From 8b8ecd33efc8364fd8c4d0629b28cb867e985ae7 Mon Sep 17 00:00:00 2001 From: RKSelvi <42325057+RKSelvi@users.noreply.github.com> Date: Thu, 30 Apr 2020 09:37:04 -0400 Subject: [PATCH] Modified Shared Services environment & added new MS-VDI environment - In support for this new environment changes have been made to support all Azure environments (#163) * Update dockerimage.yml * Removed build.yml file * Run toolkit container * update * fix * mm * bb * nn * qq * ww * ee * rr * pp * aa * Added storageblobURL to resources * Added StorageblobURL to resources and env variable * added storageblobURL * added storageblobURL * Commented out the Azure Provider feature Bastion * added condition for resources gov vs com * changed old GUID for Az Policy * New change for gov. But need to adjust for com * changed linux agent version number * 1 * 2 * 3 * 4 * added logic for the ethernet * added the ADDS module back after fixing script * Updated modules IIS, SQLServerAlwaysOn,VM Scale sets for storagebloburl * 5 * 6 * 7 * aa * jj * Update * ll * ll * mm * vv * cv * df * Added logic for the NSG flow logs com vs gov * changes to merge conflicts * fixed conflict merge * ee * bnm * yh * vv * sd * bn * xx * vb * tt * ss * zz * remove sub ids * aa * updates * ff * updates * tt * updates * mm * rr * Added info Azure cli to remove legal hold & other misc updates * Fix typos * Moved env variables for toolkit & subscription in the code * ss * kk * Adding Az.Accounts to dockerfile * cc * ii * ll * yy * vv * cc * ee * Added all azure regions to AzureBastion module * nn * gg * tt * dd * Adding install module in the code itself * jk * Added condition to connect to azure & install modules for dev ops * qaz * wsx * bb * Commented env variables in debug * ff * HUB vnet module * changed MSVDI to connect to shrd svcs hub * dummy values for config files * changed para for msvdi with shrd svcs * do not need to lowercase regions so commented out * added variables to file so don't need to input * new prereq script. Not necessary to run * readme for shared services * updated readme * Update * edc * Topological path for DevOps pipeline * test * Update * Running individual modules * Updates * updated comments * new modules * Create dockflow.yml * Updates to SharedServices & MS-VDI readme * qq * Added more info on password restrictions * Update * 56 * 985 * 12 * 67 * 45 * 12 * 678 * 12 * 456 * tt * 12 * 12 * 1q23 * 125 * 343 * 25 * 345 * 2134 * 12 * 2 * 454 * 124 * 312 * 12 * 23 * 34 * mylife * q3 * 12 * 24 * q1234 * 696 * qw23 * q12e4 * w5 * 213 * 2198 * qw * 255 * 89876 * 447 * 3242 * 89 * 43234 * 2342342 * q4eq3214 * 87 * 323 * 2345 * 123456 * New version of code for github action * updates to files * updated av set infoo * 789234 * 234143 * 24223412342 * Teardown test * Copied workflow from Jack's branch * new changes * update to readme in shrdsvcs * new document for github actions * 234 * adding changes to script for cleanup * update readme * update readme * sdf * 235 * 123 * 2345 * new changes to readme * new changes to readme * readme * readme * readmeupdate * readme * red * read * readme * 1234 * readme * 7897894 * update readme shrd svcs * 345 * new changes to readme * removed the cleanup and added to different script * new change to clean up script * Updates to shared services readme * update * 234 * Added passing parameters for subscription & tenant to parameters.json for shared services * update for networkwatcher * removed statement in av sets * Test GH Actions * Test GH Actions * Update * Update * Cleared values * Update * changes to dockerfile version. * Update * Update readme * Update README.md * Updates to docs - added SPN info Co-authored-by: jvalley19 <52843322+jvalley19@users.noreply.github.com> --- .github/workflows/README.md | 56 +++ .github/workflows/dockerimage.yml | 35 ++ Config/toolkit.config.json | 2 +- Config/toolkit.subscription.json | 10 +- Docs/quickstart.md | 11 +- Environments/MS-VDI/definition.json | 5 + Environments/MS-VDI/orchestration.json | 349 ++++++++++++++++++ Environments/MS-VDI/parameters.json | 271 ++++++++++++++ Environments/MS-VDI/pipeline.yml | 0 Environments/MS-VDI/readme.md | 82 ++++ Environments/OnPremises/orchestration.json | 3 + Environments/OnPremises/parameters.json | 2 + .../SharedServices/orchestration.json | 28 +- Environments/SharedServices/parameters.json | 33 +- Environments/SharedServices/readme.md | 222 +++++++++++ .../orchestration.json | 3 + .../parameters.json | 5 +- Environments/_Common/subscriptions.json | 69 ++-- Modules/ActiveDirectory/deploy.json | 13 +- .../ActiveDirectoryDomainServices/deploy.json | 11 +- Modules/AutomationAccounts/deploy.json | 8 +- .../Scripts/register.provider.feature.ps1 | 11 +- Modules/AzureBastion/deploy.json | 29 +- Modules/AzureSecurityCenter/deploy.json | 9 + .../InternetInformationServices/deploy.json | 11 +- Modules/LogAnalytics/deploy.json | 8 +- Modules/NISTControls/deploy.json | 9 +- Modules/NISTControls/parameters.json | 2 +- .../Scripts/enable.flow.logs.ps1 | 18 +- Modules/SQLServerAlwaysOn/deploy.json | 23 +- .../StorageAccounts/Policy/parameters.json | 2 +- Modules/VirtualMachineScaleSets/deploy.json | 13 +- Modules/VirtualMachines/deploy.json | 26 +- Orchestration/Common/Helper.psm1 | 16 +- .../AzureResourceManagerDeploymentService.ps1 | 37 +- .../OrchestrationService/Cleanup_Script.ps1 | 24 ++ .../ModuleConfigurationDeployment.ps1 | 75 ++-- .../OrchestrationService/Pre_req_script.ps1 | 28 ++ README.md | 1 + .../Windows/install_ADDS_No_Disk_Format.zip | Bin 408898 -> 432171 bytes action.yml | 11 + dockerfile | 9 +- entrypoint1.ps1 | 35 ++ 43 files changed, 1493 insertions(+), 122 deletions(-) create mode 100644 .github/workflows/README.md create mode 100644 .github/workflows/dockerimage.yml create mode 100644 Environments/MS-VDI/definition.json create mode 100644 Environments/MS-VDI/orchestration.json create mode 100644 Environments/MS-VDI/parameters.json create mode 100644 Environments/MS-VDI/pipeline.yml create mode 100644 Environments/MS-VDI/readme.md create mode 100644 Environments/SharedServices/readme.md create mode 100644 Orchestration/OrchestrationService/Cleanup_Script.ps1 create mode 100644 Orchestration/OrchestrationService/Pre_req_script.ps1 create mode 100644 action.yml create mode 100644 entrypoint1.ps1 diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 0000000..b8872a3 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,56 @@ +# Getting started with GitHub Actions and the VDC toolkit + +#### GitHub Actions are apart of an automation workflow that can integrate with your CI/CD pipeline. Developers can build, test and deploy upon code pushes and pulls to GitHub. +##### To Learn more about GitHub actions visit the [GitHub Action Documentation](https://help.GitHub.com/en/actions) + +## GitHub Actions with the VDC toolkit quickstart + +### The GitHub action in this repository will create the [Shared Services](../../Environments/SharedServices) Environment and the [MS-VDI](../../Environments/MS-VDI) environment all from a "push" to the GitHub repository. +#### To change the environment being deployed you will need to manipulate the "entrypoint.ps1" file in the root directory. + +### Get started on setting up the action below: +1. #### Ensure you have the latest code when setting up your action pipeline + - ##### Files you need before proceeding with your actions + - 'dockerfile' in your root repository + - 'action.yml' in your root repository + - 'entrypoint.ps1' in your root repository + - 'dockerimage.yml' under the "vdc/.GitHub/workflows" directory + +2. Create Service Pricipal + + Follow for creating the service principal and note the object id and password during creation. The service principal will require owner permissions. + +- [Create SPN via PowerShell for password based authentication](https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-3.8.0#password-based-authentication) +- [Create SPN via Azure Cli](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) +- [Verify & add roles/permissions](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal) +3. #### You will also need to setup your GitHub secrets for the pipeline to use + - ##### You will need the following secrets + - SERVICE_PRINCIPAL + - SERVICE_PRINCIPAL_PASS + - DEVOPS_SERVICE_PRINCIPAL_USER_ID + - ADMIN_USER_NAME + - ADMIN_USER_PWD + - DOMAIN_ADMIN_USERNAME + - DOMAIN_ADMIN_USER_PWD + - TENANT_ID + - SUBSCRIPTION_ID + - KEYVAULT_MANAGEMENT_USER_ID + - ADMIN_USER_SSH + + - ##### To add these secrets in your GitHub repository navigate to + - "Settings" -> "Secrets" + - Then add each secret value with exactly the corresponding name above + - For more information visit the GitHub link for adding new [Secrets](https://help.GitHub.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets). + - *You do not need* "" around your secret values. Enter them with raw data. + +3. #### In your dockerimage.yml file you will need to change the following values that suit your need + - ORGANIZATION_NAME + - AZURE_LOCATION + - Update "uses" to your GitHub repo name. + - uses: [YOUR_GITHUB_NAME]/vdc@master + - Please keep the AZURE_DISCOVERY_URL as is + +4. #### Once you have all these changes and updated your GitHub secrets you can push the changes to your repository. + + +5. #### Upon the "push" you will kick off an action which will deploy the shared services and ms-vdi resources. diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml new file mode 100644 index 0000000..4f7d2b4 --- /dev/null +++ b/.github/workflows/dockerimage.yml @@ -0,0 +1,35 @@ +name: Docker Image CI - MSVDI + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + + build: + env: + SERVICE_PRINCIPAL: ${{ secrets.SERVICE_PRINCIPAL }} + SERVICE_PRINCIPAL_PASS: ${{ secrets.SERVICE_PRINCIPAL_PASS }} + DEVOPS_SERVICE_PRINCIPAL_USER_ID: ${{ secrets.DEVOPS_SERVICE_PRINCIPAL_USER_ID }} + ADMIN_USER_NAME: ${{ secrets.ADMIN_USER_NAME }} + ADMIN_USER_PWD: ${{ secrets.ADMIN_USER_PWD }} + DOMAIN_ADMIN_USERNAME: ${{ secrets.DOMAIN_ADMIN_USERNAME }} + DOMAIN_ADMIN_USER_PWD: ${{ secrets.DOMAIN_ADMIN_USER_PWD }} + ORGANIZATION_NAME : "MSSK" + AZURE_LOCATION : "USGov Arizona" + AZURE_ENVIRONMENT_NAME : "AzureUSGovernment" + TENANT_ID : ${{ secrets.TENANT_ID }} + SUBSCRIPTION_ID : ${{ secrets.SUBSCRIPTION_ID }} + KEYVAULT_MANAGEMENT_USER_ID : ${{ secrets.KEYVAULT_MANAGEMENT_USER_ID }} + AZURE_DISCOVERY_URL : "https://management.azure.com/metadata/endpoints?api-version=2019-05-01" + ADMIN_USER_SSH : ${{ secrets.ADMIN_USER_SSH }} + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Build the Docker image & Deploy + id : hello + uses: rkselvi/vdc@master diff --git a/Config/toolkit.config.json b/Config/toolkit.config.json index 9fabe56..dad0e94 100644 --- a/Config/toolkit.config.json +++ b/Config/toolkit.config.json @@ -14,7 +14,7 @@ }, "ValidationResourceGroup": { "Name": "vdc-custom-rg", - "Location": "West US", + "Location": "env(azure_location)", "Tags": { "Policy": "Exempt" } diff --git a/Config/toolkit.subscription.json b/Config/toolkit.subscription.json index 2284cee..5997428 100644 --- a/Config/toolkit.subscription.json +++ b/Config/toolkit.subscription.json @@ -1,6 +1,6 @@ { - "Comments": "Toolkit subscription and tenant information", - "TenantId": "00000000-0000-0000-0000-000000000000", - "SubscriptionId": "00000000-0000-0000-0000-000000000000", - "Location": "West US 2" -} \ No newline at end of file + "Comments": "ToolKit for creating a new Virtual Data Center", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "000000-000-0000-0000", + "Location": "USGov Arizona" +} diff --git a/Docs/quickstart.md b/Docs/quickstart.md index 0582dc2..38c445f 100644 --- a/Docs/quickstart.md +++ b/Docs/quickstart.md @@ -84,7 +84,11 @@ Strictly speaking, you do not need a service principal for the purpose of this q You can reuse your user object id in place of the service principal object id. However, if you want to deploy using Azure DevOps you will need to create the service principal. -Follow [these instructions](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal) for creating the service principal and note the object id during creation. The service principal will require owner permissions. +Follow for creating the service principal and note the object id during creation. The service principal will require owner permissions. +- [Create SPN via PowerShell for password based authentication](https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-3.8.0#password-based-authentication) +- [Create SPN via Azure Cli](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) +- [Create SPN via Portal](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal) +- [Verify & add roles/permissions](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal) ### Setting the configuration @@ -119,7 +123,10 @@ $ENV:VDC_TOOLKIT_SUBSCRIPTION = (Get-Content .\Config\toolkit.subscription.json $ENV:ORGANIZATION_NAME = "contoso" $ENV:TENANT_ID = "00000000-0000-0000-0000-000000000000" - +$ENV:SUBSCRIPTION_ID = "00000000-0000-0000-0000-000000000000" +$ENV:AZURE_ENVIRONMENT_NAME = "AzureCloud" +$ENV:AZURE_LOCATION = "West US 2" +$ENV:AZURE_DISCOVERY_URL = "https://management.azure.com/metadata/endpoints?api-version=2019-05-01" $ENV:KEYVAULT_MANAGEMENT_USER_ID = "00000000-0000-0000-0000-000000000000" $ENV:DEVOPS_SERVICE_PRINCIPAL_USER_ID = "00000000-0000-0000-0000-000000000000" diff --git a/Environments/MS-VDI/definition.json b/Environments/MS-VDI/definition.json new file mode 100644 index 0000000..dba4af8 --- /dev/null +++ b/Environments/MS-VDI/definition.json @@ -0,0 +1,5 @@ +{ + "Subscriptions": "env(VDC_SUBSCRIPTIONS)", + "Parameters": "file(./parameters.json)", + "Orchestration": "file(./orchestration.json)" +} \ No newline at end of file diff --git a/Environments/MS-VDI/orchestration.json b/Environments/MS-VDI/orchestration.json new file mode 100644 index 0000000..0b013a4 --- /dev/null +++ b/Environments/MS-VDI/orchestration.json @@ -0,0 +1,349 @@ +{ + "ModuleConfigurationsPath": "../../Modules", + "ModuleConfigurations": [ + { + "Name": "VirtualNetworkSPOKE", + "ModuleDefinitionName": "VirtualNetwork", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.ResourceGroup}", + "DependsOn": [ + "DiagnosticStorageAccount" + ], + "Deployment": { + "OverrideParameters": { + "vnetName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.Name}" + }, + "vnetAddressPrefixes": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.AddressPrefixes}" + }, + "subnets": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.Subnets}" + }, + "enableDdosProtection": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.EnableDdosProtection}" + }, + "enableVmProtection": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.EnableVmProtection}" + } + } + } + }, + { + "Name": "VirtualNetworkPeeringHub", + "ModuleDefinitionName": "VirtualNetworkPeering", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkHUB.ResourceGroupName}", + "DependsOn": [ + "VirtualNetworkHUB", + "VirtualNetworkSPOKE" + ], + "Deployment": { + "OverrideParameters": { + "localVnetName": { + "value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkHUB.Name}" + }, + "peeringName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.LocalPeering.Name}" + }, + "remoteVirtualNetworkId": { + "value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkSPOKE.Id}" + }, + "useRemoteGateways": { + "value": false + } + } + } + }, + { + "Name": "VirtualNetworkPeeringSPOKE", + "ModuleDefinitionName": "VirtualNetworkPeering", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.ResourceGroup}", + "DependsOn": [ + "VirtualNetworkSPOKE", + "VirtualNetworkHUB" + ], + "Deployment": { + "OverrideParameters": { + "localVnetName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.Name}" + }, + "peeringName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkPeering.LocalPeering.Name}" + }, + "remoteVirtualNetworkId": { + "value": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkHUB.Id}" + }, + "useRemoteGateways": { + "value": false + } + } + } + }, + { + "Name": "DiagnosticStorageAccount", + "ModuleDefinitionName": "StorageAccounts", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.ResourceGroup}", + "Comments": "Storage Account that is used for ...", + "Policies": { + "Comments": "Optional - If no object is specified, no Policies deployment will occur", + "OverrideParameters": { + "effect": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Policies.Effect}" + }, + "resourceGroup": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.ResourceGroup}" + }, + "resourceGroupLocation": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}" + } + } + }, + "Deployment": { + "Comments": "We need the 'update' module instance to lock this resource after the Virtual Network got created", + "TemplatePath": "../../Modules/StorageAccounts/deploy.json", + "OverrideParameters": { + "storageAccountName": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Name}" + }, + "storageAccountSku": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Sku}" + }, + "location": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}" + } + } + } + }, + { + "Name": "EnableServiceEndpointOnDiagnosticStorageAccount", + "ModuleDefinitionName": "StorageAccounts", + "Updates": "DiagnosticStorageAccount", + "Comments": "Enables Service endpoint on the Storage Account", + "DependsOn": [ + "DiagnosticStorageAccount", + "VirtualNetworkSPOKE" + ], + "Deployment": { + "OverrideParameters": { + "networkAcls": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.NetworkAcls}" + }, + "vNetId": { + "value": "reference(VirtualNetworkSPOKE.vNetResourceId)" + } + } + } + }, + { + "Name": "LogAnalytics", + "ModuleDefinitionName": "LogAnalytics", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.LogAnalytics.ResourceGroup}", + "DependsOn": [ + "DiagnosticStorageAccount" + ], + "Deployment": { + "OverrideParameters": { + "logAnalyticsWorkspaceName": { + "value": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Name}" + }, + "diagnosticStorageAccountName": { + "value": "reference(DiagnosticStorageAccount.storageAccountName)" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "diagnosticStorageAccountAccessKey": { + "value": "reference(DiagnosticStorageAccount.storageAccountAccessKey)" + }, + "location": { + "value": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}" + } + } + } + }, + { + "Name": "KeyVault", + "ModuleDefinitionName": "KeyVault", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}", + "DependsOn":[ + "DiagnosticStorageAccount", + "LogAnalytics", + "VirtualNetworkSPOKE" + ], + "Deployment": { + "OverrideParameters": { + "keyVaultName": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.Name}" + }, + "accessPolicies": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.AccessPolicies}" + }, + "secretsObject": { + "value": { + "secrets": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets}" + } + }, + "enableVaultForDeployment": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDeployment}" + }, + "enableVaultForDiskEncryption": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDiskEncryption}" + }, + "enableVaultForTemplateDeployment": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForTemplateDeployment}" + }, + "vaultSku": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.Sku}" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + }, + "vNetId": { + "value": "reference(VirtualNetworkSPOKE.vNetResourceId)" + }, + "networkAcls": { + "value": { + "bypass": "AzureServices", + "defaultAction": "Allow", + "virtualNetworkRules": [], + "ipRules": [] + } + } + } + } + }, + { + "Name": "ArtifactsStorageAccount", + "Subscription": "Artifacts", + "ModuleDefinitionName": "StorageAccounts", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.ResourceGroup}", + "DependsOn": [], + "Comments": "Storage Account that is used for ...", + "Policies": { + "Comments": "Optional - If no object is specified, no Policies deployment will occur", + "OverrideParameters": { + "effect": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Policies.Effect}" + }, + "resourceGroup": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.ResourceGroup}" + }, + "resourceGroupLocation": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Location}" + } + } + }, + "Deployment": { + "OverrideParameters": { + "storageAccountName": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Name}" + }, + "storageAccountSku": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Sku}" + }, + "location": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Location}" + } + } + } + }, + { + "Name": "JumpboxASG", + "ModuleDefinitionName": "ApplicationSecurityGroups", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.ResourceGroup}", + "DependsOn": [], + "Deployment": { + "OverrideParameters": { + "applicationSecurityGroupName": { + "value": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.Jumpbox.Name}" + } + } + } + }, + { + "Name": "WindowsVM", + "ModuleDefinitionName": "VirtualMachines", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.Jumpbox.ResourceGroup}", + "DependsOn": [ + "VirtualNetworkSPOKE", + "DiagnosticStorageAccount", + "LogAnalytics", + "KeyVault", + "ArtifactsStorageAccount", + "JumpboxASG" + ], + "Comments": "Creates Windows Jumpbox", + "Deployment": { + "OverrideParameters": { + "virtualMachineName": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.Name}" + }, + "virtualMachineSize": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.VMSize}" + }, + "virtualMachineOSImage": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.OSImage}" + }, + "virtualMachineOSType": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.OSType}" + }, + "virtualMachineCount": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.VMCount}" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceId)" + }, + "logAnalyticsWorkspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + }, + "logAnalyticsWorkspacePrimarySharedKey": { + "value": "reference(LogAnalytics.logAnalyticsPrimarySharedKey)" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "diagnosticStorageAccountName": { + "value": "reference(DiagnosticStorageAccount.storageAccountName)" + }, + "diagnosticStorageAccountSasToken": { + "value": "reference(DiagnosticStorageAccount.storageAccountSasToken)" + }, + "artifactsStorageAccountKey": { + "value": "reference(ArtifactsStorageAccount.storageAccountAccessKey)" + }, + "artifactsStorageAccountName": { + "value": "reference(ArtifactsStorageAccount.storageAccountName)" + }, + "artifactsStorageAccountSasKey": { + "value": "reference(ArtifactsStorageAccount.storageAccountSasToken)" + }, + "vNetId": { + "value": "reference(VirtualNetworkSPOKE.vNetResourceId)" + }, + "subnetName": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.SubnetName}" + }, + "applicationSecurityGroupId": { + "value": "reference(JumpboxASG.applicationSecurityGroupResourceId)" + }, + "adminUsername": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.AdminUsername}" + }, + "adminPassword": { + "reference": { + "keyVault": { + "id": "reference(KeyVault.keyVaultResourceId)" + }, + "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}" + } + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.StorageBlobUrl}" + } + } + } + } + ] +} \ No newline at end of file diff --git a/Environments/MS-VDI/parameters.json b/Environments/MS-VDI/parameters.json new file mode 100644 index 0000000..792b67e --- /dev/null +++ b/Environments/MS-VDI/parameters.json @@ -0,0 +1,271 @@ +{ + "Organization": "env(ORGANIZATION_NAME)", + "DeploymentName": "vdcvdi", + "InstanceName": "${Parameters.Organization}-${Parameters.DeploymentName}", + "Subscription": "VDCVDI", + "Location": "env(AZURE_LOCATION)", + "StorageBlobUrl": "env(AZURE_STORAGE_BLOB_URL)", + "ModuleConfigurationParameters": { + "SharedServices": { + "DeploymentName": "shrdsvcs", + "ActiveDirectory": { + "VmIpAddressStart": [ "172.0.0.10" ] + }, + "VirtualNetworkHUB": { + "Id": "/subscriptions/${Subscriptions.SharedServices.SubscriptionId}/resourceGroups/${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkHUB.ResourceGroupName}/providers/Microsoft.Network/virtualNetworks/${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkHUB.Name}", + "Name": "${Parameters.Organization}-shrdsvcs-vnet", + "ResourceGroupName": "${Parameters.organization}-shrdsvcs-network-rg", + "AddressPrefix": "172.0.0.0/16", + "NetworkVirtualAppliance": { + "AzureFirewall": { + "Name": "${Parameters.Organization}-${Parameters.ModuleConfigurationParameters.SharedServices.DeploymentName}-azfw" + } + } + }, + "VirtualNetworkSPOKE": { + "Id": "/subscriptions/${Subscriptions.VDCVDI.SubscriptionId}/resourceGroups/${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkSPOKE.ResourceGroupName}/providers/Microsoft.Network/virtualNetworks/${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkSPOKE.Name}", + "Name": "${Parameters.InstanceName}-SPOKE", + "ResourceGroupName": "${Parameters.InstanceName}-spokenetwork-rg", + "AddressPrefixes": "172.50.0.0/16", + "NetworkVirtualAppliance": { + "AzureFirewall": { + "Name": "${Parameters.Organization}-${Parameters.ModuleConfigurationParameters.SharedServices.DeploymentName}-spazfw" + } + } + } + }, + "OnPremisesInformation": { + "InstanceName": "${Parameters.InstanceName}", + "Comments": "This InstanceName is a temporal value, this value is used in artifactsStorageAccount.json, the idea is to have a global set of services and this name should point to the InstanceName (deployment name) of the global services archetype" + }, + "KeyVaultManagementUserId": "env(KEYVAULT_MANAGEMENT_USER_ID)", + "DevOpsServicePrincipalId": "env(DEVOPS_SERVICE_PRINCIPAL_USER_ID)", + + "VirtualNetworkSPOKE": { + "Name": "${Parameters.InstanceName}-SPOKE", + "ResourceGroup": "${Parameters.InstanceName}-spokenetwork-rg", + "AddressPrefixes": [ "172.50.0.0/16" ], + "EnableDdosProtection": false, + "EnableVmProtection": false, + "Subnets": [ + { + "name": "spokeshrdsvcs", + "addressPrefix": "172.50.1.0/28", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [ + { + "service": "Microsoft.EventHub" + }, + { + "service": "Microsoft.Sql" + }, + { + "service": "Microsoft.Storage" + }, + { + "service": "Microsoft.KeyVault" + } + ] + }, + { + "name": "GatewaySubnet", + "addressPrefix": "172.50.2.0/28", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [] + }, + { + "name": "AccessLayerSubnet", + "addressPrefix": "172.50.3.0/28", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [] + } + , + { + "name": "ResourceLayerSubnet", + "addressPrefix": "172.50.4.0/28", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [] + }, + { + "name": "ControlLayerSubnet", + "addressPrefix": "172.50.5.0/28", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [] + } + ], + "DnsServers": [ + "${Parameters.ModuleConfigurationParameters.SharedServices.ActiveDirectory.VmIpAddressStart}" + ] + }, + "VirtualNetworkPeering": { + "LocalPeering": { + "Name": "${Parameters.DeploymentName}-to-sharedsvcs" + } + }, + "ApplicationSecurityGroups": { + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.ResourceGroup}", + "Jumpbox": { + "Name": "jumpbox-asg" + }, + "DomainController": { + "Name": "dc-asg" + } + }, + "NetworkSecurityGroups": { + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.SharedServices.VirtualNetworkHUB.ResourceGroupName}", + "Comments": "Virtual Network (TCP and UDP) to Application Security Group rules are required for DNS resolution", + "SharedServices": { + "Name": "${Parameters.DeploymentName}-nsg", + "Rules": [ + { + } + ] + } + }, + "DiagnosticStorageAccount": { + "Name": "${Parameters.Organization}${Parameters.DeploymentName}diag01", + "ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg", + "Location": "${Parameters.Location}", + "Sku": "Standard_GRS", + "NetworkAcls": { + "bypass": "AzureServices", + "defaultAction": "Deny", + "virtualNetworkRules": [ + { + "subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.Subnets[0].Name}" + } + ], + "ipRules": [] + }, + "Policies": { + "Effect": "Audit" + } + }, + "LogAnalytics": { + "Name": "${Parameters.InstanceName}-la", + "Comments": "Log Analytics and Diagnostic Storage Account must be deployed in the same region", + "ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg", + "Location": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}", + "ListOfAllowedRegions": [ + "Australia Central", + "Australia East", + "Australia Southeast", + "Canada Central", + "Central India", + "Central US", + "East Asia", + "East US", + "East US 2", + "France Central", + "Japan East", + "Korea Central", + "North Europe", + "South Central US", + "Southeast Asia", + "UK South", + "West Europe", + "West US", + "West US 2", + "USGov Virginia", + "USGov Iowa", + "USGov Arizona", + "USGov Texas", + "USDoD Central", + "USDoD East" + ] + }, + "KeyVault": { + "Name": "${Parameters.InstanceName}-kv", + "ResourceGroup": "${Parameters.InstanceName}-keyvault-rg", + "Sku": "Premium", + "EnableVaultForDeployment": true, + "EnableVaultForDiskEncryption": true, + "EnableVaultForTemplateDeployment": true, + "AccessPolicies": [ + { + "tenantId": "${Parameters.TenantId}", + "objectId": "${Parameters.ModuleConfigurationParameters.KeyVaultManagementUserId}", + "permissions": { + "certificates": [ + "All" + ], + "keys": [ + "All" + ], + "secrets": [ + "All" + ] + } + }, + { + "tenantId": "${Parameters.TenantId}", + "objectId": "${Parameters.ModuleConfigurationParameters.DevOpsServicePrincipalId}", + "permissions": { + "certificates": [ + "All" + ], + "keys": [ + "All" + ], + "secrets": [ + "All" + ] + } + } + ], + "SecretsObject": { + "Comments": "Creating an object so we can use a secretsobject parameter type in our ARM template", + "Secrets": [ + { + "secretName": "admin-user", + "secretValue": "env(ADMIN_USER_NAME)" + }, + { + "secretName": "admin-user-pswd", + "secretValue": "env(ADMIN_USER_PWD)" + } + ] + }, + "NetworkAcls": { + "bypass": "AzureServices", + "defaultAction": "Deny", + "virtualNetworkRules": [ + { + "subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.Subnets[0].Name}" + } + ], + "ipRules": [] + } + }, + "ArtifactsStorageAccount": "file(../_Common/artifactsStorageAccount.json)", + "Jumpbox": { + "ResourceGroup": "${Parameters.InstanceName}-jumpbox-rg", + "AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}", + "SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkSPOKE.Subnets[0].name}", + "StorageBlobUrl": "${Parameters.StorageBlobUrl}", + "Windows": { + "Comments": "Windows VM name cannot exceed 13 characters", + "Name": "win-jb-vm", + "VMCount": 1, + "OSType": "Windows", + "VMSize": "Standard_DS2_v2", + "OSImage": { + "offer": "WindowsServer", + "publisher": "MicrosoftWindowsServer", + "sku": "2016-Datacenter" + }, + "Kek": { + "Name": "WindowsJumpboxKey", + "Comments": "Destination can be HSM or Software. Use HSM to create Production keys.", + "Destination": "HSM" + } + } + } + + } +} diff --git a/Environments/MS-VDI/pipeline.yml b/Environments/MS-VDI/pipeline.yml new file mode 100644 index 0000000..e69de29 diff --git a/Environments/MS-VDI/readme.md b/Environments/MS-VDI/readme.md new file mode 100644 index 0000000..1c1e5d4 --- /dev/null +++ b/Environments/MS-VDI/readme.md @@ -0,0 +1,82 @@ +# **To deploy Azure Virtual Datacenter for VDI** + +MS-VDI environment has Azure resources that are dependent on "Shared Services". This follows HUB and SPOKE model, with "Shared Services" as HUB and "MS-VDI" as SPOKE. + +**If [Shared Services](../../Environments/SharedServices) are not yet deployed, please deploy Shared Services before deploying [MS-VDI](../../Environments/MS-VDI) archetypes provided in the toolkit.** + +## Setting the Environmental variables + +All the settings for Environmental variables for Shared Services will be reused for MS-VDI deployment. First set up, deploy Shared Services and continue for MS-VDI + +## Setting the Parameters + +Any application specific parameters updates should be done in the [parameters.json](../../Environments/MS-VDI/parameters.json) file such as IP address, subnet names, subnet range, secrets etc. + +## Deploying the MS-VDI environment + +1. Return to the running Docker container from earlier in the quickstart. +1. If you have not already done so, run `Connect-AzAccount -Tenant "[TENANT_ID]" -SubscriptionId "[SUBSCRIPTION_ID]" -EnvironmentName "[AZURE_ENVIRONMENT]"` to login and set an Azure context. +1. To deploy the entire MS-VDI environment, you can run a single command: + + ``` PowerShell + ./Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 -DefinitionPath ./Environments/MS-VDI/definition.json + ``` + +The toolkit will begin deploying the constituent modules and the status will be sent to the terminal. +Open the [Azure portal](https://portal.azure.us) and you can check the status of the invididual deployments. Azure portal link will be based on azure environment. + +## Deploying individual modules + +If you prefer you can deploy the constituent modules for MS-VDI individually. +The following is the series of commands to execute. + +``` PowerShell + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "VirtualNetworkSPOKE" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "VirtualNetworkPeeringHub" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "VirtualNetworkPeeringSpoke" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "DiagnosticStorageAccount" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "EnableServiceEndpointOnDiagnosticStorageAccount" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "LogAnalytics" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "KeyVault" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "ArtifactsStorageAccount" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "UploadScriptsToArtifactsStorage" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "JumpboxASG" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\MS-VDI\definition.json -ModuleConfigurationName "WindowsVM" +``` + +**NOTE:** + +1. If deployment reports, unable to find deployment storage account, it could be that PowerShell is not connected to Azure. +2. Open a new PowerShell/Docker instance if there was any changes to files in Environments folder + +### **Teardown the environment** + +``` PowerShell +./Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 -TearDownEnvironment -DefinitionPath ./Environments/MS-VDI/definition.json +``` + +Note: This is the same command you used to deploy except that you include ` -TearDownEnvironment`. +It uses the same configuration, so if you change the configuration the tear down may not execute as expected. + +### **Remove vdc-toolkit-rg** + +Teardown removes only the resources deployed from VDC toolkit orchestration but do not actually remove the resource group (vdc-toolkit-rg) and storage accounts created by VDC toolkit deployment. +vdc-toolkit-rg + +Use the Azure Cli to remove the resource group and the storage accounts. Find the storage account name from the vdc-toolkit-rg resource group. + +``` AzureCli +az account set --subscription [SUBSCRIPTION_ID] + +az storage container legal-hold clear --resource-group vdc-toolkit-rg --account-name [STORAGE_ACCOUNT_NAME] --container-name deployments --tags audit + +az storage container legal-hold clear --resource-group vdc-toolkit-rg --account-name [STORAGE_ACCOUNT_NAME] --container-name audit --tags audit +``` + +### **Remove KeyVault** + +For safety reasons, the key vault will not be deleted. Instead, it will be set to a _removed_ state. This means that the name is still considered in use. To fully delete the key vault, use: + +``` PowerShell +Get-AzKeyVault -InRemovedState | ? { Write-Host "Removing vault: $($_.VaultName)"; Remove-AzKeyVault -InRemovedState -VaultName $_.VaultName -Location $_.Location -Force } +``` diff --git a/Environments/OnPremises/orchestration.json b/Environments/OnPremises/orchestration.json index 2bd6460..db3eba4 100644 --- a/Environments/OnPremises/orchestration.json +++ b/Environments/OnPremises/orchestration.json @@ -423,6 +423,9 @@ }, "domainAdminPassword": { "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminPassword}" + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.StorageBlobUrl}" } } } diff --git a/Environments/OnPremises/parameters.json b/Environments/OnPremises/parameters.json index b5088ee..3864c84 100644 --- a/Environments/OnPremises/parameters.json +++ b/Environments/OnPremises/parameters.json @@ -4,6 +4,7 @@ "InstanceName": "${Parameters.Organization}-${Parameters.DeploymentName}", "Subscription": "OnPremises", "Location": "West US", + "StorageBlobUrl": "env(AZURE_STORAGE_BLOB_URL)", "ModuleConfigurationParameters": { "KeyVaultManagementUserId": "env(KEYVAULT_MANAGEMENT_USER_ID)", "DevOpsServicePrincipalId": "env(DEVOPS_SERVICE_PRINCIPAL_USER_ID)", @@ -133,6 +134,7 @@ "ResourceGroup": "${Parameters.InstanceName}-ad-rg", "ADSitename": "Cloud-Site", "CloudZone": "contosocloud.com", + "StorageBlobUrl": "${Parameters.StorageBlobUrl}", "DomainAdminUsername": "env(DOMAIN_ADMIN_USERNAME)", "DomainAdminPassword": { "keyVault": { diff --git a/Environments/SharedServices/orchestration.json b/Environments/SharedServices/orchestration.json index 248d59a..b864501 100644 --- a/Environments/SharedServices/orchestration.json +++ b/Environments/SharedServices/orchestration.json @@ -74,6 +74,9 @@ "OverrideParameters": { "workspaceId": { "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + }, + "environmentName": { + "value": "${Parameters.EnvironmentName}" } } } @@ -207,7 +210,8 @@ "DiagnosticStorageAccountId": "reference(DiagnosticStorageAccount.storageAccountResourceId)", "WorkspaceId": "reference(LogAnalytics.logAnalyticsWorkspaceId)", "LogAnalyticsWorkspaceId": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)", - "WorkspaceRegion": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}" + "WorkspaceRegion": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}", + "environmentName": "${Parameters.EnvironmentName}" } } }, @@ -252,7 +256,8 @@ "DiagnosticStorageAccountId": "reference(DiagnosticStorageAccount.storageAccountResourceId)", "WorkspaceId": "reference(LogAnalytics.logAnalyticsWorkspaceId)", "LogAnalyticsWorkspaceId": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)", - "WorkspaceRegion": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}" + "WorkspaceRegion": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}", + "environmentName": "${Parameters.EnvironmentName}" } } }, @@ -621,6 +626,9 @@ }, "adminPassword": { "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminPassword}" + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.StorageBlobUrl}" } } } @@ -693,6 +701,9 @@ }, "domainAdminPassword": { "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminPassword}" + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.StorageBlobUrl}" } } } @@ -825,6 +836,9 @@ }, "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}" } + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.StorageBlobUrl}" } } } @@ -935,6 +949,9 @@ }, "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[2].secretName}" } + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.StorageBlobUrl}" } } } @@ -1048,6 +1065,9 @@ }, "adminPassword": { "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminPassword}" + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.StorageBlobUrl}" } } } @@ -1092,6 +1112,7 @@ "EncryptActiveDirectoryDomainServices" ], "Comments": "Installs Active Directory Domain Services", + "Deployment": { "OverrideParameters": { "virtualMachineName": { @@ -1129,6 +1150,9 @@ }, "domainAdminPassword": { "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminPassword}" + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.StorageBlobUrl}" } } } diff --git a/Environments/SharedServices/parameters.json b/Environments/SharedServices/parameters.json index be78f33..146157b 100644 --- a/Environments/SharedServices/parameters.json +++ b/Environments/SharedServices/parameters.json @@ -3,7 +3,11 @@ "DeploymentName": "shrdsvcs", "InstanceName": "${Parameters.Organization}-${Parameters.DeploymentName}", "Subscription": "SharedServices", - "Location": "West US", + "SubscriptionId": "env(SUBSCRIPTION_ID)", + "TenantId": "env(TENANT_ID)", + "Location": "env(AZURE_LOCATION)", + "EnvironmentName": "env(AZURE_ENVIRONMENT_NAME)", + "StorageBlobUrl": "env(AZURE_STORAGE_BLOB_URL)", "ModuleConfigurationParameters": { "OnPremisesInformation": { "InstanceName": "${Parameters.InstanceName}", @@ -55,7 +59,13 @@ "UK South", "West Europe", "West US", - "West US 2" + "West US 2", + "USGov Virginia", + "USGov Iowa", + "USGov Arizona", + "USGov Texas", + "USDoD Central", + "USDoD East" ] }, "AutomationAccounts": { @@ -83,7 +93,13 @@ "West Central US", "West Europe", "West US 2", - "West US" + "West US", + "USGov Virginia", + "USGov Iowa", + "USGov Arizona", + "USGov Texas", + "USDoD Central", + "USDoD East" ] }, "AzureBastion": { @@ -96,7 +112,13 @@ "West Europe", "South Central US", "Australia East", - "Japan East" + "Japan East", + "USGov Virginia", + "USGov Iowa", + "USGov Arizona", + "USGov Texas", + "USDoD Central", + "USDoD East" ] }, "ApplicationSecurityGroups": { @@ -748,6 +770,7 @@ "ResourceGroup": "${Parameters.InstanceName}-jumpbox-rg", "AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}", "SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}", + "StorageBlobUrl": "${Parameters.StorageBlobUrl}", "Windows": { "Comments": "Windows VM name cannot exceed 13 characters", "Name": "win-jb-vm", @@ -790,6 +813,7 @@ "Comments": "Windows VM name cannot exceed 13 characters.", "PrimaryDomainControllerIP": "172.0.0.10", "DomainName": "contoso.com", + "StorageBlobUrl": "${Parameters.StorageBlobUrl}", "ADSitename": "Cloud-Site", "CloudZone": "contosocloud.com", "DomainAdminUsername": "env(DOMAIN_ADMIN_USERNAME)", @@ -817,6 +841,7 @@ "Name": "adds-vm", "ResourceGroup": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ResourceGroup}", "Comments": "Windows VM name cannot exceed 13 characters. Additionally, Make sure that AddsIPAddressStart and ActiveDirectory.PrimaryDomainControllerIP are in the same subnet address prefix and they don't overlap", + "StorageBlobUrl": "${Parameters.StorageBlobUrl}", "AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}", "AdminPassword": { "keyVault": { diff --git a/Environments/SharedServices/readme.md b/Environments/SharedServices/readme.md new file mode 100644 index 0000000..cff4b53 --- /dev/null +++ b/Environments/SharedServices/readme.md @@ -0,0 +1,222 @@ +# **To deploy Azure Virtual Datacenter for Shared Services** + +Deployment steps for [SharedServices](../../Environments/SharedServices) archetypes provided in the toolkit. +The documentation applies to manually building and running the docker instance. For github action setup click +[GitHub Action for VDC](../../.github/workflows/README.md) + +### Clone the repository + +These steps assume that the `git` command is on your path. + +1. Open a terminal window +2. Navigate to a folder where you want to store the source for the toolkit. For, e.g. `c:\git`, navigate to that folder. +3. Run `git clone https://github.com/RKSelvi/vdc.git`. This will clone the GitHub repository in a folder named `vdc`. +4. Run `cd vdc` to change directory in the source folder. +5. Run `git checkout master` to switch to the branch with the current in-development version of the toolkit. + +### Build the Docker image + +1. Ensure that the [Docker daemon](https://docs.docker.com/config/daemon/) is running. If you are new to Docker, the easiest way to do this is to install [Docker Desktop](https://www.docker.com/products/docker-desktop). +1. Open a terminal window +1. Navigate to the folder where you cloned the repository. _The rest of the quickstart assumes that this path is `C:\git\vdc\`_ +1. Run `docker build . -t vdc:latest` to build the image. + +### Run the toolkit container + +After the image finishing building, you can run it using: + +`docker run -it --entrypoint="pwsh" --rm -v C:\git\vdc\Config:/usr/src/app/Config -v C:\git\vdc\Environments:/usr/src/app/Environments -v C:\git\vdc\Modules:/usr/src/app/Modules vdc:latest` + +A few things to note: + +- You don't need to build the image every time you want to run the container. You'll only need to rebuild it if there are changes to the source (primarily changes in the `Orchestration` folder). +- The `docker run` command above will map volumes in the container to volumes on the host machine. This will allow you to directly modify files in these directories (`Config`,`Environments`, and `Modules`). + +When the container starts, you will see the prompt +`PS /usr/src/app>` + +## Configure the toolkit + +To configure the toolkit for this quickstart, we will need to collect the following information. + +You'll need: + +- A subscription for the toolkit to use for logging and tracking deployment. +- The associated tenant id of the Azure Active Directory associated with those subscriptions. +- The object id of the user account that you'll use to run the deployment. +- The object id of a [service principal](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal) that Azure DevOps can use for deployment. This is only for CI/CD pipeline +- An organization name for generating a prefix for naming resources. +- The desired username and password for the Active Directory domain admin that will be created. Active Directory is not deployed now. +- The desired password of the Windows jumpbox. +- The [public ssh key](https://docs.microsoft.com/azure/virtual-machines/linux/mac-create-ssh-keys) for accessing the Linux jumpbox. + +Note: You can use a single subscription. You'll just need to provide the same subscription id in multiple locations in the configuration. + +### Collecting user object id and tentant id + +You can get your user object id and tenant id in the portal or by using command line utitilies. + +Using Azure PowerShell: + +1. Run `Connect-AzAccount -Tenant "[TENANT_ID]" -SubscriptionId "[SUBSCRIPTION_ID]" -EnvironmentName "[AZURE_ENVIRONMENT]"` to login and set an Azure context. For Azure Commercial environment "AzureCloud" & for Azure Government "AzureUSGovernment" +2. Run `Get-AzContext | % { Get-AzADUser -UserPrincipalName $($_.Account.Id) } | select Id` to get the user object id. +3. Run `Get-AzContext | select Tenant` to get the tenant id. + +#### Environmental variables + +The toolkit uses environmental variables instead of configuration files to help avoid the accidental inclusion of secrets into your source control. In the context of a CI/CD pipeline, these values would be retrieved from a key vault. For GitHub Actions workflow this will be coming from GitHub Secrets. + +Set these environmental variables by substituting the actual values in the script below. +Copy and paste this script into PowerShell to execute it. + +Note: The first two variables are set with the content of the configuration files we just modified. The path will not resolve correctly unless you are in `/usr/src/app` directory. + +```PowerShell +$ENV:ORGANIZATION_NAME = "[ORGANIZATION_NAME]" +$ENV:AZURE_ENVIRONMENT_NAME = "[AZURE_ENVIRONMENT]" +$ENV:AZURE_LOCATION = "[AZURE_REGION]" +$ENV:TENANT_ID = "[TENANT_ID]" +$ENV:SUBSCRIPTION_ID = "[SUBSCRIPTION_ID]" +$ENV:KEYVAULT_MANAGEMENT_USER_ID = "[KEY_VAULT_MANAGEMENT_USER_ID]" +$ENV:DEVOPS_SERVICE_PRINCIPAL_USER_ID = "[SERVICE_PRINCIPAL_USER_ID]" +$ENV:DOMAIN_ADMIN_USERNAME = "[DOMAIN_ADMIN_USER_NAME]" +$ENV:DOMAIN_ADMIN_USER_PWD = "[DOMAIN_ADMIN_USER_PASSWORD]" +$ENV:ADMIN_USER_NAME = "[VM_ADMIN_USER_NAME]" +$ENV:ADMIN_USER_PWD = "[VM_ADMIN_USER_PASSWORD]" +$ENV:AZURE_DISCOVERY_URL = "https://management.azure.com/metadata/endpoints?api-version=2019-05-01" +$ENV:ADMIN_USER_SSH = "[SSH_KEY]" +``` + +**NOTE:** Examples to setting the env variables + +- "[ORGANIZATION_NAME]" + - Abbreviation of your org (for e.g. contoso) with **NO SPACES** + - Must be 10 characters or less +- "[AZURE_ENVIRONMENT]" + - For Azure Commercial + - "AzureCloud" + - For Azure Government + - "AzureUSGovernment" +- "[AZURE_REGION]" - Depending on the Azure Enviroment, provide Azure regions. For e.g. + - Azure public cloud + - "East US" + - "East US 2" + - Azure Government + - "USGov Virginia" + - "USGov Iowa" +- "[KEY_VAULT_MANAGEMENT_USER_ID]" + - User's GUID from AAD deploying the VDC toolkit +- "[SERVICE_PRINCIPAL_USER_ID]" + - Used by CI/CD (not yet implemented). Can be same as KEY_VAULT_MANAGEMENT_USER_ID +- "[TENANT_ID]" - Tenant's GUID +- "[SUBSCRIPTION_ID]" - Subscription's GUID +- "[DOMAIN_ADMIN_USER_NAME]" + - Domain user name - will be used for AD deployment and not yet included in current deployment +- "[DOMAIN_ADMIN_USER_PASSWORD]" + - Domain user password - will be used for AD deployment and not yet included in current deployment. Follow the [guidelines](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm) for setting the password. +- "[VM_ADMIN_USER_NAME]" + - VM log in username +- "[VM_ADMIN_USER_PASSWORD]" + - VM user password. Follow the [guidelines](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm) for setting the password. +- "[SSH_KEY]" + - Needs to be a valid public ssh rsa key for SSH to linux box + +To use the above script: + +1. Return to the running Docker container from earlier in the quickstart. +2. Confirm that you are in the `/usr/src/app` directory. +3. Make a copy of the above script and replace the necessary values. +4. Copy the script into the clipboard and paste it in the terminal. +5. Verify that the enviromental variables are set by running `env` to view the current values. + +#### Pre-req script +##### This script will ensure that the configuration files are updated with your environment variables. + + ``` PowerShell + ./Orchestration/OrchestrationService/Pre_req_script.ps1 + ``` + **You will need to run the cleanup script after you are done deploying the modules to ensure your secret values are not passed into the GitHub repository.** + +#### Parameters + +Any application specific parameters updates should be done in the [parameters.json](../../Environments/SharedServices/parameters.json) file such as IP address, subnet names, subnet range, secrets etc. + +## Deploying the Shared Services environment + +1. Return to the running Docker container from earlier in the quickstart. +1. If you have not already done so, run `Connect-AzAccount -Tenant "[TENANT_ID]" -SubscriptionId "[SUBSCRIPTION_ID]" -EnvironmentName "[AZURE_ENVIRONMENT]"` to login and set an Azure context. +1. To deploy the entire Shared Services environment, you can run a single command: + + ``` PowerShell + ./Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 -DefinitionPath ./Environments/SharedServices/definition.json + ``` + +The toolkit will begin deploying the constituent modules and the status will be sent to the terminal. +Open the [Azure portal](https://portal.azure.us) and you can check the status of the invididual deployments. Azure portal link will be based on azure environment. + +## Deploying individual modules + +If you prefer you can deploy the constituent modules for Shared Services individually. +The following is the series of commands to execute. + +``` PowerShell + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "AzureFirewall" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "VirtualNetwork" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "AzureSecurityCenter" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "NISTControls" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "AutomationAccounts" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "DomainControllerASG" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "DiagnosticStorageAccount" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "EnableServiceEndpointOnDiagnosticStorageAccount" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "LogAnalytics" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "KeyVault" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "ArtifactsStorageAccount" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "UploadScriptsToArtifactsStorage" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "JumpboxASG" + .\Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1 -DefinitionPath .\Environments\SharedServices\definition.json -ModuleConfigurationName "SharedServicesNSG" +``` + +**NOTE:** + +1. If deployment reports, unable to find deployment storage account, it could be that PowerShell is not connected to Azure. +2. Open a new PowerShell/Docker instance if there were any changes to files in Environments folder + +### **Teardown the environment** + +``` PowerShell +./Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 -TearDownEnvironment -DefinitionPath ./Environments/SharedServices/definition.json +``` + +Note: This is the same command you used to deploy except that you include ` -TearDownEnvironment`. +It uses the same configuration, so if you change the configuration the tear down may not execute as expected. + +### Cleanup script + +#### This script will make sure all the environment variable values are not stored in your configuration files. Please run this after you are done deploying the modules. Usually you will run this script when you are about to exit your container. + +``` PowerShell + ./Orchestration/OrchestrationService/Cleanup_Script.ps1 + ``` + +### **Remove vdc-toolkit-rg** + +Teardown removes only the resources deployed from VDC toolkit orchestration but do not actually remove the resource group (vdc-toolkit-rg) and storage accounts created by VDC toolkit deployment. +vdc-toolkit-rg + +Use the Azure Cli to remove the resource group and the storage accounts. Find the storage account name from the vdc-toolkit-rg resource group. + +``` AzureCli +az account set --subscription [SUBSCRIPTION_ID] + +az storage container legal-hold clear --resource-group vdc-toolkit-rg --account-name [STORAGE_ACCOUNT_NAME] --container-name deployments --tags audit + +az storage container legal-hold clear --resource-group vdc-toolkit-rg --account-name [STORAGE_ACCOUNT_NAME] --container-name audit --tags audit +``` + +### **Remove KeyVault** + +For safety reasons, the key vault will not be deleted. Instead, it will be set to a _removed_ state. This means that the name is still considered in use. To fully delete the key vault, use: + +``` PowerShell +Get-AzKeyVault -InRemovedState | ? { Write-Host "Removing vault: $($_.VaultName)"; Remove-AzKeyVault -InRemovedState -VaultName $_.VaultName -Location $_.Location -Force } +``` diff --git a/Environments/SharedServices_OnpremisesExtension/orchestration.json b/Environments/SharedServices_OnpremisesExtension/orchestration.json index 778935e..79431b8 100644 --- a/Environments/SharedServices_OnpremisesExtension/orchestration.json +++ b/Environments/SharedServices_OnpremisesExtension/orchestration.json @@ -1058,6 +1058,9 @@ }, "domainAdminPassword": { "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminPassword}" + }, + "storageBlobUrl": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.StorageBlobUrl}" } } } diff --git a/Environments/SharedServices_OnpremisesExtension/parameters.json b/Environments/SharedServices_OnpremisesExtension/parameters.json index 459c08c..6806fd8 100644 --- a/Environments/SharedServices_OnpremisesExtension/parameters.json +++ b/Environments/SharedServices_OnpremisesExtension/parameters.json @@ -4,6 +4,7 @@ "InstanceName": "${Parameters.Organization}-${Parameters.DeploymentName}", "Subscription": "SharedServices", "Location": "West US", + "StorageBlobUrl": "env(AZURE_STORAGE_BLOB_URL)", "ModuleConfigurationParameters": { "KeyVaultManagementUserId": "env(KEYVAULT_MANAGEMENT_USER_ID)", "DevOpsServicePrincipalId": "env(DEVOPS_SERVICE_PRINCIPAL_USER_ID)", @@ -682,7 +683,8 @@ "*.download.opensuse.org", "download.opensuse.org", "*.monitoring.azure.com", - "monitoring.azure.com" + "monitoring.azure.com", + "core.usgovcloudapi.net" ] } ] @@ -876,6 +878,7 @@ "Name": "adds-vm", "ResourceGroup": "${Parameters.InstanceName}-adds-rg", "Comments": "Windows VM name cannot exceed 13 characters. Additionally, Make sure that AddsIPAddressStart and ActiveDirectory.PrimaryDomainControllerIP are in the same subnet address prefix and they don't overlap", + "StorageBlobUrl": "${Parameters.StorageBlobUrl}", "AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}", "AdminPassword": { "keyVault": { diff --git a/Environments/_Common/subscriptions.json b/Environments/_Common/subscriptions.json index 26f15a7..fb6d0b5 100644 --- a/Environments/_Common/subscriptions.json +++ b/Environments/_Common/subscriptions.json @@ -1,33 +1,38 @@ { - "Comments": "Dashes are not supported as part of a Subscription name", - "OnPremises": { - "Comments": "Simulated On-Premises subscription and tenant information", - "TenantId": "00000000-0000-0000-0000-000000000000", - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - "SharedServices": { - "Comments": "Shared services subscription and tenant information", - "TenantId": "00000000-0000-0000-0000-000000000000", - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - "AKS": { - "Comments": "Shared services subscription and tenant information", - "TenantId": "00000000-0000-0000-0000-000000000000", - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - "ASE_SQLDB": { - "Comments": "Workload subscription and tenant information", - "TenantId": "00000000-0000-0000-0000-000000000000", - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - }, - "NTier_IaaS": { - "Comments": "Workload subscription and tenant information", - "TenantId": "00000000000000000000000", - "SubscriptionId": "00000000000000000000000" - }, - "Artifacts": { - "Comments": "Subscription and tenant information where the Artifacts Storage Account will reside", - "TenantId": "00000000-0000-0000-0000-000000000000", - "SubscriptionId": "00000000-0000-0000-0000-000000000000" - } -} \ No newline at end of file + "Comments": "ToolKit for Jack", + "VDCVDI": { + "Comments": "Microsoft VDC with VDI environment subscription and tenant information", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "000000-000-0000-0000" + }, + "OnPremises": { + "Comments": "Simulated On-Premises subscription and tenant information", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "000000-000-0000-0000" + }, + "SharedServices": { + "Comments": "Shared services subscription and tenant information", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "000000-000-0000-0000" + }, + "AKS": { + "Comments": "Shared services subscription and tenant information", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "000000-000-0000-0000" + }, + "ASE_SQLDB": { + "Comments": "Workload subscription and tenant information", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "00000000-0000-0000-0000-000000000000" + }, + "NTier_IaaS": { + "Comments": "Workload subscription and tenant information", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "000000-000-0000-0000" + }, + "Artifacts": { + "Comments": "Subscription and tenant information where the Artifacts Storage Account will reside", + "TenantId": "000000-000-0000-0000", + "SubscriptionId": "000000-000-0000-0000" + } +} diff --git a/Modules/ActiveDirectory/deploy.json b/Modules/ActiveDirectory/deploy.json index 38f11f6..57c8f06 100644 --- a/Modules/ActiveDirectory/deploy.json +++ b/Modules/ActiveDirectory/deploy.json @@ -84,6 +84,13 @@ "metadata": { "description": "Optional. Location for all resources." } + }, + "storageBlobUrl": { + "type": "string", + "defaultValue": "core.windows.net", + "metadata": { + "description": "Required. BLOB Storage URL based on Azure Environment." + } } }, "variables": { @@ -107,7 +114,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/newADDomain.zip?', parameters('artifactsStorageAccountSasKey'))]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/', 'scripts/Windows/newADDomain.zip?', parameters('artifactsStorageAccountSasKey'))]", "script": "newDomain.ps1", "function": "NewDomain" }, @@ -148,7 +155,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/new-dns-zone.ps1')]" + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/', 'scripts/Windows/new-dns-zone.ps1')]" ] }, "protectedSettings": { @@ -198,7 +205,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/create-new-cloud-ad-site.ps1')]" + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/', 'scripts/Windows/create-new-cloud-ad-site.ps1')]" ] }, "protectedSettings": { diff --git a/Modules/ActiveDirectoryDomainServices/deploy.json b/Modules/ActiveDirectoryDomainServices/deploy.json index 1f08f73..22d9ffb 100644 --- a/Modules/ActiveDirectoryDomainServices/deploy.json +++ b/Modules/ActiveDirectoryDomainServices/deploy.json @@ -90,6 +90,13 @@ "metadata": { "description": "Optional. Location for all resources." } + }, + "storageBlobUrl": { + "type": "string", + "defaultValue": "core.windows.net", + "metadata": { + "description": "Required. BLOB Storage URL based on Azure Environment." + } } }, "variables": { @@ -122,7 +129,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/install_ADDS_No_Disk_Format.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/', 'scripts/Windows/install_ADDS_No_Disk_Format.zip')]", "script": "azure.ps1", "function": "CreateDomainController" }, @@ -167,7 +174,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/reboot_vm_async.ps1')]" + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/', 'scripts/Windows/reboot_vm_async.ps1')]" ] }, "protectedSettings": { diff --git a/Modules/AutomationAccounts/deploy.json b/Modules/AutomationAccounts/deploy.json index 33f80e6..05d69ac 100644 --- a/Modules/AutomationAccounts/deploy.json +++ b/Modules/AutomationAccounts/deploy.json @@ -29,7 +29,13 @@ "West Central US", "West Europe", "West US 2", - "West US" + "West US", + "USGov Virginia", + "USGov Iowa", + "USGov Arizona", + "USGov Texas", + "USDoD Central", + "USDoD East" ], "metadata": { "description": "Required. Specifies the region for your Automation Account" diff --git a/Modules/AzureBastion/Scripts/register.provider.feature.ps1 b/Modules/AzureBastion/Scripts/register.provider.feature.ps1 index d961aad..9866a96 100644 --- a/Modules/AzureBastion/Scripts/register.provider.feature.ps1 +++ b/Modules/AzureBastion/Scripts/register.provider.feature.ps1 @@ -1,12 +1,17 @@ -$installed = Get-AzProviderFeature -ProviderNamespace Microsoft.Network | Where-Object -Property "FeatureName" -EQ "AllowBastionHost" +## Azure Government does not have this feature so it will always send the script into an infinite loop +#$installed = Get-AzProviderFeature -ProviderNamespace Microsoft.Network | Where-Object -Property "FeatureName" -EQ "AllowBastionHost" + +# I am adding the Microsoft.Network provider here instead of the bastion. +$installed = Get-AzResourceProvider -ProviderNamespace Microsoft.Network if ($null -eq $installed) { - Register-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network + # Register-AzProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network Register-AzResourceProvider -ProviderNamespace Microsoft.Network } While ($null -eq $installed) { - $installed = Get-AzProviderFeature -ProviderNamespace Microsoft.Network | Where-Object -Property "FeatureName" -EQ "AllowBastionHost" + #$installed = Get-AzProviderFeature -ProviderNamespace Microsoft.Network | Where-Object -Property "FeatureName" -EQ "AllowBastionHost" + $installed = Get-AzResourceProvider -ProviderNamespace Microsoft.Network $isInstalled = $null -ne $installed Write-Host "Is installed: $isInstalled" Start-Sleep -Seconds 20 diff --git a/Modules/AzureBastion/deploy.json b/Modules/AzureBastion/deploy.json index 67cddcc..3b6527d 100644 --- a/Modules/AzureBastion/deploy.json +++ b/Modules/AzureBastion/deploy.json @@ -39,12 +39,31 @@ "type": "string", "defaultValue": "[resourceGroup().location]", "allowedValues": [ - "West US", - "East US", - "West Europe", - "South Central US", + "Australia Central", "Australia East", - "Japan East" + "Australia Southeast", + "Brazil South", + "Canada Central", + "Central India", + "East US", + "East US 2", + "France Central", + "Japan East", + "Korea Central", + "North Europe", + "South Central US", + "Southeast Asia", + "UK South", + "West Central US", + "West Europe", + "West US 2", + "West US", + "USGov Virginia", + "USGov Iowa", + "USGov Arizona", + "USGov Texas", + "USDoD Central", + "USDoD East" ], "metadata": { "description": "Optional. Location for Azure Bastion, is currently limited to a small subset of regions." diff --git a/Modules/AzureSecurityCenter/deploy.json b/Modules/AzureSecurityCenter/deploy.json index 3bb54b8..5f5affb 100644 --- a/Modules/AzureSecurityCenter/deploy.json +++ b/Modules/AzureSecurityCenter/deploy.json @@ -18,6 +18,13 @@ "metadata": { "description": "Optional. Turns automatic deployment of a Log Analytics workspace" } + }, + "environmentName": { + "type": "string", + "defaultValue": "AzureCloud", + "metadata":{ + "description": "This will determine if Azure Security Center is setup with Government or Commercial pricing tiers." + } } }, "variables": { @@ -44,6 +51,7 @@ } }, { + "condition": "[equals(parameters('environmentName'), 'AzureCloud')]", "type": "Microsoft.Security/pricings", "apiVersion": "2018-06-01", "name": "AppServices", @@ -66,6 +74,7 @@ } }, { + "condition": "[equals(parameters('environmentName'), 'AzureCloud')]", "type": "Microsoft.Security/pricings", "apiVersion": "2018-06-01", "name": "StorageAccounts", diff --git a/Modules/InternetInformationServices/deploy.json b/Modules/InternetInformationServices/deploy.json index c2847e9..8b855b1 100644 --- a/Modules/InternetInformationServices/deploy.json +++ b/Modules/InternetInformationServices/deploy.json @@ -50,6 +50,13 @@ "metadata": { "description": "Optional. Location for all resources." } + }, + "storageBlobUrl": { + "type": "string", + "defaultValue": "core.windows.net", + "metadata": { + "description": "Required. BLOB Storage URL based on Azure Environment." + } } }, "variables": { @@ -76,7 +83,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/iisaspnet.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/iisaspnet.zip')]", "script": "iisaspnet.ps1", "function": "IISASPNET" } @@ -99,7 +106,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/iisaspnet.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/iisaspnet.zip')]", "script": "iisaspnet.ps1", "function": "IISASPNET" } diff --git a/Modules/LogAnalytics/deploy.json b/Modules/LogAnalytics/deploy.json index 343e63b..3f77a58 100644 --- a/Modules/LogAnalytics/deploy.json +++ b/Modules/LogAnalytics/deploy.json @@ -51,7 +51,13 @@ "UK South", "West Europe", "West US", - "West US 2" + "West US 2", + "USGov Virginia", + "USGov Iowa", + "USGov Arizona", + "USGov Texas", + "USDoD Central", + "USDoD East" ], "metadata": { "description": "Required. Region used when establishing the workspace" diff --git a/Modules/NISTControls/deploy.json b/Modules/NISTControls/deploy.json index 1823d7f..db446a8 100644 --- a/Modules/NISTControls/deploy.json +++ b/Modules/NISTControls/deploy.json @@ -24,8 +24,9 @@ }, "location": { "type": "string", + "defaultValue": "[resourceGroup().location]", "metadata": { - "description": "Required. Location used as part of the Policy assignment." + "description": "Optional. Location of the Storage Account." } }, "listOfResourceTypesWithDiagnosticLogsEnabled": { @@ -805,13 +806,13 @@ } }, { - "name": "[guid('08e6af2d-db70-460a-bfe9-d5bd474ba9d6')]", + "name": "[guid('f6de0be7-9a8a-4b8a-b349-43cf02d22f7c')]", "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2018-05-01", "location": "[parameters('location')]", "properties": { - "displayName": "Network Security Group Rules for Internet facing virtual machines should be hardened", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", + "displayName": "Internet-facing virtual machines should be protected with Network Security Groups", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c", "scope": "[subscription().id]", "notScopes": [], "parameters": { diff --git a/Modules/NISTControls/parameters.json b/Modules/NISTControls/parameters.json index ef008bd..4ba1de4 100644 --- a/Modules/NISTControls/parameters.json +++ b/Modules/NISTControls/parameters.json @@ -6,7 +6,7 @@ "value": "/subscriptions/000000000/resourcegroups/rg/" }, "location": { - "value": "West US" + "value": "" } } } \ No newline at end of file diff --git a/Modules/NetworkSecurityGroups/Scripts/enable.flow.logs.ps1 b/Modules/NetworkSecurityGroups/Scripts/enable.flow.logs.ps1 index 7fe7d8b..dfac5e1 100644 --- a/Modules/NetworkSecurityGroups/Scripts/enable.flow.logs.ps1 +++ b/Modules/NetworkSecurityGroups/Scripts/enable.flow.logs.ps1 @@ -20,7 +20,10 @@ $LogAnalyticsWorkspaceId, [Parameter(Mandatory=$true)] [string] - $WorkspaceRegion + $WorkspaceRegion, + [Parameter(Mandatory=$true)] + [string] + $environmentName ) try { @@ -37,7 +40,6 @@ try { Write-Host "No subscription switching is required." } - $WorkspaceRegion = $WorkspaceRegion.Replace(' ', '').ToLower() $NetworkWatcherRegion = $NetworkWatcherRegion.Replace(' ', '').ToLower() $registered = Get-AzResourceProvider -ProviderNamespace Microsoft.Insights @@ -55,8 +57,18 @@ try { Write-Host "Registration complete" - $NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name "NetworkWatcher_$NetworkWatcherRegion" + $NW = Get-AzNetworkWatcher -ResourceGroupName NetworkWatcherRg -Name "NetworkWatcher_$NetworkWatcherRegion" -ErrorAction SilentlyContinue + if ($null -eq $NW) { + $NWRG = Get-AzResourceGroup -Name NetworkWatcherRG -ErrorAction SilentlyContinue + if ($null -eq $NWRG) { + $NWRG = New-AzResourceGroup -Name NetworkWatcherRG -Location $NetworkwatcherRegion + } + + $NW = New-AzNetworkWatcher -ResourceGroupName NetworkWatcherRG -Location $NetworkWatcherRegion -Name "NetworkWatcher_$NetworkWatcherRegion" + } + + #Configure Version 2 FLow Logs with Traffic Analytics Configured Set-AzNetworkWatcherConfigFlowLog -EnableRetention $true -RetentionInDays 365 -NetworkWatcher $NW -TargetResourceId $NetworkSecurityGroupId -StorageAccountId $DiagnosticStorageAccountId -EnableFlowLog $true -FormatType Json -FormatVersion 2 -EnableTrafficAnalytics -WorkspaceResourceId $LogAnalyticsWorkspaceId -WorkspaceGUID $WorkspaceId -WorkspaceLocation $WorkspaceRegion | Out-Null } diff --git a/Modules/SQLServerAlwaysOn/deploy.json b/Modules/SQLServerAlwaysOn/deploy.json index e76994a..773b826 100644 --- a/Modules/SQLServerAlwaysOn/deploy.json +++ b/Modules/SQLServerAlwaysOn/deploy.json @@ -102,6 +102,13 @@ "metadata": { "description": "Optional. Location for all resources." } + }, + "storageBlobUrl": { + "type": "string", + "defaultValue": "core.windows.net", + "metadata": { + "description": "Required. BLOB Storage URL based on Azure Environment." + } } }, "variables": { @@ -135,7 +142,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/PrepareSQLServer_Install_Modules.ps1')]" + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/PrepareSQLServer_Install_Modules.ps1')]" ] }, "protectedSettings": { @@ -182,7 +189,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/PrepareSQLServer.ps1.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/PrepareSQLServer.ps1.zip')]", "script": "PrepareSqlServer.ps1", "function": "SqlServerPrepareDsc" }, @@ -191,7 +198,7 @@ "ClusterName": "[parameters('clusterName')]", "ClusterOwnerNode": "[concat(parameters('virtualMachineName'), '1')]", "ClusterIP": "[parameters('sqlServerILB_IPAddress')]", - "witnessStorageBlobEndPoint": "[concat('https://', parameters('cloudWitnessStorageAccountName'), '.blob.core.windows.net')]", + "witnessStorageBlobEndPoint": "[concat('https://', parameters('cloudWitnessStorageAccountName'), '.blob.', parameters('storageBlobUrl'))]", "witnessStorageAccountKey": "[listkeys(resourceId('Microsoft.Storage/storageAccounts', parameters('cloudWitnessStorageAccountKey')), '2016-12-01').keys[0].value]" } }, @@ -252,7 +259,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/sleep.ps1')]" + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/sleep.ps1')]" ] }, "protectedSettings": { @@ -304,7 +311,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/PrepareSQLServer.ps1.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/PrepareSQLServer.ps1.zip')]", "script": "PrepareSqlServer.ps1", "function": "SqlServerPrepareDsc" }, @@ -313,7 +320,7 @@ "ClusterName": "[parameters('clusterName')]", "ClusterOwnerNode": "[concat(parameters('virtualMachineName'), '1')]", "ClusterIP": "[parameters('sqlServerILB_IPAddress')]", - "witnessStorageBlobEndPoint": "[concat('https://', parameters('cloudWitnessStorageAccountName'), '.blob.core.windows.net')]", + "witnessStorageBlobEndPoint": "[concat('https://', parameters('cloudWitnessStorageAccountName'), '.blob.', parameters('storageBlobUrl'))]", "witnessStorageAccountKey": "[listkeys(resourceId('Microsoft.Storage/storageAccounts', parameters('cloudWitnessStorageAccountKey')), '2016-12-01').keys[0].value]" } }, @@ -374,7 +381,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/CreateHADB.ps1.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/CreateHADB.ps1.zip')]", "script": "agdb.ps1", "function": "SQLServerDBDsc" }, @@ -383,7 +390,7 @@ "ClusterName": "[parameters('clusterName')]", "ClusterOwnerNode": "[concat(parameters('virtualMachineName'), '1')]", "ClusterIP": "[parameters('sqlServerILB_IPAddress')]", - "witnessStorageBlobEndPoint": "[concat('https://', parameters('cloudWitnessStorageAccountName'), '.blob.core.windows.net')]", + "witnessStorageBlobEndPoint": "[concat('https://', parameters('cloudWitnessStorageAccountName'), '.blob.', parameters('storageBlobUrl'))]", "witnessStorageAccountKey": "[listkeys(resourceId('Microsoft.Storage/storageAccounts', parameters('cloudWitnessStorageAccountKey')), '2016-12-01').keys[0].value]" } }, diff --git a/Modules/StorageAccounts/Policy/parameters.json b/Modules/StorageAccounts/Policy/parameters.json index bfe6685..ead776e 100644 --- a/Modules/StorageAccounts/Policy/parameters.json +++ b/Modules/StorageAccounts/Policy/parameters.json @@ -9,7 +9,7 @@ "value": "NetworkWatcherRG" }, "resourceGroupLocation": { - "value": "West US" + "value": "[parameters('location')]" } } } \ No newline at end of file diff --git a/Modules/VirtualMachineScaleSets/deploy.json b/Modules/VirtualMachineScaleSets/deploy.json index a395508..e2fae4a 100644 --- a/Modules/VirtualMachineScaleSets/deploy.json +++ b/Modules/VirtualMachineScaleSets/deploy.json @@ -198,6 +198,13 @@ "metadata": { "description": "Optional. Location for all resources." } + }, + "storageBlobUrl": { + "type": "string", + "defaultValue": "core.windows.net", + "metadata": { + "description": "Required. BLOB Storage URL based on Azure Environment." + } } }, "variables": { @@ -318,7 +325,7 @@ "diagnosticsProfile": { "bootDiagnostics": { "enabled": true, - "storageUri": "[concat('https://', parameters('diagnosticStorageAccountName'), '.blob.core.windows.net/')]" + "storageUri": "[concat('https://', parameters('diagnosticStorageAccountName'), '.blob.', parameters('storageBlobUrl'))]" } }, "extensionProfile": { @@ -639,7 +646,7 @@ "protectedSettings": { "storageAccountName": "[parameters('diagnosticStorageAccountName')]", "storageAccountSasToken": "[parameters('diagnosticStorageAccountSasToken')]", - "storageAccountEndPoint": "https://core.windows.net" + "storageAccountEndPoint": "[concat('https://', parameters('storageBlobUrl'))]" } } }, @@ -661,7 +668,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/formatDataDisks.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/formatDataDisks.zip')]", "script": "formatDisk.ps1", "function": "FormatDisk" }, diff --git a/Modules/VirtualMachines/deploy.json b/Modules/VirtualMachines/deploy.json index 791f986..a863913 100644 --- a/Modules/VirtualMachines/deploy.json +++ b/Modules/VirtualMachines/deploy.json @@ -225,6 +225,13 @@ "metadata": { "description": "Optional. AD domain name. If joinToDomain is set to true, this value becomes required." } + }, + "storageBlobUrl": { + "type": "string", + "defaultValue": "core.windows.net", + "metadata": { + "description": "Required. BLOB Storage URL based on Azure Environment." + } } }, "variables": { @@ -536,7 +543,7 @@ "diagnosticsProfile": { "bootDiagnostics": { "enabled": true, - "storageUri": "[concat('https://', parameters('diagnosticStorageAccountName'), '.blob.core.windows.net/')]" + "storageUri": "[concat('https://', parameters('diagnosticStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/')]" } } }, @@ -629,7 +636,7 @@ "autoUpgradeMinorVersion": true, "settings": { "configuration": { - "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/formatDataDisks.zip')]", + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/formatDataDisks.zip')]", "script": "formatDisk.ps1", "function": "FormatDisk" }, @@ -931,7 +938,7 @@ "protectedSettings": { "storageAccountName": "[parameters('diagnosticStorageAccountName')]", "storageAccountSasToken": "[parameters('diagnosticStorageAccountSasToken')]", - "storageAccountEndPoint": "https://core.windows.net" + "storageAccountEndPoint": "[concat('https://', parameters('storageBlobUrl'))]" } } }, @@ -967,7 +974,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/enable-local-policy-settings.ps1')]" + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.', parameters('storageBlobUrl'), '/scripts/Windows/enable-local-policy-settings.ps1')]" ] }, "protectedSettings": { @@ -1144,7 +1151,7 @@ "properties": { "publisher": "Microsoft.EnterpriseCloud.Monitoring", "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.7", + "typeHandlerVersion": "1.8", "settings": { "workspaceId": "[parameters('workspaceId')]" }, @@ -1871,7 +1878,7 @@ }, "protectedSettings": { "storageAccountName": "[parameters('diagnosticStorageAccountName')]", - "storageAccountEndPoint": "https://core.windows.net/", + "storageAccountEndPoint": "[concat('https://', parameters('storageBlobUrl'), '/')]", "storageAccountSasToken": "[parameters('diagnosticStorageAccountSasToken')]" } } @@ -2067,6 +2074,13 @@ "metadata": { "description": "The resource identifier of the VMs provisioned." } + }, + "AzureEnvUrl": { + "type": "string", + "value": "parameters('storageBlobUrl')", + "metadata": { + "description": "Checking the incoming storageBlobUrl." + } } } } diff --git a/Orchestration/Common/Helper.psm1 b/Orchestration/Common/Helper.psm1 index cda9c68..8b7eb35 100644 --- a/Orchestration/Common/Helper.psm1 +++ b/Orchestration/Common/Helper.psm1 @@ -490,4 +490,18 @@ Function Format-FilePathSpecificToOS () { return ` Join-Path @arguments; } -} \ No newline at end of file +} + +Function Get-AzureApiUrl() { + [CmdletBinding()] + param( + [Parameter(Mandatory=$true)] + [string] + $AzureEnvironment = "AzureCloud", + [Parameter(Mandatory=$true)] + [string] + $AzureDiscoveryUrl + ) + + return ( Invoke-RestMethod -Uri $AzureDiscoveryUrl -Method Get -ContentType "application/json" ) | where { $_.name -eq $AzureEnvironment } +} diff --git a/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 b/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 index 01e9ec1..a7419f7 100644 --- a/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 +++ b/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 @@ -1,20 +1,26 @@ +Import-Module "$($rootPath)/../Common/Helper.psd1" -Force; + Class AzureResourceManagerDeploymentService: IDeploymentService { - [string] $armResourceGroupDeploymentUri = "https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.Resources/deployments/{2}?api-version=2019-05-10"; - [string] $armSubscriptionDeploymentUri = "https://management.azure.com/subscriptions/{0}/providers/Microsoft.Resources/deployments/{1}?api-version=2019-05-10" - [string] $armResourceGroupValidationUri = "https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.Resources/deployments/{2}/validate?api-version=2019-05-10"; - [string] $armSubscriptionValidationUri = "https://management.azure.com/subscriptions/{0}/providers/Microsoft.Resources/deployments/{1}/validate?api-version=2019-05-10" + [string] $armResourceGroupDeploymentUri = "" + [string] $armSubscriptionDeploymentUri = "" + [string] $armResourceGroupValidationUri = "" + [string] $armSubscriptionValidationUri = "" - [bool] $isSubscriptionDeployment = $false; + [bool] $isSubscriptionDeployment = $false; [hashtable] ExecuteDeployment([string] $tenantId, ` [string] $subscriptionId, ` [string] $resourceGroupName, ` [string] $deploymentTemplate, ` [string] $deploymentParameters, ` - [string] $location) { + [string] $location, + [string] $azureManagementUrl) { try { + # set the URL's from Discovery REST API call + $this.SetAzureEnvironmentBasedManagementUrls($azureManagementUrl); + # call arm deployment $deployment = ` $this.InvokeARMOperation( @@ -754,4 +760,23 @@ Class AzureResourceManagerDeploymentService: IDeploymentService { throw $_; } } + + hidden [void] SetAzureEnvironmentBasedManagementUrls([string] $mngtUrl) + { + if(![string]::IsNullOrEmpty($mngtUrl)) { + $this.armResourceGroupDeploymentUri = $mngtUrl + "/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.Resources/deployments/{2}?api-version=2019-05-10"; + $this.armSubscriptionDeploymentUri = $mngtUrl + "/subscriptions/{0}/providers/Microsoft.Resources/deployments/{1}?api-version=2019-05-10"; + $this.armResourceGroupValidationUri = $mngtUrl + "/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.Resources/deployments/{2}/validate?api-version=2019-05-10"; + $this.armSubscriptionValidationUri = $mngtUrl + "/subscriptions/{0}/providers/Microsoft.Resources/deployments/{1}/validate?api-version=2019-05-10"; + } + else + { + $this.armResourceGroupDeploymentUri = "https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.Resources/deployments/{2}?api-version=2019-05-10"; + $this.armSubscriptionDeploymentUri = "https://management.azure.com/subscriptions/{0}/providers/Microsoft.Resources/deployments/{1}?api-version=2019-05-10"; + $this.armResourceGroupValidationUri = "https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.Resources/deployments/{2}/validate?api-version=2019-05-10"; + $this.armSubscriptionValidationUri = "https://management.azure.com/subscriptions/{0}/providers/Microsoft.Resources/deployments/{1}/validate?api-version=2019-05-10"; + } + + Write-Debug "Management URL: $mngtUrl"; + } } \ No newline at end of file diff --git a/Orchestration/OrchestrationService/Cleanup_Script.ps1 b/Orchestration/OrchestrationService/Cleanup_Script.ps1 new file mode 100644 index 0000000..8bc590c --- /dev/null +++ b/Orchestration/OrchestrationService/Cleanup_Script.ps1 @@ -0,0 +1,24 @@ + +$var = (Get-Content -Path .\Config\toolkit.subscription.json) | ConvertFrom-Json +$var.Comments = "Cleaned up from deployment" +$var.SubscriptionId = "000000-000-0000-0000" +$var.TenantId = "00000-0000000-000000-0000-0" +$var.Location = "DUMMYVALUE" +$var | ConvertTo-Json | Set-Content -Path .\Config\toolkit.subscription.json +##### Replace values with environment variables for the subscription.json file +$vdc = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$vdc.VDCVDI.SubscriptionId = "000000-000-0000-0000" +$vdc.VDCVDI.TenantId = "000000-000-0000-0000" +$vdc | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json +$SS = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$SS.SharedServices.SubscriptionId = "000000-000-0000-0000" +$SS.SharedServices.TenantId ="000000-000-0000-0000" +$SS | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json +$arti = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$arti.Artifacts.SubscriptionId = "000000-000-0000-0000" +$arti.Artifacts.TenantId = "000000-000-0000-0000" +$arti | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json +$onprem = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$onprem.OnPremises.SubscriptionId = "000000-000-0000-0000" +$onprem.OnPremises.TenantId = "000000-000-0000-0000" +$onprem | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json diff --git a/Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 b/Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 index f947cb1..fa49da0 100644 --- a/Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 +++ b/Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1 @@ -55,6 +55,24 @@ $defaultModuleConfigurationsFolderName = "Modules"; $defaultTemplateFileName = "deploy.json"; $defaultParametersFileName = "parameters.json"; +# Get/Set the BLOB Storage & Management URL based on Azure Environment +$discUrlResponse = Get-AzureApiUrl -AzureEnvironment $ENV:AZURE_ENVIRONMENT_NAME -AzureDiscoveryUrl $ENV:AZURE_DISCOVERY_URL +$ENV:AZURE_STORAGE_BLOB_URL = $discUrlResponse.suffixes.storage +$AzureManagementUrl = $discUrlResponse.authentication.audiences[1] +Write-Debug "AZURE_STORAGE_BLOB_URL: $ENV:AZURE_STORAGE_BLOB_URL" +Write-Debug "AzureManagementUrl: $AzureManagementUrl" +$ENV:VDC_SUBSCRIPTIONS = (Get-Content .\Environments\_Common\subscriptions.json -Raw) +$ENV:VDC_TOOLKIT_SUBSCRIPTION = (Get-Content .\Config\toolkit.subscription.json -Raw) +Write-Debug "AZURE_STORAGE_BLOB_URL: $ENV:AZURE_STORAGE_BLOB_URL" +Write-Debug "AzureManagementUrl: $AzureManagementUrl" + + +# Get the config files +$ENV:VDC_SUBSCRIPTIONS = (Get-Content ./Environments/_Common/subscriptions.json -Raw) +$ENV:VDC_TOOLKIT_SUBSCRIPTION = (Get-Content ./Config/toolkit.subscription.json -Raw) +#Write-Debug "ToolkitJSON: $ENV:VDC_SUBSCRIPTIONS" +#Write-Debug "SubscriptionJson: $ENV:VDC_TOOLKIT_SUBSCRIPTION" + Function Start-Deployment { [CmdletBinding()] param ( @@ -130,18 +148,18 @@ Function Start-Deployment { $ModuleConfigurationName = ` $moduleConfiguration.Name; - $subscriptionInformation = $null; - $subscriptionInformation = ` - Get-SubscriptionInformation ` - -ArchetypeInstanceJson $archetypeInstanceJson ` - -SubscriptionName $archetypeInstanceJson.Parameters.Subscription ` - -ModuleConfiguration $moduleConfiguration ` - -Mode @{ "False" = "deploy"; "True" = "validate"; }[$Validate.ToString()]; - - if ($null -eq $subscriptionInformation) { - throw "Subscription: $($archetypeInstanceJson.Parameters.Subscription) not found"; - } + $subscriptionInformation = $null; + $subscriptionInformation = ` + Get-SubscriptionInformation ` + -ArchetypeInstanceJson $archetypeInstanceJson ` + -SubscriptionName $archetypeInstanceJson.Parameters.Subscription ` + -ModuleConfiguration $moduleConfiguration ` + -Mode @{ "False" = "deploy"; "True" = "validate"; }[$Validate.ToString()]; + if ($null -eq $subscriptionInformation) { + throw "Subscription: $($archetypeInstanceJson.Parameters.Subscription) not found"; + } + # Let's get the current subscription context $sub = Get-AzContext | Select-Object Subscription @@ -331,7 +349,8 @@ Function Start-Deployment { -ModuleConfiguration $moduleConfiguration.Policies ` -ArchetypeInstanceName $ArchetypeInstanceName ` -Location $location ` - -Validate:$($Validate.IsPresent); + -Validate:$($Validate.IsPresent) ` + -AzureManagementUrl $AzureManagementUrl; Write-Debug "Deployment complete, Resource state is: $(ConvertTo-Json -Compress $policyResourceState)"; } else { @@ -392,7 +411,8 @@ Function Start-Deployment { -ModuleConfiguration $moduleConfiguration.RBAC ` -ArchetypeInstanceName $ArchetypeInstanceName ` -Location $location ` - -Validate:$($Validate.IsPresent); + -Validate:$($Validate.IsPresent) ` + -AzureManagementUrl $AzureManagementUrl; Write-Debug "Deployment complete, Resource state is: $(ConvertTo-Json -Compress $rbacResourceState)"; } else { @@ -413,7 +433,8 @@ Function Start-Deployment { -ModuleConfiguration $moduleConfiguration.Deployment ` -ArchetypeInstanceName $ArchetypeInstanceName ` -Location $location ` - -Validate:$($Validate.IsPresent); + -Validate:$($Validate.IsPresent) ` + -AzureManagementUrl $AzureManagementUrl; Write-Debug "Deployment complete, Resource state is: $(ConvertTo-Json -Compress $resourceState)"; } } @@ -745,7 +766,7 @@ Function Start-Init { $global:customScriptExecution = ` $factory.GetInstance('CustomScriptExecution'); - + # Contruct the archetype instance object only if it is not already # cached $archetypeInstanceJson = ` @@ -764,6 +785,9 @@ Function Start-Init { $location = $archetypeInstanceJson.Parameters.Location } + Write-Debug ($archetypeInstanceJson.Orchestration.ModuleConfigurations.Deployment.OverrideParameters[10].storageBlobUrl | Format-Table | Out-String) + Write-Debug ($archetypeInstanceJson.Parameters | Format-Table | Out-String) + # Retrieve the Archetype instance name if not already passed # to this function $archetypeInstanceName = ` @@ -802,12 +826,12 @@ Function Get-AllModules { $topologicalSortRootPath = ` Join-Path $rootPath -ChildPath 'TopologicalSort'; - - # Adding Out-Null to prevent outputs from the Invoke-Command from being added to + + # Adding Out-Null to prevent outputs from the Invoke-Command from being added to Invoke-Command -ScriptBlock { dotnet build $topologicalSortRootPath --configuration Release --output ./ } | Out-Null - - $topologicalSortAssemblyPath = ` - Join-Path $topologicalSortRootPath "TopologicalSort.dll" + + + $topologicalSortAssemblyPath = Join-Path $topologicalSortRootPath "TopologicalSort.dll" Add-Type -Path $topologicalSortAssemblyPath @@ -1510,7 +1534,7 @@ Function Get-AuditStorageInformation { StorageAccountName = '' LocalPath = '' }; - + if ($ToolkitConfigurationJson.Configuration.Audit -and $ToolkitConfigurationJson.Configuration.Audit.StorageType.ToLower() -eq "storageaccount"){ @@ -2180,7 +2204,9 @@ Function New-AzureResourceManagerDeployment { $Location, [Parameter(Mandatory=$true)] [switch] - $Validate + $Validate, + [string] + $AzureManagementUrl ) try { @@ -2216,7 +2242,8 @@ Function New-AzureResourceManagerDeployment { $ResourceGroupName, $DeploymentTemplate, $DeploymentParameters, - $Location); + $Location, + $AzureManagementUrl); } } catch { @@ -3172,3 +3199,5 @@ if (![string]::IsNullOrEmpty($DefinitionPath)) { } } } + + diff --git a/Orchestration/OrchestrationService/Pre_req_script.ps1 b/Orchestration/OrchestrationService/Pre_req_script.ps1 new file mode 100644 index 0000000..c8fb714 --- /dev/null +++ b/Orchestration/OrchestrationService/Pre_req_script.ps1 @@ -0,0 +1,28 @@ +##### Replace values with environment variables for the toolkit.subscription.json file +$var = (Get-Content -Path .\Config\toolkit.subscription.json) | ConvertFrom-Json +$var.Comments = "ToolKit for creating a new Virtual Data Center" +$var.SubscriptionId = $ENV:SUBSCRIPTION_ID +$var.TenantId = $ENV:TENANT_ID +$var.Location = $ENV:AZURE_LOCATION +$var | ConvertTo-Json | Set-Content -Path .\Config\toolkit.subscription.json + +##### Replace values with environment variables for the subscription.json file +$vdc = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$vdc.VDCVDI.SubscriptionId = $ENV:SUBSCRIPTION_ID +$vdc.VDCVDI.TenantId = $ENV:TENANT_ID +$vdc | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json + +$SS = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$SS.SharedServices.SubscriptionId = $ENV:SUBSCRIPTION_ID +$SS.SharedServices.TenantId = $ENV:TENANT_ID +$SS | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json + +$arti = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$arti.Artifacts.SubscriptionId = $ENV:SUBSCRIPTION_ID +$arti.Artifacts.TenantId = $ENV:TENANT_ID +$arti | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json + +$onprem = (Get-Content -Path .\Environments\_Common\subscriptions.json) | ConvertFrom-Json +$onprem.OnPremises.SubscriptionId = $ENV:SUBSCRIPTION_ID +$onprem.OnPremises.TenantId = $ENV:TENANT_ID +$onprem | ConvertTo-Json | Set-Content -Path .\Environments\_Common\subscriptions.json diff --git a/README.md b/README.md index 3e666c2..bec9011 100644 --- a/README.md +++ b/README.md @@ -22,3 +22,4 @@ Here's what is included: - [Modules](./Modules) Modules are the building blocks for the reference architectures. An indvidual module is an Azure Reousrce Manager template for deploying a single resource or a set of closely related resources. These modules are structured in a way to facilitate passing outputs to subsequent deployments. - [Orchestration](./Orchestration) This folder contains the scripts for the toolkit. The primary entry point is `Orchestration\OrchestrationService\ModuleConfigurationDeployment.ps1`. This script is used for local deployments and by the sample Azure DevOps pipelines. - [Scripts](./Scripts) These are additional assets that are used when deploying some of the environments. + diff --git a/Scripts/Windows/install_ADDS_No_Disk_Format.zip b/Scripts/Windows/install_ADDS_No_Disk_Format.zip index 2322983ed74c49a0ee69a6327744fee7452bb265..f068e43717fa0395ccd46a7b68b6147670902d82 100644 GIT binary patch literal 432171 zcmb@tQ;;Y?u%_9zZQHi{v~AnAZQHhO+qP}nINftbyL<1<%Z=EFii*mYdZ@}jBJ=xG zUJ4il1poj50zlH=Pad$Lb-^4I0H78T008n|)WFll(S*+4iLph^#%_xZ;YXL?H$Wa} zoz9S00vZNGKVNs*84PJGsu5K95I)*DwnM&HP|-D-rOz7wHR%=IwU{I;Q7_fB3W|lv z!_C{BelF+d=c&%e5n(c!i7}rt{?P*2@l}e0z^EcT1K?sLbjCkeTF|;!GhRCkL&6Yr zxqp|NWm!s*Ocs@7ll{*GLt_*HOp!LS$1gaRVAFEEI#iG=%LEIB0it|DJmrcfor+NP z3T>QH9`o!3FO|g%9ta6qT!>b_lY2T_B$27mk-F(1M=>JqP>6KD@V931>JQRB(g<8J z_Wj0D1g{_XFg1gvgQXuGE#WZ8sI)&BGAB7DDs-WI^g&?mcr^KIJtYNc{Ff_ zl4-j8dO&@&V)KLt#sKl&b!dZ{o>S{7o=4stm z)6wkMcT2`^!`#ihB!F(EM?i*IP`!Cfw@)<8r|t2|xIxDktZHEhTfD1%5}!ci#ma>V z80{vt^LIA32dlHW-4}1Hy4;T)cjfbhd_!`j2*z7k4~atlo;kVlIPICf{G$yRk!e0e zOj}e3*JEY5m!osL!`jrvZCFu?_|Gbp&FfNyaw+cRJ5=+uGE8xd?sPkMCXWaNypErE zu4ALNBWW#6JyEfzvr0SD-_P^}CP1gk%S6EGtu#*Vo?UTf4tL#?hp8RGrK#50y77M3 z9#ou9>0L}T?KMwe^DK)!@OMu*HTrsky)JP#ymg76+qcRTEN^{8yG=-byWQ6K zStp9mqv3~8w0O}u*=fvqjXqu^&uN*AvH7(Hx?MVor1xbGJ}G_IWjW>AJ$ieugISt zh)p=sKUvPab1Dyo(%dMY$;{Ii;~CT(OH-jdo#{6#DfuFssHpZrSI^kZt=jGWVFU=m zBg-v3LsCaRZA8C~owy#Owz-soe7t?#$|bdeby2v{4v~TAXLp=B=7mfNbNo_SALj$k zW-~fcR@A?)wI;_DeH)kB1Ia}}nK7`w<^+J%b)Q@+;94J-lWbzU`Ax^#c?a_el=dA5 z=u$68c_FPrI!G`N-qBw2$o9>FTjpftx6dNe%*OPyMc2JNHRAVcf?biGYg$H~fSNM- z!KO3rUi2qZu}NMA7%w4gC}vN;1DrkeIZl05fM`KKcfFpS0~znqRKb~YStEB$7OiSQ zZ#By=ec5ah8==Q84JF%M_GSpgjK6?*8T{k1HoOV0lo3D z1_iE&c9|PekMN}QK9}B)`ygOD?#4Vx{bp#HS_+RA|it#p+fHOUiU% z(B|kr=n9L%_LO0TE=ybY;t{ZVA=}JdD!zFHJ)>VV%Kp@fmD9o9~bGUb@MzD`)b4faBLN9T>a zPuzS~WtH_9SDxWl&|AxtDHga}8?wjB`JUq(^c~U06wH#p7*usOK6Eo@GWFJRqwJ^khc{Q}DWKXSYg2qULd{^ZC0Plh@FErfr|*vZJo#M!{uz}bM# z(#g)YO7(F@j&eqVR<$uwwGx7Ef?iTuPGwP{(q5Wwf=0?^f<{sX3`#XH_*+qG@+qp3 z`Dro5(CYtliFoyt3t!nf+&?zn}YVl6y)k* z`X^B^Z$YA0^JF8IK@yU*$Yh=%P>qV()r_ahpPvJw#x=zXl(>H^Wq1|X7oK{uNvkAk zM=EE?dBl}wZS6y@$*;fgy68_v<%1<{%Vv)v8NExfc9{er^a+*@wbFI0^s;9M_2@?p z(g>2OFS**4@KyO!jN?7)}B8{r*umC z6bWq$Q|pf0l_9#=jDjSE^ z_3edYi7#zH#X}NTPKjfKyJ4Q5aptgq7J*fCFo#sUIejn5XtE>^x4YZ@8~RkCde%`- zkBB18)CRyG<2$B33SPho@wZH-b}^k9JZGPe#{!KTMXe^h*SweeU5z?rs)nTYWwx)*-|jm6+&3k>fw4VtqalsAuer|O`)bu+ z&1_!JJ+IB8H@TcwE_8hVtrHrVX(W^(`Xl?kx7z}0`XNoCn`yyn7)a&}g?gO4q^v*5 zU^AgKQQqvcMMyGMQHXyjA8&nZC~2+u*YsUSlbWvTcF(!9T8UiD9NEV3*GmVm_FnXk zy3*)-irN*a)y=oHE7B8t@MA?kB*`|E0apAAB?#FT!)fUKW2x}MuS#?p%wy`48662U zj16-qVI2wHmUNG?H=W;_jao7(ZAyvgqg)^#NtTi=hUxd4XtuleJIn?5aqYQS7QlRx z)@fA8`k`kXi>}3q7==t6QwKLQWcceOBpm{of^JYr`udR=r0*L%A%6XFhJ?2qK-}~F zJM1++rjOriM%wDus5EuU4N)XF^);#$8Nq!pSQY}%b>iV(SIfFJA6vz3*Zu8`Q#~?9 z4NW!taRySThk+5jjw^2XQLV1pMEJzS0fzxPrzj?;su_5g;E%%ApkA>Ft2GMgY7FF% z+_o7@U*2k~kPVaVGskV8K?sypYds(v!q8;FVl+t=atkGCTy*L5y+9omlJ-ey+%gm! zPVg!;8t2Ca=Gvs*0l1m9@?Ue>eVE&!qo)P!_8@h*n@u~pXN$7t7!u#l`bxz^CBwas z@&vz6O)_mq>PXc`JOZsZYXvP&BKPCb0Q&Zw0t#uH)VC#b2qI#V9xTDddUS}KTe!VQ~OZ@3%qBP5(a=pL!bFl?7K&f76OuGb~kD+jN+aw*?q|I%_3Nilj zV`Jyo<0o}&neRov7#r^tu~SWW-x+i@2oCG8j*9Qk!=J0?jY7^3L(i9sR|I;qOhK&M zgO#JJo0AJuCnr{?yAWRtOoNh72A%8#dc7cf2Ak9aF*7XS&71c`OmE6CuZDL@4G92I z3z9N@I#IZM4M(c(nM3F$ARZHpV3FjXkj<$S>CNs44ZAIFo}48*Cf5$q#;8OE4KtzU zh|k(JM(lIZ>?>z-+{BG}#uC}`evC?^8(|!(<&iz{jdo>-;Lk)WV4{S;QAOc8m^nk6 zU1p7?C#PmyG6IxSBwB@$4Fk{ABcHV+iBTq77oLf_vY;Wg$SRO+q2J{jV`HI=3_%k)vl!-jZVm z?nX!CdWV~|F&(sM{P=W@a%}xoJTYhFFDKCe8U*bQP;V}vokgYJPrkO#vtE1v0M_$o zs1Z{;@dcG9GG=_;Hm^=!72pnztMM=JERSQICm}QT&cw5sJ%HTiIdb{+D?C$*m9dx6 zL@E)hoj~Y23$r-Am3=5Pa5F6N;N2$_w(|`No4>#(d=XGk7&y!1o$0U5-8884i{y0D z<0X9wW0v;V(4kVV|417-ulrJ7uwCy{lIwlen&6Y~>`Tl+eBq}1I#u%UEtr6l3`gbF zO+4(6h^~Hh6G7D82Aq?F8kF%I$vzN{i)@p)-P+r1Of7V1T#ljKq~Zf$R0Jfce-d0igDyT7sc`&rJ8{>Etm+`q!~$O$u|-%p6k38&h0xE zRO>W3jEG`fQ=`x6#uaJK`LX`Z46itJeTJEt!5juy&Lu-gf5$K)|LgwLoQd;`6Jz%* z@`o{&yoqP@hz`ivaQEUvSQ`84=OUS3BSD>5v81Gi=v0YPgz41zJy4I}59dbpdtFch zyBbpjSKiqjhMph#n-k5n(sBti8iZS2V(;<(Op_=9Sp!H77%2MLYG*#vO3~r>zF^On z@{KGAWZD(U)ux=3jQ3hMCgjfDvxv;-D(~ha>{E0IC!^L;VDDfx15Y*$V{3C!oU{SRm4HT@z;`PKiTy5{s^7xcE*1sC!hPsuo#+KhW4UL&(Wm(?)RsPlip>g(d6ynv99n`Qpck zZTh&7D^Ql8fw3*FhVy<$FO4nO4vqr`iBmY|Jw7OQ{l-9aebuP(jG$Qo{h5YYulrZP z%s(8N-{p91?G4ie#}Tx0H10mib98L3uEmqT1N-}3cwBR~4G`?h&`3~qB}=$?bk@(vFp^H- zHSK_5x3nr@Yx>h$zyqNIt(B&N($B4JIf1o&AHJ&&*Mj0PQNlnOa7YDfkeL0z0f+C+ zEco5;iqz9ss3A~ngdacZWDP(@ulj6E`!yR`0cU$!5;W4+3mm=}%<3a^gDopZGvQOd zs`|PiKtrel^5UJxLrmwJxV!clf|KR4oPb^9CXwnP+vsS6-C?auUXq&1g$?Q+QyEH< zbn7oY<>IqOg2MZ%=~g*55gxL+2Qs-T7Eft@_01eiyJonRIfJsQ%R=j+bbbBQEjNHp z(d5EUjs(3h%n&&2`mRM;CE5|_dsDD}+kSr=oel=Pq(tK<>G$@MHw<<0ZtnW7W-&nS z^uTgQ8oaX8A(Vlfin!C)9bK5z@ah@mw@JXaRyKb)E2#Hl+6N2ayU!x0f!=t|TT~Gi zF~vP-dTlPl(QFP{$@LkCw+(b{ipcZR8oCJ?oj1t-kh2bLH{;moA-aW?serak_6U1r zp_~E15__ko3WGZUm14=|^t`(pk`6-uD%^EHA(rNhq$%a(tEXf8=Nx`9x?g?I_`VgO zy*-wQxz{68nw}I6=C72No?#AeTSz`*RdFP^JB|tI@!dNu_8wUBO#AUE%s`Dep=aCYa-BlD*WBv_eOv-?&UBKVs$mwl zQSqoeqz!Qaa^b9_NVf&a&hk<$pj;*@y^`fn+oeD#;Nd~{ebPK~Yre@<;mr{vI!l zxY<>`&k~ndEl}xc$S>VcSb%{q*51@mb)DuOYH*#q>#)(EQXp)>|w-netC#V z!tK9p;DrMvqPR8z9oDDCB<@39jNwh?)$EY2e$o`g$kU%?D~-vtzvzJ{7El{3Q{$Xg z35S=!G1`9bnKfhn+{Wb=bh7YsQyf&;V&r9 zSHarO3R3>Jp{O63r73^R1zo-b$-IdpV2%cgs#R{1Qypr=Tn`G5UVq6q?CWC`GSe2^ zc+L?qqkl_XuIm+eU(lQYxcYEPf@+FmV#GM-`&A3566FC{c(04Ka<_O1w>rB4S4g`w zO2;d2Bo73{0~j}S1t~B-pjyBf*wb`t$eoF`L;RfZX6z)Z`)cp5#$i5%M$s>6F~|5U z=c|qYiG8yDSeREqev7udCW%@Q1gB{ggd~3)&0nOqW!mmi_pQxqFpG zzGWs;<3^A=gAm~mp;~o}1@7~RubcC+tMyX(l`;*G*7s#i!2Srh^&$xMJ`Zm3z9+u# z`iXU@uU>@`;N#%~A+G~&d-iL$Ej6Ed0WkEZMOqo~^=by2K=8(ko%B*hyLkYPln(Q~ zGQA0Tc=SG2-vx_hUBqr6q}K14j%ueQ`cm|dgjO%$gOCYe4b%;91QV;F_TB%z6|T_T*Q| zRY|ZqL@{y8X^n?TGvdxo-<{7kWM}9LKx`ntc}Bn_rrs&#XCTw*Vei#LpYY z+n!1pVM4tc%%lLUae1d085pMW} z<(SvfQl6Uy|81W1@ipB;E-l^Dt3*S7E3kwncOf7@NkF4lTpn?m0q)JYiPh~>N}m|1 z!5kYf&?z48Xx)MDimpWQ`!mN!M7zWDnkG{Sa@kamU{8N?9amhmR&1YJxvaGQ$m;sm zgN~hU6Z~m^=u&l08}4)lGY5yi7SV0FL4@gj)(gSx7Kb23o16!1Y9M3Z8PKfKUJ)%y z9@f&|kftyU4tQ?3K}zVak5(t!+0pR^McQPSWVR7B*$r;oiup#N(A$Bwq=WDJ^C2yoA@ z%_>cxGMXF0vYgVwLt7x{c))*OS$65f zR3dA&TKK9oN)%_=+Exf$EfJtxVru&g>Loq8`puJ-FlwIT?MU_14X6Mp(X4YWn*?4M`Jot$ z`Lxf@HBrzSq4EG`2gsR&8_j)28mB1WIm-^1N*&rwE%a zEp#V6rLF@e;(ZFU#RiW7Zo7yk4DejwuVbJ!K&wnAZr{t0r@2*~a#+qXcBY4WXfjDU zwbPYJ@cElMKBksTl|pPsey0PzI$y+h?FTQ7=lGaO_#DhFiM+B4-aDW+fdf>jVB~9N zByCh(V$r}Jh?%4ET*g$rbZx4q6xdb<;y>N*K7>ygf&bkBNFSK4_K$?cb$uHRM4$r% z@2nnwCMcUTD+P~ks+NNdV=)PS^ZY*b zy|;#_vJOBn+>(Ns1Z=w70KJ2to#0T|K}|1yo$YsiY9U_EHySV_KT%}}JyTBZHwY zwQe?|UTtMS9L5}r;mPWG6DGb5BhC%-0hqcItv*b=H0%FX%?i3z#;1n6<@hkTyAueT z+WtlVe_O==y?guWWegGl3;-Yr3jm<_f9u}T=jhzzfq47SqRBc5fkpx%G9t&3Hv*{c2U7`39G9~vXu#qnOEA}*W zC(76I>6*let`-GtYhF_fZ%l1n03Wo#55`cuQYc_khHkN%4YY!v4nVsGZQ9eOnZclB z%G7*86;I%`ed3T%=`A~;>DXK#N}}Ew6lU#6LTlIcLn@MCMe7TZq6Grf{P2I$s)SHI ztw^dQd1L`Gg^?lJC@NkoBt-l~G6rC(Zzf&&ixbnjea+;DF>c(P3}3#=9euQLM8n`6 zhgW7Dqbx_vpZY^#kVz4v8kOPJhe39*C5D!0l(}$)P;0vD&4VXb8x>g-Um5N->3S<| zDoDU=kcrBTahkF0{>jArVFd|14T{MV=Lbhn=qfmXO4W#(Qc<)>U|*I7#mbg}kTT;z za;bFLU2bPaxR)1{{XrYv6JLFQDf<*O)NPV2s!yyV_#nMwmraNPIhpa}8N<(Y4{OQH zk9TZZN!o5U#&uA5?G{gI;e2aHdKfUop< zrM9|33J$5xZ!4%2d3y57ZT;gTWt{$iJmi8>i= zm~l?fMiVTlDyiOy?_~O}FU)-Q>7nB97$;qqqIi*akpo4%5L88u81|@JyEJ-W**x|Y zvq(ic%hD&-t1na$=p`aEZB-X~_wU~SdX19jRBc2Hw#z2s@Jm@_znw&_)o}s+WDd;i zl2*l+0)5L#pjg#!H^a=PE>IcMcYPmKe|@Te`ld_=sXX@y;*mD6fuh4D;h~PCE%3zQ zopVTD@W?IR+|y{(C1J?Ru4a+Ufa8E;N(Zr$@}eVwtKg-FW?BC|v)yA7!HNyy@z3}x z@H8;DX%=KPz#*#gX83x0`jobSL0}u1T^eoh>+t-E8o)-B#j-KavX|&mPx!$!{vZNY zN09(6z$OTluTSHhTVHo70kvnF$Ps<$1sFNwpRDB1heHT?`cxe5l(_vDwwFjSw`>8| zo7wyC7ur^;Sy$70@^rVHt1i@w3|x`c_JD+q42eOOd0$_&K}7kcRZUwRNq|InPE14^x!+@_)j13xFYK& zsManx;Q+f#Wd9k#@<$MOOGsKXsO~_rAVXgLr+gBMOvpR_qM{O_ z!Qp~w3nG0a2!dPg4l;h!=Ba&As!-I z{`Gr2C4#mi6s|HMHr~E2KE7<7ocKwAn0kp9C$Jv;-1K9HS;r)k{(dDgg#O4e>oW1X zOWK=s!`~3s`O&lSw)zA9(eeJG)9;t<=N-{=@y7CiYcpf0+Yn6y0SPBxJUbcxStw=s{9T`$sTx zc(CY_SQj9qkes0p#OnFa{<%>cVEzJg=~zk|<)xjrwz?~_J$ zWyQ5OtM+VDY(0&w4oyIN(t}|k;fX&yr~{{398N4R%Ag$%5hQr4|8PqoEtWvj>L&;e zY{KY6B0S9sHUYy!XRiNQd~Lzu%uTaGjF35mmepK#=L5*2HC6}yt6 zBw!WKCm;uoN zR?1Lkx`OwDrwofZkuNU1VWA8<$3{H$sor)YMdXZe*ZYUkN6H$XQUeU0Zms`7-WU?z zj=1>+wc0v^XY|-X!bm=;oX7s0BP*}s6hS9I;yeCZ@_`ys5kq2`;T?V2w$6#w3mS`~ zn&k|E6k(O&i@x(FB|x-qZj9pRP3+kf3_plPlnM;pkZHBuk77T1Y9i_uXFJJwlLEL( zzJ&5!FBh$x6sOa;-wCTbF6N3|3d)s4T*_%q2EIO-Ry6xu18_tvLP9=(vx-}khgROm z6g*W{PXJHQTOV&R0<9x^OaoAv6Dydis0+qbdaXDBT=Fzr7A8^4C5;lGsj8(5>F<|w zo9N%$ThZxV7@dg4h>hr58r&0WvS+H@*9*EF6R)6K=zDdPC^}*SvtKM$))YHux2~v| z$X2Y)%jAmM)(u&fugcg)b1fg`B6JgqIj+^v`SEeY<+0Ub7bdb>Q&;#^qTCjV{MDXi z&GxsdaPZRD0)>r~w~3{i0znm%keC@%7PRs_7TDHV9D$02KY@x=bhw(+t)x#X1IkMN z@?0gX0Fw74E10dZtOF5}|7hqie0fDm^_h&}vr->fjfK*R`kKZQ;!O@($3`>4+j|g# zq1rr@iE;n@#XXBW%|RnwBhHYHnBr5qf78&6?F@m@&^Uis9mZ}(=vs^^9uGC=8`~`{*4PqrX;nLe0#M2=(@v)m=2atK*8Dw$gf##WH7xN+p6~~qg zvbay{ejb)lOcS;JCPjQzN6urmUE9D$FgH-{I(Gw9ioIlLt1xq=y8u(j*yIcwL)gWh z`A5N(&W~W$d%od9an^SHK8?gJK=-0{cmSMcX3j67g?K0(8EP(%VAHXQd?{U`)&{P} zJh_R0-%bUKym)rOmk)_vWGdu#{Y-SuK&*~8v;Zd$$;kR194D}iw>(bkwrQKt*+T`Y z25q0)wBaamSwStG`!xbIaP1&#=UHDh-X|GO`LJ+a*m^O{eWko@XQKU0g5>J&i}>+q z_$>X)pAPqO-|*#+ABo$#f1X$-5=Ho`*A&Y;+8%-<Ni%n9>7lFp3q1Jk;RbCbpViXc1Z@03T=K=LGkC3$sT}BFX;yM41iRbgeG_` zjA3RUaKqgbL-&(Xm-gx3Cj_1x`+Q%P9i@3h@4#BUT;$h$4Wq>L8^%FR=V_0@r&@;~ zxY>XFa?zdgYJ?OS0SlSZy)K{K*(u*J0>b?#+L>HZ|DK$sV@{!_{t$2rC01}m4^)-*G9TBBkC zv`k?dyWrSv8$j(^5aHsk17*5fDqcUA;0SagD@212FvePhDjc@G<%%fCO5xZqF}RDP zR^RqG#e#71E;nGwvdTK*7o3@Blc%{C%f0av7JH~2;X%3no0PUu3?(Y!)b+K%oj?Qp>uR!Cf*d`a{b};#Rt&;d4i?sMjZ%lWz ziS5rAlST@Eu&9GiV4Z~Rj!{1cl_ERD*40Za0@kT!%%eKFZC-2c7LISLu0wuyGKb5pghM`BN8w|YrkDD*F@T*c17sWxv&%QHmV4E+ly zjai!AFFKZw#mGO|h@8L1`Az{Wh9|?>blBKB2}Y$3@Hs{R+XU9h>@_P&2pq4>*^foi z5)7>+RxhCEms)L)rL!^n&-nt+Ga(tyQPF$@?{uG@Cv6dgJ(*_AeK?W*bsk`hRkl$x+uoAW?-BI7l|yBd}KDXxJ_yVNHA5)a71S)&X?-he>$S`gN=r}ALH+IE72TlyOXm%+jsv2+a>B`x7Lb9)zX4?LNmh+FrB)DDzLf>^BZS7o!c@_77$Abjf(^vu+_B-Y!v%>gTjULg zj|;a@FfV8{STH{T^eKOCPvOjg!nJ(r{y%mcC|tM@INuPsrW}0c0n-6JUu^go4isvf zNYqy`2MX19ESfMw(7T9#=Wes-Ir(b)azc(}1ao0{R**2Pz`vFd(Utz289z}tE^hA9 z6T|wd(}cmZXd{xGS_@tHE5ZuIEJlpwSbjh?`I{8E&dYH!8!Xj}+r9BWX3y)|@V)}e z3SUn6()pv5yhB9ogF@3TNNH9&%j1I>9HwgH^e5$4|0lp??xK3*WfypbJ>w<%;Jw;61%q(B|Q~JJCY?c=EU#93| zkY!OC>jZFQM|pJQOH_5{dGPfI3AL*4YEpj7S+sr|T{yqX;H@ee(o@w98)mb;2Oe3` zDG%`^x(2La(pLty)L=mr_PX-YOHCz^f~jXb4Wzv&9h%s&aB>sO_+eHN4j%zgwL8iL zY-0mNMm_p?Vo}ve8G6d0mhUQ43+2UIj9M8+UNQ9aqDdBS?E$bhC`MPlevDjS4otju!OPa9^_*sRM=4EbA@*jrIS+R6jCIDK(>hgA7j%H$&U3+t) z__KR5zP71aR`*40Z>2K~2tAU>&FQoGHM7Q#>H(d4AE4CBx2^XA(vIS`Pb4OS{*E z8{E7;L&AG&tlc51?5tlrRYM&@t#K6!FQi()ajtEt>zOpB=Z1t+oXgXvd{6^N#N5<4 z*5?Aty10Hf=xOnQ?KTu>Ct`XTLRB|b>!ol%)N`O#0KYbN zp*zCn8?LP3GK3?=zS>q~L(9TjM%TFP;HW2OrWy^pZD@5~tO4 z;yrGs82QkRc<4u(b;2KdVUF4%iq2JS_F8ng3Fmx2M#enb_9!awhuybB?T6RteWH#z zZR0W6ihOo@o90xJ%~GZAQ>vfn^E)3O$8co3-EXIg7kKCes3%V$yB#j1Nm`)sfBmmm z*X=8w>+Qqb7uGp!uK0}OvhEW0B+i;@yM`+$LM1ObXU{fAm>!qwXRK={MG{UxX&`n1MySC zzbHRaF)tjOkI;$hGlq?1SYb7JX^!(B#jhk)VLmW(YZB96KXn0YyB-1CPnuk7CZ`|G z^>KUsrmf{Z=szSFW?%0GW(E=*CUrx0}7 zPWr08dWY_uS)Z#v@d}U#0Cx!~x^SJq@raMo?>`<7$>??!ta%<7y5us4QJR{af{3`dhJ+ zjGHb`95Zdw8X9>46@KiRu6+Li=8PqBOccH)~~V7c{4GTz$ZKy zb(R^^0nRsnpuOo#cm{dj_IdDKC#mrTcreU5V?5 zEFU5`*CgBIGM>Vmv9!Z1zZL$1r|D-_O9G=slUk#n_cSbS(*QC^oq`BP!-`6F;Y`1_ zDyb6o8-e}uk=v=qBqYgM%C)J!jjh(|XwwYm1?WSx-yILHwpV}@aL=G_#X1vtOO)cO zMOo%P>xUU3sN=d}6quMIuP0$5C z{n4XB(Oy}KW8|)w0;@IW))pUL%hmA&9L{r#L|5oMZ8T3Fa1>lYx`16?!Ks@f!ry-h za*WA9VCS(8Acdy1v_q&o&01LmVVKJVc}tI)e35Us^@eVqY?15p9u}X_Qe+&KK!*nS z^RSJZk|8q^OI-|Audtn3(~8&!yijT3P1%XpAQtlMAex22Bj zg%~t#G7U~s?A@Dh=I~IT+Ek-?`8DxJmcqWTWiP!$q+^%+Nguo9)}5@&r64Fmk9?B1tGLnc7SEK z-)x;EB^J8)a6nX4uj#YK_HG*_M?kLw&@(k)Fe~01x4zYrzqkSK3P4P#%x}G91$00X zXb+j`gr~ELh(XncO~;=2Pi>Q5&fU%9jfuS|G){L&lFOlxn4j}K9~d$8d1i{}-Er6w zPfbj(J|$SSdD@tqLc>I68Dgx-fzNFKX9I4UU0lXb?-$PZBhD~PG3pX1F`S;z_5s#f z=4HYLw~x^&H5+`AruBaKS`&>Ty=z{pCct6>hi$tyW$5G-5T$iaj7j9O!w{9 zw4Yoh2ZJe(Cwx_vg8681MJI0eiv!(G#}En^oY}D8Zp9FN^38>gCU|L2i}+-i;Ti^b zLWCSk1#^b5BwDB4nG%F&hH3`Qw^*T;Q)!WD2?ul_z7;TTlalvcr<$FM z4R&Fb!&`}_%p*Xcp#v9Kn5vz@TxYDYiy=EgqiHw?NqNHB*=l-Kp_C^#kD6V%AxO$~ z9H?s|w_)#d=Q}y!CO~S~!p;Kl2m~Q{8>;P@m0?Suy$v$w-K|0Ky%6DVpcLU&UJGZ~ zQncgpCLBq3%hp~EVMPRqs3DosDUC9mkqfp*5*eK0%qh5f9vEqu{o2TO!!QofEK^MG zCPtZc>ax|H`s&q9afoJh0dE%|s)!`q9koceZr*!%t%zsTu|HyDDlzRnXWOIAF08!J3D-hj+-Ly9H@&rPmjE zanpOEEEqcPKkXUsUD0nnh37mbBd5bGr+LQUXMbZ)^te~9WaGF7TApgo>wD zLijXKdBG4^2*ElB;n&hFTPj#+>5T3>K^CNPxxnY@f(%JM&>Baz*!|EBcL@e*IP{{B z`^bh33fx#iO3CJX^Z)4MNiFcdU36Mw@RCH-(Z-9u6I8$WuQ+%UV~@!s4j50j;k)8j zw8*a!xQ~_rP|00#xmtFx`_IlQqmmnB5CD?fx4&1Yqi)t^pj#0r5QtN4Y2v}Ut1xvh zD+HMi;qIw~6??Y*Tb95{iuK_*$-}CoJ@`{6O(fsF+Jl(} zUIxOf0oyiJW%Ritbop-e%Yz6!P;#EjN1<>U!W|IcVIUsmI^zT!=cBXgh+J=qd4PKpi910_-a8f5vD!i< z__UuQ*+o+~5mWvqwrKby?|h?yztYohKbR{R--e8E$LwoGdxjpGgI4pvWc=&vXy$n} zI4I_(bbxb+=oxz8${{DA-Ci^GHNnCSok0H}fi0Q{Tp`ag%e z{;&3cKXx_-7PkM%9PmGb|G^p%k}PAl#Q+m}2l|K~ej6`^WzAhnu}WYO3Sjk?;L1&n zv;>hvDp$G)Ci445F(GTYHsj2wpD-t-SoaKP%z(n9n_bA;rIiaOTRLmIu(aKEXf2_; z_4O|k(uM{g?>jx0QAhG>5jJ&=8if2#dY@6_HRVtzeW4 zYKY^zWyZJA@b%xHe>~K|ePkVn+bH{d@}84b$Dla4Gnocz;kWYLuliz8BCja;qKGHE4sbRp zoo{OJq!8vxP$GvUwr!dtXj zjk1Y~OkI#Y;@meJ({oeK*nkKr>NCUU@$tcP8$xprMZ&AmQtrOkj>xPZygpJ`1m!!T zDKpj#87uX~+!*b8ck#}aI6L$b$e7xFSqKG-Nc1n8kvI6ND z6|u;HQ6;7!R?Rqv40F{Vq+Kh~P%51T=Dk#jMUYyU zk+-(qIUWTnTtLb#lYZ8uy5FE=%F2SA4VmnWZmUe5IhplCtm9cX5w)gzO0(hW!pZ*p zC)|y=2oq}x0{~FU0{|fKU;W7c8+QM%FZ@4HH}=1Q_Vy32fFE!;MuM-|M^85l29&AQ zWm(&e%(SRQG+`~2#y?v^CX3{X4n4X*U%6rQM5G(BIi)*k7=knk$4|3oGR|ToBCYXr z&{XakB+t=hCbINKoWx-yn#UP1D=|NNHZjh0MdE_(huVkgf*IEvQDt&mU_aUesN_6y z76$#lQD)U(R?M^q_NgZooiNY!5V?E~`%byT9%m1badC%F3PerVT$50l z;=0vf!hCs7U=(s^(7NODM+65RJY~gQkP~2)uKg_P;U98>cCb+_xFbwpv%V!v-YVG8 zbo4^p@__q8G`%C zFFg|h%N)_9h@vi9IEY0 zvk)A>mQY*yG#(PCr3eMXLBH2DUB$D#$pM~ak%@K`lL>lJG5P%bVB<7Nuw`T=HPDv* z=`{jXL3{;kA&OW~#XXp!Hj-7Tn5ZpX$syjaL(j>P2|`MJ76FCws2{V9S*DjQS0>@! z#Rb@t^T!myYEl4(F`M2H#SsWYE?hLhY$eqS(5L~|8OOWV()zx?eb4LMe;cPAGa9A> z_h1nJ{x{y(qNyy{d8%f|Lt-5MWpqMs9!8EiSWOy;k)BbizB7j2Lz7Zp(DO7-3MpGPa z;a#K=kUluC3v$;_963(Ei=Oa9nKL=}MM-G~X9>Zn2;0axA z`|djIgcO|vnlRp8R_eOGhZt%8cvo3_-_n%doMC`eW6T5hSnp@rrqU2pZcUwcqPe*{ z;Jdk3L!pcC%l`47*=p7ItwxACCOo1@iiwp~;cySv-k5=$9W7a@HGI^<;ddG~y$#Pp12^Ic>0leXS{ zPZUD2k3u1RzpWTlDv2p~x+!OJHC@_Ucipsf_iyMwr0pDG)&y z(%;h7h=lX5JgZ+=>J6O~LN1p1q+k|Qm!^#s=4MX5T9ySZg98tk#hIkxFRBOThkSo!j2lMN|7{OzOW0ks_2{G0ewPxaQT_79%M zv>l(x7IHVo0f7V=)rc~BMJA?h41H82Qu!1mi_sRqWF-m8-)aEFM-|%=N_5`R$3T#0 zO?Ki->Ac&!e$1_X=5^<>}KBSMH469cHJl^V02;X2I>meI@I8*pHGkxYqnQG=8 zSKbS+L2E@0xdOy@_)WV_2%r&lVC25qFb{Wg`2tb?`2Eu4 zkbF3Ja29wtn@>laVvSh6IlRu39$0N_OpUgSIfva7^JDxym#Kau8oW zs>%i-)LcJ?z9uNAQ8&i$W%hH6_3`3!FyxvD&;={tI!Uk0qU9K-wc~tvPFe;^JtlfQ zUU@`Al6v$T;x#^D4@(t_mkWY{pae9X^qWgwmVJ`4h#^TEC(sj6W*>UGt-?k+^riOK9`O zYt+L!f^}cK&j8It`uXTwJus&>^K04cGJ7Q}ChtjX{q}N1z*XI97K-%V@jGeV`!x44 zfx8|t&BNIh-mA;`CcaB`#D!ek8prv97FZXTh@mO3**;)V1tP>{U#&^~^EYX>e2{+N zG^h^+4?k%Ec0886s+aqR(HoG}dS(TokLU03!QqBU*`%y16${@g=_t>4@y4X)qd>Jd zibohKtXs@h2#vJrU#WrW$zus<$cO&2uK&hXyauz#5383hVkINzBmqY@zPbwW@LEu2 zx}Goh8h@8DcwWQwN_FCD8O6;w`mz7DjOnE+7*jd(hhQp6;`<s`s;`>3!OZ+LN;*{D!^=q#;h3S!E zI&aH2Xvad^fwBzFGN-7DiU^augrR7>F!+1GY#UIrNLa9ok8jP=d~OZo!jcaa{5REz zxAn$_Ro~!vc_0-3+7D)gdb)un%dA>NRE$8I;Ys3+b;S~P@ljBBl-Aqhax=f?78B2_ zS@~biIrz3x#jc5vtmu0;;>&O3xVjA`GU|N32w=HfQo-O=04=}{qk(~Ro-zn&Rh->7 zA`NwjQPaA>$7B)3kXeYhiE14Ooz4LNu8*eg~ zHeXy|C2xB*yG%J%k0J|kT58&kC>-O_II@?=*x0)7*I^4V^^zo>PQ5IfZ8v~@IXxwI zldltw%`C6vRU^=WVri?$_b1c7N$A>o?-pKkHaKLBpqFzQqoELU)eGYudv{Xv#e$Jy zbC@fX*4tj?-MN+D%KFl8fo(zy(SriT+QkR{e)8-*d{ZO0aPwNjBiH7EXc3`C=b%Uu zS+krystS;0bM$eoRK|v5tdgsa%5NR+G=rMUn#=Sd-g{#g?DGIW+kY1{zgd1qY+US;9)R`@Rr#T-P>kqo9I}XvgT_%^4sj?4src zU*qA_Ps;g;QB51sCq<*eU@oPXB=_|o;grq`iHs(Bxr0j=T8jKs8(rl!MeR7`jGUOX z9T}7RTqsU7$@wpj3=HNYhQ$ur(Ar-S4sR6YDt!za`zkoOr>Z}3T?0A6<=M||pQ8xB zQ2mxDk8y0J{2tM%pKCJJF{J+ey2OsAbp#z!BeuO;cM%vdkCe?4WsCsmyMsO=cXua;@u8rm3vUxLbP`*~I{({cP>;WJ3V&KBgCR1icym?}r( z-V$k$kUKv!5@SsYD@H30RyX7f%-wfk`s^AMU9>N0t#InB-G;M$w1b6OjF2EvsreRf zcFlzwpysQCXu9faI!$n+d`hfX;`bo|OJ7*5sg86NTg4{0DxnBxF9Ou=SDax92yI}Y znS*x1d6MYg@Mk3>5T9;-^5>AdoS6}HJ?Wmjp*(}Xkj?qyI-n79)$E|E92BIm9U2&| zlvEX$rESJUj=+u^=As-~c# zJ%L)_AvNQKdcINKhqu(|v-c8rFJ3|y<|YZMwL%7u6yQq><0Zm*Bg6te$o@RiE0S4; zFTRijOh^osQH9nz$rXIJh&jozirx=IkSXEOLYie#ck8-G%h9B&vloxhQ6v1j3 z#Cc7aBOesfXD#+fRaXR44?g#?M~BhxLs=B04M!~6Jbz1}Z%FO~KEK^A{hI+~{_ncq zzjJ>^F?1FKv@n5Byq^I%5*$REZK(W1((s$I?9Gj{5c(9V;FGz>)Nf+3B@p=K}Sdk{Ct1Nwh8v2ZmL$>wzz)F`9*B#<ydVl|+SXUN9-F-Ka7`Nh31f|FCmx5Q zIMLOqI5HWO=aQ;bB{A>9yj9aGChRnYmc9C75<|fNo z<-#}JJp!bX+_?fj1jW@l4IOoxQur0?Cddn)Y#ffL1QNhQmgc*wzLyOrVf&cTaa60V zO)TPlc9Y;9A$xbA$MxJI`xrK>v{)9)2!w3P`3ovqED-GmKS!?-gIAWc?(#9t>_Rhk zuM0q~*-HMXS>7kZYExZu5ClwI&nJ*h#1BVJ(9%{jp;ac^Y0YFPj4uY>eXdGpakim&R_4jnF31WIUk0}E4+7h*SPVwi zNve_in{W9rzuj_NJ@lq0eT{6OqlW2KqZt+_8L+xk8=q4S&#X)YZ@A+o<_km3 z_*dy43sOtJ2~>A|&^c`6eqI^jdXK}-C8HH)2H9>wxz&W5sgow((GXLqvDNiy%OBy; ztGHZx!Ou%2*SaWUzPpcJ*-Cg|=M8&ygydFVX6=@QytVS9ha3Mm)!X@Qtcf$#J8f!c z?A57kDl7Jw6b$p^bNF59v9!eg86jjUg>EGsZr&3~6=%jZ3_VY6r))y7$T1L^L-vfZ zZz^jQ)DI_^xX+{3BfkW121chJ-criTxNZ!!<1?w#JcwKTP~%-@+c6Sq+v z8z=yP1a1HT#s9ez|CM9=5AOTF*tT8PSC7I^a0wxxOMngU%Bo_$oXm?0-j?7@b0)1y zNqzh#0%L<>9P5QI?@orj#jQ6__^5rskb%;*d5_db!`#JYgYS}P!GFq5=H6} zSi40(nzqxB&nBgoxm4C@|LftFeh)-wBaW8lc2o3c3Q(2xn{ITZ8nk)$lna2hX_R~pM>k?|zX)q60{hFyZ3cAZK$ zqBczMljxK1xMbL{pfWDnheiDdtvanf!n*U%~p(3^au9R3{mQjpMJtn$~9U1I0z z91t%?Y*>O=r?QG}IRkkj&HUORrq&)RNP$muu|VBm9CB4iq@KDnn z+8yU%ly1`(&iIcI6=`a}S0Vb~R9&B#|m|Z#TcMmDcxjX#l`@{XaSF+ zymdtS6%bL(KA-#BxbK>mOl6<1N76$lewe&2^A|x3-6mF~tcddT1}w z`>R=r!*2o2{{X4uvmDvtmk~<>6|8Ma-dy(tXGVgMv zl&A1AVwz85pTQ#8J3AmDpB8)BL2uYH5)eTCYix3DgTe^mi&x(eJnj+IV4*hIBTR#2V;; zKG{^GL60bVz-PjDMzDpS5x$Mh3Wcdp1>sb!AiMhd!2Oyw{T)Kg9H!+|cjCoiwiaQz z%GAE8`W#4Ml$@a)L?x!9I6m~DG&qsK`e<*O&hZhL45EF4C9fXP?{Xld3UCb93gHQX zJh$2R6g5NsiE-k}=b5$D+u7T`s44&Go0EVc3>h&I0Y;pHIAnwET`p2W*pTMo_H;$h z2Es@{xN=n$OcgML9N|J%mD=1e5a50*1&D{NT*7Aey6w-`sgW8v3d)p~BB=mkT&|`i zcEDp-QsTb^rXP!ND-qs*zDHKf(y}BhfgU-3Q7eIsG7e#U^0&Dq=5I>H>Z}DXuwSeN zrtD||Ki6!o4VY*P62qgEN+k_vi~VW-(TvRmJ!u9pixzh}R9T^|-F{(ueB}gB!486n z?II?S<5h_R$DxPooMXXI`m#Qs{rlBH;mc=kUgbJXHAf_V{O$zq5$R@QD{31vq;Sx; zM3l|*VP`3P zTn2PGmy?k3IK{!ykw_ZjoE#-BN?%E+8NJ}W2SE%@!?YiPe4*j0^xN=6P{R~EcyCn2 z8R3zQv2yRf9Y+MRsrji3uEI9~@+CzBqOOH#b|wqDJ3%n{;wlz0SU=D%J=9~f$>#M` zWr(Pr&4~I1s!<`7GGSDQwR!o)9V=IYT_v9*5VVXTRJI-ZQjlxaLf0JM$kD7j|=|wdRD6|_9bL(pJ_NzJ8osCCy22^2xYyF zY45(EkE>!`uUu#C+&@QHLFc3BG$0TP%q7aGdbqELD)O`Wl2tv`N~y8^V4>KuYFC*{ z5m=VeTlcpz10MPB3+Kj`g2a#dl`{`*NaJGk=rxgPbN`#tVaaZ%Sy~?$JGEFIR4=yB zOiv`XaPb8GbgS6`?q3tXND0{hw@QONX(H& zFCQK{(1-Z05xA)MFelSnE0nT*Wegb}!m15MUYWfcnP~SnwD&X2>3Qffk5!JUJ%0v{ z`B4Mvx0w0zzzMsWt#UB|c1MCYX@*WyqAZW?w{#AJ=Azec!(7vk`lB zuhAk_+7Vf@2&eW~g~c3CD!fkY;3IUl;84FFigW~e-D%>^{=hU_s_0Hb&iv3Y+Cdl) z2s&V4R+ht)2L#y6*~{QR2a+BCOi=?-QGlIuKItVC98l0rUnl-(1Y7Svf7bl#QrU9Z zZehF6h;p+1D+f-VX9nMRb-xUYam!%D#>5L-MJ)h_EO)bt2z2CXW2TJ zT!r`tV*MDk3RD6~Rym?qOk}rDLtXi9Db!cMd0>Y!*D(6nNqhu(%g5o6#-`o)zic z{hiqyp6Jj^{fREC&+J^$2C=0VXy_(PKm0BD(iNmec7~iAxP8Yb=(_1>6le9^K8vEk55l$4Lhg1)kO(C&{`*)aKXSDbK3m z&gaqfXdX37QQC}Km+)sm1A4;mfQ;OS!`#*}Rnfh^YL;~@c=u~}hp>T}02GI8G8vqR=lI{cUWPS*7CIq1&(qMeZ@1=du`1b8UzS)Uk=cnRZjf6jJ3zk+6j_ z+PM=HO+Y6jI?BL`=7q%V%y{kvm}SK$4Yy_iCIo)OM0TGhDgL4BuUXoL`rh;$%Yoi@(3kLiD;k= zzPv;l=laJT*60HG2D3ZIS~vy2i5SvvBBrlr<+(3)tLGSnL^=M4xl05aEI1GK?(#mF zlVN?6@UPl{nI>-<=q0^m$xB=fd|S9|ler-Y$9jAdsNZs3Pjy?s-niT|mni!7X-QZ* zWm}byBs#kqv=Y~zKZv#5DpGes-6@j%6Sqf1sUFP7o$+syW0+Xczf>)#j$2}r1tYdc zIK!Ud&1mE@eZ{iL?qX{YlKVYQpyTeE?tXOC=pL9~;J5;l_3L2YP6>qDm7FML#Ul_E zt-8%)EHzZD^L@o2z%Bq^`s_n(GOu@3))2ZT9HqSQWs&1xOCqE2%v0c`XZ zIUC0+mV z7A({fV2$j5jrdtwdMqL#Rwaqa@%39BefC_lV(+ZR-R zVZ{;fx4mx|ebypjjYxDzW7AODr*Eukb@=}Bm6vyC0GNa#W@O+|-OIUGjIAb9)IM+f z59Xvq+1!;XzMA0@#2wyWfOa+8HrsG{wlZyUh^=O}+!0MPyP4JD!r2h8zl4#wxRm~+ z4D3q5WTQbZ-|Jpt>nFy+4*KKV=PB4hVA7`x)SFZ&rG%BHf~BZaI1dXGG*qDj*Qp-p zu>c_tA*0PeqkB3~kpgoDa}qg@ z|MU=&c{yP6#7}g`Ou5lKi_Uw1S^Bg%Mm=huKk(t5P!xZF94PeGKHeI#OQ!kjf&V~& zSA+Prk>qOk5;QW_bFy@l)pKxgv9ULlwXrlaaQja?q5ji5|3cOj#`cH<(;)<3 z1$l+!;y&sNb%^Kg65h+JEV;vvl=xYZ5G5=KyP)E$|TA&ZmO28AwHL|hA<2_2XDtv|Xuhy9Z zM7p>5eie`70sxr*Z?Vo_sfYjEF8^R5)V6H)m|?tWroVc+L2c>h0UJAD$)*|2Tvn>A z7WduZ`RGcR6VU63W#T<Fc73dh+AwF6LOex|xJCje1-u{J7o_aGK~^;zX905tdN>`g|xRpAhGzw3J12Qe;>RzeE`@ zD`HEAIPz$PpyZtGTXk^gt40<-^%a^MsK;qckQ7pQxr5PcOUGDMGLet3ovdC$)TWCn z&+*9w`3AaU5$jf;on<&YR&(WwPh+R0)p`k!Tes6D3)U#giG<|2Zj=QMnS<_4 zq@MutXh4mKApL&dpcAh>xvLl3{l*f=PSnWYVn&@dKIS-1EP|PY=YAp`8O0M}We%Wh zi)(9>kJ)T=%Y5I?;e7y3f9f*BWUP3*th_015FC6M$Ml@q9g;6gD0^PAW66EEy`3Y` zzQ|uVEJ`?3EbE_Ft0FB54t_Euy3I{>XZf0T$V6q3-lC@(PEB{7(aT)JSPa=1IX>iC zDE@^;k1mo*Ft?uiSz$a3B58Qy%qUjpP}Y#9gv=)>S1>+a>c z3Bff`V!6MkT3P8bz~3{uz`>p-RZp{?fidI|UqCvEO9P44JmzrCvpM-oDK7D|nz8OwOCwl4`Es2nnNu_MNunA5<=51b937Ez4 zK!v<^B}MRUJ;@(G?3{`pSxaS#d~l`nX9;<=J&}&ekkg8lrvOrQ;*n_PDxiBoYQIo^ zG-uubmdvTHkO$cS?oyF&5gXtlyy}!YVYZq3P0tCSwNELK`@H8u6&nSx0G3wm^Ra2krlZ@Gub{&NjR{9G>UpnXJ@OAT=*_D#)+XWUXjEo7CBWy&0oQ{zfs@y}*gX_5k;H*}S<(B{mla;sT9q4(+}vwJKTbZ0Watm}7iYrG8;jhD)b_ z+Z9p_xW^TePQb$^G43YMmTk(j&Bk4r@{-P-^ih8oMW_X}jb zy6TSPur0lx=dZ8)vC#cq$M0b5`Ca(5{lE6g{|~r4Ny-NE-vY7ddk7+FY+h(%(_tcj zoSXm>u^F47l3_cr#e&73b30w7hc1`);2`<>U0EU`!^Nw&@uSY@`s+^)_CFOTPu!Yt zG$9>5pzG{GBy$TLWYt@1nlVF-2&0j9zx<0tI_ny#J?hm*%2=LfE{02h>yFk^njVXH z7&ym^Y*>2tklnE|`mK*tnt~+#Q6dPcnFnFi^)Rp*DaWSfZ7wWYU83y7ZE=buJ9%iCMab_7%YlvpW7bTk_RO{h zCh~I*hBmS+nxlXTM|BfvS=V(5)aA9qsoHHPLIW)#$gk>>A(>M6(EF+)k$@nFgMRH( zd~1RIZlsuu$M4M}g8$%8<2?pPJYAcgE{?GsB4nOsWkvK_3pLiy50@p%0-eQ-lc;V) zh=iBVdm77$;X)gR?8W>8X2LD(avZ1s5^N<44;^#aahOh#u;PTZ;f3spB`y9FIO!N_ zpm-(v+Rz$fSEnK+utqs=Ts0Yk54<685N`kJ#! z;g=C5^AV=a&rO%y@gU@QiO#XN%`%9rW&)TS{46+zhc7o&8k|lFEYJKa0~`UL`LqD;*FO0Qq z_4wWND6HTMu*hGI%4fr-d(!cV##Cs=K?tM!pG&(~OfFS6&+)0YS#>aVr8h*8`)EQPUr$f)_>Upj*EXNd96kVlJpndT19ev4o*(#qN&Ig) z0so#sP>u6J_0l4MPJ7|IJa6}Ax{yr*Lb>}9U^wAV1d5qoTm+qRbaVI>kS;OLo5Rqp z>-bLz8bVtTyIrdfj(6A`x;5sRfp1jVo;126S*k<*sCq}S9Y_rB1TCO8OT8Kval9Pv zg1*Sk#aSZ`{u|Iv+1re_`3Bm6-$Qb$|IMdTw0ClF{7-@PKUV$%q@&`ctb4!bO`hWH z!6T@b6H6|*kxJ@0$U*J_1oU<1^}wQVyaSs(G9mebNJ1$Ii5q#oXWJladu?~oqYQ$f666r)0{%f6gWh?z z2cmh&fvhK19@M3lQcnGVFh7LerBH@)g1HCc$37h95X90QJ+$@Y0=#6RZe`?(5b+NEwc8Ye4eaNiohzqL8G1G5W)rzP)OtvA;;Stz5~(8H$s~ zH%QWQGSOV$BT2(}h~^uqw*fbwF>Q|xd)qFj7*?i#G|I6`E~j8gcWoz!6_Zp}-Bsg) z)siQ$W{ozfW3@j>IE#A+CcLUj1SRU6%63I(;1HTmGei}u?C*re4}|A|kwB+<4@17k zkHOlR>8}t~x3NURqTb3{#o0>T?$liM-bS3O`3}1h@ZvL_U-0VL`oa1N`d8OA6`u#m z{w{Dkvj2CcApcp#{-=@uiqHRP-hbe6jSYu2W+a~}$xraeN;WYZxipUnN#i`x#|0}( z3(1D3*pYjDqq#yvAo(yBhf6K2Fju^mynWXzWN zTxe5!d!&vVGxqYe>;6I;H7RF&ED#Rw1FB;}1l>7P>FV+h()COi_7?3A!G8>Jh{-_xyQHPm~QE4#I$KlpS!c6F#LWjm)>ajXA`f zoE#v=)gv!2TjtaPqe3g2|0pn}^lDrr<{&a#yH_){Zcp@B4e>_|;#Uxr@J~d#ayUf4a*Rz#l#21MyTxewcOU>KFq*n6V{1g)z$O1u`z#3omD}V%vCbqG}Xd6JRnao>bytLF!UyTtT>dK3?E) zuX=hL+pAz%L|6d12Cm8My z#*P8Og?W%Z?{3ol280mE5H=uKbEq6Zg>Sh|Kq@qh*_nwV?vKr)LJ=A$R&a+a-|KW+ zI6BHEM_rJD8z&1oML$$mheN}fa}=m23PhIu%@(asEST2ZUHLN4o9#Hk+ysST#*-aQ zTHzI(8?rmOtEO3S=Rdb^0Fi(- zU;#jN1Jwu0;uBH7zq0HDC*V(xItty%{D9bf7hjIIm+wgcg)he1^#Yuiw^is}9JRGK z1NUP1lux=(+B3W-uW}($WWSY)g(>5;LU&J{4Y$%B{)Er861uTdX>s!}QY+*R&vTnu zf*N7d7c8I@Mt38Y-46@N$+0vg-wyqqD=a+wTU$#dC;n)QF|^8XB#NLt!wdq19C`t= zqY>R3YWt2EuIX4ODg89L2N|Z{3v8)^MQ)pJ^hCV9C4{W#=^a*(GO!Jv5M;jJ6}3X4 zNI!o|m(hfgK+X;%LG&-Gi&2yHJvJG7L-X^8K|IOIC>sbbe*XHf2gJ6u~yb5723*N!@VQbhlGwq0IK3* z%NyUSJUQVU>yPT5cavJ2dlSR7s<*y&-9?*Vr2ay@HJD3L!LIoDM!}?W19A!Eh*4oB z?HHimnYSM_tfnMk?PM&7W`KM*T;I}DO^<%PnP@}B*6L9okd2h$@2I+G8F3BcE#>I) zpa=8|E2Li^^HyW}A6U+7lVay4YqzB2)b2_($UFy9`+?tuXVUdXvKy^kXVMjppM6TO zZ}GL%)I4aTSGDx1)g4D^>9$w*Pb)ti&&ku0nUm#`T4SWIkc*$f=HB|7R{D9C-UOL6 z^fR#4$+-`N1fnnDVSbjBd=Fln$x^%O@q4#Bqf0fDU566p783 zHBEdQcN+*<$z2*Mqp>KzmQBqe#} z(_b!Pag~U6SfQPaZ8!5rA-m$Y4bp`|9lz&NWfh}Z*45;*dZC>>#hTbdlGT@ z;l5C-KQcP4EeG#lq~h+=B=WX)Td!=P*`&^l(fX2Ts9R~?wAmgLI znU(mp{M2UrRnT#-X5UpQA2QB!2q})M!|v8kysDkve8Kv&!xki!rzOiPA88$|ICU|% zG&M+95!|B-AVWChL#?OWxOkb?J)0t#Cr^iS{xf^n0*PwJeOL1b%^6Sqr$Oa^{1)TC z32mdV0gnfLW8H-B*=gDT5!U_BV9>vE)Jz3Ai*Fe3jrI;Nl8q8>`DaZ*3)PTy2;~W% z(9B_uS4z{~Z)DkLtFUs;dUQ}7%H<{gt@DlAs_BPIkgav};;(#;8K=F%kxguk8dn!TuIpSI z!)b$2w5%7R#TQQopZS5T5`i_cePQ&5AkBdc_zVf4S`YKCS%0)W9oP8hvwllynUD9AP&9XQ!?QrpA<*5ZpKq-%4`%?~&1dtDD{ zMhzh_i4j|EK@?laVY$ZFU!nO&Qet1(>|hv*{!#TV=Nk8E%e7CmyFC#^Odah=5}`T( z0}Kc%f!EECUh(;aH^8uQONnTqTP6yx9Z`KExPNB4dIt7r%2xz3SDEY`+GW(j4T1*Z zn8IyY4k^mfxIGzLic@JPEU)X_TKs+Y>k5YQX`nJC0HP`9(+rMi?lzo7_@+n4_3sU{ z@lL)>&EKX*`8GSp|H$P3O46eEtovwTK(4^vLqOeOZ^83F`R)MK^nT`ro5m_?eRW3e zK?B++*Wsm()ZU&_T44|FC`0(nagH(AwVAODy+1$_Csd_X+f}+2CF2IVK!}X`yM|ef zPImRE{%Sk+9suFtv=k*MJ6SLaT7quuZP87EqnD8|qEH=X$qRndYl3bkiW$YDuQots z&?eu}K-m!8Tg8u>1aA%mD)q=c%t)BS8N*#5oto7wRGwWjD8Q$??_aWe2LEd+AiJR0 z`|-UI`rl_j|G&H;!Z!9s4vw<+Hnv9gj%ME~^nVqd|NHV^GQZ0B8S`FRl;A69uaE%k z`_Y{SSzAf$%}~mFKz!^;PvbY7n);EtYtqiaJI>?LVR#1~Z6~6`qj@cmbDFCkit@Y20-U%P;f{y@P>o?kM9pF^*yFjCnn2xZmPZtFE=L{r^7>X!) zl*<0bP{1UjQ~3I2Z)*uo`upe4F9jw&>H$Qa!qB+X*5h#3nwaER9{;EAFwb$ThmcQ~ zS97CUN9-V535XO6lpxP!Z#M39qG!KeqwH^0hVF8wV99jcD;ioJa7 zO;YOno32;`q+~(b8P^G!xcIf_sfarnL9#@eUttIbta9ry zq(dUSoDN4*XTJ*_PL6pFe)?i;$3QgGB?*H>3Pb~}_@@#;5rzw(iA;m%5&;XqhaQlg z=bg$>Zd%_k=mUg6*_5NFN!*6t+uOA@x2kHb`!j@d@<9slm>3XCllf0OiBT@w)=Bwu z5&9(H@ss&sK>(>z3Ovf-bSnEPN?>FQy!x_EGXta{B1s>FDEI$_!IQ@|Qr0 zMrxBJTLG_);$0E7$s}Y>$XoyEn>7IHK=trP(C zDYTZ2H9(K-a<4-^7raw<$HG`!#c;=s7h?DXo&G;w_GKuU5xg1&7LP41J=k7Chfq0p;{c*QRp7!}P zOIJiryx4+aXIpkX&8M; zO%J|?s?f{`(?T;q4-G>OJBPe6`@2BK1K0mK+HRe7mNN?NWfKcfS1`}tsC zNQXPkiCa3Is@|D-#BV6Kp%uLUor)@sYXLaLSAw2v#x@N3XB{svnl`KCT%$kKRLzMP z4Cn!!D=XCZ`({lGNrj%>%+5Mi2KI+kolQGA(Ij%{+)kz+t5W}ld@{P5c7nAp6 z=e>Y&e#(m0N`cw@S+9i$d4mW8AEi9xZR9hYe~)qzcU6f37q!?N^#g7S5qXVMWI;Qu z&x8lwR7ASlWai2hiE31%$%81j8x8R#TNVNzZ8f|ZPKw_|U#=h|v!rr1k=9Qf@%ux| zitgRw9!-wi;jI&6EE7|r!vt_EHl{2MT{p)%V9HzkgRT&M&!)aU}vMi=WPbLoiTT$4kIq zJRdA5bGxgZuM0CQhFGov|+xi z`yeA`3UO^!E%sjXo-~-sz7()2BUmO9@;u15gMVy}H%skHyUEj-){`43AL$27tagoA z_mo*NbJ>*GIi=C(1szzK)l?-Lpddr%)Vg6Q(KVWZMWR&Bi0A{Yx?Rru? z!FQk_$+N+hFqPU;j2VG>uJxc({LJ4IqApd!_U7}~z*#^hs!;O{;hMjL=YPHb>+kXL z|2uI03&VFPNLj4$B6MKAf_uLVHr)p68@h_~rGpRXo2s-;*VP z);ou_Zo?^G+oAuxx&8qNbhSNqFtFi)e1mDAS~p;Qrw-X3(C+-F3Da0*kmiPXfg2b0{@n=- ze3*V8RxMC1UAL4T^w|5@q^=y$@QkzA3U80sYV+rIBl&PV3WsfKf(ZEj85{g=q)WFd z>L7V)UP%=r1)QE`JA9skyd_*`Tm|k*_HdGij61UMBwwvNgng9Ja(j3VMn^N35}EK> z;nWmcy^}{q5PQPh%Qm|dI9tdqkL!w0JG1lQE5+xj(I;8`friU%dZwc>C|5Un{By3Wxwj z=*j=fHdo5(HAGY$&VK?tlQgKg3$nr%PSdM*AFbD}aSqZdD(-3K_1*X9ifh4F(Hk9G z-%sx?lS=NtKGV$f`%3V)^D}*yXe9s3&m>}R<7E3coc@ph{sPXu6ndn4zui6I8XlQb z5t-mL6NIq0)Krj1cMYz(Xv506n2g}PZO%I4TW`1UG8NQ17mZ*#g}4$iDmxJ$}L2e!|m|Ckd(36(8oA3 z-^Te3(Mgk-x#iW>rGPiMs{u z=Fl&GA|;O;*T}(AXThJfuF7~BQIkD zYC@ghhzbPqpB}fJx(WqWx38eTJ8qco^&|Kw9TS&&<_ z^ZA5~R?^3mI0k9w53oa(4%zg78I&8lwy9p@ zau@tEa>5Wh7Szhff-(A{yJGSAEetqf_~awgSFotUK(jeO9tq^lhP3ctU z!>Dz16O$h%Ac!ie~~wHi|{5thy#QMaTqg0X0we@XIthYl~TtE9EOyMo}%+c~}V z+(h$Z^u7TfgRYVX?LHv`%4F&?+^V!ZH2+Y(8|EJEPIvU=^s!bVcX)XWWTZlJpA6+qP}nwr$(CZQHhO zn`dWH-FNrLZfx9$?uw4?{#9L3U6q+nCTKt>2^!k$OhT{fML85&7nm=Z%O7&h zWsTG~U8dC11`+S2=yjubG>nk8%RHznZN%xY)D&9e9Y5978luj#%DMQ|gkO?8AA64|hvhqZ1mD;BR-XfK+Al;%!>2&XjP5G)9S6_TL zH|c{hv^Q{zQ(EpxuRjYKtP$o|J{T9H!Wr||RkbpB}MuU|g)SNw84{d{sydK`OVp^F;Z4Pt!Mu7ETOxmZS!@d4|wucux@V&ix!Jjsks7oWuwe)Nn%Nw+liSB?f2SXrL`%s3SL88r86_VGDwT_(t4R#`I4D#V$4NV zYnsqgeiPz?mJex{Xo26oV1-N1SvwweAK@tXAElU4xN)t}V*U)PZ^x>(y~JF1Ao6(h7|< z|LEVj6O|`(5*2QnPG8QMEhh(I4^7`aZR=Li_vhOQ3SXg6b*Aa!ZtnLmFc778%aNhU zv~9pC=KvT;N0m4Z#F%g+*kTgoBiLig`af45mC zFmq`B`1&%cqf)%If(pkLp|rSvu-bvb1X%ZmIA}K_Iz!8;?4abj3C6|84 z8jP62_Q>C(1C!t~^5NGG1P0W!o=@lGD|^c1%yHR%Py6#eb^!3mo(gk~~-#fY(9;zbdvB@`caCBhWLXBImiz`QC+0CP+n>O>=BUDAxq zn31Ay{fjT?2~36Do6)*RuuK_y{GUj*MF^x_RW>)S=vk9!%7TaRbB&^O2ScyD)&=IM zn86N!yJ0~N{l*ojNg1%J zD^AzYF)}ZM;CCWS`eUTX_Yo2@wb+c$_XdqYQb##4YX^@GU(l3fbXrNOyZS&@$h8%{ zqhJH_lFN7c4+(hZ>=|KlPi<^v%fnMZi}DBf=2|G5Y25&1%Ri#95U<#P3p>5!e$ZlQ zXse0hxHez_0(k{%_(KLTfF4h|JvPwat+!!Rd7$7Pkes`3RF8wpcuiS>`q|Ff3?_Na zBaO?b_CcsFzQdei#q?=W+QUZ;p}C6@%lORfl`yH+Vk#Zl-4spo6(tI(*>gBKjzweG=ARX#+2*STf0}1i z9EU;tsA70j>?e@0AMqft)!p1vnVK%_RP7c*rN><#CT5pJCtwX z#2<>WF2Ap!nAtGAVXM6x(sbaT>HPj&0^f7rOH-*&DK^{D9R>GaMp8%$glr=T@etBX z?V^BxYePhH^RTP*v8PE^H2bV^sc-cI5@okh6Jk~q$ zD77^8eQ)7z9RgPn(lfs$akLnXp9G2nidQJIC@e&fN`<-+j+ndf$p5JojQ5`4>vNX@ zezcp4WF(~LO}=|o??p@hqwj9yc44M<(l#nUL7hULc%m<%Wjg-a-nbOpI$Ybk=G8kv zuWTh-!Pqz`1=VkPIGM;r0lNxz3iO9kZokGB$khyiaDxju4hJaWfh{mKb0m~>*TSSR zEgy>?=sDdInpTejQ)M@Roc1Jg%Q5=5TuqowLtB%e&hmHpF68RQt4xjMPE`fR3;x>Q2 zz=6bfp^{j?$F*Pzqf5`T5hze0JZQU*0+}e9vR{;fT5wGLRTy!ko*n1 z@ry7tj5R5Wnnl#D!^dTW*}YKd*j{M^M6D}-B0E7bC zI(c9&*_E$#tEuRqX|(jhyJHasiQ!io$RHfh{l4480~nlVaBJT}5%|MeML?j`9WQ?%TftmXdT-vr!<#WcxOrG}BK z19@-fKTo`#D``twCV>Qf0Mp!1IVdM=TPru-7u7TnWg_%_Dtcc>@{}tM>|N=|gk^Wm zh)JD1-CU*b9v5rVfQ$KYJPAG&KoFyIhLvVqS6M{9HJAh1hZ?cQXMS2b>3+`daTG|; zP&5TLEq>H#E_uH?$?A7TI{@b~s6Ye5Zh>_NtDwvQ`1k%?7V*8?U9ZOa+W?g9FifrM zQW3tX*hM}zShAaZ3%PJkGyRagRFuWQ%&+bz_|GruAf8u&VyT>YvtlKZfPCe`J-gv+ z9v9*UBJ+GyEtLt7XegP7=2`68_dTMaEpo{}@o+5kS7~{R`(aB5Ao=dbXB7>_C(A?Z z3*8AvkkL~0;iff9=kyfcgEm(v9(mDX)+4tX)=#A~#ZNqNz+|Rs1gn!Tb?-*e{8Uzc zhb2*W?jFZ9L`0U?*$}WoUMBF{Vqc9zj(ZEhR&gNy{QPJwePX|34%+l~c^5O8^;(KJ z-s0I<)M5n030pkp2A=&Xaprh0n)wJGtFDoaB-2V6OfCut%b`R8=n2aacS`fY5MJn2 zWS%pOwo>*^RlPnqW;MV!7u2>W4*9YJ+UlBf&EoFz2lc(~vEz&|oT_18-1KOPe-@?li2yt6 zv)9KP>R6+Ik$!vGG#}7AFo@0jh-L8a#Ax>pKCd)e?+IEw?ns`)UKf}>xLiPR=$)%s zDcrRax=1hI9Vg!J$HRNI_l6en?3VJWoGR4sf2h}nN0f}Bex%1NKMFR%|J8oz-(j92 zMJb#8p8yw?b074hMRAn%uIubqQ-pQUa{dl*MWtv4_!?}E`YbBBrSI+oVqYk$=2}s{ zuk@E=w_%&Pl*x5)MrBhc1g|U4vspAP?Y=04QbaXr)nK%_b`Eq*t;4yagEx#9I@;{5 z$sFd3TbSa5IfWRtPJs%jfxC~(qYvoQmRG+c6zExdB72oPSJ_z!TQdF>jyrHYd}#X; zDaeXo2;*spCjanW5l@?2Z;U-#xH~W8TFsNwBTibi-P9wRIbIXV(wuY#3@ssnvIBG5 z8q#f5%pT^FtDo$hDf{CyY0(6R5Q_BfDaYVW{K$B8@P0%oP1i))KDZdmhjW%$D>XMi z??y7Qti=Y~GTD%)J}2v0bxB_}-Ceh^Qh4Sf5}lG<=a$JLtH}mMGg#Aq?dE>ia&+bc>s2OwTuB1D{=&uy10X4+SbKvHze88i41r^}0(ma49$-eZo+%6skYCCA5szq#WufZaHx~ zVDDZrZ^K(uH48xv75NRgKUmY8HwEciE;ucsithS4e_EN2C^bgnM!_|Kp7MpvGTI3d zUvP`j*dKjzX+{-C)>_eL4Y5}Zdktx0Tl4t&kKyj1qiOqp$ie@k#%1~+4)=ehx>H4dn-s`u&rv@!z*4mk?Bt zF#2aP-v4{^Kj2bD%2qb}qR?O3W#4`CUZd5G5x&>kTjz>q2(w7#>jFVvzGlO*bH5o( zjrk*_-*;xRI}sqR<|78d5jSQG-Z4C=X}kkiWxTBK*!e%->=3lHBcrzSpIDX+bI`WQ zyRso@b~(I&+;L;K_mZ`Dq*399Uo|%Q-rKerfa-ymftx*)xdAn+XrIj^@PkBXDMG)l zz9Zdl{VZ+XKfiVl%u36ehOY&vkQyOo`u%2o_bRMrz5H+VXeluw3q7gk{QFk(Z@0?m zKQeSx{`8h!vMxC6ec-M(;z+T{viDl9N}FPQ2^KIi&BUySp)BJ{Bcdtsf|=Rp^HgEc`CWFqe1}9 zA9LH;>uF5I#P;wzaROEP^m-?($R+VS5R>-D_+s1d8N_UOeQQRvO8w6!!>wDAFPy}^ zK-nB5;%;ZOM03_RB>ztmoKNq;V?c&;c@vl&V+Gc4Jbs_VKx@frqXBb*dS@D-JYA5q zI%u)XNb7@kuvIxr8uIcx?bUf`9r`^P=0n~e z$=-W7DYSn#(mjD)_#>Ebu0YqT!V!e+B+n97LY}tt54nYF$y8a$V7I03wl~ow=E@BO z7d6x?kfiOJSP}yi>?$EtRO9PPj?D*<-f9S;($flq8kUvm3S1N8vMnKYObukK>V4n; z(sxuxc}Mm7F;_<)!zI}k|2a(*YP-FZC(0_~p{AYLwQrvwBxHqM+x21VzX9{X`?^@w z!J12qb+9-+{JTZq=tiCXyn^3JJ(JNK5Uy@X2?K_B_ZZZSaYg!<^^k;0KPMvbOY6#| zd>y%A+%B5AfKHHNjqjaoRT|YmKDht~54>qZ(;^vC3XxLu!G8p8$8exL1q^3~4b!49 zS&VK_m|lT>zfPGi*`W?>Hgx{(7a{sC4Cs3`uMvH_8(Vb^s+9lIu~}7G+IG0&*fhw- zd+FB8t`n<&zvD0eUF$%i>Fh(^EGN%8|4qBFSJV+cEc+#Sj6dk#yBAKQM2F9(v)rXl z`&vTP^gsJ@&?0}dLqu|^IJpYWs($6v9chDTspc`S0FTJBsKH|VtRNj_W3khfVa&7< z#oVppICD5-q0VKMa8_vGnB@$beY`D<3(nwA_w*nNZgFl>(44VPJp+pZU-LK7q&%ZK z68j^>zvV(J_jvb&q1`&#AOBFY_-HpkFu?%;NJ;%qp#FcIfc`H|`ma;ZzW}A!pEeuK z_b))7c%e+bS1VD=yvV;q~ZQ?r>ZpZr(ueSJ>4HSH`k)#iIhG@ zSG1N0!A!+t@7)Jmarb_|>P_=v81f9WLH7lN-6(%+&a6o=YYoO-&x1dFKaY?08M2c= zoXDGFPY9NCT*s8iz*2q$?v}66!wMPqeG?Zn0$FfTZS`@63;b;`3Rb!}OF;Cb1jZHl zK4OnI3kq^#RX)3u+k67X*$UN54C9@!T*DeAjw8#({sWbER^8XvUc!k`*#$d>`Qs?R zs8M=Y`UCyQ1qxKN***u%ZskxIY&lS{=9fFsdwJd6Rr7cLlvVEh8o8~U{D%jls~Cc+A&pSKF+-VDTtV3!lmkj% ze*#md3o}do;jajdI)TzaIgL{MkHiDJ5GRK;4gH0F8RK>7I_yS}$YGMW^&6*2s>VXb zQ$V$W?Z)4+CbvXl8RjLJK*ASO(zn5@bsDAtaKPFUz|of>Qyb?=x+d217PBYVQPM9N z)EI$T0-*RxjXll+gHIxy6RTjJsqizXMjte2p74G^qjJ!D-0+_C_p0AQBNqxO^B?fx zqhh8hu}92T2%wrdV*x4wV34*Wq=7{VlF^UzZV)^Eruhc`F`@*!HN%NXGGx~v+)3Ag z>R^U2%r-|oq>CLjC{zdLUUK*~Y~nbQAVe8G5w{#+lhecM?)|vsvQt-J6Rp!}>esD{ z12q&0ObJ%mEV%B)VWqa3YmqiWFz?f!aw%#iz z_be+Jp7^ItGhmz1lmTpr+Fn-EloEu=@9*&_zJf%NP`@iCCW&eV)G=WzsvhJ_e9$%% z?P;$=_UHRqf?771q3!Du=uCB>^Vjp^*dO5CPkcy&JRKo32-)>4IOkW&l?Y88O0*xZ zOz}Y99N;1l*(dKq^XfMvO72z^L&D=3XR(dzlBsvld?3t| zvc(eoxCYBa%Ex-GG=sC$_%1gcY{plo5j7DVvb`XlhZ;zhCf;Rx30OxVW!{^Y98QIY zxVg~@;a|5HsygJw`%EgiLLClS2HEYLbR&2S)m&N1A0W}mk~ z1K~zSbP0cwJapCD@9;uB`Z@s}lgB3OZtJ^4)NsjlN6ui@*T~^W78UF^nii%bDaIWg zL+W6;%3@Vf+*|^4riJhuVsShxAwTg)878T={YloXY-OWU+2$gfI>;_*tSoAG^#p$1 ze8M}&J)D}u_BBi3d%9*#10T^#`>8g5gpJ0Fk~vz$M}T*RBrlR;-oijIZ5+xc2o!i} zhK#Ex*Vnr#M0zq4nbI4|ui;rilC&s+3q8H(o6ed$m9eyd^J5jc`4f**95LU~)bfEQR5#p!P7aJEN?7MZNV8a_wWiR)X!kP$7M)ATN&&0mgYC?{0ro#4#KZ&th%o`7gl z`CkqL>p(R56>gEPPuZC#N)q5IzVyI+1`NzP_8zF6P6EHNXgOO#Ovqz zgH2x(DK``;9Am&^NUyW|N1VGJg5GfPOwo`<4&OHTGr<_nkUgT>-T*KpC;D1Lmz}Bp zToJFH`5OF_AUb`@)>YjJ=so6*2r2fX*y%Z&yKP5aG(Ix#Z@?8kaxC-)e=X_THYaLA z%+TRZTdHQ=CpYHChT>hC>H%0Gq*;Hb62$t6{BbD)J(S!FNa)Sd6ezE&ag#5;;)+xM zoL{etZuNNI835S+F8*%=k6sv)-^zTTzcwUJ`H?R)EJkVDo(0(lR6}Gb)2Pu~Z&wTs zkQs6NDR)8nVR8q&;)y*(DaI%!@5^UiZ7XZr?1*zD1~St*EP8i)TZLya5?aV&E33J} z0b8;t6=;E5fOv;L;=>+)j~k}#M zIoKw8C>5sHU}wnK*2mfy5jI#T3F?Iqk!FHwaCJH$`GCl1YgO1h2ZC&&lO_3H?jYK2 zW=n@n4iKQdNcH<^-x_dEDQ=cPyof(=JoXa{9e))FdJA=7LR9z>KqCbm+z9YRyzsOj zzd0IENzM|SVjujgK+#M(J6aGRW-mUUinJ?nkU|ezV7gL^P=ZcX1tn7^BaU-FngE5N zyv3Z~!O?12-Q^6Z^$Yr{NJW0wzr?3Ics{R(#q||0e46fjPXkTng`W$hUCXc~M5wNj zXry@L@My$i&l`P%qAt&r1jm<7Nva&5*XnYl>Sjo(!;}VR!q|VMA`VhDyOfY8=?q}_ zAhcw)3p16CsUXMP@!*CYJPhQ>wjV6RctITT+- zoherEC|zXPysAeh36_}|`Io*8Yo4Go4NS`udw-mx>dQfRta|}Rs7b8Sa`3y~wA-c| zX`E3N^kKAuL@kk{mqyWznhu*^{a`SF(Ie(c-^cdR@z# zx4-ax8YDITIUgZEi%=5lDWI>{bs^L5_T0Ol6a(Z$*}~B88GFGmB6rSncT%XCQ?9^K z*CRjzoeo~cGc@D5vV6tO*>M@@=XzO++1Bguz?8eO4{p7IfqvmUysUlu*y4KWZrDGd z=3rGrnI9;$5^b-hb{*d4GY&gqum)^3>33GL-f^B8s7&4M-^LWzs}$W7DtG3$wk+lI z(pp_zo?Q-d-Oddgdqg>wDiV1Dll9_7$=5Y8Z&?nSRt^EEj;YG360Y5ubLN4jXrYbm zuw(D*a#WxTmzffbK-&8RY0V-~*;dY0e-cX*h%=PGwuMs4l+;L{Vw+U|BQx2L)f<2k zhWvmrYM;9fq^e7udc}JMbOf6AdQLxyb8gV_W~c?DK{L>LLLl9y6s4h5uhUU5y-A&{ zgriF5R}TB8Pk>(-zg!vtGIq2P0f>T^&MqY!qR5^Wj|EZg2lCYKuIWsMe-OAP=sdIO zM;=yEInQh`yK9~I)mpF23QWmVI}App%p6hgK3j%0MePACy7;F|14SeO{F(Z216i1U z$N;-)$N$y;T}q5J_EQMP>%X0tnXm2{7+VJ@AY9t4d0?YCM{~hY&$?fu|gD)twvL zbv?_z?jS*>icBRq&T2e3PVW~#a1YMASBflG&uv_{BA@oW&&L(ZLhoSfVvJXLuA%oQ z+nF;Q#0|@`s}hbMGNlQ>$L8nfInZCUw?$e_DkxjzC`Q7G^J|X}WYJQ^P5yA9h5CXy zMBx;5Kp|2|L1nn+IQ!ySp(cU%;3GcBkLsv=9?ai7ZgNl(Q5@vXnagPjY&K-eBj^HS z74k5Bsf(RF09ryHcaq?Uil2MDi(tuT;kA1*y}dU;xNF@>FzJCA#RxdkH*~xpj$Od7 z%NS`fK7~p7T?T%YAG8){e9-hkU}#}e;W$!P8b%|}V{;4jeAfoC|6D!;k-oW4p9LtF zo3#O8e1hoOtU5f0PaOPk-_5x|bT43-N~&)KlE)Acj@E{Vv$9*f%nfLR87BDxIf7`l z!$z`6d7qs8)@k#tslWvM0w%A_;B~su$57fa!(tjM1jnFfMjasgtY#r%E{re4t)q2;xew|3 z5X#0u?hYc|6rM>Ll+;KvUTW;19UICG>Q^?@t(YzmU@goOfIHtghZp2pinPBNWnoG8 zjK+7{Av_t#u^Ipp6@OYVo2+z@PE1x&^XRD8r_7=(=!x693T^-|&aY8#Fc2e*9{bnS5p+!7PCf^#?xSE+V!;8bmlA_*w}5Omd6@KxKW;J`n! z*bNzzov-AZc1bB88K_KVy<@9qdGQK1u6S-5(w~1ij;Z`PBOdEn`~+D;Q8}->fc=lE z?5PlW*r=b>iicZ_-Rp2k`=tXf8u4?EQ$U;bDZ$h$H(D@GW@174pT$$PhDnxKv&1rp z;PMS4SCnkg&S3R#x%$EId*1#Yq*W|KTZ=q+<4A-{0}L!M${%cV=U~*$TI^-bfcWSh zWQGjTZed9x%;?>@#gEa#ji$3dnQE>`+CW=O_sy^CU}#3hmesIVUP#X~Q(^M)PNHIf zWdsLRfXLCmJw4z0NIxcb{X(iOt-Q4W5DstZB0hgkg>NL;j+u($V)s3yHb($U(s7g38Q z5GkSyUCVWjYB`P)MbI6bqgB@3`8U?r?BZFx)6gi&Bi8MfK(-N!C_YH(V>!%&sRbJ_ zVkY@&d1m12@b%4s(4F1fiT(8g=t?;Zq!*A4IDxJa7a8=jhAwm#4aTi|Mxx|=PfaLt zP};g^rfb9 zw;C58_Al0K&qF1f@0+bGe%QIC!~N&?0Vwu78I_cs8O2>J*y<U z9GrRVrP5{P6)UME7bcYKq{TdWp+m>QNIMDnHsLa^a<-m$mM9k(j|Re-sJWoQihhpA z5C+9|bu)>ehB*#{-i27|OmI_Vk+|JUe5cr7OID#k^tQyA@h3`H8oX7u#xUlhIw$M4 z({rS7{zM*%RIOq2@}b%rYrc+!MPLwyAikjQqa^p@9E`$U8hhhX-+T=Gko85jM*an< z9TDfz9YjKV>R4r_Fz{qV_(bEmc@G{+EWt9RKCfR}dvhHH2L}f1f3FU2;T?$r#jBB{ z5z#2+#N-|%3IBpcgs)3Z0o!^+01fG+4wly z3`pGI+N}c|+5k$9cRbFl1L!{|SquS=Iej>$&yJ%4^1laLV4*B0mnTi)4#N`UO;L)P zgI3iS0LssS->ifEt~Ccc|8t4fuFHNUdGch5E2gyXz_#fZFP~uudp7UijVQ;<4U8Mq znAI8JNFTLIF~TvVggbmv#VJnG0#Qba!PQm-+H0EW60bOEsIR5WUxwUw$ZRnr5+hNbr)d5 zHhb!MlOINsNZlGvx0T z{bjK5sRm9Sf47)M^fG?VT z`}rFGI)VKg`GOP02iuPiFZ3ei9+J~K7v+K<-)h>9K;!GkAC_bWW_oo6x^naREj^o< z8OQ`4?X}`ElXk1*K5Lu{yuOK_*cwW7si$^ZH|NfOwM1LUEUCk+km?7}k3YCI#z(dy;YnkVqW`2I&zEbt?!xBPFDOj3H*dL~AO3P$$MW(G!l1_m}x*8ens`7hu358O^t z;*Rw?E%NXU#S>0+V}zxAM7*;PO)O><;T0i{`aC%8be`%jXG4x!^YxCK)KvnU#KJbf zgO~@79W=Zi;BCd`Io2pyZJy(~qahcPmeMQDiYX`SrdSyU;~&NWbv7ZHC+$-Uzg)k>1hQsvfsf*qjFc%0-27t`y}dSQySh zgURdGe%o-{JocDS9+qbqzHpsz=oeZGnCvRkc^8}l5gG-bV^LqO6GFABku6XV&^9iw z>Kr7TTA2MbnAx4!~^xux%R=7VB+$N1Njfe*%=dTqe* z+3@tEfw?~@r}-0B1@JE7*H(nKsEIApii}1^@tP|1Zbh|HbkD z>rwYFu)fxX%|R=|cX#hk(6xTA^NjP$ug8gejlmSdn|Wrq!L<$4KK+U$bPbpKL!=|a zg{tqD>01Ih&r$jK3od;9Iy+)}R)$OrSRdjnK&S^-h0bZRiDoy^nR?TV*@;}$I2OY? zv3>nO$Jc+5QRXgMc(2s?8JtR;GJM{o@VmR-~Gr}vIs zWB2;xfAJR{bfv~dSHeOnP`RdydrW*nqi#qaW&`cBO-q6QzR4GlR7bITzbU%*68|3M#rM-L9r03Ksz z3@JH_uLW10Wy*-9E#U*yLf9>zR;>H=3z6ZzM1@!r)D0e$(S&#cQWY&DE&`bqxvD^H ziEF$L6fiiF(!Xh#7;-)oJ1c=!RKb??&<>>#zgl9-#PJi-U1KQ2P44in#47Jh4IPz? zDgvY&_8B{lkO=?8D!FE?y|BP=MqYRq<&Al!8H??A9Hugpa%5z(Nd()%le@b_?9IIS zZ+vpo6Kc`sM8QYq)!(M7X#~vV}aPyMR%^8=f)Uv4|tvgFi`25I|N~MLo5Hij~CSlb6`kTuWlOZaN`WW7-{d z8D3NNQV$Y=G;BT+`8kWtQu_7!`xFNdMqO&No940%UmP#P-ZQP}(nmPLi zrST`n@?~xy*4Ut$Vm70>qb-U}hfm!hX&~AQ50$JtzsH2U>$j2N3e<7NMu33C+84E< zFMWCB0?cXmE*ff|2M0b)(0(hb@JOo^0*hBYCK~KLN^LpK(5xqlH9jLAX@A zob@__%Dczv1HsCsLoxDg8Lj75@D^Gc6cB1wb{`wwngKQh6VkM(%X{bA<(3K;)vG4> zl=kQ@T^i_JWYH_UPoVp?lQP0`2$5*(EAvcgAtEbF4b#U!EW9c2>8^(Mj`p!iv6NyI zzXS4*_jvbjBT!o?(Fj=YrOM)sz5`jr`0SKOvPCe5${i(zP{Zm*b;KsJI+GYLtdzu3 zTT2gfGG*kOrzrfb%m0uKcZ^mJdXL z9m%3A@<2RxZRVIIrX`>DR~xAAow7w8vq3}!(2m-{e&(dF*ueq1j0@-6W+L=IKR2@D^*S5>xuAsla8P!jh?C47y{X zp7aE4e!V+`!Emkn8bgw@Tu`L_p=kjIP1=0UsO?lVn!*cWwkd%W6sC0clMxb2BB)M_ zsdIe=w>(5?*6Tq;)3hWvb9>TtIX~Ahi^wf57JFTw+0DygkCVEp?k^6={w2lILFDR7 zCCX~PBciRH(Z|FYEO-iVyr$l>M1y5crlocUaP8(mzVGuW{bB3&1*rwG5qkVO-j+*| zFNgp_&A5yP)=7rsEq-aUT}}6Pw@ODqwLOi=DrxSJ#1QbbPcCXxAuHuE4(>c$Qa7|+-LmM?Wy9h!PRhlZ&nPf+ zgWz})a)Tk6s2iM2Nw@by(b%%H+6Vj2aGkDFY5izWAj;`^UAX!mL-@i|S4?B@AHARe zr4uZMf|9iOj`61TVvUn9r11zG8j~ZLe14qz7v($gl0=kbvSW6@^T87Xn5biI>qK8S zsM3R;vnL$inV)Y<6!m>1#g0)Co*0GpGQi9HH}dfMj(66P`$S)$64_+79((!8rua*E~h73xE`QmG#J;Y*0CwK*I&O#a zOS$}FNl&~;ckU9~RTlU`qOU?;E7ESl0?W-xIPx;!*vZ%|8VMiXSLe=MlE_D&0FsyW zpG_KjMPc}QGA&=RM^jvPLEx9|$^#8)O4c<={@j(vrEVHgGu1XHn3E3h&e&@?Nofkh zQG6-GE+AB8VZ;{_9aYM3o?w((cZu!$-e6#du@7H1?nZceoJfW&Z6Cz*`I#-W*a4vo z&e7ioL32-2qa2d@8-gle#}=T#_y|5l%rf=GPzoHC9O8lj)SIe`PsnW^uKiZMcQX9T zOW!S9I;;>Yc&iY^9Bp5oN~*n*i=!<8@md@e4NYvILQ^}SbbuFA^4$86wv4wsTLiJ5U^jiUQXcxx~K z5EQZ_x(rjss;AWqnWN!R)tmf%-<)wy$)tV~s(Zx`a001U9h5blVIjTBN~giU3`G_d+wtACL>D^?%VvaP z%wFb!r=3NMV)9zDWzRV0_#**lnC33eu3VCi$(O@^z}a?{;y7H3^26KVOt@M^)jx^DN??N%)wA%LF52OJc`SSh}T_8rooPSh+o%n9~+V1QL$z= zApFgMzeUpQ3E9AgD-v)*zIiWQb~e&xXPX&Z^sy=@ zajory3Q!Vl(!K8nt4SzYzkbMmwi0@wxcO%BIs`gT@#GF4OYdJC#1P0uH~x0cXzs46 zn4LmqBKJgJp;x()3xQZtU)<%IDGDuPxBQ**dysD>qZ4n-_XctpFv8&*uh^2*l}juh z1=-P=YJ!h@EAWNoqwT4|J7KFk*TuuwnS(xk0CPIALW?7?%Fw?Ud1ua1t+3oZGJVGh zm)i*S&mn(>t>z%=m$(sw)hm6~v6niCFBkaE&O>@<88LLht$fY*rBrE8iMaO&FLEihrHY`l}s5F8!?G+WXDb`ie7z zqJ-_2C&Wr8({T%3PSzZXd{{rpjY&9hkks`37(g!Vy&0EhDK8%3#8ma3ar;_V#u3~u zEK=MmrYgYm<^h<`OpFEdqhjT@8T5XNgv362x=<(4G8? zUNDXi_+34klvu)J7@G|DM<6GpVxDTXSw>?iRLY$48lf4|vGuHepm>1iiyF)ELWZF3 z65}98tRzW6Qj^W~=`Wdjb*U{5v(tiF-It@D&22hP7^Ih4tjZNbSkMCnGUlL*wC*v{ zO5iL>qXltO%=xm*K%WRD4gpn{HHQ=r(&a4$K;xpFVwg#vBNYLEi2Bc3>&IucTlgZi zg5C0SZRNR{YaCCeO`0o)FsHPqH_H4$F~=gK?M@aibl|Up=O z%-z$;>(A}4pJOWPi*tv@CA)@4VI`;RVrG$ROz%0f>>?O~kuv_p%i@#)=b3Q9CDKQ% z25d3{mX$J}Eme@v5x;lF|Ge4~wrtH4Ank!95(ab3ODZ8<&r&%j;XRYkY-Y$Rt z0MMAURh>RrUa2IS3JPOCY%1L1+EUo1n$%i7aLDO*DPdsKku3Ic`AUVS#(gADIZbL~ zYdl%{6tYTI)P9DoVFBuf$+Go_cZtUfzWAC829hfvNIgxBa|4aeP4JhL&KFEl`E2w>xXw@pd+)Xb}{D#@@Ru6PhVVQkP z)nc-kJkMnZU@k)&UuYPV{Nw98-GY0-0*9g!n7<(*7*E>Q)2$P3p^8lqRn z2lvqo&pB!bVpuCu|3dY&!!QuZjRE(j!j55A2I<=zOlx1i;&D1N1=Tx>zW3OdUwc_& z4m0=U_Yf_xF(MCHOOff?hT4V&<+vb6Ie6l}&0T-9-`&}x+k6uwLISa3N2H)O*05}w zImYxZ@ro-R#<6JEKD!I6*^bSCfog#+hOLwSkd0_9PbAExp5VT6KTpOy^Cnc)WayKr z-ZQrxr)fu8TXaKSysP6B(!h(qXLV2byR_!klsb!=QJbF$kpMmu4G%;p^;M0f&{G6NU0)fBISm@v`C#Cok zhT5~>fTRSbxUM>+*0we4IAP-F1FI<+dT=ZO7vP(bFTFFrIW;Q_ADCux)|r_p^6^fL zf)s)ZUcEumo#8Iy;H|U{2B>7-*Ne{NQ=yJs8YPHiq7Go%n$X#R$AQ~s@I^g)Skr?B)n`eY8<{%WVL0osAOlT}S=4=D4(l#(luUzvHw#6E(MQ;m%e z6v?lvYs%3sg|z*&O!5syo%ajH>@MJqP~dJ)!11y19yiL&Xvv-OVV~M-^bffIDCBm7 z9S4N`A#G-%000dCe}!ZIozkgN-m%$WhWCbx{odO}+wi3@1b(jPDsx5z2{^#FZwKO& zo1I_V7mmXeTYC!sy5WeACv2;`K!u6#J&x(P>F#)Uol)qEbPHLxB@qeG$*&0g0y}`* zG>xW5diPM?HN7Rvo=P*snnYaG$kxv+E{}Jn{jzn7W5=SEu};Q|$qLxfqw9HpO~&vP zEFjO?KN>ojfXdA|;j!cK!$?X-wM{k|CRVJTj*#BdOJ)_*vFQR>S>6t~QP&*xk6#tNcy+ z%JceZby3;lPYi9~&b36&H&I&*K7j^z7QbUXD(XeKRj8$emEo}%=QCUDQaL%Cbx2b| z3d{99{XkZ7EoN^#`dc@9t|mtzh>$^E^C{FpZ5TENrUh)P zQwoV?qC@9$Ie>yf`r!2JZ&^W|O)ituspP-DULtf`w0g5C?;1rQ^lLD;!f~mYXhl%R zUXL3~D6$qOQOcB$!D3%{4kc;6f5Zr)P-P56gv$$!G!Yq)3t=5aH~rKek)+zrmEi9TFaqEQwMEuIn``#)x{`MK~F7&%QS*usfW0$Lik{ zQvamXK5{WSrZE!RmmzgBk$A6`)$09;cLR9(*i*!|GiQ66j#NldEqdvt+|pJ;4KN`$ za~BzvngdCDsCUyyWW?OSw+G`S z2IQG5-5&uy>D9`0sP<6eBi~;Vq#*F0RW4?GH9meRq1hmbf&%4gTkio~K{iU(bN&-$ z#K;s0=DnKUoXP?Ex89W-NoUET7Z``P)A^H}?Ny=eO#G05PD(OnwBCl>xCVxa6eG$} zuXJzN=bDRhMem!EXZnkRUgu(oZ$y~Z3cR&hB}~~zd4<6aq);;{xv^n=fGW7f`CM2o zN=`@i-HYG12mbV*2Ayo-EPoJwSP7t?YA>PxZc|ggG!DwBQTaP98oMmj4Z{ zAwES&?;((V%Ra(mjCB*v4);ARpiO3#;!|NcTI8l?Qhxk`bHkSBRAi1Gr+hxcd)S2# zHr(`4HuAw^@Ho}WIl2lYpxvBaydx~MIPMM8i~mv#if__vEr+zgMuwV+7_)L4t#H{T zTQ@B9ha&_C^B{a4(iu6ImLk;MKWvn7` zdwEiPIm651nV8Q26UgFa=q%#U?Ocp(;2g0xIpYJ%`d{~Q@r+f5W$St!7+>V>$4%s7hf%dVm(bQ{|ke za-6`HRGhC9Hc35Q*%mM?5zaPV%3^Ufsf(-}{(G9-S#}Z39stk9#ALYP8M5#wSUlhW zuzb&g^Yq17{c3i$|5P76ACzoIZZ6u6 zux#)4h`|`C)l%|aO4#TbLs>1^8rjoy!Q>9dW7v-sTMlFxJ+W0v;JrZoRroETV|IRT zyK%k8x9TCd^faD1udXVJzV*C+?R|9f3J?A$l4F2O??HR^()|yD)3KyF!WSF>V2b*G z68G?*Kjyz#Y5nI%|LQ`iAw$H1>@Bj-qe>``7#6np|Iqf0QI@vJmYG>;+qP}nHY-(W z+nJTNjY`|LZQHgh&B^Yb>Av6BJ+r#+UGw9dv(|avU-2OJj@S|LHGn7pxUn9DFla+1 zP<42mz5k+L)(Vb#<95pw15|B_X znW{v3`$x=n1}z4LBgDzH`8SEY#P1)|c#SE;yA&+Q)E-09*B(Z+&Eu?-<_mmKa+TJ+ z(M4!YK0sH70yapf!9keDO_xO-8#q9Q$RBpz3{Y}Hk0?VVOeKhEDIi1&rPsuvgMq@6 z7yFVUC`yO1KeX*KA$Kha0vR&%>Nz9iD-$`ebfc!Cs-oyd%%Im>C}x7FP;WR)WO=7D zO$f1xTm@k?Y^R^bP2Y-UB^|{oMDuy?j4OfX--ra%;ZQFbCy| zbmsK$0ZNPy;>Nv1D&d}B5BotGL29Br&6S;R-CKvW$Z-EeO(c?x-gx0Na$8A6er1Cd zJ`T~Ev^7Ue!%gOr;`tlWn|+cXFds9sH#EmXSHWpW`f|Z4x5!?iB}H66K^n2J)v?&a zxG^R`dgC{ENHYK!8bTjZL_YlD2r(eeks=KZoY1{4iqlqJX;ZZ7!p%I$CAAA9%qC_Y z9R-#&Kg6b_FPoy9t|gOsZpuAinq%s>bma_=P)Peo%D%d$Sb-zeB3c9R(4K20RV{o`V)#o(2g4W z1r`xg;<6#n66*o?so;LlpRVjzs{IJcJ>6A;R<%G9Hf533Y5CNfy94BS+vPa4i}ewM zvqU|&zZoyl9Fxp^8#_OYX-pw2@qmeQBy;oO&eVS&&b-B0f?F52It%$4LyOn+i*-asxLu79*PbdFQ>3>`=}V#-CPe!=?)#2Q;;^7K0p}n=Wnl8trxLM z!SK1QXhI~20MLiU!Ao;9+}FguDw4eT>^~$WSlng%cDv2nVY$waS4SrCTWO(1%GLs+ zA&2LGOdQ$XS}a1ROKEySiUsR7w5d#_Vy4jI$xTqGhHiU$f)x~M+Z3u?SO^nbXTkJk zI%R3+_`@d3l7qoi{y+_~)PZL;%BTz8R$ezuZ2LJ~t#bV2(65Rr_`FeEjEKG0Bn2vh zPuh_#tCVF9F}2fl-`U#s`%apPeE?tG-WR{6?bQNgMPsiU;k!qWI3^Q}a?KfKlhsZm z&AB<$R^`&~b55-yw&NK}ngx`(su`t&Yo9d{9xBf@kq$Gog+Na!3$1W^P|)*{jIDyo zAl1=JZ>d*>kaL300M#-~)d$UbfFL9>#QN!aLW7|dAhxy17=YP{IzQ1OgVWLMUzUx8 zJl~8fEfz*6lvLk%P(2WcphNtkU$4zC;x>{SFz4|v*qX#yq*XVLzRI*wmHHxO^j=p> z1p>Siopt1GE?D`Z@9`f`t9)IxfSW{YwSbrWwtLZZ!)$t1P&3~7x>xD|4$ER^aldyU zq!CBHTDN~28si0jctP=18JT0FI_d$%{0vtCymR7}@I%V{X>bV>WN!y2AG#?6liPA6 zGSkp)94SgfWx?NxUu1xG9t{lmx~3Z(SELX16n^SbL)V&rAF;UIoF(818elaAu)X2fJEgX9*1Blk*b75WBQ+ z{}{%u$?R<|+c9W#L6w@Md(;_bRk8iV(VkvV1$lUYs=J(e+C~R27S5UTjW1K5#B612 zM&*GPMnw6{d-5RzU;0?m4n|y{CDRrvzlq-+DnFgy9cFr&@U#lGQ)J#IycnyiUqyZn ztIKUhTypDXBb>*6lAl}jaYqlFe(NK}CL9>}6UX_Ra5b1~_HkYX0-?_CRUXGJA9nd# z`;5)G0vzB*mbjC2o=DV{6js>sWX=nyCT@zBFstU~+wuHP9L)ib5UBTz zk`>;ncQ{Q)q`cRUE%9T-CV}L|6K$kmi}Ql)$?poLbEW&3uuD%U7MoBvHeTCoG2Grhm6v&r|d>FTC6n}2GbxtK-BH2sC~*1np4|NDxIe|GKvFR%X(av!PG zWB#`mnsENKu{|kwtC`qT5QWXY#WJu20r!{eo2sh{CTfMG`&(RXao9Mk@DRStzaKi9 zY*gXOB;9<1&uLn?U+dYUU0BomP_!HiIlYxw4p*{_?CRb_Ikh<(Dy9RAapElfl) ziN&uKuhKV<83_KW9KfzN1?kl*hg;-nTD%fj3Ejr7^eKlL=5n~vLA)>4ib_9mCSi5s zPgn&1`2sfDb4*<>X)}_?k zE-x+FGKA3MqRd;Hiz3PoTiE8t#R6lZZ8TUMLkx@Wg~=g|)9S>pSTMBR2KM|B5usD6 zW4;F$9`Yvp+YJI_X<|kw;;Bu~ zYcG|5aWujI319d-L34@|kXxsR5B$q$Ke7i@lmPa7)4FcGm0};L)9&HI)QZdNCn-}N zd(VJTZ?PpGcIALrNr6YDqIF6w7gi{5E@kM|!H`*d)iU|2Mt}Q9%sE|Aw#2cvIV{9e zj?Ee?rR}SpvI1va?R%%s(fR{9SYP7YR~=*cH&Z84nzzaE#9{PY6s}4rG_n4{;!~D- zd0HCeX;W!CmzXH1j)7WYr=YV)n~yCY3|JuiXY`)+OgczKov11dB$2A`AwSli!}(H? zyZo9bu|~Y1KU|f*X4vc=4r{)X&4k2fe_t(l4Xd~C0+6Y{A1+Ll~C0G@M{UDzn1df7Xkk5T97xgw=#2ZFtf21v39iob4Q1N z`OY5*VB$=VWFJ2~=(Y#`75#MIX%5NaDb2Kj*0q6@KOB79ob$l=@MS*!fQyTv!E_3# zqxIOw_|SMj4?yE{`aY^*AhV~eGCDUs&dlhnJ*#v-=IWG^g#Kw)_tNPBN>i<9I>r(7 zoL|2;H3u0?7geR-^>;GBaPsrcx{nbf{$IIrEPiDR?g%0?6HZ{i`)6Y&nfhmiBB{&^ z8}MpT-nbMn-pn54kgZ*;sZ9Ja@Lmg=VKWn*KUgmo^DVrhnZ-<~PlXkGF7H{AKnHyZ zV!rv&di@|L526pY8pBgm3@a z(tj1cXQ=E#mApsJykmJ7T{l=9KY!Of-1S#iI#5DzOcU@oY~%8zfnzR(zi$^0!di6 zBw;yt_;j?kYS>611~Cien;pvp z&FySloI6WiCy=OksMqq)XzY=&m!^$^*gEw$;4@2v#0b|W{*<|vlqjBTm77l+IN>&e z$O)6z%W)h?D)jP6SzGlMo!6>XgFP#zFMYjT&*x5 z)tI|K$2XLh#_M}K#u%AwJYg4adgusaJ*E5_OL>UJK#$&B#1KrBpQc)Q=W9bl&fZS< z(_>ss8uN-k*E9)BM_vb!+VRp+`H}=PO6U4kcGmoxGnUk*tv&$WebZRD+oYibh_wYR@Tbwgq zUgWGLh(6I+3PEvimr}$09fzUZKom=&qmhrZlo>8r^Eh+-2G=N(IrnXvWBs^B&0PDD zt1xD{_YTi-w##EU7Z1!xkW^>%he=5Ib&80z%eOr-fh^!-u^u~nX3u*s`}2HV&9ztX zCAg3wCN~h;30#$dh&?09j7_M?Yn%Ss=NPgzwrHe>>ZZ;s__hkYWTgj4UZDbX;@urn z#7JUrwQ}89in*5kNv_v@Hz7pUBDX?>D9 z6f-nxEkAy2H3t*Jp25xVO!ov7zg+YcQS5Ps9xo{vKE|IeDG#h z_v6M!e4$W46cMn+UZi2{=B!snMSReqR=@OW0aeCb+yLTWfyoeCHu-nHT=^LMk@`N# zLZ$alP17C$SF>@ta>YLA<0&e#DlKPIoY{53ISx>G{j^-v{bGapLpJ6R+?pbng7vuUFIcjF(S%|kYrgczaangQ)2jm0+p30b z+4Q?FCw&*!)=R5b4DHI-0A&Ea!TB1bpyUpRffij3ka^=`WquL(GtiPT_}1Nm&Sc*W z-mMY6%Y};=wd^QCs~jW)Sdc|RHKqr0@Ioapct+A5SG`Q1IURa6CbeiOPX0R7F2sOg zvB`wr3v^x#@YED88@Ir*2ZY_U9DtF`a@edP~89n?! z{>k5WL_W#F7{6L%G+R*hqm(B_!Wehcdm*F<3F*nUCtT*>{DF$Tc7A;{VWvMlEhGAO z7J=N;Pn@GgL))M>ZEdPTJvsQ(3k3MV^e!x1x`J(a;_Z2OJiz{CS={eG&zu`cYP7)Q z8QnBZ;a-*&`nsfUjzA|qt^5z8cg??{>PQQf*F~Dk2){Q%VwLK$8(aL^h%)8W_Qw!> zuMjx*cwnsd7y-EI`=FDy^Oq&s$uHjOeNA1%is_N3#bE_Dxi@B2y2W@Q4q3Q4`bZ(yoQ^YV@jw0v?zID(Z(wtbL2| zhGR_)z+>vPYPz)X+pReHdZq#F)0pv;*`vYX76yCkhzu;EEe%6pp(O}jmM4jj2nFxA zA&{dWP!2ZcNtj61ov*K}qMR8^?UZQ3i#}N31#{ELMT~`pD)Eo}DS^}K;>hmIupWP* zwn3LWC$Ntbb{NrO{w2Fo^Jq^~HB&R_zVkq9WMWg)&qX>&H)EvucTLpUTA{Zni~HZX zVemOiQ>VzTIePcqb&*Eh^Jti#2K0+0aIsf;*Pyn@_fNB;J-W6vf zp8>^$rWjaQ^UVG48IS=ogUo3gc@8Uw*D5xJUM+APsYC;|^tIj}hPTyX?frHN5m8Qa z*`3Z&4-(eTP9KWEKj79QY684~Y-m>JDu(u=S%tKEK2oB~g%=&TkFS38@Kt!#A<=iC zz2N)28ZI@#eSZ5R5;E++n+$Ee3dFo@h}Lo^8V=%f4R^s7R; z)P}DP&eNylPwQMad_8t(lM(zVW4nF@uE^Yh{x@%A_G|+2kY_egpcvab$<5n$Ws`NtxMwO1ta4SG_ApbP+M1@tnA zR5Tzd^kt2)4WY%5{81CRK&>>BdzAUyP1xzYct+dxS{(7I9Zy4Kr{LTsenb%^bpYSn zO$TN}LVdSr+Bj+VPh}G1>6Twv-%fT!L9{2sMF8!Er%a0(PLbkQ6XGz&o%W?A z_*V3;?ww#Ba4We81aTaD?l%z=9+(Z03L=_Xktb@ekHmR9C6d>0Ayd5iai~iEsz_J} z*^46Mf?>2xXo!e9AI}Hz+J~#XQp!|-^V>|19yf4i;Nl{pfZ&KzZPH~1l*MdmE$p<8 zf_6H4m*!_%Gd$4JiFR=*CQA{DdxD}>^+|(Yi-;Q~E}{v%4EzDv(V1SESvcD0}_Fu4Xk`_--3@;l$3vg z!_&U$Z+cpjYp}9ji^c0uNR^e-c#2xr3F_Fp2Nyzdjj*5A=jIX}2YD}PDFsG`vJs?< zDn#S*w4+^tyP-3Z+{qkc``-qQEFzMX8yZ%TEwt|N3f{>Z!fWD(*j(^5c8vV`b@z+{ z_@|}12)`+d^qF${Rrs0Oc|B%wKvD;)mI9h`NhB|>FLW!0vH;Zhu;BaJnDa*c7`0PR+@Cv(OW{~$tc zC;x-@;%UM23`kXB?>%&=G_h!Mv5oaD8o49IHUhc&w?G48S&V&#PV4=l${3H9Vbj%I zRkZzLI$C})OtcV66B`@Gb&K};2b=QyRk8BXz*AN{ zr8%Qb^;shS^Pfn*J|~^Y`4=+`_#*oMej@f?pU=PZe4S_k^FDrPk*`GTju7j`pbNbn zTA(1*1qi7ji2{1`xVUxNn%G``4zlt6(bk7@HvR2gW;?%f?F;!wZuxR6 zrnp;zIq>+G%k8<`LwukLpbULp_2(F#LtVZBr7kaz!SAE1m%*=vuvN}Xi5aKu3J^7- z&gI38CHG)tMEeM#ep11l`-!>Wnr&zqCDVNO=#0(*A{(BXaW@&@gGgo_gb_Zo?m!-w zi1uq|lR9hKeg6hJMz7B9($`6Pebb<@0tZ z#+!D>8cZKhsX~8;rTc&rn$o*hU;!`4-SS;CkipP2l0T$IuL5-*1MH+4Lj{(QM@0rn zh^tlN_puV%}2a4SdPlYhSF4_3q8Ttq=wJbj3;&z=_*TG^_s(pU`2q z9oOj~5IkwN6}NBHXSQ{rD~)P*_a|Spe)33I2m%0bO7I`0ME}Y5|8PYA^yq)5L^tHl zSdo3ic73Xa^Ba*$>eYyeAp;{%1QC4Ozye6wI07vt)>mMYzxRK38giLs9OhA6Fk9_$ z$MoMne>^|+_aN}X9o>fb>rp)Jgn^g=vnlh&8}3fz$+y1ryj`e?W?)UtAzEX^n@0!{ zf;~@sWX6v~H)z}SJ!2EW?MqyT6>R-5{-Ou*`%0eqh zUl^Bb!sqMQl`y!zMs2%Vx|!%=_qcXu%Dp4UJW`%Lg`K316`%A)|>jmL5aW++XKIl9K>VJyN$-QLN&)p5mA(jD5xK;c3F zs?JU<0K1WRbz~f<;Y!+e0cA1zf|tnbUZcu$wPypyd+bg|a7k6bO4Tth9mF)F=?7TH zvE|a(?a1}XZHAr!9(??!5Lt-w&A_+pZAC!*AZE#(nli z-+n2WL8t#LzKe*VZf7 z>EyS2*KH11Vz|*2m1V@{Sa@hm()$-sK1k`QN_8GurnWNb%m7l@*b=L7VYdefhTTe& zc#9Vt6Xi3MGthQ&wWyJr<2z&HKT6&)w+1RQ_V{CLhidOJD=i_Jtjk> z`A(SVy$~-5E#{km(I1<_q1IW+)LM@vRj4-rNt=jLc{?({XfLJCDZ5WmNBUXZ6Sgg$ zj*mB@Hg=YRK(}247#&oky!+O+w82Nrkl$&E8DNB5D#+I>)XoRBH{|3IKdBFn%RHRw zr5AelZZ^+jESKP@) zEjjqISk2=O*CD8SrI4z|T~*U>0kkVoHYg~*WSxyvDgDIStFj@f{Rmra)Qr_#dhGvG zrQTwiqBLJif$IsGg}sRip0c#T(t>_b(wV*g9E5f9h%uQ(Vy!3ayNSx9t7=5c!dHL) z7FioJGc-7jBhQ$vadrcnf7x_d$_*8xect@a4(Z-Of_SUBmb`h{zIWXm8eiAdMCqkrN57J-r8DWfGb;L)R_#k=^{QiK8~2WTz~rqs z`KF-oowCiI)VK)lJyRBdxg(VtkIz#WjXC{0UzAEWP!C)A%vHyo2l3el)+*ouc$y3j z7swdPFa*hSm@$=pHvCF6nIvcD2irwq5No19HaURHQ6IqqWhIhiYf8m1li5`+Bdqk4 z1$}EsAJg+LnIkchIFquln=ls|a?S?ArydeRww4i=w90$j1O_0j@wZV?5f}H3z`o!f zp36iim@AkI+bUL&QN)7=Cj%<5pt3>a;nJZB29O^g5weZ7C@$f zMHY}FxF@FGzV>|vYYrYi9{KNOSFu*H6U{B5LybmY5czjH0_~Yi@IX)x0^W`D8zfvu z539vTvU*6_4t92@+lhR|AhHDQ()%U8^=~)MeN31t#v9imM(W5@&X_|{M#LkkQWT{J z3YRnr?b;?eM!4{zX&vv|*T~?e6Q4AsCw2Xi(O!=J{8jLUm_NTh|3O;ppLfdN;j&ef zK;Z^SWv5?9b&Nn7fY0nKM;IF38#;mAKrc*{a7Y{v&ZBN^A8K z42&Ob-qoRT>nCn=5eyQdKFfW}4eEN@Mwxbn!bp2y=jw2IHk3(u#Et}GfivND!{$vm ztpWN0?BL%&WbF~E9@2|!K;mk5F-e5i>+zM1Q%eewO@7mm&ehJtxPO=Q)=7|^#$L(J z3Oz_|wn+a|R|&BeG~TeU<1+YlTvWdd;VNM0Xy$ArY-ax@7PR@w5(z5_DH=K0IN2M1 z&5-^-DGWs;LpMW9BSACkKWPa6@!$`*Ht{Q8NW=jBl`njUOJW~~P_|o@BFVn66%b#e zU9B5wwwjMn!j{trc)B_phb{=zk#|5hyN$cz8R7+50=5be1-V&yZ%5CFAhMCDPf*XA zP~oN{D+W&{^{rrpBSFhW9TO=`}V0fcSrB_5XQ8{0%s3tXc1|!h6BR_~6%qQlrKC0(oiT^LIF} z7pila?K|W7>6M8ardJ3<5-0Y{{Jz5Z{zIXYSeBK%73z#2iQN8h+?G~MT8h*U^|S+E zL@KsBq{s*qttKrV2@wTDCC9DW$G;(VQ3M$SA~}PKhxBKOtdoQ5wEe9Eks7R9lArCa z&rSl%533=>ha+aG39B{Ov4VIY~f)LK$)a3ilU{8BTPY&NhZfsT#BNnbH znIK=m{5vB`93o(+!xV-CG!*lL6CKYY{W}#p*#OfpgJN5U;?4TG@+09Xl(=2YU~1J} zLe93JJVXa`QG_H(eUN+YueB2R21vlBgydUga9a042{fR>pCz$B2ODlg8niO!00gnX_lYAOgG`1iiM$BZ3WW!hH{6<>ICRNH6PIf z*+KO_@`&EfKK$A+Or$oPJvdSD@!SPU+$P5mESCfvV)y)Rx?J27DZ$e$jh?GN(?9+e za5H*Ej3IXy??Di)C19k?wqq%2Qb3OtY38?i>d^01#VLl{uD$!Ckch)cGWn9d>lq0p z{(2m}02P!Y2xs#QdsziT6|x5ko;oF65)513sa2_(92LP}7X(VS|7wN7WoZXvZ?iH9zU zC(l()XP|Vi)*hzAJ&@^KGhmOt1D`~B97hZ0jIixUk$RHqs=saxs0uXUPXam(clWHH z5=m!!zl@gYv97sPtG-il(I_cU`eaz%ghb9mLPHdJUoZ9!+8+7Y!ZaQI4jP=Er@LcE zqcHQ@+^;QF;aA+HrFG=VvbZ8{EM&v$TAt?|gRU*KGdV{sD&%3HYKYHjs!TI`eW(lF z_}=uHXsjpk8aYt|t!L>@pS8?xvgQVudor?Qxq*zOnpEM^QgLy564jbuWdp3|Ww0+M zSFI+s;Z(aa-;kR}R$1`7RBzvP8=~^1d!Ev^9cm+Zhhryc9{3l@=@2MaxU;c|f`+Lq zWgZ6|lg@O_(TK`o9hreH4nm!N9Wn0W9PW)Ny+55XROhKnK40)YT`t+7kt}u`v^4=y z^Dp5EkgmCipLQyAbI=5~)otHJ18RuX5=t!IXvdMC^|=_T?fr{ZrGAOxv0(4XDb+0A zxtrs{sf9uZC9Sku6Imo3!<-Dz=bxuwuUL{bM#iPNxqIFh{}#0zI_{k=fr^3C(M63k z&W%D-6E5%Y<+H#|#qVd1RKI@n<+5D0~wJ_*7tjK7z69pBNJK)hHqX%n$4 zzpS~M0smgR85m@z;deVU6QM0YkO?((?Mpc6QDP*~6H6VqksFF@N`8Y3pJRNNhp7p? z=q%-?l(B6M7w}b5l$JADy@)Fw64!+u&q*bp_<+jSSuv}gXU zAe(d%Oy9_{$ZqEnZ8ti%24)+_BHFjKeu1|dJSw_HEN3@kco_bAZz6CD&x5|vz%ZLu z53M2bgcKU1y(gn_yQ@m62%ey8_XYHi=+9|9Z5QrqU8cT1oc|ry_jlB%BQIs~h59>5fAILxh!H0hbk91c{=(01x^+Y?c~|fC<%SNSD>E&g`K!XW)y2xJI~4 zHPTm(YJv0RQJOyjL=aonX+bK}S?v~y34w4)s4E)@2zK(^GvE=;L3;jf2ByX}hr5>~ zlF0d5ZI3gADV0ovgqnUpHfu$F_Sq~cS@p!{zrpL|QN(TO31Ls;HMeLrx5H^x9~NI! z`}C(cDjVQZ(B7AMpT4%g-hW_bTT3&;zlKqj%>JoRMbYRFPydKCV+0_-BB&ydAXoI; zgk>RUFm>mV_hAk*+TBn(_oJ>}~X)U3||<#WrZI7}6M&omI=k8s-Z* zIlae8UvrT;5Bz|CSc6!j$|&vL6Iuu;mPsNWx+23WiW`n}vE_=0cfcP<=xv%;Tf#|ggIjiQ*a`0ZDWc4W=(PWf6z@%s>e+{f4%UOl#75H1Y~06_7-ZQy_4xIdcquc{<<9h+TIWUsHnkO*XA{@$dQ zR`b%@7|Rk#Kl;_uFx3S;-M;$9;K_*i>5$J&E+*$U-(NqIF6SnN7%>KqHXSa}WaVD` zF6O}i zg5Wbg>2gR>s$X=n$J2xZ)m^L^u3R}oK83t88+@ZHU;cO#@>%9b@S{*cPW1vhcvIzYNJ_OG zEc;k*(|Ld9&ZGtOKg1&AF6=&j*i&f|vTfPKb9scaIb7kp*YuMVAq-swx>3sM6VK0u z1c#g0ag`JXlpr=}#hlxw863NLGj^&YUJV6WSo56{1Vv?=f$fBFxmRjJDh#!mWL`i) z!IJ0bvpyOy;FJCerQXMq07|j??Id;scI0*ebjVQV)`eJTJ!e*h1^nsP5&3DI@{ zPv)BL&Fj*u1CLt-Z4dZU(FcyH^IAh|u9wzdIUs6Ow5O4B^dj4-5+oZywvs}?vv*QBugkoTgF+|bQ!!>@zddX?QsER zM&WH#HK#&sY~ZLmxbq6zo~c^)ST~{4?BsBX-jf1O(NLY~sBG;XKUOsVIO4T4vN87kNk+n2QJ?9ebqAzMk>Pk4Vl2NJ< zAET4qqvP;dk;P$HS7 z4dWuRlDZI@d;9jCITECm43t(9(jtZG0J{#S7KsQWLX^rRT@>XcB~>aza_pN~^y&TH zcY(nazo$!@s3ZJHQUEpNF*a;O_NdiXUDc;@5|NKs%p)o6Z7{%|uAtLtH>idr!`_Q= zMBPTxz!i>!N9gAg#6C0m_-*Iguc6YuUAR4}*fr@a_F6Y0Sl+7!>A;%Hb}xawdiANb z@{w2F>bt3~;oNZz(b0Wf!7L@f6W$wOpZ&{VsFO4G(~>qht;DI8ky$jJnw}?e5s@qq zU!IHGJ=x}ui-jU8RB`{cNPh{y^8L3L>+i_QO1?w(EB(Alb%4VgT97EeML@{(O~jy6 z8{6RCKI&Xb$ju!)0X3-dnKxLn$y9y&u|s22^bR*^b)X%7^PWLy*n*H#{Q-(FE3){3ydKOww=e+czp zSH7?|B=gD(`qj)DX>Gfb)%7P&UOa=VV1l-?B4LAndgzS#0mK)Hbh`;4*77<*Xyjjt zoYUr(c0?g}s)OqyL4)y{Lg;cry)@N9xxD_!^X9>~<6X0Ig2o_7&E8mSD|wm|`yh4s zeAPe06@C`@G;DbN6MmXF&n?0IvgYE~_BZ|ST2$K1+Tx!Ab$>Vre|h5%IO+d3;DE#;8~TQ|H~%jXNcBHw?Bf3T4JF$d6Ih~NMQe$NZgJR06_D9v_}6I81~oI`I|u8;!7Zo z@{WuD>6?OHy)g*d_}*xWx>xgS@q*n@cx46EtU88-^H3GFgP0|hYsBZOBcC|V{i%k= zxu_f7KNNSrCHZkcXcPwnqETfFlG2Tokn_kcXUoc*f&-Hlx-&{?t6L+YDH8G^ZMun z+lF@^vKcpo3OLg%lZyZ2W?he!HG74M3$FIo`xAHCx}vRSej<2E?v=(1omCs3PDU1j zY2P*;8y;#8HGR`EfEHpyA@L~iORO-rPR)?CDKgM!Z$boVzb|Qs47_K^Hl`~>E6zlb z%bb=UrpA+=6j7tW{IIx!R_E+ek>0KphgVb_b)g-WYj3`wZRoGiUEyh%PvH^CYZ!=o z!{a;?jdD`ne<>YYy;(=ZCsK+>d{MH z4;X<+_+gGjz#_dg(93~VqHI664VclJbonW3n9#C*0W!i>a5G}{ML`=g2qP(R2|eG(stlae=>W zEj1IDQZ!62WJIbMY$M#5QS>`&bDp zYs%Y-v(@m%{g|W5#zSRS1&-bVaT1tl$7%}7)sl+V6r98Snv5-=V86N;)Na|F(8oul z8k{WaID1?`hv!;W7o(;m`oQ&bVNCvHa2YuxHgLOE^DY(*?<$xD#qnDI8Ob#Tx>5t^ ze%==E7GoXg@TfGUsqEv-MjKa>Pj3q8OqgTw#LZxXoZ#VsyQWsz($gT;4E85d*#wZO zxnT>%yOs7u%iG)eJ-|IA=+O**JX?#CbKJ)8#&Z=-GrB~1| zISUC0EB;B$Z4g9&X1PuZgHv&nd3W- ztT#D*8ZzXO2QQz=@4ncKn&q8=RkeD6FpPnW;6NJDycj3&K(O(q+?Vs7njIt-x*qrJ z%+a&(Xp?Xlub|w*aE*w*oLnXH#T>#|TEdVd#bV)UK*$C|r*hE&7WWSQQ6V&@LYta>jN>4Rjeb0t zdHTztTQcTU8$skxA}Lv93S{mOE(T~i3*#?;0;~y;gG13k66SM12*xU^>2Q?$w@|3n zv%Dn!+b;dQ7I z_~dbEh*)sD*+RuDOw55NTE^OmFF^s>wsJ$57qfm}Yp5^~^T<_np1G`~c{jEOD=L&R z%DFB#$ct8ahv;-oz4MEGRy>07*w?e5&qMKAp%3aj_6UBVvSTliV$gnP?$ z%hLu?vouTNO?%7q47jYU#N@BiZTv;k+AkLd58hCslwiIM%`a1Hm^Hd1EL*A4ZN92j zof~SEUq<4*m69$!WEMDoTF_jX-(zWPQsmNkK2K!ae<Qb7 zapK4ii}dm))kJODI7URn66WjMV;;}Y5(FS-T=jGz*5XiQreTargH+Ts)H8%1@xm&Uump&HxyGJFu;<|@4 zHVIx<{VCXQH?|n0>Ti;L>8lCCr|*hF#6#NKa#3*` z=~B0c6TFxI$LL~I8KR@>~|HJuxugr z#L=)~*-U^Qv$XcAfYB;YDK zFx#p?$D7pGG|E)GZY!oI7DmvKxVQPCx~0U^5lOb?s*ev({`}+sg0hG8YcQfD%p*L8 zT{{raMb1Z74%`KrQDZ3yRs7xbII{le&vMa|+9b-ZNTi$#`JJPJ%E8IsxuqtFv_Rq| zeQ@Tijn3=-urR`El6tvKF%o-iUYn*ds zC7-k1rnI)K@mJMZ!G6M6t(jG~gX$NnG_CucI9>B~Rjwh>SQd;@PAFRJ zgX#k3rU;vPH12JvuqMyS1NjfRmSi>8wiL>E#*%mGhfL*BKX!@h+x39?mc?Jv%o8nm z$4l?$-36@>LNi(}fX&sPcm@l%aANz$L!y)-uSP9b|(XCqd%*e|LOT3 zC}iaHUqkUAe;H^Gs{Nzj7!Wcn7o5=G4xj`UvlvOD(7L}33rnPgl%;LgycsY9E#|U21ymz_WSa94G(4%Sfjjn%wJN?wd zmi>+S{2iTp0#|-jqNwr(zshq;W3Bq$>?+5;;d%z?as5EY4;1J09#WP@G8UEem0-eV zF{VR0nfEZ`Ea;(2_&(<|*gwWTkmLEzTfaofQ#k*blI9;g{BI`yR~+!KPyV;E!s;(= z82?%#%n!W`N^OPnK%pMoVmE7~j@Wn02`#`djfmqABNCZE`$Oa7^-{b;Q`vxRq!q=; zH|>9s_KrceEZw?rueP0m+QnY6NwqtaNmV~_|9OQ zN(c7fO$5!bk*F7h3Y+@Yrta6m)Nml!4;aCICGLm=RcfMMn+@)dIK8>3Jv=>8JgWsU z9r?;n3eT|#q(-&yI3uv`%iUSB>?QI`muJhOJQfi;6A%%ZD*%0*#HDNdkD4Kz~i`sw41& z8*mcNhqF5kwABCO=X%ts6iLJhGNC@nY`l=XDZXNNY!DY5x zc~hv}P(0rG&f7<)@wYG;n1-9oA@Y2%{?pS{)y{aKGZN!R2q}VW4QT(<%Z+f!ywtR< zB18s0(TH-l^8AQbriHF;fy#BVYtkq$cKK^e!LY6uYu+fo( z;XKS%7kkOpE6RP>+$@dZ<487WDDB;1cp1N5LP^tBZ99fP{=@WQd^w3afTA~-p!d8! zpA_*(*J)bdAj|Jj6HnowxqRuik4A5l1K$bQ)DsgGv2i3}L} zYA`wI_S_Pe1y-z&qCC&gbW~E=^O;y@22_tI7>P4cT=1is(RQ!>%B0sYMaTTz!tIcm zC$*zE)Puph&@||hRVKx7^80(;f8Lgcjs)L?zZTuL4uAg7>gSM1RMrsmWVz@1B(GXk zT7LwH;JJJ$ws{Y4N}--!$a0~{Y{)OYX7-T9A`K-+yFM(~NBiSCjc)x8So9P-)JR@D z5`=3ez)T14br9K4n*akSv?0b?KejIMT@mSGv2@@(o-uQcdjwFH)l}W(@VmX6JDwmal4aG1oWnO^d*gRMJ06xK z7ev^-?b?arD#-%kmi7I(!V|^nxMH{Mlx3wgm-H|R>Mv6kVu*kUtmO?+Ce5cEAA7B3 z4Y@1@ex^}<+|XApco8>3cEnGfQ}sQ@J0tK1D211VhkIgZ){y_swxl6L3%X>iN}Gt+ z@<{*5LW>Ao4PBKIg*)B7Tgg}=o>&yK%3tjQ z^#M!T;b^d0C{j9IEyAA~X_WaHoFET{#U?sW1j4+esxGFGb$9H9zdx?HJt1eDe9pc2 zgzz)i#UN= zNzOyCzv@*02&v^rRzH(%>qoml`yr0f!`keF4Eeo zg&@gms$8qU4yn-|vo_HiW{kuG$GFCTC^iq$S)K?T=Hjhmm;lrZRK9hknpaBK0zjue zz`!9^kN!{?WW1tflGY2>q&D0rfaVW0gATVB zWrEX~*JsH_wx@*(ReIQ}@W&wP1=m$W+8gHUW%DYF;Pd1jSfVsRz#%3=Ko54eA8sgc z;(s!9+Tg^vl9Lz}^nl8Ar=m`#_Jb{Sn$X!|_{=Xg_B!lvmt~Lf;}||{ux1aQQ1dj6PrD4cYD~SjFF9ESL3Zt_gM>%=__GIB?==&>ASBN8O8lMvZ3F zWvWdy-AW*Xp3jP@M2+GvhY;@&28auRb2|S^%hfP7T=OIVAc<#<3;)?G%>HhbBw1pXxM5bp4^)?#_TR$z#wUy z_eJju=1JM8hfd^Ia&a(e<$B7FQ?^NX&f{dm z2`(=49wW*;)ko%767m*8yVJ$`enl(xFhi%m_!xdllx?44%5fE6GOGJ%D|8erqLewT z(M)kse}$+Sq+~qrIhlk&&-iP!D%r5oapZgIo3yQZ-D z1e3FJ(CgB~eZm03sL!;iqgi32Pvw0`qd_SC0}L@O`$I_rqGY}m3EBw6J*Q*=fgl7~ z3CdigGCU>7rkj^%3orK;whjX85GD##GG}FD^zb7^0`z=w0W?x92Nxhhz+Gptt%-s` zI9tU7X<8u#NU8# zC0kFh*}<{;V+TmG9Q&s3nITGMoKXe)Vd)*-fW-Ozo zm*620>R8f=)S4;RD^9~3(1z(NA<579uw+ffW5X~Zrskpj@p3ggr2(HSwb|PGH+HLl zX%yj$aA$w3_xQLnxt6wcYFA)m3MnkT6~(;YpRsz`IAOzA zECI3)?np5CpbJ`u<PXIpV8ey zRdHDeyDYay+DJG507~~m5i$iS3z|Y-i<*HQ_%3xwaFo_wGoz7Sf#14sNx&=m{XoCQ z)waz_LDb1mOe_nL9B5ZlQ7?3<;TQc;pm0dYi7V;b7cTS^T@C)3lS)V zxI_{dOjc0gOUexZ#C(1Qn?EuwpuGuDHff7TsKfeQ}?UKGLj%AAeR>X{+AG>f2 zGSH%zMdm_;WH@>6ZnS=aVDfA!Z7Y`m3to<0S;$~ANYN>RlsE(a3YryZlUpQE;H*rs z6n8OierZ;$cYfwg(;PeyGnmmR8-xOEV@Rf~7Ms)>U_F2M6ImuOTz#KGu#fK<5bFJp zpC%Kt)sphkN?U{Tu>EwdE;wsR)!WTD$RdnKFa_M1Rv=9gcNO$d3(+=AD6IYEP2fW5 zbsjZk!l>h5R7ORWada9dYt%O>*i|y3M0v^q*e$S3OorM4mV@#@52Kd5k5CNRCdnCB zzcd-rwVp4>w!U3B4kProo&B8O`aH~O{S2W4JO21K61b3KaA+>MArz?*>s##1Mq8t`<3-Q zs_(iMp>M^8p}6s5PaWE(jd!>8zi4}7yIzN-T*jpo4a+3GJe%||!R}V-U&ke8^l7}$ zDsHPOMD~k9IUYg4$-7+7H1lP*%P9xotQOa=3UwG$eo*810zGtQ`}VnXscr}7EM2yB ztyZtwZ!Z&>NpHmnXi3WQ?Hu#(iFX$O=z}qxJe^)1MJ|7kf`@Ygw1Qns+X~I%v{i!mj%NbGq_jXRm#QaIf%ak*!d*aOY4baMWC{)ypt*tN*B3>u=*AS+OyTn1{7| z9iU%2x=nOwg1F(9@);3?)bWv8c>W{b0P&;<@-UPNNhg(MYz$fjoNAm7sF;6W<&w_c zgS~OCCr11)fT$Q96l_kkwY8BdTE!)lk2MJYy;ggQw&v8*2EY(w0OJax9-XbX|Ko{Q zY68pErZ~un1GJE94^=%Yf*%78Dw<8NnXeLGg@|IMlY!i>&wy??izm_u$V|R9^qRN69>_D`qy2* z5%L2wG*^3A);~_hMYI@q5&ft<&MRMxedBf^;UtK*&~BO^M-h%w-b@v4Q-MF%jh zWGQ{3A~IZifBacvP-F7L)UBN{D=hhd$cpuXlD@}c%p4+6|zP5*{gqmwsd*8bA8jCTv2eGE`Jo3ptl^k>m5 zSCE`l!0BNFvS+O)^aK>H^nQ}rV|%9}dIlt)O23XW9ohvNVJMt4a0-3(X=}xV#fjc3 zD861gc!Fw>ur=TZBq`hlaN{Pt-c9*cdOMfz-LRy_rit);Igy5{BB0)*l(0rHFjhch z_$22*7p2qP6}?0FC8LA8#S`5*ti|?=ktH39(t)TcYo0?fA!d@mOqUgnyom*v5;zpt z$nDMlmn*qN9@5J#CNGM0lEV&Ul0`M0c^0l>KI_W9@17S1eQ~ad;eD~zNXiP4BN7gv z>4>oJtE!#*M%kE@(Nxw@3@z)x3s@5JvD8QCe8_7V1fy(IG65&arv+S_sYM}aJ9}YPl#on$wqN9uiClfU}2k}Jq^!tRgok9#qTr6OGl z2HKOzYGsopnn8XDB3Q!f*~JeWJa^|_<)G^UK-(bgS`qUt){r~UY;yng`GB!OT_-y_ zKiz1?dB=;;=FG?eh0T3Q`4zok)-J}987Df+{%*>BqmC7N<&Ah(IJ;=@h}JrFJo13c zBg*x=Zb@#kt)bvV627lHzd1%^*op~byVJ+H!%>v?1Y6rZ<$U|*_}LKNKvs5U9&Y#o z?7=-{fbvT4T;&4v6K>@W6oMV2+vnkRQQs)^io^%%16bVb?yg6i%g1<-(xndtb2^&z zKJ@uZ{xq|{axg%n6*d5^8!ErH{xz<-yTqk1*8liMj^%5)=fTlhd7gn?yDdi$S9I^( ztSIpsq~);f3lGJSO6ftqMD%*k-DLQRFt-E$*FN4xUu)H}Kb&?>H7h@wtPrkM0O3ST z1xI;ag|O_rbkpaDnU!8Vrz2&HUnB3G+aL0$%>xa{m@Rpi9 z+b*mrrOc~JwpSvU(`zl&{>pY}ln^djX-l7idm@xqP1eX~ALs|?u4KMP9rc#(@|k;T zKJh_5*?EO60XdHO*)}sRLjc=mE%vnj+qTbqBg&)jV3JD#|T2g6{vGt zr8&jeSDeQME4NAl(m=y;Ll?1DtT77W{o62Wd%=HI@9?zCzu5L`CQGN3B%u=-MV}j&$JNd_o!C()Xs`s-NK}p@s6lnaZsPSKTh?|L?V)_a+o zw_NQfc2m^1get{BEVsL$Wm6l2o5oDLX`c$Xc5HXy!a4869@6jQd~~#U@qy2+q5AT# zp83K)*=v^;Ypq1Smbaz03lzK9b^k!Qx>+4J>$&Wz=jjwg5ApiS5Y8$drHxg7 zGGe~to`n%r;#*&!9HsIuv$%pcxwkJbvj3wH+pew%ruwH};ZY+g-LI@J_;qFayEIJt z4fQ~chQgjFGsbf|R|sjS=srYC4VWzZr9o?oYC<&%tjNb+hazNqC7FgF>o_|~Z@YFf zM)>)|WGzvTgCXlzbB6|;T{|v_eHZ$3N_1@u^@W2MURe#hme4(LDW#L0g;m!%mrzfpx-W5cFN=~PUe0rD9m8y%Dp8B-=L3aZ@p)d+0jMj$ z?nOF8u(^)W$Jv@MbuoPCjYUj@U>Y@sa)vZh)Dj^>yE*51=4<+v40Wfl%(_%HQ$Loc zc8m{>lvBiffGhv-a-K~NEJ6}Hi_TY=s7OH-l}pcj>iwwIBZtvq(@?8qeQn0EB>&nz z#r1hdpyL0n;B-FKcvwH(1tq2BgR{R-2gD1?2oadHYTHDVuxy3%Fo1E%gD}9B3B;~E@!xG>Hnv8`fWy|{ z+rS8COhfuB-Zv9o5t?XdJplwdf%->VXnABVn0@;@qonJhHoECrwY-S*E?Xf2cvE^! z;_5eE5I$Q$y@XZ9L#Jp@!vMjT>vnbdJzP|@u<>tju7o_9&4M8}o`js7BxZJlCsqIu zurELuNCoJdCt1q(xQKS9vui7rJaEOtGr@!`3@~}ZWiQXs46RTK`yoSDy?ESDN`zTk72Vsig;Z~HBLt-4sXS`@KlH)Q*l=lJ<8ZRAckH7Oq3#pj8#rr^cyx66tX1+YSM;Cz!@4 zOFe%49`F#h3E#tl2S8p$O22;pADKBHnL;}Gzx_)2yR0v zdxICCa6V6hyKi_mt%v7CV^UPkeOlsWJ{}ci(z0>#o7eg*a(`xWWPG8UG7|D!2;H)U z>P6@s5wSRSGjEU4vc=^n?Pl~eTT2`5e)5(WRjNQ2NA1wddzi`Y_mD$Wvt~#`*hUjs z5(R_|6XZq;6#MSuQz`Nb4POy7SF+AYyBmSbO?!dWvxAt6Qd|PT@yT=FZ@{t^YrFkH zK`Q0SGq;UGLtMmo0iO?QlyY~=a1dE{nvhKFFObf_Sv8XgIxkR-7c+}wh)(G5FOmYevckWITXMtw zP0Qs2^oPItyI=~OKJ=0jZ%aX~r@@Gw9Dh?*z$PTUYppwLd^NFopRy4V77V+>6rXdi zlhvT=EQJ_X=tsqp>NCiYb&|1d^oqAYC4g~U9>JF8<1%SnD;IgV_6l;p)Jm*SmnmpQ z+{1)=2alDWz{JM**#hL&Sg*jmG0D)qOd8V8j>8&4ID*1FhXL5v-P@x<0atUI9RXUcy11%_tt&RuN6pPu7AcmJ{7X<`tdqG;WAp34*I+QnkzOs!=?J1m0hB{03 zJR|cI6Unb}vT0K5NZg@_8+5Ny{M5m216_?CyjZ1Vwj>hyaYWuGtay*~xtNT|wyj3@ z(@tVdI|UUxW4kuGS*@3z#x{;(`?dw-3_Lu9G?`VY8U88t zMm9pKo3R+!`EC7@gCFB-TdJY&JwTbqReMa5L%7G0$QHYa$B(Xb>oAiCmEPlDqrGgu zi!z;%C_G$5skwrEH04_2CPUkK0eP+b{*-R6QQ&K8RJ7S?Y_==Mu zXK}BgIap>}$8K9WM+<&6ik0yHDsIiAdnpl$_OO}M}6(rRiGIN?Pmj%;@>a4O+?7=Vy9OuNwH7iAzfX| zK~{V}j3}pVws}BfO6HZnGt_v!B&~~G-f$oR)>uut2*nb;WS0-rG-7gGWEN?pg(~Q` zDJ~}F%+Q!!xH36{zV_(}D?2PAjiC(QMW}YJ8*1;fPSV$d0hL)fZ@Lfq($-m(v)=1H zEU;7k-N#G}L9fhrWg?6PZObx>IDeO1-wlC6&DLzYog>_uq8oy{lHivb4*RDV!hwp&Jj8~jDkmXnGVwb#^2F6p zllQ9USKC_$*PaYFCv^$72hnzCBpc=ic%h0(O>B^l9@&gG4f|)Oa#RrrptC2gkQ31AB@;*|i#QJ5Cm)|d1(b#rsz83W57)B4EEVZ6JRTb9t6oT(z zu|N{eeC0mJX!@mw;{{7FWQ%}`ll17>kw1zflwipge-u-kV98YgNi<`Re*dIBqeGJ^ z^Y8g7Fk24$DO~nUl;<@}l0lO#!WMn^e*gX5*BB5i>C8`|y2z8S{O=JgZn{AKYPpnp z^HU&>086r99Q+>3^atEuzwLT@3hvV5!OIOz@hkq zN$FlwdfM!G)d`W}q$V|%YY3))N#MDX0B5!Rc2mr&;`2TEDcN6Dt^uq;8Tn@Gg{chp z8$FXm>MBe+&ae<-C}8gK7?X*Brf05PB&?wfz-0kfi5e2}5SLIx-gk^mOt}_1WFePf zMq!aLpZcNHVX|5+dc4|eK2(XD>HEE6tW~RAAPsbOJH}!i1w&P{2nZKgkc&V}l7r`Z zj0yQi=(CbtldWVj1t*)fuafV3`Aw=nmlsAw{)LEqJ%i|~j#gC8N?d$z!O3J*}h zCPI0(z(eApooa$zAuPc@Z78$Nm5{v{4k%m3NqAV*-8VxLXHkM@B~%?pN%+l7Aae<; zqnEG=oH<>^(CzVa!Efj?wHyJH*R*_Q`G&Lt4{-}B= z%v~|_(#knM3h+*+3${u66pOc!r_;to5>YsBhK^$*z+(yZP>ACHe=zhwA7jDA2Qf9Gf5RNz z0(=uvdj39oC3f|<4a`ljJHtQTp8@CozTUT0-=oHC{C%eDBp+r^Z1hi00N(FTpy$kf zxQD707f`*iZ-PhS4jemI?FLs8dJ}*p4L}%-aQjqBC=TROM^2#)Ms&fWGRQjl!rmCi z3v9YG01hXhcJSGLGTtKEi`!XjG_2la?0Dp^UZR%5nnsf-5W;mS;b7JhE%PqK&->b4 zwh$ET4}AJ*dD&Z2Y>8N8>1duN9Q`Fvd0?#oAMBjwYa<&j7t5a5Ff?Ocn;XfQU~(MDUL+ z=3jNyPP`ZCGWIy}A&pr98O?9U7@l4f4!3}}xjrS3RHH=*Bw(y+4a?dRLBN6*Ep%YL=kF?SLMdhmE z&t@HBp9Pxe`zmBRv;}R` zk$B$RQJdk|vAffezwQYnZxPvTwrtf7Yr~U$af?ZPEEah%JqrI=X2=W6%bN^|18haz zD4n&t&2ouxw`ULh-QqFirlE-M6NBE|T&1H2*ydlDlc^+*`_! zr-op`^vmeJ^LF(#1l7v|_#@lKqqj7r7Iot}Ko%x+Q)(n&*xrI)K?36!?V0+F5cw5K zG)n*pd3r>XR%SLj4=CqsuTzFv&XHP(rouv?tNrc}|A9o9AV`5ON=*-SzcmgtDccUDyl~hS#>hBR_AaL1}@!ZE_=h7Tc}p z#S25rl3OU2)C}AA6NRdVmL!z&x7Vxq%1W>PdQ@4L4#~ z9%kU?-By<&$x51~`I3|~n}!N_5+3IJeL;a@%t|`MVi&?w_EW;GDTQqTRzY`)j&jB% z=8YY}bE6V*MKdui2&I`-w%m3z4~(EdI0*3m>m)xvQm9)A&GGv{3Nkz|NTbU%7Sq_8 zL6QMSN7=!V{pu;BvCJ^YWiw@OQRLTJoMuQS@cAC^5lmhM)T7{cUSzDn}5;T8{oBF|@HPRWk8Ct}1z+uLe;6O^)h z-Ybc2xmQL9mT`HJd5u9O5?0MfBy5b9gm&?!`JDEHgVg2SkA#29Pz|)=dK6wu=1Z;^ z*Hnp46#!u1)gm6@Nfodftfw=Jvh=ed%`2|G%HSA08a^OsnVZBAArmMVTB+}A9!H7M zSMhcr3iKfup=o@S2SlW%J)g-iq3_78D(lHy2LWb6uhUeUQ)81#LbeSAbk#*9q&&9KT;-r)Df zM>vSjnD!N-BXdg(mIav^SWY$^kJPm^0@b;qj| zb$?gJVS_|qJSA8f3+XaHh$bo{9!+YqsIg16mM^Q|(OoOgnG(?c8v5f}jIF>ckzv|Z zq}oAdE||C=BJ*=`xbx&Y8G@9|JgJ6wIfj12=Pj|U|VqQs;(oxizR)^H}H(L8% z%6Tel)kYC2^SU{;FTRrLbxzL{(dVx~#tPhJAAivTzB4kXb&%{armIyhkdYUy2_>hu z#_)s|UdOCam@)H!5CiY)QA=Q=MeFBk;6Dmb;%No!#?Qu{=W7YbnwM+OD?SkT$V*lZTh_yQz?;Qp}F?`6yO1 zG~a&=_snm9%&bPR0w zHdZ!sB@5MeF^?sp|B3wR-#e-QwvF|lJc4EoO!DpuvW*E@ z74^o-3H!j2J$WW%;hPBT#Oy7}cwe2zHw=OjhVBO~5DoS2Z(WYO2N%Ei#hX9F$tR21 zc;D_8QQw~~_7b!xr-bCMNSwx}rga*2J5A0m_LgID9X14Pj+Y}vd8Ixju55;5b<0f{ zON^@>9&h`vae3jNkJn?ZT*X7Ajw4iu3U=a!YQk3O6h^2I1GsF{3|#Vt?#yz=HPHH) z$&F=TC`a0m4q;89`c#VmA*U6PTMZ;Zv>W#TN8;P$wW>yEaw6D#J(CB28?fuzmr!41 z9X9Woh%&%=TgoaQe6y)_n1Y0aHW|2Sp)_FHY9uU_g?UadmU8{OeIv~CYYY_N{6=(& zg~RoxtBYits?gQNjeEKAn-SsbCu&Ru$8Re?<`s_4Bpi4fRe4u+M{E9g) z6DUnC0lgqq7@iT@-h+s2%^%)YmFQt^Oj8f2G}m%JTbml&9c%R25ZhI_nS*{iv~5cK z2tmk0s(#S`ASZ-l$JL-f4R;28Ec$%p4|+R2P*Tdu0o0qK)NpARV_46X+?7MbO&<5H z{~akj`TJSSzL4@0* z{dnzFW$%~Cd@fwYb0Uf5=RlC+a6aJ0f&Vja(CnukmQf&Hzit_Rgz{7yKlWH2hgseo zWPBa(F8yQRhq)X4$RxfbIbi%fWSNY%?-k0UU?Kd?Q~ zX;RAT&`-lH>Kd2ua`ns{O@q+JE#VaPHTl?lw$rQ$t`zv&l_ZZlpHf^(y>#|g>ZX@w zq)!Iq(7CX~xonR<*~ER)my2MmZVd1Xrx6h}#}ABe&1l1~g)1!dW1_v4+EoQlDNMf} zHJ30VWKGw~SU4vgHDJ{tocS)bz6lQytQ)zSVfr>>G~M<45IwvH4*r3pf_2j~Pbs2^ zgfgUZgjnvj97gLENt{C?ZY%!CCd2*Q19a~`zg6#S)adJ>IP5o-crQv^Y!6T{sX&-z z1X}8yyFhYbOp11eYyH~&pu;Dn zs&i~W{PPAPXC9YDx*C+mcTpsQkbjlxG)y8@vXsq}A+TDjAbgw8wGweglk=Wu2HD#k z%3j!U@|Ry78^JR(cPCU+{G#A)>y(5mn(}o*TLUeAEo%o`_7GxB7BpiHOW)DChOgBhPN1l9r*9bUUqrkL{U`O%*TPg`Y)#Qnw(e1yL#BKAOZG zvbxx`Etrq3?Ic||1!N}eM>BewU|=K7<~;aERXux?aUrmO%?NEn3z*{@2k`Lh5jYj@ z3U)Phuwu@@)VwOK=kzdRNFuviwG8eQAQpHq-Kw<*imSxzGov%FY}yM)S0*m|p-Gzb zJZhY`ruK75&Up)7-*njtSb5ieHi%SV?PDW@j0NxNcF|;YMW+J3JTRE06}p8c<37qT zYHfp^wj88HTi~Is`IJnds!7d09=-Hu2 zz^tFgv1Y)Zb+W}@w9emYAGs&QJ&%fzt~qF(5e)pP#9bfo>4?0O5LllD-!bHN=0yXd#gL>CM zHa|YVopy)TS$-+mp{^{okmbeYwf0!|?X)m^l;;^rR|`o}??;Eng}bHK_jrpN~ZlM2$90HT~I=0%|KidmJ{kT9$f?lLCKA%4f&)xaSex zlK)4hl(m5d3L4IfnZ#xdQA zTa5t;qw4{47M){e_n(}hdg%}-ZZVF}#K>xV4)-r8iAcfeP^&-1BEE0UymUrwsoHL3 zr$5*RAJo-+u*|6-@8>#&N(DJl1;{?5Mlt6*B8gx!+6WGMLDe+Mc2mi|ksC;u7px>d zE3EzsU#nWo1>&VJ*K5go*Oo%iqf&-`e_lDW8;09Fe+X>K3NJGfiSNDLrs8w zT|*Z~$ETZa)f>&e`^d`}t;+L?1V|&x4Q4l1q{M5o`@0aqOz85Ws>renapWst5N4;Z zOrc&aFAe4PZmbzI_-heA?Pp0Gw4Ox1I~>Jz6}aQvV|{DNcfhe~A7MuzIF?7X$;Wvn zlv2pSPwjP+IF>07;f4cSZ#|0J@vQOo*PD`g7GYDNlM+2>ZWz(RB9%Lgv+KAbPuD-KmQiGxcFInABzujJF$1h%@ zr`TViN!Hiap%)J3beT-_OwP`7zDt70RJ0C8>6*PaU&1|K|ASIw`p16vFY(5|6xf;m zXOyCU(E*W1Cn5akph0Im^EthCHnAf%`LOen^8D8%5WiYfYp$yXGlp>}mY22^UmSD%T5P{x)HPCGsSp+rR?0!l>uO&fvI`9h#*;?!WLoEIu$Nrs*moWZKZA21!`it6#sxx@s3{yl@55@mtvcy1JPoakqMQmB4^-(VkFE zPg%TdiSSm$RDc3{dCpwxWfmh~uN}INWa)j)eCteWkapl`o&8*G8MYWb{4U5X)f{ra z3SRUW9wL$7Ua@bEzj9@&=Sjm+FgMUuE+D-@w&gj&OTb>UA78mRR~Tat6}8}_ODOM; z)is$bu~WcaS60?>uk|7c*xf~ruISzUQyPy!q|@X(82hM)0%pUU99F$vyOw?|vGpR* zvrrf&Wz`+5C`SAcn(8}l*+V!iZsN4Xs@WCGPiuJBHvN^Ma~YGp=B06ImNmG^-(uTP zDqTJ0zG1^KeA6(}JQ#tq!^oOyqcU?Q-;@Y4N0p zqnb5EOcFB&NF|UWOq1^1QHn74Tx{)E-w?o7Wn1z#30n6I zMhckN{X&ddu6uN}C$&TgUbWnIsr)<@hrkW@6S>f>NZ(;bejGKsE01vFg=OmSCr^Yo z!~eA>12b418#7+ap<`pp{Xxg_K(Xf2wX=!plLB zC~c@~(=7Q&hU5N=;=;b0LYpC!H^e7Of7UpZ07QemYHjvq*bBW= zD2|d)i78)gj%mSt4dQ7C^EoV!LfKRZVgOsiAP3nfMab3(Q(?lq8$lGJZe3pA$6Ue<}FY-}R z!CBdvGoTOr3UMUNw6r4%^XX$zhb>29hB+}kaF!)ZVz_nsqnllD;Nbe`>Z)4!-YIK? z{D?MqU=JSYxjW%~GulZxyWnf9Gv@3w+A_#|)ueySer!wRVG6Xl>ZpdveP=E(LI9z74hzMXb#jwA6vVyusr_m+9XAXC6FDlec|*m)+mQdzr%k@pf2AjKxRs!J?$ZxS$dvTF)` z{_95oU1pID-23V~vSlmj1V}AwGH*;6ZnaYn&Q5=@R zjFw?iSZBz~|a^uWmU3w>SIE~?6Z;e*KH52 z^d)_t&J+X3w8J6ErZDAv$^xGD8)S=6kk#yo{Lq(>GX}J_l>NGbmC12+v2o2sCLHjiEfQ|ApcJrM+w5N7|n!Hi~v_*cxTVS_+@*Ht@HQKNsOFU z6a0(Kn=7?UUCy_(F*SfOOC8bcEfSP^*^PRw;vt#ow7G-ZJX`YJ{AQip_OvUT`A2V2 zQV&=U!h?*Vb*>IipWC9w0_V3{C@Nh=XfAQ4} z!q|Akc0bNx)aH1 zbc`{W^+8i(DnIk3sJm6g0qaII#4nF^59IruGYnGoTN!avRu%_woa%+HG&<5MZ0`#W zMHv^VDv$i&vM^g`RIHj(Z$OfD4rITu}FR&>a_6(Y^Yrhj_xoGtobbQ0T-Z(D+Ro~`K+(VK^G@V;T&IH$aov95 z-Ii(kjrZD(tP?S!QZ7BV9j0898hsii#~kPs-x4t{di1q5vKTg2(uO30l) zYJ5xKzF5&P8-0WaF0d5y=3C~Y?9jSJGJp$V!sEON!J?3C2}Ti+yj%4#2ed8!Ue6GM z%R3;hz&|MpPvJQ(M1gAMOg`0y`j%@aH}yAuT0d628-@rJmB(YEuCsI-mlop8vd5ctpXpgIj^}jz3ofrSSkbc<@uPl-*L|SmH*P|H#LADf4FV=dd@E9-?jNZBy%G99B z>^B-9QZL%Hyw{)eRswykEXqZ+NamrA97Ro0!13BvGSKZAUgOhJIhUjWbEAQsVCL{D zFp+LI7L+t3YH#>oq`hODoNJ#goV0DGZ6s~mwr$%^BW>HAwr$(CZQD+t%HGes^X&cZ zncvJg->UAaPgQHJYh8byiW!SGt-pz*o9^2hAS2Vt>fr$gG?Jb#d7w3lr%_;K7-}Qm zLE?OLN2AoiM~)s0c5Ss2InX9{gj>&-UIm`dMn+Ls;6|txeb{T|yWDu2kdm(3?G|BM z<-t!RDb0^e*hW2owbtxY7+&!_O|K5;qrY?5i!R#Vh@q+5zx}P*O(3RqHxD2vf&k|# z^WXoo|KAcSS3W@j8!KBUM?g;x9TlIU;eWj2Gcd4mvUb!Fu(38aGXeNkx&#F)i(Fp7 zw45Pt4AX3?pQPgnd0Z>N)9njHa-{{DY>_n;X@-1SHd?EJ_8;#9$&AO)A~p!M6Wq6B zqYP}D&^f^ra^{W6!`6ds1bTZfxY%i)wNaZ%3X4DdBaMfz91Zgrx#*-{hPzm?A_Bp% zNXbkxWr8einfc3@A}ZeyNPQ{PhEu>aO5`a^0=`|XJdpj^Uw2>de*;Ed3%uA@f(bf1 z@{EU6PW*v%8&JV}9a`#PNzdT`HhxKtm49%FXY!+%=yGIKf}pgk8d zY`6iv2dpyfYoc~Jt*^f3AVNM-r#Pw|JDis^EAB9_QH!sG@Uj_#^TC5R(9&?Jho3PN zmF%Cvl<_p-D2a`PFiDVc9t%MuV9(_w;5+VbjUd8twQvi@O{y%&$wP|x9l2!2c2a2` z#zLvm!=S&fS|1wheK&hsRtl4*s#K=3Bcdp!fZlekZFTu|<$Q}{uhYUZ8;B^$EZxp^ zRi)9PWAXe`>Tz^~pk~g(tZEwqYL%AO7GGAVq+JQy5jZ3j8D|_JCyhlJB)LHiwPSt$ zE~pee3XU6Fym+GKF-i2oDm}WqKo25YTxhleN|zjQox zBZrLDLo8)#<6y597mwe-INg~oe^`9QNvDrzxw+S!1-OdIP)pdA6jcb&2UtY%7O!~Hptz%rueuq(Y85!)m4;rU3ro`EJdDX7YIlKir^Vf5mm5|K8&PHbS4~O3yOt z4ADzxoC|&8Y0xn?WR6|Uu-GY8YCzfDD^)GdE|I!#&$7GLp)c0W9!HQiPP0^;3Wim@ zGQn851gSDz7Y*rSfsEk=UeXoIO=S@h=IQ#C97{CAFL5-Xm^V!P$RlPMBQ3fVV{OS! zu{nD5CBWf?Z7%AV^G4TbtmTCfn>t@@zIa@T4rbnO>RNp7`6|Yi=rZ7I{g&|YIPJI+ z`!`i1e_U&|Xqs@}$~m!LneYZ&WLIMT z8Dh{$uW{RM+kVJUgcRcuGX~PgtAJeuRHW+F-@CIAXH$zo{0tv3NgRdQ&FQP)e!I8o zA7`u&*hPEa=sxs<&y0CeGJr-^4H!Am>{{)3X%F-Bg1=g#J{RvJIpG`^Q?3E(sD$Pe zRgAId4*#UgF9J#PGnjgTDG?;xK`F^tByl)2pUph74roEWJb)Q1%jonxSi%S&72md) z$!0Ov;$YtT(=feBTA-ua8r7o~_}ODdOPfW3+H{Ja770(!02S?bS_7kjl^&YysUvml zkG0Dqw22@IN1qXhHKe?qI)D$C)exvI>QmMNzAXxb%KD%K}# zo2m2=*=3qQh)9eKrLBZC@z|7dpKvvJu^xxT_=xqaN{d~s@ zxzsIAFwH0BRjD_ij4SK2VBm`#$W~{PinD`J71uvteXlm(^h^SQinm^ohM<1%h-&q4 zriSMiZ%&lh-DjA$UT!4L(ca4KSg-ZC`p$H%+4piO6a`zR;LKb^PC-Eqx9{Kki#BZU!ftAo2lMd&C}HRM7~|j;&;~7_Hp&lxAtw~qe#x?TVkbRW9@$~$s!r`2RFNTJ z2I0~k?+&9zfp#$hDrA)zRO(U+8no8a);QlS8@D)+c*IS!d6f%d=}}EPE1geovex+# z8YEJYwqcmQD)m9D;dh)vyGL&kF8X5rP>uW|c9#QrWU0n47Hn5BvS!)mV~GZYD$%_! z845x|X+U3j7olvXZg&GRjDsN}KB-3Sz3?$H6QP+RVNjX2&c*>j7E((I%%U`vpguIV z;{j~ln1NMIGW*S9CO6`3u}U2c-;Ob`Msm7B}^W&NkAk3g(<#&sek-`2q^fknFwmo%ex`kVsi&HP*x;*8T9 zLx1%SeSQ4sj-&KqqIl~%WclkMqS!u{f&d89nt}ZnBLx1_FaM*fV*Cf{@L3xQ*c<6N z8p#NX%NyA_89DsLXaN|s%8c^1>C@Q@EZ+qwJM4T?rZtU%Pt2@@AdyN8{&gWci(-Tn zKZIH+Uo6b)kz3vQjcB=w3xipxg9A5;tdk>THr}F{o=>aDYqC9G?28~l_<9US&ta+B z7I0^Bt=KP07wt^w3&|T_j$6CyRt1z@{T?#({$OZ8uk1{c(`0W`Y-j-qS%_Idf1GRY-G$oJlYVosOlZk_C z9V^?@+-AH4#Ke2ab1A+@x6s*=IU0n_p%ftkvB%vb7r9`7VvwC{?LU68Q;DS#3m|!Zw00KKPiz)y6G>pO`+Cj15 z5w5AQ36fZqn#71{z^+~7@06)w+b9A%SeuiB?wZG)F%E17sG`uvH*f8I_X zL7*EDW<1zH+fARJ%?8Rie*mYfjeIo|fohAARa2(Yy^hF&Rs_-0|5m+RK$Z zjd17q!eyJT^pyj#pBzPlRBYhp``x%0qqiY$(zj`T?g-^()d;8(#<*N9lwfq>u+A#1 z4=>KE`*opDk+waV`q-comK|4#3}@R2;J9#_c*wNEPrEZww8Y5IdXnr{!nZKoy>Q*# zgcUlyL!B=AXKdB8m+5V%k6W14m8e&;LzIH*`!HN&irj3R6vhHOX{f|4R6 zEf|?HXIvkC896>yHmAHF%r9P-9?13rBvh%pW*);yQ$?7L*N$+EMPlgdSw9j{IbI9> zS_|308KC{)N;q{yH7)OEk3R=;cC(@|gXF-M>E<`2iwn%$n+EnJd;=vZbQ?6=npd)$ z@lDb+GsCFs0&_8*VFd5=5nD_wj0N0Vhy4jGv>(6u5X*|Pquo;`C8=AjiO0}0`dC42 zWm(=bJ`Fsz=YO!!C{!yoP92ETGdglc!Du*uo8@&N@p*nWVG7YG$j3f{gU@bKB*o_y zs2$3`So&D4Wwal|CzO8s0tROCIl`IZBfgtOv<370M{(SGTirgry*la8S*!#S-kSs>V^~P}Y|& z{i`y$a!$%m?{;A>wdy)-V?zA5lH{IqTDsLdKv03?6F%QbZ|)$L%uqjVV-;@O41S*o znyg_ht^NDvL791NqTl0=8v&#f`=9&Af02&@i+5+kKncL`q=it zu)X1{NzXs0trGwZ5o21ap&VHb)x$6iX@C^X5s|m^)&KAm87(#>qnN<~3EAUvX-f*4 zd#z2Lkqjw^EKN9jT+@i1vc>K0!`VGEMg+5EGTt42I@dU)#FF`0I=mNA`+d;Mxn^|u zX58OMh4TZl8qlu7D5FbCPg1Xmd6mB+-X9)~TJrwOcYNaJm1M z9K9{)6UhQrE}z}_JkF$6om4v()aQFower4}Uk46fUWjuHWBjY=j7z;SBNlorPx8}- z?E&Fa702E%eaA~9;k9dC@(j#kT;WlEY7vszz|!e%=$Ej#XPZ75?=`%Yz+asF0@yJ; z^09&&j?D0A3P{n(f}ca)qGc6H_ihO#AxPu=?Zi2*jQ1hGi*t(SxV2;sh`FBT6JNdgRBFE7v2T`{XBVJnL?Rz_@kVGE%0X+!eoh4YUX4g|0;H z@}Nu8*H_M3ErA6(0B84(@@2&GKk3s8Lb>|_2^8Oea z5O-HsQL4_{eD`_{e^#o#w*G3<()F_P*iuE zGQ|O7i!IDHOY61aN%*-Q_G2p3f|$3Q6{a0Ot56dysXPMXi!$( z>=YrpnrkQF_~^qkd}hQ91oD1nQBcXRbGpvevrzg#Q=-N5YkL4j+$Wy>UXm99aBQ0ykJB~R6%a8#_~aY!E8C}&?*Vtog$ z^qrOv0&8zRI34P4T%xajA6&0InA~Cy`k80me>JEspUc33Cba z1JKuJK9@zYT=LEKT4s2IE&M`>yjCn?T8_!|&9SqW_l#XP?p$QO{@y%wIi9o%lY2|Y zGTiRY(H}X zTzXC|nH>V0e1|lZMC+9dHd`u2H2t2<`BNgwf#dQMGP!lJ3&`66Vwh7NCY>n`eOck} zF;zh?R>^A%L}Q?O_r<7HhfVF9Qtcn#J+ds0xv)^Shu>;#S{j@I#VUSZXK8U}nI$zE zCE=4Rp3QWdNi7HJe|D%KOsXjNRZ5OCoNM#Eo;EF*l-qn!*C|zg@G4c_S|#C;5B4J> z5%*;zHf3ru-+$Mx_w`Zi9ed}++4~y%VlWb;BT3y-_$go#0u4kDg&48m8q0t8QwUuM zI<~iDukMHlQhbUOHW~h~>`xHEbkJ51{F-4;vL8eJOvKCG;eGsJz*_2z^nRNT&*uAd zjU3%DBG0?sJ+mqz)W|+JSgK=Hc@5?&RU7k?5_J7>$7 z5d9Q}5(Jv>2@elRoM_4?XfOgA_mF>t)ttQ;LNGaC!4c8S$4@_!r@hRg7-$Tm`$^Qf z!;AIST8Ng$U*C36pLAg`0_On18Jg_jg?fnR{%*l2oR^He=os7?L23Yu#URnOD9?3W&a$TWpuD>Ou6>FgCRxnzkoK0iRf!wVVj*r9JY2 z?bq_0X=$d6`s>Gcbtf*7(M0#F(tbCro=#MP6A6c}x z1R7gdzVa1W=UHi;&4h`5&tGl)0Se}TR{$~gqDGB+v4AK3X}ra)13w7&5%u#1$z{`A z)UqVGe5>pD3XoSfbDK{;kT%ACn5vi*ndB6~{kCVGKt7A??51a0UL(Q%2R{5;T9>6@ z&6T3}v0}^|Ug7k)|FoOQ@N#x0qhxt@JCn=?u0^@RlWAe0$-uPGscL7_(a+QI3AI61 z8k>f-JS#`{x_pw=A~^&%^%esjmS-{!VsGwLmr>6L_eT4ygq1VzV1-|<$xaJ2f0Z_8 zgYfV4FOr0pN;aQ<6qWBe^`e>x5ofV3&P*a!+Z{G0bUS9!Hq1-Sn8tq(nd&t$Tr z&S#8b#Zi>8KToI=mBg$o>axr7>)W$}T3bUc_2y>Q?o)K^;7q6#xG-j1o~xJ_*j_jHu(tNP_R(jg`hmJ znX#>U;?!99SP8pc1uMbwZJbe))iGSgbCzz4KGMv?nvZL9S-z85ak0u>`@xjsz+|4m zab96G-;Za64U+Cr1vHF^BL&p2$8Qk7v2~v7xAQR) zkj27*N{roI_08Y_rWJ-F-$o3*-{=GEgVjZlX%K02MjTS0$uVY zsl;XvRhulREwK_?u~9SK-!R^+-QKdxx8zZeeR%i#hb!WGxNdSt$%LoLk7aX~+gn~>>+kIn6jAoIbO;obaHA=(qiq)7Aw3-5olt+9q?lT6~UY#QsfdhQ> z`#AVXc_KpdPK)8qU3#i&W~eZE7;H%^^y0!PBQI`=9I=Nb+T(7rPI~ML05v=js0QaD zu%DQ2|01kQ&EUXK8Gsn}w%@IY;vbyq z{tTMPZwD^NdNAbQ@p;s*lgK*JS!{K0Z7n|C&y<-`LjM$ZCD{~BHhI=Rt6sI$x0~P+ ztjjT2_-_eh|_&1n$HZipn0_u+kT zWJ8E>h6Z{TOqT`b|J2r1z!gt zFS4%1k~gR|+F1x>M~GX&Xt;#!E=i9^t5`VQp*JDpKZWrP#rs@DAe2Qqx7&Z3#B}${7yVmRY%Him4xJ2jQszw+@S}UXhx3EmWeoT}9?JW$D$aS>0v9$b;MDL%% z_@7S|ZT@^BWoB(=rDyqXI+>t&ZIi~1@QX|S7q~=vyz&>~^O^Q@vo!y%^W-mEpN}^f zmEwS<4TiVIn2&SJK3*pXD5mnY+(UhvUoW06ZkI13bBKqDHOxDIhIvhP4A|`ieP*v0 zd4SlUDeMRmKHRf>GtbaCyq#TKaOL#2Xvb`4uOC=meNGPlV4F0y`E)8d8>JUc`Ynz> zq*=HkT7n?NILE&VOPY}E35gZ?4TSUs=`{&Y!SQGMnaJ|cHnx~^>lBn&Ns;FCTHxAT zvt)EqQw90qSwl;u+kPvn=oRC`H2-P-iwkR;k-OaZnIuZD=$c&0H}b$d6-;h#{Qk+A(Kq^CgR#B)&-MuO|NPjxsb9)8a8nGh}UMw!M= zBel3cZ>@`mr_KO1n{~R}WpDa@Bzsk6fd-WE@1YhRO#%{KE+X%^K($<&3jPEoTmv(p z3gi}-&@Bd4VZ@V&e9hz#U!^o9y4ey$q4Urku}nuWK*s#0mp7(Q&zS9R)>es|AN%Fy zJV?t7LAN(g{Jkzsv|Pl9DNgq7Zu2W+>=dH+T=_?SCNoca-0_cwW~|lOF8VV-%<>*( z?Qq67sh-^1fyb5U`9fhq#b~JeOf@K&ZPle5klT@rcMn6@khB+xakzc1OGpgl11_^8 zEAXzpf@Z~Dxlu$@AfZf=Gn8WXK;=ay7gtAgk{#)wVm8YkqSzrM`c4pE;mL!wkg1ju z#^J;lQb8;P+^Lvqd*SNDV%&luyEFhUrC%CIr%4(2feTCM&?CWhG{Ax#6T*?9wAkR> zuQ8>=u`+;bABN0|pzWafF;ehrE6(3MxY+V@we&glMy`bV0p&N?UlvI#dP2c7C5cl9pMyf-Q$+22KHT77vBohE41Vi zT5hLjr*V^QE{agMA;+DoYNvN+8Z4tmWX`-*7SprF6MVtoxmHK_Q&u)sKNIp09x%*H z5B=<+lIGY7CU+t;^x`cC&g)>weeTU}dp?!?Rg!e&vuX2JheIFplHUZN^e;g3pw<5a zrT<7(|5udev$T}8x3M*{cQiBlcLS85tYx#qisC7= zT9}*t@}br9$&=$j({Z?B2OiH$qWt#scC&o+l(@cPmPh|gia*nwV;jjB#86@lh@pqp$U58XU786SV_8O zT`}~k7*C0432YG*ip<2xpTLvd+}*oV0u1GcCkB-)`|irpE!9IFKV0==$5a#VJ65X? zpbzYa^{Mu1Scd!Zk`(e&&dSw%Xdpzq^~l^g@N~IM_J9$TpE4nWI=C<**RDUcvUYWZ zc@Fl1{3Q70aTb6P3)zlOSbt@HDD?Dc734J+a2)jJ&zN@S(f6w#-(Q?Tv^pE+hH*1a z<);pm`IK#3zBL3F7u02~m94Ws*RK0cM!&1@LqVxEi;je6C%M&YWJ<44fh;)Lkst;Z ztgJoh6_`GC%R<&UH~wJUgpKa}i;Hvp#@6Pf}x!Wz9U@HzNxCrnh%PjWA6y zn$4iqI+tb1^y{-7v4n2iY#Eq)V`9c$+m^UQt}d2pe|idKazIkA*-T>Tj;$84A*{;y zJpm+2bgBpr=rRj3m~yaxwqze;8f1QHJD$e8j$2GHnNx2OHHiRDrRiBMN;q)#|$bbvR_pcE{PgaX1P35p|RCkBM4b@s!1V51XtS297<`v<; zE6JkjCsQFTY*`PqT26!tMnEBdOvOLAIsyiZd47mDcOcpW3#8wJDXeJAW=um)HfiHd z)b>~@s9_$Jrq51r_hC?uq|(bI}*JcQIgxLWRd>o zd4{_le3HZ6MyLJG=NJj+nJ>Y|UVFH#eI+=on&r?jIQphN!(7c+u+ET8#z8ODgkAZ^ zr*I<*jaNFp#&E=$A;-{jCtP-Ox(mGNLF+_sPov0hwdy_SWxxKm{YF#oF~A)lA&&r8 zVEX?cA%Eof|0@Ymaxk+t5fhgBcUz$34N#ANCHlWkizi*}uAnxqa8Za$vJ@iOi<#QY zmr9e;=?;get!9TQzpmRzW)W+x06y{s!-zI|n`tEK%u-6-n*ypfvUt9^N5PJ0IL4PM3|#Vtd~Xk3gUKE`Ap zpb06)hz#1aKFsRqOY?(api;MoCdT`njqmWd-!47^dm_d#EMHkvUT8nnn7NO1!YRCM z$w`RLB&KQUheMtym+x&nF3>W1&{8f4uWajd3Or=5+QIb!0_MJJ6W zlggHJ@n}O*tL3#kt5i>sM~g_}vO^<6%J!jN6{YJht_#)#w5z?SLZ&(9gQ_)#Q2F-` zd{HpcF@~6gxb!2HPcttOpr9$r_$+P zKC`TRW>Y(`s%??6kr1qBV8VQ#e(I#mS%1-PcM~EWF5Q3rG3sgBKoRWBO)4ZDj&OwR zUT7pngKOTT(SzA!hVLkA&mF_6b3E<_jBJxNXpe;y13JD_8*RH54=u0hc663p|^IwXpGlE%=%O!h3-xLVVM z3UNJKmuYjj(#qv>n~fYjccMd{7$;}UMKcqrw9>}m4DD{s6OF8>2G|XTc+tKfM(e0U?AGU-n6t zi!BIuK%~t01$m(j$5rXMaGMaeCmn)n6 zVMuVrs8;Wd5%|utJ-m4&udQ32zgh@<-J2H+Ky8mXpti^Qf6ISCBV#=$OGjBf2L~4$ zdqY_pOEUvEKqcs(WuH#=M*sMQe^Y^c1q+K+T9kJ{RcO-`zee&ovuBj^)-vIJFkWqX z4gJ8CKnQ5fzPSCW?87G6pwv#RbCs08V9Vp0L&bzrg|jdD2y1b^!uXPH)@BZ^{df4t zI{~LJGB{Y&lQW}nYR+X5GouXWdz@U0)WT2vqwq2^QMSxIhlA))7Sg*|JRnJiKOvdp zbm_DiGDLeQ6B@p=(6)0-I!@!!c55Al+vqP%!fgm2>&ip@9D}CtG5GNeJmI8-m9`6U zHdLd^M09IB&Sv**PssEOyR4{MSX3Y#S&gYYmq9*amB?5wkb*g9N(wRj5-GMx>~%nl zeBu`)LgIq~=&&7V{txJyoz6pr`pA8c64~>qMvQ1H-gxHte(SU*P6kf-kY=gFclTx(U!(van!l zp2L7=C0gf7i?sVu&r~$w1J!giUy06bdLPuMQ5kkX|6pJp$TYQt%95>1avCr39K;c1bo>F;qXR=UDuUe-7qap5=KQKwc zh0ACK^Yte)YFyu}yKA@ZRgL(*sgyH(L%CS>)y)sy>&|wXzdcMoikNJ^EorGf>G1(& zIH;lDo8;FRM!(p+Ny7qI7Nr=)#D_#z@!oZj%w??k{*vLbdlH9g2y6Zey!bepS}>@E zYapM)rni(;$e=w;yb&Z-a;M-x&U0_=W_i%lTi&1{Lj{92@~K2LuRZtc_Ik z-2Qm*Z?G;0Ou7ctbpD1lt0@81H|I1X4UUx`)k3E+OBv^mUkzaTJBWca#EqKG$X_qx z&g<<~8EKF7zCB;8&pu~dSkeUN2-f7=KTA4t44^_1Ek157vCinABQO5o<2Ug;K7RFb zzkz)1?H;W2j)e(&pIx?dXMCeg-mwd)C%w+c>q#b&N6|0n0t_W1R+6;EX?VBObz96} zBITg%b~@759I%bXwidzEHNq5S)+quaMkBYOV{){%)DqkhY@m7yA0HK&h_OJXA&i>} z2#_D$sWqEOQIA(3LTttiMjbKzp=P|H7NXyHL>m%we8m6b(nBw6Vs1b*NSK~ zs-MMLo2&HILj?(yAW&EeQAF$AH8eo1<`aV3sLKHDy8 zSqL7t;`V`ilj0^tEJ9cdFh`|WLXS{rbcnw(v|Q1EODEgIgncTJ#eJ3vO}kVZXnFWm zPCNw1Ikr0=(?#33f|>?{42!+T4YFA#Qk_PfUly!Kde#Nq*Z4BWHPM@&TPY|}l1iDW z#wr3;^NvJo#x3p|vAg&7Dnw57&9f>IvteYxer^CXsDS~`92>hT0|0DL-W~h zV$-gvYkg+r`F2$}rU6fvtzzopJVkw;qHlH+*Z0j0m2hqN!NimGaU?m*v=#7k){K|9T^vdNK7w-~2yD5$@3-Nz8u?VoREVl14>LzgCjW=3$B zE=MVxPN9@KJi!lo&*^;?rn-H2AAPC{j2^N?=*_>=YFx=v6~v{F9M!~ZM->FZdK|YY zFi6&fxq02Qh0}(+?E4suiQs~utOYpe$D@~wO_{O4c~W8DUe2n!I8o{f39045R)?9e zRKUlzn|zPjo3F;IQ4~_A>43TP5OnEW`+SV)V5;f2#4?093n>g8 zM|e@idQ2qC1>KYpk$*IsVT@PjxQP>GM93M!Sq>ynb4ZX<7n7k187?WXg}L^qwdFS@ z7FFNrom=|ol=pinhk3~FNt#d0ZGM@zY?~{YK$*<2UZuQAK?>-DZFo%xvu-Zdl1{9X z?1O>3u4-A56@I3=zTX?A+)gpGG5!=pvQiYJk_W4g`4z%);2t-Degvp}zVIg;Wz?nu zk5Ad@x6lp=^Ws}NLy~)Smg`4#cGo6l$~5y(bC$4m8Y!xvNM$4ztb=bG zERa7I=}EeL6i;UjyFe^_QmkeaXMep~{>(o%N^tk@O1kyjY_{`4DKzUgqw%ZIpAGR0 zh-D1sXKmOlS?{O3BA}6(n1~!*WA}X2vu@|1ri6}z(qPLtBr9x6os_A*aZ*_}itma= z`w6Kmc7<_?IT%|bt>rOI@7#MjrIlmyedm<8scCFW>H5Wt25YV0v-Dy;N>>Q}cL8w? zJ%&fZ--Vb9N{(D-Yyc(fK`D>@WKQ96J#Dw3xFBGSUgo6lEa0jhS76s*O>i9e6d%V= z?{&HdJDQFLE!I?PAO|SJ^c2#5u;&f{lwm6J*7I*N#QR_9V?LLH-pGaX;{|B@$UCKE z*_7h*QKkUOFz>q7e{$OE;Ijzn#Ye2NLRPH7JX;?~lZj*&BHv37Rr2){beXHMF@oTN zv!wsTlOoF+dx)8qbI_HpNrfVZgN9~Ntk3Sp(MFDD`k~0=iw0t=(j)E!sxRH@`_S|Q zt`Ve9R>`rHFe`m~E-SP+nRu_!XEfIN6meW^l-WI(OPo+Kcpuj~O;z|lQcM@C$A&eb zFFKYARo(!84=(=98?>2)cq`E;M`$={`s+a%nWj9U7e?ptUSl@AI#b}xjZh3iH(13@ zeWC%MK>DtN(0o;70>~HTtpa2I)LNX}hVoM$l)x1EMDwT1NMjct;4)@lT%xB;PhT}X zi2L}7i(QxURTfExe1muT0`b~j39Zh^A#@)pxyP-+5qH^)IHnPy-aw?s_o825#;6l) z?;)#62p9Zx{#?@^cYcPylJj4R4*!<>1XmiI2nJx>6M%94|2f7*>}{NE|8zEgy!?xr zd;j5Sc%m=yO$jLGq*IN`aL&7y2=7G=C+z`!D!n}MfIgK9Vis7VO-~aKF|CzIX^dA# zclXQhG7tMPGG>Hs#q0VcFI=}^;B)s7>Rk*JGqmHQdu8ZRQw!1gi<^xbRAv)}pY<9pR&Jr@ub zLC>ZDHiAXR)z5uwj-|oA?mlO_fc{V38ZDm#lOQ#D@^DGaFg3dK(mtB&1>a4Jvv$(OX3B66!2&36Tm_Uj>IxC6 z7iXuG4DPY&%|MO2( ziFS3HVCd1Ex3lj;61SH3zvkvXic>08%_@$LYlae^Ti>jT)#}7(dNICB=N}0ccOlx- z7#1{{-Zvn>AVO6D@9lciPCH31BvG{GRO%Fb<8^|Ky`-G~VTcpQQdU*REOZL8)@LWE zaijHdG)n{rhtw7VsVIKl3g6JaTXNzM7CI2w_hUFu-^pr|u;dBWq1jLo(#_|--?0f`KzPImID5oPf6&D+$v>ry`=oF+Ca2$?&>fDSY9KudBm z;79hCNi=B+lJoVW#YvKrtdI@WiYGK+{xBSK#H+O?(Dg$8E;I~tX_JrJ=4q@QTv(NYC9VY(RnbA1?h{Q1qLQ8hg*$vIVw6kVhjVEyQk;AfjqQf@Qo;5w%UY<5jTiM@K=}zxoxuf zMQhPYKNi=GF-A*S#bqQ2Phm0c-6Qm0&4alGtAP;!aQA@1l7H;I|L*|zN4eY|fRh4* zP0S4c7{&7sxRVDIl>crCr19W zF4lX>AlHj@3=rR4ec$F7WwR6Ild0J0AbbhzbG1+#NLqAa|`bTU$F?Y<#N%ffvpfoV%EX9l&PjM;dgi zWL!|xXmVc2574;|`1F#K4=aKmMjb z`DUrQaMkR=n&|~LMv2C)M(nluS8cH5$jx@Xq`ZUD5nSqBCA&!LdDO;y*e@@jzrvc- zo@7KC0Bc?VtR?>EIw~QkAYt@J#P5%WB*0sF8yiQ!qklIJ@_N6~{0>0#cHZ|PQdo## zWhNzn0iLfW?ScWI8JV>p>+^)=EOW`jrb|~#-Z`@w8qn(FM(f~ux=aqMam|`p=WxHP zp*G@|SG`XSY`wGn1CLw&RP-Kc)ZuH|-y#|veoe4y-Q>qmE!(@f>rWn@p;S+hK4ZwM zCP_k(*uz#ta}X$Kg@W~3H%0#3Vz*t`!%IF&eL=@VcJ0^xz%=qzP{JQg^lgawRV?EUx*k2={sG{uY@>+NwJ^TrZ;+=JuLg18h6=UMg0xs ztZj@exal$jL|sPihC_Z1v}=xEDa1j~nwo4?^uH$W6(2)Dwa1OB5hcRY&DN-oDt@z1+B_#VPQmXqGwEa*FqK_ralS5&9Cqo(z`0{P1xyq0P;brOxC3f-i3nc)tkt%Ap?^yP+|S?m$iVv5fK<#dp;L?l`@FrKoLxoFXn(A5bHj^>qY}xr`rMTGJGa8RI%w9jL=Wn@*eP zphZraGIZ<)bboG3XY-Xw!K8J;z2N5BY-SNKPRm|CzvFh|xVyU+k>W;y5sz5_?Wu0I zJ}d!@BJ%ozw-RTLOl_N$Xia_X2$MFH6*JTZ;lJ^keYsp4c{zaFZ zT=2Md?GHv%DtzH0)PnP2{<@F`GK9r1t_#u5LyGZ;$Fbm4LULJ((IOUQFYcA(c1lVX&rd8D z1AX5%UfA9$GFy-rkMMFvN2$^u6Z8xBdzXc;Qc1xK_8`+;`@vud+%Si5;`W5`(5Q-_ zemHCkX&hv@42?)GPq4AWNtn10X2(KPpo{tfL_5pL8~?9mxMQKmzg_7BQNL*Y-b5V* zz`E-H8tV-IKdk>5xsU|l{qK6cYMsW5;Mut6jWL|CCeE}JS(+!O4%y9|T}=my%_M`m z)m;Wu*4nyMo%72BJZ`{xM)?Gy8_wfk>|FEijaHIG$D(mWu+dO(9cQ?TRb2>mOXIZ?3F?CTvMLS07fkL46!IHrGg%^w+%n^0HS~B0_Uou%~f^Q8*+|at66IjPkd@EF}eC(VCOmzLRtM zHhOD!6^=orutYsn;5D%*_hEmnX-VH0v<}+%>{VF|2kIyP?G$L+$ZmZ?sB-l)eXpJs z?hM~+VKw<7)XeU7Pa;ccm%Jr{W2Ed<+13gqA5``>oD0}D6eP*R=z)7LPjG$~zxi)< zD1AsjRKy2`en{YN1eWr*quyLt?VhbjqQ;Oy*zw<6RO@tbPa#H1s1AzDt;MRAlGwr; zwOQCJU`8mqiZf&_eLDc8a@jj6z$`W5dz1S~DkqJU#dU}jU80m{; zkWgZl74`7>MLDNx=G~;|Td$`lB26`4#8?a)ZU&5=qdhk^w*Vf=hC|0pjqp)@>e6MP zGg(6wvQujcnOHQ0k4ar{2fL`CqU+YjH14s$q|9GU$^NhEt24l`p>)9I&gg%Rcqu(= zJrg6tf2~^o*C?9bS;;><%0GVk7rUbMJ6`ukS<{F>1313m@ru+sF?89S!c&n{$-NnU zB=Wb<6X9kIO0Sm;`C7>JX?0&g9d`FXK*3AQS zs#P~{XN2F{!)~8NZ0J5{ACr>xARTp_jwT#%agvjpFm!6b0x=29jA_(WL_bWbj zn|lz&Db$f+C=DLg3-Oo46z=mUm5}#Nv`y7RTHxTKvE0b?i$Ph$KVU}G6Zm@Bi5#!? z^xy4cJ%!}1KLC;5+;8>#t^Au%g7Qt`HLmUabR%+Kav6JqR|I@37L)N;VY=P;qK=4e zLOb}Qa~QwkHnMfIRPoY%%Q}_pXo~bizRqoQa_q90E2so@)%tm=DXj^#?i!rn65JuU6Wrb1-QC^Y-QC?KxCeKK`=w8xp3|A0x!r4i z!pq8!tlIMIT~(WM8Q9~+w!6J9cT<&)2nh6(>9Ukr7aig-bx-q8wH+QbYX)?9u8|lS zeqktVlnvp6W6rQ;Yu!N0wx%5cyOPC)Rq?m=0esPUAum;HMWqr(qPvTkQQ!ef0|+@g zt?>?2`G!_iVq~fB0>V!O-&Su`v57VrllFV#&BkxyTvJH&!_k|h4?lD2ykjQb>1J;H zGu&L7im=cD2^JHOV1GGt{hPCde+ekSaQF|n{qfrSSBU&8=3@W$;2Yc!-sVV)LtD-R z7ELV}os+2P64USxy!=*PNxGfn1(t*{TTpVhX2`cdYR+PO4>EDE@qRXzT$+s+AirBr ztT0mVZ5`?x7c~zwyWY?EJZQMLu1*u0Xr@ z3h~eQ&Mzebl%!!_z?}edU?PJX58S?$f&)H$UnLT+p7?G$FH zEjs)ST@HM!eNUz{Q0oZw=&Fn3kn=R;ijS~mRozahi@ZoHScjY!raP6SB!*q3>SMhx1^ENT zo@DvgQXBbdN`1bcsV#Q~{$nV{D>`Wrhz{^S=skdXjy`m@40)VaQ%zNDx|5H`FloiG zfFPPqY*?-YG;!({?J`l=(kL9b{?NR~RjWkxhF~2HajB*uPS6Szt>?Cn4f)g%g`?Rj zLXFk!z-8nE;qe?|`ekYH%+S2K+~E`_9B$53<)+GQz}IDd1T;Uh3;Pa@yxplL^BXL+ zEy%3m1?0)tPoO%BE@1M2W`28qCOYSOGx^r%Dx}9cW6#$0S>4fBGEgNtB28xdO2N2*}ME|33DmbxZ(rU_pz&nQqD1 z0X$OxeZb#;{9nB4WdDZoUtV{CjwUHH+sEoW&J}&POZb1`8L337Cw^>}DBb!~-@|pcRI`~FV z?29M&IKYHxQNW#$2NCh{P7kxG7Rp*w#4Yh5LRbeUZ0J524S|~Us)u;pr!fQV0;*bf z8xksb%akV1#}v5+S8=w|QJbu<9trC%Fqfz|KZN0PeM!6LTX<7O0o_eg^~UPs%=wX{ zpC=_XuTS;1iUNMy-28d^$&G8)xSi-~j%Ln+oLbEoN!6*VcdGgZA(99R$b9vD%giSr z{V=6`pU;U*)O4$$ss^b7MUC=RZR%dC+epgRA~J)R0n5y9W-wlL^o3NqjeVu4bLVS~ zC~fhY4Ejwmg5=I5=sxu3OwV?=EoUi;S0A%C!%)R(6pmXrZrn^;Bki>}nL^g2*0g+A z2ugxDgKAD-agU8o++hcxL0yVGEAffzm*3OK!sBFMM zjy1G-un^?g&bAeJSH$!5_}j4AU{)Me0MPta0gMxL|4*p@vmN0#15lUrZT=VR%e|Ve zvZB9nMZNP*@v0T!kd2G6G=S=wrbqVOnHBy(*C(%uIgBcoh-nR|et*^UtP@SmbG%1H z6m-cDo_x-RBePDC?O!A%N2}SWwFDfgmI(@I(B-&zH$Z(b;+`1nwU(l0Zm}z?zP>B} zGI^9=k8fsY&*kCh?9K&N#xcq*43%P2l9vGE%UQf2i_ohNHK@rHzII`HD0NAd^k9nk z!);;;gNrAuCYlON)~%TVlcFHG#jyF)kFj>q=uDT4&uDHcT*gu$aDfyVB*3Z|wF~Ev zz9cNACKhrkA9WsMi|zXT&^eptE?oC*`-`GY7?WVw@Q?+t3Lw&<5Bo)L$nI+1DKP)E&EDWrEb%WScPy~ z=YMK36kF^!d4XuO2ykbyogTu_RN1|VmGDGV17CJOs2k~99jIme-Psq! zaf~c1>elkv+H8K!oo4a1;|B}z_jSJK_V1@Cra2Qim?SC8Y_;220M5=jrKisUpGZ7zi-RAYHSuaS5FBYBGX97kec&R)-wV>JtU6K|N+^Tkk* zo-14Mo9$~B4oP!K%Qw2szU-=l;lj$biGkG3wl44afj;|Etr1foc#2zJ}^zW|c zr)joi6>6=Y;YtbSWCuNv z8@3&&&?;%OQ<2vv`Qo_ zkfTWEe^0inG^vMU;vameM8uirb-iM?qd(!G`B&le~uBY>D#zaAb* zcLaMyZjSF$Cw5qL%B&iXQJNb<3>0Hr2FcAs%ljq{)H!{J#U8Uay zpvlw#MCyOsWPa1PF*mlgHMX=61W09n?ZgE1&GZccEvJyZnc3f!vVVQ^%U_zNego)Y zqu#f&e3_?`^o|)AR=f|@jz#8*j}*~AUbo2yKGoc3nDZ~cchnXD%B(+b&VlQ_yW@H5 z>?|nH$L2BA6^etLH3k|Lc=ik!&|GQD1Gzznb-YhV*q>T@fpzZnymHTsE-23K0*ScY zc%H3d+{$#vjqSF;>4uwr315`?X#B$LNySzg+JY@xlq%S?EBhXlylp)Yx)IJ#A{n~I zY@?R#OMYz@Ea~V!U?m^?dh`d|WN0XvPE_mCv*^usdCMRBKm9n?Fk~+`fIt(RL~A7P zMZRuxG_*-y%SspBRUOi|ObAt}42l<8R;z~3#B*>=Lq55xH!2o$I^hpJStaXFpHWeQKkD2CmU!oij~;*B3|H|4vLzsZ$WXG! z$_j%~4^*jGT&9bui$-(lEW2bPu72`$6p~}qi0=W5%POn(5P2n{Lb5L1G)>#v4hSkI z?GA_-+BSLg+G366M2fezthHeqm{LYG zVk*7uM?B_s2p9nx=Y(9gU9CfB@$E!idtk{+{YscD?bd~Vc<-k>C`t1&`FH`R@rli; zN}e`ZJnq4#YN_uahV?&g+F2~B1<#1%=w?TO4#=x_T}{e{ z9RsvN4a7II9wW_W%}AXfCuE8hbaVG~JW>3R8r6mh;GPMni1a-5*SH#mU0($VuEb)b zq>^V4?9{0Q`zpw-)uu^7ViUz(T?GM?G+eva-vY@d8Yp@a5J;4OK+^k9`_|tB>Ce{n zS2)?}|Jk|zQ6B#(p3J3x8H}&zy=x=#$Rin7FPPA}KmlI))m^|}3~h$>Tg_n5v|L+5 zSCXF3S>jAg%Sl-XPDaPB$4+`bCqnWf(afM4qj2&jrCw@p#B>S}u&Z=~f0a>L~|m%TQ7^KC&r z#Fi+N_HW-^+MNq#O;+@C4#BshN6Gh`*IjFpCUBc#MJMW_M%S6pW;J=^_iGvrcsuZK zIuSVDJh}S-2IBX19t0h97qGs9S%m;l4jgh~{z6aq3z@&4CQFvJYoaTdM6yAi`el?-eSssj@bKa3DT z{}A7#w}BaCJrV{l9+k@}8>o^L%r^mVsp54yR68i!ibc`m2&0I%0-P+-R;i|m-Acq) z6Oh&NgMeA;s-3zma#R}<%3)UYoyhu9f(#MXU7u-A6cde=>w+G#QDa%aB0gGnl*EqP z%8q%7I%P$qm~wcFvDHWF+xJLW$8{ahlG(_wru=0*&3wE}nw@CLbJc*GA_kSos2pP! zKFbX4A0NZSHEX!Q2^lrLmm*&>Y1EB1*8mfx7gazF%5bG2Zlv;w!dF(kI_krNnX!khdFhE zLTa5eJro8;u$B^w{Y;=3j9$oLRyZ@+0K3@T(Lpe*7+<<}sixlU97l$9d;4wAU6s?e zeEE=E{ym!hi{JlGai#q?N9Kq=Pu5~QqkIVR+^>ZWvT@2x zNW?0LEea`27=uv~1O^RqAtkT(8Xu^s{lz%4`APojg)ba0>S}YpPo{b%9-Zj(XOf5BGUhr0K91p&7_o~|>uDJk*$&vaa zGJZ+`_%;+v2}Wp-Vm%kQo~P(u@kV&!vG%ThkXl~eDkDu&fnZ1nkob2)Mj>%o5U`Sa z;ZLS&1h~Zy`e6=+s)Mj%L^r?Y+{(IJ)bAHdg&4;M3yz{u(e(NmsvJ-2vAb_NPyz@X z6>75*5^69dOo`>xFjtS>_wmZp@7Dwi)tqSFO#p>HV$;6S$#N`0b+EL0YEuF~-$w|5 zk_GC61*z2wxm&!Z^Ll<{5C-C6D08OA=8t5A>hYnnMX8QC(}#}_nIM3uLM5bOfIaV@ zH(eyV#mxF*E<4}NR>YYvC|csxZb4Hf%L$D+_*I)mu-cC#F;u>op#Xg9GZGaiQ3#at zN2+9#jvbCqberPd=u=J@!u5s|jyHm}e zr`;(yF*x+G!x?JA1g-j(JVf_;<#O+I98Ri*3Hk>H*CBl(ST% z?r>|^Gkc@T32NHE>~!rcbFb?Ssd!^4b2#^0N{*5eR*$3XI4^6~Z(LJG4-TRbda$?t zygkY?tkYd*q@mev;N|cYM;0<}eJx&V-%f`}^Qw1*bgX|<6nEP?|4ky05$}Q*2#B{2 zfOz{4cqP&{hT0a!F4}g0E>PP{!NT~LO6-q45U+r=!e64QT>c-zNBFuZRD)I=B2i(+ zi$7fdBLT|CZ@a6?_-e(U@2hLxx!EjIog`O3InXzhxlT4m5sxRYeazgK%_>nf|58J#2Gxf zxH{M!k%+|sTSl`=@O6mo7W-t7HJme!s=jPpZNaCwEhAMPS&_VgcYw{xVr@yjn#w8} zti-RaeqVj8+(#Zd&weuJv4{L2EPZ$5k!ise! z3dR;~F`D+8#IC<+8^Zb-Csd{m$ACvvnP%@0M=jFHO7PnGsoUZG4VTZT>Y@xmF1*S( zFc)>j2FLo*eH8O-zd5cu>`MATOqxQF1uU8dBQ^LigMirFRkko6@vcwY$pK}Im3*QE z0ZG(|_IPrzPt}YYc`Xr+4KX};16Cf7s&J>{B446FOpeA``EZB-II~gxok8B%P)P{X zib74m>p7P7WqCp!oi2$=^ODuc6Xsh1#qPUIfWY3QjD_w4IT)m@19{#zmx3twn4BsK zeT=veD>T-!eY@|I-}Tvu(vFzB&_*iRHdK3NN!5!KJA;^4wWeC`@DN@6-&o_f6q$U) z=3+n?3?}hvA+|$5!lT7qsLPkEwW=AmO_w-ENUx-20Cy1d$M8qNE@WdBp;Vt?wrj;I z?$Hz>9I<`Xja3}v`C2)8B_@(+X*;xPHZz?a+OMxLiuSaS<3HY6BaapPJWq4W|Go3K zD#J(g%}We``dYw{{XamxtiG2yrN6l_i{W9Q?zDc9!dSW^w8W`4P8&m_qfv?>vLlM z&&h*{9v>K^$yG)re5vQfC=2|{rp%vfy_{HZlczhid{U><)d#B5PhK$eK`5ZV=_DUx zB3CxI>=XxA(w$;Lyc~SK7IV_jEX2fF_a-{>#&sf^6Xe#*Jj@Vt!D- z?TlIt%xuOyC0mxfC5b}_YbGzp1eOa55`^0qC-;wh_bGjI1oRk@%-rF^53rBszV>rk zaSZ0ru$G}%krT`VL|^G~R`$AGr&LsfZDsfwuxWn4sDoE7fk4?$WbgPX$$oIYO3J#f zEy9n5R+d((bRuNvmb20u7PyuDX?YCVLP|Elh;a3C2(&XTH(0L|5})3(R_h6)$~ZV~ zKB*jEWB=u#s#u}du>;O(ny8|YiKtwl9-Eb!mN-KEyE@x?U_;qEi4eTnRgBUKarl7L zq9bdNS-%_;wBpBD*_l<2>j`n2#y*~}SW@YJZ3*FGtmw7(j>`c~413>({7{<9>vPLa?M?^binRsDuvydI$%A9%4I!DyyGb7whltxN-kDwsuRtr*72DQnyUL zczOO|hbefvud`}hN0LY$l`%;}lBVsRk-Y85tmSh5oK()zLnY`DtZz>N3N>_b*}P{; z47yyko}OIZrP9tK&%}&fLXjfkT(^zzy({lNjK+fTMyTzTaYVSOB06Dpq)vn%<_TDA z!-lbKlYCpdC?))dgYY=XC(*It6d8GpT1y_VZpD-mDz|J0-V$8iYv`ZsPCY$CkU@D6 z+Hr5V$n}&y8ta%--LxpBi8Z@OP_^%iwd$Cp)g&uOk1+_SJA0JD3*v~;aeWBE{9;X# z3|G#Q7}b&5OydtwZINl+iD0&fWXqwc3@(9;fU^><6NkCSOSHb0>E*eC>r(L=pAOqt z7n^aLVQcn<^EwA7c=6bj6^BuSXEQ@_^UeLIqOiU?`?`qQ&DEVQFUsC5DPp4c31}{U z%b{;nm+M`6*ElLY%f1lA5;lY1Ry;6`v`IhEj6OTDL#H(X_f@o41-er7^gQrJEJgfQ zZiW+YB8lgU`_q-Z^;-G38v||#X{K9b)&XO|oRw zqM$XTKWmE9{kp_8NPcmr3xionl?hpEC0C1AJTtwS@l2SF?|}gl+UCLgl|)0)6xrcM z%tikyh%;(JiU^{IP1td>mM#M1onb-Esc2jJ93(?d3=f;DVOB?>oxPtgFFO}*agiSv zzUwX0d$SeFlFJx<@cRLsY)WHNi_>@A7kNhL8S&;VdiEhh)9@mpgCpFgyOJ`>O~VBI z*W7k_(@&rGaC0>%o1o&uxJtBBnn7MDbJ@1 zQ#NX&eobvV+w@5i)=8C8M9)?F4@rnSczN&MT>?UVSs4Tv0qQ{kLQm$%-u{pNaNrX{ zWho)urnU>4S7Vr7P%HxOxVCUl@ys9&$3lS<>lfKn=hRxg+-5>O63!FBnS$C3OQDHCO>ILo9pm@46lIu|(g`(cvO@qNv2 zjiemJm697*C_y?0@FsUaIRw) zbR?Lf7_8TwN=^9!I{jIQ1<3i|TE4rkWNu!@duzn61Ou*ZMy-6UHzD?wvj%sV;f_~b z9ZYMeA;Z8q$Y&c&%XP8SFmbmRQ@Riu-Os}5e9nGMp8l<&rDf-IJ^*CM%>P@4{PlGF zrFZ>r0RAgxWo3RbL_Am?c(8W~R((&)pmMQJzy1;mnn^p1JTaN=A;OqZ#qQSSpL9wW zH=?IxKex3+<0pk{!*n|S|@wd=vG(ZZm?$_x`Uy0AnfVGS<(_)`YOl4o%=)@(t-P{9_23_0&z#4KqV z>IPM`unoDK_=3PfYZK|#7LvvlCHQUcTcq)9O-MVzd)O)WCR7dSY zK%~#*VHhD|!0z9265&soBF~fQG71Sz(+tNbGzzFC7GKx)ugL zKF7LMA<5tydA@8x&9QoW$BL;(SA;x8H0}Ge%x%i2%q90wB})|AtHkYDr5yV*_VFCu3VX zfTP*}2cfYVfWaAZzT(#i6H6u|Qt_80pE&$5m5@Uern7o>U`mMsQohu;8j*&auv_A> ziLm9i3lN-kygFLky1X#5n&Ht_3?*F_lpsKs5T!PRa4S}n-4hxb@wnTe2}Y4C0X=|EixGJz!r8d1vED*ucU(5o!pxmM_+nU3HG2m27cPKZ^t z`1#bFPAUsyPjw;0+N$T({fh`O3~auhb92;6o$WpCc)3iKt_EvUlgkL4W}n&*U;B>T zDwc^%$swv((iCG!O2q|mT8HQrXoyz)wl{QkH_*q1Bgd5k)S;-^<4oH9S}6I?V3i{yB#t)CZ9s18Q_0pho`(>&L&M z&|b$v|G#EV|Lx0P^XDJhX0HtZIuovl06QeGW@^XeRtHc8t^!;fykd zW@uei^r+HxaG*ekbXlxEIf=%=ZU0$4UWpA{oFwe*cEv{^HJ$kfx`am&GIWNl5)xhO zvvx5P(7O?z)^}sin`z@WAR8lb!PGS1%E1OxuiHa|&w(5H{07<2aKjP?6_`sPw=b-^ z(`|C$g>0yR&w&KIMl?$M4)yuxMX|Wgx5m}K)7-dxVmK=6qiMDV28I=_P`c`)JTAMeQOyi(p260#PQVq&lg60Mi~%Q3bQ0ByE9;j|>-WT~THv16}t%W=FnZk!YhrPN9xu;AG6-J|d3z&#o z-{TdlPGS;aZ~(Hjc9KG%(bxF^o#9uAs6@~CEiknY#@b)M6zR9Kb=;U+b- zuV__-oWjm*u(pC-Np07sQUT?0Q+JA43d#AL4HV!WrT#T%FJRPMhF87}9NoVIA{7k$ zpkx{SKw3=L97HyOEk{#fUEmILLoILK+1M6pffah-&NL%L^$Vu&%GO5ciX5Q=bP+Ob zNqmW<>;0AHGUKH*cmQr|>Mf+%pzHY(=*qg(l|>dB!!F@$IbP`-5Sgy7Rm?q-%@kF3k4D=uOhFUgrFL!mA zQpN;Alxw6=dBLcL>r3Vbyh?90kLE-awra7;__jA5^#tF&0Y^odzY||%c(O*;c*l_# zHB(D`Qk~=52>l^s!M9KERDE1xLew}OyC2gGII+vF^9{YWl80?VF(qf%tinO62$pZq zpIrRF``3kCvR}s#Go=(u#+LKz5mwkrvNX}bS>`0)zQZ+-eR3nt5$+^mx*E1YaXKcs zH4<@;e4@#v=N7s-P7y>74OUL-BfB`;M{yGsm3YN}wEalrAddJm+V95Im-ZFcgXl81 zo71Gqfznb8xH9(mz5?Kt%Egnzf!Z8>}B0&dGnUm!2@W#AV(Uyk8n9S7W!5gs|0YF6l5n06Ei%$R?)=S z*9~H(dB>mH=<*m)BL~iJP&`@Pap>s>Lvm@K@fl^&VOLt@GHOl<5BYK2f%%! zKQupo`d_Enlp0%5mj|p1E-1w*2vqllwu93Da(?( z$VB0NM#foQX)Jz7kXF3i=$CVcF*R(Vit}tnTd?no;)}ecmp5+i^y!#8qodLE7}Byk zYfelI0GrF}qc|zjozOMpG7z7=yAb*K|%~#?d3Z(z@2mF1(0{Zopb-Q zTgk8|y$kjc0mTfWZsz2&=&Ua&_e@{BvD6k3YzSBP_fpJLHd1UC2Q>W>vqKpuN}pb> znzR{A6-l@H={Diy1u(|1w{iuETMJ>4;zVc~dKD&=dI^h3P!re>LD`3vO z5K^t%uh?jNmA&e{5%p%&B^(~+Qz$7lEpEFuF)!Nai!T9r?7oS67!ty&`-L!YToCS~ z5HFY{u^^O*7V5Vcj9o!lQmm95%Hm^4nmMlsJLoSwbvYq%gu{+t#Ec;}4F!7QUBusg z<5K8|s(=aFDDse4n$d&Ck)(39v zLo_P2FH?joB`&(Ob(;f6KxwDra~`)?gBho+>|A-Ta}+PUcfZlfZ*l!q#sPs)3HtJ4FB0AUj83a3P3y{qmqgLBOdf70oTo$19Sj# zp#)A*3)NroVBOMIhb4h`a(&c%kin7eW{)T!LwGIb>PE3beT*6yeSmbcfZ4Tp`@?ox zhn4%gX4qi+*4|zg3ueU3`tz37RI6KRM&zIw6Q*VxXcWY{g<`0vJ1K1)j-5m8ud5u2lK3h!HK zF0iBs8G*PXbro}g9-i^XWtz&ty9j2QZ5i=FuuU->~ij9*9Eu!AF02Msc*DTx&~LW{94^FT8wJ825$m!*jl zKvKLEL3g<`ZV2zv=n$sC(Xd(`8+nS#$$wW1fdhT}OGVF53*hA_k)5LY=r=bFgW66x zjfK>zXX|w~8>RQk5XZ=j!wY^%18=f}a1e}Fg-IqHk;`Kokm=awtHD`YVbwN-94Egp zjH}$_Of}1A)34JCV0SNAh$(0ml@7&OC1sIBl(980%14lwmGU-A1SW5uBG-o=VdkH; zJJ8aJsx3Bz^<$Q95C5qpzG*gBj3@cE^>*$h z6o~hPQyCl(jYH=NIDfCOyyDdtV9g<~Y%W#!&8Xn%vh}73J**!|&zGH;NSa!|mlMy> zyfF|!6m0=InSXm*s-$gf2QU)k75Kv{9Z*+(`^{f#31HO(xP|^})s)u9-xx?d#j6eI zSj0GgLdT3jtvxY;>vqWoCGUJKHF>uBFJ`jkHk1$|4P8L z+wdiq<-)657rS5P=R{>J*BvnKitxkR?J69(83)@rEU+v~`q~`W@c@}g#h6{qy6%Ss zeoN9?Pyd~{ux>jjY*O7WoUGH-BO}BQuql@)69!kTn|ImOxj2ziUqkb({mQe2v2$9O zW4q5_G0!zjvB3N$>JwuzddJ`(Ind$YfWtrkeD2$}HaL=C?2E?n4zc{wv@+Ey?lt^C zx18`5u}YUion7`)5%*+xox;d%-9M7Zuic4>R~Cu2c>?#)(!lUw)T63HI;+;Ny%S8r zMQmbKa%dQh#hV2bn*T%SjA1L@(>|%JXF-0za|)+^MLUQ4osP`(7DKp*$$s|4){4Od zPr;|S>^EO52uBjfax4zRe9DV3IBLYCudTDzf0$3<{@Gg&jTSE1u6Q(Bv7**ep|A)QGlU3pIf zc;uN|TF~lSP%Fs&PhV+l?Eu3GLt7dvTRr-E>vWl;|xs6nE}l5s}i6)*735Yz~-qamHfs)Muh}1+_Ur3^YOSgNb|{h%I}}c zP_HZ|s147Bo?SokWHz(8{@66V`5Lb-;?`}VfPBd9Mtb7#NrC{MjM1QBfNz)?bDDAV z!~yiP92>r{nsKn+AmoWQbKhr`%u4-L1<=x0@pi+xVhLYtI zyc@wt6=5Z1nTBE=t>wC`fj)k-%B7HWXsz0%ewA2?h~lT85OE%obczk{z;VaRCnp0Y zap{b*rE^+xh702<`?S~w78=d&hzuhX{oKfD1#P|J(_+a0~K9p<5de^Vqll{rX-HoaKLFjiPc_^RMFJKf_U=1;|J(#>dK`XkZX!Io17%Y(Gm1=5(Mq@Dqy zfzSI(nr6-RLXBD{q0PfHE0bb%#`OoOUypn#ff%hTD3ddd%T4k{$=8s(KG8)L*x03c z0JX}%WucLK3C8gt3YbY5EwG~kIhbZ_;^Be6h?6H~jmz(&F;JCYPvE}te4^z(||;u2~;2uiEywy#q29H%~t^_{kT6df0+=|j*LjcD|&}tM!St!;u{-a zn-*ZJT~U&QK2!)trp#P4e@k+?=5eR5k8LSmuwSnnA;I!!{jUsbX z=8eX5CIvD9ZB@#*`Ho3N_!-;oI+ab)9tQDsB+ zw8G7gA7L?utmua@gf^!2r{G9j$u|- zXlZj4V83^m1YhZ6tvD{|gB{E+SwXgFf;p27GwQ!GN^r1)r6K@_`X0h?mS@KrN1X4` z_sIK^4Cg$lw40vn*2CWY84g}b&A$OYowv$63OR*f_UwTr!gjbh3&wP@;gx1Mg!AdK zNlL6%LBo20!j1&`c$G{r-2JD;Q5Jlo`iA$ZO_Eco*YdXzTq|snG*XFj5_elBqa{b6 zi59~eyv~ZyN)pvj%HI5;vXY!=-!;5YbGxk z^K8|+V@dSH#|TcYQyp8cYQ~YPpdp@HMrTstJiWwj5R=xUV39}*-L7Gt>Am^d;Z)Hw z%4klFQ7}G;vD_!7_PhQJN_~ROfVszAT&?t=vp$I0VJv*8dumX-$ZLL3WpQN3wLl@i zY5Dul-tzh#IutVAXJImP^DvtqE5^q{QqJ~{E4xlj#wSffw~(vmC%fIZcTAKlsz#w{ zhtN8pnZb?F;4M%C7U0Ouxk|}S{FYAY(y;0UX()z@aakn~D8Q(Y1u+<1cjL217jejL zHx{1fmjAr+`C-f>@<0IuG`;&j*w_C5D&qf8DFHRmoc@%{)OM9MW~0&M9hAm8{sc!< z)S&dPq$ahMJSNR(5iXrr+JQ20WC~I5nlD;4CS)gd`1S7C0;tayUvSvL;EtwjIb0BA zEnLVkciITZ)A{9jgWjoS7H@K5aCTb$rO&YEnrS!FY2eCqB1aEbV9WCwe00;^tsj*a zw`vsMmqk=UP_g@kJWx%j?G{+kSd1k5fnj%usU4#iS}#_@ho$1r{UBcxYqi?A{ux^xWjqL(~OOWzf8N40&__u5ob*s%VJx3>Lj>~~eZ)Zoez*F@2}O^OA-h=BJP z))syG1DKAf4_UtQ!eBum{`9S+(94u6W`r4{K+EX6gZCj$byCK1cv)rACDFuVjb4+VtKp4f<=j}e(5A`%A%!Bh7w21I8x2q={7gl;E|x(8Vq&g?@1o3uH5 zq!&!&`{{ir)gcYS_4CH-=cqf&@4WZkh}gL8XqAh+m}PyLfhlc{x^CmZ8(YTk zpuwUpqncH|oNHDJu_LcQNt=v3;#akj$mxZ>^X#2mbt4j%wP}?tax>gJz23z)=JV;W zPtU#kBd^gt9|Df6d_fG6*$^{5n19mNG!wFNkS0S$ynKP$nLt+%e0krp!|`{1P4&H$ zC+cyeh`c7+iF~t1r!F!wr8`9vQG=it`vgIZo#Uvk>V}L}MSTY|^}UaWbHu6nl{=24 zz(YoYi=0^frjNepBQ&XKao_@jUF_WDjm{j}UBR4bAY;bzOF6H*{MphVQ;CXh%Jk1? zGoetgMr^5YMb^*kq`PF2e8MFsaJ-l?3Z{Yv(+LWwN4;-)k!5G~LIc9gcIeMv>g`Vz zzzVUS2$(~lIru+4iPsa&NNYQRu@Gln68T#ry@7>3LB*$lAI%$pZ^IFdr_CDe+9F9g zCx9zO1Xdx^T8D-B&4E$| zw$3R?l%T=VZS%Hm+qP}nwr$(CZQr(S-?nXQI{uA`+1;4OL}k8YWmTRy`5l1(<}!!! zKJ$z-Cf`L2NOhjsjas^}+RL)sTPgI;)`v=Dz>4sYK#z0+oA(>ALDcM$={peEpwNu`UkmiKpqAdc^{Li)^iaEmeYSQEwc)+!bnlqjk7FkuIj5jL1)UM?E&JbCj z)D(XT)=`l<{o|qFrjyvy$mcMTo8PAa>a9^m=BV8T^ewCVIt=@MK$+yj#-a?WIMc_Z zbWAuLiI1xXe+*C_+no$h4ya!DelR zS;9J-gvZYJ6gF!YIZ+fMEZ`E^BLN9GxoO&xCneedAk%zR%w){QqpJ^bqANif>TF~{ zWStYz#=&^M{FrJ27xmp@8{T$cF4P#Sy{q~YhpuePGS_Cog@0yENLxC0mZ>))ALVS2 zQwAX)9%UY@WLW)JlE}f^AzQw)L_SRsZ^FNSszjO}Puq+TpmoaPPw}(R0Lppbt4|t7 z-zAV82#GFwAR8~RgHlUXpV%nCIt8@YxHsvNi4`DeGwQ*)p_O{d!>)jrr51Nrf{FR3 z62DpU{E%-<j zAi#JtfB==9%vmCF^A=9y1qXiiElv_2gfNzmRuo-mJj137=xT$-0LP03Moa=|sxD|e zAbPh5NJL`S63p57w??#D$p#y9rTnEKShS`Jj1#8o3xWqDD2kT8O_((G=B^$I%dWrT ztg@kDC<;}3Wd=~UV*Hw;()6G0#|~K?(p-TFd-B!S`>bpE(;)||5VvkVPMxVAiAXOb z+S%0_Zrs!P=PVX8Mvp{dDCo6&v-_Z8PTPb~$erw6L^hQX?2Vb%eh--Fx%~Ltwij7&@=7;oFNEIOO%QFetwEn z%3bB&n720VugKS3MS`_=C2WQ#=Is$azs4CERr)2q&VAhgQTi=O7;lEtTVZ1y=F1zt zHYYyL6FI*v_$fL`6OEQISRUAAzZu;;pcJ>byKCxUnE-EZPt@VAk=r8OH09pn+~DT( z<#5pEy322T@ofQDz>c}ur3u>LD@hJ~#1!`p*`DHwm%v>y`RvJa*~btCuY zub#?$2*BHAfuP{rGi2L>Y%WH+8^n1cDX~c}Y6HWi+}NW7Cz)=&u^zwIREE0WB!Xm; za229i#Qt;e0*`;NJVl6ha`xTmjTf8fiP;L3XXmKJ-3!?9m0@rRK(>Y7H~UR&dV9Vc zai-V^c8rcmdFDXvMRU^kvW`h|IR{uV`7U9i3eBP1kv`$lR#{D6hf z3aST|MZTk3ZvY>)?SoaETw7n`MrQ~!I`fC4S81_K$7?mysCBa2dnp*{^>Uryg;(bO zud6NwUzD%v2Sc=|wOm}ru|TGgxEl@G7=3?dXr4#={y6E2NzJY?x#-=7EzeZJUuv1dFX}XzjZBT?Qi2qfRrz3lUrRzrxfQ*9}yAcL8}3qU-S{QVw!@ zBL$FAFacX22DEJlcY$n%n?~t6NcL1!p|9nIFm?f9ptKbnFHPmTve63N4U>dz{`c42 zkfX+5Ij9G8=8*=0t!ujE2Y?a*hw3Jr;g+~x?gd#@Qta!v;Jz4`LFrSqi!p&lqpP!t zOuj^}cb+|pFwJD|8H$Sc##h(doMZO0Ha!|u{EN_9#A{N1PAXqpp~Dq`QB!$A-CUZ@ zRp|d{h)Yj1?r)!1Az03Ei0oBt&BcHy@*85u>4#}HMLQnh_`*E+G{}RV(gP6gnBfS! zQP7g%Rd}YC;U19x5vSI?achS&rqavJ7G@on6@Db z9L5HC6P)m#O}p3VC~xMGv6R$nC@c!owBk_4?ov^8$V^Gub2X3;a0-`5IDoU%yih<8 zHFu?~!x8<{SbBduOM`E$ogg9sT)F+{x!Fie8WCEeMx~1Do{X=uK|)XoLlOa6voEta z1rZfv0yoy3qe4v$;A;@)@mF8vUb6z71ANoXXpn@aOIW z-e;Xxp^08+_J~j$ZHSvs56)N%v8Iue)z!j^GQ)G&sgWtrYUNvQ*wAdW+n?6c*^O7S zX)ZV>3MippP~!)e{q$gKz#J=_qRQHxgpZDmpxrt#YxIYKovA%6E4fHc8|V+-jd{*R zPRiA1nIW7Nyt7bM45Qa-RN-MM<5N2TYiZ0k=}mq5=HwWRrnK8c!n%WidvqNr=#|~e ziJ4yTJd381$TV6Wa`<-zR)vBaP`w^=B13nbwza6G$(oNpY>#nzMGs&e=7?3mN@DeP zzIcGhd9!*s2Q2TGu}@a0+A6)`bllpDT;5j%_eT_Ze3=FW)5HS_Fo9k_h{$T7uAws3 zpbdb#ZX|CaSRSNaaJ$~OqtKH6{-0dJzy}bIcbLB&FbrGZW>8htG^BF$*}J``kp1Mr zGmx;%Hlb4KR?@SxPUh6ol)NF(*`0mCqDCc7B7czaIZ8BxlZB*O1cq|6h>RA>8 z`sk5D#bZS)3Il?pW^wq*cP=T=L>bFA1@b=~A)S^6k4W7nxMKz$E$RqH%dBo`2^|#7y&-| z4g}ff$M4FgQa@lNBanE6=>3%yLLNg7p+((KGbw0T1kGE|nopLQjWe_JN+JmA9Zh<` z6Ajw)?|w(*h10k(d_MLbz^aZeDlhzKpw#+uI4__p-Y;!g|$5FL`J> zyXB+JXHGT@+P1i1X+Eo;LW)A^d;K0Zc8??${3t`KD{Y#;G-Nfdo1Fz8IyxL+(w7+w`|w5mH1zy@i@ExS%a1+TS>}X3dtS9ch|>TSxSA`bJ%2F!;h% z#zF9!oh`rX%Xk=%gFx;O{AbtHW*2&k%lR>7d1AdFbS-U`q~K?o3O>~IFg|6@!iCkt zi_wjn`xN&2gx%kbBNHYzXH`UjiVpc{=jHzynC_nga@e1T@@KP@*QCg31?!W3AaqO< zA8s)L8E4=0C*~4T>a*^_`|EQ&DJv`M`gpN&5-p4D$B9LcTL5|^q7QBu!;di1Xb$|R zTdp^jlGR0<@+2O3oh;<%Hhm-I4HHc0@I@~7`yxpkrWc0+(=E}2Ox<}1ee3ru#MuF; z-ukU?5WC8*9Y^6Eem#zHVeCGHXod6rq4#~X<@bH^QRG_Hy3u8}b=_|;ESADE zlN%tm{8k5Y>0Tw{0OFPiVk@{VRemc?@A@h+votK>Zb%DY)b?qV8olq)tP#G~?auK@ zts8jaC$V{9-}TQZ+Yqsx_IP|EBjBCZ5b?1iW+px>r_L3!R3JU!LLu`R(UD2jSuD-{ zM8~m*zravEDSrsZ0omuyC4QWD8+=`7fG2OuJ+5eUVE%VEt?^z;wGOf?n}J(~_H7%& zbUm<4bXwVlFdGhM95(^ogOoCZ7F7}2OU^Zbgy8`_T}W_E?~_C%0d&K*VT6R?6y^sC zOw%8DIHyknYo}Qvo`2jA86tE*HYh8^+o+yWddM+MmkGhhZ=4>&y`%8%NiUQR#HTpT zy?up>qbdpxnUJm8Z5ku(5{rfM?=@ka@N-=e7b@X)dRRz55OwNPY)A`3>XD>pZw$CY zAx+Y*P!Ri40CILli`21sR;)&Tnn9N0=Z(xts?Ml>#%HOiz`9_|2_xCw=q$SJ0Ju_| zR*4=#jHnPBO+oN@$+sfO?@mT)P2B$4m?-t*Hm%c7>{(_ja%204uF@I(3^dVFsO5?y z?{3fn^a52nbjPhd7`=n8dJD7auNb8Uf(8t(Vi^**7*nj@XgXSHIq4?i;;k(~{-oAa zARV-!fsY(0h;JPA%ryA=ugiJ&Vc0IC3RNy#axtnlTC>!+Wld0{W?%Y3s6XsdJXjmZ zC7Ah2wtiqux2bK~p)QvtkY#JOYv=kVk}V{SxNrs28yZ2+#@c<$x-@H zxxVkq>;lw)HoUC|MI2}7HJx{nD{0|{P^#&*xW9X+_AE|g7J-p_6hmuu*!-1Se7Ip_ z*liYUaw`#3oLm43y8>BsXq8!RA#V}#dn*Ec1IFkjs;1^0yzyBNrkzE|SiodHV8`bL z_v|)tCx?U#y`8@)DO4akYZF#S?Ye;*KioYx9uunO8WX6F^igX@Mqy&baYka^7)w3r zsfL|UCzuZaKdybuKG8rY8aPai0F$Cn{D?gRIiq+(Or6^=mKq9-oMyWv_MkER-F#VSu zsg`;O1lSjTTq4NclnmN+?f8mg{rsF_KmR5~2kaa{S+s4eGvE3Im6Qmy*@mh4=_Ahh z`D%f~IYGbl)4eVgv)yn%cEk1*)_=V*5b>|l1Z0= zsry)>jqww_SA8XV(U``nqht~yNlpzBQg*U3~QnJ4BNL_2SwYH91e_g`kU4K`0Zxc2A6yvE57b z^WLsTBA3kq6IveCfl&b2V%Llv;;L}F|Fs@{zQr`A>ekC+9QuF|jk=e5)`ocM&gJP_ zr;VR8dC3R@O2~7AxT$bWg~i4S4KEf+1NA5Cxxl{XOZimS2uqK}lbu#o)b~HBZmWSF zmGhdwzFN;Jbn_a|Nx_ebHaI@MVo$2NddY4)d>zEtmh3tlO6yfJ5-p^vF-m969X880rY*MTlQ z$cS}2tYkr+qc;O9O4nqCX6|Scj3 z;S%EtcBWwvh1NUJniNijk%!uH;XQU5z{<#iL{MPYz&c76f4cTgBxi*ZKxv~#WrD}F z8B~-4%*me_7L9P{QBW5miuJ;!Y5Y6`O;}sLNy7kRIa#f% zQ23ALM=VntSF)C#1w#PE7UOD~X#EuSF*>`OT4q6JuyVMKx&~vCwSZj%@JRImYz*#5 z0!A=h;8r+@Ss%8f6LvTJauaNY;^j-XhVk8aRW+qnjQi^={icmI1?a(^^@j^ZwRie#7)SXmS#FujdJsio2Ca zF5$>0{lhRSaBLFb2kiY$S^m&3Qq!F3wd7mhTy$42== z)b!r@so_nntqe8X@vj16xbw;~{jrj&*|Mm*zff<@cra5*Uf^1jK6yDQE-cPx=7N_z zQlT@N|NEdDeSh^>Uf_Aqaa>qwmO`kfd6+^<6|~ijX3$WPU+Cw#0D;vQ{I)OiJfB(DMW@vRc0WChoPK=6uamDAPd8jA8>t58RZdVg> zdFSxC|FG3LZ$T|dE#xRqT$`s#Y?)9ik0~>RV`^o%U(o<$Fe|Ha9ZR}hT`NRw(f(uF z^@GfY6?N5e2lKQlYx5Gabv%OEgq>^JQ4-j%2#TG4lzRM{(@_QT5Y+lY-cZt{8ex z9PI+xS5<)X0wQggu)7H3_$l=^k7Jr=J16vkxqp$XbB0#GDhdqhF2gJ8=|d5T8+x*q z%w!uU5SG_b45PcA832{IO&s(V$@w}N?rc+F(iu3abX;C|Wx20Qo&CZRdwN-+cc`pb zWTqrrq?=;)h`Z?N+_m{uHlFTO-$4l}zWF@hl2@EU%=BC-`VLrD+wc8ML&<=#{j#+t z0k&f?{O{)W3vh?w7+N#cSxBd{ig(JHj387OiSL5IZDP^=K1c9=MrLw-IFEcgZ$sTD zXXa}3(tP1^GUq>fx7o+;gF92u8E|yINK0e4IbBKAY_zln4H~xr4pf8lB+!D0 z?mtHTgBw&a2U*>eyE|RojP0M(x^E4a7IiQ)o|pZuig+8k%ZqMmUM7||t1W6s^-22F zQRFGAc5}A!P1v%-0^2QiVntv!3GKUFl;TR7fIpK{>LpZ;#^=pGJD2ej19bQaXtRQKlK*6H!mR0`3pdvhOyXlGez>=o;daQMJ96S7QhSyEmfH-5KI^uRw zn$D?GlsMyKy8s*`ZrQiOo!||d-lj+Sb_W`F4dUH?U3vuC#U)lp?y12a1-km z8czbgq82Z>BcXYu^5~kHsCAKL2ub+M_Ki$H66Tl$E(5Zy2VN|-ZMY|CsNwGTIoAm;<#qG zV?9Kmth^|uZkz=?4h|0b8rz5b?v5RTsK@;fdwj7OP58~?^W{NJv~%WbdI9e@@ZBVMntki-{j-7(A{Ak_ffArSn3tYeewQy-bTRt;EjgC$>9`mmlMIJ7px|#-8ZTZ}u;>zx$RbfovZrbU@$^7`@8L`77_NT>FQt z!$YxAIA`uB4wTl4*OPerTqm&4x%0d-7G^ei+y5QMKjayqSd7*U)f4bIM5QWe;F1d< zN$jtGhx(-Z@(9{iYRxacM)2jt-8!Yu^P*n8o+|rKrIh07E)IQ%v7tj*_}@kzI$PO< z`d__ZFfn6(^l7(a-i@B~kM=}bfA&-k$m=Tp^!~_SgW2Nb_W&8R%yUpn=m=w&H09Q$Rt05T5@9H`Kaux%=G zksj3g{ofpkLzRXZ24>0=O>*MsmMnE)JmL^Dgjg@Fzjp5q@`=N$Xw~_tk zjk%iCQW}lZQwmC^?tNQ|nF3s+q;?5_VgD1#*VgU}8U)ih{(q{=@!yJk8Na#hjjtgaJLE)m9F#yO+}UQ1G?Fst^R)~076&;d-;y!P6mRkt=__Dyw=ixM)`F{NC< z`&Rn6PuY93kXqv7*hwm{-h+r{)rJzY^)F19fpdR9{`K?a>;afEbX-h0|jyKBd z(!s1GeI05GVu}J#cV0~rN%|Q|SlgW?B{=%^Xkew}4qOl(A(q5`MkeclQYcR?fpMY` zypX2NyYi#88r)n~+1<@oVGr;rL1P&v4AgzUifjE0B!lP-G(O18KrpIRSbERUTy6Fw z4~}yH(7V!v=9oh-YpY$rHoE0K>}q#k!)o={dv(3Prs3i&es)l?O0TS6 zQ%w|nvba4)Ks#xyaNb?9f%h2%o`(S|U)C;FebTFL`BD<1O#qsPW}~zphx3-=G8en| z>JwJZBO)Nu=*{CY`F&v<_(Fm(v0O*}{UpI6?Q2>zv|B!LnZcbwO7f@@!%V**L6AXM zeX&!+qKXZd&u69acs3>ZJ%x9;LjY1zYnzCWGUh)XH@ZojnWZ&LJ ziB0~+3%G`lU1|LAkr?)ktag@<%|)7@8EE|+D|8SBY7&sy(LQoNhklSikEPY{*U;3x z>Tf$I^bgy_ZjrdB5uRzlEDumoi2TE$GNbjww9=&pSnYh~rk;;Q8A;xw11|6VtD5%} z%z4o^IX{gX0B!Brz#>$w1XU8!53LBSoFNyw&hY2-g=UDs!@YMW)XW(Mv~&`t)CZP6 z1-gUKPxOyztjDlOV?{k(h&gn$fvNV8<;(>r4q?@Nv0f7SIO8CA8dSA8@~2r_!Q_m+ zd>kQ>1fWGi{!+3Qf`)F*GZ-fb5MIF_%Mm9Ra5|Wv$y-aJ;_Qe=DxZ^Iz+KycR#D4& zQ}kCqfuz0e;qdO~)S-ZV2xdH0s)ao*SGYKgLvoqGGOd6)YrERBJj`S(aufUCv^E6) zxX%^Kzo8~~$+W4_uZ*J`j1u_0Bk0V4@zPC|2t>^6K}0$QfEzCk*=5Ozm224LVr1#` z`2DTz>V+3DPQhhGoWE<|W9jgEFl&|b#*s|62ym7U?9>rFmGe5SVFNj3IjKun&D+XW zQ}G7M!WqSAB$nvy8S^6*J+StY%iy&E%7yqIy;M+~$u&ICUDzOZKbj`lJC6{TS{iKT zPXd{E0D@G_cWC3)VSV?oG!{_^>{-Ub?KNzVA35C6Gh$#I(!{Oe@tl2jv5>tz6eR$& zDYFM;y%sSOAv|w#T4S`|Uj=uj;?Ou^*s!jSzl<_3VCx$wIt#uMTf%BhU5-|P(09j9 zaSkQYq9$G|?XLm`YF<-}!iPIBrZYL(i(%Imr^hu8(u`Klcd<#}A4(Xcyw1btvGud# zOfZCKVmZ4i_vcg-xvvKe6q;67V4S+r;wz#$?;Aty?a$+0ZY5f$a93y&BB=1vp8kkp zN0PYgugr%eyn2^vv|jLs{B~X9%jPeOsqNEJ6HA`T{MJk>OP6n4XfRMYWc8xpsl#U!HsH5Gg7&HQv@b@)obg z&Q|Ok8Vce4+=D>4!5N0yXZ+4k9B_>tgBoXlI-?mOZMOlurD<7CG(Ac+my^%e&ukM_ z`^!TML*s~S+bQ}$jwbtUIT5$(D87vzZkkvoJF9{+G16{y+sm|_sJ26kKaO6{%a4uzP z61BS^LSQH#g{DgvBk>-BNBJFkdh$B!IrRq?U6U8hm5jzE?n^)m(zW_itosx-3eFo7 zv~)%^%WVh=1wB$&5E|p_eq5N03i2SyLiRhg3{RN%N~HAO^Oqu_wR}xcskL6#d%}_L z5)08bGZF^U{dt~@9C_mpdH2LaMn|%DVskC~5HH^Whn&@y=0a)PR*BX+Z^-(H>P6t? za=$xn+KiWeRI;1aKR0AEj_A@7Z7&gu=kL-f-3yHC+n<`}es#s~h-;g@bAat{^hS)W z)_X`wJAZvN;vxmMR@x~8s#FrM-GCAzNKKglX%#M?Xo_DiJUFD{<^D*z85B86qu34i zo-Co^;AhW^{kM_~lP7+hFi+G~u{oU@ztkomDRs6<{1h15l0%~CG-j?gM06`~rW49t zczDA~rErzETUC~zu417X(!Sa`L@aV5MLerGKttoKwfwAk=PLA|T{2^GM9$HFMq69E z<`iE+VPw}gqQolh5QOoXbD8Lr&K3!4WvC(i`8zg&GLXjuM@teh!-{Ar<3J_~bPM2n z17ueR-15^@Fyj=thS4apjD(j!dx8!Hx!Wr8p=i{$K6eS`=4X2iuV&Mbm@!mmr(Eu? zUeMWXgx8YP6I^_%mpIHtv}*Z&q4eH7s4K%dKdB?aQXO1Cuy6ez%q?%xNu=ngsP|8F zOmGLv*t@}4AlIBbtRgk!@=lt$_6;4|Rd-I*N&SjArzONfF3v>`bDpFCO|pI@Hr9`S zK=v10W>`)FQ}R+o&~SKe#g@%0H%6oK*mf2`n`R|Dc~D_-tz?_gp_zqXm!u*tD63i0 zHPmP~lx1Yi|CmnNL^;uD*K1ootZPOLweiRfn&O|cw&xzsDI>V0lkDGL@!uTqRNjxTmcKrfPsjObV6m>k5o{b8IOkSkt| zg)z06LI4aVDhyCvEvp1N^CXHk^+IwQvn;RbUWe!45{c@9rGlIdyQx;(Lx!DZhtDIQ zB2dq%1(7wmbI7G!0!$Ih?qyNG_SpDrJUq3wWV#!{^r-)LnA0-wvbFFGyBSYL~m(;Vr zY1h!bLdIG|1bWXJkcMb>HqYPIlBW5Sf>Sj>Yr{qx?P#4_NGDp~Q zl6$U6y5V+gp+m7QAWGqLEV9GCGih6X&3mIeRp|El;W`<(TPmnkLwiEV1zRa6vlL?W zhg;Hf_v5tFDa5n=8Hv{)@>PaxS?X`%KI zsla)8{(h+;e4?EwOwI*%-OK17O0A3>4jVRXP*1emru&IY*r}M59{ui^w{g+RQEd~@ zZB3o_wYBE9bKA0I@)2sow6c-ea!GHx*X(Svxyk0awJA4g@yeOe=yF;?|9tU7bOdG` zN79jr$-}~NfTX3xby~eW-z7-o5b|(JUd80ttTDx^X3654&l!}Sb%0ljvn_j`=&+zm z1Ud!>W7CAstf@Im-O#l<^_o$A$QSG5yT|YbPAR`0=V*G_T{L>VGr(n<8b6qg5wnrP z3Q8-u&d@tsa}GdK?y?{|1!7L%d|g9-1XO)}DaFwq7uUgd#eeE&@Qx}qzUwlYa9;iA zp}k-zB+=^8c$7V4JmfIlVqul)g3mSm6y8LLYwyi$Gq}$5$4Hu=@)pbZ+5(q^XjC`D zYUijvA#dbi9t)lB__bDc+^%$$FbX#O2lLUUh@r7~X(V+z1=3J8R>~WUbItg5+RdU5 z!Mv2KwJd}6VB#;#s1Z8;;&fkSJ{TuMvRnbr z9J69F;%R#m8Tcq!ZcxlUuL7<4By2Fmsd%u?#e-DYB8K0wUufRqPN=_aGXfnk zmS}J|80?kyNtFcv_8>>bj0pT~=aqZ#TUXA3r~Tq)du;D^-xhGhWgb0zIm;>pq{7<9 zaw~l)$nLA15F-!uGO+|vL>tFr|CO?aeU8ZOTbR8prKXsWoZqwUcB6VI{d|lT% z%v@-zIO*gEL&_pyKvPOs_&`XAQw3aSBiF%fND$rDu3k~sT^G71o$$0*g?=j@t0@q2 za`(ngMoCxHSGQFbUJ6FtqLIu;tDWm!P~SB3VDJ9LL6Tz-*vmuDZKD*vtJHa^&=X#R z{)Ero3`tBc+KamI2#+BhBJ+DCFlWs>SdX?FuVf)+SQ}FNTe6EoU~LBzozF`I{PY>$;jVjj&c3Vq4E&&deU! za<&`ztg9naE(pb#HpYjbI+=lNf(GN)Afc^uE7Xnkz7yF-7Zd8buJk{zTCVIykp&l) zVf&kmR%7Y|(_h?!Ja`}%;Cj4@Rbq}CVa*Q-pO&Zm{eHM)@&9tBAD~GsbC+0*bQ6f? zX?F4%PR&5`U!wT&_7qEu>@+UaVr;l=ERINZSi(n(U|xn~eaHfozGHAPgBTX0;v>4o zy9Jg;oie;UgR>e!NUWI%$78+iJ>VGT(9w|aOcixQ(nYH`kB}VzUI#e9pw{Z_Sfq~ji=8+670US_B;qjKHef?m7oZ7r z$EEL!lD>-$d^H5Tt2hsKmUHhqChJtb#v4w>H!Y+V8F?ZQxARpK;f#?hR!(c|E*e44 znGqc zjhp8$SuS(*)ly;87Px2yGmXu6;U-GGfMNouNUQYm-?pWyxwODtS$vZ4{nuce z0H#TrZH+~cXyffv+IG(cHX_}C-RM0wNNpnx1}|8GQ1))~uTW)oRf|LfXCS($(^v;t zIFb8&TB8jBFJzHWpNfKI?sxlEP}uSwMK-Ui-I?B*1CERrHZa3)iT`#uQU`T*)Uu4% zya^t2m+^=0p2P0|7^A(MQB61N4^9zt-?-@_X*szE;bU?mS_3V7=rb@L26$rLAa&9D zgIBNv`W{haW(&&Y%OiG5Jd?e<=@~OxLbbOvKfR-T(l1N@t3yDH1L}nMmhBlZDQVW$_y>~Xje5BtK^kU`;!e+ z<4CnW0h;zg->ZXv^mcV(t^v(cJ(hiJFx$EfwYCqZy>iocl*P7?avNb=fF|0Cb(le? zZGitN4WPrn{Wzv;#C>))$T+3c;!#0NW>bX0Zh5>xN+q>a!+>7$=8_u5p`m%g_Vy6I20&Mj|+ZAROV$z}#sJ=Q|lD2VH50Tfru)>11_aL(>>| zMuvzLrZ%sfa7_~g<10MG8f%APOo1VZZE}e->@SH%FyVxMf$^}$UEZ(UiCYX4PTJZf z-JFPq!E!OcD>wL;3yS3w?mebMAmbAs9ZJK*iEKhc+#f?=%JPG&pp+nHaloVRbY%$# z+N^5qC`chcrTyQljKK$MN$3z~yBz)MuOMZN#uP~*F#ty&NOyRlaY6E&)V%=+QlBb) zdU708Eb>5CTOtcpc?}l`>-C4YhlgMr-maM64+`K(K zdZ*`T|7~b83u9`LMV9t_PeXIJI31mV?(9JG@WGjcRzws=kncpq_m~xQQ6wrBLj=2^ zf8k_84H)~l?W=o<{q7`;h&SgOy!ELY zytrGRXZaE6wL{>+IM=zWvVDM6OTZD&B4qzd;oKPn>_tYA=L<5!HiZ>ml_I!>^$os64PF1m2Hh^2H=o7c)~Gagqy81<;N zxd!kDU}?x|l6-6W1$qLP{i~epQx$!BC#G~9TM=rj89qI>GHM%Myx^pRc%uHH9!C$bFhK3_*HVooeoX?? zIwt>VpIezPwwG22e5^n7V8!!wkv^DlOwD}i3Z>vm;7-4#pB`)NGBTs?R@ z6l5-`)vkM(Ls+ZpaEAQ&v6PkN1tG)!6T%weG=|^qrKwMC9#q!0 z8nMm{Z>2xj^s!o=BoXr&7Awn{gZw6;(3Hmu67hM^wPA+cr^$jpwjqwKJ}wR7H>nM&J&Fk`X%67o$>^G+E0mf?!HEZ&X#uUJ|6C`z)+|x5-W!}g z5#Ryx99l__M8VXM1V~9PE;!D34yVOn;=;7h{ew{H zua5R^I)%+tatCOL)!yA~HXUpFV}C#d9?;s&OU>(i8w;t^7OaBEuU&3X*w*Owbf<(0T8Ll2gh`|pLaJ8(rdXt28+EC<%yMg-DmP!s zsVceM46k`_YsK%MkZ8kP@FWKhqnoEOtsQ>>N#!?3P(}S(TdqJZxowvfrx$dRkGb;&b^s zL(8ucU5WC87-B-&bwXA?e*?;2tsoy{+DL$#`MxWltPuz`)X>yMBgQ1Ub~BRi<+6T* ztSnbb@sV@AJY16POctqna?IwP!Qn#t}4k4cC*3r3Ll(EbvNV2=!L&mwO&F} zNC>JOw78IthHb|JmUd+;XYbavy0!iE=7G@_W_OGm9kuN|T{SdP(WXw;n|KSmd`oaQ zV9Fd*&Ma8m1$_+;nk{xSf>nIrtXSrd9RmJWgjgd@;Wr+>RfKK0nzoZFr(R^}ttkH> zIiuQ!z=769LpVeH6-}|25I}?x23c9WBaVhJIky>g&ahI!m#*mvpzv1aJTLBVJa_fj zws=6BcTalz50#n6(16;MDb|^uZh}%&-i$s}Zw}&vG=?yw z0FJ#;J>?3nUrp($nT{c4HOb(?^QYWIvvuB8`L|9s+IDZRl}*geFYekqPPVD%WX*Nz z)K`w3;F&@#cGyR@-(+{ECsI#Xtfr<(G4aofa7gCHH2lLr>RSUcl?Xq2-J_w!P264O z6L)<6(v83B%0>OOq)+T>Wa4Hdd--Hlpp2j;X!0NJVRsUi%HVA0C*?Bbp@)_lWdV(C zRnWd8pvVR~`Hltp+wkJoSi&h2#mYW%V-Rw$|t9VmGf4@>!@V#>Xg zgT#Q;RdGZP+_Z_>6hq~yiqOzqwLt#(iFX|4@-+=aGby@M*BA6U%`jj{Nggfq8~Ij|DxI!SiZ z=R!*6Nb{8hZP3N)PpEoRji`iaigGAh+Z$a;c{nTBj7a}ulB$A?lO#ckc`3wE_9g}Q zB4joc3`=$rVv4<_{ItD9YdwrO<-p@t9Z=&+aiw8$8YRSX<|OQzXwE16!E99y5tUQq zl9j;t$y#6{Gi86pa#dj2+!v}}lba+<#IgahBUKRj+5|pKvLc9lD!d9lMMy)fHVb{p z@BeGE;{<++RarQtX)H;a!^FrRB(@s0{{1%5(G8GuA8 zNt}#q0@6@Nd46gtKE9I3qQ7UMPqlvz?8PZAxrj+4k+CzfNC(}uyt zkoT3-NF9y;itPguh{Wm+1w3PN>(ovBi%ZATCzlpdFRP5k9|tv>*aGqPam0qd&{Ed$ z;#jGG1uLMB5AgSu_3!(^4JM}`oMjHtNnG7nLdJAe-TfjWd66PfYlM~PDc^+YQPq7U z9uUMAO^usf{((sNlINrLeW?GbL*kt@cIlkH-AmTmX#~1aS5sf}yMv057ZT7?GsXK% zH@yvY*UQ@A-hsme--Aqg*Gxgf!en1Tv}M(h<(x znY~)&&KJVtx@I)q)0x|+`vADJG)ZZNIlP zw1h3sf^GooS{=9cI>;CS^0p^d!aY-IOYY4(lY53Av-D;(o^o-Fg`exGu6S zqZmetersb5v945glTow-6A;x3Ch)>cK$9T_DKOwY<5U;?qJxpW3l~PrtnCg9ogG*A z@w&)Kp@++p)Gx`pH&Z*ug;cGr4RrYGjz~~p>r6vo`Rw#tA^?Ir#}v;#Ib}l0ZX?2t zYI56(r-h(%l&yJ)t{GRyPw+xN@B6&n%6q)ROf&U?!utsG1Nr4#X}<9}B5jq_3(?|_ zW&aQ3>n+{?D6rzy8?un=FO_<~kg$9R007MYO@UPu5fGLUp|vq?QIWC35`*c6p7Yb+ zi!x#E;sFsr$Tzp<6?wH+RMdQPXe_Iwv4~04nfFkzIMR$y&Guq_bH~bdgDgi9WrpY%`FX2uKz_IG zc)u*IObOavz;Oer(KnLm9>wH-XnW5mWUS%Qelp+XYyp+3WLT&tRsuh>i_^OCda0z2 z$Z@<7X^WvIb}2c8(44%~qh){4I_@Ak7Q`t1JGsO;l>LGa{FmqJqO7TUc-0Xwn^Y!K zK$U_1{jV>AtJhSugizJM)d zr==g&A z%USKgoM1|arv$L(RT@hjT(A@d^9GyaDX2jU?Qib=6h~Z}PtC7JPG|==4_F`j4`xM_ z!W%aBM41lZx(SP6?Tnns?>C(7b+q2C^-|AqXkAqbxs1IZ`>bQPZ6obZp7Y?>xEyW( zo#MoUU=o|_z2hK3h4tni+#2iZ)6K>|Ea%p0>JH}gkY$oTQVSD3( zvQ6Fj{rUazZ;i1F$V2Xxlk58{ZOp& zhuUIxQ8D=g&W({Z3`cYEdc(y92}wMc+_JIxCS-B-i?{W*He*J z0UpQ7%F+`zgilE;U`VPXSpU-=+4p?jP?}rf5b08pSHMzIzWk5yiBrSC*uyZ4fiutL zOFX!G*%(rfs-bv)Y<>p5WSIS>5a}KV`Q(V&G&9%Z!chS~% z@z(T0FXsY_4SMgyw2SplSlTk0IRJPjg2(CDY{w83IwaIi24FW1#_+x^kpeoxxe>g;d zShEx}K@*n}8PH(~H?w=SLqxo!A-!;AR44pm*tAEI>`v70>|Tx%64(kc?s z=az@H3&9?yRQ<8#grbX(`7xw8pkMPCB+Mz2+!mtc_-AVACP}g^qvIR@*(cM;yYisq zGMLT*YgbBs1^Hcd|E!Iax!!&D><%_BGk8((uZ!^ErG!6$Lp%}zU4J+k0a9L6jU{Fi z>E2^8up(ng7sl!SJ0JBaE*&txYJrw9p>Hz;#5C#)6rqNWi!Jq`x($0!% z!cX@8OE&U}R%S-+LPcc8y-JOoy^6HJcI?5Awy=t;Es_ZI`TQlmlZZ60Kd>b)= zP1IVWX091l#mFl~g&^I}c6Gb5s^#=ADyb?wyaFGeX!lcgr)#cd)LM6u+0v13CVWdE zduC;iLuJU&>Hm6p8l*}sR-##xJ86%F;2M6Rv);z(Oq1#B9k8|_Z)MfbM#Hi~ilmDi({E=F2y7h>1LOR)R&ihgp)6jEZWj|Kdw;<_nd!`)~44;KKp-9VI zA^+lYVwNxwj9{7B{=(hT7qMjsYJlXrQAqETNPoG7nDT=~?ONJB|Gr0C#KO1LIy6|! z__sK>T6*}{S(xn{;K4oGFL*$c{m zug#6iR!RsgNc4v#z8^Dp2qpKE zP|Wto`vN3l>i`dtLqTUMySQ1H#)AgPn+U=TnM+^cxq~OlC|HzJu*2bYiW^gxJp)_g z=GGEdAHuuP?X6_@{5kXv@A#E>;S+D4p`d5rj1~>aEOyTDQuT8AW`^6I4i!#22g#u0 zl>!+fV;YVVqcXZH4Cz?!%_?M1)u2S7(WJ(4-y=jTv40`S{2ZVa#blnQ^2`p^2J z!e>in8?{rkIB$ZFp-1?4>JlXuWIH(yT43Vk?8ntVM@FG*GFu1vf-w1U^Q#))w44&? z2d951(ct!G>3wBXwRKNgXO>t8J{bZlf{Fxz1u+$)ABU0Xzm1gboP;W&X8j2swX@i! zwJhGUYb{7I29<-|B4X6^qSSfhUK)$B_greL?Xp+-D#pBehm`1T!j`@ZHsVE3rO4Tq zJGL`Sx6Vv8&Cf4rIJeBE&M6Uz#hP^5h2H80V^W$@S0I3~>0DhmSZrP%D-6YVpxBb+mq*_%pxUjSGxWf$a zsNLz`aKoI{+Rqf3ibosZ;s^wx*YZKUaMa_@7{gFC2HNDgHpV~{(?fC8(<&k)g{kx@ zB>ryOGdb?Gu~uikn}-}Ef%9cMmSew<_znC3f^dRV* zS%C_PSl?3OsZ!{9IOMRkcUn2SbnR0_Ox?_@CxPX7)jS?cfUiDu1faEB1e;j!=s1Fy z3(VKHiBwkuvCFCo(zqx#PPOUM%}&S6PH$>$zMsP~JlZoRXr$95n?8_u_;Ws)G=+hr z&js~BnH7t<_XXHB=yI4B>v~tC_7F+*19b-8?<#x(%^^cAAR$z-T>h~R4~HaG9!EzW z2({98eHQaybpSLB83$UBqR~59D#o^dPLBee$)2;eAfhv%tfGKScOsKsHwsr}^lJgg zoqY$HB&`_iDDVvxNx~Z!n(~l27kC4;e$RbTYGCqc-f=9}hh+73oL*l^nA)yNLiL5(oSiowKDt?_kTHGA4)s^ zETayc8gLZ{?H^I5^vIeC?gsRLeqSulVm!f~fRZKug)e0JlSkr~R#_IuI1Oyg5?n?n z-VuOJpHp&@<66rTf9*%4w5-0QM&82p4p^CJ{y{oq%0h`o{(>1;Eo_5pbQu?FxW7H% z#pDa({##qCTZ@{gxRk8$htR7!4o6X!GtIc*9Bz=0b<<$$77gtUd?6uNWo{mJ~rzu0As5pGE zp5Og{8s`JztaT&`s{cet2@|+Wp_}DaW6VS7D^NW)K%4(?|1Jd)$m2*g&f7E{4txhN z1v$T=*(Qxl!H@m~ogKg0v1=gp^z~PZ*(t_s49bqJ644=j49XHTMBNoR@B`k8LEhl9 zW3vPkYs-#q^y^xeM~&(>0-AN(w|DCDjtt3zB1sCp13e-22Oo9*AQeCsDVYfDQDMar zuxgOUL0JZ3SR~GisD)99$&sK!iPWIVB8X`1f#u(JY2j~m<1R5j+ZH&tiEJ~vE_U)= z0p8FqTPJ-Cs4TTBrOeqj`pfJKd&v*@c6lv5N|2OQy_Yd_8+?- z$jZ;YOsuKJj@ot7o>{R?5bufWiyum&h$WjFn6MULwIAwg5jfH~6^hqPFeeyDIh7d7 zYQ#*OS+V*Ial;fwo?o@B;?LSMtN_cMz$8jwU#*K24B>OCE|Fxk*MYwe*pL?8VEEQ3 zhU<(#Wampborv7odDWL#UnyG}1aG;M8gHF}Tr27HCQWx&om*K^L4wZy(dK*ADP+ZZ zof-URk(j_1uFtM^vuVz}Q#z6Gh;rNm>x0dcLBCF+D~kgIM_sKDA(!-#x&3SSMV-cI9(6LPboL%92E+U?r#4fMZkiTiY>;(rkJ z5BrTL^Uc=|fXy$gJqgh{ zJ<@6hY@sVzGT-w+V(tz3!bx>Zi&({6<4DOn4FVo51+3f`42Bw zrB)zQ5JO_mc9RipR#@#lF67go@YAj#0@(Aq0>N9?^W-zl#$kfwLwmHcao8(`o01r?_K_X|FG-lhNIS{Tx~d?HR%Y z#2nZMvuY?HwvSXybODLOZJ)(HJp%4l$x?%>E)8@~Yy!4=-$D=4zXHq-lh#t2qX+0C zb%e!5+VryY$Jmls%+Lr$Bj)}fCzFr67i#1&2x;)eU^qbZtD4mX91|dBzPQS+ z6}lzvjxv0=*Yp(r@f|J@q4=MhqN9ylYGAG5I7^l*4L<@-b#9-QC2mDxA#p)%LHl9k z^SsJdfr~l@i1?r`0rEH8ef(PEH_wu=Z}GTS3!A1Lc{sFdmg206z5#u|-)uIKgh4DQ zqjEy#t(f;<(Vlf88LyOlNjiF6tp&bsy4WI_SNjBY?I_Nz-n&Y&>WIC~Obg-3WKcy& z1r;R;a6!uECq}DJzx|ri6p(TTD9NK{E_ku3R*&O4SGd@~MO*Tk!-HBBa0rJ8G5=_& zitZ`fe87@%jPGJ(LFS3%b#W;xOk>&-&rW{&-a*w`;sB|SBFb;EE+e`0s}#= zm3+vuQS`lF!#dDzA&%Ur{S+v5k&K+;Hd5!6e6&U>3A5`@0iXD;xg{sakVPoOMzVM~ zVqA0C4o`&DX@!NR@)R#nW+%@>NwX8ECUB2SVR>51D-Z{5jO!!r1%S)DDZ*TfMkV@ij?*T3mlWm z)GUpPc1x_;-~n={QCLMj*`EhiYO&ISc|E8&(a>jC=(FtVI?{F zf09gci?4Dv7^7}Yez$wMzqrWlm4!NYTpN_U){>S3U@hd*)p+-@Y%9IHX==s%J zmoxIrQd8>4`U;&h^4n>b`csgLJz`04qqk{ND>|AuKGlWB%3|fFHFjWK3Y707AfbA) zgBU;D`@i_4GUQ$JO8wJ`6MX>yu>C&=MO8aXm;dWM=>J(g>wemAinaXk3jBlu+Em%- zD2Hd-Wr9_TqD-!LX!9Gi!_sAl(#uBMw4jueQu4E1{(k2S5|Sn`A5Gm6uEX&+#mLTh zop_&SdEB?&`yec6`k7>^*PsWrpgzHOLE?6lIODGg`gNtv`e1>K-t~Hjh8mu2rbfoy zJk5*@V$bG$A+6mk`=9P8@ORyfENQ*D!1!-f%DcMzoTRmQ3EmFu;GI9a{yskpZ#_+8 zuCM#N9~?(s_dQ&DyxAdXjP981&mlXDjsJbR2~o4yor}L#rhfYR)FZp%gzXBprxnJJ z<=6Z2WyisFZ{$RozBSy?=Id_YP5pA`z`@NCmmj0A!A*e1+KXM^VicD0E%pWI---YJ zVgI&QU!N*?$nw&I;EXzr!NoE+bC=yKmEVrLg2=JWjUH9Bi2_4yDm4kc!k{av4{WCs z9-Ph2<=K?wM=-I$(b=3K@!Z6YhEK41WvtF??d+6>nI->yeEVH|xZcYDBLey3gbOdV$K*tEclqYyWaF)mi-WmccbsIbZRq z@!#AJkHzPyyy3ep)eLG7Nql_>&*S6AKXQYMEx_oj0xfF;dQaM z*>yJOPyjoE5G%0ddhsiZ_rrWG1>`IV5~86hufxozKuRI;ez-gEl@s*svb2APibUoW zGYlUJ=|GlCDS<{OLBYdqXWz-KLNdmpJDKlur+{+WQ&@}!HndZKL$L3GZ3BNNi+Wrm z!p}3YBU$X@pw|!j`DSwLu^4w=2{4|_L}ypcf-w4LQJWQamyxg^HZ*93Lr3>2u@|o` zMYBlCJo~{6Wi(9&2OG%yHApH)Wd>1=Ri!iyr|kQ;WSoR~h2e6~Ifn4wkmpH>*j^LZ ziG`FPR}ph;s1Q)FCC|+j;RX?*?{Au5U7Dhr2E6YZ2H#jP>C%Y$x9Y^0W0Z&IXv?ve zKRfJad&6_AEV>K$i#Gr8!Vm-S19nWaU;Y&tWeFBuy{+8AO#oKFkp+8_Qa#OHtWD40 z_)ypp!3?Qxl;6m(>(h#$8@l0I~_6tOP5Pi8Gq* z-^As{F9Z&kX=(5vyao7g(CKc|2gY}YSV`P0n6=#>yswC4*cUPIz&58Vb-Obm+_+S9 zR|i>g$xHzk3p5$h@>mMe=oGBX#(Yx`Xm;L|)@CIREW@Vydi$^CH?!Tf-$RVg&2LR)PN_#ZDddDx)B1zKrzs(;TSP3R2rc;F`Sg|#(OHz zv(|jS<~{=c!ijNaF+t=j)MXap%S!&VA|0h2pSLe~EG+aAKhePaZ<(7Oq1Rx8n1jH(V1T&!$#NG^6-{?H_@30&l zh&(HVC_HFTrNIKLRw!d~)Yx^NmL?BSBHG%6+J40~*-_0Wk-3c&`aVcu)@f^vrm3SlFRYf*%-0<&5uZ2hyiB!*A*Qec8;_D3bagicH)iTd7o z5=3Ieh8Y)SW`||EQA+Rn_-A-M#}IP(j15EVrm-qBl(1lRpr8jpNJ znB`ECsW%)=Rnm=wZ9`DpsDJMuIvl;PX|p5;cGhwQ!x9zu;M3#%>95#^&Dkv?07W?m2Hd;g7N>I68e;#2N>kNTPH;& z?CKfACG9kw6ELy+f(r&(slT8v{xOFrg+0$-;kN;7PLtMr0En4yBJ@N(CZmd4hH1lO z{v^?7@&dpwfOTg4iK^>=7pW47lPQT}6 zoLWkPpo!i$G3zw=d?#x%9f_afbU6;sUi1q@#rJK(6{MBqL1%i%-`(-y!~I@@zZH_a zKNvrc?P2FGUFklagMXR02|19JC8x-j7LlndrBexX%UN0&o1+7#w1#fu@TKupoD~pk zn(i|72wP8;%|uI}FAxm`&)?iiJB7_;5fz2l0ZF3xpta0=pu5YocT6$KP5hEkPK`%J zS7mJkia4V$?RAMHkXF#EW7#e{&50;Z2oCdeVL~2CHJ?;Y@l4U#+8C(2rW1G#ghdDs zj(uF;N#X?I8_UGsP$7cMBq@x#k!3%GT)J4|&zc@gI8PWbNo97NCQZ-Dwx(0PFVb;7 ze^hp!F3!%Wv8G$LV61OHT3`;CF3xBRK1bnC!KMnf9F7!=E*hT2XHz%Ng0o?0zJe)M z8>pCR%$P;}oWuUpA;L_-6}|D!&BNta3IO}bUH`?Shh4bff?V+EZX$c*h9`e|U$uEy z&x8N$OawhU^IV?y_Zf$985VM*CvHS77z+<^-O_}A&@Ol&xl?%q8?Q;1I=UL+0uD`@ zrS-Z(Xh5_kW#k5$HuSP!X=47NHHqCq<*BQQ-GRc(5UP{0;?3ZKTeO1H7|0V;eac8} zg|FxqoRj7m@YrZ<%vl>qB+xMTbeU{jzhcI%@5tum&1Z z6|Xk|Ci15FA$*%aMnj2_FWisht(&JL@~dm&Af+ioo(c(9IDs^JGP#TTV0j5!T}s(b zsFZKgo}v%fK^NA$gfAaTP??ml&S3fUkHaEXrg0sq$NrhwLEhYFSj?#VSXw?%?0CWz z1&yeoD00OE;&;~@O`zw|${fz~iJ24Yo4oZ90T~Dye)V;gQVT>cy?i-Z6jrdY^gRcCA3<|*B}G&czN5LMqszTzDagXv z!J-^w(fn|u-^Bc|cnXq4VWd12X`EPW$sQD8G#%e@k^mNOV`+AvHzZTK0J3mKw@tnV zrDymLZ7iKOYKmBGD~OKUySldkjepbI0kJOR(R}de1X7Zidb0yG1hd-SHPgw26a^GX zv5ak^(nNukG^-Mus$N<=lJ)+B6l}|~4txAU?E_VKQh0NUSkX{b7Xs1onbW9%)O^Gw zE>lg4?4`uG*0N^8e9Mkmj`-|BMy05dR%#8RWP10GlfupHRiL?757p^e$_G&KBLQL5 zDi$&!=5Xl&CPB_hfJy@<9y3L5=H8|gCnuo;+W2QfOKk#dZ-8!A#6XfrO&hGow(7C< zw3p>$^63fYu$oC`!%A0hSXpH#V)VI@NaF{FqB=S8#f9n6Nr?$JoHlhR=u{}+OoR{I zfmjV3#^;#6QzGy^Yn;030+Lt4GLOVR6F=^7Z#E>&YcgaJY$J+z)L_U`koxaxD-U#- zwYOxs@1z=aK^7?-)psK1Q$kehp^ojylN&uj@A=Y@DN|8$_e^USV?|iYT1R`R0z)@^ zb(Y-3NqW_bOShln#H}zf5YO#{@u|lN^us{+2aks6D-0^^`**3@#VME?$qK7 zYx4~Je|3N?>W{pM_wA$51;w->Qx4FS73noSQy4S?&MdYc=)?Sk>{%1s*Ahd^b&{7J zT7?u53N}paDpSc9t)hbxDWHOdjxN!5ci|J1T59P9E0+&kfmEs%j4x}JVnBim2t-(w z!ZxgE9VUZ>FcEa_<^3=PU`_Pd;>dTbK*a}U1(O7qWI^?lDTFFnBU%F~P=NcF!8)L+ zT&f-&BZ-oxYzZe^QBu?GL{})=MK=wK-%~5z?bF#lyy|s_dnSUUS_OWkK1ebqY2XX; zdi=D}+`#z}$)S6)%eVD3CrRg~39(2PW@z9QR#%0NQfMl;@bdDp4)_ zxE226{YBe9fSDGp7qD8dP?uVz!s3*ASS#XVH}m#ner8~R>ZfYjP1sfr(Rl-80rR_c z##cn_do)P7zPevjg#2$zI}>@R->CJMT)xA2Zj)z%Y{vz~&UvZ<0XGB%Z}Up_H)>ZT z0k7k~hh&l4nIBhkKW2*n#^cR`qNH-$ZV62kWp6BVze^t~w*EYB$SJ{zwQb2g6tE2P zSUld+(Zg43UdSpx909J>+II7Dk#dSN+@O&czinL)Z{4JpFMIH0dbP!!T@5e$!kv16 zXWh68HOb6TfF6V$QPSH*RA0NxCeR)&%JkAgyttLG%yKGAeG?2oJDPo{M;y zM`ysW4nDL3Mt8u$e6Sw=ku`e{CLWqh|=HUsiDS&k5e!by&evwp54?TO`?BHLehQQ3EClj(O(lV z$I(f$K`KhjaS{=i8OK7p01?tP<%YqV`Bb(%lfp_8;vuwmi%&pf&2dfnAPxB(a_;aS zqD&)7=}rN8k~}3~t?~|IE03EXOVmJ^QVt2H!p{wuG1B1pAwKN|qecqKXCcvag7sVt zrLY4Kmu6<qNfsYL{cFwE;(f}T@uf#!!>bd;=!6GZG_9ZBZSNP6BH+_u>$2WNuy=T>wJ~5 zk`mLKzOd6F``C7QMX^ofEX8dm!d}!N%6Zdzp@cQ{qK)q^*RYH|DY8? zf#z{>NwrmBo@a^Da2hKlxxlIhE?+nnz(KO7yVs$$e4FtL#yIIqYz8J4#C$6CJ7^!J z0f9T^(*+CM*)!-^A-c@{bkk1ON7EU1lo!{-TjLQw%5;&;x-opbuQg8G?SYTAX&WX20J!A4Gpjs&};HC?^ctP5TQT6Eu`>)2((q%BZ0B3{QWPp zFrCLrnObP$V`BU0Q2kEFb~j$^t^g5ImhX0#w+{@eor;pZEj>e})PYrl1^mg!^txhb zz4b)V!i)M3kSU<=%i2K~!PLh=$*Kh^gR7{Q%T1i>%Nd6;$!h82r)*&G681*jJGYhk zc9XWp!6a1{t8_Q}s%!0&>8a7$sUMZw1O2L|`JeX~EyL|&Q8PmIw*4qxGp;Vsnl?jD zth%CJNiwpVkPS1RiFJz9SkAEu(Dw0z+}KV1BpH%~-H}uEr)Og(GUDHQ;nAq5Cg}@* zyS{z5EBLpGBn7EjBonc^DqdzRrnRsd9c|Noum|AI)5-F!T0OS1Ko4ACFvoVc7DE2VWK*yP2#y8z8n@ zo>kb<960L6>&||wY(oFlh;=KAQ%3H|6k=ojW*^o8xv4q10Uojv0sD4788>MmFe&m@ zH|<3&IM@N+K1V0Lg#lMT&4Qe-awco<dC&3tLc6UJ@o zA{`gRLRWakvJ6!&%d;9x|wsKOImMN$c8SCn_m2rUq_r%0ZzJZzMV(D%u>2! zn6!oYJJJ(d)A|gcSa7O}+U{_QV@EwOgY4?yM%ov`QIr1-1;v@%Xen!i$a8>i=5eCq z4rsd$PKqFPRM4&|!1NSMPIIsz{>}ENvr=(Sw??`4`0Dr<(rYohS3l`$P2TxEk47975sN*_ zO*ppufuY*4j^Y@d{V}a@F`Hm!*I~LG{cK30?PfkN|Bb z>$c>JdyoN}qlL!593Jln0RDRH^@bX{&oya<@e@L`$pRo61a_z)4i;VYetvP}s!piH zr24Xv3Y-Mt8RSt&Wl_txz3e-2e-c`;`sx8mD@}HsP&e2H1WAjOyxKA#fd5c`AOFqX zs#9U(GnM{8(dlT%-A}2d=SX2ucdF3f7yf^?tVl44mU^H807lFJ09gJ%-p>A)#q@ty zHfhIhb|Cud8~g%yTC1=jaLUe=;(&x1-?C|EZMRXEdPoGQrC4Z3lXMU@r&VP0IJA0i^3MVrU8zaWyu1dl4442Iix#IE%l6K~l8huyP& z|5HXo68bm7K;l?A8#{&Kd?LGkJ)^w4F%UqT2vEc131Yur&cdxv=`P-*-}zh6|1F8` z$kxB28^B%++@qbtBSUk%*_(pQ6IHk?JKoq4iW=yX z($>dLjr8M@F=IZOA7^2E@Bmnad*~019KSk9*#*q?4*d%{bTzoyLFT`A%h1=fj(unK z<@t4LgA^<69Ep&Bh^@U!__0NTEx-?ahRmR{g*^ou_-eLY<~aie)35M)jv>ruy^-My z_Zxwu-<6-Hk!y#udLrMP&M2FN*H~Z2h86uc2Iy{f5m}(tXZkVO$M^3I8rUK2i{8CQ zxf6eZ~5Q;Es_;uEOP)1mlikSA#oZ0Cf=QuLo}WP)8|5fA7Z z3S`{HKR>|F2ZI>$*)tSvK^uxeEu5(o&dEhSPR{pj!Ao9qQquU0j&HUnG+VZL_R>8~ zP(ByAPbh*UIY0t}@nIW|rw4a|3pn$-?z=hXNF1aHo>=VUg(WSJjlXla}Kxvev-a ztO<5K5oy5^#cVnqI;T%JV#3G?RUIgzgGP`pFdujDMmMlQ%Mimk1SalqHi2oJfB3;22Z41 z6Z}$KtKQeZnKDKFpOo;_INtIStg%&b_Ae0NYzFl6^9V|JL#yiBK2 zecXua1%yH2cu=_;C}ADL6cUN~f(+^i#@c=iGa~t0i@#AyW!ZGmCqjIpOFRW*RuM`H zX{@+|Y5vs~YT1u%|53H8^$!?W9s7_&2RZU6v3E`*PeWqZd~#G41PYWMEzaEo$AH)* z!~MawaN#3%HleKr>8yd6D=E1&a!A4chCu+Sf-NG-ItJ$io_9s!z~JB`YhrF9-Cu@c zs76Kx$mTU4PpqKt?6F}ykoi?R3UC)CjPdiS)F7YWJ`qwSbT9Y%PO_)AOD@NSrYg%` zWI%t1w(gh5XsqDlXIog)i_W|Nidh-H1x@J%JU*8i6-zyb`X7Nq)zvg zW=HgwZ^s(#q%2@^1RpwtC)+`A9xuaQPrAkHM0oUAtZ(m_jgK3L;fm(duh6)I{X)mU zM(IduxII53fq*uviU=mcpXuXeg@b~uTQCJ|v?1D%288#N?x432W6|pf^FRJ}IyqJP zSs^PUsaM(e9JmAO z)h7g-OOf`uwhiXUu}eVlfdxkttKtF;R_DNZ51~vS1hC-8^WLDJHr0c|B;sCZoSB{N zk)%{_-<)emLel>IgtLt;ycrM$Jx7VrS&J-$D}>KgW9JvVeKD49NLiag`;2q1YJqsa zx;YP8)ES$p4uf_JAmfFY;SrFvMBXFNTqY$%G*hGjTcl9-Y_r<3Q67xtZyhADnIvcW zo#AktVLG3eK%*zRV()nxP^+L0oiZMZy&6VPKg@P3JVJJyT6yNa_h7{d&J`E~nI$nd zP1t#&lRx?^H-WnOn;JH%D{t(ylplATA-J3b7#5`JxzK=l>RKVAaDmb0D~!WbD@!Zfh*~YrJ@4Ku zWT~!~vaovMH!tCdgz5CwRTG&9OW>!PYsmNiEswLpm844d@b+*x|yapYIDV_4gL73uL{8 ze~y#b&(P=)iST{Y(*770Be5iQ3fnb9Ne1b0L8x!=NdH)aQBy{uAhC|CC!<7)U8NfV zXS}W?*eE>RHMr`wtp!8`YU#1=TS-@pNHk;!Xhv$$ttw~&Iyef8+~RZpu~~^=1}*q3EKZ zDCM2M40sP9mJgt9X*L!l=R&bgdze6`(6>Zr>)SPimDE|%=rOpxJfLmLN?v^9EeLs`Kol`( zzOYo+@z-P1KiBap7=Y_|odgk`@pea}2nwr42--fpb=BA7~w|Y+Sxpd zrLMcximi)OGOIf6b?wu^VZn8f?^~gmr!R9nKXt#40=%{B{Gq`2zJC>G2dvIu{Dg zo!ME|bXUaPH$Xs&8tCJ{Aye<`KSf0n3a(T(a|JA6_y!ETE>k}ukOO>Q)qpsrcnET| zJeys3@Vvg1d8B8t? zp@Mz>DN6G(98&-ns>(*bs*JpYq4ZUc;mS+PwfyiBDPCD|^+Rx>GtWc!hpyP>sPHm@O*`6?S4WC)as0-(A@N=^2bf&>8|;1!n7gt=KCSPe|$8*ZEp8{ z^xmlF^f5M|Rz1tF38XnU!djK!>=dQw?-!q(AQ#m8%$_TlEUEOhp`bZW@jX?^I{r+y%S|fKJiV&! zw?dye(vym=I$?L~#m7v9YG3&q)o-o+z3@F?ce9f>RsO^6NvU6L?#mbc|EvdU{@pe7 z!vFxlTK>Ndul*0T#(&iV!uED9PWCo7rcVE@GWf^)+vGs{&zT2{Kxd$#n-_=NfawCe zESpAka=|0pdWi^btpZ~`(|Kwok9NJE&uInwCXw-m%chx?K(=O4Ck`yWM={0o5=ln%|?9%rVvRiD;X zWaKm)5#{_lAGDUItfSYz)Jz6QeljI|s!`qs`5=ODW0y0#+`nV#@=YkILKJ(KGCnmM z=qk~WUoe_^V>QPcGr@;v^BgdCiLqmJ>$c#1#^~nLo`bX7yCCpW&?(`Y;>I^#9nH(m zF$gWeC!82*^Kb3ktR*b)JPl1NelbT1sPPX>E2ST}WB}6LM z7!pO*{q+Q&N^X-tQ(?+#NS3(}XE?<64m;fZ1f~8U%7j)^Vbnq*EbpA5pY%asc<<{& zPxK}r)L#I*l4&|%VFx;+{j~6+41!y@K*lv3&+mSkooi`*g|H9UDW+y6fr$fEv0|@focuDHnj^W0GLCiOZ%(eaCU|#j>{;05Qkt@Y<{{@2`6KTse&XVEDrEHJY2RgteMzv5q(J>d)59vJ5G>eN=p1cgm z9FByHgT*m-6Oa=JsnVSk;OQq3+#S4WSNQ~)(nO*%WihO;1M&@8(?|P28mTW&bQVj+ z{H#~Y?aYreD&hiN=kmc4;2HRH>Eg955sheI5TlYn{q+XPD>yN)z_S4NoNye#4Kk^z zp%^{n)Q>$qv-#ZB(h_KbrX1CEdKi_0%-jwzymu#7{w7s~vHF01RYG%)aRT!mMoq%;Dq z+~mVd@NZ$@Wh~F#P<9s|_EVOc$B>ufVi&W7JGHm8-zog*;Jeo*L`?(DKG6!89+THY z-@@xsm&HCbovz~UYR5Tq?4k;VPK_P}0B0K??|CNie9LSSd4FVHYW(ToZ{7%y54Cxy z`y`3&W+*fqG~u9-|AT!;e;fQZ(C@`%+-uaEEQ(eB%Rltm_`~5S1|TTR(^{BVPeY?nvwFAFzU>P6JuVlZEV;eZQrb}yeLKv;14eGjzGhgh$bD{q^TiLG?Z zuQTawCc+Sar*$m~)C{)LlMD;<&gJnX$hr}N2g<2fnVoCLA>@26<^5`<9Vn&D_m%V^ zOZ-5p9|vYFqk8d$SfK|oI`v+uvW_?MMSs8~`zUMp2Vy-!@cpLvu{f(St0EaUFyfy0 zBzY%lWtzcRx(qLvCLb4PctbdkPd_n(~TOp9Ic|^6<#3W7DLK%uX!b z1c6{&dE};;Bw_2ReG}twk=34>rIO(*+m{11Tob)Q*axuiLm4Sn(+JLYQ4w zV}yz4(-X~BSg50P-Q>4GN6(E~u8{ds==nF|T%kOjM~EJ}Mfe&cj1B)aod)81G*VK# zD8YAH;+r%d+Qc9D6C~#FED&86tp?F+YJPZJFthnm+n5t8yiE*S%)2iKR-vAFTZx{N~3+js0qXV-{P!}@`!Fd6bG!zm@usq7JB^~{<+`J^&uU-L(%S}bPt;tM98m6~a z0DWvzoq)?zR$#N`n%4q|4)stoFs|nDBVElYx#g~?SQ=x0cRdp7c z8D)>dHW?>*rCF-WBj=GG3VNn7#^GgsVVuKP#r90gEqL^)M(bn0D9hj|Ay-C!y5RmC9K`L*w@dj)%x6X`*Z_aMRTJbV0A=K0dT)3h@J zmRHpfZaFEHu&Wy23;Ygyqz?NYq9|(LAn8qJyO$;HgdVYH2K;0WSxKZ`NxTugav~xIzTFv1TiV z-MPJXy&9}*op15J=0Lxud6OjXq0xbS#lm$={LI+#^cP+}=7#|i*iPNMyV5Ptg^n%C<5LNhG0~PRq^~4OCgExg4Y{ymxy$ zx*`zWB&G9vSf|JX6a#_b-+*2wHUtW(?{r}Wy~@=EW!CSX4Qt#4Ke!Crf(iXLdW zt|uEgZzA(;K;}mTwo3y&9p}BNF{=RcA4vG3XJ7^Isk8Jxax_;ko)PC~*3cNjuc*~@ zXB=?LZ-YS2t;aqYPb*?u>E2pSEhR?TvL(DM3-W zz*?8tE0>1bgu3;fA<9iJ8sL4}ad63gO3#<#tIw)>#B-^aCp~SZWnWjY4+E2lkDN5x z9>lCwJ@E-pT?g*z(G3;VCq4$)s!4aOvdtqmOPX9KlE@lBkIgmfG!r;V&;UiM?;#gb zK9KNt30Yr`o&sRTeasO;HymX~BJKG0Nuh{8As|b$gM64`>GnzSmkn~ZfA)jj2JhI$E21^F^Z8}SKa zC7I-2qN11#{0B-USfLXZbs|tpyNSDM?}~52Ehb2S1sr{A&y?Uo#sxS&s$#lMt8mLN z*GF>PB>h><;$h-?ycZWbgLzqmqG)V)Aoe+#0Q_0#AusLODcG;4t*yV@CH=6G_>ahp zRPKQs9;>7%Nnzoz8!ZSyYR4lUD)SxOv8HN6IhMZ&F%*0O_Wb^S-tel40ra5HQ_2rQ zbeH4Og9EGU(5Al$xrA2Uz83L5<6_v#(Ku7^oy_Z7+f{WWy3=4Y6*OMOozauF7c@3) znbDca>$7HuB_V2;|7>1dXG&NH@ zfN8%GC0_vbIt!uTr=%6h!8dkSTbZVCe*)g*@EX}PJ$3AFSMI7x)&Y3@ zC(6z5RKV&tQtYKS6yWpsKeFKrKdTo--~a&6EdSqZ`2S;bBy3`8;B4h2Z{X){e;%(M1Vv zIzOK`#FH(=lnF}f{Sk;^f%2oCd~T(0ft~UhGugb4CEDcEUdK;EX)f(()W}LPSi$*4 zlG%f?Y{fd&Bv>LDE!F;;-N;s7vJAY}kUkQ{xKODd@kO)%_vfA^W`TW1UgEXQ&%pIn zGoyonbBQ}$+Z^2N-2XfQ#`!+Hsz2@MVu0R<(-iIkRhKoj>m=7q693XY0~39^^8eC3 zwRyAKiTik~+dg_z{_451UF37Xa^+M6qreFCcnH|I+;L75AY`SZ+duarT|ztdCF60F zUumKKr4;YclA!vt<3^|9k5)47xQ%WEL0|@l zIScqj3y{lS_R?rUpILF=G13C1bek!75VG?(Ow~fqU;9F9xgtcPXpf=5_9Dexg#veV zy)EVeyMXNMEiAe2+HEqot!? z2@?IMXXJEa7;c1*Kre93k8r6kP5uX>S!so4z^q7QCijU0rI~{w;sixQLz+B-E(g|s zQrNA?@z4w{5bYr}*EkPT50nUlq@0mQV(gW`7NE;UQ~AYV-u%MoF7oQ))%FucfFGdP z5ACIeU^%(x9O?yijcK;!n9n{4snwPdA!~?W$P>I0O$qeuXp;DETORx@Bm<^O0bY*5 zNVPG9IhHKPu!!8px-=v3^AOYfyhTWk49Oc4K}5m|;;t@FIenQbbO-4&@c+++^7n@L@Sane0~4 z<8rb@As#X)rYJS0HEP)M;p^f|8{ilfYw(;IGt%60&0A#AqZX0m(au;FBaLpNfjDEV ziHR~mJ!!t=2p7J^M--_=@ESOrg<_FDv+T<;T14ox1d?;Y z0oFY;g8dT9leQ^n@NYb!MQ~4J+*Xsta(F069y1;&j{4A!MybU=zLE^$=sXA`ly(oX zOQ1c%S4A@Y8FD?nusz+?{3TXJ$YOjd%DD{yy%J`R%!#ZwpKJ|}ZFw~2?XoQl zpS$qoi;@L)2{qw;Mg2onVWlF8L8IwK(A6+y7w!GM8zIQq%t_}Z3i7nOyhsrd%a2O* zKg!4WYKZKV`N990v68!}kEDwL*T!e@ShnhyBwFYRf3>cTNtI4_e1iwkQa` z5qwpckTGb+*f|!{GGt_%6wcY?wb;=pdR%vyF~-r1h4@X0iZ)x!PxLs7khjHq`KDNjY3iN0vf7{~XG^ zM@=vITtlgya083B+zkJie3b9QVey=MklS5)V|(7x^~Pb%q0#KXg0IZ475SaEM+U@H`1UgM{ zwO)64?o+mi_|ep`_#;t!f-=Au@%?RI%`$ zOsh;5*{AP#SBZ*SG^x5XvDd2BMsvk|5M4x`vhxJ%^3fuD3Yf@14tQuITmt>OZN)<{49S&kc38Pk`#@8NBR z^Ch5m6nv@-xoDAnhO+v~58DmU)>RU_LYSbf3Sr6Jh;T>SnTPQwHsEi_WO#BJN^0@J zOfiEl&EE54A(puiX{Vt(NBrN2!@soSukUQmnUz6GM)C(6-YH|<6;f(3^Oh}A{X?=VnQBZ?7Ua`3G~xq@#^WGrz}~`0FI9MDTkb1u}Nc9 z)-8{DwyaJ79ABwzr<7R9Kqs#CyBSrNk*pIcWZ_(>DAJHR`N}E<{AA(o+lbEMYI4BN z7@w^7gqS?gS_hNvU~6P~lx+rAnOWwiO&cwmV!o=~v*8gn{E!zW8WFN5uzNn@$FpF#QO?-y0GORq4QNcj`bJB80)Q__gu zj?$o(=+-Z{GfNIqtO9L9r4{g=ouL>%6fZ+Cc|UvU1sAbMBAzEX>~WrzvC>n+KSPpG z%me!Y&Z7!WRrF6Zb%eAfinP0(7dNzForj@il&3_0vi*N z)^bB*L#DeDJzt{QIYw(d88<>05^Mo*>Y7`a=)kWoTvixo*m7pu<_f0-J0?<64xo=n z-pr;b0)m{xrLd#|Js!?cbl_*o$dHb)xA{pCCrNw_cz)?)N?|dThUckh(vhu8*efDP z^W|8{sPKev>dRZ)iKi7d8`PE8^)HbBT3{-cDX(?pL%$$%7#JdaP%^Bj5U0|%m`f8k z`{T%;i2Q-Va)&U&v7Pg*i>k;Vby~TG=-Ggv%SgErgUDcIj*=`hBye~xspu!R9yL|2 z^BbR9Q4|*Z7_A3h5is_@Yix%Cd5O}B)MTQrW(~>L&mmD@xS6K8Uu|rpnnkM|5+sQ= zI+JG&+4*PgZ=!&Ak8hByxvVyLcg|tunl$+bGsjOy`ir#dKoX20TWUyusBj2(3o}6&N@JW&GDa!6=Kh6-0Z5AOCC;QuB z^=eUsS}A#9>*yFq;x&e}LaG?yu5;dxQz+(iAO;K%cQ4CFd~G59$qMwN6VGxuOv4Un z1n|fm$vH7%0MIXO8p}B_6_=0#Dc5oN-z4WKt$?l%&Lc$-_d%v$K;WCWHc>*|tIgJDGox|F88%ox zMKK_SSK=LaY)kgm#W#Kt9<>YKPKbV1P=q`wO@Uy(lodVxfi?Vcd27$&Axen>r_yb) zt+8x^V-^}WNE1GrH%J{GmWiRn#ZK4TKeR%>GCU|yCTA)wEJR;Pgg{G-+)oO#jEZeo)uEQyY{)^?gKY$t-Z@~iC6ws}hg{!K+D%jB*wrC-P4PJ#lSDoNTo4nD?+Tz{qtkbp12yglghiK;&F&KYLWMss^rO2rb~lEC;Y+u30K$@?!ng z!BD;P&((WyGEMJP_)a0L)SSuXejXjdy(ADbpKgRFcp1-^;Cx7#2?}TNXRN72&?f5`X2sBR| zPPG6ZZtQ&cd-b5pS&b@jWQ9%OE7rej+XH?p4UQv)mz}aAo1%|yFvNLH-+X;xtCOQ%V|3sQ`fQnFXuz)X?J{ zSHBykNJCPRKusZ1DNMKV*Na13h^%9TXb5R(`%4(dFWIf-RW;|ooL26X!*zIkmH*n- zjrJVb5fi$p)DI7B{@QuY4}&!wws!bDom6*};we4fx&4asaIy#RfqPra@o{pV;h8MU z%VD`XZNJdaVGmp1UUg*C3~%0+TR%5OLFDqr7T-{nJbLIAKha2E)_Hq9ov26XhCVJ{vdh$h z49mCPiy(H%&(_NzmBf^cXxx@~Rvb;_a3;|hWrVNviGAcfXaw#-`D~4)!+u2u-OowOGCBFq3Q>IlKQCcTw-@S~pNs^*Yc7|bIXg=2*Lv9p8{4^B zT>Y}sK+ zuspZ<+i!ky8fgKZVo~=Akm1f6=h_~uy(BD5^?gY}GD$-azq{%iqH(?8{`9w;h4 z&iba)#xW$W71^*eR*#q9@vtz5qb?AVhrHM(em-e)M(tPZ4huc7ca;tKm@-h?AI{ z1C5=18&|EBI`ZAQn2ImsIRBJkX)5bT9X}_f*Z~)g5AoqO?M@@(Aw3oZF;3zRWY!Ym z^~aPmh;2>*C01VEM}&5N&ZVp*R@_J|@}(bUC^%uqL*50{^RQF0s~^z!X|Hizx|J>t z9a-#Yus=aoeMPd4s5Y+tq~Fgg)&2Uu4mtnLfU>cT1hlrP9JFdH&84g9DJyJ`D5=~} zxE$tKRXYC(0ue)DddXfai;im{DY5R5gLirrNft}Prv}3`;_%R1I;ejN^fuyM)e_2Y z)bQO0VG=H7=7GR`zTFL1>iypzz%tMynk7g1Hs%+x=4+&<-f<3hCc2plgkP}SVg8za zwSp}<5;D2gZQ#LDQk$EU>%CdmjkyUN!9%-wIqAW1%J$I>JDXa&Ya;Ru?iwJ(S6`== z-=4}#OV9^;pRW>}o&3i@1dCeyQaLUo&OO13@}GFwNg)R5gWRfRX9^BN0=1c;j{z5B zy-gED3Oa`VHfTW3deeNK1kl??+HVHd;@wYxA9k z8l6@D$JHfG`4m`f@F}V-gdps4l!5i{NVQxmneV~ay@UmbVp9kmAD1S6K&7@@;)4$@=Ai!hK}lOzqP!qqkc$ zs9pvbK{i0f3jb79ao+d%wC3j{kCC&gB)m{NdKd=GIPZ&B<+R~NO8kddSOKsEEH3gE z7ru-R-1(<+M{93(mHvqZ_Gym+&2BpjLO9C`MAic_6Vb-zmyhYsJQo&liV!s1g-LO~ zFfa?Ox@;48xvF?1?Cb(3rdeIPk`o}4wCjj+ouzn)cImKhJdNR**{!Tk>-ll|6I-PWLFAsO z5)V5bE-4y)^l)j8NWrUO(_G+_U~ccs9b*mfJi_1H)=GSg`8o^Tf%W{+wOlEFD8Z&d z*>t?}3lc1zwG7WU^2CwQ4W`SZrB2;;6S~{QRJa!t)X`78^lxQRUGpM}KYG;4NCFZw z9Raf#!%fxcz-$!P7V2Y{Rz}y4lqfjW?3N@jcfN26mO9xt9rvQfB@1nL(&KnEogcCA zDQd1Q!AD}5Y-M@Mp}Y3P1ZqRHE7TFj_5WgKL$G&|k7Uv<8K88*c~nE#J1LwhZfXoH z)eGbD_0US8pj8p1iwg9>_>RQvxk@74$YP!|nzsf=$s@LjT&k*Sp|~~B9fyahdGa6w$fHF2f2DBv9#^I5UI7-qk-s zA;^s(+j&~=(<@nU07&=zypNBkXe=DubRel(jGf993uob z2WE7SL!q5|JfwEC2R^vc_sODhV5k}_GcNy# z=_Kc>J-&cCB1nMqG?eVL(7)vmx9+ySVJ<0K-Tv9P=Ylryi`EM+11Nfmmr@OrE+Kv% z#`ul%Er}ykSeC1*4T8|`!{dBf@rsMKQzr05pglQgG_ZTt6i+-?_-6ID$jp?0Y(+E} zd|HY(U(!BM45zsmZEWKJ_nXr+zHgKcpGPCT_6c?NA;{;1-q`NPG0aD}B>JgV`{NkR z^Qv!b%cfB>eYfh-lHh7m^VIcg>5Z1UjD-PadLfebpsEHUp|)|hVu9wPe7(V6wc{5^ z$(p0KZGw-*V3+z1EB#l)gm>p7z{0&nXnDpjk!nps9}(xsK>dPcxwJ!K7wakqZkGmv zaWHpuh|)?>C74B{mE`7An3+rZ!La^=MnC=F(dH!O6`rBzU##?r$_{=}2Df=z+~-?b@7>{@WRa~pR=9Tz z;%C*7oS>`?JPd6C?mkYR?kaT?@kf{|>&*1S6Lmi=zKYNr)_p&h5!y<(DQ2J?(nXzK zXl&U6a*fvRB*>}Qz>*=qS3^QmRdQ9;Hi#pVp56(a+8+lcjyo%Jb^4_97ghY8K7mgv zm3eqRmU2@9-u$)S|KK-t$oT5_A_4$-l>E;laZVCQ2p#}K(<89YgtpRB>!D?N?@5Q7vcqm16 z;qPl}WwS9atW7~$%%=Bj&mVPUPuZm#hEx~e&ED{?GM+S9QiA9Lqc>Z<1sm+ponhvZ z%$4&z&tdLY?<3Gu9#rjldR{Z&3uz%vKf(TEa5~)Vj~2A7#oGF28EVVR#Y3@JJZoXu zGnoT5no`W~0;wax->x+2-B0W2!DmncyyOwPuI(ZIpSS-sBh*6)6; z2opR$56lIrSkR+sfmUC;k=nRdf3!qL%>CH=p;jYFpF#tWVcq!b7n{%bu6TyqX$&KV zJ3MJGI-Bf``>?**I538FW$jINoIh^XRV~kN@odDI#*HWdu`*W9s+c}DKY{K7F98Mn zsA`6uE<5WXnYrd@ z_AJF9t@1D1Jb(G9oVqvTi_hDEz$S9Ea2OkgC9}6q5xn-p>eb|NfACOo)ROw zKTEhmzp`h}QcD5u;M0c(tuZ^zvFGTb_!AnSU_z)d*XSV?CU&eahPKk1z?cqFjS45% zgH5_iKG&cwZi!zRI;*VAM#5~T+q<+;o>FWxFBFm7yqBIuh1LafL?T2OC9N6~Hc{!1 z#hbT{4D6~-fww!iI2(FrF1@X%b@-+TNO+?u$}rp{QQ+7tZI}7395B~Kj(BA8OrVw6 z&?Y~^FVG$Aj-R(7czu|3!AB>r0{cMnC0@m?H+Cgi2=NrmfUngywjT57M-FH0T1-ZTpdx+YIcWc+&z8bn@Pc?mCr^zp4 zvs|6;loEbUj5vCJ_2W%qE)z>gPk*whnC;m?v5TP1(=_YPV5ZiS61Z8?z5@5-9?~AM z<%uTGjqr?v(D=GNKs8YXx;h`NPS@qKWkavNo+=jWp;UK)3q>p^m@4*`+{^czki+X8 zo2MKU&+`2M=}*~>d-yV`0_})P~sH?n9D<9EF@zXvt=MT zA0};1PqSxc9#`(@W@f8TT~1S1CikH`S-kGQh9kFAZ)S$+Tm&XrF3hT&OI?tE**RM~ znX@-_F1IF}WbwCak(W!$%pRg{<7G^~U24u$u~3)1D7rN`9z8E$n;S_ghe{9orBFkV zg(0rmCsr&V@}=R?h&Nx|vUr~h5S$l>xyqo<##sOUL8lVWsvXJ8hp7F=Y&Zw$y`R_; zRp5~);tn+oKO&;bR*Jv2<fql@oI`b z(IuCo(*O(rLsqp+zJahnoi9jpsL&q|hU<~tJ3PJymSTO~^uTMaL5iOtP;1n4IL zY+EqcqNN6}v55xlvt+|*FL|g4rB0VwoR^Bigc|URZI^DL#DDTfR|q&!xzHoz6M{WS z5c-QB2nNP{>EZoYUh%J5lhΝuS`DhaUn=d+IozDeK8%)F4CaN)!R+a0QDC(Wmk< zrh9Ly6WgRQ$~$6wHj-IF*DdOy77I{WPG*nj3(pf_X{bL-aylhO4etQ66+$g%RWvgNukjT<9sZOK()7A(5%q|plD45}XLyDleb z`dzf4%ooo->Rp|qSBy3(gsToDG{mF8g&|^AG5x#At+Ac=OEzJ?S$EMf1|zvjVTK%< zpQrjK5}X*nYo%XpvmaX&+FLbA2Yl6-ZrXL56K(VAU{>1-vr0G!S=ICZZzurPpGr0^zEUoCf1B{WSX~ zK#4^SltqQ1jyy3HLr9Ry0n3&ZYa&RRmWqT#PHvWS@-;O5Dp&H4a@l4(j_v~c_M?W> z_JfLn?#%V1aRlmOS9*D5^<<;;Oa7@5uU2VbI!-^$ho0fM=V_!$(p-%TS#W!06GXBN z>kU7JRpyJZY#|ZG3xLSoN_2v>PjGcnzFGliBLMXQE)1FrLOAKteMk-w>+=Inq-5v# zT6Uo9i-ask&Yp|0nQ(sRHZMZw8bjCP986x~oTvjb))>DO;U^HM zoxRXPwf2O0MHw9fEKUJ~;9y+v5Eg35Y(4N19Dk_HR`h^6y!JbDMA!)+wIYu*`D*A2 zU`#g^|1PE*?`}ls!Yh#12gpaktyhJ(b}0X9VjvK&;~SVYn(5%o<%fdZFxzyx4W~r8 z^Z=+O;}8SWvg%-k>O5ET=6GN!hb2*yT;Cyy)>FtR)FpwFZ36SXn$K$B0*8 zN?n1usc49)&XtSG6S>tg=SxfajQs!&5`;jiSFoC%3k9P( zcu9fr5kdhFR5H?DE^ilr7#&-BZ#>TosU`e=i~#UBm7B6Y_z^|Q?_-v%DVs&Mb16QJ zJ|;@G?>0VxtUD8%?^NkzpWlvKOrPH@TiQOn&wy9YbO=FBi@hbrM~5))6n4%3iqiR0 z=_=&81?;xwG4z;#be*R7OZ7F!(B#1!qV=cpaWChVF2X7Y-H0(x`T7C^T6otC`gURT zHLGhp`6Y9!%LyDemu&Hqd7P<;4-)gkUt#PJ2FSdcq!eO;d_be4+Jq45q3A*pPZdvE zp&LXYFV)h;p+OSFEAJV^HQNc6g!~`ZRC?D(7Jv+7u-QCToq&h`B4j}&KPXKJ+cc~7y z#3SOK|HK!K6?lpxcUW}A7j4wMfh9&q2#;B_sGGQkBWndAEM?jhUBpeWXKmOGNi&1h z90R8;04;rI`74J{#CsPKP-aBk)A+F781)0MN93fqT(~-n4FGRq6n|biMX=kR%pU(3 zteBk5j-0++RrZM9G~J%Md^Ce>HGq5awGOW~;F`$Z8O9cf>#Q+P#BJ9x(n;?jy>Chb z`1%SCQK7XXGXX6_I0m3Bw<6bKN>e;e2rO#>D{Z8qY|=Vvm253=XhAVCgNNm0S>Eulc&5`=s6Tx6Z@foJ2yvRKF*g>= zAAQvDgkf6!ZiGDZ1(9Av$Ds&S0yxQ|p}ThIXbzzn0ym;=G11Ft0w%lkG~*{RRR4YO z3H?Cocu~Umds8|zQ`W3E@lUA;JxzU!(ez4CnWZ8*HH!cx!I?PI82+es5=bf6tP1s5 zb=vJMu<5WH)Y?ERKz5~0sTCVKFSkk|@ouWve9X+)0vYznZee_-1<}hPei0PpN0?X7 ztc_1iFww1c2o6Z#qToE&9GPzA}or*2^)4#52>u?hc4s)qPK3byB1A=TZiQ{*Fola^ zem|=-r|bjM;$Jj&IitSDi5xD9@nAV5$P@MX@RF zfdL!=cKDud9H^3zzog+RpQu8<4G1dM_U((MoSeC-HVGqfY%RU=KHM{?9Wy+5Ii2Z8 zNXFr}i#Ia~DA`wPl7$2w$IrSu8kOv-7Jbe7Sd)g8+o0Oss7rpIt`J9x_npAW#?wl! z`z=RRi@;;-$4Fx7!{I&}Wiu=mfpMLqXAi`SuYRjpmsb8Ya4NrLZ97+eE10XjYT9%% zELk3RL2=R02br8fEEU|enomuY6n~1r!0SPIml_p z(Ns#(_-Ni)J@pT1;Uv#tqfp7b`wy`Wx(Pwm49;^6QfxTIEy{b4EChbb?M1+{sJzV| z3*n$Y6arBrHq=JLF<9%VU89Ww5JzaS%1bs+R8ae1Pys$YgQGBO2?Q8J!2gJ0@&~#3 zjp+r`P)3%9c`d4O_;^`{;JZ38eg^q}nk`PwYtJY!o*<=ky?2hUUrpT8+y=ey0GT?j zSoTrR4FX6%NB^}(O>vm@Hx^X6CsqU-3p=sBD>ja*niNvu-m4GDi)wxJ29j~aVgb!K zp{epOxd}rHpPE~;BaNhFYU25g5o}bcIXQ}vY%y3^ROwnqv;d@UO1<-tA~xZ+@bhs+ zmY*rr6Zd2L*fSbK1kfESg4TOPOG)Bv)^P=OU-XL3 ziS_ye#P!|oCt28YOWwg~S@R4S9kB4M)G{%Ag99207GaEyzVZjEvI-tYpq#|ia|p%( zs2w( zvW*JN5M77{LTsAa6GqHL)q!lRQE-W3_CfjFnr3c%uHueNC|N$JC{bq6SQ{8ZE56(} zHD0Vy_7}aRr+}|i1>=3CVK4Z%Y{i>cCTh#eCM){4N%dGfnpm4n4=f^R*YgOt;id%eHQ^OxnTxBx!1lnh2+ipI#2!(v%8~;xN!o<`uXyUdN ziN7*WVF-JmF`_y3o%T36N#$D^rxodJH96e!-tHW9-Y;7$9!bR?@|hla`<|sz7y9fw z!(Z_KI};ADpi~_54=}vU2?!wcKQyh#7}yw?{e%0MIJj6CnFtse**e=e{WlW}kEP=# zYs)TE;;)}Q50z(4`G`yg?@fo&aKqx323O9Q1+NpAPDX&W4Y^`!(Utk;*XuB#I3zJ3 zJV1FUPR_av4I(=L>QihX18$HFz1&w3UxrL6gKPrR zgYPRC+ye7UttrLMrA`!>YdoJ%?%V#fJ@U>zdv}!RTIR5uFjO!b-q+I$q22c#qOYVU zc-iXa@Ar9PshkTE-An0t?BNhs$uk%0$ng1aoA! z$a&-ZzsB%fut6p^VjQekJFinuw>|fHYH828IW>l!`$G6{2S)Uqu0pxF&pEky64|}n zab`QED4$__!HDlL*w5W3J?hP@xtZ?Bf+S|P3^1Py?Y46o!ru{g>G_@mU4bX|KXnY=i${BgWN?@4Se)h1C*?lQhsXN?h(xS_Jf& z-kEH&_!vjDxWUBZzj3MS@sKI~NV&w$`CSm{*GBUfN8#RBWQl{Ki8w%y;3;~n z0%pE_kT&y(TZH&FM?{T+N8~(yjLrv9#|N8&E~NWeNzst8)d@v3_z+?DuT9{gYe9Rd`W~ZqLjYeJ>Gg4*kqEVExiNw2g1c_s^Bp)81uJ$av#^ER&Vu2|(yWPkP1*4tRw?btVc zH?JcR156Tx&%{!~YThW)Az>uooDl_hc*BJYv%8ZvHH$0u5hFs+qR{aM28Mek8-o)J zkQTnQ;vxo4aI``a(gIQN`{_RsUxRXe3CQD%STm%F@1BBbI|32_s6L^CT)1Q7Ka+oT z+aw(DhKYRc$X!a_}YgL zw;VZm`3g+noJb+}h@EPI3Vc%H!kx<1Y(vT*it6JX&%7?Z9M7}}y(Sx&=IcRJiXXtPQW{pdds^Hb-Gi#eVrkf9Ux#sd5^Te4cdEd?umM9X~QC6^(w z5gL$$wC{F6l_-qi{;tl70!NQ;5hT8!HqL_k;`;0ez}`=!Cc~w8G!=D*vzFuls$Yl{ zDwpO3xnPl0?T$@z$})3g^dl0P+=w@u8Ba6NA-QXUJT?pE)D(dRR}3vCUmRHz1HGXLc-P*B!ZLt7|t{+PK^pfL&n`kL{)IQDX9x5x1qCnTJ^CVb~^Cp!YsMk?5%WO_QIB)52g>`u$D5(0;nxuw#{E?8;O!)}bC|nJ4msFP<2y)9P z0|2=ck=AyFK}di=&^XhMN0BJsoAvx0Fl_yCLI@8WN$kfMWhv&R=CQ_gUeBhR7I0RH zTczl&*!SjXuG04g1Y(*&BTz>=gwAZ)^BjkdTFW_bgV(0RY3LF3ol|t28W3fyRM5oz zWtHjD5L8{EetPm0X#qerAgBPK8d#}ZVSi^PS<^>+ghbe^_d(G@S?`lFi;APc?^JJN z7R>qBO5)CvXU>NXEddlrQeP2=tiaVI6hlR!D{ROQ2U)Iw1QyMMWT+4Y;m-s(xTwTs zW&)H6nWkq(Z~N1K5h@F#*;ucH91TX-Uw1L@h%1EzC60p!U`;Z@x8nk*WBQdkD=qFyRQdtWL-t(wXZoHvbSj1+yJf!Q<`!aQy2 z{s}F07xkHR=21ZH03FP3`jZ%i{LFr=IIQhy<6Z|~%wzOxv3e2u%SLQ2!zkTsdIjo4 zS}Yn?tF5S+G5{S-^ZdKHbpBzd7RaOwwo~wm*ryj$ zB*3$z*n0Xca_GCMr>Hkn{_zueOYdhXOK=I{Y~*9R&XW`K^!6{wM*{K5djZ&qk_2Ei zbY-{VtO4N?KpaN_P?_8=!0BUwumL)?UAhB*@l>IYjVO*OgL%5JE57~vVMD09gK^L? za)`hu`ZX{#eAQprGu`VGwGB@tZT(2_kDFijQA3&ac=E^F%~SS3NP^_PEq9G5PWW?+ z1l<7E-6SL33h%=X;4+T9g+`b@c9IM(u#_h z?Y)W@;W*Sdm}u2W4R}PBmq2kVEWfmkS&-Zu;A7DD|N)0=&xb9 zhwo<;G3R*1r)4!dZ;k?tW~A_Os?weBk@(#K%njr&V8HpQxW{3-ReF#s36Wl=JV2`~ z1e2T_PZuuB>&%IKj^tdb;weBaSTPtaQea?$f6kJQhZSHkh?>t z9PhT^VKY4x&=H@fVMqMC^2kLI?&%GK4%s#9$>ImL;Nccu56Hu72!b@}DS`*Zgh=-W z&v?1tj|?=PO2dN^=8e4_gjjt@({eIBT7_B14&D7Z&!EVD(xfM4c}@4)l^#~zO34xp z29`y3bR8Z$h*zbb=4LBsxybk<0JYSgM1A;8snUQK-}j@cz`}$nMU%oQlNFm%bC3QI z#^&T>!EG;Hn{fmfhYbTRgb;-5i758>O!vfDO7f{N4!Q3wk%$C=Ld?b>+{-9My(Bcw z>-WYVnO~qkZ!sl5hEQfY(V{zb2l<43BXjj0yirQhGw9-T58x^twse->%>Bf)CBLX4 z`-O*d&RY$@npuA&aTXD$i@HQ1Ek)#iZznX1sQel8H3Phwyueak!B`{(Q5?ZIP+R+( zw=mLRd?E;(pnRgKt-)sA;*3CWSxv#qo2i`$G{FPnY@|KWZevuz-`!Bpz1}$|e;g!4 zgPD=3cWpHpkC3n1qfx1g8vMpuo?`MnKR*%Bks+xes(~uPR9N-|uqr8$@tj0f{6(A& zMw6P%COGg~NP~}u{il@>M|p{Ob7TvUlKNz)&(M{hu++gg;gLb)W8%QEq-19-GtY>@ zT3|Mvo@g<|8*)QK$?31!06UhzcFIB`{m#8w3yBl)4~g0B!Tb(S@=`c!?kk+~SY^p@ zmw&aLf5SDWKatbV3t|?5o4P}ouE@DHQ)t-?ZJiyI>tK{=9T}VGseF-Sf@NzWgR<%5!xp=~|IS_nWfM+01=B(-2J3V@bcZU5V{Guo6;}l_ zCNuIEl%tw)bNDyPOktB`%cA5z&8>4!?naR9IEPoQP@7xokX8l5UsrvFaS~KMZz>U} zfe2{1iQfk{fC?WWPZg%lE?cUW=HoK}fbY6aiW>ukBS11t!nJX@7KBabq;K1eqN9m1bX%kz zc-;Y!A5DwbtQz0waUF{CU0aQIZ_0oHwO**ekaa^lf5U{N6h3c288s5V{+l&=jJ1CE z!mX+go1+e|iwde{?yGd;E~38K%m7H(JiruE-TN4Zj3Y_9-MdWH-@vUWOjaVnegDQh zpHz+DTgGkW#kDBCuR1jIfNBJua;%aqNF@Sdq~)8tLTLEJs$vm}pQjXdHuI5k%WRdm z5wQx&hQxOIEm4e2U;aVU&SE=rKhRi^!9Jrg8=a1yr!c-_n&bLflKr|mVKHqJI+ZGe zVM~i;kY-->-RAv9pdmNGaJpSS95*iqWA}ooa62Z^&)lU`M#d!ridJu}$jTT;i1N!Q2y+5fHO9($uh0$v|x(rbeZveu>2OXJ=qSufZoxmTvr3jnD^ zvklFPDl~nx!8*?Niacr3+^(d~2B2Dl-H%i?rc%$Xr1}exTDsWo1;AJm)qI10H}L|M z=4IKcs;unDPNaL9(bw6;YWSD=tHI)BRp;1|9BMYEsb|by|K1w~cZGn{m=jYRc8Fbi zvoR4%aaPnyym?v@hWe`dC@9#6m4^JG4MeT{?rQ8R5PDWXQkpV}@6XU6CrF5o;ef88 zdEH2x2v@p)1gjwMGbG7Lm)`zmrhNHqJiScWnr{?ym`yy#MEUp2vxnh6Lb z97Ul2q+HX88{)RX4JXzM%Zeu-L>$&urz5*-bj2#(yvq@hk}y_y1-{VC>>@n^?tJ+_ zun?M%ux!{cMRgrhzE*EX7h?tO2L0a&7#;K!;7@w$Z)`a<7n%UthHL0f)Apkhfz`ze zv2*}R?xhN?#bY(+cNHBU6t=V!cjeHC>2>8&6h9By>xasYuL=^U|9wxz@#XTNGRR(` zv#$)ltG@-@tMO2}dW2mw(m{Qg!-)t7poQzz^wRKuarO>Dwgt?#ZrQeN+qP}nwr$(C zZCCBGZSJzoU3hixyAk*Nr*+yBZ{t8z2Ir!n=-|jlPDOO&>C)1XXzB+t^vvGo0BB|CmV}vB7#3uvv>j z1Ht`Xcmb)ZTWYoVW=W13!M7^tQPPGcS)=9Bx!OW{Ra$4K)~1q{T1uf=_9N5a4qh~E z{r=dfC8%Z8mQYB~1j(hjnwF1y&X1ZrvC}G2Pns+zQLg_SqEk)C-^efQ7)C`Noa=Rp zz@%NIN{>A(3KviP0jYS9{(e1#f=NH2)4TxfeC`T`ANOki#n&uM) z@jlNISH?kxoV%}56;}o5o2qdp_5!$k?(#7a3V`M44KQJAT7}5k)dmv~|7s3;d{`(Ap;-veDKX4+&3}7f#+;jV8_59orpk?Gai|ldq3Z=upvAosqo zY02zDpk|cP;GPwsdO191uuT%zEPG@_b>(9-L0qT>|0>U{y+XXXuL8vY2pgXBnN@0i3w-HIV0Oz=;36Xp0y%$K1aT!JX5Lg>0 z!BY6Eb_F+u%vPIL@v@`HMdnx6%;pN>bUT*`CuxB!+ElU^qK`O)^Pl=mYKFc-Sn&Yv zLXR^C>}QJYE)p49yvqqBZcu%vXKIAvCP!KAwntu+6FY4a9*{{{lqiKkVy?k5C zl=!m^HfD?6=bbg9FfEO>yf>wK1*;fPv9LoQo?DQl|KZgcMAJ9>h0vJyUghXznW%+Z?E4?XNGOQ3|;4zuj6b( zMk*U5X71hSutSi}$9M zbVkMlRXOiMYPV)6s(E6*@+%IHvEC7QSanWA6pd}Zk^#v_v8VBdWhL85-#E1TiT?Ml zQJL7aZnsRA7kUdYPx`_SBr=;g{ahAH1~8jRS1gZ^n-#iTqE<>(dbQJA4NR1BS-P8u zl^jc!;>x%*)Le~LV!3UIVY5|v{=U{29TTKkEbHHH*^BUvd;PqhPp6`uZ0d5YXAR68 zdiTjj%+92mpjuZGvo_eZiYg%`td_x~- zsiB(pPMT}+AG!~*Ds3HCwJ1SnYSZS%h1pE-3&OSIrE}5h3#+@CK2qV>^rn_Tyu0ei z=k~sa8#Y+=>{;W7Xcx}52SP4+k5;QZT(R=Lx?ZUEj1LT!Q^gy@0c*Y$*-VOwwaOXG zEi!!KZkjBl1T;h#zwS?jDsKya?~0(4?Zl%@&?RQ?F-bp*z z!yPRtb7Y4A(&3N=tmTjbIBIKuX#gzS5<8Jeh88;ovc7}GxVz{QaC5aB16^tsT?{b; za!Xz)S!btCjom&b9!phT;h)_rr_dGPsaAUBaMO31`;WLJKy>pygJ+W4U2IS=x4L_5 zlt`HD=uu)&(tB&6Jl%?Eba=at?US%cA;TBin!b`oSq>CpKhXoEhX$<=03GjKD_6W~WJ<|x z=MVeyCMc11HFQaQjNIcozbamcS|FKng z#>{y@1Hr{@X9RM+xk1HUhpkjqL%Ld{LXdk9c#*P++->wl*mnY3Fml(38f}}|vejxp zckOn~BVk$Zb-mG7xv9ST(jAB1|T_4 z+?o|oCb;^lx9EEOr;1wyoZ!`WdUgSDz4n1UpV`cRYy|y+dZV@Yl6qso60{F#fLI0- zm|~|#%DR{Q$+rj7EX+JHNgYtiMU#**E4HMnviFZ!rj;3& z(0JFexNeaaU>m!l?Y~^p<|DQ!OVLi-+&?|4aLu@G!r`8OB5lDGnU^#W)YpjWV@EdI z`5R|uXEt7X*jm{K-1~Z4*nHJmUJ*o?il5-|)YP`rFtmx)&aV8T6nSacj`c$CEKk}1*N>Q&uv)s6w_zY+=~L4`%))t ztk8RAbl7OokemG87ldU@x8RV~+q1i2&+RiOnipHN&7Q8NMa`cuQb_z|JMCZ8-H>d{ zGJ{B~daa=AZ|=Ehx+{#s5Ofv2 z@9`Jw=Vm2@Dw{itJv4N|&+~a`pt+RJNl>k~K!+x+?eX%4|3f#WUA75&?aK)`08ewXAUMk<=eC-q~ylHCL1~) z(o)-q!HAjbNyePihLHhi?^Gp1`i&Xgg@Ux*9!S!Aa~NZn$@@ideb;EXM|<)(1#=mS zgS8;J{cR>~D$;m!H)U7)TD-{e%O4;Aos4})@8|98?My^t`{j5mvw?1d#^EgWTK)bTwp( z`|)DO&DE(wzn^U+$y5&b*WC)JKfq6dx_C?P!hG|*O?e5Z&s=3OLK3%|KZ>?~GH1_`;4frSJXA z3blnk7&~xuXFb_foRhI6?&*rh^|-m7yjMKvs79cPD;&z!A{*{M_bPLFv4z4vpUMW*VFp#VVC$0t7_afz<<$8= zbQ?O-atAId%tG=TL0-)`Os9e1RfFFP(GZ$6TRL}RFX&OB^5 z41c;jq`Us3X~&_y!^A8vx6+(h16PDRe9;cQ($_!7CLYgo^6P0Uy?sVNOP$6z=Cw0G zYr2(TYd&R({1Qn%PcAQn9||NJ6Mm4Me&@k^r19blFphyQ^4N%CR8f}ZuD_m0>E5C38yQY)j&64gVjb?7m(IJ%Jq(n;?6Jg#PmQ=CVkQwvq- zxYCeIiL2aId;wPjJj1G{>Zh=2nYD4f4HQ*axuUdIPk1Kj$20k9$q`_)85sv3qK8~S zXs%n#h|sAhj-mMbsgJ9za4Cf%T~QomT9Y!C6ds0ENfc&x7z7Wg*)kcZ;YZ4)WW50y zEon6Or-}4SnLS-0ihM{tYm%0z)Oi7BM1e1siq0tTX$0xsW?kkZQW?G6?6np(2N~L= zK|O_^81i*fIywhjLd~X(H=@Q^Xrnl`ix6#5& zc*02N0r3L+561XfKR~Dhblzjzb?76?dbjB*HbTYVu=cE#YQmv9DN6 z*HENzy`+sF;fP7jAC=f&;Nz&7!n0vjTSX4Jh)N=um#9SDxjzRE+ycB?J+O6a`ER4z zVN_H|`yOQ0+KQNw;qvyKTH$Tn1C<1q>Lv!_?ZVq8z-CyM=EYL)Y*W+~sABN9Sgh)T z@)le0%YN4p*FZ7|)$tG~+wf$YO(d&FZbiBfpa#!WcD4dOL1f)o#+<&J@k`+o!$#-5KqI zxMI@hn2C4&C8r{F3DjzLd^n7^wPqpaq66T^bg{v3rxZPkkt+fnq@r63b z!rRZEMsAXH_hZ~UucV{|)=Y|eGd?ec<*>qS^5Z)CLcF+pm=&THAsSW)zLdDPhQg~# zdE-7es(V@2*0+OKzRWuKNb8{8Y&mV$eBCMffPtzVmTHTtPl1bTO3L|VBWvjb#m|_F znsXasBC7pv*?KK|0ii!Eyj;r$OnPG^IQxC`JuAHl@AfL0GWiINV$4YW(-3ud5RD*QC~`|SM+ zaL8Z2g3nQL$Mh-%$Io@Au#I#%4To(dAE)bKM zC&cJO>d_-MXYGUbhjfwpn=$J}c9FNqw~o{l>GxVU>9=m6`Oz z;%8mVt_$C-ycF%YX6a<#`ZZf)$MlAU3V7Qx!-K7MGdK6=_Orp>G#U`W`QGFz^FtmC z#RlLYUe;Yl?xS@90?RA7*;fiV!c7QXzOLdkXC^Ay2~-L=&XT}{ z?6{9)?57ISNGLO}o^i)%(WYNt-+&M=lE`w4;mK0Ea$(oc@LM9FgR=x(&vHQcx~^St z<>CaV9gWoX_VOAji+%6z5K3$%In&nH6XpO|%X+vJ9Q{4%D>3pXW{)^`TzU|~3VsgK zFeW7XbnwR?8=Gi2Ua;tw=LdEkMF{)1v!Pk`sm%eOURz_H34hVr{YWs^i7rcl>}I7m ztVY&M^l#Dy_S^YFMUdzPb7VrPFs#QLYY!}DG?68Rcu`myW}D#+{pw-nipMrZ<1Qg= z)gH?El&56Y`QiP2f8`5gKJ#omYd7hl!tk7C(w5+bx{pQ5$VDCJVx;{^xeF3pgh?^% zUV*(7ISAW4xrAjI*ta)I(6j)?knE6?Q*g%UcuCNwxjT55-&9YP7GECGg@>y$oXVJp z5}wre2!sZfUksUC z7Sm>072-2rFVMov5Dc=8x{~tD-~qgEd9ndbBVDn6&*)T z&n<7~mF^C^e~Jj;It=KqQ>@ZT{z(+<)$F90mHEkddt4GzDt8${^k=^15?-%@N4efH zQHqzUNN@P+ZY50Ty{=12N+;%p-pVag#~5daMzRz%Nqj`sGig1}e?X`JwYtP;-T6Xm z8N5WWh}n-CP;4xrKxxwc%$vLX-K`il?~yD1-u+at6ua2am)v^2c8&-;bKWr5YAH#5 z;f!E>uC1ADc5w0%1D?L+$TE62MXmuySkPwJpKVw*aHKNvG?6Ag8wJ)TtqHwR@Ku;w z5e**$ZPmXfd8}_)vwjf_V&8RZ&cWF?Jx2c=m%~L^LMgbC99pb7bTL&5>ym5`n75 z>lZ6gL6OC}PhsB!ZOZu${Vq)L*x_)SM2qzp8OBF>7+*N>HaMo0`LGIORgd$>| z(3fm;{s%%QKH1Grv-vS5Zr~N|oBKK8C`^Juxi|kNl9^h94>*-3XsaL6T}L`mIlWuZ zoNHWfpNWdi90>MR7dZfh&3q1aJ{Tio-MO&8TpaY&Ysndev~nEp2{it!TD>9ODf69W16+X z7(*N?>%Ff$Mx9g}%2VqH@sw4r)aX}Nlj^UI$M2Ok*S6S@r%bLHYFjL_?5~D?8DCFD z$C3n!@@lueK6kf-89<^SoBIvxjIVuU+pXZmo|!#bbCMCDT@qL3A<>68C8JJMNu=$m z+5-1yogVQU;oA9C{LufrwT)SU94taSHg}8KYE-^=dZ8Zh+)Q}5zH6}#Px|%NehdaA zGarY%lVE^8Xr3xt_hqi?^r2;W{fk(T_zLJ2`09iZ|KsY@YgMv0(3no3$xw_Lg6X78 zBdg;tI<_Gv#A5Jt#J1&xz4ltp7d-C+9>1YLdta+l_Vg_HmFkExOriX5Z{*yc%yHBI zKQ;f~HC{i;U(Mew`2RukJDD5WS$Y||{C>p@ZT?s2_kYp++W!}PbO%O_9kIRh$M>R8 zK$m;t#KAI#qSH?znp@Mz#*S1;T1m2J=kxVgp{W*qG7aUl7wDqRC;NbT4koyk37-m68bjd-7$c_ zlThq7!Ik-rq;rUPsF55qU%RudT%#ewdunxT_F&`34y+iN&z16hDK&)hdX6#?P2xTB zu#!p;A0DhYSXnoy04diHklzrc1F87Oh)$)s{cP=<|Kmpo5~kIxJVugqDiVn3x{=yk z;>$^f^a5-0Wi+nXTbP|y)hV*8!djVC484R-yL#`YAG2@+DA>T8gE+9>x;Bwn2Vg$D zF=XZPIbnw5l$-MoYJ+MS=#k?iWrP^w;@^+>pm8o zzUA!zf4N*HiE%!Yszx%NWxRRnAxzjnire`_BO*uO2lBS))Jk4kQpQ6(v+{|SnNIQ4 zEt*YwsJRnFwY*`vT2s`D;^;xmmMw#ebf0skGCYo)tZ~$TX);5DOmQrXcGX!hz*mbc zh!V5dWe<*;Q2h-o>af+sG*Xd-NWtLyZg3yn>AKp8cgyJ z3wt2wGnwnXzITn+t2{Rzy*j{C&_ zfY}nS+bGDbC*}Uqkkt+Ru8*ur1CQae-R>n=VP#@-M0m@hqewePD>wWZq; zJdA?Mdn19-#RJdj$;fKTZJZs4SpBk4SHZ?z{-z3;;k70ufmt3S>VZhZp4F6AN+ZG% zbIzG=%E!B=m^Q6;-_3H&ho(}>EP79E_a_;SI>zE`S=@^oYPzi@m@b!dK*+rTDwx1l zGu1V7HEDGh2k`1$(uNi~&+v|bkM3h!9p4ba%on_pYAqXx*tsVRtvc~LoFxgU93@i$ zypP5X32TplNb)jhix~h@nTafhd=>(B0?T3(WO8S0FeM~w6v>e_xDxaeEgR#|b><=F zi57Crnv<=b=~#aegq7Ygo4aUnL|PjhH08Y-p2TjvNHcwfO|+E@*9K-EpTlM-Nqb4Z z3`laYEtv25$bbs2!vd{GiAI5lu)43r{k$VqAbzh@Yt5AIf;c~G{YX%26DzFJD9|z# z);LrHI!cPH6Q_gxJHw)>X$<1d8TuLnE_MN*MGd`JFM37L)@+$3&SZClrO_=kAkJpr zgWz=U(4u^0wF?fTN`PFh?9!Eu&!_sckIVy1_gb5k<0mM=nvj8?B=AMWbW5sj_9=es zwu!+$Wr6LkHex4@(PM7_aeVw*$o(o8ONLgyc8 zRaV0bn<7_j2=!-|UX)F?5>~KE&!ZBX6OYu&#_@{^y4DZ0g47TzxkxIQcI(v=G(f!3 zlA7IGHl$W8u2!xRwt2P3*9-zLy82YwBD$2`_{bN0cYhhHBW)e+YC>Dc`bAa8wPdTIMsNxjEcL$=(tFg=l$o9O z#JoL9JX=z3d|EkO9*)ReJX1dt#W~jK&FwEt2K)_h_B!%l&JWXOWS1n5N|a@MYFM9y z5sQzRP%=L)a5CPJ-EHVQ@S?dD7(x+HQyxER!v;n>X z%_)9)(u4;Y0JklR^}GRg`7WH#Bp86MvH6H)x4XCt)a(S`k|CXG{tkzRzWf`^VTZTb z5TEs1)2U@-gO3F+u@JUz<}YY$%Bi$!qUj=$&@uV+^!(XsGv8qU*@l3hz4Ckh3hHSF z0055vq4l6-YV2ujV=826_g~r%Ek*lcF$BN(l%Ix4&5<;q&TUcO2oy>_<5wpuAIouF zJTFyg1KcHm=rq#E?2mqTvq3PJw+3VKS=N6BnWkv$QL?afBTi#33Q@`?Dn-lCwoWCe2df#mXFDfIAzMG>K4I-LJa-s z1B2k?_?~g>n<+`8U0{Q_{AX}=BxmBw6%|pKSrW6&@FS6MNl1@2tI?} zBmJE2qvVP#;{h9jEDv<+{;VEMzcMJqjYEnQ8F$U{tK{}(-c<&T$Y`-hC6f|oOGj6^ zWRA;o(Tf3w!WaRYdO;tI+sUA1vMskmcd|tIj4PgT-P>=-@<0YhQ6vO1)*+pDEI%O= zwt#UE3`X-&xJ-93G~S2#0GRYmTaNYb?jrfHsOp8VoyYT9XwX!+sTP4~8v|enFZ`3e zJq$8t)Ne>IG@%wPG+7;}#VC9#J>0sY^LcgqIn7HMj{{T%KIQsL1_#*85DsTi{)#~? zRqnq$0d;keTRiOX$!@M+;Lq7Q$c>=M@a=Al0(D_oUS_YS{FJpC2l7}#cRei;`oqC< zGZM7t$SjlJjP9 zT_W({hfLOAW|UOia4eJtwcaZo)SP}|EgF0#75Wg|9S{t@4QaUrW*|oaKz7)vZ@o;1g)gkA!8_f7m;=zqMCr_x;oS5^?1SDI9mxT z!>;pZd(*4tSlvr{=QVY_Sxn&U3&uc)+psnCO45|799?>}(!pw|Yevv(tZnzkI+KyR zRS|z#)c4M(!ZphK7L~U8pkL6Z@*O~VeA>sMF@!3{Gw*!MX=zljfOMnv$jS@Sl)`h| z-kcLphIWi&ywPPSv3 zLFg730~`{;fx@7}!9pVnVr#kz@(SfkDy}+hm5GN`t5t^RM;fW&0=#QnD3QcfOqF+O z#PpyM0*d!Jz$EFi5kg5-bm`D%4Jk2ZZ1_3EsqXHBAKba?lGm8WT!2Sk0-dKZsv>Q{ zf_#A@498jqS$LwTiLDlMIei;Z<=ScX&D}_Klfd>%WYyaUr1_$8yuI6*Hch)$s`TN0 z-RM%52hSuPOi6p@P>}Rat#iZC)7?0!cF|G;gCyKMUGu>(tTuZ{CL?d1=%S!&J+CD^ zR4Frt8PJn(CplaV%dnMVR2k}+tNT$Orjs;5-*RRNE0T~bfOIZTro_zbtLHkW$QaQ#5;rq?Kib&M~E#Wc;9MObQ&{#ftoH&RhpKg zwd1E&&38gipIUW%jT(FK7=EXYC_KGxJs%)1YWg#@nsMeD{CzRq5v`|qRu56GKGD9k z82v+1`oZwX8oNdT)M&)ijg=aN8cxs(mQ2>>r&#eRVh@_Xnt_c{^Y3#3yFQ?W-mMKL7WugoDQ8ZgNMcQ5uQ)D zj?2j=#Lc0(igZ&C&Yx(3S})+c42lhX&6HvC(2&D)PbCVlv)8t2@s%X{{gMU=54!fH zl_C#R@KACx_hNXcY{AQ@S;%Ulm*ZSywxCf|9Aq@}yT~}mQQ|zS`uv=zsiRvBKVu#T zgI9NHeyTjbX&9sbo}|VhBX@-J3(0^Z1OVXuAAimqe%V<6TU0As{)dhJ%gESbL-AwZ z{}CV=JpxEM@=Y%&0BzfbQ?|>sQnxA7<+?s}KG-!lZQ)1sU z)yS^aSS&XheS2 z@u+-y+S)D=&T1kPL<~PI?Y=*S8N@uMQq*Qz%X-ICTe}RG1c2{2Tc5jHA?Ik+<4$-^WpSX zU`JML=+HY?7BijhlE(PT%!AA$sH5~3^8re9$hI`t5LH21m$%?8q&bUH?4sz}eB?0v z1poTXp3I%gps^L3)@r2Wgqc~fjak~m)JS(ZXBeXqvbn2tXmR>V!&&2?i%v$Vqzo{t zUBWo;Ka-@phM3bXMl@5RUW9)vh)TNza2XFquu#zNNMw933!EZi&oandwrnK+TA1`< zZ943zPe5$+^r}W8xYAUZ0i@Hgfi(cjHO*HiT>fN_y ztZ|33y3j6)#?C@yjO(Hu)^A;b#YmB-b;P`_(W7O=jCt-474(qk)WY<$@lrIgU0YSv zGnblgm#3OVys6L2q$;w^4g7)*ee}>(hIL+Lhz>O#>xP^ZZ(eO$7HSba6V~1N%8e`8FT(0)mU>;zJ2n z2_t4x>CG1LLp|Ube|efikJ8ywSj(6N%(K2+BO}^bKHGTFMEO`|4k{@l*Q8FVXZQ{M zg89)`Jrs`E~>LQhEKC6aQYY*sc-Ve#N~Jt+rY4MYqjiD%%6>@hEyL`Es9a zQbo#La|fxnrr)QNU6&+j7h0C4VA>ekVONPMm@r@L(Yg9#_Ot=a48x0}vK4EbSa_tr zT|od`UJk8Z)=PKt0<41S2RAqa^hE(O%D2{oJjwM4yXR_M;dk3U^QE?l;u>=k@=fFxZ^&+> z6)}Ham#>EH9?ePv@49TiNlm}8Z8OwN6g!ikMYr@Xf4TOFiAEM8)S%`kQRj;sW%&EQ zVG5Jt&E`>lhnZ&V006)9OaKo-V;4&|QxQw2-yJ1;Cr^5nUks5m{eNHzl}!Jm?8;c$ zS<|`vufNebI5S>rU;dU}gdaSDAK(QnWgro|9M^&QK>?*LOXX3qxLt$f(?_g7;$o@(4J#Dg0mI@_>ZCHkWzl7egHdqiF)q!|C}ft=~TIobpje7BM?p^NzFj` zd?!IRlv-Tn$dEa)!foyCI+UA4+ho9a+7zrdvH9Bl{?bjcQGjFzXI^qX)G_A3AVIq% zsvFqY+ao9cJ9?dg1$xqO;@dyPzM!qx(*=3VOMy=Ajvn?CrW-8#ryX|fC>D!rG##P= zQm@w&@S^Fl(E9#40@+{oZ6d~dJK}IY5#f*iG1#!`h4vnxmyP{;c6#qK=xZo8C@O== zK)aFNMSYd8Ty8^Rgy(b?1Lb;m6QSG5XYLG>!iOnL(v^1lEjjadW<8%wV){s2Jd-uE zuk*8FGP}fo(Zj8~AVJEg=9} z-D!!9uLuFnYZn-kl%KSCJ!lV$`{5rcRzt$&qzL^?7bYsoTO8nd@nzKn?0ZA#`@bK(y zAqs&z7uuA#fsnBR1KgIusPG&i!zGEADppmi2(^d$vW&>&Xibo#Rid}%q9~y2nb%$9 z=3#>c#8(Y-y4`H}X*a&3)8(?uZ6eFHuSz#yC9Fe@7$3a{wQx%!D!#$L8P zy-z@Gmx@Khd;(6K&Ng`0brlzA@3))8ks9eJQtwv-4!8X+)b=qQoQDKX0~e}4-rb0= zIR(ZfAY{(VN%myb`!#X{f7t4W^kAEBlv zPVdI+E+r0O@#tE)lph~Z!g_*^6iX%z6{O2MXxJxvsvoK1Z4ONfsjt}fnSp)8uHa+(o4}JT zP6otaN>;_Pa#yw?yl2sq{)lv^wY+FGvpbn;yi`ipquY~ud0+H`ETW$$bfD=p6BE@T z+LVeT{P0$b@1y1{ClabZ~&U?buVWh1AN6M(4%Q2a0U(K*|JrIHoq!Q(9=|PT+!2ml1$PhEiQ3_2#7*@`Va)4Zo90KWa+p3zEx*sb85(%#cZ+>$^~GsYU6; zwG~aRvNgzw&01(3U#gy4s@5G=_DmO&SAFOjT;R5uV+X;`8o<1hS#sJ4k3$Y*&e6F` zSMyFZ;>XG%@4O#H9oV&$eTvKTH3I_cz0DaoC3ps`&jU?7XUJJ1s@1q3hWMvE)oA3Q zZbzyyCv7O+>Rlq&D?qrtihvH6jx}}GK7f3KI}Bi>AJ5(NRp^OUScX>&(L**I=-Qd_ zL5d8wc?{f=ugyc!b>|&}^6eKDLZ__X>~vhCGHNz5_x7OoeQtWeq#*oGpZ>JRI)82d zpM%R=26CXRU!}K40|3DP|D)w_HL^4PulA|d|J8Z~|3~X#0D(wYkz0q6!WP;1YJ|(C zS!7d_TA`#)as9mFDzS^B*iN{jfiq}BAh}B9ZM~i+$kD%WL=HFNd#g{&Q}nq3$H*l- zdz?Tz#fyg+%QJkN{4x=hUeLy94)h3pk9D@c?mgJLMi5E!s3D+pO>m3=|8(W@#+A

3bVL;M>>Wd>1? z6At`f_3gzTQ!GAi`1++HD&Rj~Bb=N~sX|+Jy!acD=v-B3uH(%@Jg;b5AHg{P19z%h z-`v|1XFEKbvjZ3Ou5{&_xb&7Go(5OM!Kri|?4Uny+AE-Zdup-wObK1*5?Gaqpy1=< z3HjD!!tD$Mio#@j`n9TFg$gzO5DA)zDvG3fqaiY|wxrYk5`kIn?$Fh64` zBuk&;zRe?o5imlo_8?tR+(Dv&V&iyXrIAgVPYwVUzS%fkh5(NyQHo?_kA$Ig`y(S! z2j&GZ>xyrItBP)BeO2gQpjp8nJ7n2T{HDyywG>rg!-iCsy7{r^~pq&l7_j zS9qwOLTTI|+>uvWMT1{WBev4`T&OxURj!Py{%0Dz# z6cya_<#q^zydSy$=Z(Gs+OK{@a92!(QBdeF=8LlfOuf9656*ycmrIS^VDkl-OiqI3 zP^ukx@j>Ji@7mZyTo8Wc;93*vAl)XF$VqL){9g(1ZlQT98g%VMI8o_Z766~lT)g45 z5t?3DnCjW*n=Crz<)!gj)Qg}4nIlt$TF6R~0OWU9&jhMSOfkH}rY8|cEpa>Gt?d#n zJJ21Le|{?D%nb>gQ)}eKz$|hEUP|6Tx`HHmZl5irpUcq5QdWxCvDq; zG+qkTRV%BmGfiD)HnLY+>Z?t)LsAD9qo{2*q1CYgR-@iO&bWMzmN5$<_c&g$1Zv25 zCgu*5cZMQ6O`ZA0qL%G!nGks;Wv%NrG_5pSlr{qlm0HM8tP&ZqBvUul9fkFO>#XRt zwKMF9fiVL&hntdg+T#QJ;_bNy|GTts z5^8wym-$Tfo)EMi`U>>4PC_|&TSOmQV>XU$eRur; zpiUl+sm-jiO(>?@@At-)HqlXk=vb|k4m+cF&4RZ72J9TN&PFDW`|Fw2Y+klkvp(S3 ze%(<2K$;n*S5ML8fuq!|&H_I<9(x8XBs@cBvjr?~becXdF$KWJ5$Z8VfJI&?ilV00 z;|#0TbWJ2Ufu5jKe^rx%(ErtDCTx94Jy>uUNa+pwK}HHPYV|kJ_%tL=xcqNxGg$S0 zwWPmgUyTF+KIB_JAvET6r)+!fC+lTs-a%py z1M$7iH{^gi9fS#FjbXI%i`-`lfO$uM2dmVq4m;Hm9z{HgH%@0IZ|4lF4+A=i@mxSn z@nW|HVh<;+j(Y>NCowsB?OfyPUEn*-RFd$9FOb9nsRKU&iAF8KP5SSp57!ze6}H?) zIz?>dP!ufPbvX$BqOM;8 z!20l7x#YOv1%)S~YIAdOjhqF)tJEOcP8T0Fb>#^o1XzkVw%5ECI_)br^CxIWpBn5u z0nH7rk*o4SxtaEj@U)FCV-SW&wf>>X~;ZRs4WY51LA^b5eudRH@^w^5=#k zpe@VKh}y)alm0?4!QSUHm1B???hbbZl0vCeLq;svyA)zjI$6X_<0!@&qmcud zf&CC?8onUjs8O?CT5^sm$WKv5f7Dc@o!)~a@~)JLVv_LCb)}}mtZqshRo};F{4sCL zY?s$9&n58v<1&aoOy;=F@JJ1Q;0iO8#j4#JbY6wJfMnRA0@R_NHV%jo53Ndoz`oM# z%5hN!W{;ZiL{=DaLiY*3BR+8qbe!YFkVmWX+xI9Y(%Z|E#&G8?#aJRsJf{C%aN8{iQxYFffvJl2H<)mIc(#ET$bnKcFNrs_ zJFCsk^g%kYq>ff`hUZ*U&Ch0l(R7oDg(^^tn_GWva4byu>!Z6R7Jz1_T$Bgf+4>)V z#%xVyJ}Ja!#GFUFc3{733M9W1+GnETo7!Vvpr`Db9_sXz`q-?NeQQ+pOsiwt9v7Uc zYva9Q+57V2l(hQdW~z(7`a{W+?NU=*3VDNCxQV2MFGc|2O1*@-l(91e33$++d~Z%* zA$TIt3Np!u8Gw#ds$~R^oI_zbYp?K{$3>RkTi%4LW}AxMYva<-`Hs`HqOG#L)W?>B z)EhF^KI%@LsXN=J@J0S2y_h&))Vq_zJleigg|-<^1uE-d#K*pY#N}hm*4a4=`(za= ztrHq})+t!v=*Cf2=);qc0yXkd)Pi7T@QN7p0KI#_`nh^2^D}I47(%iy4}93~fwr$(CZ5yv_+qSD-*|u%l#?;rF zneNT>HqXi2WS;y-{Nl#F!Nb6}Vh3nb-s9ItEZdRhtqZoE=&ZO8kF44_=^Ilh2QdvG z7=}#L7@FNZ4(V#{-fJsFur|k#uFR<-btPr@ua5kBFcje>3ydXNkV{$WPeqY9vPSGegfxquy(76AccZVg z$R=|-9v8C|?^DoQaj5KTEN1o=q0sfv<#I1cTxQB=jyEH$a$#aZe*RrO`aV&FX2|7o zpE&Q+$9kW-d44%LgnpiL0AeWO{iIK8Gvyt!jr){6hjd!@*#0CrGoW;4F`)uH^-a12 zE~jH?Bfh38(cyn&czKxx1(-)q!R7Ee3>)WOwsPmy$94@j@9li)r5%*BG2^thtHoGF zmWtZVMhn{#(d@9Zv*XhYkNM^D63DYI&D^}+fS*s3+s%BQQO(goyr{T-urUH=cWGpnAzLnY3pG7jc3cc+{v|mT+8gfeXz&_<^*zh(w``4DrUC&OB zEMOc6NEL)Pfe2bA%&4rK@(s!AN))*a<}orhh01+wHxHzzNm=S}MGpr%}Wp|}7|Wnk9}-sY+c{trt7CB%oD>?VLo?zQPaCWjaDm5?;Y?Dr#N zVXs@QQdc2Br1k=gV?S67jp-TGH&R--E3h|apws6Sdc->OM9&kZ34DtC zM{iu7{GP*iqWlS&++UN-=@w6|4&s%q5YfT?8-~Yu`Yj;Q0WI`wrEOSyA0B^hVeOmG zIDF2$3qdrA^AoY2A2#~aczw3fvgY882m%Kub=S zyWqT(YjAsO$eK_gD!THI(x3||WB~;1xXDPv`Wlq7oD<}DbAl=U)$4g=C#j0Njhn|wT(}a0=elIFkbV{}nLBJmkNy1wjRl+C zTl}x)L;nxkF?6jNt(Ls!rc$l!$pWG{ZMBVh-szbT5X30vd zbw79drv8!=n5iT>ZwJ)KH!`ar)Z9_L2h|jPd?$A9P^|FC9H_bexFE0zX9_t|H7I;8 z#t#stD3b)(>)>Nn&*Z3WZXnf}A(Ut%!wruSJ6!U?#pL4`*6@{*r;NvsD;VV;99J25 zr0VPBGZ}Mbu}!(HGmt@8{89WpCstU* zOvE_ghie>BUz-o%kPYLbi$nILo{t-N(m#~^Lg>NK-~JuM{)Z<~`+HfX!n>R5BGR`15kv1qj&G7KxlLcaqXbA5j~Ce&#M3aZHUV zvMrF9sF$8lOVlx&*I>Az$(#lKD$D8G_Af)S<}*{2u{j*5;V_ob!HysQaIu)a6p#Y} z9zYaI{wx;|E^YBey_F4m5w+Yn}U?m)yTrIaz|KncdkuD+g(Ct=j zME|Em&G@IFxVTI|qvos~;8R!+z;`hjo&VM{L}w1*4~4X`aiVue#DYuQ#Ws~O@G z(Z~>QcLL8EgT)*lbi;PX(_n!mrR`Ds3S;p_9x!l~`g2`(UW!3NlP$|A$juMpLN|XY3}mw2P7o!5YLVxXyhryhF%!1dwjv8hgGt-V*b?<H^Of4rN#%kR!g-sO%5V(`FGd#Ni-`Ae$#i*%EEh?W;uO#T zsfZpB!REsLwpQJ0no`;(^!oAyV3FTN{9todzRfrh!(5aS3-dGs1;$1iSHyT1p%4p; zCM3fA_^BA_5gQ~OHZ)aLh*}c`5xz|owXmq#&=>aUDkMEAunZLxL@p)>cqNQ7ftW1c}QRlAk8p@y&IY3qZSmBh*7tf!%6}Kq z94s}}h`pD{&Jp{0=en2T(><)}lrl&$&upW}1IV&<8Q+tt=?o(fbk4EoQiR9V9PRsQbNHj!<)Co^i z#m}j%zHp`TZ>;?5sCQ^D%cwiX-}pVplZ>@FOXDUyxmMIc*ES9@DO4-Yig?muy$$-l zQbUdTJPi(4p?$r5%584rJ&|`0Ks|iq@exx-n-!_IGMy|O5BhUd?`R|F=&re~PBhlg z?3eC++5*|!wzA1Cxeee0ZmZdYIG^I`yEn-SAjS9Ex|a%Xg?ejDYj*y) zh!D7gx61_981`-$Zf?b&EH)l2VG+w5X5oj(Zzbn!f<;xjk^t%e2ga;cxY4Duez%8 z5J%!JW5hzM$7os8M74qqcKB<9w`WF;#-dJi#8FRx>Fcl%U)(>&OE)D8>)6y&%gkIJ zR;LuL{P48wIf_qvZ7+d%1E<;cyR-~Dbk7*%@#^}dy|+8l__Msbe-2O;;%;L08iQ{h z0U4}G?wZ=M1YJ2_gH2mc^`e|8_v+QUA#4k@kp^der<6^!3?0D@X+`fB58$MP3g5ID zmPDIu0X*l~8htJgXaYxF%4=a`)p^60>FhAufNy;GU$ug-Q1-ae!8bSWX~Jv6^55wU zES~OwZGN&M1$CVKLt$rfiIGs$84J%<+d$+S)xa;`oUjR-Sy{dgg>QY?-P3C@a9>UP zer45uA9lhcOs%koTFVi$i>m>c)0#^>71dL6ldSfvMQ>hPMiX7E?)H_fgdbzOVOZCbMmj=BCHj(=y>S8TMJx zpUdjb3`P4{L%Dhb@1_*T+J@9aX9OJMT!Pi}P%-1sNS0s`~|WU8nRS{Oy2joOkx1jU|mpOsC4SJWP!E@Z5euUnzi^| zMOGnbV$zkyuw+k)V=2a1H3;2c7?wd0Ejah(IwFPYO) zR8=npSzACitRd^EM5h+$1}uK5F$>NMV8vjNc}z}s{=>JRB0nq5fDZgxN_WXN)v^#ZVKryjX^!lFq_n+bDwkRu$s|f6sW+ypZPGYD zNT;LKnnO+rvUJ{La^53gCnP*a8_X(sE;EU4uq#q6qSZFvJo3a#`ovArSThXZb+11q zkv_1k;8YyphB$^<)L|?mM%oUi%2BEtfXk$7E&jTn?GIOl-R5ZLaQCse_peX=r{I5L zw=e5#vAzCLE7(T4>ysg*NILpQb+3ec!uoqdp2);!Ywl@MM6FEe9I9PbtU7bie{~tt z%z=Z2-!*dJhT_Rg&uhX?EFGCcU1)MhdW@p-Ijz8M#KLY$_I?LNi_7=&rr@mNv8+N9 zdc3Q?^OPO=PNFRrsgIyheH)J#|$NVWC(lW&kD zP5H>_tG%j0I~4-ZNS(d;w@`;Yq1YPESGM#Xwh}?}-%D0OEfDYx{4>qb(W8=~c`~LC zUmK6{J;=-#u!(_?&jp$UL_sruVS+h8_!NZvg-*=9d*K%%Yd8;reZvS}k!-S|yKU^f zzV^2XFL$GiIFT;PlFwmxp20&f-_}hralQ|74{hg4_IW8vkx2REh((;JCHfqGH`>%w zV|#7)NQ)-Dk6OPPaBX>MSxLSlatuR^+{>7!=-Z2I>j1;@L;TptCE8G?b3<#l!btC7 z@HW`sYm_*62=MS3qS=CzB@K0Iw;Q)GQxS}-EgeG2%O5vdm)>G1=Nd63*C6pgN*)yI z>9k8Rye6@+jnA(1qNNa?a!6QRmfY`7>9V4@?1JE7<#zEAn( zyaE`=9|KPHalO8)3RBsZnNuxpGCb)_kSPBCLAy3&d6MfGlHm~m;m0(h9&1Qcr%<;4XvF)Yv)lssC0v$+^xrmAPG5j1@HmQ{BrDvNitC1jn zK*;D{i#cmG7C~x9Ih23nhXxoaCe1a_2P8n4C(I`Hw4yb%b(I-ZmaWdDd8yjDV`{_| zwi3`gW72|OmPIOV6r{?ar-w7P+ufo&_>z;YuB8psi<^MX9 z;waE2^W~~>(c&93*yI-Z(zzM(ui{VFdS3+q-svKRS3H&=*54HSaXA5iI{GN`5s;D= z)f{C4bSGf*rGK#)@a<_`(&&iIVO>MP$Y~%LDO|~QOyZya-M}mmQB4zAi=lI)%Q$~7 zgW|%H{5#$wv=hrJ5yG{3zg>j1BALgs5+~#;dPOwswOEY2cPI02WlmG&N@dtzak7|y z7LvCC5~>Yy_RLdp@W)QTFi(>K7g!sNBJ}~S*~?VFWueF@L_dMg6^H7ykn%hv@)q%v z&6PV$E3#Bhkfs-)w|jOO0Wplq=pnuA`G3H4dc&{tonM&VfC~V?^}pgcY6ce0qIQk~ z!oqeo2LEmUL*sY-lojFoSFjZz9yA6zo5jqLh@4{O!kPCCw(m!Tj zR^NE(BsA`jf#=`wE?Ah1~q$8UxSk|zC~RpO_TCQ?r<4)EV7Zs+*%2vm%KY8S3A(wp=oLxZT}QjP)1qvU3O zLT#NK6J}wkQrUYqsR`D_OsX!@1bWoZB^3I|V+Qm)4cBcZ8`L#6{4kbX%#$E36tp^F zSRUEnh(TkDYUuEl!t2;&X^u#}IPjawPC(=Ti^#su_y{lFPu;ia` zb5o5S3u-m?7X2|5sJ0i2C+cIhmq%iRFk88A6U|q9QJLX1fhFlc3eZ+JWGdr>@tQJ${ zQ10ZLiDdo8kX|jc1SvU9{A&+xjrLUkp1L!HcRm8t5d8R;01zyJA|H|jyb;V&YPv6d zdCsb0B;=U`8zEgxzi!7e;?jvC(W=OlBVC@so{#dK)hpBjG_OSn$b( zAy^$dk06rm=Vky2_X%rJxDv&c{2d+v7#@JuQH3CESq0=4jZY2zMtnKnph8BG=P}uGcI?T3`~;N z8<3DODJ$X|QRZYK7KjSivZFqx1>^={rDTJsg-yggQBCR5n+n#px622^z!7LQhA%N9AbCb)ojMFLs%&_ zQlAuiQK}`5dySf{-O6A`ua3da*-I+UOn3XeSEKx^8F1MaR4-l83WI~WD(4sblZm#R zr3!(wAJxq)LUVjg+6Saqg}=V8K7Ab0S~D+K5k*E9F*U0Tym#M4r8zv&Z=tqaXlb)Q zW%+Tuql`(nHvGj#jkF}t6~lECz&eA8r3m-2ZGKwoO^*@hb=v=JVMOfQ5e3rP)!caawevJMsi*qr~Vz&+?wFAVK5BK zSaKq`A5&vkT)QgNZOv!#&Z^%ID?w{lH~$FGNL=enhOP#$SJT-2jNPCGoebX48T9FX zy{yWlOASl;b8=;Ie~j_{%dNNLZ+~ETWx((2195JEo<(xheNr#SjL6~qN{oR`1$y`5dmyS0g`}YJM zah7#1jPmzMMpaBkj@pHvn( zrvus5L(r0-81Yw?GNMIOR&rRVZDdZ!=s&@?O8;#PTiQ)+M2_htncf?%Z|^_ z*3a9*%Z|)yu3O}fn;V~=HeG|?Jzsf&z0O|Zb;*`UBH6eyA<4_j7^qT^8RLUsi8Ql! zI(Opl;s51xKXbGF@RRAiX4pBs@LT%l<3~zkh7*wb{EohI2?X(QbpgOaQVus(RE-XIpXBj(@70`Oav)@ zIvDl0G|o2C^{rEy!YcFPk&JA8kOI1CkZS90x$}YChVkFiW}N6FMb77ViN9|&DKruz zptP^|&kUa|u5Z?4)~Z7~ZJik3*VPpf)&V?U*T+SN-`Clf7wIeC*Un83)up*(y=GTe zn#|h7uUe*!Rw!io8ex|WZG|6X$-G)A^qzqR4v9&3O20n`-QF~ z_9d#PQf8+^i%h@0)x^59BTa|+F66?#{EQD}=35csUv;j|;dOMr^x=~5uWP<{RhDx8 zx6QqrLmC3kH|RXIlSB4BLJxKgG zjsLt>{ESB^nN!!1Pl3@hcUl8Z@kD%4^10m}gkmUP@v7LaQO(A+z~-CbS1uGym79uQ zwH1kP1O{_=bml@WR2w;phrq0CpWZKiS6|#r)0{Q*6imvG)Uodo&~OjSK3@-~y^lvK zjVZiiJ7;Il>C4e4*BCvOldSV-v>|*ikmqHx)jyF=qChk4%uEF>e>K!ZBGqH!7wZ%* z$Dv0@;w<1bPykZ$mkB*S!4IakXjN1$#j6;t7o5^ z3UGJ@rF-w0%J@IgDkH7Fa$1)54qZ$|AalARu%T>)bvM3m>M-`I*aU*;i+j_58tK zFc_PSe|^nGK;y;kNQbU z*?-#Hjrm8W9I61oqf>)}D^1+i6z##a9s)wyt^4R>kK57y0n2%KT?-pCNe%R95`HFq z5^Wm~e5p|@#qrNSDeqihv2nvhG10PU5n(^!A53Lx?%V=!^eph*g$P}MatXRX*p-6L5OMdwB4-H}4qamnA?{Bj3R< zhQ01xF8tu{>AW4@X{qi5OwvUna{_Y*eg2|zm~wv|4S?DV^3ZVgS&R8doNCb0XZ8Nw zKMvdICl3dQh{rQn$1Jv>0QV-yM|%e?ja}0r(DiE4=oQdsDI)Q5j)HCvec?&$4Q#Re znUky5zIFHS>H>*#WU(`3PMq#qF>|zbI6bQYc!C!=u}{+_O1WTFkrQ?`xmBa*hOIyL z!FbLV)+2;$Pq|t>$1GTSR=RVuJm!tP>Ikzk3<8%bC^wr$)byS1L8eUVjRbOV&@7F1 z{uQnE=vq-RC+ztr$ZI3akV4CnLyieb`b$0D>Q`>(eNYS6}a9-becfv@0p>;72gURVl8 z(sitvc0fpl8z1>|!Vd<>%D#EUO(7(Vf{KDt+pr2_W9A;mPCF_|06G{Y-{Ge#q2K^9 z{@w^A-njfhKtFXA_M&!a!I{I2Y{Nmsq2gS=%&I)R!;9*e`%uIAu6Ac(o^-$>g$@7v z70h|=CHR2+Pb3oyhq3(GzEEfweIIxq7y<8gIs9S9cY#B>-UDBWl}YC{@5)<-VU}4l zJG;(t|8ZaDaPGr6C{f9zU89Wy?+g^W4Rr65<7ullI;#JXR{?&P%?rONzZZyE{b z`=wvmAsVNx0JCDA*ctL?Fw#4cCeiAr1+U&@aaHkM_mR-F@#nXyNg0G=Vm7mWHT<)q zhNY$JI*(}VbVTh1gypZ=wmJPmU?0G+7R-$=i128} zKlr^DWJ*jqA3E(7E15JHSshUP2|*eqhu=IHoe>D;pCh+l@I(j_a2rg54KFlh&OfXs z31~u0d8PLpauNkJ7pr{G(T#b?6=GEiEJ)GBOi|P%m3->LSaD_`V#9GHCRc_dOEF?h z=P>d6*;|5=WG>8UC|+0&RjMQ+NbPaMoBV_^^af+Za7Dh!4e6RZU%vR6h{VqndwH(|-8GioO? z=p_HoK0csCKWp+(dkbr@?CNJ!qYqm=B2D2hBDb;U7mM6OH%7s4_%apZA|I4hwcaJ6eo1tdAsa&kVJ-At%t}#NUlE-#jEqXvN)Wv zGbDW2EwWxG0Db>KBC9(IC(h-KxeWV^NJSy`*kv$3QQlNR@bRyg>nm5};YZBC8^^#x zcNFAXc@|_UnAY@EkPpC>G{LP?qnxxpr1AYH>Sa`-ToW1#rk#>S=3@; zA6G&GX#d_kXVz1Yi5HrABIR&$c8>CH@xcD^%72R+2JgHZeWdNY@8h-))~It6-(jw^ zQ9mepPV$!n<_AM(?N)m&sSBIaw*}`k3we3l9e&pzH1G!WF_+2E3?88b3{DAtY*h^- zbLby23`PL7T52zYe9X)S0=;bAGU7ar2`NnSPq=&oyQ1Z9o(TG^Kobu8`g=^PPKYc5 z1BM-q$X{41)EisrNastwhU}yvFa2Bdo9p{bDcAbtlyPazNl;}s9%YIkYS`61$Snl< z3MQmZfMa^UDOs~;vpPX^Vs)AxO3cJLT)p@=xV{_LBbES9urJQEP>#I2JR_V^BcFO7 zR;v-9yIO z-^>=tlb01H_12frDgN>SO?l!-xxdlM{cWlkLK!WLFwE~F4Z2Qjosursj9~+*6_sV( z_VN^05}2dz5vu)0wNhqT4}L~v%)RmyJF@z0iWNq@N~g{}vMkQyyfK}hEe{PhsOS&$ zH{>o992O<1n~_y-F#Zr5pUkS$#I@Soams#c(4cn{y|8*!YGEc)^QG!YwKoIok1;m9 zQHGXhO|seed3VkSAXWuM^gnNOH$N`pa+RKvZj&n6VrSs$>_jJx{d*$bLM!~qiHW9p z{g);xMfZ`$t%U@O5OV3wqvYhI6hKgJk#futeSeA?SSP%A=V)yToS>V@{W56CN;=vS}V^zo`=r|1U^+{s{6*5tv&UG z@zZhF^Y6ol<+j z1oXTsHdnvL$Gsi=+S+!7A*L!HaT5z5`8a5Sf0e7SAk7?<7ptk(E`cc(o&fxp8L2S%#yClGq zFH!_)_w&5(^4In?I>R&5QKjkFB?|_VzUpvAG$xE*O%Y9!*Sqy%S?K(Zea8FQBMxOzmA8HyfCLjNld=AKD7Elf0jrSYw2f zE~3ck5V=Q>dtDBP19Ly;kvO>`yLfm`9Pa!ww%aC7up7*M`=BIjrDGkC2*%9y;R&5` z)7Z9|tM&O-zOu(nAVX?c-Co_hbE;hb%;Ibv*Cffr#tFPC+tj|3+?mGJpXKVzdxgr8rFGE8asa2$^mV?zZiFB2fPtUvsL%4&*zmc<+tA9+IN?ti*=_(Vk|w*IbheW5r3@H2PUi}s__y@ZwFpdzw3W!E zJ}jG2cfMxbcdg&8o8~S%c3(BR;nHVcZf<#-viP#N z<(n=eaoBArB+W$$ zQ90c4D}$$e5X{!K$!l1m#xcs!qfZjb@`sxJ=r&>ZXxqjwsGtt{w2W@+f+K3$4$M4l zWf&_EiL)A<#fPZneD*=crq|oxRmFft0%7r)f!5= z&nMN{7LsIlK#ko%LTVrTsgGKknRm&Jv`<9%i>ffaue&{8N;u=R`8M>c8!Fcer$k24 z6reZP&Xi#D@S5|V-t8rDREr%{Y&}|jQh2r~c(gnQgFc#Tzz;l|pDDW?jAaBRt& zAn1HGth3^T*NWkLJbSxldf`;)vPXRdR=B)ZybeT;DY9cEbDDb=G3vzcDZ53N#DcP& zyU-xIE9t@UL4J2ck0tJ}885i0XK_Vf-FMa~`V8sbDt*)~@G z0hp<_z>*y}_-Pxpr@ddku1s2W_TJn!qRc-Pr_Evqo&ydCmIF{qf}?q5Mf8F9AByKl z$c*(`k_^{6qC4ac#$sPrcHi;d7GEHOCbMFqV%S8xX{J@SEGX+nh6+%m+EWdE zjUh15rO9e>FA3$lR}Fk8~?=Qf}g z3?~dVS0L5O{pc56t;F!p=f(T^{ZdkOyHSjsg!9oBk}oNA*|S>QXJU-?@e(>qbr zTrX9T18n=-nhJCKT0{RreYPf_MihXVQ-^v3X6%nj$D_&5VY9rYs#MJp&k=9PIF4__ z0usu+s2b`7BD(ilSkG`aNe zUxE)14*CiCqoNNIZT~2m=F2w`TW)B$tr=1K;@9ZX`8OuMKfTVpk8-3OV1zb<00k?Q zDHwoW6Tp2fdiq0he}xM3+?O8)yW{p0D4nISFJ@c+0iJHywAR&{7A;34(TJ{LIp>+P zz8@91TU#b8kB|+M+hY%v#uo&2=g94o|3lz|t@+0m$|M`Ay27m=N7gI*5FRlE3{r@x z-KEo?Ba8hI`|ptH#Qa)f$~ky%6X#AdyI-0W$uhXB$g%QUx*&eye_-k1|AnPC{Y^j$ zE?bKuFSfTB0S>*r?nj`9Mx&26Puze~{AET^K0uf_-|&)3J0)}EbL20UP2#veedxj) zi@QJQEgYZT=lo?!RHngo%=+q*GwgzwbGv-Wn`ic5Mq%-oRJM-XIb)h(k~D zs9VA$5UjvpnO@RT&NRHp*-*3MRV+PGbUbR=RgCwgf-&H}MVf~ex%Yvy4Bn^YI4t|G zx#{`{qRg*$5ej&U2w(_cF|fcNy{$>D!dUPVu$-Saf6D^_RXt_Ri;X{*N{5BM(70P73{CnE;s0oVTEJ~)1D5Fud&;iUK0+c3iM zPc@OUKs=;}%u1So!nc?iZ$7cp_vWY+XgC=ZndF~ejnW&9LYvz5p!(9wc&pn+QxDhu z((X8`$i)afP9HE7E@C*Ag6AE^$C`dP3c@Mxq$o6I5h%l3{tpWykIN62w_D|!`&qD6 z!uE9rk8l$P>N@uVolWY!iJC5YP#j7ns=Hz`bkcvi(r29Cu9W!_EEYjF1e^?dKlu9i zYFqj0U^qZXvhmtfcW|V`lW1;d{X*Z#`s(w3Bjyag>E_cWQithZ#p9H2>%yDMZqYLE zWv4q%Fb-6l8OWN9Z6s4w;YV+1UlH#m)eLo6xx4P_V8ZH#s_+m@7IoLa9F07lZP~}) zs_R7c637oUST5>uDE^7cF5B`4uKqekA`Afz@>amJ6t!qi^_a9*YEr$#zc1j@15Q8o zsjs{vok@m?#8`M~1*5f2k3YM@^g#Rv(`B^Un$0)!M)GzQ7IO^I30THWmD?PBu#SB> zePAo{EZy2khHB3+162lpHSVmUT*$ZCV!E88R0gFrXheE~m^br&Jnx-OaW=fsMTp<$ zg0qR|o6Ms*hyv5W(vDK0SBGeQ3zdct8oSe4ZW~9IwQ2FIt!MXA)w$!G_tQt8?@V?> z=(z0vp;^Y4geji*o`V2Jmtv8r-)Mj%&WDz$`kE#QTT9}O-asbyaua(yYbMbKEjM*H zUy-$wP|;2P^CyGURI-F*yjffNh?q$ir_g@lPf#(P*si((#VTqYuOYgqMYdh-`ySf1z4XVS3R)JG%*9w%0nY`P4m&h9=eN34TCHs9)LDMe) z_pdVb_Hpa4)sqshkFiJHEcA_HONJ_a-Dg|pUCuoHLrOZJdHdrQOx91ysA;gvMYC%4 z?qMbmciHu>GTvH$@MN-}$Duk}TM-tn(>^|nqFbze`pObt_Kl<(LG&8L*m=Yr z2edY~?C{+}C2o~@8UjLNEDRS>_XAGZB?=QUyOrViClxT_qQeMGTj|Q5R6E4>_0ZsOzfk$d3soFdS3dQ`D#k&eH@<67DyqNQ_!u*=RS|= z+SOiH3|KJFLwZopX2H&47$uqtc+MkWi zfVA6hr@x)vrbs&08Bps|C~ZuM-RGV$B9z|mO5!<93_mcWNI+8bKT-^vqg^C+Q2Hk3a59;ZT3Xs$A%A}G>4UITV zizQ8KT8Yv-}-uz?oyZ%1HNn~nOnXD6XbWWe^=zDwCak|@w9$@K(CfK$g!9FVz6if@=xSY z;kXhFg$z+IAu!Qp?^C*8tY6prX~Cry-*+IZucTq~P@$8nnl8NavCH=5^JG-A?gP^QHQ&Ab0o}t2|^a z%qXjugueXOv)ChD#hdbZts?~f3m&i}4V)E%ZLL@=6>Fghh9AO0F84~^FCK`Jlt9Js zdLXXcQ@jFkmh1E^yX!FtqCk((j1@lkP-I|saJUy0x5EILXOW;Zb_@}E7``#vkKvrU zIA<|vV~!Ue)L=V;H+M-lk9&`4GbK?aj_3GOB}W_Mi@6>MudM^kAUqToSlK4c^nSef z8_iY5W3+R&|2#vyIf#KUKeb6fz;2>I zQ4eLbOd#q-Z*IW>NKxvIh}(LEs*yi;tJUgWyqU{uvFK2e-&5*YP*M@Oa;Q>dY+j`j z0*Cw1L4UjBYd_cFge#>*!A0$6=v9NcrRYi9V$WECq;od3l@h2(*5*dm`DdgtYkDfi zUjk)Gy*>WxE~LqUfb{k$2_j&$niqf~Otf33hM<>=oBzjMMTSR+s{ThvV(&>V!gLYEC8@VSg?pds7~H*sXN zRCRV28RRYH!9gXDt02ioRHw!NAi_b0r}w~01WRoO!QM&cR>@c(7=P*~kujS8^`B5w z26T%yek*H~n%Ur*0V##ciu^i&@jS08D)n;g(es+g>cM8Ea^^`D zhIO_2(QU)(cTgLoP%7LvOFP$xHSUCS+#5Q^>f3$aR$GC<3t(2z*O{Y9tj_eMojK|# z;yPb=lBz+^an^G~+jJfsEEj}Sfty$a1VuGR(BF5rOi_3E`HE1$yu|5vp4%^k*T8Jv z%@5c-Q!$M}?U!&Uc(@Nq3Ia#1r;mo)xAu)JZwgT~!yd{ZmsB>ry*)(Lxr+-Ws5e#= z*gHdPqjiqsYQ$gDP!h2pVd{@|?1PEN?s?FnyKNbJM&1$`x%hP2y<6SBdx%b_<=5HW z0`BV^x`KT3!k7C**88sEh*d;9(%?4*kd8T=aPN z;Ox?+=DWst=XVzs8Ca-)R2x?0YirX5XC?+E&PhS5X=KyAC0Y7C_a`(BuK8X!b7y#t zf1rruWnK4*F2J;ZQv4)|RtYN86xC2VCyS}8QSXfyLTzt@RD6xjH{~szox=709=-&F z&_2jeXUSM^&$(P$Uy4h_+n2QMi>?G*kWod!ilSf{{{t0;_$o)F$8jI1 zc0L|>^yh0#3wly|SjCy4#ZqgzW%_SlUobVvI(BaL6Por3}>JdHO z(5&q5&&JimUrj!cHXQ=PDjZVQ5{D4vzbE@6P`}?3-X+!expt0%>%}TjWqd|9mK~hx z9R!iS_Fo~xeV^cR4{fqDf5!w52nNZ|K4W~4HHNlNpr3};%=vTCW_#KuZQT_iVw~eK zh>@a$Ku=Yq0rOA4T$`r@$5!7zE~CY!qkhFz*(3<-%-1pYaIx5IwX(Ede>a zLCrP)vq39!Km%t^m+qMTyn0&tN3bUEt|p;qS9vwN07`= z`pYp0W!~*`Zs51-1o!>O+~1ppTI1#-k<0p`x1yK0k^jTlI|kVjMcbNX`;=|lwr$(C zt4^J=ZQHhO+qP|2*M0r^sk?7u|H>bGtz3~YV(*wU$NUC(ziA+MLgm{xqlA;JR|`TMNJrp`7A3UYEhb><1Hhwh>Iu->DeX*><-{T+5T+cPY%M7cIIQb~)!QhgQG2M} z>3Z-r+ksyLw}wZD6A-lagqc7SGT@CCb7kQRxaf^~_Ml7;*14IE&|P*{DbX@rOZ3SJ z*|@9Fzmo+t!D=%d#U82V7*#5R?ttHT47yyA;wNwTW@Y`6GT8J01R%Q&XZy;7`GE-j?vEa=uF`qqN+Al) zR1d^m-v=qcTYRsw>M#NcX=7_xV<>mXwn_#>(dM19yOlf73m}2vP#n!i#5lf}nZr(Y zZXCP2@2b!3U9xGLV=W491pEA@(lylwL~aqB>9=9)b#}UWl)5ZrGg(w_LNvm)Hc$P5 zI-@N^<(f#S8Bu`a|$ z{};0@t&D-KftiVoiLEoOkyDkbjNLjvLKo2;o;QqQV6P3Lo`l8_5jfRm>Bp<10_0Z76_GBl<6bx!$Kr|$%*;Hw~<~QpBD2p{Tt`dKg@|n8~ zhzAHXTCJ15yTxcK{^h`n~eO)rap}D|#ww`q0y+%jE7_pfSs{x*E5a1BI zs6Z`8u+65cbGTvYNoDXC!oMJI)HWWr9vE<$ul6{oMvodj4(Kbi|K)oqU*lKiJ>C9L zy>KUz@=3$N5_ddN7hPJFpJiM<+zhQbrX&F^_fmFliu`9T4WFUqw|?aBhe~U)@6dBc z@-IN$eW>~IV{$+R0O?G#q2@M9)JPA;E0GHEC~x>Q$;*x?yi=DEb1M2x+L5kwIy|4s zSi43$|#R-EL1*A1Jhl=;?br);6_r1MT zy!G!Y>fK^8hK|@NiuT_ju|>$DW90qsN+zy|YKAX~9t~eI%I&PbP zA=}_bhZ`L+DfQ5C!dK9^Zs8Z~>mnA2b##?Htj(=VXT*1*J1moJt!87$3YS*wxQ;j_ zlbd+FCGVBgi(YYyTalv6y^bZ*L-7e%I0riPOrP--mo-{R_(OyvtZuK2%7k6sp#0Cu zv~q4a&iYkkFCYMb!v9BQ{x=}>e?@XR(F*@kpzS>Vi#C-#>`k106*?g`DMLdmE-kBa zJ0(p!PB$$_HRm)&Eh$4gMpq6aOG7y!ElacPBtbJeRx>FxMKuRqMlDWrd{lmXqzK^e zKVO(RX&kiJIj;?x^0_%U$-VQLs2qx|3<(ivc8r06u1>y6iGFeGXb=jH0caxajIeJ` z2_tY{{Ce0&n!2Zm7_X41nHiUp0HkaT7grX<0lWro`^N7=A~XWd4+8K%KMR|^*^b3u z5*f2H;QwRX!2im`rWLZY`DH@?k4&61rw#VxpKX;dzTElhBp#zOZ{v0^rK2i#-uA8q z+0MAFw^-S$d1PZJ!8pwL`h&68e|p^5#GwHo6q3mcf<=U3V7RzGH@yR6c(ZH9m}D5^ zwhZr%r)GUPyl_aDW)AoC?BQey?1BmI%+L(uhKYO3AKx8Oi*o)J&y;-@+*01&vOhk1 zCM~A`uq6huPiOGYKgG|+2Zrp0$lD_hU^7VACR+Pa0y#?=*~5DfWSO7;Mg)}eO-_pb zIb#J9y*G{Emi$vsU;W+mrpHM9QA2g{--QhQdgD^b1F4!>nJK*tSqIPj{6cCil*_m8 z^e}leL@T^fq$q=|f-rrboCNE|~*nOoPDmC<2+AU(7-uLw4}pK;SM9h^agDth**}YS6 zSLK$%&lQz{1@E1~V7$17XK;;gIQMzwIrE=({PRnUQqHZ!CF#Hz{R1Qa!F-3nt=N^F zKWkwD`}l1N%oFeCK7>qIr~fI~md74U2@eNRAyd4aJJw7;qNF{m6k#F>Q{=FNfBgqK zDAD|K?~7of$4XuvcVU#oj?MUH${>X7%cfqkmU(aw{2ofWs^! zrShb9PCRp}Vy#hm%TPN~R6?tmz0z*jOc8~UD_#R`f11}~#RC00rzVla5_V>tH``q+ zZpWY6S*lj4$jsIh3E##F*zAHK<>INv-;P2Pwh;Bf15IGMpNjC_6lR!Y|2h{TBJIVA zD5Q&D9kK9a^_TA8;wtub4S6OAeSTqwyk{7aKy9TLo(Ek2osLJh?4Qx{rrSFy_RmWx zc3uKU$c25^oA$?HG(QCv6nvPZPnG(?;R~%P3-OS{{)`62!)F+ql*Z?rQqDMgegRE8oVUL&qq!cI7fWQ+w#)BDvg=Nl6Lrv2f@S-cKK`#tP*B|3KyDhpF3S*rN z;F$xX$DPf0s(7^ldzd%wwCDD8b)wS`J-)wrk%{zTft`YB5w8LrMiK+8XBTGN&K6dm z-MY4`rh5H@{OpEg2~R6wGwb#*QfxZ6^9{*j59VWxm!5rB19_H=0W>@An#x_~ZQy(D zSrQED8FDXpY2lBb+T0HgSsyz<5@XmIxU&bAeAUaWIcpkst1ccXY zG{nvxh>nm_pui9!?&;y*)YM#VU6GuES6-k!^gu(^;h3HPB!oSL0e7j*kB&o-WIEOs zUXA;d7MXM=8wj2amOVg=x~1#2auxY?W^y`WXjL#WC4&@|YUpG2ZJi(BK*^R+rJ{3+ z%{H&5_haN0xAxcNOTYNVv-=q$$ zgJ99yRwD>v){RMPs0Ec3vic5&+rpftc;$&Zl|Frn?#!L*1v!3FRMAlG5Vkx^ScxR{ zX%jUO_kXN!O`yt0v3I+i=^S;qO2b3?eEOHbK>mh2zC&UI%F|YI3WA59;@DL(LvD=P zY~kuEU!&Y0`|lts1(lkr8?Q9eJ1xFvZ_ZBFnTej(qi;If$|TEL-PD0e;s~J2X{r zV?yf%yqsq+5SRoSZ)K+5c|U|w9tJcf{ldEZsE0kwM$sR4j%?JHA(f?7O7R#Mg&(!T zG^q2Q6Eal|X;+v4z`Ig4#+MfR@0fM(2y+q3Vx+Rm0$#2!w`7)LN{TkjpGkqG%ByM= zbKOowA%|a`u+GXGHJ%pcBQ(X$?=^`j$HF|CPm!ZjSyp6<>ZGFD9fFJZposWzgpBh* zi_m_Y!=9Rck&k6P5kB~ zC@-O~0Zq)f-hD|p|4HBfSWYMNt{!`)T&k=iVY@2Ggh_pto3y0*C^;V1SMo`-?AYV{ zP~_7ODZ}Mu5m-$RS{p;dlWX8_KLb|Oa08%hcL(YXm541%P0Jl|<;?O?Ce=E%W>HXA z9mh^w-w;twQku8WDppRPDN^2b!AbbZy~|fT#WRP!Vdyhb256IpnKA(}ZSLnNwq|ha zcT7c-l>&*gA@HX=6xUqkleRUr*O;=iCyL3cDR*@;wxUeBxk)p*8w{WXLjp`nTgfnS zZC-QUXFX3+t{KU(b15tT+h(9C*Rci%BeKRl@15&Jyo>V!fUp1_mBa5uby>>v*dRKGLn7)V!j(2!quXOEz?8RcaA(=Heb!0f95 z#5-3G7aq7mERvXDi`gtShTWgL76I;ZH>~XSJYK#o4~-f&uV~E&7hDnscG6{=?5KO- zCgV-}umlMN4-8xzv=mf50D2)P7&{xz*Im$j-f!tFY1%WTGKD7`boRm2!ZijFrSm$SAMToF}lnZe?AQyqYEb$`#cdN6$v#4Z~x`!onpbbiVObIA?hq zeKtVOES;EBV6jw`u}b{S44(Ne_6~vs43dTt@7MdIy$JU z$i>N6RZwN|HdWO}^w@I{`Qeht?jUC;g2RZNTT4HrN^9^d19VItRw{h#Ta)j?N$I-+ zY=--l1Q2S{KrhGB{ti-AD)`t*MlPvU zb#lM=QNwe0h!5P;D2xnwrfzz9Tf6RzANTDnKhkbaMX#MvF>ed$K* z6upZaM1c;m7R}*f8+{F_kXS%WnTn?4p1&)!j+AI0((>F9lbj*IdRIt8eiR%Why&UO z%t|RY+ScXS{H57!)&z1G5aatx*$=vn#_s-`-W@IRSQk5r(1jWhiEd3Zzwl>~VVbkq zQmp#>sQA#SvVW&twJ>h+_9FbfB|CeX^1TjKpv0Ixn@AAu(y5Qs>GXGYeC^?eO*Aq+ z7+U!KGXz*PVbz#rt!m^N6%GD4M8dX5R6lBE({gE@j|PYi7XJ+eX5v}Z=~R)+&P5Yg zxkw0}kS{Z;7HVFQzCCir-6r1Z2B{z)$f=3ZGR5i9A9WVBKtps9b)LW#LNCby^~OSQ zd((3TxwWLfVp==}ELCdcwS>RAtcg{m@&MfjaaM)B&2S{#-t`sw%eu-v=`_n*qqaK? zYI2G7*7`wzS@|eEpgDHdh~u=V>6S%wrpjwcUt8nReVF0Sedr<`hF5O)q=@%B}%_3e@&9cv>yjMfvWf-BU@ZOo}#}xP+lgfXclv`iUp=gj>ZMzN)Z}YgKtF| z-ECC+M4i>Kn)6LGV!&9AnqybQRQA4hCe{zLjecIeatqSrBe}eL7;qk%o_i#|Ch4hc|?nxdB z$9q_j5~wMEC>@GMLmf)TUn%^UtylLe;QdF@s^ZMoR9jb{ul&#*ViRD-M_G)sxP3wn zCnQK7THp*&qdT$6k^eqz9#}vwa@ za681cO$c{UO*Co5TMQIQkB%2;?DwM`$RDM7zFIyTi3D9JaTKUwemb>vAzgHL3zpkh z%ifjxo!v=*cfTj)N-Bkc^NUh?x=wv&M*z$Td z#$02gMorh$ZzVG zbx3a8cqFNgmqAoGt8wbdSv((HKC6jo+lsNJ9IW!@1?%?Z2~|~!6PmGPX(If#-NN^V z>c-!X=O}-Ztkvw1im1>P&>PBAL827qh@tYWyYgWj9Kl(?trH`eHZ}VW!Q3jfBbki@ z^(ekr)IsFwYs4zz%bUt!?P?`Vge4S2g=lgfPwS}kBv0l|l%~)u4OE3$_S^h)Fe<8q z4a$NmCBdwT{lbETQGyF^ouCcFFsoUu=GwQp9`|Hb*qgvn27Cx(^m5HJHnnQGi0dSY ztJ5g^lTy~bMo%Ch-@rc{wYfCh5^EfA4lL050N6_y%5Z6E=5EHvT^1wc9YhKwwdxQ2 zQO#`?h-Y8~VZ1Zp!r#H^gVNxrt@+E3F`v$U@chk@cS^jtI=n9JNFa8i&VP%Q_`Ps7y{?qEtKDF_o zB$-|BF|T{LlF=pJGNOyt2DuEk=46pb6 z`0mG85sKT~T|kH4u#>bmip$kz(?MMh>INDM)29HAkHqtKH-eYpMB(qcJW6`nW^dAI zU-)V0Mi!k;aNLhEQW4yM6mZ39=Mz_K`BU{?N5fI?kop$kM=&6`Bfntr=?fp3QehyEs-K(F+mai1PuR14p@B594JGgDU9_)kf z?dxrqpCjJyvY&@<^Tn5cxHoz|pOAWbKPB*P&f(!0PD^g~;lfljB>jLj+p$@3yij|O z*4a3+*6I)6jxMg$*|D9pHVm`xfLUHSd+H{=cHNJ-^4QV#jI$5^p150{b2796z>N}g zJI{=rEbQ1(`WH*4|I|1dpIf`2`f;y5`1F1*Z=SzW0A_cdUp}^9OBDX?Jov1Se4E?Z zy^Nd?TBkIlo2P-0AC`nxzG`raL;Ug5e=@C51+5rw5|#J;&bt{vNqVYf^W8+brp=}G zc)g>}&p4Ogqtd_;Nv=uGpLC&os1Jw#qLh0nW*7rX(Rn6bgLD|f2q7l=w?LvbtjaWD zf5xBW^w+mw)kD>jzJqy9+LP?e^J2f9vzZEsHaEAA^h^`?6QSS&f1Z>5LFWuef_N*L zRu#c!EBZdzHAV6<%t6ZqCEv5MLP{m3oNY|#H*NfGf8Gw0{q-{0rhQ2`diS9T?e84G zyqc33EgfK~=3*X>aR5gm|8@n>8&x!y4$L0F^nYC`FY zZfgNhu!1Y5Zum8Whd8ea3WK17`9HH<@h3w9zpgLPEM-CImLZ(0HySbL&efn{CSKO4 z8akJBDnh@+U3V!f`a)Zm;e6V!%wM)qJw@_P)v1pnu%c9n)kW24ZF2+M1dScqm+XOU z$u?2OO`+dn*Ctg+MQk}W++=WiSAvJzOy^S2s%}W$M%9Iu==k^~-)hRc0QUkbs~&)N zuLcf{Bwfr|S(Jr`;y~^;d!?5YpZcbp-cJ)WT|%xI(C!5I%ui&&`e{yl_=O(c(<+JB z*=0L{QQ@Gz#N=Cx0K4S~2@R+HaT7QGp+ZoCU~K_j2b2XtH=k|fzoHe@PFAO8lgI6p zL4g=!pVNw2eblJ>@;2Z7L#PQfjU??eF&LnLDEUqBI;ozxSN%5BR(>m$RMFjgxU-+tL5i|q78ilmQ7z7Pvz+O*kzJA3uFVT}gK2q=xl z>j=^M8_a+ZWew@8fMM6?Z?9vjf7qS?u$*-}B$ARtiy(7>6Su)Jp6GxwX}Us(?0amH z8zikqM}x<@#E@!VO240#J1WR0ynIyCY4MoJsX2vIHJ$NAq0-NU_6zE#+Jp2tlKc`K zSW-M1<&Fj4{nC{wxAP`AB!|w)JCP!`!JsE_t*a`Ff}kp;l^VJ%PTyXWZ3|~-8xW1N z6x9}Y`(eopO&pVW5w=qe|E5Mjn5n2)OcV}z>P z<3=e=zZP2pZn}v}{{mb_VhtPnq7%c1;Z4~4(G%Y5dBkl23$`6kgC@O3#kT*)zy_@C zrDe}AHLcJigpBVn$BF72nk08TM?sKNrJAa;mJRh(GrkjrhmsLf$YQA4OT z0Nqi4!JpNC7k!fznrRf{_V;4#joNw)H^*?F8iHa#h&yO-m?w}dj|cmw4}{7yMTaD^ z4c{8;+EzoFH?7|P{KR3Mt6Z1RlWV8WpLBV1H#LE^7RhHG2T;CmkPiI*iqA;Ex14Dq z7&f!`2li1s9U99^HO6fz`6{+BN-Jc4|4-n6gNDk(04!g6A@n0cMB}T-o#D{ zIUbp1nI%7E;QC3NDN<%pW!qLhDr6XLziS8-Wkg)I6-VIjjGGfJuf%$)(K8w7@+Lnk#n1iL0Rx(v_Uw~3malpBiF3^B9u*?|maNCYXy)JOEB zA8uCnPfpcmr4xzrwyB-~-SoV092ZnXX*$yRsHh~8c}e+}`6`f^8ES>eN5mo{=RgCc zrR#WcMz-Y4Z`(lXuuraA>~J$fcerwcVmY1)yD%jL#C%^Sf&)!n7GGL3ZRpJppGibK z395sErnMof6Rk{OhSBwc5jo?* zV^k!2XMs&}fJ^h+7);fK8Md-u&blluVLGzcU{0d^fL@|Aq~Q^m9Kg9v#dGNQpDRCt zUG{H&^<5;4vlJkc2Q4M0DJ}*)qE9E5YeMHYo0Xh^D34N1bmf_rhjWP0ts=2ufziw* zuP7jnBm#i-5y9Nv-i`IF<-d$E#0)T`bXhG!1$H3#Ge$8Nji?0-(Z^Bzq&l(&P2S`@ z`1s9FK|g!RrvXqyOwKT>!0W*)fgvyfe!aEBWt>|mgSUHdG7Iyg1`_d++RW40y=41i zCTWh%1pJ`4;cMTf%u7FI@V#0=5UJid^(2|8Hx)ab3l1+}6SsNt1(A*@kO626!E_Sw z0wZO&f7&qRzcfJQyx9k_CrgD|-KPGh^EUvm;hQjR5<2S_1S$R*^`xmM-4TaSo`EsH zx5YPDq7Hz+sEHNJWz>ok;h4SwjUao>Kxs^!isd>XKS=b>Dix&> zz?Z9ff-#(~Oqk={)%Lc{TuL{`oL->Dkn66%Zo&}BvOut$Q(%uNLU$hh$>SB7g}5cIo5gG7$H;kd$?Vqz17y zu?+@jDtUP*K>zFOsQHpAd=2FDgPYG^vY-R0jhzcOzu6dZ^bF5s`mJx{s%6s)d{|*_ zqlJSaY9;Q|i0Fca$#}97ph@snvD13IW+2`yC1x^j6+qalC&Q*?~$A{8+H8j8AVxh