From 03439ca28e72f9a2ae180e85c32aaccfdcbc3a34 Mon Sep 17 00:00:00 2001 From: Ilias Rinis Date: Tue, 28 May 2024 12:14:31 +0200 Subject: [PATCH] authentication: direct external OIDC provider --- .../direct-external-oidc-provider.md | 293 ++++++++++++++++++ .../authentication/external-oidc-config.png | Bin 0 -> 83360 bytes 2 files changed, 293 insertions(+) create mode 100644 enhancements/authentication/direct-external-oidc-provider.md create mode 100644 enhancements/authentication/external-oidc-config.png diff --git a/enhancements/authentication/direct-external-oidc-provider.md b/enhancements/authentication/direct-external-oidc-provider.md new file mode 100644 index 0000000000..c7b42f6cc2 --- /dev/null +++ b/enhancements/authentication/direct-external-oidc-provider.md @@ -0,0 +1,293 @@ +--- +title: direct-external-oidc-provider +authors: + - "@liouk" +reviewers: + - "@deads2k" + - "@ibihim" +approvers: + - "@deads2k" +api-approvers: + - "@deads2k" +creation-date: 2024-05-28 +last-updated: 2024-08-13 +tracking-link: + - https://issues.redhat.com/browse/OCPSTRAT-306 +see-also: + - "/enhancements/authentication/direct-oidc-study/study-oidc-in-openshift.md" +replaces: + - "" +superseded-by: + - "" +--- + +# Direct External OIDC Provider + +## Summary + +OpenShift has its own built-in OAuth server which can be used to obtain OAuth access tokens for authentication to the API. The server can be configured with an external identity provider (including support for OIDC), however it is still the built-in server that issues tokens. This enhancement proposal suggests a mechanism to enable configuration and direct usage of an external OIDC provider to issue tokens for authentication, instead of using the built-in OAuth server. + +## Motivation + +While external OIDC provider integration is supported by the built-in OAuth server, it is limited to the capabilities of the OAuth server itself. Customers want to be able to directly integrate their Identity Providers to the OpenShift cluster in order to facilitate machine-to-machine workflows (e.g. CLI) and capabilities of OIDC providers (similar to upstream Kubernetes), and to achieve seamless authentication in hybrid environments (e.g. k8s and non-k8s clusters) using a single Identity Provider. + +### User Stories + +- As a customer, I want to integrate my OIDC Identity Provider directly with OpenShift's APIServer so that I can fully use its capabilities in machine-to-machine workflows. +- As a customer in a hybrid cloud environment, I want to seamlessly use my OIDC Identity Provider across all of my fleet. + +### Goals + +1. Provide a direct authentication workflow such that OpenShift can consume bearer tokens issued by a single external OIDC identity provider. +2. Replace the built-in OAuth stack by deactivating/removing its components as necessary. + +### Non-Goals + +1. Keep the built-in OAuth stack working in parallel with an external OIDC provider. +2. Use more than one external OIDC provider at the same time. + +## Proposal + +This proposal introduces changes to the cluster-authentication-operator which manages the OAuth stack and to components that send requests to the existing built-in OAuth server. The built-in OAuth server will still be available as the default option; the user will be able to configure their provider as a Day-2 configuration. + +Currently, any component that needs to obtain tokens or authenticate users does so using the built-in OAuth server. In order to integrate and use an external OIDC Identity Provider directly, any component must replace its configuration to call the external OIDC provider instead of the built-in server. The core components that send requests to the OAuth server are: + +- OpenShift Console calls the OAuth server for user login to the console, and to obtain and display API access tokens +- `oc` calls the OAuth server for user login to the API, and to obtain API access tokens +- kube-apiserver calls the oauth-apiserver via an authentication webhook for token validation + +OCP provides means of dynamic OAuth2 client registration, which means that other components using the OAuth2 server might also exist; however these cases are not within the scope of this proposal. + +Note that the kube-apiserver already supports direct external OIDC providers; this proposal describes the mechanisms that need to be implemented in order to enable the configuration of an external OIDC provider for the kube-apiserver in an OCP cluster. + +To enable configuration changes for each of the core components, the Authentication CRD has been extended with a new API that allows the specification of the details of the external OIDC provider to use. For `oc` in particular, this specification must be carried out via relevant command-line options. + +Additionally, when an external OIDC provider is configured, any components and resources that are related to the built-in OAuth server must be removed (and recreated when the built-in OAuth server is configured anew). These components and resources are managed by the cluster-kube-apiserver-operator and the cluster-authentication-operator. + +### Workflow Description + +To use an external OIDC provider in core components, the user must update the Authentication CR and specify the provider's details in the respective fields. To use the provider with the `oc` CLI tool, the user must use the command-line flags of the tool in order to specify the provider's details. + +#### External OIDC provider configuration + +Apart from the provider URL, which is always required, the configuration details of an external OIDC provider might also include, depending on the workflow: + +- the ID of the corresponding OIDC client at the provider's side +- the client secret +- the provider's certificate authority bundle +- any relevant extra scopes + +#### Authentication Resource + +The cluster's Authentication CR (`authentication.config/cluster`) must be modified and updated with the configuration of the external OIDC provider in the `OIDCProviders` field. + +Once the CR gets updated, the changes will be picked up automatically by the cluster-kube-apiserver-operator, the cluster-authentication-operator and the console-operator; the operators will then update their operands accordingly and will remove all relevant components/resources. + +For more information on the Authentication CR API, see [API Extensions](#api-extensions). + +#### `oc` CLI tool + +`oc` supports the specification of the details of an external OIDC provider to be used via an exec plugin (currently, only `oc-oidc` is supported). See `oc login --help` for more details on how to specify these details. + +Note that the necessary changes have already been implemented in `oc`; see [oc#1640](https://github.com/openshift/oc/pull/1640). + +### API Extensions + +To facilitate the specification of the external OIDC provider configuration, the Authentication CRD is extended with a new field `OIDCProviders`, in its spec: + +```go +type AuthenticationSpec struct { + ... + + // OIDCProviders are OIDC identity providers that can issue tokens + // for this cluster + // Can only be set if "Type" is set to "OIDC". + // + // At most one provider can be configured. + // + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=1 + // +openshift:enable:FeatureGate=ExternalOIDC + OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"` +} +``` + +For more details on the `OIDCProvider` type and its fields, see [here](https://github.com/openshift/api/blob/fa2f9ad8645efed0a83c24de025fd7fe791cc558/config/v1/types_authentication.go#L197). + +### Topology Considerations + +#### Hypershift / Hosted Control Planes + +This enhancement proposal is not relevant to Hypershift; this has been implemented independently for Hypershift (see [OCPSTRAT-933](https://issues.redhat.com/browse/OCPSTRAT-933)) + +#### Standalone Clusters + +This enhancement proposal applies to standalone OCP. + +#### Single-node Deployments or MicroShift + +**SNO:** Configuring an external OIDC provider in a Single-Node deployment of OpenShift will result in reduced resource consumption overall, due to the fact that once an external provider is configured successfully, the system will remove components and resources that are unused (e.g. the oauth-server and oauth-apiserver pods won't exist). + +**MicroShift:** This proposal is not relevant to MicroShift, as it does not run with multiple users. + +### Implementation Details/Notes/Constraints + +#### Configuring the kube-apiserver + +The kube-apiserver already supports using a direct external OIDC provider; it can be configured to use external OIDC using a [_structured authentication config file_](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration) or a set of specific command-line arguments (`--oidc-*` flags; see [here](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration) for more details). This enhancement uses the structured authentication configuration file approach, as this has several advantages, notably API validation and dynamic authenticator reload when file changes are detected (however the latter is currently not possible; more details below). + +The following diagram summarizes what happens in the cluster when a new OIDC provider is configured in the Authentication Resource. + +![Authentication Configuration Workflow](./external-oidc-config.png) + +Configuration starts when an admin modifies the Authentication Resource (auth CR) and specifies the OIDC provider's configuration via the respective API. As shown in the diagram above, the following steps take place: + +1. The External OIDC Controller inside the cluster-authentication-operator (CAO) tracks the auth CR and receives an event when it is modified +2. The controller generates a structured authentication configuration (`apiserver.config.k8s.io/AuthenticationConfiguration`) object based on the contents of the auth CR, validates the configuration and serializes it into JSON, storing it within a ConfigMap (`auth-config`) inside the `openshift-config-managed` namespace +3. The OIDC config observer inside the kube-apiserver-operator (KAS-o) detects an OIDC configuration in the auth CR +4. The config observer syncs the `auth-config` ConfigMap from `openshift-config-managed` into `openshift-kube-apiserver`, and sets up the `--authentication-config` CLI arg of the kube-apiserver (KAS) to point to a static file on each KAS node; this config change triggers a rollout +5. The revision controller of the KAS-o syncs the `auth-config` ConfigMap from within `openshift-kube-apiserver` into a static file on each KAS node; since this is a revisioned ConfigMap, any change will also trigger a rollout + +During step 4, the respective config observers for the `WebhookTokenAuthenticator` and `AuthMetadata` must also detect the OIDC configuration and remove their respective CLI args and resources (more details in the next section). Since all config observers run in the same loop of the config observation controller, the resulting configuration will include the results of all three controllers. Once the next rollout is completed, the KAS pods will use the structured authentication configuration via the static file generated with the process described above. + +After a successful rollout and hence configuration of OIDC for the KAS pods, the CAO must proceed and clean up any controllers and resources that are related to the OAuth stack, effectively disabling it (see next sections for more details). + +#### Dynamic authenticator reload + +When making changes to the OIDC configuration, there's various pros and cons in using dynamic file reload instead of performing a full kube-apiserver rollout. Dynamic authenticator reload has immediate effect, while performing a full rollout typically takes a while to complete; this is particularly evident when an admin makes several changes to the config, trying to get it right. However simply reloading the authenticator dynamically is a dangerous practice, as it might bring down authentication on all KAS pods should something go wrong, unless there are proper validation and health checks in place; doing a rollout is a more controller process, as the rollout stops and rolls back in case something goes wrong with the revision that triggers the rollout. + +As mentioned above, kube-apiserver readily supports dynamic authenticator reload when using the structured authentication configuration file. However, this is currently not possible in OpenShift; at the time of writing this enhancement, there is no way to create static files from revisioned ConfigMaps without triggering a rollout at the same time. Having revisioned ConfigMaps is valuable as they can be used as a reference for each revision and provide a means for rollback. Once a mechanism to have revisioned ConfigMaps without triggering a rollout gets implemented, we should consider replacing the current OIDC config rollout. + +#### cluster-kube-apiserver-operator + +The cluster-kube-apiserver-operator (KAS-o) relies on the authentication configuration in the following cases: + +- the `WebhookTokenAuthenticator` config observer observes the `webhookTokenAuthenticator` field of the Authentication CR and if `kubeConfig` secret reference is set it uses the contents of this secret as a webhook token authenticator for the API server; it also takes care of synchronizing this secret to the `openshift-kube-apiserver` namespace +- the `AuthMetadata` config observer sets the `OauthMetadataFile` field of the CR with the path for a ConfigMap referenced by the authentication config + +The operator must watch the Authentication CR for changes, and when it detects an external OIDC provider configuration, the `WebhookTokenAuthenticator` and `AuthMetadata` observers must be adapted so that they remove the associated resources and KAS CLI flags from the observed configuration. + +In case the authentication configuration gets changed back to the built-in OAuth server, the operator must revert these changes and bring the kube-apiserver and relevant resources back to the original state of affairs. + +#### cluster-authentication-operator + +When configuring OIDC, the operator will validate the input configuration in the authentication CR before generating the structured authentication configuration and serializing it into a ConfigMap. The operator must perform as many validations as possible on the configuration, in order to prevent configuration errors from manifesting after rolling out KAS pods; it should try to catch as many errors, as early as possible in the process. + +When the built-in OAuth server is used for authentication (the default and original cluster state), the cluster-authentication-operator (CAO) manages all controllers and resources related to it; notably, it manages the deployments of the oauth-server and oauth-apiserver, and manages resources such as the respective namespaces, service accounts, role bindings, services, OAuth clients, etc. Moreover, it monitors the status of its operands, making sure that the routes/services are healthy and reachable, and updates its operator status accordingly. + +##### OAuth stack deactivation + +In case an external OIDC provider is configured for authentication, then these controllers and resources are neither useful nor relevant. The operator must watch the OIDC configuration status, and once it becomes available it must deactivate the OAuth stack. + +_What signals that the OIDC configuration is available, and when should deactivation start?_ +At the time of writing this enhancement, there is no suitable API that the cluster-kube-apiserver-operator can use to signal that the OIDC configuration is available. The Authentication CR contains an OIDC Clients Status field, however this is specific to clients in the context of the OIDC protocol. Additionally, that field uses the Available/Progressing/Degraded pattern which is not suitable for determining whether the operator needs to deactivate or reactivate the OAuth stack. + +The current proposed solution for this is for the authentication operator to inspect the following: + +1. Check all current revisions of the kube-apiserver pods +2. For each observed revision, check whether it includes a revisioned structured auth-config ConfigMap +3. If there is, and the respective revision KAS argument is enabled, then OIDC is available on the KAS pods +4. If any pod is on a revision that does not include an OIDC auth-config, then the OIDC rollout has not been completed in full yet, or that a rollout that switches auth from OIDC back to OAuth is in progress + +The above information is available in the `kubeapiservers/cluster` resource. + +This process determines whether OIDC is available on the KAS pods or not; when it is detected to be available, then the authentication operator can proceed with deactivation. + +_How does deactivation happen?_ +To deactivate the OAuth stack, each controller of the authentication operator must gracefully remove its operands from the respective namespaces. The two OAuth namespaces (`openshift-authentication`, `openshift-oauth-apiserver`) must not be deleted to avoid breaking watches from other components. + +#### console-operator + +The console-operator watches the Authentication CR for changes, and when it detects an external OIDC provider configuration, it makes the following changes to configure Console and replace the internal built-in OAuth server: + +- if specified, it copies the provider's CA file to the Console's namespace as a ConfigMap, and updates the Console deployment to track it for changes +- if specified, it copies the provider's client secret to the Console's namespace as a Secret +- it stops OAuth Clients informers, where used in its controllers +- it updates the `AuthenticationStatus` field of the Authentication CR with the operator's status with respect to applying the OIDC provider configuration + +These changes have already been implemented, and the initial PR for them can be found [here](https://github.com/openshift/console-operator/pull/839). + +#### `oc` plugin considerations + +In order to use `oc` with an external OIDC provider, the tool has been [extended](https://github.com/openshift/oc/pull/1640) with the necessary functionality, including command-line arguments that enable the required configuration. In particular, [`oauth2cli`](https://github.com/int128/oauth2cli) has been vendored into the `oc` codebase. One important consideration here is that depending on the OIDC provider, further functionality might be required, in which case `oc` will have to be extended to support that too. + +#### Authentication disruptions + +In case something goes wrong with the external provider, authentication might stop working. In such cases, cluster admins will still be able to access the cluster using a `kubeconfig` file with client certificates for an admin user. It is the responsibility of the cluster admins to make sure that such users exist; deleting all admin users might result in losing access to the cluster should any issues with the external provider arise. + +### Risks and Mitigations + +Enabling an external OIDC provider to an OCP cluster will result in the oauth-apiserver being removed from the system; this inherently means that the two API Services it is serving (`v1.oauth.openshift.io`, `v1.user.openshift.io`) will be gone from the cluster, and therefore any related data will be lost. It is the user's responsibility to create backups of any required data. + +Additionally, configuring an external OIDC identity provider for authentication by definition means that any security updates or patches must be managed independently from the cluster itself, i.e. cluster updates will not resolve security issues relevant to the provider itself; the provider will have to be updated separately. Additionally, new functionality or features on the provider's side might need integration work in OpenShift (depending on their nature). + +### Drawbacks + +As mentioned above, configuring an external OIDC provider will effectively deactivate the built-in OAuth2 stack and remove all related API Services, resources and data. While switching back from an external OIDC provider to the built-in server is possible, it does not ensure that all existing data before the first switch to an OIDC provider will still exist, after reverting back to the built-in server. + +## Open Questions + +## Test Plan + +In order to make development of this feature easier, an initial e2e test must be provided that sets up an OIDC provider in a cluster "manually" (i.e. without the help of operators) in order to test a minimum required set of authentication related functionality. + +Overall, for this feature there must be e2e tests that cover the following: + +- configuring an external OIDC provider on a cluster that uses the built-in OAuth stack (good/bad configurations should be tested) + - authenticate users with bearer tokens issued by the OIDC provider + - ensure tokens issued by the built-in oauth stack do not work + - ensure user mapping capabilities work as expected +- on a cluster that uses an external OIDC provider, test reverting configuration back to the built-in OAuth stack (good/bad configurations should be tested) +- on a cluster that uses an external OIDC provider, test monitoring and cluster-authentication-operator status when the provider becomes unavailable +- version skew between participating components; e.g. the cluster-authentication-operator has picked up the new configuration but the kube-apiserver-operator hasn't yet +- cluster still accessible if OIDC provider becomes unavailable using a `kubeconfig` (break-glass scenario) + +Finally, in order to make sure that others can test their components in an external OIDC environment, a cluster with an external OIDC configuration must be created and made available to the CI. + +## Graduation Criteria + +### Dev Preview -> Tech Preview + +- build a baseline e2e test (within the TechPreviewNoUpgrade/ExternalOIDC feature gate) that sets up an external OIDC provider, issues a token with it and uses that token to authenticate via the kube-apiserver +- unit test coverage +- complete work on all related components to the implementation (kube-apiserver-operator, cluster-authentication-operator) within the TechPreviewNoUpgrade/ExternalOIDC feature gate +- some minimal documentation to be used as guidance should exist +- make clusters configured with an external OIDC available in the CI for others to run their tests on + +### Tech Preview -> GA + +- write a complete set of e2e tests that covers all aspects of the implementation (as described in the Test Plan) +- complete documentation + +### Removing a deprecated feature + +n/a + +## Upgrade / Downgrade Strategy + +This proposal introduces non-breaking API changes to the authentication configuration; additionally this is an opt-in feature, and the default is the original state (i.e. using the built-in OAuth server for authentication). Therefore, upgrading to a cluster version that has this feature (from one that doesn't) should not have any effect on authentication. + +## Version Skew Strategy + +For this feature to work, all participating components must be on a version that includes the feature; version skew is not viable among versions that include and do not include the feature. The cluster-authentication-operator must monitor the progress and validity of the configuration of the external OIDC provider and reflect it to its status. + +## Operational Aspects of API Extensions + +n/a + +## Support Procedures + +### Logging and errors + +The OIDC configuration is consumed by the kube-apiserver (KAS) pods, but produced by the cluster-authentication-operator (CAO). The CAO is responsible for performing as many validations on the configuration as possible, before generating the final OIDC configuration that will be consumed by the KAS; this means that in case of a bad configuration, the CAO will move its status to Degraded and log any errors encountered. It is noteworthy that the CAO performs a full validation on the OIDC provider's CA bundle (if one is provided), by hitting the discovery endpoint of the provider (`/.well-known/openid-configuration`) using the provided CA bundle, so that any CA errors are also caught early in the process. + +Nevertheless, in case of OIDC problems that are not logged on the CAO side, one should consult the KAS logs and rollout progress as well. Additionally, the KAS-operator logs will also reveal any problems with syncing the ConfigMap and creating a revisioned one, creating a static file and enabling the OIDC KAS CLI argument. + +## Alternatives + +n/a + +## Infrastructure Needed [optional] + +n/a diff --git a/enhancements/authentication/external-oidc-config.png b/enhancements/authentication/external-oidc-config.png new file mode 100644 index 0000000000000000000000000000000000000000..cd5d057c23d4e2b4670c71be811f4e4b8c21b551 GIT binary patch literal 83360 zcmeEu1zeTswm#riHlo4?DV1YprKJ>sjm5=eo4y;e*ExVqsw&zI;ji z1{T)7A}lN%Joo{y#nVIB1Pe>zij{<-m5H6Mfw2x2J(t+d-{?8n_0g7A^jzZfoSY~# zGgfT_l%563#FEui#|mr$zoYbYOm}yqY(crL)+k5R? z&PK<=(g1C`b4Q$KS$Ux=LHA*)g)-LJ*$fVbwrHX)v~?_YHf`_3B|*=A0sH`cxWslJ z1$;3@nd}~U9Xt)o?%@X7JBRWb$jfn})GzUgOPSay>Dh7Em|ll2u=i}3bDG#mTAp~lD8aQB{W%ocmYXfZ^%iV)_ zjwGomak(6+zaO&4vv`*^$in1Lt%#o3_^H-B1FXsd#O zww3A9H13#hts=cdtj!$)&sf-_Fk_D9pKb_qWtX zX`^j-PQShB=XJ)cwgnmuF1N?1J3s9G6LMrR9b?ECm}TC*4sfgg`mx^^%i_D!|Bp_m zC1K5LsBNueZzE%3#cL_8WopZEZucTKC}Znglk6;&rIkI#!?)K{2U=0!$)dLU239&Z z%}`p6JziVia!w2#$sq=G!zP^Xj8Bg2ua8p%}_rc19MRw3oD&nuif7C zkCzu?3E=lSXcHYP3wve;Abdf13f5-Y5^RBa-^s+w5RBItj6HQ547eI#hmoQ?y**A2xu&=EYL>Z za{@?KwI*#8h}W%WHs5wvz@2? z1!Dc9xc%#3?CdWCnC6OfoMk7nmQ~fGXqN<3t;4*91DX} zz)pXFXy0x6uY#|0n1J5}3e39ifiKSAg0Hg}dh+jMAikdr^p~0C2VH>df-&cww4-N? zvV?Lk6pDW`(lGw?*F_p9FDuV4gN@_2%*oEp%DKDS-h{;Y?`KgC%o_b*5%iqg#(=Ym zY8%*qZ1;oFahqF1Tvk*UZED40xy}BeN`-^N46rF+63p-5Z+g&vd-4FQp(Ut?cFzk^ z(Dtc!_WC)Je*)`0N#oZTtZR(6)zU{AhPf3$^_K3WfLiZYh?u~qa(cti2~ zW1p*NC_``aN<$qhEBoE568H`p?6=4A|25NDqOC2qOAT%9620h~LZqTj#W1fZKX1}O8EOd-fRt7eE&jO^0f17dwvm$$#oY>XNAi%*2?UK?x z7RLmlrIik_pQxFRg#oCowxtYc)Ab+Ue=`vG7*^N7P6s0<{7y>#Ef)3H$LKlUU&rWg zVLRX7f=O}g#^@en?t$Z-SlVOFJ?6kL=>P9%IVKVQb)e7tOQwK9@;$uo??KCXcKqen zz67|r1B&SWgSyWzc?rN0;OdyMwmS_6i` z|N8(s$F6$2$8H!3wugVoTownS06QpS0q-(4hDxg)`u9gPZMPc!1ID!nSu`PeLr43n zCPwtzvECon%NY0j>#WSh!}_bx-2J-8%9!B&_vT_hoA{Rn8OwiSkaA*Rb2msaF}ufl z9KV&OzbkbAMlp(^F~3uO?bJvXIyMH|9i`ujQ%xvhw+pU+yU4|O=U*4Om>jxmc?{_8 zvHag7ZlMB!6Tt4D#bzMpgT2w381-uhqW^z3JqJeg{QKE{muc={Oh0(gf3rH)u`{qz zgv2pcE{I7%UzN7M^6~KPeiw&&UeM{GAH|^n+WrF4zCCp0_F>SMo#TLf1@?r#|2S^@ z+xG*(S@u+UzbDJ>lEXhL$2oSB{2!O&yO{EyUyh&s2_ZOG0R~9eK=RhFDL1qn+Z7wI z+8)aFQws%C-C_D8CI;HtP{UT#LI)^%D9!EWE#wzwXaiHLZEfP5DE&Ecu;ur=FBka4 z&Ps@aU3PBk4+$OT@0D8H=?xkU*u4>OzHOZRZ-_0BvxCD~*ntpxZnsDErv;clbG;uD z&vj_2fMqbO0GQEMca+J|Ft$A*FOW3FwpWHXZ|F#{DvFtZ2Ci0?@z-B zCjb7&!wA>UFv11Fh?qVYX4+lVA2S<&D;UA}EQD#lm`ew3ZIk@cSbT>BsPvjJ1{Vk1>_sMUkKU z<{`WiYm~Q1BL;Pi&^p}Jbv`=>_=s)J8Aak>` zb3^;?A*CE=F&lo5l|noJg|u{+ZT>MW-K7}+@%e-kQ`7&5a84+n+_X2|5D2DrWCH-$ofl>>35jvpQ(Aj*UH~Z?0*bszng~skj!E@ z>K}p+rgQrr4?bsqrWa>fq4>FA@f$7bzZaR^b@P7#@IW;&7w_&;{*#esw+!dl#W_ek z0s*mGY+~ro-?CudUB7E8>CFgW`!sjN9UF|6xf14g?B-o+yD3dm0Q{H@VwmzDo>(1?|t^LyR3BjNFF zzaaMy+XH`XA@--a5N7b{KOUzr8p56q;$BdKSkWGD_|W8c_RX9k~1L-wV{X-`D<~e?nsSUG6>qn8)5e z=Jv0ce?DaAhus6V^YQi;gWwK1EG!zV%iyu0#BT=s@s^o7%6F9{`%a!Lh92L_*(efY)Y!}!MZTBNCM`)IdQ zeTQCD-yC05qmtv{zV!OuwaiF8!EyD4@wUFk=NI* z1IyM*gG+R$%z_k5T;$iE+NOM>qOe0q8k}E!f*5HKCst0%<4XK=i~tTe1pin2gRe?r zB1m4Nd$%b`esw?Ch(LJjiC^C(Hlp$vIFk}r^H?n0+x1r;@#K+TZ-RS^v=Row>%(5i zOa6RUbnfSHe}2Byd#>VUt%uUjpZWCzB54o_d_O%lGVmOX&OJ>xwng@*WySW?e+j?|_cIDG7AJ8l6Z$zw(>Y}iLL;X4B5y>;hY4R3is>*C>F z7-8FM(3|fs?6^4bweyt=8E&1|R#u;AhFQO=-r_{Zi!3(!PPk9Mc-7bQh)Q;x6gJlV z=Xzu!4~^SAuUjaokckvI{;K##xY2mRHW%KxbUbEJzM-f!bL%n;w?U5nzQ`%OWrUvd zoJXqVX~SS@A?LZ5vDtAKA-Bh&bxm(eTR$Kldk`R4S-M0^|Ro)qbW{%!NuKOsm(_iW#}~M z+VO<%tPfvKc2H%2mdJn>#3uK*I7OH^4IT*WM_9Kc?u(G`-c<_vt>L5XyNb(?lZ5Wd z9Z9%&c8RQ;7`y&($Fp1#u~@t_RuYAKF@? z4h`2x+Y(KUf|4gOK-fbFu#n_COGnW(KzFv8fLhr8;m5NiV6|v)F4IHL_7dk{)(nBr za$y*^iJ{BZMyAtz9Zy$qz{fL$>}TjXi2rpKX>DSW^?|A?`J=HB7sy7>+ZscmYGEJ-0>wKIL^HXtLDnB1a-pp1~t z?UbUk`*6_x)O$xL4e#O-a3|!h(0iPcAMCO1>ydw_W)gDdR;rB93LVe*J_3P$anr=x z=?9Ic_LHe-&`Uk`lY(t64?U27A-dmjZ8CGRUF*TM{r64AyeA!RAA5dc~-+wQp>U+0pf?z~bqQu}mBJ}>`$1(jnK$w+i}8n;R3uzb;I-Lp}u&Eq_#?}ay) zOI}}lrfb`6?zJ%8*C)+Cd6r2zBf)87q0MHg$5t6U*E$cYjP$k_W?|=ChrFs$oaVU1 z%=CvXQ(rQ+48f)DrZ~B`52ZG}sGXC+*4~Zdj}=rN*mmfIc2B324kpzs2|T+b@JwiP zSu0*OHv{$gGoKezTIlBbyv&kdQk}q>O*;x#3?{tXe|PbdBy|TkkA4V~LPq{lFaJ_l zgV0)Sbtv03bMehL(&u24!&Q$|Df^t)5+m#eeaeeDky*|gtL5Y)*COFmf)4NV=j-{W z#`hiJE%Z_8v@AtP@&?tWg^hk0@S--2gukYK|43$Gti{r|T=m#Mf%Ap~|3q?0g18Tn zXZ`K!GL~l!1ER$^0ngvvPLE6Tn10_RJ>|$&wiw}}oTBLotWwS4^(eGpZHm7F=RhyH z{gC9dP&W0cEcVEk=dH(hmu4hV>!NFoqLG!Skb>SF3azB2BzbSa=IAwrkn6soHiZ=|$+= ze0?>=v?m8xPgVEuac--&NQbev8K{y2%E=mTg5N%h*(|gu ziN&jP?J0Iv!pc8;^wvWI2Fcp~szgjJB_F-)*HygR!ZP{=RMz8tA`J>ugl>Nxl z4B!s!>Mk3fN%2PNBb56$hjr`1vgZt&V+SIem@;3AfX7eYS#sY0k2quY$E;S#y+gvsD?LZ6p1Jz36tPsR_GLcUB4$Pb-UHr2XT! z_AzF{fY3E}ys_~W35TtFa|zoYjDL*Vj?b3YFJEA;H}WD4phPwqp8S*1hNx+ID|^MX z^LGGZ<>Io$*9qtoCJWRe-Ys=oK5%58HPcZiUeRny)v4*O=K4IFygVws3)rtJ(GcpC?voLCaF3kO&!W@%s-5!KDFlr|iL)AfQ`)>iRGbcZ zXx2Y=c*RHJ=xmwg!_u@M59@D1l2jZXG&ug;b`9c@o{AEux3Y!;((0b^@cYJw!oxg2 zHxd`UCo^A~NNYHs;zvIG)NlVYhjv>5qt=8(arOrOQeMsDpAHgq4hiO_z;EKJuzpyd zyE85+(CFM*Em~sTrm7dgZ)@{dsh4`@%UEZ6e2U9c&Vto3COyi4Nq%`#ahB;5D*XB% zX&iwk_7v|!h87^@&5!GSa-EHdQgo~dK0Um}O5|A} z*K`-}_azxd4MZ%SETo`)@;S3Iu=DA&oX+Te3M3*tXC*pJoF;MCcH^ZWGfc`qv=5w( zF7(AFz+IgB_T^K_BsFrD{j;0jM@k;k@U`J|*wWXg3c*-2-||~wEhFvXstI$0n{wCh zlN1F@@+)>opIsRkVw3^t==^qybsHuw?DRQDDqC&o=Wz}(d*Ac1Uejol%T&f(AfY*2 zHPRrfY3_nb5TO*DRR*TzLwA^*y->*=ERvL#5djXFTWvI3!=>(MM3F$QfP!j)mRpCV za)2bPNysB3)Q)@pkOYi&kFEcpqFR3EZ)DgXK$PWj_pkbqPm12%vR=yKng7`D_TW~i7e#!rK%kiqas^S;8>zvZIq`Kt zJ|=%v$#b;m_7g`g}Sn^k;+z(@T@ORh57smsuEBCW@dLCblG(d|^0@aku;&m?I2 zQU>??rCY=#6hWa1;wLr0!#FY~S1!%fu<O382zk8?e~RC+oo8(xx! zoCGkws=&k=gEIiD$Oh zkpmL+2{|osw=9b{Up|ty=)Ik6(pRv-jU-1o)pAs1ZG2)6m|W{jH}WTFLlx<+>()LQ z5NF=17Zo?ImVwO+;!k}GDYMSFF?+;qfn4S+DXr#BwIDS)^_WGcqf@x4Fi8{nIAP>< zENtPyTA9dVta-wTuFQ8`_+?@TmRJ@CG}FsMD$|O~Y27<;%kCSg@#wk-To+;^OevBu zqn~%bY4=z|p1FgmG%~t9Z&sQV%HBSiYM;qKx#wm@?Ct)!f=w(T3eG9c=JqPNbuO>y zppT+2iR?tE4#9Y35N%KIr@I6~?RbnCxG7(%sT8K+$nF<{Qf3M8i)V*k`_`}(ANFOR zsw+bj!BRB|*wzf6@t~*1`~_v&wFa`qnixI!SIqf!*(L!_d=-c#j9@;H+`ui2s4dVV zeQiE{al%p%e{iPo^AnrlrHL~BLkcD^o>qD0FOiPsYC-lx{ygWUxNyi`9Ak1%nGst3 z5>roq%$M^qDnp8cG%I4rqK+SiKiDiA2ro}<$i*QwD|h#J#)H3dr~kt7_BQ`#*4)bO z8=H@d!)1`XwJ|XnJ|eEW(QHUWph$HkVUxZC9Bs$;5(El z^qCl1*JQ#<2E-vtl@|y#MSb%(I`7T^SDg274e(};yx`r{Wtv;Jzot0k@wiy)@D}snlb1^{7eM3H ziqEj1shJ%^5pJ-Dno-PpE66Kav{Fq3Fjj1a%iao|-T98TZ5NpvzlAyzZG`D@KQ=5F z>IhIQEeo?D(!1-NY$md%bjW3Sz^jLw!CiYmXd>IIqF!(AhH!%c=?TTsi+N3?bF`dF z8vReNQGWA1|0T1{mbqZY16MX2Ri3*)sRpi4?kSj;l}Fp934KM z|A|*AC%H#%pi^BBr=eG*AyjX3$WIH)IF)Q zQ&I`9=K{6UpSD=ZqwJFhHcQ2xh8R#K<-wALeL}r`S#v4{y*rK%X9v#C43*Jxr|@`% zV#_T@={7A&YnEYy_QOQuHxBtmDTGIqQ1>nuhATwdT@b* zx$+^o+{&4X40A8iM`j4`;te41s90V}M7X^~Y~#}9+xxhlYe3;r<(d@d1F?4+oE1V1 zb22tMW)DT)6z?~eMOex;see! zQfA8|A-CypE}z_HjE{oLbuPWwKICN2EiOnpq6rl_$}D_L8oJC3qz$loi#*v&*i-Mu>#6?F)F9Lt4!7jnbA`x`iH=^{x^ zu!$A3a4vSda3Q0v^ZK&IsyU7Q)FC$*P@SNgxe_$eIL@%7C;@Z%+*>wCfq)ZyjS&%* zN?zex750uN9*MuK16;Lzd3MO; zdBC;tu!V8jWFp1Q1vkDm)!$~fol>#Yody;BM9z3p+Bu`vcCH42q5DqbiJ23AT=mI7 ze#qHU&oX;)&ba*}o^GRz@P@YkaUL7JgEHZ~pEi_h9zkWt-uuI`8AF_DL0{TL~d?*j{8It}Xg;6ZsEWT4Pa(dx5^6^|aRkC=>$PpW3Y zkfy=zl_Xp}Z&)92UkF>v;Owh1Mn>DNjL}xMhp6 zb0n{An?GEil;wjwGVlzJtoMOuXXHVRA1zIDaA}`Ue{92z1sT|8)J|EC6fu|SwI7X$ zsF^dbpv=65z&&B+s_HnIUSF1dN{XFK^J@=a_r`$ANW=QfN)Bfjw#12tku05qoQl}C zEN72qCn`#FF!Cf((aEP*4e!C}p6y;?vO5`dmpBQXH+v7Fjmji$^h=<&ww2cuMlMIW zY^FrmbXGB33)5cT7+h_b zL|d@Sk?t2=?+vs}x-#nOW@^|zD3;wP8M5%Ycq!`6Tvh#k2T+{L$6P#2mSP3`riLX{ zusC-r$0+(5%glKwfbsHBXSS==hgYHKzkKoKpac*ecjBq_s)F^|t{vHgt~#htk&@rW zs;q*-NAug8 z#3pg#X8pr*&w(?%hB7N-Q-#PRa0hq*D9g>5Z#{&2gt=0?jWf!apRYn(21VGr$=vCJ zd%kB|yV_|Vwv!3iOeltqHcGKsJ9=i1Jd|QJcXV@EpOs{Ec$YPJzgyQ#yfGP7GT}+4 zW+wlci2e$>TZ$TB^@C^6^%-sJ3^Vtjpa2fY2^^4apZqLX)zkDqD7w)dcNNwsxua7! z30`uk+Xjuz$k^@WCj@#%mT-BS)@M>|#3^qPKs*3Q_k9QHRG30R&$i%WtQ%Y4i&2BM zx!q3L-2>Xz;t9ENi9()j7^CVVxyT*^X;0#W{yB8p#R%l8^pN_j{k-KG!W(A??@lFO zdQY%@ANm_P(%bMX0U7A4<{JkI8beq#D52`t3n&t8O=a`IkR}3WjmFxa}n_%Y+Me z5A4qfnZE4#8P7@bQM<^lAn8+g+2~Wed}8V=snDE;`y@<_ous!|ah&01toA^3=+S$Z zzc^>$BaXK{TH>x_gGmO&pI|y+FWr zKzCzxLH>iY(|AvACZ+vwkPqqGaY(?UVFK`__c=Mf2`rN*LPQ^`u(|DKG>kq)OLU?V zRk9n$S`&>n)|N7*ShMLSC#y;i7z2VkbdKa~~p)^A)|zSo+2nQY&xLQH=UE{F8e%Dk3%EyNu_yjyLR!5ATQCqLuF>cmP^yfT zjhX0moKENIyVC^Xo=p2w5No_qThbzcns&f}X?tX>S#$AJ0BQp9GPeUrbrC%@2fyZv zC%?W2yf7G~SxJMlEo6vG#BOE2Wc>JM5Y*p0ZhGk^)BU6j5B6;83ZJBRg{_2wp!-5u4#F5{7pNr~=^3fPE^xk&bBWKIYPbZci?f<{f|m z9358?Iq}LJFZlG$@`8;;<^4sCbX5m&U^Sh3QBEpn?diAqjGH^e9&CUiwOQOiWnHi2 z%9j7_hE|_G1APEm6fO)U;>Ne{S+MJ|%UQmyO@ENVi)2yGXoqTD7(l}5$z17xLQPgG zi^`J)@9;Q>AWcztedg}QTHn@@RK<`G1{@%bT6AGq1!xk^#s|jlv})xD)}1RI|FY526AmqvK$`j+*KT!cJrGQgi4rQ1 zV4u`HIRrfLJ(-%_$y;^Zaa7%9AAs`V^BVbun7@Cq3!TXrX@_JP8qT~CU_(pZ9ipK2 zb?IS36(izAG$aJZrpn?=8#e$*eOqb|BsE zD3C7$u#%z_U1iRHrOO>p%DtgrPGmI5`vw&CT^AovMU>v=e5XG>5LoSbLD5V>=gu^d-Yx;ij@>AhB{RrU0MWOxj#uEm>-| zpGc|5Ny{}G!Y&1rpnK3& zt5f}@Jtd~ATtrCx3|k8`76Lom1l#PQm3)#)N5oszIJwgmwZv_~ZcC+ZxKvNj`TKB> zya!qC6HsnZj~Hcax(+L1J?~XecWO~uL43>lK-L@y3Dz9%uD@_UE@P)X;({`^S3 z>3QUJayP{R-{o&a4a`#)BI%z@Yi4@Rs3y=HakqHVNhIzfcX1H5qvkCyk6(e>^6*1y zgLpz#)A>smlll}%5rp6TX@i5A+gb!EA8U9pihg~pY-%p%W+!1)u+XYJwS};QO9EB< zSW2oU_QmzV`f5cY4WsqtSsTErDF*!nE4-CUIYsNFU>62G5f_}cHkOWGC?ZVoHY(*U z_74><9XP^2(O)_@TS1M^@>>Fp6)O8-gu)hRwWu8DbsoRZl$2a_7q<(n94NxoU#r7K znO~f!C~?+hZd2q3NtlB1eTS*5r_J)rz&#_@!S~V;=j(e?o^SSR){0`^2@qPQ*Zc7L(|1P~T+56vyJWsdrv5dq=^go8??gZGKgmup>AVq%Xctke;5q|6bk# z^2Pwj?)bKp$Y*5->j|iVgqd#I)5-EWNb%~a1VQ#u0d%RLY_(QmW7WFT6&T~Ar0PW} zEYvujG^uM|DKdi5I9rlKUC{T0ONDYt+R+Nrd6c=YCw-Y+=W5FqKSTA6Z%mY$SWKsi5AkT17fC515HA&F=822& z$ylvg)roNYBo2$S4F(Y)?|am66d%N=EAEtf#Bj|*tKM0A@dB-ON-6S8Hr0iT!(;8| z37hh?%kOJc-&LOO%|DDk>59EiB^Z@ZqR68pE?Rr?aS9fXNoTW91E4V4@f!=?S}KnX z@RORnM;{2S#ujecX$Hf)UaqfJ*xH#BQcxmficP}GqHwA2m_4(Zalgi|;dU-e0#}?B zUvoWzY&vh@1_QIwQ4#iraK5I=eGCqF)DV8Ra+4Q_b*A*{4+Jq%&I@_lyovS$)cUpi z&1h?lvIP&e-cxFWR33JpOGpFTgB4&E&XNhR>Y;f6=cCS^UY?BJ_~$84UNyNK{3c0? zb*IZHJ#|9%D>85vW)?9lLFFsk+yqETL^>h%2;Q66rR?XMufz_~xSL~_JNU-4JKnvV zRgZMfztrN*n2;Yy&npk3Wk%eA%fjf`EEPF@ufVXxo}@03NO4$F&H7xgWvbL40vDfV zX0?}KU-K~_(7Qeq>HQ?X-yPo=5Y?57o%O)|?cRo_+Ecuanpk0p6<+cAl((^vr1yYh z{Zg=`D?jNW%`WT@7N4v6?j!4rs`JiS7x1CQJs|?{h z8fAdLL_m+Y#0}WHHnIE)GO!3{XI~LL4>+Tq8QY-IdDg6~45V2q-zzDYmVenT3RHQd zT*8~InZ>b|8YM0Jr((@WMRWdg&ko`u__f98ht$68MGl)|>UM~skV94OX!|LdhAFS>oEw~`ZIPsNsGK?K1>UNV$Cs=(uP#6ciUcW*-&jykA!4XgBrUenL44HJI&`Lai;S|KK$r@Ba4l z%ZVqwvw0pCH_D#*1r`7hMQOY)F#tEcU!OY)j%6f8RG(wh=~vSjHw69M^}NN+ zR!4(w)8M>7im;zx7FB$k%9lcYREowl@lCkJmDU%5Y^me?+}ml}W)Hn5F#9n{t~EoT#}#lWJdmJige5zqQgd}Jl{nm; zh|sF;m4k_L)BCs?A2V5Kp?z+zKBMC8zNYm=H%HuTGX?<*W%sv~>mu5w)Upu~W1;ZU z%dYwM6KTWxS-mtE7`#K6 z1@il3VrH)eY5$E^S5~r+j%j9xj<`XS8DsVQ{tkl!u7q}z>21-yw}7CQfpjIT&zK|# z!+8tl2g8NuX|i5ApG|vLzN3Kj<=uK9QHc2RDaOn3QwferhOv_D>;;Y11f|xOmx;IQ zSioI{k}A8IQ(<~j?QcK(5P!^*36Dtfdmuun$#%814Y0<7pzBlOpqgY9z19Y5sh1I0 zrp(^z%!Qw8LS-BsIp1QJcoAeGXfN`fRLQaWdezWD#UzB>8$Xm&(!+Jcsc0VsD2v#y z-Sp{Sm!yTWet%{q_n7niEo_KWt|EN}P9|f`Z>3=h35v4eL^L1Y-eiOZ8m>L%q<4$w z8Y1#>t0iYl=Tw9YGVcc}oA!D773hJu0jm5Uvr6SAa;w)E$ zu`DI~#w!wOfW%i#;&`Rq#SCC#K;G0($&c4#;6r%!Fx$iNFQZ+!vnN${|hgw)Xj}Ger%OA-MZ-1@iksNf!R{xa@m`pbFTYRrI!A{U^u** z3J)w{5P7-Z7xC}*rDYJg$8!V8TY`JNj?68VnEae!@WMn#)Bd9St3g6vPt*uGt!8mq z^NF5516J+~?OW$kF_HNKjoY$jE`EBfbo}qclbMUEBDJcRg@G?Cxj*6)lgog=3@U6- z(VB#qD`|gB!1*)&EL8z<%IStW{FCn=q3j=sJ|y=pJ{3nWOY||1?TI325X{zlX^(`$ zAH$_b)^Bu3fFUc^upkR>k#fWnc9eU%Nmr|q>v;3qN9L0a%?Hwivp_x2nr%6HbyCzc zm;L~!GrYwO2G{SEf-$n25aoy?6_LCzd}4fYz*O1^@+%~CI0H27_H)`sJvr%VShUr_ zHzXnb!loFHu^o(FBwT*P@HUbl7qC4+%o%^g0E!4^)^dQ4vuQD(u1RZn)Y> zs;)@Tl)@sNR}GAM^Rm;hctF3ul*Qk)N$t+8MDCYpU*q09dz+aeTs>n+aBntWnrAc# z!Gj(UP(4NlMq7RQvly;ca!R5cJ;co_8A8HnaeRpEz;MR|sMl>t`@z%}!)?DLd{->V z8~zkr<#+>tjdQpX-BkA|6&ZUPU;YgW)h%-I^!-pN1x*kLZG5}AGztbvR29I0&O@`% zlA}R<0QSgZS-%0NZs$3pa}>z13~peIrxT3nd}S_Ne;e$KGuf4y2}WQ#US59G*!Ki> zn}#D0>#XX-S=iZWe5zuIC~CTIf?7e@M^)zACg5c@l_$Nj2-HM@HkBrBCbW;p!&87{ zD16d-N4?Hy&|DCvhcSFu(Yi8r`Q=03v8kX+ot$!9x3mVKt^nRa_z?WnRVku z(S*=tUXz1CLqbcs3_mcTWI}J3GUE(pC$dG`i1XH=@;xz*Ky<>hYW3Lb447d38MZJG z>@j>vW49^+FnJk^+-MF5qJGEz>KuTdpmyRseff}fqyF2(3y6<-q44?#g`iTNPoI*H zm#(tFw;BED*r)jX>LW=Fd>Vbrz$;>_**__eZr&@q> z;_K1Q8-$dKlphK?c8msc4b;V=jg;88sX%G(27@ANwqUR$E#%{ZIQs34SNG4P7EXT$ zdOU*rzy#Z^5RJZ)L_cI8FShv1QlGQVBkHec>to@M=J|39i{+U&nyJRx>bcRIHF0eM zjhh{F4>pp=j^_?-z9B}7L^6f4Iy6*I%?0KT4`ZOL4=A|CMJ-Jw{?R5C2@(pfpC6yp?Gg5+r99EoJ!kO+D)057x zBFx5C%zgTA^*I}mEcG@h-JKq@d(k4W&TC}ZweMcp^5&L`-sIE?19V-auFFPxm9xr5 zBBg3(Pz!(J(`yuhABFC$-Qv%1)^fC+I@D$UrqO0xkl19Fak~AkZIAYve7sJ`5`SSN z<(7zms%-BG9Fz@u=|F52sk0CEwFP53h>yg2^=y~}tmsm-MSM7C*xX*87++#keEYe2L|ZiBIlO4h;$i^?`c%>l5Z8 z=ToO2z>hu>K_Zu9Y}L}o(gQMN`dms51US`Y^r0jjXWzbJ-D~%T(&C$s z%@RwfQjBh*4xY4`3cWiq>`je0%`k`@e5&Wkiq5*U+)P>X)Mu3cUGB}M@ zZD0k+pPis}6tVod!TknEC*kBHG9N~p^(>S{`LYbb!F`N8)=5Gr&+~z$;rYRl?cg zqrqITk1AqlM(|_2Kc(8JHvijC5=2F1;ny$tXpnNYZ#lK6Fe*3IbTKx^we%$>d*NE8 z-hB|4d5a z_vI@}%F2EqxY6z;?+}{0xHM8HKlz+Cp-ENiAals9qfPO?j4yY2Ofm(}bWDHP)bwgi zLhB7H4lxRL^XR#0G4gNS55UVj^MRAjow)ohe%cdoOGS61n3pQ*_?ABAIohmjwZtp% z*O*R3s+OX`ure)&7(Q_%mF-EDRC)p*9%nlbnhj^6|`RZaI1*2T&MKPRVz~+<$l17($(C(e zGEYLz3;6jjU356{01$L5+;y_r@Db$-xsgnw#Sr9=Jc zVpiHWC}Cseh{GO=(;yHhg7q$O=E!xIB|q=_2D;kA$79dPe{paT?swhio+Kpq`7=qR zqPbxFG=cDXU{@amDo zhUC#VZNR%;yfKm}WW-i`Xr>(b%}lr}{))9xOVWc|Z{?e)9G`nxnimvw1$I9yP+NQ| z*!)2?fOoTLa)~~FqtoiR;E->(K)$J|p(^gxN<{9KV2oL($BV^Id>KX0{J3@w#z=$1 z4f)-XCj<-CoE`jnocoS4e)NXtFBP;*-kU0!nB;5dAf}zNK-zVS*>=?PPfw&VRv&Ql zd6$?vc_sLLHk+WqXPfx`?x*-yT(t(R9{PYbeeQq&?e)%=K~9zdnX9(a{b>pli;hw6DP#i7T8Ep$ z-lulGGa25zb4R~H^RPTp^SL6)m?i>_?Iu2wFAmxlnSd(aNz6Tg2yF{_y2YlHstvy= zyv*!>?kK=kK_19B73^UGK>ddF#G1laDtabS?F< zWOltX7$y}UEm(3Wz;2i_?kZ)?$%$_f7_>X?=wfSRKICG7bRz)Zv~@S&eM_H{&Kn+J zEz(W#QjyyS#6s?a0W6}YOZL;##gJ4TqEtx(XGMN z?i2~t<4e^%*=spkjzMjdIb~HLCf{mx7T1XhOo?X_)|_N+``(Nn_8xwft%emWK_Q&9 zSx@4qwe(`DVX$DG0ePU9Y-I*Ci0Cw*qDGWRQ(`t-{++?$AJ8|r?Mjpzg24emS3W{mP#DQ3j7L~esb z%L{GllVDKa+LtNoG{=Viq zjcii(gbUzZNdhrB3l1~(@echjvRPKOHqi2hqnuq6cm;U_&fIg^67>hedHN}^GYE@l zBUSZtgL_yqnZ;+O$6Grk`9?);b8S;6(`C+qNeBP@`~KW+;u14is4a6f3JH4BhTA+z zLG#Bqo6B(RMrMm_n(_RN`!OTV|SX!F3L>g%f%^NVYsEbW3OYP=V-?0S%~WETp9 z#c7_xIIqCapdU^NcLp!A@Vnhe(Ja$WmF-Zv;_4j?9|%=*sG<~&I&<=>M{QdD`5LHC zQ{s8$bRNtOn^*ZlH)Qa12#DUZ}evm&afE&K8a2&7<~_2wep})IZJH% zmX3>~P4`BtW9cEIUX5u@?5pC3j>e0sGUJ@239QW1ll9ZM2g_kPV^XhlHh0c%qesmd zXMAIEyg~lF9*42HbfH+l`>xE}Eb)1L*sbgLA{S>0>siADikFse)?0F%C_hwCM_TJt z6kueQgl~Gu*!@L*mttFPMJ_Kfb#0W6rTU%5>R_g6oEg+P)>F`{B+5$G`DwNg7ky`) zsqjv%oJ!%5KCe+LvzFB3hj48qcDC3XyXG95$uSi)PzRn4 zhTT%-CMuLL$n3F61H&`?^gWVT#D^^_1Gn~9UAbHqM`wx?u_k25^(G+Ih1%{(;)cCH zf3G)Lo2^>Zl-fO9nL9@DoQQZf;WhpG8lwQadc2qEs1meI|H+E>(|Vc7j=AbO^cHH` zxx*89n@Gu1OLZv+RNEHR;$24QR}Kg$XAk;@Yo(gjcidde1hm-B=+5jyJxQ8&)nua6 zw50Jw;M7!^!=fK!BJbKX5n`YD-RAvBLQWi?+O^A;ZSB{{s3wsUbI*)hUc8&klPaPz zgk3)2G@aNwlUI|d6kk6Td#mo^SG?F&KT>?gjik#MyB$Rbvn`lFfE zRIE3IcSsdHCCFu~3+A6M!AHv+fZu1Q5m4WmDPm@br$Rr_M4ASs&<1*wSB4|x zq$Fruz{5IDJ11{urgINY9g+4^>&>uz;jL7AY^y(FaUs-qq8`=I1^Ti1{_v6ITnXxe zuL6=nwH;$0r-MTANs5kJWGE6cznd=E>Unl`%&IDA5ljo9iGwI+Yh?MZ6cN$%lN2w3 z#$od9bVI(`aY`|dFJ&$3;H|M#&>GvXoN|TO?Id#Ey;t#^eDxt{29rbD@D;pN>Nzj+NsiE(S%Dyzske3Rs1Htj`OuK- z-3R7<1mjLIlWOMZ+~LlyOroL_p4`bs_?dNsx$i^6(YnQ+um+?7-&xiV1Rndnkf=bu8_6bMTDK#D4Q`iBCvC2G* z(ciMnO{472-#}{8P)^E4Krfhyk2t*>XzHPu(5aa;WfS0QOGoV-avJxA8!a^Q*4Wn%=$#y^$tEUVR3jYS5al zj~K|fc%5Lhvaf5SIx$0~G)JuO;{<%XahfCET3eO&RNt$GyZozc2Ome#j2_fUR7zt| zSXVPE+AqCcUB{hCFoP88)C}4GCsgKc1wDQUZpv)@T<NME$Y2 z-LrRvB(s1pk)#Euq(@Xr^@CS%(&CeHs(bIuUn3)AZ#j+N2pr>%1B(_Wf}GzR+44)y z=CX`Voz8WUPR?OzoqNrns4e|+xq|8o>bONhTAS^fdbpRrOG2h&j%v`*W?rbts%6Zi z%Ik2|j)Hd~l^so6geaTa&7jY;~x`V+Wpov+h@$}l!&S|{|?^2cMj6fnZ0tV>JR^<}k1Z4sc zDxvokrGczi80PRfM4=P3$5Aq1q^U+lBjoLKKYBBuVRnGm-y#TmO>-x2bUpwC>&o%i zYUo{1K(J7~RI=UeSSj8y{hNy2r^Q4#O4&x~Y45D`v%IFm>9`2wk-L6`MOpWW!o9gv zVxI8c_u51-yLpg2(XuF58F}WHm2Hv1;+Vcd2uB+Fq{ZS@-!nUmRJE)-w+N;&a`%me zh(AAt1D@fVe6lZQ79b`O6z5c6UNJiLz^W7Q$d3nLa_!%~HklN;@5c^#tto&LZr+(? zK2(W)S-V%y7aq{9QSs^I)Jg9?Xv9Tf-NL~GKt2;RQ>g6$mmYo*oOIcTJ`~;xx@0LO z1j5~vPYe4xh9sZdsrOz3_b~|?-x)yetmZxbxbV^h69v15D?gVhm~fMZ5l1|60lfO9 zr9bPLfs6Tevznn%vE}qvg3UtB*!h!&!#5JuYj2{QElzH(Y=Kd_>^#LUDG!ev=dSh9fYEM%(Gd3N2{5qJDzrW$ zmg#bD9d+$O{fFbGSw&#f!2rCTW~`VSZ{rz=r5BSX$s3|)b%1ZW$tT#k_9<7z{&?Ag z_gpKQp3xQs9}Bnvj7C&6K%T4p9%tYF!6h)yQbqCs%*<(V#vM$kz4nYdJ3~`rfcLc( zoj{KnF=HfwZlu+2E0i$n7m#I2ntPb(yaLo?T; zEVqY|j0JPmOx!M;cfey0HF9Vdj2$xEM4i?Xpdh11cza>_Dz2+JEKQk!f$#^TjUMv{ z&P@}WiinV1d_|2t0Dt-96cZVI`?K_--Fh9}ZBN61cdI#)6FNh;g z+2i6{4t}8*sLk_ku9fOdZzPc#1p`5rgSKBjzNjbkU~B@@a#Xq=hRWeEp!zW;i>K*T z?;{)V;mrd|nh7-b(PQ1lXYTtdMC@z!Tcm|veYk;Mr2T8+B1LUPxOl-x-{nYtFijm3 zfjpm#Zz}>Qdz{5PD=6$vD0oV-vB6GIiaREAR^0C> z?ko{%2VJ@U$JAT+McGB`-+%)QA~7@~HFT!}(%mhMbSNbu-92=tfPjJsNGc%RAOg~Y zbayKq@1EzJ^Lc;&05i~6H(_U4X3sP{`DpCvPIOg|M=1t<+E7)SF?r+-;m_S2M;qLcGQUZ3sfvOOZvli@B4Yp6;>DBXa*WELDR2gdoZUkLp$PA7hZW%pA! zSxoh&9AdHoRGt-&oT?hs==OlsB>Y<+VMnuul@#j%HZ@)maNEyTTkyyzLI@bz-=u_p z_CDSCUR#us6)k+2GE?U@5U(V@vh7xLDi_XT`t_>&P?q%N z+F>XC8k`J{y^*65EPR%tF1Gy$olFq%;0IgCcPv-Srqy_1i5PPi_wb`yO@3JD8A3_fn=`fif}i_r{twC5!GQF zE?-+|r4SoCkq zxn`yMwoT>LE#ZHT!0CH0(kwz!+wu;FJKMttg&FxT8m{3XZyL85J-a$(!$|enyPfguD;ahF5%;y}!1pQHI|r!4MN z;nMlT8aj&o(^~{_N4c@(yzGrD-NuHp5Wr{H^eR6%m`znQ(S>5$sn;RQobW;7N|WdZ zJWy-^9~0F?Mk zXJrA-#-S7+83Ze$rE{|Otrp1Jn%QUr)P>elN4{q2b9!AYf9|^`fRo0s&6XZv&_4^K zhCOLw%JdXbqcNv=d`PdKqBwX@YU(%Y7}X_=k9xp>ma&3`;OSEayJ#k1OLvdcoCWAAAGbRzbHjM~gOBu4Gb!`^V@(?m-hj zwOq5hpR^q_?>rZv*OBERE=+hn5;@Vcx(m@Sk1&@J)jRI3qh+%9c;|9F^Gy2%fNo95b)o;?%F-5EPPG z#*)5^5CN{ryi=34`V9s((dFFq^VViKnKV|Lyo{41JkxdhaeosRkNL&Rm5vg97MI&{ z=_CWVplnxSzch=i>Q98-Nu#u_%m?X-ey>ex`Ij&<98}{Gsv3NEb=4mlXw42)Titin za&eE*7h=3N{g-f{CGFhj57cQPkIx^Tovdf*=UcfX)5)C}ay*bC^5hBU=}GQh=+ckT znj`KuZVyopfMr#ytrLSqOtQH0QD#HAM#lNjVB^4Xb zA@#@R;Oc0C4t;;vB*a7}$AZJwlt&Jae6YHys|LgLpfnu_Q& zg5E6sx9@oW1>n!}8HB`8ZN?6F;1HhM>q=mix`7$B&D+4S(F-q==!2GX6I;p6qI5Gn zC3vC=+TIV_UDWGVF9R&z9=^lSa)GUy&N)02FK?lq*-!bTk_Yo%!)8fX%B%<$7nUO* z3u;=YjAKSL!HsVRE6=jtQ`CB@`8T^0rHLn9CbPrlKHZ{w3m5;d2R*2pm(biN@1K2o31eH zwqCzM*z;g-uH;zGis#{>a4f9|7c%{Y>}cve0-7Kl7PMHwLt+*p#INz3M!JIwaR11T zyom2vV^-hkD9ZNYgVOD+wxr0i44Ba-&7^3*7A_v)`^dVfv5z80sP@~8r2d`^&= zjvV}8IP}7wrSoMD9-1H_)z`-tuke?O!ZRpLLPAsmHvJRb89$Vl{G}szAmHHR(q7SX zHW8_&MMQOAKc{+#&ah&#W;+k!9R6TlU3>y<`EN}ejVIvLg&(#!)#GGaF}Rku2RhA} z2_L+8USa-I4i;NPV2;>2>E_}gN*z;g7Y>QO?V}HSitzx=?gzv3+tn0D4luK;gXsmX zGA?Zvy#l`7VH_;f*qFp*=*MJ~vKs(fdAk{gnRYXHoxh`GBlKej^8g{^)RUW#;Z)A2 zZ$G`*yCBHbPFoQUN$Myf$L<-1*#Ug(4nt%OUNzJ8$jvbyFG<@1T}+8DVOS-hM0?cEJD>FBqNa538v zBuC~l`epo5%(nxdz`mWdgVcV%C_P9U@4gEKU&FhXQyaL#TO*c^62D12R>(6z#J;k2^GP<|>7TQdP zjygzXSagJMM)BZ08UQRBeW|YFgwCn3Yqe}((CgcFJk=;O@zhkNGAyEhT4C3_Z#23xH+;Ep|wDeu|b!XFZcIH=_VEUoDZaYyj821I8F zQO9QoPZ4*QQuLLK9{OJ=Y-JWAkTgBW3RB|iS-O+m0vYF<)e5$n*dWro_Zef&SZvVi zr79G+?o_Y@V%kB(XkLtyJv77ERk8YA5`v7`qezjNChJxLQX4p27AoojN$seSg!ex( zf!`ppJFz?#l~mUT>Oc+v%naQm;GS&a6M~KJ-O}|$o5}E>)6Oj_<~(fA+PhIiVKEk) zvE6&wm*fuJ$S1s&HKq&t{2s;B1i%C0XI8gTRlrK@_XGX`pNLDgge4_}X?%~=&57>| zz^YO};@c*iJ-En3F1(jmqa>a~X~M7|uy+WQI5s-2FHgve=+U+r+eMS}=@DFWZ(~w` z#M$$i%iuR-Ej6$YYZ|)*wt}LrZX375N>It^?&gxyBPc^enH!!d6GT22gC!_EYbnd! zmsxc_8`Hd(J39QnK^I_5;-zSp27ztlf&4Dd`rRh_V#jT^+kv9~=P3Lk@2RYGf-J5X zcu3dEU4MXEHy1E2|8z-K0>Q4&4EX8Sk}f_R%FZrZ+keVw5*L+Wc;>@ey=bxjR23ne zQbD)*dw8-?fWP2ewqbx{5LB>7k^c8>j{w);6;uaaYC+pWnQ5u4&tqF1n}N~IAs@O% z+|dACeYWrTMM8m)__;1*_235_^E!IQQzc90CByqo+$>^1U-A&WAk<%W!=FehrNWoRp z97OVVLSm|2Q(jsTh14H@Mo_{$N<_?)SRPO%PpZrW2NvA3)|E3AZnk&`?HCUg9AT&~ z@&t%1PRp?^o%AH*g7vAZlGEouk7)sb!IWppOhluq&O)arF8dH686?cVnNt&(c>=s| zPSO#NTn;Amqd+)nrF`_ph<7;YtSi;>WmUAT;mLTt%C5G?zG?=P>X}0(VVeV8`^nE% zum93r%$#6ZtPo86OJc&m*7^(LQ6Q}|G#A5uy#PiZ<&dgmv+yq7EQRQ3GK7*i0eP3z zOG4{n%>yHsO=;G7>SOw&;R|aXtm87-&6W843ew;u=*N=)eB-iuPDQw&ft8Mv71T?d zAY>lD90S{#H=Z);5w|-%5#*V}^pf$v%BF+oo+9eaEUds0cZ=}6NzM`bZroC@G&&I01aJ%Q2*`w=UaX9BBEOC@|DeRCh`t9HVe7!K;^Z#{0t{|A4>pSu?ZRrHt1ZdmHdD zxvpfKR;GchWTzr{jIyhRky_CbW!ZjMM-q$#{Jy(@I>rhPW=%-3TJBCr{~(C1m+F4m zY1-HPehA9wR!mNG^8fxU+rflF#Pup5rR7|#D{vgfE_xkk_w1)sAd};<61)ePQQzo~ z%dD`}fID;$4NXQ!bUjr&_JcZp2l)F@5JBNgGu52^9RXR{M>0j!0eu|Amxajh%XTma z9XpZ!=+=D*(t55vhk3pS26K!%KFEmP(f``g2A`pUF>u{%icFX;yxK=R-C;HVPA(Kh z-Uk`9>V+ubFf1oUreO+*KVbhiw=s6F&&Ua1V6xRyltnCT8brm{HkXow|G^ct7nH7V~&KzZH*8`yU508hVEI zlXH2JH&r*BhF_WWZs4WJXTh5y;c|d!zFjTjtS=|E55++Z!7@kPz(iWwHlt0WmPQ^W zJx-=U9Zmz{WW~JiVT;FdI4Oyt(u*)PvTGM0ts2HXej0n4L#Rm55v6hJsYV6~fziUqmVWU13Ye;j}MbI>z0#(~VR@J*FVw%{@R zDX^`Y`2W)(U4ByEO_v~2(>_+ndlAXftPfp_ix%EyI zbTnAM=>H7Bj2~b;QfP>+G9jDr!?M5En&ec|mbl?P$8Q5to4U><5+F!}4$Ms2CRs?{lK&wtEwJ$tj@fNa{3bzzha$tb`xYzz}`S{H!1&KW=mHcI#!BTqkL zW#HZmd;`L_87*gj?1yEuYw%}{eSt5MjN}H%rfI!c!3G0GtzbahiGC$_qqP7g+SW*Q zRP>~uu0r(2|IgRgx;0jcY?_5Ko#T&-zy1q)fa{#z!koMMxZ6*W%%PoBE#R~-NcmA~ z129m+{0dk#!GF9B6u{iK-S=N;l<rlZuBdMv(zbE1SnWmY75RvKMTRM4vMJE4rRVV! zsD{vFkHG(JEF?3`Ktru-#YJ1?y-h==E1AB8OuPXt!uDm8hkFJxe$A>|{>uOA?@Y01 zPu9mgh6dyBu4l-RUPnAxD+udEYdbJk#EspWzy*o4mEw?LXBMEWMZPtgD4&2W$-+|A4;=%gHb{r+M5J8ebLN1m;C#{C93BfNME%8$HwXT3NSD1f#d!g zQg^?lFrh~*ftcDGy5}yE^7O6;UXtl%>JV+yt_YlZg87MHsMFX-MeqQs0wo677^bZf#Z?%p$mMv*B?w(DhmiH2k zES_5u+@<(11tH`#8|s}3lzORRJ3ss-1ObGbtGu~^B$fZ(ul+@OEJM&gd|DBZ4cdo1*7RhxA z(3b6y!OK2VB#~917&U}!_wD7$`aa+cdUU>9GTP(gRAY^1S$K*t7yFxqo(}v;^@2LZ zdw&YA(rY3h8c9qc^=pt%jrDz#!@~LVxp;51PdrVzzHy1)kK_gTA#i;B4xTNFKRpw> zwjY;ky2y5lFryO6PnmbVet`OQL}<8WLCiR6-~rLEBlih9qZHG=Y_?xhwBFE(#Wz+hBi*DiC+1XF^ zGRMng^}W2=imGSx5&A9TTvdASso$L1h&pDNc>2aqHq_>hRDC9#GUdGM=X^6e8~@oe z;`X~sXk6=|F55dxMU$%;%&EU8XH%d2HxB9Wu0=GiWoXF3{+S~A^gZu~zZyy~UL9>{ zFcP_G5R@Q(=SBMCTgk^uJtA6vYIHRJ>oa!}MKn=Gh`hN>%I`>-gQ!8a?j!Jx1Vx>s!t~+i*DDB(w;7Mu?twhk9&QZ8{8W z1*g}(Uf^t~scjK+OWxOhx>>$gMiD{${tpA-(?XF8`IV2%c0nrKs2ClCUht3AR_Bou;dCnS;zO>ym9UV0YrQVwC#fbCm zlEZ22sn{7=yh|e##D&cPQ)u~Flstq%BKO7c*6!XY}+!9eI)LVd&;IWXTp20JQv>P zJ$*g1K+-DyJG=h!jYFJ1?53;q&E9a`<_z%n8UdNAeDqT9PxZfF!(WWxf`}wta!`~+ z0e`SsSa!t^1vH2a(h3hKo$M87^4mqs74d9tx&-Z7di72(yObiE0GmcvEmTUF@~`M| zQHF`DJo_^5e$+BJoy9qpLJy1#pC8|+^~y!sv{h{4-kxu??XBDP{`p~RY6GN?KkJ+- z5Otr1_msL#!EWwy6CP~`k0^NdwLK}V;{&TQUXHI*315`>ghwwi$>TX6%+%xNES-^z z$1Cq1rm4x48iC_f63sPI4d1vqLw37>=*?o9I2jr!VOn)cG&CttYUqI-ttj)-L)pf40?Pcrqp9P+|fqfGmTdsr8 zQ>VeUUrqurr+mtLBvJ&}{SBnPWj9wx)* z-{Q-6Pw>63>g*|IUeeia?qTQxr>*z~$m-Xo zP0QXmO;?#ynBM?ndDF2hv@bw#>T^k|L-F4p@WvgOQ`)rouxiy@r$>uyX6YJ0&`;yIsbaQQ%3iNx#%QoS9Kbio@1<$+r` zzr|zEwV#|#gMjzx>KWl8$&#i5QYGG-tV5T5d1d^whRJDKGxb*gXm#LTy(xIJwX28q z!Iq}AyiMuqCBg(9Smxuh@I(*fni|Fb-+hQNQUVZna@?&}x}$nl3NH27{Tc3q*Lipj%+7B+Gfs10C4M`@4on5 zc0-)ujw49KB^;j!6}|Ui^v3}#;$Scrr{H=Eiena!rouC=7Y;P6G;C0>(^jzGBXd#u zpdFZ_T2@icy1Dk>`TS`QSejg~Jwzo9>l|iMA9c)qcXLBO#u1o9qAZ)-Y8i`CSPF;T z(iXtMkW1zSg8XJGV>9*b&y%!AK;h`t^WQ|Vn@j!y2~+scEz*kr6$vB4Ga*odp`>(Rmsz_86wvMVj04|)lJ0b}(Ab2+rvMlVdF(Si%4Y9b`|nwgde zq%wmHepE>?6527|1pspG8&H$FoL3*rH&F!Nj-^2>WQ~ACzy4PIOVnjin;(mm?(Aj#`%@jb7jOHlC-`p!Lv7ad~+Z)kwH`E$OWuBP7 zkJ@>wwhPqIQlJreHg}^YDsTk-bJ*6IX zdcl&qU~M-)l<&!HbIbukTAJ)#>9Z&aCFl)+p#9g#ETZ?m2esQwyzoJ0a^q)uhdkP- zx5jWmm|Y`dD&)Dx-YY<0{_Gp9vNoL%@;vP`XeFP}KV`Lqt_d7^U;2Rvssm^m$tUs9 z#LRox*{8Li3(F+3&E>(ez7nD~gUCfuts?qVoB+x`a!Msl7t+#u_jg?VyG15lzMut` z-jbJA@%-VU_a-G%0Prhhu?74Dlq2;F>G!0+{Wd7LE`gWQXlu3%BU*wLtLh&rtqP4Y zNt6~t7(<9Q|3KCms8>jI2&GX-MGGT`L4fy&B531%vEefU=2r`*EiDjb2~8b@`O_dBf@Cs+^Qy;*BiIt11WSq~QN zgL5R#WF_Ov!@PBYne@@O-^HK38fga$KP!m`D>}z{fCdc}W;UAOI|syiN{y&+(v*s8 z$;8|gh6XbJu9b(nv7BKiV_x4ao|+etVIOfe?Gbpr=Up#iK8i1EFK5)4Zr)VL1IP_S zV87yvhH+sc%+dU41zRN4x3?g^6tA&6R9`6;6`Qd+`I2HVx#m8<8yHU(G(s#5qzJs zJ%d<+x35jm%Gn)fYI+377`gi*%}~|SvGu1-qy4(HqckaXhInEKyLq)Te{ zT{*<3^W+Mw#0@!PwO&o(%YUhK*3E7KKt_49d6qMrueVJdH}Nfq#&V(6Tm-c$driQz z%cpI#+^PEzBpJb^n~rXhWfFb?x@Lj7KY-RFgf!G>&A*&vLL-+q>rbS0>Oh=MrbPpd z#+d&Dn%l>#V2#*fo57-E?w;rqB&iwO8R*{0Q+-vfL=0cLSoI;UP@<=YGofC9S~c73 zeQKQlQAHWp)%+`Htna^gLNs|v#`Uw#ySaQ{d@j@cAeR-v&bx2Tj^7O&)ovB;ULX?e zam!}6@ab_U2&(2@Abl-_Z8=Ff6{&XT@^yl+Bg~99Kx+&x#KLEfDcOF)kg=D#b1lhx zMF%r}RC)}pvv`rBlW}DoZM2G%@X!TkY>UG8i|b-uC4Ivv5zkVc#f|0 zW#zy21|X3y=kS3$^TW_htaKscGC*;~JZGYwd*%&WN3Q}K&3CD*L}^^C<}a+=f@o~I z<^Aqyj8%^;#R6_FmROGr#=wiP2Mn~pjau>{9>|)qSq`c)AI{;QYzZHnRU&mAHIQ>{ zAVE3eq?O{1dBeU^^c+|^dj%`MgS_;CplH!w{H2*LGJ4;4>O}mBGR{03uZS2WcpBfQ zDvK8HVFQ20N8vNtGkro6Ttsm+N(BHcY5hs8*J!h#VTjXYfG5Jyjt8&*FQH1h#iA7D z-vnJj)_iQ$F-z8OY)s4t@2LU!&58PhmJNX*z@YDgO4ZZIp;^KZ1PJ`KglmC3#^iVD ze8;hJj=ToJE;ouO&+fbr33Cc}9u63;d)t9d+TfY*RlYQrky#H!Pmezvc<>zAk6;fG zosD4Uzg3+)WSl$?wL(dUa$@L2Em^d)EomjNaBAdS8+~`RM)J8{I-$(~!CO=f!b zZ=5&dI?o$AU5!cJgX4U&uuIt*d5y;ZdryHyk?~y3=if0Oe|0VaJ#{7Cb@hU$&Zqm1 z6JSI6*i2iSYoRGeHSO9ZN@*Y#GORp!3x0+v;ABkmEyXl>+HIFVBqMIydVK%?-dSL| z4r0;baaYqdE8jZosj-ue^5?f*anyh3#BI*xRy>O+G66qTtV}62wC9ywukj9#BS?84 zTd0OL0qoz;@1@I+!%@`S@u}uDcx|pq3Q!3Uo(q=#5>U4Q7BneE2yc?ag7-Z#Zq}%@ znifVA|4&WnV*(Ub-n#eseE32&%~l(}|F1&vpD>`sC{lokyb)PPh-4T_{EZ z_?bw=0AVf!?^K3+;Sp4+o4c=r=U0CqC|DZv6`QqrDuoPd@@s3~J+hL6g3&6=7Y*iYHg%LP|#x>Wfl6$MgX5bF7x z{};xfUI)VOvM~Z{xPTrlOD;d(`;eozh9)K)hi4GmQ)C-h16_RsTwMNjzhS&p)7rmd zh8d4V8Fy1IxXe1%=MsiC4Bmr*#_+?K^PzHs+B$-cL30R;BsT1ez793;p)j$+diBGq zLm;776AI2`+lTvgViw678nS)8fC(P?|7$qL) zjWz#6+K**kaiFHbtA6~78tus&sm$Xa#i{+Z!Z5MVt<>~my@eG?P|j!#+Qm=GklMn& zp-9o!Us3A`bQhc5{#NB7OSC$0{0Wm<%*g`jb?NMLbz!gFlMcoPMFPJrjU(J>0584x-J$acHwilJg##2ee+o7~{ww>jj)Af+HYXA!@55XG{ny2(X(0-f_MN)i!kvQTGP)vkid*8Sy0xbg$ z%q5)_GcX<&?t3pD-lx$a>b#ah%4rZaT2J$j>z+~)22o(JnIMU}^S<&5e!4vkiZn!u zh{JYENj&<+9tL?rL#R|La&+E=|| zq<=C6md`?Gt@p$-!q`r|&Gk3m|Jq=C2c?(E7d&mX{+X@|cqpXZYT)IMk`Ot~v*k)R z7h@l>po|wCMKKS$u*Unu6cF<#GE1>Md49@)v;&MVYC%WebS_X{LeE~Ln$7QGfzLBr zq)f_mVKHAIii+4oJ@nKM=($iB-mVaG5jWGN#D%ee0rG_(UvA4?w^B{q7r_LFGo<%A|_7cMmywyBi^lerk9?+rv;9H}d6Nh=3;`@*+1^JVY$ z7;6>J22c0gmKS~uW_b>)ootZh3G@}gO?r4Q{s0pW!KkcFVxj+(8eX0C~y+-mcuBdMPh>VVbJuW zCq7DJD6)RdEnP;^`kJG2NoIe8DIS)$daYu5k~DZN54|5V!>hpA5>g%##N?B3{ZT5y zTqv{$``ps&b?{AR+61m@-SvmI6f=Brd}%Un{K%M1{_ZhwJ&?A@Ztz>F-}quA1X!S( z696Mmr3u^!Y_W>>KsXl6SbmN9K}vz@5jTH(Eq)lqlrDXd)?7?zvWgdF=h&kVZ10zf z+>h9}i`y9JeQ9*{?w7Ho4Gu0&`8rs8ops z;JTg8p=^#0acFGpGlu~&yjVf$EQoJ#DVGAbv8gk(b7%JtehlVMPN!ZwMeaGRB{4Ko z!tTXR^xoeB_GZzcL6T;s2-VDcm6b-@CkP(!&~=wRrB8aCJhq0)cFnr=Xtos(=Y@rE-3~cen04y zwTi*KKi#T(aODk66irP3PVC+ww=0beNxCt8-s9(QOS}w1KN>*Yx@Mjv8;M<61n9ri z^d+P9IvNgT-@@~kOJ>)1<-tt0Fvr~z6NA=<_SA#HIb4@)*`Wb5zY#NUU&0t>7fEIk zwiUcY_ZO$YsVac(1>Tg!Zw#&Y-L#J}iCBwV44+BLJF7fauQ4ofMHr9KQ0NyHvjuE3 z+bntxMyU3h_bAY0AXswG#ClfB5IDchn`OHs3)3O1?fTzci<~VxB*O%z1SR}tf>_pq z*>G|7`1r*%2CJ~yLmeQ0M|?%{m&_kV)f~0=#=*FS(ek!LsaBTHVjEQFwAsII{3eG76_iD zHCCBm>_wZAZHBHWI9o=zlRG^{;8lP-!pKO!{nn7jg&66cq8A@bG44vZFk#;3!V;r` z@_Z7kJQ0&ppYfbxgR)@GpU(T!Pzi$YjQJ%4l0+0#yObU9SAJ%23D+w99QNf7FyV#)mm_@YBEHE zh7vt($BP6iQOHdAIw|LP|6H_BUPVzvVh2Ib^eFy0sy&}^c~X{!?kRDx`4{!6U^upA zUL;H-G-$ymfsCKtMRSf%o4>n6q7ra9bq&_i~eCy(9g}(^F*A{bDNEA{xhxmMr)_AqeJ^(6~m^dGY!m zy<|D_nT*8fb))<4!xLe*4HetC#l(RhTj6NQMj`mC)=3tWxGZj!Ca2!K@q5>NMj@gz z46VJ3FlOEI%pjDaqK5D|loT^Aewj0z4s1;hx6kA}PeUH*+eqtcw8^$Jx0nLpzCtl7 zJoYMSjtrHLHVB`lfsM|IRM*tcYG)g0a*$&afW=CA^uZ^TJR5w1!qIA9f~m`Yz!}!E-Gn?88J=xlkDA|{D=AY?6U6&MT;6ZDZLa|0K2nC^dV%^0^ zJnDyN2&O^Sm#KAOpO4tfG=>eJa*q6lbtvdaajo?Wq#c>5t}*iT;nTkPYXG!C5+qf zaIwXgX(g0`{}oL?rhuFTBN`xR6R({EQkK-c;n!C%#7%Y-gsow3?z?t_QkUVEZXDbG zL`g;mtxXF8c4DWzK}IN<|Dg>5yMd;aW66|tR#MfnXAw#PfuA-HWK%A88 zI)R5_aXzRp4ZJ-{UVL+)1xe8Dr56-*sKF&lcoxfL0eK`Pk-h+E*})n<7$!{HFfTTM+Z=I5MjE|TySFr!wiDk}O$B4Rb0G|*I6 zd9kJ-q@Feq2%7HmF25FQm5`Qc)D{J9Ud?zaQ9}_Fr^VJ>M)f=u=AMyn_IgTrB0{&I zAx`D7l+!dN)SUs!vo>(s$xg}8XDFt#lY@3$PT$FeFcts+0KFszRLv5=j6r0I05vO? zo^6A6i~qImUn z@Ii#!q=S!9`E0$@l6T~|&}`74^n3fc_AhgH${59}3g;8E*r0XOwM!ptus2jc@WHS9 zU1_QfuB(Fxg`)!rq%|bM_3p~vZn0IgCGb8E%tGXV^?=ZdnBmD1ZunqnA}v^{ z{9shhYSP@$0Pc_bs-}DdU|THU-}q|#i)z^eQ7uvD;+W2EumzBTsX}fxjn2zx42sEN zpfFMBM;&`~5_7zS;j%tJoc+{3JrVO>?%5C&2G;=oT~Rq5JQdMAkyPw2R~jD$a7FS0 zX=#iOXX_l5f8~jO0Bz0{=}5ETJk0BOB|PP3MeN~8%!S)i)w+eUBt_-->(_^vJFPx< zf~5-$wdu6YJJ<69-X$*=SyE|1B!86~>+GRnYbH!1JgA&c#ltJCw8wt0n_i#JtYZEj zjRTm?6R!Om{U9GqA1vz*I)hX?dE8^)xo)1tFf2mIHpE=#8D94{aPi>;xEn%4k$VC0 zpbjt8$Sj+ZfymBDYRYIdRpTBJE_3L-K@{>d6hp-Pc+4QraM&h=Nj_YNAf8k9`>0O8{5q1XSFyHQORoCr&FkH`Xt zXPFu|@^n%T6eU7gBY0D4j_Tt6AeNYoWPiRXqsI0Zr_COqPSYU3HjO9u9LQb@0EGMz zIL{jxIx;J*ek2Dg2yCEWRe(8A2|bw=CFitP7p{G!J+{(7OHis}mB7;Rx7eU~Xn$i; zWAvk6#9rl(9`h?SPp|euOC*3aNz1L_eb%|sX^_V;WM0nl4auoO{u|8fK_T8!5mXk^C0&V(*0cfv-W zA978~-r;;H<;O{2T~H274t%>i6{m4cidC2Bg%MRf0aU%sd_DNqw1{s@UmA-ofH`hmLqSk%++%|rd;6h>Jaf^sa* zgFz@1QXUZTV@?iPxYzyvwOA@1k#-3NHZ3`->8|Jw9vnuEz!i`~`EQUFa#KhUA{FpK zCaRE4uyxA!4e1B^UZ3MVo*}YPgTzreN{n!!y`eU)k(JNlW8Z#$+U{eaU!5(_L4ZVX2dmm9oHcVSgL#5y`dzckuF#r6BSMr(9n$*%p8x#V8Ku@sMnG+X1 z_WzJ$M3Dboc-QmYCQ|HlQ_`^M71}?l7WN5RuAHmfG3z^}8~=fP4Ct=m3)=*i6F7lw8gkzu zfB*YiDT-0ZH~7ZbBJRVbo)et!|5M&QLQTcAhKR_tv-<>|tSL%{CA~xWj@>XrjXDvH zaT!O%l1$Tf1WlYAEIiMvIB%l18Ce+m$?`gyznexr_W!&9f45he?56MJqw#qNI5H;^ zOrDq5e(_az#=X6o#C|;ARNZwe#M0t_nqAlzE3GPwQ*;D_kF`3My_$)o4FR0m*>t%x zI|~Q51mL7a$9}9e8dLW&dnft?h7DMY$NS zaN31XtAjvC)|G=JPO*yQYXcYE5f}0?@`+X2Pogq*7{V;U8nZaydb*mSG!?u;MS0Kx z?U!y>@o59Y1*A%@kebG*`q-Q1NJR?oI10TAe3N0u z-G!lp5fi7>KR>MsJmX5ITI+P$&lp)iwFSu_?8hCZ*9OHeXK zKM~?3<}}uC;92=l_cocFXZ=Bs(U+CoFNh%Wf2{!N8zyKz5x#EY2*KaP&am}UN@r*3 z=d$~K-I%3$_|2@7ULV`A^)QAv75v<=5UYVyMSUu8YcFeg(vM_@)0UtB#tv}EhZ6@J zuk^g#nP9mBDO(6yzcP>SnS*k^Ir8iFgZf!wHa2W%d_6yp8+R2*keYzVl(R+*c?PaX z%8mpMuyUHQsy|Ci1NuwOeN4a_TmXz5E?WQ%V{)1!_p%)`TC@M8!A7pV+{d&~21}}( zW+&6FmI}@J_(lI4AVNScWruuf`D=Gt4E-`8WwHb3w|U}$YR+x4yEC;+IMiZu=Tg;> zVEpN3Z$99&$OVHr1_kc^s+o7?e6jNd46j4VaV8s|l%<%7#IoyGN%$En+T{qke3e?R zy9ZKoj@x9#OQXc)#N;`YaiB4efqRzb<5|i=4gRT5U3pX8%YZKy2r4;NVA+f#;|Y-{ zY%q9$+Ta7ume0rby%$d4oBert76y4Q8h}949e!(-rY0}{WafPnZmv8vrPI#1{M*9L zB0G(&ouNrJY8&x*tUFRFG72;1>2LNKCH`@?oMC9rDWMW!P#CjL=?nM)X#+5D@C-%) z4*`p-)(c?VB5>ce&NbKFl$d@C&XVKY+ETRkaBnbS<_8zgd~&Z-NP?Tt6x?Yww6k~3Pq*iRUg|+cyEGqKHjKM=VYTRSa(equh!C{X?ucE; zbq%rc?-bpfE)kr=#~ND|xq>cIiHqPabZ8luSjnx!l#NY`UTBss!OiwKlbw-h6SH?J z_m55Z2e%F5a9PGJAxqy;TbA)?hhIMYflM9X0xQyjC!oRj{XmUMnhCNL5r1Nj_=)=& zT>BOa%uEajzLV9=mLJc%$_Ijt&l5oB{l`HTJ?Nj+(Nf1mv$xx_8bU_5)eZz|NNSdX zp*2Lz8bLwZV6;#opFkBB$;8KRfEi6bHNeY__7KhH_cc)bMu8<60>l03i@rPE;#=?a zy;qeQLL@>=iS_!0*J;oVxC3xfF#rTCz9gVv#9Mf@c-FuDLJv+MrilU@r|jBGi>iWu zj2+)oL`GBR=Q$aY7g~JfkAkEv#QE`A!~9sL6!aOt|By!UW=IUa28C+a=E&*hub3ae zsALo}Dey{KoZi=(;0YPIM`ZfPTALOYgD6PX)x*xHF48Fwai~@LBYHlrlEo{lU+khS zF^ImP($%Q}=AX+UE4wzjx2I1zMcP_mRUr%KJCiZPIYQDvoyT_PE3d*Wd#$CP+1W$5 zb`FRaY9|yt7BWBCM|Z9Y(;$_myjkh@{ISugpBc`e=}QYAGBoYvam@4xVjp*bD}V9@ zj|s-UDchEK#F(V=I@+jSUpZd#zo;-4l6;0gdss0O4*4+rbSLM-Us8*}Wt@&75vU)4 z>xS(-@G=O=lu8J=sCLbJR2GA1GzwL|Lv~2F&AhX2dPv=AmN5{$oBH6-1_?HD$3LloVCE z^DSs;Lv9utT%<+T=u+y5-%b9LWy1;7GzW$kRv|g48j5y*^>JufJ=;RT4hOdSO=*g;EkF+}Y29cn8 zH&p;q;m~uNie5CA-2gzJ7~co3c*SsN#*qx~LIsXG}! z$_vlAOq%gGA_gbz-09tNLoh zK=x2NWs#Xcq{I@(99`|i+s^0iFH9DJpY*tnxLTxY`J)Os)$ z{Bz}v_w4m=U{%Qr)Zzig_~zYn1sm*ChQQ>&MpXm527RRI%Md4|A#%kb9!3`d{=3(& zBW)O3@UY%|P&isrd-~a{2;)VSj7~zm(8q3lCiOfbm&}U_KuA_Sq23omS<2^c@$rQF{Sq+W1EpaUT(>nuuWzdp=7gl3 zOn{4gv?t&Gw#?EUzs|RR77eL1;LcOKJ7)72->`jnScTT+eVYuIk1EDGsj86{_dOfj zX2l6X<9$@N1Fp$oPnuA3`GihG(+W=7u`nFZXC$a=J(83*Yl#w3q79{dSZBCyj2#Qh zpRVl6=2L+s5e{Wpcoy8fto`+s=H#x<>@g6H)K;+d_^m7G6_ZOSJOADur8hV)cXqDO z?1oEeXp|QR7B9Xa86kk`YaS-u0>$G0@rJn>^&1IE2Kygl8_yxjO^?dsZdrKJ=dxG`+J_>^UwXq_j})UKA+EfT-R$|TZmWw zaGvOjp5ix-oh{k2P!|3YH$7$>;bUX4p0-8p`F(fp%tMoFFY{!@Q@>6{CgnUZ`RH}k z=+1LLq6>C>D^gI4|j4yw`wAE=}TIdf~+48Gfv7?m-2*-*6paAD(j0 z72ar3u56&aUi(Y&Yhrdy+)nH3){mUXbs@iyOYMq2KwA9Wq9wnCQF>qboft2E=;L`A zMMB?nJN)g}D*`ser>~U{FW$0g;KQ@A$hK#iu{E@1P9nz_ul)MqdE3hH8op;}{T8!m zfgJTyM$#~B6iKH`Mz#0%nWv)=EU!@skdivTV~B^rWxC`Ft@BU`p7fh*!F2orC=!dH zKh{LD_!+R^6}U%YcF%u|eqsfN(s=Hnnq$JF=Qf#%L`L!ridu@j&X+!0@w|Q;pH~kU zNUN4rtHl$J=*`T6O67!C>M^)6*T;|1ic@X$+KZwNcQ@`Fzp(*feHNg@(lwT>HZu$! z28ucnVaIxm`It&s*YuUWZJ$MU7^%$AeD$EYFYT+L+(t-D(1LOLF?BVf|FF}NqeNIw zHk7(tKa;SYMUpGSXQ=ao#n0%2wXVEM$Jmz(j~P%_PK1(&hE|?vrVPg%PALlueTh1a zi_+p`3NJptzWIW0vc;CqQc9r1eDTmv3NiPdhnikT6D2;!E7XnWd7-eYc@^XLHT?nL zz)n+e>t1iW0$a_1GDWbSoXl!u4`d$7t)Uf~fMPNu;A^=s zRaeg4tsnVewU=*lLb=!%D&H^u=5Lc{OU8=Jw2xKI=Uj?xUyF}qB4?(>cbmO1adSS% zPLvyTWkyt2?yQ$axiU>{V0Os0QdkmeNAL4=)V^7|r3evQ#TO|8dciEfIDURqKIkOj zQ9MlG!HR#A5U^YGr+p)SmXKJ`T>saeco!mwpfEemmbG#p$7;_)@QbC-_8y_7mUP7=DhApJ9Ts zph%BCFGUzsOw841V4Pxosc+@M`Kd4;FG&fb=WsN==V$Db`0?;Kf9`tctFzF$J6*a@0y3(FfqUm2^3KIx$4%}5^WnoD!#eLc z1<&Q(t$Gs*O!ubPOHA1g2emF(5tNbe>1aw>yyrr20;QsL>aipjp4UI~P^8b6RqZk~ zXH7b@dh6qQ+xTt!GbR4&h&$G{12fih_2sjeDi^-T*G(UdB185wW zigSvUBq_^b?K+rft!p(2nZlaZ_8>jgrI8kyaLjbT4`^;XK8X9su_zbveI{U)inilx zDF=^F-0g`^-+uAFJ20a~1)pQ6?&R*K=Tbqt;KQsxd}|)F8|1^&8n&%<@!_AVLMRvR zqRq0P=Q1w9xRxd-jBXYksY@;v+ceehwQtHt?OFK37&)oC)=;e-5KqAtWWp8uwH}z^ zw;$+ILl;2)pMUC>f~K_l8^-U$3eW6*Dz*RkQZR$=r`Nn?COtOh!;WIi+^>QitEIc} zokoi=`M#L1$*Cvl%wsnb$1U1qL^R2Ja?&3r?Lq986br!*Dm**Rybg8y;{3TGEcvnb zt8^=Dbv3>3AMUPD>#`<8Xk(_{eT)xN&34dU9P{xP=xEmTOpeM!ymR6>aL4F}9=RZa z9r^J3=Gm8>ze@C}22>LJ(Y48Q7tT>uKS;nr;L$_Zp!y-qy^G{|OmDnrp2i%YKmB?9~%N>uR9lFcumATegLM0PN$TV5l9MT{P+{{d4**9%O&!7@)Fpfo{KFItx^zkF|N^>eV0va{FchNrXm?4b2g z_?ui8V(I&cE?k`f38bV{+2wZwdV~#Lx{p&C#*B+c>!tyV={8cyv5DsAnuLM&=3|>k zPGWH3@ne+YM{(@1b4{;*V=FECU`$AD&w7!QK;m_w)H^Yy>-MoEK3|d3uIz}fr8~ja z@pDO0;Z>oT$STQ~YCK%*iYyN0!4qFo?!i<0+P~fo!Rgo5>A4u6tX4xxc5-UOZM=Q! zMuAO1TwRwjOF6>5zb?~p+L|`B^Cr3LBATMk`30R;ou(|URXCrT?z!MQ#9xx(img7D z>zLLp&u^e%>&@Ohxk!tfJIX$V|C6F~GCpQ_*L*_Hnl&KNASeR;lu`jC#xXjG=Bw@&$xasf5rzkGS9mZ|7Pm)TdH?Qgo zRO)gKaMpwFWSg;eV#}EDt)b}ZlL9E)5{>Wm&3K)8AJ2Oy<72?luz!^_nLB-vOKa#avg5cK| zNe~kXTu>&>N?A2iqchkvt)q=O+Ra`*CLw>GPD77xzw5Le{VxpyC|(<>VLjAuRZ z+M02h5l~rdZmutC6ZT|Y%JTkf#_+NJ#QC!QjMO0@O1l}V-zGeZC7DKOgnbdHc_IdQ>$L3a46EJ~XZ-8D{RA1C4nu4|xfR6u|Qhm|F z2?>@j3b@sXA-wBZEX@<&jB71d+SxUhR5RhIc{2Zd2$Ji#SRY{pI`oQPIveVe$Q!os zcawVSz=y<{ew2Kj1|RbLwvt1Cd-REHhsPH}`+oF~vs@_UJLzSg?J!|U_)0)`iLzKZ zjIQWun=9_q`9AY_xwfT&)cFay5zK?~fW0z`P1ho#_d8wLz7N^xOCTXO;=TJ2#Vawx z){Y))&t1-hN5UxIiJIH~p27SbyYg?8_i0{ZY3wA_?Cx&(HTgxSJd*=hWghp)3gX&g ztG1vM12d>$!ADf{Dc~%$rT=hhH@YWW&H5vc&2}LE?s7;-L37)cW}cr<=%v>sK3oAO z6dA2wgCtOL&)nigi@YNq$=UQ8`UzlDuJh8P^clT8|3IJlrl(6PDNw^BJj_#MO}=pV%20XNbeXq7QqbN&@#_HA}o z>R&RP0de5!&h7u}lnZ5_;X_MDcT4k|~NI%t^l z!FrNRDc3~F8%+0|;IAG-{sBhsbT**rgKEA1%2IY0mAdiZkx0?cCF6kx-Rx<6+9FljFSEoWd{&BQC47m7$TiIjGp7g8#4H^}1W=rK@$`tW zlE^3c@38J%3Bk~)BVDI6CK*4E!I-!1U-8o4KvP0k=k?4r?_#?U<%&;MY2q?yw&Q?X z<`iz~bJX9}WJ^fZxc(w1jf9JRQ7Wd4DO~>Q@evL)u0bkdp_ht(0dKgci*spaXrY2t zHT=@X5DH6^`~s8;F%8F07pinlM^S3wO&82jPDztWO)|W1h4m%ao#rxvnCWNq#iEU? zxZj03blZjYT}tiJCgV`?KHuc8iNB`ta-%(o(okg+`290zukP_!`eSO7(GTy2BaLB( zhv*FN^-zt|FQncD=`ANujW6F*sS{Oqj(yxw{@nm5XmRsJ*-A z(z}{bOpQ3o>>~43^oL-3-2)lE-TRQl?Jq8WUlJupWql#-72jmRUaxt4qy~s%ySuom z1;gdwc^OQ&UJ3nsUP`V6%n?dz;c0+jb*IqX56FY!^=7!TI@+BGU+>kH75l+C9oxX1 z%ZU#kb`b4-j`>50P5E)$&|9*uw390KX~qDB6%+olM$?8oK5y7`j+~Dp*D=FEbyk{b zmb{|YkVg(9R$3bqP4k{X=FOnc@9)iW`?kXzRsDWtEr-U0*+nlMCy|hgHY;oKbe!1y zy8td|0=I#&Iv1MNo>U`qi+{b&ETImw>WuY9+#l!6HmD8SN#my{kj#Pdlkt&a4Q166 z4Ym#Rw+F^oRB;Y6#DW1gPP&Amrm(v`3_e6$f@pQUrh&v4-_BGlvtyGmh-+(J``?RE z<~Gc2zkjrz9L^}^>Q`rL>@Y5@%+Bbq(6JzQbX6Rh|&VJ*`b_hW}{iFN_(-g`vm4{f3ulf2@L%shGN1{P3rt(Lg znl?#IY-p%XNk}WZI^#+#U%E3tv9{2wcJ7Qp5hi(=>1h*xIRtPLL1HY;D~TUW?dRBh zhv2%bsGTO%^On#dzY;}$21L}Nww5>AOP`O`+7ojmVN$i5>`sR)2eWGnA|{B<)zV+p zE9@n2N7DJOq&pdoqa>EqUEw{vuXYbvOT?uFyw|rAo+c^f<80$CwKZT$SDVhG4 zNRcFcbo2lrTm}}(5nZk>um2WGmSfPjY0Df#O*gC2`lG7h_5PZAOU(Eyna3$4fe;8{ z&|zVAKx^auGS7HHFVN{sK5o%OPH10ZcX81bkwi+X*lPG=K3B=`O@TPCAmNx^w6M%l zT&6cg9kFG>mqQoAwqX(QZrq4+%ps{kC`N&(iqbkNW0rbeYDG4!pkYOpC7nTz%$Q)U zy$N#A+N%kmLZg2radPQq7GJTC6fKw5BB2s**m90}wde`*$Ci~&yI8p2ji5Y(_1;1i}fa6`n4&_MOyZF&3JE%BRSkQhDxt#c~NE*86*UI_I z!q{)7X|bLTrPbrnEUC=Rid3#vuoHJ$bqqj;}#PNhY(cOZyAxraROZTO)tE?2@2&6J-xPE z%n%3h?mjnOvU3vIS%LvqA5H$z$#-q>?B%e)zXz5pZdo z8+AT8Bd(@jmNaq^0}`-K_(zFFU|WU6vK z{h>1=MdROEXnNJv*?gU=j|alV!O7xC<@DT1Ql*_cg!UZHZx8&A$&BNP67=7d&^ z$*1X*jQKuE*JtWdD7irSR8EfaccxWGkHy?Q@#iY=-wIWx^yhvZ|MP-ck#C@jvV1h> z+IzwCGyJD+;jd(@Gpe66dU5Yusutm0y(g~sS)JiSp?@fC2E-99rN{)ivX zaen5V6LNvOH~K9U5xNJ)r{OpYBe2^$2O+)|?|@vi802GI@V@OthT&T}LxlDbW#`o;69b5;Q zC2t?E2r_itY}~oWM>FDFwJYQa5sH`Y$p1Pb252vxPTlpVgxrFk4ZbtYLBO+@^kiXE-84ZO>zh%LMLm z+~h8A6;Gt`oyYEj6@VdmGT)|We4VjDE~nA%6`md=z}*HX2UGWPxW>+Nmk#^7KHx z-02C2(I7Y*A9$eJLN|DS2|a#VxR=IaQWL}C+x75#E0vtCz7=s;hDE7P;wGbD_ap8> zNJfjcF2#JoWbw0yq5b_L%L@!3I1{(0vVMMP0SART@jSSM1h_qV!Egrx9z1dZF_h8n zWtk)axc&fe%Gf>jrKSus1y~xJKo})ba@J${4Usn-g{=vILfV4bd5p?=U#9bCP>QuDCeV%S zV5Q*!w7K5$A{W|wy8>a7q>RA;y>7w6(i=I=cA;?kiN^kH!MCu^P>;@O+Jf};1O&z8 za(C3aMf>|s*Bju^0|n~N?xO^f^bFdm0)VkZ>}X&Ac3LE|(W~oc?IZY+0YEcZI(jm- zo^4=F4ynVUi20V;I-Td_J-S}8_IOcA-P`9_WUpfva*JW?qJFjV?up-#M2xiCfJRL> zcbk-}EE&TsM=BmY1p~kxQuBI0JHJ%w%0n1Uds%Y`c`B-;rlavq{yeYqrBCu*8y>;` zA<7iL5h9tkxaMJSjxzNP`R?S!655)U-8WrH){vE8;Y)AVxVTM|g;Lav#K^n%!Vm*F z9zkT1wLz`0uYY=cEbF)^e=uveLcN=A>y2_j;=0ixoZBIJR9BOjn-Qy8A2&Ic;pC1{ zPacXdp31tuYn@?ri=!q#cf&7Kr^(GZIQ35K*^?f${YT*cLeIhe?K2lHJn4>bx$Ou* z&22|)7bxzCl~jc;N&FQ6AS)rXVf#e1#X8MQ{@5c#l!iwmsdrd~s4##6ynZ+lFKfl2Y zN^dLv4$U20y~xYjm(9(~?5*iYCX{HL{PIq_hjr+c_vi&_W7S4u!kBZ9s!wG5eaosC zBbm98`#x8SD|M6hrck6+E2>z&>mt_X-3NCl_?%)gSy!Qd4)%Qo_!NT87v@59-!d!} zwExPHbzU+ZS$KVZ;|7do$Cg*;nhudP0;P{KEeRT zduf!5M|uP}244-uL|)(I3b@bR4!qG_KyJ)Hs_O|z5|54b0v7oShG<*dX1kHhc%l@= zaatKCaQfcQ*YzSU;lcvZ2&UnePyCBR}gmwa5MLU|1~IVQP=h zS*`qo3lJ)<#xE{!ki9_%_2ogdB-(hw929<&}Q~H&5@-V zRaW{&f~$p^N$A7APCD1QpS69B&2V2&Kk+NtT`{b49UUAMk+5ITA*oq8{)oIv)$R*Z zh$kQ25@_iJIs!MWlsT%~;p;KaXM>%=473_!=U*Q1adU&7jt}4I=0x@1)xy7Puu47$@OsphGQ*6$Y-}rAImB1XfT5dS_*nNi44_KY z=rl{ms&7oyIv$DG-!&UW==wOt8oT#r>9YI^MZd@Rk6q50HJ>TZG&bSs21HT%JeuJR ze7H=5TGaJ+9_*J#UC`NGf+OrMOe?-=VXA)J@bBky=nk&q|NF*_xFaVukA6CS4{HTg zFP=<>dBhJ5Kkw{4b6pqnLWr+$yi69N4q9WxxqdO^f3-`7OV0c+Namx-PNbA$jvCs$ zO1xUpT|PEEU6pbRr%f6^0(kYSp4!Uc!$u~fQ8Vgs!Jg$J}1!qw>@4~6I4K1BV zbT3jlCJYi%6Zj`Co(oR_fdxI|162wd%GyIP(RDsWH&WcZaC-K(biyo>x zOUJZ#$=Gpbo)N6?rA$hfPrSQ>B6Ax9h0D8S_Vx?o)f*@=m3ys3+uu!jKjs+LM<0mn zWDKj=?_eJ|{-&_rVkQJ8R@D29&~*SfPA$T{q5)vZ(xgMS_l;cX0gg=9BFeeGFW-M1 zUV}W-U6=7Jk~+CjWMr7}MVvo~S252hFZe?Mkrrd_*5J(Lz7e))kRx*O$Aaox9}az% zTnF&>%^^ceci>|5w~5!JV+>hgJYl{pT4yWa#C%d*?{A9UAn*rcRH?g`W_x_ccS9x-*Im*HQ=? zWbsW3;s1y0dGinlXc<%5_P#4?MndWJy+#=fmSBItZE`uv!!7H{ z)^kp&Iws}3XlHSN z$z@)D&=zRzGtW)JI#(Lv#Yn4oPf7@xmnEpO3|2WIv^3gjM0hjk_8061RR zN$+f3g~ASY&jb5Mbh!65Oi-T)f6Y3|mXCPVF_mqdq6Xiyzj^{sK;Y2oKp7%R0q>BY ziURZi`{mlHA~n?^M*mE;;IFLwCIzFF_rmP-+Akq@f9oYpzJ!S9B!$OGOu_|p$C&#H zk$oeVW9B1i?ut&2)N723<#1{q<*i!fZVP)!UgF_PsZi zgAraQ&VNCYjWlx#J?;>C^mu?RU}qTF4bX}9A|=VLf^~?)Q@^-SDaa70I#Q4~&Oh}3 z-1D26bSnJ$l|K>lVhSl!(OC{t1SwQ*YSZsulh|r5;VD%RZ`P@5r?d}C@v-KTjLxru zg9f9po|h7-K_a`pfNgc?AlvwZVh}){9e{cEQd%jI_B^n1*%?RSOiO;u70?b50$aiZ zVUOBQYBbJCqv#?A^AUT8d*}j$G2!(yd1zh*KqgA^y;A?wrNvHiq70`yKTPPF)&fW| zJK0-6X>FJ<#Sd=lQ+%$`%4+g@?M3K}AY4!n;~Xn@JLpZgkgzYk5iYB(!l=VvcOB0( zT{1Dul{#1K`ltDqyV9>0YT+CEC^)+kl{Sm?7I8W>n1Uj`pgT6NFPq*9O>Buvn=NUL z8)`fP1@qcC6mOH9Hg$AR;by}O9UUkdb5x{He?CndLVCVQ=LMjrqd4MV0d>)$iI?D& zaGBLVwiYT%pjI&s~(d9fzXfsKx|>zXPfxZ`62wthur@ zDwpa>MZZgtV?m6xwfn0k?ITa1eMP^dUeNR$D%SMI$mL5->E43z8m7=}oPe61_m}pE zzRYiRGUq9A#q6Y0@+070GY1UJ6E5%jt{>8fCtBb5<%|XQ(_AAjpWa#SUVCmn!SfS- z?d2yAEjsy%lFQS+y&Khxtcueo?11NnXiKQ2pf7r?y?JfxhoTAROrcY6;>jJ~`QkI4 z(iV@Xwmd%G%FI!)7HSSWMDU-!KDV*6%ZRhGQv%1u@AX4Y*TJ*5DrgVH&@IMHsvfv(#v^e%V94#oT1b>)E*AtCRknm~>tP|Pcc&$2vi{!&s>drp2R~IrZCIL@f znrUe)SUA&>eJz=g6@3fz)4CwE*f?1k_F6zoqhii^N`39w$;U^_8hlsVMjr-+eUbCl zl)zTE|NK5{`(>g+J;<0e;%nf}%C77dgQWhhiWGVX7V0(@~}da>yk&Vd8r zl0n*HFxM9GtgoGm-;nX0!wc$1Vq{XA=QSyVR$f_NIF4L>k$!AtA+3Q<{==V(cn@K- z!#`C=k=-0;-26)nHxa$fFv{DM){?Uu$h`)B?wINzpnT#bBzb2a_w#?2O);0@9w z))RHLh-X<2fXOSBMR(CEMRT{0u?JP?XZ|@j?BEQa9-=$b;3!z2){=c%K1;MiEmnP? zKmWgv1!q&$5fL_AF*O+!Pj}!TFomo35?eZ@BQZE*Sl*nkxXVZY?eJ#TkLf|}^ILkW z5vGW9kF}rK5C(7Wrp~oSm{i$AakFN+5UUd*p z0o;G502pt$aNid{BNy~$fJXL$JfR|7$EzJdL`rie>=K(RMH-PmKlHypodM&VA|uVh zk4=vNwOzOHt7iM`s9z_$VczCNt-1%FK8_53jifH6cy!@C)}Su9JNzf{m@n*C>l#Ro zx!j+Jc=jUU@~$FTADZ^YGE{84irAJb*RO5l}xoiguZ|wvv;sed~DRsHTpJa_v_($OS#FH2Xbj1DyL0u!{ ziY8zr3J{QYQV2m`{7aEgbiIs}CaciZ7(Y@rMbZ?p*T~(q%Wcu1l@M)Zl5s*l+acfM z!cDMW%eA;{=LW?|qH>>Bsj%P{oDtxA(j}*62D7O09v)j*h>_qTZS^e!Sr`VvDxRqn z^uwp0>Al%|w(7LV^WlE3N7qNr@^r%t1E|&uP2pgKJ$5$v|9&$@e_5MGodr;wuKMaI3m+<#~Cn$g+J*L* zZIP51~wSxur1jx!e*@=Wq*QdoOuz2z= ztfbZh>`#=^Og9HriT8Yd%0`-wUO%&@S}>r;0&I~1dI|nZu zAziIYN@U63fKs&M5qj39&~>^e%)*4 z7>In0;G3u13vA$@@`qPTVUF(p~$ zy*yrBs>~D8V20SnGd?6>{53UJQ^ERmPbOeVM>CR`GTEDjspTWH*_z8r-Zb@ikXr-_ zHN{ydE5$^S0S#VbX9nN!;bqT^C_@EI_w)|u=3#pZh#E;iiAFKXTAF0x(UBU z*`^0z!^4os&rf8?{tq2eyQzc^)#E-+=H*)k4ukT)O~?XRnX{VyFm(|H8`~bf3V9PEp)U&ZPY#?lIQEJbUBpX4qs$XsKPyAF+Il}!pk&hcap1KJq zC4mG-*90C~Y}w)oR#HV|UwCBBWA+I5%*Ded*H_H$QV$>yG+CPBnC~YoC|aIwcUiJS z50&z>-6IE31DQ^hHhb<2IUgG+jG3Q5+D@L`PS=IA?FML9v>~yXx_$wSTPWhW3{}7` zC2Nb}bIoFdY=JZ2Yw((`zc*iP{Y}f&=Bodj_Gdy`F-XAZ1>u#szRdCJ`FNFrx1DcN z!@u>Y4Kr%n+}OhI4c{c=yLK%+XB3;X+YrRpc)YDJv9hOnH3+Q)dJX6Tzr~Nm^+16n zu`ZC2Qw;%`z1U4S9TZpxVcV=+)_3^O{{ z<4tWv(pWl>2+ajJHFH$L0wEQb&Dog@(fN{&7F*5tR!bo(%UIaFOkW^l=8%_o&2hcr z?I3of8n^xt{S|r+zYg~*atAFIy;uwvR?4q%;?TTg#M@@$IRMWBd|iZB>d-URAdT}R zq5w$OtBiOJP)Ma{X1&{McFhD(o`2!%f;ihB2V~wN0FM0h70Y(mx(t$Kcx`V5kP@iI ze!U-3G$%=XODf;x0}PnSC+yUn5I5M*AVJoqu>gxDN9>$Z$!Fw|1?HoqkkR91P|JIw z#R~YUr39u`e*$8kfcJ|4cfEY+?^MBL#4Av!YA^pEg{l_TNIAWGzOHe)4?z<5m6@q;J$2GAQNYwdFE#Dq30>{qHSs8HYl$p8A6o%XvkyZ+5Q z53$Gmr`GL;F5z`@WH{6}RWFh*Pa~qX4=RTG)whR}Kc7CD`#^uRYDUE1qq`XcR1uIq1iH{>#y_eBeS<5Vy2XE^nwo(}OnUp_4wJ`CA&MBfdu z!TTNXlHzmy+FWb7oaJNlf)vHdbIMm{Uvy$fQLkQY&a&X{d?Ld&o4&tMd zU_tmAV#s!~8EEAe4KE+=hrLjI_-D$OrMg;&z%)>#76IRb=xMfz2V~OchR;U75>h?m*gjrCU^2sJ;08#33!wErz%Pnvcu49shc^~X~6&w95C`oJBg-~jj_t7T1CH%BETW>FQ z8v!^zQ{pk~Je;SN8r#$Or&|^xc_`T@A1PV-3}wyh8{0?>C(!8B>P;en2GJr8*g9kf7&vFPF+kfsP88^^AG~hwOdR5&}SG{VUUG9L-2%Q$O%)40Ux& z*+BYS5X~yzGD2j`d;_*|>E}`pwUAAHW$3*w$@WiYC_!4aD#Rjc!-w1eRohDa-bB*i z|Fi&fpZhYq1T{ne4}=1k+iB#%$U4@OXkxl&A*ikUCR;GQ=~#e8dL*1Z@1%89$-Z2M z1p@bVJ&MfGSYjsevaIN-Xm{U=%3-INre^55hO5nHmmyZ<%wubMA%P@^zc7j$W37>lP>` zFTyq`(_iH4hS==u6hq?A6$&Yj=I^e;=qEPb{ZFqsI#t{ISc<_qSq!G<1n+OgF=JJ@ zY=>|713xI1ix?M1?cb=fk*@L-XDrYf-8CIumb~ZkQO}npV1HfAM!}V&Cj{?wImOO+ zvFl{9Su4AFrc^_Wt?W#N(b)?^`s=Ec{XR1R39Jl!q3bCm5Ih1vOQ_-2J33^5Sd-e? zd}G0H6Fid;%6HsVA*ee0Y_~*_T5x2NW#!4_iha2IzI_j%ltsclphrX=<-I-}Dwnt! z1Kuk^wymiF2N}q_o0S1AWQk!dqplg*ZMW6Xvq+F&XlwV77MpH3&5X*8;PN=xdBEh2 z3QouD)UuIrcgWY=DvxARAAX|Rt6-OO%wjVyK+EpqV?p|rr|;JcvhP+r@jGvkF3^K? zk+CgwqT_9zcbw(qKRnms6p_R!?kItsX>$`}m+<8LHrq@nRB1j5xf0X?g~TY5$)GbP_*4|N;om@6i9<>(MS{a?ff^Hf zN-q*4p-2WDj%&69`Bl6EQ^<-x-Jp2+Xx6X+Y5scbKDmQkJts|_ey!ZSfhlMo6nA3F zrO;8<&u`rc0tBjc{9t*p^&O#@_f7D8qh*eqg_vR1KK19Xf`4|ezd79E81tTfjVano zYnBtynvHvX_rtxz*WELZtpf~i^C&lbQ9QM;UdfN=>DckLzk@nrGm;SYOvhWYH}JJS z?UU6*A0gAY>af@bR(g(vlX`MroS42S8LZ#Fc33g@+A!gRoqk>qlq$L#*(Deb5O^3Y z`i?`!f;KTo5?&b9-$FMz<_Q(ZL>Apv>CD1^N(9Z6E6M z%tGUip>K|VA6a?3dTrj7cR*+I<{izyt1~p(z+(a^7^2)_6nR{-BOLkEcS9#$_|g$g zn~2#aoveo;?cqPK{d_H7IyyX%Fa1DJ#b^Njf=0b|V|b~{00k;N=pv4!QaJ;Sy#%2;3terInE-3kN&adEs$SqcL_iTV4&(ynhu}qy~&+TY&~8 z=EqTpEF>;Q4l+0Xjv56>(?5e=n!mdD+LMz)a{P`Y#*O!DA{Vi_0XAa`A8=Za8%+j6 zmJ;!{UGb|5BB78bXL9_xKMW}_ysadQ>qqV~MiHZupiVo%&E0-CaQy?s96E3!T%M`h zfOg|qd|*J*vrAcg2Dkd_ow|`v_e-bGxx*{MKd3o=KzxYLQC3GsH{G$-6#TIFmm^8C z=w_c^E2=nMRMX|5g1{}Xk%80%On-92P^2A)430wD&a;waDUtI$M7Gv;w<;^CG7iGE-a)wL+rpJhSxXPP$ZwBtv|x#~Wnb{M`uqF}We4+r)jmYU1KKIa zZe)b`8LjS!!FAhvp8z1gkoFK&CLL-7C{*I%$ z1PPQ?Si3^={~F~>+T4H($Xpl~fpLU+zRo{1#&tD#I*Qb;mOVNsuz;wLN*EGEZabtt zAvQuxr7DPJ@EGW9?KmU`;DzsO%SQb4@gs9ARIC$j_$F<@;sEMiG8}y;5)WL}_w-=F zj+&&}E58CWjj6@^7KKtzw_W+AHFh0b5~iR~>XBW3_01l!OWtv<`xH;8-bx&iDopdsDQV z8lHmJ0mi88B>nfHv7dq-n>(rZOx93DifQ_3fF$Q+Tiln%FYjyFL+%jxt58l6zh(lw zMjg=+mQ5n9;HUqTva0*&Xzqt(_q0Tt$!O)V52;S@R@L>02a9^9gYE;`Myh@i)~g*kZ=RYDrS7a;K;k7Jl#Ey?L4m0>Yx6*C4h@&z>AITg~*&(*oIW2VoP4|32jJc`9E{IyNNbi21v6O`d}1TU5F!jQLl+ z?PKrDebo_6|6cyv=XbK?IfM09+liGIbe0}JUfz*`SPdbI))OB^ZH5&AlvVcPdYFij z5QnoTdhIog%)J$}dj}Wa?Oqh22b576*kOi2X4J*k2~1c?*w0U9K=qw~j^onrP0!3? z22?Y&^vAE#J6S+G_PLvw%Skk;0L&aOLPZ|2g=ip!DiUshBA*fYxUO$)oJf| zhb2LnXvTEggO?*ITX(yISTAmjMs51+4Cg4GU6e3bPg2CiUJia}W(0N0he}(Sdz>Yo zWr?T00mcD)^hdACwZmIp(n+j6vQQZd0`=6ESnD(g9- zvk!AcT%1}!%w`HUr)ZO;$@c(yB|cxBs-x3ATUX5D5h7%<|$mSiQ8h zdp~QwPLI?gtnL4l7Y%IEoo@+jLwf{VCd(aedr);;bIE0M{m|$B((c|3Me0PgK9z%rS5h)ApWLWe#8i0RZuS+@ z9)~ey^V_W2?^;ytUI1yCEKCEhX}>eVW`1YKyw+TbYlEzu?}l@2&k~4qzwK*Kthg;r}@d>lqU}< z>GdUMU&-}3$919zRy2D z4gWK}3$5Oagp^6NiyI_u=tOMBARy1u8f|N*3<6(*`#Vt4#JaM72!}}3GXREa8B4#^ z(xS`xvpP~v4dlKVABCuS8M485w&2Ue!_)AHIz8d;rt3=%v)KFMHlphRSh zJp#0I6y&E|)@zpo2uNdsmP7}RR-H}% z@pfyC4YMk@6M(iEWow zu+Ck`N<9ZiPm>AX^q2;+)L)$X0goe<2xTn=r1wLC*UmsJzv}q$2Vzfg;R$=3a^9@6 zUZZ`A%YdaGHDK(5zA=;VR6Du}P`eD`6l5w<0oIx~P0V2?U}qLER0JeLj1|=z({vKZ z&7{E3Z%kkuG-H3G1Cw5KY%>7lOI)#euBtbc?KW?{5^?Sa>`BMd%>%%dmi0>giWlE>^SG_$rmy!?lqxgMwTz&X85BT44|&y^rW#>MRqNXsHN;@h;WwjDtQ zohUAOf()3iQedzWDcQTvfT)T18hzpW20y=JlfbnUq#3t}VFXixx&rLS)FY~)>kejVsDPKmKw#jLP%NIR1ITG{A98 zq&a1#hNj#%fxC}{UeASCa%UR&FDqZ*FWuSQaCS6EgCJf0(}i|TD#Tx*D=8DQ*p9@It2jXwlmMCwuy296^Lbq?%2Pbhz1o|W$O*dt#+iqwjSd>! zR%(c03!{3>8!1xIcV7{5>mDcd1^)dh#maCG|B22a{y7cypkwmN{5=@7|5sjEMsoKs z5C}mDGCiKi9|*uR??P+FAxoZqArMg@?|15<{qqVCD&Dj+XHJJ#{x$92IseCtk--aSc&7!}^I;KDZ($aa3NEhx8UmM@qA z^GE!8;MfQJN1(kV;@fVI#xiA=2-Z6u2TTxWaOQ-AEh3JNQ^>BAMFj8gPWDG90T(G> zO_Vnl0W%=218*4AOT;Z3_#`rs%QjMVSOK=Lne%^rkp9X4SC>U>TsD7&Y5gKfqY7a} z2%sTOQ6N(!_J$P1!|C^9{ygH_IsN?SzZ=9trL#HhA9PR5QjTQo;137clv3JD?R*Sr zhJ6p!Er8Ocllr9oeQa{lYy2I?k@+N-f0AeaElK`Ay>>Qch%E~4vk~AmDxvgIN+0OT zCyxR$2!nO(AWI3<|JMhvyCe295z?e?WM9996aoi~0C6;+;!(^$x<(#43+TC-&$mk@3X6wkeMtK;)rn5bJpB`PJTNTlMw5XHrkUwOkcJ5-{W%ONV49COVEOyIHi1R zhbTP;HEq%b$-=wuJ#OFFyWD8+~}5!S9{5wPDsPn7=P0Sg+k)zxMxW?@QyMe&2tYMh4%Q%2J3KQlX)Z$Tlbx zA^T2?vTsqAFhjB>ZK#A)wz13D*HA=}Wh^05*^PZK=NjqzJHP*<^W;1_rw8(Sjk!Oc z`?|0Dy583ww{*Yr06+bo%Lud6{+euxcxs`w=Mfu9#$E}BuKTV9hY&84A7IL4#NOlY zUW!`ff;0qI2PbgsyKjxJzU-!Ho2_*GgMtG)5#E)!z;OpCVHklxAYVfb*9s?ntuM&% z^N-6OexCPZ5>&n#9|-rRDVQ+v21Y5YxD$kqDIm5W&v&R+gd)TSR1xOINv3x#Ir|O% zq;Aw1nWBi$NxlWZi)~#PN9$`zrH$82&AWkf3AX6_zR>_1K2qLbIF<06Oaa$uAJ%`Z_E;`kTVVd#m1s`pSaBhaDc0+^R_@iPFr zA%=VTL8`FL+VtSI#ArvTHbeXx1#iAP3|*gDgEkr7vV|wP{8r~fY0V#LnWsrYfGGz) zy4*3BvHrjg#f%RzRfk-YuGLhS7rO-!V93GHUWb-WRshwL zwAz!q1Qvu!1+zeZUXKbY?{U_dLCb*sy=TEe5c1I>M4}?GDt`AO6R30kNNdMab7J85^Xi{V5cK=7e&6@$H^o)D|C0K z{Wr+Iq#vK+zU*~g8~H4FF>||^(FP<{-!8*GxPta=3K}Qw{aNc##g+9fM@+P+Mviyr z?G9;3(P4*x_|aeBOgy~-hqBv31OF4!1ll0do(jNge)fmD>prt0$SoIhQLWh^GA-^X zx*X@?{3%K_X8B}qId}lX7C(>`#pY`ogW-T~pAG06<@Yz<6f-bKXW|VM5B(eb=bkBI z12&d|e)SRF5>|hmg}3oW&W+k4Dc}{+Birfsp;;@fa1_EJdqU8t10iNmmo^GR%`x{+qs5KXA>^(JNHPWZSr@>1DtsgV zO2e*;a+&6(1sF0W0ON`&caczmdV04aUTSagqb$oxv0f)yk5?0z^dxl!jC^${q}b{2 z3|T};u!r{j=J#`y?XB+YG|SoQIaF5fZ5{R5H3a>cVh_7wC5!Qq0*M zvC}6aEccS4IQ^MtVJ8>GxMghEMMdg%1cAS!*JZq0@`%Q zAlbdPD~lkh`(~YkYRqqR*SYT;jQ5#x_3iUpn~aMSc}<&3E%$qQXo}jwRjzWUF7|E4 zYO2q39&T>4kq-Yx3l1~$ke1*aP;N4p8E6^srv&xC!q5)ZQ_+Zmcjt%(#GCUYpT%B_ z62__4$yCpN+mtx7g|gz}?g-ty*QR3jS;fgbyL}m=N%f?v^qx!>WZviGm6t9!He9Ht zm{`7q^!Tr8i4Ha<87zUYgjkS|xyviv3NOTVlNhsu9{FK+%dh~4#Em|W&eX{meeg6?-A78gAKFhJ!&?K^hEY`=66mQ-gJckEDro zL3Er;!y_T<%hz99cnvXXR5080>p7j#N)Y*exPhTg=0`sI?%%xE-I22b+SDJBH~Tzdd`K0aY8+4)?RbKdaT|lT?;X+) z1L~Y2ZdD1D6(m9p#qULAm(7NmzD)no*q~#ne}lt=a*6zVIYp(H+$!2biK<9MnHv6MioR9dkHc^S2wsUW0@vtH*u2F4XBQ?X~BRt4cW^ zdleF@3Sun08-h+RC~`4#as=qhb<8^9b{k3<(Ce)U*HfYNC8!|nB?(RPYZN%DYs#Ty zy#gbbOEwH*^YhITb(hra|IsUsj_gT7XPhe|RdF9Dn^uOf&wAu4={qwR>H9AtT5}a(07U`6!RQG5XJWQx;5gmn6s@ittWdvFjZS?oUsU?L!dkl zzF;Agyhyvgp9g_DY=P(MSm;*d`et9=;bX0aTUFko=>xo}VIw=UM`ao!J|IQ%S7r3J zNS>2fXHW+Cwwm;OS&f5y`qJdbCyRp()>wHYn}Uwv(lrrr0lhHAa+H)rk`>hu?j8HZ z!AhF}?jK|&$6!Klx@N!~puXc)t5%RI!-p$vtq%J4`DcTpuhG%*m!CbYs0YJImsCyM zG8EbxOru)Ap`V)_(XKO9ujS$hAZM6X>#2tsw`XtO#BHJ+s?U;m&;N9;nn$9Ir;;{+c$9}LNi zoM$B3F`L1>b4f4~!Pjw4;%mWopPd2rnoaa*l;w-e-E|N=GHcNv>Cm~TZ_hztzr?{A zE?P~>u@jz=p_UDiUVE!WM`P1PQd?3*URAs?tiGUrM?J_2_r4=AR?k+i<3gf(R4XNF z;G9xUwD`EZC9Xq%M4c~HU)JudLWd-Sq+H9nMD3-0qVs71q#Tma!0Pn{1!LAYy#P_B zYSQvpwW+s4kQc*GIEdmttdV*HOt@DnEHmbCBAct%FQ7$zwcE-Y8{Edfp)(jSr*UVH z@}k|xxgJjm8*o@&PPOiW_E>HmH}wk<%sC~^2Gq=fv;yHHq!N-)uXk6p(rb|n=1{wI64_1HLtp=D zkOPivAYsSYwdXaWz``jeEn{)BbtE(>k zlfKX7Lxy$Vsz2FyDB*A+rOQqMXAD`vFIZZc-;D)|G?XkSy0$z#P_8oBxt1=Hp-! zEWMJ8mu49=u^nNX9Zjw{SoC~*>KMuAD#z+W(k1D&x>;_y$LiH)iaJ=`SkhN-lE+N> zhmNuA08;cb(L;tM!gT3*=|84dUDC#~-e$qP1H+5@s}-4+2_1}`iv_XJ>!eDYnDI%- zz33Q0bo%OS3FHPm$KXp`c+##O}VOyKrdwy|;Ii9PD ztfZyDRYJ((xVTDs=j~`54?L)<#gCNT)zXO^9S_XEdpC0x;cfGzVoHtPh%NV$ zG95h%dd35Hc${3=_UqD7bnGROXgnQp zm1X4O!?T!{xx-!P5OXWQ5jeBuw1p))@lOxYWm4GReDuiPhrQozKQ4T4QO=tuWI)fD z&bgcm{OWAkt=lT*U$-94Dod{Z_)S3L*^N9l1Zo*qRa{G*N%TOq>tgQA(MJtDso~c0o;bg6p$B{05;+LUCRgJ-*3%0VsKIoIZe|y;21>#!K?2@` z0ae|x@VyVc97CwMr?%v3)5c~tdtbo(jJhA)%G{vETG{fq@TvaTmAPS`K23?Ng|gO! z8LPvZ8YoPQ1u&iu0}O{j-r9vhuASh{7dl5gtRSWF>_mg_MrK7=FfOhNGKG4V1jgm9 zd{e|hTww0268A(a{B-RdIgTKsLk4f*QCW3O19CeL?W#Y9Oy9feSNH1PsSl76-&CY` zXd1?b7tv*`5f;iT02u%qzz=*sL*8!((;fbB2<%>LNKWkig^s-Ud_GN|*v4E{!nO=nQZ_iOES@c_De{;uHzJD=pZ;twnkUS;7kY3)NTFWd)RVmzcR z{$U*L%uX0(`eLHVH_KTgPP+fgRtAxaa#6%ZKX}cL%D4PO^~L6G{q*!y257237=5}q zPNs9MV6~+xko8o(ftl->Qkb!Q%SN-b2aj^%;+GL5RBf=hh+Pzc9caK^d7|>D!c%yl zu_I40aJw-$G$!)fH0N3yVpL!%xGSZ%*8!%<7mA;^GnBdY)PHge2`k`#!WY4@u^ran zfF0=9e$PZ75*lb^42E>{Zd~YZm_Oi{mK1#{=N#&}*UzVmi(i~$r(Rv%WcKB3IHkxk4iTT={+MPC?TX8 z`Hz*UR-^yW4vr2X&4EDw(%zhC40%y$Yc9KL{{Nhyl5sc)k5bPnJ zKiQXWM;&kEshbY}z@^?p#K$ufy@($EoI*wAv(xxS=!tOz{u2@cXV+pK@FsL7?<7z;<-uF#`8hs@|tt zrzH55jDN6>F^^7Gzc6teGC;@MQX)&)JR{{6Ltbhnof;fk59f@%hehYoVWqxRC)uOE zYZK7VYZOx&7dWP80&Af6i1m2Jn|tMJQ>6vf+j-i#Y6D-DFZS4r(LsZpg&PAzM(-AZ zXEZXx?PZXtd>>4~YHJbqd}6%4b$jXgm21m?g#>4q0nWVy>N@c|ba z51n+!gAr|EqFFX6@!obMKVc(q26aOVzAL)P8oBh_ws+Ap@>)TeQ>Dj5*U=82M;I_Wv{fl}tjfwR2kjWW;vGJb1AWbsI$B{)w4a z3m}Jd2JWA8~eLM;?kU)p+syv!_<^j|4 za`i=Up(P(YeRHh6L2rkXon0OTuS%hZt}2_)>S&7ky?_A6T~g#;scuMoH%1khm$)B| zGkQ3kwDB7dKXcTjeS+Qjr%lw8IKuRUvaZaf;iB?mJ84%7%M79gGD1J1+Er+x1zRL} zJ@Dq47np&|D9X|{wtc7Cq2;ojeI_~DcczX@?4NY*j3XJ;mh+POu8#)5g8s_+yDTxW zI>_)>+p2xEN$|k8(IYS&bIEV@8lbtL$}#X6VbST&%kkIf zQDHOQND=nw1-qvrdBMDHA-`rD#VI8u8OSzJn%3ty*$pl?3seQPsDRCN;)iAGsi!Mr}n%kTc- zxSr?*5SOL*b?v& z3`)f&$vz(B-X#da-xQc+@|oOG-EeeYEn|8frccLcWI0{QDzOzv^w!)rDrp8{-4c1BuW8Q zUGEB(1I7>lRXjSXy(8xE0h50!Q}bMgo@`zW7P}^>LQz9rlH%89x+)I}goS8#TP}f= zEl(B-Pg6mCQi{7QfKH$rez^SZF(3B+HCQNKHKC&O3?@I_`u0GP2<@RI>)LK;(3D05 zwAshk>w89VptchAw(I4o(cxM^@?tj+NLVFNF>m zVy<>wXa5YI+w?zmX%$of5%y`tDGbFNAZCu3B}ta zII8FF43K-OaYE37*pd}p$01}g3a02K&8PnRmlQ;Ja@ppotw%DerO?;)*MX3 zBG3~JS6=R&VZMEXe7IoX>5@-?a;*PMJk!YDKU8r=0Xg@m(%9w|#-bw`{^D<%j#=+;sdt3QZyuf(;E-7N^TIoA3WgrI1x}27r66e%5I?pz ze;Y{0Ja>S+4iCjbsO;R7t9PLtipjDM!vJWvLqX^--@c^20|a$aw^S@F-!@@pB|!tpRYd5}szeJYKW zZO@Sb%eA0Z&V&>+wrluvq9f|IAaL39+?PoxOpYhL()70oPX@%~F5olc@qsiEC!K{~ zfI(R}ckI|9wmg=wL$d3I!z)N-D_&|-fQCLI6P-}bu7oj=Fph0@6fUjVTX`gZCFUqs zuqqu<5+t0)4kS9{ECJ2iX4A?g&Y-k5a39$W1G|gHGD$@Z6mY;PO;19QOLZ6h7C{_S{2T@dqo0VSMfQXnA^kS(&l9%$ih&_MAaHo^s^e2=QQCr#N z*e&MLvvr2pB7;~Z7agpDlo)xXg;U8T^C}%ReCsf=a51_I9t&foZa-Dw3FL%rKGk$E z>3@#2#Q9_`C0n5m$^SqufAPpac;6Xx^-{b4M6;vTK4awf3<5V;p`E}8{+}@pWMp# zN6;XoOylZ1xPneJm7kgOmYHTS@%zp{kXxI0^E5vw@L!6dt_b2$pWem2`l*I##xD2W z{7UBcTdoFhI;gUqS=gT^@4MOs_&uuOA1P|toY`_Y7$uGni@X8A>dVF8ebHx4r4DVq z6G%cy5HJqC(suWdvt_&s^@5T4=Ow#qKS>YsiYraSXf2o&qT+QgZuol_c(G!%-+jHr@!;KhTEw40N}>N+XXTI;LtHo2(TWDnX8A zGw+g_snMoRwlp)$Hgx8z|Ar$}ueVk0IsV;`3Ft5T#1B3K+WXOsZtdBXzk8fYCnZgtihr1K7-9`M zI*)&nsyXF8Vg+IN!=gy8ue-s}W}{iW4p5u%GJTfxEWFdeD zgo9r|2xmfL^F^2@$no1DJ+r_q@g~Inu49*b?6W zYeo$yvr5+ndCAp_&f}t2xK^cF{I;&)v?>jU8MQoAW4M%7>p|`BgZ_`!km+z!%ZRdT z1lZ)Grrd&F;dd`EaX5kp0G9XaN01$g+mp33l3KjY^U7Dp(w)wdNd*lB3l!5*bQ!Sd zZ&BoUyoKC-b!=fKI%COeEG?z?*wkdfmrrtXs~K-Tx#?frbb)Qk31Sfqu0|XzpV7wL zL1!EkPJc=A@$>M{e)~FFH~}I|HyVUuo&=2kTKYSz(-yqnQPm5mSLJg)n4F91GCM)Q)@F`}z zXv;Lq<6Jfv%}&!LEg5Uh(813BTD(`Xsfygix5&aWFYpk!aQtB8ztu8TJj@4We1;7V zN(b-o^eX4LS7sv$rUWT9x$S(oKuRZWbdOypnNm%UnaW-VI@aWK=jJw(I8g;Ea(t>N1vvHlpm)C|SOliAW2En#? z?XV3K0(E8o3y}h)(kTT>vQ=h^@;K2XQ9ShCMIj}Xwt$)~QHZCZH8sX)CoBQKg7B`7 zj=$2Eds!6{Zo^Bz7J>Pw|3vvKsyZw3zRqK}pwmfqHNC279%oaT661{=IY1txo2*YkFBOQ<*y1BW#VgKkmpiJ(%zKr@q z3XHY_JnvVAw2mf&(YM|09CXwh{y^D6!b;4h6Y9^p+ULOeP)5VO0-RPt zO0|LNoqyG46fDNU15sr<#6^%3HG2-4gl@6m0x0gz=4XOG^nd`;`#iNuKCaJQ!Psoy zI#^HI!CpONqm}`R`qDn*)u6w;i$TAHWofPgMW96>w;1)S~*GaT%e|67F30S8_;^h-Fe;1CfJkrm5)pn;9wU%vP0fVNDq zk$=I+U)_hfuL1^%N`&tgt^TM7dSn2A8%Ak|6Wssu%H}7S2-sKz_u9W4^5=Yz!gv&` zTbIp=EvjvOjOPYU;Fefa{JZL(hoHbs#QQzxv&|OoZrLit6Tplo>?Q*LrSPVlK);4Z z)?a+}`9G|%`I{|}(6+tnFXH-p)@ty``!y=B{)>Fv=XAL3{{LoJ2)?1a00>X` Y(@V?}L5J)`(!sy8XEaY|DOm;lFD#+uOaK4? literal 0 HcmV?d00001