From dbcdf7c4b3825340aef3c6bf343fdb0d5cd9e8d0 Mon Sep 17 00:00:00 2001 From: "Guo, Fei" Date: Fri, 7 May 2021 15:26:20 -0700 Subject: [PATCH] Move virtualcluster directory from WG repo --- virtualcluster/.gitignore | 25 + virtualcluster/Dockerfile | 23 + virtualcluster/Makefile | 174 + virtualcluster/OWNERS | 15 + virtualcluster/PROJECT | 4 + virtualcluster/README.md | 124 + virtualcluster/cmd/kubectl-vc/create.go | 291 + virtualcluster/cmd/kubectl-vc/exec.go | 182 + virtualcluster/cmd/kubectl-vc/root.go | 51 + virtualcluster/cmd/kubectl-vc/util.go | 107 + virtualcluster/cmd/manager/main.go | 146 + .../cmd/syncer/app/config/config.go | 81 + .../cmd/syncer/app/options/options.go | 352 + virtualcluster/cmd/syncer/app/server.go | 175 + virtualcluster/cmd/syncer/builtins.go | 32 + virtualcluster/cmd/syncer/builtins_extra.go | 23 + virtualcluster/cmd/syncer/main.go | 41 + .../cmd/vn-agent/app/options/options.go | 126 + virtualcluster/cmd/vn-agent/app/server.go | 143 + virtualcluster/cmd/vn-agent/main.go | 41 + .../crds/cluster.x-k8s.io_clusters.yaml | 164 + .../tenancy.x-k8s.io_clusterversions.yaml | 9087 +++++++++++++++++ .../tenancy.x-k8s.io_virtualclusters.yaml | 91 + .../config/default/kustomization.yaml | 49 + .../default/manager_auth_proxy_patch.yaml | 24 + .../config/default/manager_image_patch.yaml | 12 + .../manager_prometheus_metrics_patch.yaml | 19 + virtualcluster/config/manager/manager.yaml | 83 + .../config/rbac/auth_proxy_role.yaml | 13 + .../config/rbac/auth_proxy_role_binding.yaml | 12 + .../config/rbac/auth_proxy_service.yaml | 20 + virtualcluster/config/rbac/rbac_role.yaml | 177 + .../config/rbac/rbac_role_binding.yaml | 13 + .../clusterversion_v1_loadbalancer.yaml | 308 + .../clusterversion_v1_nodeport.yaml | 320 + .../config/sampleswithspec/coredns.yaml | 195 + .../config/sampleswithspec/example_foo.yaml | 7 + .../tenancy.x-k8s.io_clusterversions.yaml | 70 + .../virtualcluster_1_loadbalancer.yaml | 16 + .../virtualcluster_1_nodeport.yaml | 16 + virtualcluster/config/setup/all_in_one.yaml | 472 + .../config/setup/all_in_one_aliyun.yaml | 431 + .../config/setup/sample_foo_controller.yaml | 91 + virtualcluster/doc/customresource-syncer.md | 170 + virtualcluster/doc/demo.md | 347 + virtualcluster/doc/images/cr-syncer.png | Bin 0 -> 174084 bytes virtualcluster/doc/tenant-dns.md | 123 + virtualcluster/doc/vc-icdcs.pdf | Bin 0 -> 1055322 bytes virtualcluster/experiment/.gitignore | 25 + virtualcluster/experiment/Makefile | 45 + virtualcluster/experiment/OWNERS | 10 + virtualcluster/experiment/README.md | 68 + .../cmd/scheduler/app/config/config.go | 78 + .../cmd/scheduler/app/options/options.go | 282 + .../experiment/cmd/scheduler/app/server.go | 157 + .../experiment/cmd/scheduler/main.go | 37 + .../cmd/scheduler/superclusterresources.go | 21 + .../cmd/scheduler/virtualclusterresource.go | 23 + .../config/crd/cluster.x-k8s.io_clusters.yaml | 164 + .../experiment/config/setup/all_in_one.yaml | 340 + .../config/setup/cluster-id.yaml.sed | 7 + .../config/setup/deploy-cluster-id.sh | 12 + .../experiment/config/setup/deploy-syncer.sh | 43 + .../setup/setup-supercluster-minikube.sh | 77 + .../experiment/config/setup/syncer.yaml.sed | 160 + virtualcluster/experiment/doc/demo-arch.png | Bin 0 -> 98967 bytes virtualcluster/experiment/doc/demo.md | 210 + virtualcluster/experiment/hack/lib/build.sh | 91 + .../experiment/hack/lib/docker-image.sh | 110 + virtualcluster/experiment/hack/lib/init.sh | 35 + virtualcluster/experiment/hack/lib/util.sh | 26 + .../experiment/hack/make-rules/build.sh | 20 + .../hack/make-rules/release-images.sh | 21 + .../cluster/v1alpha4/cluster_phase_types.go | 55 + .../apis/cluster/v1alpha4/cluster_types.go | 287 + .../apis/cluster/v1alpha4/condition_types.go | 97 + .../pkg/apis/cluster/v1alpha4/doc.go | 20 + .../pkg/apis/cluster/v1alpha4/register.go | 38 + .../cluster/v1alpha4/zz_generated.deepcopy.go | 300 + .../client/clientset/versioned/clientset.go | 97 + .../pkg/client/clientset/versioned/doc.go | 20 + .../versioned/fake/clientset_generated.go | 82 + .../client/clientset/versioned/fake/doc.go | 20 + .../clientset/versioned/fake/register.go | 56 + .../client/clientset/versioned/scheme/doc.go | 20 + .../clientset/versioned/scheme/register.go | 56 + .../typed/cluster/v1alpha4/cluster.go | 195 + .../typed/cluster/v1alpha4/cluster_client.go | 89 + .../versioned/typed/cluster/v1alpha4/doc.go | 20 + .../typed/cluster/v1alpha4/fake/doc.go | 20 + .../cluster/v1alpha4/fake/fake_cluster.go | 142 + .../v1alpha4/fake/fake_cluster_client.go | 40 + .../cluster/v1alpha4/generated_expansion.go | 21 + .../externalversions/cluster/interface.go | 46 + .../cluster/v1alpha4/cluster.go | 90 + .../cluster/v1alpha4/interface.go | 45 + .../informers/externalversions/factory.go | 180 + .../informers/externalversions/generic.go | 62 + .../internalinterfaces/factory_interfaces.go | 40 + .../listers/cluster/v1alpha4/cluster.go | 94 + .../cluster/v1alpha4/expansion_generated.go | 27 + .../pkg/scheduler/algorithm/namespacesched.go | 96 + .../pkg/scheduler/algorithm/types.go | 45 + .../pkg/scheduler/apis/config/types.go | 48 + .../experiment/pkg/scheduler/cache/cache.go | 455 + .../pkg/scheduler/cache/cache_test.go | 425 + .../experiment/pkg/scheduler/cache/cluster.go | 234 + .../pkg/scheduler/cache/cluster_test.go | 318 + .../pkg/scheduler/cache/interface.go | 41 + .../pkg/scheduler/cache/namespace.go | 221 + .../pkg/scheduler/cache/namespace_test.go | 160 + .../experiment/pkg/scheduler/cache/pod.go | 84 + .../pkg/scheduler/cache/snapshot.go | 227 + .../pkg/scheduler/cache/snapshot_test.go | 188 + .../pkg/scheduler/constants/constants.go | 55 + .../pkg/scheduler/engine/schedulerengine.go | 203 + .../scheduler/engine/schedulerengine_test.go | 191 + .../experiment/pkg/scheduler/health.go | 154 + .../pkg/scheduler/manager/manager.go | 100 + .../pkg/scheduler/metrics/metrics.go | 59 + .../experiment/pkg/scheduler/reconciler.go | 378 + .../supercluster/namespace/controller.go | 115 + .../virtualcluster/namespace/controller.go | 220 + .../resource/virtualcluster/pod/controller.go | 174 + .../resourcequota/controller.go | 100 + .../experiment/pkg/scheduler/scheduler.go | 332 + .../experiment/pkg/scheduler/util/helper.go | 383 + .../pkg/scheduler/util/helper_test.go | 335 + virtualcluster/go.mod | 30 + virtualcluster/go.sum | 630 ++ virtualcluster/hack/boilerplate.go.txt | 15 + .../hack/install/install_ci_related.sh | 40 + virtualcluster/hack/lib/build.sh | 94 + virtualcluster/hack/lib/docker-image.sh | 112 + virtualcluster/hack/lib/init.sh | 35 + virtualcluster/hack/lib/util.sh | 41 + virtualcluster/hack/make-rules/build.sh | 20 + .../hack/make-rules/release-images.sh | 21 + .../hack/make-rules/replace-null.sh | 20 + .../hack/make-rules/test-e2e-k8s.sh | 81 + virtualcluster/hack/tools.go | 19 + virtualcluster/hack/update-codegen.sh | 32 + .../pkg/apis/addtoscheme_tenancy_v1alpha1.go | 26 + virtualcluster/pkg/apis/apis.go | 30 + virtualcluster/pkg/apis/tenancy/group.go | 18 + .../apis/tenancy/v1alpha1/clusterversion.go | 46 + .../tenancy/v1alpha1/clusterversion_types.go | 84 + .../v1alpha1/clusterversion_types_test.go | 56 + .../pkg/apis/tenancy/v1alpha1/doc.go | 24 + .../pkg/apis/tenancy/v1alpha1/register.go | 38 + .../tenancy/v1alpha1/v1alpha1_suite_test.go | 55 + .../tenancy/v1alpha1/virtualcluster_types.go | 144 + .../v1alpha1/virtualcluster_types_test.go | 58 + .../v1alpha1/virtualcluster_webhook.go | 78 + .../tenancy/v1alpha1/zz_generated.deepcopy.go | 279 + .../client/clientset/versioned/clientset.go | 96 + .../pkg/client/clientset/versioned/doc.go | 19 + .../versioned/fake/clientset_generated.go | 81 + .../client/clientset/versioned/fake/doc.go | 19 + .../clientset/versioned/fake/register.go | 55 + .../client/clientset/versioned/scheme/doc.go | 19 + .../clientset/versioned/scheme/register.go | 55 + .../typed/tenancy/v1alpha1/clusterversion.go | 180 + .../versioned/typed/tenancy/v1alpha1/doc.go | 19 + .../typed/tenancy/v1alpha1/fake/doc.go | 19 + .../v1alpha1/fake/fake_clusterversion.go | 130 + .../v1alpha1/fake/fake_tenancy_client.go | 43 + .../v1alpha1/fake/fake_virtualcluster.go | 139 + .../tenancy/v1alpha1/generated_expansion.go | 22 + .../typed/tenancy/v1alpha1/tenancy_client.go | 93 + .../typed/tenancy/v1alpha1/virtualcluster.go | 191 + .../informers/externalversions/factory.go | 179 + .../informers/externalversions/generic.go | 63 + .../internalinterfaces/factory_interfaces.go | 39 + .../externalversions/tenancy/interface.go | 45 + .../tenancy/v1alpha1/clusterversion.go | 87 + .../tenancy/v1alpha1/interface.go | 51 + .../tenancy/v1alpha1/virtualcluster.go | 88 + .../tenancy/v1alpha1/clusterversion.go | 64 + .../tenancy/v1alpha1/expansion_generated.go | 30 + .../tenancy/v1alpha1/virtualcluster.go | 93 + .../pkg/controller/add_clusterversion.go | 26 + .../pkg/controller/add_virtualcluster.go | 26 + .../clusterversion_controller.go | 121 + .../clusterversion_controller_suite_test.go | 75 + .../clusterversion_controller_test.go | 71 + .../pkg/controller/constants/constants.go | 22 + virtualcluster/pkg/controller/controller.go | 76 + .../pkg/controller/kubeconfig/kubeconfig.go | 121 + virtualcluster/pkg/controller/pki/pki.go | 242 + .../pkg/controller/secret/secret.go | 84 + .../pkg/controller/util/aliyun/util.go | 392 + .../pkg/controller/util/kube/util.go | 205 + .../pkg/controller/util/logr/util.go | 44 + .../pkg/controller/util/net/util.go | 77 + .../pkg/controller/util/strings/util.go | 56 + .../pkg/controller/vcmanager/vcmanager.go | 22 + .../virtualcluster/master_provisioner.go | 27 + .../master_provisioner_aliyun.go | 284 + .../master_provisioner_native.go | 361 + .../virtualcluster_controller.go | 208 + .../virtualcluster_controller_suite_test.go | 75 + .../virtualcluster_controller_test.go | 75 + .../pkg/syncer/apis/config/types.go | 82 + .../pkg/syncer/constants/constants.go | 92 + .../pkg/syncer/conversion/envvars/doc.go | 20 + .../pkg/syncer/conversion/envvars/envvars.go | 118 + .../syncer/conversion/envvars/envvars_test.go | 169 + .../pkg/syncer/conversion/equality.go | 721 ++ .../pkg/syncer/conversion/equality_test.go | 981 ++ .../pkg/syncer/conversion/helper.go | 252 + .../pkg/syncer/conversion/helper_test.go | 334 + .../pkg/syncer/conversion/mutate.go | 464 + virtualcluster/pkg/syncer/manager/manager.go | 174 + virtualcluster/pkg/syncer/metrics/metrics.go | 171 + .../pkg/syncer/patrol/differ/differ.go | 170 + .../pkg/syncer/patrol/differ/differ_test.go | 174 + .../pkg/syncer/patrol/differ/handler.go | 114 + virtualcluster/pkg/syncer/patrol/options.go | 64 + virtualcluster/pkg/syncer/patrol/patroller.go | 80 + .../pkg/syncer/resources/configmap/checker.go | 132 + .../resources/configmap/checker_test.go | 213 + .../syncer/resources/configmap/controller.go | 87 + .../pkg/syncer/resources/configmap/dws.go | 143 + .../syncer/resources/configmap/dws_test.go | 364 + .../pkg/syncer/resources/crd/checker.go | 148 + .../pkg/syncer/resources/crd/controller.go | 232 + .../pkg/syncer/resources/crd/uws.go | 113 + .../pkg/syncer/resources/endpoints/checker.go | 112 + .../resources/endpoints/checker_test.go | 94 + .../syncer/resources/endpoints/controller.go | 86 + .../pkg/syncer/resources/endpoints/dws.go | 155 + .../syncer/resources/endpoints/dws_test.go | 480 + .../pkg/syncer/resources/event/controller.go | 140 + .../pkg/syncer/resources/event/uws.go | 99 + .../pkg/syncer/resources/event/uws_test.go | 255 + .../pkg/syncer/resources/ingress/checker.go | 175 + .../syncer/resources/ingress/checker_test.go | 193 + .../syncer/resources/ingress/controller.go | 145 + .../pkg/syncer/resources/ingress/dws.go | 146 + .../pkg/syncer/resources/ingress/dws_test.go | 348 + .../pkg/syncer/resources/ingress/uws.go | 114 + .../pkg/syncer/resources/ingress/uws_test.go | 162 + .../pkg/syncer/resources/namespace/checker.go | 209 + .../resources/namespace/checker_test.go | 288 + .../syncer/resources/namespace/controller.go | 95 + .../pkg/syncer/resources/namespace/dws.go | 146 + .../syncer/resources/namespace/dws_test.go | 261 + .../pkg/syncer/resources/node/controller.go | 127 + .../pkg/syncer/resources/node/dws.go | 66 + .../pkg/syncer/resources/node/uws.go | 122 + .../pkg/syncer/resources/node/uws_test.go | 164 + .../resources/persistentvolume/checker.go | 185 + .../persistentvolume/checker_test.go | 349 + .../resources/persistentvolume/controller.go | 147 + .../syncer/resources/persistentvolume/uws.go | 116 + .../resources/persistentvolume/uws_test.go | 299 + .../persistentvolumeclaim/checker.go | 132 + .../persistentvolumeclaim/checker_test.go | 241 + .../persistentvolumeclaim/controller.go | 86 + .../resources/persistentvolumeclaim/dws.go | 145 + .../persistentvolumeclaim/dws_test.go | 365 + .../pkg/syncer/resources/pod/checker.go | 397 + .../pkg/syncer/resources/pod/checker_test.go | 457 + .../pkg/syncer/resources/pod/controller.go | 280 + .../pkg/syncer/resources/pod/dws.go | 388 + .../pkg/syncer/resources/pod/dws_test.go | 680 ++ .../pkg/syncer/resources/pod/uws.go | 203 + .../pkg/syncer/resources/pod/uws_test.go | 372 + .../syncer/resources/priorityclass/checker.go | 137 + .../resources/priorityclass/checker_test.go | 202 + .../resources/priorityclass/controller.go | 152 + .../pkg/syncer/resources/priorityclass/uws.go | 94 + .../resources/priorityclass/uws_test.go | 330 + .../pkg/syncer/resources/secret/checker.go | 208 + .../syncer/resources/secret/checker_test.go | 223 + .../pkg/syncer/resources/secret/controller.go | 83 + .../pkg/syncer/resources/secret/dws.go | 243 + .../pkg/syncer/resources/secret/dws_test.go | 576 ++ .../pkg/syncer/resources/service/checker.go | 159 + .../syncer/resources/service/checker_test.go | 239 + .../syncer/resources/service/controller.go | 148 + .../pkg/syncer/resources/service/dws.go | 147 + .../pkg/syncer/resources/service/dws_test.go | 364 + .../pkg/syncer/resources/service/uws.go | 128 + .../pkg/syncer/resources/service/uws_test.go | 172 + .../resources/serviceaccount/checker.go | 115 + .../resources/serviceaccount/checker_test.go | 174 + .../resources/serviceaccount/controller.go | 83 + .../syncer/resources/serviceaccount/dws.go | 150 + .../resources/serviceaccount/dws_test.go | 335 + .../syncer/resources/storageclass/checker.go | 134 + .../resources/storageclass/checker_test.go | 178 + .../resources/storageclass/controller.go | 152 + .../pkg/syncer/resources/storageclass/uws.go | 94 + .../syncer/resources/storageclass/uws_test.go | 323 + virtualcluster/pkg/syncer/syncer.go | 461 + .../pkg/syncer/util/featuregate/gate.go | 133 + virtualcluster/pkg/syncer/util/helper.go | 38 + .../pkg/syncer/util/scheme/scheme.go | 86 + .../pkg/syncer/util/scheme/scheme_test.go | 108 + .../pkg/syncer/util/test/featuregate.go | 43 + virtualcluster/pkg/syncer/util/test/runDWS.go | 178 + .../pkg/syncer/util/test/runPatrol.go | 207 + virtualcluster/pkg/syncer/util/test/runUWS.go | 147 + .../pkg/syncer/uwcontroller/options.go | 86 + .../pkg/syncer/uwcontroller/uwcontroller.go | 154 + .../pkg/syncer/vnode/native/provider.go | 53 + .../pkg/syncer/vnode/provider/provider.go | 27 + .../pkg/syncer/vnode/service/provider.go | 66 + .../pkg/syncer/vnode/service/provider_test.go | 114 + virtualcluster/pkg/syncer/vnode/vnode.go | 259 + virtualcluster/pkg/util/cluster/cluster.go | 324 + .../pkg/util/cluster/fake_cluster.go | 96 + .../pkg/util/constants/constants.go | 74 + virtualcluster/pkg/util/errors/errors.go | 61 + virtualcluster/pkg/util/errors/errors_test.go | 38 + .../pkg/util/fairqueue/balancer/balancer.go | 29 + .../balancer/weightedroundrobin/scheduler.go | 161 + .../weightedroundrobin/scheduler_test.go | 115 + virtualcluster/pkg/util/fairqueue/delaying.go | 194 + virtualcluster/pkg/util/fairqueue/fair.go | 245 + .../pkg/util/fairqueue/fair_test.go | 202 + virtualcluster/pkg/util/fairqueue/fifo.go | 78 + virtualcluster/pkg/util/fairqueue/option.go | 69 + virtualcluster/pkg/util/flag/flags.go | 29 + .../pkg/util/handler/enqueue_object.go | 58 + .../pkg/util/handler/enqueue_object_test.go | 118 + virtualcluster/pkg/util/handler/types.go | 21 + virtualcluster/pkg/util/listener/adapter.go | 55 + virtualcluster/pkg/util/listener/listener.go | 33 + .../pkg/util/mccontroller/mccontroller.go | 576 ++ .../pkg/util/mccontroller/options.go | 86 + virtualcluster/pkg/util/pki/util.go | 149 + virtualcluster/pkg/util/plugin/context.go | 37 + virtualcluster/pkg/util/plugin/plugin.go | 96 + .../pkg/util/reconciler/reconciler.go | 60 + virtualcluster/pkg/util/record/event.go | 68 + virtualcluster/pkg/version/base.go | 27 + virtualcluster/pkg/version/verflag/verflag.go | 120 + virtualcluster/pkg/version/version.go | 55 + .../pkg/vn-agent/certificate/cert.go | 71 + virtualcluster/pkg/vn-agent/config/config.go | 35 + virtualcluster/pkg/vn-agent/server/route.go | 162 + virtualcluster/pkg/vn-agent/server/server.go | 91 + .../pkg/vn-agent/server/test/go.mod | 61 + .../pkg/vn-agent/server/test/go.sum | 881 ++ .../pkg/vn-agent/server/test/server_test.go | 1066 ++ .../pkg/vn-agent/server/translate.go | 131 + .../pkg/vn-agent/testcerts/certs.go | 257 + .../pkg/vn-agent/testcerts/gencerts.sh | 99 + .../pkg/webhook/add_virtualcluster.go | 26 + .../virtualcluster/virtualcluster_webhook.go | 460 + virtualcluster/pkg/webhook/webhook.go | 37 + virtualcluster/test/e2e/e2e.go | 62 + virtualcluster/test/e2e/e2e_test.go | 50 + virtualcluster/test/e2e/framework/cleanup.go | 62 + .../e2e/framework/clusterversion/create.go | 524 + .../e2e/framework/clusterversion/delete.go | 46 + .../test/e2e/framework/framework.go | 474 + .../e2e/framework/ginkgowrapper/wrapper.go | 96 + .../test/e2e/framework/log/logger.go | 63 + .../test/e2e/framework/pod/resource.go | 91 + .../test/e2e/framework/text_context.go | 148 + virtualcluster/test/e2e/framework/util.go | 214 + virtualcluster/test/e2e/framework/vc.go | 56 + .../test/e2e/framework/virtualcluster/wait.go | 88 + .../test/e2e/multi-tenancy/framework.go | 24 + .../test/e2e/multi-tenancy/virtual_cluster.go | 84 + 369 files changed, 61755 insertions(+) create mode 100644 virtualcluster/.gitignore create mode 100644 virtualcluster/Dockerfile create mode 100644 virtualcluster/Makefile create mode 100644 virtualcluster/OWNERS create mode 100644 virtualcluster/PROJECT create mode 100644 virtualcluster/README.md create mode 100644 virtualcluster/cmd/kubectl-vc/create.go create mode 100644 virtualcluster/cmd/kubectl-vc/exec.go create mode 100644 virtualcluster/cmd/kubectl-vc/root.go create mode 100644 virtualcluster/cmd/kubectl-vc/util.go create mode 100644 virtualcluster/cmd/manager/main.go create mode 100644 virtualcluster/cmd/syncer/app/config/config.go create mode 100644 virtualcluster/cmd/syncer/app/options/options.go create mode 100644 virtualcluster/cmd/syncer/app/server.go create mode 100644 virtualcluster/cmd/syncer/builtins.go create mode 100644 virtualcluster/cmd/syncer/builtins_extra.go create mode 100644 virtualcluster/cmd/syncer/main.go create mode 100644 virtualcluster/cmd/vn-agent/app/options/options.go create mode 100644 virtualcluster/cmd/vn-agent/app/server.go create mode 100644 virtualcluster/cmd/vn-agent/main.go create mode 100644 virtualcluster/config/crds/cluster.x-k8s.io_clusters.yaml create mode 100644 virtualcluster/config/crds/tenancy.x-k8s.io_clusterversions.yaml create mode 100644 virtualcluster/config/crds/tenancy.x-k8s.io_virtualclusters.yaml create mode 100644 virtualcluster/config/default/kustomization.yaml create mode 100644 virtualcluster/config/default/manager_auth_proxy_patch.yaml create mode 100644 virtualcluster/config/default/manager_image_patch.yaml create mode 100644 virtualcluster/config/default/manager_prometheus_metrics_patch.yaml create mode 100644 virtualcluster/config/manager/manager.yaml create mode 100644 virtualcluster/config/rbac/auth_proxy_role.yaml create mode 100644 virtualcluster/config/rbac/auth_proxy_role_binding.yaml create mode 100644 virtualcluster/config/rbac/auth_proxy_service.yaml create mode 100644 virtualcluster/config/rbac/rbac_role.yaml create mode 100644 virtualcluster/config/rbac/rbac_role_binding.yaml create mode 100644 virtualcluster/config/sampleswithspec/clusterversion_v1_loadbalancer.yaml create mode 100644 virtualcluster/config/sampleswithspec/clusterversion_v1_nodeport.yaml create mode 100644 virtualcluster/config/sampleswithspec/coredns.yaml create mode 100644 virtualcluster/config/sampleswithspec/example_foo.yaml create mode 100644 virtualcluster/config/sampleswithspec/tenancy.x-k8s.io_clusterversions.yaml create mode 100644 virtualcluster/config/sampleswithspec/virtualcluster_1_loadbalancer.yaml create mode 100644 virtualcluster/config/sampleswithspec/virtualcluster_1_nodeport.yaml create mode 100644 virtualcluster/config/setup/all_in_one.yaml create mode 100644 virtualcluster/config/setup/all_in_one_aliyun.yaml create mode 100644 virtualcluster/config/setup/sample_foo_controller.yaml create mode 100644 virtualcluster/doc/customresource-syncer.md create mode 100644 virtualcluster/doc/demo.md create mode 100644 virtualcluster/doc/images/cr-syncer.png create mode 100644 virtualcluster/doc/tenant-dns.md create mode 100644 virtualcluster/doc/vc-icdcs.pdf create mode 100644 virtualcluster/experiment/.gitignore create mode 100644 virtualcluster/experiment/Makefile create mode 100644 virtualcluster/experiment/OWNERS create mode 100644 virtualcluster/experiment/README.md create mode 100644 virtualcluster/experiment/cmd/scheduler/app/config/config.go create mode 100644 virtualcluster/experiment/cmd/scheduler/app/options/options.go create mode 100644 virtualcluster/experiment/cmd/scheduler/app/server.go create mode 100644 virtualcluster/experiment/cmd/scheduler/main.go create mode 100644 virtualcluster/experiment/cmd/scheduler/superclusterresources.go create mode 100644 virtualcluster/experiment/cmd/scheduler/virtualclusterresource.go create mode 100644 virtualcluster/experiment/config/crd/cluster.x-k8s.io_clusters.yaml create mode 100644 virtualcluster/experiment/config/setup/all_in_one.yaml create mode 100644 virtualcluster/experiment/config/setup/cluster-id.yaml.sed create mode 100755 virtualcluster/experiment/config/setup/deploy-cluster-id.sh create mode 100755 virtualcluster/experiment/config/setup/deploy-syncer.sh create mode 100755 virtualcluster/experiment/config/setup/setup-supercluster-minikube.sh create mode 100644 virtualcluster/experiment/config/setup/syncer.yaml.sed create mode 100644 virtualcluster/experiment/doc/demo-arch.png create mode 100644 virtualcluster/experiment/doc/demo.md create mode 100755 virtualcluster/experiment/hack/lib/build.sh create mode 100755 virtualcluster/experiment/hack/lib/docker-image.sh create mode 100755 virtualcluster/experiment/hack/lib/init.sh create mode 100755 virtualcluster/experiment/hack/lib/util.sh create mode 100755 virtualcluster/experiment/hack/make-rules/build.sh create mode 100755 virtualcluster/experiment/hack/make-rules/release-images.sh create mode 100644 virtualcluster/experiment/pkg/apis/cluster/v1alpha4/cluster_phase_types.go create mode 100644 virtualcluster/experiment/pkg/apis/cluster/v1alpha4/cluster_types.go create mode 100644 virtualcluster/experiment/pkg/apis/cluster/v1alpha4/condition_types.go create mode 100644 virtualcluster/experiment/pkg/apis/cluster/v1alpha4/doc.go create mode 100644 virtualcluster/experiment/pkg/apis/cluster/v1alpha4/register.go create mode 100644 virtualcluster/experiment/pkg/apis/cluster/v1alpha4/zz_generated.deepcopy.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/clientset.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/doc.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/fake/clientset_generated.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/fake/doc.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/fake/register.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/scheme/doc.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/scheme/register.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/cluster.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/cluster_client.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/doc.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/fake/doc.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/fake/fake_cluster.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/fake/fake_cluster_client.go create mode 100644 virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/generated_expansion.go create mode 100644 virtualcluster/experiment/pkg/client/informers/externalversions/cluster/interface.go create mode 100644 virtualcluster/experiment/pkg/client/informers/externalversions/cluster/v1alpha4/cluster.go create mode 100644 virtualcluster/experiment/pkg/client/informers/externalversions/cluster/v1alpha4/interface.go create mode 100644 virtualcluster/experiment/pkg/client/informers/externalversions/factory.go create mode 100644 virtualcluster/experiment/pkg/client/informers/externalversions/generic.go create mode 100644 virtualcluster/experiment/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go create mode 100644 virtualcluster/experiment/pkg/client/listers/cluster/v1alpha4/cluster.go create mode 100644 virtualcluster/experiment/pkg/client/listers/cluster/v1alpha4/expansion_generated.go create mode 100644 virtualcluster/experiment/pkg/scheduler/algorithm/namespacesched.go create mode 100644 virtualcluster/experiment/pkg/scheduler/algorithm/types.go create mode 100644 virtualcluster/experiment/pkg/scheduler/apis/config/types.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/cache.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/cache_test.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/cluster.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/cluster_test.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/interface.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/namespace.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/namespace_test.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/pod.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/snapshot.go create mode 100644 virtualcluster/experiment/pkg/scheduler/cache/snapshot_test.go create mode 100644 virtualcluster/experiment/pkg/scheduler/constants/constants.go create mode 100644 virtualcluster/experiment/pkg/scheduler/engine/schedulerengine.go create mode 100644 virtualcluster/experiment/pkg/scheduler/engine/schedulerengine_test.go create mode 100644 virtualcluster/experiment/pkg/scheduler/health.go create mode 100644 virtualcluster/experiment/pkg/scheduler/manager/manager.go create mode 100644 virtualcluster/experiment/pkg/scheduler/metrics/metrics.go create mode 100644 virtualcluster/experiment/pkg/scheduler/reconciler.go create mode 100644 virtualcluster/experiment/pkg/scheduler/resource/supercluster/namespace/controller.go create mode 100644 virtualcluster/experiment/pkg/scheduler/resource/virtualcluster/namespace/controller.go create mode 100644 virtualcluster/experiment/pkg/scheduler/resource/virtualcluster/pod/controller.go create mode 100644 virtualcluster/experiment/pkg/scheduler/resource/virtualcluster/resourcequota/controller.go create mode 100644 virtualcluster/experiment/pkg/scheduler/scheduler.go create mode 100644 virtualcluster/experiment/pkg/scheduler/util/helper.go create mode 100644 virtualcluster/experiment/pkg/scheduler/util/helper_test.go create mode 100644 virtualcluster/go.mod create mode 100644 virtualcluster/go.sum create mode 100644 virtualcluster/hack/boilerplate.go.txt create mode 100755 virtualcluster/hack/install/install_ci_related.sh create mode 100755 virtualcluster/hack/lib/build.sh create mode 100755 virtualcluster/hack/lib/docker-image.sh create mode 100755 virtualcluster/hack/lib/init.sh create mode 100755 virtualcluster/hack/lib/util.sh create mode 100755 virtualcluster/hack/make-rules/build.sh create mode 100755 virtualcluster/hack/make-rules/release-images.sh create mode 100755 virtualcluster/hack/make-rules/replace-null.sh create mode 100755 virtualcluster/hack/make-rules/test-e2e-k8s.sh create mode 100644 virtualcluster/hack/tools.go create mode 100755 virtualcluster/hack/update-codegen.sh create mode 100644 virtualcluster/pkg/apis/addtoscheme_tenancy_v1alpha1.go create mode 100644 virtualcluster/pkg/apis/apis.go create mode 100644 virtualcluster/pkg/apis/tenancy/group.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/clusterversion.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/clusterversion_types.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/clusterversion_types_test.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/doc.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/register.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/v1alpha1_suite_test.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/virtualcluster_types.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/virtualcluster_types_test.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/virtualcluster_webhook.go create mode 100644 virtualcluster/pkg/apis/tenancy/v1alpha1/zz_generated.deepcopy.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/clientset.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/doc.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/fake/clientset_generated.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/fake/doc.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/fake/register.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/scheme/doc.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/scheme/register.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/clusterversion.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/doc.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/fake/doc.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/fake/fake_clusterversion.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/fake/fake_tenancy_client.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/fake/fake_virtualcluster.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/generated_expansion.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/tenancy_client.go create mode 100644 virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/virtualcluster.go create mode 100644 virtualcluster/pkg/client/informers/externalversions/factory.go create mode 100644 virtualcluster/pkg/client/informers/externalversions/generic.go create mode 100644 virtualcluster/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go create mode 100644 virtualcluster/pkg/client/informers/externalversions/tenancy/interface.go create mode 100644 virtualcluster/pkg/client/informers/externalversions/tenancy/v1alpha1/clusterversion.go create mode 100644 virtualcluster/pkg/client/informers/externalversions/tenancy/v1alpha1/interface.go create mode 100644 virtualcluster/pkg/client/informers/externalversions/tenancy/v1alpha1/virtualcluster.go create mode 100644 virtualcluster/pkg/client/listers/tenancy/v1alpha1/clusterversion.go create mode 100644 virtualcluster/pkg/client/listers/tenancy/v1alpha1/expansion_generated.go create mode 100644 virtualcluster/pkg/client/listers/tenancy/v1alpha1/virtualcluster.go create mode 100644 virtualcluster/pkg/controller/add_clusterversion.go create mode 100644 virtualcluster/pkg/controller/add_virtualcluster.go create mode 100644 virtualcluster/pkg/controller/clusterversion/clusterversion_controller.go create mode 100644 virtualcluster/pkg/controller/clusterversion/clusterversion_controller_suite_test.go create mode 100644 virtualcluster/pkg/controller/clusterversion/clusterversion_controller_test.go create mode 100644 virtualcluster/pkg/controller/constants/constants.go create mode 100644 virtualcluster/pkg/controller/controller.go create mode 100644 virtualcluster/pkg/controller/kubeconfig/kubeconfig.go create mode 100644 virtualcluster/pkg/controller/pki/pki.go create mode 100644 virtualcluster/pkg/controller/secret/secret.go create mode 100644 virtualcluster/pkg/controller/util/aliyun/util.go create mode 100644 virtualcluster/pkg/controller/util/kube/util.go create mode 100644 virtualcluster/pkg/controller/util/logr/util.go create mode 100644 virtualcluster/pkg/controller/util/net/util.go create mode 100644 virtualcluster/pkg/controller/util/strings/util.go create mode 100644 virtualcluster/pkg/controller/vcmanager/vcmanager.go create mode 100644 virtualcluster/pkg/controller/virtualcluster/master_provisioner.go create mode 100644 virtualcluster/pkg/controller/virtualcluster/master_provisioner_aliyun.go create mode 100644 virtualcluster/pkg/controller/virtualcluster/master_provisioner_native.go create mode 100644 virtualcluster/pkg/controller/virtualcluster/virtualcluster_controller.go create mode 100644 virtualcluster/pkg/controller/virtualcluster/virtualcluster_controller_suite_test.go create mode 100644 virtualcluster/pkg/controller/virtualcluster/virtualcluster_controller_test.go create mode 100644 virtualcluster/pkg/syncer/apis/config/types.go create mode 100644 virtualcluster/pkg/syncer/constants/constants.go create mode 100644 virtualcluster/pkg/syncer/conversion/envvars/doc.go create mode 100644 virtualcluster/pkg/syncer/conversion/envvars/envvars.go create mode 100644 virtualcluster/pkg/syncer/conversion/envvars/envvars_test.go create mode 100644 virtualcluster/pkg/syncer/conversion/equality.go create mode 100644 virtualcluster/pkg/syncer/conversion/equality_test.go create mode 100644 virtualcluster/pkg/syncer/conversion/helper.go create mode 100644 virtualcluster/pkg/syncer/conversion/helper_test.go create mode 100644 virtualcluster/pkg/syncer/conversion/mutate.go create mode 100644 virtualcluster/pkg/syncer/manager/manager.go create mode 100644 virtualcluster/pkg/syncer/metrics/metrics.go create mode 100644 virtualcluster/pkg/syncer/patrol/differ/differ.go create mode 100644 virtualcluster/pkg/syncer/patrol/differ/differ_test.go create mode 100644 virtualcluster/pkg/syncer/patrol/differ/handler.go create mode 100644 virtualcluster/pkg/syncer/patrol/options.go create mode 100644 virtualcluster/pkg/syncer/patrol/patroller.go create mode 100644 virtualcluster/pkg/syncer/resources/configmap/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/configmap/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/configmap/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/configmap/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/configmap/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/crd/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/crd/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/crd/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/endpoints/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/endpoints/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/endpoints/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/endpoints/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/endpoints/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/event/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/event/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/event/uws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/ingress/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/ingress/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/ingress/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/ingress/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/ingress/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/ingress/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/ingress/uws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/namespace/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/namespace/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/namespace/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/namespace/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/namespace/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/node/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/node/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/node/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/node/uws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolume/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolume/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolume/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolume/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolume/uws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolumeclaim/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolumeclaim/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolumeclaim/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolumeclaim/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/persistentvolumeclaim/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/pod/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/pod/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/pod/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/pod/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/pod/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/pod/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/pod/uws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/priorityclass/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/priorityclass/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/priorityclass/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/priorityclass/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/priorityclass/uws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/secret/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/secret/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/secret/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/secret/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/secret/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/service/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/service/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/service/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/service/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/service/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/service/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/service/uws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/serviceaccount/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/serviceaccount/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/serviceaccount/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/serviceaccount/dws.go create mode 100644 virtualcluster/pkg/syncer/resources/serviceaccount/dws_test.go create mode 100644 virtualcluster/pkg/syncer/resources/storageclass/checker.go create mode 100644 virtualcluster/pkg/syncer/resources/storageclass/checker_test.go create mode 100644 virtualcluster/pkg/syncer/resources/storageclass/controller.go create mode 100644 virtualcluster/pkg/syncer/resources/storageclass/uws.go create mode 100644 virtualcluster/pkg/syncer/resources/storageclass/uws_test.go create mode 100644 virtualcluster/pkg/syncer/syncer.go create mode 100644 virtualcluster/pkg/syncer/util/featuregate/gate.go create mode 100644 virtualcluster/pkg/syncer/util/helper.go create mode 100644 virtualcluster/pkg/syncer/util/scheme/scheme.go create mode 100644 virtualcluster/pkg/syncer/util/scheme/scheme_test.go create mode 100644 virtualcluster/pkg/syncer/util/test/featuregate.go create mode 100644 virtualcluster/pkg/syncer/util/test/runDWS.go create mode 100644 virtualcluster/pkg/syncer/util/test/runPatrol.go create mode 100644 virtualcluster/pkg/syncer/util/test/runUWS.go create mode 100644 virtualcluster/pkg/syncer/uwcontroller/options.go create mode 100644 virtualcluster/pkg/syncer/uwcontroller/uwcontroller.go create mode 100644 virtualcluster/pkg/syncer/vnode/native/provider.go create mode 100644 virtualcluster/pkg/syncer/vnode/provider/provider.go create mode 100644 virtualcluster/pkg/syncer/vnode/service/provider.go create mode 100644 virtualcluster/pkg/syncer/vnode/service/provider_test.go create mode 100644 virtualcluster/pkg/syncer/vnode/vnode.go create mode 100644 virtualcluster/pkg/util/cluster/cluster.go create mode 100644 virtualcluster/pkg/util/cluster/fake_cluster.go create mode 100644 virtualcluster/pkg/util/constants/constants.go create mode 100644 virtualcluster/pkg/util/errors/errors.go create mode 100644 virtualcluster/pkg/util/errors/errors_test.go create mode 100644 virtualcluster/pkg/util/fairqueue/balancer/balancer.go create mode 100644 virtualcluster/pkg/util/fairqueue/balancer/weightedroundrobin/scheduler.go create mode 100644 virtualcluster/pkg/util/fairqueue/balancer/weightedroundrobin/scheduler_test.go create mode 100644 virtualcluster/pkg/util/fairqueue/delaying.go create mode 100644 virtualcluster/pkg/util/fairqueue/fair.go create mode 100644 virtualcluster/pkg/util/fairqueue/fair_test.go create mode 100644 virtualcluster/pkg/util/fairqueue/fifo.go create mode 100644 virtualcluster/pkg/util/fairqueue/option.go create mode 100644 virtualcluster/pkg/util/flag/flags.go create mode 100644 virtualcluster/pkg/util/handler/enqueue_object.go create mode 100644 virtualcluster/pkg/util/handler/enqueue_object_test.go create mode 100644 virtualcluster/pkg/util/handler/types.go create mode 100644 virtualcluster/pkg/util/listener/adapter.go create mode 100644 virtualcluster/pkg/util/listener/listener.go create mode 100644 virtualcluster/pkg/util/mccontroller/mccontroller.go create mode 100644 virtualcluster/pkg/util/mccontroller/options.go create mode 100644 virtualcluster/pkg/util/pki/util.go create mode 100644 virtualcluster/pkg/util/plugin/context.go create mode 100644 virtualcluster/pkg/util/plugin/plugin.go create mode 100644 virtualcluster/pkg/util/reconciler/reconciler.go create mode 100644 virtualcluster/pkg/util/record/event.go create mode 100644 virtualcluster/pkg/version/base.go create mode 100644 virtualcluster/pkg/version/verflag/verflag.go create mode 100644 virtualcluster/pkg/version/version.go create mode 100644 virtualcluster/pkg/vn-agent/certificate/cert.go create mode 100644 virtualcluster/pkg/vn-agent/config/config.go create mode 100644 virtualcluster/pkg/vn-agent/server/route.go create mode 100644 virtualcluster/pkg/vn-agent/server/server.go create mode 100644 virtualcluster/pkg/vn-agent/server/test/go.mod create mode 100644 virtualcluster/pkg/vn-agent/server/test/go.sum create mode 100644 virtualcluster/pkg/vn-agent/server/test/server_test.go create mode 100644 virtualcluster/pkg/vn-agent/server/translate.go create mode 100644 virtualcluster/pkg/vn-agent/testcerts/certs.go create mode 100755 virtualcluster/pkg/vn-agent/testcerts/gencerts.sh create mode 100644 virtualcluster/pkg/webhook/add_virtualcluster.go create mode 100644 virtualcluster/pkg/webhook/virtualcluster/virtualcluster_webhook.go create mode 100644 virtualcluster/pkg/webhook/webhook.go create mode 100644 virtualcluster/test/e2e/e2e.go create mode 100644 virtualcluster/test/e2e/e2e_test.go create mode 100644 virtualcluster/test/e2e/framework/cleanup.go create mode 100644 virtualcluster/test/e2e/framework/clusterversion/create.go create mode 100644 virtualcluster/test/e2e/framework/clusterversion/delete.go create mode 100644 virtualcluster/test/e2e/framework/framework.go create mode 100644 virtualcluster/test/e2e/framework/ginkgowrapper/wrapper.go create mode 100644 virtualcluster/test/e2e/framework/log/logger.go create mode 100644 virtualcluster/test/e2e/framework/pod/resource.go create mode 100644 virtualcluster/test/e2e/framework/text_context.go create mode 100644 virtualcluster/test/e2e/framework/util.go create mode 100644 virtualcluster/test/e2e/framework/vc.go create mode 100644 virtualcluster/test/e2e/framework/virtualcluster/wait.go create mode 100644 virtualcluster/test/e2e/multi-tenancy/framework.go create mode 100644 virtualcluster/test/e2e/multi-tenancy/virtual_cluster.go diff --git a/virtualcluster/.gitignore b/virtualcluster/.gitignore new file mode 100644 index 00000000..9f06afbd --- /dev/null +++ b/virtualcluster/.gitignore @@ -0,0 +1,25 @@ + +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +_output +coverage + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Kubernetes Generated files - skip generated files, except for vendored files + +vendor/ + +# editor and IDE paraphernalia +.idea +*.swp +*.swo +*~ diff --git a/virtualcluster/Dockerfile b/virtualcluster/Dockerfile new file mode 100644 index 00000000..1e1b2d6f --- /dev/null +++ b/virtualcluster/Dockerfile @@ -0,0 +1,23 @@ +# Build the manager binary +FROM golang:1.12 as builder + +ENV GO111MODULE=on + +WORKDIR /go/virtualcluster + +COPY go.mod . +COPY go.sum . + +RUN go mod download + +COPY pkg/ pkg/ +COPY cmd/ cmd/ + +# Build +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/manager + +# Copy the controller-manager into a thin image +FROM ubuntu:latest +WORKDIR / +COPY --from=builder /go/virtualcluster/manager . +ENTRYPOINT ["/manager"] diff --git a/virtualcluster/Makefile b/virtualcluster/Makefile new file mode 100644 index 00000000..c237a641 --- /dev/null +++ b/virtualcluster/Makefile @@ -0,0 +1,174 @@ +# Explicitly opt into go modules, even though we're inside a GOPATH directory +export GO111MODULE=on + +# Image URL to use all building/pushing image targets +DOCKER_REG ?= ${or ${VC_DOCKER_REGISTRY},"virtualcluster"} +IMG ?= ${DOCKER_REG}/manager-amd64 ${DOCKER_REG}/vn-agent-amd64 ${DOCKER_REG}/syncer-amd64 + +# TEST_FLAGS used as flags of go test. +TEST_FLAGS ?= -v --race + +# COVERAGE_PACKAGES is the coverage we care about. +COVERAGE_PACKAGES=$(shell go list ./... | \ + grep -v sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client | \ + grep -v sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis | \ + grep -v sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd | \ + grep -v sigs.k8s.io/cluster-api-provider-nested/virtualcluster/test/e2e) + +# CRD_OPTIONS ?= "crd:trivialVersions=true" +CRD_OPTIONS ?= "crd:trivialVersions=true,maxDescLen=0" + +# Build code. +# +# Args: +# WHAT: Directory names to build. If any of these directories has a 'main' +# package, the build will produce executable files under $(OUT_DIR). +# If not specified, "everything" will be built. +# GOFLAGS: Extra flags to pass to 'go' when building. +# GOLDFLAGS: Extra linking flags passed to 'go' when building. +# GOGCFLAGS: Additional go compile flags passed to 'go' when building. +# +# Example: +# make +# make all +# make all WHAT=cmd/kubelet GOFLAGS=-v +# make all GOLDFLAGS="" +# Note: Specify GOLDFLAGS as an empty string for building unstripped binaries, which allows +# you to use code debugging tools like delve. When GOLDFLAGS is unspecified, it defaults +# to "-s -w" which strips debug information. Other flags that can be used for GOLDFLAGS +# are documented at https://golang.org/cmd/link/ +.PHONY: all +all: test build + +build: + hack/make-rules/build.sh $(WHAT) + +# Run tests +.PHONY: test +PWD = $(CURDIR) +test: generate fmt vet manifests + @mkdir -p coverage + @( for pkg in ${COVERAGE_PACKAGES}; do \ + go test ${TEST_FLAGS} \ + -coverprofile=coverage/unit-test-`echo $$pkg | tr "/" "_"`.out \ + $$pkg || exit 1 ;\ + done ) + @( cd ./pkg/vn-agent/server/test; \ + go test ${TEST_FLAGS} \ + -coverprofile=${PWD}/coverage/unit-test-pkg_vn-agent_server_test.out ) + @cd ${PWD} + +.PHONY: coverage +coverage: ## combine coverage after test + @mkdir -p coverage + @gocovmerge coverage/* > coverage/coverage.txt + @go tool cover -html=coverage/coverage.txt -o coverage/coverage.html + +.PHONY: clean +clean: ## clean to remove bin/* and files created by module + @go mod tidy + @rm -rf _output/* + @rm -rf coverage/* + +# Run against the configured Kubernetes cluster in ~/.kube/config +run: generate fmt vet + go run ./cmd/manager/main.go + +# Install CRDs into a cluster +install: manifests + kubectl apply -f config/crds + +# Deploy controller in the configured Kubernetes cluster in ~/.kube/config +deploy: manifests + kubectl apply -f config/crds + kustomize build config/default | kubectl apply -f - + +# Generate manifests e.g. CRD, RBAC etc. +manifests: controller-gen + $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role paths="./..." output:crd:artifacts:config=config/crds + hack/make-rules/replace-null.sh +# To work around a known controller gen issue +# https://github.com/kubernetes-sigs/kubebuilder/issues/1544 +ifeq (, $(shell which yq)) + @echo "Please install yq for yaml patching. Get it from here: https://github.com/mikefarah/yq" + @exit +else + @{ \ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.apiServer.properties.statefulset.properties.spec.properties.template.properties.spec.properties.containers.items.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.controllerManager.properties.statefulset.properties.spec.properties.template.properties.spec.properties.containers.items.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.etcd.properties.statefulset.properties.spec.properties.template.properties.spec.properties.containers.items.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.apiServer.properties.statefulset.properties.spec.properties.template.properties.spec.properties.initContainers.items.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.controllerManager.properties.statefulset.properties.spec.properties.template.properties.spec.properties.initContainers.items.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.etcd.properties.statefulset.properties.spec.properties.template.properties.spec.properties.initContainers.items.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.apiServer.properties.service.properties.spec.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.controllerManager.properties.service.properties.spec.properties.ports.items.required[1]" protocol;\ + yq w -i config/crds/tenancy.x-k8s.io_clusterversions.yaml "spec.validation.openAPIV3Schema.properties.spec.properties.etcd.properties.service.properties.spec.properties.ports.items.required[1]" protocol;\ + } +endif + +# Run go fmt against code +fmt: + go fmt ./pkg/... ./cmd/... + +# Run go vet against code +vet: + go vet ./pkg/... ./cmd/... + +# Generate code +generate: controller-gen +ifndef GOPATH + $(error GOPATH not defined, please define GOPATH. Run "go help gopath" to learn more about GOPATH) +endif + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + +# Build release image. +# +# 1. run tests +# 2. build docker image +.PHONY: release-images +release-images: test build-images + +# Build docker image. +# +# 1. build all binaries. +# 2. copy binaries to the corresponding docker image. +build-images: + hack/make-rules/release-images.sh $(WHAT) + +# Push the docker image +docker-push: + $(foreach i,$(IMG),docker push $i;) + +# find or download controller-gen +# download controller-gen if necessary +controller-gen: +ifeq (, $(shell which controller-gen)) + @{ \ + set -e ;\ + CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ + cd $$CONTROLLER_GEN_TMP_DIR ;\ + go mod init tmp ;\ + go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.3.0 ;\ + rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ + } +CONTROLLER_GEN=$(GOPATH)/bin/controller-gen +else +CONTROLLER_GEN=$(shell which controller-gen) +endif + +# Build and run kubernetes e2e tests. +# +# Args: +# KUBECONFIG: kubeconfig to virtual cluster. If empty, create a virtual cluster. +# Defaults to "". +# FOCUS: Regexp that matches the tests to be run. Defaults to "\[Conformance\]". +# SKIP: Regexp that matches the tests that needs to be skipped. +# Defaults to "\[Flaky\]|\[Slow\]|\[Serial\]" +# BUILD_DEPENDENCIES: if true, build dependencies related to e2e test. +# Defaults to true. +# +# Example: +# make test-e2e-k8s KUBECONFIG=/path/to/vc-kubeconfig +.PHONY: test-e2e-k8s +test-e2e-k8s: + hack/make-rules/test-e2e-k8s.sh diff --git a/virtualcluster/OWNERS b/virtualcluster/OWNERS new file mode 100644 index 00000000..a4036450 --- /dev/null +++ b/virtualcluster/OWNERS @@ -0,0 +1,15 @@ +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- adohe +- Fei-Guo +- resouer +- tashimi +- zhuangqh + +reviewers: +- adohe +- christopherhein +- Fei-Guo +- resouer +- zhuangqh diff --git a/virtualcluster/PROJECT b/virtualcluster/PROJECT new file mode 100644 index 00000000..29c17f02 --- /dev/null +++ b/virtualcluster/PROJECT @@ -0,0 +1,4 @@ +version: "1" +domain: x-k8s.io +projectName: virtualcluster +repo: sigs.k8s.io/cluster-api-provider-nested/virtualcluster diff --git a/virtualcluster/README.md b/virtualcluster/README.md new file mode 100644 index 00000000..53539d8b --- /dev/null +++ b/virtualcluster/README.md @@ -0,0 +1,124 @@ +# VirtualCluster - Enabling Kubernetes Hard Multi-tenancy + +VirtualCluster represents a new architecture to address various Kubernetes control plane isolation challenges. +It extends existing namespace based Kubernetes multi-tenancy model by providing each tenant a cluster view. +VirtualCluster completely leverages Kubernetes extendability and preserves full API compatibility. +That being said, the core Kubernetes components are not modified in virtual cluster. + +With VirtualCluster, each tenant is assigned a dedicated tenant control plane, which is a upstream Kubernetes distribution. +Tenants can create cluster scope resources such as namespaces and CRDs in the tenant control plane without affecting others. +As a result, most of the isolation problems due to sharing one apiserver disappear. +The Kubernetes cluster that manages the actual physical nodes is called a super cluster, which now +becomes a Pod resource provider. VirtualCluster is composed of the following components: + +- **vc-manager**: A new CRD [VirtualCluster](pkg/apis/tenancy/v1alpha1/virtualcluster_types.go) is introduced +to model the tenant control plane. `vc-manager` manages the lifecycle of each `VirtualCluster` custom resource. +Based on the specification, it either creates CAPN control plane Pods in local K8s cluster, +or imports an existing cluster if a valid `kubeconfig` is provided. + +- **syncer**: A centralized controller that populates API objects needed for Pod provisioning from every tenant control plane +to the super cluster, and bidirectionally syncs the object statuses. It also periodically scans the synced objects to ensure +the states between tenant control plane and super cluster are consistent. + +- **vn-agent**: A node daemon that proxies all tenant kubelet API requests to the kubelet process that running +in the node. It ensures each tenant can only access its own Pods in the node. + +With all above, from the tenant’s perspective, each tenant control plane behaves like an intact Kubernetes with nearly full API capabilities. +For more technical details, please check our [ICDCS 2021 paper.](./doc/vc-icdcs.pdf) + +## Live Demos/Presentations + +Kubecon EU 2020 talk (~25 mins) | WG meeting demo (~50 mins) +--- | --- +[![](http://img.youtube.com/vi/5RgF_dYyvEY/0.jpg)](https://www.youtube.com/watch?v=5RgF_dYyvEY "vc-kubecon-eu-2020") | [![](http://img.youtube.com/vi/Kow00IEUbAA/0.jpg)](http://www.youtube.com/watch?v=Kow00IEUbAA "vc-demo-long") + +## Quick Start + +Please follow the [instructions](./doc/demo.md) to install VirtualCluster in your local K8s cluster. + +## Abstraction + +In VirtualCluster, tenant control plane owns the source of the truth for the specs of all the synced objects. +The exceptions are persistence volume, storage class and priority class resources whose source of the truth is the super cluster. +The syncer updates the synced object's status in each tenant control plane, +acting like a regular resource controller. This abstraction model means the following assumptions: +- The synced object spec _SHOULD_ not be altered by any arbitrary controller in the super cluster. +- Tenant master owns the lifecycle management for the synced object. The synced objects _SHOULD NOT_ be + managed by any controllers (e.g., StatefulSet) in the super cluster. + +If any of the above assumptions is violated, VirtualCluster may not work as expected. Note that this +does not mean that a cluster administrator cannot install webhooks, for example, a sidecar webhook, +in the super cluster. Those webhooks will still work but the changes are going +to be hidden to tenants. Alternatively, those webhooks can be installed in tenant control planes so that +tenants will be aware of all changes. + +## Limitations + +Ideally, tenants should not be aware of the existence of the super cluster in most cases. +There are still some noticeable differences comparing a tenant control plane and a normal Kubernetes cluster. + +- In the tenant control plane, node objects only show up after tenant Pods are created. The super cluster + node topology is not fully exposed in the tenant control plane. This means the VirtualCluster does not support + `DaemonSet` alike workloads in tenant control plane. Currently, the syncer controller rejects a newly + created tenant Pod if its `nodename` has been set in the spec. + +- The syncer controller manages the lifecycle of the node objects in tenant control plane but + it does not update the node lease objects in order to reduce network traffic. As a result, + it is recommended to increase the tenant control plane node controller `--node-monitor-grace-period` + parameter to a larger value ( >60 seconds, done in the sample clusterversion + [yaml](config/sampleswithspec/clusterversion_v1_nodeport.yaml) already). + +- Coredns is not tenant-aware. Hence, tenant should install coredns in the tenant control plane if DNS is required. +The DNS service should be created in the `kube-system` namespace using the name `kube-dns`. The syncer controller can then +recognize the DNS service's cluster IP in super cluster and inject it into any Pod `spec.dnsConfig`. + +- The cluster IP field in the tenant service spec is a bogus value. If any tenant controller requires the +actual cluster IP that takes effect in the super cluster nodes, a special handling is required. +The syncer will backpopulate the cluster IP used in the super cluster in the +annotations of the tenant service object using `transparency.tenancy.x-k8s.io/clusterIP` as the key. +Then, the workaround usually is going to be a simple code change in the controller. +This [document](./doc/tenant-dns.md) shows an example for coredns. + +- VirtualCluster does not support tenant PersistentVolumes. All PVs and Storageclasses are provided by the super cluster. + +VirtualCluster passes most of the Kubernetes conformance tests. One failing test asks for supporting +`subdomain` which cannot be easily done in the VirtualCluster. + +## FAQ + +### Q: What is the difference between VirtualCluster and multi-cluster solution? + +One of the primary design goals of VirtualCluster is to improve the overall resource utilization +of a super cluster by allowing multiple tenants to share the node resources in a control plane isolated manner. +A multi-cluster solution can achieve the same isolation goal but resources won't be shared causing +nodes to have lower utilization. + +### Q: Can the tenant control plane run its own scheduler? + +VirtualCluster was primarily designed for serverless use cases where users normally do not have +scheduling preferences. Using the super cluster scheduler can much easily +achieve good overall resource utilization. For these reasons, +VirtualCluster does not support tenant scheduler. It is technically possible +to support tenant scheduler by exposing some of the super cluster nodes directly in +tenant control plane. Those nodes have to be dedicated to the tenant to avoid any scheduling +conflicts. This type of tenant should be exceptional. + +### Q: What is the difference between Syncer and Virtual Kubelet? + +They have similarities. In some sense, the syncer controller can be viewed as the replacement of a virtual +kubelet in cases where the resource provider of the virtual kubelet is a Kubernetes cluster. The syncer +maintains the one to one mapping between a virtual node in tenant control plane and a real node +in the super cluster. It preserves the Kubernetes API compatibility as closely as possible. Additionally, +it provides fair queuing to mitigate tenant contention. + +## Release + +The first release is coming soon. + +## Community +VirtualCluster is a SIG cluster-api-provider-nested (CAPN) supporting project. +If you have any questions or want to contribute, you are welcome to file issues or pull requests. + +You can also directly contact VirtualCluster maintainers via the WG [slack channel](https://kubernetes.slack.com/messages/wg-multitenancy). + +Lead developer: @Fei-Guo(f.guo@alibaba-inc.com) diff --git a/virtualcluster/cmd/kubectl-vc/create.go b/virtualcluster/cmd/kubectl-vc/create.go new file mode 100644 index 00000000..5e2cd2a9 --- /dev/null +++ b/virtualcluster/cmd/kubectl-vc/create.go @@ -0,0 +1,291 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "context" + "fmt" + "io/ioutil" + "log" + "time" + + "github.com/pkg/errors" + "github.com/spf13/cobra" + corev1 "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/clientcmd" + "sigs.k8s.io/controller-runtime/pkg/client" + + tenancyv1alpha1 "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis/tenancy/v1alpha1" + vcclient "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned/scheme" + kubeutil "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/controller/util/kube" + netutil "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/controller/util/net" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/conversion" +) + +const ( + APIServerSvcName = "apiserver-svc" + + pollStsPeriodSec = 2 + pollStsTimeoutSec = 120 +) + +type CreateOptions struct { + client client.Client + vcclient vcclient.Interface + fileName string + outputPath string +} + +func NewCmdCreate(f Factory) *cobra.Command { + o := &CreateOptions{} + + cmd := &cobra.Command{ + Use: "create", + Short: "Create a new VirtualCluster", + Run: func(cmd *cobra.Command, args []string) { + CheckErr(o.Complete(f, cmd)) + CheckErr(o.Validate(cmd)) + CheckErr(o.Run()) + }, + } + + cmd.Flags().StringVarP(&o.fileName, "filename", "f", "", "the configuration to apply. in json, yaml or url") + cmd.Flags().StringVarP(&o.outputPath, "output", "o", "", "path to the kubeconfig that is used to access virtual cluster") + + return cmd +} + +func (o *CreateOptions) Complete(f Factory, cmd *cobra.Command) error { + var err error + o.vcclient, err = f.VirtualClusterClientSet() + if err != nil { + return err + } + + o.client, err = f.GenericClient() + if err != nil { + return err + } + + return nil +} + +func (o *CreateOptions) Validate(cmd *cobra.Command) error { + if len(o.fileName) == 0 { + return UsageErrorf(cmd, "--filename,-f should not be empty") + } + if len(o.outputPath) == 0 { + return UsageErrorf(cmd, "--output,-o should not be empty") + } + return nil +} + +func (o *CreateOptions) Run() error { + fileBytes, err := readFromFileOrURL(o.fileName) + if err != nil { + return errors.Wrapf(err, "read \"%s\"", o.fileName) + } + + vc := &tenancyv1alpha1.VirtualCluster{} + codecs := serializer.NewCodecFactory(scheme.Scheme) + if err = runtime.DecodeInto(codecs.UniversalDecoder(), fileBytes, vc); err != nil { + return err + } + + kubecfgBytes, err := createVirtualCluster(o.client, o.vcclient, vc) + if err != nil { + return err + } + + // write tenant kubeconfig to outputPath. + if err := ioutil.WriteFile(o.outputPath, kubecfgBytes, 0644); err != nil { + return err + } + + log.Printf("VirtualCluster %s/%s setup successfully\n", vc.Namespace, vc.Name) + + return nil +} + +func createVirtualCluster(cli client.Client, vccli vcclient.Interface, vc *tenancyv1alpha1.VirtualCluster) ([]byte, error) { + cv, err := vccli.TenancyV1alpha1().ClusterVersions().Get(vc.Spec.ClusterVersionName, metav1.GetOptions{}) + if err != nil { + return nil, errors.Wrapf(err, "required cluster version not found") + } + + // fail early, if service type is not supported + svcType := cv.Spec.APIServer.Service.Spec.Type + if svcType != v1.ServiceTypeNodePort && + svcType != v1.ServiceTypeLoadBalancer && + svcType != v1.ServiceTypeClusterIP { + return nil, fmt.Errorf("unsupported apiserver service type: %s", svcType) + } + + if vc, err = vccli.TenancyV1alpha1().VirtualClusters(vc.Namespace).Create(vc); err != nil { + return nil, errors.Wrapf(err, "create virtual cluster") + } + + ns := conversion.ToClusterKey(vc) + + if err := retryIfNotFound(5, 2, func() error { + return kubeutil.WaitStatefulSetReady(cli, ns, "etcd", pollStsTimeoutSec, pollStsPeriodSec) + }); err != nil { + return nil, fmt.Errorf("cannot find sts/etcd in ns %s: %s", ns, err) + } + log.Println("etcd is ready") + + if err := retryIfNotFound(5, 2, func() error { + return kubeutil.WaitStatefulSetReady(cli, ns, "apiserver", pollStsTimeoutSec, pollStsPeriodSec) + }); err != nil { + return nil, fmt.Errorf("cannot find sts/apiserver in ns %s: %s", ns, err) + } + log.Println("apiserver is ready") + + if err := retryIfNotFound(5, 2, func() error { + return kubeutil.WaitStatefulSetReady(cli, ns, "controller-manager", pollStsTimeoutSec, pollStsPeriodSec) + }); err != nil { + return nil, fmt.Errorf("cannot find sts/controller-manager in ns %s: %s", ns, err) + } + log.Println("controller-manager is ready") + + return genKubeConfig(cli, vc, cv) +} + +// getAPISvcPort gets the apiserver service port if not specifed +func getAPISvcPort(svc *v1.Service) (int, error) { + if len(svc.Spec.Ports) == 0 { + return 0, errors.New("no port is specified for apiserver service ") + } + if svc.Spec.Ports[0].TargetPort.IntValue() != 0 { + return svc.Spec.Ports[0].TargetPort.IntValue(), nil + } + return int(svc.Spec.Ports[0].Port), nil +} + +// retryIfNotFound retries to call `f` `retry` times if the returned error +// of `f` is `metav1.StatusReasonNotFound` +func retryIfNotFound(retry, retryPeriod int, f func() error) error { + for retry >= 0 { + if err := f(); err != nil { + if apierrors.IsNotFound(err) && retry > 0 { + retry-- + <-time.After(time.Duration(retryPeriod) * time.Second) + continue + } + // if other err or having retried too many times + return err + } + // success + break + } + return nil +} + +// getVcKubeConfig gets the kubeconfig of the virtual cluster +func getVcKubeConfig(cli client.Client, clusterNamespace, srtName string) ([]byte, error) { + // kubeconfig of the tenant cluster is stored in meta cluster as a secret + srt := &corev1.Secret{} + err := cli.Get(context.TODO(), + types.NamespacedName{ + Namespace: clusterNamespace, + Name: srtName, + }, srt) + if err != nil { + return nil, fmt.Errorf("fail to get %s: %s", srtName, err) + } + // get the secret that stores the kubeconfig of the tenant cluster + kcBytes, exist := srt.Data[srtName] + if !exist { + return nil, fmt.Errorf("fail to get secret data %s: %s", srtName, err) + } + return kcBytes, nil +} + +// genKubeConfig generates the kubeconfig file for accessing the virtual cluster +func genKubeConfig(cli client.Client, vc *tenancyv1alpha1.VirtualCluster, cv *tenancyv1alpha1.ClusterVersion) ([]byte, error) { + clusterNamespace := conversion.ToClusterKey(vc) + kbCfgBytes, err := getVcKubeConfig(cli, clusterNamespace, "admin-kubeconfig") + if err != nil { + return nil, err + } + + kubecfg, err := clientcmd.NewClientConfigFromBytes(kbCfgBytes) + if err != nil { + return nil, err + } + + apiSvcPort, err := getAPISvcPort(cv.Spec.APIServer.Service) + if err != nil { + return nil, err + } + + // replace the server address in kubeconfig based on service type + kubecfg, err = replaceServerAddr(kubecfg, cli, clusterNamespace, cv.Spec.APIServer.Service.Spec.Type, apiSvcPort) + if err != nil { + return nil, err + } + + rawConfig, err := kubecfg.RawConfig() + if err != nil { + return nil, err + } + + return clientcmd.Write(rawConfig) +} + +// replaceServerAddr replace api server IP with the minikube gateway IP, and +// disable TLS varification by removing the server CA +func replaceServerAddr(kubecfg clientcmd.ClientConfig, cli client.Client, clusterNamespace string, svcType v1.ServiceType, apiSvcPort int) (clientcmd.ClientConfig, error) { + var newStr string + switch svcType { + case v1.ServiceTypeNodePort: + nodeIP, err := netutil.GetNodeIP(cli) + if err != nil { + return nil, err + } + svcNodePort, err := netutil.GetSvcNodePort(APIServerSvcName, clusterNamespace, cli) + if err != nil { + return nil, err + } + newStr = fmt.Sprintf("https://%s:%d", nodeIP, svcNodePort) + case v1.ServiceTypeLoadBalancer: + externalIP, err := netutil.GetLBIP(APIServerSvcName, clusterNamespace, cli) + if err != nil { + return nil, err + } + newStr = fmt.Sprintf("https://%s:%d", externalIP, apiSvcPort) + } + + rawConfig, err := kubecfg.RawConfig() + if err != nil { + return nil, err + } + for _, cluster := range rawConfig.Clusters { + cluster.InsecureSkipTLSVerify = true + cluster.CertificateAuthorityData = nil + cluster.Server = newStr + } + + return clientcmd.NewDefaultClientConfig(rawConfig, &clientcmd.ConfigOverrides{}), nil +} diff --git a/virtualcluster/cmd/kubectl-vc/exec.go b/virtualcluster/cmd/kubectl-vc/exec.go new file mode 100644 index 00000000..c780c7da --- /dev/null +++ b/virtualcluster/cmd/kubectl-vc/exec.go @@ -0,0 +1,182 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + "io/ioutil" + "os" + "os/exec" + "path/filepath" + "runtime" + "strings" + + "github.com/pkg/errors" + "github.com/spf13/cobra" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + vcclient "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/conversion" +) + +const ( + execExample = ` + # Switch to a virtualcluster + kubectl vc exec -n foo bar + + # Specific vc by namespaced name + kubectl vc exec foo/bar + + # Customize kubeconfig file path + kubectl vc exec --kubeconfig-file-dir /path/to/file foo/bar` +) + +type ExecOption struct { + client client.Client + vcclient vcclient.Interface + namespace string + name string + kubeFileDir string +} + +func NewCmdExec(f Factory) *cobra.Command { + o := &ExecOption{} + + cmd := &cobra.Command{ + Use: "exec VC_NAME", + Short: "Switch to virtualcluster workspace", + Example: execExample, + Run: func(cmd *cobra.Command, args []string) { + CheckErr(o.Complete(f, cmd, args)) + CheckErr(o.Run()) + }, + } + + cmd.Flags().StringVarP(&o.namespace, "namespace", "n", metav1.NamespaceDefault, "If present, the namespace scope for this CLI request") + cmd.Flags().StringVar(&o.kubeFileDir, "kubeconfig-file-dir", filepath.Join(os.Getenv("HOME"), ".kube/vc/"), "The directory to place the kubeconfig of specific vc") + + return cmd +} + +func (o *ExecOption) Complete(f Factory, cmd *cobra.Command, args []string) error { + var err error + o.vcclient, err = f.VirtualClusterClientSet() + if err != nil { + return err + } + + o.client, err = f.GenericClient() + if err != nil { + return err + } + + if len(args) == 0 { + return UsageErrorf(cmd, "VC_NAME should not be empty") + } + + o.name = args[0] + if strings.Contains(o.name, "/") { + namespacedName := strings.SplitN(o.name, "/", 2) + o.namespace = namespacedName[0] + o.name = namespacedName[1] + } + + return nil +} + +func (o *ExecOption) Run() error { + kbFilePath, err := o.placeVCKubeconfig(o.namespace, o.name) + if err != nil { + return err + } + fmt.Printf("kubeconfig for virtualcluster %s/%s is placed at:\n\n\t%s\n\n", o.namespace, o.name, kbFilePath) + + return enterVCShell(kbFilePath, o.namespace, o.name) +} + +func (o *ExecOption) placeVCKubeconfig(ns, name string) (string, error) { + vc, err := o.vcclient.TenancyV1alpha1().VirtualClusters(ns).Get(name, metav1.GetOptions{}) + if err != nil { + return "", err + } + + cv, err := o.vcclient.TenancyV1alpha1().ClusterVersions().Get(vc.Spec.ClusterVersionName, metav1.GetOptions{}) + if err != nil { + return "", errors.Wrapf(err, "cluster version not found") + } + + kbBytes, err := genKubeConfig(o.client, vc, cv) + if err != nil { + return "", err + } + + if err = os.MkdirAll(o.kubeFileDir, 0755); err != nil { + return "", err + } + + kbFilePath := filepath.Join(o.kubeFileDir, conversion.ToClusterKey(vc)+".kubeconfig") + err = ioutil.WriteFile(kbFilePath, kbBytes, 0644) + + return kbFilePath, err +} + +func enterVCShell(kbFilePath, ns, name string) error { + warningPrompt := "!!" + if isSmartTerminal() { + warningPrompt = "❗" + } + fmt.Printf("%s You are now at VirtualCluster %s/%s\n", warningPrompt, ns, name) + fmt.Printf("%s use regular kubectl commands to operate vc in this temporary workspace\n", warningPrompt) + fmt.Printf("%s type 'exit' to exit\n", warningPrompt) + + c := exec.Command(os.Getenv("SHELL")) + c.Env = append(os.Environ(), + fmt.Sprintf("KUBECONFIG=%v", kbFilePath), + fmt.Sprintf("PS1=[\\u@vc:\\[\033[01;32m\\]%s/%s\\[\033[00m\\] \\W]\\$ ", ns, name), + ) + c.Stdin = os.Stdin + c.Stdout = os.Stdout + c.Stderr = os.Stderr + + defer func() { + fmt.Printf("%s exit VirtualCluster %s/%s\n", warningPrompt, ns, name) + }() + return c.Run() +} + +func isSmartTerminal() bool { + // Explicit request for no ANSI escape codes + // https://no-color.org/ + if os.Getenv("NO_COLOR") != "" { + return false + } + + // Explicitly dumb terminals are not smart + // https://en.wikipedia.org/wiki/Computer_terminal#Dumb_terminals + if os.Getenv("TERM") == "dumb" { + return false + } + + // On Windows WT_SESSION is set by the modern terminal component. + // Older terminals have poor support for UTF-8, VT escape codes, etc. + if runtime.GOOS == "windows" && os.Getenv("WT_SESSION") == "" { + return false + } + + return true +} diff --git a/virtualcluster/cmd/kubectl-vc/root.go b/virtualcluster/cmd/kubectl-vc/root.go new file mode 100644 index 00000000..6669a7a7 --- /dev/null +++ b/virtualcluster/cmd/kubectl-vc/root.go @@ -0,0 +1,51 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + "os" + + "github.com/spf13/cobra" + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/version" +) + +func main() { + f, err := NewFactory() + if err != nil { + fmt.Fprintf(os.Stderr, "failed to new client factory: %v", err) + os.Exit(1) + } + + rootCmd := &cobra.Command{ + Use: "kubectl-vc", + Short: "VirtualCluster Command tool", + Version: version.BriefVersion(), + Run: runHelp, + } + + rootCmd.AddCommand(NewCmdCreate(f)) + rootCmd.AddCommand(NewCmdExec(f)) + + CheckErr(rootCmd.Execute()) +} + +func runHelp(cmd *cobra.Command, args []string) { + cmd.Help() +} diff --git a/virtualcluster/cmd/kubectl-vc/util.go b/virtualcluster/cmd/kubectl-vc/util.go new file mode 100644 index 00000000..82c152fc --- /dev/null +++ b/virtualcluster/cmd/kubectl-vc/util.go @@ -0,0 +1,107 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "fmt" + "io/ioutil" + "net/http" + "os" + "strings" + + "github.com/spf13/cobra" + "k8s.io/cli-runtime/pkg/genericclioptions" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/client" + + vcclient "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" +) + +// Factory provides abstractions that allow the Kubectl command to be extended across multiple types +// of resources and different API sets. +type Factory interface { + // GenericClient from controller runtime + GenericClient() (client.Client, error) + + // KubernetesClientSet gives you back an external clientset + KubernetesClientSet() (kubernetes.Interface, error) + + // VirtualClusterClientSet is the virtualcluster clientset + VirtualClusterClientSet() (vcclient.Interface, error) +} + +type factoryImpl struct { + config *rest.Config +} + +func NewFactory() (Factory, error) { + kubecfgFlags := genericclioptions.NewConfigFlags(true) + config, err := kubecfgFlags.ToRESTConfig() + if err != nil { + return nil, err + } + return &factoryImpl{config: config}, nil +} + +func (f *factoryImpl) GenericClient() (client.Client, error) { + return client.New(f.config, client.Options{Scheme: scheme.Scheme}) +} + +func (f *factoryImpl) KubernetesClientSet() (kubernetes.Interface, error) { + return kubernetes.NewForConfig(f.config) +} + +func (f *factoryImpl) VirtualClusterClientSet() (vcclient.Interface, error) { + return vcclient.NewForConfig(f.config) +} + +func UsageErrorf(cmd *cobra.Command, format string, args ...interface{}) error { + msg := fmt.Sprintf(format, args...) + return fmt.Errorf("%s\nSee '%s -h' for help and examples", msg, cmd.CommandPath()) +} + +func CheckErr(err error) { + if err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } +} + +// readFromFileOrURL reads the content from the file path or url. +func readFromFileOrURL(path string) ([]byte, error) { + if isURL(path) { + // read from an URL + resp, err := http.Get(path) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + yamlContent, err := ioutil.ReadAll(resp.Body) + return yamlContent, nil + } + // read from a file + content, err := ioutil.ReadFile(path) + return content, err +} + +// isURL checks if `path` is an URL +func isURL(path string) bool { + return strings.HasPrefix(path, "https://") || strings.HasPrefix(path, "http://") +} diff --git a/virtualcluster/cmd/manager/main.go b/virtualcluster/cmd/manager/main.go new file mode 100644 index 00000000..edad6928 --- /dev/null +++ b/virtualcluster/cmd/manager/main.go @@ -0,0 +1,146 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "flag" + "fmt" + "net/http" + "os" + + "k8s.io/apiserver/pkg/server/healthz" + _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/controller" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/client/config" + "sigs.k8s.io/controller-runtime/pkg/manager" + logf "sigs.k8s.io/controller-runtime/pkg/runtime/log" + "sigs.k8s.io/controller-runtime/pkg/runtime/signals" + + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/controller/constants" + logrutil "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/controller/util/logr" + vcmanager "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/controller/vcmanager" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/version" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/version/verflag" +) + +func main() { + var ( + logFile string + metricsAddr string + masterProvisioner string + leaderElection bool + leaderElectionCmName string + maxConcurrentReconciles int + versionOpt bool + disableStacktrace bool + enableWebhook bool + ) + flag.StringVar(&metricsAddr, "metrics-addr", ":0", "The address the metric endpoint binds to.") + flag.StringVar(&masterProvisioner, "master-prov", "native", + "The underlying platform that will provision master for virtualcluster.") + flag.BoolVar(&leaderElection, "leader-election", true, "If enable leaderelection for vc-manager") + flag.StringVar(&leaderElectionCmName, "le-cm-name", "vc-manager-leaderelection-lock", + "The name of the configmap that will be used as the resourcelook for leaderelection") + flag.IntVar(&maxConcurrentReconciles, "num-reconciles", 10, + "The max number reconcilers of virtualcluster controller") + flag.StringVar(&logFile, "log-file", "", "The path of the logfile, if not set, only log to the stderr") + flag.BoolVar(&versionOpt, "version", false, "Print the version information") + flag.BoolVar(&disableStacktrace, "disable-stacktrace", false, "If set, the automatic stacktrace is disabled") + flag.BoolVar(&enableWebhook, "enable-webhook", false, "If set, the virtualcluster webhook is enabled") + + flag.Parse() + + // print version information + if versionOpt { + fmt.Printf("VirtualCluster %s\n", verflag.GetVersion(version.Get())) + os.Exit(0) + } + + loggr, err := logrutil.NewLogger(logFile, disableStacktrace) + if err != nil { + panic(fmt.Sprintf("fail to initialize logr: %s", err)) + } + logf.SetLogger(loggr) + log := logf.Log.WithName("entrypoint") + + // Get a config to talk to the apiserver + log.Info("setting up client for manager") + cfg, err := config.GetConfig() + if err != nil { + log.Error(err, "unable to set up client config") + os.Exit(1) + } + + // Create a new Cmd to provide shared dependencies and start components + log.Info("setting up manager") + mgrOpt := manager.Options{ + MetricsBindAddress: metricsAddr, + LeaderElection: leaderElection, + LeaderElectionID: leaderElectionCmName, + CertDir: constants.VirtualClusterWebhookCertDir, + Port: constants.VirtualClusterWebhookPort, + } + mgr, err := vcmanager.NewVirtualClusterManager(cfg, mgrOpt, maxConcurrentReconciles) + if err != nil { + log.Error(err, "unable to set up overall controller manager") + os.Exit(1) + } + + log.Info("Registering Components.") + + // Setup Scheme for all resources + log.Info("setting up scheme") + if err := apis.AddToScheme(mgr.GetScheme()); err != nil { + log.Error(err, "unable add APIs to scheme") + os.Exit(1) + } + + // Setup all Controllers + log.Info("Setting up controller") + if err := controller.AddToManager(mgr, masterProvisioner); err != nil { + log.Error(err, "unable to register controllers to the manager") + os.Exit(1) + } + + if enableWebhook == true { + log.Info("setting up webhooks") + if err := webhook.AddToManager(mgr, mgrOpt.CertDir); err != nil { + log.Error(err, "unable to register webhooks to the manager") + os.Exit(1) + } + } + + go func() { + // start a health http server. + log.Info("Starting a health http server") + mux := http.NewServeMux() + healthz.InstallHandler(mux) + if err := http.ListenAndServe(":8080", mux); err != nil { + log.Error(err, "unable to start health http server") + os.Exit(1) + } + }() + + // Start the Cmd + log.Info("Starting the Cmd.") + if err := mgr.Start(signals.SetupSignalHandler()); err != nil { + log.Error(err, "unable to run the manager") + os.Exit(1) + } +} diff --git a/virtualcluster/cmd/syncer/app/config/config.go b/virtualcluster/cmd/syncer/app/config/config.go new file mode 100644 index 00000000..45319f07 --- /dev/null +++ b/virtualcluster/cmd/syncer/app/config/config.go @@ -0,0 +1,81 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package config + +import ( + "k8s.io/client-go/informers" + clientset "k8s.io/client-go/kubernetes" + restclient "k8s.io/client-go/rest" + "k8s.io/client-go/tools/leaderelection" + "k8s.io/client-go/tools/record" + + vcclient "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" + vcinformers "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/informers/externalversions/tenancy/v1alpha1" + syncerconfig "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/apis/config" +) + +// Config has all the context to run a Syncer. +type Config struct { + // config is the syncer's configuration object. + ComponentConfig syncerconfig.SyncerConfiguration + + // virtual cluster CR client + VirtualClusterClient vcclient.Interface + VirtualClusterInformer vcinformers.VirtualClusterInformer + + // the meta cluster client + MetaClusterClient clientset.Interface + + // the super cluster client + SuperClusterClient clientset.Interface + SuperClusterInformerFactory informers.SharedInformerFactory + + // the client only used for leader election + LeaderElectionClient clientset.Interface + + // the rest config for the super cluster + Kubeconfig *restclient.Config + + // the event sink + Recorder record.EventRecorder + Broadcaster record.EventBroadcaster + + // LeaderElection is optional. + LeaderElection *leaderelection.LeaderElectionConfig + + // server config. + Address string + Port string + CertFile string + KeyFile string +} + +type completedConfig struct { + *Config +} + +// CompletedConfig same as Config, just to swap private object. +type CompletedConfig struct { + // Embed a private pointer that cannot be instantiated outside of this package. + *completedConfig +} + +// Complete fills in any fields not set that are required to have valid data. It's mutating the receiver. +func (c *Config) Complete() *CompletedConfig { + cc := completedConfig{c} + return &CompletedConfig{&cc} +} diff --git a/virtualcluster/cmd/syncer/app/options/options.go b/virtualcluster/cmd/syncer/app/options/options.go new file mode 100644 index 00000000..732df75f --- /dev/null +++ b/virtualcluster/cmd/syncer/app/options/options.go @@ -0,0 +1,352 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package options + +import ( + "fmt" + "io/ioutil" + "os" + "time" + + "github.com/spf13/pflag" + corev1 "k8s.io/api/core/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/uuid" + "k8s.io/client-go/informers" + clientset "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/scheme" + clientgokubescheme "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + restclient "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + "k8s.io/client-go/tools/leaderelection" + "k8s.io/client-go/tools/leaderelection/resourcelock" + "k8s.io/client-go/tools/record" + cliflag "k8s.io/component-base/cli/flag" + componentbaseconfig "k8s.io/component-base/config" + "k8s.io/klog" + + syncerappconfig "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/syncer/app/config" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis" + vcclient "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" + vcinformers "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/informers/externalversions" + syncerconfig "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/apis/config" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/util/featuregate" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/constants" +) + +// ResourceSyncerOptions is the main context object for the resource syncer. +type ResourceSyncerOptions struct { + // The syncer configuration. + ComponentConfig syncerconfig.SyncerConfiguration + + MetaClusterAddress string + // MetaClusterClientConnection specifies the kubeconfig file and client connection + // settings for the proxy server to use when communicating with the meta cluster apiserver. + MetaClusterClientConnection componentbaseconfig.ClientConnectionConfiguration + + DeployOnMetaCluster bool + SuperClusterAddress string + SyncerName string + Address string + Port string + CertFile string + KeyFile string +} + +// NewResourceSyncerOptions creates a new resource syncer with a default config. +func NewResourceSyncerOptions() (*ResourceSyncerOptions, error) { + return &ResourceSyncerOptions{ + ComponentConfig: syncerconfig.SyncerConfiguration{ + LeaderElection: syncerconfig.SyncerLeaderElectionConfiguration{ + LeaderElectionConfiguration: componentbaseconfig.LeaderElectionConfiguration{ + LeaderElect: true, + LeaseDuration: v1.Duration{Duration: 15 * time.Second}, + RenewDeadline: v1.Duration{Duration: 10 * time.Second}, + RetryPeriod: v1.Duration{Duration: 2 * time.Second}, + ResourceLock: resourcelock.ConfigMapsResourceLock, + }, + LockObjectName: "syncer-leaderelection-lock", + }, + ClientConnection: componentbaseconfig.ClientConnectionConfiguration{}, + DisableServiceAccountToken: true, + DefaultOpaqueMetaDomains: []string{"kubernetes.io", "k8s.io"}, + ExtraSyncingResources: []string{}, + VNAgentPort: int32(10550), + VNAgentNamespacedName: "vc-manager/vn-agent", + FeatureGates: map[string]bool{ + featuregate.SuperClusterPooling: false, + featuregate.SuperClusterServiceNetwork: false, + featuregate.VNodeProviderService: false, + }, + }, + SyncerName: "vc", + Address: "", + Port: "80", + CertFile: "", + KeyFile: "", + }, nil +} + +func (o *ResourceSyncerOptions) Flags() cliflag.NamedFlagSets { + fss := cliflag.NamedFlagSets{} + + fs := fss.FlagSet("server") + fs.StringVar(&o.SuperClusterAddress, "super-master", o.SuperClusterAddress, "The address of the super master Kubernetes API server (overrides any value in super-master-kubeconfig).") + fs.StringVar(&o.ComponentConfig.ClientConnection.Kubeconfig, "super-master-kubeconfig", o.ComponentConfig.ClientConnection.Kubeconfig, "Path to kubeconfig file with authorization and master location information.") + fs.StringVar(&o.MetaClusterAddress, "meta-cluster-address", o.MetaClusterAddress, "The address of the meta cluster Kubernetes API server (overrides any value in meta-cluster-kubeconfig).") + fs.StringVar(&o.MetaClusterClientConnection.Kubeconfig, "meta-cluster-kubeconfig", o.MetaClusterClientConnection.Kubeconfig, "Path to kubeconfig file of the meta cluster. If it is not provided, the super cluster is used") + fs.BoolVar(&o.DeployOnMetaCluster, "deployment-on-meta", o.DeployOnMetaCluster, "Whether vc-syncer deploy on meta cluster") + fs.StringVar(&o.SyncerName, "syncer-name", o.SyncerName, "Syncer name (default vc).") + fs.BoolVar(&o.ComponentConfig.DisableServiceAccountToken, "disable-service-account-token", o.ComponentConfig.DisableServiceAccountToken, "DisableServiceAccountToken indicates whether disable service account token automatically mounted.") + fs.BoolVar(&o.ComponentConfig.DisablePodServiceLinks, "disable-service-links", o.ComponentConfig.DisablePodServiceLinks, "DisablePodServiceLinks indicates whether to disable the `EnableServiceLinks` field in pPod spec.") + fs.StringSliceVar(&o.ComponentConfig.DefaultOpaqueMetaDomains, "default-opaque-meta-domains", o.ComponentConfig.DefaultOpaqueMetaDomains, "DefaultOpaqueMetaDomains is the default opaque meta configuration for each Virtual Cluster.") + fs.StringSliceVar(&o.ComponentConfig.ExtraSyncingResources, "extra-syncing-resources", o.ComponentConfig.ExtraSyncingResources, "ExtraSyncingResources defines additional resources that need to be synced for each Virtual Cluster. (priorityclass, ingress, crd)") + fs.Var(cliflag.NewMapStringBool(&o.ComponentConfig.FeatureGates), "feature-gates", "A set of key=value pairs that describe featuregate gates for various features.") + fs.Int32Var(&o.ComponentConfig.VNAgentPort, "vn-agent-port", 10550, "Port the vn-agent listens on") + fs.StringVar(&o.ComponentConfig.VNAgentNamespacedName, "vn-agent-namespace-name", "vc-manager/vn-agent", "Namespace/Name of the vn-agent running in cluster, used for VNodeProviderService") + + serverFlags := fss.FlagSet("metricsServer") + serverFlags.StringVar(&o.Address, "address", o.Address, "The server address.") + serverFlags.StringVar(&o.Port, "port", o.Port, "The server port.") + serverFlags.StringVar(&o.CertFile, "cert-file", o.CertFile, "CertFile is the file containing x509 Certificate for HTTPS.") + serverFlags.StringVar(&o.KeyFile, "key-file", o.KeyFile, "KeyFile is the file containing x509 private key matching certFile.") + + BindFlags(&o.ComponentConfig.LeaderElection, fss.FlagSet("leader election")) + + return fss +} + +// BindFlags binds the LeaderElectionConfiguration struct fields to a flagset +func BindFlags(l *syncerconfig.SyncerLeaderElectionConfiguration, fs *pflag.FlagSet) { + fs.BoolVar(&l.LeaderElect, "leader-elect", l.LeaderElect, ""+ + "Start a leader election client and gain leadership before "+ + "executing the main loop. Enable this when running replicated "+ + "components for high availability.") + fs.DurationVar(&l.LeaseDuration.Duration, "leader-elect-lease-duration", l.LeaseDuration.Duration, ""+ + "The duration that non-leader candidates will wait after observing a leadership "+ + "renewal until attempting to acquire leadership of a led but unrenewed leader "+ + "slot. This is effectively the maximum duration that a leader can be stopped "+ + "before it is replaced by another candidate. This is only applicable if leader "+ + "election is enabled.") + fs.DurationVar(&l.RenewDeadline.Duration, "leader-elect-renew-deadline", l.RenewDeadline.Duration, ""+ + "The interval between attempts by the acting master to renew a leadership slot "+ + "before it stops leading. This must be less than or equal to the lease duration. "+ + "This is only applicable if leader election is enabled.") + fs.DurationVar(&l.RetryPeriod.Duration, "leader-elect-retry-period", l.RetryPeriod.Duration, ""+ + "The duration the clients should wait between attempting acquisition and renewal "+ + "of a leadership. This is only applicable if leader election is enabled.") + fs.StringVar(&l.ResourceLock, "leader-elect-resource-lock", l.ResourceLock, ""+ + "The type of resource object that is used for locking during "+ + "leader election. Supported options are `endpoints` and `configmaps` (default).") + fs.StringVar(&l.LockObjectNamespace, "lock-object-namespace", l.LockObjectNamespace, "DEPRECATED: define the namespace of the lock object.") + fs.StringVar(&l.LockObjectName, "lock-object-name", l.LockObjectName, "DEPRECATED: define the name of the lock object.") +} + +// Config return a syncer config object +func (o *ResourceSyncerOptions) Config() (*syncerappconfig.Config, error) { + c := &syncerappconfig.Config{} + c.ComponentConfig = o.ComponentConfig + + // Prepare kube clients + var ( + metaRestConfig, superRestConfig *restclient.Config + leaderElectionRestConfig restclient.Config + err error + ) + superRestConfig, err = getClientConfig(c.ComponentConfig.ClientConnection, o.SuperClusterAddress, !o.DeployOnMetaCluster) + if err != nil { + return nil, err + } + if o.DeployOnMetaCluster || o.MetaClusterClientConnection.Kubeconfig != "" { + metaRestConfig, err = getClientConfig(o.MetaClusterClientConnection, o.MetaClusterAddress, o.DeployOnMetaCluster) + if err != nil { + return nil, err + } + } else { + metaRestConfig = superRestConfig + } + + if o.DeployOnMetaCluster { + leaderElectionRestConfig = *metaRestConfig + } else { + leaderElectionRestConfig = *superRestConfig + } + + superClusterClient, err := clientset.NewForConfig(restclient.AddUserAgent(superRestConfig, constants.ResourceSyncerUserAgent)) + if err != nil { + return nil, err + } + metaClusterClient, err := clientset.NewForConfig(restclient.AddUserAgent(metaRestConfig, constants.ResourceSyncerUserAgent)) + if err != nil { + return nil, err + } + + // using deployment side cluster for leader election for better stability + leaderElectionRestConfig.Timeout = c.ComponentConfig.LeaderElection.RenewDeadline.Duration + leaderElectionClient, err := clientset.NewForConfig(restclient.AddUserAgent(&leaderElectionRestConfig, constants.ResourceSyncerUserAgent+"-leader-election")) + if err != nil { + return nil, err + } + + virtualClusterClient, err := vcclient.NewForConfig(metaRestConfig) + if err != nil { + return nil, err + } + + // Prepare event clients. + eventBroadcaster := record.NewBroadcaster() + recorder := eventBroadcaster.NewRecorder(clientgokubescheme.Scheme, corev1.EventSource{Component: constants.ResourceSyncerUserAgent}) + leaderElectionBroadcaster := record.NewBroadcaster() + leaderElectionRecorder := leaderElectionBroadcaster.NewRecorder(clientgokubescheme.Scheme, corev1.EventSource{Component: constants.ResourceSyncerUserAgent}) + + // Set up leader election if enabled. + var leaderElectionConfig *leaderelection.LeaderElectionConfig + if c.ComponentConfig.LeaderElection.LeaderElect { + leaderElectionConfig, err = makeLeaderElectionConfig(c.ComponentConfig.LeaderElection, leaderElectionClient, leaderElectionRecorder, o.SyncerName) + if err != nil { + return nil, err + } + } + + featuregate.DefaultFeatureGate, err = featuregate.NewFeatureGate(c.ComponentConfig.FeatureGates) + if err != nil { + return nil, err + } + + // Setup Scheme for all resources + if err := apis.AddToScheme(scheme.Scheme); err != nil { + return nil, err + } + c.ComponentConfig.RestConfig = superRestConfig + c.VirtualClusterClient = virtualClusterClient + c.VirtualClusterInformer = vcinformers.NewSharedInformerFactory(virtualClusterClient, 0).Tenancy().V1alpha1().VirtualClusters() + c.MetaClusterClient = metaClusterClient + c.SuperClusterClient = superClusterClient + c.SuperClusterInformerFactory = informers.NewSharedInformerFactory(superClusterClient, 0) + c.Broadcaster = eventBroadcaster + c.Recorder = recorder + c.LeaderElectionClient = leaderElectionClient + c.LeaderElection = leaderElectionConfig + + c.Address = o.Address + c.Port = o.Port + c.CertFile = o.CertFile + c.KeyFile = o.KeyFile + + return c, nil +} + +// makeLeaderElectionConfig builds a leader election configuration. It will +// create a new resource lock associated with the configuration. +func makeLeaderElectionConfig(config syncerconfig.SyncerLeaderElectionConfiguration, client clientset.Interface, recorder record.EventRecorder, syncername string) (*leaderelection.LeaderElectionConfig, error) { + hostname, err := os.Hostname() + if err != nil { + return nil, fmt.Errorf("unable to get hostname: %v", err) + } + // add a uniquifier so that two processes on the same host don't accidentally both become active + id := hostname + "_" + string(uuid.NewUUID()) + + if config.LockObjectNamespace == "" { + var err error + config.LockObjectNamespace, err = getInClusterNamespace() + if err != nil { + return nil, fmt.Errorf("unable to find leader election namespace: %v", err) + } + } + config.LockObjectName = syncername + "-" + "syncer-leaderelection-lock" + rl, err := resourcelock.New(config.ResourceLock, + config.LockObjectNamespace, + config.LockObjectName, + client.CoreV1(), + client.CoordinationV1(), + resourcelock.ResourceLockConfig{ + Identity: id, + EventRecorder: recorder, + }) + if err != nil { + return nil, fmt.Errorf("couldn't create resource lock: %v", err) + } + + return &leaderelection.LeaderElectionConfig{ + Lock: rl, + LeaseDuration: config.LeaseDuration.Duration, + RenewDeadline: config.RenewDeadline.Duration, + RetryPeriod: config.RetryPeriod.Duration, + WatchDog: leaderelection.NewLeaderHealthzAdaptor(time.Second * 20), + Name: constants.ResourceSyncerUserAgent, + }, nil +} + +func getInClusterNamespace() (string, error) { + // Check whether the namespace file exists. + // If not, we are not running in cluster so can't guess the namespace. + _, err := os.Stat("/var/run/secrets/kubernetes.io/serviceaccount/namespace") + if os.IsNotExist(err) { + return "", fmt.Errorf("not running in-cluster, please specify LeaderElectionNamespace") + } else if err != nil { + return "", fmt.Errorf("error checking namespace file: %v", err) + } + + // Load the namespace file and return its content + namespace, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace") + if err != nil { + return "", fmt.Errorf("error reading namespace file: %v", err) + } + return string(namespace), nil +} + +// getClientConfig creates a Kubernetes client rest config from the given config and masterOverride. +func getClientConfig(config componentbaseconfig.ClientConnectionConfiguration, masterOverride string, inCluster bool) (*restclient.Config, error) { + // This creates a client, first loading any specified kubeconfig + // file, and then overriding the Master flag, if non-empty. + var ( + restConfig *restclient.Config + err error + ) + if len(config.Kubeconfig) == 0 && len(masterOverride) == 0 && inCluster { + klog.Info("Neither kubeconfig file nor master URL was specified. Falling back to in-cluster config.") + restConfig, err = rest.InClusterConfig() + } else { + // This creates a client, first loading any specified kubeconfig + // file, and then overriding the Master flag, if non-empty. + restConfig, err = clientcmd.NewNonInteractiveDeferredLoadingClientConfig( + &clientcmd.ClientConfigLoadingRules{ExplicitPath: config.Kubeconfig}, + &clientcmd.ConfigOverrides{ClusterInfo: clientcmdapi.Cluster{Server: masterOverride}}).ClientConfig() + } + + if err != nil { + return nil, err + } + + if restConfig.Timeout == 0 { + restConfig.Timeout = constants.DefaultRequestTimeout + } + + restConfig.ContentConfig.ContentType = config.AcceptContentTypes + restConfig.QPS = config.QPS + if restConfig.QPS == 0 { + restConfig.QPS = constants.DefaultSyncerClientQPS + } + restConfig.Burst = int(config.Burst) + if restConfig.Burst == 0 { + restConfig.Burst = constants.DefaultSyncerClientBurst + } + + return restConfig, nil +} diff --git a/virtualcluster/cmd/syncer/app/server.go b/virtualcluster/cmd/syncer/app/server.go new file mode 100644 index 00000000..5e451939 --- /dev/null +++ b/virtualcluster/cmd/syncer/app/server.go @@ -0,0 +1,175 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package app + +import ( + "context" + "fmt" + "net" + "net/http" + _ "net/http/pprof" + "os" + + "github.com/spf13/cobra" + "k8s.io/apiserver/pkg/server/healthz" + "k8s.io/apiserver/pkg/util/term" + v1core "k8s.io/client-go/kubernetes/typed/core/v1" + "k8s.io/client-go/tools/leaderelection" + cliflag "k8s.io/component-base/cli/flag" + "k8s.io/component-base/cli/globalflag" + "k8s.io/klog" + + syncerconfig "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/syncer/app/config" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/syncer/app/options" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer" + utilflag "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/flag" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/version/verflag" +) + +func NewSyncerCommand(stopChan <-chan struct{}) *cobra.Command { + s, err := options.NewResourceSyncerOptions() + if err != nil { + klog.Fatalf("unable to initialize command options: %v", err) + } + + cmd := &cobra.Command{ + Use: "syncer", + Long: `The resource syncer is a daemon that watches tenant clusters to +keep tenant requests are synchronized to super cluster by creating corresponding +custom resources on behalf of the tenant users in super cluster.`, + Run: func(cmd *cobra.Command, args []string) { + var err error + var c *syncerconfig.Config + verflag.PrintAndExitIfRequested() + utilflag.PrintFlags(cmd.Flags()) + + c, err = s.Config() + if err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } + + if err := Run(c.Complete(), stopChan); err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } + }, + } + + fs := cmd.Flags() + namedFlagSets := s.Flags() + verflag.AddFlags(namedFlagSets.FlagSet("global")) + globalflag.AddGlobalFlags(namedFlagSets.FlagSet("global"), cmd.Name()) + + for _, f := range namedFlagSets.FlagSets { + fs.AddFlagSet(f) + } + usageFmt := "Usage:\n %s\n" + cols, _, _ := term.TerminalSize(cmd.OutOrStdout()) + cmd.SetUsageFunc(func(cmd *cobra.Command) error { + fmt.Fprintf(cmd.OutOrStderr(), usageFmt, cmd.UseLine()) + cliflag.PrintSections(cmd.OutOrStderr(), namedFlagSets, cols) + return nil + }) + cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) { + fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine()) + cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols) + }) + + return cmd +} + +func Run(cc *syncerconfig.CompletedConfig, stopCh <-chan struct{}) error { + ss, err := syncer.New(&cc.ComponentConfig, + cc.VirtualClusterClient, + cc.VirtualClusterInformer, + cc.MetaClusterClient, + cc.SuperClusterClient, + cc.SuperClusterInformerFactory, + cc.Recorder) + + if err != nil { + return fmt.Errorf("new syncer: %v", err) + } + + // Prepare the event broadcaster. + if cc.Broadcaster != nil && cc.SuperClusterClient != nil { + cc.Broadcaster.StartRecordingToSink(&v1core.EventSinkImpl{Interface: cc.SuperClusterClient.CoreV1().Events("")}) + } + + // Start all informers. + go cc.VirtualClusterInformer.Informer().Run(stopCh) + cc.SuperClusterInformerFactory.Start(stopCh) + + // Wait for all caches to sync before resource sync. + cc.SuperClusterInformerFactory.WaitForCacheSync(stopCh) + + ctx, cancel := context.WithCancel(context.TODO()) + defer cancel() + + // Prepare a reusable runCommand function. + run := startSyncer(ctx, ss, cc, stopCh) + + go func() { + select { + case <-stopCh: + cancel() + case <-ctx.Done(): + } + }() + + if cc.LeaderElection != nil { + cc.LeaderElection.Callbacks = leaderelection.LeaderCallbacks{ + OnStartedLeading: run, + OnStoppedLeading: func() { + klog.Fatalf("leaderelection lost") + }, + } + leaderElector, err := leaderelection.NewLeaderElector(*cc.LeaderElection) + if err != nil { + return fmt.Errorf("couldn't create leader elector: %v", err) + } + + leaderElector.Run(ctx) + + return fmt.Errorf("lost lease") + } + + // Leader election is disabled, so runCommand inline until done. + run(ctx) + return fmt.Errorf("finished without leader elect") +} + +func startSyncer(ctx context.Context, s syncer.Bootstrap, cc *syncerconfig.CompletedConfig, stopCh <-chan struct{}) func(context.Context) { + return func(ctx context.Context) { + s.Run(stopCh) + go func() { + s.ListenAndServe(net.JoinHostPort(cc.Address, cc.Port), cc.CertFile, cc.KeyFile) + }() + go func() { + // start a pprof http server + klog.Fatal(http.ListenAndServe(":6060", nil)) + }() + go func() { + // start a health http server. + mux := http.NewServeMux() + healthz.InstallHandler(mux) + klog.Fatal(http.ListenAndServe(":8080", mux)) + }() + <-ctx.Done() + } +} diff --git a/virtualcluster/cmd/syncer/builtins.go b/virtualcluster/cmd/syncer/builtins.go new file mode 100644 index 00000000..c6c5a0fb --- /dev/null +++ b/virtualcluster/cmd/syncer/builtins.go @@ -0,0 +1,32 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/configmap" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/endpoints" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/event" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/namespace" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/node" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/persistentvolume" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/persistentvolumeclaim" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/pod" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/secret" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/service" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/serviceaccount" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/storageclass" +) diff --git a/virtualcluster/cmd/syncer/builtins_extra.go b/virtualcluster/cmd/syncer/builtins_extra.go new file mode 100644 index 00000000..95820ded --- /dev/null +++ b/virtualcluster/cmd/syncer/builtins_extra.go @@ -0,0 +1,23 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/crd" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/ingress" + _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/priorityclass" +) diff --git a/virtualcluster/cmd/syncer/main.go b/virtualcluster/cmd/syncer/main.go new file mode 100644 index 00000000..64502392 --- /dev/null +++ b/virtualcluster/cmd/syncer/main.go @@ -0,0 +1,41 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "math/rand" + "os" + "time" + + genericapiserver "k8s.io/apiserver/pkg/server" + "k8s.io/component-base/logs" + + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/syncer/app" +) + +func main() { + rand.Seed(time.Now().UTC().UnixNano()) + + logs.InitLogs() + defer logs.FlushLogs() + + stopChan := genericapiserver.SetupSignalHandler() + + if err := app.NewSyncerCommand(stopChan).Execute(); err != nil { + os.Exit(1) + } +} diff --git a/virtualcluster/cmd/vn-agent/app/options/options.go b/virtualcluster/cmd/vn-agent/app/options/options.go new file mode 100644 index 00000000..621dbac0 --- /dev/null +++ b/virtualcluster/cmd/vn-agent/app/options/options.go @@ -0,0 +1,126 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package options + +import ( + "crypto/tls" + "fmt" + "os" + + "github.com/pkg/errors" + cliflag "k8s.io/component-base/cli/flag" + + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/util/featuregate" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/vn-agent/config" +) + +// Options holds the config from command line. +type Options struct { + // ServerOption + ServerOption + // KubeletOption + KubeletOption KubeletClientConfig +} + +type ServerOption struct { + // ClientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate + // signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName, + // and groups corresponding to the Organization in the client certificate. + ClientCAFile string + // CertDirectory is the directory where the TLS certs are located + CertDirectory string + // TLSCertFile is the file containing x509 Certificate for HTTPS + TLSCertFile string + // TLSPrivateKeyFile is the file containing x509 private key matching tlsCertFile + TLSPrivateKeyFile string + + // Port is the vn-agent server listening on. + Port uint + + // FeatureGates enabled by the user. + FeatureGates map[string]bool +} + +// Subset of the full options exposed in k8s.io/kubernetes/pkg/kubelet/client.KubeletClientConfig +type KubeletClientConfig struct { + // Port specifies the default port - used if no information about Kubelet port can be found in Node.NodeStatus.DaemonEndpoints. + Port uint + + // Server requires TLS client certificate authentication + CertFile string + // Server requires TLS client certificate authentication + KeyFile string +} + +func NewVnAgentOptions() (*Options, error) { + return &Options{ + KubeletOption: KubeletClientConfig{}, + ServerOption: ServerOption{ + FeatureGates: map[string]bool{}, + }, + }, nil +} + +// Flags in command line. +func (o *Options) Flags() cliflag.NamedFlagSets { + fss := cliflag.NamedFlagSets{} + + serverFS := fss.FlagSet("server") + serverFS.StringVar(&o.ClientCAFile, "client-ca-file", o.ClientCAFile, "kube config file to use for connecting to the Kubernetes API server") + serverFS.StringVar(&o.CertDirectory, "cert-dir", o.CertDirectory, "CertDirectory is the directory where the TLS certs are located") + serverFS.StringVar(&o.TLSCertFile, "tls-cert-file", o.TLSCertFile, "TLSCertFile is the file containing x509 Certificate for HTTPS") + serverFS.StringVar(&o.TLSPrivateKeyFile, "tls-private-key-file", o.TLSPrivateKeyFile, "TLSPrivateKeyFile is the file containing x509 private key matching tlsCertFile") + serverFS.UintVar(&o.Port, "port", 10550, "Port is the server listening on") + serverFS.Var(cliflag.NewMapStringBool(&o.ServerOption.FeatureGates), "feature-gates", "A set of key=value pairs that describe featuregate gates for various features.") + + kubeletFS := fss.FlagSet("kubelet") + kubeletFS.StringVar(&o.KubeletOption.CertFile, "kubelet-client-certificate", o.KubeletOption.CertFile, "Path to a client cert file for TLS") + kubeletFS.StringVar(&o.KubeletOption.KeyFile, "kubelet-client-key", o.KubeletOption.KeyFile, "Path to a client key file for TLS") + kubeletFS.UintVar(&o.KubeletOption.Port, "kubelet-port", 10250, "Kubelet security port") + + return fss +} + +func fileNotExistOrEmpty(fn string) bool { + if fn == "" { + return true + } + fi, _ := os.Stat(fn) + return fi.Size() == 0 +} + +// Config is the config to create a vn-agent server handler. +func (o *Options) Config() (*config.Config, *ServerOption, error) { + // vc-kubelet-client may be a place holder that contains empty certificate and key data + if fileNotExistOrEmpty(o.KubeletOption.CertFile) || fileNotExistOrEmpty(o.KubeletOption.KeyFile) { + return &config.Config{KubeletClientCert: nil}, &o.ServerOption, nil + } + kubeletClientCertPair, err := tls.LoadX509KeyPair(o.KubeletOption.CertFile, o.KubeletOption.KeyFile) + if err != nil { + return nil, nil, errors.Wrapf(err, "failed to load kubelet tls config") + } + + featuregate.DefaultFeatureGate, err = featuregate.NewFeatureGate(o.ServerOption.FeatureGates) + if err != nil { + return nil, nil, err + } + + return &config.Config{ + KubeletClientCert: &kubeletClientCertPair, + KubeletServerHost: fmt.Sprintf("https://127.0.0.1:%v", o.KubeletOption.Port), + }, &o.ServerOption, nil +} diff --git a/virtualcluster/cmd/vn-agent/app/server.go b/virtualcluster/cmd/vn-agent/app/server.go new file mode 100644 index 00000000..91845e40 --- /dev/null +++ b/virtualcluster/cmd/vn-agent/app/server.go @@ -0,0 +1,143 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package app + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "net/http" + "os" + + "github.com/pkg/errors" + "github.com/spf13/cobra" + "k8s.io/apiserver/pkg/util/term" + certutil "k8s.io/client-go/util/cert" + cliflag "k8s.io/component-base/cli/flag" + "k8s.io/component-base/cli/globalflag" + "k8s.io/klog" + + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/vn-agent/app/options" + utilflag "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/flag" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/version/verflag" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/vn-agent/certificate" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/vn-agent/config" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/vn-agent/server" +) + +func NewVnAgentCommand(stopChan <-chan struct{}) *cobra.Command { + s, err := options.NewVnAgentOptions() + if err != nil { + klog.Fatalf("unable to initialize command options: %v", err) + } + + cmd := &cobra.Command{ + Use: "vn-agent", + Long: `The vn-agent is proxy between tenant apiserver and kubelet server on physical node.`, + Run: func(cmd *cobra.Command, args []string) { + verflag.PrintAndExitIfRequested() + utilflag.PrintFlags(cmd.Flags()) + + c, serverOptions, err := s.Config() + if err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } + + if err := Run(c, serverOptions, stopChan); err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } + }, + } + + fs := cmd.Flags() + namedFlagSets := s.Flags() + verflag.AddFlags(namedFlagSets.FlagSet("global")) + globalflag.AddGlobalFlags(namedFlagSets.FlagSet("global"), cmd.Name()) + + for _, f := range namedFlagSets.FlagSets { + fs.AddFlagSet(f) + } + usageFmt := "Usage:\n %s\n" + cols, _, _ := term.TerminalSize(cmd.OutOrStdout()) + cmd.SetUsageFunc(func(cmd *cobra.Command) error { + fmt.Fprintf(cmd.OutOrStderr(), usageFmt, cmd.UseLine()) + cliflag.PrintSections(cmd.OutOrStderr(), namedFlagSets, cols) + return nil + }) + cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) { + fmt.Fprintf(cmd.OutOrStdout(), "%s\n\n"+usageFmt, cmd.Long, cmd.UseLine()) + cliflag.PrintSections(cmd.OutOrStdout(), namedFlagSets, cols) + }) + + return cmd +} + +// Run start the vn-agent server. +func Run(c *config.Config, serverOption *options.ServerOption, stopCh <-chan struct{}) error { + handler, err := server.NewServer(c) + if err != nil { + return errors.Wrapf(err, "create server") + } + + s := &http.Server{ + Addr: fmt.Sprintf(":%d", serverOption.Port), + Handler: handler, + TLSConfig: &tls.Config{ + ClientAuth: tls.RequestClientCert, + }, + } + + if serverOption.ClientCAFile != "" { + clientCAs, err := certutil.CertsFromFile(serverOption.ClientCAFile) + if err != nil { + return errors.Wrapf(err, "unable to load client CA file") + } + + certPool := x509.NewCertPool() + for _, cert := range clientCAs { + certPool.AddCert(cert) + } + + s.TLSConfig.ClientCAs = certPool + s.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert + } + + tlsConfig, err := certificate.InitializeTLS(serverOption.CertDirectory, serverOption.TLSCertFile, serverOption.TLSPrivateKeyFile, "vn") + if err != nil { + return errors.Wrapf(err, "failed to initial tls config") + } + + klog.Infof("server listen on %s", s.Addr) + + errCh := make(chan error) + go func() { + err := s.ListenAndServeTLS(tlsConfig.CertFile, tlsConfig.KeyFile) + errCh <- err + }() + + select { + case <-stopCh: + klog.Infof("closing server...") + s.Close() + case err := <-errCh: + klog.Errorf("server listen error %v", err) + } + + return nil +} diff --git a/virtualcluster/cmd/vn-agent/main.go b/virtualcluster/cmd/vn-agent/main.go new file mode 100644 index 00000000..3ded57b0 --- /dev/null +++ b/virtualcluster/cmd/vn-agent/main.go @@ -0,0 +1,41 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "math/rand" + "os" + "time" + + genericapiserver "k8s.io/apiserver/pkg/server" + "k8s.io/component-base/logs" + + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/vn-agent/app" +) + +func main() { + rand.Seed(time.Now().UTC().UnixNano()) + + logs.InitLogs() + defer logs.FlushLogs() + + stopChan := genericapiserver.SetupSignalHandler() + + if err := app.NewVnAgentCommand(stopChan).Execute(); err != nil { + os.Exit(1) + } +} diff --git a/virtualcluster/config/crds/cluster.x-k8s.io_clusters.yaml b/virtualcluster/config/crds/cluster.x-k8s.io_clusters.yaml new file mode 100644 index 00000000..cb24f090 --- /dev/null +++ b/virtualcluster/config/crds/cluster.x-k8s.io_clusters.yaml @@ -0,0 +1,164 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: clusters.cluster.x-k8s.io +spec: + group: cluster.x-k8s.io + names: + kind: Cluster + listKind: ClusterList + plural: clusters + singular: cluster + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + clusterNetwork: + properties: + apiServerPort: + format: int32 + type: integer + pods: + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + type: string + services: + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + type: object + controlPlaneEndpoint: + properties: + host: + type: string + port: + format: int32 + type: integer + required: + - host + - port + type: object + controlPlaneRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + infrastructureRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + paused: + type: boolean + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + controlPlaneInitialized: + type: boolean + controlPlaneReady: + type: boolean + failureDomains: + additionalProperties: + properties: + attributes: + additionalProperties: + type: string + type: object + controlPlane: + type: boolean + type: object + type: object + failureMessage: + type: string + failureReason: + type: string + infrastructureReady: + type: boolean + observedGeneration: + format: int64 + type: integer + phase: + type: string + type: object + type: object + version: v1alpha4 + versions: + - name: v1alpha4 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/virtualcluster/config/crds/tenancy.x-k8s.io_clusterversions.yaml b/virtualcluster/config/crds/tenancy.x-k8s.io_clusterversions.yaml new file mode 100644 index 00000000..002559b9 --- /dev/null +++ b/virtualcluster/config/crds/tenancy.x-k8s.io_clusterversions.yaml @@ -0,0 +1,9087 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: clusterversions.tenancy.x-k8s.io +spec: + group: tenancy.x-k8s.io + names: + kind: ClusterVersion + listKind: ClusterVersionList + plural: clusterversions + shortNames: + - cv + singular: clusterversion + scope: Cluster + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + apiServer: + properties: + metadata: + type: object + service: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + clusterIP: + type: string + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + ipFamily: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + topologyKeys: + items: + type: string + type: array + type: + type: string + type: object + status: + properties: + loadBalancer: + properties: + ingress: + items: + properties: + hostname: + type: string + ip: + type: string + type: object + type: array + type: object + type: object + type: object + x-kubernetes-embedded-resource: true + statefulset: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + podManagementPolicy: + type: string + replicas: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + serviceName: + type: string + template: + properties: + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + partition: + format: int32 + type: integer + type: object + type: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + required: + - selector + - serviceName + - template + type: object + status: + properties: + collisionCount: + format: int32 + type: integer + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + currentReplicas: + format: int32 + type: integer + currentRevision: + type: string + observedGeneration: + format: int64 + type: integer + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + updateRevision: + type: string + updatedReplicas: + format: int32 + type: integer + required: + - replicas + type: object + type: object + x-kubernetes-embedded-resource: true + type: object + controllerManager: + properties: + metadata: + type: object + service: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + clusterIP: + type: string + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + ipFamily: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + topologyKeys: + items: + type: string + type: array + type: + type: string + type: object + status: + properties: + loadBalancer: + properties: + ingress: + items: + properties: + hostname: + type: string + ip: + type: string + type: object + type: array + type: object + type: object + type: object + x-kubernetes-embedded-resource: true + statefulset: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + podManagementPolicy: + type: string + replicas: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + serviceName: + type: string + template: + properties: + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + partition: + format: int32 + type: integer + type: object + type: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + required: + - selector + - serviceName + - template + type: object + status: + properties: + collisionCount: + format: int32 + type: integer + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + currentReplicas: + format: int32 + type: integer + currentRevision: + type: string + observedGeneration: + format: int64 + type: integer + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + updateRevision: + type: string + updatedReplicas: + format: int32 + type: integer + required: + - replicas + type: object + type: object + x-kubernetes-embedded-resource: true + type: object + etcd: + properties: + metadata: + type: object + service: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + clusterIP: + type: string + externalIPs: + items: + type: string + type: array + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + ipFamily: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + topologyKeys: + items: + type: string + type: array + type: + type: string + type: object + status: + properties: + loadBalancer: + properties: + ingress: + items: + properties: + hostname: + type: string + ip: + type: string + type: object + type: array + type: object + type: object + type: object + x-kubernetes-embedded-resource: true + statefulset: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + podManagementPolicy: + type: string + replicas: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + serviceName: + type: string + template: + properties: + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + partition: + format: int32 + type: integer + type: object + type: + type: string + type: object + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + phase: + type: string + type: object + type: object + type: array + required: + - selector + - serviceName + - template + type: object + status: + properties: + collisionCount: + format: int32 + type: integer + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + currentReplicas: + format: int32 + type: integer + currentRevision: + type: string + observedGeneration: + format: int64 + type: integer + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + updateRevision: + type: string + updatedReplicas: + format: int32 + type: integer + required: + - replicas + type: object + type: object + x-kubernetes-embedded-resource: true + type: object + type: object + status: + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/virtualcluster/config/crds/tenancy.x-k8s.io_virtualclusters.yaml b/virtualcluster/config/crds/tenancy.x-k8s.io_virtualclusters.yaml new file mode 100644 index 00000000..ad0e6574 --- /dev/null +++ b/virtualcluster/config/crds/tenancy.x-k8s.io_virtualclusters.yaml @@ -0,0 +1,91 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: virtualclusters.tenancy.x-k8s.io +spec: + group: tenancy.x-k8s.io + names: + kind: VirtualCluster + listKind: VirtualClusterList + plural: virtualclusters + shortNames: + - vc + singular: virtualcluster + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + clusterDomain: + type: string + clusterVersionName: + type: string + opaqueMetaPrefixes: + items: + type: string + type: array + pkiExpireDays: + format: int64 + type: integer + serviceCidr: + type: string + transparentMetaPrefixes: + items: + type: string + type: array + required: + - clusterVersionName + type: object + status: + properties: + clusterNamespace: + type: string + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + required: + - status + type: object + type: array + message: + type: string + phase: + type: string + reason: + type: string + required: + - phase + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/virtualcluster/config/default/kustomization.yaml b/virtualcluster/config/default/kustomization.yaml new file mode 100644 index 00000000..7fb1b056 --- /dev/null +++ b/virtualcluster/config/default/kustomization.yaml @@ -0,0 +1,49 @@ +# Adds namespace to all resources. +namespace: virtualcluster-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: virtualcluster- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +# Each entry in this list must resolve to an existing +# resource definition in YAML. These are the resource +# files that kustomize reads, modifies and emits as a +# YAML string, with resources separated by document +# markers ("---"). +resources: +- ../rbac/rbac_role.yaml +- ../rbac/rbac_role_binding.yaml +- ../manager/manager.yaml + # Comment the following 3 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. +- ../rbac/auth_proxy_service.yaml +- ../rbac/auth_proxy_role.yaml +- ../rbac/auth_proxy_role_binding.yaml + +patches: +- manager_image_patch.yaml + # Protect the /metrics endpoint by putting it behind auth. + # Only one of manager_auth_proxy_patch.yaml and + # manager_prometheus_metrics_patch.yaml should be enabled. +- manager_auth_proxy_patch.yaml + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, uncomment the following line and + # comment manager_auth_proxy_patch.yaml. + # Only one of manager_auth_proxy_patch.yaml and + # manager_prometheus_metrics_patch.yaml should be enabled. +#- manager_prometheus_metrics_patch.yaml + +vars: +- name: WEBHOOK_SECRET_NAME + objref: + kind: Secret + name: webhook-server-secret + apiVersion: v1 diff --git a/virtualcluster/config/default/manager_auth_proxy_patch.yaml b/virtualcluster/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 00000000..cbcc6d0f --- /dev/null +++ b/virtualcluster/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,24 @@ +# This patch inject a sidecar container which is a HTTP proxy for the controller manager, +# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + - name: manager + args: + - "--metrics-addr=127.0.0.1:8080" diff --git a/virtualcluster/config/default/manager_image_patch.yaml b/virtualcluster/config/default/manager_image_patch.yaml new file mode 100644 index 00000000..fcbf39dc --- /dev/null +++ b/virtualcluster/config/default/manager_image_patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + # Change the value of image field below to your controller image URL + - image: IMAGE_URL + name: manager diff --git a/virtualcluster/config/default/manager_prometheus_metrics_patch.yaml b/virtualcluster/config/default/manager_prometheus_metrics_patch.yaml new file mode 100644 index 00000000..96fdcdac --- /dev/null +++ b/virtualcluster/config/default/manager_prometheus_metrics_patch.yaml @@ -0,0 +1,19 @@ +# This patch enables Prometheus scraping for the manager pod. +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: controller-manager + namespace: system +spec: + template: + metadata: + annotations: + prometheus.io/scrape: 'true' + spec: + containers: + # Expose the prometheus metrics on default port + - name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP diff --git a/virtualcluster/config/manager/manager.yaml b/virtualcluster/config/manager/manager.yaml new file mode 100644 index 00000000..b718bb4e --- /dev/null +++ b/virtualcluster/config/manager/manager.yaml @@ -0,0 +1,83 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: system +--- +apiVersion: v1 +kind: Service +metadata: + name: controller-manager-service + namespace: system + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + ports: + - port: 443 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + serviceName: controller-manager-service + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /manager + image: controller:latest + imagePullPolicy: Always + name: manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SECRET_NAME + value: $(WEBHOOK_SECRET_NAME) + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + ports: + - containerPort: 9876 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-secret +--- +apiVersion: v1 +kind: Secret +metadata: + name: webhook-server-secret + namespace: system diff --git a/virtualcluster/config/rbac/auth_proxy_role.yaml b/virtualcluster/config/rbac/auth_proxy_role.yaml new file mode 100644 index 00000000..618f5e41 --- /dev/null +++ b/virtualcluster/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/virtualcluster/config/rbac/auth_proxy_role_binding.yaml b/virtualcluster/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 00000000..48ed1e4b --- /dev/null +++ b/virtualcluster/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/virtualcluster/config/rbac/auth_proxy_service.yaml b/virtualcluster/config/rbac/auth_proxy_service.yaml new file mode 100644 index 00000000..0c00b54a --- /dev/null +++ b/virtualcluster/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8443" + prometheus.io/scheme: https + prometheus.io/scrape: "true" + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: controller-manager-metrics-service + namespace: kube-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" diff --git a/virtualcluster/config/rbac/rbac_role.yaml b/virtualcluster/config/rbac/rbac_role.yaml new file mode 100644 index 00000000..e6ab1570 --- /dev/null +++ b/virtualcluster/config/rbac/rbac_role.yaml @@ -0,0 +1,177 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions/status + verbs: + - get + - update + - patch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - secrets/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters/status + verbs: + - get + - update + - patch +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions + verbs: + - get + - list + - watch +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions/status + verbs: + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/virtualcluster/config/rbac/rbac_role_binding.yaml b/virtualcluster/config/rbac/rbac_role_binding.yaml new file mode 100644 index 00000000..c1033e23 --- /dev/null +++ b/virtualcluster/config/rbac/rbac_role_binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/virtualcluster/config/sampleswithspec/clusterversion_v1_loadbalancer.yaml b/virtualcluster/config/sampleswithspec/clusterversion_v1_loadbalancer.yaml new file mode 100644 index 00000000..87033b47 --- /dev/null +++ b/virtualcluster/config/sampleswithspec/clusterversion_v1_loadbalancer.yaml @@ -0,0 +1,308 @@ +apiVersion: tenancy.x-k8s.io/v1alpha1 +kind: ClusterVersion +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: cv-sample-lb +spec: + # a statefulset and service bundle for etcd + etcd: + metadata: + name: etcd + statefulset: + metadata: + name: etcd + spec: + replicas: 1 + revisionHistoryLimit: 10 + serviceName: etcd + selector: + matchLabels: + component-name: etcd + # etcd will not be updated, unless it is deleted + updateStrategy: + type: OnDelete + template: + metadata: + labels: + component-name: etcd + spec: + subdomain: etcd + containers: + - name: etcd + image: virtualcluster/etcd-v3.4.0 + imagePullPolicy: Always + command: + - etcd + # pass the pod name(hostname) to container for composing the advertise-urls args + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - --name=$(HOSTNAME) + - --trusted-ca-file=/etc/kubernetes/pki/root/tls.crt + - --client-cert-auth + - --cert-file=/etc/kubernetes/pki/etcd/tls.crt + - --key-file=/etc/kubernetes/pki/etcd/tls.key + - --peer-client-cert-auth + - --peer-trusted-ca-file=/etc/kubernetes/pki/root/tls.crt + - --peer-cert-file=/etc/kubernetes/pki/etcd/tls.crt + - --peer-key-file=/etc/kubernetes/pki/etcd/tls.key + - --listen-peer-urls=https://0.0.0.0:2380 + - --listen-client-urls=https://0.0.0.0:2379 + - --initial-advertise-peer-urls=https://$(HOSTNAME).etcd:2380 + # we use a headless service to encapsulate each pod + - --advertise-client-urls=https://$(HOSTNAME).etcd:2379 + - --initial-cluster-state=new + - --initial-cluster-token=vc-etcd + - --data-dir=/var/lib/etcd/data + # --initial-cluster option will be set during runtime based on the number of replicas + livenessProbe: + exec: + command: + - sh + - -c + - ETCDCTL_API=3 etcdctl --endpoints=https://etcd:2379 --cacert=/etc/kubernetes/pki/root/tls.crt --cert=/etc/kubernetes/pki/etcd/tls.crt --key=/etc/kubernetes/pki/etcd/tls.key endpoint health + failureThreshold: 8 + initialDelaySeconds: 60 + timeoutSeconds: 15 + readinessProbe: + exec: + command: + - sh + - -c + - ETCDCTL_API=3 etcdctl --endpoints=https://etcd:2379 --cacert=/etc/kubernetes/pki/root/tls.crt --cert=/etc/kubernetes/pki/etcd/tls.crt --key=/etc/kubernetes/pki/etcd/tls.key endpoint health + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 2 + timeoutSeconds: 15 + volumeMounts: + - mountPath: /etc/kubernetes/pki/etcd + name: etcd-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/root + name: root-ca + readOnly: true + volumes: + - name: etcd-ca + secret: + defaultMode: 420 + secretName: etcd-ca + - name: root-ca + secret: + defaultMode: 420 + secretName: root-ca + # etcd will be accessed only by apiserver from inside the cluster, so we use a headless service to + # encapsulate it + service: + metadata: + name: etcd + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + spec: + type: ClusterIP + clusterIP: None + selector: + component-name: etcd + # a statefulset and service bundle for apiserver + apiServer: + metadata: + name: apiserver + statefulset: + metadata: + name: apiserver + spec: + replicas: 1 + revisionHistoryLimit: 10 + serviceName: apiserver-svc + selector: + matchLabels: + component-name: apiserver + # apiserver will not be updated, unless it is deleted + updateStrategy: + type: OnDelete + template: + metadata: + labels: + component-name: apiserver + spec: + hostname: apiserver + subdomain: apiserver-svc + containers: + - name: apiserver + image: virtualcluster/apiserver-v1.16.2 + imagePullPolicy: Always + command: + - kube-apiserver + args: + - --bind-address=0.0.0.0 + - --allow-privileged=true + - --anonymous-auth=true + - --client-ca-file=/etc/kubernetes/pki/root/tls.crt + - --tls-cert-file=/etc/kubernetes/pki/apiserver/tls.crt + - --tls-private-key-file=/etc/kubernetes/pki/apiserver/tls.key + - --kubelet-https=true + - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver/tls.crt + - --kubelet-client-key=/etc/kubernetes/pki/apiserver/tls.key + - --enable-bootstrap-token-auth=true + - --etcd-servers=https://etcd-0.etcd:2379 + - --etcd-cafile=/etc/kubernetes/pki/root/tls.crt + - --etcd-certfile=/etc/kubernetes/pki/apiserver/tls.crt + - --etcd-keyfile=/etc/kubernetes/pki/apiserver/tls.key + - --service-account-key-file=/etc/kubernetes/pki/service-account/tls.key + - --service-cluster-ip-range=10.32.0.0/16 + - --service-node-port-range=30000-32767 + - --authorization-mode=Node,RBAC + - --runtime-config=api/all + - --enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota + - --apiserver-count=1 + - --endpoint-reconciler-type=master-count + - --v=2 + ports: + - containerPort: 6443 + protocol: TCP + name: api + livenessProbe: + # since we set anonymous-auth to false, we use tcp instead of https + tcpSocket: + port: 6443 + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 15 + readinessProbe: + httpGet: + port: 6443 + path: /healthz + scheme: HTTPS + failureThreshold: 8 + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /etc/kubernetes/pki/apiserver + name: apiserver-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/root + name: root-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/service-account + name: serviceaccount-rsa + readOnly: true + securityContext: {} + terminationGracePeriodSeconds: 30 + dnsConfig: + searches: + - cluster.local + volumes: + - name: apiserver-ca + secret: + defaultMode: 420 + secretName: apiserver-ca + - name: root-ca + secret: + defaultMode: 420 + secretName: root-ca + - name: serviceaccount-rsa + secret: + defaultMode: 420 + secretName: serviceaccount-rsa + service: + metadata: + name: apiserver-svc + spec: + selector: + component-name: apiserver + type: LoadBalancer + ports: + - port: 6443 + protocol: TCP + targetPort: api + # a statefulset and service bundle for controller-manager + controllerManager: + metadata: + name: controller-manager + # statefuleset template for controller-manager + statefulset: + metadata: + name: controller-manager + spec: + serviceName: controller-manager-svc + replicas: 1 + selector: + matchLabels: + component-name: controller-manager + updateStrategy: + type: OnDelete + template: + metadata: + labels: + component-name: controller-manager + spec: + containers: + - name: controller-manager + image: virtualcluster/controller-manager-v1.16.2 + imagePullPolicy: Always + command: + - kube-controller-manager + args: + - --bind-address=0.0.0.0 + - --cluster-cidr=10.200.0.0/16 + - --cluster-signing-cert-file=/etc/kubernetes/pki/root/tls.crt + - --cluster-signing-key-file=/etc/kubernetes/pki/root/tls.key + - --kubeconfig=/etc/kubernetes/kubeconfig/controller-manager-kubeconfig + - --authorization-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager-kubeconfig + - --authentication-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager-kubeconfig + # control plane contains only one instance for now + - --leader-elect=false + - --root-ca-file=/etc/kubernetes/pki/root/tls.crt + - --service-account-private-key-file=/etc/kubernetes/pki/service-account/tls.key + - --service-cluster-ip-range=10.32.0.0/24 + - --use-service-account-credentials=true + - --experimental-cluster-signing-duration=87600h + - --node-monitor-grace-period=200s + - --v=2 + livenessProbe: + httpGet: + path: /healthz + port: 10252 + scheme: HTTP + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 15 + readinessProbe: + httpGet: + port: 10252 + path: /healthz + scheme: HTTP + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 2 + timeoutSeconds: 15 + volumeMounts: + - mountPath: /etc/kubernetes/pki/root + name: root-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/service-account + name: serviceaccount-rsa + readOnly: true + - mountPath: /etc/kubernetes/kubeconfig + name: kubeconfig + readOnly: true + volumes: + - name: root-ca + secret: + defaultMode: 420 + secretName: root-ca + - name: serviceaccount-rsa + secret: + defaultMode: 420 + secretName: serviceaccount-rsa + - name: kubeconfig + secret: + defaultMode: 420 + secretName: controller-manager-kubeconfig + # controller-manager will never be accessed proactively, no need to be exposed diff --git a/virtualcluster/config/sampleswithspec/clusterversion_v1_nodeport.yaml b/virtualcluster/config/sampleswithspec/clusterversion_v1_nodeport.yaml new file mode 100644 index 00000000..2516c2a5 --- /dev/null +++ b/virtualcluster/config/sampleswithspec/clusterversion_v1_nodeport.yaml @@ -0,0 +1,320 @@ +apiVersion: tenancy.x-k8s.io/v1alpha1 +kind: ClusterVersion +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: cv-sample-np +spec: + # a statefulset and service bundle for etcd + etcd: + metadata: + name: etcd + statefulset: + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: etcd + spec: + replicas: 1 + revisionHistoryLimit: 10 + serviceName: etcd + selector: + matchLabels: + component-name: etcd + # etcd will not be updated, unless it is deleted + updateStrategy: + type: OnDelete + template: + metadata: + labels: + component-name: etcd + spec: + subdomain: etcd + containers: + - name: etcd + image: virtualcluster/etcd-v3.4.0 + imagePullPolicy: Always + command: + - etcd + # pass the pod name(hostname) to container for composing the advertise-urls args + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: metadata.name + args: + - --name=$(HOSTNAME) + - --trusted-ca-file=/etc/kubernetes/pki/root/tls.crt + - --client-cert-auth + - --cert-file=/etc/kubernetes/pki/etcd/tls.crt + - --key-file=/etc/kubernetes/pki/etcd/tls.key + - --peer-client-cert-auth + - --peer-trusted-ca-file=/etc/kubernetes/pki/root/tls.crt + - --peer-cert-file=/etc/kubernetes/pki/etcd/tls.crt + - --peer-key-file=/etc/kubernetes/pki/etcd/tls.key + - --listen-peer-urls=https://0.0.0.0:2380 + - --listen-client-urls=https://0.0.0.0:2379 + - --initial-advertise-peer-urls=https://$(HOSTNAME).etcd:2380 + # we use a headless service to encapsulate each pod + - --advertise-client-urls=https://$(HOSTNAME).etcd:2379 + - --initial-cluster-state=new + - --initial-cluster-token=vc-etcd + - --data-dir=/var/lib/etcd/data + # --initial-cluster option will be set during runtime based on the number of replicas + livenessProbe: + exec: + command: + - sh + - -c + - ETCDCTL_API=3 etcdctl --endpoints=https://etcd:2379 --cacert=/etc/kubernetes/pki/root/tls.crt --cert=/etc/kubernetes/pki/etcd/tls.crt --key=/etc/kubernetes/pki/etcd/tls.key endpoint health + failureThreshold: 8 + initialDelaySeconds: 60 + timeoutSeconds: 15 + readinessProbe: + exec: + command: + - sh + - -c + - ETCDCTL_API=3 etcdctl --endpoints=https://etcd:2379 --cacert=/etc/kubernetes/pki/root/tls.crt --cert=/etc/kubernetes/pki/etcd/tls.crt --key=/etc/kubernetes/pki/etcd/tls.key endpoint health + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 2 + timeoutSeconds: 15 + volumeMounts: + - mountPath: /etc/kubernetes/pki/etcd + name: etcd-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/root + name: root-ca + readOnly: true + volumes: + - name: etcd-ca + secret: + defaultMode: 420 + secretName: etcd-ca + - name: root-ca + secret: + defaultMode: 420 + secretName: root-ca + # etcd will be accessed only by apiserver from inside the cluster, so we use a headless service to + # encapsulate it + service: + apiVersion: v1 + kind: Service + metadata: + name: etcd + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + spec: + type: ClusterIP + clusterIP: None + selector: + component-name: etcd + # a statefulset and service bundle for apiserver + apiServer: + metadata: + name: apiserver + statefulset: + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: apiserver + spec: + replicas: 1 + revisionHistoryLimit: 10 + serviceName: apiserver-svc + selector: + matchLabels: + component-name: apiserver + # apiserver will not be updated, unless it is deleted + updateStrategy: + type: OnDelete + template: + metadata: + labels: + component-name: apiserver + spec: + hostname: apiserver + subdomain: apiserver-svc + containers: + - name: apiserver + image: virtualcluster/apiserver-v1.16.2 + imagePullPolicy: Always + command: + - kube-apiserver + args: + - --bind-address=0.0.0.0 + - --allow-privileged=true + - --anonymous-auth=true + - --client-ca-file=/etc/kubernetes/pki/root/tls.crt + - --tls-cert-file=/etc/kubernetes/pki/apiserver/tls.crt + - --tls-private-key-file=/etc/kubernetes/pki/apiserver/tls.key + - --kubelet-https=true + - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver/tls.crt + - --kubelet-client-key=/etc/kubernetes/pki/apiserver/tls.key + - --enable-bootstrap-token-auth=true + - --etcd-servers=https://etcd-0.etcd:2379 + - --etcd-cafile=/etc/kubernetes/pki/root/tls.crt + - --etcd-certfile=/etc/kubernetes/pki/apiserver/tls.crt + - --etcd-keyfile=/etc/kubernetes/pki/apiserver/tls.key + - --service-account-key-file=/etc/kubernetes/pki/service-account/tls.key + - --service-cluster-ip-range=10.32.0.0/16 + - --service-node-port-range=30000-32767 + - --authorization-mode=Node,RBAC + - --runtime-config=api/all + - --enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota + - --apiserver-count=1 + - --endpoint-reconciler-type=master-count + - --v=2 + ports: + - containerPort: 6443 + protocol: TCP + name: api + livenessProbe: + # since we set anonymous-auth to false, we use tcp instead of https + tcpSocket: + port: 6443 + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 15 + readinessProbe: + httpGet: + port: 6443 + path: /healthz + scheme: HTTPS + failureThreshold: 8 + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /etc/kubernetes/pki/apiserver + name: apiserver-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/root + name: root-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/service-account + name: serviceaccount-rsa + readOnly: true + securityContext: {} + terminationGracePeriodSeconds: 30 + dnsConfig: + searches: + - cluster.local + volumes: + - name: apiserver-ca + secret: + defaultMode: 420 + secretName: apiserver-ca + - name: root-ca + secret: + defaultMode: 420 + secretName: root-ca + - name: serviceaccount-rsa + secret: + defaultMode: 420 + secretName: serviceaccount-rsa + service: + apiVersion: apps/v1 + kind: Service + metadata: + name: apiserver-svc + spec: + selector: + component-name: apiserver + type: NodePort + ports: + - port: 6443 + protocol: TCP + targetPort: api + # a statefulset and service bundle for controller-manager + controllerManager: + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: controller-manager + # statefuleset template for controller-manager + statefulset: + apiVersion: apps/v1 + kind: StatefulSet + metadata: + name: controller-manager + spec: + serviceName: controller-manager-svc + replicas: 1 + selector: + matchLabels: + component-name: controller-manager + updateStrategy: + type: OnDelete + template: + metadata: + labels: + component-name: controller-manager + spec: + containers: + - name: controller-manager + image: virtualcluster/controller-manager-v1.16.2 + imagePullPolicy: Always + command: + - kube-controller-manager + args: + - --bind-address=0.0.0.0 + - --cluster-cidr=10.200.0.0/16 + - --cluster-signing-cert-file=/etc/kubernetes/pki/root/tls.crt + - --cluster-signing-key-file=/etc/kubernetes/pki/root/tls.key + - --kubeconfig=/etc/kubernetes/kubeconfig/controller-manager-kubeconfig + - --authorization-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager-kubeconfig + - --authentication-kubeconfig=/etc/kubernetes/kubeconfig/controller-manager-kubeconfig + # control plane contains only one instance for now + - --leader-elect=false + - --root-ca-file=/etc/kubernetes/pki/root/tls.crt + - --service-account-private-key-file=/etc/kubernetes/pki/service-account/tls.key + - --service-cluster-ip-range=10.32.0.0/24 + - --use-service-account-credentials=true + - --experimental-cluster-signing-duration=87600h + - --node-monitor-grace-period=200s + - --v=2 + livenessProbe: + httpGet: + path: /healthz + port: 10252 + scheme: HTTP + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 15 + readinessProbe: + httpGet: + port: 10252 + path: /healthz + scheme: HTTP + failureThreshold: 8 + initialDelaySeconds: 15 + periodSeconds: 2 + timeoutSeconds: 15 + volumeMounts: + - mountPath: /etc/kubernetes/pki/root + name: root-ca + readOnly: true + - mountPath: /etc/kubernetes/pki/service-account + name: serviceaccount-rsa + readOnly: true + - mountPath: /etc/kubernetes/kubeconfig + name: kubeconfig + readOnly: true + volumes: + - name: root-ca + secret: + defaultMode: 420 + secretName: root-ca + - name: serviceaccount-rsa + secret: + defaultMode: 420 + secretName: serviceaccount-rsa + - name: kubeconfig + secret: + defaultMode: 420 + secretName: controller-manager-kubeconfig + # controller-manager will never be accessed proactively, no need to be exposed diff --git a/virtualcluster/config/sampleswithspec/coredns.yaml b/virtualcluster/config/sampleswithspec/coredns.yaml new file mode 100644 index 00000000..88acf426 --- /dev/null +++ b/virtualcluster/config/sampleswithspec/coredns.yaml @@ -0,0 +1,195 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: coredns + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:coredns +rules: +- apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:coredns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:coredns +subjects: +- kind: ServiceAccount + name: coredns + namespace: kube-system +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + log + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + fallthrough in-addr.arpa ip6.arpa + } + prometheus :9153 + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + } +--- +apiVersion: v1 +kind: Service +metadata: + name: kube-dns + namespace: kube-system + annotations: + prometheus.io/port: "9153" + prometheus.io/scrape: "true" + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" +spec: + selector: + k8s-app: kube-dns + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP + - name: metrics + port: 9153 + protocol: TCP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coredns + namespace: kube-system + labels: + k8s-app: kube-dns + kubernetes.io/name: "CoreDNS" +spec: + # replicas: not specified here: + # 1. Default is 1. + # 2. Will be tuned in real time if DNS horizontal auto-scaling is turned on. + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + k8s-app: kube-dns + template: + metadata: + labels: + k8s-app: kube-dns + spec: + serviceAccountName: coredns + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + nodeSelector: + kubernetes.io/os: linux + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: ["kube-dns"] + topologyKey: kubernetes.io/hostname + containers: + - name: coredns + image: virtualcluster/coredns:v1.6.8 + imagePullPolicy: IfNotPresent + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + args: [ "-conf", "/etc/coredns/Corefile" ] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + readOnly: true + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + readOnlyRootFilesystem: true + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + env: + - name: KUBERNETES_SERVICE_HOST + value: kubernetes + dnsPolicy: Default + volumes: + - name: config-volume + configMap: + name: coredns + items: + - key: Corefile + path: Corefile diff --git a/virtualcluster/config/sampleswithspec/example_foo.yaml b/virtualcluster/config/sampleswithspec/example_foo.yaml new file mode 100644 index 00000000..9f735527 --- /dev/null +++ b/virtualcluster/config/sampleswithspec/example_foo.yaml @@ -0,0 +1,7 @@ +apiVersion: samplecontroller.k8s.io/v1alpha1 +kind: Foo +metadata: + name: example-foo +spec: + deploymentName: example-foo + replicas: 1 \ No newline at end of file diff --git a/virtualcluster/config/sampleswithspec/tenancy.x-k8s.io_clusterversions.yaml b/virtualcluster/config/sampleswithspec/tenancy.x-k8s.io_clusterversions.yaml new file mode 100644 index 00000000..6155ec87 --- /dev/null +++ b/virtualcluster/config/sampleswithspec/tenancy.x-k8s.io_clusterversions.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.9 + creationTimestamp: null + name: clusterversions.tenancy.x-k8s.io +spec: + group: tenancy.x-k8s.io + names: + kind: ClusterVersion + listKind: ClusterVersionList + plural: clusterversions + shortNames: + - cv + singular: clusterversion + scope: Cluster + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + apiServer: + properties: + metadata: + type: object + service: + type: object + statefulset: + type: object + type: object + controllerManager: + properties: + metadata: + type: object + service: + type: object + statefulset: + type: object + type: object + etcd: + properties: + metadata: + type: object + service: + type: object + statefulset: + type: object + type: object + type: object + status: + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/virtualcluster/config/sampleswithspec/virtualcluster_1_loadbalancer.yaml b/virtualcluster/config/sampleswithspec/virtualcluster_1_loadbalancer.yaml new file mode 100644 index 00000000..49af6cd2 --- /dev/null +++ b/virtualcluster/config/sampleswithspec/virtualcluster_1_loadbalancer.yaml @@ -0,0 +1,16 @@ +apiVersion: tenancy.x-k8s.io/v1alpha1 +kind: VirtualCluster +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: vc-sample-1 + namespace: default +spec: + clusterDomain: cluster.local + clusterVersionName: cv-sample-lb + # will expire in one year + pkiExpireDays: 365 + opaqueMetaPrefixes: + - "tenancy.x-k8s.io" + transparentMetaPrefixes: + - "k8s.net.status" diff --git a/virtualcluster/config/sampleswithspec/virtualcluster_1_nodeport.yaml b/virtualcluster/config/sampleswithspec/virtualcluster_1_nodeport.yaml new file mode 100644 index 00000000..0de1bed0 --- /dev/null +++ b/virtualcluster/config/sampleswithspec/virtualcluster_1_nodeport.yaml @@ -0,0 +1,16 @@ +apiVersion: tenancy.x-k8s.io/v1alpha1 +kind: VirtualCluster +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: vc-sample-1 + namespace: default +spec: + clusterDomain: cluster.local + clusterVersionName: cv-sample-np + # will expire in one year + pkiExpireDays: 365 + opaqueMetaPrefixes: + - "tenancy.x-k8s.io" + transparentMetaPrefixes: + - "k8s.net.status" diff --git a/virtualcluster/config/setup/all_in_one.yaml b/virtualcluster/config/setup/all_in_one.yaml new file mode 100644 index 00000000..607f3740 --- /dev/null +++ b/virtualcluster/config/setup/all_in_one.yaml @@ -0,0 +1,472 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vc-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: vc-manager-role +rules: +- apiGroups: + - certificates.k8s.io + resources: + - signers + resourceNames: + # Support legacy versions, before signerName was added + - kubernetes.io/legacy-unknown + verbs: + - approve +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions/status + verbs: + - get + - update + - patch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - secrets/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters/status + verbs: + - get + - update + - patch +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions + verbs: + - get + - list + - watch +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions/status + verbs: + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: vc-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vc-manager-role +subjects: +- kind: ServiceAccount + name: vc-manager + namespace: vc-manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vc-manager + namespace: vc-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vc-manager + namespace: vc-manager + labels: + app: vc-manager +spec: + replicas: 1 + selector: + matchLabels: + app: vc-manager + template: + metadata: + creationTimestamp: null + labels: + app: vc-manager + virtualcluster-webhook: "true" + spec: + serviceAccountName: vc-manager + containers: + - command: + - manager + args: + - --disable-stacktrace=true + - --enable-webhook=true + image: virtualcluster/manager-amd64 + imagePullPolicy: Always + name: vc-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: vc-syncer-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - pods + - secrets + - services + - serviceaccounts + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection +- apiGroups: + - scheduling.k8s.io + resources: + - priorityclasses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + - storage.k8s.io + resources: + - events + - nodes + - persistentvolumes + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + - storage.k8s.io + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces/status + - pods/status + - services/status + - nodes/status + - persistentvolumes/status + - persistentvolumeclaims/status + verbs: + - get +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters + verbs: + - get + - list + - watch +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: vc-syncer-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vc-syncer-role +subjects: + - kind: ServiceAccount + name: vc-syncer + namespace: vc-manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vc-syncer + namespace: vc-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vc-syncer + namespace: vc-manager + labels: + app: vc-syncer +spec: + replicas: 1 + selector: + matchLabels: + app: vc-syncer + template: + metadata: + creationTimestamp: null + labels: + app: vc-syncer + spec: + serviceAccountName: vc-syncer + containers: + - command: + - syncer + image: virtualcluster/syncer-amd64 + imagePullPolicy: Always + name: vc-syncer + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 20 + successThreshold: 1 + tcpSocket: + port: 8080 + timeoutSeconds: 1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: vn-agent-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - pods/exec + - pods/portforward + - nodes/proxy + verbs: + - get + - list + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: vn-agent-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vn-agent-role +subjects: +- kind: ServiceAccount + name: vn-agent + namespace: vc-manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vn-agent + namespace: vc-manager +--- +apiVersion: v1 +kind: Secret +metadata: + name: empty-kubelet-client + namespace: vc-manager +data: + client.crt: "" + client.key: "" +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: vn-agent + namespace: vc-manager + labels: + app: vn-agent +spec: + selector: + matchLabels: + app: vn-agent + template: + metadata: + creationTimestamp: null + labels: + app: vn-agent + spec: + serviceAccountName: vn-agent + hostNetwork: true + containers: + - command: + - vn-agent + - --cert-dir=/etc/vn-agent/ + - --kubelet-client-certificate=/etc/vn-agent/pki/client.crt + - --kubelet-client-key=/etc/vn-agent/pki/client.key + image: virtualcluster/vn-agent-amd64 + imagePullPolicy: Always + name: vn-agent + volumeMounts: + - name: kubelet-client-cert + mountPath: /etc/vn-agent/pki/ + volumes: + - name: kubelet-client-cert + secret: + secretName: empty-kubelet-client diff --git a/virtualcluster/config/setup/all_in_one_aliyun.yaml b/virtualcluster/config/setup/all_in_one_aliyun.yaml new file mode 100644 index 00000000..ee43880b --- /dev/null +++ b/virtualcluster/config/setup/all_in_one_aliyun.yaml @@ -0,0 +1,431 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vc-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: vc-manager-role +rules: +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions/status + verbs: + - get + - update + - patch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + +- apiGroups: + - "" + resources: + - secrets/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters/status + verbs: + - get + - update + - patch +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions + verbs: + - get + - list + - watch +- apiGroups: + - tenancy.x-k8s.io + resources: + - clusterversions/status + verbs: + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: vc-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vc-manager-role +subjects: +- kind: ServiceAccount + name: vc-manager + namespace: vc-manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vc-manager + namespace: vc-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vc-manager + namespace: vc-manager + labels: + app: vc-manager +spec: + replicas: 1 + selector: + matchLabels: + app: vc-manager + template: + metadata: + creationTimestamp: null + labels: + app: vc-manager + spec: + serviceAccountName: vc-manager + containers: + - command: + - manager + args: + - --disable-stacktrace=true + image: registry.cn-hangzhou.aliyuncs.com/virtualcluster/manager-amd64 + imagePullPolicy: Always + name: vc-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: vc-syncer-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - pods + - secrets + - services + - serviceaccounts + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection +- apiGroups: + - scheduling.k8s.io + resources: + - priorityclasses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + - storage.k8s.io + resources: + - events + - nodes + - persistentvolumes + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + - storage.k8s.io + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - namespaces/status + - pods/status + - services/status + - nodes/status + - persistentvolumes/status + - persistentvolumeclaims/status + verbs: + - get +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters + verbs: + - get + - list + - watch +- apiGroups: + - tenancy.x-k8s.io + resources: + - virtualclusters/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: vc-syncer-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vc-syncer-role +subjects: + - kind: ServiceAccount + name: vc-syncer + namespace: vc-manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vc-syncer + namespace: vc-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vc-syncer + namespace: vc-manager + labels: + app: vc-syncer +spec: + replicas: 1 + selector: + matchLabels: + app: vc-syncer + template: + metadata: + creationTimestamp: null + labels: + app: vc-syncer + spec: + serviceAccountName: vc-syncer + containers: + - command: + - syncer + image: registry.cn-hangzhou.aliyuncs.com/virtualcluster/syncer-amd64 + imagePullPolicy: Always + name: vc-syncer + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 20 + successThreshold: 1 + tcpSocket: + port: 8080 + timeoutSeconds: 1 +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: vn-agent-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - pods/exec + - pods/portforward + verbs: + - get + - list + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: vn-agent-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vn-agent-role +subjects: +- kind: ServiceAccount + name: vn-agent + namespace: vc-manager +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vn-agent + namespace: vc-manager +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: vn-agent + namespace: vc-manager + labels: + app: vn-agent +spec: + selector: + matchLabels: + app: vn-agent + template: + metadata: + creationTimestamp: null + labels: + app: vn-agent + spec: + serviceAccountName: vn-agent + hostNetwork: true + containers: + - name: vn-agent + command: + - vn-agent + args: + - --cert-dir=/etc/vn-agent/ + image: registry.cn-hangzhou.aliyuncs.com/virtualcluster/vn-agent-amd64 + imagePullPolicy: Always diff --git a/virtualcluster/config/setup/sample_foo_controller.yaml b/virtualcluster/config/setup/sample_foo_controller.yaml new file mode 100644 index 00000000..ed4ef766 --- /dev/null +++ b/virtualcluster/config/setup/sample_foo_controller.yaml @@ -0,0 +1,91 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: foos.samplecontroller.k8s.io +spec: + group: samplecontroller.k8s.io + version: v1alpha1 + names: + kind: Foo + plural: foos + scope: Namespaced +--- +apiVersion: v1 +kind: Namespace +metadata: + name: vc-sample-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: vc-test-role +rules: +- apiGroups: + - samplecontroller.k8s.io + resources: + - foos + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: vc-test-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vc-test-role +subjects: + - kind: ServiceAccount + name: vc-sample-controller + namespace: vc-sample-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vc-sample-controller + namespace: vc-sample-controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vc-sample-controller + namespace: vc-sample-controller + labels: + app: vc-sample-controller +spec: + replicas: 1 + selector: + matchLabels: + app: vc-sample-controller + template: + metadata: + labels: + app: vc-sample-controller + spec: + serviceAccountName: vc-sample-controller + containers: + - command: + - sample-controller + image: virtualcluster/sample-controller-amd64 + imagePullPolicy: Always + name: controller \ No newline at end of file diff --git a/virtualcluster/doc/customresource-syncer.md b/virtualcluster/doc/customresource-syncer.md new file mode 100644 index 00000000..6dad7af0 --- /dev/null +++ b/virtualcluster/doc/customresource-syncer.md @@ -0,0 +1,170 @@ +# Custom Resource Synchronization in Multi-Tenancy Virtual Cluster + +## Overview + +In this example we will show how to build a custom resource (CR) synchronization module (Syncer) to synchronize CR resources between multi-tenancy virtual cluster and super cluster. + +CR Syncer relies on CR specific components, e.g., CR controller, CR Downward Syncer (DWS) and CR patroller, together with multi-tenancy virtual cluster infrastructures utilities: cluster-api-provider-nested/virtualcluster/pkg/util, to fulfill synchronization functionalities. + + +## CRD Synchronization + +In order for CR Syncer to work, custom defined resource type (CRD) must be deployed in both super cluster and tenant virtual cluster. CRD synchronization has been handled by: virtualcluster/pkg/syncer/resources/crd/ + +CRDs with annotation: [tenancy.x-k8s.io/super.public](https://sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/constants/constants.go#L65-L66) will be synced up into tenant’s virtual cluster. The syncing happens when virtual cluster is created or once annotation is changed. + +CRD synchronization ensures all custom defined resource type is deployed in virtual cluster, and CRD cache is properly initialized. + +### CRD Cache Remapping + +Multi-tenancy virtual cluster infrastructure takes care of CRD cache and CR informer mapping dynamically. When CR Syncer sets up its CR informer in virtual cluster, it is possible that CRD has not been deployed in virtual cluster. In this case, once CRD is synced to virtual cluster, controller-runtime `NewDynamicRESTMapper` is used to dynamically map newly created CRD cache with corresponding CR informer. + +### CRD example + +Following Foo CRD will be used here as an example: + +``` +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +type FooSpec struct { + Replicas int `json:"replicas"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type Foo struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec FooSpec `json:"spec"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type FooList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Foo `json:"items"` +} +``` + +## Custom Resource (CR) Syncer + +Following diagram shows CR Syncer components and how they interact with multi-tendency infrastructure utilities. + +CR specific synchronization operations are handled by CR Controller, CR Downward Syncer (DWS), CR Upward Syncer (UWS) (optional) and CR patroller. CR Syncer can also include other k8s resources synchronization functionalities by importing corresponding packages from cluster-api-provider-nested/virtualcluster/pkg/syncer/resources . The Plugin is used to pull all these packages during compilation time. + +The Main runs Syncer Server utility: cluster-api-provider-nested/virtualcluster/cmd/syncer/app/server.go, which initializes all pre-included Syncer controllers and bootstraps reconciling. + +![diagram](images/cr-syncer.png) + +### Multi-tenancy Infrastructure Utility Object Construction + +CR controller is responsible for instantiating CR specific Mccontroller, Patroller and Listener from following packages: + +``` + import ( + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/mccontroller" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/patrol" + "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/listener" + ) +``` + +Foo Mccontroller can be constructed as: + +``` +multiClusterFooController, err := mccontroller.NewMCController(&v1alpha1.Foo{}, &v1alpha1.FooList{}, c, + mc.WithOptions(options.MCOptions)) +``` + +Foo Patroller can be constructed as: + +``` +fooPatroller, err := patrol.NewPatroller(&alpha1.Project{}, c, pa.WithOptions(options.PatrolOptions)) +``` + +Foo Listener is constructed as: + +``` +func (c *controller) GetListener() listener.ClusterChangeListener { + return listener.NewMCControllerListener(c.multiClusterFooController, mc.WatchOptions{}) +} +``` + +### CR Client Construction + +Current Multi-tenancy Syncer uses client-go library to build shared client and informer for all standard K8s resources. However, client-go client cannot embed CR client. CR controller needs to construct CR client using Restful config of super cluster and tenant virtual cluster. + +Following code shows how to construct CR Client and informer for super cluster: + +``` +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/cache" + ) + + superFooClient, err := client.New(config.RestConfig, client.Options{}) + + superFoocache, err = cache.New(config.RestConfig, cache.Options{}) + superFooInformer, err := c.superFoocache.GetInformer(context.Background(), &alpha1.Foo{}) + +``` + +CR cache needs to be bootstrapped. Bootstrap logic can be put in DWS or UWS initialization function as: + +``` +func (c *controller) StartDWS(stopCh <-chan struct{}) error { + go superFoocache.Start(stopCh) +} +``` + + +For Virtual Cluster CR Client, we can either get informer from CR Mccontroller, or construct client using tenant virtual cluster Restful config. + +``` + clusterInformer, err := c.multiClusterFooController.GetCluster(cluster).GetInformer(&alpha1.foo{}) + + vcRestConfig := c.MultiClusterController.GetCluster(vclusterName).GetRestConfig() + virtualFooClient, err := client.New(vcRestConfig, client.Options{}) +``` + +### CR Scheme Building + +Custom Resource Scheme installation happens in Init function of each CR Syncer package. Controller runtime scheme builder is used here. + +``` +import ( + "k8s.io/sample-controller/pkg/apis/samplecontroller/v1alpha1" + "k8s.io/apimachinery/pkg/runtime" + ) + +var scheme = runtime.NewScheme() +func init() { + v1alpha1.AddToScheme(scheme) +} +``` + + +Foo CRD should be added into virtualcluster/pkg/syncer/util/scheme to enable CR object conversion in Mccontroller: + +``` + import (utilscheme "virtualcluster/pkg/syncer/util/scheme") + + utilscheme.Scheme.AddKnownTypePair(&alpha1.Foo{}, &alpha1.FooList{}) + +``` + +## CR Syncer Testing + +CR Syncer relies on self-constructed CR clients to perform synchronization between virtual and super clusters. Current testing framework in cluster-api-provider-nested/virtualcluster/pkg/syncer/util/test uses /k8s.io/client-go/ fake client to initialize resource controllers: + +``` +func NewFooController(config *config.SyncerConfiguration, + client clientset.Interface, + informer informers.SharedInformerFactory, + vcClient vcclient.Interface, + vcInformer vcinformers.VirtualClusterInformer, + options manager.ResourceSyncerOptions) +``` + +/k8s.io/client-go client cannot be extended to embed CR client. Therefore, a different NewFooController will be built to pass in CR fake client/informer instances to CR Syncer. + diff --git a/virtualcluster/doc/demo.md b/virtualcluster/doc/demo.md new file mode 100644 index 00000000..3dac68fd --- /dev/null +++ b/virtualcluster/doc/demo.md @@ -0,0 +1,347 @@ +# VirtualCluster Walkthrough Demo + +This demo illustrates how to setup a VirtualCluster in an existing lightweight environment, +be it [`minikube`](https://minikube.sigs.k8s.io/) or [`kind`](https://kind.sigs.k8s.io/docs/) Kubernetes cluster. + +It should work exactly the same if you were working on any other Kubernetes distributions too. + +For example, to spin up a `minikube` cluster: + +```bash +minikube start --driver=virtualbox --cpus=4 --memory='6g' --disk-size='10g' +``` + +Or a `kind` cluster: + +```bash +export CLUSTER_NAME="virtual-cluster" && \ +kind create cluster --name ${CLUSTER_NAME} --config - < 9443/TCP 76s + +NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE +daemonset.apps/vn-agent 1 1 1 1 1 92s + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/vc-manager 1/1 1 1 92s +deployment.apps/vc-syncer 1/1 1 1 92s + +NAME DESIRED CURRENT READY AGE +replicaset.apps/vc-manager-76c5878465 1 1 1 92s +replicaset.apps/vc-syncer-55c5bc5898 1 1 1 92s +``` + +## (Optional) Create `kubelet` client secrete and update `vn-agent` + +By default, `vn-agent` works in a suboptimal mode by forwarding all `kubelet` API requests to super master. +A more efficient method is to communicate with `kubelet` directly using the client cert/key used by the super master. + +The location of the client PKI files may vary based on the local setup. +Please note that we need to make sure the client cert/key files are imported as `client.crt` and `client.key` so that they can be referenced to. + +### Create `kubelet` client secret in `minikube` cluster + +If you're using `minikube`, the client PKI files are located in `~/.minikube/`. +So we can create `vc-kubelet-client` secret using the following commands: + +```bash +# Copy the files over +cp ~/.minikube/cert.pem client.crt && cp ~/.minikube/key.pem client.key +# Create a new secret +kubectl create secret generic vc-kubelet-client --from-file=client.crt --from-file=client.key --namespace vc-manager +``` + +### Create `kubelet` client secrete in `kind` cluster: + +If you're using `kind`, the client PKI files are located in its control plane Docker container. +So we can retrieve them back and create `vc-kubelet-client` secret using the following commands: + +```bash +# Retrieve the kubelet client key/cert files +docker cp ${CLUSTER_NAME}-control-plane:/etc/kubernetes/pki/apiserver-kubelet-client.crt client.crt +docker cp ${CLUSTER_NAME}-control-plane:/etc/kubernetes/pki/apiserver-kubelet-client.key client.key +# Create a new secret +kubectl create secret generic vc-kubelet-client --from-file=client.crt --from-file=client.key --namespace vc-manager +``` + +### Update `vn-agent` + +To apply this secret to `vn-agent` Pod(s), one can patch the `vn-agent` DaemonSet to change the secret name of the `kubelet-client-cert` volume to the newly created `vc-kubelet-client`: + +```bash +$ kubectl -n vc-manager patch daemonset/vn-agent --type json \ + -p='[{"op": "replace", "path": "/spec/template/spec/volumes/0/secret/secretName", "value":"vc-kubelet-client"}]' +``` + +The `vn-agent` Pod(s) will be recreated in every node to talk with `kubelet` directly from now onwards. + + +## Create ClusterVersion + +A `ClusterVersion` CR specifies how the tenant master(s) will be configured, as a template for tenant masters' components. + +The following cmd will create a `ClusterVersion` named `cv-sample-np`, which specifies the tenant master components as: +- `etcd`: a StatefulSet with `virtualcluster/etcd-v3.4.0` image, 1 replica; +- `apiServer`: a StatefulSet with `virtualcluster/apiserver-v1.16.2` image, 1 replica; +- `controllerManager`: a StatefulSet with `virtualcluster/controller-manager-v1.16.2` image, 1 replica. + +```bash +$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-nested/master/virtualcluster/config/sampleswithspec/clusterversion_v1_nodeport.yaml +``` + +> Note that tenant master does not have scheduler installed. The Pods are still scheduled as usual in super master. + +## Create VirtualCluster + +We can now create a `VirtualCluster` CR, which refers to the `ClusterVersion` that we just created. + +The `vc-manager` will create a tenant master, where its tenant apiserver can be exposed through nodeport, or load balancer. + +```bash +$ kubectl vc create -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-nested/master/virtualcluster/config/sampleswithspec/virtualcluster_1_nodeport.yaml -o vc-1.kubeconfig +2020/11/15 11:13:26 etcd is ready +2020/11/15 11:13:46 apiserver is ready +2020/11/15 11:14:12 controller-manager is ready +2020/11/15 11:14:12 VirtualCluster default/vc-sample-1 setup successfully +``` + +The command will create a tenant master named `vc-sample-1`, exposed by NodePort. + +Once it's created, a kubeconfig file specified by `-o`, namely `vc-1.kubeconfig`, will be created in the current directory. + + +## Access Virtual Cluster + +The generated `vc-1.kubeconfig` can be used as a normal `kubeconfig` to access the tenant virtual cluster. + +Please note that if you're working on `kind` cluster which, by default, exposes one random host port pointing to Kubernetes' default API Server port `6443`. In this case, we need to work around it and the simplest way is to deploy a "sidecar" container as the proxy to route management traffic to the service: + +```bash +# Do this only when you're working in `kind`: + +# Retrieve the tenant namespace +$ VC_NAMESPACE="$(kubectl get VirtualCluster vc-sample-1 -o json | jq -r '.status.clusterNamespace')" + +# The svc node port exposed +$ VC_SVC_PORT="$(kubectl get -n ${VC_NAMESPACE} svc/apiserver-svc -o json | jq '.spec.ports[0].nodePort')" + +# Remove the container if there is any +#$ docker rm -f ${CLUSTER_NAME}-kind-proxy-${VC_SVC_PORT} || true +# Create this sidecar container +$ docker run -d --restart always \ + --name ${CLUSTER_NAME}-kind-proxy-${VC_SVC_PORT} \ + --publish 127.0.0.1:${VC_SVC_PORT}:${VC_SVC_PORT} \ + --link ${CLUSTER_NAME}-control-plane:target \ + --network kind \ + alpine/socat -dd \ + tcp-listen:${VC_SVC_PORT},fork,reuseaddr tcp-connect:target:${VC_SVC_PORT} + +# And update the vc-1.kubeconfig +$ sed -i".bak" "s|.*server:.*| server: https://127.0.0.1:${VC_SVC_PORT}|" vc-1.kubeconfig +``` + +Now let's take a look how Virtual Cluster looks like: + +```bash +# A dedicated API Server, of course the : may vary +$ kubectl cluster-info --kubeconfig vc-1.kubeconfig +Kubernetes master is running at https://192.168.99.106:31501 # in minikube cluster +Kubernetes master is running at https://127.0.0.1:30998 # or in kind cluster + +# Looks exactly like a vanilla Kubernetes +$ kubectl get namespace --kubeconfig vc-1.kubeconfig +NAME STATUS AGE +default Active 9m11s +kube-node-lease Active 9m13s +kube-public Active 9m13s +kube-system Active 9m13s +``` + +But from the super master angle, we can see something different: + +```bash +$ kubectl get namespace +NAME STATUS AGE +default Active 30m +default-532c0e-vc-sample-1 Active 10m +default-532c0e-vc-sample-1-default Active 9m53s +default-532c0e-vc-sample-1-kube-node-lease Active 9m53s +default-532c0e-vc-sample-1-kube-public Active 9m53s +default-532c0e-vc-sample-1-kube-system Active 9m53s +kube-node-lease Active 30m +kube-public Active 30m +kube-system Active 30m +local-path-storage Active 30m +vc-manager Active 20m +``` + +## Let's do some experiments + +From now on, we can view the virtual cluster as a normal cluster to work with. + +Firstly, let's create a deployment. + +```bash +$ kubectl apply --kubeconfig vc-1.kubeconfig -f - < 16m v1.19.4 # we see this in minikube cluster +virtual-cluster-worker NotReady,SchedulingDisabled 5m8s v1.19.1 # and this in kind cluster +``` + +The `kubectl exec` and `kubectl logs` should work in the tenant master, as usual. + +Let's try out `kubectl exec`: + +```bash +$ VC_POD="$(kubectl get pod -l app='vc-test' --kubeconfig vc-1.kubeconfig -o jsonpath="{.items[0].metadata.name}")" +$ kubectl exec -it "${VC_POD}" --kubeconfig vc-1.kubeconfig -- /bin/sh + +# We're now in the container +/ # ls +bin dev etc home proc root sys tmp usr var +``` + +And `kubectl logs` as well, yes we can see the logs from output of container's command `top`: + +```bash +$ kubectl logs "${VC_POD}" --kubeconfig vc-1.kubeconfig +Mem: 5349052K used, 739760K free, 35912K shrd, 203292K buff, 3140872K cached +CPU: 7.0% usr 5.9% sys 0.0% nic 86.5% idle 0.0% io 0.0% irq 0.3% sirq +Load average: 0.45 0.47 0.54 1/1308 23 + PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND +``` + +## Clean Up + +By deleting the VirtualCluster CR, all the tenant resources created in the super master will be deleted. + +```bash +# The VirtualCluster +kubectl delete VirtualCluster vc-sample-1 +``` + +Of course, you can delete all others VirtualCluster objects too to clean up everything: + +```bash +# The ClusterVersion +kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-nested/master/virtualcluster/config/sampleswithspec/clusterversion_v1_nodeport.yaml + +# The Virtual Cluster components +kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-nested/master/virtualcluster/config/setup/all_in_one.yaml + +# The CRDs +kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-nested/master/virtualcluster/config/crds/tenancy.x-k8s.io_virtualclusters.yaml +kubectl delete -f https://raw.githubusercontent.com/kubernetes-sigs/cluster-api-provider-nested/master/virtualcluster/config/sampleswithspec/tenancy.x-k8s.io_clusterversions.yaml +``` diff --git a/virtualcluster/doc/images/cr-syncer.png b/virtualcluster/doc/images/cr-syncer.png new file mode 100644 index 0000000000000000000000000000000000000000..25baad6d1a990631e4d1edf17a27e95578bf7c78 GIT binary patch literal 174084 zcmaG{1z1#DyG8^gloSwYq#IGXLy+zcY3c3~1OZ9uMnI76Zc#d=yOE*0>#p&f{~Yz+ z`}52=+nK%hTI*Y1zTdlp^qjmKXMG(nipQ@E$&3m1jjzf*X3X0a)^nyCETfyrEkiunwdWLY#6BX? z?fvKcl84O{ywY6d0T^7J9<~A#hSJ|JW@Y;jBTJcW^*ZmP)C@bO88$s5v3tjfxm$zx zqs-IS(0mvNVZbJ`C7j|gs_T8cUg|e?k9Tc&dS#7~-{yMpjDt;1W3pd#A9)Z-{@{-z z#^C*`?wjM!O8@c!T4LpX?0VY}v-%ZJdh_^JlULcyFok!wYD;8c--;Mqr=7__`vBHc z6Hf_!!%|yUzNT`v4^Q3Yv*Rq7$o*XK$Dts_wl$Noc@MhzfEs3AFp>Yv@Ip5;Vs~ltQthraov{XlV%(-%vl?v8X*U zlH#W%JFxNeB)#M8uA8oeiDS?zOvOXkk0&-NCMEbVW_Muv2nljI%rycMu3p_ilJj{g zcW+97I37mw6$*h5-5y*M3A*1KM0Au`Sk#5L4kQSZBxnV9{XagkxHBz)J#p9U%N?6X z1n>+Cmt6uRF@c;N4w&Pql-Vp6@W?@6&zND8b-CGj5UM zKn!~m*V46T$AQcEhW$&7%>xfat9Jvfs*CkD#8;R^qA+9uIb?N#6s-acAJEBBUkZKe zH2Z{@D_|D!;?sk55vwPjopdW$2m$GOkVldsbd)eyL5r_q4O9#yn3d!2#vAv#_F78u z8^awwko;n%-&e}0hQo%C6w=p@qfb|IS=v#GTjE^$b^?uqKnB|+#J&}NLEo09CZ+~+ zhEWTvh;TdKV6QTmLDPeBphI|_79t#+bj20oF5{$1une| z$~079li#3Oqn4#6UNt>XIiPnfx_W$Wc5ZyGc~G1yl1CczQd^=gOGPeR-dawV1|2)( zVFUIAaz1t*whZ+VbqMXyL(7N44~MZOAEMFfs1PW$(&5pZ)7r)$N1Mg;(>xeNPvq-M zYELixyq&52@d52}bZCrvH%)h2cR);iw3t$~(w1_Dl1h$JezL;4qNq}+l6szLUXpTn z-kjn!kC-{CJ*stoJ7=i9RUe*WQvQ$Jc11b`bA|f+6ZMp$o&3~1oxHh>8@0QcdfBDo zPc#jx+u=i1?PJ#J`d51y65Snkgr(JnrC6oxvy2OWJnxfduw?LN_%McAXs=ORp@ zsao2nfkD|Jrt#fDVwOP`wO0`)gRk}mBVKnhui#s;Z#^SmeaiNpZR*vC{xib@m`9uyUWh zm|5RJ+TpJ|b%nT<@S5?Yx^1}I@t(T#nIt|{j1Pz}ZY*g0rqj{b-k{x}>RNqC!gs?b z%BS5V(e$B7xk>iw=qmF1@zskf!YkE_>U*#5`oc=wbyL%zN6k-tjtO~KL%ZjJ&PmOa zLklr2Q7_@BvAokjV)JDTJ{;#U<3mOZq&uVq5rw4T!lA-(0XKDs)zl91#~CJiYlG23??K=+_R> zw(W3y?X7y3>7_3&0cWje?vf#K1!{J#x$Q$0S)XI&<4WTQC0i&(s0gIaT2b}JOT@6$ zgSfH8IOdYKljF2xtvH?I*V^fpd1dV+X(b;^I7!YW^7NiAsP5?^HNY$TveVq5aaU+p z5LVb!pc={;P8>p7M_Q-ylW0|1Jioskf{iyzW-p(fV_n;GVA&(~O>pTNQ@l)MC^0vL z?dA9<%Aws)*Xld!qw2)vnPuUHa$2NXwhSHgCIz+lFb+7wjk6jN!730K|mJAaUt#`BKWK|FL3ATGxRF!1)sWO6U)eiGSsZmE9t=H(R zS@A}8N+LJ=4#9NWtfP7L+D<#KhWqp-O7+Tt6VdI>tDt?w zYp>Ajw#()*q|FOdKSB=OT_s&_xxF-bN`1~)mCBg);lLVM(9!{T7lC(MYjaZSH}ma`e+G4B5nC64hzn`gXhi^sle zd#J02F-}%XPs_A+!=>^(@oVMsIAIa-uHBYd)1pJ>arR+f)z10sXKU9PF8ArRlQ!-G zZq;4JhG|cxgSqR}v(%=`nM+}`A)*G?_+y&}=j|t3nHe3(;dH65`Et+uj;gcyI+_%( z`L4%P-|=q~F5GXp(muG1`{HX7ZGt`Em^zL&iJC%ig5PwmzaRW1E+cNa82L8+EIg%H zTIcp4V2ybEh5ieK`M`Op1_sy9H$^***Oy`62ftGh5AlbDV|yyyx-4KVE3U0U1_nCH zn-`juyq;fAoiISAGlPzTkT5iRQ_bMf9a>(#glQ-gc3)P5dHq^fMuTToQx@sjHBmg- zUYbkYZ7QZ1jF~%3pc<0Eo+FHtQu;RiM%w!(B%$1#IqViEr?P#f59E`RGM8lT9}Byd zgMyqXVHPCsoM~{eu;_5J>{sGEsKR}7lDwYkrBLzxRJ4kyg(=q^@>Ub&hI07&Ce7~Z z@;>F0l6&51w@3jkc=JjbjI|)^eQ%`p(pXv=h87$n!ob~m3*ft`_&mHlgLhoISI8}J2^jkvl!3=9qh^nK^00{I@e|G24=nuD6O6qkXu zC8M69wZ0LfizW1I7#JQGE^ugRLd+8Ne9~_O4bAdM*rB_D}x0$$#!6Vq|Y%XKLeMYHdXVy|13WwW9+s85wk- zfBycOr;&^4zav@M|Gg}*KqlxfOe~DdO#j>)T*?FemP^jm#mGWk#MBbV42;3Y&i;(& z=lTEZmw!k6ZNnF&s2Pi{ovp||&ox)Z1Sw<6wJXZ5GHc_3E%fq8<_|DP z5&z{Skcv6sBjlVKM$kuj2b1Lgf0ZD~L4NoPz>@!$SHw6RwZq!+-glS(b|;cM$g>Ry z;&0&o%j+N!#($@Qi0`rNe;rUDJ!$;EEDro6po8^sFlGF!*z(K&Iv};f;p6|Zdhk=H zIqbu_L$|ZnJpWaoF#c9LcmJD^1YljI-v~MDpb>{s{r}x;?D6mI9L)BSKWR)hBY z^-{;db>extM_G{@xE&D<*BMOK%^XzSO3fummu}5@q1C#pnRCUS`kTa~#Ru}on`@aH zs^>Wu%6v;#v^2!Z%{s*LvXhcdn#HnZSeI@}1S7{^Hv2t2_fluw{9TICjzi=JDEM|S zCO?j_rletCZw(L}PiE^9Z?KBbYF;H<8kZ{!=r~%(I5};U2WkGPE#h%4Y^%>^i3*$~ z9Q>Ixnrh?=W|5UVOI3XU!b$U{gp0Vjq!*{#OZ|q!!h0`IMcEx_1pX2(S;-DOn>g-C)qdYk_FahQon9p zEtQ;_+Uqoji4wh9e$D~$-*pk41}Man=gAK5{?+7zfEHBltylQweUqKUnWi+q4*ZI7F zJIikg*(+uFawo&L)ROA-J-U z{=Td~OpaLy+*%vR9G}%W+U)cE`wKcDtf;7H z6)QYE{CC^;segD_3tXTX)hJG>(f?}3|KaRf9)kH)(-=&k{W5uhb<)9RZ|`aKN(SE4 zVZ}ezKMWjf5@q+zuXj@*YuR(A(bK2+{al}ih(OttwM4N^So{xP6m@5a2Cr02TSa-_ zoQu(_7SWIEdN*#>uBCoBj6#J*34w=59+%tIPu-4QpD%~=8;%vIE7Ut#nhs}&YI&Wn zp0K^=8>YfUynE+{`04#j0sLR*AWri49zQu)jnkD_>rY9^Us?b;J8dMq?Api z=f6429LbRvu5;R^#imo~{lr~Gapwt~erY_tR*f93avu3}^RZ_`RNRw%a4H3Aq)d%R zky44zUS>-rkPT-`M>%eey^Nxi{-m6*Vt4ditcPqh0B z=36hpxg=DcJ%RHdN!AT*GykWPMZ|-O{(XK1dH_)*xbdWNzEUok7=f*y zmgA_hLY2j&Vc#-Qz@z;MgYd3M3dt=lqweSrQ8HXzsUL8wKcwHC#H_o$oWJc>H%VDl za~+mu?|O6RZu0d@q|idx8lZwiyiX zinQy;oN!KUKFg%6oGpjPwYCc7YF1l0kcxD&HWau3x4wEZZC$OaL2hSRJ?j)jD*Ub! z%r!AbL!+ap;Xva2>Ttm5@JHWJy6`>M<5AV&4XTtEPhNyXunzFBS`CL0a(AQgU!k9J zpaC5*0?C$8Tf*s`Jm7o|Ouj7i-q^2WsobCZ>NR|Zq=0|n1+FED)YvXN(m`Ih zIDC-6{zoqcBB9{$?e+ZaBx}g^l;Ed)#m`~$qy|R0$g}9V`>d{k)Z9BYnGO5x_*D^@ z0}&vecBMGatrP6bHP$yA_H*}p4N84|_rU0jFT7yV`B;b4U@%kD#OWiHOktQsf-vqK zj`O{*Xo^l7K#yY3_|8aHFACz_VHH2i#5A7HX#!JQPHr&ji5;qUwl@8q;omsd0<@XJ zy6HUIo&b-)`=E|Ku0%NKyE%q9 zYu3AsG(;15R*wLCO5`^Wc>WSBpYTZXJ)@aRDKFSryDo}2mtd?N;T%EwNih8R7)sP& zDBh-8g#yL5xjF0R>k+GIDno3$C5;fsZXlXd*Hd> zhHKOwg6Gtj8O9~ScXMW-iofF*+ybOw-t3^LLg+9k=yVo=j7^(E=Dz7^Oe)gnJny-d z7quRClMo@9j*lYOY8|svvy8evU0pmCIx@x`*2U*ew%V{NWqQiryPWIQ_hpbmkBDOG z#qTl@ghsEXdH4r%aL)dFS0YajR!va}{h zu={wP&W_`hVZ$T7KxAE!M!f5TOA$yK9)F1#{NBh@VhG*qI|WYLxDW|USx^Ef9IQr#PWCG z9w$%NvZa$OPLtRyX<1GBANE2_x~*XY2rz z9P}_Xb6iqBy)Y4C^xrW_^Hgy=-dL^K15QVbt;)j`*G;niwqKN}6=V}Wmdf(-@`#0* zFaPiy=OQEzg`Cs)JXhY+71`A2eXkdMi@{a7B~0mF8mwG+_P=^1SLHR^L`$)a^E1!tsZzuICpwMWPaN8<9S-e7zq5|;=i%O>A@R9jd z>z(mriNLr}b6a51RWPBr+_~guA)?}>a!-2Ea7?8sNOf3n!j*FkI>HXVqVeauS3P0QLyV%W#_wb^m(uBJidFX5&EV%lt z-APRfEN)s$b+6kJ^;|XQO5FuyodJ}^$MyyLd!IBA0s zXL_Ie-=gtBxUyZ^rZqB(hMi_=Y+25-Hc*LpCOD0`4BGBG_rE<6|b73wrjX)-J}nI?UGM&uP{ zvYFcAIFzSMH}10VxKxP!JmEt{@1<62qjBGYbEP|&tM)1Cj_e+L%FzIv`HO1n)9m(H z%xX#Iqd8}@`S;IvCzhOVl-j?I*dxAE%W&*{Ur6-TlU-<2qWAiP)raJa^9V5)ZRXBx;iLsy2#sLOMkPY^fcP%&By5|DaZ{Z zGhBbH066T%#?+28jq>-N498`cN5is~K3dkham{B-!3JX%67zh839BrDd|umE-H+L= z2;RO~h%3`0?k{&eG}a6ZaM?16(n0v*{w)xrlq$_*NO}By?v_be{(b%Cxj1ayX-A$( zneC}c?QQpyExfpTUEOR;)L|Ew>%KAG{hj*V_5$_#B3n6wyk@1tsi@b)1G1Z{m_>Y~ zkz|W)XgYy8_Bq?q?6c81Jr&{WX-NBiR*K80g3{+v7AX6=6uak&cvw*bq=7T;yN%8g zRm~uzR!vg!yDRMDQuVd3(OpQdK?Og#N0DNV=#*o)ah`Fp9Q$WBp8>6eEU%;a-Zd*l zF`7}QPhY|hB2PwC)YtDeO&@37_OZ`bO#4YgytYa^w45k0Rhiu{FL#@rJx=Xjs*c!k zNkt%$IfN7OPCXyS;uCyUzLeP^!?Eb67L3Cnapuv_xptO1yZOY}cQb_KKqXJ9OF292 zD{8aDtmAl04x0Q;%U!e(LYtO5EX{b3I4!#%T~!Jlw)he>s#Xj2)qp1dkLxCB*c~G{ z%U^^?JML>D#s)=V@3iHHJE?fAii}DUaGy*VXm5YN=k-$W`ct!rb~9{)0JEt*TM_O= zO1}%_#`rL`g(IKk)QaUR`|Jp)N>rOcvJsx%i)_72+re4RxvX$2C9VvSIpy;J@m%uk zhf&^1IOmT?_XQcMa`TJO$1I50@m+!Y?E@Qy zZRjaCa=Rs8QR%)DBS*Ku`CR4Y7txaLXs{F+%;8d$py??#(BPk_vy2-ce#!7?I{`^w z`1Sc(TK_tR-3tHhdH9oqWeQk@)16uE?Siu|8GLKw?r55#I>cqnXX>TXg!m5bg%gXV zckUv5i)GSHt&ogj3$Wx_@F?0r3QVZ6+Ao78jkB@LFJXIm@5^V{9R|A8rp?FSJ07|A zLWuc1YGlprML{Ib6RIv_O<9B6vFEWatQlpTFRUch8Zg+Cr<(Ik@T0nYXGLtzNyuiCrkgm%~N145Q57i+EHAo-H;H2up&d+kb z$ung*Kpvvf?%FnLNEUM%Z2QP>$0XIYz3rwIg-K~AW`c}9giq#ks+(C57l4?Eg~HOP ztr(h&J8s4HXaBlvx6PU?fpXqfD)mV));&G9%6c4V*XV^#O| zA0W9kAU@T(9E1JPv@Hi|oC9^?O^qWK;Tsr8ieSD)z(S}EHTu*N#b5HZXWT*ReSf>~ z7Hx@Crk;RldPHqQ^QvwoBbbqP|3Eqgv5JJgPf?Z^`*O3mS;u+^W^rKW>x}-*x#d?WY4Q6kAa2zw1CYph71mfJv^?@#^DJO`%uNDh`Y%Q-{Y$Sdi zlSOx?rRsV$Ry&8=`q)L0ZOeS{qt9kTkXPeE$vP>~Qe$@G0I6Tmpn=UYUWj^= zpaNLExnkZ;B2Iub57QT#oZHt1Q*jRQ#>?lh^Z#2F-a~;i!7q@EcYK-n*RQ@%Xxr>- zMjrsc!fEu2lp^nXEA7R>yDH}ERqVABFP~8MVJ1l2w&67>kjq)lk|4#Z#X2-WhB|sj zA*}s_rBklG1Y;eaK?Zz6uY<_Cf78J72IEj&w##E=lMF4*5r3rBe9mpovzM`B%f2`D z9Y@$^d%YT-{)t1BI3@ow2INbvVkpRV7?@?WoP7yv|q?mNPwhl7mp1I82oghh0T zYcW=2%2th+*Mhxr*gDv?e4Qak^bBkjN3snvRQtGt=J&4M~TIj)THy2 zFr0Y?OQ%2Rq%?xUOFg|EX__k4rPa#UU$oJ{Z+UL=t98TvyZmburiKVe^h;=tlkI1< zTXVrnWk=zV1+1uZAAyD3{I-@ywR7&>%PoGpHNr`FQh{ zc)01)*Jtdk33mE)&%Ar8;UzR*5Ip*>ILLIX^Px|+Md((I9Boa~ zILd40r)YX3MhDihF&x=~4$ye^-sBTs4GCtYdEZPr_F6kN<(cbWPMV~(kz{XronJrx z>erWD94FQBBh1Pjmg(XjUNNV$ousy+Pzs0`}sHUu7dgIqkt&EMa@XjzS(CF+wm zWjtnG)NDY>IJc7^PNtOOi|X7p^sTmF3VKNXyop;A*!9xIuK}56K@XK658Tpnv4C;1 zHuA@43to$HLxnTq9=frdA~Cnis>*`Y!v--7Dw&Yx{=;v#ijhPMosQ%xYO|sqi_$pi zRSWqeH?dCmBF}oEpl=8t19Y$6&%e~5V*z9QZLaq~cO zzeZNTs1pl)ysBS1uH)X;!ZgZHpZ7z$%j0NFRpbPo!VE{~>por7LtUn&p zG(g<81?gA)RhR$Z_JiDro%^DGdf!bH48E{kk-@HKCt2B@`>Xp*%D60kL}7}dRen!e zRgx+-VR7Ns<-pTwBMS+MT5Uv0z`@0hd+j?&4z$-Xl&T$PiSe7tjHFosNS)R&x8LH3 zC_~uJ35F8%Rc=7F`sk~Eiy6TYgU}n-sPzFN>szyVI#iR3^ThS*+%05Kh$fs+K*~|r z442P+y%PSAmN?13u5CWV>L|ef@Q7(gEgA|(IK&7Jo=A29ZI(@k7R}98$z{wavtb_) zp5`LX0&vhK^p3HUaiXu+xh$oF^;`p|O6H3PaVY@L_UyG*xeVvOf#k)Zq~q^@IX35x z^1p(@Z>qYqI=n&`Irby@s>OZ_$?Ngwm11h7o(Q};&w7*Ci$zAIEZIC84Y`Q)YN#Xx z!W7@Q3uxm`=r=570RX&>M1S-6gY`s7dj5S_{cM2h1a^m54G)m=w?C3?p#Cal<(a$} z*_z~w+$gxq>c}^oR-7=G)?M^>Xwyp!T?^L7jAhWjGI_klPv7*vENoknq(X=t=g~-W zjWcAB^xYnco4UOG2c||tA$Bjy{L{CS#X*tmGrnDTv-6&(+8K(U8#;|zWfXYg-w%dz z3~<%oMdM*^n_E^zxme{-7~IB2a65uvoUTj@LvDbB(z?&>xbbkj$?#r-P%nV|@r4Vl zJVT1=Hu4N-A904MonJ`letUNsjFOuBuZ88^MbuNe#TKZwTg7BF44j;sW2U^Q^gqT# z=jIxID4ITfWKWG@;1{;v^rpqP)a?Mdaq?n|<@%=rJc2tW-j=$=Jeq{ZFWdJJY}S+5 zNWlF6Qby;U8P2~-sBcN%8=bbN)S!i*Z_33}KL#A!kT_7RqQf6Gh4CD8x@fnN+_-Ib zia^>!^sZ;Rgd{#4ws91(zC`^*=8%cfi$3Og2Ko+>N6BY4a>P+cvvX;6RPVDcM^$xe zJ-XULcA$Bp+N0t6h);17b&i|*YSe>Caz(mn@ehLIPcF{LH>amRH#HmgB|h3|QyMzk zU)Ej=bq+T+D_`Gi`{rV?>rNK4FG$!BviGju<@Wj%i%kr4UjaP$ylUg36*iDE@+JX2 z25&YyO}L9g*S_z05sOf=7w_sudB@ROe$XWrf$v2)Tec_C#g^{_@$57vP4@=_&7g5B z_exX+i6W+5o7^2+mb+n|?#bLs%Kkoz=8p_9&Yer1%>iP0sbSm~Fb z{o-^Sx3yNc?!|I)5!vmP_Y;}Z;v?zp-5AY}O4SFbR+FReMZ6T`q+Pl3WXjxgAlPNG zFY&qkc_gr!_GFi(prS(n;VjzX>8E#q(u&4u@5{Z*3!g!%xl7^gYKzICYUwK&z|Vib1_w|rFnZbY?Mk_08?t|la&e0;05?6*fQ8OL~> zTU&`}J9fK!dowWlBGf*G%Td3}@1Taz{NB-kUk>6dWty;Jwp5TFFG533U>th6W++P4 zT!~=q#a37QntApqRXqGLvE|>&6(Pm1TXoXy{bzTd#0{D{so9`-=Td5qh?6_GdtVeb zeN!#c;yeMa_8YJE({%g?^$zPxnD86p#l*t&a=k=vU!M*NqqULLY{%zp2-L74zG|2eE zL?7rTJTu4`wmoG(@qAPfwT3*>qEqX9cuHw(o$u!_yw5WQnn%gz0@|u`mc=@aTcWhe z(;uNl46RUg*P7fwD(^N+3+t4 zn=12h#wq~ROqXXh((i&s0VWRoF-yW=sCqa^cV&?-xtz8heZ6nQ8&+Y(eNc;8cW1F; zScXpTiNzb3oz-`Ch>QD?jN+SodV*i1FpWQKUS}mjlZB{MHti&7U8e3qsJ_l&bq6R_ zp}(ki-X(I@0XrEaiOH_8 zL;KTJ#twJ4KMKB;@CcH{vFE@}$Myl@KVJqdJO<}e|1SZ)BdHT`0gSHA~( z9qH1mDk>3{*%L$8-kp=|kGeO&??H%5m6!WE$1T6Xetu-291B_|tthSTIrdajt#P20 zG9KJNNzD98Ajk_ngKYSjac{hUK?p7z*a$I+&(h;REVP)IIfnNqQcp!BS}G;tL%lb0 zKgZS>V`{%eOnWQp`+@lqlc~Jnc)H3mKZWAh;-SBli}eQQiZ=RWkM?{AD}zq=s!4d) zfa+P)`gIVW?^*Z-ZNdS_2qaU8HKPV_8|RraJr$zm*5 z@v|RXDGYJz`y6`$yG~N1&E*AbRjtL5j#l$CUjn8F08I|_F1S$DL}Uw03-v$5Vbpp= zr`yypOJzJwCKAA|N6N?h5Z+6Ih-ndJ6IAf4iRuN$dt{Vny$P%-*@732kFyfKxUxLa zWD(%-HCzX+uCNrlZki$%h3!$CMfHBZOAGF2A-djzo+1SrqwH0gV&Ny7Z0{y}UDngX zQ8o;Sm)LNEg*T=u^M}*srB*B^KZmpjllghkXjT;%1RNAw&DNF9HM)1SaLNnCBRPiV zRk>j3kuj*3kvpBvI(M7^7#)*-w05ucZt$yq09UOlW}Dkj07aa^q7gn-`X*Tq?$CCm z8=b?_hBN+9e{Wewu#=eAa;k#n1i%$s<@NjbB~N(9r#H_*-hCOw1ZiKu4Fm0Etg`DND=yB>uu<^tx-s74Mt(b#iCY z9>uJ=cy-&iL($!E*Wb&4JD7o(K7hSwfbR=P?`(F**r0%Wl+^s&rjv52&> zEpa6&m5&k?oAtiF)A#%?t44h9JO7lrp3t}V-;*nD00qGi^a1qS)^O;w-Y)RCY1GH&N9F9BY2$08mmIL z(Q>fi`LH6r-mvkzQl!WNj*J74NQ(n%hZ@r(3-5x7K7EF>_==>DeERgvl(8+epd%zP z!QcK(qgT41X6WP$ikcR&J-QdtOtCRJo~dgxSs|N(w&i`f%|5N7WfHqUoOKB#TSEwW!zo&*Z-) z0I=kUsp-jlJf6JKB?Zl4_OMCNl8lU!<(r(8rDOGK5Z|66tKU*6mJjMu6!Ik`DyfA7eXqcgx#!iH&z&>MAk*2Plx>JgL6 zZwb)9cc93TktjH85v^!0uhCbeT{6*$Z;r~S`BoToN$r)DhnEeZZw3BSnC}B2c zP=WwH%W3m%0;~RyUQ7Lx3e#y3&=sC_3wsuRnyWEdHJONJ6+F9%&lb{l|Ae?_u&J|x z-I=0<3hF94k$nK;qkXUAk2MOwCSWpS){$%2&#XT{T0!%nkc<^yZVzq4Y_QBk<6J>M z2Y^;D*DHocrtsf!=!o8T);W^BMF`SzTd%T*<7v7`5BStC&Cbb|HdLA!qSY{=cAGGT zTYED7;yovHTtvb<@0w9&BL+z@_bB#mE_ZvNj{fRax>zY&3NIJ*jYkSKRk<8D$Y<-F z<3OeiQI7wY737nQ4&qII&3oE@eHr?-mq1^Tk+fcMP3L0P?r3uV}cX zIN=UKGaD9n!sALfU%5MKnDm?kb#&ZmyARcQzhD@gCogDQ-O!=Expa!bY-#-S!vTK9 zGBl;SE(tq*1@iS(Xxa&|dlxj@w0}=3gL3F*p%gNX%D(qmTmPGbMzRLi zAXI%ZR}C6*>gLi;@z2d;JpjYRx5Uj2@N+&$rShofsTLREvi?GlQzr!&Q2%?Q-|j~; z1f>XyqcNofquE`%=ay#L_;iMDcZ~D~| zz42GMlb63RAb>$Utjm0!dPG?V2e6QsQviEqKq)q6s$rnBgvV+eQa^aX?+`m%DkbDzGk-=ScM6Utoi#R*LcUf?>G1_xyut1%4{%j5fmoXZ^pf3TK zk_EU5GS@B%P$q(&0{SI1;5LooFlZPKuoWxk#{x*FL)qj?)WZ6^q6AK?|&}MM%3dDF~cyY8| zbOGfg9c@pmf_69Rnzf^6-BU6|h zodOo{tZL%Ixi+ZJx5@_yPMK;~Fg3-UkPD<3{dS%L*BHy7nLHdzrz*2oZ8gjFS<2`| zIMH^ZUQu@~#eWE1olKx_vh$-aX<7#t7k4f0wBl#KHWGbeEm|yUWI+$Aeu0cWNSQ@_ zdG^WQQ!|=p4i}6BiT%1G!&LO=XAcRj}wZKgC_b#MzI~Pf%aE;=;k7Lr^Il$j9wXWZ0 zQ^j)vXfC_uloFsyJprJI{p22ixn2T-j}~ha>4-aSiNo_H)c?p;00JEwP(Gj2Q61?F z3qV&a{^1Q~-RAS%czqNV=$80gQI+JJiA@KAsQ?P=i7PTP@)pA_2vvwwz=UPmT7kdo z0lg-&IBll{>tiiYo)rSJow@03U1jkDs$?7A27rS1m(F`#7W$Fw5E%YLeal3@^8<0P{MRCQ%h~ z_EO9^CYN(Vga|o2ltMIgX)>}+{_OsG5uwj!+W?4A%Nn$gD_nNI>OzcFxsi{1bHZmzMgxO zD#Qz9f~$agda7c7lIF66RC}?JpK=Y*ZHe(B?G#T#Kpl}>pQ$ZZjHP!#0h+W?Q2FdoOj+=&20^a#52q{Ur{)m72YhY;|OP(2KIfNz|ns-_knmS6$6q7hG^?k9e<5d@hYkOLC-=(uk`=LBdESO@yS z0qEg7ccY&ef>sCAC4#DJ%C<$B)5L)ebLJl!Jp^pd=Ci-j3N$bv5y=ejOw`y=xyB*K zJ4C{f36LnK;}^|=Z1+Scx_kR8Dz{YA*%C^nxiyr1R;XF+)C~|$aljUnP4?tvH60@7 zT!|1~0nHHG_cRXN)bY@C^5<(1Y6N(7B2T*MLD&5gq8ub_#AXN&>d=u^Bp^HU&CQk{ zrm|lX<%8^ZC0+nM-F;&ucc{!rGN?^IECxLvu-}%qinVGLK)7GrdcvyL3O5OuFxp1V zR|mla-dFoiP5KE`IsL70QFs0^f-6aoSV$*A#f+{DH8ZZVqhKIY3?D6|+56scuOGUE zz_kjK1P(sP$B2bne5uqb6bT@U_^HZjHK~Kla6Y?k0JT|noH0^UM}Q_n7eF~a={9?n z0lMDjux>es3VF>x?tBpH%J$PR$glZXo$f&W6NwKG74W44_ac6PZT%z)?2i2wEn#f0 z1OsU$SwJow3i8GPD;_T`2Th%)&O2JUAQ@3S+3z3*xTAKmXAF&MQ8I|7Z8wTWa}54g zOc?*xJ8%B7a2FOJGLaZy898C}*MNZ{E&{c0GJLQ$aS|Rl(9Qv1Toj;%bd?$P5Kw^w z3cy|}D-Z7lY)Vc2?CN~q%JL2(_lfd)G~Oe*HFTi-@c&VM0occXCq7jgx4ls1`R)0n zA#$)jX&Z|duox780&@?K->YF;yWF@>r0{!m=d7kxtti6%M+-`LEc$*>LTP_f_kFyl zB73}cpa-4TIR^;ZDl**L&)jW$0Kr}ykmU`5{rbLCfl}00KE6e@8@&b1Pk5)ii3P|h zU|cwies?Z8Tm3FZy!|kgh*tvu;y<>a{AsYqP!Hh^1yRq}*navVpAn#FGND-JPzePK z6!}@*&@yX`KWGeM^yy1t@9~94vG`D{(+Cm?vfNLgso4X_!dYgcc?y7t;3o|-DsnKJ zsL_1Yo-g-^=^x;;IgEC|#>SI|iP8fC=sH)n6G zfGLQFqj@C9=E~6zlBzm~uIx=CFtS7%Rx^{pi9^E=YKud;2LN;`0U@j z6>5Gy9wZ<&ba^QT2sFw(80!gM@6?UnqBXHVgPi-R-80UVsl zd0ev~ z6JICQ?$s=Z!>GyhJTE$GHc2I_=yE)c&|IZrQ#zqhqR3?h7f`+}yn)QO`4QwRp=Ne_ zb8YEohOe9obu7O=`$lpJ)kN?J(Y4PK9(3Q)e5jFUpIkUbb3Lc!5Wt9BIX``$0u0=s zZI93R7Qs$K5bNB2OrqBM?4e`ebObt(xFHGI>lZ-ch#8rZe@J{f2rQ;PC#RFG`Qyh| z+_hhZf9|RiqKGtPuGARbwa{AZ-q?m?(#l8^e`j_d%jb}UE0UJd-f-J)RXQN{!`p~+ zH~&Ga-z1I*#TuN?W->&f!@YVZFygm^%3$8r(sN?7Kwl;llk7Pz+wWB-RoQK1H2y+4 zORJX9aQlM6cVbpkVX)J=6sNI3xv{}wl1zceyOLhFv5ODeIJDYIMVnTc`bqw{Rcu$e z3MZu!z3z*tZH2Eln$5Q5S4RG_2~W){3$*Gh3l&-XrIzbr4C7uXZ?&=aXi#07tiCuO zF7w<-9;K<6)5xmB9x|$?R4!~b^Szo!8S8wOe?5;f-u(j(ed#=q5BX$Leq+3dI*F~# zf^q(;Nr_G4TuC9@AYqGO{UX@w?L~;%a!rv_Nl}2~Cc9=ci5kV&w^ggkTOQ&g6++8$A4|9lN{8y#TFMC8 z)dOtz3THT-Z^=<^)pu!wtCvHOu6?l&4E?Y#$mPvy6`#9yYg{R0Su?Oy??&)%&B|Ds z_ssH6=Ly@bzvb8TJ*8at94ZEef%hG6Fg&K!pFCAxj-{uR8z9c=D8xnd&@F zp6K!0?FNd?l`OQ|SlM=lp zP}H6$$HMxk%9gCIh8wSo+8!o^88w8l9^+mk9M}3#oH$puuH+oeK=2M;eAlYnthX$; zf9`sfXgNN5Io}^ACMIJ)I!n~_iOY*oShyxCZ1B3LVzsQiveUBRvTs1T=x|BQ-{=ob zU5A1d_G~g-kV%l$kq|>Qlu^~`9v<%k42`N&(wnQx5Nx|)`{tgy2V)MKAY&)1Az-;D_lYUAlIU3&de39t_WrJ1cb@IHUNk_D)y{cq! z042wzR{~wZ<_7t8o!bCr9r3W=&i1Ng-tyX-Vth9!-qCAp(XP2H{Tpn)Hk~k0wXUF8 z{*wy*l@L)ALfr!(eXtdR>NW<|>?jgW{No6EVB%n?kNeg}i{4Ofnwv zjFC>{I|oAygj&js-Y!Bj=p=}uKJg2Vm2FJL?icKu=)zPwf+M4)mE~>7NWSPeMhrf4 zNvR&@bq$Bju5?GDGDZ&aXTlGH<QV5aMPtQ3nd)@#8lomi_-!!koi03YZf!Kb=rgY>uj4J8 zRy6ptv(BK-gRLVxxjB>M7u`z7wqyE7M7BB)&Le+uAv@+OHE5pjG_99BE!wh^S5?Jl zU3_Rs$|~Nr6k)7EYL0^f@qw#$cv>(rI70L0QT6{haiDfd=>#eYb1qc3<=(M8;S0Vs!xH>3 z=YKza`BsbaVhPiX@6sn=qg<7EwTggtpU>~dUoL=J{5-LHwnesax;%Cb1A0I3SNCd4 zzdjl-VZoStokR18inHItlBTBX(!XSY7ul&I}_o368Qih%vrg{?;>$KY;JOVZ~rZ(tDs%6KVtgj`u{^rhq5wx?JZCV8PZ^Z zY^MPe^0`FEx64L}M(&waSXrhPM?+@m^6M|7X6))^_zI6kn{!n@m0DAX3s?m`?0+&z zy*_oh!}|2A<}|^g(85#gdB!lKs-t6h`AA}s)pv}iaW3`a3i+j5B3{ZU>sJO#&r1~O ze5wjB_N(^hzx93((CiUlu3u-;Ti0&%swMd`F?ZsKztoO?WW()k8LIOfSSWhWPA$6w zamKu|!nj?HPlu^T1m1Zoj_I4LrZsqL61N{=@#)gPyUzrWQC?N+ONMd}xhAX1H^!j^ zvX(wxe9z*PPiePa-we$r{}rIfFv9M!mK`SF3*PktaDF)uJ3GTE;@81qmQ@V%))hXQ zEA(d^55;iVUH&>|yOAk3jrpkl=QdpX{mKn>?-kW>()H z1mOhl_|7X9q0QO)Zf)eAo}wKf->wF%8vLyj&n$uD~yO7qNS(Nh0@Jdk#lO zf3LY&d5T|jjyKD67g#+fE8V%ryq6_prlaNePnxE>ALEBIl3jxNm|Yd_SZP`2j@iza36t`PkRhv#YKiR_GmGJc znfWCnR{wG2m8)2G8+N@odb1VAi^2X(sx8uf;F0?4imz^~NqYnZx{KC{*PHdrPWq>D zUzgUJ%c=q|Har7hf}eMfRW`Fd)y<6ARFJoMR{wE@xupKEm}lGLAf(;>d!rHK!I!jW+(OXpxr>GY<}VSGq0m~E@-vspO^4!TH)+^&KN;&5Vg>&!plUA6eHqs z76F|*t>TDvd;s0Ymw@Q%*gTHtglv4&C6fScmQq7RKctLHJ!e?o$KOo(p-ga zwSBu65QS7(%we{%o^?{JXq2qgykfSh!k(vi<{B-p2%C2AEAN(;umGWuVbR#MG z$<_OrAs>e1ifAha0!<^|I+SJ0?|%DFrc$CJamTxzhKaxEmX~qv*yaf?I@rkadM$cH z^HUWk;tk(imgji)r#LK{&iP3DO^=5CEK!>FQgm5eQ6s2}zi$3O?uMir8G9S5;`G1j z@m*#&kCnvcoIL+)U~j0G9#mYa%*Km^ylTy%DX2d^Hhr-Och?9%|3lOKqia32qJ^L$ z&SG`VkcIJup_R<2Ny^Cl)7$52#SkX$%x_B3ubN*LHQ1i%AN1CU%jtrp!qGjb8-A7( ze)O!Vc2iHnn^zsNk)wS^p2jiqY3?PTwZ!S03F6gc81I3kW{JE(&7Cxcf*3i`z+^Gw z*R%Rb>EXlaMTyj|maNi81WdQ)jX#8+xyO_Gcz2zGdjbA?u>KuLRpc84yv>8sPH`gl7No0$^o z^-{LC^J8Z|i{E$Ocw^08*L-VSIDgVcR>*l={9s&iQSJ%T3(kbR>)^uVGo7jdj3+tz zl7+8zeHo7357f_%*BIO(sFq5(eUk_G-O7wQgY_G2Dn8K~9(J-bVRD2A*{nuqE|I8g zu&}UH)mtt!)NUsHAN~;kf91J;@NF-k>%;oA*mw#v^()P^b4IVhD^S^`0gvNSi`k4z zM7rU6;@MC2>Dj`=pEbcx?9OmOumg`L1~4?mE}v-S_3En~-vr+lB_8fxOIKOxihg@6 zA6KaVIiSJAQ!>9V;Nw=2V3%~AkQVA@uA|XEn^icho>BSvi08vQ(IpZ_!Do6r^Pat= zax?19ELF>G_4-CZqXgYc&-wvukulM!l^;YO`Unhf{#Q|i8X936Xvw9`9T1SXM76cG zQ9pGD)mlIJg9vCY8RA^ULdxs=^Wwuj`<@JE-GF0I%lHw=@8k6KvsPhI!-B7Gp+Zxn zZnWm&`{Lkx+Iu>XLf1o(8pyw|W*OMPy-5YfkM=>Gr5dyOAno1{zCj49d;%*ilS}+h ze*VcKgJHqUuXe?{k-=PxWNuk;tkn~AxU^fMd&8-io4M8A4c^L7#hgwp9JWqTP3-=% z&~Ja88Bc67uiyWp0OL5l+(-2Gtt~B!^T|7uTvnEQhp*_s?Dc%WQln#FpHjUCf@++T z?BDLl?@0CT-(098Y3*fwEDf{I2Bffn0|I%0Goi~qxnstDf@Y?76l4QV!4#uNg^CcF zgCH8t&F@rA*WQIkBuY<$x{D{5{SjuD{XK-Ry4lgZWYcIK-D#>#+GRH5tR@AM1)te~ zUZt9i$BC<^!61N4y~nVoCUCW6kuB2PT-UCsQmy+w0Qo4}ZJlG0Bd9`bmAb9bo3Y>I zvr_f=$8+!TOW8PX-UQm~;6Yk1pZ&FyF}Lo%CS^L&DXo+q3O%aiw$NnGr_oo^yo$z5|Mr<_?bTj2 z%@fysKFunN-0@wjUAX?UZ7RHJo9=!mA*R9!hf#hwl{ZvFx~UIsk?0>;!8FK>p=Vn zi32)k%zq*$N=aaqeuTvRrXaC^rv6A#nV;zmPfjf}ht%pziod#Kq3_L&;`izz6{Yu+ zWsobc7oFhqU*4_K#>r>V)Kls*;cMCS)x(x+dk;dBXH&B9{h76}x4< z)@r$04LX`%g5IrH^s`&NGG&}`$$Z1u$e(4LtE>ZD-yOes#G7us-0^;Vg;- zs>s2ctmH8tBz&#;z%qX^(R_Ah=Fo-xQa99$rPNG%vDrGIa%-uXAG(}in+}ZT-AKsl zNaN;3`lKr2=tcHaexLaYL2Vz!Ql^)N@#AMM>v8Vcf!&fX-;XX1xLyFO^Nmfq>qsNz zfWR#E;JnxJG**pY)%9JA)y3g6RvI0=qI9;4<*)49m!S1A5kYy?78L%U9gqUWHE`Yx z2mX8BqWlX~iyMx3YThx!aa(G1x>`+^ELw$fJ}1Ozo}OHgh$>E6U|kq%RZV+^U-PM^ z8c+7}Ib&Xx%y1LGsDux@`cA^M$b2KHS<0Pzx8KIfchw?TtY^jl1d$By{zw`=>I)sW2CG@0h4JZKnMLu+Qp`Nz=XCOscr_y#6a)(G6|N}Ec^QZj z|HmJaXM(Pi+!GJny7w^4hQPl!&|uMI*AEU&{D^5*ukFf_J3a^qrlVL^E7X{bo)PGN zGu7CkC8i|LT+B0$*SBX79HCK2z<++NJr&FES>+5bJuvj_bT`xFdwKCSwMER#l;?K2 z^W-k3FO%cNIETmOW_-W&$2X=XkPGJWF`Uouj#fPQ<89547mJ?bX;vFX6qSixb@os7 zSJr+u?Qgb}ptbxGJ*-uu=2CS5yiE>CoyqxT6g0ppRQ%{ABIx=6SU|@lu5pQ6Fc9pvoACuziht=RXA({{kqf znn}=aav^DFQfRBvzkvb>&~se(Qns1GHxBDFMb5&MC8qX=rq%PsZ+tgB@t#^DwnXMS zzR6WOCB7axjkYv@kD$rKKd*na z3Sm&<)Zi3x>N0uliaB||+l_Ww(TK3#99hnko27GZ+N)@FGhRQ@>$5I5vn6u~^DcbG zY4j%Y+Av!{nTXOc@4Di8%3&s-zbD~IVW%2v@hRgqmn5{K1ZZPy2B!auY5pJrjhtjG z@S{`W-+$o4gr)()3s_;XBiC!+y8Chn7VSE=?-LuJys!!D;m??T*=IAubg1Xf_-lXS z_EPR)nomFvEhBYz5<3q6nSm@*rb*~$1xi=iYjX>ImD$YMErA)GDxHOSeooG2Xamm% zgf;g+)zt7b`;U73C&}u00OIiX=(y%9)UX}x(C|%`Tt?(nl**%j7wy)e!z!p%f$~?H z)=LxPnKxrbqj4?WsTmO6zONRKl?r2ff>6pW#$P?2J6GTz2noNTh&49?51{XUf@XyD zX=tuKJY@X=w3~O{5mW^Y@c(%U<3aYpCqT~HneJ*Px?jCTn~C9;_GMpw^<5qFR^jRPb0 z(~bRLXV+M>W^ZQGt??=(pNlwz^0i+qV@BU`wRwgseXABPa73cyD|cBu9+>?BA+YHq zR7U;F1cF&4VE>3FKw?ub0Z7wgQ+|iW=i=lRBHSB{?Dbb`$6#;2ggrbuOGx?pL8i03 z++v4Tv)Mjk9}2d!*g4$7$oYCM0~XK}{b=VuOp5*;(05-m4n~KxmS9J8#*Y60<_2IQ zSfM2(b~vnxva=8B@M^j30PvOD1=#R<@S%H<#`LZj+obt_$`4M#lDwZtwGcsmoJe(G z0JPs5h7FoSBxQy<{NVROpt{3l#Z~_g^yYU=C3UC1!oL@#2*sm(qLOU}fd~$EPyBDF z82ZH^k(qCRuxL_DD77$ zPOqBQNj>o=S`C4cITA5E1ON?#w@_yaSgz)vI3%LV4Bh|pp&eA<`ACy}`vHUog&b;G zdbEMgAG&P3;sK`)5o#dJ4JcFpqn@B0{2Y2jU;W=B3d|I@sJJM2MsysoRsf!}(uOp+ zI|fcxF#hLYk^8%WZR)0KcYyvlj0Y?Oo6Mk263ATkw^`VT$PE6^X1sk0J&ReZk$*uH zwm?&d=CX64=n5hz_yzVE*MD^x>&|Z4@%;a@G(a`y5|xva^S>MbNcHL=s}^9nGXN5{ z;dnIj-+}y~DDWGlQOI}3+y4=^f{1IhT=%!T#G(NC1);OG+Rk^A@SvE}koS`~DgbAFJ`XpTDS=Pe$H2#MAP#TCwrr6SEO<7vhO8<(+eT z^TCWiYWhQ`omHC!nCH4Qxjy+UUVFtJc^^=XUaD5PU8)LhUNZoi$v(-6FPSl)^vmZi zc%K8dNpn5d{5L+f`xzuZJy`bLyN6Mai7Fd~%#oTe>&GpoXK$=Jg@`9h-maq2_Mg<5 zPpp?3DPq1}^vSD~ud=Xd`+lYwY9517RHn>W($Df4b)M z-axMto7nTa|E;{5w16{E6LDZyx+PSYYuWH3E#$6AdFN>yrRu+kZ>t|9)+d z0)E%#n@_e76-Ql#A>n^jfXg3hR9k^j6`xZCdq6?iLIk0Bh@SG7UTn@E`cauanbw}o zi=;236thOG(P{YqQ55jp$Ra>!=pqr$(k9qsDD<-7Gaps425p`L5eUF{`+7w0-298 z@gKk-sQV6DR17I}@!cm6joL{#HYknXMh*OiS-qWoSP@O~ZyzR>0M^%o!Aye24t3)I zpO@YMs3;G>RBGS$Ooi#sv5#Ew0F2(lQonu2G?@ml*A6YPNI^;XFZ(6o0Mf4M+3~n? zj$X-zVBBM62?n(ydcdF)54b9%0ddSnK!WLkw#44Tq z(fb~Xi+lp+!s4_@!Q|Be6bcM@CEhD}t5N!!z|R5#H30lIFSj_ce?^3x`4nJhFA-kI zL}`S>KZ8$T(!9fuMm~Jn=lJ1=4S+tc0^D!{senh^vmP9r9&D&Qp=aWx2Aqi~cN+ky zvBy(Q6E~g=uB1BdqWG{j%Jk=`_7L5Hc4uncDDQsaZ};E~a8PY)&H|V|h6%kH{|$gi zmjeO-M2p1!KETTs56BZIGO}w|qWSxXZ5t@=KjiHBi1JMR4g9YN|K;UnTua;HkP)0O z%{O%bU`nIFuSV<7tXp`RX5CFJ}0B;>qp_;h>4x1d*(AakuVMKugz{WJ- zt+au0xG}=@`)PEbuo~IfQGRt`nyvE#P;o}7p2tX$yTU`==%tCPuBqAxlo!qF-3T#D z4uGbWL#G%iWWXT5*=?Hd)!F_5;9IRrBLxgTY0i_HCFN{8^8m-@0C*dCXJcWvB=?ics&9eaa2j{(q2I>#HY1Ny5(fK%nIAlLUkR^S0DWxx7)c_46YDo8cZ%)Q)o|gS1c!J z+bGr#;YTPh2QL85)$OOKq`p`7>x3NCZ!O^rvFj@KeQ|)#e0>?4gBSps-?rizzbjAV zOu(Fnno=LkMFVR&gJEDu3;eVHJXTNFb|Ijzk!Gn`g6oDwo`Yf+k9Hw*k0TP@!76@0 zDf+;KvmW4NJawC>^5hNP-4TR;O#JrENHHJ(e#e7VzzM2Y?=ZmL{o#@R!t0I~g*2rA zu6{`X0|49QM4SM}Z8ntlSmP)z9Mq+u#%;KX%K8QHOcR7GsF2rLAN~TSfe8%51u^Km zhjM&(aJ<(K{6@Y3{<(7?zjQ$;;J?=i)RBYHOu-0)62KhC85s_zat~w3`fKz9YvF9Q z-!B}O0(b~X^5Ax`^gaUdmjl|sge33ivrX#96pj0TSCA zi_J-zDv7- zd4jbHB@5v?xAoLj5)L63~MywFyd%&T)@k`H7v=2y&$YgT|?#_{f8M5c5ClatjBBhQg|bpdR17~eY`PQEK>Z{x|v*A4de zg{Stq*|}Epw#m_ZAEe(ySwgWQW4L#P^hTU^W>tUrhKkuAyo`z`^HfFrt})g6%K>r9 z{u8UG-R<%eB}3FBUL`r+Ra^j|O6M?-zTP4@#@Q|JXL%0>cV?WgYgRtC=(<8^0O@h5 zKKajd5sf{-2)ndu!tfY@8W^s5LTm{qLyeZ)PcCT9fj8 z1J7H;lsbw6L~RO-rY}0dl-I~AW8z59*9JI-ol>Yc``p*l*S9@6jZ#-Lj% zT%PTm{{GS5gR36nratg61Nh!2zBgXY?IlklX8_r=@o=9jNvTW2O#>LZa%l#`2Zw53 z5j>|eEl??)JjL}I$Xg?Dnoasnol3;N2;_kil^S))4B782(rL)@hiUM+_V_Ya;*Gpe zvo0re?WE4@@*+w#JlY%e*VY^GS>3#2fM|ywS2^cWN)=Enu}-P99UcKSQmJp!Zoq1H z6rpKIQZ}khyv)z^u?T(J#>#_3(;(%sTf4rzaB29E;7bf`CP_G<_>KlNh`pt2Mg*Z!-Yr~Jb5%3_tmSdvZg_`+hG^NFUW&d6W8kox+e&m!aoYCLA19thV^ zr;8N|No~0C3!ieCK#Y)pg8nVIe{umx%vJQCDW^2SyD6t%j;J?-Nk;tvW9olbGyKD_lAf5p zA;}YQMG{#Dqs5;H5Qb9m7s!u<>6HVX;YS9R7Kf_0M!rD)E*gUV4$v6A1ktX^T+~_Z zSq9oDv3;Ft8(fITH2grzurtXc97|KN<}^Lwq(Xfg4D9M5wQ+)^aHdqebt&$5xM z*$WJtz$*v6Cwk^q`V9eIxFbMfz+E8uNZ`FCHdk^}$w>as%lqDW98LX+tcehpxxr|G zD8aWFLRWT|50#DKunA8oZ|oYW#xaLJ#`cyedDG5OF8ExY?8t_7BNGL9Vz+rmJ$$r(5l^`7^EJwpqmNcbBVnSlgCneBApk^9X1G^J$Zr3CrWr9`ytGCT$Q$f z=`&vAS_PVP*ic{4M?a30Q|gm(jm2jbmk{M_p0 z1hSS54Q$`sx12tkFoC&!d1zHHAf}F`TPWSuB!93^ENP! z@!Sh;qC2y|v5<3${<>o%bq?I!5aHGnMki!z*@a_e!s>q{C^{18mrsZ6e?j=!nAUsv zNQ={3w^j1nDe=V%b1!U6GW&hiHfO)Hs|7Yeo*OV%Ib(TmX^ILNl6|)odF7osd03Sb z-XE&{m%tFPEx(|k5A4cI+s5Mrl2pBTI<1kh%STXRbzQ?3S2Zi0q-JTJ`dq-{>W_gT z-o!yS*dMx}wEEkhggy)$E4?2vl74>@OdMJf;;#ulb_#WOdPRI!1QKQeVZso?>PBX6 z4`SlKz}r;=$kC#3uW&toa&8 zq=x)QqzqPocIB&VmmTJzdxq#J-(?i?6>}v{noh}r$e(-Tb-{DYl)2?)G~6r^n&lyd zcNU-KuRCXJv&JNLZ+kE)eQHh`*-AMQ_+~kJ;VTVJwigkBGwhg$>VLTqLlN&Gn@Bx|GD*1xs7mK;=<2;y>mF+lf~%-Dla5N@+R zGMo?s?f|G1)u(5r7#Hd3=S;?5z#7T|*9QRnVTV&^|_TIiPu;&01@0e6w8)_PVAyEFWKy8|2XMZr> zwX?JHq%eisHsiDM!87Q1Uc==%b?Woec1T6&H`sd=C(ucv6r(Q6j+z(BTtU^}+&8^4DT|M>7;4yVKQWgGx*gHgx#O7kG~_olFJl?3|(FaHnH`q&-3b72FW+GCX~#1Q!) zngkyoaFILvvHTd!?UhBp#R)r)68d7}zc2X;uK{MCwjqmc$FpwAh^vJ03>xKZoKfmE z2znA53LkYEH?AyKXGWDB@XIrphS5apqmYkBY7qu{lPJATs=2#v{snx*OWmzaQ8mzKkf^YeJMt$yvw?F>JraA7zzI+@3w>gGq+ zILcpECnYOX>gPHF+L_-SNv$U(=O!b=>N((xdxsmFZhd|a_z^p_dx3Pvm zqp6|N%H&k>`2xaQ_NU7@=w5sHs}jtDuE>^QhB!u4%Y+gV(6s7><0ba(yMrN37!8(cL=c1uF_7)eNVg zQiH=fR0wxTVs2@B7=gjvHDoQ}$WmvoXRkkBv#>qHT0b<(8rR3Fe>4Sm%AsRtS{Yr)w*-cGM;R6`?niCK9lEjvdSU@K7vyYy)K~OyaO5y>cHNAY#;{*;?aU_* z9fRi$VB}Mat5MiSecoPa13GWL0cts;7oDt6j!NVzgUI=o&@}e@5Vk5Y{(+a~Trn9%9^$xYMeq^&??jIdeO;W5e2OLyoH2TUU{%ZO$*D@=}*eRfaO8~l#G64>)LlqXQvh)vDR%+PB8x@NV>jf zPCZQ$lU_xMU02%#s4k~}!F?19$Eozbbm>dx$e&CjHlAXb+7WZO(=LKL?b-vyLUh)A zC|5&s$p{5%J@MyS)VX)$MBsWLT7tsWM5ae)rnf`s{Dq(zs)ceAH9Xab3N8?#*1P%& zZrwSExEH;C7}x*UUuSi-SaLMuX;RX06IB5VToJGr0jC2sM5#G|1ula6Y)|#Ny`#iC+Di zPBpww;MyjF1m)pDhJ^-Gb;Jhxbkqhy5>}b+){>f)47 z{pr`#O4+Fh-QbcL!nNy)VZq!voBEfQLs4ax@!H!#d{E0(gJz>+>$09W?Cc|*2dA&? z6*YrWmchvHz0z=X{P1$ztTj~>4BxJzaW!UIAIc(C!I)P|UU=RoJDeg_Yh^jL`*RkH zc_`#++Gofo8QnbNLzdeZf?ug**3H^K+vA~hI*fXE@0Ld@1SXrG$c)Gs9%`_#ki~(z z(ep_~#0i&QheXDq9r*jD!n^G9GJR%M9%I!p`_KraAZxh@MtxsRl=55xH>?PN{aA8J%9?Ju1JpRYyvf43-M{bl&uO>P&3c#XQ___7jYEO%;DA5E{S3ad^m4k zT>-Q_ghfe%H}3*#F_y}=J^TnFloL`PokA&WKs~{I>Pb>(Dkuf^b*{xtL-TZ5wA9RDH7aeXl1*(!LpU ztJv6MZR-FYyX7?q)Bx`N{FcA^wEgq}-arKVC%3NxfUk7l_ac!E2>YaVkhOIBzI08? zX_^L9Nj}G5(BcmhA~xH9ICtnUX$VMhgn< zook}wwx+q&}6|O>f6D&+%U`RV*oU?F@Ssm>9J8E&)4hIMcZsSju3}J@Ns!BlRKLQWi0N!4 zxv}OL$Q*v`8>-=Df~|x=*PSuyIQsMOP4~vpahJ0MM>D7{a(IJGMn?zn=2M_Py=J;` zLya+@QTZT#1K8oS-@JYA_)+ztQRtp6=n~|B&c}<3;&lQYHUBBNC02@Qx_Z=xT^L_% zV+`+$qilnc=rf&Ff(NYucXq(0+w#!JHL_KM#9+8 zk6rN20s9+(^N&Oo=*ABpYn@KOZ}pY{ex5Qb!xT8q+AmBpg>KLZ3!S~MmF%z)b%SZ{p!4>7XMPKts*I&QJsZ(2w0TL zkwI@$*=s<;_{!UeJ*o2w6qX6E5cU?EGu?ItFE*%NhYvgUdmXp#x*eIe?*JEA%W_!T zkCqw@rtB@dddtj@bet|4lmdTrYNyvN)C|2^OB6RaLHOePvjr`rJjSQV<=iI+f6wGp zDlKM3^Oag_Z>^GZ$n3$>QkNaA3q*O?k*Py-FHBvh&rwjK9mEC{|zr_&MTc=|}duISX&LY^B1z z#tOpyM$&sKBFp??ko{nggD8PL!X^0t{m#!7g=eQuEGmvUYi2oF*GcTbK#8!=)xM+! zC~FI=ZubQuyrz*sGQq+&%T8sc)1+4S*Ci=M9&EA)gac%?rKvJ2%&c;~_$e1HKF;T> z^G)8DN26nq0Gx`MhhIT*qjdpVH~|;n;> zsg&(kdin?#tJi%A)mG_4%NagCpbqMO9za30GMae5+E#rd1GFY^=~Wv+|2APgXn}94 zu#DfHh0k5Dke%PX(LUW}SbZV}bO%*gq6?!Z5}wlC$ouNqKScX}!Aik1R9L%Q*M{Jd z$_W^W?PlP{Kyu5xjKCd;(CAk(Tw%W=QOovGP_EfF(UV$)dus0^5T=9x+4d!h8z2#? zw5Z=!S>ao~O7CCF039?fub{;~I#D1~^omIKfd5CP!VWkFqX`5dULec6e^V$rY9MQU z;yY-AJkYxRc{**V8-#W5CLy3cT$^BpUpE+`YC**8;)eaQ3jZrA$a1Om2stzWG4?=U zv7%zrh3t*o+1&l zPly`ITgvEkIA40a1GJ~A7`AQ_b*>33z zY#YLf{@^;kw!&7Rvg5}u9Mgh}mKyM8r>yVbecanl--6URWI)iUBg`*R6kJLpt)U2E zIR!p|br6IMA@J!P;dNl(=%?CQINhG};I|F-vm~+BBsNg=#_E_QL;A^%L>t$^@i$K#0QYM?;83xS05@4n$|6sL$>pl7`*D9&eiL zl+dO4fWYUo(4$R5nw01cWg=D-2*QC$J|%*KlowJ=S~eBkP}hULpbg8RZOu-yCppUI zLlI;dDD2eeaPZXrIKhrey=}D{M>B^`OTUO_ea|?1{QM+`)s8=(&<3EJ1b51cX%`$7LHm!==Cj&{i?UaQ=deU}`Dr={GjvriN0AFRRt? zX|x#m$0maeEpT(P*z#8=$){&%7q4HxR%$WwZOMi^jhI_%F*bfKpt5vs=)3;?EP2a- z!UmK_m0p;A57#W69)@$QF))AjeRC}TbJ^h{A^v=Oly3a0V<2RtRG2WDHLqX|XHpaGLkkA(zh5C2ivOoAS8~DY(-; zKz-+s4rfC*>;Ap!+$V_vopk&?F#uMvx=J9IT9!d6G)FL&=n0im% z=Fn1dcsZ^2Bm`@5F+ES5V3fH3i6BRZHhU(|tWYN0zeqsgmOU zZ`REHiY~3eoi(m`AIFY_T<4l>k82BYbQg;%i$W2$Zj9B(Qi}c2<~A5hw7AFw#>-GA z==FsqGM{-z*J0?t2#vn5sk>+x-Ci7PK!>nQe zHFc~b=Gd<&48}hUCCnVQPG(;JZ2q&t6V}xMiiM?(wx&wuO1mA36fRc+>*?h;*(ztm-cnyC(WvY)PxmxZs1cJxK!$esiR{j9Oyjos*h`u`ph zV2U@A61Rdzc2;MeFGAM>1CJ9A6SUirs(Di1|J-^N_69tPU3^Q9>YV8{C?Yt1B~iJ{ z=}=w@*N{?{k>@=hP^08z&3mk~r0~_E>YF^W{z7d~jN6TmOT9)zc@b6v8uD{B4<)-S zpT|n(S-vRBKHV5Nf~GhZxc8s(d_jirpFT=}Fe#TC6ztB*1ddpvC9*me1@8{ny~9Dk z|0@Vsb>srpG;*i<0B&W*mt3c=$*9Cpfx>*S$4r5q400$?|Iq^jTeea1i%|r$=;R01 zzQRt&riz1~(jrfz(b_ol4IQOuRvW5jp% z7G*;3&(1!x_17@q)}HtzhEeGdq5YQ&V1iZr4E=~TyHB>S_Z%~5m+dgaYLW-5u00J) z3h}pgz#>7*T3EE7;Qo9Mm4Y4MR;>6o7D-uc(JFCK#%^4&K@~Fs@+;Gy(7exwOkmcW zXjk|e@g3ir8yXY$PKw?tux5d+I($Rh zrxIXn{uMVJumvswIow-*TR65uXddy?@c6~EEJ)KeaA!H-ONlxgS@* z8WrIZG#^SE*n-zW^rxnRTC7-#4!b|nBrk!6tr=X}Ov?-+bBvb!T@Qc>qBo{+sVOlI8&|jnJD8ELj@AMo7+0F0n zL4Do>_f9t_`X&XL8)0KBB|ZmJD3e9rmwRr%gbd`q>8RAdS4|BI-Z7lNw|DJ^#oio;DuND_9uNiV zR$fnzsNaRbcV`&7-9U;)qs2vbajMad8;zRpQ;@3>UL70kx$rN1h}8S5!ZE+C(Edu>l|uu zhGp#N5&xcpI|~9nn-&h7{Fe}iA0yb=bMG=b6lp+p{#E&i>hG|>h7SDQZa&)vOzh6* zmMrqOFmUYDcTxW=i29AD8B+c+aKBKYPXP@ir97N1)(9U;2JP}XuJvGieKp!v7VTb3 zi44)pAo+6|$VZ{xyOQWQ21%qk6X67Et;Q?R=bv}J;hFv8VqtBuf4v#m>9WNEZ)M^s zrTE}`)t=RFDc8-95dYZ{HXH?COo~3jTIx2%aw1vkwlqWZefgIATZL!&0oZ>P`Tz^O z*Y);R1@)1kw>Cc_8T3d|I7!0Z7yomj$z_1f=fZ~?{iBh8zA&H!$~`yEEQtZUGRaTr zN2q=y`OMssc7ku&x#l7X5uE!8Yo;4r zvNFn5MVfGLO0#?=BX=X-N9wn@eIowgoqQnJo@(0fLjx#pg9!F6lV{81KbGzXgmnz0gkO5AvUsG zoG`RHJ`AmnkCNv6J%=!GHaH;D4Y4WLT%pbxDHaQ2Q;stEqiIrZa9HCHeBQ7N|M>yf zeejaff*vAB5{x8MT|8cNd7pi5uHL5y!1$Zp`(vzNV9lWcL4tX~EYw*$$jHbPSV`Uc zS8xE055i!AY(j-;WuAsJIhlu~#)ZrRR+CM@2uZ#Bi>fbh#*+BV{=#-p z^K@Fb6#4dd!w7UjUO=nJ$;x^rZx49I57WoSoda!M-Xzj%|GE04~a2}9rL6)IQ_PSIGn&+p16~^puuAfOm{AjY;*@{@g@}HBMK@L6m75I>hq>qFyl%qkrr=+&R+>qN6 zYS5?)p~LxO{eXmkE6R*Ear7ndYp}u$OfN~>h4j6uYhTDrMT&^!GK0n|M77Kqv=2B zU_vnO4Eo!nzwy^lC$P(pQXe3LjekL%UGE|T`w&ts*lF=XaY+LE&%=bFfahgzjg?87*b=QMyUTi2^ytDhKGiQZiNIri0t597U;5e4HxzvdmzL4!0BD4ZsBEX z>ki8u*mvYW12{F_o5B|Z0zf;pv^aQ=TXxL&r=Bv3W4achX7jVlt45;!4#N;(k6ovF z$+WmqeQN56RW00hvv@Z$nZxyM=0kUL`irf$|m zHZV9Yd(EP9ZHjDAMELc~gBc?|KvMC(H&%AYi9MTk9+UZ^^9#E!T6;7xEg73V_Lt zUIpuR*r-z{XJcn&KQjq%>;_%>;(J8Np3Pw4L-u`?a&CWr01<80&928z=&KN<5Y*rM zx}4$Xff#k^ZvZ1L+ETozyr~6Bo}BqgI+(a3uG{&;Ah14x49(+DL`}SeO_3}ht$|q4 zc~&tULBeho+oN-7RJiB*<~2pP{%j#uir+>3)?}dO#^igBr!!5cFNQR`3K}J{)?5BR ze0^nD)NAzZ0YOS6ltEfRL|TweC6z`xN9pd67`jJFB&55$8A^~wS{R9;q*FSEf%_Xh z=YQ{WpZnY|ew3Mc-*@k|*Is+=ff|Khq3*x+;A5G@SU+Ao>uw{Cja|jVv?uUx0*P`D zZ%PMa&9~Ds?8?66uhemsKwh!WGy-`T=Y)F}7a$zhwAC(kKQ_ELe5;Jm`7c`e9Jw;W z)-$R}JLc?qhNyEh|9*}ExtAzJ2oMUJ!^UVtrY-TX9{!10=?tWF`gRLT74+gy*(1ES z8mhu<=p$4r1gT+jaH+c2KsjLpKmHt+LnHrE=zk-MXJx?mw%_P6a@(w6X6}#ww%33; z@>2R=+~6;VTh!4)>}M=MKVZ&IB2okVxxfd>{NDA7w%%rYOJ8DFgfO=$9s)5UmD06e z`m5c0B6uL4;C(TruX{W6vz^{Dn`dP*0>S&1D&=EqKY%E_;(}xw9222~FpB(g*Uy&w zsPXT!>=(t{KHv=A|DJlM?%tnw{Z8qhl?*=eZm$^sxh~oY?1Nz;uZL;=z}NYmC{+jq zy!(iu&9^kwo6!|p7aaM(wS;#4iOkNp5(p6i&e#Vl?)rx!JDWm(FJ=zP|Tr^#dn?n{V_htCL@=X4hRMI?FBl@2Ae8Y{yr@jU-B>C}?Iv;OlF z;vz6!cgYn|mCofMp14f6Kg zIw?H4Wl{w$HqTa0vQ&isUK7`<>K#u^doa;BCIHpS4M&ZR$J0N3Vwfo?D3BcztQaf? zVx~VjW;TBNZ8D=}pu{gs@HhPNqW@C3M0KjOj%!~upB^TL4Eji_&!AG^w|lSa4*oRA(hP`Jk`@Y_%WPwc<{ev)dap({=KziK`}ksh7b zHb)*_TR!{~MIK{eoZbWC3f7Y+o`HYQMn&<3FbO>d@LS=wki-rHdH7`?b+}`R6Ps=&048-UEqUgy&MIrIS2rvSh{tCaw3y=N?eHlOjLpdPx-93Tkv;9dbo zHJ-<0rHufcIdVMNiXbce=8p6V2N3|*X@JR6$ju~b>i1(;(-K{3%g|8Ai16@<&Y4E9T`U>NV`A!81EsM)9}VQBnT5=VdJ}!tH`#7P9o&OsFMJJ(Mpy&=WF!75CYUec{5*^`6`i1Q!iNk_5)Iq}-d98;I6C-B;8eU}$bgKfd zIFR&b^G1~-8^8dLiN5|#i*ag;3ujtLr8?<<{Ws9X2}HO44Rqr`pvwTlA~l+^kQ4dr z?;Ne;%GMD%IBNVq_aJv{7?jvHs}&hJ_sxO5FahuunJZ#FQOzbOeVC&L*{1YzJt$(T z^MpG|859K#ZIk7{LfBa80(V-ekx=*b2FJ%`Dh)PiBDW&a6SJUr$#eK9U%pQlUsSrI zk?U2t1OKFe-)@ciJzq@cd`kJ4F>v+a=0tp^kc^Ey8qp5t6EQ)gf6B$G|-ZFgrfsPEa0IJX3^DA-&`15SamwG2yKL|x*7s_X|LWbk)}G+}h(G7l*5F;HI$L$WMHcpD0h_+ocnKALm`bZ{+~#5J{%uWA({2qM>VLZ|R?!j}s}b`mnUZuXMRnms=XDvM&qL?Vak zSHyFPuETDS9cN=1Qia_~*fYg?&DX9<@tNvzwp>)=3`=#;ZI3P zp+xoq*ZB#{9~>+vUgog#go!xwo7QM3P}#cNd@6?jN#vilY$I>0VGuEC1%RanShV9c zVxZOs?Wtl83IR={um`7Aq+|FDISg6$O9M|_YxCE_RQMheD6jKAM>>tudYwWE6UCc$ zv^k#{+Wa7&9-$`H-CRHXf=Jq(_Xvcw{T5&jArz{y$YzmBrJPSZp=ncW7ab$_UAuv4 zRMx~4MlQDQJko@Hy?EQHl#NX3+qiqNw0``nf}d=2eQ2o2eqit152e5bJ-&m1#X$eu zYOF`2F6)-|8|NFqB$!h5Got5sC?mSdaBS92&T_SI=g!e%hHBuxN27eYP=>o-a%BM8 z>=6*@=9?Y2zc>5W2d9-HwB!E-KVH2b8_)j+zxyhWN?a2DgunFjKbh+HIL)3$ueK21 zGVrZES_&}TNC-GfzP3B{jsBF(yd_-_*moP2AD@a+n4nS@81Kb05{xDf@j=ExA2KxW z9dEy_er|)7<9t)&Ej_KJs8q>Zg4~Al2_C~s& z8hez5*iVfog&;wv#zDXMac$-nsv0yuR1v<)`jDM=GV>K$PwnID@uoVx zgHJ&BAohd7n>0YUQP${vzF+YpMjoi5F!7q+i;?}5cka1v_sKLE3WC>L8RUku1!<3l zR&BatbFsR`{>^bX%mkXv%71_j27o^Hg&b?ByMTh@FQj6Jy^nhEbt(?m?T!j4yTvkq zns>Qa_O8vZO!9+llKc8<=A(%+oG<%0RR)v#(OD{=qa|k2{BSWNXqjBglx;MHj6iii zO?T^Ogv&%azRCxT<^8N4nVw?PI0M(SUBAyTahKR3__NGR=LnZr!^SF+OjSt^u4j6NtD|2S3DSvC zhHM7^M0mUoUHai^DBJX~|Jk4A*87VFnY zM04;^1}p)8@b>51UAjX_3si&2QHEKC#JrRFs6v&~Y@0(Um4)miy{pCN$Af4F5s*1t z*v*Jjo{b9&UCgpzhevr(MlMn--vy$4_S~D2q9MY+z-&I5@5dGhjckB@hh*6zvo~R^ z8^AIVI8!#UTxJ3A)B*0_T06qNx$EFlV0rTaO}$3AWE@xBqe%CemFE0|17Q|ymQ-T= z@-A+Aub2m*)x{Bl{a+eCJ-5%H z)V%8Bw1pr*bSaVV)qbT`Y~6Ks^W3VCNkE=|eY4FYI>w`)f1HR&RHU5v|>jRYZuwuzi>YqYvld>F>#vHdfYmJ3kDtHOin%(m(4OHZL2HR z-*4I$$>Cd1mam>@EG6A@i0t9gyijlbhf2^lO0;fe|{xC zvPDSc`+o^y{CUR6wmvG=$SN<5_X~q4-p!!;?dMW+)8t8cIKhslpqwC0*t_9Zlzdig z`62ta+Yj@z#jf`yfb&ZbZe&%_oiQDM*b7Orc5Io*_M~7D)QiwA$mx1}9e&-}ihP-s zAVg4Li>e?Ziq=)OX`mjLqd4Otkz6HCpZgRg5~Eg`ltg(HECN&mb|A0DJt1W=Sx&so zcJ|cFBygkoF8;ou)o&CFP7Df$Pe;hY6aD4)`8o;M-~in!C2cT(Y5l ztz~!gW@i7S@dNedk3Q^gl{ViN$h*dmR9-h8yN@Tcq?&?WoO=}5 zCGMvlZ5h4Z+IfpyzS^z#ldp1(E_Ih4 zWVh`#`0J;^Wk=Gag~L=nu5y6{o&XhtuJ}R}(+qg+Qh{6(w0A$B{D0~qM2-wWgf+mH zZS_|<1^TD_HYJ7~uZ_s6XWGbb2P9n*A}u*k4c{%@C<)>E!AH?RAsJ zYB1`%;|gY`^jp~iT18TJHXz$NEGSKz0!gWF)m#LjNc4o-GG@MUv8aZ;PUy}zYkGt8 z2be%|$pu47)Uy2(Po^A1w)PzOZTi+}YUfBB9&Oyr;29CabiaDb>8vKQWXSEnZd}yJ zww@f2oKI)V@?B30ZUjqgbinCy>P#$x^F26A7{%2zyNaibi?krizOvr;dnGrusLLC! zj$zt!4`KP9Gyb;B%IWdHhLZYju`w)GWRxxy2q9G~@o_d%;Kr$&O`IKdyJg?kbT=gX z2C^y(&k#YIzlM?IxNvql!sqR#+o-{btP0(l@N@9)1B1)fjVoG+O^BnLi;fn}zHiqC zZp)YIEBp{R2V5m>w*a(}q=G-h5IdqFC0mDQ#X zIpNbDTF&{6x+~J{NVQ{*v|Ve)@Y{k^Vf|6uu4%*Au=wyy{vAL363m#jfbpS-5P7n+ z)pYHq+)J;fTc+>t>Fv+GA=q|{-jaNBAxCC~XI*>u_4zs&M#_6`sV64p1#wJ(5j^3_ z%b~#YOv|i@Yf;OyKGabjVagEwnbpYjtU$O+D)?@4h&}U$d=Ra9SfvN3WhSgi{CD%o z(4zNNZD!+Sq95wGbo3jtavq$tt;v}uqmoe@v~bCSqIIB5Uj9@d|-$GwQ&!Tj$5$5PZr^5-(457@2) zsPGQvf4%sJO?_fvv0L?*d$(L8Q1LfpQ%dWtqALc9VEfuzt%4snGaZ}#PK$wdaq2JD zTQ@=@U3U_EZ-dzHiQSyZ*Er*J15gyIx85f$~uWbD6zS zb4P~O?Zfv%68ynyt%=-_z9^UHT9O`3$6o!0d|RJjJ$3Yz4>xFA{t;qo*LaQtN;-Hj zy;!OqGlpEW8~>D^##TOo>n?1lo4DUj-^0TklL~f(JOf!H>ew8k{B2S{=gEm^P7a28 z4RqTZerVUYFbLmlz3-2|ZWI5DC?d&ew6#M|e^YCX4|%nI(IR_o_hGBc$taDy)G1V? z;{$v3eSjoZqTWL{Szj6xS24Plk_dpn1nw;jfy*;e`MP#fwe-REY{KEkq<`_cQHtFO z6EzyYIPT#n0EnHY%#R|%1K67S8b_7?PoBH`KZG>py#{A{k$3Ix)Wi3YD=701FDCTm zY8UtDKv-8QTBrKDiHnTE_Nc&Qt-xVsR%MBJ<+Y8Nnsq9oX&mX) z!9!$^?3AtK22n6_ayR|>V7x1Tm@lpO>^vDvs3FP{w`Rt+2x8nvz}7q#g(z@1J=CSu6BI`q?e7;F)H`~64O@CQ$&!U zO;==bkrQytIk#!CKLw<=c-=7Jj_)ocr6#~Cy^4A1cGGzN+m+0+l_;tX*I!@3)rS?g zf?~?jS1S+-Aw!xW)QJh_CNybk;A*uGn+E~EU+D4_Ebf!GxcVuU3q^q&6P$>dQGss-sD3v@@=TRI* zPU|~Fb~xOQ2SJcm+ew!bNNZicCBdef6Jt?)-5B@pDB^*%Z%M_U4M{3>10^Iu6XaJ>GmS$ewplD#jc_DO0G`V%-)pK*h`2>^s)S7 zz!F%BHG4wIwUa5-5LUYPM14(yYe9-p+>mZ6Hg%d+(y)?+tNl42O!I|yK?WhcYwEz# zPn&=V`5^Y{+i&y>bSG+G6252}7M!tc@Dd>5_@OLA#jahDUlFiSV z%sb6dXSrQ&y*$e?KVj1hT}M~YPNll;cc59lyVb|nV)a`qDKd3MBB300t}mRUs@Nfl z7P^Bbt#)F>R1iaFp@lOnN1!T#l#}bh8}%z%E3>#M6|pET$_o`>8@_lrA!!C zX@$M+505k>#pynirPf|@p&Gp}kNf(~nt{FK&TMl^5+JI}HM&BV94;{EYMc3{awdW0(l@m~y`4*il6@I~<3PC#3$pWtKJL303G@*5&^A^XPE6bA4wa_)f z+p@QPoehvV?Sh6Rqb#Ol%$U}(TzvD+r)ioD$ar%$MY0jRFxZRRD{UG*dwl^;t14-t z^-sYvKe>#h*yv07D!sgC7TcOcCYH{Dt_Vkui^YCWVjv=kia+l{Ibn=>IUy(f? zsGxE&<0FdePT(AD?;e_{S5kOeLG7zxr|AyAi8m%0W||#}x;uqG4sE+`Z;VM7Wdo0- z3+>#BTohG-Isi&eGsH)TXHEOIE%?EAxP{=pc@o=tk4l>`mwR9FE9jxJ`7OuCL&tII zKm8Ve96W=!jn5FCO4w*tFxz8$hFG!@gW$gCzw{{%GmRm>Jep6j{Pvy{KoT+OtH-Nj zrRufM#iB)LNTBf{i2u3Pcvt-m z_We^C9Jk6hNmIwjHyPZ10&Q1ovK$J2%MHQgZ#0%eRHnzd6wZpJ^yhT&5pYp)?b=Tp zJ+w0po{vy@&PJ_G$;{V6$C#m4*xW*ha+fgzNskr< zg~>a6rO)o2j5il%YqoFhtCtoq+3AwAyj17u5&my{WFBkuACfC%E|Fz1@!SAungzgE#ji%p3kD%Ve8rliaveM@3#egg>=ZHeoOGeiEH$7&B_@)fy*#Y zrQ&aR;ff%a07LCi`GNnC3pKfxC**P>X7YHD_luf2neNA}8bvR|8V+#6)_&Esn~PXY z`H8F0%?YIX@H7C)Ks0fge}Ig@)Mx&4vC>$BEbV+UX_AWCf%t;j?#zf3+f`=Y`#R+RQ%*{}uuB#e-WI z)K>aYJBY3y)tFHnC?s)j>)i97J3RlE1g5!7${6|LbLn$ARlVA01#<=8x?WCB5~9`z zrN=6WbQeVLSHQ_PN*Cd{okHZwEOHG4aU2oh)_ke44>;YRIT)QgDxsv0E7o{Nl>TlrfV$leT0Mips{&r_lz zB<$m%gw`bd9>NXJ6wVita}p->O|0WUB8Z;tjr7Vh0t8)z%u@*vRH@{hc2%?1#khHZ zM##6m5#ko92wvL-NE-jXAc$9l%V;1mcMwOw!sn`Os_xz1D;}s_ZPIT3hQuYarQtFu zkN)OJ0wY`0!J;aRM-75{!+!JPZR17ETx)64s7j-OS}5lOu16=FCK`SKZ(hO?yEQFj z3Cua|yJ>)bG(ZJ2TOyA2LYC<&bA=S5v{3G&JO7fWMXXkljt4KMdp(D-5gBadE^7P9 z<+;r%`gd<+!eY`B_))#t2F=EOoQ3;)$i!1N+%GS71kX6r#C0WixCZmm@EWF0)ZX%K`8%R%_P-FCYy5-5pC=zij}4J01U{0NQ%+t zhG&jQce^kYx}c6!X^|7dea;_wQaf5JJGQt|1c!fAEGO?Mt7z|)n1B)M?x@p&{jHsb z&9D-M>0!IWTT^j5zxo54p(Ojwuzqhhq3xUa( zzj^+xVlp5n!-_zz=$tpo>jQ38{mxA11{WZnXyS}G(WpsMQTkAWi{Lsdks>T1n|@3q z;-sag0_%EIiIu{Ndb?O z^&zfUdqs^xT?11#eWS0RrPx2Xh+rR?7oH_0Wuv>WqRrRh=_=5hdER&JCtL@>b#e!j z?B~Z)NqQVZBPU-N+C0an@YQdK35C=t)5z9EO&Q4ipnxid9B;&O#c7aA;Ceg&YgcvH zlL4%WT)jGei4?k*^mZ(R9ptaM(SzqiWP&ljt$^Qh9uEw5YXc?=f_z!r3jt#^CQCWZ zXbrRM6#tpnOX%ZRA1tr?Y3w*+_LgC*RILh(H%4VMM>Q9O#CA)3RzD#OEmYs1w!7Bj z|H;*4G~J#+qZ_Tg;2P$?B8^6OeVWdK@_}xr{iIFn?#lOSu|T&e_f|$pfifpsmzW}S z@_>#ZjC2Oh?6n8Jn$LR_pImZ@+;fVf)d0HH3%;ui93osGkGa^8MC16uZcYtx5?>D} z+4tg{%^P?kg%8&pneESx<8BMC>FqxhH|uo_+YT`Y{T-3067m9)^Qm!bRW3YnNCWrU zP`qL9j$w)=h28##SDPd0FW4aBo5n%dEjOYO*bZV1tSh2aQ!N$i&@Yof=kGHxZzF4; z9+VU*6M1)0Q(-4`hN~qpwtZ5;K-)H?BJcqS!53_Xq#`mbD)~&{><;mbTh}&Jz^#6; z(~Lh(HuMBkQYhwN@bH)WvV}Kz){5iy6zFP6(Ue;E4e=L@1L%XN)fB1gZ+5oAu)PDP zdouCFoxI&R(jj^tl&!HRT5ImuR7Q2ts2H|eFM~^$F1PN=r*IOzT(#Zb2gV>j=)>Ox zC+xmPg~t{sL}trY{lJY3Yp!Kz>tk1!4y0R=VCiEA|hi?o-pd1uLE0 zLsr9yj1}oY^{lIf+^B1Y<1;bl&5Ag`()~vbyX~PePN;A34~cD&c}yxU;@{nGAxir+r+S;raYRHdu9V(A!~2{erjCfe!vX4LsSCp5Kh*=ja%ithV|s0vQ? ziCY=cBGZpA1#|DX0E=GNNiaQxtj8a>ek~s?v5>+=MB+9WF)g7b4xObhVtjQ;9FbmC z)-OH@;v(WyC29Ncim1>b=w56&g%0nJFqe&+-1A_w^Uq+9?c914X_ql$NfauQRQ3WF@ z$;cw|2kEPZ9nP=hn;&zb*ss~>M6C8?`*z(63yISk3!u&RX+h=+mb4uS{XRV*Jw+WK zoN}dgM*2GOvQu|Fn^g>#Sqq2{28p*@&68euEXGPAL-c7eJxig|;C;+Pyu%%$=|agaNCduLh49NeeK;^0FPMVcWmd`2RwH|KE!hVc zfjZ>Ve51Dn9FH9SYb@zaUi=_-#rG`|@>;2>eEPZE}z$b&k-bW_Oh|x zSLY2RY?1u(TSICveG)9uLhiXSr=bUI?C<9Hr0Pi45#2`GNxPfS*&7b2{65t#b|YMNw@$COV4pJuMC$vA)=CK0dke z(6?Mp2{Jwew#e5yYB~@1FojIHE=he>m-G-jBwb2CqHZ>t!MkiI0En;Fdl|Ln8N)eg zy1S}0CpIE0n_IwoUAktD&J`Nz*$v=(XMUGor{N0Ig(S#>#pZ*&U6J#`_fcI(JzspQ z)r@RQJ3a{Yz)OXAL6_hr_<`{2Oj`RmWgw@${%h>wv`x|L3=A%?TOnuV-@J(vDK0K< z$Grwba7)0r-A9b8iTV-Z|lh(N!ysG_t3qnr)6e)cUypBafmYu$G)PB z?;C@+MfI~a-}kSEI$0LJdHu*ScZ;;%`+Xnjy+QtTmsR$FGDf~Ea2-OHCXUm* zu->JI{33#amX|az%m_2Ny67{8I9!Bw$@%03KmdQz{l?98XXRndCy*s_Fj>#H0>szp zMbSpB0Kyt^nh({TjU9t$0uA=K_jNgQTBKVb|49|HMlA=@*e_Jd%G@ z6YYOgl!NCV5r8V*GK^GpgoF+OSm-2?sU$zA&%%(FRskry+{#Yh0iE#exD(b=M~}JF zZG6|3--Z?-(x3zh=WBMQ3ts}I)D{3h$ULhE+aYL(Y;ONYU!qor_WQ70T_E9k5c&M> zLP21sv%zA+)J-xA)z+M6FSqX6ucm#tR;)z9@YZrSzl*Os0icPRIDzg19>;Fh6@m4oF%}-2 zD)UAhD>lEs&m8k=vU5`Gn@u9%+Ih+xQ5yrGL$W~x*Htni9G>-eN+lwSESVJe2I{dHFy(f?ur&vrUDZQmPopiG{Bg==x!`X3}}AGwBJQC zwE?oG4EP(CmyNt!Qc=M@mJ9PUnsp6kYzutFa+Vd2`rIZr9T@hqbsvqxAdZVJCNd>} zDy1rof4b+i%5OO#m1weQOMf%mk&Tqy;MsiIN7D8P%?}o{<|)+Oeoce9i-{y4c-x#N zDQE|~=$-hE#6N(a3<2>Oft?($dFFxx9-PZdtF$|r*2^TMo#6dB-QGi^m-QvV9Lsb- zJ9FtnH>;3o+5%;IpWo2S4rI(b?BT=-E=arhSA2=w*30~%DC6a!ogP1}eS;>4)<;iT zlD@Q=I;eubr;Qf7#O}P!Zu<>^loIRAtc8mIzWmN9^mEil?Y-wsfX=4oW#FIs@n!hY zRqXgN43VF|^>mpr!?V;~1GQVQ(YS`pm*M52rersDtq7d5iRNOzwr^}X!DJc1sogh+ zLe~2#g1RmzHm;fv=pwmTPv}3BH4R!Mi4dHQZnIy?`Ci2s_-jvDEO?m#)Wf7`v<{8b zW;B_VpNOO3iba4JaX48(#vSINf?mQs;?k!N+S9FEJn({`N)xJirBzG(euSG?|D4(; z-;+FFK*?=>iCY}&l@RfM|NR;V(xZLhfo-#*|)j8Y}J!$p6 znZoLw%|Pplgu8(Ag^r_|r~xD-IA#Ms{|N1`U}|Uul>Pdj55$SR;s#YuYy8$FC0|+u zoPD3U&0Abny=?o`i{kjS$UI$>Y2kZG{AS68LGFzGNc3HRs7C*@1HjFp|2Pz^T1Cb~ zki|Z~jrtsB4bDs)cTokCACQwlOm6p^UChaDHe&i^6oLJ(>w`~yvMk~`wWBktj5H=A zj#K6~$T8WkYy7<1Wd-&{K@*Fx_DpMuT$lXqaR)Z2jEq2pjUin!)uO&UXy6SW+rzwO z$@vBPYd1D>K~}C9D8%Wuy6egY+joGs!cS_C;Gz54)LOGlip06<+82>b{d!hV79IH| zg0r~6vy=<`vbAU^osBJB)Xm77rBDT)q>lW4JX?@&nfaT`fsbo>u=Iq?_?3RCHwavt zec^bi5K@T*Oa<5vQcG^$`3R*OVuyIC<@Bb+aRl#w9D`Pr)wl*DTQ)DUAL2?&y+rMY z#q3*d0%SfiQ_5AVOlcxd%eCUR%!aSm`Zy6w9OjpLOT_1JTXT0Qp_687*<0VL@31Dm zOsfKrMIQQc@YivG3Q={xOc$Mi0F+n>Al5yvP~c+}lCA}ks4^#MhwQ&Y$%>+hWNCSS za*$!&zN$alW02Ym7o=@4q}!q|pdygrjm6?(e)mc>EBjosEYPTXODp?UJa>;-%G1c^ z-Hr9HB;3eGbwGTg9QUy`13ixU9T<5DZzXmHv_hug{#4WI6x+o3asbGz^qk5;7A{V| zwwZXqj3SsS4X8G=YHw{W^7+D`(V->u-pq@HjE!<$$ru>q9I##6Zm8NgwRx3(-r10l zaxd%0UVx1r+4sy;cXo<5m&ccxEP+$+qy0?B$WOMtB~o+O4sSFoRmT}F*(cM&sZS<& zDX+FY^fc}C;e`%Q=PPNLkot$xbhx3DPu2gGeCV)#&=CN_a&GV@ z6EH^#!IWy>SGjb6Wo&m`e|}i&XHX}n=Uf}!T04-SVfJgW?mBM6t`Pn#CBeC&Eo1Y1 zF=D|dzDR}6co8*uJHPiDZ7`AZIaBpqD+Rp9gM8qSixq57RYg5049pkl#?K0Clv|W~ zE(PFNp6$-K?#~NZ|0p6+N)sHfg~;@gCjFV^TB3xrBsB#oevK>M;H$((WOui`n^Y@* z`zGaP{EkLjq?6OBG%+lGW^l^x{pb!{vg+8dCk&=V39o!j&_S0~BU=YKh+o`VU>3(q zf!k$^SblpQi>BXmdUgRD%#Dn1&bVgsppWj)FxCJm&Eq#Cxad>&a2}D6CBz(fnKd_m zUOWVTz{{OVPQn39?LTZDvei|BzD=1}qw=j!_q|E6VOdOBlZG2eolI%FTCSFATttMe zGUO}&7-jI0y-IqvMz?uQYsaBAFr`i=*;x94gG~h(q-4`9k+!x=y}mr2jAJ|_cWA(h zcuidO>Q6+lry3KD)l3zLx!UB1dIZt6y?XnrXM1MC)nwZ!<#floIyBa)Jeg8*)kw&j z*laXIDK`yQ(t}688OE{eiP9TWUVSWbWfKBEdq~WwaAQ=hIfObVQc(}`BCGr5C_-34 zE2}UGeg`7w4B&LoODGsIC?N|PE6?u#{3o&Cto=ph>$&LRHeXOKb`;>-@G{+i81};9 z{unT6=8wd>y1C}5H{{ohoSDjK2R~@W3CE7nN^FVUEx4WAl`m;B;V`?r@y;3Qu?RgU z@N;!&Thl?w=S4U8MQAPTy}*)eoD06QqtdV#OANa+8lcnX!?h1rkwEdL3pxcxl5;78 zeJ`03Sk3C5M!97g12_yAn2iVK`@`KPExGPs{W#VW)p6Y*ziEoGee~e@ED9%j0@8Kl zI{1+(w64*pDagyirlN-_aIBp0DV_(QG;H>JU)9=|1nq0y`0+v5iIci50+0^L$rCk!^Z63(*BjB(GbwY0|1E==RHJQOQWt zGwgJ~Pb>TsY`Hd&9weW{Zu-UU;D*t4b@L6Y!E*=y(cc_h7MBNp<%O*|<+5ERZN|;U ziEiB{dFVi+_}Dd!J_+#cc<UXQQ2sVl{KHpyhzrI;?iYrF7LE*&ei7Ai_;RJ->=yUdP25B;WJpKJ_^J;Xa)?4pkMC#Foqubx1_;nm~Z!*Qq1iy zw^>lW>SZNlaj39$J?YjJc3W>P>rwV>cp`xFnMh2++(;P!fbNl|tEbNdXaP5qIP%C} zX~1pwJ9_MDaYLPjGftv9YIDfxdc0YPs`@yKI8D48h+QeQV>B7fNCun1Ki#ZW|E!{u znaE1A(6LkDHyND#K@Z=yCpZ?wnI`HPdNXsvRX%r7`EV0THY`_PnvhM}gE_Q5n2=s$ zK5SjYqg!qO3|aw~^pP?q^iJ&HaYy7@SE`OAZaZyMQ$@vc`NM`^~U zw14F2W=cpmp8Il@jkQTP$v2-xbJxk~=*p1}erAe+2B%i_ddv89X zOK~3~oz?hpf!M2C8v_|YW@ihU&W|Ddq6qfu_&g$aabE0pJbUuZ0##@I>A#pC=uV0? zQ%wpR-tc(>eS4oyOiIVWFSq_^3fZ=~zC$Vf#P#?RbtEETZRS~6_d!>qSkh@_(R4@P zARC1fLoso%^*zT$TZ)=48ENm?WGu;_M<=%A3QqJoZ? zj*A4%Z8-yaSOj1}Clm}!yG#F>Il@Iec&Zpn=5eqf22|7CIDc=W&v$Y!yg#FYOQOK& z^T-QAZ9v3jqfi1Ej17jc5|DE$%0NMU?+luqnb5lhH1b}Pl)TNypQ;2ePE175Y0Pl+ z&DPuWd^2(1%E$#w>k~Z*3B!ZLywAqQbLEP4s*N>@Vi)1-XfK~R+lWjKeSYiNy5ilS zW}m#i`Ch;Q&I+&-b528Vi#z>N&QQKxYwUV+?U^Fx&2Kkb7Xf(r%8(nn#;tx^n_(6R zi({0Vh^3cW6~8?OcA}uSh}D_crw%=JR_#DmKQi+fuHkoZs(NJhoDLBw2riu&Jk<*8 z<|O}FD4=id@*HZc)ismn0GhCCTTHsV%#7)smoXIKos1q9sfPa}gy7>02F;flZQxkRT0=I2UpSY8cpF}2<&UIzLE3r$DrRXdGO2z9` zAu|E9cCh6FSy=oYVw0QZvN58bUvMW_Vn2vSMBl(c_ae~X2OlZap2>9s1ZJ3@ymU4m z+PbPADlXXiSVii0SWb6OQW!cZlKAo7?@l}MnDPp37uqS+SJlKDRm`*FZCzZR_m`ip zjmo5Mo{1lf1E@&@1k17FyK*bJ?MY4~W)?x8z45A)LK_MrBcJ^y30sGI1CRZN~q$k$|GtD2b5-E|VHcZWz|ixQOAdwxwH?Oo~eOW0S9asO^yFpbuzO~kwL zwpTh(tp_<7_z8pLxk`SQ*XPb@x({nfN9KuPjRfOWMnm+@YGPB3M`n>@J>&&rGcFsJ z6*?EAwreFvhVU9r$oU(v+oSPE-+w7SWYY!)IxE2hvu}t^nUlxFj-n2>1~v+<^Cdat zg*4eWXK(ha^^DFe#8wX*js!`wz0(~jczz`%{3y0FVO57!X~lRJ8lDSS&6cg{oj8ES zWRnC+3uum`FGU+*K-g3*TFrTeemc?lZ8v`6F@3|!t z={zzIFm%AMAE|xUi3tOC7v_DnQ+`2LYsLpXk_x-e1e!nXobR)mEEos&%)JS_f64Jx z!`Bz@Yv5I?Lwj*fmpxz<{|rgN&&cEd@*X>}~w7h7WNAKH`sq|~JN$64=*$@2|0x89Zn zwqSd{`02TKlIQzkRvPW&@hka}4#SzM(6E_z?t!~Htb{kzEe@y~59z6};VL9Ss`fy7jq)~srhaFbdS(*)Rp z&6ncQa$uZ(!;|!|ZO-NUJKBDL zb`M21TcSNaT!E>DY6sB=dLLys&6lMQzNI0o)5N?JNAPweAZY1q=@tZ8+?#r07 zBfkV=P)}L#3xQz!ww>@27ADKnN~t{matXDwJqdYDF3-@3=!<#!`qsL;sOvSxD|TlI zbXaxll&*3H$V^A!M+||$Lh-Gq)vtF1jH|WC%0T%BExrO%*5a?tvfbeZufcv}aw6_; zH~BMjxx^!OTz=M_*SIimg{fgOMC@;pkw9T;dx&k-}^hx4vhK|hg(Rr3|=X5 zt=^?Dmz0(RWYqyc$TWaGdk@`=XI7CXSYyugnRpyn+Sr-AnLIdN7WU*gf|KmPyv_Eb`8JEEPG@IA`3jK}3Y!k8T0437S2K{Zw7Q;0&N*@XD#{umh${DIdPwd!Wip z9&C@?RmJ=h@&LEP_?MzkP4+ZrRejIcueZ`{uC+bKz-ECWuhZ?j!Vu(HLVGn~+=@TB zfzL_=^S$xit325#%I?4iIKBgp*B4G!hvlP|OboR;BcLThD*hi92`jFpTIH*O(X0U> zAKX#dLeuW|+Lejpa+SLOG?4bBfnbfciz+Ni*E{5*@D3U=!~x7-+@(9A zu~pIK=H#-0LycErPxsRKW&7*icO&u7v?_p#RvAZ1`dM~r&pLioW?s6at=6lKXKU5J z3X5!mZf41`cNcwsT`%8l6mk#V_dBO8AnE|7@Pbq1c7h#tkB#YfROz)O&yyB83-k}X zwRZ-YE6=k=8hNLHcNJC{hRMXL-s5a0ir52Y8#jwN`HUC(_}hAi_$>fGDV;fB_8o2I zW^y8?5qGux&_VKi-d;{jn#Ay5YqNl#BuyvZu4}4+63|3$h>Amo(UqJ-?=!GJk6Fh0 z_!+RdK#HAm=Z-#aE!d{?D}mO{$)t)NDRfb@L}NVKvyYvDoLxt?*YLw~NT|=YKgwRf zZrks|6uJpyv&d1DOA-47-@tUae*Ldv^+I`pr+UFwebxrvXS>;?O!EC{>*CH&kSpf5 ztIL?d`;Nh}`!8OlSp3dblsjNbe)C?C1WoE{(J1t*Gng~AFPTjjD@#< zI5%>EcN4VNY7}q%qZHnH^ojCh$kf6hNheBuG2lZr5ZB5x>%XE@B?UJ4kyUUm`OA^M z4zC7mMO0s_)qhXw(qyE_lvUBCN) z@AEw0AKzN)(&aguy=UK3*UVgVa})cQf!mISXJQNr57s+e7NFQb)4VhZ8j6v(3YaK? zte4k=bC&7@$!%GLuQWJP#LbDpQ28B&KzbsP$jlDrCq5X@Xe)ljJ!iM4=MVz+duR$6 zXa3#d9v4X_L~a{Sz~p^#x=ZpD<1*Et%M^X3GdcrM%|GhtQk-R|Kl&ci+qiIys%h=5 zB4j`^Ce3pkrPyBAYHrvW%fR4fn#Zc~Bc-7K-5z|z)|%=gyipiQx=!q?H27LRZ7)q< zzT2xv*w$W*9=Byf%*qE!?HsuwBX|NF128(b1ZIl*dd8TMD+-$=XN_RPG%lCQeEAw3 zE9dz_njD9!)s{66_O3TQPtp>(2B8THN2ibH#A|35F~eb2lYq%yRN&Knum9UR1+ z&5W`=t%R8UJ{&-4!tiO7kY_GbP^ZB{6bp$N@ev;qM}5@-&8SlMuC#KUZFH449#|!2 z`^eNP(~b<`LQn(L9bycRUlq-`t6iYd5rEI3FNUA~z3uTQcB}eQeE@Ucq@e*+)$ipZ z3~UPE`Y!YgaN9)&D7By~Tw8kgCl||wc-_+&z9R4f;Yu_k3dzh(g*ohmh^=}`~D2>You=BgQcLdk^X(}kSVp?af%myol? z;CG2n9A@nBLrHcoB^26J%qEzxYt~YRzVn_h<7`aVlyQe;h35jiRcOP3FTZP81q;UM zv)Clcf#bHDS%{s#rz3!m%r`nh9sN@bHwX#0>bMLu@WEF3Cbqf9MhL|)EL>Gmj%%#y zS{crl(dTquWOd{E^3Lt_@G%{aL*Z7r}FUy^HjY0#H!Kt-V9Y4IN_>szz zcWo)a5nGeHL<2))K3i!-l^Q6NKy5E&K2Mu%KOZu*n9Cr_O9mgRWu%ck)aG(>-_&*j!46F|bXfgT-xq+- zRE`>sM^*J%Qax_o&46Gx_v7=omZWIUn1#5|D-Xd$%m7$mQAAP3g@@PpjvqQ&EL4%< zehR8=k2SM!2UqFPeRi&#Yz89GbkhxR10Mh`d%hPl$vazTjX%s9=<#-4KG7~_x18dT z{QOdwpMkz|@((Z24nVcroBXDlGsmN(Vi2hJBw~3$2|aB}v~_dL+r2mcgd7XPcWnY^ z=dP8cSSNG+Se`BOm1IKYhu}n(6&aJ8#*N96NznDepjr`151G7uSu?|iKR8BmB-4fl zY88ktWQh2o=%JFJDS;AZN2Q>~L4ERe)}V=@?_99xp7`y1I6n-QXa5pNZOeBy|Mdv$ zM*cGNPQUXhNT=$#-S^w@(F&D7cpyj{;*Sc}x}t+!=i*)Ms4?h(S)N!Bh(n7i5E%x; z0rD=;l)KeV9tG{r{`fX65&v8l&U)8t?+br4gPhNJ>G4ToA_C7ta;y^azZn*Q%sku= zpLy=#rbZc-u_%^BE?BtlZljDlS!|X?w#Yrvq zSK%rr$`%qqD0+_(7}I7J1YAl2hUF0(fOuEgc8YXoARm^{n1@SYLLS}W6)=WQOo$}^ z;yj~_?+&lq1*U3n-X7RWE(`O}3jiLFKAm2=El+?gapL-)B~IvRs;%D1uKlDhxAFl(zr$XIH=rTU@IKdQ#5=Mvs2~aK z?^z*sUA1v`yE4tAHY(pkz5TI=VS(F%GP7DlMvSdVQAgb%#ptiFX+LLi_ z6TYkbRt4XT*T4>SuxIhA;R7ro03b_54XJIS)&%z!Ag!Qf zGB-j>q=?{Q0ofQE@=Sw@a+Nm6NL|ZmG*X9}or>hedayrTw$U*k*LtZv!?S$d9)Z)n z0Tx)5`Om>tA~+y4>ZRZG-6DiUUh0T`7oEfNF(*L-X*AfMJ{c|#Wv?ZWv4f$~_Vi8> zkMTS6(w|HL^}Ue1l|AmdVo0)C>6RMebN2kKE+al_b8)1i!@=ti*hW1Rmc%%WmNw-{ zp8gP!&M<{0vuYYZk3CL$5qjG#zWn*-wA;qTGruWpf?~*&* zWp^#*l80xA{Y4+7(n84&3vwQ|eKpUOvQ$h7cdi3kiV_Zy{%Ks2C^-4YtJ6WiRsW4N zUj7rIp{)tA4eX41Bl!34-*oib1Mk?CokVRhn9V+M$P5!^!k$$ z_5vJp59+l21Iyp>==qpV{nXG8qD@L2HJg^kA79N&K?kgdzx31r)e|A_%#i!Xj5QZ* zbszI{k!U`~xA`CW8m8)0HU+#0>HLT*V{oCbj*osdf!B5`^z%Yf?9-gA|^F6?K zZrGQy0hg~QP5 ziLa>718X2I5So&LR#2a^)s8f$68V^Ofw3aplJx$b4uxtn=L_R&M8`*ZZXpk(d<| z0TlOF|M26iX9sk(1hOKNEk*Ph0Jza$6&YR*3w}A5!;S<1@BFEk$RzwQND2>{0ZTI2 zqy%={P^-Fr6>k`zK*wa{f;)FY6L4skaO)DDam1>+!Nx>bRgkcEu`j%gJB^EO4QI6RD53lbpm3M}`wCiLhf6n3|o5 za0=^*z+}ybV^tBk!5o|P&H~B2fyq7*$2|JZRL2{)g!(A8MuRtfB)n}()I+`B90W%`u&N$x~ z@SLaECTIJuOXqN>j7YRd{$-La@0-vCs-6<8ynFFNa3Wj5*Sz=Fr!)ap_bW$OWU;Sl zb1-t&$8-9^YzCr0ww%`pxJN!jL`390<^A5vWF)L1>rBfo!H2R`_j?VCEGFRs=kEXY0B4t!s%j z^FQLyLMn3f$H*qF)ea7y`4`h7|B|K}=1&&Sb^ac*ouV{?>i~y%^=By^|+uqyb zZ41UdlK17|n;08lzdGF#UL*?w&S7mayfO@T5ED|Cl9}<*_%_q0+231CVeK2L|a zmK0AilG>`8wa+u$PZeq)Y?0b>(Oo4+`K`jm)Bl1e(ow&ZVX z-UqT9*tWge9Z1&-B$@fZtubYvar<{izOKxn!63nmtMD3$sXi4Sbu5EaV55ustlPq7 z*JGK2ZQ+DQn^W>+DZ~A+ABm3@Q7S=)i~ouYvr>ACT|k^S{1d z5Kznm#|35&N=kH67MGUH_%vNTfmJ4PoQGRvs)+o~j6ihycX9Ewi=mNL(Xm!D(urON zRtBh^cRN4OSJ^u5<|t4r)k9%39(*O2tmR{F9%51aS1H4VYm462;dwd#6Swo}n_0{s z(>@5xYb0fb&{dlB@UoHKtKec;ipTo3D!TRo*Xq}QxAzsY2`Ad!@aZ+uVkCak<0$;j zBy8Y}D#BhN+`-kRsaR=N%8$u8rA@v$O@E#1F8K7i#`(!g*P0sz?c8#y`(@xD!pvAE zmfP7VfAkuPX8XK2QGpCizBSwDaTb_^WBB>L3A)z2;WKh*%APi5oM)BqPCn7>an1;Q zQ>&@YllztzFHGQ@i2hU;OlN^r)YK=oV2_TvfbAbESTV|xrv~EG?EUBn_^Gb0_+GGS zFTLW+SkM7jiTnC8p1RZOlVoK0v z3;*UuQArc$DismKcE>{Ow{tto#7yTJl3~^G$!e<%<+g%?E{;TiR8dwK4~ZbJakE!v zw`z*)u)m!G6_)-#5#)hId#gzJn{sk;Ij-jiFMY%^#iFMZ$uQuxDMuc~5yjpSvC^)1zd)OM5aVeJWVMnXY5b!+nE zaFzughJurHV73TD=GdCyZ^TrV91b++KX#G4(%VU&49biB4VzIMBHY@Ijt;d*WG_O6 z@Y7WJ9JEjnT**l_r$MIBj#>dLq&z^_5(U11!yVVC;gXpqZOV1FC4(RN&*?zG01nbcmjIqAV1;U#7z%ekw-N@a~hT^SZ{)aNR%)amu6YS(VWjRReur*>dz8 z3sMY!Lwh~FqgYVxYzWI5NyfbqAuavdAL_(P0t(2hi8%E?zHMB~jaq4qaVW(}fTd5mXmPyd*1<3H>OT{aQO} zOCSQ#(d6);*=tBXG%PR>3!UQCE9ff06EA*6gympDpPl^I3(xN@e=;DEuRPrHvoHmu zwH?GfUtu3vBSD@~k$HUcd@k-_yX}kd2nH9Fq|*EHcg|r{r;w%lQ!O$vn86;v74J{p z-slG-{IXu~PTsr226!QOCwsKxTYe?ymLcxMreO>}7S>xZP;0mOdl3ZNDl{O0O{-`Oma(#PR5B&8-4pE$4=d|VL| zaxTxH>+Ymv`55u&K!(YnOg=(jIAo$e(_UXDt0K+Nd1#iLb*U`XxWj9y{C3_nw?bU0sc_(km*qd~l-?adi6HVxkLaB)SA{pd&@emBsy}L?*&S-TExZu+F4DR&TaC08j9<)EFA&WhZ2sw?FdHkR z=T&z!`$xmp<*NyC9+FNZA@yHHd1?2bEXStmeHrQ=kAZJkPubtaGF;glXwbI1u-y`D zP!#0>Nmw$<_(xSZAoKT{JrBBCbtv0f^+P%V=jtX4~)yM!Lqlz)3&s=lt{Yjn7! zEgu&+yW?NmgLPVgr{L&nO5d9**1#Xw(bw-cBl_AGWpD=xgQ9e~21#iA>FJk-)ol99 zi1vol0&zR@*kEY17;a`{w?E(MtzdBDoDkBW?+yELZh!0&iM{dHCx8|SiVU8-J!q$Y zh5?EKw(_A(VFc?fP2%cd_2QA*73fFw^46n-ca1)vlkQ713+zxUGipnf+aO}HSwgcz>cr0 z6^bv+D6_gGrlPW>Yj)Q>pP#sVt-MKY{+q}{-@tIaAidb)xC!Ct|3X`b3U*<5?ZHBq zP|ZhvYqRf*dMWQTs;Xk=A)7_OfLTGH&5x=(6Z^tZPQ~#LFtK3qhk>c(x^PSyE{cY2o6sc{;a!&Dk9h4Sj?rZOZ+_nWdZ5Q)d-*b0& zwsZK&X1>1F&CxKR84y2B`t{qU!E3eGsr8LvZ?`7GFZ2ko?*o|&7L_tFF?s6>2ndWj zwSfNS$8hJo&jqU7S#FkMBIPSw-&1QcH@b_=(B?P+G(iMWr3{Pl^LT5SR^>B)J{2rr zFaG3O(5T6QCj|boy`*JZmw{xZ6>J96ILuu$s&-WM*n7g+EfDxe7Za!YtGd@#_-h`I zw%w!QBnG`x`4V}oi!ZZf)C@Q`<56b4#UnGJDUQkCZ+IAjf46@lsq0r=ag#KiaESWM z%Oa{^pghFaB?N4)FLKp8=u54lh3FtjjMh=%0-{ zrQW>opTI{?JSE8-GNlCz90qy@GUF|rT$vY)lakgjRBy9>>l(hc5Teg*Wfv;IQE#Vm z`L#?7i_((WbP4EyrmLgWoir0)*z00fSiBH+n^gE&N^#}Fuz-qxevXtT?waPyx$sI0 z7JiT=l?69kQ@~7C5uZVxh0t3zb%EI5ZEYxu2d3@a$)D%@F>Z7orhvf;F@v&)B%U7yfBIq+h>$7e-YOpey*5-?^2QJN9$Kx_0^-9 zadEqdr(JhV^G1|zp!sbS&*PVnOzCXGWK?mFX?tEL)a*}x&lMSpS+Fmsp0Q5Qh+TI zDvANi+MLgfI0%8AvH$A5AD4P(X3TDC9>@C6wErGDHI@6|bYw1`PhsaQ1s{%76j5?Z^f78XS0$e1QU9d6sIU-H!#r7K(R{;mc&HhGdgyxWq=ZWJ)9K?GVq(HPZr56L$885#n}hir{$V>U4p9%u962iy=a1OGySrJt>{%!? z*3~sOD?g-q#N>AEaewJW%s;XK=UJfYRY;l2eE`L{+1<(@jQ}D!?qlQ3(g7AF6bGs& z>pv2wfV7zl)Bh(u#^(UrxE{Q#d+Y0)_IhqjAMau@=;i*(nX-voQEn$v!k$9ZYPw|X zz-|EM)6$}GbhUtbRfCZUrNmq>%Khh4N6b6*yYhb{XUx++KIF`)D++XJuNR-YDe1_( zxGvZj)T=Z$%z3He|8gNOF^}&mH)x+uQM-}lyBI#*vW|3OO|-ArM7KcJpQW*9(!cgz z?7%bPx0Jsmz)w4We0>|&zw7RLBula}{4>j?*3N1>S`y<1XOO=Tk z#^+rR%Z1CYPLpltezyUy!t4CiWJL(yK)rG~kE0G8O&t8!(?hB>eU1g(R6I|a~zUP<9I zOpB8pLqZGpj0r~@W}K;1t@PS#-8sJOU$Z~fH)OXvGmWn|rE}|QAJ8&9?M;mpIju=9 zP_~f3s<962CwG;TB1RM@ru(9l6@7ae(4EVoNuhpPVr;uHEvzt_+l$8P_DPA2YPxre z!6WmXW&zF%^BjeE#rp5s!5v5DoO&@`od>*TgvGd1>TgJJYFC;$n2Ffe#37dNwuABL zhl_LtcuBHP_SmI}Iag~^n1*wVB{?mxo=_BPQXZKPk#>Ee{#^Tk%O3{#(#BZ!UI#@a z_&4Eyu}3z9fq%r=v^#%kg6#)R6V+P7YB0cfU(#@e{Z9j;N6vxuV@iWXUcrp%dUY)JRw<-rTW!tG=T z9yt%zbO;z9EG5lDqsw-U<6puricv7uX+&oYX)BBIr-G|i3;aMfUmM)U9b+e0`6hdG z?Q3vKU%A%`Dym}tX6h|%E$NMKlWe7xVM@Sst^{Qz1#yPVVM7|h392X7seXQXN{6D4 z4ex>D-U%YB1GJub(^{j{pbS~?C8|@mHF2$)i{o>uTLGUUvE6>Ch?xSwi^yS72r-hM z0IY6NOyG5^D{z`%>SO-yXC2nN^+HupVqr3UxFzsRGpcKIw)fx=!^hmh=aV_!y@UG^#qZSTa#~#wzmUET=uL7! zTOup6X?A&q~U9V52ra_0k$;q8<7GB_|_nisbqq8&^k-&GL;V z@1jpBWK!D%=Uk4Wes#7+?`eX4k{aW>a>TsZH%mhb1d*lrv&4A4!YQy&2k`q$noqL+a%iC-=3xP!@eP%gU zCh-PGMW)VB8nfy3n=)P}bzXRdlpVw8Yqp6kd>W|!$;cp+yD59OU$1`Dx|*+KTYH+o zAT0%1tF#^_&w6n=qITk41#{?A$*&F!$nPv)vndO@M=8wmeN&iItgh6))Lt+EIfktb zzCe}vYwg!j_b1?!Y?YK|>P=nfg_KI}i$ax>r)F_%@+)6I8VRp&Z9N6SVB*>n8!RiH zih;=^B`9yat5^D^l&pbM(pp(+h;EDUd<#O=`J^b{pz2)yDa3eb8!fk_dWh$jo}S3n zj^Tt~l+8qY)PZAz5~1_HS0yt|uLqGtI;EgNZs{nk>z^^4%RFxBYSgAB5)4$hJoQ+L;Z%kki_bC*($7{km0gPC_b~DL-B`?5{aCXCbkmr(G)v`**Zp5x+i?P z*Lrq)#nfG+<_Zc@?yT(;zXLDdI!WwV5Cm(jO4<4OkRyLctCcT5Wf*(`2mkfSGdQwN z778`DcTE~5XI-I~JwrokynPY$KW#e7?VJ)gKIwCBhC_E|dF%TmuFI@rnMVy1Qm4sB z`8J1Eg1;Ya)`h)}-5#3OKURU`Vm@cs&>#P9HgqAjDVHVeV&JK2y-k%Nji1VDcdqOx zxE&{?0+D{E>8TeYH~HOF__iCJ<9NI}+$mujd3NV-HnYZOH-=|X3ylXK zTVqdS7aTs{mP(xc%-J-TdutqVE9vM!bzKcm4oeSp`fnWgGgG-Q>@3v79 zyWe>A(*@3(D*jV@&cnSf95|3RO1pi|k>Kew2p%9JBBFasNlE!Rkjk}!@ea7C+_@Zt(iLx-SdfH>yjRv zdZN#XH;=*E$aew-Dam;fFz^PQ-uXQ^H+yj-WxTh(c=;DI`nuA_ksZ}H&MmEr51ARJ z%1@DJ*tuI{sc9)MQcXw7PU6mPOcKgj-{bZWIb-lRx(EW)+yU-wtwJwosgn{k^hh(c zgljO|bf#|fHFKW$Zsz_bT$GC~)0mdMiVq1RVsL){SuToZ&TLU~-rRjF*vSe_`PTz#$Qu*EJ8HuYRd0M8 z5x-Air+Yx&rk<>LSB4CoOuNqwpdRg>=e?H{ZFa5sCAxWFE1g#=&!}n8tO^r1(NhCf zbU3)XES)S)$Tp1-ChwUSXpv;c+=-IVRSV>^w9ts>lp@ekGK6JV)<=f3v&I;C!y~P5 zA!%=Hw|tGC^P$<5Uf)Zv6g%@)e}PvcMDrtR;|x@XvljQS%7iV`GTGq-!_<27-)D(3 zigc>pmEAI=vFWR_v$cZ=Y72n7)mfn}<2Zp+UKYjZ5-q5f8jp zH{=@#-p!X6c8zS4?%@4-;7sX$X2WNfx<{qVYmNN@*_VCC!6c|6D74NOoC`V_;7pcUIZRba=7C%*_kejNa^3 zz5M5=*>pvTi3QNP3N3`_(dmabVMBAgGIKWwKl`tzkObQp#K*(Mf2TjRGH6|EWY=CO zns}Fy6q`9B&Y*kj$eVEm`IR~vrjBW^Ol07*#te*w{Pu)h1C)#{y6Qkpslsr~X=Z!M zA>hUwvYutzIC#0XJ#-m$k}1uddJ?;evr9ukK}UD77FNnPqU4+~HWafDF|HhP#p+Q` z^~UFjaOWvNug$IaYqlSB)yM)wR=ZQ;2B8~B*~i`%RD~sG z{5+4E<(3mrnk>}%>z zcc*``DNoY^&m@P33?6s(C_jSEQJ72>VK;60B{}KiU}n zhJ}TsF_^d^qXd?=2uH2%Cs{mWPrTubDk*guzGh;D^lcN@9=Bz6_~jRG#yJ@E#9VIx zW)%A))9_L1B8SDVK6FQa%Jn-h*nATz?tLTB@rq^||g@ERXKVcVa-SkinQzHOH+nd4jayE{$%+6(I{%qr!tC@KgY&eTSXcJc@=f;P$VK^0pCGrm z>k`#S%E~*Oh&AKY;5ctvJY$;(jrKyr1d`BO<85ViZPBil9?Gf=?R5Qi`gbSQIkIHV z#ex(j&T>rnh<8ySKJA~lZ=QEpDvlJV+JP9X_V}d(ucqI)AAVu|pyt}{P#GT#*3wJ8 zebonXLJ}mM_r1&aw;y2!3BSc49u*`W>5TrtH%rjD$mtv&O}A-accKslLRJHqVWVB z^_3gs!2=4Xk3#R|5uT6(I5P2CocYaFZSYQtk8Lc2@Xxn>$R@tFv-E-zr=$>@l9V^s zYCleCm$R!3$7b9dRKey*K(wFDK`8|L?+yRxUPqKexLL4`zBh1yBbZL ze%69N11z<7-EZ!;8$QfmY9WG^$l93>&2**b?u>uRVP3~Cyt2>-B#HZh!8vD!yV=B5 zBUWz?IhOKX_bAzo5$rwRcU(AdG(2;&)y#u1=k+#B%A*b96pXirdlaLQuE-=7Fl*di zL^6N*6Yo(>Gh+jEIPnxx479|}e z!&e^o{|!U7g4wuyYGKv19y5UF$HfsWd=e1wHV6xN!8G3V zfc;jzUPO29I>x|lKbV!Q*P;Zsy?#PW*CSk9qI}im@tSVQ?=r5+EiN&-)cB0t5iL{p z(&&T9ua`>EW{4NNU=2mJRs;8NnVtIQV(YKDs|_DBAx+pfkDDe?W|ZRiK-kHksQK5u zbR%_aL3iFG;t?}DW9ZK1<77QTo6aTwG2#r75f=8zsFjA4YohETdzrp>pd!j;SjZ#` zayT0t$Ng=hqbaFdpB==JU}UdaspyxyXi_j6yNyFH|Cs#VcWNi8*=}>dB8o;LYyOAe zFd{M*Ei)%~Tb$LE*MLwu1@Ua^Y9 zu%+k)=^3}Y0Ip=dBE#m(MGvK4+W}QZiK|^-ktT<;tNiU8_I(ZgN&qig3EB%DBJPmx z)pxDj>e%}CvYIw3x^+oy_H%ejr`E@_}-B16uxk)KP`|HgiBf_%&SFVp73XEoU{KDw4&bct~Bc;dgPy!U&-QPx#DB2#P`|&rS-qkgyP)VQCz$a@YNq?!L z$mNz^?vDS;$yV5`xD=Cpq0l8WAaK6EtD9}Cx@h&eThWRNmZeIQ3`Y~M56iDyV`Vy# zpWYyqVG_eakJ1jD&xz*;%UPKWM>1oPy(!slqS6BzCsk{IK29b$N|@PF&?p$t40|MT z#)%bIk9oa7BT0Q<8*k?RRF~GdZ8$?p(nL18v@J)XM8Nh8Z0D?Hi=gy~BONTopr3W; zSjP&_OYoSp3z!UX6<4%-*En2D$1_$IDjv_iRPg=67xK+yzwoGFs^uE?6G zCo(TGe%CMLFrL-KOhm%v7DgOj8G=1dJ;NWS&%pD6C~^3cWJNkF#$PMfbtAhTIatV$ z?%`AbBJ1+gHqV_`^MaN{kABJuKfaiJC0B2sF`H$_g<(M5SE%*;5_?{z zC-%Y4aRof&WO9@vHH%Q0;F$#omWvq#ICk@Pqc8xGHw*jgk(0hQc47}T7fZ6MSmW?7 z!A2*sje~!j=BlIipWt8Tl|^s3YB-H2wo*l^Z?zqpi2~$$d$4!T3c@Oah(G`XbN2W5 zb?9|x*0HiXwDm-(Vps>*f zZ{x^Duhn~YL=~iZM5HeM@i-6>Ka8q<_PyJ*j>Z>ZV@;o(E~P@*k?}XS>^vH5yRQ2- z_0U4Rif9tF@gS3i&r_)xCKK34!#s33nzbTPG)ht)2?n{B+axYN$gVeo(Gp|axO)m~ zt+iF@Yc5Wj(LGa=>L=u(Zo8`ZI6WqcKSv^wAW=1jSGb;TxDW=l27%U9_mASEruMtc zaw&aubKK=NLkaX_XZ5V9zIsl^3t|V+_#DNa6OcJGa#@d#^+jZ6(x$tbsSs?m$dd>; zB&jx(ecK8bqB=tJ9#%r4UV+yP`Jqn^OF%|t-%p18^UGGF3y~Z!^lSFQ&bo$PfI}em z?K$4#zVQ`U>&D(*l}S%%BUrzmknOB zV^Fmyc`H#XL?z702b$*)Nfwxgp}!`ss&$L!bK7~@qk2Q=)}qL5p{vcyP2_v9hNZK8 zNW1l60(+t(dO2_X3-3WfS1jsInilu*Qp3VZ64~h|O?Hymuw9Pb40GM3k(F?b4RV2^ zU+`53b9%OuRD1&|8B{F3UJFdqF4KzsDK%BN3R;Jo+izVLX+slk(XLCE9whhsKn6w` z{tEmpFVK{9Rj~$z`$_Sa+q-XBp7DDv!AkOB!NE9(ulvGM zhE!fgaQ`-|5rM_o{h?e)MWu26)}m;4>vqM8%4FqrqrV@6ivLGkKNvsjfFh{c=jlEx z`)rJV)_kMh8~$B=)m;$t30pS=G_fPMST^+h00Vt@s@^ZZ%kR#yZv7ES%jOWAbUnqRc% zdndQJ^wL!J7ALNnXZ;>w+>f9a!gK762frWak5a-KR2m7Jz2;aFG!6>(%fg zC_PrZzjIX{KW;{dQ))J>ym6fPR+-u7KCTzcLK8uQfqYuurpQ?GQVh%5?wXV^v9YlQ z5FZk~OZ0Rl0I|m@rk(fDs&a9rBmVI=J) zFUsaPPY$JdpI}0^IjRU`j8K;U$^=?FtZz~q*kD0~Njl>b{AKwrJ*`hXn15`>GGLh{ z?{l&xvVIJhF%wIX4wfv8yw2|n_#j{TCZbm(S?=kZ!)FhQp znvdrQbLKgTH2&?`cj%dv`qtW$LB87ZM(bO%s711yDx6(?s<3AQRXB!3x}b&4k{a%= zUMRQw0A%V$+S0tJqh#>X?>&(l(;v^M{|N3U;&d3mLH>D?RjTvU=pnED|X zG%?1Il=k8_v;TN1?oYC#kL-p*n%d^g!Q};?orzqUhg84G>g>#xMPGkM4wz^884DAc z_@(#|;?Qv^g?BAV|70mlWJ^k3G4mj&8djxWUTW(za`Snz>i!f%^{>cv9TxoJl>I!ZHar*+yqwG!3iRFt3#y5 ziH6H+%um2L&x$|JxwbIJt`;&v9p*QSBT`!zI3FF%y;x7cBsaNAZ7t5_uED2N!%Cr9 zEg_7$l6~bw9&lxvN-ccy;L<_Ohu&hBERSp%Cn+fHqjdG;skJ@*f;8&q236$_^r|8ukD#8 zR)T}E8GqMy>tMkC`hHX%hyq-yH||XcHbS@XgEaAOHj+Kca)i>)J#;+Hx#l0?4ew+T z)8x19FN_rWMXA4l9OVAv`@7x z!afN$_xi!!rca|y_jZt1LV%|$NhrY#Wx~^HowslvKxT&jBQvr)nfaKzeqb_a(H;RK zOpK%=RSqK6@b^c_0(P4?*x0{cwf+7*?o!IgiOGlsN3JLxZ{%qC2!R`W&ycN()$_j( z`~;5NT_2EQ#?^Q$d<8a;oq)0X{6WNF-v(cx6OQtevH*GMHF#tH zyPhQ;98Iu-BgT5Z3vLD*l9$w1JY>WQ__czlYD_a2yZUA!xb-#hvFYF7+xE7o3hHEIVt@y;Vb{bx5EHTdKhcP9^%6pnm0 z68h41Nl?s_CCK2vSDx2`M^;~)|J%{uDx%eT(we^8UP0s2gJk;z-hi~<{j87P+?A^$ zQ=ItO{aevRf%!38#$SduGn|9M&=@P+6@T2By02va-rAk&{`c?w@xV4Fd$rtcUW@be zq!*|{X@|qVpJllJlU9V3l2XJm>DxCgroIJwWaU^`Vw^AjFog^DWvV{jc65OHAi`_r zPmoPRN3&wgcR;d-M)Bm{V&A{mGr-P!V; ze`hWf>sN515Da=0HRx)zSv8laAZT zk_dsn2@io2?K5e62?&v9+8?H=azugArvFOx&LzVBsr3kasen;@4-0lGuE;?ocYoS% zYCI?Z_w!P(FiA)l{D=q%H-9hac9UY_!HY(I7j6VDqjivv^ATJb;At|8iT5Oded`Aa zoI2QaI_*XAUnv8Jh{=D(mEFzSZcGU;^1GFF=xiPp`AiH<1{eMObVtn|@_*K;=CNpD zCzHWh@#FuwYb`4Hfq?;?w}F9y_RsO!;o-9=wSN1H$zc%mdU@i52dVdb&jiyUp8!v+ z-H*U#mOQ5ta(Dpw$DDHK`Tq0nkrN*H?EJuLxl=g=;k$$72AUAOOEb*!gZo2qXFmV@ zaBs-|y#Y@i63uZ&5zyK7giKWQ+lTI>LSgiaCC_z|~{gdb5 zJ*>ha8?#>IRsg2_=O;6IJ^-^Z59E_2L4SRuA39NPexY)S_fGW^dNjr>ZJ!?gD@&6^ zINg}Qv_3G=l7q}>4m$ln{3`;xgx4N+T&-=grPimuRmeMFo|3`>EtEwW*Ucq13=Kq;Z4x^Jf9&PKimEuC*&DOn$JJAt-tG&u*IpDXhBCF z|K1e%d#E}Lo5qrzcQWv30owGbQ*$V-Z3OR|Xuw&}7?_8@Q!^jWtLdV(*xfsChV%VglnSQ& z^91k*k1zzPbhBPOMEeFFZs&pjcC`T*QO^Wql>>hxsoKU9*}jOldVQ3ae+ozxrJ`1P zlM?~itwg4H>`5Xh;$ouuXpWr!b9U1YSXfvsQa{qmvDmMP37+3c6%Po&5DqC8 zW}TbTVM?|_{i24tBb|1h{r>4cf`EekuTT@(5Kb|qKRGV$HG!z8Xkv=pTcWFtyrN%U z#tJ)qVZ3|A+O5Ad8{Lm~YInhYouTX@Icc8Eg9(ZldUY|^uU+8&WKB$Rb9;5&9CoJT zS9_DicN=ec(TF(Z)m2M$9?e*F5K-@@Ft%j5ko+CWL^25AuK?i7&j?(Ri~?;RW+W^GF+eR zr_rH$fnf`7f0hbf(d`D*n`li60iZQbnDZUzqGl>qyu1GfUSOo}J_eII!`Z>04uh=W zx4WfHD@R9`WNPJ5V1^-CXkW-4yY)i&70|<30yI%3B_$Px-UCy56oHYXs%y$dfWi@p zo&t04l%=HLbz2+XkyLIrWb4!obLfHSl7ukDT*3Q#v`45lr<2q4|5 z_DkcwGw|}&5Apn!nS-xykkg_;3X!zODRyD8g;_aX85G-zeHf4Dgu~6qtR?uSZ3fGJLp`X19S0$Tur&s;g)d>$!2#Ux1JY zGIuJ4Gja1EBa>1d+oBOg${Ike{B^oSvEVy&C$$MMq*PUpBHQoT1I<%p*TVvXXsiEe zgSq2!XN+>|)1@`<&FyAi7`1w(&Z(-Z@BP)m6)>}`yuEGOHduBZ7d;de5O1JI2UZWK z0TnPnZ`0|T0bpPt4I$P}Ib$ly$zQm1;oFxB(ztgvfG;8fI^b;Kr)xxEffWsg?rN@E zxEy}Z1EzUJNa^J6X2`u|(BV=h?YwBUTWu|C2Zr#z@0VO__fW-^C*b-d@D24#2%wbt zuMlr)}+6F9lFQ?xLQTtm<$gB?`OElETg^#?eBB z6LssuY1_e^{6`mR?N(>%->N?^a5(J~SHT=t_t8qiE*O=skMG{mMM?I;)65OnkR zqn&8o*17hX(Us)-FISl;e}i{sSHKfkpjQ8lD-7&GriHongl`H*_x#np_xHoX!ok7y z^i{`)0P_iB0c1ja6%I1(aeOzawRNB-%<0^K(c6Q$u($MDg%{cAKzUtk>1rEh^a^Np zHoksTD9v%3tS8&+Pb(NI0cqvCE2wik9M9cs&!j3p&&jY?`{tg`kn}eIfRYmE+yGhv zlin?Jhk)!`@pxj_uj9ok;tt@*%YJ~o5U8L2jJ^l@0+{w*Hb$@ASeWB`FS#S1$t9?$ zs7RyV>FvSeypK9^dvO>@!3<2R!eh5eqH$P{o`uaQV~8`-RsH<)TI=B+T6?~sF8gVfM4+UnqaZP?*agiZO^K}O!JX%zJms9 z{7Y1&j&zaeI#K?*+w+mO@%LIb;4V|L`Qs+_+uh@(zA(t{P32%OdcY<`tLkNJls9NM*_|k@ z>w^5n0t`SWhXdA61UxvBY8ws2BkwW+qZ5|sYjM9I3XJqB2U2_>k?y93+J@n$gKjUQGY4(~M-!T^L?Bp_!l++aMz7btB>G1U zyPfQ(vDIRUVvy_U&r&P<)z;+0g^KbE-kAn#bqfj;rVJl#k7@0*1(`&e>2|(m5tgLB$u0 z!b3skVgmz^V17e*O>$B-=a-LQU|=sVd+<@L|2@cZtPA6fIe_hpn($eOCyz`(=nP`^ zLkVnnxRfHA2r5+3Ffp0}^(>TV5p~CHzQh?SDm6M!FmeFuJHF3r8z1cx(`Z}9R(Ec+ zE_QE&veL3Hb~7ec*P86R)VIl{4NO2P!WM`qjB5$!LJ0*6F656&1q=J#%dfFMIsrW9 zn=7|mtn2xZdX;}yRpJ`Qns+Lg@Se^>TSq5S#{5O#$dh&Wt~E+2m;QMY2q#8p-f;5W)on#)5U7wQ#Ms z@CWjqkwZKy? zG*(us^mt<6!|&=d88VT<;(!b%=8~;5czcc;Xks_<($y33i1PvaFDm!LitqBZkuhzZ z5Va{=AFhum!MhxHq*i`{rB!5e*y4G=Jl)Qg0CV<3fXzWBEQEfo&~6fnBjOWj0_NIv zAI_JH;V9{z?DSjCsH zYppS+-{=vspMoTX7Y=L}^cM_Je^B_XDOx#YZJ_k*kc~z%;zIipbo27ZSw(+H%M;>% z2_&+8+7Q!#7}xR3$VoVn5NWbeSpF%{DCaz<9Z>d#ppy_67Z*-~!OPvFyDRA;349?htLQy zGqMn2cd^fa`h|qPcMuha$*|nyckRfk?f6BYHAB}KN!)2*+fY3VAQ#ohP~rQHu|6AW z;b$MMNn1zo!|c%r|B1}DfWP0SChg3Vl`2Z=Zx8yK?^G137c)r)iX0ru3vFCbDGs6V zMOi(uEx|+NCf!J1&wMC(C4WtOpsfxNMhcw>aF$?gys^a9{1i1({1aI^FgQsj#u#Xm z2^^_Wxp6Xl(E-0iAx+q1s5>w;fj8-xmb)lW_qv8B2eXxw8VSrWj4;CcvgNAK6$zt4 zdj=mdl6KC4u&DGqu9k)33WAt(6;w7kW&-%AF>i!q$UNQf zcAk^s=sfyeIZ?EulLD9b0PxUQBuXOPFfv}nPs{Z**wo8C-H!I@@;`0e`zU2h7ptNk zu<`O!-r#L={KU7xADqdJ7xS&XopPF7@;^{fNd$faaP@9z>@Ml+ z30VErAnl2i&m^D|5I_S?z~AoMY^@1NYw}_LQOE)o31Bg7=lNP+S_qJ^q_~AWZWyZy<0e*Dl0u%d zX#IVd2ecYuJQ6KG%j^0idYG1@KOf%YrQ8kKC(TJ{(Z+SSn^PV0Tw_w)Rv};0cv0ny zCX2`2&LC9oMsyKakFeK-(As3}e{F)G_XeN23PA^dCX~ioU8s99l9wo0@#F}h18z6~ zA_5F;b)lgm>kZ=<#O1c?E}PI1A!qq?Hc6InV$-_VH}64*0GRe9*mGj<1u5rWU&nFv zu&r3Qk$0SYzQ zdI4?5R`SZyPN8Z@7dae-ZQ9o-#p-ud@EY2ZD}7zaP#pLOB%DK2jb$ z5T2xNmU>!N#f&pC=|8P+!g_A}awKYru2W@(o7d*M`{wnQ0@IgrWIhhDRf#4iIk?mY z&98GL)i>YaUSYm?{2~;9$S!V5la&blutdw-ImCz%Fh}ChF3DhtWqE4xJvkwnyk7HL_9x@~ zG2B5)_H946D`zvvz$bwI6z<2j$nH~N^^IFBagr=<#ggLu@q@m2zWwtX=MV}c zh&=1C)(!PRS{A{#i3{4Vh2r- zlfy)|jD$O}8PVG1b34q4RQB{z6O~io8f!sIB;pV!LRD|b%G7!Nnq-!QSlm(7OLLj3 z&`wjHORj5fZz9TyUTZne-i@Vff4TyVNw@qS2``Uof$YsdWOwTse&oA!9L(CWCFKMi zc-Lu@^%vi+UNVIQ#~5|iT&QteHT5E*B2@(=QDvc7q7kp`P}UzwM>71P+#@Y-cN{86 z?2+?V@D?OFUfqJiXEcfMPL$G!8G{Lt+ldeIhTHuU)wlcX9gX>>zebtt4`CFl8gDoo zuJFR~G@&8bwd8~GkMX7{H``)uGt`4jyKa(+eD~+VmQf*gg@Ds>BB@yCMc~Xz!9zZs zSLs6btWOBpM@B+Q{t6EZJ8djwCG^)H3BYd0_|v1UHly2f!ceqqqGY8fDaF52)Z6*B zkD1!M75bU9$Ek#`<91q6H#vj!x}Fn(f3&y8%UrofP*`2pJsmHes0sBY$mBiUFCJh z^sG?)XX4*MMT-K+B~2@#N8`i%L%}xzx3?;_#u)maOw#8L;UH;|(_O%o=ITr(@zgH; ziDBl^Clpp5hFqFNG}l3gb|ZlEZTUsP+RbGo`Oa_ElxGc|k?`t9tja!{Nn?AB6|KGG z_flS7RixZ4)ozVX+DNql%lFQYl$>ukzt|A|?oX0&|AMx344i#dh+}#g=I1iS3FICY* zYOSCoBpL|(05jo2{43B`y`T0)d2^kh_os)k|MVI7p4wCN{q~AQ9Qr^n)i-@h^IN%^ zoQmLW-9~gMg>c07q^xw$Fj4XV+o8y9MvPAyfi#u_|Hm}@FFHYWoLfbeq03<`RGr*- zovq=gDEgOS&xqF9-y`gRli90DAw^$J-M$J`(AO5RN%u^aP01OwOj)Zb8o*5LFcAD? z%O~3Z<9U5x4&tJT5HM)PADZknikwHHuo-g&!z@2hZ^w`398b%y^d66Nq+a3887NDe zPp*eW)VVStouM9#x86Z+6x@dIs|AhhMvjU!mDiDy{Y=ZSM%u>$c(r<|qeMhhlw<>x zv7Xv3kr%=K0{}i;F`CY>H3E=$0t54k?~KUn(O|+u0dQnDBN*x|SiY=uI89`rxJO($ zu!sV3tqhE~{&sJ|a9|Cl`uX!=oTLLwTy&m@qd7$lOKq`hzIGPxq_I^@@i|hJ@5k)0 zq46NX#JrmkN$0VSw=oEf21VTAcFGL)vxSng=Z_YnEfzL_!5kKQ_ebmIR;EuY@{G85 zuom|GfyjDpU$0{a)0@Sp2y7@8nlO{K2;2M4@`GYAecjE}T($EmoCZrdib|=5ls0SB zVxoAHuXZlV%!K&i%>i+>&kMO;aICF$&)Rh#5V8jQlLJt2C1F3q+z#06WvW!&tFaS+ z#e542p|lejX6ip4>a8s8KEau9cqmbjwmcbhYlG*n+=myHHw+t57iy<&Hx{YlgefML2E>P7xy+KQl$bOpT?S^4eSR=8hJa4-?9#EjRFk$}ifuct#fX`(3 z$u)0u!}Bd7Nh@{*H*(O>Hw;qs^UJ{Lx{r~LdTC6q9eGg5Qn}y1X}vjIIEOJe4{LAT z<}n|3`CMM76jI}56=|(I=MreINAPs})%oND&)Xo+hEd7I@L465+VH7~HZ=c5RSJZ6 z`pb*52}cg*jv}FC+&812@3yU^MVfRZMp{+t zm?zku8TOp9Jy5{et9iLEg&4Eycq{I+d}F0?H@jQUhS6Q)jF$k`XY#l=jW6T}92xqR)@hHb6Pzj)nC0zqGZ%_mR9-){(g z#+Gk|@uojA{FGZ7xlbK~6XEl5)Q_I5MCH8pt}i95Y;_OQSo^bXo%=Vp7bNF$L!SBH zvNdad>+ipG&F9~5$J*y=3Wsdte+(#mw2wmRiMzZJf*_rlPpoo-!x@#hw-0kmfCc7{ z5d~LKnjiI+HO;GtU9_2E3}k$2M?#-7{`w3J6Bj0dw{wU#mKnJsoOS5SWDPu>G_TS| z_OoRSCD(B1V77Xn{bm1AMsg0Xp^x(nHgqWZSX~ZyQZhuJ^4gzs`8(!(8?s)?LNL@< zM`p*9HA1(6MREuo(U2@l{(!zTApGXvxwNUOg%{IyNxIp=v8(oF^`W!zi*vDY>qwXzs+etTiuQ+ zFy7n$7sdJu{=3`{+{-<&2ePUQFPqzSs84i+Wyww}}I1C7%%6qZ}B|F{YhU|PjG2aX#ksiP)-}8m{X)RwPjYyAMCVrmGdC^M}!QMXVm?><7^=ZkznxR|71~ z4+3al+ACBN3$bP*C)+c+Jw16Em1aZo>wz3+)ZrUJ_+5b{#*00KZ#R^+dtp%g=`0YGKfwQix_2RLX{)w3#0;VzM_pT*tXBVP`7jE`Zmx-e>;g7W>5p6Bi<|zDc`b zsp1Oe6cgh}^U%Hy^>+N2z5^+Djp5^Bz&(!RX(@H3%k`1T&?qC>@m5Z838SbdDvRUv zkrJP$_e<;kXG~{ydOlWl?Hzcs_Qe{oTD~?8mCBS0#}n1cfC(Kzk)|~8MdsCC!^d4u zwZ{_>EeUi)t2*lO#5*jpgRjX7AZp3{7o~o=aZKV6%Ms9{KXUKu_njXQ8|0S{)BBj2 zJbKD7U~sfeu|;6^wXy|nh(WCUJ2kfVPeQPf%W8=M*@{<#obf~yw91+u00iMjjjhK@ zjf#BsB|eVmtBzHoKDH?g7&Ep9gt>RG86T$CyQCL!Q(Hhd|Mr|5>2{STtKVZ?VTIG6 zq5RqJu&{xYG-2IB7qXpCm*m)i?$PUp;ge$=#)1^}udTAs6g_IS%^ zMl^T`*D>AZd(k$km6b(6c7T(V1=n&-wipz=Mpu2H^>#yrZ)cB3fk^n2kA0w_(l=}4 z`m3+(IlCM>)Ls3qg?%wBu>=X!lzx zAdCc`p5QH_11`|^>%qUA96Z;*WXV`(Dawv_*2Yp1jz;HR0GV*UrSzyfc9=)sQQ(I} z#?1pDl1#0Bhe@g{;ZJ(GRFnZA7>Y7?Td%Tr3qF1 zx2XL=2XQ|IXdX78&LN=Z8X-paYfo9{LQQ^5p}7d(DkoEfbD3gKD{0XR$pgsG9#jZe zH%AVK_J#@+_ly;hpXn}jRnxCpEsmXeeGA#|^kIZ3Ys}0ITwGOF&U-%>#z8S6`X0fk0@ZKYZDFm)&dA3MblNZQnd~k5hjC zhtKb6cS+XF#ZASm?(IGA)NL54B=0LbV+q+Y|8;e!o+V4aQq;b7dZL+M9=o?^(&=N^ zmBE5>f>9f5!XcL;FcdDeetobz44!+}B(26q7>0;-_PBlNlvk*op3d)8%5~D!CB^$| zs-$-`fvPbms%wL7uR3q#s<)tPm!puZN zOUtAYzipn~|NL(-*h>$P(Y@W3jOnfm4l<#AmT3L-fScKj4jEUVOv29$*}h7UE69%G z-sWNXN#P>Ww};nZkO}=^i!fxtC@a$L{OF5|iYw8OM$IkwPekcpY)!_zgd7BC`y&`2 zbt!Q|RBaHK^W-gf#hfIu5Vk+a{*7P}Eb_xrghzrBi{Z?q!pL*6%p_EiOym!&0Gj8@ z>E>3-_O)uVq#GLK@*BS32ADpPkHRO38T%0t<|U@VbYqsG{s!Yi^;?$^M`6{-JJGr8Vqlj4QXWA(Nb}` ze}g453Hn&=upPG{G3B7G9a`?XodK@3vsB4v&zDTa7==y`c=Aqq|0K)Xz7sy4E^GSN zN7MY309}}mz7Lh(5yE`Od6&+D#d>R$n>IBAw_=2Cn07KM&!5!ochU_v4~=EAMK?_! zEvt5`Gx_MIlNN0F=p~)comSVaz_e4mC!-9GT?``mk{`5&2CQ1;&INm8RrQ4^U3D#` z^k1s6d^MdFG7tL;{hrNGoY*Ayby|p!^=mi@^{h2@Mdx%UJJ3Tln1n@|pnDdX8vZf{!O`eI6M24C@lXlXrFoT>f01=xu1A!f6G>q{s5y?8On`SlJ@kQ zZO+sAmx>QhQc$OT%A$oB&*hR>m908un~rDPf0d4$q6j-Sk;;Z}QBBFgg^1JXX$80u zpr%ACm;~G)JpXHrCF*!t4sEz{qiVTTeHgG50|j1Z@#WKZzdRu79ZmT*4bKr3C+)@T zF3y%Gh7#P^o6M(&Dhy`ii7)f@#DybH;bR7S`pz|&ZyHU7bG0c?z}c(TeIeLaWYABT zF+5D)CYgY3uzL25vS+VU?A@rYB5u;MG;sZ z-(_-y9kT`zE@J=P3JTxmC4U8bW7&cu@6T3j>MY?F^!joc>H+-N(JTci7&x!Wuvnri zoa#hM<0?qy)Z_#pK029+5gTquImXhQdI1Vh+9(MoaIaF4 zBJ96@tAQ}n;j+k0;Z>sn7N|G27%Pju^JunB@uHyA({S-AFDxc~;Ih~cHt3;oW<^9e z{Pd6c$cCnIAx;~5qGQYTnF*Da3fi1VrpjpjJ`aZ6n{^EKVhw}AuXF;W@`q5nh`aQB zW)|YUJc~0$vrH0ll3xxLE6I;D1Fux=A19JNZtg+WBn|nDYQyw%JTT0!AUmKp&mMJTh=JzoB^+Sgsc7*$akj* zr~DU?LcP}X$Xn5jQNFf4$wjfCb5~5XeITcoPGA$HMv+ZlIrO@gi<+ITP}QUwtM7<< z&sv_Oz_I;j2WN!zQBtOC7S~@rb?}z%>-EH3KH;t5QO!_$>QT7J)1S_H(Wmk2rj2QC zXa@$lZIkJ2k~1iw34ipB-TY~Mb-OR0GvW5^hx!aTkPko8QVO4FKf3V2(k0T*1)@{? zB(*Ol4-N2+_96OpC6o|#(Lu?D^+(it4lXs6#F-z|0>!AO`|HGaz;on9MR|pHZ~;O= z{?zTo@JQ|yT2x(UHE;7DRL*rR)~+dQv~JPmQ2m@5srERH;V-HvNw=GrjP$tKOO%Pk zP!7P(Smdq6#V2m*+dD`^+|G*>EWRIzuVGyztf0ndm_3f4FeOVCp4YqT`Rz|!)q^z8 z#p6KDmYK+oRTEt%V5fa^E$zU&L}y4p&1Qg#LceFOa$b0|V)5uae@)yaA0N^;pN!Z_ z=vSAG1LnY|@TZi49O)iptcD*g+HRz|TIF#0t$2y%xaWoliVI1aEeDvvOlR)dLQ6qk z@Q%R|Wg3dVHZLG`$T8@6z#^?>4w3{i@>@c7z5I!%I!a_7&^utQqFw<2m6S6Q z@dqHgu`-EdeTToMDUI^JwE;}{Kcxdi|7D}jEMFU!unPUgKY)_&2U~LMZ0qO&Sqi7h<#Bdj0(_dsaK|)^kSMY9TFA8$o9!g(tLb=VQxUhn@ zVnsEl)385xOE~)^wn;Nn>5t-i^AQxaWRsgp9Qoj75Ryr(aD^^~#VTf3BF`#t`BKbL zPthiSGP5>JB`-D;M1Lr@A3f8$B3vf`0s-t#pTz{=aM8vdYgk}AA67JV#TV z(N+=E2!j|0EB2HFfTI83%ogpSNY(z#xRdw6Jw`q<>oV`08*wXy?){{?rL~3NDlLE4 zVnFH5cg)4syv31}ti9a5y(sAVxxw~={0@4#?Remlc9^p?<$xj-@D6&mi1&+Th8U;h zm;H{g@1Oq_*ioSVU}pn~d{4TFbW{im!EV6ANG4K9HlG(r3gim{L4^Qx060c%$A>Sn zrB{;)>qgiI)!d`XAT%XqyG3hwvc8z&F;BwxIiSn#i0kGyc9ixy5FYmYP#dyq-JKIT zWAVyV$o^Iqnc#r}Qe3!QfkEM92pBkk#}Rto&Y-`BR?`sxU!#U1zwH@cdBbRucBk2Y zfNuDgz}w@Q)Iz!Eiu5^@`x}d|F2f#UvEAptGy3m*jzaq~POJb6vgs50c_SvPXj*bct%kw*|A%S3|9= za}=sa8MR0hHr1s``Drvxys7k73dej95pC5BYDGvHsI9_4Lrd-gNu>p$v0Tf4lmU2j zAQ~b@TZOh%x1|3n00@L#YZ%*rs-Q7Cga_$4*G0?s+;3H7oF;1>``@TRCHVyr=Ubd+ zi2>nOD^dMs-$$6N0PM?NNnI(!8x%gn{_e$kSLUSsT}VE!Y>2KZE*faVXmgKjHfTFG zAnD?`^`?E{l9QhR@pKLk6sC_ZvlLL;hiD?8M9z6FAP32vVAZGs%2JWMKL}m6(!NTvyRAnce&~h`1nh|Xaq}Xa;wfy{mjOmd+g{H*cI*oxe2qlO(ugq4)SERfi zfG6!Vx;oN?<`SriTL@&r)B~3=XlM4tOw?@op`SXnN+D(kp>qVQ-0%Q$ff6i_2gb6? zi>fp3hkDY-KPPQKCM>OC!@uxp{K&<_`O@{#9YE6-56_I}Y%~v>$O|8h60m(uc|8(! zh*pc;Vn9{60goLS3k^0XjypLO)iMQiyPQmj$2OTvg)z2cE~H6aUn(p6mk-c1F!zzQ zfP?_7p#6E>&P@%han8rzxZcyU4y!=AGf;aT&FE=DuL73REf&qRh1EkBjc;9-7ly^)xkgb6>^AsrBU3q)2((Fk3VV{Jd z)loo_tKNf5<@|Ob0{l(APR(yJ=OYc2GF1lp2Jzk+&!dR^Gi&;C>0c4>MKZ$`L(>;o zIV7>rJli7*`S=e$17yOxOb4jh3Z`lMOwPI>{z~XltWdkWpp+^U9XV_?cfXctN(TyT(>Oip9*^Ixdjv zYsKW8pVy#ZfhTx7)q~=Si$NJE(O|dll8~KEty{&YM-$kZV<_TgEaq-4ZE1=7dGNj^ zSph1W{Z`MiPPWqXed~^pQnmvqhX-A-EzhJ+^8`LpXMz{<*U;uNz3=Wi58r2qZj-m> zfC8BoBu&}|a=`9*puRgm_xP0Lg!wlO*WAe$R@JTTvs+F#4|o?21{~O`rpi2}DFlhi ziX~_C&&MJOT50vFx5xwh*eJdzRo|6Rr!>MG;kfMo%(>G=7RouVw-CeS88V-1l^<$# zls&}hkpJj|@o@Z2Np*5G8C4CG7pBcqg{+L<&;88quWxE73ec|#C_0i4pK~dD=y^sW z%?03j>Z1wNCE3~IZ(c4x(ai}yYoS{m&+nn=sSC$5G1fyqrOQUVRQsy_pN$i9#gbVF z@cyj#Pn_e=Desl~L|Iik%`1EY7*?uyar?}6_Eqi@{xQ)2tf(n=)IVyL6RyHIzO;LR zKELgZN=;U3+nom^-nHnx+wbDsOhlv2ZO_5ZTzW=2dw--CAxNJJM67`u)~P&Ply61) zv<9I+s1a$sJxK68|zOmRHQFe9|M!4w`0TQP*1R# zWH)+b@KcL9KW0M0#D<)||Ks_^pZ)S)cx6|Wg!K}dPR9w6;<+6IJ#kJ1KUY`qF?qCuo1DBTb3?L1uo zKO7`b?f$`@-9KSmP6l{jBNv|3L0O5lSrb)b5`S0j2}~idFXK8cN4p4t`=dnWX0~B^9o?v%4;A)81>`_2%+X z|6W>u*MT5+>o-v!Z`bd1&5j*5g8Mxly3`qb{-f0dl!2S2=A&**ugJj>kBVRJfD>7Q zfpl8%@`)T34!b`FUR6x=s_n{vH&CxHxpIpV)B*60npK#ee9r?WI-lby*0RZgh)7eB zTldxFn2>YEnoK&t;{-X_TqcrkzjL%1-Bj1Cg>+(25su;@;SpdCkw8TY8*~R(%z}+k zxN+LOJEX^l0O%li5vP=BQ>jCjj$Gpq%)6AO(g6e}!KN^v+=7v-=;lDwm%t>ok8!3h z`E87K))P7ABFdbLTM8l26LgzO1a{0mTSMcnJ6D%~Za0re2$Ra+MW7vm$8?2QkmDlR zY^eOy`~1U?kr?8P3GQun=aU2eBbPkMM9TC7`OE_Z)S;ba#upO++xNgUTO{fM(mKQM){f@^tLZWcdr&f>IK`-L&bapCGZb5 zS??5U1n~~pq8@deWhpP(YKoBFWjlytAcqKW44i_zzmEzzhlPepDPI!P-c<*+{tK>9 zAt3%D7;rdKSnwFwC7v1C3pc!`WEwc|M8Ef=Ueb|056JG5G)4#^csy( zUVO86Ju2=~>0)EQ@6x;19mcI6t&39LWQGyht~WO`{{wB|g&Azk%wC*|vgJm~Lq>WB zNZ(;zr0-#^`xVYq;JzyZ8CnpP2nVRA@V;+F81$W`kpUy{T7dbUHb z%f_*^?cqXwSE;qucH}trv{EU z)dtth&E3w`^BpBMBvuyk1oNV`5g&E1Ah%6E_iI-lriwIE6ctK0h&u7=K1q3Xj}RK? z0+lvT&Suw3=12S4w_I*_;QjsNrJ3S%WvtY(t}SUoW*btUtX56 z`Az>=N>||Cy-cNjn6;E$YZ`r0h~4UAOp#Iz-~4S`kY}1WIx2fLTHvE&O+c<8H1%9k zm(%)%&9na21cl(cGESl!?g(3(gKRuA{15ycS1RgDv5fR{$vCs=JX_fvqrRODfvn9`)b0VRSb)!Hz;FPbh1aP{y6!7^5{$^C{7*w6?#} z>#_m*On!wIgL1nmMU*(_OK&$LtknO~H8p>M7=9GlH6!qL63>k8^ljKbt~3V}z;+Y< zUgx~zbV&W!@qpUy9S^r4=X}{v#?R@~+n&gIBFWhLYLG-gJuWBK+`$K!I zV)T+oJ{L7Np%xRmHn#%VO<%6>Z@Lol$<4`a#`>at;M^Ta2|n>A3BVb&{=lOB;|~OO zjSMY^%+n+Z{_!%#1dHJ;WG>eCf{I^_ztQr=cvHj|hD$b#7UjA&)V9<&U*i4p5Q675 zUYlYVFIb3*kM$t0M4XTkv3G%fXIHmsz&~AtD>3-1?wLdQ z#(TPwS8m_`U{@p+msWJM1jrL!TQcx72-vqYS z)ibo9Rf9Mug_7uGk5rueY(&6cYy)hCWzy1GL;9DWl%<2)u*WZq5I`zKP(uZt*T97H z>$h<>cOnm%KrCi7SvwfnSH7))p$Nc*I$FLSivNLfGJ1aqq_q~|!}k|LP_zC~@|ivW z{OAlq$Mk72&{s3o;Ol1);>H^-q5inhSvqT*;fqgpA*!G4rI@?lT|h@4JmRdC6yXWX zu&B*`dld>y84%aG(uaM3FM>{lb5V7hCu#v2UsL!Wa<>L)cLGCALl&vmL<~r~olz`L zX+r_}EEo@x9z##Ho1tG|-#9FY@7p;ywZnWQU82vA=6n2%n%d7w{+HVZo(6C!w9N!! z2x4DOzg%v%0iW{th0{{^J?mf83=NRD#YLLn=~Ui9Ig$Vv*sT&;5&HFTp>YBlV0sPa zpTl_6HR^|@-P`mKudLCaD+l!VZRC;um7K1Gfx~+G#G+37AH-%5ups*T`G7zW4;I=< z-%|Aggsvr)#IoE7ioXv$wN;_?go5BBrW*4B6KM zl42$bUA|8ytkM4?>b3*l(RIJgRmdIgVMcb1D+Oqt(R)2F zcnXL|1b{t@u=_k)wk-^bR}&cG&$M#mVZnXSU^{Oltd^@&x;k}Bvf^PM8}E>hxiJj4 zslWyzJN!w@f02HM;5&L!1lO!c|B#ilF(W7HCTESS5#3J?g<#3G zU{XPVqZY^mZvQl}YX@MxK@(GGk^I{wH`<0s6Zc+W3oN*{ShpHE>~fQH-d>+-I)em*&km?^R+psEZ_Z;{T7hSFpybh z_6CCZV`P5n8kGuK#q1;ic(A>8>PylXe5Xi{w&-pm(kP( zmS&%~bO&zOQf-Mg5!6-Sco~4i!E*qYuf6!3zLhNkoTYD}#$t%j!v7EpAgl%mureT; zcOtQEk6CRzYPAd0;M9kA^oFC=$c>$t9mn#9dh<02dkqONjpzn(!Nzx6jxpw8!TDN+xp;|e0;sEw;&yevJV(R z`W&*q+Zw53KC`Vh2lY?y{{3*ob&n>~7O`I)El%w&3LyaXHt2w%_$hMbvHModtPz}c z<`fTYQU}6}0+*Pzr7{s$jyzk*Ur|`}5Xd*8B=o$e>NA~|T) z@QA>9Vy9MoZ$$+%7Zn9_aR2V^zaIev2r|E7Xq++%D4B47>MN#87VL-(k*oF;SZgt( zJ=8_uQ*T6A&W^5R5P)~!aHg8AKe;fxStBRto|_P(}P zeAaMvuj$%W?&RO)I=>STX+riN_tvWPLN~25C274w>XDXS>!GRwNP>TfP4T*o( z9=fsuKU9%$Ex9me_M(mwneIiWoT=Vqij?T|L#sRU$mO#3`%2vSiS}x~G;CK_?u_A^ z>rYUW;vcfi@=ZpsVc?>F#)c)T8*idruBDJdC%J}ZpFHOJJS7+m!Ma^(y*%Vlo-alW z`Sbj0olTvL+qh1ja%L~M{I?R%_rRjF1=312&l|*NWq{237)Jrf4LOfB60@QHH5mVA z?X~Z_gE$W_x?^MIAu*)o_F5|QMM=U+)KC{Po7GU4k^R>eMHQ|4!>_n_L@$=arcRv3 zojwSoY^BMY5A9A$XSBH*!0pdZ5~qK^!qnSpXC#W(cyV=*$R=7FIMMH3@2dFe%s>Kij;vr~FT&s^y^eD+G>yV%LtkqDn~3RQM1M3?CJ${3_&( z7VR%;&LYDKOdx^p)tZOI-{I3q{nA*9ZsZao83wf;9hA6eL_))_dsg~WH!`5DoKK|x zt0Xv8gNw~*_zBALgK&kw6NFDCAL^U(n~&eQbQV3CnU1fE@un2X|1M788L(g<{F>9s z7JFrji}GM@t!P#-0aFVA{RBY(=qFDw{nuaiZ^gL=qyi#tJ!|?}y3eQrCr9RzxTs&c zi-i6ts!BmcEVs8uUUIfQcPKn8Pe79k)v{MAUTR^)1IB@B#qczkg)WcIoosQr(|Ip# zZS8QsMt6Q4x-6Lyd`4z)M@E9q#KbBEucz_k@IeB~4VpsL$b!d#{0#+t*BjBu<$y$= zw}mE4g4|UqI4j%)Whr0ZC53KDo*=+LC^EyHKaHQDV&@>r4V-}D*IYTIkI4f^b7Do1 zSn$xVYR8c%*5q;m^NN6=5y78Hw7XM8#{k_65c2OH_}EoDqMA?_ENh34nJtmAIo_tnfA#*GUuuG3Oc#?lyGf+L5~nI6m8dE$}%us#kMt2MRd*-wQFF?SH}S$Johu zUI&S89P7P7_QeLLJZlzgJDf`0j$kHL(pP@>IXl~jkDDv?bOKU&Nf&j9*Z2M{Fj*G6 zrXIx7ix1MnHXYypKbwrpaT8#%0GvTBE+|a!_%-}b3p7vxGfxl8FDnZmKrs@7a*-y* zsIQa3{#ft)mlvlJS#cb)7(5KhiJW+=aZ7<43$+j!>tMU$aW%fc{}J5K3#pwv+!&S+ zz0tsE_91^d{AEHs0(IQE@%Q?5ScIqWo`pW9)te;$(0SfmQ9}FkONRv5ix_btNt2ew z0MsEjt)u|Eic$ZJx{gM(H}jWX(@~d5x3HWR@2zZ5A&RF~gSu{X{GS9DH)ayK!cEuu zQrmemNvhjX>g^Q?*N$|E(>t|have%*e#7ny8y(FJx=UL?X@jt#_6l>~Npi?OhquYIvnxyWsyWFpzaonjw)X(VbjEJW#nrc^&@ zbMI?$9SHk)!+tsPR?{09OcqKkAU^)@u_Ox}gS5~{&VmLLR zq&0gaN(#5rG@Q6K0BBz!@fe(aYXyr}cm@A!sc_})SXL(eg*F}5zfc_WJ7pTSG4!?H z%Q%iSNBT|j^*m!^2>$}cOa+S6_fU{yfrfY#e*>iNjM^;Yg9QTqW#X#^bV51mV87SN zNlcE%BP(8XoAp~F&h?3H;lUkSeD%pn`Q2-DWHh;`(3|F=FAc>(T9eFH4eg-Y3ohl! z<6qFR8BE)?UXu)C0<<-vqNjHcpSX)j3<K4Dr$cX|B56RR_$hEQqA)2Ch6aBOQTPet+$mQpkNJ5xA6StGwK8=|Z# zGyx#X71lumw>i-)(V&h9Sn@^9dWNNcO<_RH;5UpuQ$eivJrXz`x;RjL11d-hfC|z( zJ!A+rZv&jgG-#}KoqBoX-1W?*qxxCUGX^N@HEJ2v$i#U>en4u+3{R3YM7>|J&HrwB z?r6CUl)^GB-uwzfij#{EKiSA|_>}$su=SQvS$192C?F|FD&38MbhjdnbSomDbVzrn zba$s9Eg)Ue-QC^Yb@q+V`+et(aenYi2FQI~d#}0XnrluY^IiH|ui6O-8H%#`a7XjW zqAk=Nb?Urttp}qRN1J7xk!!)6CMF26;V?3s#mn7i<+9Zz+(JzVRAJ_3bzf3%{@aIm z$LstjGns!bIsN;+u;C0T`o~X%%jSkJlbcS^2eh5i=TIgd1)&68s>`HODsgiArzzlU z*X&Z~`B3p2F`I)_oyVSDmGL*>C~SD(wo5{pae2Ye`1mViYvc1B?sVe6a#ZyL>M@)u zb5_+pe2*ITISB-h<1`Xwz1j_edMK9AX(7?*8CQeeY_KX`y=EZ*xMFO`taaL+J9gkPw*teKp zyz%8%wbOkxM4nP;DI%Nde0%nGRG;;6Wy~`O# zfQ7~Ngs}y)g^>hG2^U??FGYL4MaklCSrfYhm>0Trk-WK_*ba^5s4+4#J&Q8^_n{UJ zP(94(@cf_zyZ&5KYCIn@ViyOm4E!A|0mp48<-2&DWCGi&Lu}VkX0Wp~{C4oFjPA$6_(bxa;0*Fhi z!m^!VHF@NJAw8MmK~-@h9P=aRH%CQ}(+S8hHzUiE2>>?(HSDC6Uo0RlA}ho3o-RCG zU#Q0jAih;#Ry2V8%@mMF4c5HB)vL?!zj9hDaL{JU4ht&|mZLD%vzFtoWm*GcEUtRgCK{PUR!=GA7(xp0`&orDgOwtqKaiCo&R_o@ z%n7RP1BG{hIkGv-Q^AEN11MF*QbF$-MzfCVU}X3&Rq9{X&U&59ihOL+6?wlrl{N|; zS?b7_4s_FGb=Xd3k{rJ{|Hx{knDux3jH47qqF%0#go4j5(Z}a}VT#M5>!aLgy@?8o zfbdR7hm;*SQ~WMFM`>DQ;TTRyIEOL!rFvepPk@GX?l&;pNIQl?OXekUbIrXye~C#k z%0=u*iLo=oTT}DW+nlktnQt#Gsp55DUQrm`ZhI>D+oa+vLj?@Fzg!uweEYu87*90E z!}F@=);W+@k5xh@Ea3)+ke`@*+quwPllN7%KkxXx&V`^BdJbZu=i-`&buZl&#FwiLM( z(~kZu(ERz*<@7zm)tNVTPoDBg$4V9}?kgED$ocT(SoHpJC^WJ)z~wg<@pLN`As(S= z0R7EdQ5r~7+XFi3%-NnL2KEgdX2D|nA_hFKo5`N@!AOQ(*Zn^Bq8KC-i`@3TZhq$q zfpY5rGcjZ5KO1TJ^)}m>V})vRd#;tn<4`#^1E~VYWo6R~DGv`1=-AlQGgD5~SDIDu z-`g}DowYU$Qh;VBo=}oM`Kt)!V;wQV&+VJt!K)aCfi($!s=F+#!cHW=?tix>u={lf15^ai$Ae1IbrRSAL!IZjf8V;kNmia$l{NeG z9qbWE>^k6|C#x9=TsSr%F~m<3d`z}(g3A=lBfBz83IEXb13ZQDR--c=zR+)-+*>on zxx;$L(E7()=Cf5r?Ar43=p=EWPdC>T;Xf?HS#7J&OeSv#+1np7cP;icUb+%--|_L3H_tgqUigbE)C6)a2!(H(Uz#2w?C-?ri@+7hDWxoWV-EM*_qlX3 zTx@t6oR^T2(aFj<8IG!fxiWrc@?u|Vn_Bv89`ckyvGI}89iga3#8KXHcx>ver*2bf zzfSv}TTQMCjY0&jd&}8@V=I^HkFvr3vEOrg2mk3`#%!K+F0IrHjDr*pmB|YN*!YuZ z(KA11Jxsbs$V-J>O}TKn>Z8U6$J7nU%f`*d$KXR|ZI4)O?$_+)Ns)L?nAWKRo1E2b9}3p(zF_BeCuOEw|!&|0^Rbw2664jU#jE z1qjN=_MXwd8Mv(k@sGwGrNDCf6Om{YJLKBFVnAq2K<}(sX#CkgI`A)xfT=X~81IEH zWhG7&O3PA6a_NP>_EZn?)Rt?1<+QAsg|05SsF;{nR1{V;gGMBV@N=|o)gsLnV2@&x z=y5;u+vr&mmj!3iJZ}hVdCQd}LN-P&%5Hc`M7TU^BLR6hLQ_AUr5P&!{`I0}4Qe}htUUd4DbWm#sOy)H;qR!lw2*5Udz@_?0Lxy|*l7f)`vU&ivI6FTUX^nA)9P z-`{n1EAw{!D3D;NT3m@!6)OH2vMgm)ZBgP(x|!{aoa*t9PJ|c8-_HD2WEA~qP`G*Z z`(bBv_H$*_Qbh`BGkU@2KxabfjpXiANmKLMN$#%f zQ#@u5L;590T+$R4s71$>g?s>*Y@^Mu5`Z6{rNsr{#ANwrjmYdu0|1h_(pwo_xnBSobjL6$kaPfh&Ui)c%J5%bs&#WCCy7QM& z^(OAvqhZ%?ll-FvOT!+15lw-EOXtU14mGG=BkPOiOSbADN3a7x6ET|kmNBav{)}?5 zg};N3C5eN|S|=m$uWGf5Qj%|BSW9@>uJ3f(g)wUHbQ_|qQUAnfWIdA5DTVf zdRn6K&A(EguJTcY;i3Q?Q{7F*X$W(CFOEMCzbqE=PlAUG2o50H(ze7K-#Yv$+uSa> ztZ})q<(|-(`|$3=jvA5Xn1X0zlieea3&-P+hiCHAZ__#`OV9}{SiS_Mkr0vR3k*jTmDrzI@;)@D~H7?2f`^nnNG(QZl8TQNVo zLpuZngg@?&f*%{4UQvHYMg-1U@X=HnWxBq&W+!Xi%x-rM3U3VYJ`vAfk!~zRQD#)S zo-bI7#cun`p<8hLU}d+Uog68gpU?usL>Pc%y<*+RlIT_Bb6JP z6!HAVVr7GP@!QR?&A`Ckm~$Wh7B*3yriA~r`opfX^-*J)y~#0W;-qKB+dRRRYRY|bV6&b6yo@3-C%n*)ajAlBkB5qKhH>e zT`-!93DT9}SbVB@5g$&3Yd^hqP@A~pstuGmtvexETs==RQ&S*GfS|@vi?}k;%eZ-% z46VZQ)*<@K)E405@VduJzm}c;#j`qPof1=QU!OG@+=ivs`~gG7k93{M?C@kdv=Eq2 zP^&HdTin9>4rR%wl9QaEp+w=^U&TNkvbRW^y3eoCIaU&Tf25<9VlAF!=;E`JCnr6RN&xlPke0noeCYhO>CUaMzfAot*(WdCHzP$N8pGMw*dr&dkGG!DI*drTY z89E#PQ6EqLXC>HT(U;{N-;dLsgzlyTFR<B$BdP=yqWGuI)i1Q%#3lW&h1aLw9-Z!nY7O8h0gZN=S)=A$bnFS39jXSJU!7wnI0OFTX~1?U8UDLWo`j&7IWw-v_O`?8Rzer@U7 zBV%BN<0N#WglmZ$JrS`$5JtPmO2}ggDsH{j8gz&V_3==F9Ia|9f!g6)Ucm@ye_DRP zeD6IxZ-mHxS`m;^1Ot$z7hq$J2+bev zu9;2aS6;dE@$ora&f9;vI$D;``#=-`Y`MG<&{|j8gO9>A-$wW~{=Fgu$2mJUE zS->2INejmT_t}~9)9664xgvTu@F-YTRnJ`LeXm=C9R({Aw!gs;psztf({Q^pd$f|` z06Mtj>AWFa)x+HmuS7c&4fusGk8{bdG;4SEO*8tQ8uv%@l;@4e{dEtNAX9T0_L$2c z$jXhiCGKs8LLSNc$@(>BQHof+K}ykFRyvH-iGf|ThDD3kpqc=4+Z9#zzV3W!zh8PS zSVFoYFJq$0M62HrFa-MYZvQf;@2OKZ;Sgz7C{m=u{r^bsoq_cJT?GE#GNN4V#@hat zArGYUC%o85)Bwv9A3H|)pHO5xFiwJ;B&Ez`fhzEmw;5q`p+A6`p=B;l@DpHBs(%%b znqQ`P)M46<4(4Pss+6AFs9LNwywmH3+5o{6V$PsO##K@6|6ZG8)coxcMI$Fg{gP4h zWvYNPd~tDcjZA??1@*@!w@+hPVwZVoZm)ZK5)jacJ<`(Bq;#bC!)ifAJH(b%SjbN2 zIR?H7lEkxYs;O`YH1@QL%I<@1kC7i*_3GSS*_Rrea9Pnr%Us79d06nD(8{eeMCVc1 zSSVrhvN9d4px%^-m^-f%hCxs!BTd0g$Sb^iLaA}0q7m+g4pU3}-p6OjA?|5kTS()6 zu+Wr}h6n{8yawW6_g^SpOilBoALPEdGB;Dm`9)T&qiGmFkFLAI4|zFd0I{Ql!iyfy0&E*|!!6*%(&V&&|NjOeS*;!$;hx zn&tn(dj?AjrlY5;%Qj|RpjazrIXpa?8vhe70DTi@IA7nf3Eel6bjaLF+a&Sj;Ghr; zX-8Ln#eVWXpoLNYfIkjL4Lmm3C*RNg@Z-U=)xefUpO5|f7Ds!>p>Q>?(DZX3YU@D1 zha%OysM06vAAZqgknz73ic<(y(33}<>~csJ26Vxb>b}|MU(YIwXf-g@fjR#^o>p7M zT@8C^1a*W>yS2X*wy5Q&rPSHObJ|su^?30_8j7??#fof_ySPKas4lifT^FLd-)i4~ z29#3~;a{I99nHq_0bZB1Cx7-fygRqlyTeDbCg%R*l#p6C#pxGO*0~pQkvIC=0Xyw0 zMk2tgEXMwrR^u+s3oN|7WG-YrTo;gW;mr=GQh@%QMRcyZ3t`p_@g7pIiHPM_;uR`V9gF>>`%DsZ;t|4Nw-2m zjP_?Lhw|h|SS}VCoHO*q_ixH+wOBz++wcQ8m|nwKDgsOjaRlczjvxmhMl}7jys^{u z_Ch4@LyG7rFuZN~rBNX|t;+f(qC0X9!PxBcpL>)u*CX%6LdaSv{%n3_$RgYO^9os3L$PtTu7yIyyX7 zyoWgi(`)#vu>cdAXwT+dkK9IaA7^DfZ z=>{W??C;kKu9&Z%l)gYR@L$=g24yR0?8xV58lBhnuenR82_oe?;bnT-?PaL6hF4Jg z1kr0Muf-{ofw|qY3cSFOwaajOnB|6v0CfPR#kF2MxcjRJr@4bB3ToS{fWA zCBT%;Hdy(ICao2?O==0`=HXTE^pR zZ>)%nOfb7BFyi#7y0|&t&9FaQ(A^?&yAm;GdOgMptiC;KZFhgn9L(3X#WHG%;<0^p zyQYG;UT31-jun5>iazg8Zx9p|%ycYNEm{Kc4wX{7v9Cx2SMKxr+jCQR`frz5>v#G#{RwF-Kf@rRB1Wdv3GPJ5@cB)! z>62$vvpnoo7z%mqi}wRZ7vLJXTD7-&#MfP^3>N*=-le?mBeaC${t0dFqm8rrz>EXI zMOsL-gr-^cpOYzmp~sTC()-1{dRimDi^Gp1O#6ywZ_{dTsQE)w>RH zWGodWL`Co%591)=J~(1-X2FKpt-V&fnTxDE&;-HmcN~9NMK6yi=dGzQk!dvUvIW%+ zaivbR;bNlzp@5Sz1LiZ9Od31w?c>$XQtQnR!gQD@cT?GtSPr{I)ldRiF;PK5$o%dP zAIXD<^av$wQ%eQllgDDq%gdYR=ZPXCBeSVN>VdaEnu^eF)9nFYyr63>F3kQ<^|DM_ zg2B zAG80e}=?DUWpC{qO!5?Gv#X#8pPtF4`c&_SVh?3!={=EvWljxgYu5f_1jb1`g3GI>RwgfY1w!}&KV zVn+S5yw|9a_`3%-z0OeI1U7>oo)OI*OTqk9G&Epwzu_!w611qOR~8Xx4m6*6WA0ZMMOlrHXBFI?=ITYxL@nWqWx6++tBZX zyvK@q3cI1~G)nMhi(;x&1OxE^fbpXq`jRyRT8-QExQiUVK}y|Q8Hr>OMU}?A{#-CD z&-h|1M;A}|;CghM62!XmWutP5Pe#`S>z0_?EwFpqP@$|9K{-Xkvim@W6QwB&Sqsyd zwdpAQcH(y@ZH4mT`A^Grzm*J^b&p6(!&8a;rNg38Wfa32UErlXQAP}GBJj)AKO*Hd zXY6@?h~09I4;gRFAy0)g!U{AJpzS4FIbp!&Ry!`0Z3rnA_P;@&-@%`$Q$_Qw)-K61 zPo*U=_68WSQ+07Bi}bZB8OGIO>i401Z4dR53_RBjb{iRECP;7F8xCzL}QA(L}_-gw5bC0+z$){6C~Hf~@W7sJo-<9}1Z6 zYOg~@)w9Itb`EvlqV2rtf2rRiM_}Fp`Y2KNXn{bvzVM!68G4uV>K7{7w-1|E?05CY zsOdNiau!@nj1kK{tca^|zRgBrA8Bd8R;002$uvnveODS3aGugDNejpJUnvCTn>}=Ck(4^>{^+l=P#;=dFIbzC6MYpGCKwJ8*~(rD={X_ei6p~x zOo{3=Q71U2%u3Mox6)yvR=ko>s8_110ywzMBqo@`bp_tis>{CwJ<0;Lgysa_-JeHJE`l!V^ z22a?jsJ^AQ`$%o>w-`%^-D|d(iNE)e<7IM6g*#dRD2^z0a*(Ad#1^?-HW~|Q@m`3E z?W^S^XW_V$4bVuK_2#F7iH|ALf85Gp;?KYX-dFQWlT5D`Xx+<&)sU+fxeUK}FQ7u9 zNOX_JzgJTUFxL+29MsS{d%L>*pK+7m_HXzDU-)(ctWj_ux@nHQD7>DqyLWF~1{Acnuxw)=QZ06B#N8~QG(!Fn_FWdLSF z?WxpOU%pnQ&1gDr>;J6 zr0fSU_jTg^{pDh$&GVAxrC8iGR-x^=8tb9bFYkscKcw(lF1NyweU3~>K%$*iY^;B< zcnD~*(I;OWu?pDdmb91+=c4Vo<`tp1fX9lQJumzdR2^d@V+1JQ*sdluy@ZeB6n}DF zN@%#UqF{zBCZ!}^d1b+uOEkEOFo7u*kR8>H?k_yTd3~5yWPw??sjXK~J2^3v&*OKf ztzV|v`b$Be|`OcpS2clRo zsRaZXK-YO6w&1Kzv_Z@`KEMev{c+S~<>oCAykmKKn*?tTWepcs)mZE$zfGpvwxuuA zGibN98BUSdyjXBAgpNLYLsrQ$2EV6I$8c8m>M|W-dBZ8Fp(F3@xXyH+!^B=plD?uq z0ye+U2$4O> z{=IEj9)+CQ;C-9%q*?+FuI;~CxK?%MR!q@26@F6aAr3dBIEL|UZW&~WpL(PXymPQA z=)l_xdgW=m$Q50$RtD|#%^uHL>iwvC%9dEk5yT31yzmhGAWAerL9(ibzg|&vG)l7p z)zYE_;mClu&JcF-<8<8kgfFDOn45|NylG1jC?;-L%SW4dPKW#g2b?j(lB!^GV4Tj z{*cV9Z&o!E3n5C(riolIkAoe#nEcxq;`QAkYxg>rSHxnBaaO(i1lsy8q9dc-eZCH21pENmA3!Q zOX!!+E4XFOH{ebPV zA2F8uh0#65?A#1oR*e!0d_bf@d-Ok?RR}62XokJblwOTc{mGoqOKp9NJ*M!PiN`h2 z{7iM8|7RJLY?OZ$cS2NxU@7&e)cMQt|JEEbe|@mYGMFo$f4=e_Fl;D}H1d&Omd}NX z>)^x(45SftQg}@3``Oj~2WnttHXh^J1N1s$o#h6so zpo`C!)J~$d4a( zOP(K!ty}YlO_6i@<@#fE15$H|;Jamnk-0%RLe>rCSboXcCb_ExyMF3yCCprK_ z8k%l?jb}Qwdoa4YJp$`~ulp^3P0L_ElUx}4z32b^^^39RxWBEQA$$FlrI?Y&Jb(Nb z;Bo1md-(xT(nENw!Dk_eG+lxTTeMWCWkHzEE1&kk?C6>DOOYJJd=KAH<%l6?v~VB! zx4cM_0gsLZ-z+RDoU7yZsMHo*1WVZ}lonhr&C4(6s~7Wpx5Ti%4Ll$(=$_CUOQL1g zk(Unrz?tE6Kjw7MyOHYZp~Iupei4_p5$qfB>_roFY03o8ct^I=E`%yLXQ|SMKR!$= zGP1G$)ZpU-D?Rbf>}gt5N(XyI4W>osOhJ`_<{w-7@(A7r@pcfqCR9Jy=^uD`r8lV3 zJo#6asz{XU!9hICI90yxR*tjr=NSDP!ff98k^vsw>@SQowf&A#S@v^Smz@DhCrgR- zt=Oh(RYMA&VZ%Xkjye1r^Ntd(x-#LMD-Z8pe;-`OF9Z^1rmF`VnI#I?!D7Vo*d94$ zbW#y0xXe%>GbDFL?|7x%tAo?&wL9p@J@9868ymf}IS+kqW^t2;mER_yMc*!MLkOM- z3h|T79fci^eGs+*5;!vX0~Be_pv2`YQ{~y}L4m7B{F4fJp1`kT&&18XM-xZTpaf3? zW|7<~Xv~L@?pSGT)VhesI%yeG2=a32&q z3-E&-7eV(UNHcOGc1RQ9F}v3WteZ)Fh&e>62@H&kfS&5aN{ zKu45xvhEEe1MA)u6B>V;+^fVO_8=3|5|CYj=2(oSBnDvq+$6OwV&jkC*qj`fga>E5 zM*r@`@TWbMW2&Sv4pHFL(V*quX3}PInjvkQe09z;)e94PtWP&QUv2i)!O@U$foM&% znsJI2UmWifhH&QWDA&tx^;5F}W2i?Q)Qz?&(eM=-u;Dghhu?@_D)!4${sGa2-3!gM znEW}zZBDBlA!3mf`As1$c(OSFC1ZnREqc!3o$cVn+5Cq7(H3un3?rpg^=Eg4#0sMX zl?{$7q5@158lNhSRmhI0N(vRS;9YLE^NyCh(VnYpd4@VIVbOeeX;bA`x3_2NxwiS0 zpB(97&Uz3@bG4q>{ZPl_!x(FvRLRk)!`~)GgD5K?^GPhtBa!Z6kIadzirJi>Zu{vJ zj3O3h=CYb+_dBgVP&PWsVy$&hE9%SqLSf&m$}|NLM~L(9U$AXc@1}NQTuocewYa>V zs+qIe&Oi!zZntZSq?$fUD<1;PT?1JpTy$_TCdz`$Nb5+n72~t;z4qgsi2{_69kJM< z6;6(C-&Eh|>u-3Kgwgnv>LhF^@*+nj#H7%mZ;8l!o>Ojx3d$Q~GeFPf3*8lSjG=y! z8B7eX>n?33pH#tLN?TOKHT^6Q%b-}ebzNDc7Pd^dyvfNXf5z(X&By>9sxV$5gg;PO zt_*Ckjexjc%+YsJtBQ&JBMr#@$#}3~)P8J$w;)SntNrFRMTXWSSC@}O|9eH<>j}#D z8tA|cP-5dJXRd|qb}9DyaL~6igxioa4MytPS>{aVc;LQ@%&7_coCC-dfM@nuIO!1o z&(IeUxa~fg!_mPQe_U^?Na-UJ6Q6r}dV2N2OZmo2fs|LwY$*o+5S6 z&pME%wl!Xeb9T6x#)TCMl5V^X*bgM*!^h?;P2$4UZqeMI@q9vNpMQY;OUwnyj(*+^+J*4cUHeX3}o->;b4+$ zra>}*#&blMr2Nys|M8kGi7)l*iL!JxWy{4ouK2jTaz}0AH$&BCuqfM@NHJdgF$4-l zi`LAJ^izO&(kCK3u_rM++&@sE1*J)s6pJ(5-(RRSjs|ZZ z>Juvaw&k5j?(%LWQfczNM;tYH6s~>1aKR>()%v;4fd!7k@ZRy;9!Bm?eyAKti_BSU z)9B)`lN&OfLs71VSL!Df;Ymrzr<;TRVS+ajV-p>!5>{CU?3k@mKGpo(*)^nLR0i<* zY9+*^H9<)0Lh_2R-h2f)tDRx*+WcO$kAh4j-}T2N_OnJ`??}q6 zmLd)^j9^8@t+J3?ml%25K$s%E*j%Ef#o-f=z2*cP^(r2uixkd!Tgo)Hp~)BUHo-m! ze5%7Ly6*+UDB{{pK;aK{NiZ@4_+9521gbs55z&2{_I>erj?iXE#8@n2A@Z<*?T&KG zb2o-0$uY>j9-`+D5s$|%;3s}_6~{H)ujYfF=gs@RRcFI&W8df~x!2%tyGP)ouqP#R zylQ5hq$!lk$uAKEyTQPuqX90OtLPlw9a)=MuaF!VFWv;m=(z%&jE5OC@V`!`Zcv!;KCPCC^$ zG~G}uy5xF0TiaLc?ZYOTsg|;TIE`9`6D3-m9ipRO2-Cef!xeIWsQ(=lU!qcoEtAA4 z8x_laXmkFJIEsRfx+>ym9DfY=R;_Tae@(&*uE=a`PE26o$A>#N@sO>K>J&R-S>K$b z$R+mEHC5@D1o4~jVuhhRS#F0~f`{CK$~-4q*uN%kMXPxwZ2rl%i6HMY0=g~X+q+vJ zZQ;$7diOMix5R;N><0M$K1}pI#=OhdGKEIw-2}0vO*7KpsrP53$&&028{L5i_KiHK z&Qm7aCq9}>LLZE&R4K?#wr+3PcgueeQQXWB%Tst!5%C$S%FHcXgY-%;8*C))Bk_sr&igx5xV4g5N&@j|;Dz%%bPFAm*?$aQyPv+7y+j#`tR197el=Sfp%v{ z4*+4phFG}~OIn2DOc;?ZJAP*D3{tZY;g2F0k&Jw|$(k;I;urSwf#HCB?8k}sAE$O8 zhA;Jqe4}n8PDfLM?zWf$L;v`}FG&NgAeO5b52~$BTqNm+s1F)%a_`G%7`5;DytB~s56GUhB{3p{x3b*0?YL;1tbjt!vX$Cm=>ri z7=C#$&hP_Q!@%&6Ll>C`6E}G*|t>WKiWw|5~Grp}$@*lk?2@)f-hR?Lpt_ z4HEA{qw03v92w<>meDin+V2NHsuYawmDTKE_fob(0|POHhsf;}G=Hyo zqOGr{qrk(vMdyN1Y*2Q^Z|zhj1_mG5Bu?naItliy%Th345q z6%b6~l94DL33hlyfbV=Yn9+xXIpmK@gt;s4rUxt)bn)2oZ9}yCPL%8H%nV1ek=RWp zP{2+%GUx+gK34ND^W!>TgvE!u2mzj=K0(0|%=V4Fgwc+e!U(VSlwUVFSVV8g9RL471_GKyS^8N|Tef~I}vr8$ecr+#A> zUSGr*OXFIj&Ab~k{OQYh6@BTq$yeh|F;nP|)XUzVDUazi5TL=q5UsX7%29ZFAWNV` z^hcD2tk!>RXHn~TVNsYQQj0!+*NOC4mYHPx-{$Fhz`w_KE)s_|FJxBVr>(>#aOhdF zZF%+acz0qWV9B1O1Yw`R_pO*6^j$dx9_L;I{NzYbU=kEI`)-7DVQce;h!vmec&=Fw z`wQIe5F1lM7$vbuoLL>H@K zuv_mqkSxP7=;&ky)|wtYj4BqMRc76%b5Mvob*Oj+pfg=Plt>@7`Sq^w$Fo!mW_A1; zs+I-lTb;4Y>7u~;X!e6%$RcHtDELE<%^U2Tkh9?15tP%rR*nbq?zBn*Qbrc(#6Wg~*rsw0+ z8X~S%mL{^z8>IY-{MYX8Cp&j+_}AZ?^!$(2njJ;>$3wF41lX zuCG*3)B|DDUY(UQE4?jj$dHkddEgq$=C_9|%z!a`26{YJ!&*duIMV^wqRVK2=p-+-g+0Y8 zCn2}D_N>tn(`{Tz;hi6v1(Sf7kHZfUO06*@R;O?}GXuG6HiptQ)(b9!*$jdL%BDDf z7|Q;;tYrEi+O#7RHn#MWHuX=^wZk@^`e1!K3z@xOzBOg=fzk{9`4_44_DKcA zjp~k}4V>nCu4d-0CoR7*=U*9R&3${l>kR=RH|gp8QlMw~vN@2l(hbxK$f-U2QyC7e zUNRygp6NmjZmwl#&ki+#;18EoKR|e>qq7tFW<-(6YAjjI5vwMT6Z3GZrGFF%)PmW| z9R-9kKXAY&tQno}j2D~`IXXIeR4oaOoi0?G;3RW@_p*N#c9I@Si{$0QC#TmD42`m6 z^!f!MH#!JzS1aq@9?gSZS7eZta9S0TZm7KGzuM^kj%@uA zUW`F%Xa;!O*BRR1Zl|QZpY6$Je@%+gS=_c!iF!8OHV;iiu`EJ8>kG|67sK>)WDZW+ zQ@%lP!zN^bx3g&jT%44jR<1~10*8+!l>a)GM`NLZuBGMqOpRt1y+LCowk*Fb9Qr|I z*~AX`)?Wq$f&H5$jZpOJ=!~gTvlmCgb%xqa)gZu8m=nqQTcfGf>d>Z)4b8rh>)V#*R5h4TKSEph*Nw|Z2>ft8v_Bp z-vXEU92APF!{&!F1SWWU(bj5hfws%PLz>R0>mN4y5-9BQH7g6yUzS-cHi}u8kbVi# z-l3&xRRY#EOXtB>g!~z?=h1XZ4jA&rU#CjH=xU^1gWeN%-a`9vfbX#RY@9+Q$SFFstMoNH?F)6kgM2%bP9i||^^ z7{8b@4lRe;uXnB!Tb35hJfCoHQ&K66&n0xt8e6AUm!Nrz`| z0Pl?5o6}8tOn{9I5BPw$_LRTu_oko$eV|B)+K{hRWl9Hc_g8G|{0=ZcKlT-RHFwq_ zc>lT6nC>$Tv10#_5e5)fA63cvNz@4ItV%4*LPpAp?sCDoMA-Z^;)pjRmB-2WR5%74 zXYWJ~ljpL`q%_9fr#>Sz66snL8L;CKrwK4MAtIEOdmu43I=dAiFu!uXN~DzZYx^Ki z4@;V3rA2TPJZ(^nP1Y4YeNhqfBeslFJ)Vsbw(8pf>7N4Q8aM!z7&D1pjtG2dO|qnz z#qO=vz#+nixGyEcd7eyZLD0Kg)YawS1bgjp+q2P$A}wEv`+p(40_4qHU_jZu}07fd9>E9Mfm)f}vA^{lz8{W>V_hxw(&5Yf*B|y}i<;4}A6qrfbW^oPHBGKG9lU1Drh(guF>e_G8*@ z5ibJJxLBYpKQ@pWs&J_z(r$ajpvE(!wjb6h>8vkyTaNzqp6lRvrqg-g&^6fa;m!My zZzC+xYb$w2JVp#W3Nx`ynL=MM=dP-dme+k0dd-eUwp5B3J-GmyPBT{@Kw|PPL~Vh1 zT#MoyO`j?_qJLgl9*+OGamQcz5ZkILct|PLLViyfmIIBElWl6W>2iNQ8B$*)yRCQ1 z6D|`AUnxp{1+t*g(b1cegu&Yc)sV%K@%On?aMs5F&DVv*7ji=P`jqr1plNJ-ykC5b ziAR;Zt6p#_gq_|$I6wve%I*I4Dq(Lw&f9t7gA*!S4H-4I3MY+jJ_!U#G5aCA6x*G7_=UsaG!wZuwXV?dmwe8v?ZF(E%$u zSkwIx=@j6vh{pCjnFH^}n|+n?4^3+(39Zc$%YM$Q7S;d!Gow>Q%GJXVwppK6r}S3v$ZIu;g1>^Li} znb*w{fA_Nwf@eeTAc^;G_^3p@u(FBl7`-RKJOX<_bMst#6+~$xoW%n~QY);w`UkXR zM0bbok67I%ltqK70w$sz(wlV-$K-(XL6m2uVrG^PXR0}Dyd~x5|2Xrj&+%+Xu-7L0 za^VHJqZeGX@^kcG>=;tg;|44k;bR@{Wf6^1{e;DDw#DAu^{q)VlUlV9tqWrn_c=Eh z^hz=R(uyX{TDK(S9`d>p$Y*5g23|UMUWKm{<5OZ0Yw*-w{?95U7d=0}!FR!!)mCNi zHu;Tcwd*_Ki6?QT{J-@nE?060@vV*i-#t@XQxoV(d#p*GKtMpCmD_vM$2Qnp?|Ax` zMc$jhwy-}3pdBoTOsEWR#|m&bS`1kR>`p4DX8^^vVaf5g1W|=r37AIfix^>p9LDUi zYgkG5vGEO09!Ea@MsUR(UCdfY7xpl^1FVEhoY3MWk&Bc%J6*H0&}Egy>_Hwm^WD}v zo$7XTyZ8W_>CohGoo&yvxx7EHbls04A*ste6c&<_Eldyds-_x!xaj<~M)iC)(G+xb=6*%<93{*l^~`cdBe`me*-Xd@yvFIGQ8E@PP%E93riX?drxG( zeWQkjgJX%TmDOigz%-taFl0n&_?xCWmNbY)*J{g?2+SV$T$KZ)F5 ze?r_Uv^BSoQ!{M+odZ1Tz`aZHw*I%BZM+@AKz5s=nB{64bfr&=FM{0kEXC% zedMOa43cYO3B`t&o;gXFUs@ojyx^L}wXjWsI^ta*gad@OMjTquMJ3zhwg_>?1mvrU z<0^OO*Blkl6nGSoKHafq>pz}WDs@nyooQ;ZFfo0oj3b~}{C&^r*{8@S9>M>2sL9>k z2rK9mNQGd=wl|QdMCIEqGrvpy&kJDY<6B*VbxDV}+vsPgn@G=iGQZh>`H~?&{@X~2 z+u?{*sK~)|C>OGP#!>fMP<7UVIzs)k3C?RsnLV!dqDWn{|A*Ds}x)}qt7-O(6 zp5+-pF|@JLQ5wL;Lm2(E5$pkYxch`2P7YT`eXS;Lx*iju3)2P{g5! zhhI_PST0M2qKjfyR-vW!!lE$zq#|R|$}33Aul&?h+cX~Nz-XtUpOjqxR=tiMPSs5M ziNMND4@SnEE82~F(_Fw&pQjv>gJl;etPw!ls6$@IgJ}asC7-HsDN@Frj8rs7kRqU+j5;kpZ$5xjIBa5D*p?_nUSgQ~P47Ot1Y$ zPVgF5+j0F>8N;BCPB-9T5&t?nN`y;n4))P`JTpj`yy#}Xx)jCFP9W9Kxo7@N*YzxM z64gtU!GjV$>g-%~G9vcUcI~9U&*kc?GwZJ}l=dG|o#Y2DLf-1YQv5m25Z1tKS|kfO zC{N$|<9be-$;~TjXHB^Uant)wV%EU8g_;9g0 zIot0}yuic?5>P1}1wFuWiv0r1PMB|&co>Y+x6`u`X{Hu12=57cKN?p7El_ot zD&rp&SFTPfV@6$5H~;K~9yri-f9?AJAF}>3F01DI0>%O9kdW@~l=6p zDe00HL_rDZke2SQiw@}ysb?;{f8XaHulVo=&Y3f__u6Z(y+*;rjx6i5_E?OeWVYoU z#75mwo=A&-+B;W13YrsfwMt6a-&mknS^)AggCmWvGr@jh3I%HOi}(OT*s(c~F24HjhTU9PppoJYkWq!ENP6sY zo&5O>(~G^?XMA>Zv@fvn@DKnM7zA!>su(idyx5-)`rNbJ77Tks;}k1%33hBu!|$%H zwkqrKTtIyXaM|Fq>cW)hl!fI}OCQOe-QR;V-IW_Z23x)eNDId3r6$k!gnYJy@Q8>? znMpSHUVrVVJZRt9b#o8fX&V1_?)Vns#pPgkHup4a(-n>vK|U#NW!uWfvD`1n7~N5)5~^3G?G;bi1ydqOF>kztXf11|898gu!6ks3uDd^e~? z?cbZLE{Wkt9r*uocf*4(^~8*9m;@9ExBk0BNHc<{4FLf`fmb2iJ12_=ki1Z`mlt+P zo4e+#ZIBq$vbA=Kbi)(q>RyS9i+7#k8AY~X#xYo;lFu_LIz?Yxo$G9*JmZX6u%1%>YHy0Y74% zi1T^`c7Q&u%EwN>?Y!{i*1#uHOR!H6BVg$&R)LlM`HYMv|^aW%t3nLebScPYoo3qmm8tjvL}!L3QdOg z^iI+Zxl%sr&O}cK`8Hp>_U{J>!%L%!+e>+o7g--MwJ`B*z0J`#J z6y&4Uo}jKA32s&oM%bZKr#qk4yw-&CUCfnH*0*vAM6{at$+fV?3ZMqMNSF@FJ=HoYX!hoD>8Vo=w-*hLA(cw zF2~z7Mf|bjCa!S*`SAVsBXz+|kqs&;eXK)aKwjPs0%rKuU;aJ#h z4~wTk`BRfY;GL$XCaj|U1dO}8yN->%{rUE2EDo(m#5$-#0|M!)X|>$G8cdp?Q|pyw zm_(Xp>i>57%_q1Q*gj{(RPJo>{IeBavDC=t*8y0$W!lZAlYCP`l4EpJQd7sj*)XVN zX=~SfpT3n134j1Jl+T}kA#8kGv6{Q@gi+vX5W+5V2>>2KFh09sai-b-pDkl95*#5T zj%Xd5DoEY|KprRsWQc`EET4S=EuKgvDVX3g)6rBjuBT^%ig{w%MiWd}Pd0E?6WlsI zFZ6drf4`#Eji38;C3U~IJS={pD9F9W0T+%Y4axm(=l-HbrgB;lyF3KCZ4||6t8Arm zalu1sppFzr(Zd7u$~!3YulWMq^Z%Uy6u7Ar_IMQpF!mFqW9*5*ZrsH9{nfzqS52hX z18Gz}ag2QB@k*fla1|t3)q_#Ibx+txr>QMkKXAk3`G&2oVmpl%M6B(@dtM;-8=02t z`{{;3f@#OUXzRmYWCkgar6ZhTL;a?G!9|`6rv#0*uZ=kE6c7epXwK2V=_4~y*Y6+q zB@Bj0bWuxqD|f9rp#2;+xQH|TUAJQA$}LZjFHA)x$r`r$hM0O z+T}lOrhmAZImi;Go2bLfb6BE&1`kA_fiC%caCWUDVydVb4#Bw*1C3fwu(RKgK*#|x z@b1gF*`G}rdhEo!x#vB@WQZ=MaF~_;ete9u78r+2+ML@V(p0%J3fR5->Zxh?(#TrK zAV+H<@9}Yc<%K+_$)BfZXCrzv4gBBZfP27c0-OoG)$qOTX!0^lbUzbiWN7=qJRw~b zPoj6Ssw7J43zNW3jF@$z)uyZ)rrj)lijTdDBHbt_c{sJQ&Q|sTC#&2Y{=nDu%P0FsTRRi9ipUZMv77O(V z>l$Y6gF~+@BHQ&>iRDUuM83d+dxwlgR2YUn2`X0!J%GszS+{2$mO%L*bR53|+rSnS zVZWIBIq-jH;PJ6pC0q424(~0nX@*Ve>9FRH2i}tuDsq;8PFY`tQ!mR9ulh!U?gWO% z7r*(nI!%n_%%#awGSp&C?Y#)po=>1+E0L&{PMm=u92M2~=*gYyK~&R~#vDgXRixKL zfu$}eg=fW3MivkRUq)aHsg?MW7E}h{hTvURp{4(`d^j za6wKFht)=PMUs3Z|HVg%;+j$t_+Q5M`i&aGXjpY%{Pg3zjay;s_jz|*Z%7Ae%{)JP zAhu|JDALmpF}6*W!*vb_Xb+$GfB$BqJGI3I&tiN0?W1Z)z#WZ*chsFp$5?6W>qz?p z*&qm0(*O6OAj7_qUmnVOSY9t=rHY_cO8C_9={pe)CO^Sjt??X$c-E=8*vO;Ng;Zkw zSc%nh!z)jl1WHYf)*qP~&KCMxqWZ6b0I{9>PQVD0F1mO~5R3A8pWqMf?+I9p4j?Bp zIds}th-LnFrx1x_Jl^AZ(G7#~&v>iH@ebQjBm<&_~GB}P5G!12A6j!L%3@;gW7 z;_F=x?*^%snq)J_R0U+Tv#M{RJOWgvm|)9TVd_NM(!%dyf|Rs(m@)gUt3e@kW@ojB z{l5(YGMMs6ehqj=Qx@bI?oqo#2ZT)mT$I0a+ZANP5&MA4%Mi!^W&C4=7C%@45j4N4 zu*g+tzr8-{n{gEPCaiFIPo0?1t4@Xz?DKS67lGXJ;kJoPnK|sUvKEJM)<^(M{7Yhq ze0u0V-~#(Z7d>6tg;3Ztv^*AJJZ!s$9Kf(pGy+t_7;;g4{*Jf*9J>2RU|+cCe6ZGr zXpZ~*TfgYm^N?mK3NVon_CtjXr)&cttKy%&N4ALT1o+nE9DIGLpuVf1OlTWnq=zv~ zCq*ngk<5)ixLNR{#Y^D|x=}HY-T917mCadYgS#-@P}$)%d3r40vJ(` z%se9i%TWn@MW??0r&Dzdqkso@cOc!m6&U>nrBPyGmMkN;Q)r~E!19&L!jpojU!*?? zpwJTNM7BGdfxM^2P|udJkt$opuYQ7H-iSw2TcPsR2fGyso8-bc7~~O3aMoQ8AafEzV>jaAACgQz2(`svB>fCUMiVl2I- zRJ`05I|BL=qm~TuL>iRW>uy*Rkrz)6u*?xOtreajuYXrAjUVhWT(}ee7Z6(^U}@$dWt6jO$N~g#u@a!2`sOU3eb{Ad$lq~QBSpbB z=hvt2o?g%pV8|^&S+ll-D1DAhG3fg>?;J~^DH~1PK^4bR33cXNTghJKS+hJKAU`Q4 zX<@iSc7GqbD-;;~(UfxCghm2VDHrI-(tinK@cu@3En9{lzcJtM^UMQXAs#sV0c=!& zSOQ*(g(Xro(BFxn&!mk9qS+4N)Wh;m;_o? zizj4!3VCC5cFhM98?5-I&r#gUB@*8aD}$TP^GxRZIO~*YLlC^?{w9>#FF|>}_kic? z-+4a@9~%x%VywHWHNbgnl;Fd$8HS$J=7B&Ost5w9Ty1aU_7sNFBMZ0(os8MPLru5? zy#=aeWH5nTrt2q(O)6$WDuY9($Zj+^DUwx|%ED8k4WvrEG_^0YLlW$$0yMaxML-}o z(YG+Oqv61;ZxRnrwOfZXX|1#Z^PhzTAV5PBtnNe-SRx*1q<&pooJR!3arHl_r}cQa z8M2^vCqPS0@X6>o(1@UX5;Jr+H#@FKnYn_Z`ITOw)nsbfB92JS==+=HS#(B5t(0Gthyq9D>NB4~3Y4>puI2deI~D#aHo_m1nP%zXu0v&m zE-p^k6hD5-`0~!u_A>|iAvr=;W>{benrN~5lMhRWALVL^rL-JS!3k5zlimXVFSiN` zcJ%b(b}Dx zyxmIz*i*`yI66zIm+?hE;EwfL8pLzE`QF)0$6g@3sInmm)KBJz6RZy{f31UBI+u-Z z4Wv%v{E-*|*oy_ByWi#_UPK@t-H=f?$SN>ez(S)W3_dUPqM<=(u|UKe{_Y<_w7;i; z_4iT#H#lniPep#=h0tp+)mo3`2%m4zkEh(?}<4MO~RcPt~gE`(gt2ywiY1 zqg9r~(J^(_>%nDh(~gM&AKhv;qN(Qz25fI11Aue^)@BKP{&1Bkg>%vAGh>FlgRmm3{j4&VfGc(jcn+3}!BLnO^R=L)f zkq5%=_rcEyewuQO&&mlVa7XUw4>*sAEEvKxd#|N+yRpbQ0y!j&gOnAC9ObdsV+(?> z(CSTbC?29N6kA}SW&yDLrzX2jQ>hYMu zwBP}MrUSpj!|>R~ft9ChxHbr6`dW|WFGRLVQ~~7xz7dq+yqaupMi9gSCcM89HI5|d zKH4@x4?9!@`*_$nBD}mC+VA$6J93AhJpk)9mP)(RM`c7EP)5x2C6)eEgpY`>?CqD5 z!-jK<15e}TkD^>1;MsqV{WpdLQloX3Ec8dp#Q}hK!bSkzmENoWvy^iS1Ud^hr}Q2L z5~*Bf8bT97!)Lc?r0|GQH)b7Hn}M13mU$_Ba%9E1M6llU4GshgfgM}VSK^&CDS3)8 zuEKu5HLiumg)%aaX&Yg}_H+>xx*Hi&igA6D8anK!JY)+iZ8_ff+z*O14)~O$+JZ`7O2;qT;xm2%$)1i3sDZMRrLoAz zA!bGex$e7t>xE^A8ce(2S46dyG>bFIs3k0u$c%XyxY8d|-Y0AbEj$mVMsHzqbo#@@ zKx!W|R7Lq6a~vv83$XfoW!%sPZd12cACrJ$p+n@OOd8Nn@UBKBs8SYPGzw8pfEG{e zmhICvIFt;BFTQeUI`AF9Y-)Fl?i`(;cogN`boHGUk|zqy@x$pW*s|H}k%WHu2?2N6 zep-;485VJM%8~fKzx(GpqfLqfB0v>k=|tHp@v6vj33+)b|6Ik}TX1~&7m%4Yr0HI$ zTL_FV9W3xflfNy_2R^ESAE4K@eCWu2%@+gn!1ksAFAE&_cYPN?j| zr&Mul?32K<(blB!0XDWv&%s89|JQ7IAWi&4?3?WQZjRR=KJob&8XW{84rn&wfm0bo zB3hSxL1I_%lEpv@hQgzCHW`kkmQLEsE%2LlahX_?chV7&x}6Mzi=^p!%38a?T_f*^ zmB=;at)G&yniY~HjLFYp%W`0RN)-F;#Vwne z!1o(DK(yugT6zT7zXshdlB7qLV@4S6cC!Z(d0?_+;Z=(&R3y9Sdi?V65URXn`=te> ze8I6X(s(y3X+=$^xWX?BvEeYQ;sO}{Y7-a_4>xEdmko=e5|nKcS66fe;o}%6lNcCg ziq2S~$++vk65F$oq7a-B6~&u!W&8D!nf_rCDH5y?Ov8ux zc^jf$-`$#%d6}M6*SCNhX^@v*e0LxF(}TnW1!&~|(oBqP938Xm%kM+kCqC@*DdW7$ zch?ZG-5@<<9w7m4@T_zVU5ER9sa0y`MTG!7VoLP}YhI~xJ#u^fg*+lKPbDhl3;z~H=-rpe;Gf5Cc)k-- z<~G)vqr2tP*DOKX>`j{R-OnoFeYTHBn zhe#}vBd_mp<5gb;rXte8_hG;)qm(#vt5{Lbd20pay^{hkxZGt4tECo9HJ$1xGZ9(| z`gy%&2FY@S3`qHeo{z?myJ4y>mFT^Ik@Ra)>0i4%E~KJVF_CaqHxLO|AS$qiU_=PPe6~d zuEofTa6%ADuaLdoufno`zq-T4Ui@9B9tmwHu+o(>d-+yfYMtTbUZcRm7|iekj&Rdh zV1Xr^ogGBBN3mNA=*s5{pT2@!Uxx$&dDbdj`rk#A8PBsKUA|<=vc??xF3EELicNRp zd$Kym4g85RdylS9z%&i{oiMnwi|*<{hS-{P`X;cYUg;h*peT4&%$dDis9OR?l|O`I*taira3)44GZ|~_EX~dg!#XB z!IzdNLx#Qh`F>$ugi%K@D-#>G zPoLznN*55rwu{rEsxiFoNbeVHCpD*0MC^`0X7YnMRw(;6QfQs#apB*R9sXqCeF}q* z#STv5lV#(CcWzfVb&}Js&9KP#P(ni=B&C#|?g_a)L)A5AO2)%vtEAPRW1J1MX$uIc z&cB5@P5l80dapwN#Hp_1Y*Ur4`G|`*obA(i;`Z-DNs;jxIrE#NYxK$CXrIO63Pa&J zHDt=j8#poej@AVIXU%xUcue!}!k60i!!;3tNLo_gp-@yl-6uwAHqgd5$11Ka_7+N@s44Z{rj?mthKsO4pK+&H_!76_WmvTS?|ot{5Q?W0W%WaM!W)Jio2pV)prULW`BA9-?)9LXfCVXUQW3Cdbnzr!^jjX;A64et-PDh{af-J5Zhzx^^iHx}4Ll zUnX(jQm9Rt%&h)gdDRkJ@_F?X@mGPX0|D|;zQj282EaRmt0?Rd+P#$nXe3t71vCAG zgXYbybS5GdHNJk3M*j3^lTK!&ue$&F_3+aUFnEiF%ucsEZ z(Y{231mdTVsz5kiE5s_&NA7R`b-?I^sVn+T+eNDkMs`etck7T)y zkt2VdSL`PB^k_bo#XMD>NK)*ZJ8y+8`{~rJMfssi!^prVvayPhQ=H};E<5Dkk7rwfK=Oh3b3W%9Bu*sPgClFeYq4Fd@M{=4qA`}5mh!U*N$!jEdHE1@&ix+t*}$r`Z+2SR*0mKM=!iH?iA z3P=jMet8zuV@F1NE#$BY_q!B0piGxPACH&Agxt)_Bk!-vxa)Nvow|i~Idli+gs968 zo~Whd;L(zdG|nyVlNTFIVj2^Y8b~o)oYXRy@{iZ1&;yvpTTf8dI3V()3`WU@rv$IZ zQf3DZ(R7Vz<2AX+#l6^Q6n<~s$3{spibG8dui762neEV_r2BEi82gEiWUrUsW}U)& z3s~n9kcDGEqyAlb+r6Z6uzqx{5*B=ZtWI6AQNvs2o^gSvoO+cehI<1W!8} z+o!VnfIc4t_0++3dT7Y7i5$ zFjwxTlo*-Q-S=_KN=B5Uf7>)M^0GTgj;Yc7t|q#XWXy>%G^y3&1N^o!*C;VmBJFm| zT?akCGQI9Py9&RdI`;aZyO|CEqZ#ZxI^@t{Nc^3Q%csn0|Bcz!IuLx0>x zU^q@BTdnrj!ExI=Y1&=+{QJdFhWbBp-GDr5{rTkG2iGeYtJ|&L#)~I{6%~R$ov{0i z!7{Z`nMh4Hs}fWZ>uo=Yo?^|c^NUbAbt*15z-mo&g{pE`tJMv4woZDYUKwh>Bl08VbvMkWOtt|lO$FhpB+ zp7p@)MgHjB@UPSIowz6E_PbmPO$mtn<55|WQb9hsa@CyMkUVnqoq5u^8lDAyoipD2 zYch)e<%igZm0Ub1nRHD97(aQsh5}~Kw)R^653TtFh&whWsw`ifZWj&MC>s*m3f}L@ z->i&Hng>mhj>bUN{C#F13cuE3Jmu2~s@tUXc%JyQBoTXp{{HkCR)JnJGqlc%RZs7PZRRrSHr(_OT*Hxc)w)Lw@h=oAgXYc}m)E72hTq<1`uO)F$SB z=qyrjmebNn!C*@$e%=qaZ`CMTb5Pnuyj;sOqRDeF>6636M3I$}zyQI1W7{%u?r-u= z@2Lg~-nXBw|H=%}q4LYpB`;FMm@G8G`mh^gwz?Y+@7DOi#Jtz%O8OZ(3Yjf6q@lIq zw;0Z|bL~=h%UfmHVSUMP%$@idRcFXE?Z5KSMzcPCq|61%U`;QcVkmWm1&0?6O%|5< zjX;Tev?=W>^Eo+4qmND+^00zyE9fY_N5eog%5tmpt?dTC5KA2~gn`yAez}@9*)@9V zJjm>KVpz{$B6=FtUNYY{ z@y@TbjY zuwlJQDV-g?%x-bd2{Wb<3--Y$QOF2_YszyyB_64f#W*@W4|$I=ZT1kaTz)wsYt4OS zJ)}!0II?VL?lOjm$}RTr1d@K8`L-7#&LCkpPFSHrbR*Gv-R3aiAr`DV<%^Yres^Dpu*=527J2S`WnOv8~q{M1X4FNRrj zXLW3FIxACD^tuU0Do{oEM{?yECJFg@AEZSKR*uCcyXadE>fqk{338;c(W&3md`IWN z{7!dK#t0m0jyc2iKx6!9?r4r$uCQ0-_HSD5%fXwBe+!GV=tnh~Yj-My)%{sPzXC}F zNVeUoS-n`wZ`pPD(3qQE>wGvmdO^JK${rT6f(#<6^sz2Jr=Ze;vK87hnQxd*6yf+D z#Svrg3vU}(UTK-U3fT-GUXi~c-I}-7g~=?)J}eHw6U*fLq$u}%UqNr~=L4Kd zdUb}i2L-{>;F~?te|X=7EN;j1i>bp&rLZ#g7#^)j zu&L3EENa>$NOqS!Gebk*(j({Hk-A#2UzTA;rv_ZL0|~(XB_98lY*yjIlcYn;y->B7 z_W>)hu&wr)$8&xLhc}1vv<+N(QKih7K2Qrlm7f65o}>*iZPmp)Wya6znC>6oPMQ`n zz8?=nz#?x$K4?hDZF+%{_KY}D4n?E< zAQ*AYb?PC6h1+5|Vx-yLO_{o1Qm)N5#E%B!gqL^q;-vO7k|#5?Jw!cSbgt+|x?mow z7#l#ud9H1rc;-q%`wc;WxGybuwpcy0yAAHbtf(a#z#@`%oGtlxwJ~ej z6C;)I$h*+Id|qP`&53wlo1o}FV1YxK^0_jW3$#~rNs-l@hi#2H#AAPz5sUbg1#TNx z9pJDUJ5ct3O=cIm{X;=yz|4)}blXpRbu`O^jlgf=ZL6VQ%=!izQ?1fAT4tuESXgrk z8R)O-?CrPN-?Fp4ahR};XnB41Dt5xn9lx%YArX%F_r<`rqcn^;p!lAFYOVF~%O~xI z5D^ZxyH0g)16e5U&7WQ=_Es}ChMm~wA!4Un#HAt^FCy`2gHuW2HEN7UnH8*Uo9@<3 zB)>>5A^Mn^iWzth!6IJ$BIIkfLMGsUjQB|?6;9`em4tc#=7bro_uAi=bWOuA6G_Gg z1b3Gg9}HMx>+e#h^Q;oznG-DuT%7T6^rmJdB8A5>v_*33P}24g5Kl&h%%myp#cU)P zAFeJZ44hA}_Vf)svwe!f=cjqH-AgN>cD+nV5n<)ErAjRGWJ{V(8o8z5l3XPqk=3y{ zvxFtl^y?7$^AMJroU*DGDH=eC8 z;|bM&8J3xtLs;RF9#5@tXaDs}?b*0#?DoMJD>}rp>c@-~37Q+9?Vh4uA4c0Ql$1vFJH}`DexVOjJxcr+0&muUe2oUO|roI zKSPX88}*FndO>CGBDM=EU^r5y)HUz2qk+%5_z7NE&lc{YNrMZjfNXKYer!@AdN9`H zDM342M>kAw=o)%YE30xyciz|_>niDLSKY-nT>9Lf(|cI=Ib$2U^XmvS?ur)UlTlA4 z)1Th_rg3~Io;9B~Y4JrQZyH`kr-Ke}+W&b$c-lu@;WfR(pKD}Ts{0!~;Uvee8e8n@ zM6JghzCk23{BOr;^yi!_DT=_OdrJtShus{iC->y@ge9_hLP*L6MtqvzX|r~@*}Riv zfuY~c+WyAVm|fYn(q8FYO#|27PTz12sRiFdw2u5~pVj;H<-;wyx8WQnWSG6t+o?rz zt~4tTMNdP$8wt&&zb`uK>W+VX|C=jZUHR_(jaOSI!HrV5V_g&59tr4}KXtcyD+wUW zauO7>yrFEk;U?QZ#v!vy@>Lk@2^Z4FSiejKhwKy znS>Uqn*w9ky1$VRg5SjWhbYQ-@w*|q#)jPQ(?px|D$J`xj(jJ!0sEwl-wzIA zJh+T%tFXF>{rHJ#S$68Wt95c&*=TN!gf0=0Wzll6Hzs24Liyk_{0VTUDnB|MeLceI z?=|b-ZPv-X6oEnDdn_O#^!dAP%9~$?t$y39(w7`WrmA>!ELis@^VbPYiC2#tuUw0j&YsqJl5=j2Anp_DBHB$ z!`ohKdj4ELX{)bfc#+|P1}{mjE-~i=h0&7w66=T29KN{m@PE-4_by=oT8JNM_ZJYe z%rm!(sev&zMLJra&p)+M&V&8~mfvoERf%qpk-+-3NE0vqHF;y>VXWV=i=$&d4E>N_ zAKvI#%P6C;6ms?be6cW3$|%;FB`k|&ct}TcxE<4P97LYAlS-ryj9LV(_j@DOy@jX4 zM@+@*KKVRzI}k;xJw-!k6g0a-pb0hkWJ@`$%J$*TGQi)@A5EXXjEe8ZVjP?B=*p1M zRD)?O1Tr&OAWg+YXY@(a%kPYnHd9`?B&6xn_HV&L@o*>AD@Uxumd{N28Za)evse44 z_nwthlo6cL4qIWutVce(JMofdG-z;$STY#fb_?lOvw><@z~#dZmEa4}TsVkok$6?{ z^tdRLg&St-dkulw%TC<02Ad}m1Gn*iRvQD22HA*i-{901C}=#A;>@#~L;#lUjhhU8 zq1t}s_%YrH#(`Vyk0uVLonPgPDhd?}0}3hHvZIH(mFKLtyEqQiq#*AB+q5S_uL8Fa zr*OBxJpunYdkpKoLjrJ1q-usaHJa<(Gu|A^wDQknBG;lti=I~xFp+f|p8|zQ;!l}B zV!qdV+%5Kp+PXu?_MW5&e?NSOw@rpo_B5Z$)?yr=RNNz3A?h3&@_oBcHJRJ7T5k zb-+fLNm=|O@MGK$9C%@W?{NiVIyO=HBgnm5?+e}Mmx^!4^V7=Z79D(k9-?h>#R@Ho z++8gG465Pf@UCl=)Gc1wx1jw*;_99HCxC=jDxW%NxlxTGIQF|uU~MhZI=A^<>uCQG z^{LDf@M-mw8a@anVL-`PX?hxW(j1zDX5qEY`0`|=b?T#gBh02xEgmGJqAvn|%kKDU zdzp{(G^-5@n;Zry)-WtjZ7}>a75#-tbJ|32109D_qksxz%(vsUXv3ds&G2iLF)3u& zFLF=@91VI@HVG(l)C>6e`_dWd*ks(-GGLGVhk5ySvWFrz0rq3W8k7a%0A0CObTily za~j`JHv&ENHU=><$_u7l!qMcWmCWf(?mPY`^@;sWKe_7GD?(ISugfuTPU04I@I)4k zy6WR`<;RS624fiheRVRDa86aH;5TxTX4pQzR!R576Q6Qni;d*FVcquj94fnuLfERG z*gbB755#R~3{_yruYR z!`=Gz%|gfBjCT~}j-%`kvs0a)qaL1pzE56v?JaYejZMLMWtI7TubIs0@cPY?=iAFx z6>L)4x2HIp0gdbKQ66LM(b?YpO!zJp##>DJ2!}1aF!Y>c_R3??!w*y zf?OvHq)bHS%(%Xw^jNEh$W6ZCFbr^PQ z&BKR;*CikbnpqW61zM|f=>RVVLj?nhCcOyzrga5&xlm6Mqq{6t$2F~Ifh5&fivr94 z%rfa5c%tbOan&=g_vZjm^rF?3gZ;Yr#; zKQQ({IbnN;|7#e|!oHq_a9l(9Dh)3%{FMR4zBZoR`H$bKyh8bx%wBdko{cFZKc(ZQ zK+l4(dRpkqO9o+9pk{&&y1`xp;p5y29;0~T%NOsU&NXiCsLM};3qzhukP(Nr1NvOO z_FId_vu`x;@PIU#7ovdw_rX^B$l6XdBBR@@ir^p=|n}A#=PF(pPfPao~kzrz2WbysKO$ zA{>zyP1^*ZHCHnAt6Ytt@N+cg3Yc_}-piDaloT`7e^rYOSc3SmKUwtWex>2k^ee&V=@1#X;6Veg6=b#&P+>L|KzeX&#TLVYk;2NCpC{*;8hn~Y{ zqoVoVxY7Fr7A}A2eO%F3)e1=_718uTc^m5I>S4E%>}l;^D1wu&!0rHXC{;F^;yO~j ziw70!sCNmGryI*`fa~~XL`N>$5QV|A^I;CNoEX}!Ya%gk~H!K&4dqQ<(>xz5_jZZ`O zR0#{$hafK7L{Q3B7RAAyu{uvkO5y_ybcW2HiP>t{p#M}u?K!H>ALPg5Gc9YJ8WHrX zSEF5NX_k#b6=X(*0`IOlUzLkh7Hsr0eX)y6tqQ{waB$H2BCaOABquuL>Z@iC<3gMY z8s74a;^Yg9uHnN^`|FVkrzqBcf(T+58lrRgcP1vNgx_D+o&yuQrf&$Ckw_WA7N zaP7D%;c(|K_c?Xc%jmuzs0&(l|J2zhh#E49`a*vejc*gGxDiqyJpl#CQ+QHdor zH8-cQE%J9Beg|H%Ky{2fO-V)7W?Y6a`zTBf=dNbszbt2%ZV>^nS=7McQu@6l zpJsx3w)y;umTn~z_K(k-ibI5N`h^hRIf`FPxEAAWF#Jd!4$xqW7#~GTFE`zn?J?*3 zT3DpAX^B5hv1NU~gI2zJXlcyqw70;6OCR%%VQTpH4-chTVbTc6d&Wd(&%IyomZ?w% zBJ9R1PgbfQ$nXl4S*xYROgvZ3zJ9+F^xSMC9-;hA0q3*0QG~WpY7iP!+D{+0abSU{ z_7pNRCg>^dEi42F)r$4yG=Paa)7ecKXqTOGzF?v+9O06Yx6YwK`9{YOM(K-17m(rqS| zScN6k`W0IFi+Z`x_(#(o{OPo%TGsuT(}*=eBl;zvIUjZ8V|*Aw=mW~u1_6<4oWV3^ z7~H0I^P!8-_|wE%##!++?Deb9V!<(SYZ=58@*SrN>y@o5a4XSG);1<#8-nuuy%}*o<}DTw)uh~xuToBk`HlB;$G=D<^GI?@#&f> zA2Rh@#JwW|ytW1F-Itf^(Mf;EBwWZJg2LaS)vs7DDzEQF zlTRu_zkHlK3(#oRn+dIJ;yh1i$glTc!+6qn;@on{IgQ7kyh)m#u6&WZ{L=qKqb4Ff z<@ibZXXWZXv5_V>%0wGRINFDiU1M?|wO%phqpv1|m@hcz_t*sCM(rHZ4CWzMn%3nm znmD8yvn-B&3;swI;o+E^3Gb-vTJ~h03_EJQbjR|{=eVB{@^Ftc#IJrn%Jv- zq}UuR0Ox&;{`bPMvw3SSMx}UR-IXSHOwA855cc<2q8tVf{u#vJ$CuZV{SfYDXJ>sB zG^t?U6{5{WQ9oOLWK1+hCvp~6s)p421_C*;n;3zi_0*fT#xfS=u!tDlO@Fl7_V>?H zBechLa}-NCz%J<`9bK&I<`M9rR@}Ca-Oj$bTRPec$+^;!afwpc&KZ?$2-#(JE+f4g z{EYqBUM&}c@{R0~_7^Ereb#o%gPz?=A7>Td@)wYCW?Zt5Br8oawog|u$GiCgBoi+b z%qpUw=mYrk;guhNiAp0=dkmW6?+JF{_MDgpv@0t)bEH=_9qROIV{Ja|JXh})S8CB*&AWP54O_TKB|L!P5>o?hp{ocg7+e2 zB6F7WV35MB>#)xO7l|wA-k(AQo(8D~f4YM^1#6LFP!GvrNVlu8onSni8>hJu7!(Yc zG^v)y<>dU`x#QfJMDnPR;Zy>;*0(%w{^?exn#|upXMsZkFlbu+(`M;Lja-m6FRw7$ zy<9k{e+ovXSH9-1^Y9+?Y!4TsNC=m_y>Z&OY%yE-VO~!`0?AiO+XPZ+?iRd=3Y4ik zZ@d%-Rp#TApfmFX91W8H^8%RuaDsPsBg~J&M)g2zC+`XMW_Xl8R#O*!&#DHDsHEI1 z!0Cm6mos{IgWhj23ui`G+pDDq(uoS+*X!o-mF2|%-@5xU-H+W2dga}f^w*G+yR8DV zi4nJN9e(wu+)bR;=^poG6eaO~qzxqAi;@Tg&&}nF=MW zC)@X%-DF4WyHQ>DhrcdhRQxvlDoRtXS2G8XRxLY-*Wm^C+1~Y7m({u~ZF3(Om>mH} z)lsp?^b}C|0^bzybV|WsZzHRp}>h@de$ASF}GD7Z0#S>f_gA zJuE447uTe=P$>TTEcnh)-T8&Y5yL&nxf`dyq|=nc9<@Uyn-@(TT!krxcp~`C`XP+{ zoLnQxwH!XOA04T*|G3W{#`;qkD3G3FgPK$f)TDjA#j++MPvf3im%M9w^}H`zlp``) zqxrTWyF96U%=JVAo&Lb?DWGP3oqxrLyJTgoIGWElzJ9`y5qz}8dt*8?9ww2R(=3c` z>{A*3j{m!NluJPLfMMF{B0d$eg;4+LXWY6`oVbHQ;TKYIW;rJ-rV9mGW(Nb|U6uNq z=hiHyQ%xAFf5iO=F?}0IRyjr?)KZ!|(SV-2YNm@h(6D#`_1*};QkMng=7oZbMOEdj zxG3z)KZ?}pF%65K*2O6B(GJ{C{)ntd=fpK)3P-n4R4;E}KWHwJ*q(=g<5ctEJMUh5 z9eha*UB}#_PWt98Sr-#$ie&fiyn$e0)SXx7I=0fuU?L1#0SMXAv5Cmlr}A)bP64Bq z$S%oQy5h;i&~Sd%Ad|U2dYaI~*yKE=27vukZO<7xlwfP|;g9yS&Kq4#9rA?>6QAjW zPVP?`eaW5w`0%W;`TW-RsI4;)7+IzBx{Ef6`4;Nh^%WS{y70f>u|;(uyG8kI$Z>xY zJQ;Z-7E;XIX09m+nx%8KxvEjbtDe^MD<>GmqnmaW%r#zg0zYkpqENc*KdXGMyLsLE zt0T1&|Bc&=aDCqPuIKw~)VPI1x(yDc5NE@*68~Dn!fZ{*OM*E2A0<7m_#27p>0o;y z!+J{q^a#%7Ak4*Je^C0KA|pd%l(Pd`_JV@58tEBI9jE6rA+@WKt%57FkGD7RyDJu$ z^GWeBGA<--W9j8$(6CG0Bb*0FIMvHVGJ4pPhEkYqaJX65T$`~$bh;E z+p_ZXFk0Oj%oYKAiaCd@9dOA$r5ZV1FE6w6^QqrXor(%LR|;%XQLD2Q;n*79Ki7(T zs*SXMK$N8Y*ZvPXp`!^mfXh<0aqI7!hcr8#<6_T4xVlgkH?RI!ZeJ~Te@t;wF0BsP z{{4c3tM}t@x(l)z(p1ZnL1OI<*^j&SWkzQrXS=hyA{>L@8f|z8Z+3W)RPb6WeVDv^ z4PrIz5RFXcxx3-(>y)|9_;Qm(?Zv!^b>pAnQ%`arDe}13mn=U30 z2!HQ-yVN~Pa~kD4aB5rP~($qr;bUwdRAUA z%9HsZup<77l{aYapLP~p(Fl~>^bOeZFJ2SWc_C*nd|KZm9KSZN%mhn}^y?4hgWu6% zq$nw9W^9(F-GBKFKi?7haklQ#l9;A0ae1U3eU?a?3-pK)T|a~%5%%uy?!Ok06a-pU z;Lj%fdGx#Z%+yg6t3#QxOxF}N!i_!rEaAy73`rg%+|XkH5w2)-kZbSvXYrZ?vB9YJ z(PZmmGxhFQgXX!iYwxf~x1VfrKms}#aLlM^>dPQKIP=4IM^uFT-=cJXs~pDXbo_0J zDx@hVCEvk}Y9W1MG(R2K-cFrXd*zUJa!lOw%aufpgpO(SuCpY{v@IcPq*9SLjq?}g z+2JJa!eW$Yp_55xcz{|{1L21Q$RU%pi^HrZY6B*(!dETS<6v<=QcNdRi{b7uY> zAOn^sVy&0|{9&Im3;W-90U}?Z|7ULc`s}eMO%KJdz=5Ssf%a#Vp`o^-$YUUozPmAV zE-24S1Y4ZLuufgV7Oox5Z!HLa5doQSmq75b(Wc zrsbY5{IjMQyi)xpdWpHu%+gC`H_~zKbxjqMhj)FHDEQg*en)6NM;pK~ z)dk%`h97Y;xkYPh=(AGFpf?WUg`NEbIU1OU3Fur!Rlba=NYp`o&kB4%R_iB(fJ54T z1VrFnz)MlEWCH9^goh1G9GjJ@o`W>C3>~u?oHj4(hKeLF0mt}@7e&K9<;-n$_Z!(h z8YqILx9IbhgW}bhu;HEp4M2|bt9%lU?~v?NFHfU`#a#x#4euIQdLh1< z@jk*3Ku5j42yY?!qnRm%*jy!U-g#otF~`K0*wU6aQEZmQ%;~U6Gh)5my=u)g%7&@M z#HZ1Nen^3&Of*`W^zX_P4RB@33l|#l9N%V?k4Hm|M#WRArC`2ES(j4nEI>!8s+KX& zTrcZiUxn7ld^YsU6jTh72|b(C4R)u0KWamNe;n9?q89wFxZf;QiyChBRR1s9z$hE& zW3x9F#*%Z13&VE}TK`h4f~-Xd2Z)T&dO&0tbRmK$Hvm-ik1xE6;0`K2Fa>=w$;MR- zWB_#0&tI;ncn{xqq%N=3@1}j~b}E30CnZ1YIhZKoLpL|>w~%vzp`aLdlK5p+Nuw#Q z_arrO{0ghRLUNy(^DHn$C3an`$1(%*a&QS3+0DnYWv!M!*SADBkE}1zr_qvN!03#h z)KqB3nd6;p2=SbzakEKzq;NlK7Tp7tlPI_)WF_Vg3l#&uiNKokuxQX5Pc0d&J^ed+ zt*EE*XN*JS!pZ1mDtAN|WWSIfh9RB-vQAY_x7ret@OZd*>Rilj7H!5szcY#>>E2Bc zPUu=(@6qA!(RJZlL=u-)(AVe|3?Bz2uUk$RRuh`Ev&Tm{CTpU0=$rr7K zH)`EGApT3fTcgkJ_;(qj%q^b{%}qwNhvel16IAf=<8IHe@T9eNw`_lTIud`xjr$IJ z(qizLWw5HW*~Z_3BdcKqDXxv$!(mDF0%tSn$$dT(wB0afsoF(jSW*ET z2{;9baF|9xsXPNDRJnKe~tqL_UfJ%rcxrT5*!~OTr1p zeHP?}w(ClzsWuf_Q)Re4KO|olgA3+jJI}9Slm8E2Zy8oq*LDq4(v5_4hone%NJ)1$ zNN=R1yFnTOX+%Jzr8nImDcubc(%s+M;C0{E^L+37{^ZbO?KS5-bDU$$MUzoMrDgDC z#BOGo#YP_`0GB8-oyu^IcwDOXdEi&-AN99`2=5<61+W?o18S2IE)xa`U{5xoFfi6u zYt%e3NV`x>j{1YRl`_Jn!D$ks*W;f?$1ISD6_}Uuf>?7KDB2rAjM-@;gLD;%@A6 zHEAbdLomko*>GkH%rMjEwouzkE2fc(Ur{VphyB~nN;{b&Dnz_PTHHQcCT3Nf?B&R9 zgWFnabxwYf5E8yTjQ;qs3Spl|lG+b0){h#xruWMTb2!3l$leh^_HJ*3^!S4wO!1-< z{=LvW)FO?{36wkXLplAA`uG{JK#nM!waFiw?=!_pDklAlc zs>Vl|&|;UH0>}6BvwpI)z7Quf>qI&Dt7(-*zibsa@j9_Etw60@rPg($WMwut{Y9of z+&FEv^Fmm-Y(?0`MS}g2z4gHNIu>Ie+?ii$1zOQ?vA`BkLVs`y605~4Lyty6B8Pqj z{T$r&W?Yu6=@L$3zZuq|G;iKZwmQ9|A1xKfp+ROsV0nAxrTVjzSU**4qYG7fXa0?i z9vOa2=)8bWB?ZwoF(qYC=P__lRpp>>l+J5iZ(x8m^T0g)3YDIGIxO~kFPLa@XPfPk zR_awL$EEGia_bBII=tMLxVZg-zNIM=oe6Y558ONQgd!`$IPh;1VkAp{k=*^rAYAQ*b*0-}t?@Nlz^+`WhHw$$DR%o`r%GC6K# z>Jc2BDWsrOv)sOqFZ!Yr2x9#*fK~Hv<<2RvlA{wLX@&a%2miK%eHzVhZbYh9R8kAL zky>8l(Ex$}HJS`RCk6cG3#4+1$rrz)og{%je2}!>7XN^c18#iJNz2YAw{b3*0f7xL* zPSazT6GHZW0{&e#m7XW6Uz;tpkp#@!si^uQbd=oPMR0_5u3FcZv^ySSVGT7R60RV~ zxtBxE-K>kHg7MKUX5jv4Z*h4ZZ(A;}RKC%w<%YlK^CB~#p_QqL^(U~MVp>Bfu|W`f z-&`E;!iEFbi4|an$iW~hp_E9tKf#bqm^^8(?wQntx{-p}$|Vwp1&*B@8uD-`VAmDo z$eEbrQoP^13F=~)2WLSQg?q;9_mH(Ve7%UjtFJf1^s-kan}_BVq~0|G%-j_wsXTMk zJisJ@1??jh^bL)lSnZtwKQS+MIWBbGZg<6rYfw%|BC48Q?{_WdA}&H(#DD#obgLDj zmg(!CDBNp(@CmNVt@Sk1 zpNT*U=7W?-p^^D6((0_~E+cTK2J{Br!mVe~s$lp_F>WwRTg+>S75%d~KNXmjm6dje zKi^KhOwVErykHo^TfH}DodPEu-RhB6KO|VYw~j4L7zr|oz(fO|aQ{}_?u-|0XBB64 zL{_l+=v-T$NYXqE!*e;*HQe_pZ*?{zi^iDsx^jHx&y`Q@1_dbhwp9Lf2@!BGyD4~mR zL~`bKdMm`KjV|Dx;=$bAr`CTT6cmzHhF`t?vu?V^z$k?Mw(Gl#dr25QRI!}77p%fVFOYg^v(?Ju7s`WQ9#^B0{m>3$LfpxJ*##8#`wuX+`*f|=tC?m~M+k>3+fCHy+{vf`2YVXTu;k(UrX`%ej?d+v~zw)lJylvgzDF!WbWqThcs%X<6;Qh7r@F%o+0MRMd&m1Xx z+DyB7nh(1i4-z`6yUo9m0ih$V&5PPd5JpFfTMY|b5{l|6_Fp>(*7F=DUoV;XF)x6D zyij19NylkV#>#Ce*||qMaqL&nP^5-CAPy-|M1CvV1dq2@FuOQTM1Gn6N-ArMgft!R zhX=<lOOcE9Nu+zH9h|7Gq>&G!m#*UFRlkdyy1Ye5MPJM*mHHHRG{2H!~;45G$3#4v0TS6lE zDBW>>3s_1owPrj5>dvRHk&Patp`If2%f$pBNy*+xx1oG|jEYh)wmH>36>BL#b@1K* zra-Ncw~Dq4@Q|Da;G#e2|K$oDi0A{zCA)AUQKQYVuc&4muwjAUk3iIF_jv0H^~Yf6 zIr0Kni!B=NPxNDi#OeGeLjDW}$u^pYh;jR11HU8!!v{Bw7O#K@DdZNWA%*g9JHNLnF&qb^jmEaqgSzQXns@IYx{OjUmi0$H`y$sjIk`Q$1E(Anv^@4-j|CB^V}T0|B?wcpBq;nJ9;51?SSVdf<*k~I$WU=f7zOFp z%%J^mX-Dnw2?)c2TyA*)vmsliT41C&U-;6^g8eDDN(=i-F5n~4*=Ni#+(i-aCM?M2 zNYr9UYX!mm@q0XQ)gJ}b1#Tt3-XB>PGnqMa$B$S`7_TUjWEr1l?HI^wcu*zm_hn9I27C$;Kh2OD z#d#H*HrNlVF}#a>CN4|x&3{I^^&IjZsV@51q`(*3%%tXWyRZQJ@`D?d@>?L!8Oadx zal->%Ws)XaJ%^v+O7M^1nG$AQ*^(?9B8}?@&2NT6j8#@j#Q)7aaZFsW)#BVS&3ERqc%aR-1T$XJaET)MUqaQ$kZ`C;Djw?Oz7DmLIhW zUY=wTxSbzov{?Zj4G*cWu9p9ZkvRKWVB!Ma9f@Uh!B_Vp&#Dt_^1LKUBRT)GFLm*n&DP;}`0(GC9M7Okt>=kHZ6NV%Ol`vi(a!AJdB|Wttc-}y%&AzGy zaeC@UyPAtDeL3_DiH8MR7i9q>leQh~{pxTkN6YPwRvX({@<*h~AbWFX06%5~rYvXy zlZ1qsIxrx>x$+gzG59@0BIfs%vK0JkmM!67e4%n~q;7@mNBj!8ghgJt)6tXW@%;q$ ztoGt6YuGYRlJ*1l#gi(jpCcanZ{;Sq&1$WmFZ8@${lnb$>}~jRqf)*bxmh2jZ{>mO zLHzRdVCeg89j5t6PxzUpN|8f^`W)vYsP_)an~wWk{ZsF0cUbi595K9pc#0L8+$+)3 zft^?!|jlsbk(pCZ*x7N zLzRb)m-odvaUJyluhTnCdR=z1LQaAGmgQs03IlR~B^lkH9-zkV2zjh@HE17AvxeR64>}ULzcW_(rxEWH zADH5qr}pxjFsN{OGZlI#^is5F7J4~L^?tBfO*bVJ*xNfyAg~TmI#)6VY9xPzBPID; zSl1L(ONEbkZ%uQ4n{dx!qf`IR5k~{6#Sa$($N~ z*3Ypr!KI9vrL+@#peOnYpgT`l!O@rCWaLZE%g)c zDeE9w1uJsb#fL(ng>86Wwsr?>mFRY_TI10Wq0m8ul$p)3i}l>de5Y4vCS(H1 zOjCom-zCgbUgu>PQIw=9O6>D{AZGtqNEUJKMUr0G;hh$)w5dW z16VZcw++lF?o0&wInrU3%AH2nvcAZ}>`;80bIapmh98!5LBR<8g==Yo? zuITEr*R9hET~~0)dv$1$wM(m3gmJ1;2XJ!JG|)Ck3l9cvl!)^dr9}5D>uVddVRKR8 zy?fi4=TZ^RjZS|tOF+;9bEI-llG9&ysg>BTe&T5)JHuOR8CXy3#19SY^~*Yyuxt|$ zPaMY&4Qc_E+6$Y0LUS)WCvvg{=gNI>Nq!q>RUt5#r4#HXRKboHI>t1WMF z)C-6Ea~*%)>5YDKvZOO;su7#%roPfZwJGEQy^@O3-QXRiz!Y#-7o;Ybdlj?N`pZUd zSzlquPIeYEl(}K3{Wr<)R^8P}ac-sEZ5aRN_uS_U_Tsey#p>#pb{;8!>DE?_$oH6U zp>>6e3x^taI%Wj(MqY>w8#8LflU3qq(u`;H=hCsdlSTz;poIwT!XFA$m*UtfnPTPb z!app2i2+6F%MhajX$M{0kGYE8xyVz7NHcFT!@X^gvjl_7@j=q-hPJK4!hX5C32xf+ znnJJnPHX|1N6W_XjV-SWF>0i$LQlMytIDY7%1xc)1<6W-72tZ$CZ*T7in1V&!*=HZkd;mNBF)eiS(Oe!(qd%a`AR59diedwVLKGUqy4Zo7&&zyBpGcr$xWSTd<7Eojq%X1o!e+&>sSUf)88ZjNDDOps7J=-#LQX^a*_E>j|bj(0vm5W zIQPr)NtucQ@I*1QP2$YhY%Zg-g`<-p4%GNOD~rI_24G_eYDP0IEF|d z7IQHX(DMzHQJz$O6P@It2I|dNKPH$z@JPWR?K(3}9pPqnH;-N?^HxH6w>$K1=6bju zmhGF&cN^Bkg?aAD-OtDqbS1+S-4Fsd(<@ON^rOR=3!({8E70b!l~lL#m;51^Le@iP zYh`kXH+m9KW!de(iPckD`Igh?VPRoWq+{dZ<)5k*168C5A5v#$ULE=I#fgFiO1Glv zV=A6&--$PX1`cDd4G2}LOwMBhgdepZ!QVMoc;Gw~O+^6!vf?Pb|Buz)FI;ffN$lG( zd7^?St7i+%-)YoQC2T$h^-rw@vG0_w@3bAoa=UW%fn{X+zTVUCcL(X{jtvr6@%S=G zmUq9S`(S5?vng*k9RDNw*-P|5U02l$$15jejLSx4?ZDp#K;`q+>v^drsp~mHuLM`4 zSsS5P?KD33uI@!j!GK8J16!sA$k-zG#WdoU z27-{RCX+KOT^gN=u;uAlRk5}nMQoi=_LmpcqrcEt4VnVcaiYZqcy%b9?Xaoq^o;B< zKD(kT==pTVrwabWs@NF+^#{(u=m*j_3TI)rR79JL?$)G^iq0sdA7)FZMcS1gS*vJa zT(M00N;Fz)VJ0ZU_s9W&W4a0bdW&mNPV?hv`~(e2eSK2$xe;LH3^dMZKN>lvcH+-> zQInFLGrI!-tiW^)C;6y)aLCI!@;8NoC-%zq=zRrdEO%&~v~&xN{i^%(+oYQm5P=SM zP3abucCxw8%$lZF{Ypyg*Oq4N(g&tGo*WFfA9(v6cNSwy?}Qa^vB9pFVHwt^m#5k= z>-38;Qw(b4_7T#%_;|9nvKchF)=%<3ePr7og;iO z{CPbgINF5T7N7{O*&f?6+xdAnHrE z5u~C2EeYN4lB6gNKOKA3SHtixN%ZgQie*Tk)$!jhu zqv)r~5g1H-An|SWB@U-s1u92EwE=lj#H&DG1q_FZnQZ_-&WQq`MWRsrxM^iby>)5A{$%qb#h@w4m zimF#y`6O+&o`}Zg(~Xx|ZL2|NIrW8IQCDY+t2%$gKV1Nz2y+9YvhkDM7^CyAH3D`o zznr_UPh^$+{Pee3P7^%KZti1yYzF^)e(c>fE?)k`0$auGe`asT5PU28>$b4$`-1N+ z;Ve!ONEYrnaK|3*TotYVDdK`M_nPrWDgXN|uN|Ab)mNSXG7P}9!SZHKZsyqdri2hk z%_tVqN^?xnz|-9t`g4}BSS4?28O%lk1G56HEiQ9+tI`RYy)kW|I@F8$ck0|12b}4# zbtJ~R^Fb%9MaL_i9zL-&V?SCG{HiJ5B#??}AC#6K@DWuXWd|WfYHWoG_(Zl&d9wPKwZ%s`Ez zg9)Cpow>U;en(H;~@~Jv__1Osge zdSP?H)O92m$fZl3NVTZ8W-?u;0z&&@HvsS~au?y#SY~BYDyHWAeTj4Sf_aqGGg@|m z`#Iw>4dOAYAx&G}90Nbd6YGL8$J{BvFnVA;^tWeNv^Nq$c-Uo9XI?;&EIfTI9m@0L ziy*Ih0k|n9Zd06P_$z!1vlHRTB;s0X$DQ(X=NM;}U|4~^mST~$+OUa(>V_b?6_JHO z0u<|`SCa@y+c-*;&JUg|NX7Hs2tx*nN5e%+DsO*=dL`?4tz%?iKb&Rm|GeFit$u_| zc*vkXux^Bj)g}RsLdVzy1SFHEv@8D<=5L(wfH1H5@3dpx@aHuh9OXuISwew`-@U5b2s=?I8`OJF*XM zgsB(Iros9qe9cDZX7*v_tTPU1omyFU?OQVtt{XmGTo#j8sGQ+za;IdLpJKns^q^1F zWQl|Ac4cYX{cyMPl{^&#_yXrUCfS;$fINQC377*Lz+bOxU!u|kHue>Tj#C-T9>!l% z8P;vk+VT;k)f~1E^HSEN^MOg8Bb^3`+C_-8HD-cm1Qf_PY-vreU7R=?W#jQ02RAzS zJHl*X@`LuN9ZM(`1^v`JCHkTOfOjr$sX=4iQ=PRFV_q-nMww$;nh*J~q}5rZLp9d# zGaO%x4r5jMdt2Gpy75983$nbaBPEj--6nsQf8UdYGqRfIE>I?S1Vu2?M5>q;p+>I?^%n2by`3}d z4!Ycf3x4se8!EOzlg!w7e%F%NnuodDeZa;|PJecufZ#hL9D<3KSBgXt1A65|*U>s% zkzFwLT3ZGJRH%Gj%Acn2rQSU@a``p2cJ5@BN)6Oy`Of+|bP*SvO4h&Z`gS|%^8Ld` zT}=1CceHh*ky$BR4KV^Gh%_81oT#7jtYflwxnl2 z@*>A%w)pSlc^SP4{UX9m5s$MNr{C3*@gY^qtpM3eEwNNpC^>yBm{0h@0ga1T8Y`n~ z^=Oo&Hd}we%PjCy)t9sOmM`IFfAkkIs)-LK{seLa@RX59DDBRXY3Q%Ow16tyi2K8` zn^O>X!J-Nz8Z9&x%X_CX(AqG+^X87&eEMj@ywiIXeoHxIy}dk?Wcw24N0GxHcgr*D zL5=<`=H^Cn5gTzR8FzLZiF}FKuy45HOWW66cI1U^zmNiQ=+}Q+MZ&MduYM*$TE*>( z#wvUue+lOWBtnvxqD4jHS0~PYC$9mi+DnR5mZCfx4DnE*mZM@lA?=l+aE4e0)g4{e zg5jl*A7|Yse8wf;+wI3X+;pOPD}R?6o!fgZ-|+G;GlW-S0^Lakd{%pWx#xq#W!(fv z=Kj4pGtkJB07r>R*nsDg(vW~}uRTdbIKj|0wu+!N)>9SGtS_{=u^L7bv`-SJJd(YK zx`^wta*R^3lSEYPkg*=!6@T^!@J0%OnccO^?SK+D{hxfLn*C;rMSTP%|Lkows+%ZN zdRi0@C2E)s@h+G!=d+?=W3Xq80qjI7Y#32&@f-Rnw1P6hK>wEXHEqL*VFVJw_1{*i zaXBYL9Y_6&!PX`eQ`7a%3BuNQa=!;d2)iqV zCc#f@%O~>?k83|B`0U1Xd8XeLUbhf4okR!6zdsjvu_$nX2QY$RG8W96 zg9S3Eb0mn%f>}#{w1WQcA+qL))&3t2@v~rwpd;xQ<#*2BePry?wQ^qR(jW17e3%!- zTFcq6-iIu}<}2u0yIxO}=XOeIGPp07vn-*nO{+WraLM&zl6K4Pv(mEJZ)z1=@5prK zKdMyk20#!KBdWjd$m)lk<2gPhk@N0zI&g`p*csI7d9Lxse5Z>fyX^xvdJSxZ#nR@w`O1xm^}s@Ms$7a@gLCVyz0Cc7tBy=jPnrGCv3llXrs;oVn?o+LO>DtfsO^Yjx zMqTherjFpVs9se0d&eF`dfk^><1k003~BX^sF{KlX@+Y{Q+ zODsxfP0E1UoY<60JnTOAMFUbXTpI&Aanm2p&3Kb&0K-H!u>JgTbT>))i2iCM*XiXn zh|&lXOoPJ=e)qdBhJ@KMC|+)FMr{O!hk0Gc{Q_DS(&{G?{7@tXDY_7>K_8DJWn zX6D#WFq7h!*hXO3V^VEX9$xNi_pWB(3si2f*J;yxLyc#ffR42<5FXMQxM#O_24Lud zLqkzYe&jv_x6%S@#l)JfqkG$HrNi$sjHHZP84pZ*J_mtHwDm_(EC-$rS)h|LrErjb zup0c;n=f*MCZnh#`&rx1>B~-Y;GF5Pz-5bJfy+BoqOPIo-=B2_uWWU!iJQK4-7zqvYL*k~fL~Ors{%B^7qJHp664Y!8^)onTuHd7|qDl-=CJ zU%`4AJ%qHi^IGfE2|=Mr0ula|1A{%|pa#Ep!^sB%)zvGd2c?BrUHFX z21UQDX9f7HlhRA)B4Zbs8<)R;$X|d8Xx;sRUKmsz-Voa>o~(_1?OY1`y1ROFn@-VC zY{i;t`Dko>38f3=xBoNY59D|~q8^jK#>*a}o0QAV28}OovQXG89QiNv_0e)l?BSXG z0VvWB+5EVpd@(B9>JFnGGc!FMHByr-0Qg55cpe5}s7@iU6%_>FqkNO%d&YNGG97T` zWxRRGC9?4S5?gr9xe*~oKQyyLqqU?V=1Kq=Q~45r6k>TRiH1$%;0=c`y9Y;onhnaG zHRupa@K6tW58~@(FWR>bxZ5Iws%{VqX`EH@mCbjf$2_-`qO~d&$>t*17@=5Ryl(%D z!a(FUD(}lc^YeJR<{-$p$R&dSmYMW#%SyIji}QBVLOHVBLGH0$=Y^XVixjIR);Zn{ z3kHFeNzqt3lLK<1XbK;8d@6^5CaUo^`o2gz%2tOr-_*fp@u$A4(MnR9z#!!&@`7gA zT%y5i1=#w71XSqyc?uKDX9nlg_h?l_uBeOH$}?J8Y<0v(Q5nISSPiULC_hz9eiZWY zHqINlxX~a_eyPfwA7zQW~| zIO__*ggTsU+4+btaaxlKl3P(wuh@*MCj)em$TW!}7>|{AY?z&<&<>%>BvG>RS*S)bWkE|8ST(H%byVI1ldKB%PoJ z<(ES^O7zP2hx1efcWG5Nm>Qv^p4<;msTztT59w&!%Q4=Cc-tnT+SbJRJBcs1rlxx;j0=6_oiO5b4$3+|pmuZzN+i4O%73TX=pe3$aO-Z~#rCt&y7Bu}dVi!-i9 zl#D?hB*9B^*-spC;nAae_hQ2~6X|G&3G;ApiiANk_k zlOz&2#jKW9`YGlu_(5TY;jwZ3W#Hx}Bet2KSNG;RMehuhpKHHrc zyTK2aF-$F)Age-=9`=knm7IW!-A-2(_0!|6{7)^zSKVI?9gcKgdPLnO)4xc^-&C-| z;7s!#j+}T7HpGrR$`sdZjRzX~n-EIvO0y8$7UvM!PWH@aoTWH6vXN2{pcx>(YVZua zl=`;=LMHQ$mVITAZcq&P{^=Xz*Mi`}MSd!cVVZEy7)dkLpD{l-;V$F~eKt^|dNlyF zHTdVXuZa;C)}efGjSFm!X)a9TEWlbbI?tMN*NM)y{T`ht?7Zkd(0gb&-0>^2Q0P$Z zjGX`=0`6n+=sv%IQ4Mj_zowA|Vu48Wteh@WSl-U@ZhTgws|SqLJ|KzCcMf&( zdj6+WLJbeRj<~C&GA%FCBDK_~Zoa{J-ASl_BTKbT6kkYSy1pYH(Efq1fZZ}dYv!yqez{pvuLdTmrd(t zErbVOA@5?qLWeDSo2Z!4q+jk_&|>Nm2%un=C)yGO$9Ay2Ql({TY`^(rstY~|JWUI9 zpd;2Ed3GtXkIWQ17MZ(~F0qS`)l)%HCtEms1+0t6J~;=19(HQ;@0ic+)wM9|wRMJm zX^35LXW{uxx~On}(F3pHG0phQt;h0n{lu`_%?FkKaO8GqI-ZjE$s`t?QOjTzMh{ZR z`Wms_=+^YRfZ=AeE?U2A2{3hY&)0l{BKEcbC?fjbP=xs1x+*v2sStg#y@nv!?5g{A zKADh*sFz_2w4w>aAMs8#)s2&mW9 zT$4^0!^mQhI`@ej3F;y(7-Di`k7MwlnDpBw zu?mH74q)u<gn{_+s1R_V1`tfL{~(yWqqC-H2Ga=Gvv3~MMf2&wjYs3ZINb}He{kO;d%8dIEFv4m< z+9P-$3+2m4kYAx%FEjBnlGAnahPda|HA&SAr{@MOGMnzJVF0wN#YG9{)wh|-!3qYQF;j1CFbB;z=o7|AG^Zg#fNTco4R6Nkf8Sr$IoR zg4^xFf-b~2IseqL)@tFd&|45Y?u6-oop(P(4jJOdxX7a3Iipj6TXzl(9bOcnJc=nL zT0bq+C0pCXDR+gi7&#tZ1DA3`=K;gM=)B?*fP_n@xt-T`EiDq{fMxm5T>$_4^prrq z23u+&$^oIr^0*(<2!$DWVdq#~e2XPXm~mj|CTFpA(;f`Hd)^H-=7fN3V<>kLd4ZXDZZsWqHl*I=f~2#y z^{NXFs3t$i0c8GuJps-j5I1GbJzpI$-1_MV5%oeC`;i^?`aqI4t0A|s^w#;gbFleR zu%FbXnuGR*0AZFiSHS$ql4R^QuH#MBB~+?fKO<SlXkg$Q`R;0WK`6RqX}Q`eJU{nT52)o*Bw81PL6x*IbW{MPQ3k?6 z)=#!PK3>j_^|OW0JZI2!zfqP7;=x1?QbIrb%l(&O4J-&}bH6g@ak}H}ALak~A~c<^N|~<);L1`I zEBgrAI5wfvV85Qy50pnRJ$t);Ug(NVJ3wi4AjYlZoaS{`NqGJ(nPq+5|N!%yII9x z!{%adW4BwPUKG+e(bj%E1o}JF+YMq@{bLFT)?@KumB!ERME0#Zt9%lmY@xaa4hE=T z*dN%8R+>#?@nO%n&*HrIyPdS^u4p@P@F_zA(j9sWbLX0c>xBe`7!hd#8e8XHZ$SHl zc%#N_q!z$``0k<5Gklp?;Pbrmt)N~%hd6Xv6T@NVb#EIa52zzPaky~jr;)JBbsx8) zbe1g5%U?YPVO*s0V7y?EOOC|=Vl0&nZO*TP z&I1lymqE1g40sn)v1iUZCwx2a8p%6Ed!<~~d3PhQwY zj|4aXA{F~_?-MEJj;9g|K6SevEhn)1F1$mQb`4#i@!J)U->ezHG*Sq)Z@}{@sIJAT zN_}s!?aY(CpVw|>^?YZX36SZZS(}sIOkdJ|swz1>XW&F1cr6c@^gh7xH;#{si_52r z<>8WVY#Z8|^#D1^!D4+>kwjl!Oyv@(2TX6nrKqdi_bGO5);w#|J3myXKnvpLf zdq((p1%YtHiI9ko?xFo&N4m8T7;7*%>#vTJ!KOFDVm=BIe*RmKV2tEy4YVmp7#R4a zbo{GbKtBKsX&IkLM@Ccq5YC?;GP2a$TAOVbc)LOF) zY(3B7ju)PyFx`lj#tTXkTU=Z+On@o_cofdlqXhLii5VgC2B4e((4C>1nXb=s(T|#q zA$*85NfdZdU|t@8Pb2}OK?Oi|Z~M#~_LRj?b}6CzA;r+g^lEW}UVvGqP818MqE3o> zZ<)Sx@%^1knLh#HjDbD-z$QxL1CqkAU^GQB7zKFo>4|hJ8&HxwvF19ID&QU`@#v3RYKJZ%fDim_g9S-5z@*_!rp+f-Zkz#sLYFQZgW)Sew4$Z-)|l3;&%9^Z!K1bU>GGJwgH=9cBNF@806M z#W%qxXwK$fb~)^k_ze+9d}yx8i2>;vBL7(mNBXNo6#@fH?x21G5|X{nWSjyBp_}R{ z(E>!z|2`LQA^PD(*9+^IN23shWFyKzfDmP=ZuS3?9HQMfO{9)QP4Z~mjvHwL7N?c? zB&(o*XG;t${S#zAO0eN=;ekKU0D3!6@z`vA(K4n7bj0HG9c~ch=GI?GV+*UHoC6|F z%Ih)x?ycu3hviu62&Ron`2n3NAP8qkun?o z%zP|fms5q-Aeq1VDfyx2jDSh_!Tkw(A}}kk5TN5A@$f<{?5IS9?g47;)K2WlA<~vz zdlec`^^j3C{`_{DyXk@YrcRSm@X93X(LyMCrnvaee%)O(qp+E_vACUG+of7r45UB{ z09c3DJ#V($k%;BwH>S&LGkH~v*D6T85Q3JB9hRvhL<2zRVo1%=-~yuK9qj*}8!9u?Z9Wf9Q6cbHd8&D-na$TGE^J}xb?7U#~pG-^Cw{pFgN|= z-#z>Ip7j7?%2+Ej`54SB{UNW(Jb=~%$xL84lhsTVwCfx9qPaug5+DqefLX3~4=UMi zY6TBB?Nm~)EPA100o99_qgy~$8NM1C0~{wKKD>Rr1rs$5jrbkc*b3;6YK~5yk*`*5 zc|(P&+f1QTZO+`X`QfQMOdYrmGns6|7~tSE&TCPJoL)#wxgQ=Lp{&f`FYJi@uHhU_ zcf1{tzcd~~=W%@nU%KGc$}CywW)=Wpi50lWifa{p-~NHA-*iM!wSUie;G}gB!sej$ zI&=TB1(C;b6<(=;HgV(jpk>uOpVHaK@LUV30wYs&Qx3%T&BFWgyE*O(hs8S(a3kCX z5Hx}7DDC-m3_axri;VJCFui}r6G(D0Z4=oub& z9x!7dl0%#YglMU6`_jOML$8sLF|7c_;l)UeHcbjw{wGli9zazgfN~Zx6@K8>fPWF? z|0Ve3uqvnbA4=#e+$=JwJGjr`UDbtb|8Qj{vo5pl;x2Q{SFo^J3&Wa0{W3}Bhg%z; zUnC9fz-4hV*_21Ci6)>6cf313^b7twCQ1sL&qEL+o_QV};wLZzne#UesI6}mT7En2 zqc$kfy-8(rwf3ag8yMilM3DmeL_E^yzRl|9^ORIzj*U(>qQyh=`Lfv;V9e`9`atoY zOSa9qUSn)WV8`9eXZ~8=*)jPZ>HJACr9xtQJTAk_d6y0GiY<(W(=!o5?#-P+vUWCl zQYvu%#19SryFE}42g){v5fv3}-};i9%PH`dm=OCt6AYEb9wseEsVi_}irlVAf|gu7 z3I+aAD8IL@jpbZp{5pe+u6&^W4eRj_?X@|PGKFgQS*5RDcSrBzwOn>XS~Tx4gi5vb zxMkTFzwdf!RbKJ1>fYFJTOL`tQ^*G|E6xrF?8PxmIyT0~N$1Ye8229wNm_5=cL{o- zLvMt%@|*lp5D#X*S^?$~r!TeNZslk2P&oa<-IxCm9{hjznoO%I4`6$?36c5tQ{Q4h`me&HZyJQ6f>y@Vx6H-9 zEW@vNmxLZ3^jWejBjeuR9E`=tc93;4%h0Y;X>#B4xYD5#HzZkjPcDmVJ?JWCCPfJN z9Ai6vB82Mu!ueh)=9Wmkwea$`PMMxaC3-!zw+FN;#!3L%U-IH-TE{1t;x z^Y(~UF0~qWXPh4XbvO-pUa4Z`4Ugol@0dvNc>`U6pP_>HQd81%a7JAHyiKm8AP~(7 zy;H|RAiLm{!00^ofeR#zmgRCA%q??)=jLI>rx;0fx))iAzc0o#le_ZFJzHu@XvgH6 zTb#hM=sb&r5QfUyj+88}la~*-ywYx-f#zn^`x%|3Nn3$cm-uBA4X${`!>~HZ zLg{njomacuWbxOfN;PIe^x~6zrhwY(zhbc7{ItA?EAgCcz1UZ#lBNYn=8p66y@jUV za_3yhI*@*#kA+6j1e}O{UiFWqiR6%VAhJHfsx1nx8gEW z{)guI(WZI0p-Up=-*!@a&|r`>(AtK%C4><&DGASx<8xMjoJ14F4fO{#!4koXS4RXp z7j1RjMC(0!jlVzHpBs+4zSK0fM6_@i1!Cc~oagh|UtbwCk}eAoyFS~kT~_~!fxiWN z@-8$@imnek)Gd&fQqAqt5FwlZi}D+WCsyzzbCyl26DQlZ44RK2^=< z1ccoEnm@Rda}t|>wZSaNF86h9FH4Y?SBQ{JGHX?kB^C3^aeZlGv_x^iG3R%xpZ~%-ZgNv3uZY~nK_5nz14#LvEcY+mnFou_1XmY z_HOvuJr^3|u=I!5`Dp>@v}v0kY*jPN3wTre>Er_m`=7+gQKhmR=Y8!f{{#(4enCeJ z0%!)gW>WkF?C4lX(}Mn{5878Di5wuA7(L$~h``jp9EaQ=81_xzgVGpB>DMipRfn*fc->GmBf1&H#3AvE11LruvKDLQ7n^cc zJ!PSwdN;kdms>Tt6Ln9_loFV3hesaHQ~m}d!pTtJma+Znwm4oEXcqXwEezFUJo}{~ z{p78o@NQp&Dg=)ht-|Cx)}wIUxXW&H(LV~=l6mci!`Gt4S_jh1uqTNxI!l;{0HLW} z+;8`c^FhXr(JcO>Dp1h%)}V4D8TIXN9X}o0B_W|;&3gCWSa9lZacf@V_^!s}=J)xO zWOAF4i!Ee~oZH`7Y$zBpB8WInm>FfS+41@_DeL|F5<)g zA7g(3RQ30TkHVxJKkS(0gNLz`Vj{NV)sm%qru^ygzyg>x064+V&d4Z7O>?8+fBXNe z>}(P+N2Kh|!nRy;!W~$Gv`)WIE{Q&Y^VaQ|F%uni~`1K0DjJhGq8oCQ-qRJy>B-)fnuUWzQk9+ zHk(l?Ws(lwv1gSBWs|WnwvX9CcF>Hv7@qW$)gC;YIf()5?BRjV!&` zJKY6U-W&Txr9#X)mQ4+A)}21I;w?E^{x^=MIU&?@!5z1-%fF~y2Vr(AHVFdm=~K(u z;AypZe?pgWn)ixVlaDdc<{NskA-d!<&|oeLHuj<4jnjSke~)yZL%G#7gzIQEB`+%>V!U$XR*qSx|SN;QwBl80AN`QF+YYSO!!+ zz9(|F$32tTCaS5TI~+TTW74?_SwacfCD2CRQ&07i#wbyWmr_)|*=C$G>&5&pH>*@t z|6N0EVMcwXlus_;MIRP=Ew`A=_N!=Eg<@%D`F#ms7G&99MB*`nwF;SG}L9EtgH zUjg$gQ`Me%k3~q1<-IBXGGg&dRd<9nl#sytu+Ns%o_HJt91yOqh^yFFRz2S3RDWlG zQH2sO@qEI_zxntpG(JX#vv{fDTH915Kfb_O+WxW1Yt-u4UQf;6GQQDa>gj#&<9Exv zkEO*faghv~*FaMYFa<_WL-^cG$e&a)!QbaTB+@%Q^%)a$HMeuTHU#mCvZQ1yf6HK~ zdh-E#+$-Q@{IKS3nl+gTzL@Z zJKaOs_~kp!gJ4~nFW$=E4e?0xq(FwjyJNPetI9B(aUi5bDi#@166sE>z8BGji z7!dn$hS9w$4{eU;BS!PzG3w%a>mMrPw=YTgx(25{c=QnbH$jiQc8?CXWO9$Q_0ZJo zkcFMe&;t9SpUCSDQ>=ssAmCQ?`~{TI7L z=hnWR$kU{5|5U&RDbtA=BkuR_-?L036&E9sYo+s3?e<>SW!8K$w`|&(Ro3~3PxA}+ zRsxvT|MED%4+Oxp;TA;h`(^`}Vq_B&7G;Z5Sdslr7 zd*b48c#M#U6ZHi)&vlItqt@n|Ui#~G3!wgjk--@UT5Am>@jj8J$9Xbk8+mGwV7c~i z5(GT5D;cwL{rjWPpCY2r9=fafM-iR-6}~DK%34DCMAx$vl;suYmqC8rC~T6>@+XBa zCg^5}gP1%RSGQI$pPDwpGId3vGj7?eoZZvoH_whi@!2te%VZ}H#R2|+PMS#*cHG9? zdu8Y(q~SuF%tl?8ihhX>eUmi54y!sCt@JH@iQ+*<^uvNBK=+3aYTiq;aCs@{$7&&ROABQ@D@KjUs zVF{-c+0805=t#28*N^`tDgqP@a9&{y?3Gu3aH@9LjRm&;!s>kkKQjgW*llKACPjnT zPrJ8_SeWh9m}jpLEkH{(Hj>8Hp{2QJfTc-%7hQM>&7a@4U$a^kd4D7e97#E*m@Lzq zR8h@J(<12Q|Aw^ZaksXCzX_}HL8lE5$qTqjbVvTCjQi!I+7knoLlAI@>$Eu&hkviP(V*6% z<{afm{)TAoL@d5sVDN9=tPJRK0~#_+%Kw@2qH7O{=NxNxUvl*1&rsX@C{ETiOek&v zwdQ7UiCD!s9?G1YJUm*a%+%CUOTm@wz>#=~1#M-ew$N%0{LQnCQ*n2qj7IG!=y?uj zpYX2Zq`~MfjE&96$BjDCnJ11?LKgm)ZIr1=m81WfP1|G6$senZ;?yCUU>;MN`zF5J zZ`)S7%LH$yPCNBT0ZPzpb+?MTPm2Id4=HXOtKc*LN`o-a&?TT?@}}`K)P7R zcRsZCkt6n==2fCBubk*ag}$qI^LE1Lxsi0YCWVBf)!Wh#ktP5TtT5M8*Q}IPiAc)tsxXs0c zX!h&^%opBk78+Q_kv8zHJX70dg`u^9){rfx+9LG;_7 zq^ZgDJ|Sd|0x+7e@H%6Ee8bRuw#f05MCtU|&d|V1A}dlypiPM=_|tU&dRU|V`kNPI zlkCb@q=f_;!RV$h0bZE3TG_DKnqP%H>jJJDAIKfigBCU;GZq_LZrFN7JgiJ}pwreEIPi2E<=^!A$M*R9F7oxd&y!aKe&Jjn`%7x$ z&rH5qz4B@+B%jj=dV#&#J*O@52G{nBoE*D3tQ?)zvrc};@03o4+T>5F|7%Z;sJrYN>zl;8fZ_c;viejWFAS!B z?(`8x+RsNcK$PD4P64iQ?Asf6SAtJLb=@l*s07~o$g%{Uec!{Qp>5*w?J0=mdhJ^~ z!59YH;JP&+;Mig65h|QF)WAxaW`ZXmYuhpt#njD8MX_Qk8~UKaF6;d~new%$$1@s@ z_%~DBLSA9-2f|41)TGiVKw-5b<1UIXYC|F?MuDuG7rh$(rbQ^RdPT6$hCUE~&$=t3f4RZMZwJw93#88Q;2;nI@+TK$;ZtOr&J>a|( zru&kEmZ1EHU%yC7wi|N^zW<2`moAwLss$jGnm*gvhX!&j$B3ZGXXXsAw;%1(Bo;l- zXY9^SHo%Fa?b`gHeFE5s8A7aKo>+J zYhz=FVU=PoRpmV!6}`R-!u*w9cdG5k0m=!$pIhk>nAKg|fwTU_H;DbLS!D1JuEzN4 zNmq0)(3|bzcGIe?Od74vk->qdDRuwDNAy0qn%POr;q_!StV|v^&)YLL>>B%E0O1?x zl9@=Kp2=W?$NO49;TX{~H`3Qtaj}{8Lq#fj)XViup+KkYr;39}h7u{~|K^VL{+l~` zp-WvEPWpwyE{L);L`xdZ?{>=)iQ+VgH7veOmuI(8vwNvpsAUqNj; z@<7lY*PKJfu2}3Wm%gb-phngUJprW=;7(Xotiaa~0CPE)LXe!yak3TrNg!QR9(WBt z+eocQj_W*1gqxEmbnGziFkIy6?`1evOQks0Wo=?6OxzcyJKg>v_rOFYVg^8bskItz zX!`~3AQ~v_%iWW96h1q%v_PnGyQ1&DCss?#%L8?H^W*>7I7({bPE3I}y4r}MbW}HI z!;H#k>sL$w#!XC|qt^i^Q)ZhG)Nshv)(w+e$ak~UM zmg#c3)SiL^=L-mqI+Ik_{SNgvTxG-=B$j`AS>KaIb?SUER~s1zD9nt;p9@3cSJf6# zqpjv$il!5WutyLdU4dXTL#-3G2n820AlyUbJQ6V0{4R1;3T(m+BWs>jH0I2V|F6Q6{p<6(`g#$MU~A38a4NzNl8x{XPNYwE%~07qTzGFwZUYSXqzUu@d5G5k$wPQJ{wZ{C+b|dJzpw!Y zaC`(SDBbcOuqp%qmgR2(O|YAxAH%|I3}(9pF9Olrr|?EV0ciRv?C!80Xu7Zti3eLw z^BlzpbfKA6c-Dl;Fv2(XRXNL*PW3kx?h|$yGr792t`jWh|8xem8vfLX<)bfj@e~)c zXliR}POWPY_{fn&FOTpQFC2duUhz(;$2FyV-#RESLE~%rk|$vsm?txX5@FAtBK%vc zf&ybAg&WS@hpW@SFGmTAXf-j4 zOCJb|7!Qe4w_jm%1N|-`m)Z^UpvTqN;n=b`RPO_rgaO1|&De=ZZ{aKKMyrg{Q#Mvb0*L<&tMTL@J{54mA-rr`29)ng zrMuDF=$Fx(AssPKI~PiU#$5kGhyCx7OHr8nXMX&9zhTz#7XvinWP$<#I`P_mBcKBgaRN_0aOWw-=(Z=(*uZmn}MWAt8nv-T;$A&d@h zJW*xV1N@wVpr}rT-?Y1cv9%u^ zqP%kiCM~))fIYrE_3i2{KjY*&r;Q1WAC+AqKvaE;hVHcJGJ3|>7r<5*dw46(zgivq zHE4UBZWAr@oC+wO$eN1Y6MGd0h4&qaBLYZWMR*CtkN^!8Z7fy8AkqF`#OAD{0#&oy zpXd;O!M<1LkwoTZa!X1S*pKv5hZ`jI^3%bsMF0G4?GW|Y+umgX_b6VyOA4T8*{+;r z_~k#3s{{hr!Xsy}fWP*!g=Q$aNN)r@bB?V{SBS`?Rir~J0B!l~J4DN}sDm8QR_fh+| znYcD;+(j$-%*G1Jt&g85a=J~-WuJ6c; z>gQW&`t3uGvyDe0DMdiO=kLrwo8Lb(M2-7)7?FDEUN!>YYZ7bVz%lpaz(pf$H7=O_ z{KzE6cO)$4xHMXE_;NjkB-})ok`XQ(163k7OZH0NVCv7LEX`JiJOjs*rXYwmiHZ6O zr^02sipqQ~9EccE(R+=~pw2+n_cq7GJHL=O3SeOTl>VjW{&ooIcxm&ZBHZ#t@!cvl zJa@5}tseMHmIyrGh6ncU&7FpsN5*yEp7j!M2pcM1{P z>AYpD!S_?pTo>HqZSlE&%jLaI$>)BmR32O`BS9^(7(7X7aROX_uzyJLQ$6Je^ghyBAyU-9}kfx)+i-%7C>lefMd?_Ydno#%PN)RqCa|1{FSZ_6(a_pR>WlIY@FR z|IHG}Y9YhHe;>UuF=VpJi`owLL%8LKd;-Xl&x;${muqT=s-d%{M$^_un4fa< zbclBU)eB{-@l%r#{oe@$S8D(PX17xquL{i*tkFnfP^L7etf$Z-!dN7>EPr>l(=Gv% z9r}h}R8kWTjWQWYBtia8_Z8>iOk7LjT3lD$RW2JA!PU2xT};u2Zqc#M#w-=ZC$_eR z$XXg`8@JTO$&b)u{IbOW@Io}g3`IO5?j0(^t+eXQpo~qXd!#Abe-(b_I7n%60S7ry z!vL6t421qiaOo@Z&nck%HgNhc-{<`=uWG)VUGpUZI)(I|)rgl?o~nqTyn{BOpUKfC z-MNr3eXC5)FuKF{a8WTUYe9i(sB+|+p(E_^Z66nN6nq+^GbxX0vs42NMw(y&mK*y6 zN47wYC&iIW#-(`s$1D9eJV86kn8DV8jlq_tZU7BOec2|iRG{^-6lY%!Tzx$FaiS%i z`SYiN08IA`QVaPd4%wc1TI@`?9uj@j(DGI{HJ2P3MvB1=x4^{WYx7@?z z#!5HMW+<|9coKHEVUe1C3&tBknvm*v_pfITpif=c*!shw9RPFp9pF`ZH4h9#K}e5qJ^LDC8_yrW#?rRH;QL$3R@z^S(Ct+;#+kJFGTu z@i_SUDlfHz0$YDgPjiVhwLWA~*{v1IV5)Tv|C{#vZABhlND%6_KVP?geWgMjgo{g7 z%>He`6T~CGjdPGkd2uE#f0FD2p7o+T2)IiFAqm0nk$arNI%1(teS6()_CqO9#o5v@ zTlrsasjnxxM=sxF!X5JxmQ8Zum$9LYDy4RQ;4%XSC@e|sxNu7QdF4Ml_6jOb?Evgc zDE8olTybZI(^NXBd$?SHdmSPMHeNdm{<=0I&aZ(LE%)4EY4QGl?<3SWYK3eJFuEna zeho0mkBj;~*okKG@}D0Q{--Qd&=(H@3cP)DV;R>Q8nM2uSX|BmJtCY?I@!DqNH4&_ z4ALuR=W$)+x%M7LTV82GT>5!KwdMAfJW3vDfA4Mo!zKFuCkK>z_tT<-0SKU+FM5R- zWId(uMO2HV!@5KfJl#3f!9oIi@qc3rbxV5rA6sbA3T9m>l%W}r-nH6KBF|CVP&9xw zi)qlSRD%X)S>U!`HC&GMqHrPlo>Y`H*izzSfcz!B|HAiA$vW(;5`>{!&|X`5L9z}0 z)p^4-bYLFG;@^l+DU|!`xqpg%)qq$ExGxu~GYsNL00HJD$knYu1dWN);IsVtipYJj ziv*HpZ4UakLzT1{&AJT^`epBkd=`I%w6OmYk58EzX~k-w`}Wo|-?$X5r$_Ryngiph zZ1^X-qL3Ok8nA1=w&0BqQKse`HdbXgl<~(I$X_Uo8$h{SLj`&V?t*>n0Qs=%3yq%GUsa5{`t|Nz$x3_ zu_x#&`1?FXL5#+%lztT9NY+;$!k?MyklZ;L=ZV6JKefapj{9a=?;PR0F`5G2iC&|_ zdA}#g>?L)~w{{#!;}*rv`BxC8$uQcd$UE|5xEY27PoGOd#Y(#Tpp~h|SM* zg_AF}No-p+enChQcbF={*RvvcG<}kJ_MPXpkCsB4=gzEkrn)FzQ~py6YdIxXk`Y|e z6rFghb)j6s!2F%P;nDB7^UE5+-QKSrY=fkZ7Ssx`u%`i|=?MwB5+7Juu`v;0F^-X8 zZ}`x%7N}r@2>d88N%*U7Uwhlm%O4?-+|00OMi?!$nzxO+>z6v5UE_ZP9vvgRz3RiQF`KCbsm}>| zX%9+IW_vl^;e)jEHQjoxVWS9{Z?sfNK>26asDux-7VTq29CgN>7uX(VJmr4$eX7d(v>73_}2EEEpJX3{Jy-+lCA(KmmV$gYdEBcK6>Vzd4sU3Qj4Fn1N)&9+iz> zD%vIbYKvH|iQJfV`bvEH-Om>Adxc>*Zzlg9^Ls!l0Xttimy?xx-p{~)8rV0;Qz6s3{X9uXVv>c+-}-Gpps)mQ5ukaS3eQ^5G%-J zj{kF=8?N7T#a0Y_NvQZ5N8_JDPPQYi<2JE|$3>h zy$tnlAL#IKtJ6@!?M^37;_}TRD)vW+Bm>jkc6yx01uiSU>^e>v%W02qkDsPIl>3|_ zl@9Qv;-{il2@M@||8b^axF-<&$#PO+t?8}tU6#qaK@TF)T1)PT-{*s-t5EwI7wa*d z&q+cy^1B01%bFRPyrO$cTbk-*ATJzk_3|<#& zbD@v~l2v#(>%SS}hOr|Xw}u6GA-*>biTB!@#OP~b$wD6x>8crKuc-X4Osw<5s_RUL zoiMR;A(+^C3itA>gWM)QwJVQ%?or&RSqm)j;67A@&4Ah)*uSWCzk|V`Zd%8gBBl68 zFB66$?=qH=YQhJj;WxK?JLzn<#q?EJf=tEg;TeY+ca(RlbnPg=c|+bk_TD&}r7I;y zn0Pna;-LIzw$A@Z-N8k;Rg)dB{w40F*KugRo~P z0<2bA-5U*vc}Za4NH7>+&rC3Y8$z%?EnQmk#c=_bONmPFEvtA}>$FLcIOcmB8Dci^ z)|KR-BqH{_T$1{Fm?(OFaA#q*vy2^_XH0sL&cs<%$Qho8&s@WLRI=zAbKBmm^mkam zP(VD1lUf%3sL>Z?GujegKh5FxCI9{H2bL~g6%0T_@p!tz>PY26;cs>3)OLn?C7$lE zSR7hIov(LrJxq^1ENUJ!XpNr)F;?#7F<4>Fw*bRkDBt^bJ`0oVqQ8b2HQ7G9xxBb& z8zBi_1NruA_j&pry7CZu~^HS zwhvb&sQqz#;~Xc}0bBwRLn^A`ZlC%-{xu!~ocQO_W6h%Wk#lQo>h`q~Rs<49-Y(2m zUl`CPmhWi#Aem|HzQ;FZ-ACg|uc$`AFa1+D5=ReGl;K&7(owHej7AUOR)p7S6KeOB zhs;EHG*Ye-PC@Mxj(rlv97Mkax)KLC-aa_4 z_R-L)S7Dqy(6;x*=!3ckITf#Jw&M#vC0ENn)CN4h-dmJ2tp+906(&k6=E@jK#1A&RZl$GWQ-4VDNLdWY!_8{&E19=U`goGGM9aRg{4Gj zYh6y9wu1%Zo_-oq$qkA+Iz)sQz0RPtw;KFldO)jHVV=48itfFG93+gjeiZ-A86#h? zvB4Ob#qbJ_R+HW(_-MGbw{ZVVrY{ZdevH>#sd*g{$aoH?Ji>;Tcn6yZz zKgahB*G3MGZKPXRnEWujqrx-2t5o~@NF@TcR^SiN^Lg*$e7jzIXWG$hq8?JWFInTc z)RI4EOlR%vCCqz-0mL-v$;pLqLjwb+Xc`)DZ~{~$nMtIMcYLFajlgN5r~m^-<`ayF zi*3NsAJ#B(Xn>D!m3N-9b1Dv(wO|n&w*0PH#HH|?KigL+Wh?WvBP>7vOQ8 z+#2%qOii)ot4x)vA(6e!Ic>9pnbexPZRrv1qGB4l%@cge((E}Im%*iiI)?6F3Gyr2 z>dnTd=wA-r{Hc6ip&ILlPg}vpxCKXt?6uW=bdQ(6+y5<58@W!7Ny03_=6?T%*DPM6 zVAA|Vk#6PJ+WsYftDdLXSzqd)SeqN2j2(Rf2#}{7#c~BMf)EUXkS|Dt69R_;1Dg+3 z;uO=p^Lp1UwW(Rki%2t_jgt<{ECSZ14P@9dr|&R<)>LMc^-RqooFjSLnp0J2c*s@l znhi1#E$am~8u?qkrRb<@-9Z^kNvSCpfFo_d@kus$p0p7o%emuMXZ65f1ma5>e0k+3 zTqY$U`gtjpQcuh#@xObCJyD}p6z2o`ZWc3brhyt>PiuQgQw-uG%lh)XLuSagn`fMte03`jrvQR7 z??zSwVnJWuOpp-xQkiWH733NKtiz`JH13%WKJV_K;XcbcSWX#+haK5lVF}4fMJBTQe?(nl2*XItzU^k&@iX zya3e!+`Ow>&JToJK|J+Gm2xzOrayY4(ytpx9g~=nCCG2}EHyk;Qrsjw8&A&$TF+yD z__bR{IEAO0UQ^z+zSk>&fnj6+C?>3uk?3u(?*+~8PKt$&R!k~JeGr-i*;Sp)4@RRN z9nb(`A{deS{ZJMd5CRY$KsthS99$=RO(s$=!IPhO@oai9vpgV+jYUMITD9Rb?{v`N z>@a;tiSPyFbuHDwZTl&-jw`QrdMtTI*dUjkO0vGsYit$<&3GO4$&O*lfgc6Og2f@G z;p8IqvUk5QzZ_mGkUVjpUqlSi=nJr@J{+CS7T})m-_D*U4GJ7|_X0q3FB8M~CLe8^ ziW#kOu{JJVOa9*_8kF{m!&v^8^bKj zAT~Z`ciYm3MLmY(;nmFH&zvJr;`(RaX(5 zw94OQqe~SMcJ8(6)=`k4;;ZovmSRJW&ZwB8BfjsWL#S`OFaLfGP9D+^3wqfbCQgY? zG&JTyVK0<~(fE_Vv{y+N?A<8o)s&-Vt+!9!YhQ528nFuwn@EWsQv-ySRz~r?<6Y?} zgViub((ATHpr)nns~g}h%49cAF{!bA8j3mm^H^3}y_=OF9hbUw4u-1&~?%Xj&V zWcW3GQdr8Bz^USmdhe*OmH(dqNyzK)`&R-qh4y-N)4SX7q(BJZ1IIe2?#{Qxb=y_{ zemSBsuHGM5jJ~kZ=+jU{07x|d_U82^l}LI?Ax6bYtzuo zOo2|k-tL@lI4I-lBN6*D9Wl6b7(JWVlEJArc`VKtiIPrBtssAy$c2q19h>q`cGxEmc-`CA@nN zleG{a95(j8S>%eF43TZepRquO^rS?J|HSZJA=T-Jen4jJ0^diMZsutnk1iUyyWM_^ zWDHrUmbK;3^V?k^&KHUegCUHkX)83R>4T@IlKbH1p5`sg7yBwxjKZ@+ha zQM+2bQkyt^W%BfMYs&7Bwg7WT**pb z-%PDMo;G}EW(zA?4ZQvM;=Y=r)>=hw|5m>%abiz4q~-x?f-g<#ejJyZp9D7XZWD`Xb)*_M^1-Mgj zf5Ii?9>~CFKG^5yB+wEiAEo=fhx%x!hkKgg-8D~em|{k2~&89IOb%V3TV9O(?qA$%>b z8@nm-ui%qrb7d`I!wjqH(WT@2^>{aH%v)g)L^4V{Uza7{Y?m?cVo2n35`|Vg~G?75TO|PMPw2{sduw2Jpt#u;76Z01pHC z+&woSQ@F-`v(@|@Cujtr_I?)@f@Wq^0d3WW66B6aG#L^bNNgWMyVKBb(|0w`7l@He z^QBBW3qPTRzWGzzO~01sBt2FuJ5b0PNfp|IDTopAe&CCwRDzWo!AEczxiLQa%n;+Y z#d3O^BCcD{ZCq!t$R1q0?z{^7=E=5m7*11pLj~I_NMb5vBfgLIVSDmbjpKv&K#4}+ z+c2Gl70`(`({fd$^FUu4zM|~!B^{0<9%+kuLOdD)H0+V{?c^19@wYL9dx?4XWNKB+ zc&8I!d>P3|fOOJR~RXzr5I;ISc2?pTdWkFx@>mF5al^?b9+sMRg8eZ(+u7)Y~% zA_j*%%_2oDB!KPQ<&_Y0Mpk9i25$Sdb|W3Y&X-f3!vf6c1uw93niUVL{glDtxEFP{ z4>#!3<7xU&ABdwG^s`h*o$B0M|IVITw{n>gJye`qzQt`mF{3fIKyS&H6I&>G`y&Wq z0x6am>i*{8#ZA_IVE9FGNa>APj=V>wRmu27cPFRjRn4;eWUDM-PhHg15>dEWStk}M z42b?EYtk?xoYn~cCnl@7a}WcgafrAcQ2;KZ6({oAG7LDzID;+M2KD>Jidp`RyMknz zEC8I$_OO$##rnS`9-6DtNZVXmoA!}2me1JWm(9yKb<=NR^`I1mVAD9B`ChHKzH>59 zPtDi1A((k$1rl$p>SRNj8!_h?#u?S@X0c)WYG%SR!N(7u0p|!FbQ|jpISOfWnapvP zr3>8G<8ON?H)MmP4zX3pSX(<*k9uYH>3b(J`nc&4F=|yuXW*c^X)y%91thyP;dT?^ zuuKNzrP_~0B9-oAuBep6wvv0_xrE(UPxr`l|MW>RO^b~+wnOrE1T^r+s-(Y; z7w#}j73vwkz-4k*W9HEBhNI2jTumE1Q-`ppwG~JpyXUIIAI|dXTjvxS*ne~&A3o!g z;&iyqMV~2*pfV@A*DX|QV|Kz9`H^968Lb3iP_phGwkgQ<45svRIq&E#ROUA z;9iL+n@!KV6w)7rxYc76Si1d|k@I7fT+C1V{->yWfOG7sCgG54TNbJ- zZ}2q`;q?CHF&_L%%Qb)l=iGoR79vRi_E&BT++))G&y4?w#Mb|82M_>nMj(jPJA8_p zQwBiI0cs^*xh?7%{Y}ZJx_FFTt|C=xku4cKCFLYSF8grjBSBJo=bcumuVd%;B7sBY zdJe}@a@_{3DEL3mMQ*^?VXTf)n<>M^wzoKPhW2F`o7@*YMY18GK`xqHK90zwqt&Yf z!zP@EhP+%$(zv95&$w;^c{~m_&E_i}Kow(G#`N8{CKqUid&#J)@dECVqQZ4+j%h4)68(ve@yQ*1 zWSs&q>w5kT?+}DKfYh%(S<3dZJ*`^WsqSIwg3w_eGpkv(SglCdVQ1LsFS8>8TqOn& zXrr?0z{5dNx|ndlGUb1n{LBhH+BqCRFi}V(sDTcr2Mrh^6hG>w0w|2~jF$$46Oh*f zp5pbtCt^eaF30*)A_!lX5DE4Q^b&{>5AT5(aghLl|1J^8VOE0iqWpx$fk;vA?QIVF z!Q7jrk5usRLaR2w3)#^@VILqp2!g&$PCM$r5{h7}n2-PyxnzCPukSo{z|+z-ek)-} z;Q|j=rcfGQ*o8*jtW77RJvX1TduKs?_{jE-y?@Zv{hnVc2Mt<8(HP}(f^cf=5yJr$ zu}lrhE^Hw6{~5(1+_3_z^p3a9&28qPuyAj;Qj~XlioVDJK=V6;{^(Hw%iYKH_kwN; z44fRafN+R|dj8)oL2Db>U2n2|g<^p9pefZXT}@$T@zT-B)UpAl(JO)l4zvkP=-%1d zqCDrV9qQ0H#ZaQY-1;L|92o*$`C^gQe2#YlPUUN3cc9c|%_I(A=j$s7jiecLB2u?&|FyJw)y8`>G6cjKV-v$hPKcUH4rixhD(p=r$P#dUzKdD zCH)`7>assAd!aTwV7Kga4uZSDnkAkigy!JaL_kyx$j>zp zD!=HTfp17Kq~Ka$Cb44w7=g*H3IOc`4{{fS3+s&)4P(c}7*QxPOHIDDMAIfP$+g66 zoi`R2^b!pfNah=Nn<+q^JV>-iDmlE6>Nx$<+xON*`S1J2Nc zznRt7Hkh;Nt(kT!vJ?*%sO57}!B-S5E9tt93T<+m55JGH@8t2aq1eAqL~~7{^o*Vo zmJc1=vCC!R^u=TYZ?fDFkg)c}kQN!(7cZq3_zL+W_aUjC!E5*rb=dyfT9Q>B;P8}@ z|A8S{wSW`Gv$*(@c7G33Ih~h|6bAvmI*OqxwW02(*V_CUAG-S* z*g|_)7K}j2jRb=iHit1Rov7?31vJGuqaEOj$m&`Jf!+rL(O$RhAL@S}vma1&-WwKQ zMChLwY=D#l@a(Qp;UL&R?kliC5(zvza*j*5>1)d&9RNi1B2E80UR;uZ>TpuZaJdNn zq=M#GQV76$!+w5a5hBrmW*&6Q)*gWRSapI0v!LM)4(AI1aD+aP40

c86pE6*gcY zUjP;7ePP;w0OXkRzy~<%4v1640xDZk_Mh00U}u06;rxn$=f(4rk6%Ndywv2RTo^?x zxNPWXfCgRp{|jPF;+PutSuhvsI(CnLyF%X`@YMgEB5Js(Jm{)dVSzX0$3XZ211CTZ z9D5U3*(zQjQAkcsE+Wv>)coj-)PzpqQjq6HtN z)ODQ_>Y`D`?r+Y_ZqIjX+%L@MtG=Qp(5i+51!oz4k4u&M&+$!A=V5*DnH%Jq09dqg z2}<@udoi$_?2G~Xvy_Bd5RMI~p52qbY)6&UVo0N8_mEi`w#Y zbH$C0SDqe|wCXGiYdsEYX9{dq+UDCzN_3kO@fftkdLr=i>#P=(vP6P53p=a39aBImlblpP5f1rF7sITpmnC6smu1?H}0qXRJ*{gQkJF4oNW*7?qvF?p>I5X znD`j!#dnu0k@lGal!FEJb~p@23wxoX{6>8kQ_77OZ3{r|^nBWo;jSw-5X8@6;eJz) z^azV9S_=2|_h%)unv8#Y!)khYFjr%>z`^4PK4AKIx-}@dHIR_~mfc)of4a0#x7pe8 zW-Do7j}w=GL8HP~;O>Amp?A7e+w5q$wTK{BCMj=ks<`;2b?b$i`E-e9sE2bPq(6>o zLf2&}S9hV^$H#pw2*2jxr&`{pWRY|pr}0H%=Fc$vPxoi@-VM@xCnz)d_|ZQ1C%uk4 z=`O+ShvPC#6mk##cXae*Bbgo5nLDBg@WLcpQ0Lni<2L_UG7w@am;>DV2ecAEPep|+ z46(CiwumTjKDdxeG%Ed@oDZdCk{D~3CVKGoKaKF6yWbT%pJ?Ei@t#FPVho4|o0Ufg1V{2Y4uqhYfm*P$l=6tKqishDbRoxLdRTVob$?O(*C-hcwQ&_SzN;#kh zfWOA^@n)wuX%4dq3H{wC(Gaw$V6&Arey@`r{CV#pm9%dkot-&U%XE^jlMr>@a$0|i zz-K~>=qz*%BI+=t;;>o%1PCF+SoPudVs}R0C)Xbl)x6iJhv_QmoJvZY?+%e>{umbl zOB9F?zHlLZ#Q}uzv%^30pDmC8)?&En#}5bs3^Fn{F2c8sGAyq0dGa=&$cs#&((=jh zk=3X+mNg&G3A>Fxdw(=r8NgvRF9xVJxg2&DQ^1Q?A42PH9pt7nJs{jpv66FCJN3o{ z>C`Q&q}9w34-_(qIeD_FMKsdkxO5T(9F__ut!J~hr)wd^=7mx~p_op+OhwtzRxAF+ ztG5`aaWlFu>1~7Y1-x(K47!39GX=cZ+E+Z!WN&BMA9D})>E!;%tduA1x4?Xjz++&; zz8Ngc&v2Jsm{GsC_u2JAktQ1P77k;(NAT+gAl-DXY2nxXK*`0ME0!35y3quna5oGH zW33Af3hVp1g2beKW{TCB-g4XL7=XN&H~Bi~A;ENMjQ$f&Eq9P+$Gu4!_k+sbNzJvj zd0wZ*kBX``*i3sf1&ZW=wMc$s=0EKtKmS8u6Ej7YhKkRq(qlGkHvDxw=i_9fgGsHm zBv_5$c2$tdu=6H&>m>vZ5v728eK3iMSfqc~HR$E)82mkIFfXJ*wA%Xq`oz46^bm%& zjl|bPP(Kh;&et~|8lS0fDJ{PSq$WkIq?Cb02=yw!5qj^7&YP%V3z&-zN?5$k21g+F zTH1TsK-^E^w2`BKJ20LlisXLOdKGHIvOoivg=|c6iGqj?JAG?>Dsk1;(xdjLHeqHX zgH#i2!TaN`TjRtFbb)JMV8}Upd!bCVIC1`kh|7630P*X|UhGXxyk2qLhz!RSE14(pw&4h(jP1!5JEWM!GwYqoJ>d^o1AjIH~&D!`5GW=5LJ$PFC+{Z#_qYgTM6d{@^?5 z#y;;vWistLE=M`9PTE4|T&K9>ut6slC}F(sBjc-H$6;kRpCoA;Il#%+Jj18GRbk}o zN^Qr8plgLerpqBK2hJqncEaU>q`Vo#)GAS z2>EkV0Oap*cqtN;Bx=1;&6bM|ifcX$+I1@3q2YaN`Ip=#!-P)ye1YbMw&@GU+>DEf zSIy3cMGyzUmXRkTmMc2rQ-A^eVZg$ueKE65-z-A4eUTV{jwzZd;vng8o$QYNuHZ=h zmijJ1V8HtV_#P6F_JID(jjqzKuqga9Pl#PXP-6ev%jL4Q!_#M#{VrqearLTRWBI7; zq5X;G*5}j<`HBd_+m^q%!f|tj;bXGHjCZIh^7xSGb9QkgBW#r4d2=Vof~xHy|AkSc zLaF;p_$_7Bw9DaqE^ul-Vs<7Q=x{p&-Xq>_Z3_pbq(pd}*CXLG1z6qHt_V z_h`GutURW_O~ZCwRK)#Quz)_`eq;6%={0|a>RXu~{)r+Y7?Ac+Q1lchZ~NL6JSVO1$;DKjQNk)==+n?kwiu^Ki41 z8Lkni>O~BislRFHGbxV@3a>^uAMw(WgoVa+uE?LRo#WP6DUN`=tOUV+YE#2wRF_IH zJ{ge$6csRqB(&XyD01~V0r=H}W?M!P;n$o*0&d%9MHcE)eu-sbjG^tgo?bkhbOPY+r?(GxpjGOx#;dEupp(absE=l=>E5j-5 zGMLo~uQvMc##;`@b0f%%$KG0E?220I(%oS-R=t{$oX12JdV8C6bP-!NxZgqqj1d!X zOSHWFD!9$!bG?QX)NT}W&}ju&0q>w5Q_Zxfu*c*CtG<12M{>P!rdStUOx8N`)6WDq zgIT@AK04fX>wztc6;9!`_sztN9Jd?yUxVnkPfFV?*Xoq><^HesuEU$obbE7x=s}c- zs8J$OBUJVGuQ1juN7`2x3gsgB&$l^xlam(MxdDqebs61o!=zJHIk)>*#2-*>-zKhLxG=jikg4A}n2r4QYpA$P%zO+Fc?#;yg)77H4yWRM&4G;)$~ zsFt9VzsO#j)R-P4TaP5s#JH~B-il9#@6`Pqx+qRzVPR!?`9S0u@M3a({@K_lDfL-6SswsgH3tcd;GbHsh?iUcDjiM{AR*<8bGx=r>R*X}7D41w?lev44roZZ=Mx zW8I#55|=I1;@;$s7d_jtwKoP|Ls^!^ww9As$>HCSo0}EfH7d2zc?owp-e2SN@?mVP zMhDWA6lyp`gQJa@519nmjT{^58M6Td0soct2nNN9H)%sqqBr)9bzeysu6+kKyY5yr zwrFJW*jA)^;(dy{Ph#byoRr^$TxGl6@`hr-rbs!p$nzL(Hdbc4O!&BV&B$Xbz#Y-E zB@ua5__lgm@kj17M$aynBOYhIT=^EbuUnijVcgYJc3OH2 z(ERcPzQL|p@bL_#Rzv+qvxqs}19306&%y)q6{{j|sTPbWlAoBu%A^b28^{C?L%FKjdUd%Kmsb`ZRfzKa=0x*V;Ap%NjZ?kT zEmFGA(XceY(`G$Gp<^cDc-+pG{M@uCPc&*c#Dr2f&wN1MY8FRkCziYJ&?ISH{A70k zN1V^1o6wS8T@}7Qo@M{k-Yxl_E$UvH*9oTJOzDd$aa)fvzk2(^sE$lPVFOoO%PQ+C z8c|A+JoeRCqLtUcawz-#w=#oDM|3>8LI!e-M9~>2YaakW%tK1HV8XuJ)6XFB!2Hg+ zK#;;}KasjaIP7t-JRj(}3LzKC609#_GzuX14s%(LSMYK^t@>s-gYL?Qy4`z6PI5 zrKU_T@%SzKWyd1Qm_93!`KH6;6#FEP4>pGPP4j}Cxdw~ORMs3Bov#)T#wgm38(*_j zt@SkUI+$=-LI%UTw)q3~TcJdP$;?hVCqUuuv*U~Jz5lZSes85(l0j$|k6 zd0z_iwrx(##Ovd=duAQvo>W$b9%yM0YiwJggfGvQbMiAri!FjmnlZlv(AOgzy@-b; zInD9M7^_efP_hn6@-o&^VX%j!_L3Y5R2P&3lg0ay7$%YEI1VNio@#=?gM>tOI;)`o zhE&>cDxW#)d5N93>-lv@$|7uIveo=O@62dsg4N2hcq443Hps1J%JW*ElDCiM>HBM)AkA*LY3*%|)ih z0L9|J=j2x!#aA_|FXnYh5kOKvB)%C=vP<-Oe`$a%jfhxC1*7M6_qOZ{VDcMZ>WK;h z1he-bi(0>|5#$634@3bAyqgV46ft}N#kuBxhjOXRW|VBG4YX>D8L0Bwx>DFOOL<~k zWp$j493^hvY;G_eEi&8I?tCJ`WRWId$Mg1H#^^JrY!bGBb)Y6(t0;dlH7Qy%UpKJj z4)%-?PDmrr>1ePc<>V1aNNw_b2FH3Qc580Y+*AV4dA|*WdIj)Nah8v#@bhJIk;1Nr$Z?hK5YY&vDbRark40#sop0~0 z3}3ONRF8lAuKQHnzMUne_eK3lM&g1q?G@2Y?=pH77EKiHI-e$u;5GT{1FI{8Sy~}l zkK0VtdKz0z!<5cWPn3c?i>%2~?!R0ec{p}O53mZ;FK>B2Kbd1;_MC%-GMIfx6uT=zr6Xg+~zi>r>2rP5T~ z7~zbXiX%lqLHUR);xJUzOO4(OgBqYZuV)>FG}-( zh%BHv4-&(NuSop-Fxq&K-R5H}{ON~r{p%CL;jUQT=HAal-_*Jn#XSxSng~>ur!F@Q z0Tn#k;}9K$b5<}*hbeko*-9zqC#ivFEbpRmb0d5TJcL24w+p0I444lCpn5*IdqjIE302bv=jPJ+vW<#>q7?nVJkr*$Zg zHu8^6aORLMPmJ|AJ2}8v0A%lj+hW17TC4T!moS_sR)Zgr2w^AI)x&N7!yzAZ71-df zTFc*n>G%^z*XDYXjYezSikZwe@0euN_Gf9a0U?RYO3gzYzPtF)@5P8i3;;pn^P!Vc z48f2j%e%b(gAh3;R<=kDrB)AhAo_UFn+V~;ly2Gs6KMPa!q{d96g7$S6%*dXc!*os zB6s~ylbns3>v22mJHBCClu01%1W;YqAIyEE)!xxjG{n#S?r_A2U)m%*Xg_gY|ca6f7xLl zQW-Ynn|4I7S^(Ev{N`o(xw6t_bp$DRd5@V4pcXQ;>2s1zb|BJ;6WRPa?%SKlya~pr zfg?X9fg?XjW|A$A+}JP2KX-b{`TZWhh#A$TKu*tH3c@uvn@6j`h;v-j9ov6-5=B~-8Wy78+u!hjcq*J2+26T)5(K2DYmeyMfw5NA*t4G7x zb=~<&-G*oRUMDIbeTS}HLq4;C(kqRi0X8TENr2vL+Ss$Y15lf45qReULY%UK6I($6 zei>)w0ca)Nq~#6HmKwL?XjVNyOVQ?aKNb?APcqWe*@>>-(})+a%`VV*PT8I8b?Wx@ z)D^R~$n0z2ZWa~$XtF+j&vY$-X3|Gxvl8WfnGXwZI-)F_UkkPOuE+kGOp6pj#coou zxMu)`C#qSl^yS^BAp2roB7`s5&b{hJ3?%h9bwu@uA9wcKorghj-_+}4Tm9s{)0LH< zsIWbLb3FXZGLUeCg+~m)&Sxbc6e2JjDt&;aeu?-T|6t(CLOY*=3@8KnsE}*~q)kVF zLKHaN3o*VF7YM7D>Y(LLTr-^H<>j?KcUIT!19qOR1PD5b(UFF)c>*!ow#RwC5C~uS zo3M~06NR~wfxu(uUy&2M>D+LCJ3DKDT-A0s+^CDqyW-oCCaC)q+;oWJnO#0m*5W<; z)p9twAIIrUx}E#rWVcOYSJ60a4b%nl@OC*W!?f;c;sb2`z7#nk;U!aiIxc*ufc#gKh}U0 z^IpmihaISsCH%V}xxOE>tA0Qcu;;n7f(T3l{p^m;IKG|LDC~A1tKH%#YhRgvyV>#n zPL8GS_G-hIb^r=)fq=?n+IjKSVJ=!r*uZmdsACh|%()ZJZCEwPbIEnQ!htarWtm#v zh8Nfu-Y(pc-cvLGvrD(dPStgxzOKG}>h)N5^~Z=78txNsL`>C#1cB%uE5hqPRs1Jw zU)=$U#-I_Urinr&V>KQriCLWyJSl1L41)th*(K8vu`t-^<2_3)jw0688f)*;D_I}A&G;0vdG0`+=dm^pXzirj*2$Lr zg~4CrzWp=?o>Y?TC&#bPR!a)2c<8|LR02sFbUR2w9{tb;MfZ+ViD{$>Qyl}+>}zz^ znjAhMs?bzHU*K`(L+zQ6m?0h$v=W)o!pE)pX|N+QUWM1S@Gyu-CgHqhuOn+N6;u3_>Em_j;o9q6oq6z zo<0DXyp^X<;u0)payhSuaoJ|~i`nK_9)q^*JrHLKG6c34@kI!lPp#gU&L2m@fUzrk z2WUr<$rRUtDzOX1CF|pl%;636UO$m<#vDJNo*WMlaMv)naF)+dVFz-jLJbinvk0>% zH{M2ooIEodlmq^(G_+}EzBda&zm!%)!~pLcAFx6ApdK6JoW6KSO#?=kdIl7ec<$ua zN9+^sD|smK+aWg#;A@Y`epHlV=GULPlUatAc;+Yref{}J!7~(ldXxg zBEqd?VxaMg0OK7rF1}H~FA=4yo=_`RvH^FxS*-y^>;ie&5QHU^j+>cD8u~DM(&09h z+LNXw6%8_VZ>_5ighHj^983y=07gWBwgtx(((>83LneAbPf#6E4r;AC#~bxpKv^y| z{V1dW;q5|Mb&y`5=S99GPBVkb`(N-j2**uE%pJlR5P6aM8iPSe8R04m)cgI8-7Vdf zhfa=;gWRk_$>o*yc6Qx;VgD`QX{F0|RQqm1;f@uEA-;;mI%rRRj!;y*EpXIhd3-># zFN5pDNV*CYh{@kxoIJp8C6@z?%RLyV<1z;2S{=W!%Yc1kIZc7Jhym>B6v63^16rwI zR|eavX9fN3Tq;uZptFOE1(Ys4*;q95`SHTQWe&jLRuy*NeICzm9UZS`4s;W%4l;oZ z#YiSFod~+X&a+{H{Xp%=p;LK-#Jo=4^BNOhzyR9^3u|6*aG)#!_z1xT;%1N%-h$U?nYkcAB&su%D2+fkuYtRV|G zMIbHil|P#PcME^d1Q@s#3Sgw?m5tvBAJFjRX~m(T3vU@H7_i7D{&?5F69)zqo5sC{ z&eYQ7q4s^}E!e|E??;Pv`l7p(Gtcj=Jdk z`;+hxOfVAJpNIBEasA`F4fM{d)>h-8S1b0Vc?E1_JU_dcQ-_=M=jq7Fpx-t zLWlcDKSc%jYN+}A@?ULaAPK=RcUEBX-*JOBfQlAz(Zg(uYPhQOg z12)ut^7whUpdHE+l{y)_IGx9*FozV*scqY7AAHR + + +Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

Thank you for using nginx.

+ + + +``` + +You can observe that the `my_nginx` service has different cluster IPs in tenant master and super master respectively +and the tenant coredns uses the super master cluster ip for service FQDN translation. diff --git a/virtualcluster/doc/vc-icdcs.pdf b/virtualcluster/doc/vc-icdcs.pdf new file mode 100644 index 0000000000000000000000000000000000000000..705cdfa03a2f46cb800e23e840a7f53418841940 GIT binary patch literal 1055322 zcmdSAbyS?qvOY>6!6hURlHl%c!7aGELvVMu!67&VcPB`I;LhOg?(Q03uz`U)eBa*Z z?7i>#t#$6Y>;7?BYj|JYx4Npj`l;%tdm3_uuVVDf4D86{6EnRF$m~Q+M0SRj$h^GB zj4~#+X3pkBtXy17M1TDtGm2SQJDWHXF^X9mIGcPmF|so@LFVU2c5-$!F|a{)UrN-{ zu34_f1l(3mXnUAOe_UhqDc$Y~TOKSNwct_i$9Vfj@;kK>u>?;)u>Ii_mc#`;vo;?A zCIST~qW7!;MKpbzV#)i8#8U}y|7R;=-lbh~>UVU$^OgNVkH=>U(Q4{=D!K^EtKaLb zXnJcl)4a&-=}VK=gl9uk6PZV1x$Oiqn(O2qe=ZoJ0|4%fJ0b!rZC-cB6x7|nhB&op zXu(*Ox22~)+fcn`-SSy72@3Ax3HVdQv}H`@wy1txmBL#sw<1n+uUSujktv&@cTsAS zfs9MKiE~!2%oymBy^)vhqG8}z{(@9fZI5d?DtDS7^Jv;Qe3_HYFmlcj)?F&&;hi?a z(vBoxa1EqNZD7}Z&jIm>8g3ksuqT_Q`$f{Q4op9DPmA1lQYwp_I@>yW-l##$XKUKM znjU;KZ2mJ{`SUq!mK$liw$b3a&ea;gdTrGex&3?W@;P(35wUCsDLJ&|3r5%WOeOQZ zjAU4#r7|XhXdhmI2mTgs4NK(Zl*8|u?VPkp2OY+~pS9~>ekQtaj7usps4z%wf14RC zIbMD;mpHALRE4K}|6f-+vg%%jra0aJ6L9I0922O$H(t-f((bE@5V?xO&dq5a2uH{6bYw(lHmr20fH~ zl3lln30!)p)Nw-&$-`Ci%$m($BMS|4TMlsbv6yx5xOv$0W-NH$9vUv;FFr_VwubL> z0+FCTotZGH4=qWo|D2pb)-|ZS8=EN%7KbZUs`9rNvkYcRGC zhg!>6+h^7M7DWsWoyEI`k(>T|B1vACcN3;H+}fDU6WX(_ZmK-^fatt}-2D8g7-8NT z8@x>21cPL0fk@k_Gl$^Bw)(w=&EWzUvvTev*v|_@Lt=E~rDR6jQy5}j*E0{N=VVup z`F8Se0aM0RUKZ4t6X6?$+w+o1#umz9tY0mN12s8?wq*6R=F`kye-T^_;&xVzdliNi36Cg`r+=PHX@&{isBu2oCHtv z7;5^I(`{iHH|KyLHR*ofnUYeEL550;t3u`1;T0(hJ@}JX$lynDi*@8T32?u=-ccs> zq=1^JHI>+RaYMCSYBEv}If zZVKSJZg}I%Vs|Z=T)g;dW9Fkn64zY9-z@>&#g9`&^%XlYc2DO2-Sru39KK5yPfQkQ$23D)GylmmopzxJcCE<3x3jw$Ybok%TCb$e;cA5RozWKm zTC&UIYy*Z*aqENSTIkE{*dggv z`Byf_V{br6>gb7Ln(a-+&rE0lwC3ONH+ps1bz4a)1Z8m%zbP;5&3m5!n7StvaUTF) zUo7g}t|HZSS(sbj=WTvtGTC)(^csJ!ZY(S^rqMXk%b+X?mNf(%8}Gq=G$zP05)O!_?&Uy{xx>bv{?=1G z%p4$!5Qi$%l;`|5Ac_;hO9S*-mD8HWww~J7C3T# zY^>ZT?Z%&V7Wh&$4OdXrnm_uE|0inpuB$D?U*UUfiyecXODcT75UuO6xrP%30eS_w zX&%`v8^|vbfb5L0OW*xgDHiQB{E6wM7&m)Y!MA>q;?nd@izbTSn}x9k%XF=;U>T1FhNyzp=2Mg zJdrY|yG`Pg>CApT*@d*HN{Qo9T7RU4uTEoBDD5*J7V!$$xk31d@AUA)u)8YLnC3OahPwf8j{#*Flk7@+qgJ_bL-p3U2YFL zZwY^o<)OKjA$O=u*gtrUj3stjGW%+@(NTQmcZkC352pr%57MkRf%$2wZs*qZ(wk(` zChbk|n%D@Hqu=_yJ|XxBQLB}PXY<5|D^9+7MKIS0l#J)^OjJ$5tQLL8Gs+TUclA+e zG>}ZHG3kw6`xE$B;k&?;#|^%I=SV0?D%|M=vE+uapPVsn6sogWT5-?ZVx)8E-tK^^ zrsS2v1CxZFTaC-FS0OF6^o@c8Vc#<`g$Sg7ze#U2l5bB=B0~PC0FTO6fkOzpwDZf8 zKyoe8liK(4BP2ER_6nmSM`RldfGUEL&od~Ww@5tWDUIqOc3O2OEyTDP& zbfrfkMwgohP|}vt8wcBk`OCxBxveG442_1vtxKADpS@b$W3uZUGWi^vR&|TkvA|w% zvN9bJC}1O2vY?Aw01O4s6&56%u%upqv zUXMx`#{~ub0I~Wt#qbrA+_9_^;Nm!fX>>XOVTAo`;GKoB;$E13D_4JdB^bx|XSV)2 zWBYZP9nSCrPBT}nw1Lx*WxR=^#vH=}z$W@P-Oli~fb`v;4kSzxg@oWxObV7(vZV|W z*eWN|Yy_%zCujpE27bn6YBJfwWQ88JGMM8`X1aeg$mzQWL^8@6q{_nAzvXF$(IzKX zNJ+XZDv~spIw}OvsE>!kA0v4>2(9{6thX#-6RcEfJEEr=`dew@J%E&gHefKzYq}eJ z1TWDHbDHEyioaY28tN3!d2gjKCsdq+4OEMr?RVtJFc@eluARo;qg%C``9-Uh!>F5>YB+m&tvgmb)5(N5Y6 z9d)!0g?0oFzW(nY8(UqkuPMqcu;KpP-826*>Ee2O)RIN=*>b#+ali=_-4jRO$4dM4 zZH-*wv1U0SJ&u{#3-1rF%&f)=7tOq}59X@hZI>>|L>!za*5^gCwpB%}jh4Gi2XMxUD#*|D^L!vhLXS154VCC=gqIkA`wh0&W<0{J%>Mc3b=VzUq|Op zXc`q`;YHWnG9u^jd+c@c@B&R8)rP@|>dH=mz6=dc9Z|m21qM5f@uSI;QXwR1i8S<< z&)?yin{KjS&D~5H>Z{CHi%zQHum%=$t;uB_MC^>+Y0}eDc~0fmE=IiHOam^l9MMaS zs~tPpkehKbCz0`8;Lq7ArYga3A)-=fc>^mN%3oIpaFuymSeJSq);sMNIE5J%4&A{f zF59pkl3KyIMJv^(87{GN6n8^R%uo1U&pcI%HPG$d$$te}T`xY}Oa8+8nI5pAtaXnN z6y&rM<|S~)6+ZlPQnd|6-{CdHUh;vE*q86lSDFglHokRZKW8&%x6`k9Q!0d?LY21k z7_I{-|A-LJtJiaa^-e>in&Pzxli+Q!2J!kLpAoZekc8etMjv|fzyV=JH&>4 zA`89=>K{BK4;>x4q4hgK0vHKN9`xZco>emFk!A!vXoyJXD5H?$T0===F6KwpIaVU~6|rKEb)fjj^-%p^8#1gMMD&qU=6C@Dl3>NzX`` zm7Z*GYaar6hn&H*_^zJnKBcL}pI7;g-*gk7J#)}FbZ14u)GJxn(iQiZ{u+-m9=(K* zEJ&YPapGfpudepJ`Iv&P-e1xk3HQ-G@xcW9o~%5H27??cwXYEmnm_C-z})Lsd^bx% zHnBDS#{wOC_p-QW{+C6*iif=k5u=8@p{0qDGcu#Hi=p#hPb6&&%uJ9O)h&#nTL5e< z9LS6kCKhJq&O~fXY{-nl7S2uzCXOO@HuiS5CbrH*UyvC^?5yn^mF*3Tp!&X=xLO#Q zD2WS0HOd+|SrIX_LTxJj*Pa41GZP#0|8h^^G}9{EiTn4{XNvPDOjqqn-ce~sHgd{*=yhS{KnOekhO-jCfg2jWLfW4 z;ni%mR|5pl2EP?XBo2BjJgI7WE=kFmIFzj1RGm&gxUN!vu(y-5V=T>0ray*Nk3Um6FAI*}Y{TZ_yzG+Pa_g{KPg%R&bHV0vYFSoW6 zgM(z7z6T$Mn-xE+$EsR;KMCe;34YE&QW;Kd>rZbR5U$#KzlWNweXk#+Ku4R4Acq`> zckHP;VZg^A3pYypo`KTZcjs$a98Yldv4=zEjIkS5c+rg|1GT)9J z21Uj0&l|-EC5Js?Au47^0zQfa`|>~)3j|h#dc)%5pGDzm>@HKiiQ?MyvH~FMZ8DCN zY-idpG$<|JEtk0#UTBbeGWDn(UP+Fl(Pw5p@nnq!i``rCIZ>%$%vJh3ZcxxMLtb5)BQePT9pleJ=H zE@KJI44Q+;bTntxaBa%rg-bxE^O<|@AIre!Q{O+qPd=X3dM01bxZ?=ztRI3Z+MFH=)z?&ZUD6AQWkMy^+YcDx+2w(gz1J(ux3y@DD{?hRAS>~bm4wq! z8;d9FR$Jvc@7B)8HkFcykMKT>|Xip%c2C*o;qeu<7Ss@V6;T@F`W)iu?uzzyMJ)R zo_LB;@-3QqD4!k&yTs63yR9{Nm0GsfJ-3u{X1(XpU2}9Bn@>Fr+FZO65 zKG3q0$T|gn(GIR-4+*cln>_Oj7H@qjy@o zPoCmc<&LAI`anZb(g8>B0b`yNVrt`!Wdts)DOBO*Yz%|-_Wb1M`o?a}6Kfr()7C-4 z0h@Hyrl)|db#(lBp;7o^}+=KMkg85?ZKk2{lW^emkUkfk@lUt zI{{`puXA2Q)C#hdzkFC1e)3|S+udjHhhfSHrBptU8+FTT-&W5hJR<~I6(MFX>6U)gXtf44&t&~)j-MmxL(md#ne@&i2D z9%1{FNCU&zKoM_Y@`+f#`VQIh=q&;%)FX$#C!0uLXU}E0Hjbq(k2I(Y3jhI}*EfW^ z1?$M{`ZvxI=rAqld^POpy_u`|dV$K=@nq~)$^>1ZLEu(nLuWEKK-&B5kuo`Q1 zZ@PTW4Q(e3cH#MfCdeZJ*dH52d;owvowNN{6Ze*3K~l@rXbOsV_9hvZLaA*vJi`tuwpQ@vm8IDrpY$*@Ojhe0+*!o^{Spu+ic*Lt)x(mftr?(G#(fkgR z$={NQMtSA(J=y|>n!UrQcT#s2-awEKe9Rn0DYNlFtDE%mzdoEZ)Yd2Rn3&a^=$tV;@=PlV?>1D` z3pjSkpwKWFWG^tipRn7tdYWb*yPV&tQPuO^R*k zr!+YYMQw)JGlrScic8+XY_-H^l(h!N;C6IN>j^XXhQ{mrB$k#}AvL4Bo9)W)OISx` zK!4I+X&B!Z1$wK`>Sp`Zv8w=lW9KRmD z1dwfj#79=955x8oGw+YvjNwkKj$^%kdBwVed#&Q8D)LE3C>Hf{vT+x*d_$EPA4GxO zpun$4KJBfDN}IBOo>)3_N!eg-U?I-?5=^Wi6yCyw5l`el0CKsgkUZ25y`1&EF4k9k zLEBIF02M&IxWMx6D+mcn2Z82+9^-ZE{PSs0-=hfOupW5~;OrX`_>GTzu0AU$UVL)> zOXxJ?{lVSg(0K>ptEz*X@$4Zx8MTtjs*!Ej4z7dwu%?5dy7y@Gg4j@c$T&%_j5b?W=>bqrRlQ*df)-j0h$SwHLj99wgY-`2R{QaZTW zbveLgvwFK5(WZRTS*T$y0ZjVw^c4|BXD3{)qV}w)rDgeG|AFl)%zv64?q;m^%kC-Y zwXCmyTSzJW(3{<-U1?J}Fl(bPzU8bG$cq13ALD80TFvKv3k`TXBL$b?iywC6%g$y9 zQ^6;k=@C1oSLeRFkaM?$X37Dp_CmW#0+?7@n-wRLTHKx2tfS>0oZoX7u!HHn_}Qe% zASx#N!9REsGB^Z}!)DJ8U45xI+v?H&IJ{@6o6=1Oo>+|_PdQ!&=3*tUInnED`R>=- zpUE}nr0am;eL~9hx@zkO$L{sYKs-M@3ORI05X|H9vSVOmywVfRkj3K_?`~_`f2Qj% zt;GTeE1zR387uAq{obt%J;E)Z@Z<9pu*O8m!8ID}fh~{D^Z}=-cfH!-&!lwf5l4jf z9QnHC7EEW6q)Zq?w~eKzfv`r55bF7p!<$Gh^zyJP{kh!rdKyl@s8d7~+il|hllSx(8ZfhKyNYx0kfcwy!qfVBhw3G7_9ING0+`$2zfBHiem|tY z8}0RK_L)vt!03|l5yuDnm|ZxQ%yPORL2M6|n#!9l`|8x!Et5j7aedzKb#bwO9AFCc zYys5^0Wa8w@j)bzz1u7TDy&i0AQW^18g*B8++oN=IOKjCZc)j1Clp2P{P1R!rYq^!i;=yCJBP&%)FRK3dA$6{+P#+t) zGNA7Dw7g}DsoU^WbngR8O7=;0nXDUn(TKj++lZELx6TjUG+o|wD<})9qCmG1sY%B_ zaZ1l>CBq}?ZuH{7}~sU_G=4g@Z7XW>7GuWlWs>>u=p_FP&}z$&DyBW*Uvs! z`nV0-CRXHBwjG)3rzr;zs0*C6>r_@O5kM@Ttsh(I%SG(+ukLvx|#NE`duKOuv z4fL4$lT#)cjW+edt|9FP(RS>!o0JJl-}w2P@0JSm@WPhuCrd}YfRme~29x`*S0t)W z>Ju|3?D9VRv`BkuR-i@~QkrG=did~ObEE#bdYyJWv=tt5VXuyHm#4moUwRawSvF%w zd;M%#VWY|xK34BodkYMZ;1F8hwt@t)6vrSKY=v!kCn*5=zUO7$HhpC( znH1A?U6HKQolSj>qdL!Ix1Rv^HVz*fJ+AXxN`e0|w0yJa__mCbv5Yy!(a2M?G#S@# zQYHR0BRUyZ=5UrWMHGWV-TQMEvkAeYf6$JTUp zjlJ3hALT`7K4AqK#)_tJDF+rCP`Vx{dtR}Z;QW#iSattVw?g~S?wklrG(13nd;t8a znU3?+X+gLFjHhJ3D&_}#>GxP+N||3jCB%5ok9lB1trpJ~n983j01G-nv22A7$* z`O2C79LdOWG?7!_Xg)3w5;&OuZJEFC0CK+%t>;q2!>O46j!V;YU#(t6pE`N|PDuv3 z>h7`Q1O)=nW`LCkJ5nnF=*+XLKFF{|`jcSy5^Ls6Mw1(Yn8~&fz(l1#bm27GKGpAa zD)uN}_#~cL{@uIEmucIQzxe9(S?NfiuOKHtBlHtk2>3nH-C-og%Wf^Y+ket-rRVvY zdwuP5{AFBruZ95b1O}KrDZK{QTgFkmD_1{~Y*vpG1EOGf_!Cy!p&|KGBOSz$a&cWo-8jiH$$22sCn(38HM%udZUtOI0qa!{G3yf{C^CLQ|zRGp4A%UjYo#ScSUv}@zJJS0Bo|5whakg8ov1$dEVmM=QL)zd&t8l>0(5#zf8;;d@j7Q} zW{D=0YgH4SIXWrgb)Z6n%S7;P>c;I@C)pDr`}%BP)^wSj%e`}Zhjz`-$CVmr^*-*R z-A6fk?SN)&_7&7eEsOnBscUasA{s2cS>=T-;LRIoRLfueR&YMiBj8&{U8tF2^{bXl zfuKRPYs=+iPOC_5Bi!JDLABANZw^8|697ZD7e!{Tteimb$)j_DEMD?OyM%{=7r~+; z)Bd*MRUq|oIu-2oOc`j0uI}Hk$qIto28O*1B#Ku9EjR@-88Qa2qK`yjQA`=X+3|dX zFy1?kN9WwkA~81Im%M#fJ=|n&2aL@))y;vnuat8h8MXSg=vmeBd(&?4Ch^N+$&>fx zycC*p!%spzmy1IGbqu0WEoaYaCZS+&=w?jX0BjIcPz45E^`>r9&yA|(F6Gei z(&HeGhpmvuRhCq2rJq$q-~fjjZJ|BJn%Zf@c%HH7xf90_TwGAyE9D!%_@x^gH_fs| zg4Ii&TV&c))bsc}vEC$G`tcYZ8cp>SqlP92gqFkCQb$W}G(C1FQ5~htXr1^hJmxAl zgY;aBdFk{&Ydmf4O?c*Z*B`Df&poF<)U?x@LHRZ?c9lM_f3A|x*36F{}^4IxU2`JQ0<|IC{ zN>R$4#zs5L)(cGiil;c!H$A^_K5LBUA+FHH@wLh!6qZgHlhYLMJ?*2w{E=rxgcnmi zgzIMed%$S>JtS!ePi=7;$ozAXk0vk4$DJQC zQFGXZ)G$@9$+r3$C6If^&bOk~nli#lemE(QHCOd=*ZB0yhYu=Wi$f(FZwu~%JQXS) zuf4nO9q=PUo!sk|h8ok9xaViGPM}K}RW*z69iN{#P%73Gp2*w?iLpZZO|eG_f2BRB3z-qo{ z5uO;4IDz++`*E+L+pPC<5K)3ks%~GnHhi|^ez=7b5ux_#$;jY`hBF?H*i1(!@_X8T zxd_$+o*1DDE_RI()TC)H8%H9-?G#MkZHt@-%C+j8hp4KWYvH$2rAmv3{wEi?56}0v zfL-N%#+JRu#Q8yg?*zeyCVD_dSC!1o-A}^DKs%mApeArLPizef-tvtIjN=T*)LCsT}C#KWXm`EG^NU8U0 z@f|qwHM%)WA1Nt+UyX3^{ME(Y@~x$a_l6$A$C$41RK_zQL%c{bN%?rfjI_1KjcU8p z6mN3M0Sh#e!5Lrq{dF}i%88FV$ia5m57)k`5&Tw{i5YJpk$1TAq?P9qZ=5mkxU?C2 za6olY7gUcK_ge&HeVr0189E-fXO$f8!#%F&PvOeXXWy6UfcQ~HZ{wYgxE3<|zp-A% z2s~Kxfi&aa=Ve3tY>~6N?Q0<92Ar={#NCQm>T~}J7~^)sc(?tHOkNuyCh-AKcA-rH zb=sF2Y^RJMyPu=6t}}z+z^6>bA4`J8S}HLP~g%uU$QiBLslPvfC{88$a05KAY~AVW@@Y zI*>toNcu@O+xD?~0BLgkd&~vf#Ms5Wn`}nr?QIg;#dbrT&tG0q-Vza`!?zQ*>$7+Z zC>mUz>aJ}hJ;-9%*+~2Zmg9fpMHVo7YDAE9U^2hWUuFDs3b^v@NT05<+8XsFz60C= zK=)Jo=_&l{qBef-uNu9|^bk)0wGZU-k+%_hjR8#kl*Z_fyA`B~9|XAcID+`~!QSzU z7ntd}DdQC>n0ubJxl-EeaW%JuPgkDAr}>E&0BFPdB)RUUlQiRzD}2+e^PvNt+h`^+vJv?E;zGxCpp*KZ)ei4g}q(jJ-!vD8uHxula4`mb73j+ zKWFuSBsn6vAROsFGirC9=>$eM6LflHLJb56O~i=71SvQ#Z9&UDB3MWu=q;25AQD4g zzZHhE9^xSA+$(|zC1#;-0{{~k#IGTL2`ZjIWkO#>UL=GOg@BfYj^wB)T_l%Mj-1bDn-Kq+h-OdpP^bmLO)QI2GEa?0Mz!&{ol{Jp+=zZp;IFv2x++TnE^#*F2Hml}1dcDbLm2d88QWY+{`P380BCvQ@ zi{}fN=B&{1DfeD+-4^*<&oMH@yI+xYFl^OpI>&qEH^UpKBS=C(hN*FJJoeNTO53r) z{wQ@jf51dcP>#Oa;XY1un&cUZ8)03=p54mLM^FR`q`fp@d$COlU+pOQ)$c7FDVtj* zN!mK`l6km5C0vW(_jsptxrC%JlIoLN6^9%ya-$mt9&@M%~ zMzceDZqj2?i8KvPE#F_p`yI|3Yi;fnzX#v{h|{yWMe(d<1xbH|5O5NnqhtZ*Q!KZ~ zg>%=#UzCj<&KrpRHC)#Rw{Vqv4~2e*x4-Y*jsCE&Q%pl$#hXB!qmr0ZoBfKOq>7{?CljHr7WLbb$o6sSJj)YP;0jtENZ%QlqGcmBZ7ndRP5v$%WZu5cfQ{sB28Hw6a8?Hy-4S_tzqH8+u=K>H`Q{s!87pVwweiatsTwq2^q8G10l zrT|+mTB|Vo{1bG*F~F+Jp;DPBZ>09s(ggRnx8TZ)ps$xSc01Nz;EVv#@C;_x`zsQH zNdGtGFWK;tU5u7c)aNDP{hevojsNMyKjomynfsszbFv*fnoZ-^Q24GD5Qh9E%!K-) zJoFz)`nRE%Vv$4W)BaL7QJ{C*kdNp6?tk|W=^rNkPuG{+;@{M$`%4Up3M#gL%fOdH z19e?wg7E_MP^}bgc1z=;QKApu5w1^Fw<=9uK0{Ebhk+{fufakDt7-$oJff76JxW$e zWBV5nKgA zwrc$gihl3@R{R2#zj2504;1{P#J*HmC?NjxLLw?a81>HzJ(K=Y>Y?rb4R?Pxf`^Vo z{&@1s%!>(%V26ARd4U^L_MbKU1vRh!qjxX0{a^hNhfYq=C;xf@exE)slj6!+Et@eY z1bl*_1?0}SGA7n4c_n!AF;UgUL5JEh5zub-GSuoe5Q@FwNX^y%f|%&v5To-2;-NyU zwQw4K{F}Tq@I2kffxd#3kPsyVJAI@ohux090_6vQzVIcL^Rr|AisNj4_5$FF`8^r! zFI^j9z&j>LnhZ41F2Vx(EH4nW5(M^-_CEytTxTy@x~ow*XfS*!J5FGi6ijIU^!dP$ zjj6yZzWucVrxl83Q#iL%L!+E8D z)~~-5(L-!iE%TLl5VF!rFAX5yMBs4F*pc-;nz=0EO8<);MS+)u$9{0>h*U^?;vkk z*RzHdCwd8ZrsIWG+2bu=mEno1wo zI@02TSB5$&@`iYPn}H;O$>!5Vu*)2Ff>cGxR5&3!Z~k%CQu+^?{gEUQFs++42cM(u zH=QvLyW`H(Q=@Ym9_KN9U$d*u+hF>1%JnraE_JFA`X*tdIQx6GY^OgyT>4MaPwIxT z?qnQc%7#gIJsn!?RWhqKxTvpw-vX3y`_Lw;&BK?VLxe*cidyq@{OgXHf@tejgne>!hQ7x z3Wklm(9r~!Lxbn7e}=cVlps#;fpy#ZcUxUtM&TbtH`brB3Uf>9hUWkLdS;ybgDR_y z_E}UmxcLEu`_U^|JqMR@waITne6ijj6YjU|PEqejkIXD&v{IYgUMz+f?MbNpwgTE88%o7SKW^8>kFhA85smv)5t%QSPR4>(SuPu|^rQNS1fpSF6k&4K z@Sr|B$}G**a1p;bY*X$SMVAK3(T_;*-y|sC(@?sGfzZ!raJC+hEg0NT zNAnwl@mqWx7P3?HCxv8!tU>o_l9R{ppsp{??wTgwjXVM0BX-Q)#V)D1%JJm{(~IR9$G}y`yLgtKvUpW^<~i@|hj4syZE* zmL8R|M(pR0(v3*5`mz?4(lVRz=9pN+RjU+=o9#;Nur-yIn+m#k6KdfBcba@B7@0x& ze;gj|pWR>O5(dX?hd%V9AVR3T@dQ=`^aKyYH@ELLpDtj9p+#+be*28D0UJ6;;sMv3 z|7rm0zBrb>jp2ErbkX{D&AzRE&~)FtyDoa@9}Naf*l9LxpR34^<}c)fVCY895|(@Z z((Vn+x`K##yqF}E5w3j@{c|>bh5$7S_I7yOx+1!ORl2*#Cp^;^#((hw0b>8`IeoGH z=4GXHTgmzV`e84i-DdC>;$4T|Y`>1ZDQXk?UQD%Mo$5#`7HdK zLE1C$H^RESIv0VVia)NJyV?FE4n9kvzKiLha5zd4ACsoB$gH3ym-KNLs~}T$vB^wNm`$pvsBaj+?G�#(PTN zU6WvgOR>9m9<@+J>$%UGpN4B8wP2K)5Rwp&4^gi)DRCI);c<+5ywczGvNKl=Zb0!rXi&0_(!{n zyH8xBNJ*GmL!{mUiHpoVQvA@KdExX|{nESG?nJAb6c0eV2fYzr89D%#MHTHwqM-C| z%=n55w{aB)Q%FC%yXrhvU63XKnxaPrUzMp6?ZR zH1PQEBfYHbtZe`5BfSVZSmHPxp`|3Qzd27nYa2q|8PPFYT302%wF>xn65b|u(w2#q z_`S_Qg>He}^287Ug(d(?NWrt|cJyQ|iO2Rl+6V(ZVp*wn$Widua;4{6U#tB`W|0hp z<}rl~Bp+XM4GXkPJJYOaB>tMi%1H*1keJ&)&2K+#vev_wH(Muuwj!yNwJ@YdFTFd? zqFO)edbUIf$fiF&$@x&OvmQl^LBTTtj+eD=KjQMdpg4!L)R$*GYS(n7wOA1#rvE&( zRqwbzntnPlHOl^7=u%q*S)DT)XL#rquMHWx25ZNDD?zoRzhYob@u=#BPyW_0WkfcQm6 zbe+9{g{3-~AhYz`mxB)2)xdj+SRw$kVRcU!h*!pGxzuWriJZ0%$%vJM|GMs>xE}0b z7nCbXeNpYUM&tq)zeHr@8LTb)rx`@Sb$Ne^J8#DezwloxH z){O$h-1=2td?!pO!t*1R_m2`*t7X@)=Y3yw3>(!!sRP>iV=gCO`#XQ)Lgr$W7Hd>V zvt4h^7>77BJ)$~fqBk3ETt6(ExQ>o~?a_!8^02)XI7}dH8%ESMf##nMteLTR%B9<_2LYg1iO%t^M%qJ{u zyIaVXdFbsoZ+`-vm56>9i;{e{KCmW_4xW&Y@S&VlIiv*j9&@zh&8sm*&%joU!!vVABd^P_VQ1>e6!Ue)rrbNY&n%=K>>y^cyxeV4Ua>ThPy?3{e8vg65>7 zPN(cz?YrNOGh(`clMW&otLFfkUI(S0$>d=+F&^uNQLSWfj)uE3o>frcTBM3Jer{^) zN5l!ZFej=eCPxcmQc2Cn1VkK1)C5%~`Jn^;-ho>iHsPcI^8s5_vTIA_7E)e|06aTk zS~ghpUGc;$A>5m@{`2BBt0C^-EtZ0;rA9t@Z>;2v-6EHWH3L3Q3EMz;7`$?GALM2f z<_ThRe{0vRkrko~FO@qQXUxJiY};hv>-YLg$Y503aX0)ZqQtDAaYDq>Orrt-{2#{X zLSfzxPBFd27?#=@guzt0*rmv1aRWrBs#C#o(|3@>iFESbGkgC~WHE+rxYkxQKsYI< z>qhy*#${=mJu~yJ;YOf{kc{dc{%L=EG+TDN!7Y3fsD|f@Hjzy(>bl~E zjdaeXl$^TD6>NCb^iX*rJC5o-%$%#Yk7HXg8o+jy|5RBxshp{G+`8J0&%7%bFmeS&Lo+_yUgW-^!P zU#Pv#5RmS{oqdKG!fBCrDj?Ya;&f`jeo;!nY`@A>K9PNGBD0|#GShTer>HW)9^(>QE8&l}3U#!k4sA3syR61Vy=# zK7o`s(nkX3vROV>IKuk|=pikyLRkuIyD=k8x6kO)3f4MD%aMCYzjTK*wS|2>VJ9cs z{exX?-iXFvpww-zAiCm!sU(0<@VscC2`8lg){f9f0u6p4Q(9;jHtpxfH=#vJd_h|?H26NenwfTMdo%J%OZ3w64qf|C<`vK-ZM2J=z|zVL zQ6j(dkuE9JJLYES@;4;$sfrY^y>qBHqblq}u%l0ppVjr9tTKu?!gZ58bT2niKE#cZ zGwAfJFBRHsK8XjcCT1-U;@e%VMTIL~*P;@zdb;#exoc{wlTxd+d_LrC>?9gqay=@E zm(vR*NdtFH>^yKc9asNWq#C@>Q(5?k$yKYCBo|l5>wlr@LamnCL0d5kkZNMS9T^$a zFLT5x(OtoJSKr%yI#*P4tmqHano`NO-6rQP^>mB_QxK{9A9Xb(PLNN>nbD64k0q*K z;YjI2mToFCE{}$^TpKi&$*#!1(`V7k2FYyE#$Jv(??B)p#~TNPbFUS@Xn&q~)~Zy} z)A(9s1YD=mPD4!H2^2gM*~6H^6?;HUZ^D^$`U?wa+iL(ZV&~BjXK>z ztq-a4!*r_GXESo6-jtLC!-v%o!v4obV7uIG85QYpRjArXG=(sOCLI>Zl~GIs*@Ly> z;Zir(`{Xd0DE;6jQMpcwdhkA1_%Gwnr9)UP1nVEttCk6I{x8PfIw-E^c@!lOg1fse z?k>S~aTfRB?(V@QxJ&TGEx2oNcL~AW-R<)E%J1H~?^V6`$JWj{)zj0{-P1kYXN0d& zT~8Im#M35rIE6~IQTa-mv=0%iQjI(Y|e297;r4Ry4 zSe6YZC*W&T#Y~`7eQ@988jrqQRf4FZO2zcJCkT(+S|gFCIT3fnA71*>Mb?w}I1s8i z>;Rtfp9-J|i3}B6ZKbQw@~?kfw?4M9B;QHujmF2~(rr69xw!7C!LC}!<8+O43M#(f zMLN^G2&JuvknJuWGkC6JUik-ilXkY3FRgo(TbbDIsgwv6^@|Bofiz$a_Ch#W3v~R${503r?hKL3XKJRIN>pD) zfa|fiF0{RvI)!~h-SfFZqzRZZ$JfqD@&p%3i&(0zUjZ0(>q``U*D3b+L=6|XMhB`8 zZ`;R+#}D5oowqnu)Z)J&3X69RPlU^a^(^c?;z0%e(f4(K&-oojkisTwMcH!l?bo-o z-a8tqx)cU>aj??sJohGF(6?|bu_L?Z7^Z4X0)gx~IU}3DNdQhJS*gy)uYNYp-f?hk zsbidISCR8c9#e5QNPOpk0&Co2>16#K9lJ;>xS(hZO<8PnR$A5ZFi%-U;)?bxwNurW zCfwriIRztRv${y%r*Zq2cpO2$6vO&{2jgQoPBb>z;UBpYkgn}@c32A#coLD^a)#2c z#kD4nYSEZhpCi@~gEW5S94pr=)2+aP%P0%gsVcD$Zs-eQ+n4JaY?_$;h0TL#Olu?J zbY6tZ|0YTj7&U9<BV^kZ;yM26a zp=8UlYGBULM*L;}Jh}QkX2P} zq}-M2BnK7NuFA-yR~^kzpzpM%z8c|NhYss#F5;Bjj#bR`@Q0Xt?XeiwOoZx`vxY#0^ZCKr{Nk> z$m-9L&a{!i&XNpDDaLvaCU*?7u9G-&S7GwrD+b^BLHr_8Rd7CZ;yY-L>L! zS9FJw`XP&yR-eUKav?r3cVbfnOF(-9`K`Xyg)Ea4Yz43n@suCt;tqZ0%SN5%Hi8y> z-M4^t`QR52Hf3SP0_+`}lj%5qt6a*`O0rmk{#7)?^N2|_Lx`ob)&f=U=NXNRxo?$d zR)VSY)^~umou;Kq9&b1a4Y=rGwgfsNT5AkLNUc#f3tgF>-=@s1VfHxw9-wYuGXX}o%Y~y5MMcuD$_#InR0Hd zgy}zkA?fA776pOlUCS|<=b<-(me!)gB{S(Tf|wCmURC3UujzX#LyNM5lbipBCrUdZ zo>ZRno3J&z{joqpKsB0lFWgw!Dgg@f=~Bj`*8LGKSl>s3Y@0t@I+~^hb zLYbnxMW}1d6Nou~kTc1hCqSV$sNt0N=>&Rj)AAgC*j}@|fi#OBK~Itvw&G%{PkrMm z3sj;=#(M@M}=Flx?^Y2UTv`#1Yz<&NArt|bMi5qef&s@_C`1As0+r_ zhyIEWF}|~;BaKRz3Dw;tMsm}ElSK}X?*=eRYUPhIdk9d_Cc=>ItoeS~&b#s~$8g&} zL0CG%V4*bg*leB5Y@t#L%2Sc(Z#SzU`;L9!4C0YgO>X%Z(wgNZM|i+w^MxErB9#~1 z_JKHiqZ^Oymcc(%(Q5Yt1^D;dJ_m97J$x~kZ>3|IW{GX>|aVCbAOuJ4(q2xpD}o@9^# zc1l-7oSL6`?VsZ4B%C@{kkn4K+u&!t2bHEeCEqoVH`9)jiv9M>aG%`^K^IMsvHCA? zOd;!@{38wywWdv#p?(syguvj1w;>EuDeSEg}~g-vURD%%aEXaupP zPJ;`A^C9GNbW6X8iFi0<#7G5l^E~|=GLMz)I&b-5nE{Je$Yx0|lrkkb!US7Q;X3xk z#PvV(W%)# zO>mJGG$L#;|I>sI4}F?s>1tn4QQEJFIOPhp(+E0yKd~Ga6po<;)oSkSroPb$Y-!Iq zwci@Z|B&srdvk+SmkmMX`X%39_s4e~%8A5HQ9{OG?Q2k3>9U}syRE$I@y?k9~cAv@FzlV$c{D(ou{~hD^jjNMAEZ2pP}kS zlwP%=)>#YON7aBrgnOoQ@j{*k>~j*XxOO@363lX;nF*H-QCmN<;dpLOAG6h$65D@m zHMudnJYC_u@N&nsRA-#_?><$aNMiE8D*HY@PwEKU@c$WVwlxJWlLz6FZa6 zpN3Z~FY3`YBjZutcai2d`oey+)K}Q!(kVbH9!Y&)b&pBb8n#|~Dz)}xM(hCs zSA_P&fLu(uNNbk#3R2gS;~;N^lU6pazjGz>#bueFq*>G*%)X` za4(TSN3zhX1e#g%XvWJIH;7fgcsPgHbJ}OpKk4$8&f|HzIQ_kiSc<{_`sQXPjpVrO z?EpEuy&e{)5#S}wVvE+u zQtA~yyc$>JD;t7>)ujq5ab0qO0s=j@H_gLA&u(ilKc|-Ofz(P+n)GZzc+h>7o&vIagd>Tg%KCe^6PY7RFrj47}FqDQ9 z6muB1BKFREae8ZE9gjCgV`fHMej`151aAqt88?~I5JqJwW5^_2(epE$_f$<23&#$>r4w%bLOXux};WV`50RQxc z{dF8PR@QSPDUF(x&gW9^Z8WoR5Vab{H-P9MSxxSepc&@(brPLTSHFL#yYl2_wMC24 zP1`Sxb`Tz_(AwC83{RNx8G*O2x-&@q7mJYWzkZs+%d2@%2o=9$wfjX1zX6h9>R2EC z>fLVn;}_@8`mm7o9_F$!Lhg_owmKQMSkZcv_ne7W@()kJE)M+hZN^B8-?-`9GyFuo z#OjblvQ`8%i8_u*QWDoA?MsslL-TxA1K--4-!WE4UOumSf+uGF-SuvIIu)5U7I$UZQ28ZU^#hSttt%7 z5JFz4@zbTYFN&5ur9Y-VdzA8bKANWCoQ{{Y-1G#Cu5hP;B}3#``(OR}RJa+!K7|?I zd3+|=20pL+daIAzO*Es=4nB8zl(cT@kV}1R5`01&xF34kOutXM(& z7+RZkkG2sj)Aj81>q(Qo5O?)A`SKumtbabibNd!+Cu)Wx_cIMeWSv@CaV~ zG}v>pEO9!*Z4<;`hJly&M#Z`RmQlp3+?9w%i$?v7hpBBbP}kRI&R&}k?83ubPFhCQ zH1-N!W72Q;*sXNAVC7NxaWN_@8LRKat2>^Wk@%j-nE3Xyem9~kaZPECobKiHdf)zc zL6o8>n{M26++2c=OgQ#ZI$uP6PCeVt5pC%j_V0@-MFdtUtCUuS2o&@M;v~3yA?GGy zdTycohj0?|g3vH5=r6-dl$5`r4^yfLyBQmPa4n_tMo=nf<0+V0f)0fCW;Okaa90FZ zP~NocfvZu@152G+)n#O@44BBr0nmn_jbGT&z) z`Pr%C`+)SnODlp@A2myY#M!4#zTe-^tP96}AVO^Wy%;yTYWMelY1pxY*WaOb~$)AQ}JxcAw@ zvp|MCWIX*1W*fu1Hq4K^6Zfk<2nXgfP)i&jO0Y7A9CYQgfl(^q2qL zsjRu6J0d;(8fUwjD(K2Mq)N1m zDBI7}e4Gsx{&`TFMNn3HqVyIxc~dpTu6U#)1W)=al)MY(@*{mZnvC;A+FvJmvX#|1 zHtB{rxvzW`F zFYT7?(>i%K!^jZKvo+nn9tDhSTA53iQ#Y>(&)Y+OCixBi3_}bz^3q}*1(~;sx}2`F zcehU~kEUzSvml(f%u6-DA2lqo?PpDTXKj~$JV@g*VsdGd+hWh)`-Sr3+|U;Pzmqhe z7BOAYN|>fGDC0xELis&&C^nMAcx0x(36Z?A9M_mwjF$`&{XTuRQNO_d9$o)4%>Gkg z$I3M#76mGURBLlEZ6U|_m=`8B*^wCj%l!`*B9!2y z3m)mTsvmR0(xAoZ9C#C@I5|;u5FaV53^TFrAHl&B>DOu7DQC^H@|a22XVc27EISZB z-;>IxAgmq0EeJpG52I5IZ^BXIXCIeE$0j@bylP^Q)xQBu?2Gqy^g#&Uss%ySAnzjp zVCJKVf0%Fy{t0CmN(`dkjPGpA$%uJV?fw>GL+uKso(3pQWlr4i;MQ{`yyk!uY(1pH zDz7RKN{#|kCdS1lDZsuo4ieT;y57&cS+2SyM7DZ4Id|E890yf$e4q%RpdF^%Ay@m12d>w9 zzW;-oij+Uyw_hKkT%S<+-||Y2V>^)Lu6v=nM4(9i(RE$;p-CU=^CSxN)iP*R_QzcQ zuU`F2#M7N5r_a;-|JJboC>jlIV*Ch2oy3kWh?nYr6d?*+w6Dbs;~6~%d?;BQ6-oG{ zj|{r;;+3A+-zAmMXNEbNnb85rBF$E7f7e2yQs#>N#f<>+oF5Hny+MG3iwGNvi_82{ z>aI{WQh|kvhF%!#9kVAwXYa*3M3b#FqBMWm9bfi6E*eIT0|VqaGaA5A+PmFY{Qy_} zd{@amX)Wj1uI7Bjbq)s|5_hi9eMI638bWIy4^mybaUund(86Ya=`{+Dk@Ag!5B*rx z^E1JL5#J7hOe}D7Q#v4tACVmf#QZ^SIA`~$NYn?pHBaq?eM85)!U=PR2Z0RkGz10P zEGrAWI6tT6Cr#rTm{l=EgWC)?eiu*w8lNGQUR^xiCGCY^hEewFAQV5ic0vVIr$W(! z7H9($6chvuvH7yif~IIJ0_he-pz+T_t3yx&<|Nit?lFXJI1=5;GVMSu*FS7%L29bM zEBp(#^B&HHA4urx4ja&C^5RkR7Yc;c)+IERLCXqdl)APuU^+hHiY+Ihac8B~;b7HY z>L3dQA2FaQKP@Jn0c;-0Ip4J|-EZXfOB4F6MQa?s-${f|AK()NG#iKlt<>%r-> z(N~=E+$pAYyU!NXaZgZO4JJTa-FA;v_NDaeQ`NOwr#NM_DVE9nPwhi zCIMoIzXXWHqSB8z4p9eH6pY#@i4txu3<6REGmPb!Gq9zax+=xNNWRA+>t6r2%_$#>K|c*>GM8N{(jR8Mcr#F5K)KFT zmLPI%UI*z9P&>r-jhMEMMJ=~L% zTY6FDN7UY&{2JL>br6Y{5vuOAyg?LSR~%)|Dn>` z_LOq|X^pu?VsL$f2zu82@(B>o(1xXIxju>M+r52cr`Ym|Qa#K&B)~OsFH1}0Yb#&X-L+5*mJ^3pdy4{Ewg>G?U!EUL4#e2jq3>6;j=-iUQS)6JrJ0rc+&Pf<)sd3p`la{ierInH4D%JdvkZ+IvQI1St zBLS(DrUvPX9#M)Pekh#L_tYTDj(?1YC$BVHVQNsj@X_dnQyjOnFRecE6+|g>->AqL z^=+XC@6ah&|LE2U)%c@|=0_Eyk1FAu4XHtY6^^Pt#<21i58m*pk8vrJlNto8;>|k* zb*jp}3ceb_S^kgVGAR0hmOqlcauOb#In?C)ujl*6v;Nn%{o7|sCO)xs0>_}hP6hwB zPX8BB^)BH^$dgcM@q8i>FR1~TEc#e#U_XUTv7F@(e=Jt!!v~css7QBs zll~(Xs3dBcorI#_wc5F1MW@f43w8>fle+_HO(w!q9xrV2*pN!m`4e`Y#(#5vd8Y#; zQ-B!)FXqwVQLT$5BY9N9mI+I1JzRqx$m_f>ZWe&GD_&P2vC}wT!wJqHixqP0I`3ZF zW>Y^3Vt2e7-yOBp8dbsID5_hEs#MP(7e*y~rCK~gSzXT^gU2{3_?iwiBd^6)^+#l? zxYa;^3N<)~@Dsw2cbCPgEomU0ycKg*D!%K3Ahgs`CMw}v0ySq&<*ib6_DQ?9)Fp{2 zx&GJsZ!D<1j`*bMJg;rhSd|UsQ*AlZU>VBIXM9m^$5Rfaco`m-haG_#S80Z!#9F~o z*H_W5L4W^Vf?_M|j3A9yO~ifwm8E2t`*-mYCjIeLrMwSvIlpL(N(cXK77Qs#tvaFi z%C04RQOEi@1)ay~@yfV|^J!!BTR4Rus8TGQ-kCP$h%!&~gW4mqs+0_X%pB=;2evB3 ztzF5(Fpj%G#<(%xA*x}3!q$Aoe7S}(#~Wg(N>n5aa16f5(ob3jK>u-83@&t8I!{O* zLn$swY*$f>YrP0LCUO>VQCILR?huh!{>W0zU0L;=- zkA}EMAp(0OsprdDzBi3ov>H7JH)_x_bpoC<@L?E(Xo(x0xQ!Xhm~lg8nwf%@{Jh$9{s#l77nhLn<<$!$}ShwQPeI_^2mSA75jb^`99@At{y*ySQsHwRxBuS9__U9VE}LL~H@ zAgr0ReQL_mf8f9x0%6bB1fGw<7b>&tHSlNSSrpbQ(>q7sDc?QSys`y2YRHgETDm`BLAX zzg-h>a39ieXTkdt`{CX`2o6&JnB#1sIKJLWlwdN5^k-;k^C5*ni^3|7U_Fu6!~eMk zqo!}C#i2{!M@=C*NLm0ew=fJ4z4=zO$lKldL>E}yp$CMR?Kg(EOVHj#ymsfyc#!iT+?wQy5TQy-TM5S8!PYn! z;R+ZX=Xn`ALmUl`yJ887s7=si-pRVx4Z!TANI)-<+LFGEu;(`io{-8S1ztYr<2XxC z8GJ%QJA$xl|CczdKuZ-0)Vbx|ro3{GUgCr{*rJiWj8|K8Tvtf5sWd6LMvQT_JhC#m z#1Rzz)PjUu?+55u-|wjy2%cyT`9->%j4mDwa@uQl)o5u;^}Wi4ze}k|8?PrhXob>c zONSmzqdUq?sU}JLL-_%f9^zUC(3@S|@ve(7*R9ExoHPY7IX1+NQ}{ zLh^s_>`P`o>p7bqbgfXmss2>2A-uY+9mJ#Kp}o0mNPOmEez#6o+33_;@m&XtoR(q9 zB-2gY5eXxjb2EnTDh7#e1F<{M|8q-h&a4+k7-vd zlLt9~!@n9X%W5fOW6H+bCF9`s`vX?MkI(_$BnQbG0Qw z!j|vwE9a{4>C?zhib9)Q3{{y%O!C6yD#Pi;!IakeO1gVBQ=Nv&(HY}vcJ2#z8fqA7 zl;hUhO?o<$UqL`ctFRujhqBs55gAt*iNDvYjTSHVAGy9w3u6;~t{BdY_m`Cii4~u7 z37Tl!{QlIWTEB^UQLkFJ!Q7GbcGO)_-2Fe=Kv(@qF3JoP3Bv$)rW~G)LQPixqGyZ6 zya`|Lx0x2>HjNkGxy#HY>2=)^X4`R5Mn#4C05$FxI0 zA@%)<*C5p?ua?zGwM(=lqyL$JN8f|xbxPIRuX*otksM>{*NLA3?r*)1&gPR3Szq^@ z9jfmakjhghGP(TvHr9liY*Y(e0xF2iV)Q{?wcI+O<%AATJy7d)F?ei0VMY%^W+YeT z&rF(Ju~0>+_K>5pC2?S-T4;OyXslC&dVyuSLkfC)w6 zc0Pzd*c7$lSaS=(8F1_R@Kq%tfhR|HFur9}>Bn(0V9OUJbC&|(s~mySbEV=02$n%& z(Ew?eiwlC#i|ZhfVHJHQ%2AkXQ38M>rmG4>oLx}JurL7Byfly^(rXHO|J)2 zRug5}FL4=V_bUYv=*^Gv(MbZK`WzUGS8=NajNvzJ-WJ0cV`g0&Dcl2|9mtP4YpP##!x(xTtw z3ajT`oBORaEwxNOJveE*St?%Vm7TK9gGz~dmA-eA_3G zPin$IQOD<_17TnGop<^=B^1hx3JQQLR7F}Lz&P{XumWokpE*R;X>(50qER%6$=H8< zW@9w$q1Ki*rHMxbi(A&J^XIM}TlRdIee`w2Y6)SGcs{SJulEc(DVTI(khz11$?8B3VfMqE(xwc`3&4mOlkyLl zG!qut6dR>kCWLc@u$#;WS1fI>)blG6&MqtBHsQlw*uL*l4(06v@I zyDW#e{Y>98^@~9cfM(&X0j;Kulo0$H3u*rv1`}I~|eRdb5 zuft=2LN{0@)OyQOp|AA8e>bl)k~h!$chT4~AxTnf70sV?g@i{kexDRAe2fAaX%#hq z?mtbPHs>7IxhSns2HE%rL;0*p{?)e&7zp>E2B_F60K;~i%Hk0DY%YY^_-FYw&g`ML z=$<8s3I<;zy?wt(uNc4?XgY5}=-;c+qvWLTmVJJx_aTduI>7^?c9}pg&uNouW&1pG zsQpJ_VhdN)XiNUksU^Dttom<+Dwn@KTixkOe<5OO?$aoYJE-2)04NnP(MF5?D(%IS z)>bbEYY{WCSE&ES*TPn{{XA$EgZ zr8XD1HkWATRrQgF!WEhAPM6VXdjS`{3Er2=u${#M4aGClF5*+MPU1>~av9IPV`YN3 zkKf+$^p%>`JhegWonaU8s`r(ZdKdBd^m(z1{y6XRE9UbzYjp#YS$p(bVCPY#>7COQ zU$rMM%d30mBB1Mfo(X!S^lKP{)_KEu$&jZK~)3!iHVq^!T)tHH68l^Bc)M0=pTzM@gEgRG8dGW&Nf<=kH07aJ!q8_& z%r>nxj_uOS7;1dn!c5DO6^h8^z1RDDs@3)u#olop%fA|odu=PNv?ZuXmQ)yeUfv|d znf_}kiYqbqD_{n$WFN^Dbx1mHMPK)Yf!8(UT2gmDEn1hh_u6O2sgXp#(iRe852(DV zpCcn;?nUvA_;yEkrN@)=n(mbl7NfS@GM>d*OupPRFL$K#)tpQaz6t2II4iPHcC$@? ze42C;#WP79)~cice>GJ*)%InLNxa&W7Cks(p zcKudT@Dhd|wP6eI;@~WeM4SjZw(zZa-9Nue7y2 z9MY%4D;CinyZ*X{Lnd&rfEilCG2roZcoY z<9A)f=|l{iR8-up?#`%s&!>2@OArYShE&cle|)U5K&e-<89Q2)ujQRh|Lk+}nJwE3 zZ4lz_wx-~Sv>^p=u!i7R26?x@Gr>&MtXFXB7z;0oiIR+@iYq%VZx| zb2(0#bOj!vs@N`9n3auJnK8L*wgBajcy^}kapqM+B~;l^kc1FCV|0ps*hqGW*>ugK z+k8+s!SjK{O(6#tflfeH!CYn4m)k)M7uckSTpZ=^O70iFFoh;2PvX9d?gqgyR$UA3 zXTG!YO5FJtuMP#m6%I44=h_ZSBDn^Z=IW8;68RQ&#D(aAX$AH@mye+H5Dff_>MC0a z`4NdHNX_9eY~lz@nUz8fRxzOsel~5lSaOj&-?4p?Ug_`B72zW|5&l{!@G` z169Q|14#X0^S#uP`uPS3@pqk8(Jm|n0vhdVi&hMTn_N}SXuWkV5A4U~3;Oi4B_*^D2TAw3S^)Q$oo&+5 zVayns&4${1Cz$;*UI60bTnPG3 zSK1qS6k0azm*v*0xzPXBUHJ3gTTQ=AlMyjx4@d=dP62un9t20SKl>o4wvc0llBRco z`0m1NQ$l;elpH9$>miK6a&m)s+WC@-}`1k%MBA5}n@-YJ1z{??|$4S!o(289w=0cBLS_^S2+(Jcv5nt?Hw z@t_S7){L<*R{7>ph0vUYA}AH|V9;u+<_cfiap8KLkt3ybd*nANb^+#`%a73++Id95 zB`DyCvdw|kFadZ#JP<8RTRw3uQiO=_b(Y>>Po65Tj(zwDBY-L@VuM}XI+Je8B4ePn z)L-QtAtNNRXpi)?54~if`^YnniJwTv6Duy}!D+oS30LyZdQEBiv_9T(iAyQd1Z9zz z!clu~h*{xPtamTbG|5_3v<0y;Fy}G;V`gml=;T`nc%mHsSf#|q8KYRoBLl3V);5cd z8=1E&td%*}DvdkpZJ+K^KR{rWVi|BJk!@M>MQW2Syy-!{Rc5?4*5I_+0FMxw=W4@s zyxy;~kFU093n5%303rY<6{YSCP*4B4^0n#YeJ0GG4hmzS z+qF3$lZ!xX^c?#*h4!7pqj01X|Kx)CL9_OKROPK1l=FN<^JY9LSl4@CDftjmMGWv~GeIE+Wl55-!BIr_*qO?36x91h^3cLL<- zJIu6EtOt_XCzPgX+~|uOLP=57)+Dj%F9FXZ?1@RSRVGAg26T`{>UVk+SZ?y)GtFxX z9KTziuIMC$b!0}*H$*Yg<+$Ze^fbh>qJX>}98L#)s z9b%qX(j5StmbS0%9IPAao}?>JX!ZhCAUDu6_4wyVi3Q?iflBz-y;!@b6G`bA2{dZ( zTF;rv=5>{F+()bwu>5YLa=vRb!=5e5j_NV==gaCBt^Q2 zhlN0t;2%GLe3(El-%e@vF}!9RNp3beK;E{f9O<|D&DyXSmY(v-jhtOQ9&eD|2{H*! zy#g8DN8mH&peJfE`&;5|ZrS5PgNOYPLC(mvg}fBi$_spqS)q?+O`W8XIfTX)UUr_I zj8;xVe5>ZlcY{`hF|@475GvEU+NXK_ejW4PIf=R%H4b_`G88pj&o8HQt5FHE@gj?K zbRvCP@*# {uA?G>MeXV63i=mllD7m3DKEp=_wq_Q2^g z?O8(PnY=`FxYyGC!cuZOlO&6~0E<2*FOpBicNeNO1CfpRViY|LJh{g3jx;L1=A~gU)EX`wTb(O=;7t&tQhEU8s&xKf71|cQpImg zlGM+V-sS~#44d)K=PLJve(M!Eslj+S=N+Agi2e3`bg_}zVJ~Q|Gwz^B=jo0ik1#u- zo1P?aaG?v^4WOGP2sR(2t~;iFEK`)wx){Unt`?}sOCt5bt7;#ugUZpljWnn2iMm>; zyXVaqAn;TS{QA>VeU`}ANB(F2=2qT?yy_R_ug7F}nXAvdCS3PgFUG*^7V)UREr@U& z{72UkY0fC7YGZei9N`HB*o>*0q7SC|m#E*dRT-kKP$Q1b&A6mk?mN*Jgtx1|c?Qa> zCJJwOT|`SBc|!40h%zVp>;%7uN_+{JdSXdlw0nZFRPJcdg~a_j-7pH5o23_K*em-gP1*Gh1@95&RGl^5lQ^9=7MzDYs-d$L4c9O82lrpXZEWcpabn!~<7CXCd7`$~r93}(2>a8j#=`{ueR!MecQmEOwuoc^(7^9z15v( zc>YqVeuZa2`N?!MSj`|N%%F%BwHrN|r3p^syN`gDKTYE6;fcKrFKjh5o5UB#Pb%`w z>Sdvfq!o7s4&+(E$+|>LN6J=jQwN6aL)>CWBslYy9RrU7h|6rZG(-bc&-pfjEhFNr zA|_^97qlFCVdMKE*<)2rDd1kZ zqhC!wG)dj?R9&0)vf{}Y91{;0w@jGj)E6^S6i8hIe8<+uHFV|9=`2ljIFZ`Hr@cot zK_R(YninW+f-uoCpheA5EiRCp%%t-3+%Yx*k*pVknSY29Vo@>9dF{qguHb!cm4-B| zn%teyRMvd1ED2gNuvj{bYbj2gM9LCfULL3NGeSv-=npd4di>cRT|gwyJey;YGwxy% zAA;0AZy89Veq!aK=pcZuUF@;Hb)nCv+*; zQ`-~X5Sz@Arq?Z&3A8q&u}HDZa>YMP!4tPBnNuvPsw@W>+ZY~{X( z9duOg?tGNT2al5Z-HsW2k>Hqouj9wax!QI4*~MtYhSZy{gy@MEBg+=vBLdHFtwXDJ zW!ZYyY`PfAQo;Z;pb74g4y$PkzXdg`*3mCy>Fs6$k8pm)njwJSe!O+$cFyEn8R<&} zuJg9>CoE$V9B&I02Ork|aLdN2_HYNe;~A&>Iy#v08Ec`2Dzzz}_K%j}{y5rD zA|RD4onl+{)A|$1_CuYAOFCZB0B?_6^Hslce+ci=V;g1Zbe6yn%d~Z#8isRO%tc`C zUEa01BMAdrN?(z%U72hiA^0tM)>mmplTVSU=u>V&>HAGZL3z>Ic8&gcV~-xVk4|u4 z?>dN{>L;&=#2RI4s3TvvsY+n^sRU$hFF)hFe|%L-61S9ZG6FJxLgkwX-HXG`{O3Hi z5u=|^*(?M4vy&)QX})(wc9H4mlQx{2C%=}*6&lJ(iNyRet|ygr03W+oMpYCqg$JrB zZS~cY^0ho=*VxcMwKj}sqHK@kD#|EAD&aFlkZCy1L!+ccxR38lRwf{x@C>KEZ!4us zK>ONq&i%YgMb*<|l4rzoo+Ib^KI3{vOL}1%Kf{EwHU1|l{Bx;ix$akCCzH>OggPR1 zd#VHJp$y?ghp%LDXH96{(VTZNH)cjOcG}3Po|DH3E5?Zi`>Yv8uVL_Z3qm)!FL$pw zu5m>70WR*uERR76hOY-c1>a1M{r54af0~tAdX;fuZrx1vb+{_5lK^mZS3B;{HO6emU4G*wwKUzrp4Y-E-~1j{hScc}V~ zcV*J#9*cZJ(f{(Sf?nH_@eA;F9c+=@!U@J!wh091+OYz6JWPSb%7QR-X{pM-Cb3^- zBA0`}^-*@;GpcBq$bL)fUOm*x_kTC-JDbX)PZei>_k?Lm+hEp#25!7i>4cZ^Dm(Kz zx+gLaqU{2rl1p%B{C@+<`P?1-5rI27?%!$6I$J+S%=q0dE$Q!xV1F8>pZXCU{p;Ghi373qN?tQL0?(+ zz}hE0hWLcatA+Xv!eQ~MTG4-1fK*!KIH`<7KmcW|;Q4rP%D`6R?I?`%B$~ z-L(J)pqyu1V7s{7>3y%u{wqc%%Pul|LZ*>%GkSlEac9SBSowJ?_dB?2beWs))r{-C z$=!afb8=hlY!{eTah9##axS6V8JQTa*>hB-y;{A#Qt95nTGNHx6@PWEA<`}=xZtZ3 zdrR7$&+P72F?zYQ*n2p2%>Fk2YOZ4ta``l>hF;xK9@f^?!4on+@L8WQR8>+xbpE1= zwf&gYu(?Y4v15rO<4Kz*$5x2=ha_E&g@n9-%&wpui7@o>rUws)dJ0~ZkV`UXu%}Un zY_w|in{qjlLT?3^$i{9BlOcnR&MZ86Vl~VOxKCGkr#k1!j`^kbFeaG=rQ>8p-Bn2U z_?K}DM%h#zw?<3X+r50p= zRjQvizHf7QHs=4+(fBuPIf(kD%dP#>TIdK>iU(sQwP(Ka$1f!^wzM#sk#W}wW6)(B zJ0Ixc#Pnsx>JZ|IT311Nq4#M#)_3gw&KGq&i3Jw;Y-GVb`Ic#4znETDq>pb}rAUXd z=F?2H^PB@?Z@9;EbH(u>L^Yw8!;+G|{_4d4{P|cWj({0H2!X60?c}z$G?|$n{;(Fv z;{SGIY@4Q29T7 z(`4AWEi?!am@B#PajY(M5%6fk;`?*8)xG#h$)4NmrQ@J=R%CPugCPGN0Aoh5D;OoG^#c00`BID##Y%~w%Br#Y|=nB zd2lq0^6#R2KOtT+L~*nX_z?_yOY0|ZdM#f1<5WZ6jDlN}?U8b69I@-_-{@ViIK@}p zM!$cSTLd}aqB9>v(Ab6(i-fm6gh7<`QT!Dpt=o7C{@J=M8Ffm`(2fSHmFp9f`U zvCqPt0=X~?nNRFy4^J=3W50fr`@PUt2KFRai)Qoejyi8PL>7aJI*+zfQJd@_QzVy& z2w^mbxxnJyYp{1TD+2bxG%G*hs!FW4> zbELm%>a{URBqHF^us-jl_-8nk{!scNTwTFeHU?W2WiYZpJ@oy%3aZJgOIZOKQno_k zla%QIDi$~@?x+%USVdpe)55ptndZbR7nRNm9h)LNu6hmys3_Ky$8^$oUjBK!DUq*U zxLEwe7056%BZE(~Wyco|IAu3Mra*0^`yKAgit@@X#oWE-vD`&J9Ch-l%N>(k<|U>& zO608TLfj{ahsVI96bFftmrmU%uQ=~$<9L^L`q^QiN!^cZ{)r#oyY+Z^EcE)8Uii%; z&fzv5_n1>N#J(uZo^3IiM_ZTXVL2@+wGUQx3DU{(PY%eCDv64&}Gp zmdPWZ!*gO^a|~)<&dp9`&alSv=dHbpNq^;X;`dhnTm{>ISrfM0N@i7Ki(`tI5vg(H z3jsQ#wBv!8b38DH< zk(oLtoWX-W-%~yU{(*vMloEwo?c%-L6UBgVVDiG@JKL)qtVex|&nux69oF*o#E6ue zCNC7!9GPN72g2Y&f1oGOpy0(2ZD4#k^%FBjUm9F)9uoK^9#3l?_4*QHSt2RG7u#WE zvozb!92x7i^>jt_kyk%QP|xQR>9+~A#)t4Pj)G#fMEuydTVJ=HNxPdl3XTx{3#a^>VM23KmB3N99AupWo^zvl5alQz#Q$D+^q7=oTVGS)Ag{Qu!^J&bdpBmlty zUpi0fWTkdHaWIb;~oSX;*@s+S?j$1C#Zcjj@4UMKCK*r$1wg3I3o z3iZdGUS*kY62*)9DKbMNorR-BVb|G5I74_(U_2xwLGwBS&$9zV*S0*`s#I? zqGW-j-gRAA<`ngHK8J_Lt03==(^xq9G7AX?v3B3i^L4Y0D@SGD7-19Ecdf6HIan`n z{W11zseS0^h{#3Fq$cWQflS|mGIYE(_;*X_^? zIu*!CQX?um>oT7OrHXt-vObULhcCi}XNkx>95cUm4BSs)4?~>3({dcxTJU1nCLFIj zcL|+S?V*qxYYUnFLEu;N6v`9U7%E0OQ8*r)KrNLDtD>UVzLL~5$4*=iT91B@uVe*@ zgZGhHZ+RQTc1KOc|A9-1zxMvcYZb+#n_H*ECO77rBB5`%J^3(-o0})@U%BBnd*4Q)1@uMmo}8Vj7_LuRM}3QoB50iLGn*#}g$r{FD49iXq>#Z2h08r|I!O zE$r+XMgiZBN$x(%yjOV_0m*=W~Z!| z3)lFNFH0?gu@QGl@SlV2Z^0aU1Nb87(inoWLzhx7l|xC*4=E`j_AqC5?)Zam_SNkY z=3mI9-QbVxBX2F-z<(J_Dr!*qRgFYxNXA!fAf-bohODo)A4T!1_w)Eh$=8FjI2~Mm(3SpY9E5j9zoy>9_u{T{2Ffp| z)CHxz(CE-V)K|)ui$*XLMnx}D^F5AX(z4_UYb&mA;^lECWBgWN@VFl-Z*@NXvOF{jX4Yd((2ndSzr=2PI^DZ?j_utgTAJ> zAbKHNf&rKaRLg+t(X@f|y2N&TRuXdoz1+Peh9LbK4RKlJbI!%wF6Ci_1RTwXYDF>@G7Hir~4Iz+;c-RaaDpKCL373@c`&wJtMTn=?{1fp(?^*p3(^RyZNgl;#- zD1lRk^vSHWAxW#IOnZw~yH67sQ9?yQ(430{K>CA$ z7Z)1as@om%R@ zj`&$>)35PVytr02$_TZds3N-S04`U+`svr zB#h;EHCU|#BTvC6cF#sR)Ur|CCOT+o%&<<-KAE>UIbUu-f;@uym#gJ%Tsb{32I_W^ ze~UK5(ifr1bA4}kPkD36megjY^=Ae?NHOP|Nc5ZFNxACE+w0yba&eZz7N)BpIGz=$ zfAV?_iPjO3Jy;b|zx=p}iSpl~_hd54DZ#)JQ|}v-EU`k+XK9+RwPS8DI%L0epp)QD zkaw=So%%yH;z#qRq3uutWt z?~L`+E>ykg70%F5KFVc{Cz4Hn$6uWdkxb>oran@8fn?M#%yqF`4P_Odd3 z4t>mHb*fob7tCSv^SW=(+s2W%C4qb7{lb~J#+zDu=5Bu(b?Mv{J<=LGIxYRr4#tK{sKbn8s70XX_xTot7ybJqH zjkhFMyEopiEco7tO17~j)vf$gpl$F%;ufU;>fy=r>8T<7B1ev%TACFnud|XW12_052#zbI^4|UF%bG(K7$Pw*rnSZy0 zp~4Cc7$71ejvVY0*hYwZywV-GKgf7@PlEB@|It;KE8zD#^W6P|%u|UtQb7i|X?Y^M ze~v(q!feUl%|(K-*SVa$?6vqB4hnBP(sq!>VO2w^HjTGdiZUfj(Da(UT{I7}g6{gx z27hB-Dw|L))%r!9uWlfC6?$9pvj=hgx^rW2Jp4mxmyU)zMsN~FhQ2^ynSmR2-l?Pf znx#vazHoS^A}F7uxlfjpBw{cz>63NH3- zlgw}*Dnd0SS$+IoT6`H1OM`pI2cL-^540sFy1}Mqmoq^U!AjfzZ)VTV^FOz3?+ zgS$%Hrs~}94^QR$=k$^CUg=BzsnVZYK(cE#9h-F^i3!FNO?v4q>q`?HIQ^Oe)*Ak8 zuoO)IH7>uqe5lnWxIH$F~m)nE1%B>fr&w=dq^>>D4sUIqjP z65AVx&S7p)>0?L5chJzWH+HWJVg0>C3?}*k9NTb1ccdl+9PrhG2ps5l>>GEa>0H=~l3aP#}2l|F-+Uz2d#) z@&AVXFQ&&p7A7A|;z0c)J{P$OXql8?}!%#Dib%Wnk;PS91&jTXy|mdHh+c-u~ngT#v_z|A5OAF06-M^8ZX`kJkM z3^m~WgvfY)c%ibvpRCH#%KJ=_gOxn9*q}Jge?YkQ@L(jNJY`kEFJruEN`38n)-nBZ zy~PNaq|4MkfpzTtNJi+()VL?s6Tt=B>y%WP{JfP^bm|Q;r}673ca}Gr_)$hAF<;2c z@<|PAt<04Yl3ral{Zcg~Pkwh$!CQGB?p_(fQ9$D*Iz~mWzVZIRN`Qe`-7HwYHJmic zh6n4~|1IR0a1hiY(X&ErWb`A|VE#{JHAV#eocM5!m0@2m7HMT1>Ie(i{n{nJ4y8Ov0b4ia8JbzFgN)fzs(5KSd4!~+BN z`XA7vplR6PMf^uIS*7^tx3yTcWUNCUj}Zr35w9sc!bUp%GwKM756w7cB%ofB&KWds8sv%z5nd5)qJnVF|<314~ zJ4jiK(Xi%tVjK(o16p}=na=!REoXYe-T&j5L&8RR>YSzeKdAp%%Y4e3jL!<39_UXu z^IBisz<-gL#NXrB+o26@y=>5Ok-3i(yY8qitDl@;9;%h1mE}q%R;asY_ZR=N0p>7I z*RU8?<^<&>-t0zq{721!fi&XxJjo792f%(sL$ux7XC5(*vBH6GjCcJYB&gpt-geDy zdyEJjMQ_(B!EdvHG*I_$PN!((G$zHHPPk3`X@7~+0E-EBlxs&yJMeT;#5$-ta;*u! zN5chV34aU&PI3sT{MePH=BJ-0hhJpFXQS--<^z)kEEoxp4_f?3JEc;t2x4BDn%n|B zT*i#XlKTHJou)E8eK*uaGgl(T>6ZYc}tL+ne?+ zKn>W$?>cHLk4QH1#g&)1e6W&DNjup@$6~#zcO{iZN#Uq^KS^oHQ_>Tw!y)`T7?M@m z{~_jceG6hO9B?0?d>IZ98w~WC0`+-xG0;A8YyShN0LHQB0W4@8{TT@2{UzL+2}uCLUz5?LhG@HFW#X#$ z$(IrAb`xD(Ro*|g(wv})3>GH^z5B_`$9H#qvL+&H-0u6*<#Hc+s20k#qc}cj4s7yn zvK428Z1Lozr6RFogEOo_>*~`^_9d|EPw_s^nuz?QynH)ymI~8pe}Xr?H~FkE*3vxB zVkF*1g6^6SACko9Xfau&9z`ctw-(BW&#duLRdtKjMo7prtJ!EUk#hDJ^mN@_J#Q0q z#qG&UaLtzPsXrRo)7t%#$YMTliMi<13uCP-!OX0_o(x_}S9yZ00FR zvwgbTYI$wFH%h;^`RUClY{3{s&X9U+%ick9>z9nx|94aas_o8$K0aF&^*(V zhJIhi^VsHexStJjO*G$K9W7Ow5nQ)80D6V>3KC6fqN2j;WPdPFY45D?QMRD;ntOUr z9Z-rRhRxjWx$#)I+*!+>V+R5KYMHRAIt|}~+Y&*NZ;zmq(ob_6``V3%VUp97xF4ER z-3u2PPP7q8AxU>#o$r&O{k}6#>=3kB_unhIyu6&BpI>@L%&vcr{yTmaCBJww3HSlq%Sqo-VXxzw?K7=5%i9@f`!h&hbh+ zFF2Hp?=r6WexskY`7O5j#qLDO^>OqyfQkJ3vS(@YqXv4z#iZtv(-s*pd%~rTv7Ty* zf5~w860q8b$raWNDUD9Amfd3%=bd1Iav4b%yZ2Rh`8y#e-r{T1ect^74r;Ea#c*$n z4+QSet2f;jGrAz8*r3XManz2Sep4Qr!sp%@8&2;l_+m4 z0Us2E&m4Je&>f0L{cV16V#5C6VyeI7>GA04@n+baMG(-q?4RfEk6Z4a>fNr}L2gfX zOROv`pK#VK>JQ${fZguD&(I1!J}f;o)~b`d+1uVG6mb6i?WWrOt~&L8o!Pk6FIYmIlH`?#UIF70+ZmWm?UB9XV;{tZ8J9+?{)+n`>$yP%mJ zHy&FI;`1G?cKx%D3O>gbZ9YhTzd@|bAA0oqZtyO~2=eE(u|HreCgiS;T)K5v$$z=o zHnp34iXTmJw7cZLRSnTnPA$Cc#HrF1&}6`uI(XBhN@b@^0!)9T$R?4 zN`O>%#*&T%4&!kLldb+PA`YWGcgLf}M#Fymg-@uk;M;BL8!kaX-NzWXjjPSUpBq;| zAhc)2LBJI5-f14OB#d~&4EA~l103PQPwf88p4|J(6+ckHIp7}N)3tU-EV`v2#_}-T zv@?=LeMf*(uCX?DL~0~t;M zTh&;b6;i>)_3s34N5k&h{Ng%Pe&?n*2bKc{T=qv;@7e1MH#gTT16flsIm@HLwFhG< zC#Rz|EyLWC3tNQ+tv-YizWVdnW_e6kT(?6Kf-#+Dn>=dNq9off4zqhm5=B4~WlarsUrAlg6Q7HR8+GpC5e*&La zag&W_YrT-}7!B8Miv!&+BU<gWgnbt<7`xq1C%lZUvY0w<1HXCm=F1ddbhL&eQ&L#! zKUT+o1$4QMuG2qE@R7T~QA_7#&USt9)@dX+)PJ`7T-ONZ&c@x=tPeUjr!A`vNDWVu zdXH)ga0wPfT!p;!J((9*-gQV6+#^Js>c z*;Gj~zf%P%pUEGZ;-`Za&m-3(m#1@ur{CXZDpU$TJxsYj#1Vt8yu!wE6?CmT@dO`s z6jV#J7(CRfEf%5~lpPM|^Od49X*N+=8`vBVwRlWE9*sCDD~~C-okoEkwk2j}W_}qD zKdxZ7=N-LC>6ckurnY;Di{sc%2(paf{e;E9JAT_?W-l)UQU;%D-yN?|J5;IYa$9>X zM2z}1j3GLcS-y7xLfeddN9@zOM!8+TLpkn{GK>ePX#Zr(Or+IrTRv`D`e5B=(C$r@ zK6Sg_OH}R^6qd|3yEjk%xL)y-ca?j(Eqx*;At`h_n)$UQ__!u`-hZ76_)!r*bRHcy z^0O_ED7Y5CuN7A>?#7Q^O==20o`e}r3EsC0GO3k)9*Ac*jT@`wr#*C*0)n!% zh|ccH9lV!==wrJMgW*8HazhujrGkzHikuBN4V}LtE;$kuja1!#KkXQkY}&u+8p_-~ zsQP(^l@9m&%UTLYI+kMTwy>vl+{oOzUhbez{W8=d2=-F(RmYV(@trTp>kQYEi zM=S&x(9+y{`*xpr=mOombYX^D6vBU6kvYmZ;OyvbdszRHv6^$+)>o{sifh-*d%JyR ztB{vqV?ywE2Azq@V4(R+iQ!6;xPjBo6ux2_t+{E=oTtKbPXRL2s$ZY^UZ6mH1i%hg zCFU2-E3^vMIs=Xa{dFG}ctj!dl{I}baHpA>#a#$W_|57|3kU3{QG54gTaiWJI!fm? z5iTy0mN6hg@bnA>;vlPTKMg$Tft)epl;9OETgC}zx>MBz$BWj`s?ZdeF~^XbI77}( z35_}4TcX|5#GzVCEz-4$nn}>Ff(;bD`dhK83HyMD)Z@I&pdCll!tu*u5SL4BBxfUL z^tg|{#Txvv9WYv-(^@3HudVS0O_m?I?g&@@@n=uu?c2e_VBM+jYFJca->7{p6!2N5 zdVn19>z~($NxCsL4V#CZhf^dH*EPj)rO+a ze?D|eSQCt-*^xmDZAwK1%Gic!LN}_e>zzF^Q)2azUm8bvs93lqb`GBdB{2icLcvHu z8fy?EF}n)gTCEcG%`Z1*Bm!$~F%0w)eQiDY8?e9oC98BJjg9+Waz`Qx>iq-A0-BT7 zl_VB`Aney>F zvvjtan-*-qe^D)^F18Gp-okS&c0!bm92*ILvxh_rB||eLyqOlkC-@|%wfhqfZ~oM1EqDCZ!j1VeXf_CDwFXeAitBJ9acF zZ*7;Tl@Q4qVej8z96kU2=~D`&FkJ`YFwD!;lEheJc%gk)F)%qHU*@Ytr6S(?bxSR0 z>yIDlhH-!r6qQgpgIK83r_-s<~AtXrJu`0ybx^(ITcIt1(ZRF5j>ofGXmqXWsuL7jzhit`>(#s;ie5xd6BfLd# z;Nri3lU7`k3{0luw*pFChz@F(JM!Hf!LIFgu{GnaC$}V2v60-Umi`oP-(;YoB8Z;M zewJ9;pI-rMC%JO#)KZ?r>c{dzyA4;CT}_0SDL+KN2J<=k2PP{Y z%YT=;9uyU-J(2+svT4)f8H)@Gw8%SjWMBOiUQ3mo%N>R&FjB4o)w-`VbC->!ZgcMO z3v}J;mpiF%qCq%LgP7?atKM545Ji9??si0&Zgt^IiC6EcB&q$gugF9W`Wz#F0{q|> z89{`OzP9xY43TBP6P@^SiLNqbd*M|;$HrIXga}0Z0t<|`K$7s4;b1B*ri+9MDg`a+ z?PL@ZP+Fz!psj@Ixga<|(H@X|*6*2G{HP%S6;vtwBu$PY)oGCfTzag1d^N>teU33S zWAELYUCv*YmsAhWpZsYfX*(rf(!Fgq1`F^}if9(^O@)0MPH~se8@lSbJx1zD(pHNe zD8pb(m8mh`Bxf&h9Co`%E_xzabF@&Dsz?a6>%d1VtBRg%j|^D-9~x*gUzsgh zQXO1gt!uGc4mI{2+!~6na3loOS3D79!$Q*Z+7MAlXtVg}sAqJ8{O5^^x#*52H|ejM z*7Z|4JcKRP@DUJ!k?zcn+x=y0fa8?PQn1w5NR(}zfA^gZTBrFkZqIPztI!ndJGMWc z4$Nil#j->FZz!J;K!Ezl-D*ysK$W!dtp#pWjX+5$tIS=Va~{(r0vMRh?OELBWtnkg z3<&&~tkRN<6L%HA!wNLj4&Z@`UMrJ^F!>L+AZNKHN9{40ukv^3SP!)!*WFH7ImnPS zioLG&h1&|xoQLVCfEc2sJBIe}cLWN++Xz^I*XYSSo)QfLz$mQSu+=X6m}y?~-R~VeGe+f^cpr zl!%A9MA_v0`B4ZubI%(a*w{m+mVAZAPJbWy<{dH}{PfM{c8t$K!U96a1hQCtqpcSb z%sD z!xLWJdMCR}@dA10Js<;&(^v3W!$WxOoa`?hg5$3U;#R&7ez=ou$o_KQzK(E>#AW3X zW~H=5Xd&J!$1ng(tk+40Ppc;VGDs;_R4$VM3yPvgt73SFdFN+xP{NxKY^J;0PluHl zVkfddq3OMmHLp^j{a(kumaVjAEm!8zORU%dXlxL|&-drDbFVbYAX>JFQTcT3&8^Tn z?>ZiXe4aW<4XN7NRRTY*x0fDY#p_J`KjB>RH#v!#y0fzX5$Q6_k zIGm>9VL}!5;h&%Re0QFcGNmTHdhlr~K^Pz>{lmHjQRo`Ct)InvwfL-`o$_zwuR1S#JV$;`xV93L zc?|t0e6UB}vg#H?)|gshY!2^%(MBp@Pe>#YaAm}&I1c%bd6*Q5w#&V5l|iYMVwNrmN~$6@43hR4ZUZ}$m$v4Ax=;BA%<$u zxx8%*hE`aa&x<&=x&dd(dJ3*s=Xnn7;y)GBGoz8kB*Cv`z?c`6GvPHJ>E@`agLl)D8@x(O`?yT zIPWyI<2s()g9_TvKqA%xbOHvpeS`Emw(F&7_>lN9fc<6aZ^wFHx`B+W8Pc~Y!zXcpwqd3$|4eoAibpWjC%WI}&Xfpc<>N z$Y)JAP$5mK;DX2xxu>2ad6UGo$TsGjOuGuOtG6j+3*^4w;Qi}Oh{U{s>xAG{qwi&C zig)f@NH;m(6eS5kvwG>8$m7H5$9n1X`ueSw{7YRT-X{20N09M(eM^iWUS5|=$V^6R zCo)KfYS?vc)zG`hUR%#Qj8eYl&k4J^&_wsrSM`~R1r7t1klCM?`sO0GSLqzC3EX!v zyfdf0)#l<5B#U?W+NLIZu}hU9+M0o^L^I4ErXNjyeT!?v-a5lEw_)k#o;@X&GCyjK zokAt^o8q)@R&m~$Jx4L{QD`=g;^TI63!{a{YOd?OtQL3mJE>{5p^q z`D3B&{l;a@Vd7Gp3{=;Flm}93T?0*N5wZ)d4&{X;YYSkHTe1^#O+VnSF*Hcv*X!}C z%8A4;8*Jm0*g^LB<_p}I`U< z`Uj??ZxJc7W{lxQFllVEs)+lPNVi{P4RTjw)7lzDWlKP&04Jr))xJ(ULVxw!%acC^ zQ~a$ggP9TUnrk@v1R&-LQ72YBo#$JH*)wTciVs!-UYJjwhMWQYX21f7Tz3A8t4@X5 z3zMJM5`9Y_*DPY=NF^F8>ZNKws$6K}7@1^e3?0IoA0!jid@GEN){4vxRkr1YF6a61 zf`bdpb{!J8cKE=D+8V_Y+@Gt-H#id;Z#Nr&w{=Vp$e$#2Cmt__{fN^Xc{@EKTK!nB zd!8B$F|RSt_;!dS;xgBBq@`sW?=>N!wx-fyRnjLPR<>&$DmxEWV6p74y)WBUd=3v& z1h>xduqPsDwMMFCT}!0NXqP`|qF_`KADK<+k`4Y05sO=2%85PPJD{d3n1&py%Y1#A z=8bWN3PJM^i=-~LbRRErb9ZPMoX*~-2ER7F8*ET|DZ@@MrT#kcAbF+0SQaDHI;4dB z#^=Gz%@y4yaGM57+G(Vk3+4%grlcjraVRLo$W9 z-%Pq?;{CA+4@n>)BVc6-SoCC|RSt8Q(ntK7Mfl`Uk|_xkvR@XD+Cse<8A!}eqf~Cn zNGG|(N-c!|{PjE(V`9m$!_VgJ`SH1PH{q4#=0}~&0w4Nsw+w(0KqutUGS)#b-PTHc z*eZPcYkqby6T_SlLWm_u0k*qK)pLaZ=q>c|Sf!9XFT#TLJfU`y8eFhjsT95NREdia zRBOq7d{Su4Xb&O1DOtJ?!7(H&I4{6f8yn%IVO|{x9Oloz9LjAqX2vKu9?7$-O!+a#1_s=-^IuoaOP^~?uN4h$+;lW;k z8102HwMRVS9Om}grX$Lu>E+p)sXk7Qmd&16AOQh^F4b|Burc+YFOroVa>XA*IR{_| z87Fhh0%6!!+v9q8!5vK}vuU|gFD?{!Fu-GIj}JWP24KJ$@vB)A(KOGaCxck`!e2bq zpdqsQaGTOC`g+kB7GCtq12yd-x9r0y+t=C{&6Js|Exn8F#_9qq1~MnK6ZHAwycUUu zDw&jn<_o4Nm&%RcqVEc(d18Gltj?Petq=cne+>{i`p|;wQxMzH*1t)t0+WVUOZV}L2vJ6tQTMg|`c2^?s&bW#CHo{N zFDWTC_(d?2`Ns*HPprQ4q%}WqM4Wp&bio@fem02FH^q4qz@c+)FYDchiWQUjO>g%Y z>wk`O*9Ruu3K#G0|Dk{F&+h&!Yst*JSyPP`JuUP_FTx2@7LQ(s-)%VaZ1$93NR^k5Zf++QsaNoVQF<7BnMJN1|Mf+Qk}~TO$K{2!NQ}170OF z`^|0?b28oTS676=1%t8Ik)NhM>Fobuu6lbjUT?DdQg;HuwIE~d<55q&ns-=e6>*#Z zmU7iuP^{a*Vnt{(ldYY1(e&hJQo;*z^|m0;+diGn{CWb_A2?v&RS*B%&EJIn-@Sx2 z4Y<Zxxo0)lcgW)$Qctxe02|-M#S}c$c`*D*-df#MJp0H*9ovLM zR`bKgu1sGi9~o6ZFvt9waJ?DR#$Y8HP(g(Sz6grp?j8R_&`4!z`J%E&Gqq}={`YN; z`r(?t6jnV=0I-~cPziXlIXu2O;%Uyg8?EuQcFE$J@AKfB-Im^}4|W1T_~uUvIj((m z#z%qm1H)P^+O}Z$bi<$$2~bGME{RvX6wN8hwM}UZKq&D!;;c0cZ&Em&kVVMmUZOI)HHQvZ73jRRWW+hVbE|n@y}8R46?%WLkh;tP^RLi-4z@{ z&-cE53O&j(#%5hF;Ls)G0o-s9cwJQm^^zGNNT2rn8>E-MTWSG_{tggrAlibpa$PnT z6+yRVYum>PNHm#u;-ls%=X26ocj#C`S^iPwmUIS_?CU2O5^!Y=ZU$&0~3>Xv0 zwJDbHEJvB7w0MCy0%;5$9Iksk(h&9?HCc5TPA{?1Hn&z-n41-NcQs5nYn5Zm5* zVyuUakKBm*4z&Wm5?%n?oZcRc7t#{-6_&dNEk9u z$H0Yh(L=o+Mq9o{P4wIWRap4bbv!g{X?q(X(L>*v8}yPvap}%~YF`Rk01QL;%WZ>M z1{tZd|M2GtQ7DV+Sf^qMC%i&T*(XviPE`Nm4O;yZ6hpgWQ2F=wFB7{+bGtx$JLw+` zA~&M_^wzNtnaX{#PEMbkoIk!i_B0WWh?Q7lBG8wW4ryXzIrvHPCp6&(WrL_MD$C0Q zLl!46iT{lt-+uZ)QHg}0*9V~%#2jQXN%9bR1`rwXHB!WTR{ZOhx9O6t63r)}>U9~; zbGG-4YK04I)7Ut&!UsOhG1br`*{uD07+6oyCr-LM$!6OL2WE~{c7Nl^Ugv-&8E_>LGoH@ zJKKeMiXO5*(z~G-ZET4SNG(DF&}1}ZP-5%Vfmj>N38lP5y6RNdca#ljZay+p2)9ET zvcV4)>v?5a(kR*gcEJz6WIEk}Hb^I0_bh63l&rNTvT2}QbtXa}FG(Nq1~#fe^#hQJ zcbDJfzGHb^$)cwtWWU#Xt@GPaa^Ho;5w=PflDvTAj}mQ_Ms#7fz+^eNnWuZ%Ez$L? zqstUpRzA}sCF3G)Z8!kQf23>PzvKw{VsyLSjJtlx7c_m@AdA7U{xxT@){L=VZY$pQ zR-Bi~{)h_C*})4C#q%&66M+8MInqgnmR?UMukFEqR#;<_PnJ)KT>&=yY*{c4PnB_X zuRU)>f{G6SFIkX~=ZJ1tZs#VE-ow&ZKG}DA*fQM7sc-3JJYlPTH*Bc$350vAtMdqJ ziIG0iu4VYFOTeEOo?)-zR*r<1j#s8u>BSCN(nhv$lS)PoESh3_mgGa~P&w}OuK!?4$L#iA*&+?*m`woJ0^S82e z=b{wsBtltKK0aTRh_Eb8`kpEbU3Y@&R(IOTN)_!<{T2IicWx3Lav@RM51u9mfrE?D zyJG?9lybuLatI5XK$nNPS1Z;u*WT9;`PI0R$z~kB=x0&q`gE)3$%+&9AQW)o4K;P) z5}RFqcwX?~WT*Uap%_!*Zh9qW18QN(s#tU`?w+*2sxdHV*YGLvip5b%4BqEEO zFR0O&X=Z%kKyVI-7eNVpJ?aX;_5(z&vx1(~1l1$f@$2|zH5Y9x$mhhKOiU%TcY^OJ zyPi&{mrho4Q2YI^zztVmJSJ;Fxk9$7T-+*S=kqs7rLDFg4Wpd1{-b5MF`$4M*rm=A zpF~j}JKPZ*EXQMJTKVS%wWgm^`4x9Uw+@aY>@joteN(kq$DqoK)9 z9X8q))ok5P;jTxv7CGaljHE_p@0OIg5*5v`7qmn?A4K`qkCYq(%DzzL1n>*DdxTy8 z)<0gUQaQS8$w=~S9$SCdIQPDQ-2Q3kZn!AVVjapa*A4rZ z1kt`=S;?jDO#c?h77sA))Nj8ZwSzC&*^9%U{VyN^w`CD~9om@VSO5AW3=aJ(us*XG zKgz#er~7VXKvGK@CJgppFWlnix@zI|V~Fuz08|h_p&jqDZv`A02$DBcNb}#HtQ`7B z4bttAP~Qr;KEXvlz;D0%zgsi@>+YeBlBnDT#FhPP6Yu){vmae^o$dzf8;>{vrXCnE zVuz4Aj&5_L&iI0}-Nbyxw#`ug9U0jl7%AB7gQOhy$16LFA``*Wd;mGu%M4gJ5O_q; z%A`|_y^rZoo1_*hpphvH{J2|E6oOdpsx54qBwXq3kyE zE_&`12vV8{{2R}9>wx+`0+g&{&--KWzR`NuUG?d++<=e*5zN%^4(V^W@iYj4zoxV1 z3!@T#JE~N$h&N$0uP(izn}Q5oUJ!BuB@z)C_pT|5MmOjCeFwh{Fo6YaHgVb}Vl6~| zZ60H%#!CPBCupKRL!-$!x=e!(YFz!6u6uyhC}A8n>WD3mWoMxLjs!syA3McHb6r+V zv^hK+uQfo1!EiL{qW^*`6%I;wV~wYS2aAhZ?{v~R3b0+YTlT?MgNizxj``Owc6>Yk=s|GYsqC1*;sJH6phI@QpUiYqnf{>?uhkWXK1h5y=>o zV?8$#ROkW=V0w;cDS*B2fQR;k3Joe3He7!tPk1P z{z$uTn+%;DP{f6H44;a%s2vs%HWPeZvmvGFA~EcN=mo?8nAb?EknhApY!=ow0w1T9 z=Jy}+mVp2ON@%xadAmwUi62T-O8)-#?g=ddl=?R@AqXH(eF=M!tHk@9HA6Caqo*j# zxi?&sOZRys4tbbY@#c>?w{Y}x$>`BpG(uAEdf;II3ZTm<@%!=orP3?!-HK)xzh^XL zUQ5m`$P@@DwsXo37sQJA5ZlzSS5iE84~=h@e;IHKha`Etd7g+noX{!)4h^_ z2?o$25s$V0UA^0CO$4NbEF%IC2k4Aw5!{>kWYu8TX9%@bgNe(om3BWG^k=D3f33!s z^}3#Lk2&^{^Ex_Fh<0SNCIA-D-g$<3ECU4nbcENkEN2-gd|DNCF^+2w3kRK+ev8&# z42$V#eHNt;4)`3Ly`#Rkc=Y|Nn7NpFT<%n_VVvl(%{9QxP6O};gl8B~GWLu*&358jGxCYo?HXK0P344BEa; zIVGT}Yw7s`t&nTS{8cnxJsTcD_Yb&DXGVyaD z^CBb+Z;sg2iEE^kg-)P?)e;xFKLx7s(47)3KnB5E8Z6}A%D_4G6#&W*? zYO&{J?>N@cE&h4?oh2^uJLI&17p``fkOnSY? zM2PqaBD2z3lp=Ii5 zbEaz~Brx4@Au$-@Ux@v}05r7kK>6K2w=t`= zwVP@Z;p(S8lK(vDf=;k92c3mWSwnR>RsU6k&kpY~eE@@jnRUe(q5>Q+A7_sXGWnUJ za=-_icAGbQX1Hf!wk5-txb6sF4(A2rf!F@uyo!1)u}!%f@xCvAxx1IUuuf6^MEc}^ z(Q8j26Z-q&Tz7moxY+h!C`VEc5nc$eOIWS&CmEq7DN@59>nebK=aY3g7P?AE?*Dea zSyLH7>%VtdE&Wsbr2L!Nng^mdCO|XrI)I|jiU`-WjzcXkh4@svOhrT|Iua1=I^pVF zA9r$D+q@4hk@$|A+foM5_ME5?Abz>H3t_C{Y4a$NSg(Nd`V3^TK%jWbN1?~YbSU)` zgL&azrAqnOY_()>C6X=%cg&|JQ?kpCz{|%G=B$4q4NUcn=-G_nu|wzaU)u?248T29 z3!zeY|G$RyAHZY%-(X0O#lUui7R10~eyBTxY6%dm0$Dk*T>RH&LsKCDaSrl-{{eOy z_?ghx_1A{}18R8po!}H;O9-X70@}Kg9GC!o*nr(y_I{1=Y`~r`UP(f`pVD~x)`1H7 z5H4KJ1SD)i#fShHw4L9LWrzmGbMMc&#q&G@Is?c_gF?c9^G*Rss2cnaI#U5?KXA`U z6R=L_IbdMWil{;k;0L&ZhkV#;MMMBx^Z)b%pzHJgANrtV0R$KDU#C$(nasOb_V$9x zlCViLa}u$v&yu&sYOFPz(g&kfqt*z@J|HCVvc4d)#rugr;q878i3DCi*Fa9mPNkw# zF0${`vm%0xj3o4zGNkR|4Xg)S*5Ii5Lt|l$hNzq=A)oyYVn-HLPjnwNBBYrd__B}*R_9`cD+M>m&d)isp;u2t3Q2G9GGDQ<^ z*8cxP+gnD(^*n2%NC+?l9}?VU0>Ry3aA(jU!9s8ng1Zmy!4iT8*WgaDpb75o7To=A z^826j9=mJ3=dN|<1MKcyExV=a>FTcPKQ@-=vMuQXPV(z-w6rGtkWtqR-*O#U39lD3 zQvGZ{ygeCI@c;Gem+~+z?n~KHH)a&0A6$_rgP#mJGj4ztqD;sJ41r-^-sw|f>zJw~ zuX~{kU@-E*#wMO`B)Pb>bfP)#`r3V(#Ur7Ey5tvdj$6-G+w5C&^BczdNkboI5)2Rs z=#l(eV)1bq3a@YJ&>98Bwogf1n(tnWR998ygO$JXeRteeyOTFVfvKDuu^o^dDR&HO=+Cip7aD4S*jctm}?MgUnu~w03I#{+> zUp#_KRD&UzIz-mqdAv}QK_yKiG-M5@*+DT!T}^F;PKn@TT-%T!U6x-)&9&yk;(JB$ zkr%xB&cNaPXTUUEE|>s%qCX5Hjd)KciWG*+$i&pekuT8reqLZY$HhS|QeEo}V?pxi z@v*&E($WTSvOmG92(R95+5eAbV`n!kPc>F^{5(GQkAVAWJ~S?wQuC;bgHT;nCbR?x zBj5tp^FU&`v8rlpZvnXOtSBffp8BN%BWml-zTk8efj9QQO}=N=FBJk@0ZceeBe z?Qj?Y(>J~X3&8e8i%wEaJx_I8_6e(HArs6z30bpIw#sspJ}>)QD76&UKlN9@)Wl>{ z(OlreqArmyI4E?1^3H4yrW;x$6^4FjK1;OT9RJGi0380Vw*kB*9sv03U6~bKLszi% z7bfje4G7Gksxtx-a5$pCx-BE;q2^@Zw&P&*=k4omk+HGxiv^FtJp(D9UY&8(>AH{E zjJhMfFljx-hGQ?;y;IMchmk&kRVq|-L3Pfbs6*ZH9FpoPh!%W$YRUw3h6D1*ed8C6cRHU^vUtD=_>D{Cyj^b%^yycOFJd?S3!l7H|{z2UVtIfS+)>xSNI7dAFx9h%UYk| z!XqH(^hW+_xE3PnxI0nOXFH{zRIy-Uu%<}S~J%e#WS|v2E@MF`Q)DK)Y zR#t(;q#whhTkp@x+zoSBfX_+E6-hJE(9}%W1r+*z*sRqC)qRpH7Ouxi8mQGHyJfAV z2G5RADEjbmZD*?Foap-(k__An>guKpJt3m9Gm#3IeSLlQN`AG!Wp+v&))~VXc56;l zuK;gn=U-ZKii;HqngIP<(^I;l@j_2j%d298X5Gll8#wklYG{(_D}_RZM+m&ET_WnT z|CM-XtmwR`tc9@$N3G{MchYu(wn6OP$;K~1hm8mknl22Hu@7W8g_}CMc~*>*zz%Jx z<&MPdH5bW|#c8e$!VzxQ7wrIMS)kq3m14_UuH_?%0UoUS1!VPF{EGNk@2b9UPxDQb zfnxJ@2{M#666Z=AOFONH@-Q>#GMZet@U1ds4hZ{F?0#knt-BlG^_mG94jQNRkPl5q zK?_r#8PffzJwtE}=KClSZ(Ek1AM+-K_k&iWX=6McH-;=Z) zuU}5Y6d%95XGSGH(LR^Y-R)8_kuQ=~8cg9dk9y39?7*^6ItnbykT>4n`Qa}N2)Bt| z0tPOK!gKd4cNxxQ#sq489|<~M)+Hge;J=}u+oi%LmAYn<^TXCfWRKn*uTKw}6Zc)EY^3^@!yNI-^T?f~li zTlPON4=57%D*)O89uxly%08mQ$GRYjKotHR=)HQ}Gy>{D1Hya6y8i`sQl3mrp*=2m z5!+CSWB(1)s>b}yKy|m^_>p%!R_{3EFHjUigMR`RZh-MWkSSo;54?gxqMy20Kl%xv z76Me*z-Esm0Hguu0FU}_;8=4Epya0twEXKa;PEfuAixruTk$o zt;>-^NhpW1GlI19(;48E;Bv{$AIRi!M+opG04T};cLBhPw=2EY3e|0B9;okd6f8YM-Ooc5WAQE!QgWb!y%V?{-%7&ILaZ_+ zuCvG2!?+gQ?lN|?g2%M`P;U=m5wO}RZ<(L1wRz3(qt-tu2q#h-WzkmvQ?KS=!DVVJ ze~SY9&6SMdN@Q2J%r!NrD;w=L!sB-jf2&(t$k5LP|1w#U;HcN-SDq{vipM%)SE_t` zsM6qdY4%qgRqd;RD0k`AXOliP5B`DO8{vb-A<$k(BFXa|ER_#$AE+!i@5+CdH?Ko6 zzJ)-&AwR!|vnW5q*@Zk&Z0dP$PnxCrDvV^nUvGJZJmk>SESnbxZUP%>mq?zHp^kWN z_&0 z(*6JgBK%vJggDKGde}A`iUahb>_=V5D$G6--xG^};@nD+C=0{8{ zzWFc12IrgM#RnF~yVCv>lBACi9C(E)+pt}GF4#kq>fLBy&^t0v@rD*9hkH<{M3X~fczjoHzllyOz@EfA$xLam z%o6vgX@`pQEn8Q3jHNmW^8$An-e*s64fF1=fuKKOCmgKY*%l2DZz*i3Vm~gtKjRR> z!CUIwKOma=?BRqu^x<3HVh}Pd3+6t(5>@DD_%^&HF-IDl$!~dceEK%@BY&11890(^ zfp6WLf75NH=J^6uXn9-z>XR|vG!Z=GBo~z5YRI5krUG%=rGsGN4tpUl2r@iFQ?Tvn z>R4rY)Ri7ZO-yI-e&9ghZ+h?yV^hvk@ZgW=UthRq5iy?uHNwcuNA8YLFKbi0&Jwh& zGafg&`1-2n#}DFbjDb#^kctdK3}hw9rNU>Q`z~|7cN&t*Y7l?5WkroKe%B}) z-^;ejN($81s;B;(Z{3No1wOpIt0k@pyoj0!gy`d-pwCic-Z2iQbG1k?vFv%eX16#`9wyxJT7vn}Bu z*ob&^Q{{hyX{&y0Z^jP`DQC=zK?EsyaD`{FlNx>6ZMzs))cIF}S7DP&Z{H$s1oP-y ztQb*FiWyr1&bu7pZZ`HLmq@Vu=kOfiFSgaCD6MRtN`wjt(j92h(6J=gZLL1#961Q> zdXhbS$EFgmtm*P0P<%z^%KY*RyXd}ti_Lcrom6LBIE_5T#<_(=(HYCst#d@F$Ta36 zwlE@=MC>JmhM8c6!fYYv0neWK;n3LYizvIxQuVju0Gd{bqp~j*0(;aTnGCjC84}$R z>syUyZid#fk&?~#N$5ih;^T9n$cGPz}_>KCpK`B*$RRYDr~?S>{Ydcjt{mRe2TzE-|;&x;}dJ)zM*;%hs1ITJ<4r<~{DTj;Y9+8WK`lP>P5YR)!&4*gD zHYsD}f@?PXCF#5hL7?7O**Fc1*ivYcxFbp7?O%^S5b8EQFN+C;jQM4;>mP{9^*<(f zARIZkttr&{{Mb^v8Ago@r4u(e93;AN^(ZkXC=tt!OWZkCJwlv!tFC-%W_fQUmjxhG zrM1Mm10S>LNYkasJG&!i{U(!-xrg*N^?y^obDEI?+sjaS2TW1F9?co|Xh?niD-tq* zTW*M*v8YQ1gAl?mF-`87zg$h(V8QC>K{j+!;1DEW6c%qtgDb?v)1QGU&w*<}tW};u z!Sdo%%bcA!a5Yug%PMinOfdLTUro}Oj`ZlsYJ~9<7=#F(Iw)}Q{I=LZGLsS-op;qh;rXDuOT{5+23IkOeW37j^$ciFs;Bl#SKf`zXj- zxPN3rnX*B}DzxG7SFYjIchln{Cpf9MWTqSvO=A;qdg5a6K4W~k3D=VTKZh8zJwJ6i1hGxXlfL=cRizY`@x2orKa9`P|oT|gCffBPdH zVU~EAU5h^~li#jI{D*+^m)K=tJq#2Krd62M(YxG9UIgo_cSm1#&te4T$f7HCVPnFW zS8o+^Y6KDON-@YSoU+iA0%rG$nF&2njox|*jqOM*^QfcV^l#;D;3pv0pD?bpY3Z=h z!R~G=Sjl$YKdIxL!t`O_mfGEoxxdDr+&X3Yv7L07q&A3dipCr&vUkftjdHsCeMOHB zBGmfyHA9Bx)WwNsPntSnbR9@_%ve5aHLzsHNKot;L1>L7n)(#+c3k;zX5Jf_?_7xd zG%r?_2b4>D?cgS@SRbttu%gL*_@j{p)Jm3NsQO#p=AjHkb>hV;bjlKzHSW}N>2kF= zVaodBj7{jACDgR4FGE`_7U^}#5$cYK@$87eoQ`%s?mb)r4N<4&pWxO>UfQzy z$cs9$l;|IY($r1yHv;)Jsd1?C`VV^JSL1XXWEatc- zgIXK?}$sMd1)IJZqi1=Q5f` zG-Ksfzvrq46$U}=(wja^$(F>zqC{j+2FO<(b3)-&FHGpuJR?TPOVy>Kp<^hghWt z`lH8r#@*y=43!myLQJDq5;VHwB}=5&;V2oY>yePPNdK3i^iSk3-6EZlZl_h6A!~PU zo;^4`U|bKVo&9Wg`Tt3`vgLnm_;jt04EC z*zibUAyZu6i>@0fyYhz0R!O4>tozUT;@}D~m>ZKiUP6agydDKo-54^gCzIBFoQMv# zJA6R@y_UWVC=PW$*_UH#XI;!P8D#DO8$6;$wG#!Fy&klJo_auSD4#Y)r`D?!3 z=P`l(xw!ms3lGvIPi@KN_>k%IKCil2zaG|wTMVNU&JgHzegd{T5zsP0gEIUvysdHl z*)j7jS8-RDkriH9D)X4`b-ZJkFj?a9s?+5Ljuup_ZbJkS`zvIsGU{z1NK1pU?%S&@ z%J&}(i{KEOh#&Py)$Zuh6Wi5En=>;9RQe~w-E6^4SW9$~hI#|_^grA1^? zHZ|W`UCtR(I6x)e4An?VallxG8)p8KE1nz(zuXnbZM!KInJQv28EzNcugt;g z{fvR+XtgmP&dDC`QyI?OYQ3As-H(i3!XV4{s*|b5bYS}r< z9%|4gkhG66a8LaVT=$^#I;CEl@@~3f;-&9#rrkh+A|mALCs;f~5l)SYo>;%hVdJx1 zT(}qHYy98HDiv-gwgI+r!^R~3)4}dEAtH(HzN)ajQMdJJ;RBDD-0ukAIeS`79`5d0 zi)QS!+>k&rV7c|^b{!%q{tA%z4cAlh&!xPU4DlCXRII3u4ru5B3Mh^kN3?+k=M)Tg zOV3ZPpPLg%QhkcZBGrLsco4EGL9AGkDNKxQZ)H))K!bhB3-M^WzJ0YwUS|CJJwUF=VW`XK|E6=ur-uJZE>)DFC@^M!2jHmht_VR z6v}%&66N>esrmLAJ)w#8$AV5q6-ZnmE*$WR*!EbmJAs8hG=g}v>8AG5vMDV3z=#U5s0-+!(4}xvw?ogsKk9ny`hmp1%_<{S@hpo&Xvi1pv z_6un2QB6J@SAhjko%}hHV35_5udMhej}=dkfLdr#*`!}1b!stm?jrlb6cNwflWmM0 zGI;h##A1&Bg76g?ao0w0fc$jeKfH9&G9CGU{Ko%3JAqz8Z1 z#DV`qH{|7hqCGKfq?_=@QcC24jBRZ@mdCbL$htITxJj-;$M-`a|@e!NK$I4^K1mM^UqWU?_#+7{zL|NvTQt zC1{5r71iUS@Pza}feYx#y~*1qg@pvQI|)o{yjEQ8&wtsrhK|gS10SdaeQaFS_%Q2ST;==OFj{6F9;5~0{iNFcdp%!&vkUx^ki~)WF zkOu#SN#88Pfmj7}&gOav(PWF7KU)RK06&b_@16$-M9j7IZ>ScJVg2~jI+PgfP{WYt^YgqxW^QWB?tSy(3f<;21Igzv`; z)v5_a8_8TIg=m`}x?*P=`=+MD>R#mE%(liFoR~T=fkUv_TQM*%_V9M0)73BABy%6h zK~1<{?tuBg%B2JeLMDyaF}yNVu#DJgrW7A_K_vL|BjKW@k^l?WaQ$)a-D zlR+QQ+dK^NrezZy=5<*r{`nbl7_@h825!fa)I=~mc}CW=+z5A@U7g0Yi{m}*@G!>u zlr|K|M}Q(Slc^zlY7uO;=U+0v($@@|wNkdFtL8T`eg+ehJ;va#{1oZgf`Pwl^aK!z zx0h{>WxSGp5XJAfPpLqXZP6ucIIx~&v7YV5KfWyh8a#Z99Y_TtB1O|7kh|!xevDbA zbd&*y_*2L%696eMKjI0{fQZ0y@8ByhT+v}YNGNvnzsRz$yuRh6SkoMB_PYFzS*cP< z!VlZTfj?92DNI|zw(!ftE^b=sc5;3GxayhnfBH9LtT727V-kw{WDJs)$3oiia8D~= zm?--}_?FY2#1Q!clAJeaH06{MG%1B!Bd8Qdes9^>fdl7g2_Mu#N7b-769>y*vgpx~ znNs(79b?@o}j4Y*0>$2YWl>FUo3Db%2k ztqR1Iu`lQV+d2011TE?klKJqvrf-OfeO{TfUw;-i;le_0-khrK$0Rgne1{luWyOrT zAcn$xHNl_HaN+*2x_W*j6jCv;ywvjje(XRN6U7zY@o0&jkAcCWAN{?z`V%nQa~K34 z{(v}?Dw>93jn?Z+)2%Kx87%h;f`cqI0SLfY$n%bBbM%7SZMA?W2jh0iT;Q0cAP6`l z%b=wt!SYMO(6fq8@sCOOL?6iDxtktE(dl8Sr}k3&v;JnKqTW_=55%6}{XrQPeowQ# zwNjA~XjbI2^)ZHWJSdeM7z}To)*C_5lQ`=8kXyXQ+RxV&#uRb!o{6|a3iqpp?!{nK z2=q&&a0wRt8|P`Ll8i3%mAe8!fRBKC>7U!cb4>}=~(BZnsf3B!W{t}>=N zs+Tz zB};757>8Sqc!Rxthz2ptz^4&-?{u7yI8zjR9+Hz#HacA*AX?=pcn--8_f(*lJZiPi z1z84WQ&LaP*i>dB{hRtkOp0Pr;1jM`Y)_dp!5)8leweG7$@h2TI#usK z#k?KppWNvDC=FgDqySb?yio9ZG#i7<(PkzklTy)lNXyE_b`D)wWl)ktjy#3>=Sh!5 zry}R#-6)6+76bOvm29@JVu}!pj}nVNtBP@LM_-#2uk+++DRO5Sk?7uho^W~ynBFmy zG`8k*o1&yZ*)HA8uqa(MBM==rWl^M8?crAkppnJX5wjS>68|&pc7(zqS>o03URdUuH#eEAM=)iTYkvrBOG6vSN6=1AIa& zGvgqhpZFn#LlwCCq?7wsu?*8S*GZOEssgDZ9Ch!?2)^bz3>G;ar*E^Oy69?Jyyp@J z{V2b+dOB~24jgxpEvieht|=Arej)9sH@fuIF4XaA?6uN&{Xja+0oB zNwp<95qDKImpX0=puDJ5$_wJ?K27NgN{Dvsa0hL#h6VD@m7Mnp9$b{VQ7ViK!nY ziYeOP*xF^HztRGAhvqT1QT4@N&L1G~n3M*^>aX;GPYyYhGEGE(>y)YwOUNHVa@iA{CA_O2PbM2&7}5?`4Z$N)MS0BG z)Su$97Crubj|E6z{1s+2sEmxhl9IGyrcbhBAoguCh>%32*FhjE5U#yOdIm@IO@&w2 z;i&voc76hCjCMa97IOY3u&JQ`74)aWfns-b=3L4`pHR_jc^o(dvNO!y7)un;r(0T& zXg4^U%Uawd1`a~=9>Gtxc(ys;j{~d23S$XR)2lC7WD4KflYu_3rcQm15*<0qUrTLS z11e>)nlc^^S5yl?*K47W{K6WM-oxX3dcUzr(2Ra`dBVynxf}+`9Wi(5QbN@=OF_Bo z6|^I&65!i>{sq*~Iy+JPXd4W8TVksfg?t z+kT>|!k?Or%$tx%FJ6}bR>v47_haI1>mA|JAJ?sZQ_NFI4y+*Dief_g$ai9daqn|E zd=@ey$&{kD#T%QM#KEPywA^ry(VZNvV{H4%`+fP6=AL2 zBtpp%R-GoD%+ZE`543^Vu;q4iQa)Qr@g=_>gjV9Hz5t0&-X6?;`c!~D#$5$fa9(ck zP6-Dtq?*hD@_i=CkcmdmJ;?Dw@=-6ptO2g(rsD+p^8ch&vMqqcpuHBlLc4X*`GCh| zJ$wJItr$+vw3=N=0^@oEZp}i?vV(;EoOT7E$qoc`z1Gy1($;mR+g3Tgi+HNveT^IcjeLFl#HJKiuR6`5E-mkZB|joJj8wfQhr5eV86Vg8v><+6iU52bO=<~FaUdd62wr9BEa$y zyZ#j8C1FW@-3Z)}qI~GiMrnqYuj(zN@mJ}*TdByuDmJX5MEFdfge+r zt6$?O3cy?eE!PiVxo39@&n*htQ5_gb%#;1XjttAskd;RgnFN(I^7&f$C<&?+_?IWI}|j zi|0lOEDke&)c-;S_RVglJ|M*xKvT(FP@Ik^DE-mj6{?!Qcu0V%+C1+Fq}I%Lm@@i; z19nao70}y}PRK(-B}^i6Q<7xQ6eDnD^5;-$qK`vgFHqg4fuxs0CGo@5Gbc9VoOu=& z^2b!a>wWhLe-E`})DTDoqr~GDpx=5X(nha`sNB!A&JrV3A$&>kt z09azF_3Dc;=d-rE734>RgHZ~^z<~o?WVH!cT$!{4A?H?~d+*ztv zAda>}i(r+mS%Q1J@n`Qe)hR*UPqI`^W5KXGE)f6IN4?>rGWeh7eGG&Hd!WA|k~b{> zCH^lFu)pTdv9cQOCQWnTON`!%yZ!teEBJ%I9|kaxtGUk)RwkJf+}Z zy)%i@mrveS`tlR0^Y;>Me%^7PDKrq012u;9=ub)Z@c0UCw6+7MSj-o^zJAIe22+25 zlt3*Z*FWe+5J3$dfT#VT->%n7^!do}e0uo;RpPMUF)~ldZhe&v0v`xrcK8~8P*Z$5 zO$cTe!evU!7#7is8?=RTeTy&nW4=&Fd^!!_jiUQ9+s^Y7dav&&C=B8#5K<%mGN6$2 z4qXn?B_oZ89n=9x9Xc?d$enr;qZyw|vHG6V#xf_y2_7cmqVS5NBxonA+o@XYG@qd1 zq1A&%KUYm7#0Hv5IC=XMTX7wIX%C^kTNbTK+}G!Z{%e&!Kni^?e*DzHpRut1`)Qk` zrt@2r+GxeocN?CyY@E^NGC$;?)D={VsVNyzHQ2>@<#7&G7(Co=u9GF5DylL8gcBAf z3?w!;F%iBPwQ&o-mVUm`wxLVl1?5%6iR6gFV^m#zK$6CLs9tJ=Ol^?(*%J`#^__V7 zkc>J6gmN(~37+s7s_<~Ykjz|Lm~f8K4o??K@g(FnIM0Ve@vg(_WTS=LO& zhiM;qA7*KX@%d>R(KhbWn4u2yDstVp8QtW9k0kMWQ%_*|NKz}A65XW);=>rPK)+?9 z*?J256x00dj_LHj6)Zv{+{3;VO1DY>9xMsnhK_QL&^-G+GOffGc>4sEo(&hZTSMI~ z=RG)8xAy%zLc8Bti5o z0*b=M3geU52|rmB12akj^=lKyMf|K-pFP6tOqHcd@|OY>hcI2#QjcuT9nyXV(?B`o z9t5;+`$N%_#=)7S0)aROaDGL1C_eQ|(5tw<98oDE8sRyT>XIN^3M(l;Oq2i2B%ryF za@jCQ`7!8UECn6`GveC|qxdHnuTR^h$^k;vG%)^;9Os{xr24e$lPfD<$s9IBl`kDX z`mHQWf(c!f{D4C(hhqPo9tS?Qh$2D%Z%1BKal#%@Ic8RU{)h8JZ2#*UXxMoF{RSEi zZs0bW|NRX#-2dqY8g5=b&j0JfM5zxBB=6jRoaD`6f3Bynk9A_Fb!thC(I|~?q>alO zBKg7-SU`ndQ;lSg>i3f$Lb~>fi3*X!L4rT|xBfF1x?eF=v_!ZHmVViL^NO4(eQz*w z?w_yHinZ|9Y**gM7bVy*#WMF6d5NaG{d}u%Y<1Rj;C(*rVz|em`vl>?|1cyJs*>zf zhNut`mT5c@5CWqQ5fKXU?kl1YO)`;|krCQuE)fvWD1awQ&p>Ph-$Psx;HfwqAX~;q zqd>qB@%!h|5H+z><%-7Byj;k0INmg9-|rAT@PNpZea--O!`{Hv&VbV*V|4@NPC4(o zh>KbAW^2*5&x(^sjeev<9FvVoj?@?^_UgZCfdGX*X}{>Hk+3z){GF#wbbG8XH@1# z`0XAXvIViCSPmFlM2#_qmTLGj_> z`jY6!M)JcK~f$@>n87u@$~d(5&am_EQ&n`Wog%-Wn>;2 zsimjOW!@HtebpvP-gOVVMDVhB7S{VomC^#4_GqjG;S@m+Det5^sCC{|YppY;(0$*P zhuUV}!pFUifE|>|lEFSxf?dPe94b#6=`bU4G@HS|2IUF8%SJG+x&ys|18bycpc^FocG7Je-LdU_OX%_ zc3Qk24o{+AygA%yq%cS@&&$n?y6w+lWmWP%y{c2+sE~+7rSNhqp2-<^evQ8T7HEm; z7cH^qMD?m1*4C}$?LLDQD=7zt3o{bCG`q=tM{?0c;|T6^9t*}{$zaC^S113nX_fZC+Ou= z1U-!u%L{M5&zurfAChOv>JM8VriRwOy&Ncgq121*$)4#boN{7sCN`9E-gUd9rjQdrmwz5>T!PmfV`t>~3*O_frNoHkFfuW~LC1ra-%EP2+o_zdL+SQ%5@;95(dW31| ztK2&ex%h|1SY|!%>DJ&}neFS~$Prm(pKhyruNl1Dk{_6pt+euS>WP>%wVo$T)dVdS z`T3fdt08RbgGHqGFO1d6a^xT>r zLP5$Qg+;ynjaHj(CrugqGJJft0-#&4m$vBc ztw5_X|N1>Qdy$CgK-A#5nyg^9&D|vJb-&3t@&`d0i?8<588qt8t!vYrrR$hBBbK7n zodfZ8Hlq$|N=LcN4n^$`dS*(cC*-sRM+n#Mgc%M5)a71{rdu3x&bY|UV zD!h0sOn2FXT7fzL!ECvf!jM`0I-50m{_M18CN+Ry<1oIfOnEc-be%$!qPbKVGyQs= z!2FNb9TY{Xh$@%&{%XYG!4al;Q>!aO?Vv{t^y``*xc)i+T)Czp_HwIDDk1aehL1N- zsaeh3(d7_kg2C0a2Zp)dx(@emhtp;S&eC3+Fz@ZXvayg+ieh}!3RGD1psgjqqGD0i z#vGZ|@Rw_yv7V(5P7eO=&Q{szzrT}V(W1LO*dryaXQNWSH@+yp4%;WP)@}JCI3Xl- zx${zeeswZ$-{<{U8r8$&WbGm~Q+K>Ah1+n;?hPCsOI*|+ne)EnVwn- zQf7~xjt4UB#l#Z%%S;)0=^F<6yswLEAW?zSvjn;Ihe7Gme!Y;=^}+PBc_W++n%!3t z)9)xYnz#a^fBAwfA-BzChN@ak)kU{2o#0PC76_f)bqD<^)A_|$q%PcepSMw2u&7T; zngUTCt{1vmNik$m0jm(*-bYW;V+bPY+)t~N-E9$_%&L)1ba@8-q&L%3S^hE1+OI4& zVEot^h%ZMRWX*qd1oSt)_mo1q%4r`*&lUB!Da}+;iM*X&v#i04Wa!>+T{-oXP^7G)zHfAhbKvoMh0Y3M!;dE-yYHNqdW}2k`P!v z$6rHyq&dJ?>?zsa`d}*xMpNB2=!J&d@P8!W+H5I@%W=i4oSe)9K??;+jHK7YjD=M3a!QVq?*2?3`fdw!zuvL;MBitQ!?jVwLWv+#ZE>ueaxhj@o00{~mNU{wK(p z+vBnBg?w)EpMuV&{{%;KdWzP)nlIk{r=W}Z-{6;ib+9WX{*FL_oSWgS@QiJ!cLUQ7 zf^JEun(6#tR}=Nuk(S#2o01Xnxj+&EqQz%?)Vp|hJ|2eqhv zlfE;Hh3R%_KC(r%dtScn?(#}W-3D1(sY~MgSr&b}Vf~riy|h`-%;LJn@O$CpU!wWc zmJ4HQ^YbGOlFp^B4uR0(_dWspVFJEd)?Yx2JuHp8G13wO!<$HCVH<(|}-(mr<~{q!2|z}i-ncDeYlqxWB*0H8#|j?Hg-zuqR^N%Op} zOBMcG`Hf?6iPBf+-y=GmRRfHH4_N#3NYMCw z@K4;=gHw`efDXibyM3*(OcMKlSk2g2+Nrc#v?-3rm>A!8gK_812&yZ~2*zeyr+M4Q zKIbkt8J~(G$+F!wPAU#v`&L?gcS_w#{@rHu1kk5XxEX^DROnx}(hua^0rodz^pa{yX&8XcWNg zUGfqqnwDB~-0AP$5jE%A?*C;-!%LG$_8&3+7UlSjTV{Uh<2TYl;xQ3vW@j)oz}7K`}=M+5;u z%!%zAGD1e=A-^RC0t=jq3`pC6*4LEy8}^tOVOb)f-Tc|($^-%76)jbEdOr=o88y5* zJ7cgA{;4}cUA!tsZD7$mYR{p#_d^l0pQdG;Mdiq?;ArWzzC}~OO=|6^fri-LRVUnW z05hFqyuAkqq{x9xUDFy}&V?tMgM|QwijWTqas*hZ1rmd8W@sSxj1mo({oH7xO3$97Bz_&^*H-&%p&fK%t8x(AYao>k^!1cW6wXy`pp zfS>^)0)lThmgQi~lc7j4YJ9E=#&&eh_ir1Bw2SPQwN3I@n^Bsj8PoD->trW_ad{t z@!wNt+FwwCzJDsG;oT7m+uT(aTG({K8tWeM6RWkJ)S6J57-Bgz{q^q7QZkb96I2Px zSV$-O5Gf8z-Oa)5(ut)WT#rRo`aV;U7F93t@(RqA^SoxUPK8^b`c8k>(^@Fqq0W7# zWvxnC1z+oxaF^fQYi!INujLoY>oH;V?>Q0=-;z>TPMumdmX}>9_Fo(STCTd#dA9A* zJSu%`ZYkF#6t(s1#PA!mgRI#+j4s-XG=FYrp!YLpoB$90UEeoP+kZ^eqQx}dNR*1LFW9;g`F$=ulo4)O;OfVS7#RPf4>>% zM=9r55bY}vevCT^V$tW!tiFp07R~h(xB)%epKjrLW(q$vZqs#>SU6YU2DW$AZlFvg zYAn+&I3g9$%b_K$bL-I|@5zCYueRKb#Re$mS`*uziPOm_)J%ccXFu2)nvnp;IFp0oib&1cBGhmYhoO;h{=LGThqs^B6LP+z z`Afw4z(wc5WlwU@OXjP2c^mc|Ee=h3O{{U{(d%Z~&$Uipb!)a!c&q}kE87UYw+X## ziH<}<#VAK-yk$+~np8{xb{_g8Q88th0a$NpwAWtMNg8=bn~YD;FbPD-1)p-EOnRl2hlRG|U-n3t+Kz6S7~ z661DBwVKKudQbA+5bePXjn<(pO1%fP-0=&``cO%)#j;<>lQP)-N3~;JB33)9eLf7| zp;{48iTRQ4AWnA30HUiW^L@zxSs8%SWl+|JZb}A(ZE^1-6LrStEpY+tuFdO6d*Hd5 z)7%v7+0YbD{qn-baITZ|vHQ0mGR70~3IqM-AI6hP<~W%O3hp9+QN+dCVxeLXg!@6j zP(=G)-?l1vLt0A=%c<-HL;h5z+4(!lmE^)gDq;n7u&Pt|?7Q;d&MhX-{O2~&#lEEN zRnixVqaJ@&5guRfI@fkPyC*GNd4BQ+={WcdpO2mE_Qa_m^;)1g+sK zDaI-~@&l$mPP5-5*iRbXG}ctS-%z}1cd>l;mjS&AG^}GB3v0ai6loRvt$qzjz5Fmm zO{gR)N%Pkno)T+I$D7&s;%KJ@D$V4`QKntR4$Dax#+!Hz4a0@J-1#H?s-G0Q)nz|2 za{0W?=i3!DC)(2F3rjyQMGsq6?`7S9x?NuG+*(=P#0vx_J&D6fE(qCi`r;$k)Yw); zb?|!S>Q>tV*1Z2J@_F~^7{C6;-arKk*((E8;K;}a8X0M}e#E7p8Xs>ZF%M+iy}maL zF2}Fm6kpiCAKUmcq}>MFym4%1oS$odky8_#LZK{|a7yu#Aj@+2xWd(z_ErCpPXDWf zCT?VgncW~`I=j`(t)E^SO{r)i>B0ll%w0OV`H2&kE$!4DF8IWf-q>@VuRoa?Wpy2q9>dC$0afh>w6yDd zQ`s|cnUcFDQ$%dg7uBt5iHocY9@floqBzBfos06B=xf^@!|lch+4+=>{fhHRpC$Nb zNf^QYBFTM(boLra+ZWaQ%pr~PD+L0kI)>|-rybeH6G*RemP2w%zr!Nz%RbBSU~Rxh z1)z5E-f-RP;w%&TAL_dqrt#&Eg*q)L}M#rgKnHr?gWP#tijPbnhGOR|!x~vL{ zpBB6s4*Kw?%kq90jJh9fs?q-LLb8>BBtoyHO>%Kn=}Y*q#yVjP!tH>6o{5}46+v-E z)XAdfwBkLQqwZ}z{$Bn$6=5lIu$MmmUA-u?{|oU7jWSPB%!A57RWj92UM=AT7c%w^ zr?o>}E3;Buc@iNSf7;TpP7nD{S2v$-1TvbxWf@j`_Pg?|b|r5p16Qn+b+4_I&B}wE zqJjR}^I9uw2B*xaOSk4o2y2D;yq=isAbf3OiwS`$ak0u^$426?vS)3bCz1OhK4jg7 z^XW;*@0I_Dy|;>rqg@*Xkw9>l06~HVcL+{!4TRv*5ZqlG5AN>n9taW$8rrh(7EVXTp5Wg z$IxzQiXoR?v+qkz%UVJArd$4YGl%L~#yvLi`tV?wi+HJw1)8*&?eXfvn_wpHkMneC zza~6>?B)2|X%_hg*a-(71W^+t>6I^zM%OORGk&Mqgk$@{V?y~Ef0AJCrS9nTCl;+Sg9>TA+Ri@P9l z`tU6DsT!8}=5;s969uxT1ahpAZePQNlL2&T&qId7F*74u_cHF&b*H$M8G^gwh5UR| zKHj#i@5{WKoU68ypKwQtwJL{62AVl$(e-pxI$~D(5dXZY^PG`i(1GI#DW@~c%E+rm z3mnq1qx#T*{gG+u1QFu0LP^72Sj`rlL%4WHK^#!M2>WMyUmus~fx<*EJy|*(3g3NZ z(P>e&btOh`$)dg>w)VP2n-LOshmvN=T4UOVa4;tITNVsQKJ7SD6q`D)wRPS+&2h)J zr!dFl9+YPW)Tw#2aO1qdIg5i5x#F`sCnWtOs{cssk9lMH)ViF5?gRcd%HxGpAFYO4 zmsBF|F-SZCM%XVDQ_t$>M4-cuIaQG)k9N;Me`5K))99Vphw`Y#fA9kjxx~UOSp>oO zB;ShAqeoiG*NqK#cUwm2%q}4N4DK7{o6RNe`XOz%O>{#x*HS#&>C<)x-yZgIzIB0?_g`f1_cyoefn+#G@bs#{-E%nWZ5#MykBC~ma5TW z`ptuA1Roj*R=3yT&k#f`EbxT;>m;%q*0E_U?B7eRA)_t`S68pP=|Bt9QwQ>CBhi1? z@lI>Tj0$X-rSetk<48e?)z4+V{VI;k{a}1z$ zKD@A$E$~&_xFNlpGOW*SY_b^_K+2kl<_`Hl*k$I@9yb=iNG-`wt!St|fttG44*5}a zZ9jY8RnFbfajQPh88T}%eD5E-97%CYs2#*F6I^isR5TLy92({rxEGvqJ9#RRm^fML zn~f>B=1*ujJi67Qe{apzY9HH}qN=ZI zlJGreA;USJI$;vpyjPFjcxUx0!TY$I$gawKUu${q5S(`gOo5Zm3A3BgyIS4OmFyo2 zDw+~F`kiMD!=SgMw5Ks|tQ9;Ds!k?B;Sxjadm}tv*^oJ!_Uk?ue~=0$gtw2Zud29L zTtB0nbfksp=M1?Lu9l?8tE`CWg16;dDI{-EP^~MzVV8ZsEmuqxA#a|GP;S1ET%s&r zqk%uR{VLrnsbpt}vt)gGTkIhey1M8eRYxofiFzZ!Z1#Aak<7KFQJFEDQ971*IUHP@ zw^(yc$y=!`uo%rG;ZGbRs)VPk^D*-4LZlCE4l|^e&P?{Q`4t11~RIu@O?ek#iv%=D(}IkmF-qbs{o$2(4B26 zmoM*BOQ<0Dq;VAzBg{Opv^am?Qxu}YII?Lnz%PdjfTkNn;mSMlqqm;MB(cf$ts$xm zp;8KKU-jX%qYPFKeadAY2wZ)w5~NRGOuGstSilk(vCl+r1a%sxNRVG8hG^c<1h&(5 z5I190+(WY;#L4bjW6?G7h4eKN$of0|W2POg!5#{CD=5GRY{dI6Y5aXKZt#YDvERR6 zGlnhW49!1#HTm@*kr3xfM2Mr~it>c?rzQ$09^tXG&+)Z?`$)dVo$QI%Mr3Q3l^mxT z>_d2bj0qCLD^}7#wG`9a1DP{5VK{FhDg7NBEJ(!L-DXQ9C=2y2zd7>rU$Y6y-y<`K%bbN^ng=-UKo!CW1pL$h9sUPLrexmy(3p|Hw z0?CGSa1(I|Ss?Z8-hY_6da=fT$@($;IP5844gZ7P;f(lQW_JFo6?@%3 z%p)-d?D@RD)fq|jv)6>^z*B{MV7$A_R3^K~1Ty@e{mLN#-L2Egt% zeEzHOlOblXs1gAuao&&pqM!U%sU~0c9O0N|x8$ZIZKWa_MXA}v2hr``d5nf zH{Xt>wux&UYY)A-=g6Ky0A?HjJ&b#61g%N8Y^Zq(MCcJUSl{Q{UYS+xoL20D&fMsr z7ax~4bf|?3YE;DRqBNgojwJMD8XD^sb~kb!Es%<`b@rEV+ZyMvsvGXZrHCZf$dyvG zV+_$XCnpGXkB%6x47#z&QC^qlcS5X{9ysYo2P)h|8pTDdHG81w32>0CqZaG>GJ^!0!KrR;!(^X$NiJRvO1~V400nW zduX2oDAY!5hW2|@+iZKlWAExKtHSX&Ej6y{cFlC-JG$vfk0nc5H!ABV?MaEw2utQ? zip%`-MOJci{=@I`i&td%WcmDC?C92_`-=k;8NKu>ZGSCgaH8AAIh5#W`N#|C8Ih)B z-jVXTfIp@<5NM&b(Z_uV7MHtREM)VncwCddU(h++$9u$j3XH*Tw7*zZ{s*ng@@aO8 zPJX{*!!>B85Ei01^ywEt;SJ`hNhc7(7w;Qa^BTW#Dtqga=f5MZ&O_nFZH*K-62~+* z)2)|c)ZZUMwLmX*Lisfq*7Hq*z;MF7)xyor7xvv#WmfN#A44gZ#<_NlWW$}uImp`7xE^#8=9bS~xXOr$=bY80Eri=C$)^cVf zZS0rCnnPct3bHZ>z{xT{bS$(w=qvM-WZE<0+up0fhRiZGw1k3O1jJC0$UjL{ws$8mkjoKnoU zmERA#tz8R+`#CL z-97Y6`ykv@JJ%7@j)d*gOt&iuT1Q8K^tObG*@TLaRb~@U%~_xjRzsjkgYV)u6(?us_U+|N1%;jJS0DZC(H|oTlyrTgeV1bjxeEIARa*m` zZ9x^m0TYMQ@Q$;}5~af&;Pu>XmeGoC9NRRq2+%ttPbRPfYVdA8>k5$T!bz%iU$qrz z+1oniX^5>9EFgfTxselIfHl&Pl;1T>t@W-b`>%3yO%5iJ(I_7w+||;l?|p=u1?94O zTC#^-UM6S*Ni`1{g^n;S1FwZ7cb*Xej44@t;b;p6peRWy!L^lKUBb2X%W>V1F@E0p z5!r`|y7p;uxAX-N$Du&afzHi_>>SPHyeBe{S=*T~jspcc#JWas(c48&#-{F`^8n-k0sJOrB81^1qF8<>ArRQ5 z%`3HYSsfHvafhtTOiq09_(_xo-GJPbw4_%FwZ7^HU*pvd=q7=uz11 z9@*uI20*HJ;gwL>LV=29)0kafifs&K#rEs{NYEI}+JYm`_92LNJ!gJpNyv{X^x9j6 zZ`{TY;C9v!Q#wZzv_MW){?R8NEl^MqUXbsi;U(Iu)4PMwptM~Nln;jRx_UxDHoC+X z?@&cM7X0`=Y+{x$KpTx!r;l!aS%4= zR2s?K_R6D*M5=9xS3pO6lItG>TGGYcOdb2u`ZW~DW=a&@x0UtJ(W_ps7LVr+GDZ)# zxMEb%j|lQ6n9h6*R`)fuRn;S5-9?_S6_CwqDTrhbqT^>&9cA~kl70Ck>&qhvLBeUvSJftuw(wIVo7?Bxc0!7jGjZT z?Ra`RB$Mx7kr#6`%Kwmx-|s^klmHqja43j8?A)MMq}xc83t1*rH}h(Qy^YtzSb zx`muTCf)EMQCgLV=I<*@{FU_CCwf1)C)$qoA>(;Lb@7(|PSFw_K`gf)0(Teg#hbbW zzPv%{IFnJIP(d^G_pD)z{FU7wBC+I;F#F{g=Ar_)-VH6j!ZVQj#;HRoqS7oUo?91> zB9TrdL~G!ouS02Ba}BF0?hGTYDStYg9PUgIgLT=jb&My1(-B8W6tS>l!eo5nIawv+ z>%`?)AWzXa`Qz2mFG$wyZ}yO>{XhYNwfzm+KdB*c58?E#GC~faZ{$ZA+l&ze0}oWm zgS92L^QybwPU6}|WqCh3Za|~)XmjXZH@tlu}+!%Z~lclXG;rqz@ zFxGWEP$lkpXo&t(`1>rb^rEMD5B|2u_t6Fng*;UT{OD|nA2tYgl!aKnc`Ut%O!@xRLf3}sJ9FcilS?g{%?oh-$3gmATO)u(zUXhLPQw6zM< zk?00X*q-R`rVr?ZQ!Ai)EU~wo6+z@hhNw&PCvXM}J(dR~zh_VAt&L7b?N`r47DyZ6 zZ1Ot5>tfP(`@nnF_4@USWv{b8O#Ui|Qo~gcuyNwJ562NH_^(dQc{Y_>)Tz5TmHH-x zY@sslgU@Y_lXQ|I`5G|DmtNb+Q1z;tKdwvu3d($~7tYV`|I!>qOo`kmOY~%`K0H5` z$@}Qb#@F8Ed@LhbW!Qw65rrhE&wPnF_yfFg zNop)LkguzEth?`-WTqcdS;HoXMs- zn--V%TiA0ss>BO61=)9^PHR7ze^U;K5Nr;PO`OQrfdhLZg1BP(2? zl?leML^~F}YizeI<&Nv_n3J=MR^P*7qN)XDMxKp^*@%|iqcYt4(#Tb3842rzy^I`Y zBM7JRxl;9obgeh+r}(Bjg6Eg}ZgHT+NU~jCv|SMnjy%)d|nB8?tBbUcW*Ew|z*- zNJz-aN=gC*F!dBfCzg3lOaK?~n(qE7OFF<3@ydn$M5e`Pj&o%4DiHiR)|kYGim zNk2gzTJFGhu8O~Ij4fB2sUA8+|gdBtz5Kq!d z%ov;(W$`aod9{FOT;!QYA&P(HmG}ZI@NjCwxA79<_;@os>G1fDF^`mRF_i4v^8Ajl zbpK^m`McRJJCe`SU6=|H8k1;(EH9Zw?I_oRxk6f`z*)11>5~~(sS_EP^vKYl`}HN~ zo|DkcsS0Y-i+o(`hIdE}KdKeRb_N4lg52Zwjp|S>_+JCnry_blh_w<1nx%SwRE)^V<>r*o4qe)jnDRV%aG1jju z6Qkp)@F@>k#>lZJCtUJ}s8hsS;6}=x+TYtK3dZ582J!0E z%aU}^rRHLGi}r=bVFQjkvl@bp-AgKCC~Zg7xBHf5U;D*o$K8^|)uQ42H&LCN~yR{xWrH^p`b^SCZa6FN6G%e*Vpf{qc1>cS!q zYydIUg_Dg+--Tsdd(2?F-*$*RNlBb(_<`n`RaC@{3dKx%G1rhh??0@SaE?Nx&6no? zd=j%;Z*-`Bec8=QtABkq&;adjbpE~;0cy4Avxp}>(}KBFWaa-ku#Vi*`OQ-}E`f9pJge>y)3d@WsmPc^?vq{D=7u;VufEzy zEwJHfW-Mpp3`!)Hp?=C|uAHRnC|EF$R&7EQ`{URSlOP=|C(a<5?JLEHU$$-M;X`su zef)#bQTz7c^dj>pW7Do(gLqCh`eyW-es~VyHlKA8XoiX;gkY@`A&M`a6vyqC@J&6_ zvNYVzmN)v}EXT2g7@7E=)rB7#ETK7dEuVQk5=zP{9V=y zGrB20PqipHVhaLhO{z!Fpq;0BMm2`tr-*G}ygkFZVV0^>ipxN!`6)g>o^!9Me{Lm4 zVB0Nqp705~M0aPA{z>`T0(>4N(Me+>J^1>zN#*4r{*E3ah~@jFNRpK%=YE|?+}yAA zKYPu?Z-tckTvl4YPTjeTZ{|AxaN_3w71RF7G~c<%2xY5^mh3CP?Vec zR7nU!6(V*{*H{z7G*2bTct#d|bz6;voLV%9edA(PV!OZU-a(h|B07pK9nXm^gqxh| zW{0kOkTSc0tw7gpu;*nJWo4W|v$@rl?SI~i``DtY8zJt+n7?(Sn@c8Mtr@!Vent>u zPs5?@n??VTM9~9oltbX#N3^vO!S@7bl|e+?&8S7f?tE4zhuERTw5f`96G4cEY`2dl zHzKQ{f7T@jZ}#GLwF0VBW3pfi--RM~LK$4+S_@b((!p?^>1gnNq3~ zcMiMG+)wUrG3z7+tv-8PuDTFPy1`mVk=I?&zv>Tvz(bSlviOy@tpvN+0{JDG|31D> zpe{ncXbW#}#7IOWY+U<|3;8EF@SuR@xhY7!{0+rFkdnV=yW@$yXLvMQtK?7}U+olj zE0#78o_yOnC?2wjF4s;`uoj;=ooUWydmKB{-9*LG`_4!WHzhKvh4MPk1fWF>LuTc( z0<2Oi@pN7)@Egi{(@WR);3Oyy&F4Z@bebFrd`iA1dG|HH-y~;!pF6RS)QUa1&37dr z*&$^J&&Q(x@q=bx9RclD=@&9mHj7T$JwCTPg{RCGMO50P5vSv>yaaW4D~v3bz|s%L zil!bRE2Ed}d1e7ES(Ss;nI;BC{xyLkNSo2LvcKM1B79*3q>-(`x!kR-$n8wOx;e#JK^#|__n_ur|KGSXb z*go;-+DNBYAr?mSLtkq3JTo<rAw z?W_7dk*{FuI{%-aZ^vvMAD)PuTp9-F{L%!K{)baiPfG zc)1Ww7rhzfRx7+9tW0g%lS+vn|7&HiTFK29J$A}*Zrf3DHh0n;3-0dB1^#K@V!Qh3 zYN&%A{_dpui(2dTITwg#a#cRxSS=g$c%4Le{K%Au!Kspd<#1f2GTJqtMyALI0(WN`uh@Jse$4)p_T+8D^SSn^MmC}0!_Bnm zNi{m;ST!cMuVC@v?$k~DiUp}vQ1)B&=fk^=FtGH!v7T#*(|o$?YvpPk77y#HOnomA zulOK)o6;o}+3airXe4aV(WEO?=tf-1t&B*ws>Xp#4aTi1PGyVyxJ1*}5oM7EvZl4u zWxbeiFNl!?Kd)&-I|4Dor&*Iua?y@&s^v`D&VsMl!u{#=L4ykpeN#~ zYOVU)t(5tAC9MRrw{YLoZxgP)m}Iy-XZlt5wnkZ^LJ!ZQUC3YmfubdSLkbL+bGI`? z*+$Mo#EgD`9M+0fOfEW9j2e?H0|)(#dsA<*>Cn9kcl&$irJJg*0KP)u?cHE~amfn& zy(Y9|CH|)%2-08jQBy@y3@+|Wt(ER#s%R$zx9PReecb#T`;M%1FdCr&4g zVAk`g->k7F%w$?m6H_clJ?rLVb@?MU7S(`-{N3@nvxF5a*;P>$WF+(l$yjlv){#8a zG77(PZ6Zgh-q%?DBMXZ`Qw?SBo4q~1^Gn+6d6BkllroD?XhwSZ+m^1Ty5lUBIR#tu z%rdL&*#WBfu2>QJ+P#;}T1>%T={0fw{M;+?y@DEv^zCuJIUng!7K|stKKGAudwI7! z?(?a_TQWTDtzEJAVaxOs<_X4fm2FO`PU8N}+k$Eh#LD)BAS{#KGTR;r!L-j2WBd$y zbsIB9-&WSc_rsy)4&#bNa^_W*zG?MmFZMYGHYC19eCKy2*PH()+}S>bXjX^58dTr? zSw?@!)4!vCzP*rH!Ha|DF<4#qe5i8MIC#=y=Vj5(yU;d4jeaksg9zF6f%g$P5ee?3 zcAecUSOp9c!eN&)B-3B`uCtc|ooMreB5Y-xayrWv!+y3N9}=71tLw>qL$+Y*ix@_5 zrU;fNUd+dRufE}Ey704g$`C2dL{tl6opQl;Rjiqqa^k+p^0Ic@MEZYNgkv z6rswN2T3r7B2CxJvW~pF^(JTnN3f&okL`5{5sz294YKqiq|nxsS&Zl0y8G5E0x937+Mp=7`|3}^^3<4C2Odmzyo&- z3c+SztWW<+jK0le0dGt(p=u|0rWnOo%6(hQQrGDruC}jZ%V2EiP|dJepx3sUY}s(T z@GCm7oTgsE*MzSh10d-rncdiqq20qWZ>a4lB1ZA+kT+54kmVWSNBcy)a>gU!8>i*C zbUO(f4L)i9_6NH)90;9{FjAo?jf$@1>EYulD#m3isPXU*;wKVKL=leI*k;=P#0hUO#HWo*w-=Ul zZ25CYZTg0%74HJYI*Pj*vwYuF0S#Hn-ha(VbRc^j;eV$6;J_l>Wq z1>U{d5s$Bx)%7ZjDkW#Xr6tkqBsnQ{)Zhq1*ou7!RjysP%o!t1f;oG=;fXUaiqi&g z6*yh6Us8)>lj=4O5%qIk5Ak1l_$!*mIS?q(^)REArIv|hG{pwGKTI+=ef3D^&Ym$q zrXSfRDy1GdqQ`P*e@%?Rl={6RK_;l?*V3;{1)C4weO6}NKAp^Gq*@=il|E!XG#B#b z7rp1|<^G8Ewd3iSxk)7C^;b3;id4B*xX#_xv^({_{|&+Vk>Ij#xzCzPZa!MAGiZ{N6}RVMBzr zH}K9ng$XqP|Cj()QJTjuhLZ4*eLR~ejo}FWwZa2RC-*msbO{+pG$)1l!3Q7VY(n{en=W-m0`A5ycV9dx`D&cFxr=DuUvplbtBe&x5Jk2Piu~@b6L7w zx733L*z38UgZSa=sUz8#ISM!Gu3Ih@4}cs!-hDRq(x)ycvm((@QumUk0iqHN1;Fw3b*1>U|nn#_lLb7KvtA z8)CW|Tt4CdwU!@;meD0z{!SLuC$^QlZEO>0)%b-khA`8YHo^M+T=v;_OVI~&TcUiw znQ@En_s4{(sRyV#24*38d!rwrY_c=^z3I0~@8A{Bck|9+E(moBSV!{3#u)k<;C3}> zUfqQf=X+T;_?sA-xPH{37>MU{A@k4Av-mVQvxrx@B?Zyf(D2yPH{z8u7NE=)rmZ!VXuBjVhXSSFSv2 zUfp^W)iqO&A~T{~0SWd-vG1DiwtrWQNr^3Hgn6zT8F(LTWQN-Z0TU(yF2CMeSB|iRzDzjL7bLNLoknMyw;-?Tz zd`0XWJ(7tzbf_YDi#mV#E>$YOO@>N_-`n4&rz!eqz1uie6XngUfmFf~x*2Ws4cucW z-*7b3{-(=$;n(b}hYonJ0}Lg5Fv_+V37E8B6@su@9+ak; zJNIKh2s(OeMi7`%%4dQtTmuwGq{C|oO%>YSy7ueHvXwNVD=5rU=;C_z1-kI4I`Fo1 ziKKhHoM_y8Ww?isB@^`ZH-DK;R;;_|ZU@K9NynB^GE1J$em%?fBO#*Sjk+72468an zc3INhw$zjFX}Ef?^-q?v>JMl%%ULKDsXb>F@Jte$txkY&>^|PxSN1|LQso75 z>lXaD(sucP)g@yS)@3evl!g;wVJiZdkW<1L+HVCYVWd;R1n)h5cdN_N8p;8;oA(LO z^;!l;6u;LB6YY4H4 zKN&+^*7P9OuH+m8(mDrX=hV?x=r>-gRKGdh^ow_+bu|=?j~|mi-^Yb_U)goKr8O-! zb2c6e1yONt)S-DKX6g@%WKbn;BYq{JzZU)p$BvtM4Zi5k!=3wOzVeV@uv?VX`$dE58TR0Dm~x( z)6<=!DJckwdH;E$y{^`P3!+9%%q`Qx822^7cADW&-Q(D%QcLfEDUu~OjBdxt^%TEP zf+jl~OCy4m# z*25C!8~Ip%{}znxW3N(&?$m`s566O-yr`ospms*uj|-Y%V|ck~91MoItCagJlRtQU zKgiO+)+h)lPF)Ci4fGraPusc{I1Jyh`LX+LUrqY_F=fJt`nDYVN$Y^J)Za}L|92Y(H8ct`dy3y~3r+mQSem{sb>eq1z-r`yU^ zPRAJE6?4pM9}U9!GzM|g$GUaAR%hT7D$GZ@C;4-MSynnvH?1e+a{lwvL~RZ6IR~Y% zL-zP8_@@1>0H@?)5a*st_U3zJ&NBwa@w2x*g!B}6(jjvVk@bz{j|RydEb5Uj_Z?2r zIA>*y-99#}a^YCb#E};b4Pb2Jk;qt~mi9BRY)H~1qNb>p>+D?ya~Mr|ebps4F97}M zJ;sLr=uY_N`m_3so?J|-(nbm4_w|rQuMc>v7F~W_xsq68dKCH+zm1kP;_x`N9=1{6 z6N5e4^^Z)WX>J2ncdx<{A`rMCVKnxgBsicD?lRXjd+fB6-o?w4UMZQ_%Wj=Oy_LoK zZoDLuc!c+N3FJvnH#=jrV!f&|;6Rxt`RUER3V_Rg zL(*QbP;BHDgkSt9L%{DLhCnh=w2rvA_$2+HianI zH4W{!tY3Jk4PiRdtYr_4zDx=4Oq1Xdk_^<3%>UgktPt*vD&*ZepdiCljQj{q5CHF3 zh;4jInYdJ25kqylhpK}te={R~{pmEf1I{FSW#JkkU0OZjeN&)I{__0yMyNS$zwmH< zdID(SRmG*E2Bhr~DpVc}UK)KUp!c0V@SzrtANUe#z7uZ|$;rOa(o8qDZ>Jx=ajW>U zth2YBU^3(lCvJ~!Qg?+LO^u7YX4mAXksGJ9&#F2tk z%KEdjiG+!fov{guurP{~v!lsp8x;3nhbv(jx@uV>PfsL1<8Ij}f@oB-bYH$rt98aY zV+CR*n&3&q?*|GoO`Gn0wM_mTVUC6UYA)=}f>ycq`-zWIM3)i3r`#ziP~hN^!kM~1 zNX)^oL#xXLg7<&jxmGongQ|B0J$^x}bV|mm67pAlj`>JQ|5q<0aaF{%B0dk85T$}8 ze%=ukic+Zk`x?_sr;HZ*b5m}y6odKm4h%PkiUaT}Hw;WE!XC}@Kb9Dknk9@fDr3RH zOQ6OeHBn6QABC#aG%i}8^GFaNrsrwYz^rw4 zVm%Bc+UDieJ6AP-WPtuJg()zBJwq{-q?x+2+f676jj;fw^<>W|K7wXV<~UNj`>+6J zdSzH)kpd*H`{eS6zbSepOICBl1H@KI0K~qcW{6g2M53tl@wZBo&=)Jm)(4(NKPUJhD*H_ zyti#IGrIYVLJB|uk3LooIw~q+edaL^03{_W5mJ#1k_wKZ1EepHqX##ErMBEaN497# z_&g>F7;|^9X7lNipiS52Z&T_r&?K*Fu_sUUjEHtC8D>UNP{jhA7K%Y!CWN4`4+GjpNWd)NWj+kiEE67bR;r(o#n#*yK-(`V1}hk4 z`~(cPf-?V72vDUYmpe+e0akQdU22{#zti?rj!6j_0FQu6WfKu5Db%G0k;5fP@_-pP zEq+)L5#?FFku%?5MT2nk#Ni7v&Z$j{rhNMf$~w)bevJ-8Yh`ek-kC;%qgU3cRpx(e{AWZlY@is|wQd8jHBrV_$Xf7zQ+F+&3LfWgJbMy`}pt3xL`y6B1Hli!c<@Yms^G)M=r`ICbHDNx0ufx(f#V zAyR+!g7<7GTKfIKQqqud%;by#!VeRWmMMexFC$7qlFtBl6U4|4@VTSRS@FoPaO=v6 zw0DvWG5V_rhX6-;lx;64tPxEyX!h~6 zcWlpaV}2FChJm4wct$Blnf^MGhXSx!4js56LsE7^z;JTcrNq`?%*o|T3UT68yB&wm zB0jT3fVRT{Xk5uq9KYCCsqMwl6}pJXY&O!*Ix+x|i{%%SM5K@!G_wH1(5V5WXm|V} z#6RXt&Y}ih7FRpC0PVzvg|fsj%&c{v#w)RkQ@Zz}e*mQpV9?(H!>KnWRb{4!wQR`% znVF+KI|=sCQeXen@MjI6CHKuU!JR*$v8z17b9el~x>SHz_(|eGa99{;kYcuylz^3t ze>Gwo0F8Ni(5a~u0DRQ52&lzcAlp|2Ng#m3nGApnHpr3%;6+;vDcvl%fHJdWpPleY zrnK>p$O>LhR^!=nY^Bm`U?<{%XmMJS;;{V;&E=UlYB8UsroRreuk`GsJ^Y3Nle99d zxPT-8s!+&Y$+5zgX1TlJER`w&jD)uL{rGs%X?~gga`88aJCfs9A)mF?d^Rf6#*0V z>(#SZ;E>b^*3?gPRuYKArOoGGI>E&$q*L;KJT)BgXsL|H?lLP=!xCH*;?L^l2h^uJ zDPvWX0;k}&lN9utfZ65nu?TX@0n2kj1~*i z>Rv3$19(?0?FFW%s|qe83&C#^CRbX4i5Br7A14bdfbgs=33L*(D6_q@x(Qq%P6lBh zdb04w09aKuJmL%8~nA4mci$;KoF^4@2+NOuibA4!= z6ZL^HT&Y#vu%*co)Dz%%Ad&K1`@6I|dF=#?VjiwSo`L+0HI~TnAPj_!tMX{xDVWH&M;ynQ-=NEh0+7rEhbcDq?JjcFw3 zlTvT}|uadV~e*<5`pZ3c`2>G|ZL0V^jC z$ixAY(3~=NH%FiTeVmssDl|x z>DmA|xfK8Z?*HfI0Mu=h1p~ecm?01+p8t{P0J8u#tPg;g!ggLdEX-sVge1D5lbFaf|j4hZ4KKK5=+5D2BVgC9ijgJ~nBdLD@pPQJA&Yus_X!6ZHRei?`E@{}?s!e?8%U2I}=6 z0Q|-&0DS+;7GeUJ|KRFBc7ch{lKsDKndFuJXB1X^b@-x<&mU&Kwb$1ow^x}!`MF!p zO+-;<;rPGCWxOP^>uDIf(?SiyP4VoL6#YIW4~{C6+fOCS-wl56_M!WgCp?GKSi3)i zMJbIW>@ekB`_Fc&@YWqD>L?FWKJfQY_3XajKaLLW3r-?oRI_HEO}TXFT6&ELwv_)L zlezup2>YL-_5XG>_|FmjKYdsK?P&F%Blv&%`u_8XZSf?gofA%(SN+*l3{=+0z0F?a z+EzYO{*$_0B>PZ+3dY6c^4Zbge0-r<*na$Vf8Ec&U4+($`_Gn6Bs`3Z>E8i>=k*P- z;y=%Yfq7&6@3t%X2f6jX9{Sw=|6p6^%D2$2;4)_ks8dNVZjidb1TKH`;bh`w6e!F_-{S2tiU6D+BYVO6}}{%_maXu2Koo?8^OJ8UM@vc?*z~kfh!(p zOh-_0ns^Efb|Xh0Ptu12PU()VHt(gPFqh~HNTvx^^aM4#J{ zL}3yLYw25OfSmt#A2t-`g#rkPE+{4aTpk7%$>5w42HVeX5cN&rsmdoGWC|Eq1rXMA z!}|Z+@c)naM?e;7u=EA~gQ##=Y#wjw@j#ZqiTw+TDlQ5*g=f*h(6UxZtQY;&z?2+3 zWn0e{!n2&GIQ~79nTKL(7!d@g0D3`jQ~)d{kS%I{mdC7gBcx?bEdG}oEWW|Ufq1TP zo)u()8@3EfUm^L4v6%-P@cCSf9fg$}xEg}PDkJV&1i;G>;Q&{y+;Afj)O+Z`gQ&f4 z|E2Ll%U5OzgfA#eq6Y2Neu*|hYZc(@f^jER4WZ+mrJkpXAnn*LdBs~AKNyMfUcU!9xJ%CvfB$~Z2s*r8#>S-L-bIgDq5jH#FjNk}I@R@WrA-Yp6sJ(l3d8`U zBEW`19j$+E#u;~_`{7K6DZNYeIb5KL09FK+Fv(K+5`C;qJ&zCTigc)54CnihTV{Y2 zEn!FCJ)hgQp?YM)k#cBxhd_gO&RLiDfaRXk*z)fc^Yf|5|AA{zD#b)M2pPT&rEX%- zwWYZYM=$-az#8OP?>S=_VzG9pU4~oc@sC8EmtA-FI>Mw?ipF^+l9*h-18Wv`Ydqd_ z63ppx67k$eYLqg(!ZP55)hJrlQJH_MudUKPkWu$_ZI@XkczpO+ErhplFajp9yg21s zv}Q3Dy8#!kRg>>dF|t$FWNn{n>~9AO?It)*?5%aJU3&FFtt60QIi~|-bb2e-o1heJ zfnqB#GeIIst)!5B%P_tf~}ZUvs8QrYrwIa>YgXi5V7r<7HAK>X^+nH zmto*#jx3gH{7vukT_G`jKZ8B-aS8foM85$Tynn^ueLl%+Z0p+G>S?VvdSoM+(ghgW zPQkwnEe;gS)^>$>bSOTp&b|>cAn8;$p;%el0+?^bIF4j?xsV{pb zwDpnW#M$~@pR!wP2UUMUYY#y#3r@>hMfm?V^}>_{($(6=k}@SQpUUitZ(+)F%qC6( zMVrQN@>UKGQ%Cgr-NG8=2~0#7=XE-Eh3TK)xXB0-mr~Yufn-?$|BZb1-=cGQQ5ecL zYk#O?VeMmk(O)oP>7bo0mpB!zyQ1mcu;z4 z{j0y}U^@kf0${BcNG-;m$+q5e4+RXe4LHrI8ahNoBLCW}%Qi#qq%tc3cZVrE&CQ|T z23~bl{&>m4ycU@74=9}f0@b6*?E>bb{41-esXddiQw)jtumSrpb#UC^;CA5VmucXX z#XC!UIA5b^Nz_<8X?hsue*ggj=wE9J=0)RM5B=+PG6y9oWnbO|l^Y^V8;hLlNF!T3sx4^6F}dWN+t34pY)QUP56Nfb#mQZ1q=CF$Sj-cAoY3=7ic zckgk&uzn2U_{p#nxYxfUosvd2CPzbACc#BSZu4WW0w6BvClCaH)GP{PSjnJuUAw-w z{V(203RA+)_Dq0PN=edE(1&-gWTVHKIfwQ7T-z%rG9&=vx(Wfa;(FF%kEU9?l~Szq zEEnBtdbdxGdqqIHiZzvG-Q2Vyyr&`&iwEskk8;MkrGSAIvDsBmT2{s9!2S=rmMZXS zS34^%A6TW!XO6TBQ>Z*Ty0#<%`^p50^#wG!pT*W3@0pYx`HLliir0#sr;keh*Yxs8 ze`5NIS&=qt_v$a#=+Ds@${`9)tE(}#+)F&KYqH!9+!IDalxGDZ^Da}QRtS{CjeBf> z_CyHqw*3Fn8%D#**&`t+)+qD8HJ@kJlVi6v{D^vNe?g|^Ghra}5h86=${6iuf-!Dwgj*ShiF|&ww z13l9I54zquuIcXm9|vqvQBe#eR1l@6fFO-=OM^<+rXnESu>k{Y8bKJ1C?PFf8z>DU z1SCgD3>+zA8!@(h&+vYK;`jLc{_%mZz0Nt;x#D?U*Ylj0ov;vu=bga1j9^iJ$_yOt z{K=l`qzas@;HUP}7Dfn}MD(k;|9{6~M-;(_(rekke3mVwzva2fAEe5m!9$d91hxmO8RVw(Ho6Wo5Z zRfYTjMKRiV&Pmp+QD8SNk9=}$0iaFVa6&COSmgXMC+o5f1Wmo+Kk}9>Z@S-| zVv&?Xf6`peY}Y*dA2r>39k|gx<30UDBvt7nofk|eFon_Upr~|1NiyMGnE1^EdZ|3k zro=fr{SaT3sM|nDVYrBmgVx5ghL=?9BbgjJ9!I+%)mZqp{vL~V55D^-ROe1YY0i(3 zLj7$8L5W6FlARVJnJU>FmoVOQAY{JgN>RIJW4YE8o>iz@i4t~K*dg>Jdxrb2!R-o+ zHD+j5P{1_n4>3r2$1CIMYCQwF`b%h^$N&CF=9H;zGu8-(Q+RY#sL=Fk%3ojejS2PQ z(N`cxhcrZ>PV_|)19gZ|vhN3vLbTU*Gj=6_G|`&oH~U_QcZc3J1k7z0FR~qHe(OO6 z7tU^HP9A(_(3`zt=UvJ0`=YvvElDip!`-+cr_C+zk^}If%U%Zm!t}lTObD8;uv|K@ zc_{B#kIq1ycmF{2eZp=u_`4h}=$*Xg!;nl=pXM%LWJ(VqdA6Zj9OD&+b-)W zY;MLxW|(#FR}b*p=CBM<9_)L|<2m|$7q|xk*aH+X{gsypI$r@}?z-|2;)FzIWXP}9 zlE1}Ju6n(3X51>DX@iY<&ZKH)6=CKYyeECLheuL<2?3GxO5HQ^xEGndt7Es&_;Inz zoNzD$YTd9|KQxn1;^eSZBh2u>HVjBYu*_`AN|1nusxBpN7l~9l;|y@wo+TcN?f zLmlDs%gMDvX>fXbZ9o97U}KE*o09`S^bE_h;A#@}nT{nZL)`jq^i z)Da|$SF^ylSRDw5f^DSCBtnrIR5{_^|6&bC%7^;eb(h5K8~P?1$4RH8!y;qtS3GB( z2z;psN^o+O^V+oor_>;fR9z)7HGA;NnEtdh6b;uSid&DXb?yk3;V`K)T1LdKe0xHp zX5fmD?(UTLq0{UwbYwnF6BgOkntrp>2Z+X01 z(nl)e>dUrX`$y8BM%4#E5apQs!Qr&lfu)Jh4Ho}=?clE!=3>gJuqDgK~{OSwLCaI6Lu|}!5 z`QPW7k9C{eAkMPu#9tQ@tzerqdfVNtv}99HcZEaX1E<%P)-!au1u*$vjh2&vp=1g*8sXWS$^Q;6;gb9kP;)lP|EW3p&Bf zR1d0rn|)0zcbu|<6Yv8v`8~+CsXgnO7toBp=alc0bk|%Doz3G7dy4{60i4JY!Xb%7)4Q<@W75k2+GyL&NZH1n7q)6W2}5_9HCQ3}uy zO^7qbW~@bK9=t)F-Ka^ktk3r~z;HXX&l@YZh+UPF@jpcr|70k(RJ56#f;|`~NvIWN zpgJJ7oCzOGhDF=7UghY`>E6)zFS#5ymp=oILqX{Tf^yi0#q`#dJOQE3V>*))M8n|A z9JgF4M)k-+$V$yxdh2Sy6yB!v%tGfw_+NyGN0kNhEJC?-iITYOPNio;mV(U6$6uHF zBEg%z@H%1J+ z#74OOm2l#j>zJ|BCtg5)((;40V|)3f{(M@DW;)Mrvx1<~5NG7OH9a?9%ICIY@^+uY zTT!ZywtE8&b)OGD{XN-*NS1+7+Z|=h{TsJM>egb{2UAj=WPP(V!RFjKO(wPJ{dB^6PVks1vP!sfCcD-Z=8r( zdMg?NIjD|+ucs(?C=KL_OgB3rQOrf3CtQ=q?D+D`jWwr~a!fX>RT#5KoUH1N3WY9W z0*_ha6K!Z1v5Z@!Fxp8o`8% zJ!~5Lv3qoq$GcbMz*c`1){fEID>q+C5p;gd@+>3&{$@XR0cx_!N)QC$Pc2F9Ud+fD z|9^&JYo6^^SAZWivQUbmMb)Dz9d)f9Hx)3+0ZW}r>k1(Dgr>~4fe;sffG>Cl+UKpj+BI3Adh=E@(f zbuVU3O@dcj@KcT!UyTg2b?5f;hVTXNUfp3wy^(Cw8T4jHIxt;}e(Zb7Zx>HU;VB(N zFiVCPYa2kCgqTR{*v5TkPf3-*E8*fAoSCSX&5+*|Y-06M1=_qzfVT$X8Ybi1HFW-U zj8>&2#NvHv`Nk?AX5(vYTAQ+4y=84r9h%WibsDcBV|;n5K4-~J6|FL?C^<+s+)-IL z0X3MsGlz4YC83oFc%UF7LVk3-4F_MmG9~Y&PNMt5KSHNFO@Si!=R94;ZyqU?97jCm zlV}i&f$I3glS&AESc$?q(j(@a2U**GQO;wh_{C1}=-d-9(vE_PuR>AosfS`ZgWC2J zGD*=O&nO|1Bm(Bw%7D-I1tB{C(aIr%^wuVBmn(0McoHo80;*>Mv(u>Vz{c`gAZ-bh z+0p=0@8xD#9kHx@vgY@i5Z}3L8DP4fHeWd6Dy-7h3&fnWTIcDiNJ;5?XYyg0J10$5 z94#5WTSx0_z3zf!`5GIrg&j(^uQti3Q^)T*1 z8cCv5aGOV2v^U&+DAk&*`J7eJpxzz*qi$A_plsP6=Jk9}R0;N4CaM6%%vUl|Ki;tj z0Qmm!Qd@{qy%}09Fu~!|6RmqKn2-u^hfx5mP3pbvKM)!~-OTZ|Z|{!pVdi2!yPZ@B z2fpm(t5<}^H+AkN1?~;a*%zWp^Q|H_D(ZaI-8{WwtwBE?#G%chA;zP8OBjzFZUOa! zZH_#+&S3jpmaPkPsB3s#E*lm53KN4^06*~DRD(3SlkGQsA3GL+Jy+iZ?!ZTNJq{eJY5P%Fvl88&`ebY2 z@{0fO?xzV;0Acd_5~qHW?L(JKFe{^>-WPVZlZuwzNns~@$SK@!!T&qgb-5I*ft~^# z=)##zbVTX~P?f!z*nwbKC+9(lsGlTZiU!h+ESF*12&dYO`F(khlxbUVX}-5yKl;r! za(?1uvxhLVjvt_gbp+k-mqlRNH#W}^0}Q4pW0wcIPu@*}zL{M>jmr=Oe+sb#_h@kq z_X+AftgacpyT3+y`C#qI69lXNY!r@T@q9;skiaE%rlv;e`Ivn5pZ;<#ZE?~YKn&fK zufBrwvcFzMl2bV48H+ZB)!Q#fX$-Hmd0k`A%^gb{oy~6`Oo@j;ZaLtE`V`B2)!QV%8!GWDO6I@epGrz2FAW%LM!HX)@$Iqj z9UVb!Wa9w*|GHI0)HH2DH>VukX0XZ4lSWYrr&!g_e!@yPJxg600p-0x@tcmBBsT#q zqx$H64M_SiR<%p3N^3rWN#8Abith=y_pcG1ydx^r5D9~mDILDqnHeA{Y0%oudNXpm zQpa!5enq5M%BvpRtXDk12q-<4)OQ*Or(BfJWZ2h!Lc8{sRfo#WH)nM(r$_(_@>sJT z_)q8Za&oE9(tIy>*%{rGBxGxgoG+qZS*vR)Rg&WFJXc9*rI2(ql?7-rp2iy`v#&Zx zt!9}9{aCx#I+q9Dfwzr82c7nsLNNJ+fues}nJzl_bl_~7H1wsGGvUKeQ264s$no*$ z?@*KIz4>$KApxqqE^oM@DlJeWL-Edj8pK#HG$mL$%wxeOl2xPER;KDw-q^{of%=I& zG44cLJ=~9IVVbg{f~e{%QuN16OFk0pK-eS5>nVUfVdX(n@s?1Mto~#_bK^az8cFeh z3R>1qN#Rpmf5ph#rJtv%Z;Q(uSLW%q8^g+!3v!;6sanznx^Agu%KEV+37e_62rjRc z6G?Kb?zLfb1y3D^j-}?>PK#k#=cy0X#TJy`Dbn7(KjEQ$%DPGYxRIDG_~@AN9C9l4 zpM-A(LUC|4!IUlmH-e4HSVB7<(Mqi89K3F+yy3v8cBdk5SO)ahDvD64JtpvUdbM8Qynj@=oa)L(-_(8sk*FbftGl5A9C|Dm+9y z&$HiKtq+?R5lE77XijGK&aAMLHhzE-Vn>DplAn)2Y@5S&jPTbl)-~Gtv$AK^odTwM zr#2^@AM$~Ex~z>(n>2!h8vNQTfv~FMIBA3aHkvwPww){~^I_%N@42OR*B)N6^IL{W zY-C-?%=?85W?|8Cp!y#}10J&*o}L9o$l{Sxx@iigE@yJ5a-Hu(Fd3k$21;#Mm5URT zpG%kFq;wc5WhSe}QI z+!{`O2?4a2c#W%z(rh;|KQ5Q6LtY-ST`olanU96uQQQ+X+>OF#*aiP~8IVgJIheJn zG{<)@Am=2U0PemobCw-3MP30l`{e8CVxDi-T%YP3&;hZ33NyqWZbnx9s6?>x7S8sK zS?&Xh(b^)=X5RxdDy=c9S4mWqW8*|0mC(GD9|Jv!1br6mEvt|Gd6mI$i=)p>3{z7? z97-)ukBf|#R+W~|4<$FJoSra;V2;=zOrRh1pWHHuMVS|{)eA?cxM!lu&whHpkW%1u z15gDBR&{`9*)0o*3&yb%5vRHKcOCiM*sO89)zOJp`{;gI8>yS1xYM8Ti(uvFXN*en zyRY|;M2|kt{g1Z+l@H7{W50r8Mzh_OJU4P{GnuEjS8n*REG2&m5Ww!p!_)s(RUKX) zFS2p{=g`EMF=u^%aQ=0Ng*LfAb+eyWqqgXwAFlxrGJ3%3bW8Mr288<-+s&FEm#5hE z^L)sQ^?K1@miVT0!;CAhQ3<|op+a|>r)%kLZw{5#?j-rKPsS?HUpHNDyp4r?&bjBI z_vhFtO^7`(M>UB1$i8w>z=Z-}1TLs&`pNbz@md>i9K%Rimp7 z!f`OG=)7L}2&$Zf4OYAOQ%-Ne6Qv(Amd{D&-1|%MKPR=4VkAmc*&etx=p3puP zK{ro3@deb@4O4E_oxLeLBJS^^a)nzf^MLZa>1>f{g1eSy5pvM89rI2$h0mhbV+R{4 z&?pPPz3Xa|@4Xvp`mS%a2o<-RuFdv+dKyE4V^SQYhqAiDwNoSlLKt_Rr-44g3(i3y z%#rnj`ihwRaa`8IjU3X+43y=TZnx}#8tK#O?QUs`$_ASEgrJEfYLAUGlAWV{BhIX- zv`3>8BUB3du{&lnM)x}aT`}FtZ_uUvp@#Nw<^q)FvvQ;T6Q|=?oK{W{!9D}^irInG zL&_%b+uN&$6h*TJ&!h?U%Kl>oIJ!tE@l3Jhd50tS#VBD zCMUCft|SH4q6a-y*obaZ9j)G9hQ_Bf^wMC2$#; zlSXT5xxb(jglzH6r+Iyu^k6UPqLqOjv(D0=o+h&NOLIj#0BukG^j35enr*ThI@^)nq zi|xcc*Wa@tgLB^b-SCI4_r%5JuVN4VwtEk{4EMr$f&vLv-{O8BD@)LUTQCWGHTKB3 zx^3B;nV=Rc>Y7X9j2(UhMW{Fal~~NNlEkh1zciqm$#c++l21cQx`?ff<^$F|(*J-Q z;RE!|`khE7`c#ALc^#f3oGmq@J6zfSAkfEU?Cy4}kaY~Us3j%$3V_J!7M8n0{j@n6 zAM24*Z|{>X}RKjmp=Y=#map!#n5Bk$9D+o)g7+A96ve8C_hdl zl{6MAc9q)e0@9~M&Cf52tw~RbcSJHkbLq5RA~27V#Yr~n^x$Z6T1=SIFodT8i*~3J7teaiSc^InH*FO@R&u%UkDxNO#9bwv3Q^ss2>XiE2q)H%Ebp(LR#7t(UM9^ zhUd@LufjnLJIWVyJp)BxB=A{e@kJxOfiI-Rg+^A4-720dN9DMt5H$8V(5#MDk)loY zkU4;wAaw3oIU!|6F*Iqj+jSATKOm+vTpK4_QOZzwu7;2up{8J0o&Zuc`9jc}Y}Dnh z7-)nPWA=5HE@a*5YT?&Thn>-vK_#`x9gWFdACu%T`HX|FE@Cc(3Al6VY1e-Pc6=J4 zIRwFIh3SGjOy4B>6Z_^q!0Zwmu)tt3UEEp*`o7hw4t9EHIDrHpPH*K~<>x6n%OSLv zjO$;_SR_Vh8dpw3_i<#I-ooVL4oWFtmcINd2e)M$@wu6adQi&p%yR+}m{ZqHe3_EW z@AT1r`it26+6S`>+gYf*ykw}f$KHl0=v;)#ngSXSly!pa1D?GkMO$a@JnBCM)wzT* zA1k{EeGTG(!}MNfC-6fB0%Ns}xgkGDs6WsU1C1-b<{s5}zGRW~%F?*NN(cnvDNqi^ z4Q4MG)h{t2&N5rn=B7rqRv_0k<ym za;AEnKb&~$^k_yc&>E<|e6^HY!=JCkmw)^rNze)pR+(*d{N7G}eZxK(h{(MruTL{E zg$Ux1&j|6hA&^D4#TZb}o^XSzIUDS_>;!J4U)~V_@NJI3HwX9)I>&P3PZ%iHFMI*f z=-Y`X&`L=sutnXm>E0U;`dO!X6!c7F4hBTAk(Z@D1muDQcK@O6`x^#;M4v!?nwP}% zD(6$7UbEu|1DG958_>h9{*E3jNBQ&It@f?8A@&V$ns-H{8>?y|)Sq9g|0(qvb^B%h zM2>b6)X>BJ&yq2xkk26I0?b*qyumRHG-=C~1Ii^TiEN*)XhT4#d!h!Bzmv>N^e_6c zs)6)`C=<*plB~&~sR+ncs6A#lC4rvafzLU~r>-i|b=H&3(%Iu~G3zAp29M1a66cI? zy76b82-dt&`fVVU5F-_Lf>+vQ?;X&EjBpVaV$rJqd>B1xmki}fzD;lv4TT!G+;6Il z2`(0U`zhzTF7&~!mF)pZ{)J}-#D;m%od=sUBfZa^%D%c#ds03#lM%D2l$jKq?m!Ye zt~X8j))smq2gk7X)t(vd!A15gbpGt@Dem2KzC6vRX8kQAMt8?$Kfi&Nr?9fR7%?xR zCIfZ!Tu>Afi%q}DKp6zYXhPmY4aIM`-~IGppLJAR473~amGcMXG>@v;l^v~n>^l{Y zb8H6svH0=!?_x<+nqr(8_%%FoATo4)xJf>kk# z`}G=(<=XGzOm+P7X90`=`mY_U5Uj`=$0cQlpNowde;X*>e5tbZ@}217*WzCupWfxG zcva49f-pGNL({tw5Nc)RTHIYNUs5{^(pZq7rX+2_JAU`1xcg>zhH9tOesN!#PaXa# zn~>(65Q9|9ckljWf#A{wKYJG2`ihPT(xMdmio_}DBkb9oH1qkTMmpTd0X5E%2I`vf z%gEo#J;B<+eomtRDJ{@RZ>?M9yyZ!Zdmx(zb#p?972UVEy0ahvkzlg&QBpBpX)y`Z zSPWD3rr;gjnt8DV1Eo>m>k?C+mDsTJ9vfmT7;R{aGZAe1W|;mZIRcC14f`tR`ztjO zYYFWy)+~Z!GSV<%AM?X@axdGMCETg(G~(rzwqrV-V_Go17VaF7z$lcsx|CeQkfMM5 zYw%LkKNg6m{c}xOB+;?dischYqoppsqtfzmIgZ?#IIl?B3=mkq@#rAPdqMhJrsx>D zHD6IMP)czV-On&~uxS(rO@*P^e-H`Ic-2Acm5gKOSD$g&idG1A0k+r6Chvso&?}Y} zd06(24#1YG)e~gv?67C15loY4i7OX9_t<)Y`|?ab5onODNKK)rG1YWwL90q4_rDxd z`rzE4eNInmbH6nt`RTWP{Evx=Xf=o?w@8C1*J{|fQPR7NIPW6%|)3y0XY7%TZ%_E+FFOvqD z)U8CBtdIib2mN_z)#9H;s<=W?st^-lUiD+$V?WGeP!*ZG-ujOA0D|zd`1BsIt4GV3 z6wa741bham>nxyn?Rl@SkQk==XwP{2X4ucZYcb+Dv)x1nhgmu!goc@;Y<;SSLdY<1JEwwS9Lqo0Uog;!miV}qNS%DUE^|qzX(&*W=1g(4b zjpno%BPn!All)J{z;l&*ZQ(%y=@uwdK|RL>K}%_&1&93e*{p~$$RT46U#<_Z?P^b> z?~eVX59GhdfOx9}IS8{3pfJqEQw@3NpGWwsHt z3|%HaD+}KM@$Am>GcUv3hwYivrhTB{yxY^Y-BX~CtX{ogkyN))F1G4)?$A=RQ7Uyh z@pd|MEYQesuq&^eOBkF{a{Wt%1#OE_b^8x6W?zQc5qw|bustz!&nCt(8-`w@tFHR* zw5#%hZp-SVUkd9(pF{h|O}X&-&9PyryTX4PNP+E|wYEV-EVGN*)1#2er&-6KQzI4D zeu;V0W~nkT?-@ts&90Z;br^iX3)VT%bwj0U=Z^nbUwy{$3v`9;w7_cWstu~$(UtBx z4k6!9F~z{_0fB;q?-qWXV=Oi1z7wuunR~K+!JS5(o3x<67MTWJYbE7*X8&43iU6qJ zUkXzvLRK#HLc6VASUndme)QwteioQVm~9^s>mNx#%oGfjT9$#1um4uHDkwREx+K+~ zV={*GacV6^NijdrSuPsUKl@6o;Z0%p2A`I`FKbXwGzc3PIEhB=%D}9ryNPcgJ!ikwJ{uUH)N^B0XRw}U=nx& zD#d<33TR3BlaDT@Ay;~~LcJzHv-XUmLN=+9S!*?Jm1dA*ZyLd(=t-E!oi>?(Kjg{^ zboGqB8KdInc+c3p;*=$dBMr4;M|p2Kf!ki0(N#pKgE9-s?-t`+q~c7JYO2q5#Wq5m zk_0vAe^VX)5wVV>{~ju==BJ(SzZ@4Z!~kl9q!0Dv_u3oz9P;Gy7{^X@!!dgDbKKWi z)%xQrpM`J{t%1{H(#BDP{T_JK0mfo-^3q}hIq!<+o6q!Rm|M3C1y7T0^`o}t@YK_K zxa;4W*t*ZiHdDm;u)L6iKf+JX^TyW0A4L2&mtrY`HeJZQ0XvV`NS9yNC4##9icj1B z!JkN44`bT5z*o?(GI!`)Kf}}IJw&VD?krKv+Z;U&y<>SYm4%sL~1guJ|4GtaK*-?iXOFenvjUAVvZPQ^~3XOLoCt*+BDJLg<7RjI?6+;U% zf>KvcXQ5C6M)lMQdDfmkLo!gsnLhjgV)-y6{UYLN<{hj@5-6xVJQ*l;*F)Cg$negM zIS(cu8#oE}=Y>S9_9WHROW(79nPJhQF1<5tdRWdW=QgQpiYLo!`F>%3tc?79OB%()~y~Vk|6tSEm zEAoiTd{3!yD{lbtJ!mJoPUpS`j0en&cV$K)jCvcC6#R%IXVRd)U9Um#KreA3tw&NT z$Ncql(C{`QrX*5bdG;&azi-*7zFL;r_RkvN5h)MSGmC_>D-Wbd2?@>l19}atdLis? zoWEZyWi5@-Hw_!7mL{XtOJR&E;UbGEL8*JX&cL~sxI93S; zdYTizE8qKj!~$hKbPtcJhr5hDdW*{H7Ml^sruo7Mu_xL0TMf}}CDa#b)8DHmBOVa^ zU+i*HFmfwlcT1hc0&LgWsl2paex6!9dzdgf84#jn7?@ zrKd1tlHFBz06Qz|m-GrjXAb>krbjNHxVu>~XPcCUbjyl}zWapn zZGC+qXaU>QrZM}`9(>(Z&qgvX;q5S9uTc*?OF5|XZS${`*`nrlDt^CN8$80ARcUwC zk$D`WH=w*Ju;935BKpB)?T5&%vCy7ps>awJ#gecXQKc=t8A>&h2FZL`qMPzSxR*wn zpSN1IUmxWT=%Oz(Nj6FYOp;Bq9SB}aFZ;)@ju#Ku>lSo;5x*rK?LWHcT$2UnHUDcz zu5ZV2M5cb*jdIs5Zhyh9r{-rlhjOj9LGLSCnyh?cS8YDZ+|d_l_b?*{e)P#QYiiZG zdPj5iGfx0B|AF2I*j)aPs)Z1rb3!J_mG?2G8^oB_9%26mp){HvWsS<)Up`}0IU(t! zo9s@%yar%|pef~he1V_o-R`yVH!1-0nvw~HG+h=m5#6d$_W;2T$U`ROQa(#~9P%5PG zT&Gg|MNAN;65Bsxpm?y&6qONQf7Sq^gPB{k~?pzv4d|eJ4 zQ&ikGs-wbHj9e|5S8w+iVZvQ zU3X=3Kz_AO&kF(H*i&gFxJ!xb^4@V-oUGXIH__1#FcAGYWt=2yAH-!3V^A_j<{8A; z?DG4FoIilLF4cPGD3x4BscbVu*D>e7wQXZp6Pa#E`)%9K0#teG4ipIo1S+67GV}$i zRkDE4Yiy*7NIpgZxCZZhd_2#zb_eKOcbj=5@C1C2(DIFu?H({N=Q&FAQwqt>L|dJH^GbH3l+R^)>4nULY@UF@C#<-OSfy0Py_n@;y5?tqULWh+O5iO^ z8}n)e8eBik4U=^qClKN!b7QknOuii8ta@Ka;C;o9x-vf?*bN(HV`5NnC}F&Te3N-v zf;jnwzy)<03B`TFwIrZl-HyjXn4m3LbVbu%r%-^Qh3z>c#QlM`%C5V7Yjau5*^04H z_ja{iY2aDu;9+?$TjJQ#%%uNn3j1IYlkhgTx?w@~gros3A&;sP4L8VNv=Uc~eDpMc z0xBR(Z8%QgDlB3$-ybpVi&X%l2w*9nYrY9T^zu3iwgR}UP@qCfrxs;6CS-FYXMbLr zV6-_4A2|eQheJ$O>V=(o8{QuJa-`GNMAcFMY4(K#=!D;VZiKyfOx`Ac!Su+xzTIW3=$CP`5D zZyhqaN-Ih#5*r`T6IZxF-ONt){}e(k5J3ZKahXlcKlU&f(;7o}xbb`14n(!HTOD%W z!XL5;5ElyaBbRpx<;(ds94KT`HS2Hz@a5PY+?Vy2C4k{-0|*p{Q`fB zXBJdyG7DizrA0rob%rq`{hF_t2P#mZ9ZmPm9?Q4NDS14*OqI7H9B@4I_gF;*{XocI z9We5#6LUoD-MCfqoLSNQ-Y|fr$lGa1dmu*21v8VUWlX*a6UtDX18zjm1BUBi=R_ARp65`gq!8mo_3Ne1|)9PmOWVmax=S^y(mBE7i^i z$qVa3+_}Bt^%x2tMWU0 z#3XSg?tOdhx_2d)`AUiL0}60&LJBt9@h`Yp!pr}qV5R5_rTNSigDEqykmx7TbYn!q zNYhRPU!2cl`ax0(Cw4;i`5h+qb#P(iE*WPqLnTwvhci%`LdNQk5F_B&9P`|WQlN{! zHuU#F?=7nuFZ7ceWy82-T_I*2Pg^|ZYQ%xgqjER z-`uiy=K7%I@LL{bAo$(PuY*+)%6X60nx^nSh9K@j&vQ;xxuK zV;{VIi2l4EFbOkE|MeD9i>S~Yz-lo5pVK-^8!K~61|hhhNB%F)6(AqilgMLUt3B*op~&s^bq$A2X#Qc3#la2a`mdCi zFvU7j-qqFeU7sg4i3)8XShW*1307uExD;UFZnESa#kFj)NWg8Cm~qgl_&e=DxBOf( zL(M!R4>c zp|#)$KdYLgfAuC~q;~ykbqB(kgc-zaL{cZ}CrbS|=C6CneZ2JY)k>k=+`EwbS+DdB z-iCb(Iw*0F?UKZB%6$dayO%Cq<$nRLiu)M&PD@w;~O4W7|@n-G3$O?iqsrH^qzdLiWrHFQH24G6<0Y?>X^(P1%U*|zN28D zi!QcaZ|z-1+th+97R? zJa<%^m*Kx!^R!X8=j-=|{i*5Gvunyks~by7vDxk1;=$xKG9F|^Lz$?GaCcTBUhqau zF6|K_M+ypV0*GmSZXNKXv|6R~>2PF`ytAiImDl{UE$PDpFsIKNigC?0Q0KKx3-VLO0y7V@F|y3rgEtQMpTzU_g_T_MJ__}F;eo!@9dxG*&mv#b7UPH zv?I?K`G;bg2d<?+Q}$rqJlK!EM6@4 zx;O62Gep(Y&L{y71ThA^x+ldi1Uk8t|sv5n%-zRuYqE#>N*t3NXZ+w(Vix7#1VIck_3s(zn)`c?w_8IV!0b@?1;te<2 zKLuGR?R%(ZZz3N8;tzihtzjwmA&j*Cm2YN}ZM{Bo*(^8U`A=Scvp!HNthHwd_7k+{ z>y*2r?P6LJMTmn4m&}Nia8n(KjPauOkew zJWx2L(~(=Iy~4E)?IFJmTuBP3_6Uo-E79niw9Y?ve2i6L}4V8n3r4Ii(1~;7 zRin~Q#0_9gq?16T;iz5JA(g~^o6Ref4;+YriXUF)%^^A%nDXU0-ZoREpIh2zabbH_ zuh<9e;|Ct2&Q7rU>Ic8*#M+kl%#EllQ}#eC1NAWFnM6TEzT=Fr`3pyGAxwrQ*!c61 zlmp=66H>`wm_r)EvgJ)5miX=ZlI_cJ2~A;D6!&Xqc5Y(^ug@D#E(0H-AoaEVp+gJb zawHB}1bCJ{f1F}@s?|H2HX(+2C6$fp_5W@e1+DOl2A=)3>sPRV=#@;`BU|)dW+Oe% z#QFAXmeNfj?w@Bg4b>qs$uL3!>Sz350l~q9);Ys?fMoCT7v9;tPt|w2bhPtX-ZE#g zK$TtHW<8_g*Yc#*%V=^K_dR8}A47Fg692uS>5?G~`dk;05WFNmv9uutWdt`>xGLTl zmDWKV($l17_W2y*2h1et>(}yZjv3e>M)WGgAxjA|#y^KE_K|lE-%QQ!6R&)t`)H~M zH?VyYeQ2U2YcL_=<~h-@$r&f&>7lX1MVaA2esFaY7PqzvSlHcFEBDEcwSG-M!-$Px zX{YjG2O!8-*Rub6kvbj1H?Q80hEirlIxjU^dzEvxfoLUGC@qsuIifiT<%Om{s`GSow34TzlQ?`*KWTgP*u+R3Qs6ds@x} zq7>>hjOI6w3ZE&u*?%N|Z;@@+kz$9;t^Ik8E$wfTrx}HO6;JFLi8fz`Bjuo>xL)4= zjy19I3LovAVNz~iaZTl|B1k(4FIe5e9oZ`Lt9!o^BQ#FBdfYveAs2OROLx!9OsYT1 zX-n}T=OiiEZsn*}s)&X?5ufXTQ1bS8+x*rfZ}h` zC>PqYDr;yXwXy0OIeERbL%5oFZK3IKEh0aS&)La5MoPN(T{JA_23OiemzN#WzE|lH z1EnMFLL)AoUuvhO*Lc6Dbv{vxGunZmVaf!J$S0Z-*;*uh-62)KV!F!;dsQ>3-w2 z+J{tX1ja9ow+^9D8U26f9?J5pYv<{7nR3yP>ZS0Q*6>yirzZ$h0Nki(ndcAuBadMv z%n&_eWle-0V2di$s8rhkP)LyQcUpvFDv#vruWDtWxT$IxuEhB6mpB)MEU&m#3->Ln z__Etdey^)oGT8gY`uzR;;p(ir`lJ%FC+foi^L^{BQoLhN2v(V|F%nvr$dqwNW0KfD z{_z;6_bVWbY94;h^n0v*=L0<&ckWQFMk5?9mREb+g-t}6ov?lufA33gWXxaLUx|T0 z2p@N?Tg{3knsTkBg{_ms+dtt%Ck~FDG<_4y@=T*g-wB<(jeT$%amY2}?`L5weO6CU zERx!)?#x9CNsAO&NNDZl*K;dzo5BBt1wZn30rNikcitUrQ7iFQq{4)M64kEIAJlnX z==X*6w;&*@lH`5yyWjJuOSD<@InUvw!MHz#)wKJ&ghyO~9$lg(8_TJff&TV2hCKbP z@QIs>E}MREP07xkCb_lq=jJx+X1l`=s>mV6&v8A@BDOgt4>I1(VKo!~J|hElDAo0p z`SBR@*QCjNh1HN%vvby69jEx_^nbj*GU~C9pQrw}miGqM<38$|MF$xCzrLuR>a8V3 z)IMW*MXYSBO4E>5NyHb(H(n4`>Kpl}nO|Pp|NK6S#7$P~+kw|=K0xne?*<&!43vsO zJ(^q~*yC}f?WrBUWxrfKCx+$OGCHqvw(txP=I^`Jt_#lSC9G!0zYFCHWC;c$ug#7e z_v_0Otug0(d{{*;6+y1Uyc!Ef#TaoH`On~`RDaZ=Ga~;r@k32JSozc^5l8JBmRf$7 zEbx-pqH@}<%Sd0-{I00gN4o|T&i}8%^=a~-fK8OI_!%2g)(C~aOK5M+SWfajrW95$ zmT*IaM9Y@q3>e_q(f@h2z%Moz<#6P{67QQSnXieDepFZN)j`R1zCWu$Gk|MLU zF08l;vjn{Y$iCq3NET;zS2E`~5_A8eFG=h6+X9xoCp%E6vcFdE;mE=!uz{5?PKxZ+ z3E#YjVmq!T4ud|@+6`wv%2^No!eT#!8hBh|37Q3uZT|aMz#~ARu08a>3uk_So%4VE zwwoO*wysy1g#J5@$6pHt{a+YV&Y`37%$Y!y#7$x}V%NsO-C@75nypQeHKzhq+<@u- z{dM5x0e+2~S6l*u;P-)~lhc2v!;c9wOQ|8tA9)cC?Gx+8gY9P9B;Gmw_fZ6^{DmyW z4y<{xL5#7+IDc3W6V`ERWnW|BZ#M^iL-{av6&1vx_D}x?&z5Y;)-MG3Fp|%>=fPEi zl~lD!^7)+_rEi_P(*eUibt<7r=nda6i%-{|x4&MW)S}5kz(1S8-vgS}hi&_$$!e|8 z$$c)w#^c<{z~uUEj@UEml)C3v08HVn?M-pQI1rs`}ynF^x~DC8}4IyZ*Ji3 zf4b6>yL03Gh37i4ERw0q0a_OcnU4^Vpi>JZ7GAWwREqnrVXwl_r zkXVpr5hOnZ~2V;NKTaV~|%fPnyBpb@sFr zIHAq^IX}@({^#SDPH;W0VZFklVyZ0-wX5G7$YtP+{)s&FzRk#?-aM{7{OH*WEP+31 z_|@eW&1DqJk53EXs8Ps8;p*ZJ)~xsG>mfp3;G#)K^v^jF@~e0QR+X6r+ua8o9RJ>W z^g1Cw=*6K^EMC7n|Pak`p_4ELk3#SeJ z4y@h8AJLKwFxRq(};ai&OJ$tg}9Q5(^W>)K094K{g|Rb?GD>Nlf!(b|CJfqKQ)-pv3`(Yz3uyGikV zhJJomY?4ghsi;$}uE`MJZ3^h$|YL5!@3iRW$1i`3N(u=lgd*lzE+MXzHl@B}1QU+i-%X@II zW$^Kmhu}J@61pF(B3*k#E1!k`FjMIPnpNAIM3xee9FzHJj2NjLSb~Dv=f!~TtIUF^ zu@k=PqR(p)VI8K0hxhYxOMP`1o10-dK4oAGp8OCzdCjKF$5M!bs5oC#wzX-!MGog> zDZ2yy*sJT7iBdu1MGDUi`JD4IoU|N$kY1EPD)E`)^O`#l2uiA~{M+zC(#dy~KxJC6 z`@0uj6T1FEaT2UtyRD9}ezaxI5Sc21+50sA>5LT=aqd&VhG%J`zjiiC8Yn9l@B;j9 zKpx$~H=(AI6MwE@-q*q?N9TOQ1z4n1!5ny!7BnD1*HGLAU#%6umOK+46|G0QB0q?c z!Y4P}cKAYs*6Y?7+~;j0luLY0x7C$9_>o_xFjzmr|CP?W0u8fpd$hywgKl0$mLC`Y z^J}4S)I)IVu}Uj*6<`kU>c_x~1>dLtKeoO+5bEuHSgEw3Td6Cgl4Koa3t4X3>}5?d zlZ0eTc7tg{5sH{(s~G#fZ!=Q~Y3#CZA;#E;F=ot|dCy1Pd%NG?`_KF_pR+vYInREc z=bStc1D@*{uWj1`F1hu14z7$n2Hcf1gmCU3^(Xvzs%0wTl}@LUPw%w`F_irr=YMU` zxwGNK*rMtV@VwW!Z8X@=wo|`mx|MNmz}maPdz|wn~ zwP$|sGp5ZD{V#O63XGMUp+JXgcfbYc94g?o1c)roIR%v?nf~FaJIw>wXG9aH0M`uL-|ap?Nbe_{DUVtz=@_4b!9 zSD^cZ|5?hh-s+IFAaECd%QDBFQ(#yKwc0PgVv+Z4I4e)BE;<3N^zV+OUY;0M!)QAN z#+h|c6Nv8MZc>gm{tbdNlf*vxak+1dtmEr+QP_?`^o2Txg2~<|gDSeC$^d}qL4>`3 zvrnJvkCT^BNocUt^bK;h$ffL!60r?yXi$~r#1rn+UyWd$g#j!YKq#gZUnhwk*O8H) zL&vOL<|2mgR{q?cOvHex#s8W5d}Dq?Q^ZyRPQ-o;UpYZp}9z2;&?90AoS=X0M**mqHv7+~^fN~$A2S|dX{+P{;y3*&L zY@~C+veyubm_5bVwixCG|aoBsa5(Gy^tIt}^L zzmHwI^3u?W|EUZyq0RLg7zErBtm&8e%19!Zu~NfMSvV#2Z|h8%8)-u2tHq2{a#8}3 z2q1=lRi$~yFHV|b8v^FOV5Tb7_e128OJ&b9&bm4?XyVL5YF>=hre9GPzjsBqad<% zzm4Ic{MavZVyZT$WZxxg^HrNmZP-goW&-;See-eh z?3^G^+u@iF-LQsD9BIFgi2MOKfur!vf7%_0tX>i2`0%ayUkLB;mgBZ?JndojG#xzh z%-)rF??IW{j4sE6KYwo&zq1@SJ3B@mymLY+ZFC=p>;_P?8$dZr$Q*{TtQ&?kT`cTQ zEAZKD<``1{4d}$Q#cp)nK?#)Sr7av&!@psCPJWnt=0Z6xXR!m&!`t}Zan!kgc&+Gm zAMFjumf!TiCF!?y81T6U^gXN_=R=2kFU7`#RmT7J)h?!kP`0XhU6F_5HS~At=mwJP zM8g{7D%!p?cu@{)>J;_2wUBQ00cwb(>^-8e(bXff#OcPkD96o>U2fXg<*I7{s5YPnE;nxs zbwNsii(`A@zrepZ78}mV@#HrGy8LpfUYAh6iDQE>wj@IYZ1fp``JnB$$sMjb^wA)K zZh|&;uRlb3mv=$kvVPme%V9f76TJ`qr`cAh+1-tfKWX-I(BNy^aqv{eZ`+aj2>M51 z@?W+%J^~bU4fJo4+=9$xRlpIW9MBV7eHnk60g04!w`R zky}ev0k-9}=`eVRDfwSiv{_6jWi&|_e-+?(yZ#$js5mmaUwQRz;+SIoHbw+Nnot2q zTQhwF7`G^)c>xKNtWeSf&7o!tRP$_lZ$6A9bpw`Y2j*nRV*gY;WTM|2m8x=6G-th^4Xo7^*IC!JJJU$Q2L=p9h-% z#diI2#NC=Lcd`L)Gl1Lh;0usMd*4-VG@XkrcjM*IR0X}G-aq^Gmw>=Mh`*>ni5ZM_;m3q&z5)&^h-@Xa22Es#{`ho+YDEQ6+= zdc9L%RSL*{j`QFls~1u$B^&>y>Hx;_9#4W;)()f0p?Q)dsyX(}3IEM!N1HaE(tM`e z3n}iib>Qy)2_T}M8DrOt#zi%W3TXHNVVg$K!4te=ay$$8n&iE2mq8#_3Fp@8Q;eAl zIFRN(-bHHV)(p&f*q;}bP6j{=|X2=;iTJfv``x|c)zEj%0mTRoseo$vGkIu&@h3ioYn zNfUSK3pjup)RqZH12EV3c0|LgfU*V+_qYFQsMZenAL7{#-H!9)7$Y4A{1ZwlI)(pd zyKim3+L@9tKU*37-O2;JQBzLv+}a=_ zK#nrHFlq2k7HIqDueOkF3fB1N-!Kiu!Y6;ta}=5<%5@dZdfp8U(wN1rWW*{B`;0etB{3P}wU_)0VnV<=fRqC>?X~~e2n`P;HSfKYSXA=+ zN6Spt8Yw~6LmPF}cm5IP0wKS8Dgxvx^hD@ zBe4@!O?^KmHdRq>b%GEZQXHyqAbvi4bD=|Qa$M{;QWQ%!a80;forj=*Pt z1;Mr&%jAZmtA$I3xXZ27eDT$9lKdv01woDkWjfUix{apc@eA`x0+db!^BV01uAlLRR|AxTxhhVSRR@-> zGriLtPMRfYcu_?qTi2+ew)Te;DF}T(5cq+{>CiQT0Z7mY_FTc)X>eU!;7X~vBrAJ_ zNk&J7yz0U=v;hMt2ToE%B!&l< zIwg7I0v37dxSUj7qm@HuJ$@{$=VR%i=I{XDrBmK)l0l^it#gJUA{?9BVtbUV$%ew2I+zJJNx5O@F(6>#r@C~R^! z_p0r3K>P&TkO4mi)-mB&55v#DpPR&Ik3H6?VSf)Y5A-}%%j^^Cc_w6JJkW|-#iG^& zd=JsV7M-D_)|vV#p!}El^0BP`ALFgK+Zb@VmRW)TZWl!3nqC#ID}wj@7^j=S`sT@n zbDR!c>%2qND@?k22StO2n~FYcERAm?i4LY*-I_0(Srd8BnX+Wtd2lY-hiZ#VM?lUr!A0ywdn5 z$rkJ+QKMqCEF0y~xe9P+yMBuBmk1KYUJJ{|PJEql!A=)B!XyAEcA%=63FBdgXUHWO z%j*Y|*~XIU)Mdo*;^)ptEV*6)pig7%N3HoVZKzhgI`tXCntZA{*}XBVnsu)s8in$| zmA(S;`pX7k3EXF5tAImB_Py?oCSr?v9_?}6>hhAL6_|Om{8tKle?jzV8#1`EIRXXEx<=H>huT&BJYUoga>(%RRjeZ{ zM?>A}9_5k?Zn<75+m9ZD#vz-P?gn2_h4n2xBDCy0uQ>r~GhG=%<>t*wW~}N3Kn_a7 zf%jvT}{*M!4r#s(YJOC;u*LvzCYsJBVmzI`}iLY|7| zC931xr;Z4cKaO!u`)8RW0w#7LG%8u2Gie(Oz|+TJwMmPP=%n_~5385N(A$!THEBud zeslD~IX1JqMcvbnM&`=i?Ww9RkgUA^^kOGrY&3%T!t-X%dmUIb?H`)9UELj+BQfxS zQc(C4{1pacp6B*vND{bZ^Ei%W&If$w#k4N3&EzixelJr%LBzbXW-U)xXy-0@7PXht ze4WyCg=*D)t?szOQ1JBO6c?N!`pvbaaG^z7 z;ACzkIF$y>XnT710maLKVY*iQb|C02Hk}iujySxl2CxytKNnpkSA+7C1$~k_@#M-k z+0QsPeR1|)&+$tz!rcd#z%uH9a3RGJlk#W}fW8r;PA^9?@70OH)QK<@a)8&RB9&&h zIlDiMwe($BlK27ayMG~F+MD$wLDx)Zna*jbGV?ktPi27>GB1s)j6``QtL#gk#xdvk z!Vj-oaP8if^aH4o2(LaG(0N>C_&5q+xe=d%$QJx;(*kp9W|c`Y=M#1(zQAyL%K+<9yqf+ zA9!sT+>+Fl0N8J3p@;br)A!+`7^;R{-i1o78F2pbTx4dqJUn0}W>@~1a>~V5mt;oR z$uO44VgZm#S?_2Qa_Pc_K=y5p-?_e2Uaqe`In2en!ZHy{3iSD&c^EbQa$Q|5-Jd<9 zn}>TliQPA|!#$AJxxg(<{y0a(BZ16ke633#x;N0ZD{{EBJq0zT9mZ+MXiGtbQ#rjz z3L{deCyG_t|b}4c@ z?Q>s1pb+E>V$;uErFm;8>1O^p?_`NT^8Hn!v{1~f+Rd%Zu#rK*(Myu63$%7gO z){!H&_}m3nXX3*KHnkP+a&q?WdU1OMrD*c#%;L4uDENuhf41te)6v|0_2k{|>&&%i zyn~WFJeK<16dyDc2E)^ug%hmY8|Do2&mONRu3yFNr+ybY;I#HhBN-O3*rj9zH+)M5 zqSt)Kh5QP#>ca-}!C9KU_l<)-z2wq)Y9-_0fDEJKYEZ4l9@;WQr2Hr z?6HCZl|7f$S3ebFG?u=M^9HHWGK^!vT#M1Gx%_u(XdU>h;|6utDUCy$4H=Ebyi%y- zhh7l0PSx~y8S6Aad;?Kdw>PbXWMwbITn^*ud{%^|+<49vN%4U1+xG}Pgq^p3CKpj(1> zQ7^+BOv>7NxGN`~JR2tDx(m-Gi7x|6SpU>xm{%FOD6~3gWP8+?j%CCqy~wA1aSUWV z?g&v^Y1+r<-mdw!5NK~l*0G0((O2$GYYa;<7s#Jwz)8G#WE)kVeFL|+dRL)`Za3(swi57$26EU~nuFpLHb=*z2y zy?l-KBK?%27Oif2;awH19)(NY0*kf;;S0zJdtBD*S^H{;d|IkJp`dFvCYu;(Gt?QV zd{uQ}dDtEA?srq)`-5@o*}|#lYEvc|u&vnQcinut9lh4;IxXpgjD+>f?U|7+zD1is z{qbCf++CRfX#_9aKE@RhrRqfNj}L$~Zwb8nv0XTmUX7Zc9e=OZeei~t*>~pzkM2`f z)qKfA+me_m$^3cC_K>ltUow3Gpj#1}v;3mYKIg8wRJ$0uJjNVQj zp0lG-Hq@sQ@2b{&lww$4yaOpKA2?-Lqx6U7BM$9$&D`Jm&^f!$c0q0i#79`1XPxqj zl(oy4w`<1Na$^h6kJh#_e`ji`QU?% zOU2xDX;E9qe7G#nS|9s{rP{l-QA7N}UUMwzXw_8K^6>L>b!iP=A<7fdC}Pm+F~#fV z?Af9Y`#@l$Otbr<@%~N)rVAMsiF7ADZ9o3x!Yq2hdDM3hWdiO9VZT7u{RYCP5^)sL z6N3)_5$oDeW;GZ{r)ITsZi5U>!g2`k3sc74w}Ya6>Pim+7Vx7~32}Ap!K(D|v3tch ziGiKvBJZk55i`2N_eQi(cm3|=F&i;2pC~sZdEFz{CIC<7kdJ@{y-wk(8od?et3{I2 zpiCiV*nJ}C1w?CJcP4lnM$Sw@IChG+2HH~aUW=JP>+}wU+;ER-u@ZRh#kg`}%N#n| zlkRyi=F%QWXVh_x`1Kfa#{Y!}-di-A3e?LVm;bUCuF(?fBtTXki8B!Rg7RuoJ;V2H zXS7>@AiSocF0{)%HtE{-n&?Z({%5kpcy}*hd71B6$!dXJ*7~!Tk_RcL|7X)2OeZ4H zapw?H!`9%i_neEeHe=$vGms3LOU4w4BFG=b{71(hUW!O^`!=wnL#QW)m92{MMwYl; zX?`-jW{LXK^!Dmw0ht}lH2VPL1+CKQnPl#P)zl&D7GV7%f&a(3fC6=%;XfK@2KCc! z1x$t|Ph|}gXwOZXLqyj&^T`|9IL#O*=5LsQ^PVF|yiP-3{Sgb&XAHXA(*x!A++dC= zDVayq9l(hdIMRXn;WUN_xH*yw_g$IjKzS~is}GG*mVj)irfkZ`QKuD`6mf;OQ^z(qR4QROoNQ#9KBKG0;F<|{%NR(_wAlFNuIlpRXVcx#^IEr_++B5{* zf<#Q(L%ZO$K6S<2W@*ATfBRX}(M8_lC!55148E_I-#^$kUETO?q>Db}i2H-qXT{3a zr~|it)@M!DMgdRB2Rx4o>Wjp3$fs2Y(Q(D_nht{EPn5X)b+|WzIIl6pPyNnm@P*4L zqO%3Of}z_a;8Lx!q?uxO&Xd;2=yuQk;5WS?0lFGAstq4~N_dQx&R~0`Nvkg}xkuzL z+Y9^9a2>+_i!T|f)V}SyFhigK`n|u5ZIJ4}7$}=6>Ngt?Ap0iAjWL?ay=UC#&~^Q* zy?p=!^#j??SJ%IbtfJLvJpEbsm%MN)BpLmE&J|Ip1mK5&tVMym&w+<-b)?imrUZQUV z{Keq006Uo!BD($$bze+t69{Y|;A8|}yedUZs^gZ=pTEb*cg+&3J!@C@*93nLQ$*v& z#3d@Tm-;Yfaub?Gvz*&5KdqesI3nnwk})$=;_CFJSUcD18T-1BA$A+~ALs(@uS!t%reen3(qH$>`$jcMy|^k^*N(dYBd_1=82)tMvW zj`*`6;(!!v*5RL}y*!7t@RCnd5j{~2uF(~i;{)B0QK_mU07-)pA z_+sGvTCI@qFiLju%N#Y32)u5W({GU=EW~xVVBq1vme^Xu!9P4&j;fmaMuV|H^(%aN zS(v$$WT{cY{_rhWnIW8voLlMn%G(wOTc06}zzZ3F4aBg&03ZDZxwKt#mYyrwvg5~l zV5gBkxT}Lu0N<*wIL{Z12Fr|&q%nO(gjh~b=IlM%rkKs4Jr(M@y+C zoQm#-i*RlPiTQ=K+>x~lKFYa{A)@+oXbj2LVWAsXm8`CXKsVrGLy;!ag9#qMM)zNf z6C()IK@_4{XcT=cyA=6(YWu_d7>bKRX~LMP(i3g z4QvVUJSBK8lcUZ2Cp8AW4ePefS~owLGl1b2SE4yxCxLfkQ`d7b%#~r2vI|FEFAlR= z0&#-pi!bV|bEf^T?Nnbp1bYW+_-CJkGwf1b5Tpf}h%XhYeax@Rsml&x#}m@11i(;j z@y&if3!uB(6)ke&!j#wzcz6cwIAVSNV7el9aPEWiWs>)k$BEeq7mdI2R}58fbeOC|BXU?gVfgD$ zLZo6o4P&5XB zMR25u{t7cO(~xcH%evMZerlm|HE;5LdcnzxW$P9PA}qVt#DZZ=o|Z(=)*AVe-2sg% z{PA@i)Ivd_+Wmowp`JiWfXnjmY{F3c;UaP2?6nb;3WO<;mkjWummyJ{`;b{8Bb*># zikL6B+3Aj34g#A}*3vW@t~6Xhjg@p49;s|kY$ha6Cm|Q^j$AylW%+6ozpUJnPN9($W zm@-WK@30>N6;ah9<_`kNkSDYQN=7i9`%2M_-T;sjQo!0sSL z_@PlZ@d1B-;2@%tk)I$Bz7Eaei&bWhBVdF6#BdPBws(h-LD(Y?g?yKUb1+e&Hac0*HZ<2z=5tX!(ki+Ya*M{%6V!adZ&p!h}#*)0|LEZuS(u|DX7^xxa z_8AzK*(0MBadNFQ!Qt-l{= z(9q#-;*F_)be$5j&NVQPhV5Obz)C3YxrqFtqG6U>!}jn8R`a8cGd+Iyh35QZ zX_F*p+YrX{)>NRg%1YI1*f-yL&ZVj5DM{&M=7B`spSY8E&e)?e05XI!OUe*sDF*C% z;%36-NK4-g>#I7R_6{{rpc=%O9paQ{Y(unS!^30*YUkTXF;P@wel z{4Tg++*Ydu(QV8XJ}Y#mhRIqvC~yGts$LfyDMOy;mujldr5H+)nClaXwm^&GJRE6B z)6chU%D?vgD^P9pGseu_xIe9O+%}~IVU}-29azJlK^2#baKMuFe_D|e`vm+N2&1HU zhnn5#>qR<=UaTU`@d-LQ(c#)FP}}#DZ&Qz&mK{>c>TD`NZf|K=HY;}&!ldR4_ezR59$||OPqLoFwZu2{AnMD?ns_>|<})BRZhI?q@W#Bcq_6Fy`Y@I1^l-ezQFtp9buBl4=zymA~fRdnjV1DyjM_NTS>>iYG` z&Ov9c^6;O>75vXWE~>)&@75^)x5M7P7rFHf0;h>ixBcHh<$(XrVJUwnn@nx{4@lBG z9cu&^uuTH>v7n3qj8BgG4DS3DAYSCsb)3)GAh*7wamoRvvEc&A2S5%vgaD9E00k#I zi-OvA^xXVtHvY%PsE45J0dQ0U%IKebRO@L5&^3cZaR>r)Ey!8cfyK+>Fg{aHvU_Of zFM#Syh^`>abP(!~l`7X=1>T^+uc4qBK+)Y%t(2aYHXdhf8D1U)iVYx&gKTvST47}YH-F`54*9+x3jfF5UH=)) z@zB?h5pqWn*$ZSMKy>wM@=z9Q(RMtDG(+rBIzP98O;B|N9i)M0c>DZgcA)=qglZ!J z+BV!I9hg=pVe~7ZzBmZS0*Ncm8=L%3mkV(c-ZfIacWVFxZD0lRHXW{gwcT};Wcx1v z44@;q69X{0Afe(QelTdq)yMRqpS=lb+!N_RWnues_!lxjmIpY}CP_jG4G$RRz9ZCgxeGuovmn_3Qk(hhps44`L4d3W zlfQcJHU=KxC;&|`| zI?n`|tg!>Pdbn%neJrGs`8hbIkAicGJBgH{8;UjL`}cZ<0E8J(k|6}r1CX07CQ#Nz zyN77i6NXwtoCI2*J`&AqC6@%HY(1!g;!t2wQl;daq_$?iodH-mWWY@T29&%C4P&H5 zU(BuF)#-m7{F(gg&+-XmQLQzho&n`?|L2Q#AF~92eZWb9heH!el7*l)I3z&<+mIAj zoD{i}gM%A7<^%Xqeg|l`@6iS#U;i3;$GdQJ5J`^O`+>NH^rd=vsfj; zd2$TIYh%M1J{%kyIlh`RRcEogvE#Odlhifn&yqM1EK*uPDpxt>F)+Q~9vw=6Q(K2` zp7iglXx#=;mtL-m0W2h#aZUi{j#U?c{*o=NQp6?{Hf-xV*K0Pu!B!yg(GxtZ%c=)-Eu54G|bu4Y1iJUBD;iLzvctV#JAsHWyC z3~&Zo1wb!z5a)xuy>@5t9JPitGXhPW0c;JD z4oP{G`*wzaIEsTvmh(jst(;K9&zHM0F?OyZihO( ziUJz^zRvE6Przk4JJbLq+{WMFM-<#Qtn3+%e&<~y_$HUU_kX@9oL2S*$_3IU8vtm7 zqv87YD_?|Q8?yd~9FV%uhq;Vwa~6Utp~TlgXsyp1Qq3S6>IFRZP}6F#BK!cPJ|Hn~ zQav4#zCKcE`xsMt&q)$!T_cb{4yYTNKPjnsAV0(>6^*z8HQhNABFRqH^sBt-6bwuO zalWu9Fv|0grUcyVy{SO82=zix<$j3c2nJ-0h=7aNW4Zr4z@c~b-BFSOOe+Pb@3=wv zOTy@F9B%`_mcM>~ZpJ79&NE->0$vi5iq(qL<>Y8H17r-kc!DTT$fp#-J5cBVb-@1W z(D4Qy!G<4Ytn}U$g#PFJ_kS~BNGL8upesPWkFywd%ZL4Z*U?`oMH(Y$ZlK({eV#$% zLxu-5ex@EQ41aD)2(~=`-wz~kW3o3wNebJh0R@=LggBLAA*r4H%F!xErupT1H#dD-1er)M3;zd?23->gE1# zuV86`)&pz6>VaSuI{pi0aMLw-1?2#!H#UqZc4H}3bMJ+A;>)*IU8TJe|=E^ zw0*Fu%g3wtjoXbw91jdYir&r8ow>UDe*A~641@>Wt+)N1Kl}oku#Ng>;eA04 zW0Q;%TS*gFj(XseKKkeXYO}7(a8C(efgh5G_NFQ|9j)cA_%%2U-Ti#LgM-7vL<_tY zn^Ja!3+(CL%YHy?4CUCbX?`r)SZqXp_RDZ2^$z0waOwdy2|f!&CBlP8$N3v zN+>{}Y|LcDx88jF$d~*VcR=X7w6_zOuh*}QPh7#Zo~nZ&xW0kEuFZN{TObI<-AEJl z#eU~{p7XA*w9IU=X3dB@PFN??F( z$0f0XK(Adu15ZNv4KxM$CBR`DQW?ry1}yPl3kKbH!xb=}!p|LQN)nL+_xd?UTpRfU z^4E8+=ozSy~o3BWGRDe?f+$V>49 zS#LHTgnKwj;yDI!fzw1RcMb{IlpAXgL-{Ees9 zK}$zlw@>&q&v|ay`0lj&k~KK>0Gug+y;nX3-omhVmEHdaUiFj5HUl1et$MfI4f@Ov zK5La95>85Lv{Z}$sP*VKTW&E5?@kh%ubC0^R^ZWpQ6j-=Tji9&R_8gBF_a+>ntT!)8IHV_#XH-s@T0 zdHKw=v5Rs{kXf`$Ni*`e(zRaqi>yx90I61~!1DoyoAj=d_7>^`wv+=_0uO_Mb~offtCCiUO}{n^VdJCp%d#1GU0v0I!(zHsa( zYo0gk!RUB!O~!&MBJe$vuNqhjP^pOC$bGb@;Av>E>z0$}(GnjwP5w}m4M2kxYhx-f z=q_M}-fPg^n9Z`e*zSgC^|oC|P(>@mU2tUhh6bf+hw7#-d)3>O%-SO?{AFtmixpZSaGeT?gx{O0oX|P`d+X?`A`c# ze(J#}9FV1tg8;ppca-$5F>$B_$3uP=%*zZo=j-=Tr^(vDnHUBZ(%l+JWW84^bgID@ zTxMcA3Vr;+!63)m~z*zv8#Mh~4&ay+0W>Ycn z%QP~M`=qBD35~9EN*h*t2-d*%Z@I{`4=_v{&ps07yDkQ#z~g$L&C(O>Abj+v3Bf{! zHu&`pxJ?Kob-#Z9=KWrGkY*N=1x_P>(tAmr*|OO}djdj+2J96e?~F}uIReqJVPhoM z1Elub-%ce)`3Fg`d@W7=ukPNpN4P^5R29iyh=K1#B?1FDe=jv37{S6x>aQ0(AKY`e zGp?IIO>h5NhQ0Ge5{@s**4Wk)A{aJfxXiaH4cJRSZ0TLapg$w*JAh>E_tA;lrM~<< zX~wRWy=`pjd&iz;-Ta;TWwy_ho-lDrIn&dTe_iwQt<^#NadRgqS)zcAF!j@BdP-pZ zk-X%l#gZtE{ui%r6L-eo^2zSQeBy9QqqN1>q#t#|&*CMhGv)h5FFLSic!L#q+2ZPpb0arhL;#%zPa^zGZTNQle^<`43KCR! z`Wm>e>NycIb}5$|M^`veYeKjCZt6>ngp54;N$+ z-|*$)GXC$LB~D|VmS9KYY7_vbN|+tlhj?Wzc{>092u1AMRgbi%s%Qc{Eq09lVH?A- zyw-i|;{ONOXgJS=fQ2&rbyBmT_nmtVPiHalIj}US*E-Gcl+Q2n1o3WDE0V~-Yb5RxRjd?itWHUe z6*zn-ZcK7`v0K;QHWPNN;J|N4<-wpU*HQ?$kJd_6pD{-}&^(P|`Bs%D+_U%IRLs>U zO_-)XzvQlji}_-TUSB4`NY|GlfacR=yC3f-ZWV^l<9VfPmo$ndSuVzm%{8pw{ z%!ayFO()ET2D5JM-gA1d1ZV0OL4nQu;&!}E?jN>&ntgUu&syg-_me%3;+(Wz@7;b> z^MPz++1anL6MeDgT`i78L`FnJq>9kLtoe6)+nSE1$Tg~1GR8-S1@0X3P%rUD_Fb&a zdHwKRHMYsXv#NXWx#oeRd&P>4)5q$qmi=|lwayy)F5VBAn+W}=FQe3kjCxkP<*8o* z`uys1ge+xtqO-?^O&w@Pcpn~o4uS`7!*=dDJDP=MnvV<@@ut*0OgkzcVpfV~bkror zXPdx8Up$_^1Cxu650&oZZ1-s1TarUC*uk92JEkWzXPdVskS{t)YAVS} z*>XYGXAP@y3;5BGJ_L-g7SE&BYme|Ywh}dO4@l)2e+w)gM1rPO79*upU@3Ju0V-CKZ8qMn{yJ)BaPXo?<0y>*a% ziuF*bl2@BEdqF*Ik1I2+i;vZB)pm8i36EdTY|*`E6%^ZJSAVB^4?=fqrQx`yUwnW* z!PmaJ#<7Y;J#FqTjq!0WwpW#usH2}zyBEB$+<4(8fL=tgmBLuc>0=9t>Ij6AL>0M_4=ck>QweNDghvuzc zHK5JbS~o7N@UJh8sJrwW^X3CZBAN&Jju_2NsIn!D(T2F?{6T-Pj#pTxaYv?4o(5;$ z;}Z0Amj3KnW%+GbN7K#c?b}M}wT78sxW?|h8)iZI<&wtQmX4tcIrF1pGZLVeFW9KbXua)vN zD~0|;3yj()->gHC0_s@Q%Sz4lQn5hg9HXvGf)yXEJy6*u$(JMQi*e>degg$o6FFQgS57QLtU6K&Mc9(F2fU&f6eLLmq&|- z?xTv!2J{mK>P*$Uf9ywvn@`IihDgrA%Ug_cb%tgCSWi zApRGw!*?qW0#p&W7+;yd-Im=Tx8EPtg;|aoo;qs zZm1Cby_31FlJpB_vym&SGhK2cw_RJ--SUZ=OU(DxhO3O|D(r4r-iemAF9VH)J@MT7 z(_w&SKfuc>s+?98pXD^oA7Yq0RDJg1`FM4*9HsiKTBvFRQSI<~lf+X-%#)UcW`Kp7AwqS0imZCBmixA*OZ^=WF|Y zpJ|sF=?~uI{*e^=X|+b(`Y)42lLSuV{A!8$#&~k;GeJ7(tp~w-AF_fq6l2ciZQBLv z(W)}G6`@Z_?l^jsml~CJbPKg3bC2<3_^lI1ka2PvCL(W4Q>WBLEzof}wXfZ*j%R&s zR87y+;~7hO;y8DBR`h7Q6Kv#9*7FjH{KCRf%qF4z<$^R)wb9HhW+0p-`-iX%_d$Ov7BJIVO7*4f)vtZbV>F=SQ7A2u)>GcP^aKhB*?8to}S z1MOLWcJ|LL74q3(dr|X^OiDBB)%RK3ER^GFhSNgN=Xj$cPKkF-NkUo28VB!jA8vr} z-P=qx`T?Y$Q6eZEJDI`<|0(@zTkl~q9RxQuDJ0Oai7M$ z5tVMClts1BB{iy*s_)I^5VtKH$F=qLF5WR97%AZU@^UDuhsQq+I>p2iR7J@!#?2fl2b^zlwoUVdC97S{+LNt-oM zLva?OpPaA6zOu-VCPs>P%jop9c;zj0`U{q%+cWO=>~y^Zp=A&9o~thq*s_E5xD>?8 zq~WSWU0Z=!dSHmhgo`WVWkgMxNi3r#+1to{v|#nf5*6@F9FF?dU~iS&RE(u*BV!%|a`tqMGxrhOU0&F5$r+PgZo}Tzw~Z@uA@DXV zY~FVuvcijWeKbiRXQb4~?``?Ms_cX=pl`*7t_{}yAD|SGnRzYWFt<3U_Yv2RNIvFb zA9!lqtkYKG_JXr_r5IgV_21F$Rz^jvS%?`ITNm6Wmm+r3Nor3GvAeGo~UcI-$uMz+__@8c6P}3!e1v+ z@0!%X)%h7*Njo@#Y16|!nST8ZO}k3X-n>@1akr%9hKjhc7iOX^GFaD=u>W8KnNY0F zhtPK}rCf6Kma1F`1ClPZI)E;mXa`Gv#TXyn)zfky_J=Mp`PHZcEL}!$)V(W-KRMD_ zF@h04ku)$^ft(0@d!u4a_v!xyz3-xDE-4Zuh84_VwID{Xz_O{(d)aI z#X*gYS=2MHfO&Tl=Gj!dE?jPAS`i*wJL=;+WjvqElROOG8ru53?>=g9rnxvEy0|WV zqB?Lj)F}kJ&0E>W-#aDuYKj=8CNzmt)!fVyBQk~WExR%pcWK{snPd}7bCIFO*S?%; zFntwzD&EIHC9CIum`K_dHbA?9I;$^?^gSv414Oq5a?kup{n$TDt%2p*ezTPUyMfH~ zzTF}_PG}v}=y$uBLb>!ft^Ub3xXe(=hmk{d=G)XqUF%ZbKaSx!>}_54DoF*!Y$(2z z8g`&^5Bhs$NcspPrFL|?o>l*xSF&WK&4#&t3%28EukM@R%O&U*@;K@4c!L@`gXaT$ zG8jkgm^nE+NlcDEa4tRFhbOog{aldi1AIEsx|1P3{V{!wWodCCGnUVbvgFi?XA4Jn zjz=E|H+tqFo`4S+oG*{Zf7N?inssZW-3kcHCfZVQoNhzdm)OnbC1|l$;m$jU!kU9% zyi*xI4yRk`jj2is7q2gb0yPHgY(R9gq9rGgef9Qq+hBjD&k^crisysM{%-l!9kz2A z1d^%}ECh_$mv*q~m4KXrWo64^6V~kxH&_zX8*;P?0R=7QZi0}mx zWicnzq#P~o7^RR!c--KPKgHyCB`y;%#vS3wNH+Oq9?wt17^%JeBmCS95WO|#$JH-i zFQ9e|d?63EwIanO7bq&hYHB9<9m9F2#ISXf*rw+{>88cJ+Uzp6n;1Wdj5rwyba?yh z#K(Oj+L5Ytg!@0#=P=(?LX%tI>ZG1*d#RX-dC?k}l?HzGOA9dRx>||VS_2p^KP8a( zwHE;K0Q(uf_Yro>Ear%0pZ8WfS?cKr=&2Q%+e&!8%6B=JDXs9d!n?d2C5M07VELXC z-F4}V^~PJ$?rZ{PhFDALlTYitF*R)J;9FSU{A~_XVMMyCnyly7xh?{(3f<<}9jHzy zPu1Zq@#x$vGC)AH+jso4dH}DNw>ws!dZ&26k9+>shko7SiT3yB zOci3()Ln>`%}5(R9i`+jOk1qJB^h^9AQTST#N7aRv6E==nt0%Q*$7J4%vd-A}W!0?^4co(jJNLYH z^a@~%KxM&6iNC_>qqD0Wi(sxyjS(|a+hQYRa|Vc&<{ZxT-}Z88d;_Z+x>(@t6#2xt5qVKIz&M`ajkkZ!8Kk0)AYj6)b5DZzV=>Kck3ci32& z)At&~&n-3=S^9*pk6}%PM*pn-MyO~5b@eY97!K!L?Vq}N%-{ZzD(p&Vu07gwwCi9 z#E~@0%>UBHA*!o<7w-DZPk$V*HZ`zWizgHL6P8ZEq zAZ8pxru2B|_&4;U3%c8VW1p`PSo_oYTfl2BD{(O(;PL?;ECLJcfGcvQ-duQ@IEp}A zL;@4pLNOQfJh*=Cl|o~OguWrNk~-6hfr(2sB1!^Vikih8y`=go7-4gao(0vanZb$9 zBqjURcg~^qUBJ^CJ2`xD49RmDQK%q&*1L3J$~;xKk?-2vp@m(4EkrQG9?blE6 zNQZF;CwQ=%ti7^&=DfH0jU+_F(-_V$(*v5kffug?2_((y<>m460n(rv#jaGF=_FbL zZ~K9`E5pC5Lx0yGtkBH#>?&(qLcn#X+Tc3wPo^?{aTH*wQElJ(;Sb!o80#ZXs zmvjsv0wN$FIW&R{-CaXSGlX=5w7?9_(D2B!uzi%erU+~{5yX*mdB|Y@(X#dQ__GR7RTWRvgb~;av%K^n zDJMEI|E}Y~`vhF5qK~P6(%_~CX*<#m>}7OiuPWJd@6g;;VLo&sM58xGp*O!;+&ZynJj4(}C-g`A0f)UBZBQtLxR-OBvAtx{ALm#}heT-a$C2+iWBp`IAI^-%v z0A9F#piCSTrHV5x*3Vtc-KN^K(~zP3^1x((I1re1aAL6X^oxDLCqpk0WbX79YCGMU z|Ed)A^LSWjafv2PGpdztW$NH+$CaP{5|zLpAL#zf-HD~q9fGwz|8V-f`3V($LvtH)1 z8~*d+9C8i(uM=5>u_f^0^7Z>L=gsY=);mVy<%=oUp(A=iVR!-lQxVK@>X#BT8Q~ z95URybuZ0f_elp&WXQ62&E`_^8wT%1++qX#w!1R+`{9Pv#`eu2$F;q(inArY?OvjD z?=^Gc_}@Bj!v)~&8sM{}YsfN*KlG~>&X-8Sv*?hxe zBd314W`%{s-rS6INJkCbKDbhk)9}CHU7W8JML<6&F;O6*zk`&)=*GL~8@z?b#1ijB z&Ir?FXQN(Dz--gcZrLNPa5@g>Vg4B;mSN@J%31)Av*@+mHNu`EEq^wei0!vgQjcVQ z)Cd-p(DQ!Trn|SJjn;N_0H|6n&J^JQ?_Wnv%0m;&!8@i>O+nW?16BP|F$SNbal{Nf z9q&k5baNjnh@Ok@t)vRD(Y9%DUoCSV4{wV|=I7@;pw?Wue@4nABsyF9h{lea9*hBlkP@jQM z2$SIb+)c|Iu@q<^SZV~D^WH!F_J6F_30<&gHF!4@WCeWxa$kTr01ZNnW}r3ug~Ed< z|8Wm+NdI*yczYwN6F_*bJyb6~w8PrcXNT&10K^Ec2cuwv>tqLxfDXYut2)+-UF?|VOjs0&%6G046+4k_sPG> zCFn)q4!3z!(_aua-iI;7&m?PhMBvi)=YHY=uJcpMQJvg>s9Nwwr$9W>^1~85g=U`s z*A)zx75F7KKsh~TIXFd&0{^{cM9UedJ^kO8xL94I;3}@#;3R~R{hv2vuC8lh-)HdY zwZZhP)qa9!f_8Sl-V{sx*WA_xoHge?-7z}hwjU!uU7-&mTa!S2`k#>&&n9P_3c0|3 zVe!x48%!SPfXmxbM`PzmwCp}cjuy#0Z@d1$3aq((n#6p>S{3db;Zi2QH|yg?_aW>g zO~n1FXP2Wp@+?X#85IBfxN91xHozqyvqN+DK~#w;E$3C+zxU|xnRnf1A88V_iood3 z*?#h0q1hJ$n?4H{sVr>5%nQIiwk(+I}l0?_~fBrw?`}>ti2f=K{Ngn@s^ar};ZxZ;M9{zVw z8XKlxH;MfBrp71mZxYG`tjq}9n0Nl?b)Gc+HRk_J^qS3I6Pfw%O=6F?|GMda*6oZ9 zq|%1L=o$Yk+(wT665b;L=kYVnH9T>`(DLak2k~77joudk90dWOA=Rzc1>*hvx$^bx zn^^fH$P~jUFSzjCccR3<9zpl_yUIxq3_fbMMda9EJn*BPC%eu1>#ghE|5~bRvxP28 zS2cvvS^9dC1xl`fp>DnMEL;slzM5gH zzFb$dYVwSN`}*HITa&XcaS<5X6Ss`ZR=i}0CR{Q*Vw=H(FX?V<$4e=dFkqyu~~5U4YaMGiz#5E6lAe$)RT zB4PQ@DO?j|o`sX*b>SjMbKYRk6ssbQKKq6>9s9!HzR2mvtBm2A@_0UYD(Xi{=%>++ z%%uYl%~$9DoZfqpyx&hG)_7l&^p6YhgpQ>eeEt$lMizeN&wDPv&-~|}Gk1T7GAGyx zm;YM)6Sm^lBL49JYGh0CYi8J9|K`Yb)t@k4on8cfU{o{9V-~!tb#gKI)*mxJv;Kkj z(Z8U2Hh4T`Ig7e3J4Ezms>`owS{qvex* z^7Jaq`RLXZnjwCI{T%F{%}bP4b*i+~OgRYnoZGNb=HBQ@e$+u5Kk*>WLMQ3$C60}e zhS@c7&-3~4Ug!r-aq8AQaM=FFCoWDD?O-4Q4_oTIJ^80fq(u()u0+OE z8B3R(I~%!h>{;U(E)T!4qZLdZxUqfB{Q}7T*vDs1>QWbftne@YXFue&T-)O*Q9U27 zOX-*2NX{T6xg~j7xLwv#hs(QVo|x{bR#Y30aPDR5l;2zUWk0&eSeloa)km9z)3w4x zw#-^da`@!=OQ{k%&2lrZw4RySS{Ah-&&?tiQUga~lpMBEw4Hn7I?d@lU*O@l$cf42O_L~_L1h~u})fasXK0hu>q8U7WBP5ls-xH&Kbkkxgv6V|(PsuePQ4UCQR-;oZ`;?A1W6tL50r93X{DPx%=?l+0$9YEsJ8kcS zFbp0|lswYE5A&^6-qZz*gJrMy&HHz{Q4q)UcU3l@nxMfS#RUigJtqI>`XBb*ln`;2 zh{N?-4=??bn;zQJcM`v~PXF(^oZlIX4CVTea#4Gg55y%Rn?Edt3$)(;&nwQ1sWj(W zc9#D=FKW! zUE@EBV&`y~3rQg;|6(a}FZkT0pCaBe*=u0fHxQE7Md#>hp#NF8TsUy3ei3x)hEYjZ zW}US_Z=KASy$rv_!f?x?eSoQYItX~8Ad~<`=e!4UrYGIP=^mNf9|!DL0EJhTw;XKC z=rV$3GM2UbZvNJ`zq~iR z8fUI?xhgcncMw|O(GT1|9)Di!e&+=T=X1=k z-*BWXOx@fp+S`Ak#pRE)lejb@&Y}GkDB=I{4zLWKT!biABJ8fP=xw(|jf;zhYIfr! z9iI~YW9ruu7UjQB`O3t+o4>Vo3(_k3B(i`o1ZN7to1F(K>c1jM{6f%mfeijAbz$l& z3X8NUb}4-|;K+m{CGAz1svZ6jU;MSd){kos86Hb3uVh7;XktUAU5q}l3wC9Si-zzI z<^0FYPh{zLo}c}Ao6IRclATiUmweX(l>Jvgj9-VRB7>-K=I5cT-${5BS*|tdt^PXn zxLhjOQSgSp-j6^T&dO&h7_->TcdCcmf#wf8@yF&q_G|S6lq&GOOb*YO+CL8ApKn1` zNlwW#{(iCB5FS|fkKP+Z8NO&kPvuxK+tcKX+Z7s{Cwr09fnW%?weMss2SCf&1|l`} zQE}zlGQ+at?>(9<|1do;$}2;k)ff(!w?|7)Ndq+FmoP1kuY>&sTP7!9KI}quw;)Tj zF>v}1BZQUTt`sUToVmEM)2C+{4;NmNs22({r1}iynDfiG%s>%9m@$HMp7)B^WUa;d z#uuI)X)1i^~|62ba8|$G@ z7fP7Aj{D3pXQq|m+5m*d0bCy#V~M2-N>p1j(A!0plXfm`Xr0}AHdd1^ZtRiNk6yBN zWlZ8?ZgUGJwXDW>yy>F-wA(fj`Da}chqQJ6M)FU>C?CT3XC-!NgdZI!QN#wbx837$ zLhQn+x0E-i*v8BTEi5^85{vqRqFrV@*hL zqTw;qB9}Z(VM5lYqk=g6hS{^`U6Non^`&kbGL|cW?;`x^?pl8xd}bRv@U6ow366X2 zyOK|tln}C&=mc{LLXzJZAOJiMqA2c?ew5C(;WQ~a%!(Avk|f5x^*bb&G|!BZ)1I#` zg~>U#`G`@;e>2``viA zqPU?mjEVi*kG1nuHZs5zQa&D!R1|d4-Az9Xi+rArJyy3~m2AiADzfBf78JkUYiDt# zBZ?HeYyr{b7-^cd{Rpy}=cJxxUeR6K*NplH2D&K+D5c0RKQG$mS0dwF1f&b-sOL`cgklYGx`n@0*sMzlO8+^$pR; zllvTJU<=rA=bW!bh8Qf!Ja>KEuG1FtMaGmCOZG3D?pC#)50))-vglx>D$KQMPV6pu z#6m8#e4=P%=3AAupEoPhjneOB@$-#jo*hsEyZdMc5p2n3DJ*;C#0`@5W2&63=*OWW z5^JHKg&YQMWTLOPR?CYQUG^8?$xgYY1zcE`QcjF?Sr zxU-t})-0V5z+PwF~Vz0?j zkG;}IY_qB^BqyI1+ZV49ub`qjIa=CgOme8_ADlbi`z`Bvdi{}}$56v00bB3GyFY;r zS;}WwA#J(mSTJ&&F4mAMz z%SYO{k-T+%aNU&}mKL|-X2#=OkzKpiJ@YMh2*rIas&8aICaVDm+}9o`Rg*TAN|k7R zjlni0h`_!C4gRWkCPyXxTGvbcd74r*cW#`1eAw88QPkxwCI8wT{LL)J5_frFnxc`hC-g?AH;+*$cGhYt7 z8Xw(K3C;;x?~;HdNYRt2gyAv_8oh=E@Vf9&WAtWlnAg)7p==~U;YZ)ZcE{?$GP|$t0CmNl*)bj4pyVy_qbhOMnF zl6{8%b{rIIWifm#Z2IzLlc%%6)P{iI^;@H%eDf=A3iZ{z3{^~1Bt$EcO{E9t)EXas zSHVojF8mzNcZ?#O+>;a!=q_|qzIg+&;Kp^R+k*{$W@ETl5Vhnlj+-$NdN052|*tS1lZ#x9m2Tz|}vlW7|8QJ56?P zINIpOLVEiS1o_kfQiCNWqv?Nk**MhSQldToLZ)lEDuwd{gU~^Vs(BH$Zwu^saHp|n zx@-agI5Ad|w|gCWNx~S-B*0wm5ZSsOCUXhyYQV~9g5}noQZ7N)8E&5xkOaPc zWw%(Q{K#iDve(rDB3LVo`^!#-MLU{|a5F4ca`!cgbwZiDnr)WbdB2?{oY0H0c(B|b zI|5yF$P6ILpW7*6I`+THccEL`?o+1)FV`c$t?L|ELd0)Nd1u(Tb;Os;59sQ+v$)AH zQ{|U#7PNo$o6}KlCSl#DCiiPf@E1Ob;u1m5Vy(I4_0SvSQCEorhEc+rcGsOhs6Ba6gIz~--6Kpo%xNrv>u0p* zxVPLcf~!?2XFQ22X;0)(i7})@JUTQjP_^DYdQZI2sMF~>B;gY11wQht@BZ-4Ov#P6 zoW?7U^AJN{(jRDsdhPM&@CiIe1Dh#;Gy0CkqGp)c1(PkJHxT7Fig<&I(&BJJ3~iWr z>?}T2d;G}+5a|d}Tae*Li$JXPMG&#zC}5gC}iWMtP|auKA%CD*Om) zMt2yea0!7LeVvZ(j?YG!7ZY}wv=~35j-yt-HTF8@gC98kk~Rvj78T*{9dlrBWZ!Q^+Gbk}#lB^!!eB;e#IuuZJ;+A!8Cb^%K3^ zNOo-Z!~)??^E4~4S=r6$Z`v(!7TO6tyM8}oet=+W%`!_s<9Vc$6zk@Y#1&zn>V@u- zVPjNNOJ6?yIQ4LOs&WG*e8G8 zdB??SG$vfzE8G!zPC}ze==DLl%Twq+pF#cemPo$5L!lsS9qoPLBdypa?~xJ`>L!66 zZ3l(=#tR*Vez08R5?9Pp>lORPGMA?cQ_DVlCA75*uLL#iX_D;ryhFL&bd^iOoSQ$|*9!UQ;Ouj-)KqeF$yREn z^8v-7gJ5Ht@XgqjO!1h614TJg2xP(pdqM@SLFqeRxzA!hQPw~yz+${OOJ%*NJUb{+ ztxi7SrFsQ~+u%6j;k-c*qj%{-l$RBA;V>ERH$s{A24s-Vd~+fBt*tfVwTVu9HP}6} z-6C(`zqd{34>^|_H?1vVn$r7kWYXjhK8ItAW)f#%nIi!YuQEG1hlDDLx>;IjH}aAh zSoBh;nJy=|O=a}PCN`oqjm5IK?7Pwm`rTZ8N+%OxjD)?6DvAl^9j-Y^Ypc7%Gybzc z?Di@~lvBvqMs(Xv%k$K#a-xbF=$14BUTX`x6lII$2j}p)XT}=~OS2f=z;>t9;r%ME zVF?Bcpq-eG)(|aT`WaG6sr1EMrN}n^k<6cKtS$M|Q*Tc3_&$PWZ!Fbs3MnNGO5D8v zBL&&E67hL^ezMhMORNAXXp0!44Fv8!$wR=f11`Ba8BfOU{ft8Ucv&1#Q3s;duciaB zt#m)-)&~%NfW*j?4?R82_L9X^Lu}FQ{tz$8eC6oCp_+qS%L2RArFCzPrt5)4RaVENDG!?O7SRznwFKVeXZ0}k#O*K}KxgGI(73J?_ z(PV6BBLcmVY!3rC$u9JH&ovEfcSXsk^Driy=U_u6KJbuG_+E|ajbcc zm^NdX0%EUq=8BTCFkoj8qCDcwbOZfc(0E*rO83?T|2O^zao!xB$=xaYofisNOvl*7~aF9rI zCeea;0L(sSQ@(zuAp?h;b&uYcjhn2lox7elI=Y9R&1FF3U!<&VJ`!CbeM~YCzDpCb z90Jbnsa$vqHL7!LQ)6}EE#FaGZxrC|YOmXVOit)??Xt~gPwZ0@`;4@?az39Y=QAXu z5XM5ZxoNtXRd3O)VM=rUH0{O#fxoSH^`CZri=^ z#!U;cn>=jeQfcuC0OkMmF$tZU+U8e^eLTyldr36}x%uIzgD)W(!n?Ra%AKy(v_S20 zyZ|uchVgLe)a(L-!&f1dd4k%Jj_c+5efund>Zz<-(0lw=UPGEN6^#^I5$C0B9Eawk zA&iN`waD2igmYjCd7%)3<)(Jn3A~&$kvDOa`Fc^bXi#F?`J1Y0_cTScM)Q0{bnM`i z10darjzRe<}ST zc@FADPnh7WZ~s>cW3pq zoc-P%_ktjr0_;z)*Ke*Ca-U-^Y8x!Zq*`J2SmMcBhv`|d`PsD(ZXxT{IGuK(AcArj zPnUeadb3%^pD+yByZxGu+A6xJa;1&A5de|-Wb=JS?aVD_K{)yzQ#D^l5f}x*s`#~n z3fT$Q7O|o42^P|?aF~h~qr1^#Z==E5>0rHP=CyE~P(JK%U9ff%>*9_sExvz!NKX>n;NY?T6BUbYk^NcBWOc*RH_LaqtPzcH-wDqon-Rt*dji(Kala`*Bu7l`% zzL7#?Jck7bCMUK*?WoPH4r@jC`201~WkZFH5h}$8k%QHy(IxuiV=O@sgX9KixtQ!- zHU+-r@Rf`=O<_V-6`#0T`ejKVYeR9qmsU8wS-{d(@f0l2?j(Jh}Q9g4BP37t0rdw{^?RYBrj*CY&u*xC^4X8 zutcb2=f>x>2js=%YBP1RlsB2Nu;>7^cxZ@v%h%doP$*gJU@;%yeAK1^A@HSB5uX*B zbREg9eUlH0X3kYCK1h38Z?#b{4Ty2?kfu@#Ji|5_xm_D48IRU7Vp_#bP~$Ojcj8i~ z(m38&E+lG@0bG!ozWp%Rf9e5LaRkl8>I4$XL z78W@|5KTX{pKqR5;3qWl#8$8ZLxn*=o2>MXJGq%5y?XklXa+5ae>jl#$Tt6@bQA!R zfKj~u$@G9-^r%7Y0Ed%b;FH|SY)P;k=!WEf@8 zMAoctlbL4kkez_-$kZ9q=g6Mnt`x}FDQG9hV6B?+76*Zg^1=LP%z8W8U`Sxt1WGv}<^&E3Vlj+%j!#TP4YImM03p}k8$1vBj4NPMr&WxdyWxs2(ov%8lC0t-tb&53+ZIoxLHB))E8Q2_(9N~ zr5xMD*6*9sPL-otNScz}D-IFiDVhtb{Ghm>Ij*z~J-~cj2+HcS+lox}5Dd3T;BBZj z9cSk@Jh*fhSDZi;#cM#CCGgsDtoO^#^)!pOG}W&Kczf0>;nhik0@*{>u1iD{nzAX* zDtBXZpYn`~7e9-~nDq>1N3^?Kd zOwBMpEQUWLXW|pLG$2*l-Br?VkL6c8j3YtoyC1OVj>+J z3U|FGvwky#OFXxOUQ#H9+!q4_5h8#5+m)n5kRa-|SCUlIJhD_3PZ4oc2^#Fo=(&iL za$jF3op*=EjH2t~X!NLxlWg`H*FVLQaq@)SW8*|AT_1>BCb=jq&O%f{Y`}OVV2s$U z3k^GNLnL!T79TRtGzHHAg!FW`M6#=*u&Zrk^GG}yV3lh@zTTS(VvM7vSB?nb z36)V-<9VyS0FqIK_h%PYtf4bymL2m28w@Y64xX_42y(Iob)zo%XTt-`*4Cz3Q`rz1 z6q7(=#1fFsKbFbiN2_YF;g$x^Ua_##4?ul$#NwJ*({hc}r=Hu8HNb_ct&YOgsRsH5 zo;vyel^P`u;vC0OI>kZOm%utAafQ~5M5{QnJamuT^#T|;3u%LxsGOpwaBlNXtCEzQ z8AjbBmWosG9>NfI=Ev(&97b^TYF1|51WD^C0zCf|q$I(JmqBpxa%xMO**J)}K0J20 zoA2~IPPF|)N)dC>UdAYL=Y3t?sw_H2QI|^E#kb1f*Agr>v*X zw~Kx=of`DYE@;YeGKKl^`}uW|SP;vS?4 zp$bA-*vTlS18iU_vdLc+GIs&ZvoGU#qr9?=cAp#JAlYA;T-jU4SJjIjK0K` zn{Z>HNbqR`wYVy!iTuUjUo;3+EAE_Hh5j(5!NOrwMUXZ`fFX*?l(6&Ju~~4kBLt-H zE-X|4#_zv(LJtC1ck^#dCTT^NRXiypeuiM4sB54C$nCwq;S<{Nk57JRxjsjPKRCPloscy_bJ3!2t{^s@F4Job zxQMIONyagYanw(IzW18qsh;z*@cf5uJp+rUq5eR}>CI`G~DS4!H&H`exbVJ4;yTV~X!EJ04ye2_rlU?mcf=i=v zUHOA2@crVMWzb@OS~d?US51ousoy+*5sYL6Wg$XTFqnFGv}+s<8jNg60HE8#VCA82gZQNHC3 z`TuKyu-y@}@T^;;AW7p7>Ioe^jlO^D258@D*e(e6(~U84$>!}RXQLLclwF*z3e?Q( zv&tkwwewUwgTRJ14>J25A^{w+?(FE%-UVRYDJ-w##iiW%GAJ%={$&|)YDn%k@!^I!;)?{Z4`NT!osovwoQ7K*HD`Yw`V=?-u%IQ z_{a=1N);_vdmhXas^EaP2D5Pr+}#K}0M|HM<|jXFOKBo~p~*697c`((KM^4}^Olda z$@UgE33vMB^=LP|h9mFg!86wn&aaOm{CkvliKt8L$EHmwRRk=bK)MRDVsNbexDb{@)FI_ zt&(R{JY2c^culoB;Ab3jkM%9PoHVbA*i3BMkup1|QUI2ak4X<5GnN0cVoJiCoXbWo zmdAQylG(z0#I7(s`UAH|xeQ}ON&6HO;nJ1;*OB;xl0nx2<**VYwakg^$f4BeRkDC= z$7ZkH9m?#(YFZ5VT>;)#Oj(+Q`EMi?UjIis`K5@@|^|av6!szCzm81y_V&0wH>PEEP~@mZn>6#>;)311o1>HZF)*-pUp8fkyM>3EQBw$Z4OB^uHeeK2hYpYm!moi$MPxn}BrQ;wn z&v}VH=;oRUC{1)(xE9}e&rd`eqjxi2g}oH{`~7TNE|FXecQxQXH^aU{&MW;|fxPC4 zfhluNW}XSZh>@4n;<63MN7G8}=C{cs7HAf!X#A?PehSik9@$?H{RW)nzH_fU0fORM zCYMv1dJP+V4kC5>%<*#W+p9)r9apsyR8HKe9&cJ}p(6^htE1#6{GbHCOl^Rt8X>A2 ztwN2uhx5noW%LcqTB7nst&4;~`4e=v@a;fgA2T6mb)hBjlqv3VvDhEXiWQ{cER&N^ zQuz?f$Z8T05|mcvwTg#10$(8?&=1aMl@3A*a43LbP&ip17T6*3<#Y$zsN`wiiaXSw zAW*#1@qK-n-62NA=7Xg4bB*`Qh5prJ?zPi*I4(jqXqRmLJ3)jF@x zZ_}kfoh$;!0Ty-ssLlDt>ft!?x2t3k^|FfaREdwI|DGIP!hasSiu>EWEpci%5aDiZ-xuQkw)w?le#8!aesi}>^#d9|IVFC z@#m`VpEzb77ui`(nTSK1lEu#peB{bPJpFjnD1F`b2s&FtZSIr_y7pUMOTZGl`~2c5 z<1h~#g&0uA0fSvDkxdToUKy*6np>whjh^iS`u%cjL>teV8$C+9yb{3%fAYsZ$DfS%rMg zdoyi>a~$+Vq~iTsKz#(Fi~q4QvMVMbOdk>0NBEA*uMu+@Oa4KE#b5G{oG4FiV4e^}zUzV6_I1oznwgTse0nqbNvFHpB2^@s ziM_PYp&=S^8x!B!KkJi8EsCc%<0^%5RR0qvR6SQiHFYRJxONfmI{*E$ALx2#;oaXP zmU%Q@dHk+!!QG+7_*BCcCjwMY{;t5n{rSXo|LUC^CU7HvoVCU7La*2mg1l5&smo zJTCm;dHs>|EAX5|6)gfyT-6Dl(~GCG5)F}7MKAAZ5$mkpV#i%F1O=D;CDZsC$6Lfk zOG?jH+HTcHSRVQoyZFt4&il90K}QZ;9mYSL-)ljbA9deQ_x2Cmuhk`+n4U|~N;v?_ zdaE3x2QK|ffbfi8IwIvsy%hV2xndK$C11?r0#V zj`PRq@mzS;&EMB4o(h4zz%ls}c8{F1(9`OQCQSuIIG`1qA6D{?6iVERFSLn5Gw^-} zX*`ZLT_kYwC`-ysfjbBcTQZ)~`e?+IGVj}{1=JEw^hZ^SMar)y}SS+ zhvttstw|$6z81s~6Y)8*CGG2rg>?8nic+T;x!nGK9=_3#eDwkS*Uj!R0yn=zGrOko z9&W%=)cvK`9$)$M?ja5q{l~$L#hd@!LqLSf>(PVqhmk;8(+NbClLfN4_p?3#dL?U@=mBGzAh1mAAXOlZl8L)BMWaJ9|0~O zOuElhSbeMA2j?0{&54C!mZ*UgH(b_GUv#WU&VoGW!G-K#f3E($KlrLq$~R)!>=_WI zs;w7&?>31W1_0e40&DBlVyfVbQP2gzG)~!m=MrK4*Ya^RZ$`Y9Rn^`|W($O-V)%=` z&r5@hroE`h z^BBq33Ug8#$*vkigTfP0Dxt9K{>isAd3C@@<5mJ^n^7Gow60$)Q zKub5HRCh|my=3lCjX~{Ra&1Mt8nianelel2`zBrLxwDfbNI(Ho7|sZ(bmm-EsTf;! zs*FcEQ!PB-#hVaZ;V;4G!$&Ng4*X6C{-mZWHP9-73+ohoNoIqv2W7n#YVS%(} z%?UoYXuXZebiiLJq0LaW&$VivlE*++9=3)SRyl9CELL_m5=7Uz%-L0ZZ8H|IOfw(4 zX;SUjz&!tmw}-=G!~=j+Me}BzLdr|ykEzzal^E>V=N-<&Ge=E?+%l>LbxcBI%xq&1 zq2kk%8$}?K0+VFk-1djrswR}SwI$nYgU|{vYaa$07T10xo9j_tGG0V4)BBP%@1@O6 z7XqgU$N?DvQze=^bwj`hveO1S<1M)U6#lAd_vk{-SlOpFP~L(&54cM8!*-D4dWj5= z24SA}-uIJ(C^awteE5O$SoMZ_klt41ApEWghr_fId^U_{e4qwVapeMvbaVwtECtza zyrSUIh&tHJunJM>$wS*U9mShCNp00>-{hko7}Kp{w9ZjK{yR5c`1;0O+_6$UMNbM% z&WfIV%f}_G51NC1LULKfEpMlQJ~X(#81ky>fq^4(e;>QAwa~j3_m$DL?ZY|`z96|G z&8%b`QfhNNvQgQam4gE*`>95sVigWHww&DbzM9s4O=%<@y-L`1awYU<#rXQvjcS>q z(NIY2*D(;s+msA?bC8YTJIB0ae=#{5DRHmp(Pf4HJD}bp=81yt=r*U> z*k!!p1B%F)YY=52&3GA_ZShv{Q5EPZ)QVELh{`NJ@n$-#l3?i0=WUO<7CB>OijrP+ zg_ZLT^J;;w&YD6RG?>$JcQZGfZK?3$ch;lL!Et%r2oqSlAkhc_%NWq-X>6Ml^zVwm zeJ&oiC1M`PN{uAh`}RN8&8`#P07M|b={*(V4kB(-<*8F1av%Z96Se`U$(glt=eq*{ zR8Lkz4X?~Q7;SfAE&A#vgG&iLd!-eFXhdMwYu3gJlqIp@o#9drlXca&tiW&eG(CvA zNfOq?0U1_wN7^vx8hA~yGBcNCHRnt3<~y$@cFVD}gFr)*His=IKVt+HQ@~xD+F;?9 zsibl>HT#K*hSI=Lfor<>`0KdbHbF;?p~b_n=WM;HwJ8@T-p0swW_9czV{U%r5gch z1+0Hr8h*BJrmkKCY0HVStHFCk@2NCkU%HX*TzS@&YkQ!xJyToIRaO^v3HQDXxVaX_b6x19w{kZ4aS+f}Ji(q92 zK^-s7`2agEGJ-0LBp2Q4bpg3+`I&~6i<~&*4YR?hTg6Vxr+^FG_w=7pz@3)efK_l? znF$_KYS12L*;egS-i=(>bM%)VdecfM0pJ;RSfJ0kW&->!g)nc`mj>4n9ME@7?3026 zWhK&?^QbKFZdI3sWGAj2+di%L-L2RXEYQHPLbJl5j%E!KuYV`Xcey1FMs6}x-#bZ#nay1|%$`6dx?H8hwbI(nNY*H` z?V6O0xSf>P9h`r67c|Nu_uYUm_K(tT^YFAT9Z*v(Z97*_x0f1x9fiu{4?M0#0%f9U zv!bjc?-C&2 zw*Baw2=hs+L$S0mKL=g@oVg}#Ef#Hmq^xvka+{4*<<#>_zPOQ`H>_aFV>|iLzoL4_ zc)&Mr<6QMYpfsSQ{yI-M3-W={myOjM%xa7Qa)yY5;Yh~%K z!=H3@Dcb|zV;7T!O!FSvk8%BP`Lg3SXuCd3GOv%h){{3xTIFO0Ja6zw!s9%}o~X`^?;_ zzb017t~#m5h}IKV={ivC83%o(wdc+~mzjUzRtS3eQf;$a^u1~jLW90!#omx&R-40S zQ>Mek=-HLP{r!T&SQ3pY&=ShPS-2mxp{rIh{j$Gn51OKesZk(COxsm?xza3hp2R+i z+iV09AKrRy>$u{oSxD9D)?{Z)*r=n7@sddhd7#pDYGLl=%*5W23@WOnEB}5uX^pfE zG!;#mtRM1KmlL5kJxH{845HjGkzsQWUx!s2$g8b*pHeJ@M-wVjDr?|8tXqOo(Q6kW zdVtwc)$uAOCBoxgRgVtDt<0vC+jEF@8`stG$mna<+JdWFxBXSnvgycq(pz+CUJ!Jq z6Y6|BgO*7WSm91BsCo|Eh~WJc(4g!} zpPS# z_+%)XHeGYKFt-6SON_|FSQo1v2!%wSUH7`~%gTeXP}lJII%4?i4A7h=hqj^-7eTk& zcD1|nue$bH0}-BHgZ@6Lsf>2^OV>So-2+(d&fT@srN8x(H^zd0q+$q7Li6Lqe9gXa z^}H|~IY3zKdbDzU*guX!AdFUym%pm5XHU;xU931~8M>Yk{VdrI9_Vy)_0{fECo}Kh z=atAAWE^z4bwd)mnD{D;9+1Qoao4*#X{B2=@QN+PR*8@t)oMfByFVW;MX5+v za*aa?ypcSn5D)0Ne#}8dhlHTZTJv?ch+@v92oegymL|gZp{7FRzyNWl=XI7(pVNc- zngyXRM43Rmb=S_Za#x2=pv%A4sHu3R|Do7X_OTG|<%fAY!wgL0vMiiOx!jkWZHcObyMm;Ky`h}=o~xp(UQ^t}0{G~r$dCkBCy5hsz?23@5XuV|^uaSr&v@2VFyy*pHJeb`-t zZYqp@!mnr9Ee{7%i$PjV9ZiqaYUg~_NfZe^rb=mtE>@IV6|FV7R*4B0R!tA1p0f_I z7bJt;AY3rL`=t|2{4cKUc zGWWdg^}DqFY2A~k>w<)x_hNLBp%rKy{fNz@S5Gn%>f?_*^YU~m`-l%bQWs$y76+n(yg!Atz60kVvubm;k0lx$4^fiwU0%lG4rw&?1`UaTaUPHVH4Md zO2jbq;5`gO5Kbny(&`@C78ASOxLgNal=M$<-LUsuRQsr2bh+ekv*uGVyb5B|hP-^) zr}~hKr@icmQGX%syAvA(Ku$&{blK;9;6pXgxJm~;mA(plJ+M8?Uo+MC`_m_iGC!^( zEqaC}<|&agn9c)Q>fP`CrfPJwWYiSa8%K(#`JMYwtqDmsKl1$xio%k;h9#2mG3$2_ z5lCH+rR&%hjcFJ}HANaj5U*%Y3{dYv8rq6cvnvdtV4Vdu&{m@d9d1i$9|w0tTuxb!M1H(n1ixqTlRZ_M z1&T|Sh7vT>v^h^95F-+^<@`raTqz6ZN~e%>E{Q#a{l-!fSOSsx@pI)y-D7fow%UNed7Vkd}6finO%UpiNCyzY2HilYC1V@sUbxL_C=^Jm49pqA6^hsM_< z@CqDFm=BIp4bJKm0Sr2?Fi899hRfwYdz9?)yT zKA)m~^KVwwMB7f2Jx8A?1dp>-@eKDaMAhS})$i++Cir|ji{L0&$_fk((pweNB-t<4 z-5bsAbGiRIkfu$&EaU_vU0z3AH$6)dSZr@lFxUu~{#^1&jxjQFjfCgG zQ(1SF4FoOIyLQHhhf0n2W4}K3iF0NdJjr}!e3FoZ9st9I9RlqbG4KS72Nk2w16Nsw zwYCdr@Bd1JatC=4sJX&`ZRDS*r7@aAQn?ZzjZe<36{jr^jP(`gI+3GO3Xl{LUmy7# zb$&j@Fl-%o98u=#lD43oH93>IBr;X_86YYMIrGQIYR|L5GGq-ws%9d_^r6s5$ZCo=CK7W2-n1mrO*CzG7OWu(k`%(yNOrm$>rel8V znR=E-YBGth;BqmDF8tIsa%w#bWy6`SaV@uv9j_yG%=NLU(V@eQ9{1k{A3iU3z?A-C zy@;W??K{jaO?F~+wh|HLyn#brIY|K+SKfnA z8iwGtgIat?qg**gJP64PB(;^20@1!Ew>X8$PtitE%TdU*c}+b!(=?ECSk|bN&R7gz zp802*td&uU3vxxE*4~RCwo&B~7>CX`pONJ|B61qfm;7Oioq7MB|Hu?s*VgP*+$U@0 z4E9AzefqH-v4&ST|lCdSjjw`xz)!dQOQ zIFn^GK1NJUN6aD0Q)iu!9rLN6-X2J1ACw~c)ES{vFIVHpV3K`fL2#o{%t{WYiep!) zX~4%6jOCbHmy154GyWglO}xiuM`WLI0{n2$Uy^oTUavgHwQOpHnz4&1e|@-^sbF_{ zXlAj+LA8AfHR7Hy5SMRn6+pV_#7yAFF97=nH?D3~<~ll4M3W;%Wkr1GG&OR9z%UJz zBUM5_-sZMUzP9HJ_YO5WzdWSkE(rMsxCzmmvN<;;}ZYfm$KH-QeM zdGDR$YV!GY-p4 zft5Z+)6Qhc(HtJ$EF*z8t*>-EY9*HwKA-gn!i)fJCZainzFK15)<{_%QTV3v<}aIZvDmxPm4@E-+5+ad%3YU>XnZWvgvsfZ zRE*qyb>Rcj%R!y+tiiE;>T*{+BD#T1)qSPd(E94si`H;Qf6xk_h6ROQ5-iynIa>|l zWyhJCyy|P%v>f=2Jy_NzUFYzd&W_<#p1538Z^wn#y)1`&S2L}FxPL#*S((5=UK?W_ z1a=Szc%aTPsOLD5kCYr}EZN|*_SXAUqi{WP4~8mA>#u{!cd{9co>X`AICtW(2y;Di z1#R)F``8Nv-~Orv4(1MvrwyQMq0WmKAAhKpd*FnrD(M4aj`b^+=C<2B?yC8UGUE>_4%E`hgKsu3+mBG zAZms@NOfFN^PSsj@a}V-K@=m)+s-3t{dzK1Au3+n(w_rxG*k`?IiH$VjYdX7CDXD~ z&qGGS$5v7Y+YX-Ne!5GfsKp5DxnH(DW^7V)&g6Mc@9WO$LZqDulM+W&j+DRLQp=je zE4~gGskiv?JHx8hRs!2%C&49j^jpGuWv(g-JY{t-~QUQ=_!V@bLe{$N!7PO;sB z&qztapLH*8B+tvDmo7uHUi1Tu+?ILjl96Rrwei0OH?_toQ3`GyfoHffpE48RdtY=i z3!Gn^VWnd5lFJY}ID0$%b{r^{^IqN>QRVZoPCdP{-Wb}Oisx{hx87W#|Ju^C#SmamU^&I$9-ezP&{#IA4j9sr-DSiI;^}poI)(ls!`9)U~QCs|rFDly29~lPo`Ai2s z?{$FRU)!1tyJs^Eo7T_Mi$R`SkY_SW#)Q#si@LFL7FUwnGgXNx2UDh0S0h(D<}@37 z7V47vPN}dmSJb!9M+z!^P*hYzJ4&atJw=|`IOL7_(~pC)$4yP$r7^5M?mP5A(GwHyxHZa{aG! z7q>au*AA7lLz#D|KIJ2km6BtN+mUO}Pd&eTZ9e9v!v^nhe$!yf;1}XDnhwWRhF&Rm zW4c+^AK;_@qBy?P-y||UlNK?Bb(CgXuOKeqj=FPox?O)<-~Nd2@&z<1c1qb3-*)5l zn(sI;pXJFGaLb9o4J*t!t*~}iBBzAc5@6%eW5+{%kk2C@ZV+z7 zQ=9`=szI4mB>oF(P5rsku}B$hbTpdJbu#`=P|_E!)fY;Gr)G*qG*hFV1Q=|0K5C_x z*|uUk*r!5O6vKGOYs{}`@a~HzZA^3rT85bmW^cdieev-bGO5NZYW7TrN6wJwbKrC0 zl_;&Gx$~l8yw1oP@m}A8^%%S9jJeT1#GQ9{NC*qB+OhO7;tm z3H0X0Gl*F`%;$yY>iRboNWW_?MowIseV*KTU!Izmt8c4S;M~O)4zoe1ao@S!j5?6# z2>v|G=d_5l5Yo`d>BvUR3;uO~mi5QpK-YI%tWjKSOFit#(^=3doiM{tzpQY*BVtjw zdnc;eAAI5O-JU++!U6E-^T=ksMg=kX1g!A}>$%BDSJ6z3CcgCTf&BFwz3fSc&pm(L zoc<5!0{`uXf{Xq7HIoKPaxTj`&dDx9tdi{&@?r5`pa(z6JXT z0=Z3lf$HhTY5~VJSrAE$lDVk|Ww?XZX~xsbRz?hn_!fu_v7r!LL|(@uCMc7!N?dP$L_VIB`yQ(xbP-41EX0;-c>H z?nD*oTuUg`=;2Ko-2L21ci4lh({~EMx0!isQCcLb+>v~6%Zv5HFd${4r-seER zEIq-gNdv)h-X{RwfUcJKgTyaDG@(bMjzRC6|L*+) zq;yKZ9%trh=zoa*&;Oxt^n+T8q41=RIWT$(wS!#rzG|R|x&1Tt&wT*44H{v>{(w9@ zs1+7!|1u5#Qi7*wn@7mFm!l*3LX1J+l?AA^I@IlVch-!3F_@wdBO??iN}( zi+=b%@%@kw3n&f17zZt)qEspYvHaMWYu~!gg}sdRS^t0Vh|%x=`oaI@QLMkHN~K^H zwcc{}7m1`^V4!RUOy6n9c~g}CPp^GzC!)N0suy7;9ygKIk#c9}@bL$aJBygLn7jns z%XCSs`V+_XF;2m$$jxQxddJha|q^t#x&v)VZ!P|9Ewb526Qd6{n0!HX?Xm@JufjkMNz z%SCh2bR*Ex_VbrlnSRs&tdb>rM7e?_E9fSIecXFp&hF5^f21nVHiv&udWaGn<%EOZF(f%s!(Zr-AB_qS%%ZVj24TajumxA0zR__SG zwy?pfC+H0rSB6sUBMtO*Ic(pU=W=EgiYiT?qq^$eW4Y77v={^cz}|KDjAE{nj3iyp zvx;cYuN%5_0z&wp%ogAto;MZWR!hLl%yg)kf0>oW8e|)sFz+pAY9bI@Hnn=C%m8+@ z__#l_e!5~H$&5f z06zE0ToN4FYcB~`x6)SWJE(byDNN9BSjj)j()8-KS}LZ9>8{At<#6=&m%_~eghm(@ zUpOYr$KUszW3~8Kr#JRS4<0<=s@KgB;M%_LsJIMb2wK(#YpefIp$LAyJ{BE?YQA&< zzJX}>CH>D_Ufnk}Z68fbXsN}GNGEJc2g~{vrklQoy>rHGHa2{k|C`{vV1#K!5t7`3 ztWyWX@2RoJwdpLr=HBc+<#K6fL+dzeF$=cWhq$Q9Q^@o?ayi}Xuz@PUSm6o_60RT2 z=t4CR2>^OEjuCN{*Ctd<&Ek=qK}`I`73gXBdv(M_%3==gI4f}S8W5700ZK#1UR9NK zR-5|6Ohylq2nG-$>OND|S;64UrH%0j-XAKq!qEHA=Fp!CBCTriHP&y{_1$C9F2q2S zMvQonYhy(`*7aiRWnt&jxEr40QWE@%p6U9Nw)NbM8QY?F;B{86Hy#3a>vvOM>oB$H z1UN#0&BXAWG}ii>L39tS)lmGV(@afmH30)$FxGJPT7crhUnW;STKPi;Y=_K;r>On; zc6^#Ra>iVupM+^zAd|S)E3|g(4UTP%dS=p)O$KpfIm&dA|^pk)Z33#^Wb{0(EeHb2@x zb+oQLDqc}_*HlX_7krD+ubftiYkJh=*ZSAk;fNMDZKVZ=z(xj3;zQI@B6Ee-l>Xtb zPPgxb)H;!6Ci2_16Vf8?AUm8NQNWvV|8qj7Qzxp=G!afDfCCp=5J*&AG z)H}C+$s_&UleDk5&9$#ze>%kkCumEqWdGInJJFpHqoY)*ffFUjo?S^-pvEb5pPaCF zW>Rtsb^91*(@_WExeQ3FNS#jXJLj>LssoL+cK&5wTdQN7cqXzXw1)YIWl~qd>a%d= zcZQR+a>@iu)-QDrE%ho-Zk3yQzg5z>;KDK(vh3Qcc*nQpYh-Ee`^`%C97)-*-!RfK zBXFoI+44#13Z{V={X83s5Q3ht8txL=k4@;3HkHVDBKUB7I&FZcmbnth9Y~xjql{_S z8&2iDnRTd3%hMAi#Yq?6oNYOzO(5nh9c;k&TIu~zS@6q0^wPoGdQSurCXrBS54IR+ zZvfqf)`LjId27dEte_^T!$hl6!$4yowS-@2@$N#_7@tRdaqsHDLB*+yRQNnZIO#F> zW^cNuUo@$<*juxJD@|Xk!TFwn`R2mXAwq!lA(49{01Mg&8sbaPLS8>qAtX+kn)^bhCna;SwRh~)j=h?@v1|3Op#qn32P&-3u%@uS;EIXAHGa5=3 zIVWH}oss&Lg5XCFpZVa_ImTymbQvqkIOiVeGx65{@;Y~n@7issyO3VW#-VDDxj+>bIVi5z1AbKX= zk)lT-1hd_0nG+VC)#0Xci0+Xwxj;DJGD1BP&hmc1 z`O&l1LJn>3IkAG3sHXa5?i;P&H{ln9#r%@P_?2xne5>d&Teiw)m#+c=KlK{Gies2U ztpIgmvHc}Dz;umf2C5CHIIO+2kKe$KUL!W9T9 zO^WE1oao5NG!NAaM3adV++%$APrMZpJJrdoj(=->L*pH(p0k*a(Qt+@2`qFmXr#{V z9nK=*(MZUNMs4!w$mkIHskZVD6AYyB{4muze4-R9yUZt2fEsr9(lI&ftvHzy8>@p- zI)_TCaGnTxVx;N!C)`jp-O&SpIh>W4^iy`>L{B(S&O^ob2D=1v6&+`%I0!duqk`P# z)TdgyTJc#!*jGDE69-caeHFGmKFJKTvR!6on{(S5DAlbHx#a?>>|4X^F2&Z_u3f5p zsyN;lhP%rEI{F`$q?+brf%^tZN_@iUK?PcpM=EFYk|kUlXxOl!nP!4fHlrork3L{{ z5uMDA;T5V@5K@x**0o|vrr64E~R^gxlB3EUQJ=OM+JqRp=n^B=E- zOLt+v7FQr^Z8iF5=@z)=B(X|mnL&CLT{wmCC#Pnliwl=t(Soy}g}}P5+6#?kVT~f4 z49>hPCuuLw(NsPyGT5?cEQ?kUZtlXSEwO7Rx-De%FE0#>@4lx!(~l} zvERH-kB#DJ$yxTW*LEs-w{~^?g^kB>{(zT-S%-B(f98OYS<4N$wxgmW1eyAg5_v%hHX)$WY zh|tu|$)hi=o~v+%SYh3T`EbHE_Y~`xX>R56cAyLM&?lF!vdq*Xx;5brn0(ufvZ2?3 z?9_Bzttl$fzOsYB#3T%HS|1rixa+M)-LW>AVi`+C*F2Vs`=QQ2e#H-qKjnN=s-d!u zuo^5AXL^mPdq~w`qrSFQo1$3erX3sW zTbI%3n1jFXtSsTy^nBm>aUv=13|GCBtG%ocf&bDP#HV7EwmJ0ZKBJcsrmfLFIJ0Rf z+%2+D?XwQ%&sdN2MNToV1OL-M0pbwTgquWy@S!;{gRpa~JzwuA&R7p5B`OPO_0J-O zpD`>u7EcQ|>ZUV-3#`ruLg6*iIm(J~%Z|bjiMz3H0rgR^IZX+bWcS%@S^H6BAL^Qw zu6p|e2)#3WeGIq6KCIt`LV>`8#{f=f1|}uhCTms`_iA%eC?(+CjigzcWB#X9WMa`J zGIAaiHA{3sHzmB{DhJQM*jer?4*AY?Aer)qv3yUr*?3{Wig9$9T=Gt0$;&FfQulc5 zcjIGMdhC{_nvRAb34TFFyxcs2)MAa5$hpvp-%;CR|HqS{<%{6h=gGmvx#EZ0j^DQn zI2u13!fSP!k|~BDcTJ_*hA?&@{3JEC=5)BgchB)xv8DJ|Cvd9M8zFx*eKp!h6473-7MP~`yyQqvAwAa;WYvYnPlJn-G;1&+fHr{}E9 z{SDUq<*~8vd$jimf`Lqw(>#E4PaDlB^?iQ3ns^u6XeNO)`)}g*r=KoozR!Wj3%vAg zu0I`gHTw6*z)1J^wE9oyKcr*dxc>eqPq}Z50-WsKxq&NE1s|XJu&nUS`~Z&5F8_ei zR@DCHvcLF$Kf1v4N#r+o9r$+NPf?yC(t+u6x4k|*W{Sqjlf6bly|w%>0dxt5-1YB^ z0*LRE+W;Kk+xekJetBe$=6>-!(qpYs>p#c?YX83Xu>cd;ca0Y8nr>I~UZKGyP?Jki%~|OBl-Dny-4R-<`exhgdwc+NQ`z_UGJrdZ(xSj^%iz5` z^!xT*{tFt>7*OMzn=S5pS^gaW`~U?4`}duNz;|wo@x3B~Fiw7f;(A1xT9smF3)C*YXL$H7>_9@=3eCib#@(Z+?46jca`qT(t4iq68ZOLXL+489<=fcQ{E6y8j3Qv!ENX zpyxjgz}-rEFzUDGKZterHbuY*fb9PL!tM{dt=oSc0aS>5`vO=3R9O9UO5c6}??KV> zU+gZZFaUD;e|Z5MCpdFxNHD@)=dfR1`1S*IlO{lQe{#dW#)f*b{*(vb*R|Vv2D+i@ zJKzQA?ykJV5zk}`1};6i&-wRe_9LR0h^V!;@R|X&_LMgn$BNU1pVx=P&(B@_AznaD z{%z;R%vFa>T;0JI&yoDys^#0`$@0?=GWfenm(MdRh!sS8v77%;j(tsCgrp$Ba4yTN zEJ4jo3#n~EnnRxC^%$9&Cp4T7hdf03b8@jAr!Kuw#=57AS90!b=ccG$P?~6^2RE$e z!lG%p1#kL|yxHwj00K{9np>96^#(`FiE*QO__9XbQ7T3)r|hdY7_Sy?xBg?I&E-mwS>%_eIG9& zL=h#o#>W~o7+q)eJDwO+uvyQw%Y?pu(_ZgK7ab=q#I0vB1g}raM6br1zTemK;%Ipr zX{JABb7w);_!LxQQPn{toLHS+temCdS!eM2oMicA@d>k$N+VvxUp)Nv>$F_P7g&F^ z^Gt*9Ki&t!b*!5;4Mp2VeA2+C7B7*`7m{~HX?w$sx4pcWjqR3^L;(HU%Pclm~X6POqZhp)~f4Vqjnh`k79{}Iq%@05R*7o4v>aw(vV`4q9Xa^@X~~> z6gu65EFUho(4beFmL}q@5}ll1+E=qbhdSWYs^gRDcUI5`sPahz3H491A{stwna33^36t2e$hFaOy7eMGuhCuy4M zaO|&Igxp!x{5l!$VQ$|N= zIwU+}XXaIt9QCgYJz1)v7_?m0NKX{?+#*I|JvtxqR&Mc6J>liUuNjm9ex7#WX))rH zYOfD8;;mAfA%H1_?~qg;max9)tz)p&3QQQy(@VhU3v8uL^&R%If)nU+B-~e@`r(jw zls>z!3u;WzOFD?nmU}I{5Hwv%769Ak9d77l8T&F)FAKMo!zn{o_vg}G|K_qU_y2WZ z?_r*+1_eHWIXUTT8skZ_(fVa-_jzv~q3c1rg$s^E?TWfiT+PT zav-K^+!AeUSgA4VHo?@At=B;ET)6qtb05^C76{QuAIzyTr;RB6{adpb`XTAiU`jsFm5XPcz3{$(q6?i`ywVvmeqnX!+W$_^s;chno!UEe0Qt{+e7m zAvjt;%_Qphup`g1S8dH01$sn>p?rLzRiu@0#pa<8X!^d2*cKb{I;fqWlkThR^cW7T z9J3lMy4x+R+mF0+{BP0xwoqA65>`hyLejJqxGep-KX3@*WGqcM`^kx%GS-aIT!)s4J)0?d=Yx*_BIO?Y z7bDNd$IId7XALmbt*lOd^mIr;T+=_#Lb%0q23S4A`inS{x>-pb#{{}s{^@2f6gtK)F;?B2{akpILh2Uo-5MVyiC>$iWinZ0MG!%{2yR8i8&4!$ zJ%Na#a3GFVX%q((6TOb2J;NtnVxC(W@$N9jT4l#hI^)&dt@XDeg%Oj})Mtar>_*bj z9vaqEg!NV4)hgI{Y?0kV8+Xc#;hd51{B{Y@%I&9)<*$Z$&Oc$hcrjfwMohE*G<$0D z{#2D|DHUH*fr~B1x8R14aYeaHJxJNyb%j2flk9J=3#s1cdntXj%-XcWZy#1_zgSyn zB4$8vp-AecD4?Q71BL-*D8H)#LV$h_R?r9Y&C-wR%8+zVGkWaO!QdS2xvgf+E4_Y0 zz&4)k+&S}W_uh=h*oGX`$c=A?^<;WuK-?2@JzjT$=5_tnE(Eo|moF>UTaIdn!WdR# z-Pwvs9c2ZZ`70tPPo5;~zn`0UOBeo;V%&Ks>9VY!+idmsdH=HM7)+L)NR&j@UB3RI z1W$P!4NF3^*i<1hRoQ&Jt@rZX`SGI>+Bpvs69qYSOB9{0I#U`*5kO{qp9%$NU>y%@ zw78O4txOoorwr|JQFx_tM_1N^)UjHy!xt1&FKGkAO>EAzX7+t`)fCm``}%sZ&m{0r z7$OyC_4_F`hsuslq&}oGW5tUb-|pby<;Ae8;uI(@UVNCMsLG;OXj;HGB0B?;SRqXQ zd8`@lp$Hh$$SOu`5K%^{hWx=5VflJRt{Ez@+Sc>9A-gtktSg zT_+Ga*KM4ul_T0Aych_m=WEYDA%oB7#(NJgczW6|5v>K<&XA)~i^N4qKc3%EVDkr< z??45zi-+g#yz}ViDmexbTVY36U&}y-)_~*&;ppzne2^~&l4eLJ?NczP4!bj+r+Yri zEP@K~YP+o~J-bNuK6qTkuEnkzZnsnH{%)02@qL;<7rf6QA8BJFN1m_s6Je=7#n2Yp zUeOh3P9%_sa^BuAEwF2UKnaDAlYh<(*Mw2vVW)YH45m=X^<2WOh41rFAV&7UV3Lbh zC*z*Y_kHQ^`TbI8Ie_q6z!eKgZ@rOI1l5g?^2WDU1wO%)6XIv4&g?8+C3T$KJB`Dl zRWN0%d`+FdX&r~fQ>s#GcDj>3eu}Ij^ccrtB#Jho7pJ1;p%*|P`#;BbxdeHhj+afy zN&#tckWzkQp-o!-s&E`Aa4;0i&zCd%>qv+D79W({3%Tysj~5}&tJq+}j(*^1!|SE8 z1KJ#)6Mq?`l!{^8@iud}dg}gi{`1$j;RD~dI^+kkvdA-n@nutqCd{`O0yS zm_ACIMt5mvRvhze7%n?Hmb|di?Kta?X+HOz9gKKOTO^QUREDyW*!YVAbfo#lI|vT@ zfzcF;CyVV)!e1FA(wZ&oO8;s5&{G!w9%eeaH`$IKD(wB`8569#T&^$I!V+ThO!Ki~ zq@h>#;iKw?rMf~)LmfR@4unQL--TQEcpU(=uzPm0;C5s;25P77q}T6D6RMi;AVdoy zWF2p0O_e){6MIMznJ<~)&J*E+rW5F+eN8iBdouK=EQ<8QoD#La;f;xv6em!0+VbAK z71U$5V%9d4H7Riasp*tPO9Z#Arv|_2F%m!fce)G%rUIf>rQ$53U1j{plS$AVxq=SX zg>}pGs_DKEw936C`fe(tt;%~uHq`wbHNu>{w@t}EVj+*u^f%28I;~Y7q2X_UjW;Zf zQ^cev>Ilr3WGsH(ayr@=JSct>e>YQRfs4IW_mi~|=ob}5wt6Iv+EyVqlf(t;VaG3H zHkyZB)HDMlsII=kDDu_IzPPKUixSVxYpT z>j_&vQY|)C@aZigy!OSK`6W*YpBl+*>ml2s{l%DwA9?9N(y(gI6 z_3nDPk7qyw+^|9xYHFdtz*|hk)_NW1R;E)|nX%-JmdugGdhYNWHy)D7dYx~djSsr$ zI7qaR3N*Mx6dLBT4~AP19-Juk1#U3PJSlcNGBWb3D8Zjk)~_EV;gdgp0{#2vyWc!bkiWt~xeJ{@1~ljlxc7x$)W$9}v1c6vI~62X z{g^O-Joe@RCb@@GK%f7~R{x%m93`mB{b__ii~K&@U&s7^Ga)%}Asy5&dUujP=lxT< zKrqVQHtfw8>JRf{hx(c{HZcQb)WEZ7m?t}t7^?)n zZqQrwUvIuXNEf}fy(;=??mqP3titI#7ASca{|vOK_e06u@BCc&-r)dPX3y~7Raf5^ z4S_=dFZzCdzfK%%7h3}Wf^7yW?3b##E2-RekLyo_c^PQZ`k${fdoEz@)t0D0#>Xyf z^%PSy!2kRgP6V3+dgOp!3;(yVpd*2Rvygwi22f0}y-^QzNtvQHUp|?{j9Za5nmU_2 zg6ofgVy!7B9_zKVI!Vss(E}#4hM_$~{d|z%linn|%G8TZ&5UEjKXGzmzMCYIpL0Ra zZy|=1vkvMqKyv)Z!DR!Ka;h3gQ3{OgE*;G??T7%u7@z7|C7Xdlw?#ENP>2R4sEB2N zM5Yc&33q2h3x-h;@?7mftAOsTpfM)!-I9;p-*WwIBt0;?dS#fIS*RFl? zlXpHakrj2C`Amu!slD)!FvZlRAROGa@C%~CeOdxQi3qs@P{I51n|BYIk#qnY5n_%N zlfhP+=&-wGCQqi)z={kiCzAM{rhWZrLG=B2h}>S0@v!GuK#-3;$l<~0W^Njn1xPyE zRAP;)&tJ!j3WWrTxtr#KVTcH(-CHJgK;`GJB4Zcd%tszfv>J&&Bq908t+!4xb2R~X zhMxJnZBU?(O?&Cf#Waw#(SQIcDy1yAcYQ{nf;b+mxDh)8GWb(@m{plw7wU8f=0S1N zdEmGJX`%mePnltiSwAMJue8O#|wf0T#lg5A%G9k${3rc{xena#c?!3uhAn2k2 zsHs60A$JDcXay;909VU{4v`SE3I5&Q<6}BC(5()lJ{+YYQ?M`N&ob>xg&Z^sI-#0E z2i=*tm`1!fr7bf9-36lC{8-?WF36M8E=g;ouoMrI7$LIGtt{J%3<&$)Dh3qNG1RR` z*MJ8{4{913GbDlRdcg5pGBrO-S%EBNzN0t6(|)^=7+IeazDOGP$N(u3TbR2}U0|aK z7?7l-F}vvDrhx(MQ`s)b9DDZR?c6=}Y)JP*L>} z&#Nz;B%xC5d@~+oWI5lwb@P%7s4i3srLW_)7sgs!3B3EKqoXK(31pLkqtW?xG%cba z7!nfog#{*00eIDz3L$D=GMf1s`7-9J3I0-|zT6iOb#s0;)my|n1ix{VrM4sAjE6;? zc?9cWo`JiC)YV`2ll6d?VqG#6R}kp$E|)AU;q- z;joHuKfj<*h8&RZcPx4U<=I=XxUb!8(%l5yeq=$tEcWPQ*KCF*hhcwAQ5UNwHvfbO-~60oDdszWdDH^8fwm#om(SpvRQa12++m zzZMqZ>xkaM@(hN5N(qp4K~7v)E-QU=hV@Z1UA!x)@$hbHlrz-w@I5Rfs{k2x4l*XV zIrr^Dfs9s2KhpOLmp3~rmTXz#4PBTQy4I`mK@nlNx(Ub=oe^#<2UTkA6+*MB`EHx% z#d0-4teD-CiaMP!m@~0?B0V^ zP>cIq_9fh{EGExd!?}KhF1<5d1LUf{R3r|WyE^RZ1mm~gNZwp^|GrCbd$qNqK=cl~!%^93XTW#vvDrKDN_X%H3GP=+DMHCfE7Z}VW;T;Djf ze!v@}tf;6FXFTxXZDW%V5R9)%wSBk8LAruspRn(%R*g+gx}1bvfg?wY+Y>n9v^4u3 zcYwGBq*~OQ-!vG^N@BBTQqL!TP|?5Ig|>AnGZc3;Rq2?bkg6vH?`9oB3KJCJHuz;8 z35>(%dfWsY0us{HTJ3}X)&u#V;?^%LLB2`&XzFDK4i&BZGk0V+pDVd(`TF^V*S$jY zFn`L^6V#h4#7m)`%c$v$=sHkWMQ{slB=grGb`S>b0WD zMzyMIT58{5HoEuET|4FJ{l%LqkG_fwVdvhFh%W^N^Zu~H@R-yv^%U^FwSC;jdhivt z`~BSAT!+coB@tZc7v6`t;g^}NE# zCQt8xUv+yqq>=)_q)LIj+(b!Jpsp8BcNb*u z89MQL3Y74AO!a9ksrTP@2YZR2DnEF!LHm29sZnySqoghqe!>$DU{@E%ReH74GOu|W}pzvB2vl>_F zJhhm;*|Z`ZWj<;dN(;=pnRb_{4cFy8#zCwulf zBp`M-e9y%I_YUuxiM0PB&Am_k{sl-1?s_#p*13y+??pyIYYM=qk0JR3{0!XQV)y(A zT@C2mfDi>A2S*2@p&;xIiL4*vBhs!)ntskqFy)J2p~Sh=pxiXR#G!k<5` z?6s$r9%HhMN0r(bE?oc- zSz~*&fnmm!>R<`M^)lo={dbkLub}l8r9ra@JGiSop&!6XfqVGt3%jA_Z{EfK{0uP4 ze%UPGaO{2p)WQ7viCrIXHx(Ut6yGTe`tjR;hP;!X2eccR2L|@;^PdF%Z63Qr{M@?T zxcB$NO9p%k6agT+yN)3Ka5t~UX?*LxJzE=n+7xYODOV!n*@9LNS`a7ziuAf-WQ>gu z^=2z$r&$Oi5|)$UrqPm znqCksm42H8xRm0@VHCK;uj{7`<-A(Reo)99UOhWRC9L;XC5C9hiAr+_x`+-cH|Fsufiu02HT?6n zTD{Ey$fo};=2;uYYU@Sd%@ekucUd0P++n&e`z&poMTxVJ)n+u2_zOvZ+c_`$42LV2 zR&-s3R%@P&5u{GN(Lrt7iyYsoRVdtudHHjb04To({tZ>>K?y=XB-m9}z|oL~Vf_Ne z{BVYOX(N>@WC{jAI5mp4^POCZ69I-UFv=_7AYi|odvyvT@&xens9|u zf%~7J!T&V?KLX#hgdnxrG4!I8@QWyUj~Ef#_UkXEv~s1KUxl_kp`axmV?WLUE3_xj zQZl?8#<1HCjADCI%sYDmVs7W#bktP!I1hY!ONSwu48+~`Vy}&hbieX#&gqTaeEAaw z*KNvKqoE%ke%Bv@>rsZo=|JdV&M}bHzqH*8H4ui3ZL1}+IE!y(LW_cv;QBo%3Fn(QH^+6l z&EX6#d3mn;5VltyxCo*uzhNz!#cQ>xw>Fd3>PlW~ z&0t{Z<&84Y?gTA9FXBe6t|1EpudROftu4W{`G4)w;N3x`+yE2t;u zQr}VUp2-g)NHLI2c~teZqi|!YiMKRcA4UJjt-duPfZhi)O~=!?$bQ9q?N#Ycqcuqo z6z+)J8uFU&MZ@RNOMyim?a2+3Xr4WzMp4H7maJ0-|5fdr0k`;vIWKFid4mF*-GT`x z(TSs2&A8(nlE%L2VU>Z)miqKG=WMfd^RU=TX{{GKf78kDfOclTh;8mJjxtfoaAu8s zLobZihClYc_HjmckEIB?oYSr=(R|996L}yGpjLO>E~G>x(@>hScV)FKQS9ygb7vkA zGO(Jp0r|)}2}Q^<>UbL4Q6eQJ?WK9w)6I}PJw5e;zBu<&?mv9fTX4UR_=(c~XoAZ7 zvZ`Z~rV`}|%Bf(LJ(s%rG9DE+9+>jnob)0XmV9+Vg(vb`?^3`I(Oz@|0iWxdq>^5{ z=5}XOLc(8y^Xo>y$cv*pk-WpMW@gDZhq7=feES9VA>NAShq`Rl9&0$vK1!p#GD~VRUoHJVu!=#ND{hfW;N}g)udDYKYW(? zE;(^#fHU5%q$-q_WAPm7{R;3=rP3N5VTPfG?VKVH_a(yK;s1~`C{|pPX5lb7>7GAD z*wV}h>*OVbrDb=HdD1Pp3Up7lHV?crS=k`YOH5MC@lFn-M$w&fM7|!S=vSDQscFy5 z*-jNHzHH30=%Z^m*q7DefU=x99ovTU7E9eoLtir#_r;@I%bhMD`a>Tp?lSv=njQ6! zH^4m-GR{z}VyJ(d*yX6QKZ&pgib-~gSgGvbrIL~q?Q4%-sP?zZ5c4)k!-VnYwcapC z3?_1SJ{nx&IhR3APa85J`*KQ8bKo?>ytx`Qo=f~;5JY8MU7frji9)HTn#5ve%x!tC zFB@ibrJxirE<_lg(Re9*NuHsWw!87Fb+ibb5zm}-p6g;*;)^3bEVV=1%nX1&GYpEO z1?#GMw6-ptS2oc_lo>Z_m?MzF)&XU+RRJ+IBtSlIk^)*bUicliCFu*e*aRDT2G@x@ zPbP9-WF;@Ph)}FV|H@esH$L*qax<=$OcGE zb)>zzKDPt#rw>;0?@nt{2^ zzb-niTo!`5ZZjAm3zK%gfrDk-x{$TsLb|7zqA%Q76MJ1yxwi{+MFSlJSLq{ zRpvlA(`%*UOX~Otapey)y)*Xu`jUdm zx^Vz57zjzQ8qNq8?08RiRp0}xye**;K3M>GW5w?4a=SMRmKc|*rOA^L`f@sgQ%li* zN7xo-jaXlzl9s4+)G6B@DfHes;;*kzB)RW9Pq%;!X!3@74OGa!DJg~iycAc`uVZc!d5|q4NwE>nxwfR z&_1<6=SMVBijma1TO8J<-1zFq>6~e|>sC9T2ZO-2^7pnnc$BIOSc5cF14a6|JMh;f zufx_hLg&1@V#LOSYQv9qg&!FIaxRDxuW*6oUsU68v6}5_DIy5HuuujHw-*}_J2IXj zfNT_>VXW}z7e$1&s6t^LokagFF;e$4@0yRO&J;Om&w28uj2j8TVMe&g@=~j&RFxiSO*v#5BVNuRwll(90uTje~q9 z4u_Rd^WtU@3K1D^jjMn^J2+I~Y!--d2mEt{?s8wU@}Q8zL`qLIw%pEPWc~}vmnIZ8 ztn~nm*~-3sVzTsjg@g9+y;0~0fIVwRTAau|qM$PKeCa5BG{;lKQK}oo@$*v`$UwdljOT|uzuoll9?XpN^`W!tVXCAl@ z1yy#IAR)2UeT?_7r8pE;(l&B*0>bp7Sd zO1td3*H-==@>WNY<|q-h{KlTpX!0JGLb|_e?$H|avR1S8^-TDp7rOEu2MzDc3`)!? z1Sd=}RJmMoSfwFSX`*53e6QadJo$$Ai?pR!WOZK7%TmXz{`gND)WKP84G_Wz4e)5oh$eZ z#zKXDhLHAz0%g$MsC~7<5{Wi&3&*=6))Q>8Cn~TzBt42}og^?0@G(F?CMAUuWPG0$ zK47EnV?vT*4CZoF?gL*hSUiU3_7pIfEa678`tT_l>*DMnmGQnNK*NS-ZB;Wrw3y;t zlY63J%uJISUb^jb@(Q`OTzo??T5?I)vYsIWb*gRNe~<3I%WNYx6TbK%aE<)YJJ;N9 zmdlsfXH-cNiJGJW!->|8h`7w&-f8?Q`G_=VYC}5&x=qW z+O)(v$4W~8okVq51nknuz#L~Up#j{E?a7qTt}0T;cKYhGC)2)0wYKMm=Vj+SwyKf9 zl*`BywC;9Aa7d;BH-aG#neG7u!kh2-1-~`8k_zUjl}#_?>GtITxGQoDSY$MMz_N2# z9piwH_MKB+OgBbMN_k<6P`WRUaGIq0lK3S%WrI8sB`daVB@a7{&HZ9JKQ$L259V-9 z4{xTnePn2x>)%|_Hk>R(J_WWphv7m5a@5Xl#`Zmo9-L!HAn)9Z#Y zyiItNc3D6vNU>SO^sTg{t{*$5jQ@{S^zv#St}$pjCKo%^{5wxUucc32r@z22wI) z7XjUch?@kBfv;5XsI#GB4vX+?gTc25+lQn8n|4P6BHC8Xjc>bb8Vb^a`QF6p(h#6)~7(xD+wG(m3RqUC9+5rxGdROQI~@rqenF;G-n0HmK0B zT?XBbg32R{7inzaqVZD2`jmYNy9(lmWhW>%8!yq_(31oFS_l?c+)vAM_fxudZj5YD zdR@X${!;HB2gdG?R3dovW-*qlc&`^Bxi(8{1Mmvd7LBLNg(_0O-5>h^<27$?)F}*S zKjpr<(hHbHEBm15z3Ms^><)}MY3oih_O{<3dULj-O2qce(8IF_b1Hxtv?WcxG`Asa zI|TXM$d*d-6c<6RhEP)n?11bjaqTVV#dFd-^Uqw}GPvZ$N|lzzGl<{a#*;+UZD76- zWLLZEhfBDJ>$CeiXqZ-&tXH&`)R?5*R}FUw9k?4>PGW#KawSyMOn7a}S!s7vbj*$V zSu!hJM8_pZirc=X4F-xB(6?=K8@@PB!&I9G^!MVJXDXnZC7hM$+{yEvr!KI{Zg}k= z72dmePn2x>(KGprTMFc4#>(jn(Ai>uy?LjOBKIz`h;@Yrn^7cs0&UyBx17&yt4^8 zjl-3QIbba1hU&@3F{ta`zCG+z8&n#U@OLFrZOPX=No=QS$99fPUsLQ)%klL^Vowpr%XKg3 z;J2{9INn|=KZ^?T9PF)j!LK%dWpq{!I@ES_sWbuiddM9XR^iS{w*T^l?r*7Tb`Wdc zF$=i04KHThI-*W?2Ulb(PP5+SJ-YCJ*!#|?rkbc-KoJE*ktR|_K{_Z+il8DbNGBBO z2+{-uLMI?1AWZ}lg7g-8ktPtDNbeGwbZJ89y_b6u)c5_q`>k7k+_mmq>+(a-nc1_; zv-ixNGiT0Z;+>w9t+qtDb7o1}t}h{CDqKpl7hP83GxgkKYhKiE;4ZY-t3%hrX4S4DCc-Wdn=wH zA7PvGa-&#V#9VJc>UJ>~R&GKj-u=tQ)iAGq#?OY-y&kk;g);*kmz{^HOq7wG@n)c^pqr!uvc)dL3`s-GuDz6@!Pvwjpl}v?at!lDfK>I@5Ih(+Y z`maO}qQjV$+K=%4lF!NI=KhG;v;KMbOR!pP$K~kmCm&Ta3mK!ObimF=p*+mQC-t`O z%Ibx$dVX@vryBb<^$3-5%H!r=(iceEj~;zfp{a4I59Jf_`Em7RW$Ls&)=$>I+i=Pv z^w((Cs(0MpNxs*;JcL^c!B4^0+v-JzZ?=n~2inVXY!c}W_ZG*8fPR4ClPW+Zp44@g zy6$$1_m(W}wC7p%SF5%$+3h=TW4`yu)RyIX4o?#Gbw8l;?wD4zV{>WmIDLK4GFRK* zE$W{6>sg?bdC=p z1`rW-9<;<09~=j>Zdv60cM?y>JUC|WV9m%wY>0PyV1kHW_u>t-Ya8%QBvxy*ITuH* zlme3OK{bf|?d2@0R8c@tdjM-MhHa`Bf7Esi<+N*!tQGM2qV-UL4D)Luv zz`Qrx>XH8@1whp0d!Y6}4L|Mz7OTkZYrsE$Z2}BEzlb!eZuku)(AFd9Kd}H}|F^vW zUbnGe0Y3PR)PE^450HYU=>N;|e=IQ<@mojyS2w6%a8~`R zMeDzU2DyC=tLPuE1EiBux_r_WHcaxI)y0C0fDwVuD-iUsDgA%F>vKhV)4wiaLk;Gc%|BRgfj|Mg(0MGqzdpDs}Ci1pIWZKaS;EU=IpgSl4w_`UKS+P-x zy;)?%1Ns^EG8cgdgf;fkpXpE8QRUylB4CNK8isA6%ZJb2x9w=7XDjyz+c3?pkGk6x z8(2xP2ShAKzTw2?c4kfxM{^Tf?3KN#HL<`wW`1Vug@gn#pQigOb7npr6;o^T=MZ8( z4QEpbu0+As#KN4IPut22V#$10M1-H1Pu|?h!VK^j!(>8te%_8Ihwc=^F1}UvjDgViU%P9>rsB)gI%4t~wC5>RpFAWaDSsDC=g-7=@X=2d4xx?n9Gma6nI0$JM|;)gkMXT8F&Hs^TtBK4kGmf*;72c zSC?1!F1x)h2Y%&8ao+AWbwDkea9y$I^_7>WmupB2i{MK3o#sH4hahYDm6YDDtU^rB%^G8QMpQIqExNOu zo5e|pP$Z?$#;ia2P0NBI3A;APb^Zb=jyBRoynQZDNMeT|6nFn|oORO5=FU03x~ptR zyw@5?-j4pfMfs;+&u&F`h@j|$a&mI~=Qvwfr#A?#+c@{P=)d8o^K%g5(RV~3r1%}a zK~HB2x2|3Sc;LOR#Oi@pPLE~il-0kJHY%Vjk!?{If$kHmLRv3x+{)yk*r# zP#W`9a{b=JAea$Xk8Bku9eXQ?Cd zp#x*-l=A_&lCM&O`>938JKO}oEBE(lv(4U$+^dgr0q^?i7mnCRLe{lmu8VnB$s0?6*I@yDs3ze-nrNO^KQCh{6U^tVU!hJ1aVHJ5O-RFL&Ji6tPdo z7K^nZ&MUVK-x**SS**tcus-7U4l=;h0Cy`FaL@(^6q3aI@Kvib;;IEt)bNp;iH}Dm zNO1m@P$NfHhLpQgV_}-sQ6)!uCYHNX;qEfMlUP7ytYIzgl(_r*y+${O$wkAzVZBek ztNj!caP`k!A{aQ->6)nhSskr7S30DYT>4}R3iGK2PsZQG_w6k<-I(1gZOKVUXup6fWI~4OH+KC3v`F42WlvN zv6>L)I|%wtirN6oj^Iko8ZQn8ha5?A=i+q8xh)c2wt$2;*nqe{-Zz^(l|2BQVLhf*ZG7{CD-w_$PVLQ_6>GEfZ0bPaJ z5N!-%izS%xjA_DPWpRuayeq?K15a&>42SJ{F)s;}PZum^6>rx{pEA$zS9cX1ZIt%* zm712@?-P7+N*&C9RApKOxmJ7kC^Ym4;NUo>s4l5-M%v^U^~K-!xPTKrpV9tEN?`!5 zJe;Y~($vtyg{6#>doV`9$M{|blR(V7AIyJ7dydv9%GX6OSO!COsHpeq!(6W?5thff ztdr`P*JS$ajVTayL|*py%PjB4aaufaBnH80t1BXX(QrmpeswWS3np-ez-V$_;yf1N z+aWR z-*#*iB|(1L{jSE2LqN41w#&XoxT;j*(7*)StOafc)u&M zLiz|bY4Dhx|1Y9eHNbm~(+W?W2DrwPH+blbk5iHGKU4rj*a|EWV9_y;&+9U|j9&qn<4-`JYeF4ZRL%>1gz=1$~N%^mD_b=S_Y8xr0 zp|PDPbZL!qH7q~u7;ZTKdWo=)s!Y{qt%M4B!VmIsHkD|Y3A3UNd^Bx)$Fyf8g-!9sI6jW+Nn(($ljOWBN;%%QzAz|};-|+sCF?&b_;hGwDm(uM47S?JSb>GkvSGEbX0x z7AMRosYP-{oMlTb>^-hSqK|#+jld}<(6=nhjW%A4x1-Lq=s_Rz$U$=V53F}rFIBm3 z=g52Rm$?<-r<37eq+>}(+lu%&&VDWRhO4kFvswuJuF;DumLZ$JUR)YqvyNEzZa5D8 z+K2O$sbat-|7@G8{2o|j()ay|p#136cXx1_x=2eT@86sT53Z~&x^r#3UkQ?s0Nf=5 z#2^S{$r@OkmbH$$^CVYsPHCK06*YKkH7h?_a@_ab8RmQ|@OoX#qWpnG@6)9(k%FvA zkb);eaJSX&`z*w`Sg77hr0=5Z&@wz4F`uf{BLIo;wB_?6+H;j|rJdOuBy2k1R^obH z-(CshxYOpZ%#!}QLSp@--_oC(Gkz;df1cX(jA48v~Ku1drkbSHrtD)pyrXoR1rpf||1RDVJ0 z2^G#shy0Joe$B3Hph9NU3ICL>Wzu&nPGvwU)Fw=ce#)S45D&92TZU}7Lf;Uu8x*-2 zlD#=%af=#T>VKWKt#n6c6c?nL)>n@QBJJcd#7Gu%}W0xMv_eukj$)nyJysEg`J^{1V6@u&53Xsv zeuu4!!c|Fc8&Dfk*r{QZVeLx=ih!iqzmg~lbfVQ%U+lCwv!;)qM!i zo!wBMnNjp3ZAC}s!|$n8NakhNijIdY#8)}6HlVOJRJ9CWJN`BN+&78uoj$1J@q|JA zJAx-|fAy7OYh6E*G!5EH1m7CtH!UpShP)zhlkj0+arHIVXzotg>rptr_2wdB_GrNv zeLQs*LZiyReIQRK!Rwi+8(?HJ&&=4Kl_k--*G)bGYlQgW8Kl!Ta+#$2J29b9fQjP-Sj>ys764 zpCOm{omFV_#cXv&Lnlhal$WLjO)ueHrSUMqOm!3&f#6!!{0f88p%g%(I*crq9moR1 zqlvX`{j2;YY$z0f^X)h)kW=LB7^*ReWu+chcQOYckB!_LKhlaPgjr-t$Wa34&edod z-EOefX%yCC#H$tzWGBFT9cFbDo2$i2qixpfZ7SHd+WGD#a6Vtm7d`*JG0MY$L6YQ= zo`j14VJAk5TkK|YdSm&}In$hT4}zEgx`c7hx0XtI*V=`3`GRbN56K?@kE?hF!W`0y zVmcF3dyS?cc~x~lGL3tb0|#l(WRlu63dpX|%!UkK69q^wUjD^-#o;8s82*i6j?14$ zn9a_Z$V=5dlk=y4cBCk%(CXw9Ln?e}&F<%ende3Fg~lOEvwaFIlErH7%`BMl8u zTd0{PwO%clb^C6Z{WC3zLFC}ItXt5C8bI5rZ1k)7QS?O%(bcGWh(C#e2M@`ID|5&K zmdvY+nqs_SV43enD~$oB+9)%#%pr#yXvMCSuFkij@;gT?X@R+*@D(iZSDvImlF=#8(^VliHqa;mQNX$!`B@0AMWYf zV)&g)qyR<)lTKyG`o5l%i%fIGZ@Xus$TZ{*Z+XRWU6pjz6Z@xu-Jb?;=IZAh6$7(U zkI5yws3e#q%l?x6TwkjgN1H5I`n(NyA`B1gKK{$iP0Wk&GbCDUm}zoazpi(3^UYtO zjAV&-xEcOv{%WtvXV02@(?6mDy2bwyb^D1BPQ7OFBb4iuHUM&5{>0ffkOf_9c?cxp@om1gUuR+>~;l(wi`kv5QTLlz}@w&hCj=Uof>$We61 zEoF&}xx!D>We+iNuK9O@R<9=>eU!#vEk$dy!17O0YcI$$czHhOuh-w6+o@fFr3rs@ z4K~^#xg*?XtGfC{#f8v&{q(-ztzl{g8Xkk}>u=2!&8bW8K$9Wt41lqLXjWZ}NA4A^ z2$dU_iiwd@o$^eExp^E5NqJd9-Ua#U$8H`lo`68DZzgGcFft_8c2!gwr@=32)&sGk z6UunI>fIQ-&XtdSLWzL`*~^!2+218VIw8>g;ya-ldj0&PY{fFWJG8S==^_i?Q#}_U zA$my=EKnG(6_AMf{_xakti-MF{uOLonR?mAS$-6fs%1Y?w;=fkOJhs~<93mh4k1n; z>4b*^@msTI$ehieDs2d+IH=OANu*5dV0*3cGvyy_1w-PiQri%^z8b4v!sa2>Bt#i< zBPqv6{v>cvsVaXh510@LhFj1^Y0QnKt0CigtS2?<75gsFGwnJ>W!l7MX=Kv+8g6Bz z2-U~FtBt8ieK$TCQD!-{*-4rBY~SpLxTqKVn3YW3%X`K7U$zwXd$&qV%;Sf1hOKO@ zCBEn(e5jp+iW+MlZ}zKZ6Jvw+AUF`MbX74yQ#?d0=zWJ&HpY1o-y95;DQCP4^H@Jz zEH3fRLYnUDs>67$dt%6t?d7McEm!6!oKZrl56fOy$T@e)CGXFzdPJ0!bCvAz{0S5y zq>cMS!!^$@J8Bi}E;Y(!C6(5Gje#QVtFMxDBz1zn5Q652kt90#Q|=$f)xDedd^$-N zv|bx5xTU%F@ig%3pC%it?D`1~l>FubDi+1O4SQ8SeU31+-}snf3Pyt7T*my}`2 z{ob-!*B{C-k29thkU3>wZjZ|Jy+dMT#vw{|EM`omZ2|R|oMU?|&@rpumE*yf(hK&K z!P^_uN?wvkxueV{I}p#*Y`0-t*r);vHws+lOg16mDum8C%0n?i8yWqxt~wep4_Tbv z7m%Khx!v`TU%i>f7;1wH^it1x>=o~M=6X!l(xn*elr);U=Tn-KG#Q!#qe)tU8`oH+ zX&n*)Bd32(o37{7SPlCgj}%(lfA)zh-kSv01zBwn6bE0q%ZT$l3CI|UnJ-pz&#U);Z9JG`&WjEf^ zJ%V*nfOeyFzSkPjPEC8tqP9!j9F>2JTZ`DZlvkiJz`$@e7{qzd(`I ziGrmGHroZ%#JbtX?EK8`wab^KFG6za`ldcy4u#u^fdYYuNrnVzpb)TTNMjm=g=?S4 zdMuGWUK_?+-H?=VxBzJ3>hOd5&md!fS)n44ZAydqwD{P5;7o#StBJ{ZqMWA`(vyLp zNuAf~+;5Ap1ACwf9^ovK4?-JoQ@_k+^h5VwZKtsg2?v(8K&Cc_c*Py z^+Y%yjQO2=FlL35L&Twm;>>|ameX!niI zcNR9JCzv)rix*f$LT7QFjYf8$I~>m&kDdCh)J4xpimu5}jvZ*`x`BJ@+g+cgGNZhR~QR_c16SN@{R^QvIs!hM7W_*-UyhAf1Ou6^<^?*I{rFSaOJ$k zTFk-#ySX3Lt%4fQtl51?9;}D7vgYL1>lFud8lMG6{6?y!vV*{AZYa4;u8g)fw9}q8w{8TnKmnRlX&wJDDSIL!Y&?DGLINr2Zaf--GV-d$G+t;y~`o^yYo>fm4l3L102in=+XZGk#2aGU(1W zxW?uEfu*lC^aZugHJLIPO<_&iyveC8wFNEvl{bb?X}9~A;nKhJSYac|0p;Mz6+_4X9{n{pe;O4F0E$B{RDlEj+W*yAZDb z$K7ocd4(V$H%hGy!MlZ4Ik)^YYID9UI*oj<3FNvqkX;DpnMs__FcLC;sE10U&xJHo z`6DBkfbi;H3!0{e@vcpI`g8r}OoB~h@i2kAB^jQYf@5MYp6gCd#meevpoGmIjJb*7 z@-iX20f8t;0=~bph8(Ny^FUqUaaVPkuWxix&4$6rMPB;!l-xC1#w7Hrxz~-=rrO<9 z2zzm%W-_Dc_jrwEaCaFa3C3Usq;%#!fA?NwoApG&O}J4BEAo2s>SMk6H@^SPPxv6B zw^#m|98pUCokP8H-NSbEv#C};ZWeMjBXbS>r-44h|G5SNX%;t@!?zkM)WKLqM2bzU zP9eigm=GsqwlOgJt(aF&oYpD|So);#b-{62r2_6eHRDq)_HjqjmxQX!rncB#=UFwIH9cA=~jH@o~Ymj zp9#I#9Si?y#>Atg?{DoM0qt_q|^|7D>V(60u)*|JorNy-DvD+!|$`{Eo1exL7q_tGObk18a2$pr31(5YepMYV7XhBTfi@GM2w6r~3;&3C189vMJu z4N#Wq`tW>(y`E!dP7q?)X?vUL;3vhc4P}L~=dTke19f|i8_AmqEyo1whcDowF5i@! z|4LIGjot_^)Z8b9arD>fFI&~qs;qAlLNYH63rVl5VZ0CXEPHQm&j*hrL9)aLpQTdU z^t(5Qt_W+Ovg*EQRc*Bj;|5g({|TS^eX?qF*9**I>sMc>SAZM7bf;k=tc^+bhZ1I- z#s^vId7rsaKnHiqX%hyXV!Fv zLIRX^=65Gd6_FpUY79k(d(}{VaW=n7))uOkTZnyza1&=HZKMsQH^e95EsjgjWUM7Q z2ehEr7Ofp~Z+_!z>A_3kt!XV6uvpd@+4?#@jF)xpnR)s^Z*@{`#^C|L#;nl2(NK?G z4YT!N%u_EJJ0cpiS+~e#{J0H`&&#EwFd_&KUGl>-OUo+1XT&*4QXk{H4gqjz zc-NIe=T&BPEO6tu!Q*IK4$ef^GMR&ehoA6ze!T3pc7@XIIqM(om)6BW`V&V^Q5uoM zPscfAVZ3pf$|0-emKgML%32ZfUdS*}h?ct<;(GYzlZNVN8YuCGW~O%gvw6L2`3ZJj zACcYXvo-iIaHC8lJsHx|z1o6vX3IKr|CsH^fpr^MnoDTKMud7VcJx~j-R~OFuLHJ{!DO& zp&w~#>D+cr=BgACY1P(7&PIO4$^o5y&FmNP6?#d>KIkc9ag(F*$?B122C&U`l&ILs zTRKFVY+$WcBH2#cZjPFu|!XfAoMvqvEo|6>-` zi<(Vv9}t~0cx964vm-TV*-IAwV7+heR8j!5Ph%K!&}L&_wY^g*Aa%6Y+g%g4*)OvB z%ctzsI@_E>{Q^$y;aO}5OJ-NE( z@-gk59Ore~d8y;tRsjNoXqzHcRLk7K`+E)3{Kd98WUVxO_Z z)!|}SPAD_;iVN1?0G;%j{Q{$Ii5o_xUHb@iP*z%dTH(+eWh?Ho%pv)zWlHY(7qw1u&8?Va@(ncf}P=Q0_02BWOV?3g{T zwx3m6lAoGx${=V#4{NqIvj)mZsw-G0kxqG) zMeQAeX2~YP*bN$-^3vJ6&KE0<@b>pF>|W`$LF1m_+H(lu{a@E(F!=11t3i*MW2 z>3X}%wxI_HO*?y=Vjtu|7UGk}Ke($6wJLZVyFFY_-KN5K*BoQ_T0%bCTILS%3`>W& za?!KuZohN^9V4tiiv$G>ZT%(Jjp3j zmU=-sKd`jKPCY?2e8H|KxMsTsW#*0RrcRB`Lz8q~ln4DjgCSmNpa<1bGl-pGim`l% z4(fI^YLIJNsrLHv1`}NTfK2vK;(GI1EACwMH5wTzS!BM(Kc}=WC$dG_k1$} zd``KP^E7K)Vbwml_qM;m!tszRjIQD4gE7{OKx()yIkZ3xu1uS8n7DQsrtB|Wm#}gQ zA`cgwe;6{SYAayVWk2)eq7pG+Z`7K-jIYm^&LJw>+~c&CtVG zNOJz@&7(3n>gJV}qNjis^uTzf-E&%!)-Jp3ALp#9d!S<3Ga#7?Gq>R3&vVdx$uGVA z(Y?_4${gY-UfOg!Yh;aOX%DZb_R7!8iIznoUE~K)OBZ7F;Dl+XOn{!!rDD-fZRf7o z(8_n*Fc`fIUug?o5_*DpT>dyX6C%_&WkDKpK731!wLK~?lSfk0A1xy`C<^i^Sa)et zbnw;|m%0ZF(f4>`C?!jDd)i`sSI0SZtq@_|BO<`FA{2w>i0Yc)@bcrBxZG27Q^{S& zIiGS?KJluLRKA@P?jgIsAB#4rhPJAx6VNv|xm=g-&@DT;j!KtIzF$yKF{%v`5{Vsj zIi{-~=U#Lr?Y**|)EyrI%U71!u}+8RiTvaPggd*~8IKubFLcs0p-UYzn;v71&Lm zZ3`b0m~$&gojbmoT{x10)}6>HL^IGE4Vq1C7sM7CkKyOV6`~2lx9<3@b<1H`;&V1y zA|!vgVqOqRarGXGT-cU&a!~&=PrT0wM3Bu3_X0N1u9}OB&_qRjjkdD6P4PR>pe#4z zEg4C)&6|2CVSGb#?5I94Yg4%Etiic0v>4{%t~^V2teFb6QFN0Cifn-$nNBh-27^7>c6G=UE$aKeyOAy?BtFnC)#-ga^ZIreC*iTF3LivMK-Y?3cUWRL+ zu45Uk(lMmi`CXV~~N{tVU^#Wt)z^-*JgeWopdC}^ycJ;~fLQ$4S z6Np9v&3fUoa{_?IGq3`8le;Oh#;mx9w>xvxcb9*7&gjxR)t=H%3d%+daBu+MGPyt? z*+L?C$7SeMV=&f1VKNvyav!QIm!2MXm83x0VEaoT3m-ncc;D3O(yp&D~e7ow-?P_G%W!8&Dm<9&geN_z@LSf5VUxsVL$`uio0v zo6jlf!{G>bQ=~a~`ZIdyMM=8`7vK<}i$mk;i%oR;HPZ?Lm3;gqZfQx-9OYI$`AO3n zjP4iF7F)!k&~Se5vN|^?gY+$J5W4YI{$L2$Gj!Z8Ep$~k$0()ap?HoXh^F4~xf&{F z^PJy3c*2TJuAA81`4YjBjLNK>9O86d+9=+wPY>@F17o=Xm+O4Ms+Q zKQtMT#oqbNT#Jl?&sfuSR|omrieHwSHo^fIno=NVt3t~>ox$i%au8xRIr~kPVgQmv z;(GG8CE?-OR=7B%e(ol9<6U9B)m8=YL1YsV*(4PY#$rp4!i`Hg?6T>;_Cju82@zGZ zz6hX4H}d+6d?3_rgk(^ND7g+0b3fSO;{s`$!y~65(>~ej0|_m2G5P0RDtiR4&nCAX zG}i|QT2W=_si7cF$l@9xww2w7jeR;ro~fZ|8iJ_}57gdfDZT+z%Ev%Vb1JuqcxZKJ+(jAqws6*4bhw2Y+otVPf%qn{83 zl7aBYwBt zlCwHsXh99e5Tx=Q6M1_@m@me(jx4b8lmK@pM^7b&Q+BTh<+!X+>cEcOq z#69r*RLomN{P#FY$4t|hwE!E&l!D!vCK;%UPc%enXW{)t#wmrhvU$PicV=+^(_3NeEy~1FwfJuw#ep~Vj zeW;3JpL?d1wI;!}pxzK`Kybcf%gj}B`Kt)&u0N69dXmh@*N|jM>e-*kYDgyBGoQIlHxo+M zvC6}HwB2qqiaOnzj+B|;+pD#&<&8Vu&sCB106ye@aa}U6{3PCW)Mc?# z#87H4rYa}D9P;zEHRnLmxijy5kY%8t6j#AS2WdG6lvvn(hsoJ?f(8qAncjYVE2j5@Pa(FY9Yb9 z|24jCSV+_7!J_<>UwKbaZqmY;!};B|(ubTyj74-6UI!ZBGUn~F4FqEZ&*ek!dJvt5xaL}4?k^?6MDPQ$00E;fddL z=eL#sO;}22%VOf(^YfT=wFY{jA8RrWgNr0Fe2{`+T3)^%&(c-f!g`I~vMMt--z(hUlGkP0X1S-k7uw`$fFBnk0;DMsM&a`O)tiHzjZ$p5m z#3AE^>@A4)t}M_KOfV^Ht1UfypDD6#Ag6)#Ltu~1oaIUgWoS3*`-!|!9M@z$Kt$ig zzNy+F8joA4JR@?Gjg~Q8`BWl>rkMln@jL5?(eRJnC!2^@JiLWlJJbk7IuW|w@HbhP z`4-w*wWBS{1~~LzoUN5ci*Xx#yUItfZeLlJPBWZX zHK8wV=vQ?=fe%D9ei;iB&CT|e>jonf%LU(!EC(+V_>i$?3 zz`kV8P5Jm;PA_+n56&U-;6tvB!zHib3WuUNb^|Xo(m))~Y}3g25Qp)H>>Z0uo28Im zj#P*P^F$LqOhrs3CEFN)Kds;i=OxgbH*#~xV@;jW4}tYBng$ez1`ngDevFjNr~@PZ zpP~Sk3w&6oy+$WPc(uh6<5gno6afPnFeFH64Cke@<_|F`>)&^(b7HVtM%Wp!o4LLy z8)3kYjTB=I3-V`eClD%0w{T6ctUo&)ER;5`P6*t6Q2z5utq(Ow4*UpMZ`TofrF7t- zC>refhGa&iT~#cb7!(Kq?rVb{ywj$(WEFr`1FHgW+M~!ub0H@*YGT`N3MKrxM9;yplQ^v)pq6X;*}#%!l!45FV*&cE z+a)02&e3HQh;9rjeMjAxt*sqE50ayUQu0P=qH5TJrw?Zm<@%&ftqMJ!|Ky!Om|~pf z7@S*GJdm->r=`27XX?+InPzJTv~EHxG%#mfz_+@0(3wTU{5;rRUKNw3J#*?JM66(x zN7mvaNmcHNxTE**^mwX(qFt6%lj9<%flb9y%|n)ULl(X&|E<~i>~B9=v0kK)sabgE z-7IiUG^=5C!bm#<(z$yngF3Rt@Z)JrhV3EnYlLi?8_r|l2d(CyJ8vE1P+O1pSBKL0 z?r2k;0rT?*Z&umtYHaS2kmkuEgF*%beQV=1aCo5?(V})-sxRhOb>m652e7v4ya1%enBVIipTVX0>lDvX51j{VAsFa)AT#vVxKFzoZTtoP1*_ zLL5r%p9*{fo-{|ccDWRd+^4iXUiBi*`B8QWY67d?=_7BB9t8c{133^Yn_2rME(VUW z;8LqeP{wH0p=he6lF@@1l@PyJZ)Tq=oyg(V(>&e`$nxwdLQk^BPez82aNoV6B8_iE z>yIBaksq7dCiVg#8Aq!+S#fA*aw(EcvTRIF#nI&IPrt>+`3>brO}!I)qyAUOoSWWF zdfKR>Y+X%F9g|jR%r#x`@4$KvU%9_e=c;|Ge6ssv1C#*~Io3)^F9s}jzQyti@ zNxZSSxj8dIQ-RnUj9rfW4YwBN_T3A{X*EXb1rVM-waNB2{ZY?ncO7EwYWAMzA2n;1 zu3E_sbs`F8qzrT3qQO5!XhC;A8ma1-T?dX17YIQ)T%^Ti1YbaF-cqfjc6m%%^ESv8 zx#t8iZd_*dHCm5^lHO`l((v2|;M{Bj$mVB<}^(J)MXb1A}d&>BkU>SI-lF){~0!^z@^o z<8v7jS=`ObVn`RPyY~WL;$T1bp+x8Ega%*v!8<~4 zAB7>MsvFbVoYnCowWvpBA&NCrPJzcxl?oQHgDY0ysokhu#OnesgA>cx>)|S-j2(O( zVUevNkNdjBL5SE|L(xHl7q#ab%)$unCa9BUc64sH%FEuRZt-smu!X)i9mv8kN1QtkFh^p2_B8Faol`<{r0ENiYD#c5Vj{JfSWWgeoR>|D{B z^?P=q3>M=UY}%I`WGbk9mpn-#nKi-i3=x+-)uV^PhJ5)$Oq$n7`l0@@fXEcB|8NuZ*UV`4_fD(E}?3bng z5E3IbHfr2z!}40%`GONuxtJsqPZT0#2sNp=4tav72^C%=xk{jl*x58Qe3@@BsMqVH1&L?v{wFR%wQVlOh*?DCIxqU`bnPPw~ z{yuwN?$kmJWUcIp*^hAsTl!q}+#~qXHHVknj?Dg!#?In~nKaqG+`Z|f7C8qUyIH~h zQ31d#4%oVzXca_&xXAFYg8FxA^O>9_f`I*YT{WS|bVw8DBB*d*-!=uh*mq2=yXzu*USJ;|6Hg2#ctgcYEPuZNRyN=Ik_$N2zH zL0Au|ipjr5&ms>}=9=y=Tm!7evW9hSHvHJo7=KJ)PsV;5oO;#;h%T)`{9X3$vNN{m z>J(;w>(sR$LpS1hyc2~|H3T_VI_?>)s=rWQWF!@vD;+&Wbfq59;5 zSmN}1`cL0_hoVE_OyuX~YXGffqEL^4y{dkD5p%oG7nliwogfyW!m)W@9j?W{)k1On>1LJ0=POFn(* z>i6$E_GsvPM2sywZ>tIN9Z_BqJe~ay#F`8G2M?2VPmJ!Bqdsr~8+!a;*sTY!C`^^E zGr8y|2jLH(Kc(>;`(*K8nusg20?*=G8~rtPfk}H>128mntWmMKWZgdqNSDVVbYl-$mxjV%mwYoWA+=pv` zSOF2|)}`8~O&_-=G;7VEU|!y|Hb5LRD;6qV=hj#$!w=`xZ1qwM)=l*F{w0&%{K)*< zYJ!5f$}soSc|_GSmqroI>EXxOSn#er4Ohb7$)vIiKd7KfzI)f%U%_JsIjj=%ebpMu z9&NocGyJ$nKK4#z2Q_jE&UtCh{0%{?aY@YT${os{Dy>KNe74wj+KC}j*&_Wvhaan3 zUC(qoPoOH+9T_^w&O^3v7%qDi0({_y^qYwQO3<4(T|p=L3P13X=U`-!{(Q9cYVRek zin0HcoFZcfHe!F^j=W1Ral^t@`pp#_ ze?dhA;ya(!=aG4iSK$;;oN8vesFVipR-O8}_!ZlydpO;$DS6*}alLOu*JJ+Y3Dk2Z zYY;jyJfT%^;N0kFXa#&>2<_ zrvguwfX3v``OGH;{p(b0J!m+`*d6_+IMEwo2xg_o(tKv!IUE@~Lo|u{)Hr-WF$(#y zOXiH((@Py|yc?qX^jJ6mC}GjSSCqg9ldvu_%G*xA=&5+JVv_P99~ zM+3lj&HcTIa|{~V)_5M&O(=0(EAzYWRt&JbYHKol^ z&!k}OPl5;wJHz|49_#XKM*3{cVU+}=Pzz>nj3H_$l^)5RNlA&M314adO7i;14Qr~Z z*daM$rJco`X&=iHk3If!P<^FmAA)5Mr@pEf9gA5uGas3$?uVo2zj<(fNHl6?NL%@2 z3K-o4#u+WooOL7o4OS!&C`3NNO{wzeAuP++=toluLvEB<0|2Zz($=6C|CY~+ulz>5 zLF2=>-KgKL47%eyt%f6CHya5E1oluxd|PLKgglH}1mfcM252NWJn&JZZq|A4N7gk* zv{>G2acEzW-%w&bhZBdVpARYZAWhuZS!$FSam_WjHy2N{B3Ue~jf3I9LKR6kY?QT7&ke^ZAP$QN=!4DKH=m67^q3%S zo*AXHktq;k`Qi^>?MiXqIVDR%H=Ts-FK|KJfJyK_5B!8pf&mV6@^@kUEUTZ2R1c5U-tx~ zPdbLc%U4Hr(7>hRV9%ZXZgg|fRcZO>grF;^QGEELX%HccpmU>+cHARz#kwyAGRP1# zNGC4qT~=SbSAJ-)QPP$^BgKeT9-Og*$<2%yH1~|SLXGGr@S0)oA^muYY@wa&4_DJl z-B0?)K;TopN+kolvKx0FrQ&2d@wutlv>j3Yl|5c@QkLPh9&Clt;nijlSCLh}eZ!a3 zif`=k;wB0BuN7e{5)Lo9xb}n-Jh&PLpyds}E4X0!T^{@2h0C(%fAO3|icIJv+JvGj zB7rruua`l)MQ(UMvZy9b%+@VGWAvZHy5M`|fN})LN_qOBb1!Ui;w8+s-f9ywmai;5 z&;A6jFj_LfqoGAQ6`&meMSDQnPJUj-?W9bQNbiLo$iO#zE~6qfS?j#_e6EfqZkM;Q z$J1dI--O%2<|~(8eopDsi2Y_{s{h~UddsjVgDzm05D-ul6p&Q9WKob>8kCgoSWpp= zuBA&sML;?Q76f+b5a}f?P-4*~r6t6r8|iNr^?9E6eXs8i7xz79PS2T{Gxwa8&WZRT zI}$bYTl%x1GHy)u+~&Cr$~VFC$5qxlC3|&&7S>%ta;qAx)LkV^D|3_6&7>eAVWJDi zQ)MadL_NH7dx-#5HTfi>2tIl~%VMuA-#LJ1d~AL&^|)VF>*kmS#`Z3Y`n=I~xr^6R z!ygju^`?9mvWp5dvF7wd1su7}S%;aX_ro0Ov#IfT%S?i=nY_NoMh#+*?YT=7hC>#( z&aBPkcD+kJ74}^QNiI)4aUOuUSn+KSsWK!5{vYaPM7aE(; zI~qjbR0IcCa;=LUE8P&|PtF~Onm$7z)#pv|O-0!4=pV2jH3N3itq&}3-xX|45QxV5(fm2@JUKivKKkr@ zWQ0elMu9uUIS#psZ61uYysSEj3Sv*9){bh){-3_qvr3E(MGrU2o;(lqK`I(|ksNn1{%2wnP1G<`V7jPZ|Bqc#tA9eKJ*$yJHuusB7ef1;1XAEws$RZc7CuwA`s!m+B zxqY46(rkkYuMPI#l2tA;d0ayG<_6n#osJ9qHA4tY#-q~Gu_QMbWwb`x(EkBXISfzP9CZo1 zrBkg4+vN>EcFZemWV){=p$m0mX=zgYqY>gfs)8isUqJ(%K@ zGK>wx<20;V#qBg*aXrad78P9TxL{MH`+CQmp-6LJMBj-W5-w7B;PS2`?lPWJk_`pt zFSjfP9#nXIX3NucICg=y2y2!y{=zv*U(}d)@tviAERqayjKcNQ#1aLiI^P=cUUBcB zsQe}VVfq2x{>nmDOS>}2tIxChlCc0#t#r<-1G~xsnC*C&nN72xq$o1Ev8P5x5734u!lSh z=pYs<>*BaYP-_e=T6f)emuz7XuXzyhjki^Nh9W!zY-lO@#5tdRnI*vJLW`D-*u2C) zwfxvt{N-IePjuQYKpwK{E4xWWkeLV9t9#%cXx;ZBXP;7OLnqzB%l>Pc*Tcl>g) z{hA3MD5J&E- z^N6OEFwgoR$}X=+Sn)NzseFpslyGczTu8G9wS7>D!YX`XJ#tmn)d?&Uh7_#KiCp+w zXqL_c($`4Zo~Rd$`){VU^zr3p2Q(V+?daR(d0$9_#y#(0sZOe!d^S>jaTm9w#O_rJ5m)azKPkyb$?dsiSkyO}*Kl{OM9UgU=j6K1Se1 z2SHnrI*(fPNmbpF-{Jqy^=KCn{4UuX5ByG@=j!s;1{C$iNRv60K21h}5>bBeEjfw=^(~zx2^@FNW|jQ<7GW zdY)K8rq6eq`D|>y?ttnXxJChueFx+l;)OZ2x)SQE%ySW_&+FmeSK!~r@`22c{(MbR zFL#p5A74ptE_5Fggk@qIi&pT!k+EaPKi zd{dT)muIs6xRM$1+6#PhK>iBdoWXAVAc1r)9!*x!Vo4^B4SweaK=g?-6san>Vhl8gueOC_i$}_r)bni+ptfJHCfcjrjl!) zpolBd!QQcr!pO*nK6ax2L9iY(e@G!4{%(H$7eAnX1iB+dk|!*e24I~ zAiB_y+hsso;iuRbQBg<`7S`UJ0wdx1W_UU9JJU8pb-P@A)7#Uge7G{cN&B=Z#+jq+ z{>yH1HPat|UZVFi&d4PW5;&pY;{q8~iq&}4UJWKEsMSZ;31rv6@nF3dTF($P@*!65 zNn=y;0cuckzM|{Qw~a6aS&V{qwlk=V#hJ(Q@w!` z++#v%9H?nZH7<4(!sFq8sYGG7`>>e$;o5-NTwant+?ex@6NxTg7LVSHxp~T-6faCj zaQW`bgYrMmOuXa94kMCqgE61zBH~^%bTRQ6df=N&ui>!jYW=v!2E7zG8f}=HUQ+{&;4b>(pb_N&%}86$hr4OewO=s2S!JDPGzC{PGvmfV-#lU= zT`0k5b#zL2fAyw)XbXWp*#xt11eS0(-?^!94zWVMPjr{X7Yj0(1hw`|Jv$}#cERsk zi1f)UtMLS!N7{V>w(K_*ZT(N^1%ZR!ORd!nsY~}xL2<2U-0+%G0O#U_!zgFz(m6!b zrQckDk=OVfj1yMO!9~9hQ~dIF@cDeICOeQ7CCI3b4ybPO)KqLG1&mbTDaec{?dT0I3yFvSbO>O5m4xH^_TCG@`k$vik-BD)t=8*hrtM+l1292o){>8CWliIsob zzF#DW?R!inZwVVcz}xA}J2k)QMM9kt>tkBft4)oCv0T zDrp-)^l^V(w5h`gpL0fOA|Q~8ClI$$>mHiolh3m}3-EK{@gtj@o66=8m@iUN0M}=% zTFu1eyKH5INOfEcM0XRTq9*;Pfl$6UdBsL>6|Vgg2l9*AMpTcnTq?L2iPt|76$$?S zY0%g4_+g@ljxd|RC68_5bIzcWmqsL(rPjDdDk?EB7@xZarMT2|(e3~yb?MT_zcAqQ z4-h-w zAd?+T@MK`rh9*N6eMDECic=!>|6zZFJr4}B)}P7o7f3M~a%2pEDiG3j1 z%_688{z!p92YoyE6OHKVl5<*d;y;)vaSP-ef=Ayc}3Tj7!@Dmr3*Uncq zvhv|9FGN9AxvBTH-;9_hPGoaPL6&Q5Sj_U<_3@&oj3B+{c7Jq@#o*bB2K#xCBCD@- zzKgvM)Bf}D#`)Gn0mZl?(cdQN98GapMoy?iNMG@YRd=@JvTL&zvvYd`n44 zs>=9XoSc;U>|;(|SeH`q*C6FUP#z~*UHncJyx}7~Ck=TE~(Z}HdV(#8C1d!S}4 zmAYLrVLFOwkw0gXn4mtBJqg24IS{uD@;roKgaFc;)p43}z!V^z`%HZ|nXxiV7GD|< z<(Y%^>SNzYc=``eyZ>==El3H2v?x9QIJsHdM8bc%rO>^>xEP|@38bpDit@wHp7}_m zPJc-ywQzm^wnq`R0ko7cG(}uMMLkQcwjv!bJPV8%HwA11#`SYY2ra%?9!)0GX#1HS zEJEcD7;=x#%mX)dt6(hSGB^Wlpz7x0#AGe1F_ayNuZT#FdFGtA<1K2^iqxkDEM0ro z@Wy$p#1t*fPXz48DFIw-A*0`q9{XdaLOI`&NbK4?QOfZ~XB;V>Vd-M{kbTj;Gqi-6 z+L*bktTzHER^G){6oNU0922IVdR)R-v|Iy7z+?RUw7-5Tv)bA2PNlRBZgvX#`ePX} zIQXfI0Tdy`q-j)NUb{w1$c({fL{kI)pN!}Tx>l4Jd^5&Sb^D-fG%k`LCV$VsaDGr` z=ec@*M;hZvp0#US9Y( z_dk^a`{;PwZ3?ko({BM;7xj6mLQ;DwVAD>|>4o6*O9#(IW$DaY9!4cT(#fSq%VFzF zVee`|tr@0ftma>2L%!McD*^Tk=~Ug;_0VXkfs2CLz#T>WOr;5y`XgOK-um7ehD&9BabS%j;;g^TJKkFJ+=~ma z|K-kfr|i9B>+*T$3o@G{NdXm0-nY?e@duw+Nr$Hl;IV29@1K#-STrS-x6=tKz5?_) zMa4hUd%s!_(-Q7YFAPba?R>}mDHxxg)eC{xtv|ke?H!jq?ieLn$^-6yguw9BXL)bqgxAyv__L1hVX#N2e7~eK)L`OvuU~b<b($?ip3ew_o*jsKv7z+8im0crw!xhc0qjnPN@Do-`_9iQ|T z`oeAoH7Rv!7qVPXC8V(kOm=BuL>y`2mA8^C<+9MbF#5&96xdV+$L*N1auAld!*QfZ@_tj5(?v181>``$Tq#%sz?O>F!d!aP>~5)8(hue>aWlp^Uc*-&4&W}Dow=Ppw?rn?lRw6V`?r@ z6AL+}Ox@TjXs|5Alo8+M%3cChbl?x4#e{t?hIk)P1@fm{yHRgXX;%Sv{M1+x+`3vl zm;rcA*O|QpOV-NU0zv9layK_#K8>0cCiy|>d9+e+)?6jjGY>m3R@`pmMT&>bdtYb@ zavIv~GCk5mQ*&OH7on{o&XDAYGxM@2rgFnIHejtAyS;@x;0Wwy zt)bfz)xgWQr-w>vrfd?ovpW}$e;8_X zG={3Wt>~eH%|5Y$Rf3&oTAT>s5CG8VlfhsYYcydem*WCPAw{g~2Fo{St-R zA0x*b>Amo5N|16PG2o@ibWBboM-sda-}GNeTDd@#=Y|FQ#CbM2^W( z_eq!Qg!uvI4A0sSJrWuBSU(|kc$eMoX#D(q*H$K$RxbxEWOUK7{V$SgQS6Uridwq1 zcJz)i9zxE;@>@_YEk8(kIvsZwJ2(O~e?4O1lo;X#Yb{i8MkE1binfozi=J2RSIl|S z9mm&nFK>=bx%>6pCC4uWz$qHqs7Okmx{c(l%xHprG5ok_|BhW@&D8C@4g1zEM^eUq za2BlUMx~F=)98QPoy&eDF^l?IXLI(g8j}YxVmVSi^rq(BS$;G+=rE|E#tEAaxh>O* z8onSV3;y7}QhiA0V1}ejD_h~t4cm+zk5q2zsOBQNMhG=oKoNQ~=hoD(y9vbG%?;SS z6X~X3TJP5FssF zI(Dx@5y$-QzynElTL+AdZy%*pnk4E>j<)L8U7k_}v*mzOc1dGgdn8fotmtUTb8B*1 zHZ-`i8;O;Cf?+q9zoQ40kd0gy9aa=E6Y+L!czp zJk#svCAsi|jiBDT8xtyq>!Go|Tz`6uALY>Q55f6ENl;N+4(i~bFn@*bgQ4K_mbzIX z=ce^Zk<~|!YGd7V+d$o^*KlxH9uGP&@`rMvMhDNKJc)WE36sa~8rz9Ut-lYJkz##i z+Y(+LJ_~E&JZ0Y$w{oti_aHWx9bB3@>EK0N`fSQU=4iMbx%zs9!jG(VNEuhC!HdXC zb}@PMY(fqtO8YJn`>N3@38OWe()rE5;C;}Bedp3=PfqZ){!@HKEElQ@ESD?%HM@xp zdO17~u63_zuMA2l{Zl;9mm9C@sw9^e3T4M@2K7GkIJ4&NJKItxI{j!LHo+x`FERZm7oGK-7f4 zES|At2~hBl$hnT9sF82ydRXt=$e*-s%0^+cUh^ciVPoo=U(Kh)O434 z2Mp>!=LN>^j32Yz@ggACsD(%-{1_TI*+D6)bRFAzVUB~QQ$W&v%(kC0%1K; z!50MgVHv9GsiJWG-z`2bOO>UJ?Qe)*{D3i{@X4&WY&k4phQNRD;rSdpx4=y=ou+l? z4HCY6e0{Oi$pwZhmNt5jq*Qy{^{rc7L|2Ze1t-&0I z1kAHsxl>cS{{5+zqHC!7MMYX&9ctQhcdnbr-)VY$<@&vf?8j5v%FPQkx!?y8x&|R=TZOo1tz(`MirAld0Ll-0Y&p zlH>714Rmo|=4fywV+XqO)y7uujbOQnADZcCpTocPn zS{U*Vc2cw~kR>N2_X!){=CZ?5m*WE;1`UVt)uq}dQmxb|^ zs?4k>2adg3>s5IW&i-w=@|Tg0M~!n4U9af9or8zhIp)n+wfC;g=Co;%^^hM-F#2z? zIr~o@Xq>^Cw&XW1&QY^4+E(KZKJVZAUUm^uXnQHD`v6;Fd$)cew-4a{oa=uMhp@o{bnh$qTn(@aL?&+Z5YH^U zRiigy4jkU_-W)i5t{)m(IOgd5;QkFZk(RWJ^|RVMSi}Pl_el<0mn-!Tqjb@ey#Yf% z)9QDs63(Wy{6=$s>o|wpe6DrC@zCZ1RVX}*1Lhd7b8Dw+^OG8SYP)N^tdn#6#^yCM zx{bGcW;ivF(9J=XC0O_!Tuo%;QK`NKVD)0>|F z-lzU0-`*^T;bNQLnlyiXyUVFMFN&>6(l}0BaU6|Ggkw$fDFd(YhQVvZ84cyg8zqyP zF@Z1ou9qBF-EYcijvhF|rod-3zdnP(OK$e2dGNVW8Y3pGErrfiZkSqsSRGS<|n1u0rQG9|)wKI*r@W{H1i%xPbjswjLqw?TwM(%)sOuRVtycQCNf=U=Pp zQ4x+6jf9A(vtB3}o$_JA8j4IVGhLkU_L^a7q@^C@|2o|2Fj3jTprjnz^6Moli}}Y} z*2b#yY+f|3+F1@U#j#=A&*7O1eoJp6GT__Ycb#{sh2F*=4kJvbD7OD%)g&R$%X(b5}!leNiwyG7KK4HT3EyMbPCJx6y-I zYU#zX=guvR8yJnE=!XOO?(5oP87{-DI=HP4%(5jY!C;zyeY104hVz+a=*?a!6kSk7 zmIN;AzH>J*w^U;#=YX{9;j9#fqQOdM{;)F9bt#2a3;j}dhR1RYGE1uRy63w!_oRn| z{*0JXE&GgM#jTrq#8~&?`WJBQ=1)f0)d+YUL(RyjsAI4=&ceB=V*O13?4YVw2P=Au zwd{)h&<;V+w5@9RHAEQ1aBx+GG7{P(vK()5M0Fq|^-}PS;;PbujHzXun32%&M_(~; z>D?;8+Iz^04cXPCA0X^MYV&SK`<9lx@gtUnt3ok9aQh!Cr%8h@sCL|+;l>V#9Ne4e z<0it%iV4e&+Ll}qA7TC0e)XG*Rb7#}r=0|@dw1WdvHr^qOY29JxQocDp@;`0&QeFq zjo;ActD~-OKJ@!GYWv;j=(*)gMNh7u5w_WtPOgB*VZe^mT-wdYa5GL$AK_o>_UfR) z|I7UuelS4&w%pT2a4*G2%ip^CB*^YDIm2y`oXaRT?D$nl$Ee{eAPQyYpFaub<2BC;*r zQP$_KR6OGa{_mI%YORt4RV>e7lbw`rJ`xBoO@*gV?7m;Hd(L7jn9Z-nc2KlCwL)in zMMzZ5XRY#iLce{?l_d^}3VNl)628K8-~b($U2KZAUlsM{6$y0(^UFT*c)A~2IC*=EXg?qtVEI{y9r88PgDXoVG>ja2-~?dE&gO1qWL(cJwQI;I5sIJqv$JSNnguCNOydRdcm*;Maz0q{;c}uKBcGwDy9mZN{LtR!H(w%rL^L5?2v( zycTraqDZ@sSv9qU{<P?E zk94S2VUV)gCeZaU)Ns$9VIaqkhgkRmEtRIYWZVi}^SvkfAC%?zBp-bIeQPCk$7}a_ zLb*bc`5_OUHtfuH+C$vspoX1Lr|li$n75XGuWaI6k}QYSr604~$0ofLb%?1;aCxD- zj}-Q(6kB)MR9Q7_U(pFSdtsrSSsQG12~RH`?$tw#EG(139T(9zt@N+?_>*iettbXP z%n2G7%t1O{nxi|pgjIm5(wjP0_&Zm%pyk4w_>4=szVbP4ZE14BLb@XIC3HTeUi4?E ziLFT}kJp9XRT`6a)GVqK-pLh{FcFW}qCw8Qap%Ax`??4AulJC`Dg4Tj-`S85G7_w1M$hV{Depu2`S#*$#m5((q z?rpTyamO8M5ad8K#~6w8m+b1Pez8E!%Fcb&aeY@2wDNr7JXcYb@bCOfxE8%*pIg0w zg2qC1Pse6`4H9JI%f=bJblOuK!rGO_3jUHye^CCtObjWKb#t%3=zd;QMdGK=y8EAF zcf5R_C189Hv|MOb7XU0gBvGsBW32#Edrm4jfvo2E#x9dM#^Ytcyf^aFBk2!m2db2~ z$R5Y^yd>;mb-Bkux*Qzsx1JwgPr(0js!lmB=0kfKvdW^>$toRQkg|R_^P|1HEOa)0 zuDKRQGyoyzf}!234kb=qUE0A;cGpRDOrljUA)oK$*f}ZU0&BMy`#4MI2~Tvov3Yj0 zbT2QW;GND`=hH|OfWvQ3%8C9WA zanD2>dU!x|-~8r*>i2wl3qssA7G#vh^vI0sJIDws?-OpOGNJl?LXqg68iU_t1bo`O z{J_k?W$UcB z#13^XMD3ofj*TA%BdCJADNjb+FWZR=5g6<3z9GONcloNA>FXekw^_f(X1UiL^c>yw zrwP>-mxGKQ@loCgYeUDlSnC7mbi0;m)wuc;$(qU?b;WKK{(R|%Wk?&dJz-Qh5WvV5 zQ=NK{slD0in^rlgjhCJsJvwqH?o*dhhm+H8M%vo3R=I<}G4XJj+rqWg8uAXu#mwr^ zy?0`I{=HUb`h;)ar;qPAf~y-AnXT5e<6P0dqMT6mh9>4of?DBVI6}A({S^jeNebBU zlGG(kbw*Xm%?~{zzfIc(Tm8lAaOy$Xn81}y>Bd^($&$+!J3o7XP86VI0~X9J=+qa} zgA3nk{Z|@Gwz0YAc(7_0ifNC9UARqJM>tjuM)?@Zdqi}l*p3YshqMFRS|Mc`$w)>`lwOP2z9N+5Q1mQ4uO~re) zDt-A&vR!jy?-}_rUz4>huc5Qw6u_r=ST#S}0r$~Rr1^2ZF8Who(7i24)xtaX+|}F_ zvMtBd=Pb+;toV4E402%-3FRs4L<{ZvsQE>wz#9+q)&-4c97`58VBV$s&U{$4&FI`G zVtnJmL1tH|P2L!rhl8(5U|6 zRtv5pNSF4D1fNglm6tv?PH$xSn4JkJ8L(J>So_mlm#J16j$u4qxSqs6VA~Di1QOuw7u^|`+;)d z#)9OEcreI8#Ec;(z;Zo?V`sFGiT+n_bwzRS>J=F|w{<_LTI-F2m#SUVdnR6NEV^j1 zq4}AP+1h5H;@t)+uUcv{TDgpp4pT&gj}~EYW`Z~f8eY`*rwE`-*#PPhp27P6fRa*c(I0I6{nSG_CitVW;4 zd_Q1GV0&R~jtuNht0$ksv2r`gj}DpkRi6N!?>&RZLGB|HxuxQ@63QiiRZ9+f3ygn# z)wt}ivQ+&g2Cf$?$6U8v+)jfRkqYZhAdh|;U%t~DgG|)&Z2RUkI^-2oRn%OQ{ZJdq zw$ zcyh!3sr|r$i9pp(b+x%hLf}D}TD!WXtw`lNM3<7-$DNMG+mDLxPh_W{HIyS%#6qyj z;4nhJPO^K36K}#djZP#kDMP~1WbdW#KWBG}7 z)}GtUbuunMeNcqHW%aGjRacuMGV6e#QyOY-uvcJ_ zV)^4LU>sZzg`WivtDk+sod^$@|GYm$DdNFG!R*<`zc$L2(JLGK+R+Y^2`W>t0T*jR zS+ugeZCKjGI;?GZj;EwLL=*cglTBss2ikh4s6z^{R>#LHmp(tEp5$es zQxH}oR(c^egc{n>wmYpo2zmy1iy8}AsgGJJO%BB$*Qx9@?nTbNX$6A-KZS>@A!03W z@viNZJ0&2-Rg3)>lzc38U8v-tq@N_X zIk~iS-3AG24=&zohSJZ=tXEKb4LGP+Y_@S2|1_vPwive@(q!#xCI90UD1wDSLa3{% zq}{8;W`$B*eikBzHK(cPOk zcgHnj)Y{P%_3OR>?xmejvi~OQ4W2RYkIL3=R!q%bGizKF`euh z;-hnJ_Rp|F90=W`BY;-KtxUal7pa}N5&>d32x`1nk{A(pq=FI$UaoMoBQ{*5=e zrHq57Nbs-e~9xDH6DhBDpv5x z$@L0J>BPB&8qndCanH(m=HQA#=y>CQfi6&Az0JMiI) z#aFN}6K>r8;s>{qsb?rnj>0;frJ3nP{m;I>?+) z8`*n&IDX}y#_nMeuVoMA>M{3IgRZM^!~83KsRMt#DgKsN{_NL}y^1JDHS7UI0$_8{#7$y z6O%t3F9~D%G#1#`GBmpby%pC8#)AU&?IwUXhxD!T;}`F2*jwmV9%Hr$JBAQX@%`ZtC+|m%w~?>M%4Z*aqREf3#_SZ9ZFpnVotEQmOEe4{?3|FCkVf+}Ixe}o-xu?ru5sVb`*qpnLXB%e2<%NWQ-hHi)Xd^U`^t)-2sl?R4&rc~p zgJ*XS0nbrm;bS3!YrT#n@lOs%^Vt)IUx57;M0nA1967388 zND0)2I_jyYhZ7){xjz4vD5#0E32TVFb2_g;()#1EZ1Q$Kt%AWATxnO0^XvCIr^ct` z28^8jYFJ2VbaCO-sJ4HQ@aUeli~J!c9dSAs5%H&Z<~8xmkl|h;W0I)AERuWbY6U!} zsQfPf(YQ_+Z1zAN*mRO*9k>+ziu6}gD8B!g7P>U@Thd9%>#G}RJMUL- z?&YaaeVfjnL{}!usTzOJK;u_>CkYVoiq~H~4}xI#6+W)MLV62}2R3wg8-EEeICugl zNp5=O3C7nZAMWi&bJOOg%&Sqv7J}Yq@O|wB56p$j)w78i|3Cfxu6JD!$ z;JQ*G!y&DWR`*^e!Y_X05+EHH2&XEm%NL?1#*O{5RA6(KE!`kuVPcV8>vztSZuT#u z+oCKdjO#r2gp-8;O4WH~?A&k8GlK!-UMCwnEsWiBU6)&Y!IXiZR7;)7xMDJopiJYT z4G1t^mPqPKEecqt0i@^?%D>7f=uFXO-#x)BHagIy3hD1oa{&)q;efSd=UyA)kd+)e zXe<`MHw0b)UFza7R_j$54%r6qet`>OmA`^x1sz;Kht~JkCNDw0ev11-lKFmRk9gF1MiUA6^Ye`%oP#CtGe-f)UAwsby9X1k4pq?Cr-5nFow{?< z=Rq)VlTcM*24P?xXI*g-`@=0RMglAZFkO7GPn^J;!o%Pn2>~<7KEG%cq0CfRYBDfN z8lWhF>z{jjyM%aO9FXJ$s)m11fS#hI&;=p*qJ~dmNWmD-ju>USlkd6k0h3?<-AGuAK4&9o!ZhV4-{dtKp)pw z+zCKX5T@;$Noe@;+Af&tKQ9pi67)v}VO1N}eneF_ib})&QbWY5r4AQBl&F51WVdxc z`40~oTkCY5L%eD->69MVSg6QwFNlG;_>(<#Cy`MzMlfMhvVYnJE>DH|l!E=_BSHW3 zze?hoR*hN|kZHJitZr!$ejD;1R$wSM$j-g!Or<7S6V=y`B&r%h@tfY8@7H*ew;O-`}&&q0Dwm+&wT9>6k@ zCGxD`uuC%YoupMF<~`W-5bff&xP<(+RaNKNv7g$|O_7v_00n1J7b}UHGMk0H=S6!AH`?|sGFzdPnb5Dl6hp<4TzzczU6l{n|wN#fM%vh88 z)?eS(f6r)3@6GCK%gEStiuB4#c`bPM%AF_%A6MJ=*>$JwO-BheZ*2%vH0_T#Riw2K@;*&DV=AQ-G!N-2fLamp}&Fg}} zFHILi^fr{~C*xck z)vwzalt#tE_uL8DT2%C|A$(NH=ABGbwvg%S6Vjwu6yxGF2MiyZ+=rnVZMJz$-D0XT z&B??#i*|JJ3L7k#z z2^z{T>wSN(-B$`fp1DeYp26eC)H`|$w`0Hg^NbQ}W1hW|2TN6?=Oi|}MYQCOs*jJf zWop14HOPM#^F7ve9qo@({s)9Zv{cso`XQy3AIYpnrB|^LxrBh z(rP-jXUvqd!;&&*dfZiw8K?@XFdaw{Niv+CLQwzQ@xeExZW`5jQtX|chWY^Ft_bVz z8z4SY-bc8q+5KQfYS3br5&dI&L^%Fz_)Ry6%i+gORdrclQ?^nt%PLCX5jD>>$JU+Y zdje0^M5js6i{qvv3>iR3zc{G5$$@(w?m>k`g=z&(e|fl>GyqQUeW6$=W+$YmzJll&LY_Y&dmm5^E~FOroh=6?a~P#rB{Vw`qK zX;Bgar2HFp4>i!krp9T>*S~Vbdj2PBi{KvE!W2BpVcd!TeJPH6U;_&lmQT&_KV3P0 z13M-dKez?^ZiD6mTAKVn!5t&h0SnGmNc{!T{cjBJB+Cyi6;AJpSl5`rPlA7gz6b5% zrL_3OHzrm>pZ^0CK^-jn!WCYu6( z+5FQim|>-g1hO}{{)>*5CE~vUz)=oqF5-SiCRA?w9wz( zu#;OVYOrX!`<(;7Fieey47s|;Es`W=&VYI)-e)6tuPeb04a z8zC#OTqDEPYZ|-M@UI_djTj-Kz^Z5uzaC4CFUR^%&P?0*ZRPCl_Rj$PFoCCFR5^p6 zY^TuEDF_JGW_k4KQ&)d;AUSTWem1dOYxSo7q)BzD+d+(1mt5x2*s!b@Ea0=>I^CU5 zk8*}~`#EC^;CspS&YOT84R@?)(}VV6y2vnKQp{C%0>$pKtkWMGITalsnx-}N0P zL<`7fi3o;ZIt0W>MVfLMSeE9y*EP;P^!p;ve8{W2ela$zTu;c-sO?mb375}0+cDoN zKj>!cYmC`0A0IYV#u^Mt&t^|~oKyy~GU@_DDM4rA8 z2V1dneY0}5b)rOIEz_K8;>WiDxQz4#bZ79n>v*0nbB-4x92^g_7iry!X?{t1Wt-Xe z)_8lp^^nOLq@DHuDs&-Z?wyR+Jv~@&SUI*aqX(RNK;~3^ejTJM-E}rqp5A@A)6~g6 z>TlXW;s%-P-$t>!E*Ck+)+GeK?mT{~ieLW~DWh{jB2v^hVtE@KO6CW8o0phzZwwmt zNJySp>IVmBrOH%cUPo*iAEUn$kE|Vy1soWs2IiD1YKMUx3i>Ho=+4=R5zB7_vU@x= z`$vT2Y_r<^w45Q^AhKvYx@O>K>1?O2TrJWctd97Ba!5O`*m4`DKvIg|Lq(i>+P#;X zTvpH_tbHQ*AnU^7eX+B97rjVmD?Pwsl3|&d=0wEMwOO8iT7&*bun9{ol$TJt^(J38P(<8>>!&Pz zg~Dg&LV?eTZ##!zCM`-T7fEPqE%6NUUR-cC_&JH?p7?Hll+%42pwvXlCZ419E>n!H z?grQv3SKs#`}K$3U42_Qw+DxtSB21|0kkCwpG6BrZp_OUn@HI8-Buter^Smz{?zm1 zl8;KM#};pnQYQB#o7t6@1J`CL`k&o{Xbs+R$a~FhOo3PX8O5L6HY>E$QqZE3phCO) zzAb)@PjkJbCg&BCW6;N@~hP-ley~+*Rg6Rdfcm=MM|H?BT2pX z%FXawbQ+qo(}w6}>VR^mHS_Ptu3<&J@VEooPqf|FRl}uK&@an6n|$t+ZX{TU;gIf} zUT6K-iad?g@!NDoq93FRh5PXi7S~jipvh^MZqPi{lm2h3!q(S7Z6t+e?d?0zZT?@e zzt1WbA^IDxqrjdQLjB~c@~f(PKO|$-+%MH3`6k)mTgst2>O5W$4Se23N%fZo` zALe+~z%Mi(kHyAbOX^fZjOyV-6%F-SIbKgohWq|e&biAr-{M@-^sHe7916V85}|b{ zd}4&_+QpHmx^|AB5AsL*WBDR^Y%t|`y*Y`%Gdca53l^y$wyCB*mcMxOB={*VwL~*J zMEw@XcNrI3%)g17peK!#j_Yp_iUA=?Amo~KPPYWc&!Y>GJNF%1q#M7&i0Xuo@=3~` zrO*l2lPmJHI@JgfkwTO8*IsvrDdKNyR^eC1pCl`wSJab}E3=gRmDM(0eD_S$Ii}kL7>mckfos^os@DZj4G=n#wIy&S$@YWSKod>zj6% zV#dO6XW!^#`g{AFUXa!^7l5rBi0{8<{$c*ZK0DGjYUIpv?RBiC;ey3dUlPPr4Z(q% zZ5>HbfHutjj7#wzHE3Y$<05FX!rcqu_q(h{dCHEY}yF zOf{Yg7adaELqC%>#qG;gZi@*Qj8?_(`Q9vF)j(nN4S^w(r7pVY{cIe+Z`RRzr)08F zJOC0E1JAAd6|yIa($Lc@0GZSxtssxp->N6?RLYQ}KF#G!?T4PzV=`vZf`Tx&z-g7>@@9%tguMcp|j&-{@_Oj&8 zJ$7bi0aSGb*RMYAq_jFyZH0As-P>d=x-W+g&LEo}+@yeri5)9|&fe2-*-$w=c6y^D zT`K~W%#o^=;1by0($9|YaJB#3Yxi?38-7^s{^KnWl_0J8{Y4VFy*I0PZBh88RER%h zZR(4Agy$0N1DSL-1oYO!TuH$g#h9&Emc`?e8#b@HM2f9ThCPaOT*%&rP*d!2A=(*A z`mFQGOTKq&>jSH`cRmdq*~liwK?gG+DoTgP89^^#UPsUs<&EzBjh$AVEOo^xCRxv- zfK*yQW#wUJ@h4VPPs{RV-t@4ju#A}E-hcA7=b@77M#Iv4TSo-Cu zb3M^RcUL)8nTPI^`p&q)@&bj zO!2Y#6`u3EtrithF^6-Khr0}p%T_ue^02NkfkX*f__#&9M$80p#Ed5ka?ST75^@oD zBEqVFuKM7o;bhjA<9Ku559uQviDMM*uiWSs7F+U_wC)olN>z%8oB^hVWlA8nym}gH zk{FSDYLQUO?0(HSN>+p{c@rjG@LXASnJVme3`}W^e||&+o%6koHniydo|{g*j0(nx z`H(t0iSNd~gy&*1a_QMHMp4JiZPMEG$N2nRBbk~Lq1;fW0y5|z?=YVyU(+Wd#E+f; z%FLq)v(7~42{VD%t+1hL0kf2EXH*%%fQ8*>LVSgd5bs1kg7l_lcm$6{ZFlQ z3m>IK?VnhiOthZWstx|UfpP4sP{j`dG9GO@_Ii8>ycz>AnL;NJ3G#93-PGClnRIiH|}$si>2q5!J%Ow4WxbwAfPNuoJ|#vgi9~l>7qA2&<8q| zXe}&*f>{dORPa23%Nj67WVBOxQYIoZAb|xA=UwbBM_|{Bl!!VOA4vBs^yi~h3W6_+ zFsB~*OPW?*!EvHeCKml)GH?as2HYr$xiMG&HV0i(Up(k#=$4QC~ETxMBXg-4}{UEL`c(hWe&(`Pn z*BNXm1h5h%2aNqlgX2D8iaCE? zpm84h3OIW8H2?-Q%;>0EHTy1nJi6~Hp^rX2Bd2FbN&%*!Q*@j18EMgctq$2X)Fcm} z`gW{h@7FGhLcjNv>_-`0USC0jh6?QwY@Qz$l$y%P$q8aSttq}R`3v&hY~ zkdzZJU-y`OwTg=lm~SO%&7Wk$t+=}b#ZDn7*0)&n&t=jf4#B3K#=B38g`NXjdZE>@ zV<`oJf~(SzzTfBgD=b{1y(;Tfv9ARb?`yHdqWI9nJ@k|A=ikB^EHtK@}yW5-H z&`}Y3b}BvrixC-${7qc_)WH8!B87TX^91 z9$|C)xH#F-h{xP7>CCj`L)876vn9nM;f=^3CWG;z+ofSkQV*4;UbE}>aMX@{l|=TK zHhoN0c)poq!ntUR#93QH# zLGCK%Xi*23(l}|mklRqAG@>_p%#pv@f!Qf9B>4(IQVg)dF!9@>&W8?9=AD8)B61Rf z`D^@}Ad0f2mMXl4333w@cgf4xO6da|s=ZOWgY2Bx<8Q;?v)GHqMY2HWYm_eFc!Vta zUt(ZV66$@L;Bh5CQr@r2NJ(Yi_5QZbU7gDS&o21TPinDJ)@IO6i!?L!@@nvr-uo1g zZ+kIlsLe-M`z_Ja@A6W-9saf@{Z|$;LmrNym5_@H2us zkh_xl_BUSs<4lO#=*gMNG!=_JxeUBgX9e9qwE03cbC;bQ4;khWLyW1ue?S?~Of}!T zc-uxdYkbPh263B52C*c)QRq%0G8?LH%jbujv>Q;9?|m8+aNVsFF`_aknKerrzPbCo zhfQ`!PL@JRCM^e+vwh}8wcx2Hi*+DgF#FG35(fB*(ne}>b z{f{vx7cwMW)G-i5)#Ua4Bu)%{HuqNH$0a7x2*RW>8YGk=+Yy$+QMdk|{xqy2mc@2! zrJ0Wtje&hQ*BAjmB(sQ>1k}eIs<<@2X9^luPK}c_)I5aM^_R(Xe zOh;QvR!SuhS%;EV-_XPa14vkl8sm}tbb}bVQ)2_gUY8w>FD(iwErb;!3QLOuN>gAK zh{6)q<+O!WmwGZ5eR}KH_dbTGxg(vMY+qoxdHgWH)Eag!#oY+m-E+gGt-jB@lz)Z+VQaze4y7U6kb|EI?E1^oUz+uQ@sAArOI(#y^=v=BNns zbof#wG5*%CS4{>2?Yn<8=#l?Uc<1|$ymX+70s}0>kz&kLXxdl^VJviFEOf_2=z)n4 zi-{1wiI7aCr8D1}`0uE(>4FcpO--u92O2c}dnan%Nl$`jGCn@H(%aolGe2<>R!7oCS5x zqHPr2h(8h0&$J!fJ;?P1mT2wq5i^5NGNui9E#iNF(~>6bTLy-kTAc0L~!VX;3rav@vL~?}7 zDn221Eu%__)}%LLqJRlo9Q6q9g`E2>hUX!DF(nxsB#zDz$d$A;=+E6(_h$WR3goN+ zm+6(UbYi}u?kp=TLGeAji^N;#8@+8|evV$@bOU4fiE68MRX=1;l9Ueo$1oj#4S*X#oa z87)9{DV4QSBy9UwcK1@|%RKYq0UmAI)l|cqNbgZfC2{OJcgtM))I;*u=D3Ga|H%zx z|01C51uQ^V#0mr4MY*m{QV3V$O1$5V=}%rVDvuuiAlphI&2ZWLvuwXR`=7jER34pv zW4P>a!ZYOo&o`5$ix=5dr(($$#{qyyzZ8gp{Xly2@sW_xxEORMNuD$1UjB{RMgOkQ z(iQ_$$V~JY0|&6A@JSCUC>1xS53`t2Ufg(pR4Y4PCO6(7R`moGw*qvb3fYCdD0YWf zmCvntIkB-6txiS-De4I!eVMp`Mev2tJNC!|iw}?R5sX2WiEt}m-her)om=EYlDT`r z`v+@n6xP)GtC_vO-Boa)sTQiohO#GvwC}p6K(QgITFanpD^gA_757=2qM&MvgS3L$)EXJ2a0Es)ZaZz|33NSK^tPLqz zxVNpowWc=1Dh2=@h>_E`zpkFXo^?XWasx3KQDJ09d?592xs3W`rqDW9+CM8Re^6&Z zqHY(v$Uo8s;Rw}Y})m!U!$0ItvhTwyjC5zfMilp{ivDqAR_ zV!8j76YPw03g`_yeuniA7Cq8PEMg(!N4>dC&ncfHEXbo)V&wmHjS$rsy*{t$jv0$G z5K+WB?(m0iGJh(fuSm~hMJ7X3<2OhFUmT?sNZli1LP$RH#ZP<*dnwG=aJd*VUsGz3 z_IxR-+j@;!KO}z@6(~A-PO$qdZJq5D@83~?>-R2Hb4Dp9cv6sL zZQhmj5B@_dlq~>`>Gkw}J&#kXM7s+9^K9W93uZDr4gr#iyZ3N!QM-TzWgKcs9!e?W{1 zuRM3J^34LF(r zV>)#m8aMgP9f(*qzJb)@OIqMgv1=pOAtPY-WfyV(?WGp>($cM?SgNoUV`iX?2VHt* z4D5~7b3m@?^qVp7q@+_$lRb z*z)fWvjwEgswAi=sSlZB3}!!3%x)iz;cP%N`vDQQ&KDt=jZH(skAR5CY{bMOk>Eg_ zK5A>ul@N9)rR=u0&M#HY!vSnDP)N8yZln_>1>-Xeg6@nBy`PGR)p1$Q5=pvdi>3x_ zi@8hIpHK+GSQZ6k}U=T-fwH*Rkn4N&YQ5DpeqFRkfVG&;Z&4%z#XknOKC z99d(t5M2Asc@mft0)xDC;GBejc?j2$I>yMRNGG#&>c_M0=^9*5sJ!d2AZq6g@a|Xv z?@sbIU##MHA)Wd<*WXg_TiR+iSNWRVflvy7gi(0vz_h(Kewc#}Da089;9uB=7bTGc zm{T>Zlq|aIG^oHmz+-tZ;&^Y_Oq@1dU1IW9nkp<7rKx~7avZIwurU$m5l3(Piz1UW zaC+vu`Q|U(lFJ;f!)61NDI|c3eWwB3HDL?gFN@zE%!4^kA-^vMQXdLdzi<9zdmVxe zv>`bnqr`HPVGuu7&C<2?>&wRas-SP{cW%cs8tlX&M<=9DKmY{6KVoGl^7ETOT3GjxpdWh8PY>V~h}6#3_U zk$LH<#P9T!Eie(7Nkn0!z|jdfZ&73dB)F*r||=+Jrr2QuHKs*XfQ|8 z!ALJE!fO}c_M>}aPZcs8h*jlR2`P z+jvdetJ)|TSoVQngh|OTsSk`kXTQAot%2ucKZ{k;`Q5F^brMO1wmNDGv}N@XnGu@E zjpA6+$e;I)ynSHqooo|KTj_JHeJFyUklY5=JyR4ObCJ})84tUosSnXP-pbd9jQc$( z3M;GV1rAzoS^uliM45c61k2~F!JoN8%Pf~1|CLiKlmBUD%CzP)tG0)3LZ1^YinRdC zNpB;F#u37+hphyBPq-ZCvv-T3B6xhD-prv&8QllK2N zAxV8jna3yW7(ietAhf8~G5#YWCRd^YVWI1cuY-uC14&;9gkg`|eS)%2NJT_LMMAgL zp&-4yE=U0VXPvG~e}DkP3SS9WqarS_0RhWS^`g@)>@_BdbXTb_goTBc zbmZ>is0actND{zI3~VSJ1~tX1KN4-s5hDX}-WDHfiZjydSJC1Z0!JLswuT_EkH3~T z#03pXXHP@Xf;<8P^g2inI6m@1Koq$zkAVQ1kOJcF`mvEe2(ByLeEDznk@DgShz|C( zyhL;}!0wO$^0Ig{Dx%x}FKhr_M!fch_`OK;0g&91_)NeG1c{5P)nFkpb-Vkx9qSfA zjlW+pG5P^kqEi37M&Y5RKBL}9kbq?Di=rSRJBSkBKb2AMu8Rf$K0YlpH_-Nx1o_7+ zv~7XF+spN(fX_`p=z*YmD4iCPP)N%CtL`=7>PTBei(lIYz4+QdP4ORIuTO|zA{hX% z_FsguMkB4O}fB8xb(k8BcS|WO+kNtXy#6660qZ}g+dv7Zy!`EdNb>&{jsB~a`if!PSOtc85|nkjR{Q@` zCH<$q0;&!uD$*wXuZ0m1yZ?pO|9=LhW2p6S#i*pc7DoPm7!Q3>-`vlywB_PJ#IJ3y z*(8c&0)Z$dl5)Ub6IB9C)C=mT5nz5^VA3D~Vbb^^EgFp<(wI>D5!?bUW<~zJPW+!_ z0hoAu5&Q$ZsD0dY@k3zY4GHeM+Co2*CMip*`PqNJxJKQ%?5LXCOtGxz`&uy)Gavjh zh&TCImwxZKhG1^6S;tq;c<-6`#<#c`9_+1Sweb>G{ab6r%#K4LNc6;uMlYjE1o(jI zJ+@wrgvZShJB=UkYl0{jItNdQ&Wa>mPO*j_hqN>@xwbc^u!e#Ve5`vr+IN9|`7s}s zSGYUPC1v4Jor;%p)wDA~>)&>Una|}f7c=|+X(L~;ca`6^kpF%ClwRY-qCrq)Hqmod zWUmR**;Sqm&9)4GH8wqGmk#7Zr7k=OSAI4mmawZEzsuWS{`bWvVY{9Gb`;N&+i{Re z@T3!rSlo&qHal+*oxNGigKj-Y$$gTbn!1t0Q$hT|tk2vSD#_wIFyQv#+&?{S_OpH| zY&xGgbO(8YFF)QqE*&ngBrD_SrqAmtf5o`!68r0yq{_G|6>Q&UBaPTj1IbMqbx1*l zt4QU?Pi=yuls)6OEaxlRTn=7$OzRB0RWwjr7aN@SWOd3vIJVK0bJ8bWGDvo&R12-u zC$YL}FAHakRPBl+t@X(Jd9UkH8-uVY=}tq(Db7BOzuKr?4?lTGLCsDpnZMVTZY@40 z;U528oa+usgfnXO$ zHX3N9?t^6(^t1RFcDQ-MW+Th%C~(Wel6B_65I)wzgKJqBX4&zbdckS~CKg#F7+?R_ zwJ6Mg4hjyh>vHNHOvhZzh>tcBZJw;}yW8(%Prj+%Sv#IAyfS>%a+uCll@;+M>54_n z(634Kyeg!Q$3cWN^7*;Dj~JO#9}jq$WS9KBGrSopSRCdL$<>rq(E5QqV3;ppo3UsR zkY%UQuC2V1NsQFBAeDUcwUNC)SECfhS#RYVSi^MFN#ygr(+ME)C_^HatzCz7EeCFNTg#QHXVgthsvTpyyvx)Y*?zC z^_$ouuSZ!`R?y4h?^&WzN@nL&VJrF~{@{b&*jyft{I^G!Ok<7UVVpfz(;ajpHP1)r z++*0{D!}C^)il86C`PaNN2ocw{ImLw3RDhCC%TMTce$tW0B$AvLylPQEg39wE8XJ- zk5sQ@e!^*f3!5y-X8!t5G%Or1=j_Yh?jNQ!W_~390bG)zsLt46RoA`->&wi+8Pd2s zzQ@#bN}R8gTC#PR$;cHoHFWUYw)uA^o(QU3UlAG`Lwm0t~0 zE)5GFrl&4}&weHJEg2lKnmCs2B+s%q{NmHg%*m@u8`p3y;~3#%T`KNoFq1$UOXF9O zGCzHbbv^uaG#W2J`8itcz(fI_!?&I+!)6-W0q>rv7GMgL2X1a9XMaY{| z+D89zbIRFbwxSU>1Ez!OyJ&YnC{2$e)Vh1M;H)3s?rI#wu?K7^cXqCCInw;Iy?!hR zWvv=qukz5RO;Wi0oqKQ-uEIz)_opl|qc3|`m^tBjB*!z>HFI(-?&>kmSg!E!r}^jC z+fFu=!mtdpNyAi6KK`2htXukIB;Mdbk(>XJkOJOhCCtr{;T53web;(l2T9>G;<&46 z2*u;Z(@OsiDLXZK^;_Y@riq+viWE|Y`?jd0Bc5D_kYX`E)nA?Hmlg8Kwmb z%oB_xjt+iwD|w1N%c}l88fqBt*>bzBd^A5= zG05E5QcwT5SlrEaEf(1$;k^^CEYLTlD)yQ5JQ~}b#s9cCg$NCcBK*rwt-;Y+3}Iy! zci`R><;&`4*n-R^a@8%PhZm6dQzODEr&v+$WTsJr9;UR>TPso6h5_da0)ruX&exjw zD7dTI+5dpjC0}LlIGc zK?0pOD+R}R?KWpWJC^0W)jR`CNl&96c3)@y)QAQ`DeNp20_f1zwGKf93^xmoWS2WH zK9*!hI>~HS=~I@)kCQ6(_fYYFNu;N2b(3-vU1<8|!Lc>0*w)O|FZQAG{Y#4K&);cx z3Cmq7YpU1f5NM{aW4a&c1U^n*&sh@NB%4fcXYH^ip8>{TdD8{C>TVQK4`R4JOK$JU zLL9H0P3B`GDrqOvuZ_H-xy7;j-u6(0(DIxew?<()a9l6$N*B^6qBX|n5v;Q;C^d3O zP*aJzAjQJPFaWY9 z(@w>nAB5!za9b2jPbu!%iY%${h2jH&;=;CGae961micD(QU;m8(6z~GO8yUuNUl3w zb6s})@nO^fLv~&DO!V2tm+jICxlpb&JP6`tb*tg*kCBVfKEZJ(*#OIZ`7sfzy`Kh$ zS47JP^;(-Q1{?auPX0#gw@MPv4(mIbc^oNbY_&?MswLKceCE0fm)kT_)~--!#x&^7 zoCGeO`-lkj`Pznf|Z z^C=!sO%Iqba>)mE)^$!VW@ zj87nwcu#%rT@Hoc>W6<{jFJ;CFPjv@s+dyt?jRA%}6oq_Isc!y7M`$ zPx82!)D#`PwDF@WVo9To<7W(|4$(Wu!NV)Qa>au_l6O2irw+4uU89l<-D#!a#)c16 z70wJ|XMcVJ?Y3w~vtCb0soS-qYyZ6d`!xN(&BcMK{=d!b|MLw0e^&L{SNJyo|1;;{ zy6WEm_N=J8wJ~XaaIU-%AQA;)2lfhq6(})Glou=toE8WCd(rOP)}J)Mk@4tJAejKQ z-sK0x5On)PSsy=EYX#BxH5A=wprrAOsy)0q<6<1fG6lbJfY_TFStH+Uj4iOZpHV-d zM!pCMVR6Wtg3TcBsJWl=a8aWkEDlL?D~PE*HHV~?5yVv7)WqhEDVB%`)*m1)GyXc- zvCEyf9`lA-yq1OZDaVVvv%B=MYSW5BD?(EqAG;}owL`}Crh0x)-lp?WnzH;tzMhBHUaD_YYVbX( z+^r3$gwm9;9KXj^2pQ!0$8)!|t4=-}&pdfmjSEi+`fiRB%&Hv}dW1>aC1*0d?Dqaq zu;$7>0ljVmP0-vX2QBT)p5%hp4VcU?@gv5^oS7mu_J_VnKLjRnKjKTiQXj>4)hCm< zM}_fZp>^#x$4ttWg7odt9|P2Vj)!-xzA4;t(=tEZn0jJ%bfkiP^f{`{_AE8?ViEKA zc3@mBnqJyWjV7Na5sO&jT&S*5 z!V)G9$N89Ma@3>a$GjQB8v4(Ffz0+KsY}?=*@HZu2quRm#xTl`^=PHc;1t!qlldtw z6U0UT^57y!>V`;zQP@HMw+aK6jx9{Slz^j8mbr|&i2nR&zSZv2(a%m#ewIDDv715c z-KlqLc+2CJ)tS$5YIx7=kq`gM%6MRG#%@O5-FF2B1xbb5;Nv1=cOxkd@_%*VayJnXGq2Ktp234tW)_`WNfvABlwFj~A1zKAAjOME`^$KP)LXaH z|CC&Gof!BA-dFl&wMIng5zPZU*DetXT_HpQdi_}Z?B|RVn#NjdG?!V2@2}fd2>F{cr(yx#w~U`#tz`m|I3{CuaHiOZ~&Pkg|gw znLKX>V_yUfqZJ$NEoi=Jp%Dyx!Q`FUS@;{XukDBPB<_sHfjL#a;{B32VcHBwJ28r zZtWbZrQI-f%tCvbN_(T_4ODD$!t$A8!G7mwC58ae%_kvu703fj>z1CCk&L%urm=-F z^3I@-T}@^%OPk$!BXJpPu4&n3*#Fr@{%J-EPXra)OQlJC4~fyzjjPHLX!_cL~> z?~dUR@$Ur7DsHb3-WHqvT-zhWGufZnpip!0?5Pnty0^-EZ1^D~+!SkgBE48T!DWd5 z77O_fHdK=RD@PRU2ALd2w)*Hn&a2Keb=7vJdkNLP{3}5LnMEXcx0vl-P!HausXgDI z$@ZNneOb22@vV&C;sxmi#+~PxID9dSqIx`OlHyG;zK=x#Q)54>`%kmTLXA#|ZnW^t zi5I&lx-eh_B!tEpFT*0@2SrhhtB;W2Rk$P^-A|Vyqjlm*n8h`baTj>1>~n(&Mpm>f@Bm2 zy+hL;Ko>HnWXyJz9oukO>nU8r=FRg+pL?}(-z-0iL)WjV-C55wBvNht6*Nm!$})MD zmdkF5KWXrBY09!9UV;iu?wgX|%t^_SR@E7a{B|Uzu1npi?vGpKoJQ293ZDL`dQ5gF z$0}^DLvmvz$A7@2^)Zz5N~MNnr4$S89*NJRL1D@F89&>z%#y`;76tHq$L!jEQR3UR zPTdo-EchJ0am-hLC+qx^DXk*6r}nr&#USMaP^IRlsa;4MOj9_K?5m8LT=Z!C&*}MH z?+WQR=%3zn+l?Hn+)yweSs;%uNi;R?gXcQnmN*cf$K5N7?{+$0blq^r@K_i3t_`l3 zx&s#{d;F3_s^F>C+gD_dlVhcQ8G`7rWqlc%W?z@*|03;b*#3;Mpaxvr85=?7)<=RZ z8~vN?L9@6V(_hyGS$_O>;u*%3@FmT3!NGV^<)BKmiy%uYl_kGpogdL0_CzEa%g zvT>HhsVd0HRqdAa?e=?at=>zxBtFVP8~!Rmo$2sN^jw~)U-mgHhsdYOEdOboMOxOO z^XStzu?}R+y&n&y%Mte@;;5q@)toU`4vrD8bn4Lw?DgdEVdMj@asgNQH57_;6zw86OyB;N}=RCd{|16YF~XK zN^7$1n|CWDt$Z~QV|{z9t0spu)AXd4`cjO9uZuxm`!G@OA=|q9)HB5m#Zz|d&B9hY zI^WWBgFf`RD@nqSKk@}{c+O($v#W+gn1n}AFyc_+Fl0RcjZ#(%VXnDMaT;gEAX+s%9cKG?Y@#SI15K*he z=C`W>+kMc-&u98)h9ga;qn@;BXK#{ZGUZz&z1j+wOH&Yqe2g+BL-`gnD;O%rldndL;O&p)XMmqyNKps{No#%pB_#ZP6(2BZXtv-KHQ{T^UF^RnfY+w0u$go-_;RHDp4O%f`#^`& zmsklc&MH}-yl=rwbr+CFSCfxhC9|ShOWS+z!*?oKSWj94b}e+0-fa?f(jaU+6BYve z+fpy?7i7G7X$L9e=j!kge<+&e$oHb5Z|0q{1J2{wy}syz-?zR^B~X3V+|BpUy&@(` zh_pdJtTbA%m(U93cfckHoqKafsFbBVdzCQ~XO5LuZJOdseqFEQXRK2e@6dL>iY-Qs zzA2Jlk=9AVJQX6fa^63jSd0u0$;NS~+UD4C@6EE~Za*{`KJxWb9lS;BtWsLQFf(QF zDJ;l>f~B?5i}iWPGVlFajipSje8&4_>HCb&v1(~cXfTs3cs`8SqG28s7yO>i|3YS? z9uX=ah)Lq;w7{XWRkdf;!@;CdSW9_CkLd<^k?Z~)_jYU_qG`ufp_n{sbTi9xzv3&t ze=hY@?6d&O$C-DfQk8M|8#fy&%nK&HJVd6`S<8#7GsNd>C3r3@Qs^BdD0CvfO1_;I z-5Ihjs4_m4BTMUeq4i}c++b1+ zcTo=LxGBUMh7oPg!(%;TiMNZfJ$pwBm#Z*53a7ZLdz#Hkhaqp^t!~M!&>51Q8GM1^ zrP~zQ_QISFlX8Rf~qo7}IOsx?||3T~${0Zv_@su>j30*BO{UiOx*E{dB7EWndvvsUL7&RvDj%t-$ znT1qTFr?gdUbh&HW#fs`;YrKD3G)+l-uQ|&^yCG}r_**B#m1`i{yam!iTCkW=$O4; zL;u~Er0hkI# z4wls1$W~SUb{?N`^F8JN-*g^-rQdNOTDkBNE}F35D5}xPC3c&>@#t02C7a9aBkD&p zDv^ci;$QHi#a^M^MypAK?uQ%sWw*y!%%H+GcOf%y`}U zw+6SGw)fpWym5}$o}%C1I(Bc~j*$cX-|%Gn{-AnFgu>(nQ2~Unkhr$6@X< zSU@0g?EKOBm%NVaB@1etTflcsS1XRr7X%b;Pg)4nIW>(<-tR9E;*|b=%RhbW`)&gN?iC-p7~T6+Udr zroW}s@X1D3V)`2|$SWz2L`*TH#TD~$CP3UBB3`Ok%0pjcpF=_XfVLTVT*W9utsf@u zl*p4|R+i=x45zn11XQgt3l2BKOIp68fk3YbYWvBb$3L2zAZg!h=j2YbVPg}U2Z4-Z zbi$sx+CaP!gGI1v&PzQtUppj=2;2+F|S^ zZ@_oZ6C#~kUt=FCz_gyty%hj;(eeeEE?Ldc-(zeUynh>h|2_KGSMMHxeCzzr?4nO% z36{4=ct;tNpWJ!Y^<=#hP{jbzK9IQD+&A7JZ0FEO^H}*L3_%l-e`Tr6B?;XrFS9xE zm#|v^XOk%A$Ku^|GZy%}1ZHbpC$771okQ*Kq-Q+<=G&Rj{Gu}u_rb0ESOD}Ft(Wm( z-$&`f@i{k;n%Z7f7reI&ey#ff2gZ4D%PZ>}S5&tj?9Az1ODk`XvU8}fIK$2SK`t{w zE9paDFis;{fDf|FXHNz)slx{qoSq+Oj^?a);trmK`v8W2n6jc*;QKG#TJEwq{tm8f*!tqb=#yDp+4@BtVG`{@x$^h}%_M1W- zAc%TKO7VDs_<<@oa{O;sL##<2>IKrUEOZEN^WVFQKC7 z^zc^ z4uAW2mN4yUfdfnPXX$ysiU8JRUGH<3VJ>^^^L=k!7ms&ve1iOMV6Q9?&||Ogitn7( zgvQ?3ro;(2F4o;b_m|!!+MkBy>OM|>=Gs){Gw82%A}Emxdd*ygLr;B_{G_K!Cg@Ia z$`kYPPK#a%QD>Pvg&SKaHi4X+YbB5DdGi!}(n}P2?!{2;`N^1ur>bYumpW|xI{BuW zNG|MgYD|%SpL_v~65ZEg;L2&mmO8Sj=@~Ak6+p)bPuD*5ZRts=$NP8O(-hQjnTUZh z^b$7g$=<$oyY5;Zr_S+>$9xsN`D&hFo5?-wW%*p__b-rL&x69PSHVzL@88wW7$S%> z90k%7NVW7vW3qUieP?wxOC11JycX=A__Tmds;d*@Syq0?O?~<7CJA_|xu zFR;QoLjVYAfRaype8*v%vXyB#B^AzBI7%Nu&dVHJ^g;Fhj(b`5c5}G4ydXe;02yF6 ziUfHDebKEuZmzMIxBV*z?K6$jY^rWtprW^nW9<&Zqv8706@;uU?;m(yNw$u{2Ifj+ zNCj>#&B9wXt*&d{eD@&8%-M3pzXJ@4w&PuuzwsBe03W>KDO(u=j$09;%X2 zCWN6cO~Jdl@BGy%>8%N9-)1;q5D4x#&sGTX7H=_@MgnzF9IwJ@uWXury&nFO_cOi` z#n-}Oh+n}}ypif)PS?=F->}){*ft)>J=_nxZ?y&n$f8p!x~RKHlGg#wz6sr4^hNu_ zj*m80xS*pk-i`$U9GUW+(I!{T(l%vNSMLsC0V>Wl)r3j)z#IPnopQQA9L0zXn(=WA8jQ}&`=Aq zG`2?d@KD;0X^j1w>eI;GU z#7Kj{lvDrXL|&Syx<^d7Hb1E>>$=__c2Y|oA_t-%GOv7IZDxffft&fEeXJChKT}f_ z+Y7m#7!m#j72nsyo6O65X+JkXK2=RM@q?XRuW@eMVp|qH1$TmV`3H0`jQCICuM3}_ z1#$Z!()jdg)A~fc2{nH{p*KDIp0l(BSR=fA)nsCp%b#^gXUgB1&mrYIk1e-Zvlqs+ z{}#d^Zr`F^`N^+@F;6!_s$c5Cbj>Al{l#oD2${$g^gK;8B7T?szOrRbRcBEJR0b*1 zXrI5d-{GiN$Tyd@klhXWWeJRVvINJcPD>COwVKM>XGrDLfhqHW{umI@YgXrbNFy-1 z^mhE&-)ai-N{6$_@872*$v&?m`y<34kX=~Y;#^Yvz1t3qliNb;uLtS>l_g6qpES0O zKllw51U>C@RxRx&oX~O_w8z<_#cXp$cv7<>5wNB7MX6xApk0Sb~i1F_+ z#!p54DK-s{A{vLMEP;V9s!PtvC%u_LHndC4GDOS5%mxA_h3fvDTD}2RxHb892AZXi zLDkRo0+=b*>3SF`&jqClSXX3^yj%l}C4tzOu?IEo4G>6#g|&=ah(UO8uB0t0&VjTS zB?ZQqZBJBvhSJ7D$eVO3@8!PIFtshvRWbmdc>ibJLQI61fN=BM{~D(1YH^D1mA}W7794+ z^?w0oMZcr?04?#Kedx%EVSQs^eBnMAsJByUlUiXP-utX0*9s8D4KOfdR`BZa;V4$u zjO<|@MywFWFEukMCiZL9j8oeMk%3;2lj)_0F2AZ?nwk7@(;W)n?)C9tKy6wG--)lV z-7_+i{YaR3)f4P_n3qdToad~@pxB5A==TNcA|LvXO$e!pLPy$_B!K8*b8PI}Z=#E> zOyd>vM~6}kn8zho*7;B+rRCkRmx^Tr9XdzYUIys`gZImMB4lTQ2XhRH6*_p6^T4Ti zr?_nqiU!POfroY(yv80ks8z$mO73qVIhN<12tu6zd^Qzar$EM@=`y*|MmUqRM zYy)8yIx(Gw`+zNClcf7{wn5-Y_qIg9r{4XjmAv{TFg$?1!fkooI;tmS>7-;8^XI7L z5|;q-bQ}<}jV5t3i(ORLdhT=D1k!+!ZWGXeKdXT&gPODMXOMHO#rViW3?ytylL;>c z`LK2X76>%Qb}CmTpJO65Af-`y@O~;6fQTF}>d3r-i4H&--LY(UH%7_p)U0~lwX>MO z1{ihj_Nilmn_u6X{`u!_3wcI1Y#VzYC(lpN4N?SQ11fjXFL{()a}7tQv8AkL8y39k zT5GD(Tn)hwb`?`1SwHO#tFkP0CtvWECf5kM=^GrKHc<581=8zkF5_xntDa{D@S}j-;pv%L z?Jdu^86WzHeFJR1M;sbn~45h2PXW?Lp#{0cKnQu z?;3m!r`J|Z;6l5);qChxb?2@>9PFIiOg4iqcMV+GX9@!sOIDm{KbT*$ovl%TE#5L; zmEUJ2BI?Fl-<Rkzs^@<0n=i_2{;!C`L`>PPlbg7 zcI&^ks->{;NP@2>o2!L|CsTzVFbmjSirRfyl-Lc~5x+qA8fw3;>p+;SRZOmJ>Upf& zY8ajP%U}fVR}IhlZ^fsVeWRi_xNG;QtUdEV#uar#E%KWuMoKwOovwYwkIQ3&nOY^CD(RUAnbk1_s(e?OLsdsx>;W2Kh8QLRu_N~dXV)2nvgNznb!0)Bd8TwrJ7dUfLv zP6mz&z_An5=S%c=X41R^sCz2AWJ7EorJnZI`XrPDC_)&!1O zL#VzlQI6!V+pIfLE6#-|urcOS2Uy}wg9w*h0SEpL5&Dgi^|rPcSx z7YnyLP1u{~tpDz?uX;f9KP2LXdt$@+s6wb@M zHvyG+fOn}U=yE)hBN8$9#Io%DkFchn3Y+Gan!55s6jL8EJl-i?Y2-I661DQd21Z^E zthv=6e&Z!A$lsp-(4Sg=)6RJ=9L3($68L5?6GS_|?+1N&Uf{(qGq5TFm0SN@h985z zYi(y8R=eJo>2y{VZS+mGhU-1Ll$t#SB`M!~I48!SKo9U^%~tIFQ*9cL=O z_w=v*R`y;uI?dEV>E3fK^Y@7&;Z?=5u5OCzy8g#hN%Velde%Kj6#TPF>y@u4r*swu z;68N#Bw(xr%*@2rL}|LyPPRl-1Ua{);2zw0V6(tdbKl|TxWoTo>#gIW>bmxEY!pyX z0i~stQb2}AB_sr-r9}j!hGrxNl$H>cZt3nAm?4xD5Ri_U0qGtjhK}DJyr1WN@Av!r z=kPgaPVBw*+Iy{at!r&)$NC#wx*nF@7qVgK|3f@iq z_v=E@S5~UhMh8RaEc74}{R0+LkXUPd5`EUrXL5hpZ1TF!!Ip;QkvoDrGGE8T1;K>-cpCFA zPH7q`kmI!Ne~0Eu;GvN;eyA`@@Lx?%ET!yLoBrLis@DqS*Y5TCT$tP5`t553!EUcY zV~p-e;3KzYWBT&6jCNx4hyL3asxlOP4^LS~a;xi$IcIG*l$yh&|LS55FqRGwf?0(r z$-p|>FSlY{SNRdyVr!(W*m$9+z{A7lz|#>X*w?PkL>Nuay2wPWDh4e~4bz%s4C3KJ()qe>raK$Z^$aI z>uLpS5|C<0J*v_&z0)a)&CtPrm_-a0&G7;{&fOI|=@S0#(W=5tRkIoShA$@2k$0zv zhkrYkRB61UTZh!!qjd7!M?A*@1m+}~FX<*ac-=#^LPHE<`u$ALjRQ!6({TaXz<*jq zmI{e(JBdxL*K$7e40ONo*MqT{fqI{y(2=qZMTokZkdXWdf&fHwCCugR>MgyXNBdC3 zIC4-ChFaz=E`M-pn)j{k0$zihVbX}mF9*cZOSJ8&|D0n4P; zc7#CbT7UEfSKr9l``*2vS7QSw8>jg6Tu%E(C+@5MfN z4;C?R>%NfsQYJ+3uiL0!jb=P%(t4B6k&$=LEu|9aVrGWg)>~Z6o=xRNP%@QsmuIV` zV~WIIzT28+M2#bHqKm7D%o`k`J>*lAB-mBz27A=*K7IrG8;eqcU_c~_i!Q;jGXo!z zq-A!{W;t48Ytpoz`=@}VeDo_tvl^Dli2&el@1on!I%PdpT%8M)oSY{RXCRQ+}m#i zRxugEBkJJQRe`Nb{!}bdhtSUb85PJ=iwe3RjYt-o7TV8JZS_HcNDN112D`D|!POTh zFc_roTD6sLtQ%+1_ldhDvW!1hi_5Jv)zw3nI}JwDuE`fSK$HE|yC@g!+Iuu7%ZZspra(Eq;EQff)ayR~1Pk_{r;dGe}!kv&7Z5rVPK-Uc}Mi zOX%nS8)N->rUEYh6J-4>`uf)ic=SB5wG@OqLx$jfXp~Z(R&5 zgm#ly2N3fFDZo&3G>bb8F+iNSI-UJ?)#pTKVZMHjh!2K3NgZ6D^V0vkS)WO^wmJAJ zS+Z9v9mfGH7NaRV8?>#4&Rdp_I1*v2Ik39>=;NxCfW>pUK;(@l4Pu1ge~RE5wFgEV$l+E`K0Z zk5x9APK2NOhMzcb+bJjVA|it)F5+*WyC1n6NahdcbC|uB521cqNR$TG^x76^P;r}$ zdY7VBR+jORK9lkAn-6Ll1d)rwl~~BSy>{y4rJ^!SsfBbsIntk{sxYyF%X*MvJ$N$K zF3`4ekY(S3@26U4G!u>;M4abN4eAsITU4*NzrXzL_>tFf&1!OAah*1eh`OUFpV#Gj z!EVsR!?y&RW{tJARjfJ=ELeHc0!Bp2(>Z>!BspB!_@N6-ODpR5_k-1#N$3y~U3z3O zhLsp6UtLpPIz+tgy#OY#S&?Yk+S%-Kt8Yq9r=9^56uTNI6`4JAo0BV|uRpUlJ=3Tz zt02-5UF+mYm|LAd z-Sr0QQ7$Zr z!O}GyhHCGO`2|Nj4USR@vx&=6eVkjnyBD%CGR2{q-F-W<)MHgm&0jXX{>Di~1{DP` z8fm%%8oW1SE;;XnCo58P374O=KJ0h3DDLbuN)JvS-Gdx2?o{w`KHS3#f8jDbLDAh!{;w^4#w?2IH4kbH= z_ne{nC?0z3UVx5K1uJ4MZ? zeGj+0Ftiv&d9|tW!Q}JQVP<|DJLV}@P1E8$_CQk1dIy;RLDUr#+5V+&jZfWg#cW)1h}#~52+-SaioQj?dTZ~m7>u8I*`b@sWx*xFrw5qk6DtiUIh861c z!oQIN5vqzYMtPZEHH~TypnEAW%pE=|{R;V_#x};z|BQ@;hgEi>$c+)KU4tRCRme7D zvMIAd(6aryN9)QYkl@)B2Ak&?XSDs7&kqy!XUXk?L4WQdn9yz z6)M}-6Jwb3N8EAbgv#G2s57D_3To!jC>EDAXVCVm-^3OA5G$xt538BV;=}!${iv zq)!`^V9!Vy*ffDUSr6a9U6v%rU#Icdn~in}o2SD9Or=M{L)(4N3`3SS3&k=f=bebF zER~M=TyWlDU7b*Wxto#F%{Ln3@T{RkrOS!=uve3u^k$Oqn#eJm5ryd2#8@GBlznj7 zCRCLD6a-#@tCZZ$x#rYz)Gz~&@Qc@+u?XF2;Iln?Rf9H*X|K=XceNp! zH*yL~OzPVzG(OSOU}Yrst)8VS_Oai}sqk)?+01{ItCjy7%fqLt(mvJRbWQ&`VMyMc z8N2JTz3Z~`k=|^2JCK5fdzt3Q9-X5$IN`pe*?H+V5p0t~(%YfvIAY`=Zr~T=7wWKm z74NR}(QM$C=hmZ(7grA9+4xJ(*2>2NnS!3~la+7hp(wZPgr1H>91}Gav{*Ss-NGmv z7z>Z3eV(v2^nAV$K>kR{isB3m#L%<0sc8rl!1@|M03nihhM^YO5f*bg#+AQC_BJ{*wemw% zrvtAlbjF}~3N$toiM<6W&!5}dW1lvbl`Xr<$+3;&5tIEdPBZp4&5r)Ytfsk6z>5&# zYP6P)0?IW`RUhxV({R)k%c41824+e(om*hgU$E!CC}Bk82!K%m%PN{f^#!&L{o=k| zxxE8~I2#2&8o!R{f*gxJXeQZqe}(MNg;xpaFyLNz`^-!J-p6Y<#v&n!OUmSPSG(^g zj?aEqxNs??;!J#IO=>k7*hR7kd7fO^Sm69fC;*pPvS`|I@(Z-Hxm(L~cSLXkMtx~v zP$4K`k*6x#I)B8KTWqEYdv=MYw`9Nnngyk6j@b8d*ZmL0PjKSH7y^d-VHOITSl#|+ zP@Z+6r=8Jz#kI>8ogsDj*kh*%HB&(2KJL~Q!xYp|Xxdus%0;fNmHp91)t$7QD!)tX zl|94(KKX_b&Z?ZizWkptJD4IVCZVju0$2%=As9xBx;sw>`O$t4D@X6HKl*TIVvYTc zn5(?YvenwSXL)V(bJeDRYFe2QEb!dY;T~#p#7CFirY>>eBXE*?^Q8Sv`-1Vg#x4(+ zH_!mRt+a(*x9ld*T)ia=+B|yvjj}8x zdOeZZu0?(+Z4llQ;Aw}WdNUmQmO~j{SBB{=UbM0Mpn&h^lW_V?NGJeNoE&DO8EdVJ zF5`U~jw{8DRm{f47nkytx6ce0BSf9#kn3{AKEGpbAw0|u6S&QB!;|)?G%_K`*Z)^h1BtOzk zSo*uq)Q6g8`P^UkjT*mLTM_5tp>kmrIzGU(r6<#hRaBa};0~O=D{P&!2iKlmZ)A&i z{|7{Sdi|OW&mVv?x^~4|qVNJwBF2p;dA9P$Yug_JJ4^6=$E?Rv>NXrn7`{CHxD~b1 zh`#DD#jWvpVQlaa-G4-hWW}P^-s*5wxsmO*)Q!g?o(C^Sx6|G*~UCKqZtdAR@#!%s&u=b92)VAH-KUF`aCF76?j zih&R1u@IK>Cn$7;D)Pvr8i#z&mjg+kPu_HSU2Z=1nM*sCjVsrJ{z4VYCVcbz}Lc3u6zP0#RMW@c#mTU?TQm zNj=Vou2nF9?FR|2FD6pZqgRqou;SRi*|)q85S?3!qNvykO`JX%3z(2JHpob zhoizR8=e_pdM2tRF+9JDM51)A`=Kc5gh2#K#9DzG%mvotJ9_4k)O4Q`R$DVyOjt+k zk<&_S4U_op*WptMwJ~1P;duf>q%lX3BYt#8&of`8WoKOLs)SD%YW~U1&fsf^jHq~v zwkXttkyKbmb6+->cldr5L&m%aWmcKDzBah5zH?sCTt|13Q$!2N!^4re=5BVbGML{s z*{PT#>p=J@B3lFB&c#jP_XykNq-x9dq}X2qYYS9x|1j=iFbSWHYR_OXJ_LzcgwO%- zg6MiLK^%hCR3nSS#%mop#kkjo8MD&SUh5>r^T!)8P=xlS@GT$v`J_n~NPlg7^Z+ye z0m_Yp5oR~0Sr0bkwnscdv2$?Tf}tx(V7>q~%*#dL#U37{M8S2xpjD&Gj^ZR`YY~<% zilhe<%tvtBS!n8TV*rj_Pi`a=-8y?=UZ@KT0co^JJ3eiQF!>4NRak#d+*Xw~Z^3DD zHP#tI5qQc>*O2a|-$=VzsK|v^jmuwrpIKF%+qQq&`>tGw$ zjG^a<9EKJBs`7n?tLo@ky$k~DiYS!75eY34z@d6oMj!^mQ77bMS-zE=JmEAf*W00d zU*dI&)owxpuDYOeM^6e?&RwjQFy}(2ENV1+Bxq+hH(f(vhb3|53OqIo&@?kY!zB?% zneO(9RNt+I^s$SVrcRnBq5C2c<3k<(0>I%A5FJRe-_D3GNt>W;9M}zHq1U9Q z<7hR)YJ3G$W~1o3?;S!Fcs~vlIfkD;n1 zW+8R|yw@H7#d(5XX|2Kdh~Z4Y5%rVBc$21zVShZ}uIa!8RyMLi8R5GNg2uG=FhjE+ zK_iRBHw@4Ab*=K)d2o3jC8K?QInc-G&q6`8wJkK;;|(LJqY`q4n9MGPXh`W*5+C zM&aik4x{|WIsi)$bL_b3QKP?5S(1t>d|^_b^#0D)c` zH_ms0wAF0^@Y=K~Xuvv)+oHBt`+|@XnV2M3_z*~rIcf^mNdzJqAa}h}qFevWe4g^^ z>DqqgnAT&U=9-$;55H09hzLJRJSL{FmBvXIW? zTb0jRIP(`9+OGAlcF}Sy1Ru!D36fpD1SToKV&2KXAQZ**OYE=otA5-S_M|&WIjN@i zo(rvYh}{_KoJVsXgMg<=+6;86#xUiUu}d_-XgTmNj)02^RKpVi0EBHZGZ z$z8s}n~uZ4lihZSX!ZuF)?XG5H#4exLP*rekq;Bo8s2tq-%x5@d2!#_8YGtwVSl@< zFJ>BE|E=>2|6qIR+C+-@YJ>}0wjx;)mr-enHNiVZ9OvcbMMc2K4tK;;ZIafMj*(jX z0FU2Ct-Wv!!V_}r30z`d1q_j;baRrlY-{ z){uds)##cjjL2f3RK-uM*Cy?1VXgRLUcQgR-`1cj6g(b?jLvYYrT60w=*%qi=b!;> zc5G}LjiOC8I>xJ2H3|K9vwgl}nP_nA#Wy{?sw9tsq+S<^zKW0G2LQfQaR~qs?4dzE zOsZG6?8%RWFkVRgAc9W8kEbvlS0EEN*0}%ej4zAe~ z*Oi6n7PVhxnNdD}LX4{oJ&)YoIu~)+Oj;=MH!N7g$gs8poQSj6ZZTzF)cObio{dbs z*vv)c+QoSM+x$pNYlFebWx1n+kiPF%?QHUd3iOzlj+3P=Ks$V4VCas;^pEul6KTrjqznSI)1RZ%^FHLHVnbc;MEuRBycs&ats- zAQOwW9F3*^IAU%x%sIG4H~A3y53CNDpM)^K#rSwC+N+syt_RYi6qmTNMyak5HXp!A z%&ZbCVV#S%KUjp`83L=m>kf7!`Kr60!t9KEO^v!)=5XF3;u}ew_5Rkn2N6sEgliL) z$p)9jUhpHfVdB1Ade5^mW)Y<%p9L04TT$ztfWr-vRz`@!Y+=YXcQiy3524)?nN_N&%x3fpvDu(4IW$#EY zK4yfSY~cL^%dbeFDi@mf0Aj;M`&o6ZuuG}kz-?r#h~myEoIii4Zx)XOn5gILR6+*n z`Y<-~(i(pG$i0G>H`;ycS9Hzosj|)tm88(yixTxIQBRx2owWUUiKm8=D{N^?{w>dZ z?TvRa+p?ajTqwERIRNM1WD(N`xnLkmAqU9t_!&I=mKQrdA40_r(|>63Jm75_RWft( z&vSJuC{$a>GVz1BQSa&IqWt>9HN;T2|E9ylan~Fv+^P55+@=p_m9iB@*6u=XB;cjQ zZ?7XG>z8GzVMhm%IXBY*PyrC-g!RRMyLCfB$=5SCo`nwn&}0IV(DL@@yCk?Tkkt+HXj>9IUc0IuO!|#Ai=aoW#r~XF-O7 z>69lF2LAl>3lZjjo&3FadWFDGB0T!f$?v$t|9R$Lzx?Y2+)WICJeL1_^nYIPe{cIg z4G6k#yA&D{{>I}0rw~Qf@6$v#Ar11*|GHwSssE7oZ4RFvKs7y0Lp)CV@Q%Nfr^=a0 zE+ni1utwpL*pOd(E_;S@Wc349f-jgY>ULAgVlaIyzOt5mx<+FrQNxbg|eSQx9 zjx&}fUhcH%H_o3vO0o5Z-qeX)+ju%V^mK4Ihz;Jo(r{oFKj-xJlHXUG&|->eS}+D6 ztp~aec*_ZUdg| zH72kzx2WHLe-EFR+t}kE#)KU+gPEG%K+JkImR5oMbezw>KkXNj!^?yBLet$FV;}u& zOwUxwuANGpmEHYR!8|{H7_biueG`s?$#CEqFH)-x4RJqVyd@NJ>9pxYr$_r8)LJDk zre~(>e)TOx)%^sTFw*~}OypmG4U!gjtVc4KGJdfCAf9smuWJ51E{hk*Rf~U|--B#bEpcZ1uR=XeRH9>fSZZy%a{kPJwTE2k%De9^S+IU%pu|9Z z&-^|MWEybwyhxCSZ*-`iwW;kt+D%YDT)=mKVbVYvzfzdh7o&^+=q#86&mF$~UcugF zJ^V*M-<|4o<4gO61b=uhsWq66gbDiha$Z!mn2+lvJ-(UN;&xI6A_F4-RKm;yGw#lP zUsEDp_Axr}1a^TBEYAyk^3G8?6f^h9_o-y8A*KlDf88(WE6vr2ZhUwf`maxLZ;;HX zj%AsY3jL2{{+QiC=~Z}0P<1b~$`i`^wGcFZ57^B!aU2N zC0|CYndcN<+1{cfd~|)`1=_xarR*MCF7#c&2zjt`%)6O9K!9|@%3?~Alk7eNCR z2n|HY%+*bVo9wK<7_B*|v%gwLXxBTn2_wauNslr1kh3splbpBDeq~WjQHkwqbA>7> z5fp;y0iMi38WS|qM`*6n3#00p3x1qcPn>T9G5m&-tHDE-4bL4$^;1(oFk#=YK;Ie6 z#tvs`Z8)pav_=BPPhavHo`2g~D_=od;Xn6?g?m4X4Xq(OfFb(@30d;5o`eE^0~o=P z_oNZ86HaN*CtHQ)iCsKfusGT&Kz*pD1(U^g3L1)P`7LL6YJT1q;(4eX-FHzx$sC%n zz(E0%YTE(gdMW68(pg~0F2c^CmJ{ltI3%s!6J7uo)f?T|lGG7e7|F1&C}Hli2JJRG zj6M6OWywt8-ZBL;yD~;$Bm2j9s6xU}kC_(|lu0H+3;!b~VVqoZ73#6g=aRlF+x7^W z2Ud@~_?+?|^G$;;$N@u17!V?Ij(sX?0S?`{|Fqlz2>IMQzX8N8jXMpkSN`u0GJ_D0 zn^9(9Sl**jfo+7bOf_STs$G83!r&~&v|K6U7h|^Eml5eQK_?0$jFYj;4}-*Dn|6~4 zWC7zZ2w!m^5CkTnGEZvIot2W_#X}=Qm2H(2cZzg94D^pwys1w{=cbGtr*1i92um)d z3=UP+TWWaNpvR~~bSx50tQ$j4YF~tmO`Ws_`%bTAKcw;?yDmFnQ!HD`97}jHa2h6| zR|>5@*5yb&w*A4&)%3!_U*1d7xH><^;J4_s&)ssR_155!=B;a%Kk+oI8TEq|o1**) z)Ynee7I08jU2ZV&3@sMmZPrKBfd#p1Q$Va2K`DV64C0n&a;t->=ysOd2kOAMR{dAD7riNB!lEd0fH;VxsO#@U z5gIwNVOZFc5#Z<$`#TSk!)~&OSN?m9fXUK4^F<6T*tS^`+d;DWe_z zM}sS2HIf=U^>PmSa7Cb7HuyRwEJzj>(sBV-K>j+86(Tj;a_pB$RjM>s9lX;PMd}Bf_nReTX+6 z8u;TMHei~Tw3WlS=jvWZTyTvCk|4(x+7_0AO-y(iS%MJs&aK8 zFYUfJ1N~%5J)vJOZo6-q{t6rY0(x@v6!!vC^Ny!`bevl&kSH#m|mHa};NVpNuw0C%4<4Fa|>)1O|AQ+JXECz?ovv()EWYYlOf%!G8 zJmIV+D(GkOg^zz4Pv!XH_Q|VEuo#R?U|%_${O?<>wX7>_dA`c7QY16hAiN-XVTQEY zH=o_)J1YfyFlKuk4RY~4Cq*FoHkztU*!!l)C zeMBK=GUw|T-V1~wX%yQsPkQ!X;dBWBi`695&lbzGM5})ZxmnqD3Ck?7MFn(;9F*Xb zA}68IEy@su9x1*`J3jcjzo2>OKz_^?pc?I9ISgHOw-|Np>UDWP1WlYs&SAn{$Ckd~ zy&eYURdh|ls>BcY+2o|Q1m@^s7BKmk*aOCIIX7VoK5!&|GVcZ~e>M%*wdiAfF()mi z+M%d%W~MnB^;v_BiXi0ceORQFxQjvCZ23hSz0Zl2CPU+Zl%%|ZwEEMziN?|&wGA+Y zKci%$=*?dLIpTYOWa?jE7#H)Srn6=!!a;u4P z3VJMMST4x-R}}47(Ic0s09}uxz5RQzwhw@0?uWXt1eF~6NGK3uB*W#{cQaJqZRY=Z z;22V^>1LUE(%I(I9}R$!jIiYbZX1s0hd%az@%Q8rP5^eUSpKIL>QZ2A=(*>a=Bq|mn?eMH+_!< zq^M$QbL)hD8yC%=&u$XQsVU`c8rRFHJ(yi4VHr?fxk=Q^=$?POJ7oAPi9Muvy;}_G zZK_wf;Xad{VihQo)JG2^L^)u9Ti&D0io^>}cw%doeozKArIW4fK0dEIhH#gcvo(wCi#Aeb&KtZYNwXT zE|ROy4qjsc1O70^=eMLyC&%l1P3leh+}g%Au$^6iKHjTTT0}|m(|!#^W6v*6yN+2C zTzUHi{qmA$386Doj^u&3?Ewv>7G2FC>ZkOz#Vj)V`}H1+nSDxp?INl}MNuk?>`bc@ zeEH2uF!#C@<6~wxKFWY7u<2nA$FX-SX|76=6=ro6F?&0?ExfbXpqi;rj}5=fVcdld z^V(Cg{Qby{Vq&p><1QuT#uF*Es*7aII~j)g(Z!X5Y4Y@F8-!3fr)ihLF7Er{1!sbbNZwAO)W zA~27du1kKVrh0qWvSx8@_}$#IDzf_xQ{QbjjMK_CDbsG?i@nF3wY8$e=Y^bRP1bur zzTR8RW_fsx$6z~!}vI~0KJ`&Z;_TEC82UxY zh*}f6>(-y8Zjw4oi(g|*H4z3iKnzjQyium3{FYrbxnCb8gzxW8mrg>bOn;#ewMObe zwI#nV-*~-VyEpgN9-ZxjI4X!3LJi%8rCKZ^&%G&A|uo z4JEG0yL-2Qm9E9~uqKUv^+%HhqzlWzpi$S+xmn&Koy+;|EvxoLeDjGnf>j6p1=Jo* zIp~O^sZ)?&#n*8Y>YpTC1FPc^v>+!}F?)l5$Ba(QyXu+3Ip+EPSkxK-l>@L?t4q^R zz)e>h9|MI0ugE*@CzhmwHGn*-YXYVx^0KGZv+@CDO+GiQAg)SZMmDYqWHp9AUOsX8D}2#DjcvWJ!|nn*X(x!v*jEk#N;($B%KusWs$$3cUq2*#_XCdF_IpO z>KGU125ui9FfyM>J*=+LYQyyq-AT%rE=Xf9X_IG?sFt_3ySogwP?p4$*6XNpnMY0e z0EPBG;fjii6ErnS-WqOb{eZgcy85LEc?A}t1M7V8weVHKsCT+lHa8945Udf6d8Ee2 zAskNYZ=fbo0n}{fZ)_Yzy~TcVQiW$UJU8HVZr$QuADZXu#@F`7Zg+Mk z-Nn16XHLTcEN>N!nQ#wc{k(Z@A+>J5*AsCYeqT725(P4zAuRqq_fF_0-25G(p#DQM z;g*ZTeWje74OK1hpAnId+J$ZmIY5qfh@R;4>oBMs+4yEZ<)hh4at!rSo~^2&o4wID z`&h((@r#{7Tnb4zRfyMUsj%m*CZqu?S1k4a8Wmm5 zz*@yCTD`lx<_JrEe$oyI4>A*0dSY^N0SXwN0by^WgXyF4lndTT!^SX=A^6Bc4*{H1Di#eM81sGnS#QYWeE{c}6BW|9G> zA$M5hsax3 zw1QGx-F;BhYc|gnd1mT+G4~&5Nd8Ta!5u03ss4PGd*d~YQM&Rc7cNXg$?H-P-!!?N zSuZfDVOBY$dXJHGQVe~W1FMt4!LQZ$YY$KpmZtXB!&b%FnU)vGktV`Q;`j3_pddn@ zioYhc;u`!(*p{c`-m1$T$$O0O*R^V^V;h1>{?dUnwjJrSQ09;H5ffvmVSJB{aa4EG z=G%|D99Y)`*A5cCSSg&}Aok)_XG^?kxFw&FYaI9QD?IwG;iwN*OHZ#WW4rFP)UV6s z!adx!7pGb_T;d@R6_r*jci09=l$8_={>Jgwuv+%^UEPPE_E;w?0{+K4g2SssJ&t{T zj6nmTs3N|w^b}LYE6K?%C!XYLeP335b$OV|#ZGu|0MMH{Vm!+Y#gDu;dTxUP)xYXv zr21@l*cq(s4fEy*6i4p-bbt1aZn1Z#CK)#kEPov9SDtuR80;k`ZQ-v3jjhy43gC#B zO^SR|?ZYpvRjqn}R0!tJ4#!UB79EG7;A_ywTH1mufITTQN!B3yafSD0M><_OU`$L6 zcU*7DWh~VCsP-k1^sQx)g|RcpiD_xLe$d;p6cqTPONEZFNsw&nS*LTG%lM8hP`BxQ z({Z(`9CUwntP_GYTmx zhOX{qOVzZh&v!+f?BP)A;S7CJCyTB>qjWmrS&XQM3Tl}J=igtNp`P!FIY6p1LPWyS zP`MwpTG|x4VwV=7+IP1B;p+O@f^NNmN_{ZO|2q~bF05c{zFu*=gP@au(M|%Ck}DZ8 z_@LSs{V~57FxoZ1uDHLJSm23ScDX6GK-V3*OiuJOq-5n2qgkw!-tX^6`(LWOhX1i9 zj)*U&JkDl4sJrBVM>tbx@6m?WWWf8%$w$^>Ztp zXSN%G)>WCaIV=vKWL;}q5fE`^9~btwNXe?U^LVc$@{{NsF?>6b$x6%lOb632qA)M4 zE#tncu?D5OSH+K>}Am)LyW@-JsXyq8AiPgU!>3x9XH~ zb2T@MOr&jv49&9?f;&IbcNOm~q;LEfEA}$0AMe_FFT~b@$Ca8E>G<8$^hlpL))r&m z5)Ai3Cj8+u;R(k0qO2NxASS$@B8l{lx?d?QZ z%v<)H$GH2q;IQYct~+WD78E<)aut_76xtAnPjcG8aE}$+>cCjU6Pr# z8^`A&A~hoCU3)6c0Ue{@W00+C58fHlze*Z8Ny--G7q6-=G5e?Ji8Pgr4s`oY!l3ER z)S!;)1Upznn*tvaJr-$m6q2@hQ%XHcJ6Xg_MXF2v1E@p0D2f}}=QBO0ICeMV#nv$> zYn;q&^?w=?db5 zwEeooA2dFCPLr+5HdTj8c{s&H#xgP`2a}aQk~P`V54Ib(xvpRJrY)52c9+E28L6;z z!>9M8?{n!OlaAY@kXM&SHIC8@x>K${f5w@>Aa(8}TyYT9dl(8j|AP2MHfg zx|t)=fiw*!)l*m8d@_A3mozav6$^X2&hR-TdGQb~Im1XbibP@v)=lApT9*@%`1D zUsxWyHA^#l4MSq~o{8l;6=N|r|B&NYS6H~t*aRaC5V)^kHi}G+v$<|>j3E?n`?1Ea zknX~9pU?2sM8CP~@iAlr#KF*8W(j}3EB4?GI${SvZ1YUpY>0s`m?kSlxN=w=tE}K; zwY!=5Gp<6hG-~w@zYaacyp@{W6HwDhax&;mlDbXv=*3oHoGh-j3R>GLK3nRlU6XLDzN%%u-hW1aJo+lF% zBOV?B#S;pWcaM$T8~~<+Pq}i`R{~1;^PMOLsT-iPV=|9CinSLsS5DoV5#eu)FpcfG?KbSdB&n2cgJgV-;sE)+ z)8wl$BwvGIJ)42*ee39GTe*iUY{xqd#H(xD^HNIE0Y9cJAH9(eqbV|t=5bmbV|u2+ zlkiBv(XmH@J$`#LrPET>@BJ|jR%MS+;*07U!`JN*L15+2OO+Ho;oMRubTAYvX$`0@ zj>)_CS~TwdS2gkVlEN&(9iT;<^#cJ1{j+}%CoUTaSyy3khhyb5rMy^7ryn0$%57U!4JiXH|e<5N!Snd zir-(j)XnL{&EZ|0C2i=2(N4NTD0H1Bz~r0PlK5aZw6)xeKmrCxc>gFMr+)Vn@h1Hq z?t07TmO*z(A$q`su1UBcBF8-eCAvO<-SRbt?`wJ=n#I&KKc4)+VGx}=~n!BP06fkm|x)7cdQ>DC(b;!Y0sCjS`HPN z8}&3Csa&p^=CMOulR(oraC~5Fx$kVt3SECSte@6}S9qyi=xCO$*2j^zsEey^`sl_^ z3DdZj)19c<;7U#iu0o)ACw3m3xg{MY3%)2QgP4d8j|F5OKx>Uw{XvHnHN@KF?+D~3 zixKB1{*YJ(g1vrc4`DYQ_a2#020=&xTN`dmj1hW1?ggm++l__3&jg}_hBPidia-_S zZCj;v>8K8FpS>~U`V#Hn``o!e$^;ZOBCVVJryN`60FO8 zKKzn)Rr*KgG|A7lwE+V*kL}nData0ucNAnJ90$`llvgH_>zJv-sD&go#@dU{?{N zsw~#o=K*HkyVAqY#w`0Q?nb6~PKh2L?HCT$?3wF>VtB-akfa1LLDRt^I@c4^qcxqE zKNChROS_-g7mB(-zyF=DfAmeOtSt<+!NWyk$JOFXdYxK_hJPg$W#fHTdy{X)B_A|1aNF)3|4=S*BKUjAC_*v+MJtH znjFaBwCeZ{s>L(+4XwP|emketD*1U>u#ca8`X*b0f$PCDn~*e=%ffF_ z$63WucTo7)El~XSxm!<p;6x+3Ze&2+wEy{8Onf^~a(s9_Ph(fA7>>M<&$f&oR`@ zGYoSnewJ}-wrIWIvAyPq5C+__s8>^RAeE_>$EFmDGf#b0TpRoK_o3V3Ho9`T zb|cvHUDF*q)As~N7|;!s&_$`$wfaqW>%$qxUzNHajz&;N9@Pw-Uo3k-X>^~yK_jIp ze4ffJi@aAg&WUz<8D$jot$Q|5o7Do;bxggl8Kb>>4Xx3#TrXqc_*sm*F)N0Y6x7{awCL&4E>!+t4s+EAhK;htJpDb-yI=&A zNosFCl<(xgc1oIuVYJq3SLtrmqQE9FwbNDCP_;2tDa}3J+bPOxpC#Fd;0Tef_}xwVn22Enc4Ppw)=?YK#P_uIvWajU*`!p z^g@3&o_wgFh(*KLbKi1$=bS4jiJcNKHn1T?!unmcNZW+NI~0XG0~$rHR63|xDhv-D zzz*%Bqq9u=Yme$Tzb(T?wc8e{Ky4k|0aQmR$28_Ds1Y{5GFmzQqiOqLRBn^a95_(4 z-B%j10}`KSTiOzS+6m_Dd5WC)mM=Z~F47dOKLnuXAX6ofq>yN@B_lbUN|IncOh3&G zR-*hXW_Y$t#J*uMuY3-8?>z|-b&Z5r-!NiI?(;tJ*c0=XKC5t4KVn5CX%@Z)Vz%+? z)V3+sm>hGG27Oze|4Y&itU z5=yUAo~0CR>{YYh4@$wcO%fy9Mwc<>}+if8#(oVGej9Uai1I*yG6fj3MeWF^>N3il@-V7fQ=xA z^yN;Yga`W)$6K{WLQ_FVoVixa{>=VSV_U z%tt%;IqMjbC0)A(_5CeyJ9cAM(`EqOzPJiqU1m?}=36(30a~e^?YtjxpH&8iYMwW; z>!oqtJo;{JDrIYVV{Yq&ddidRofs{~f=O5~tId`8OpYu6;?|bf@;)eX$dCU_{62UE(ut=(N^~L!y0*FrUzVA&Mr;aIG4_2uoUTpv+JZGC^=#U!$yJ#o68Bv znN2{x$3ufFH?kGxxqo<$#TWnucGsE@2V{MmeNY(_KA3+c+}D3 z%X_!)BYh>|H8U&3GcZln%izZF)=o2I@zrT@;|{50sa|s1#P&sfjZ{$T&!PbMh?RiW zoh?LVat&N1S>&K_jbA^;Oe?rGq;a_jK688sQK7282$?M$$ktRgvUBLzh+uHQJB-tltmTG`i@%I=!kt?tSZA$yY933A>m%){!_0Fs~Y0O}udG z7y*l(*|rIuc}ZRURy(+$&VmzQ6Y1 z&5!?J>TV@PT#>kiRe`)#JehS~N~e&=xXEzYLwB`vL5QkD+dw=n_mGVnz7#XZNbj@Y z*`u?Frq=vou*Qq2!}{4HPo0p=CC2Df&jom+yL+nGiMIq2v$Mch^5r*V3jL z^&F0VII)BoKX7%J42J3)A0WNmhx^u%jpDi3$Mv&`QFH-q6AfBAi4x~@=byV&E4NQl zG83Cr^Bb;;W}}nhPs_apgl`<3d0(Y_E$kG{o`}vK$3Q?nM(j%s2Rfu(CHJ;#9ZAwG z1W#HQ+b^3*OmEL=kfLMsCK~tXJa;p$F2{-+8-lFPPB*Sr2F}+NMSr3v{JoA1dNrQL z`@tl3h^{=Z(!Gx{_|W%8FYA-3Uj8t+THFk;5Gy`BnLS-|hHN_v*o+@eU!4sX!FG0t z#Dxjw&~A|f-gD79Ffartr_N%p?DkPtJ)dNqBp(gx=Ux|bb3Jjc^0prv6V{-EJVCw2 zS!SA@aT7x?mr$dZpNyzmkx5kzf-8r?Bl8cuFXrXE7u~%sw=c7aGT^$~8S` zpSm1LLcNwd8m=fL&fiMzWL%-I4&Pp`N(v2cUntC8&NZIYU+r&SMSGtZZy&E9PlX1K zPPZG-IsV?eEANc%E7Z)Tp4K>D3DW7Wx;!{mq|=kxU)Sp>Jh0<;@nD>1yv*7u=ImEw zp8(Xm=O)@;%I}Y|5PS=&MCRJdVEa%h_OM`EkT(Yd6TgAmNX)k3f7@ps zIP&!{|8)!}f1;0|b2I z={zegUf;eseg5V=l43_$Uuewxt(y1lj%zCLvdYWS9U`u_R*dQ)T(cpXMK8iZh(2{} zG&C=XZgjrKuC2iZVi=no{U(>yW9PiZ7YzBJ2Imb~D z6jwMJ{eWu$lPq}-XMGBS*W{(4l%ro?8)WwZqOJW2nmE{)z`!VRxms$E)=-PyK^HRM z#lGk}4C970Zs&ZHJU13~pdSf6aXCjXrDiX=TQw0^ATRAI=&c3q1OctGGeD+MSbVqV zWZ^Y2Stx;%%l3s(JkX2fAwEvtng_Gz4u?lS{O60=o8hPCDji3Mk=woMio3I#X%|h2 z4;ruL=q!)gt!H;&<&7TZ!*)NJ7r2TReK-Ky3DZ#__nqAns{uvxLjLQ+E=1uqKB|j{ zRBg>1U)oo`S>s)2$$^S$qlpQw0ikWHKt4@7$eIB>p-oQ+^pyNEUntSH1|< z-^*+s0W1n#^--{>rOK1&XnQoF|5P8$I#zTP;`{kE#p&jKv@E<&<}R*pEY?m`>L@d@ zWp{CaY_6nqFkb-pr!W7X7rrl;0vN*Sh)tRF%pQ}f$v59f@R9Vr7t9O9H(<`q7e zRX>PwO|{`c*l6AwBB04c5vKC4)dBJShT1LcaUbulJx{K2;g5t=+FLSV%PHT+OxuB1 zb<4wp{foe->F(ec$eaob!9j2Z1{Cp7Q3{C|uu!Z!TGZQBT!Ar9g(lA~J(X31tl3f! zf%d6z_YE;`ixj5-*Q@^e>1PQSewqul9s#ET3;=|N8a+b&0|S4Q7eYA5QjlOPOV`XOG;qt$pSi&HrW_TOT{0;H&;V+36a zUlgtxmbrR$XmgD3Fd*WNlQP<$S0!V#h--}~>^yrrqODfwPwRlR@lY%G=Je=&mDY zwCmqcGgXaHQ5$Yc!MBx_$oQa%-4?LA@cGOt;ci)^5r=NFhO-ds{TcH?j4?v}-oj5(HYpcDE{YDFBWY zZGf`9dCzv!-xaAemxl3YLoJtWA^QKY72cI!qp^hozWFA^saZQGB|CrZ~2z_I`zf-M?qJHd{S_X+M4i6 z_-8B8bLqH=o$nqt=*%B(e1XM#v7>xKRNGb~U{g3^ZxoDv%}&)N3`f^tH{W2nRCe!Am3Hy9sYVpl-Inh~~lQq}ScmUY+(9q@iu}RR&TdyR~H7gBvWg%h7e&0RFF2wf9Ey-=~ zp_l7)f(PKJgQkOCp=sBvK-48Dv}Wg|#|Oz%f&5;A8pFmIU@cMfjPJXOQ;;RuMLXi) zi8ZXEL3*?4x;Xw@|0Sz4=I`nDdOP%q6C;r2^dhoUf0QD6OSsgjVC5y?zYJ8T;M*lq zCT1rwtKF29zKHp@`eEAHGBM4pwosoz9h)FUvpv(w^mUDt3Slc>AEaIC0s;@vAG7!B zR!T+TS!-}s?oElLEM=rCpdQ>ujcU|2Zz*+9hB(I{Iqvk$^7J4W%bMM-D#KQ z?6I3|i{=L?4zTFILE#a}gT?Cn<+99E)5>*~;OHY5Quhb_Zl@ldOYESIa8XBb%1L<5 zS~j0%WR>bh@nV~`lf&G&fX+(#CsInzwR;uRfc|8k!G*T32JS?HvMr*|(g5D!2;vra zt~2N_gD~MBWqMoFL+r>bUj3Z1-@!eBBRb(v_{v3_N~&_cW&2jY)z<=lOy#i=EU4d} zb6p(0!MDcgrLc9((>HeS>j*~(nakNxL2#yge{4ZVEnaLIN~)nIk9m67loR#s&PKJ2 ztH>rSKPBg$f%}&(fWv<;oM>RF?QdMogloWfW_K)tu3hEH?(pO`e0|j?%jHy zWs6mTF203e%gctEC#=)TN^ba-4~i^{lxx?L$Bcm&ug$LCDQh{i0ln~#g&av-vP8dW zebcp=iLBGR7<&)q6Wz8{v6@LKa_mEzvdyn*6C=d2Fy5G$_SMM{{jTo(0X1gL7w1@3 zv?-+c43ZR2|EvFJPABXeKI}N1z3Ezk;nA|=Va*xzMsC|L{frE+B&goe-{cN&hS4Ff^!v?9n{AJsdH6NWo{ zXCgY`IvVe;-B{RrUj0_?AU@Z8bB~(92@cB_&zYr_JCQn)2dnj=l2n<#EJ)Y)olebc zY?pLImLesg9iQt~S6oh?d3Pmm0Fb4w6zQ+#u&khE1_Y*wDCp?BhY>ZZHz*Oxzo`U+ zxLFmpep0V1vi0_eadwsXxPA@o(u;vA^!P(4LdGqBu3f3AIZU)&@m#@1GGySGj<$N~iwa~!w}OCs4Ynn#Mx*0!#pEKZb-*QRoP=_?YEJTfP}$KvjZo&AWqrQX?AUE`@+tKrQAGuC5%77%KjG*(J$SX=hZXp z!a9>XVS(9VxX*CDhpr{=<7)0BXXMvG*(36Ki+P34KjR)*2x2kjpi7Y9G#@~3vmYY9 zFW*S&gbAGZ1tvC}iyK%3q-a!xGYiDMYU4)vU8|t}aI3%~keRM+si!C4ZKbu;AT=UG zw$f6`D!)qf_E+D^W@)bkq3}DNEe+2ShMMGotwf5E=AfdSn(JaP2}pe6_Fv=|cm&B} zr;N^j+qlt$u8Mo!yy{uPac9$ zFFvDHs9O7&EZgD!sSF}#qJ-VvXRBK22auH#J-9Z2Y-7#eSZ+oNj?HqU9kUeXc(T}G zf`Gu9chOt@!E2?-QqclY&Q*ROoYO^Z&GG4}p2*MNb|9{{EpZfqd$Cb$*Z|&Jr(M10 z%~~h)h;#+1n8P5E=ii_BbDb56y+~w8w8Z@~%+tlA`BRL*O%M^OM+iJG0XqCZHOwRp zOq#`;u`%djp+r*pNgjT^aLY_FeTw+Cl%<8wNj|((J`Q##HaTv*brFCA8!J+%YlJNObB`1B^sqSTi$vRlUW6@)!Fz0>5zgC(!u zS4oO#Z^}Aev^!L<)?Ylf?a-FIDY(Z>Z7rsLFIGbk;xweMDH^&LJF%CIQ$G|Rj9&hFGDW{~-ME-qWcMbzCt$&Rcf0&t)P`pPYulr=s6tz7`WX)G;4i^{5(x~cM8x^gQE z)&uRG=yfkJfGru8D5+3^^14YhX*8-9bT@SS_7oBErdJvo# zZo*IiUYDUJ1@T*Pvd;_jQHIQVaPW4^ETm6s3MbtJux?qs9lm*f38brc+M7K(r$63l z)=px1545mMGLMO@;tX*kIcby)nh%=~?|#~9uec15a$uc}+@IoqZeEWGYd|8c%_?CD zjf(xe?6~pwZFdHZf*+aJP45!;GL$fI?vFTg6{nV0k5Bel&UO2aN&fg|>3_O_fp1gQ&FF)Z+%(cHK>#lf0D2RXCWyCE5)Oc(+sAtH) zh@Y`Ss`d8t7W*el-q?_qnlu#Fy;L@!R^i&JdUFzEzBao4)rhzEVtun5Mlz8w66C6s zPhBo!PmaiYDh#3k*3Zn`EeqJtq9uk=o{g*$WS(-R0tm|Sw@a9FOO|kJ6c#^<_44Sd z6=J10MceX$40K(Jiw+kV^qSsl_(J&xmw-h1gWBB}#>$=Y7SI`9+H+0miTu9@$Q z3h9B@QI-$h&st#OrkId?-Wi>)$uSbKTuPyhl(z8wd>FF`Q_Y~~AkeAV4%ZNx`RXmx zBgE;p{7y18edwCIhw;HK$8aV!CTQ&Hgy4J6Yu;xQau!9~?$nsu+-nRQ;nr0Pc{(~u zjU0H%RDUg&@vTnoM`CJ!AM@If^l+5;b~ff|-%AV}&cAT0P0kIZoz0xfU1Tueb-Q+4t6ImRPA) zxQb!SV+t>$WiuMvEK`$iiRF{)>aD^e2!i{HY@~%W5q6mcF3N}Fu1i+Ujz_((Fd7JT zROe(U5etj6O2o5O-w^x?DlZTJ+O=5%GzJ#O>fhNu>531!cnC72RyxC~YRQt=dcnL5 zXEAmtk+`1jmxF;_R2Mc|(3?l8%6utI*8H`H=OZXT+06l>oLig@rHCCVe44kQ967;H zwp9)<+=^^!>aP-vW<24v1S+VbFaBzD$_AYq!zHyCQNeYuKo-7F@;ns!J(kAMqml7T z9>d|b3Y?~gEA5QQxZMhpah7D^Z|Sw(`7M4mN~+WT#8sJD=tBYU9Ii=3oU?wv$;TRF z8->foDNNdI#RW8FlpFc&7 zd}DB}>roj<$DiZJ;38VjHOT)`QMzX*B46vd zDNPm&9)E_9AZW_NZ!Trb-M>{Nnn1q#h0Y>lNRY|j^C~BJ&df;9l=b z*af6Vtm*a*&52E0yRu-1HVny>kR%LAnZp9Z$y28s(-WZqD)UI7 zxMq{r@j9wnt>)`{D%_;L_fl#21_xCoEQLm~r;*``V|V-qtu;tuWzo<7Q=U-R{-hcB z##cN5?fG^}d!5&g8mt()-(^Ronv_I3aC)%cltU^*lme3&tcsZGneF`$fmipkLdWRY(`#^9<}0tO;$&xpA~bzUWXEuH$;*y_EPEFLbprG ze*c+Vu(H<{MBzJ+Yw~;}rGN;d^`~(ci^JEetNzCIGRf?WLaeb?nB}R-q}8a3!d{nB zYcXNc7!H)p;g8pAO>%RY?v`iY>SXS9)cyAP7R`m?p~JUa>)OIsCT@EuRZs>DZBZ6L z%u4npGJXUk&eFjEED6m#-i1l0J`34Io@%JZ7d7T;-|!b=ks~}UHX;`GeC(FJL+gYC zGHen;BX=euXVl~MkwbLp$xklETe7y^&ZN?w0Nq}FFJKcj9q550^OiNlRmrUm?Rw z<0n)D_>G0Yj(L{Y5mGCP0T0MfrC*XizBg-g==+Uwi!$9@aP*Y9wXRB3tF{JZF`3Pq21O4M&oaV*>*9oZJp zK_Y*fJ0?QxCzN5GfuEx^pZf61l}5Pq{pxLN_{drpMZK+9*P9=bIXiYo&U|A1ar-tv z!Ju2T{GvY8G(iOogigqM6pSex_knpyaAMKwl9n$j<(me?ckHTkSbT z!H)%uxC#Uyq$KDuSocx_R|*wutHujp6R7*k$U&+$(OB%omQs3_xir8T$>rb`C!_@C!>z# zU4_ECMTQ`LjlqEH);=3KTka+kbWWGMZg;(vv|G#Sb>4&3ni#sW3SoPAoyfi9l5egffMY3w=W(FyYRpFUC_w;3Jr3wS(eJi4{I@VH1;K1-*Wru zmO*M=0peWRvf|9Y2qoU6H6nE%nN~LPX5ZCdF{4l%wNqP-g84DnTD99k zGYfC9Gzn-zSmuVQ-VH|7i@&CGP$e}B9uo-hR4%lTrDt`E7Yx0RPB;;MO~RY|X&5Nc zVK1(Ls)i)K&Q%t|qD9eW5@9bU;@ySE3Sg6&5yFrsinV;EFJ3)#2bQwZjR46p=AXq{ z_*i5lGl-knWr^chNvD*@o?B;YC{JVyZ%rs?g9T~%%^nq5HKMtCNl zKfHILi&Qo8y3De?C}dK+0luIIB%42907vCt!i}U8ai}d-yKSQH_=B|0KG{h?iy|~8 zaydJ%L}wJTmmYJ98emB;p_ab(g4`fJ_(e7J?n!OZnsqgN7rKQ8G2$?O45p9L~? ztA(#yTD+Sq*v{g%_4PGMc^pg_V+O$|UTJSU*flBj^dUBq9MLYDJ;gec)nVg{q3Tj` zD+g%$5rpf|rI>KZ5G5U#w$D^I2O1>kqi0>Uctyo%FtvJzS8sY+jmUg@{iWpdcnfi{ zl!7V&8h{UknELu3qsm` zy+o&nA8|r(lE0U5Jl^U*Bh{MtiYF~391VTdQBfx(>(*Qp-Rk^AZLM^-)yl10P{W?! z^OoCP!r`B5CH1iE+u5Hu71wpzCFS6P_cl<3d+#Kqh4`p|oRcO69$C(8Io)T*ANXiK z;#JR~%anz7s_lSSt(c2oLIq4YZzrek$Jlk2IqSjrHIg{;qUntfM%vR)3w_F`oqdaBjfZI>&% z>V;Pr>CTVAYD=xC$8+v^A8-sS76A7TLsjedJha;xEY-tk>=kvk(FW{%o*5DS3n-rY z(5!Hu(2=7OvVewM?n#Ed|Ja;_J=)wGO7F3pxy=d+0E zqxe5WhJc|$O+vZbv_0P^dxCMb*=U%r*_0FSxm#oAezjg#Lgw{`qZX2kPPpy^A-nxO_;_j@v`K@4N`avQ-ujeWP zv~o=;h6koDB%CtEI1Au)a>Dx7gwu_txfDi^eRA)oQn!X!~|D&@lvh7q}TIe7`?jU(AsB84_BvU@Kp@H$=Shy?l| zGy|hSFRhfWqk`Y0aSVsnZ->j8PbPG?aD3vi8O+AjB<2|4{vwe78PBq=^7!?F?y=_h z7jC5BWDZMrrs*7u0uk7E!HmzsZ)0a;ea+bUB<5%{MhwG~DJDEY8baLnD(8W6N-%@E z5WN1$FY>_@(pb~o|Nhe>{=&=HQJ+n4X1wu5w099NMKL4pqWi)W(bHVXc*k47ebc<0 z#%J?KnY4XTk3lV!eGw}G{G9tbsQ2aXswr>JKr-mn9W1RZ&Sz!K>waAjM4774Pfv65 zV&J|xziQ@n{P`NGI=$%gD41lBA4n#FWz1q|HSP3{Yu!V((Lv?g!r4aQLp7_~0kXg* z06KzM=+Lb!ZZCKrM6e(D-kBJwrPJy8@TRt3v3w8Ht~H}zrs5#d->zpH-m(#R{I!uS zrh;%}EbMqlh4;p&D6kR?d#J)qErd2Tl*=Zk7&vT4Q$X{#2nkb{d?|L_LWj6*as}QO z=oRZLPs9hkjhuX^#^zO5Z?2n=GU_%-e)O$+@3Nw3VSGM#XUt;XTIBJOIB-iKQB`dq zC%L1zS+u3XDq%TS(dIXEuq}+rT$(B z8ko^pEF##YSuSAKb9}{o+9f?|vcRZF6_vU@<@-G_YaM(&ay~Mrr2!l0vi@|8cpY1C zyUOaUNB#x5F5sbjNG}OB?+88^7cZ5> z)d_({peU7moG$kTgVp$yh4YBtC`f<4;u-4rXVa7!`T{Wf^11Wm`ki-5b6@5?K=XEU zU}kJyRhqnWC>B5;TnEA&wDBSO&uJWZrc1{M_)*J4qd0kYDjl?91=eo*Ytgs)#e9*e zQmCgM!OAaW7z9h9lgA308PHIVh@uAT&y&Pfep=VfN%(_g(W|z@?2_n+2O=8;I`tK` zFP#_8vpxoX$$!jYACbz9n93^R*nzO2Ex6soxH~^f&|_ajhb`$>!9R~PWP8|heV*BO zRM(zhp%Dlo_EZZtr6rdR>o*imXikW(ytu0NoVk102Ei+%g!gd7{9mLJunAi$G&3 zRJ_Wpk3rB~C}4Rz5$mqfVXQq)T&9U&ixW~_VL7Doa&c3Kgq#0i8tQ{cSZYMvVy|FJ zou7Jg$6{~WCD3w1TZAQbbcLLoQyQqIXgM1GETFX+@3THClm7`~y)J8YQ>4stwQt$FosKDKH|VPHfi^3rh#JBusl zOtlMyv>jC}n3eht{y2T~(p`E%toSm%-TYROdKS~#xxer= zv7SoMq9xaB5I*#kU(ZB*tGYwvYa^uu?d8hd6r))t=1fC#Dl{?pq`?Z~&hv6vu?HHvV zzlvs~m_ec7gm5#>J8#u!1zDxb3r9hx&zPcZ+>jeC*O3N4)kO?}Z0hOjs+U!K&#Oh> z#N0hg+%j{d&yRYVzjheu9yHq|3B5+>GjB$)6!jJiOk`VSAJd1K;w6#yeq7r+_kj8&b~mDrqAzb{afIS z3f`L^qjK)D(@?N6(-_6k<*A8pvR`l6XzO$T-fUl*a``h?0pmFQ3X`46oIsH<$MD-7 zH^{xeTvggd>Fvv!J5X)ynXWWSaL+~-YJyis-b{RYIDrkhluKew-U8qLVYwQtM}HPp%gnexo(vHk{%ZJCx81ZA(5K^U2JO>KVc><}i!%`1R-Q7G zzF{JT$nB1WPYj6o{s77ELMD* z8_$b4vo(zfDm(jT$o6ddB|t(TuIwbW%5$qn#R3&iV9uQcQ{ak-2{|Tf_TJ! zN>8^TUOi62xRPj~8D-)KLod*L-HULN*0a^{n`a(N{jMmL?p`K>-73M$U);b+Faj2K zqVqNtMXn6&H}3KRR2P|wZncn9M*Xd5fi-F1EvVkkE3))mF1>D%REBDyhn6qA@bLMp0<5KDjBhVd$lm_SW@8`@LE`wYuTBs_=bXLfqcZwS>f!(G3?4W^(;g3 z*t>)Q$ZJC$?-9mDVBN|=eY0buxd@lL!c_o{H2h?Fy8VF_Kh45K+%sW_AO^T&-=u0X zgZ-KWOQHGq>T0Uv#f(12r&X-F8FVRf$t_x9$;a@qDd0t^V_)ppy7Whn;4)1 z=lKUInk4^+Zu(!MsJ93@&UBfFz-Lz`^aKB>hmH1Yxea@Wm^t=ZaS{WLGLywM{|6L8 z-#ikNwIE&_XXeG5kdQo7)kWA;s%-VYI!VFjCU-f48rpW(MQ2WSGM-dE*Pq>G_Wor1 zFH$~0pNB6|&;9EWV9HNDg3ZCM|ASTBScnhxKT8Jy$1Tp;n}6|v#U8-?44(dTH~4=f zVzBqWhF})J|KA~OaM#e(V|mWMcuhl<@SVt3t2fnA%i?xP zh6Y%w|KElHzom|qhPq??V@bz@82H%{EG)Fy{o5FOfd68UEdOZs4(2`hQgF(4K;~!6 z5Dd`%{EPV;3xN@W>8E4<0EMvkj1XV@Ep9<N(oV{&R*)Fg7(Q59tddzp_9HqwX9F&H7w@+XHJ20=K0eDpFJPW7zxToP{edE1o zNkz?xe*@&ADS*h|NiIIVmY)!}5PCju#ALSY=y{P?9G{5Az60c=RyqgI zw>qa{aRS%u>}s(z=K&Hvf6n>1Brm}AI1M?vcG_;8#EBK-0+8XA?VcN;hk@q>6OxeK z5&XdEo&DcS#soIy5aA1tulXKS?+zjbeP;ksz%gxtpLB>=9P)lN5*AAAxZsFg(h9V= z^K2$VOX)jguHV|Q!>|AIS)gUi+f};uiJTMuV?6(t&X*7{Q0&-ATNrQQkXG^i(tDbZh`{t6~FK0+6lof6Lk1R*oErr>KaE(&5m8-PJWylMrhwDFpB#LXS5bTPF#a5X%Y>#CZVPO|7qgj4zFnj|`% z%nv+k!2T=#g~mnhz&1>>s-@W+Zu>gce(0?SkyeDqGUJx%01PFJ40(bN^Asp5cjckB z(CKgO1usld=ugG;RJ<*U&0#6?~6UB@#5t0@xRxK6Sx-^oL0r8 z&0ybyzAMU{{8EFjIUi39bSJ_I+);;zIniB|(0i`$yfzn7bJIu2*fbnSOImdRY+~uQ zu9110_|eKNS581A06bWKN2R!|uK|yEx&Je7NhA^mkvy7bbK>3HkqeQm&I$b_s>d(3 z-M(<`kJVTdssgz3f;<~lMw~_@|A>Aub&rL%c(y#o4!uVBrTVqUM69}{$q5LOq9~c2>ZQ5^l7G2d+Hlk?7xF)+N&gw zo^jYenGfyC%g|MRODoX(?<60BSQ4+9rp7rsH5&cL|+13l#-bBc$y0Pd@%8ZCbx z5a~Zo@E6>a+;0d)Aa4W;@NC?54yx~lc!cgI>(<3w4v;G%&sjH*wvA2MCZ>)&{&TmkV`Lgya|PIBY(dI54C{Oik)$&1mI*~!o5 zjpw@^5|{BZ%!?g#kwITb`uZ5Jqvk<8ef)?n3WM`*5+<{l?R}kDm%i!ie_a0$#R6B6N~8|2_LUsDolg6!Jk@^nfsiXHq1 z-5S;O6p8!huOlV+SNv<@-=_yO+DYqw^AwIU1#_~j#-PInYSsPY<0!cr&MS|L$fK^4 zU76&}{6$_#BZr=DTaHeyl4LuF>Fj;?xT+&nWI)Z$Su<_fv-{LAY?2x`sKFC5Hn2M0#Lh7&i9s?bpS;krX zzpy#GKTxxsdX+!mWuy<+KcQTq(2p;+iGBTXexR?0En_k@e!Eq-RVe}B!xTy&A>A|< z2&$rmZ78)%YAEAc@$;-CatkX(Cv7YB>os6l^UtV?7#J88cy-nqsWLER=w;S93 z2z&*Nd?2bF#Pam+)gjdYPB5vU25Os9pd8lSM)thiJ8P3veDnjPg%*|s0k@N=_!-e2X>{s5XLj@ zAotQ(hb{Wc6Rx`RN*O-SM3mToE>|(ZAFh*%R&raXkvM8*yS?5otkkXjiRY_#Tddat zThQ6P(u}yV`5vn4yxW=;Ryu=(C&Qn><;oMEL;{dvH~zXJKz*QFkYhBHtNg+CJQX>F zce`iDMRg^hrkZwliVf-$vq!~+SWD>d!&O)K?Y=>9la=ema-n&Ox9iZ%8xK!D{?7_J zc@njq=nEU{+Yn;%eJZXwTK!k9U1TD9BeG7Vc6*P102>vCnx)$AoOQ&!!-=i&j()%0 zxIf0|@twVXR>w!Cu0=)cV1GC%(o{r`PA6tW2L5-=ac|W=7>G*pbo zeQ(Q^V++B*%;Q&IVq*ZMI%K@JYCNfG1zg+@7F}6>Tw6EvS3dR~cS^yfr%22k87Rym z!ff5xci=v^e(PiZo8A6?_PJMzwE{UzSF-$Tz%2nA>P&J zB1GSjt-8(ayH5=kvP?xx=>q>9dmoq~L}>&=Ki^=>F;(@A*RQw*)tgvC*|dF9kqpcv(6dHs%s&bY}E{S zurH|PrA#~y&Q!{j!D{*w96Eqzgq!-2m`NSVBz67kKivC6x@(tHl6e1O6yeWiu`Hz52OLk8Tg~ zA^_E0t^Y8!^5>H_ipHla;|h)Y@h93nn>l^;bQ+t~9pD^iEZ+n8GTWCj@x7C781RL7 zS0o(w@9wlz{l(Jlq%l6$#vn}Hz+&qLckG1M7PCg#XGrdh+rpxA+(i<=Pq;RlIGDr- zXg>s1n=9oIUCrYQp5)A4<}#wJk39A@`ILlWO@4+}84$#m)r!UTD8C z>IF1iTjubD{bL{e;;Uy(Tl77zgM&ml{`7MHAd1n9y&4LGnl{N7bIC=xP6Wr85swu9ZMr&e%xXqZ~766$cH^Y<`S3}uDb9UbCRJYx=-Wank?X$h1 zP_FJw^NDf;FD*6l?s-QJ3j?>jpO*(K4Ph7G*u5>8M;b#5TR(|OsmuS98u@tE*o4fJ zsz_Y0rJkJ&C|sT^7O_kSv^7j(NG%_|ry##5e_NdM$7 zs)RCwj$5yFi<7OF0fUq={;fffz8?HbC0KHm=%D^w!^w}vioNEIx}IoqAPfFC?U;?y z0eu^dC>Od9jRL>poC~{|a~s1!K>1-hcZl}oyTv7;jMEi%uu+DT25;oDu8M!qkGg=ZRVZDD;W;p1|jstJ^ zL*Py#(Y_2=)(E~yVCvD+IjJY`UnPy7eaj|kj74-aj&GhP6h8GdBaKiL{h zCs5FA42sJuW4jUa47dxIg@MgWN6gmf*ixn>+F_cEcDcc`-FmzWxv>RxtvA+A?YsNF3jB zR4r>dMS&VnwHN0KjaoN=din3(VVGX!xpe!7D&&K@obVEI=o@6GPV;2?Yvuj9zX?1V zuVA{WBV_!TzA?`G;&yRC=C@}aL<3$YOUHN^u%AqJNIKk?+Zjia`Eq93}ApPc?s_TI507Ti=xPOocGut-tz6}v2%u0!a zK^k|K#3Pu^8Fdb$6C>Z%+yYzCfpY}y-0j&08h-8S!=(Sw{%2;DXEys-(V+(tR_Ddb zvu)t9!xrRlkM{Jb}*5YxMr8-O+IYHsN8%cWauY*bzJe|eAa&$dN3T^RJa;vbCg2&7!|C38 zSsl0jGH4|7kksp}PY0HAvD@PyEaA{h);;1AP-CN(G`Qx5$;H5r#r}cOJ#$N;^q@HO zHYLb#i*zp_Cq+NK1NRTcfR4O{-vz^&{rU5>IOPeT0&QNn7Do&evp{=M_l2l^lRZ#m zKZA(<=?O@w6P)cFE*<+z@gx_m=-+k3`Q4hZC5BC;Jaub&#=NZh{NJ&a1ZS#8f5viJ zD*x#}h*W>^-(Kj-!|AcF1=G!}&D;HH2do=T8hD})R`gw#xHT?}>8|dy5VDV~iI}V^ z4HEorYrLYP*oj{;cmNa^M~#|JhVi6(Kryo8O(e|I_y3Ug)?ra@Z=>)af+C6nN~ffx zNH>Dg-Hm{R#Lx^NrIbo{mz1=03@IfoAkEO7(hc7l_TKMrpZ9vtcdm1t`D5mp=XqA$ zvDUrrT5>lE3lX{d=W}dEA_L3WX~dA5b;H_h@WVX6Ui-b9DvTh9S3eZK-A$GMWP&T%UeVHj+R?-fj4?)obH%t#fst5Qz*?M^|-`PKX9i2B0SR zP^1EG{zK!*=N*@oj!y27r>xjOZv-h%G-N8Z?Pl2v&iE;F8>pB3MAtdZxi=p}7j@c5 z+W2Nrk>!ELH3;aVbSnIaPsNdH<-=?rEsPsgs5o3rxjNj2u+#iN6XV^?m=-E8nZx zsmh6^DW`tkr~pAf@nELDf7c82mOvxcG~WmMNbd(AgVfQ1!D&tj{`} z>x}uYuKa?=9oO-vIJ3JU^`v0bOxr1UK~VKy3TvaTCc z@(biWXaZJ(Of8^>@40&ewERq08;KpA-nKeazk~==nwxwM$iV;f*$^WX7Nn+I3j=f* z*-kkz&{9StX$TntZvGE?Z!q+q$04RtB#CI?r2(iK$Bt9O9iXgc{9s|hts`=SxPNE> z5D)Slq(Z(aDiZ<78`*uJIhK_w!$H0Y>P>X*`Wv5t{OqF0he$=fDGdY(<6qFf;9yGA z6!9D&4%siHYIov+cN;0P+8Zl~`Yoo<$iLv}zbOG3iH?K?H4>-5B?YP0M|Kni5DwBI zXW;M30aSbbFM+H%R(Bo(0|!3Gx_14WYBY!I_}5Ji{ujFWuV!y-N}L=!$Nu@i0s{bk z1B&m$Km#5sUmWSHwc_OZ^f^t=XkMkt<~Jm#->?YExE6)u>1aXOIJE%e6*fI>t}$`gNE0{s&W=|3zeVqzNyV1*+sCe-0r`77<2K~n7}Wrls!(p|0(>DchU70mlYjHp4Z2Wnj1L93 zk;HyucKSD6B5f`=3`3tK}5jRlyo4Pe|0PlhRBGu(U2Zjd&wf`GOf7kdoV>eBm z8hh zhq?gy9enEF2Xda|X6y_h?e5-2ERv?DY z?bZCx^K#{4FfPUw5D?4!vg!iI4fURcWyIvvW?hFlgokX)eSn;kZ^RAh>>%AF2uUx$Pg!>}wArZA93zEnw$lGK{Jvx0?onJ4aM-cCS-vTzbFXK*k+J zdzYL2k}Kv;dk!3MonpmupDsW`eu7|Jo1N#hD8@IIKf|w9?EwJyAn0;Qsa(|P0li;wwD0tGU8*~9Bn6SM9tu*=X#o$Q zM|I_yu{_;)@K~bSuLTt+krNYQ%X1Vot5B5fe6u`7{gjcllt&k|<4&W{#c*5j!OGgJ zfRJ>hY~~}xUuGKItcWIG#|iDwK76$UsYrY(g4KD<#eF_+a9T+WvFBy@7urMaudfMOy@sH15n02g=nc+aJlu2ZO}>9G}0o#i61lrPLE^19vV=v!R5@m;Lq% zH`scYmGh3kAuVjeS{9BH_Ym0pqj9KSA|J(9B;IyO`!*qm{}AFZ-_w>K^BzejU46i_ z$yvK7v&0!;4ng}3{V@+&PDh;0pCEgx+AQ3YC|8-Xw=vub)XzOiTqbM4#H@12i}%SG1|uOV~_yt`nCNwo%^+n_pP3e16yewLlg*I_5dLxNPGoG zbNKU23QelfyCVqwyYdznSiF1Q*(vxyDgWwHTXh6J^Jl=a`kW+9c@>FCQjq-tXs;r0 z90XF68r8d*c;D&@9%I-=B6R&N{6d%-~n;s4-iJ93iq&Vz@{neJr{(lnLQ zy@|4pes~|v8&^9*1n&W|ZO*h|Qj;3I&KSMLAolM96S*D3n_cm@ZDsrP<)1>=Owf>X zavI)^^Tyy1J5g%w4z}?vrUdbf)ZczGeL1>pM39i0k1H>^qdSls`7M@s{EPVMZq>;{ zy-8S;(L4W*FK8${7=`7Ami#z3GkjV|c}6n_WHdy)#O9r>HyZZp5X$WBq{ccSgdHdF zZ3Nc8NZ{w5;LRqNPJ%$x7;1Xg4BZQ`a6{!G0|5hqjGQAOucmGq<2PdsorrwgwfQKC zN%~F0?YTwYXAlxU5SKON4=wq`PJyg#R#pAui^8nuk*|60lTpumyY>`2_Sc#8lQb!T z*v0konowgfvjUSO@yi`?<#y`sUdjGf9U66Sr(7F#S!ZvvGfqBPv)Be+>{E!&4bhHk zL9g+6M9ra6=IDDBaY2lMl+c*B!<7dExeRh3KI6Jdq*fT%TcoHArzc z^7)i0pNS1Sb?lN_WrktF^0pRnazoQgG_D%B163lE|E;Dgkc`K?48_vs_xF^WRU&fW z{-{r;*s7_+hb;@1LRXy3kI)3Gc(hGzMCK=xN7hN0;nc2ww+Ls&_1jgZt=Lr_3Gi6mHYQ=R*k%O5%cxPj(ja2@#))M*migE^)`A)>o_VuXR#%H& zZY!}IUO}DCOQKogrOx;@a@tXs?qTAs>bad+ALGR^n_vo{nli?;l+yji-{5lNor#qnT+s`Ve>nQwdvQAz+YzNvh8E~l?XT24PJ=kvw(k$w{S@|OlqT{;OWdvA6^hTVS)7XMX*t<<8&?<2?pomfr3e|*Js&Bu zDVyV~1~RVqIzJ@X(|(gBrvBZObwVA{W|&hmwFyT|d5HjrqfC10sc8u{Hy#8hgS4pX zE3+%9+$9X`a74D$T5A53P{=CN=kW4Q_Kj2wKFSQ&CXtE+kq3~>wQwz>PTAV`5i`)Y z$laiG1lJ~UWfkAUNNqN;HNL>K>r2mzC5`F5we7A3-wd*taYR-NSsaOjD7e-WAQ3`Hd@@<2VS%5z z^G%96vyuXwWe}BkVAAjw&zM=K-S^Nz%pMf%{@I*pdIUxc>FL;TF^@_KBJN#Q<_okF zE#0+pzH6A4kW?>VA>mU;w-$3xNz0%w{f8oQKN%QB?DJ-#g+=bkL)^s7XR}}`6BCKODXa}mj-UK7vn(92T>PaP@V{&pC|}+Ub#$)Y_Y6L zM@JE1TjgdsNK8KF;FDsnFy;94T8lBrT06ULkU~3#u|X`^TEim#Bc{aG_Uxuf8E}M# zq-nNd^~*XdmeyOzVu>v;wDqN@(^J6;4*QE9fHfE785)~ZxW$Mt9DL43a$D(QMym7J zJTA{$X{46%G^g%?g!Voik*RB0{FnagBzHL$ywcxr=LE}GwTS)&epmibrK4yq>~wXq zGbu0o3*r_-byuOwZbM7^MF#$Aq8a6j<981`4!Hd@Hc2e=W7{Jl-jh`t?+(f}FkU9U z6sYilp0Q;pv0t4cUgdGL1go1py0$D! z_-2gcT0aT3S~N~BCvOa~msZ@Umb8#44i&LN-fn0arS*!Bu*FXP&k6oXgQL<8w!Rdn zi}1(~Zoit)8W8Pvb4OuRm&AR1bsL(aN7? zxJ8P|)^DxE>6$dYcrD;jeVU4^6sa5!9|M;c5Mdf9~aUgRSaztY3a0BsrjenLJyxt2QgLW?gMZYY z-Wv?lC8NUZ=w%X!y1gU51-;_j^-7e&(kCjD5fdn+o{jd6FBQ>03*7som9Wg6OB;3d z=cvbkcCPX{uP0}&L)?Y$2=$9-i(#f;TuQl#23)xI3BLP#UI~l$a7%hbr?pk6B}YDUmpNvu@D#DcjNKy0=oFRi4Cr zN_a)zCY{F}q<2Z3%R1trynxg@d3W*j1YdC!GlkO~3mVBf(@$MIk4lf*haW3CQ&^7m ziE;72oiKG|!Wicmx^lY*xrO9XC)!o{$);cs9#V@ko`)!Hfod=GegMv|Qnw7%e;G?i z6f&Vce}*|kcso3d5Q1E)A)B-_ZVR2`c*8Q4=E0k*zj9SPGVBEUa+JF3e1DD@o1f~$ zj!6DSA^b~^g(YRYb!HlksuUWPX)2n>dcO^Ot?FyAl+&ekbH!%UgyKh*zp5ok9BBz% zA}w$;z7r@fhXt?rJtt897IW|F=VWLh&7F~_ySjhr&f{v~aE`BMz1;WtQ_?flo$D9kPq2Gb zesY`*y{)M=kFljN+`CvhT>H@BoE*iEq(zG#i4m=mKdhHV*>`>77L2X4gxntm8+$ci z72EL_Ki68gx{H|0Wa|8eoi}m|pw&CiF4a~iyy(QPN3ZX8{dzYcM&#D>{zzFIlPA}A z0FFcseJ9njB)`zj6!kHmIkVKpobE>pA4Ji~igP}wMN=9HcYpl5qL>`ncwR73#OtEh zyu~?F_X3=F4!O4Y^jba(1Q%60QQy?{KaJE0wpphS_c4t_M*KW7oJ&z#>3c?!z@BQ_clk6YwI!Sq0@Rp z2E&<$M+W$gj54dto|^lr+-giq;WBaN?#o7v>bNzC{2gpzWFLOtE}ZHbKCl+@^o)u& z1m`(=4KM0E=l!ErOd2OJ&jl5rUPVU&@}4F463vFD?Td{G5?>$b`d;LQw5^N#W!w@7 z4Ky2%VD6YgYMm7g=Z@rm6k3h)uTahGwf7E7C*F5!AyR+VY2rdXe^ZsTB?uh%9n~ef z1Yy&qkA`c$@ja0#b#UL}WJ72-oGM^jkXJyJ;BPQm)Nk1#TVQR2- z+iC%kofLA30`F^DU14DBqRzhW9_%YC+>QOj5fwQ>fQ*(t&Vijj)Ut}W2!9thYccNl zKe8Ma;zz;>nO^qJR!pvUnuhwE1CYyPJ=HVjy9}SeMrK|{;~;zb3tBW`4*X~(2Wb~J znw7a=(0~PH%YI`vsklwaxZ8g>5$Md%X+209Q<~-UfJ)Kz8;5e%ZAe!pqG1azPb`I; z{G64yVz}0z(TbQHKXluG1Y6u+-n*E0FB0;ddhSRs2dJt*+Ea>&Ef8q0Ze8ljV5(YG z3C$TSa+m7M^p%3pCpf>~xSH4sYQBxsmeH-~Iu^R)&AeOm7xp)vX9CX)zl=g1mVGlIwm6 zLh4a#ma`Bq>PLh|DsXti-t`ptHE)kbKioV!KK5LBUq)Qy?aOu-^4$U?Rt<{}3%HgB zPz6byldi3&uj*$m%Z`C>q03O}b=B_Sa@F<3a)0Rc#gT!`)m6X8i-zsXqQ)xrf-+y~ zdQGU62IHC_9V{BLzZtjb)t~i1l<>?BetvYaf6c|HLQW!hh9~<}PNseZz_Gl@6FVvp6xp+=+A_Ep5l;J! z9D7BhGiFQ}NTf+=OMP0|^*%+4l3?>QC(WKfCLc zj0qG?7lha{_JEf@S4`?$Hw`oZPXQ75unzo*XtkW52(364&aI*M`j-!icRMT_za$~gk< zW|DXLP2_*x9rN*1@7janSMXtX@X~GYk`q-021L<$>u5!s_2RJcdhd?sRle|fXR*gg zte3-OMzQYY06w|zNEmAX8dVV4!ZC25A zbx!9TcG#<*{L+tqoU)(Ue7qgG&dYlL79>i%nv@YmIS~TM z8iLLoPvh&KboFv$Jyo~$I^C&Ly}flb>RJ1Cf;kk?b1-`qLhiYpDzK{~Ty=OhuHd<~ zbG>IXeG*XIs(iNCcou$K|LD5sCCI2j(#I@ymX1Yd#TW!fBwJ}xL zOmM%i?02}n=1#$}-Gh%=Qo~C8eXBwJLG_*z<+y z^D30RPDD0~joKHTfR4t!(`^~k*RaTOBBGtC!STU0jRd`|dAzCKI(YC9AHJ+J_du0s z56quHOIKOD_r{1TyXSrFUOvag!ERN1>#XV;lz!e#QVJA?K85&4$z5SQbH&P<<} zhp0et+)R|;0|P=mHlFkCWC%p@`L=p&0$j-g z2Xe0k!IHAZhaf`CI{#QY&+T(LkHt*Tfqy+a`q3a9Zk zH68xxweEz+l3AEbXfDQbv8|8$jeg+=rSd%%em>fE8nRS@$6jmnCln??HPbgLCv<*L z=TODucx&;?KFLf4ugs>CiL+Tef#8G~#--lb&@xk@V~o0qIl21u-g25D|e=y3ZYNkvC|(`Yn1Xxhlm%6imwq(@(t1nLmUkmE)(8m>Qp?EOH5 zq>w~)WCd0^(z;*54etL$J>;Kf5WIS;KU9lI85Q2X&NeasNgjo->3K3dTbcuBSa;%- z{xo)OfOT-+rU2KA*V)bXw6Z8~O?=z=@Z++z&7r6B1f7Sv@p%|ElN&kpi=7gzIU&(c znI>OJ$*w0m&irO|IoN&3xaD)k{64@xOJ*6%SKODnzL*rRf>ER;jGe7+yfj(r=iT7r zsOpQ4z2%BB%`=3?mohd=#r&*pu6cD&e)q0(<4&}Y$C^qqTCJ6`H#T)UBqtHs*iJ;3WvTIeW2@%1d8qsi!0(skkpk)cl z3xjvqSU#`d-7Z0-5L)uj(-r#idmFf>nKRRf1T9!%ZATrPd1^7H;c!Aie@&JD9g#f!zD&UR z$j+|&IKf)ESn9)9MU|PaBj7I${;YAky+-#RWuu*g&ei%Y(9RT(E}z_G!zUl$e)KKq z@-$a#>ZvwkL&dduqv}Jm;l6GE;jO$*t#sb`4JR2Y1ugTwogGVD1NQ~<>jtW634bOE*Brf1f{jbzpZoAD zpKA3)79YFY8i_!MHzmYq1Wh)Q&NVZCRv=L+fYTYY0zkclcJh= z<2_KPn0Zf)x``o+jqpO31|2d=OcTjdKHPO;Kf})0iSJbs2?qIAcjfZ8TyhlFB)atM z_ugp!8YixHsz2Xzm7BLPl5{WSb!#qcu?~cB+xht=PK~lyTpgBPby$1i$Qc*5(LU9XR3{Y9oF%r$dV*UQGy zb3gi_XfN)b{k!U-wOT~@sQV-rwdWTs_X$>J>q8e*w?OSBbhB2(<9+DRXnA1jdc${T z462mcI?icuDEDUJITfG#^&d*?d5w419pM`n7Fse~fN(gL%jKv14})p+72h_#ddKSa z774H#xV0y<1;_PR!dZ5v4p~SM%6p?!e^drKl|?-zqx-C0C0RpWYMU5Z^Qn9HWDQvc z-2|fHpG)d3lBeeul(2CZEY<=m0(BO9VOt1Kwa-r|Ek(l@Va(l4%S`nugKuHD+2fl> zGQ0>PKJ}f`s`Et?m)L&m2)asDjn(xBxvhY|tR4gp2KAqf84(%%N!7&;np2sM;2W1) zEt_iTdKwwpIOs4JWS*@2PW*6<`>CkgnpLc7@?O>-tAbx71}9JHbQ@#>Lcfh2ScG=@ z_mIe#Jz43fO+4Y*wS0QH|8`$-*s%h63~_35NY98~*|*c2{lv@*>kJ*3fdwr9igz#D zgtlGarbm8;8^$a&n+vXG;st>aI#q$0d|r;u?_%Eo5n=WjrEWP~e`xeoj;SeD>IO4Y z%NPl{YbO=C0~bvlx%3*eC?x%)CXUcD1MgYr(UR8v56ijp!nJKQ@8?T~eB$k^s*8z7 z8I(rsu`}FyYn0wmuI7`w`Q4Fd0F6`@RjoAQ8H0MKq zo%%AJiVrec^QCasH*l?mkHX0_j@?wGqPB}Q#945`eN&qY9SeL34N4X=ysti~uhA## zFH!2HJ@_9Ub{2PX!*Ii=w#LVF@RDhJouy2%zMIAM`gvewPG+k)gS zOYzlJp@%XvwH_{BOTC5<-LAWTIlQw!&kA@NYZhPqo!4)>Hv#@kL%vIR><99M`CU!9 zqRd`-I+5)7S^DS@n;{jhUBs8#feaG1ojhA#0hW?hyEEchXs0TXlmP?<@?r(L*BYao zJ18uq6VwxHvw;IW+{Q=kTBxI0F4$1SGDk~IA>#0|JLNlmV1uR{trnWv9hvv`Rrav_ z0}Ju-AB@Y~Ca#S-qA-3k7T38o%umgY7q53&*0vZc18V0hLhHgu@3ZnemZwfGi>bMU z#`ark!@J9zylm&^XT7@AAYJ&Nmml`kGi7aQ=_oe#=hUpE@m zpOIg$xQCbJo0?cRCSI%s2E5l7*JghgZ6wnnR%cgkP^S?h=>92vwWZ5n{0JUQZ6%-a zxvVR};lVT`VbWX?cZ{5<-KWVYwiqUuZ1sLr5xO@??PO`rS20C4d-;8fDuKb>fl(g} zMv<;H!#>_2WKc{IYFE~ILvzeh0; ztPxQEZtc&Iz{$9`BSWn&$_s~W+B501yN2YuGtriz7j9blrSw_m{Xk$;EwidBf?1Bt zS6|l@ak4t+lXYDey6T?=pKQA}_B8<7bcjYCxhumSG2QIF_x1xnS8W^S#fMo`{#v^# z>?P<~MyoXLvYMKX^3vOJ>c{nPEe?Yi+iv1+S`>sfpFt`*bYE-4 zq2uTxzmDo14$FDcyGa&=UtrwV-<9hx^cl7*XECY>VUaM(c(Vy0-wIJtq{D$!9O{*C zcQ2)%JSlgqna=G6qO2xB;U2rIxQL0EG3+F&euU*ZDvPa;rr@;Rc8y>c^-U_7Ai3iB za}%x58N?974pku8)9-wHR1CTbuDj&FuNdc{*LsmP8NE?vx4%uvUC#`(ClT+$BL*Y>2dWv7q@5{HbD(vLz+X+M{Oxfw~5we0Dsg zzE(0lI4|saQB#kE8#){&7oZ&xcypviZ;6>HUu;76N^a%Vx`U%ZKe?;#?TQ;924j3{ zT(Y|-JVTNkE+@Bk%`#**&~0XB0vo$OSQFH50?kqZL)%m?hV zGEQdZ1>LHT94d3>s>;h(6F!Q7YkeE*V!w)F8X0t-Dr`a&%6d)rM!916{35rA$rTtN zV{yVEH@uTA)Xk>7bMFV!Vl2k%QhrVYTk7AX{#7LoXOQs z^=(*UN)8*$%nWk*TCiyR&^J% zfO?`yBqXeAo3?btXZ5+go~}pT35nAEXR(5aC&GR1+afl@j)(A87k$s>i$mye9y_I7 zLaLLNONc@o0`ty!=8L%8nnYbYy&a!SC(GC#d#&kuX&C=Z3D>2J+_#6rNvXAUYEJi@ zFZ9_Bd!KZss&PZRvI$^;`*Oj#V_HR3LTjUmt&bZDbWd^w)V|wLqzx_-lUp2HGTS0{ zL7IDXv!95f!WoLw3RB7vm{8!keHul{g;oCg40b2_=4j*w|{a}@@0t9 zn0^WNef8|cGHaDz(o=U4Z>mN7Xbad-YI;8V(r5G*?Zh7(biaeRgq&CeluWX;PxP;j_#H>SA3-Ido5=;lqjqIvw?J@bk zAYss-)O~}%WYp{Yp_g6JGnhlri+tf08*DO*BD&s` zl&~N52D3bLS-6AUL9skU)jFaWg_)0nwT7if5Sm;Vkkbw5QycO?`2@#fw1ds%$__-= zSMtdK%q6{|Uo^eLp`!52c+Ag!iBJ1Dk4vz85YEvLf>YgbbKPGoKGer!xe5b|-e@HT z>nC#5?i@#{9N&)7T^aU_A8M?!^2STg2M6ILkx%i$L=#_+Vwho&I&-lWY9|jn=!&{0 z$!Om%U~XuRr?@89#p6SHA)Q5txT}zb!A2;|TR-P^NRJAa;z3o@vUE01PJ#P{3P>&` z?UqF11jXbhnXHkRKpmoJUBvr-vqFElc)%ECPN)p+`Kh;Kx;VAKz+5+>M&GygB@kWY zcN_LT9QQL$WY%s2F$BlL;l!n9J5hyMY<^?!37-D8^jG8Ol>Jzra2 zhbo9~C^sC1YZTSNfZ$daC~Z4Cbme#im-}WDRV63YahpEBfTI8!n z>JWy+Z1p)7lj{rT7TQFIL~yiym-bpn*)7Q5b);_OX=xN1=?^cl!h!6KBQm2Sr<+AC zgfdW4+n1@TI*PT`s#WH+KEfIaT#kD6)88l9Xr$x{I=SZCOUswfWfb3e=pjTA{W}s! ztUt{HvX-G;%13*zrgz0>t}-sWmRtvy3uM^8Z&<4m=WP-v+2qc>MQY5);$`aj^*oQyy zQorg(@p#ow4&nb2Gse_MiNLyp6EV+K0#O{g`8-&6Jv!Ws_T@^RtxnVleJ`0S6xUi$ipX>o!z* zI2>%KQd0-$?aA(=H`<>r?p^I-kCZJW3k^RT6T6zt$w6Nc!gGst$19s%M`Igu7H+J6 zcRg@*)tt7DYv9?>*pQ{QEc*O>0IPRlW$`c-Y{NPdldH4s{W1k2tM^W!-J$4;HIvnr zJLLSXe(_>MrQ`$Dy=#ee$xadS8CcJTD+oscYm|yCahi=6#_{6d$InVWr!scPwkJ#a zprh8VrDgC>+VX9A36vj0ey06veWoUDR?xk#xD@_6 zG(;=8~zrYK% z-Nw5&h!N%?y2R<qIMrDKh^uxPNqQBnCXlndl~|PwIGZRneiiep3#e#_iJGFF8MEnyPfbl0fM)e z^vjUF>!-RqUDu$-S8hhmP;}YQVAOhF!um|+&S9UfOb4Qeb(te<{7YxX(57`_S?fC0 z`i}>Jhz+w@DAyfK+Q@6lPLU_rSeOvV)B{*xiT6Z>R*^Sl>fNw{TlBp&iR}Kaoa3+P zMD$&z76-Cv`reFZURmi?*eB_ldYb8q!t(92tF@RuyK?8CsZgpv3069`-XwGv--lKw z7Rj18ky5GHK)m5|&{DKlrZbuB@Uj=7RB}_9bvg_dEaQ1G&!U@q7|qggDZIXqMiJ@w zzZ}L&Y}OjAz_$CwLI1-*Cm{kJt+Nd6yB}j#VE?uiVHMfa2PaI5)ZYYJ>8-&_S}e>r zKw)ZI6}|(-#{L$pDUv;^(1pvrHcF?;V75HLRK%2MN|s^-$gNg2Am-&gR2(c5m~T~? zpL{_K134`lwD{X|fnn{LXh3fDd9Tiliy7r!Hs41Sat!>ODu5FPecRITpwoL+)cpyb z8}l6q2Cot3p07DP1?-gsd~<=@7{a!S0FyvSh)E0`zqInt+9aO*)XxA?Ne6|IN?vNF zFY(!Rg}w@OB78xqCmucw2QLWHoP z;e3pDtULvI%>6$-t2C+DZL2T};(uT5{_K5B@HadeFvC{tm^gT{Dzt>`GAzny_P#!j z`AF{r8tMwF=`t6I+l=7NkfQfd$$OxVKH~pMY?NtTISD3H9o!w^T9r3(dzt^JYbRIU zK}AVP#Yhp_woQ^Onis*FIN4Mks4-=)Q8Lr>J8{X969odJa@~MRV-tX>*UB~mlR5{L zn}qy20F}+>T9&0Mu&VFz1Qf@mR*vB%v+87&LbC{kEiR>}3xri3Mo;wVI~=P)eD zV>}4HM!K!o+Q{_zcW1noleEA_N0$^p?w3IXj%3p3PvKrg>)M%9%XU=eGWf|5)8y_y zk4nP$brW46b6e85U6qo5 z&iBtY!O59UJH!4mYNRHn=UaBS+DS}SuIB&2Zmp|m4=CcOwN z|3G=MOOO*t`@B^dK6he}`+kL|FZYFG%Sq(jP0lRzc6k_mJ?vpOxl1+#P+Dtysa^EsPT?1@HZ{rmJr>T3SOpw9@U zm^VuK8Lz%MuJZDA`6i4%U=>=?bO;r$PJ3&wx^bmu z79vwPfjG*v7a>lQ;3ks?pPw{sT<14+YlqICaTQh+SL+yQbTu-Ys;P8o@nZZ{{B@up zs)`LpepIXEtKeMpF$=lqhMsJ=*6@3-WYj||c}B91KUyo*I_ON#?qEKCrhV(5VgzFv z!_iuNYcU7E*yaZ1;A?Z{F$n9;O#Al<^=2+OZV6C=JUVtIh5L5g3*`O+ddWX;Xv~%y zLT}ox`y}t!ysBxo>psI6@dF7`6Lq;olX1lD6~FZ_nM}~76<+bIF$UbSRP^C1JMNb2 zc*T@{wU_jNwQlOa+jy-kk8-(+2Ykp&g9P-|tPr%cg;S z)9l++*J(E0qrBRlmRHU-0wPjqU}Dlsvpp#;1#-~M6fd%9>h$4$@DY!Si9Q187o8%Wqw zTxh%hJ*N5axm(EMeyh;A43yR9Kktk`V-1^p#wHl>Q~9m85y`y>qsh&iQLkaKCY!cx zk@PwGxIe1;IAQnBd4c#0U6Dgo_8gCrA?j0rA0`qk`}-A#7|QVN!{wbw~Md5OCsa2Ae-py zz}<&Hp)KO$x97afRK`wV1gPJA_enDHikM6IyV_EpJUO`Yw%1bni=p;C4^&7!3gxqi zSMQd z!xK`LT2g!w!)iN-H-Va6Oa{ZdwZzDJ8%UdI+kp+sH&{v73u6;%v1sbobPKoW?{i~8 zysK$4Y&w}z-rmB3K=9MXk&S0hy}b|p*Z{(~x7+t`L4MjWJ~NX`)AGnDhCpml5_&=V zi>(q#KP71ogE4p@5M6ImhXn{^%|bF_gF61TC|C>re(kM}NEdb$Q(|$L&>2Yl_jmm` z({rz;?9*-1F?if?{_C#4qtBsd%u!Ax3mT*e&72E#?u|KNr+gJ9G@GxIIxEEFKV9^W zsU9woe-U{WBl^(T7HkzDz02(=kiinJq^F5`y*SdKQxLzoc9gU+wWnDX?gf#V{U}J@ z3tmBkgb99@w8Q#TR3(<=5 z2=9pco6w&4X)0qzl7H$@6zIa^RV?uB>lwh6J>O+}a0lZ37xouV<7N^Jg^jP=AN^s& z6Og7xqDI6Jkj>8wyDI|Bj?)7(Pr{_KsRX*fRustW4RbJLF zf6gmJj!XF3%r>g;q^`+JbiIo`WloEib{Qa+I|U!o^rw7+U;|&w$eJK&$*yb2p>(8; zUcXw+_mT2rrCKB|Fev@Vdz-CYV>p02Yum!r__f_r->|O=L72a+ph=HJnG)!m?ZS9O z?^50{IJW2>$EK1IGYzHhBY?PO#9hkMe5*}!)a<#tl(%mvT2xYqk=T;zrNR6kP^=jZ ziOfeIOHs%qKph~c12p-nWpu0?ohgs{rjj{u$93J(>aEXxx1%}T?irxE>vY-5@rLL z3%qZ=Uc1GS2nYuG`J4E`l{b91?&j9tbdJ29{foVtgtuRe&# z6TmJzcey?CRlQF>;eU!9u=@KQ`?Z&!sU_>YO{ofR%7p3kr5O_(HI!z=oxEufn^tFvIZ04zA+CR^mv`K$@VblNmraY@FT|C(v2epI*6Caf}_-25LL{qO_l!!2vB!FxCV->r$He-`<`Mf?t# zY82w_=$Q8CU(Jhj@hN`#SMv~C>ziW#$FDE~gPB)%0RiqC{sAxZ&V5WI!T^7bgzl4p z|1c_FB>jLZKzD!uLHNP{{@z_6LIRY6(jUP>00eSS_CNP-s%Zi=?)&Hl)c;lW|Nh=h zHQVB#2y)%|SJgN7ZmO~62HbQT259I%)%;KQ{?qIKy!YSl{r@-j-@5SMM)&_b;{PLn zsT1QBXHGiKC%3(dEL)~iNOukdD;ion>8CsS!iDCR8%K1T^oF)oHn#cG{IBPr>?6*LO?)d{*22Gt@1yJRU0#gg z{!I*MRq}gdYcI24w{N{nr%O%U#Yo>Ezn@pIIH%XfZ&J3IEAK^-E#@xPY@_XuOI-%!f4>Z#i4!X#!l_fUxnW6QGy=Q+Es(Z?%C zRY*6t`H{KZV)usg2rZUVv`YVW{wl|N%*ucH2nPQ{SA+eDsR!MnCBTBZY{`-^cUH=l zXA|0>>!@Ob-|v_V4Q62!oZGu}Y^ZFyvVZAdsi8Wf&odSP$Nrm+B+tU5TU`XafPY{q zjD%+-HN9Q6-%gKXDB3DIn!MkR=KST4I@;fKyJtu*Je$VxtwwkK$ld$N_6f=<9X;RR zdO}rF^p$?wG07n`HzW>tFfyF(vo5Jvd$HsDr^SzJ>AZHooXXjdY}8q?@isF(q^m;Q@xwZ=S;(Yc29BXEX`(|MclMoc9Ehv~F2DRA4n ztnH*LG~WDkG9xt72z>PF&M;8M$)R%%59`5L1xt!0e#W|Vr?I-M?tc(2ey%34zuLJP z)6}NJhud(4U`5ZwzvI&k?AQ;cm@BZNX5i4O6_<>Deu6Nejmb(%yNU|90Di|&OV7Z!aS<4PaWDzji7v)(pz_lA_I3U62S1K;c(uvt z;Wk-gVe{{0p7hsW#iCR+5rXKbya%TuU3%8(aJ~98EhmCh8_6xZdB##+1{f#9>A~+eSo|^nkXXb7T~+xFYN%1s zQd=&{fiDL8;^K2Po*BN?mYb?R$@x@g$4W;k^UqW*wZsjpaCUKA(aqeFkxAM7U7&0D z8E!3{CbV~+ds)8+yGx3YEHJ%CU7P5tk*A; zRO4#IJ52Dh+UmIj=n}X!zDLUyEhy=;{RjrEyLn! zns(8IK(GW05F`W}CP;7#9tbut*x>GN!Gi}2ZZm@g4Gh781cGajU;%=K;O-XOVK4H$ z&+~rYd-nNp_P2i=F0QLrueG|X>h9|5uGKZ&hg*{kV9sOG_ZDS1{X%4KUdvQ(TSQJ5 zJJJw1h5(^a`*`STxhhr6!HRBMl}PI81?Lk<(BZH3uWvdCA_}KIS#s6m$*kVJIe)1u zS~GcJD814u>>B{_chqQHp4ZQKjCWi-G42b5?pRE*YW`c=0;v}xVpZj667=BpAVv#Lbx2-U@}0`We^Nl&Ra%Na0EzUIUphe{cPh=`#r8KM2J(|*9> zh>uf05NMe`a4yxXp!X{cS-)Ipiv6#lxxH17tGDvBTXFfffmRz3ep~EZJv*Bxg5U+# zUG{s9*Q32;u-EoNe3b#a*7%i0 z#PpS|NBqLS*bL|AEI;;R)wot|0-@GG)ZngHoxG^B5D-MX_42H}F=_SyZ*2=kY?u^_ z!T-AYzxKZn_N(H}*>uHP#hzF0KCcl{~TO0H(ni-KM)YQPXu-_*#lp?>l_$Vb|&rL1pHS zn_i5*Lemj2o1NcUh(m1lNYp;7*G^*FKhz1hwF_Rjoi8GS3eRr}u`I*IR-giJn}Il@ zQ;(}nqs-6s-NUfL>_h!V!n;mxlEEe?7b*eg2*t)uUzr9NYdbroFRU9+o_KL(bh`&m z1B4$wF!=N*%%H|q%adoCH3Y9=8Ym z^nD2!S$epqf%x|^A$3n6IN8}e%7}w;cb-TyZg%FEsO#YO2Ube=5MqL0eMT{3hix(Ysp8_jmVv!S|<*FVD`W{)=7iP8{<>QjAVg z|JqZW)mQSkns4GW)>;_oP;&2?TmTtd{V38jz77fU6~oW$a38lDqoSNH-u zzmY%{VVE4YUk|JS|FxKISnJbM8p+ZkQuT^uT{ z=0g3Sy4Fv(r`aXUS;a&J@-OR7v&-*FbgMrGM)rdb|27g!*bYE^VhUk(&NIx#0pAip zHp4ORUch*nQ*pajzX2kthq*DEC&dndq}_Skb9zB8ux%MRZozHg>~bprF>cw+)He>cQy1-D%yX^-x%f| zQ9Z)uFep^SR{igB$rJwO)%4SU_IgA*xr6I_*=PdzYF}!>#`aV zNSpV%Ovq5UkO0E%B|`sl;r>q@AA)db!OEyj=6)Gi>tG_vHk6pqlpa; zH$M#r&FzJ-Fb=z#=WBBsb}c0n8*@`v9ClSV6W2d?Aoj+V<~Zz{)@H6&G@P9LTsZ8q z=GK;0u0ZAmHx9dmwX2J=x$`SW``3;R<_@kjFL2mjIodfotG+fi1!|Nucege*mvJ`s z#9@b;J6Hm>@NjZ+^3vS?;jl|v+qs%M)38h18M~TGnwvVBnd69x;{1!zHxpaw*bUI5 zi_U?@v8G4m37?M!;K*{MxgCR4H!Mtg98Q-jo7{?@3zI7!(IUzXA(i8)TA-sf_t-8; z@71?lIm>jhsI3?nw^;cukU6laZn2ZLtDUiW)->R8!}S1NoZx@2#$A^{20d5_VD7Kbz;8r0UpSO`Z-LlS(0?m|AjhEQ__}rMCsfQub9)#VbU2@Bya<&YQtyb4MJsA0VGY6<wPo9`E4 zOE$~D5q>09ROf)lomU=6FE&+@`Kz+VqZ}pgBk@Jcr;uE7mbPRu6a?wHhulB9V;e_$ zonkNl;}wg}6RLaHS|+6z+dtZG@>==B5^I_d=VSJKD8KpD>i_0_p@5^%BijM8b$#BM zF35VSlyLdV;i4E;!jWWEaH>X4c=fg>h81pCUhj0!Pi8E;2d#Ta+=W|WygXMwS#$Gv z|7QDfDTyiRo+`oga!6@-3~uu~SMXjjM8)QaGnkEW4_dzGoRI8Jf{FMNi4w;6mbjG0 z*8*&*F>8t=Y1a}2BqB$F@P?N1YLP))kC@77i&0-XuKcI?u78) z?|3(FlMX2;;53HG^Lajdj5t5NNp{UxqhIa(EIF$LJ|8}_Cx~yVjVcTQwPWw`C-UmGD>vk64h7crC-~l`FPTsgU)g9=v;5nRIz0@9v6$QTr``aE} zi_Pp1r$Lx}MYUYsw0#d?`&dmT*2JXh_zQlOD!P>lA3&Kb);8C>-kk2e%GOkSkmhFk z^DzS2GcvvZ#i2?qTP+;wThn44=dHY6!mmHfbSJY17!zFz}rpf*?4n`_+Z)1UkrV|!I83%!!n=AI8K86@2Z zGN*7pV{0jHm*y1ZG8D5MjgzjD0r z8DqNisDc(Jn<1V=mwguim$g)gPB-uKa|Q{0cQ!b?-9*8||3QV({Nre?H@9NB~w}Og{FzLT<2^ zv*XI(@)r#}xNJUeV~ej~?e9jNZ&g1Qw)eEeWxW1P_|qRUtWp8z#aHJy?f@BMzG|MzH$L`3?LWz$)k~<9(O#;F(9W!9_Bt5P)pTDNT(%v#aS@ux0-v6GqW>=SQAWjq9{8eDbZi&7~Jgl zKNWc9Z$4->7QmvPF12I(1T?X8$#4c5A_7$qQGnu{BnZojB{w=$Q{)7)LlV`)e)#zB2f;bz)W8UD& zmP|XHc2d?;i-tNC+p%-;>n5mIbY=XABX*)|J=d zx2z9C|A7>a)b6~%ewkgL1)oPSWh`!# zuynT;Jw0F=v>O|s(lk7oD&j|Em^CLISq^2MK_@==fdznQ+v{FGz1;;_|7MO$o-k}M zQMyy6MW7hM!b|DVC7fESXTm&n6W{TSEBwF?h!c!D>QRtO!bM-q?A_TD{I!UBHpH{!-nGWJA zXtE?hNu;JFc@Nzjc9e$~`pju#T0I|}a>gqch*X`@xf?^}5?amPYhGs9STY!Mm0Jf+ zZl6k=Ur*TW@T=SH_ff|;3DgWPpSt!R&V;ZN>L2)MxA7;3S`eKKpCP&I$SdXbY#fNa zSRWSyn=#!)r%k0{b*4RbWeCw&A$mS$V&govBzNRDq^1pB=;5+YL=^3cyoD5x8+z48 z+Z$mU?2>+1Ayb*YX<@Xz-yh?%PW_KpV<*L_g@bPf4%3^DM1Ey3To6jvFOdm!B-?w zW#-syN^X}v#E$H+`+O}v))r%0j#YaLTe#;J)~GE3WV+98EkY9Pc4JZME!v8snd*86 z!3?{G)7$(0v^%)F-RbUJbKmn>=Ccc#o#ne;0y0ncq}p6H7lSq_y6yHh{7bl>FV-W7 zk|384rkVxVkY-{~_p8r`hW>2Z6z%A4`<;TMf-3{48&m%$E9X-qIkwVL-sXSA~+E+-%K8LI>fg!H>|O#V5RWu z*Yg%~&!bZ%^XlK4xO#623S3U%7n?-aMHOWng3YqO@oLKxFDUFfmI^E4>nC`#lZf6! zs+}wOn`WITRov~B8l#?KTLkJ$=B2;Fe1{&T#QYk$2IW*5jkbOKuoGn&rl{|R?;HKf z7LF&4=8VJ7u@Jm_kjiJ6WXb$@qwXhkURFRgYxmIx zpUn1*WA$%%II+st>uKV?d6xHDVYWYoBrRj5N#9-3Xct;iP@{+WNVnjiNt#|rS8zdN zrOEnUugEJ2?r`#czrKZU?0lB9_7|s5yPCERsGxWjX#EnlwK3&vn)f=L#J)WwDE(GB ztgR=KFrTazIB-XZ#Lp&@5v=`X02Oi^cX0<@xbZ7AMmeFOV$Y;(! zV7I2Z>e%6>)5$&cIj-p*OH8ep{iLS2CEw^;y^7huLGIeUWOkNc-+bkhjC1N{$py@V zgnC)Nq0CCQ&g+H5R{eyGTcu01W|?ZR{T35VlDX$)WXc3;^hACS!9Tmiyq3|7ZUH?L zeb@PUgY@%0X^B`~+-JudOv?OB$U1Gj*#n*L4={3F7E(ZN<|V(lx`iBqpOC{L9XH39 zdr=kLix01Ru`)?>)iZ)fAG7y7)WxoGbBGzMy!5-8&R{Zp!2f1wdYxlpv}~bPx_iLa zu(F4v;K*hbI8>}HUNuHF3Icsq;&h;0vb0~YTCk-Q!XZw6vX;3u8UQW)9sTUmj5SyG^#h^^%Z@c((gA(`jC0w8 zWbt$_+R=;NZQyY+u^EgKIEH*xH<#bJ8TrJc8-gmGuBUAD4>~=&n%S*Yc~)y$&gY~$ zA^$v2B=?fNrLxzHwfHdRB_cbTIrzR@L^r;mFAWTxCGPYmR8gjrg{ zQPM*%Vq_mHxvcs!y@xJ%+4*XqWwh!i?Otz`MP`N?8S03kuyJDNXB#jl@E=qq!FFFY zXe%l_-*!ye>n9gBxT=CYL(XbKwzSg9$n8b>eOPM>Gf0Fjxl5uUl&^Mj%<#;=Mk!Z0 z+sCp5LX0(5_6-A|T@$)@!!IXmu1Z_EoSyh=TqyK#GNr+7-PUi)PTXxncI)z-UmDj- zgkGQ2^oj=+Mm9)9A1hJ%W`5hGVA$OpYbp$66{R01O0A`9L;8uN=F1SL5Nm|&ZjEl2 z49!DZh#fB5b4XrgWJy-|rBi;ys#O~-+6f=ovr&ZigB-{lX5JajstLtQY;&YE(yGz5 zy=(X}x%gg+lWD3)@0ukJTict3CY~CBR>C!%e#sB!gUb1wX?+mq(|6x49_kanfG@P8 z$O`cXt#dUM%OlL-fQ8{BxKe!wQKJhf{zB2}Fkw&Hk9y7Gg7N7k*lfG_tz;7vrvYaG zMLAnqeT0EPaadPXD1?s5(KXrWd|ZCZ^ytF#Te|x8LG$YSx)kKlA%@E{kL`w*#(UtC zW)`Lo$!aDZ*Np5PfY;9F9BMqISUNL-4uTof)Y9SZqhOHJ9=*GNv(1h`D{bXmpX#$4 z&7nyK1wcaByjZK>jODL{kbRufT74a#wkK@2aoy>!>%yJ6zc_oAUE<;tKk4zpzYxv= zr5IVoIL>e>lx#zNHX`aBj<>-pHk}V6HdeH67pON*0oj?e-H>#l7dMiW*`?ePt6B`!8wN zCW&m0@Llh$&(MYxNr~j8*?S{Kmv5@vf2Z1FQZ?_;l{P))n{I>#5zbOyZV2!Nag1WJ zi_}PDSo0JDEeGG~d|O7<=dn2nTUJhiS#=Z(z&Q1GyG? zIZ&hOvN?R}@!0d|sBGPUYRB$lpKZq%mqahB;k0K-gEF9(^ZfU_9?ojm_a}S>iT~5y zE#|#G$;4(?>_0z}KS%}~=qq1u742z%niKJ+;x)9@xCu$sTF21}DrzStr6gw!S}kB_ z@As6gJ}-}%v0G7u{^^FCUtV9Pn2~gWGM~~of-zigd4M{z#V>+>zI}co(?kQxi*XJMJls-HJ$9mt^g z9+WM`QfJ8iyT5y_shi)*Zlk45JgSsWHRk1XNhm}+V(^x3&uLz{>J9~ zFqKb%U!zpNih-{!Z|bJbH+c=}cpor%TXk%&B`i3h7EOcZQTegPT)DX@6sP=p%ym8( z6MD7Bwtv3)N_3`Bk{TdBwC40=A!qBk=lfFMrSUFZYNKBeJD z1pbBS{vF#uOmPwISkkz08Bit!dYD4&ZeH@1q$~JSBT0>23O=CWXy9&Bq6_A}{ZG8Z z>9$L@@8xR^A3AEkAMZ~v%ZtxZ_6z9`g=E5J`j+*XKe~X)iMQMjEa0;{EDqqm05l$6 z7WB@@FbB4|)PMRB&UFz+l%4j!rDH~9ds02MExTF!xK&84 z*Z)zCKtMILs=j;pz~RDyz|m&bXL< zGaJE$!A`Z^d+HZ*)uQDozNUN&Kuou8AQR_X)(PrG`k6hAc_b!3A}4_wQPU?T%F;_V z<54V}XA34DA}*@)l;j@kd-TtsgFW_&BH~VDjZP8l@ zS4#VX{Vh$epj0O%aie|XZ&5^~rBl*3K)+}WXIs&aeGMEzr*dHu; zJA%HXA1@7!j9Ne{f9TyqAdTQy1+kDoX&1@_W7tcN_?O`Bb$TNDimn1baJqvTTMA?z zK(h1_6C41EmzT3fi(49(XOhMLVR&Xg={GH9;45;rUgv!*Q=e)cS8*opMIA5khA+}K z(zFGY1;wc}MvnFP)ADygvV^5tQy#PXcJsCt zjGpc_cIa{%s&_u0_OlwTAK2eSgmbvfje;zsBEMIGIEk9nBTG@ogyBP8-m)y8_|f@Z zhQNKXlY#GwANZp7bR_7I-dBQ3X{@JAI ze%&NQNu(u=^S0(!-A}kd1-i!4l*?&+xFS3Yr?6=*rlof(;>pC;@=Qw7wL+IB0TgDi zmPJK3)~xTE5-XnEkSLOa(UhWuU)*PE)8z9X@fzMgVGgk=uB0FnvDW>iFZ+B)?$aQY z_GJ0zSLB@nC{E+wIPA|-6>8WYU(8KZBHGwV^F_cIqHF`GgK4>hjjvZDT$vD)Piwj9 zlHQZKAbxLzZ|EoUW?UYC(WP#(C^-%K9QKs*Rucb`!SP3%teZ+T2HZrNzkgC9g6+wc z*Rio{$5mT)lr!Fql|^FM#6kjMdpXxZ&B2C!k&0xs$)Il$XUw)9r5XF!xEUK!%Bq-q zg;VA5?#J@h7WZ=a$@`_Zg1*S?eB^lxF@O?P86(9IbdF5R-Hh`r`*SI(15?z97qw-ZGZ+e@?-W!u&}3;a!fbDy-@Y3Y9ut-Ffs@s&f@A$ z!iMf!z_T9a00zzIwlT1qwX#-{iI<%6ym(jg2o+x6Hbo2rr(WXAifR9|klB&$KZR9>;?j3k zh6e)`sJ<7)!NwInMgbE$M62U}6E-LROa8HCaJf@lr#beQA6H3@m+zp8;PB7c%{F*f zJIuSQI}(2?U@mk3;xQplGKn4j8*MTv?VPh~&UX~0PnMh-ClOlvCoZ>g2jv^3E-w|5 z;BdNeluDFW(rDfV2`IjWd`P_nYtuV>uRcMAaQ#PPUpQ@_OC z5F_OlJvX&!9z#z=59&3g^jWM@L_;odn;DVFH%Xo696h-<@;m{SILEKzI@34C#rdr< z2S3wg?EO&&PDyQ&G-@%1^CUu>4H|-hNltF2~T_n>QVO?ZW(DwM}~rJz-HKBFq9iaD=R(CaL8{OOg2g z1g7E=lLShS0}@8ZKK$58zM$1(T6Mg#HhZK4ZCMKXelA3-qk(dmj$IEpySLYML#6HN z%)a!{iXoz;nC$KEwkF3N)II_G0$0p)ERz=2pS%r|p*E_Wcx4Q>bT z=~sWod}Xvz5D#ytVx0FxP-KU>x(9r{C}Twji4&k2qVAe;rnzEiFa5N7yGMf+5ds~% z7fQ<-tPNai`m&9Fs9y%rV#%QbVf}Pu7=c-*BuK@aWOVVk_c(I=KC9zw?{1fURm8D7 zK)_P4u5!=ej_c%~#p2mOq6i29dI7|O9b_LU0MzFp-n|yzeaGeH|8SN1|5EXFX%ZTC z+NT5ySbJ|GfvbDA%2=D|xK1yyp=bz#h1X6z?KLL zg1jaRCXfkhGd3a$Ccs3@abQ6ufZXlf|IE>FVE^;%uM)|@1fgv}5!x6aZ2@7?;(@;! z6G%Lv#S0C904X%EjVAbo#1p)G2p~;H4;42e0&+pOcmI3t&pR!k;1^Hshl*o4-KM~l zg5dV0f8~Ib0~;?0kkaYJ185+@f)UY^`vH*K-0j`}%%KCt|90 zpIco1YYyP#Kd}2xD9{7`pHTjHT>e4p4@&>!{=$v}8vyO!;29C2|DQsc3~=&qnE!Xc z{(por_`!q!AIV-*X`d)==eO@;kXF-cyB@ zHA)PKm1RYO_+f(s=&|x;2=EjeQ2OQ19ZwoCz~W)fk^&7FK=KB62Dtlo`kS-?gSLlo z`LC4r4Xy-|zGt5G?-WY{*{1uOG?-BaNC|=&L#yXlu~cG!lm<%$&+)4+LG}|M6$g@; zz-k&vfxlC9$A3}$JH?I{uV2V!20(R}dn1pS8KMe~0#}UNeby@e$rDH;8zLtUO!HVt zBggHyY{*saBgRca>S-AV@0fE^Mo;7r8lj7aM}v!`=*_{2GWj{;andbjkVCXbJu(F7 zYz0!%zp(;&Cfkv(^|-QH?~60C73B52BO*e#HVl_w$iZj|q#;gJQ?-1g&pG~c0zln9!)+;mYDZE`VX8ePC%)5yLED^x_JB{v~cxM;al)14oP** z%E4F(5|1FIf89CKsM&|Thiq5!6=DCu^2=)Rj}8WPJoo7K(QAKDDl&~H?umw z_hf;|^dFe5Cv<7ckfgIivcGL~TiGq&{%H?d9P!-KyDdg4)C`2nMnnxH!>zC~=Wqta zBhaI;+a`0}EzVM}sd-DIRjI(M9}woufjtw!onT@RzzzKF&>Es8OzmBSuLEY0-JAx-UKdAELSUnL9A> zzP*(oDzyKjTR18Kk$zWw!8VkCR3cb&E?eKf0^GXq{D(eF1%s_{nUnzgmLprwr75r)pb~i>8MRSZJ(}hwV4&-7kfHuarG(S)tF8)rJEIu5CBM*1 zcU;MCZz}HBF+^Lk_M;Dmqg3JY}UxYD`ewXP?XOw=0^LpQP{=hWGHLbsGh^NDle@VYo2xLS66m~-DL&P)U$ zGD=4hMp>`3Fg0^urGx}vV=xG&L;MaMRbZ|38=fc2E2vJSQbKt903q(lsIAWHejx&j zpLvC}ZP)y*v6Y451*vyysHRzJiX&~?fLm%G%v6Z!HYA7+_zL74>3b^YS>CWXWudr0 zxoH}jX_<<^d###Au;)dNqyl+dOnQXKA`KK*rQ~0?p&!f={pfPu-@p5stBAF~FU(ot z6bBl?gfu&x$t!pO`HpWBc|c9D{QfsdGO-&uNr8*@=sVEL+lhtCJK1`Vn$Qp?4;aGj zhk@9H@Y+vRFPftm$AU{+P+G6LpI?$sMr_wyUD**zrtrIfJ!=8UiXzQ;mC@ocM>@%b z524Hw$&~JMKqz--$beTON+YVNs$DOn9HgKZ9ozDqm8@)+gb0cU*RJ*y%^-RAi3uf4 zepy(%GuIB|*Y`-t=f5q~%}t4tk;-ydhU#Pud;`1r4V6JGSe{K1v07~BhV$9W@e*8p z;KdlCGDtVksAQN6`=~j&n%c+lA?;{#m6+Eq4%Y7 z-*LpwI{1nt^Pd5`Ftc8Ulte=ljX20XkS&$`6~BziIgH@w;H%lUNTp}-9=Szd-~N4BVmBJtVWX@l|C zjLrEXi4wOX!txrqIg?V{@Qb*?~ju@$mIK}7_y<+6QM&R0y)N9%6+4<&N?Oy=hisldtHHDTM0@59< zft8IkhzLfhsQu>pjdCeg(=Qe}D8p*Zm#reEY=lDmNHVAaI7o+z;R|}A|0m|Bm{}HJ zHxiZe{sUX{HwNva?{KP+fKrv07Mh1ECaRB~y<9GhXkHrKC)@@t#vCdubLBTAqcp(0 zb+q8_Xz7{Q5ykJa*H-i2$fy*s6OmR9{ z$0YRnXX~VOoRD1TxrALd z`+lZXLKmtCeH;Q{KB37Dkvk?qPG5a~)ER7YbaS zim&oj@1|w?kVDjltd_6O7x7`KjuIMrDbBP&#!#^l2`P*^_zHtRbQc|v#fHd8e}MyV zRh6F0LC2Gfz2qBhcFQyXvAq}>a|@c1QQuxDi83>ctN0C;qUAAwM5qcR=>eenQ6~%^ zeKL(_61+w|+H`;hvHp-n`~hRqwgE*BC3><-m7BZSCDNY*hl^5tm37{cU4))Xne-Tv zSyYY`mEhSjkb9s$2g1sFQpYA70bBMu&7YNZdTeU(QykJ&3Y{KMvS{x0xOQYH>e=$p zyTK3nX}pBEa*1W?{J8hP*y>+xhlcc7x;R1{W#znbUTaYT1&X=X1KW|S;Y!*+w z3(l`A;OOTDJu^#wunx)jih2N47txMXC9^0WDN_6k-y;o&(!$icP$JsYrQipqhzuSI zXt{MJBvu}JRx`3!Ol%!i1gM4=i-%unYQkNFNC%2(YnyV;e$>9o-4uasAt)2sKp6O_`tV=){f@9G1>Yximw8& zLn`Z%{gvS?GiX#{D$b%$5l}aRnbX?FHTjD=CX@>z*VUZo4XL+cpYLNb*_HK9;Lj-& zM>B$H`LglOTZ*=+Np%xZfqg&T1Cum9r=4ETo;n~Fe75|46-SB#0r2g<-1nZK(ZMF_ zAc+CML4^nr6M=^?_<0wR3?Uj)a25Sw#WZ#qpj1b9By&AWSWxir>edGE(7F6zw$3KT z8GXD8C;X9Y{9X<^!6OK@`Gg5hXkru`m(uihR$*G~w%CU#{UE=dC6{Eqr&F6d8=pvt zB+3GhcA1R<=LHt%tGP#5<7IYV572Vrbu*`|ABf z4&Nx7C>Kb@YyAWL-0v+@j|&FXeo_H#{{5ASJI!aYr7P%(MMSN^N+X&A!(z;r9+2tV z$rjMO({(b^ELI?Ml?fY?88KqTycy%#0$PzGv^F^O&EKJ0xi?;iTa^HyZWROrcJnRZ z?q_(A>WZ%fonaAN4_OL}{s{DOe5gq<{u~w=^`Po+y|{)9x~N+kqghK1!sQ@99>Bnb zuho9xQ<_xp9(-)a-U9urP{v~mn#qHJ*ir2{8$9xKDQ$T`n!^1Rhb2XMsK zEK$Fu^ptU{#u*hu5?HuNLp*!OPX$E{#6(n!iz6&E%2T0s0}if*~K#H{Dg8(q>s-SG+}dV2X~mwH7*#35J&^0EQhKK?bf}4!y27 zrM@i7Efa+Gsia;-)Ci<$NJ9ybU5ZJ&v|`Gi5kyQMUr;7yCx@i z_l*k|Q(q|?CKwWN5cr55kMpy_1Cvny3fLT|wf{@cY zw0zSiQW5W{aMS>VU`cH<%`6KfdK za1&k@tKn+5Chn5dDW|`w)=w1xY2^tjnZYh(BxRMR25Wx>)jDO2oK-?s}w1t#;$)IbDSy6G!G~;%Enc0LRB=5 zvbf{bb=FTo6F7TF3yQJhj6jEORl8p0SRW^q{ps1drRPLcK`sQr9c6_dO)8HjxO3jBzrKUURO z8(;TLUPGWpRz}Xl-|EVJAB>5feqNx}A*qC0;-5bSd=lblmwWoiGn`_C_&pL{!|)>4 zXFep*)cj&}7l%CijvR|-A!~NPRbir7^$poZJyL9BstCwFPW^Bi1EDY;VjvO=%9&$# zEt5Fh(o6$RHSPh~EK*noIGIhfC;i zbbd4F+%v?mx)=WZ;7f1#wY06i70E3MWUG^ql#~>PNM26%)8cRB zIz(5aR=DGKAuXWM&1}F!HOUw9jk{Lc_>h@XgmWxFxxZi7rgtJ#EEkRQz}kaICguDSqCzk-`{ zFASe90=bymcT_$XMYI&PQX8~uciA*dY#rk8m{mK|B;vt;CI*Vz;x3>b>{Oiwl(%^ z4YMPwncd6lsZvJgSlHcik6Nj1x%8X)r3bI?6yHOPl-}FGIk@*>$K`=9YR#n-)z`xs z@fo?&rfKkA$`nIvUemXkv?%+nm!I;GK>HumhgJwB~r6$9;SkK${l-V#e zcmTTPke6ply45`%vtR_@P(P1&-+C!mKv13HoIq?4baO4-85EIj2fn&v=t&~OhMj)z zmuRSTC&z@xV51TIJhw1$IIj3(^m^71zUaGt7QT}F*2?5hcjL*LOx_KRp;70ryLpKv zer-~o=e=q{<>${i90i~4#9i!0DK~Y1*Popi<-?v)%HNO#mg?y!DPenOoImb{6ZaZX zljnRe1EN<(8%q*7nxA?t{Hj*bs;Kxbu7et>#ktD+@xb`u=?1Bc1-7`7=?kgZymp?S zlS399OoWHY3RK1p-p>z3GIAI{z0?v5GJtL96+aoT{;F9*@v$tNfu9=XCS^jo!LK3> z`1Dv_IwS!OxWhLvr477y^G7vpKQ#(m`f_IHSqy~MRm3|+^uH9FeR_5EV)QP8NJ5`$ zfqI2}{=NpjhSwud5}0YMU!P5cZ#%E>L|vo~gt9LF1wJqJ`A+X^{+xg59%5;&YI_gw zVB6SM)bNLkisz0Q#$;_KiqdVK#i3=%?yi!`YZ9s=(u*)Tp6lSmVVLy=~tyj{-~zZP)O9%bZAQP0?`6wEMGVoy?ac!qlZg8m5hyX zv|j{SGBR3Qbbqj_3$qdG8QZ>o%?I=5z=oIJb5%N2%($fAh7~HEvj}=sl!&N# zgK+)y^owBOYN?aP=W$mOyuk>wE3d+dhY`ON58phE4xgo(d3Ey^5@**({8=&?H0>Sq zjmfoelI;id%4;LCYgq1Se=h%`cI}sClEF~+7L=9EJW`o4%;iFKF}kx^_>1~TZ&GNW z*#;peOTYZ+q-$;fOt~lb#C1JC*2+Kl{`Cqu&$IqV2Qurq4iCXnB#$|hbC6%6VpuBc z9Fm@#zkvArc_E$YqWTWV`km6M@P`4Oi19j&oPJa4=LupV{-eR?OC_!TjU=9 zE>tXgUP>pCXm|3{%Q2YiJU$1L7js6ECLQS*Q+2EcOJyUhp7QV&#J85o+!qz@;5NK| zfwtE?7$j)DbRUtOhiN5m$EL=ezQW{ILi*UsQ9-}fS}+|)4DspM`n)y{$APEtQ9=ty z--=5iaxmfjlyXUC-HMp&=jfOQ9=LO~F+RtWyvjl{@{uGB0O;rT*@~a*M%rq5vq}$f{nAE(rPmPnUj_AKMM(OOh z-)+1D7Uw#&u*0M|E*~z6NZ;D=MIJ;PV`A{szRU~}$y(u@fa&m7Up!#NM9`3z<4mT= za2{2#RIgL2ZkcA!I*!(a3QlM3wjS?|35ci46|DN%4hjJ3TGFZ=B~)r?JFiaQmT^9d3+o z6{px-V4Ggg?mC!-4wjO4Y&U*-#^EfSWA=5ELf^kQj&B+v9J%$X^{LaUr%rJ>Nn}R0 z;a8As`A_BQUxu#e;}=YC>U5jH6Jz3$GXm0BZHFIdZZTxjGQ~WZZY`)a#$^h1Ac8+NJ+HW@%ADcoGRex{k@dk=$uaL>1lGOI zI`blT^ZIIQ!DMvEP~#V|7>3I>*RsU&JgDEsok6kbN4^GL0ZH79^h0EswC?9Gi}5D{ z@c<13HA=WFyg5p(Ry}W&vs|@|A==*3ripJHGKqa_ob`xtqJF=d$=@(*62LgZFRP}% zm+^B%2}{!()vvVA!eXMC5&5D8ziWf=M9B(XzKFE5nW?bydwvYW=kVksS=4x&5|9Io zN@t(c-~9HM9JBlhkxU|{a1SpBOHzy|zY#DODO~Baf^=3k8Qe=ICYgSPx#)}gC>+e_ z{}UDJ$537ht?6+3Uv#~7SR75$FB}1aLvSYvi@Q4;G+AV^;1C>w+v1ks5_HjE0T#F5 zZoxf3fB*{wcL=&TXUTm(&-b3|yx$*t&31Qnb=9wHs;6hVy0LIYi}B7jDf_B@eq95x#{ngzcBn{tuS5xr zfsE5e@V%Uk-FK-4znbS6nOFYBXVMEXykWQqQoj6ROI&tv7|2(){DV&|h>MxxD%GoK zUDN(P)c!PbZkDyZE+#4o_`VRvktEfG5sr{@q`9T{*lea7b2(eKkQ}t)9Q*(n0mjYyrzBo?RT*@bP^&I_vOQ!x|b@BB`p^-rmnR3 zPgiOBBz*P=XXbo(HLxm=eojK5?fOmf-gQaF)=$3Ys9lRXH3#`YnBU&f3yvVam*nP9 zi!M^tN0JUg3hh&dek(Tp0Pcu+nCPHUiuD0Kg}@a@ISa{_&&}EQnM^)P9p8sp(EqZ2 z7Ne^BSgtw(2imKYF67iL&2K8``AtG~sbRK;cwaLs*XB;@)ce$X9}CE{Nkj=u1!4IH7f@~LRA7fqnf4@t2tR~S7%YfpR55lN zu|~t1`wB#~9S-mREdRohWSg|SbUpu~Cl^KqG&IFCuub!rt>e5cSeSZj(gWMe*lav0 z4_D1&C|A@~-qGLB+0%b^J0rr7TzoowJXG53GTr9oj(t4JK6V?gu=bYPKpGNvF1BBm z_;I$bW87nprjVP#&eYI+VGQ55)R%#Hq_V^{-fYN!fV*Aawmi`}>r$DLQl7Nkv(28* z#j>Qx`&Y?Y88w43<RF0+5LUrtWLCJm6>M;FsA1(- ztwUzglR1-<@I}xM7L_=<(qLQ}2GINaa?r3;cv1C|r zHO+E1Od(46~^;^xlO`9uD`BagDRCTIKSxEa($Vp z&5z2`aL&9#$@cGg0;1%_!ysW$)bntlk@Uv`O|-ZgL}!}$m_8T${#T>cfiuZ z1)T0BwyjS`cgMJH!^9$Qe!igSt)Z(D@vlR^?n^rl_|OVRRC;sdo zuJcXJ^NspU6MU=FKy0lvrFQAVdeZwc3{Y-jh)Q#^cl*nk}c~v#){<6$! zg9BaIqEX5u-x^DGqr897+u;hm$ug`LdjHN`ly>_IW;VuT?Mq zT*(djcDi6-n~Qow+E@1`g>P~|FR`R6OQs-`lPHum`H;tsPHQw-zecrQbIn=FetNvO5x-`#v@{@55EMms%(EjH(scI>~D4&zD)CyY^^{66-Pk z3iCpx)9f@*X40p@gGw|+PZY>^yD!MeZ-Ve1Ltg@@D{sYjQElMa+4=5wbb+Pq8pCIm zgSwcjY0cs=fxs=xsMDM!Hv^pcRe%t5j_|hou6nXH=nhw;d-d+xo^O|Wr#`HX>rV0b z-j$YmwXbjL)MR2cQ!z<;=mIaMFA9XEk8=>7z1H?D{9KG?N!Bou&wCLke*w%z-01#e z?_Jw?I4&poxPE8v1w%6vVjWPnwrII+jl%_^foh7V9*M92Azmh!v10EU(Glkjr4g8j ze|l>F0_x+hROgbLM20-={e_|lZnLIGI*}klMh+SV@gvksCAztL6S$?e$EWQHS;{40 z_pOp~JSI_K)!H*R5s#RVs>7L6%g0$9qAOLlVy6$W29A1s$n!XpzkagmG1KP_A|L zd$_X-rCva9{AvlJO1gjkmXk#@Rx@~((Gbbp&SP)N5Xxv$Z8~Ubb4e|+G7UEV5(&3Fn$7rt} zgPs^|r~d*N9wbG0ElSuAXgAcW1ntj+O{1C<@IqS$HJ+LGM1p|5PEkZU>&-gkGJSG= zKEA^%N|~OAGn1oRLJqgz{OM-kwJ?!|#jCr*lfyp$6u7!u95ND~xamCL9F6?Twu~?r zD1fJtpY`s-r=g&-YJ}Ub=|Xzcfj7*Wdw2x*%h-MI*`3R}nx9YneTAaCJ$2WfLxlPG z^$j9_ty+JatlSFH9Jew_r^+QQ+sqWMUPOwh=8PDl>?hFAJHtk^JLuoJ)pV`xH4W-PV_x642_l%ye}?|nQ-U!!|ZOAo+^aIWr#V{#h0~;*5K?8-<1B+ z!u||C?7Ce(2al#-^%lTh=rmmJ(jTPKQ<*eIJkQgb`LX&DB)#nCE6DQGtD$i#(oA&;Ig?Bcl)XV=Hx1&P)ii1AgwdE8a zjT>|OkIeWvPbw}D$QR6Mv#!e0mNLk$eGR6o#9*!81A5LPH(?{YZS~oCWIDCAV3}%> z&%ESm9jwQeOIxzbOhioP6S5V0H5b!7;l0hcZ%d9G-iszN1S$b7J1w4JIKlpMODtPk z1nv-W3Dcef$^)lg^KI!Dr?-`JpHpna@AvSuir5_PBizwyi@yAHr5#VwY(j7Ovbp_~ z3j_0=v`A4UqxJc?@T&B*~*g_YmBa?BDU_X zd(RDSF76_(&|67_`5r3?z5g=+M<5L5zIS4ccUHX zdwRU;o)~@4PHO+dZdi~Mp6%m$9WR(=t){tKIkO;Fft;bWPpc`jOK66-0nJ^~NR+I4 zU0X<7%etx^bf>A^_?J}{<7!WO&+XrXkhANVWP!m8!=d-9qziD~Y4ulHow@4g%u8{&7y_MNEKt9SR!<{oom%>! zVmNP|HYFoW+niQ4D0nF7G;2s+-YkLGeC4uqZ9kn8g9cr-YUM%3j(JkLRb(z0+=%vx zH)~dj91kt^N|bTAx^ixp&=Z%AH!V@R_+5@IxG9}iQ?fZo%-_|$+G$yWmFtD`EaGf! zm%w*st(NXwx+bYFM&<+ODQjw5&)!y@{a}P1%&m$r=uIhl`7E^+b6ZU4Z;GIOQF$pH z`94?TM&Rsob7L6CZL9M}v%>u<@>E>f?CB{SEb*?z-;IJ&q*^64d`ee5Q{uKPh>qeI zIY_yd3?0}z(3y6e4mz0iVh*tk%L@g(`(wsiG_^gcgi0e4YpC>ES2tWl7NcE6Ih%sr zyY*_>eg0TA!QE$-R6PVzd`JV;vfJX+SD46j7b)aqOeXV;-`e7OTvC^4b<@3jQpTvS zye-tY$kTRst3lxBcl&Pe04B|#MDN8I%t==fgN)H*LQeg)a=WQ9R7%};7b`|@?5}k= ziEbN^9R6^_()?JYi`Uubf^cPq#=Ux(>n)xB*UrL!m(`E6f5c6C?~ zBj?u2`-$>95Z2PBn4`c4ts5^2BgD0L*cT7v9r$r~F!5gT_%=~P)pV7hJfHtVqF!QJyPLSAQ?xq$_pZro_`E&hdYnj1!K)8DN+B-)_etyPm_v{Ycic6o?*EG zlk@Vv5e7~*#9eahNe&M4wGE6&>TVpY79X?EtQ+5Fr$&M#+86(Mu>WN=_`6RNUL6_b z()WHdGwN}{6>|pEJLdGMKz&0-LVT~oYSr6Cd%s`ywJ+ldKi;K>foFk4tp-ZGX7WAfL zU9&&eS&8PLlep-d#J5+t_PwL@J*fDi5~+^s{^MOM_qO4&JwLPKTvQ>3%)ZBtc829Q zp?i3+_cIrTrBRE3o4NE44JZ3G(YNO?n{ar`o#MB^`eVb-<*c-4@LfWcb?!CXH%?dx88TM>N_+m`Je~KncD2$UrNeHNY zn?7&unr+G7arg0obD*< zATCL^UGj-ku?orZsGlNmku(Z+cJDdv54-5v^%uf<~7jo%H0-kR#3vEL#c=cn@l6%k5-2vYJrB5kb!C11kimM~4wxQPPx2BObL5%}wJU zI?H}pK5ieqKaw5mtuxI&z^uZxS24sy;+*7=*U*Tdvm;HeUL*)Galw zEogbwH;P~Rg4|m!aDaG-wUtkMm!PqownjfXBbI@J}>7D(1@h`mm2${ozya(_{_YA=L_wB2eH z7o?5)IiJKckGU2bO7S-~&9y^nqRUgdi@$%J9JR2?|ASiYd&Qh%U%q$y2vK3=!VQ4WH5Dc4;)HK zRsb}aH<<>XqAM&-7x!U7H|}D+*cg|Tqffl2*}S~X4(nVs_^;~^T!t=^mQNiF?aRep z?t(W&4DS8%isdr})~7Xs?ryq;S?lx7y{AUXX@31V8x};9a8~9g#@lW7?N9b;c7K@eqETuIE6>R* zB)+-p$vpi<#9#hF?`YAU4tU|WNk2xpIy_y0{G?RtB!&q_B~=CEwQ^hW3#Z>!q-}2r zJr+Y^X@+5Y`L?+Nd|L!>#W?}WD*Z807LPGeu< zD$kaK@&V%&osg@9J7R=!CZZoU6L!J9EFH!mYoYdx(r#!hJ$ajpG@sd99Qi8D536*& z;H)`TpTX7T%kbWOt%j|9e#&R{ugI@)a9U-J9o zJhm}q!c*wPH$FeQ?79BT`U|LJYqPvoeNe(FWhA)VjoLmY;&Er{yKR=)z9r-_>kdPE zVTvrCan4sHY(MCrJcG}K8;r(tWNGPk`tQ1?wFeCW-jO>k4Z6*VAN1+-dqs}9ijY3R zwJA?3IN`z7BVQ(XFK~9{#UPKP7cF=$OGRVQA~!ku^nF&P+5RFHZiPTjdFy4sy;{l%Z@V`+-y=Fd5t82c z2{HP=U(V+&!0|pkI96@7z1P2r^HwK;JGO<@rFNhBIo~U|wpU2JY*J;B*)K)9wBIcw zy!8NVXv*U~t7@KEMd4S!il*0=7VvynlMwKDO_M~h#>okzvTH{ z$r-wkaV&WM%Oxj(5+rC@6UpBk+u?udYVzY0KM1G zUASHJQAR%=s`ymJrF(t6vHjTnbjEetSSr*EGC7 zX}ML)V8tRLb6v3XqBeZ7^PMEDP5)ZCX#q<{a6-*L9k`w+v42>;Gv9K=OADMa zaQj8}<4(`~5c{w~miF!f#T!1WO#6eN1Z(QU?ave);K4Cp=wzZeaKx{*qB5!KS6O8! zM-BOCre8%;YIhRKE?INk8BL2dgEjTW#j7Y9JD13g`J!XwELxDA9bTwF_#6jkf|ICF znj_cFv29PcfpmpxDw-XCFg6#46c5|_qA4`Gb;Djmk|r-`BLrX@B&uDG?txVE>PmZ z{?&@8p}ok)wqI@5V$;oSviG8UnX;}Q?euVuZ(N+*I&G8cJuFDhby|=AezRw_RG3ycfNhvug4gQ=W4DM4*kwHF~)up zUl*|tS+*Q^-^M9`L+_iH&Y0Ip-FF(Bj3-{?>`kqoW^|%epC<$ZHY#K06PZ z$nc4BTL==6$feHgr!{M^*2d8uAXcg8JG?x;9;#2T+DuMYYrp(hHcc+o!OR>=#hVd) zf_FSaz@Ei~$CeB-rxaw#L45U$-J;F{zN1d=C3oUIR%gO#t+O8Xy(?>w7E3+w?=i}G zP28~FmPxmCKUcE0CRDxOjAyvNFi|1d@(Q>Tu&d$MVe{xfsFe$2rB^-*kI4ggp;Yd| zLrtVe9Kd%LGl19b`Ay|lyn3yL_%G`P+P;%x%IngY;3(;QW%e~)>7JyLOtN{1?_t)g_aQy`Xs;(`&NK9#@lM$xcIxLp$N zWZxGNL)sKdEVk_ja;}WjsoX8M^ z=f63mWYyRfsG{jL?NT&%5_oA8e~=1j2zwN`p3Fh(VZOX1%tws|MK2gcxcM4K&Qu9J zCFB(AglThOFc6yu1-N$@IoJGx#@tgIupfOVL@swT;))um)q6S8BKWclhv8*prxC^E z%eY1|MJbZNPNQ!hSklyxalHK|{U%%~^6yOK7lP^pQi9mf0z2o72-0yMXarJF3cCKe z&>`#p|D=)8vk%;nr7*byN)$|n;7%huE@rnRLIyHyw7^;s|GS;^ z=>JE26o#H7TpSuyQ?5qXY!i= z0QU1KJ?lS=cRs}vgWqs`>HwU*9>DwyUA)&pFzGBq)(FrQ z)$sl&J7STA7yoFVv89OlFc^#!&5Ld`b0D@Q)Nuzk{gP34~^oM_5_CFrcO5&#kRbe2L1jt?D zkum&#f5;UZdT6=zMtCoexlHF}KvjhxP2u0_H^JBpbtyps1P`@W^w3fB{^%&Z zje$y!YzQF2iaNxbuhJ};63|+8nzS1r@$F^8K&fO|G(mwMvNFM~8_@pfEOng9BJvB= z?-}KAU*NNVd?gYi)XDrG3<`#8$&4OPpUO93sBnQ`ebi=%qbA{%QJuaKi90v^4DM}K z=tWPPlej~0Y}NSeO`sCT)2v4crvzV(;)P=7Jx+w+?*&803|jUegDdL}9G5!K#n|p` zA_tyTr{w2dHgxW#12%iyUt!5e%w#;_2bK7nuFK7zGv!4OsHv_##TzP|Gnaf6TNz~P zyPY$COrPnqMYzVmq0X zCK-5TyUbF`bN^DLbk^LC3d#h7A`l8~I4vw2cBPG;nu727|gtgBe`1?qH;cI2jTkhP1L zkfaX(A^pUYf_prJX3pvmZHg{U{h&)hRV8k*{a|~Os_UdQ(x#3EjTop?hCk-eBRf() z1v@|TCeL;X$GGSL2^Fw>ihh7^k_tGWrB-J)bDB_uD;1T{@j23*^p~X0Z>-TUaW2Ou$jt) z((-!OVp1ql(uo+HaQZ%e&Eu6eEG76OCkWX#k=G_If^(ZfvCs8xBBo(JyXUt9uL6vP z3R8X#4+(I%dz<(c2LjCnxg1C*D$Q0pNReQV-&TmGuF$Lxpuhi&DFycWsmc4ojo0cP zS(L8n3IP@bma3p7;`a~TuQ=@(^(oue61y3%R--R5Ja)`JHU;-_aU!zmp#Fx}JI(We z^5_a`(3{9kXF9m{fhiNSmDuY}z++rP&Rk|LTj`1@uy&1A6*~X7ZzED6tDeSo`Nr{d zNQ#%ZK$132CeE8D6d^dC%bSiF*jv66S9+o*(!tylTZ4oa-Fa@v-pAyebgCK{G<*^= zlUetnScG7^jQuNg_6xaH=?DnRM7;#rpR$e~-QvH>;=m>&QDTknMBhc6PLuGhiygy} z-?b**UlKgf2tsCp$}kDgXu_8h8%lENnFO#bGzfMkL-|LaZ|mq<}q1vYZsyhf@9 z7m7I)imsxBhJ;{p{mC4EsW5UOdo0E#nt2sQ3Tyhr|} zDWAN666-o3LhKi}_a`0)d#oq#pvX$Wb~llG5WVi{IGi|Yd;Sl-W@sfJ%joFL313E) zYZuG>?IMU*d5fG3bkRAvlORrBbG8SN5LZKqluf2UuS-;1@OzSJ-+q(#QuVvRc&L)% zi}*}r(**CR2NG|l>vyWq2tLVsGU6E9*q=LMDF(cyc(CrTll0)EZ(FrWfbTRVeb{RA zg2U)GO`mtdXh1 zGI9BSNGDYlrVzZY_9b})JHIAO+D^rFQW7asfX%BXbrT|1l_^RL)jIt@(L>KmUdCCL zRUV$3rjHC;3~|3qOVq&+{d;2z)SyzPkB^j2 zk=BD^lN&{pV1QRWHv%gqd4cJQG==!8!T3&T6dY#$c-Lx^;$fPRZ%_^K5B*H3|#iK+&c?iC)=xrDRD7_=~wYN zZ$odA)!)OxzxQuxy-)QMQ}-IGGz3Km9fQ;S&#pYXGMw$*=)FTQ(SN8so{PGk3|;j1 zjKA#?{Vxae)zBv~lwZCn@~G7a-x)O>_OF(USg0jDO|Xp5bEI)czNr0lD1T{ zJY-zpe|viCS#nXyUTv?W&$yi~>B%^r`N~lZE-({P*y04%%^Zg6!c5XQFI>ufK8tLB z)!U6leYe;Umo(a{l5nqYj_D3AkMeQI$`JR~d};PWh5Y9#;0rcmkHdg=+p(Kg$G49a zj;y$0N{q+_hFC&MJ5G81ZYygl_Q3-EU$4wmDxh#pp#eU6(~*kHs>J%&jNJZJyndhm zlIQN}e2OYvx?+H8R!%y+3fzH8wt{n7Wq-pO*vW@97X#8yu|-Xr9Vg7;qK*?o`z#lB zsyCk`q3=JWn@BNI|9ok7uLCgTip}8W_^Q&VlFl;TbPxOFeznuOZZpL)1goVKY_aj0 z)vdL@EVe4zBWk7)ti$fek;UmO>a6o zs22-uy3keCEk)QP5F;xqIi{n>)f}gS8PLnc*7}PUaqMsDWlf!S>6gelGc1*$!uW z=Y^4kG%?SsVjr?Cz`Cb8=*2SZ1N8|!*7q?CyfaXCMRlFci&&1a)?aqVLB#pTu6Q0y z!k%EOuc@C1gGiZ?*tWVuqWyu}o@Eff9<04#e%D#$yaoy#3;uDCa65LU?=h+c;M(c4 z`}*D9CW0&rs_PWhV`K9zi^BfwoFi5Vsd-@^Xc%HYPJIVf%M>I=B>=1W4ZECbseOd< zaV4b{$&oDQ@4 zz=Ot`t=RK^r%V~L>-gMwD!Wy5B|%0t&dOD{@S9zT?d0WJx~M9WCZ z#_u@w+xxgLI@O0p7-{~LRfd;1b1yXP)-`;e&t$M&1W5;_ z!bLUmkFpx9_5H)4wi83{y$y^GtkkbsQHH(-KvS&X$8H3S%wuVTPcRr|{f4PWfeAFH z(qKkVv=_KP?qfhY#2VkQ=l6kr4atmk7ua`{3#eczz?};v8@d~c_ffv42KQ*r9cmx= zs|81pt6y(l_OU4jJDA+8zs`X0Fw%$`Uqb{kN~9XXsuUE`yEB+MuL?M` z9`59EP*0;x$K8s=f5q?^rWUw!z7{nYxwal_HyAf@iAVTgmjPm+qh3NSraeIii{-v= zW@j~gEt?A3D#LHprBk#z6Tk#{-I&* zR)>;cpn5B~2?RH4Dv0QW_uk#c#|c^GyMIEtJSAWYi~yU=dDFcR0(maJBY7(XTHpo( zgcmb~M_c6kS-TTk--rtiZxjC{?Z6UbcoQL%IGFjffP4d8l-EFvwR*&}SlhzV`LXUO z)&OOQhG%R4i1AUR4lXl!M6I~{WA_=06b;F3_7jl-L7DdoZq{-23=^t5fO6nE`yIwm z!Gj@e0xVeSHN3|`gD3e_ufKy>#<<#7_r+t4-#htq&@@!>?rjqffux+kU+jS=BvYxfkjx#gae9tAI}U zvfdA6`sSqsScc;kyv^ud$hBX-mpy*C1rmjdF8u7fR{m>9XgwaL!F zR~Z?H-W0oDZq~V*_%p;C#DaE-Qg?_D53*OGM2wxTPFbshp}R&RUyL`d_#M$vgtj%@ zjzJqQ&+qHWi=e#+MZ~gUlZ~81v`yh7l%<;ZdseFK-tg{CdbjxLO;y9R z_u*-E$lC{p@)I=N=i@oO`{2@aUMvIbz+9KRu^POLtviD0Br~r?#0gEo z@jxZ#b5`Y#-c^(B!e4d|evM6DE(nHz3bLrW=FvpMn++iAb3-yEWI#qI^N+MJ#!1?j z6UcF4XA@>}-HP#9BT+CB>9i(}P}B_-F}DE+J1(*w!_|$P$oBjT=i!qR* zX!w7;1Ed94r`CmF>F8o}<)$xws6nDiKgR6f9D&GOe3HvNoepsSQpn8U8A>iXtK6_T zxegG$6h&C!3Qor$FdCfTfi>%9>D@pA$pjtv66l7mq1}_lx1#UNv>!e0;g0lY^rU%r zE^(MI_SX->mM}KV_#hKe@H0z{A?+1OQius|F~HSXlG2lLNCn*WtSXsND9xaSz}#<1~N7X_`iMf5u3Xu5!>mPAiM z_~4v<_E%g^Uoourrw}x;rkKOj>ZY(#D8+M-o@Gy^JldZVPU?pK+gXiQe}}lI>D@K1 zkzlnr!9)~fPwk^b!cvHOLBr~#J{swr-#=)#iS7g{_oYJvlnHAoI7Ox_PS&$WzXx#K zUv89h_VkN{AKL86V>%N|?$oU3B0V>sXs71JMmzF&nof-o zX||HP49m}L!#Yv)$tC7DExyXU_n;8@=m#slKI#S3fhr5m1Vu*Zh|?g2H{ zZ_7H1F-yMG=;wp{~+ zAr}#_os7)G@tlVHVG4KPOs!g}rU(BIA@y9PisbixYolL}I$7XHrDd*(Fm$?w%gbx) zf)7dWZ!A@aJ$Yl0V9#Y3>82ZE>>sV8qw_GO!?wAT0~`x+$=RZ@F&Q5}`VByy+6hIT z9!l`&Q3vSJBOwgrspiPMbd-Pcz)$|kW9)n=1Tm9P0g&Z{`(KCB)v5|nbZ|a4IL1R2 zS?JY3-#7WN*l<@mL2$CcjRb;pm`evf_Zkte$iVh2C9gb&C0RNO!59c^?5@Z}?^jP0 zz>5v$@l+xQs}%uwt7#wh$W*Mf(+6Xd9t{xe}2hMs69@J~vH5*+ak!~jLUK}3p-u?8sc$(vDB3xFbP zGCQTOVNVfQzIq@fNKfDbJBPH18`1omWI`sJEv+d2O};=T58oP-{F@{LJ8w)i4*~vV z^)h`;?Z@WNfIwWv$3g>uJiz2z3^1}47>Z+jmu&pqfn=?~AwlxwKLpJ3*X9$CUH?iS z0CoJa40wc;4k^QfkPny2j{m0A*hGu+q>xx(lf6Pi7Ju1$vG_gP7>OlP^}l-jb3wuq z0OgzOEWzv~&*w1;OCcGLp6V49Vt&jilaELCDhY|>|E%$!`Y@RYw^D({e<1iZ9)d(B zoj#1LiZMM1sm#kcq&Pvyo{>5a`mdluUB3Zl%0d{=sKHPEhtNpj9{o>=9@zX>BV?hF z0zUV@)ud{cVQ(GdSkb8A2R+&L3z3jL7({zRj`@syeCNKYuDti}u+AlndB>eim*0g4O)w6XhrU zillK!-jf_7B045sI<%dP5YcT~k%P-`p}4(~&|a@6?#~O7=R`PJPqNViB>{(wSHxg> zbjC!n!zj4fnzt*PMWEXYR41;GI(?ejRBu}3uu1kx=0G0D%!eO7^rnpWi7|GT%eaIF zE?8{^_NsmggjwqsPC3W_7B5Asf3BfW<*J?}vJQ$#O(=~Z=V`;7K>U%sCXeF^B1rXV z*z5p#3T-bAEAAq+!bWdmGRTrWziY(;V=tdW`D`=N7II7Uf<$`-EiD!&j|+xmNE^;l zEtQ|Iv)ND^Fp95YWn9ad`L1K1p_P$H8KWqB@mf6-Vs3%bybu}l3cj7gz&=4&eQMmg zBQwTr1-~=fsM7Qr<*gSU|G0Ydp2M_Yk-={gYut4L%XE?IYEb0M+({>xTE$ZxJf*OR zEl5+z6)?5v*c^crQaD_58r*os)ws*eAD)Rny$k*s3mVe-mHi4jZ45Nmz)zQ1`;cXv z(UxFry*Y6tP{g04T65T3>7%IpYNljW;bm6_N08ChnCl9L{f5m)P&(v`4P{fX22K}M zw$*p9!|_J55ablIA+0cL3r2dW987LOF;1=TJ*rA5WW|RgU8mJU-A08V%gF{hL@tk7 zJz-p5hB4o)EkQmuL+s7Z5)!Ar7;BElv_(Y_MiHdfsM|WvNqb-9A8|7{PS6G64ivwg z-5YYE#K*l|_0zA;F!E=!_akK2nbUU`bGX{t^W z(JvSmdX%H-iwAKookaDda@teU!b?ltBuEj~0l#4d!3iuFvZYB3j%v@{Nv`gS7@?SS z=)L0snyEf`xhpU`$oCUt&ixaiB5|N_bRinl`O|y$)M|(3>o1#Im}z>?sx@j0(q?MR z@Rf+tPd~=0$>!j-#6`D3$w-%z>Z~zUNdk;sxNgx3F{ijfMo*UU?U1bSfWm=rR5A-@ z-`hvNTuC&kN;bbzMXmg;?2U24q1}=e(5h{$yRKUc#|eTaJkR&+8e3dQHs;$z=|sb7 zO<#ung@%&pXz{JhDYwzD?Izmlh)e%&tFVSqio4SGTLwrP78d5=#-2}2G#dGZcKK?fT&jN=oSiml=@ z`W4|h!ZHeC3)>Brs2MU9hF$MAy<`W4w!H+YZMze0r?Gt*Qokp|HR854CPF1-@v&hI zKOCPhUUI*`$c!P6fokJq&>v4vOcS12l2Lk6tmBn~)!!YGDB;x)buqTsg02h)+<0ump`$J(2HU z6RxeEBdw{qk$V6+(67#Q@o{1ptMpf&z6>y;QrdPz0+4MMihEfyO=Pp!@|Leo<4s^S zABLJ*zvz~^H2`YzyG-M`5OdyP4Y8izO`(m`l%ZRw`{($u?bmV1VkgyQ@^faBV(*p` zxW}-^m>IB%c^A%Be}JOy&dYQC$VliiAorsgiMi{5jcAt|Dx8G~Z6)^SC|w>)r+7&+ zE3m3(;cj3mVFz~<;uas#qO&-e+@r&IiL{M=MGYgu! zJc(vj-s%|P(3|8cqAKJGD!1A&t4R~%c+59{#|y1J*jG-qBc(xb-FRcoGD$j`rwUXb zJ-}&Zo3~PhNn;;Yy(oDpuFcD9c;r*;$LxanuyVTw_dZ7HH`X$ZR$c|iH)!J$KXO9t zusxERim18S<{3xz^XX+sTaY=hV;6HR>wx(Q^^Omx9kdHSfk!6Bhm@HL=9TE_p2Rn& zq^3$k=%IOy!*zFtfa=LFKb$$!Oq9|wj2knO=+MzrcVD?$u8f1`!znKE)nd>iyaKmy z7e&Czn7CtmV9SQbfLVW9ZXSg+LL8ydG3{Qk>)1J4%M}w{{c+Y!(A4$Fb+_++FF5ar zlWNqw-Zz>R<Cb~2xBE=SvErtjIuzwLzNZItIy#IjK13rrePY-<49jz79TKv_A6IP8U9OO`teh?+DYbOT z1;+fVQoK~m{W3$7&`i=N7rIyj2z9_$U~S#_z?CAEXm}nR`bKPITJZ{0?%PB<{&aEj z8hqejwL)uZE#>D>f~!3!x^3mO4Z2!5G3GX>A1I|-gHaT0YZH(4t&Q~XqGq&}N(~k|Od}V)pE&>L_9)yf@%R?z`@`J^10Rggv-7Ok>O)dKt5t22j&?Dwrrt`+Tf zO`ok32NT)UI^cBbHG~{^uLVW+vf(c)`M|Pk;Hx-zrggvk971ILtZG_VvRN%rWZPzt zqwAL4E6z{jH|$gVfy_YT;+VJ$qqzJ#U=R}3{@097M1>1Sm*J83jZ%IMoHX;*u9Hm~ ztbVuK*A?yQqM@rUnVyDzXCnxOBo4j1zMWc1f!o&Gtc7b_Dhapa;Y$S_t%U@^MxD** zo8}_~Jr)(TujO23Q_m)mPxah;;3k)*SBQ940g-RPT{~2q@pJ52pqzp<=#ww)x_~yl zLq_WN*2}doo+4KG&zBfmXpej~j~&&TsdP6>?$fiy;fXKI)3#u4GI+s`59sXyBy-ny z7N^g)jiDR2$D7l>eVnRh4HXs!O^)Y3k8(rL4;N}(=9Ad?9_#pRe8?4j#g5N zaU8;IMpX~K@hEyl^3$$w!%Pa8n%#AG0#hN`rNe_(!I;E5ia$Tyc1@EHW#+(>raT%# z;pu-LNDSq2pv8?=?tL~xi3%8t0>2}3R$(3T+T)n~JN&j2EmQmMi@t_42jW6B8{5;h z3I)xgH8zu1(-wkDkX4+SnR2VfI<;UP`bc81vWD6#WoGRhwSBoV5y<|@-q-qk-)id_ z9n}w^N&XXvtHPw6naMKzQ2Tco37{ILjb4MW4v@a@$7_c&$7kEpISM_}KS#YB=|2(* zuT;|;r+15uGI*y(hUGE$)kW<0){{YBg_W>5cVs5O3U{ zA8M32^NsEFJ>?SQLl<%jz`1_**5EA((45`5O9@S*fD1wN9fQo=LN{qBh_luN6OE=QpJ(PfoNGXk^w4`(nC?!Y_(%lRlL)Y1( z@B4m#=bn4cz4voI_x^SL!(pCh@3mL&wbowqJZAPrb6u!Z$K?aP9+3-go1Lm_=v^s9 zylg3gY?*fP;Yav!$lkzckd7ByeCd!PYHQ3L@65U< zkYL*;v*KI}*(+2ac_@LPbhpmWSXWv!yyu|i<#z%vJ_GQ5nzSDhb1kI9=6OKXw*89Y%t2p#_?+QKL&(@@m^|f<&tJmI zr*G_RjjW0T>~3E@|1pnwlCgKOUD#o&)Lw3Q7{2?Ues4Vs5>n>J7EW~sQgP0mG>K0^ zfwFt!Tr!Vr@`+Yks`86Yft*ZJCrMW;hM&;J7(!yLCvPj+w-Ku|88GRX%CB3RjK6;+ zBR{8O2P61|x;X4gRXs%YwQRqSY`!+#Lx5ScJS7)%kaH&mbheYtX(&1m;E^kgiySY0 ztIqYWHt)mUHN9|H>W-h#j7Xcog#^&C@J}wT6@$GVB2Bz2woQ}{y>qT!kr~qPA6I^MxJCP9ZL@S+F@b-nMJY!}^ulNB{7q=%g;A%H zod1R0$u_HIiGGvQU|i8e)%IxVewzQ~g~!O&l=tD*RK3NBm{66&RGHPnTQ~n=gOjte zv_@V2?Lj21BGu9G&I7EoqfK|Eq@06?w0$=eF`b@m61cj3D4yw0@;~nPd_R4<@rx(- zO<}5=V@s6w!dv099sQm)bxuPDTp1cgOs4E_{Conaja$M&22W4BBFFBMBHYV!? zGEb+bFfO!a8Ey+rdVlmA+O56t{ng)LXo5T#;5CrZrp!5V(5DF|Q^YL&p&(;fV4o7m z?)vjfq7WJzfYFO-}Q-tQ*^S6u3^t_Hsnb9-nCE65( z%*oe{lT?x{%M}$k%6&^b`(He-R$57|t3lZ{tq;HmAOW7~lkPgXecqmgAGegwrupLv zN;mzQd<6*^lCRIdk*&A-Od}OG?kYb+&58Ooll)=2HPn5M;kKb^^5@Tj3}^Rx23<;6 zBSocLjh$Vn!~i*m=Cd$t|&-cKn!qgxM2&lZ@E{roQ-)AJ}b+yDAmCWnlRXKGjGvq*OBmpJfZq{HTCrJ-a0`{6Q367 zU&Nm_LJrf7yq`67obdk4&t8hWkd4pR{lQgH`M?>JRl#qk-BB`6ySIp)kIeg31~sP) z(1FfJQ1eX3?MpK89Qxou#P0H*+cpO&&RRh zwqD|OGx&wQgDI#LT1sTHmEV#~8+z2r5!aNgt6QG0o1?pLlz6Jz+tTqIp#Bz>vg{?) z-mBc#?=Melb>Qud*wzXDYDakROgb?7mGmv1L00c)B96L0d~1`Xn~pSLvI{qdg%#*O zM1r;NWcMa@LRaM8jP{gR)ktGH86r+MO}i}be5#&fNGFl#KCo|j@W8#CG3D2C_>{wd zd^r7Rbi@KS16Vn1YS|gFrF>Q!2eaIDQH}i2uH+wc9BJDj4Q{?~H}}SMUAQfD8pg{R zvLQLa6ESP56Yz-=aLOcoESdXpYeZZY6J;s6z?>jVLmAK@2NLroj0Cc)1KTV2Od^0|n zk+@~Ee`XVXh)5Z4-zJ99Cf-!Uq;PJtRjj+~thw^W)<#8McRbh5+x3gw)_8{`0K0TQ z;mwEo@sQz_qY=L^yQ_}fT`2m!+u#V{7ZjVbj&)`Ghej<-YT{#b)KR}khlJzZ=gN>L zp?lsdb__j3ys+wlM$^Ry{J0GH(KOk#dk4CMk*fH1nS6=T^!VSQbVey^qDRgj&(DXa zD_%^@GSX&CcRT|yv>;Ck@?8A<)^%WN>-iJ*i|PFCQF6&&>7F`9v6UcDKIgx3T+7mj z)vK#N1kK}xCJ^X@f^*h4=z%lY@v208~z^3+|>^EbV>-Kds zMm^Pkxyq7ClGl6kZ;Gp8DBe}{_kKrmB(zt^t4;l&s>iTYI@k1C^7ZcRtPj%j{P(A? zJsA2Z=DQlh_BbW_+{PJ0(fHgN^||n#4t1|^m7C7Pr%|Gvn5wfgf#?&90L8MpJ%cHd zjF-ke-h&r+D)iRC#A=Y`6C}4Dn}s-1l?C_d%{fY@TJR{4CR~qCi)I5{T3lhsMX(3j z$Z2Fx)Tyag01Oj$T)%e62VVDxQaxen{brc$qpN<{&#e8jdGNvPE8RPk{GDISDJ`gqd}T!rrbbpOK$g--F^;_i(&mp)N567*i)^bi91fd(3cRYhNXZG|6Xz54A=gO zAMl-5hGp5_u&sCvTz`(yX3?7wH?mvZqD1x-iat6}9xCfXD}haZ{pr^srAx~`wiG8-y^i7t<}u4%snrYW(B-UG-nN#?fzchYkqY!P z!`X$(C01oGGQ1KldTQ_VKrc1#azFYG9Y7?Cia#|Gy_7EV*E}kja(YqM()3xN(_a!t zZF)9q)s1$9@%ggQyxU~P2lJVj=AJKtmk)KEB?ueCW!`}Ml@Q~vNf}#x-AzUG6mt~d+UwX-MLln_$MGWcc2SyBzZkS(UE{gnk&w}r;m2&9j7xnH zL2fouW2?l|YBAJbgLt25UNXCwoYACwQdh!{_S0$M(05=dHqm0(l&(_7SN4)qhK%ja zF`yE=lS*Fu+OVda)jU4p=Hs#c9RC*K_6gsmzKocp5#>YE?#FT2x}7SW&nk96u;uR6 zHQF;>!Fjb_^T5(+Xk^4ox2D(Eij_?tF@5HC^c2cTvpk|TrBH2<67fO78cpWODEFS7 z-CST65cC|D(F`H94~`c~=6CvC>x{Jzh1ws!j*L@%Q+qKQB0b%=PM$O9A7$8(8Gbdw zbNZc=Zfjfjl$}Fxt;}`zvuKn-Qi+#E#Pb7OlZ;DsK8w}N$e+5#f}M9ya^x2$SlCB? zoZIp3%0udo&9iT>PqGR=Q<;(#m`h1imtD(>vAPr!s1N1NCUXfgeyUc+Z{jhFFbu^J zvMO`fl@OF_BRv%i{Hfb4)EQahOvzG=GRmsyTrcaIf;WVg2ryN9+F2`yD4NDyt_09eqJca? z17W7EWLx4hGls7*S@n{3>hCWXG5f9mA||E2GvT3fJ%CE7s|A`H3gfeiW^H`OP0pMU%{ zI)M&i=f4trV&NMd3A3?}YR`Zh_GqP2zNAj0D&Zg(Ky~38hpMG0D++$fP?b+MDxrV$ zh_NA>?Tnr?Mp7fAbdiK9B`Tb7gyzH4L~_ac@h}q7o$|2z4&^5YLRZAemYxyI(8yQr z-f}6;w2z;h2MILZXP00mQ&xxeaQ7S^ZdEp;yuT}sKXzW6*Snf{b((zRa7Ts~JG<3Y z#k7a7sw2to9`_lLjBCx-*KG}Wn6uFf>u;TncHYtM$gc2!|Gs!eX@ zQMjm*-O2%L#5^jeYZdJy*}mwzWA1fES$QwVkiZr3(kNPE{=&x(afF%A)J$=NOQ6*< z7DC=U|06Iz_z0UH>C)1RscE3ea4!bL3U}0E3md~yD3LjH{lE_m7$u&AC!-hkD<FJT&@^G~C3e-Weg@ z^z=h3blnGvx2cwDvD}Vt<9bjuFsrkhsTFqGTYc=iU6^*Bf{J&71TgjmMFy$_3POvn zQ9a=BW?}KQF3!neL>ui8F`3c1Si*2UBu!Pzgp{gOPO3ZJu1 zarq94J?4!E{(=x3F;*e^pscTXSbqAstT@iG&aGsvWa!K9)zgg`gr z#IprBnWtL1ty4m@x;1ajku(JQ;jEkus8kCT}Ocxnlg_jb!X!sVvr+1!zEbyh^ zMO#+?!P9%7frFRq5eKut!|Gr`kJXq$a%-oqHs2Yh?sa;ku&;}s73^wUWrz7y)@Q~nc3yL8 zY~bDY`gFYfYQMSg;jPHH6_T5>d*5neVOM{{Q9v?ok#l@Zu7_)1(+B_Cs}bFr!65S<+LS!%>$sRXBx`yaX!+fi+JsJ z*CKoAv*wgTq#o_Z0ttZCvxct2#H;h4^Gc5xdx>E@y*^!MM)aA@P_8#Tsk=o_-bY;V zele8WV#Pb18i|&0RWZA0HhMALITRu)>lpPi`!)}MJiD=P&0hQ$z_!~yJ*brPWid#% zC^_33u4h&U*gT3bSuGQ9l@E7_%1I>WuGI}SUVk4S<%Zxnebe&gy!|zg#_4Jc6ea{U zkR!}?JDs)DcPDU;QS4lcEYa;Jw<1_1b<*14X-rhdgsB-6rME*zLMPnrY2?X8@m$_! zYAt08P068`g9r~~n7)esi6kXZPj$*jq*RO&{AOG(l&l!vg>)QMPrV>bswvW!Z~`jQ zo0Wn}(VBXLDevqt^Y{w!;@BT0#x3^PIyuHw(ucQIDA_K5bmQW#&_ToFQs{jWr1lkL zQ4$i%lMyhHcytZ&YZ~NKBE$@(21i;2@2!S(#A*wRghYejg$*WGl*e31oop3y%ZBxn`WEr ziIHU*)+sUP<>&DY%le|qe!DYP?fjiNm(moUYC%?rWi|8W*5!J@y6g>t(devUsQih4 z^U>TVwrWosYyeeCnYjG6wF5}3Qc+HOCguh-R2BJ)(6PBNYsiyqv(q>M{CAc-BkqQ-uYWL@ZUqtlNHW+TKi__YXs zKkB)G4;+nN&7+tFS*#lOImxHz`nj+%5u7N*w!r+n%l30x`a6P;&Eos#j&$kSlH}Ci zGBNUZnkv5E{ba6E1Rl+mP=36^DeCF+*T@IwDQ2qpT>7h=^)vX%+`0ClXc0>n;kHKA zM3;#ENAu2 zF>rnTag~?MNtr9FGLgWbdK47Hy{ug>fYj#iymh|puXdwtK&gDC;0ct8;5k%xEujYr z`pCF;zRZZ9Jc-bWF3kGgZ|kQZi+985#*@kPihzLV?r)Ef;@TRI6k`{|_{p1?7{R<$ z-uUR$x6$(AVn}*Rsd+W%M;@k5hS&D8pHz185@TE|=#owGbZmv&Mf&5s9hVB05r@YY`eyc zl!}cue}U*^0h(4apHmcdKNQPO7B+BNCJ^IVO9FsyvN8HLR= zn2EMSb3Pu56jo!+W=Xay>KtO;q!)S)l~eH+ni{whH8Ca>8xZ}b8QNlgo14@JWe%h#iW$*43w|>Z zda^BCVa7f6FXlNYF?#alLDe@uM-7wpkj095I&{n5?OSu)TF`5pgtMWtgj6`_L1jG5 z5?g(`fsG_2{OIq_Lsjn#KgGZ zQP{n3nC|K+Wg%LbAFJG3von6tDgIQWY<3llRtYrv$Q8v!;eB`VPC$7SN$^e3&USa| z`2g&`hM&btv{}ef(F-g}KdzK<3QlGyV5DL}U&DAXrss_LZqMZFp3s|SblYN^5bxN- zDBSkPQAOXx!OV z?t5_CHgqQPG#l++trnR;W>c-HI{!BDA;tEhFyv zR~W5iIjQJrMccykD_+oRwbvjX>dz|`d?7TvF@))gE5gSe;b7RJ( zV^oj0uHDvs`u^$%=dox8Z)0TMAQJP*D~N@(iAhV;bwB=;$xPDoa#GKl8?#<~!rM3g z?z#niwtw1h|0jQdUR<md3Yx?R|xi9BX zqTNROTWdm$+w{MB?-WL30d^<2X+E=|Ap5p%Dy^u;GEj89;*G-$jdA1g7IpU^-)hmd%Lt1fMtW7{f^{A$sb6=c(Uc0<$oq? zh%?jTb&UKOrHh?CHZcBYiTrdmA)Vh)F&@V*WBm93UOkAx`gYSX|Js||7}Bp)2|!CS zy5$tKCj%~_J2lbG$)MvFRLs!r%IJIG#{cx*|I710|MdTTT>cB5|NHYmTlW7I?f<9i z{g3nhSGfG=-v9nQpx?jc_aB)5qx}AJ??3DPALb>*EMVNfrdWA}^<+}-2A-L{sf(+# znUNj(F9&05JT5M}$8_jFgoW`q!KtVj9jBI(v9+0rD;}q+o3ZQfD^NQl3o|@UO)FDZ zOS&gd`1$ZSpPN}(Sh~{j@jk`ld}ih9qHN|Y;b7IsWC8$6 znz>tGdxjIyuXq59N(D2Nw_D~eB)){b@A3$f%pFs4`Vnv=uQ=2ec79udZ(>0I4=P! zBha|{-I&A+wZ{RtA@A?1J$@NyDl9Uzkl&Vfv(xky85(k1 z`|s`Q|Nr*?gad6Eaz_RCq+Z-(WR)tx!;s2Q?JE#ueV_42miIkz82AML2d07#l>l+2 zrp!n0GfWFy$5e;qp!>>T+I0~yRjQvDg$9w`F0RDR4CVx;en~=4P0t16!MER^33Xq< zx0|rQ)HO^xR*`qVFM_W$7=fvNI2fH$ZrA8mucgln1m$sHTo=J$AREfA!?=yY_@Jjo zh5@@RPW1N}q{p92VCE^c$h$SnzxuKMa(^`g_1XVxU|7FQQr%|9b%bf8_KJqi&;6LTE;XzDG#ON!Z-`=j&4n zHJR|D=)B8T4<784`uEjDg8WL63TbgAJ1jI}Ki!mz zurt8z-*m(*rRxYu0;m|y2r~X(U>!NP7pvlx!|woCBQ^qU+c=KaI6bxawG7W2L*ooO znd!l$+>06X{gRAiL)eM5azY0ko$05X?B%&}A%EuZIK&Z(0%oYNFS;tjd+zY1d7k85 zT)8z};|0@mXP(5pJ?E2CPy_7za3FrrRvqDcG`QXT)M+^IWtiP7h0i(*J@h%&;ej;m z2sPXCU%ywr#zrtdHp8HQ~@eA%HMpTs4C@F zE6~>QkaKooc%dKjGkqL`vgk#Bix!3R09#Q#BU&+~HgSf&zo_61TC2Hs2vBm9mj+yU z9CxGO+h-u}nD76YWIgupBqzdrg0Gd*e}MHM>U7bPtfW>uVrv(7)3`Az&Syks6aI&3 zOTNW@b-Gdb`Jqvi0JDECf68{NW*`IFoWX`OWMajQW~sOvxmx^Ex}ei5wB*oG zYapxSa+GqJ+Mg0R(VQ|84 z$bZWtaE+zK#7Zg1+DXag7X`M6iIs^JdwxaVfwl)ep!=aBE!oTln@ zOPta6TiMg-9|RifdCRF6*KEbDJ2W}0e*Mv|;H?Yf5|$mFJ;28E0yxGOIyghkehyFf z7fL>HR=Q4}ZF_XaN}c)2Le@RwJ#98>`vQ25@39s)$R5EDn~s03JHtpbvUD@kE!a}3 zqdnUZpUgg{4GyA}Op1`GD3Mx8vB5{}dv3eF$YMn6QPU}f4awp?z5ZHL6$c6}Xm$H1 zZ20pojiQqJO#?tDR~*MNRM-SrW*axQcJuvQa_YJy+7=bv%_8r<^E4VmZRa~0X@xQF6mHjHON>s3acL_ay}g+yLU*PQ+q1G#X5yv(V@JBBe7!0#=g#_ zHm+!1bP6~3V2A=6E=wavwt{A2Gu39O_f%1aV6FuTKU%i?7YXxGd7%!}x@zLv#dF{V z9@U&p=Fd0i#c%moTvoriP*LhpCg65uRZ zrxpC6wnxFuf3P;)^>J_%X3kHqKBGBnZ`{P^XgVFLUg5Uvr#t+vyX{-^)#2$7-S;$U zWK}x_4m_P|U_Gmbh~Mo{7zn&zwA6JstraczKVU8Y1#4!hFKqMmy4jkL3nh;|)mfEc z!c$gHp9yM@a9_vuO?Q@!GkLcSp3YoXT@$;&X_G$ru(Mb6(vgFJ2k)un;(wxffJw6% zYC2W)Q0#9Wd>lBL{zdHler>&B|BUFp??gf6_H9wWDZ8U~QG*f#cxg$a_Um|L;-YF@ zQ7JF{s;gY|{aIK`nx_G<6Bc(ieI3YdST;U_9}P8%{~yk_^$Q-fQAm-X1lX`=p5znMEljR<@6$E;AwWk!NAiGsl1Z4fH)4=)PA4XOUYq zTItni(Mn&JqJ_s=8s=l~eEtB{NtThe<*_qYDrODziEqV6|Mhz5@%p2IVXdU;t3v$K zAC2xvv$($%Abu51ye$8C{HlOR!8hRaLMf8B+4Ezy2t~>?H@xkuPbo^pe0O$N=0$(a zCT+7cccJ9>m;tbbY5#MS$GnD#P~FiNv_ld$=u83fDSn;li%cCX$4f@<2wUH)JT;6H z4?6t=P0TmE74@vWD-WrS)4mSm=-%5QzzKR3?ep^s&v4;Ulg;r0+Ffkm10f0)}L#tB!#XzI$Kk{Z!ze~1C(73cUdZY&g(K_IK`(j>nd=+<4es6%nW#FuO`>Xlm zad|dP1ON3lO+D{rulOzR9V6;tJ)y0^p(5R*(}`^$dl3soSrkKRsVi^fp;^V2#*^f~ zk$&EYBR7W$uMt|YZyc%$>BA+=7sm+m)p7kSy>rA7K~m!`rw@Eha0fgIWObjj#^t#KrH7Nt_4m!G;NonLMNt{q-wz5d7oI z&?;c>B>Zt4Q)qiP^Vcc)mtHj+pxWWN7+sfG>jL}!IkHrzh1rINM90rs&65%iBSnM>zef!R+ zeLV9akm9zf+V!hiySibmTX28NwpdLsbA%0$sAi`LGDV|t$d)@r3&D$aQ|>=YY_XokYSnF5`cHZ{UR=r`Vro=d z1AGaEf7uOIwgDP z2MW)34bw-w;0NVm-^HQ_VBH)ADEwKkSA=(LSzt6X^T! z6iclOOe0_rgtM2E9&I9kIx>Ua`Czz1t18opW%!%5i=eW>E$>!)qmwvROTbMtz|9LZ zH_6k6Sr7i1oG(11%RshD?I*uI>QO&x92$OKWb2DliMa|#<6d12QN2wcd@4`JhV5nl zgm0v;Np=5MBMCGsx=UTZ{C2qugRuXwB35GEIAL^uIk_ZWyGklNvf82NBByPS-NbM@ zT|B7M!RKXEEUL%C?_9mI>M^Xjq9(Ed!D2U^cvS=y)iJsBzJec$@o&-70#0Pq zS*n33!X2PAKG67IKur>RGj%8E1J44O)hB+H_uakD?(2)m+{T0HUz zXuVojo!Tk|l>^X%w=zNQ@uO{}Smx~MZ+DN5Eft-VqQo`}_ZOx&eIteSgEsYeSKDhg zZQ)aj_DRJ&%ehDXR?EQ`9JOU~)dW#tE%kQFc|N=K;w&9UXU$5V;2_$qc zx}z5-iibH4i;8RZSjx%R3ctG>cwd#H?ZBSpzDbzxfdX1Hbq+5N)<+C;RpYbFdfWu7 zbbZ5@bgJ@otL+g)l-$i9`xIGz;V@UBx9eY8b;;;JD1K?6QTQK@vgkcg+Q2=%sPULs zU-TdHwDG2Oe11NxDA@Aa3q(g05{C z?8!d?GGo7kJK-WtniW(bW-f@Cdyhz0T2qnR>{<=b=qB#398=b{J?;f1caC;(W_;q& z0v7eYT9#wKh|G+j6fuH5@rla-5xc=sSa#P28awUOVb;jMjiUJd!TPq@59(e;9Rq5v zr4~(dDaON^J7=ExcRljHY{>=si^2v|?ACvUuxq9a^Igd0v-$SI`KxXO+NFN|Avy%p zYS5|3nO_N$IVGjvp>`94KV?;BuoYH3BOs}#4QW@MdR9SCST;8tB#3KXb6 z0OEBkLMO0Ejv>*@l#E5C8EEnTM*WF~>p|W`jvNT5CgtSGnGP4dqLk)2^1eYukwK}$ zS^}!Q*U0(hBP`qHQolSC{%6JpjVtzI7J4)1Lo_zkYyt-`}w=6B{DD!lQf zSz#mbWFS7;z?<_?Nuvnlf-AQ-l}vO$>*LAG3Xc^s>nNrCbj=shK6s)% zh0PPDvErN#z=5K*(_KgD&!QhQ_u*a%qk}7xp)E&W!Anp36#YbcxcH_ww&%El!+n^@ zwii3e3~{TQ4%~%E*7Ahx-ta`>z-3Qcn2)*3@f@Pnao|86CRS})bySM$R>}4UdB7*d z3Rm>Dw5IwW)IWkzt~*p9H?Z*wsMM~`N}tqvLX^T%?%MkoY`U}kdT|u44!mc3aUN9k zOXG0=tH;0<7J{LLOKk+wfdT-1AX`J@!$^eSaV+-){F^oE*qzqi>;CaqPupO*XN z+y-DRaYeftpwjy@Aa_W-Bo}B%(S5o2L#R0b0t~r8~TLZ1BHP_tzm=0SB z^0C$(YM= zD^0kD7CEC7-N%b8j#+8QMMQNcgu(WiDNEx#g4K?wB==tQQgKSuf8#3&9=fHr_q3~O z)IN9W#*B0IZ#C>Xnf`-=WYAhf%1G!mLYoX#vXu@)y+*F+^X|;HL{7ubQiufRN9Bs^ zE|I&)>8s5nG3Vna@F1+&MjTrAwn{!F*d`nmv<5Ofucd?P%l%Q}piP`6#!3~MD^*DC^J0M!5GvH;39Vv2{jzBQx$62OySsfy?oBM}{ayR%r!}gl z8@}Hj%w6$WPkMH@l9SUo10(Pl9r(dnHEQfcTVw!-$sCEg4MVO%CVG#N+pcQ}_N`7i zUcj=$?RiPy3f^QPMU(T_3+}K`YcKKFV6Gb7e#) z#@6n^{%`{K>e9aV5Kwx<)ZwEfU!q%b{S^58OY;4!Q>CtY{Wfp}%NO&HvBv$O(=K_S zRKh8rxKxE4vreu}Rns%qG?Ec_07=A{d9Z$S889bo2frdWAs*Xbk5032sNG|9Mb^aC zG=WC}K5QEM?5OK1UGP3lNk1%mCvA#%^pU-W4?@EJaSlN$xo`4I&@$LlX@YZ~TBwA~ z`%MSXRBQPB&jF=)n=xxp`Dh)2PCoEh+47bavmSR1sT6WYXGp6b6|NfHrpXw7OY4BR+Q{=#Ja57~tZN-CzOV;iJh-YP5zw zTBQc{ht{-4?){c@nRmV15x!<|e{eV3%%qV*g&XjDv%?%f8K>~4gndbL?@e0U(XVq} z@dUS;x^7-lp8M}SKh9J=OC=NWZwewJqSdoTnq`bhf~4LC{6rutXzhWA$XCm=aEb$g z?I_1H5Y18fbWMH75IP@F=bMa6OV?b0ie}$MH4kg4&8(_>Cb5Bf(QnHM5$AmDI%;Be z8wKiibPeZ@AfflQo-CM)i?=J)o98=dN06tQ_U;d5nz@s>pQe+=R4@At7LG;DxfC~C zYW$A9HQQ3R!zo{iJ+*hg#2FGFTlpr@B0~Y{C*D0T<{x-~V#@k(5v8c-!3UxFDxV$& z59yV4@M{)`9)$gqg2&9eT;sI!wF#GuZOIG?`<-*%f?`rp&#mlTiOiSybCEh#))yej zU8G;#)Ls_n9I_J)j7l5MQ!qc~k@O>64m1FDjG!?06CR1cr}pC$&@{)9ogXa_d0=`q zzf+}_D=Q%9kOKT1BG~u)2Own^nyY98NhIr|++?pU1rHJa{Y*|(cwfA^-zaeFN0Zy> zb{>-li=r2SP48Y}q%p06_pD9`(NYbqG{}Ke@=CFO`%c5+a(!^$`Edcax>Kk6NU-ii z(TeDIu}oGk9Po%5l2{w}s9Ijl$Q$0mww~fG&;157szq_r94CC~f9|ntuml+>^UhdL z>NiW8yxGY+g~VOu4%B z_@l9;v8iWvfd+m$nY`o%k0|2Q$X1u^L`cO;p0^`PXM`Zs@{Iy3>)CMzOg_!~oPA;V zFr{#Bp1M@mG%TVX;nk_#ZyiG;TCBS+l^_WSPLoWrEa3|1H5k9?p(zv1gXTo~0q8n(yYQTZYyXl^llk=VmM4X!~;@FXJ>vpa%$HF^Xq0!IJ@elZ|;ZhPews#0gp%)vj%B)xR29Xvq15 zhTzStrf-$ve~ELZX|4f-=w3X;OVP{Jgqk4JZ~4!kI3^WoXg%3YHRhY%-QLNiv@i3T z|J5^l0&J8Grdd66^_)q3d)S*c;(`rbYEm|qX$W#?WIa5wNOmzo4ZgfS-PrOe#6`v= zXnF@?_%25<*g{dmX6C`EV53o{vdZ1ogL5XT7HY;?GpFh@7tlKTHuVMFT<`6l=yYvD+KlrL)F@K#nO&ED_ zv_M!3N%hls>*jg>#bUUT1!0=}^JD@URdsjI$Kl6M+vu%KP-(A_BnzLu=qGj(8#jvI z3RUFP^L9Z1cVKBt6;@yZabzNZ5nD9WcbBm@|ERy5naOa#MHf#`pA~@wM#o;!j^nsv%`~wVbpS1Ka`F#;wJBiPrqg4oaR9^5kGo9@EH^(SzEexc;$G;RXpAWNS(b*sc zacxT^l3H{WY)K1<;Ut$v1D8#=mNXjY*3!A4A89c2;|}R0`#VQf-f6>pPgeCovcK~& zR>O*G0j{)Q-XrBda>3E~a4YaTX;<|v|9jpzn-4q)@o8;`Z95;EP{?WS%8b(|Sv)WY z1&sadIKpbG>U`6C-AaNB8_sY%p_a4N?536aKYI{k@|j5egdY@VQ~)l_GL$aZa4rT5 z{yun@sCJSBa>y^;QQZ#Z7Mm*S*7&c#9lnAUJ+jIRgd) zSf$vEE=y>s+KGasAIEUP4(~}ji%l*r?Bx7Vyq^^$&Z89TBPF!$iK9!(Kv)XLlt-eo zAF>MUr3dE%rD@=BOS7;nan8DQ<__hMZHBtL?nCYcoON{4CfsCWij|Y3I$9WHTAN5!27wP+8=-Hp_$dDO&rIfnHBB(Zu1FJovkG;!ARWSiaUV4PJyQ{YxYl~;A09GDY&n{;;&2{<4YvUc5c-o9UkXU z`)u+79|f1pird0Zu?Rs9pJ$%YnU)`tQB|LbL@)Iw9~_PAZfm2Kx(kl zC`-K}xqXBlQ(|oBXIa)&lCM10(Nb=o^U^idfQPwW#4+i)ao{wN++BmsdN;^mM{Hmo zg7!F;1<;^rn{9tmrk}G-PV0)26IQ@K0Lp&(*_YbvQ^NT80ytR!JIg2Da}xvQfuS zzMZDE7k(!^M=wr)zR*>9_+=}Tto~bDLI_vJ5A+V5CGN2365S#bcpSHuQUQd2oD2%V z*a1)QB0GtPX^B%?(#cF)S`Y3<;{}>ly8fKmB&ZBB zLIdv~tv0B=uaD*0sydD9mDT!Lt4duzz~Vr7Hu}xLYdw0@$!a5}mRp>&0rwe-$)R@T zb89+Tk?olM0gnni+D*uVAZ@>6b$39&OVfUk7a5(2>ul5?Dm{{zaNdsdWveVjwjvCu zO8A5Y0pa$5FUO@0mq}sEdl5ORsym=Qp=%4*cWlM4atG&)lB`v21o>(Ag%|}xC)_LDv2M(uW*7Pn znqVDOLR%F2A5&Zr`aN6H)I#kvHNCysljYg>QGw1VCYkILjfXNGFG{+36EB|)1o|w{ zt&&V=3A#tjzriZTy(H(Ly2IVzhztRt#ZKRrcexAtg9aKPK#Ka%5T#2=U){HPRH^&6M)z8lo zShuSBc-+L+hnnjiOpHkRR666}r9H)Zn_zMBkqn7TGV?Frc*!RyTwKwv=7tG!w6jH= zBb15e2fI#`=qmP7BD6$GOutrP0;DcU3sKXU-XJ{B>_bPu7Mxo5v8(A&jH3SK?A0Lz zuu{WJG2l56ktfYD+NG@TL?5q>?VJ!$^2#S0Q^N~Z?OG$&!m|e}`Zj2$Gbenm<1Ef5 zkYD;&SVC(J-lPB>yUe*U?dZ+KUXHnaitfP(G~n3M^#zA$Z<|DhvU{B3MHxlxBYoUe zMy}3uQ9Lr1EegC%R|5mkYWFS?qN37a!2zxyGW)tVjgp1~DDZxP{`U0?#ZG`=&&s^Wy4|Twb)j|?S|-`kCtj_$9zJEvD$NFBBkP-;JI-!&z)&s z*9QlSg_D|$oxPH1mI)-w`I0yV+aeZa*C7N2@Arp^LvGa>j8BdPcKRK2At@KSz;#&M zMH$C`!rlJM=r+1ZgGBUOWBU5ESEE+Rq1o~eLy^Po)^+>(qehw3RQ`o2lu{}j zfrJ;S!D;d?E19EvhYeSvB7SS(9_MG^*u3ennFeBM>S+^Sol67x4Y*)!VnB`pXt5Ef zLwkhCQrC@miq9`iDJ%BZZotzkWug;_gQjP7w+Lx%K{9J;7ruH=*0uh%rCaOj2{7xE z#n6)0>Eo9_^t~mU9^%1{M9)o8vqeXuRD4*E-&vK;j9>Q;8wk%2YO3VsA)bo=40cY~ zY9nRdBpGN!9i(;EMk#au9(7-_b>ml6N@S z%z_FS>3}9BB*p2_mp&EmXQ%I}R1>JTctld0%Xp~ZKN|z(7+T)FL=g5&yj*DFo_(~6 zZ5B`CEftAVLePHbAt9TqS}DFFiv_MzzjA7=^ho2Tvl)MOE1e|R4{v?-XAcAp z?&VL)hQo-;rYGVj*lwNh5wjxzk^xGQOK?V0P?$)T+eqTOiKtWcFhSZ@_H`>Q z6;)rpo#QQmAEe6G;0Ybdb@R({mT!Docbzm|-&7RXpWNx{K^?hpr)U9|v+O3tG*4C6 zWwZ~?(P{L{8RCKin%_lxeFnz+nS>WdnILqZ?O0*btR3zL5m=z4`^Dyw2p6*QRyA!{ zH8|M#MIf>5@7n#Ej(vDirW+> z<4d87w1zP@X@uKjEPu{U#W_!6Y72W$o)jx`Ma%RTl-;dp*Q;(19=FwE2v`1dic#1O zy0`wcKRmnjmHo}fv_#=R1E$z?p5+Q2QYHGoE975&1shgs&Fa$72^{&$ktZta%W`d>Qyx>s>AM^70q9;>ix+Y|SqMyR$pH?i;a#F3dZm$ly z*8nXU&u@%^aWM3_A_qo*;qR^jP&e1A+rfIiZl9>g2D-rTp49QKKs>;jB1NUMe^fNf#D)FemS#_HsVG{sl3qa-apdAgm65jqr_{ararNtIH|Fj>SgeH%G1z>Ie zFV=F#UyY{N$->d~e+r_n(Q#rP_K^kX0-@Rxs1%C&m}zJk6NwH4A?4f*qk;`z6vZby zcF(5YHP-dBT}nRjKfBWD87D>M^Z!Z+(1;*=|K}J-%cJXp3Vk{=9XMU`WF;U?>x)gS z(xuaqIso?Hc>D5rsM{{??n)|^BwIoVStk_PlP!B>-=-9@XJ>3hS&K?2%Zv!w_uZJX z?+n?QvCr7IVHnK3zoG8udEWou_r5=$8h-P;mUEr!tlx9`C70vZCce+gC==M-pl!Vw z7nG?4I%i>Vb8T_G3!)@Q`Y5)f?pZ|zu}-mau{h3z0J#vw_x;tTLf6QkEgx#g>w;@y zG`Q11s-fYIc1?PNm@2|7D*3emJNTALPxO2&SKimvF(SY1_VI$6`}aM(g$54*$z*tY76KMC z<6zXvihyL_eW9$`;6N0fB|lUmd`QburhC{ApQVAW$5Tw}Qw) zd`U6<3CI;7)ifs^3}8Be?2>9Zzy?*YG%~j|`aE$9=$z#ZPhmKC+?%u7Y4mpiM#`~+ z6C!6nk{8elp_9e5Xh5gWLF5MV82qycu92QaQXIROTCTXmx@|S9y|=Dq*Z2m2&HtgnBJGv6E+Y-4#rekh9(d@>XOVqoY8c@aJ*z z&}5wO^<+vdISdb@Ib}oer(3@sHvbo8d7C*yJSxbb@wbfTnR1e`^1?AH|AI2l`|$w? zRq_}IYyo%yj7ynY?SD2ld$ch?-h9kyC~&#^p9htXeU8DOt@^%Lov8lVJGTEGCGW?7 z9|GjiY99D^$(mZ!Yrty&iLXwto67dj{uha_k#`C}z|=ixSOf6x!dL&DY-WA6kc>iY zUtKpPv=~Y094-D`x{LRa2ynO4t5d%3s|8k_g)pi=hJ?}_(<>#L-Hay?ar8?Q_?Ke> ztPeqp)E7&}i4ima%s1l=`CgF;^MQMM&r}%z2Pb@TfE_RJ#Eu%p049^biKols|C&N4Yf4W1LR+ z_9C8A;+Xh=aR79CN_ENw4wNHji{I`*;!~f!!^J=MgXaC^RDUO!_6fX??`S@x! zXff!dV(kr%SocQtcfMn+F2R3SdB2fAljHC5Z%u^_J^s&{Khx2GR9t$@8UNM?1O@#V zeAjjUop)KdZ!$!(_1`H0iTTwkE~bFdpp6D3yh`y^JOKE0rxs1&+{+)YPGr=?+BXrS!eJ;1~v*l-X()?rd3?Pg5?|{T0i-^x& z_hH|vI@AE<4RzrD1U1@VVyK%iJMgU`0dH^4l)B$O}c#YJ&yepe`-B~9uSp2|IX`E=fbAfXcW|(iuzlM@xipL_P+DFpdoY| zvzv0Ea_5s?&)1#R#&rq#uQEq*TY`BIGJ(y!HanNte72L%g|AKJ zRrROxXaMA!rd_=r(D4pqsUq?VIg**wZ3HoENG0`;E7hI86q#*K@a|GTyN zl=vwMh|0FC^te`<@J9J>xT6zaW4jO*~~(bzObAEr0l{z z8nTbDxl+fC*m!_@li4hD1)qj+F7e4G7&{a-Y2AYlNl{triDLoCIx5bD48EYw=Gte+cOt<+D@7Y9P!FRB&$D=Vr8b^^5tH02{tJ4R2#RbWg&uF|@Q z8Auz-yGJ7)BGkKcoqFBI-2c|*q}-MVG4mI>A0oP^2Fbe&m-F9AZ%G4t^_vHaUVwZX z7-|ZX{5c-G!FyOoM2FZ^FyJmoZRgU0 z6Yh$6ufu!Lj8Y!Brz&jMx$5W)omixe@>1gGMPx1>T_AF`&4&iLP>0+`*M*-{sTY;w zCza-QA4i`HEbS~-?;+yKI)g3N`lBwgktREg<=fQ}jAVAKw0#!j#~|yyqeN2k8`#La z&I0E<8#{6y5+xA?6}!ANlJhx;uGC1-0MI~>;)-2!a6@uQeLq~%UIzPj%iP^jkykdg zjiqZ~JKP#p=ttj{5yO_P6`DBk<+=`ZB~ZZm3lOzqzBrY+R`B;gV*GwOd^ago8vi@!LdSGo-GCn=+ z^_|?PDPhKO!-;-hMJX`a4YmL z-HaOyG_Dn7jH3BuiX4iYl&6}hCH+VXYuXmTwXF}l#3FWcNZxt0hPEFe=6zcjyAp^+ zA%k0z{q)>3Yk$0h5Wiv1H7HM*2mjp}vGjYn^K5QYYSVd0Hh;`awCW7^`ym0Wl`~h| z4>SM%S1)G-O$FtitT!P^JZFC7Qo_Y$6RyC;cFLD^$Rh7bFe-axG$i^ae888SInlyp zuiLjTo;f-nzS=}FYoWc5Tl%s1jk4nl(G;_(aSa58KbDMXE~&htu7^sH5;XBo-_z}C zAW7^ra>mG3S<4snRAq)}8`)3XwPXt5pn}A*;&8^BQS_1Y{MfAgc3Cj{5}j&q&WM_T z>e_8qBj-b*EU0lwiq{OwP@_{|R(kxXUyf!2+r`?Vz~$)CQgfeZe=l%mzezYu<~#(h zB`E^A-3sBsOAr$h3+`>an-K%FNn`rG9(bv9*YS*WW16J&v1{M=hP`C(?j)yVR)4Q` z?SwRycDTB{w$QUg$kw<|QjA=L$hX=7dZ!4MPQFxf5MScE;TrZviL$kGNW7O$udh7{ zcXx30Lq@9SO4Z}idJT6Lut)IGrh=eOIi>iCpAiSYO>*h^0ppmGP3<-mGkp^N11Cem ztykQ!sNGm%(^B0oC2TK+YS&<*?a`sB&hZkv4_0xbJagC~7PQqY^$@lMJ0D$uXee50c{JU2@~Cwq};&er~WlGyMM(=Ycy z)tlq%zb4@nI=G7XS~&^GJnb_TJ!5vVEpQG3$^SI&A6s!Vl0K&iaO`t#=K&q-An%vk zkQ9(T0q3qn*~PukpjP_EhDKOaqS$=MH$$}R+IG0OowiBPeZsICwT17P{?LT%%g*mQ zYXLhDPjnvnNQ0ozj@7M?Mf;~^2K1Hs@7mV7Q%fn8thu_shE9|1BB#;9k-uL^UoaSd znt6}=J!aZqA%gsRwQX|z1cvh&p6qS(=jC#0f7HCzv!EvMzfaFWvO7Mue9Sx%c(TeY zT*-y38O8Iqiue7VFU!hndq`~F+nfb6YS#V?T6F$NoYH0*->X&Dt(73esH41dvV zX(jN82m2Ji*E;MEFum)n%WNAB1CVKe2nhAl;;tVS9*qbT0ApHbS|5+?teu2&)M^~r zLn?C1vTRH>+SDA_k%}nkvdNS1lk{W(ds^oBLGNSpDCsEay$cW_vI;salgtnVrMExc zTKZKlm}z>Aqht`Yo2sTqrF{P;gS>Ws`gjmD)@WReMP3{8cEa!%+ujhO_|GG0PuPDR z#bctAo|d<36Wg_Wsl-u;Koa)jOqA3r)OVE$D4Z&4Va*{6Cv|YvOsgb+QRSbB3JT@d zfN%Zykb<9$(N>Or$08**gfQt<0RGR}P!nMDli(Mq(o*o*SMnj6AF~QT8dOd}T>{QF zP5FKHkCgarv=EjZt5Z}{u)}~IC;-ci{|1cOxSCtI?jR<>mY@nm25XPU^bg-XJZ#fB zlos|>G$@x?iZKkm#C*&HCKxM#=HCu?#@1@Lx@)$&r5fBt{Rz15+NQSYu>pH?@wF82 zDmRQLwwE2yVj;{<#1p!C25oWkI^7)9ySZoUh#N5Nz!52H~Z`%}a{ zcHUsUWOl}b%g~b-6$&h#HW`>#d$|6GL1v9w*aH0k=o90e7moshP;`c7$R9dsW~8{` z6b1%SAmXF#vB2+f-B@p*3Wy!y<_?H9p^0j=N9H3fu5h1kixaWg&aZz4&aIhH3v6Lw zM%&}D?q#ec?D~N=BH&QO=P7`YvcKM_3xtxZlBD+BL8 z%g>RaYfslu@MmDUn+1S?;<^a=wclgV+iyuBGcflgXQtJ)x1%|)j{=^1Y+eA|Ul&1W z1=wI8*RP%SH3C$(Yl%zaFQ^qEkg$>El{uI}GqqGY+P(-sOH~m=dCy>n1S`f}gP?#ZamPHu4R1APuwWa6 zIu(ufcZJO~xNhiU-cr~7brSplCqY$YV%!#ptRv(k0Kf*T+*)yoC)zE3V6>o`7%~xc zZ);S&9uY+mdGrMqMgag3gLL{GPab7Q*Dj_v6DPr$Zq! zmG+xpoT=Esqan0xE7>msZmJbte^b@OT)pm0u4-g&sS<{Aif&rdqc z*Xt63Yiq3|`vRmWHF4=}oQ3s*PLJHxieD2u!xF3dNR2O##s)^o+D`-Zv`j3P59?Uc z5O*w+BtbO=^>VHsCdo;rjY)*4O}7I;bfAJ1sAA%B@&lp@;iiouJFrNgu&b})ceZ|x z-pK8Zw!06XGofxzWG4bqj`V`xF28ltGCK0BH)sIY6=Zv4*(Tm`ydqoa9n(a%;LEs` ztr>BU)slU{g+q}n=Yd4Q%BWi=cH_M``nIS25NgL}uH3@*Es(bgIBehr6d_>-BweeH zXGvpQ@m;sjuWMLzvLpD$Sa{E6DMa17;aA&`uo4`2hHK%C{vTyQzAm<|nr6LJW`N`? z(%xOjgr%m$>-A@7_Me996_`AIO9zOOI{*C;YNx8XxG7HHxYsrSdu?GjSG<>};M4Wc8bdE?WE(ui7g`{QYd&!eduBR8j7|fxVCY zYUz!SZ>fP2pt2kBP4H~IZA*w;o@vEuD<&kJp{FbqkuNF7Q2Tmd+~fcb9_oUR3M27msz zq{~F?4WGMUJ7jWjIoc|5{TCHw5-pt1+c_MuG|^)L&O6MWqV*hmhPeZjcP3^786}VR z(6ovao8fm8hEo6_)^W5Hdk)BRj|c3p^gEM)O#r?dRcE3&aN<;(=DSZyzhHJZX6$!9 zJ{D}|IJ$RWV`~gR@E(x6w1d zjTS)WF35+j!Ajj1i=B3p04Uw}qvHi2Q?rd5wz^PX!0-y`8uq87!wJ={*8}c5aMfdE zQNXQnMjVO>mpPUV7=&v_(fb+$tY{H#?j)ZR2^J`N?D;f@1VbhJDJ%%?VIPx{53`wj+y~NTVSy+60*a20~E|cu# z{#2z%J%r`Vd+~s+F7dRBXR6jdC|pt{)a1i=MzJuY`A$7p(y}p(E8a|mT7IpW+1U?J zei>THgmJeX7WZCxlU!EC-hRWydv)!R!>9|FfL5IgcS;C$8c?l;fNK^n| z2w4zPhKioG46{*?5F^%!N~CwI|NQ>08YAX7dQ+Cw(QhfQB5KUF#Ja0|%&A5X%@|TJ z@jOPem=0HJ^w+NFf!OLQb2BU{C7J-niF|D}-~p$qNEQqUyPULfc&Aov(g8@BbZW@6 z%qT5_R(_2?a{Lnj73%^bE0Z6AQh|$XBewVz092FOzPWS2loe#rC8lrHs}9>72bjeT z*RYz?Nlq%hy+t-H@TC+~^xqL}<~5!x85&=&;Il!916P1W9uf|e-(OR*N1SdG+R;b* zZE5yZrTlxO!pn6jS(!Z$0G*JyRwd;398e)qtkP-dHkTe45Y@wGsuq+}v1+j4bj{O- z@CQnGoN-l`+7zd$GYP-`v8!VI=9Y(I%o#Xv-2T08wot&%UZ@3(^MW|}0-)Sb6+vVM zG!B3QnTC!7$6nGcxda%QYJ^W~2oiBR5)@T)%C{p<5C+@|c7>2PBxdonJ%a)&OMlxN9&-B&$)I(c^;7tuor(~A7CPp zjjn5fCuQs^Z>wAOQnh#C&G4AG8lu%n%s#mDT{r#exPNG6p5~VghYo{|OlnAnAlh=X zlVRF|ai1Afn+o2Ybi|_>Wh#Nd=FPgj8^uaqXew9B1ZSLGc~%Ne0{?scSJ|L>L%I*( zSsh!|;lFrdGObus?BaxT5+&Ve+W%#}sz-B8kgU~ID1hv?ieHsdmXkb8LTF4bm&*@f zRf3)2n?2iNHg$!BYb%y$eE<&p0w94Q`s?Kyl=W6Recly%2X-+-r=o4x(09D#LhJe{ zyig<1Sr>3bQ(+c9hgJ*mky*bof?NS<*gy%usc_>R+Rs04`X%#VB?!k}7SJ212k_i@ zz{a43dV#DU6u)zHbiHBlnTx6Vw}M61n~6n;3Lp@SANIm~NOD!V`2jUtmB*9qeE;bIQQmDGhkJt=j%ek`4&2guCxq(J%WircTBI zvgOHR`Kpa5drS0=t~#iUP`y-jM;j<;bhq$?MZcTi!Db1OJ;DPkc&XugE_fs)8_2@~ z(L@1)ZHv&-8*yRk_OUG+hq{4`EL205zqV1u)+k_gYSlQyaBtr;IQunu#Bl;926b$Yt

Mg`YAdu??c>7RV&0s(4%~Yukc*zsxN{A64 zq0vdA+h1s-!-T>BumAAspeaIqJR9V~|MU7wtSnOe-A5o-;4wva81%kH)`zeklg2~# z#2m%w;&{Nxcb;C}y8Ki%$e@Ej7bS$8ek(i1uqP0V0R& zqys_agnUkIm+TGm-?18xp#@u~$#?U=cf4UGLsjyfH~x};=YQR%|BNfVq)!5tLjmaS ziPAs2Aou-RkleglwTMzOKc_~ZFuMNX$Rp7IRO9?1CG;r#qr%#L3pPZrOG z#*s>Zk9HOkB`q0s@LYyrsY;w22FU4?DtH}8e|YyOSbE*(R`di$Xi=z3p|@ib>HJ|n z4bx|dJaW6dO)V&4eM#z*LW`^Kqf+9#y46YPf1h$;C3dg2u|?MWsJTNe4~je-x?%pM zHtjfAsou+E#&QPn1tXAK;jJp7hiL=+v z-O?EGyB-|T9_BmO|AIda&=P!^)f(5tZEJrT7jUeluA;DKAywC;RjeMV#yu&m-Q4u( zmM+vo2aW^(T%&W5PTGoF%F)T$#9fVPCS3ze3H{epC6xdM=JQec`^ugwg~Y`KNc>Bc9-z zAC$&xb6y#7iX%H=%w`FH(#fwR_04k)S)2a-s-D^4SV_`jD4AYInN7VHgE5ev_Go|m8EZg@4lQEh^7v0iSGD{d)8?DN6rZeT?~*`{86>aBF6 zgz^^*M4gJU-1yN)=k?wDfqrx34ue5Z4(wM|ON-a3S96g%uM!Im zavqW;HO^`hmik%2wpe3qJsL8g8D+o>^e6;g+t6S$k ze-ctJH4}9xbrid&=m=mF{{R2?$hF!Xp~gF-TM-caQUz3GMp^dlvvQhwuFmj_#5-VP z$IoWSoRjxIV#l}m(%-4~)34OCOgNQT*eURa_xUw-KTUHi`NeLRHmepdV8L67o_b~3w}8*DTKf2SNGc#oH^3@< zkU2yOvdv2U<6`>FcHI@PbIdE*QsY0w)PA^+tO)@(80Z7p`xqcy@2TUDq#yZ8>(fUi*$ zbr-F@1rK|4?fg@?v<5zTrmYB=HV1%J{3S(e1Kumy*Z=yPntY#ojAz2v@FP%;NH}jdl-v`ca4IvgiQ# zS~}H*H^mm^5^kuUp+wQSWK!4O0TAmTmdwkM2$?CPDjEmnb9T&tnd~1Lu=ksvs=;*% z4$jg|KO2Nv4Ll8B`W=!&`RJ5+G$Ccl<*nRpVqIKEQdEoo^XNwrfY-4mAuqW*y#x#B z`nlDQ7+a~`3sErUrKH|<@BIB%?f|DwkVIQX3IZ{u(3U`E8HwR1$N>GOJJcK#vHl}F^v0o-h#5aI4Q4YBlW3B@V zq`ji-Fa`#k){TRyW#V>US?U>Z+Fdp9}c!Cu$PNeXM!DKGH<9|?_}$Kn+9E>Ps!XDHW#_6S@cV#k2>Yo(ktqs-!seS?wT$xdrrTH zk=AFx8P_Zb&YU}T@ms4zk&WV(ApaQzOMO70(K&vj-$I4W;sDs9#qJl-A zDe!7;1;F!!iES&ROVtPcIQ|uto(n{|9TgeS7q-I}nQj4zX_b2mZXjS&n2bPtbEupj zZXvp$n}|+}saug-&Ka(W$OP5k5(5c>;M2~;Jtnk&5L|t6$7Fg7U;6^- z9DT^@*7HP2WJ&B^%o}44(}J2AIk6u0Bi|1 za0I~O|I9wXSg;)gz=B+*-Vi<45HoV+fxICp6;rBi(@q2aBZZ^gSsjqx#GO@=CFrKc zVjC||_;Z7Ny_^FM6k@$1cOg?fHYlPJVRHQdH!H6Auv0Nh?ZdJqnDO*5P~{=CFJm-e z2V_>L_#|TXo&5F>dr0r9)|5ShEp%2ugK16*zXPbmzT!#%mWjVWrmo8vZqv$HqBDxPwIM7&(1oM_m4syYJi z#>P(xuYj-I_rAM!PHL?2?5>W>ad!5|k&5?h-Ex?525TGl<%2B7{U*>(J9q?G)@=P* zp;Qnld>>g0BG#@oucRSV!M;*SG6gU2@wzoBLo?AS;znf4BeJeTiV!oNUJK~2a-nwT z3fp@-X<90Q!&9viOV{@alD=?@%tgm3&*T=o$5qUuNZ#-nS)%`5ycs+OE#~{K zW?5%9rJ_ZN>I&uJ6c#ccDmT8}Db90o&o8nc1GL9WyuG!5E5OOm_0wsW-JiSv91IT; zH7qZ2-Oa#4q_oox((0e?vL+`~du%dnIX*LqL!e1C43A4<>9>~$}?2W0q0qV)( zQBXug0OYW>pn9{t$qz!-|IE*0W+*>wvGxy1<%xJnw6!YlLM>RCzu1@Yqfw$ z@l?|m$%hERo`;`|DCGzq%fEZaU_@^JmyCcaVTKjIklF{APk!K+?J9%@zr0qHj4Tim zh)t=$C{bB5H>_fMv?0xtV_)VBu7KpoU@6P7KdVJbst{%KgniKo6kNmB>V%P!>tTNr^GtXaI>ppzi5MviW39mc>UN-p(x7WTusGLoyx$mfK73cK4x5_Yo)wH79qJSg|6Ey`(1@r~9 zRIK=)XT}BW*DZXmGQ2?Q@!b-M@co4)#PJ});nAjA!Kf;)%-Ub*U#Dc>`_IQVkZ5I5 zGX+!;m#%HVIyr}#Dgr+8-AjUOG2G3cIz=D_`eOcJRq??*Re*4wyZK?uB|Lif*2lbw zk;^d;f)s=(bXQN(cwMCoW-%URk$-iwnVnthUs7`IeYveoh0ZCghy4wje z>G#yR=}Xw?d?w!ITsfUT8sup>5OXJ~-%P6zUIuveJhY(E3}olfSLumYU5OM2F_vChPcT++ zFvK`BRt7t)MhYSu*`N2{e@w%A=Y_DHYK^&~cJ1N^^}x~$)1-9v9=n57n_o*xpXlNI z1SRK7Hm8uMP6&Y74C3lH`}CS3yEV+HMKo|Yzonr8agc-ea`NCID*uJ}M&1%b4lW!u ze@bB)va_@EdLVH+%MN@n)^0tsWv0`&^E<&vIAAL>eTAk;KIu&)z{iZP(H6@w&&sR? z9vpC9dKD4}jaM795wL&fEoXkbh|4mH)F*CGxc&ZantWFKy7+c$m`tF@GyJTgzJV)M zHsiS`yhzb`DN#G(?(T+TC`aecgxgX-A4I`vhUmTVbG)uROJ#q0v&?agt38S{nWpI% zx;J^&)1Wiw6%XF z5eW10?{VVGD-Uz9;aR@RnRhU6Ut2!1F@)_jz2BF-LQgqCuh96kb#(fJ@D8&ClBq05 z^#W3g)J_Mk@i?uhJv$B7FF=pc^o&FfkBI#Dn);$Y6-leFC}a3=Je+yIl5aGg3vXab zpS06Qteb_7#Y@>zK0AjL<$}bcEM)v`XL4;4=n;b)87&*mLOU^XtWvhakbm&Kj(~SAi&!q8X|)$GJ9a=&IUMEbE37O7kW@3Inu&$ zuj$lw79E_?P_d_UWE&J)&MbcV-Ea<1ZJ?F|vSfanBaAhb^2CQXb3QT1R2s8woU=ia)ML3Q{Cm!+9zZZvN`x`6b3`XfED zS@Jh~;5sWj^P>7c_SXg+%Vv7SopQ8d?!8IcN_Q?zpo33OTh1K1SSx|1_^;G4*S{zI zFg-BoSdGw{$@i3;knxX48`C1lXZi8DE5Sz|xnJ)^L*}RADB+lB?mByDZc;L)Y<}sQ zuVa<{8#8TZnQOySEHer?ORG));OfI3NCq#lB_h0fqX=E|?1>sFNuJ-br}Qo7_wP)R z8{NP94u3flmm*%<+|p3Q-nU%K_#F}a=u>yTd{b|De-14@Tm|j)UInM?s$>}(V)J`^ z(qNXTMR!Lza%?1UFf-fX-xt3no$$?<{}f!<^ock7-8n2 zy@E@BzXf)p0oP8|RliW#U1|$vNf}R7CPC32uI_7{**vX_K^}FEwj^`;c{CqhrQV~?^=P3_L7?uU5(P20I?;i)iBs`xF@xVs_aCfmOg%7=62h2U_A^V|&?zb6AJbdc%5_ks4~ zoufw5e1_H2$6^$1z~a&$Y7p!yR*GX>x$%6dq6QY>5Xpd=rMBgk@V9+t()8<=RS*Xz>Yqp+SnbmcPCAwAn=W{eYfK3(44K>U!hoOEZjSR1YE3)@t&SFBL z{qyTXhhSl_|*=B(BhXLU7c7f3TBBTgOJ!YwEchFy&MM+c%{DO4>Nz<)^9r1n zX=1kePO+%@do^}POh-0bMnDya@@3y*lKne|$`3a-X7JJzxXpRbXX2lBm9%S&wfzpu zn}DX{_I{QgW8qP#%e1w(9g4uaV&gS@l9<|FfzR3NzXF_-@E;^Eur74LT#M< zTepVFtPY_u{OY4%K1Z}UGRwKp=_=f#Mmq%2H|%@srjOE_`A`SwE$A0d!F-Z$vUCCa zfd*u$S^@gJwJV%Qaz9GXD?G>A0dEH|+m$PD{(U89F|vMqH}5sNBYk%l#1S;MboLJ9J9_q8BsQ3a1}(Auy4Q)13Tzv`+vO$Q z_agES+dp~uodagu!M{0HeKH-DYa=rh^SsH{#y>A#gLdi>VzNv;ZK9` ziy@`|k_rxeT#c9+RJynk2GvEwEBFRy5oQbLM~b_?L^^GN{L{)ZE1Vy;7}MJt)|5sx z1dzdk>*mHCvNHcRo%HjR+nW;QWgivG0*=a z;EXf`w4TVhWcAwPhXjomwcsBP8Ez~oX{!^L34lC%TM*U1u(C4dS~!E6(*(n@Vrn-glA6R9ARgjE2ECEYTR?j|8TGpVjeM5 zs={X$VN+@MY(LtDHFEc7dWg-Y!AQ7!?ZtxH8qdAa@*S+w03a{jTEMyHSkkWTbEI$m zjeGSAx&cbK8Y;GclDngi^Bfm_mXpgFrA`qi@pr8hCZM*5e`tJzRdbGVOk3nTQ0+vUrFc{HSa_8(i`S(pKp8J zfvm9W{tV@esW$GZHBdcjkNx6idy=l#lx7BaG@AHw84!1PxgkGvNmqrS(*fGoo)(oT zRrd8|2`M!2p4c3l2g1K{gNRAQAjUbmtL}Luh%fA8m1yDaV47!dyudDoc{WamFxWj= zd=tI!!_p2KOasD8rK^Wzz;otHVbvP3yg6ei@&+V~^~C+N)~1itlp@l8CNdSs47I~n zMC|X;$WU=5V67Z=Z$aK%h`}b4N>Z?gm{Um?0ktU-C?shcI-=Q^-g)K2X?z$PwA$k1 zy#Z0CbU@*UVrj@1{-ELfiHr}$l}QX&;SbaUYbnjB$wC>)d8|S@!=NJ&1MZzS?^-<5 zU%63CyR`*mF1uw15>A}Q*||9hh8dVTEOecKqW*sfRTy%tTGPo2UnN)}~5 zjx0{B8cSL9MXA}W} z`Qf#dKnYB2H9`X#$B^OTGrPwMGZ|Gkzz;uUK{6K|%tp63fd_xgVFGhHx)R3@7{#It_UJA_E48yNk%c+ zsPu=5M6^-S51xI?tJ|_M3KD?1`${9}t=8yMEy>Gpy_cR)@vpLi)1T%l@h`8@$XJ%8 zvd&3cPNkxPk?lSbLyx-wo8Shm%{Ol6y6)D1L{3BXZB^I${7@H8NTaKgOuJ8GpAuX< z`XXDY&8%5Rn>_Bs&sDPz;3?ec9Y{=Ypq;vKmw&g$GvpIK7jM7t2q@U>k=Bh=mE6a_ z(~?w{4S_!a_ve+P3mxQ?sV~27MEUys=Zx!_W3WjD2|y@$LYIXqvDu=xljg-W(5E` zvp9>uh;1N`{l z=xvVIhKsmD3`MF(5q7sj5KS@783|!wyPpq%MQsve)>*ypDEwUq$BQWoN_12XfaT>S=Of>SGXpFvn zH>|9!WGj2GdkOud@$VR5$BxHb>85@HoDi*Ox%VuJ4RQ}A3~cYl{LEpEMZEQ*OtpzL zj`$KQ2$hICmmO=<{lMkR7r7 zH%Cr_M4k6qE!;EP4*R*B`W0{j;OjK~x93xLOlTO)F2(z&#s8U+kuljhoxb0e9=`E5 zR>=O=O4!hLvxcnQjzr|Q`h5yyiM7#5oBq>dX3xPoe^<$9=VM@0Bq5!O(Hm%11C_sc z18-Xv{Q4<$3~*Q?oka6IN}tf%)pRBZvlmKib0`Zu1;puz4{E;!>tpZKyyH;RJ^xTs zTKTIoz*A1V9ZQCpA9I(g009jW<>nbe$a_Id3*OQ`ZM>o^09?i_0qpmHhI>=)*@Id5 zKsrcrOmqmtWj881)t&QJXYXZ*IHY1WcXM~E`1mhr&xM@}GJEQ&aKG#X3k{#^Hpri1qSc$RFaz@_QO zT=grOEs-8qePV1&vPN=l?kD{t*CmLPc$*V(nlDz>K&gqQ`3=*?I^Fgs@6Av1+x1;M z^jjehaLRtJ5AY96(YVk0r@kCh_y#z&aN0XUVTe6=?t#oqoSA-#kBh1F=a z(i6X9Y$3hYeE4AGiX<#zRzgIi9af#peN$qxNnkTQoK9$yS=VYM_1g=NxD9oA8#f42Oaerr|ls$G8tWOY(+WaZUe-9b>XR{ zi*BTtOgZnYalNpnv&HR`O7POv0-6`y#!U~8HmUfBr*3qW5Wb(klXSnIXZ-V0TYJ@B z!wMvy!#M#Ty)I>?d?~f1^y>}CAA&4AfSU>y(MJ|fzucF2eJ<`%mxmP7>OkV9o|gw> z>}OC|zmUuS^MdUUA+Fz-btlBMGNLU-G7ldf*xyTk3JSOwjkOhLk4l8R*?5H&cH|CY z<%~PJQRj7}NQoc}#kKi<<%twZB;z zZ>Bu3*=%8&FE*f|?fYR|RZ0&O)z{XaWTqnh5VAVStcC2iFkjU>-x$W)ZykjFBQL(c z`6?vwQNkz07^=Q>n>Q1=ZRT2?V5BDgc?_PK3DWLzDOoxBKbvXeXtUVLS-z?wKQAzP zy-*rX_gr!b;#pKnLnE_t5Dm{w66ZdC;aEDjrp6CMis^U6aF!ibgfFG{Y$|KuMDi`( z0Xt?bzivSqgRauTCs$%|Upkq)4$-Xf%P|pGGnc*6t92J}g$UMEn`qlDAmXZ9H$S*p zRSX^H6Yj!JUikzU0#u`|UKG8AnP^E0 zr<$qlZ}ffSuM@KDe@G~%i+3^+J37+m>{?q}ZlOF1?LL@UHr5B)xhs%`a_JHv#uNLz zU}Q%GnKny54GDwJWp+{57Sxm|!7|G4E}M#CIB5_iY5K@I8@#$)Nj%mOya!uj8s1tg z3xiH5tvxAnsLj~7fL-4h+d=F_PX5eCJNhH}!EPPCNZWjrUiqdJS()C*xh==j^Pvjg z8z+7tKVCl0<|dD`_9VkuRWE2;%BXN^d{+PbfSc@95twxG1~n5mWWbkAxb7z*t$+jK z$pDY&BH7etnDa0Xc9BXalt8meN;mV;RRJw6(5%rm>tNO%<_ayW-KDZy>{E=ag2oE= zgf+~lm%rpK89SM3BZ^#Furozq!6M4ILFrxOYPZ1*)$-B`udzFQYP@PH&yP_8{v8cG zKj!^DI)U5u#Y#b~Rf)EkA+}{rTBpJjWqY&<=F3D&*TKAZUmf-b@fiX=LHRZe9n9XZ zi$4{vhKmN)Q4T5KmTy8%S`AGDgUJ+_u@Fyo7?Q3aJ8mPFRu;x9acEHmoQYk>nZshs z?$D*^+V7+=M*K~(D1Pr7tYn4($b#pxW`ppd;=mz z14pf1g3s#{UT8f?^@{l7;OxJcvmx#wph}{lG(>ljm2~kxZQrpHR=#V=nI;w@6;1C;mqvbX1_e8sq<>GD<`D za<(NGd(s!pd8ASyo76IDCT8rKvJV(h7v6 zN1MIETD`)CyY!ivXM+a?wJok9u#VnXwB3%(Aj-S2pumtVbXtmEZOuexKNwkE6ULrN z&9{-U9w$@yv<>qt43!bulOuKTz{d1FQHI5Fplq%u#JTaZ0`5)3HFV~Y1&E~T`4Qe^ zZ12Ol3Mns_z8F8Yq}IAElJfZ-)+!ha->>|Q6=XGH7prUn-$9y+lW?O7JxWU~>=}&@ z3LXStYocqk%Dp)QN{DFoRG!AdqQ#XLa!S&#%iQExzlqN*CT=G}8-M%H6oVG2vu?qe zksYUzQnlGYi)(_F%&I9vCKkA(YQlV}?{9rGNsmrq>w^uNib+k2GgG>SVOM--l&7L- z*aik%{4m*UO}vmXXw~!K(PqHbcoMzZ`K#&kzgL`lf?$AJh z0BIZoBzSOl4I$9DyCsc#fZ!H_y99T43GQ%KllT4h-uIqy{@fq;&tWhat7}!wdgiQI zHJ_TbSiOH^2=Im6{7qjEJ@(J6%4NHB)vF6rmVNF+)E)_hB9p)pH99$ImSmm5mAyrF zQOcW=;-+RaE(A=qFh`wLDGjkd_pt-3c=PWvgHn##+2)o>omRVl%l+jRP!UuOdh995n8i)MX~dqa8cv-=goC!aOOmx*L->j6(3T9sDqE2vr5^~vvy(9 zkv_B$X75u4?`()X*{re#rpZI8m3 z#v50|@|>*#fK%PC+Dz%Px3MVGd_qja0Wt#9pi^EpqAb2ztXQokMS0MOWx+JGOzNG` zVJsDL+1zpBC&9kw4`eDPyH-Wd%<+7kepAqd=sTXhl){adFsW7S>)d%RdeP``MoGxf zr0^h7PlB2?R>a#|Dh<&$g=9b~99zX3VhjZWxAt|@T-i z@c%gA>pWZpRypNY6zGIaWJ7n9og1$A^9oL^;l312)z>0)&xed*WEi6FMv8d8+aB|> zkA!!!?{yz;SW~fZ^zO>}akcbmF}nwqf3B+!3SrZDrC7c~Y&i!f2eLkw%zG4%+BKK` zP?351Yd+Bi_FJkh3^q*MCe_oR7tCSHyWGf&Xl@~*cjpNMDMfUyGP>zv&Im zrCAn}<>R0L!@->B@Io`3jWdZL&$7>!V5b*9^TNEhem@;U-Z=jsiqyl?lp zSqsIGs0RtT;H=h2zDO-K?e*fdD?8^LxpVpbS&6c*NVZs~c=}NeGj>xymI$_y=6J}! z1qinZSjI;+F=T}=4-(5pBP)H5K00gJWES1o#`+qi-E3XCio6R0o3zPbMwZfl$B+n^5A??4M`J1?N#i4D#OdOr6)DL-Ywk zGCbJd9VsHzbRaSTNe(mJq1;18f*2sJQrk7%pzNjX+r81{u!`MOfxqa(E?RhTuPPQ% z;rQ+TjBMzA^J-n+>5H1TWg@4f&_qsX%|>hF&YinQy>jvU+cIovW%ehUhu*JNTKhD7 zy1t_a&3ING{0VJ+qIz$Y26dgQc{ylbbXbX%wYvc@s27-SKyZEm?0Cg8^OE(VVpam9ja z)`tzhtvg5Erz5-U>08j6yXixc8Yi)7U2M+%aO6|dvlZ!%tu(QZQb8F?9xqJ8whGo~ zCh2zxHK(gSKBTI)Nh{yF`aW|rZ~shUTQ+-}L^FJPX5GX~D0eDK!selPAC7Rt4kG$N z?Hr`pQQ0KQWA4BnXqGLxTJ|4d(!ffKh z7MX=)*e~bU`*P}?hJ6WZ+w~>!`Gc+?T2>P+_9sI2oi5+^lljhM?3D7;MX{XF47b2* z<;91IA8z_;)>oBxH(BEvaSLRe9%dsiO+=uH5>P&io65!Tu`&l&xAEGBEIG99KcAT! z2(}gVBxi8XoT`Gv+TAJ(**rY@5`nM-yjntTWcOnc#&xbM4~(FTpK=-1oF++&#NyLU z`vP1&_MuM6HD2L7MP9~bDK5mzbV%$_7c?XTtvM?w3mi%gpJjG(CY^luyfovkH7ZEc zx@qX`aYMdu#m=Nq(bi4+msf3=)A|yNADT)GGVL*UA=-QoznetT?_3E7gV{ba2Q{`v znOBlYv%jtM#V_-N+-PCD*ZayoY}Q?acvYPD~Cb=k|*&{M*6Hq zp2tmPL{NF)=eT0-`RHFw%+zHLKkV4`>|ZaScE+1_k{|aDBI?|D7=V#p)VFUBH`YBSM@!K%4s`_Snajxoj_4vMrLw1j5l(T(BtlX05g6gI~Bfv zO8hx2@$T6keyNRNQr$&vvK49okkaPGZ3n94Aq*?K@7mc8GkF5i~*hUsN;D;y<&Fs*Uutwu2fjEL+l8RSKi zPQ4Ouz%9y=nzmKg))V9AE%*MWR#~&HY8!#8XT6ElP-ia#6R(g>e2=89Jj<7Sx36X+ zP1NoQ78)TL;UIR7herAoAX5W!t{w+jI#a*012|m}soi3#>Myfy9fjMSrpSQMjEPd! zLnPc1U(=(zJR7$yt0oq$spDO)AUC($Y1ksU9T zfG9aR^Bs-UuGK81h)?!*qqDbWh6FP(RR0L!@Z?Y*r-5)d`m81NTqd+4s5@&#BouZ$ zNfbFfn-x%KTzvBKs4j0OwfJ=f`y}oTC6H*usHy*5&urhJO6TMylUSbiQkuPH3CmU= zG$aYV_<2*sWA5$UbnXAcjtFli=PBE+{l@C2pLB;8=DYji+-U4&tMCDlp=S!&8oT*8syJUpOigh$5 zv)qYW8nvreeaXDDuTM{7(q6cYG|TF$dcV1@9t!`#dHwKX{198J<8s$OVWz^{Rw>x+ zCqTQ|PKUJ&EyeVGew+@iC}!`sPzL@6wgJyAF-}D6-*}rnZR(%bY0zs#UA5S(h+o{^ zws=moup-n^^s!`ioi#O!olY7^@%i-=iYVi!?|)un<(s|dJm;Fs?q^$bqY*Y5REAC>;*|zNq zlDgv5i-H(wvyMxNU4k?!@(RcC$o5Q*L9xiMbGi zw-tXXIW;!V525$vQ=cWmng$}*LzZdp$21-=;#K7-1bn+r#OD4CPj|jgf=DoTI)*Lg zqafoQ)B(Y+`KH$RRHz6MmQ3duw03!3*{?6IMW=lz#WRdxW*YeLt97kLD#vh`SC^z0nbtEPInm^iLAEKP02hheb(wgHSb% z+!yt5QlU24%*LR4tVH+akc*P20uXcldwmvC)0*drmA^!@sZBtWc1(lj3wuNXrpz8$ zz*8*$BYhX^cru__Hixgx$v1JX_#*g#c@%wJn+HWP-K+qmPYOsD!ty?Uldbk|Dise5 zU-nE_WOHbi+M#Fd7KChqEA05}Vrin3SYW9uSYGniW48LE?uMqVAZmq~!SWkt?$guV zjPJt014dukhL#J~F3|pGo~t>-u!2H?cdrubB~9~bm02`=Px=oU1>d0$6<_y^asMBf z^LCT%3K^^wQ@%E~b#uroE?xVtcC9r(mf7yB^&5Hi*SYKyD&zOMY zH#?E{F`an}5t?ga^bd9kn8JCpd$up)fX8}{1Ev3mx<_^rKGM{Ot^%QiBkQ*IwcaWZ zzxv$PmCl7i@q)U#qJG;Y>tpqy0|%nNH;Vh(Ef4S#ht}E5{xMcC-WiUL`&Lw)frZ*Z zHd#zpo?vM4N8UXAJ=&uda=NKL>G@d0mzx&D?k8@F54dfB9DT#s*xd|Vvkwzt&)!HR z!@LR>y}Nn)*`UAQQJRiVEJSe~Cp7f4`;sLN!5T=0=HwL5L!tHk+PKLX5fV@V_EsrtR&5=>M`$4CUqk^4!V(Gi<+YuRaNuH(mqG_HPcJBZAu2 zzr{1oUW7x!E~jYwUTkg_vSt5Uwfej&sUibg0mdxhXw}CQ49)Bk#wCQ;)^2cjwFS>- z90q|&x2D4{PkSCRoW`PC(*uE>lEOtLJX==FjQd0HSN!_RTp2Q_r8{37{dwQhU|tr8 z{;}oqF+s=)$6W#i2U(S(YG~16|DeOaX;z&O54nS9rKM%5J>~%@37Y~jf3}D>O^pyi z?AthU_b&G2Y;_(l2hgm4JZ0NG82mTgN`V`STjy)>$JFf8{8PBFgv5Tf6D43gux`Q3H4Ew|^I{qRD@FKqOGH^5?rNp!+#+n03w9z9*gjbB&dn2IuVd{Y6?WR+!vBLY9~3 zynMNYcF}plC(l(+3iwWYTKR8i+~L9TR8i0m0U!u}M_xFAGRG&y*}GO*cQj-cR1n5} z0fp>7`pPqMMUf8=_GuNw1^HqXP&zwuyu3UygduLb{QFHteI<^HYj_%wp`TA^gq1Ui zl{pNCeiwCYpCjXXWyo`U#$>pC9jb~U03g$g)7^*bFq!)Yg7^)jRqwXHiK9#!a^TC|qgJn0bMR1Ag5+AE61r^51&$6EZ*&dK-8C zT0U#7_TtZ=1fS9JHuOTGI~7g~|Q z9Wi^Wr6Pvs5yH`F!U>kt9syXAu#@UPZyZK3%&>0?V`~fDRHA(w_crxDZ(&QKz|P1C z*4Fmz39f4GBSAI7UxfZ6Z_3$F`z;;*NOCNi+L11K$FjuHzuFkXN5Ip4Kg{qyHQ5GU z{Q5`eA^(=Ok?=pa$pzd!X(NZWvFr0r7xTYdn|uhxPxL6teXnbo@bO<%-AZY(k@a)> zi4Bq|8jLG{@_ShGN4fORLuygSQ7ng7oQmx67^v&WTOdUoFXT#b?CZz*LmG7)L_XnN zgVb)YDz-KJqsRH@e4^)|A83{1iH~rfHz{d{OWoFrJDBjyNc_l+rk2!`{_&aLnCFvb zwoJ@8zsM(u89Agat8-lg1W$sE6!}%=Jd|J9LRVT}WXFC^6g#h2M#$eIN<3Zd_$gE@ z^QT0b4G)|BdApIwwIfEFxH9G4klC<=|47P7Wpp*03vELkm=Heo78X*oCk#D!ZDyoe3qoma?IRiIEd3yQ;IH(_@L8wSk!l zD!Zn+vC~INPELM4RQA^<=4KzADEWA~P}wETogCkqI7r!A+u7Qf*f>%0qq0lcTG=|N z+8G!D0zoD&=0+y64hHV1>~BnL%m5)=JUm>Sl&~LEb{TUkCld!sb{Q)JClio~k*%=_ zs;DUHKRDfH_S2D*#y})pm9DafXW10%SUCk>A*d_^{(gAo)NX$M`Ct9u;a9#*JrtX>2qKJ34B*+`e8 zM!|Y2@&EmIP(#O*@kML8{18h~HvwBRY9U zd)0R4`bGm>(WDbD+S{u;+!576>FDL&+Gd(4X2)l`x9$}vY+D!65vXFbh3EFYu8rtF zv^wtny*)jIKW)lcfuGxuO-uf#fHzB@Lhxg!FvW0XpVs>gX$`KBeCE)P%5u+D3mn-M zaD6IYmNr`G;#gcpf49o0ANA+=rn#qj&MKjHniOJZE_{}`6PQgSA3w*B46#wN~>?v45Q}U^s!%bkYAqTLH6t05_39WHjX! zxg{39NG`Q5vDuy2w7@h(g^mvcRFa){kjb;0VL6tXi)At>yn!8GTSuk>ijNE)@rrf; z(PjKW0Y!`BAE5ArtnaoEsdN^K{0#JxP01ku^9`o*)uV)*jeXlIuF~(H0cX$`GB-_L44&2;ty4C1feVn{8D3%EQP0B>Z#~=pF5oS zYy&L3k~S=4SC{TN68ba&ZHznAUV+w&&TWk}>I49JQVl2qSas&}cWGe^p`lyvdQs0q z@7|1Jn`r+cf@Yu}sNW@_pLwNG?a-tYw2&0SADEC035u&}@!&LPKRFb{0XICG#;MyD z0pT}626LCo)I}t^TOA5OYSB345e(nZ+w@qQQPdONwQN;_)cD1v$YWf+!ad%kiF~s( z{qwPEZ_mR2ZQ)Sd^zVjAHOy7^y5(qO$C+-EcT^1s;cK7w_E_pwMT8m(-xlw-ahI}C zW$G54pjVQ&nAv4f-d0wU5QE4GVxyAN)5#We-@IoE{6WF(xzh1X)Y-Tft!M=O)e=2T z7DxP{koh@l$te0x3vX9>Op&ny1Y31rZ|`%!t;B$edKJ+)ORvQE9n)|q(-)f&N}+~a z07T_-JIBJ6EbOs(DFxFYYG#F+(A~rUo3CI!1tsifzpRKw-<*zx^IEXI z?B(2OVo|I`0&m}J`;ata@g$p?dtO?E$VU1eElH1VAinPttwrDLMb^YR_L<4PQ`s`B zS|9$sK_0JsEALb#Mhbj~7>cAQl|n@a__);NR4du@oEe$#G>YxLWKGeIETHJ6r=z8o zq2hb_cMDAJ7Y!T79Vv0rMKVp(axyaCN)A7H8xFT}3XZ>~|5wZ3wymKHYSuD5p$>1I zTZFVOs6Y($7w-Jf-T{8Pj5^lblpMQwrGRM>BCk!TV%TgkxNKv7 zwIDAks!yDTk^v5|c#qtsA)`jqMA{`^dLO21{H6u@VnO8}WyCbjA`>(Z z9L#Dh1E_Z9m+IIV;%R=R6<#Kth~GzhenITM3q3>;P*Z84bwY5)&5WbQ;qj|0H*bj) z=w}}@XL{N9?{E?Rp7;G-ORYwH+HpyBKrlwZ2iySwARa=-{I^X zp+h+AKHxcWx{{EwCN;jdd`CSD)ZjBzhM;8jGvSHoP*Rgr_O2Hf6|a`jz|4b2^J2aXKL(4%@mLy^4uG(`JmNgwDNC^(-0o@0s6Q zn22BGTSw1? z5T$VAQIK5{s$sZ9ycXYPNh>zCE3o-$vl9Cj6qEaVII*K7b4|zK*R_XSm@{nL%AHQ$ z4GM!LT~i9IuY+bdG1EuiC>hz*HajF2N0T@y_wX>k$@Zo1p=a~C=s9YB4JwK6>e>X} z(?8xzHiZj*{sUc}q^@Utos&%@eZjSbt4}Q?971fVLZBUv!A5x2Dl<(Y*xk*br^T*v zJ`%T3QXq3J5D~8`0^07vBLQPyjA-i(`h268Z+Y`DGAPN34)uu%S6j{h@g2OF_U+Pi zwB)`JY>418V}Na2pSaVNmwHKy7Y*uM{CxLHBh&XRxuRJg$7mji^s zGxE?Vbz$L*twT*T0Qc&ib`8_rf4ko(ppof!NknVT_0jfAQElnd5LB!_o`c%UUd{<1 z(g3lZuZAPMW%ZluJ-%k(t94Xxl~%?n#m0$|&(W|5LU&F*1e~|F8>)b)obxto_H#15yn%RWgi*qc zxJ)HkjhZQ6uyG%-p2~o5Rc89{BIg z?8}x=!5ygRnpqXwE2m5PNFw%Sx-a9Y3kOV)KRa7$nu&nEm=X;pxvJ>l(_pDH+5_lM zLm|9>?A>}tgFUptYwdQgvWD3Zo(Ud#cU6tQX74I@U@}pN1r{Gen!*?&kjY5#ZS+e; z%JARRJCRFDQX5U&TzO2*HY%?cagQ6ff<#q6N<6f*<*g@3FWb<#szBhZ zVQDw_Odv1BsqU(4!%g4>|qbg4pE>F!yMk#i_jFT?JiiO{jAox4BruTg=;*aOpnP!l33R4c>6pds4#^i#>FXHDk2 zD)kro#TKy>=N*#nA#HHrwrP@+I7TcnPjq_=EFP%~Z$g7RA=UBMlMGhQe@x`HxD|ml zxm*DBMM3Ok5th1#7?p3HV%WzNG%%tBO?X`H`sqMHM5IXSckk_lMBRYFJj@&ua;@#HY?WV%@-j%^1te4aV8k4Lg|f;!%V z{NH+Eq7&z%eqgU*?kB)u`WyeSA%$9$Wk*Y|=iBM=B#o9Tr&G$U&2c)F#}cI~r&X|9 ze3CEkaWb(I+x5H4bu+xQNQ3jy3n{+rv@jj^1kZd`*w(FEYWHS22lgV(vy0&OcZ5S)gX zwa+X9p_+%N*R!HIB!>z^Etx}w_Fm5GzZ8F9Gx`tT_MdM^zQHGUwis6P-}@9t+XH_Dl+Ynum63%!>ktZw)W6_n z!foM4o(;Hb{LU$2kh!8@Mm8v*iOxoV0e^1X&dCWqnFy}ArZNSTz*|*B9$_o#NRYne z%l<(*<{iw?kpc&G3Li~yUuw4A#3HT#!B@-M_Tq$@8M|z_DJf@q_ zbZe7e!{H1ohe8z_D~A`et(_6)h&q@OiXuR{(EQe;Jfu{hZPloa$KA#}|1y{=M;Yo_ zp#Q-i64C$(C@4-35{uh>{(A9FKA$uT#wT_~;8dsdmXycE&~C6M1HKwrsC|^)DCiM2 z0^#4hcD^&*J~kND7ehxuB1BRa=0DZG(vut!zzt!v0Tr;}dpzLFuTI7XfUtAS@XYP2 zvwJ*w{$Z#$aA7uYq$T2Jgpaj0jB_!d6Jp=yE;5%c`keZS$QKc4FGYy$%ayu!b6f#@ zP)JA(#H+u`spTa`H8K63Du;cX(T|-E=JTTxV;i5~6D^MR3=rRPkC&wuw7l^kT#2qL zS&O0@bL;KfRLD>xn9V~^AS3!>>B&49f!(AN+tC%K6gYQOvVPHGYlnWVBZ2ejqoQwnq}AXE0{s|JApUdV3}d+6FG0(b*zi!w zO&TUR2`YoH$O33!pEuT$*j4aiCQ-?mT$HE|XwbLHU*jfG)kJ`1k8S-JC{ck%kAMCt zlN|s2&n*9S)O|(&^%-0Q$*?7RHX846n!9d?!8;N;cS%@(sdqwsI+?6pZYNrC4d>jDq*Yd%vok$ z+AXgsC_f(`XVa@6j*yzjPF(OcGtDgiW8l>_5?ONl@yIbN6(rJNn#eY*#dA2?amcMS zVq2_55*XApq%y5IUF36B!tNvNyOP5bz;B}&nxUeR@7veQcW7?#B2o@?W+EX)J;-N{ zB!w%44Yqq$yFmAo9x6ksR$nm07+Y8KJKZOqkcn*9m6%~O7yX)Xtmy7fF@xCjo7@$qE6qArgO2*_=V>5Nr(j>RL;6qT=ZWi zHIYe;y$OE1#+c>yhI)sXz{z~-%08)exLq7i7hXIrIYiSW&#l4VT7`WzTWo6P*J+{C zdEaPHgHN<4;#H@aGUmRj}9q((xU#2I?j+>SK!jRM@2h4%hFd1hXQdrk9Q)HhY{q`!@QK{H*;?0soVPqVYs zFx&I8&8=U(vAX!?{{7U|5lj;s5THtg>$5*W`2@vJn%_&z)P32X!vYMHL%~z7H{V&k z@jJY2vpezJxYbo!U>4+?Qguj(7AgAjd_U*eVOWrVe0TdkEl5Ny#PoZWfv_o)zRtsb zYc;m8m?-y)q$zKhUm>zRxyL$thCbz(;_;?3&wq5LIjUivuDUP$)#m|iVdBPfl6pQ_ z4&m9S(8BM}DL4dmK0VosT;lkHz^i6ya^OM@Z61V>M;dgb&dQDY9YxyUJzvda+6f`f zBSL$#C-{$RyFvFhS$?`JUDLqUino_$#;bqF4ONk6lzue^CvO zIR7A9hJH|Oc(?LyU|y-%P0y&^$VWn7NlQ9>2uD zFkvJxVP9avg0nVzsP5=64U*6w&@y=94_Gzz;un@GQZw(HIi{p|1cgjHPSS^uJ|R^F zkl(6(E*|Qik5F%HD_`LZ%KsIgj+U0Y(f`5Nu!idIl&=LmG+n8UYdX-<-%L@3s_=HI zBQ?SjX+*}X>)!hIb4EFB%FVLL_`Ozj($w6(R&#SCK48e3o9A+wY@X})%u*XFnYIfs zkVG($K`@Z4W97#((}9OuZ@>PMx^ces0))woXymq_M_HY~purdlFQHP_mwfND)n4-F2>Oh#yA=FwdX_!sZT z!y*Q09Q)h{a@tV15fgydiTPb_h@Hd*c;A1ca4-o^3# zSU&4Diiz>j;E!_az!iZQOJ1I$y@PkG$fZOx-Bo8oZ2QgIi`^BCVBHtrwr!4!eAasC7kUiN9P}y+yBLs0TvF{XyhOG z@ZmpZzm!rl+UU8tkT*B0xFma?`3*g&~>8bo8c-jE)_MG3Jgt+O*v8Ty@}wuJN*nwm9vzW=!kl?h$0V6xtlS zEJL^;^dljJWkjcndt9((03#7D2*PyYT)kCfGZXVx5G{mQ?{1NjHO+WyBBZeE;ron-WqC7YK&K9VDS z>rEIgKvYh+*E~!6q_4>E5bm^dxm8eD1ARO1|3Hp=%pd2iL-UNGyz+sNX1I+{!5^8Q#4I-Ut%RUVK2+!=JnX$uz2m+X-{F7R#f$faa~ zk}yNlSk-P`)3)K3kH+7%c(>MgDq{Lhf0!(bkV9@J*JhGgQL9PK)&87Ef=S{hQlf|| zWLfOPB(>RPj--d%fDQ|(zvz}+KtzQ$HP2Q(syMjYwChbW-`O7M&Rex7Z|aTK*9T|% zhj|cUH10OR?h4i&!NCQr512}CcL-)4B&(KfHICh@^ z=HuV^3GhGN9UM3)r7etnB-R7uqk9#gfNz!mB}ek_VC) zf2umlI}gHy%iC~opsExM5n&-d0r%K+&WZO%q&)!-#;BV40i2M>h>g-jc~Ccq!N<%V zk$wp730T^?vot79Pr#7~dYRtge2IpIWm1ZE^4bZ}A&NT!yW^0hbm@|alCn3%bWi8? zbTan^WyqqoZYv_UxOg1Tz*Kxx1)rIX1YS#Jtv|D=AHd5}%6BPETnFbqJ$91V4|FoY zW27n3d!JVK1bjQVf?AsV1Re_Qrm*EE=;I|6Sbh3f%9a9@76Wkn;uubhA*8%!5`U4De8 zAZgxJFT-$n_wMB9e_Qtgt(mk3rtG5}bOzIc|AHI@K=xR6M)=2_IBbCacI^UmEpN*0 zf|i|@#Jx%NsC5URwVFd}ISu7{f0_XLUu`k~+;LoJQEQA*iC@wLNd9V*36#bxhFO1! zb9CIG{VUQ3CQ_Qa8eK(cFxe3cX562xfW_leOs$@0r=@e}JsS5@C=ull4U@?L|9X^z z$6(rDODdWA2}k6osqq?t3jmys8&4mF+HoVS*@L3Tm@x$$Q6Kf@PkD083%%uiwdS?f zPXt+UCD2^5KJ2jR@?MO6(x&U`hj1VciL- zyAOa{0E0^c8#lH*ZgG8?I7QKQJgr~&0+q;*FaT*LAjCb3Zh`J(>qi)qM3n3_y`?T` zw>B-z4yKro(wvdH+W=`LFlnXyf_YS(G&DpdlIG7?of^|jet^~kV!NC6Q zvV~hbLprVmBQ@LQW~tWfRe!XsR9n6*iV;M@to=hdsm|FfDt0C(dNt{)7p zK*p0}CIGGt3@*|m+#|FoO>E$QxdnnJ>=Xx8B4O3sAFIK;@U4*!ZL*v_;@u>oETir{ za7k;lX|Z%j@OW%|f)*u<9dGF=h2bV@Rv-&QA`BqG16K=K#Z2tGDi5keJemm*$N+^u z=QD1ZbWCt~Yu^mjd8Wq43s4kL0cV9RKjl9MJUwBl-3ck5vZY4M~&4RmIVzzSnMW&K!8<}4$1 z?ik9@f`Hv&OX3oe$0{eiDF>?SHCdGbtqWj*Z>tS9(T*JfOV{7ZZJ!GPdtD3=ti6C( zgS$AMnBIN1(+%0@e80Z}l+rQaz@*Msu?E;(l)Y+$DxnM!v)@1OI1ylVC?|>$&EGf1 z+VpB$V0YM)xV%k2M*s`E_r(tHyQ=@K$}z+(z5r4yH6nKS`CCAN70PeZ2D3gcIKp09 zdtu*Ib5JFOA!GKRdOrowrw`ZDa`3>yH3k`GevQEln?H<-8tx8ywdJup97#6ZVWvM8 z%BR}&6fk3y#v8Iu+6AT*HPfU7y1>$ZYbqSffP59lS{>ZykRT7TpAUpN3@sF1$)dZC zd{CPSyTkcWS}3H~K}Bd{|JwNQW=UVGs z=V_y$nAtg1$S!X`;F9#%>kL8RHZ@{kkbsz3HC4#rKgIZV8d4LS@-7DL+IL}+^YO4b z?MkxY27~UPAvAHubVF@Sx>K4q{e_`Wqxr!3$6@bze{f+p zs1n35IQxBeL(VT>>x?H;Rq~m3s&0Jc7*)s#?_RY#4keSR0tWxh#gG2WcU8SysLq;$ zdy;sYe?213GWRR`98WNtAeQdAM)rR->g6HxZFK+%2%EXU1oa=nR)qDvA<>r+48BT( z78g#qj~zdvla6};-egX=ekW6)usfw)bS(2N+U36QK5ZQZLkj3BX%&bE)V>KWy( zh__PoB~h^fja_DipJA<|g4XGo-`|tgtg*yLVmrXuQ~<3XUA$wW>OBC5F9t(a z?w)g$rqDluzQKST*U`jWbF4J2E!IY9tV@R@jC-wQ|{V*^YiBeJgpwie6; zex7glVsqRCg2U*=5TS}6gQo+*`)Xh4jF2YN#DmuDIr_!{0_PIqF=r>Oy5G5#|Pj^ExcAW z4Fi}UIz|zR8&k43_Q^;wN$f3TSt+Eg(vX!>^jR@r`Jp2M{~{r!VvWh*u%6jvV@ z<3cN7hCHs^e(cETKA;7mebt&7R7V%)k$25yMY;b^%#sZz= z+Y}G{@;{^xtd`Uq{z;n#R;`)u)>7JHSRH+rBFF-caal!vKJ1uJbOD4Xn_tQI=xe;2$p-@ogDgC9v@5|o5V}s2}c|#e?~|A z+6s*B;`-7vK|NG}i_mPczDa7$$rDYX%(H<_Vr`lmjU&A6)_Wc1|1>wr#n9XPO{& zqeO;XQ}%xITY*=B?M9BCGhk36f+WQ8hWs2vvSB-p6_U4XL3pt323xFHG;#-g9jxLL zFa}~=C>5+~93kAg&g&7Lo5fdkPYGO?%c0+eD#4xCDADpMbCaLf?q9M1aEo zdu@gQCAD;g2}sNJBZKrl`P+a_2xVQ%R{*9shH3;W1QqU4gXCz|(tNvrJ`gc}z=Yl^ zm3rjU1KPismSV^g%z|NdNVw&tVuI!A87P^m9jqnQfQ{zkwbgNg(D*T|ZvllT4OsCA zFk@rktGZzKe!F*gR3k@s77HKPjRLSk=w@}n0mgrg*YWnJDCjEv-Pv1ZzyMSgk#7f` zWFGBKdu0t$6NNz)S94mQf#k#eb3MJq>YBT+8kx`H8Bg7CoS;C-q>efjoKFhuKDs6{ zQR=u!x)mH~mN*l|)e4O*t9nlOp$-t$xHqqlk`*X>5lR`%1harR=Ih5V`)Q7LI(AaG z{yCV9+;nyhVd$6xdi#wEQX+qF%T!b6gbCFZ?XSL~A3W3p^;q*w`rsO`uhEBtZ#PC+ zAr5yOvj=LPgy0ArqL<;FF&q=Ce2E9*aW_HJKB>6rhuWZZp(5O5{MYgx{DV2nSRJh# zLX$S79{6CNyplSscV*)(FN8No(IG1aN!ATC1BYOsLFw~tWfje60Miq&Fj}QGMZty} z9vGwDvH7f7BExYT9%RqiU%l9Os0do;w~Mm$PN^NtIl=De0A%~nxA0-dr>0$1Le(j) zo1+z6X+lB`su3ofOx$t6?n9xywzA_UgGzlq10VLKyrr(Nt&$r=q* z*A#I@=AZ8ckWkDvv)mx;-RzHD*5Yc8rqd)+HxD$%-u)jlX^g)ed`+6PFYlE&~n>tC!`mPYZ*v?so-Xp5hOTj#SB zEXb`d-Bh-V(t=ZD^P-}4KE$a;v)IjYBsK*kaR01Nj#-wn@D%c_#>tB9EX%u!Uhxo{ z3_QN=ZYC|Qb_I6a5_oP);bQ(K-PewQrSXF)N?91Rcp#GpyjE3h~T4@JXPpX!kZ4d6LC)cWIM zIa4U~iWVS|rWihf9;m7_&d@P?hecfgsfDeTNYU*~fNTjOfuB(JVu6h?=BQ*p`*xR=dHGxgUzK5C}78hyY*1yh61ehUHi!x z)}qYXY84c)vhbh`@4HJ0;3Q^T8)iez6xjc%r_PWj33`_@t0lblQ0&-oa;>un7lPqFFD4|Ea1Jd3fP z@3&rn#-t^CT(>eKB#%A^G@^o%M~OXleix>n0C@#u@7ys=5PF)Z$W}~|q$f$0G|2m& zUZe~FPdtCL<0{s~%Zm58?1uThjkcSSH9mA_{?A@w>O#_ll5_0jRAJWrY25ia+9?4} zh2s6E=CI_`q>ob?X5`Oh)si(7L-nZ0nXn!*$Ll4qz+Xl)F}b#TtRL_b#e-W{r64$i z*}gUedaB-^7*wx=0(O$ceK`kRk)UZ(3}ymZdlF-x14v7-9B4E9@vy6kkwt9Z37|uJ zMeKBW=Njcl@vB!LjpWf6P>05~43WPP9?P6!R4SUB zFWvd@8sed@L)3mhtE(4rVd{agAK6c}=H~nkEB+jrYDhj#Cy1Ke|*RQIpd%|El)HVd1+J*7#*6DdRK0eZxc@(!r#?*H#Zf2{h zVfxTP!f1@94<#ozr--+ios-)ZX>=!vL~u%Q6|Y>LtXtk>8`jL#{B|NhQ8IfI0>5O1l06%-=1n~-iADitmxW6V zM8X-R-H?zQbX0hH+L20(C7Z3d`#g4apXb(LbTJ>Um9m2W%#^g=^23TNN_bKSP@ei^0Q9 zP>7jR#1(qiC%wCBb`u}+ntX4(yy}>eZ{i8rOJNxU;gw4g@1A+qR2khY2o^HM^2$u> z$cr&icRD!*X})2L;n?%QvA$<7%Qu~;Zb8CYT^uU>6A`$8VETn%kdQ6`f%LI ztKz@mB0HAGNQog)#|4u;NLkFraSlYyR%mm+jZ$f2N>|owpSZNP5PG_8!4(VPHNM*O zzZdds)}RbEYw(M?<1J{GbAM*xvQMmE)F3PVi3Hf({cM!2j$Vg#R)`@EzR@~MMF!MR z-r064TpPG+-xtN z=j_wBX5NVq6OOWY&qEXqh%Po6(iz4xf_p7HU_aRQ0gSoXbQ!>pOor*4P1M@q)?cun zdX~CVtL`R}7>~F~=iQ(aj? zbaJ9blYVxG@kyag4YD}ZiyjNpU3j;7 z3sJOjPqKHD>6uRILyd`)**ghsEA*6RiTP+lfa~lh3+Bnb8M4vWfX0yGbVoU_L=h33 zdl2{4CUPC`hKpx|XdKnbXCM|Phrg8vpZjnHypSsZ%W*zlnSIDn!BzP~r)3m$hlI8A zeq8$w^Hx%cLgqmF0YDK#H_zB8+Yod~zlZpY#j1i<$V{;(CVIt45>a7duLkc6TO6t> zhT!dJDFP&vN#B2?M@50YgfEWMpeBlQ>p>AaEg>M>x8hJuQ&MjJ<^2ZZRU#fHV5C}A zB-jRW1$Rn5TFVEDz4V0)1N-lM10ie}B|dc3A^P$Cv?&1?pm?W!wMwMmEZV%Jl~j=? z0Tfx}gnYdIkYWjUjriH<6-rH-R&FfNDrufK=jD%BuE@5>VRy20f$coC74@qxPxvbq zH__b68p7aXXHim&E)E#3KnfX`(4SdR5ru0t9dFgj_0lgt5Z3fZ#KDd$hK7tky_&)h zwF^yfMUPp40+q6FPXG9E_&{wO|P}XeKK*MasftWqG z83~Xc?Ggi`)~2Z_c|T4z!%?hJoT2zo7FFZg+E}H-VgmCM?*kot1Opi3GQy#i9Js9b z+59}zZA*7e^wyVdy7Gxien-lECZQ7(WQ!nh&q@d|L`H0oYzQcO)!1xdbEZ>lfdi1@ z*s^3myhQ2rcfzfP1K^LLX>W-Ic+eMONTjzU#tcd2-m-7B5c1StAZTimhI;cNH ze?QYy@j!|Ew`y%2NQy)ptP~zaiHG#M<%Em8pFNu(>~k=A_UnGdJf$NH3N_@8=s_(y zv%~;8B61;-J5`gd4q(t?p*Fcpp;})@BG%at49F3ucLMHGiTtArWTo`ugEI}U4`US* zVOf#I#UDj`1&Yxm2e9H+{wB#+&C(UOL8j#*fkYG6OfZH7w)>ga9g2WRG4lTAG6hJY zu6bXpQWnfiWd=h*W{K?y*qkj?h^pzRH^;j|qmY@E??cX_(OQ6fQl)^E%nqLq<1s;g z)44%stJmEyOE9MeQPMxg&c{~3?$)@qBHvNj6AJ%i1geT}3Gm&=y4x4X5wNiuE3F*i z-!IgeQL*0W0$&rTZ?h96 z_%|{n7cQ^c1vtm=x=6*B6c7)$$;t>ItB*3t4d6>$zw-A=kV8&*_>rQtmyi7TdulBW ziCp80*6c_5+e^=gwk1%=yhI6bmt|+!guI_WJ3w&lOdSazzq3;w;K3bDQG_L+E*)9O zt0#Zc>VoCC%G#i~0$Jg;sN24|OEE8XHPVSVnH&>KKIcI;Y#n5AX$09OLTk}+b~niL zU&E2kcRB3(=#T)>7*)C&ngUk^2_s;vMwuf*iIrUet5huUDJ=Y877Wo4vsz`Zh+mbz zHaz(FO7Iu%)HNEUZM8yCo!Uw%-^Raf$Cye~J(piQ3#Yii_m=$;P`E0e!r2mgJLzp4 zQ-UPk?MtV}QEO0HOPM`CPKMA8_k=8_>`A0U$dUb{$~4udlx(3VsnF=Wik|!{d zi|eD4;ikV5ni#OiQy*RIRzR6T#%)hkbP^GZcvpw6Y-Wd9kaGa&krI$TAc4?S$l%`1 zg2(heS9t16?PhVeyDcr@B|KJAoH-!!<5mm}J>;HiW<^)x>D zIc;RwohhX7e6|Tgq1kmi&0^7}N^1l5;|98UHIWKAOO5)?k;-+BMe0{@x8^!*7+3&oXmtHe9wlb2^{-dr-GOvhtq*Cs;UW6z zG;`}QmGLo*Z}ci2zWI>LB`t1x|LNQl#|9l9wRAct?DEw8stRTK&5a7!uDti4*rAXi z+6x`o(fQqTYEIT_&SPGGT^)nQwDCx&2=5n-$z^mbI(xBUsaRRCAV^Qs8t7bjr)mK= zZli?(68+LcO<5euZLQ{+@sJN|T1eZrbnQH*o7FtI+Bu|;&vugyiIwcoX~Ulb{fxP_ zJqAq`#cQ4E4$(8e0@zX(`+l?H%(iOczfm z!(Vp@{+08FTxLv?vfN@)1pG@z#fwn(8FD5AnXEsCA$B}Qh@0s?xiKJ7(o^RPhKcvO zjmBkKvb9+nbBHoK=(4B5id{-kCIyz0mA3ozSaKBE<7t$Xxqrm?>%5(Fk5ukYjS?6& zApVCZ1?}(JKfTO&ked_z@6wrDy7SK|io|M-I}bRgYqXCk!dyQYibv*8nG>U!T^3xt z!F&A9_{;Ax=82wViCA=udIW`Q@2h7vj-miDKtXh}4E%l*M3Pny?44~iyQKns4@V1& zv<*DNV_nrA>$Kn5#Ntbc1}4Pg_gRw3Hw_I=5k5H%vQMv@eWlF~V3-0j#tj5C@^@=F zSZ95y*)+G~ac||NVl(+3G125G(4?)5wdp7hnlB+|FhJRF+FCwieVpPO^ibH`Rs20B zv3{mNhyMF!CnkoeHSgYsZze=hm8SDf!A5EmQ5g7e#_>zv=3dV6^I^G|mSI2!FlT>M zL1VYby7^D|sC4KWHlQOC8mQMU6;UVsp@8)4qsKA#En&-+Q12t6*5dStA60)^h@Hba zT=rs6VcCYbM4tPjHq5PxTXWU{Ta&nO3mr=^)(1@~gw^{bb~E+Qq*$;r%hv_TzrDX$ zC9v;r`zS#yXGjNdM}R{|cr5SSzN;r(J@xNl%hvNHISve{p{FZn4Q*QP(@fnp*gy<$ zVQ??zrpf+7li!4I!0Q(i957u!VVF+)3TnT@iAyArMg23ti7h-A76Gqc>~@HcXtNy? zYQYPG?aQpA`52^LWxp8etlf0n|NgW4d1){FUsWHqAx{f^rZU!6c_DC$8Fs=RZt5^K z&MGs!jmuPp?U7(+~CdGk`Z7<)6AiXkxM4BOb#PlND4ON&)| z8!JS{m5ej+h_3w{;$!(+74EYs4WSVwg%jL)z|Wlx!M4X{eVJ%CwH`vNxFsO)$Z5!$ zO>!E8Gcf9vxHQRIT2zp zPH2db=Z2x{dp>N%G2rC)HC$2lyDs9VJcGmMjZ_SdA<8{dzWi-M1FE<7XYp$65J(3C zqS_^=J>aHB(E|G+w{I8PKh3#WLE#ceErmKh1_%l)+B58^G%=*8YOv0c^g$RWqtl|T zo&-QI0rqbskS^=-*cyimS#wBEn_S_C2^m+-PHld85RP^5a2_ik85xkTQ=IbC#^Xpy zd;xy!lhX#}Ae)u_sc4H6q=$W(vz!s%%dXXsHOQN0+*F>|7={fV?+|x;g|a+^FviJ3 zIzI9h9Tj@OgvdzJhPhHiiX&GI-LhT)u~84UueJs7~Q-8(jCc41sn=kAG*)V z>Bc00axtLLC(A|WoV&2O#pJDDZm-4Xa=w-Rb%^|~6G&Ht-R;TMf87Eef{7}jg;0w) zTl*o;MOmC-@nyIP;JInRTl5Z2e2%eAiUjaM3_KpX*8DEdAsdkpQCy^o>5IZ@c4`w6 z;L#6$tMT0wZSqjYII$`u(&RqK%{ARYya5G}rGPWDM7MIM#EHOL3PEr=SsDJ;a-LMXRoVfc^Yjv+CY@4O#Q9m$cEH?ARJX*MgcA8(fnI~b7~CVe3RDpe{x z>F=RB4uORM>DR;%T~?{}iy82tqtl*-bSMR4n?s-{JJcNhS|e--1O-8u{~U8j{i{;0 zY~>^FJ0Q_s{41t!rtzAWSap8r{!lls&!j(At=g3yLkYbtmaC(ABEtXKUS^I==muT7(J?D!2bsb8UWuhdquEi2C0RLZ$!Ty!g=lV@8;i#g_|lH~fF! zk1wi!`hg`#yCTm(KOX2<+9l4%#HjuzhK>o393x~W2W$QcAU(AopbZfP)}dq;HdM1> z{F?y$&e>JOSdn|HLcjJ#Iv;29UQ71X1$u>HPm%Lt=r;Et!m+Y z_0kcUs$!4)MGd#Ft z7iH~%<}y%0B)EBs$6q^(fqu8J|NTaiMAd&?=Ot2ljCnua3cuds3MH1O?KsCLWA&fh z7|QeJIi%ReiaSJiV3+?#ZVWI>-;r>|4LKj5EKiZ@_B$g1uaUo!{a#ZC2SM=oj9ivN zMps?oB?#9g#>Q&6VUC_IJqe+gIz~H+gOQ(VmH90XV3r1~;URt;hN&NND)lWc>Z3Wm zZ7wI2rssYYn{O?+)dYX}#avI&943hhl??fjq8X_?gvda1P~5-U5FEg2)B!!~15j1} z;CsyQPbMdR3orTMR4YracIc4d=E^s5a9NwQqvKuk5)4Q`ea-HO9)yrUS7b4WzWH}! zX&j|R4eRW5{OeA76#Gu>M{&pHtl=9+JvKL9{P1v6(X>QJ0tgucH}7y9@NWn2ZcAQ6 zn{N*MfQT_I|C5&4JVu@CQWV~s5o?X6_fQRzR-LE+(P#yaU>t7xe7LmI-Nr&6f>rBT ze`8FwA9DD0;=aJ?U{)p=z#+c)aJ9VVxYkpSMI>&@lHV90+I9WdFiH;p4R5EkyZIBX2|##?RD}c&4EM`kiM_f9^AW$B6Ql31$)_t z?~QT=Z(0W<7TEWP5)S{c9P_R~R~ex4WEjoS&!;S`(x#7!caqkX5`)#?EG4640(CQz zB@aqsK==2YT~VGO9du`|$2NmNfinx+7XTIDF0tkJF2iiJU4dd?bHDq=y5W<&Jd+f2Q3k)eX?%qd0DX&io2Byjtlfgeg%>m4P?8o^nrPF z+G7N>_aZ#b)(`vD_9-#)T3oCGD%0cNP4FOX7Cs?adbktOSY=d4b*YV-k3g5ieoZkHj{Nzu4N!WG?G(?aZTplq-%Nvm9IxQv<*0b}SrB%cE`7YH4W7iL3>>(UIb zuko#p)FEm(F;uTlVJ4D1AiI=|B|6Dow#$WAsiwklWUYO8hz!v%Fo-vWn&sisuMyKe zR@1IY9s(EoC3hCi?4XG6p~^b+qf{l6 zl1!%E^4gSK*2Y=nS6ZJrqeP4FHEDDt-PS{Tkv1DZU&lfGlkv#-U(0`|oiQ<{w9IeS z!Ys&Fl1`JZCj_CoSPI}uY{eH-D5##J9I`Z3Zrc_2yN@WI(}cn zyGuA~eun}Wnte>j0uaG&O;VDZ#rB-^n&B>q9%9j*7<)pOPK_KxCSS5|e{_OMy03T9 z3>PxSBd-U-+i`{R7n;T+FhEgO9`x{)EanQaQL0!OwpzF-fQ}LegYXArfvYb`Ia62= zw^1ii=Sbb4sO?@LJCs8v0PLybQo%CuY@=RMO71O(DZo{B+WxLq>{FJD)Ts`_;~T2} z-0B&&p$0RXPkNAu!4TT?dW9b=VWEYZ2cOoSgTQzJjVz%gF_bsi@YGq@)B=43_35zC zp`?_w9LrU8B{fW(9CRkdejdhri%I?PUS}3)Lf7hNcwV)cviU0t92rQbm+GS5US785 zzB3J`f1O=pt>^lO2!$CW;kt8OQ>MP)sq~l*D|=Sn8qGsY}w_+=CpN-}(MO`|)s+Bn}0;QVMfj`Asb5G2^!6fj<#+N^W-o`NxV z=u<=B>1y{1 z=>wZwG8TspJPZ`>=Ot1R-W7bh|F*9h{b*-Q)tQrEbTGkunIZcUm=JgYIR<8|j(5I0 zhOXwSJj2L=0__c5?$E00N?eClM#=SQO9vWMfkeXkO$6mHzcE;UG4oYuux3Vqu!8fx zB(i5uOxgY3G%yxU=tUHTk~5#snICrcNr*~}3%Cg%6(w;VvWTEGTs4_#noUm{!Lam- z1AqIX$%UXqz{Z>A*B4|xlDZjpZ*=fuLsX2RyRJ?7G)_+~U``vMH<P(x}2*1%40v zU7Bsz%-x?pOoP?N(5W>Ab@@XBzbvkYmnaNOkjFy+QjX%srAxxbVMwe{MNJr&CFU{a z6WdFl6pNles7SUge{=BUk_gSU(aYghx&F=>1~H=`z51N6^3n7HGe6t>!ZgA}fuCSS zOKHU?FFjVsn&lG zO@3KMg4UrdSv2iV%jml>UjOK3AwKokZlR6dbxy-r#?hLtaK5lMJw5wm&{+oD7>0 zbLy)We`SkFD;ela_$H557JAw=;pYb=Z{%yBbpd7Zq*RxTIA{?^*C9GtvFJ*S-4eRI z$pA^Z4d>m3+-@rabwhM>c%8D?FcY4fm^DuI++yKs z;nh6j?HNl22sWqc=DweL6YvV$Mb91@k^uowAh9k-Y<4cj<%# zr~HsN^BhW`oo-{_g4l8pI!Y>AjJrgOX+6pdW1&bSmfsdUM|6l9>Z-1&*VEhBH66Bh zJ<(TPo?2!ccve=N4+c^$k7_D&=enM9>@SD$-Hf0+P22+b@kwTo{E?@~^|9So-UTB5 zgljQ{KjPVprz+oox|@Z96tf2~B!hBX?^=9k4k{275gTy64!MydHT_mo zwfl;pcURVtA$wAm1tp6Yu=Dm&lWc^K6Oy=DHm4d;ZR*ZiWp~Ud*_s$}F+R%S=`U@5 z(9=89Iaealjbm=D`!-{Dw_>R$>x(C&dzc_}Gq;U$yOz+N1Sj5OtU0oyaryVx#T$E_ zRb6=?9Ghdha?x|cRaC|I2=8KB5S>Q}CUiHL?+7EiJjkx&7U+iA+j9%%eR{&9-*LM; zzW-U&yj)D!6448cwDZyPFq)DcDa@FX<(~0WHFIcqDqS(qY-Q)fe|8*W=&U59hN=TA zea1~_e@5?2G`C&KY}1YFE_${BkD5wvo2)?^eI6I^@C`*%co7Eml^b$BlSXGgVsyGS zPKLDMj;GXl`UOrht(yIW@t_VTotxvV-3KUtG>)PCwY9f%?RphI%WPxd%MHm83Txi) z1Yz#q{M#Ice~h;hB+uXv`h2_!!kCI;uG5_Hu}Zt7icS2q(_^e`;Mhp%uWXP$w^}ct zIi=0QEa?f!w}1{^+v1lC*W156Jpt=8WsN>8Jqzy@-Wbta5mZL8p@T0wYWPVIF;6S4}Vn$6ZRrpdqRPM68wp&o&)khg zx_u*Ka6INJa^^l5KGq7LI|I=`g)c4R3U>!jiXa)yk6`z0K*k?-?Ixm7x>JgcfCLMXNNp>x_$Gg7K8-=k@x z{)b-;1TB`8I53S3wIeyM&{p0er?{W(u+sI3Sx*3k=)WPtCvEfcKq}X3>aUS-rm53RnlQ>ZVY>zWs*9#rLT4NeVXz zG;=ztLWw`tQopmZ9eVa1n-E~3VVrUj0?F2sGf;#7q&7e#8mk_mnLw8%M;TVi3^l=l zK+rL(%i`Rg53hySv8Kok10{ONCU3c!YRc}biZ~@ZG77$lsSy1Vf3S`QmxJK%DeOJ(8MWRNr=hVojyrcNsrmIA? z2dEv8iGz?x-IU^}d!Sfi6{YSkR1d(aDn~I}d_4F1`1HOj@@!TEqYTw{xH}8FjY}s-z zM$4W>K}!tJY552VO2GwaYg?>tTEd@xPac_QjsN<24C&JF*R_Cxq~+(6q2AV~wtY~f zEwq~w0Nuo9ff>fO&6exYrIFd`mo4Mua;L++2?vRILd+|>To3N-u7VJu*e{%m;M+JN z!Y+KRZ8N5Zg52(auq41cEN?FN?{k5%p!GI}7m~YqOqkd=GxnVyn)J__Gv==Tpk-%- z3S8Z<#EknXT~p)Tl}541V36Whq_db{fGo+DZf+kO+MTC9G+x#LJSy{a>TkiD0b$*R z;~DDWbj6Hl;?t46P$Vd9t3Oh`(jn5}Yw9nRpXMdMAeY+^>WHT?r%!5x)2$kPdN{cf zI~YksmOSmAejU!Np_is`nru87MCrA%HJFCUB?Q2SexB(V?v-ZE+nq0vhp!%Sksll5 zGQ;Wg1W=J~C^4wtA_}P2=N0LBRMt{2#@w^T3DccN%qwlM*l^5~+MY|jF!D6<^naK}bGCoaau1~GgzHQ-N6R`iDW<6-C%U5Z<=5gsB z*^+JR7Q1Gi|7jz41EZffhg1CwcS07q=DL*-x+o?U7xcvFgozhcWa9uVBrSjL@C~4w zT0cSnR!H#h6hS0~Id!;FC7~g1mP706%nO3&EOYMapCjRlDm&m?)q!71)*y)%b$6+s z+pOp2Phg7h9IuNPHC3={o0#lDg&WaRz=7P z`e}wd_tXQ_Sex~4$J^a)r@7Zk;tlQ9PA+=Cd{4?JQ*HR3z5!}1YvC>oP+CrBxexbQ zxs27pJ_4(!<*-nDBf*V)F{-I7Ozl3K-|pZFG08DLnzFyL4RozbN_zZakZBh!a0J!t zv8_9zOM%BS3_3_Ht)4_T-u2Ghl=jbf{z(3}r;|jTBB*KrVJeQ%=NVXk@s8>X>nADL zZ|S)_kO&QZ(1CG-0 zMqLqpiC-nY33GdSp)D^kQ~4xQBz4(?$8l}omaI)dE&5sHq_{3rq3P6$+j`;>TXDXQ zeyWE1#k??YF*MnwOZ4wmab1CZP(o$>{fzc)S+S9AU1Cu0a}oqS7Y6fPruBfUnIl`C zjA>*lPCgB&sRp&71(m*ZAg@u%pg*UUDN@i~nusS ztZQyfAs!%MaQLNFfI$7UgRPU*#1=f6Trfm*`^}&IpEkZo)(T_|4RS+S)Gm{V#e1yH zl08>;4(4RMA9xuUvnfFw({TY3?e7U@DU^0+KVKx+!~y8dr!B~DV4=G7iW-z6c_C09 zQR}Aqc<{DM%9&{?)D{( zG${C`GXw1eFwl`hWAFW4Bemt|5U5!E*wpyvnfJw(Aq765i0vPFnVP^#6)ZVVPwHO8 zd;O|}a)X0k+(`c;@VY{W+g#Gh>L|^5naA^v#Ch?P<$O(%N`c&WyZgg>#dLnt@!U{s z+GVGOvic=ny^es>_1?&L&I8Q#iyr5*l?J^Lg!U8iT+1%&s9cL5-7YR?bcM_&3uCD& znvNRHD_WeoLRLG2(cf`0(Qf}RFDK-6*omP~)AhXk+wNb{Xf~QD0*in~{4vw}`RVcQ zvgxe9)${&pccQ@g_)CkMj%_!tfcw?XSdRPkQIhU*q}gA2^s^nEqvl3?jw4tgVc3#x7pxqc%eR4@tM+gNV3MY$PhSfflBFSpbn?Ujq zz0OuHHj4gb?sR;N@NU73<>g6P_3^_+A>ZEb43?`8M%9(j&qkF&*UVK9tsok)z0E1v zz0=W6BHGUvFUwVteh%9(f3@j^(a;YL>*Z{TfkfsJ-u;8>5uO52iE5cvhWimD&}Aln z=yto_(!CuHU)yC>0>9RLrrh%$jpX48l1~PF% zY;3%J$LVnsf;scW{m^kHl9&gg0{az^%*a9S?C$E!laDa4UqA>Rb*R`N+6VaqakjiX zgZ%mT=)Znp!2K)mzm)o~I*>>I?^6GR%nNyl2MZSLzXdZ_!H?xbu9JliC-VP2|9h9e z%uF$8d`CS&ljAEnVl76M$}uKu-_ER=Xt_^dCU~mj^n808SByDevY%q3*CEG04QWmT zhSN_Ogd#*902W~m0Pd+STVnpK;DJlxQ3lU|$_&JSP#lMF%cY$y~G>ar7&&)22W0qw+ z^ z>&?S_Au=;?ig(FJ96n{4z)8`dLTCSklfXC#*E4QY+!Z}As`Os&)~CF-25Lx~x$ioB z;6$WL1Ia#H@HU$b*LcFd7 z6FXNF!=_IHCz2;M6+6okKk>kRntd1?!gH=+M{h-#FRBD{^OmLGsW)zd?CVBht>MM+ zCR&#NQw#)}Bb0MKl7tj%EyznRo3CIy`x9M{-;do&A^sSB6d6#Pi8Co0Rw&j^b+{WV zQ5g7TI-_P%j8PGqrM2ZF1B7`8Ylc#|yi7c0@kdPl@fcE#aLpYDz~$*MrR|2S8|1{Hfkf-XBvN94SucrM^s6`2m3Ry+1{4Tgd+IKZ zC+{akt<7rovi#Zu+d(M^!Gf~SYQ??50mKY2S|UY-fjEHu45htQp<*={2oEZ?D4=MR z`Y+U=h{I?g{@r*Ri)?$XLQ#^fs1mFBs-5UGqKb1^MXh^*>JIUwXvH40r~(k>XzDbY zV5&TO3tUuF=Ma#W37itmzf+4g`5vW-h$LF_7o{s=<32KGM2`--d`K`N-O}$NrTxth zP(q38)M}0i;5yJ?JG63g7kNHL_(tj*c)V&E%Hgx zJ_S_rjc8>_1O%)zca2#@QRaYy33I@5XLTa+Wv3{H8O8q}*IoS21+!@K8O9xw;q-sr zF~Y(2zuYnMp9?_Pxw%BRL&i2>Q+wNU6 zmJa*|W9k?upH@A73wU%W?&mTb6Wk|KxOHk~Ozz z+~vN0H_%w-28Fo>ynjme&3Azg`ATEh@WF%3Fh#*g zHr_!c>uhE7cKmA(`ybBD--(T;`FaNfmApjRhQS&8NktVQ17zxnogdTouL5gNft6x) zMV57EX4Hgglzg4|d#YD4U0D%~sCO#P?@t0H=18rHTC2FhWu!2Fz08m%%Tg*RKZ1?@ z6_!2<-b^bafXGv%onk%S8Zu2p*zK^I3{;p+s9O(g-*YcK5Cz$4MIT%2&+m+PhM! zyuNWF3rvZ^)wupmYG{3^xHLK6C2E&`OlH2cT&Bi4_pO`n$mHSxCtf&s#D=H;*A|E>|SAi<`111y521^ zD~?Sl36$2szuLgN65jCO4K0l*fOXh~pW8K=8Sam-rN?x=G1VCNs@IGI{`L!KED#z9 z6#9AQRE$mw8#sVS(r@~6`1M85!Mrg~SotMMppM%QV{NKeXmAe7f_RyS>eIc&?=PH+ ze`j%t&2+hOw5xzz+jMJ3bi7|B&}bCChRd^|%0m;^qoi6RM|LJYJ-(Ls)xIs7KyZoj zUMAUMScPqx(s#Clajz|B6eJUU`rZ$4A9xe&ZAr|!9pnfRm`l_+3|X( zDF`(w--2;1QX*$aNVF$xV^=FH#y3)NR9j^!Vqt!ub@aea4p3vdXD@)2+6ES{{OEE! z3G7AS1i+z?2Sa9sXRE^_-2jd}jb8`vS^q~3m2l*_RtG`&8y63_=;*(py=uSCKWyl; zY^p33_DGQ6_?@Yf6v(QqSAF%?j>JToOA{J11MF$DvO7y6- zAw73PvJ&0Npr$K$c0+G6+?1q#>t`gEX_jkBp>OA-6cX+3(kKo1bHkstbxHS4$xGSk zhr}F{-3&3l>J~_*27Nak&8mYjWOK0;N_cZO$JEcYk`6d>h*x&RLMp7R(EU>E^;K4S zqsqR$Ax&!EFe?jBE$i&ZUmXo_Sk9JquTLm}j-_MWa?*zmUd0ED8MCrDA8p{i!jf!!9U6_{MMdS* zz;~nskm{c55o)!nC+R7l3k@3wbG1$VT~@(}7r)ND$h8O+{bnbN80%|pi~^)(RUfQ6 zmaHv~n_CLC`JIH7G!I|u2`CVMHJ)XmLpQMhn=eiKJas7kwGvgX4JVf>COPW&VP*=Q zE;p*U_vBmA8>Bw#MQ8WD?{UR>uA(ANvU~}qK(4oO%b%j>_xR0> zTlsOZYe!x)q`{j8200xq_*EyOKmFJ4hJABg5?Fe0u0OKYHlqtCZ?EZ^rx$hsOphPa z>9URr>Xc7n)G~=M9V0Hn>k6l$oXPB^6vK+Nf^c18lEu4t^=6gIBB1Ze00|Q7d|_M^ z3Q7|l|W;#`&yWX`CJh{sd?$D zFQ|#Z5_4Pm@yFyM8Tl03a`6Gr-_aG%H+Sz#CU4$K4mahp4PqB`4%toj)XYv9^uQ>~ zO%3UP{M}jp0c7sQQSbm}!MBX3CYxiL_&B1enVDpV_QQl2Nz&gnjE6LE0^u%~i0#bd ze1dAE<8g~IdefJKjL%5#69UGV6u~PrRK~r}cY=3DV?&;ebZ|h;9{4ME89>+`89jBb zooPOPE!?cWfFftS0q{2$X`nF@BGdO#y0FYXr>$4H7EeJWeNoQt0w})TKS+Gi98jpZ zU)d5JIPra-kFrbp9n`-*B=qOmx~K0Zo0(J#bbBtNAnV(6BhYjuwkz_o*iQRxx3aGc0C zWxYzSDbVvp9N!2N3&=w!`z`C&eT+E!~e-&S-EQ;byY zji5OBnz$+4xPX)Md+snw7^83=1ywwIe)s9B5T5GI{w8ikzmGDQ&(3`^kW)NMlRT0c`z17H4QsSy^BE_W$5&c_@`y$ zzJOn%LHaHluehB)W-zfISMwYCABtEKY?$03bHa+98NpJmvR#TZl{eqg{jvBt(EjTo zM&hLVqI4t(YYlVxBuM&qY4;W@2kM{Uxj|SxgPWE-hx|@%=M?)t)3tRC$(-;Pr>|L! z4K>3UB*OlF-+Tiya$VtwmF-4k{3?H7!&T?dunMz0(oVyk^m=(;T1BAsr>A>ryxbd^ z0T9tS^46d1B0+aWsb8^p32mSBZ@MX^Qz@$a(XU!|`*TJtq@6_?Gb{_e^(4_ge z=3|oC^U6|Ae@d}vLu3Tf!B0t6qI*V!e`OgYGI^^(z2^@C7h;Hg@$h@UMCErLl)7xz z^_RB_{8ZaN#`Mj?;9go=(*Mf|DtHm@XC|h0sFB^uWa^S{9RDXpN~Cz|W2yt+T;)G~ z8iiy2XCF0>xAW?)aRqYin+cTgx@|9HBhTePwANKEa_ zv-TK>ve8?W_`a_y+5DCx!ih_)ypIzZwsNG?aZ*UHXF@cra@0_z6s+n|o2(#L?TA`Ob zSb1zCr0d%=_(e!MsxgJ>N}-&>@`7SWTf1AK)(VE!S4Ni8HzG=9-PsBpcSfiA9i`Co zorYg$t%XLMMXc7*e&sYGxmgmHsv+qq4CcqpZo7`BdbV(?9-jbYt#E-7N(Z7-e>!J| zDtFQ}WKg!qa&>m3O?~7ho&hc7((h!+I2=(c`4*W9jNJq~zj`jwKf}yHJ9}K=k~!lV zD^s~;_uzc<2V17vt5^%`Xd{^phuWs3puljwm@}j6LGi4bf)EGMt|vSR{*Yz(j%|LR zXpcjvUNyP+{xVWGmnyy*jmJKE_CmF&Dc2wLpWPfB0iaQ#pXRvDZ_vdDBImdVPA!t6 zE3_F~-wI=iGGiN2eY?~NugCaZ+=RQD7A1&pKZo4SV~F^RpY;2a&2po|LFtf0STp_C z%7a^xseGQ=O3C`uHJ=d+ePdZzlc_uxOxDs2qE1sE-MfV*70PF)?9k)UxTQ0&WS@zA z%UVrWL-+H$*jdV!Ksbt~=mVvy-^@1oNyy)K#sEdPx}mOGQ*N{KCFdclJbqd^1r zUWACdj2wcYC3cf+ntB`QqqD$UhP&8`^T1o)yH$CVg3nUqG^pH=0JT+}oik#L`?3~W zrXfSg6#D>XGRjD!Uj>XaNG8`IquV!%G99Z?s~BV4dR59~r-FUq9lOzN**;`xi7vE% z%i=VI2G!46Rv$DmGYM!`mS!&5JJa|)d{a}6f9t0l`ti#OY$x+|3h4$?`sgexY~97& z-YD=d3Bn{22wP=EIW<`Hyc;{j*7AMFyjIJ}Ov!fQyPbkNFs$+UtWN<=_5*&`UBW?o z4_{lqSl!}JjO&L0a$C}1jHmwf&pWn#)5G|x4fkEKK;=az^|jzwYv|&ojU3R`O+rwXClAqbklOSV_YK%J@JEkJSz~P2|ica2x?p84F{% zp4W`?K2%V`)A*c!Zow0*E9twZDP)$SWj;R#`dUAzb4mYMYp{b)7(9QkUsa^_uCFH6 z?sJIdCm8d_c(>+yxpU`VY(rd^q)@2Jk|m^mxeB=l(Pneh&feg=2VHXq z>uD=dRRT+up|y=A1~V}S2j_1~f0ANF)FM}@s#tS2-l0RTR~^S7Z&F0o zZz&6CyQ)8wl2lVE1>`3Q8g*-Iw%+=WoSnO*ZdjlKGwVoq43x?L;t^=ZSIptaGBV(pzAki1tqir&5L;cgk z*K4gB?`C}QEKYns8{NK{>DWshrnGZ_HBs5tmARjj1u{9K)##Eg#P2Wle-!^|NUqRQ z>hrU8byh>Ph?rnP`oMMmgN8o0LY=^3mlJUCKF(Z7;ORu@P0a!P{{~^>{GSLLD;w+o zF~T-P_$O|^?o?2>UA7-M6#|ds6K<`rmc+k}r3T*kdjFf^6P9JzB-Lle^XpwWa(dK^ zeb;H_?o`u$m zirum>AQv306C04v*fe(3D&+BaGPSzeDfTu@90Ng`k}?5TBoQYTkF{_ZeZ`B#k0@Ce zfig~lR9pHYV$Bw4LQ>P-M%p^}k@8PG-N0oerlyAYoI70 zqJ$u!ga{H!H!9uI4bmayp`;ZA6p#*)0~mC7hlognAl*oJcfEB`?!7O@d+&~a41bS% zpS{0YYpyxx_Z>f637X*Ip*N~7gO{v4l;uACzU8HxBGvAJgCqADQG4!QkZOuAWz1DZ z8&dqY#;!+4$P4a^)%jM+nEnc+rcvn5M6JzZl(9~)GOmC%E*8&>zbC}SXM#W{UH+;nw-jbT@?O{j9nE3N3+haO!>5Xq3fzvr4rR)khTA@d000Ws40eo(14`(ldNp zz&s+8@qVSCUw6bAX594RxOv2VtKf^GCv9Eg@{OC(c{d#`eq0x{TQ8Ti-7&xT>z&kG z;(92NrBZwNPIQc_~b=-=<^tz3{F#GHDW;R<&@+1K7nPXm91>^{u97`R4*#MsKWb6Jt86Lsjj4?h@ZW~R2;5*$$`)I1ju zurtWxU>#a5+b3gipOm+bwE4_oteB(s@e(3zbcgl_x;5up1c{Vzw$$7 zafY>8qOfq|+~ccn^S|W$e)@`uD#rAytH0rUVX6HP0qZS%{~L{tKh0U2;-vf3rh0Q+ z%&eyEZekx@nzmtlL^y?)qU9SzOLAvy^l2^$k#^geYtkwl_{~;)+b{aF@GLVz1Kmw# zzSC#km5fyS=5FPo-B4Kl$b9=!5du%z$%U_*cBt9>j;e`4I<2OzhB3=4E>{jw8yU5fAlCfan)yCa; z$?%xaO1)0i0{gQH3#a!)o5N$jxSuIk-xdv$I>;xKwAJ^Ohu&v3ieS5{W{$Ulf1R-9 zB~^3jukgG~EfUMLf!lvQ!q@-)(hn1s@E`=Kp$&@DusW z^Q`{xNk&srV#4>=uan$JZudpaiAI!5D$df$(Tc5A8VC2K8lUAZa*yEhv$bR1?A)si zFhMsm(zS>+y{afUb#Q*$)q`OMOF6iO@%}3#&94{k2UA@0au!fe?4!9xN8TSSCeDM! zd54Lc@|NrS=GVK}vlGE$-?iVN#gH}KrFNdsIA3#XJuGAU+dCEyJM4?Cadb3^X5$LG z9Ty*5K(6t7WhsB%_!JkA)WphsCFW*QFb_9h0w*p$3dk6E>H15=@5Lg6=8aL)!< zct3bBS`C`n zUh&)Veq4j}S&=ovnR{=V85EwLFV0CMyC^{NywTyESgOpgpAX(JbW(cuCT(xob>UvfpsaSHX+YpDBJm@b3O0r{3$!r!|fmW<|oz&m&m6Le#TuPB*d#z ze3`GZohh4~8zf;U9nUkP z4~Gj(H5PnsO{h1M75BWkC(pYOc8NS{nVWIas_vnO@53JTTZoZ@klzF2#_x^j^Y{(j zFWMeqgxto@dF*X5qO&vAqnhY{zUQO&lHkLyzH>Z^-)+)A;MN=$$|(HSAg351tuZ2> zxk4@15F&y5fb`C}*ZOp3Vr5cW->>>yIK#+5$(dw$ZN_otYti@U2frqB7qcyDih6{K zzg^$oyX~^F#(h1fQ4v@2C}!K$HQctY@wa#F6tEMy_(hSE;*Z1+OAW)!?3~fhB8<=^ zw%^OW({8*!p2((b8{O`qNnU$E{Y9T_A|udlK|Y?FP-P(oDJf ziqgs+Vvc;<(g%W;iJM9d5wi&YOTYZC4pz^2zkFS?bt{)&=DW^hqV3^hv~w=&LQk7Q zN|f*3a2OCzZ+?8Is`I;~(7A)Xb_{AA#~T43_~`Ms8FQB2WxHz#=;Dr9&t;4iF8}zR z(3j`GGIZgS=@Mg#B|(3hO7HcuoMNiBeka^ghJk}YW;+G~F}JcBc{_`A=a5IVccl`K zX3jS|Pzun|6g&&T|3pQPH3Y^TU@(apni`wf z-eO~6$6$JFYHRbv5Fuz~VQpn;XlZ+k6N5?6%G?T}V6CeU-zQ{fZ>n!7FZvk1QCipL z*)29sc&0oC(_hJynVo~3^+YqpU=lGkw>3oEViGaewKWtn)VDG)#Ng-0u(3rL>RMpD z=wBGR>>{;&wBydwcjqnjvj#nyoY#eSD>{kslze}5OKe2sSCpo>j;J$qrA9E?ekx?l z)aH4YA@RlUNy6j1pM-u&3X4&^J>H*MU*3&bj-n3E2riGs!3m6NLn4v81`$2x#+F0p z&ip_B`xsW=+A1R}TXpu#nJ3?=xTtuOvzVz_Sk@1A*DqhbTm@f&hj|&N0q5;iiFE(Y zsfJLR@$vD{kPvx!`AnUv)*42*&z6cEbtjbo)nk*^+=pbE^>G?U8&Vg}oVhC#LVoRb z2!)jJY(z{;l0-*z|DmPJ2v#vSwRRdL+Q*AhQ>qSLq=o;mZ-_hl9HnKQS9zv>X3Ir9?l?4J)m z3LS=DzkYo?oHtj=aD5pcA73d`lWSL?r<&PI($uu8&_bicTsDf?D`nL8W%<2G{ki~B zG@7Nbs@%aRs)KxusQWHd;f6Xtm}e_1E9*&7pkZc4w8iqFO~)W;=Ep2)Uq#CIrJmE4 zVA3kxSgj)$*y`2aobTCQS+TaW!^Xgv>&u&->q;X%= zt~#dXlsv@0&B$XUt2@k^cG`6$BUvwMf#I#+-SquSgnQ+h8#xtp8tML%;mT?5h}}{!iWqMI4aiN zjpndoH|rFW!MJqk&D*!Z!RhJgZT$P`kG(LMdowgRJn}kqaN}3M5%`27-E;Z8t|5nq zhsVao;5X9MOAvc2pLNs2h@e%g%~Yo#xokvYSm8(A;FE(g51ak1MfSQl zr#V`?U0&C{e7A!d90A4g5!dY)H3V)@IwCxfYm&jON4Tj$Rn} zjgd_5$A{anE;@&i2Ww4Ch>P=`DU?NBYe7|VUqr_10;^uEQdI92p(XJlaODZLYNEL& z^(Z|T2Z}i8nId0(V0+dm9vmE8GMuN9swf_zS!5a0VnF&p@3q^(V2O>{!OrUV-fDb& zd@!YGDrQyCc^D^d_oMQ$o)}(7`NLw8AhvqLERlD_2>hVW)+9(jLMCOVkj64`J__CoF}~s$49YX!e%j$@TF-0sC@sfy0eZiN1R(nW{8t755ao zQkAgh-}?F8WHkvguhN{GICl`}exScJSYm2w>RrpfJ8^yYxgA@uPXZWY!^)`g`qGCm zd$C$!Y9__GsVD5XAFY#HXlCBRB%p_-7c)5DaHu}n81B3=lkLDK+qez- z+MCP?*Kl!f_ZS`$Um@WfU0lqN3D>yIWzHPcDJMvzUFCMzE=t~&rKTbO`{zpip1r36 z*=&)-~SlU<*T)G_l+NlBS& z<8aRW`oYQxX1EBEHonC}|fA06!OmXW1&1rV_$!rgQIpE5tq zUD=z@s_Guzr`wM1ccdL_E4YS~aB(T$(|291CG1YJU+h=XqS|;DA5pZc_z))ZWc<!2UAr?n@lBk6r7K&`wzlO2ZeY66dwG^5`iQdUK4Y+`PBh`4i^iIw|to3jf0r@yifnS0i=Y)NYnLZKnF7Ic8h+`a=dw z4SdoP!xK45f4Q1=oAm72v$=>8^!C6ktup1qTKA(}m`)7(^F zJH_<$K9|16A>n*-@D#8$_*%$pTED@MEgnsnROg*_$d=GHcmm)yg$^>tFAg`|;zg`FmkMM{1LkL8Ueu)8S9A+} zldqD8mc-z+AmKRB_m9W>lmp?rTRI-HW07gzGCJl zQus*5b+MpljTD)oUXZK32sq<5O@nLE*i_SsS;`pEOPGRJk?zjcMuvtdl3ulX4_;5M zO*VB+-oJgjdJnzoXzy8c98E5O){Nn==|k1xvW@MZ1btGIstfeO$|MV9ESUV(^7#4r znVBsIIp^5|$@u!MM=~xfdAV<$JVv?-RMyyR}79n*E4O?YF0 zwOXySdbjajRx)OIWf&{uP*&cLL70Uk;dk;&3So;zQ%YuLW{G9ECVdxW0sM1vaJ46T zT9IFJ(g?Q7UB_&r9km?8CW3i34y)n8pAqWTW=t5pn5{66RWj6-h6q*NH^f`w$1KkD z+o|zA9xQXn(k07vOGsQ|#KYa|jMC)StKZShvDyHI8#t*6QWoo1v@`_rgbhmW|`z!_+n~h$qo1 zK}^E-l#R&O0IyUld@~L|s)LWJu*Iq1!Gi~Lii>$Q>el@ObaoE{0s<HQU55+PZ*VC)N4`xB+{BotwtL`yfDIJxrik!R;U?|z&g zKYplJl_*kfKZ1VZy3W9fO^)Eu^e@mF(Wugkt(p(s3g(V}CMhLVzQ0sfKpxg>(v=#{ z+tIwam<2EHCa#qnn8CN%snGAqv^gWC)d~~qaQJcO^yq?XB7pm0g-CZn>&C<23Wj!_ zwVNE4<}aeO+wJYg-XFb74A{=R6L@!$UvB?V$+pYRn9roSdX=`UHS|f+@Q-&lyHWrV zDN@dz&wyaP16Xj=fe)coxc#Wys_M{wW2PNpmEby~L>4+nPL}$-gs)+oolwr2e`nN_ zxg$%bif5HsQ^Z5Twf9kT6ieOIIj_x6w{I6+HXF+`Zo5N8HKXIIyj-VR=~6 zprO1nn!j6~VE*T zuYI~b357$r7ohEXK7y6$5Hzk1rpF;_PC|pv#_1)_Gt(`f!uTKHBPeduE2? zNS{h3Iad{+3P>$<4kFB#)g2o%e8!>(0NPV=!ouKBmxI;0p`Z3*$(CH}M;T$lct|tsJuR=RNNPGxm{2K<`s@yl@p#>q!FZd(43d$I zhohc26JKrG_>z7AaN%D#?l9Ld$7su4_OF>b}WasS~l`w_s*xIF+pHEg@i z;(R@$VP)}Nn1rcQVIA!BU$pkq1@3)V9%UV5Y5l+^S@9_WP$nA9B^l@Hl;Lw3i_0cZ z5YHuVVtY8DztGO~?$_6F#L5)utaGdR_U&kRRB`zk;`#HEasDU`0uKde>Y+y#bY^Wd zq};am{f&){(<;tSmX15T8>~syGEO_+A05?IlLqL&5~BH@%H;x`iBUm8{U820+n+vZ zdaf(C^5=9lPMQ<*ces`Hd~tDk6|CG;vNY;-ve+44&$Yigk`C!#x4L3~!0)6p>-qZ7t`lCo^$!w4X=IU3PQ(8A1kc^t&V#AxUc@D{+yv*OBTL{m#@{vaY^^ z2F$Yps!sD+d=Z1)DjKPEw-AAemDNJWJt|BQDLjwnwFJ|WsL>hcq2Iy(+XJ@Wy1a0x}IaEz603s zBpws_mXs0cS0F-}u9v8-!g9VjT=Vc`v5PF-?eb*aZ1lspPs_NO zT%ud!-LF6bC|3*cYbU?KhKgWGc$!jLH}D%1>glfX@?T($-QEr6I!LOF9}Tn+a^(vf37pi7C&r zt#3Z`j*dQ!j;p%G=?7?Om+?s0bw=bUz5mS^k=3k7m!16cxhZur(RxqZ%|+9_L;Sl{ zhg;G8YH1s>dm>nlubD0SSvU3a4a|m%6e{d~O>KWoUFLt1UNxmOu)0qf$oqNNCL}mG z$Gnf(ZnB_ce7hWdIs;junp`0T`!1!Nl^;z>Yh~Y4O5JGXSvGOT2uFVp(U=4ZOsS`2 zo(hR+5G>-{_EPMHL!ZSB@+Uj!;M};6VgOP`R?B|6=R|5=FR+q&!f~m;4!x5@D9tI% z*?xYs)16;y$)F(XZP2|v5Z|na@=!%X;>}WjK~r`?(M@C#Vpu1`9=pBV(PlBFXP}gf>x#^x=)@XR&$&f) zCWk}sMH)^&2F|X$4~~5oUQxuP@ZmrC^!UPJV!F+AD|?*Z0L;|Ftn(!ssq6|&9wXgL zuK7g|Fx8Tds5WCR(Ro@Nr5~j+Og4TVBEGrwc8w4@_aTk3dF{O%k3#MgR9!mzW|F%V zdrXfq6_RA23#)XVIXF0!^!#e|Od$d4g7?e4U_^o?~D6Ah4ks8if8X5ChE(UD>W=_I#s@MJnLR4nU3{) z`!=Vjrsx_%pe#MIj8z*&=qY@aOgYl^<6}RrgrFQQDWj_TJ}h>yi`}B%wiU^>yOZqK zuko=r-!#-slR{xAym#<BkISer&%Tn>9d zt>c^Z)dk~F?CH3y*0QwmQa+2&xqUC#z5-B}NFbR-@h_$*mDi&)Pfg21)@2K)tuD(v zKRR$M!Ohet%H&-Lxw(i=_Tr&s7wKRCseqfy%+F72FQmyV_jh;g<~qfX>FkG7dcILD zVzreuPBvBt{3;Om4Gaon;O2z3V5!Q|qp8-IXIk|qVUB!EWsxDUHGitPxmgpKIKbBD z&Yz#$ZnSNn;yqZYL6ziVT8CFW6f#Kx9FyFC`f_kB*~hd430Nv3e1e+tvWy4Ig9q)u zm*g@hf-^cQ2hj|Xn%8&-8K_s}=`?B+@M;}}v%~7|d3fDBcS&YqEQ_84Z(oAUvhr&J z-l*>xkLw5Fz=wud}Ih=W)FjddxIu|R)S8h`c&5_X4B~D_xkl~9e8_R zuh%{kU_I|PFg8v~N?Omxgco2FzcO5O`Twa3{Qq2l7r3*tQ#9hnLq|tPPv6|okOE`H zV$__iZQdA0JGsD#n0T|f1{y+cE96!c6_s6`D{-99zfE1#tZ=dew(a)q+XQ~KJv~Jl zMV14F7URp%Lr=`gSH59-zqGxIMA0Q-;jrL|2!<=1i+p^1=tr`3Yupa^8jcaYzkac> zvv+43KzSOUh$Oyx6{vxBs9O}Sm_9vXh4)XW`7G=w0#My$ca2gs0E?Kl{<(GIaY^QV zHa52V_n#1uaabbR@A??V!vgNf(&=Fu%rllH!ok6bjFYFl$!>0qKrlzQ2pk`IGW#`qc5t40AkpCRXp@g!;9(Gn1WzbsV~x>Z>q0~fX2^J@A&&;9o>Z&H>Bev zciS0zp#KAllv}X^!yROSd1_ZzSHlL_15W&-CtZzl9N7GRu{eHLgNcMlZD#sipjlEK zLdp1D-V1=b@-PZR##17kjzKL~sOmjcGWYD)SLeOizSq{KghJ#=6#2kvN+CMpG|w=v zqmrX1%w-DH*nu28yiv^BZErRSfZ|}4`?0&t0sv~*yia#4l0hSp!G3E&jqQC<&{NeK zI69zHyg#WQg`PzLJsTX(ch&_cr>p9^%B!pQ$GM~W9ZEak&(~<+jfn1W*-kYR9nzRA zeIL!Ah3KY`6#~;rxZLFuWRWhvnf6Z8IE9%+Se6_swgL=H}_T4HFXv z1*tDzzJ!YagtZzlH?#vc9G?3g6t=s0)g}6MSJ25b1svDn>1}2^5?~5~V(>}5z^vmP zBO_yn4**S_96hg!AwFs;K;T_4NAx-2C*FDP#7F+4OpQl6sTfBYT4W0 z*PtgLBqY?)8F5}JnQowo8_YLVP*#qpAU_7Js&P{K$&(<@7SLd|VHAO+Xag0{(b>7I zq@-aDj`DEa>{4k%a)mBO1z&!iEgl;iyQcB2riMo9{R$9GFf-mzOcA`4{*@%_py_nQ zV;x0dtLErsX1v%Qa;U4V#n-ZySQr9bX3OnoP0e_?igqvs!^SA)0Klt1jeviZC z=hs^Jbx3~qqXQ50q(Z*jlLc+qhe;YFldKtvUbvV)@LpA3&aNh$(R#iizVIuGR z{Rd0!o;f*{5?4WVS#J}tBGpGlY7!)m{X%iZJ90j!{G&SQJHOD$T|UM(@Pf7g6n2t8 z0bEVUsCoCP^_*-4KrkR#urS5UX=rG!|9vQ5h>IgmE5z3;M9fsQv<*`!?d|Q}O49G| zf4b_)!obi{S68>fC~1uh<-aFEFXXoeU z)PWQtU{DvEJKh-&EE)a@6z5?qoNFFLNl$MMT9#S=`ZeSlryh#D(gt|L$IFY1iCHe4 z&jkDcEVN~Bw(c4Yr`rK%q|3{@=WH;;nn!KvQ8_O)Db^|Vs;3PcAL6~4rBT$HEd|Ba z2Iipia)lQe5;zijWC2V?5=d~H&iET3yjH`9{e#|+S8m_B^>t5_s*uCHH|UwQOe}9- zLj!G(LmZ+39koEe#@s;q;E=PYo6U8m1bF5_cmPQ&PnCXYY3bFgS8(zOlHawo;*eOp zmZ;l(X^^Xi+1pqRlzo`*+QrpepnIZMN5#gHk&(ql;*jj_?~`*OzGtriRDgWcw~zZ) zwWblfy5z;`Z(g^-x03u1@n9{ZQo<419yHuW>&FL0)R<=oSa*U(d#DG2r#nutXn0m3 zGfQX0(pr5x{)pOcejEP{F`F5ydGF6X7Ez$^C8VXhvJS|PcYJh-LK_reJ_ZF{<$79S zBxns{Y;!iqnh(c+yb}}@tf;8CEOXMMgYDIhkoaK5&Gsmi*;~x>eVukK5)0&A6GI8F z#=yR3>WpTVE#(gTU%(`|(G7>TB!0ta)f8ZbxOlq;ed}3wdWqEtzug?HB^0f_vkGV9 zC}|vnR)Ce%7-r`DUcl{O2gtN}PEHu$jkqZ0g(x~&+S!rgqiq1$`ZjYA;vlGmkRau~ zadC0Iu?ET=^EN~FM#H#)@J`XGs^kwPDd#|ufbIZPlrnmbK}?&Pyv_&nbpU7vy8z-? z9cf8PD6%8mUUA#anIv5y)SJl+AmZE9fwSvMM{T2MqIFW7MYmM=s~YF?35t5)yrz)i_ zSY(8ThN3NkE(1D={qvl^bNd=nG?0v~{2{&4ItZiF&iVw5nkK#P0coo6urZMn15K+w z=4MjA!mtRF9fWCe7(O`vD8qel#c4aQjsIDNl$4Zz#nAXodt-z3IvN?|%!?v1=3`)2 ztdWg4d>cVyHSkjtu#g^J#%cwL_eSi`P%@1?Bk4!%M$jGJ@1j7ww@)>Q9aEgwQiEU< zpX}f_@pa?~E6JW`7t#aZ)MQZ0VY#tK!wEruI*Xcy6L@{Y991kG6E}@E>VAVmtfZq| z`FYYRXkT~s#hS9a(X6Hjjhj!tj?#}hb0*+m?vTkuhlGX}S&a-Q$&w%9NDOkna6XSp zwT70jsyH|Sgg)!tmG!)c4XSbY{Iai~Uo@X{VFjU$)nKviUB=bLq7gI9_=E(a*vAVa zRaI`--8vRr#;wTTSg-&RAQLT(D$I57uN(mQ+!S#8{rz%XoIG%&A1W-$fC1B;tlh<5 zImu7AIM;6=)zs9yBW;Dj{6KBAc2q`1jH)x2EB9rpo^7Kh+g^<*^tre37^>LprQQ4H zh1tc!1w`Ys-bF`1IZT?xPmtBSaKe%5vX26@M$BFvx%-V+Bi3@`r|_lS`(vGz@5Ibl zdJe6({R7%>;pCV3zQw zyXyqVKN%y~yH?*PtpM}j2w%{VYVeG$Q~(F1NZB3yNu z$_8ZVA|9>_Sgjh$Ruo;idBA{ycGErXJxyid_ABV%9q6O$Ytn*yi;+4s^HspbC#duB z@nH+xWoffJd$JaUsg_4J^$%Z9FCL|D1bU9zngc`5UgSPf>FQ0`ZQ%s@cX4qG4ljd5 zlmYYEk;@aom@Y84v{TmEVq^osf9(b`!1Z9YPLuG=XFxPh07t{ATiweY`Sv|p4r&5L zDKs(NpM^2ed6=AbCnMM8qQUJ#K}jiS*0;ASRk5KadaQEdjxZgM;G)>gbrZCnqOE4<#lf zOgb^f)1XL^7b~MbfBu9dAU<^A;zfuGPE*ZMTaPn)Jru+xB%DC2E47`KFECRw74Ca{ zd3LHL8i$eLOnQjl-$ig(3G@kEDqY+3rx*Fig0{^kI+XL+Zx@XvI_{iN~ z&)B04`5+z4^%u-TlFoDwL_2xk|6syD=<;8TheD=Pg;%NX+*!J(nEUw1 zLcx91XCA0Kg>P{J`jv3A{!v#4#NdFOoSd$%E_ktWQ=nSDPag`0pa5co$`IbW5pYId zUmq03V9r~gu^sp>|zOf7O! zjU0@+Kp?~-|5$jX_4R8syO2&JSnK4+SPVx<(`GeoD#4H2`GYI4Dy1A^^N(aw&1~6vdPff2-kg zwVQ)L0{XvjbZki3^Qx(-F?3nz%{i&Fh;UlLk=L{a%W$t65@P)*L<)0NRX$f@Qqqif zaO#oUjkbar7bdBGDkrz{io0SMx~^sGt}}D>5l=nntFCb(Q$%-Ku^^T%v;P$)6+@s z00Gt4quf0;A;*Wy?p+d)rT>(VeWQw)=oc?)m)eTo1P&t5tQLR=al|oLTd=dL%8HBY z#USbEHUL3T5CRdib#EIM*5Pg>tl4@!z_nscw*`{jco&(>SUP_Fg4%GF>QD@74D}2* zDjpsU9^#ufHSnrw(-^{9t|JsLZc-K@?2Qsgm7K2yh2Io0IG-O(@qv#$utk5pm-plk zU)^;o9|;|68Ia{8@>S`eOOiPYY3$fb6qqx0D0EPAS5FO#c z<-a{HVCLf%L^e22u zY47Tp!g2e~Sj4|E`p+x$mh1KMHhhvNK*Ddxdecu$O%F-wyAs0PX1(?_=-;>P zE$=wQnjWyK%7{(Yta7WU*v5fk{t4iU{NOv%A3*U50?&214=l!yomD=lh@Hyblc8a3 zMP&b{g7;u?uihPYUY=BsE?QXL8ER^38V(r2E)&qJTZYJCc%Kt`*@QU?k$Ph@o6c5y8|j{)|2Vs)6CvLQF-B0s(<$ z{0Qdv7o;mxn$31Zx)rFPkOEcywNRMnP@h61=-pkPwy=CCFCTKUdUMMU6o)1KQFj;H ziB`n74x*R@K)$Gjb|T;W?_uha49d0$kD~#J6dLvU5^71EsTK!H9PWim{;~|JddL4h z*%Vo|I~84A%y~FkVlxdt+pYji5))GvEH+*)uBZ}fRMe=B5)_6}_TRZnF&vJRqpSK@v_5nUZ zTo#U(RJu6}9w7g6aJ=mqDkp+@6)6f7pQ8%iDV{a&>bvy!QQ{n2p@MN@HtpL{=#yUF{H+MI{mu8B20N66*?~eE)zCN!`SZtV+u|UOa)Gn6!V;JRtD#aQcQeSHhA4;V-=4Rg z($LfU4YOz!j_TAYK?n;#yag?D1Cq3v)!OO!yh07)El%LUPg2mIcE9=Ta$w%#lA@GG z@Mm;ASeT^j-?tc{dm>(*4h5lKMso~L&%l62YA!VAI*p8rKwZ3eDD*nDClJ#p@}2&l z7xsZuDZ8?CbW#zJth$qaeE(iA4$io+e>?KN?l-i&J`_kC(0C}r93=(c_)l8|O-zz& z^%|O+^NU_0sW3a!R02=m0|y{5s8Iott7~g(D=SY=`_dCgx;}G$`-S%v7r=30#vEnv z;GZ$ySm;x5Vun$IihZwh1NQie`zjLXpWZ77EEp69RE8B!oBT&R<3OkzO~6#lf8=>F zexMr)2!~z;eWd#nu{~bYk zJe5q%KH%4kxh7tc82){*2bcp;i=pA~3IwculM7)0*pe6?4=Fw5(POl~e_+S@72e`tYAG zN>^Nnb=xxyZNS6Dtv>xeAIKZYuH<|$4j>Zjg-*=CN=TF$DzW(+dmt)%wo?FRa-j=VZ(bB6cBOi?o6%d z)7Ayu4N1kibSc|G{^`?Or(ZbZ@oQN8beZ!!-~^8qpLuUKtlE;&(!ISsuqmLp4)#d@ zw{K_r3)1NIb5x-+sS6~Bl19&_0YoFf>>$*rC4nPP771QP2>*D-)~J>i)eeh;d*iMz z%Nj%?6q0caZd`<&4(D-rN5Kp)3Q5Uab*+VCB**FQiQI{xqB;k+% z75F}ieMz<$C|tDE`4s1ee^0r-WMyrw6pB+f7x1hzAALQKV?qh63o|p=k`MKgWMV?F zB33~yGVuiebx?3nP*8e0y~UF&O>g|Gz@2geFCU;8Uw!}*FBc)~74TjK&s~~I8zhPe z6Cfs?-nu|B>P-!tJi|EPvrZ9i`vsGA{M}RG2bDfw=3YmF-!EPDb}V@8qpbv=-N;P4>&p|7v6 zq}v)Npc5d$m#Q+H(esgCJU-)*uj1k8tMlksl0W`xK7Vj(@aSNnMYPkbrr8q#GJO1m z-%l!(D_wRGTqJmS1{K~Y3y_0(>KBx=Rp3PDL0OOI;$aG^WzjG&EVfmlHZu^ES&uzd z4*)z001(b--SbX_P-{WO!t(3>=ix^m5-BO6hUu5X?*ck9xBqb;?`=`TCjy9j(?i++ zm1V?mTmDKifBvY=b_@|rxWy?P&2BM)QbJ%wZUMUrG|LUx20)eE&(#5EQY-UTbD>!I z;~sdqq$yPZdKpNSiKHV#@Eiqfw|jyM zaNM#V3`Xerj?mim{}U43!%7Nb*@WCI`4|V5%TYWKwih91duaZ z$h?Y10J(rRO0@hU?ovPvFzx|bQdl%ql>NqAn%EosE;}Q3BHAy;F8I}U0Eq@kY-^z} z4>8$@sElVv9VMuH1l^!QfynFZ;f;GXDzM36_G8Vgl4SfLdLNlV|-7r1*1}kZl z3kF0Gy!G?K!Q$ZzNa-{Ud%S=Y4f&Ibsf(X0ZNmEb^LG0;tl;`Qee4klr}aZKg>P$s zDMz3HRagH&90`C0kXh