From aa37a4e83633414b8fd17ba8626655749486bae3 Mon Sep 17 00:00:00 2001 From: Jaehyun Nam Date: Thu, 15 Feb 2024 13:40:32 +0000 Subject: [PATCH] initial uploads Signed-off-by: Jaehyun Nam --- .github/ISSUE_TEMPLATE/bug_report.md | 33 ++ .github/ISSUE_TEMPLATE/feature_request.md | 20 + .github/workflows/ci-test-go.yml | 56 ++ .github/workflows/sentryflow-pr-checks.yml | 30 + .../workflows/sentryflow-release-image.yml | 40 ++ .gitignore | 1 + .licenserc.yaml | 20 + README.md | 24 +- contribution/README.md | 88 +++ contribution/vagrant/.gitignore | 1 + contribution/vagrant/Vagrantfile | 51 ++ .../vagrant/install-scripts/install-kvm.sh | 13 + .../install-vagrant-libvirt.sh | 21 + .../install-scripts/install-vagrant.sh | 30 + .../install-scripts/install-virtualbox.sh | 24 + contribution/vagrant/setup.sh | 43 ++ deployments/log-client.yaml | 27 + deployments/mongo-client.yaml | 64 +++ deployments/sentryflow.yaml | 82 +++ docs/getting_started.md | 94 ++++ docs/k8s_compatibility.md | 8 + docs/sentryflow_client_guide.md | 3 + docs/sentryflow_overview.png | Bin 0 -> 409883 bytes examples/README.md | 8 + examples/bookinfo/README.md | 13 + examples/bookinfo/telemetry.yaml | 9 + examples/httpbin/README.md | 108 ++++ examples/httpbin/telemetry.yaml | 11 + examples/nephio/free5gc/README.md | 299 ++++++++++ examples/nephio/free5gc/telemetry.yaml | 9 + examples/nephio/oai/README.md | 292 ++++++++++ examples/nephio/oai/telemetry.yaml | 9 + examples/robotshop/README.md | 15 + examples/robotshop/telemetry.yaml | 9 + protobuf/.gitignore | 2 + protobuf/Makefile | 16 + protobuf/go.mod | 16 + protobuf/go.sum | 20 + protobuf/sentryflow.proto | 44 ++ sentryflow-clients/Makefile | 35 ++ sentryflow-clients/README.md | 2 + sentryflow-clients/log-client/Dockerfile | 36 ++ sentryflow-clients/log-client/Makefile | 19 + .../log-client/common/config.go | 35 ++ sentryflow-clients/log-client/go.mod | 19 + sentryflow-clients/log-client/go.sum | 20 + sentryflow-clients/log-client/main.go | 66 +++ sentryflow-clients/mongo-client/Dockerfile | 36 ++ sentryflow-clients/mongo-client/Makefile | 19 + .../mongo-client/common/config.go | 35 ++ .../mongo-client/db/dbHandler.go | 80 +++ sentryflow-clients/mongo-client/go.mod | 29 + sentryflow-clients/mongo-client/go.sum | 72 +++ sentryflow-clients/mongo-client/main.go | 76 +++ sentryflow/.gitignore | 1 + sentryflow/Dockerfile | 37 ++ sentryflow/Makefile | 56 ++ sentryflow/config/config.go | 92 ++++ sentryflow/core/k8sHandler.go | 521 ++++++++++++++++++ sentryflow/core/logHandler.go | 176 ++++++ sentryflow/core/otelHandler.go | 123 +++++ sentryflow/core/sentryflow.go | 151 +++++ sentryflow/exporter/exporterHandler.go | 200 +++++++ sentryflow/exporter/exporterServer.go | 59 ++ sentryflow/go.mod | 75 +++ sentryflow/go.sum | 217 ++++++++ sentryflow/main.go | 20 + sentryflow/metrics/api/aiHandler.go | 59 ++ sentryflow/metrics/api/apiAnalyzer.go | 89 +++ sentryflow/metrics/api/apiClassifier.go | 44 ++ sentryflow/metrics/metricHandler.go | 44 ++ sentryflow/types/k8sResources.go | 33 ++ 72 files changed, 4228 insertions(+), 1 deletion(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/workflows/ci-test-go.yml create mode 100644 .github/workflows/sentryflow-pr-checks.yml create mode 100644 .github/workflows/sentryflow-release-image.yml create mode 100644 .gitignore create mode 100644 .licenserc.yaml create mode 100644 contribution/README.md create mode 100644 contribution/vagrant/.gitignore create mode 100644 contribution/vagrant/Vagrantfile create mode 100755 contribution/vagrant/install-scripts/install-kvm.sh create mode 100755 contribution/vagrant/install-scripts/install-vagrant-libvirt.sh create mode 100755 contribution/vagrant/install-scripts/install-vagrant.sh create mode 100755 contribution/vagrant/install-scripts/install-virtualbox.sh create mode 100755 contribution/vagrant/setup.sh create mode 100644 deployments/log-client.yaml create mode 100644 deployments/mongo-client.yaml create mode 100644 deployments/sentryflow.yaml create mode 100644 docs/getting_started.md create mode 100644 docs/k8s_compatibility.md create mode 100644 docs/sentryflow_client_guide.md create mode 100644 docs/sentryflow_overview.png create mode 100644 examples/README.md create mode 100644 examples/bookinfo/README.md create mode 100644 examples/bookinfo/telemetry.yaml create mode 100644 examples/httpbin/README.md create mode 100644 examples/httpbin/telemetry.yaml create mode 100644 examples/nephio/free5gc/README.md create mode 100644 examples/nephio/free5gc/telemetry.yaml create mode 100644 examples/nephio/oai/README.md create mode 100644 examples/nephio/oai/telemetry.yaml create mode 100644 examples/robotshop/README.md create mode 100644 examples/robotshop/telemetry.yaml create mode 100644 protobuf/.gitignore create mode 100644 protobuf/Makefile create mode 100644 protobuf/go.mod create mode 100644 protobuf/go.sum create mode 100644 protobuf/sentryflow.proto create mode 100644 sentryflow-clients/Makefile create mode 100644 sentryflow-clients/README.md create mode 100644 sentryflow-clients/log-client/Dockerfile create mode 100644 sentryflow-clients/log-client/Makefile create mode 100644 sentryflow-clients/log-client/common/config.go create mode 100644 sentryflow-clients/log-client/go.mod create mode 100644 sentryflow-clients/log-client/go.sum create mode 100644 sentryflow-clients/log-client/main.go create mode 100644 sentryflow-clients/mongo-client/Dockerfile create mode 100644 sentryflow-clients/mongo-client/Makefile create mode 100644 sentryflow-clients/mongo-client/common/config.go create mode 100644 sentryflow-clients/mongo-client/db/dbHandler.go create mode 100644 sentryflow-clients/mongo-client/go.mod create mode 100644 sentryflow-clients/mongo-client/go.sum create mode 100644 sentryflow-clients/mongo-client/main.go create mode 100644 sentryflow/.gitignore create mode 100644 sentryflow/Dockerfile create mode 100644 sentryflow/Makefile create mode 100644 sentryflow/config/config.go create mode 100644 sentryflow/core/k8sHandler.go create mode 100644 sentryflow/core/logHandler.go create mode 100644 sentryflow/core/otelHandler.go create mode 100644 sentryflow/core/sentryflow.go create mode 100644 sentryflow/exporter/exporterHandler.go create mode 100644 sentryflow/exporter/exporterServer.go create mode 100644 sentryflow/go.mod create mode 100644 sentryflow/go.sum create mode 100644 sentryflow/main.go create mode 100644 sentryflow/metrics/api/aiHandler.go create mode 100644 sentryflow/metrics/api/apiAnalyzer.go create mode 100644 sentryflow/metrics/api/apiClassifier.go create mode 100644 sentryflow/metrics/metricHandler.go create mode 100644 sentryflow/types/k8sResources.go diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..93ea439 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,33 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '"[Bug] "' +labels: bug +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Environment (please complete the following information):** + - OS: [e.g. Ubuntu 22.04] + - Numbat Versions: [e.g. v0.1] + - Kubernetes Environment: [tip: Please include CRI and CNI as well as their versions] + - Istio Environment: [tip: Please include Istio version as well as the install profiles] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..9cde18a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: "[REQUEST]" +labels: enhancement +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/workflows/ci-test-go.yml b/.github/workflows/ci-test-go.yml new file mode 100644 index 0000000..b27c53e --- /dev/null +++ b/.github/workflows/ci-test-go.yml @@ -0,0 +1,56 @@ +name: ci-test-go +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + go-fmt-sentryflow: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-go@v3 + with: + go-version: "v1.19.1" + + - name: Check go-fmt + run: make gofmt + working-directory: sentryflow + + go-lint-sentryflow: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-go@v3 + with: + go-version: "v1.19.1" + + - name: Check Golint + run: make golint + working-directory: sentryflow + + go-sec-sentryflow: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-go@v3 + with: + go-version: "v1.19.1" + + - name: Run Gosec Security Scanner + run: make gosec + working-directory: sentryflow + + license: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - name: Check License Header + uses: apache/skywalking-eyes@a790ab8dd23a7f861c18bd6aaa9b012e3a234bce + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/sentryflow-pr-checks.yml b/.github/workflows/sentryflow-pr-checks.yml new file mode 100644 index 0000000..16c5f39 --- /dev/null +++ b/.github/workflows/sentryflow-pr-checks.yml @@ -0,0 +1,30 @@ +name: sentryflow-pr-checks + +on: + pull_request: + branches: [main] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Setup Docker Build + uses: docker/setup-buildx-action@v1 + + - name: Get tag + id: tag + run: | + if [ ${{ github.ref }} == "refs/heads/main" ]; then + echo "tag=latest" >> $GITHUB_OUTPUT + else + echo "tag=tmp" >> $GITHUB_OUTPUT + fi + + - name: Build Docker Image + working-directory: ./sentryflow + run: | + make TAG=${{ steps.tag.outputs.tag }} image diff --git a/.github/workflows/sentryflow-release-image.yml b/.github/workflows/sentryflow-release-image.yml new file mode 100644 index 0000000..a32559c --- /dev/null +++ b/.github/workflows/sentryflow-release-image.yml @@ -0,0 +1,40 @@ +name: sentryflow-release-image + +on: + push: + branches: [main] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Setup Docker Build + uses: docker/setup-buildx-action@v1 + + # - name: Login to DockerHub + # uses: docker/login-action@v1 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Get tag + id: tag + run: | + if [ ${{ github.ref }} == "refs/heads/main" ]; then + echo "tag=latest" >> $GITHUB_OUTPUT + else + echo "tag=tmp" >> $GITHUB_OUTPUT + fi + + - name: Build Docker Image + working-directory: ./sentryflow + run: | + make TAG=${{ steps.tag.outputs.tag }} image + + # - name: Push Docker Image + # run: | + # docker push boanlab/sentryflow:${{ steps.tag.outputs.tag }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e43b0f9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.DS_Store diff --git a/.licenserc.yaml b/.licenserc.yaml new file mode 100644 index 0000000..b683404 --- /dev/null +++ b/.licenserc.yaml @@ -0,0 +1,20 @@ +header: + license: + spdx-id: Apache-2.0 + copyright-owner: SentryFlow + content: | + SPDX-License-Identifier: Apache-2.0 + + paths: + - "**/*.go" + - "**/Dockerfile" + - "**/Makefile" + + paths-ignore: + - "protobuf/*" + + comment: on-failure + +dependency: + files: + - go.mod diff --git a/README.md b/README.md index 7c7b460..bc7ee81 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,24 @@ + # SentryFlow -API Observability and Security + +[![SentryFlow Docker Build](https://github.com/5GSEC/sentryflow/actions/workflows/sentryflow-release-image.yml/badge.svg)](https://github.com/5GSEC/sentryflow/actions/workflows/sentryflow-release-image.yml) [![CI Test](https://github.com/5GSEC/sentryflow/actions/workflows/ci-test-go.yml/badge.svg)](https://github.com/5GSEC/sentryflow/actions/workflows/ci-test-go.yml) + +SentryFlow is a cloud-native system for API observability and security, specializing in log collection, metric production, and data exportation. + +## Architecture Overview + +![Sentryflow Overview](docs/sentryflow_overview.png) + +### Features +- Generation of API Access Logs +- Proudction of API Metrics and Statistics +- Inference of API Specifications + +## Documentation + +### Basic Information +- [Getting Started](docs/getting_started.md) +- [Use Cases](examples/README.md) + +### Contribution +- [Contribution Guide](contribution/README.md) diff --git a/contribution/README.md b/contribution/README.md new file mode 100644 index 0000000..605a1c7 --- /dev/null +++ b/contribution/README.md @@ -0,0 +1,88 @@ +# Development Guide + +SentryFlow operates within an Istio environment on Kubernetes, indicating that contributors to our project will need to have an Istio environment set up. + +To minimize the hassle of installing and uninstalling Kubernetes and configuring Istio solely for our project, we have provided a straightforward Vagrantfile. This Vagrantfile initializes an Ubuntu virtual machine equipped with a fully operational Kubernetes and Istio environment. + +## 1. Prerequisites + +We employ Vagrant to provision VirtualBox virtual machines, creating a Kubernetes environment. As such, it is highly recommended to install the following package versions in your local environment: + +- **[Vagrant](https://www.vagrantup.com/)** - v2.2.9 +- **[VirtualBox](https://www.virtualbox.org/)** - v6.1 + +## 2. Starting up a VM + +We have configured a Vagrantfile that initiates an Ubuntu 22.04 machine with Kubernetes pre-installed. The setup for Kubernetes is as described below: + +> **Note:** Although Kubernetes officially advises the use of containerd over Docker as the Container Runtime Interface (CRI), we have chosen to use Docker as the CRI within our Kubernetes setup. This decision facilitates the building and testing of SentryFlow and its client images. + +- Kubernetes: 1.23 +- [CRI] Docker: 24.0.7 +- [CNI] Calico: 0.3.1 + +To proceed, execute the following command within the `contribution/` directory: + +```bash +$ vagrant up +Bringing machine 'sentryflow' up with 'virtualbox' provider... +==> sentryflow: Importing base box 'generic/ubuntu2204'... +==> sentryflow: Matching MAC address for NAT networking... +==> sentryflow: Checking if box 'generic/ubuntu2204' version '4.3.10' is up to date... +... + sentryflow: clusterrolebinding.rbac.authorization.k8s.io/calico-node created + sentryflow: clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created + sentryflow: daemonset.apps/calico-node created + sentryflow: deployment.apps/calico-kube-controllers created +``` + +This command will initiate the installation of the necessary development environment. The duration of this process may vary, primarily depending on the speed of your network connection, and could take several minutes to complete. + +## 3. Development and Code Quality + +### Development + +After Vagrant has been successfully initialized, you can access the Istio and Kubernetes environment by executing the following steps: + +``` +$ vagrant ssh +``` + +The source code for SentryFlow will be located in `/home/vagrant/sentryflow` within the virtual environment, and this directory will also be synchronized with the current work directory on the host machine. + +After making modifications to the source code of SentryFlow, you can build the changes by moving to the `sentryflow` directory and running the Makefile. + +``` +make build +``` + +Executing the Makefile will result in the construction of container images, each tagged as specified. + +### Code Quality + +To maintain a clean and secure code base for SentryFlow, we conduct several checks, including `gofmt` for code formatting, `golint` for code style and linting, and `gosec` for security scanning. + +To evaluate the quality of your code, navigate to the `sentryflow` directory and execute the following commands: + +``` +make golint # will run golint checks +make gofmt # will run gofmt checks +make gosec # will run gosec checks +``` + +### Pull Request + +Once everything is correctly set up, you are ready to create a pull request. Please refer to our guidelines for submitting PRs. + +## 4. Cleaning Up + +If you have successfully made changes to SentryFlow and wish to clean up the created workspace, you can simply use the following command: + +``` +$ vagrant destroy + sentryflow: Are you sure you want to destroy the 'sentryflow' VM? [y/N] y +==> sentryflow: Forcing shutdown of VM... +==> sentryflow: Destroying VM and associated drives... +``` + +Executing the command will terminate and remove the VM that you were working on. diff --git a/contribution/vagrant/.gitignore b/contribution/vagrant/.gitignore new file mode 100644 index 0000000..a977916 --- /dev/null +++ b/contribution/vagrant/.gitignore @@ -0,0 +1 @@ +.vagrant/ diff --git a/contribution/vagrant/Vagrantfile b/contribution/vagrant/Vagrantfile new file mode 100644 index 0000000..a4e51a8 --- /dev/null +++ b/contribution/vagrant/Vagrantfile @@ -0,0 +1,51 @@ +Vagrant.require_version ">= 2.0.0" + +VM_NAME = "sentryflow" +IMG_NAME = "generic/ubuntu2204" + +NUM_OF_VCPUS = 4 +SIZE_OF_VMEM = 4096 + +## == ## + +# create ssh keys if needed +system(" + if [ #{ARGV[0]} = 'up' ]; then + if [ ! -f ~/.ssh/id_rsa ]; then + echo '~/.ssh/id_rsa keys does not exist.' + ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa + fi + fi +") + +## == ## + +Vagrant.configure("2") do |config| + # vagrant@VM_NAME + config.vm.hostname = VM_NAME + + config.vm.define VM_NAME do |cfg| + cfg.vm.box = IMG_NAME + + cfg.vm.provider "virtualbox" do |vb| + vb.memory = SIZE_OF_VMEM + vb.cpus = NUM_OF_VCPUS + end + end + + # sync directories + config.vm.synced_folder "../../", "/home/vagrant/sentryflow", owner:"vagrant", group:"vagrant" + + # configure SSH + config.ssh.insert_key = false + + # copy ssh keys + config.vm.provision "file", source: "~/.ssh/id_rsa.pub", destination: "/home/vagrant/.ssh/id_rsa.pub" + config.vm.provision :shell, :inline => "cat /home/vagrant/.ssh/id_rsa.pub >> /home/vagrant/.ssh/authorized_keys", run: "always" + + # copy git config + config.vm.provision :file, source: "~/.gitconfig", destination: "$HOME/.gitconfig" + + # setup k8s and IStio + config.vm.provision "shell", path: "setup.sh" +end diff --git a/contribution/vagrant/install-scripts/install-kvm.sh b/contribution/vagrant/install-scripts/install-kvm.sh new file mode 100755 index 0000000..2ba5307 --- /dev/null +++ b/contribution/vagrant/install-scripts/install-kvm.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +. /etc/os-release + +if [ "$NAME" != "Ubuntu" ]; then + echo "This script is for Ubuntu." + exit +fi + +# install kvm and dependencies +sudo apt-get install -y bridge-utils libguestfs-tools \ + libvirt-daemon-system libvirt-clients libvirt-daemon libvirt-dev \ + qemu-system qemu-kvm virt-manager diff --git a/contribution/vagrant/install-scripts/install-vagrant-libvirt.sh b/contribution/vagrant/install-scripts/install-vagrant-libvirt.sh new file mode 100755 index 0000000..3678258 --- /dev/null +++ b/contribution/vagrant/install-scripts/install-vagrant-libvirt.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +. /etc/os-release + +if [ "$NAME" != "Ubuntu" ]; then + echo "This script is for Ubuntu." + exit +fi + +if [ ! -x "$(command -v vagrant)" ]; then + echo "Please install Vagrant first." +else + # update repo + sudo apt-get update + + # install build-essential + sudo apt-get install -y build-essential + + # install vagrant-libvirt + vagrant plugin install vagrant-libvirt +fi diff --git a/contribution/vagrant/install-scripts/install-vagrant.sh b/contribution/vagrant/install-scripts/install-vagrant.sh new file mode 100755 index 0000000..899bf0b --- /dev/null +++ b/contribution/vagrant/install-scripts/install-vagrant.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +. /etc/os-release + +if [ "$NAME" != "Ubuntu" ]; then + echo "This script is for Ubuntu." + exit +fi + +if [ ! -x "$(command -v vagrant)" ]; then + VAGRANT_VERSION=2.3.0 + + # install wget + sudo apt-get -y install wget + + # download vagrant package + wget https://releases.hashicorp.com/vagrant/$VAGRANT_VERSION/vagrant_$VAGRANT_VERSION-1_amd64.deb + + # install vagrant + sudo apt-get -y install ./vagrant_$VAGRANT_VERSION-1_amd64.deb + + # rm the vagrant package + rm vagrant_$VAGRANT_VERSION-1_amd64.deb + + # install vagrant plugins + vagrant plugin install vagrant-vbguest + vagrant plugin install vagrant-reload +else + echo "Found Vagrant, skipping the installation of Vagrant." +fi diff --git a/contribution/vagrant/install-scripts/install-virtualbox.sh b/contribution/vagrant/install-scripts/install-virtualbox.sh new file mode 100755 index 0000000..b7768ca --- /dev/null +++ b/contribution/vagrant/install-scripts/install-virtualbox.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +. /etc/os-release + +if [ "$NAME" != "Ubuntu" ]; then + echo "This script is for Ubuntu." + exit +fi + +if [ ! -x "$(command -v vboxmanage)" ]; then + # install wget + sudo apt-get -y install wget + + # download oracle_vbox_2016.asc and register it to the system + wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --dearmor --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg + + # install vbox + sudo apt-get update + sudo apt-get install virtualbox-6.1 + + echo "Please reboot the machine." +else + echo "Found VirtualBox, skipping the installation of Virtualbox." +fi diff --git a/contribution/vagrant/setup.sh b/contribution/vagrant/setup.sh new file mode 100755 index 0000000..da111f7 --- /dev/null +++ b/contribution/vagrant/setup.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +# From BoanLab's tools scripts +git clone https://github.com/boanlab/tools.git + +# Install Docker +bash tools/containers/install-docker.sh + +# Install Kubeadm +bash tools/kubernetes/install-kubeadm.sh + +# Disable Swap +sudo swapoff -a + +# Initialize Kubernetes for single node +export MULTI=false +bash tools/kubernetes/initialize-kubeadm.sh + +# Deploy Calico +export CNI=calico +bash tools/kubernetes/deploy-cni.sh + +# Make kubectl related commands accessable for vagrant user +sudo mkdir -p /home/vagrant/.kube +sudo cp -i /etc/kubernetes/admin.conf /home/vagrant/.kube/config +sudo chown $(id -u vagrant):$(id -g vagrant) /home/vagrant/.kube/config + +# Now install Istio +sudo apt-get install make +curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.20.3 sh - +export PATH="$PATH:/home/vagrant/istio-1.20.3/bin" +istioctl install --set profile=default -y +sudo chown -R vagrant /home/vagrant/istio-1.20.3/ + +# Now install golang, this is for golint, gosec, gofmt +wget https://go.dev/dl/go1.22.0.linux-amd64.tar.gz +sudo rm -rf /usr/local/go +sudo tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz +export PATH=$PATH:/usr/local/go/bin + +# Setup bashrc +echo export GOPATH="/home/vagrant/go" >> /home/vagrant/.bashrc +echo export PATH="$PATH:/usr/local/go/bin:/home/vagrant/istio-1.20.3/bin:/home/vagrant/go/bin/" >> /home/vagrant/.bashrc diff --git a/deployments/log-client.yaml b/deployments/log-client.yaml new file mode 100644 index 0000000..3732dc5 --- /dev/null +++ b/deployments/log-client.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: log-client + namespace: sentryflow +spec: + replicas: 1 + selector: + matchLabels: + app: log-client + template: + metadata: + labels: + app: log-client + spec: + containers: + - name: log-client + image: 5gsec/sentryflow-log-client:v0.1 + ports: + - containerPort: 8080 + protocol: TCP + name: grpc + env: + - name: SERVER_ADDR + value: "sentryflow.sentryflow.svc.cluster.local" + - name: SERVER_PORT + value: "8080" diff --git a/deployments/mongo-client.yaml b/deployments/mongo-client.yaml new file mode 100644 index 0000000..5fa9079 --- /dev/null +++ b/deployments/mongo-client.yaml @@ -0,0 +1,64 @@ +# Setup deployment for mongodb +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb + namespace: sentryflow +spec: + replicas: 1 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - name: mongodb + image: mongo:latest + ports: + - containerPort: 27017 +--- +# Setup service for mongodb +apiVersion: v1 +kind: Service +metadata: + name: mongodb + namespace: sentryflow +spec: + selector: + app: mongodb + ports: + - protocol: TCP + port: 27017 + targetPort: 27017 +--- +# Setup deployment for mongo-client +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongo-client + namespace: sentryflow +spec: + replicas: 1 + selector: + matchLabels: + app: mongo-client + template: + metadata: + labels: + app: mongo-client + spec: + imagePullSecrets: + - name: regcred + containers: + - name: mongo-client + image: 5gsec/sentryflow-mongo-client:v0.1 + env: + - name: SERVER_ADDR + value: "sentryflow.sentryflow.svc.cluster.local" + - name: SERVER_PORT + value: "8080" + - name: MONGODB_HOST + value: "mongodb://mongodb:27017" diff --git a/deployments/sentryflow.yaml b/deployments/sentryflow.yaml new file mode 100644 index 0000000..3284d75 --- /dev/null +++ b/deployments/sentryflow.yaml @@ -0,0 +1,82 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sentryflow + labels: + istio-injection: disabled # avoid Istio sidecar injection + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sa-sentryflow + namespace: sentryflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cr-sentryflow +rules: +- apiGroups: ["*"] + verbs: ["*"] + resources: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: rb-sentryflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cr-sentryflow +subjects: +- kind: ServiceAccount + name: sa-sentryflow + namespace: sentryflow +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sentryflow + namespace: sentryflow +spec: + replicas: 1 + selector: + matchLabels: + app: sentryflow + template: + metadata: + labels: + app: sentryflow + spec: + serviceAccountName: sa-sentryflow + containers: + - name: sentryflow + image: 5gsec/sentryflow:v0.0.1 + ports: + - containerPort: 4317 + protocol: TCP + name: grpc-otlp + - containerPort: 8080 + protocol: TCP + name: grpc-export +--- +apiVersion: v1 +kind: Service +metadata: + name: sentryflow + namespace: sentryflow +spec: + selector: + app: sentryflow + ports: + - protocol: TCP + port: 4317 + targetPort: 4317 + name: grpc-otlp + - protocol: TCP + port: 8080 + targetPort: 8080 + name: grpc-export diff --git a/docs/getting_started.md b/docs/getting_started.md new file mode 100644 index 0000000..4945f37 --- /dev/null +++ b/docs/getting_started.md @@ -0,0 +1,94 @@ +# Getting Started + +This guide provides a step-by-step process for deploying SentryFlow on Istio, aimed at enhancing API observability and security. It includes detailed commands for each step along with their explanations. + +> **Note**: SentryFlow is currently in the early stages of development. Please be aware that the information provided here may become outdated or change without notice. + +## 1. Prerequisites + +SentryFlow functions within the Istio framework. Below is a table detailing the environments where SentryFlow has been successfully deployed and verified to be operational. + +|System Name|Version| +|--|--| +|Ubuntu|22.04, 20.04| +|[Istio](https://istio.io/latest/)|1.20.2| +|[Kubernetes](https://kubernetes.io/)|v1.27.1| + +> **Note**: For information on Kubernetes configurations, including Container Network Interface (CNI), Container Runtime Interface (CRI), and their respective runtime settings, please consult the [compatability matrix](k8s_compatibility.md). + +## 2. Deploying SentryFlow + +SentryFlow can be deployed using `kubectl` command. The deployment can be accomplished with the following commands: + +``` +$ git clone https://github.com/5GSEC/sentryflow +$ cd sentryflow/ +$ kubectl create -f deployments/sentryflow.yaml +namespace/sentryflow created +serviceaccount/sa-sentryflow created +clusterrole.rbac.authorization.k8s.io/cr-sentryflow created +clusterrolebinding.rbac.authorization.k8s.io/rb-sentyflow created +deployment.apps/sentryflow created +service/sentryflow created +``` + +This process will create a namespace named `sentryflow` and will establish the necessary Kubernetes resources. + +> **Note**: SentryFlow will automatically modify Istio's `meshConfig` to configure `extensionProviders`, facilitating SentryFlow's API log collection. + +Then, check if SentryFlow is up and running by: + +``` +$ kubectl get pods -n sentryflow +NAME READY STATUS RESTARTS AGE +sentryflow-cd95d79b4-9q7d7 1/1 Running 0 4m41s +``` + +## 3. Deploying SentryFlow Clients + +SentryFlow has now been established within the cluster. In addition, SentryFlow exports API logs and metrics through gRPC. For further details on how this data is transmitted, please consult the [SentryFlow Client Guide](sentryflow_client_guide.md). + +For testing purposes, two simple clients have been developed. + +- `log-client`: Simply log everything coming from SentryFlow service +- `mongo-client`: Stores every logs coming from SentryFlow service to a MongoDB service. + +These clients can be deployed into the cluster under namespace `sentryflow` by following the command: + +- `log-client` + ``` + $ kubectl create -f deployments/log-client.yaml + deployment.apps/log-client created + ``` + +- `mongo-client` + ``` + $ kubectl create -f deployments/mongo-client.yaml + deployment.apps/mongodb created + service/mongodb created + deployment.apps/mongo-client created + ``` + +Then, check if those clients and MongoDB are properly up and running by: + +``` +$ kubectl get pods -n sentryflow +NAME READY STATUS RESTARTS AGE +log-client-6c8864655f-h2sdv 1/1 Running 0 5m28s +mongo-client-7cbf6b888f-vd69g 1/1 Running 0 5m28s +mongodb-6f5d9fc599-zwnxj 1/1 Running 0 5m28s +... +``` + +If you observe `log-client`, `mongo-client`, and `mongodb` running within the namespace, the setup has been completed successfully. + +## 3. Use Cases and Examples + +Up to this point, SentryFlow has been successfully integrated into the Istio service mesh and Kubernetes cluster. For additional details on use cases and examples, please consult the accompanying documentation. + +The links below are organized by their level of complexity, starting from basic and progressing to more complex. + +- [Single HTTP Requests](../examples/httpbin/README.md) +- [RobotShop Demo Microservice](../examples/robotshop/README.md) +- [Nephio Free5gc Workload](../examples/nephio/free5gc/README.md) +- [Nephio OAI Workload](../examples/nephio/oai/README.md) diff --git a/docs/k8s_compatibility.md b/docs/k8s_compatibility.md new file mode 100644 index 0000000..1830762 --- /dev/null +++ b/docs/k8s_compatibility.md @@ -0,0 +1,8 @@ +# Kubernetes Compatability Matrix + +This document outlines various Kubernetes configurations and their compatibility with SentryFlow. + +|OS|Kubernetes Version|CRI|CNI| +|--|--|--|--| +|Ubuntu 20.04|1.27.1|containerd=1.6.19|kindnet=0.4.0| +|Ubuntu 22.04|1.23.0|docker=25.0.3|calico=0.3.1| diff --git a/docs/sentryflow_client_guide.md b/docs/sentryflow_client_guide.md new file mode 100644 index 0000000..890636e --- /dev/null +++ b/docs/sentryflow_client_guide.md @@ -0,0 +1,3 @@ +# SentryFlow Client Guide + +- TBF diff --git a/docs/sentryflow_overview.png b/docs/sentryflow_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..cbfdb768457d379b7512a6dff55a05eb009fe012 GIT binary patch literal 409883 zcmeFZbzGI})-Ft^3Q7q`2-4l1qI5`28kFt^$w>&PAl)t9-7Tne#{?!R&7@({@jbrh z-Fq+BcI~si^PWG?&mYX^!6)u}+#{}Wjd9NpDoWD#u}H8G5D@Om%1EgqAmC~tAfW7E zpaFj=a`%q_J`kN%r6m!{hMsHzC+|$PWX%*65g37E3Hqs0Bm{&IO9YhvzD5W5{COz%^VdH=kuwqh^~6l1e_V~Lm5Kb1W0akr z_Z^Xw&;uWs4l>%#2nd`VKYtMEO?03L2;vB`QWENK5qIX%z11|XIu7$q_gi)1@6G5& zF%YOYX42p4^S_$gguR`|y3A^T6c;o&24vC8qvrVe?X-rdSbPrSoJGnNzuWi_%U2`o ztel)uSceibSxgiEzI5tm`KG#B)vFr~h$M|2wT0 zC&$9yM!=RQWFaAW_>cn_$wa}mGCOJj4WUuHJ){TBg6&`%m!G3{{Isv z<|m&yf~uv}WYT+5MZ@*RN__|yiRpmhU-J`3@HfKBc@iEu(M2V6+ULA0=<=9kpss+_ zpAze9!{qMmv@I9TALQ}JJAc&xN zj8&%6VCeQT;*ZyU#+Om}7@2lOWelyeb~m7h=CYt%5fEV^STVPCi9FAnN`@_lZ$)bQ>q^WpV=SKlT${+w(FE; zw_U5r&(A{wzl9R9O=e3+P(6J3FbdT=Ck*YEb)eTmA|@uL8yg=Ve`9PsPQ;?4-sTD4 zW;)%O;oAH90dM${#PTynMTJXm^cD|O+WV&s0p<0`SAUcOW#Z4-{bLQ-p`Yzgm{H#- z+&(4I^3TMIcQW}q`cL^4sl5HRsm08W_MyeouczFg3KT~5f|08Ze`Ga5*KL=RB=dBJ zg;uY#03Pv|fqzs2417-i<*pEU9UYxMQu~%ybrz#pUEyRxr(t{nNECn$WxaTAtr7JU z1$1yqXe9JUNA*tCj}rUyL>>zT5{H?XKY=%8CFw8X`Mv)7JK&8_VkawP25C9x`xBm| z1MuMiDx+peLxtnY_rc%?WID+mSPw>ff`1w3Dz$%phOg&-!K>`LoyGP$X61R-5kx|a zvZXB=bJ9PKYqho`?_5S!^pT?hu#j(#o7id$El}SK^yG^j9dsR4G)Da`k4kxmX_1MF zXCfg~CP5gyjSQ&rDm^Y90RhjC@1*uNM-ytwFV+)d(tdHG2uK$?OF={i{I^H_Y(yM^ z{KIo^=F!zMk^h%|zjg_ZWr0{PxM&;O1q^k*kZ@N*v2bXRdXknNL-=41=t;Q$^zcAlK z`J=Qb{lpzm4ZIIu5c60~B)@z2Zheo1VEVn+Pk*gb&H063&d}zU(Tcytu)uAo%9T1< zWLX}i_I&joCD?6iENBTUXcN`E;7{WC-6^WBI1y+%Dw5Ju#E*DuBtS&xWr*J$5&@H@ z-ubj~L>gs7z+G^x)GxC=O7XiTJpcqRtahikxp0Qmtg}7#EtG4PTX0!a^Opf4Aibvk zqd0fk`#aH6!cDO5@!$k+z99J3z5Mc)KPU!Z+s^Alakn>Du*@N@dMzJuNd$i|%11($ z%M7o*#*Mw#UBMb(P<~bT%md7m?Mc|kB^<^k=CIVEPUhpE+LK+}F;ztM90&;X-sSAn zFaPjLe{bpv22s`M2&q&^nSS%M_qe5CvLWCAy7ME*gfv~&umH9D8}1ih7%_kuzXcNe z5LJP4W$8;GVsY5VKg{N*DIO(slxSD4M$5B~DmA}hl3Fj{8`u3qAjB2VT*9zW;Xh`p zeu`=?74|F)HCPz17!(l33eo$rzvWzY5%pap%5m5~z+O3p%3dH*15oDT`Z( zSMfiMs06jieV;W=&{a^U%B0sor$HP|>;3!pkF)UNWPX{o_%ybO$=7#26kA5VM31dl z)8BiXXJFGGU1@EK{Vn;dQf5NXUAD$(zMG7aV){$6snl9c`qIe7((7(M1#+Z6E+bZB z2iLH$T8sC^kv-#cf9#41liujWs$8rKrh$WBe77M6V9if2_la)Y71}o0(+0|sO5~yp z4FxVg{o=cRzkq%eNOVN6mpl>0cIZ_PP~3KBC$~S)rPIGfHkSHj_6SItNb}9^L^pg{ zgp3Y|geA{3$BOWa_TipOQywqAzkVL&{wF_;fP|`+DZRm}kG0w6#nAJzTWVgA8pC__7XVQ6ov zY}Ofm^O^!w;57w?zG%OIPYg;Gaa7hkqQ2wM482G~eiL7ZtL@lp4sQ##te~`&v3hQ70K}m#! zqSb>+{^D;5`Cs?_^9TdvAA`;P^_}(ICego31lJ14{NCxLp8j5%|9r~-&q1#OgT@dL zxc|4T>^}(h7nzFxR1#b($JxIHasHNX17__XiH&RYbaj>c{oftO-@5KIA!UbT!8c2s zzdMei?M}1lJuCAs`XB|&;a*J~K6D3hsAz$YC zC+O6-o{RViUTieapGV*uRtyc2Q&=s#Y3d2eOpH4$wYM{2**yV6STp zBF3~UsK3q+HZT#6Z89VrCZ_8rREV7yx;vdgy&snC|M-Mf_ReIn>h)*l>tl3C%p;n9 znLsWfxsbA(+}GpI7z!(DvG@MNvi)7{R2lghZ$=D85yI$vVSNY_kD3_6^T?uq(8vXq zeeoU{8#=$A#p+60(~I7k8;Y^2L`hBk{Lv518I4B|UnhvYYvf7nOciU3CBO#98Fz=H zm8{iJ7gm{FxIju(Cuf~BAxvvKc6Z%}Tt=Ph|2G)v<(~%W01lFzYtOa}F@=N=KDFa< zADk?jSEr&5T`h}7QoZb1#!nL6LQWEM4y&<%q#$6UuDY5&7QlYCyFh!nP%k^`ngTV! zku|uF&td=FopUY0ef7NZB(tv3e%LMP=vb)A;WT2*zC)!DQemqC&35_=E2UIN>JBG! z=FzC3&zE>^swDK+%YmXxDI%hOQh)cJ-N1rv8g1f#MP2bsR2SBmbYnKn60OYQJW=39 zlsl*mRrEWCStD)^=GTI~J^T-6Upmj|xU>>BmV7qCH*7Pix)$AIk(FJ5k*KIYR-$Bk zJQhYZhXNQw)wb&4qugApPh2H^C_>J1PSIgkRs}YCTy)clX`1b5I_KAE5@QTzekV;Q zGbJzi z8_xvYzYibEmF?C9uNraN`*8D$E> zvsf-FE{g_;BD48HXTWdzcWh4<=YsYZo?7(Y(Q?c5hfQl0suxB>UG zO)DRn$|4``wsNQADapW_UBRM1B6=A!r{XY|qr=&-vazj0fepIH<_etp|5B zlo~mW*M5Q7^XjO$Jm-`4jMYe{gwu>^f^6lRZ%Fg_@Sw&H&SO!p!*4{U1s>%*)>F&_ zUh-#>EEQg7cB2|TPFNMV+oGf7zYVk(`bOE9c?Z3889i^g4v&F!2$59DO77$J?bUvn zZd#M;3uKmikJ-iL5?IM9cnj$7uuAlsH38LrwhOHvZV&8{7J(RTG7ShMUPn?6KSxER_x804 z5;5x4aUO&+5?2MWjp#sB#b4$zt^-kpKITHJje#($MpJ-#nT`-!^3XUhi1||ER;Z+1 z+w~S^^M#XNMRSVTDSd7j;0IOL9eKP3y_&E=5X;TJ@xG!2qd4>nP*uF!DYYV+wvWrLm@4X2Bg zoz1*h_u+M3R}gSom05nwpZzPP^{)_rBqL6z=zDmv;dHT<&_7M#i(%mqRPub5kch6l z?daplE)+z_s+Z`>H;f%6F6UHrkCa#8GU;qSA^RmkR@BC>O1<4YWAArSu^hlltxhX~ zzmLtLyrp}JE9YORmfvT(ZokmAF6>1a$YeqmI3+Tjs@uM{o?^N&l&0;zap?hg9e^l} z{`ys_ShVg(war=_1?O=qrC5vHXBagA^vualS;*w(*{)7)aISot+}VrlmUUj30TJ=& z0=&;zJRruxfPU7XmU_ycN*kFm#gR^lYviwwNxC-8(Oi)G$~6VOf#_DF-pr$PqJCW}G+K|Yr~=oG$>`^+qv zz9MaHZIwaz%NNX_lCuu}6-D*>X@&c~0kO-~?olT;o6O~_W>~v37sCA-_N7bMTJCb! znuU&zT~U^eDE|4kk_O)|s6;&lY;EkJDe1VheZhM#^xAB+H%aM z)#{67puSJaJ5Z_QMukg{s4u>BSJouA*LY>8-R|p?Sp?S}o@;bo8W!hh8nBLe znwU`!u$vLSRZ_`hqouBTE4!f^hjVI)OP zE?G2jjC7x2k68d-14G6~{jUNr|HBat9<+JKkWG~H7CGs`7iq&HXQ?}LmCpe# zJ{dHhIZugs&EeA|e6>?uWjUTlSu0-qmjFZ?H99(4PvQaKic(!cGU?Xh8_Hrg>NPiK zFT>a&GDO(2&D_!MNP@ju!)MHiVs|x4HD)wNAaEM;mgj?%{d#n`}OEiMv`)oK6yOCb81|J8ni>)8U+-6f=b&i&$s z|EG}q6LjJ7f#tC*prN9BNnL7w`>4woP4AwU18L@ia>>M#r=oVIi6>t@__APx*9h3M zUUmKE_Bhe2$jxM3`0*Wh;SxPsMyLSPsUy*CK%vmCGs=20mtisKel`Fnsf%HpgvmBy zP3qOF=Jv~5^@+~3^GTf2?MC{nH&hxo-$^*vT<;WSKU>d|*c&{0{QFRgi;>*n!gYAV zTkWJ_fCh4)m$xx2eDScs##iw1g9i7)7G;gK`qM}~p zm|kJ$SnsFgzEr2qSerDPefO}+V_rDJL&Q{zdqY~_tP}b^brUnh_V?O|tKv^1pU_u| zjNUhzEsd;WZ^z^Xp9JN;gl}^ib@UcB(mdf{2d32EGiWWB0v&>tT8BFw+V>{*m{IlrLU2R}Qrt zdBR&x9J#36z_vbdy|DAC@5rpQA1e6!kK!R*oTzoI#0~&Lt$ru9i)?6Us31v7*JV@7 z3)9O8b%uSpZ7J2WtmpSAoK$;_NBSLvx_0xPt>q+;7$ zN-F1G!xfq3^y-uDHJ1{;`KxrBnF^Vo;Nuy^+)6`(Zv-?BB(4r?vzlCf7 zf28YAm*K5CHa2Dx8uaYWd032%NYBAvy;zgw+3u*!5{mET79BCCO92F%0U7d$=dau} z#@k1UoTeWY(gY{R%Y^57%?2KCjps+Wz!pT5uOwFdA5J&C4ir9{bLO-+7{bP@Gt06u z>L8n_dVOROI= zwm0g2xo)u({|JCX-A~P~#hRKIy-&!IyxA}!AWz#*s5skQVtvs-M&L0e*~(OJ-9jtd z049_(Q^(2l3foT_Oh81_U8Cbdy3jD%ICYJVa_lU+8g;$7ing14A2HyVl5p7*<#TqC zuxL-9_oX%X@{^Fvovs1?{V}7I_~8r--FMf&*H}NlxQ-0)ErWc*?46y}qzo%39UWbN z#p^DoSI94p<(B5p7N{E}4VK4Qe~Z#E@ICzj^1c^5Al2`nNRr8?7bq4|tla=-;^EOS z@ZF->g4UN0FJaBPYf|CNGd0*;9F6eAhsIk?l`sI2b+{4@TB%;9r)>o(OEXT}k?NrE z2Qr^NI7FXrnM6;b+vUesOpnXL{MGZrmD_u-0xmpsD?9Bz&t<&`m8)JK7(Ian4P;At zv-MD)doM8e&uttNv8&84z83gk2)!Tjq0gTL+%OfBo=)5Rh*#T{t;s;X_}b(pWjoea zdwtVMI98mMT#{29kWo?}r+;P9oQ!8N)Mz?s`BJ1XH2^2AO-N6eV;QGyNpJ;)5A&7w z3w$&W51RS#4=DU6YL_4Pe7|{LuqVzrzDT23Zg_otXNA@|Eqj;Ax`{lw;}%a`+p zbmE`_6^ZE6Jy%8Mc{|O$a4tMWP`Sab`wetJZi?d56Na<<-4w`-3O z_O)uQ;=Bc{V&|M-rBgiU$H#TvGn~b@+@i+{46m}@X%KU6q#-O~9}S7N*DLr1UEgA% z72E+iWbMqRr$_rEZ@*xQy2+inwgoABL9*G9kFa0r- z$9AuEO)ffRtGx1$Ph)U);sL$|V7iElMPrEn!bdt#WiqJ@qza77PT6>DPZX{+y{FV&Pq{O&B8CRa_qF2p%ujjOt%V{w}X*rhjVfd(j&?A^{;qCMFf%ILj^89;1 z<3_yKUMq--np$MnO!qPNK$;MQu^~VyT4Y=yo+jueAo1!`t4vHc^6lP%4VUdzysvJ| zr5LNrh_X4*1C9`OtWpkDITNpuB|b)-658wC&(uxKjO*+Xe{6%Vpl z)=#@Bz%oEW6f!o%+j?^fJpzLa(^fpZm3dH)kKL9!5S0}@=ckg57z}JX9nlxDI}bH_ zDSW6pByZoQ1uXQR^EbyW)jl7EC!@C-2DSRXvvqq&ARo_2r%^PCNuql>O6_E{s3a@e zARUdf6NL}Cv6EF);uK@Vj~X*&k_C)L@9dRpvh1gVml7~}N~VR38a21wX$#tP`*@KL zx>9U)B`Sr%>LpKT;G`KeaYa(7RRZO%WJ2+*&|3pqbOrDP|F_2!a`X1WOmel!<}#Bc zp2cjY{Tin_(iLtw`T4zjWGOVG{51QEYsoGd@oqBV$-QU9>+L{3l_GndoBQ^|m};)4 zNTGha#>o5*GV{A`4*5XB>6|fB##xiIWIie?NfO>&8v-K1YA@eq(Db&x>QTv${rhxoIUqAcF(I~>QSprzJGL$zI%P{{_3vG zX0d7v&UbzA+2lBhi*LnyRpukW`8I{Gd<#u*Le(r(Y0Q(FwA{OdcJ&4>`F<}T`;&tE zcQPKVOjk}lFDD~o0RU}{o)v4w1U8Eg&5iBJk5D$ZdG5rnB>;))H@jUh#@pTj-9KwV zue%29=^xIVRw5#zNYXjfHa><;>DpoH2iE)rK{btxzJ5j5kf}dZ}am_wUQ!p%cQ%j+e81}k8=Sbqc z)#rNcP`*;<(z#9p65GRiu+$K#`_k6AZ`eLX_RH0LogjER|E{Y{_A8*CPqEED^=gis zx(c}M6kPLfC)vO^gSTm?CF&RWyygk;%MD zogTrK$JYE<+4!17Yov1mW@ zFKpemO|EZbF?nA+W5kd^DiL(xJa)vB>7u3iZeP)xZoGh|DEKq&TTP^c4T%WdJ&^GW z!lP4qkM?c4!K@C}+GY$T0kOxF?0R_ZT{asd)lb+@7$nzhKLt4S!+0JL6y6GlD%)#K zju!9xlu_bp1}T{taGR&v%s2Enj_Q2RJobPH^-(^9 z=M&dEXIQ1KUFiIh)S02+Bu%kA-ZYNTMg{dS z=bw=c+Mn6CT;$EUtbEFXFhg^IkWJkYa9=BNRlm|HS3_BcV{5*Ti7yF=(6%=MHuJRn z&d5$&4_IIjEiJfc{Z6bqo>seWYYVq`1C;P81in2PDS29$eGG4T3R~#LEi()>6q_xL1H~7KGi`RZrU$|g<-{BBdb*Y4kW$ly z@<>);nx01?GIlP{la^n?#N^d+;5UwAob0T!xb4uS598nD6H{PqH6A`nqVBd#EOABa zdla}^>kZuCb&Dhs+t|e~7A|viN>BI@Ni>`6bP~wbPDEVILhTw&0aH~vI&*s>!jcV* z2`%%S*iD-6`sUo-_5F#9rnYNc~_t#V!RG+V$F-lQDJwYjL= zs!^b>CV18&A?VgV+tN+l8s9q@?r_(f=xT$0O4H|!*J3%kL$TJgyjs#+nhrbjYZ#Q* z=es|amC;P@gC+}5H=6Ls-(aL3#)=uBAK7_WWW(JdXrNBWZHIn1#WUS|yKq1;eE;qe z#)ibqKSf3Tdw37D>b)kYxVdT9skPz+y36z&xAyPuJP#y1R^X7*?IaPeIt^dWjaG4h z(zaob3Aa@xMPiK&odiq1bRmKz zFMlo-9je=6iZdX}Q># zq2~l&nOfM}&B@zwf1)SR{{mv|QPiNcePi|2C+iDEYF^eixdz(Zrj7cvB?^rV@GTRO za+D?BLX3}BT{Fn?<}ECb=IDz&M6R7QSg!biPf5QyONBcqHSBH=b*5@m^o_+-QCD)Y$u-NmnrliQa!O%|DPX@{^9=G5Dp`ynei`TjIOx;{<^req?z zp#_?a)2q&FcRSkBj$qRe6L@r?)0*O4)W>Fcy{XqSKXR-Iyy!#uksPA>V zjaT}My5Q;XzeuzIt(15)Z9=O)n^R{C{fYO^hJ^NGfjm~*W>#52AvQJ^pFwxZ?x9F| znvwJfstb*)$goL_PQ9gZOj=7Lu2!2(lIxa(kB?3Fqq3C>UkQ3#LZtD#^XKd5#3%)C z4}TmTF_rhwBRNP@WJPa znqw2NCS^)iH;$S9nRZNe9jtVr=e9q$)361^TeC+8Y(LAzWC_~rFm#YmICg_+iAH{* zo)45MU(v2Ejd@QqZ6)NDt4}#+>-UmpqK+pHKZ~FZ2GFo39j|CiW`|E4^cqbqwvHfQ zs2~2Q>m8p9C1Wj%a~F_&XorYoS>;QoRn7ntu?q_B0&*7W@k&KK?D$&$C@6|bKc z>ek!Q%1$p@XHM2yL*%@@TfU}1yh9py7pkRylJk>;iA5UathL$MYbDh~(T`~4-rc+n zn33?o0TMw_o!$KQ5u=^(P=TT0c8243v9onYASYmN7N18|FuJ?FDLacMx37npkIbF! zLh059f_`}F6}|~)@GNJt;sNOGGZ3QJ4e^72n;T_h0@9^dzG9J9WtO5_xd)tYVsE}# z7gcMd@Ame}-g2@i4&r$;p;Z~=#YH`u@6t$;E5ivj}RmjiHPzTU!)9-(k!WIUT6loRaMIkT8&)3 zy-K?j{fS*{rYj@>8h%G7r%ba{r|g&-$Z($ln~Lmw{j!zbv5z0E^_S{mpKJ^_Asb*# zhtp`S$Z&Sw_qhXD-?ItD`rK!9@>^rMxo>ji%A7yO4OFTx>e@nUozp^(IhlDkko`|i zT!=-z8w^Dz+k@=e;PI*8+Y8^gGxY)hQ#lRtKze{di|n2@*~SUn?Q#e8Zwy+3ZI2II zGe5)Ta!ONTu9r_*#fQJKa`^|JT#fn%q7Nc1qu(|1b;D$iXP9lvV(5*-p`NW$v5iVu z8vXHO9p3IA!@^uR)sIjlC>=mgQ9nDY6O;G@xieVLqC5*$drxtLS$8zB*CSz$##q#2 zqG)wsQ8cQKj4dwf+s7;BdN+>}h0A4vj0<7Y0u$PoI1Ml|XaDItP0xjTK7$7of=diu z9d%n)aGop@k5V=f5k=qIO9Ac1bN6x&q(8{`!Y6ecn0eLgYLm2t#ImxNq00_h<1*V1?# zgC?aWLv|IxH1}3~Cc<>0WIHVp-8Q~21V9_jk#*`VJ}{WO9mko*8_l2K4_w5r@iNU; z)$W#jmRwpcmYYae)BSYCfd2^{7a1IBo4DQgS!Im0nH|=4D_Zr%ca-tQi?*|y2N-dS zx2%kt@t;E1nj^@0yN^~gFU?B5`@g?9Dz!Yj6k2dO5n;6UNdI*U17P9e%LMdqSjlS? zs|T^jZZ6@~EbAQL3~aVo(4ZVCuO+n3mUqTyUEiEF@5=Sa|QIa}-pQUrax zW)U+dXaNxzzCEMHeehzj&1cYl>D%1trEdWdrm23^054^58^y^FW&5pp_eFS}{7)h} ziPtt6a&dYO-EUbbdd?Pq6o2B{4$wFHL^`)8D-jD-9&@)qcK^{p zoaFrp#1PyIGW0Rkm;?YEQ4O|PiJ)o+7i|Bq+H5e|zU@XcPbqC1YwU+hkH&ykyR<^s ziSWKKq!rEOkk1F;39BqdsieQbJ3rH9yzP9oP?F?(waZ5==IcE*Xpph!wck2cqRmx) z)w;{?u;eEUpHN$HGl!<9aF`Z{-T$-u1Y|8r(6d#qr2Jf`-YzYF(AO3=*I4as=bK$6 zdzs=!N&6DE+B>~9Zu%ofw(P2=hP!*dzz*q=JHRHuNj>=Ro>4_wPJ?f$uLk$^lvHal zdoGur2@(IKL|R7w@TS%``s~92TT?3>vC~<`_NQE9FwLA zG=3b-hm71~^W_ttN`NO7#8vG7fJbN2n3O5h87vcJStF zC(DJ-na-9w7;1zQHPC1_w@Khv)g3{>g{KP9{UimVFVj4}2M{&`b0u((M;iG_&uny8 z8fF5o@JvVNGFDTa%X=%sl%(#KL-PlS#_qap0(nnAmnY6`@IINxsFO-n3xiMjCY7dEsEadjMRPB7;W*<|dqGx~(2&J#3N1ly)3=h(z>bKCm=z@yqvv<ai8X9w# z7)ng1kh;lK+X@>-#H)RtpAeKUDoS z*kXhzBgwrk+N~h;6*>inc>}K-S4bjj(2s0G^jK$wJDK&$2P+ zKJ$r?8-V9s%dj(U1Qu?u``I|{7lfttM^N#9_CB;PP?N~~aL3F1ZfRw~`tF#nL$XAG zH>?)J%IO;ch=2Fd#lQMq{&D1w#H3QDCs16uC3Om?r9VtEtMal_Gc)>OOdDB&c09Rw zCLhPRc6npCKM%fRGdCCO6d-@Fe&5g%I!K)-?pM?zbfTzuL_u~&sFIe_O@ZM>GOzUL5PInv?t;qQ7Qibh@ zLb0d6j%02u=}WGsP$}qqtX(p@wGO3%69f`2~#=W zZ1@Yq2*Sox{NjC$n-;5%P@i>oFYq|f@T|{N0At*y0G~v;Y>r6mapQeAR>(93M=M1` zI<}R@e4SGd_&Ox#rb>^dQtX?M6!#Kpq z8FAEINBhw38C2onhN1Kb7F2agj@Q}noMWBZ6gi-ox`JSoEmwrCwVS7MEH9?o_fBEf zy-APT?_GY4IYbjkh|zD7pOw2lXgIblRAspmYr*@W>0!m133W8C$KMAVW0n#Fi5(9(v8(Z6vyhuO;zXmE15Quk?P%n_5@CV z_d*7J&fvMZT!E=hq99r=NmGWNH^ga{ZZCEw*QRL2IS$)g8HATX##-NoM;u@B7p4hS zu#FOQn0BAm3Y_w23Grxs&)GMOM|5wsos{yuYA%pqKGE`BtpI~JN*tVeT3*95s$3S> z*6ls-o;X!v{~Nc8d!FHEFj2s?vzcR%Z+W&i&$$##YVy@lF7Ij+F%Z^`5}zMm{$h_t$OEQ?SsCJ4gPu~nm@RS&NthQeYbo&Jk zzA%X!Je;*0TcTG&X5M7f;~ID|mXI>3WfN`iM9h6pFNLbCgAL~vW~gb(U0v2=9>dyp z{w8H-^~JyU{9@&ZEB1@`UV25K{kR@QA)+^I^Da~1jy&po5vtdIMZ`if$DnrUwTs;q z+&hejfwUxQk!Hg8voXvHkKg_M#jfFS;du(sH~m_pCQchJ%B9H3#My2aKxNP6pY0su zqOs9`c^a2s;5)-;bnChsQ0tVHu!{Tzy{S*4)z77rS2mSCl9FaO?8cb*zA_ zMZ>_TH~Gp$t#EFL{3eI47&K=I6Xnbh`wNVZ2VJJa49UzaMv&ocXJP_pM(|FXOVY=& z?BU&TO>6s!lIo;}MWs4BogWQgppmdAKnxtoDq`QGNxQaWaAEb;sJiOH-{#8Ob_BBl zgyXFZq&)b;Og@#tzRBTf(`-R4~OGH((q%5Ts_mpQ} zx1k6{csIPRoyU^hOS713NwM$?E@60WeGvG@#CE**cwUH4sMn2gczgVQ}^ z#}__k`TC)r1iJT+uZ|bD~9;Wql@jsdtA~qQj}7Qv=&AnE#1gPAAw*78l-1 zuVB07p;r3>9pV*Hg%p4C0scs|nM{&1C|V=S<=WLRhuW8rAVER($=DOgt8aLiTKTEe zWkJRbUr<7{2y;Ra;cxoo;XkCR`$iP`79JP9Zk&}>QgTC;IzJv3L!RB^t{#K9t|N_= z4@%jC*<`RSLXfm(g71^Ah70XgJSdBtLDjESU=wysHXBG~@RU%tTRawgXaGv8l)c+9 zg|npy_N3^GvyDw+Yw_94CHk2A)meyt!V$e5aedWX7N5n0Cm`#?+M)vV8g4%;W{N1= zHYYWD-6#;hUD-{$g_(f1P+l!U?7! zg&z>V4EyA`Z?LJ-6eh|0B~Ny^P5bbP-_TagmaN)B^Er&a_h?pUT{Y7lxCCJl*n~D8 zLD94z*PrGfH7+sunQzMv@=KZn+( z5L1eS>)ZQLzSZ6Asv=t|B(i^j3$+EZHdk4UV1q@?_u$q`3lIaJNuQYPZXD6`Ovuvo zCA8Gm2}k9%E^p$6ZTDE7t95%*wcD=F1q2zVXMND^*#Fwn1}Hc=Y24j%dY?ON83)h^ zDZV1?c1c;H+S}a+n(}r7%Znlg6_G18TNfBLicAR4!(G%}0c)>w zt#`rZUM)DL<2r2Zcq#u(%!jS#i8es32^%4mO}FK9_Cpt70uw@mJg6kzFNY(c;`-F3ocSbjfhc;WO3!JsaxpzJG<0jojQL?N>v z<|zz^JQAQ|^Xq1WH@)V^#~M695id>x!pNWj?N#*vxc!+LB(?kes5ETjjc3$1s2Kuw zILO6Wxzb#8*v$~P8`RlrKSe*=Khn6axe>&4KTOTYIrczSg6{2p*j@Fshx5-Y06i?i zX4obaa>3j_yq^uAd+jg*|1#Y|3)^KMD4|5sm2&VG*+Oml!crWZ8JyNva2 zq(o5}?`>9PY`J(JJ6_ZzAW(;s z-jn=JXzSHaf%j4iY|!HRf((8v>@`bo>3m94CeEQ@J#iKc(bcy|tFw?i1Wfb<|Y^eY;oiCDhS`#r}8>>Zpp` zu*%yYxmHyBB2ddDu|2L?k^Li3=Fm;q(lS%L7&CO{nu!?cV=jfh%GRq_+DN5N(05BZ*&3&V5JhXde|?SEN-2koy7}$%7X{C!bH))O zw4R93V#PIAQ?l7m@)|d+&|5nENz{u_BKd@& zG-cakxHzb)3KPX89kUGgW9XR=Jmuy$WQzgz#F2AAzLHJ*0193ku$g6TO4q&?E1tNB z!y0$Ed(i$6D9qoJjrqAl1ymlZh%eMJ71nd&!HkWK*F=w@?PWH$F)l%8{`K>; zumLML_JF{{eA!_ESMH4-rZLS zcXOA=&YL4oQ)pNB+wTa|Q0!ySaL8?9L?9k;;eFswcKQ)$Wxcx|;&h*YghC@e(V5O) z323RDAs@F5Y&&S}xO0E*dts1CJpm)!<5*P2AwL0^rHHA{mXViBCug45b!&iUnZitg z{eX`RUF$hQoF3)rR{M%DgFYv(0R4&L0K(6CRXtSYIH=dXo13>2`BIO+U+M7;WHA* z>dh0b>P{*u-|T`H=W{E4!?NT&dq=5K>`DH$I%ACn3}qTkK+0kG3bno>2?bLh*bI zp?RpZxGF?kw@zzmsB5DuH$%IylH?Cgj}JQ3a_jsh`;r~i*(DTHb6P}|>O$D~&`fB(Lk$kVJsWP+`;Es~mJsZB-)?J}Dwv~OrBpviB8MTBriuIO*i6E>I zwU=#~U<$N3c(_GoPD!Cj;Y-$RE?t+H#Lztl)GJ``BXr8&h;ZQ20HY#OBVps;Y;H+0 zv%FE}$d&6gAKw<6^XtzGK$V=q(pnSu!`A5YCRZ3OnV<_sDE%!duT7-yy5!fKXIFml zz;_@W^)Y1;v5DNxIp1n77w9!5)qt;d>(N;N@{TSqCG=5uN?gjNfv4qqp0`hVF%k_e z?WIWY?Rw{nn;l{J$+#xo4w$33cXhp!v6cSBy+3s5GDRa&#vgCQ**oI;YSH77gB06? z=Cigdla=qEjyAI+E}u-iFk55FCtBae0(&mEHFZwdMFFHpsZRRUo;)J+dpF4v5R)DQM z!8JmjWy?TS=n$6r@%Gd#X0Pd3X><`eFz$q}UN(mIL;2#E&DE|lIEBxeHhn>t7thDF z_PlFdY5GH)S(MaLcx_kboQGYLMJO-0 zwL;O9>J{rBJh526AgE^{B)kZ`@R0urKc^~)Ev!S07`)jkqTs1~V%}^c$Jy>F{~ur9 z7+h!Dt{tqXvC*huW7{?wHMY~ZvE4LwV>h;K8;xz-{O-Q9_k1&ZKhOS^N&c*?HS4;s z^El1}#4u0Z!(n;*9Oo?i7VBQ;ZJy6u6Yv}b)@b@&MJnKb@E{leVfNy&mCmrjhiTt}**&xCV#ZYbH&W^r5l%Kct_GF5tawnXh?tA0>& zQ1lw1^*uqR!fk8TQ4iVs`4CY`L12q!+2WZdIidF%5ohazw*3-P1Ep9PW)h$;5yfLW zC&?9fY}l5{gt@02#$wS;H$SC03_KRh2UN`|#P~XSrl&0VN(oD`4t7xopf$joDOo@` z@Agf+Lzc3aOUt^?2+A}U`n_?he?Q-FSCgs8_;^+T+>!;XjrmYz-Y0q%?kLIAmd=j5x*%ITO}OfO z6t=LgdjeK}%71a{Vadsc=I1<*Z82GTa8Zb0h(?|(`}N6vCUl%zV`*rAr2bWa!dw4U zclcYbds(o<+b*)Ckz?yc{P5ROdiR-$10wYGq^6mU>ZgHH=%Qpkr}&$ut4|7l%$9%q zAX`U;P2Ilu*!J1h@g$0AwMJcEak{adR=ya%IX}e#D8^d1LZTH~dHQ~|4B3+`ZlImw zT8@z{wbrwX?Ap6!-74ng$;JNkr+S6aaC7coI{P)<)&rqDn$0$bL@Zx51YQSRv)$dN z^3Q#rs!YK!`5uo{C|Z7v+6Z7l{hv7&#Hqfzv~#r<${H3G_wi)w|8^Pwk>LP z+{dLgqF<*DOl|NyyJo~3G>&0+9Chek4z*4IU2X|;f&Pvx~w73@=r1Iq;_GF^7Oj$NH`Sijzc})^e`IhHPCk!ihf12Q@$p*k1*TyBqkF!OyOlwTZ zuRc-ruX5bKx-gjst^l!XI}lo?myyh8eqYuqn^Ol@IoS(>#qoT9Er;8B`+ft!KRZmT zZ{x{}d5w*nsV9q9-uJ66)nnC>8GIhn1@deAFAI$(&V>;sivFVxUG0FCi;1O5XTptJ z&bIwBxb^+*S-u8_ZXMuVLJ2E)cwm2`TSNHKYHWRDQsX-_-#{s_0CIP{<+SVJDl3;k zUJsWAnQ6{L3Fqxyi~G+Ssv8n}$tMEK{(W(q|))(okfGq zmPF^#2K9^YupHDxcmkyhn+RQ!iqMLW#4-+ImuAb|l zKQxrtukTz}je)KrtoDXeOne?nXZS=8nK4Z^Ac^*Iw7d8^zeLw(@Ty5RNiL(P%kpj0r`Zy6OPO|P0Mr2{AkSZXqzGiyCk z@ww6*me^A%$CmG6Kc2fySlL0{H;*6Mmpv;>M3Its63v;tz9r{2GqV8ts6!Uu&RYXC z*pkom&e&Fj0?w>8jT6tVBVZr#J_FwUC;sEH5`1q~UI9xl?C6EtBdGU7g)Zkz znVFs1d8GvMa*GV`?=M{y?N*b4JVdWce_v3V%`Oc3{=g;RRobcqAO#Aj0By=fykVd8 zPx*&?j=sOL64qe@#t>kJkY@uI`36yHOmcJJ*z&So#^8on9-Yhp2*OzzzW_*%g@dbk zy}i%lX7%O8>1< z|L$R%D^X)pLNR>K08hWmnO1J>SbYVgVHfNDd^=wWTb|{`=l#;SV(SkJh(zYi=B*?o zo=4-74S?*rWMr>3B0hH&{`XOvNM+M}s=c-o)`+JqcqtBRF1e?*ld0U0nG^7#f{Kug z^?JEBxr=>fli>v{_|%ub$RTb2OLPjGRWn2cPuHf0A3C|2Tlb@fpRQgt0Fulg;T*~V z=Rd_D9me=k+e9LD8ex#-Y<(QhHQvDC&UESP?2xxrl0t*#qbEShRjX}3G?h#H?2h$_ zel@wIJYB3)osQ&uk1eo10J#=e06KG?F?Z^9lX-z{$LZsuQA(ok$6jHyDX+QaogXNv zY-Z3h7r&DnPSuL=U+>0ei?v+u#+DE@WEiJt6r7Tsj5@flS3UokE_f%6T>q$AJnzDA zc2E^JRFj14ssLLx>qFy9Z^&TDh{FD>=f(zqyc^T&r$^?iKOg_PAoK4{?zui(#muPh zk3Gmw&qVFS_igj@>FNNIH7@yuJC(|@MeM(-N#mKN4&Kwd#?y^Ao$6(Lj$$s@YJ=ys zVvUwiH`~VsCC#6YqXY{LGe((h*5T#HC%}X^AceSBrJwkUJb)Mfc`t{j4Uup8&ah7= z#ptjH(5N6AFYjCTloO=3p2h;V^A||w#n!01Q@IPv=$S}q)tsGg*Z0R23$}T}`6(2Y zlB7k1e-tg#S}QEy)GUZG{vo|^qe5`vdOVIFuyI%H8RqCyq$~39vClcp40V~MB>2)Z zpC0}E3K%GnTxa4abRp)wu-G?Q;%U2i}-cp>zUu z&bFkyl)a8?bVf!7dB}BvK*UE%ATrNIHw$d<#Ai35K>W{QDVl17jZTU0r;czU21sZG zPSubZn5Sky?qMrm({lB?uKHC25S_X`Tx?ze@SbbTCcOeMabES@uk*CK4mX1fe8A`a zE_v3zPw1%I|2`2#H0Dm1gZ;2-poTEJ?JQ5Dc*t}YfGlvM8TA|qB*%^b*^&8%V(a^e zW&rh|J9|{6Ti9f`DJ(G%3)mX9{&)@bVgJWQ_`kr9;w04HeXm2yZp%vp+tE&bE; z)DKkBo!lsaM4G4DxW9w|A|C6-Upfg8tZ02*ep4wH;&LMK8Ns5<^L~AbHK!o7vfKO1 z{VyLJ4H=C}p953&K_SgZ5}jlGgw$_fW|2-R*U1N#3*{TlfD#!c{qvbZmIYm^;rK`M z^o&?~&Ib2{)h)M-qszLox)3no^7en7q8awB|(X zOlT&7?QoWAYnS!PQ2_qnmA=5UT=J<%LGC_%z{vKh0!WDvKa%=yizHD3m!g8fCHpMj znH!xz{q#_0&ogc*@k~l*%6Y@}Nsx-mwYw z>fz^o|6;x)DRCY;Dho_OvEE;`KRxlOW0MxD)fHQP^?y9e9XKZ6ODlvvaX?$3s2Lx9 z24sc9Xy~%-fU74twGr7Dh`oaF{iRnTS*Z=jUon8ITF|7YQ>a_wSId8F_}3$@w`=`D zwZtu0+hyRRQmHyzs$s#dT&1>{&eza#)ISHc+^u}TGEo){o!x!;)c#pR=UHY(?e0s1 zbRzS+@0nY!Z0beEfP0P2ijA71fcJ}fWL)|7w!?kY&RzQRQ2sn`atYl1+g)~7GQsZF zy9euWrK4v?j6LtbYlgF0srJas-b}sN{Ozm8w2v{q^y@y6M!s~CKv`=AWr*^7X4|oE zRF35qX*7xwu^^hT`$6{onvlD4u`etvEChSy1|^9z6m6lT1W2V=`YZS$LEb%t`M3`!=`hwdeJ-HPiJ`A9LiJj5VkT+28ZZ6;Z^YO}{@* zbf+ew2G#E zOq(k1ET6^+{_yCqC0a;}Po9AmX|USt426vBc+ODv+~aaWbJ6m!FmCXax}3d>0I zfm=K~t7oT6B!qS`a1IsHo9VMR5M<<=EW<1V#L9jU5o2`y>Sy-$@?OTIFP?Y4KU&3^ zoifB2yf3LHHH7A1We>1Zsi_}p0d;H}{CBKldge~xIZ59(Y7SGgmQ@3drl$y6&V~#v z%~GaCD`*tHaPN#N0o70&>@jrsr0Zz^LGC-#%9ZFjoLLg>7Oxi;5y_6Q+oGZ$H`3c2 zjTm<`8_%diAxq@RGxd}Z78hLkcYviWW}5 zx*(Q1uQh^8q0ZB*{pWK_#@!Z~DhWwDVHqL9!T#aLA|klwdZckt8`L39tTVR^BP18} z@67^@8dFBWXg{?QwK0vo(-VEh6$v75^RM*E7qaW^7sE6aV9?8p(!*^Y7l#Fz-S?u^ zdm1D&&of?6f`meo-^gH)2w9bwN?jaX8azWJA*^JgpVEk7e^Emq3t)@lsc<S&9Jsm=h3x@b)Hn8wQ1 z9eQ*WYW_ByjEf6582KYbY#s$pk>%VxItUfAkFP@Za9VNDvTQ$=xSEUXB9qYoA`NRE zOEuaP>^%SN?JY$vMo~x27!KV|&Z(JrjEQD}Q0k74kIzYN<2>l}RkT6~N~nFh(cXv; zGimm8tuE{v_W9JUBco7TNjV3U{$IRScxIDAxEeBH)LxP8Rb+u z_VRZR0^YXK^shg}K6Rjc)@cXFf0J3urhA&zE&Nm2LLW~>HDtGoHs&`O;~3^1vC(Sc zqg8#xpG?gtx`kBy-FweVS?F2P7z0BM$#DFv;h5QlkmF+L9Qn};ve)*5P1uj9jw81W z;E{t0Nv4srLQ`Myj=D8Y6qK@+@>wT4oAr~**@|0UCfi9n3jIGmY5wy^K?py^m`mfe zm8Qu$Esjpv(`345QFfGZ*FQLT9;tQY@N5 zAB9JZ@uM)0^hRbdT`S&CenQA#K8MC4`e*{Z-q;qH(It`fS4K#4uA48mii-yO`x^^1L$1N z(to_`Alz+t7_-i@rP}Fu4i}Afip0@$=|#Ik^+*Gi2(W_N@SUTHoX6=+Bub+`l3TVj>yh5G(9zbgvKa_oqEK%gxCF z3$@$sYnfK2ROq%4@_Zg;nOI<>qx0W0fy1g~DzAxW&|4di)a~NX^O4gH`^f#hkf15p znn-dl71PSIew&fIoLDGO-;|zNXi?Aet;vEpG|bskrCx$MiI0`T7_6n zxy2`_cJanyy~OHzJ;uS73JSZ`)@Y&~EHwe0uScTD8WBlels8ZWoj=F?3MLT`B*Di9{*6cBUa*p+*&eF5Va-lm@|ocLUL>fXNe zm`A2oNS_h+e1EQRMW;bN_XJ3~Q*$dk*kr4#!{M;1(Ozj!p37m4JM8J$;Uxr*xd;7Z zHy6;M3)IS%;hb%CMUT~$mPs=kg0!;*y99@@mMp9Gqs+e+&+7XYh3ns)^*qlF7XCht zr=IWp{@aapOY0ZbNoKsOOp<;VLKApouBeKR`Kk%o88_K4s#m2GxN5}Fms736&rPc) zB*|cCF+27(F6v}1CxVcp^p0mcHnC9WFG2Y?sL0e(KS_lylmZ;8m2`#rr&@a$QD0UN z+27b9?`)nEc+G~RqYJ?xw>=PE5Tb*W)gsT{mDSjE7)sSmKC4MTlN&VWbVd5;GeJg# z|8cRwj2 zR66aSL{%*z`f`uJ)_m0eVRrei$IPHKh*5c>G?^v)entV3yV*EMyTuui9}OuANA?Za z#)3gprlKx}pZ>J=6lgKu6fRUPNmR;f7IWAEhlCa+-&~lgQl_*R_)O;631-$-%2G^# z1}}ipi+lj4Pj(>s5C@ARQSgOKHX3tQEH-FxP_l)>ad1km|(_7|`L`Q~5q-cwR{@TM9bFK6M+o0y;HkCrzl1w!k+ zmOA#h|1i4z_dMe(s6XjA(WQYZ+hKfZn6&8!{suT50)T~7cS%JX^zQIbpE?dA?0VZ9 zJu`xGo_?1<*7U5eFIbVOWb{<=`{&n|OZe)1|iMXnpWdPb%DHYaZLhVoX^SP=_SQ zfNbLCP=rD~tG%ZIMI0s6(8PbOY(KaPB?OtMo}RfbQ^3a?=j!D;(dCl)fhs*7Be`t8 zLazcJ&!z|j?0SUMKA8+Guh*-Yjdqp4^LJd6%wA;V7@TzqNac*!T1JxmT~l zo51^F6GnNa(*xArAyMs2+I4+eH?IdncC1KBHDwhg)Zz|;7ZTew$}tXDDnL8)&@__p zhiYS+1mI!}b1$g{uxyg6ZFaP1!u1dO?VrU*8Ab!lA5j4?$kZ*<%U947$S>L#=6u+N zH>9lGmZ(@X)OMd)-?KBIV-U`sFGsf23-f}Pk?c`EL zSXYT732zvVPT{j^`sz!efwxJqeVft)Wqy2jEHD!(Lt-(x$6*Bj2})2bp-6Z|@AOHV z6=(N-*@-EOPIQklZV88N{w^AAw^cQ;W6OebQcP}9L}kZymZw%{%4K?QGjq!}<}NMf zxkAMp>a2MOvs!NEyiMnPNY#TAwD&jn#K*krYYbq=s4Cn6|@)>rsh%UKcLmmNoqbsU`c zfeJn8Wd+ng1pD4|hzJfFKFMZeKCupxyT}^%r%->zLCL~E7{W)-tV*B47!81#g7ZJ| z;-@)}3weJMactMbbhY6jkwlox8`HOs@`JRWewtr3+|#95_Q_2Qxywp`0p?A|DMf_xgidSYXv!-gHV{W z8V#d=4YdWS_h#^WadSoA0}(mC;GGz5%`Ubg4p3GeznF^6CNk#4nxAoqI|hRyOBNol zyT2#~YYX9ijwQP}`y;~@zt-Q^Cw06B>SK)Q`}Ug{OK2L7?eh8>n20z@@VS>QL3Z~C zYdU2`ri*}SbmK_%@!r>!KX*H`H1LP4>0j@$su>>v$Y!MxoaSr!?37{!9xeWy0BSD` z^LU~;IDun-I4)#G>q~XBQ2O*Kk8>wLda|+sUYIfsGcCXUU2sSTzk&nlQY3V%QhMRFhwh(+v+mT_&z%vC0ViH` zwJAa5N899Y_)+S!F*6~}Q;W-~k~3Qa%-#7s@Hjl6o1<%gxssuBfU3pR2u~D5UVivM z^5Lg`;&ls1Nu`!9E_B5m0Y@^lYbg@8okqLHneK0>-t+_2tHB1DShT($Nv6*oZs-G^ zHK_rd=@L7dWpr%}-`7813)QD4S)J&2hZEUa8@%3M@1xVwzAZGALBy8(+}_SlpFbzu zNzO)sRxz49577Wb;hRY87I4x=_jYAM$8xya((8o)7ej#AW`z~1@jGn8I1lNtT$7VRn zK%Ps$rk^yVN~k~hI3vUBl8u2G2oE69V7~z9E>|Ik+vDl{N)IpQdZaidCh}jMKUa%p!D|c73Axh5H)*d}bXxjP0^ObK@4-;>33LP-0 zhyh91Q9e){hPtF^4j`kTZ@wWG*T+@N$=cOx-#pavXltMG8WfYkg?yUd3Y^ILX3!DZ9p%rZm<2ArBHoqEPP7 zN|Gol@w8e|)4hkye-Ao1mDVB`gXl#{|MTllD59RgsWSa1vse9*B`(?ejhmWCMCO0S z-r>Fo5CEMO?9_c(s`Yih{BZEby3Fx>jSq(oV!243)#oR|3C1O=Jl-qm?S*Czc-C!y{BU173O5?ienJ*=& z9r}KnRr#gfZSEU%)h1|IDXvHxSd(Ffh2 z9xPW7jiLnBxF`4D(hbgUdB~BKy&A0XGRIU;j{pr=n-BJySEGaqd{ASu#^?hstrJK% zS>LT2`}BFp(Egy4GAozW0{|na0qPS?5CUXqMv<^rf%uqc zTqwS+gxll!9zgwJJgWYEIDrO6uKGviMh=jW4w&l+X{bqJT1L6#m{W#^$J^IRLloKy zfFQE2=B8DC0qnt$YypG`s7CQrY4rj=`z?^?-;!$n`6Ihc?aKXSqsTxc z3MQr)g;nffloK;aH0AauB0g$ZMV2m7dI0D{p^_Kxng2KvSi`>ih8g*p1ZNg^`e+DM zv0U2G>{s=|j|hIz>YzaEAjt0grQWn`RNB1X6j~5R`QgW(S7oFpi^kORv19-Su^q=%p~FNL3N0+CYQ*hJRCk^}CE!e(2jCN{H+t_vq;Xc`8cq;Yqj+hD2}mI2 zP$J&x?Gj7*qo@>QKvoMKn)atJT3@;Cg#`Q4=GnxpRr<_-Sg5xl)W%$oVKEt-uE++a zf02TL17(k)RkgyopDW@eel0wwP(lvV1g;kw?XE*fS|en==>nx11!_WEw${r7sG*v6 zD`Fx$gUW^Tu#sc9_e1C*?7{#Axm)eFpLoRo%;KF05C@V!l4F|h55U)dl+qsm z$b&L{nzgJ^2XQ9RYM}isuinM!BT$M?Wc1d-%ezKH%Xg_oe!opiCH}WByWQP zJe{mX>k%K>)zfB~xctgC*w$Lz93OU*^uCp-M8)WD?k4Ffl>wHwnX!!gCCOa7Fr+Uc z-@mh_k#TApigRQA8>Ra9qu>G^!3mGAzdt~>1AB}In>pI)XM-lfx0!CiKQ3!-FwQ3n z;F+FJRKziKV%{X}nKX)7VBvUdKc~f@b#jTVtxU*5+r3|#ZP*_nNfe`~b#-+wxBTt7m~>Ah3#)w84VQfvFLR8gQG$q4UTGum+O!Tb$C6qyR{qjzRCpWX^k*K zuXA7;gO{k4O)FK=tW(W#-Oj=Ki~YU@u**n!x-~f3@AW1}i8x|>$e5UyPF#NwmZmVd zeHPle)veX<7vM1OnEpED|F7Y>@^zO*&X2VrZz&3y>I@62=QT#gh*eqCRj zJ?RDg@roIGPR`qF(p(h6%pk~so1>{~AM=PM3_MR;PLLQ`C`pxw1XL*WtI2WSPhXh$ zyK~U6j4^-3OdjPob-vZjPjgmp2*7mOW56>9UFg>!Wbj4l-PgeRa>V|sRBQOxolTtM z_b)dDtIhj=kkZ&iY!u7R(4z;&R;LW|8w#KeLd4ZTnJ?alr&K(%j^NhVh!Hv8!9!ha zyT>EoHzqUI(+Nu%cu*DvZ}WP2c9@_;lHv%&Bd2<iJJ2IY?&8WhMq=Oq67hpJ#HbwnRZup%7c5`ErZ!Q}DRzCB{x zAqPCsJqh(4mGzBiyL7Kh-)w01$b%< zhmO{Y6Zn&9xh+qC9?DsxTOgzJX>K?HA&s}x$^QNCoSa;cMrT@Wzlk#`g;GTTDNe(`-KCKjA$Jp#5%a$g6UtAW@<#T-$%W0EzF zP%!SREjAfcvJ><5a)SKObQ{OblK}ZMAdR)EWQMwt0>6prqb@n({w#Z$mJB+r{v8n= z^RKZ$CW{DFs)0*OE*GFpPVGzF5_6Y7hHPo?zcKRRg4_@|y#hc!`N3*S!|v*PP7u7# z(-~1fSWK(S)y~j#=x>|VX0Z>_{X=XP)4c%E@{NcDB8kf1Xx4oo%!*1PiZK6I%|ZL! zk`-}k_S({ey`i0#s3?ewlqKOMD@TaJ;rNo~Sp^LyU#BM+akFeHH$h}Z%LR2bbRmu3 zOLI7wwyS$jE>$1M22f(h%$HB+7HV>ExWsWSH|cvyXI5J*8|5-Er5Eo-?0CORJwchd zEe^fy;Wmtz{gPe2*sIrGx=bE~vwM{Q5N&L! z8;&VtV+P{sOV5Iucet^286G%ba-0*{B zG1z+^xpdB;<7k1JuEab#)fo;(r`if)1V4HDJizP+Ox4}_y6m` z0Nw+@_2?6~KA*KzilgY>x$WUz+{{LjGcuZ}N1RviKRy_V@QE4Zx=I8k*HK+H!e%*& zGNN;toI-|5*X{IPZtq-T)2Jc1^WMfMO07CjCyNwK=R2J)ssXu--KZo6qGE``>RQXg z_CFumqu^Hx{TIvD30Z=dWR;25xrT?yQ9CnYV{=L(kHNQlm+-`Rd3iSyP)YMr6^9t| z5P3AFe!zma3kpXdy#;KfhY@vW1 zT{Bn7szmL#m@K2$5-Xe2ShYbK=MlG;(Y4u#Z-kaiH(g7 z3b`j*ZD1yRZS)rgADj$$JJW}6#%dR9wLs!54*eM&o7Jo@z<+f`3B2e_`RmV7G&mwc zBpx{c4L@a6U?X5 z7_6y=rJcudZLYo+7ArOmZR2RyajrP{*`SXmKmlApgiiwsfg(RvMKrPWlhvAh6y9e7 ze6_jpV9l=GMrB58ZK8$tHyBCGJX8%ToEt)n;#V+BK6XpRX4~wXjoni#>#gk7f%Eo( z&P&FJTcT{yc%$Tjar|{8WWtsCKI+5ryAjU1;7F8+!o?P+*Bs3%)8qmdp)u~#EL|&p zs290)t?6l{PxQh4&@?iY(FylM%N)1K)YctftpYsH9JBSvx!Y-PE#`azp2=%QovxqN zniHL>M((y5ey+#BO?1Ac(`e7Zd^G*naZnH*Tu)E$V6lc0$iycCqG&+M1+rE6Fi=ny zZ1$RNhK3}vSg(h0Z0L~OmcNET`Qe{vX=S+qbcD|@tVgQyG`)m{3W7T@H&bi%@|2Wg z`ut>o^0GE{IG#M+=HU|Cl;52#qJVM?1PdJ%88=IkiT-yMKw-~ylaa)JOr{y*8!TaO zZ*R0|I)fg6p-u~XQADBx`KGIOmLPbU<)5op?nukEwKXh5{6E3eL7E_#RCZgnsd@(C z5L4VmASNRnZ|%6@+p6W)a@EOtxsPSk^k)D1c70K!MZwlDJIDt`IAHz9lJwmA4$tKi z4E~k?#jPk$eW?d(fK;9H>mM@khq4J!JqM1?&l#*CYAmdVfSjPZV%8ClyCajOj{9i! znrz9YYKJQ1pJRWsF&ALGNWjIuE)IicXqp@O+)r?bV<1(75pW?Ib+>7=qZNqV{J)r5 zBb@O{YZJLUcY+B*U}$hv`gD|9CLRr;1S{_w8l#_+&t4Y;q9VnHawGdsA10yTj|P-J zyAR(1wXVbEN9>}dwnM|aBS%coEN0_@&-b@RYL&svY)v`3Wv?v_DU_X6`Y0@a z%O>@S&%7PFxJLnQ}bdNG*1jT!VTI!g(3E#7=q)igLOc!_&TQ@-;d>Q#VNq zz4ndMnYnQlN5@MX_s1^);!lbz-++k6$~j zMrE@?gDLg2IOJ; zC$jv$Rgd2I8&bjOe4>7A_{WQl1d2>2Yvt=QW0ya5z4qY0-cr7}py(U)fIpe1>qOpf zyV$?T{p~JSJ6KG*A1)_>;CO`djM)=qNUFHFxXm_~byXHI>K4cS$l7+@N%q~$J-hPt)JVQaKDZ{h=(6oJ}6y2m6F$p4>*4-v%306% zBaA|KdGl#LrOfMi``YYIg9z_z+iOao@>ez?wecS>v$FL{G9SG_rGB$eGoI$-x6I7 z{6Y8oGwZ|i#zE6sw;2lc4g*O2&Tqhc+p{hB5k7EcqGp1>#PT@N?nBN8HV?=@?RDNK zLGW`S@{9N6rcDi}D(o|@)-7q?_+)AH>2zX&=&Hc7DKB8*l3*RktTXT(6wRj?`C6(- zGe>(2uokB2EHsm$`FiW^ZvjR4>(p^u?(_eXJA^nnGpywDyH(opGsYdJ}Z-bvgHBpk*)Yc<+^YKkC5FG^k(0;TVhW zO{Bth_(|<$cf|Sk-gq);n<T>L1ivSbzekTs7Td zm-(2oJ|N~3VwH8APNa@~89_;><+JsVA30ogz^V>G1#A)6DuBPv9AeVFf9x#?whSQwWyo-RPiUySShnx){O z){BS=CZgy7;hcO^yF1qeN7O~fA;+=!y|&tYGYoBND(c-FMfCq5!wWM2@E5? zkbHPeV%T(8k+NX<6ypGbm*lhuP)@Cm3IY<1%(TmIW^OWh-1(0-x?wfZl={D2NZ~$f zu2_KJ7ru6N3r*Io4=|cdD>_g-x44vBA#qG0bP0nyGAz$RqxxK8aQ#|uhz7cVbkX5l zZU}(N22>22w-s&|ho~~H)onr4+6S zq97BJU!DMvGFJ;L|J&C>p)0B1H1 zbihfb>NbB%rtX3$cPb@Dp~b*R&a4i&PQK}N^fg3?L4iuQNuyHfh9(o6MDOSh%2pdo zskDA}=Bv8_zV~w`#Oe#5VI7S@H5mqTjj`m?okPk6KuCdGJ5c3-Fn)vKA5>4`fd&6> z3pe0+`5vQmg1M0;^dUnZd+}JH9ljRK4FYME37hHBWowHyX8Avat(Q&is?<<;W5tXV znZ+1Asx`O-N6`qWf5?!1Z6Y*bhupqF8^?SihCu)bnN-ea5BJI z5ioqe?!&MJt;`&MNPqy8v{i7=9C>5k?YI3jAwZ0mh^yt(l#g>#lgx2sjl}FD~(t()wpP%BnY!i z4Ab}H2Z#WXOA(p=7ifPr z03M%I8TZJ9DM$AsR(EJ+A%d659(em`i^CxT8RcpW1xI75;PZg0DSu3Uu}EkkH*+!W z_gFMrGtPSc!33G-OcN`mxcX~jY=|Dc^b5T}O& zc2SEyM6w8QxMIM9sCCzZ3gyzuGl2=x1nd%hhoh_|JP`G~A~=$79qazEn0aiFJBc1Y zL|LLCX4xL{|G2`?!ChQj%vTzjWN`!t0e3qTsjeGTYip}4;$}STLR)c6(W^K+rMg|9 zx-dK~9gIAk*YXuFx4dS3GxAJT=8&wuI1cd;IJp+0E;7)U>1=v`vIvRIpj%5bPkk`i z-lksSFkifPB`ZkGO4eJ{7Kl#3$uy%_>_?iZt0uVIm75z&a(@myR(3uQxGzKB9%~hU zlr()K_!yggwY2F?s3OXv0 z!kLiSeAcMW3)~Z+)&zfn$D)t_;NNg&4h*a*Qp#nwrT54u>$YB>>oRrVunHaFkdWB5 zunj#O)+ z&o2%IQ&+6?!otFDBE-6#prTi6ru8&x;Lu>u7J|P$cxVDL-TbE2#7y`T;wd^;fRQMr z{LwM8{?lx-`SwTyyX6}ZoG`b`8A8X)RoKXreh)5cv`ko96(Z5DK4>fF@I>FBk9v0l zHvrZ_-nVHTDI|4%H{JJ!q7~Qx7tWU=KVXJVDwF<6hTA|!N;1p2ytyKefC<>krDh|q zvlo42az)^6`!nFWf2Z2$bi7hIc#pblie-n*^Mkp6w{;f9T| zZ{7O6gQH@Zhe4WS?h8U_DJ&(D?c7vlg|PnzIw`rB_eji-a19mUw}g4Mb!&#}9t~53 zC^0A`!qGnFaIsN}dC@+fcdqkTAPtEg_=u&D#f;CdHQX{~KgF^)HM#kEta)PKXy?fA zQP#|ylVGBdZ4@cB1nfF)YvSWCw4ouLKCTLbMC$VMee~z00dcIK8e0;}zpRu2jtmcc zls+Rm8qAd0+1%-;#w?Jo0e8yt-4`fIfG~x~l1_u|6yvEkO#ReX&tDRSsz9dEIVv%Z z*1#J{$00z0k47kVd3onNR2#DcMnL~tE|tRCXYp$HVkJum_a-Tf`6tkSl8`grj0UR+ z_a)8i-QLkL4#z|svvuG=3fQ`AoH7~Rs7xQ&{&Qlt;+pj4*6r4BhT_oY>T5;y^RXT0t?}sYIsaOtz7}L{!JX5{Np> zj|8Xmp}5xd#oiL#;x#s3x=ZL%S4G@#JhMSr1~qxPKsMR%Yx&nnKz#u)F7+8dEeUR) zB}i2u5dK8!C`zV>O}Pd8y^Htu*3T45k`Y%~+j_KqMX^*C{i!d6!vB6duNQ2}p!ddr zL`z49X!_HmA$+z>3!7T?i82y(9yXk;>!c1Afz zeQInVraOE15zwa$T5WNH)P|&1E5#8N6&KEXP`@K30fXaU1WTv>yHkEHfPUD%_Fcn& zXzIk%+4lPC-LT+c%8R`)j`m7(;o<}+`Vu{o3BM#+Yq1QN1OJz94eRM_Q5-J%O0ci5 z5g|ihq&k}iF^We9;b%g;WJfrxX(i>2f!%GP~@)kU?U^P42%>-t? z1i+6Xo3YUEj^Ehfxb3-2(z8uG^j3Yve;5-b&YA7vjSC)2BFXOk=FPg|6Ak?)M$*N= zc$Ha3tUC3a@#kc3XI-rBaWD~+79SL$iB#!HKalR<1m%q@G?pC zb)@P*eofHL#l_N&prb`&9wsCt`tTVznFz+?Mprrl<@@R|UkZ?g%|h_B8Ls)Knt6PDd^+z- zFtSaRB$nk;*>b-NP4}_UYJ_6uZPfqGY;L6W&oP1Oc%NT)6;b00AVk|y$`^jTnx#n2 zQ2u>L1e(Co+{P^t$$;Olo>qE-&7b5tE0kKWHz zU`YI=-nowRw-({o>#9qlSF(WQ!gV8jsFHENepwtK@H`eN^3vY6tMlZr!qRSiQ0TTI z(^_a|GxEeMM+^!H5y>Og`%LizJK7h#0kh9GjL^dGFRh55MzAsQ|EUnmn$c7ahQGq| z#JZ7+_NNctT5U_hyg9#*!nTc%o=A?_2*})y{OIYLRsO zMM~)E8CuZKUo4HgeBnTZ%%fUp%2K>SuMKQSidABK!|v3FF(!?e>PvVpJ4Y12_A0}bsZVc z4-a8J4h~^eYxBU)y#vd3;-^J{v0`+JJ92$#x^D$+BBOwAD4t1ZnZfVl_@A;ls@INpE)e zc)Y6($)P_W{xKu*?u}g8whVID5KYpLC(Od z`F1Zmp}tQuN<~)%0BoVo*WURI;V1S}ow;&wDO7DpiDFqzPJ!+?85qcdK~T)o(kSSI z+@cj)4dYvRwO?ZOvxNen4@CsKLx84*?sA=evP-Q7>ww^#)AH3TZzurP$(@I}{M#Gy zMRmnM6(q7H8wkfd$6{(!rHHcy5NW!2rSGq8o-qb7icN2?XX#tpS3aHjPaOHN%v#H1 zrCwz1e?DmELno>gDfQh{nylYa5p4Xb`$306uuPZmA{aruJoo#QiER>l$oO)bx=UYL zqsxhiHxvH#IT9;ilu{vsc6lXdzQ#;JM%-PAH2WJ|9ytnEme;8J`KgG^g#M?0lT#wJ86u@YLYfqW7}zL+qTulw$q@o?XihuUro`0R0|*o8O1Rc^9+2* z1h%=FeBng#^rt`qMZ)a{)HH=jnT2z8a8_B z=OX#eZ9Djjz*WXKj8F+)kYZ#R@!fzQOZr ztLo3Gi~SjVh>g~-uFwALmKTT}2>3+yEaH+z~9NB;1MwlelWK+{|3SSFVOFQMd0vf@v4_Q$8E zq0|sStNen}ye0vwr4GO&TwdQl---(Up$QH#PZ79K+2MdF(hfN46Z zbkF&BX%t5R_x|dAJWC^i6_8Y$FK$U<)u;MlV}=#=B4GagNgje>#j|23qp2PP*VEnI zoNa`CFG&QoHhs0(0n*UWoNpnCkW`(+Ucd%7-Govq(I3bVv6wGYQ3zuDqWp6pK|zuL z$nY#+S1wLU`Yd~+G2rqgL?1kek!hs8d~2T?=9 z<4oiihd2wxUMG4mMC~K#7MP0hx=)xyEF(3@kOTzCs%VJ|W$d_jpAJ}*M`HWQhdxyD z%IEO$3Tt%)O>cj+B1MNVrs`o^WA*%ZFkCSlnDJSgr~x8}G^juhqEH4w?KuPmp_ zX-wIY{n2sbQ{>|MGyPGMB99H#%`iY~Y>!;IG;P@q7ud-lflZCBDFY&A2#+eCTzgzW zT5Pb$lWya4asDEbvktrUhj8G~@f3bqJt8!j^vKAb21eG1q&@Pt9uG2Z`BB`2me`uy z!E+Mg-|eAvE~P2PfV_ZW4V@;zb;PE1IG{U}QVffQ1NnWE=nuXgJ4x9*&pP>O3V0>| z>WP2`xaUwbQ2NLeX~5qoJUFd+-_3T`j6&&zU!B=~m0(LmvVoqZp*&X)u7#h%=IDLe zxj1f__T>mtx|`F41ot+3p-;L=G9WO3!Z5G^_N^Y(KDC3LL4-K4;$;6gTC#$<^c#zG zZi^;ivLZZwwXA=0n4(GF@loLFch{H!KI(_K@^<X@hXwew4?UejXD$Mt{ z7b<`=C3(I}(W91Ce;^ekiOI;2HVaJK=?9G2`t!JW8bC%FO<)LDug6l7MyqlETlFy% zHjPmF@{{?;qt>`9^Zbt9cT;heTCE}(yzUKfJR!JIYhWs*ZFalJj?=ijzlRyMHldSf zW;E!9Iw6|_(FN**6Ed1WXVFg$#fAKrH<1t=38q5^Zg-xH!4-4hb0CSoRCO%38vU59 z34~__eheWuwr0Jxh0g9YXdw755W<(zRh2g@C6-rBKrr^S9;7Ad-Oy zB`}!)$9joiD2{$Emy>0bxnBc-IT$-%Ewd|9J2C=tv^$!jR_T*`vPFC)3jniWtWynz zDfx}L80v|lpD~JhtPMoInQC0j;%hm6i`Q+iB<#c~UJsf@qNJkg>xD*~1y1O(sQJlI zOy2h2y~~j*FUHe3mFnbA!b?i1&4Dysm$?0oaZUJ*i}w~=!c6R+{I$&1i;Ts8&Ia!- zejc2kqW}YS2xKsr3kCY429(Rg(agXgPYa)D`PgVSZ^kMLK5oTbo_Fdc4Qpnq9LM?I4;`zs{rZ%~hiXVI9A zNUEfit&VkMm(y{DE0j(@>{^4cT#PEYiPlCe?gF~ zt;gB3P=4r75gS*DHkkZwYt*K6I@$tsBA$D7dN`y!G=234SxQVsvdsOi&P?>{L-+j!H(UGiSmpK;1&KK z0oA>H2cTAqTNf}hyCL4_=_GXS@0rH>c%%+0{>)lSmdRf?p)jFo08}yk?(a+fGEtZ< z8TJ^yZ*Mj|)DlLqeS9AqPpek2?m9EXp<=wAFlQSqw4N633#*SF@EZSo8xV}ApwRHi z`Ay>RfeZgp;G^@ z2{FeTPlD6cdaz^mGn=2KnmJ$8Y)2l1pX8h(UMkTzBP`ASeTt5ufJmJy)oyXDP8eK& zU%BY&o9P(qxS51Z-~O4uNTXR_Qk!9bFJw>M8)`P5Sz}DPC9sCXXu1R*A~8QDcnrYx zE%8?hSQMnupgLtZ>;?yc4HB)!*d)!~>(dRhEG-wHl1!R65&Z}u3IQpJT&dG_&PtYU zwNM#H7+wJ75Lgc6!+Zoncx-v!K_B>HnYGk7SXWFT%QPEGG4m!Qw>E=`H7r(&qRKy? zF#U6#b*VrOeC)bu_bXB5(H6z9C{Ab5ffWQD2nucWi?l$gNuS2vZ1;3^HRDXr-J@LA zvfdvAED0rE@9)^s{{15uFS+C3FD0MWd0RE5l4)r=l3lO1MMv!CtMooN1X>HK_V)Gt zwO)>tt{f@CvrmHE5mcYdibBt}D3==(Sc&^g#3=PO2)~{aVo}U@xcCo*CzP_i3YT9DSHkmub+68X$GiSOp`Hq)8R=+MKu~l~$b2KHa41Pq!wwdlZ8-68 zI_RC*=IUp2HyhriQ38YKFZos=hK#5ftjn#YZ71cY{2H6tF9B?H;PU*A|MsOVOQlwM zU2y0)TL*w{uiEhsLiY<3Is*q8kiq8qle39Uz#sd_TtBj`?kj}DK};-6Dz_U^Eb=7< zo@?IqRS>?xl00$xF?gND!40i|WrSc1;GZLHs8Q*cnN<#>>mu7~G)0Obm!4ystx*Na zDXBJvX;uHd*235na;Kb}6zWgJ7lVoU9MSGWsMLqEh}hKJ@p5rWXotkrZqK)2zNAYM z0aUT(HZSTi$(5IfnZZ=pkQBDV9lN0C$T^$|;xYAHr$peGF`9E#YX6ov;`=id0q%1i zaL@hqKxf2*)aD#6lncl4fcTwcWf?fPjlNk{H;3LQtQZFUZfnv%in-|fDEMY5RyyZ3 zU9GXFd4}v_jkRqU-Aj*lDH{jKng7=EW>?YmIHelBQf;5^3jz6a^da#}o&hIaRaYBL zsIIq5`lq+b#SbV9#iz%%b$vd}`66sGtCi$C1+8VM)XUgt@h*!dNs>P_q{yG*5F!q=)RA!ZPouHw?As~=7f;|GJ+98|S zkKUYda-KjBX~d>fYGMPN!RiVHLC>zA;@V+;;AGMO^&60$2%DuFYyG>_@2W$U;AOop zw=KkvPAy@q%MadH-0A@9eUk-S>8u3+kaT8ktOAaOnAZKRqJ>0*!DUVC6ZKkamvGnz zEkMl>hS2*R0@|EOa8^JMDg6TlR4P7-rf{C~(ey{Q`#%Uhy{|dGwNaN-bvx;kuhn!77V!eH++i?nb z`@UxtH@a7tq8Hk5GT%cW7(D$;i3-i`nBJ~i>IRralYbMcingDKKwWc8VP_2Q!zn=i zVN&<$`|N>Dr6$)U7DTU*o9mm5f+V5)xJIp%Hs0Zl&@&_46#%SZs@?Cke*P-g;gf`N zm}dj|yMUySe(@{Ip$pD-hRoKHTj2Exd;`i?to=cHvQ((!C~nv7zykoP|B;YX%vP{Z-aBm#tWxj7id-V~s}n=w+BP?$_tLY)9$_wqu4I zoHOX2bQ3+n8s>)I{KFnDF9R2*SEuhiV<+#`gvXy(l(FL|)ER|2NbwVGStwEnlB?z+ z=Bx7GjlzG^v2?j(3y}>Ar-jRsh-4~Bxb9>xWb54Z1ib|MlfcjqWcwGqyaxl`96?LV z+Fwt>SY=4Sb`@#m8CFclUY#=+=Dtdkhp1AU50;L*1IiYLg2H_b#O#Ko-6G;fJD&9A zE32*1gswR^6AK4v|J*U3fz{_ernkN(lQHWV3LJCVE<3Qt-G>ouxBTllIj*>LYDD{`)OQ+DyC@EG%(5lKb5J2XGUSB1acmVSVT%n9g@_+l`bCV%k${h@VYSPTzW^ME$ONWGXh$q6S0awg{^{D}SK4NS{lPdPjgGSA zQZ419gfVkG`(QX8YKc}cio2($kfEVrsAC7D^Ee)(J{abL1ImI`jEj2}=)CRXui(h2 zvFmudlm5#g$@lS;tE;P8S){v<=CMSq=zBo&RG5L6MhM_i64u?~8SeepXAAgBfbBj^ zKk}JBRO%?ysnQkqq@<@Kw7H&Btn}r6rOS)Y$sQ7eLWKQcjFDQiUQVzmFHQYjFvPRD zENW*mPuTKLx(VQ)_f|Sk6g5trK%)8O6uo>Ovw$5>3j`KVHA>wyi;bmE=8GbZc@`kB zK;b`v%myCHO!vPDlAZ8YLT|O%hk*6LDV6h6&m$8iF?7A6=NDKE-P_An_;@{uWcKv* z$oUNLAGRDQCx8?oSE8!F(99cam7;RuHjI>e);*-S4MhLNyA-|o{u;AdTW(b<-0gIQ_dbsigqL?Oai|zLbkgnEha-j z7Cet4Dqp$IJ@V<&=K=a6q^ic~<64jnR?-G{+mGg>= z0z>Y5_xmZ?URgT1xa+g?J=+gXFI2z;EZ%9ixGV&LsFAl`kO_3s4r0mWDDM2NDc)+Xi}o-3 zCaF&ze%&{fz*+aNw%j5kJsyea0HwEeZ^M}5y$~7k54xhuPu~Qm;S0k`?G{>Gn^zky zXqaZ-JBU$q3cz3EYffs-WEnXT?jH5l;uyY1Wc1TcM^A3`;=h<%b4mPBv{Ip8&vl;M zq|E*HN>vzDjJ5Gt%~1=vRn~xG!r}XA9Yyh{KMG87qN36O6&J~BzI>{*@ryWBF$y6U znCV#_LbM-Xv`IE?PK{oQybK!uQg}svpLOOgLTIFVywk=Oo=a|PDoMYkd|)X!&;dAz zdVvTAy16;<{2jVwQwKr_iOR`J8!h!}`#fhV3G{2gXxA$P``w)HZ5KmuU$zbVIHFuN z(F<2MqXJ5B;K6BMVnS9PjZpb2yZ93_+jpE|ya&)x5>-^@3ec5u(b8nDO0!y; zW4UmU5RyT@jEosV)t4{8!~={h-KQRndZ;<68sq}g;7A{nlQv^fAAxqvc+TYxm0bIa z3Wm14D~5Y z>fnB6Sny~MUBDG8f@0WN$Q2;N?+#t=Cdl_rk=Lhcyq+02AVWCI6D~vsRkY%QQ-D9d z*gb`r;Cu)(CW8F!gNQX}?R3&_lKOIHFCo=l@vA^3AZSu(A$c zZmlzr^m@8~d!Z7!zpmQ2fWRtkfa>a&xbn|{jfJD2e}>EC6f}FRKdT4Cg)3xpMxTj1 zc-z?^H&nRo9Y|re#FI4WKhkT22!eQr@dyYCo`(R9BJkHjc}ya_pM$Lu^i>XX^CoD@PRY1A+Eh%10TYNt-1RSAx!r0%hvW~s$5#k7TAM`q_ zy{})e(Z*A3{SUz2iqevJJXZ5$Qx*y{4iY#1EJu04Ic7lbnq_4y>;O~%AMhbRz`X?_ z3jHMEy8(82d)*LQM>6$i%nD~KlZ0=n#er{$4{)iJc1aOX`#j$F7UdXOLWHgio&H8~k-HN^MbRUrYVf0=(_K&7r62!4W ztkCQtaHN*0RcZ18?!_TScHrO|k$}VH>4KVO#^^OvK-TgD3Q)@|Li#(UIS*s$$< ztyL0(Rzb!{zzb+qfL-4L6ogKzGbtLaK28}F+8EGLfJ=TTsWqD*dVD&_`87uSfNfa- zz+t(g^z#D7wWrW{0p!&r>9AtYs3pMkahXMG`nMZpGfyzLkYpl zxo3o59r+XaF?vL(ndCc;)OXPFoTwpdQf_CE2)a&W7L8V8`C6(mVu@favtaqW57nnn znv6B{EX(5Pu;C;v(5AsfaFkYTe<~|%C9ix&5MX@iDPr$jk7waWV-?k7%=oXo`x=*$ z^aHq30C%0gb*@!XsS5Z;hZ0m>1_Sy7`{%ev02Qz`7e_7&J@5gKIha`l4n8>oKAwq7 ze^X#>BPg)56P1{l!AMFC_M)HyDo(^T1yCIJh!gvW5Pgcby2Z9JgO3jp3PDU*E?#Ye ztuvbl1wcPNyft=WT+XL(Km-<}_3`jY)N@-fAFM<+3HhtGek3~9`{}i||HI)2{ztG_ zWx-E^gCU4G`s1rDm*oX*chzbv@LzuEC9}?)3ymbx{;O?4> zol{bM_g_bLm1UApkzQTp%~c!$uXda&*8H5l=l7%h`q3eIwqygVH(X_!702%?lJZbf zNw84pLR(SsD{a2+SC7?eA;2jU>e_%=0;2g%qIqA^~ijd&U0 z3;L$Lp!~{eV1}96>A>J0M`aLXzY)2pnLYqR*WY{+Lf#i=#tXsh#@kV?BlTh!L3xlg zd2PUd2nI%t;Cf}JcZCcPq1v-rV~m@(U@TY&by(;Mupan6f$+C|`GW0j%|XQm-JbIX zDD#h0S{(P#4&HpOpK@%wEsGt#4AhBgrtRqb^V$`RdN|)u2JFd!TxfT|1686_jG}K^ z`Z-ue@R83RFmwIgehUObuml2O_tTObF+f6X=&m=j@2k7J5J#QCWNW$i&E3Mc(nIAi zVx(rVfd=s(`T^-|f$2-q$B2W5l%vj}EhWWV@wgkEx$=QTYKc$jpWJ z->9@j6T+)Egdk-T6M$tfsexMb4Ia@{Ca3b{?H-_k`TxXx6dX#R`cSUZG=9B4>1sWj ztAfNnp2Cn*f%nTuyNpw4v|U@UTu}jvMNA3QPX6af0?o3~MqHAH+UN#*_agxPK*hl^ zTRc5oste@`4-5-~ZD%$Nb~N{tro8QrE;;Z&>OsT*b|3_g&`-NJQ!Gm!1>FCI8P%XJ z?vKb*+|i?U+U|V;Yb79?k?_fL-1#KyFC~Xg3o(;L>g($}sZx%2BH0rNoh4Mw=)A~y zq>j;X)!d45mCE6eubkU-rXEeii*N?L#fSb-e=*t9xO|R#Q3Du!!r%=nH1~Cl%r-Y5 zkY4-wOnxUV;NNA-k@^6%0g&BSDt;V_2nr!=Q96pc#T*E41!Rw z+_1qjHl%GvJz=IVZCjne9V?o8I$2qEB@V9kXP*r`Zn1zCHhkAQV_i2fJyRP@YFxN6 zE~FV7IbO51RUW7o@H1k=HSq7li#K6W%FMGnZfV?2oa^bBX!WwZDNN)oahvW^i4|5q zlYiYwh>()kOobWGPP-VxQB5bYSPU?b5TrNYr%QHBwO!rbhv*7-qSF>-@AfBIH3o&V zEyu33QxgVsMEjwWx81(e^RN_YWu?Gq5Eh+(Pyl-jcO(e}FGa?%`+EXrb zjh-NSg)+qtwNJo1sa|oOfco*5tc*z7V-T#xZpygj{S}`=tB`QRXL_T5KB(QO;1m+n zx~n`ER{#Jj7bsGftD8N4yGSiKj9F&OTwye>CpztVxb*L%J0*6>+TdB^lbn+B2$<9Y z*!CuamO9dLpL=*a7G|cV-fOP+!`!A~H{wccNXqP?{fxu--8F?f&R@Kx7Vu6wI zQcd-*i~FzgG8gqpE{zATA3h&09N;NSBx!@&COG4rbCmg=_v+JO|%Q!kdIqQA{B^o41=smUw5HDxGYWwfvNw~|S z-3lJf)lq4;y2nkA=0_}Sr1QU#G_c%o3mtEwshI|bi0?w>!WfuRsR#C*0y-|9<_{5F zFT{UONwW%Nv*&QK%RI$Pjmj<0sQH4YxpRjAzM$Ic1iiv?>>7|iRr^C8EjmS#kPoK& z$ss(23FR1Ue1vfxKpR314<*Bwx0THtQ&ysSuWN2mQ^Vo|*N$d(&4ShQZR!6GnFHyt?El?J!%vlW7~`FOR1;<6wN zMS??bEpsb1L|uRcH!xr7VwK8d6#C7$NwhfOC=f~?2&-{*5raM?2$K626R+Qh8J^3c z@3%GBAY*JPNEN%+tMNb=z?Q9as4nP&U3hyYwT40_9JNGiY`N2mWW6_>q*S)ej6*Vc z^Q#zaNT(#wnDj7nE!RN!@peX@4kbA}$TNQMcc4aOtbd;3PXFcl%LQbzBJ@Ov>nFm) znyUHj?1K^#51Hx!ax+LORN75Yok;|CG)l_Kzs1{^lcbZX#uqLk_ZKT>9x-!mZgwTK zfyrgcl}L|##SL)5KHBXoRaEO^s^tnjjsVw=p$FJSBTI_j_1}cUaV4Q4JrZ)*=SEt# zjsuy{c^%zGBl}}VCYIb^q2aq%w%2Zg;W1`Q*+ybO$7%)N}7}`|2#uYy+NkCc?A&H z0xE**z+oaM&quUJ+BlX0aJ{tclu} z6sv*veM*zG&1FxmuUBp+@Di$!s-ykG0d$m+gUWMZ_#AiEU|RSwA$@RIrjx9 za;Vkz95`NaqP8R|^vn|1WSb4l_qRiK$l9JEg?X()0G(J<<4!mT@C5}A5J4`s+E#uU zO|W^!ybL>^h=%0(N)XrX!J8-D6+`WQ zCC+LmUKM7Ww-x{*JDl|@cRwd!|lE~<|V;N6$oZ1z6uZ&{O(yNH^8K_UP| z6-kkvttc>;Mgs4^u1lc7at@5JUMh(e-YuAAlV%H-&262BF`)*Y@RG~rIB|WVpmyiv zL^}IeGmZ&@-!d?o6AcZ`Qe~-iRNT0==frwy`;Q!+8O~P8K)eT>h?rO}Y#^AyZwV)g zJ{)>&|B0^0-s>L4wzf9Ncm|Ho0G#9Uh$`p%9YYP6>9_Rn8(_{7PQmRzfkRwqN5PCe zo?xTX=^~S`4qb@n-ElygS9mh-e<3n#8VG^~?K73#0L@4yGbIvV--JoA`iS{YwJKeO z4$r&D5H4}~AGs|6g)Sa~y-K$O0VGmwky5Ec*SzWV2Dsb-Q5#HVOmt&;7(lSdk#P^d z*y4M<6h?&WE6Cv7L+z94PDJkt=DRyKZcWR1NBp* z_Sa4;nxP-)*~OeXFft4YFWweC2tN)phzv{A-qBRbf(nDS{q=fe^XTa460;SOLW^iW6KX)u|DNRY@N0z7je9Xi#m&pzJBU67UXqT4se+C5)%3=Cl=lVUCT zc0FPNig?9HD73ncFK6XVKEKi)I3X{<9n>XSoocc5RGvt`PAszcwW+HhtzGddg+>=nVBDCJUi+qNwb3fAb4+fhm zevfCfgLhp8Fev7W*BVFcC5zWXYWh8q3lcW7iI9O({uyoBFbP6rkoVnj8-1@wRYId0 z%R#}K8)7C{Wlfl#LQ^n<1MW*rUOre3iG=w-H|wcMJh8?uo*`=qMSN z=ShIYKJ{$2`|tUpJBJsd_aJFQIY38R5ka^<5P9`|=Az4+)aC@x;|Q+-_s3AKd4zSo zkV1H>@)eVLzD`ujsUu3bsB);TQGCRQcnsz;t2Wg2VjJ$VV~bRAkE>Lln-8Fa2S4yXsA7S`o?JSVjHCNO>4YW_M&PXA*6((R{P!<8l6&Qgo~!B2O?_ON^(3X= zeSMIOCr@pLzRDW)_N1Ew8iBj0KnTVht2nZz=(ZAt8T*&nx6jJu66d7=;C+{Ukp$RL z17>-vg~k$D0S?n|#g$utCEMUD$&bKz6mRjy{Q>|~o0PXQk3ysbX;BlE<^;CVqFLh9 zBcS$KLm~hIT7Q)LqWh#OEe21xHWpYjY4VMC{{&D*jJB&B*V>7lai`EjQ9CCv-QB0B)DqfPAtaB$$li2&sqN80$lCL z6qzH%(Ki9TjCybj6y=G(xv-3;qqt|1$Fl^O2OA}d@039kfLrK$LpuYy{CmZWRHY@5 z{Nxy3Zt^ieyGYBik01z)&7PZEc9eb6d7((O+ThMvNtjlhV-X$oyGE%=q2$Ut?y>QT zwa!;@W8vbOy`+j+OiN%pyb@BRYmXac+`Up9O9|-$;JsLFxHJRad01_E;j&L}vN2mA z?%l3>9RLs|-!H2br;u57QO^5Uw4`rmWTV?r!6c@X=R8p$#?;t7qJiKYFUv_Yvc;8+ zQ&g7vk&`WG;C=+x@bS*yKcA9$7LQPy!>d~Ydi(n$Y=|h{@+b;|Vp4kdL;4Vv;Gb81S7evC3S1&0Kx7LzYu5^Ldo_r^I(yNelTUPtPZzjLNDAu$vZ? zxG&T`s+CJ9;VHi=2)InN8XZ~O&l^0j+h(0K?)kC_&l5EDpAaGZ1ISIe3Dr*C5D?;X zb%VNsP0zy8eQS(tKg)0{pr*ZfL20N><2xgN~qcOm36NRIx5V=Ui~aD_9iS9 zl_hKXVw)o;_r+?1igTqZ5f=S!f7K>o$R6nP_8Yk+i_z3gtd-nQT{`Km$*ice$DQbr zW;_u0?av<=TFPC80l3p_MIZvV)0(4N31P7RjQV4QC=iQ^r%@_$R!7t+d4GW=#zcO^ zbLIwuN|!;y2On|uhi89j5qeIFmbIPMMrf?WE!}yZ93P7WVL&b2v#PnGv_=tfvzsSX zB+H{jqdGH{(3cY?>`a)uEgFQCgFrGkzLuza*4Bb&^%KVL){*4+Hc(m8MFC`;mVs)1 zdtda1`eU`$#7s;ISKZ!0(^YyW^o_-SJ7dl>-J3xDw^Y1ar=v}&teGkhmo`JrEw5Uz zcvvN`KxT{^FKn;?Al5NF*MsEK9pW(pvJHDDX9XXEblkaS7ML#(zsY-awli>mPV_b` z8OvtVzUH8#gw>&IZzU?p#r4H-;?0m7c z%$vfq!5OTu(BwLa#h3a(=L#RMQ~18qya@4ffY>$E`yfny1q_jnFeVwXl|%za+X^ho z+Ex%U0g0&5sz1Wp%8GsHxnTqX+3)gF2Qq1)7xWwx8&UKo8XCFCYrpmz!Hdv7P}_GW zq4uRyd}S9rCb>++NM~~ zJq6@3x15XfkzgyZ%$K29$G-R}jdc;l?rA$li)VCu`x_p|Pm?Kq?%s)^3fb~nD|vjd ztwp7xR6h>bm$kMAS2l(3FlSQ>6RA2>HWlXm9)wp9hOI-1Nos>Xigl>e)?dqIcwVii zHri|&qL`~Jd~B@*BCG+bqh))21la#SWHU>C6UeN8%F2~aQ#jyH1K=l#EH_bQataZm*_wc`@vT`h2`b6 z1r9(C{oB2iHl9k+{}D2%KmviIZ69!0QD6g%g(+cgm#|Z!jcK+`8xCQo^-3e18yObF zV{`aShQY5(-s4>ro2Y^~73VDrx??UaW48eCc2+mZBLf-(!FXD49+H+~jMH2pe9d)* zuFTI#V$;I4sl8oWEFJ7q#Tp9#t393_ANg3ns+JZ$M|Y@iG`F|=J`T%RfAdU3+>rMD zveSgKYy&LgdHFBE$1hJ%*wfL#8V9FY9)_N&6%5=Ffij+Jn zWOK`2BKzs20#DSAhVF#S%=<;Rt(hl5();K!!lY-l2|@+*2znomqtYQNk+aZf$@KbD zWpeMuFc>kh%8>E35=B`L(F{o6J~7@+1)XjWP4H*Yv*>}!XtUotgZrX%T_cEJQp>`L z-47Q`E+D%yuM8*BkM$>(WCD?`t%MrD2PQwhET>1Ue3X;&m9BEk(XJVA1?|3m@uRws z^^?-|+xqaW!$ik1u704faL<+L<~R9xvO&S?JM}C(+jmKwv!Z&J1dO{^F|sXFoTK9m zEo3ek5$%TR0|OX; z8k`b^Nloa2e4duLs4u?J3}ib-owmF?T#s(pB_xgPH#S@7T=JVX1sOkpqHBz18Ge1T z71Z5;3_YcOZp)?A5`W}usc<;Hv3)hzs1D#=_qmbuIC&>ZiaIH4RH3tZ%gr+~>5|k- z;=Si)-`SwEz+aa#6o2k$PBI9GvEh8){jwKpL|@OpVm9X8|4N`?xX!|6Q?bl`^ZB#a z;=*t6Pq{zd+717YO0%pfP;g0|xEKrna#-kAu_1zMk{COO>yO>v4KD z(4OG0fI$8hB`$BMMFgU#592M_fk1(WofLEcWL@DNYjdMD#*fg1Vo3uF_9j-K0 zfebGI*u;#99ot!M(1&$PU&A7pl1Tx0K{(**3qgG@kyNY|H$`_fY@j|=fb~y z=z%33H7rZ}T8OCR_ZFcySZQkDZN(0WWqACY@MWi1H_dZQ~yP_I9)!#4n zH|95&#`1DnrYSc7{+6Y?CnyVX0s2S@=K|#;EA^LsN=nLnzZ=O_2-rgNKfTYteS^+V z4tn)QbBOCT%e^fuejQq|Xl2m2}KNvJaI1Kk!ah^YvjV|lI@x`zL3yfu~slmMNBtBMHvcwiDY#a!*8)3Zawrj1QM zJ{DlFfUoX;f#7!ms_mr49n*z|uNlO8&Q+A%AOJ1|VT^6X!R$;4d;;)Ng9cS0D_G#z z2%D>ZR>wJ9Alf_2>4mi?%eGOY#S-4#{g;g~$&FS8(%L=ex7*|02$@(&Wanyw zHOF67D~5JHO~kg?C6%#6rh%N;P6+{O>l}Qh|#h{#3XNc%}6zEK4 z>7$RH7a(lSRfGIsz6sqy=5gUG{4=FR%Il(2__QJhFN40*&L+5uT&`XDc0PM04QC^z z?)>GBIIiv>RZdDz9+t?l^_1o9%l_+l;!{p1%?S1wHtzs3GFz=qRlxM3I@QV@5lP20 zQZnJ#jUY~w-P!TsMjKElJdSP-o^v|W8}7M0g`ZoAEdz%RWg+XzHChysX&(hjzgE?O zGg>y5H@)0Xot}71ksx8|c%_$N-m%8;%J@fQ*Xra5-rs$--p!sidl}6KH=VI;TZi1s zEf}wB!uq7&)9Z0Dm@I20bD65L-`Iaz)i@w4i}vfZG0XX6ec)C5hQ-6FVQCr#EY8w<)dZ)eN&mb*R^Cq<#Yf-PWj4NmRnk63vFEQN*<#9OWV+iKZa&fGNjWq;+s!AQ8mTz7HR`OC%hT)LGGa!Kw5IcxLWWSrMxxAG9UuqHFg zFp2+vv<4Mu92cujCdEufyTfIb@qkIFq3Dlq z-AS7#CAGYa@)ZbT3s53wU-u$1493V_CU3mIJ#ePgyq%qkH?1$5s*&)VFB(xMfFZ(W z95}_E#R{VgQFr&k4-gao#2+U6&p#geOKwisiO{*vJ@BP}S%3J+wP`qD-Am{)t9Z{+ zZv#zbZjsYBHW!)mJixzOE6tDu(4M*q=a}i;rqw#hK6YzV-F8;U27L(@%Co_`*=sV5 zbD!*ndQLMfT0!1;@6E6}^!+@CH5gcf#bxyV&4x$B`WAbQ$zZ@&aST8pr9 zjPT2JzeqE*i10n_Cj2hXJiRdVm4Cf&>O#i+{)q~5WJeCJI(C36<(G?YKz#f+v%Go@ zWzTAj+*P6s`tNHFDOdN&t6gH5RyL?1yX>6f9Re+!18t`ssU3TrZl2b10#%qfc4`sC ztj=b2>b?i{O3`8kc%s$PE9%(j5fReH#cL?FO|-1y7?Kb^&&XIEXZ%N)dUE1kM2|2B zM9xJU5g%`jE~{(qlWpmbEAYWFr;lPo|KlM&qhoZ~7V+5IOW6zix<=vmva;dGmkCTZ zBXmuxWa0$A?(@&{42Yopg)VH6P;uj0vKo$J7k_%$#O65&`(}V+a!cuA-v|EH z;~Nb?7kJFR+!jy;G_?KT*m5jtn1&~~5YM9e$nN&DapKGVtU!p7bzJ~3p{d%k=%r_{ zT71j6b0~+ez6>IMV^nx~-fME$>4z?LDuJ)IKge=}DJ{^up5COe{*P#A;Hjm<;dnkQ zFkz^}1syzWFv#;++Dzuk0r&itU0#CUZ)yG$FWTCC=q$=#>s?Pot&9qQ&HJ^ zQr<~W#HZGef#$W(yfdQg3jOILC!9}~>WZ~}|6rx5%4;zk-pJxF)nN&;Pot1Y{}4Q= z^-A7nnuOw<%%N=czwgWe(Ox<+4c-DuM!F3qetEg~=Y_El&APT==fhZ1!BE4IZ0Bi7 zW(s}YEa6F69ElwJ?H__=E{E4Zm{@Wb|8vQz&%@gFqfrbrN_oQ2F6(9M8z0w2`;8{( z)na5}1;~oUHTP`w?*OI(g)HX~553Kj-M*K=-J7x=^EXp^bBC9+rV)%7{_KQ>jLMmg z!~BR-D|-BiiCs>I)ph}g8;#w+AF?B8xXRe|5M?M-IQnjgi%ruf^@2M74_qr3qIc(~ z`%jNt`f~sAYoOvBu6MMpve=~am{o3GHw+~JeLDTsDEsnES7rfP~8^VEb|vv!^$~OJ$Y{eGPhf zuv5YZMZS71=ulO4ym@9osa?WU1@ODnWWn660ik{EyQ=)IEPgng7q2&ae^PW2Ftr7_ z$Bhk)iZ)2snjH!No&m+A_k#q2Eowyk;n-}~@B_U%)VPt!eT?AR4mBbGD$5)x*fA65I~cEp}yoq}#qh?&>SpO%A+9GZ8Q zoU0rQh&VIu=D=vT?@!kJgGKyq^w0NALCQ5IEWpciRG6~ACmM2RcldR~yRQ9m<9(QB z|6+XU&8yDM@z(8lZb6%zA+1Z$=O$xgboizi=%0Y~<9+CQ{=jZ7H(lwh4Cy+~?!Zf+ zbFmua`pF*_UEe*d7p}<%OJFi4=3j?#ZZ;iGEQfkGFLT(pYFk3)Pppy}Mf}f&j==v~ z@;H932EwDm*Ka>8JVO^0zh8ZL`mL=(O@PwmN$^Zb1iJoh5Jvb(?|C}Kn&0MXFMl`S zczd0A!!^VErWbJ!xSlrY`FlL9xlw+M`h>H#U*l`BzZvu)dFT_|pC442B+ue++IA}s zCkv(YO+YItaM$K?f?d*%J@4cLJV%3SUC$~lcjElTh1A@{!E_G`A%E(l^KQsU7tCX zdv?Gx?J=q?x|e2_9S7(^sIaZ3I$>xhbCCy9zaSlRE--}bSyNgVNQkArCAH|Bg&w#qyC&g#%G73u^nl2RrG9u?*-vtOm6E<@O|O$IHA{Qa5TAO zI&Da)l2fSTyx=4O-F_Vi*l=j>Pvqn%YMJb_fZ$EzD&N*_zLUo!2K0B*HTCQx zTnIK6#Bhp<#Sjtx32(}Z1yKUPde7ovs# z`vl)hxr)+cmw{DvOjVX^I!H^AJ?Lxw-AM)ctIUCq;7E=y;gwI%yjYcBUnOY$K?Jht z(5tIB+k3h*X70enirr@{3;5u&qo#H0nOgA&L|@T;rycj3_qtf)DXCgz&6U4oAT@Eo zWexdXzfZk{{@gQ}Mva{9l35pEnO1~GAf03m$S9UebDY7%7>h^#UoXKRRlxJJ=hNd( zj3^GepMGa#i}#b`)R#{->+KrsHp>(Z4Gs5F=g)gGI_~9aY*P#xo-sb7HNHT!Fxmsa zZ5Ey^2cR^%NyiEDd~tw7e-L0!oyk5lSuYt@O|KV-e^|0@J2TFGg6xdevx6nD7YKX( zrWq!%HcWCGVd05Y{dF`YN;RFqu(XcP?G{lJH0qR}1OJ?>cdvBv1A}Ur1iST;N3U^4 zj$cRjtC|C1ZO6UeJC#v?B>cCK+B0fYgpgf8@n5fZu3_pcrV6ZobCRA*`1M*d4m|ZR z2nusrj+}I=M4U^W(n{3ChfEYgTq*Lc{@09}y9xCdXXhrL;TnJ&;%Tlv%DBB?Is!qLm+~GD0$a?kvvG>+Nb!F-L za3DA&I0Sch4{pKTT|#gV?r?B|yK8WF_k;v@cM{y400F*D_oOpDJ>B>A%>C!9`c>_s z4xG)BSDshayVi2Ywd5O^ch2-QB(TS^#)xu`lX-ADIpjW?9np2PzG>>9|2CNlr8_$E z1-Sl@TzJSTN#jMyEs1DEZC7SZQ*hmTm)fb9=QVP7IAaSyiP6!EBfvb(cOY7^drM)N zWgy;QnLga#9c*P(iJfUY04TF!tmbA@(&To)cOJyw3pkgDc=g{-Fgw2I;ad6bR6Fv4 zk2?B-^!&>Rr8Tk=ZLjl0T2M0tnU0VLw!(d3vh$XN`w zJ_FGt>I$-nGxXr1Ju5rA3+h8Mw{!U*OGDGyW*=~ZL2iD&==q{WyYF(!mM<>1+HDe_Oe zrgQ<>zN8&9ozyLQ$3TYheFDq}IHg70uCwv&C0k6~)c%_8=B~uU^@w-M5XIBq3H@Uu zTbL_^@EZTJ@O#5wO+aC>!ODYJfAa6W@1As_S9hyN zg@50X^M=FK7R!PGHeB0!v<)B_`)lK=g*WeUC4mCcqsKaHI_Tft6_00Q=#t_gS3( zXCi=FF}{7xyeEBdJ8bH-Pvdd5TjlyWnSUbHKPCtogitM2CrZ@zs4CU0qqcpDspAlh zfcuismY4dsU_5|YUb7I@WciOX{xQVgUWHjN=>+ytY_!bi(g2~j^eWZm-i%xX_hDn_ zMd2UgS|^^kSQy5Bp=|XyKbc`D(M^ySoC#e3Hq&f+j!NGiBS3d z*6%7Dl0K*a{D0=n6YzBD)p~*l^>cI8o1VU|&3v`|cdv*~ufJb2J0EH%bK2*Z>b7yc z*GLDhh#LoFF>F^6_AmIR2szC26+xrXHX8wp`ITrmHW?0wRW%sq<0U?Gz(#iS0F3-a z+Yiqa0gdY(NBfyJl?MZ-J?8mMzW&IP-#X2Th2^=NeNzn_7gZYB46F_e^Ik2MHc0vX zq}soJLaX+Hl9?9h1MbGGYOqwtbr==28?5?l{GMw5w;tgnvl_FE2Mqs0DSp$h-lrfU zKj?-&+F`Ce+MSsOo77sF_y5}IPv)cLJTgBIaA!)CDhdmuQf=BfORUCU{9unfB{%?% zaV$eT|BKE~MfGiQAk?>~N)n~hnaOOzl3;$c^G89#6U-_urr!I|2-HFteG5j`ut|ja z(FaHfiLg_MD9vc|-?)cA2mkA*C^c}uAcVdf4*;N`b^v*tUdR*tbG?Jp&=*N~N*hMN zuRF|p)G9=7bohfj0woYIm7~;r)Fgi#?vHnVljA6NP?sOHN!>(AMYH5E-(G2Hy~LY8 zy!EpoLdE!=C-65{pq2ue*e?bNkf)16Ke)z>zM8I_Z#Vf<=6>V-AEYfS9U{<>sk56b zQJZ*1*WHSH$lv-0-F_3q9}Oe*+JK7DX{wpKfHVF2K1A{m1EJlBq&utck9nXKKSI^T zAdAhPlkCSBK(aJhYK8ruoPdhhenjtMKTB2-oWGcIl&HQ41~@ISb42w1^!Nj_!}cgE zZMV|@Vad?Z&`8#{>mxfo2xY)nGWkhn(>7rCnl|F_f8NGVaa&gg*89Pjf$Ld{ii=}_ z`$}wTjt-Yv7D_bnfOLu7@SMp2aNA0~M$n%NJq+Qf8wjWU!SfNl9&bA0V{8DnX4=$@ zr8~__$i6&zb$y!HVadO;VhjoQv*%iMz@*XT=Mer?%RfX7PdF<#_m!^ewGnsH{Jf?H zaCB=at6Hb#YwMeyLBLpHaTx|9Fg0Wg14~yKyxgBUu^|7vSxEBA1?!fOLo4oV?Mgaf)j06q=)QaM^aQh8Te(38T;ox5e^cTN^oKOG= z=I)xH`;FHB7bO0Fg#CYn_4$7ii}e3XD6m?CV`U4mEQ}DR#HG`QFpl`YK!jgFZT-=} zaY7YvL*y2U>$-KQPFubck9z^nL-c=vWxwDcC=CWlpNL}6!B;>#OFZXvCnkzk8!IM| z5gFqP^FGlJ>-nGK@IQ!QMF9l-^)-1$5Gm;D9eEObnxm9BgCsvq)_+YjfdzOZ{p^GA z9WW3pxPq&RZd>U*QUVMU#`w2?a<2Z{2^p#ZESbB=WrNTpl~-0K-DBtI+ZPG1ehrU| zq3JJ5^nYdwmEMTx4Fkj!LG?_W=jBH{h6gwgaocc zq@OSu6dxjl{9*4*O+X>23_A9SA|U`FF~)>EG);u2M=iQi@tG6(x&pE%0m zF`uAU3eyK}k27DP+^mMNbG1ytG6WuLkuM#8B-@nF8z_(o}UyrnUi?ncv>ya)GXHAs-B%{5oWiEaCA7s>Hr*RKzHf zA@>){d(OV7pOF3#jb&v49-6#-L294VD-d0s!nN&dzc4&iS)YIi7vC4C|13|nshvv` z`F*VREvGFjiDLKHiY?)O5x=&$O$&Z?ch2t4Rtl5|_bS`J5zZQgILvTL)V^yQfGw9d zrO3GcmBUfc;Mlm5E1%Q2u9aO+LnzMlMWw+&`|ykQS30MD7K6khzBGmei5UMFY1R|5x(d_?yVPKohK!rGmU%89b{y0V@>B{gI_b)&hTDInqC)N^D7wtND;VF z{KAaL!2J~GGXtSN0=a+*2Ib+PpUFPVdT8gTUGi&}*Y8W`UkoQwF(Lj=7PC~qon>0Y z%D*38!IqCwi~O1oK+ExgA|GGLc3!cUBa+SJ#H{QDs@9CU1)(u2pD6t!wG8q=8ogq< zX%7SzLcW9FG{5|)eV6>(qR4hB_>FGh)lK@vK9lwDx_l&YuNa`a>t8jDWYc8{vBUcx z(bm*RomeK_`WwRUGm^c{oxBr=7;SJIKkNzw=IBZ`i+UV7ZUlC^rv6PB7WvB=uynWQ z2)}|J(EjfS<^Xy|g0FQagOXzq872ks0_a3n?MM?sWR6D&f|oS;T-7 z){lap{+NB%8SJrF{#iPU=x^E6e}ihjFf;uzC`&(#V_Nkf1PdLobC5-tGgyxw}s1ENt$kVuITvx%AbE_P0tWytOy_2r+L`nSH#0Fo*^ zu=vQ^NZ<+@dP}64Y5|7V&9*@=kp2G5j{p4`oj%%%Yg>$DVO_vdDKZdx_LjIZ zVf~+xD~lIWa-qilM)V2bX_0q!-_Xf0d%LP*l)(-3g0)IdP)7euX8rG&{6{(p$U>fj z4=m^3URL(zHr}R8=QiY%+p_?-9lttPh^z~1VGt2f)LYS?XuU)s2$k^?5y7-le|OGr zudQ9$@MZRWetg{a+p4&vRBQ6S1U8+XORK;k8s-nI2WCX<03ot`Ak~|6Iw>-XoV7vX zO3@xwISQM!R&mI8QU^H65!{-hzquKIrgwiF^S?+2;9!leK3%hY)lE(*M2W`U5amDk zR#;ek7Y94HT-GLB(E^-ga(YTa*t2(kX5lzIm`N`Z2ZTORNhJ#-pRp#|q76!jzt}y9lC5%0vaw>-38d z3=9n9Nx3E~JM0*Mv&Kox^uraE?i0t8cjV+~Q_GA(dD3zi0ZFgC(%M&&QbX_OW^N$# zYu1qiHRr2vd5Uzz5C6sn{!Ky6B7rfr z^_`!0D=IIl;dquHucJeuRX-{2n2ySry$qpJSXRaYLdVW)*Y%_DmpKL*P>m5nVB-ne zh={Pyf?(bC3D}N7hYJsmGnO*s>VD7iv#QW6QaBX^7N4%XeIopxp~&!4982F%<}qM0LsThR_*Zg=Z)9gZ(u6UMtVxXj!G% zxr`Nr)hy0ozgSj+nw9+#BKQ|DJr#LWE<5sMv1M3)5`|HfRJ-z{%42-NdsU8SQ;U$LQzp! z>{Q9jz!xJLqmZUD^(NKbUF^Kt*1?ZRj2nwSaLpB3(W2zRB21MM_bp``W<7;C^PM~| z>D;nm7fB8Xi=I)0`Du-;q#pH_<|DX{rQRHMx+)Pvck=v6ln6$4HD{heFiarT|jahBKk3WWCd zbeZD2aH+R%qp?&|m~PQtKH5Gz5`Z?q`BU)VSa7e5cIKm6IXZNmuyl=cI8LC5g~f~i z>qLZu&|~Go6q}>s8|#wk(!>pw5~H2dscQ2JE;DADd#QI)q~nu@;MD$kRP&_IE-rM# zz*rW(rSRae2q4OIJ~1itR+I;;8xzV8+uW9It;gpsvi5%}bNpG!w#G`dI~~(du*S;0 z3Xg7`JBqj>{F|(h)FF&?a$%qIr%i%vI?J# zKbdH9mSpmf7xpGJ%pisw#X57pQq2~P6yqUOd!gJ+*hWS}eSWM;PaF5WjX9J+iD`LR`KVsDr`I;YwM8Q*F9&JL|62>I%i+S*cbL# zspg7yN6u$137T|zQXEoPj8HbW5L81+AvBJu$yp1w-d8ah*t7bGynS0$s!<~`UA|%f z&NP_#j(%gj!C7u+qND|3e`R6uM%)_!cEJA4VE;lU*~g^-RAVkdLVK`h>$R3L;>(!? zG0{)^hf+HR7jnq|d*#DZ$YMf^VZfk`cRfq&9p5O)%dgihwlE+1;$br8H3>l<%r27G zh5Pvn+(#z|QQ0Rxvx^3y4~}9SdasohVcq2?EeRpDNL7dQwEU1vV^5Tq&cX?&J1!3_ zu}6tKqacSO)kcXp#Wt6nkVouO?M@w^ldnKI9W%G)Tf*Awf7-4n6EmK8*W83S3>2L~ zFPAf{;3TFJ44h$3zd%KfsPLesSMZDCkA}Qipgn&0G zCmQjBk|gkXRR25rd6viMX*3`3iA|MsvBd~+z!m0{CrAkx%%ehDRC`CgUa9v6Qd|9J zF!fJvQ*DL7OWf!Hsba(Fpv=B4J=*xdz$l$0f)IbUd%^K9-X^70YEoW zy~s6VTvn&{x9T@zAOqw~6M6?q!&dSW^I(LTHY)0kZ9gd~`92q0Iz&Ml>Qf?J-n>dw zk}mRsO;?htC@Mh=)|s;Rh|NtO9Gy}vMyU4B9QSsGOJ%k?ce-Q=sb$DJeS?=@Var5? zeG(0CC9F1HGQQrf=~2|wBz+%<7`OB(B2M80l!OMB1r;5VGYnyrBM_DvrpG}c_qGeX zp`;#|_BX1Bt!8YLQ=_6E_9CeL5rF^Gg#RYR1hjy}vIv6LYpNIFBN&WWCm+>C^kR+(RY_&qa(&%Q>vM@-hJ;*6Org|RQdmd9csIMp z)mu+W7d2I)N}vyB%TP&5HWV2Qw?Iw7NKtCjo?(14Ul*Gn>6_s zANvV-7o<>jWvNDsAO@`_J%RUS0IhbbcK<+&_{(+La%W9e5Ddx}oR3b9I_=g~5GGw- ziZLzkRuWj90UeBEX6LT!a`Ew9Cwx**#S!5bo0#vfMETmMo!Kp_*7beO28!RSS-bXm zCtY?j_J>@Lh6Cbse>zl}q|uVTi3e10s+W1SbTvI-X~I{_RBsOJ)Fo?VbK0C!CFs5? zhqIac(QZd~R25#Xphe3Ie>6mwAl0U>*`kfU;!k0C3VqJrg%Q|Sxb`&9xdNa3n^3Y< z1ovYss`MyV)MC64cC@2N)-gsF!l!GP&j2Sgp7SvM5P)V-H@c}QLf= z7qoEX`s)6o8-dfdL&vaxqoD6O2{h*LdNS32ZWp3J0#;UStryFd$#;Do8ZFkbtnBP5 zNpK2gz|9OL$Bsl^9%fz!(8JWXtOG|&Lizc|pVUrMKd8e%7Dy|$t94zPomx(*dwQ>Z zi$2`JpxMUVZKJ~c@OhPgxstlQc}kb$u;9Z2-GYM?b(kBWcW2dXyjR{p7Ood-Ro@hPMmFiV$7z%%#5F8m zIJRjS^2%_yHSe^i8@*a5QWA^XxN*Pk)^umCtwbvp`Y~uWdNc{isCh_03S-Ih({RpLc%w{+}ykK-;=KFNkj(uXeXL^r&;EruZ z;tIdjiB07!&8|rBNt(76Wm9n(COlG>SU!^#h52FHWt!XltxF`8Q7u^6j`2&fHerqt z&*OQAep3Im(dKsM_NUzJL(a{|TV|s)47@+eGzlT|4muf?E(D2e={tON0zl5eugID+Q#Gz3M zW!m51!Uu(}-$i2fi)GS9J-x!Cx!q^_1fjY5WjZ8qpTtMtv35&QMqDsU7=DsHcu)r; zhM`!9+09lX2%pC9muR)5bKWs^y*bsJW-SuW=l;BedE<1#aM7!U z6m#wO>E*wbrR#ME%{RLxv)E*}UT)HA)HwNR9OEa5ce{n#0n_RP318Ni<%fZXHq4dyRnG-p+#0@U9wN$h;sobP#%)lC6+a@nLO^930v4T&P! zI^A8#zIeKj!`?RVilb1!saMVYSbI0_c97a6&3O0+ ziB8xFE(Zz0l`KHHNJ_)uzn<=T!ECOdjAp-fF6#t^MGp?+-~fbH#52q178)&H6YN1Z zJvr1(4!a}kQqV^vYPuf92zae`?0fS6g^cz>gIx7!6F5vfC^Lt2^rxH9feo=l&YCAv z-;-X`FWIYpqHJ@b61K6IR^q{jwQtGu%rC*RZbSbDZPgx`Ip2 zaPCxZZ`DaOd*=ov6y2{L{4ZG-YV~p6o;s>&*;+J;$uij=Iqk)r_J6{bmJr9S>I>W8 z;1HegND0Q%{eYG`9N!?Q2M;hYQItUN`|8;x@-`{B zmU-%WS<^GSb1$7dxyTqDaN0--IM@yB2Eve_iOv*(87X@SG^T3X-2X4F95J+t}LXPFl*W;Ox_)sx0 zar1tvwMERl%WbyR>2cwLpl`Z%6V}1Oxn8Zp1%eEe0Rvx+@_96goh9#+T}9I0zASSy z3yC~@Ipl{)+TC|yPTH^==M2u2#8aVODnY@&F-lIc(F3<5Ywt?FgdpwbVTu$;HZa}0 z3+VG1q~H3n-&K77J3BoZTp&Dt{a6uDIl^CalnWkB9<8$Xf%&WkiqlJbMwSacF#M6Q zJRp+?7M%=_%epWq47h-eY_WT~k$d-M?fbHde%Q}payaM=?>`m!3*f+6&TEtGP20rm zrf}V+9Zc5=xmnHV+?*fI1-6Z|{%5X&fC-vCg10c0QFQ3|J?-tsbHT&(DjKoG%L`8Xa1sa7-odN^lro;h5cjv(J^(e2XpI2s!hMJBJm)SDm~4fgRm5Zh!`R)Ba#xWwN@TS$ z=GvNk!3L0N)EXSnVOsvCt!UM&j%ixuj_YCm{x@yAl9+xTeXW_l{1@v6u8A*wmC{Sd}wn{=GDp3;utL0>c-r>H7YyZ+HizUq)ZmLi4?VIOj%%P)Ofs82BTL4 zvh&A!JLas33=WF2sPV$stg950mWcR}1Jm-l$b)ZkaWWAbI}v?XGfttTq;4&5yGRim z-f@^}=^i=Mh_qp(k-8HML>`bDa@mg-)4yjJxqOq#N(P)_!6P?gQ=Guhdy|9fIon=+ zl<{V;HU;O6q7p8#kHGTdYPO9W9qNEHNd6`DnHp>V=TMvtpLF&8q@%6WYa$_<(>EI>suak|NFGDXZv54y6JBi`> zKKo!8di}nuo}KP&i~@dNX3v3&Ay(q6bK=)XYzAn#StUuycMVez*MAqs1X5uKZ&u&9 zdfsrKZiYE;#L8{;cT*oxphx>A6Ppm_K*oHdvj&C_yj>0^43)C!>!_Zr-V$bN$hxT zLG7rvuNFsMNUr~E_MuBE3sEZiz}0CCL3-3vCUCt=c53&z<@aSRb(ggQt+uo<{uOc$ zASEu{&zXC;u1(8tc&7HrUU7_mj~mjXx{N!H4+U5{YxxjeA-dmbp5&{5N=sB$#s0-Q zTmC&7CgwnBg(oEr$5gMNv6X*$G_Vi>1b{$Ty_Vr_yxa$@(a1XLywXikp}7sGN;JqJ zcRXe3KSmbFYJ(t-CT}`SSm`fj!73c58PM;}a8SI-LWS^! zo8(~aXBlZDK5Bg^di7og#mw9eqn3iUGO{7LlC^zK<%qo3SJf7?lY8I`%C2j8GU-7# zRZ?v*UpA;P;?n`ma^8Z=_=|KT$P@N9CYOu0_QiSjq*pu)*%{o_WqQhJG-Z%qQpr~5CB*Y>2N+1o_Kd^$Abblh+2lhaY$UZ)9G`edOS`GrfDV;CuoOQa}# zj%i*yb}LTOvM2Xta@DJXungn|2AN~WRK;$bcdibnt#FsUi=0z!czSORaoI+&^imd+ z-o&~tOR|z4c`(WqTkNhkl01*H^Q9&IRud}l8rF7huA6IRkbML~h$uP|gS|f|-Zln<3qqYRq_qgC1$Vn%c6n1Oq{8lQq z0qdYr-4+F}>)V2j0lf}EuZP5~SD9b`?Rg1*rD+0Mu%+5{qV3*iI?N}P75#1e-chS? zR**6+oS35mL^o;ETbIu`?v&4)h64q}P)0>|u(j6?uJ{tfNr|1Jo3XNVzL#G$f5jz5 z(DH*zdSK-ylMB5@z37!VDOiAdBTVso5h9-~O?Dd|rFCgQ0^2k^i!T{pjXm2uD;|!+((En~*ZCRR zm&iRwDgUMdp_Ky((u9@!wF?TU(H9nkE_syHd`vJYo>XC~To^Qe1 z_L5roIzz4a2Wj6FA@RK**PmvZy;9Bl%R;u!2adXv|RXR=>KVguY`0lCQMKv|^4qZgVN z_jZqbdSa{~E);zf4mRE+sQqa{paivfdzCuYl7!wMYu3fy z`vjY8>|R*^f%H=e|863UR?9M;vrH^4MB24fL}(jg^mK<=yo95bn+Roe`99ZBxkc+ZqR_>ufpMf7v%Md>(8B{ z+x2s_)A2Xoc@-5E4HZ74CK{cCIB)V=z~gTi@$`IFNi>=PZqspF)ynks=~=qNGwV01 z1-I{EJ_c>(73j=mAVCls8MSu^d4M`vQ23VpYD{86TieIiU1^TnR6UpG+;nAI?V^j& zq{0teu2WV?^9_3}Tmy76CS$6=>t%(!PY@b#lxE5f>%Q>pwl%qiz+QNiHT9rWr@K|T zPxx0nTM@MU-p=kB&dI6EaX+80A1xsve%{X+Vl67vKH(tb+pxz=&YCYV@4-W*+H3Zy zZ3g*f*qwH!tTfqJji8&nw|gs8wKvR}KRn(58c+x^Kp_I`%ahGA;7mW}s^Aard1EqM$;*!g!t z#a$Zb?i$!QOOBX3Gc^kr zhq9_Hkb|p^V=bHck#CVI3a;y=ExS*682TjM&Yz8YM8c||IC+Zf>o20weWmSnmg3N& z$`&dOJN)>35qud}al#5r%ZTRd%;jQn5nZFJ1XhHNkU@7jOJS~m?uXgVp$O-Q6uj&Q z2r^a2&sNwomlKz30Bh->1i0;yJ{%i&`2>|R zGc$Co7BL3S>oA3?Q}@FaIWL!yd%J!OZgCMK30mIRbRcL+z8v_xzK6L;ZPR}7mRv?2 z8iWQaj3lB1R-O*FkbP^s20nd;hKc1y(@uK@`lzs_FwVX zl4*2<1|gO7((kj~+dYPCfxMk7EfBTy@HI)7*+QI$@21GSPCn6SW3{?y@LEe^RC-L8 za)MTP&MmV9pgeCJqiuBSO3*O5nPA(Tq@+SOwqpbP%C5p=L-epIMeZ#t)I$j{>2#>n zbg%52c5n20zvPu@YDfCQu&<+_DDJNpFU4avw7^e@9ie z7s2KDZ}qN+<5Ed2F}SOVe0*kSeA~&->$(C3${{u%R{>JBlxkKaIN)c~&=1>*tSmHA z6Kx3E{ERh6H@}K}aj*K4Vl$B2HzDNYQ8f;0q7R0 z%PcJGsam5&o(5mK{V;waVdsO_mK3_$H3qKjhVH9|$?h$&X%!(UnDL)JL21<6`2jYZ zwF&7nU_U-T+K;cX1Cwx4gt!s?Gz60pGU-QF@~?>)wEz<7{@Iuwqp#r; zpo_&`|4j~2@_^LzGO5(`+@;oJ(y&NI!NEMOwk`ahf$A|#fg?>3O-3BSmu6MYhIbvD zIh#A&Q#aP#u};RxMbtWOYuLuxIOlZRY9rfsPu%*9+6W>0c4Qy!!M;VLSTUP<>e|Pr zlo1ewpjgwv_|Tcb&Dx!q4`*Dkq&MEVFL4H08`z~=;eXzno7kfv7&(hkQfkFL8jG{N zzd}(YSQ2fmPy3wvaZ+=+HhueWpUy|TxU7y zhTop^Dzc2{nl>FRH%GRfZJN98u0dA6))7uoq?3Y6rHqW^xzFLbT1mE>U6IhgD~<&5Ak9`cX(lk}(6h1CU1G55eJlp{g7;g;Gds-c z?@Tnv;Sa`8{pl)(p_KkkHFeW|KTbMiTbXGsu=}*Xe;{v`2Ls*ca_O_GgPaP4B7{Sm zTBC6UluL0z!y{$ zXrn+A+BaOf#a1uPCCy*UI8Zmyal>9Nm#k{_9$f;t2u)eM2C%KJAvHu3hxSD)T+-UD z1xFmVI;&Jz*O2u2%ID-G5v=SDx!s$i5=cO%;p%RltWE^Ct>v?|TpT^-*Dvi8aNcnUKNi6GSW(=(>amN6AGMp(jPVB7 zXYX`0*nqM7xCJ>z#duor7RBnC#JS}}mmA8i-MxtXZk#G?3 z*E<8FIl-UsoW%k^n98D8-n7njZ92VQCi`Y^`29w?-uG9Ry!uCF2_&e0=9UsZKz6TH zYM-Vb4Q$d)Vae22YjNyUEjf+XX*pBT(F{ELqEYZ5TS~(Y{#v66@*GKX?@3CC+^<`s_UXlZza1cHMy zWJ)S3F%cCub3+j1T$=eKBdK5);6|c}z5}ls{S4#P(HdprC2&v<2g zv27NbFgcd4d1SfGNUb||z#VoL=_$Rj8|c7$dZuOT@n@D_^K_sfDM~8S(H|InXj-!R zMoWX8Y1orBzH?OScOLDBuyGA+7Y>GhVb`2v=_~ zHtJlu*yBeUX=Ozf3*#Zr!iy&r0RQ=nF2Z`8-kUgLs71NYwmVYjdhf`zUU!uYc}i&$ z{LJcF!ybozXJ{6*tBl`2r zjrZD%jbusW-m2>(gLE9aSYbF;5}nMTv^(g@R}Pu@#A`Zoc2|^dvMBvyOJIDg^FJb! z@Ln&SaXGN%hZ*;dI1iO`Qyu0w`No(XMLSi@W9Q4ad7x>^lglUO3>F01kC4Hmzep$; zqJM@~r3X@PsU16aLlD`0$MD>sP~4$SD~~ca1R5f?C`i_=gr(PHMxcChV?AcKSYR(U z+eqn)D^9WGOwBq21yh+!4HC$_ZTV?nylD@i^sqTkI0!{@rljKifY3r^J4)UA)5JSQ z&x3w(6`Tz8_ILg6cf;5ec2}4$O6SPHP)vs)l027E^mGo(4v>)u1m4m3kZBdmlO3`S ziT*d^UUw!YE2g%W{_U_XNk+W-KsCTZ0VZw5L7?&V5c;OLB602=rpzKv!w}+Kx5b zQt?_u?7M$K5`?(V3gFO%juBtuc zpeNQx!oJVFCINjSj7s!IdR`#B-i#CTr7pxHm^I#OlKCP)AjN`yUIBCax%p=u)-K`K zFQ`vG#&TQ8M();+hb^Mm%Z=TtCmN8&1zxn^ZR{evT7y30+<)O(s-Srrk{hU08+bwU7A<~Y;(%_;A##y-XdYd%6$<~v;VG8DH`mg! zLRDkifCT8ey~AXyJl&}xr)Iw{=@}R4g9MzgsdDwqg8KS=D3Ls)$^|^#O*BBOYWcuv zD@Sj1l@1HTQ48O4oh&p!P?1-Lr9rO074B+LGQ=l_4bK92>vCRA&8N(%DGw)XH3qyYwY3 zVRJIf>1Zx8D8oZ5t)%k)tmyhw{2#2N3m141JD@o)_37dtp#A4O`e*jBB7@S>cm}V( zYYo(hhzGxoH&wXkV91bBQL&!-5wzh_BuGAP(Nr{`YG>`9-UG)PBM2n+!JFtzYv^4%}K#RWvvrhZa&-%5Av!= z5L$8~0~xt669$UNI?WOliwBb~i?$_IU> zb-q=bR5B#pACR$-*Ub8velcRB$EC%pFacV`pafZg`>zi(pQv$ZqtRn)y}xMPls9@k z0#v1JR`GnG1Y%pnml(SN+0Wqz{;0A?=5x#M);`-D32a6v(&S&%Ycw!DRg?3;j^w?i ze~yMW!~Gmj3lU_kv!FFU*qkFS<>ZKUAzRpGk<;6)uoKZNEpyW&#i4&Gb|%gI{8teD z4}Q)+2O;t&!@CwZ(9mgzRyMT3tN&R znS(DiJDuL>lo%Jdt{3)Y6Q34MRUa*hB{p%t+or-gUgjQETF$Fl=tApCYOD}FW>)n? z_vX!s>{~=_bWcf+a)B2)0mB+el*MkrZ=cju|De$KkVyY7Q}8uf$k5Fq$UjRpdDK`1 zoN|pdgo_bUHI(9;yo(D?Ai4Kf0S(`Zx;@duDVG^8#tK24CSGkp)&S;7@kamCti6i} zzLvl){q^a-4B$SqkD}e(-O({IKE2`=9YI5&m&AbKGlNjq&(3Qz&}M*DCzRLH@(a6j zvRqaQFCJZCUFwE26?&9>Zw63--ZvyI;PRf^Ypie~2 zdfa`;Y+UURI$r*KMwe;&yze8z_&!XnoSdMWregYDe-WIRsD^3#bJBN0qjLDVz(N`1 zRo9zMZoM}Hm!(`Yl28BCZvBNxd;AJCEs~{5%Iw8=1wD|uJDW$7laoWYFcAfzNep(4 zpLpb0B6E+>mr2Hs0z(FJI#675m=&pR5)V>~84+=qS&){p;utE}Ru)c7mMBBuLCep+ z#Ak=yhzp$Kak%kaAI}|@veEVB3LwhRIDpH6YZHcyfk{U=w8|ODDs*hyH$|NBFeohY zESFc3loMXz1xXP(LbbKfxE+GNM+s)F}KfI<8BjPHjALzV!*Kgj+vj?y3aiILY-o;A)jky*Z=mXS6 zRc(jsTn@8Pu%`bvL3Yo3{2L#S5F1-IRn zE)CN1F(HTa_0f4xEP??dNVu|h%4?I?mq~P8^HCH$n-mEZF94`0r0(1N)X2=H!=5Q| z?zY@qJQY+N`Xw)S*g{YnrAYOam;K6OG#aX3$8Hha22Qi8mCeTRs2zZVsMK?Pz5YxBOR5G4kPN!d7>r9t# zn3BxgoM(sSAu8*6Mk*doQ}LeUmW>sLMnni6;ir$b>%41L<%x{?l+ zvZA;1A^2SflP^?zkH{9yFJd|ZHM3;D5Ylo$%um|VoUe_MGx7={UD`H z07NNSZfOHeFxXqnf6uulvrH@n=%flYjJ6#MuKg|anQVnwTbfJHArhQGMvj~QU$@?zy zVux!5UhR7u`-YR<&Jc7HI|IS{kO4jXRv}lIL3V@nY>wgFl1a!H#*=K4o=}K9P~3GT zyLpidavaPrZ@r!kdfBbl;bIL+nNrrQvXyCNeO7v99>w_fN;T+1MAiGCy#d1@2=S~7 zRDDpu^aHkikX4dTscIeHhrm)EXiKLnXb^jtzZL~x-|`^#ouCiVd(fXlMQ8CEC_|?? zIYmaHB;StFTQ12PavDn(Fs8Z4lqPz%93m$jAH7U-dqW#D@9MdCR*gt%%Vlxgm)P;e zw*dfP2(jvCB&s!_C<)2j?TlVdmd@sX_#AiG-iGx8_o9Qir_nCRL~dH zHKDg3M{qSOFLyg0?K8rXuFDP*pG_j;Gd_7o0;vhtHm8*;fhs*K}lD<3%A; zD+!gc~#R6CUojF1fMzPwm$75&OFI_2c@L_E)|?YL+cMH7y_b06PqSDj|j zmnoiuPLldlvxdgOCNUOoRkA%U-xVZ7*rQoY=8r{?J2yd}bkKSsVc>&oPheu5{ghLR zC!WG2s{v;l6cwuoQSttNl)YtCUE8uXn&9phG(d27cL+&vcZcBa9w4{}cXxM(;O_43 z?hbFV@7X!~d-s0l-ACicXsfL?7tC3ss#mXGHH1Hl=xiZ_j@8(5v2dpW?q>n)J%+Lo zDjgHsd@S@98hbg#px=g#DRh{50{X2akPz8Gi>IAK&sYwWH+z-xpjusby^lRE!75e# z6;9B$qSq~75g7DdG7ZarPx%-&wazq+nAm!p_#Dewl9?#0<+}Y#kl4Wakl1VIHn80c zsMsJkzb#^XTO-&Fuc^K`NThGB9&Q@*C)s`XxnR7;>8$*l^+ng=&`+r{y0&LLUy&SM zd$j*wK>wehzZxIJ*S9+Yk&1?va6IUP`Iq!*4vJ9UCH(zS0C9Xw1Kqpb;Ofr^QmD7)6F`tgN@RRJBZb3)I5zRm7h7W zb?*=dk^PvURP@>AFvK;6OX1bF;hWxcJ4+d*bZRK40e)1*MxG?yR;hhF1|6iwR%N-r z+iJh4zA*cSZWb~QW~dcmcu?49JMrS8JO2=!kOR#&{1u@xwWe4SShi{@v91bHgb9Ts z;4W0dgG8F^B`uLaS8IS=_)KUe713vEQ7_~Le3N*&bXuhSbdn70U=h^2gU9Z>rzDZs zTO>>ZFEvtl0dcdR25F6Owl}ex%d@pp2Hz*roFu4axn?yEDH$o@M3X;+zVwRd&a2}% zP}|3EfN{+wB!sGwwFCf;VRJ-{PVlxA&l`UHr2R>z|Br0_|Dfa8!OU23E^IDkq@@GALBZL{@w-JxHb7F0vU77j($Fa2%8j?` zaoGXfhc$){p-Fo?2pR@j#us%rbxlpek(!>5BqSgDHwb4jNKVQ-{)=<^=k@=w9!~hZ za)diL7#vpch%G$WZuA9&CV-#*)cu|*hV&)2{S7pIEW2;pn5bgV+wmu-Ec9KrKwUSe zZ6xFvW?}v^Bz8t0=Rg|yOPekm|GhlUx%y#=9GNtpKBs$pUX?Sr2|^o64|7%jHx0jV z<%#YrV~7yHCclO2_YJrCZK38ZBvp9*u4oRE$m0daxzy zYN))?`f|CjmG>B@yAJ2khM1+rYxcJv6iP(-yZK8c227DDP9-Vzd72!%*50>_7wBPc zbQ!+i*HBOhZ3Y#YYqn=&bO;_r>FC`*i_zPxK$slkiSWhEBqFxHI2Q$S_I6X#znC41 zw-h-5NdHuJVwi52i@KE7u({=<|U!V#BkglPE9A|vD)}@Bd|Bd zF;Xd|;inLTFqGViJgvZDpK$P?vza-z8?eUfN0RNgnQf}auq90Pk}MbcBz}0gkBY+y zi&@sbVSr=REt0qKP&9((i=Yd?FlKk`02y06_fy2Pv@_ORWv;=Lz)bMF8N;~D-b@XT zi^JhhLLZmSGeY<7O(g60R#t8y4D(9RKmGkTb4^EjrVPKU30@4`D8q?6WLnC0uBfF( zX-wu}!(L`aC@DA!Agj=Czm{SnHaM{U9Y(y`(te234z8vV{~AOH+NuO4XOE}*H5epp zqXH)@HyM$*BFRyEI);qL<#@k{p>B2d;|n#FH2(JXHcchS=W_*|LX1Kz#!8DJ8?NIM1G~i#1N%$1OsJ|AA)6~- z>&pfg^`j|?BDD$yZxZH%hF&%ME~nMmJ6u*bdQQ7)O>H&`3gkGgN5oG-#5n(v$zt_l zw63D1qLD?5j_D6K`!t3D@K>!*AFSpMTfGve(+X<)B3&)8ytcBztle+HAAUUp&8BzM>55b-LMGq!b*J3mZzXhhfo@}M;#XJiq5ca zU}ic{har>=hOM{Hy%&Eukl!(6`B95j)qt<=7+F;h3-hI7UWi4$PLcTF@2CQAa}fspQ4u!R)P{UpG=Hm^fJj$NYVn8DCFqFTG4@1 z1$KcjK=in)qL7B*Y~Oy*TyC`cT~7EM(Ljc|`dSSp(!FgG2_7D5x{Z6~EIx>W+u6|_ zDn!h1vK7gmJ-h1ooYl(f06^`;YpH3(^3={P0GLL z!Ta9^3aIJ|SE;I9W^~28xn5=vAad33W+Y_7WOC^6jq#GIFX0G2SBG)Ln17Uld zE}2WyFrF_v{0$YtEh;}%WOz772C}YnQ|2L2ne^P|eCP0@Re#)b zX+2Y~CuD=tD5(D9>3p|s&4&Y4S{C~b%&BHLEMy3Gn=qKS4}$>HM=u;ZL{1Xdt3uCD z2t!A^h`{SSkH80!SK|lXhsOgr?IP$-pTo`bgFc&V(b-q`Z4Q~@{A0UKLIo!qx#qk9 z)8r(jA2Fu2>-ofxF8kzvGD#zBkPlq7dgF9_y5nWA<@)DDk?P-%t1Rm9d4OOL$nJ0j zjb*z*@t1`f60|;FFi~q&Vo}9ClK^|=&KDIAFZ8_+LT7|dr-+S;VVgs0P*?URb%*O$ zLI#F@xo&{F`orb%QxSfIrR2VxgPkjPkZW3whFM+4-?;q(VmXd-t6Q=pcH~jgk zzZXA$@H;!N9g5XZICYYSf`tPWtLe1&MSODRF~qma^dP|L-n}`PX@MMRqoM*jk$szS zvx!NS)7Kd;=q_tS?<%pq{p$|sa(2E!4|Gfmdxjr5kJ31UPr<>#2q{e-h!&uhu!@t=m|&!C^e(r&a2{DS)4ih7@KL}M znTNfDrLJy>OUALF2D#|eF|enpJ*rp_Xsrma_zaG*CF&)iGTpaC;Gdd86p6JMf-$R1 z2ek>HvuYC%Nke#2z6a8q-N!buII6lE0|-azdRD)`0{oVSGc6YA9~hi^|+)!mvI18quv2i6@%ePnUmdx{odq{ z1J^^=ldkCARl$=NkTU0D7)r{b^TEvN0b&M11jA$(X4_#Gey>}ml)geJw@e}0i#onppjw%u6#V&Lz8Far zB-lgc$8M?{7S3#eNSSwNtEChM@8jy@fDmb%hSR*l-EPWlhU=(iyWfRroAI;ikjpms z)7drV4xiuM^*b}xb7$vc%5CJ|LwS^Jt_1il8ysnzF#k;TRcXCyie}aeL~}RGR^$B4 zP%H1+Uss;x(bVox;xz4%@m(%Fy1IL(xmrWm^d1hK?i*&;?FO3Ou}D1Hw-W()9eXO- z_y3xRE^xm$l#oa=4*;Rv3@-7T2uVXlHHG5y*YZ~flWTeGN!5XJcyQzh&AUyChI@+G5&!y@6k3^^FeUoS8@4Osk0oFNoUgrHhXGDXW|i(^-JT;xCJ zVYSn8VJ)HhJxg#}*$i=x2bZ^k7ChHARzgV03MZO|=@U#4D0;eXPgXixGxuu(rrI(N zVEDA2%i79%LLJ2|rLDn7*9^8}?v9F9t=6Z*wI_Va^cKT-Qb}&I%anNm%!!BHH4Q#y{k zm2PxyrB6}qyw0z9$!E0~sdRgMm8n9`r%tVPxaiw`- zI*uWwDgB5UpB887obtaS8jaMzAmG`-l(ak$9>yzNx zT_|lWml{InGcVAYRa%U(j*R@}tK{$csBi&!{WE8V$d1?O&2V{Lat@)=d*HNVxuTT# zIri*4lJzB~&lKJ0TMt4BhFcxopa6piOZXcEmS)R$gE5KEYagHQ#VodL!Mi`am4f!pJUOW2Vzt6Icy{dqC+#98gVzB{ts(4PC7fzCKmO%&HWvOxyabgH{EIgP0@%J+cSA^LxLzp(>o zx2KiG`n{nFX2vf0Fa z;eVCq-mWtC1l4yLJj#0ma?*C0L3*#=07T+s+kx)6MrT)P`lAg=J~l0Pu2@=4{AjKG zkj>3QM-O)SOD2T>6rKMC4frof$8u~T)t&djLUXw!##ea6G?WxvI-Ahv<;M*AN z5k`sG26k-8;26o7ie_Bq$%=DFo3Li1NC$resc$kFRVZ)o6rVJn2}>UD`aqra$6D1{YKwk87NKU@30Ve zr>FT_Z`B8uIt1ak6KH{ZFvi+N6MA4QV02u+H|Na4Z-z)Lddh)BYtZ6Ggn%w^#4eq= z{r1u8wd^7*qt%n^L>?w8%v)YYSOmk#r$?e-vp0o=)1%L6_i}L3_YoH_W1_r{Oj)3p;7AvGn!>3TsO>4&v1V-;Z*+4F(|yXO-0T&+RWtH}LW-&UnsSsUEo%hR%d?YW5cdB!9D_+8O9 z+`nw@uM2rWadX~NG+%TS^OF+JZXXSHhbldxqHoUx2l5gJ@l!t)Si_{N%xi!BT7b^9 z@NcB}H+=i=uT<-R1O`I0pB~9s&GYpHXJ2Cp3mdU@UVSl(3sEOhQf*C0v?z6Cww;#z zzS^YFSVlAv1bR1K#CmdXZzv=RZF#{4k0wSjjt`+!Q$*es#rLOYfDZ<&&X-aQ1 z$FHHdIs)V%NCcR~OZFY#^3MXGx`ahH@AM!xGpnSKd~s0@xxk;_2>uUmyqp0YdEMnL z62O3W-?+1y4HPQAK)<*u%G?%T==CkY;W+Ga3WJC&-&DV0bgvy@{*`f$386B`7e#?d@6@Nk0hQ2`M(`|3Pd4c4waPT z)&00m(%#=cFdIaHgK0jVD%G28$VK?FEvOb16tw@^PO?fPH?!X9zFqH5NE5(lgtA}M zK=x8o`lM|yApAuTQKCjM{u9?O|Cb#-q`x!f_p4y|o@e;YHyc&0F`=J^`&WVkXP<;V z#l@(lt~Ze3_gM118qM=g`Q_wvXCU-D{nIEsLA?mtUO!ll!j)QC=Eo)^RN#a!y=LcF zec*CfKc0O}wKstk7n7Q9N~P5zI%rZa1FsIxHY&95zaJtRss_}}Uz<>EVC!6t{dAGqxpf2do-9%g_Kn8Wuu!v0A7iv!5*Pg{D7RNj%bOb73Q8zEOfI%2m(K0f^ zxVt(E>Fal1qRak5rMEjH1cV5RJFu{bLgM0ZjSk;{EF<}+j3@zV5C?tA!kKQl7>If5 zJ5S>3`?`1UnWKL+A8x)7L1Gja3QL6E6WsgtAhdYWT)^PXMW}>6{aX8FDb$AX`K>bO zwFdQ8SUegYK^!P3oCw?xFK(~oyYRlaG<;eNpT9F*_wY2Kb2gL3l5FC@K#p9|x@-v% z`lNiN$pT|*LM_U*aVBKFOM|IW%Z9yR=CE}AyJ+r~jkMEpwE?de!x7o$gsM3o zTiH9yp%;i<^_O=RO}8XZ%|^f&;GSo;mM;7-*O@LohtF`yGpnk+T0SS|GazVj%2Lf& z9LT6F)3&DJdL?F5j?`*Cgeg1eboAE+W;9f z!9I_4$8~G90LD`_rlVHdp=9 z)mVYaQF~d!K|eNdV_lDPdJL$DCPExM1%2Ul-qWX#lT48dwQylAmbp|6-%xR2&S>wi zR-r*y(23fi}mZd+AOhWpA>{i34qHP4A5#>6Dtb*EIM|>6SHD4t@g_(=9 z7A0a{+LB2 z?P|GV=cQWzk}1A=RlXz3U1C8`_|Vj1*9zv3$S00Tmh)-7l%noX?~Pyj|Ni|==|$|1 zs0c%CHrEUa^bQL+oCr+KO#R+xUJ{pXg46tJ5Cs~Z%qo(N-G4Z1z@$PxI}RIorv;mX zWt^p|kT(#5ZBM&zA(=Iq8Ndjqs^qBXewA_5*9~QD9%>gr=Y$evw6ZY1ozGdX zj&3WmQ8@vYJ60Lu#hIkL&8PsH0AccpknvQeW-3=Eh^QW}xw+;2{-g9PT~<9tUfDR3 zh=al9n6a)x0naRDH#@Eaj?494G4wNj3JdEwHiz(uShE&RK>z?|DSE^Cb*w*Z4S$)G zivn4Y`wF1NTIllMf{Px{4UZ5g5sua)6js{Z4mgyBUHq@_#(o1wEYe0X-r`y5+A6X@ z*o6xw);Dqf#b;K7ffP^#I@v#@INfZ&t_NFsAiDHlwhjq~kylzRANwGgvJ5V=h<%NO zw`?v)mh?X@b7;k|9ReTUn^@IlZ76#uFi=^?S$-szWI(5aelag<`MK#ze~|Zc=j`eW z4Bty*2YF!?0S->^dr%0VejrgnLrE#9sE7dr19NayqkA^l5i>^RRRgQea+^9P+=s#`Lm&*MSA(d!fx1Ief;+d zEn4q?SpXn{EQmTq={JD%S(zy({=89rZkT0Q#{1=qI0^%T_Us7Wox@2Uz#`vys{!Y? z;{$iiS>=Pr{kf~yp}3eOSu1g~mt0TiZKYQ8o)Wj+Xq&Ljyd+%;UHh1h=)p$zmj06S zs?b9`-aq`ESFGqqDqF-I_o|QizGT5fpj9hLUgKo=yOXD>{x6|Yd=DtMORV558{YIq z=G&FibM+QXez?4Sd4pwqG~UC4~3{uwsxoU!-mNWdZIcf-r)=mTM6Wp)ECBC z&|D4&KcrgSrQCX?#)SWOG5Vc@p+T0?XsJNd7fH!3>t49t2ru^vk4cB8i$&S!IHh2m z<2eamj3uRX(;QGZxvx1k{SAea{*8f_frS{nm3`i3_;DpvzTn)xg*p2wRMqJ-AIB6A zU~=KRWiV7CqMXFDdSvBIbigR2X=+lr6I-%1Rqq3H_p%i&PkscAP^FrBOn0v3fg>f! zGc>>o7*Xa-{1o+tn6$HD({wS;U^PHokWN@QE(z91>FYBBgeG|XU+rI8DzkN&5HQMw z+bm{H-ZNw>g92vDe@F_XlO>PW+b7rw{LTjO4qNQy z407@UFn0pEk(em@ca+w0dlD+FaEGRt;2810u|Dx80`BQ46ii>{2Zf_Xpoe?o`n}R_ z0Nwlyop#KiX4A&URCg;DiQgLJV=_rYnw7gzQZ#gBI!&v-zAtb*Is2{RG3Zlk zyLE+b@)B2V-Cyf8ygU7`t}T)HFNd4?&Tk<3z{<}QHQcYK>-Te$gsovMPabbidx2wh zD~!g8s5P6FlZ7d65wvA0-FG$BT@RU?xsSEjt1TUaHHUkP3l|_%$aPN~J++4)@Io8Q zyMD3*pmtqb=d1MPR6rEds=lb6hXvZmiAkq3kJ%n}Udjm+?!m2_sTQBU0Q$d6D`O~g zRa~f-ZI6`s>0kRPoZN4EvFx9e(>xrd5`sqgJP2-=85r`nDisFfv?m{Gu(<8wN9)_3 zxwSsUO+Vjr(emPJy;fr_yIfs-FuZ~$Tdz9B+?d+*3*4&wEz-hicMuZ3GlJP~@Pxa8 zO8Rf`@o5YMy7_U(ej*XhGPZg zP|XAi!VXHys)k|b$vr=&JfWu2%geoLfD%;QJ&UE?u<;9JwuR&@;B0(oG;tz~hyiET zvwu%3<(^*Fb$oKN|1D>eE=hVJDT%^cy^S%&S+eDmPwi(pC>C#g(bF%)llQe8jZ&Yls=!oZkdrL*o*bc*ZA|H<4jo%w=vkk5z5|b zilTCN+qEV~V=q2WPcjEH+8IB4{K-bY&7V|BrB0!8PxxAApV12k4%8DZ=yjH?>-UyW zudV4*(2MFe`u7RIHoc)yN!M-`EpJuS1t1Ql3Q$MbH{rOir{v=KJb7~^Q-Xl=H6dC2 z$Jqg?kwxRBGZ1|T$t`A{X%;K#kNF7JLtsz4r;Mv`YU(?HvCH(=FQyEqmxkvn#T0wX zS+*^6b0!^U_bXWH&q_q3C1JgekC_o#+r0Zaa3-h(F)J${d`KWmQnb0QB4U+rJL|RH zgz#@zAe{rn>9h^V;nZhpT%}}^*Oc12(W`kho%R)+w%Z7Z7%NZsY>ap>?p_v|LWSf! z?q^gMl%UhXY{H!`PPIUF-MA51QcoiccO((<~T(zLly{u5-VVt8Ft+PFQv+ay1tW$ZzZiKxs&l~q4H zWL-{Ep41kyDgn0mw%^vO5^-0JpSz2F`!;48t&KN|-6Vg?5$L7#cQv1<%p9+wgOVt= z0rhe#@SW$zZ^e}u$QwKZ05dc80DVT*a^2Rmq(h8MPF>W#Lk-Dji`O%%7s{-b-#L@n zTnM3dt4J(_rur9D^@{znwukIzzivR{@U&ZDf48}t{6kIaMik%U-b0HY zCyS91gZ+3%S-4xdEq`WDEA3@Ns?b{7G1Oqz%m1cptEsfy%#wKsKp8xUqd$e@!>SiP zhhTX@61a^OHpu=Iz|eOBj&na7pep-F*uH@IeH8lJAf?se@@sozC>M{y@OO1Z#XzZD z+Aef9UN0(350o_bXPkinDjWlM4_)vs zFK=A?-Jna`wjH!|>E<~wHFb^6lh}%HFLM3~n9~hV0Fsj9n^>_@PRmU$)p&)Re>$t{ zKz#+f#}WA;uZXWm-%`x>BrhG^YTgq0(LxLCuV1L4L~YMl)+c46WfmUSiMqQta3zDp z|4sn@WCH(vu?L3BioKdGmMssz+G#n-S#-xHQ#H)gBW{=r?Gl_?MjDgfEGKEq^ z3A|fw(h4ji?Bo1>18eYmRYbfg$T$rv$_?F;ZA^LjIMYFN$m7~W-1$l3sliN7n%pG0 z=1zNt^=Oc?w|n*qU2AHn4f56?X8k!q%_qot!oK3m{+!))QSFmX?@Twsps6^((ZA8% zA^Bh*%%~`7J5!>xyr|W+YpxHbVMlpx)yEu}W;QJ6E5QLd#RC1Fo`?a9MVlqW_ZBBM zh^s^7YEM0mV$C`{+qOqgJ{t8v6SYlr&R=97!|*t;c2ig&$inbRHT|K|)V@i4?ZTmx z=+GN&4kqx_Sf3=tTK77z>JxQeoMY&GF0E;0*az;#U%aGw%I^t2Pf=hLyaAljDm^kD zC%97I(bnW>*B+`=4*{%aEwhx2&U=T`0sb;xf2Vmhit@1;dLFmXiQKbk5Q zi=6WEw3rQiJEVmGGRuQ)%rDX^GU#7Q_P$|T^=5GTO#X92{NL8;-6#?BHms3mt#n+N zr?00txVBU4SdIrq)Dy;rD#Jo?VGw`3Y~12GP557|V%?VYfFd)h-?! z{e_mGR7g*Zhhu8_>)+pxE>Ak~7-AUl%~8pSp~VOyMT}O& z2BzdgV_{!sH?utBeG9jGRo`#MpJPeM+2ZJ59J?2@+2FGoI_x4>WVTG)W|{FRr}?>Y zwp5jP8b4orOlpNMQT7pAV~hf431e^O8)3i45{8VNtOOL80bw;+ve~g{Gt`13?e}{N z9?hJFpsA)^k7oA=!^({&MSW2PXs0|0i-fDFnd$zmaS-DCN&p-7UFruoM&h$r7dWdZ z$o4eLT%=yFpLkOK7yY}j8C=XmONk9sd7#IMtMWKAC<>K_^J3PEPd*wz-^`W(lWgsD zzQ1^OQA~H%o(wKPcQZ?HL+GdlZt--h-9?t)21_-77ti6ImCtMV?D&MdnKgEJmiwrY z7`NZG5ne=ds+4NxbdiArR4=#&c@r}v(B9V{dMQ<~HJvo&8}kB_Zk+aW;v$mGX!a#8 zC&Tz&pO`eAx6#d&PxVxsNnSYiMVcQU^z9BOT34*G50s^qy#bOw2TieWA!&BZ>isj9 zqj)ceVOR&prl`;(WQqI8_>7W@N`d_|zSy^*r-S@|;#MOS zFhy!LbLaM5b>{c`$KH=_1>k&o9mYWB%I};|BUoXoSla1~nO4$p*xQvY+;Uo0#b%nu z7Zca4_=HzJ)RE{-v#`d34E~=W#NWk+lGq!7&(lAK%xsyfEPWo+BHdW$- z_ewn7Uy6QcGuo;^ryNmGYLtnLfm`6@kP$c87s`fa#$rM-nRGvuI+YH&+uAY6f)S;P zeo^>{@)8PTFSnt>`C+CMK|^(tU#mhMJJ)JH$cM2_xnXOI(P|Mo2SxIW{%nr4aG@Z) z_L%}GRSrzFm5dAn7GpWt2)hWH5>i>&w4zE%u*T!6@36g=Y#yp|%O;`SR|5ZXt5vr2 zY7|#bkBoYbZJVP(9w@b%A;g#_WQmjEX@wrQx5lAqutZweas|Duods;K;%9`Xng;CY zn>M<8dbFYK-e?+?Y2_xWAaD%9_t6Xh{(E5ssr~k`D2|UiTvWjYO+INMF&u$#m3op){ z&g>3b+C@8!DNmW~Ks!qDVtmHn!GUlfUGrp~l<4ir@*(4O!D_uVF}}y0PFmvwRB+Is zRqrzs{p0i_A*>CvLKK<(8{J1yc=nifxE8UxgHs?9WD*AWXb6?$wfIP%kDjCllcf!2 zxM8>sf&JN1RWDn*<|$K>z^}k?qJ^ZI#lg`ueve!lI;!iune77Oc1+^Q zlzGCxuL+pA5i1~G=h7zxEjo5107oo-=;`j&SyIW{2$pKC+^RG+%#~`oaxmuI{;Xpy z1I@_fkabJg5~7>-ye+1fS($l4q<73Ub6V9l`jz5;)2d^H2gZ#uw0*5qIoICm-r)2+ z9B#c-(aG>qjT#XhJ+}7zSyYsehZB6?m;%eW3n@A_R&R3$Pr1bb79dT6P0vh)Z`4X; ztpq4!KhETCpAQ-|+C2M8t5rwr32t7f&ybQyoXYLVV%t?xCE>58N7;zb1rd_FAf`-F z4b#ka8d1`DC4W0vnXV4&mqZ^xfvfaw=nRhZ_rV&dDKJ1pGriv$pVCE0%=>DrZ>Cr; zntPv9k1@_rvA0;oM9cm7sV=2^r7@&e+YuuG=Sv|10+%#;E8b$&Yw*jmWhGX(IjN;^ zgWdG^rwV<%LXl~RJh@>Wn{iv5$~V+O3I)(vNlpn3{n9Ap)FtgZJgi4cWJRdHj2Ej& zVrC!Py1b4bkNSA`_-7rSV$Rr_VUhu*#K)gtBfNTOE)J(ZUGY8ezq(9`13>I`T z0S$>dfClM70sOPVZx7i=`eZka;(U)hj~o~yTo3~Z2^tTNDwu7NnO9`a{X1f-<88w! z(;I;K`zF7mh8%r5RUpUUc6XNU#=N<-q`qW7tC3$?IwMTT@%{Vuh8NjNN3hf?sU!^Z ziD?XRA(qE=r>@&&XIexIJWkd1$+!wdp%tLji;PV~`&HnFzzdevd`YkAyeT%6&_w@< zp#X1mxSnaW#}^B7PpdnbsIg6Homh)}O#Kaz9v{XOHP>$DqK)61GaKyE zrc~30|M~O&$Avx8-WV?)v~|S>gyIHw^{}Ep%U=@hF>h!mb&Im?p+Ov^0k~&_K{oBn zofLN4r9i;@mDNM*y7jSA1+(J1UeRyMsH^(naXIJ>)`}m^C;1eba20l~zBk`UWLJ^; zD6Xg~{p&HL0e!(_n&blu{^G=Ju}l5a&`HNW?-ihr{eca7SRw=9xfU5#8YYg?jAS?k`SE=`om#KoNrXy zeNTv2tJTF25~hwn0sDks6pr+z&HN4WdT)s&$@vB~K;HyT!MEQf+co4gyK7TieN<%( zd{GBq`>Kvmk-?K4Y^ilo5>M)OD}mDn=T9ix40UoC-+LZB&#IPRvEF}QNdqeT1kLF0 zKLMwjcGX*Nf+*i9#l*#Jj&PlJ0gT2o4hw&k(>}!8IEB)tjUfo(^J9}buCv9Bn)t_M z0_8@VDi_)II%A)l3WjlZ`y;5F@;7<|8+TOchtoOaJC&og5V`Q4s}E_~lQYWz-A)=M zLWkdQifwmlattQgNBaHazi2KaP_Tw=Qd4%l@L^(@UQbvDSJetzzZ<-VMmZFnlqcTn)2&26K)@MeBxW=Z@3wKVTFZ*q zu9(%+*DSX{ia+(Ef8v-wYkDMhjbyQw`vuQ*CB*ASkfh--aM;%lv5jU6fr#B~c%8S2 z6#$@=)WTU)8)9}qhxOVKh%RbMuli(*Hkm9 zN3^AjK6oFbc20STmBGuW6!Uyc;$*xHf$5fn){hrv7)urb>%?9$BcaZFFaLJQqDsC zs6X2%ys@W7tA=HM!Y4=(6W`jiyJwH|H9~DGa8*#<62l!h`=^nAx6ZlaIym(#5zw*b zD5Ru{xu(F#H86&&!AsDy0z^P#4{whA&{d)#>+>gR8HFq~BA_fy!%J3QgvPQF9g44d zq9@e~npAm&Wo<!g+vE0W6&_~tMS}7`kiivXWb4$I(+$td#UKe zJ82x3Hklg4F=CxIGF&SxhQDPct-i!peq~WdntV{_v8#Zwgsp3>4Br&vPoN zP3caQzt_YB1UI|YjFaI8-~Duwk5;;qP12uCb3(psy+?j+e8hmmawBhaIP@M0S)Qxb zfz@<9moQswUe-UgL?VW1NVS?U@-!Lvr#AJ^fAMDl=7m$*h=f|!)YV1A$q8ea;sNqG zD0@|nj3;c_wNk?6uSWlL1te*kq3$TcNX-+mAcLKRNx}>4pR~lbbc~LMS$XvgTald* z>tD{B7zlZKpVJDs3-gI$-bbeaWdQKih>oJ!-|v znq}nn6yW;u8xK6xw0wZUHF7ccZ%m;Wmb6C86(nyQ0EW~IAQ^q{kQJL(a$Ab3Pgdwu z_02DgMzQ}kF2{M$w|8KJ0U0OBHcsjQz104*$#{(+!9R^PK`~IEc|>ysB83?d7FMZr zJxT;!p8?!|(u+1_0svex0xblTg_RXHk9d7lsdOuPNM$LtSeF&KJzgpEmKjQUu*d|H z%f(j=zwR+nB?){vv}lAwonGgJBas@u6Jwf(Q^JP^hHIlm0_te&w>B9Q&2JXj6i`P) zwR+vPl=AaWPlror!A3th3cEdOj|+Nom&e(^YoC3s4=w-X_m_GD0yO}&8$4H{1-k0H zr%&C=V`=+2Hz?c(9ABaEzza0Cg?jBY)Zmpe1j?7Js4^i-nRB|i*o2s1SNv3p)~N^b z+g-A`0A%8`-=K(h<1;iKFZa6@PUjnq@Hj^6b~9^{d4`*vZ1_L8+cnY@6%0^g{FTUk z(Pu2?RML=Q-M29BnWVTr%bVl+ynl94zJbljD8}b_sn!GfBeE*iX3_8Vs?y4h4^JY* z34=5GZubM$pM_Au1^!q~Gc+2y3SD_bVr*FaoL>s2(QK>FEz#4LZ$a*>Do#`J6+k6Z z01yE^p4$a$IX%b>y`E56L#{rKd9EQvs?XphG&$&A_SnZ?UtGTF$QIf8rCwyrhXSd~ zk=`LI{5vp==|Z7_Ti2D3XmGJOX&rM`SK$&f4&0{g8d&@G%boTJ-Evz{%=pzLSzS)Q zR_Y&)?j^&H3aS&UFYQ?J{zuDC&q2oGPA^lk2H(Wz47}{D(sTktJ#|4#psv&w?&JkX zFEO(8?N}=3hZC=(uaORDj&zDJG*bb>*C86N<#b#CH>Bm4C5q6ww;6`Sh8|*xhQb)g zN5i7x3>;+u--(MbhsS8VLJC72O(cq@J{Onb-|}cv!PoWbK-YM>IDP^Ss9-a z*W=8_NR8L}$$&`~>pl7-uD#!W;y8XcVV~WKi+=-C2Y}~GllJ3Dm+8FG_D$^~p2CWw zFuegQ4W*jby3T%+xrZcNiP52`5)58dxCW(rKdb2hA<6jyWr~Vb9Q0qQrnIW!ZOR05 zoo0*6dc$t2ki7ge42Ii9KUqAJVHif~czBZoP)6;BJ@ZrwMKmb|+SFn)VJ<>eU(>1yx8ZgL!Oe3fTN_Br?Amv9!Fhw)0?0lUEo_1YZ; z_9sQ|P0T}2qw+O1@~v3n^tZ zG<@&*XnM+mV}XO95qjfgh{szsOtLJvWYMG|!r9O3+M>5USx0@lwYR#kbiRj#iA*7e zp$*7{<>0s{C#Mtyn5_;G9jN;V*GLf%lbB3cn{3vaF>lp;eujx)BqLTvWG$4l;?9rP zjTM>l+#T`_0$HQk4*Cfoj+4jHU#}u{)5FB6?6@d-3YgGTA{cpoI=i26upqKT5A{Zt znf@ft{TQyw0G_ZK5&J6u=oud?5fioBpVFkr9gApwm(&8~Y2JtcZV)V^cg~x^YW+IV z;(MB5yVAcme-2_lZqMzACPF~la)$OKwPZK3Z%1C%^Z?S|5|j$-7giYNBoCnVYO^=j zUa7@b+6oPQ)bFUR@tH+G1N>QQkTki?I=-D}~e)S@Ft*&z(7Ze{EraBORp^Zn&^J3G_JYBdxfP=Eb8 zQZhIsre$756>_tUdp2>8nw^`wkrSsWXk$~!7xm+!I~a5Gem4!#XcB9{k@w-fVVZUF zMGmj@)2|7er?W{$0LkB^xPm6ID$ml=d_e6=9Kqwm=4oPk8gYi#l>YI~2lC3#P5fb& zWUkttO|f*|573hHW0Xal5@@00GzCyb3qjoU00g=9Q+{V8(rS5=9;7nox}7s+ope6+Z&V4=EN+igrOLJ^*bvRHCg7L&?7OK z-z@q1QqmU^7N?oFiM`CEhJ=*ljwJ^36A#zs*JP_MV-Isdps%i-YrH}1k{9wrVGHAb zRE{Np%-v;u%6W9#$pH)zvU@LAKxc5d?a{bB&{BT=>9zT z#c`OTjM$O=h{$<4uv=_KXFYQpi`DF77_SX^qvPSvpFf>s;0QClsH#u!$zB}hszfoj zGo0t~5YU2g+(Tg^1&gi z$qy=O6=i?8O?0j= z|AnzWp^TV;VLRp*87UKh#KCw`6NvJRUE%56;+g5xA}hk+%N%()CV)0zM225L@s+S8 zFnd`h1d!YNqAU{4`P5Ss2oqWAHtH_6MI_RL^+SWIb0NCz%{1_ga6YrUwP^>+8VO;{ z(6?^Js6)YPu1Qb5HFsIP*?5N*KW&>al)U1s?sKV$*^1s}0{t9wk$sB7^kDsQ zyOdsYb02>V!W3gJT=dRbRJ~w^{p=F<)QL8kozzSYj0(fwm?f1DY9f;o$s0K-+|CFZ zWdHMFVBv}ArEe_|J{_CpIaXMp)%48q_PUSLd-N;G+Q`8v!Jilb+>X+FE|r&eYj zG8O{J;{N8l|NEjOh~K{E+VtZ>LlE^6Q4saf(9&cfyA{*hJJXS*f8EBAt@7*FHVv&f z8XOH~UmqNN+vY3}O>)p(elQ2RqKO}F4{7jQ#%jbwt)oO=XT$GPKQT|__kF3x^aa_{ z(|+Z3k@hEtk*?3mz<-4EKZi?s{IYNB$a_)p)=YP!6!MR$bq!?9(U z1u(<|(7=&1kw1`x%LJhG?iodLk%v_kz$s>h#Ipx%Q3q$hNTiW0u@Wi$OB{y&7c^rldk;sQ)1G>7Lr|oXIFup=%Gi01gGO86UpF* z4RSH7^*Xe_+WTnY_%~ntOdHheZBXcu=Tgmk0YPlE!a$I4Np;{Tfrx>mSzmF_xqo-2 ztN$8`tr`WoMKHjj#ULA{rFyezHseU~zP@jLwEo)SP-mTickKF;n6dG^jnTl|N_*RJ zMrvdLKE--q{G0D@ZMNHoMXmK-EhVsRR{H~aI09a7a)RNz-(H~gmm^#?x}SxRCo{@6`02LZ&Czo0XaX|6p4 zzQTx*_xxcw-n<_v*e|(XG-cU>>To0k=Nltb*XED5C7xjj^4dBtj(qDmhFT@3j0aay z-LkJN`xr|++c%u%{{;>HyJi0Cm3P)vr4j%?trIJg9Zb~3q~!!w+1C-Kp%VKHOiBRW zG#vG#NZZ@m`rAp9ldLSolp9P{jP6J7r3MVf@zw7|iZBTJ!KPPLw!(tX7xqSEK{!|Y z(-IW*V`Y|7U0uRBh7W2F7vBRZGWUGk-re0`V} zq>Z{MDk{3}fUSh`sg87UwhIV)CutZe`>x$W&Jv8m+(g)ojb%IvlrT5|sevj|#wNX( zOcqTn0vuI;9n86^w=W-Rn>73a`^88GPGCitiIP!pog$d*OA9cs6BRXQP6Q^US|O~1 zRWO9uySX6`S{xL@LG**-aXqYaH(#etoLBX&6p{cq*?y8%Gu9y!esAAx}6lL`J2f#{!Ms?8l_XcO<{j(XCX{GV!J#hn=liD*e z6&+r`nz55T#HdkZamuhHzIwoWxaU#sod#6#CHnKYUY`BVrix6C);2a>9ePBy^gQz+ zQ5!be=nBMQvq)xzJ5W|o@NGJ6#c6105V-eUm|M5n*c|n2kL*NH032?Gev3^d(bT2U z`PSC}py7P8xvFO^9@!^4N;ol0^xuj%BWl1(y-p)clj|~@)q%t>c#9Dj78Ba4%16hh zb~xiKE};OcaSu#z?PQB*c&5-QjOf$1nddugBzSE-ece4``Fj>XMnu;?x=Y^rUW7h! zkWl1zZ*Al81J!b$3kK}nog+2`(3{B#cTb3w3UjiP=KGZ&t?)881a{=PZ5L>M;q1+X zI(vT)1pOav**xfXp6%}Dugg(1Hr^_a6%HVELsN0WLN$o=g~L!WlC#9Jhy{AO-Y0y= zCw*bUltIE#_Q+5Jo+@CNnccg4t?t#m!PS{tiV_x7e$Qi6I>WM1G!{d^8e+O*4-TbLmKSs{ zyFXOAO^bE+^<=zc{$jE}&D^C4p%V%1e%b!h+3jJd2X^-16Muk@@85nd>dy^`HT+lbj(uBa^Zt9f?D{1fDhwh zuZcT6m(0eId$ieKE8Ymr7L?RzMCO`An)^hhjjn&PfLV97IPCZwoR|a(q)87xjeM`G zTfpI6%s>z*{N14kOtyurH6>ICQm_V0jqUav5E}Li^(|+vxn;&r}@5U`c_CKt1{b0iMvF~GMB zSVs}E+J)4cuf>42 z#2*fGZ9cgSez5Ori~ioX4MyFU)3w$U`|I7!e0gnU!f_6Ac1SR&o4$Fa1F(5h2{m)) zLsN?NB)szWpJ_j3hYktRD(e-*35wf3ic^*i^$LKkXuagr?L&&i$+;j}lGV zW1@l#2MY~NDk_2;UJ&F(sow=E5tro^1Wo$MN&)PHH$YFRB#w`pgjw$g#}Eb!MOL2~dv$yN zedGA}X#C`P^y^%S9#t|y{=eFuRS9rvr80e$#)Ufb&W*9K8ndv*i&oEPcK%_zHql~s z?8x^Cs;n5A0u;_c8kqbpI8I{8uIX zKd8am2aS`sHHLsp#FjsaZ9*p6Ux3!x3O3Et0a7LnhQ=8L{|&y9eQqa?%AjXcL83Lp zjHREZhQO9`&H8HL-Gr>rUpS(h@&i{vtvVq(y3C$}oP2G3Vsdb(i=aS-1Du1cDD=C- zw=Df0;#(Mb+dB?MC#O(}Fp|cNNAOV{HSdkJ^7nK~Q$WcFL>UFxeTg$W$TIg%;EqQ!V!phR`Tiu;WVxGAh* zHUj6toflE!G1=hEy3^v+bDa67BQbDZWQhWLeXj$wuX5$&t(uG|XnFLV%U~~aY?;IG zx(ir^4TOpQ3-{l63h~|<4SX@O`Nxv$vofMyV_8kA}W4Z`8=}v&14wujE+!!h! z5q1;$QOVFo;OXfpmBNXVmIl%6r&(=`5Kpg_q=TDK$6=-}i=x!f+-E_#Q?64wn@cgW z{x3UDNdnefbgD=ZYYl7kpvZ0uX$4bNSMNq=0T`FY^t$E?*95kAVwyaW{GKZ*#r!7X zyM5_vtx!;_x6#5vhHE-ZZH$`e<+}w#r)V>!7}Vg|Zc(bLD*1$#zm6PP&E^6^hirv5 z|7!$GtUhR|l|`Y3?%Mcs7pMCH0)6I9nv;`a z@AB^~s?E^f7cQUCtl&IEo<^f4kq+ZB&!Bn{k?|LGrQevjK`qa~CT`jxQDF!;0g=@%4=D%c-^Bwhoyw@+z=UFGL0 zO;k!~@68(8L;je63;Df%>HwWth{6GR1BJopt-+DmznPI<;dv~!H|*BX z+QyA`uPf1$7lzq$MRSC2@^6f2|6|#^&V~9_q8$3v!R{6Q+__Z#HjtOp)}R-J^k9`V zq9AYgW>Pjf0s{(9pCC!5JA~Q_3NkXi)pqX!je2^^UsuWiEhacxsGlKgsBk*bZh5+1 zz&w)}61)@eTy&Zt2&oXth9t=~Qcr>UhbRb8k&f^GS+Iwr#s7H9Fq(3YgkbeepToPH zPp7~&>DMi^_ zI{W3sd^(4=y1(&{kTc~A3$4kR-ss?gh;ulhZYXZ7UIayUaW-f zP9181L)HC``}{n5ypj+1$7(J-Y@Jq4h0Pw&WLbj)@ru)j*{mxCKR;Tpe^^xjN6!SapwmK}24jjg zKT8)x?O>(LZeFxeR9;sLn>w`hOB6g(?!!(vNt~+%SDWjkc#n2oZYN|0Qdp=KBqJ?a zgRBLOMvx{h+ch)^mZnWO*fyb5{N;-X*8Wsc#5X0H_XR@l7JHIV>VCYp{$LJSMsX;b z2NoY^m;*M@;6)%Fn4vM`0DWmyV75M8tR$4)%q>vHpbsbzD4)P7E9CCSm`qgPftv2k z&AKupU}gP|BI|}6)DM*%?VY$NY_Ojux-y$>lWU-5-bexBfdrJdH?e((6gU+^@&2tgLjt+e$zoB1+exOsG&PQw4GV?j+Fm@G)EY6GlQoqUe9x zuG^0Ynr9*O20C2|a1`)ld2fD{*(hkP?PVg()i#*-XUnRGyOZtzcwN;o9%cdPY`Wf& z5%o>hv$sPv26?<|Js*Rhn$&f=HMZA~0h95XLWAIbUR1wlY~TXfr|L{R=|6x$hCov_s9-+5@{aWy@N{K;hacIX3Iv4 zNa!4Y_D#i+2>N(aiMpkwakDz4uTaqO!F6>RL}PF8s@#O*LL@p9^L(%ABWB zKr5HOD~tofY+vP4VW_w6$3q29;#M^{r#{X_cqd3y+5C_x?El#IzeesQ0~#2S)*ZT$ z+u!*CJm^I4s;=G3R>)8fRvY^TGa`+%)Cv2|W-|<-gNzVtjeM0*AR46v=9j)iLrgQ6 zBz`M*n@MVF5;%~LWKCX_n1GzCaeyB5K9deN;X&t~17v)r`i6CQzke(ANIEtI*TMxi zpt@^4y3!CzP(4<4D>BjqwGAkh;nQ|wQfC^67ZuRg2?}oYv~78Wocfe}8Yz_-|4ty$ z$$XYKj&X=Ss&Da0Svmez;~T90#=6awI(}KVrg;6R#ai}-V4MkqduY&s4v7|*c!VIO zD5e6kH-99&oCxNlyV;(ErqW|d1+cwi5kS#ZDe-m^t7~G~=Z0`No!N10g4dbW=da>Z znKYNQU?sa3`@8G9sDyOAWw#u!E(Y!ai#>clUM7v^R;!CD*2YJ)GkT!0nrrk)8rJe>35He|LsKN@?bPWp!;rg z=%~ez0>SLXH`KcNdzF4t&E( zH0^7pRH1+8aKQ0JTT?SWhCK3hqOSgiA8!+$f@}Q(90YT#$Gxd|KT+Q*=Ix z9tLb%#-NezpA=vYz`ut6&lmKR_B8{*z85ua zoktD9!FRFLqFOI{eq#CeccO&QqCbLLe*m^~7xbqIFeSqdsZ{|D6N)-zQB2lmWZfuz zDD`U2AM4NoP#?cJHY(*HgKlzldz+rHHL;-N zSA#W^L>MSu?WPyP*Nx zKhy8{Kn1ZhX?l{b%=)NT@X>YO2t|jND8em)6fT%Ebm=9${YaY6x6KMcJkNw4fTt7` z0^Sf5{DQP&XW#(zI~(&H2nveEf|yPy;1br{)M57LM z0%u$M%`9T1IbudNW=r5!Ex*8_5V;e69082<4CwTN_U{`E3J#v&V%f2a2_tGLM+B;U6fMw(r34p@$Cn4gMssm_-{??`9@a&({XK=yJP}P3Hl*`@JyL zV|3+DDU2qXvUdDHD3I(}e?TC^|Hi~|KtEFjXN>y{rO;zafPRnz2WPjsE+ z*v7N7ewue^W;WM+z}u9p3yJet+c@wwW15LdQm^PM{8Frq0mPSr5!{^Bj>}-H&^Afj z_i!7x0&<5_~FeIgV_QUd%^Ff!YP%&KFa02|f6g~=R_uIihtFhpl=TO(yOGE26;hY~l)D zo!IF2{4y6>6%6_CwG%EndZKD_HMy_^glgvm$|B_OUq{rsL-z4V4wm7T1_|U` z{@C~8{M_&Q{QBG{KR+MY5LpObC`xd-oV*9euq+GHI7$dcfmjel3V9!5566}+=Uzf~ zOwJGO_v9qWjpF3*XmV|;b*nTgArTTXHYFY}DhR49*=K?;A=LdFIh*KA^k`|vY1Y6P zbyS}a^x|>bhGth{%5f+s2P+1u?SlH7za75-sEmZ}P~KG|I3}U)WnJH-r*PQLXFSc{nGn-dO2`F++Lv z8}mvJ-8dyZsm-SZ;1CO#)}<&41j0mkepaow%fOhQy@i%Dr~Vnh{Ri%?Z?6n0QDaCF zLcTH`fLHK>4pcJDGH$@s;M|hV!#fK$djGjH?g;reLGT~b1~_&EY_$JQ-$=U~$xmc# zIT@$l@6Nv1b8Y9su-NSGeqP$xeJjHtz9;TMf*<*yp*ufmUIgv?g&CPwzf_nWX^zCz zU)oF}fm7~#4Ue(oUjBWMQ)ZMdzUd;92r|2oY)fLm5Mg#U>ZdalEl8^vtxaWcSU*O= zJZ2FBij}RV@L_n4?mh~j_u}(s;)k5J;W)b9{)RL{p-+NAl>G?_$jVXru!L#HAsIf+ z$;cGQtwke>wEHSgIgy7mk6W$v^$DmNe#6s-+Eh`*cE#2Gm^a5Tl|Hm2WyJga$XT!o z?*uKU-MJWo?h*9iIvIF{gXkz3)@aPI9GwzXTUa~wV}A&bytg$hTEFO&vECd<9W&s`_k=7yYdcpgAq$~#N04Wm;CaSg&~?z@q`|(WD@Z_(g&a=eqQNE# z1fh)sJhI(5Yx86K(Gpd!WKfS?mXQRfmw=QZ#pPpTDUSm?KbpZ{OnRPi!3_B)WYI5c%gvVJ{^$2?n}1M}=>IkD53AOo0130* zx;(q;sZl%G*g}cisoFbgaAXrJFP3f_m*v9>9ipDEnJG|%^L@Gb5bu7MD4m|gZhq&$ zyLs^J0mgK7Bv;u`@=ZQpm*?#nY(N26a;Df03RqJ}qJVx@L*;f~Y1J_5 zQGe8WFUA`_y7X~7dAD@Da1cRqh5m^|XC=#Cwb_<8E8F07X+L)mK}QrPx$-ZY)cony z(Cqkf?h^E|6>CY%zmuV$3Qjg47m&~VFUSx$L*=|)!3lG7faF8*f!P8Bv!|e;NDJUQ zNu6Q(*15pxe98Z>^^)nTs^^<`|ESU=g{Z>Lj%<4W0lK6lJAr+O&9u?AWJD@GVe1o( zfk?u*fn1UiMnJS}P)d-#J(>@MEoPCNcZaaK--LO^qV$*qS|>yv8|k*ALy9hm2>et? z><0<_If~>u2PY12WdaP1QNyHmAAR(z!oH+pH9h9C%mv%*RNmSMT8n~hIw-Zx1Vr_t zq7ms5twNRjkGLE~@5Arv@IF&mQ|o7veu^%)W8(fKA8danRd_Lx-Z57EF=?7eWf%u1 z4X`u}=$}t;$FN&fVyKkbpn595D^I?_T7EE1faysd!^o1%3=aA!^=QZ3gE43n{<`#X z=HT~>lOX9HjF@pgLkp=JV)k{URn}((u}i*LmRATX9n_+5dOf}w`N1M>M%nHLtbVy_&A6h{^ev|{S4FV$UJ2lkBpbDUH)57 zWs8Viw`>22U3-%oH^pCEJHlt+EBO~!G~WVs0Bj&R_K1|2m?-*p`J~+x`l}FJq|{+J zK=O839V(IEtcun{a!jyqtINjq${}C_S!9PK$shZCjZRz_`;ZPf8 z>htm$()RFAjaZVuN}8WCVv&P*s^Dn)Zu}RkqP>byKgr69E7(>EYoAkj{hvqo34j{K zv;+B}vle8vpk}=%4+M=b=+XXM<=GCQd3Bnzvah&+OhiD#!YXmu_R4oFI@cuPeUDOW zVy~)URPl-hyI!^RAN-NtAg${6Ys8VXuC(H6^`D7ME0bi@hxcPW25Gn@QMjXgpyt$y zPQ9xbBK_%TBo{;D$?B7&k7AzA`PlAWqp>zlB92f+$Drga3rmg_WYwl*H_KL(%T}c` z&V8&uoQb2i|HeKd+mSh9I@|maA)4Zn zVZKPQm^x3^?RSCPSDMDQbcSW@8|-Z10D?;7PgM-VXt~8YfW0(d_Hu@dc_y)bpK!ySmDqiz#E2@@t*wI(utL6c6tuJ zF%IEBd?l1o0#p(sPYj-s+y9SEIxMqz_FOzy8wizz{jg)vuXbp{40GHXu=AYefixU9_+Ep5eb*#ng zBa=naBU^i0;Q&|8j&|NNeI@V*1IbZ8O8OQm`AkhebGlhlqbkyKvNKf!FPf9!H7~hD zr6))xy4o2BpBWZQ-3^{1f?1d&pgNG8mKKhNHEB)CGaVB5ieNs-)j@wLMhzR|!wuBd zTA1gxxpT3_{!Fn6x70U+N=FSi5TJLur zFk9ug&b5L{Lfiw2zl4f*p{|MPwbf=W`VgUoul$E)tj)(Iw5{$y{k;6BZDVDL?83eq z0A!Ue8y^GD^hn?A^7Cs5`+Pqv4Vs%E@ToKjF~9+Y^dzW|m57|5CU=#!AH z-iC&(5G;K~v{yCSC*+k#L^oq}4|NL5RT-PbUorz!RJVu8TcZ(ySAX&A*8m4F;)cdX zX##fhS=K-@LsC?0P|%lD#4bC7{P*ni%Vpml0rL{CCeN}c);Po!H+g*wYj}`qr5k+} zZiV{!Xf?84dK%JqA<6cPA8}l#2qsR9O%?CsP>h9O8#Sj8Mfux{MoK0t%&;>>{@7A# z^yqG<552D+8Nn8q-So~4B`KMwGOIDqLj-`^)^#O&C+lb@bu$9Ursc6M{Dv(&2O+ML zl>8QNl;wKMvL5| zx6jPrRp;@AqR8^-E))jQDpK%7Kwcd-lek>nx1Dwkt{fE!z*0&jvBCgmBzAYc1!Q?Z zbaZs4O4Jlll%4PQ@-Z^~=``wAOY4_~92`>Z0{YFY*oH;b5u%p&^fil zkoL|dh5%wJzNXo8Mn(W@$W_Pl^=xMuDv?l9j#&$KV4Pir=rCIEX1m;D{825_d}rM9 zfI=>vZZxxAMVI_%W1z!5I!bp10m{F0#_jQ;Ixm^XHvN@POYj0{KlWa680LqUFwEuQ z(h|K*X%=N!V+4h(i;D}1{WGmw{dX$M<}MGArIvl5TGl!Fo~SPZEct9#QTW1k#0ZYt z34{U3Q|U3B`F#SNNnneM>2P-faB!m)jS!-uiF9YTX*sn!Lj;a@Uz!Uz5FLY~=C9rJ zX)jVZ?}-fQ{t0}#p#q!HTB=;F44d)c;3<|UWpQ=pa6SPGr%i<=*ytc z=L~EZ&DQu}PnjGNzJb%^Hf+1bZ@V>@=7%5CLO`^b<*Ty-i)DNrUcsh7Gz#+mp!4+^ zU&w98l$s7P8Cz+;zL_^r_viTTP<3I@${^f487acRN&lcSCdwQ%a6{kt{c%5 zfg5)!z1a#|)ZYWCJa)!XdwxdC?rUqZ?@xa&KvBRmH7)!kiNR1QjUgK%DT%gnu^80l zf3ah|--Z?hUvHH;8*Cs>Y*whz=B;%#nfPk0nyFsoHK$L#WZ1tSsCdS&^i6Etz)V7h5v^rzeE0wDubfsaJxaOrcIeNJr&DNpmcwE!HLbG-K zqvi=ENk_@hyxl(+GCcQ}`0bDZW14Ss)Q{`h34S*xV80euMu4IOI|Ic)kcMX#&aK3|S*ySgYjSp0l6Y z=b&SA`UOA3aC0tj>GF<>uYNDNZRJ@tUOR zvT6&MC~x!SeTdwQ_9lPxAljfHTaR&L5&NJX7n-(9sj<+=(uc;OTGDRq(rPJI6@`So zPSSbA_0zOzxC%Jg-3n5F#0p3uB#ejFFi{MN3z>-H-LaGG<40yQLl}P|DplV#qw2&2 z^_vCk6PMyU&@8hF7&Fy=o$JiYsp~Hnm4oV^r`yrR?605^hh{jdg3h_5UOJZsS9lu! zb-vHkW9M|^)s~JmUvE~{JG{fYe~&2AV<`~OqV-$i^Bug?PcCjrIW!%s6W%M>B1i|H z1QUqBE#udKxI+TuDR;QAN^<<5`*rTxh$JxET3Di@3$^fL<(Onrl(o_OD2&$Y-GiN5 z68L(kDAEumUwdP{N#BoGACwkgC_osHkBEP{ydn*y!Fp-CJrs8AforzL*~p_sZyRHF zh%}oiBOsSeD_K}sto$}z6ciT5dSaXSG#E#{dc=|D9SCK0Z<`p?D+FxXkZ=K8A=W?i zIAM;wy%`oa6D=flv!7T1-S>EbjiTGd1?1!Hk%GB;JuVE)Sx-pT_i$u*cd2yec-kC; z1k1sL*QkFmhP8guR<|LhY3}{4rO`#w{>Y{tS;ZNXr1nrJmaNUyd2jB8gpco~$D-B4 zDHj*7`FIX7Bn|ZclDMYqnvUxqV)Pkd;OHQlg21K?9Mk zKvs$IU@>3Yoyz+$TVi_f`=r{{gTYWbr`u|QlE&z0V&5W@Aw252DRy_uTBK`=n4wB%~W~b@rV$tgj!|`tzms>SP8_ebP)ihmmwAn zY6n;l3kq~(OBl&}?T%yjK=XJqetw?WW{TF7n+R3LHIvCm$X647jf1oxXHE-+K&=l< z6cbkR$A*@F`<|VGpNA@!uu>uuzQ2?QZ?I^CR# zC8kC8R4#D-bcWF#Ii6 z7(P(pwp{{33}|&Kkj9}o7@DS`3y6Q8@F&&IY>gbr5UsmLYfIJccb!E3z4309K9gNl zW$_0TJI3SyT=CZ8B@2y}Fx%%lPm`#`xUlMkcw)AVq;SL0X*$mqUS4{G6<|!+)Arq{ z5`Hl-sKXli71x5Z#Bj2Bhfd(k+L2-eQzfo<3O{X~3}3|?TI}Jd-5z{}J#H(-r&c+o z98ma~{OS_{Ius*Tdp6zqS!hug1d)JOV|Tttr8Hs;w_T{@dkC^l=G)(Y7)5T1& z3XB3T0d)gaA3Dexa(Hi-3?vxg zD`(0>dW>dbEi}z(dAe&2awXzWG%J6osw#`lSuI_&S2C6+sA?*g%3Un9UUA@aHRz~> z;n?v_k(Ckq4kQbo9NJ(d)tZMt|2paJxzKB}710U)y(LcZW(p(Vlr?fmWAry`ZmV zEZp!W(G``*kcbQE|4n#L89%QULfQYt_9@j=w6zLfn+{iu8NAY;$<%=s}qEtUk@nThJqYZmx8e zM4bl8BrHQMGcGq|PK61$E*4~2Wk`axtMsE9v^1~veN52n@;sV&X6#sSi2#B427%jy zPq3urdGC3Jn?)!S)ip_qThf}4Xtx%*O3BF~^WCn3#WLtHMth5fV(Kl_ zSu|a6#cUJ+XMHw_zBi!`u6^SolgL4w)nG$AS3>0-7bw3gswby7 zytM@+1oLu3uL=cLCiZ0DvCj*ZwvLG)MDXiA8U%es!v596 zT);iYf_r-cXSK)Gy>z)d++qBo>W|1Tz+lJf`zzBIi}*h|Y!J(q=p6eL)zPeWaBA@V z7j94Q7;9pfSwUhpHtBk&5Q5ew-{1e}9!rp;Na2J75mTxC&hr^G>dcccupFZW3Q4Vx z-5RK?PM^PgsS`Hr=v%|yC`>M`Tj6+GMJ0Z zEO^P};nlUZVDj+&j3j5Tf;7j?NAA)Tnii({UfUt0-f znVAJj#mZ?ObzvIymOUovd#>w=rPyTCD;uNi&W3X3KP1Ll-ta9d_z$$KO2+}+L%_Y6 zpM7wB;}+KF-n^bKxim^`f?f8nYfeeoP(i{8q&5MXL;xcFbuBvhSLJmik>t`NC&{ZP zvi{)xbGP`DgcS94ELP7*^LLGrDBSN_|IXVZ2VFmjdq^1T>a9=nL)X-O?_DL8AswnQ zcz(&{^mkwbE>jWeg{}@X=FPG;Lrx@uYsL!9`a|<@e8<%Imv8;?? zq#T9Y3cJiR!VDNyYl~BvORg25hMw`kaw0QluqSz9^uO@3@@K2T(IXg-?3T{@lLTrx zuo+hC#qilS;G5Yp*%yFFLH2ZP<^l(!3KNeAFHk#LAVQiTAvrC2XxMFxw>Z*ks`=06 zSbX|CFf_zvajv` ziKMS&{t0MzG7gc0f?G*36UZt2Rt09Iwlu-B%1m_oCeU;8OoHLy zupW=Jd^jh6S65!?!v0XS(EJ*wYa#V^Wc{d6#^ljRu_T(L2R78x6m;_r>b%^Fg% zQ~&kMK&w?J&plO3z-9a4xb?wOtCcHN-@t&$co;jAdiQ&kPwRT`Pp1_(M1bSi%Fv8$ z%r=0#)$7Ckp4`fJf7{lSuHdAjhwbMszlec#0o;*X3OK#E*e+t*MkHO6`v^h3#j+oQ znMx9%0o7?+lXjUm{cFD2JIb2&bkH|5;`H`vw{3zde{$j79!<+%(D^7~wKDS>%rvT2sOI%jieweK}WCjpbtk@K5ZR|?DqHBK= zxn^YqR;y)fLc+8FMo17ahbxbWaa*mlxp|(hvL>d388MtAb`eZ;2#`HPTr;X(;``Dv zh}g57k*H4#)Pd&$!-5Bsb&x8d;T1SfwD1977A4j{n&&eolyGQ$v0aB95mJrWMxu_ot)Wr_X(#oOE4+nvZwoqM;?yhHC9SW{xx z|Ed0H<1oJF%c|JEjAoen(P3^C&|%|E`T@xIlll$Fl?e+xBRK7xp{GPj2$R30ncV~r zjgEG%^!-4wVFOc3bVS;D_x9#l!1rfLy&15ix-IJ2N9;yB1ihV2?xCGsOm+A+_sXzu z4!OP6PCS#_vJ=JA`P@%0CuNhbc2`D_ZGF(lrP^~P6E2Z#Nylcykc0sVv7=Hf6+J3> zYa@2%g=cpLMc!Iu8{#}$+UT2Is6&6C5HUFV(J|Xh7R%8cA0IR50^nd&N-W(%$267T z17-TYK)dC^A+iMN5SkXAb(=FMlA|$!Morp}xXV-E;mOPT6MbN>_e~740Dx58WCXg` zD+9T$@F?6mDdmTq(PwOTSHw<0?6fL0+oK5#%QS`Nb|o}ZDeHS$y5Bex?6P@J&zF#1 z8u2WAKgV48mZSp$(BXUHR?j&Ga7^~rs}DJ=pl|u+zdg^J(e08D`(sj8Wdx$TYo@mQ zpGrDk$C);uTBP^;wDjFB?Uk>OM%-gIH+`h|15}Sz@xcij>Y<913MoY}dEg-mZ?vgG z&n_AfB$xBZux^T_aWV;hHg%^V1cOTI^o-G_!BdF53k!K?yxdz=LttTcDbKy>N*^=P zSCP%Rdp^wd8+no0m+FU+=V(U~Te-#(I?;$cjIK>a0J_%QImYLj=p=04gaj;gjy9M$ z8mJvwx*41A#yp)_tzzm$s=8l4t~EYtW(vcK;KL@(9@-bHz?60(^M$Iv{Z!a9sNt{6xp{uIi^dNue5$86G zD*;*;+x=mt;0ujZu83N>(U6wxDEM?vQRvfp=@jbH0wo|Hbq7v_|hvl>aI} zzCFT!?8l1`6kTmxIG8WjTflkK2%d-+Lw-W#C@BJ6?I()`e3OD<2fgKMMwOBi1kn5N z+_wcHBd;=uVA}FaDZsu{4SA zpCP-w>6sMdfvcrZ1F0fUc;m)VX$kk{Zg^82f=w`#-6Q^{wQY1)4Qr6Yk9-^Qb2F^M zpGE+FM~@dcUNQF%??3ynx(U7+1M9hv5Vnh#*k9E$Xnj7ITFf(Gv$FR^M0-TwS5eyO zWsQx}zNS$%?wij+0ZkLCwCNlYo+$8uUVhqjh12tse-D{qanRdz&_swAnV^##=+|wy zWB?p05y)k?9pqUI=eT!sF~)Du6N2$dRtzS49T<;uI~)^g?jk+Uu8`Wcac?4#HL3A~r zZnc#+sytDVoN}f~5Q8Su?GCnq#1CD+Ok^)2X0p=wlLgQ9aDU1Y&tJntD}4VaUCJ#s z8TZC@5WNK>dHeuHGWyp}92}gWR@CekSoC)Dac-ht{$2teGo}H4&9ANtkN}DNQ-Wj% z(-BDqVQ3#o9RsB%t$`N?mH8~NEbFMInXMhx@_|s_8YiJlqzm9JB-6!!#?N7@NFD*h z*H9Om4(N6%l?a~tN@J>E%Zy0C z9c+h1PwnvVaF=OWn$%D$$^sBbW*&>_Z?bKVE{(`2!8Ah9} zLmMHoC31DAiV5_ubH2DTqyMrp<;4<}4S7wnf6A~1?>-4Ce4|~MH_|$F=5sZjq8ndP zt+hedqUEul2fxrJaU)C@EC10dXu-NAAgMZ?PbSh`i14(J%zm4xjvgzpG|zU{MuM~+ zTJ9+%A%R&{RV6}cLDJR~FGW9wc5sd`0`PbB`S8(ilv{EUc4)_Q>%95A;!?s8mdusr zd8_-CYg%X+)|RY3=$|C}{DeSp9SL{GzdO z?yAsbq`rIJb1faaFPFFAGj?t+mOp!heu&zCyGjxj&L#j!8$-VVI z5JO;OZ7`obbQqq&$-XGIg;su;L7-FB4j$@Edr^?%ZNLWwkX_Txk2nD1aE7&ewK`>4 zrhfa$=zszUP}hOh!PEW>?WT+T5Lq(=?HBOqge#gqkPr}Sz){`Ea3iqSYsbL6fDlgK zW75=qCOJx@Ru&8JmS4XPi}nG({FCoNGT8ulo0a-kM6)$UNMbx^?;x)aV5zb?-e8iE z|NlSTT9V>C8Uv0mpxZt!euS#Z$ncq-J|+v+A4Pe5eI)52SWXLR3bFAoJqRVx%tD6_ zN*MUc?O{NL30<*Q+-vds5Ys6u?_|=LK(t)tL@K*w-l4rhH~}?c;$w!nHaEhoh!fFz z`OH(e-)&!WXjj+phakO27M%1aPds7QyoVZ4(!K1@-19WUh_S>5+SnfMZ!^Aag?wEo z;v)2HAZlqje89T_x*sdPJy~%QID*)MI7@uPWoBVnqg(H9OBjMUV7@LeA;h@3(^w3* z;sJ3*#P1EM#Y1sq65=@}`P}_UsTT?|wrhlgts71FKHDQzUCi?$)efuk?CMK_73TXqJr(TL8)*Emi>V} zca!7SNNp!aTGS2*mk1B_W|$rNfcJbP6aDomZA7?#ihaeQu7of0IMib8c-aw&819r? zT6=2`Y%tkfh{v|Hw7B)=eB{1R5#JZ-GSw5@YK8gm>=7h}GDm~3BYwcRy)%p&QQ_w_i)}!wK`E3kO z;p7*yP18q37ufvAVo@RvB#~!EAUiOez`^TEuS$iz%ZX}zTw$kuo>DPgFBVs*)r<}I zyHr}pgq&-cyuL)yq93znlX}BX(dgzXD#vP%S`~M!r8&!@5z?>;3cO>>He7ofYkWt#tA&TcMBldBeCME ziDw2~w^Dpf1e?&q*!U}44mIb<#5@`d1C{9AsbQ>VzT@>s3Nj^_3&5&@_DE{UF!@pYp0dfcM%i#Ej=;BLc+rG#qn3k_^kXI3quJE z28#_gQK8eCl_NhdW1V3Go*7cM@X=6X&i3)(y2CNfL(^L{+=Nhy^gyiZRyvRFg>{yOS^ZcZnsdF$6|TE{Q~TOoGK-!cgKq>D!(P;asIMhdGIy)dV?h>!!wPHPZJbntK(6UFVXvtQYiK^O;we4bR^ZlEN1HFk! zBiylU!zorcvuJI@4PWsWPbu!ZRL`#L|4)43XDMgAQNk z3;2%rmdO%cy5kZGp`BgGDd=v#;O~M;_bAlZ6&fND#WA!vC+iVU^VFv#kNA!lM-6F8 z-&7CmuJ@wue^=W@#l1-3MEij1V}e&pna6cpVMxDF`2PJ#$B&sJE4XO?8K4m&{>YR2 z1Y8XV@P~!O#G=ph^%lWlm+&R3jWC5mKjl5>0YD2W;5hdvp*))-;H^1kLiI&ABr6Dv zlBo(q55%+*9TZtCx9}IHxCC$fGNehRe2j!=PgkdO_>WTb{D^)#MCJfwD#l)gz=9JA zN<9`h-9!n_pK~?X^M80^O?5_$K12_xIrifeC9=W`op&O4W`RQZpBpO&cE|(7Pm?el zcZ%I{tJaR%4Wz}LB`W1-Lc+mZRn-p^7YDX)N{vv2$IoRPAj$w+&PWDmgnf2ab}?EM zmgU)JHPuEI5H+F98zYC=_BkrtHs8wR_14dh<1=U#E+dwCUL`sMZG%4EiE^t`24_?m4U1 z2E>m=cM$0gspYk4q>^jVcNoOx*ys;CjapdO-oMHg#rXN59n4g!&3IB@H&J^Wj7Z9y z_twSt%$e0YXw%ubxcts};3p|wUXjic3oSh>x~E{gK*!?OK;;isuopJ(9n@NOs;kS*^x_y)4kQM?zj+XX*-&M-<#6U!ct|deE`}dE0nvWQ*x6dZS zDV*weFCokGx#{mm{dup(6JA}>CxL&GF@^eiJC{a7@zRqVA=)2S)xqgSMK|Uqiu#2{ z_LUs4PWINk6Rld{>k}o%*2eI`@@A!&3$ldCtGP<6@mOcTXedBF4Ja zC|gQ^dqOxE8Frk;wYBdTo`A=@YJXhXwOnMXFM1!>L7F~?%E6Xa%Eatv&ps#Z`rFtg z=c>PyEg4rLtkN%|iAI>#LfzhoW^Le|F>nw%dR#*xxkc0f<+W6*&`XCH{3JlKe5n!x z11WH);80d3V>!6yXCPCN4^MBi-F0-6`GO z9nxKwk_M6PQo50l?iQ5pmTu{K4?N%c{offzXYRcW_nglHoOO(E8+!Edn{F z|J7~=7;&Hk@zMoM1Ojd@NN$1 zntO?PTI6mv7Ln$zW+7V!tfAc>{BQ$K-iLKPwrtK1+>ww7`_+b6>?FS`?)2cT5UX;1 zHrylcXpzO^0xvN;Yk^;xIB-1S!oiZ<#$(A@o=-!@JWU_t#A>-5yb)G1FGv?Wa+RXR z0@)+P;Pk@zVo$i4oUDHS&OF>r3ktAc7}JAi;|6$O2>!s!m$!i86fNB>iW#Xs|HOH7 z^C$r*G3{F4bUTa%qVc)WQ3RH7RLr9PJq18EB(O=w^Z(R-J4YmT6;iCx0L3T8pBfl5 z)>p-(+`c9v3>LNVp~wlPXH|7X-%kFJzrB`AOBr2A_zSQ^aG1UzGOS zG(qES=d9rR$ai=k+Vc~m#^_B&W@lfnY>WNjwi@xBL1KxIU$i4o4Xta zJH?*?SH#`WaRNoU9Af>kiqgGFsklDBG3U7HbOMOHn6h(NkmTC$OFD1ukPV%nzrYoc~g{azG1-Xp3WDG?|_M9lF600pen}IgS7RZk2IxL5EI;* zpjaxFh1fD!{n!x8tow*a&F!qn^jFho$^#~HqcT=`8L1oUcX242DjJJBZ7`BTE&J?_ zL~v2wn=ib9*djn@kh)R0)$Z(ut#Kk|dVNTq|CqXR`h;lOn0)_42Ko?FC06t-+titmk@Y(aMyoa9L*n}={iFo?i%1m7>dwfS;XHW zdsH#%T4pEOsVdLy42sHRPnLm#d8t4SO4#H{AtMQ>>Fc#HzF$`}qr(wdP!E!m@1czv z17yjeC~F?P&tZ{ZB2hEa0hkn3jj{X}L($m`YX<*4eY>pD_-R93T0w>}VMC)_E6-Q^ zS4TjATB+JlWok~q(|fLuD|WNEmQIy=B~UB=n|Pj{a~>|$n37u6X7YJOpGh51Z`^M! z9?lO|ac`%B0S(G>rC86Z^kpmk8ak*qr5UIw-B6ix`0MK__y8TX^NlUVsEZ764e;{0 zl4CkIPRrQkI!}byzC2QZ!lb&JIs-NJaSoO_)(Z&*`Q5NBmu=vjCLOF^^fQW(owNK| ztBMm8PlPX=k`<|;xGQk}G-9CE*4ES0=QltwWO9|r34<;peki4bZ+1F6QEYIQsSpqM;M!ItkwpG9y@fh#C{`g1o zV=K0)lwc?}H}_AM(JgJ4i~0-#bEHsvZglk1!HcSmxU6SPuEf3@zfV9Tv?kR?OX$gB zo00+3M(X*`PpJYYs!^$ZZX^&Y%I-iV3e=V#JY0l~ zgich2Q3US=1$B|p?jY;UcB6fRD3;9gl7w7nQ!l4}5XBV*!)S9gHHzPhw*?ecY9O|_ zPjd>fMT?&$C6`p}A)~D&3Guq*@)|#kmMKW|A?9+J&--`hb0N46saj&%3a6w)1|Fi-YX0^me2#%+nqv&e9GCPD z)!mN`O_9n)_!&qE1Vy_qbyEU~yPM}AmEUzvhoW?`pNdFzOBt)NXu*Y3c8BjjNA{Dh zoL-!bdL3yLHseOW+Ft@NkV^UB?ZWyr?~yNEgiW5UP;K>#Ou8n-|M70Uq$pc-y7V?+ zZn@o$51TJvmtqGiGV(k4u7F-KrH)HDg$vRd3z@pi=l3TJD7CuNpH7z_QI!1Nmz3 zv4@+wL8qD%k}sU4VouLIyD==E3z2e46^R6chOB~uq_YbA))&{ukz4X=Uy|Vz6k%Z_ z2%BkSkqeE+a835as!jrbz2~AJ_LtBU{9Eq-Cx|TzqFw%$3uC9Z2YI{h1+EAj_x4vT zy2;B&zWIFtl!NWAs7F=%l}zka~CF^)FVxH`Xi4Xx1!Qvxxy zad};L)y{mZ?`q9QzHRdb0(H@1pN235H)N^Tf1gLowc117=?a% zebFb-##?YZ7IV6M?gkqdjvdg5esERD1{QG;wt*fbmy3a@BWkA4*Z{QuD}vRFx-_;_ z37i7PxOzt$jsvbSsn0~HP;dL+@_Cv^{Md>N+v`?Z$b;L%^>|M5_|M``Lxb4SaxL@YTi%x9;2R8vR%jDc z_dTB_wF7OOESM2M{Tz$~DE~RRc*_Vt`7LVT(zNR6;j}R|X_7C}va&+`ELDCL#0ZsY zoCY>(`lsmksk{k(4WdVY*5W&|eg%U-Ic3eL3U@D;qev|JYVS)M#CJTX28W13jXtWB>^U!uZ1E}lwsr1gx~YR-B^IpfY5Wk%YB2!P@AA_<+Q(TR-GZSZN=ho`v$t^1iaUM zPpGG}bbuP_hOzg;g1jyvQ)TY7+uf2^w7)5~AW~MI8$wWpL@z2v;x;f4D(1U~ zQZB0NNEPF)!csx4lbpYUgbnfYpO#(P5OMtJDqRXE1Q({rLWnp2tg@Pr_%BfjjZ$Ee zT$3H;R5x3HEGZ^$C!Sf{3Laj`ydhf(4P3ul{R`K+7bE}LzFjRT41YF_{;Uu~c*)_v zc!$$qw-`!6ikh92M7vbi7a*!43=2)O0D&zx#xM=F_1Ug8YWuT|awuY<7*iSga4pci zU_uv!!qy}KDXXQO_mD$IL-Q6-{{vd0Lz?E9YFGq!a9x+Y45{xDLzbFlpOhO%^lwRm z!+gy@-`O-si)kpNiA|mMdA9XYHAF|YES6>8crox|wd9%f4NMqwb@nVn`}-SM{VuNb zLM^+u#;a*^^%MC0I}}QU_M<2>sEACkpi`7qXgt$ko(kYAwSG?{y@wd8wKdmj@Jy0L zWjF-pCNr@)X1*p=FY|bQs0%1_4)&bEu)ONlz{sZ<-KQ?y6aSb*wX>2DNJaqx!d1WP zmo|>T&*V}Yd7p?>+J&c8fE{Phrv1@qhE^2T`b^)CoGc0W*@{z^Imf-9bu)R~x{jT$ zkZ&HxALq`ljlcF6J$Wz}no$4K`eFmM5w+5$E9yjR$L%f1Py7T{m%Vg-{~j>H186Vv zRnDjPejdll4S#rvt%1G^pj!&&6S<}63;+Dj4~-MlXDN5%?VEN$kQn*s`kW>_9^-KXNPkMeu2F>tIr|r*MEg`TI80Lm#|0T6T`X%8Dt2?kJ?#WqXCAQBl zX(#BP5TUaML{qz_wKDog3+k5z8G@VbLB|R(C}@(3pE+CnILxi%X?-p~4frrH>&FoX ziurnJ8m2;rqpwQ$srwAW5;Z5j*thaa&e7J7r=>f{bM~D2aErNVK^S~*^$ZKm*wOyf z@_o-Eo>`+YBcF^Gt})Fq%Lh-J&np|kcqBe%tTu4(;gy%vf5A+-_{Lrw5}#mn-xkI@_?teG_6MA+~sjL&y@RF^ZB$lwk`f+xRH; zeT`4wmx}?&J$K>*MX6c^-R&x3B5(h^)=gFM(z6#Guyo8aqG{jrL%!vZNOJ;mPxPzPUTut4qZ5vSX9F?NFe;+n z!eAvFORo;PvP+$C8^%c0D5X+Y`7-poUPG=FVrS6jkpG7_2KtS9qNyh=)}pM~*I=3=BuMRE zDoFfwuIc@sZ9TxMpqu;6g0wHc3Zev+;{m{hpJ+SUm_Y-!8GewYNv>z(1~H026V$zEQ=p-nV{wc{${AGxBA%d-|Zp>rRV( zW#$LW-PLi#8#fzLmfUwHm35VQN?4HOID~hC6 zRD4OHaY${MA)^D8bHFq*R+GOR3_v5={&bC^nep(==M9(d1Tzjxe~O*cfRRMGm}uc> zWX!-guX-QJ=`zhO)40DqLzBig9;;~YczvN{hDuD@g0$9Bl1gCVqzNG=BiY#{Ak}Gw zmkg`Ea=NB^(PK+c3Qtowj##@)ZdmJnaR+DQCm6vxjOP7u{=)VqtlK#iu`hMQdOEG) zO~z6b5jDlarGZ zHgZ&cL>pNU(Qtpmq`w$4TJ9;q(vz-ey+0YB(@~oVh46K+*O`gJ=%tp;f~86K4wjwcwQnUp7*bG+Si5k>X1)) zBZ-L59Wjpo95&nQ51#a|(B&2c|4C^Xh5p$A0+(+>p8}nmpXahQ^?|WWBD(`Zf3{7m zF$~{Lo!lUzS7wU;-8eLCe$f%-*Qa z^N=dO+sugH-p<`kYR)ydG)g?GxUPMgKH!|?Z+tvHg1N1owwW%Dtt4DrWTW4B<2~N^ z;N|~u0W_GStb25&t7|;|Er;c1Uh{P4xUFF+`tdxXILH4|V8!3Byr!zj{hSx4FX@Yu zOfC)VRHc4P+0C=;Y<_qjF2!2(e{)-w{CwplETBS~R7`Cx4v$h)?FnWo%BtpX(FAa} zj@2=`?wH>|u|N)!CK!YaZw#6T_Cspr&T~7cp3Wb%{WBAWUAn)z+JT`YBPc@ z&w{w6&+_3cgPj`_g&&P-@eVYzLUTe3X3F~2g9i20$wVbt$GT7_6UDvh-Nj%uOyx2b zLi9p_wK=nQ)5ei;^-+YhpmnBqw(!Q$vRL%E{fjGRW>jPw`^=%*vc`O#MA+|fJUk4Q z9g}ZvWk!1HcIDIX=9`F~xzSa-m47yB{Gv7z2jVL97byn4Z+xpyM%Vzcx7U1q)-R&; zx4ILRsa-zFsHnBBO2^&`#OQFh3f7eBG~0n}?5`hQtYW(n`iYnA3d zyoO?p3@G4PBcqOdsYCfkCVBZ+813KP|LWq{ktFZL;)QF_<~(}aI|$;uj^TXoF0Y$> zDJ3=KrJng>J_hJSNxc;apPJ$z{mEiD+XU$2o=0ETfA}J7asWI>i^UTE;qe2C#Oe8Y zklwrJ3moFjW+&Ct+gdF5uUd81w%Je!K>Dmgi^fRjUA&aBntDl zxvV9jTJk#`?wt~G)D}=4KLBKr*t7etyY3Drx2M#l{;#8$NG^eea#JB@t zwe7Y4L$eDrI)-YWB|mL_JSFyRMnL=QRi6$=4bbv6Vxf~pb@YvVnp!G{O|;c|d11z+ z@Gx}V(wz$gtQqG1Usxme;bm6Xx>LAsm0tqXS?)kU!}2h zBItX#bD-Uemtnfq7A&+-Pnm^iW-$_wt&}KC|22er)k#n@iGWB803hHb~n+H8P@*;)(UDl5eJ5k|7oe@#i;c^T& zU)n}EgcX1a^jtOcm-G|=<3=V_6g|*DjB&l>f)a*^7X*fWn-7$`7poR2l$e>17v2d? z!1x{S8I1$eR*bvrB{oK~d6qYW_Uk2*`j?}h+PBN{*0ace<&H?-fHc^za9k}XX9RF> z=AP&IP&#QMPvQbxJoX3^P|>}mgoVAC^Yep>U2Di1gd}L)QI$|Jm2OLl=LmAOl+=_& z;>p^sSHwg`y;~Btgz9{Jn*DuJMv}H-R*sHGGq^tr`fMFvUHMs3CHvRl_Z^1e(uoJc zqJm35tPQ6zYTX_~oHAmO34_8R&`6+O-hm`rql1*OG9HbBuDM%1(RUMj{Gaz;KX~c{ zB{7eub+OO`+dQhlbiJitC-^h8`+^aQe_gn2dKj6Gp8>HhCxc=!o8YI;DH8`ilAuX9 zB2HD|;QsyZNkuX$UfJY|GRZ2zXO4E?Ya|RO7#G8nc0p(XJ`a|v2A_w;RRX()9URQH zx^1BaJMND_ZGY#?YBC?t2z2KJ1``YU&6b3QYE zOZhXd+jZ8>>JnbJZN#Ei%W1${=W#hTGf=kIgYi763m8$*5LkgNOQ)hzHN@&R+@JF^ zR275V^yMxHV^MZWU`xgk>AM4=*;r}5YN55dDpZ>Gdry;LhRpXKL$pvLB4Av>Ev}-w zc-Gf@M!k1Xk8ii!fb;D0EO*)=Qi=VPMaRpF4*l^cCXHFqEC>l&nYtNUG&nd{X+fJW zlls>I#-7A42qLhyMVlkdOxpMGZ;-7s^~*+93mVh)KC^1k)M~LE+zD+Ku=#q zehpjLVyRXpojFfpBr2&z<89JjabZ2|Y%Mp7GV1qHA~Q))cwh%A2^c2ey((srDo9q# zAwVY?nNP7)S?NQ>lR{Tnt`j6i!(4z)O#LDHdYu-`va-j^T?#bBm|(STmpJi@!>bB- z^Ih@@3F~(u20D7RQ5V$1-9c3V}u=ct8>(_Jq-M1jE1F`&>EpKY=Q}|xB{|nZ@GEj6VcIDPEu<>Ev zb1Loy->(=3e)$#bFIU3}CBe|Vly*K5?gO+osm=q*%kCh`9FvueII~M@C2qXu>r*T3 zhD!V~KWlh{%)cQ$$6zq{=IKkHLWDq};dt*?dd-Tvm3n(_=Zo`-2JNzk4ypdsa15xGL9-aXfWY@A6GJPc?X5i*WHQvqYpFnv{kb>jvH5k*?h^0AHfeTy`3*6bM`y{C!t!l|+)Rq5ruI`!zBhXclx|=7L#62rlH|5IH ze}B_+qegl6SA{@=4K)crKjOnZj^g=_%yWOA8gXa&XM%GrBpaxHfj+LyEiP5VR{dRu zn|N+abU({W>ahi`^g z_-jF0URoVGJY z=UYS43JML@hU)laUmJqDC{lEZTq=h- zAtPs()5w`M@CiIADA+L=B8MXVfFuh*wXjS))EEYEU0+plb<+zNo_&VtTR10~BV zPGw0^As9!B$Bj)s8TwyfwBMhhWaNkcL|!eI5sSumr>5e+g^-NH4KWbl&G&CJOBN@l z;lH`=gviz&SDl;_TiQhl>AGoG{D@~|Z0jktCtaM3>=`U$tnFGp zHYLfH+)y68B00s&Qp$Zs8ACfPfty|k86wiFb1dRb%~G2DZnwo*=M+jsLq?Lv#4#%)$rcjVc3$Bp>Y*cuofVxbUY3ao%y zXZJiE@=AT|PdTJYduL0fCiVItpo1zi=Yx_?kReu8NdIf^Uab1FO2JD$u3j)(A~Vq?Yc8@Sh2NE=NKgT>CKOt06IGkkI# zobyp79UWm?uF!kY53t@SL$XtX&&9rRkvwS{Q1YPl>abV2<>FM z!0vG7L@FAzB9<&(g{z3~TUYuP|kA#Z~ygjrV_s?P|jJg(vZkx8OHy*FHBb?+vSZcE<# zt9J{JuJ`VxQmQuTdhG4GY>dZ>7q$P*`r9rP9D`yTfDiE!`PvY*>o>=i2%IxNT*(>u zlYSe!f#|b|@e?bU>D6c?=PmiJ9MifykxId_$A^aG9WAEhnc1q~UanE~h;qFm1Z~Km zix4AeJCKn6>V}`>a%qGJ%Y+CbmJe`hqN)sj-0gSV&^QAg>fdf!O%AHR8$S3xx;Pop z>i3K3_^*S`9Y#0u7-=9DM1w90h@D7{d|uHofB&o3H%$0`hEYFuI|gq&lAiU)VOOoG z`3(orSM{iGOz^UQK{y5Rx(YchM#jS!@7<46n9Uql1%erT2P$gw&p5XkRT7f2=;^VgB%i#Q z-i<{q{0o7dfQTw%mdD!xQQEm=+uzUP6q;r=)!7U)chgoxA8=a-kD5yhT+W&`)E|$% zi~B3N)Cp1VJGX}#3-T3TTiRG6mz+R^@!)WCQMR#kuFg(fpY=UBl=bbMoL>FlyF8}? zvt+%hkVrVjVl^KrTH-$_StU^D=pw~Mq!IbWB1}=Z#W^J-ji^afqWFK<8_52-mmbbnGX&!cCBC7 zaFk($Z>66LHhD7};HSMDo01b0uY1i}7K(o-;5wa#v`tLNfShz-GNXRSZMUb9KiGJx zSh?w_VX+!m8clcI1EJaK>oX+#(74HB(QyO2VIxVPxLQ5VyfvD7kJm&Kyo8?S32n3N z*rMlB=FU1~kCrqCzgNUXaT2++ut=vUlGHs2xA?lIfZq8chP7!h`=d01UJn3YfFOlBo1o!~`9Z0&JEtH{C0l|2tAE`W4~$|s zWwVMu5dAP6fipJk0oywr-u3C@m}szf>=&b$0w(jQ<<=i-(C#Sq=}w$S7%!J+hR*Wy z_pBV$DP6;e1Zq`v2culFe-u|my72_z<7X{k5d2r4^MOQ$vm7BCYAV>cb|B51n~PfX zQx8>~@Mm^Qc;*t6agAiQW@jj|cp9YND1X-ks&imH{m;b-D*W9d3M+J2&LD&p!;?;7 zIjf1d9xfHBJbnJPN-x?I+RI`Cloz5)R!P#G^lv!uBjT>p@}kBP-?~| zBzA53s6C2M=1|EGbcUOz%T#q8ZBJ;cPC2G1X`|}|%7*O`V3lgEKWQG5xVIjpRtAZB z;b}Mfpy3>4%&s1WD9QsjXO0Bmja;2d-viKT)KWG+L?XZaSsIEW^YlKd6wS@r8V@;Z zGFMEM&}N{NMD<;{&4+9Y5x`)6Cy!6c`m|%|7t;1tp_$_v824lJ^lcW?bvlkS4fn23G)>&8O8yyIa?rTwDSe(ju)s7mcLzAK+{||s0(bw|f z_4L3|3`(R>*<_A@+daMAxXs4@xzAH2c+JuN>=vWi4LS3Uc5Y1j!XVqGV#snIeZzJ* zma;0hvzv>ZZy^7tfrPV3UkE(<#@0Ya))z}=%z69cCQXqmBL_CutJWrKtqh0r3r0ge zu9zc^o6Y8Gc0wC6sMl{!4v<5z&>Iw@526T?dRDU@aB3g)*2T*8JNi7Rr9J~+c8wcU z2=XU2dOSM)`jwJ~(KPCUNMMYp2w1Aj=X&D(g(MvH-Mg);=1}&$QFrbJOd@mhuhPxw zu|QMO=I`yYChtpp3?rq2>SEZ?P>G;ah-ZU=QE_8PQj3E7o3Ey%=7IAyR=1T+(~B}m zlI&=@!>FA}C=9=m{yzRiN?vBPMT91ZAwA?}OHxCRzLO~+_<`>p9UTJcwF{{PqCtJv zdroNczMUu|DFA3%iK!uvJHD7gPGXY{pD%zWKSz(7I^3*_2b=lCI_9|JMFrzU}&w?0flY&1 z(V_-fq`A{c8x!x59PBVZKmpZgE_Q9a!scv^3tsA*_vo#r3Epv1U0R~7NjM8|v)lL6zf(r zCrPVLT|+B%=UtiVz>4x;5yf)pWP8c$a$3e@wHA~__OvlE^@TmH{5)Ey1Ars&1VaF{ z5t0{a&mZcct~2Qa;Z-)BBr=B1>3+-C`=Xr=qWOqsPx+`#98Rlr%KXE*n^hWmW0f!_Y{7xX zl=5E14|c}q&qz|^mG*jn#g|_Xvt5jYgA6$>vR&ydchU5)?@qlE#s5I+6!yiB!dl>m z{4Yra3?m4VskE~Xt7#Ali%e-54#=UlcXO8noFB=y3I%*qEEpYOjwdv9SEvlNcQ9y| z$f}5(h)30xuRVy0+*);sH>3%0sD(bo=xOC&P4{s=ij16WO&mn zb5WrNX)+u>)Yv{57lv*kA9Peao-_sFT6X(C0+*a&`dt~;mi`oKb=2f}Z^dwezgx@S zYTbEHTKtg(7Z!SoebnW{*GGYB;aSczPi&orsxgCZ^ zB}v%namL4WBK_VfHe-4NOWj$4otnM9gNA8cU%~HOH=qzsI-Uh3qj4cCHFT5UaXJBy zn;`J@w5ea(#;4KF#{-v6O{CbZM;OyAQ^H{348En+krrvZ^@iw&n@wm5hGedYzz${< z{X2;FBrndgDMDDKfC!i6+>b%~?t2D*!fV9wA9XK)M7SIN$uXHm@_!8(KzOL24yo3z zdZ=D79*Q>NnszZQ7J}-H{?Bqh66Zt9VUkcAEd8Y(cQxgEzwK9-R z-)yhc$8pgtik*-G&y7?1iVk5@kK$I&Lr^Nh7j^@Zca$Z$iZiyf@#&O^Zsk z8RG#N8&_UJ_e1``=Y}JZFa1ap6^rs#^Q~yzJ>9AC;2_Go6gf!T7ME*5VmUac^|j7U zVQ~q`TnEBQpJPsZM)*0X@Y#8{(DFmQLQ6B!4EyF&Q3DZDcx~O9^lhg7U<9M5CM#&1 zWEw2G5yWOZy;Ko8U(NWhMylU4E3{)GVzdc7igze~idVJe5=&RlG`dv6hoZ|G4E17S z!uRWt!b_eSP*UPk)Ly@nk|-MqmCP{ajW19*w%a*l_m`Dmfl~h*!~#nBaVojKqg*si z8VtuURpwU3Et<;;JVlP|kmy>D>`Kl%gittDd)4=a_@VpfD8wrfA(EWbokA4ZAAW7j zQ8MaGA(;_d6vjFJNp}74;&e{!q5AspAKIL_1#kZ1=#31z)6TJ)_8a{!lsOa){QdRm z_)x7|92Q7=TirmND6Afz_5}n!?`DFHeN!AFP&ADhniL5=5pnIaEp zlF;k&G+A^f>>8}8V|_So_k73`IqX)vY>VhgMRbp{*Rd$s1ydQZaZTp<4@Z3P@vpSl`AUiCe~Rg^KPz|0C65gV};Z zAjT)zWzT1cWsica0+Fay#?hGsl}gc;G6e$Qc9``<9HmhgfMsq3I$RRY&WydaC(~f? zilPe=JUl3%w_oSEas&n!9wACet5DM4A9AtwvD*Z*`bU1g2^CGA1R9@4T}2q>hOHaE zM$se&dLNQ(8oHQ_b%fFY&M>0U#@lz?IA&`mNa!C$a70jLSjKu(Sw4eSq`E-lH-gL` zc)>@|bp0$WEaBV7v}mK}tfHd9XrsLpqVrq~3~HVsVIXoce#|^$((njp-wFVrA~j5^ zxC6S1zR7fyI9ssh7aDLIs4J179Xo%piEs=i;X^-0D0oM~#mIpk(gLqny&lqt`i?O` z=TWjw4+(FmtE`ZSSAEG?;6)X45xqjc^0-L^yI6NwCEML~#j?DHeZE~6W7*^MpId#q2D6Ae)akK*X#bMvBvNIO7`psxrkW-FIa;SA2yCCOV{)& z!;lSYkl&+;>AH)Ff#XmR8T`SlYm$YAbG!TV!Bq*JsW3mm#jbK7x* zgNa?c6((xT`9X6henY&qriQf=dGq>li^5d;OZgCwy>^=(uj^tmv#UyxJ7cmq`Yu<_ zR`@^exs(VD%rwgdh_L!c6OIBpF_IdMcggJn2r>~rBj|Ti=NA6HkE%H~Ty3Ln8qTCh zhea#408xNJr1yrYEe2L#?$d7M=82$)!Jxb^R=v7jXt8r&6w0vf_GDe>YVJ`R99G{x zT~`?_Q*hX5;Q)SFd6)I#2Lx4hE}QPsmna$A)d7c+?ix$4{K zG?l4!xBTfKTrRN#RZ zhxj0%6w|?V_$te-o9@ts6uKWR0AWO)qJHZ0c8X!ONna%VSQ#513gHrg$BIt7jr_QS z{pqr0mC+S}p~*pPj|0IEg?nSzINM#W0B6FIi%BP^0Zr#I{f3bt#?A+iWaI79m{eY4 z5U+>TUM=%JAd&<0hyh9_#v4#!uhFpgmQaF|uuyI(|79kXreUXIY{19MKh(cld)W)F zKHfGj4rH^h>o?xFS~@cW;7oY|CytCFx$m2Q&jL6X`;R?UGl%MPMy*&b1P2jtTk`Z_%HbCAP!+mvko=D3@Mv~H*z?{4}dK(2yXP<97T@bZ< z9J@Y#yA}bW{yEt3Ovc5#VA9U|D^^pT<2ccq5juuoioMd=Mu?JAzQIo~W}m*==tyrK zY5+qjoum9?S=v8|58$y>Y$R;FE$@D!!`FWkIb{t{y05cPNOGVhna+^_<)!yn=jw!TnAWmR zfAil+F|%xwGIuCzNdmhIHD_c?Ps(*ix|<|VA)J3vh_s;w6!m+@%eYO) zeh|`_ks)9)X7PFSA5?Y3;wtA?=N~Wq4tRcgOy&NVt?R2E_9c02AHf9TPrGfer19B9 z#Ld$VlGej|oDxE5%pZ;OI8y>wNj;2l>deG_4xYxOipWC71Y$cF#_>$Wu4j3lw|+kL zJufnHme~$dr>3LlJ`l7(pj9gb>SLWuoZz`03MDxde^&^%c@6u3qi6~h7NDwTv02k< zydk3&HiuI%$68)bXWB+3KuRaj?Xev7FtK*G|pGxn2{xCFwh6VwYZnIuzp)AFk z?6e1K-5%g0b{x1j-dBeA1T@%5Nm?Y^;V@=!HdMu*Sx&Qa0Va>1{#9q$k~VhqQ=_h8HG@ zw4X13@W<+Rlb}tn4m{gAX|WnQqgJ)@J(M9xB-(!(}Q?uXo~co=1knsUaT?b+&*M41TS_V)Ot3!%6mA z{4Bs^t3riJ^xe2TGCeeTW5njTt`4IfcJp`8pnUT`WQRg1DJk*1nz!s?F1<5}h=%PU zs3UGHV|%}m?GMcLd~c9_L939}eE6F~)O0`B;gd4cWrbByR7*-8&rYcwH)r=ju2%&S zPeLtZbKk7lb)7|%(}BO;yc6s-QVU+3pd)p6k7#+CGU1B}%>4})BH3%)IY=q(uvGVZ zARqGIH~?IiFsM}y;B2iUIg+p1+v`iO@2^n&L*8+;b47u8nG!s^q63v}XMksZ_u#=| zwl;RycumsSV)!^K#N&3wpI)0pkwrV=uX7arexbp}*w~Pq>kZP}aMBL5evMU~#@X1g zp&qu@jmIJrFzjO?UAN3_nQz(b`$`U7or}JYK&cwtQYVOY>zvo^7>c*S{z%b^M&lo_ zoT@@Gz*ViDZ;x=-o?71SVbUDh2xn53Nef!XT*jVFqP-!C^@$Dr~ z$qjdECs1aE45l}eXU`S3#Fu}yUSR(JC*S^vlj0YgF`cgI0?j}fsPYsJ%G7@6;I7zFMc&=!o z=9>Y*CsmTh`>vxWZ1cEl4ZPfXmCg|t6AL_##YCV4{7a(^_!Dvlwmk0- zsTMN-@ldE>8(9EVrF#)Y*00H){~}HyaCva)A9>cGsW~kd0GyG`+E&`d&1o4{GLnXk z=lNaxWtroSU)<(K5+*%%vbrU+9{PhK{&lXoDU2;!oiob~n7YRN(iuoHC2d!PGy2xp z#5}BCK|@1_hWOe3o zKm5sbmSJUd zVza0J`R&AbHbFL~h39)tTGFRkY+uUL3@#^%h40oIY5{CiFDJ$$ANWXk@E_;shEL=M zn7@Cg@dKYxNsM8h-)myhzF5V7zYG8w5h{<>X_wC$4PfcfgkE`OZ z`K}9qs!$NrH${K=IK>RojIJdQ!A>#qW8>?O;={+}v!?*9YKn?rcz8Ne>FpQiJLEF| z!@q?yXebQ~cK)_ThA<;*NmX5aKFc|iUOwY@K6b6ea{yCj-$2J)RJf7y{lK16cgn+h z6}ziT1pBgG2@M~ej4v9aXnd%Fll$;@9;2Y{Q-Rm_=}mK?ivBHXBA`>6v7$kh@?RGL zjzl%Oo*y#+T5rlDZ*tqkJ25~vr3b`qoCt7doSFEsQS|)WwrE@*7dO>}{<%+0lAS!7 zaWYh=Vm5btR1LF``SwDwIpN_r55qOicbjpuuFB7ZS z`%NuOxCGXiS!8^BeJ-Qv2Sq3&?oSZ5(Ib9xTl>^Y+2;xBX-o%AdrvUg83q)-J|1!= zWB(o|qc#1_(ECke=k02_J>GW~-MB{?Aaahu-JV+Fv0%{`G95t8*!Arh+32yu$LVxX zTTi~lA&4^E?|p@4BeqVXUAO}Gci}ju3N$n#8*^_^Aj&G7(taFmE=nO?gu z9G9O)|4qs1$(?Rx#S zUZ~YwbyzN6?e#Xh$Dv^wO+2ZFO8#$vTONqB52RfFBlVH3jew-Jx>ClG`+(c}-AI%s%Kl-MQ$gk;|!RZC`E?YWh) z(c%A(uWt;mvu(O=(%4QK+qTU%wr!_DW1EfB*tTsnjT_sxoqSjC`@#J_Kfa$ilAYt) zd!KX8%$l{<^x&M+4;(YdHP|ToCFwjP=G=d0dN5iXDo)d0E~LP}rdY46U$m{*tn}m1 zD#JK(|8{I#H>TOQ71L#SNw#@7gkL{rtuQoze&&85m5@*^mSvnIF$5QHap+c8{L_9h zpi;9A0X!%O3K2GbRf73suBM}&#_G8@JxIN6OG%^A7@!XMK0|4@IvuXN-yYdGWl3C# zf}No1L%VsUi0M76o>`e}-)ePwK8oMFk;;i?e}$SUQ%Vb?85Q+RcLY`pIs}>NX@t`8 z+^Ndy?o7ZA72>ehvEUyb!7#EbiD8EL3@+lHdB3I}~ z@umDAZ|!?aF{qDZ(0P$gTeQ{T%i037LC@rdep1_DWtIJ9Q1MTw{(%7)MEcI}NNVw6 zO#Orjbc~+|0Msa{3MgwIs4h(n_O)`L{KLa&6Ou|7wi0eTSc`L84#S1-{QevMH8v)v`}>%H zt#Q+K(KZ3mLFiB{+1i_0N`k=ol}1y5}_ z-7F^AW?!Ojp5B++yYu`)mZ>lO8wdF~v6EXEEh5chmGz=S{pkEbvKbW1W~&Qx=2&L$ zdjX*v*ayGuu_|{n`Zj5fW2@NFxnlWJ)-KNB+iEP1L3kOjRCztu1p@;g_KvW}$49bG zcvjyAyJEf_Fpgvy7OHz?c9&b=wcekyc0b8DnjyR%A^Qd8i}R&4_dY{KNME?=qY?h| z3irMKbMDjLo% z>XS=;^-bREG$|;0EuFfDtF^FKO2e7l98_I!ya<)Sxem6d+k@=|iBk`9YjbKppHzTz zJD_qAkZx7pwI7LR3P!{~m>k!FP(Vhm4cXg*iPy~xh{0%wN&Iy)x8;b*u-#igbFfyz z=kHH@PGP=SU!$~d^15e(<@ApFuo0y}-^D*&Wwy01@CI@3{4%5Qr&p8CdPz8Wj05Jb z(O^I_sEr--P<2k{8C&E512hC3Jt8D_#=S7FysQ}TB4E^_+1{(9LfS-?rsYcBtk`r~ z3D!i7XAArP&JoHmAW4Ho^PJVkx}$f~5yV&{w2~ISv{IS-U|*3Tbo@O^w24)n6^a zin6tx@{Rb&DgF0{``@>OHud@wdSq0OoOl|d^*4>=S)!^fO zn5{9UHc~YwoqNHSE+B95RX#%uR*iR21mpRF(AfVG7bn258r;LFIO>0*g5aO!4u5>%4^=AA5uZ0a zfI00rk}fPFd~tTn!szt54N;JosR=CKJZ0gK1 zw|t!kxoLY1mfnk9CtW@CXW~p}Jx3Q5XBh!SJ-~^Z8N^ z9pK_%)kJ_9g~hRJ(#F0Q#j^fF(Cphwk{4_!cy3Eh48l8}*i~uZ_@Ibn$arpb{tyN! zk@`?;b{y3RaeKtcM(Y!W&+QKSy3n#CMadhxbM6DIjTXSbUXwA>gqrnHvc1c&YaO^P}q98 zVf}}#@s~e0PcbJ*W}VsB=MDw%icT~3&T7oRn z%nfcv2QbS^c|%{DC;c}@Hol8>qbxb`BFEBYQ=++Km8oL-<`T30o@NR1&~d9$Od8Ys z)oE9n@&MY!k2+TA*xxS-EeuyP6>E({V08^t%V!->@tYcm=OW%7I*rL;WJ38qyODWZ&|w~Lo>O5rB9l7Qzdn5#0 zY4&WWpAQ37`)yl=)9a0;v0c(3aA(mVzJuLyrh&jO%w)-beaXc$|G9GD~c$3KP$48zn4%a*QiPW8ObELN_6x-NQmzFw-?>z!&g zC9Dpii_j}>01N0J)#Z3Of3^SGa^3mPbMayYYtKisoI9oqjye4ujEz$(6D-!74^=y~ zH?bELnLM&%J+Tu1c)HetglM?$2iKVqG2x3r#mRz4w`PMphv$XhW_!NwNVSF0TKD^^ zwC5q4^balq8SEL6I$$WZq)KZ{E{M)vg%-jCAuelc2#)G!ZH#7HmLk*Z4mxH|k_uVEZ^En7Dvt<7FP zFRngm-^4g0AV3RCGNNii!HB9;qUz`y!V={WK`B!Oo$vIN%M>V9Zwm_53l%8V7?B-g z`wEheckd%-qb&zr^ZJPP zHEK)xb;Y2S&6dl4bY@xx1|+)5pV7tPyWmfk>XD*P`4SVVkI7NkJ%SV0$dU9xqc(fF zZcRT^5onc-82RHpo-`o!T?z1Jl_?%JTYMmvmx1C;?og4*o@Dh({-74V&z}3-d)ygwvZv=GvQ{|b#`%>pfmBsuv%9eF!N1WJbR^J+`Ht$y6?_# zH6A@ZiHN@Tfx9E%j>_^`{yX{kY$fw;Grd@3`3%2qMKDy`u5$kw=;3iY*>ibTs73&* zkud;Blm5B*B>Ll%Q@2+i1ScEN8JDDRojVpi%^W)k2?X1N=eB6&p%UBceJi*0(>w0Xyo~ul`Sl|ndag=3S zJOnBE2&6d`|3AbBfXC?-C`PUv_BcrzDkuhRpTiu~`#90kIOyCYptUW}_wR)Ghc2iu z8~6vg`bYOK$VT36yJaI_4Z4Jg$54Kx8YMM36Xpx<*Eb{w&Cy7cm{c}Lr+r0LSy+>H zX_ByzVon}@QLQo})O073oMzh}-EoEa)75)i_@!k_sqD?Oq*keo9gF3LK7`1@AaKC3 za2qHoahH~uf9gv;qtofpX2xLGbiVR%%PpBt^s_adJID#IIrFTzD*im#C*KUSsN#%D zTHpVAGV^J3)5$CkL5wym5DX*Icar|kV`m?sEc^^ae^OaJoEj~~_7jJ1Ztj)7Tbycn z7K!+Qv@mmMXE=oanDttQ&6A1F#GMGd zhQJ5GSC|!Ji-vw{3!FANC!qM3ke}D*cX4WjfF$B;_S3?EuDBEUI|`%$Ek8NSbdm*fKNtZn=9(5-mc6x>6o&N~ zFQP&L3@QW^bogedh6z~|#SmRUv3w$PY>+j1t$aKf#ttJuuHVQ5I;S29Ik+H`jP6HP zI)ro;5*ocB0Wo!sT+J+iL6KmxcW8f*j@_XZLdZXOB_WoT1qLn&R*LL5LUjnNvt~DnT|z+43pP(F-B^}E2k5izQ+IVrMh7NLRvLwQ0f1H6@XMnj)aXG(ix8dFgThl zrTq$J!K_g??nQSo(KJb2^;%Mc#RxoY+wwF<>fb$PdP8c4%O?1umc{ujwN1XgXN@gi z%n#BvH`vLwxvbfGJ~t!>f`M>3M7BR8ytFv5bm~4v;5s%fOM6+;KHXo%bOq&|e>!3J z1DCk3j>O}Gdw*+!{WEZI+53vys&u0{?g~&y{(8bpitae*zsk0xeThQkFkdS$Y>wgx zM2wEDxaQu3Vh)Kz3N$z7 zhOCK(B~6&fEgzNi6=a;hHyGUYc-3Iku~3_i54IHOVG^0 z*Tt6aS?gO1Od3c)KVSiRHVk&-G{dUfK$<<3WNT5OHny#T@X za@sEKa-z#4XX=-ncGFQgXyP|#ntq#%a9UpN*24ZSNa4%-O!;)#*h`b?-T;e%Ux_pT zy~AZRg9npi#Xi6yFC)*c>lLF+&0{~rlE>gvs<3~+#o!4A59gg1COU!B3hJsGlWc~RH@`n&T3E)0%21!U{k?$pV}OlPX!J> zvjwx8eG89ZQ@=W7@UI@8mV+Pg<;P2R7PcbaxpdO?+4^7z4T zrc8~|cC4BsF{Y&`C{~Y~W zqW?1JB9fl4ogh#7B&tN@vOYBuN*EkoFheN@gGmlWkB>nAog2L2%O3$CmtPl zdO&Ulalx8&L7ale{}@o+a*|JKXF`2Oz#9O(A#v4PySPX>7hYwDN&e1o4{#t!xQlkc zmU$d6azdCuC{Du3d;>n9>1QYZwov@|5a z3w4<@)W>+TTz>l{LAAaeP)8E~(83zXPu{5XODD}qAAPI;F`CF_3Z5e&oS(3ysy;Eb zpkgwJkLmiiBKdE9S~#M`6uTc4Yi({35-}qSEhw0P zZI&AiF1H4vN86X)e$OzO|7Kh)!Rl0R#CW$}qG*%TH;2P^^600bDc0k=!MU22{Ta>1 z+YGTZ-xjY!Q{;ng=>1WAa$DrX=e-29Q3{YzoX)I0&T zB@E`7`9aSn9~f>PN;oLgco(2#Wf233@xQ11996%|sNrwHqwE&Ung9-(9~`JBIKLe_ zeQx)89V5L50)7vNz{_8Ed5}~L2`%ePCA^*I>7yC$5*7|Fzc-AYSJ$uRUj<%o%Z;CR z*PJ^5p*PqcmmeS5??eaB$6Ya)?Qg3O2=!H`i>vGGk ztt*&-#mJm|aziJsBT7O9p=+f9rZ<e;-}?kU?`iiQZnNIncnC`7*vf_b+RyNIF}XzPa+aB6 ze+ZBhcY-!zvVOe$@Jr}fNN@blpJ5af{lpl9pr_(RKq=%hMV*}LPb8A*b#R~R%`Wbi z?MCn;hSan4+R@k6lDoSWX-eXhHF*w8Lt z!HOo}2+335UXsD}9N4~J^FZ{tJL$2i>IhE3x(k~8++x28s_S_vrXdWc+Uk*Sd9bn8 zyq#1j8`a=A!9@G0{3e4B0)viy=L%PGk-b67OB>?j<2y5NN^?K@$_Z{DtlH zIhSVfLW3Pn9UgwUYcn*H^2j>&S)fYfI`olVTXO#a(p!=B)gX9o(juc@i(JJf3tKnu z5+6%vEl*zTSP<|QA|h|BdbeA>(~{F7LVrrmL`F!AJ%IJs*u?MAO;wl?u-Y!Is1*u2 z0NM0kr4Kuly+M$|$Dz1le|Uc7Qx7m%e1Rx6Jx{#0Z)YL~e#i3+eZ751pV0lDtkFvb zWpHv8wt+3pB1%r@tLQ>PLY*8A;s4_A{S{gG|0tL^5M!kKkU{35XJjf*-OV^|A|s(V zE}8F75v8L~@n*ir_HN&gpz;E95xg_3Nl2ga=lRSp@r{qbP^K^MjIG4+ZleeJo6%@T z0F(6!>CWCR&+=-o_riwXgX@$F1jZZS*4@)7@D(|f0v~sm zJ{kX(#o**sz3EV(NS9#_)LOkNy1_D{HNPLM{C)F_w6_U;Ia-cO-n(N3j$$fzOSPXmt&9v8(*uRl}% zppWvO!175wVb{xZA`4pUR=(1RWvxzVMY@QIM8MFz-l{V`w)1&J9dI$|SX&pbGpV^9HPzgkQ5+M~5GY6BbV1Croh}J5`ajfvf8}neYSslbQ zZ%B7dE%495-OfiW3z)NY;U9{lI;($u&E=pr@LqdvzVg1=>vKAsR76raSgym<(hz#d zMaL#)81|aK)F(ImP}slks(Lw9@X$r%hPB%DLGKOSFRLj~L~Uzny%oqgn{UtOLobil zQ?1Tc@jcg9SB$_EerI3pWe*&6$d=c9v7En9_WL&yfVFR_Nv`XDi#n+F=HZi(7EDqu z&Nm!1)Hu*m(%gKFQ#5F$caI<%+|M;zlsh<;(=eGg>?JwOA5B7qBcDI!{A)LRxz%7n z$1D9vz!K*+m~?)(m0k(Y3Q?!? zMa;f44osPl& zeixh|56b4puAB z0>ySnA#6`zn)17{@API^j*IM${drMJz0N!S1jl|Ny(@Ia>QGWT^cz+LUw}7Xo8eGu zqU+Y8TD8S8y+)5hEi~Ry&&-l6OkS1)ue5gPN^chznrM zK;;1(-^;^7a?EohJZ$KrlN6 ze8?eceB$jo@1Yw{R!G{aSc2IM^DbvZ@-9~bhj3l4gB&**C7B8TrZ0R1Nh+TCtGLx6V?KF~<)-@>1 zs7APYx+#%E3oC*uWmGUy&~BI*UJO&I{Ne*%ZikrG;t zL`!8Bb{NEU4y3ZqjDUMg{s0g!9xTAWtJ{Gs4;g1$osOMFE{v}zU8{qhy%uc(ZcI!V zZd<`GE;TjWVSCU3SoZ_LKt@L9dO3jUaJeNWl2LUkDi*vswkTJPBeb&)l|5yCc|t=# z%%j$6E;=T@+Cz{@Po~K>Zet>h)M~gW!V!HQnV*7Dd%9}#b0|8-`XFH$L*{sMfXe8< zK?cx?^&k43Nh{@VWh(|E6{~c6U?+IPbWhWap6bKY-}le&2GD7F6V&pH3bv97)HeKb zzHQvC;a$Eq=?NFbe{<+ufj#{%=6pul9fUr(#)rH&G(H{2a9K>p0|h09(#W%8~=vT{7S`qS7(;JA4K8O-?)HMw1P#; z#uNaMjb3hF&0OvKS3@JA?ibqKwtDKe2^z5MZup{6f2&ZV<9FBrONyPV#C$x^0m!6EkHp+T!3 zJrZ)S7ZFFzD?k7!4v9Y6nbJT=eB$6~SZ`E;1?-1#qir<$u(}Rvn?VT@VC^m(ad55Q zb>rvgQVnT6@RU_Ih0zG;JmI^%u94lHzRF57a#N#Jb@76Kbm#Gr8$9K>?+MQ88r;)M zHhR!$3V`p#3VNZSecLD!$oYAj3L55lZ@_-a%w;~V{J2yOL?k)I?b{F|K_4)Ll>~1nicK+9F7{Gnd0ju z`O2=^#vB`-c=^3P)YB^1ydb`1mSjU$?ZWc&vUWRYCf;LdP-jq9bM^?K*3CpEwG%h4Aj1)iEhC8jYSvro|( z?SyS|>QPUUwt8+H*bA^bTjNzZ<6r8`41Z%_Dj;&qoEa(Z9|lCsBW@Y)fh_iYjg17a z;t$iO5M?&zp%4Kw(M!Mw54qDxJ7(^?EMU>F1>4h*lq21*l@(miW>+G9y(j#cfvbUl zooJV>1!SS-%{s*Qkby5-_%ZroUQ^ z{@!(S!dG;F8wyMiDCy`-I07Jv8RdgQs~K5K^+HZZ^s2jE6;TPiJ^*HMUd?f-!K3B4 zjlQu6*cGZ+B%zOR&r`I0LgVFfG65{X!g{N&b09TFE>kJg| zB+L<)W>x%M3Ed0UU^M_s4EGJ;AfS`4H53{7u2199AKebZ>6+Jq-Moihk< z3W-!;U*02(fIfDZ3VTSc0raw}q4DS6Y<);<52rsiY;98``B|uqA8v~|RvW)bYd5F+ zue^Yw)y)e7vL}1lUSW~%KL;aBMtK!%kLO`udM2jBrp*8r@>M$y*0qv88DS+s3MU`x-1h#jZOZBWku3qtzrhNdjlQNJ5MNL%UG z0ykukZ%Dw+9>2SX@?2~7Ww{go`S)$DW<-Yc=9yPgdPdL88FgF#Y~-L$)3>43Z+D`K zxi17A9?o3~N!`6&kRtY6I$_+G<6-Zl{Yiu*^L#%0Dcmf8EGLM?Y+RXr9Om(Stp(lP z#b!GphQMbvP;dT)qAiA*6BNEx04C^n1CFdQqVWLZ>B9QY7Gk|(!ayDU19=~)=eYBZ zot=|jW!(0wE@1K{qY&1-gxj1|!2oWtfoF_DsyS9@5ZOjenx#SHfAG0>&4W8iNO!rdP% z{MPSuq0etN|C^$42Bz+>*9A;0?8?t@&EMW6HX!cOKrq!dvYs=j9>IfBe)gjy;PD+w zbJYGNT5=8ifEgKP*h0F<AU%Lh8ACdFcn`T>vfi5Om`QnkLYcF-HX4AJhZ@S(1}?! zGgd2K&gU?F#0{Tb7hO(Aah6$UHV(iQxF*`i5{>kL&)N|N7S_SiG9)Im&;Og+&-1=< zj{w^kLdwyGS?C=^V~ZcjE}&|NRgKow3VBfSxk>>ZNab-9+J=2HL8WZ1#3$VEET6#} zMBOR}W7=?Zc-9CfQp$nKtoZA{X!&1|Fh1$+?unx^lU+QQ5->Wy68pTa+m{l7{`*Q7rTdqGTXzL9isM^rz+H+18bqo^+EQ+k`8Zv>6Bt1UeO0ncus zF?s0jkI%uDwJp-TZZY>;3GV=+w(Q2`wTxGiUU86bFp$F_!sy%;jfGd2ao-p(Yan^4D+vc`&E{P! zk{d<4_n}^Hhb-H+V0iVtWws~QeR}RH(md(CVF0Af??}cMmL{^pgSa!J3FD8K-x{O& zooM$M7|fzfOgw&Cc*H(K%OXq5KT0m&Z%{XB?N}TD(FsNE0>KCSFRrlQfBGC{Gtd*= zmqnoU%FqLO=zYc%v_sR()dEhj!(MNza@wE+AT=f+cW9kHQ8njvRc*mQ-3_ zv`h4R5n&!5nKMHp2LFT>7wEVNIQM>9c^JSF&)1$e+=pfZWZ!{lvot%S1>+}l>hB=F zcIs!0{>svBRG|@6V2lP}K@U)hgn?eVk#I_cseC9_#rgNvWqDVK@~c`9c?P-RVK51~ z-vwq&DCd%d%D`F4OssdE?j{qDn#waR5H7TpDjLzsQ%@al8KeR}3&6dP8f_b;&kA~$ zEB5WVaEU~`N*e>Z!{RpsD!0grtUEV0>!O%APT4-)7c zDReL}YhQoLP)fqz)}a?v3$W@n&x<^U;OJs#I9)mdVnS%5?rQD_WH!?tS6MuDbseMR zZNud0ux%`k=fGl9H`6+vHkSR4Jjl%=z10c%GB}d85IqgtfW@XAY8Bn&4sPY&&pzmP zcsy>M0JBi;4)BCko}bxx8`|3vjh0I6U<|ie#Tm{BDQ>(^Hn4%m>r1?rSJKE`GBNd( ztCu<`S>i_ue#g~`PTzVh)oB7ot`g^Iw6LE`&IW>|eWB~YKn-H0n)Q2+CC?eN$xaZ? z1294D+OKeRU9XTCRQ;^zY3RiKs0f&9WXiwdHtQHqjHL*gm;@ai&``_rGqKIuFMNk) z^b@Bb3`AE~&Y7yY_NDmbx0Q>6qLC8z{_KYQ?(#Jb&tpx8yc;a#1FAkKU96z?AQhcM zlWW#rKLgLe2=ezYp}vBWnhK=!qbGs8rQqVD+Dm0iG|9T2E9CjNCn+o0^m6AH~il?+RjmQz7r(_>(>yKRCWQ#gw z(Hmt8q`54l3+C!t7JmiA{?4aG@7hamNBV`Ta0N{#Q>jY(N=H+hxS$-av$6NNfUkdP zqP5V;sS=q^kvxYhYw|}`Lkx?LRT?X(4aT%tT#B}2s;B0sISVOJ*rkU;88y=2R3s9< zofVP}c7O8LXi*zy5W+6nj9dh#Abq(*h6F2YsYiucD5>lr<9FcM!GZ-}Yq39~!g`p1 zVt{UabcYY4!TnVkCkjCe52Ar=Mza+t=vf^kD1k@^jdMt;!4WtoHZ|3Vq!Jo7Nl2v{ z(r*qQXT&C%bDM8Yw{?h&E)MLV?9oD|z~9frFf}9ZNB=xxsUU3#6y?s8v=u@^7IZM- zheFF@CRZXe$=`L{3TQj!t+7zN}bEW(yS)N*(7`s@4ZdF3+*>mcsTbiay`( zCw)y{CP5SLc#kUxuvg>lBdH+Q4;`tj^*YliqsEj=9O-DTxk5og<3E-^1} zR;O_$X@S?WYU$lgLldUaYGFpHb&!I&6Sd}j+vkQ30eHlUcQ}(rNR_roc&i}%L(Jkv z#K2ADX@ryUH?4-_YIzc1JvsO5gPqTK?h*(NGYI*lHFSQ%xg4OfBjlwnSv>m)S((}0 zI_tApP(+}#P9&JLyK53Eq(6QNipJb#0{Zt!M4ACp*Cr}PM1-9G31(=RH&rR3HB!8l zD&?TSB>hN^@FJmV&5YcK=1IX=L7or@lb2U&Vh?hJ%H350<= zAD5hVVQDn!mT!TA#t}c2AR_4YiI)}9tj&$GcYge|36J)h&0=i0l!EUS=R_e{u3vaa z@}fSiWhjYwA$6|3tB)l677w|FD&zX$gWv}#Q6c4O_K2SRss8R<&Dy4Vnv7y$7gA^` zD3N2dUl>N$m7xoXTZROpWg1jMHSxTZIJsp}Us^OR@*!$0r|H#xW*pc{*|?15hJCid z+oiz(w6FM?VhH(D-$}!uT^V7m;}<~cn*FgTNkzXH!fwJec1NG~v^CFm7snK7E3Wq^ z@iy;}18*?Z*Y_!MkQ^#Hgx3uk%D_*LBOxch{f(p1EsuhV)`B%3EuRS4UlU7`k&;~- zLq0Ty_%e`_F3zxCGI~l96s885`)MOj&O|XZjz8^CN;;*oh@u8=ijsnIO}x<#lY$n4 zE{sLg9Ql*@_5gG&SO#evA#b?LZhr8%p1cUhd!kAlp$PaYm?RJ(CTyfX z17d^VI2gJLwLD*ZGSYE*4Kcjq`rlH4oNQ&N(WFI&9o`Ph=RrP=r3d!sT$({+9%YkN zbyEVei?G1m22ajtxS&xAhSATFuqe)Fnyf;syjwi4qPk6Zt3{Gvt(=fq3uv(TDK` z=Y6F-EsU(e!MQ4$+;NJUIkoM$8qas~xtg7@U+z_ARaDM!TK?z2v-);(?Pmrx33!eb zKstEsoTFP+Kh)V>ys8Q0N)Eu2Mn|uCpXy+!+Xwb8|2ri9_x}G^zr?MLtJn^~ixJC8$BYYyv2e=~6i$`%;JB?LbBJ21_L&x8HY$y8qYM2o9Zw;mu zO6%FcphYTk%se_-%)EQuIJ{W9KI=3q!cXKKntZX1*LzNfg*c_#*ESyJs`fH zZp3n$Du&bkRdOm%KR;kF)h)?Y5bG4G>8<#fls`dL|+FVqFpFYE4mjepBmw2qt9gez8L&bPVBRWddw}`#gvo zac&SoCh*kuPX-Y1aP^fG$Y4bI`doF$WiA7&Qehdf)4>n&i2~{+Qrr|dFhn~Wg`qfa z2kB_DTM9ZMrIvW5mVu%EAPGg0Fr{Uc2syW!?lU>L;r&>@tfao@Bn5sFJa#74CTg_G zH_-qm?Fs&BNt0I>0fS;k_$|&(tY^d>f)wo23fNwVC6lAFfdyNVEwxBiw79))GC_7N zEcpf`s1CPjuE)H~!qWtQ)f&Py!C3@p?S-IN;uYVd5y54nJL2M+UL7vKZx-04~ciTCk z`w_}8VA{h)*hx8X2L6YXbI{!SeO&Z{{zSTAwBeNW(g?3#h#mj%2v z$V4#wbT=9V0^aQ3OKZ}h)NpOCXoJ$tFs~Cl1knQ3`}@1ZR_C@S3!U%;KAebJ95&V8 zHmXe+Sv$?+M4;M-|E`Mu4hee{6r}msacukG8`qN`8qLph8V`FT=U&7_VAu#}0)cZj z%$`R>ga7~d@r#f8u=-KpAzqGO!=?6=$StlLdNV@ z{fkVX_Oe$*KJanT+u2LKSdHn*i6-a7aI+zX70yp~`xX5CF!_b2iE1?gmpk^Op9b2N=O68wWID(XK%2*8A(Swj75fI3gJ0~1}4y%ijkBf`L zHb{7aCpvSK0_5*{W@o!`A7E*l`+E~*qyVFN2p?Ozyq$OK!~791+8YZ}{@s$$AS3}K zVkq&C&?J*2k%1_^aGILGxxG}yppb*?>7c0(kn!k&ySx!1)<9TYNTe60*4O`4Dr$$n zII|xoC*?pV^<*^wDFB5vqwO;&oUpl2C`H0_ZF?LTM&Kl97=423Ol-9<)aPH8^3uJq zCNrwyHocYM{NDm4MaU{fMl_|Wb6VL0mn;kJuu;T{$p;{rqC;i4XKVSX42pHb9U6^Q z^v`Rk)8huIWlMW%h)|&z{r*ZB1g<)>lr)F%M<3noQfSvimC@Y449X;`xbn_CW5VXR zKV1K2YyNryPR+|Py3=TpY;;sHQS$X_IhYadL?JrIYeac5YpD^&Xo9Y1ze}RD)~-?< zl^*AW>1Jz-dDQbjCIL2)Ad#%#SiV31Uf$wVpsw_a*to(o*&9u<>TRZC)=e_fdb^9z z^M=$rVafgi5>0KV@HQ2Co{i+Mi*P+XE|w<* zw%XpW#aMr~BAR8gATf;oh`5 zj$jd{|G!5*`w%KHD8yjAjX?_Jfws2#D;+E?>uSz+?2kVk#{d1>f3z3gpd$c5;Cd{u zrwb8xQ%ZK@X1aBAw&+|$J;lqvh=aD!pBP2W6_n@R*o_6g^)4E3N<T;9#kQulJDq z*RXQ`Ym+dR(O7VWdi?|BP8y6{;p)DZ2`D{uBo;pwI(p*6?z{lie9YDBsOs0J6k1@z z8Z)7W`T&+BM0ff}b3DPjTxm_JC9x=LQ=ND`g|r#M`&d!%^5{{#vA0qDz?L1cO7fxK zNd?ITnllR=KWxxoEem@JHg`9ymv&*?m*qi|mrjh)%5BZD-1@kQn16gxF(tu~OtP)t z;%(#to63M_3Z)IT48aet z1ILtaF13J?q(Ei8Im*~w@T&J$HlZy7RTSLnllTG(!=1XR9ZF^1uUIaR93lT}ASP^* z7-&@j50FTQEMtXZ^0DY_jwO|apit922{c)$cq99NQTAgg@0CjeZb*c&5t?WTGr86I z5a0#QjOf#GjbEtQfaWFk=*urlAX>yx^s`Aoe-p%C+3Q1!eyB*RBx(~PbPptWO`w{I}3p0G@YrU5AH)`+}wLqe2xub zk>bqJbB3RjJYvcWdDyO^iz2R`tn+}3#B#^ze0NLS_Z_X6@WBqK{E=v$QBDu?J{TLc z(7YU~6QWg^BE3ASobEAhVY?W{aD^!FijRQLzd1KpLquHwtJoG}Uykt5D8IDwKJQUX z%~FC-Ls!TmE5)zW;6(`cE$abC0@kI}B_j?kq==w%?W=b|E6HCi3oUe@dHn&8F~k#G zCo0j_mygNu;oUq{UD{Qz8C=IqE3VJ0am|?w2;(O{^!-M+dOlm7JcT4y=lEal`}2)O z#l*B4|F;)mCG(@u^GpEio!fX|y6w`a(5%5Ws)CBtH_@>8^tRae5waG6n1dq5b_Gtv z-4t8)*qJ&kb>Ib2jCE-4j1Lj8YDd2){hP%lJ9LA~jS~Tn(l9bgILhbkizD zE{k^%tj;tdk^PymKl?w)>?B?jj6Zi&NY5R2Lz7BqzsC4AI+WNO!eJ>Jj2% zU=*guo>Vq^>vFjmXh~5^*jAmQDbY}(_#$PrASTO%!dI|H1@XlxdVJL37oK%n*s+;r z1wu;;dHv^0UZFHuR4J~oOG+3n$`G5oC3RQ_&YM)Iw#^&Bz3hr{Q3Kpo_M~NzU zunhvYxx-*WdSiziskx0@*0!?!{+3W)SFGgG3FBr=ub`ONAqeTxLIe@sYil;HHBkuD ze?bx+CHKY@1U!l~moN}*E3ZDTSvW=LCbl85AF=>R7bzD;Qz}6y9mf7rTreF8+Zh|{ zfQ6q~I-oyA6Gd`TY70u3QV2~ePDRC;vaDRh!h|kd$~xzJAQq_*1ktGcXHa;p1}Q$FcIMP-z6^NKp-M#xMRoTk*?3R|FNr@+odM}^`yM?_UR!aG z?d>-VJiaFb{`u(7LWb|UV`ORXvcr8dm~jUkvHaDV>MduboA@zPZ3M5ryEGhSYgQtn zpiAj&8vFwCt0Mxz66`)vTh`87#D@KpM#Sz7oeKg1^V45k6foYn8nvD6I&?$!vr?iL zQY2@+{=&%iWHx%k>`3?vl&;sHqdRp0k-cWjEY15x%XtM0LAT7em2F3XWdyTyz7GPl zS^@KV-WUX zejz&gp1xEnWYlmozUA>0D+2jFK0a#Y#Cpd#OAs2bs@VK>STqR62_OM%$-z3}TE3~hF0lsf|5K82Yj)G+L{{aGHSHY1*9Kpc(9YOyKF9;l4l{Ek}JzExNOK zD{?c>ShLIE|6}YcgW_D5Zi5DQ3-0d03GVK$0fKAr!QEYh26uON2=4Cg?tUkG@0@eb z_tiahe@;!+)Xcok)4h7F)!m#POn?)zgQd1GZl&4VE+8DVti&zQe|=WtxQzXOkwQMC z{PXDq&pUB)i4fo6?nc2uWe5|&9ravZtTX%2uOxaO`aeY(-nWDKAWWXWJ>Q;1w%D{q zp3U!mK>%SV=R#rNab=*-bl{dIH600nP8$I>?L^qG?2-Tn-TPFuKWYro6y<0$#u$>f z8Bz`!6N`=Xxrsx~N`3M&I=R9VwacaD=~R`D&+AiG4kj)^7O#>>Rm^)F6mgei*ZREg zh?$KL8zX~eEM{99mbQj#?$vhb|Brb;X>AQDD57S$o_aaUsAa z7Pb4+tsyd2%vlcL!Ls|UU&=FKa&-~1RJYK20WF7UvK5srA)?iMCT}X3jsdYShUv;y z`sW~YWv5^q0Vo1Lku667q{cw;0XYRc*EcL=)N%o7($Rbr0V#m+v=bWHOVB6QpV0P5 zvIa0&wQzah?tU5gGjdSWjhv%b@)g3JQUd&Gy;S>E-vw*;5#8**i=d9@gk}_52#Vw8 zsG|Hriknl5eh^fV!GorjccY_|2+j)k#~PwGSI{Jy^O?HhijN;&CfjAL)d>qVkJ!1^ zcVgwrEBU3kCo}*AvpGlyQ&gyNA|D7d6pjy<*#QIQ<)kNtne;`#?I!#ae+Dzq$W0-$V_8IoAAQq3*G9 zKivheUh_V+Kh)kdlb1)XzYy(d-J{b4pjq>L*J?N|$IhN^7BZ<-!*}?$f8P88b{ySy z%|2`Ghz<5s*Afn%aX^|EB5C%GXzuJiMO5t_wco>8JH$GDnN6Yh3oQ@~%LsV)p{Mu) zY{MVVaB4gdcCJFyw#VEEu9`AS5VBad&%!_A_rW);1@Lgci$v*qX#XfGUv6>3Onkrl zoXGGBQKCv)kjr@9t=`=vzQgO*>B>>^-h^elhJ>L_NDj0zJZv}URXPm5Qx2Ya#ZxAp z-f}>71^D;{%70&%m(;}x%tf=CB&^(Jgyy5o!Ft!eqfvdUf)hb&D2Pprkr;4c9K&IT z!$jzqvHHHc7jaA}aVCb6T$>?erCu`>XVFrB{&sGkq5}xiNk0{Z2?0pA8i$G@Gi$jy zA9vlP0CV^QfC&NbS1h;^_0Vt@I~Ec?zRyVgDbX4?mov|-wHl1{V{GS;JBkL=?*3w3 z2)vzNe`gn_{@n^haQ-|d<{wQ$MnM0jQOW~FopHB?k6@5D#!o@0U&^=Y>~6QmmB4U1 zLj?*JF;3daay>+1yL@1>XJExKCU!r7v0E+E%TMCHX{ao{1ak6xaX_zoPG(t$)vb)% zVS|xZuTdQU+=&q0a>TsyecqwgI&QPBq5@Jdek);LcOWU#eK#g6M~~>&#i1`lu2{*9 zvUIv99l4HI!Z>^9(i0s$b$@EbNZ$(kUI|8y{8N~b7g044{#JjD1y!P!i7dreDw~cJ z8vGRoug6RF)|(qk%jK6SHxf)b^j&oI27uoU(zD}{nU38$$>)Ps*PpN!<0`-7(^p2k z0{xf&8lNHr^e3}LhOrHC@%^B|V>=rsdrY^e*Zm^{8oO^=@O$tXKu3MTTZr1BdP~gczCZ|MZZ@wOyu4k;QR5zeO@Xm}@=zr2 z@bL6^S4;eEljxDU+wN>n+~(mtInck>O2x49h}yE3FVk2}z>g&*a#d722u3NBm^Wov zRC$9&^F3|om$hM~gA-Hm)FLg)SEf20J7oWrQCd(UjwQmlmLWr`vpzd+z>R;ITGBC> z47f~28aa`@8PbMi%y!}Q@_r1~Ef5aXdVwJH&hZGqA&%y{fpD@eW58B?_SqBneh*FE zR-&gFoe0eT=8(OS&__~>IOY$aUP9r4l-=}maV?ehCjv@ShqOFtzMH^g2PvA=L zsnw3}RiWhUcO+-gJxNpsqlQ3*yxNvn)2y=LLnGs|m7`v5^~uIPt{h7=6SkZWvD#ib z`L?%Z3Xw{8a{+7Te<(uiM3D9BECL^_>It&xJwUH9#f&J5Yk1Uv_|9NI0v!AtY zRz0pRnb%@=l!LM#-~Nz4yt%Q1uSZ|+@7fwE7d#S|H~75ct-IjBV0-Iw19kjyMl8Zk zS(ycJ%PAC5B$c{L3V!hthp2=yDVlV;MvX}D#hZawgOEp9abZ_Y+b{LJ5%bdzt5!!V zyVJft5f`_+FqiwX#bO9*G$_H9jUXEgDa05`r_q_i#>X)?Dg{~rrpx8437^;G*X}s= zmqWqK*yG4(!X6V?zG(ciDP~63rO{-TZ(O4bIOZWTBg8x*#;0_&@)YsLho&{e94<5| zNbuycDO;l>-`pzO_G;vC2a><;1HNDYXAH8QH57~v#cs36H)vXM*0i_BXSy^s*aTUxF|j; zfrNpb;E=TPV!t{ene9*&C5HNLrf;f#Jt*}vd)az;0lq7U*Xw0No|lkXaY@M~^s4m3 zWA{4=Q&E-6!QeBkATs==j*3bE1pxp-&|NTmGMX5;lJzGjo;B zu?6ACE& zy!IPG>-*s{mLPjy5fv~VSfzD2rTHG7uP35b{J)B*zetpy8T^?Ut1~!p-|$12k(;r@!@ZE+M@M2`~B@InP`wb$QJi0&7R-rzbrG zoN&ov(`&aT19xRIw0&PfQ<%Y5T}_KJ3rW=3;9Oozkp-Cbu~AiqEx^O%HYYt`SuJ3K z$0jE0H1{RC*gVM4(gwSdE`1JAk%>jBEO$>K$^EI4h=&WK0mUCjYr15}aV&gbY~?p? zC69dZh1EkoV5qCs0rYg*0c++nuHjRV;lbhN!Teyb>>*@r=sXdZAQ(>=4a;+q_d_?G z1D4<|5ot!2fMO}ek3lYnv56eDk0fK9tZ0~1RRoTzSmjt~63{~tas10CT~`P|shsrZ z{PD#}&NLDp8O5(cyyob)H$7%-Tbn|VRF*S2K1K6ck6|h*h0HJIY@%{bh^su%$eVY1 zLthppQRw+=Rk>63M{%s@H2R*d5sWOEvaNQkqu-~JB$H)7jEF;9uFw5Yj_1Z`2P~+BQF>)W?pN*zjaP3A<+1`@ts9$wx!G~j_?1DJ9Q`}Ojf!kT{NV!}L{J&}h zyyXS~gVtsXkXOL1zW$$|@wZI2kxQhX>y|m2xbg)xe|6Tq553p($h2SC8MU-%cS7+L z4)V4lAaTh1J`9=z<=2RG4?HP3uknpYa9Bj3t_@+8H&SY=a|{kK{+Nh3esG97P~x$# zQVn%VrDLwMUaSZOq_S?(Tw^)+ zs}}cvy>;`WPdp27T&n6XB9wvk<3&NvBCRC+IM1K^?dYPbzknVa9c?ej^k zC8WQpInoH60KkW^d|wh}zqNs~!l^pqw10Ct=ju&Z-UN6FV8mKEZ+Jj)ot~L=dD=Yw zdZWK@jVWbcQ)xeVO*zVUFqYeOyETyVTEZv%&92^DPeS2zg3R%!`7=M3@vdcOm%Byw z&juy~L*mO5!|5;h3^u%t>3=`T6igr164eJZTS;^5@?@6T0$v{$-J4A}EN*us)iQPb z=&!&OI6yFxlUo8y6g!~x9T{32xF&-HzxkO>5>3f#EGJMxL4gRrec$QJ?S;pb2qUY< z$|73w6_eQs)QH!DnVhIsWIB>T}LTcqvc^%nn13G3Z-C^=um{*HIho4oIa6 zEcnYMd96^X(3zBKyg!M{8>z6kRPnT74$;}#DDzj>t=f9HBtbtqh^pHUBH@>@+m&sG z&3115D-BB-)(<#6qc{x)JJEIvm*e!QnztoE2)O-)MB7zICu3<;2EuS zKq5qLlv&>E-Mrrz=MNMI9t28o;Kcq)*Tn{x)1n~T9#&MwyQwh7t!@D<-W_c-kE>oL zmxJ=ui)S@hCaWpoJRF99otM8TK>jd_N|VfHHx+yT#_seegY`F|(G&?46;>cWJ6C#7 zB;R#Ds(7ynHS=(i1PxB(6CBK_&0$1n-Eqs6wpM~8GgK0wT2f~YCf@XNc1_}s>!;$~ z>BM05G*P_MKV`X|pR1>CWw}J>(HrW~_HB4+GN5j8$iULVz{;zw^ z$gVTutbln5(#_@zd1)wi1MCobZGquTl`*&^B+SzT=8ff^vGbrw639aQf^12@mi5Si zEX%SZ-rq71nA(q@c8?Hhb*bc^!y{n^c1gxnSlO=GDM{TmI4L z<*J%lI+F!I)02gd@D07-dd(gEv-Mk4_2Ko^Mb|5q{bbXF+b#j`y~;EZ9|LB`+xf@A z+T2`qnIy>N_{750ugzpYm?xpU)o($eSZ$go_hK%7;s4vE@jI>pNnqQP1G|~Ixng`? zUMAhTGVY$k`L)1pF%L|SP`QhjH%DGOi}Fq0^fd+U4bzL9A7 zx}HIs`SfU>R_EMNOy8i(2PWmISv*vqB^t)}iVeH=ES!)!f9PVpepNxe{DhT|2;j2@ zf~{(sE zFAVq@cCcfI^UL+XO65PeZXXOe{Yz)5R$2O(xKxG^8Y8?fQ^YRrkEaZD27E6~s9U@U zmzoU%_TyKw`PWj&nf->&z*tDvpxIeO$8K~gP_3mj~idJbPoZ?cC2tnCMhE>N? zkDS&UsxOJ;g*la!El!pDtw;#@Vg(_%WwKCmWrLY<2v0NB0jx$?Wr96qBXu$TubIv$4uL@_9eoPrDD)a#VLSbPbGph&cv-3RcL;-$1$A>e<=3^2 zlT0>{rx}MBYLn^!))v_~5(7$#$<6*QNwU7RS3u7VQ0+V#cgC*9 z(erp?!Whduu7QowcAj=rQ~bVao%#GU_4U1-C)PE1=$yFy!RcFxQ(EFpO2@Y$6%Nml z`&99*Esag!u*l%wRVDC%|FnZTS*;r{@IiSYthC*kP{{084wrd^7%HB=+9&YrbF=X{ zP+rGE7wp}LdCs^oD>T9PKu%>Z#^kvjY>Kc8f!PcaA@GcRXT6GuefPM~a6$D#s)%FP za~&|YdFjwp+J0p3*AEt0Jl5xtm2@{x@_Bex<7QiC`j2DzKVEG7=)A*oySRH9U%|#3 zAM1m6<_&$N6V?_uIRL6tQ7RVfEvx%+Rh#LEyg@E>zjYQ=pP`{*z^QcG=G+(8N|SX}_ew+F5MXiaUlFiF6#cQQA(&)10_WIwo-gEO)vi|gw(=7m%H z_|>&S^X94z%&JQ%Wem*pEX_@4jl)Jx8ge}q6Us(>+t@ipEz-9Hbg8xGoT|vp>G1KS zh2Oe1N!B1R9G1j|gPeV3ZO&U1>JN5v3NEd}WN|>s$ZM%?&~uq0npv>mq3ek*xq$!q zXuS86WruOIA1>QJAqIpTi31c9o)e7Wiyesvr)jH=C;N-lFteE3&yQNit1ksM)o(#s9rUdJ_n zP}}YHN1ZbwekN;AiH=Bc%o`LM z9**#!Zs7f^kg{UCws!s{rsreZSq+UJs8U9WdAZ>~5pRMLe6DQqV47o)N`iOsd76V| zrf%U7h`Md>>1tj$;w>K~z`e&1Whv@(1 zE}+2iafNN~Eq!kf1!FT9+-g`N@YIO3$X_>6TSr-#nVH*)e9r7&LG17@`dLVJqS$sX zfNO7e0s%`eyp%XBl>2qPooBR?D^ISr9yAy~kfjdsE3i z7_oks-(IR+ER8K21=1BIY}KH5Z=^USAA{)c-cA51&kK%7kZiZIR&1wxDt*Ghvz#3R z69TR7JU|>q$f}VkOc3NLnWKD~AMq6IrKo@rA7*=_&Srktwyq@+&J%X!@@pvF%?1H` zLU;dSX!2NG-$xijaHimZMc?7MTr(YLG1C#}5bpe)L-_3}I=u!*U!lIg{E5yf$(@}w zay_k!&fDc5*ZG|ysWv9Vv7A&p2QFCn0VTp;UN3GNcQe!u!*ZK#fnAD zZ)LZ7J)&(l$d-4t{@`?Z48wY9DZ*EgeR&`11Ss z8WAPcA7bB3pI^H*>-{`-cpTTp7qPu%sMGBBkUFAMwXnS0>A2@Wgny$0ktb*h<+cM^HjM=#isv)z*Uhng2AnzT?ple4t>jP* zJ>kxd*B9=8+-KVT@4#(6O{LB%oX3}LwyQT52ga;^CC0%E{_5SBneGsm&1#aRsq^tu zz)Ck*-S?4$suZ-%;r^cBz;2Q6UxD#|SfhatgX0tQ%XtGjQdDlQi?Dyd*1;vNvJ3K! z)mU1wh57HKLHgCFc81hHi1QtCE$x0>>x39YBUs94|6&JeP2J9Im`tA;eQOz*+YY3H zw$f^zXDq}FvvX`GC$4RcJ9HOB=5goCmwn5Youe7x%`J+Fz;$rLXg?tNBE`rO_CnH% z3^M$bEMNnq)eidV(1pUKNj4eVncfMH zEDIpD66phBtyNGpUN9Nx-~BTzSAxqPjJ*(N98iW(g!@Z^Ip@3l;flhAMv21T&H~CJqX%7TMOBHFrN+ zGN1=V^x>j&`}(&?9_M%En*$t^4N=Q&LQNdU{WPP7MWEdP^)0`r__;5jAjjh+X zo)I^A-0u4VF!e%5*iL~fwnTWpQx2N5w?7}*OJH?UAQ`>Pl`zyo`2-XYv}L07Nh+Ve z`Ik^^Z&K*x3Nt;2p>}umJC@i1Vba!ug5$oNl-DD45W)#?*%(g6cE`&Js;-sxCoD>Z zaW7i?vV+diu5I zE{i|$4LhcDczi?vWc5pSy(tSe9PWxP+;*1J#ePH@(~3!+k!L@7HrIl{Kg_U@-7cU-K@ zNvHN+mpI12&OPf^EG{F}Wnr(^duVdwt6S0Vxva3Tw*Z!RAT4RliOLe`)1fY@YB0`= zAbV&L)z$*v%gk#svq!Af^_qv<*1)cw1Tk!h8jxX=gBtg|c_UtVFSPht>(y}Xz@2E- zQ#Y>{VAdd0SN2^Kvnpg@M5DoQ^F^*|V^!|J-Gwg@4rj;6LJJv=3H;fvdUrR2*ARM%g70`#^f zvU0H4oxpd26R&D`>FFU&qJMRp@ifQsk3yH~wn3M?>BMN94m1T` z07kq(nNL%M9ut{Ob%fB10orCiN)B2KCtH(*IVx)+9!mNMG2B$jioAlZgfH`>E(FF_ zHXx^-3tQ8Q2=DWt012W_me?^2~liR9?n;W0iB$5YJR1 zr@8S5xYtFtj}ta;bmlj;%8#Hx4LJb4AD#s9PBHiQ({Md$O{PC@o+t z8hZ3<^oKLn0EfBqNNuaPK!v5nUC9i1_js?9`$$C11!*&;=Wh>*@O{yyA1rEXSOnJg z{B+tw5=N`T7`@(R(chW}(0sFuOC8YI6`R?vgkH?C?s*Zi&-fUay1I0KWDnW?ddjfE zvMX8ocr4f8B|3?$t2rvbP7-?}BtOB`CS=AI8$&uK9S9nl{w zH{Dwwhpy@S2#F=Uh0vME$2D7tBeXEDh49t`|J~r{l1DDMGg&ycqI-T`iDan33SH}?x@UXG< zC(-jRMz$HSoaGoj@5GZ9=@E@4*4`woR~gR&dV58;eK+^HAD{Kl1fO2zUma6!=FA>8 zuA4}e9Yf<7mP75-bRmgkZLj0Gc|z3}?~soPMzn(Wja&E--A%@xBXz!5J0C3}!?q^} zsU8;5pN5Nqk-zR!O9S)v^;&XNQbtO|&=7T4*}-{vu=;Fu%eQ`qs4bWwENGV0#S$C7 zD3CV#O73-qCA=hHiCHG)17UYEJUoOqs$(66mXZxEL0mHCrcj&NTIhkCZ4}R|+f6@!Hb zMb;iJTgwbg5L;f35jA(sXSF4X0RBTNEh_jst?aq6F=E@F3(K0n>c_U5?hY-*+H)np z2`@95t}0q-R4HqS{bV)kS!?p|H1lHQzX=17vWm>S7?P}Y2`KBu?LXCius;wM*ob_%XtA}$Q zdXYH)aBw2Zh+2@zWd#KXfUiwKl2k4eYHWu*oeDolG~=fYp*1Z^|4mbk26;a$XK?Jf zr#Z{YHJjZ?(Q4F>F?7LpAg+19H#^_Hb!d5kIa2t8kTU` z-P5j>P+<6hiK-CPLV>2Q{Ejm6%8O0Y@QG?F-zy5O8*^S7>j;eXJm2cG(q&ib{r20y zzQJtD=^FQfX0+yB)@^2X=>`-uopvNrgbA|$RvHgSt6f#u$Ef42=@OgNNvK&dKrO71 zp^6N|oDrRdfeUoKV~ zl&@P4$J}^AX()-vNXa+z*w^}gwy!Fag?e1?763!|UfX5ymhNn|Qj)dH`*a0SFRV5? z)9^K`QvTQO+4;@32IK7nlgw!PC#w4Tilm(xRV>Fx;XDb=J)=x{I^fdN6Jc$KLDQDE zcFQ!&ibp2Y^8PkN9-mw^PNwS0$`8YykI=`e?*Ru394VZx{tOQbiT}tp{C-f$(hx4T z{f2*aYTSLky6SW{Halc*;5={lN6tA#-OVw~27W%-RF6s}Ss$5t?S{RY4E?d9CfW8e zS*8X!t~U0fG6Df7nmuNFBo%5w32(>C;j-Qe4DHU8v|h){Mad{shFSnrZxWv;ZHSah zJvbaBn050uWSZBetIJUg=EZY`7a=Drv>&}K9Y94_*GCT1eRH&I1|J=d3L2%5nVf{k zfGBd=fXn$-H4>j!bW49gLVQG*l9g|Lr>rE;1IT2iv2MT(*Ds+1dnLQY7<-XU1|;Y# zR)S6^YXs2OqxKfMyX1jQMt;#opV|UE(CvJMF$yVhCxUq7K^%C+##-p zunbj}kwdFlCcbr^m4qMaO_5z4O}Bg+Dq%zK&Ku4D<%o77oIr_@ln7H&l_$eicWqb} z%MCLZbb$R0Nczjz?r_d>(0%2&8unDxW*Ji4p*%A4l^!65re(QWDFc8-qp(jfq5XBg zKcQZ{l+TAdhYQ(wf)n?!Kowk<*zJpMy!gtOJ~e<2H_U9f=mM8>grbr>eNp4R0jqV} z5*ETAXza z4k%FKDqw2z1yY?Gq!ZMvAmd-YgVjea2LZW+fy|Qn8SaT+!Hi$r$4S$?&JJ(yfD4(n zJkF~=mirY|Vp*`C$n%Uq$6-wC$@Ye^?`3P@+)7*-c*}m8b@9~1zr&y0jLVBruct!G z+l_b`oiLVTzz2{kDs5Srztmu(e~MJgY)7wXzlGp^6MU7K8#-umd*c_`WUA#cp>`16 zXPD_OFE0I{L9?EN3itR$=Lf=&|2DD#-Qy_FNRX-EeXJG z*v*G35~P7)mBG=$ejrk?pWUgJ4JL8FTdfF=3~^kv)}o3%&R=JXi#??8u8A7&zFPOp zBJEbKmMkpr?9(8|eO=a+YZRGFMe}E%rRJ zJfI1E^TR6m%|La+!%>Zm-IhyzSxE71_=tnHNKNfSi>c{S*y6RWEsC1_=P~M(&AedG z5@jv&b=x|iz}&YV{nd}rc7jvA-6246*UpUit9Pl#$BBBK{J7PWj=3UU3e0qyM#o}m zJBVeU=Cq|x1fEQo#E}z~j1BB=R%?|I5cz`3<<|2B(j9aA9QmtUA_<+oSPt7uqm2hs zu&4cU`HSAY=ac5bTYOrLSlfrsksS9|CeVRczONjt@yoVt^J&k02yusPhgqTi0J>Ec^4Md?C8QfZR&Xn&+XcHq7_A!W%5zh)P)Q2~ z9Qg!@WhE%R;Q5A321BUje(ZtyMl?6}%Sm`WY=HkKK_r4Q5%V;RPa#~n6bI30B_i7K zzd^ikKtS}b!2X=dBxaP~lB6jzWysa@zi7~wiL zq@^>NQHloNChQc=CQi>?Os;-HQ^%}ulE$TRfo zbFKME^N@eb09eTzbl;Iz#Da%BGsuQEZg!{xK$$^`eL=j3umwk z{EFkXOWG7Ko?KgPwDFJf%RvvjJNgstt1nCN$$^#0s!krq<`$%O0Y~2**=54U4y#rt zc#A61GyB&TT;0hcG0zluEU`n zIqLN{{VVuuaDBI3%y?sJn7%w|xvpfc=*)x#+qN&)uK3gno}t5_*4zhT(grw?x*P(- zJ(!)1KCw4hbRlqay7}O|sPxsXt-!dY9y!My^9V%{kt;pYb32#7sx4mTI2{6`+Y}>n zgzeLUTsPs`Q1dJfqh~K`^7WaNX+p-)sJ5fq-wBpgnmrKy@!5Ghw&ahd`{x_~$*KRr zlWlN=NCB|Qf=j)q>m1(Oei5ik%~w0cLJ4N_@-XhafQZXVUaWS6;eRDfT)VEdp2~^# zM~}?>)z{@GRvFa0Qd5nffFCN+yrwD^M?=DhWcFtkK&ZM=7sMv8sUC$nzycY)Ql<+N z^1B~Pv)duqVq96UK(KONxc;{A6)7>HMbRR2W0MGNVZstEGpy692t~2H_V6B?AgojW zP&o|Ee)dB&sNDgDMw|~znuiwMypBea#I6&ywB@Vo|zL$lz(u_w!(X!AFX7S$Z zS7j`ja817FU3e|X?oesnPo(W+~T0{<-*vKLqfKvz=pFF%w(l@SjgMorLz?Whz0>? zE8kMBY~LzkM@Z`nab|xZ?O;a2L9>)kp8&_KE~04NRPu;z4p55 z_+@{khVit%=q#met|G4&Q1@+TK?*5TzT-MOjJ^p8IR=@MO7%WPC{#dU zv#+sHDzKKkNb{vTAk}o(k%58|y~mU0;tUf@(Dn|EQeS(P*Lx^|?%xsXe`z@X%7K5q z)7b$&(&R>3OL!(!T3#mVDFBj4{|tM~ZrSJkW}^Qf;-^2MWZ;)6>EM9YnR>Aa(W_fa8s(=4BBqc}(% zZ9n&?rA2;*hLJ`EmdkG&e}sLMeAz=SQR&tScUi}r~Rv^aRLiK}F(D&XeWvbVkz zhIU<1)&N$8v|8RTv=|#j^Jm=0%gwPo3FzREs@o+b30$F^*>3)G`oStL2kGe?B}lqy zc=3p7!HSv;e^#^3FC4!KGC_Vy45#xsSpbW~2M}BqYGz!Ub{7ikw99HaVpzu;2*8*c z6NjyKP)k4h#B=VuZ#Yz056S%AcD@>l0!@42bCYzFd1EF|v-3Q#A=CX~4lJ4J82)78 z)FY8iORjDfeWAgCUh}pQoJuE%n8AYeyAwkL>t$p4JoaS8Db@kY+wXH+$6#Z+6dKzSFl-zrWWj7K}sb<8n~`W??}(c8MCN z2(*=aT{cfTUZjX@D#c8&c+=dhAFcZOq7wHN4&JfUx_+6W$Kve-WPkH1_1v<4AQ-tY3x-iZ@vR4 zKv1TWV*Ay0vTZv*u+=AEByjWQysry)vMzRZw5NfZEu?tDf5P=bt`Xl(L+E|nBqyYgVJ9oA)6b@1a zq)`?E;n?uyKs__=NV%vLd^$$uFJHAlA4VwX$%zPcY=6ZuGvn&WUbGw1;-5m?D5}9> zqyi9J)?8&sdJ_{{FyIS!(Cqk1Uc)S62fW5q6Mz%Ff+kp*p^O8z(3#MXoYTVQn>nH*qD3ZX8-THK# zzYC&`9bzPOyzOfQOmqxldfu*mPxw>9*lxBmy_}`d!YZ}GdPf#GSj2$<%&1;qH_XYx z&UbF$yo;pUF5M>2)AeFOX`6H^GR;{E1zKJvg@jH)pTQmG#L!R}%jInPEE$eQqZ{=k z&lJPm!Hblrkcgfzo7Ux@!tHx5mYl}F{|q3I{sFG27+1A1?2IgB0QE*M#K22XWJY!C zl*JIqvn;$d^^{h__vxvNqpRxg!7elL zU>ZTTlHUeBEp2E&^#VokawkxpxXei|P6|2t; z9A!QU*>lR`BL=4S2fn?w*bUGAXU_OH^Z6gZt&jj@h*FKYQ#{lslrlXPo_gtQdT!U9<79wz=MY0+uV~OnK}nJPN^&)R^gbHlos>{_#K?j&{7Mt zvQ8B*U_Kk1>FfGWR7Yl{jR;fJM69e^_v8<0o=*i?QsMRBao=Z!m!}2>xMn<1aREtL-rCb?%#O<&Nm*AEY5y9+@(-bb3vQ7k?*pv`Pw`ytF|Czi14f% zhd~tsRHsvybIyXf=Cb{#cnLhTN{6B04PwCyYrx=b$5)zvT0DT-ZMbxxlr)-9(*C5?zckB3ezF1lwmtXd)zcj?1%gFohX_=B*=fQL?+}x=T_Wt6%-YHv$GZBr#u|9#W`)zI!Mv@cwrL2iW-s9 zkz^EG4BOK#gk;L|kVoEj>{fNjv)@A9G%5s^s&5ihh0)RTbi|n!M2PFAQQ?6)KKF!u zaP73gXJL$=6F8L~1G+bdv!e#v=48YyU{#wYoyxW7v$K)9I=80kI(TM=ru;R6+-T`+ zp=X>9g>V!3{Ik?&1}W}b%={#kTELT-63Va7m!4u?;j)4uM>z6RKr|Mz=#r~eYBtBJ z8h^Q(+HCKf8h5zDx2Q4E*fn2{VK~SmObn$G56u@w(+Uq-E7}$`guFL8SP&PQGPnOw zTwNdt4n<9z%r0O7iY}c}d|w+RECBB>b7u;yPvI|H38T%kptbJx(n@J zs-7_0(+PtIq1s9DbqbS6hR$@G!j8j5r3nu=XVEC@Q=T8-wK6Z!mzfeI6InXg_<$px z_@rmK@NPC+qS6VfUEJkjQN8ulHjE&dWtFH@B+LjCf^^9ANZ$CSKTo}q2ni20?BvRj zjWt6Jc7?Rt?QHg9&ez?srk|Q5uijk!yOyA0_14hwR62+Ee58!2KJzZ?=E0ayQal>B znqtIY&^A5A{NsM>+&9JuZCB>jz0*E+oKK91z;4>VQ8prY@8e(U^OBX)VFTCx52hDJ ze?9HwE1fWnrtkPTm|+w0IVI$?jv*nJ#a6Jep=p*f;bbUYvnRab)MKMq`|7eeCu=$*6z|~f7GGU=jldr3wkU|}} z=a8nXZ-n}Ha`}&l{l8y;Gk{Rp=yzj+(X#TQLBk3VwR zfizEdeV`yOFMdkqFe?4AOtjrvlo`7EK+p=$JP%joy58}eOf-@h7KUh&vU!jg##mQT zI1~b!Kz%6>5>Q6x+7&6#G2b)>}iHuWv#GPrR%VnR+4o&We^6&n-UR z?e%V0r{)8(nddl#h5JjFe^NPRTfzO=nW_=m2g0ADfFGxJa;7kAq0eab4R3x@OWhPk zvrmuTu&5>DXd$x!7?q%OLC4PNyKrd4`oYtnf>*lY)yr-U<`;jDY*BB|!_}$*k^s7X z)mP>ynn)BlAaA)2p{0+i!KrI?4qiWXaRgz$0{Iwd5E%?v3O<0t&_s@u1rJy50TMxv z4Z-L=rTq>to3cRq{4S=iZs=Sd4(~6Ar|Nj&HKf)(_g|4BZd<}#4vySO2SRKD;Au=8 ziaLL0d;=2PrC%cp?`KLFtSb?{IIzA{vae;@Gn}Q|LPp}Nv45^vvLk`Z)&Jp2)$!{rHqS^&FF6*)=y$25^#*j5=`}lx^03q zo{d(~^^b89ZJmOa+F!!6vfx9Rh?pcC-@AP`B%2jcU3?@wV$-p`;Op$}pQU{e2Y9IR zRN^vnSmS*Ry*x*`Q8umqoU$$Xyx30*A` ze+)(Tr_$Qi=3jxD#c;+K{*p*90jQn1Z5 zRCEHeyHR%HINU&>8IAULNHWX2_V#vj8VkWiNZaK#G-ObTj>x`x#*z{GfOLi6Z}IKY zOTLdBXDikQ2B(Q;MG|63pi6=qP^nRxMcoy_X3L;`*0$HPN3>{TWNMJ8H!9Ea>P||7 z70`;up)8XE`}JmSVL^xwv?azM3q}*;hFn$wds=+g_&>V?D2pz^ka5;9$xBJe@!?)4 zgqJW#0RkZr2qG0>q;^m|<_en=TkA4eb;vk#h;|BXFUQGkK-V%78u-e3Ix^a(9g;LZ z4@eF@ctJgDwh#@NESj?6Z3j9~=Y`W4D9MWhb!NXTA;`+pni@nYk_oZTD};hy%EJaO z5(=aL1X(LPM+6k)K}0 zVQm#UnDd&~hH>brdI_`y6_m8z?=R1Emb2Cmb&l}-I=G!qqJ0q8n+fi}T(PlPuI*yp zYewL|E=3YmWd)9I%}47Gm4sF~y{p}51wGUW=`ZB^C1$mf89`ebj4C7s*Oh!pf{c&6W_efJSg7t;3cMcgt0kqS+P5xb zeR;C=?ZIGJ;bZJ09GsT?A~A?3*o@&v9#p`NZ;JB|s;>|!wGb(>_qbxrz z-<+(pFPCzXYc+$YNLCmQPBgw%+C*j~l)w5Q?a;HKeQoG?dh3xCkqpkZo{D|GYrr{- z8>+id?m~+a#)6||XA>jgp_7%tcEMKRiN8)hr!^zzW4V^LCEA+%rR*2>XH?p^ zyC_J+8JcZk;UL${|HIf@K*hB!-NJ!DfF!uP2M-n`xCRRr+}+*XrE#|e5AN>n7F-%{ z+})v(zjJcV9rt_pyYGKvG)<4qrpNBxwW?;#nyad)tm}1?ot%bB0Gpal_Rr?t$RLO7 zvv*^?fg^9YIc$Gxul}+IR=-Bq>za|Uk4yEI=4j4+qN2qEY{9`r^-dcC*V5AOT`WP1a*#0*j5N(BJ_@sp5_%(odUM+D)Q zp?fK&?jg96TSfpGLR(Nx*X}j?+Lf^`_vgkP}O|JAN@bd0Kbba)9AM8=Op<^2|=$!TAsG~93n@B4BJN7 zFB}N-1ZQT3fVD^joc^MKj-CP?Pk^-+_s`RP-U+{QAJG_ifx<~~At<3c64x;05=wb! z(r+k!TNLBB`fsZO4vNhsOa(Q2N=l2#AiF>mmE+F*o3wS&px?9Q63H?2;_NM!porP# z7BeAbvx_EZ3uCMIvDq-=Lh92jaVh@FC4$rllsKYof{XZ}##a+xD9pzn8!QD|C-9Zii^@7L1YRjHN75@^*#OvmxvnZ;30$E#f zpuoY7&q@0CmG4&H5fLc1TDZ7xR~=58T)bJO*cU#7bP@T!B!ZWi;m3V(3xb%K68+L-{thb`j}U!f%IAhO(vY$lRc z5#8)gz=kHjJxlAwda;%6x_sO#gqY49GTTCmj$~*0Zb~2z{czCFxMah7OLwmJ7jn#k zV};d*67JA`m{!^@^Y_NUq(fl81o~thzSiyboEPcAb3;p44j97avp?ICPKKpoHU0wNEjfecqedIv?&j;62$ zudMvUyx?CK0lAL<{$NNGSZ-;eK&;>^pX8xVEH-(-nJq+W0(L0d5Jh8m{7MPZ@%|q4 z>z5-#^+b*bmE-;*!f|+b3?qp3gM*ElRHr#SNywldJb~r0k#2+3+4*>;l(keDPe|>4 zwDO9wD)AKwiO}2FzC$Hw^f>J4iEEtC6GltTd3NFzBU({e_y{oq78C-0L36HijmAKj zM{i`wizj#dX@1D)W#x^YOxpAKBPFE1{sXR%JM;s@&*VTmjqscYy_4He7Nt%)4^-(G z!(~rY#Xa>cu}m57t78m-WPSeXsiOP|^)VVCdWbmgL5UFwR zV2GLy6mvwXKhzAGV6I>ct7)O)t*3cIuln?Er|ezx8@iLDbIv&^@lk;*}!> z6dDN>nys|%UA=)8m{u$=?eT$*abs^&R>piepKEt(rwM5iBlKn@>7yO5j<&a-1t@7F zB_2P0u%2=*AFVGc&SF2S#~@tDh{|p?naXagzPIWFH&w;GVd!KgjJWS#4-z83wB9v3>J=ITP;syq{d0~q}PfQG^t51@H@y!`qVe6ND4F(}Z|?df^abYGfL|vpBeRa2ec+~Ot*}A1D)`b z*9(G98#5H1S~DH*L-%H?2Cs3reml}v2(?tJE9mZ{Dx z3kzd%E8j}I9kIL$)oORFI;?VYyD#_B2s4n0^5_bC^cQM#Q0tWz3by`} zR>vV04^};`P&ARGWeQ*k3}N&29v*JK#A1`%Ngs`WSF^FkKt53fnknb*2CLmokjdIK zGXDU2G*1BX>OJRvCFUXB*+?z!y!WHCM6}fyn%J z4@6$#S#_wk9v#U`w~7|r-sLVMC`>G)2coaK#BHOsgK#X#-cCC2qhf3Qs)eZM4J(6= zzKCia9`Gy8C078KT05}TT8O=49~)lTJ5*29X;59AtRS|zI|_r*R)s6{th%r>IbeCY z(?X0aK$zJP+oRQJ(F2UP?O}_8BIoYVWR)@dt@&i0cuR`Nt>sCM)6ZICi6~Je^;M*w zqafB7ga)y`cf8D+%G2m_{L53KswBL9fGb5tXWY0b?{tOpC4cj;nF>KoQWllj#e7AE z@%cJNn`Ff>QcB+*iE2j>L%8Cw^F+N9!cv6nGLY}ph_;OGW75|XH*dSKr5cOu6dW-A z3Ty)8@P%HucUuLYAQp%^a4a7sBYF~uRgW)6 zi7xsSO18d*9-WpI&w|cXM`BPgMfTNgO<$95fAR~w+RSEhA8}TxJ?xw0laB){k74Dr zb@=DUttu#`6;9IU387%!Q%#}zz=MYYyP`&H5Fh!|h zStgB0yK>9#lov7;1>E1Y$uggB<;3F|xICX65+9ESUUv!SyaXpE zpFYqqYAxyrh9s&LHP{~Ayylp&wD30<|YtSlBr$L*r&JL{yf z+j-;C2Pmgw;G8OQqV%uMV-H$840Q>TuL36c6psxmJPCvTwAB{W+=6alh5?N~46Xz& zMUmObs4e84S}MLyDJiLi78gsFCIgrm)as#iym+O(Kg{H4=|Q<)ABA~8xo1o5Mp2uq zz;}QKGO<5Qjn>iq!u5-~2k2{$zAh|>z;B8QF-pNNR6_1;P(zotw`yc+ShQZb!p|pi z1N}nK6qQcsAPS)ko>R!S?-m(I~xfE7rQiQ0>X0vOksaz9uB3r-t||9SeLly5%jx-z`QwudpLa&Q zKF2`mt_j>^)kHc@z+1U*3DIrN#OSOL>Fcjw;yuUlGCg);N0Ws{V>(Z)`D6FUkZK$r z+v+jN^}zV)Zbua2?BOy}7m@+oX0O5X$zo>I-``pmd<0J7L)^X?h3=u$2dfFrMfBd28dniiPi6#pwps66mR6g=YE9Q zpDnZTQ)4{$0$-btMDCl2p2D4k!*#T(P%@v-Ddwy+=VB~!jyo8h-qQ{5HWPuGYH@&C z?n2@B5gYF7e*?k!4VatNm$h6V)8?+3tLKH6M6?5I7Hxkr$n73>ZziuKb$xL+aTh<+ z@cJ4%Q-98;qdCK(_cwH`#}G^RooVPe-2Rn%SzrOmceDg$E5;qZ)dYARQ~@->)*lC| zog&c-*4R3l#!z-i|Cpj*y`b*iSywso)h=1+Lm z_k`=-ZLHoIp{E`9%*F&9=~7q>vzwbMoNS&6;Er*=o3(iBd`o#gkE1&LlOLWXhip%u zEut)R8lt4Dg3F$Gnv5j)|92b+0f+N=@LRjPLRQwp{bASE%X`Am8iY^{zYVgW3<(X{ z^b*CkkZ``B7B|=2;=7D-^r9#(IhUn0;8g%y`pU;JBtbV@MJH)CNWZsQ*X~89?K>rr z4UqdT`q$@MhsOJQfGvRWBaArz$)DfkCCF$*S@-GTElhwQ9oKED zKqr+y3^{o9bp;jd>KzTe#CX;PpVC(nu0pYQjD{jQ$`a%H_#{A80THq=2bWm5A2OA= zs+5q+S4UvFcDLZI;VI8Wfbk@He-az)^L4Nv7O#olW5#R-{WpxM%!A+BG2Ez^C|ExT z|3F5^>J^`S4y=B4;=_gwr=#F+U_;xT&bYmHY%_I!nTGM$G#GvAE!(xBbkh6g;iao4pq&} zXd17Z6=D#HnQ?LcPyv8GjW6LR#O(GOz{6CQdv9R7 z^f9O5oj8!xC;b`S`|gGg_#7K0g~d3txk(8WeP}VO(42G?{HT3t4L=R|Czt6&^vfn+ zd52Z#IxgeZC9MjGMx%Azjl3oF3dIu^LlQJEZr-PCelKO;7R`4i;u!PBot8s+WB6S~ zPa|o|hVKgUfCXa*u0yY_TEWr<h1{*9iPsXw4}6MYie_Fy=}%1 ze^!Hk_nrUawSWcbM28KdiWCDQox`>m725nFd}G_qN_%oWJ0DNRs8lB!Z%BHR@y)PI zEizfyK}bD*8|qk8KC^*HGVTbDm2~dOYX$#zY_qfOCGY0K&V&$?7<5ASS&i2>Wjp#W z8QVh#GF?$$ydT|o9``O?_hL;9UkIKryANH#>Cxxc9MepP(GU&1J|?^6ylIeiyvOxf zsZz?;nLpOtHVDk50=c>-XRGozN!jYY934x@7V z_XpmXt;JoxWBe@o8n;&oe;@EcPL@A($C0JO z!E-&4$N3Tl$Gq9#Cc%(X-i`%&x~6?lEEfUA*^!yo?(;hURm%FKFG1qwgeuy$^zKfK z(&q2eCH~~Toib~I3S+%NCh3-^=9Su1Iy`Ak7m&(EaW52rXg14-2T*6Byg4VKvcWIQ zi}kSbuvF3B2?3mPikfJ6?20g0tBqa$4oTU(>?Q2p%zrKkYe_ zH_!yr4Gc%(+r`5N^KfsYLOLdGlmqg0K>@YW--1B7@$r>zuJJFBYqHjlSH z)U8>sR6vfn%kZy$J#KTPxlP@tP|6lp4Ra`T^mxOaTCoX(QF8!*18Z6iO}BR$_otiI znyJ5bP27Ht={W2fJeG5laZ}OlH+pyI^cxwhEC$<%+`#FBzEtJ`C-BA;rl^8n|BbZ& z-1L8c&O$_=mwA@qxh^@yr;wur-Ikm_PEW1)M1yqYxMBp}QDv38IUTpq9JKWcK}$=L zs8e>qGd?|hd`P*SqMLlJ6ahX`qB|kH&1XKsB{DH%#tASGv6IPpbAWcCXi;%H_#$|( zJzb3lE-p52Lau&ep9hllAZ%S#Ck zb1Q^kKA0C<7?Bda$D4rz5Y`ryh+ZGLLMxYo2}Tb21gs)UND!4oFY>P2kE0E^Ca0<0;$ z+eTAV0zOL>S2;>E%#~LNmp#WAdC^+@qTj)}m!rvSiOJXyjY5+hyvin70{qluEO5K0khW2 zb+=}~>x)f;aDwd5r~#s8Y(gpS%|M0muUlBvG5a(ER@pVXGE zX54AJu_AQl!-mS3?`U`86qPZF$J*-;D-GIx!C@XTvERSX*ioBkUrLZ~zWN83_;JF# zK_v9;5{46^>}p{EYP;t^=Gv(3W+vGVGV(u#Z6b5SLP$8-Jrj<4I@;b20pjv0o_I&%$a;K^PbPu*Xa##cX<~@1|v_5jM6MkA3 zS5#6aRkEJrdbsPc>u)L$V0PBWd*b@t;5|Jt6~J=(dC3-QH94sEl zSQG+<-p9S(6%SCzAtY3n61*1CC>1x?VSK^eOv^z`3+;buipBVRW4dgx!v5=tL^;E_!?#86J>2oM%b^b_lCxKC_8FOX?DRUCyfMzYfB36^E)(ZN-(l*ZipY&5iP0gmbGEz?$K%+=w!4vGVZKDRBiGgYc?iJyeD-AfbbM>J9@bBg zigxC@JF0RX)cfEtXEX2d5@5G;pZwuHn=?55$}=3BK^(Fq`R@0G<1{&lUHBgjHT42u zeMWoIIdlLjI_@72Sg)u0LgPoOYaEWIDNAh%3pIWL72fPdTKr2qubmpE}K_pHd>I$!bdLZo2@N^Jp)is%LEJGhfZGhhy2+ zXCIsOSTHfRU=gB3AMZmTIYAW}9C(X{Nlb?4z4^1@FxbW?(5hhpH2{Fv3)#B3Wyahz zI5^yS3PF0e-)qh`UHEhIKirVZlli<Ggi7#mijzC7tA~T(r(=PacP%8 z0N~0H5nV~SKD+{*&0>Sr;*t51$47LytmoX%PJBjoccvp!Q^=s7xV-YQROD794c8~( zG9fLbT73hMLBs$8Cz9YO90KO<1c1) z435fy=oJe$>XO)tlTiCwr<7S+*+wj+EDPmNWuLR$9h`N?cllMY7#FaYh`l*4QYqL6L{#(J$OICgSZ37jX7YV< zmO74F0ZCU(WVeGeBl!*NWB~F$De_n7XwC3SVIZS;JS(k%UN9V+S zq2HCAm)ebL1Pc5JA$@<45ynU6UFj%|*#1K;h|wsuqxB140uC`fo_dOyw`oaS;)!T7 z8u5d(B&r}Re{;R8VExs7UuiG)H=~c&UBN+rE!He6^ueLA-n?C+Na0%$uFLWZbo>2! z!{{3d;RK9mPFLV4J18k-uaW#lVBDI}ZXwqvM+gHqp2jGV?rgu5im7^L9QDa&7C_)eP*2=Z zLLPe<4Kmq?d}*hU5OvoH_Sq}$Q&i{wlx!i;Y62b_OjL_q z-m!sIs@C?QXws(RnP?_oQc#cY+w`|8_ib~xVF{;icJ#Y(H+`JzGX|x`%TK5SME)(- z&B&6a4Bx-imuvPex6f#>Y}(szf?Qi}p*+l;N0Q5I39I$JU_bJo;%PdZBks-RymP-g ziOOhm&nnC%gmmYwlEf+3Zh8Z$5YLcd9d5tLbrnTWrS^c-R}w~=os8tY@Hs4d6{2|y z8nnIKLr_+cevieuICyKKjz0jcj!t}w|n<7ZY? zz&}~`zXSL`uSrOu5<}c4o;@~Bz{FB}Cb-FrY7sM6pWGf?u6hvZiBBZ5>d*^|ih`Tx zRs0S<>i8rD`X<)fjFyNMcg96vuhNvn!7_!# z?%6Di$}D_;T^beBQUfBeax2Q^M#S`J zT{l@blGEM#04@%DBk>#LBa2A!#?$G0!vw38AlMROtaI14<-q6A2<>RuB&;S{1Ch?; zvQw+CH!VAZ_pN+xy3PfcG4YdBQ@s#J*{Li8S=}1<2s`U+giv{35@HVon=Q@ac;dbr z!&CfHR}9eEQPNwjR!^`=K&E<#Py9tkY(3*6$wW#u4T$4mlw7)(SKkwZTezrct-kNw z5zX&?53}*qXwz(evQ4ECUrW{-FIS>rhHglz7$eali9N-(~@Jcj-mpnwtv#Oa~h&5_e_k} znMt;8+fl^W8t6D*a$@?sG8p44AwXFTx}Lx|V)NFJ$BvSjlE6}Qa$>_`RF65TjCuLN zRwC?FQaug@SnDrgjLof7Qcf;;;{g6+rTmp;ul8oeY()Dgs`)>glTN z?^zfutGvD3mggmBgcckiE98N?M^B76+QYhyuc()iO{NT@I^v&7HE&_~+~kI!<#D|a zNSK+)EziW|m!0O(hkZV8vC(&elq)XnCMW(?6pW$p`-J+X@nnwfY#e=D+TL*9>$-TW z7q^?dr;eMr8Q1MTl;4Kt^yh{%=Tlnzw!_-%^{!D>jTU3A&<7hY{?{7pI6O||xk{6mRK75ibPVs?~`NC}Q$w*~UzV2Co=Kk5blYAIx@4{P@ zcL<;0py-T16Dsg^KMTGMJ#zs*F6L6g9EgSpTx=?ZwK7EWFINkd5KWJx(ikR(z5UsX z=-965u73m>8NFfT1p=D4Mi>nfJv>gOJZAn4n2r zYcp&k@grcG^j7!kh_lL0kTVQY2~|Qjee579d#G%3MKk4rx<(ZYrFW#cF;E049x;;< zdPI(OjtR3eWm(X^t@av}y!~lm_bR|WS0C)RKW||8;f5$Z)T`f6lJ_b&qeIpleue0ZnAPTiMRS4dp@JP>@!LB7S(2QP`;Gm*dG!Jh;d(T;D{1) zEByygl!3|!;=9_ON;z|7XnoIV*Z8Ymhip8K<5rC)7w>F=4Dn}MImkl_wmRKF1^(#` z1Vq@1#rd-a3dz>>nHok@YQ^{kU_Z)jCEP9e35UtFu+1X=padO0`0NLWqL$$6KM)s1 z5W+d#ba#naHl^;%d_EMh6*jC;QJ^|7+R(>&04z0060v^D3)N3t0|% zLG_bO2G4m*|8H@EfCWibxtWs{)g=k;^{V_SDHfWkHMII`k}-y}W(|T`*qQQ} zZbikVdA*KIVQbmBbsdrw=f%wa;>(CmWU~pIJjJr5xBTpfv#=}U%0U`sB~c22OSLS} zRi_iCMsQu*ah*wIC{0sCZvXTGIP;i*C_&NzhHLXH)s+qK)Q(n}VH^Ih`mdyVx|U2f zBD^k`&TZ7@tz6$cILQd=MagD-DND%Scyt7PgX?koLuINX`la_Hc1S6Qw9pHqYZ~423)yXjN*>)PXoR$WzgQ8X? z7HAC2SbT^lLthJh)UxZ$X`4w{_Tisu^~4s;4c{6{n!_ZfG!e&wFQFuNA3^oFA7G=i zCo0Npi6EUS-43b$xbbo)#k}U1-TWka)eFRQlA83TH$vm7vGzT7+>&)u1%=64QuER? zNI@~5 zLJ98-6mB3XgE|k$_3yX)c&v#xfOgV;K4vk|Vl!?#U|gD)-|r1Ar7SaNtkx$8I0d9T zuaNF&LhSG+sIK?YP>1;Nzn0(ypidCeoF2|i#Yuof(v(@_nXLGj+uJwRkZ?PTCI_r; z&W}e`kvoMLq8_Q=4!JG`i2K`Fow#2P)u%Qzj0qN4=FxRk+SIXq{rZ`)WqM+T8KrtI!`G~KUPw{&%yS%F9**EaC}zpN`mQ zUkkhE{}lEkwwJ|$ocNa#=+iqtRAKPijYI*YDQi^cR{qil&m&ZelUtx)MD#IPRyEe>&%SfXu83 ze|9qDVFmw9z-JA?r@1}nH9q-?ZM#5r=Zsj~X0*vI7D+8{HtpndPu94A8gF)39=$pO zY@dyQpH%J`uw16BZYATiIv7}d%+)ujU^T+O0XL3s`DuroLi^z9U!)hPnr})Q!Qq`k z3S~ye5UzH<(c?ct{jbumk09=Gy{krfi73lf@Q_J{FPONaM!rMmY9${z1Bg`YKe6(kBb~f{QG}AVW8YtF`2~0aE+ z#~>h})pCHR{FlW+GUuFCZb;@#01-LzZ%uYbO=K^7(1nBa*c{gSXwu?{*R!UcXJ2Sz zyFi-<gvbC8tOW{re+oG@yTxva-5R-E4So!1z!Z|OA5 zN5O>}hOWjOB|~19N-uuHS44MuC-iQyxQ&OUq3%6-U|C+VG3zpZxmtaULZh(v>fBlz za)JJSHRcyp?25koB|TlBgt(LxHZu(NYcfsGjEF{L3Z-s%B8tr0>_Gh1RmF${560@L z)EAHW5MljzNL+Vlchde2Y*^0&Pa4eRYJ>2?{pRJ)QiHGs%sq74{@9Yv-M1 zDJZq`?aytjM}sC@#NNo=yy-6?t3A8g8aac^>+J4)UeOALaouX@i4_KKWTcMwYH>WH zyEUcmN|-X>K0$e$`of)Z7Rb}n76ZcuyA@QG*|{A&JI%sCW?;!_K4T5dk& z=39Oj0S3>BL72MVy5c#pHDBSVUIoTBn$WMQDuxo2%OKa?00ci{W25yx4*uTyr9N+e z^X{(5PtTiIKI^Mu8Rm-LRLKjLEqhp4SkGrhZ1m>`CsVCt*kXThaB~k_r+I;q=jnl4 zGA$>QYd`GmFKySifoyxb{aulAuPfX*DE5W_iH~bZ0@~ggSPYz7g|AnT%n~xu92%da zO6=~Pu>0DY`lQ!la{!y$4Vj|gC}|(oELj*O#^wXfqviou4k;OaMn~1vM?u=(diu#NSFD$YZmK8~Gy@7*hu_?03<(fS^)j`mZhkj6&a*L;oaayd$OTxQX?38@ZWeXDGxV8BoNZbz$sUmE_D zQYw0*&Gs`hGZNKV$U(48dy{pqzq~&V@b|nOvM$4rni?TuZ{)~u-}{#4asT?x;HEpb zANZ!^{CYWgqN7K~GiHJ`&a?`w>^Av|9$Io(*48t#hd3Vj0KhAm>!(rE`O98ojlN#nV;CwTT&+PRR%-g6+$mEzfLwTRjh z_{nGdV7dZ(HT{9>q{DzE|Eu>~C8gQa)>Y;u8%R@1tw2bnS}99O?XwwK?yB5=j}E%z)I7L0W*)0&d&8^vA)0bUPy*6}MD}%8Unufcp_HP%wp5 z@55hq<-7@+mXlKA$xbq$X;v{h8$pRq;;T#@Wlj?E+sri6;L(`HvC6#%Y|wa^mQq6L zQfva6X9e1j#G;AvSCgALR>u*l=%P&>TCc_E=go)PwK;L=D$9DR>F!?{kUlV35#=xX zS9819>8OSYTGA%<^ucR0MmV`7Ff8l2;*mybv!)oqvqd5~+3a88`fNNQ=Wm>%JF@_% z&dOyA6y)$rI~gy_=Kwh};i*4GFg6l>`K6Fno;rfUzPKCnhSebV`<7#maEUL7(`#kqo~&4uxIk`!lnE1D}6Uz;e`IZ2h~ zKRw3PA%70Z$fIAp9vFxk50!b&PvPXWlx7P#Zv=Bhziv%g*mOf`7RM_HhX=;ta0NWk zbc{Uj#`$?Evu(&WA+^nmlEP9Tp#+0YIfD=HeDpmg6i??_!G}VC;Hu2oN}!i_9C3vu@!g6zNi+< z=#Jwi*8USFyaQHuVM=Z)DR0Iffes%ZsI*;oj8L<{jL$!~JF@lUov)wgcRM>aGs#M` z%G(SjA@QU2x<293u&jcz?WK(E|B~b}qzmlI5Zb-0#BZJU>}J=`L8gtz4&=r0AF^9V z92uv=sPjT~fC@n52W{O#(4!IpUOLIK8Nt_whg;gNsL#p`sKE{wJqj8P*yhO!Kj}w$OvZD6qpG%BkdMx#@1p0M$w$FN|w&vxpD8ZQOS|P7Wd9@#&~;$=QZ&e zU~^|M7bICuod48TB>CQZ7T#&KSjs&2eo@7;e~}>OtBNp%5Uf)|k^_j=CrLr;v{Vvi%y``_6WgXxA@Q-=}Qi3&&5pZ{> zwQkzM_?mIS_58GziufSLML}L(d5P4+bUug>OFIAe`F^7^SsKw9jhER2c5|@F>yQq= zaa-B9+Y)7&In}5-JS9}n@A0^xmyVf;z(kHX4_8aIy&o{etaLmdP&3@GNIkFn3aB-J zjlKELui*>|w4AZ+g5n|2d*p+ivd}9CFHf)Sb$=g7_6mYoI`sw!Kx>+irL-Ez{bB_@ zbF=B9vspECyB;pfmmpF#d%mo7U2O(1EcXzI^t$cK+fT+|p%uE2p?@T|?hs zP=M6?M;?d0os^lIEwEu^pvV>>Nr(|p zNLtSc*1y{nu0vVLtl3#xV(b|BgbG%z(@*q_(x&pqG^d*e=A)4fj*N?zr)kuUV|M|F z+FEil;qeOVFyW{BlaTU`e^>waq!DC2!PmEU+Av~}LVw_F$sFX60L(Y&z2!V~E+?AA zHcPEYcN^4axzku_8c6zkJ_q_XrXc0{GGNf}{ZFF(Z}#^`1z;)x(|^kJ#%0wWbByP9 zIH{JtJm`0GyX#fCQ`Enx7w-<@fHyY-Di^#MB062vaoN@iYH|!p-DXcRE!DVuarKOt z*DDf^r~%GsdQj7rM~Vfb{6Ed!S1$akpbE$};akb=2 z!-*HYiyu>7fSMAfv|sdE$QBHB6e&Wbmvp!Gjw!krN`{hotq0Px*%L9?4IVyu-Y*Qq zVce8Zu$9HtmCb>jEP&mR9m5z{^}^nQ*%X08i@AJ`z0?xaONbDLT)O__wcGkm3zY#R zJ(k#5_AF&&jPGrdlt?Rq{CY2uHZpNZQ}v1?uV|C)({5#Kj$MW2^+n&n5x@6{D~oGpBO?p`kx z&}ddw9i3|3c{Do;4_h)gIpU9@1h%>pL#TfIo-dJId&kbcXr}WC)pa_TsolW_f0%;B zkAAhaiuZ0yZA!1?GGQUQZ7JG=%gMFu*Vl7#bC@;^UZN=iRt(vN-Mr1|qZiUoar#pnw!v%54MWvMU(I z!%6avXmX{ZBAj{t=tAO+llP6d<1wq(%I99_9bwSF-xhICVk1a;hG5`g!{K3#Bd#W<-)wQy=LOfb6Nz~{ z@Z=~j=4QNaKqvbXILim5eP{OY^@)TcJ%d=X8d)jL?RMQ-jDB_^Uxe)4FsX4BY@Mee zbFij>W$KSnTSN&aoLJ$LY)R8EE9fhP)raJj81O%9-&(%5nhlX4lqcUQ z%!m(sWqNzYR5ZlvTNTa}drjwXWyS>5JDG76Wg-|V4f?=x_a?w8rNfp++viZ2zBtNfEzzDMdshW~?}`pj@7m@Klh7&D+BKD#gtV0#*;~kmOwL;7 z04@9D_of&!s7VvOzlHn%cywFgEJ&@w^&(q}$xwHiQbybBT*UEkYIXGL>i;Na7TF&tjf9*9!H}^QW(z?$zP-H@Yi`kYLEBlIu&dE^l7FXY5Upmw@8r5sH-S zQ}A@4eNKWtuvkBb-^ zf5HFIC2S)FGgDXoTMS!r`|2HnB@OgSi&GaW;1sTdpG57xzV=a$rL{N^Z~e!K{bH%X zM4LKH=RxS|Qv7kxWMXEG(KQYlEPHB3FD`Hr(;iWYV60h%u-uC@AAl;RZGfy4AjD2c zhVfb7w`@O_xt}>Ojhyyc9YYWi0de}ha2aGCn?deS8qJQJNrCyoSTk$kelZL)q$3Q| z^`V*Tb>x-^);EQ>%*Cfq)ME?iY76$3WBb?Lyy9ukX=sDdnz=;DKi+KRodz>M5sQ9N zH(43L{tZ1sC}Qq(Qp9cQ|K@`KS;{EzcXr!B1M97mD@R$l~`zNfg#>K z58;T%o4|R=h`^IC(}9K-moEW@xH!;D-!UlCyzmhlDE9u~CB?aBx?0V{!?vW{a*?PQ zN7@M4$qddyWRS??BqkLJ1vC&+bo>o*9Hl&nY~e^=Sp%RHIi@LxHDWHp=Dsz%K=|Vu zZmmR<$o)K50x!nOLBmacm*w2d%vwzm|Jr2{Xlci+@!-}-f7#b$@}q-KZXWlOl4*q) z*YO6C40i6_B}Hb>!v3v?T+C;p958Q0Z303<`>{_iIGpMMp~@{&NcZrl<2`gDhx=CBjG zH`PSm1Q9_93TTZS{7?qg|E^7s2|+W2cIp96!kKdb5*aN6NwzlSObIqNiZdlOBa@q) z^n?stJs@08j9+{+N3{zP#Yt9`+>-X~HAU+6dd{$ZreY-per#MDY6fXF^Xlw2CFUoX z$R%_b9~9-2aGZ0vx3)_|I@CRWW$7tT0!;9A`x~w~3*hSxj$R#mrZI0PUvru6ACftDY_TFjAGytgEMjSFC=S%V1Hg_>or!g@`cUZ%zlqR<1Fotm^XkZ9NB%Bvg z88(Xb73@5`-bl$o3RYp6@3_0*o`Hjmdil~a_fd|K7D}5#C{Zq1#uHd?`Xi|U4N7hU zakB4Bj#=^16nT1Wd1%?(D!-w+=x1tF@MMKf9w-8pEj(j+2Ty+1LZvGQn<~S2Le8>8 z%&AZx=^OWcF>n-KLqs7mY|`k43p@KUVuGEB);9-7dvbRO@7R_-n!4MV{qQiL5F<9o zM8{RQ98-6qvwf@!L7hlm8D|0f@y=@@rR`2{6Nj>V{QqO^tK;%Yl4ygwe7I|Hf(CcD z1W9nWK!UrwI|O%4fZ*=#8Z5ZGyIXjd-I>{$*;#q-?SJ3z(jU-utEqyH!={+bv6@a2F1(7OwunhkT``PU&2>r5u`9@soV15>3E-FHa& zCEuh7yp+*q5CO&o2JlW2DmnzM#@Ot#QAyY(#P_!FXdhX?cXvN=ZteKW%SQ!HFS`+I z_xGs?BV?I9jlNmka4pP@xsJ>E{uGG?CNF|S=&LG>V1zOIEjdI_boAAvL2Q|Z-(u=W zmB#nrmoNvUN?KyD!GfG?IO)=(Lf^=Dl7@B>LtT&<-%Jx+mA$<$%*CLn%3OF;c!a=a zCJme0$XsfX$j4p|KiI3<3cso91)7I1NhLHgt+JDzG{M~uwPFvqudbe{D<>LhzQHOe zC}g&|A+e1JaO4Mx;fx!gjX!kXn4iA9d3ip&{`NVTQ=?iVx6#2P%-hw2yGzRjjwGnY zX067J0#RJt*(u1edo&UAIIM2rn!t&$v zb^W=2bj|%!BK*$_Wz-3r);g_!KYY9Q^YiGaAVCuo+N*g-6uW~_B01hmaN5EGc@^v` zikrcYX_=N^*Ib3AZn;a2;;|2Nbj&7b`h8&)yrb9%M#jNmlMV=TQ_x!&p_BR0C~5+%B8dC@a@6Omj^|c}b7&NVIf3*a7`-wdzq4!0lfL1^qFitVDQC z?{~M#^58u4)4TZ$@wacyKdt~JG3%d6f&Ozve@$`z74`Yc=fGCBmGfIBqamxu+cXjh-fKytNP_& zzIzv>o{604#&BjJM4iD@62%SMQ>ivPgxKS!3a6S>7J&o)<%Tt#2~ z^hUpa$Nhja-oQ^OFf`~>=oSci4>miLi}L5_32IjV~y*daAqFgxgR>?y{nQJQhP>OZQ^aFg_Y93lS_a#I4TMW zZ9V}Z_qGKC;@+|Mtx8(hTJ{5F$Pm+iUeEtA1e9&U8XA6CPc%U8p`juUC-uGC_rG!D zHxQ!b(J^np!AvV-G+%^o#$lget}0X!Mq&=#!v=#ez+TmJP$xsloeaV-5X_f>BNN3a z6ge&q7?!Z_Rx{|+pdDk#W!o@38_hCLD=1E`z-@$087?U(pmz49F5Q9pxP0Rl$3;Nl zQupaSkA@OVxEsh-%RJ3Yi1&7(@Mb5b6od#(-i%hm`i@6mX;!hQ^Z|LlFxNn2(lWmw zEp%^%45X1S-0R@Fdy1hV8T1)wZ~^uc-M}t#>dw6VgYi8l|CkcDsH1bt>`ox^m6W+VH}s%`)z35w)G&yq#?-T;GFck(sdnn4 zJzb0h4eCc@gVa6N5Y}{aFnxCNzB{|O0qV@1erBh!3ipY;VQ|CFLslK5K|of^Db92W zuW{OvWE0L&In5rL(!~@Qx0wB+qcogm;@9bCYHwdnRZhtgq25PhEufzc4Gfu zWcR$a4wbX)Hiab zW_=ph^Ezu9u?e5zv}PDJD|?v<@G82?3K=N$Q7a`|XY@6OwW}+Y*8LS812j^d<~};B zwis2_?ITFA@vR>XQOq3xo7vS;hD}PRrePG`Yx!Oa+@Z-mZL>Af=q+x`h$*|E+>jHo zmLgMe7zAAyQxM4gt$O^D43KU_?LPi?mc;+(ynp}oAepvxFcy~a)7nLcuJCD{5IA%P zVP)mqm+dewKD>$bx7^y3=mSr*6@z8rRMthTx_}VYtBRbhuveeV4~lOmz?SG}W40X% zs76gu@V`=php+L-*-KP?D9XMo9zI~z3QwCYYt*ox*F8$LI=`M^PGuY>V_{O!jw|CN6wQP0lD`()|4Q(3YcfT;iPxfQg4i0iWDrHv3Nem~| z!t7b$6BGu2zt2Zn1oPq06eyafyGYpq7x^UIk_|AW}{_XRil1CoW6 z)#}9Cb^UIip~K_;DB?(qhn$a(kf=ZQ+Np!4c-7BM%{vFA{aJQ$n%#LUylgoCQx0%o zRHu6xz-SM1*_>Qmk4Mm#0FN$JlrZz z3E_}XdkT`YkU4J))QROV!Gh3$dymtF!Mud}&1$HmS4G9V>!2QiX|w-HL`exa4xF>P z=px-_kuw}j2YURyOj_FCjT8;}Aays92AQ1NR-dro-ALrbV6gzm>8fYjJl2P=MbU8@ z_fK!O?s3PUD~(qzEwic&tTlO%{%2PE#dfOTTwJp=jv0&09(m=7r~Ai=?1w53%&rVm zC9h(lh#-CK$-;EMtQB%8X16L!k77P%yO@cgUG4Kl59%-qBb6Us>T`gr@zC`P9F&TI zf5H7=ZI>S)5y)b)#qwiCK3|@qN!&bgtd#F!ptG|xCoI`K+e&FtvAi1*|LgJ?6N>a* zRU>oHZkBq1-?|!Kmg;w~fJP6@Ba_rli*WXJsrM-&tAyWOmgeU0iqteBs`m%v-z|K{ z5@<+Hn!>#lGH#WFqyNIhF)rl~kZ^B9IC))CHT?@J?_ojR^&aU3w{7&94|xhR)(a=Y zOyqgLUs?Zy&)&HdnSNM35xBvtozQx_mwruF z^TH1jltP3_fvN{R*?6Mf;R4#y%uRuRSGrwWJXm9sV-le-F@P0PV9*zO1bd0cKXuoE z&XXPRlFYDfqMO+_D~2>HT>G*hge&27p{WUQKC!tSmD5|fPo)NG4DcH6Oi(m5&dS(- z>ogsuelEmdup^TJ&6Ov6Da7js2$r2X2=Up**RpMOTPdNR|0EdwOU36uNtQtrz}KFH-ke-(9D< z8_9%6@-VpgG5eZ_6{w5h7e_dmmZyd{GmG|!22*oBE>xwm&P{zpn$ijuBa7ApAs715 zr&i9J(;E4;_$8+8zt0mwAPeda!l+SEQWE0((vTI6)))AZ8OQpE6%D^7C3uTjPP@u; z>iYQd8T_LW1b!BLkDkctNcz2LMY-wn2>UHz@~_8O{g;#dkHd6B(NA2OC8eZ7 zCWoMCxH$=JvMEcX_rlmNqE0r0FI_42bnysCi-M6-*!*p(M|9r5-vOr%Qo5n0U!E1 z(ihYqS-HMvb{b`OnJ?4J!O}=%Ho)2%dPD&HMc4h-<;Rc7T|1Asi&A!_unl*q`C2$g zKj)<2pVD6isjm0aKCzp}3wjk#8;HiG=L_j8tbbXiRmQ0%S~Q<2ve+~V65L5<8>mUB z9=x+t)R>9#eHG=5lPeX;w3i!6+JhR+i<*Stg^^%E=JDJNBSU%CD zZJuJ$Sz)s{?N>zv4xFrj!=)dz#BR0_Pm?bkW(W4^w)HmO5^d5ZG_Fx{*SRl+8I3)U8S>eCqjQ`Q(fC`AaySp>d z7`S9&Vj{2HLbN{>XE2uiHIc^>=vRD10FKQO(JCY2ms&xQ=2wu9zM0&j&h_%@9r~%# z0k#@Ot}&?0=7&^7t!J4-b%0Zn)B+;>o(mLJRPLjI05{9MSXQArB7)$`lcOWgh9(n7KOXosD-uNY}OahdOXk^6>+pHX7a zE64-ZuA=)Uu$$&xn~1lS1kuweSQ80p&mbZS5r}UuMM7KtjwoJ*dfg4T-PsXg(6Bt# zFJowob|8RSVXKNJZQ1^Zm;(tF780DAzHeFsI1`lF=)wy0E?>mi848O*-ACXlH4h4V zi&51t9KT@o{9ZIFa|uI(=_+2(dqAupAvVWq>a(=$J296bUJ5#`{+-%t;Yk;3BnhU6 zFw~w-!%p^jRO_gCk9@O_erlhc2EM3&@Af}v$ToYI%8-RiHdQ*6uOBe2k61(b?no~M zcQy=kG<}W>L5N-$DB~(N)3JWqPn3_2>GuOeK$@pUB7uQ$EJuSXHXhFhUiwAn_IYqA zYYB47iWnTb6CVw-p+awrF7MlC)1XEIA#m-po&a2xJ~&t_F^%_(kUKWnzfwu zaj7hLP@qpW-x$6aRVi(9k z;ILCL6q}Np1Zv&!HT#YqVQFXA0|xTR$mloRA2CS7!?a1ig>&WE*3+@ zawu~e!jh4;}|2PB!2E*wT3w>T@zz=b_>oN{wA6?fEC z%uh&eME%zR0V4SdHM-nEm4nGr!4x}Wt~s>k-<&>#p&6V=FCL>jw}8^nfPpw+gFXt= zo}Jq$XexR|uQ`0Ax?gkf?;98>>tLVfS1s*gMkF!;PC1=6vwgOK;5_N`W)#~J=P%D* zJ9-B<M<|eG1ZN0|C9@wWjF0gBV#9Aw}cKGq$T|L=G2b%fjX2+88BtZx&X+LR0B@L0f4)a}9`4Ek5am)-OE0P6Ytd8Mg7-0p; zHYI$VjmC$Hk{uaJqZ7Z2V4D^vZo0ss1`APDUQ6Aa?3uncW&(L_zirHpuv zlqTxb3*3BNv}>fbc-ju29R2Py&^Llno=GF+$J(b+0IMS@ji!f~P0z=tMPPuT(_Jo3 z9=6t^%?N=j+TpED_48bzVE|Sr%CQ@dnnF@&X(ZZ*gm`I=#RkpLNm#s|Afu_@Kup=^ zhKyK4RM!XP0pcMJ71C3{6O@XY2}$Wk-3}*2MlA$Q4M{5LM~i`eE#l)7%l-4G$I11% zZ^jMY%5f>AD45!p4vNRA;d~jJ4l^#3!BGJ4<;H zBVFI|{JWhC6cX|4BS(T`oIry?(>rylt>MrB>k#7;7;XuP z#|l$kCmtJNJbq(03by(xJgzQ_7wIb{6rFP@RTOtP({<43Ehc)nnrO-$S@A&s`+vQV z|9i7Vz!?Uh8F~zJ4p7avD;FXPp7?g7ktnmN>9HrpjY3tzYA|UGN#pn;YDSsI(!Ga< z&JiMD%)zxWQ*(fXhHe{Cf#!d~&+oD$mhYooihkX#G8TcT9Cb(&+5PiieQ>N~n*T>I z*F8CPCa>ECt{%EJ4<>RdFn!qP>34lvA^BSvYRmNsvx-spq|Zv645@Wsk=QkY#KPHr zI!qQZ*3Ni}5%!t5^Qk?lwgb};U(I9As!3?-%YQ$`f3t+6-U@`*vi03vltFgXd;{@tV)Yez1H~qr zXCLS4(xW53PErnrmI)fw`A8bG65*hPnexGAyXw?ep+FI?aq~NdX1xo9!0;KIVf0+{fWxT);{P*2#*c~7}o^0uIhwm`=pXQPZ zH)q9T;O5CtsB1s3w@6HgUoyGOG&=2_PC2+V*`>F+arSg!m0sEMo^1%`>9_vn*>T_oJl{;`(P70Tv8#$!Hz!N-?!P2jl2 zC-UxzSXd-V9aPYVbVxT?q=aPF03 z*^HhFW+0u*q{*AOf0^q4AB>cV3U9^siIn$S>Ub-7fB(0gi#c81r?WuSgh4BRPmTNQ zrS!+%6T3W=(W_Gq>(_fjtx#es=|X-qh(zp|m&p!2*R~1Uw3?(;@1;%fT2dd-P54K_ zVsal*lnYgLM~XkfFYsS;CqAVkE`}2_)zfIMvgc2N$0$IuzfAMf>m>mdk&F`u^`v}TnAxz|cd#Qaq&U3Q`6i!}y%o`M#;evmU zBL3+IJwbP`T&l?6m8EVrtWep4HtcareRmIqeiW=_R2B{kfv*M#J!*so*MS5aH4LVw zlYZ?fT^#8X32<3O|Bvoqlejd`^vyw_F?`2~>`}>bk@)zn!Au zp~V3!M9U`m`L55zdvoSZV(F2fNktfU-+U`kbnzfRBJ}Cg4LTF?4R~213u>2YUA>NA zi+J*|QDd!-8N5@fC+4Iiq=^y zC;mIC7R|{@QpgXL{Y= zm{{2YlP=cVhE4~XI}I6|LA$*kVT{vykGCa>uw-G{> zO7X$yY78f}#Z?W9UY65c@DzI}KA-&bmWShUSc?sWoZ~@Y;tXV9GJ{$+PP%KsD{kI% zCX>mc5co|Qy3lVQcqAgyfHi|(Zm}-=1wSnL@X>acR@>PCcB&*1j+mHu_^xOr4V;@| zR}f{Q9quGNRM4e?ZKM;kLMoUEDn=^OYXeq-r6d8j3Bi>I>qvKhFeeEE{s*>c4+)bFlj0Ase1L#o$Wg!g?<3%|4D5#pg>@skc7$2lEhnb6P|LC6{rBvhFM7iF z5^~s??h0oMz!2W|APHWpq}Q+4J7Pv;^0{Iq82KD z^V)j5pJN<}T<6S+oDq>4JZqa^nqC;Lait4Tx|8nh8d3MPLvKHZIRsAgNc11ox+knKlP^Z>;*#S|c56UQPXj4BWmV5$HuEP_2V#J)e(# z#ANVhFILz4@g?cTOn141jrn`PFB#5Tn2|)F6OpKGYwaPBdqx%_U0IM93?Vr9_s%9u3^zPv z@9(9FIEW%x@LOSJD!;DykcPHQFo-V9e(oHxl)%w<3v~*=go2es!Hug|H!dBjqB<=H zGhjtx-oh`-Ub?~2Di`?0qtpl%)(j(z4RK=r`m5j@1-ojr63-?Pfyi?}m3(e1MdBva zv;7#T!O_`SeB-=K@rLNlFR@0j1DmN(-13N|q zvJGr>^!r2Pt0by9PRx?1YEoRHGPm}ZkkB{Ai|)OT;TjIhhn-)$q+`A3V%7cwi;Ia_Bic~FBXW*1%ggaoZ22GFdLYe^}l@`%n~&!Lt|qb`w`$ibfSP?mXHSlkX|8Jv4&`vIkR;^xRSiN285KvLX-6FWm;`ydbEfX7hsW?#D{cE4qzluhUZ<{eojrKoN1^b?fg592%JTwV7uR-1@wP2%E zn?wX^1drS={ANEdm}ln;e+6nB&BYYhcOCt-D*xLLe|rUhT~fSmLP>EeqVSM((lEtQ@LQ0vzI+LZf_fBSI>3Q!#WKh|ha1AF zbUON-Ct&pHc(+5q2rfAs%y<)mK)3T;uD|$+lXu$+%9HO@D7H(xB$p`sMn+qvx38G$ zw5~_MkbupV=&ybm1MYi=BEBz%C}A5NK1q`ai-_|Y=d5QL_Z&{>*D+M^55_AJs(mDe za=dH==zo<|>Rth&*E~kkdmP9iqsqP44hOt`4k+wO#W_kdHA*6}uLwh`>>vzvMYf8K z!Ut-PO{-UTH>qUPdv`0bl>%=qj=z6gtnfA=G={&w*z>y$RW=xmcyvI~0C-$iR~I>b z(U(PT`V(X@P;r!XJLh2Wu^Mj8ie8F#0R7ATm19r5EeM^qZSTmea|BRM6Q2tTK69YR zFaQ1vDEL;dCT`r)KCPP(R%6NE9xu?ejYJ*&Fx2>ca5TA6Z>r z7kT;YVMKJ9mw55ED=y7M+$eQkd93SO`&Qp8`+CKc+LDg(CBk_(+1jU^&h=X=h;Q+z zw}->QmuLZ~Z^>s%Q2W+(|h`cE89C& zOD^5@_{C%q_tufYWc$?OllI2aeBcheF0zMW(EVvgYS7 zZEsn(#0qtKBDR4r94NXlXu=15l+G&4*AMDp=mr=DwIStuH(;YVvN$mRFwS3j_wOA2 zZy&Ltu6}Z3zSZ76)~DkIbd+C6D+ZspR-?mec`woXw41%jLT77CB~mN^YC=(1Z4KeR zHk%p!b|eu&5R4-5F#644LF=~78^UQPE0Dm#VI-X||9xIW=cU?baDSyt?Pixco6V5< zyzTvcx~bH=dfNZzhvw>n^fB3rXbXTjV$7{M$j$6#pwLat5DkKjN5AsE-%zl1; z)U_s)1vKYH8nq02)1{H(;dsuXIN@}*8|D5g&pi5i0joc0vPePAe(4lW%ITzkDel5N-nKYaepKC1VFRm-De+A-7fLBfc>`LtB{ViMm1Ht`U zQ)@F?Sxl=FsNU%)n%=<MLLfGV%2Njc^qo08IG_ET$jQ zSw>1qA)?vg5KlIh(^`TDlTKN5`+Hhk3L?qL)-W~JVs}puEeBWRdT*q`VuO8c-plQ~ z4g|(bphx-R6#ezSvn59#4~A9F3&z$%@i**BC*aqUjrcA6`~?v8E_~3D{7(!-$0tNs zue1UoK@Dw(I$(v9A+0s}F!W91xBZ?dR_lC8<3Db@C6qK`!4MYU1HHniMiZLwx1#Pw z_g|5fwD~SacU_A~v!Lp>yfE0H^5W78(+;5PQv?3wUqzI^6h@vsuSu=VP_p-Xy$
nt`^o%YA>V_|)iHc&8H+WlM_9I)rzb zW=ZdME`(hJ1Ij!m7@8h>P-E-&nX5dn2*WbCu>+Aa>~>~4GqYW>04*6cI;?knY^WN&DBC{$D)hq_ncSrGKf_`bCky(g1TjW{r?1s`}5ql-UPQ zuhY`hw$)<0Evwn&RNi)H+>4RvGXWPrdE7 za6p$;j-U_%Ai!siytsF46nwgF;F`=GGwjgOxL#Qw$;}bkS5YXRin(d!Coj`IHCd?p zM)Z0`Q9}FO?OnL)FV@pX;`nSBi?HO3w{HGCnSWxbe;j}h9z6ZCeVMMMRZE}! z%X(KXMJ@3;@;~`qTYOu^he5N$?+Na!tE;!;C_I3ycP6m{v;}`$ZUI`CqvGS^1=6qt z8Lh3Yccx2;mpq>y!FSTM-jOr{D8It>M1d6bBY-IFJa2b3M>YnkQ*NBwY3*EXaR#Q{ z2!`jIBSw0Lgf~iBLq%D>593^J9J(HVgY)!k)x0+$RBZ&>3m{<%ltY8x%D*zsN`ULL z0$)bGVJC!=(M7tsak;xGW(taeYQ0#OTxMr7DC5ShXxpHd6R;&9{->$@JA>H3i#~8d z8#zzL(QEu@&+b#d=CqY$9F>}CRw$h{dp*e5syh%%<8Q>D8srEMuuPs2e2HRGCf6RTs!wBr zIq?qVV)Thi&BxT@ks0C2k(Z)z4RY&`-a2}nxmr=g;t1;wtdz3$>K_JU-@S6ImZ!oh zNI*tVG8Z=uD}bpSJ%_YgE0*-5-*NNJYJ4)d30!<7jAd6Q?1$yFlZ%}rBLxmVWURNq zhscx%!D1+Mu>C9i{x2hpQ(&9GJ;!=Rv*#l7jNguJ-NSVR&y_9AKN**#ugPzl3Oaa0?30^) zKVxDBVudzlZ?6}g^cqYcLhYZZpBqtl9HJnq8FcEsla?8kE#hcn+xJWP13iwL!lW?= zxvi=k73*=)OSwk@$@*J-V~%_wN-=YT0iqds29#l+PnaSsEzEwi@2cwt-A!JqNC@nF zv;snUO+RQ?Psk($*`tS?i7@rWGIWOEOA+exsGQ%Z$$x8`60cc9!Hr0R1LTvLx!e2) zLHx!|`hSkn^jZxV5YUKyDnTbFCvJz4X$qP7aIp+pcq0N&O`Sj)GSn^Q4J8gD^d=TQ zekeYN#mZc@>3~Wg{=hry$Gc0X%_j@OU_=cZj!mke8w*nY`G8{g(hu>>xPGf8}hHjR0z*1q9oJ`{iYDolnyvK_VR!#g&lT3wFHA zlgLGw^`*}zrs=mRB^5s)VA2Yc&Pd=tBBb)#g9S#Uc6}Y3?mooR*GHExP_$MokjILn zixZg~*c_{}=DWFbnY#Z1NPPEUGo_@SRsvQ#oZq#AdL~UdtPfp^>birbSZ4jEy;Vp9cN?@xI3pWh5HKum4rczKItb-=k168p+b)Mg0N&rhjL zBM|CWO!w<=k*|V6Cgk>;$dg+?YCQgq4eKm+A4jLMC8KlT2QH?RX*ykUvsYNUz~YWu zgNljiU#wB9514IrlGH%_-3t162{ZjL}B9`OK%zIuzf zDmYeS;P8E!go?O%7a*$U{;*G|E#|L_1iymhHH}MYRTqB38bLNTgw^Ar7(HgNMU>(U(i0w9GZ%4dq}at9kKk0jsb3 z_UZmojviJgycs6@bqXAv5;!COG;*4b6GkN8cy=4sk?VdPo3|3}ONy_$Knd%{{gVBm z-hroNF-Ym#qvdBrUYBfl8QyzC4LheTQa}H=huWy?Kc=vM{erdWqukEnkr`6Hazhk$ zhvi=)jD6YnRNOC*`VFf8@>)Y`p5qp?)k>S2&`g;g#DDCRsN!f|Tk9z`r7rIiANpgGF6aMG7@Gsu$N;CLp+un}Y^a3t#bbPEFg}j#0 z`;!rKwsO_yE{EU6X+aRCYJ=UU7ASgpwTdr6w6=2?)CAxtd>5!wMQXmKtv~U|B_jN0 z&8AWl5e=PgHxs&(C&!cR`M&zJwh92?*Ea-{E*m&MFUr*Az`Vb|AHc%IXNUGbmN@HL zci@7QiWaEl?H~;~1-G$@J0FO9*6wC6Z^$1^FWd_e_NGdXu>8msj88PDe-<#_SnN`x z;L~8LYgXGEV@(vWe|eWbDZzy8P_Tm;O@>=R(gAltis|ht;3M}D2@*R-2rB)y=2=Mt z?ij4Yc6_lV5)&I06jrJC1ffgHrI9KQLaQTiCyeBKVp#gATl9Vvo-6qKlPwgX4t^Mw zjvFzc8H}hMT=fD9y9$YN(VU-aioJMiJGu=Z{8d`w)|~A2CFRf8p?e_d#8f6m{wfLm z-g>_?rT0$rfJ4<5LrO|2k=MDxh)=EvSS&CUlES8D zp;)iR3p#Az>$KWfRSFv1lg*;Q9pP{8?^k!J=BQObk#miZ+mR0uT&w}>ak6rmX1k+2 zC{|W-8%Le0<|x2u9T4F-pkPB_+RFFr_xoPy${`QuK$d7W2Vade`vNk2 zow=qdhj_MH<20y#-?Fwksgl%^(DA!7=lM+~bLGiep|926keD&DZT^u!Ldn{swg|If z7h)-Ltj))YqFt=XFC_?#p_+Nlh@1hP(XL*E z=k}0#?=j?v#JqH2NBDr$s~bc>#)4%i56J=V)Y@i1xYT_bv%Sdw*{{ox_f%i!Ac%M8 zs^)|568F)9E>1Y*gH8qrhtI>o0@-md(fYlI@bywB5L(l?BjWyBKZc^Q+K8+VYTQ{+ z63ao6AUirs@*!Zq&;8BrzYt__ET`SC35pU?#9#;j({bn>{VIdq_~9AP@v5wRmLO`c z`ZVzxCNVxf01ln<uAnh*@QNCcpnpEN_I z8gkiJ_WMqlr=AZ9XxCIDTjaj>>2AC31e|sYhweaxPV^2A748WgrZ3bahm=U~SO~^6;&m@Q_V!@d7C0 zuAv;1j#dO0QycN8T^pggL-UcJ2Km-1ALjiTjustBq^qHDOIFB*vFe-?ywG0hg4uBw z)_s5^@4KwCX8^W1ypK+%uT5=; z2ZF7>zBpa-+}wMc`b33SIAtbsbB1)YJw9pHJL__Czh|C!bIB-89an5~^xq0bP9be2 zIxRlTY+NdxT=k!DlUuk^Tfl_sxzl0(QFMXFKnC+|_iA>%UOSkrtaCokwFwOm_t!3! zNMiXQUt^}Wsa$XK;kCsAPD=|^tC>v1ZHGSsr{mGWp@y4V6U&lx9Ien2AbtiWv+f zNHWOTOnwNaaofkHG#$f@Z2NqPHr3;{-}7T^x#>7!0ycXDwEM!$15(mTq`*(FCZFcw zVgO+0t5+8kXS>aBhnGfjS#OA;e30(}AT=r>VfbJIqlgDF3=~urAfiSsH)7H%3Z8Eb zD^wWvrv`2h8d$oU$8!3waz!UlIRlJ+rpdYTY_>yNfHDSd+2g)=Z$GNp0Kvuca&M9? z(CV__3J+^o9DpIRuow?i_EgY=1sGO}f(6iRp!Ph z52joJ<(esJ2q>=_HrgAu1F%YIkgs}lc^PH6TYvBs&(%EPTJj}m=WN`-VNi=EDwKP& z2Jq}GEU#|o{c?3XT zPuD|y(VS&^{Yepp*z*SZS=99K?OC4-pW)g2uvq>yYW*gipK%0xA3*Ju>K~e0o#(Z~ z@UGpbwAhdD?{Bk@=e6QSL_dh-3x6+GF4z6h&`3*UK1~qQa)T-`qT??llD8)QM)P~Y zED;Lfr4H|pTxRvxg&F1o#D7Y0|1t#eimgchAWB`j(F01t1K|C0;XtPw_Y&VPLPy*ncFWkdF0gQa?wR=e5d32=zn{@Z9JcFEBM`Z{EJi)iq_p;@w%+E zbO)e?mb+Y<6lpbLaab%^^<_Dot^tA=U%K0w)Fu}i7S`6Nb%f#_03%UBAic`HOd(%+ zAkNKy;Bh!;n<+Oax8I+dzqeWX96ES^br=e${X*&I*$w@4L)eOK9nlmr2NjOH@0bJ% zUDo#3*SbUFjzu(7En6Sili5riBt9dGsnuDLZj`H(Xx8WOZX@HekJp%MY~CveSoB$? zH7zto{`?)?Lf+v-QETW1tCzM zzPUi&6QYwMbc*(M;4q^e>d0gM_=r%kjDTIbGTf2_ZwLz%GN8swIUMJnnpK#s%{)Pg zYdKuuC4|JiIVc>Rm0EWO+v%MJmlAHLuM8jeCM%xwl`l!C;G69iu5xkkQ@kvi13Ku( zSte_MOPY0OAA*qsN&5UIpIi^Qc%LqOoo>TPRa-wLEN+FbC7hIA5cuRb%b=pJSk@9D z{0s8(t7iCHW`rWuEl&h7_g=P2an(5RLtw$LK~~89hVkSD!KviZy8x6?rrQp_Sup<{ znVggqto89K#U@5Y!1H?1aSQ;_egOg8^RbJjUI>N&P=uT@SX@IUiv`X}x`=t3n0qvI^m6@f z_-Bd+jfmrQz2u5=cDuGm34vasQ`@}t4d6tz5Lg@M_i2txpnd)y)0}-`;~DN(xRkP~ zK^)6&=$!#bz8M)Ag`F1->-#^x`2q`L{X}ox6P@vT@HhcbvKs9zn3KVZh&XP%Z7~`c zMZ0ar$HDn{9Hn`9JvA-Pr6%VQv9V{kF(G8xe2JASn-)^Xd5_)C>vBO|qSY8+vpKLi zk-so8yg8V_hF_rIi@h}^st;8QZ|F8|ZyIA31`b7DM&gFF#i(swdmiU$VXe{TbMOVI zNvJlQF*ZJ`(eDXp_Ca*diA@e0vJ}Q|E9uQEBPpfCuVRij$d$?#T&BJP?$G>@9LRfy z3W4?dGw&B+@j4$&&m+n1+R&0tj!c|4;%R*nqn(CRt2H^hGOK1G02(D91jxz_ZRqr=EsCKvud4MJ-bVrj;T_rqEFw4fgm>wR>(h%i zs`FQ>wmneH8{oUF;`A6#s|gD_G?{|XTB1CJ7ebD2a3+?&%>uie#!i zd2hCP^DMFfoyFPH`;7TW2_ODTTzFK zoSTKKopUIhBugt=T z`0&zr936HzRcQN15hXe>E3Qa=MT~}%zxr8WbbCR48vFL1su2vK0zdK)HB)x`DE^qs7MO+)_|%vDAdC)nKPky#C4GcqCnkFxpM- z8vs;H2(jL^ErQ#`(E^gB-;O%6Anpm|amQn8QY#}vv z5?0sLQF|^dosw|%{+P}%a4T9(V@+#hDjGteNM6JvGoO$j9ZnZx($JcbPk$8I6~)>p4Z8S9M5llXVpJ>HI4pk?o6uLv3yK1W zYj=39@&Z@}%1HZT#-xR>GzP?W!lZmkFpI;Ii9gee4iwNRSblDol*}MQooQwchDL63 zKV%yA>#Lsbzl?={Rl@z9_^B4{Z?(PeST6f@lUtvdaG2NU#Y~i9D~|I}29@fBjXJ%( z!Bksx(W?08-z0GfoTGYt{ViDjd!KXi6I2&QykdBmGdJLB2zX*YVt>Q_51!2{FQ`4- zhdyP2^;(I1*g&Xa(rKB=W^esyxwX?Cp8-d^Y7Cj56N;U2oCT-Mq zwo{y;T<4WyV&0o$Z=5cztOzzu6vmh^CS;f9EU%mv*b}^ZjrZ1RJ#9n}RcErM*41GH z|0`ZpV60jfWAp{t_R4k~vuaa2i4R5>3W0LyP5b@wiQmvNTfYu>QrM?D)HJ`(%f0Js zN;zmlD>I5LK>4X1Gt-h6e#?vY1jXv0&!><=7)#V5MD9Qq#{qdzGAqirACjidyWAL_ z^QAl`Jq9b4=YhPIYurErUAUBiK$S|-K`SnLWcT1y;gogms77xwTQ5}TG|Al_(xgeV ziyd(FaJ5qLx}=_N#wFa+6U|$Sn_y!bmYC=h^ceCtr*mD2a>VV`7p%EP}ufpFZYVhQ}N%}vGeRWinYuCP%C?OyM zDlMg?qSB25BGO$$Ni%epfQX8Kh;)NWH^b1~okO?e&YkmY<=%Nvz-#O6UAn~WwqpRev_bXoE|kf~Py(&5hWHiJ)w?jI zUf5${X$Q}(DQDdr^*qJgm~yWTtv)QRjtFEgm22~a|pa*I8T9Yu4fyE2V!9OWIKl@3l(T5MF(EYxZgwj ztYZ-GljpS_Xw_9dBRIvG)a<~lzpPWEj0bkBc*#D5Zb&gyi#3U zHszNtpX+uX5>!clF8av-@v>a0o)WwE{srY*vCG!$WJTM7>I@ zd5gVILIi2#hunzrwJU^vdGXJME;@kMmA17F{FoQc4)Q%tN0Dl%37XLVFBS9uK0WoJ z^`Md28>L_5cunxjIm5@lhLXldWg-m!=`*}LzS*7w1?`{G ztY6!RMX)Hef*GLs5KVP~@`NF*qnVhQEjd4zdjGhnnc;(094$p^=-XEXdNUd9F0`!9 z)KpFOZ6B-+?HTb7FFhbY&F2AF9{=zulM-fxd%?momdsUXUr4FdHLC-&p&^M z^-haQ9YjuDUaLeGB;Gw)yEEdW{k)ELBu7m(j{#ruHMvG!$zC5vx!YQ{WnwjJu3{~L zzUQe$&$8%=`GZ#Zm~^c^b(~m_W3YN~9#zq0LuNL~Yt*ju)p%jK0&`D;TRoU8c$A6G zOY%N}MbTryyXKka64K|&D~)7NnY%-pV45Y|N6k5+)xWTcID7;r+zuHXj^Ji+p}zeoM=Bb% zkFd9TbH3cew=sHy<^HJ!?e~YNNxGRM3J8b98~yiA*95g(r|o^aj=Wtr7H|C%ocVWu z6!XDvualm5Vy2qpLJS@$`1i?sCy5D$I6qx>4vH3m;>d?enBXCUo%$E= zIdsbAPIedh0I21GPJINXgN3Y&B>(E{YKBR`Y3#I8+J3~pV|sp3&Cq6o;P*OtEEVFg z@w6Z;EbR6&T^rne-}G&_gWmIM2CKtq{GtqfJ4C^QU6SKH2H36MGP z;FR`SV>-lduY77iFC=sxy8pEz9oVO0UH5*AQTb>erjc; zurac*u+55EA##&G4t}7_c4guOHqOn%>2-9xKJ) z-F+2X6&@4w<-n(*~k%eXgdeBJ}^o|G8d zuf>rVaTEkx-hJdrL66U5C8puaN346Vp|g+Ep>D;7TS}Zof_!kuxnFPg`eH+eQIOZ` z-k6}3kQj!vYyB5XX3a$G7|?V#SXTsyX~QP<r#e%a5CTAvF{>V5&!?IXa5p)eHF!Q<7ICQ8LFsykb}5EnxD|NROf20 zX3YOj2bkhUdro5)&LRb;Za+%@?+JAoGCI6D&DD6&(qc->WM(j@NL;lmKjc!+sDy3*q0F~e4Qr~MV~NKIwL=T zUlRJURhmUc<*2QyfqXqdFChHMK5PSHYd~S);~tl{Uq297wj8Vx^QjETAH>J-Uh^W(>lxvK42NzlA^Mj^ggNA_UuSPUQ%QOs+S!22EfPPeBc z1T#>IPE}XW6J%53_D@#^)ed}o3AStyIQ!)2Pr(aCUMg_dG%-GoS)X2LWr!eaTXQSZ zM7E13B;X9TJ2gZ!0T!oPw#beHJkzLDe2G4h46nJ+&Nos^_+$`OKE{#)Rh!$B*3a7ko>k zpU%sxWY4j-7hbD5sp-2^Z$tz~4qYAg@5uS%?b(9yMBQ_i z0x9%>H0^ZJ+!Uh0LHy#1$pIFR?~hbk)g!G@%nC^a6(45@Y(RVentDTfQUl^02(Cs7 zm`SzOA_Ff;NJwOF1eh-As_(Sgw*hZzaIQ^Wct@vVt(SYQevP))kIi=eXe6VFW&@Z# z?x1pQma1*JWBW_Y6pGXtgw4VyXfsj8!`404^PihE*f~3-g<} z6j1D;$e~HfZ}e=I@dVH9opmamvZk4nJh%AU=dRB3AvnuK_lgtk5FmpR%3%G9QTTfp_x8Se><<_?Hjf z%JqbpO(N?dv*X)J2mX$cYvD}?@$v3;F8MekJ zFkBru9kN% z%>6hY6I7x^{2;@8nnnfnmSxl_3o^m(`qJIJ&(*?!(D8Wd0<$(G=;P^%djZY3coPa~ zaCvl!!(E2wD(aUrD$HAxC#G2J#5y~BpSPT)i{^OB=0uFzde%bp1-;QIeYC(H!d{Tu zB9AygorA{iN38CM#ncYXi$o!_<1uPMqEwJ8bLrChUv%WZn6TSl`_$~{j zd-6WuU&fPYWc_U+YW=s*T@kphyN#&Zz$W6Xaq+Gw4tk2ZC;&f8puKo|c*npB^)l!d zwH-L=2`%F^U60?F*-V;Fnj!skukl-tJ=S>%Kkle&OMYVfVaV_%1_nl_Jv}{r%=6ct zgdLl=sLL1g7Nay$qcva}lP2Z<1k9P5N~j09{F68F@te|K2KVRb@a975M9g+K+d$K) z2lCVI8M0t@W+h)x<(FJTylt&TNkxCZ;=%ST?RMRz$hU|H8^oh*L5SDxORv2S7MBbz zEOHU_iE-6Z=pA4fX@*t2Yi28~oxi8-{yQP9@^&449K&7NJ z$Jqs}cQ~gsX=Uz6P{G|oGZW#}oH*`6+u~PsEi@cs9v|@fRm{!a;?vS6x zwgBD0Vl|0@fi@p1#^AA?jdq4h9>3jbI>jF-&+%XiTCY;JSe@gwKh*wmJ7LaT@JZ3l zuka}-dO=A3!jf3uD_;*9KWFdGPA4g9QrB|#M~jIm!XzDMd4 z3hMLgR4)q%3G0KiVLaOY4#w+jfC6ezHY3IiRe1lL|Gq`mo+iI#-=vfJQ{{+*8;`d> zobHV7ko<&ws>At`~ORk^mcGCRq?-?=3TJD7YXhYzX!%R4p&3%6HpY z8wS?YVEEdMr)#so18ZwVvV-)?GtsY2Mgp|{j-dQ|GTlymZn+};qxNMEJ_nym=7^Cv zFzXKdUP6ab*K7aNfu>=hqd+8yk2 ztKzfAVrz(6Rh+OVPg;7q8qy0mf8>MMOn4qP-D?e_C8|id1o~q8)aIUsEfu`MpdLQ! zlf!=usLQHSv1gAT69cP-7(g^v@s6sCo&^4(O$_{|AR;(r{#R$Z+S=L*yn7uJ;FVom z1=TazYHTlFyckQE7)Y14UueELoRyB|-RB`97X&Cb5DWL#7(3W@yEzGmYb}Q+&YYdC zc2Bi^xwq&9$THNR@9*|-*&Uf>5giB-tw`>@!nu%w5QqGi^ZZ80gym6@dm<^Yil+wR zIb5#Myfzbe_Js2Q0@;GbZ7S720s|ahOH1d>1G`IaSRu4UPUv(H^)XnXbKkIQsc%-E z^7B>!U$iz8E{};ppDqr2yK$IQVn_5loKvj5gHN>LoT?Xn(xisumwex&bqGoB7oDsW z^#354W!xVek1XRb+N{$T+HD$bSsaCBJ-$2meFsZpqT4+e2$1oEc6tfYAx-y=T{*C0G>4I=}D3 z_=~P~^!L}NU}epsaoe4KJc;%^#S0JD92$?O%=$3hoIf}su3$IX(9sjG5*K5}-+6Rp zW93u0>}1Vu<1Bw;)qe?eL3ISG_vx{e;PRK-z77#^-`S`vXRjusXY1!82O{SxQ*xyL z#7@pIKDJ+YF*4ujdKSOQTO@bjq zg;V|fU`XL9?eZBCAOqri_ddnM#OT7q55;V$jsbkM2g-8pQ2C-y7>)4Gu!_QT(d;-i zsEuC@afLmPN^#9xi@D67@ zo51|^WHHQfqyf~UO`1{QvN}0E9S0Wjs}e_@2q!3Z2iTH24_cCRK0^yE*~8=&kV>bH zzlA}oz#52 zHpRVXw?3=QL(+9)l`Cu{_RFJ_tb)9CR-WjJ|A8SNU%QuII2WeLu4#399xv;GuK1@L zcBmASD)JHxinNF)rY=JHQ_mU}>>x&8AEb!UDwCXjNN&2VDSmGJYcgnc=6Z|U(BQSY z6PX{|_vszTnkP$}_MNvC$L`}4<9)xy7JHaFxdpUQ30Pi?<|rn4wewW=!?eeooJud+ z-L}X{yWZjS2@3+D{NER)KS)NuMm9UkE(cw~TCQ2i+VB1Pm3V}v=DEQ47AUQlYzpEO+Eim>WQl1quhcZkba*| zgf6b`K9#3kT*u%hUN}f4yDPjw{heK@dt@0(J6ql19V3WzWKR?&Nlk6B-Cm(4A|)2R z_Hhi8eVRC|g|g@I52laLa;vG0P2HM)=B&jWII=@qW2uR>6fyDG`*9)z@@EWAf}+51 z&0R`o+qNN#6nIkp{SGzeAo|0um?>*EF40(I$DU>ZiQNj)8}TaoVLlownc%kK>#44Z zs5}&yBy=1*D*J}82#gl*7JfbS+7H^1J38J=4vql{f9EP=^CM>yWdNKu6UT z$$uh>h)BkY-v%$s0PAVGR@*q(6T1{gGT|5AFnC?hK zNEk@))V>W-{Py*Tsj{-NYF7;)m*q1HMWt00v_;4*1DRUds$9f}yb@%~@~<>GCb`wa zQOGDkNT&-Ots)%}Hu!dg?hwde`f)`JMciC#RF)Nf}4JO@nY?)no1vR;KCpl6 z$MiOTqq%(#yYAZ(@m)qEg4{j9iKo0ZBVUG1>RC($<)qPU*B`Z7M!q5sl^c7y(yZhT zf7f8p9dYvx#Wss&yjLp=OGdVu5(fZ5Ir6f1JUrg{5wx}wv<<}Jcm1~`=oax9-0i;d zV#1}TfCeg5q?pt`djC@5ReorE+h2>v{L(lJ0o|wOkI2(W2SZ-AvxCaXMoFIpXS@33 z750Xo02EWG!;Jsi=w-!+R=xOYk1_%+JLmmY`|YU;6~_tpqINw_goa=c_ldZ^@XW|2 z$T&!?4Xz_AbT`v8sS3zci=5V!GadoeY?FooHH6%UzRJ9!_;9+E`hUD4HRsUnv;R09 z#62u!^Yku(Wy?-0(CJef(Ns#p7N?pq3GC!iS=OMPvHncbW8`YC^g4C8>SR|6of%P7 zI@>U2ZJ>usLW0H(FYY`d{;322?2=Ct?s{6&Q=(5O_hYQ)h%lIcwO$oXzy)p?+hTCAf^sXVIxE9S zzIG&Drn=fx^QbcXXsI;95a+ZgFfg*YJ$3sb@4cf!Q*Z3DmsDa0Bb4Pn4C=9MA@TN| zCrfTQ8aW@=)t*9OTlt?^Cg3mZ>r@iQwUvtlf< zr)kMZujC0?TOZ2sV8e|7N&Ok`C$%>vX#fQV&e=DZfwuv6H?9-|@qmm1DN6Wpsn{na z;>9-#qYQHs*Y6VjXegLZ`SKNq-z3Ob(^}bq1#CdMf$s<@wnX$&pSFauZIc3vY_3$< zR#zWeQnl81MJjwRFE1hY7^?q!!^!_DS9fmvjRj}e9rQu)ta;iH-O@QpO?bJ!E`RQv z03R@y@b0|IDKEzsSo_8+q^NT_xOz_)g1HtZZR=p3?`z%#9vnDXPn8dB*%ym(syZDr zOVR^3N(9mr^d>-NWIIO9V*~iDnimn@Xw>pK6_9q>^myUn;hB1Zt`xF8R4TxK_jG$N zCm54jz^VQn29^O&yiFM+n9WXqlg7V2a^VECnLf$h`r#{=)x3f*mm=#sAl1~~Iy1G& zs$X5c?kAOgfv@NBKeJfUuovt1c`6GFi|m?6Fpa{dbnvbuU%;+;p-)$4xJ^P!h;Q;$ za>Iz<#HyrTQTS-+?**BctWI)1m3692mX|H7yH zkACxR^yZ81dymlU?MD((=P}(`Jzf2|lVT^=-Hz&3R)TO)e~Y9ubaqD@T5su-Cp19} zEmwU*S!?Lm8#OF)5PV|f9F7i6(D+pg%tq@*uSG>gr(9>fIYW974f&i>M+o~aVk}tR z%V2WL7S71$)?=4Sv?2*;1iL_qgx++A!_0=Bqr zy==(w<|OW^z*{RYO!QvavK_|zPCrYPY&g;XEm~xp)k{BSsT$M{D=)A7V z=RmI^Jz+wP#|LI|9O>_xL4eT%0TM;TZm?niS^Vu?qyU552NO;Fhr0CpciO+=B+3Wv zM-#>zyr#N-_%LuV)#EM1l)4I1@}6B2Nhl#U{NhI&B&dbap8}8hY2%inEyc&Lf!|GN zv6073PJ6yPdDD8Wn5K6;H&SfFl3cBCw67Ej!rx;bf_%e4WL$QVSM;PvX{$bK=?iGQ zdgvcI)C5U1j_8*WOXj}LQ!JaLfnvjd0uTS@kL~n!rfsY*XvbrXZP6mnelRW^ltpHu z%ty~RV`~0c-IkpLj9zwIM~Xi%YyqA9ry^UmI67|^@OVmD%0I2Ab*o%Bt`-Uc0;aCc zw|AOTG%C0)M=j?AJ_YCRYz|v$xbB^TvJSRj+wtO;d9wLkUfv_osE)w#d?>K_y1;JI zB)?3#a(QEso4|lvWz_zaUMsZFmsdz=3VL-iHlr%i|3SBSRyZsrWaVqaU)(%Ayk$u- zbbuIbP1^yTW9?M+E(Jx#c!VIR31_PeATp<2q9D!M-j8#SoTV^JXHQY=VqMD{`dXE@Aphy5js6G zZ-yD#U7xa((R`@YT+$&EdQSELb#nT!>Ybd0;|e)N@@nt0br~6Hyn$m~jv(yn*_OZ7 z0}gx`Gqt+x1;vxSlOrNtNw9-b`%Te5(Q5y<{`^0GI|svTExogG?w%n1<#MbNhd^`Z zWB;xaHXF*%M>LyV1$w{K{cgRBVkVewX` zR*5Mh2wKDS#(@$r35!v_+j-81J0X<35;J&4jwbVYh;j)@NmzE_)J;FIZQ|Ai>Nse? zywv?Fd_sk%`PJ&J$=!e&jsmdC3Ea}8=)8-T;HokydaHO55fLp~0q0pt2;~y?)n&~h zjg^js%>aN=rrj}qBHm{ya; zU$ zV;+nwXO11_tSSh5X_JFUF4IPqVJoNY^QO+84V(>cOpq!;8x&u#~fi8=H+ zMhitxF>PlEI~;o*BWaQh9Qsyns^zMb8r8ZR)_IfW_bZL&Thbo!8KkBavo5{XDt3A+ z+ZwY!a=Xpv^=HAOreL{5IK$^h>`xjaS4=H(I2t*)wTYflVtn$Jqqd(ilt%yS%BpE>~Qt)(YhSZtx}JgppH#vOyq6V(!4r{+ zS?9Ie0&cg-HY#>UG$13u_o=I+rlElZ61G#GG!Az4Z90PnwpVB3;2W>}^sXjm);532 z`+USfc*jUHgm9$T@cLT$xckco^c?!NuSRE7Qj7P#Hil!HSxVwrw@Wk_oVs2Hc;Q_9 zCi=AvZ^?|cqMM5-fJVl;jQwUS*V9i-!5R_JOR24G7<$sh#^XK#(MjY$S8mb{ma6f_ zdMEpAolB+}3f_A4t4iJZsq;)8dGW}tcqa=<@`SQ`CCmI|Dj%+4-k^K;?|&1M!dK1J zP8;u=j!?IX+3%FJcuvb4@Yl!mm%W>8NlmnGNSnNC(=)JXG!^=uu9V}jt_He)0qH^X zasTl!N~3n5VH6m|YaT0(+usH1GJt7)z`j2t$)mGq>WZ{pv_~d54ZgDPs%AC6`uT5% zCg5uyEgnqS5Wx8b4sE)?1z%GCsnYp$cgoyw>U?@el*?|q)h<4r!coSV7I=4Kk;EX6 zZkHFqNw)F)vFnU`MyTKx-{_+Y)a)e!1R-^iN*EYi*n`Ki%3SKww10f#uWmLQ-H|hI zaJ01@9FC?O)`Wz+8Hg)0xND4mU>`dVddVhHxzymGX3ag1^$8j;N$yosrslLV`>?7! z%!|3X{wO*>o@-F1Oro-upJO>PF>z#JBuc@`a=mP7ph2T6Dg!M~5FDNReRRL93+?p5 zvAz+F+M1zHluLAd5KL2pln))zcfas%bHF3{&$olP-NbM0Sofz)=99dr!jqa6HHcc0 zx}y>I-_I})XNpsP`%6`PRY;MA3X-xgPp_)%&`5hDD>Ku4w{tRsx`K|MbY;`!i(5{- zm#vErb;YM&eN!6)n|I}W)Jyq}#*8B)B1kC~I#`mw=$PU+&KD;6oUN5R->yJ;PPN`7 zFQ-N&+E0~-3?NRQG%U4bpI)rl^V={dQF0i7yYY=bNm=a}2)lNh9(}^cPI(dXWZ=y> zTjh(l4!5Q!?X?LB35)6Rt#3Ge5cBYoUi}iuef{bLzDs}Cb7v>EEqGgX4ZUJHJf@f~ zb03$`x+cahQys#Nhpc==SqhbWsGiVIM934wj_nbqY?2WS-Xy0`;jZ2&GHCsDTbeIt zST4kN*5atQG)`V#-X+JoM{om@)7hE598GCHG;{^ZV};E)-k^7DBC zN*>kKbcMtf5trmp9CnlSYEp3_yA2xfTzrvDV?^UrY_Jl$t!k!9$4(WGqrgkc<&D!M z>b}i{TRs0pLGy^I|3(BE`FzhdV>-JjgfNbG^HXU&1*yberEpBSezSKpi-2{^fq575 z_ARV-Jig}PjD@34w2BU#+q1~n6E2tFsuszcdiL84wXv`;lDh)I*{x`*w-EpvG&S2a-_)s-(@S zU|tbhC#Ij620>R0CnhPgoL%nj?+Arf4&Q}OCw|@_NAP8`x65BnSk%L!U(5ULLdC#@ z-IpKe8%5&m&{qvA>8B<6QM!za$O=W9)P0p1n0* z)`R+BlEC|xMx)ziX`gF$G{OtXIdTRMk6%S6sbx1}*7;*l(#{v#+|t@PzMs|(jb=Sr zN+!!5qYE6OZ?Es3&FAoyK9zmb7^4^Jy*M_gPRGmJW)HQXs2<7$mo?GqLA&%ZP8Fk+QL~HSw6;=)C>R>n!XvmG(H}GgF#w-+eIe1 zX1TS>dEumKs!}%lyu)m!pTdy>W@(H?ywf=Pp>2+X%YXBT<^t=xGcJE-JF``< zvNCzA=A*UQOlx!K(~0C>T{?aKyM@{NfA!H;#ITfep*^c*bLtykMHMbt=u_ z8`sn_a#)YKcXIP?5wZrDZW5ys2f6D`37+V9;88htKUv;Ca?gIwD{N!sxt^8b1Om5Z ztd{2H{ZIRZhAiu*4MkPJ17s=FT0WGA8`m+c_`g_L=aJG`X?uZ^&+v$KgO>VGF=UB; z{-uz-CD5+#xw)jxqQ^F7Y<{vc4GrtGl zgHzJG8mU?RoXf!~HIKQU9;Eq-i8St*)O3aP_(!62D_r<%%eXx2jjw*PKEiAMHm}Ep zfZo!2I3XTRQl~!SUzb(uRnuerSVx2D{>krs>Byms23rr`zpcRZ{&?P&@uc+jo&Z(uAnzUmkC_-OgHnmFR3LMEQBAYhQlN&X-8&++QSl zGvT4@(Y-cTH>yeTt1G!17>FZq{?+@SlXAN)@2ulXg~wS1@8QKZ^=-I3H_p+y$KjzX zKTlD{uYF&aY-8&GswJ9-)&GKZJ=+&`EzPjVD2qjPs$!B0s3kP~S)BcTV}n;!QB!`8 zjuwpaR9fYc^6~M>F`QbiF?zY~-wr&2LzW_+w%VKBt9r)sy@BNl?3RP15ey^gF>!Ek z1OSqyrdKH3{QU5vjPsntrH{3Cr zBEpd}J#RmqV$sEg7K(`VkazXGthRHZWEcty2NiiV(gLj8$afyBXuKu3F?Y9+7%#BY zq~kUrB@cUIbi-7o-?ebH>A5#1H$ih0^Td9@%$4#;*Dzws{g<{g?D;*~{QeCCF3elJ z2+O0!!u-TyB_!_$qf~sCIwXRsxZg}8(6v&gp;4r>qbRTP!9YC)rC?5GavB4tdWwnk z(=cqrT%`=_4{d|hvH+@}^2_-ZH7%_r&9=Oqv@UdZF`>;RaZ8?!XBXGSqRpA*%(o++ zFqlpiG{ENq6;Fj4^QjUSKvykNAsJO-vi4nc7GJI?IOL=``nX3%aR$>K%}N=am+jm;>jhalS%sMtZJ3&-h$XpTG_n=Cz+jbi}v43SLLRSp5%jz40 zc~x==@X04eqt$@%h5uBUk;Gw^ioc9j!J#v5)<>9ZVBc(i(lV-#rW(O!@T^x7Y(Xa zn(y8Pa{6H1r2${+DxTlRoA-C(tKXT;s(j$6LYAmgg6C-stt`o7*mDeTD z7g$)jwvV@xvtk8od4DqyO)7Y9nD!FhiYJ`sTl+F=G4#taNPFw0ZS6%-FS;dJmrZ}C zWay8k{~so|tNvnw6V-Q85an|&Roqkg!)I9c9nUfB$d~iSYv!JmKQXEp(e2eqc)_A2 z$d}%&vMM(IdFxK49^bti*rl6glV$e}0dBO06)fGNoVfCuL{$m7*Mi`nng;yRF*BCW z7DZF8_d>`D!LH!7_5*d3%6V9c_2I*hRfQSJJ|4lvm6ZZDJB|1{8&*Eyk&!z{Z=`nXEzoq==)H_eQ#Qa;`HZpNhZAurbZuSeO~i4F1hFmH$Y$q4yI9 z19mMasrmcW3w>~_POQF4gq2nUbG^Ppi|Dg8mT36YbXK34cZC=!^MyJYS#L*$jzZ@L zwlAV@i)T)@+jJ;wb}N6BNB5o%9K**}TCS$=$q6oj%OI%Q!8{9OwLZNUu}5a5i!4){ zUsS03Qse4;*z1Zh?%u3O9Z_F2i@3WX`4=Aj*JB7>k{I7`%9<;LtbmW>*!S?v`1AXS za(X%KeE(PUe`20#6$9Ys=pcHbmi*LZ^Kzbhx zNOM3u_Rbf>5=Bu+9+_Xgo}+rM&bkxGg1RkDdBZ-k_O7lWuyK@8pxthHd{X};;3?(jm}z;3Jo8o)&jdS2ORqlLIS;y zXVfmvzVpd<)A+5N@3Bswz)^3TaHq;#fA#eb%wGP?uX+1fXXJZy-O0M=#Bm|*T8{hc z+xL+Xeaq%`O+LA!Gw1yAtF`PJT|*K<-kkCg{P{cq(5)78aVY~OZ*gn~HmdK)zAZBk*8gpcP3c$Px1Dr_ ztn_^WBxd?KiPP?q z?@(wJbpa*XBYEc1E((!1d)LaW&Sz)9dfI1n@sBa1e_)02j^dm^rZib?+$GF~)-#(q zaX)BGXmb6i=2&#JqOMYa{OY#2PWGP7yCpg`l0ZiURFksyL*eG0xx#LvBlm?0ZL3*l zHy|}-a-u@Vm(P|{UR5q8vA~R$CTu&kMYJI5G;Fj*Z8y(Oe_O!}(@{ik+h{!tdj-2r zas4>j=J@|J>2nS9(+$<=Jj554%UGF_(wwI&ky#eJEPnvbf3)y^#zL?^f?ru^x0!UJ z)FQ$-@#s!(%o9nl?aj&BqhB1ig+p|w9&0gb+#guJ^?=pgB{xED9@uscm*Z`jhko=_ z#`0~0?Mih$uxH!sTwJ4It=R1OU`fG|)VHIp-$xRYAS|fnLL>QsV8CV4CIjmhpIAns zOB}T3P`$4;J$?8Fm3=b_D=X{gNq5J32^*U{eXrdX9^}%}(%P7Dm`w?Lq~O!T^BCC( z)x*S3D^gYsPZlmn?5CYanGPr1kz~#n41pB3MsZwZ)oaEY}Hn0Rwz{=8abJ#5QT|c@ysIil4aCEv}ao7M(%Ag z3Y;&mF~x6Q4Y>?t(-#ge&GeXj%>y3L;L4u`h@9@7wZoBb_sBNI$|XL~rbJ(EQC;L%Uca2a&7bcAogbHlq&WYu|V%sQg4_h1#~~;w)-?{*muMYFm<-zvEPdqe%Q| zWN+16oTe+o2OF!#duOqLCFP*TM-2id)P}&5tS*0#^w=!t8cgjVlLh0uzMfRx#h=zjOpI6+rvP8m;sg9vb- zGkM}VmK~6{cXSLK*B%SMNt|%mnE~rxVCDl4#tV+Th7hJrWO#UZ6RfgpwO1hF4%5p- zGXN5l?Y_8qipj+7L&`qtZ)P_&H#3Kp7wrjgl0adYjd<^KP z&AYP6mB_mlxf6MGM!TE*bm(9rw+##duQCX4M`JY(t$UinW za%}f6u=BL|{j!sjHN3BBm}^oabWKH2fmt`T$CYc}Wg^9IRsn6_$$~zn^gx zt}?pNJW+)zF}|f_J=isKJUH*#UY#ZqQ4r9bkIb-rDtfIGxvB~`PtMw(F(SEH%V&Nm z?0lK%t1R!L?#~gI-2*9?v#mj8C3)}Kcyk*=2j}r-X@r&ggd9p7938*ikM8`}kNa=< zUVbw-L0B(11MbbD054lp7Fmf58hp#zjrCW*NeQeM$E9ZUOiddy-Da+_UzEyVeHH1w z+d@%!iAGUR65M|#Q?*&9GbPZ{(ju_-BVr+H5|grU2Q&acJpH&@4mv{ZIu$OXHYxy0 zMPs7`wL?37s8u}hS6^BC+XOo9OdzTA>(Cyf%%Z6AK7dnGkvQ@~yD!>ajTr-@*r@_I zQh+qkiR!!}O@0kBs(D{MTy5}hU0+n6F2@Ui14CNbd&T~%Y|qrxP*&r6oLy}D7PJIY zRE1uds;jPWp#BZw!nr>mFgx+57cd9C02+^<;6-YxF=BqtlB`+edeHs!w{KY>8VjNB z1_73q@wb_b=kcM7wpSbq&Cm9o{Wo+H;pZ5W?VE#+8KK^IG4ZvNwGWzlqwD%OnXwzY zJ3?Ecb}^%M-G24*ZB{+fY5NU9i-}%-+9!HdbN9UTlQc3c`eHaZU;FThX;`?&N@UeD zrz-KhPJv1Wm6hok=VX_`CvivTb;ET9`{0cXlb481>vt`$6{fS(()4vGcJKf7Wd6F7 z{|giN-MTr}cPv+jQlMUEpuXSdi+mNhK3Q93C(s?n|JTD8R-+RYg_tEeM=kDYCCes#%jjA~VpE5WU5Ss66 zAy*Gr0JTvfC}Kx(XizX-wH#;V1fqMDy#~!6NhTcog!TTR4kTQTY_{Au@VlyX{ckak zXz4_f6==Pc3Se&!O=%L2;%C2rODz&lfq<#7mKK3`=vs0*o>u~Z*l(-wQW`DapkEW2 zXv0lHMcKmD&258)<9%oP)D`c5_wpK}F1?8Q^{6pgyP5qywu41lufCyikmXy4_*SX% z>g`i1pq$q?_GS~)gSk!&gBD(tZCwI3wgnU8?B`=*I+c|gm|9vv+g4STNQ_It(S)OF z+M5Zr?HzkhB+Lw*tb95Hvod=2H?{n~p6;IqV3iybQtg)98O_yw0(*u~wU`&|Gd&m3 z{Hwh8Q{!0AiL0weEe_InA1F=xpf*FDr|>pkeg}bH1c=pcX+FP8(7I)`so8NSltx%v zn#%sYG0c5`c};NkG!&7qhtw>{YXtiE`f7R@0sw$%b^EI0w+q!of*X&)oCgiHDibF+ zOR)a{7XSX%?91B$$xH;7&n`aP@@%}%XIVQ4Z;jrdkE@N^Rd=ex>uB7}J}e$gbMZ*k z?iOaf(zgKm2bT*xvj(Ve)1O~z;Z_|dO%6dxMY9&9hjavAzBHAunp~*{=V9KS2QuDgM_2;K-K2t3 z8pYJQz9TpuYgxYL2A3ioJkx3DTaviQ*dSZP5Yg<9#zudRPUYPP;G*jXZ-#6K+0JB0 zZ`Y_ZNL$a&KqstuQy{j&b}MQgo8!Kg?L1f$xlQu_d1A-F7I>hjQY)V<>|!NdDU(y? zs2>}rzHj(Xg3=pIpsDpg%1Bt~+?||7tMg9T1zbUt_Y(Apo?8_+r;AR%z2*#0RCzGj z!#kT>T`km>eMOR`2GL|k>w9z*>321nXB1Hl3p*nYMWb24oW_iDEf z_wH2tlW$`r${HFOVIpTTmuI7OPJsEg0OM!nYFcoqL4$v@z+)Ktd_@#lk3}R`?jxY8 z3uN1?`f+j6CW?U9UDybNnsD=t64Dt zc!f6f1`)N^-$oN!oX?QM4th>fSq_d~c#OBB3i(YMG@i*#SQI-@%;Zk&$#yV)VJ;rG z3!GYb5EukW5!>CNA<2K7;%h5?AMViB`iS$u2)bA&DBng^Q3tI<-kd(}cRVv`oqBJ! z$=kMOxOjvJ^R-Km7nr{hAyx5Kd+VJKHNKEtyo@;d(&w7z@I1<58AXJw)Y%#d2&>K< zvFe(N^Hr%u!9Q3HK5ARn5EXt|QNcgEp)e8wm;j2lcwzXs@lx|{kmY(hm&Lj<*IM1S z&#$C$bGY5 z`(~M!AB7jx3`PGOF!~v=p%qKy!Y6Y9iDl|2Em=>JMG#e?b?s)$FPA8&-unzn1tmO` zqkKI($Al}bZmSac%xP7zt+FTZXzKtJn^2h548=AQ1D7fVpR4+@zJ1Px%Nua8vN*v` z0`<2XuIxHxa^QeDY%E+p?d4-|u}32s2;zBcJ_kMqmW!8Qx0p-Ua*}9YvwJd-m*WJS zv%&U}-d16~0~+>`1yc3S(e(imL}( zr*Z)&l$p!E+c$NL991aO)3A;8@Y%40AALy%!$no^me-dnQ?u;v>Z!ep{H(0-izG|h zvb>8cN9cIr&m$<<(DuvcvOxuild#Cr&=H1}(FAwr|52h;`a9%g9>v8S==9 z31!=okT49f8qV(+$kf3rzqI0Lin>As$%rClF?&+&fL=fS1F&WNTO z6upa#P}r>{ioF(OpsH0Pd*_}{E#^htG(#iVZQM=%=h2)xc^OHGzm7%YeyZj4_`b+} zLbN{uog`Q=t39w20DAv%eHgwQTS3ymI8RWbmiW8Ez#D=gu?R=hH zU^`ro;r-0bK$MVXSi^IpwuG6+w_J)~mXibVHEVzCp}x0wz)Y-&WWgJh;+2SWR_u_c zQ}^U3Gc#A&$0uL*GrpR(@(=Wd>~qsFr3tfccxj*hEcdqAZ0IcoPh7v}lwR6uzeKnA zO}is+jXac~)AD2Es@!R0`*!+Mrx;7|iUIhe8LnDjvYao|^+lf#b7Wn-`?f;*OY)z} zWTjs{mf3dB*&9k>y^gg@ABg+QUcddMTQX*#Ac*mjYd$?D6+ZUOaIPY|MeFL{da+Om zg>#Yv6(*M6Zs-l~T5CM?EIoEJGWLnF>8E!Ym>T*H9ZVWAK^cjIT2_8wUQh&$@&(eL zb7miy5=6*f%smUaL?74P7xk$=&8<1rE$@nok7uJ)wQIb|V!km}v=<-01)JJv3AC-= z{XhezRADeVEz^A36;VOgse_@!1Av%PFtncAnql^BtQdv~tUvTV-)*}&49zxbBHNfw z-AruToC2#3sH=j@5?wucJ)fL_WFaXu>C=80#g{FxO7}^@3-U@JYaxNP8Udodd0+)4 z+|r1v%on`!!KsOmx0$onMlCgjx{by&m&R=l11F$?M^dZ$zsPP~AFG<0G-ep@(f@7TM3unfSvzKt zk(iKetrYcXrOo?jT-tG^weH?B;0V-|m5W;hCQ(K}#JvC1RBmb+m&Pqc-)%mye2D`e z)PD1oY7=f-6F++6$BVfu zG}yfu_UR&rl}RN<<&Vk!JAMqU2lj;s;nvD11%8#@uTV3uqZRcK!uW&TX!lB}Yz3!C zx+YWLO`qUr^LX6!_doMP zFwFm9@^a$*qQEk)01mG^*rt zd%a}N0WkU~Z2j232I&U&U>MI697*(m8HdHY4LJ#|;#jl85mZ9CYf}C;;Htjd>*CT| zfwB!FfV{LZUL-9+cssMyx&6IP1aKnE)_OmG+xb1l`GGhUAbW;!D0GR_3&n9k&JPG; zN*nnzM-u4HPFdbx9GygbbMMAZ5TP9V*g$Lf3RXaZT?0d=;h=QNQPwjuf4eH3LZRV| zGrt+LC%)29mJX`)qK;;{;WHjqwHa%qz_iFMd<%=fd^mE5%0wM%AJB<>xiB(g>Fd}ov8}YX=~B_?SKG;T#MXvB zZ~PD%7v!A;*-%L@C^)aW6!#&`Cw|^QP;4{)U$njdDI@ckju3Yl%Bb$OD7^XB>pk&D zFW|bA!GA&T%7A*%Uvj}%!JG9Hc*&Kn>`D4Qr*CUOy8*+Gx-xhpp_W!9m_QF}w!OKs z>~+*ZGzxx|%q651sa}HiCE;RXT&yYd(wp=1^S=s<{>7Q{KPB)YN+3JPW&f>$pn zUd3ww>GiTF<_W`^T_A{Gwrv?C#anG1v`2+w9*y05Y#=7#I18=XECv6RSruNwdWD-y zysD{KNc%!uE~pr0sBw-^`4{j84*1ldaUNa^X<>D_Bd8L~H*|p=QiT{dKUo*0V3Qgt zl?D{wItjXuO3rPqrr%pR_$+*Xzw9YWUIkG;3G|PK1M{|pNxKK7!&er$|K{hvI)mvP zNqNx0;Jb+kPS{_UTrQFMhH-#>r;T)qCyr&6pwNkyJ-{{4HYB!EsO4h2e-0WK9B>c}bj1D7uJREfH5 zXx4z|n{+-|AAj#>8O8r&?W@D0-nPGWq!C0?>23w38$m_7L68QK2I+hL}cXA_4H9B_P}N{bLWQ{-rkwyqNh?r z>B@I;(DdnyTj)CZJ}5mVF_NS2q1aDsh;pInz$-i}mk+*q8A9;Y2m1!qeGA`zQ8Gsc zE0RW;`D-JXF-lBtUq)@%uCf(>C*}}*FW2ifl0DjA(+CI%h>p8@&CYj`0ek~yiz$Pu`|X`mV^n+K zcsT;wBIn3h&UW)yj$#&9VURZ)ZS%qC4f(!+k1HQp3nX|s-tAhv;;hTr?D7XjtqzQ! zDry6D_w&kY)Kolcg`O}U$_0?L`ry4U&Siv}j?RbosZlTr17B?5TfuP0VC=%C<%ui3 z18GlijB4(Tqv$VMIW%}`vto`+wz6ekxwp7a6;`O_$kv3MF3S2Yba)nZAxg%pHho~N z{-ND72F}m&umX!e(e1}K`aR)BZbW7|nDdTMDDf^YB09Bjt5AOZY+wfj79i{Q#%2ke z%v}MP^_B@87@{};g5LZr`3y%)kHX!SHKG=`ofMLfAQL^X&=CTf4GQyeD(lPfY|ntR z;IBR=;C%4;;VH;)w%LM$BL77*FF@BM;pcBY-8S2(=F@3Gs-U7)oG#E5m~vQ-a|AK- zW2R#LRbmKxg*N$|I_)%=?DT@M&6K9c#AIs&GCvHgQM%?*5~*ku|Ku1{IKMk@-u zNU#Pjb{xZHtDYIk&1D=2-~lrrBz+C{tgcKE(RBnhh&H9Of03AkgD+eL|9 zd3nwY_@$>QnCr}H`&uLB$-*3!~a71!ac*6sW(et&$5 zhmnphs7|o5?$P$cUAfvG_zYafaX|-%D`bUvubp71(hsal5kqR38l>+d6&gPMnqt z5B%`i#A?=xeQnY&7N5OKcMtt}~r~veBzAy_cAF z;Uek{HhX^{0oJ+~ojTkU_;)wr(tP`9L75mrsbvqfS96eA?aJPb8%C~US3iq{5=oFN zCb}cC%BBIP$Igb zE^@DQNXnOQWp!1ztqt^&mKqEsj}>VLU>z5_39J>#sHrhJ71h_x+6M6L^+(>)Ed{B9 zj#VB9FafiF(f~m4r>J=M4I=Y^GetqRp51S&- z+P#HM$PKw$`qXg*>qkSo*NUv1fSq59ATF{QbxYax;Rv{wt_F%qLa|t2`Y4beB1wii zxaVob>L91UF+=k9W!Wyu^VOjz!G_FO4SfY`TW#~SW^4)UKO(bm|8&-91AVJX-R|i_~F~t z0HZ$ShCqR_vzmnTF4agFjP}Lq^oPKi1U7<6_&NdcrJq3m4EN2^RjmtcO~JHlFCCT_ z7CrA0aS7vmxvSEy3c z*I57v@mY@^}xKYUb+EAJB3KlN=F`K@g}cz6&Vr2k9IvWM|i(8q(=$qppF=N z_IG>uDj?vSaUlE+npIwDOZ+U;nil0fA1>jTnaH>(RyinSx(>Y=Tiwf@?}{Ly)Jo#B zDE;PvIaUg)s6_2eJDG!2sv#&r%p;yKt%!p_-7~~sVW_SfOpoYR-RK^6sJZzH1st{@ zA{-}&?S+7J@a&EVfn&6He}D)3J2eXHbH>XnF=?nYyFhImmpM*Rd%X^lQ1hp;LO*b! zr=uU{nzzzZ|3}pdf8p7r+i=Nrl>^<-W%WD_7esUDRijLnJE)7x=!-$Mp`_Bo<94^Q)`F}iyd3;P6dB1LXL5|#`*A)Zm;jM~id z{klWaz$gd+3H-6#PIpJ&j*S5T%iN6J9vml^KL_v^aBy+CM~eQqt;AhvC%zA%H@~pl zZ4sEjEw69yJTLJrlWa(YG{ttSxFfRc9zs?gMW@W1SGGT6z;4%LX!pKZ_#bR&3HdI$ zb|209HX`pT3r|CY2bV+qu87EYO7IDT@?zz^tL77+&HzBXarUjE>*uqcS9T_?`nbxu z0E|r76@v;oTza;b8DI($h;dhKuW$+=!vw)=0BIYMjog^OHDod z{=(x%kL8e*@9+|on4%EOq36lpP4>Mh=ipGKOH|Pere7MpZ+Y?ZZtS_b3#c8gw%L_* zNbfz4f&UB#xak2Da2a;uAQfy=iGoJ?@sbu6*1qhpt)5olhK7%G+cARh$EGx-2?Dfkq~c9lN^3bYwc&l#wH#hI zSt|@tv>vE`_8`hAER<>Brjo9?%pw}kzN766t_B8c_+u97=QnOkHm(a5?&Y?*j`*N` z{}?nMmvbpnmoS6b?acY~gNT5fq@Mp6JmDtkqpV<2*xe#Ct5iln-l z0XEXb_L&fT$!Aq}tCZ2?o#%j|DQ`APJ7N8Gkbxr*YI!o;Y%Q8`Y>9qsB`wW~La)2* z1UI#eKh?VA-;7pBgr06;BSp_b;VPD7;0Z!!uPo39hCMmj&eGga^TXH3EONqLX+Pbv zY1W44UjG1*HMn#rt zO;csXUF)x*ln!wV%&4nZO!T=$uGZw`r}NLLB}j^o?8FZ)S=48Xw-bNW7jOjvHw@aEg(7C>=B~wnBnBNVZ9fPlrj=wT zU81-*Dp8YRMgXWKs}w{ZYgjI`RK9WYcI=mPAsvD@arHpsC~QLTRUS6(O?G@cd~djh zGI4-nYdC{4^Fhlql!GY>I8|@PlR3hM{Hh!^hS7UC=p3B4;U)B>74AG<+>sM@39}`_ z9gdW(!Y?v?A?ACDzI~fPpf6)B(QRApksTho$XkqHBcs>Z*?tB#Dk)nsApR860+#JayveZe!Jfm*3mmCZDro_G}>>u^u zkMCY5$MCz$n~>Gl$JfIvlJys^CRVPp42Nu z+zJ5xGF=M-rM!wcN`|d3aa8M_tN71PtY9dr|7jUxEkG~zmV>&(v$m!5{f1!w!*QS|;g}(nW z^As_MRzS-GyPHtL0*WT=^X@P*DTTe46xY9BLH~*Fs1^rL#abe=HZ4lF-BSf&#K*=P z=J#yg?7u9tw(&e;$rCbnF{-yYw8S$E#vZzW2IOvKDla-=LZ|J@7=@m6K3pn_ZKlGhXCw69AFm^Y36IGhB zTQ_=BTqcUm>ky!onc?@MzR+|QT$q)20~HR^+1c?HeL`<_8LN1w-)3TUAw^7KkO3nH zXNoX)mg5fU#ciTC1lj{h9-b!?^$y04Q>A^@*K>@!V$uzT$R!kc-W1U64!I~_89DGg zT~QCFa3eJ!rfyHFqKGJ94@@dlPI7gX%fG)7OA@1-Y^q+Je(k#^{JSTBZQ>icP(=Al z^-QmM|ENN(F=%hxcq@E`FEu$iSt_pAu6~>7bUWePWIqx}yDd|sH=vdv1QJVtC76r? zGZm1FuJ2+X3e|VPF>(u&>I@>9a5gS$zFqM?21N_WP0tvH=?VAf2si0;n$gyj3DWx? zR)FM@|H?bMMb(O;TexO{2JIex^4H3A<8PkaiAUJ$Q6`OKIPPlJQi`{o=GPR6=@;kF z7>1DYGBdrJwV-^U z!fXd4Bp)WiaPUar!m^hz{uAUz9_zo%9Z;| zH6{wsR0?%>>5x}SH?UWaP>)uDW(W;?r1!@3cp`dcZ9_da1r}t-Q*6Io!!u{xqxgGj z{GVbJTtc}^akYt5-tO{)*$le$LhZa_8g=rGxTm}MRC8maxV%OaqO{y7A zDNr|V7rR(U07&@xE-)Q5udF>_c9*e#FDw(8BZC}pmb>5+)G><-A=-(3%Of8~L{=56 zvO3|=@75!8`fwy<8shkQvz{Acby{eqbuzrB4o#vfB-MynI<@8H`DE)^Y`y5vdNfLc z@S)NZH7wyty6l?EqAb0fD!2-hUuW4*D3)gHqnYN2~xxx(tj-DLbK;rKIqvv4z~ zQi&4Wr5t8~+->Qe(F&2pHV@idl7EhMBUx)ged-?hwmsVR)8hRU{^{H90n@8#%{D@- zXFX7Lu1tX2bGq1o%c`iP6ivXZ)Iz)$?S6K8+%-)%#cvXmoJ`)g94zr1s9(L22kI~m zPyr!F$4l8S#pW=qrX?@)1&|)=D0e^B!nq41ZYn8{Nb(1~w^XsL`_EEsVuCP?a@omH zFRI&tp~A3C zz1?`Avsc{RN>{&5vm5s!+~A|e$?cfG+{ZY06Ha$O^aGtcri^M}07SO%97>Nd5Z~Km zXqq>&25($Z$}XnQebDmcs2rZyOn<9LQ}vyo&qG&_!;$%t8P~P!HRa=XxF%;tSPQ1= zSS|hWJx@GvQMOLF?Su^FD?L>FiC+9*{l2a7`)YrBs%{V*c0FsK?~!iwXiK(+MGC)j z6RqO}3s=4M^}g(w1G;44btt}Sv+WsEnp8V7bOA0VZC3t)RroWT?Mnn~4suy99pQC! z4@^GXajJOOR$h0V)TlnX@tJ|J7x`}3*4y0hl~GZ@FuBw_SFs9bQE}TN~zn^XSiUj4kc zej?y{en8(KHwJdgj1J=#8N4f&C9|*@}_I-d~)L&)##k+Ul_KTa-b z<|I+(RIKEkIX;`!4%?~FE!7&SIW`go88(rD6{?pC`Ep96j3tHXXFYgsR<0iE>beR+ zYdVL%&uK&XB+ky9==<#gdaMldBOmrdno!o=Pz_;R{yU2Q%ijdkQBtY3$O5wnyJ0rw zx75&L0MU9mWbRAAiwRI z7C!v&);|g4)ZIiP>U%14gO zoKnbPJcq#JO=ljZrG(bC6)bkGKY4=^Lx?ChCvV5v&+-pX3DmOC1->L0|E!YM&5Ik! z_J@!4hhGS)Hq9#hk{KqyNN`6>7!fzmpx2`(!#zJrDNQ8_vxQ9saH zl>E<-@A~vqo7FX!n8{g;uNxUK&!Lp@A39$xiMOS0o(T0ac!;K*l`htq6_fJ$I0Q$7 zZ|WICq`77s26qrAgzX0(@3+kJ{ai?i;G)g2=hr245|p>f#U20H-u8hUs)gs*RrrO2 zA0fjGw}wnggH+x~HJabc`$CW2iuH&SbE_Z>m*G*ry#b$I>Q9 z$h0Vs*UBv%>dy9L{5si9R)#I$V0%YsukC38Yi91Lyd*>u~7t z$xC(x+LMoqTlb7`(5p%}9qFiLlIokDF`C$mCM_1ke4H?UGJUQyylOZ^@`nTdjqjhT zM2f$8cK;T?8);ccy4@crd;uy2rUWDnWnM=DhXzTvhDLLZn>kUIN54y-=Rji2W4^qKb7$NJ#d|cXzW37uaxF4kZ!HME9;}#ANiSZc zN4cWtkpv?l@Ld$sJ3QRzqZQ^H?%af4rgq+*>|1Tp8g zd;)kUI^U@EOVf8^2z))V^23KYF&QHUJxBOnuhBYMuHsGWRwT2sfk&6%5F!J#CHlb9NxKP5MqS}3Kk6bke99E zsGUczn8ZUJ;`;T4usqIuAP!a8SIn5s8(kKe@ToP+MHPL#vGX+2J|A7*y2mfCQ7Tkc z<_Zd=IGflk$&EbdPCC)e6$}QjI`N;X3JoP;{&RM-mWC=g<92OS*!gS!S&yQ_^w4v= zAT|&pzCjuT0<2r8cdzcuQrc@IoXu9H(&L_QbO-kSOCyj$(A&BkD~xLr=^?7^lYjmo z`ym}wXx^-R_<|(E0P`aABMC ztq8gYHb;#FjD&Mlp;CoJo*9ZV5{LEpu%wa)GI{$zKUA)u77l`J;^`B$@lqM5+*fw( z%JakH(8sO?A2!}<4$LjnI=Lf1ER2z~WH!|$E|;!p-HSSm)V!;2>h>x*-OON)qEmfe zm65mUhF;SiUcMSxSWl>1yY^BVn&$&8Ny(ILnt!}CBx@|F0vuy|-;;kOI>9>I|xSc-*~ zbxC96TfDOLNLTm0J(Res55Z3^&#~Ev!tjw#|H$&=dgnft6{qB}z>Q`FB{*u7U z!jhXU_fnDyfut)j_K>=o62u3_Y$)45XIW$#?|4Q$R?U8qtf|Kw5t+7dI|^n0T~nzE zioJ!AsTEGM@e^A7d{Y#?2U>hmr?UTn`H7;z@T0Wck6aj8^mU1+t70Gi-Y)rzI(#4v z9OJ=l7i}e=a3tYO^q_t?537r1M<*5Y*&dVKllzQXt5@aB&%@AgsF_zz6i8$|UCJaS zP0ie72J`RLjFoW&UXd9&_Vh&Hzuc3zi19Ri>3KbyXvVCY&;`nPXm?muyzQ}d7-i z`7J}(YJrSP`^YOzfe*g4!&=Sg^)_bm5k<_;59-=(6s=2edN$Zs3bpF$CZVxolb`9Y zir|bhr(}tp(7oC4!2Eg1|88sT22h2`3vJ6+^h%LKeu$WVrpG~o`%qZ+c}^<}?3m|aO>ILe$sVJQ!F&-FAU!m^DGwHf=-SLj9xLOTZ`1Mg z4Sx_&s$U}y3Bb686SvZ~`egg8XYO(nk+i|PIp2h6jIyLFe$-k?lifpR>u9zHMm-6C zpzLp)oGC^g__C3E79>MoY;a@fmH6w%hIjs}zi{?T?S4ONkbZE9*zp19v?BpSB0y6x7}1n1Q7Pm}KKG{dO}iMc<{gx`G4Ajs zgfUSVG*6nm+3&hsJS^Ud88Owcv!9ss63BSyKNaO@t9plk2pgFV%~%L8mcYi|*7|S# zuJ24^NQvP$c7@BK=I~^)ultegAETsdDfff}+c-W73Q*;O2}^MmCr^XUSL5C4mC`H9 zg(vJ7WOF?uHd(}MR}p2gj4;s5rJxlT5#vqD`_cu2r})d)_|UTl8Ibu+L9^{IHonT!imz1b2H_M7H|d8A$vM* zPRQq@3Or{V0taj>f8iRS6P_?D`iU zDQ7Uj!bFIn6OUo|+6#w@w`qODs0iIPL5j5S#S_`h{J-bEe_>ld{tru#fd^yTI7cTJ z`;Jq;r%!)58E8Jhb(4%IVJ>Vn6sE5|9@|vgc2eI^S9}7wV8o*Tcn|NzDhK=d?EyZd zCe6w?>=&I`={@p3?Duh04>ipRlO+wefHk5mc!(lm5_@kVhG-&T5sdz8UqYFt8K~g9 z?erhS`08-US2qMW7PhyaPFOp*MSUwf`$Y!&WiPtEpOC!+P-?*d>_W0jdvfQC#`xA< zm)KOx%Ef{n(CRXpT!Y4KWZU=^aUDBvdZI>S;W)Rx9+trg(%f{rXjqeFyhAt9AQrTn zaGi47^bPvRbWb_QBZE&0_p;-TU*wT>J!1@gWrW{TDvVnk@tcm@$Coth zMBVM&5-^!Iz{e+|Pbwaq!Z?p=WTBj4@W zJ>9!~o|dz+o55pJDKrd+J#3ddbkoRG7n6KItt8xg>~ga0)6Mdp$4zAOsV2`Yywc+p zo_L@alM~>?pK{Rcp^6Vx$e%w7Fn*2W?CQnQt7yHco1Il^WrbdZgy4d5c-*eZTAIZ% z6#pMU$&TTItnW{_QuYiEPMmSG_{_f7#Qmbk2W5dqOrNi5js=#=6yBNok=DQ#x4NBq zSiOcyj*PD4yWY1hI{lUU-qI6551`S_Tjv8|6-QOSGFVghor3@2%>?~e$i|t3^ z`ZcQZ#8-cEdQC*2ND=L3ZDF@yK%z_=+=;89scjK)oI)ZM14qZx6YBekXSi+8h(klM z4Msc$-MxHxikc8bB^QkCG9_+$`eMpFeJVJ;xRHHu{AlsOSMmUQYTTBo!gK7~T`UN{ zUCa2eseF^^ScqyUKQM#&(U}&tFr48K&8&EkDzO?jVne_6Q&$668uRB^{0}b$PmnpG zNSY9NuNzLa&XeURCf0u?3KOM}IQ>r>Z^Qqh5-(a^UtMye*z#v8Kmhu-(aT*of1@G^ zLgE%uFcX0t?dL3}H%@={N&gU6AXBhWwrJ)i z{a`b%J|DGmk|>8m%$kWMK6zO|&GNIbKibNFA%fs8oQLL#Tpd~Y$MvWCeykHa^IvIY zVh5!IHw$_l7XIt5qnL1*ZkD1WYkm2`ySRngC{$E~h(qkrP5^_i60b9u+k8N<%^O`& zDT8P$joP3;F$My`=yftT-@33!Hu=_j?0RI*nK^A(GSk!rm@ZUe54UPxy1BK!DoP2R zRQ2a*ePuXZ!gy;Ag&=}9Nh{4+BVcPwQp-c#FQ@TgKrj{`y`h~4rgO*KzTl02c(!0) zEoFkF7-!oOisQT&Q59uVuKe{;8{x#v%y#G7Dti-)w7+l$nwnN;C|#?!7Rp6bv=gt! zy{m$x#qJ$Sfum|W4MsLamXqI+vpe){Ncat~0-}Weia# zBha6FdR=?2J*V`I{$w{rXupx>5Qo-?xiHDEEBs}_Kfdh8fR7biYe;=JzsMqrwprE^ z|HZt%7t-qNj$&b%*P$`_rNS@q9VF)5kJHP}IY+VsB$YAFAxkT6^6VyCF^OJqTx@|B z^>vp$wGpWMXP-NOd-opdc%U~wV+g%5`0U!jZJw@%ZFn(bqci*$^!<&uT>T-gBCS;Z zFS~oDk9)S=1u!lv7s{gMzl`Fb8kg06Do(X_n4pE%jHA{u00Sw1=bHS>-=LK^nJ?Vo z3r3x9UHK}FD`|q@YGHkF+hCbSe%!rZQZOx2v!JUj@RTE&=oXpn>)SBw3!?y%mUJoV zIzK#widwp{h6{<5f6w?mS}7|-qNW>@Lf@%``!i&<&-Tr5H{dSeK*ZJtHCtnF8PYz> z<1EA^!eiCSIJHtFv^`@vkPo&0kU40$ej@9|H#}_=h5T(Nr0kHP4C&FGf(HK{tyh03 zAwfdq9nKw@-46p4{lmP#EWd##zdsPVM1FeL@zKa)94v=4FuG z+@x)E+S{~O8kcv$17izbD}vHw*K<&xAeO!1q<#A1@dH(@h)2uFI9UoNA#toD!7(aK z1;qpWKoHJkM6mH0dZ}4_CiV4;c|Erb7o5rl-zQjwVIJH+geP{;;~uqmx}fMW`b?0Ll3sfwXHn8vcZ87H_@=rWnsndi?@K6S z)Dj?d+NgYb^lp;G@}V@*WQy{Q0{4%9?K<-qvOl@+UeC3wfJWe2mVcc;_Y+ej&aXus zGH6hFMD$@+tTz*@{hrnbNr+0il-1u&%8bzc=?>LxMWe%E-uk{s`{K4q*kCrR;(kP{g0yseWY@AuZ6Fc3nR< zX8j=?V~bGeEnwe2!JAkMCLg{S&k(8BIII*r(`l&6Y*=~?XM{hZPfwYay6O=kZ}VX~ ztH}bsfJ3g@LnTa7Yb>@UuyR?E{^(F6ZPBfumXPAH2cCxwTcJHxPU0{njlssa-80^v zJ(OOdN+C2YmT$dcGKg@WhFJFHLE6cBb zH~BBRpe4i|ZGp%Df?$qs8Z3Cvx@RL?)Yr<6!XBXKn215p-ut#Y%4v|0;jBb#EcPCzZ^`Txb2i+@bjY&*BHB%U13ZR!vpm!6tpp?J*h)_g>iblLO{xTJ@Wd*OH zX*c##YUDijH#Gr0z%HCaVX8k&Lg&g=b~X$AzYq~a7s`-Nl;zno6Z0f?ScDIqFZ7DZ zo3V(wUu3Pkz#UEbKyT2V$n2(NI?RyG!R_%MQG#Asfo>6B2nt*`-p5F%wn;>f{lx%N zR}+4?Jv$e}T!i+^rk?`&(?WDvGL?lzkqi0vsP-gx%6T$j6xaeCO(*sy3>e& z$!Z*&cz#)GXbOw)w2W7o7$+vstLM(8t4E`0Mgb}ga+c9&;{vj$PLJueTtz?JK$Y;Z zO-fJD^*|5at5j$ew^M%q9&ceGPq7h>1Wv3|2)FZ73bC543UNYcC@3iRy%aipN*{As zyBViDl6ZRNl~U-pK6F8stCdgIIMtu_AT{HxbRp};eGzP%`;7=#;|;y8D+kOvi zmTC(zz8%UJ-3MJkepRziJjL3rminMlXqWV(pWvmd?FNHFd-q}PRC$H_sTh-@^t4w6*Q{9cXBr1n& zw^()mk{XPCh_V`w98WnR*8Z`c=XVwPHvZ{;mi>6FcZs&`*Cg80FPz0%efsHX z2?@K0pbOr^dgsG5aIwYmvj3rN)m4i7pC!$APoEXL{zQM$SB;<1pN)uvk;yD0usS6v&!<&e<`69_`Hb+)h~e?dy>0&AR|j$x&TANS`s zMw?BImqeyZN49MFM5Zrogf+a5q8BwtAHGjLob;lKDoPEGCByJBab$l&am*;*Wu*r@ zTw>xOgV7G5v%8t89T!p7oML#V3Y3HFcux1j(lVf`uU*i~;lJ1&nn+Y7nJbMPcy&1UzVtZW#h^u1F&J;j zFz)SDc+O6@1BcDZBQ}p zEyF`QlDzlSE((Fecl57{Np8}zO-;XNZV?JFiu(1fx*tOcs{cB_!l$%`Z{AQV3hTKnkf+?8| z$lgrFa}q}_ml=fB|AVKY2#i|in%?_s1fNme^F~FXYinzl!0eFCw%aT$Y(~SGl6I3% zMdH+GzRxT8>w7Jjv^;Sf_dlr*gBIc&4-2*2Pb)Mtr;(HBIbmI(q!_A+ta?o;dwIdu zyDA^6ojgiS6!WoZ*|{#n2qOsD73|^%NVwk-i|+jxk%)zEp6lL0|9RxYZI0!A&Wl*Q zb3p~;pPC*ek5|nz1%@;zL7NG=-gM~-VeyI@E{!PA(e;#<-#Yc|z#*O)X><5fK>0Ic z{K6+l3bMeH|3E#on+~ogJ|6+&NMiMbaQ7y`Km!igw9psnlrepR+g|C4rD;DG4ayKe z{O95758k6T9PX>1!QA6VWkzgH;8Hi`s49V;jt=A+I0$a@mJF=k=@~99no6LpK|(G; z-}Z<2nv8LyqocF8r5-5Hxamb&z_)>7YlG_M8H1P^WmY%oC?7<5 zkojb~7yoK6xK2?Cl)n~664x@RL}9f3dc6PQ{C-t2KfFPT04|J}U3#0NJY(|wHr@iE zw)w4V;bgyjm63>6=aON1q}xPQe2_c*r~)f2qf?Fpc>co}wJ3!*`+#X*?r1_+NUC5F zvdUPwiz&%w)TDx@PId362u$F&i)WWvcv;5eu{M^G%cy*~l!UUlU=PEv|NV*l=G`(% z=GJaq^Y51YFQdVU%N#NN7l&t4$lwB?XlEl0 zAT(NLXRw-7#Ca6*N1=kR$Az{efEM0OJE?I{)}^2f$`m76;b>$s1U={ z`7;#mUVVusU)TfF6ghpOimOZ4x9mf@3xkgDU*p!Zk(0~r<>!~p*f%t4#-TKqq~U(1 zhK%$7wXE;!9p-~RtFE9_fdM3G$`F!8f!9Ym&c7iv=nJsljAbp+mRpIW1)ZnTh@0w2?a=J*~@8 z45mjKXZf!ejo-0l2YU6IV%of}@?%>XM^mj%Zof?6BiioKr^ic4$u<(mU#|t68K2ML zkF3VuRsAu2`_F{|rm7N?P@kP2?Rw|GKD#QI2t^uu2$7Fi5I zJ4i9+R2K`xEQ=Sqs}-TOiqy_cXGm;hm#>O3Z#14{2(R8n<6%+Hd-S+{bvL}v%!gTM z@vW_zrVd4%ZK%kl0K;5&m5rIF7-9Q!wEu;U{oRqEDT1{-b$H9jUxc3ha?=8dL4*_?zN>z; zYFRt;;bl>3J#DK>;na)tS<+HcZ&li;3_m}WlmrFbqRbsh!QO=bxa4uHisZJhrngk)^UTUkp1f{0F`6UEvvPnekd~a%RBeH((lQ}?{pa)j-HT*gkqFS zN9FejAVpF>Gvi4$YU#gkG{Y^bq4^S7h1PiP)3mYB_27^p>!qiL+=rR>_3yE(HK}W= z{%=$SX}=8UCNju;67NFc?tYbd0Pai&eu7f?1&5 z*+VV@+$j3(`QaCnqsGA)ge<1ZE>87eha6Sg$7p7xl^N26)R*NW{Pqt-iAtbEyWN%0AFO4u#zQguW`8tviq*ViC`HcZpu4HCm9I#cFLUjg0!n)F{)Nix<0 zpM0)7SkSx9FdOL(M{}$UAMQ&3Wau^>o#b@*amPe@1aF6=7#1izU`9&!XARYBa}hHRF&I{Lj2a8OS3|C}B2E+ZWo?&$e&ki8l!3 zH5M0yCNM0T->!hrG0n)H-7l#;DckBM$_d8NjG1>g-y z`T&-?OI_Nen@rU0>}4$e8b?A)sI=9aVN9pw`dUvoxIC!ufa!n1?l9e{aE~;JKJEkT zYSZC-cah$ss;%63z}q3Jvj-Itn$g;`nW-%)!IBPQr|bM-k?)?BKaaMh)@$-6?sj?5 z8J!eNK4EHQ)D(VI=eRMyZ8HsFIj>hufBcs?=QknTSEl_N?(s=#T-p!|nDe;|6Y&AUSU{(%wr@4lC=>HKrz58!L}&{VNFa-;?NzBbP}B zVkaZ9@TVYE=M5n~tota2q|adAU8yaED`E3u29QmTe}f+92w2d{y<4hj6bZrdJ+*Pt z5lnTaukJs-_7j@+4-e;eE~HP`1-eXI7hcia-KU0M(F9jDsxn!r93Mi0a)w(D$tv|JB zSf0U4EaER8(TvI~Cc2-Q`WA!glXEne2o%9NevJEnBvLlYz~iiTGJAL(gdkTxx6g}* zmvr3|GpQ;Wlt_fm4||blYEY$7b$+xA$F${sn>*soFzjVx3Z1|BKUx5i3GS?zmIfG6 zBqI$+=rE+(F?4!AOm8i_^uF!*#D+*DMS>hlHzxO$;EL@F+l}M-tG7br|3(adchbN8 z8^B@rYPh+&lQUtSa5>KBNMV28j;O75o0Jp7n)V1SVYIc)cQ>e4?ifm@y)XA%n9xq- zC9d&)rzx`jDf*vJBmM1H@4eWt{P}T((WL{r{3RMcEPZUXfl$xCmz?-spXu z6X2#wTBF9HW6m^bX%m57(dSR~^%dn*J%$~803Y<^z6N}7Qd>sV#ru35ZJ z_~oZkJ^yccJ`gNV5w^UCjoyq8;uokbZ3*&I5AAXcdUUXgXW2w9HC3;ix22@A28gM~ zrMJW(niG%uOMmaa|H37iXwWhhmHZ5qkg`sjNBI91Lfa%Qw6qC7+aFiB@u*6SLFq9a zlYr)pXg0+dr5j}%#8cJ_0_ZQEn-;@HtNo5sN%djq-m73JhM?9l(pVsX%U+eEtU3B& zUYcL%ITdzr&~V5mDxOu8%f8+)^igc=X<$^FH#GS@6ij@PSd;++o6*2}m3$tGmJ+*0zJPqI?N z(8IxT{Q{(xJVBLqAs#L#KZTCI3I@prI)Q>6d&Tl~PK`7+kfzx+1X)Mxs8WQGd2lI} zBIC#JH@mwF@}e@v3Mh}B91Hav8S0Ojek$$CuU?+ZDD87a^ftxI9z-h@gXGd>s;htr=3uxJH+@+fZ#YMpltsP=xh8BkB2G4yg???Yw z4j_1nZEyPC>M9tb-s`H#sfiWuC~?fIROar*V_qdYpWsYM9z4%^bdUA|u?743q|$w0nre4=)Xxy$&0$^>l8!7WKh(I4#{? zA=n|;S-tP}_+@s7X@BvbWfi0hXpzo)q!*p;4wXAM6x1I`^zom`91340;V>N`*CF_K zmuCwug0{DVmJ%i~#aGiBCtpj1j-GzxWCri!#}@^L2`LC4V%;=z1RGtsB-TT7%&OI& z?~>$JNRqag`<}hJmanC(C?k_eqTe^rm~=jnV_v7pgZel;68U6vIXLsp(GVQtpF{Z6 z*|au6n4Q?9(0YwQ=)m%hp>V=xtEWy`w8|HZA`!-&JZ&zn91CLF$2%N7BiG#K>$XTw zps5b@KG@Ww`SDl_`QX_X^j538nEZ{9!M_!o;ajr1NwVfmK%K!c=6L)|Y zw(i~=3cR2p$YV0p^@TMqxiggt2CC1`Mb()2hz<8J8x}MxBSU>IV z*~|FZu$IvR@nyJ4mpK`g zHc1DE$5;M{_~MtsG{n(Pi38kw6_{ZS8C00&D+qF}Q;&a7Whr4VWcX01vW~}+Fkq{g zgWhz`Ws63QNwZ`s)g4Se$D{a}&!F!x4rb#xc9v2jlA}8j7}OlrCI4cGVK->Nv>S~{ zrN>kf&=sHSDt3BGnQRt{TvpH1$A9nTve6bgFJ?#joh_gij2JXFZ--1Px!$=WF;a8e z*st2!ge0VBrI}PbqF{K|w_vzJpc|!%kU)wjabv*oQ<6cr<>ox_Yj`OnTYU>E83z zv@+ATga5{;ZZgjLE%y|00DScWBuyJBet5*P8eQ3P8(mDIl-kU7hifYm^$H5d(gUkD zxveD(q?Pr#KffcR^2#!Ym~J+NijNHODw!Nn07C z=&8yW5;y-7*AC^#v}BSEQw&uT%pYUV74Js0*EioD*$lXhZM};zAG(ORpGiQV_3w-t z1~x4n-2iIHbpBO8Ak4$HGiRAWMf2MI&CTSa6SO|bd8>DfE9b^D&@A{~7d4F* zGL!yO&jo2b{G^&TVc+o+(CFAt3djDOk=2N4Bc5VGdLucNGN#-t;5id9R&QVeQyOKi zOve_Jr0!4~^0SS*KbOUVBD#o#a{-sV0Yq6pi?ydTADYDrUS(hT6YXGRNVJ8cmdcNE z_d+hHRpBAf3g@O{Hu!&py?0oX+tNO~Er>`_Q2|9jML@bBy(=Qpd#}=z-fMt>D2PZe zq4(Z<2_|pxxpC8(5zFuCK&Df{*y4cOcoGL;#M&b_k>VS=^KpdPjCF%m*mk$BHHrqYc~0 zUXgeCGez;;C`7-saCQ6XKl;D01HXG>x&LI=WrSNPcsQ?@eYwKE zT8?X55O>0=E}Qyxt6`zTB94;AJ9>tWee~~B1s(&14#{;07d;dr=x8x2PrHsuhFSeR z&|*r{TDwYddaS5Y0X6I7R6^}+)X4G==yfZX`69H6e$gTT7>n$xtm4Pz?+HWlzIr7} z2OmLqziZier>$^1;EY~{TF z$S!>ZFM-rJ{*_b_yG(EL5@=#(PtHGU6U8aW%ne^-n^;c!Dy8vu?|bBAUZpRAdFubJ zNEw+MdI)no%R7?(z-4r2dDN@K>;Gp(z9fmoWB0;?4wfhp-~Cy;^1p#si8aKz2dq}| zse*q`)h|}^!?Vi-#HJbB7ab^0bPR!k9&bSWpxI}*LJn!BQ<;vAtS+352Ku|@O$eX# z&(WGA9|m0t@s2s6|4sHiA?!;y4C{x8->(D=scOl>Q__k z3XkZq5}ksmQLZZUX?g3ZDvfC*RaD$0-|#Jt5?9$T^9NaA^Zt02qW+%Y_(FKkY^73g zpLRTtWwBZRPEnSC(ToLSCH`Cd2EOw!ls|qn81=?=3wd+^A zKVnS-n=gs(g;-2Rz$*J{S54j**hkV^43$^aRVhQLT-7bKSj{vTYH>+U6y z$5V;}T$tB?_}&2A#*O4C^#dnLHbg_cYPrkjhg}a{c^EpTAK@Je(Y4WnF(WH7)=Jvz z`|1=yIsd!;;dnp?Sg!5iv~rY9FI&CKNGyoPVcIjnWgaZ3XW)GvNQP}vJaw;Iiy^m) zOpHjcJR;heapnc$Yl0{PY z7BD}Op}-uX{QVz3lcKoP8U~or*rC~8`kCF9Xs)CJvA|)9!0sm%*^`g;whsw;^>d-b zlnz|S6`{wc3^bcT3ZkRhz@>(~iRRDAk`IgYC6C9#yN;B4$E=??6X=L;<-~d5ipHys zN;=BP6UfQ#KI34NGB@AY95t0Be&`wFvNPsYz~RvM`RAbUac*aVPIcY$Mx*^$uq2AB zBmqCgqiMMGYkr>=PZxr4eG48qxDhfNWlAi2>(W`T}b)Cvg>@5@HaQyE@g@NZb^lBbp==iKSfwo-xfZHo6u)_%v)Kv zv`zyXUx6f#yUxpwd~|p01Brn#YGdQ)LfcL2A_9A1ZB9$gFE_`$27BV|i7v4Jm&lp; zfn8#O51!0%>q?C=Y3cJtIImteN)-9l)GV{!LPsTd8)Oe=)hUKsjxqMmsGAlIbpHiy`qNlQXbSJZP@ zkOnatiTD#s=tGT6_hyPYEcGkcbm-{l);xJs3S#=&l1w$lP@hcU#p_A13@gLRi6t1XOfNdM-uuXOcG1uMKQ=OA-D{q$ zG1rd`N@5;>#3UDYb;1fqD=WXM6(=iT4jhw&_fEc8(=@#QrtiKUxzN#Zn-XGq>-tqE zhxxWP{j0VK3J-BnYXiwyl(vl(x`+v3-8!SVU8rg1T>M%2*30*@DNG~`bAANt8a$RbDXNi6fE)D>IWzpo zyuA|`&}o4ZMvYa`N+yIw8n?M-{_gH{Y75XMs8@cfLT7y8^ISL&t`kGEwJ2yqqAx^~ zXPxUoskwJ%xqF#xfUgdgEsNtBRpfRNdf)cOi))qHYi|;Qo`0|6=X)uf-ZF9WZP(Fe znuz3?co)^IjCEhf{!kPGd@g|iAAEK%K_gI2u=8_WZ>Sd>#_9|*l+o;Q^z!;s`PB{gMSqgNeo?Bx{srG7r=euFR4psijHatcPCBmlLT!8cRRRe_-g2akyUbAuIR7Z?JpSMq zBvJP6K8+_jOXSo6Dw2YfX1Q*RQ=mf(KwuwjDWq!B(e!;chyUT z)6-ey)`bQ&>bS;prbbMsWwe^4SKl?RM8Ti0g@yN>so{?`Hpb`3DKk}+^v*wS)_iER}bDVLJgN*ZMO^@P@ z+Ah(Pi!sXE$wCF7JtTDgU@ z`Gwp9g}8-M1Wc6YoUZ81bSlOt*kFxyl;FKVVOFn(I*-X-tQTy?U#;N;U5|!vFdA%o zqxc$9c&uhr&-ZvjyF`$MowFW(=Z@!-)1!65h6au`v#4AGlpFIlHFL=OEB7xLM2k*< zi}goKz`!p|{BEW*BD|04Z0=)9z0syNT(f{s`HZsioh?cT{SC?Sj?mbqR=QCx4F7)v z#{X=@2gQGA5b*+i{0DA}83y?PRkaO)<_A>*icLxKkuLl?1bXseCHn*PI%$>OGL8UD z|F?L~ajTR(_$F-oELY@{3-U*hb1P#`mm%`xVJqV1Rlj?0h;XjaZTEV5Wj!|BlXzF2 zPKx>Elfh17a)BxJ5F6;)K`d}}%^-kSsP=S<*$LA>E_vpkeSl4OKLcj&Zg?6m0M$St zjf}3wTq;&0W7mv{xE(_{$-6YTb<@sLT|=7~Dc&lbYgUGC^|fxe+o4|Fs{byMWFGtke3dkVEm<7V*@iu_sBl@fH8JQKQ>j@bm7F(itP9u794 z=~bg+N_46AT}61DjQXL+EgT|%d`cp^(Fa_XS!K{U8jmZ2q&J0Z{BRpD?P2@-~XX#*Xr-{p?SWlj6Jzx8=Z@om|amkshSz1v^!7&zbKI5l?Uh~_wYH~N|1x3`#;nJ6U$vxp1E{R0=fE6x1YbfK@B>L7o^NDJ*{i} zo5sXJM&Wqqj0OU}@r>Q7!Se?kXq)jJN~1Pj{UpsD!VP9T7^^mxet*Z?V!9WAjoZraD7W^W*)?)==0Qk=#7RX7AS~%h)&t4S>OOk++yh@ zCx4VzH3xiCSfxOn?WP*lf!l}~>#H$|dx<(_W)Pt6h|WXuC(b4U4MhS%pL0D zRXvCOc^Kw*@9y1v#KIvrX!m27b-qfO$>i5fr<{K%P8oFs5;U8q1SY5dHvfNMO%Zmr ze7t1DSwo)`p57&L@NLR<`=J`mgD!Q$nWUO$qJvm`E(7;>4I&;e7Z~;@5~p9%0Y0Oy z2xd2^&XhJ@HPOIQ_5k{{hPga%(%K+atpvt7Bsaopy*cIH_x<}!d3C&J*if$0#Nt-G z%%stdB{C2n!3xr*Mfqx<-*ODL`uOs9dYZ-Sh0$}b75auzc@cXD_?)QsZZxlMk=OTb ztX@e6+~@IwBrL-6Xs%1;)o3TOlpAE!+8a%>Io3Elp!D!thmapTRJvEAIK*gdIGZ(| zCm5=rCV2PWJ@X%*H7pis!0OJ|HL%_WXByvKT!qgvz0aNXzoR$RSJos*nDTZX9{n%h z_&0m;g))aJxR6$E7QvuU zb`b7`(9%_&6~m+N1+>-7^Udpr=HtLDZV?PsZg#)U&(P0@+^BIawBrzs!^0fUk+4wf zKiUDll99vEL|ratt@<=4bF7m~Eq=LwTz}O3ed2Pyt)5Wmj-ZP}6>^j32Cssi6XP@j zWGl}(k5*SjaxHl!RPQ*Sa5Tc3yd+OaNh^&em05MrkhQ^6wY1A`A|h3ugvea^4NLR& zXZ+D*ZFwx@2KGAbN8P>zxY}axB$y(QETS`-F24q2MXMO}$7&(Dwy|L<=zyY7iPZ{r zxnY2FaFL1EQ7;3KGBhN76FwklMJ1gS7ryB6ZIjDtG#7oyqScfxEu#t1bG+1XkKAc_ zXPL`!tmNL!uCvqZnI69)2#ZcyJ&ijMZAH`kP>8j0C!zlDEZKkd?T-bZ!^a1^oJ8VZ zUN<92-9QJ-K$zTJoFiHbgxvLuFkmg7H;4f!@--+(51&l+;YAc+{*w;Ed=clu)dvw2 z&VC0Djx_>gyWOc31Mq(1P9|jX2={=_tyK|yh54VLNb;_@pg;4@KH?3RM_&&uNf z8D>izm9BUmYjqWI4bY5jw%2_kKJ!VaTzlE(lKVDvdUvyYS-$)+KDU+!jp(D5J?Eh; zt1<*^XLlN7g`s>iTMX8Bi`yRj-18M%fhs1ja>GUk_UOZGWFqPNH+Q!{y-(c#hlBjz z0WO{W6MTH|>YD>2=f-wup9G*|tk+J*=a@hgNN>b$y*a8_Fu+=6R+9_ipkJg{s&JqbAfHT{nN&6s&U}XF9U> zt4yL*R4f?Ijx!hyHhgpFRjWV6(l8UT+F)5JcXH5xyhw2N$#M5=Znt)mTFogneI zfU{>FSmP{7#pPG$=B#MA`gIk03T4(SDU>J}^VsVq zD5v4eRMl(t7RO59nxwJUh@u*E=e+B&B^BPI8L0UT1yN7-eBT|3v3bwq&mPq7vfsUV zW)>oGjg;k0o}b6J;NOQ_w`PLan89uZU6^ff*xc#1rJleMkr(P%LkF&gY`1?X2ZYDP z^{3T6`NkfF#_Md-^72FJ^W^zwyu!}Y#wD=>#`qPBcW@00%Etnmn%tIiuMXGG(h;zv zV)7J_M?oE}oRyauMVB{2(t~PqJ>gI!_u+vK&DNH=!LwV}ttQ)|6huY^OJLAd_gZ`} zG_fMWo59~|xLOY%xSm)dy|tAOz~uTMHf#Ic1jcay_L^MZMQwryIhfo?Tz?MpFmHXa zHVBVwF$~HG5oWUzW%?a_KB#VH#CmLf4L8oVZv&zY$aa9F z0?UG8iUlp#sRVkjiH@4^=h^<8zd5?n;IeHdmoR#Cw`Je94zYzj8QGDbzFg?2T$LBCK{dJMsDH$QM7oTVS7$rt%|{DxfEGa15&XRXUOh{R*SY5its%8CkQ_i?Vm_sBWGd|1Z(Yxi?=KoOc^aLEwziesBW1gRZIbzoFklnR@ z)Li5`3o{iF{4hT2GER__NS(OFc}FBXp}zZAmvC)RE%V;k>fuDboDMMspIZU8xLbQi z!0=sjo*%phC#7@jipgZFpBR7Vdx{j`U9G(%?=r$NLC-3zw~pI7Sm+N)QSQcX*1P%U zcX=G&TJjH*4RImpuE*$;AoJTOsMD!5kjL^5;o6~%9)zLa$i$R<8I`3DmGo2idPMS} z{aq_h>Ebnn=aJR~k7+a#MTH814(R>?c9~4G-n}_zYwLwtG$DrWNy}l880$@D>e81` z1$j5Enox?Ste%0x$rXZlPV971tGP8r8?$XAEK9EzpMlEt+cvA}#*gY?5`?{C?q)32 ze3}aW!Ap!f&b@tBg?I2t zZp>BZe`$#X*n;kO{BwMeJTr4+h=6)%2v`dz)Q{yY$C?56LZjV8Ll=?M#l^+-CM7!L zHm5ppR`fE83Hyys_Z{<_z{5>a4ooLTq3N-5Jt|s+$-IiDX{gAwccvu`J-8X zPd{?CY@Z!U@}Oz)AgI-!IjU&nn#wouPkCqI%0czC%cjTo5C$HHjYXHqth}bjSh<0F z{`1WG(N$y4&8_!y5>q2XMXQ%otB_~gBiDW+DFgE43SwIL9eJ!q@l(9=Hs-OZ*};?r zxH8GH6YX7)r>Cl;)4cQhMoequ=8xio=Dn4br`WBT#{#%-zEE5q0d#dPKvh+>!8Bx6 z4)?WVR}c^?I^_7Xz%;!5AFYQ+hMiU=a71$lhlEk_@k>y4;@<%w(2L^yYQugF-ESPs z^-){jd9pr7to6|`D2KZOonTYXU{w1tY0^7#I0J`@00hllkH>)DAK8qK2FpworkGiX z%U2ha4R9~sj0;Yvwa^*++1gvo0;1SI&xxCtu(~661+!y-O1P=6PNeb0?AwRwDZ|fO zHchN1wXY`KghTnXXOR;H+ve?<)!rC?>pO$%9NV3=s$i34d5j= z?|{|aBR9J~IVf7O%%vnhu& za+GZ$lz**->fw$tm7r^2Y0&T{O%vvg__d?4ud9n~Ji5ehXn(_(FI{E2&SjpMCn9MD zT6Ftt){>LpaCn3aSY)>V?6uTj2c>h6{j$TC2@?ax=kVG9kSk}6u@6cAuaYM}&| z=>*++os9^9fyL8faDSeelhXjiSo678HHI{&|Kw%Ja;<)Vu*OjGyl}lUyq;YsExIDd z{Jioe^Ui#>8sYdm=wRc4z&mL1AjLl%g46~;bzS9l`}QCH{2x*|dfWGSYs_NwSOXpo z9}P9#1~s=pPmyIx?8u2_`EU7ywukHLQ{HPefYiN>PwzTm4w3G|)RL zYBxIcE^mtP9nl1Awf0&ds@$4egpcM0J0+^NsT)J=W<}U}d99{_{r`@4C%s&x)@in= zJ}4=Q=k$DfL*RVR?+8d}Fj}f@pEuO%|MAOTc5eiXL2d9Iw?a06+AO8Xg|$r6R!X z0l8q+sf7Rptmw$C!w(4MZg^vqm6XEM8@Vlq(wFR_MFzVEijUkX@hN%D^UFd-meJGc z=~S?Cq@K%+6wjw8@x#Sll3B4g^`MOI?u%E*miC39_JO0>BDLF7{a(!2C2r5w26MnDzXFaOP=lW9_ENs}=^LI8wa&e3t2aM;HgH#Fx2YyUjg^OpK|Y9u9?I7G{qsa4jkGH7WBN!aE-gt0GDRxw%pxqMIU&% zZ_7WL^!)CO^CN+e4vN~t)5`ZgemwImGSE21H)JM(t_*fe6?rXx4KPM~ipyJFCJWh^ zR?PH5k9C#rh~xp&;r;XfhdFt5kvdhA-Uv}DwX zMKc3hwS1EERG1^zN#Y^ATx|0v>D>h6?xC*}3@yS&q!=e`{8w1wK_C`O-*=t3n9Dg9P)&Rxc?GJ$z54l*;I`~Feb$y74S@-F>GkdykXag9O;@AUHzXa zjcMoCSP~6ed8cZeaiGB1r1o1^CJ!I5CDt0%$nQ+63*8-A@1k*h9o<>+4$4!wGBGl! zGA<6V={067q~2SM_`IIn-f>#d8s5bdZ_(_b6&0<9?rL~x`#jq|=rMVqs{`XfM| z6LZT{^~#7_kl2V>f3;A^k)bi&B|`qmT@lp>=G&TZ!H_!zX`B6g1O$O_edhHthgS58 z!z{QfS8Zz(Tw9Y{s(2^aU03p9Y5gwM;e4)$u5R5E$zK5qC|Hgco2LaaRw(%wSmS^i z=QXx7uY&3nPkuc>GMn4f%w>2_B=lHStuLgccOY<5vy9@yNcM~-QH5S-uH|CqP~voZ z`)h97smwRCB$HrUJ-4w9c)am`gy{uks~lb~DfLr9pvGt%IzM5r?>n!iwv960A?>y42YEAI)EL^D{wLEy3&rOpA{4ifA z)55WbbC*{r)8ogF^XWnw)*MVr49EfbvY!0IRAJp#=f=jybY*{@@j5-(yDQUH<(D2V z2&sEVY(>hLnHdLzwzar9QDx5nD&uib<=bdH5i{?M>482R8e;J@h<>OSvJ!S&Fwz5hz_pgm3UP_>#2 z{Eb*U6)j-#tr+;618^{@sc`8)UL_-8w;|>EtVIy#ufF+$#qU1`JdJ0fq|0B`_qP}> zUpllNDYo?$t8$^b{+a`#rQs}^dN5LWx{Dh71Lj<>%@7F~UJ-HC1p`LzUJ?45Z@F+H zb^Vs~4Z5q>>5iD*BIK@S@@`PwR#Z|dz4Sy*tmEs~>rb92-@W=eKlLd6k)D_b;_>54 zuim!u-kD#KnM{ha?vB9;4K@ja5Oq7Q41u=a6B!MZ{2TaM)7|GAyyfV>Jup|I{1{9) zQ*U`DrEz<4(Oe+p+c#O2m~cG28~!FMdu)O{m=7LXy8T%;ex2n@H9N}Lx_Bdm<>^kS zkfLF9;FJT>sVC>U_Ru}K-}wNcx2d3jF@KHvg>{3-b2+4o+owX!`WD6MT`KLYUSh;M zdT(Bv4$-VVlI33G z>u`)F202O5{I$gY{j|_}`KhMeV!!d`e}C%pNBrAXtAF(@(oASs`Uh=^p9o4w16|GCz$kt~CzbtO!=^RGro|KVzXMs*9mmlZ}!Slu1)9%!F_ z?$t2q9e|M^2kl*5IwO5_)4DL1j=cu#*_GjTG=3(l%$+C_ zyv^VhY_gZWfGZ-2B%^Nr)^^5*u(KM(YOkx*wbfJA!=bL6EV(pouD6D|5(_@XG31OyI`a6!MlQtIJW| zzp#c61mc^D`>YGI?{zDsdLl!{%rp(wd+LXAs?gz_wdA$w2@AK4lpQC*i2uHZzBb>- zi+Xl7zu^7c|89_rjF#B78>9K-iqPX-_Mr7aZXrVM+s*A9CEfTVRA4__rz5YnLxbLprCKNqG<*kW2CTX8NYM!T_otO!TuQbXv8m+O!Pr#)6;jUiB z1|xP>EyqWaSV7fR2OXoXD^=vzx54n+kDSCcOf!u}yN@+(U`sD!T*viQ^eGQmu6Ae&|-gS1r;PU*Ua};5F; zg}Z+KzgXs981VnL-1#M6PMd=OPAf&*Aa$-yIJwDAb>q_d`?I`Pn}0M-dJ=~^o(@a2 zl?D2SQVUB9Ime;=FsPoo7dga(HBOTb=0?EbY?qPJe`kVqebTx*kaT@tW6F*X;={0= z5pKzKTwI$FR8!;n>f-}$ss1<>2GcPJO>erpqcXeB;b9qVz}wPP#@82<6#s@-K4R%U zXiP4fbxOpb88}5V^VEC)K&>C$-s4|YAhQ^DIgp0xJej%q1W~!Xw47y9mQIp#=gNfS zqaX9-U`wdyv4{VzZQ93E)9o+hCVk9<-L?rey%0z8@0-L4tesz=AO$29S~B^AV%O3? zUeX#T+jH63c=4O6yyjy(?J5L|TtZFxhsPRh22tIJ2EdhZ^MQ~L{ihT8kfDnc?ae5L z5Gf%!6iSYAtUHTvorT)9BSM0#iV-)lY`)~>>6xh-R~bk?eD%C!VS6KTE&th|*d>LD zF2UQk$q4H!WXeeCOb-GKzW2F{eg)jePy6i@@i*duzi5vaQH>b1x@LR+k8fee+cN`i zV`q&npE=S$eZVvP&aIs)u=bAm(@}GyLMizzuE-kuCv{hXaW<+{7QMwVtA|4({qPk! z)_AV4d-MHa;OgR-myJ-(nf;awoc4_WKNQ$5pf8RiR@emZmz7(%c6oUo_u66QyZMkb z85mb&HCs89&NInMVLXmxb=Ys%|AdzU=2BbpI*gV$EPKD#PdRQXh9YrT580>uzPz+# zvRa-(q(Cb(R;XO=q!qcZmOsv=Ws`5W+s7_@Pi5`u<=v)GUR&J?>B(8W_$n)A8ZZ8? z(*C?VXG2BrST6q#=`+>gJ*3)v?KY%Zy4TgWr3)gUZs}iWN%Lob+T4u^H>THY_*kRwuD|<6;=au~jp5nNmC+pT{siGR z#rcY+6HSqL&N;r6fi6gY5jK3uEXo-xZjMTf2#eD;-5wot6<;Ycph?`kC=Err)iJLvyex>jhRXD zpw*UfZWf22UWNzKhCZ-{v}u(`+S((=>6P zKX#{2{vLRDf@yY2gmJuBe{9=+sDYnzdE_RSv9bn_?JS$K((t+kw7 z-zW`Y&Bj-u)wZTJRmknpF&i(fVWlFA&O0nDC+=Cfyi4y_!u!X^_x1o=a6H@!@#QX{ zP$*3;##KxnvY6F^MYa7y-8H1)=4`~%sHhHRb)A`j@N2B`qr8bePa}D|oq}UY|Lel* zg){sUD}CxOc-5>+)bU^7Sz9Q!J98;wvhPkARax#r>P*PbF*Yv`kh|2JP-il=739*! zMGsgz(o43sws8mh5TlLYdeOe5thlR>PY)c{jv~+SUPX|bCl~M}3R>M6H;`5-*7$M0v1=wS z9mB>Ps#a`KE#ll!-4E;a+1*(^$Rf-uAObfzAHMmBBfJ8V4nnJ$qAR=or%69(H{U}I z4GwB5|KZ%RIesK)OG3`gFTJ_kT310ZFJok6q^uEGQJ*Vy4_a-`#4a)|X%WNDbf>F< z9smP{3X-Ca%aWnr0i3OR6|s4+${yx4@aw+1u+*EYOd8LaO{MR?AkDwOjDVWIPY)m8auk&=H+kXG zmP^~21I)cH)l0R+sB`XTuv=~BI&P6ga9ffkpi8Um>y+s-wX<%d&;4P$GEwWCQ@J7h z+N^I2;zStp}vyX_gaQF;~`gG}qXlxk$ zZDiab`RdGP8D$NrS7CHAofDMWrNl3Tx8M=2c!b{pK1YN)Se?Oh*c~=KUF!1x=gxbz9MVW9fc8B>n?<)Y*7s1dlf-zsA7%z} zYuKGk5b(S1m)C9HUBx@V%R1@%hc*LyM3+ceYBxj*6jFn}LfQEpOd|VCCY(p~%(VUu zF&AL7fV`|9Iu~x_hr7jopFIagy^h>6^_9BZ7Dc(DQKFgu^f_O+YPM^-i2FHK%C@(b zk!ItwbkG=;$%wx*)IRUZE;Cs7WPHFnFDU8!up1m2h%P_=`NHmt4SCVDD62|ma0KP} z@VQcIU8gJJP4~pOK}=wVr1X#xU8Y<2FhNPGXA7x2!>d-C*(jZ!t+iuIhm{5IRacSl zHE0CL6+u6W!QjURr@b<0h9k>NHp(ODEY$VxFE$6x?|JLiJEl+#;*UlvN3pT! znQ}b_m5!*t2e%7~zVKzt+w*dGmU2K#gm4(;E2^(@>(}|-rY2C4vK(!XcD}55F}5Q! zh>Z4TZ+gd~8K{lwQqLRBERwx1{3=<^CWbfS!%4Gfmnjg7n_#o84=~kwjHJZCeGJO` z#|O8>1O3H=?s5t#aNEs=_O6C;x6e}4*|5QV<7ygtmrT<*t3|IOZ?PSjGRqqlOuf~*R6R~utMR)s6y@ZJOl)cOXq1bW=AV&oQk{&3B$QIY#f4>qr&edcTl;1VUv*8$6Qijke@n zO<8_#GFg&9s=kwTW}BoPovD+vHk`E_sr(46Pd;J@-F;HJm*YHa`GW$YD?i2(XWHd& zdxsQKyK-4pRzPNVinQcu<8$W~jfiqxe)Cfm8@Xc%pxx8IdDOkjPqj-g_d6&2DZbo) z6a@6;PM2s%6RI-biD`_0kB?i``!wqg=jpJY?gt?HIu-YEm*?i@E+S`~L8{|ekt=wz z(JP3>pj?q*m;JDZdc`Hg>!PPr_=l%!6t(zSydHeHBn+&-D6w@m5N3;n)J2bFE>WL z6z{%Q8Iv<7QiMD_pd86mjEfmAo@PEkd2ewVTLz0$UEXEcd-TQ~`g4PDx8e1ezmLw1 z84c2#!3jbt)mFG^*72_Ne{mrpu?5&`!qCi<1$*jJ?NI$C9fWL5!|6v>PCnPQN>9=E z*)|E`84O=iQeZZT+?S#YR3X`{+Bzenn>=ckqt(zN{WfwyOzlxC%p{LV_a3g?xR3k< zDq4BKNZ*aGcS&Qai$wY(oxu*c^dO&mh9#yuPa77 zJpX?A;gR@N(mSkYeA@(*+$g;|a&KDkwU*TDj|}6)#$8xhEyGx#l3hIABBnDN&D07q zgYwodtS(y^nE>-{LXZhL>JHi&hxW+Y3+1LOI`i&^y~$t@;vqmaRa+B5}AygaK>q#ovTZ?jTCL&N+66!@%I z1pfT?k7)7K3#Xp0=8Li}=L|$Ru9ujss8Ue=$vda<-c}mcr$wR`Xl^}Q&h|9fXL%1k z&1-LO|4`ja8KuxEpPYT)Sk5#F9c*$wX!%rQcV>*M2HG!aFc9vN1l5|I(`}>nN(tAP zbDP$!nmpL%cleHy(U6MXtm^CJOMgW*t`zvcM59V_WvGFf6fRv3TW%?xs}pq=y_nfsn1)cMnWV#h8cjg1ll!1*b1B+uo= z$j4{exrXr;xJ3TpDE{o|zp<}aOx$zxM9RGWBXh^T&pAf>Qyl@m3G>is9Ao0*}huu~+NfL?qKi_4-{s8cO zUWiK43SJz^Wj!>Ne!Ik={z<^iv!dy2N0bPs*%Ah7|K^IvO$ruAGB(IVe#ZyaMm4pv zB5^Bi?6B};?6t|FL1a>WZ~IM=3Mg#h49|4&>#<8xMt`W2bjdt@!rqgU;8Yk z?OVK~lf^p9xRLhshFvzTByzjlWr$auE~wO$YP0s-yAwzCp&Ds zfbzh#EGrjCiE5#H5%+oO1Axfh>E!Nx^nr={$#b5zwU*{T4LZSeiwY~&DVNN6&%z}d zzEv|lMYZ$iI@;Ozw!bE9QQ&de4TKJEm#;rR$M=kB&nAoCJ7t) zUkPY>hVT*qBKsm7ZQYZ!4wJ=I<)AT~FkX+Odu#Yynh2g0;`wmsl%!coUj(BH zeH@oHv@af}day<~wl!ttC1zOs$%L2&d|c!PnnrF_uxOP(?b}Ge>&<+#<6+iSS@q<( zhRuDRCDypyZQr?Yt+>b`T1T_xGHtKyuGlwSim3MCw)?1|(FY9;4JMs49m9YdQGxsS zPPuHFJsX?U&GzJ^eYaEXJxg!U5Wiry5ifVpk%$)o|CqBxhw%HQ$YfZ@=QZI5>ww#J zO}0I!gq+t{uVgv^h+^oBt21paje!zU21J$4lv@e^mo4?@TDcYbSc4z$*4dEgoaR?eXTA)2>9Em591#3Ys_O*|tCjpgSQX%h zrcy7A{%-|u`09bFrQa4l_uga)^uD!x*U^ad{|-`+7;-5%8~c!PWX(z%vMA&pCNfAA z-l-y5_o%S?a-nddIZc1jOF3Q6)#dvKJL&h7 z8`bq3-_iHNUo+c&OL|KDfR|g#w)lsZ?kEDhIaRYO$X3#@UwxNVeP$+#yBCgN-idm8 z$Fh1`iL{zU>V&#@(&v}(I8hbYN%Bw**EVpY-~ z+Q|(QqcfCad5J20!InCjx@IdC`TfJVAkz~{8fjfm&z>7sQp!z`;T}~q zkYT!@w{}f4J@tjQ|g}P4C<@uLsnWlEY*(jt**ap z=JdrAEsoar>(m_k9+*x(nDj(XP%HWVY+y{75mVe{i??UABlF^i%=0?MiMo&{$v3a_ zRW!Gw%z7tWVVr^;2w3u?#`+pg9R)mqpoURj9&c?}>0!NZkfmK^zrjImTpKG^_89y{ z$iix?P*P|_^9@O59i>jryIO4JP0=V#TLbq~=kZe<0U(V!EY4^JeudKBOwYJ87B37U z=}xB2Sy3S+Fc}PQ+e05;rlm!E54O~h@B&lZq22F6+#b!mzUjt~J$uRrep$A9b6|J2 zkvV~frznAUWi5D%l!lz)l+gceTB}5s-H_36y0c)OdPT^Z6AdG7e(9j& z&_R$zHa!EuP;`f>Px)$nI3cY-HjmK!$BLAat-M00coo0%QtkF+ zl{m>ZMuwy5@$JPL9O{O~8bwlRip9q-K0eK#J`ru!#gC@To_ZZ(b&RM1bzM(-_( z*EuaVyk;Da5YSI7@3Q!K4bJ_{p!Dk1wemc$O7MuWtaB)QOTAHjbbnNI_gHOgh33{H zJn>86qPUk_2O=k{kqXes#3^^;^2?}+^(o)e6s@g(^;U?#`YaCvrF6kk@Q47yUg4BuLN)&W;iK(qNr4 zcfOUqzO5J0Kkt^VV2N*VAT1ME>(n!~7QrZ^&WJH_%^Q7JYI2jP9GY@ulY2hEhspSG zUvTO35q12&kmkZk_ltw=FGClKe#H$Ssc51&m}7eIVaprm03_esO}9<78tp6E+l9CU z<@=eUSEdzmq&G;@%#16U1`=V<28n3srq5@XHxawCRF}@ZhhaLBaXbU)t5t#6-6@cm zNP@5ekIn4kcQv%6K}8mZ}<4T$WFQx5i{oyh_xl=qxLDLyI_9N8-w{C9ue7 zic*6R#O-g%#jy&D-7Tq-G!lZ(VNlC@jJaABs@ag7l-e; z$yyacZ-c@Ja?2QbzWCGtx(yM7i2VqiTtiwV@a4(TmLdBFR zLd_c8Vhta5P0Z(^_6J4-w@bAa289Dw6Wp1tb{We2R$(>~Tf9{`3L`sQNZ=w5>?ZXO zseCn#a}&)3d?!16APM*U`D{)B@aKo46IuZ7Dh-Hwngr{N{o7H7kHdS_NLh2iEL#=? zWTe6Fe->{xYXS7u5SIi!vKYko;M(@4%+AFSgt+ndX%NDv)3R~o!VxUeK zFu|5`rcXWA7fi;^mu3(n^>1y@RHG+VahWHBD${By!?~N^d-RY%v?P>qvTFyCd{rnB z&v087SmB0;lK35x(~}2ssPT{6I@O9gZ4BJo!u9W6B=Uqk963EgbodPz(PTj$^Xg6W zq1)vs6_i{;Db}`{96Lp>-IIQb2kgf}PfM28$4Vp)%X=PO;&n*@gM=m_mvrqMT*R}paYcoUs6fM zn;a{C$NRRR_43JDFzE{zo^yWpasFwyJh4%USU%beBq0u(iG1i%&r{D@?oTc3e+APxS$4XQC8|h3k_B?K zz-Pq@ z7M*~n+=P)`kl3Q=>+(PQ#6;m7ZpX=_)@#%Bz3FUZQ}`QT``6zZy;0|0lC_5p&A^Ip z`KPakP5p#G<#miPV@!E47TObaIzU_|ya@S=%pz&n%OGG2toCU=_I;3hJb=H8+p5$? zGMFdjddtk2ghR;Z*ff>;%EzTp4T&Iy5_JVP$D9c@*I*3=3D1=J{$2SnPXJtJ`x=or z&qnZnz|GIw_ifuMvpg%@m^&R*9pI}nE8Nzl&7iT^K$0`JvQQAvD9Ai6N|l$=_O{hy#w|?| z8~$l7U3%1IEGiXi^K01sZ!|Yv$P*Qls1nmkF8+R8#YF+{+Yl6?5`ztMqQRoKmic8@ z&(FCH_WR}FF#;R69CpT|<={a0>+=%*mti{AmOwE77u*_dot-`kFU8vQ6aKA4eiE4c(<9MM8Q3LhgTN2ws&?y$MkBM!e(5A zD)O>xkOqx*^E3hix?GW0e*RxS(zYYFDf-@+t>Zy|U*UBXm4qJHM6uO=VE)iQZ{xp2 z4IpZXVun1w|JHFft#?VvTswYoSyyrc8%ihPH|PCmeqHBi`2E#>Xs1&3l;v2loIqT$ zI9JerUIq8^RW=Brzhfp}o(ReP%U8+nr~Ci$D%Tum4>ow&PHN!QR1Les&rOC>>n-D{ zPy`Z>a{-)vVB>fSd$Ij38f&!;>M!f6Oa!Dt+p0GjXb$_!qwgP|TLI@dsuh0zzr}`4 zv5}4n4LMlc5PudnSw~n8Vaz{H>gjZL^P#G8GQLD5&L=aCT0}5$GOb$ zo^b(@QE&$sEeJNYtG3V&U+Y-&nXJWUcG*Rh1U57MS@DIg_fv#lg;VR&EtkFJ&~-s) zz8Cc)g)@L%v;-AB1keH1H;6^tA+E=ImI_N+P)!k7{Mb?bo%#8Bcw>qOe2%8&q{Cxz zRkOrkHv+g))E@PGm$-3`5)^`px=`9i;P#q)(|T&O#BcMXJBL?K-@MVnX-gh}L(;hKO}RX5$D_An1sa9h`q=5*^b_(kz#)}LoV?lr zlFwCUpc=}H#3N4%IGUcrax)pY5o2L2*uBjAjm?U+8}A2IfCbAYt)AA6)EIlH*5v~sgOf1Y%}X4S+1 zfL=+95B0i^Vb*WFy#)&{;g-1dBE4QtgnpPN{c4Y1CBrVkIfI?Yp^9umRdj04pf96j zDoR-}m)-`;tyNW4{JD=M+1YL-j-RoP95y&L((-qXyC-~F5y;N_-AUO@1zLkqjs^E5 zE#Wsz+(aC+)!XnkyBMq!GJ4LI%U@=s2kCf`k>ji3)231?__P*Y9J9>+# zlR6WKKYi?c_zV$j(qr@*`fS)@GA2`-Nghw7Hg~-$M|f(>f)^Q=3sIm#ldNKEfvlD@ z2#U?PIAxv|JIE<&tcIa9xfmQ`^6M`*_8>M+BT9^B1apKT0$llODv292tSeA{xxqD; z<<2npGb(P~38PKkykD{DpF|W0W{C0qsvG|w?fVO9pSUXW?AkT~@AFG&7((3}viKCzF?04j zh=kjbXT=T?#=`-kp;3SD?;mCp)({CBSTqhwsI7A?oF2`mwU*a&FjIkW>8-F>XmVN` zmwfQ;h+YjW$II-25LbLsl9NF0CbZX-=(n`Ki;6WDlEGprQDrX|j z6#r;_Is@&$sIn>`{rfzaTrdInQlTsz<6GwaiE z4aC>IqgbxGEK70+WIdyj`(kzxfs9#a1$(Q6*Qtw=@7U>B%zSdQ-bOPIw5!ka}W#JLV`H;Fvqj@$tS{ zgKcZC>}YFlhp&~sppUPAv0-B9A;wJ#C3}C!sr|V3v*JJ?@K|x=+03d^&py_E&SFrd ziK3OZ(!PO|FM}TjLua{8W>SB`=;BD3)-4)!@qiImLBPW9kv!Hc-x5g1&(zAAemGHh zlBc+_Q&NIxlOwTxwevwGPJdxpZed}?zj~JyH6yL%DFuzRkwN2 zk?pV?`dTIVSz~5BW!ff8YhFN3{BiNZ2{J=7!j^M?sW5N~UR~_yG5O-mwEx=vjT3ru z_dK`x+Q=|hC2;W7w1x5ghb}8snT{tf02%>*Ul5y45ug9mj{z^mr?l<#P3zV(EPrKr*gB6`!cq(X)?~g z=+ejPvx~5|5E|cxw_-Sc{(g>!cZY8R*4k{)_}8r7zZG$a0^rMt8yzw6aKQ|F7vr{- zSM3uc7p+Oh9}UZV{Al@E*2S#(O1FD}a-x8p!s;VZiV>@6PF%|ehFj;a6pO~599gtP zDW*E#7q$pM4NTaJkbdn^9xCtuidnmwmLCB2(6AChVDq}xquu$dGIKg7^}sBJ)6a9< zrT{nf{KF%&i(2zT10Q7-Ty5*q22WmXu8W3yoxQ+0;NU3qXLedoZTX8jkkNawG_cBi zvJ`8tR1k*5T1-^w@gQBhEoZPzg{+^JzJ5E#S{HtgqY32_G=47rM5b_C ze46!+REXAJfLt?`hl>2N**`vdMxd-^VU?F;xN%VRy>Z*1%lmiN|6jb5NtMP49m2(c zwQ3iTcF?(-s+}oEp2}^Hi}+a96`dSf^)I}R>jDo#L!I_NJzBH!77@?O(kq|nZib=p z+HIB$TAc@w@V%yVDOOp+CU2#ke6*ImfB~c9*q^WJcl$Ddi?{pGrFg1G&voNk4V{{J z{N%=V`#WmPrEq;r63R{cDRpSlX36*r?==VZg}H;|b!GfI;NEMXH9Cw!cos)=A5NOMb@){sL(qD8t?8y&|4vl8z7WR1~G z)89~1qt#?`^*aKlY;Kkx%{=7sn0|yRs5ky({5^d!sA)A1ZAS4*%rZK1gr}vdJV<(Ye*>Cy2-l1SZG<+ZQ6ik;}~PW>C!p!IqLQAlpm;RBN$+eh1zxW zbh0`jda72DKupCkL8r>BTdk|>l9DxO|7qdApPl_)4X+N@uzJk=I~{bcLf#oq`6QTh z;9(9XnaDXA#~y|{eLt<6nAv^=gCp;a?sc|%1>UNly8U~K<~LS1zy=_h_$b~XFs8%c zaF=oH+S^GZul!3&?Z0E_e|~Jt0Pwbupoy}zBH`+^A>01AFIx0|c(mZ{z{S(xGdES} z^mxZX!9Cc>fS42zCehYppQ@WE=&{_|VD7DdEHQjhcxLaipECztWDdK3jW=$+SNrRt zg`2^rL5;=Su#TZ-RF<2Y3|4`6DTE{yy$8jB_$Nc(?-RP*g9~c}=+coV;y%W!A|goS zdDODhhgTo&v!5#o1kXz06DMyQ^stBoO~pUmV*{D7I!spK(X58`w8&B^XZouI*0MHY`if0s^&~Y4Cv)}`%{5;ru4;t8|%y?*104USAoQQV|7~J7zA=kd2 zmf0m0qJU)MpGWo6r@s6d^3o$aS*HR0Pcx&f(Kr!7w`FSA;K(m+*Kz;)8|w7u0^QL8 zxi^_K<(-W8X%*ba@kFsB;6R&!IPLpK&LS8~Q4XDgQA=q23ALjON73l))O>vX`UyFo zCMveXd%e;)tOQgh@c-%oX$|*824~iqF8iqM-_YDQ9G?eNf(rTwT; zsgT%iVjg|1cVUBxT@ZlWqrjG&Rc}_q0M2X7{?Xl|#odaQPLgO*fF&`sFxw-7h)0}t zE8AW#%Q-$v&w$)C8ribT5FJ9?t2`;#xtigwY!-R*V)G}1yEg% zN}l)BlpNONlsK)ut~%Y)bn*Bkbs0#Ts^(D`gn{KYCeq5BK_{l0?^Pg=7&S|Jw97=` zru`%Z!ZHUxbus^CGz?Vzg_+oKj-~M)|M8+(3tguF1+mbvQ4h9Yp-f+EEVge@eE6B~Imbk4G(KZ@dQ>KlL(c zV;z9%&FY@OO#gJVzI{;*=W^#al;aWMEAQVw=%EU|k4-MKUd+Qges zgsN>8QC@?gw3GQdiV~X14zEvJPzp@*Rt2K>N=hw;zT}ph+P{OVem|hBx7}*>9}o3_RI()_tOaCxg?Krf5R{^ zTCmwLovQ06UE0DSoUO2FcUd2S-BQbu)m{yy3(|+lPFmgNHAs?3Ji1=9)@79*t;0M+ z@forLrurKkyy@S^xOnLU4OJa zIWnG(&C#ww2y^N2FQE=+H!WmZwMLjGtVYVt9mGf}6O)7DG$W;CR<5Se_vr{8sCGOy zs3S)6HRRY%VeRm18;9mltb-{^HjrrNAWqZuJ##H*{hlue(5-_@ShbFN<)3Mde@d#g z&ZY0RInDYX{>(qcwJ`!Uzs77JLUozij>DG9%(LO(Rya}JojO#^)l*8Utua0sj;1H) zv$dQ^r94p)1uN+x9(SF*q~~9uMFb`e_q~PRz~||UOk33z$I6u0a}Jy}x@q-1PN0T$ zG!cMdx0I-ask6|8icD!n$PCjE=vLcO?F>>)Pn}iwO+0hbyJ%+Z^^3jTGM-iq8GW|p zoU5TjuTt_}H+syK!{x&;4v~u*P<2!G6nAwJ%;Ip>{4eJXcs=lwSHjqo_4OJVZc7BQ z;8Do)7xS473ka26iFfyg^B91D?NM9SkNH7vm!ZI@&7K#3O$N(9cj#XVmJnAw!MF+3 zde9(dn*wK7`QtBsdw>SO;!RDBep9|v^m`XAq!u@$>Id9n`8{Uah$$> zUN=rF+r4m79mosxNKy}TF#TGf^|fTHkrldc+H$BM+&mKmV;$7LJ}-7_h{Ue*pn+p8 zP<0Vw504||Eq{<}Ss5PVWDTK3@C)r!Y^MgxJ?fPYkC zn(uGHHt&f7`_f*pbrY5Gv(vDR` z>ii}qZGuUbvD)MPi zxV-c}7N+&nlYdWV_tEhm&;F^_e)zX&mz2w^*_qXkAkGv(44jiGt3+T)A@MFr4=ZnJ zEu%DFqabx?qnqP(t)hvY3OYQiSDQ_%D5^PGmg!{rN!)8n6>^ri(^s)}`!GZ~nd>X{ z{)UF0>9%IR(sbUaAP3}{sFmF$_>3cWJTaQOQ4h$4^Fu({C+W0i#c*q6U1^JGkwrpm z@QSy(@=T4J)DBGlTw)~TOWt2QTqUWO}V(hKslH}yOT>ZJ=#0KY~@xrk2 z>r0&p_LggY4GoUAft8icTE5mX2j67lT}_doRpJwVl(@BP*G|nhg*Pam!3Riv78Z`O zz@yJo$o|s~iz0d@hQR|_$bN|6VPVnh76%fOfnX);W-*KEELnqj?`cyU_&YudBtF$cT?8h6nGGilRYG~%sn_=|J z!UB8jwVyH_Bz}wvYVJ+|HEvE-0A_5VoAd$KXXy*%r?X|W68n~|{st$lsp1B`N=^1m zz_7*cD}T2t&;73W;WPG8{%#=6<%+C<1TLr&d0z65f~o(my%8U^R_6s|^Pw0}8cYvx z4i*)$NO zD!!kfSNP?PV3VnljOuj{`>q$oJFW=)TEq7(8~XPjA+nd~Je{#aGzR>GS&-wFd+BN2 zMYN%`sLJLj_=(dp!k}~{Ys4$fQnM$VK1{!NF^~H+Fs@=?aN@_}L$>W*0<(IFf&ArZ z(+j<;m*?FK2)MgDcj;e~nLU7HE5yM!;50$ivd2i%Jnjv_^7YV8HA~~xF0D#QXuV$1 z-{+c4_vGbu{`;%HuTlW2?QkfH-z=?jfd0fF__lA_B8_b-w5wRVuk)WuOc|JuomULz zDkyL<*Ifeu@N8cFqmmZ;SEVSM&!&fR%X63k{25wzth_xaraxFWC?dPhtt(M@o1C1* z6a^h?31@q6trc&0YyQ5T-KD%9_k7I&I81{IN5%b$WwsheC!Q`2WtV>Vyw z0be4Zv8+T2RZ4VCPid{JE(rlLO1qsa(OI7WQx<*~?xSeu>q=~1pR8??Yq!`Qnb{SC zG3XMe-4x@v&`{-k>@dHw=2Q>rKPD=U8lK>;hI>w1bknNKw*h9MYz!4MZ^SAr?!{Nb ztkE1Dyq#UUuHIMBw~Ci*ze}(^POTfvNsQ$b)hMPL_>7FhaS;yKuox%bs&7*2T-`X| z1P}n;<0SSp9{)=OyzZa~(SRhnrg-T)wBer%pcmrWUDvV_nf>tNUEQKd{)GO2vx1&L z$(^@-?af?eW~!rIcqs6WF{Jy!Om3H)1Rw^F4V2jWFylT$!(|!MK%|rq9IFj+XT2N<=T9f^~S5RkkFKju4}qe;_W(kgP?)A;BbwMhx*yUMm4?5U%F5qr z^kS08pM9cT{ioFVcMSW;;vK2oLYfe zy$^_h(`{H3rh~85P->!OfUc)5C2HNl;;Plmu>0y|EJz!-$Qkl*&QFwsT2J0GY=eGJ z`l?)mB_H@~(|!mV)l(Da65jk|Lz4qS1LBNLSa?G|(owTj86fkA!~o9pI8n5McaE0{($F2VXuHv*h*vpNrJiY@En2+IkbVHF$tNrQwlF z{pda5`V&WyUA;(rOlLN1HA0%};D21r>UwplN3RdFIQP80cp!EIfwsh|L4J3cPM6l~ zyy1(2-T4L1V>^x?>ne1tGwqJ58|;T2R$r}~FqM5d)=`ShtG7Gh=;w0RtXwB)v!Hn* z?&8rS%x9N;c2Cc2Km179t)kjv`lXcje{|NIKLUy&<%i#&ejXw*M|fwh=^i8LKNkL9 z-46uqmHx~LPI)T+u8O7B?%fJ3dUf=xVOa@Z5A9o@x}>v*=0uaqgBI{iG~;jw9t<}1aeNt8tQDd*$kgp<`$bI0`z1KkzUsW}*r z;zJKz=x4GsWPY{;1VRo{wU9k$?REh&b^YNA-))H}1E9DIe>WxL+xvSx1MD%ins2oTcN={v(k?DtRA1xT?9b2YXTQ#OR=u;gUo)W6tIM-xnT!7L z*xssuy9u7hNi!t)`Yy=KeIj&^dtahXGa^G7Mw#P(^exPt{R((g+uN9)@ZYt(x;#V} zs(60L&9_SbJ(IsZsw-Ec2mr|MhWQLTnD@QaFk>uLQjN9B4L&Yi_SVn{r>*Iz&1<3( z0k*=K!#E`2TGfJ6PeIM8)uc7p>UW9=PiKV!%%|(s*z>!UZgmZh6zx_5F8Ry(ML`;7 zW?8@`?|9WQ&}P)FLkm)~3I!@60RZ+uPTZ~aj^sWC#-?<>6dkw5xBJM+upop82oqP#2n zc@T@};ZZ)0QAojrEba~bJg!bUJ;so)EPI0icF*7+L$_cJbiHei{O00nFbECQGQQ7q zi?ARPP(wtw0PZo6Mt>(3EhjAx;O4n%Ojeh^QC@U`63Eh5>;sQzmZO|;tA^&$av#-Y zt)lJ1=*k@#yX(gieV?vVmx>FS$RllB_FJauSC3{%ev0%wLuoJLsMN`0p4_NQ4w`It zoBmRguQXP%6n%s1M&<%`52)b*%(aVj>@`%fLbkh0Md_Qg&IC{J* za_4A{o$oB^xyyxV3vH;#EPn)&!6mPUXt`aEQ#Y>ly%k3NelvI%Qah4mr(Uqs)t2tO zd^KNsExy+A$(Ey`(V=*bgmnJ4Kco~k36LA`c96X$g|W8ZjvV_o5L7WHOzXMqQ&qh| zTj!Gc6S=e$b+8%3Al5O0Iq8gc-&dNl>J0(GPp{|ioByxBG1Di5mnx;0VH~st)9sH< z)_1GJzyK|ZiMQ?nriW%8v01Pux{?uWw@8*_aENXzFvJ|_+SYRK)(7|7ROB8zZ~Lsf zE4wESI>u)lja#$1B1}mEXEfbpK34O7iPHtE#`zj;_gyIla(-9p%d9fg&$VG&s@Gv8 zAcbxI$G#X%Mi^a$0{a3qEqnB0Q%vwnzSBX6WkRe3=S;p~Rt_yQkMrTXcz%x-bLk6R zi>_gXZ~oovG@v)Ex6TZJC59-@Ht(ddIh-1=jHP&&nkoz5Q(>WV07Znia&$;_`V7Hi z5=jku)COp1X=x3Ff9I)_Q36^Od(1fUf0G+20J3nSKR{u0>`xbRm?CQC3y9F|4G2XF z9?5bIk9$^DJ|;r+*C2WpVtlHNr&8-nt)@oh^D~6PvcMqU3vLq==$#$pmRM)<3p^39 zYef|mke@eEFZximnvMYSEwVgZPN_i-=bu#Uh6o~9PE8Wl1^0>!;}&Jiq{jMFVp)|9 z^F6clxDxBn1L}^~d8_lb3=9)cF#!cv!J^KC%%nA6ojgZ}rk&RxvBX?DipNi{@2=3| zvQ0$);DX@;CcV>=6c4D^09^-A-3+mlMZ`YPI0q=sT^JSgg##^-fPOwS+#Ux3B!aHb z&JQgLq+L%OXwW}D0Ewmi=AK&hFa8o$)Mf_db--F269(-*a)y2W*kX zfcBtZEIH5X5Al3p1?buKlACy@bj+hygB^x)gOP3IpaLQ%5aZM8J+LqUshhU0s926y zizT|ec%vI#d#a5+br*$AwQ-<`SWeHQRTq3fIyHo317OiuiZ;3UfqWIA#ZvV7HsxUgF1u#~FY}Cpl)C0GFW|`;@>t zOhX~QzJ`b(W}B_D0Sd;g#>&k+UKTI90ktM2FZ+B`dnQ8L&V?@|p$ENE&d%u~pR-~3 zHv|NQ07gv4SfTccybIV_useDof=X{S>@*FwD~KcuJ?>5l^^Yoy$sYkt?ji+&W(#?^ zXB49BrP4X62xVwBAbLE$-$l=TsS;y@9aC+(v+;_c%)1D)a`iK?7IfY|-@N}Lz#F1} zKJ*^&xXXUdHP@E%Y{n=o(~ImmXnKogdoj%qEsDOoaS?2?;(YL7Bo?Zfb$;RYoss&B zodbF&0X6RU>sFG%|9j^OX=dj&2ON6Gh5?SqBA8$In2%TW<@}sI;St4RN-YxR#I{yr z(4Qjn%4DJ><&j5fxqk0v-o(Lhfwe}Rd(CNytJJ3x03xlnz`a&mSF69NHlHpDFYyz> z0$)f;JeCKl^kdGBCKMZb=Br;N@Hq(GXxJ+RIJm)v`B91|Ls@CmQUn`Wv2ZJP? zGBPkIX3E?Ht*I4-14V=@4EivL2nIfSM6AP_)P<2=NWVenT6wWk<9Wjcged7X1zpeu zRTPU(_+1*-cf+AWBWmZtbtj&|sgw5}zs9Aw-Y@(Vy^b&ft3Pk=i`4B9hHf7eRps03 zqw>WRANCkzOx}3z(TY5K=8Eq1ZcntE3px##8e^*&lW`2Yn4FnRaGBXHH=?D8OMph? zsYV&m)=~yLP|}CfgZ|UR;TuT(g)*5|HM>7IYH*c9wf61P(nt4iT=l*EUQRrm)D5e> zuR#{py?oa%ASkjuj`f0cCLl6=P)o6KNTv3}oyfT+kqmYDknjft>9qtAzIke)nYY#? z<&(h;((U(?qf!4yfNKo+m~RXjPHy<@uTUf=ZuW2aMZtmY39&c)gZ!elmWqZp$U3ei zcgGC^DWNJRj*_0 zqG4XL$9dfYCZ2$Bp%)1ThqIRbsU|u$D(?3q-FX3sm{Gl2sQ%c}dy~*`W$h*@HtC(* zwKn;LVm5~^Z@WyX4ccqee3TvP(S>|-tujP>00I5b-lAUP^ii6oNg81`2svIXSj-qc}uo&je$RHuzS?p+zDa=)Vs|y)FQa+?X(Hjslp% z2(SkUFi&VRf~jFE^qN?BZ;i=ee`*|SvF(mzWfNRAM_o3SBcG1x9#;ri!nj1}C+}OW z3V#?c@J;O;2?JG2SoR4uP9`*Kkzj^8G#N;9`W=76NY}OU(`t(b5sT6rC&$jP)fV=2 zmEB{_xY0+lV0HU*$bL2dgD-LnDvV4b5hJ6cs8!Z0u|TP}&aN}f2mA=^EdDHR0q}Eq z1rH52q>jmyOKB!Gz8G-V(vsZ7Mnnt@dT9L7{DS3h&>INo0cKNZ_Hkf9qxk1G>MW7)2I*QXts0Ac0cx@_pOOW`wEos*;IpGt>Ww2x&^;_e*L|W zhdHV_Zz30){}?U-!bXNSD`A0Fle{q@z#!(t66r-n*Lf~XXA5=&iUz`5W@ICP6yoBs z_8|JR>42e)Vd+eOT~y)@mqu5Hu&dW_SSgAv_PR^?1ST+4SkClKb~hNY_*ZMy;&)wzbyVqSd=7%sXFZuZD~M2wWPuK6>WcLI$JHu~m>*P%1Q+ z@Sj)|ef#3=QxUT_-efvjenmxUmeOIY-!PVS%8>iTZ*)YHmD+F)Pm1O_W4da&^`vTK zQ~L7_h~xH*vcpEBja_!(J3hIL47@;xqDe^^d?##d|8Z_%Yi;v@cY0Nfz~mkX1d=MX z3E$jg7Wv>Tv0@8v>Fk^!ifkew)%HB;YGS!P@M|aE##UhSKe9fU8q=ZR*pKYe$fs64 zd|CcZZ1UrY^A5Tnq6LX*?^eXT0rz*B2}y3eQWM;H<$u`R*~b8aU>$F^^PCnR6b{je zYY5BP>WOp`JQmuVYPd*d&cYhBDo;eLK8V@wqM%oQxMUf270lBynCeO(BegWCE(L>*{VC zM5`trb=VR>2#@JIv#8eGC$8f<-K&y;fR^coEBmNQJSKt_8)O~8p*p%l&9?zIAS5~U z+;JsI)=u?@HsN-w7;}1LR1--$&Jl_8wnod_7BT3OHx3s~`{d1^uGibvg+;1JDNbfK z&~8q0^_#E+F#@L9+Jb4R!GwvhetNT=-M})4X?xAb0T!-jr)72VF6aA`2K$k(T%EUofJ-bJQVOo~I zll*)9x-Y0+@q~xVd0QEsjS5wf+CmL;+wX}HU!!JLp+MoxSHI;H2|v-Wl1zDe9Xb%vR1WWm48Jz91S=t*2{Vo8Bm%hGAJyeO8Ke1S z%JWYoCB5%J%ZbOilb?LQ3Z&bSrLK}aj!X^b>-aH;>lFSYZipm1f(lsojn6lHV@ciR zFM3kX!JXggb!P)EuR&|xV!K_v8?rE8v%Z~KiLcVCBK{0XUbB}#$WsSCiCi?8td7X# zj(mdJk7=EhF*1Aim+kke1(HVIwN5g-ogXeo*nFw8uY%k8izUl`E2V&BfWYQ>C zjquf>CVA@@^OdlbJiiPzt5Hhc1CobCV!vy}eu>tE;GvXztn$$rCSbQ^Yt_W&YaoiB ziMF&ORJ8PW5HclhGYYUCBp1QKUWjZkN2u=9xHypM0p>V#zR<6EuzR%DXzOwjR)v^P zO`_qWlpL7U4$qdS!D(qWLX+C1b$C<;lMV6r_utzXlVvq$@{hC#7XdiyTQ$KCG$NTi z4uulj08*a*LI_zududrENP=a(>d2W8M^4Tu?iSANS&%mdK{#*6HJ+e)d`zsaA$p!& zFyISOOgQ$`x@(mY6sWryBBVD%M`m3ciE7g+~3?MOMo?w|K0vB9Z265 z+(OUSEEi8C;hJ8=)T+|2?>#q)hkkfu@D-hfvHaquA`A_ZM!- zbGy!2`Nksm+aFYcPs%H+#*n+3SY^hvZ#{2ax16djsH#xLe97S?NpblKzroO+rvTI; zM%2!YZ9q@3ZNloS`Dtl&gGesK&L6u-v6ZqA`*dYe-4Y6Fw4c|QR1WlC)v~_-4Hwn=;+(IY$^%L3L(i+pbyFjXdzD|*&0|2&UKFZfq`T)Xi8Mo!N zc^<=5!#<|g_e8LYw60fQT2^Iqiia!9r(^hWkn7B(KW}t_gNem@_FAuBQrsmMN%Qo6 zfwF2_f%>-BkOh;;a`s67mwP;=W{j)uRBW0-Bqu=e|4BZ=$uRW}gR(rzDcD}7Bbm(yPsLZY-|q>7C{hdD?_1WsH{>Cnt3q#7n)n@~LAy-5T+b+ul#-B*)Ke`g)$p+Y?|9;G$993PY&j;(@MuHw<#o%yvhK(Wu5lc$ zNMJ>23kAnOT>VioU2p3CDcys5yM6xBs?TBO3+#<$8eE&&Z0>x>>#*N66%@?Tw_*5} zl%jEJN@l#=G<$;dIgfOc1S;YL95yquMO~4TX~NT4b`uNZ3yr3H7}G+=Mpjt^VBm85 zXl@bTF)a=Hu{Qk5?R`hI1fqcsVU)Z`CP>uG>j^{9_~9;tgd|(y9?bAsAI@(@@JKpY zHMsA{yoHgA1-*8^kFey$+SZsZq#>#3k%_#RBr2N3&TMK&6#XHr&JF3HCwiNhkR_`p zKJ1l80)$wBiz8Si-TH+MNLk#D&+GRx{@rJoyxfD$wYK%2`{ad&vKy7}VI6JFxGD#~mO>AM8LCwpw&1$#?3>K3u9|YHN;M)xc1z#+RRkANH@BI5 zp!v;wvLCExm+Qk8$1<57h=?J~zmy>l`1*=`?JZ_BV>z=ytAq#96M+3{Uk%jKAB){D zL4HvP`zq1lwqnw8G5V(j0f3`Wc>FcG7`A)#`Gd;;5d^V7*6>w_ONG>Tw7)v6`5Igo z@H1h41;s^JiVjp~~&2Q+!AUl&!yX@f}bU#yQ&lh^K~mO7VuWiDW>KF^ROh|2QCh5&?Th#gva z$4QYK#5988ZoF^o$CQs*Sxr2D%tv0XY76~Nmz&f}k)J2{?!N3HvjcCuNodx`ni;MhB=Oj^`3TBXBx%ovQ}kfY38^1-r=FCw+IV6yn7R-stL zjOMDf74`R!NLo>KAH*LPlAA@ zM77(rrEw+7#%>>RcXSt0L*c=RNC+*VDKY(Z-y`K>4w()pOs07%Ekm?;#tw3{QN6kwe<2ik}5f>^Y^(O z5bwsWTOPZVNuSKJ?=WhQn&%f^*>75jkRrUB*CRijCKtUvRYoPOAsY|aYFN*VdxV7+ zCoHHSZXpx$tZ_1vR@-S&rR6JAd<lhp z-n_`p8ILoQN9pQ2xVW6om6g@i_X1g!ZIGKf+&1gj+<+%TG76Q#A{_B#0UlYl7((|l;w|nw28c{g`bTa0y>)OC(M0(F~y*RKzjvt14;1mIIPjv9p4J~ zk%=Y7glf51#@Z&0ZItx?u4%;+PSj6SmhJH^AjZuUi`~|e)0&vM4VC7(^2~eLTWLP~ z%amYY-j0qWF4&UYVrR-L57;u@Cut67wJg|Uw_kUkZuPR2nBM7s{(*xVetM zGKPYA(#&inKadEzX!ht;Glp`dIXD_fMTA#lk0@_m6NH*^;wQUiBUKl=@A@eotDXdZ z2vTupvC-oTPj5~n+f>YbW|N~@^=9)pW);LTJXH_YDx8wXwE)q&lJC1as^LCHJ3Nw1 zZb&)=6|L6kq^gGqO`-OaM_w0v4T6JI zBl~)#Lx2{Z`dHn=M=-%)n162|!M;joWXNrnPJ;97i3z7oTC4h#(93%+HDKPdP)?83 zC}$=Q{An%z=`^oDc=&3Vq{?BfT!hNrazs(}0TAsVUu~4-z-}HpY~@c_@QZ4{egov5 zr8rLyYRpe9vNm5h*}XbEc9yCkkVzNLGwjc?z@#UOuk)?NCgr^k8nJ-vMiq%aeF;ft z*ixyXPZYs$lWegy(6^o;L&%qP+{kiR?c$E9S)kMS__AO#1^iY>G9}B`*WP$a+SLJQ zyk712acy65X*R!*wbW=`|KWl3?_-YTtyKS1B5h8kE>Q!*Efl}BRnZS9}`nZR> z6vjQ?Wj3_e4=qX+VvbUo}j()O1{2 zlhZQ$B&Jm4({(d2Xe+tvToYDm)AQW2|!0avgvF{XCe|2f?LHRBaZK8zp zD$Pnh*qfF=Ju1MnnLyET+lwHwYREAO1^kW<)i>Vw{!3=}vZRpHju*)W$9|0QyjlWa zkJ!n857K((Lpy*PTsSEbjDmLvpN8os(Z2NwWE<-RWWo?s^#;~6pt3n#)ouR9TZvAt z{luz{mbctecBG%vcd7Rr#1c%NMxCNgzvXdIb_b-(rbU`Zj&-*Fb_KEDMU?6;70WRJ zj2kc*2`WGwi0O%+$WG<2d@?5%V}%Q_yXE}#)1dzImbG8^`U_4x-=OnxFf~*vf{|J9 z^|578y{~y6stjtL-%Wv21n<$_1UZLbSHYI74B1D-l1#OZ3?r-M@)Z~O7%T4G*(~h7 zQ&)aA$ymo*VJFCoi?7J8z=qfwbxPUw$WMuh*tyKw^$hd6v6Ky)qi4xogI>pt$E&xr z>`&a-8zPDXqD_ZBA7{48uf>n;H|KcJ*l!zG;gY?uk1;VZseVV|?|!V&$}loD=y>pn z=ExmD_iV;Y!(c4Z`#69nX3B=@aBNWv_{T7!NLs zb1jOS(ALp$kRa%4F(_0Ei<5Ro;&I!~ZFQ-{_OR%pN0CPr_HSIrBnZEM=Gxxb8x(1q zA^fPUmqfq2H?3eRuFG!j_rN3SIiB_PZ;bbEl#xd6>xSLB%))Kbp>DJScUkS9XCEHB zaxbC8aQyH*^|g|vs}PELme*v?*2n8rD2s?MLXvW1A-H%3pR1Fkz4@}&rs>w3iuthz z(RTG*-1BP%Ry5+M)x-ry-o0~nnQvKINZ`^{txut60;~AU1O5b2&xXUL&Vdz<6lw!= zggDEkY`yocU7Sx8^;by6nY-jAvhZ_>)}Jnb^TI&OOX2b1)V;w(v`HR&h4t-*MM3%< zU_)r9q}cDS1LvK?7cjY0fq()BCGzYNUg>P)X;Zy1BjI0(CurAOQ1fRAs^2eyD=ie_s2E_?Z|j^3(U3DjMkx@^LJ1n6wG zOD&ryKy`_lV27jPl}`faUyH9*(>|AeS#S}Gbz;$>OlSK?h{kC zWp2r*{;SDP^U|wP^Iod%4Dt3I|nlxHWfyfVj>ncdPf@Z)W=@W)1lHfzAX_U z>ODb68KclekHz&$Rz5{VMMGA%qbl1<{Kl39BPOHneS>uek~L%Ftxrn9STj0nNOP)hJ=R=4Oy4gWhx>nCGTJ{VW-Zu`ytf7diO>c<8lo@ zt!vBUr2(rPe#>`=OSrIV2WV_HvhJ?gZ$msYgsQ{4e+^NyYGYt#cTpuwC?lH8x;HCQ zyg(2pQGpKeGBq@E%W`d8U>llThEzqf?+YjQeuwiRjXnNBA;&APhYXprIXFP?DHBdWt* z!f5O5-7UloPBz16s|#FCxU#;j1o_`S&1_#oGkd~+jTl9kN9iGbZ5Z3dcYMV@R2hqGFVOQf+bTp&qIqY6wO z16e6J(Q2G2fZF=8ZFyig-I?=Y<@Q`lETiUlS(yVR>d@?H%gBgsC0&LJmAp=eCxc2` z0Fw>Lfpx}f+e6i1O?%-cZAYe1!u^oF<5q3DYggU|8;mqqy#AhR9o|}hgd;^JLpMi+ zCl%vl2j_5hV3mO~{SEOzGu?LJpk-Qtqub|kP9CG-#ERTa|3rn;s?yw2H}4n9z_ec= zq^?BS-S0psRpApyK#h7IKN<;j96(VSVsfHP_3`aM;C44<`)j%h|9#f;{=nMM)n$I$ z*E>2ue_K@!S^vH7?6+sk} z^~chMiP+y%&@WlOPnSE4B>* zb&J>A-Jofjle<}hyo@A*!=AtR7BW|h`~J@Lcmk}ru(Kna(?!<-kk!Y;7}>7sr7tuY z%Xy(IaGMey!D%&~eGDF|?AemVs}@vc z?vl>5FW;*>!@jz%rqG)m@d~8xIQk7o^%KY8Y>uZCu$sZmRB$r#Vrb~7CS1fuLc-xk zGIQiApGfJIB$Z9eF^rYErxykXEfLNix~UX0i*W`Drx6_NgkgE(@osKz<;3!|gxT7M zVd{(}Ow4REY?H1J-XQIbs-0JH9=O4B>Wo@YW^z_3<8w*kpUGYo!2V3)WADEzGiD;$ zL&W=WWo@kmgPHs1x<Tp8v}C_5=jFnK3mYMv|@dJ-5bczPNtH~ zS{?8T-qz@RAEyGH1dSW-)@Q5o%rG_(lZzaozI5)QIpogumyb(f`L&U?wgr(>0UcXA1J z+_ocDFUi9RD?^zJt>5ms=Z%AwWUBd@gC^&hl{W&R6Ba_kd>>#W#{Fs7oV2Gf zH8&-7TF~6&c4=y&I}b{#LZOKcVUK+DnWEg5lhct?pZn>6(KudtNuG#G8WWjBie@0C zJyHM-MLS52ZOy!H+Pg1p5yeI#M>xiq_W|I~42(5=**W*USsG%%wP{xv!CSE)2)#8W zr6u&u3VM$Z*&I;7TwU{8=SGuzPgD!yvd+D4->EWP+r4&#M=IaaZlus^{etwwb7kbT zlv;1R*>EK?Vg&bONh{ZE3Hp%3ewPY8DB>@g;_5(eHiIQ_vmAxpFf^rQuLSqB!GHn5 zveO9hv>O{4^vCDd=4f|aJz?kD1B1qc&mKuW)M*M;(OO@77>oC*(`2O3(9epEv?nUm zVYM^9G;h7TO;^yvFMg&gf%IK}5V1;^s!|Ncn}E1mj&VE_*Shnx(8buk80bp)lP1~M z;2^mSP!pYeJ@^*3WtzE&Z4mvdM8jMp`7Rq3rlX^(0L=pBAb30X!*k;5E1hVPQf_{ zHYk(7xEtFo7Dy$3c1x zmgXAAqF=ogOh6{L;=mZWm-CU_9ErS|Sk0S=<2w%ovqW?Cag!x0(vn~(R*H8Q2HSP_ zJA@+1=rq*5`_WT%MUT}M`?J#}2_*Q-$~}1{Ez?fy*Itn*ls*eusgq^Wn8k8nU>ZOq zxnE-Pt}WGuviD-c(Oq&G=3yUUHvI^sQJ9Ai|U*5d>$QkDK z-bx~2^{bQ|{UHt^7!+x;$V?b9p}$1SUOTdFFqpItgtB4K3)?-N04+>TV|(2X*dl3o z7)(1b8tafr<( zpQHVaz3=KxFi7HwSo)6?nuN^`78!$ptZIVo{R225?!(Jo0NkXG(+3CiLkBJTr^!tN zYmPU9(>jc2(|aZ53QRK+jLXU$HD?BOXzEj*Ve^~60+;P-?QU^tk0`=cJ|1{d6EC~z zr>$W@6s=nQiqd8gP3z1nUhxfo$#GTVK*!Rgy*r#=ChIXfStOfIfp4kJI={O5tE9Px zf)-Tr&t0|9@1%4H$wi}IwjQaOxy{@Pac!1LB4_~>Y-XIbnjP({A*s2JYYPcO%F)OV zRn?);gns8w7iMrd4|*cQgA9IAVY@Gi%LTLhEZrIl^y!nKQy|SYJD_DT`vFZ3%d}&( zTE+rZPkDs6!-q0N@!5opsOrns(-W5D?jlY%=(XM55EazSvwCB2v6=fgoAbOCA?C?> z6ibp^e$LK%ms|;Jzx7ss7Ml;Bhao=8eg4pQ&z8ibEGHbfB0ux+T7xh65 zQDtCPYwg_U%&J)zViq_?n(Q4J4@!zK?IbK-y=k<6!{5>FtEHQ{tJx0^OLKlZ#W4j2 zub=clUSBd<)BG*|(e7Q7%*R{cD$dw5W6tG-@zROb-~^h{DSCr7bT8 zpG^BeSjcq4boIr>6W1FW8-fM1Oid@qyyj>o`v|+steA3*92^{Gk8uq&c_%V*oI8Yb zHv@0b=Oo7)WJ@vQ75K$r{U-ZC?H^QZES&S9Pqq{k5zL)D0G1i<-IRl&z&yBvzRA-(DQc z=XA3ILS;Fl_{EsFk-qv!6uA1$OFF}!f3}5x-^ZxFW5AX}L*sM-+?ffn?o6T3u3QvH zPI;7q_kfpI5Mfu@I)IddkZ-#qno(z0M{~c!3kxUzY2h83#oA_usAaz*;Q58X4)kS? z7uA!&pyXIg=!Vk&+Ry!)czTp^|6gVSeF6K2$C2GBc8(8_`sMJLnRp}7`a~FQbn!sH zY5d|>8Y+z1f49>BwldI*sdmDtf#j4AN*y+t{dbR=3s#xDjsk9o*lgEG;f> z0zMkwY)YR{0|Q4qsnA0;mV)5xcm<+y@V{^Aqj{*uCfo|tx*$n0cd)TcN8KooaL~9} z+3JSH=)?g4;B5`b*E)PK3^!dj$lpCkNH(EasJgeho~pknDU`O+Zh-g>Po{IfD}xI$ zSt>X5tal|f^mff?V2~2{r*(#krOB6}+K%JsxZ8}ZHQX|-#d{u!G9j^eEauy{Ke*hN z5>h<4VD~O$f8U!nPojR^9-hyEBX(}Q5e_|xq4-rrPy4Do|Hz#8R~~{Sl}C^cUL{a^ zNxBwhIcD|;$SF7I4xkF@rhdh8Ghy;T(vq2(g@)8%zJL^9st#&X=G(&qpSbTCEG61U zJryz=f?+IEQFsNl%c%$Q83nckyXd8!H;{XJ$+p}M;os>meRgs63?fLjvo2g8rF~$( z)uDm6+#^G4G{gI#=amFn8A zi-tf!%^O&QJ0iS--53UZs)A{Ubub`h&^4-+N%oMsaq0SnV_^|H!O3&pOV_fuJQ#C* zraqBde{Fto(v`YVzgXF>Pm1fs@yGdilS1Lpa`VSof_$s%>x~V#Gj##fzS;9%utGIJ zs7$kN+7UDwg2xywv_F!_ZKM^koqDkP_7n|^p4iznBaGX}D?{ik`Ystca=+i-z8WRh6MCVd$ibLwGH=P?vRoV<&aB_>}= z0E9-i1R9AnMQ_|JJ3DkLoZ)lZ*qC+?n;pk7UAonBUq_0W>#Ka+#;gCh!(4Lf8FU`S)M5?+J4^)tQ z4~S_UIC@BbK>Go3Ma(;#1{(R8cZJ58kVOFv?F8!?@q^{EZi_$A%UToTcEL~ zPMl)uicH)*(#@UyT-~XzY_rhm@^VjIpM0w?6`VXYR&oWBe7Iei3w|g1`tQjI2%fTM zD3?ZN)NQB<8kSAof)xN*YT`h=bONQE*S0TgdHMBIhPwO$_Ji7t?7I3UI%MXY_9Dq9 zbBlN9Ez3(IoOLuZcSptiSTN{QSUyxwvy{rSd<40b?s5$#xgzuQ1lBVaXEBNJ;zv9c zCarA|SA!|S#elMIx9tn2`dyc+#WjTRSI z%D6#SAjAHw8<|kNqCjc>0lLZAsiVCRyJKd5$AE&wt2g%hYhmHs%2sdy+QPw)L{)69 zAeG`_M6Ohhr$esTy^2bv^6}vHb3T6I51P15W;y2TqUwWbz_HWz(Gk%`}yjQO&RWN2m9}P_vhccvfUHAGRkKQ7?h>nNZ;tilfxqQh-;N zAqhGEGT8g9>3#P_*i!~=zoe;#$C6Ptdb-=pd62kW0>PVK4F8Y-}1 zU|>R_3D6V;0ctIpfffJy!zOC{0V919LBU1QE9MOlAMDO-UMRM>C!uo(tT7L@8e}F~ z0JMp^Fq`}$LoxOR{HD54ZVXu1j)WjC4kJtg4$Ai1vSQH zX*NXW*H6TzEZYB*0BwI_$}-Fq0Bx4Y*zqm|G#Z>ib}=qL(i6_g0$`|+gJDTAwn1c6 z^e2@WDybgWk`JEXv))EQMNHRYWk8n9QjG~mYmPOGHQ{bLpy1RB@>8uAD|r2yzD)v# zOj^;xP#B6aR!=y6Y>+z_Mv zyxh`x@9u72ApKC0n%&}f(6;et``LCK%=e_kk80*o6zt$!gfTRyWCgxy%2u>Eapv8| zvj%o(4GqTMPR)A}$k04p(z9zW2#Ah7E1tEP%7Lf$*3F-U6h4@WdEXwi9sNw-Z>2_x!xftbh=Y^-4&JWp$KDqA%Z4d`xXbUer_w&zlZVCN_n_(*1 zGg?*^Jd?nx@hdbPzHD30WBE&Yw;ZA_3`!8*DUuy}*00@+tsmA>K{(A?;hYZugGz zU_%R)rQ2PD{0=btanbKZpcJ>KN|wQ~W1--}p{U0tC-bHG9(nFpBZN<5;3gQok#fgC%bq3zE<5B zVTdjRHJP8I$0Ht+6~8L6-ev7AsejI+2bXUj{v>SJag+N-Ro%_o^*>JP8|;Y{nLuXP z0Robx4IC)V^_Wjb67CK{yq$q0j}!5*#2+8Szn||_6!LaWC5$*<@;R{+N3&W9%k(Es zLIA}QbJ=I8lX|Wb=<#s`SnT~pxOhzcQSfMqLRXkaV8BD=MSFu8p1d^0nJj+%_| z^>bcgi}?7DtGVWkd~6$@sB~6|#9~sMQr9r-Pb6j9+S=+LRk94w07ynliMD9k+jVtr z!Ip1+f>3-t=QHv`N4Es z9TMv1mS9h>+oK=FFZ&~W$X@5f=L8p$I+Y0*zd_?R_`d2ryK6%mPLV83vDs;8%+hTw z4-Xhh>$iJxFfrvvTDm43h*(%`ZDYsKkj>3-Ow^4Aa3mnofJFY_@ta%7-NQIMQ?zNP ze0Nrc^fqN@i6jH?+7tv-MYAAL;QV5n*QV#m$;i%esZNcyUmQ+`k&~>^S-3t%!I2eR zuLkiHuP}u*r}sl$LR9GUbqsh6F|GH1+Pkj=eQ5!cXMB{@dSYBL$49PMESylj6Mhj8 z9mT`H?&#=fZchJ6BiX~Lk@+5;$j-7Fbwdb|DUDNpZ(RXrq@9?$`t&>K*-vO}DyuMI znLOjI1%d~=ylsw<2MpYgP1_LhE}?lpN*<6nwS=&vt$tNfLX8^KKk!K_Oy(vGO3}oR z#!rd@rB69$moveF=>NuR)MXI^+;CppA)By%S(_|fIK|X z6Uj1NA7>Hshn@*C>f7Q%A(aw(M`60)-z~~lp{8GIdzO~0-)5yeKFoGE+4{v?RAqca zZ9etBi7z`3U4CO|+pdQP!&P0STu$&iW6iFMO}I*9Aq?b~MEWyH!u(`Ay3P>(^@WnzuunQB)4kEB!{^K{W3M?I<93*t)h?s5r z=acvSIDBz{uw$&|h+woTz+y4iJl@p}lCFo~&H3U`h);EyRtC%n(5D3FtRD>MwDcoh z>?X{V_hml@J_haAR2{x-XGsC3;|*Q7e7iiN7v7fz;3kAD$h?=6sPq1|fkwV|mWrsO@nQF`lRitd_uF0dm) zS0m_D3KHZ3Y1>spwYt$@x3(M;KD>PTlgRl7KR}1IH0-H~#YFV?)A}+9V?N*h&}(@1 zc~+)x5Ls7dU^a*&;F7UE6VR>jt?t_(y^DyBA6BqRsi+sdbJ)eHRh{-g+n@NpZYVKV zKh6ownD<12tQAVWZXs9 zSFRm3sp!R6zUdPt_zeyjAJZf6j@u?7~ zgJV9BMhYDvm95~mFr2G;Xb*(axvoh6SlqL*RwdIvG%*r>^qw4nq&HbY$9}cMN~zbx z6SwIV;^;@gAMYDw#)}5+>QC%(+UnoT+_GC4&cT4(dd03QGJ<=Nd?AtH1w0pLH`+&x z(gHAjdOn3b(eCbh@W@f8`*~6lZ_8p>C^&&nMS?cHHdcyKA9gE4yxc8$iNwmJoR%-o zskE;dcYC&W(L{5xb{Im3qA%0;SdhG$_zE@1ZhR97ZX<|-lf=2>03@+zlYW|PtOMv3Aj>@o12HHyKsnFd!H+?(L&Yb40Ni9fS%=<$Oh>Jm7SV1)*33M%Nl2kvD z6zVqz2+!$jc>3C>S)I>~8i?o$ImGwXTAVsQWJ9OU98Vk za(6NTXkkZ+%%8N`OC_LzZNkf!i1c&lb|;?bZ_$ynWHwd1a>^2FqM zuy+^q$#KWT*5Nywox~w0qpl+gucHI2TE@efQ$6jG){_mRkeyb7T(dw(daq+K6YBfD$(2!hE|gdGGmL*wo;^zT z*{KZ=M~Z*}P4TPr#%Q(+`zG)rYNB0QDm?ar2xLDAH}oy(w4+4w=-=63RN59Ide-;a36~Li|LMmwss~J%;R4Q^OY)WpY5#; zV;7oCw0A3YMMslpHQb`jRMANz;yk=K^V2MhZ%eEdjA*cuNpS@}W+#=Bv%ZiCZ2gKe z$jM^@onPKPM8k`6ddec8WDOf$FIg$PMpX{^GqZdXV#TH#U%%~>HY<} zu!k+=qZK=Pz=17l*Juksoqo+lm$7DXP2V`;6v~Whi^N~bu#)g6wzOA&H(Hv=0#pCi z#WBxX4VuT1hS%!Qu$Ey2hx{g@#N{P8>E7CT{L0uSnE(e{6P_f3$hEPfXZwR z^I^%|iHBB8y+do70%|3|7Kex8u$SAvHn1Z(c6^)HIdr%yzjqx6F8Se0H-+otbbx3pA-XkX@Uo%+$LB%1C;U65-{G zHC=XAIu*z5wvj_LCigba34S+DFG#>oRE{%_L2vpU! zoysCC2qr9*6m^gkm(*S5stpRLZf$GCJA{Z!TV>)&+XAmSE(hHEJ1QXY-0>+BYqjmv z>zM!~fGGE7?l%d(06R%(pczP(n{y@a^9pJ7$u$?QjS?$Cdk2CGleLn2zNM!?l=SI!|nAR zZH?V)AgU2>qRVqicqN|#-%=9-D#EaWHX;8={}B14%oT#9_*F~*VI*|G~lwm%Y$5l2o2sI0Ah4n1N!Bni&53DfE`S-RQ4euP3XT0JKmmj2$5c<9$r=#cV=6THP(0y4*yxK%+uMq# zrRM71Qnp^MJ$k)Cp zWEAPR1@mC5RUlNoFIs5Cy7@^u=j_-3-e-T;BM(L!iLlUx{Xu{;+AoLJ+TK&z8p&{c zfB@MMOv9t>Xq;D6GMB#IS3@(cbPoe5IJ>G2T)nI?+Zdm!334&qpL(MrP{$o)#3l02 zg==(mxQUwOf}d-R=k#qQnr9Xo?3^^K z?6k_H&E25o1LtuMUEvWu z=(QqOu5KoLTW9xvyJiZR-*M}bfY6o2#OSch036hMrW<-2gN|Z^C6({y8H2rYp-w3k zER$$u`dPdl7Jr>LK^rNsnrA~~5((jpDiZ~6ivfIpvV3+K5-b^!*`^1A6_xzsPZ~2X zGy~SKH(uA_d~!^Mf0?>l!8*>Z5uOb(@J?p+!;%zev!P_c0ZB7i#f=-%7?;S+pU*!V zpS5-D!aG|bj)>xLHg*Ed2TSRrK9alik@#(CX&5N=QLt#_5k4VZGS(ddC?(GN?n--| zv5x3a%X&YfT{qI$wIyllDwX+EG&#zNo#~GRC^#bUSOFDpuZADrHKhdb49ybN3;BOm z`S{cz;imBKI}NJfJM(!|04#M`nlz0k>S^lmP>I<2Gfu7ZwF!&WXO5__6*Ot3>e{K0 zu#wH~xNt@y@9t}ey?V3bICB9K3ht;paXTq{QLI#{B+MpltsK!Lsf52TXPrT7^!sSn zAPosSMeLp)C2c+3b!IW|A*j;z-ShDs)Pc(S%7aBT` zK=LJY4T9J`G7_^JBsLH2whP`NLFeX{o4nLwvF@omVj~ z>F0BQxVH{5N+^oNH8O`)P9Wez1)R4|n&FzxI^WC6sBHb_tELAm7#K*!2vwgSt?%zJ z%&K+>pz%He$3%{qA0&0-k2rm0N86R*5;_hPiKLRXGuMRnme(fLa#$VXLj!7RdDUO< zn92KSeEJ0EMq@H2%cS7t&IDu(Z0;%#MBmMJ|Kb>k&fbHz};lViPa&i zS}g|v5&a@Y>>?wliuVOb(tY|Wd2}9(7M3~eq<)MEd^fcRnftaRWX z8!q#i{G>*{8cQ#GZh^G9!RBZwu?GZ(9?`bUsy|?&r_hTXk0Z!ftA zvr5pT{GuIGspk*ZiO*yKnwZ}YpZtMNm*`F&4OZH40xA`L2DsI~)G%9-tkvQ2q{<{Mn?@yL}IfX$)C3=!ZRLCJoBGR*Q|Fl5|0s|ZIzOaVhRIj^1h%@x8L{a zF9>S{-M+jJ7=uL|01I0u{6x0jsHGtgHV!4W}wz}Eh_nk1C1lZVdeD3 z7K&8LVT^CcD$e6MN?K67Ktv`IkNcpTbox5`oTea=(LmW)QF0z*ZbKj*acOcijE}g-VW1 zI#NIyBj-3UdrK8Iy%j-dh0?KMo>HfaNN+>82ikGysH%gF zJu-5`^P+^;t5n)w&Vj}zc?XNScdB3!{q-JY#0*C{cbN6Vz%y5OJ{Jh6Zo2#hS(=A* zXIygmdWiwI2}v{1j&i8g+!-rQno~ zXu_`RhxUsqrnM9a-(Nx?7k|D-hluCo{|o|vT8o8I{6IX-Hy~NUxVytIkdm`)$JI}# z!Y7+3ZGL)(W_WZe=fyIAd2HZ>i;G$I}z79V)~+wnv?s;n~fF zY)2f7mWyO_nB19Cg)V}2>k=Ac!KCo$%!+8##@bu8x}e^i(xH_q7SAcm+Tc`{N3O)! zD{VAOsbpv2i9W~c72}Keb#*OI%V@lT)`Z9QR!xh^+r+IlwSL1TXq<`D8RA2=CbZ;< zBo8j7Bv$fr3Z>9Oeb6a8dkS}U%vXmHT<6Z4DB8kmn3Rzo=2xdS-Oi>tWgvlt!@974 zaF^oa&L=St3{G#T)t=WTh_)G2J=7Yx_JDqeZ*y~(3Q0XHO;uN7YU#?DNqj$efhAE!JT5hY1??t=ypLqG=PoBG?6P3$-@#PqUdE)(T z=kjO+nGsKV^Z~lpZa*K!{KdNVp>_jx?z%gASilkMQP6rhp~1W(ZW~%Z6-wah)?dyl zc19=n$2iC57%eP_HOXe4m4|Je<3l4IhUZ7plAua`J6q`-~6`mSd+@d92@t; zXM&;a76dW>FkQZe@Uv4ZP75l@gaWzEF+nlJAWa?Ei{0||byg<@TJlq6(03s< z*}MPIE~~TkjOthv;-{#aJ;NlN;r&s_`5*Gx$RFI8`NO@O)UZXmJ~+Rz4k-jOx6lV_ zI|+fLx%;RgMDrC9u?&$_goyZpwiY$7VT1`Ora$@4WTd(??@wtahC2%jGBObIWhfWp zfOcQN#Fy%Ye~-MmC5`!fA9**%#DH}t&~CiYc+4*~i2MRi1-O3Z^D__6cL7C% z!RM>l=F8G4ws!W*2owiI@O!B+4|>Zv;)%rb8#u+w=V}q|%2GQ9(Xv!v-pgoR&olO! zZ$H^bLsC?1k2;kpD=Wjv(#@g_Y8L0=%ZtH#Dwy}HIj^qVN8!^3g2dy8}K!N3~`~mVsd>!emRznW47%fxOm1YfJW2*4QI zkk1M%GFwASd97FS&pLbn2Aj_v;2c4JK0-wC?$P&n%NA4fT{DnLmIN+^tViO0O3db~ zEXTe9=aJ%PVfrbrDC=WXgKz&XFW(DXl$qh$y8WCW*h&NT0>)%F2;<+&fUx*mj66bx z0=MRP9o+W*S$C*jRDur%^dvKaD@iLbPL~5#SS+7E1`r6~q>f=CKm3IA^zFyN14u&I z=$E$0geR5dZy^tk`Qy#Ctl<4q;R9sSWrYd1Te_@L;iaM&ErhMH4mj^%GLX?3a})Ea zOyh9#q1;16#ZTs+x{gJzmElw|mAJB$8u~t(zkX{g%kSXJz1eH)08%v+x_#lOO?@== z5E1NVdG5S^#v+DQK)$kwUGM7YSxKpFU1-ouQ+&@#LOj5IXMME%i7`Kis?}|_S?t4Z zY}}j?$H2YAdYYCRDr9hN@Y%^R7K6p4A838e*B)L;AoCi_4U=U&b?9Sb@(DjsC|DiFcRt6_iRvt&JhY{)M|adefK@!a8(fE(R;6p)TQ|TBw7gzYNFa^Cm9);IEX-v zv0k(m7#WFmIeK3bs#+7N;GzDkx%TAQ9>!zN2|&-Ec<;3ta+&km~-ZiR^AGx_o)$K#W;q% z(b)lY+1KmTT=L>cJ8_H_3-UVObC5v!Rjmo=c?d2hDplR}gPV;Xujs7l$Idde86mUO zGy1~S-j`5sMo34T9j|yZU~p52YCGH!bDkTav3u}|9@#`s2k)nl?eOh$=Z>OocU`B) z>@WYi1_62V?xR0`$V+_r^35JIofP7qpZSNM|N0f&&6~2if3-;d^Ps=}>JKxFW`Tkv z$(t`u4*hql_>W$w%g$cKaa}e6;eWEyRl-NAF)STIeSetzzoq<7b7sE|0fB;6Mfvf6 zvr>_3*I-xej8pLbxbHuW{%;0FyL&gQ^RK|<|IJG6ZvhtRu#lknH=OyO&9L(&;NKfr zg1G;al@3b)7O{^EOM&^%M*rtQU2Z@^l2E_YBKqH~G!n4L@b;*r(0|8Tf7o2=M}U8? zkx2Y+R=S4-SR`^jLH~bq@UH>>g;NdT|DUY%|BJZ)ejFl4j`Mr@`U)P+9zHS?+!y@?YOI=5oDV>lh9W>Y9STmXi zvN>JMjp#RPPvlnFa;QNKZjdrspwfn?sgo1c-_N)-!HgbxXTI@uT=1=N)X?xRts?n( zt({X4#9Qp+0%Yao^{JAVYx*(-RZ+0HXKHaq<^A_UejKwC4MNW#Am-N3Z(@I0sY;10*%RIv15 z-=u0S%`7evDCxudh0yHLERfBsVhKdQC^i>kL|d7&xz4G*7#b{?4mN9R`tw&o?pnmk zT}HQ${x%;FZ;jHPSNqMgFN(BuvXQ#)+M5E_$f8=b>SD zUK1m+)!zU4m z%5@w@FttjCZv5U?j;r39g?6$I>2EXQ{`s^3;y)z>MuWdPrN?h4Z|&7lYdbF}!p%6xx?#9agR z=;NgJki2_U4CJ`ks`G8S`D)P{Kkp>)FxZ!G9jFK>>>En{KGi=+N9cR9A1ckViylDU zY<*X??tC!!l+nRPg6{l{%0c}`3T(UnQs`LO;K$1IdAs9M_`563K5*xU!-bYq?&H63 z``^>qc+GxP$71v2>HNdcKW?qAfs2qr!J9S(p2&rmA{A!spZWiCr5M5L9GATS*l$9h zl->I8#<6@`HEgvU)zwsuY2SbYf8`+2u)u=0tj0F@@Skq##T=ryp+M~^3a!aQJMK^Q z8ub>x@6N^RN|b=HUswsTBk~6ZxpF<7_aF=g(w+NR@9d7|D$l_Ddbqz%)G`=&C3l!a zSFc>vpN6xHs!AXoshLZE(lKnisYuayrK8GD2YXX?VXkL@>2fFj6WXxz+)Ps{bgE&+ zqtdD261@7&=-|z|)3p+e|IM5Ky5ttT*93D&7QaaFZ~SJN3J7A%V&{0JocJR_USF^X z{us{_3;gmVj~|)z`vPvX`5yo&hhtzPKk+LgK zhgn5YLeb#LXQM|h4$p|ka?pRmAeYZXKY{GeP;ee}#AwQQFHeTOQm{O&1w_$4_{;FW zIy&spVwXfmD_`+Atk17U`@_-X14olCqCok|(XXT?U|B{E)zy++o>3mEe)_4$Bv(G> zq6din)O)btKZuR}KvmN?h_C`f*sww$j73W5eu93=tC@xLf>~zccKQCq(m%ZO`~1E! zi#%4FVyYgO+}q2o_~{)IIFD4-JXJ}5F%z$x#`ia~M-N@jo7!kdJzZVscf0Xol(CCo z0J^Z8@0CaFPaOXcJIi|PC}E!h*?_j37xv1yS~LuxNa#!5tL5ZX)c87i3DPXRmVzw1 zW!|1b!hVu|+AG)Dxd>j)c=~#m=OJ%yNC3J0MPy8_9QvQhO}MVXxEH*IXZWv8{$cShoFD*859yP5 zCB3fv$%U+M&AZe*63X1!JlR3NoAuzgF2cw_U?t%64PS@%dQWy@qI{$bV^V%8%u1^@pt>wOADdtrNj+N-onG%@h? zEN8O~{;T+Obl;_Q60%3>#o|@|2aOpDG^Q|<*y$h7$W_c^`Bh`;r1^%7+Bbw2{NiBz z%~=o00ryS&%DVpag3dP(=x%hzD>ViA|D@@nEg-+yRw3DLp5x38qCrQgNu8HLLK zFS9T6l}=J?xQE0Z-3Enud>sybxD0Ogw}Tjp2bQ51fN~{2T`58@)@wR*DG)IZIe3aV z#5l#g{=hc(0NW7aC&T}|z>T;nH{dYfSDO3&agd9%Qh)%s-m#^3gg-y;wkOBUybo0x zm26ot-u%+P#e-G(0V4?#X4e0#?yBCw7~UT*GHakMymBMI@1HyVH);8KQi&N#200&z z2KW$pQD8*6te8_Gncse{x&&+k!HD#azm9k-O)giPd%uw3A5B1SSYS+6YET}<+tF!U^-yGtsbv4fu8UpY8$?mM}he=jXSo zCO}q{Xt#xi43GTV@xH0N>oS7ty|D$c+^&DQ?A^6p*@u!YvD+OLZTP`2v~Q;_@{(#N`okRy=V1?&rL(gXZL27xCL-$?sk>>ie{} zQf$A_x`~fh{B;M$$esqA(|E$V(-|uks~>I|7k08;zWdkJUa)u|$_0xH49FnK^d4-& zGiS~&OFnWjMkT00W<6QJ(!9T94SV|Axs4=yq&m6yxZ*N5)f&xyj{L-H>0`G+uI5fq z%dwxA01Irl>;#s&AV;gdNHU2t0gm3;w4&d{R>!RDtwl~26&1#;)4-E#=Rt?**mRNN zD%1;_ccw$6ZmWdL7Ef(Qt@oep{!^YLdiGKX>m4$Bp?S$4wm6bDXjL7GP5)E z!v8dBtGOdC#nkuW{T9pf=xHd=3HXDJP#W|tZg<8CIk?|Uu{)gXRW)kS#g_}{BynjW z^NMG_IeDZnSm9r{!GsN?gJjT{ChuTq8}|4uc7Nlxz_cH8^kh0kZ)H&C`J3(W-0cN7 zREujD9AW8KwR94MU$fER9ntImE%bFYs{oDk&8ao&5fC#F%Y6nyBQQvnsG=uM?5xs- z%2q_bN$@;3aD4mep{2f2LJ7xoXkL9W+~!?HlC$X!o8$RG_GTXQ@k6`g+--$!O*b5P z`I~&h+bu)m!Fg$-HTqz`kjJ?GP|EEt1Xe+RjDiBBY$)!E-6vB=9=v==ZkPogH@) z(ooiT`E$>4aQH&|_JoF<>T4)c-O>u^a6U4)%CU@=RE9c~IIFJg9!j*`u?+5JB@w=u z1rJFUwu;(rD9^cg{XKH+tLb{lBtD9&J%L7Q+x;J&sOW~u5a^TX(*f}acOf2YLCjYk zN#Zr}ZRD$F?h4#}`XVo$OL_<)FJNKV3r&1kkl}czBFJ%Q!x`Gjb~o*=hQvNYuezL- z2xjtojE`}%E$VNh7SZpYa!*tZ*1MN9SbRNxW)Pe}xTd0lxTvQ}#?woB{45T?N%~+p zm;B}a4#R6aS@ui=PLM{W0qiX>7&m2#X8c4?SlN|FMO%=Q9{sF(K~T->LXTu$7rXN} zQ9yi{;xI&tNqAj_=4dyr_js0h?90Ub*u#e!EHlqw562c^Wo$WUCg`*e&#+tDmgOSd zNgW8`<%%+$O&blOf~UW}$FihKbo|Sbz?MpeY_7IY;(iL-uLJ+cB&5WbzDY|zotPTe zDi=KPVyW;&Pi)SoKx}S0_Jme)^onT09a2%&ou0_=+DcdQil|Y#XJcJTx6j>ZpvFOcorkb= zY$H6^9TI_v>e5jB%Fb}=_O*}a&kQE2 z7DN?jVq`Cvf*!*q<|G!#8`*N*%_-BS_#oCJ8M3WP>wlKoPiekVJoJr@YM=0u){O&0 zK2;8v$C5DzCWp|*L5ewQwzjrbPF-AwMzya|!+x9lqmA1xGY@=izZ*)b;t;1Y@7kJP zOlRU!j0Oklv^9CMzX=vv8ZHP9z`^Dt<`S)oEF15OH#{LGD`~a`S^bA(9Op^Pbhcw2gz)M$E0>!}if)AhPG}8S*X0WLaLtV1nf+CVeOK4uzeL ze8}l5AW7k+-$pF^L6Zg$ZF4xDXSj19oCzcaRTeFZ_@2+V8_DWG-o(fT+T;nIVK$UB zt8~Y7ltLQw>?P}7A*2Kgt73!7*1E@w8zYBW9nX!96BIBp$MW(+3<{Ry@gq-(E2Tp6 zRryl;ZRo9}_E#|;oX*X&I?@l6xc%j#bJOr3naAnqOoU~H?2^&G3y-SFTW>vC6d4BY z{Y^e4eABf)c;-s!bmgEoGg^Fptd)O#{(q!>bwE{F_x6Y&B?6L?qDXg2BPd9B$ECYd z+AF0XA>G~GU4nw-r8`8ryW#R3z?tuz-#F=imm7zD_Fn5*&wAF{`{cNA&XAx6Wd&^^ zkw^rI40K3iA2ybISefbG9gC4*Pp~sxy1g6>TvLO-XqFM&#^=a`@XMd#6@Ml2{4A2; z{2d7tW#y{lb;!~!298> zAjE_9jaXjy-6PdH=Y{XL{#Qn&`b;Ye%P%Sg&u>~$vTr=%H^BT~MBtaZYOe9_dvtRp z{!GMukhNjDBFE0Y4c<(&FQU386{MpDu657MJ8wXhC&fJ^Z8t}{qahZa)|IVw{*=R( z>hd%Im8f>@Ew=q15~SZ8?Y9?6x8Wkl zdd16P_{UA)vVFfVKf?gb(!Ib2Dn)F!k}$nW@^qC*-(au23aP5*0aUV9Zp#!r9U{&T z5e65&EVMJlj*w%+(>p>QtR4(br*@z}(C9y|Q;oV-7V_zq4^iz`-13*djr+G3Nw!yV z#pc-R`z4_kmP7i{>hv#d#CMs2bzpsk_=uT=o=nJgMy`_Fp}Gor0kDGNhk= zK{Ig^pP<%urD<8KQe^obD9Tn0;AZFLl7NXi-itNm#2|prJHX*-MG5YQmf5g1;MhAcY7N& zXhexuVx3Oe^+8TrjT zfGyCKZJ-O(dz$p?5$^t){t3bs8nwy(&clBY39i=B{1KpeNZb>R{%-WPuo0kox5HPg z8dyjAkv?UHDk1c-Lx*gJ*16nr4-Jxep)X(d+kjMK&SrG%j~q{x0^AwJ23TV))%RNr zHNT?&=>C7VK!8}KbC*v%OsOD(pk?~OYR+N4Zjrgzh0j|odsa-qF{h9Blp@wE}sE2)PP zG}W@-vQ#MSOdJd(c(SYX3X7BRKycw9JvdTqp7f~MXiatGwJrHAGyD(c(ew!rmB`qb zzSj|q7{O3#ohLmtmngL*>-LO3V*R`8(|Hw@pL67UJ|KNkMm^ZkAfZ&yBof#f$r)>C z1aUrf-b)zcsXSkU51O)1TdPg@@6%Ev_Hd)X!Tx&%s;riO=If}(Tb|Tdfe1G$kEM%3 zUsCjf-c4W5XBWkqD8;-95K#~yE$nc(v{oiCGaODM((SSQ9*+Mo^S>>@4_>_T<3FJU zom{6qz{>Q7z%X(ceuW~J2D?#-P-kLWR-uyk;I7fC|D{3ej(LbAOw@AYsm&ZAnnQAy>%;u;pL9 z<##Th1P6rJvaiV$-`VUdd99VEdjC+;Y6`D2clzuu7i-xm3>`NDsS#w%Sv;o*fe-?P zO^t0Ou2A2t6=H&VMq0k@&s@CD=cqLa@PEHjy<;#UCx(Le3rsCS7luxpfl`~l$shWS zuCAkcRnI~u@(Z~hFTe_E2m@&+Skbpextr}t_;39~Lh`$*`HhCW=6AemVA$Ln;kmX2BT6vNG@1*J z>k*Wd#K5wr1N|6hwgH?gECxVn#dQ&Q3w*Mmtyf$OQanHan9 z)UEtPdNGkUxz`h%COp#SxDbz^Xw))iwh~f0K3&&9D$(B&8yY;_f7GislIS+Hyrx=X z^!Yyz<8@OQLRhArg8#3Q=DkO~jzc^bB)P6RM03$3t!YvB*M>a1_R+uwNT1M3Zx@zU zpX3z2EVX(zlhe1Ap1vQ$WvRUH*ge^<`tR4{*NN(_0bp45w_Ywzfv;WE#BuCgxd{>B zEoc3D!)v;#ouyc-P9*~CZ=o5v@7_>%T87KIQ} zyz)Xse{<&WO4Ffk$W)zaJW=y-UTw7JcU1kcss0nx1RDYst8E$vqVLLjptx3hZ-t8R zMb!~|f8Oby3ZcXK8BYIHlkx z2Cj$$l-gFw(|E4~f3FXWo2Ra20IL3$q(B9!NJlvCnp0IXlx7mQB)`2=Ba&04|e=@B<{Lc6b08VS;!Z@#eo!=Ch^h%8h=KkSW{sd-!@7iS*SCTp}@zAv= zf+KL0*{bH!OepH9TG#8-rBR#x(LFS+g!6Diqi3l1~20)@mHT~w~)_T zbzknTUER+1sYL%$M*7$YZI;i`K9Ak!v$b5h#)U)+&J`}-#vJOuLqGl{gt(IR?#K+0 zl{^E7u%X<_Ntd?FEsMpN;Xf1tzC*bbU?1Cd=)Wexq4$*?h7JdE7^_RLLzOZYrkQow zh*r-$n6gbJVw95f)aizUvg>% z6BPSG(|Cv}h7RlN0TtfEo8@FugPlgzBTJ0uZ#zmjH6EfWRnctiD8)<|8k;sGy!Kv9 zQ4RS0tp6H{5`bFutntH!?}6qXt<`i6q3}rmcArUvdI%(raL+NRZG2h~G(YA8mveyY z4xJoB(Qw>csfTaI(xI`rg;z5;Z;0`QQP<7mUQ9yNjEmaa9rm+34wDh-JLWTWv-4ZL z6Z%Aej{4*O|FxG%(AhBM(Txk*z!+*eI7+Q}dABK)?8ldrHar&TSim(68j5a= zoiVE6kMQ1Z#-K*Y=gJN7TIv#O336P(!I!{(wQf(;GI@S**(?3i+Y$Z2)cL8A)AH5h#&3QJj>cJTv{~1$C#R`PCK%WdfvlSfLN|A# zc!&xZ_73b#;8fnvE}sNkWGO!X^Ps!psR5TsfEaq zpZf>5Ea3lp-ttr(ygRG8%z1N#q*A!k0)n$KQWQ@{JseUINHeY}N$%##dWKq7Eoq^C z9T{D+ci{YkbiHyncp@=T9?LJQL;h!h#21P+CT$XXfft(~bKIJjNbSs@xc~ctMgzS% z45iR3Z5^-)T5_wyre!!|1P^QhR~hIb^xWdUj-q)rCs$+A^Cp2<0-L-bobaCZ%Y2&7 zkRr1s!OTnR83nF_F}oI#MAK00u)k<%>wSGikxOg9D;Sd90uFoil@}gr1*EI`RHPCwig=%Jn_79dN)S)C7sb?%tlefh@P!v_5di9v9&ZL?RXDe zC=+46a16wGaNa2u;I>*)S;t4Z^39-N?4IdV>DnxH%Ty)7v3|J0 zpv$h4B?r00KqaegzJqG&gl6c`WX<8O11E9$ugu{$lgm&AilOqzYKhm*QU-2v%5@;n z5Nk0eArmx))cNb$TYkBGEQ>EcUHt^R(Q|uyllxoBM|Awgw2y@1iP8^6Bx%BNCMVe$ zYB)*9Tta2t<}^m=t1X+?e%w}jS|Q zB#obTR4zqAq?H+Mull?9(uG#?TVH*;hj zh&yMi^7s&MbqK6h;*y!OJ;B%u15RD-IS(QYyVQ_fJrT&;JdwQ2>4OYYuYg?lPG3Bh zE6IHEcX8onntsG0fJ(`EzRUMc(Oz?)@bO9XGMuYm3M2uX)rxg~N=iu^q{8#bd7!zw zHlS?fB4RJGfAe$`>N8B}l!Sd4(8itAnA|Cz@CY2W(D!7ho`h^=g%L3~RQ2!x3hu-2 zQ7fNYrX24t`R@eL3IV)JlCXz)gIc{ZFpMhh2Z1VcLsl>D>Jq=~->nPQhv$4>JS`LN zAi!)KxDY?p`S?jD#~s@PI0I z!nJ2e6wmNET=~D}?^ATajc}0f6U?dcHGQk*vZ_HrS81~_V@AvcTa!3MPqWKU8g6UN zVyKjUfiL}{^Uy?a!5j*GMRB%LKvKFAPq3Hg?MwmP2=6GpqYKINJ-s8$XLZQ6rN&fm zKl&%Z?>E2u^A}T;Uuj=WIc?TlQCDyQ+FOx6gG&W2x}5b~4-QHNs8~pv|Jq#bt~%UD zq>b(S6av^p=OXA{jMc>#$<8kaZnyDPBX`9xg7Yfq=bw=;l(8%wi5{$rIrTO-y~onk z{Xd5P&x54hJAgIOaTu9jVF*7v66wx5wQwP_%BhFW%bq|LR*1rv8uS!%7s=f`FUtUV za*fMjmsUaa4z03x{6uykK)5-dS@PfYh$CK6V|BK@#47G58=?;Vb5sADp_!8d^JMO* zhjc^nLot?#aWCd%tC=uE(=c}{t?)M}iyAqrOFMUs%TMPQD>9$MD*=*}SFmD;4Wv*n zypNA-uLFL`-l|gdW*6Omuy~*=4M91I(HZ|nGtI_WR%1Q=7#wk#2;`+^-e#+8CA(or zm|L~LGmcLlNa~yqRP0F8Jqe967BvMjw6(e9LFTPW=aAJl&8Npx)5Cdk3jbjg-$4}w zD25v@4pcW$4jxOH^QnWv%jQ~LMZV=dA~Sk0@kX3Fe`}9$$@yr21I`ue%bq-oI2l`q zl)2Ea{%69(pL^AaP>vykdhPK~VZeKLHhD7TS1(3W#Xdb&ZcopDRCJL%o+f(o@uEB! zc)*6NVm>crZjdjj$aF7|J5A+l=AQn!L%;^AKSWG74RXbz{!7Nh@ZgqZOYHj)j_WB* zLV-Oktg@AaVxKhzj?GU8&)lJFyPLK=5TBjptJR|X3vyV^Cvl(leuH%;P*dZpNx&!8FWFMurqtFRdcGj4N? z@}?M>G_Ec#tZCVAy|X#Iqm@}vyC@D4lp&%@c?5n7(OFFi|Je$bS+2^H4k@Qs z=5npg`g>A;%dXqlbuA4onzzcG@4D;-d%qLPPe_D559OXwgki*|@7eG0B_4NISHmi} zF75v)^!$xK0!@}#0778%;OgJxRYI^jvT6xw;c|je#{tIyd8QWB2yZ2fyyc=k;OX2o zc2cB7T(M^^X_WZS(Xdw=kRmwO`O9xw_Q;FQS2s#SrJYNyyd`cFRmBiKansM*cP@$NM6h3+IcXoc1DgPwO-e;xyb=xh+&P|Sw(tl3 z_ZM#WyN{9X%)l&go_Zs# zZfF<54`dm_hIJXGHT@`mNMZiUjsEw`86be5?#E8t?0RESc!)UmM8&Nx+f>!e0M0Mi zYl#qaj~#_zN}9y8vFxGxB%jz90YMXU1`a7D1d@oe0s@XylpKXe|9i>b-Pqq*wW?y$ zWJx&XcYBGF{yItB=x9R&;b6<%h_@<0+;}Vv(RtOrN2NWT*IH84PwF**t<)U3Nu!B+ zf+GZvNLrsfI1tIcPfs`)ruY~CIfMTzxMO%n?%UXi#K(TxdOf^3&u%&fgPl%Bl-ihj zi`>FU()8L`mDCZvJr*t~Yji7Z_rU6UxDGAU{^i`E!wQrC7$1A%@NvWW%qN*{P-VFi zL9MBh+~s|#`>k8=RTg%KH)~FY%6CnfLKk*I2T|w{dAXP7?fL*68Im(-A%&Uwz`#2y{|lc-#Z-F6ASXBz0$$7)yP?<(@5at<}?@doZ3nEbNAExw+h=I_qlYGYlceAF0ayWR_`@h z^xX1O8wtG1mgw!w_aw~D6DBTg)EXu|%)f;`cUn}BXM3Ep79SAQ?iL;?`M2p3eMJ)t znSXXygs3@q<~;neHU52ImHF>)b<@qFX-)~tCGMSx*C$4w1q`8dqWxz~ET{zEdwxLAq&i+O@ahCD` z=H$V`oVP7el%p*41RlO&7yM6M_m9?&cOOtz&?4J!(90h7v|t+AERC|a+h}50_Ld)A zUV8FMH%8B~I=2=YtOvG zK3osdUfQIYgvRe|AJiUs&z>vh`$|(SXd|zrvXTv`nfS-)bw*g*)T?vS6-qVAq|Tjwx{*R8yNh8m`h7KeJs8t zUp7+!mbiPaEMD`Zim^NL?5KD8_M6Y)+pXcYg0!eg%9m1S%}Nc`?3Z=yUUiwy(5OBn z7{;{lYFk}<$ljibg}Jxi;D6UX9InJH3-S!jYvR9M#ecsCfpOmQLr@Ukw>=glJ&vaN(C;Bc?OhU*j7@(Jkp$EUu!b2bCy5$ePpJ+H*E#EUB2yk zX6p2d;N1lq*?Br#W|H8c-CqB^%aYD--IbFeZyTcCF&B~lIRyN*{g?wFl$;+VwR2@8 zKp#7`hs#8shKj4m%K_3)d1?;~(zcv?>KpM|DBB{MO(C%uJ$$L`byhM@xY zM4BP-%x6s-4a6fYl|rp8N{!|8=NlU?sIX#P9f?w;wBl^)p80>*!tM=#GLlbU@Lc_he+2RTmHR@J?A^@86(o(3GjSGminen>^gL-V z%DRp6y_Vdb1T4{X(lAbHrP-u9{{%H8{{${B_5FU8*(3LZtnHP;b)-b#;NjU1ZYmT@ z4~XAj-|HCOhu2j^PM?MoJGwL~HuBF{Q@!eX`!6E~TU?!Bg_4;keD(9?r(n?tBAkI& zs<}(ln8~o8DR_CHf!hww%uw*|9%`v`NYU}KY}FzPa*H3%5z%rsKA(JtNY*?bkLC$7 za`TotH=pabEh0n@$F_v+?Z+ykAb%2ws!^^?9WQF!j;;bR1>a?Fzxg~I{o7QW`6rjU zYTDEh|8eAia(A^g6YkzK#OoUecF;zB8W0UXu?5m$ym~v;MZ>XFOLe}vdC{j(j&x}+ zs=+l9?rqD1qJ@N=bBR+Ciu3{54sA=>?%TJWsYG7c&#V{irk6GYRUcHBe95{Z_DZL= zwME~Lpg3ZSlhe)Z^x8w8+J;)bG^Y-M+(dI84>xSqhT|~Nrw3Iw$_(r%XSs~$+vEpD zC-8H#8icF=jD|n=l ziBGn;t{ow6de{ZSMP}(S(3m`KyX3`QZ=!j{T#{u?>NyRMqY_7XyFHQI51OlImmu+k zZ0;@|$ICd5KE#tC6k9_c=S?YbvkzP@ZMskA!VZf#KO#vH+d7NQ9xsJ8gXSR~$H-hQ9+$0~!DZ48&txvY zrHai4xvxbP?Zfd%(a((dqDAqMqZF>h5^A0>m$r0+CI~G~L0l~j++9iGJ&qt&A5dq@ z!|9_nVZyS|>e3La(|6%TrxL>6sW=hMhL<}ZB61ojI9r`x_IDshpg@g2nzIwt?-@J#2pu_jvasmEnql`5f<;53Ne7l9Y*Nxl1E8Q+9Sj8snI=ISVe%zuI?FH zFf6xVSD!ujOg0zD>!=#a>)`77O-8t(x>CMnIDQ8vz&vpIed_8#tyn910opf)6!evP z-=UQn$osx$d!dUeR$;6SPq=k3L?1rU38dq!HujxGDx9&Q`L^uoJ7PLswcGtj3_klY z2*eC}{QDy#AO7n<*VO?mj>or#yE#Bp|H;=uSa?p!lMCv}qx5v-kQi>~ZHX0PcT-Q^ ziypG-K+*dpU!!Bpt6C7xhF2$u&4;SV*{EdQ%k&Snu_%ka}`8Dgeec%Fo*vFd~+E{||}7)D+E95lXmhT9tT4eOHp?@P*2kE~`(;V(SoE@bWqOr+)rk)XqcgKD&`P6iah6Q&&*Ep zuWje|)}}xORJFs2xF@b3P?;qT=7FfotyL9|J^LCyb;r!;*>LF&oFFm!9!C2KIqPav zy@`J8H)K}s8N2k6n$r=vSi5ex)FGn=157Ec-Q_HI_Z{4LXQTKObYb_|Ku-3fiNpM% z72y$77tblTMKEP2`j=i-gSh385}KftANuP*HzY6uQ59)1&S2W;9!eeqxMx1=qv}G zwwBIs*l)nDZlR_n)?c>@4972V{xr%{!=2B%k$^1`w6;En=kV&HXZpCs)9rM{d@6?L zNk+Y4E31>4IC92k2M4vjX~(W&q6&uWdV_!=l^Kf>4EhW#GKAR!?+GjKN}9YrEW^qM z=z_M}g$L?U`><+Yi}fQU7|X@}bjRmgb$dlt?PLp8&rAeLw`lO}qIg9Q!{U9i-`*4%+j}rU&<>|OI8XUWCpQ1y>V%J~5+8Kl$Za+= z_JAD2Knp_MRdmL!BNIRe5v*#aJvuTu8Q<-uMR*@^V(328?38MkIqYpcr}>j`m;^K{ zDQ8858YEsH;fzIJbR36;Ara|XFRsPUaZgPVh$JD2=EFdoGMU{!F6tDI$+)C%C{&?E zi9cP4=kbf}^-jJw6Ineo^kU1Xzu0Bu?!jT5Mk3QJBHQzicZj%8WQ9;^#a6uSRmL8^ zQ~u;dg!>J$2M`}+xRI40r_(~I84sR)nyGkx%VUp@rT}M%#qoV zBv;Gn#PD!r)XbaOo7HFbChE!vgD#}~9T*SJm!+mkGz$=8aaW6y?~|{q#Ud}^uGXs+ zR^CEY{Q3^3|FnlzqnhC^zN<{aV}|k?+meJ4oz=%$$=s;#a{j&j{O>Q4x`1h;D7~Fb za5Mi7G+$|0H1;y0$1A{*OGN=Yu{CaP-&O-S*P`y!uLaj=R&BQ|hFJz)T`qv^ z<^>SUjGDBBT3II8hiXozt5eG+(nhr`+Rs=!hxPW?8V?tnu@oy^I3gb+*d)Vu+jDJ> zS8Cs%Q*FL@%VwK0wl`e%dSs)^hxWNdk|#>h=-|TIq41e4aVnlhfN7x72gJ`$H;OnV z2r(=!Mrb*f=^?xY&uXRoSL(LR!wg{_`P?__?VDTsCKt0$FFZtT0UXJ|wH`k*GnJZq z*_(b4TOT)MwM2F7w&*&gETKER6|XbwT=R9U`1j}6|NAJw00Zkc!@~~KI|_3{BGS>V z3}XsTeERcvjup&x&kZn2wh!<*%M4O8Z6%FZ0#-d6JtnB7)Km+jjAI(lGbGcQxlkjE zx=)zNKG`j_0lVeOkNH;5Pd@NoEJJvzwY*1sVa-mQm%1+ts!6d+)@$Z_MvAqu)F7Yl zV2%bEDjDu~);ilHV<)~64!swXIC}UL>GT3%Ql}@Mb?v~2Dn@Jj4mA;OcrdopAih+E zt*1o}nIounU`w*IaeA)(*v5k|?&h8p9WGIi%(Z+ATO{H=sJ2wI@BMR(zVlcMYMZqO zZ%a7x`=EGphWcI5L%p-j9YhKGQC^^Uv4HhaWz$JTUzHo2zw z+M7^3R!31YWr;PmsIP;9t1LNvL+qC8gB>ViliU>-Q@}oV#w|;8@5+Fky^PlVZe}%r zFFwy{L7P&nbaFmE32U&oja01E#|q+bcB^Ve%S3jo*2X<7`iM-Q*SXq7JN>CPlFiPR%xC%v5HJBmE8kDnER(g(%j|M_|G3`I?TXYSki;KHvOKfpS05ezJi z7uLM{&1ZfOduz4r<-Qsv=+<^n8x4+BIe#4s<2_C^=X9UJtG{^7Nt=L9JbW)uSzZ@! zHMM4TQ*-J}zLAN{P^W+SZGtOfD%9>FB#oM8l(oPzPNvSvd%?7{W@TFQ;-rtaUQYl~ zCxfGr487nPpN`GlJhdp9L_4fS5$o<<2jbju9=C628yq94M=VQ@Nr*K@2uc%Lhvi2W zh;DN&v^B>u5~>3U;cJ|`5@w#c7s~<`FuH5(Zr0E`P zoKb4(`Z<3_XI-<8xld&`w6V5P%8`4x@b(h#hm)c^p!<*Xfz=9)Gk6XQ{d04kxGj+9PLt9*~ z>a243KI6b>k?)dt@F(QPt$uoFe`@81TCVN%FvXcBi7!fL)oz>&=bD*VOk)p^y11)o(i5Qkfn#D_UQgwx5$0Q02PfEcKV)Bg?8r^@`^o19 zfWIN36-ldGDhggx4lQMv2jtAGc$OB2vKlQljf3oC!}b%HGqFf^Yl3d4ofsFV9q_UC zUpCv-_s*qP{e{x{0v02cS~my2UBSwrnE;|+-{Z?O_|yG#Q}$fQ`sZPtqj1QFSbB)9 zPd=n(oZnw!ssXwLM6)}I9OWYL-BNc?&V6J%_jhD2=2IBS=084AeAsq4d^&Yef4WQ0 z8P)+?{n|%|n|UJlF{lvET{U5@VX8~GNuWVG8vdUn(fV1A0HZx;a=f$ z)64r-^8~oZDy2^b7BpvD*vc~d!9aU-*E*~PyAKr$I0_!WMj9j zBaNC)FTqc#l630Y3`Zyjc(M6tF0_0)S(S~>ZX|DRo0+2v*1MNx+7_6N?3@j*-WDD- zogN&`U0Xc!N6dF>Vt8?3`$9+wz&9@985?&8;>X&snyQjXa$TBGbJBHRo*$v+zj@Ca z6A-$BYr1Y8#=@Tf`=*J5ZJWs{CVzk6X@(r%1IH_vUrz8iT*JgD+y0=7zk8o1cxx)1 z3Ebdjn+e_40?{cyL@#B$?Tv5Ed>OU4oeXTsZ{1&C6{kZZnHj1fi+iYjpTOe8rI1KD zqMr*jXCS(b zY4+nI?8`N^&SmX`#x1Bw9OBro&5obb+;@)$s3}+ihvI9|Qf2kT$dJc+ze{8Bvo$s+ zICb-7xk5%T(iU|5j)tvie`TWJ4Zs08MBeyaup1Dtv9Hm znhH)h+mOh9&K>_XyEEO3-ShsD(`{SI`mKHxXJ>s?=vzKMVK4@PjI%w}kFfIJyw{-y zC?vbQ#5p&>!C!#SMYqlTSo0CKeOdOzh;ZXn!5RQ|d59bopMm6IKOAJYJis@aCeJ3F z_Jxo3MYl5w>nx6W0kg!>3)1&O1anW~UG!_|E);w@UBn_wtTqUFI48J;H{u)2G#-0I zy@C_=7lQJRk^H31ph-S-J<_Z?sK)=kG7eN|1URoUZ0nJP=(?KrTR_f&zR+VWP@m)Z zx0<}3vrVBXJIliR*1{Hu&U@y)&spxfuMLntU%+A1`lx7DAJV$vQ|oL8Jz_H{MeL$D zJO;AD(?v^8aem+3Z_4YZzO@O-iDj4G)M~yid`CYkCJbHWb*ynrF4qQ`Vu#0V+-V%LWGt+w)Me?T2$%Rzdtai1#{b#&^Ts3cXMW>f@6lQlkY^wAj-zGHlLnwxrWPS|J|0Q{3nWuAlZAd zz6|E-Ec8#h;&4Nq+(kK4$mWx4XGU<`YeX*3jx^!m?zt*YZDyy|Hu;Ci+qL;~eW=oP zb!5)QI}uqP-I1;H{JD`M$mj9Dn?Rr*4rsn%0u+9)9~%-!gZxUAqiJOm?G9FmEd~>b zHmQ~M-$kWPhtcDgNztXtHa!q~?K2?V+%imm`uS8tfgI_EhFJ4f#% z*l^nZaQtX80OhtutIJPX13xQrnDCMYYvM01H(H<;Jj@xWs)SXV!5H2$=s1#aAbKVe z$*vv3wic}r{bqfH)iloC&XbNWSAq7R;7zl^FPM6$Trp(?6*@d>cBHalD_}}6MYh72~q!pY2qGNHD5c=N02T+b3OzGzF z;+I~(nU6zk49)a1I$ld+=%oRIM=w`fAwdJ~w)eTRnE2?~higv1FrutVMXr9`Ee(<` zjVg7}wNE90JRme7vbYux{|!91Gs%7QkH!<(-SE^c*1Ox$)ha=Pa9bIZXuVF2`%8a=%Bh-SF4*7Fouhd5tQ&bA1Tm_Y%Z!F6b8cz+f=Z>=bxnGH?oXV0 zXpuIEKN)7E!(sYzCRt-|)-9>_|*I`mXaQ{b#iav4C) zbgJaEwL9*udBg-7{g0G?^gQ8T$u3$J40t^!@LNWJ5|~o$hF|>l+5a`HB%pVX22(7? z{${Ok-|)wWO6o1pA>^=VC1>~axkL_A650ABMO=zOoYYbyxdX6#o#>KhL|K~|H} z3PCcE=#t9v(iM$oBFhQTXqbeFi0^CNpe@awF=Rx=oTt!bZLpb zif0bq;>o*D__|_r%FIWzo#ea<3ND7Fe}y{y=x~bpHOYlC3g4D`b z`pZ&+wN$b{4&%>k375ag8V~+eWaW?Ce)pj?k;jk~5nD6n&9uBHy+yw*b@#mM<#>P6 zVMzNOPVE_03A2E^tEW03yW?+oQ`=+3s!Wd)OeZVBXeR`0^1AO4ZNGF{rOBXJXbNIi zY&sUISObY++4*i|<0f?`HeoWL2K%U*zCt zv?9LYeV+&1yw{JHmYZ@5UVAs~H?t2{b8da|`N$MLUt>*+uHp94NW)4t6wg#czn+_I zN9{JVA+JxnQtu}j^b>40)D|Bsme{@OuW3SVm*;&k+?+AKD#+}gMb1V{hCfBQHd>j6 z?R0I1*eY!(wI0Y^o9@thJzz^D(G?)Y-ozUjS_;ECeu4*@f~+r98wDQKR1~Fi$yn?5W$rO?JJjb=jKA1 z2qOY{bYw!2&}`24(#tkq z<$)UO3zcv*%Vi+>?LKkVR+YrnX+kqxmSNNG{PD8U{7?oMm`6^~cAEPS)HfzHha&IU z?Sjj%Y6kYBZ{{m3apup4%vG*3Md&tvqWgZPMZN_DQXLNvMee-`N@6ey+}NvUWaX$J z29gj73Cb_~;{Wiml79*S@>%=|6US8Y;F9kI8w31#Blm~_{q{R1%1k5u_dwf1lhZ8z z2@mM>B%a4)Yd7pIhqHr(5RQAJ1|+WoQ=fjWi&qhR|LL9l!w>XHfFx6e;P#7~?-#vj zQkegx{hd;%Fxty4?kqZbHO--jAxc6x%%Ei+Iz71m;`nk+ZVpy)v#mPRR z`mr2(=>Hoj0&@)tbHBf&c|X+JjBWk;(&(j2`cSxtfjKIlIAx zlYHHz6k->WeA~ua8G6fI8`e?NjgzT8y+$H;UY_23Pxr0;$7{A9(LEcqVbzy~LJQ~( z9X0N6??DlsN>%(Y2mR+rd4iraOT`!1^}Teg2@7-L676uVtVx#pTEuLVpL=yVs(x>v z_mX(Tp27s?o+jV=QGGT)aZR2?Bha3EV2QQAW;~a2x`3rkTGFraiz3~Y(0YMJlQ33r&MS{q?Be$~OzzLZ@^2_xL0=?6 zJ#k3?P2oEpP}DWO@z*S1j^C~om7K+)4#g@Vv-=thhsZkYbNOK&YA9QCxe}&BR-`?l z9ed<*cKc$akn13HqNdWVR%@m$wSTOQb(M=4Kix@guH+fg#6A2v277V&L=UOZN%qKw zjRnC|UOemlca`kMl_D|+>9^qu)u!F2hL%iw=A+z?-}Rl2?x5tbK12JAH!?Y%UI;A_ zG$(98{QPRKCeUf6n)Sidp|XdjDCb6R&Bp1H{w`A-DFU}#xNR?mxpFYTuexVR>Az#>?F5h0D@$6pqYUbPGP=L1J!Fpu55or?U*P$F)+Wd3&ff5ghJ z-`l0sf@nQq?|o#BnEV(j*9i94#`h(>Yg4- zprjyTO96P3JImX|gYP{Xmvs$z&UTIrWmm=EV$2VD8}whxzx^mxKR^xP%a%FRRfx^Z zBQ_cz{dS2vI<>U6ONNQZ4)WwbXm^Q-?)7j30)!6@`=D&8W0_U_s`6zI^NqPIn_wXS{} zf&qGkI1LK%;7HgBq7b3S(uthT5;`ppg?00D6Q_pr{R_v^0uw&Yuzy)`bROd^#o)Ai zR$>J7sL>nkF259M#;OsoYBqE)6S+KCyEjBiFt+U#kK!WY5?RQ{(~on?kzHtAc1CAi zt*}2(xRp-3)6QkP==O6_njh$S$jSPgry3aMcFlU_Q<@SCsqkPowGS=h3L`$e`qiFpfj)RcaE18cTOCdH$YOG{MSlOzhG_DED=+( z4&L2pgQRg}np$olUc`-V(8QoCU7(FX9t-wmBAvg-gcZhg)5iW;bn1}TG9t9luR-j% z>4-_{hx=xqn-bEf>~7C;3J+$nm6gX3ejz|SRWkH|r-J*5W0VLAq_BH+3S>I4Xu)Sk zE52=T3;*>Fpw|r!P&3>3SPLB{6!3!BC#Uun+kKBabTEo~<+Q@3zWtu7v) z-&`t)l3`<&LHN6*@^1pFw7@MGY|*!n{u`h%!&-*G(tda~*Yz+9IN3r4Ll zO~g01ZP9InhX;t4d)m&h0(@dAOl*j_`Fb zIiC4>a}(qDY!7ybZ|ZJ_DO1FFE|Kp8^+7#I9iGrv!){{QkL?D9mvSg)`awSg2_MXTi@dc@BYfIVM&ko@0{aRDWG~;vdv=Me9@2Y>uC>SLnP&CO}c6k+pNjQ zf}P&Z2{LFNPL#ok)h*--v^Md+p{+G!zNs)|_g53{UNm=)Uc0-13LDP-yUEG~N@fvG za1Y;m*gFOR&5?`J1NHV>cpB#|5>8GA0$8$nvA03sIU1^Ao4mi2b>%%@<6C>Eymq@^ zB>jtg#@~2}mKvD5yw049cIJCqYm+qWn}<(Hwg&{O(^Coq+R`-IVnG6diPO{h%0$gr z6%pFHc;5^fuJGvc+`er%@`U^4ExurP8?{Q_J-%3*StQRobLq&jQm6ToGA5PMmv3id zNCRFB%#lSs{zQu9kXxKPaW-eVq@+9+=Kqu7bY26{UFt%azSnI8F-DKh?dK+yB|P6) z1r|8K`gfVa6B4RcrJ#l>00>S z(K-T+hYi+(z6~}Sz9BnShPA1xoGxxW^;D&)mGBp*;5`gLXvyg*C(G4pPXbq={i_1p zAHR&74C7=WLXa$KhJ5`Y7zRm?XKT9&f^Fr!8#BI_-hxdgh-1GrmtE&eUDuHH_JndJ z!^Oq^qr%2eh}+KT2I`6_zJT=(YwT4wj=W_vB@!!}W9)11@Y&ng_hKUDGjd?C>tof_>aRL!#qzxZszLDwD4sBizcf*$qc41o59O>3kP z2>nRcMN_G9{NVwLYGt)^j}e7$9}tEyW@fUuh_>WNAkD*Jtg{4C4Pi2z_;=Gkv1@Rd z%8Iu~$G1`BMtxA@|HIap!9CH=G{>FrY0D0=^zUqs%tlb z^9Zxrlx`&8quJs~3-pHmDfb!qXnE?HQc*9IViQ2IlpQhQC0|w#^CY3WcP=)v-9JBq z6R&v%_h}K9yOt`oVA`q=;ZS@@{9Sut#Eb*k;HOAt<_OWC!Z1UB&Yw>15rE_#L1FR6 zkF|nfT-@vq%xsNqf+LmA^&3|F6Q5G$yd<4ej415RNzHsUwNpXj(JdrJeAy#3b!kVX zzVmo~6Fxy=W!+CE=c| zoKd>izrl^aC4UY;HL>}g)~g3MmaT(uY*EykC#Uqjyh9rWf?U>Cro1exSZ+8phF{R` zp7mlh*xNpqJKkeRXzI}DQrePOW`wVTJ0CfqCC5R^0^K8~jPahv;-q<#P?WYOUTfuZ zEP1hpHy>?u?HTE?6Kd zn^M0*7NnYDjz$=06ZW-(9MWm(;+@r=`QsO9trcm*M4Kh~7fffZZEcQe8b5}XPe@dK zq6DcFHrPF^gv~!ayqn-kN!T$qZ0^aszNgIE!mf=QSei*EgD9DA5;pd|GWb^^>aU40qg8;KFsFt8$;gJUD1BY z)wtI0*(s}?kzM6N>`s>sIX41yM6sjCdZai-!HDLOZ#iw^}M%T^7RWSa17Vp5rUAU6Si8nuMjRN;8M=|&o$k}7>7bP#3 zTz0H^fhSC3Noj{4-lmdkA`lm82|iNAe`LZAk!5|~bOf|H8Ss>L)})PDO0lj-^Zcx6 zJAvf2W;N-+*6@8N0{9v7E5^nb?t0^|HTFCc@|o!NB_f{Nx>Yf}0c3r@3Nw+|^Lz)O z@KQj2IyA5aAoj~=_r6M@9<7*;I8qo0z_FlBP`4vn?}bh+Nm7e{X$BZ*eNn;wCYhlC zK4-Jn+3?nmf>?5AtE9f*U^4F{Z7ZGK2faltKu6>3k<9CuSHD|O!N8> zdOhboU379BShS1?aYfbIK4c!LD7=d4wb&wGnS+x{Ym+Ghsl?NdWcuPsU=&H*^_S_l z-OeiGovq`ab?m*3k@qZ`#XX^Fk14ZvPR_{9wH{QCy(~pmkOx~fNKsLhhe?I%%o|l%ql3L&0~61y0a`hlIcvda z@aDGWD~{A74_!gt&i-W~B})}~49Ae z)g#(ArvD16zorH%i1HvM6_p*iyH`fUUyihH-xGt8L#?hoA6M3{5WFM??9Mo#7ajz< zzfpEsEj;q1lqLt$y--pR7=ev6Qgu;%KqK*8#?Dwvp0m+A8|>`aZ=?CvqQBhL)rKnV z&*CQZOv~n}@8>UiJhL?loFfRnd>4)WvkvS5WQQG>@3XEcsunC#6!bjxHa#O60Qj%+slXM!yD@dKsR%WBe80x7{q93u(Dz^;#UiR*v?KO*t{EspofhD4{_1Drxifx$3Oun9UnXnJjSK!~@in zJL2F3CTUmtT9+{)l6SqQlD4r-AaP4Rw?1*6&i|_+2_bf?%WGu5mSFhl&6#kF#7Frg z8m)RHA_hUdw%$fMCq-*q$4Als<`__Yf^$+*WUCk0Tys&ra9 zJM%EMs6hL`<;6~%Eb0trkO+Nf;d}QHU}UA5eP8vv`=baZy6kvjHL_b?At~bVOuG>6 zt!H)1+gmQ)w<2Nxt9Jp12q|IH@vzCp+;xh!xvu%1@(v3hLCr9vpszz%fTm&g;Zi)YMZ2FKPLfdMm$18P#YAPucedvwzgI@_W+vw6>u2Y(9@yo(=6<#K3G|k)& z$kw{k|5UX8KZCX`i9}*>ecrn6>d)0_P;5D~!4B`jx?!M@=q!$1ycxzdk#^~Xj2sj= z&Pitz4gL0DjWFw~q=F#Y@~y%$^LE5wFf!IiMBw8rDEpcx(I#u%$OO4|Ky$X&OqV8P zL~V#0Le)_?gn|OlE4dfXKAUpSsJL4%z#-6iuQ%A@Mn2PxY|}$e+2D=Ym3kXDLo=ir z?Qk$xF4dOcUH>m({{L4_@Yk0;dl5dkb*ZkSN>crF!)rtfo6v7rplj7%zxHp$>RkjS zCA*Z{Gw^t|)NFKzUb{pXeUDSeA^86N8A6W5U6ZX-0K~KD*|n6AWgnM!gGp#(OAj*? z4B;t*k3jH35V7DP;ve-Q>rck$bH%9R4`RO#<}_w-y4k;PtXmy%V=E^)7g}2K=EfO{XaNhCXh^Lj_aE~@j9M)2-COPyIsy7>wp2n zm&AwzUr-7Tk3?IzYA{7GFry9+9bghvH91t|^NKCUC030>3@tJ1?Sn2-5@aeW9AB`I z&o@|4f66#;E8{Sy6Qh@-Urtr|QW+9|}5VPEr)7%d?_ePc9iS&`LGuJ(y{(IZ4phQj_Lio!)59}5mkTK zWsQpZxTU|(0^k9vO-h{LFwr0WDC5sbA3n1HL0c!aGhm-IXB>^agH~(dZHl(ShENlF z4l*-jP0&SattC=Uz+35{r{cT^Pmv$$>3QJ{%;xEqdBT^P(lZW=&N&Y0DNGMPLnoCy z&^EE=Idm3wJ<$FPvFu>uC?wt#I|Ag3PDZ+X`EzCd=x@;bOXyy`r+of=jIf={e1PhW z4&(MPex$)C&M+S7M(QLQk>`CvGN66`Ytqj9Ll%^Znt($Cl~8Jzujt9fvyIfF{l zncEPna=_G-JhQp`?cJevyYK&isBaZDwn=tP?^V{;75|==`tre|2ex?A>X(-A`e{b^ zqhs7p0hi|#=mqO(tHN?kIY#Y9#||Vgx7p>c?4$n;PK^e2P`;e7E0W3ulCbOi;)Rjz z-Xfh*UU?R-_8tdAk@CZ0_7%xTkhU4wBcYaW1%6St>1y0TB)3$iDl$G4LOTJ65z&Q% zTN}4d=lRVSMkiZG&XCw6l!;?RAB{Jb)r{~cOe2EhnK5*>J5Rohs0 z(b1GHIgXZVt{>C#ndDtJHB^57Hzx!b2o3eN&C~?&<`SVu>{Vf<@l>MvH!B6SUpc?0 zJlHq;tVU);^}iCk7EX|`>8s9y;tnfr0w|~o0n}#w$NcCjF?G#^*{*6Hn+;iQo4@fesjw2HKcO-@t_3Ds{ClFpM*&A!x)){_~r z6U#HNJZ9!4n9UiGNm#fZ`|~Hkp%-bm(_mDa7iI>$s> zis-*5v8nz)b{XvZYuUSJCAL4%)*smc|DECB0K=k1$84qXVDS}n=`T0aAIXBG&dL90 zxt;n6w858VKy;i=##p`@8bF%wvbz`H_ZhR#{2J|qx1_Uax9!z2vM)&sr6(aHsj%l> zf=nNlCy&qU?uN33*Bx7HpRd26H3sChICqf@skL--^ z$b(^A^Mf^Qe<@zkq(-W+;+C_{YR^;9v``L-OZ7e`gS($I9JpzLJFmM5S-3gHbrsTo zaZRAmsstQ;agm5R1x)%IZSaVI6V|U2551dR_Rqueyg%(`s>p+$X8q*_{Cz!~_^(t> z!phkf4PToUcxmPSy@7V55=+Cwb*uJ{znqHlTzTRsG4$nrnqdol2lifkGgT9s4>V|Z ztcJ%8ntX!uy%FB4%FQP!@aS!V?PMwR&2dWo`PQl7J~MfqJw@Tz3hJ?hwfyctZs6Mx zrq})DhM$p4Qh6(b-XWL3?tLG;tLbs0dItr1LL{+%jenh?L;g#&`C&)=iUzl8=@fbM$*RBI=^H?&1EUouFWRC1`&ItwQ;9H; ztjfT@vECc0o7t(}rFgh6vg7XKyX#_?X@ZN#I{}jKuXQb{-Bh4A9K55H6})F!#`0e_{0}+K4?cJq(enfRUl%O_`h1Cl-J*@ zn&6B~^Yuq^iB_7WIZkiO0XR`~2omou>Wt8nuaNf~I+T7<9eKt#-J@zd^XRmxX4DJQ3xws3u|iUNkTSh4c{ zw*w_SSpoTCD8ES7&!5q71{rYMf8T`AZY2mdSD)IiR{s5UePEE$hF8vpSkQWW7tm)R z(nISsXsXs%`_B zIma;<^QFk$`mx)2=D=sE=eW@(5?_mC7tq!7JdFMj;{M!*KxqOnr>%PRuOao9_^^zF z$s31d_NLNqOfW++XvUZW3GhSSFEFY;i;W)wB$!0G7UdfOYTH6t(D^dC0fGOCROQs+D71aOeu^L{0 zX;5;#i8lQKe32oXu%O`GXWwJQd5dMWxUmUBf`0_}VYcw%MoC`v%yLhFBg{X?Oa_`^ zMwt-sTU!uTo*+q$Zsa=ew7I}ctXxS<+7wjw;6DdRczSW?-KH?}@zt~ug<3aDA6pvgP& zggrs+Yr4RU4}Q#l&j8PfH)V`c|r3aI<7)R=f z76fBMP!ouJA6Z9bYo<>pRPWu&MKnA=0~bo5^bADK;V|V8Cg5(>(K11$(te8$BHq3R zewGDtzjuK(kOa@*38Jh|+y<_}g73Qe1!iU#qCUj)%R-cPk>A`J1Py%YJfZ2qab+z_ zlJlDB5!ZYJ7R`4kdW9Bt^GWT+@mM|aU_+oZ7EOVrYkkY2Xwo;1c)Qy^=}XR*E}PW2 zUw63ukjTws+6g4TS(=H7zK+8X3Lmo5)BZ@3)61NGR?$SDB^av#@iGv>xF zsT*6O(e|?GXmJA$p=dcl&u!^$JKG)UkW*RH`;Ui^vCI(&)wdvC3LziB~ER1`s#`L1E;~%AjO5$O0VXLnlPp3Fctek zSeB$AN3rf%pI5%2+ij;P8UnM3oNxnCKfXEkCqx%%;u6QFk!Ja?sobv%sjn=h^s`TkOUayBSASt+iEZok-U$OyoT zWYwsVzJvx9?Iu%`5T1-2!%^|hfU!*TgiZNs$DKW@VMJP!XS`Lf@HfAaS&=Ibrk4** z0k~sxD4naq$v5le4h%Go0o8L>P=HaVR}Rq4wHXhOe?97AojY(2msI0k_@pOU8ChWs zFfY=&Ee3T{3ewigtzKQ|7iFH>rm_#uN`468 z0PzK==W24fQ!s*X_s|8hMOvCTaBv(ZEeF*Zdf!nn5EGM5lkC>xFGPpxv`3*$a=5e$ zuQR>cic&sErE)h_DMn0d#S~w^WC`hM3PrbkOZO4QZoFsY3ye5W@jI>6Mvf{P_Vhb+ zfRj#dS^?T+lNQ0+pq9QI&9fq>>)QIhLfV~Q)^WdzB0x2#R(A+qC|j;b|BEJBq(Ev# zk`MkY?O!B`1Qc*GnAA8ADF*CS7E1#ZKdVvQYyd6LlTLrA=$RyMnFcyZkl9^`G`FSL zRf0=8q>(nDdifE2{Npk!p+0Fi02?Q*TE^Rp_5ZJ?QpPA{lxj z`SFX@>4_)-dQSS()R%!|;7oxOEC>3+E;WI^moRu*!D7?ZeEOJk2Ju%(D$88V2;DF7 zyim0haAx)GxB&UQR~$j{=7t6fysGHxvj@%%KPabPSmd9<{-@Sy63q-!f>!VQ<+=I`r#2X`ibQ}=E75bC)(nZpT#Vn zP}d-zGQ?xjR~SMjzWM3n-YJWFOl)+2pz-mU19^LTD{Hal7jvv3_l8KKgd=~`OL!ne z^6vvAQx&C4$o~bD8F+3+v*jn4H>ioT9>>y~&t@zxV(C(EG~@bpMTtxrd}|kEUT*n( zesJkVc{!U(xWV=N%;e;$ph|uh_w#HRPX>rHVbleM7Wv z9~xGQVNt;HFW+2juLmVh+B*p8gN(5rr`v;`Aa<6ke+=?@s-_$ejEQ+xSpc>aet8m zEOaPpprxl6q2+Wq%1lN%G;7iMQo8L>1XiHGKr$NlXo6Ai%OrVyIcZ<|hu<&8-^~Kg z6QrYoCDxswdb4@Ww7z6lCHn=(1i50R+{d9s*A{-+bx4fICBtoR7>Gu}a?cN1 zQ&DKGO$t+pQ;T!#s;Y`}v*;RKvL+v7ONKv6e$2%Y<;=MBI@8&4-3&%&@DkY&(+d|N zXg*yu(Hp!@xoAWf=!!dSe#3fa&{AVyz-Xb-OnT$gv^Q5R53@H%h>wpynq#SLI9X6@ zb2uY>ljLGVOBzA7=w)NFdlBK1*k-s*Z1SVY?C!w9a0i)MH(v1@~E-A6sz`*yYtA%1*Li@ z`XkFObB`0g%lL6u?O$GDTgycYl+)(VJ8R}8x~hDt8`R@NIKHu|{T^jPL^>gQNyT8b z_SGgz<2`$=;Mz+ay#I?Wdx^hn!<;WtB!Q)!EmQ(KupWh+67|?{U&ok~`8;MOeQM;S z|5Q6eJA3fCw!v=;XkYf{@T5FTbegqVI}9->J-9o0DBuUhsG%zIWBfXcXFB>lf~G*NZ!nmPMNu~EMEuB&+4KSf>_XRLtIAc*i~h3Tz8*7=I%Cv z_1d&Jdl11xrjbJxpQBVrg)5#>_#_V|^N%{2ok9;`%ukm$qW+8s%% zk?vH~SYF-A*(%&+q+^Vx7ji4nR|&;4lQxme5zbvW>r8zNFnadn*T@xGoMd0 z4M$>0EZNot8L(CiCm?jx9kp$Byb3-}%)5ir@oB8EFEblokSn$a2jn|aKDpZJ@}(dEc}(%l}dS! zE(xRt5xc0|>}?jV)L;K8v273Ml+;XXxVmfBT})IgGe1mDRW8p5g)CIA4nq*zBa~NT zld7{}BQ{78055nj%xpNnF_>wvOy8RU&YLCIkCJZh=n&2(S6$0e21Z{8F%@)8t~&=3 z=zBk3E)f~KJ>0ef8m z7LR5%=?`CfBi^G`_z;A5SHC+wN-m!qL3-Fv9D0Q&WCiOnqP{P!FqN2~A}dfiwpVRqSio&B63BqLmP@yRc2FBdtgoua63IZ?v&cm4446z%t0F9OaNn+x=1{ z5-rS-BUb$bZzeGjuh$YnXOQ^HIM;%js@u$VH1v+9#C1ey4xw1gtly2{mG|vp@GG9- zkAV}?e+PqKG4fCEy_*CL#M@<1vyUQGzewLMtW_nyHtj2Z=xT?+7Md)9T+7{5g9|wR zXh;@Gi0!Jtj`AobK*N-jS!OmcWHl!`)oV@BNX%XKC1Hodai!~H1PRKE`#Q&nhWm|t z>YGZ-tWNx#hu3@4O=KAz5gPCD$Upr?QR2yr{H~QNNgV{~XNtwS0Eq(L5|lo{_vu-- zP@crj!@aGdt7x$W;3O{fRWgH&%=OQ8mh6KI3={+sH z^L$n~A6_T#MgY^{0MQ8{TTbrzErs7rN}2GgrMpWdwK_VIJ5FVV-z0;?ve6H$kmx zJ~{JqxfqeFtS#TQ*PUO3bRhjK<6Z7-!}^uf;KN)av2_%hc^l7M zi1~HPNH>v$f0a^i6tRPa^9X$@>G$47)ZQ=39MpS_kMa-bFhW+Md0*#CdX#>-6m{5q zOMs&dhK9#*8OqAOgY6kFI`vq!E^o;!N+9;ZJ^RHN4J=9@2s>Lv@!eZwpBDcZBb;rrDjac02MTsbif#2KIj!`7~5 zZ)y1DH%D3Yr!)AKom25;>mPzBUaxB;SND3sLBNP6$A*&Bm$OYIXO{)@mHCqs&v=$L z&l1}u_*&lM9N#0RC|y=`bUc*eBwT#0qTSI;j!IX?%t?rg`(w~D;?h`ZYJ@|-7z^R> zomPl~rghx`p14RChmuzIymtbVwS_-rozVg96K4Pt8MiMIkVH8O9E1LrhZ-;B+)rXH zm~*B6i*u+XPj#-u)RN5ZAo>Uv*mmag+Vx~2B&=sECEg&6@L^OyD6ujEwdL!iyVew= z;RItD1YMK*W+Yg?Fy5e=t<$r%q3PWK>C?|jK4=ylae^x+&y2XNwBq` zFixh6qN$xcC^h7u)YQs8w5GQ(nB4w^D1ZOc|C#)xnt=(FNK`-c2S3#wux%jp3AQm= z$HhwJG1CG#M?1)1a4h}qLPLy9&F)(5o%u%CFqIdct~e2IQ}0;cG}?bKu<|Z*!0q|= zrkPQ<=cT@)ERS2VwaX_P15Jct3Y<1DjP@%vVSk}OOKCa(X`ImPZ`+gWeVO>->MCuJ zZ)(z=rc)JpFMH0MYOJCI|5W}|;w>LL=-iA8(oxTy=yLQ%t20b>Peb{0egJ8ssA;#k zBFavBKcHMeiz)u@cfJE4q{UA8LGg2vA4}mY>FL$5!dgt?9ulh4I*v#W5BiqH*3nEV zIoE;a<0DEKL6Y)J$Es}hrE$*H_^>MVo|OqdKaV~NOFAbE;!XQkmHy~EEmb{IBBU50 za@d}e>Q*8t6{T{&*D6@5X4ug?)q(A^?hC77Oe8`wWnW;Q;Zj+$VYO)mAPjs@PzkAS z8T}2i|6{{akwCM=^W#Dgvqc{=kmQEmz5+!?38zyTY(A1238W~Ok#ss^R>HzM*Fl7% z{Vk&MqBnQLb6taHPqegYu<5DjJHRj(fWYq8Lh+*`mp5)YisUI*{nXibgeW?LKupmB&W41P6pp$p6Ry@O6)ed2 zS15jn$u1kbwGUa!x+4sb>n#tiJEiLLW-+v;lPd8H=IP{R6%D?5N zDW+;(uWWMswf;0YzZzZR`yUqVokTv!ShiTW^TUHg`$i($DI^g&vH!FKloux+=&bz~ zUgzhZ1N;BE-tS`R>*|{sTq6rn|`j zQtLIrmMbSb^lep&C z8XBr$RE0X0?LX9=gPlfgdqSASCnV^%r+=13fd4~l`kyiH$DL^jwIE5?YtsDuah|xA zlWg?OB#XJ^&2jnH1bIA=Mz&#W%h*Hp#1mm{KHpyMM`1_15E5Q;kQtbicmNrGcZhJ) z8zcft%VVp9miN@UQb*@tn1R17)c}t$C;`D!Fer&h4*C&E$D>=yMhXeen`|$226k!$ zE}4yuXPwwW28gMx9sN|SoWjonBtSm%5s$Rc;G*{pXqV|8zAskz#_Dl+u|u6B{wV|B zn@OUUq|&yTpIuqyt(+B@Hlw!r%(a^1X&*@K<7kByjm)EAqL7fKQn7<#Wk==#m(;yw zuM<-Aj@9jv45}rcl%ni3N6_xg`shkYm!ZLn98gH%M$3yw+6vcl_5T)0Q|myKV*+oT zZEr{40B(+ALf!hQG-O+vkRPx0TLn={ycW}LqBTAd(~J!1$L|mhjcPOH&M|vS&EkPN zXfxn%{1-H1kjRvTtk1W`a|0MxaO`QkkL1v6>;(n=Oy*0(?DnR~nV4q6VN>3r#uaAj z7pLPlO0KqG8bW+X&1VVUlRFGb-242{)%qDcBPT~dN=hmtjQX4djUlXm(zM-3R{fd( zSFMKP%Yy~ndi(t|j+4_5{5KVHu?b9d2-j1?LWR)1_Q8Q@*&k(Iz+L)12L3n$DwTjsHzxD`d# zoQ2-T9BSa1Fy3!Dlqy!9OlYz-o0?P!1;f@JZ#>B0DBipU#UqRH+*Hr?FO#L=BvGet%qScI;vy+vho$bqU~hTnG9YWA=UGf+4^6{p_q zLoKu3gs}~6mPi!Kp5C`RZxW8I+Mn&aMpna7t+Qh>$!lm(xwg1tIeBnC6i_=zYnu&3 zj?e0ON;`&{@8X4^LY;W(B`rDeW3HqW@5(eA-@aWFwzLdG0Y6*CunZ54{Qwm1Q4iTk z@z!Hy4Id?lgYMlP zW@Hqb&4N&dgoTCM*R667E2d?%pnNj2vxP6Q8g<$c<%LyLTt0B$Y6soB-wtqH>wR}o zJUe%BFZ0*HZnQ)>6* zZ=O!LB^Kj~$*X3IOzm1D$bNc)NUBLMvt@`<+54jJ;8R%77T-JGQ3T}$LT4T)uEOIr zcM}eY4aP`C>9odXGiRz=Ct%FAN+uOWUBp$@C|qEi<6@3W1|A?G4g7cnpA~8`g9?UO;8cGyxM51rFFMc+Q5tCq3zcq*iE$6@;1f}bH*H!onJ|OkB!-6DR z%DW0H$Ef46Y|-e2di$OiZ|?JZYfgfAy}eH^613MF?H6SP(S`aLz+BDnbYssaHXnS# za#}2!jyL9>fGX9MZw4lvT#b1Wa>Wxja|L?(iyh+NeP zjBj49-fV_qP{vaVo8` zEsSs7w%+Yez6 zeP+AX`F8v9Qegrmf&KxWww6oLUH_FJJb??X+RNkx^+kvCsL%+K$N~9_v3m=9BjuMliF7ct_b$&&Ph^$VQ($$2^V}nKp5;Nd96m zL?Y@=?8=Ne8b2?XFOkK+YE z?IggKC4{M@xk4s1IEzagCYu#Hg~KZIyT+0vT-J1$1?f2X!y-$De4`5xZ5aIerW{h} z8i|vw&W!XAG=b+Vyunyi5{C8OaaPvt!<_kAi|2io7RgIQM8uxGxD@$&i7|NST$Yl9*fEgEM#}~H!CYzwT}nN>y=ct_MgutI0_@ti|c1?v_Q4Dd3n7j zzze?W_eB@x8L%~MONa#*sFdy<^}?!=#WKvJw4=~V0+K?*c2RBDvkH*qftR{9>)!e)XM{el>@jYBO;>Q* z0FnKDT@iTx560Z!83+kqHEJ$9zKRKkRTd~RWpID-!vKDYi*yF{1$YPpx~Aj{bV2xo z`VXS;81Z#@8%}5tsN`EIACB|H@r2C6#1|9fHJlzKHf^S9<1SpoT&f3Ajix+~altdL zri>^1^NW-(tL)(i^_KfovWMX(r5)J z2Yzi(KZ(kxI%Aj<>_jLZwQT0+z0_!8VYYx%>oV!SD{<0g~j4_372y9OvTLN4NF{CYt<4 z|Lga73XC^ft9gmp6%{;Y^@bTD4`-{ytKUpr?B~%>T3qeDSo-1aAx}3Pwl8W$las z4V3uefjr=0ANJ#w*W1%q+Vwy63HVz&6*Hn*TWgmp4!AqE^fOz(b~)MEyk4RQ>hsIWwS`#WmyZ(#G>frP?H)V=YzIx~#OryCg;Oo`ozq1yu) zGp3?@_mNt66x8vt(UJ<+a;k8u@4+?A9cnR0G98UdK-?U!F_?YwZ2EL_kQ!5&{m4Uz zwA5+B|3p@no#Q%kEYGC*ut-_=`yG>PCr{qU)n=zxNGHD$<0GSc?VXllrIsR37b*JQ zu{#@{n)v|U+J}VCKc6G@AJ!t_3_|A+S$sj?D)RHQaR$$IbNazkqZ?cH5bI`xyIscV zbDH3Fbp9>u`w#N;xjLX>BNYLvx$hQldcm+T+os|`>o%|^4a`vBvAQ8mTWR{rQF z6X=e_lef0H$!nB@+c{HV`Pqfub_MQS<~P;C{o97{ktndMt4;bnjEZEqd_ql zl$YI{+m>8+{IYadR3yY;1LH7EHzuBpIdo5%U_Y4KrDrD2!_j z9;JNYpR=(Z^;<4_(F)}9Z4O6-A6#Z+tyTx@yFET~XR6l2?66P*q6?s2!x3kr$}9Vx zUS`%=K_ppAj^zFK)%^P!r$GX6ZA0Vq^IcdfPeg5{=G=gFOwrZI8dRB8nrSlUg(phD zT?>T9mCJ8?_#46D{EUp4Y|jf9;$u%U9oZ}Mk%`@i`VK*7L3j?F8W1quyAk2?c;7$I9*_wEp zlZop(p@O;a6BVBVXqV1>Mu5J5NAmbHJM;&npbYScW|HU-B&07K3i!CRqUCvO&w|!2 zz7wsK7_S^ZxM3}PeK2A!luyjaU3>mL`m2;GyP5)C=D{r6u35F=Q`@YEjP^1!TI06i zZf~s(UiEGCRff5|PhexFAJk3+Y=Lv-Z1v$~w>I`hE(?}SzH{4dM(W!M^JA=COvt5u ziP@uP(|--0{s%t(Baq6-r&>l3j21uUX4M@olq(0eb?NnncP#Z{Az~MxfZzBe+q;!e z&T_-XUa#96JFvb#gEgG5@nbzYN-sOh4mufFiF!z(*>ok0QMV16HVLa0+xq{h>szn}5q7#QNGyE4wTnqClKt!($Try3= z@@OZW7ND!U>#;>5hnf;8h8k(*$m>tyaTnjTZqQ8D?RDV;iNIe|LqB+ofBx}wdI$Re z(dtwp82wXg##sT`K6BRWsOp_hn~ysiqqMn812c&(h?Ja?ND(j@dz;EQ&O1jMuVQWH z-{8s*;MTVT@v>pY4xH>u|2MWdLaS3IwmmD*Vynx}g-DfTGbx)+xmVIm4ohPonK$EnQur=jSh9XdmtzH{dZ*K9j$CZ#TSL;IVtP z_1S*n(xQLi-P%op*<~{_2+YOOOI)Tt>7fw%q?Y9X)Ui*{iu)HF&?uxdo9-0$OP8sM z)5Xm;+fI>CJOeDmZ!gFyOv_N|2U2XXKPzvQZe zo=GmiuJFJX(?Efxc+o5f4^r-2zMo9HT=yQv{`@7xXkTo)yt9vpV@)m8R>X%SrI}1& zy(_;LK-WbrF}^q)9#oMNnyzb(?pnhw?XH22+N?S;1}7-IkosVdz-nyxtze+E1)T(| zn(E?R8E3Sqj31GaofgpSy=ZZ8(V%>u9TXI ziMI&V(Y0g8qnL)8`hN2Hi(a}t04gpH=ah>GsKxo!+{+tSFACchU##=9pP$jJN0pk# z6u-W?n;O7Vcm+&l{&MTiIiDz>Wt>u;pF8)y#KdMpNHv0G+>8xcyX*VmsM*+B5rdTx zY0sxpu7Dfk?U}Hkwc2L7*Y2%GUW$FfxKf2_1-B`HBN!$LX?xOw-Odj#k->ty!qJ)loVmb*P?}3LpRd zUFo-(0$x|U2D=1hJ@WjU!S{L_C3&q%^m#KTaN2rnec1v2cyuG*D7@nWzBXZ`KDcvj z-p5fSKoI`b`^VyUkq{AHt>*iZL3{46a};F&zncc?}$ElhjuE~h?Lxm@l~g(ta6#M2r&@$8u^)Axy!#9&LREAj$TB$E8#8RnQi zeDF6|ubkbFEssZQ1S5pHW?;EKc}Ivdku5Vu!4wfoOONU7p&$0Pl;48C&ON?~xJkm9 zQnQy18bas=HJz=BIAC+`xv4Z3u}xsm&w@g;Qj02ucI7n^rgOiIDDbXlZ$Z)+4 zmMzLH;}c!L{3oEyVxl%QZb(;(bl$GcfE0epe zc-(CsWQ9j(5PvNwSl9?RpJGhMsr~d(8_)6TW>ZSBVUg&C6CqDrbQmtD&WSzm$$SQ@ zpS{6XcI#|VxM5Pc5!Xc%`P|dDV0>2I@6>32&AR+^Up$yR+uM17?$Gm-3FNWQc1KQ) zCmn%?R_An6m~bq%C)xbtvT~Xj;~e+>*0o0sq@qHRhN0@cLxdX-sW6s5`RCt?Y~&x?pkFb^)E$+c|K*v2LzZnGO)1@;_WyRTV6KFFK&48y(u8&>gMr2v^5Y?V;YI z7hSw6<4io*VhMP>=m)vpysZs~<+lQpHWwPeshd(RP(I@*cC24zmv(*i=OIgx*HBo@ z^Ew&b0DBSaO9xLOl0tv&d(%t&5(=7(#+OHKKM{1GG*TN*_SYb)Qv?z%vP+j5p1~vJJka>$)5&5#xdxU z=OB$6v0moJX)}1=N+kql!l^*LI%|}QL~dhqQ@$Xta*9tX_-)j5hsbfRd$i>L9b~72 zkf@oJ&*IDm#doBHvEPWb@Tb*>dAI>=(ENo_6(DK#i${E@>cUmOLvcmjE9~8kNiw@0 z+WVGMN{w{VtABmcDGwID?Auf?1RM}~-LX|CPI|*3*EH&+c5RgWC*yqv5(dk7A6SmZ z#MCh^u{(K3+HAIHqp)|m zAIs?m!}5)+)pYz}1^bFn$FaIUDcuoV-*Qq0he9UT4+R1yE-J(Y?6+p!|>H$#xch@~H z%G`YFk@R6$CydoMgme1{N3Imz5>-zLX&6K0FHtWRuvC*1LrD$?iQb;Oz7Y}tY03q- zQ8%It^509p{*gKmfMHl#S`F5I7U2s3>}tDY+EALEZO=9pxll>B8^Trm^*Bbvxi{D~ z+>(4p+YYby1_CLq;jBo3oN@cq_%Jwz0&m%8e|pG`!6Joq_oSE@5|Ze91w-YIUhQBu zwZFWSnSwfdrbDlMV*Tu|r;Gj*VE%elN!sELSDU@p&z9O|?|4=mE{K=Je?LJAR@2k&p06n2D74J9rv@tw zE8-Z|x1weEbTDQpON^FoZ!<+SjOFl}<6NncizyR43Y7DYMJ9{;VRJs&lMf&dEUQZ|GktT=9rt>UdplLlu4N1L2k2u=rnjTj z$J>g+F%@LRo+s2j_X=}(FSUet>|pE81r~B+vXEUyQXx<-G&O0rJu~=Tm1ci5EmM@a zy3DUlty*1drecmv+$E7jn4u0&6kq$6?=ybJ~-yjmX^Fx4hYP8Wd7TW@!}U+){@K&b9RtO$X#SUiFh z?dXt_(2@%8ZhZl_AO)yFG*=Ok5iu|7@{loXiiNUoOrOdWvjykgFXzUh(A4IG1-S5} zq(GlTMjh9{LugAvmWY@(#U?$^5@%u(;A8}#I~e~pn*U3d&M5(mT7cr?{7khx>yQ=B zrF`but4$yCuhv*9XAUHg$M;w6-}ql8&2 z^;i?Cf&AQ0{bRT#D<`M)w$6%~eV@jnosKkaCRw^Mq%SR;QD-eCpS%HyXOF4<;%%1+ zc~piDplEw=P@RZK4`C9crcsth#0jpc0kVbq23=F|jc*a;qs%MZp5b>qaV4e7vRuAG;rucqNd&6)H>9(wB@xKh;y)s^Ej&ryZm4k{4#(E$} zZl?cX_I;Eo_}XGgTX9y6Th-CKcaO_-XV5fDh@7?FCnah3Y2iUSW-UDGrFYqL9#k#Z zV+>V02?GH^bjCo+aO%yu&cKYE{UaNFM5U5$`JPrgnc`Cs5msJx`@|=(jW73-r#r4H zXDI-|tAX2V;DRHM-|bAL(*RX#ORYU;4D33By{;##$e28vQMEQSKBy^HIyq0Bb|l|F zeJ=|upz?k!4>PsY+>zXUbf2eT#U1;Wsca03nZW)*W7w5^ogDX>8w0PwHM*898X-=>0*B9lkArzowYTJU@Jz;>w+Nhe6XMyQ!Z z3o8SDFmUWh(tWx5r7sSZ_ibvdpAy>c`Wug~-6kErLe6rjLz6j>#`x923U*G+P#>nU zS;ECC@L%I_ZNC0@3oc=VYpV~F@t)AE`UXoclELC41`&~&z2fw97i-V1`3%XDs{?x7 z{FEp2Tf+slK^gh4H$S0nNHImzW&B$$gr4-a{$shZg_#ZGGo{z1hbSI>x$ zIYtzSvN4R#Yx3XJq9<0&IE+`TJcg76XvZT-UT3gGb+VWo<+NB+;j|#`qT%Cx*ZD3I z;}AxqKDf2gr%FN_s6c?vwDSsZ*E@IW>Yk#U2IgR{V+Z|0lxk6r=<~Z zl&Zd(kM26mp-$&LJEhCnP4VC}lZ{jy6YD3t#5b$eo^73$~as_|{awK+zUReM1F^ehkGm*9c z`MzXF5Ch-t8Yy0Cn%wj5=bL~?w;#w1X6={tnu8Q>;#;UUq=Phw98_aLqiyV+d&Zt8 z&Y&Y^*Kg#@)t;vIcAdS$q9Vr`Kh~gHO;qToLqd+<=@vbbk+?Js|7+u>1U(mPS|n+A z7L%*2Lxb3IG8^NrwO8wtILU$`AOZSgjiz{GjQ+*T_(P}w3#;dTcb0?HVt1bGP@9OP zWB_y5f$Y%q1A&*WvXb1Sw$I8w*jehfEQEce0n6_9frV>`(I;HMvp)R_pze4rJrve& zLZ2?nr{Z(y>$^p!YYa*w^bb^1y8T&u*Dx1Dhb)!yn5H`rg#S_Wy?D#Z4%R~K0D$AMN%bD3gEeF znbW8GX)OB_&)>hJ=nv#12A!nmh2`Z`-WpWCdXo?Y7(=;@sU4jTJ1e0ccliD`YMrA~ zX}zcS@y;O5z~Wfqd{1CN0Ck1U8q@d@P@cLESG8KyNicACS*@{N#N? zt)4E~($X0UWToEK%A~6?4Fod9S|myW;}W?-w=UK`KpqBw0SB+P&OngZ5IM9aLfY{# z>smJCOO~))+c9iWsRgG zWjyz=L(-11LW1qjA;jm(apNMSO^bX-9#FB#Va@V8uGjnH1jsOGwb3#(_UG8m4ulBp z77)4eu`c_p$Dd)j*KU}8n>D1;&`eJ_%A1z%-^^2_)sa6uBh)`q{r$>N z6|lcpCEJnDK(F5y$W!ZhwOeHe@!)eesj&4%&)pu0;JB*GXqx|ZdkNNu1=M=OEKEnB z0Y_!(9yY+r zu2-SwK2k=}DiB)|0X7e^6($cR41k;%>%iyV0&j!&g2)%_^(U$Kb?Uho34@zatXBG! zxNJB@y^{z6s4ibc%Nl&}_I)&E7vFX`K2PqX)iJPXVYd=+ZT2J+>LlC(zZsMCs7bQ7 zP|1>-wmB?1+8D@fCIw=={?k(upIZG0ZK(0AYCbngHNm+Z(k|8xBctDrj z#?wWHhh3P#L+gK&Pqc@lkv!?^k6qx~wQOrDJWL{43Hu+XO@w1VOY1OMdc=W27fwl< z|NbN$Ea%l5w|J#__MwWwwTYsF_c`LT^)`zm68Z1dh?)7KWbFPbDgr&we;Vp-$9ag1 zI_|IoqvT5MoPxfp7;}ak!Md)kp_NsPLV?;aGZ??%s%rKl0|ROltX8}AyBE{IP`y@W zQ})5-b8DeLxpoP{gl+58DLl}#GZI~_-la1Z{`o2LOHHtFGu(D-TD5G`$2cM{Ns(>U z!mA4#c1wCR{!3b0tA-kEHCoUP7R1BpKaXaRrN(T0;@Vd-YGYssu)d)yw(YUrO=)Y= zo&f((b5x%g=}E#B33BD`%utPy7#0iF(Q3#mV`3G(C~1lZwhOt2IaEe_R|Zy9Cb_Y& zu_41)rWKofdBdgb;25>n7I)C`9o5Ug11?-t?dJ5=TTGm0du{_70^z)LSk_Eh z1Ual6o0dn@mb1PP%bCWWVb}romHZd(+`;h)pjR9ADLe-+vd35`R95Xth1J6YDP^na z0*Bkg1l8wF>SaFVzWW{Eu-@&xmYb6zhA9bHvtac{YV%0B#UqMX#wZts^i8m*9nsdtlY>X_*ACA z<^;#@*}mVQ=`-&0L|;#`guW#G@n7-5_xSI&iS@z0KnEIZjuIO&_*3Lff-f0k9b)JDOjQt$ji0}Me*8a7gmwN) z7<7kSZ}f^79*`N?HU|NTXAfrhSO-39O4mFrQuXxmGPG-~PpOz%s%f1Ct6AFWAgdP{ zhL8|BGRc?kE?~O$;5Oa@HbC8qr0dJo;5T3Rys(lK7Y{aHlSoyl3w}w#J|`h5g7Vwk z$-j_D0G&so&BS#!(q~f0Pkdl@qT8nBUCVcUTxPG88-44=;U`uj3~Sf=9YZ%@VzIczlv|u>o}JnawuaEQ@~1 zl>-~`Gr7J=W?PckmP+N*8>&rZ%|g?$0QNW zXrW#VRuPH(4*|KKUobC$V*8%|7j%Yz)oq`Q zt&YIOD;)gPg)>WvX@E>Zp6xN3lT0nxUaHGeb93{eQ2+37s$IlnJ&=v3mbod@SCft;R@ldd0a&Z-#3O2UPs1UEU4>%@Fh(NpT; z8y#ozQfAsMJ3~q|h)CPQj&M3(UVf1E2oQ zDVP1#0_(?uYH%aX@1E<2xRa#+K8MNjWfW_q<5R>!4OJ|;d>&z=^m{t zw~}!3?$po)8i%CTYNBAMiWFQjBV&FLi2FfQ=6NuXYnyKp+l-EB#$AG0D7&}b(uuDwMP@DDj2KiN&-fIKw zoP3ofu8h8nU8u5~GxhMO5EY48sXqC@56f36+K#4g?oR?|rmOGcZx;0Nb=#Dnp?;9kUHdGCVYt9{YIT zLd2|}F4R`&lnl>3K z-#hN_>jlQf>KS?hHGi$^sPq9qtC0+CZEeCqy{CgOj}^I#&A2nGSKQ2f z-p9C@54XMM2acb`R_77qi{+CC`oPqd(yLYMPu5(zENGkxwTo5op#SI$)5w2`7z6Dp z6{Aga6BBS-henxJ$pTr#N(ux$v3k*VzBqod3iM$cYt?jM-dFa%UWQJ`?WIKsa_N6^6d%OaaM+>3oV}%^n?ZzC~eQxc^LUIvA$NDok z%b^sm*{IE?l-DcH4w9Q)JGw=Ov6=4X(C;ocZ5@mFvh!)p7)7h4XxO@+u4MA48Tca` zW!X5R+R)ID?*Ngcrl!V9>7#xXC4mtXNY2VS;PP~oqmaPVJk8t&Izl2OB!uAf-tgwG zZfa;a-Il*OD4Y-+9K5$Hqk0JEsaYd$;ja#;CB|^@_`P9C_FrtDgLdTVwJHyN0qm3_kOiJipK@itqa29D9zfn%V*e_W%Oe{x5pM*wjWg{Vo_vMij-_Ib_B z>}>jDa#NT5D}In=7k-ugwUkFkgya+y2QFbi(t?p@+odL!>`B0~Zu11XFDwnv48ZS? z#=iXgv^gLwjIwdfS;iti=~IfBa=LwL?Bb%&sfPl@-+QxEqzw8??NL-)vE=a}(?Csr zVAjNDXRnO80}sN*`Q94qbgWvVLo7yh?GX6mi9^56z}lO-F6`BD`~C*IhR{7`7bAt0 zdZS;1Jj9__(h)hMd6kwsXI`(sIxQGrK0ghBLPLWObccx+shlpf9_%U?AnQ2vu!s} z6gdF%5-og?Z8B-ZJ@}a^9OGi=?7P}_RX&LqW(6^yAAoC3x!yN4h(}khnh58S40sb<(>brn@xa3ru@Noxfb+&To;epPzne}6zO%G7p?$R3Hf;u zmi>YsF?y<`^Wv1%->DF+5LwHUio6W(3SD0vyKg>ZXcxb&UoKHGmTywi)b9xtw%+4> zprp)_AL;2=MBJf?ZDz28O4C#vjc??j#ee3mU%c3VA#HZ(Z!K$Tih|yUTU6yQfm0Oe=I$_s z6Y@MkLZ5Na=}-t;9N*Gk_HXMF#|RTv^S>(3(qrAVs}RdW9XZ&|HW`=A67}0Y8z-t^ zDdR5>tfl1;t?@t4Nf$^3d#>QgaRvdJ;} zLpjvSfnDLdDWi^^uZ=n-0=@y&>W{ZgID{B_V%vi26xHRM^J=CKr# zA9$A%te+N0`%VV%nmw~E{_@u#$&DOHXkj;s4g}Aj;>(G&k%E)O;8<)M?+3F20}^Ul zm!96vFH?R%T_)F>;Q<+*=1;(uX++BJYnzs6i(@Bi!8TSiEEE|E-w**NgC&?FEZ zrx7mU`r1bqwouN_@TUIB_%nJx`uQEn;D?lC?+S}qRn+p2UQ;IVp)o4TPNt6pO$Tgq zkCB*6nhwmYqRKSrY3F_zPVmsp^J)rm*_P5$$?_RC$!Gi{!Cb?!hcFM_CKfMfb0bbFW9Mqq@W4X^s_dhQj-^S}e0~VF zMa}!6&ksIsJQ8VE;ZIYE-hyIKR^#XlvTV;6cWoZDf|>ZQ-*f+dcE<1C{Wt>P&xDmX zx%hvci9f)fx0vn`oC((lUf0<~75<#%33l3@r0~&bpzC0)lvJpKPbLX8tN&A5m&$m$ zUu(Aj3g~%>0h5i+0tyz;NsuYY33 zS~Nv~MbY-A3Qo_Lxfqv##Nm&qU*@vXm-mHU?4PlGzgsO({mc&Zwt@6S4oqn5-t)Mk znV3Ybq}`3Ok>Fi`L%83&Y2Cc$(8azesqEfM4r+ON6|N1)&|C{e6U%yiqL??FxI>rW>Y{pjL zRtM8DR}=vMx(4>4WAKl=mGe%kv@^mxADv1N3;ijw6smc$N7E+!2|a?Nlb11X5evNj z%XR1egBjGOLt9i@u%JsQ1_mBjMEh$hV^84*jjrzul=9xjAj@eP9k;inJ&?`zNB zANL3)NhWQ3*+GY`T+(6KxL2Q~z;9Z%K`4k>f;3yz0X_{eV<^f9I)6epA#&i{joHQi z^>(Q*9s20o=>b1K``HJiGJX@q4;9buoV~-J-4&bR-r;kQ48I6w$PAsH3IzxxDl~V@ zNyLtDkPZ%Ed!gA$V;zm+F<3{=x>1`1i)NP(>a-Jem3(^F&>3DQ^wt#AjT9pE`sY^x zRR2DWhAT`iM#(*bUNkD_A1)XpwMEi6a(%nefyp)6QKIpk;O9Rf&OySZoe7a;I{mzx z5t+jG-qw6-T4gaQi&A(^Di;<*2XyhMZB6Z#d;}$;2;2JMl&kJTTAsTYil2Ul*?BS6Gx&M;qkNMyo3BpOl>x$#)gYOg6l;I$q8aA|@*UA>P7U9j+~ zI4;w@-2^H+(={o$UfDMucXC5BN5y+m)zxIn?FHEVUxcBRp9M{r1Fh^uMU<9GJ;G8z z1rwD5KN05p+s|GqAdu)L`7+4le4X_fFLhuldn;)E^rN_-8~VB3B4(8)cTR=D7&$#* zFWAbuVL46CobB6{d&~|mta&)nc$P=#aZ8A?LLrZPqd)hsxC)6GPUSmbed%qrQb1XC zv^Q_pPz{ndCb{}aMkpXVO;si)8+T)j=&Fm{2iA0tpDFYY2fP*_xvpRM?7GcEv@^jH zaKPwRjprSwE5bM#(ZALMDkSjMZO0;|U*z=T5rMC>jF%^J(nMl|CBa=j`mqGpT192d z8;($?vQfP7Fe_&_gcw&N8mDn3`dcoGddhAbxQA>Mq3W@MHd^7B=G$*k6Vk_bz)yv^ zVhqRvLxTKxq2AR)1n)PxV=_+ZF;DH6&}gnEM5d;S zLaIaMlC?VPB5j|`*hMqV6@=Gtj7yH%kV&@e3T?Xu(Gxm?HwUzTBJ6*lt-B1FMR`GW zchnT+3?Emnuz;H_RNOPiEJ4}T~!M#&*mHXy8m53KQ$>CNe z57Xp8o=p5%iDiOqW3fqgg63EEioEwTWHEM+@$c;@W*Nav^aDVxhm7UrQ`16T*!WC# zTNKbuJk8;b^)qd9F$W3&8_<3F@dD|xSI<`?ZWdS_eLF3hUw$yMxQ6;_`b=rL4r1BP zPrVS!NbjB3j-;u))#FU$Efq-}e3vpu4oYM2mp{+Sn!b|jmm~fTEW{=&r&)>c++|r= z*|I{WBHNS}ut|R0`0Ar?KauA1xGwq@L6_8NJ<^C{<|3c;oxsg@LcO3zbODz?U!RX>HSEK4k}ij`({@X-Ss{lLH|+lcO`sr*MQVjeypXuL6WWYH$d6+iwY8f7_q!uGz&N!cK}n^Ix}YYoN+FEtZVU|r?@oQ>Xh2J zG{!tSbs=Db?Cw{)b*&fB{#;@@$>Kf>>Xnb~h@K7)MhjSXN6Eqx9k*{US|uIk-S4XG z#rz`DhOz~y>eK-EBW)3zq947guv#>7h6s zhrlR`c)8UAxBO!Ns|Fq3k?iXJ(kzY9Lb4e0GW>Hum zV;^DrJ(pgg2PW$}Nj!VH?yft;>oD@S6!PG9xI%hr5^r$E6C@>+Bu_EsBg|eK34G=~ zVI_%MkAFJ}U^cZNBwU(I!6~GRh2jLQ1n_Ry-pEJWpp!U#5Lcjp;o{efUbSQ>Mq0x3 zeYL)TVqJ!qXK|@XD*bX{{CWD)!+9|;;l+Q%`(Y#zEjRH%4T*^L)uP+e8Idv1kp8qJ zcDK5plc0Z)Ifu{NcNnDPP3?BJWIe;=p#GwmW=Sn?q=XzWn;o5l=57!@wqBZP0dK2y ztMA5}{^_|UByo9yDyb@G26!RRW;!w*CMVqzxFc)6Nh9$|%XG6KGd!N6cQ);5htftm z^Dhr`HAZGpYjcEcU(fv9f=nD+tOEd2{`4xB!gC-rz^SUzcZpA+Zjy;uY%N3z1J-8dS|mGcw5RmgC$!W43vWz4c)u=cwV0h0dbo z!?m4yz3fWjAXYohU$M#p(2OL)56)GBKs^$JD$mO~wiM@5J&-(Xt(oT&;bP=_N*wZM z0!R_7dl7!d14I<+JnI@)vZan>3Kc8)%^SaewQ-(!Be^VvyuU}~MgQ;Bc zkv%OwV4le+fE=P<-NXi+X$cn1Qe+yG8c^>)yN=YLW-lxUR%0<}{~C)e$ZPmR)-Jes z)_lT0?aS||?@Wx_w!Wju@x;-PZ{AM#`H!yqG1}7$f%|cv-*jC%7q|OJ44K;{V!Z>H zVM47$?8?ZBy_GlahFJM5k#DYoXfpO+sNWHL^7}Osh{-+ zllZGg`f|XB0rR};zT)*C%k}Gpt0XxfC@JORY+}D9$-+8d8d&YA7{5J*>o}7u9|;Op z;b~S&aaQH|_hk?ZJ;gTlOEf4+UKLxua^-V{*o}V^mh^_p{&ph3YQ`u7U@YkbH~GbV z`vIoiFRt*+4!tnT@;SrBy4&HlEpZ|NlCl1Fn3B?<#VsVEPvf$zVpysVHUi_pR`!4Y z^;?Ys%pE}!m-oi+Pmm~#1<;ptQq6(%bP!j_9vHNDFO#ZS+Fc4s3YMe=w6JevYXf@b z@#1SsF2=W6r(WByWIg?4PZgM97j@;C8+zfu7HW~m32e=Z&-oERlN_sIn|a|`thB)V zn7#qbD+)0dTz&$e-o+*K^uEPDvodn|al0LplnWnsE>Q}YC)zd}VF;K!IX*ZVMTYNa z{&YW=FJSHv%&U)}oQ|8y)^#InN2L_nQh+X=(mE-M8L}k?*&B|2Q)57oQ)`u;N+qu* zZ@nNEcGE6n+N8_(0%rapI@*)~f4!1S0PgYkscnylZJhSw!(i4G_lscGeQalEx22@z zvoKnsVO+kCl{YO}p&Rt%9CCl~!TCku8(^4OuZ>a8*b2yfrBJVKtjv-;vMrg4Ob6eW z(Yd{NjJM@0fQkwTyu^SU1Mgvjn0w_=otTK!Z`qqzAddJ7ivm^iXaW@y@xnO|R9b^;pkS<=jIGrmjiuy_#!{;ujJ+gYGcJpM-%aJCP zPoAQkq7b=(JF`r#hu5|F^rU5F&GpubCJuUBm<_Z2iIkNte&{LTZk)&jQq99wqi4^1 z>fAP(CXXqAu7ikhMknRBc`eTkl0Vn^lRVO@U|7Y`I2u7=G*0xviwRnL9j0MVg4lt0 zO~;f>cpCI2KM`u^y&AUA`^m`ofw5w=#gbAUgb&V&W0bp&Y+C+pB-2YYk`c(d5@zJs zyl4G`9shFySa?MlgTrf=guDdMHD^bZ?|>`YS-7*&pVbKl1-##Z%ky4)xq zAeC`qe!~3;m$mWI*8&+e7ZuX3woDWJ{@e@#SBnF*#c$o+bOMg?TYwHOmXHIt*PGqabgN+73b zVuT@`29Rt_8++8h=t%rU1L=LH`T_Hch$Vwu!T)>Q@@Ek|A)f#VpdX(-wRuF>aog7T zu%2;aUoR@?{wkr3!{I??EE|n*agbTXc5*3VM4TZ=7e7pO3$EMFRz!zvVG^FJ-&0pi z)ff3M-u~B;V5BYxjEUGm3e(-)e~(impj~@`Qit8^}_Bdxbk)03;(s z9*~~SvA@swmhx4<+6eY--qnVMFdt{# z_*Av)6=O5Z%do#B%4D+|y*ImHxrE!gI09d*!aJcmy;}JkOAaq`R}?#YvcwTtD>j2K zjC?jg^poN4aFxR@4wqGoVwSMqPOguTG|=rfq5Qf2PO(Oq-=+ScqFw^G<(iCImi)|HC^N}%of-6C;irSI-d z8A|2Lp15V1#nJ~MpiYwneI)A}NePCFZyGVAJbb#KOSec75oK1+XI92M39)OFzwU7YAy=bl$XF>HoEKaj zriW3aFa=vU2Oj9J`$tbf)Xa{er>TWQ)S_}^mI_;xU-QLEgK*w z(^WQ;1_5IPBnCo4J1!;~c`WcD!MuCc3js=D`E8~Sk82Q@^L??OUaVy3NC7vot+e&r z+-8w}4mhCboh(YFWXx3{nMhiefV?0{F(K(iLm&iLv16Q2`wlXE4t-LI78keNQpWP^XBucyY8 zC`yL>LV4pV6%e^L84EoRVL+cf@7<#8I;?xGrXeb{1fv4A@I25MzG)LbGkB-jQAQ@B z`b7khLTZ}&VNiNDxl5$giyEPANb1y*MI;O*wIV>xL9=sYpzh60EHTO5~J+ZqVMx=(^G63c%;jEcq8 zbi7EXcK}t!x|`N3XzW{{+-PaL`p@Kol$-SN+T)P>&PD=a-l7< zIX?6Q6~Yn?mrh)YgnYuIzQv?jLHVS<7Ic2?32v@r0T3pz9g-X`Xb#wQ9_g^**yO|m zgjM>&=cU$2VfBOMZYi$0MyTh-wE4kF`L{V<&ZOcvv`P59cjnTv7q^{j88Vn3$MrFx z{Tk%Q@2MASm!6kV1Krw_^X$t{PL2hysA@BdDnJ7sPXVK~O%wV$*rEe_+ zKkdr&@GN1@GgD9q<{x$v=_sThkoRiRD3}O*GLL$(a{nQNt~VK83WTCzVSF$z@#_$K z>&9(b!AS%8<^a8uvE6+5^bsCm3qx)=*LG0&(QxJnBvXl5t0zIIr$Dc3p-<1}xN=aD z`6~K7+=hk-jn~~GelQr!b{P<=L_a?7;R1dyQ?-hQxX+I?Hvw~4p^F1^N?J{gpf5!V z-c{An&ttQ*lA50F$;z~A*->=x!e| zecT4QKeEu4P8X{z5okC+pZVH%bM-9HD&%3*0PI{I5 zjmz7OTg#LDzK5_pz^a!s6PKw!+8x6raygVv_V`k#SZ-wiH1pG4wb@m4h_RmbulGFx z!u+~JyUn>qG>AGTT0R_P8D&9Y5DLu7eL9Vj&{k5FRL(MV1ow@M6v3Iuf(3Sv41{N!;#a>pnaYwJA zR}~CTU{$#r6j7{qO@G;{JH`1dAg&{r@j&I>nOHZM)PCuC8|c15dAu94wgo#^Fc)#m zIa)!Veyt5i%s0%zceoo3#NWB15x|tEgUB^xib| zHDn0qf!RFmmcT|))fYSlH(wrC*+8lTlaZSoxA8Wzj(JHH)(RSLm|MrlY2)6D-rLsF z1Ugb$qv=`GDOKbpQpw*HCUi26c~PL-;hl(16k)LbOm^PZVxw_6$AdD~VSDo`o>|Sd zuH)vrY0ZPewCzrj$m?Vspw;TlV&$OO%RxuJLpFYjr7u6j!oYSe1DGxzL`PfL=3@{k zMIG8v)E2$fUaw;un+a#Jw+^bD8omB6R_NFVs;~ZyFQ-xu_Juzo>p;)vMI5bPW}NG) z@nctaVI8F|GCwh3u_<{q;N>uwm{wm$@rQy=gtW;Wzi14UGw0_gG71o0Su&fBY7$EN z!$!d`h*TI{dx`XBC)aip#y2)bqHzn4d$Cr1>AF%ppYlei0oJtQ3pm0BC2(D3fu5oWvPEGNOiKIr5!$#Dm zGuE}0DkFdwV|`Zh;%7uiJtkvZ)bSY&kHZh=meJe>eLFf7op#%gePnC)kAYD=1H)!4 zEntAHka+Bzn*9Ru6DFL2ZZ{BPr!BluAavok|FZS}QA@6&7&zrSTzRt!quL>e6A6l7 z=I;Q#nvE0k!fLp@J6;8wf2Ebs&bJSI6Pvf=O$ zX?gjOw*ISHlTP!{J(nf|%mV(5<4q>Lot3>tu%D;Hv9;dYvPdS5Ro~G_rVjiIwfW3R zB0%K>QNfGN)Sp=CboPaxYF$Z%b&4D%BqYWxAp}Yd+4xp~Yzf)f?YD-3If+MGS`6g) zwk+JF5;U1=Sy_giA^}e-qi(-Y3kU>V5sl>OdwfcT+(3b3v7?U>Vl8dw`_`FM5BNev zeKa-#f89R#p_hRR71#7K!FG*T$Te`N7q4^ZU(j z(S6z{Zx3>Yc6m*5FBjq*H^1E%S2D}~V!X^?j4kXkYn1V&uu(loXfv-DOdn;omt72bBbo^b`J-fJs={mJbSh$FvpfR2MRYFhJ% z=XizLhkg@)y~a^9312`Njp?uCzXnD|bSKv3)v&=^4Pin@#kbS@IF;LTc+=mmt+ffK zXIdVvve$fwc{M>dsAN-xIk&aYqvf_4%C*>&s8=8>6~$I0!a3J@QmiErvE@E_#HH@A zJ)11vVbD3%;HBUZ%eEaFHU)JP{0D1DG4S0=ZjeNA5-_=_$Cm4 z1E0e}P5})o@Sthj+{kekKCfLB!fjSTo-riBHqOI_Uo5SVCxIp!$s2v#7CXyQ1r%ek zjo9`LS!9?bNX4>FRqalAw3t;A5;^ZZOzKHi90+;>KN$>|i1e$Nm(^>Z_ zFZav4K(f`A%cFOVqx7~ zbVkkuWk%`TRiFJ$HwjT`g+X$*$tf4jp(jx%_T|*L&4g#tZDDzN`KtYL?YT@xo|ls~ z3e|FJ`@{TuB97b3l#i8^lwufL^k@u*Ud}^H8Y{&m+I$D#g}$@-+m7GEPXA$mS{MNG zv^n2+|1Hpe2K;W*D}#!b9Yf~xYSX}^Osvp>Q;mG|D0wisffKhA^SXGB9*ehqVSfc= z5aO73llZu?8u1vIt~WnI*A5{yAl!Is`J~A_!u{(qck##pD&tNkoLK@((sMpG>Y2vS zJfv^YYHZ8TXu4vOe}2=bg$pvl!A8NeDM!{p6-of4=s2uaTb>Bm?!@lvr|R1Tm#_Zq z&9GW(=~Qo5!Kb}2((_3yZ13yQu7ZAl9$?K=Ov z4_0^blvou@wN^Tm2H*_@uY6}*cSCs)=0~gnES$}AfX~m2Yn+`+E8H7CbvUVk4@a9c za7zZdHi8icITfpl@t*~mCQ3ApaqQOPY2G=r8R-t9Vco>FRy^?lY1+*?f~4IE?@jI_ z{1VM3or~J&6(8^u;vGK~kK9w;S{>kizg8sW6=vBH;?iN@gXV664>YHD0*)O>?X=U0 zcyjy1Y&74K*6=XOL8z!6&Z7b$->Jf1VtO%DJRX?82e^`4f2|*UD|y2sQW- zGb4~d^4XpuqmqzE(H91-;s%gCl}*S||F;SJ4?UF?pXWI3`1R)JXDZlzMY!k?QZbl4 zV6$5|{0v_+d7wM|wON{m4M*`6uZBh#y&A@e^3AZ~wcqkKi+*XLkSEd|_wcROmxu1! znEXy7{d-o8TbY`uyr}@nA#68vHlikv7B_()bqBA*PWtxV;(|s4KsIMGb2__r#7Y4W zy1SOIu37&AuVMSRvT9=PMjIul&5=KPuS0e^bac&Q{1p))khgWPO?0aQ%ILVC8_uoQ zd1D?eMtuM4(fjwy1bwRU>bRHxnb1E%2qY5$8$-V)6aB$F0iqH1+eouGg-7>XMS#wiUshr{NjCp{TAFcc%awpcuiYvyNprxvH8(~_wk!(IJ4`~YOs>0ai zhs}UCAxon<#ruM6LSt+@v49&LBaw=8p`mp*7?{`kAQ@1u-1Sl9yn zM~i-ECO^vs5cKX!mNd@)1BBjn<*g|+vx1f{U7oR?wTF2KpTvC!SnsaY>`GQ{)qUY= zQmE#DeXUoh4&L1qQDRdBbdaYtM2&xbTQ*HDvrJ(!bFL#2I9;h!5N+f|liJkY9VzN? z7zH0Y$+EI92W){0k4!rz&b9W$G^t(ieAF_((H#K)LXLgJr`vgG)$ma7B38Ra^$bWN zy|L9u<@JwM|G(y?A1MHwi>bAz4%cNZD=+6lSVIV`8z%tYm@6m8F%O(Gkq7^%p}cP~ z(WT+|Z9miECN2-z{XW|GgoOL^fJ2iRF@U={-_-%izV+6ASDhDV@z-@PLGEENIM2$U za^oOF31U(E0k8??a5;<%HwRvNHJLYeE4yxi&XLn#lUO53_3%j-uzsHMKTto&l&DYzb z!j7t-z(#zb)!Pqih_BHLqd6`GYZAad>t2&JW>?Ky%2bK!<%ElKXbVp-Z`qN)c5+tS$%{)5jHS(nc1jt>++fiiRFA} zNBYOX8z4GrldMl%hg_S?u_eZS)koK~@kVA!PeN)}YHFwgbM`sX)6=J5HLCbcF3>hc z%ej>Or_|RjWa>y-Ah;B?D1Mem^M4xe4W;KzF*ZH}@U52gFTfUbqvf5C**;akKJ3Xp zZid}8A1>Mx>y%EpG_H&q#szGjx!QF=B7*3``T3WjVId(p1f$Wl1U4hArqxFuaf*8= zIz$TU#%AEl>u+~_0N<#l&YJSVp#TZeXjm5{NdHRDAD;+hpa7-YU!387?e zHBJy{@XeJztqy~kx3~5m_YuVsoUqK|%*7ng34r~Kxb7d4Y<`UJ{Gwa^bdzaWX02vz z6*wI-%ur)k9G7z`*SHRb(U$>UtDG?~4V-xh&vAzCam?fbi}*r1aXG zx!8zY$IGp~EW5b*SDh9-0C3kzEG#S>Hi&iEi6~tpg0OM>oyX{Zdbz%*fb&QTn~sj< zh4}Fsfup0%h3;@ao^(FanoIHF53kn$R>v{zBGq1=aGR6GteMMz*Ok{n_xKiK$?4#W zPsy0PRC2NgJw3fI;_}tGSrT|MxMxFmr#;@TvCa)Op|X-Eu<=@!-3hEYBibe#sZ*S} z8z(HZ#$L5aFq(|?Q-rOPn zPu#2k&i(vr9LKiz8ZhV>OesEu{^9h2(NvEMe=zgcDIu?^ZHT(Zi9bJIMse{FIFW=p zB8=%T6w-?qC9eC*$*$xYIU&!|dgZ(^)eFCmRrfm9J%4}XzNcH($dj*IiceOlsFEPfvBlH(AdVPqPj=I0g;cjHYP#t zjGe5;6`bkI1Q6rI z%<*W7{;B5cho(5YxSM<$vsHOfv9|GPVIae10;UtCpJ7t%Z=$bi(}AhfgeCY@uRs?| z@Scf6eW;3Q%=U;`CBm?hV{t!o8hkSv$RmIrT5(muo)vWNj_B2te%-~^iJ1nX9W7i6 z#1~QwMh<{)HQDSRGUI+mmm3NvW-Ux%^kL%7HkE8u43nbmVkP%U>v@v^o)43u!a%^J zKpk-;iO4+)RWS=HlE<($xr3`ut0Y5MbI>5AIr)vd0ql#5d9tG-X{39na(T7Bz?4r$ zb*3r2fD!W|3tPbX%3)Z`p?&M0(nWtJXIw2slqunIR?Wi#nq|O>SmAVB)15aEePdFc zt0vh;U->nRvtgdww#Zw)xakr47@ik4Lnm8heS=8>bcYkVSnaUtsew3*PR-8lG@O`W z*YHccNpPE8)xla$UVfl60@zKFpR3+kYBOJ}X>6#wf~s(@ZB9@`L}Y6rV%&*=ny!Q5 z)5YGzjQmO1)-yGWq>n$lf&$2LdUq91mh2Tj58Rt$CC&-R z{i4kAcRAQHpoylGz^p!)eKcL6_YtE4T55eb7dGFh7u%sslAIS*GHK78>F8c4=GuzqrviLE1eR&|2dEb81E};lz&9qQLvhP}j zB9T37BHOX=%SebqS+mO)*>|#>ED^HrjwQS7`>~zl_ql7{=Xqu_^UUk&$a#n_HuTxk{%sYs0SEh^Km_ zCcWB6U`83E_u3viyD&2BTa}z%EGMu%O}};8N90RDidk-c^hha9NTCQNZXus9P#FL6 zfc6?Irix-a`<@|)49&^ba})iJxieq4ER z<()y=Q<@^A;+Kgd7U0s+?;o26!DyjqsqvW-=p+2&NGB;accvNNUhG8_ zPVK%G?x!mq11CEsF>Dm9ujsRNohi&8Hu@-KKLpOXgcRhw6do*)!k}@xfySL~ryWF; zf-cKoVxA%;CzlMqufIG+onAs!lbkjjPs!MBSy-V8BZa!BBpd#!k-4WTckW4Zk|?Li zg&qagCA(GS1v=JOBB;PGqobpy5T2=yspvBIOz`Yf^%$g6U+q+4+)qq%tY$4IDXJ1l zYwUo%wN&n0(e}rC9p)~-!yVtAA`1(YK}o{8Kd}=19)TQt{xu;B%gUd=^tdJ?BNH|o zpOeGcz&o|MkWC*IVNMHj8ZxqUmYPKt_dWrN=|Q^&9Ikm9QC)4mxOvvq8*gCv%pdYN znhCrr>`-O zXe>NCJz#h zUW29+jBXpj!i4f@v3K=SCbAYVo!fF4=nc5;CsES0LC8{GRFc0diO|nheU6Pm5^QWc z79%QTuj6I9ZzlWSb(I}&@fT4sGQ`jlp3ezHh*@N-9~r_RD&TPmXStr~N!_n`CuFz! ziT`@KTFG$A9FBKt&3$)~)l^55iN^_Qm_Bl`c_4tRSV$Mmu{*eJQ5!Zb5(!xKJ_4_I zqjProJETmG5*@VC#|g?}F+ zp^UG*V;v(cGIT-!e}10_n}E^slvL3)h3f&5N1SPCzogwS>aZ+qFu2_<3Hm~~egFDG z@F&+Pj4}2D|I*m7)?E8$Wxf>7YHOMjUBh?3<g>}-11W*^1HeZ^P zW9YWzE+ru;Nln#YmlEIEYtnVYv>Hw4H7qT7rnWX~J5oLOuEPrvMhB7gf7 z{uQh)*FGo4`g*6LGw!<{he?EvF?Ab2S3eBl zfVqyfeC~RwF3gSa4mU#&w^=VwcQco+ZcBN^EnJoL6Aw&xcJ2=BtftKC6MjSE*=SwrEHw>a zZlyso^eBy0WwST;&&X(PS{aPKi;7g;udH1^V(zp`;!KJaUbdleobE(AO<{l{b(jMM zvGDTKf|Z8Np*fyjsxVZhP6?mg^0bnD6rG*Lm2mt_w)Tu=M=DR=YnQmoS6hw@H`vqp zNU|33=k+|qxR-z1m-4R%^y?SE&QETqucXR9c0(dDI`$x_ea#^y;TV}!ZThbd{G{)0 zk;bizwh6&8|37xEH7V`A5oK3p-5>-5mQ@h0XIx@8phX`<;~O1)2Ky7@Wt8ud_9;vq zEwNkia>5PMW_F`ie=i@qGrss04@&Ly zrW#nBZ=G^)kF`$!#Jps=^2v1#!McYrHvU}?{Oe;Iscsvny}Vrl;xye{32?PhNeeh^ zf2t!|e!yt~q=par$*B|uX@&AeEH$p{7-!QrJ@$UL`)g}!mB+6WQa+p=_e)GmN-{cx z2q22dsDYbQ6eF8@Gh72sQ}s4OnF~mFtDf$TYA+poP%5u*@55w>eO^bXqc#}Ns`gV8 zKclto=i=_RSh`6?$GL)REI_mxWL)W)3*^hztq$iizZ4bA7qWR5$zV^Y`FL!u)!5XF zE|UuH(DsXQNx7j4UAqzAdcjDH$d;h&=tOy%oaOhaLaP)VcM8?e|8<$Q3FH(McnV&_ zR*e1CDq0z5mnbu8)Nk-uop%1IKO7xrc)?laIZqxouYlfYP~-NFz4SjbFM4z@QqHM~ zF^QuTA0M#Rao$x#;fPc$yieOgGU(IWpcdTlMWTyK=WF(?)=Yhj^)*V>$yQ^0^x|bP zQpHooACSG`tX9wGN81Vg|ivl7)-_^tgAwFBTvXC+=2-F?5W z4S%VxBY&``5bk?sYybHuasgmjxjr66PpN8h`SjfX7>|GVk>4-p_uqNp3_xuWb^a9cyB4A@%<09KetpVd zX{>@!IwD4A``|!8#u;$Zu*`qrXspbvrlW@9qE;$fC-#@0=yw5EN1&IHLF1nPH36bo zT~tGv!Jc@=xO9DtckQ$5l*A|%T$B7!oB6T>)P`v;RgKp!@s}JimYcm1xI`kzN)Aev~e*`u_K9{uDG z_pSTLD?CV0t`aQYj&AwxQS4X)b{O@VUO`lP6P!TYQZ7>GOg@k+RMs#?(E!udjKcyW zJ6kv&*`*VF|67#&Z*HfF8^LSdMfbkm%rE=kW)P!O!8U$VdvhkA?KADUKid@i7qVW| zbzjuCD};SVto7s@t25Lj!fP6ax$W|GI`ct);UoSe_@a-17Q$3n6mu4-^m=4ScpW}| z@g$wo+F+Mqc70Er{IeZ-+&}ru-~DLh?41CW0==)Dq=|hWel;Kc;eS?xh?th2lg@sc zy`G#Zko4a{^1F}t&xZ4dKVqVR6g@PqmiX0)+jA2kaq3Y{9LZycrc(3O1UDvP*$ulg zxZieU{nbGFgA2NSl<86J>2GAbsMt|Rk@6eVM#o4*woDG6xD*#_h^}8)6mV zQ4WjZGX|^E-OUge$2s-x9HtZGbtk5!!WiY>4+zMap}*Ji#iDp^=-EQq0eaXI#WB<> zEt2X8I^vCiQpZ?zv{N(MdAp~vk`lf40h}&I9Ib(rk(`h2o=(s2w__fw52Kt)M>`p2 z)tt@zk`UHWiaLi04Gp#V5+6J?>??xb!k@K5gomH@>~AZD>HoOEOpfgGY@hvTmdZ-8 z(7-^@FZ$ASFdKU7MmgrKE(z&2gx^#nq`2^O7JSvp2C3wLgC5Rwj@Waq>xu(Iru_Jp z)F0yl7kSc;TleMpv*q3f24(-cNw(?A?rj`w;?oJ@_Tsanoq9YMnzB5xXNF+8UY&Yme*&+Nwt@G2!Ps{AuRc%~taR$TH zzP?bEv-%4?=gKjL}qeYwLEC8z$X3ZTIMufDuUlKa3PQlOi`(9&kJn~%1D@F74 znp~Y3H&`z@Q-6bsAHNuku7o12uKST2V@Niz-e5gRQ#YoiV*fyPIO~=5fFqAz0qlII;Pp#9AXrSAysi43(?hg9(KH1 zNN+!#*=3a9M|Ei3;R1jJ6;z3(AhfSsG!brTudRcuswxc^7nkKjnu{8ux5Btn8!{7A zi-)|JhvNLD-dgJ~YQX;e*ePW90&b<#7dznWye`RHtd49c2n=lJ&bZlu>&KQ-E{)Zz zFr3BsTXrZh;@7H0ZnW%*iT456ev|6N)(|E7X$Xfdw?RnUqcRfbwThmz`yn$7N;7-C=FM=k-)t5o_s!H>z#ZR@v66<^6DgtW;8;`Qnj{EbV73c~3jl z?2Wp=98%w2Z*;Db5u;sM&#m!i>`V)B@a0~a=+4$X?ftV~0?GX%DT45zI2Bgz|B#XLzJ-jDf0$v|dCmaqqM5vBOAP{S zs{_v4?&Zo_)8k2U`WBL>gZ_BeYg5_2RT^%?Vdq}kxl?-t)`X3Gzb>nVjY~Z@P55+k zW4iU4fYEo{jY~NN)A{K|xo;?Ck?n<~x!X+sfUw_zu1?7REy@;xOAx7CtAOHo*GK%r zdQ}-TLoew_AX%0<;I!F}AKP$f?Xw+^$n1U?h5)_(X)swCfgL2>=y=9L6?OG(p1y!N zv#C$k6+}EEZK@37ew@WO=~UCx($Y9|wJF(3mRq_Wh8e~1)sy>iQCv_wBC^r!`|~5= zi>5=BRYCQ(#ix1)!g>1MKUp0@=0)DE`HEAIetyYWSR-cc_GA=5p6?!F-jh~+mYp^b zA=ED}{mIEQcTVmeresw%se?`QMmjESvA-V36HTzY23>c6n8reeEFp9UQtmfS2PO-o zTTW-yvF4)LOQfTO-AYp*r=T{LzbwSFIVR;@zFvCB;j_zupC8#Z_a4{?P9N75*;Jx2 z`^d1+ATW2qnU8Hw1ey}>*eh-QumdAggY)kWNzxsMSpiLl|o-e#jO z#<(bz4`XC93l#YY$U(8<`Eo*{suMdBF2B|QdzVMDZz65$Zg1Pj`n%jyNdvAytUq@^o&ur0LX%|FPSU5T>>yi|d+=A5}gRt;Z z7|-!2XD5fXK@ZcFb_FruvhrH9yprF(_41eEKj)Wl;5MIM)!{-q-Eh+zIc=_U=3}4M zi)+gHr&9b49z|7K2W)PxyN9kP2-#i$sR%wZ-3HoCSm9LF8#aTHj1*hRVUBBmf;e&l z--CkFyV!t1tuLvwtuLKmbX;m%kJr%=k`0MXoy`1IC2q_FQZB-c1#Ju%haL zYYJQ2+k<*{UhudNvYY3lI`cwKyh9DlemQElW_(WpE95)CH!fgJwLQOOw|ywUPj#@@ zys@5+Zu|WK;S6WS`=hbe*Ua2#YF1}36@262WKK(A15aL_5*zc9Mf33Rct|^Mv<@nu zH||Xe&ls(}-$U|*m+xA5L9E}lZzC)!oqUR-Ovkd1@W#aS<<-0V1E3ab0xJ}6ajtMC z;dWR#4|=`+qBDNWZ?lS)zZD;}uPH$`*LJH_1lPLhr^-;Bqf-}jQKvRw9xltRr>93X z)B3x|_b(9dvgeLQUsM*_4wu_45~}39OR6#8+a%%QxGxgF9n-s6$`Y`{`r1V8JFRFF zRYvr+49=lN&()9*UBx0;d!i?IYEz`y^+Dy@uB8Ig;d08-c{h{Eq&MzsFSY?CRrKT< zRDg^F+ua7}@mS~W{KP6BT7fK&m?-GGcN7#9avbaS^9(qcPmUY{=jq|7jkY)C5Zsi) zTZ1GXr+j#SwwUT*DPHMN(Oj8qAB4$~Py`xF_7aNkMrot3@P^(icI_Ll_$~EIC$nlJ zfm+Dg_z-bcI#PAfWl;;R6CLsTs)zg0Q#YOrR(N<+kcbGTsN}O&67UR-kS>(Q7dowG zN4cdtjvJk@l>?Hjf3i?-k0hphDTRJ_WaM`UzsYuA4Aa}jV*U|*J-w%w%skU!uAkl;e%&a5&3-?Tc!x|H4#;>V8Y5U+_%b*7`b zh33Y`#>OVzh~ORt@Eug=oMrH!A!Si76-0$!aocl%_ySday!lok>|kpKoDwVUfA;!9 zHZ8{a^B#IV^6~g!wOWA(XW6eLTN!DO7tMiPC4lcZy^f#Gi1!If*r?34fybihSLOyp z?rpI-ev#a#P5w5q3RePno>XY8Awos3@OoWxy>@NDIZuj(Y;1eF6Ibo&J529Z3odU7 z_CvjF{#@qztjZhRx;onzcHTI|dy-?x`tL}_J51Xa`&~Y{wC*`yb_G)5627@1LZD8N z15;{zK=QF03yOY9yC>Qe)cY9mFv-O7GJIgKrXlk_!SOI^ zL-leJ0R;p(4VZaZJ4+@u4bn>}A}m_OuSe`ZeEbOXNOJFBgFC647#RYJxAoeat1~i< zkwRoq&k(qu-*=`2G$nqCCF^C(06s6S;0$-#+~MsGl|BC|7C-cb=#7)+P0PQCXWY>@ zbF;Wjn`PQ*hahft;K50#d@ z1wMH4Hwa;SV}_xe2_;qEG`}bqX}{$ah12Q;lVD6&UQ-}<*_HeE?=Qm()s7wVSEOT% zeM-hOGIoCg2h5%L^VX~^Wo&*d=>@s4YUt}BYl03#WKnvBeP^7FAwhtTjpVIj$?v^u z)=SFYrW;gc=YM#&B8PyY6k9TP#_gQ4HMY;1k?O-Hr$I+bjOoz+_F^>cOO4l5 zLSvso{MQ648zt@2f!XCZeeOxdm}mVo4!;tj+w(UpMZdY%_fE$W`+T*jza6D1r+N}@ z)M1oaogjoP?M$`Lro+NB^}|ygsmz7x#OwQrMYiTI0gy%7?g( z70tzwn%9MedlgH zR!ZYNt5sZmD#wgHmmMb;*BMq+cb1Ol%A@nhH1H7Z54$1AZ}`xh5MBytd;+Y8@D>J* zQ&G&(lTj=*(+R!U^P5He`_vfC^lq7B?Ye5TW;#yy1Z&qyQR#C|*dp32ABW2Z1_p#_ z2C%Mi8arin?oiky^Gefy~R_ka*C;6DfO5NO%Ga%lEqqPx1fl3 z#djNxCx6;*$q-)3pZq&JqyO{iX^0$Zo2||y`gS5nzkAI(`P9JGI z7NS+(#(3~nq#)k|Kf2R7OsV=UapHq7t`eW?N`e}{1wE}%g?@X{aqPKy|2x&eYT?z) z-fFLsD45PY8&%GpyYi9dI0|dS7;bU}8R#&yj7GlzpYsGJo&=-FE>{1Z1( z^zn42Yzs(P2H~zK3l^9vP?nhwPMA(ZF0i5oR*wNP;Xw2tPliMFe3`OgwVB%0dFQ@# zVPvI+a<%pV87IIlAG((?!qJ(`Wl>H(xq5!E0?C!dlnJ)$C^XLMxQLU(D_&DAgypZu zGs58Se);tP{_pSOzkbK-;LVIXdv9_f-A@iJ>Y!oWUu-+rBFR?IIwml%E_GbU&Z5~Z z6~@k6A(!Iy1c+A2pOPtuo7JA%l+Ve2F!J%G=TRyus>KdUNv)=r1c$u%E~w;PmhmP%(D2H}xOm#sAW)bI5PvJ-hN!`@Sx}%Xu>1kr!9X!Dy>O+v8m~^n`GM zVIe}m`fS?7pa(s%b)Tg|!Nz1V879e)E#O#TEl)VLPR6Gw4=4 zT3B9HRW(1QzRho~(v0OT6KlzZ;W}q@Vpc<`GggYMMjuuZMJTQ`apK>`TJVYu79yrlg< z6Yzh+^1m)81gl8~!Re?qfiBLJV5I2r2a1B{r{XG!(6I)Q?JdU+a>iZA08s!10-I!@ zVgd|_2a-9@skq)61#a%%{ehI>*o1tJP36<0o<`ipy#>;a=H}*Iun|^xl!cIjRrUB# zC%%9icI?b*0?fk99*^J46m;x$fZ_+zJI9_`UYtg;y9TYa&n~?5bvTWbgs{DDM&GqK zIRW=x4)`?KvAv_i9U6kJKMR6Z4!()7Qcg@t5~r3B_|Y}ze=TansOo>_E6jCig5%BR z>(ud=P%x`DDwHk;9-)87Vuci72bg}qGc?WAA&1*0T%H?1U%lXUhO{f^QLFHn?X+pc>*EQh{-gw|bf(Ag zTFjSDv+VJ{L1-$>@9Y%XA1Bc;n{2_ zvNSJDy=dv?+LIL$lamd&tYGL;>7&=@D-HbOhbxFU8$A}mqEt^GL{Rtn$f|l3wJ+tJ>dqxC4A~26c3hn#pcD1@$;k^=v1C(Vjs`So!~Qj zfDnCa=}^QB%iX{$?j{p^Be&|jNoP~j5jBT}54&@{e$+pc`0yv7N^G&8BEI5;YbS-{ zoICGZ$9t6+c4y7cpqvHnVXk<;vzk#(Jii6X7OSFy)CXWU>%PdFMe&whi65tvjsc(p zESb=pD)hP$1R%K)Qi3X*e&wf4j9sfu&g#Sf+IbDc%5WTh4TgY$cUkZIU{+U-zQO+I zLI1}o-+loq7S~*4Ap-A2JqT1`0v&uz$a<3;2ptsBGYS@oc5d}pn6pQj8-lLO9D~f3 z&nOM>LckkB{{*n=7kW4blh@ zv_5q`$krOE{Q|QEv3hg7;?IA)QZqKiFR|2keVa&h_Bw41(|fqPyJx_iR{pY}`I*gO zkZ=$wZ@@y{G7L+rHhr5?a724Nxx}JeTTedx^{`<1XyhH}OpO7H0pPIdl@Sq-muf-S4xSH`JuI z_VzQY+riH3!Ic|k=eLJN@Y+!$hfKqHUsrgMGnXR@{hcHni>^~dymamyDs%1?0MDSD zd+ih8KixXQD6@{6b4E)8HMjsK3Z|N9#o<;d0hUa00MuF~5;{en)=ZGT)YURd!Res6wYIQtYS?Q{!#aFE`mRE_;V}3vqz+Tkr=Y)1 zN{JU(@62ps;9Qo<>p`K3aa2MLV7I*H`r#R+2V_|#cf6c2CXXd^9k5W8V*3BiQ7QWQ zB;`jMru2WY{>5Kee~XV@Ar;+jtyVH9wdyVj*%WO~46q z>-kaY%Hb4Xj@hMpYB%T5=n0#Uy>vKt9@u0%rkgV_e0A+UEVeUGfcuGqc+3=zNb zQZXt$t4GkCh??S(xXL2SXh{}guK@jZxn$E!Wb5+*k%Le{TevJHn&R|#urU93jPW0} z<3N!p>_MKY!zs;a;ee+gbv6>zre{&gic@@L)ebs+$pp=iZDl$kYr)AC#kwFCW~zKR z6)KcNS8DQ=X$4Y2!Unb;Hg^^BRnH*=pU{o5ix!hz;G9(p5a)l%Z`C{B=!`f2s%U5f z%wX(+NO;>7a_z+R;Sa?08%-WDxdxpHUfp@k&|s)R(Mz7-4cXHx0~G)>YdZ%91I3GK zK=Ahq&zz$Hy02_OD=Me|(bx-dx);11ATYK(smV*~zyV)j9CNvNdsNW3eGG`P=hr;e zx~aiKwhThlxfPD)yuq03&tle4XMOHXa9K@v<@KGnRF68*`lCqa*8#QZ#NJDccLXd! zq0zkT&?S(qkfg?;+i=U0iN{Ak%j{o zI*SkA*sBTXH;4o%YcgZRY&F*(G1Hol8i-k-yr9^WXCFU1#WBG0!(jXyE^%o%`GU`- zCyDGrC8Hr6O-r@{f{r8DZUDzmyK6JvcO$VKQ3fO>C6u*!rtPya`1YryN>8)dEs-uT$!*T;h`cvT;} z6))QoCYw4(Ipf#c8l~Vs!&L!fQ0*3e6Xj&5=Ao*YYugL@LK2G<@8A9!pkB83E~E#F|4~) zuPZ~d8T4{5x)w)hV=;iM6MU$vS;y}wC{UiE?U}n{Kqf879%v-I1)}h^%0lZn}H&U0pa~d=53YqxXm@xqrq}F&!CxF>FaW z$1C-Ep*5)bK$5yMZbdH5jp~EvrJ<|ckE&Cy70F8Rok1Gp>vQB6f;C>Byj|v{-!ouy z)O5((EGkn3zu>!%){MM;B-3oPHW8vl$39?KQALHiK0<(}x?N^&C8V(Mk1_gRs?z+f zqGQ)4FZ*j~LghtNYgzhTQsyT4aOLloTO?(xKM8W2$t?k2PPT{pfbU+ym6erd&^+W? zwp!A3Var7G#>y14*)BU!hMJFx(KItG85TwIez{h-6r}OGcqT0f=dFNU8}<#x(IC|$ z>6f=P!;nwtSYgMF0Hc=GIkqptQu{f81(I{0F_eo6@%UkIj$^u0L|@I#`L+2ZD!Wt= z3tZ?08z#e2@_16m{3x3W0XeRZ{wPUF>`%ne;W+ z{Y2-x@@B%9`l_{sz?>=G`bgnE^wDMTbJ6ry1y;9d#V;18^;y7`&84yY=Ac;J$P8lA+h2Ds> zZUVdq-ge6qGJf`k^k^VnVitz0#lU+f9dReN%g&GV0*z&x%!hZus!;(N$RtUwq9B+F zqhjI;qVg9;ese`Q|RBZcn8#Ct>1!r;uE0`=di+KRc zf@8={ZDw*i%LV3&$u8CG%1TF6$y>YKk!>JNfIv(tkBU9H_4D(K4?n${W>$MP^`0Wp z9an$)EWuZn3I^*VfXhiQc`{u=JK?f2V6z`_p~BYTJnY;3zP(h|(_JsQJnu(B8=sy6 zAJHKMoiFffy}5PQZ<-me@?4~P;2dIzTs3EHaI)E!I$LuU=XAXD#a}AMI~0H|H1Lje z`;aj;@fCbY9((L71NmD%a))31bL}d+cCUW2VQIo2zrgKpQ2|U!Fb(_FSp2PD`on+x z_BMQ)K8AhiPpt8O_{-lv3JD6J3m;sf{r)FE@EsR@GWfI}t4|I;%K81~%3b`x@WB*v z>%fol5Wl&F=$^e`AIYQT`2G9W|BiV1Z-F!V0kD%2XIpnZh~n=?bRsvxbsANF`l^Zk z=DL66^8N|AzbIe+ex3daxgU+ae?sn`koyl}>-UNEZS44`%Kf)T^qU6wuYdecWBt*x z^#505ow#d8@(s#~YP!53R7m=E9^ir8_pJw3CRzUY#lZi@H9rD3b`IKqMejdf{PTE! zG=KjItsOh*Kab^~$MS=C^Pg(`Pc{Ch8vm08e<=%2GR`|U_TQ}wi;7p;1^ **Note**: Configuring telemetry could require some time to be fully implemented throughout the entire cluster. + +To ensure that the pods in the `default` namespace are operational, execute the following command: + +``` +$ kubectl get pods -n default +NAME READY STATUS RESTARTS AGE +httpbin-545f698b64-ncvq9 2/2 Running 0 44s +sleep-75bbc86479-fmf4p 2/2 Running 0 35s +``` + +## Step 2. Sending API Requests + +Going forward, the `sleep` pod will initiate API requests to the `httpbin` service, which can be done using the following command: + +``` +$ export SOURCE_POD=$(kubectl get pod -l app=sleep -o jsonpath={.items..metadata.name}) +$ kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -v httpbin:8000/status/418 +``` + +## Step 3. Checking Logs + +There are two methods of checking logs with SentryFlow clients. + +### 1. Logger + +To examine the logs exported by SentryFlow, you can use the following command: + +``` +$ kubectl logs -n sentryflow -l app=log-client +2024/02/14 17:03:37 [gRPC] Successfully connected to sentryflow.sentryflow.svc.cluster.local:8080 +2024/02/14 17:40:28 [Client] Received log: timeStamp:"[2024-02-14T17:40:27.225Z]" id:1707929670787152 srcNamespace:"default" srcName:"sleep-75bbc86479-fmf4p" srcLabel:{key:"app" value:"sleep"} srcLabel:{key:"pod-template-hash" value:"75bbc86479"} srcLabel:{key:"security.istio.io/tlsMode" value:"istio"} srcLabel:{key:"service.istio.io/canonical-name" value:"sleep"} srcLabel:{key:"service.istio.io/canonical-revision" value:"latest"} srcIP:"10.244.140.11" srcPort:"44126" srcType:"Pod" dstNamespace:"default" dstName:"httpbin" dstLabel:{key:"app" value:"httpbin"} dstLabel:{key:"service" value:"httpbin"} dstIP:"10.105.103.198" dstPort:"8000" dstType:"Service" protocol:"HTTP/1.1" method:"GET" path:"/status/418" responseCode:418 +2024/02/14 17:40:29 [Client] Received log: timeStamp:"[2024-02-14T17:40:28.845Z]" id:1707929670787154 srcNamespace:"default" srcName:"sleep-75bbc86479-fmf4p" srcLabel:{key:"app" value:"sleep"} srcLabel:{key:"pod-template-hash" value:"75bbc86479"} srcLabel:{key:"security.istio.io/tlsMode" value:"istio"} srcLabel:{key:"service.istio.io/canonical-name" value:"sleep"} srcLabel:{key:"service.istio.io/canonical-revision" value:"latest"} srcIP:"10.244.140.11" srcPort:"44158" srcType:"Pod" dstNamespace:"default" dstName:"httpbin" dstLabel:{key:"app" value:"httpbin"} dstLabel:{key:"service" value:"httpbin"} dstIP:"10.105.103.198" dstPort:"8000" dstType:"Service" protocol:"HTTP/1.1" method:"GET" path:"/status/418" responseCode:418 +``` + +As anticipated, we should be able to observe the `/status/418` API request being made from the `sleep` pod to the `httpbin` service. + +### 2. MongoDB + +To inspect the data stored in MongoDB by SentryFlow, you can use the following command: + +``` +$ export MONGODB_POD=$(kubectl get pod -n sentryflow -l app=mongodb -o jsonpath='{.items[0].metadata.name}') +$ kubectl exec -it $MONGODB_POD -n sentryflow mongosh +``` + +Initiating this command will launch an interactive shell that can be used to explore the contents stored within the database. To examine the data in the database, refer to the subsequent commands provided. + +``` +test> use sentryflow; +switched to db sentryflow +sentryflow> db["api-logs"].find() +[ + { + _id: ObjectId('65ccfa872b80bf0cec7dab83'), + timestamp: '[2024-02-14T17:38:14.330Z]', + id: Long('1707929670787151'), + srcnamespace: 'default', + srcname: 'sleep-75bbc86479-fmf4p', + srclabel: { + app: 'sleep', + 'pod-template-hash': '75bbc86479', + 'security.istio.io/tlsMode': 'istio', + 'service.istio.io/canonical-name': 'sleep', + 'service.istio.io/canonical-revision': 'latest' + }, + srcip: '10.244.140.11', + srcport: '47996', + srctype: 'Pod', + dstnamespace: 'default', + dstname: 'httpbin', + dstlabel: { app: 'httpbin', service: 'httpbin' }, + dstip: '10.105.103.198', + dstport: '8000', + dsttype: 'Service', + protocol: 'HTTP/1.1', + method: 'GET', + path: '/status/418', + responsecode: Long('418') + } +] +``` diff --git a/examples/httpbin/telemetry.yaml b/examples/httpbin/telemetry.yaml new file mode 100644 index 0000000..78a6809 --- /dev/null +++ b/examples/httpbin/telemetry.yaml @@ -0,0 +1,11 @@ +apiVersion: telemetry.istio.io/v1alpha1 +kind: Telemetry +metadata: + name: sleep-logging +spec: + selector: + matchLabels: + app: sleep + accessLogging: + - providers: + - name: sentryflow diff --git a/examples/nephio/free5gc/README.md b/examples/nephio/free5gc/README.md new file mode 100644 index 0000000..d49f0ce --- /dev/null +++ b/examples/nephio/free5gc/README.md @@ -0,0 +1,299 @@ +# Nephio - Free5GC + +This example demonstrates capturing access logs from [Nephio](https://github.com/nephio-project/nephio), which operates on top of Istio using SentryFlow for log collection. + +> **Note**: The information about Nephio provided in this document may be outdated, as Nephio is currently in the early stages of development. + +## Step 1. Setting Up Nephio and Istio + +In this document, we will discuss monitoring `free5gc-cp` from the `regional` cluster to observe API activities within the control plane. + +> **Note**: To configure Nephio, please consult their official documentation available [here](https://github.com/nephio-project/docs/blob/main/content/en/docs/guides/user-guides/exercise-1-free5gc.md). Additionally, for the purpose of this document, it will be assumed that all steps up to and including **Step 6** have been executed correctly. + +Ensure that the Nephio `regional` cluster is functioning correctly, as well as the `free5gc-cp` namespaces within it. + +```bash +$ kubectl get pods --context regional-admin@regional -n free5gc-cp +NAME READY STATUS RESTARTS AGE +free5gc-ausf-69569f564b-7ttn5 1/1 Running 0 16s +free5gc-nrf-5978f8f797-xkhnl 1/1 Running 0 16s +free5gc-nssf-697b486564-gtpm5 1/1 Running 0 16s +free5gc-pcf-55d6c758bb-rhsm5 1/1 Running 0 16s +free5gc-udm-78464dcd7b-j6s7n 1/1 Running 0 16s +free5gc-udr-565445b596-7c6zw 1/1 Running 0 16s +free5gc-webui-ddd948585-nzkrf 1/1 Running 0 16s +mongodb-0 1/1 Running 0 7d9h +``` + +To gather access logs from within the namespace, Istio must be installed in the cluster. + +``` +$ istioctl install --set profile=default --context regional-admin@regional +This will install the Istio 1.20.2 "default" profile (with components: Istio core, Istiod, and Ingress gateways) into the cluster. Proceed? (y/N) y +✔ Istio core installed +✔ Istiod installed +✔ Ingress gateways installed +✔ Installation complete +Made this installation the default for injection and validation. +``` + +After successfully installing Istio in the cluster, you can verify that the Istio system is operational and running correctly by executing the following command: + +``` +$ kubectl get pods -n istio-system --context regional-admin@regional +``` + +## Step 2. Injecting Sidecars into Nephio + +Up to this point, Istio has been installed in the cluster where the `regional` cluster is operational. However, this does not necessarily mean that sidecar proxies are running alongside each pod. To ensure proper injection of sidecars into Nephio, the following steps need to be undertaken: + +### 2.1 Lowering Restriction: podSecurityStandard + +Nephio creates clusters for each type (e.g., `regional`, `edge01`, `edge02`) using **podSecurityContext**. By default, Nephio adheres to the following standards: + +- `enforce`: `baseline` +- `audit` and `warn`: `restricted` + +The security contexts employed by Nephio intentionally exclude the `NET_ADMIN` and `NET_RAW` capabilities, which are [required](https://istio.io/latest/docs/ops/deployment/requirements/) for the correct injection of the `istio-init` sidecar. Consequently, it is essential to explicitly designate these profiles as `privileged` across all namespaces to ensure Istio is injected properly. + +We can achieve this by: + +``` +$ kubectl label --overwrite ns --all pod-security.kubernetes.io/audit=privileged --context regional-admin@regional +$ kubectl label --overwrite ns --all pod-security.kubernetes.io/enforce=privileged --context regional-admin@regional +$ kubectl label --overwrite ns --all pod-security.kubernetes.io/warn=privileged --context regional-admin@regional +``` + +> **Note**: Modifying `podSecurityStandard` via `kubectl edit cluster regional-admin@regional` will reset the settings to their defaults. Therefore, it's recommended to directly alter the namespace configuration instead. + +Now, verify if those labels were set properly by: + +``` +$ kubectl describe ns free5gc-cp --context regional-admin@regional +Name: free5gc-cp +Labels: app.kubernetes.io/managed-by=configmanagement.gke.io + configsync.gke.io/declared-version=v1 + kubernetes.io/metadata.name=free5gc-cp + pod-security.kubernetes.io/audit=privileged + pod-security.kubernetes.io/enforce=privileged + pod-security.kubernetes.io/warn=privileged +... +``` + +### 2.2 Preparing Sidecars + +To inject sidecars using Istio, we will label the namespaces accordingly. For the purposes of this demonstration, we will specifically label the `free5gc-cp` namespaces. + +``` +$ kubectl label namespace free5gc-cp istio-injection=enabled --overwrite --context regional-admin@regional +namespace/free5gc-cp labeled +``` + +## Step 3. Deploying SentryFlow + +Now is the moment to deploy SentryFlow. This can be accomplished by executing the following steps: + +``` +$ kubectl create -f ../../../deployments/sentryflow.yaml --context regional-admin@regional +namespace/sentryflow created +serviceaccount/sa-sentryflow created +clusterrole.rbac.authorization.k8s.io/cr-sentryflow created +clusterrolebinding.rbac.authorization.k8s.io/rb-sentryflow created +deployment.apps/sentryflow created +service/sentryflow created +``` + +Also, we can deploy exporters for SentryFlow by following these additional steps: + +``` +$ kubectl create -f ../../../deployments/log-client.yaml --context regional-admin@regional +deployment.apps/log-client created + +$ kubectl create -f ../../../deployments/mongo-client.yaml --context regional-admin@regional +deployment.apps/mongodb created +service/mongodb created +deployment.apps/mongo-client created +``` + +Verify if Pods in SentryFlow are properly by: + +``` +$ kubectl get pods -n sentryflow --context regional-admin@regional +NAME READY STATUS RESTARTS AGE +log-client-75695cd4d4-z6rns 1/1 Running 0 37s +mongo-client-67dfb6ffbb-4psdh 1/1 Running 0 37s +mongodb-575549748d-9n6lx 1/1 Running 0 37s +sentryflow-5bf9f6987c-kmpgx 1/1 Running 0 60s +``` + +> **Note**: +The `sentryflow` namespace will not have `istio-injection=enabled`. Enabling this would result in each OpenTelemetry export being logged as an access log, leading to an excessive number of logs being captured. + +> **Note**: Deploying `sentryflow` will automatically modify the Istio mesh configuration (`istio-system/istio`) to direct the export of access logs to it. + +## Step 4. Restarting Deployments + +Till now we have: +- Setup SentryFlow +- Prepared Istio injection +- Lowered podSecurityStandard + +However, this action alone will not yet produce any logs. To enable Numbat to collect access logs, it is necessary to add `telemetry` configurations and also restart the deployments under `free5gc-cp`. + +> **Note**: Restarting deployments before implementing telemetry will result in the sidecars not transmitting access logs to our collector. Hence, it is important to apply telemetry configurations prior to restarting the deployments. + +Telemetry can be configured to monitor the `free5gc-cp` namespace by executing the following steps: + +``` +$ kubectl create -f telemetry.yaml --context regional-admin@regional +telemetry.telemetry.istio.io/free5gc-logging created +``` + +To restart all deployments within the `free5gc-cp` namespace, you can proceed with the following command: + +> **Note**: Restarting deployments within the `free5gc-cp` namespace is necessary. If there are any jobs currently running, additional steps may be needed to manage those jobs during the restart process. + +``` +$ kubectl rollout restart deployment -n free5gc-cp --context regional-admin@regional +deployment.apps/free5gc-ausf restarted +deployment.apps/free5gc-nrf restarted +deployment.apps/free5gc-nssf restarted +deployment.apps/free5gc-pcf restarted +deployment.apps/free5gc-udm restarted +deployment.apps/free5gc-udr restarted +deployment.apps/free5gc-webui restarted +``` + +After issuing the rollout restart command, you can verify whether the Pods now include sidecars by executing the following command: + +``` +$ kubectl get pods --context regional-admin@regional -n free5gc-cp +NAME READY STATUS RESTARTS AGE +free5gc-ausf-7d56c5f8db-bk54f 2/2 Running 0 21s +free5gc-nrf-7f7db5c645-kxfrc 2/2 Running 0 21s +free5gc-nssf-5477f65b9b-kfmbt 2/2 Running 0 21s +free5gc-pcf-c7b8ff6bb-t2zrq 2/2 Running 0 21s +free5gc-udm-65947bb776-xs6vf 2/2 Running 0 21s +free5gc-udr-67f5fdf44d-4ckwd 2/2 Running 0 21s +free5gc-webui-cf788755c-9bwzd 2/2 Running 0 21s +mongodb-0 1/1 Running 0 7d10h +``` + +Observing that each Pod now contains 2 containers instead of just 1 indicates the presence of sidecars. To confirm that the additional container is indeed the `istio-proxy`, you can use the `kubectl describe` command for further verification. + +## Step 5. Checking Logs + +Starting from this point, `sentryflow` will begin receiving logs from each deployment. To examine how deployments within the `free5gc-cp` namespace are communicating, there are two methods available: using a log client and a mongo client. + +### 5.1 Checking Logger + +The `log-client` deployment is configured to receive logs from `sentryflow` in our specified export format and output these logs as stdout. To view live logs, you can use the following command: + +``` +$ kubectl logs -n sentryflow -l app=log-client -f --context regional-admin@regional +``` + +This will show live logs such as: + +``` +2024/02/12 20:37:19 [Client] Received log: timeStamp:"[2024-02-12T20:37:19.318Z]" id:1707769691204491 srcNamespace:"free5gc-cp" srcName:"free5gc-pcf-c7b8ff6bb-t2zrq" srcLabel:{key:"nf" value:"pcf"} srcLabel:{key:"pod-template-hash" value:"c7b8ff6bb"} srcLabel:{key:"project" value:"free5gc"} srcLabel:{key:"security.istio.io/tlsMode" value:"istio"} srcLabel:{key:"service.istio.io/canonical-name" value:"free5gc-pcf"} srcLabel:{key:"service.istio.io/canonical-revision" value:"latest"} srcIP:"192.168.1.122" srcPort:"45542" srcType:"Pod" dstNamespace:"free5gc-cp" dstName:"nrf-nnrf" dstLabel:{key:"app.kubernetes.io/managed-by" value:"configmanagement.gke.io"} dstLabel:{key:"app.kubernetes.io/version" value:"v3.1.1"} dstLabel:{key:"configsync.gke.io/declared-version" value:"v1"} dstLabel:{key:"nf" value:"nrf"} dstLabel:{key:"project" value:"free5gc"} dstIP:"10.141.104.225" dstPort:"8000" dstType:"Service" protocol:"HTTP/2" method:"GET" path:"/nnrf-disc/v1/nf-instances?requester-nf-type=PCF&service-names=nudr-dr&target-nf-type=UDR" responseCode:200 +2024/02/12 20:37:20 [Client] Received log: timeStamp:"[2024-02-12T20:37:20.292Z]" id:1707769691204493 srcNamespace:"free5gc-cp" srcName:"free5gc-udm-65947bb776-xs6vf" srcLabel:{key:"nf" value:"udm"} srcLabel:{key:"pod-template-hash" value:"65947bb776"} srcLabel:{key:"project" value:"free5gc"} srcLabel:{key:"security.istio.io/tlsMode" value:"istio"} srcLabel:{key:"service.istio.io/canonical-name" value:"free5gc-udm"} srcLabel:{key:"service.istio.io/canonical-revision" value:"latest"} srcIP:"192.168.1.124" srcPort:"36488" srcType:"Pod" dstNamespace:"free5gc-cp" dstName:"nrf-nnrf" dstLabel:{key:"app.kubernetes.io/managed-by" value:"configmanagement.gke.io"} dstLabel:{key:"app.kubernetes.io/version" value:"v3.1.1"} dstLabel:{key:"configsync.gke.io/declared-version" value:"v1"} dstLabel:{key:"nf" value:"nrf"} dstLabel:{key:"project" value:"free5gc"} dstIP:"10.141.104.225" dstPort:"8000" dstType:"Service" protocol:"HTTP/2" method:"PUT" path:"/nnrf-nfm/v1/nf-instances/8ac564d2-e5cc-421c-96cc-8c57b9c85ded" responseCode:201 +2024/02/12 20:37:23 [Client] Received log: timeStamp:"[2024-02-12T20:37:23.594Z]" id:1707769691204495 srcNamespace:"free5gc-cp" srcName:"free5gc-ausf-7d56c5f8db-bk54f" srcLabel:{key:"nf" value:"ausf"} srcLabel:{key:"pod-template-hash" value:"7d56c5f8db"} srcLabel:{key:"project" value:"free5gc"} srcLabel:{key:"security.istio.io/tlsMode" value:"istio"} srcLabel:{key:"service.istio.io/canonical-name" value:"free5gc-ausf"} srcLabel:{key:"service.istio.io/canonical-revision" value:"latest"} srcIP:"192.168.1.126" srcPort:"35258" srcType:"Pod" dstNamespace:"free5gc-cp" dstName:"nrf-nnrf" dstLabel:{key:"app.kubernetes.io/managed-by" value:"configmanagement.gke.io"} dstLabel:{key:"app.kubernetes.io/version" value:"v3.1.1"} dstLabel:{key:"configsync.gke.io/declared-version" value:"v1"} dstLabel:{key:"nf" value:"nrf"} dstLabel:{key:"project" value:"free5gc"} dstIP:"10.141.104.225" dstPort:"8000" dstType:"Service" protocol:"HTTP/2" method:"PUT" path:"/nnrf-nfm/v1/nf-instances/9e1ddaeb-898f-4504-a247-b4a78b329a74" responseCode:201 +``` + +### 5.2 Checking MongoDB + +We have another client (`mongo-client`) that stores all data received from the `sentryflow` into the MongoDB deployment. You can use `mongosh` to inspect the contents stored in MongoDB by executing the following command: + +``` +$ export MONGODB_POD=$(kubectl get pod -n sentryflow -l app=mongodb --context regional-admin@regional -o jsonpath='{.items[0].metadata.name}') +$ kubectl exec -it $MONGODB_POD -n sentryflow --context regional-admin@regional mongosh +``` + +Once we have entered `mongosh` we can check entries stored in the DB. SentryFlow uses DB named `sentryflow` and collection `access-logs` for storing access logs. + +An example command of checking all access logs stored in DB would be: + +``` +test> use sentryflow +use sentryflow +sentryflow> db["api-logs"].find() +... + { + _id: ObjectId('65ca77e4ef0f86784e2fa544'), + timestamp: '[2024-02-12T19:56:19.298Z]', + id: Long('1707767512691239'), + srcnamespace: 'free5gc-cp', + srcname: 'free5gc-nssf-566df8589f-4wwt9', + srclabel: { + 'pod-template-hash': '566df8589f', + project: 'free5gc', + 'security.istio.io/tlsMode': 'istio', + 'service.istio.io/canonical-name': 'free5gc-nssf', + 'service.istio.io/canonical-revision': 'latest', + nf: 'nssf' + }, + srcip: '192.168.1.105', + srcport: '53008', + srctype: 'Pod', + dstnamespace: 'free5gc-cp', + dstname: 'nrf-nnrf', + dstlabel: { + 'app.kubernetes.io/managed-by': 'configmanagement.gke.io', + 'app.kubernetes.io/version': 'v3.1.1', + 'configsync.gke.io/declared-version': 'v1', + nf: 'nrf', + project: 'free5gc' + }, + dstip: '10.141.104.225', + dstport: '8000', + dsttype: 'Service', + protocol: 'HTTP/2', + method: 'PUT', + path: '/nnrf-nfm/v1/nf-instances/99608079-71a4-48cd-9e0c-be0837655d2f', + responsecode: Long('201') + }, +... +``` + +Another example would involve filtering out only logs with `protocol":"HTTP/1.1` to specifically examine API calls: + +``` +sentryflow> db["access-logs"].find({"protocol":"HTTP/1.1"}) +... + { + _id: ObjectId('65ca77e4ef0f86784e2fa545'), + timestamp: '[2024-02-12T19:56:19.350Z]', + id: Long('1707767512691241'), + srcnamespace: 'free5gc-cp', + srcname: 'free5gc-nssf-566df8589f-4wwt9', + srclabel: { + 'security.istio.io/tlsMode': 'istio', + 'service.istio.io/canonical-name': 'free5gc-nssf', + 'service.istio.io/canonical-revision': 'latest', + nf: 'nssf', + 'pod-template-hash': '566df8589f', + project: 'free5gc' + }, + srcip: '192.168.1.105', + srcport: '45888', + srctype: 'Pod', + dstnamespace: 'free5gc-cp', + dstname: 'free5gc-nrf-6f6484c6cb-cpnzk', + dstlabel: { + nf: 'nrf', + 'pod-template-hash': '6f6484c6cb', + project: 'free5gc', + 'security.istio.io/tlsMode': 'istio', + 'service.istio.io/canonical-name': 'free5gc-nrf', + 'service.istio.io/canonical-revision': 'latest' + }, + dstip: '192.168.1.94', + dstport: '8000', + dsttype: 'Pod', + protocol: 'HTTP/1.1', + method: 'PUT', + path: '/nnrf-nfm/v1/nf-instances/99608079-71a4-48cd-9e0c-be0837655d2f', + responsecode: Long('201') +... +``` diff --git a/examples/nephio/free5gc/telemetry.yaml b/examples/nephio/free5gc/telemetry.yaml new file mode 100644 index 0000000..4e40892 --- /dev/null +++ b/examples/nephio/free5gc/telemetry.yaml @@ -0,0 +1,9 @@ +apiVersion: telemetry.istio.io/v1alpha1 +kind: Telemetry +metadata: + name: free5gc-logging + namespace: istio-system +spec: + accessLogging: + - providers: + - name: sentryflow diff --git a/examples/nephio/oai/README.md b/examples/nephio/oai/README.md new file mode 100644 index 0000000..18bdc38 --- /dev/null +++ b/examples/nephio/oai/README.md @@ -0,0 +1,292 @@ +# Nephio - OAI + + +This example demonstrates how to capture access logs from the [Nephio](https://github.com/nephio-project/nephio)'s OAI Demo, which operates on top of Istio, utilizing SentryFlow for log capture. + +> **Note**: The information about Nephio provided in this document may be outdated, as Nephio is currently in the early stages of development. + +## Step 1. Setting Up Nephio and Istio + +In this document, we will discuss how to monitor the `oai-core` component within the `core` cluster to observe API activities in the control plane. + +> **Note**: To set up Nephio, please consult the official OAI documentation available [here](https://github.com/nephio-project/docs/blob/main/content/en/docs/guides/user-guides/exercise-2-oai.md). For the purposes of this document, it will be assumed that all steps up to and including **Step 5** have been executed correctly. + +Ensure that the Nephio `core` cluster is functioning correctly, as well as the `oai-core` namespaces within it. + +```bash +$ kubectl get pods -n oai-core --context core-admin@core +NAME READY STATUS RESTARTS AGE +amf-core-56c68b7487-g2clh 1/1 Running 0 10h +ausf-core-7885cb865-hd9pz 1/1 Running 0 10h +mysql-7dd4cc6945-pj6xz 1/1 Running 0 10h +nrf-core-d4f69557d-wptds 1/1 Running 0 10h +smf-core-59bcf4576c-t6rwr 1/1 Running 0 10h +udm-core-c7d67cb4d-r4zwn 1/1 Running 0 10h +udr-core-69c56bcbd5-whjb9 1/1 Running 0 10h +``` + +To gather access logs from within the namespace, Istio must be installed in the cluster. + +``` +$ istioctl install --set profile=default --context core-admin@core +This will install the Istio 1.20.2 "default" profile (with components: Istio core, Istiod, and Ingress gateways) into the cluster. Proceed? (y/N) y +✔ Istio core installed +✔ Istiod installed +✔ Ingress gateways installed +✔ Installation complete +Made this installation the default for injection and validation. +``` + +After successfully installing Istio in the cluster, you can verify that the Istio system is operational and running correctly by executing the following command: + +``` +$ kubectl get pods -n istio-system --context core-admin@core +``` + +## Step 2. Injecting Sidecars into Nephio + +Up to this point, Istio has been installed in the cluster where the `edge` cluster is operational. However, this does not necessarily mean that sidecar proxies are running alongside each pod. To ensure proper injection of sidecars into Nephio, the following steps need to be undertaken: + +### 2.1 Lowering Restriction: podSecurityStandard + +Nephio creates clusters for each type (e.g., `core`, `edge`, `regional`) using **podSecurityContext**. By default, Nephio adheres to the following standards: + +- `enforce`: `baseline` +- `audit` and `warn`: `restricted` + +The security contexts employed by Nephio intentionally exclude the `NET_ADMIN` and `NET_RAW` capabilities, which are [required](https://istio.io/latest/docs/ops/deployment/requirements/) for the correct injection of the `istio-init` sidecar. Consequently, it is essential to explicitly designate these profiles as `privileged` across all namespaces to ensure Istio is injected properly. + +We can achieve this by: + +``` +$ kubectl label --overwrite ns --all pod-security.kubernetes.io/audit=privileged --context core-admin@core +$ kubectl label --overwrite ns --all pod-security.kubernetes.io/enforce=privileged --context core-admin@core +$ kubectl label --overwrite ns --all pod-security.kubernetes.io/warn=privileged --context core-admin@core +``` + +> **Note**: Modifying `podSecurityStandard` via `kubectl edit cluster regional-admin@regional` will reset the settings to their defaults. Therefore, it's recommended to directly alter the namespace configuration instead. + +Now, verify if those labels were set properly by: + +``` +$ kubectl describe ns oai-core --context core-admin@core +Name: oai-core +Labels: app.kubernetes.io/managed-by=configmanagement.gke.io + configsync.gke.io/declared-version=v1 + kubernetes.io/metadata.name=oai-core + pod-security.kubernetes.io/audit=privileged + pod-security.kubernetes.io/enforce=privileged + pod-security.kubernetes.io/warn=privileged +... +``` + +### 2.2 Preparing Sidecars + +To inject sidecars using Istio, we will label the namespaces accordingly. For the purposes of this demonstration, we will specifically label the `core-admin@core` namespaces. + +``` +$ kubectl label namespace oai-core istio-injection=enabled --overwrite --context core-admin@core +namespace/oai-core labeled +``` + +## Step 3. Deploying SentryFlow + +Now is the moment to deploy SentryFlow. This can be accomplished by executing the following steps: + +``` +$ kubectl create -f ../../../deployments/sentryflow.yaml --context core-admin@core +namespace/sentryflow created +serviceaccount/sa-sentryflow created +clusterrole.rbac.authorization.k8s.io/cr-sentryflow created +clusterrolebinding.rbac.authorization.k8s.io/rb-sentryflow created +deployment.apps/sentryflow created +service/sentryflow created +``` + +Also, we can deploy exporters for SentryFlow by following these additional steps: + +``` +$ kubectl create -f ../../../deployments/log-client.yaml --context core-admin@core +deployment.apps/log-client created + +$ kubectl create -f ../../../deployments/mongo-client.yaml --context regional-admin@regional +deployment.apps/mongodb created +service/mongodb created +deployment.apps/mongo-client created +``` + +Verify if Pods in SentryFlow are properly by: + +``` +$ kubectl get pods -n sentryflow --context regional-admin@regional +NAME READY STATUS RESTARTS AGE +log-client-75695cd4d4-z6rns 1/1 Running 0 37s +mongo-client-67dfb6ffbb-4psdh 1/1 Running 0 37s +mongodb-575549748d-9n6lx 1/1 Running 0 37s +sentryflow-5bf9f6987c-kmpgx 1/1 Running 0 60s +``` + +> **Note**: +The `sentryflow` namespace will not have `istio-injection=enabled`. Enabling this would result in each OpenTelemetry export being logged as an access log, leading to an excessive number of logs being captured. + +> **Note**: Deploying `sentryflow` will automatically modify the Istio mesh configuration (`istio-system/istio`) to direct the export of access logs to it. + +## Step 4. Restarting Deployments + +Till now we have: +- Setup SentryFlow +- Prepared Istio injection +- Lowered podSecurityStandard + +However, this action alone will not yet produce any logs. To enable Numbat to collect access logs, it is necessary to add `telemetry` configurations and also restart the deployments under `oai-logging`. + +> **Note**: Restarting deployments before implementing telemetry will result in the sidecars not transmitting access logs to our collector. Hence, it is important to apply telemetry configurations prior to restarting the deployments. + +Telemetry can be configured to monitor the `oai-logging` namespace by executing the following steps: + +``` +$ kubectl create -f ./telemetry.yaml --context core-admin@core +telemetry.telemetry.istio.io/oai-logging created +``` + +To restart all deployments within the `oai-logging` namespace, you can proceed with the following command: + +> **Note**: Restarting deployments within the `oai-logging` namespace is necessary. If there are any jobs currently running, additional steps may be needed to manage those jobs during the restart process. + +``` +$ kubectl rollout restart deployments -n oai-core --context core-admin@core +deployment.apps/amf-core restarted +deployment.apps/ausf-core restarted deployment.apps/mysql restarted +deployment.apps/nrf-core restarted +deployment.apps/smf-core restarted +deployment.apps/udm-core restarted +deployment.apps/udr-core restarted +``` + +After issuing the rollout restart command, you can verify whether the Pods now include sidecars by executing the following command: + +``` +$ kubectl get pods -n oai-core --context core-admin@core +NAME READY STATUS RESTARTS AGE +amf-core-76967858c4-w4mlt 2/2 Running 0 8m3s +ausf-core-6bfd5576c5-sprb4 2/2 Running 0 8m10s +mysql-764b8f5ff5-7hgcv 2/2 Running 0 8m2s +nrf-core-5c74f7cdb4-mrk4w 2/2 Running 0 8m10s +smf-core-57bbdf59c4-x4jnk 2/2 Running 0 8m5s +udm-core-85c5478b94-bm4mv 2/2 Running 0 8m10s +... +``` + +Observing that each Pod now contains 2 containers instead of just 1 indicates the presence of sidecars. To confirm that the additional container is indeed the `istio-proxy`, you can use the `kubectl describe` command for further verification. + +## Step 5. Checking Logs + +Starting from this point, `sentryflow` will begin receiving logs from each deployment. To examine how deployments within the `oai-core` namespace are communicating, there are two methods available: using a log client and a mongo client. + +### 5.1 Checking Logs using a Log Client + +The `log-client` deployment is configured to receive logs from `sentryflow` in our specified export format and output these logs as stdout. To view live logs, you can use the following command: + +``` +$ kubectl logs -n sentryflow -l app=log-client -f --context core-admin@core +``` + +This will show live logs such as: + +``` +2024/02/15 03:45:30 [Client] Received log: timeStamp:"[2024-02-15T03:45:30.153Z]" id:1707968675718909 srcNamespace:"oai-core" srcName:"smf-core-57bbdf59c4-x4jnk" srcLabel:{key:"app.kubernetes.io/managed-by" value:"configmanagement.gke.io"} srcLabel:{key:"configsync.gke.io/declared-version" value:"v1alpha1"} srcLabel:{key:"pod-template-hash" value:"57bbdf59c4"} srcLabel:{key:"security.istio.io/tlsMode" value:"istio"} srcLabel:{key:"service.istio.io/canonical-name" value:"smf-core"} srcLabel:{key:"service.istio.io/canonical-revision" value:"latest"} srcLabel:{key:"workload.nephio.org/oai" value:"smf"} srcIP:"192.168.1.57" srcPort:"42954" srcType:"Pod" dstNamespace:"oai-core" dstName:"nrf-core-5c74f7cdb4-mrk4w" dstLabel:{key:"app.kubernetes.io/managed-by" value:"configmanagement.gke.io"} dstLabel:{key:"configsync.gke.io/declared-version" value:"v1alpha1"} dstLabel:{key:"pod-template-hash" value:"5c74f7cdb4"} dstLabel:{key:"security.istio.io/tlsMode" value:"istio"} dstLabel:{key:"service.istio.io/canonical-name" value:"nrf-core"} dstLabel:{key:"service.istio.io/canonical-revision" value:"latest"} dstLabel:{key:"workload.nephio.org/oai" value:"nrf"} dstIP:"192.168.1.55" dstPort:"80" dstType:"Pod" protocol:"HTTP/2" method:"GET" path:"/nnrf-nfm/v1/nf-instances?nf-type=NRF" responseCode:503 +2024/02/15 03:45:30 [Client] Received log: timeStamp:"[2024-02-15T03:45:30.732Z]" id:1707968675718911 srcNamespace:"oai-core" srcName:"udm-core-85c5478b94-bm4mv" srcLabel:{key:"app.kubernetes.io/managed-by" value:"configmanagement.gke.io"} srcLabel:{key:"configsync.gke.io/declared-version" value:"v1alpha1"} srcLabel:{key:"pod-template-hash" value:"85c5478b94"} srcLabel:{key:"security.istio.io/tlsMode" value:"istio"} srcLabel:{key:"service.istio.io/canonical-name" value:"udm-core"} srcLabel:{key:"service.istio.io/canonical-revision" value:"latest"} srcLabel:{key:"workload.nephio.org/oai" value:"udm"} srcIP:"192.168.1.54" srcPort:"48406" srcType:"Pod" dstNamespace:"oai-core" dstName:"nrf-core-5c74f7cdb4-mrk4w" dstLabel:{key:"app.kubernetes.io/managed-by" value:"configmanagement.gke.io"} dstLabel:{key:"configsync.gke.io/declared-version" value:"v1alpha1"} dstLabel:{key:"pod-template-hash" value:"5c74f7cdb4"} dstLabel:{key:"security.istio.io/tlsMode" value:"istio"} dstLabel:{key:"service.istio.io/canonical-name" value:"nrf-core"} dstLabel:{key:"service.istio.io/canonical-revision" value:"latest"} dstLabel:{key:"workload.nephio.org/oai" value:"nrf"} dstIP:"192.168.1.55" dstPort:"80" dstType:"Pod" protocol:"HTTP/2" method:"GET" path:"/nnrf-nfm/v1/nf-instances?nf-type=NRF" responseCode:503 +``` + +### 5.2 Checking Logs in MongoDB + + +We have another client (`mongo-client`) that stores all data received from the `sentryflow` into the MongoDB deployment. You can use `mongosh` to inspect the contents stored in MongoDB by executing the following command: + +``` +$ export MONGODB_POD=$(kubectl get pod -n sentryflow -l app=mongodb --context core-admin@core -o jsonpath='{.items[0].metadata.name}') +$ kubectl exec -it $MONGODB_POD -n sentryflow --context core-admin@core mongosh +``` + +Once we have entered `mongosh` we can check entries stored in the DB. SentryFlow uses DB named `sentryflow` and collection `api-logs` for storing access logs. + +An example command for retrieving all access logs stored in the database would be: + +``` +test> use sentryflow +use sentryflow +sentryflow> db["api-logs"].find() +... + { + _id: ObjectId('65ca77e4ef0f86784e2fa544'), + timestamp: '[2024-02-12T19:56:19.298Z]', + id: Long('1707767512691239'), + srcnamespace: 'free5gc-cp', + srcname: 'free5gc-nssf-566df8589f-4wwt9', + srclabel: { + 'pod-template-hash': '566df8589f', + project: 'free5gc', + 'security.istio.io/tlsMode': 'istio', + 'service.istio.io/canonical-name': 'free5gc-nssf', + 'service.istio.io/canonical-revision': 'latest', + nf: 'nssf' + }, + srcip: '192.168.1.105', + srcport: '53008', + srctype: 'Pod', + dstnamespace: 'free5gc-cp', + dstname: 'nrf-nnrf', + dstlabel: { + 'app.kubernetes.io/managed-by': 'configmanagement.gke.io', + 'app.kubernetes.io/version': 'v3.1.1', + 'configsync.gke.io/declared-version': 'v1', + nf: 'nrf', + project: 'free5gc' + }, + dstip: '10.141.104.225', + dstport: '8000', + dsttype: 'Service', + protocol: 'HTTP/2', + method: 'PUT', + path: '/nnrf-nfm/v1/nf-instances/99608079-71a4-48cd-9e0c-be0837655d2f', + responsecode: Long('201') + }, +... +``` + +Another example would involve filtering out only logs with `protocol":"HTTP/2` to specifically examine API calls: + +``` +sentryflow> db["api-logs"].find({"protocol":"HTTP/2"}) +... + { + _id: ObjectId('65cd871bb9e996068ab49250'), + timestamp: '[2024-02-15T03:38:02.636Z]', + id: Long('1707968025200999'), + srcnamespace: 'kube-system', + srcname: 'kube-scheduler-core-cxfgb-gt8tr', + srclabel: { component: 'kube-scheduler', tier: 'control-plane' }, + srcip: '172.18.0.5', + srcport: '3479', + srctype: 'Pod', + dstnamespace: 'oai-core', + dstname: 'nrf-core-696b59c448-4dn52', + dstlabel: { + 'pod-template-hash': '696b59c448', + 'security.istio.io/tlsMode': 'istio', + 'service.istio.io/canonical-name': 'nrf-core', + 'service.istio.io/canonical-revision': 'latest', + 'workload.nephio.org/oai': 'nrf', + 'app.kubernetes.io/managed-by': 'configmanagement.gke.io', + 'configsync.gke.io/declared-version': 'v1alpha1' + }, + dstip: '192.168.1.35', + dstport: '80', + dsttype: 'Pod', + protocol: 'HTTP/2', + method: 'PATCH', + path: '/nnrf-nfm/v1/nf-instances/863bdd79-b36b-4c85-b6ed-61bfc1cb5de3', + responsecode: Long('503') + }, +... +``` diff --git a/examples/nephio/oai/telemetry.yaml b/examples/nephio/oai/telemetry.yaml new file mode 100644 index 0000000..d7df065 --- /dev/null +++ b/examples/nephio/oai/telemetry.yaml @@ -0,0 +1,9 @@ +apiVersion: telemetry.istio.io/v1alpha1 +kind: Telemetry +metadata: + name: oai-logging + namespace: istio-system +spec: + accessLogging: + - providers: + - name: sentryflow diff --git a/examples/robotshop/README.md b/examples/robotshop/README.md new file mode 100644 index 0000000..635a596 --- /dev/null +++ b/examples/robotshop/README.md @@ -0,0 +1,15 @@ +# Example - robotshop + +## Installation + +https://github.com/instana/robot-shop + +Simple Microservice application. this is installed using helm. + +## Namespace Telemetry + +```kubectl create -f telemetry.yaml``` + +## Accessing the Store + +Connect to http://localhost:8080 and make API requests. diff --git a/examples/robotshop/telemetry.yaml b/examples/robotshop/telemetry.yaml new file mode 100644 index 0000000..9504c0c --- /dev/null +++ b/examples/robotshop/telemetry.yaml @@ -0,0 +1,9 @@ +apiVersion: telemetry.istio.io/v1alpha1 +kind: Telemetry +metadata: + name: robot-shop-logging + namespace: robot-shop +spec: + accessLogging: + - providers: + - name: sentryflow diff --git a/protobuf/.gitignore b/protobuf/.gitignore new file mode 100644 index 0000000..cd1cbd6 --- /dev/null +++ b/protobuf/.gitignore @@ -0,0 +1,2 @@ +.idea/ +*.pb.go \ No newline at end of file diff --git a/protobuf/Makefile b/protobuf/Makefile new file mode 100644 index 0000000..eea513e --- /dev/null +++ b/protobuf/Makefile @@ -0,0 +1,16 @@ +PROTO:=sentryflow.proto +PBGO:=$(PROTO:.proto=.pb.go) + +.PHONY: build +build: $(PBGO) go.sum + +go.sum: go.mod + go get . + +%.pb.go: %.proto + go mod tidy + protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative,require_unimplemented_servers=false $< + +.PHONY: clean +clean: + rm -f go.sum *.pb.go \ No newline at end of file diff --git a/protobuf/go.mod b/protobuf/go.mod new file mode 100644 index 0000000..6d856bd --- /dev/null +++ b/protobuf/go.mod @@ -0,0 +1,16 @@ +module github.com/5GSEC/sentryflow/protobuf + +go 1.19 + +require ( + google.golang.org/grpc v1.61.1 + google.golang.org/protobuf v1.32.0 +) + +require ( + github.com/golang/protobuf v1.5.3 // indirect + golang.org/x/net v0.18.0 // indirect + golang.org/x/sys v0.14.0 // indirect + golang.org/x/text v0.14.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect +) diff --git a/protobuf/go.sum b/protobuf/go.sum new file mode 100644 index 0000000..3ca0166 --- /dev/null +++ b/protobuf/go.sum @@ -0,0 +1,20 @@ +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= +google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= diff --git a/protobuf/sentryflow.proto b/protobuf/sentryflow.proto new file mode 100644 index 0000000..9421b5a --- /dev/null +++ b/protobuf/sentryflow.proto @@ -0,0 +1,44 @@ +syntax = "proto3"; + +package protobuf; + +option go_package = "sentryflow/protobuf"; + +message ClientInfo { + string hostName = 1; + string IPAddress = 2; +} + +message APILog { + uint64 id = 1; + string timeStamp = 2; + + string srcNamespace = 11; + string srcName = 12; + map srcLabel = 13; + string srcType = 16; + string srcIP = 17; + string srcPort = 18; + + string dstNamespace = 21; + string dstName = 22; + map dstLabel = 23; + string dstType = 26; + string dstIP = 27; + string dstPort = 28; + + string protocol = 31; + string method = 32; + string path = 33; + int32 responseCode = 34; +} + +message APIMetric { + map perAPICounts = 1; + // @todo: add some more metrics here +} + +service SentryFlow { + rpc GetLog(ClientInfo) returns (stream APILog); + rpc GetAPIMetrics(ClientInfo) returns (APIMetric); +} diff --git a/sentryflow-clients/Makefile b/sentryflow-clients/Makefile new file mode 100644 index 0000000..51933e4 --- /dev/null +++ b/sentryflow-clients/Makefile @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: Apache-2.0 + +.PHONY: gofmt +gofmt: + cd $(CURDIR); gofmt -w -s -d $(shell find . -type f -name '*.go' -print) + +.PHONY: golint +golint: +ifeq (, $(shell which golint)) + @{ \ + set -e ;\ + GOLINT_TEMP_DIR=$$(mktemp -d) ;\ + cd $$GOLINT_TEMP_DIR ;\ + go mod init tmp ;\ + go get golang.org/x/lint/golint ;\ + go install golang.org/x/lint/golint ;\ + rm -rf $$GOLINT_TEMP_DIR ;\ + } +endif + cd $(CURDIR); golint ./... + +.PHONY: gosec +gosec: +ifeq (, $(shell which gosec)) + @{ \ + set -e ;\ + GOSEC_TEMP_DIR=$$(mktemp -d) ;\ + cd $$GOSEC_TEMP_DIR ;\ + go mod init tmp ;\ + go get github.com/securego/gosec/v2/cmd/gosec ;\ + go install github.com/securego/gosec/v2/cmd/gosec ;\ + rm -rf $$GOSEC_TEMP_DIR ;\ + } +endif + cd $(CURDIR); gosec -exclude=G402 ./... \ No newline at end of file diff --git a/sentryflow-clients/README.md b/sentryflow-clients/README.md new file mode 100644 index 0000000..999453c --- /dev/null +++ b/sentryflow-clients/README.md @@ -0,0 +1,2 @@ +# SentryFlow Clients + diff --git a/sentryflow-clients/log-client/Dockerfile b/sentryflow-clients/log-client/Dockerfile new file mode 100644 index 0000000..e0f7f5b --- /dev/null +++ b/sentryflow-clients/log-client/Dockerfile @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: Apache-2.0 + +### Builder + +FROM golang:1.19-alpine3.17 as builder + +RUN apk --no-cache update +RUN apk add --no-cache git clang llvm make gcc protobuf + +RUN mkdir /app +RUN mkdir /protobuf + +WORKDIR /protobuf + +COPY /protobuf . + +WORKDIR /app + +COPY /sentryflow-clients/log-client . + +RUN go install github.com/golang/protobuf/protoc-gen-go@latest +RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest +RUN go build -o log-client + +### Make executable image + +FROM alpine:3.18 as client + +RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories + +RUN apk --no-cache update +RUN apk add bash + +COPY --from=builder /app/log-client / + +CMD ["/log-client"] diff --git a/sentryflow-clients/log-client/Makefile b/sentryflow-clients/log-client/Makefile new file mode 100644 index 0000000..7b8bfdb --- /dev/null +++ b/sentryflow-clients/log-client/Makefile @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: Apache-2.0 + +IMAGE_NAME = 5gsec/sentryflow-log-client +TAG = v0.1 + +.PHONY: build + +build: + docker build -t $(IMAGE_NAME):$(TAG) -f ./Dockerfile ../../ + +.PHONY: clean + +clean: + docker rmi $(IMAGE_NAME):$(TAG) + +.PHONY: run + +run: + docker run -it --rm $(IMAGE_NAME):$(TAG) diff --git a/sentryflow-clients/log-client/common/config.go b/sentryflow-clients/log-client/common/config.go new file mode 100644 index 0000000..ad58d25 --- /dev/null +++ b/sentryflow-clients/log-client/common/config.go @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: Apache-2.0 + +package common + +import ( + "errors" + "fmt" + "os" + "strconv" +) + +type Config struct { + ServerAddr string + ServerPort int +} + +// Cfg is for global reference +var Cfg Config + +// LoadEnvVars loads environment variables and stores them as global variable +func LoadEnvVars() (Config, error) { + var err error + + // load listen address and check if valid + Cfg.ServerAddr = os.Getenv("SERVER_ADDR") + + // load listen port and check if valid + Cfg.ServerPort, err = strconv.Atoi(os.Getenv("SERVER_PORT")) + if err != nil { + msg := fmt.Sprintf("invalid server port %s: %v", os.Getenv("SERVER_PORT"), err) + return Cfg, errors.New(msg) + } + + return Cfg, nil +} diff --git a/sentryflow-clients/log-client/go.mod b/sentryflow-clients/log-client/go.mod new file mode 100644 index 0000000..3b9c87b --- /dev/null +++ b/sentryflow-clients/log-client/go.mod @@ -0,0 +1,19 @@ +module log-client + +go 1.19 + +replace sentryflow/protobuf => ../../protobuf + +require ( + google.golang.org/grpc v1.61.1 + sentryflow/protobuf v0.0.0-00010101000000-000000000000 +) + +require ( + github.com/golang/protobuf v1.5.3 // indirect + golang.org/x/net v0.20.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/text v0.14.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1 // indirect + google.golang.org/protobuf v1.32.0 // indirect +) diff --git a/sentryflow-clients/log-client/go.sum b/sentryflow-clients/log-client/go.sum new file mode 100644 index 0000000..75a2c7a --- /dev/null +++ b/sentryflow-clients/log-client/go.sum @@ -0,0 +1,20 @@ +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1 h1:gphdwh0npgs8elJ4T6J+DQJHPVF7RsuJHCfwztUb4J4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA= +google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= diff --git a/sentryflow-clients/log-client/main.go b/sentryflow-clients/log-client/main.go new file mode 100644 index 0000000..27767e9 --- /dev/null +++ b/sentryflow-clients/log-client/main.go @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "context" + "fmt" + "google.golang.org/grpc" + _ "google.golang.org/grpc/encoding/gzip" // If not set, encoding problem occurs https://stackoverflow.com/questions/74062727 + "io" + "log" + "log-client/common" + "os" + "sentryflow/protobuf" +) + +func main() { + // Load environment variables + cfg, err := common.LoadEnvVars() + if err != nil { + log.Fatalf("Could not load environment variables: %v", err) + } + + // Construct address and start listening + addr := fmt.Sprintf("%s:%d", cfg.ServerAddr, cfg.ServerPort) + + // Set up a connection to the server. + conn, err := grpc.Dial(addr, grpc.WithInsecure()) + if err != nil { + log.Fatalf("could not connect: %v", err) + } + defer conn.Close() + + // Start serving gRPC server + log.Printf("[gRPC] Successfully connected to %s", addr) + + // Create a client for the SentryFlow service + client := protobuf.NewSentryFlowClient(conn) + + hostname, err := os.Hostname() + if err != nil { + log.Fatalf("could not find hostname: %v", err) + } + + // Define the client information + clientInfo := &protobuf.ClientInfo{ + HostName: hostname, + } + + // Contact the server and print out its response + stream, err := client.GetLog(context.Background(), clientInfo) + if err != nil { + log.Fatalf("could not get log: %v", err) + } + + for { + data, err := stream.Recv() + if err == io.EOF { + break + } + if err != nil { + log.Fatalf("failed to receive log: %v", err) + } + log.Printf("[Client] Received log: %v", data) + } +} diff --git a/sentryflow-clients/mongo-client/Dockerfile b/sentryflow-clients/mongo-client/Dockerfile new file mode 100644 index 0000000..1a0d3ca --- /dev/null +++ b/sentryflow-clients/mongo-client/Dockerfile @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: Apache-2.0 + +### Builder + +FROM golang:1.19-alpine3.17 as builder + +RUN apk --no-cache update +RUN apk add --no-cache git clang llvm make gcc protobuf + +RUN mkdir /app +RUN mkdir /protobuf + +WORKDIR /protobuf + +COPY /protobuf . + +WORKDIR /app + +COPY /sentryflow-clients/mongo-client . + +RUN go install github.com/golang/protobuf/protoc-gen-go@latest +RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest +RUN go build -o mongo-client + +### Make executable image + +FROM alpine:3.18 as client + +RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories + +RUN apk --no-cache update +RUN apk add bash + +COPY --from=builder /app/mongo-client / + +CMD ["/mongo-client"] diff --git a/sentryflow-clients/mongo-client/Makefile b/sentryflow-clients/mongo-client/Makefile new file mode 100644 index 0000000..c1cba29 --- /dev/null +++ b/sentryflow-clients/mongo-client/Makefile @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: Apache-2.0 + +IMAGE_NAME = 5gsec/sentryflow-mongo-client +TAG = v0.1 + +.PHONY: build + +build: + docker build -t $(IMAGE_NAME):$(TAG) -f ./Dockerfile ../../ + +.PHONY: clean + +clean: + docker rmi $(IMAGE_NAME):$(TAG) + +.PHONY: run + +run: + docker run -it --rm $(IMAGE_NAME):$(TAG) diff --git a/sentryflow-clients/mongo-client/common/config.go b/sentryflow-clients/mongo-client/common/config.go new file mode 100644 index 0000000..ad58d25 --- /dev/null +++ b/sentryflow-clients/mongo-client/common/config.go @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: Apache-2.0 + +package common + +import ( + "errors" + "fmt" + "os" + "strconv" +) + +type Config struct { + ServerAddr string + ServerPort int +} + +// Cfg is for global reference +var Cfg Config + +// LoadEnvVars loads environment variables and stores them as global variable +func LoadEnvVars() (Config, error) { + var err error + + // load listen address and check if valid + Cfg.ServerAddr = os.Getenv("SERVER_ADDR") + + // load listen port and check if valid + Cfg.ServerPort, err = strconv.Atoi(os.Getenv("SERVER_PORT")) + if err != nil { + msg := fmt.Sprintf("invalid server port %s: %v", os.Getenv("SERVER_PORT"), err) + return Cfg, errors.New(msg) + } + + return Cfg, nil +} diff --git a/sentryflow-clients/mongo-client/db/dbHandler.go b/sentryflow-clients/mongo-client/db/dbHandler.go new file mode 100644 index 0000000..ae94049 --- /dev/null +++ b/sentryflow-clients/mongo-client/db/dbHandler.go @@ -0,0 +1,80 @@ +// SPDX-License-Identifier: Apache-2.0 + +package db + +import ( + "context" + "errors" + "fmt" + "go.mongodb.org/mongo-driver/mongo" + "go.mongodb.org/mongo-driver/mongo/options" + "log" + "os" + protobuf "sentryflow/protobuf" + "time" +) + +type Handler struct { + client *mongo.Client + database *mongo.Database + collection *mongo.Collection + cancel context.CancelFunc + dbURL string +} + +var Manager *Handler + +// New creates a new mongoDB handler +func New() (*Handler, error) { + dbHost := os.Getenv("MONGODB_HOST") + h := Handler{} + var err error + + // Environment variable was not set + if dbHost == "" { + return nil, errors.New("$MONGODB_HOST not set") + } + + // Create a MongoDB client + h.client, err = mongo.NewClient(options.Client().ApplyURI(dbHost)) + if err != nil { + msg := fmt.Sprintf("unable to initialize monogoDB client for %s: %v", dbHost, err) + return nil, errors.New(msg) + } + + // Set timeout (10 sec) + var ctx context.Context + ctx, h.cancel = context.WithTimeout(context.Background(), 10*time.Second) + + // Try connecting the server + err = h.client.Connect(ctx) + if err != nil { + msg := fmt.Sprintf("unable to connect mongoDB server %s: %v", dbHost, err) + return nil, errors.New(msg) + } + + // Create 'sentryflow' database and 'api-logs' collection + h.database = h.client.Database("sentryflow") + h.collection = h.database.Collection("api-logs") + + Manager = &h + return &h, nil +} + +func (h *Handler) Disconnect() { + err := h.client.Disconnect(context.Background()) + if err != nil { + log.Printf("unable to properly disconnect: %v", err) + } + + return +} + +func (h *Handler) InsertData(data *protobuf.APILog) error { + _, err := h.collection.InsertOne(context.Background(), data) + if err != nil { + return err + } + + return nil +} diff --git a/sentryflow-clients/mongo-client/go.mod b/sentryflow-clients/mongo-client/go.mod new file mode 100644 index 0000000..b639d95 --- /dev/null +++ b/sentryflow-clients/mongo-client/go.mod @@ -0,0 +1,29 @@ +module mongo-client + +go 1.19 + +replace sentryflow/protobuf => ../../protobuf + +require ( + go.mongodb.org/mongo-driver v1.13.1 + google.golang.org/grpc v1.61.1 + sentryflow/protobuf v0.0.0-00010101000000-000000000000 +) + +require ( + github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/snappy v0.0.1 // indirect + github.com/klauspost/compress v1.13.6 // indirect + github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe // indirect + github.com/xdg-go/pbkdf2 v1.0.0 // indirect + github.com/xdg-go/scram v1.1.2 // indirect + github.com/xdg-go/stringprep v1.0.4 // indirect + github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect + golang.org/x/crypto v0.15.0 // indirect + golang.org/x/net v0.18.0 // indirect + golang.org/x/sync v0.5.0 // indirect + golang.org/x/sys v0.14.0 // indirect + golang.org/x/text v0.14.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect + google.golang.org/protobuf v1.32.0 // indirect +) diff --git a/sentryflow-clients/mongo-client/go.sum b/sentryflow-clients/mongo-client/go.sum new file mode 100644 index 0000000..b583272 --- /dev/null +++ b/sentryflow-clients/mongo-client/go.sum @@ -0,0 +1,72 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= +github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc= +github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe h1:iruDEfMl2E6fbMZ9s0scYfZQ84/6SPL6zC8ACM2oIL0= +github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= +github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c= +github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= +github.com/xdg-go/scram v1.1.2 h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY= +github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= +github.com/xdg-go/stringprep v1.0.4 h1:XLI/Ng3O1Atzq0oBs3TWm+5ZVgkq2aqdlvP9JtoZ6c8= +github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= +github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA= +github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk= +go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= +golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= +golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= +google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= diff --git a/sentryflow-clients/mongo-client/main.go b/sentryflow-clients/mongo-client/main.go new file mode 100644 index 0000000..d41651f --- /dev/null +++ b/sentryflow-clients/mongo-client/main.go @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "context" + "fmt" + "google.golang.org/grpc" + "io" + "log" + "mongo-client/common" + "mongo-client/db" + "os" + protobuf "sentryflow/protobuf" +) + +func main() { + // Init DB + _, err := db.New() + if err != nil { + log.Fatalf("Unable to intialize DB: %v", err) + } + + // Load environment variables + cfg, err := common.LoadEnvVars() + if err != nil { + log.Fatalf("Could not load environment variables: %v", err) + } + + // Construct address and start listening + addr := fmt.Sprintf("%s:%d", cfg.ServerAddr, cfg.ServerPort) + + // Set up a connection to the server. + conn, err := grpc.Dial(addr, grpc.WithInsecure()) + if err != nil { + log.Fatalf("could not connect: %v", err) + } + defer conn.Close() + + // Start serving gRPC server + log.Printf("[gRPC] Successfully connected to %s", addr) + + // Create a client for the SentryFlow service. + client := protobuf.NewSentryFlowClient(conn) + + hostname, err := os.Hostname() + if err != nil { + log.Fatalf("could not find hostname: %v", err) + } + + // Define the client information. + clientInfo := &protobuf.ClientInfo{ + HostName: hostname, + } + + // Contact the server and print out its response. + stream, err := client.GetLog(context.Background(), clientInfo) + if err != nil { + log.Fatalf("could not get log: %v", err) + } + + for { + data, err := stream.Recv() + if err == io.EOF { + break + } + if err != nil { + log.Fatalf("failed to receive log: %v", err) + } + + err = db.Manager.InsertData(data) + if err != nil { + log.Printf("[DB] Failed to store data to DB: %v", err) + } + } +} diff --git a/sentryflow/.gitignore b/sentryflow/.gitignore new file mode 100644 index 0000000..62c8935 --- /dev/null +++ b/sentryflow/.gitignore @@ -0,0 +1 @@ +.idea/ \ No newline at end of file diff --git a/sentryflow/Dockerfile b/sentryflow/Dockerfile new file mode 100644 index 0000000..d6305aa --- /dev/null +++ b/sentryflow/Dockerfile @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: Apache-2.0 + +### Builder + +FROM golang:1.19-alpine3.17 as builder + +RUN apk --no-cache update +RUN apk add --no-cache git clang llvm make gcc protobuf make +RUN go install github.com/golang/protobuf/protoc-gen-go@latest +RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest + +RUN mkdir /app +RUN mkdir /protobuf + +WORKDIR /protobuf +COPY /protobuf . +RUN go mod tidy +RUN make build + +WORKDIR /app +COPY /sentryflow . + +RUN go mod tidy +RUN go build -o sentryflow + +### Make executable image + +FROM alpine:3.18 as sentryflow + +RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories + +RUN apk --no-cache update +RUN apk add bash + +COPY --from=builder /app/sentryflow . + +CMD ["./sentryflow"] diff --git a/sentryflow/Makefile b/sentryflow/Makefile new file mode 100644 index 0000000..738596d --- /dev/null +++ b/sentryflow/Makefile @@ -0,0 +1,56 @@ +# SPDX-License-Identifier: Apache-2.0 + +IMAGE_NAME = 5gsec/sentryflow +TAG = v0.1 + + +.PHONY: build +build: + go mod tidy + go build -o sentryflow + +.PHONY: image +image: + docker build -t $(IMAGE_NAME):$(TAG) -f ./Dockerfile ../ + +.PHONY: clean +clean: + docker rmi $(IMAGE_NAME):$(TAG) + +.PHONY: run +run: + docker run -it --rm $(IMAGE_NAME):$(TAG) + +.PHONY: gofmt +gofmt: + cd $(CURDIR); gofmt -w -s -d $(shell find . -type f -name '*.go' -print) + +.PHONY: golint +golint: +ifeq (, $(shell which golint)) + @{ \ + set -e ;\ + GOLINT_TEMP_DIR=$$(mktemp -d) ;\ + cd $$GOLINT_TEMP_DIR ;\ + go mod init tmp ;\ + go get golang.org/x/lint/golint ;\ + go install golang.org/x/lint/golint ;\ + rm -rf $$GOLINT_TEMP_DIR ;\ + } +endif + cd $(CURDIR); golint ./... + +.PHONY: gosec +gosec: +ifeq (, $(shell which gosec)) + @{ \ + set -e ;\ + GOSEC_TEMP_DIR=$$(mktemp -d) ;\ + cd $$GOSEC_TEMP_DIR ;\ + go mod init tmp ;\ + go get github.com/securego/gosec/v2/cmd/gosec ;\ + go install github.com/securego/gosec/v2/cmd/gosec ;\ + rm -rf $$GOSEC_TEMP_DIR ;\ + } +endif + cd $(CURDIR); gosec -exclude=G402 ./... diff --git a/sentryflow/config/config.go b/sentryflow/config/config.go new file mode 100644 index 0000000..dd2ac60 --- /dev/null +++ b/sentryflow/config/config.go @@ -0,0 +1,92 @@ +// SPDX-License-Identifier: Apache-2.0 + +package config + +import ( + "flag" + "fmt" + "log" + "os" + "strings" + + "github.com/spf13/viper" +) + +// NumbatConfig structure +type NumbatConfig struct { + OtelGRPCListenAddr string // IP address to use for OTEL gRPC + OtelGRPCListenPort string // Port to use for OTEL gRPC + + CustomExportListenAddr string // IP address to use for custom exporter gRPC + CustomExportListenPort string // Port to use for custom exporter gRPC + + PatchNamespace bool // Enable/Disable patching namespace for Istio injection + PatchRestartDeployments bool // Enable/Disable restarting deployments after patching + + Debug bool // Enable/Disable SentryFlow debug mode +} + +// GlobalCfg Global configuration for SentryFlow +var GlobalCfg NumbatConfig + +// Config const +const ( + OtelGRPCListenAddr string = "otelGRPCListenAddr" + OtelGRPCListenPort string = "otelGRPCListenPort" + CustomExportListenAddr string = "customExportListenAddr" + CustomExportListenPort string = "customExportListenPort" + PatchNamespace string = "patchNamespace" + PatchRestartDeployments string = "patchRestartDeployments" + Debug string = "debug" +) + +func readCmdLineParams() { + otelGRPCListenAddrStr := flag.String(OtelGRPCListenAddr, "0.0.0.0", "OTEL gRPC server listen address") + otelGRPCListenPortStr := flag.String(OtelGRPCListenPort, "4317", "OTEL gRPC server listen port") + customExportListenAddrStr := flag.String(CustomExportListenAddr, "0.0.0.0", "Custom export gRPC server listen address") + customExportListenPortStr := flag.String(CustomExportListenPort, "8080", "Custom export gRPC server listen port") + patchNamespaceB := flag.Bool(PatchNamespace, false, "Enable/Disable patching Istio injection to all namespaces") + patchRestartDeploymentsB := flag.Bool(PatchRestartDeployments, false, "Enable/Disable restarting deployments in all namespaces") + configDebugB := flag.Bool(Debug, false, "Enable/Disable debugging mode using logs") + + var flags []string + flag.VisitAll(func(f *flag.Flag) { + kv := fmt.Sprintf("%s:%v", f.Name, f.Value) + flags = append(flags, kv) + }) + log.Printf("Arguments [%s]", strings.Join(flags, " ")) + + flag.Parse() + + viper.SetDefault(OtelGRPCListenAddr, *otelGRPCListenAddrStr) + viper.SetDefault(OtelGRPCListenPort, *otelGRPCListenPortStr) + viper.SetDefault(CustomExportListenAddr, *customExportListenAddrStr) + viper.SetDefault(CustomExportListenPort, *customExportListenPortStr) + viper.SetDefault(PatchNamespace, *patchNamespaceB) + viper.SetDefault(PatchRestartDeployments, *patchRestartDeploymentsB) + viper.SetDefault(Debug, *configDebugB) +} + +// LoadConfig Load configuration +func LoadConfig() error { + // Read configuration from command line + readCmdLineParams() + + // Read environment variable, those are upper-cased + viper.AutomaticEnv() + + // todo: read configuration from config file + _ = os.Getenv("NUMBAT_CFG") + + GlobalCfg.OtelGRPCListenAddr = viper.GetString(OtelGRPCListenAddr) + GlobalCfg.OtelGRPCListenPort = viper.GetString(OtelGRPCListenPort) + GlobalCfg.CustomExportListenAddr = viper.GetString(CustomExportListenAddr) + GlobalCfg.CustomExportListenPort = viper.GetString(CustomExportListenPort) + GlobalCfg.PatchNamespace = viper.GetBool(PatchNamespace) + GlobalCfg.PatchRestartDeployments = viper.GetBool(PatchRestartDeployments) + GlobalCfg.Debug = viper.GetBool(Debug) + + log.Printf("Configuration [%+v]", GlobalCfg) + + return nil +} diff --git a/sentryflow/core/k8sHandler.go b/sentryflow/core/k8sHandler.go new file mode 100644 index 0000000..1ffae22 --- /dev/null +++ b/sentryflow/core/k8sHandler.go @@ -0,0 +1,521 @@ +// SPDX-License-Identifier: Apache-2.0 + +package core + +import ( + "context" + "github.com/5GSEC/sentryflow/config" + "github.com/5GSEC/sentryflow/types" + "gopkg.in/yaml.v2" + corev1 "k8s.io/api/core/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/cache" + "log" + "sync" + "time" +) + +// K8s global reference for Kubernetes Handler +var K8s *K8sHandler + +// init Function +func init() { + K8s = NewK8sHandler() +} + +// K8sHandler Structure +type K8sHandler struct { + config *rest.Config + clientSet *kubernetes.Clientset + + listWatchers map[string]*cache.ListWatch + informers map[string]cache.Controller + podMap map[string]*corev1.Pod // This map is NOT thread safe, meaning that race condition might occur + svcMap map[string]*corev1.Service // This map is NOT thread safe, meaning that race condition might occur +} + +// NewK8sHandler Function +func NewK8sHandler() *K8sHandler { + kh := &K8sHandler{ + listWatchers: make(map[string]*cache.ListWatch), + podMap: make(map[string]*corev1.Pod), + svcMap: make(map[string]*corev1.Service), + informers: make(map[string]cache.Controller), + } + + return kh +} + +// InitK8sClient Function +func (kh *K8sHandler) InitK8sClient() bool { + var err error + + // Initialize in cluster config + kh.config, err = rest.InClusterConfig() + if err != nil { + return false + } + + // Initialize Kubernetes clientSet + kh.clientSet, err = kubernetes.NewForConfig(kh.config) + if err != nil { + return false + } + + watchTargets := []string{"pods", "services"} + + // Look for existing resources in the cluster, create map + kh.initExistingResources() + + // Initialize watchers and informers for services and pods + // This will not run the informers yet + kh.initWatchers(watchTargets) + kh.initInformers() + + return true +} + +// initWatchers initializes watchers for pods and services in cluster +func (kh *K8sHandler) initWatchers(watchTargets []string) { + // Initialize watch for pods and services + for _, target := range watchTargets { + watcher := cache.NewListWatchFromClient( + kh.clientSet.CoreV1().RESTClient(), + target, + corev1.NamespaceAll, + fields.Everything(), + ) + kh.listWatchers[target] = watcher + } +} + +// initExistingResources will create a mapping table for existing services and pods into IPs +// This is required since informers are NOT going to see existing resources until they are updated, created or deleted +// Todo: Refactor this function, this is kind of messy +func (kh *K8sHandler) initExistingResources() { + // List existing Pods + podList, err := kh.clientSet.CoreV1().Pods(corev1.NamespaceAll).List(context.TODO(), v1.ListOptions{}) + if err != nil { + log.Print("Error listing Pods:", err.Error()) + } + + // Add existing Pods to the podMap + for _, pod := range podList.Items { + currentPod := pod + kh.podMap[pod.Status.PodIP] = ¤tPod + log.Printf("[K8s] Add existing pod %s: %s/%s", pod.Status.PodIP, pod.Namespace, pod.Name) + } + + // List existing Services + serviceList, err := kh.clientSet.CoreV1().Services(corev1.NamespaceAll).List(context.TODO(), v1.ListOptions{}) + if err != nil { + log.Print("Error listing Services:", err.Error()) + } + + // Add existing Services to the svcMap + for _, service := range serviceList.Items { + currentService := service // This will solve G601 for gosec + + // Check if the service has a LoadBalancer type + if service.Spec.Type == "LoadBalancer" { + for _, lbIngress := range service.Status.LoadBalancer.Ingress { + lbIP := lbIngress.IP + if lbIP != "" { + kh.svcMap[lbIP] = ¤tService + log.Printf("[K8s] Add existing service (LoadBalancer) %s: %s/%s", lbIP, service.Namespace, service.Name) + } + } + } else { + kh.svcMap[service.Spec.ClusterIP] = ¤tService + if len(service.Spec.ExternalIPs) != 0 { + for _, eIP := range service.Spec.ExternalIPs { + kh.svcMap[eIP] = ¤tService + log.Printf("[K8s] Add existing service %s: %s/%s", eIP, service.Namespace, service.Name) + } + } + } + } +} + +// initInformers initializes informers for services and pods in cluster +func (kh *K8sHandler) initInformers() { + // Create Pod controller informer + _, pc := cache.NewInformer( + kh.listWatchers["pods"], + &corev1.Pod{}, + time.Second*0, + cache.ResourceEventHandlerFuncs{ + AddFunc: func(obj interface{}) { // Add pod information + pod := obj.(*corev1.Pod) + kh.podMap[pod.Status.PodIP] = pod + }, + UpdateFunc: func(oldObj, newObj interface{}) { // Update pod information + newPod := newObj.(*corev1.Pod) + kh.podMap[newPod.Status.PodIP] = newPod + }, + DeleteFunc: func(obj interface{}) { // Remove deleted pod information + pod := obj.(*corev1.Pod) + delete(kh.podMap, pod.Status.PodIP) + }, + }, + ) + + kh.informers["pods"] = pc + + // Create Service controller informer + _, sc := cache.NewInformer( + kh.listWatchers["services"], + &corev1.Service{}, + time.Second*0, + cache.ResourceEventHandlerFuncs{ + AddFunc: func(obj interface{}) { // Add service information + service := obj.(*corev1.Service) + + if service.Spec.Type == "LoadBalancer" { + for _, lbIngress := range service.Status.LoadBalancer.Ingress { + lbIP := lbIngress.IP + if lbIP != "" { + kh.svcMap[lbIP] = service + } + } + } else { + kh.svcMap[service.Spec.ClusterIP] = service + if len(service.Spec.ExternalIPs) != 0 { + for _, eIP := range service.Spec.ExternalIPs { + kh.svcMap[eIP] = service + } + } + } + }, + UpdateFunc: func(oldObj, newObj interface{}) { // Update service information + newService := newObj.(*corev1.Service) + if newService.Spec.Type == "LoadBalancer" { + for _, lbIngress := range newService.Status.LoadBalancer.Ingress { + lbIP := lbIngress.IP + if lbIP != "" { + kh.svcMap[lbIP] = newService + } + } + } else { + kh.svcMap[newService.Spec.ClusterIP] = newService + if len(newService.Spec.ExternalIPs) != 0 { + for _, eIP := range newService.Spec.ExternalIPs { + kh.svcMap[eIP] = newService + } + } + } + }, + DeleteFunc: func(obj interface{}) { + service := obj.(*corev1.Service) + if service.Spec.Type == "LoadBalancer" { + for _, lbIngress := range service.Status.LoadBalancer.Ingress { + lbIP := lbIngress.IP + if lbIP != "" { + delete(kh.svcMap, lbIP) + } + } + } else { + delete(kh.svcMap, service.Spec.ClusterIP) // Remove deleted service information + if len(service.Spec.ExternalIPs) != 0 { + for _, eIP := range service.Spec.ExternalIPs { + delete(kh.svcMap, eIP) + } + } + } + }, + }, + ) + + kh.informers["services"] = sc +} + +// RunInformers starts running informers +func (kh *K8sHandler) RunInformers(stopCh chan struct{}, wg *sync.WaitGroup) { + wg.Add(1) + for name, informer := range kh.informers { + name := name + informer := informer + go func() { + log.Printf("[K8s] Started informers for %s", name) + informer.Run(stopCh) + + defer wg.Done() + }() + } + + log.Printf("[K8s] Started all informers") +} + +// lookupIPAddress Function +func (kh *K8sHandler) lookupIPAddress(ipAddr string) interface{} { + // Look for pod map first + pod, ok := kh.podMap[ipAddr] + if ok { + return pod + } + + // Look for service map + service, ok := kh.svcMap[ipAddr] + if ok { + return service + } + + return nil +} + +// LookupNetworkedResource Function +func LookupNetworkedResource(srcIP string) types.K8sNetworkedResource { + ret := types.K8sNetworkedResource{ + Name: "Unknown", + Namespace: "Unknown", + Labels: make(map[string]string), + Type: types.K8sResourceTypeUnknown, + } + + // Find Kubernetes resource from source IP (service or a pod) + raw := K8s.lookupIPAddress(srcIP) + + // Currently supports Service or Pod + switch raw.(type) { + case *corev1.Pod: + pod, ok := raw.(*corev1.Pod) + if ok { + ret.Name = pod.Name + ret.Namespace = pod.Namespace + ret.Labels = pod.Labels + ret.Type = types.K8sResourceTypePod + } + case *corev1.Service: + svc, ok := raw.(*corev1.Service) + if ok { + ret.Name = svc.Name + ret.Namespace = svc.Namespace + ret.Labels = svc.Labels + ret.Type = types.K8sResourceTypeService + } + default: + ret.Type = types.K8sResourceTypeUnknown + } + + return ret +} + +// PatchIstioConfigMap patches the Istio's configmap for meshConfig +// This will make istio know that there is an exporter with envoyOtelAls +func (kh *K8sHandler) PatchIstioConfigMap() error { + // Get the ConfigMap istio-system/istio + configMap, err := kh.clientSet.CoreV1(). + ConfigMaps("istio-system"). + Get(context.Background(), "istio", v1.GetOptions{}) + if err != nil { + // Handle error + log.Fatalf("[Patcher] Unable to retrieve configmap istio-system/istio :%v", err) + return err + } + + // Define a map to represent the structure of the mesh configuration + var meshConfig map[string]interface{} + + // Unmarshal the YAML string into the map + meshConfigStr := configMap.Data["mesh"] + err = yaml.Unmarshal([]byte(meshConfigStr), &meshConfig) + if err != nil { + // Handle error + log.Fatalf("[Patcher] Unable to unmarshall configmap istio-system/istio :%v", err) + return err + } + + // Work with defaultProviders.accessLogs + dp, exists := meshConfig["defaultProviders"].(map[interface{}]interface{})["accessLogs"] + if !exists { // Add defaultProviders.accessLogs if it does not exist + meshConfig["defaultProviders"].(map[interface{}]interface{})["accessLogs"] = []string{"sentryflow"} + } else { // Just add a new entry sentryflow if it exists + dpSlice := dp.([]interface{}) // @todo find better solution for this + duplicate := false + for _, entry := range dpSlice { + if entry == "sentryflow" { + // If "sentryflow" already exists, do nothing + log.Printf("[Patcher] istio-system/istio ConfigMap has " + + "sentryflow under defaultProviders.accessLogs, ignoring... ") + duplicate = true + break + } + } + + // If "sentryflow" does not exist, append it + if !duplicate { + dpSlice = append(dpSlice, "sentryflow") + meshConfig["defaultProviders"].(map[interface{}]interface{})["accessLogs"] = dpSlice + } + } + + // ExtensionProvider for our service + eps := map[interface{}]interface{}{ + "name": "sentryflow", + "envoyOtelAls": map[interface{}]interface{}{ + "service": "sentryflow.sentryflow.svc.cluster.local", + "port": config.GlobalCfg.OtelGRPCListenPort, + }, + } + + // Work with extensionProviders + ep, exists := meshConfig["extensionProviders"] + if !exists { + // Create extensionProviders as a slice containing only the eps map + meshConfig["extensionProviders"] = []map[interface{}]interface{}{eps} + } else { + // Check if eps already exists in extensionProviders + epSlice, ok := ep.([]interface{}) + if !ok { + // handle the case where ep is not []interface{} + log.Printf("[Patcher] istio-system/istio ConfigMap extensionProviders has unexpected type") + } + + duplicate := false + for _, entry := range epSlice { + entryMap, ok := entry.(map[interface{}]interface{}) + if !ok { + // handle the case where an entry is not map[interface{}]interface{} + log.Printf("[Patcher] istio-system/istio ConfigMap extensionProviders entry has unexpected type") + } + if entryMap["name"] == eps["name"] { + // If "sentryflow" already exists, do nothing + log.Printf("[Patcher] istio-system/istio ConfigMap has sentryflow under extensionProviders, ignoring... ") + duplicate = true + break + } + } + + // Append eps to the existing slice + if !duplicate { + meshConfig["extensionProviders"] = append(ep.([]map[interface{}]interface{}), eps) + } + } + + // Update the ConfigMap data with the modified meshConfig + updatedMeshConfig, err := yaml.Marshal(meshConfig) + if err != nil { + // Handle error + log.Fatalf("[Patcher] Unable to marshal updated meshConfig to YAML: %v", err) + return err + } + + // Convert the []byte to string + configMap.Data["mesh"] = string(updatedMeshConfig) + + // Preview changes, for debugging + if config.GlobalCfg.Debug { + log.Printf("[PATCH] Patching istio-system/istio ConfigMap as: \n%v", configMap) + } + + // Patch the ConfigMap back to the cluster + updatedConfigMap, err := kh.clientSet.CoreV1(). + ConfigMaps("istio-system"). + Update(context.Background(), configMap, v1.UpdateOptions{}) + if err != nil { + // Handle error + log.Fatalf("[Patcher] Unable to update configmap istio-system/istio :%v", err) + return err + } + + // Update successful + if config.GlobalCfg.Debug { + log.Printf("[Patcher] Updated istio-system/istio ConfigMap as: \n%v", updatedConfigMap) + } + return nil +} + +// PatchNamespaces patches namespaces for adding istio injection +func (kh *K8sHandler) PatchNamespaces() error { + // Get the list of namespaces + namespaces, err := kh.clientSet.CoreV1().Namespaces().List(context.Background(), v1.ListOptions{}) + if err != nil { + // Handle error + log.Fatalf("[Patcher] Unable to list namespaces: %v", err) + return err + } + + // Loop through each namespace and update it with the desired labels + // @todo make this skip adding labeles to namespaces which are defined in the config + for _, ns := range namespaces.Items { + currentNs := ns + + // We are not going to inject sidecars to sentryflow namespace + if currentNs.Name == "sentryflow" { + continue + } + + // Add istio-injection="enabled" for namespaces + currentNs.Labels["istio-injection"] = "enabled" + + // Update the namespace in the cluster + updatedNamespace, err := kh.clientSet.CoreV1().Namespaces().Update(context.TODO(), ¤tNs, v1.UpdateOptions{ + FieldManager: "patcher", + }) + if err != nil { + log.Printf("[Patcher] Unable to update namespace %s: %v", currentNs.Name, err) + return err + } + + log.Printf("[Patcher] Updated Namespace: %s\n", updatedNamespace.Name) + } + + return nil +} + +// PatchRestartDeployments restarts the deployments in namespaces which were applied with "istio-injection": "enabled" +func (kh *K8sHandler) PatchRestartDeployments() error { + // Get the list of all deployments in all namespaces + deployments, err := kh.clientSet.AppsV1().Deployments("").List(context.Background(), v1.ListOptions{}) + if err != nil { + // Handle error + log.Fatalf("[Patcher] Unable to list deployments: %v", err) + return err + } + + // Iterate over each deployment and restart it + for _, deployment := range deployments.Items { + // We are not going to inject sidecars to sentryflow namespace + if deployment.Namespace == "sentryflow" { + continue + } + + // Restart the deployment + err := kh.restartDeployment(deployment.Namespace, deployment.Name) + if err != nil { + // Handle error + log.Printf("[Patcher] Unable to restart deployment %s/%s: %v", deployment.Namespace, deployment.Name, err) + continue + } + + log.Printf("[Patcher] Deployment %s/%s restarted", deployment.Namespace, deployment.Name) + } + + return nil +} + +// restartDeployment performs a rolling restart for a deployment in the specified namespace +// @todo: fix this, this DOES NOT restart deployments +func (kh *K8sHandler) restartDeployment(namespace string, deploymentName string) error { + deploymentClient := kh.clientSet.AppsV1().Deployments(namespace) + + // Get the deployment to retrieve the current spec + deployment, err := deploymentClient.Get(context.Background(), deploymentName, v1.GetOptions{}) + if err != nil { + return err + } + + // Trigger a rolling restart by updating the deployment's labels or annotations + deployment.Spec.Template.ObjectMeta.Labels["restartedAt"] = v1.Now().String() + + // Update the deployment to trigger the rolling restart + _, err = deploymentClient.Update(context.TODO(), deployment, v1.UpdateOptions{}) + if err != nil { + return err + } + + return nil +} diff --git a/sentryflow/core/logHandler.go b/sentryflow/core/logHandler.go new file mode 100644 index 0000000..4be0cd1 --- /dev/null +++ b/sentryflow/core/logHandler.go @@ -0,0 +1,176 @@ +// SPDX-License-Identifier: Apache-2.0 + +package core + +import ( + "github.com/5GSEC/sentryflow/exporter" + "github.com/5GSEC/sentryflow/metrics" + "github.com/5GSEC/sentryflow/protobuf" + "github.com/5GSEC/sentryflow/types" + "log" + "strconv" + "strings" + "sync" +) + +// Lh global reference for LogHandler +var Lh *LogHandler + +// init Function +func init() { + Lh = NewLogHandler() +} + +// LogHandler Structure +type LogHandler struct { + stopChan chan struct{} + logChan chan interface{} +} + +// NewLogHandler Structure +func NewLogHandler() *LogHandler { + lh := &LogHandler{ + stopChan: make(chan struct{}), + logChan: make(chan interface{}), + } + + return lh +} + +// StartLogProcessor Function +func StartLogProcessor(wg *sync.WaitGroup) { + go Lh.logProcessingRoutine(wg) +} + +// StopLogProcessor Function +func StopLogProcessor() { + Lh.stopChan <- struct{}{} +} + +// InsertLog Function +func (lh *LogHandler) InsertLog(data interface{}) { + lh.logChan <- data +} + +// logProcessingRoutine Function +func (lh *LogHandler) logProcessingRoutine(wg *sync.WaitGroup) { + wg.Add(1) + for { + select { + case l, ok := <-lh.logChan: + if !ok { + log.Printf("[Error] Unable to process log") + } + + // Check new log's type + switch l.(type) { + case *protobuf.APILog: + go processAccessLog(l.(*protobuf.APILog)) + } + + case <-lh.stopChan: + wg.Done() + return + } + } +} + +// processAccessLog Function +func processAccessLog(al *protobuf.APILog) { + // Send AccessLog to exporter first + exporter.InsertAccessLog(al) + + // Then send AccessLog to metrics + metrics.InsertAccessLog(al) +} + +// GenerateAccessLogs Function +func GenerateAccessLogs(logText string) []*protobuf.APILog { + // @todo this needs more optimization, this code is kind of messy + // Create an array of AccessLogs for returning gRPC comm + var index int + ret := make([]*protobuf.APILog, 0) + + // Preprocess redundant chars + logText = strings.ReplaceAll(logText, `\"`, "") + logText = strings.ReplaceAll(logText, `}`, "") + + // Split logs by log_records, this is single access log instance + parts := strings.Split(logText, "log_records") + if len(parts) == 0 { + return nil + } + + // Ignore the first entry, this was the metadata "resource_logs:{resource:{ scope_logs:{" part. + for _, al := range parts[0:] { + if len(al) == 0 { + continue + } + + index = strings.Index(al, "string_value:\"") + if index == -1 { + continue + } + + result := al[index+len("string_value:\""):] + words := strings.Fields(result) + + method := words[1] + path := words[2] + protocolName := words[3] + timeStamp := words[0] + resCode, _ := strconv.ParseInt(words[4], 10, 64) + + srcInform := words[21] + dstInform := words[20] + + var srcIP string + var dstIP string + var srcPort string + var dstPort string + var colonIndex int + + // Extract the left and right words based on the colon delimiter (ADDR:PORT) + colonIndex = strings.LastIndex(srcInform, ":") + if colonIndex > 0 && colonIndex < len(srcInform)-1 { + srcIP = strings.TrimSpace(srcInform[:colonIndex]) + srcPort = strings.TrimSpace(srcInform[colonIndex+1:]) + } + + colonIndex = strings.LastIndex(dstInform, ":") + if colonIndex > 0 && colonIndex < len(dstInform)-1 { + dstIP = strings.TrimSpace(dstInform[:colonIndex]) + dstPort = strings.TrimSpace(dstInform[colonIndex+1:]) + } + + // Lookup using K8s API + src := LookupNetworkedResource(srcIP) + dst := LookupNetworkedResource(dstIP) + + // Create AccessLog in our gRPC format + cur := protobuf.APILog{ + TimeStamp: timeStamp, + Id: 0, // do 0 for now, we are going to write it later + SrcNamespace: src.Namespace, + SrcName: src.Name, + SrcLabel: src.Labels, + SrcIP: srcIP, + SrcPort: srcPort, + SrcType: types.K8sResourceTypeToString(src.Type), + DstNamespace: dst.Namespace, + DstName: dst.Name, + DstLabel: dst.Labels, + DstIP: dstIP, + DstPort: dstPort, + DstType: types.K8sResourceTypeToString(dst.Type), + Protocol: protocolName, + Method: method, + Path: path, + ResponseCode: int32(resCode), + } + + ret = append(ret, &cur) + } + + return ret +} diff --git a/sentryflow/core/otelHandler.go b/sentryflow/core/otelHandler.go new file mode 100644 index 0000000..851328e --- /dev/null +++ b/sentryflow/core/otelHandler.go @@ -0,0 +1,123 @@ +// SPDX-License-Identifier: Apache-2.0 + +package core + +import ( + "context" + "errors" + "fmt" + cfg "github.com/5GSEC/sentryflow/config" + otelLogs "go.opentelemetry.io/proto/otlp/collector/logs/v1" + "google.golang.org/grpc" + "log" + "net" + "sync" +) + +// Oh Global reference for OtelHandler +var Oh *OtelHandler +var olh *OtelLogServer + +// init Function +func init() { + Oh = NewOtelHandler() + olh = NewOtelLogServer() +} + +// OtelHandler Structure +type OtelHandler struct { + stopChan chan struct{} + + listener net.Listener + gRPCServer *grpc.Server +} + +// NewOtelHandler Function +func NewOtelHandler() *OtelHandler { + oh := &OtelHandler{ + stopChan: make(chan struct{}), + } + + return oh +} + +// InitOtelServer Function +func (oh *OtelHandler) InitOtelServer() error { + listenAddr := fmt.Sprintf("%s:%s", cfg.GlobalCfg.OtelGRPCListenAddr, cfg.GlobalCfg.OtelGRPCListenPort) + + // Start listening + lis, err := net.Listen("tcp", listenAddr) + if err != nil { + msg := fmt.Sprintf("unable to listen at %s: %v", listenAddr, err) + return errors.New(msg) + } + + // Create gRPC Server, register services + server := grpc.NewServer() + otelLogs.RegisterLogsServiceServer(server, olh) + + oh.listener = lis + oh.gRPCServer = server + + log.Printf("[OpenTelemetry] Server Listening at %s", listenAddr) + return nil +} + +// StartOtelServer Function +func (oh *OtelHandler) StartOtelServer(wg *sync.WaitGroup) error { + log.Printf("[OpenTelemetry] Starting server") + var err error + err = nil + + // Serve is blocking function + go func() { + wg.Add(1) + err = oh.gRPCServer.Serve(oh.listener) + if err != nil { + wg.Done() + return + } + + wg.Done() + }() + + return err +} + +// StopOtelServer Function +func (oh *OtelHandler) StopOtelServer() { + // Gracefully cleanup + oh.stopChan <- struct{}{} + + // Gracefully stop gRPC Server + oh.gRPCServer.GracefulStop() + + log.Printf("[OpenTelemetry] Stopped server") +} + +// OtelLogServer structure +type OtelLogServer struct { + otelLogs.UnimplementedLogsServiceServer +} + +// NewOtelLogServer Function +func NewOtelLogServer() *OtelLogServer { + return new(OtelLogServer) +} + +// Export Function +func (ols *OtelLogServer) Export(_ context.Context, req *otelLogs.ExportLogsServiceRequest) (*otelLogs.ExportLogsServiceResponse, error) { + // This is for Log.Export in OpenTelemetry format + als := GenerateAccessLogs(req.String()) + + for _, al := range als { + Lh.InsertLog(al) + } + + // For now, we will not consider partial success + ret := otelLogs.ExportLogsServiceResponse{ + PartialSuccess: nil, + } + + return &ret, nil +} diff --git a/sentryflow/core/sentryflow.go b/sentryflow/core/sentryflow.go new file mode 100644 index 0000000..ce6b901 --- /dev/null +++ b/sentryflow/core/sentryflow.go @@ -0,0 +1,151 @@ +// SPDX-License-Identifier: Apache-2.0 + +package core + +import ( + cfg "github.com/5GSEC/sentryflow/config" + "github.com/5GSEC/sentryflow/exporter" + "github.com/5GSEC/sentryflow/metrics" + "log" + "sync" +) + +// StopChan Channel +var StopChan chan struct{} + +// init Function +func init() { + StopChan = make(chan struct{}) +} + +// NumbatDaemon Structure +type NumbatDaemon struct { + WgDaemon *sync.WaitGroup +} + +// NewNumbatDaemon Function +func NewNumbatDaemon() *NumbatDaemon { + dm := new(NumbatDaemon) + + dm.WgDaemon = new(sync.WaitGroup) + + return dm +} + +// DestroyNumbatDaemon Function +func (dm *NumbatDaemon) DestroyNumbatDaemon() { + +} + +// watchK8s Function +func (dm *NumbatDaemon) watchK8s() { + K8s.RunInformers(StopChan, dm.WgDaemon) +} + +// logProcessor Function +func (dm *NumbatDaemon) logProcessor() { + StartLogProcessor(dm.WgDaemon) + log.Printf("[SentryFlow] Started log processor") +} + +// metricAnalyzer Function +func (dm *NumbatDaemon) metricAnalyzer() { + metrics.StartMetricsAnalyzer(dm.WgDaemon) + log.Printf("[SentryFlow] Started metric analyzer") +} + +// otelServer Function +func (dm *NumbatDaemon) otelServer() { + // Initialize and start OpenTelemetry Server + err := Oh.InitOtelServer() + if err != nil { + log.Fatalf("[SentryFlow] Unable to intialize OpenTelemetry Server: %v", err) + return + } + + err = Oh.StartOtelServer(dm.WgDaemon) + if err != nil { + log.Fatalf("[SentryFlow] Unable to start OpenTelemetry Server: %v", err) + return + } + + log.Printf("[SentryFlow] Started OpenTelemetry collector") +} + +// exporterServer Function +func (dm *NumbatDaemon) exporterServer() { + // Initialize and start exporter server + err := exporter.Exp.InitExporterServer() + if err != nil { + log.Fatalf("[SentryFlow] Unable to initialize Exporter Server: %v", err) + return + } + + err = exporter.Exp.StartExporterServer(dm.WgDaemon) + if err != nil { + log.Fatalf("[SentryFlow] Unable to start Exporter Server: %v", err) + } + log.Printf("[SentryFlow] Initialized exporter") +} + +// patchK8s Function +func (dm *NumbatDaemon) patchK8s() error { + err := K8s.PatchIstioConfigMap() + if err != nil { + return err + } + + if cfg.GlobalCfg.PatchNamespace { + err = K8s.PatchNamespaces() + if err != nil { + return err + } + } + + if cfg.GlobalCfg.PatchRestartDeployments { + err = K8s.PatchRestartDeployments() + if err != nil { + return err + } + } + + return nil +} + +// SentryFlow Function +func SentryFlow() { + // create a daemon + dm := NewNumbatDaemon() + + // Initialize Kubernetes client + if !K8s.InitK8sClient() { + log.Printf("[Error] Failed to initialize Kubernetes client") + dm.DestroyNumbatDaemon() + return + } + + log.Printf("[SentryFlow] Initialized Kubernetes client") + + dm.watchK8s() + log.Printf("[SentryFlow] Started to monitor Kubernetes resources") + + if dm.patchK8s() != nil { + log.Printf("[SentryFlow] Failed to patch Kubernetes") + } + log.Printf("[SentryFlow] Patched Kubernetes and Istio configuration") + + // Start log processor + dm.logProcessor() + + // Start metric analyzer + dm.metricAnalyzer() + + // Start OpenTelemetry server + dm.otelServer() + + // Start exporter server + dm.exporterServer() + + log.Printf("[SentryFlow] Successfully started SentryFlow") + dm.WgDaemon.Wait() +} diff --git a/sentryflow/exporter/exporterHandler.go b/sentryflow/exporter/exporterHandler.go new file mode 100644 index 0000000..10d43a6 --- /dev/null +++ b/sentryflow/exporter/exporterHandler.go @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: Apache-2.0 + +package exporter + +import ( + "errors" + "fmt" + cfg "github.com/5GSEC/sentryflow/config" + "github.com/5GSEC/sentryflow/protobuf" + "net" + "sync" + "time" + + "github.com/emicklei/go-restful/v3/log" + "google.golang.org/grpc" +) + +// Exp global reference for Exporter Handler +var Exp *Handler + +// init Function +func init() { + Exp = NewExporterHandler() +} + +// Handler structure +type Handler struct { + baseExecutionID uint64 + currentLogCount uint64 + logChannel chan *protobuf.APILog + lock sync.Mutex // @todo find better solution for this + stopChan chan struct{} + + exporters []*Inform + exporterLock sync.Mutex + exporterLogs chan *protobuf.APILog + + listener net.Listener + gRPCServer *grpc.Server +} + +// Inform structure +type Inform struct { + stream protobuf.SentryFlow_GetLogServer + error chan error + Hostname string + IPAddress string +} + +// NewExporterHandler Function +func NewExporterHandler() *Handler { + exp := &Handler{ + baseExecutionID: uint64(time.Now().UnixMicro()), + currentLogCount: 0, + exporters: make([]*Inform, 0), + logChannel: make(chan *protobuf.APILog), + stopChan: make(chan struct{}), + lock: sync.Mutex{}, + exporterLock: sync.Mutex{}, + exporterLogs: make(chan *protobuf.APILog), + } + + return exp +} + +// InsertAccessLog Function +func InsertAccessLog(al *protobuf.APILog) { + // Avoid race condition for currentLogCount, otherwise we might have duplicate IDs + Exp.lock.Lock() + al.Id = Exp.baseExecutionID + Exp.currentLogCount + Exp.currentLogCount++ + Exp.lock.Unlock() + + Exp.exporterLogs <- al +} + +// InitExporterServer Function +func (exp *Handler) InitExporterServer() error { + listenAddr := fmt.Sprintf("%s:%s", cfg.GlobalCfg.CustomExportListenAddr, cfg.GlobalCfg.CustomExportListenPort) + + // Start listening + lis, err := net.Listen("tcp", listenAddr) + if err != nil { + msg := fmt.Sprintf("unable to listen at %s: %v", listenAddr, err) + return errors.New(msg) + } + + // Create gRPC server + server := grpc.NewServer() + protobuf.RegisterSentryFlowServer(server, exs) + + exp.listener = lis + exp.gRPCServer = server + + log.Printf("[Exporter] Exporter listening at %s", listenAddr) + return nil +} + +// StartExporterServer Function +func (exp *Handler) StartExporterServer(wg *sync.WaitGroup) error { + log.Printf("[Exporter] Starting exporter server") + var err error + err = nil + + go exp.exportRoutine(wg) + + go func() { + wg.Add(1) + // Serve is blocking function + err = exp.gRPCServer.Serve(exp.listener) + if err != nil { + wg.Done() + return + } + + wg.Done() + }() + + return err +} + +// exportRoutine Function +func (exp *Handler) exportRoutine(wg *sync.WaitGroup) { + wg.Add(1) + log.Printf("[Exporter] Starting export routine") + +routineLoop: + for { + select { + // @todo add more channels for this + case al, ok := <-exp.exporterLogs: + if !ok { + log.Printf("[Exporter] Log exporter channel closed") + break routineLoop + } + + err := exp.sendLogs(al) + if err != nil { + log.Printf("[Exporter] Log exporting failed %v:", err) + } + + case <-exp.stopChan: + break routineLoop + } + } + + defer wg.Done() + return +} + +// sendLogs Function +func (exp *Handler) sendLogs(l *protobuf.APILog) error { + exp.exporterLock.Lock() + defer exp.exporterLock.Unlock() + + // iterate and send logs + failed := 0 + total := len(exp.exporters) + for _, exporter := range exp.exporters { + curRetry := 0 + + // @todo: make max retry count per logs using config + // @todo: make max retry count per single exporter before removing the exporter using config + var err error + for curRetry < 3 { + err = exporter.stream.Send(l) + if err != nil { + log.Printf("[Exporter] Unable to send log to %s(%s) retry=%d/%d: %v", + exporter.Hostname, exporter.IPAddress, curRetry, 3, err) + curRetry++ + } else { + break + } + } + + // Count failed + if err != nil { + failed++ + } + } + + // notify failed count + if failed != 0 { + msg := fmt.Sprintf("unable to send logs properly %d/%d failed", failed, total) + return errors.New(msg) + } + + return nil +} + +// StopExporterServer Function +func (exp *Handler) StopExporterServer() { + // Gracefully stop all client connections + exp.stopChan <- struct{}{} + + // Gracefully stop gRPC Server + exp.gRPCServer.GracefulStop() + + log.Printf("[Exporter] Stopped exporter server") +} diff --git a/sentryflow/exporter/exporterServer.go b/sentryflow/exporter/exporterServer.go new file mode 100644 index 0000000..868648f --- /dev/null +++ b/sentryflow/exporter/exporterServer.go @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: Apache-2.0 + +package exporter + +import ( + "context" + metricAPI "github.com/5GSEC/sentryflow/metrics/api" + "github.com/5GSEC/sentryflow/protobuf" + "log" +) + +var exs *Server + +// init Function +func init() { + exs = NewExporterServer() +} + +// Server Structure +type Server struct { + protobuf.UnimplementedSentryFlowServer // @todo: make this fixed. +} + +// NewExporterServer Function +func NewExporterServer() *Server { + return new(Server) +} + +// GetLog Function +func (exs *Server) GetLog(info *protobuf.ClientInfo, stream protobuf.SentryFlow_GetLogServer) error { + log.Printf("[Exporter] Client %s(%s) connected", info.HostName, info.IPAddress) + + curExporter := &Inform{ + stream: stream, + Hostname: info.HostName, + IPAddress: info.IPAddress, + } + + // Append new exporter client for future use + Exp.exporterLock.Lock() + Exp.exporters = append(Exp.exporters, curExporter) + Exp.exporterLock.Unlock() + + // Keeping gRPC stream alive + // refer https://stackoverflow.com/questions/36921131/ + return <-curExporter.error +} + +// GetAPIMetrics Function +func (exs *Server) GetAPIMetrics(_ context.Context, info *protobuf.ClientInfo) (*protobuf.APIMetric, error) { + log.Printf("[Exporter] Client %s(%s) connected", info.HostName, info.IPAddress) + + // Construct protobuf return value + ret := protobuf.APIMetric{ + PerAPICounts: metricAPI.GetPerAPICount(), + } + + return &ret, nil +} diff --git a/sentryflow/go.mod b/sentryflow/go.mod new file mode 100644 index 0000000..d863eaa --- /dev/null +++ b/sentryflow/go.mod @@ -0,0 +1,75 @@ +module github.com/5GSEC/sentryflow + +go 1.21 + +toolchain go1.22.0 + +replace github.com/5GSEC/sentryflow/protobuf => ../protobuf + +require ( + github.com/5GSEC/sentryflow/protobuf v0.0.0-00010101000000-000000000000 + github.com/emicklei/go-restful/v3 v3.11.0 + github.com/spf13/viper v1.18.2 + go.opentelemetry.io/proto/otlp v1.0.0 + google.golang.org/grpc v1.61.1 + gopkg.in/yaml.v2 v2.4.0 + k8s.io/api v0.29.0 + k8s.io/apimachinery v0.29.0 + k8s.io/client-go v0.29.0 +) + +require ( + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-logr/logr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/uuid v1.4.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/magiconair/properties v1.8.7 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/sagikazarmark/locafero v0.4.0 // indirect + github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/sourcegraph/conc v0.3.0 // indirect + github.com/spf13/afero v1.11.0 // indirect + github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/subosito/gotenv v1.6.0 // indirect + go.uber.org/atomic v1.9.0 // indirect + go.uber.org/multierr v1.9.0 // indirect + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/net v0.20.0 // indirect + golang.org/x/oauth2 v0.15.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 // indirect + golang.org/x/tools v0.17.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1 // indirect + google.golang.org/protobuf v1.32.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect +) diff --git a/sentryflow/go.sum b/sentryflow/go.sum new file mode 100644 index 0000000..835e8a6 --- /dev/null +++ b/sentryflow/go.sum @@ -0,0 +1,217 @@ +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= +github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= +github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= +github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= +github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= +github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= +github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= +github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= +github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= +github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= +github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= +github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= +github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= +github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= +github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ= +github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= +github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= +go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= +go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg= +google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0= +google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= +google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1 h1:gphdwh0npgs8elJ4T6J+DQJHPVF7RsuJHCfwztUb4J4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA= +google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A= +k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA= +k8s.io/apimachinery v0.29.0 h1:+ACVktwyicPz0oc6MTMLwa2Pw3ouLAfAon1wPLtG48o= +k8s.io/apimachinery v0.29.0/go.mod h1:eVBxQ/cwiJxH58eK/jd/vAk4mrxmVlnpBH5J2GbMeis= +k8s.io/client-go v0.29.0 h1:KmlDtFcrdUzOYrBhXHgKw5ycWzc3ryPX5mQe0SkG3y8= +k8s.io/client-go v0.29.0/go.mod h1:yLkXH4HKMAywcrD82KMSmfYg2DlE8mepPR4JGSo5n38= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/sentryflow/main.go b/sentryflow/main.go new file mode 100644 index 0000000..a3b6381 --- /dev/null +++ b/sentryflow/main.go @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + cfg "github.com/5GSEC/sentryflow/config" + core "github.com/5GSEC/sentryflow/core" + _ "google.golang.org/grpc/encoding/gzip" // If not set, encoding problem occurs https://stackoverflow.com/questions/74062727 + "log" +) + +// main is the entrypoint of this program +func main() { + err := cfg.LoadConfig() + if err != nil { + log.Fatalf("[SentryFlow] Unable to load config: %v", err) + } + + core.SentryFlow() +} diff --git a/sentryflow/metrics/api/aiHandler.go b/sentryflow/metrics/api/aiHandler.go new file mode 100644 index 0000000..3e5844b --- /dev/null +++ b/sentryflow/metrics/api/aiHandler.go @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: Apache-2.0 + +package api + +// ah Local reference for AI handler server +var ah *aiHandler + +// init Function +func init() { + +} + +// aiHandler Structure +type aiHandler struct { + aiHost string + aiPort string + + // @todo: add gRPC stream here for bidirectional connection +} + +// newAIHandler Function +func newAIHandler(host string, port string) *aiHandler { + ah := &aiHandler{ + aiHost: host, + aiPort: port, + } + + return ah +} + +// initHandler Function +func (ah *aiHandler) initHandler() error { + return nil +} + +// callAI Function +func (ah *aiHandler) callAI(api string) error { + // @todo: add gRPC send request + return nil +} + +// processBatch Function +func processBatch(batch []string, update bool) error { + for _, _ = range batch { + + } + + return nil +} + +// performHealthCheck Function +func (ah *aiHandler) performHealthCheck() error { + return nil +} + +// disconnect Function +func (ah *aiHandler) disconnect() { + return +} diff --git a/sentryflow/metrics/api/apiAnalyzer.go b/sentryflow/metrics/api/apiAnalyzer.go new file mode 100644 index 0000000..0798746 --- /dev/null +++ b/sentryflow/metrics/api/apiAnalyzer.go @@ -0,0 +1,89 @@ +// SPDX-License-Identifier: Apache-2.0 + +package api + +import ( + "sync" +) + +// aa Local reference for API analyzer +var aa *Analyzer + +// init function +func init() { + aa = NewAPIAnalyzer() +} + +// Analyzer Structure +type Analyzer struct { + perAPICount map[string]uint64 + perAPICountLock sync.Mutex // @todo perhaps combine those two? + + stopChan chan struct{} + apiJob chan string +} + +// NewAPIAnalyzer Function +func NewAPIAnalyzer() *Analyzer { + ret := &Analyzer{ + perAPICount: make(map[string]uint64), + } + + return ret +} + +// StartAPIAnalyzer Function +func StartAPIAnalyzer(wg *sync.WaitGroup) { + go apiAnalyzerRoutine(wg) +} + +// StopAPIAnalyzer Function +func StopAPIAnalyzer() { + aa.stopChan <- struct{}{} +} + +// apiAnalyzerRoutine Function +func apiAnalyzerRoutine(wg *sync.WaitGroup) { + wg.Add(1) + for { + select { + case job, ok := <-aa.apiJob: + if !ok { + // @todo perhaps error message here? + continue + } + analyzeAPI(job) + + case <-aa.stopChan: + wg.Done() + break + } + } +} + +// analyzeAPI Function +func analyzeAPI(api string) { + // @todo implement this + classifyAPI(api) +} + +// GetPerAPICount Function +func GetPerAPICount() map[string]uint64 { + aa.perAPICountLock.Lock() + ret := aa.perAPICount + aa.perAPICountLock.Unlock() + + return ret +} + +// UpdatePerAPICount Function +func UpdatePerAPICount(nm map[string]uint64) { + aa.perAPICountLock.Lock() + aa.perAPICount = nm + aa.perAPICountLock.Unlock() +} + +// InsertAnalyzeJob Function +func InsertAnalyzeJob(api string) { + aa.apiJob <- api +} diff --git a/sentryflow/metrics/api/apiClassifier.go b/sentryflow/metrics/api/apiClassifier.go new file mode 100644 index 0000000..e251dc1 --- /dev/null +++ b/sentryflow/metrics/api/apiClassifier.go @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: Apache-2.0 + +package api + +type node struct { + path string + count int + child []*node +} + +type classifiedAPI struct { + destination string + method string + URIRoot *node +} + +// classifyAPI Function +func classifyAPI(api string) { +} + +// generateMetric Function +func generateMetric(cal classifiedAPI) { + +} + +// statisticOfAPIsPerDestination Function +func statisticOfAPIsPerDestination(cal classifiedAPI) { + +} + +// statisticOfAPIsPerMin Function +func statisticOfAPIsPerMin(cal classifiedAPI) { + +} + +// statisticOfErrorAPI Function +func statisticOfErrorAPI(cal classifiedAPI) { + +} + +// statisticOfAPILatency Function +func statisticOfAPILatency(cal classifiedAPI) { + +} diff --git a/sentryflow/metrics/metricHandler.go b/sentryflow/metrics/metricHandler.go new file mode 100644 index 0000000..82c5c44 --- /dev/null +++ b/sentryflow/metrics/metricHandler.go @@ -0,0 +1,44 @@ +// SPDX-License-Identifier: Apache-2.0 + +package metrics + +import ( + "github.com/5GSEC/sentryflow/metrics/api" + "github.com/5GSEC/sentryflow/protobuf" + "sync" +) + +// Mh Global reference for metric handler +var Mh *MetricHandler + +// init Function +func init() { + Mh = NewMetricHandler() +} + +// MetricHandler Structure +type MetricHandler struct { +} + +// NewMetricHandler Function +func NewMetricHandler() *MetricHandler { + mh := &MetricHandler{} + + return mh +} + +// StartMetricsAnalyzer Function +func StartMetricsAnalyzer(wg *sync.WaitGroup) { + api.StartAPIAnalyzer(wg) +} + +// StopMetricsAnalyzer Function +func StopMetricsAnalyzer() { + api.StopAPIAnalyzer() +} + +// InsertAccessLog Function +func InsertAccessLog(al *protobuf.APILog) { + // @todo: make this fixed, for now will just send path from AccessLog + api.InsertAnalyzeJob(al.Path) +} diff --git a/sentryflow/types/k8sResources.go b/sentryflow/types/k8sResources.go new file mode 100644 index 0000000..603efaa --- /dev/null +++ b/sentryflow/types/k8sResources.go @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: Apache-2.0 + +package types + +// k8sResources const +const ( + K8sResourceTypeUnknown = 0 + K8sResourceTypePod = 1 + K8sResourceTypeService = 2 +) + +// K8sNetworkedResource Structure +type K8sNetworkedResource struct { + Name string + Namespace string + Labels map[string]string + Type uint8 +} + +// K8sResourceTypeToString Function +func K8sResourceTypeToString(t uint8) string { + switch t { + case K8sResourceTypePod: + return "Pod" + case K8sResourceTypeService: + return "Service" + case K8sResourceTypeUnknown: + default: + return "Unknown" + } + + return "Unknown" +}