjj7ABjG- zkV^BUwYiixmJ-Hb==z;4QpbO>`IEa`9>M53;SS$#-%Z6Xg3p$4hp(q$z{^E!gXmqY z(nV5fePhyqvhP@bRhVAy8M}KYZu>TI38p9CH z?K^}3zt>pL4DXARlZn3QAbzB$F}Ds`bC#1in+ZqR+ur63&!6M?Zx%o)bFDA^T>utD zht(}o;zbm!WRQb>bd^tSAgj7tX=LCi)NFlQV?vd_l^CofRWsDLpy5B?A?8!aCstBv zU+*KZ>Z8M6%|5sy_>JZhAeuuM+^HF~^2RW+6vL=xzr}3ZZR|h#qEYOOzZ29qn zkxlaZC6$THml@oo6h52o#zSqA`*l8TvMk#!Tn#A?rW`~~-S|bVYynb_v1ZZ_`isF9 z3fa~fsD(m3OJcLbl0qa>&WO)Ce(Ah_%Hd+*@msW#ORvr(6F){)aFrwWBP?FhS~z60 z;p_gjfEZe4ID#Z&;Wew~?`@UhOX}J6ZYbb>{)y?Y->4%$6jqp^nLuA?E}CAybgI{=D~4eo@1iZ| za$bJ(3{k$(lg3iyM9^{Tc?6jVQ7zBfe3GRVkQ1&^4l-`(51h%_RIo9Ai*pjb z+n7lAo*{9S6QC5?AOElfiv?lf;5Z_~YX+tj+SaF~Ai|%1+_%LdglR~En%xSt5^-hs zlB(_icIyRIT;Lm{7Iv8(BE zP!eawrS8&paaUajA7!P5aw}r??d+(?GcoIw5bDMGe4&V1xK)LNG7s{W1`>w;kk56D z3xC_S&BXITq1T65IagCYrL_;ylFb5_wKX3!r?{yEue$KCfk?dwbaUf|;}3~@C0Ri= z7+cusw_N=1ZJH1X?y9ZkcscAo3!_NCvbHXvRB~m?iLnQQwyUrHOpa!t1P)PSNW*~*pRVZg z)vi8*h<;`tcSk1{u{vPmr4o*C{SZTvenDVbbc|;hAOOW@J2o1BnvtC%I;unCsrIT~wC_d!*4WK{qnG3f~&X;r)$SrRJzVjV7DS+=P!nM zenKrwwWlRwvF7X1Kuw5@5>&MF{a3qGDrkNKmoVEP;bsR}`d%12PA*#I^2! z`6xvcB13axPHM>EK2ARt3ahoRiPZClK}*8*j;9skA>CV~r)RQ4`%fm9LjnOQ6E|QW zAcD{n&*C}(1|@E#01}h{go#%N>?NpE900f0+tY0ogY$Onb<2HLC|7w_R(tPnbH3wd zF^8HVHHsvI2#FZgkG`J%+SCz;faA&u2Z;_o{*y~n?UVExzVd>NKd!aa#KXGImwla* zKB``EYw*mQm$r)x6e2Q*Ykf5=!L0h*p}XZ6!>a3?wWSvi9CYflA*gu-(#1$N)~*ojcHn&04jhp1;iucX#v)T~E~ z{*(F_`m64@yKg!3g{Qi(ywMH+v&TYBOXoXD$alExOL^r-bg_>TMvja<>a&E3E^oZq zV4cM^FV5YXiz?&uW&9)6jv#;(_T}sSQ64cDUJmq89WrS~f&$b$>uj+ib7jBm(*kgK zxICa7{`c)aJ^yds$#R&G7tLWHZ>H|VF%B?T5M#c37eM7l<*$PxnO4$k6$+6kC@kdm z*Dy2tPRT|ULWIIYW__*$WJc^}Gvg3f`CE?y*a`ansMV{WpHwLp_VSld)@IrZeXN_n zW#qyj6Mp}cvqS)BXi>K!%&0|L&)1DjCc3d^UlI&i)XMqH(DJ~YCpRP?sjddO-fU^V zaOC;cSjt^6wV;VyruY@Lt6o%>A2X3>^2x^i8#@_sguNH+>u?UvzssCm4EUURy+aF3 zY>d5ky&TW0vq$iygg8m=-WqYdda#_|DG9Y_jY?W5(8L_U{^C(9@2K zrdBeL8AlWqj|Ez!RaunFmoJuAHVaT!>m-RimH>Mnh=`idnNAgs6{BhxYp`sZWR^$C zWZSs@H;qrxiUU}iC7=afTQK=hkC!KJ$EXXRf+-jf2erU~3+OTg&v ze#gNE>9nn}$j3R$vDrDl;YFph>(49?UAu$&dcA`8W;wO`YwtM*Ee>Bju@@G9iOvDW zF_uWkWpXaWvILCRsz8rl&A8w%Fe@+Gu8)|KX@wr*#NFW6HG?%*B5@D&bRcs0ge|%i8 zSMHRky^td8raA_$n}XaA7DEri!iOpO()=C59|@rCN`O{7GH!i&LET1_v4UlMI8V%h!MuC5D;XXZr8_S}Q2PFxoGSpt zVu4m(mD!n!wKW?IzptaJ90j2!EHS!gr;Du(%}M4odE85_g+h&#;ktsX06%bZnC^a1 zPO8cPAJ4*EWcQ5m?*N(PPT-WO6&L`AVZQ!-L2<-SSi$dnJb_|XJSP7<7oYpZClei$ zir8*|-SyF;^&08xYXchFQR4^@RS!jf8(JvnG9sVI#T#q*9N#zoS#-BTk9}JN%V7ml&f7v6ZEprTTZc8Z@&dO<`YutB08kw(ziy*e5V^F|L=)efgJFGxfn z3K|}4=q@Rs80qNb{LTE2a}{rfl#DrV?qCyKlGgIqT_qY3nPQ!R+F?}z-tnfSjL+T5lRwLT0UCyjE4Y{);{hR*M~jy1 zh68~vkx@xzx2YdLNOVmj*PU!MM(?aoX27~zi4S*W$Hf||?uP8vb$2NtSL4sx^ob&V zt#lbYJZWeYjM7js6{f#zs=L3i`S!`x?9FpP`gF(%b4_Kr9tTkj4gi0xvVH zUhGALT2cqky~+Nf0o<iHK z0PW)Y!{%X(M7)9z?LoSV^1pk-q5gExeIxh&haj%uU`G|;NmPLEM(5(@4rg@)kRH2% z9vtf-*Kx|)n_`_>bR461W(+h?`bYf=r!;cRbc36`fGH_9Aps*8ad&sO16K7163~Qm zyv6cVH0JUkIE{{BcpYm9@{EXgzoAGc$_*RkA z`BcO^?Zp`B{i9eoq1UT1l6k4~(RM!u+{>!Bb1-=b_OuM0KRU6`-L;g7c?DfHb7fHL zOt$VbAg~;{V}D}KNE1v=c}RVfVd?C9Blbu_B&O(k`IM5IxhJ@vD?{jhB-M6=u+WaH z-FhIfb_7c=mtfVwV#dj!>LcAjhJsHQX}RFv;dcNOqm+dj_^=kF24(19*VYiK(5R-X zC{8m%5KXvl0ZRf$Thjz<)VnD2wr=RYJ(&5B$swx!^u}KcH#7z&rR=nu`ilVTN}y}0 zFDCEzR51!Iftk6HQRXpr-*&pvRFtYgZ1H?aJ&4Ow1N?CC&m6+J?kJ^~t z>GlYFLka0z`Zbs1@lkPRPl;L-PY!Qu#gpgu20zDYL#XObPF)E7)&mU0AP2)r9`}nk z!#Nqhzg;2>ekK7l zfK7WXYj*Rg+^9&{Nbt4KSeq|U?@pN1#XOQsMNXC#4i#Fjq{Y-~dN}P06Z!(@q8Kn{ zp48Gu{YWFx-+QQ+efSl8f^R;F4GX#kJT8E2%2gEJGc(>a{ z(#vAdJ!xeQXZik*ec2&ut;(r@FwD$p}Bk)&xe`r0Ozho=@U zoK~;;<%*%Aslp=+{a2~aE^etGiK<;e$hN59c}JPQ-TxbkQk*{pq?ZC6!yTpZB5UuX zL0-`T0tnX9%+7D7Mr-J_D79k(Gw82ANQ{{~?U*i!yOK)lxwzC8%kk)s9P0sE+eA*2 z!1bm#nG%wck1h@tEG?OER6)g;dosdO?wu0K)Tk0-x_64MWQkB|C9{rzs0@idV7`qw z;HGylT8PCm+z7Mz_Ven{f{ferDEN&aPQYUXt~P%d76IUZLLSWK||8&X@+HfS02AR_+5fG zA*-A*QYq{Mxr3_;wAnSc2987fK^v}$AE5c@4|X^IPhW2x73KE655v%)AR#R%jdV$a zL4%~g&_jcCcZq<&03zKeC;|qEbPX*nA|W-vNJ)1y@8+DN=X}1uwO;>VJ!=;7?AdYe zJFfe>4(HI?Ju+V=2U1xU&tG{SognjaU0`!WBC3Lmx-T#!8x6Zz5FE)zIRd-)GLSU8 z;h2Cq#aZnN3>GBZSPa+@ z$`#0_iU^*q;XE~@)tHTxY`Q+Q3rAf^8y+%V(i|i$-G6pjNGUHYuKMF)D9x6-1T!+; zkj+t(8cYf=p$l2ZzrtJs2$pE|)U;sygt7BanYdqA#BkR`SYF8VIZzAiQH5+%ed+Iy zdy{d`gJU=1UqrT+%aQ0upG5!;A#@X<$B4K2`t*754zl} zUBI1*KPDz9UCSDetF#ideIYEJkWR6zEo!(nN&xU3e_S zZd=M8pI&5}wshJ%zZ5FLyLVMCVT?n`wkggunYj@)Td@vcFR_cT#Z8 zoNU9&Gk9Z1#5QuA!AaJ(-)39p7gWYE;Tm)li*Oy(i_d~^KPr4%`=KQ_W4rNm(AfmS zJ=8vu_d7!@6NWd6rso@bC&DICY{#8zOe*DjlRnxNL?H~9NJ&6VjaueG%aH%Y*8wDD zTKY1CbV9bzZN6|c0d|xq_zToZhSVNHeg0T;7O;9ypNqK7%Ne_M5p;NF z?`Q-%(`-xaaO2~QKAiP_H`t9^kMm|K>dTf$b`I-6N4&_>3dLzM&KzQRxoAmP0Yh=q znVQR0f&0YNY`48K3pA9C`*bExT?mSfH>w#>q({Y5oU=OBY+iq@t2*2rjA=8vZx*ep zKLt}_MGs%8eV;H$fS&U6ZZbj@sf$*T7%Atu4suH->gc&gTZ%LfE>bF?pJ`SkX!@|^ zrMx*JIdrTf$D~wKW827btz!p{8M%JQzmD0Rk-PzO=~`d<9qB}QsmkhVOMvCFmB-cc z-4co+cfJRI!=e%@&~n<7!j+hlbEDrCZ@LoRW5LVcqk^V4Ig=iXha|BpDCmGGO*h*B z`MdV5xwacu(~4e6oD&zqF@%`o)(H8XT`~n7Of?aKoC`!{H0I`2-Cv?IcB#VrLf0sT z?s+@)GcXT6&rt1x7g~5iSGE%GWm&eT={`!%al3rG=#MAY$M9}w-_t6#9uO`~b6CKr zsF=VqV%No{_Rz=a<+Iig&3HAo;cX(*%(3)~cugeO+8j+`zIZ75-6IP5KJ^Xxy^haG z^(`uQD|kvb?eZ~DLVY1qZ!ikp66vn}B(i#X1FdyyoHimx!K;-?4`2i>FRcn?~si{z)Z$M4K zMSEVABNpw=HoA~UlcH65VlNhbdkgvMi+BIJtc~!aw;Yj(_i<}ukBO{mQsTXd3ekFe zKw~SOeM;5#W|XVt>z{<)PqNUl6**K^y^^w>*ORfc5|o#*7ypbTpSoar4RRo1Ra&cDK z`8h*4?5~xOcs%TrdAFgYQ-#C8fY3puJ5D*v#p%kHUl>EUkFlwDQO8RogcNfxH>`EO zVY9V}vO2=Z&hDB!Fz}j-5(M+Rg-B?fDKl%lM0c0Y5vTJf4WIVf@A|cpyR8TM_|D>z z|2WN~wU@zCTe-ebJ2DaY35|$_LEt{oKcdhR*aznO=fWg6VHD|p_j#6j9tiuEJZu*)C}lg8?kO<=HD}iZ5Xq;OFSeksNzQ3n)g)X?OA+ zqp~?00j;VXOT$uk&V>AsR{oy zfwj4;(99|$kwHzxX|!0fj09AdGx(w$^NMP{ygX;+f~F0MzDF22H8t!mJRf4pc5xV1 zwv4r%jn1HW742|7P5ev=D5gx0`yisV)lf8Ak8>ml#hEWETXdpl9fo&?)GV+79|6gI&{b zpB!8TwQWg$$BhSObVW$F-3%L8hyfp<6F z;8#IgwX0cL5nm%0MZPs*=G@zsa< zz2!(P@o|2jZ!1X{(>tIfwXPArfAo#2dsNbc+lDcalO$Q}!mCFCF4##5jXK}8ZhBqb z@(fpK$-1^R_JPsR+Ha<6c{ue|#6(!$a~BKTU^>ckrhcSkG!v zt}IgUP`^yvwei>E1Df^c%K6Ejf}3*RQ$W}xo`FrBG@Esp$f^9QHZ45JZ2SXSdTDg%*3(n)%q<%P`Uit8Z>dRSw`C<%9ANLlofqm6gGfD76dl1Cnho6bIh zd(bV@x1{z~=3S?~punp9NkjQB_HTng_k~m37s1}({rhrx1d{AKml~giVkvUryM(i9}DJSXQP2qwjf1f$c z!Xr%UsXRHU0s;BM3l1Se4nQsiG{Zk6ZmMdT&AD9rFb3Gc;&fy(@bk_J3?7&=#;Kub zwF4J^{)BCSD0>D5db*&(i)Y-J|_0a@5M=lI4YsdgR%kGT;*ePzJ2^2d;l+ zW+vRp3uNfy&}12Bn7<4edL*p zjKoE;Kl1oo(5d6~!LsOOvK1CjjW7F;*SagNVN;zjjPS;}p#3T7~w*KUQU# zK=X+A9o{%G{UfRs}FuYq0UyLTlruVp+#iN8i;zqm^_-y{Gb zVes(79pCoFqad%aX{0l65PI;mk&b?bTB>b;+qX+Hye$`TCL}OEP7N2oa>owl6n^am zMzqfIeY{`Jl_wh?m_1Ng@5c(Y4NOv|bw_lkkyJ0QmH6-PG-}v1ZJiz+29r2Y_H)~W zjHKcxryy1t86tDuc5{IxCnN_Im*Vf&^afm7Ki63qY`*4YgLE)$&4sDc-*8P-iodv` z8hSmpW`gt|dIeGrwlLTex2oy%w})2apBCkzGoQZJPuceq#eQ0UmmZ{VG@>!fXLc@m zc6#wp9MAnngNO97ZVc896*fd9E?y$dua1t=NHd1(q;C}OkjSWZmOHmhZNt2uVqje90RRoJ^!G%Ax8^WH5i|pZ$0{5s@c@)<2qE z-VpF|8h)QZbyn}ec#2A_3n|~RIV;kwrra}fjyi2Q$fI~93bp@qu(@Wyg^+?qB=<*E zqvF#xI17Ifcri5X$h^yH{FILj-WT;j^;g|6o#r?{9V5x@3^xk)Y!w;D%}c!h(M*#a zD@BC~VLaAxH-r(lE@8H0R}cQ$>?98V5q8*8aPy6a?<+L*^<^K2fJFPYdbt^!^+aL!_4*Gy29J=kwd! zOqzb!GrmjAdsg%5qu=4aQn?l3WUv&U&F{>A>;{TJE(Np{Z;@4{N#1u7B;c0`J8U{= zOg!^g2xM1fL!9^rNMU;SN7$x%NY$m{Q=}mH%zi8ql$}Hl6{JvL-hnq>!yFAhy2fi< zc^C5Ttwsqg7kk*l&A?|fYWE@UvcG!q{CU+2^4ad^YDzOn8*O+w^$n|yA)ccCIzh~1 zyq(-M;$U@S{^n~KN& zHBUDoI)J`u{Cg9cHt3Q)ZHR#s03jP5)k^^S2Hm9~osWMi#9&9hxf51G4tqdDrFasm z5ie%9>TQlGX033A$flG3z4v3JT3pi+c*iS&98iFA3*Eq^!b_+V^ZeeTNt-S{-P)QV z&}a7vRBzeQ6-t3w*L4XkHu=f`YFpI2DZE!ff=_sql+Og}5U zAc!}9uWotSjWiZhsK@{+ARF16+R@ld_gI)uuD+n;2B;sa4gNu){{DC5K))vTT;52OS(4kzt{ua3zuuIBnuuBI@jL=fzO7_Spul@C9-TBjt5@p}9&;Y`Exo|-c5oAy{&D-qw4$ZH(^ zuB=i{q)!+6-I~bJbpniS{L&=Kjo_M)t=T8 z_<8VNz~J^*p5FVdxNpV`pklqPti32P7v(ELjZT_|dwNJ_iE`;wFg?x55bhi|x3b=j z(MH~xnXG#OA6K2c`fwK`E?$}o42ZXx%~vfb@6_@LWH<6h4!(y6c*q&=-v6BSZejvb zZ2P-R{hYMKim%#jqWg{^-P{7j zBhs)yYzoZOgy&6vlN9|f7xXY|g0uqBXd2R*A&+|^z<967*maK1)s#V6!DnO)nl8>0 zsn*$1G>s@yq+wkQHDU|zAUCJf%(9Znr`GGMc3WCXQi(C~8?=x=P=atzIB`~COzyc+ zeq8Uf2w5t-wp7(w<`;I{^oxwrkk0a%Q5&8${f3PUe;2vMJ>>zvun1D~{;LAqnb+IK zM%f#d`LC0HQ3M_#?ygPN6vQA2Blu+Bp9PiTBlNwX2hiwIuIEw!#yQXP zyrrnEp`rmLpqo0gWn#)d+-XqMS!Q*xWnTurc%_D{5{-@9w2=x+C2))ucJlLUou}Mr ze%&dl^gtea2b`*2MJ41Pt9|L?-d!Mli;p=vikf}7^v!Ow+o}06IpTFum)nrGv+k!^ zvAe&>|%>AhU)u<%+`|H0%HS<+roK6-+mDTec zHe9Rb>~J!6i;Rm9vNW|~U&86BcdSOMxR2a#b^7}M8wf~>t z(PCElhsE*bBq93jDJA^FNJy;9KT5~SNkv}Y<>r>|R>yy@55O8f-I@04v%b2D6c(MrLX z-zkO4*AMD6R$-4n3V{d*|F-bJmW4fL0fr2&#Sr4HOlHgXx$z99;nEH3!o+hjA+9?$ z;m&eEaZz=Y|74*vI+NHi}GAz$=^S_un%-WBfa(+mucWXXg%Fu!}oe}a*}R&1a2Eg|OU z1Z=L^IH&z=l={x*zrD#2tue= zK$FtQVZQpK1XjeWM7|=7QdJE7ybMHTDQbLpZuZA}dq?DEei3q?Y<5>o(b>LXwT@PJ z%;>0yN(X4Uu6)Jh1Tz|x`>T=_5EhZ=Z~u2AJz@?kxdz)cw5UOqu-Ir+Z}nAO$^DVJ z?S4wXPDcsrJM|c_pgTlrud;qa&#Brsd}jWs^u@9^IEE8}i;G(pbm|Qfi-^+-&>#%5 zI8>mpP4CA5qD`Q#;4+)-F>nv4&iu$ty3|4&Tl8upJZ&dCI4}L!L^$T<29yu|ozm+r zm1YJmvi#`_njZ>IH24XP=K&2gz(pu#o7aO|gdkE5y^jA2TIo($w&F$kL7FQb7)8s~ zT<+jnp76$X;*%)j&tCOPwthRM5u4L`Q3k_2XOo-Xj#^ZUKLP(?^HRiAly57Ce;0zp z)G-C(?3+Qe4O$;wxX1{e69 z23Ni#nl?NCr9T5Xi|yP66Tw`vxl-5+X;;k>pay{^U=45Lq-?U&)f%*Tb2pZ zi_yIC)1Q?ACQ}DOt*}N;HRvL@Db@E%B+Q`hGX?Dv)-o4n2KLI@Ie`2khkU8v<`=KK&+>SNe(G}{^FAK&xP+8xO zmNiFvcRK*ub8-AADV7Xc{k3!QG#!gO0xPH1mTu#9*heX_j6 zKFkPs&B>x@GYxH{b-UOq9VX=+yypptI~NXe0gzrDBgi|cY_ESfM*lHrARdaj23wcr zWeD`fUvI1>8^c=SdpLU{A|O0sH10RP?S4+bjIB*WwMzK|TFnvpQh00lq5av~{v6K> z^NvrUwwsUdwlYX6@WL*ciG82M#!i*BO4yVR+Ckv4GNU|t?N|i@YK6LwKw?VXjS9ZV zf4;N?->TbeI#q`*)4Fv^&?k_>YG3u81$G9rtDsfE+`xguaIvv+Ywa;n+K;s##X=TG z^Ap$u>8j!zv(s3_-Z#A6J|jC`8Bp??GAODxM(EEB&NAjP-XDY=`HJyfAu4lIyAn!u ztK)rJ;Dv|N0!q@QiSA*j7WZ`rQ~pVQqG+Y73ZWSs17&WY6vkLf%dzMFN{d9|kPX*Mv9n zeC%u}Ay{~4(}HJ_=!t2e3OJ2-DUCvKaTk*?($cJz;*Y`EZS~W27Y{ z?3A52_)v>7V1l0iP~!txHILM}{yr)O1NG#&pMx4hcA)4@4n$vbZO+%`{^zl}&KdI- ziLW&=JN+r3a0L`oMyyuF^1h4Wm4o5WgR256;mucLjkgc;hztpNoqYs5S5dE-EB0l z4@~HzY`c$>{^QMhp6wA0(yYqp8HSKwUHV5pHCUGTQ|;{9izoYi#@#-$>3E6m*;?j{ znpafX9xH_oo`Uv$CsR$Q|C!CV*pTbD5H%(%d1h+nKBpXuJ>1?7JlRteZ6_&rM!Cz} z3dcIC^QhY|)TySi?y_}_Dq_|15=gn(Vv%i^qY^T!**Oq399Ewn@gFxt$M8ol5|P5# zTA6CnMYMbJp3A6(x(zuQq_Te$y0ks*}Q>1yHk=>ZW}jmvRQU1WLr0 zkp8qMLX_%TA6oY+6R6lu1ZX>A9<-%JZFPQ-+J!K4BvIN38_w95QSnr^G=!md+zFe} z9I*!sc*R=}%oTB|s-vp!evt86GrD=quw@ecqPa&ljoSQrvQl6ON8)jlW*rq1qHpwp z%Io~MqS33n1pI7Ewt|7F#!+TROK(p%n;A>>-qZe|bbhh8E5U7!7v`!y>+9>P1f_8N zT=X#zcqTnvhWcc`Ge4IhLzu;-huhg8m2eh72!hZXD|3weNoFB#PV{5BDTtTORMqDm zAp`Fp-qYMQj#gY$vtLRvwX!rwj1>}F+EmH&`lEoJgW6_~WC7heuI^PWVIQc|cF zfO<&5*O(Fl{kqPGX58~)#8cB0Al$T-7KHq!$I+tS zd^g@p9sGh))i!33z7oyOxof%Z`YnJVW^R#~`v#5igSZIv{sJv`o{%?Yr){2Ac7$`> zV#hgzd+c<;KiMJBXWaW1#PM@OxWeZpa##beyvXFd)V*@sDsx)b3mLqwO)AteG2|sT zYLkZaj-hjhordKKXv|58e}Ad#@^5S&rhPdnchbGLk5*~;w7gzMK-OX%$i&8R&bmT= zaqZcP`6$zecz9gp80s|SNTn`ED8=263EA#CF;Bc^PSkTBd)zK|F;MU}HGu_XXUi~6 zc&t8edu@&NXKJd>zV$Zr;=CAAL|oltg07(3y}R~)O=>|r$XfJtP{Kfy#%vT{5zz*A z!F?BFs;IQmv5w*M&R@B z^2%-@u-HAB^WcK(S#A7k!Up5skI`qAuhbu!^5qgb?BFcczga1)_5Q$<7QxS>c!QwK zU2|0APyX%lA-@Lu_We)+fqfzu+pSohmF(mC7jCc?HM(uf`Cn(R1&qsB7z{##R;I8o zc28K+cWvLX*60eDNnUg?QY8Y7UXA5wd&e%uhbgMg$JLsGkGay5diQLF#XBX;kx{Jg zNq9|bZ{D$-9aRiT&H#4d>5REwbLR^_PR1qeKt4>$xX0x<)Vq+2ew_!@Dp65xT2_O( z47QIaar=GU8kxs zKHGLt5W}JJG8WEc`F>G2*g}7|0artBmpxn5&r8kuqj6C&&T53Tk~xuclFQqsreKy< z9!IUm?Q{h)XY92&IMflQAHI;9a;Y>GYBygoUk6es1*VReox}9#?PCg=GvUAhVdM&z zdP0B^qroqSNDcUnzI+&FYT4WZas6S!V@2$M&srgRlV4aBWR5jFMMV0F;fr$eA=v51 zPW&g`^ep#^+kYO_vXCN0Mn&dhNTKF}@sOO|2TeTBTb2bBfOu2ZF5oQc{9bRW=g0$^PYzV)^$D=!<6PF&-usht%$_8iX}s-jtp z5feDKCUbP|A~bT%8ceU5$lK+p!THvFa}kmoVaZwqhOTm0qv!&7J!vZ}i1-;EZ)dF= zoSpSw`7{8ULHqVAgRSY8co#m<}4wlte%kSQY)b#-WW~Da*#{jwJi)*vQ?}&!NRk24jVk+Wa>O zDVP8B(!ttJu1Z7p&qnwNE;ER^z3gQf>Dzp;((%c;JdU-(0*9z<0^9Yx4%=BqHf+?* z(SvY?hV8zj{V(`jDz_nBy$h+9;LWr)Hzj&q6&q1u0Tq$O zrHXJ0`$^f8vg>p<=I{b47(gG5iPdo2w`-FBbY8OilSK#NX0jYwQa!9aOnBwc#X5f!WUm3hNN58}wQvih$Zo1zx#&<^_PebKhdfLVj9 zwv=_9ZftXEy&WCbi$>|c7Q}x9$6$`niMk!_ z^kP`INKUU0@+!|xu^!aygy?oU>G1W)-z9|&DNz}PZvVpKq-vhZ?CkWZP>NW4YNf`( z+)U<1w8Z_{tv|z!g*<|w?9IvC@<+6*xrH&FrCdSb#E3dbu1{>{pZv+3Y2JqD8@u6v zw$^89rv3y#B)~8j=+mLzWI69dnkjSpxR@|{ zW!cqF*&8rdDaWBwk|EgCR9z3RQZ{+2L(HJ$imIdq&2N5^3w7Y~fP7kH+Wk;*;M+xxF77N8vonMbjf2@Bg*7~@? z;n!bct$(Fs#6eZ|s?JPfKs7rC4UQsBr&5^;2W3HcjSrhz)ua1(s-V4+3`V~?=R8IZ z%kr^q{E`4Wo;acHbEy0ZZKH=3u(vEVT0dFcrJOwKVO4f<3tS6Mqb|+N=$L}nW zPDL^J6e?gbHMQIJRag;6A)55-KHFzTGz|xCxaSYL4p*PNcFS)3s^B5b?@$-_;(DhpKa>%Dapp7w2gdXZifW8mt(2*SD-bu=8Cls^0p zlnZX?IbBK!dHh*2{uBaNRYvj#os;y|_rVELJNOL#%eOYKy@Ab?mLXk@Zjz`AD$oCz z0Zd0yq@MwehGsix!bT}dkuVO~ZBF5*L0$I)8o|v-? z-&_uLF%!fR5L(}%d<@E)|Kv;&RyXg8-=Ax3O=94b=lF0W&iwqyg^<1(dz<|!`edwm zBbsHGPQgaYN^7G`bMGmEa9jKnxJ7L9Alr+*0St^QP-VG$k5cq|zc83aF~zO#3aK!8 zsIY$AZ70{D_fZ}FV6r-5o=n|bbo6rBZ*NGk(ZNkk;Ry|9r^H(9@zqtjxfIpVa=v$# zM;XD1j2+imnK~#=5v?*p+VK5z_jo7GEiJv{O&nRNoSc?lGfznL4JewT$_mhAae56;b%#ZN~AP8 zl$ep4tI1oyS!Hw|8eL~#@8@jJ{KfrFRw$nDU3_?AVGkbl`b^1z?PV%j_@8MF#aEMu zB-16!!ChZrY%9uXwF0R{({gIe&Oy%iN21nhu97bkb=h9^e)*KYW}a0LwA9S_=Ako^ zXqCOWNOMOqk>;hygxC4~?(a)pG?nrzK z+MYrh-O{u$0kQwU2*+@kau!WWoq`2u}n%uWV3;{2Zz4U(~<-qu5- zsGA<#)B4C+TL}C`Y%Ru8HSr)(TCOt}lkfzO?)o)QPxa^i6G*&a!c-u1i>0p~J+3}G zmVcE+|4fS(-l-6B@8ApK2%x4>_%WZbBdE=;R(L#lMWu4KQE;b|?=xJD z&~*6hj;|9l$O&Gb3bqSQQU$t(JI>WqhuO}(2xr}of!># zIc3F?9Ssq>;t}^+8<`M81+ys+C>-0bl4`7#jGbO5#?|4KI5qa%t5NFY;m)?6o40l| zF8kiuFghn?ew&Hk^s*?751OCK_2Jm-G@j-4(;cbO27#{ptE@enH!vprjjbwpZ5}4f zJsEa1_RNg42IbIqL*C1FK94Hfz`U*0{)r;fW3b^+aAkdANykP$Bd>VP3#YSwAzR16 zJxEoM&oQPzuKva;gt*Ljl7%yp8mIHwZRR z?A&9J0--S@rf|j3bo&V6n7>J;ii7Cx3Vd(i_edh z*u7nUV&ZZ-9Djb66yanf7UFiLba7Iwxch!k+yW~C+$R>7_$Y;PP)pu}M_KI=6E9%} zqVvPo^Td{EU0qMIsYiLs%3(HFfK*W}rmkE*HQ44ce>5_{c7H^N$((w2pH(a}|7~|l zptR%Ko9VJ;R`Q@bhC8SE7Qc_6Y+aUlN;DFeIs1)kioRUhTU?) z!GV6TL)@Rpd?umGiZ}~RzX~V4IW=Esy)Gvup@Yf<3$n2*hhK(T#G&FB-xlZN7}WoK zS~L*>>UCW3q{n|Wqt$pJmeCl!Y2Rh2Ue2br-G6~p1d>a=dEK@On3SxU_OEcDn$NDE z6vk0vrg91LymLZxKCfk(C0y4LU)6n&!NtyE;_wSxF|pp8?1rK8tM4DjBF4dz#>Hg? z|6wcBoW@r39JAAcPQCfE9>b>HE$6(TLZQL*j&Z8Q4x5Plore((#8Cq|Tk?;x?6<^P8}iC+eCF^rJ`mrmyn0(5}+>E;5EzAtQq zY{8U$`ttX@fg-FQJ16e0OGXk2O-2XyTEPOtZbBbE|3&Wkm7dB=1~p0Rq2{2$pSOur zM_trESs^(`#%JWf0tvE2=uzu4e|a)5khUy{x`jum9x_+SakF1J7hDVg2Y6&deqP4} z5EJtCK)QU$x7gbYOk3%|=^N8OH7|HxC@E|5&18Lw+Z4$CWiIjl7=+sxdd2 z{l^s##`wC}3_}y6#ROyZc|;GKQ@d(8VC4BmKB$9}KH`V`?(oNxn!m=s(}kp!CwxsLPs&_( z27&K$XmRKQ;=%Y;?CM+EKcD7U*{KKrBq3A|cA>ok#O%x{WReXp?q_s5;4-)QN{=FI z+)xDhPr7Hg?uEuhaBY$tQ?mt^i%lGbC%RoSVRmFZ{H`K@iQe#*1a926_WCcNETxxo z_^|O$`iX-9vxiKDh48w9z81X}$2Rip!OQDx=^X0R58F36ELz*sn$zC(I+Q!VWc4*< zJ*C;tTq}wuvqA@E6hIHAm~LPm8Qs)*`ArVC^umr&Lpu8)S8 z#;#{Lr8;tnDF~$wb($@o-?nXh!P>I9xw`KjY68GU?(vFaWMQw!juuKMze=oH0k9E# zV&mHnFS~c;vHt6i9l7%`RIgrr*|@Hg?Q!*@uh<5Ta zl$)@y@T*!c+{{cPO(T60k7Q5iCO}7RAF4_Jdky#lllf*wn$NQxeBmFClmMKEi--GM z{c0Fmk2LJ@ErioU_}(l;G~?YpZptJKuGz%}a@dDef5AXISB&uR@Gmw(v$g=$brqYV zUX1bk=*TStomgKfna9&_SosjZIzuogI(ySjH=nnHI3m(TSq3;_*+hL)i1ma_I+Y8tRfs&(H7`?OSIK-unE$6} zD1TE^8&mJ;MKJ*=uY;o#K~z>!^YT|AK1CP^oJen${OR%kE04-S2F@B&*dw7!ycIAR z--EG)PxvoA1l~U$!e6OIcVJ+32O2dsO42WX5qe#=>6d>r_%H?kUFL5EsJ}K)m;kt{ z=&*#(<*+Y-#lYLrdv^DdULf~>U;UOIye7qi?|ag1U_t@fp(EjAohcLe@c&7zz^;Hl z)QRy>mNe{Az>{w3h{XQa0;HMkb0i1rI(fYnnD)!jywen@);K8!|` z82o2@gTl_Gf}OzKVGX&PN`GNpT_W(Y!GBuG__HA{AHsTW@q?j>PwQ*^dCUKOfO%fd z*Zu$d@$Ws&b}3q}926iT_CEvo&uaj-3hU3__&*Ox03$tK*wjdy{W}!+n^@}KpI~DD zn-c%;bC~i&Aj+kUG`*_+8%6tjRKG_HaAyDhssDWiq7bahonn`dxPL(Ve`317AGXk# Y=Y$Le`ng527~r3>yt>?n`>-efA88TRF#rGn literal 0 HcmV?d00001 diff --git a/fast/stages/02-security/diagram.svg b/fast/stages/02-security/diagram.svg new file mode 100644 index 000000000..7dc82d45d --- /dev/null +++ b/fast/stages/02-security/diagram.svg @@ -0,0 +1,1157 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/fast/stages/02-security/main.tf b/fast/stages/02-security/main.tf new file mode 100644 index 000000000..13078d12d --- /dev/null +++ b/fast/stages/02-security/main.tf @@ -0,0 +1,47 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + kms_keys = { + for k, v in var.kms_keys : k => { + iam = coalesce(v.iam, {}) + labels = coalesce(v.labels, {}) + locations = ( + v.locations == null + ? var.kms_defaults.locations + : v.locations + ) + rotation_period = ( + v.rotation_period == null + ? var.kms_defaults.rotation_period + : v.rotation_period + ) + } + } + kms_locations = distinct(flatten([ + for k, v in local.kms_keys : v.locations + ])) + kms_locations_keys = { + for loc in local.kms_locations : loc => { + for k, v in local.kms_keys : k => v if contains(v.locations, loc) + } + } + project_services = [ + "cloudkms.googleapis.com", + "secretmanager.googleapis.com", + "stackdriver.googleapis.com" + ] +} diff --git a/fast/stages/02-security/outputs.tf b/fast/stages/02-security/outputs.tf new file mode 100644 index 000000000..8f296d86b --- /dev/null +++ b/fast/stages/02-security/outputs.tf @@ -0,0 +1,43 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# optionally generate files for subsequent stages + +resource "local_file" "dev_sec_kms" { + for_each = var.outputs_location == null ? {} : { 1 = 1 } + filename = "${var.outputs_location}/yamls/02-security-kms-dev-keys.yaml" + content = yamlencode({ + for k, m in module.dev-sec-kms : k => m.key_ids + }) +} + +resource "local_file" "prod_sec_kms" { + for_each = var.outputs_location == null ? {} : { 1 = 1 } + filename = "${var.outputs_location}/yamls/02-security-kms-prod-keys.yaml" + content = yamlencode({ + for k, m in module.prod-sec-kms : k => m.key_ids + }) +} + +# outputs + +output "stage_perimeter_projects" { + description = "Security project numbers. They can be added to perimeter resources." + value = { + dev = ["projects/${module.dev-sec-project.number}"] + prod = ["projects/${module.prod-sec-project.number}"] + } +} diff --git a/fast/stages/02-security/variables.tf b/fast/stages/02-security/variables.tf new file mode 100644 index 000000000..0829f0984 --- /dev/null +++ b/fast/stages/02-security/variables.tf @@ -0,0 +1,185 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "billing_account_id" { + # tfdoc:variable:source bootstrap + description = "Billing account id." + type = string +} + +variable "folder_id" { + # tfdoc:variable:source resman + description = "Folder to be used for the networking resources in folders/nnnn format." + type = string +} + +variable "groups" { + # tfdoc:variable:source bootstrap + description = "Group names to grant organization-level permissions." + type = map(string) + # https://cloud.google.com/docs/enterprise/setup-checklist + default = { + gcp-billing-admins = "gcp-billing-admins", + gcp-devops = "gcp-devops", + gcp-network-admins = "gcp-network-admins" + gcp-organization-admins = "gcp-organization-admins" + gcp-security-admins = "gcp-security-admins" + gcp-support = "gcp-support" + } +} + +variable "kms_defaults" { + description = "Defaults used for KMS keys." + type = object({ + locations = list(string) + rotation_period = string + }) + default = { + locations = ["europe", "europe-west1", "europe-west3", "global"] + rotation_period = "7776000s" + } +} + +variable "kms_keys" { + description = "KMS keys to create, keyed by name. Null attributes will be interpolated with defaults." + type = map(object({ + iam = map(list(string)) + labels = map(string) + locations = list(string) + rotation_period = string + })) + default = {} +} + +variable "kms_restricted_admins" { + description = "Map of environment => [identities] who can assign the encrypt/decrypt roles on keys." + type = map(list(string)) + default = {} +} + +variable "organization" { + # tfdoc:variable:source bootstrap + description = "Organization details." + type = object({ + domain = string + id = number + customer_id = string + }) +} + +variable "outputs_location" { + description = "Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable." + type = string + default = null +} + +variable "prefix" { + description = "Prefix used for resources that need unique names." + type = string +} + +variable "vpc_sc_access_levels" { + description = "VPC SC access level definitions." + type = map(object({ + combining_function = string + conditions = list(object({ + ip_subnetworks = list(string) + members = list(string) + negate = bool + regions = list(string) + required_access_levels = list(string) + })) + })) + default = {} +} + +variable "vpc_sc_egress_policies" { + description = "VPC SC egress policy defnitions." + type = map(object({ + egress_from = object({ + identity_type = string + identities = list(string) + }) + egress_to = object({ + operations = list(object({ + method_selectors = list(string) + service_name = string + })) + resources = list(string) + }) + })) + default = {} +} + +variable "vpc_sc_ingress_policies" { + description = "VPC SC ingress policy defnitions." + type = map(object({ + ingress_from = object({ + identity_type = string + identities = list(string) + source_access_levels = list(string) + source_resources = list(string) + }) + ingress_to = object({ + operations = list(object({ + method_selectors = list(string) + service_name = string + })) + resources = list(string) + }) + })) + default = {} +} + +variable "vpc_sc_perimeter_access_levels" { + description = "VPC SC perimeter access_levels." + type = object({ + dev = list(string) + landing = list(string) + prod = list(string) + }) + default = null +} + +variable "vpc_sc_perimeter_egress_policies" { + description = "VPC SC egress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable." + type = object({ + dev = list(string) + landing = list(string) + prod = list(string) + }) + default = null +} + +variable "vpc_sc_perimeter_ingress_policies" { + description = "VPC SC ingress policies per perimeter, values reference keys defined in the `vpc_sc_ingress_policies` variable." + type = object({ + dev = list(string) + landing = list(string) + prod = list(string) + }) + default = null +} + +variable "vpc_sc_perimeter_projects" { + description = "VPC SC perimeter resources." + type = object({ + dev = list(string) + landing = list(string) + prod = list(string) + }) + default = null +} diff --git a/fast/stages/02-security/vpc-sc-restricted-services.yaml b/fast/stages/02-security/vpc-sc-restricted-services.yaml new file mode 100644 index 000000000..89844cd20 --- /dev/null +++ b/fast/stages/02-security/vpc-sc-restricted-services.yaml @@ -0,0 +1,88 @@ +# skip boilerplate check +- accessapproval.googleapis.com +- adsdatahub.googleapis.com +- aiplatform.googleapis.com +- alpha-documentai.googleapis.com +- apigee.googleapis.com +- apigeeconnect.googleapis.com +- artifactregistry.googleapis.com +- assuredworkloads.googleapis.com +- automl.googleapis.com +- bigquery.googleapis.com +- bigquerydatatransfer.googleapis.com +- bigtable.googleapis.com +- binaryauthorization.googleapis.com +- cloudasset.googleapis.com +- cloudbuild.googleapis.com +- cloudfunctions.googleapis.com +- cloudkms.googleapis.com +- cloudprofiler.googleapis.com +- cloudresourcemanager.googleapis.com +- cloudsearch.googleapis.com +- cloudtrace.googleapis.com +- composer.googleapis.com +- compute.googleapis.com +- connectgateway.googleapis.com +- contactcenterinsights.googleapis.com +- container.googleapis.com +- containeranalysis.googleapis.com +- containerregistry.googleapis.com +- containerthreatdetection.googleapis.com +- datacatalog.googleapis.com +- dataflow.googleapis.com +- datafusion.googleapis.com +- dataproc.googleapis.com +- datastream.googleapis.com +- dialogflow.googleapis.com +- dlp.googleapis.com +- dns.googleapis.com +- documentai.googleapis.com +- eventarc.googleapis.com +- file.googleapis.com +- gameservices.googleapis.com +- gkeconnect.googleapis.com +- gkehub.googleapis.com +- healthcare.googleapis.com +- iam.googleapis.com +- iaptunnel.googleapis.com +- language.googleapis.com +- lifesciences.googleapis.com +- logging.googleapis.com +- managedidentities.googleapis.com +- memcache.googleapis.com +- meshca.googleapis.com +- metastore.googleapis.com +- ml.googleapis.com +- monitoring.googleapis.com +- networkconnectivity.googleapis.com +- networkmanagement.googleapis.com +- networksecurity.googleapis.com +- networkservices.googleapis.com +- notebooks.googleapis.com +- opsconfigmonitoring.googleapis.com +- osconfig.googleapis.com +- oslogin.googleapis.com +- privateca.googleapis.com +- pubsub.googleapis.com +- pubsublite.googleapis.com +- recaptchaenterprise.googleapis.com +- recommender.googleapis.com +- redis.googleapis.com +- run.googleapis.com +- secretmanager.googleapis.com +- servicecontrol.googleapis.com +- servicedirectory.googleapis.com +- spanner.googleapis.com +- speakerid.googleapis.com +- speech.googleapis.com +- sqladmin.googleapis.com +- storage.googleapis.com +- storagetransfer.googleapis.com +- texttospeech.googleapis.com +- tpu.googleapis.com +- trafficdirector.googleapis.com +- transcoder.googleapis.com +- translate.googleapis.com +- videointelligence.googleapis.com +- vision.googleapis.com +- vpcaccess.googleapis.com diff --git a/fast/stages/02-security/vpc-sc.tf b/fast/stages/02-security/vpc-sc.tf new file mode 100644 index 000000000..855dc1dde --- /dev/null +++ b/fast/stages/02-security/vpc-sc.tf @@ -0,0 +1,167 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + # compute the number of projects in each perimeter to detect which to create + vpc_sc_counts = { + for k in ["dev", "landing", "prod"] : k => length( + coalesce(try(var.vpc_sc_perimeter_projects[k], null), []) + ) + } + # dereference perimeter egress policy names to the actual objects + vpc_sc_perimeter_egress_policies = { + for k, v in coalesce(var.vpc_sc_perimeter_egress_policies, {}) : + k => [ + for i in coalesce(v, []) : var.vpc_sc_egress_policies[i] + if lookup(var.vpc_sc_egress_policies, i, null) != null + ] + } + # dereference perimeter ingress policy names to the actual objects + vpc_sc_perimeter_ingress_policies = { + for k, v in coalesce(var.vpc_sc_perimeter_ingress_policies, {}) : + k => [ + for i in coalesce(v, []) : var.vpc_sc_ingress_policies[i] + if lookup(var.vpc_sc_ingress_policies, i, null) != null + ] + } + # get the list of restricted services from the yaml file + vpcsc_restricted_services = yamldecode( + file("${path.module}/vpc-sc-restricted-services.yaml") + ) +} + +module "vpc-sc" { + source = "../../../modules/vpc-sc" + # only enable if we have projects defined for perimeters + count = anytrue([for k, v in local.vpc_sc_counts : v > 0]) ? 1 : 0 + access_policy = null + access_policy_create = { + parent = "organizations/${var.organization.id}" + title = "default" + } + access_levels = coalesce(try(var.vpc_sc_access_levels, null), {}) + # bridge type perimeters + service_perimeters_bridge = merge( + # landing to dev, only we have projects in landing and dev perimeters + local.vpc_sc_counts.landing * local.vpc_sc_counts.dev == 0 ? {} : { + landing_to_dev = { + status_resources = null + spec_resources = concat( + var.vpc_sc_perimeter_projects.landing, + var.vpc_sc_perimeter_projects.dev + ) + use_explicit_dry_run_spec = true + } + }, + # landing to prod, only we have projects in landing and prod perimeters + local.vpc_sc_counts.landing * local.vpc_sc_counts.prod == 0 ? {} : { + landing_to_prod = { + status_resources = null + spec_resources = concat( + var.vpc_sc_perimeter_projects.landing, + var.vpc_sc_perimeter_projects.prod + ) + # set to null and switch spec and status above to enforce + use_explicit_dry_run_spec = true + } + } + ) + # regular type perimeters + service_perimeters_regular = merge( + # dev if we have projects in var.vpc_sc_perimeter_projects.dev + local.vpc_sc_counts.dev == 0 ? {} : { + dev = { + spec = { + access_levels = coalesce( + try(var.vpc_sc_perimeter_access_levels.dev, null), [] + ) + resources = var.vpc_sc_perimeter_projects.dev + restricted_services = local.vpcsc_restricted_services + egress_policies = try( + local.vpc_sc_perimeter_egress_policies.dev, null + ) + ingress_policies = try( + local.vpc_sc_perimeter_ingress_policies.dev, null + ) + # replace with commented block to enable vpc restrictions + vpc_accessible_services = null + # vpc_accessible_services = { + # allowed_services = ["RESTRICTED-SERVICES"] + # enable_restriction = true + # } + } + status = null + # set to null and switch spec and status above to enforce + use_explicit_dry_run_spec = true + } + }, + # prod if we have projects in var.vpc_sc_perimeter_projects.prod + local.vpc_sc_counts.prod == 0 ? {} : { + prod = { + spec = { + access_levels = coalesce( + try(var.vpc_sc_perimeter_access_levels.prod, null), [] + ) + # combine the security project, and any specified in the variable + resources = var.vpc_sc_perimeter_projects.prod + restricted_services = local.vpcsc_restricted_services + egress_policies = try( + local.vpc_sc_perimeter_egress_policies.prod, null + ) + ingress_policies = try( + local.vpc_sc_perimeter_ingress_policies.prod, null + ) + # replace with commented block to enable vpc restrictions + vpc_accessible_services = null + # vpc_accessible_services = { + # allowed_services = ["RESTRICTED-SERVICES"] + # enable_restriction = true + # } + } + status = null + # set to null and switch spec and status above to enforce + use_explicit_dry_run_spec = true + } + }, + # prod if we have projects in var.vpc_sc_perimeter_projects.prod + local.vpc_sc_counts.landing == 0 ? {} : { + landing = { + spec = { + access_levels = coalesce( + try(var.vpc_sc_perimeter_access_levels.landing, null), [] + ) + resources = var.vpc_sc_perimeter_projects.landing + restricted_services = local.vpcsc_restricted_services + egress_policies = try( + local.vpc_sc_perimeter_egress_policies.landing, null + ) + ingress_policies = try( + local.vpc_sc_perimeter_ingress_policies.landing, null + ) + # replace with commented block to enable vpc restrictions + vpc_accessible_services = null + # vpc_accessible_services = { + # allowed_services = ["RESTRICTED-SERVICES"] + # enable_restriction = true + # } + } + status = null + # set to null and switch spec and status above to enforce + use_explicit_dry_run_spec = true + } + } + ) +} diff --git a/fast/stages/03-project-factory/README.md b/fast/stages/03-project-factory/README.md new file mode 100644 index 000000000..2be41b952 --- /dev/null +++ b/fast/stages/03-project-factory/README.md @@ -0,0 +1,6 @@ +# Project factory + +The Project Factory (PF) builds on top of your foundations to create and set up projects (and related resources) to be used for your workloads. +It is organized in folders representing environments (e.g. "dev", "prod"), each implemented by a stand-alone terraform [resource factory](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c). + +This directory contains a single project factory ([`prod/`](./prod/)) as an example - to implement multiple environments (e.g. "prod" and "dev") you'll need to copy the `prod` folder into one folder per environment, then customize each one following the instructions found in [`prod/README.md`](./prod/README.md). \ No newline at end of file diff --git a/fast/stages/03-project-factory/prod/README.md b/fast/stages/03-project-factory/prod/README.md new file mode 100644 index 000000000..b938f7887 --- /dev/null +++ b/fast/stages/03-project-factory/prod/README.md @@ -0,0 +1,131 @@ +# Project factory + +The Project Factory (or PF) builds on top of your foundations to create and set up projects (and related resources) to be used for your workloads. +It is organized in folders representing environments (e.g., "dev", "prod"), each implemented by a stand-alone terraform [resource factory](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c). + +## Design overview and choices + +

+ Project factory diagram +

+ +A single factory creates projects in a well-defined context, according to your resource management structure. For example, in the diagram above, each Team is structured to have specific folders projects for a given environment, such as Production and Development, per the resource management structure configured in stage `01-resman`. + +Projects for each environment across different teams are created by dedicated service accounts, as exemplified in the diagram above. While there's no intrinsic limitation regarding where the project factory can create a projects, the IAM bindings for the service account effectively enforce boundaries (e.g., the production service account shouldn't be able to create or have any access to the development projects, and vice versa). + +The project factory takes care of the following activities: + +* Project creation +* API/Services enablement +* Service accounts creation +* IAM roles assignment for groups and service accounts +* KMS keys roles assignment +* Shared VPC attachment and subnets IAM binding +* DNS zones creation and visibility configuration +* Project-level org policies definition +* Billing setup (billing account attachment and budget configuration) +* Essential contacts definition (for [budget alerts](https://cloud.google.com/billing/docs/how-to/budgets) and [important notifications](https://cloud.google.com/resource-manager/docs/managing-notification-contacts?hl=en)) + + +## How to run this stage + +This stage is meant to be executed after "foundational stages" (i.e., stages [`00-bootstrap`](../../00-bootstrap), [`01-resman`](../../01-resman), [`02-networking`](../../02-networking) and [`02-security`](../../02-security)) have been run. + +It's of course possible to run this stage in isolation, by making sure the architectural prerequisites are satisfied (e.g., networking), and that the Service Account running the stage is granted the roles/permissions below: + +* One service account per environment, each with appropriate permissions + * at the organization level a custom role for networking operations including the following permissions + * `"compute.organizations.enableXpnResource"`, + * `"compute.organizations.disableXpnResource"`, + * `"compute.subnetworks.setIamPolicy"`, + * `"dns.networks.bindPrivateDNSZone"` + * and role `"roles/orgpolicy.policyAdmin"` + * on each folder where projects are created + * `"roles/logging.admin"` + * `"roles/owner"` + * `"roles/resourcemanager.folderAdmin"` + * `"roles/resourcemanager.projectCreator"` + * on the host project for the Shared VPC + * `"roles/browser"` + * `"roles/compute.viewer"` + * `"roles/dns.admin"` +* If networking is used (e.g., for VMs, GKE Clusters or AppEngine flex), VPC Host projects and their subnets should exist when creating projects +* If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., prod.gcp.example.com.) + +### Providers configuration + +If you're running this on top of Fast, you should run the following commands to create the providers file, and populate the required variables from the previous stage. + +```bash +# Variable `outputs_location` is set to `../../configs/example` in stage 01-resman +$ cd fabric-fast/stages/03-project-factory/prod +ln -s ../../../configs/example/03-project-factory-prod/providers.tf +``` + +### Variable configuration + +There are two broad sets of variables you will need to fill in: + +- variables shared by other stages (org id, billing account id, etc.), or derived from a resource managed by a different stage (folder id, automation project id, etc.) +- variables specific to resources managed by this stage + +To avoid the tedious job of filling in the first group of variables with values derived from other stages' outputs, the same mechanism used above for the provider configuration can be used to leverage pre-configured `.tfvars` files. + +If you configured a valid path for `outputs_location` in the bootstrap and networking stage, simply link the relevant `terraform-*.auto.tfvars.json` files from this stage's outputs folder (under the path you specified), where the `*` above is set to the name of the stage that produced it. For this stage, a single `.tfvars` file is available: + +```bash +# Variable `outputs_location` is set to `../../configs/example` in stages 01-bootstrap and 02-networking +ln -s ../../../configs/example/03-project-factory-prod/terraform-bootstrap.auto.tfvars.json +ln -s ../../../configs/example/03-project-factory-prod/terraform-networking.auto.tfvars.json +``` + +If you're not using Fast, refer to the [Variables](#variables) table at the bottom of this document for a full list of variables, their origin (e.g., a stage or specific to this one), and descriptions explaining their meaning. + +Besides the values above, a project factory takes 2 additional inputs: + +* `data/defaults.yaml`, manually configured by adapting the [`prod/data/defaults.yaml.sample`](./prod/data/defaults.yaml.sample), which defines per-environment default values e.g., for billing alerts and labels. + +* `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`prod/data/projects/project.yaml.sample`](./prod/data/projects/project.yaml.sample) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-prod-lab0.yaml` will create project `fast-prod-lab0`. + +Once the configuration is complete, run the project factory by running + +```bash +terraform init +terraform apply +``` + + + + + +## Files + +| name | description | modules | resources | +|---|---|---|---| +| [main.tf](./main.tf) | Project factory. | project-factory | | +| [outputs.tf](./outputs.tf) | Module outputs. | | | +| [variables.tf](./variables.tf) | Module variables. | | | + +## Variables + +| name | description | type | required | default | producer | +|---|---|:---:|:---:|:---:|:---:| +| billing_account_id | Billing account id. | string | ✓ | | 00-bootstrap | +| shared_vpc_self_link | Self link for the shared VPC. | string | ✓ | | 02-networking | +| vpc_host_project | Host project for the shared VPC. | string | ✓ | | 02-networking | +| data_dir | Relative path for the folder storing configuration data. | string | | "data/projects" | | +| defaults_file | Relative path for the file storing the project factory configuration. | string | | "data/defaults.yaml" | | +| environment_dns_zone | DNS zone suffix for environment. | string | | null | 02-networking | + +## Outputs + +| name | description | sensitive | consumers | +|---|---|:---:|---| +| projects | Created projects and service accounts. | | | + + + + + + + diff --git a/fast/stages/03-project-factory/prod/data/defaults.yaml b/fast/stages/03-project-factory/prod/data/defaults.yaml new file mode 100644 index 000000000..dc5b16166 --- /dev/null +++ b/fast/stages/03-project-factory/prod/data/defaults.yaml @@ -0,0 +1,24 @@ +# skip boilerplate check + +billing_account_id: 012345-67890A-BCDEF0 + +# [opt] Setup for billing alerts +billing_alert: + amount: 1000 + thresholds: + current: [0.5, 0.8] + forecasted: [0.5, 0.8] + credit_treatment: INCLUDE_ALL_CREDITS + +# [opt] Contacts for billing alerts and important notifications +essential_contacts: ["team-contacts@example.com"] + +# [opt] Labels set for all projects +labels: + environment: prod + department: accounting + application: example-app + foo: bar + +# [opt] Additional notification channels for billing +notification_channels: [] diff --git a/fast/stages/03-project-factory/prod/data/projects/project.yaml b/fast/stages/03-project-factory/prod/data/projects/project.yaml new file mode 100644 index 000000000..244f69558 --- /dev/null +++ b/fast/stages/03-project-factory/prod/data/projects/project.yaml @@ -0,0 +1,100 @@ +# skip boilerplate check + +# [opt] Billing account id - overrides default if set +billing_account_id: 012345-67890A-BCDEF0 + +# [opt] Billing alerts config - overrides default if set +billing_alert: + amount: 10 + thresholds: + current: + - 0.5 + - 0.8 + forecasted: [] + credit_treatment: INCLUDE_ALL_CREDITS + +# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults +dns_zones: + - lorem + - ipsum + +# [opt] Contacts for billing alerts and important notifications +essential_contacts: + - team-a-contacts@example.com + +# Folder the project will be created as children of +folder_id: folders/012345678901 + +# [opt] Authoritative IAM bindings in group => [roles] format +group_iam: + test-team-foobar@fast-lab-0.gcp-pso-italy.net: + - roles/compute.admin + +# [opt] Authoritative IAM bindings in role => [principals] format +# Generally used to grant roles to service accounts external to the project +iam: + roles/compute.admin: + - serviceAccount:service-account + +# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter +# in service => [keys] format +kms_service_agents: + compute: [key1, key2] + storage: [key1, key2] + +# [opt] Labels for the project - merged with the ones defined in defaults +labels: + environment: prod + +# [opt] Org policy overrides defined at project level +org_policies: + policy_boolean: + constraints/compute.disableGuestAttributesAccess: true + policy_list: + constraints/compute.trustedImageProjects: + inherit_from_parent: null + status: true + suggested_value: null + values: + - projects/fast-prod-iac-core-0 + +# [opt] Service account to create for the project and their roles on the project +# in name => [roles] format +service_accounts: + another-service-account: + - roles/compute.admin + my-service-account: + - roles/compute.admin + +# [opt] APIs to enable on the project. +services: + - storage.googleapis.com + - stackdriver.googleapis.com + - compute.googleapis.com + +# [opt] Roles to assign to the robots service accounts in robot => [roles] format +services_iam: + compute: + - roles/storage.objectViewer + + # [opt] VPC setup. + # If set enables the `compute.googleapis.com` service and configures + # service project attachment +vpc: + # [opt] If set, enables the container API + gke_setup: + # Grants "roles/container.hostServiceAgentUser" to the container robot if set + enable_host_service_agent: false + + # Grants "roles/compute.securityAdmin" to the container robot if set + enable_security_admin: true + + # Host project the project will be service project of + host_project: fast-prod-net-spoke-0 + + # [opt] Subnets in the host project where principals will be granted networkUser + # in region/subnet-name => [principals] + subnets_iam: + europe-west1/prod-default-ew1: + - user:foobar@example.com + - serviceAccount:service-account1 diff --git a/fast/stages/03-project-factory/prod/diagram.png b/fast/stages/03-project-factory/prod/diagram.png new file mode 100644 index 0000000000000000000000000000000000000000..b942ea47d934695831b1838d41766db699e9b64b GIT binary patch literal 57470 zcmbTeby!tf7dHyq4U!U~h)7CzcWhc31*AhM>1NZg1w;fyIwd8fyGxWVrMtVk<69f$ zyyy7c`^UZd_^_C3));flF@7VK0ZIx|m}rmD5D*YBrJsqvKtQcewJ<_Jpb0h5*T;RvK-2c>mA-ykH$5$y9rVTf_dzf8y;>UE z8hc24NIUhTVzjkq9%0YiQE5U*d;YD$95M*8(ZDx+IQ?Csq2M#;YOQ`n6;1JVqoLd( zjW<1I84tm;Ys9%P3vW|#k&#=#q*_(AUl4v+Ar?z~@csxYHt`-=#XfqB&5zn7gz)k{ z?gECP9%3<47(1@A_XahjTmd)CnGcuHj2Xqo8BFsi_KOj=4c%%oMOi9XoPQZ#<)KlA zNdyfKNQ_4H8#}XxqSUvx#TGFYWzXj<#QpZ5&Lk ztw`bXzItu#=paZ=4qxb>Kfm{BD+jqJp%ErEd!LjOCK zKZF1M^6!B+ORE2GNgf`ae=qs3H~$(5CxK7V&J<%>Rgn5E{-I*;@nz2!gb@h>A1fM%~>ALp7J}bJb-5-h+kYP-97644G#X zh~zRTEJvK*kljuZ%cDIuYoc6Qj_cQJoI96ZS*Q;;ma$5LEab37)Srpcq;lYP#1WWM zbic7nTutoJncckJ;^oXV&#uX-&aPHay)0MJaqJm2N!q^XN%T1K^5XyTg6R<=2-_P0 zOp1Vr0ztTWq)UY8G*2UP|F7lG%R~fFNYG!c$ucOUJJ|~&c7%V;g6+KU&y0V@tBNAP z)F`pS#{at>sdwX3tUqhtZX*j9gsEyrGJy_2ppDtQ9K_Jr>+ z{IwsTKT2(?J_XJ{GyEock=nbF{+hiJ^jEtC8PNX!bNVvrnL$hb&2zm5&h2;-B6;=g zfT;tQ=}Y11iqGTF^omo&KU{1)02rOo8eDS2qDCC`V!I-p)1~3X?zx|dcaHYAFUdWo z28VS_Cp+=~JFM{M=|QFKLpUefaGlpeO)Oi>iH109`kAWNMB^LYBwD(iNtm0NmPaSL z{90m&Gmmbt4WF)9T(unf^~=~q&-vrw@zH2iwADdksR^;$&|^Zv%cG8xsPS)g{u?Xb z(uVAFhmW>}^p~{@dq@bMJSz4%zc*gY*}3s?JL#dtTl?8X{E@fK_M5XcBqd_!SmS8X zJ*V+KWxqn7yB*Y1Z;Yg*T_tcg9Ah#Ciw$vR_Q!n=mck+`$t3n{as7BawpOAxMyaN^ zpdow_C}r6^W^}afpH$wHf3N1?5Pv+ks)YRf2@A$=8CJRna^C3>`D_js1R5OJxwY3% z-SMk99sA3{@`->HlFN0)1e*0CLH?sL9pUQnmw9?d^u3z1&67)a6K$p{=r?lrhenB} zYx68umin-Ym`oTHU5(YTSacxHPe|5o1@VizuZWmTzXr6 zGt8b2iUBlX48Lz|vK=bv4&CwSD_;2VvZK`Q{CMcr>*bQkxRSVCYhg0pBFi;0lv#f2 zjBmv^J;bj#IcF5Op+P;D@3tME>()%JH7`EhoLOt=i0P>CMAyhoZ`_1m*S&kG#-Utr zKTO!Gy@S#zaldiZ?K{%)NRAdXsHVQwvQv$*D3jQwW$G{mIx^vBZ!y_YV)3g_;wYg; zS4yp>ZsUi(vVAzCM*WE9xMrQd!Z60${IcED!zqPHpDm-#a4p8jXQwo3dQd+`?c&D3 z+B*JYq|9B+TS=z{Wlm?4-dtAL2P$l+4vB#yYmRl6;mvX$=Hh0)y~thZSlxgFPTW3 zyhxZ%lB;xXn40t2cADfc=}p=cbOhK}hC}_>9&?R&Y;4LbKEIB^qoY$x_i$2BjhAqM zl08!H%pkZYka{3_Xs>cbM*s_Fkt0QCL5W;iiy5B#7D?z$T4f7`}TO2DUc(;i2UCsxO=B=;0>aVUn`nUDgs^wZJi-rK68)DyY4A^onv}+s9NPtWSBD-kxbgfck8gU1`5j` zq$XQMeO2kGKfCsv6gu;7SUg@0sdm}&vTX2}53Ep+zaNn0%%a4G(HAx+BPKq!G7koXN`{QVe`;% z|1!03)e_P0mo$eSrbPWv?*VG9HmWT=#U_>TV(eSKw}l`O*Iqc|5CTdE@)GoXf5wQD z&0sm;d#hzl{NM{&l3f1dT-)#xLjVcj0t$%=_MPm82Qjw5Z^ln}@qGa~!o~!ZOjcIP zqca7+V^zP^@{s2!EP=+)S;A0$-|ycR8MxYe_aQTp*97{Af3>G#LuMWzJq`HFe$og7 zB6^yH`0(#`G@$+e)AahWzPF|@Qfel^Ke0@OPPK5hyIbDr%4nVOVc>&=hp4x!C_MtE ze|5og!x{Yxn%zwem}H87i_klGg7e;`Vh2w={0zxnqt0tboRMp5{t9aOW>vEN@)A$VN8>1;YY zQckE@v3iIPa7iv7LW8-@D;_axU1o#?~QP$3w(5 zHDbQiwGYH>%*yXJ|5&TWGqQp;_Sslnh42PgS3`bj4!%{mC>WAK@Vgn5Mv(psbCPl4 zV)i5RT{pbr2RTTISw@&uUu5zqv%%GaVS4tuFHHpW^p%yKRenMC8Rq1jjB?RWmPLM_ zbl2;xbnP!{Y&>MZ3Ij~A`dQs^+l$B#h{>tf_Fh+%6>?1@^vUUEqt#0eeCMr0#p~;v z6|j2P!DUw>cW2y$D^#e`KIDl&lAwH*^FKJL^+4bUwYl<+q%!o!q?PT z@9vC)|NA&TNt3Pwg;yn6-d^zA3zEeG%tyBYd&LAW3ibl~XJy6C2)E-b#_>$Zpea*# zGWya;QL>NMQq}2LrV;+z(mlcGlUue10U(R8*M|{4DW|mlWXs^uw`mte*GH4gR&GCu zYp$hxML}EK!nQtnf+p$H3YE5QdKWnbqdPnAr?(O&O}!3cr&$9U-F^Dbn)E!IB{h_p z^&Ecuktjn-@5as#exKosnFV@_YwKK^GV5lj=h)BXFnB(` z;>}0SilFq!k3arVpC91p883(e1jt)*G3th=W0J>w=QU1sK)>u4Gf+g0r@Pn6$f`td znX>tk$A0IuEQy}il?K2)52)*T=y_6cHo(KSch4yRo^^>h`D{ge ze7wbXzx6&@1_x$6_c6ES*9>}tmQORIRDQzpHHcOn{B%8EkF$J(vV=Cwl*QuV7WT?r3$tbxzH) zs`Zp1`oms%lI6R%^4I(na6O1+U%Ul$l2Q@aH6*FjBx!^%<+7l@)V#?c4npa^)z+3} z=~{Q+IrGfY4DoQL5r$|@#z-jy=B9b8e1P11GeH>}Eg3i40dv&9x`UG1J{1-ZpB~^ZV?P!pl zUzInyjdi7c*dn_rI?ULAH*;&LE9t?Lxqp@*2h8CE0-E-lCB#9DjNRqVt8Ys)^YTg< z9SB+D*TqNYjLlO4U6^ETLxyJ)=bbIedK#-P^;zJ!e1;*hLYr zrh@dB$l-0N@(_cyuz-mDnczInl6A;#>t3B|`r^Ud*B=1+mR<+Z4e{3GM!^lPJ(}xpw&-#&wV(XvIW~5q z5B{f_8?%dfzYWhJmWGO7Xtb!y;TE$(l1ssleAG1Szufz;z0z+%nfVsaI-rdL7t~S| zi|VD&+Bzx>=GN%FQv?rkG76tcYOUh=@?hMIWq*bM$g!rBl%nQVqd@f;S`u zF!_GC3+}%)*dHNB0O0`cdtjSSBgRd8mJ+B4t&FhbW{1gizy`ASitLpCLkNTsknq7d z<>kcRz21YJBOl^WN#7W82n_5@{{ZDv|6eqU`yqgs=@dc#sEAwI0dA_1LKOa(s9Tb- zAAm5Qvx0AWtMI|js>c{!U~LLn=-Bh;rPrnRk&qqTPz6B$LI5fRaImOF&ELv6q@hJF^e$M=WBK!^xXFEYdw6}M*emh~_x;y;Vs zQmsS@oRR7tX%!~?Fc!&odao~fkID)>^0cFut8WSMMPX@|K|vP2;V`KeXxCZbI-KXu zAK`(80k=U7Ho1#4jyj!7a>4@u&yu3y^KGg?sl;@e}qno1+lw0;aO$xloBuBoNfe}0cdDB&uPgbzBDtFh|Q8bVUh zwYr7Rp#Di{YIxYB+KR_FWIbli*QYP3OLCN&--jhKSWr-qi;WFe{CN5mVeu#rbW6Ke zCe$&%55>PQcr3~Ey9yT<2ggVPuYI4if{_82g7T>PN(sZe;8zN>7gQO-m#d15kut%A z{?NrpwJ`~NorS86$(rF-X)!zDhm4wr+>;Ki!aVlT(C*}uFRVsTmaY?4+ zw!frOG@2JTlDA1xwq-b~vCKY}tQ5eozz~)t8ZP-X2}bF{Lj+IBg)Z@7(~!ebQpn6L zEaU>IDL#9TEipNNhaVY^7JDk#)^L@49)4;~a{^`1{Sg0$ z6cgR27GmXIt+VsR^!pb8Im9Db)1#tXgiWS~{KVyC@xinEj@{ZFab5OJOw>Ttc1bN2XL6-?S=Yt z=OW?(>oK9|z5Yib-oB>6MXY}F5N;;)sZifoh%fQ@#MTN8!?6;!DyXim&LpTcC_8UN z^%DFx;2T@(y_eUY?fn-i07ymck^dJMN`4PsN!1XKq4?Y1O8_+1;+NhsG8TEz+8&O> zd5ke`0x~QWXQaWaVO7i~p45r=udQ&|!7Zj=M8M>mCKJ`!NZR<^gLW*!7k zw&N*40;Qo&P7f2YX(7od;Bt%6*YVueOrkOrh_EKqH$(!DpP(&2Lpudb-(qXv$iEd1 zzz1?!1Q`CPl+UZb+V=o}*cpOf^tUmJf`}P1erG{}=!*jAiLoV)@BZ9uBgXxem6e!T zdOKbeIXV5&Vx#*c3n*aY81JdUTrK|ZKdTao?h(iSSKE0576ic0kpj=GZZ+_&-UWpS zAi&Tl8sqo?*C>0$Ft7btV(#2s?N=2o5eE;B8d(5Ol7bp zUGcsH{sL@vLIUEVs1{dqQ>)^baVkhMHpp+G^$R~Qfug34P9LAN|t$Fk_3vWs=Jc1)N*w7;f(GId#8#>qWGiJxGem!I$@NFe-yn;muX9_!ZB za7Um^L&2oc+*7fa_&FsgogW$YoN`rQ`Saq1~8=LknjBmdgdjE& zpWpuJC!6ijt59Fens@&0ol-hv#=%#Df{zt7lns7jgpQX5Ai-AQKpP%BNJapm4&%ny zJcwN_MP4g*Z4aVKXi^=tw{_%NCa7R(X*%5ux`eXOBj>g@G2PuISkn zLR$149Fe4OuQd5HQw&AfcV!zv7z(VMWC1X=QtNgYGRdDADHdb)h>kTdt>oez83 zW?Z4lF3%&^i-IEg10p(ogqY6-zV5e&RP{eyA^>YY3~M#yNZbK2*A#38m9%Ush4MU+ zJ+)0?;st@x$dd&)j%>X$V^dz_w+7SGpcngulYPPh46RV3MHWz5{}qMj<_@U zh9&O(_%m(d+6lVmS#>%r<(|*(Ckut$yi@w!@;!M8Vn1CD^R+FUE`!G>cq2l2Avu0D zB2T0C8|ArAj>}}FbjDOAmmWLoEz5jxjs+A#toX<~NC0XU`JC`p2>muXiu5`mm$}WI z%)MV`hgLx4|wOF>5u9% z-8GOUoKWa!o2XLL>LT?&Y5(#z*mTmc581zU&w(KXzx;=OPN#3j_u7I?q5C)*|+-{@g$syrSmGD15X$Y+uf5y9e)h_#tJ^AC44rZ(Z?w|$jwBr@_&E%U32{#ub$vj#t+VR8=5lW=-q+e=ZCOcn8<I7rx7$GECc|2kQq_#0=GXE3^6QnTimJyok--z@)5{^AUPcMUqYP+=I5?hi2a>^6te( z?9@HIz?gRuOrfCt;=Q!TWp#{WG}FStrW3-Mc!7Z{J_NV+opYUA%KvXyANL3IqQaV!;_XS-tVEQ@9ITNQBwC9S+d2KbR6>g z2}5$}1M(3{fnXJ?2bw|;!^hPL+B>UbJWC75|opW(>+@gqBy1vAcymGXK?hMuK&r32_xSzdkCI?``L+L&kYjxOxqyy`h7w>D;2qEnTFI1W4isD5LnfG)a;OH=C3AjIqVifIu~thpiv zuTu>0{fM`;%U+^Zc8Hcr#tf|a%+yN&V*q~ZAw0rjA;?AntHch0mY<_>=!&nJb`>(> zxa;*#v3z$)e#`9Nm^0(=zxqJN8@F1NM4K~ildd0WsWn3T2~q|QmDZ0hP3?O%Ae5{k zQW5-aH0KwbhOY;+STtT zI(t!!tz>{$@+JyN5Wid0yOPQdopcI7Hl;btAKtrL!Van1+I|}T&;^18ZekA<2mr-kzWSul=GnehZUSBNjzFORKWNw#&D&HTB27c zF;S5Sy~6Ylon9gUq$3GX$mJ4)Sk++C62F4g1m9PM3!r3)>I7Y=2XTN(D7R6{q#={N z%OtK4cT%N?tqT)r7v}#tO z%lh0!M8x?NCG+Ec=v&xb>K7pflEDP@gEZsDczpQukAc;HDTQH!?Z}e1EUJDyy$3da z2T3`7ΝVpB>tvnyLVK{eda&xt9#5VUoG+d(F{@fpH?75kz#GFL9hBkA4(Z%%T2l zPMsrpr8)_WWL?D5?OV(KfXb~*4Ek!wW~alEwy4O^YyWjI=OJ*D<8=l$Xpb&Kb^i$t zvrr;()=T6eDFmWx35ILRo$h3_ycMAGTWWp%h4mgIimA9Cl2b&qH_WZsx zN1LkEJG!@v&*{fgjTLdQ!^Hyt)gc3pG9>#H=}l5f^qD;FW2{Ef3;9ikQuH{0;h^|LW;c2yA{m=pHyh`0o)wR7@A72;~SOJ?9Pw3EBw&$H9b5$T=kYhLPK%P&CEI`bau)Gwk|I(xxB6}Y)vaUS04^8 zuBZ)H3hhy_=V_e#9-YCITk2PgW@ z#&MeO)u`Vqx*y=X8cuLfOy`%}ReNvz7gaJ^5FKNQara*2$HYWp<~=0)Dy7R^vGem;{H1gB@t3=NWf|6;OMBq!o}alFOpNSS2cIn#o|}0gb)eRsoJUHsjex_ zHBzGWBJbj$T(7-8;dGe@&>4Ayxd8{K8I{qC?*uvzqV^rNDqjeF<)sDZ=l-BgwOaA2qdpXmqnY+R} zr&|~My%p;P4fR~4_R$)s0_Phg^$9gIZ_#ssfEJhK*uwl*hV$JJFN=b@qqxs*TUAco zoWm#3r4Y}9r%Cu;yMcN!Q?1r+~rrCQ14AzJ8O0=x&27!3h zO^|GR2wJzUv&yC@=(Sb7p6}qPA~ad=Q6ufVR?*S6?Xm49#H_4f?BToN0FIFew?KfA z<0_@AMdGMFY7%*19KfdfS~XP2X2u&|{VeZ8Azdr3;a(+e{@Xq!Bfgy`B7Uc?*5~NS zJ)tvw71gdZSz);{A9bIJ7(F{bWK&9jJfZVQCr~LgD$tdY(Q8sTKYSZ1KjyX27FsGV z6QV=}j_^9LILwWNzGZo?t6Hx#r9AZlUvE*7lWs*jpq6x{;)u5XF-t@P#T*`<-l?`J z_*55@$V?7puc}Yg2aE`c1xGN~@AxsFwD@6ptcVG1doJ@&@BZ4V*%s1UtzXTEuZ?lr zC~9>V^A%5`TiEuxK9`T&yxtYQ^4D>m^>aELR2x^T-+Q1ZH08eET@TxYhb=8fi<<*m zyUa^;_`y>bOWfxI`_tFwUKLWrE)*W~ih_p`ULl?*-${-Zr;i)1J-jUTm%8i8L{6o) zr?srAnzz+F!%xDUmD7BFyuwylq7Cuf@gXUtl#Lo$7QS}Tv&xpcs%bdqpWfMlVYxS! zTaFud%$pDAAHG&P-S6SwJ}{!6V@hs^asgn)LS^JG421Hg>+_Enm0{T*@-){$*6--* z_8hWOb4H~P^E_}>_o8UCQW;?BXcayEwq?)g-!y>Z>m5CnM56JPQdu9#Qrc!lS=Bi> zFtE2#sn#Fn?Hh*YXIAn_t!8NvrJSLx#1?2*^{GWIIz|o4y-KakcK>=ou)yqCFmPlD zkQDs5V_HPXbFeHj$>*ZL;jJVNrx|#vcIHVv87TgmOB=AR@@%1)3g*Y{{-d^r?GN0QWC|)fn z79Tb41ng!~p=1f1{Bt$?kwz}L9HjP1%!3K)v9t9If=VW zFZdqG<%(2Yt3oi^wsR~0+m)+xtg9KUix@+fMU_OW$?8FhhXu8JGBtA_=-q{`4l;#5 zKa5SfSfJh{1aeiAZrgQ70gCRgwKXjuq~UnrupPehli`XrwbNok|Rb(W%4)x zJ*VVm&uXG)jswTjwPwrZG%?PmPw(0J*66OeTi$I_9KLt=GdGkl%PcQ0_y5|H(V zP$9YqsyHDpW>wovInM_RjYZcVP)7&HH%k^{k9Ua zu*VAts-2&Pf%sFIr3bIkEYJk#XL&C2EkLg2Yvnn$X~_Z)1-1kB%#7<%9uwmUKa(<* zABagd5K;2e0*VFcSY)Jhq6c|Iy&+tn$2DKvsc|xk90<9sP>(uUGCA)UNnMm5pr*aB?AHl6DVsJ!3tSWRh-f$UDqLqzY z2DR!zSa;n=& z)rQRJPIDRXn4U^D!~n2bi^EbvdpOfZ3Yds{XIE3(mxRqKbyc2+WU9@^_ASGAhTp#LP zmsyMVtG_^%Z>ENj62f9~EIyuwl@N80WCkV5u3NO2TD(L=R6PR~DIrxTmuo2nCh-^- z4_qbpCFI!RLbD&?^JhK#DNC8;m3SwQX`A%6A zwpEK>#?3Ox4@$-J(;*`+iUivaxzRpZFnz9@m_0`%M17LS!TC+%=TDrCnQD58z`I~Az(4ZvswSc(rYJyhBU zD>Ty&iSF%{f=M=qx6KM7NOzielh3^9uRF~%YnfA`3!p`3sJ8yi6v=ik8Rz?VYw`N; z_5DG>DtCYYxnE)`UCCKiXPEYmUC6rDyl#RkP1M|gaT zPu6vrF<)3?KPxH^sz3n$Vc-zN%26jANEY|_&5htyDo?glufjFsmDCQ1ATjkf8ET`)y18W)y z@dcC}3nF;Xt2L2D8L|CE_|9HFk*~+iC7=o&{`Kn>0LNduo+8lvQ)P7Ht3cXsHWR~d zx9}bxs`*2MxY7pY$7kb~fyer1&l+hHjRzt!6-c^szm{^0ewd^Ccw`ECh}s%V$X)zS z{SiaMf4neQ7;cs{EK^#=X=7y8Pkp8eUBCesiff?>dbQe@?nwZ4nJb<8Te~;VaB9FL;DEDywzw^xf6mS7?o9)LQBvsj|=1!w}p+8nEu} zB6u(0f`EGKW=14>NAbT7i|n&sLIdoN1L{CRWBAEf4YXj}jJ8+X&8=ozmllT_>oYhB zJOQXmK(C!I4l4hwnB(B&JZvO~ua84Bk{M78w#za9k zIApsT(mk#oK1D8^5wfm39Gc0z)-5&+(6McPu<8NVZb{#GMp6i{zb8h+Q<6uUaG zrf-tqZh#vG;I{IEa!+5&pQ*#ul03P34O856NauTH&zJoy+l4hu(-}gFJlc?rrlc?KV_`dyFkIF;e^HEIO7_hWw~Xb zd0mP{LlxL{vt^Cdy~|2VM`mV{@f|*-&A$rGoc_QJ%c8_t$m<`eh0Lt-eMqx)tsc5K z-S@cI;gq@5mnH%9R-+sa3OK4`&_>CR&t8wz^{umr#uEz@Vm0f4_P2A(cEL7}V~5)o z-Rscbesb}|v*;?NwRhv=LO#yfel5@`7vHqHUh&aHD6oqsoCwQefM0Ff@G!Bx)|hG8 zzaVz=LbD6~)jh=JuRQWj0tvc2x;t8})NU`8iFyZH+7lNYEV=}wj+2q;B14rg2{E=l zTchClK)M1#Rq|1#4^+%5{2>!x-If54x(-1Z+6Bo)!T^y`vp$qdWOF;R2wy?3br*S( zPWwFbAkk%sVET}KLREQ{S+leafYk!qyZ!2delr&{agjTD`ClX7Kq(7>>Q@y$#4_KU zRJ@}u)ic3Y!f@UA8v9eL3g*=w1ecUW8En?%gO9=*&<}$lZkL5)$IBJ2RB9q{8Y_yB zD^Ath{5-|=i2G#JlfbJxW2%=NOL?{Mtv@IZHwYb{>0mfvqk8t>6rM*;#zo0Ge{S6A zNI4Q543~2md5Aq9HYrO#I9qo{+CnPtu)(Jf;-8URjhicgJ-K_%#G->)zLxxyDVP1I2%Gpooy>FVdP-xLKW?uhUz? z+xm);*5YVwGfA;DM*<&O_#e~ik`9y#uk;XX^zV{p(Py5W$^I}xMimOE1as7 z8H2m_|EU=Jlji-z49muM29dwYyz0e$89PUZ?fC6VUu(JDJTpX7kE33^;d|=?DUox^ zJ&K*T_CPh{C1$Pn-p=B>2u9|2Yj~*XIYqL@@d4S5=4f;VtqH=*@7Sf2*N_rhz8T$z z;+o+a>~*!DKMYFi4@1T^`(|so?#v=0v-JJBfCmL=I8SStTJ`w^X)tNMcw+5)O$r@i zi5oj+MwU!4hwVJL$5928$tK5uOBcingXCEIDH&1ZBxkx1jl!Gr3k~)UMJEo+0RH~yz2L2==nFpZWOXc6E3^>J;8BTNV~R8Fbtw4m0+&iO%9#&h zgz_01;tlbZ&Ma28$NWjjsl^7Xu39`b-IBPp=DE;dol^>kHvCv|D3kka1|rSt?$`p! z_cgC&gKXsEFJt)XZU*s~Ayj!^MZymk!$G!WEP^0a#vNb7YEjGT<<&S`o6*{Le3J06 zAvPrlRZaKvO31hm^YKVZ_|ts!)05qf@J>NB4O`9_X&(q0!9t7dVnqJ;tQdnX3gAj%)5L8+^;7~w6R#x+H5gKX)s~g z51nx}am`|1%a1?4o4M<<_Az$Vlpe3FT0h&(IHN6Guv#}m&`&pHA8s@OSpUR{TD!B9 zjy1bhPWM%N?T5haHGbPn)R3dtLo8~BU$d^ylwj@PW-j2`1%S2dHW!p8To>vHgB5e! zRbpKy4nM6B$&94t%lLYCM?Oo=MoJ`p-_j@DXry34j*}6f^mf+?wt`l_?-3(XAsZms z{iO=JJ;k2?wUjd;(1IL(P2Qs+I(9w@u0adB?<~!!u}rY0Gs-n5;DXAnwacNwGEew168Q)`syf4gICv@fSy{h&F^!O6 zp`(>=xbxM>y<;v-+3$vqjmho<>c+!_O~IyCc1DKg;r1_;gc3bzF5x>ks0_e)!&h-!Nr6;Y7SuvD6YUgek~AIBF>m&yO!b zxoSQr5=F**eSRM(S&2ae(d7;J=@=PK1j{pJxjRhNnCPt+d9)(urJIt&pvI>oqhoK@ zA3BbuYACGmzFH|I4p;APEGc*=t5Vk3e+O--CcHvHlnGnsY;t_uy!9i|{v31s8+78r zp3qA49;`l;kNypga<5s~KW==g>~C6g_=RyF{t1B+6UgcXH$MS4;j?N@ANsVl_yo!n zKFO73+WV9UC4Q_T!}y9C4e{?uhabO>>v&!Cil66Gp?uErSnWs2bvxq5ckJUoi*+JA zZVZYfWMBU9W94GroMY6%VprG-)r0?_n1hI4}!)b*OzJ}3uC%p zU^~y-T^`#Gm3<4*>?Xpw4^tsj?*Hq+K&SiVSF`P8sEHx6SaHO4JBdPvq(h`bU zef8l1{l&4$aEDy@&1WC!q&6diJc&Fpg|JZMb%i<`N+y20uw`xyCii=4#K6B zhdkL{73jU@8drUd0^e(gbn?5li%~8QjQDNH0hawA*Jg#femO&hU@>gzNY3w$B;zGgp=mHERI~ z4yZbGm}pwN|M|NoTt~5sBwKSBwIVCZpKsFPJjPP{m~7VXU1HSO{en9pChPnKFT;Es z05bD%A2}HH;Z*nrVdWERYzr--?BU(3oWi-2A8#`Ko}Og9;}z0yE(b`Jd1pZ|ys`fg ze?Toz!O8D_Qh1&CQNQyLalQKN*#x6r{lrj#o;8q6@YKsU#l9*2r$wch1l6alWfG)( z8c4>!v0QBTZ7k12=}Fk#-bWJPM2E1zZR~53_X3WC5pDf)KmeW=EAj2sw>NIZ*eK=g zb1UlDiUwPJ{QPyxTe&4Ydz0dhH(z3t(gDfmrB3lV6?8}Opj6QP(7P}K>?~W5Riiv` z1r1Y+T9VKzlIUS^*v^O;0Zak>E`tD=T^`O+j+XB(j{w7H+lBy;^JxPr%h#Bqznv9q4FX%~jT9^3<-V z1)E9EAWg9c2slP+mly}*>&59PCkn{dvuU&$Vd(yRpt8Q!ohUetE*&6!!vPxHNAXwZ z1CMIoKgxP(f74`le+N_F>dKD>DL?_pdyy%zgP6U^a2`63aWE;0%3Z&w-k(8QUemI@ zQ}k$x z9K_|}A&R!SKdZEd&AZJ#=R?b(5MtVB8>|GM+8vVi|4fX{Z2{(FCjev z?*b05L(r?@$Q1{GqRsqY)WOGN<^`ksy~5iP0dxe{r%BhVz?YH7Q*M?(74KBd(TG8a zhL=}EJAZn+(o%2Ic7xZ|ev;d^+6)=G-b#u;aWVgPZGUeVZHNZotqJb_xUakO##q+x ze5I+fv}MX%3J1HnE4Q*$n6Fc#<8f=Da*Tr)weU#)u1svi4B{ zMd!%^;G;u~@hG25Dn(rtA$;cb!qGg=$*L~`v9KIK?&ndSY?72^9wi3Jjb^dAeoy6E z-+H}QZ;SOII2YWp^sRqx8mQVV2U1|;K3GC4NCDzOKZ3y_wYs=&ahrCVV`WD^Bo~e7 ziPt9~*DL|~76wZnpYYE0x^25no6ANsm05f4$6saWxvo<77m+?2Xzwp`Jv3vcqoe`6 zW@8{G!5L7VQ&2yaU$yj@IUi50=?F-693|F6Yv+k{FD@^quj?!)Dt|%!YZs%mE}U!d zb)CNjHW6Ca{u*~Z->f(X*tEuBzYHYwRwOiSJW!jxu9m%yoND(!ZZrWpcl6OPzj}?Xp%hk4jy%g~?GmVC^9{)fUXC8FC}b+5{ObDZQY3=Co^ov=RE@U+aqs;oeweGl)vg)_WNJxrFVD3G~+WPA9sBPDy+r8-f)&D?3TY}gfc zn!#PyPC<1iB(1Lo$a7u_`reNkX2bTJy}W>b6OK*AG9blh=z0E2isUdb#{B6;$m>+3&c(rS7IaY)lg#5Eru-8U&&|iB2arU@ z_XMUKhjnyU;PH!kt@NScc!m|%I6O)e+&bJ0O=m%OLB~amq1E#hDdES!7XsDzjFYx zT5>~BX|E4S2YYd_Z={5~;k4Ux4!b%0{pnFfgC)uJNvlUiPe83*ui$aQHnPiB)pA_5 zH!?_8N0@U-F(ot8Wa0}QuF2!`jO1N&7}1#LLa5Y54DV$RWme!4;nWUt(nqj9DTQNj zW0VcwUL(@{oieZSa!XwvWU0)u%^}_4B;Nc5z6pBj* z+g~x-lriGojy>)1fLKzXIAiISc1RuQP}oUIJbKQBmG~n_Ji6A#$H(WWnc4G~B8450 z#~mfPnk8{9m@4TNTCdUC0utC9uim#rNn^-tTn=BK>Ge;t-09ofy6kMY2sG{bET9_~ zAt5qJdcB%-)egOk@MjUwwd~K37ZP-t$aAE z9TtqwhX`+3MiQ+#$-tc^76L@f}%M|mC)v*AhTI&C>^_O9BZQHgm90&vm5Fl6rL4vz` z;Tjx*ySux)LvVKs7TjHfB)AuaySqE@WSz6`UHg9DuYzZm%sH(0-bQO}m}j?H0b4A@ z7swKlJEa~b#^cZYmqF2HnV5DX#u^;Uik*qUmb2{`pkivXaoD;!vv?qy%Hcz!bU02w zA5Bcsp~s(OKJ6`l=OGdE7d(;wprPRst3mBv*PT9h=JHcCEY;B+-pyLg#+K4sf>Y~{ z`($!#DB2}e5`l*3E-lN#&=T6+wtvWadIrcJ0NLCW;<{`?MgNktp@ywB-AbBf&}&UW zr~>VcCEdTe6&~RVbS5&|_>aVWF8qQRiOs|KusF!v_jk}r z;R6sD-J#DDMan&YLY3{;YE4+9`l+xakiY)~gQuua5910K5KN zo(+vK1`(jL&?SVveSIGeLKDO*-Wp39p`9YIW$u<$GG7;+4Y&_h34UmL{Vju!ek%E? zj4unKt6O6~m|y3fBCKChe@cA|XJN3|y1~#`0X2$@*&QkcpA}rE6X8MwpPsvqroFW{ z&4GPC3oC{X*6QBpJ~f~{Xwgl7MMKJxQZm1M;Zfp!$Kqcjx0NI43c4+S5}|sfpH8c% z;gr>XZ7Q53=hxMTRs!_ny^Vvhg78&Rf?qE={#VKU+SEXM2C zM9mkEbRPS3ek`bjN9Kz~&jT>(;eKf)oyhr5U_XstcOJ(1c+u=NG`jZRWj`I7SONMc zlSBILs8{xhw&$6MM!k7r`&GG(6S_QOw*=#zvWL1<&G#eOrf)X`B-H;X4nqn3CMM(~ z1~#sH5b0B>FthKci#(0;3JMB-&hp;x<~tA3HqM=I4IMFO-${vAimboh{W)ol(@t=3 zFiq^YxojZcSy*{_T6rK*WJ~&P3+yxVog?dfbdKge4;@Km9^idkL)o$5J+nyRm*;jJ zyybZ-E=hu(Br(e{^1l5l<)Bz&M?IKD%U#kTe`aRFp;3^4)L2MY9R@JYp}n03gEcHH zN@a^08^P9{PtFUqCei<4mE22=fW?h&LLW zo@zLY-#!6r%uS@eWD-sF>lW%P1Y$-^OnkjT@G__Eal{G&K6;d9QE~P_I`>+|xGXs( zuRM>eJW4B!g}r7p2iiAW9#024e8-yba@9y&&)-f}P(xkt?cB_QUDsYbtHcj`DE4RoeW(sO|d@nmMbwye3 zgK24Lo}4Ais4FkeH%CAdG+8aTL4f@cJ%ZaVxHg7Io0p@`yLYv?)=k|V0Iy+wzTU!X zLshql+gZSMJ&gSEOgG&Iep4_CBrF0?Shte(aHx90R(0!cUc}*g1bqXL z=`J+dWJeDWyw1!-3H~eXM6Xhn$_5})fZ*WZyr#v@r>g=h`FdM}i5;a6hmhL#Rm5Wj zeVOH^gNoMCwDj~NtrPcTY-=jwY#{L=oNqcY$#UyI26T51$CO&Kx2iuO5>lyPTat#6w=6{Y{+M%K^NsnAR zA>82c)|}c=*-QE8!?KaZKUzRe7yC5_%OEoQVR46d$HZ2_Wn|@{edVHj>@|7IzWQzl z@Bwi@r!&F;{oW;odJ9lajs`GF5nIXfzZ0jB6}LX$A4v0jA$dc3>W@%*UN3HNlW@H9 zII?o9FoVpJ(#^b57pjvE^In@wpd9^Gp!d7PNO^_hE@56Ad|}gz&?-QF7jQ&^4TH5(J;OY36)=7j zXmZ#j^)jVM@NgqJB@zRU)C_BNxBs&_fna)=Ir|%NjJJX=+llbBWFOUyIw)Z^NP+c>fq1rSq$949RYs+&fvA|Yys2ZuddP7T(2 z!)ZAB)~g+bXY|-a6^O4v(HWt*np|NqELgqhpKU(#RDRcnA>V-h^;dx$CqjbeDl*7s zsRLbR8czmdG4P%3klPi3&y;V-3dHKF&tN2bEHQWCfzH-RY>Zu5+<1{R1L>(qVI6m3 zMr3h*WtLLV`?Y)A%ug0b4q3pcyrQG10>F+4nkNOT?)Sg2%fyu=mdOXfoGeV+)eiG? zcwA`)vlB`t4)Y2PC$5u`0}l8+J9`Q$GLe!?EAchx3+va5%PC8?b^$ks1+v@!MZDYh$l$P$-Zg@v)^FItT4riv77 zjO-KjeK=0;Z($O z?k|f>Wxnw6@BLrzs@M7X8m(=^`M>Fp(8Qw$80RC@_A6i&ryEzM>l)1+QL}JAochdn zWNLUaS>e@MF2RCTZ+;;++-#W~HIKMNNj|5!crDJGL`uK#%&i#QyliGap7j@ErLVLP zDrb6yji}4bZ9*Y5?ygh<)DyhLhwyaew!fpDk4FubOCn~VsKW&_*~J?#kEzJ)x^1>b zLc)LQM_4qDm&Xh0Kk8CJ!0j6~ z7hCjSi|wq(vjfy^9@{bK=D7485wvRc6EfFds>P0P8`6i3Dk7thApWElhdrgsiQczY zkt2I6CBi-W);z(DiMmG1z>79m3T-qIc+TPnx?4t}uC-=KA zR&Uz}j_k;)pr20ZjA;te!}12HD-#{{fMx{UYeNmUNYrg_<~C zM@A@Gj^~fLwprh$_9-7Sd-WJ@XXAN#=zm-b>WQ{747l5 zHCC$7Xst`1#!Ccxg6t1a$UkEH|BNAEgxsN~L^%(Vds#R}B!D8>>84w)Xk!_QmS}Sp ztP9Uv5f@3QFP5Am9L$Yy3W7#2wBE}0n7LN1L>;e~J-Apq;Wx1^2m8g7AFftlKke*3 zgZm+gR{0j%jT*%~d%cUkJO_b`)xSLs{i!P&uSX%*t79E{SCP`rkEhz8L*cZZ97&&@ z2J*6cFJ-RgnH_EG0hFV9o#)k|29JlSy{G$Xj|b-2cKZPA1nChg=fkdw*R}}@NE6k+Wh=pk0%>mtudt4s$=?VG_>CUozC z{e7C$PxW{eL)*>C+9qNs#|ZR$k}$9#=sFhsf;De$n~XsXIE}?PeLv@7d{W1{y}#T+YJnc4}WO69@-k z0P3bq^#|<)0@MazwKF2NJt%Li`JfHi1s?}V(w%ODPBf>!)px{{pqFYw)3=_i35fGhp~ga(q$`2a2DsO&)T_@ z^BF7qc1({dM&ynp7mBulLTR5S_DHa35eqBv55yg9=S*A>SXXkar7O$p@B=O${w01h zd*=(vfDG?dW9LrF%`L6EUBjNkN_6KokN5fc)fb43?BYX!<6~^BKM4c z{BN%j!o4n>7a1HD7BY~qujEk~J?RTrwG~Nc>vWbohitVXTI!37w2t0`2QH&T1!z%9 z_bWIWjV=Qh*OSbhHId03eJ*{L*{mz`t=p->c~L{S;K_ZAvWrt%7ya`ykB*)GN80*A zEEn|L)5}V4eFrSM+Q{_feR7S@`1=k;EOQ@rjzBx>7E8~K1qOWf1C5p^)MNAE4s_xt z8~?{?=YOWhD-5E!I%4j$alkc9tBZdTRjK+Rio@-G@ul!M%!+wsCMzT6*;+W!VQ}K6kr@5H6G<=`%JMYTf0_`&1Sh2V7qWNT`y7}UE92r zXY==oeRyi#oWFtmc3EC0lXsgG6$`P1q+NKi4~re&C$&SQn?8OhWz#gK=eYuyt4KjB zuU?nS%i2IGG1fHAZoQbYoVDLXWDQ|zAd$44tT7rYD;=u;p7}m?z)8vupl)bB{AT;Z z3qkv^wgIus7z{3n+OaU0Ygl#J_A)Buobi%&^5nY7G!rU}tl=4U=3)yR%Z`dn9V1)) z%MLRrKzOn8E%&bV<1;eWLcir0ZG7o^AVj9<@GlLBsS@x@(qFl89PBKy{L>a3&RMxf!_jPxeVJsW$=dDLTvB!sBkgqFCI%Qr=NnX zQa~;hz-9)h>E}xpl{6l9Hlbl*>QTqTG+F$@W@Y&-ROKqZ0a{^DdNKK;j+JkbNl=WTGg90R_9O=VOv?ZHy%~)OR zIiqWjf={cSQPH~uX*@7ch&}O7*eXWKf&dafo(!$S(x=RiLmz`PbUn`aC%xOL&FsKO z=aY#}SdOhoi0pkH5a}xW8$`PWFCruA?Y_fC9k8K81{?rz(GQW%DZxPh9&nyhTcYi- zPiyw<1-3adaz=!Vu)Fc&{(B8RCzi8E$r_%JN-f<6L*yGn?}kFYUte02UuIy-X0=}z zRvV$+FVUp6Mv)%Luy+rlVcQ6p3@^8JbZ?u7;Fum((AYKRc8_W(?+mQZY{st@ z{udt(3Vu_3^^&lLTXvYeCBqi40&WL)tfCPy({}17<%9co=M_nWhvRK|4^NYx;B`jO zf^@O{MjvtqE_qa|CnY)nHvS3e%8%xC?&n$2* zU9k?9WFf8L*Z^r|)mA#QEEzCokA&du09Bm0#$TN3z85c`wZXbPrG!H#NeMJAiE&AHH z{QSE8u-dkIZo74l0!12^o>JGaVz>WKviQbt4>hHl(RGS3%He-A&U!)L>=YJSA|mtE{XJ9PhdR7}ESh^&^# z9zsf!=T76?k|YYKBB8Fips%j30Q+LSk&%(pVn%3seD5ruM%L@$fCVicn@m=4E2M%5 zLk5YY%*FTSTOj`5AE}eeUuxYlub7?NHR&9SZ94IAIpQQ0*A+keLCPJh>~Ur+J^Wd00M*)K-=B!i?(RkGvBd9Qeq08%pLgvVTBire>8KT_I4@$+m)0 zirvJzeGV^z=Gub4PKdHE{F)U1E7zBUh6Zpi=wgyr-0a_zqh~?FCe{54B!I)zYa>!&?0JNuX?vG z+fEHQdNXk>E|+LZWq&cH7LtREX7%m7g6a`^*HLu}lN!M6dfI}cZ9 zAvB*Q6DE}>=@|X)s{0zepJ8X`=2X|IW4Zt9Hsszz!@5jJaYk$D=wy?|g|>d@&PkP0 z7_)PAbtR+!TmPT0{^xlBITJ;A7k~ykLqY>}GccIBt&Dkg$2%CFh|f7)gh!!Pegclw7B!42xZWL>9S1acL%cP(ZUSd!)<%Xl+&*GLvkDPz;Y5g{ z)6Vi$%>|2YrxxHi5FnNn2z)6~wfv*5{y|;r0IgB@Pw0Y}n*#Ia;y>)aGMKs2>I?#Y zJ6oF0MVpN7d}K_1s1qJ3OA<{7FPqaMUs;2)F#rb+2EP<)f^;ig+YaOpwDv{@wR|a4 zs1FKT`F*101$Qyj1SqYdHv;Y|L1*V68|eJApI0psFS*a%)pz*k5_)Bxho)ME4U9(#x>M1Q$j&vLQ`h)fo4iXhpn0${xsH~e z#SL$PgMD#k;={-yqUju)izUm|o|i8ui4A5q2f?sd(Knoa?3<%5cWJLCh~Jv-y;uH( z9`q&q+;Jq`0GI|D^cUMLgHm+&gy?v_&^W}lH>eox3 zVbhhaklgOhQU-C(>Dz(56tZ(&1Fle57hvO2M6n9Uf$zxKY5q2hgj9@1-Ua zDeZ1D(^^0-4WBAf|L%X6K7PDUTkDTZ3g;hG(X2C+<6gr-EQE(#r zz-Zph?VjsrJ{S&JZ9o}C$nU^tWl9pyx%6yC!a~mT zE8^_e<;CtL%1t`#hl5^eYcnx<2tjiCvGR?J!z`tQkxo|?6GVGBc;DTWOSG2p9{4Ojc3PzP;vlY%F65HN z6l#36E{lrb0pr4$)crN=0gM(r)@fhFFlJl4qZ8D`l-mW~ba+t0?*jfQEv>xTfmM3v=B zHMReK2Uc7E(78}S@kdnuVafsJ_~LF$?@XqI>3goY_$%a!^lulTtgOAC)0to^)j7)A zlBHT^%~bq8<0Zn`xGQ~9$#gcDG+^7DEOtpu)%17AVxIY5st*Q-d*6#ZVUI*8h9F~Y*p_Ofim zgSah{Pc2Ru4vlJ9UMPmV?9AT%mdOh{m%P*F58Odc{aq6*jGt;W1DCcBsvWh?32{ZQL2~cB7s-hX# zV_Txhhz7H3IMjlb;2(c1m6@S-Kn{s}TNO{GQ|h4BGD=1}nLm`JTNso9#nc1`8C4Mj z?po6B<2c`2Gyfcnh4vcLqRL(Gxfo5#c?GaGG^%+RYy>uDDku+8e(xvMyi2i#t{rgF zP`;Zx{?NL;_T$@3y&Buq>3laPTWS3Y)(GdJdTJa1K45t~Zq3Xd0B{}4x8m{^$5eEu zTFWYvKUpt*LlrR=&b8uwR?aTT;uNA5Mc*gKAqx`A8ABb>|anHahjpk9*NCWD`*ET$d-e5>BHp;?z zM9W17899H>JVLKkY~-v}-945xwa#*@(w2Acoz1>gc4-%o1wF6~Iyli**-062;HH;Z zMLi@8AoHT#$FsKqAWp zM+i+n`MF5AUtF}rQ>yu0u`!qswEdlOqOb6qvdwPw9*%;{s*($U>MER+Smyc^FKN#? zH5~D_bTz-kJLeRQIOAm<%npKRoBS_WV!Kl=5w4}4Xsbz1R0kfN(>wK}uD)>Z^`!^K zU&~_DeTa<$x4sMB!gg8MSn(LWx{{thE<#Z)EfvT2ybH~AI5Kx>8+GP$=#l{lu%oa? z4Tn8_v$j-A#Gt5!?jy0XiE@+a`fo=tCc&aRsS13n$~!!5yY0A>Xe>?7w;lMcr&B24Sw68!A*=Q8sr?&3{j29+~0no}FWu zom}FZJ5Cb&Hn(b} z8rzWDTa~$3yn#c=i{}Jghh6~Ql3S1SvwLNEt8*f$*vISj08sf5LYM9Ca#dGEBe~C| zKW%4@hvv=jZ+e1yw;>aag+nY0$G6)aAFd!}K^s;`MSV8#(?n1@xz8^U50ulUU(7zY ziG|Vb$ut^$?YKAAmQ{=}>HDj&aWr4KJrQu7JD0kSZ@LC*|9(6VJlyU?Aju7)St0X7 zWhm@r!QFs9ZpUsOR6a2x87cNWIr&k^!i*zM>?X>b?}qZjWP7xEC+nfLa@6f%Xm3~O zm)>twGP0lee|4qbeWv#k7vWRA=ysaV)d~U(@_N7Kz_e*E1_nTd{t_nM{Dia{;3G}( zMeql{+Am!w8&h<{E?Dl;Y6xY9)eO-BNFAfzVV-qr)*fK;iVh9<9FOt z6?$L^F`zJst)2PIL9F02ALOM{a{3M7>pPppbx%?Tfv(!>A!7)HiZvn33!59ZZTlXJ zt8Fd8K3Ph4&3f@W)-;C(ivRY&a>{^>{Ir~&!igJmaEYCLAl+Rz1RorXx z9Lg%tHsc9VA@KZYQ&{@A!3mQQnrXt2mhpTs26~}%zc9`4gQrm?u6tAsf`!-|kw4Wp zaO{CT$n{s%nMP={zQ}sLaBIiw2Kxw3is}iC)EdW*&S^Z?groyAr)PAzwEc@xW(Zd- zMD@W9__$(Xbk#8q$oH-m=xUrx);{y54P^z}$aeOS$c%tB|z z14N(Tjx|WQm17Pd)pn9s*hv|^+Tmnh#-@Q z#Gu;^IZ@it_yD$?y1u?{a#w_timdV?#}gHX=nIsp)avM$?<1keLh2+$IiL1X^9Q2n z@XSbf<3c-jVt$IXmqo`)Bv6E+nm;%#)MsD|-KD~4dP;|v6Gv2s;b@deda`*)`vs8p(dl`MwsLrUi=iI}jSq+jo_YW*n<$9VCNhE~D5+rddp)65I0yQ}j zi4Xp1{yk%bnN4|;6jZx<5b>oETe6us#O{diTG}`l^{#<8l z%K5Ku*f2!+ejl83odZ*X)tiYzgSm*z(2<;qCk)_*!)=A)uIXemb5E4qT#R~#RE8h&mZrd1n*woDY` z!XgktB!mu^U1jR*L$x@il>%B9p%HT|aBC@| zqinb(Ni#wV5;raF>TWU94xbma?0kp9IIRIpE@H62Um4om zefLpA2*z0INz)s0$x%E@{H>oQOQ%j%Gau?tV+dsj>|D@;vE{j2ZLZ1x4hE)+I^$x) zF%1-;MPA&;bD3_ZaLe9EJ?60Qn?AptT9gU&*jlVtNVJ7>ku1+O#$VrySrr+e43Dj! zs_ouq-#8XGG#Sc{8W5ets=L!<>#ikrD1mGHi2&`-j}1LXEjY3zl)BMcNRdtS-f!GN zApFfUX&yxxA3JUwU7BFblUtzBFM5tAxrItljD|sIqc5Us7d>f3T5ypzsYYxfvvI$? zxD%C;{Sye?WYTe@3Sq6Hj4f%1^rx+T`Ui=y`iWur(k4V0 z4ofQ^>EPj^wcs5c>w>huM^xflA*yk|fe%he_JW;8d+84@8R*vlRLty5lAN-z?ik=!gc%(vDu z#KZJkRcz=RZ>~AikmD;M+fHi}(la@m0HReWVG`xkG?%yty#10ky2uY%*@6YEB?-Ti zcrq(eWwie031N%cGGP&u+UF&H&ZnD9@O+jIY|WJku=nxj??kg@V#vju@{`h=BtnNO z^2OG_r1;`w_>p*pbv93~bco`8NGPdTA{yWHt~`ya_fN4V{r)s77K=kYE;lz8Or;M7 z7TQ>tN(J&tUep6Sd(BOv-Q4>oIyOO9nknJC4C~!(`AS8s>goCykEaIz!X*+1b<76F1v+WNI#^T{RSPkN= zVtRu5iW*1vn`jMrSM5Vk{ON9=h{I|2W)7n3JS~o6xh6q$MAn658t^^v&`*NCux;0~ zwgWtD5wY2lpVc7e*{uDqz zg|=g6Dg?en_#O0Vwv83uJ))x__sD6dq!A+mqdQDIJuMR&yomdcH_=UhNZ1HYxTdcy z#B0_!0^+UxeSyy*kwK4l1f>myoK6LZL*+Wr!Yky8M(cMY(&Bs`h6EDvgu~h}P!iTv zV1{4LEi+zX_IlT?iUeVa{I$G~f#g-%x_5u z&VwTmM`)?yS1$6Q_h#9t7~$qFBQ!>hH`?j?`nsv*ws1|~!nfhmwYv~grc{crU;T!S z9bA`vhq>}l-(2j&SJz#B-{H>tHhyHRM}x@fjsZ1xgeEebEca7v;zh3q#HFnpPSi>OQ<B7NPtF@S}brf#KqsFP_oci6oY=!VhqSSSL@krDoQHLY{*skl%2w3j1=VG$_M; zy>PB-SFIut6FPyakWddK8t=a}HE~BezK1`p78P}PGFWHTP~RjPU!IpJ))@*!oi0E) z$e(W{_Qii9S{0%DJD7d zDo7{WiPNGcMK8NTWA~BnsnM7CvS_??RIe}$QDdlC^+IbNK~xm2+-<(J27oT{q+%;GL% zExY8!rCqi2F?B~k)z@7)laN~^9RB+>S^u7g?1|_ivMr0Ou^mit&BCBjVlFWCQegWB8IloF-t-)W|$O6b{ zK5sb>ujp8^N;^KUV(za73UDd}%L}@fjU~shPMQ?=G;EZ-)!5rzmbSi#j+8B2IDRo{ zGej?r>>#Q=JHN9t2{Q%6?xws} zOt}Fx!c@h;6+ii;TSWKDBu^(-!Ec8uwrI2 zjajE^T^2Sr8%RN1EgPU06xLZ41t`SObUxR}B+m^{0;9eZ{|-$6+y}psp@Gu+vrCno zKNuEyZMeY-j=s$KTxlA6rJaZQ6SWuLY$hj;uR=`E0v!H)Jit8~!uibM4xbo1AfqLm zPc~AJ7eT&v8Cz)v!HX{bZswPf-3}4;dARVIm~L*2`D>XwwsIG#eo|%^#;e8l9sCXL z)RPEhj|3Pi&!TTi;=c|HD3qC-X`>&;2;4nB4=LJ}gzGEln+-2&GN~hJf=e=GPMY|y zwww~;;srV5Yp2hqK=g7F&L6e7T~j-8)qeA+tL^-XFsHPz$dc8VibS?^GgO2k-+i`ZXh>$z^TWuJ z6gT%i)3DrmtvNrT*MGIC1d)Q5G@dSFZs_up5Vp)QxrZeBQq?K0qK=lRN%V1E-Jxe1 z%LN(!!ZZSKLNG$)C)U&h&^4bB&9gVdfUpAAh`KvFv#!IgB-Z({+vdP8x|K7Y^y1w~ zN-V`%)A=?H@v)x$j`EYK#jP7B?U&Q2XtUwXJ6^=3O!C1HU&5Rz5V0wLzyx>}PZK^1 z1$(Xs*tbrneNo*QA9QPP^W3CbYg>yCmN%D)+t(O)U*11&{EM=r04+X5UMeqf^vvC8 zwch^n@JmfE$PCwD7s9O9&2Dnqav)V0!rIhQ983eQ@ZHn5IQEM+S=-6;(Y;)%uYl*v7~3pv5!&EFx^v#{5|^|Iiw#wNBL;@KJAm?Xqx zl*~^3IE-z}qAPgP;L9;SX1Ck^KKO~Z1)VJ5Zx2?_OZrEJ43E1+MDmiuea=B#zS>$@ z9Reb|$b?UA9mRs)*f21D0wSxu$tJ}OKco8T@kfRW!<@@O#T7d49sZxEOpOF;Yqt)j zuO0SXCrUnI!P8Hq+!3q6Tjq~c`bf)b!dVWtd2-cWaL?2hjMi_-j2QbdbYI1cWrJKj zTSo+t6C;NWF`3X4rH*J^vzEMKspwSXpMQKYH|Vz*^9Z4EbA^u7UcS_tYKd#lDFmq_CKeWuW3yRkW?KLA^D)^bbDXacMY*(_H`* z!MAXgtuEVV91YV4Y?QHn%ato=}$<-d|CtwD^hp6YZ=Z zKR=WA;Q-N6t9H^-8!oqO{-O`GzbuP)7aqJL`*SZsdE#!vV|TLTY4GW3JW95trY^>q zt|I{4_xAD`cZ?DiY^p3{<^96Sn_Qm@#tCEwYSgNlvV@@4x-!qB9jJD(9vn)nHmKO( zjMw$UPjHoqnaTkB2Z`!@PP6qd8$HoJ(bW8@;tbZ1AhGbj7$!e^c=}ip`%BIEQ-sRC zEnlK3x)lVoPBrhl_7^)gz$hzd*4S)mUB4VruretGCMBf{qGPoVv|?Z(6?M z%4@3ADAmYO00V%-%@wx*d8lYVT%UFAlQRkxx66-%-SA&rP?W~uf|qEZAghP zxYdx?`*@Rg5T8@LJW-BIz;(z(Qq#(a5}ANU1j;<@F4SE0+jJlo@|Lr5m9^##D6K2J zDh1}IC%;D2oWiL+!WSGAR{FPI5!|9SqtPEIcC_#G4A#t9 z_Y`PYI1gpmB}++<=OcwF8^6`EYI}uP6qwPN}bUtJ(?a%mH;f zMyWQT+=Li1LP5)(Dm6S^rSk0?Tkj$!KK(HU%@Ca;m5UTQVy^8_uL}#vVl`qcIb@UP z&(9X(H|&xOcvW+2Te_ls`jG_@ht8>d)`fr@QP+;Cv$}6(|&fnz&!(zLsiQqzfS^1bB(DVv=6YM!fu@OV7xXp4wjNM}Rjj zK4D+FDz>)}^puJ(&ss`PsMda(~NDXkZvFG5&KFs}{ds zEzRQw8Dm6n8M3rv_K@%;eFcqmE?gIDb->M`Kwh zajDikkSbCUl^^k}R;7~vSVDS_(USLQP9Te1du4J}NKEV%wIr2dg^tErDesT%o$U^|mRc=UqaprrM}vfPx0 ztQSuP{Ma$D??Q8XLAge|Tp6{fHm=rEmlr+@Jf4tOq-I8E2Gd4OfUne8@}^Z#LuTF8 z;@9F%UA(frq%dp?GJXI0AL#;_`t;Z+SFB8YBj1|MIu^D(PaudC=kfm(MbDyL>AHa! zt6W~Yh%Q~wQb~;-T{hpm32C{}PPYd`Z-?Ztj(zJYS@U}?N`z<2Vm;BkG%o(*1u$rN zL{}WL&_ZOfDVM)cY~6!*Jid_jIoySJdiKvTwJ=2ERJKTO-Hs|=Imze~mc{rP)g z{ufmPAy5$@^12Eu69(l*VQ%PxTOZf-c-3&vL}$dD6@2poaVV z5#d91J({f0?7(S(cv-}=Cay>qqK-wGdzY`1P`y@K z10PaE>VN^$^T{tN%Gp1Loc0l|s&Ot1xkhhEx7)%3{m4<34=~I6ZA}iR@udfn_yaHK z?=n%{r{lWNy9Ko{$ow*XL!*CZ{_HHB z2U2t4Hw&Tj=yw67Z$3$fs;a!ydicGND=H`m(YKxYHwL0lZeU7FODO@TbfkCJ`7u~b@V;0A@uOa7*%`DrPzR5UsCA*#fZbkJ6h6-{ zx}=npZ-5(LKBYoo@kz&{!+I~me2ozz58zMH;plR(VarjRo9h=B7q=KSl)OruvpZp6 z)%)ucUROPu%TuY&Q~3V=eu9OHvNBe=c6%BV6O-q=O~Afe(E?C}FKu6Ns*8;i;mnGe z`!% zade)%nsInN4B3ZI>wS)%ZQ!;&oSHui_RDGXdT@3+=HGK8 z1SdG$i{|)koL3|){GFZL-p;Eu`6v~|DyLi%`{Uiq$&9qLG>iMCY0FNQM{#v^?6Ug- zZ9%A3jiLBT{5C!SPwg-I!Mikdy}DFP`aFSs?i|Z=7sX-PavvSHmSOx3guCMD-@R4P z2E6EQ6y>D@h6=lX^(a3h!QaK4uI9UmO=I_Z${}ZPj|?C<&8w?p znQycq;5qGjJH5Cl1<=9sfBm9LW6*;(!$thGvAJnjfZ1zu*=@{XF-ucm1fzM|VYeaL z;(kTthtPSqoo==>nh8_Bx|8iA!)!9D_*99m&iTZJ_NJUuwRpkdm){2r7StY7mZX+Q zv+9z9%x#&_d?knYzrF9_UTPU>glkx_>r&$5h2qJi^Bi_Y0US3ruktP22MSsy7O<|b zUUfhpa$QPlYRM;paYC92+iL$F;A9)-efEreHK8a1J{jPw0(k^`KyxU$x3?G0D-dnd zaYy#*YyDKCuS0%l?~Vc-k{LU)ER+6Wc5-Vni7xnleqMF#FZZ!loCG3yAEkvh%5P1u z9=wZgxXEyeK(_ZirNHj*G!FaCZz2JJe<2A)amVdCVvFZp&39+O*hn)|K~1eBkY!xO z%d34~K~q!8p#O)w1>t04fK0Wqpl=}41|Sk8$#B{HgGTyI5WxlT8_@yt{P_!xelsgj z=C>2>N)M8glpfK#25}3u<_CO7N4o49G0RAtLyc+2(Po?1Za1AE>T!pkr>3Norym~? zLgD#oig2I-qF+^AA(P1{Hr>12o65vT3qc_$1k`?1Tz&VP`n~Y5A9v9&;f)qH|HhjE zCVQ8F;Ufhs!>p(#wuQq_HrZ#|?{+Z{SU{L0Ks9x)n_9bIYgmPpWHGO?)&!$gx-auf zs5*H4s!F}iuwJcsZzaPnL(qRHo7}+GfyGQJ_TucJ3UPSjcnJWXO9}WxKl1#VoE1|!5_x4Tt%A+Xbu;8O;#s1W2ARmY51V|;q<w4!Pgq%Zf@W096_2Tl2jl=SU$+6_H`&*b|4z92E z1NZ-OC+G3*39nXn<>kjg;t#OE-8H{CUYeeq%nM{-n9cUOPSyARngD3BI~DvFfk!IG zz)(Hu(iB?#jhHRqqg<-g+$9v7Q=aWgPeCD{>E+1B2I;PB#hgcKLCjFz|*cd3T z%!v-r%@yY*Ej3q`N1A(Wj#V+8@T$q0RI*W$su3C^^-<4?!aD+PH>71jsy9_^f~V*?WU zYPv)rkqOC*cqvHB`JIU1c{GrcT?V~ji|kB@Tsl-N{-SV_@v1fDU>)D4u81iZg{;Eq^m?8o)@W_(3`^K?upW1mNBK3P5`HHOy5$_zX>L1XID{Et+U(YafP2#jRAGlsV=Q% z?P1o1nxnpR4lA`VFGA_4_@1_(;QC_YBFE%;x0M_o+w}7M05W?!jJS*P{w>4TG2VwV zeXcHyfHf#$Xlyc;ODLfaWLtp$?Jt6L>7k(^Gr)QZ24{NFUtl0d7CuQgDlqp0{*#+_ zvp)~6uJm?b@NwiG8r?w~%Y>41^25F<9&PK_uY?t8Ijm($Rj9wcRH)OC`k+kVu?)&$ zb6D$uGbEHK2?*!Rki7^=^xFe!pji-MaTbsG8!PI5IALAFpCJ4|l+3MLC4K|j^BHS- z6q}eh|G_hFF1cI(MG4iLw!ef`CdDh0vToYKRxMM=@43oDmqX zj*%|-(f9w+_0>^Ptzo}3LwC1Gw{&-iq%;iO-60_zQi_CtNT+mncMsjjfOI1z5_jV{ z=eys!Yu&%3oZ0K$@4WkYo?o$^0(lL0KND4Lmg{W4B?2<(N+u4Dk0#~PZxj^N?5XCv zfT+^aYFF~=v20l$NN!o2%;S%9{I5Kw1s8YiW|;Zv6ZD4-u2UxMU_17>L+Nr70a~b$B$ll?}6c!$q1xl z=m$0M6Qihx)tlvC1P58ev*pleYvzfUW9^|yWzIv8r81`$wIb2b1yTthOvI$+w&=0f zhU?Ps!8?Qv>xNFb(WH@Xaqiy;_Ao9}hpMyZuF5axs)f>1t?5c%57t4Kf8B{c0TvW* z(d%~=NJY&YFTp>~$iS<0NG#ch%OEtay(uy_G*P?a@Co6tR{g?S!#17Xt$|uoalYyx zBJ&T0X#L}t+ufx4y%oJ`QNP_Q%Dm{c2d??YFEeLrzuffx_(H&s;XWXjRR(i+}8>g$md(WRX`B%$AqJ2xe zVBpI?wou)+WBJ46(L#5}qYj-=x%R0#aVMO^4ISfvIYIn+A;?$z&?0y@!$cPDWp=)C8v5A|w`skVc$9Tx(N)Y%3e` z@?*_WE=J6Ck0vKy>liCRNY7GhS=%u6N{%=gn48_OMdsOiX&F=n5x*Fsb^0P9h2Ho1 z{>WNfqe9{K959s9lG*^=EVKlXl)r)&RO-*h8BlqhUj5IEhcYMz``$sM!n?(Df#Q=?Wbb?$49)ctrv>z~ilU5b`op07w zU;Q)S6OKv96c&{ZME=qO19zmB3hvDO5o92o6W;^M;*h_PDIq@&;q;(kEGDkrcs`W9<- z)Pk3L4-=Z^Vi49)6jx7J$#O=J^}BcP_HtL_vvDpx40>v!1Q;i&9YHZBHa+8xzp%)R zU${rlSZc4`)(4)X)}<&3)gI<#2Ub84m?GJ|nrF90l< z@7C*x7lJWUZJTiI>)>Ir&gsPg;~Zgm#PQ(s`PI03DiezCcbU9Yrs`hxO7;)ZzaJLU zq=a--@Uv3OQiT?pRY**8lLUNV!&F%884JsIzX5|?ZC!(d5wiU$gA7Y%6O^T4c2|Rs zE(1~@ffYmc(0)7DpFk`s6f{|Ge+ z1PWRXSVqnsO9-rZ)r{&#?`j$wDC zs7_hNi7KZSzN1534&FPj2R2P{{>AkDM8oi;&zalTjRoWUe+Nyhu74JFbzUkz4{Czf zabPB6QWFsIwiwyvDv1dlc$U#lDEQ_d4VfJap(S$qLTpC11s~7p;gAYb*0v5R+CRxw zRJF-E(j#UJknAGm2Ge*EoP0_~t9TvNI751WEgCL-AEDf>(bVh8$w3+#e>xo!3RBjh za4O0)_}xsNM@aMZ9?Rx?s`;hblP&Zo0%@Y7_EmO#)gkU?HjjRvFgT4psjBK$D?HaU z7AFb`NhXhCc3j#@uxYHBk8`y`srH(zj5)K1;=Q|NR9(k~*e$4Qnon#{s`qWI-LaZS zarwvl{)tR<1)t#eqlFCLecEQil|3TXgzOi`b@SxQ68ph3IOqN=g4$U16g1>WxuyX# zsm2zha)hQjzDKqgec-AJ-)W|f$geI$AaJOt6_4|Ll(-Qmjgj7(g!s41p=gA%I8P<_ zAzx7@@ra#YnMQ+jBA;AqTPD5{CUhOR>7fO*wJJUoGQGGD_^3NrSC6i!iU0bhOlJkS zL%egqvfP`L&+o1L_=WN1+@A=scRSu96W~DrHzWJ?gbH7YS-Sz|Tn#~f%M3os-R=LEfU$4w>^NW*%C*K;+VOlb=3t#01hviTj0&~G9g)JuA>ED`DQ zLnh%;I)lb*hd7>hGd(w$QSR8+P*-weX@hyA`H?-V7Y&vI?Hz5c5_7`HwRs%t?D>7# ztc2rYDYS*serhJYzl2;R$6ViDEgDhB4uP$wo`Mo1nf124GcTGFoFMmMzAGAIu_#C4 z%wrC{k^!5vmH^GjMg%!6oEn=DM4a|Jbpm+YThMYmPLvr$k#z4OG#rgv-Q>|}YznSd zgm#D-6`5sDy2k zTuMY{vq4^jH5_Sji`Km|oT6hL4KH&!8&Jy&B)1L>XTg0%o}ww-k_>y!Z#IM!ga706 z@9`f)NX{Y_G#Q`lbE;`s4ehsheZyY85TB94TF+3iivK9&l5#j#4cFs74*&3i%=LwV ziQ-aE&4W#O?wiT?j~#Db7WTYZhDZc`;fXevbXXqJRow6f*-ZqbZ^`~1#AkPVzj7p_ zU6C$u5^uOU$;&MCtIdzm0f@0km)YcLYO{|~uhAq{Ee5p$X@3IyueaZ(~_ zRoxntb#zWbd;7eE(U(69-6M<}gq+3S$``a@-Mnn-F4rBEi|t5!SKhyl;roSf`FU8q zJSlI*016|A!`_J~AlAHy=G*?$y@dWQMc+zEX|cj?8(Qp5k0hU9TAMZlgsShV~7FeMUVZW>EP910$A~(Z`j8g461^ef`z5^WRQlh@vs-a;N zsVzcFLemf!8_Y}Z=yLb3ICvwmoauL8o?zG3goIz~i4UOHG7>3+f)`qv*DPsSNZ6B? zwEXvdysAUV5_u%E#X&)o(CQ%F$xsKxh-nyQ12Xm2bKyn{H9qSeX$Kn&hCk2vdb$a6AP=m*Bai^TSKN}+Kd~i(Z7e!uzW=tf zlKKR+%NF!)Jr(k;s(cX1cn(R7BH;OzJoRyvJD3jSLLQsDk)otYelhVaUaX6Q>9vkOI}2p4Z`3d&H6-baETC7HFP`7*peC9iA#YhQswq}wu+!zxp*a&v?FRk*)P$nZVXju$E3J8dp4AlZttfX||{PzCvn{)%_n-{pM8|;c7+5;osGfIcTee^Jd5d z6!K#41OO|z!V-<5?-hWZ>?IJTccX7{1B|~s?k;VU*(w^(+aG{@G+!a#%i=qfk|V%7 zxG-AF@9^-j`q}Nyj-3(AR{jLaRy$4jg)uViI<7k{2qLzI9Lf@|Hn^@1eJ(k7&}#TT zO&$k!(C23Mu3{!b_axxve3yY>KDTNSZ932*ehgUUX5%raK(;;#+vh^T_#qQRL)q)m zM zRr_0X-!M2>bbefY6G!sFl+8vye#X0*yHHB?JalcmS<0{7DCJE&hFOk(u8%LbzZkb% zNt1*D1Ngd0&#B{=k0HxBHr3VD2kn)C7LG?~Io(eb(YlOks;)}a(Ya?CaL#?nSB~Ju z>iAwZ0d=j+@I!%l_3mV=#(JDX=2tc^c1}!Hbi#R_b%^-9%VLXpykEy;DQ2Iw90Y8#qK`jk6Cy% z*yG=@i+GlbD;KgF0-xS%sRG3LjsyHNY-2Tb^{GQnM*nEIc6eKX(}oo%4Jit{)OKK2 zg3x{BTjQ2XPc@zR=1?5YB!wo4LhhPBp61*E^2(rjHaIRVkppuMdzGD`cDmbczSc8e zGFcrGCIQI{w>=Xcoe^Lusx}Uv$bllc$Bj9EVK>ZOT?O+J;Pc*Se;xMBgb#RRq>oEC zR~0!&kX&48_v3$nVg+VD$LoFGStr<#ye|_WYtkGg3oa-^#;cg3U9W8-AOGI`8sRXS!x0$OGP4{4yBKsOM&-LlL&*^xKGLxu zJ9#cSnOzC^p7=igylO3rGcrY4mIPTwrAZSW>NimO@j-~@g%j6HV!w5#Ra(~^S`u0h zM06F=$<18*SVS7~a_A*sGVm}jp^#ik>B#}mg@m%H)CIoga9g&k(#j=q$46-KsnJc51SzF2c*e5J|6`E(4$rdAYeSw6d?dg5gKZYR&plLke6bGex7Ddv1Y` zqoz4vFbX&ke=V-7(=;SQPpu243Hm9*z`i69U)x#(j1Kim1=GvM)iry<^VFlw9eq(B zM$=i7bJt1!{2Xieu=}a+1DDD6%+;?n326+;z=2qj%c})rZ&aUU!{Fh?2FI@lwce*j zR~`PpFH}m`fV;H!aPvdQGwXRS{ysAN4)E$$ujBPP(v{82oX6+f$nGB-Q)&USO>F@~ zw}VsYeo>ZoECDg=7)EC(y?PL7f9PrZjgh0>CE%c6Qf-=$!smieMLJ)_`}3v28|r?Iqx?sf7r$Ngt@- z7DZh!(j9z&G*g4~4>8MQL%aLXj?MNqE_6#GmKX}S5^R2#2$hdf|7n|}_rKR=NjW=`a-X_c}pJf15?iEbw! zF1wqlvI-_t$K5f0+%}#qQB#my4B^F4teO;m0y9~eu9bfOo(tUggptwFlKgxbib1hB zQ64t7I6kM<;<6DSQ4FsjKfm}#b;ObbADu|<5&FFBLc{}AAX>I_TNU9GVDq1cOz9KU zHYHy6p0T(h8NC^RpuUL*W}flm#g9|OxwOHj)dFK}1WMQ)5xWGtG(=HnbaeV4xET{K z{db|kXjT}VYGlq!buumXrmxm|Iof^r2{)x9SpBV!U5H*WTqFgRZ7 z8Vj-=kb@x-)a9=-&886ZPc<_$OCrSiI{G}dBf!wcZZe$s%K!24;!CGb{bjITPhk+^ z697Xf3WI1)j~jnzOOdCZ14u3&IAsGhWc&a?C)5_g=pPz8AIg_Sx;~ksgCeJq;w5Aq zy^re-ZL($6^2-b2$^#~rz25CxwYbCDaP@~%Chl3O@R?X46=q$0dy5)m)s?-m)XO_u z-|b1m zQst>BVE=GpM(VLvno!J~Snl`mTBP0uDn&Q+uu0UZHiGDgiG5JzZTE*}o}nzpdNQ*B z2z*YhbzVu{h!7=^qPTV`i#cuk75`R3!lrLM9x0sF20xQmEmKn9ur!#eEAt25L*6yz zynVT(I^jgUqHNbpW`5hVO5r0&qBUc5jB7R4SAS2?KkQ(UE;G}eQvlpskY4UFzFgHQuGBcsfkpOSxo#l#pqqd2XaHLVR! z!5PB}WAA$#tasg@X9Dkg-cOXgz4iF#RA(M1Rxt3L&x4V5G0LBWZ)n4!&bo@Ed z7|gB@qsMVlHOb7Dl(|m=PONNe<#IQgxD?&;VgXUyvmie6GX-OE^|7#Eb2 zd|AlLnY<4l^IUubNyGR-N>w{j?ydna-h1~3Oo_o+}H^)pM zj7)>m;53VGsUh6S90T5L2!IGHPjidF3Ns`xNb)+Ht6L1CN#nuQm&g2AlYyu zmYt4Z&$IBvQ&K~|zK1i$H$7&|u%`!gadf;~EUgYSue_F95S4_HMAsJXTkp2J251W-W7N~yyiNQ_X_(tFI2>KqfN^7WS*F=jWHdJ4n4`-5N84f`h+K33{QyhPnwe zluBGTK02TVtYP}!L9Gx9;bVl-t<-zzq08WaqnzX!VmqA}LdRf&K_>hm1eoTv>WRVLAd{u|kg7gdFn3r{g7%Na-{BG)F9s9-mZy*WVpuV@e z%|QUCoI0=2K6Lwp+?q4{0m z*G9e3tynZgGyl3wOTYK7xS3#!cwV6#+H_5Em`>RE2)Lg!>x=-wR(Pw??Z->Y#LL1` zTpJHFWDn+R;c(~`H^8IZ9Z#g*wP)Lq)dzZ!4-A2flX!5qvMp=ll9qc-KL5Z2(oJm^7 z3DNJJ!<1a=aKIOh3ttp{88}6{S(6>!R|uypNbJP}$}rh1z(9xPq*b65cT7s=#&q-b ztr+$RKU@qZ#9{F*sgs=x3aNn_uuL;DO-%L;%|wJ_=%MoZ-Vdw3ms04;6E#1c=sF5& zmJEf1xkNftP{ml%&smZq2PMH_ll$4FBmGI%F;bs5<&?;_}>zkuCSr@7a6enwrQEeKNxvyTZZI`}RCh#r`#nH(Zy( z*G-kbJAqu9kr~8?DrD*Gp1VBWvOt&Q*?GmI<7Mk|Rp-;iJRGXXTeG9%3RE8FUDGw$ zw*3eUGEhqA`X1H1l+T&Tsoed00sf~`UubN^m?1C$^py#^!AMTS?tThf)6bb^upcWb zq?NhmpLJ4v!+9w%ArS~8T}~%EH4sFGOz7AY(!^)M81^L21Ho?Du!4>sLRRBSxEL~>w#KD3-h%K zHWs4y#<~r9b#`U@HDE^@ioG+QOtc^`MZg2W0gJdg@<7NY2H&O9g1LFe1ykRFa-Z?` zvbz!SM`@Te6l=GsJ#i=2qFULZ!X>)YP|B+o8~y%sFY}u5P^`bhr5MN zZEXwPBr5+iNg(kWMz;VueD-h}XgoiVDS-~%(*5&x>G)M70qT%h+%zXeRL(|3J83CY zvm&6;#;wgwXV5i}@1jUCBJ%t_+QiYS{CFlY5(Gt3Bd&*`8kVs=4LH2|{)X38OtH3Pu-LS}cc~m4GZT`k7 zec~&UflA2SBXBpqW%^&d?w<{*_Vj$%b5wy)+oi;>-~GP$x}&{2oFPpe!B@?X^yAC< zpOxKb9EN*A_|@K8)+j~d{O8xZV@(S`xZvkHBlZs=vfe~`4jTUh!+1OHEVfU$_}*cR z^$BpB8|BH<43;h-juIJtYfhm;^t*?(xpAkXHwZH4ba=5X1znw&~iw^>yqwH8SqBVT;(AVX{66w8Lwi}6d%vsWq z_f)~KH%GB1dGv7hw6>*H4ythhf77PyUYJJy27j{!Z-eGXjqqv`=_8@;Mb$j?6vZh+ zRrD&!y3wdpI=H}cFsoFTgA%nj0I}`aqrfQQ&IT$ z_HNH4S&%0}S5==|O*8>`>!ffWg}Ib|2i@2i!6VP7SxiQoK!+-Dth#b%_~+$ZXX6i1 zMB#Fd)Z=c#lRA5>e(#-cOdP#RAJ;Rdm^K8rFa>N;XJ`&SUh%(E%yyaHJoYD{ime|2 z|C#<_K$XMoT#Rr{Y$jb)ZE0b~KG@=_^eSEMBRNvZ{9xBac3@s8^rqp&^qX6OxO2dr zcR|H^4WE}O&XB4unQ4FP=>Wc4m8Q>l(C%uf9yFY_B3Rr1ssSnI2o^!yN0K^oiQ8+5 z$f06kyp7@RW_uY5VUW?Sb_r74VFby%fWzKjB_p;9z-IF}soj6XupG^V&WinSMdf=QydXy=Xtt12zEjtFSPF@hNCQ3ok{6fhE{RHr>a4!W-M)_R{YqZ^}zUq4Or)8^FQQ<}HjKRtl@M`L5&Dd`y zyhj&gG|WTi^7t9XU4N4e<_zO_#Y!6&!@^&?V&?M&6s+Ovr%6V^B9IFn%V=o9Mlvd# z$AB%1dyO(|;m-56F3a4b)sQs^*(7|r7F)-;R>M_~AX!Hf@yzZ$rM`8}7?idoKUbyw zUc^@yBXXCxU@MIO$Twv2(FTxf!po9KKPzbWn&VYOpBkM8zlQmU+?KvU<3OlVPc>&v zN=e?FD-s8vAl<-9UM+^R%&HkHA7^w)?QwxKGu<*$CN>zu7BGl7Qyh;oNS2oj0k&|6t_sl7o{MaUHd ztO#G-I?jLyQR!*z{oehuw;#tvqSt+XztS*~(1gpePZ93D0lH=Mid32G_U6Rm3ZMfd zBeDc2PX^gz=4Xu=L09!$$n(#?t#?&dt|dO8U#0-MVn#Q&OloXc5cOfM^-e#i$+5W~ zTZTH_b}IjrIi4&;BZ)~C8%`}lVknUwga8oP$kFL*eG&cG-5wy4)NONwIiY!DGQhd| zFFpLfe}c1Vso{(uRKZIBOKtq$FJYgksoB#XyVd1z5F%c}F-oLcC?=;CalUUUR@Get zzjk3l+l|;9B{XEQhTl$C(N`~W>Bv#Y5Vqc_Z^X6s=!COXN@GdO9wQ0{~9 zQeKaSy71VYGxlUo0h?j1zZXbM3KRpL|(V6 zr=I56`;9wy{W1mA7wy%lJ&30^dwrF)05OdE?@NGQ!oAo)#5E)_zy_HkY#=QxlXgf+ z5=)=nlr)~ZJ7E2K6>;oX?vLg8eozjH9E`BM#4T~)fx*7x#tR%@Q6dO3T`_Ie?B1-P z+gO+{iPz1Q9{A5IoXvq?A-j)8^ZU8{0C=(T5@u%=RMI4p*inoK`b+q;X3h+=Vy7-# zXgM~lUzoRA-c4CRWPej6rl*toLc@t>n|#|d<>E+Xfy@^oqVwx^LV}4-AVSUth!}pz zH1_o5?H?HU+-P zGq?pqfyk4oBqk024hRsQXah`9FM;5|-~RFQQ&1N*X=!*mIy&3PpMNj;`E=fs0ptZL zj6XwxafZ)}4cpCKHAXudr@ZpWgW{^T@U4~%CEiCwyl=#LMZ&v9YErCkeBV2jmuEwqx5k;zGKQP!-` zD44x-usXM+AXr*W#0JTlK?`?Hh$T%9lN(V6s%BvDCYu4|X=!PB3GmT0?Ch9Ie@p3U%Qx&u;^*u=!dVY6y%u{>1`4ZQJm-WaDQDAFAA z55NFiL8sD)juXoN!=L+jwK-Ao&6|B7%(3Wsn*AuIsxO3u06XL!H(p-%%YwqNyw1Cy z_~M-JvHE*_Ik>^g_x^-++Q0+0db2wn&39~gIOlaD{ZzC2ZgFw3!qftgxX4IL8wv#1 zNdgfy47x`quJCMtnZsLi^SoS1-CUeRr0{;=oo1Z{kmt?nfKkv)rl_An(ah9pvpbWh zsNodD-Z>EZk`J(E8;!M(f<(|sH2*m#sPnPUG$E0*KP_H8e}IKRUHWfVAd0Oja~gQ9 zHVrjz$X7RKW7c@T3LaW1OOqY%{1~+(SBZ(vD*8B$0T})wcn?2MN8~ zWt;u!0!0%)fKZu?w)T%rp zeIBt@Q(y>6;LV!1?a!eEd?F(Gt${eQDn!Vnn#{e6mme8L`=Sh8GN#wmQLZc_jl@@% zH4(4sgzIle?MU>3Xi2cyMZb0@X8_-Bd{L<(KY$61@^>bBw-Ji92XL4X^vSuc(1ZCT z13f)G56DG^JP+rmwnx7thZCblJrAiwe*oKd2FPD5-XrZ<1Gtz4Nkl+nv;q8Il#`L^ z|2Z#p5G<@+WTnNPJs5NlOiF-K>J-M{q#~uhiu&g|#z`6>-k|V)-d>+98HM1&kaiow zG}+o8!_&r*5yj`>41osP=pZnnD@JHz%!C2htvCHd#*Anyu_WBH+Z}(_PN!#7#mhIZ z>JF(yeAM(VsJo!N0OQ*7LHaMp^>Fns$F(X`w_JN zsljSEKXJULgIEJ`UP&|oX4Xk*&b<=%w&mTAXk@xxfJa@z>VEShFp$CV**;k!uxhOR zVua=LsCJSW4eaH`mz&juH74U)rup#>T`gPJH2f58%P-^1S+gl$`@)V(k2={_;Lb$3405NeT zX9NR;0}K%@Msl+yw%UX(Sq^vg<8KaH6Dr%fK-B66e;{v@yj?|mg?UH{1e@jiRMxfd z|DuT&U`RSpAqeUst&$O}hPSQ117UoJ?%DpgQ-sfnWXO%<~g5 z{<|5}Xl~eh2Va+qtHxB6mE64w1tFPok;}q+q;&_UNdFHfQ}UiM2{*f6(0!+PQ62Qb zrT-o{N$V>{*ho@DbNW>j{+{#C`ZOYhzK~r+e8Fd3_X&vFRM9K?L)ngvRjOXpuO76} zDJK)FmbQ7x#9!u&F>LgnapfcBwJC{)P5Sz|OR=95t@6p_`adu2$tR+!k~!HwBUpf( zM5UjJ24$4?qsXS0v_h1+nwrFOh+5Ji-FyGbDfwjVCa+_Ct$4}Wz3wYKAo=UvB_Lja zgdn1=u8PimyqL^>ksT9VsNT!!(Na|+56le>a16e!tmN6qv?M4gS?}sHinuQAP*RO} zpxqgX(Ix;|oA>o+u=xK_A@_k#jn+w*!gT1^*QmLfWdQC`dTy4`qdnDj}wMYYb$ILT=?2LQfGL%Kne<8!GY{ zNHzVFIGo%~97NZ+xmUH?F2l8rO&>2Rjhb=~`F)u^bjR%W|{sNQ#+C&F1o1DvQ9Bs-+=W9GO!N zz%A08Uzohn(a;L8FRGE8VnYids4usR{gYDY#wPEzhyQPJx{cP%GgwGj*?ajCI(mE&PJr9WfU!&bE=zrgllW=gtAhHNuVL@6A97X<`| z69e!naQ^IV4tTI3v>t^mQTvX^>U|>ZzmE_Md z$Ja1*j;1_9F#)(x{hX_@#3JFx!smG__c=IR@`<4fhW40w6$t5#`IL`%?xhb8ANR#N zRN|0%)wZ*jS4IB}C#WBTm#FBKXpdHHdN?118Wjq~Sa0rkXrFN({Nt>c=TjPgon@On z;v31lo3jQxA*sZ)D$qz#QXsgs$;jWEADw3(aDP?NzilcqI}V^1r6ZRILSn0e?Yu8< z&*x>Denmu+Zc+EhD60q>RY9=QQL7rdy7+6cuJx*}EBOao)IP1UscCNTj`% zTlO!GsL@U+G!E7Y2C>UCtaA~(#mTPQ3)cM$nXjQMA;izEGE+2>yK{7rJa#iz^pne#SwA)|r zXG$8GKak+pjc%v2LAms_^#7;g3C{T_vEf~v^D$>NhZ>s;RCPnDOl+FdX^`^0hPWph zxf`V>Ej}=8WtG)yi*@@YOVz}?mI+wKOGN2!CUF3rY4xIeg88nfHKK&LL<03)F)h6# zKsaYHVr4-+Y30(Q(~vwC=IQg!?XR9YiANm9?~jhu`0}+lHe5uRCPxVT2l)X{;15ep z--)1>{LEmVnwdka+nmSo?&KuE?fSy=Z&@Zujs4sZfHW zZOXFbu%(xx=r$8l5}yWuIV#g?30|;I+HZ+jd5xCU3-0kSv@@1D)UUJL();ob~DlE z%;=~CF-IQ=O)pUQl;R$}T?`3X2RKWQFCdWFin3wMCS##EA3G4m%$9BgpMmbs8)Z(H zrT7$kSKqZt$cT1_S%VPSZT^@Ayrdq@U&83$X^0NcPM|F?F#IA!2nm8AhT=B3Ijrg^ zUo|wSM36KjYO6R*jcB(ce<`Y#1yJ02ZW=VZkIj4_@1b0jh?VS*g~Eh|jNUEwnVuDf z+qKjX+Gl=Df_G+dULLt|(JIGp;@E-P)vf};4X1aLx%lay%nRORKnaF*u~`n5IWci- zG#47Da+#`m68;>75gXEc{%>(iBc3T!*IgDZfSVSMO?Bf;aBZCCh!iEUc{$V_!q4{`Phu7kz)3>)0Uj`^kX_p?92F(Y2ZadR`mZ-+X8{Ky0A zzK1wst`Go)&a+#)@`&$+QYR^%rQpo02qI%q=6@8sQ+NnN4_64O1~7GJ!vL`cK=0@I z08B1{j>Y4M3>F#9j_6JLlJCM%N(q6*hsDVYQel=C)}er^UgM zJ-hmGZ5S6Oa>0XI5M;4kzrw3Z>eP7H{dUtVQtuHf3QR(sP%JQ zsSjgSB>pL(u6sqO{5n@Q5qGGk+OMN-d0D^ZxM4+e>f-Ls*B1!-X5{8hbaQw269FQ4 zj-w-VD!@zTR0~vf_DbnIA5=0$UIU`X96)VZyt%JmF0$}=q4(c>0S0KRQ7E4M7_var z^A+>+BYH?=#UILjGBH@WaJ63c?G=BnC2$f^dt)w;w{zrL?Qv~aD}i6;PS z0gm?ZnYGX}rBS3(0Em>l36r(q&&7S)jSS%zg0*%4iUyDKx(Fa^!pot)>InF=7mQ4) zhB)2mxFQEMb3CR!VJbA(?vg)3Lf}S*ht=I@22#AAs9_p^^jr`M`4yz$M8Lj=fgz`S zEhDLE7+PtI366;9XGtNzbU_q*-z_K4!86_S+SP-|dT!OLPJ3=x8d5|*Lg(`PW2BDN zr?jmr9#T(|iouV?IUu2Kv}iyHjZ3!?Jn<~+WM*gA)^7aj+>xe|C8iAI?5XQn=ae-) zT(1y3P>R0?qeK7=Oi^rXtkXgduNty5pzS@l0;GJICbk3KjGPjoYD!%I^!5u7z`e!{C4ikJ5FVUweZ_9S5tpM)WInNIH&qg{ zE5BIdwqpmkz*Gyt`#~-@&WbP9B@H}w7h83?(d>^17qXCu_(3+ zbui~~vMT7iU+`s*>gk+{z}?W$PGM{%AezD4posiWi;*Q~Rs~)lkKk zPm>EDfeH+1C zp|XT$_q#naEszM3@V+|Gy2?lh16?AU0;#MgZ=)k`*8NncFjiS<{H18rjEq#ia2RU` zRDheMDmx#AM6YHwL|2s;Ok>eVBMY#1gBm_3ChmXpURNJMg&Y79q5>N{>+bE_=d{}v zq))2iGB&o;-aV+T>~TC%n4|g zuiim>!lRLL$YCg?6^=@wz5p{adV+dU5+~UH1wFyMrK3`;_w|t;-92>qzyA3JGHmsR z>_lyfFaZKmEKCjRP9d3=*H}cMc6`a<31MWqw`@inw(a4mev-ugYoz43Ppa+OX%1aq zPDOBrnKn)e>z}i#)lzUcYvuCPh0DzHHkNmmi~_E-NX6faC})c3HID|XUprJS0#ez4 z%*f>I;(pQKU{z)1D=t`=7%05zN_1*C0CTU!mIwK>e8Vb4VI&XS8Kc^6AyT}T2TDGu{8Nh7%U3KM7>d6IF$GlHciXLrQYnH35c1!j+f{5g^mQ{ z{Q*O@=aPW91r&woyeDSR%q`jF43bdb<_e7+OO4WzQliAw>N3>u1L#j+8f#jah90t_ zzS5UO0vu`>>`qalihx#g9vcJ(XnGEmtV||eG?zJ8q+x=(3fNhZ4q;Ut=yj3`GCgRz zju4d$0ZHtioJ5>!xA929rvQ2Ap!R-C9O2S|Mn#ne@>7I`LG#1g*Kc`*02v8qj6fPH zIMg{aK_X9(@=}P>I}0x|1bYAbmtqqz%F~&oP(*-i0k0vvk8o*IyEN`5D8SHLrs&$|dXXi;^YT>kh%5;acr^gWPW}{rLGf1v*Y)vMr0F`hyWr;c zZkCP|>0OYDNrJQ#wN6acA=owU`EN$H@lsl;0D&8G3EC_B7YUP-@2|P9$R^$a9r9cW zz$VP^yx-ea86&32zSl6%-5v zA$-QCxt13bW<&cszk{qurm7{rd@;?XT1|MJw-`+n8?h*?d%~lm2oRj=uo=RUV6mOt zv9T)~yF((+O`3l>D4f7~H>;UcJyo64y>iz>4P7^cG@DQBzuK>$LZ0;N%sk}B2uyse`0Sewjy+N&GjoN^wW_qR#41yJtg%wwACi$2FQQmR7hlk4{x&JLtZ%HF|an z^0y?FUwH9n z=6_`&A6~evQNO7As|E{C3BmL`Ye-b#2%?sv{elSx_uE!(METbm`>x+4^=d5mEl{6G zp}`Vw*8sYm+cmxKYR$N30!t!`)-Sas*ILVFD|DN>Ger@Yot5!U&c52Oes1h|5R7ON zcJ84VII}qV!(H*$B!KWtpO^nbp-Y2yEAE-Zhlwri#CSLESO+aH%0oYyr|Te-(>SDT ze+ZaqYS%YRcnr{gIiD9kwv&t45n>%Mh9`Nre~o>YX(a4_ zt#vEma%TX)mwsOSn({lcPyrAJgRS&&t zvuFtE%BI04AW;6o!U1u9y8AKfu$9V)Ao3cG1tE8l0)pGi<#m2+5%(&5ZdH__l%Lr4 zSA~W}seA}k>+a-*Xdh10ju{hDVgh;!g5vm?Ib8ziC(YxKg)eZ8*aOc!-T;aw%8cc3n%37*z4t2BQp$h!xs{F6?QCqa^Yio9g-0s?eQBHz&l98Hi`#{N zSCN<$q&e64Rxd7;+;OOC$x~I%5a0482_uc1>J;pmR!Mnz!HQF>GRpr00(mOueo+M^ zwsmgXBSyZL_Zt7ZeG(q#`0vgB*LVt88IUmo^;ms_H>896s_sUKw!SuKVWJVQe{kjZ zU}1`vzJOq+Q(BsgmAT204^k-Ltbd?nrLcj$`HncW0DINp-KN4Ip0zQ!|d@sh{={Y4W)+za#!u}{ zKCblnt%#`Hjh5$}Xvx2D$fN{y*#rEhk zPN%4%QuqvoDBqkxdoQ7pRMSA!p6qfnZ{V!%?p{m!4;u2CV;c$X+y)@+Zit*?tp?ibhT`W95n=Wh5Dekh7vj- zPUK?M`48!laLr?vu)Y%G;dQ3pc5{$+-d@b{*W^w$HEkg4T7;ijNsid#FyoI3I~L7+ z$@wEvwEA`=2wtVPUHB<6mfPKLXWcz;p-)6?SENWMU4L`BC@ZoN9Cs0oDkY>`tJ6T? z@TJur)v~(`cX&#WB`u@Oc7}F${44+c#an&-gLplzB(Ncj%?wMs_S?6cAtI-(SJl)U zn!0DBd5nMlZi6K_bN$VQxqDH@3>?dA z1D`LsvcK4dMiaP+d@bH+w0gY!JY5;!*sycJHqqgZxjpO|1;d}#C9RmYl zAEraRn0|0@3b6EV05_rxQNMY_4}1l`{+xDF9odsej~*>Kv&P6v!@we7OHe1nkhEzs zlmGqhtUQQt$fLDn$z$vg(TcFIzaFC4R%HCymtmfNJuzur>_Lo`5k1oFCHY8l6ruUB zMZ_eGPPslEAX3OIGi;qF&@L%0bx-Cmr;b_Bt^hMVH<~OHW-C-YJUmTfS>-FW2N{49 zQz05=xm1zX!PwN->arh)m7VOBZ5JaZ0}x@VQxG+5H;Cm><5VeL|LX*(TB?!9g4=0w91aV?=0WnYHE7?pRSHGs>x&vEOC8A1w=Zo zp}8VO1OcT8DrFTAb?IFsAVNY75vfr@L3#;j2t`UnI*A}40#b~L5)Dd`03wStiAWC$ z?0nhh+ufHRlQZ8rbEn-lckaFOF2u6B2ssa_q_vN*+AY1M7)P?wU2tl<-#H$*+FbZf zV=fopMNS|d0jmXu6DOc<68vCWzA#jYIFwqg^n{jBv&}O$y?U?#XM{o!yd@3bYmS&C zSJGK}MQf4u6|DeYgYwz0E7;p}1gvZn=UrL&l*?4sspldKj3m;LaZ>Nm>LgLkj~8)- z1~JCUtD%~UH-_XcPQ5_slEhg%4P5Q*bAmvYi{`>J;MyGQ+B`q?L)h*o@(}*;n-(C_ zm9dt}nag?%dRpI2XJ$c9m)E-Bkl5H0be51ZoIZ+AN^>S+IUOURr!SX+8@=bM_LM%> zdsV_C#z#H#V)dYs12mfr%{3&O)u;rgc+T(672qO=IgI)NIelZY9?TYpfZsfFg`lr? zP)kH0B%uWDSLHj$GB;dZiO=fbua$p#rJx^q$Ec7idN}v6}lzx_ZC&_avq1 zg$Q_Aul{`%Tm2~DULBXU5En$;v}av!FFk>-al1i2`_tg-E+%;eY_b!kNCT*(d@ zBii(b*yv#P=FMgQAdUxo{8vvz1|>>^)u4Lt!Uro5v_g^pI5cd0Z|nQ{S{r<#qUO^$ z+>}nCJ+P=wq`s-Y3IBLO^!)S;yT5gnni(iuR(bGk0>Sf3-I|*!dM^O8{Rz)jzQ%k? zsx*W^byjWK;1Mkw^@f@KpS%yP&^V!yn5D*k$@0WOree8HZs-Y@SDk!!_uMJn!Kye4 z_E$|Dp_c0+_j|Xg^LhMdk%?q3B5t|?l-Ow1Kh6FL8mb)5*#CkQVSJ%n%tZ2OU?Xz6 zBE1w9UBe-TIuzrEa+P8iI;_M?66#=++0@Rc=ro%`=$iWJxi}L?8#n9pGR7TP|0ZN5=PG9O9Aqj(H-eHh0ilq4F-+yS9_icQ#?{BCl)ZNits5Q6E6+L%$4JL&HmUn>Brj@Q@~~$2 zsfwPw#yWV#aengsgc5P=yS{4Q1=)AHCcW#$y(*6(F9GCW9nyn9xYcnHSQAtHhU#D0 z@s5DN8&A%{gobyIjL(%T>6K0mG~k2b2?VIpD$9IwWcmh|tNQcu=|>yxGra}X)GZK& zIH!!W?fQZBX5_$*%?EC(#^i(d>H|6Py#@IYnCs zly|+@H)~pw`z&m3@aNEVrzJWQN$PrY7Cmevoks0m9}&@=^LAU0P;Ul^S^ZESxnG;oDz@ z8J9A+M$wC1epEZK=ELQto8s;}^S1JZ<&7cUA+bMTA(3rIY9G#ef$z|rvV)K4?v7-J zj;z$rVqtc98(`*`X$j7qr+#;0y_cFrFDWHnS$?&Yj%A;`wQFxWXK_-{mGbD34al>{ zc1593=@$FDuGcD>Dp%D5e;!Lh-<)-NIR7IXY1LC5OzcWu0&;rDZ1j67BF zUjuSmx&mcxct8jB{>YjyAx_upWlsB-2#At|<{Nl;^IG!-i@2gpVt;BjL0Pk0K*6oy z1bD>0ugIav?MS#cAwPh&83NF*) zg)2nP{&MvL@AT|!#;h-LZ3ZRU;CKYGivG zn~BmKM_Z=G?G33tkRM4!3R3j1jcXS|w86WBJu=GAFO(ctz9Iq|k(=k3@_Y@k0jYoS~ZIrXkE%@4f*53$eG1#4F_>(C}9CK@1L zqYjLD{h%*!FB@SfNG0uxYQRL`vlj0mmnt0gGq0cig4NdQ<$Le`m%iVBPFlzm@HqaF7%_$;Kj+%|w8aNETS2_-JK6|nECq97EoK4Y1`3>UBt z`sC^N%2#H)J-5P`&knlA$1VQRc&q!2i4V1sPFKjY^r0jYEwh*212-xb<;*t%a=;Ho zM2`6-l!&v!A~nB8k^5_WifwHcfh7wKB6P~gK1KKw&cIgyj!>mi`d+_Aj7F{!>7RGH z*yY3r2JeDIH7-rGfJ&pT2ZeHL!b008C#fpLQXfM47rj2k$n4cKHCkc#b}}L$Y~ylS zwJI~=-n4&YD*GHtcbt}`JOT9DjH~+WhnF2qQC$h5RTA;AkkP1bl~2H}4;l`mCm@>~ zV(>j$$JeLibX#ha)XtZi zni%#{b=_35MwyHgdv7StIb$2vSDV-<^I_+nGqnN5l%rOgl*<(BE;%Jq;I2G{pZ2Nb zknMbYrnS7u6?uCbmV@NqMSaooGbn_SM)tf;lOhqZ44l}ph%@&(R5 z-b$98lUcdn<;~T~@0p|g&IN_*vXX8e^9@v!dPA=c4(t(ptkTgcikq>wFYRP9=q00z zwx%8aT;)heLYCKD#j-k)Hfm>`fQnS74C=N799S*AL)u|r)|8L3%x$@#tC~t;bAnS#DTD1P|JxC<4t7 zHsb*DoGT920{L1dWM}tw{o+2@nCQh7Qiej*F~A z%0@8(;Tw&*Tyoli1#K7_b35h=*uRR@WFB5u-7`xkAm+#AfKb7QFp3e6xz#DeRSSN6 z$Atj;WS+k-2*HCyAh!_W;pKb6qpuJLP3iCN#qz1W)vCng|AP!MSjoSI=>NbJL(00g z=-z*I$Qun8`T(MG)OG(cHgMWNfgUMkQ~&O84Qwf6lyU3LUk9QekbMA%5=#@ae?e#) z1?#jKbv$v`KW8oU8-x|8gSv7*8gu8fDYmvRr(RUu`dBBK2mDT(oHedG>3;oBUsDAi literal 0 HcmV?d00001 diff --git a/fast/stages/03-project-factory/prod/diagram.svg b/fast/stages/03-project-factory/prod/diagram.svg new file mode 100644 index 000000000..d7821c607 --- /dev/null +++ b/fast/stages/03-project-factory/prod/diagram.svg @@ -0,0 +1,1530 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/fast/stages/03-project-factory/prod/main.tf b/fast/stages/03-project-factory/prod/main.tf new file mode 100644 index 000000000..a6636b016 --- /dev/null +++ b/fast/stages/03-project-factory/prod/main.tf @@ -0,0 +1,56 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Project factory. + + +locals { + _defaults = yamldecode(file(var.defaults_file)) + _defaults_net = { + billing_account_id = var.billing_account_id + environment_dns_zone = var.environment_dns_zone + shared_vpc_self_link = var.shared_vpc_self_link + vpc_host_project = var.vpc_host_project + } + defaults = merge(local._defaults, local._defaults_net) + projects = { + for f in fileset("${var.data_dir}", "**/*.yaml") : + trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}")) + } +} + +module "projects" { + source = "../../../../examples/factories/project-factory" + for_each = local.projects + defaults = local.defaults + project_id = each.key + billing_account_id = try(each.value.billing_account_id, null) + billing_alert = try(each.value.billing_alert, null) + dns_zones = try(each.value.dns_zones, []) + essential_contacts = try(each.value.essential_contacts, []) + folder_id = each.value.folder_id + group_iam = try(each.value.group_iam, {}) + iam = try(each.value.iam, {}) + kms_service_agents = try(each.value.kms, {}) + labels = try(each.value.labels, {}) + org_policies = try(each.value.org_policies, null) + service_accounts = try(each.value.service_accounts, {}) + services = try(each.value.services, []) + services_iam = try(each.value.services_iam, {}) + vpc = try(each.value.vpc, null) +} + + diff --git a/fast/stages/03-project-factory/prod/outputs.tf b/fast/stages/03-project-factory/prod/outputs.tf new file mode 100644 index 000000000..59ecff95c --- /dev/null +++ b/fast/stages/03-project-factory/prod/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "projects" { + description = "Created projects and service accounts." + value = module.projects +} diff --git a/fast/stages/03-project-factory/prod/variables.tf b/fast/stages/03-project-factory/prod/variables.tf new file mode 100644 index 000000000..8bb9f0354 --- /dev/null +++ b/fast/stages/03-project-factory/prod/variables.tf @@ -0,0 +1,54 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#TODO: tfdoc annotations + +variable "billing_account_id" { + # tfdoc:variable:source 00-bootstrap + description = "Billing account id." + type = string +} + +variable "data_dir" { + description = "Relative path for the folder storing configuration data." + type = string + default = "data/projects" +} + +variable "environment_dns_zone" { + # tfdoc:variable:source 02-networking + description = "DNS zone suffix for environment." + type = string + default = null +} + +variable "defaults_file" { + description = "Relative path for the file storing the project factory configuration." + type = string + default = "data/defaults.yaml" +} + +variable "shared_vpc_self_link" { + # tfdoc:variable:source 02-networking + description = "Self link for the shared VPC." + type = string +} + +variable "vpc_host_project" { + # tfdoc:variable:source 02-networking + description = "Host project for the shared VPC." + type = string +} diff --git a/fast/stages/README.md b/fast/stages/README.md new file mode 100644 index 000000000..7cc029312 --- /dev/null +++ b/fast/stages/README.md @@ -0,0 +1,29 @@ +# Fast stages + +Each of the folders contained here is a separate "stage", or Terraform root module. + +They are designed to be combined together, each stage leveraging the previous stage's resources and providing outputs to the following stages, but they can also be run in isolation if their specific functionality is all that is needed (e.g. only bring up a hub and spoke VPC in an existing environment). + +Refer to each stage's documentation for a detailed description of its purpose, the architectural choices made in its design, and how it can be configured and wired together to terraform a whole GCP organization. The following is a brief overview of each stage. + +## Organizational level (00-01) + +- [Bootstrap](stages/00-bootstrap/README.md) + Enables critical organization-level functionality that depends on broad permissions. It has two primary purposes. The first is to bootstrap the resources needed for automation of this and the following stages (service accounts, GCS buckets). And secondly, it applies the minimum amount of configuration needed at the organization level, to avoid the need of broad permissions later on, and to implement a minimum of security features like sinks and exports from the start. +- [Resource Management](stages/01-resman/README.md) + Creates the base resource hierarchy (folders) and the automation resources required later to delegate deployment of each part of the hierarchy to separate stages. This stage also configures organization-level policies and any exceptions needed by different branches of the resource hierarchy. + +## Shared resources (02) + +- [Security](stages/02-security/README.md) + Manages centralized security configurations in a separate stage, and is typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's meant to be easily extended to include other security-related resources which are required, like Secret Manager. +- [Networking](stages/02-security/README.md) + Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, and includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets. + +## Environment-level resources (03) + +- [Project Factory](stages/03-project-factory/README.md) + YAML-based fatory to create and configure application or team-level projects. Configuration includes VPC-level settings for Shared VPC, service-level configuration for CMEK encryption via centralized keys, and service account creation for workloads and applications. This stage is meant to be used once per environment. +- Data Platform (in development) +- GKE Multitenant (in development) +- GCE Migration (in development) diff --git a/stages.png b/stages.png new file mode 100644 index 0000000000000000000000000000000000000000..83f3c7e8e3d65f48a29ad563e65dfff246ea405c GIT binary patch literal 39873 zcmce8byQSg`|S|Y-QC@(bho4;B_Le_(%s#SfHa7RfPhGsNDI>4-QCT7$M5^Cb?;jD zzq{7Ok#T0uIrGL7``P-8z_65P@rMwK}3Hm3mr8pV9 zgY2N7>kNT#&_e&hcod1dfj1Fd6jfvqH(_v)NQJ&76r(~QR1ifONllO0{RQ`Q&5Z@I zV{fnAnMH3)V`J+eb_vZGhN!AM82niANR)0m8xuoQ&!s)|NbXNEf1|CZha>1mbW9@J zgXD_J&wto1WiQNRFYbBz`IjmG(4GDLBlgbOK);gLc`)lC$2t8@VJXOA* z;*g=i9>@|*?#dg}V2amqjPLVnb zqgF_E0{go7<4Jtt$B$tWR9q%UHAhZ89|2R?J`K!1@}R)&U%Nzu93 z;+>eB9BkhIk(wg@Y`;ijVq_%Hb#HP7Okau#4;Es()Jopc(z3m~`+KtdZ8Bj+d3pK2 z3wo@fd$cUV>1qfIt+Jj#t7dO~6pE zuh-%cL(CPEDvdi3nos|*R?Zzv*Ssgx)6+{DYFe;wzCZ2vxR}shIq^WS3#L=#B0{@f zylM@Xp$Yupe>XP`PQw;|-_6dgdU0_Pxw~tV|EeTp#0rljR<8MMP}pSSPb#d$>5zf@ z0{!K|93!ybP^BUqW@cuoeDw&%91kfZY8g}0!rq}FwN}5=^*-1DkINa$P%J5t^I>Tz zjx^NhE*eNg^`Ov8_~3S!xzjE2CtU~@XWPBgX;pEqpB@B@(&spkiiG_`>&=(p9hcv> z&rw6As99K9L;E*ybai#%29t-x?vzDt){~`5G^0{d@ba}vW##0;rt3cBVo62tzn?@Z zdc_Pu%1~xtQ29g$iBM;vgAEKw7x!;fXTtk!#)Aw#(JI&Dw|ZM^H^%@qD{jwIvnr!@ z*h4ZB#}O;dEbqex=uoR?*vxn`JWl%d7IyxEx9F8Sb$;`qc>R_&p^5niouYC1e>31Bj7DM1h z$Zw7uNqd+4?(ASB?l)hwVYeHpi#(i<{XV*iZfzB-GU-Brk=UPacs+gKh8^A2xjRuB z+OvjTrK7Cxu@Xwd$S4oygs-hn?IM(YJ-778(Ad<}1)MblZC%)HAIqshU*z}~oKzBB zmFJlSu$j&Zzl&0^zrD2aU=GJlOg<1SHPH*aAsZ6@7mFT+>ZKC}#l`Z#Hx0_(wHbox z>Aig`Yi(Tu-6!BZI4cf1AZ|o#<#?;o;UEL&;6OtN)@g7mI`(S$ZNwEZQ*9X?jEET( z7KWgquAYFlezoM^Hf+UbvNu@{hH+9z`JljrhcYrU;y7(*LRCC6Iz63k`&E$+XEnnz z2iw=z_xFKYbU3A-4g~8%^NAdfh&Wh|g3{8LU@Z1c2hXXK`$Fap2*mGKFhi9YaNkds zVS^~LIw*XkjNlaBK@Eme|9HD6%SM39&dyH5%KEZQr)o7~?qc3~2pO^pLdTYB0XKD` z0@NH^A1^ARWoW1ky>{qFW@lM|L3-S5q&Hnp%@#Di_xAO*WBMHjuX{HG>rS9U28$snD=Yh> z?cgK(TLjx^xk5$11E+|w9kOGx5v%&c#=X2(CF**5QNl;fxb}6VJQ-+RU0v!Wn!|e+ zOsuTIa)pwXmW+N6d+($xrq)1$3&euW&dvsL785oQV&C@QmXelM*xE|*@*|sKYY#{W z)FHp#Xd8q^MWH~gR)G%3%F1dPBagcXWPx`#f3%O!a-YcFyme_QJeS;#nb(k zI9Sz6zXvZ(ZS6G>^n#a;D9;-ldx0B!MkVARtE4Cxp-bzp^0{%kzZvqEGd8Av zyq#*JA&8c&n4;z6#DpZIriKOu!9pH_FE|_4akgEAL{2(!ApwJfs?hJXsUf*qaHr(q z<*jnsP%;Cn(Ii>>^QRHW9bZdJJN9R)p_bd}Y<_#bCpa+a5=~OFvB62d##qY zxXh&%*s`|Rpy zD^j&sT2&Rp?<{i(vVBy@n%u`_+KqMyA#tW&Q}e&Yt+ii>0x5Fsq=&NSaG~ksu<3~5 zowL>a5CA_hAeX?3-^~miZ*ck($BSMP<@jFeB2gzKB?SSOhlhnBLJRBgv!8eBXBW8J zuTIV-1<4_}b_)t1MvGo@`#<_LU(UVs|JIB(mDtgi%pZ%MJob51p9VtZDE3 zJWtOU$S^w0c+jWg90X$0484$DU0tD}0J>!3>bOBC&!C@Lre0$>o(B26E4r`_F z9$3D8`{toF_EoplM{rQ&Ou5&LXCOzE6oQb&2sLv@0ANgj!$-&!0@vgsiJflq7YCaN z$@}sJ!Fg-2>)V^sN?_q^hRsA3t+zI(qTd@fNq*MVt$}oinx)D};l0ld&3~bW6Fu}IIe%@q($JL%K( zlY91OUy4DIY(gK%@#s zB2rnkqpbLZth{ZXXVxG8MokW0gkA(X} zJhGsG#+WCgQ=Zb7&d~qC)woJ01f(&-cRp2LOG>a`rf~q&GBP$s3*A!<9UZ3D+lh*( zO#4PfU?teGa>){m?|7zyYUK*LnY{y}zjN$1f=<34Y{z{@e+`repD^Gx5Hs zDQ9Qrci$U)%>Zwt{7t85IV)xZqg5UkPy{kTwss5;Jj5(2`F7YkD$JFyBfOV<~b%p~?G2#6Tq-8`+*_*;rV z35ZhznNW6I+BBa3~W1Y)fL4qtH~vZ%gEuek7P0pm&Nf4T^D0x`-Dc;QOs(mewR zR#4=h1?(GI<9y^W5L)JyFB~~O3+OKQ5W&bDN+Zj3FS{?)Dg`JF!RHbrMFeQE!R38v z%lG01w067#<`V$O2tRQM8E?N}_Mq9zdl}wCxSKvNVAGYhGd%0->v`Zn(iirf_cv!J zS8Y$^JQ*>TwAcat98G8yZI430BjT+1q86ImO)qvQ>Nh^V)gco)u$`~RCe(L;IrkFX z-P=2vvCPe{ti*a-XCK;bWE2?DIy^oe!aFDc2WIKKInch9>yHsC6&My4wjQ8vLZx=Q z9E@4%cA$6dBLq?MnKNlBQbICmA*VN#HWGUzD%&VlN1pNSykg%EyZCwWXV;Y`CPxZf*@c(Be z|3B6K|Fz8j|N7zo^SBCP!-O5)%|b7S4S`xEmdt;5_rFh_5~|R>{_oR&J~UN} zuYudkdAP{y5w&NexZ4qp=qg~t!G;sW#va+(o7^M#z2%zw@Q$2b31s6)%6D&IC6Akfa3Udc#yf`CWydZ?cHPH;$9<}M0f2=ap+Kh9B{?MKvRHQ z+g3%)l8R%Ij4f9PqZey2UbnLwz019|e>Oa}0FzdT$&mc)sm@I_MG4=~u!&^oe$!Y} z3!{XNpKiri5jI4(54$Di}dLij5a!9?9 zZ8^K9A5JI^PttASbc*$tqchW|eRsXAZ0%!ek7z@WH?KciT68SV#qM!r20Ihz$A~|e zat`LE23tPfBfokz=4f=}HhNJ(iR$sLY8HT-!bE55nAg12;O33!(L1 zGbn70yK<0U?+pD&o*sfTkMCS5ArN3Ai__C+4f=7}=(!hD16%FnOU>|Sob`D9t*$R% z{f+|cJ_uEkzJK~b{4s^^eq*EfWd4YAK?27z(i=!xMJFT7_Yf72#T?E0I$FOuK`fBsRaa2@&uEu&^gGWMEB{ zieN);JS#5*u_?MZMhJZ_SReuV9P+vwX4BqHBO`8D;F$RPqpPHfdE!c zBdV%5CuDiF)ILD}v0^bl-w3kQ;)%VEBG~FVhl$yAV43Ah!NzP235fc{>~WIOgN^d6 z(tYds{cVPOQbm)=PTlc}_##;iiRI^FYVjAS_VI)iA0S>W6cDPAfbuDfUNfZd-w}*B z0^WzpOzZpfFaOP%k)0sEu%;YWv{uZ_+&qs;oUr^L8&IxHoXj$Qh8Si%#J0YJ8VjoB zs=4=d`W)d{uu@3MpLlSmmhLM)ZtQ(%#TC5i3ODGv4^3Msyjtu=eDZ+1dRVVhQ2hJL zd+%NF(pGm6YMY<_T>cm-;{E*MYy@g+Ez#bRe)!d7Ti7#HPSWO>L9XQ>7>HSdBocRC zycZ1xH{!g5(idFQvuS?&gbKCK_2(e>4uQQ&a zxb$a)ot6SIw}(m*2c!092Z&JLYe@*InQyZC%tHFi$Ozly6?OUTn=dGQ&b~Qo@LQ7z z>0z3*hrSD+8C?=xXHD~it23y>BJ?{TnLp_W=klDj6(Db^zbAch_4NItCSKYb$8cw}geMehAMDQ~2;XP&Br?Yc9r|Ijb}ia%<3_H@=e)>HFv z^?0o~@4J`kv6gB{74mDpnjq${QNE^$k{$l6aMOtSL3ft!23*e6&QB(mUTFeDxe1v6g2D!D55M#wJ(gBk8y_@XnvI)-ce;D0=0n-+!<;1+ON9SS04# zSvPZZCh>ub{?0yJ3WfFdNpFsd&F;p|&X8sQ2o;tWB!k2P0r(#0=+8S!0llAcQ! zO-ht#!a!(NupknJ6X^9u)P)xN9yHkU0(i>b-zw2z9eW#d z=|X?=6jPBPODBCcTTa744v~T(irHLWRx55H{5a0{vyQCORQv(P?{3wb)^N>ZI1bMa zzGlK)-q(N$FHE)g;K^MeM)VG&z}|^}oMj?!%1zIEcyuywexEG`51;I+O75SZ;c5xs zbZrT{(J~67(#zgR>$&m4-N;;=J>774c{e)TU1?Jj9j{nE`66=Y{e;)%XfYo^IQ3@? zk$CS-XzS~yTu~aj$;G|`aP8l6atDEhbl%dO{4Ap0$cSw|jI|Xc61PK1Nka^jGw1MT z5xASbq zX|C^K(qqEb^lHlsQT56RW->%RTCJ|KvC7D#&?(}$9nQqh@0a0XtjRnnA{aTT(0h5^ zEni;83CF-m*hD=mwO!BUFUhUK1l_KCZ zrT3T0Uomr+*eu7eg2CUBX2v&W&6suW6Ti+^@2z@&1VfMuT@0&Lo1=X>E<7na*Dl2h z)-JPvh#TGUNRnPtvGl)T)SPJ_KLz3Sw|)7`m#K1md%wNEE9Rw>*st;WO`PHzd^WLv zAgU7&31MV$CX_k(8^ZkVgN(VwXKA`11sNZg zTE2%_%f`Z4g%MtDeLk-8O{4_1&i*as<)JtdWZ0VjD;uXI9gg7PhG`WM2n>Zq<-x*X z4Df?Lq-0z^2~W>QsS5-(&h8q&s}slSd86}pG3o)i0f>8l z94WL>l)r6CsF6HPhi8FvCl@3V6b9N0v;C zP%|UB)0-1YOw9564YwN+7CpDt)e5K5m#ZQNrxbMxmMxrM)0{{78%MZak;#A0m;*{* zqqmpFE6raf!(Vxc(YLFGf!!v@loH?KWra&MblC>cIYPMq1H>mr7bEAh*sS<$ zz$CJz@+Gvi5XwYbf^&oubv;2^RfX-&rGTq$>Q?rh5`$Iix32N#{@OoPG^6Y zH1-*rJV3%+36p$crieH7H|53IZS=-n(<&HN?A1QFWQf=~`ne%XK6WTJj=; zA>{SX2A9R~g*lRpIsM?RvV6D3jJ}Sn__`ny zlBpM7^fFwEL*CerLu{#v(ATZ!>%;du48C@&;lg^VG-Dswgnn}cwVJ%<&sgAXOiwo| zU{D3f-|L283fm#UhCL?3>Dq=`XrU&{WUGM7f0V##>A=gY<{9HIx5pvLoLhGBl)HCF zlc#ZLYU%wuxQvl&#S~_thX1Qzi1j`XF}j0yGjxZ~yAa!k;;q=i&d2e9A=Sj3Yld`a zT*Cz#zb#fOQVuhz>p`vSc|p&kTlhb{05okcMJOoG*&!-WynEu21ubN6UEMD7s5ryf z9r?c3&r|&T>5Ac@%#dt+JFZ8hIwGMAL{sl07&2S?;7(#Ss}QKgtEgA$kO7}=5Y%Nu zh-DQjCootLy&j^@63Qkh-W}y(=YM87kQL@Y7xWihnD~#ijN_~{Sh;V-b(q9ECF&<~ z5`2SJH6&l(uz0kH=?r{<0n!juO}#iCQZ4|Y-~1K+eIV7kQ?2f3@5+dr44R3?HR}+FL&XI^=&5p4JFdyOxVf#8E?pxS`d++o zal_cJ@CPa~Eu*D}rG<@+&F{f%VaFNsG<2^)o0`>|t=ygkpl8lf9NAJc(tHX4A)>e6 zd`}?u9T1D7XkAGA{tkxJ6uZmRN|$OBertwzwwRDEoRrAFo_bDRI-ySzMoLVsA}@~! zRE7X3=M7XrF+kUb1L~hmrxKFLX|FssIvNDTUb-}EE302G+HO<;^$vP_fJ#6n;&GfZ z<@ogY0HwenR77adk;|P5hIa(AzpbUSWYGO#h78*wkU4nb1=QUW&@&M~cry4pC&J1^ zQ31#6Ky@ISKej8+k&_}``i63i%Bi{#n3cJMunCZGJa3Gbj;!un*1BW+ za`$$3EA1B=*M|WAM#g7n1jHl2+5?FkksK4Sp3gJU@$vBiquXurW7jzSf!BJYQ?Wydhs*t*OOB3QYWaJ{!$9DRH~C)_gWu zyzT`0_MH0mnEM!(JPC+F)Bpt3FHp#sa`Qc}$*U^C-zl-sOu-y-d%?%|%f4={cFvyk zT;I@eF|P*<2}&)`0}-QsyC6F3+z={w-QM0-I&Z0dov^un@SAs?GVr)w2?yLX7$#Kz z0kXHrWSOqj`}Z$7yn*bs3aCZj)2+ipdwrJ?S)@>@bZ%3G*0b!R<+AF*-$1H~RmpsA z45)YLM=w55d~dnb`}d6pwR6M6!vXvIwm?k~0s08wnn8z(eqdG>neALHI?&(#+o3XG z!TXW(U0nIwx`LlS@l;e)t~)3n0|cEnmv8qf!rP4`q^02iU#ZVQ2vzu2wcBp-4LvvT z!3^$C;{7{;kn}IYbzYp$CT6GhNe$Oqa+6{sAz;oa`LWQ`AxCM28hChyC*2o3$dKVBLgAt8VpFx%AoDKi}U#YYzPhl+A*qZCca5l%(VInKewHR zWUGdEMH8+;2MziJkibi*)d7O`*74cH{Jg#oSbgZqfKCVq)r`4ZzPiy|tsP*;p_(ux zx+`d+RGStH3EF@X3Pk-z*F6W&^Rot3`vM*(PvXTNi2$_?c=itHN1%IQ^|YU}2XvCW z1>!*S!{waEavB;NN<%lC3~PNz{K;n^of{64 zH@1V()CxL11a9U(D<-RJYp2~e0A5^FRJ3@VNTEI3kwTqj!M$s+DLnsv;T?5bypKe9dWl+gMg#t3!L^M?^RIS zuxqgX4YH@K0FLOsbGs2zi!TOaf8OLtu#UoCLppQ%cNCMSfp*@OjF2QrB`tc0Y{wUnNzLg)+2B=(Jl};J_!DBtgOY?gxgS)c z$Zspi^VNv}0t0zjC>sI%mJ6oHAhsU1t{JxBr=@5e%n^pmwVg$Xl?w)CPu>XHQhnUO zfHG7xt_R}q$@ptE`n%XBeGayFtxzj|iJ>*n*QXdZ4DG^t_pqxC?R_iw_RU7ee+hIN zb((Mk$tVv<7QjiQ<>hG6)%Yri){pexx72YV#K%6d;iBdOqLAV%z-kZike>d+NHxgkQ59Npg z89H6WlV`xNrBjr8{Tdg9-Tbi~(9eiq>keLmZmfh)pHTArDVzb~ zV1E6D?j0c#JkSD@Uz5wxU?WlIP1s<^_f)wb88W3R0od|u@8Y*f6%`heMA0jH%ls%A znglxL8OlY_{&wJ2SXQ>*c_l9p6!)ECAmhyta0{2l8y9CdhABz?LNJN@=!w6v_BHw z$xWA<<`bmZkP^ZbGnS4YDYxR{x$Ne>d~%Bw+XXO!F?XiAo<5|y&!e-ww}b%oa$gup z5vezR81sHO@ApW80-X`hu7=*g38{+-G!-%g44OL#?LP?X*nkFl z0FH&~wPA@yZ1Lc@p8gZoZ zrVfc*UPu=tZk{26Qe)YrVddh+n1>_*@E(e9Hn=ik1Trr7f||*C<12$e66dpBij6wO zi7_L+$JT96851Ds>U|1j2!9eduD*Rv;`yAUbXgbONZ>k?+BfgxxSqO;W@ zKKnw#E1STk28AM?keT2t;^7f7a}LzC8X8(6pEvMOy7F!stydH1tb2RJpkPX1>b*M^ zD{ppa9yZ#F-}x;0_JOlRktTSH+%>sWZRXsshgO&s?oq;_6SiS)Ewp2!J1gTt+Hlf} zk7}5VY{KuzW%v4CGCf=%Cma+iR$1Y+O$(8_V|zMiLgsYT%MOjhb6Wu&JF1HgmRb*Z zfOEl~!vMh#A(%q0V>z=AaKW)wqL(k87k(?iQ`#7Ad&cF%oobrf5nC3cNnwPmz(x?h zu=6{{IvJW@RS5ytB$VwYBaNLcCSphl*emGeNAl#|ED%`wmE_8Yeu`tsaN!BrQc)`M zK+KC|p*7oz>$sM-QU8`OwIZ^a`DbYk%a=DETW5&F#x?n$zd{fmhT}8_p_ORdf$%U8 z|Koq(>k|Zrfov68UWd6L+5*xYl-X8w+e{}a1ba9F3i{5;9vwD}T=9UP<0p=FvkH7s z-NEG!_4>dEjp!)bOil#wP@b{$MNG8Nq!cDm|SI&-r$`jtgYbm8>x;A;|-Oym?b#71Ae z?%tP>4wZs(YXYP0cMsL**2_-bYKp9$A{0Ge?1UY$SeMNkuE_`dg(bEjt6IxL9GF5)jVqW4fGCOG{lmkQy7pxH zjw6j04}}^FDQ^2bT&VnGHSs_0?IM{D*)1G(qiFxTRB(JO-~fe$%0WV8V(XPQkedzJ z`v_WEK_hZJQEw>Lbj=pz%edBwYC6>GWjcm-oI1?-BnmCu@psbzlVV+yU)YaQ-52ud z+bMQa=)D!lfXgo43At&`(_4TcDySmL;=mjod!>5&a7k$^=Vw3obtxeN8j!4FjNI{W zuc+(~c4Xg%<69KMjD1liadr;RMFC(zLA0BVCEVhz;EV(XSlhWR30YlaOo4w4)*}Zp zMlmV=1{z{iZXf$52qIGU^`J+rDTVV{B$h?b*l7P0fg#yi`TfaC^0&1&#m| zNYE!%*Nt?%VpW4cD~2IKszL9TzKTFSaZBj8zQ3^w?vkOOma3;{Fu+l(u( z)gH(4`Wh1`$ztyyQW1q=2L|4kg;bn`fbEcOC5n#PyMX{cm5VOB}cWTvgqbMqi%+^m5m*6^#n}gFL-Z1P&)nK z(KY+Gdw#(92&%DJ@So;#tYF)zK7E?QMhjKfde!+sGHlu73yo%pCfElMI|OZB-nK<| znH+mO0518HECZBK-L>31kOn~ol{+w`0~^%G9UGSgpX(v6f)mYu?~o&UaMfAx<$eEt z{&q@T&PxzoSkDy?CuH4utUyacvIaueJO$|Q9My?Irb<-ED=8w+Bz2Q09y31N2Yze8 z8mHX@qb_W6A-nhTlO~sx6!~-471g0Y4@{s3mDZ%`W z!Nz&tYFc@|&P}FC?la=s28j?Dhv4q}7BO*fA?|nb|J*0|{Crm9Rp(^m$-u^CUR47+ zsM0{VGvdzFNijCzCXHuJkT1}1al0Tpa|MzrfY2E`_i|CtWk-5=h>_0c0%1-k#*v8# zrLduf+^~WYfbibF%`);1%HF@n9xXjS23~qBK-iE2)yS@aYWc!*9f1z?e=ISzXp1k1 z^p;Pnjtms>h2J*xq>?lbe%_BD_m$fvGR8kEBT{Wjadx9RRI# z+5Y3Ol2%ekK<+0nC39#Lv9h%Zl`C8=Ka|&@BMHS4u+heY4DbDv_g%Ca&i_`B@{In! z`&>iI80{P%@A@bKiB++S=r#c&g@yl<#<1z0G#i2V&UXfznood~W0}s6jj%$)k@_`h zDgXS#f~ZB8i6fbn4bZ?YFWuELxKoXNQqol(c+1I-{N{ezA;R~|nIgRftJ+Of+z(f- zAOncgjvuECU$krM^Fye1sc3jY4> z3j!3I1XZ1I7O-+l?td2uu;N2Vn~PS=GB6(iQW128=-?UNXj6rrX~qlI@Tc}X%x0CL zxwyDWOQXIBsJvMnt>OO_bDh!`P=lNp(x#YmeA9tDKgrbRIC zZ?%BqLQRvy{hdDF9iWbmSqsY2$C6}V1+9^QKB9!7TA#R2-<%c=eevjVkiq;%tPdm& zRi6WaB7gbWX!?>RKqkbD9{qPRH0{31g<;iYSlF@Dz(50Hz``O?51ZGlB>zQ^kSR## zt)|#0l0~yw>pb*D-Ci{|(+UTIl*vo)D+A%7$ z0~;D}R~+)|nJ8-}@DuuPLQiB85?^YaMJ9YI%jF{v0P|187;? z&Ln&`{HVO`4f7NVQW9y&{GT`6_7}qof%O1+LEWk zk<_vfigp~86bS=0uTSHKa|kW=Kv_k{=UtSrlQH&$Otj-0SP+>+5`PVf-UV_tmaLmu z(h#AwZ(&wO@U8xvNfc1YG;|VrT1y!LcjP-lV=oP^YB7|KQXXdTT6Ipso{#EEps^J2 z_30`Iy=?+lK-P*vIbA+OG~#ih@cK6=b`M{_>tIRcl5!JnRS7C0Dfwc2UkpY-6LYz1 zi6Xwo0i@Mwyy+xfT@PaPjL33T&^;MJ0yMg+GODm20PT61Y+8EV$$NNl20eEv9+WPC zaVBTM7az2;;v?aY$+AfKcl41uaimN_W_F(m86q`2*aW>fVeIH0jfAw|##t7_fnj4$ zUq6qQ$HH0<%5wacmNAs*8Tja#P7@rceaK9VkH(EANnMhQhXI)VUX8P{YysR<#l+4b zaf>`3o2V+jP`ikG7*z18WEdPuJjPJ{&(Ha|gQY0p1Hc{=tRaCCp|R}wbT)_CmtxQl zfQ~pj;>b&Kj)WkcK(|x5R3KnL!IX-UuF~DXk(-=m$$4#e?=1rghb7cX_fv0=oz2~$FL$;981J@`w*CimfS5iTmz_H zU1gbp=Mwi?%k+j|1({RPkPrh`rlvy%;ul*tp^un2kQP9-Ma4f6bU$yqm=&t}X=*Q6 zwODxn*+NgQeb>M(b5B;GAyT`&IUh~f_&%ssK~<|$b018&Jv}>hg@=Ji^<%}3k>;!%8Sc<;1tyGPCu%-!p8_kxp*jzB`iQ)gSA?3 zPsE>OERv`YVE1|LnpY-Ypk!^MepENU9Mg`R94XvXomH^Fw>gTQ?&}*RJiK*kan7`N zX_&ZmJ<(r2x?SG~KH|Qr{IPZ#go0xR+xz#gl(i!as4pwuRUXXvW8oKd726S_DJB`Y z*Mn3P+_NPOk}gaC%fyd=CLKrwL3~c#pznE_A&y@&awfH5=?@dlV+4`a&848JiSQ%@ z-j6F@jpy7yGs%Rzu=(e8NOu!ib^o8hZUzs1)s*6XqY>_yc=y)I5Q}2?n#GvD8h(*0 zwWOM2OqIWOT-IZGuSu>aHU-iYI#;3_srpRP1$|L8JFa6#+c&jBeq)bMXyv+5&+nXq zY#83LBNx>b1JrHM73%OuN@#<`ZNL2|Ge4tm*}-%Rrd%)#KoA|Zb^vO;6<sc&(Jb1|vwwhM_ezmVwH~ zR8m!4UK{h=hBw9O(lgtG@VoW4V;wb4q*S3s?sy|m+%NavcLL0ayzqveAi874B_GJF zK*6k@i2$ttnyG0&-U-B#RQDlO4CQ92$RY*$B7RbT4Up4^2*4EDu)H*OuTL=H&OLVv zrNypaFf`NNu1{tlN|nR#jl#*Eq|i(u$n~Kjl=?-9Moll@v8yV9P(${LCd`TtrAF^> zP!=S<2QfRz_Z{P=Y$=*v5r$zdWyYtUxQ6j`iqloz;-_a$fL7tjx1obv`}zs!QwSK? zU&Bd$F49ZL&W`L$W(jY>6dOS{&?iMdzP|6veF&s#ZvBPqIyIo6CN1YRTWOm%wHMx< zxBj9OH>Eo-U~YqWlt&(IJu(EoK_7vF75AD&m0F%H2Xb~DsYth)!0Vzsug;-OMG>Dn zE_6v@6=YZ;?P&ZM@>LNySpP=Y7J`c9eS6jwdZVDiT}_G-D+pA~UWKQrYy*IM z2Q1bUE3VAiM5BAwmUnm@`|x=>*CJPtLG|mh3gmBW40$eJn}hlXa+4|n5iv^rcRz#V zO&y_A0t8ajkEG2@Q{< z0Ab>mIl22ysUsCpP|x1W$4Ed0W-5bm71n;ikt+=3-<7?AW05A1_LQSUF!vM z6!$0(M~DOyS>O_7fH)R-gaA%QgdiM{A2ViBhV}#uZ&IC~<9$l_NrJB5Az-jV%~FKJ z`$c7Q8d=B}_C}ag?C}YDKfS*B&GE_6xtQ>rcSRpV=3)W?{O2@@03;2YYi8IeDyHAj zR8&#VWT~h^IH+JzzG^Z{QQ5t&Gxt7nwJ6T@e3~}vP0HD~cYATQ)#zmRC5zYcP|$Ky zY{)a`4sd{uqg7`cxVTa=!r2B3DRvbMg4{VVKT~K&zX93)*rT~#lmcNPC%5w=XB4@Dshqa8Nw_@r`_!oxy5E<)T8DLu^tYwFxejVglv}ry7gS2Dwx6% zu2tllTy0V#gx3ZJEkJ?N#UgsNzJFEQ>B7Jnm#2p*@`J(Az#1SQHk;sm%Eveg+~=sT0dCC z3Hq&2Gp={Ne{p(pmwVcgYuGktYR7(1c75rp{}9}ddD8^48uOFS1-t!S7kg3yB{JNg zq*9%Ba^fc${efe>JaPk3%_;t*)Ep^Wmv#I8R87sq6fAk0(cyN1?MroosfaGKg5rwY zUh>e#Ca>GC-|VP3g~`Jg!g}@!zn6p_OkA9wU*H;7uU>kL?76zQTyQOu(TNL_`&0eu zF5j3gBRKsr3U2NVk)poM=Ag0FQeydrj1a8M+M6hrfvfCl2N#D#niv zK2C-s!rK9>bfR`{@8-cTNC}Ic=yPlS$L3~ct8tP>??x-DGFp1U*zK?B$4+;%3`8u5 zJ0~9CR`-+?J9=j7jP!JYWejZDug zS!%yvR*b}3wdw|N=S$5{M2^@rYNb4OOmA5$y^yKAcWhL?p5lr(-qOd zN|!&zi(M5P_g`F|kB*Kj$!Q5OoE`VY2njcC?{3qu)AHZzxNBn;z3soO_nmv5#${(g zt^Kt8=h&B{IJ)tZSJEpSM<2Vvu*2^Zvv21V`xUxux#5PV=7wrj=$p!$YQJH~YV;2D zO|uV@+mT;C1Rmd|gxq75FKPb%&C5Y6Oq=SOsZ@V~sO_-Ezl5;782Fr1XbrIQ`lo!t<+<4B?mNchl)Tu@Y= zecNrJ2|~*WHywSaagC1Ly=$xItxw!jx5*@-e_uv1=St8S$I8?9cd8~*JaBLi(+Aih zw>_34q-giYoA1Atmv&=gE6Q66tBIeyz*$Z9c&t!6?ftWqm?j*0@Ma^+bJp|z{9_X{ z>r%IxpBwpywnyvh3j+W57?h9Rj6dp0A@wx+-e|Ww>w3~Oz^xz=D_x|}~KDK$$e07<2zq&Z5 zE`_pzPrvQzHGe3{(Xicgf00^TrDt2Ouljg7<$gV)_Pyw{EvoyXFYnnF+p2q;pZk5} z{U}2uJ`9@D>K7&~ZQJOGNdh8Y8e3EY=={{0;MH zt2Q6Xd!*28pKNH=l{ZvlaZZWQ=XxiZqH1ME0a}D+Jf=_H z?XSxS92_2;I&7JiUf17_&}uKp@C+V$W1!tlpYHZsWzOviKbtyd@13ZQ*U^8?M?2%) zKYJ(FHf$z8M~~~dMa8Y~j9H)h^3Qn$@ZVg&-gHLOolTp$*%02nxSDZ2VbyUTJ<_qe z9_-%j6TcGkc0C`M*}clRqy75T8Q=9@9nOzFriJ)6@d4eo=6LVsbE<~Pv*zo81lQw$ zHoHyEu!gIft6-8(7Z_`4p7)Sk=1+$8H_R<87HSjbp+(NFd!PGkpviWBpv~J~x@@tE zrGGj0#`6n)RP&F#gp3~S`5O$Z-`<8DVps^9CPk1(pyBS({3$D>F)&{@dC~dI7G1)F zw=x+Mz34H4>U&J}VzMawhf_D|lDutK*GLN=H|2u$=ZBM{&(c(jUbW=EQ>>faIPh|! zx&8j}hq62ZqC0LizoT!qSoP{c3iR~4eGS)^$sMaNFIijtHc!VeH5m zI_r5Z@{+q>>mwbal9gYsNvRI2{n^=CJ2V_H?xtI-JU(!;nyU!#_B>Wrq^BXsn|3{~ zG;P?)azBN&e(=MVV!44|6WMN5YTTi-p}_w8Nh`{i687fKzWJtzwyQNMq(-5}Q>zW{ zp}#ftXtS5=<57b%6N;+xcsFj#;=Q^87s2$)_{>yoj@`shcZe9HQ*pb_3Nkvp#k8JD zs$sqGx)7mu)(Nbdexy^o>2ZD5-=&xm(=J$$E_)u?gAetxjq+yyd6E4){5maGb>pY~ zQl@Vwo$9JLFNXy-;+6%Szm~Sx4D9Eb23RKjtFO(lcq*82pg1 z5R~pLi$oFH#;RW*F&V7uRp57*w(IaZu&w?KFzOfkXP^CR*e}(I{g!SB6u^S zP%$0!Y3ZrV_uYkZa$~!}?^8!5A;EUL-KIDHW!Bb)eE$4#b}S)2Nzz6M8ENuWgOTZK zOiCKgV-xASX}V+rX((|TR?FeGp1gs}(+^&Mg|$l5>iLs@;Bn5_=1WsH*9Nt3b==%l z>wo_ewWLWF(69(570RMPpU7G!TEW{wkxadE1|hDP!XLqQCpBr+Ra;gVFMNMK4|~Vq zBhE2GXI5zJ@y@a#oAHm6mZO`fTbgsBlMerg)~Dfh=b5pr;f?1C3HR;Qy_C@~0`8V0 zcPt;Ns%m!kW`E^Rw!CdFi>;e zqwSo{vhA>Tj73bJ?xx-B&k`hL%|~PPCF*vBPfDS+^nqRUK0l%v(HM{Zkm}QIl$-S_ z8fX40xaZS3Up|?j{9K&Qw)>y-*^e$bjguA5G*NA*KVF2~)D5h;oQOTOd^nyxX~1U6Ed&$by# z>(9vh&&Dt=E!ZhyoD#&;T|{UCWPp94?K)0DbGS!^GdU0d96rm&jvXr-U^%)felNw?#D zYWvaag2(IPi{Zs}sRnbLuGS$aXSC{S**roU{0{~V()kU?#Uw7%`Q_Xxy-k~@%!<;( zHeG&NWzs5f`dzjh0v^R~%b$9RG}>);6#ZpbDbVhq(l|Gf3FFrFoG2;VibwR7LBjk) zbh3nl>LnG$T4*-3mVu{!9*TAgxmk?DkDR^r`hC{*vY0q|`2*-7>lWZK8#dxG;CcvW z?_aX!??z?g#_qVE?|SEeJ0F^zsZt_y^b#XLf~T%VZG57mc~XkD8%u%XYp z?Cs~}8s}#*X5Ay^@H(QKU%v6G@onoO17RXMDgh4~2d<_{T$(sryO-(6 zL+ntlL$61#Nrdgz<9q6NwR;5CYrek|N#B+0jpor0H5EJgs|^)~TM+McSl*m}P*Z;S zBZ+}xK#jfi$-ED~Pb)Hmx9gr$ztGV;B~kl(Hy$T679@fF5?Ak$yxsoh+40|RQG&qL z_FX~K@ke*N3F{fhEn|_Rpr&^lEy_qxm4d)<+i5ykTUfwm@sX7#w^l@8nel7gC1>nL z*VCeeZ*>$NE5xl%OPu@I!td`B5JKUK>u>jI1-@8Ggn0n>WK~(>w<2!FR3X2k@0NwO zg?Wu8!Z_E9Mvfu zmE9S#`pi*n#>U>-%zT-5zQP?vs9el`e4lG3$Fk0id_w7!h$6B;RVs=0Hw@zsmw z0Qld~{NFjl7IM#&XxaEe|9fl7LB~##X5&cmWz3^BvW%n-dsReCyu5Yy;kl3>PKnZA zoslBnJeQQW)*w6CA~Gx(UjMVTJ-c&^dWj4{pWs=|_e55cxDOIC7lZKw%Y+o|Z@pdb zmAe$~6*g1`GJP$aL~m9>vO5f)Nj+%qk;mj~g~ zR_810U**T_ei^hSuk*>c`KyoFYEN$4cDidb?c6>(Z!&o^+nKWCC8429qxP1&JxXws zPwaC3p&nRw0bReuKKePg?WlchrsIv)*O%#*-W93**Jqd(5vUpCJ%%{qGXA15p$Wx)scP*_d?qmg)A67cv#o#RmrP(Q`#PFN!@Vdy~g{LNr zA%~%ETdv=kx{k0ae~UK)yQrxDtPrdW4von@%}tZZAk)(|9G3xt z)#)2vsL8V&BL(6I-fI%z?W)Ml&UI5j(lO zW;5wat6Za1FIfG#^SYnTl$C*jJ>^rsP1W0Kq?c8j9%G)B?}wuVgM7bv@IA0y&7Tf( zV^vJk^BLG!?p^L*M#OLz6pbl2+FqitV1%^NJ|2%ble;?4H;hU3B(I zRgAf{nrusnyK=xjz8}#`<4ruWwFd>W-3ycpR`Q!AzoJyB3{ zHwApAgc^%%EvOi{d37-FeOW#l8XJ<*a=7JZg9As0T9o*$NEBF#yA_o?t+=uosZu{Z z*^d+qO5ayzVk)ODWLz%ZTx<-a9L`s6->=1!Uiwn1rxvbD5v0V;70-@HoM~CL(Vzh=c?P9S}Y}Ygkf6tjVem$c$*{++g=hlLld|xJ`Mh&nML}zNXF>u-3 z6O&`a9=Xns^L>3`jN|f=VrJO7ZaQMr!Vq4ENuWDRCP1BCSo~?h#k)Cb?M2J`X++m7 z_G>+7_ZhR1bE#4 z7-X_Rdfui~@ZF*kSHBKVzfQmIm2u}2PNv$=PJ^Sv3i?mBgUj7bU+?*i&is-#G{ukf zkM60Q^Sto<=h1te<5)4xh0^?b;;c6oxq}?=WSo-kV)qk?-=`w5pi{v&>V zJ~bXoA+ZdcoFO8;eDIz=b`m;ZIs{MUmDY}L?}HVblA8 z7vW8*phGBmdaM+6wTK~NGeB;cN5R(iLO+xD$G3)R`WF&nDo&0^{`mWQvUvM@@gFE6 zw$E3~9GzV34sg69hXubNqCUDcR>MiDdC{e5=L!tLJ5EiLT8(7roYwMl^-6ZLHaI9s z4?M3>4zUI78+2YiB7`g|HMP~#3G2o88xo2}8oWoK7xqiK{`#xwXlf&TpbV)@{Vk@-<#MeQ}(Ecy948VLO4HPzviNh_!u z-ByXdOHFoc?_NdKF$bCkc!b2BR&eeFqSF!6BlY-*Z{$x_*PN6tCO z^Giss-XLu{vv{KPw=4aq=K95v5-xMp;bvg8#Y;8+s)_6VL(M4_MQUWa8tpz+`vo2g zY^wVh9kc|PWG}I2Jn2>g)Er*b*|R{&l~&oerwt_eN=7BzEbyL4W!2SXq|fQe_po5x z_U-6+dXI!mDz}|2B$VjE)U@#W`i7~+^`O;vNP7JKc-*eHv#9q9T8d?#{gS)9$nyWj z@IEN*Ly00W#*MK3~f>xGmD>qe_kJYF|j~46C(p zE@bKoIWmq&>Y&0BQZY?Ggi)0IhY@W^<*q|jAoDXPXD2na@h_iM`JqDx{dt&M}ygF*=Pd?wuUIse8p4@r6=4cIZc3 zvz7c$W(*H&!shM{Bc2b*sXyRMccQo{Y9zWat2LR&@v7VBkD7yXLr0_GZW7_q*T@XV zx+do8CFFTeRYTCnJI;-iob0MV=*g>bTc6^M{?89nE8=5w zX}BbFK*PMh#|xXNgvXEB29(vcB2aUNC__#e_s%@tc{-fgXRDTsg0zB4T5mzQw@(=z z!J|a}gF=euTaFEI2br}kSUE$FAx6Zo=lnIV6E0NO)e{(@eb)I+aM>gUS~$t;WIA1y z-UyW)SNygRDD>9>RoX=uQi*>FVYaVt{``FEqD;YBwsm-TeDA@7XATCpG{au`(%cQR zw6in&c_^B?aNN+N%rNrR5?ue;r!o~Z?+Y~ zQBhLr;wzooO_H^z0{_Zl*`v$%l-O;p3RF**9%A3w4N`YC+gaL8)AGaNq*1B7d z7l!-qJKnDKTGmvJ!3&1hz9G$ow7!ffKU@J6IaSqSWW%G#M*j*JI9OQkd@SIdWxCK&djD}&?FDSgrhB@shzS>&TI1S8U zxIqf2PMB030=uh?5i6@k_tq;EIHVK1Hu65VhV=K_#KbPiJ(HVScKmDLU}j-M_v_yK zNh_hkRo_rJMEsE}R|3z0%3nZ>x9;=s`#P#1NFsIu)b zKEMo^Xf6xS{&uU#kv5X?j2=%S*q)M#Ef5j{el}6J4dW8SQ868=p%aK1TojK=8yb*1 z;mSN_%vUXfq8jx2$#eMAu1KKUk9ZT8j6%um*UT^auSCY0VM%b+{AbP;*CufQ-W~g=|MOwEL-y=z z>Rj;DjqKKTncRe13=ZGt#ivq83iy?4sSmBmK8R z&^d?>C${*6a_`UA--BVh6yy#L3(0?{z+^mKvUhfcmuR1xU4`0q^9Aqkair26H_vwl zjJ5Jo{#VS5>^v4#^eaZS8<>BD^2^ut^gS`!$&4`J6tSMc5Ta7dc--~#J$sc!F?d;eh zTpDE^Y<9SPX;VSe&%auZLS%xk*3mT3w8O(215My`dc!0!+TrDMM#tx)Fa7^Lx=7U) zPn0;@a)YlkN$^g#+cmXL&tIuU(R`Cu(iD>Rdvc3gdd3Ea>WdW@`Is9hRYR;?-A((1 zz)-%i6zqt=YH&ps1aqpf9y4ml7<-kElKHWq8*>Vqt8(xqC}g6=g}XP4K}$1_cVT!rs&cw#D zN+ddJsvnw8nbiO7tRHY6NNT$m^im6aCBk;g|GfsyPGT_7r7Uw2wy)c6o7{JFI(e?E z-8R1#-~&mdrDcPY^!r7lPX(#}Y;H$?!9;A(5_dRLovy4?rPO zG8G?lS9;rxTKrOreZ^sl`t{8R_A%?+qP%B~G-QELKk^w4nEiaC8Vf!j*g-rVPByto zNh<$DBt9D^I!>y{(+M+-PFl_dN0nE)LE~#Q!rT!rX%Le9_u_dbi8?`2S^vWTyeR7oa2T@g8&$Q(6u-5vX zmX9MG7Up7$y|YWa)N*LQxzi|`c&yf0(Newfp;Hew#n_L@wC@QK2HpQuUeS@Z;_v5sOxxHhV_S69t1-wHqJ&lu=&`ao%<;hw6}!NRd-0zzAkK zgi8Ed{xYB#ESXE=+s~FHwQH6IZcx9X;q@l5|NQ{=aqHatPtlK`cjDFSY@^60Vxx*$ z9Ay;_~5-CgoQF%mz_Ci;agcH>v2D-p8#xb=2BYA%O;h zngPQ7#~kklJ-ga$j;0Ju2nY;#{ura(&ym)G8EkM1ZY#Ik8>#JeV;N}#*l4x=w~72E z=-!k+9$1FC9CDtJ#qUkL;MzVxd)Z>ru3u*-BO_#HZk>>({J$+MSh|d!nalTX(PsyB zZZOZrrX04%caR`Y8&b73`mRMr#(?||^93vN)X=03^e&f`9NRRT!mAx-a=iGUV)99$CqeOjj3r+@{vvf~H(B$@?U0RulYt&Lp4Y z$kqNgE&OoF2;^X-+tg=ph5sD6LB9Bp@!*JXp!5dL4_M8rQANo9O6T)vE&RWSOr zKCykfl~d27!3JLq%c0^G>%M-N+>`$eV`x}Jev4XTS#Zl`Jy`ILE-vrwJ5^k&=H`~B zV8i~Bq%d6iyrH`fK6kilSS|P<;GQ|N{ol-nb&ZOu!=(~F!9akEPtaYOEs_7=H#F8% zxmk14t;Qc7;VAZYNaY#y_nNy~Z=IZ7Ifj4hF4oF3aX%W;9+D2gKUCCI#qI&(J*O9%<9L`)Y@7o( zWetp!PiYY=n^Ufqz#cFh*m5Czj}nF9+@s<-nhxaB6kUyZQIy8(=da-)<$bBijpZ#e z8Z}*G}*jA((?SXHS^0@3Z06+0$Kn!`B<3bF!1hhQlqA_X-x^4?fij= zH-?Bp!9(Xxa(k+;7cGQ0YP#A3uumT+j~pML;6K0@r7|Exzg<*jo7qr{5|7Da5wYom z|2!BMQ4d5=N@0c^@&va?C!G}V`m&O3EaZgEx?jatCI84?lFxq}0GI&zYR+;qnA zPi3TWN${UJ#u+MV_hY+>j@dtV7a>w-WSZ_D@g*g_cPyzT1C0!PB>}nqFDEDIyZ7)` zD-8LFnaWE$ZR+3{_}zCPjRj6R#;2NQyp&N1d57%VlHo$$l#gG$z}X_xJv=@#tkVvO z45bz0Gf_X+q$vFTk?(nttb8y@?D)ptZGCqQ)`PWPfj=y$5V<;iPf1EnaO(KP7d$i! zl81V>lng9aJ_*r;;6f)ZEE(iLs1W0?6ONIlsQ_~k%sjL)H8#5a`SUkF{}VFYfO@VU z_<))v0hOr_Y8uM?N)Jak-COtu`EC zNIAbsNeeMDCD^bSY?|{v1RDvF))STca7z2n_IggPm9Uuio5IjA8s9?MF8!Spvb0&E z2vjTgKUGV6@9djIAxUp|etqzk3xgSLeu$C?Jv{75m4PD!c(>mBrQCag2m}%rpmCs* za|pckn2#~E$oFJS#MMg>10=-kz$kZo{x6+Yknl5E=upVBzBhZ;M$!ciDUI^;#l}~z z5$?hn4;Y6NA@?=2A%zANPF03FyjyVHQ@kaE!ot#c7#$L6zw{1&0X+OAbmV?y23=84 z9-i94*NtS57xAAZyf)=aId1%vnGM!*yEauv-hoo`c^kIO6mCd9Ufs14o@pvd*Z);bf^vU10fY#_G+iK+efSpVWuGXe?{@SYgP6y?x61e6Cg zm`e$+A1CHd0o10LzN#Dcjah+-tY!C%X^*o+LtJSf$=LBX0GibDk{4r*rE~*1KL9G9G zD~SR)ZadBX6*tzm+lZErKD75xJzu%cbm;OGX_MVuaEhUax3S3`s@UKO|6U##tALFg z+!|HASI;~Rx#0j;y^bGaD3>$?fg1!(cQ&-tn)Cdv^9XL=`btAS0OIjcK=|6?zt;*} z6`4)mu&}T*;8C2Mk=9N3nHQuHw$4sZ_W+_pPEPLYq8%y0MPm&jc|sfW&yVd&Oz_4x zfH~lTdxx2pp%X>Y^SjI4+gm#nl-#26BP&lOvT(P_R&i#@aln_GYrQ6`YXOC|Lm^N@ z@S1qtqSv;Zao0~TN}AijIzGd*0l9oU2uxH{U52?@pw@mD02uILloV6=tn0dd_Vnz% z69GEM8xA7q-m3ZhSyfL@$<~$~;9O;z3f|u0prl1hOZy?F%DvAis>@G44}eK(@ERC( zPEPl9q1LRd_mPoz9UL40v<02FE-w6VWdw?a$UZl7T}(f?RmiSDWfcxlIHd2|+Ex#KJPSwPj$oC=`DF`ZWcRB{-D| zVoy)sF|)9^uID9~nVT=>r`W()B*ZESg#gJy^~H;>t-5(76_tA$8XBpNzvM(t7yR1w z*50F$XBHQSR#kCTRaG&vvHgbkElpXLV~aD~$3#$B4!RjKp1*u43$q$W?3D80cOODy zrep2E{+ApBvLx$o;krf8fWvNRXaFgn)aQ(Ve*hHQ-e&bcOhQ6em2ppSSlBY)Lk#Dd zU4hf&+qB&XC^BEA0>i8GBLoHyfOpKpB`yJ2*ghz_{&q8%5F^ zdK7J<_&tP)?!cS|V}brYoAI_ECMKr*?uM?h1PBoh&Q8~LVMI#*0 zj|j0~n1H2`h#;1fjQ)JaKik1nkm@U+X8@#^OHltZfj>)i8e$NDmFA-{Z6pEGy9hNM zn2)<|Eu`+7l~!}jNq|VvFRueE1b`hx@$m7@;mLI1E3f$DE1`>jQZ1@q@Wn!KV>lm1 z0HGlo@H?pyB>ekuFHz0SA_yI^FTiH|2}my%#Kn<7&r1X})A~Vw4f_kIT73&8U_sCq ze6lq65p=&Hv(v+2QFvc+{`cR12xb#PbjbtM_JGNB0Gz;G0ADHm%N#h;b$kbL zPbQ3p#9hcdLiyy6V`HU4IM2hHd=&PqKMx&;ho=Ekb?3zk`$klA3-dgPC41JXJD!_M z$4)+VHhJikk^S5EU1#EtWDJy(lan4B+Vi&p8?Q#j$KQ4mo5K8;m6OY= zth8rm;Bwn;yYZ4&PzVVNlgt?c>8?6$iB>>c;Nb`Ttze+1cK~eN0Z)$tAmDX9@mo#ykuC5sn;+4u?6AL6;+z`wA1IoSil29NjK&A`9_ zgSfc&A6hp4gwLNp+t-!%94UgKG%_&ESzm|V6dYNO4u3-ZIyeh-ZF6#Q=~ZmG5%uRY zFcex}YWL=|=7HsFZ~O_yZ~tvoaHM0VYKg2;_%aFBT7})VqCrj$)JY_=2K6Z15Bm6B zL9OZ?4Ds1`+x7R#F7l@Fwb%CF33`*bg8+Jx5d_$rOr=O?T~ljoR*-)pbD4E|fPfeR z)kyFwN@B11>m5Uep7Bp^o0~3oC0P&XW6dYFppc1h8I0hZ5VW_zzKpnI$o6p%IcKD| z)|Nq@LOg#un-LS7;YC8-7Co88IFZO#94WptrJ{P#^2!RoPi-Gjiu04S=)nt{0MC)` z_P1#Fad%7%-kj@NTGnapXH{6+Q2RmkLkKkbCk$^Kf!<`GZCyPg` z);Rj+IkhV$qWESwb&&rEF2OUnGf1wuxEo+Ips`KlA*+X1HYoWK^w68Rjq}_ zY3mC;*MQU0Q_;H|X%+L+4)tJjR$}4ki>q;j;wmeBX=Zk&X3_CP_T;ZAr6+pFiB>X{ zM7c!`@qzh-;E=1R+`S_lvvGBVGEV+=QgQ%rN@C}KXh5LyF<^^yb#)(U)u8*l9S}`` zrIJji@NsZ}GshfC8WB_%D6Is1M6LTsA)m9vYq9oAhUC>2&X z-K;BnF9DX1Z$R_}L7I909vKAo8oHhKiG@B`B13+LJ{1xvMizQ}&P~sJ;isu{X()(o zmiLKFLuP*R*aDI^g7niWy4q1)%QT{_7(HydRCi_GDv+ejissUPk2(i^A--R8b4vR9 z`tQC``+a@PL6qCvOxiT7WMDw;=jS(JB{@$3!NJFmgfX$PLuNdOhlkJA)Y@yzhtY4} zGOL}^XT3&96+-Wv4$M3tyy390LX@j=pKbF zGWE0RoR)I;4QR_Cmol??hxA^%DnH>aCCk=p<$96ZY&{2=uE!?vVQB;g>HEc>{_fAOJXEbfCQ?HhYI?d=sOPkD?Zz{FJ2 zVFCxnoud^?op50bVSXZ@SXGAsuFyxwX&S19-Ih>fgpRYOXXp60#%yPP`V8|jm#?2( zKyoFgg7QI{<`m2Ki5O8O_(V<_f4DVCsC~g3@NhZxom@^bN6n-i1AAazPY&UclMx7- z>`3JdZR!&$bG`xx&MG?_g^Cpsa&+g>ejlEgVSbN`FQIHpVH0Iq2U_IQvczAx(ru!G zAdd%U_Q?)T%&K46-Mvfg#7kdrjXeJ3MID4e@YxNgr!UXXFQA?PA?vn=`smWp-Hb!9 z+*!jGAyE9A88W-mtG_mee4=)Hl<>W-_F@^r;dAJA~U>-dahFDCYXb2sbu{goKhl2ss^R3iX{{j-Oh?Pkd4?UfOxL zsEQhDS|K$fv~Y-lPLy{&lLZN#ldyHJiU=K1fHIgX&2HDSb+Q(Ps7_$h*|Bji;T(iU zAE8Ztf1=3tZ*E26(dR@n%G{3Vvxd>80vT33GU5>X1i}M94GlHu$z%s%9Fm0Y`u~;d zROq>BUp=){Vx;D-ZB z3o3(9e+w#wh#D%gCXI)550=}Hi?u*ha5AYK?JaXCwc12j&bQo|9nV@Y!v4c6OOE&9@*K8g+Ku_5J(M;9$i?l$kk`bCYM?2_NA#Q0U%* zj&RRCnhsiM0hKp=%OckH+LtO)KuX2TdWX^#$0-Gem)O?AJQg`d0y=8)Yir{{^*56d z({lXN?ABhb<@okTB=MsWHGrJjABpYn@4o|y!;q+`1ko4h_CKHuuvf`B!p|ee(Qyy@ z5`1W=4PJ`xfm)M?*gREPIn=Q~jyd0#5<-G(dRIIUr_!<5>U|I{kVc8-*6}F>Dz4}2 z1?_c!!vf(?5df#n?lgLeQQ(Lk;y%!IyoWHPfYL;&pS1z=OD=Y?iO`b;7pYm2@jil= zi%_n;{39ctT~iYWywP`28)e1C2H!&o5S}WI_$9|o=q^a#24+;757UEE@K*$8je9@@ zKi&5PP=yO{FDrmFTS4FviSF!!-&F0mu8Mdeh;IhA-o7|Th^(Fh9=gXkLAMiuh0JC| z01tH>y6F(UE-)5xrayuI?Eru|2heX^aui|$CmSwKbeswhvq(^R?HQu$5cn9KE}@{! z@aah%lweh&p(>`_hc)lqfLc^qESkITPY}<0M?kmtQF5pzOT0fs=*vHW5qR3~(%O#r zXkaMvi;xdgbh*&~6=t_>0sYte1O(ABRXgu#VM7O_SmAbL(RwkvgK)~hrSAo@Cj?*! z0_Ejtm-z2Q!$=4T5xmmfr7(5}2qL(E7zyydZ{WH&bvfPa28pkLPj3QtKh^vC3_)8w zxo`#76?vlGo(3$hP#7UAf*gk!c!XPz)C|B~#1o*Ur$>A!kkcxNwxh}?f5>Z52smvY6z4HBeVxK;wt-PX(R+p50GJ} z*C%ZQAbMNBo}cpL$BzY2KF$HA7*fG-ca+y54QN2F{J}FI9o}#>%B53Nc|`;Jg}jso zYtlN?A4jwo!-BYXvi&7`Q^o!(i#xiH-;0bb=-i09{&$=BC_+w7o@j5X9w@6+M0cv} z7A25C$g>NAeZ;y6J zZ&5d(54sviVzU4!RFnk}f?Y*~4w1s!NDC05t-|-l688r6YDByWz*B%bc6whQP_O~m z5-5e`&HI>u-~$2N-2w0G*yQAgptp>4ur|QJ!V(4`=Wvi?1-Fz6$-vMMp~@W{9sNlA zGlKr<3wTUF2r8r1lttrLR*VE2{fX9~@c@7bnK{*A|AH|h;A8|tH4myq-^v!jQGxh6 z1`nszGG8+%i;`dA77M+t1fe2ne?9Q*7!NQI*8bj1ZAFg0Tq_s`mt| zpva}pOyDX=jOb}2SSK3o_JvRs@D_BmC|mT@wek^q_Kje%w|*{=lc+yPF=QSu+Ol{a;4KsczL9Fok=Ak~j!i-CK6Bytnt9ehm-9piyXQ z?cLP5tl6uKZlH9Dx8J$=v~;TqD?2fUJ|7xb>iu)6k*5&JOa8n9sR; zbhr{qd3r{w5{l|gQR}hTd~V%Z{K5C-&gC^F{hEQ4xo+OtRRVw?FC0+Q4@3t}qFZ&T zk&uWZN`~QxL!_I zL!zgrcbW=PDxg{YW*i<7p(1bobk7C-M~1qv%XY4Alk?%u{QR4~YB zdv9+~AB6G|2zv^O46TfV-Q7$;zdn_g#v>t7(9uo}q8$pr)i{v1?=g@&3<)i8;PiJgyp z`10lPl~;IpcyMs=0?=2RAtwoJ>k6=%w@^@uii@e)*#|N^UG3~36bXcc#X6cexwu#A zVtWut>T4hti@G0o%*>GbG`Z|7ZEZzVS93#N>2PcMfvKtK<<-?B;ExfBjjgF#8Zj|) zcqaP?2j=swqL4H}rDS9bhA~5k+5f80mqb{L)YR17!^5X#n)rBl+2YPGUlNU%zc%el z=GAF_7af50U>~+@HC0t#2nWRoz`G>Qy#19N>P6n9~D zW;)~5RoaZUr`7ZkoV;b)JM|J-Uw-^RcS-n-7an%LcNCK(v|+M6(*X15BFm&(2Z+I7 zPTB_saD3nnW8&ixFyQpl<0M{7!jB(6-o%H*`Qt`)9;Fb^XgpXtQ7;MVC+P3)qd79U z+xeL_SAQdGzv+ef`gX8n4k}J<2H2W@`q!E7TUc$_`n(Sggwm9RJfF7E?%-?`=I1W7 zo6Xd7wzwS`eDOgBw&;h{)Lz&oFFNX;L8_31&x(?XNzUdzRr(v7PyM;6Z5^v6;})yO z*LoIC_X@3YRW_^--}LD^E$-a?F?xc@$;I_6N`a-mq;q0|=taUj8@I=nG-`m9)T!vG z*3|0};a`&14|>34gE05R^fW#$Zlf>ES!gYg%^qwba@Zi^pvEE z)R#7v11c*I=`b-6?G+<$A3h^C^%4krfmJ6i@FvGW_PMMf+1amjQ}`Fz;1y`y625P*4uk7$W;5I~+RJVVd zmN{%O;5%bV*RZQpB6jOQ1ds+rEw1mAM2T?*ImCaxY_2Z_KB z={6e*EVjyu8v@z|xOo416tqD$w&vLUeONWVX)L?lmUN(4S6yMff4KH5b$L%8p@w+- zG>QWUq*J#687mJ{xt69*&^>2+-O?EmKFw26O(S~n*$a3@nb{KBX)@^^@83S~PA8u3 zA465ZdfOn^F(1>6gC~Km!qAs2@W$4(rp^F|k2CC(=D<+++&7!mBo4ZEp z8bzh0w96*U#>uK$H6EBWIT;rPP^s_kYltXtvFv3nwfJwu1#5qI*CL|9)roaW!U=io z^YQsW-2Ddz7Mf%)Kbp&P@^P+Cjbhci))=jvzG94L{@KH0G%L@*EgAu@HX-~NmtbB| zbKcCiE&*SzZB*4Fr zJ$Ew;S0Z@6tVUh(yzG&K!~WoUjXJVC4NY%fpV|8AliypyQPz`^&&)B@q}%-Sb8pk+ z-Gc;G=~Vp#OA_Iw2bX>wey^8)ueXmXba$}5{Qh>}B)?g)J(a24;b6*`G^NRY)d0_4 zVSIQ_+=s2KRKU3sJ+G=U%F_V-=_9fYu{)~HmDFry?k?H3XwffH{C6)OZ_Py2BGBt;P zc46gYkUN8kfD@DwYMPPx>g{jSGM=0bODcno;#ZUpxDsxN<#mY+*`gY&MJ0QC442W9 z=gbk0voc|R^t>p~;^IRkA2{^G>Ym>-w7ENdqA|ecv68|LfD}@(UBPZs)J2|X z+K@z|4s2G^&>&bJFXz~L-Ghw&SM-A}MVaC0MAH3YELo9Lx>(bevxzyBNkKuQHT8md zkaSH=;cxH!iAh64^N_EiYoz10f&$hf)?Vyeb{L%jAAAr^%``?928z}BcPFMM-dG!l z`F~Z3IOixQ$C;vr3 zGTp_Wmt()&S+lq2vFju(+?^na{%-@jB=FF76}Ml5gAm{Ib-T{CPwPA`j!f@tk4F=1 zoFEMfa`-Q_`W`l>A4%f za9#Pb_X{i6(&-`DtPkuyxKV#EXrEF3HGqN{7;BLjPxD$W@C_SW59qy*a8V(pYhl5B zc6R3NN@6on@g5?Ah9v(}cHs=iWNgd1T($A^-o(0?we+37B>bR1q(r?gT{ypHM)5QF zwkm6Ff0zo78Cn=fuYJMgE7O%)JFSi5c{CXGViJTmU zOceQ*?lh0(Sol{zw41+2cYm6~^XIrIsCVAX)Z0TQ;vPA9KcviekFT%FXV_o2 zD$cih$~}7qLwK}49E7M3z;7v=M=IrMZE?pFny-r1DeKeSqQQI75p7l}3P0M|-!_Vl zjSqn_9^-RHogR&Y!s`C_-WiED5eAl6ii5XilRu-Xs#FyfOH8vL4aYsqEsOg|n4?|{ zGitP){l`FFQ7je`F~90r#yDz)^$t$d(Lz@;GfSDa+mAlB4w~oe?mwVn{;K&MrynY| z!Tw4&+`44jHn_3j4|zj>{E(gVzVWpewWgKn<$7R(K-oyEtKaA32x2Egx2?)Obh^7&A-Csc&ScjIOFYz($fNQXlCRls)2B}t zc6OBEX~5{10$T{l<7_qI&O;v1ta+c2K>^twe}8|(OB5CFfRj3W@?&lXD(MhlqKb=) zC-YhVgj`KSR&@nNyA)ssC|H;yu!XE|C9g`{q{M2}cm*Jm2I>ul%gg@sd~N;tpp4jwx|N5Z*H`*HE{+mpCW;pG6m`M{>z_{PYn z!yf~mk(D(M_8xV0bzBOH0r+Slh(4b@dEy@sV87IX0X&qWHJ*37Z(#3IR#lDpx)(_* zC;^X1<&x(e0}oH!|7+>W1JdK;g3>@As1n2Car+j*(3^=XAPve$^>*ei%y-uw`XsRAxC+BQmB0 zpzi3=RZ_C*HSO(7A~F6`R8(|ALh$nPDtr1=QC0N?ETEbOrx(|Q-H6ZH~Rjvii#2O zCcNyy(MCncmNstONPGsg+#P1tp`k`}I(>#SmaIe~AzS>GZ0Mu7oW|AK5vwYg9BRL> zg82J9IM|wFzZ@oZ&G60gX<;WMjpq+D_4V}FU@9b;-$iINnv;u5VsbJO@Xk;CHTGxk z+5F;%thBWD>eUxO<`Y~mXm%B&fDf0;dC|VBi`+2i%I&~C{e)%8cn(wmhwm1pl9`*6_XBPG$#qyk)nwlC|6N0VX=w9U) zxOZzqo?0>2x2M!Mr@C2KX%s1|VRkhsDGr$yyrJX>$eZYl3~i`|Jn=h99(e_Y+Iv=) zii^3tgWsbigRE_AlvGq~kTO9?f!u9BJO?f}E-6VxR#w)@tq zh#Z?>*MjEu^z-AUo@vW=zu>FVlAlrDgY)1y?2UD1yBzhE81!VbvoE+@zT5fqe;RKa4ghQ#yEpFdAU zMt|S^{{0aTk6LiW(|L-}hw#&|>V-1uCRafRThrAWfzpAePTgN(m=;wlhf@#sg#zfu5*RPLa4G0f9$t8Bw z$9|1teHDv;E>l)!fjuL9*YvBn_XPYCh5;X3`?I%VHB`wo^YEFm_OBV8CL!OHL6Q~R zhz+g=Ei^DV_?$aAzynbOE;y>{?CvXIZ&6=dVlXx!V;F}e!dGdyznbhGF}Z+5A~`uZ z$tx;?uIka(d{(17vY?5R-o?_b?jDx7K8EOTc9KaQ;-1Y0LR#v zkqqEn%4nJ=WNFJX&5LZxvJi;C7yXHW9BYTBGh1b0&dT|;}*rmN6; zT)lpM=j_i>9=sNTg`Icb&7GYd+8!Ki0QnACn0|0ABJ=QYYgTFNLE4{rd23+2c7!|e z@pbCfOZY-GjufjbXaHGN+rr|ulJ4FXq;#0+(I(Sv()Sh9=FY-Qa{tJ7kO3C~iH;0v zeY}FUOhyQL`c8Lf=M~l-zZ|!5qDkPbFQK_wY5=*iz$pIH~IIPL_|cGgiWmQ_Vy;q4AANZ zuzUmL;?AzC&CHhOHhb9H+NJ@ca16K5Dm_MBz(@mBUcn>PXOnFZ&MIOA&5_Rp4^{5> z(dFi(Gz?pBS)NP9coLZ~$NleHw=PFViz6eUD9&&UiNgM;wF}HGN)r>62%2#7=4%9+ zI%HT6KS?nOS_yiXzdaiVxsA+12F1uyg0z7e!(>`4TC@n_9KswADczUT0-_~|T_Z}2 z8qt58!LYCE;W0Tha^d0OmRz>DCGWG6x`u|@W={ztBO?sVkQ#R!Kdy(E%fwt4>k1ke z_nsPr?=4X(Pu;X>3zxmJG?;VN?CAr__3Vz;6`Xj-Q*vux1s>NMI2;ppAXB!SYlo@N z>F-_FP!0>zQ~N?n(M9gDvqSLAx}QCVl*ejlAQxY3&M<_;#Lv%9Fg>tvvP`cmJmLC} zL;I*(cX++sM{cSNGeBV8TgOv4xr;Q~^N7`9t@#Kwr|Yk*wi6ujA78Ed!0~wa`@7|& zj!@ce&Q^gL$unNFek~=-Q1XJr7yILebjL$cS4x*`a4GZf@z{8BWz0N>cV`uqL9%l$ zZ)3xhdBFv-E&G)Yti53v`#)Mv9*kM_i{46rLySDdb{oE1KwQqhlDM2F4)DM{r7{1U mD5N>WAJ4OT#HC=BP%ighr~Cb5$74nCv&(Al&O*xJ^Zx+oftxD; literal 0 HcmV?d00001 diff --git a/tests/conftest.py b/tests/conftest.py index 98f275e2e..cb404a9c0 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -38,12 +38,15 @@ def _plan_runner(): fixture_parent = os.path.dirname(fixture_path) fixture_prefix = os.path.basename(fixture_path) + "_" - + tf_lock = os.path.join(BASEDIR, 'tests/.terraform.lock.hcl') + tf_lock_use = os.path.isfile(tf_lock) with tempfile.TemporaryDirectory(prefix=fixture_prefix, dir=fixture_parent) as tmp_path: # copy fixture to a temporary directory so we can execute # multiple tests in parallel shutil.copytree(fixture_path, tmp_path, dirs_exist_ok=True) + if tf_lock_use: + os.symlink(tf_lock, os.path.join(tmp_path, '.terraform.lock.hcl')) tf = tftest.TerraformTest(tmp_path, BASEDIR, os.environ.get('TERRAFORM', 'terraform')) tf.setup(upgrade=True) @@ -52,7 +55,7 @@ def _plan_runner(): return run_plan -@pytest.fixture(scope='session') +@ pytest.fixture(scope='session') def plan_runner(_plan_runner): "Returns a function to run Terraform plan on a module fixture." @@ -66,7 +69,7 @@ def plan_runner(_plan_runner): return run_plan -@pytest.fixture(scope='session') +@ pytest.fixture(scope='session') def e2e_plan_runner(_plan_runner): "Returns a function to run Terraform plan on an end-to-end fixture." @@ -88,7 +91,7 @@ def e2e_plan_runner(_plan_runner): return run_plan -@pytest.fixture(scope='session') +@ pytest.fixture(scope='session') def example_plan_runner(_plan_runner): "Returns a function to run Terraform plan on documentation examples." @@ -104,7 +107,7 @@ def example_plan_runner(_plan_runner): return run_plan -@pytest.fixture(scope='session') +@ pytest.fixture(scope='session') def apply_runner(): "Returns a function to run Terraform apply on a fixture." diff --git a/tests/modules/examples/conftest.py b/tests/doc_examples/conftest.py similarity index 96% rename from tests/modules/examples/conftest.py rename to tests/doc_examples/conftest.py index be07a74eb..f36191dc8 100644 --- a/tests/modules/examples/conftest.py +++ b/tests/doc_examples/conftest.py @@ -17,7 +17,7 @@ from pathlib import Path import marko -MODULES_PATH = Path(__file__).parents[3] / 'modules/' +MODULES_PATH = Path(__file__).parents[2] / 'modules/' print(MODULES_PATH) diff --git a/tests/modules/examples/test_plan.py b/tests/doc_examples/test_plan.py similarity index 80% rename from tests/modules/examples/test_plan.py rename to tests/doc_examples/test_plan.py index b1112a10c..6c8d186a7 100644 --- a/tests/modules/examples/test_plan.py +++ b/tests/doc_examples/test_plan.py @@ -12,21 +12,19 @@ # See the License for the specific language governing permissions and # limitations under the License. -import tftest import re -import tempfile from pathlib import Path -import marko -MODULES_PATH = Path(__file__, '../../../../modules/').resolve() -VARIABLES_PATH = Path(__file__, '../variables.tf').resolve() +BASE_PATH = Path(__file__).parent EXPECTED_RESOURCES_RE = re.compile(r'# tftest:modules=(\d+):resources=(\d+)') def test_example(example_plan_runner, tmp_path, example): - (tmp_path / 'modules').symlink_to(MODULES_PATH) - (tmp_path / 'variables.tf').symlink_to(VARIABLES_PATH) + (tmp_path / 'modules').symlink_to( + Path(BASE_PATH, '../../modules/').resolve()) + (tmp_path / 'variables.tf').symlink_to( + Path(BASE_PATH, 'variables.tf').resolve()) (tmp_path / 'main.tf').write_text(example) match = EXPECTED_RESOURCES_RE.search(example) diff --git a/tests/modules/examples/variables.tf b/tests/doc_examples/variables.tf similarity index 100% rename from tests/modules/examples/variables.tf rename to tests/doc_examples/variables.tf diff --git a/tests/examples/factories/net-vpc-firewall-yaml/__init__.py b/tests/examples/factories/net_vpc_firewall_yaml/__init__.py similarity index 100% rename from tests/examples/factories/net-vpc-firewall-yaml/__init__.py rename to tests/examples/factories/net_vpc_firewall_yaml/__init__.py diff --git a/tests/examples/factories/net-vpc-firewall-yaml/fixture/main.tf b/tests/examples/factories/net_vpc_firewall_yaml/fixture/main.tf similarity index 100% rename from tests/examples/factories/net-vpc-firewall-yaml/fixture/main.tf rename to tests/examples/factories/net_vpc_firewall_yaml/fixture/main.tf diff --git a/tests/examples/factories/net-vpc-firewall-yaml/fixture/rules/common.yaml b/tests/examples/factories/net_vpc_firewall_yaml/fixture/rules/common.yaml similarity index 100% rename from tests/examples/factories/net-vpc-firewall-yaml/fixture/rules/common.yaml rename to tests/examples/factories/net_vpc_firewall_yaml/fixture/rules/common.yaml diff --git a/tests/examples/factories/net-vpc-firewall-yaml/fixture/variables.tf b/tests/examples/factories/net_vpc_firewall_yaml/fixture/variables.tf similarity index 100% rename from tests/examples/factories/net-vpc-firewall-yaml/fixture/variables.tf rename to tests/examples/factories/net_vpc_firewall_yaml/fixture/variables.tf diff --git a/tests/examples/factories/net-vpc-firewall-yaml/test_plan.py b/tests/examples/factories/net_vpc_firewall_yaml/test_plan.py similarity index 100% rename from tests/examples/factories/net-vpc-firewall-yaml/test_plan.py rename to tests/examples/factories/net_vpc_firewall_yaml/test_plan.py diff --git a/tests/fast/README.md b/tests/fast/README.md new file mode 100644 index 000000000..01ea3e691 --- /dev/null +++ b/tests/fast/README.md @@ -0,0 +1,34 @@ +# Fabric FAST + +Setting up a production-ready GCP organization is often a time-consuming process. Fabric FAST aims to speed up this process via two complementary goals. On the one hand, FAST provides a design of a GCP organization that includes the typical elements required by enterprise customers. Secondly, we provide a reference implementation of the FAST design using Terraform. + +Note that while our implementation is necessarily influenced (and constrained) by the way Terraform works, the design we put forward only refers to GCP constructs and features. In other words, while we use Terraform for our reference implementation, in theory, the FAST design can be implemented using any other tool (e.g., Pulumi, bash scripts, or even calling the relevant APIs directly). + +Fabric FAST comes from engineers in Google Cloud's Professional Services Organization, with a combined experience of decades solving the typical technical problems faced by GCP customers. While every GCP user has specific requirements, many common issues arise repeatedly. Solving those issues correctly from the beginning is key to a robust and scalable GCP setup. It's those common issues and their solutions that Fabric FAST aims to collect and present coherently. + +Fabric FAST was initially conceived to help enterprises quickly set up a GCP organization following battle-tested and widely-used patterns. Despite its origin in enterprise environments, FAST includes many customization points making it an ideal blueprint for organizations of all sizes, ranging from startups to the largest companies. + + +## Guiding principles +### Contracts and stages +FAST uses the concept of stages, which individually perform precise tasks but, taken together, build a functional, ready-to-use GCP organization. More importantly, stages are modeled around the security boundaries that typically appear in mature organizations. This arrangement allows delegating ownership of each stage to the team responsible for the types of resources it manages. For example, as its name suggests, the networking stage sets up all the networking elements and is usually the responsibility of a dedicated networking team within the organization. + +From the perspective of FAST's overall design, stages also work as contacts or interfaces, defining a set of pre-requisites and inputs required to perform their designed task and generating outputs needed by other stages lower in the chain. + +### Security-first design +Security was, from the beginning, one of the most critical elements in the design of Fabric FAST. Many of FAST's design decisions aim to build the foundations of a secure organization. In fact, the first two stages deal mainly with the organization-wide security setup. + +FAST also aims to minimize the number of permissions granted to principals according to the security-first approach previously mentioned. We achieve this through the meticulous use of groups, service accounts, custom roles, and [Cloud IAM Conditions](https://cloud.google.com/iam/docs/conditions-overview), among other things. + +### Extensive use of factories +A resource factory consumes a simple representation of a resource (e.g., in YAML) and deploys it (e.g., using Terraform). Used correctly, factories can help decrease the management overhead of large-scale infrastructure deployments. See "[Resource Factories: A descriptive approach to Terraform](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c)" for more details and the rationale behind factories. + +FAST uses YAML-based factories to deploy subnets and firewall rules and, as its name suggests, in the [project factory](./stages/03-project-factory/) stage. + +## High level design + +TBD + +## Implementation + +TBD diff --git a/tests/fast/__init__.py b/tests/fast/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/fast/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/fast/conftest.py b/tests/fast/conftest.py new file mode 100644 index 000000000..d96af5dcf --- /dev/null +++ b/tests/fast/conftest.py @@ -0,0 +1,48 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"Shared fixtures" + +import inspect +import os +import types + +import pytest +import tftest + + +BASEDIR = os.path.dirname(os.path.dirname(__file__)) + + +@pytest.fixture(scope='session') +def fast_e2e_plan_runner(_plan_runner): + "Plan runner for end-to-end root module, returns modules and resources." + def run_plan(fixture_path=None, targets=None, refresh=True, + include_bare_resources=False, compute_sums=True, **tf_vars): + "Runs Terraform plan on a root module using defaults, returns data." + plan = _plan_runner(fixture_path, targets=targets, refresh=refresh, + **tf_vars) + root_module = plan.root_module['child_modules'][0] + modules = { + m['address'].removeprefix(root_module['address'])[1:]: m['resources'] + for m in root_module['child_modules'] + } + resources = [r for m in modules.values() for r in m] + if include_bare_resources: + bare_resources = root_module['resources'] + resources.extend(bare_resources) + if compute_sums: + return len(modules), len(resources), {k: len(v) for k, v in modules.items()} + return modules, resources + return run_plan diff --git a/tests/fast/stages/__init__.py b/tests/fast/stages/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/fast/stages/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/fast/stages/s00_bootstrap/__init__.py b/tests/fast/stages/s00_bootstrap/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/fast/stages/s00_bootstrap/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/fast/stages/s00_bootstrap/fixture/main.tf b/tests/fast/stages/s00_bootstrap/fixture/main.tf new file mode 100644 index 000000000..1f07048ad --- /dev/null +++ b/tests/fast/stages/s00_bootstrap/fixture/main.tf @@ -0,0 +1,29 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "stage" { + source = "../../../../../fast/stages/00-bootstrap" + prefix = "fast" + organization = { + domain = "fast.example.com" + id = 123456789012 + customer_id = "C00000000" + } + billing_account = { + id = "000000-111111-222222" + organization_id = 123456789012 + } +} diff --git a/tests/fast/stages/s00_bootstrap/test_plan.py b/tests/fast/stages/s00_bootstrap/test_plan.py new file mode 100644 index 000000000..2201cfcc4 --- /dev/null +++ b/tests/fast/stages/s00_bootstrap/test_plan.py @@ -0,0 +1,33 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# _RESOURCE_COUNT = { +# 'module.organization': 28, +# 'module.automation-project': 23, +# 'module.automation-tf-bootstrap-gcs': 1, +# 'module.automation-tf-bootstrap-sa': 1, +# 'module.automation-tf-resman-gcs': 2, +# 'module.automation-tf-resman-sa': 1, +# 'module.billing-export-dataset': 1, +# 'module.billing-export-project': 7, +# 'module.log-export-dataset': 1, +# 'module.log-export-project': 7, +# } + + +def test_counts(fast_e2e_plan_runner): + "Test stage." + # TODO: to re-enable per-module resource count check print _, then test + num_modules, num_resources, _ = fast_e2e_plan_runner() + assert num_modules > 0 and num_resources > 0 diff --git a/tests/fast/stages/s01_resman/__init__.py b/tests/fast/stages/s01_resman/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/fast/stages/s01_resman/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/fast/stages/s01_resman/fixture/main.tf b/tests/fast/stages/s01_resman/fixture/main.tf new file mode 100644 index 000000000..2509f4d52 --- /dev/null +++ b/tests/fast/stages/s01_resman/fixture/main.tf @@ -0,0 +1,42 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "stage" { + source = "../../../../../fast/stages/01-resman" + automation_project_id = "fast-prod-automation" + billing_account = { + id = "000000-111111-222222" + organization_id = 123456789012 + } + custom_roles = { + "organizationIamAdmin" : "organizations/123456789012/roles/organizationIamAdmin", + "xpnServiceAdmin" : "organizations/123456789012/roles/xpnServiceAdmin" + } + groups = { + gcp-billing-admins = "gcp-billing-admins", + gcp-devops = "gcp-devops", + gcp-network-admins = "gcp-network-admins", + gcp-organization-admins = "gcp-organization-admins", + gcp-security-admins = "gcp-security-admins", + gcp-support = "gcp-support" + } + organization = { + domain = "fast.example.com" + id = 123456789012 + customer_id = "C00000000" + } + prefix = "fast2" +} diff --git a/tests/fast/stages/s01_resman/test_plan.py b/tests/fast/stages/s01_resman/test_plan.py new file mode 100644 index 000000000..6189f62e3 --- /dev/null +++ b/tests/fast/stages/s01_resman/test_plan.py @@ -0,0 +1,20 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +def test_counts(fast_e2e_plan_runner): + "Test stage." + num_modules, num_resources, _ = fast_e2e_plan_runner() + # TODO: to re-enable per-module resource count check print _, then test + assert num_modules > 0 and num_resources > 0 diff --git a/tests/fast/stages/s02_networking/__init__.py b/tests/fast/stages/s02_networking/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/fast/stages/s02_networking/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/fast/stages/s02_networking/fixture/main.tf b/tests/fast/stages/s02_networking/fixture/main.tf new file mode 100644 index 000000000..fe1cfbf57 --- /dev/null +++ b/tests/fast/stages/s02_networking/fixture/main.tf @@ -0,0 +1,31 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "stage" { + source = "../../../../../fast/stages/02-networking" + billing_account_id = "000000-111111-222222" + organization = { + domain = "gcp-pso-italy.net" + id = 856933387836 + customer_id = "C01lmug8b" + } + prefix = "fast" + project_factory_sa = { + dev = "foo@iam" + prod = "bar@iam" + } + data_dir = "../../../../../fast/stages/02-networking/data/" +} diff --git a/tests/fast/stages/s02_networking/test_plan.py b/tests/fast/stages/s02_networking/test_plan.py new file mode 100644 index 000000000..6189f62e3 --- /dev/null +++ b/tests/fast/stages/s02_networking/test_plan.py @@ -0,0 +1,20 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +def test_counts(fast_e2e_plan_runner): + "Test stage." + num_modules, num_resources, _ = fast_e2e_plan_runner() + # TODO: to re-enable per-module resource count check print _, then test + assert num_modules > 0 and num_resources > 0 diff --git a/tests/fast/stages/s02_security/__init__.py b/tests/fast/stages/s02_security/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/fast/stages/s02_security/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/fast/stages/s02_security/fixture/main.tf b/tests/fast/stages/s02_security/fixture/main.tf new file mode 100644 index 000000000..20608b288 --- /dev/null +++ b/tests/fast/stages/s02_security/fixture/main.tf @@ -0,0 +1,109 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "stage" { + source = "../../../../../fast/stages/02-security" + billing_account_id = "000000-111111-222222" + folder_id = "folders/12345678" + organization = { + domain = "gcp-pso-italy.net" + id = 856933387836 + customer_id = "C01lmug8b" + } + prefix = "fast" + kms_restricted_admins = { + "dev" : [ + "serviceAccount:fast-dev-resman-pf-0@fast-prod-iac-core-0.iam.gserviceaccount.com" + ], + "prod" : [ + "serviceAccount:fast-prod-resman-pf-0@fast-prod-iac-core-0.iam.gserviceaccount.com" + ] + } + kms_keys = { + compute = { + iam = { + "roles/cloudkms.admin" = ["user:user1@example.com"] + } + labels = { service = "compute" } + locations = null + rotation_period = null + } + } + vpc_sc_ingress_policies = { + iac = { + ingress_from = { + identities = [ + "serviceAccount:fast-prod-resman-security-0@fast-prod-iac-core-0.iam.gserviceaccount.com" + ], + source_access_levels = ["*"], identity_type = null, source_resources = null + } + ingress_to = { + operations = [{ method_selectors = [], service_name = "*" }] + resources = ["*"] + } + } + } + vpc_sc_perimeter_ingress_policies = { + dev = ["iac"] + landing = null + prod = ["iac"] + } + vpc_sc_perimeter_projects = { + dev = [ + "projects/345678912", # ludo-dev-sec-core-0 + ] + landing = [] + prod = [ + "projects/234567891", # ludo-prod-sec-core-0 + ] + } + + vpc_sc_access_levels = { + all = { + combining_function = null + conditions = [{ + members = [ + "serviceAccount:quota-monitor@foobar.iam.gserviceaccount.com", + ], + ip_subnetworks = null, negate = null, regions = null, + required_access_levels = null + }] + } + } + + vpc_sc_perimeter_access_levels = { + dev = ["all"] + landing = null + prod = ["all"] + } + + vpc_sc_egress_policies = { + iac-gcs = { + egress_from = { + identity_type = null + identities = [ + "serviceAccount:fast-prod-resman-security-0@fast-prod-iac-core-0.iam.gserviceaccount.com" + ] + } + egress_to = { + operations = [{ + method_selectors = ["*"], service_name = "storage.googleapis.com" + }] + resources = ["projects/123456789"] + } + } + } +} diff --git a/tests/fast/stages/s02_security/test_plan.py b/tests/fast/stages/s02_security/test_plan.py new file mode 100644 index 000000000..6189f62e3 --- /dev/null +++ b/tests/fast/stages/s02_security/test_plan.py @@ -0,0 +1,20 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +def test_counts(fast_e2e_plan_runner): + "Test stage." + num_modules, num_resources, _ = fast_e2e_plan_runner() + # TODO: to re-enable per-module resource count check print _, then test + assert num_modules > 0 and num_resources > 0 diff --git a/tests/fast/stages/s03_project_factory/__init__.py b/tests/fast/stages/s03_project_factory/__init__.py new file mode 100644 index 000000000..6d6d1266c --- /dev/null +++ b/tests/fast/stages/s03_project_factory/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tools/tfutils.py b/tests/fast/stages/s03_project_factory/fixture/data/defaults.yaml old mode 100755 new mode 100644 similarity index 51% rename from tools/tfutils.py rename to tests/fast/stages/s03_project_factory/fixture/data/defaults.yaml index 053e06641..b050583fd --- a/tools/tfutils.py +++ b/tests/fast/stages/s03_project_factory/fixture/data/defaults.yaml @@ -1,5 +1,3 @@ -#!/usr/bin/env python3 - # Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,32 +12,25 @@ # See the License for the specific language governing permissions and # limitations under the License. -import pathlib +billing_account_id: 012345-67890A-BCDEF0 -import click +# [opt] Setup for billing alerts +billing_alert: + amount: 1000 + thresholds: + current: [0.5, 0.8] + forecasted: [0.5, 0.8] + credit_treatment: INCLUDE_ALL_CREDITS +# [opt] Contacts for billing alerts and important notifications +essential_contacts: ["team-contacts@example.com"] -def main(**kw): - pass +# [opt] Labels set for all projects +labels: + environment: prod + department: accounting + application: example-app + foo: bar - -@click.group() -@click.option('--dry-run', is_flag=True, default=False) -def cli(**kwargs): - basedir = pathlib.Path(source or '.') - for f in basedir.glob('**/*.tf'): - if '.terraform' in f: - continue - print(f) - - -@cli.command() -@click.argument('source', nargs=-1) -@click.option('--from-static/--to-static', default=True) -def mod_source(source=None, from_static=True): - print('mod_source') - print(source, from_static) - - -if __name__ == '__main__': - cli() +# [opt] Additional notification channels for billing +notification_channels: [] diff --git a/tests/fast/stages/s03_project_factory/fixture/data/projects/project.yaml b/tests/fast/stages/s03_project_factory/fixture/data/projects/project.yaml new file mode 100644 index 000000000..d988d9d50 --- /dev/null +++ b/tests/fast/stages/s03_project_factory/fixture/data/projects/project.yaml @@ -0,0 +1,112 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [opt] Billing account id - overrides default if set +billing_account_id: 012345-67890A-BCDEF0 + +# [opt] Billing alerts config - overrides default if set +billing_alert: + amount: 10 + thresholds: + current: + - 0.5 + - 0.8 + forecasted: [] + credit_treatment: INCLUDE_ALL_CREDITS + +# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults +dns_zones: + - lorem + - ipsum + +# [opt] Contacts for billing alerts and important notifications +essential_contacts: + - team-a-contacts@example.com + +# Folder the project will be created as children of +folder_id: folders/012345678901 + +# [opt] Authoritative IAM bindings in group => [roles] format +group_iam: + test-team-foobar@fast-lab-0.gcp-pso-italy.net: + - roles/compute.admin + +# [opt] Authoritative IAM bindings in role => [principals] format +# Generally used to grant roles to service accounts external to the project +iam: + roles/compute.admin: + - serviceAccount:service-account + +# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter +# in service => [keys] format +kms_service_agents: + compute: [key1, key2] + storage: [key1, key2] + +# [opt] Labels for the project - merged with the ones defined in defaults +labels: + environment: prod + +# [opt] Org policy overrides defined at project level +org_policies: + policy_boolean: + constraints/compute.disableGuestAttributesAccess: true + policy_list: + constraints/compute.trustedImageProjects: + inherit_from_parent: null + status: true + suggested_value: null + values: + - projects/fast-prod-iac-core-0 + +# [opt] Service account to create for the project and their roles on the project +# in name => [roles] format +service_accounts: + another-service-account: + - roles/compute.admin + my-service-account: + - roles/compute.admin + +# [opt] APIs to enable on the project. +services: + - storage.googleapis.com + - stackdriver.googleapis.com + - compute.googleapis.com + +# [opt] Roles to assign to the robots service accounts in robot => [roles] format +services_iam: + compute: + - roles/storage.objectViewer + + # [opt] VPC setup. + # If set enables the `compute.googleapis.com` service and configures + # service project attachment +vpc: + # [opt] If set, enables the container API + gke_setup: + # Grants "roles/container.hostServiceAgentUser" to the container robot if set + enable_host_service_agent: false + + # Grants "roles/compute.securityAdmin" to the container robot if set + enable_security_admin: true + + # Host project the project will be service project of + host_project: fast-prod-net-spoke-0 + + # [opt] Subnets in the host project where principals will be granted networkUser + # in region/subnet-name => [principals] + subnets_iam: + europe-west1/prod-default-ew1: + - user:foobar@example.com + - serviceAccount:service-account1 diff --git a/tests/fast/stages/s03_project_factory/fixture/main.tf b/tests/fast/stages/s03_project_factory/fixture/main.tf new file mode 100644 index 000000000..8f5f8c4d3 --- /dev/null +++ b/tests/fast/stages/s03_project_factory/fixture/main.tf @@ -0,0 +1,57 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# tfdoc:file:description Project factory. + + +locals { + _defaults = yamldecode(file(var.defaults_file)) + _defaults_net = { + billing_account_id = var.billing_account_id + environment_dns_zone = var.environment_dns_zone + shared_vpc_self_link = var.shared_vpc_self_link + vpc_host_project = var.vpc_host_project + } + defaults = merge(local._defaults, local._defaults_net) + projects = { + for f in fileset("${var.data_dir}", "**/*.yaml") : + trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}")) + } +} + +module "projects" { + #TODO(sruffilli): Pin to release + source = "../../../../../examples/factories/project-factory" + for_each = local.projects + defaults = local.defaults + project_id = each.key + billing_account_id = try(each.value.billing_account_id, null) + billing_alert = try(each.value.billing_alert, null) + dns_zones = try(each.value.dns_zones, []) + essential_contacts = try(each.value.essential_contacts, []) + folder_id = each.value.folder_id + group_iam = try(each.value.group_iam, {}) + iam = try(each.value.iam, {}) + kms_service_agents = try(each.value.kms, {}) + labels = try(each.value.labels, {}) + org_policies = try(each.value.org_policies, null) + service_accounts = try(each.value.service_accounts, {}) + services = try(each.value.services, []) + services_iam = try(each.value.services_iam, {}) + vpc = try(each.value.vpc, null) +} + + diff --git a/tests/fast/stages/s03_project_factory/fixture/terraform-bootstrap.auto.tfvars.json b/tests/fast/stages/s03_project_factory/fixture/terraform-bootstrap.auto.tfvars.json new file mode 100644 index 000000000..d446d6433 --- /dev/null +++ b/tests/fast/stages/s03_project_factory/fixture/terraform-bootstrap.auto.tfvars.json @@ -0,0 +1,4 @@ +{ + "billing_account_id": "012345-67890A-BCDEF0", + "prefix": "fast" +} \ No newline at end of file diff --git a/tests/fast/stages/s03_project_factory/fixture/terraform-networking.auto.tfvars.json b/tests/fast/stages/s03_project_factory/fixture/terraform-networking.auto.tfvars.json new file mode 100644 index 000000000..56cfa3de9 --- /dev/null +++ b/tests/fast/stages/s03_project_factory/fixture/terraform-networking.auto.tfvars.json @@ -0,0 +1,5 @@ +{ + "environment_dns_zone": "prod.gcp.example.com.", + "shared_vpc_self_link": "https://www.googleapis.com/compute/v1/projects/fast-example/global/networks/prod-spoke-0", + "vpc_host_project": "fast-example" +} \ No newline at end of file diff --git a/tests/fast/stages/s03_project_factory/fixture/variables.tf b/tests/fast/stages/s03_project_factory/fixture/variables.tf new file mode 100644 index 000000000..b52ebd6c9 --- /dev/null +++ b/tests/fast/stages/s03_project_factory/fixture/variables.tf @@ -0,0 +1,61 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#TODO: tfdoc annotations + +variable "billing_account_id" { + # tfdoc:variable:source 00-bootstrap + description = "Billing account id." + type = string +} + +variable "data_dir" { + description = "Relative path for the folder storing configuration data." + type = string + default = "data/projects" +} + +variable "environment_dns_zone" { + # tfdoc:variable:source 02-networking + description = "DNS zone suffix for environment." + type = string + default = null +} + +variable "defaults_file" { + description = "Relative path for the file storing the project factory configuration." + type = string + default = "data/defaults.yaml" +} + +#TODO(sruffilli): is this really required? +variable "environment" { + description = "Environment where projects will be created (e.g. prod, dev, ...)." + type = string + default = "prod" +} + +variable "shared_vpc_self_link" { + # tfdoc:variable:source 02-networking + description = "Self link for the shared VPC." + type = string +} + +variable "vpc_host_project" { + # tfdoc:variable:source 02-networking + description = "Host project for the shared VPC." + type = string +} diff --git a/tests/fast/stages/s03_project_factory/test_plan.py b/tests/fast/stages/s03_project_factory/test_plan.py new file mode 100644 index 000000000..6189f62e3 --- /dev/null +++ b/tests/fast/stages/s03_project_factory/test_plan.py @@ -0,0 +1,20 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +def test_counts(fast_e2e_plan_runner): + "Test stage." + num_modules, num_resources, _ = fast_e2e_plan_runner() + # TODO: to re-enable per-module resource count check print _, then test + assert num_modules > 0 and num_resources > 0 diff --git a/tests/versions.tf b/tests/versions.tf new file mode 100644 index 000000000..5ac151cbe --- /dev/null +++ b/tests/versions.tf @@ -0,0 +1,43 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_version = ">= 1.0.0" + required_providers { + archive = { + source = "registry.terraform.io/hashicorp/archive" + version = ">= 2.2.0" + } + google = { + source = "hashicorp/google" + version = ">= 4.6.0" + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 4.6.0" + } + local = { + source = "registry.terraform.io/hashicorp/local" + version = ">= 2.1.0" + } + random = { + source = "registry.terraform.io/hashicorp/random" + version = ">= 3.1.0" + } + time = { + source = "registry.terraform.io/hashicorp/time" + version = ">= 0.7.2" + } + } +} diff --git a/tools/REQUIREMENTS.txt b/tools/REQUIREMENTS.txt index dca9a9096..f53a35cce 100644 --- a/tools/REQUIREMENTS.txt +++ b/tools/REQUIREMENTS.txt @@ -1 +1,2 @@ click +yamale diff --git a/tools/check_boilerplate.py b/tools/check_boilerplate.py index 6bbd4cb2c..2095e0482 100755 --- a/tools/check_boilerplate.py +++ b/tools/check_boilerplate.py @@ -14,6 +14,17 @@ # See the License for the specific language governing permissions and # limitations under the License. +'''Check that boilerplate is present in relevant files. + +This tools offers a simple way of ensuring that the required boilerplate header +is present in files with specific extensions. Files can be excluded by using a +special comment anywhere in the file. + +The interface is purposefully simple and only supports passing one or more +folder paths as arguments, as this tool is designed to be run in CI pipelines +triggered by pull requests. +''' + import glob import os import re @@ -33,22 +44,23 @@ _MATCH_STRING = ( _MATCH_RE = re.compile(_MATCH_STRING, re.M) -def main(dir): - "Cycle through files in dir and check for the Apache 2.0 boilerplate." +def main(base_dirs): + "Cycle through files in base_dirs and check for the Apache 2.0 boilerplate." errors, warnings = [], [] - for root, dirs, files in os.walk(dir): - dirs[:] = [d for d in dirs if d not in _EXCLUDE_DIRS] - for fname in files: - if fname in _MATCH_FILES or os.path.splitext(fname)[1] in _MATCH_FILES: - fpath = os.path.abspath(os.path.join(root, fname)) - content = open(fpath).read() - if _EXCLUDE_RE.search(content): - continue - try: - if not _MATCH_RE.search(content): - errors.append(fpath) - except (IOError, OSError): - warnings.append(fpath) + for dir in base_dirs: + for root, dirs, files in os.walk(dir): + dirs[:] = [d for d in dirs if d not in _EXCLUDE_DIRS] + for fname in files: + if fname in _MATCH_FILES or os.path.splitext(fname)[1] in _MATCH_FILES: + fpath = os.path.abspath(os.path.join(root, fname)) + content = open(fpath).read() + if _EXCLUDE_RE.search(content): + continue + try: + if not _MATCH_RE.search(content): + errors.append(fpath) + except (IOError, OSError): + warnings.append(fpath) if warnings: print('The following files cannot be accessed:') print('\n'.join(' - {}'.format(s) for s in warnings)) @@ -59,6 +71,6 @@ def main(dir): if __name__ == '__main__': - if len(sys.argv) != 2: - raise SystemExit('No directory passed.') - main(sys.argv[1]) + if len(sys.argv) < 2: + raise SystemExit('No directory to check.') + main(sys.argv[1:]) diff --git a/tools/check_documentation.py b/tools/check_documentation.py index 1968f3b46..f3ed71061 100755 --- a/tools/check_documentation.py +++ b/tools/check_documentation.py @@ -14,6 +14,15 @@ # See the License for the specific language governing permissions and # limitations under the License. +'''Recursively check freshness of tfdoc's generated tables in README files. + +This tool recursively checks that the embedded variables and outputs tables in +README files, match what is generated at runtime by tfdoc based on current +sources. As such, it accepts pretty much the same options as tfdoc does. Its +main use is in CI pipelines triggered by pull requests. +''' + +import difflib import enum import pathlib @@ -28,10 +37,12 @@ State = enum.Enum('State', 'OK FAIL SKIP') def _check_dir(dir_name, files=False, show_extra=False): + 'Invoke tfdoc on folder, using the relevant options.' dir_path = BASEDIR / dir_name for readme_path in dir_path.glob('**/README.md'): if '.terraform' in str(readme_path): continue + diff = None readme = readme_path.read_text() mod_name = str(readme_path.relative_to(dir_path).parent) result = tfdoc.get_doc(readme) @@ -44,24 +55,36 @@ def _check_dir(dir_name, files=False, show_extra=False): except SystemExit: state = state.SKIP else: - state = State.OK if new_doc == result['doc'] else State.FAIL - yield mod_name, state + if new_doc == result['doc']: + state = State.OK + else: + state = State.FAIL + diff = '\n'.join( + [f'----- {mod_name} diff -----\n'] + + list(difflib.ndiff( + result['doc'].split('\n'), new_doc.split('\n') + ))) + yield mod_name, state, diff @click.command() @click.argument('dirs', type=str, nargs=-1) -@ click.option('--show-extra/--no-show-extra', default=False) @ click.option('--files/--no-files', default=False) -def main(dirs, files=False, show_extra=False): +@ click.option('--show-diffs/--no-show-diffs', default=False) +@ click.option('--show-extra/--no-show-extra', default=False) +def main(dirs, files=False, show_diffs=False, show_extra=False): 'Cycle through modules and ensure READMEs are up-to-date.' - errors = 0 + errors = [] state_labels = {State.FAIL: '✗', State.OK: '✓', State.SKIP: '?'} for dir_name in dirs: print(f'----- {dir_name} -----') - for mod_name, state in _check_dir(dir_name, files, show_extra): - errors += 1 if state == State.FAIL else 0 + for mod_name, state, diff in _check_dir(dir_name, files, show_extra): + if state == State.FAIL: + errors.append(diff) print(f'[{state_labels[state]}] {mod_name}') if errors: + if show_diffs: + print('\n'.join(errors)) raise SystemExit('Errors found.') diff --git a/tools/validate_schema.py b/tools/validate_schema.py new file mode 100755 index 000000000..b1a9020fd --- /dev/null +++ b/tools/validate_schema.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python3 + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +'''Validate YaML document against yamale schemas. +Fast includes YaML driven resource factories, along with their schemas which +are available at `fast/assets/schemas`. + +An arbitrary number of files and directories can be validated against a given +schema via options (--file and --directory, optionally --recursive). +''' + +import glob +import os + +import click +import yamale + + +@ click.command() +@ click.argument('schema', type=click.Path(exists=True)) +@ click.option('--directory', multiple=True, type=click.Path(exists=True, file_okay=False, dir_okay=True)) +@ click.option('--file', multiple=True, type=click.Path(exists=True, file_okay=True, dir_okay=False)) +@ click.option('--recursive', is_flag=True, default=False) +@ click.option('--quiet', is_flag=True, default=False) +def main(directory=None, file=None, schema=None, recursive=False, quiet=False): + 'Program entry point.' + + yamale_schema = yamale.make_schema(schema) + search = "**/*.yaml" if recursive else "*.yaml" + has_errors = [] + + files = list(file) + for d in directory: + files = files + glob.glob(os.path.join(d, search), recursive=recursive) + + for document in files: + yamale_data = yamale.make_data(document) + try: + yamale.validate(yamale_schema, yamale_data) + if quiet: + pass + else: + print(f'✅ {document} -> {os.path.basename(schema)}') + except ValueError as e: + has_errors.append(document) + print(e) + print(f'❌ {document} -> {os.path.basename(schema)}') + + if len(has_errors) > 0: + raise SystemExit(f"❌ Errors found in {len(has_errors)} documents.") + + +if __name__ == '__main__': + main()