From bbde9214aabb3efc5b4f05be2c03dbff8ac714a2 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 5 Nov 2017 15:52:47 -0600 Subject: [PATCH 01/68] initial commit --- .env | 3 + .gitignore | 3 + 0-startup-conjur.sh | 100 +++ 1-setup-containers.sh | 54 ++ 2-shutdown-containers.sh | 7 + 3-shutdown-all.sh | 3 + README.md | 48 ++ apikey_rotator.sh | 11 + audit_policy.sh | 16 + build/.DS_Store | Bin 0 -> 6148 bytes build/conjurcli/Dockerfile | 13 + build/ldap/Dockerfile | 1 + build/splunk/Dockerfile | 1 + build/vm/Dockerfile | 8 + build/vm/write_id_files.sh | 65 ++ build/webapp/Dockerfile | 7 + build/webapp/webapp1.sh | 60 ++ dbpassword_rotator.sh | 9 + docker-compose.yml | 111 +++ etc/_conjur-init.sh | 7 + etc/_demo-init.sh | 46 ++ etc/conjur.conf | 5 + etc/conjur.pem | 42 ++ etc/install-dependencies.sh | 16 + etc/template.identity | 4 + ldap/0-setup-ldap.sh | 33 + ldap/1-ldap-sync.sh | 5 + ldap/ldap-bootstrap.ldif | 819 +++++++++++++++++++++++ ldap/ldap-sync-config.yml | 21 + load_policy.sh | 8 + splunk/0-setup-splunk.sh | 7 + ssh/0-setup-ssh.sh | 60 ++ ssh/1_create_key_for_user.sh | 11 + ssh/2_test_fetch_userkey_from_host.sh | 10 + ssh/3_ssh_user_to_host.sh | 11 + ssh/4_roles_with_resource_permissions.sh | 9 + ssh/5_review_activity_on_resource.sh | 9 + ssh/load_policy.sh | 8 + ssh/rack.yml | 3 + ssh/ssh-mgmt.yml | 17 + users-policy.yml | 13 + watch_container_log.sh | 2 + webapp1-policy.yml | 15 + 43 files changed, 1701 insertions(+) create mode 100644 .env create mode 100644 .gitignore create mode 100755 0-startup-conjur.sh create mode 100755 1-setup-containers.sh create mode 100755 2-shutdown-containers.sh create mode 100755 3-shutdown-all.sh create mode 100644 README.md create mode 100755 apikey_rotator.sh create mode 100755 audit_policy.sh create mode 100644 build/.DS_Store create mode 100644 build/conjurcli/Dockerfile create mode 100644 build/ldap/Dockerfile create mode 100644 build/splunk/Dockerfile create mode 100644 build/vm/Dockerfile create mode 100755 build/vm/write_id_files.sh create mode 100644 build/webapp/Dockerfile create mode 100644 build/webapp/webapp1.sh create mode 100755 dbpassword_rotator.sh create mode 100644 docker-compose.yml create mode 100755 etc/_conjur-init.sh create mode 100755 etc/_demo-init.sh create mode 100644 etc/conjur.conf create mode 100644 etc/conjur.pem create mode 100755 etc/install-dependencies.sh create mode 100644 etc/template.identity create mode 100755 ldap/0-setup-ldap.sh create mode 100755 ldap/1-ldap-sync.sh create mode 100644 ldap/ldap-bootstrap.ldif create mode 100644 ldap/ldap-sync-config.yml create mode 100755 load_policy.sh create mode 100755 splunk/0-setup-splunk.sh create mode 100755 ssh/0-setup-ssh.sh create mode 100755 ssh/1_create_key_for_user.sh create mode 100755 ssh/2_test_fetch_userkey_from_host.sh create mode 100755 ssh/3_ssh_user_to_host.sh create mode 100755 ssh/4_roles_with_resource_permissions.sh create mode 100755 ssh/5_review_activity_on_resource.sh create mode 100755 ssh/load_policy.sh create mode 100644 ssh/rack.yml create mode 100644 ssh/ssh-mgmt.yml create mode 100644 users-policy.yml create mode 100755 watch_container_log.sh create mode 100644 webapp1-policy.yml diff --git a/.env b/.env new file mode 100644 index 0000000..2637ab6 --- /dev/null +++ b/.env @@ -0,0 +1,3 @@ +APP_HOSTNAME=webapp1%2Ftomcat_host +VAR_ID=webapp1%2Fdatabase_password +SLEEP_TIME=10 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d89190b --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +log/* +ldap/ldap-sync.yml +ssh/id* diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh new file mode 100755 index 0000000..89a7929 --- /dev/null +++ b/0-startup-conjur.sh @@ -0,0 +1,100 @@ +#!/bin/bash -e +set -o pipefail + +CONJUR_ADMIN_PWD=Cyberark1 + +main() { + all_down # bring down anything still running + + conjur_up + cli_up + docker-compose up -d scope # weave scope + + docker-compose build ldap # trigger image pull + docker-compose build splunk # trigger image pull + + # initialize "scalability" demo + docker-compose exec cli "/src/etc/_demo-init.sh" + + clear + echo + echo "Demo environment ready!" + echo "The Conjur service is running as hostname: $CONJUR_HOSTNAME" + echo +} + +all_down() { + echo "-----" + echo "Bringng down all running services & deleting dangling volumes" + docker-compose down --remove-orphans + dangling_vols=$(docker volume ls -qf dangling=true) + if [[ "$dangling_vols" != "" ]]; then + docker rm $dangling_vols + fi +} + +conjur_up() { + echo "-----" + echo "Bringing up Conjur" + docker-compose up -d conjur + + CONJUR_CONT_ID=$(docker-compose ps -q conjur) + CONJUR_HOSTNAME=$(docker inspect --format '{{ .Config.Hostname }}' $CONJUR_CONT_ID) + + echo "-----" + echo "Initializing Conjur" + runInConjur /src/etc/_conjur-init.sh + + echo "-----" + echo "Get certificate from Conjur" + rm -f ./etc/conjur.pem + docker cp -L $CONJUR_CONT_ID:/opt/conjur/etc/ssl/conjur.pem ./etc/conjur.pem + + echo "---- Update hosts file with $CONJUR_HOSTNAME" + grep -v $CONJUR_HOSTNAME /etc/hosts > /tmp/foo + echo -e 127.0.0.1 '\t' $CONJUR_HOSTNAME >> /tmp/foo + sudo mv /tmp/foo /etc/hosts +} + +cli_up() { + echo "-----" + echo "Bring up CLI client" + docker-compose up -d cli + + CLI_CONT_ID=$(docker-compose ps -q cli) + + echo "-----" + echo "Copy Conjur config and certificate to CLI" + docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/etc/conjur.conf + docker cp -L ./etc/conjur.pem $CLI_CONT_ID:/etc/conjur.pem + docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/data/conjur.conf + docker cp -L ./etc/conjur.pem $CLI_CONT_ID:/data/conjur.pem + runIncli conjur authn login -u admin -p $CONJUR_ADMIN_PWD + runIncli conjur bootstrap -q +} + +runInConjur() { + docker-compose exec -T conjur "$@" +} + +runIncli() { + docker-compose exec -T cli "$@" +} + +wait_for_conjur() { + docker-compose exec -T conjur bash -c 'while ! curl -sI localhost > /dev/null; do sleep 1; done' +} + +updatehostsfile() { + local containername="$1" + local tmpfile=/tmp/${1}.tmp + + conthostname=$(docker inspect --format '{{ .Config.Hostname }}' $containername) + echo "---- Update hosts file for $conthostname" + grep -v $conthostname /etc/hosts > $tmpfile + echo -e 127.0.0.1 '\t' $conthostname >> $tmpfile + sudo mv $tmpfile /etc/hosts +} + +main "$@" + diff --git a/1-setup-containers.sh b/1-setup-containers.sh new file mode 100755 index 0000000..62e8665 --- /dev/null +++ b/1-setup-containers.sh @@ -0,0 +1,54 @@ +#!/bin/bash -e +set -o pipefail + +APP_HOSTNAME="webapp1/tomcat_host" +VAR_ID="webapp1/database_password" + +################ MAIN ################ +# $1 = number of containers to create +# $2 = Sleep time in seconds between each secrets fetch +main() { + if [[ $# -ne 2 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 + fi + + local NUM_CONTS=$1; shift + local SLEEP_TIME=$1; shift + + rm .env + # login in cli container as devops admin + docker-compose exec -T cli conjur authn login -u bob -p foo + + # rotate API key + # write new key to nondescript file in shared volume + api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $APP_HOSTNAME) + echo $api_key > local_foo + docker cp local_foo $(docker-compose ps -q cli):/data/foo + rm local_foo + + urlify $APP_HOSTNAME + APP_HOSTNAME=$URLIFIED + urlify $VAR_ID + VAR_ID=$URLIFIED + + echo "APP_HOSTNAME=$APP_HOSTNAME" > .env + echo "VAR_ID=$VAR_ID" >> .env + echo "SLEEP_TIME=$SLEEP_TIME" >> .env + docker-compose up -d --scale webapp=$NUM_CONTS webapp + docker-compose exec -T cli rm /data/foo +} + + +# URLIFY - converts '/' and ':' in input string to hex equivalents +# in: $1 - string to convert +# out: URLIFIED - converted string in global variable +urlify() { + local str=$1; shift + str=$(echo $str | sed 's= =%20=g') + str=$(echo $str | sed 's=/=%2F=g') + str=$(echo $str | sed 's=:=%3A=g') + URLIFIED=$str +} + +main "$@" diff --git a/2-shutdown-containers.sh b/2-shutdown-containers.sh new file mode 100755 index 0000000..8a3440f --- /dev/null +++ b/2-shutdown-containers.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e +docker-compose rm -svf webapp +docker-compose rm -svf ldap +docker-compose rm -svf vm +docker-compose rm -svf splunk +docker volume rm $(docker volume ls -qf dangling=true) + diff --git a/3-shutdown-all.sh b/3-shutdown-all.sh new file mode 100755 index 0000000..6bd3af9 --- /dev/null +++ b/3-shutdown-all.sh @@ -0,0 +1,3 @@ +#!/bin/bash -e +docker-compose down -v + diff --git a/README.md b/README.md new file mode 100644 index 0000000..fed57a1 --- /dev/null +++ b/README.md @@ -0,0 +1,48 @@ +# scalability-compose + +Goal: A self-contained implementation of a simple Conjur application for demonstration in docker-compose and serve as a reference model for best practices. + +NOTE: This demo uses a single identity for all instances of the application. This is best practice as it is scalable to potentially thousands of instances, whereas use of the Host Factory token is not. + +Scenario: Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. + +Dependencies: + - docker & docker-compose - install-dependencies.sh installs these + - internet access for initial run, can run air gapped after + +Demo files: + - 0-startup-conjur.sh - takes no arguments - initialize demo environment: + - startups up Conjur, Conjur client CLI and Weave Scope containers + - Loads users-policy.yml and sets all user passwords to “foo” + - loads demo policies and sets secret values to the secret name prefixed with “ThisIsThe" + - 1-setup-containers.sh - takes two arguments (see demo scenario below) - starts up client application containers that fetch secrets from Conjur. + - 2-shutdown-containers.sh - takes no arguments - shuts down all client application containers. + - _conjur_init.sh - Conjur initialization script run from CLI container. + - _demo_init.sh - demo initialization script run from CLI container. + - docker-compose.yml - file that drives all container builds and configurations. + - .env - file of environment variables for client application containers, referenced from docker-compose.yml, dynamically created by 1-setup-containers.sh + - load_policy.sh - loads a supplied policy file + - audit_policy.sh - compares a supplied policy file against current Conjur state, reports any deviations. + - watch_container_log.sh - takes no arguments - runs tail on container #1 script logfile to monitor fetch activity + - dbpassword_rotator.sh - sets the database password to a random hex value every 5 seconds + - apikey_rotator.sh - rotates the API key once. + + Build directories - all builds are triggered from docker-compose.yml (i.e. no build scripts): + - build/webapp: + - Dockerfile - defines Alpine images w/ bash and curl + - webapp1.sh - script loaded into image as entry point when container is started. It is resilient to API key rotation. + - build/conjurcli: + - Dockerfile - build parameters for rich Conjur CLI client container + +Demo scenario: + - run 0-startup-conjur.sh. REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY. When complete demo environment is ready. + - run 1-setup_containers.sh w/ 2 args - REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY: + - number of containers to create + - number seconds for each container client to sleep betwixt secrets fetches +] - run watch_container_log.sh on one of the containers (containers named cont-1 to cont-n) + - OR run weave scope (https://www.weave.works/oss/scope/), click into a container and 'tail -f cc.log' + - change secret in UI - watch it change in watched log + - audit_policy to show how we can see if current state is compliant with policy doc, change "permit" to "deny" for tomcat_hosts permissions, re-run audit_policy to show how to detect non-compliance + - change "permit" to "deny" in policy file, reload policy and show how none of the containers can fetch secrets + - 2-shutdown-containers.sh - brings down all webapp containers. + - docker-compose down - brings down all containers incl. conjur, cli & scope. diff --git a/apikey_rotator.sh b/apikey_rotator.sh new file mode 100755 index 0000000..622fd37 --- /dev/null +++ b/apikey_rotator.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e +set -o pipefail + +APP_HOSTNAME=webapp1/tomcat_host + + # rotate API key + # write new key to nondescript file in shared volume +api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $APP_HOSTNAME) +echo $api_key > local_foo +docker cp local_foo $(docker-compose ps -q cli):/data/foo +rm local_foo diff --git a/audit_policy.sh b/audit_policy.sh new file mode 100755 index 0000000..17960ac --- /dev/null +++ b/audit_policy.sh @@ -0,0 +1,16 @@ +#!/bin/bash -e +if [[ -z $1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 +fi +POLICY_FILE=$1 +NULL_RESULT="--- []" +RESULT=$(docker-compose exec -T cli conjur policy load --as-group security_admin --dry-run /src/$POLICY_FILE) +if [ "$RESULT" = "$NULL_RESULT" ]; then + printf "\nCurrent state IS COMPLIANT with policy in %s.\n\n" $POLICY_FILE +else + printf "\nCurrent state is NOT COMPLIANT with policy in %s.\n" $POLICY_FILE + printf "Deviations in policy file from current state are:\n" + echo $RESULT +fi + diff --git a/build/.DS_Store b/build/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..0b73885d6fdb5aaab98fe8e3c230ab4cb24e0603 GIT binary patch literal 6148 zcmeHKJ5EC}5S)b+K{P2TeFbh{Md1Wo0Fg9_p7JD6`d4u-j>hb#AbQXxO*AX5$6oK) z@)U310@7;iWrg3Gfw!x76bOX&sp~00p~uDGvbKDZ~k_8 zAIHJBWl}&2NC7Dz1*E_Q6{zC6e7xY9I!X#if!k2PzYmS>*bAq`_;hfH7J#^5IE?e? zC5X)f#9lZhGD5SY5|e7xVp!4{ZNQd=AjZ#1goGWmj z%azyv7y3W_|2au3DIf)IN&#DJUN>t#scP%&ab9a1{f+K9-*h+5gTf)oF)_+97haB^ cA}RBl&$-_Vr^KK$9(1C923!}J6u7nmKP5U9sQ>@~ literal 0 HcmV?d00001 diff --git a/build/conjurcli/Dockerfile b/build/conjurcli/Dockerfile new file mode 100644 index 0000000..bd12eaa --- /dev/null +++ b/build/conjurcli/Dockerfile @@ -0,0 +1,13 @@ +FROM centos:7 +RUN yum -y install systemd openssh openssh-clients openssh-server iproute net-tools dmidecode tar which pciutils rsyslog tar sudo vim wget curl crontabs; \ + yum upgrade -y && \ + yum clean all; +RUN curl -LO https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 +RUN chmod a+x jq-linux64 +RUN mv jq-linux64 /usr/local/bin/jq + +RUN echo 'root:Cyberark1' | chpasswd +VOLUME [ “/sys/fs/cgroup” ] +ENTRYPOINT ["/usr/sbin/init"] +RUN wget https://github.com/cyberark/conjur-cli/releases/download/v5.4.0/conjur-5.4.0-1.el6.x86_64.rpm +RUN yum -y install conjur-5.4.0-1.el6.x86_64.rpm diff --git a/build/ldap/Dockerfile b/build/ldap/Dockerfile new file mode 100644 index 0000000..8af5a33 --- /dev/null +++ b/build/ldap/Dockerfile @@ -0,0 +1 @@ +from osixia/openldap:1.1.7 diff --git a/build/splunk/Dockerfile b/build/splunk/Dockerfile new file mode 100644 index 0000000..e055d6b --- /dev/null +++ b/build/splunk/Dockerfile @@ -0,0 +1 @@ +from splunk/splunk diff --git a/build/vm/Dockerfile b/build/vm/Dockerfile new file mode 100644 index 0000000..6c354c7 --- /dev/null +++ b/build/vm/Dockerfile @@ -0,0 +1,8 @@ +FROM ubuntu:14.04 +RUN apt-get update -y; \ + apt-get install -y curl openssh-server; \ + apt-get autoclean +COPY write_id_files.sh /root +RUN /root/write_id_files.sh && curl -L https://www.opscode.com/chef/install.sh | sudo -n bash +RUN sudo -n chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur +ENTRYPOINT service ssh restart && sleep infinity diff --git a/build/vm/write_id_files.sh b/build/vm/write_id_files.sh new file mode 100755 index 0000000..440246a --- /dev/null +++ b/build/vm/write_id_files.sh @@ -0,0 +1,65 @@ +#!/bin/sh +set -e + +# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below. + +sudo -n tee /etc/conjur.conf > /dev/null << EOF +account: dev +appliance_url: https://conjur/api +cert_file: /etc/conjur-dev.pem +netrc_path: /etc/conjur.identity +plugins: [] +EOF + +sudo -n tee /etc/conjur-dev.pem > /dev/null << EOF +-----BEGIN CERTIFICATE----- +MIIDVjCCAj6gAwIBAgIUTiPoWhMGsxJR06lQR+j85YngHmQwDQYJKoZIhvcNAQEL +BQAwQjEMMAoGA1UEChMDZGV2MRIwEAYDVQQLEwlDb25qdXIgQ0ExHjAcBgNVBAMT +FWNvbmp1ci5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDMxOTEyMDNaFw0yNzExMDEx +OTEyMDNaMCAxHjAcBgNVBAMMFWNvbmp1ci5jeWJlcmFyay5sb2NhbDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOu6YXmLbIebA3/Yn1Fe8l8WM7p9fNy3 +NmZ0QEKKsgP7/GfDcMZenmznNccw9mCT7dgIeda7UlIObqJTYnpgw2ZHd/lkkUaZ +LdeqpGwIFqKJCMd3oW+J29fKlg1lXVqt3p0uWvAPagolOMY5atJP/GbfhdSdUvf6 +n2n55V8ni8JpWXRgBCqOfMZFcndLVrXVfcbfRIIT+n6JlP6fF16UGiBSp8szAjfY +ZRXx7euvzTDnxIPwUvZKCqkaqWITfwnQbREMNLr2QGTRiQLg0Q4mdYHbQN3BKcWP +xYGxjuUNEGI5iznBDOaSVRaJeK7Of1dmydX43YoL0LVDVkJbwIhRJ7kCAwEAAaNm +MGQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTaOaPuXmtLDTJVv++VYBiQr9gH +CTAzBgNVHREELDAqghVjb25qdXIuY3liZXJhcmsubG9jYWyCCWxvY2FsaG9zdIIG +Y29uanVyMA0GCSqGSIb3DQEBCwUAA4IBAQBSzpekwAMp6AwBpveZ3eZb7c3iI+Ct +eXYvs5cnoeuHSaHGHDhrCfMiLC7680PbniL/nhcC+YkfeLLF0SR0eiUumGenojVj +SGoVSCe3S5ZwpPGU1GUHOUMsp7dyo41T4GAuTL3dGMLivoED39s6+ya+TiBZ2uqA +sQo2kLzmON2tajuZ57/MC7l3WyJCU2lEeV7RBNpZ3LpSmi0+j8euOwAc8zuj0Pw/ +EK1Hpy93UccyJA8odD8AzYqlw5WnvGqiKVaHO0nRTClxGDpj4ee60vDeJuyooEdf +sCDdrbXCpGIbPT+0iruqphF5dJNqgIWo7xh1l54thTfgSxwXz92Glrhs +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDmzCCAoOgAwIBAgIJALglrXb4SDUiMA0GCSqGSIb3DQEBCwUAMEIxDDAKBgNV +BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQDExVjb25qdXIuY3li +ZXJhcmsubG9jYWwwHhcNMTcxMTAzMTkxMjAxWhcNMjcxMTAxMTkxMjAxWjBCMQww +CgYDVQQKEwNkZXYxEjAQBgNVBAsTCUNvbmp1ciBDQTEeMBwGA1UEAxMVY29uanVy +LmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +wFt5H70OQ3KXlsEUlg9MPKzX6fxo/2ilxzQ8cP2f+JI6is+uLk0mAQt4iDthCOix +bt71h6+zGtTVy/bMq+TPCOBbbt3IWGJqG7azYvZLW1wp/6CGnUAyJZ370Wlene+O +b8shpWknpXNbArsjOk4PQgYhuYcr+MVZOkbJmZSN2YCuFcMnO1nKDrs1u3iFOwao +Vz+eSFylgzXhD+fs3XnpNk3ELVF0L36dFdoJX662A+AQsPWcf5EFk0e0Wyx5R5CM +PqAPulYZpy894CesfNNci+UYaKeIK7ouMCXCEjqZkhE71NleXNDa4fFkERWVUN0k +hkSuYBWEKyudQ0mWlypKPQIDAQABo4GTMIGQMDMGA1UdEQQsMCqCFWNvbmp1ci5j +eWJlcmFyay5sb2NhbIIJbG9jYWxob3N0ggZjb25qdXIwHQYDVR0OBBYEFD8aC/Dh +8EPUjXrw2zvAK4N817yVMB8GA1UdIwQYMBaAFD8aC/Dh8EPUjXrw2zvAK4N817yV +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQBX +yigtZ3ULsWi3yhW+pbqJU2uuInd8LJZCuy1EP/xSuOxAgIioZM1UvAbu360M9lcB +k9uQTQKzcoPI1nnlSDnuB5+lpK3aCQwo+xYhz3XVRJln3hHkV3R/ytWQrKRLUPKk +StmAm9cUoEWqpYBlQXKO5geiehtb7nBQHH6ERP/JZva5Ico/XMyTFTOYeIXNU8YA +kilkwiY4OIXWCay3kNKgIaiBo1a3JpM7Kq9GwLUAtg7w1pY9q3o6UjH2D7qxgzt/ +d+RzsannAkEQBRSibrucYq5YUhu7yMeOM2kJcklPuubaEAG+2zhY+NobgBugvfh0 +HShpaqD8H/MaTkjBEvf1 +-----END CERTIFICATE----- +EOF + +sudo -n touch /etc/conjur.identity +sudo -n chmod 600 /etc/conjur.identity +sudo -n tee /etc/conjur.identity > /dev/null << EOF +machine https://conjur/api/authn + login host/dummy-hostname + password dummy-api-key +EOF diff --git a/build/webapp/Dockerfile b/build/webapp/Dockerfile new file mode 100644 index 0000000..fe7095d --- /dev/null +++ b/build/webapp/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine + +RUN apk add --update bash && rm -rf /var/cache/apk/* +RUN apk add --update curl && rm -rf /var/cache/apk/* +RUN apk add --update jq && rm -rf /var/cache/apk/* +COPY webapp1.sh /root/webapp1.sh +RUN chmod +x /root/webapp1.sh diff --git a/build/webapp/webapp1.sh b/build/webapp/webapp1.sh new file mode 100644 index 0000000..9f01ed7 --- /dev/null +++ b/build/webapp/webapp1.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +printf "\n\n\nExecuting within the container...\n\n" + +# environment variables set in .env file +# APP_HOSTNAME - host identity for all instances of this app +# VAR_ID - environment variable name to fetch +# SLEEP_TIME - environment variable name to fetch + +CONJUR_HOST=conjur +declare ENDPOINT=https://$CONJUR_HOST/api +declare LOGFILE=cc.log +declare INPUT_FILE=/data/foo + +# for logfile to see whats going on +touch $LOGFILE + +OLD_APP_API_KEY="" +while [ 1=1 ]; do + + # get API key from file in shared volume + while : ; do + read APP_API_KEY < $INPUT_FILE + if [[ "$APP_API_KEY" != "$OLD_APP_API_KEY" ]]; then + break + else + sleep 2 + fi + done + echo "New API key is:" $APP_API_KEY >> $LOGFILE + + while [ 1=1 ]; do + # Login container w/ its API key, authenticate and get API key for session + cont_login=host%2F$APP_HOSTNAME + response=$(curl -s -k \ + --request POST \ + --data-binary $APP_API_KEY \ + $ENDPOINT/authn/users/{$cont_login}/authenticate) + CONT_SESSION_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') + + if [[ "$CONT_SESSION_TOKEN" == "" ]]; then + echo "API key is invalid..." >> $LOGFILE + OLD_APP_API_KEY=$APP_API_KEY + break + fi + + # FETCH variable value + DB_PASSWORD=$(curl -s -k \ + --request GET \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$CONT_SESSION_TOKEN\"" \ + $ENDPOINT/variables/{$VAR_ID}/value) + + echo $(date) "The DB Password is: " $DB_PASSWORD >> $LOGFILE + sleep $SLEEP_TIME + done +done + +exit + diff --git a/dbpassword_rotator.sh b/dbpassword_rotator.sh new file mode 100755 index 0000000..b342de5 --- /dev/null +++ b/dbpassword_rotator.sh @@ -0,0 +1,9 @@ +#!/bin/bash +VAR_ID=webapp1/database_password + +while [[ 1 == 1 ]]; do + new_value=$(openssl rand -hex 12) + docker-compose exec -T cli conjur variable values add $VAR_ID $new_value &> /dev/null + echo $(date "+%H:%M:%S") "$VAR_ID is now: $new_value" + sleep 5 +done diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..bc671dd --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,111 @@ +version: '2' +services: + +# The Conjur, CLI and Weave Scope services are started by the 0-startup-conjur.sh script. +# The Conjur service is a single master. +# The CLI container is used to execute Conjur commands in lieu of requiring the CLI +# package installation on the host machine. This makes managing multi-version Conjur +# environments easier. + conjur: + image: registry.tld/conjur-appliance:4.9.7.0 + hostname: conjur + environment: + CONJUR_MASTER_HOSTNAME: "conjur.cyberark.local" + CONJUR_MASTER_PASSWORD: "Cyberark1" + CONJUR_MASTER_ORGACCOUNT: "dev" + volumes: + - ./:/src:z + - ./log:/var/log/conjur # exported conjur audit log + - ./log:/var/log/nginx # exported nginx audit log + security_opt: + - seccomp:unconfined + ports: + - 443:443 + - 636:636 + restart: always + + cli: + environment: + CONJUR_ACCOUNT: dev + CONJUR_APPLIANCE_URL: https://conjur/api + image: my-conjurcli:5.4.0 + build: ./build/conjurcli + volumes: + - data:/data + - ./:/src:z + - "/var/run/docker.sock:/var/run/docker.sock:rw" # enable docker commands from in container + - "/usr/bin/docker:/usr/bin/docker:z" + hostname: conjurcli + entrypoint: sleep + command: infinity + + scope: + image: weaveworks/scope:1.6.5 + privileged: true + ports: + - "0.0.0.0:4040:4040" + labels: + - "works.weave.role=system" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:rw" + command: + - "--probe.docker=true" + +# The webapp service is just a simple script running in a container - not really a web app. +# This service is brought up by the 1-setup-containers.sh script. + webapp: + image: webapp + build: ./build/webapp + volumes: + - data:/data + entrypoint: /root/webapp1.sh + environment: + - APP_HOSTNAME # values for these variables are in .env file + - VAR_ID + - SLEEP_TIME + +# VM containers for SSH management demonstration. +# This service is brought up by the ./ssh/0-setup-ssh.sh script. + vm: + image: rack-vm:1.0 + build: ./build/vm + volumes: + - .:/src + - data:/data + +# Open LDAP server for ldap sync demonstration. +# This service is brought up by the ./ldap/0-setup-ldap.sh script. + ldap: + image: osixia/openldap:1.1.7 + build: ./build/ldap + restart: always + volumes: + - ./ldap/ldap-bootstrap.ldif:/ldap-bootstrap.ldif + +# Splunk enterprise server for Splunk monitoring demonstration. +# This requires the Conjur and Nginx logs be exported from the Conjur container. +# See volumes: specification for the Conjur service above. +# This service is brought up by the ./splunk/0-setup-splunk.sh script. + splunk: + hostname: splunkenterprise + image: splunk/splunk:7.0.0 + build: ./build/splunk + environment: + SPLUNK_START_ARGS: --accept-license + SPLUNK_ENABLE_LISTEN: 9997 + SPLUNK_ADD: tcp 1514 + volumes: + - .:/src + - opt-splunk-etc:/opt/splunk/etc + - opt-splunk-var:/opt/splunk/var + ports: + - "8000:8000" + - "9997:9997" + - "8088:8088" + - "1514:1514" + +volumes: + data: + opt-splunk-etc: + opt-splunk-var: + diff --git a/etc/_conjur-init.sh b/etc/_conjur-init.sh new file mode 100755 index 0000000..b739d3b --- /dev/null +++ b/etc/_conjur-init.sh @@ -0,0 +1,7 @@ +#!/bin/bash -x + +# Variables should already been defined in docker-compose file + +if [ ! -e /opt/conjur/etc/ssl/conjur.pem ]; then + evoke configure master -h $CONJUR_MASTER_HOSTNAME -p $CONJUR_MASTER_PASSWORD $CONJUR_MASTER_ORGACCOUNT +fi diff --git a/etc/_demo-init.sh b/etc/_demo-init.sh new file mode 100755 index 0000000..2ad792a --- /dev/null +++ b/etc/_demo-init.sh @@ -0,0 +1,46 @@ +#!/bin/bash -ex +set -o pipefail + +cd /src +touch .env + +# create demo users, all passwords are foo +conjur policy load --as-group=security_admin users-policy.yml | tee up-out.json +ted_pwd=$(cat up-out.json | jq -r '."dev:user:ted"') +bob_pwd=$(cat up-out.json | jq -r '."dev:user:bob"') +alice_pwd=$(cat up-out.json | jq -r '."dev:user:alice"') +carol_pwd=$(cat up-out.json | jq -r '."dev:user:carol"') +rm up-out.json + +conjur authn login -u ted -p $ted_pwd +echo "Teds password is foo" +conjur user update_password << END +foo +foo +END + +conjur authn login -u bob -p $bob_pwd +echo "Bobs password is foo" +conjur user update_password << END +foo +foo +END + +conjur authn login -u alice -p $alice_pwd +echo "Alice password is foo" +conjur user update_password << END +foo +foo +END + +conjur authn login -u carol -p $carol_pwd +echo "Carols password is foo" +conjur user update_password << END +foo +foo +END + +conjur authn login -u bob -p foo +conjur policy load --as-group=security_admin webapp1-policy.yml +conjur variable values add webapp1/database_password ThisIsTheDatabasePassword +conjur authn logout diff --git a/etc/conjur.conf b/etc/conjur.conf new file mode 100644 index 0000000..2a547bc --- /dev/null +++ b/etc/conjur.conf @@ -0,0 +1,5 @@ +--- +appliance_url: https://conjur/api +account: dev +cert_file: "/etc/conjur.pem" +plugins: [] diff --git a/etc/conjur.pem b/etc/conjur.pem new file mode 100644 index 0000000..d915df0 --- /dev/null +++ b/etc/conjur.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDVzCCAj+gAwIBAgIVAPSowHRED0UvlPJ2uDCDDZU/OWFTMA0GCSqGSIb3DQEB +CwUAMEIxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQD +ExVjb25qdXIuY3liZXJhcmsubG9jYWwwHhcNMTcxMTA1MTk0NjQyWhcNMjcxMTAz +MTk0NjQyWjAgMR4wHAYDVQQDDBVjb25qdXIuY3liZXJhcmsubG9jYWwwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKWx6MLPB5nT9B9wIPGdwqcAccFo1 +YNYwGdbgYMCIRQb5Z8CuZCu4frhiQhXAvawAK5fIlgeaAj+J6hgq9TyIjss0izmQ +3+y/cbs6AHoJLb0gi2ZPwcIwhPc55Pi4yAy06tqLHp1ba+dw421OwY1YjhLhoDuB +t+8R3bfdnOdXnyD9bdxBmDxhmO8vjvrvICKAI6CKdbEr83dItj6fAUaPzNCRS5g0 +ybc8xLcTDqFWucSBZ+bejfgkxKEAkGuuawQFCejRxoD2G08y+SvmMLhC48no6bFu +JbJFpU4LZoFcBSJMb1ENowQCZwv9CrgoX6T6rqDwFyVXtP1QHVAfcN6bAgMBAAGj +ZjBkMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/Y +BwkwMwYDVR0RBCwwKoIVY29uanVyLmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SC +BmNvbmp1cjANBgkqhkiG9w0BAQsFAAOCAQEAVLaLsbhJfsMF6NCOsq0KeZFiz77a +SwUliN1jxfPd4nBS5qLmaMzPaFjeeLylYZQYcLKMAV9vZswe/Ae214rgXILcg5nV +9qW14hMxN2FAvyypS/Vyu0jNfjMLBXh5XWa5QGhutOhiBAIq5lf2OWLjIhTVAtjE +UeYL5XdYe7Ohaip5rSfpo/kn4f1nZBN76+aNq6I1uwMzlqUFDB3iKfuhcil4q7ID +2wX9Q3WQquwY2n34tGDy+z+Jq0oRoKsXWWHSxoDBdg7s1wFe6vS7/dE+uQL2cCZ/ +QD9O0/9ZmnwtF5P5gexb5xeXeSD2SDqxDPJRw773lijMrICLl+jFKjex4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDmzCCAoOgAwIBAgIJAIygNrI7RdilMA0GCSqGSIb3DQEBCwUAMEIxDDAKBgNV +BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQDExVjb25qdXIuY3li +ZXJhcmsubG9jYWwwHhcNMTcxMTA1MTk0NjQwWhcNMjcxMTAzMTk0NjQwWjBCMQww +CgYDVQQKEwNkZXYxEjAQBgNVBAsTCUNvbmp1ciBDQTEeMBwGA1UEAxMVY29uanVy +LmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +5bkt8wilp+xqLemcxJwD3T9PqrsOIu45bXzYewzBFRbPRirivZDZT/hmHqMGL4vU +ZZRAWLpo5+hh1T8We/eE5ABrfBZjulQ21if1niltVSmooojUTcVP/ai0b/VtAF9g +wc1SjABqvzzODUwQdRoZqMuyZDmpbC0A0TbocFHDkBsiSFwK3J+o0gQMMVY74VgE +iXT1oX19m2EWM529SAtQe8hl6DsWucFI0rEcXuW1VHyQmLm3zJUCKIPkncodVxNl +dhRSLuWiyUlBcMMRbvjx33qjjhsPnVC+gNMNB95tuW3qyapQ7rGncTC42NQYon9R +WUKDcG0L47DuvywuQIULTQIDAQABo4GTMIGQMDMGA1UdEQQsMCqCFWNvbmp1ci5j +eWJlcmFyay5sb2NhbIIJbG9jYWxob3N0ggZjb25qdXIwHQYDVR0OBBYEFPp94FHn +nh16rKZt7Ef3yBLftbeoMB8GA1UdIwQYMBaAFPp94FHnnh16rKZt7Ef3yBLftbeo +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQBH +kfpIUJ80P2eSLjvWVLbl+hoK51IZElxXBeY3QSOb5jghQV++WMgvokq6qlHXeBXP +5jhXqG/v1jBZq6DtkxCrTdOQbzK4wF/ZQPJ97TR2Hraj69/9Tyd81K4E7ls9Izay +pfa3/P0aHsAYNB83yWZR090iTQBPtaoAUdlH9qS1/4Ckh2gqnuT9vhg6nyIoznio +/ofrxN3bfotMFjGgZK40sdRU9JsQObVnEiXUWvRRZXQhj6WKrvLA+EQmosuIjanN +rdXw23n1Sff0xDx/NNMOqQsl7ZhFg8YVb685aqm9aE2pO8LfTihaQmfwQBm4QBnJ +mQs2avVl8+uu7CwO3p5i +-----END CERTIFICATE----- diff --git a/etc/install-dependencies.sh b/etc/install-dependencies.sh new file mode 100755 index 0000000..a8d119a --- /dev/null +++ b/etc/install-dependencies.sh @@ -0,0 +1,16 @@ +#!/bin/bash -e + +# install docker ce +sudo yum install -y yum-utils \ + device-mapper-persistent-data \ + lvm2 +sudo yum-config-manager \ + --add-repo \ + https://download.docker.com/linux/centos/docker-ce.repo +sudo yum install docker-ce +sudo systemctl start docker + +# install docker-compose +sudo curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose +sudo chmod +x /usr/local/bin/docker-compose +docker-compose --version diff --git a/etc/template.identity b/etc/template.identity new file mode 100644 index 0000000..5887149 --- /dev/null +++ b/etc/template.identity @@ -0,0 +1,4 @@ +machine https://conjur/api/authn + login host/{{NAME}} + password {{PWD}} + diff --git a/ldap/0-setup-ldap.sh b/ldap/0-setup-ldap.sh new file mode 100755 index 0000000..5e49065 --- /dev/null +++ b/ldap/0-setup-ldap.sh @@ -0,0 +1,33 @@ +#!/bin/bash -e +set -o pipefail + +CONJUR_ADMIN_PWD=Cyberark1 + +test_ldap_connect() { + docker-compose exec -T ldap bash -c "ldapsearch -x -h localhost -b dc=example,dc=org -D cn=admin,dc=example,dc=org -w admin '(objectClass=user)'" +} + +main() { + docker-compose rm -svf ldap + docker-compose up -d ldap + docker-compose exec cli conjur authn login -u admin -p $CONJUR_ADMIN_PWD + docker-compose exec cli conjur elevate policy load /src/ldap/ldap-sync-config.yml + docker-compose exec cli conjur elevate variable values add conjur/ldap-sync/bind-password/default $CONJUR_ADMIN_PWD + + + for i in {1..60}; do + if ! test_ldap_connect; then + echo "Waiting for OpenLDAP to start" + else + break + fi + sleep 1 + done + + # hopefully prevent intermittent failures + sleep 2 + # load demo groups & users from mounted file + docker-compose exec -T ldap bash -c 'ldapadd -x -D cn=admin,dc=example,dc=org -w admin -f /ldap-bootstrap.ldif' +} + +main "$@" diff --git a/ldap/1-ldap-sync.sh b/ldap/1-ldap-sync.sh new file mode 100755 index 0000000..0e233b0 --- /dev/null +++ b/ldap/1-ldap-sync.sh @@ -0,0 +1,5 @@ +#!/bin/bash -e +set -o pipefail +docker-compose exec cli conjur authn login -u admin -p Cyberark1 +docker-compose exec -T cli conjur ldap-sync policy show > ldap-sync.yml +docker-compose exec -T cli conjur elevate policy load /src/ldap/ldap-sync.yml diff --git a/ldap/ldap-bootstrap.ldif b/ldap/ldap-bootstrap.ldif new file mode 100644 index 0000000..05e619e --- /dev/null +++ b/ldap/ldap-bootstrap.ldif @@ -0,0 +1,819 @@ +dn: cn=hr-admin,dc=example,dc=org +cn: hr-admin +gidNumber: 10000 +objectClass: posixGroup +objectClass: top +memberUid: kyle.wheeler +memberUid: marin.dubois + +dn: cn=hr,dc=example,dc=org +cn: hr +gidNumber: 10002 +objectClass: posixGroup +objectClass: top +memberUid: carol.rodriquez +memberUid: karen.wood +memberUid: caroline.mccoy + +dn: cn=devops,dc=example,dc=org +cn: devops +gidNumber: 10003 +objectClass: posixGroup +objectClass: top +memberUid: bob +memberUid: wayne.walker +memberUid: constance.bourgeois +memberUid: noelie.garnier + +dn: cn=developers,dc=example,dc=org +cn: developers +gidNumber: 10004 +objectClass: posixGroup +objectClass: top +memberUid: faiz.rooker +memberUid: soledad.reyes +memberUid: sofia.tikkanen +memberUid: alfredo.coleman +memberUid: gabin.dupont +memberUid: belen.cano +memberUid: emmi.korpela +memberUid: annie.diaz +memberUid: ted.holland +memberUid: jimmy.knight +memberUid: alberto.morgan +memberUid: benjamin.garnier +memberUid: lotta.aho +memberUid: carol +memberUid: ted +memberUid: alice + + +dn: cn=researchers-admin,dc=example,dc=org +cn: researchers-admin +gidNumber: 10005 +objectClass: posixGroup +objectClass: top +memberUid: amber.fitzgerald +memberUid: frederick.curtis +memberUid: brian.scott + + +dn: cn=researchers,dc=example,dc=org +cn: researchers +gidNumber: 10006 +objectClass: posixGroup +objectClass: top +memberUid: paula.guerrero +memberUid: jalila.eerland +memberUid: alicia.montgomery +memberUid: renatus.broersma +memberUid: elsa.takala +memberUid: elena.montero +memberUid: vicky.johnson +memberUid: adele.dupuis +memberUid: maria.pastor +memberUid: dustin.bailey + + +dn: cn=qa-admin,dc=example,dc=org +cn: qa-admin +gidNumber: 10007 +objectClass: posixGroup +objectClass: top +memberUid: steve.peterson +memberUid: rosie.pearson + + +dn: cn=qa,dc=example,dc=org +cn: qa +gidNumber: 10008 +objectClass: posixGroup +objectClass: top +memberUid: emilia.calvo +memberUid: rafael.pena +memberUid: mia.caldwell +memberUid: encarnacion.lorenzo +memberUid: konsta.lampi +memberUid: jamie.martin +memberUid: manuel.flores +memberUid: alex.mills + +dn: cn=operations-admin,dc=example,dc=org +cn: operations-admin +gidNumber: 10009 +objectClass: posixGroup +objectClass: top +memberUid: meline.lopez +memberUid: hector.jackson +memberUid: anton.honkala + + +dn: cn=operations,dc=example,dc=org +cn: operations +gidNumber: 10010 +objectClass: posixGroup +objectClass: top +memberUid: isabel.hidalgo +memberUid: alvin.bennett +memberUid: calvin.castillo +memberUid: aada.heikkila +memberUid: sam.davies +memberUid: caitlin.nichols +memberUid: sara.tucker +memberUid: travis.owens +memberUid: lis.houwer +memberUid: mike.thomas +memberUid: raquel.caballero +memberUid: ricky.martin + + +dn: uid=kyle.wheeler,dc=example,dc=org +cn: kyle.wheeler +uidNumber: 10211 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10000 +sn: wheeler +homeDirectory: /home/kyle.wheeler + +dn: uid=marin.dubois,dc=example,dc=org +cn: marin.dubois +uidNumber: 10212 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10000 +sn: dubois +homeDirectory: /home/marin.dubois + + +dn: uid=carol.rodriquez,dc=example,dc=org +cn: carol.rodriquez +uidNumber: 10213 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10002 +sn: rodriquez +homeDirectory: /home/carol.rodriquez + + +dn: uid=karen.wood,dc=example,dc=org +cn: karen.wood +uidNumber: 10214 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10002 +sn: wood +homeDirectory: /home/karen.wood + + +dn: uid=caroline.mccoy,dc=example,dc=org +cn: caroline.mccoy +uidNumber: 10215 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10002 +sn: mccoy +homeDirectory: /home/caroline.mccoy + + +dn: uid=wayne.walker,dc=example,dc=org +cn: wayne.walker +uidNumber: 10216 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: walker +homeDirectory: /home/wayne.walker + + +dn: uid=constance.bourgeois,dc=example,dc=org +cn: constance.bourgeois +uidNumber: 10217 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: bourgeois +homeDirectory: /home/constance.bourgeois + + +dn: uid=noelie.garnier,dc=example,dc=org +cn: noelie.garnier +uidNumber: 10218 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: garnier +homeDirectory: /home/noelie.garnier + + +dn: uid=faiz.rooker,dc=example,dc=org +cn: faiz.rooker +uidNumber: 10219 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: rooker +homeDirectory: /home/faiz.rooker + + +dn: uid=soledad.reyes,dc=example,dc=org +cn: soledad.reyes +uidNumber: 10220 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: reyes +homeDirectory: /home/soledad.reyes + + +dn: uid=sofia.tikkanen,dc=example,dc=org +cn: sofia.tikkanen +uidNumber: 10221 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: tikkanen +homeDirectory: /home/sofia.tikkanen + + +dn: uid=alfredo.coleman,dc=example,dc=org +cn: alfredo.coleman +uidNumber: 10222 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: coleman +homeDirectory: /home/alfredo.coleman + + +dn: uid=gabin.dupont,dc=example,dc=org +cn: gabin.dupont +uidNumber: 10223 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: dupont +homeDirectory: /home/gabin.dupont + + +dn: uid=belen.cano,dc=example,dc=org +cn: belen.cano +uidNumber: 10224 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: cano +homeDirectory: /home/belen.cano + + +dn: uid=emmi.korpela,dc=example,dc=org +cn: emmi.korpela +uidNumber: 10225 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: korpela +homeDirectory: /home/emmi.korpela + + +dn: uid=annie.diaz,dc=example,dc=org +cn: annie.diaz +uidNumber: 10226 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: diaz +homeDirectory: /home/annie.diaz + + +dn: uid=ted.holland,dc=example,dc=org +cn: ted.holland +uidNumber: 10227 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: holland +homeDirectory: /home/ted.holland + + +dn: uid=jimmy.knight,dc=example,dc=org +cn: jimmy.knight +uidNumber: 10228 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: knight +homeDirectory: /home/jimmy.knight + + +dn: uid=alberto.morgan,dc=example,dc=org +cn: alberto.morgan +uidNumber: 10229 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: morgan +homeDirectory: /home/alberto.morgan + + +dn: uid=benjamin.garnier,dc=example,dc=org +cn: benjamin.garnier +uidNumber: 10230 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: garnier +homeDirectory: /home/benjamin.garnier + + +dn: uid=lotta.aho,dc=example,dc=org +cn: lotta.aho +uidNumber: 10231 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: aho +homeDirectory: /home/lotta.aho + + +dn: uid=amber.fitzgerald,dc=example,dc=org +cn: amber.fitzgerald +uidNumber: 10232 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10005 +sn: fitzgerald +homeDirectory: /home/amber.fitzgerald + + +dn: uid=frederick.curtis,dc=example,dc=org +cn: frederick.curtis +uidNumber: 10233 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10005 +sn: curtis +homeDirectory: /home/frederick.curtis + + +dn: uid=brian.scott,dc=example,dc=org +cn: brian.scott +uidNumber: 10234 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10005 +sn: scott +homeDirectory: /home/brian.scott + + +dn: uid=paula.guerrero,dc=example,dc=org +cn: paula.guerrero +uidNumber: 10235 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: guerrero +homeDirectory: /home/paula.guerrero + + +dn: uid=jalila.eerland,dc=example,dc=org +cn: jalila.eerland +uidNumber: 10236 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: eerland +homeDirectory: /home/jalila.eerland + + +dn: uid=alicia.montgomery,dc=example,dc=org +cn: alicia.montgomery +uidNumber: 10237 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: montgomery +homeDirectory: /home/alicia.montgomery + + +dn: uid=renatus.broersma,dc=example,dc=org +cn: renatus.broersma +uidNumber: 10238 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: broersma +homeDirectory: /home/renatus.broersma + + +dn: uid=elsa.takala,dc=example,dc=org +cn: elsa.takala +uidNumber: 10239 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: takala +homeDirectory: /home/elsa.takala + + +dn: uid=elena.montero,dc=example,dc=org +cn: elena.montero +uidNumber: 10240 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: montero +homeDirectory: /home/elena.montero + + +dn: uid=vicky.johnson,dc=example,dc=org +cn: vicky.johnson +uidNumber: 10241 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: johnson +homeDirectory: /home/vicky.johnson + + +dn: uid=adele.dupuis,dc=example,dc=org +cn: adele.dupuis +uidNumber: 10242 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: dupuis +homeDirectory: /home/adele.dupuis + + +dn: uid=maria.pastor,dc=example,dc=org +cn: maria.pastor +uidNumber: 10243 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: pastor +homeDirectory: /home/maria.pastor + + +dn: uid=dustin.bailey,dc=example,dc=org +cn: dustin.bailey +uidNumber: 10244 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: bailey +homeDirectory: /home/dustin.bailey + + +dn: uid=steve.peterson,dc=example,dc=org +cn: steve.peterson +uidNumber: 10245 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10007 +sn: peterson +homeDirectory: /home/steve.peterson + + +dn: uid=rosie.pearson,dc=example,dc=org +cn: rosie.pearson +uidNumber: 10246 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10007 +sn: pearson +homeDirectory: /home/rosie.pearson + + +dn: uid=emilia.calvo,dc=example,dc=org +cn: emilia.calvo +uidNumber: 10247 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: calvo +homeDirectory: /home/emilia.calvo + + +dn: uid=rafael.pena,dc=example,dc=org +cn: rafael.pena +uidNumber: 10248 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: peña +homeDirectory: /home/rafael.pena + + +dn: uid=mia.caldwell,dc=example,dc=org +cn: mia.caldwell +uidNumber: 10249 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: caldwell +homeDirectory: /home/mia.caldwell + + +dn: uid=encarnacion.lorenzo,dc=example,dc=org +cn: encarnacion.lorenzo +uidNumber: 10250 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: lorenzo +homeDirectory: /home/encarnacion.lorenzo + + +dn: uid=konsta.lampi,dc=example,dc=org +cn: konsta.lampi +uidNumber: 10251 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: lampi +homeDirectory: /home/konsta.lampi + + +dn: uid=jamie.martin,dc=example,dc=org +cn: jamie.martin +uidNumber: 10252 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: martin +homeDirectory: /home/jamie.martin + + +dn: uid=manuel.flores,dc=example,dc=org +cn: manuel.flores +uidNumber: 10253 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: flores +homeDirectory: /home/manuel.flores + + +dn: uid=alex.mills,dc=example,dc=org +cn: alex.mills +uidNumber: 10254 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: mills +homeDirectory: /home/alex.mills + + +dn: uid=meline.lopez,dc=example,dc=org +cn: meline.lopez +uidNumber: 10255 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10009 +sn: lopez +homeDirectory: /home/meline.lopez + + +dn: uid=hector.jackson,dc=example,dc=org +cn: hector.jackson +uidNumber: 10256 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10009 +sn: jackson +homeDirectory: /home/hector.jackson + + +dn: uid=anton.honkala,dc=example,dc=org +cn: anton.honkala +uidNumber: 10257 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10009 +sn: honkala +homeDirectory: /home/anton.honkala + + +dn: uid=isabel.hidalgo,dc=example,dc=org +cn: isabel.hidalgo +uidNumber: 10258 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: hidalgo +homeDirectory: /home/isabel.hidalgo + + +dn: uid=alvin.bennett,dc=example,dc=org +cn: alvin.bennett +uidNumber: 10259 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: bennett +homeDirectory: /home/alvin.bennett + + +dn: uid=calvin.castillo,dc=example,dc=org +cn: calvin.castillo +uidNumber: 10260 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: castillo +homeDirectory: /home/calvin.castillo + + +dn: uid=aada.heikkila,dc=example,dc=org +cn: aada.heikkila +uidNumber: 10261 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: heikkila +homeDirectory: /home/aada.heikkila + + +dn: uid=sam.davies,dc=example,dc=org +cn: sam.davies +uidNumber: 10262 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: davies +homeDirectory: /home/sam.davies + + +dn: uid=caitlin.nichols,dc=example,dc=org +cn: caitlin.nichols +uidNumber: 10263 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: nichols +homeDirectory: /home/caitlin.nichols + + +dn: uid=sara.tucker,dc=example,dc=org +cn: sara.tucker +uidNumber: 10264 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: tucker +homeDirectory: /home/sara.tucker + + +dn: uid=travis.owens,dc=example,dc=org +cn: travis.owens +uidNumber: 10265 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: owens +homeDirectory: /home/travis.owens + + +dn: uid=lis.houwer,dc=example,dc=org +cn: lis.houwer +uidNumber: 10266 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: houwer +homeDirectory: /home/lis.houwer + + +dn: uid=mike.thomas,dc=example,dc=org +cn: mike.thomas +uidNumber: 10267 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: thomas +homeDirectory: /home/mike.thomas + + +dn: uid=raquel.caballero,dc=example,dc=org +cn: raquel.caballero +uidNumber: 10268 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: caballero +homeDirectory: /home/raquel.caballero + +dn: uid=ricky.martin,dc=example,dc=org +cn: ricky.martin +uidNumber: 10269 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: martin +homeDirectory: /home/ricky.martin +memberOf: cn=operations,dc=example,dc=org + +dn: uid=bob,dc=example,dc=org +cn: bob +uidNumber: 9999 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: bob +homeDirectory: /home/bob +memberOf: cn=devops,dc=example,dc=org + +dn: uid=carol,dc=example,dc=org +cn: carol +uidNumber: 9998 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: carol +homeDirectory: /home/carol +memberOf: cn=developers,dc=example,dc=org + +dn: uid=ted,dc=example,dc=org +cn: ted +uidNumber: 9997 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: ted +homeDirectory: /home/ted +memberOf: cn=developers,dc=example,dc=org + +dn: uid=alice,dc=example,dc=org +cn: alice +uidNumber: 9996 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: alice +homeDirectory: /home/alice +memberOf: cn=developers,dc=example,dc=org diff --git a/ldap/ldap-sync-config.yml b/ldap/ldap-sync-config.yml new file mode 100644 index 0000000..5dc54bf --- /dev/null +++ b/ldap/ldap-sync-config.yml @@ -0,0 +1,21 @@ +- !variable + id: conjur/ldap-sync/bind-password/default + owner: !host conjur/ldap-sync + +- !resource + kind: configuration + id: conjur/ldap-sync/default + owner: !host conjur/ldap-sync + annotations: + ldap-sync/port: "389" + ldap-sync/host: "ldap" + ldap-sync/bind-dn: "cn=admin,dc=example,dc=org" + ldap-sync/connect-type: "plain" + ldap-sync/base-dn: "dc=example,dc=org" + ldap-sync/import-public-keys: "false" + ldap-sync/import-uid-numbers: "false" + ldap-sync/import-gid-numbers: "false" + ldap-sync/user-filter: "(objectClass=posixAccount)" + ldap-sync/group-filter: "(objectClass=posixGroup)" + ldap-sync/user-attribute-mapping/name: "uid" + ldap-sync/group-attribute-mapping/name: "cn" \ No newline at end of file diff --git a/load_policy.sh b/load_policy.sh new file mode 100755 index 0000000..4b5e66f --- /dev/null +++ b/load_policy.sh @@ -0,0 +1,8 @@ +#!/bin/bash +if [[ -z $1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 +fi +POLICY_FILE=$1 +docker-compose exec cli conjur authn login +docker-compose exec -T cli conjur policy load --as-group security_admin /src/$POLICY_FILE diff --git a/splunk/0-setup-splunk.sh b/splunk/0-setup-splunk.sh new file mode 100755 index 0000000..4274302 --- /dev/null +++ b/splunk/0-setup-splunk.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e +set -o pipefail +docker-compose up -d splunk +printf "\nWatching Splunk log. Ctrl-C when you see the following:\n" +printf "splunk_1 | Listening for data on TCP port 1514.\n" +read -p "Press enter to continue..." +docker-compose logs -f splunk diff --git a/ssh/0-setup-ssh.sh b/ssh/0-setup-ssh.sh new file mode 100755 index 0000000..6f47f4f --- /dev/null +++ b/ssh/0-setup-ssh.sh @@ -0,0 +1,60 @@ +#!/bin/bash -e +set -o pipefail + +RACK_SERVICE_NAME=vm +RACK_POLICY_NAME=rack +RACK_POLICY_FILE=$RACK_POLICY_NAME.yml + +################ MAIN ################ +# $1 = number of rack machine containers to create +main() { + if [[ $# -ne 1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 + fi + + printf "\n-----\nBringing down old, then up all rack vm containers...\n" + local NUM_CONTS=$1; shift + docker-compose rm -svf $RACK_SERVICE_NAME + docker-compose up -d --scale $RACK_SERVICE_NAME=$NUM_CONTS $RACK_SERVICE_NAME + + printf "\n-----\nConstructing & loading rack host policy...\n" + cat > $RACK_POLICY_FILE << EOF +--- +EOF + rack_cont_names=$(docker ps --format "{{.Names}}" | grep $RACK_SERVICE_NAME) + for cname in $rack_cont_names; do + echo "- !host" $cname >> $RACK_POLICY_FILE + done + docker-compose exec -T cli conjur authn login -u admin -p Cyberark1 + docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh/$RACK_POLICY_FILE + + + printf "\n-----\nCreating host identity files and copying to shared volume in CLI container...\n" + CLI_CONT_ID=$(docker-compose ps -q cli) + for cname in $rack_cont_names; do + api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $cname) + cat ../etc/template.identity | sed s={{NAME}}=$cname= | sed s/{{PWD}}/$api_key/ > $cname.identity + docker cp $cname.identity $CLI_CONT_ID:/data + rm $cname.identity + done + + printf "\n-----\nIn each container, copying identity files from shared volume, then deleting...\n" + for cname in $rack_cont_names; do + # note conjur.conf and conjur.pem are + # copied to shared volume after conjur + # service is brought up and never deleted + docker exec $cname sudo cp /data/conjur.conf /etc/conjur.conf + docker exec $cname sudo cp /data/conjur.pem /etc/conjur-dev.pem + # identity files contain API key - need to protect + docker exec $cname sudo cp /data/$cname.identity /etc/conjur.identity + docker exec $cname sudo chmod 600 /etc/conjur.identity + docker exec $cname rm /data/$cname.identity + done + + printf "\nCompleted bringing up %n rack host identities.\n" + printf "\nRack host identities now in Conjur:\n" + echo $rack_cont_names +} + +main "$@" diff --git a/ssh/1_create_key_for_user.sh b/ssh/1_create_key_for_user.sh new file mode 100755 index 0000000..516fb8b --- /dev/null +++ b/ssh/1_create_key_for_user.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e +set -o pipefail +if [[ "$1" == "" ]]; then + printf "Provide name of user...\n\n" + exit 1 +fi +USER=$1 +printf "\nGenerating SSH keys for user %s and adding public key to Conjur...\n" $USER +docker-compose exec cli conjur authn login -u admin -p Cyberark1 +ssh-keygen -q -b 2048 -t rsa -C $USER-ssh-demo -f id_$USER -N '' +docker-compose exec -T cli conjur pubkeys add $USER @/src/ssh/id_$USER.pub diff --git a/ssh/2_test_fetch_userkey_from_host.sh b/ssh/2_test_fetch_userkey_from_host.sh new file mode 100755 index 0000000..f2cb465 --- /dev/null +++ b/ssh/2_test_fetch_userkey_from_host.sh @@ -0,0 +1,10 @@ +#!/bin/bash -e +set -o pipefail +if [[ $# -ne 2 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 +fi +USER=$1 +CNAME=$2 +printf "\nFrom container %s, retrieving public SSH key for user %s from Conjur service:\n\n" $CNAME $USER +docker exec -it $CNAME /opt/conjur/bin/conjur_authorized_keys $USER diff --git a/ssh/3_ssh_user_to_host.sh b/ssh/3_ssh_user_to_host.sh new file mode 100755 index 0000000..301e0de --- /dev/null +++ b/ssh/3_ssh_user_to_host.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e +set -o pipefail +if [[ $# -ne 2 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 +fi +USER=$1 +CNAME=$2 +printf "\n\nUser %s attempting to ssh from CLI container to container %s:\n\n" $USER $CNAME +set -x +docker-compose exec cli ssh -i /src/ssh/id_$USER $USER@$CNAME diff --git a/ssh/4_roles_with_resource_permissions.sh b/ssh/4_roles_with_resource_permissions.sh new file mode 100755 index 0000000..6b3ea4b --- /dev/null +++ b/ssh/4_roles_with_resource_permissions.sh @@ -0,0 +1,9 @@ +#!/bin/bash +if [[ "$#" -ne 2 ]]; then + printf "\nProvide name of resource and permission...\n\n" + exit 1 +fi +RESOURCE=$1 +PERMISSION=$2 +printf "\nAll roles having %s permission on %s:\n\n" $PERMISSION $RESOURCE +docker-compose exec cli conjur resource permitted_roles $RESOURCE $PERMISSION diff --git a/ssh/5_review_activity_on_resource.sh b/ssh/5_review_activity_on_resource.sh new file mode 100755 index 0000000..2d016cb --- /dev/null +++ b/ssh/5_review_activity_on_resource.sh @@ -0,0 +1,9 @@ +#!/bin/bash +if [[ "$1" == "" ]]; then + printf "Provide name of resource...\n\n" + exit 1 +fi +RESOURCE=$1 +printf "\nReviewing activity on %s:\n" $RESOURCE +set -x +docker-compose exec cli conjur audit resource --short $RESOURCE diff --git a/ssh/load_policy.sh b/ssh/load_policy.sh new file mode 100755 index 0000000..2226787 --- /dev/null +++ b/ssh/load_policy.sh @@ -0,0 +1,8 @@ +#!/bin/bash +if [[ -z $1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 +fi +POLICY_FILE=$1 +docker-compose exec cli conjur authn login -u admin -p Cyberark1 +docker-compose exec -T cli conjur policy load --as-group security_admin /src/ssh/$POLICY_FILE diff --git a/ssh/rack.yml b/ssh/rack.yml new file mode 100644 index 0000000..d6886ef --- /dev/null +++ b/ssh/rack.yml @@ -0,0 +1,3 @@ +--- +- !host cdemo_vm_1 +- !host cdemo_vm_2 diff --git a/ssh/ssh-mgmt.yml b/ssh/ssh-mgmt.yml new file mode 100644 index 0000000..cbb333a --- /dev/null +++ b/ssh/ssh-mgmt.yml @@ -0,0 +1,17 @@ +--- +- !policy + id: prod + body: + - !layer prod_rack + + - !grant + role: !layer prod_rack + members: + - !host /cdemo_vm_2 + + - !permit + role: !group /devops + privileges: [ read, execute ] + resources: + - !layer prod_rack + - !host /cdemo_vm_2 diff --git a/users-policy.yml b/users-policy.yml new file mode 100644 index 0000000..3aca2a4 --- /dev/null +++ b/users-policy.yml @@ -0,0 +1,13 @@ +--- +- !user bob +- !group devops + +- !grant + role: !group devops + members: + !user bob + +- !user carol +- !user ted +- !user alice + diff --git a/watch_container_log.sh b/watch_container_log.sh new file mode 100755 index 0000000..b69802e --- /dev/null +++ b/watch_container_log.sh @@ -0,0 +1,2 @@ +#!/bin/bash +docker-compose exec -T webapp tail -f cc.log diff --git a/webapp1-policy.yml b/webapp1-policy.yml new file mode 100644 index 0000000..e91dc32 --- /dev/null +++ b/webapp1-policy.yml @@ -0,0 +1,15 @@ +--- +- !policy + id: webapp1 + owner: !group devops + body: + - &variables + - !variable database_password + + - !host &tomcat_host tomcat_host + + - !permit + role: *tomcat_host + privileges: [ read, execute ] + resource: *variables + From b8390803ebf059b325912d28d5611a6b59931e9f Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 5 Nov 2017 15:58:07 -0600 Subject: [PATCH 02/68] readme tweaks --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fed57a1..00d40fc 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ -# scalability-compose +# cdemo - an tour of Conjur using containers Goal: A self-contained implementation of a simple Conjur application for demonstration in docker-compose and serve as a reference model for best practices. -NOTE: This demo uses a single identity for all instances of the application. This is best practice as it is scalable to potentially thousands of instances, whereas use of the Host Factory token is not. +NOTE: This demo uses a single identity for all instances of the application. This is best practice as it is scalable to potentially thousands of instances, whereas use of the Host Factory token does not. Scenario: Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. From 3c1f33757645ee0720b057bec2aa51664d12ae65 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 5 Nov 2017 15:58:54 -0600 Subject: [PATCH 03/68] readme tweaks --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 00d40fc..d41a4d1 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# cdemo - an tour of Conjur using containers +# cdemo - a tour of Conjur using containers Goal: A self-contained implementation of a simple Conjur application for demonstration in docker-compose and serve as a reference model for best practices. From ff8b4b3a358969a30a5d1392812576e9a6dceca4 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Wed, 8 Nov 2017 17:31:21 -0600 Subject: [PATCH 04/68] ssh work --- .env | 2 +- 0-startup-conjur.sh | 37 ++++++----------- 1-setup-containers.sh | 4 ++ build/vm/Dockerfile | 23 +++++++---- build/vm/configure-ssh.sh | 7 ++++ build/vm/logshipper.conf | 6 +++ build/vm/write_dummy_id_files.sh | 64 +++++++++++++++++++++++++++++ build/vm/write_id_files.sh | 65 ------------------------------ build/webapp/webapp1.sh | 4 +- docker-compose.yml | 10 ++--- etc/conjur-dev.pem | 41 +++++++++++++++++++ etc/conjur.pem | 64 ++++++++++++++--------------- ssh/0-setup-ssh.sh | 44 +++++++++++--------- ssh/cjz.sh | 67 +++++++++++++++++++++++++++++++ ssh/conjur-chef | Bin 0 -> 308902 bytes ssh/conjur.tgz | Bin 0 -> 308902 bytes ssh/foo.json | 9 +++++ ssh/rack.yml | 1 - ssh/ssh-mgmt.yml | 5 +-- 19 files changed, 292 insertions(+), 161 deletions(-) create mode 100755 build/vm/configure-ssh.sh create mode 100644 build/vm/logshipper.conf create mode 100755 build/vm/write_dummy_id_files.sh delete mode 100755 build/vm/write_id_files.sh create mode 100644 etc/conjur-dev.pem create mode 100644 ssh/cjz.sh create mode 100644 ssh/conjur-chef create mode 100644 ssh/conjur.tgz create mode 100644 ssh/foo.json diff --git a/.env b/.env index 2637ab6..3754f72 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ APP_HOSTNAME=webapp1%2Ftomcat_host VAR_ID=webapp1%2Fdatabase_password -SLEEP_TIME=10 +SLEEP_TIME=5 diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 89a7929..9a24323 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,7 +1,9 @@ #!/bin/bash -e set -o pipefail -CONJUR_ADMIN_PWD=Cyberark1 +CONJUR_MASTER_HOSTNAME=cyberark.local +CONJUR_MASTER_ORGACCOUNT=dev +CONJUR_MASTER_PASSWORD=Cyberark1 main() { all_down # bring down anything still running @@ -29,7 +31,7 @@ all_down() { docker-compose down --remove-orphans dangling_vols=$(docker volume ls -qf dangling=true) if [[ "$dangling_vols" != "" ]]; then - docker rm $dangling_vols + docker volume rm $dangling_vols fi } @@ -43,14 +45,15 @@ conjur_up() { echo "-----" echo "Initializing Conjur" - runInConjur /src/etc/_conjur-init.sh + docker-compose exec conjur evoke configure master -h $CONJUR_MASTER_HOSTNAME -p $CONJUR_MASTER_PASSWORD $CONJUR_MASTER_ORGACCOUNT echo "-----" echo "Get certificate from Conjur" - rm -f ./etc/conjur.pem - docker cp -L $CONJUR_CONT_ID:/opt/conjur/etc/ssl/conjur.pem ./etc/conjur.pem + rm -f ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem + # cache cert for copying to other containers + docker cp -L $CONJUR_CONT_ID:/opt/conjur/etc/ssl/conjur.pem ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem - echo "---- Update hosts file with $CONJUR_HOSTNAME" + echo "---- Update hosts file with Conjur container hostname: $CONJUR_HOSTNAME" grep -v $CONJUR_HOSTNAME /etc/hosts > /tmp/foo echo -e 127.0.0.1 '\t' $CONJUR_HOSTNAME >> /tmp/foo sudo mv /tmp/foo /etc/hosts @@ -65,24 +68,10 @@ cli_up() { echo "-----" echo "Copy Conjur config and certificate to CLI" - docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/etc/conjur.conf - docker cp -L ./etc/conjur.pem $CLI_CONT_ID:/etc/conjur.pem - docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/data/conjur.conf - docker cp -L ./etc/conjur.pem $CLI_CONT_ID:/data/conjur.pem - runIncli conjur authn login -u admin -p $CONJUR_ADMIN_PWD - runIncli conjur bootstrap -q -} - -runInConjur() { - docker-compose exec -T conjur "$@" -} - -runIncli() { - docker-compose exec -T cli "$@" -} - -wait_for_conjur() { - docker-compose exec -T conjur bash -c 'while ! curl -sI localhost > /dev/null; do sleep 1; done' + docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/etc + docker cp -L ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem $CLI_CONT_ID:/etc/conjur.pem + docker-compose exec cli conjur authn login -u admin -p $CONJUR_MASTER_PASSWORD + docker-compose exec cli conjur bootstrap -q } updatehostsfile() { diff --git a/1-setup-containers.sh b/1-setup-containers.sh index 62e8665..11ce6dd 100755 --- a/1-setup-containers.sh +++ b/1-setup-containers.sh @@ -27,15 +27,19 @@ main() { docker cp local_foo $(docker-compose ps -q cli):/data/foo rm local_foo + # replace '/' and ':' w/ hex equivalents urlify $APP_HOSTNAME APP_HOSTNAME=$URLIFIED urlify $VAR_ID VAR_ID=$URLIFIED + # create .env file to set docker-compose env vars echo "APP_HOSTNAME=$APP_HOSTNAME" > .env echo "VAR_ID=$VAR_ID" >> .env echo "SLEEP_TIME=$SLEEP_TIME" >> .env docker-compose up -d --scale webapp=$NUM_CONTS webapp + + # delete file w/ api-key docker-compose exec -T cli rm /data/foo } diff --git a/build/vm/Dockerfile b/build/vm/Dockerfile index 6c354c7..a610a19 100644 --- a/build/vm/Dockerfile +++ b/build/vm/Dockerfile @@ -1,8 +1,15 @@ -FROM ubuntu:14.04 -RUN apt-get update -y; \ - apt-get install -y curl openssh-server; \ - apt-get autoclean -COPY write_id_files.sh /root -RUN /root/write_id_files.sh && curl -L https://www.opscode.com/chef/install.sh | sudo -n bash -RUN sudo -n chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur -ENTRYPOINT service ssh restart && sleep infinity +FROM phusion/baseimage:0.9.16 + +# Add scripts to finish the SSH configuration +COPY configure-ssh.sh /root +COPY write_dummy_id_files.sh /root + +# Install Chef to run the SSH configuration cookbooks +RUN /root/write_dummy_id_files.sh \ + && cd /tmp \ + && curl -L https://www.opscode.com/chef/install.sh | sudo -n bash \ + && sudo -n chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur::install + +# Cleanup +RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + diff --git a/build/vm/configure-ssh.sh b/build/vm/configure-ssh.sh new file mode 100755 index 0000000..6e3687b --- /dev/null +++ b/build/vm/configure-ssh.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e +rm /etc/service/sshd/down +/etc/my_init.d/00_regen_ssh_host_keys.sh +service ssh start +/etc/service/logshipper/run & diff --git a/build/vm/logshipper.conf b/build/vm/logshipper.conf new file mode 100644 index 0000000..3b45cf3 --- /dev/null +++ b/build/vm/logshipper.conf @@ -0,0 +1,6 @@ + description "Conjur log shipping agent" + + respawn + + # workaround a bug in logshipper 0.1.0 + env HOME=/etc diff --git a/build/vm/write_dummy_id_files.sh b/build/vm/write_dummy_id_files.sh new file mode 100755 index 0000000..b3a21e7 --- /dev/null +++ b/build/vm/write_dummy_id_files.sh @@ -0,0 +1,64 @@ +#!/bin/sh +set -e + +# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below. + +sudo -n tee /etc/conjur.conf > /dev/null << EOF +account: dev +appliance_url: https://conjur/api +cert_file: /etc/conjur-dev.pem +netrc_path: /etc/conjur.identity +plugins: [] +EOF + +sudo -n tee /etc/conjur-dev.pem > /dev/null << EOF +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIVALqX0m7HrKhD4Uk9lFlOIoNydCp7MA0GCSqGSIb3DQEB +CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD +Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDYyMTUzNTVaFw0yNzExMDQyMTUzNTVa +MBkxFzAVBgNVBAMMDmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvM4J/GIu+HH0ML3PL1bl8/BQTa7BCDDEfHD9spkFkOA145OQ +KrBqRXvNCy0DO0hNg50a1343MmN3z/kA2SQO5b6WRhO0XZAs/qJxol5vDwmuhYaj +oWfo1rfTZ4uWTq+/JsxVJlYfpgYdwZ8otJP5FWMoDjWaDRC8ERlwIVLQzDiHdgLy +aZLQA4o/jIj3Ym+PpVQs9ga9VvdTj+GJriYWPIwkJ0CW9V0fO8oQnUFeYe9qsFHM +rcSbXTR19T6TNPICl1VTTHvsgqay/xnW1XQ04cW1FCVH9Fo0FmDWmzofI4e5Cx47 +gD/u83d4e4yTUicTQOapSI89dDPIwVADnTyLTQIDAQABo18wXTAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC +DmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF +AAOCAQEAbOkn3UkoI0j2jglBN1Dz45ne+ujMfQgO7oCFYGwUSZhP717ZkLltO6gG +PVaeI0D4kdLZiGA2IJz4dn+q4IN5T6LhgaChnpBBJbTH5S1popBw1gjxt4YTK5Gk +MnfmRXlPKMgir/EbsyWXVRuFK7LmP20irQdDVTyutxJpH1zwuZnJnlGxPcYVk/Gz +ja+npLxBx0tdYcgI2mxLhnlSRjOdrPPfeKUdtCfr+scWKTFx3AuQP4MW+XjVxBNV +EPkvle/iYWVkbRafmQl5CIimvXsvebXQ2RA8x5Ghs6Y7XXGYRWSZSOzj91o25/aD +kpHAvc5gn9btn7Cc8fDEIMZt8Vr96A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIJAKICRrRs6JwDMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV +BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s +b2NhbDAeFw0xNzExMDYyMTUzNTNaFw0yNzExMDQyMTUzNTNaMDsxDDAKBgNVBAoT +A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpmdcR9BVxoOQLSubyz ++NI5RINhVrVKtgaE8v4R/x9xZRuZkbwCL4XjqSO0zult6fUij9dz5y1M2ggfS46M +Vx0GTOZmxI719sgPA0xmurnEdNd6AwVN0Z30NrXHwlS7O5ZSYsynDY/2h1QWs1/b +zHQiSHsvcIWyCODQA/3ERoogqvCWVS9MnXzy4C3zyyuzoym4yQ/vF1lBNd54G43h +ZhHZnB0zSQk/frdkvQiR+N9XWFDic6Fvy8ptz8N1N9e2uLBxQ1d6L8JScobqFDmC +9wWWrodedOvjJXi1XQMPxsxYhqjO52K5nc8Ejw6Y6ACIJBW0fXd+7/Z1lRoSrtN3 +nPkCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo +b3N0ggZjb25qdXIwHQYDVR0OBBYEFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMB8GA1Ud +IwQYMBaAFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCJ5ft3Ns/1EOw3Jz/lp+ZERorCbLd3 +n9UpTMzJmArtNniGzek2UASrcAyfn73XUzuTdnDvy3e9vzFfjPVwUN8OqKS3tEN4 +20GBHznFOkiv5eLfJNj4DXwKbscDcr1ZdaFfFGrfohXbJeTQvme1CeOUkxPLso30 +z+28r+3027kwY3vtRwoEwZ1U6QcILZVmnjfVqXw03YmlCAFyBDkOnS2fvH9g0Kk5 +l1Gnau81lfhyNs3IZs6BJQ785UxryEJw5ALEx+RGvs0dpt1Rd+T7g7su1kLoflaJ +zGq+0kYcz/2/lmD08iJhmDOsKztQ8GidX2ZoQMgqQ7/kNMNmFxZxVAwY +-----END CERTIFICATE----- +EOF + +sudo -n touch /etc/conjur.identity +sudo -n chmod 600 /etc/conjur.identity +sudo -n tee /etc/conjur.identity > /dev/null << EOF +machine https://conjur/api/authn + login host/foo + password 2f0hya82dg022224e67mm3c59c1118nxdcj1qbrc7g215539jfy57dm +EOF diff --git a/build/vm/write_id_files.sh b/build/vm/write_id_files.sh deleted file mode 100755 index 440246a..0000000 --- a/build/vm/write_id_files.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -set -e - -# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below. - -sudo -n tee /etc/conjur.conf > /dev/null << EOF -account: dev -appliance_url: https://conjur/api -cert_file: /etc/conjur-dev.pem -netrc_path: /etc/conjur.identity -plugins: [] -EOF - -sudo -n tee /etc/conjur-dev.pem > /dev/null << EOF ------BEGIN CERTIFICATE----- -MIIDVjCCAj6gAwIBAgIUTiPoWhMGsxJR06lQR+j85YngHmQwDQYJKoZIhvcNAQEL -BQAwQjEMMAoGA1UEChMDZGV2MRIwEAYDVQQLEwlDb25qdXIgQ0ExHjAcBgNVBAMT -FWNvbmp1ci5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDMxOTEyMDNaFw0yNzExMDEx -OTEyMDNaMCAxHjAcBgNVBAMMFWNvbmp1ci5jeWJlcmFyay5sb2NhbDCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOu6YXmLbIebA3/Yn1Fe8l8WM7p9fNy3 -NmZ0QEKKsgP7/GfDcMZenmznNccw9mCT7dgIeda7UlIObqJTYnpgw2ZHd/lkkUaZ -LdeqpGwIFqKJCMd3oW+J29fKlg1lXVqt3p0uWvAPagolOMY5atJP/GbfhdSdUvf6 -n2n55V8ni8JpWXRgBCqOfMZFcndLVrXVfcbfRIIT+n6JlP6fF16UGiBSp8szAjfY -ZRXx7euvzTDnxIPwUvZKCqkaqWITfwnQbREMNLr2QGTRiQLg0Q4mdYHbQN3BKcWP -xYGxjuUNEGI5iznBDOaSVRaJeK7Of1dmydX43YoL0LVDVkJbwIhRJ7kCAwEAAaNm -MGQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdDgQWBBTaOaPuXmtLDTJVv++VYBiQr9gH -CTAzBgNVHREELDAqghVjb25qdXIuY3liZXJhcmsubG9jYWyCCWxvY2FsaG9zdIIG -Y29uanVyMA0GCSqGSIb3DQEBCwUAA4IBAQBSzpekwAMp6AwBpveZ3eZb7c3iI+Ct -eXYvs5cnoeuHSaHGHDhrCfMiLC7680PbniL/nhcC+YkfeLLF0SR0eiUumGenojVj -SGoVSCe3S5ZwpPGU1GUHOUMsp7dyo41T4GAuTL3dGMLivoED39s6+ya+TiBZ2uqA -sQo2kLzmON2tajuZ57/MC7l3WyJCU2lEeV7RBNpZ3LpSmi0+j8euOwAc8zuj0Pw/ -EK1Hpy93UccyJA8odD8AzYqlw5WnvGqiKVaHO0nRTClxGDpj4ee60vDeJuyooEdf -sCDdrbXCpGIbPT+0iruqphF5dJNqgIWo7xh1l54thTfgSxwXz92Glrhs ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDmzCCAoOgAwIBAgIJALglrXb4SDUiMA0GCSqGSIb3DQEBCwUAMEIxDDAKBgNV -BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQDExVjb25qdXIuY3li -ZXJhcmsubG9jYWwwHhcNMTcxMTAzMTkxMjAxWhcNMjcxMTAxMTkxMjAxWjBCMQww -CgYDVQQKEwNkZXYxEjAQBgNVBAsTCUNvbmp1ciBDQTEeMBwGA1UEAxMVY29uanVy -LmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -wFt5H70OQ3KXlsEUlg9MPKzX6fxo/2ilxzQ8cP2f+JI6is+uLk0mAQt4iDthCOix -bt71h6+zGtTVy/bMq+TPCOBbbt3IWGJqG7azYvZLW1wp/6CGnUAyJZ370Wlene+O -b8shpWknpXNbArsjOk4PQgYhuYcr+MVZOkbJmZSN2YCuFcMnO1nKDrs1u3iFOwao -Vz+eSFylgzXhD+fs3XnpNk3ELVF0L36dFdoJX662A+AQsPWcf5EFk0e0Wyx5R5CM -PqAPulYZpy894CesfNNci+UYaKeIK7ouMCXCEjqZkhE71NleXNDa4fFkERWVUN0k -hkSuYBWEKyudQ0mWlypKPQIDAQABo4GTMIGQMDMGA1UdEQQsMCqCFWNvbmp1ci5j -eWJlcmFyay5sb2NhbIIJbG9jYWxob3N0ggZjb25qdXIwHQYDVR0OBBYEFD8aC/Dh -8EPUjXrw2zvAK4N817yVMB8GA1UdIwQYMBaAFD8aC/Dh8EPUjXrw2zvAK4N817yV -MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQBX -yigtZ3ULsWi3yhW+pbqJU2uuInd8LJZCuy1EP/xSuOxAgIioZM1UvAbu360M9lcB -k9uQTQKzcoPI1nnlSDnuB5+lpK3aCQwo+xYhz3XVRJln3hHkV3R/ytWQrKRLUPKk -StmAm9cUoEWqpYBlQXKO5geiehtb7nBQHH6ERP/JZva5Ico/XMyTFTOYeIXNU8YA -kilkwiY4OIXWCay3kNKgIaiBo1a3JpM7Kq9GwLUAtg7w1pY9q3o6UjH2D7qxgzt/ -d+RzsannAkEQBRSibrucYq5YUhu7yMeOM2kJcklPuubaEAG+2zhY+NobgBugvfh0 -HShpaqD8H/MaTkjBEvf1 ------END CERTIFICATE----- -EOF - -sudo -n touch /etc/conjur.identity -sudo -n chmod 600 /etc/conjur.identity -sudo -n tee /etc/conjur.identity > /dev/null << EOF -machine https://conjur/api/authn - login host/dummy-hostname - password dummy-api-key -EOF diff --git a/build/webapp/webapp1.sh b/build/webapp/webapp1.sh index 9f01ed7..6945823 100644 --- a/build/webapp/webapp1.sh +++ b/build/webapp/webapp1.sh @@ -16,7 +16,7 @@ declare INPUT_FILE=/data/foo touch $LOGFILE OLD_APP_API_KEY="" -while [ 1=1 ]; do +while : ; do # get API key from file in shared volume while : ; do @@ -29,7 +29,7 @@ while [ 1=1 ]; do done echo "New API key is:" $APP_API_KEY >> $LOGFILE - while [ 1=1 ]; do + while : ; do # Login container w/ its API key, authenticate and get API key for session cont_login=host%2F$APP_HOSTNAME response=$(curl -s -k \ diff --git a/docker-compose.yml b/docker-compose.yml index bc671dd..7640dbe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,12 +7,8 @@ services: # package installation on the host machine. This makes managing multi-version Conjur # environments easier. conjur: - image: registry.tld/conjur-appliance:4.9.7.0 + image: registry2.itci.conjur.net/conjur-appliance:4.9.9.1 hostname: conjur - environment: - CONJUR_MASTER_HOSTNAME: "conjur.cyberark.local" - CONJUR_MASTER_PASSWORD: "Cyberark1" - CONJUR_MASTER_ORGACCOUNT: "dev" volumes: - ./:/src:z - ./log:/var/log/conjur # exported conjur audit log @@ -61,7 +57,7 @@ services: entrypoint: /root/webapp1.sh environment: - APP_HOSTNAME # values for these variables are in .env file - - VAR_ID + - VAR_ID # written by 1-setup-containers.sh - SLEEP_TIME # VM containers for SSH management demonstration. @@ -72,6 +68,8 @@ services: volumes: - .:/src - data:/data + entrypoint: sleep + command: infinity # Open LDAP server for ldap sync demonstration. # This service is brought up by the ./ldap/0-setup-ldap.sh script. diff --git a/etc/conjur-dev.pem b/etc/conjur-dev.pem new file mode 100644 index 0000000..d30dfdf --- /dev/null +++ b/etc/conjur-dev.pem @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIVAJ224OZXVc3Ti/TfMm/oh942/lrWMA0GCSqGSIb3DQEB +CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD +Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDgyMjI3NTBaFw0yNzExMDYyMjI3NTBa +MBkxFzAVBgNVBAMMDmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAqQ7oHXKCRcqmMelNtsWsw7N68k9CZrlxzc47TbGE1ZDlh4vR +gvm8hkx0ukd3PXbo+YfUNj1pk+vzuIcgE+QeFE6AUcGYkFFkK6KHfmk0rWQFB/Lz +R0TXdOVGBd1SOH9XuU5u+55BLMfBIZrI3b4KEkyVvGgc5M3tmEo1QEjirTSwmEHN +ZxJUdDz1wIwV7uBiOqZ2OBwrY6uLijgVrIGwlHLIrnuD9zr+zgL+sio1HYQQu3RS +kevoaBUAL+c0AjbKpGV+QSSeRYyC0hHAjCtxDYpBtCBCW08T42+d+c6VyOM6rcE6 +/B9vj/UenMpd2SbC4vfi2d2DogcLIHUCIzsYywIDAQABo18wXTAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC +DmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF +AAOCAQEAuoOzz32s1K1BmYZPh0K3k68fzw3TJQ3UyGuaW3GRuK3jrTdqtUytwg0c +Os+Eg3hcEKvVv9xsIyrFjd6HThEZovldyfPQcOL/32yXkawe+JPGtXouul37Gckj +903i4K5/rgAgmukEwI8EHyVHvhOveE5bjZd0PdEZ/xKNUElGI1ke13a/beWIJndg +tAX0qt5lh0vVeF2avuDv494VjKHysZ1hVHUYJRcK8ys/0LsPVCagu8y+yW9YEzE+ +Zs1NXKud/dKNXIcjKTXBGtOsCiMc3VRomWhhequKjKRDQY35BKY7xlDwoSdKZtHv +Rz+zV8d1eTIJuvvOMTKFXlcOLvx2Gg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIJAMH0h2JdKB2/MA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV +BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s +b2NhbDAeFw0xNzExMDgyMjI3NDhaFw0yNzExMDYyMjI3NDhaMDsxDDAKBgNVBAoT +A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+BDu3PNsd+7ZWn6Pfv +FPErvCu5/TgZPDir5r82gfu5IWY1+2Toeuw2GNSFoctzrbOh45WAgR7dyOkI90R4 +53ByaDRlOcxk8e1Nh59vGUhX9qrYjMA6KhKEtwyAq8zeU0fOQD+LedkB8USb0sZP +qHQ3ap0i+ibjfnxdlU20M0eWzWlwK0GGhL3s33xQHypBXbYI0vrD3L2xXg5JNyuK +8zQX5HBBj5+tajRBZi+lmDZrQ0dpzN32MsJPxOX2d8PpATFLtC1/CwMDO97cxrVh +XHmpaeGwdNgN/K1/beNBSNavGDd8yikkay28bOYcSpIL1O/PYnJB4Rm60jeCU+gI +WhcCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo +b3N0ggZjb25qdXIwHQYDVR0OBBYEFEygD2ACnTL5ROsg6cu/m9hY8kovMB8GA1Ud +IwQYMBaAFEygD2ACnTL5ROsg6cu/m9hY8kovMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQC9YpT4PLM8KNW5bbMX5vSFnvo7rpfV +dqnbYyQs6w4U/RKtWB0i0ehZhDXz97o/d4HJVd9wJAjPr9Eagy4sdELRZ1cpQLT3 +E7TWfDGHL6Q7etxm33YIXRDFJfl7NjRH+cyadL5i4LdeU4yNczQv8dsGTMMxNX2j +K0sr3xOQ+IrJd851vs5pVVq/KS5PSAoFtd7fRFo4YYNihiGAo6VVC1xuyH78mYwH +k7MymVjrDaah9FBDNtWq/OeKIwrPQPRa4bCo4DBBatAuQU6h6lIPkAVvOva3o6HL +Q4i8s/StTXxUC6B428O3jH1vH0tJhPMNL+t7YjJXoaestzkXhO0qhPpd +-----END CERTIFICATE----- diff --git a/etc/conjur.pem b/etc/conjur.pem index d915df0..74fbad4 100644 --- a/etc/conjur.pem +++ b/etc/conjur.pem @@ -1,42 +1,42 @@ -----BEGIN CERTIFICATE----- -MIIDVzCCAj+gAwIBAgIVAPSowHRED0UvlPJ2uDCDDZU/OWFTMA0GCSqGSIb3DQEB +MIIDVzCCAj+gAwIBAgIVALGpOOgVjXiUx6SpiuLsfqZ8kk5FMA0GCSqGSIb3DQEB CwUAMEIxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQD -ExVjb25qdXIuY3liZXJhcmsubG9jYWwwHhcNMTcxMTA1MTk0NjQyWhcNMjcxMTAz -MTk0NjQyWjAgMR4wHAYDVQQDDBVjb25qdXIuY3liZXJhcmsubG9jYWwwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKWx6MLPB5nT9B9wIPGdwqcAccFo1 -YNYwGdbgYMCIRQb5Z8CuZCu4frhiQhXAvawAK5fIlgeaAj+J6hgq9TyIjss0izmQ -3+y/cbs6AHoJLb0gi2ZPwcIwhPc55Pi4yAy06tqLHp1ba+dw421OwY1YjhLhoDuB -t+8R3bfdnOdXnyD9bdxBmDxhmO8vjvrvICKAI6CKdbEr83dItj6fAUaPzNCRS5g0 -ybc8xLcTDqFWucSBZ+bejfgkxKEAkGuuawQFCejRxoD2G08y+SvmMLhC48no6bFu -JbJFpU4LZoFcBSJMb1ENowQCZwv9CrgoX6T6rqDwFyVXtP1QHVAfcN6bAgMBAAGj +ExVjb25qdXIuY3liZXJhcmsubG9jYWwwHhcNMTcxMTA2MDM0NzA4WhcNMjcxMTA0 +MDM0NzA4WjAgMR4wHAYDVQQDDBVjb25qdXIuY3liZXJhcmsubG9jYWwwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaquy+0hjlWiZLe5k9oaSApzRNmYlu +i3Y9W43+qS/duJuLMAyaHiXxd+BpskycY+kh2NGd864cJfogmkIRCdxdn/HHTZ7H +19dquVZpm9zg/wwtKapRD14gbivZnSuuw+gzw/lYtayXcFJC6RroscMUA3k8RFCG +XLJ6b6E3k5pRRvyHeDIYT8qbiKIQHX0f7OjwGRL4X/RWGor3HkJNL1NPBT0kOYJd +s/uF5XtgwH2N+IchtqxxBPaxX8/5yikvhVRdRUgzF0HcEBV+Qj/ZnOc0AtYg0I9w +T1hF1y2BRvaPKzbmTzqgmtLxWqwf/loQC6e5wkTOGSJvaG5pHI81Fm29AgMBAAGj ZjBkMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/Y BwkwMwYDVR0RBCwwKoIVY29uanVyLmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SC -BmNvbmp1cjANBgkqhkiG9w0BAQsFAAOCAQEAVLaLsbhJfsMF6NCOsq0KeZFiz77a -SwUliN1jxfPd4nBS5qLmaMzPaFjeeLylYZQYcLKMAV9vZswe/Ae214rgXILcg5nV -9qW14hMxN2FAvyypS/Vyu0jNfjMLBXh5XWa5QGhutOhiBAIq5lf2OWLjIhTVAtjE -UeYL5XdYe7Ohaip5rSfpo/kn4f1nZBN76+aNq6I1uwMzlqUFDB3iKfuhcil4q7ID -2wX9Q3WQquwY2n34tGDy+z+Jq0oRoKsXWWHSxoDBdg7s1wFe6vS7/dE+uQL2cCZ/ -QD9O0/9ZmnwtF5P5gexb5xeXeSD2SDqxDPJRw773lijMrICLl+jFKjex4A== +BmNvbmp1cjANBgkqhkiG9w0BAQsFAAOCAQEASWCgZaSR7jLPV169Cb81q/tGFOgR +QmsAhS0gjO+mvR7GWXcu/wT1OZ4lFKuPBn0XHYXWrf8CifQjtB6MTEmsvEE+MS8o +7zh7rTiRhRf7QVGjOuzUb+z8D/ShQZzLO1nTfjdDA4bp2dThtUcpakU5XGyOPk75 +T7LMO/YdeM5Na1HDNvNoTLTOl4CJVwDp3w/kTR3cFBXEfJxqU53X1ncOF+KDdHsh +qcwp3vrLgmmXrf+exBvZZLq7vi9pwHkbu0I5/PvydiuwN/MEmhy76ttxeMNfY/kD +WMQIxjaMZQb6TmGnPKJ3anxtCj9gY7C3PF8hdQp7V/ulM+Z/6F4wdiVyVg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDmzCCAoOgAwIBAgIJAIygNrI7RdilMA0GCSqGSIb3DQEBCwUAMEIxDDAKBgNV +MIIDmzCCAoOgAwIBAgIJAOuFDc1d30TxMA0GCSqGSIb3DQEBCwUAMEIxDDAKBgNV BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQDExVjb25qdXIuY3li -ZXJhcmsubG9jYWwwHhcNMTcxMTA1MTk0NjQwWhcNMjcxMTAzMTk0NjQwWjBCMQww +ZXJhcmsubG9jYWwwHhcNMTcxMTA2MDM0NzA2WhcNMjcxMTA0MDM0NzA2WjBCMQww CgYDVQQKEwNkZXYxEjAQBgNVBAsTCUNvbmp1ciBDQTEeMBwGA1UEAxMVY29uanVy LmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -5bkt8wilp+xqLemcxJwD3T9PqrsOIu45bXzYewzBFRbPRirivZDZT/hmHqMGL4vU -ZZRAWLpo5+hh1T8We/eE5ABrfBZjulQ21if1niltVSmooojUTcVP/ai0b/VtAF9g -wc1SjABqvzzODUwQdRoZqMuyZDmpbC0A0TbocFHDkBsiSFwK3J+o0gQMMVY74VgE -iXT1oX19m2EWM529SAtQe8hl6DsWucFI0rEcXuW1VHyQmLm3zJUCKIPkncodVxNl -dhRSLuWiyUlBcMMRbvjx33qjjhsPnVC+gNMNB95tuW3qyapQ7rGncTC42NQYon9R -WUKDcG0L47DuvywuQIULTQIDAQABo4GTMIGQMDMGA1UdEQQsMCqCFWNvbmp1ci5j -eWJlcmFyay5sb2NhbIIJbG9jYWxob3N0ggZjb25qdXIwHQYDVR0OBBYEFPp94FHn -nh16rKZt7Ef3yBLftbeoMB8GA1UdIwQYMBaAFPp94FHnnh16rKZt7Ef3yBLftbeo -MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQBH -kfpIUJ80P2eSLjvWVLbl+hoK51IZElxXBeY3QSOb5jghQV++WMgvokq6qlHXeBXP -5jhXqG/v1jBZq6DtkxCrTdOQbzK4wF/ZQPJ97TR2Hraj69/9Tyd81K4E7ls9Izay -pfa3/P0aHsAYNB83yWZR090iTQBPtaoAUdlH9qS1/4Ckh2gqnuT9vhg6nyIoznio -/ofrxN3bfotMFjGgZK40sdRU9JsQObVnEiXUWvRRZXQhj6WKrvLA+EQmosuIjanN -rdXw23n1Sff0xDx/NNMOqQsl7ZhFg8YVb685aqm9aE2pO8LfTihaQmfwQBm4QBnJ -mQs2avVl8+uu7CwO3p5i +vKHa81j5naUYbrLMDtuSPC39GFirONJX0OeTcoCD1XNh/d+Qq3KLEUAhDWKwHZyv +rhc/t+oC3fpSIyEEpwxR/NW7I+zOdC4rvnkW152FuQc81tMigW86Nc+7WxPgDIdY +IVEPeOvDJUz9ztRC8me/NPmY3e+FzOiBQSget/EOLZJ1t2yVU5eEk+WF9pWgmUyD +loMvlXdFPN1cc60S6ypEYusJKWtBPzzOpXRy+j4/x9D5Yp8xHQSXv8oek37yuA8+ +LumbOOu2HCGSbN/1hcgtu7rfG70NeOzAwJtjNHVTgdeV0N5TZVHyH3l2AoRHIey7 +r3FeHDR9hwE2i3jaHmGr8QIDAQABo4GTMIGQMDMGA1UdEQQsMCqCFWNvbmp1ci5j +eWJlcmFyay5sb2NhbIIJbG9jYWxob3N0ggZjb25qdXIwHQYDVR0OBBYEFJ7+m6Ss +13pslEGIBxY+mVcOBtkyMB8GA1UdIwQYMBaAFJ7+m6Ss13pslEGIBxY+mVcOBtky +MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQAX ++zKNXHZgHIk6+zmA1LdLqxYVqFkSnoDEqxDvfWBhdH7lvOK60TM0w+YQu0rswXV2 +CsEDYyxSTvMug0MRLe2M87KaR3B74tEOSkuQlw0C4u4mzIcrOo6VhiL49pKoMprM +b/XhqBOj+PED+xa1+f5IrAptS483SfWDxhGsZ76otcucQifFdU2oV5XixUEs1Z+2 +TfkjjU0jiXsgwQQ2XLHm+yKlZ1hTollaZCu92Br2bCbGbA4RPUW1Rkq7CjC0GJp4 +mQKc99fhbyxmWudnf8dZarhS5uX4n+x8rPUPnrNmKS+IE5IzzUKPFotSKwHnHIwX +Ocatge0DTnqn5AjVlUye -----END CERTIFICATE----- diff --git a/ssh/0-setup-ssh.sh b/ssh/0-setup-ssh.sh index 6f47f4f..cea2d8a 100755 --- a/ssh/0-setup-ssh.sh +++ b/ssh/0-setup-ssh.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/bash -ex set -o pipefail RACK_SERVICE_NAME=vm @@ -19,9 +19,7 @@ main() { docker-compose up -d --scale $RACK_SERVICE_NAME=$NUM_CONTS $RACK_SERVICE_NAME printf "\n-----\nConstructing & loading rack host policy...\n" - cat > $RACK_POLICY_FILE << EOF ---- -EOF + echo "---" > $RACK_POLICY_FILE rack_cont_names=$(docker ps --format "{{.Names}}" | grep $RACK_SERVICE_NAME) for cname in $rack_cont_names; do echo "- !host" $cname >> $RACK_POLICY_FILE @@ -30,26 +28,33 @@ EOF docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh/$RACK_POLICY_FILE - printf "\n-----\nCreating host identity files and copying to shared volume in CLI container...\n" + printf "\n-----\nCreating host identity files and copying into containers...\n" CLI_CONT_ID=$(docker-compose ps -q cli) for cname in $rack_cont_names; do + # note: conjur.conf and conjur-.pem are + # copied from conjur container to shared volume + # just after conjur service is brought up. + docker cp ../etc/conjur.conf $cname:/etc + docker cp ../etc/conjur-dev.pem $cname:/etc + + # put hostname (container name) and api-key in id file api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $cname) - cat ../etc/template.identity | sed s={{NAME}}=$cname= | sed s/{{PWD}}/$api_key/ > $cname.identity - docker cp $cname.identity $CLI_CONT_ID:/data + cat ../etc/template.identity | sed s={{NAME}}=host/$cname= | sed s/{{PWD}}/$api_key/ > $cname.identity + + # copy host identity file to container + docker cp $cname.identity $cname:/etc/conjur.identity rm $cname.identity - done - printf "\n-----\nIn each container, copying identity files from shared volume, then deleting...\n" - for cname in $rack_cont_names; do - # note conjur.conf and conjur.pem are - # copied to shared volume after conjur - # service is brought up and never deleted - docker exec $cname sudo cp /data/conjur.conf /etc/conjur.conf - docker exec $cname sudo cp /data/conjur.pem /etc/conjur-dev.pem - # identity files contain API key - need to protect - docker exec $cname sudo cp /data/$cname.identity /etc/conjur.identity - docker exec $cname sudo chmod 600 /etc/conjur.identity - docker exec $cname rm /data/$cname.identity +# docker cp ../build/vm/conjur_authorized_keys $cname:/opt/conjur/bin + docker cp ../build/vm/logshipper.conf $cname:/etc/init + docker exec \ + -e CONJUR_AUTHN_LOGIN="host/$cname" \ + -e CONJUR_AUTHN_API_KEY=$api_key \ + $cname chef-solo -o conjur::configure + + # finish configuration, start sshd & logshipper + docker cp ../build/vm/configure-ssh.sh $cname:/root + docker exec $cname sudo /root/configure-ssh.sh done printf "\nCompleted bringing up %n rack host identities.\n" @@ -58,3 +63,4 @@ EOF } main "$@" + diff --git a/ssh/cjz.sh b/ssh/cjz.sh new file mode 100644 index 0000000..9788269 --- /dev/null +++ b/ssh/cjz.sh @@ -0,0 +1,67 @@ +#!/bin/sh +set -e + +# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below. + +sudo -n tee /etc/conjur.conf > /dev/null << EOF +account: dev +appliance_url: https://conjur/api +cert_file: /etc/conjur-dev.pem +netrc_path: /etc/conjur.identity +plugins: [] +EOF + +sudo -n tee /etc/conjur-dev.pem > /dev/null << EOF +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIVALqX0m7HrKhD4Uk9lFlOIoNydCp7MA0GCSqGSIb3DQEB +CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD +Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDYyMTUzNTVaFw0yNzExMDQyMTUzNTVa +MBkxFzAVBgNVBAMMDmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvM4J/GIu+HH0ML3PL1bl8/BQTa7BCDDEfHD9spkFkOA145OQ +KrBqRXvNCy0DO0hNg50a1343MmN3z/kA2SQO5b6WRhO0XZAs/qJxol5vDwmuhYaj +oWfo1rfTZ4uWTq+/JsxVJlYfpgYdwZ8otJP5FWMoDjWaDRC8ERlwIVLQzDiHdgLy +aZLQA4o/jIj3Ym+PpVQs9ga9VvdTj+GJriYWPIwkJ0CW9V0fO8oQnUFeYe9qsFHM +rcSbXTR19T6TNPICl1VTTHvsgqay/xnW1XQ04cW1FCVH9Fo0FmDWmzofI4e5Cx47 +gD/u83d4e4yTUicTQOapSI89dDPIwVADnTyLTQIDAQABo18wXTAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC +DmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF +AAOCAQEAbOkn3UkoI0j2jglBN1Dz45ne+ujMfQgO7oCFYGwUSZhP717ZkLltO6gG +PVaeI0D4kdLZiGA2IJz4dn+q4IN5T6LhgaChnpBBJbTH5S1popBw1gjxt4YTK5Gk +MnfmRXlPKMgir/EbsyWXVRuFK7LmP20irQdDVTyutxJpH1zwuZnJnlGxPcYVk/Gz +ja+npLxBx0tdYcgI2mxLhnlSRjOdrPPfeKUdtCfr+scWKTFx3AuQP4MW+XjVxBNV +EPkvle/iYWVkbRafmQl5CIimvXsvebXQ2RA8x5Ghs6Y7XXGYRWSZSOzj91o25/aD +kpHAvc5gn9btn7Cc8fDEIMZt8Vr96A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIJAKICRrRs6JwDMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV +BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s +b2NhbDAeFw0xNzExMDYyMTUzNTNaFw0yNzExMDQyMTUzNTNaMDsxDDAKBgNVBAoT +A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpmdcR9BVxoOQLSubyz ++NI5RINhVrVKtgaE8v4R/x9xZRuZkbwCL4XjqSO0zult6fUij9dz5y1M2ggfS46M +Vx0GTOZmxI719sgPA0xmurnEdNd6AwVN0Z30NrXHwlS7O5ZSYsynDY/2h1QWs1/b +zHQiSHsvcIWyCODQA/3ERoogqvCWVS9MnXzy4C3zyyuzoym4yQ/vF1lBNd54G43h +ZhHZnB0zSQk/frdkvQiR+N9XWFDic6Fvy8ptz8N1N9e2uLBxQ1d6L8JScobqFDmC +9wWWrodedOvjJXi1XQMPxsxYhqjO52K5nc8Ejw6Y6ACIJBW0fXd+7/Z1lRoSrtN3 +nPkCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo +b3N0ggZjb25qdXIwHQYDVR0OBBYEFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMB8GA1Ud +IwQYMBaAFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCJ5ft3Ns/1EOw3Jz/lp+ZERorCbLd3 +n9UpTMzJmArtNniGzek2UASrcAyfn73XUzuTdnDvy3e9vzFfjPVwUN8OqKS3tEN4 +20GBHznFOkiv5eLfJNj4DXwKbscDcr1ZdaFfFGrfohXbJeTQvme1CeOUkxPLso30 +z+28r+3027kwY3vtRwoEwZ1U6QcILZVmnjfVqXw03YmlCAFyBDkOnS2fvH9g0Kk5 +l1Gnau81lfhyNs3IZs6BJQ785UxryEJw5ALEx+RGvs0dpt1Rd+T7g7su1kLoflaJ +zGq+0kYcz/2/lmD08iJhmDOsKztQ8GidX2ZoQMgqQ7/kNMNmFxZxVAwY +-----END CERTIFICATE----- +EOF + +sudo -n touch /etc/conjur.identity +sudo -n chmod 600 /etc/conjur.identity +sudo -n tee /etc/conjur.identity > /dev/null << EOF +machine https://conjur/api/authn + login host/foo + password 2f0hya82dg022224e67mm3c59c1118nxdcj1qbrc7g215539jfy57dm +EOF + +curl -L https://www.opscode.com/chef/install.sh | sudo -n bash +sudo -n chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur diff --git a/ssh/conjur-chef b/ssh/conjur-chef new file mode 100644 index 0000000000000000000000000000000000000000..adb5fd36c29bb20a515d239611a8888c1ece36df GIT binary patch literal 308902 zcmV)3K+C@$iwFR_qkdNa1MIv9Kvc=HFgyeaLyjUK9FhcK$QhKJBqxzP%nUFv%)kVa zpeR8=RFYr<$r4n8f`W>GBmo6fK!Spp5WxT{f(qZ6VQ_Wt?%n&o@7{g?|DL7L=X9v5 zuCA)?uI>W@hYcd(6(RpgP*PITR96Qmsm6M$q@uQ-QUOp_(Nxt`S5el`R0WijRh87# zAb|RRlq)Kb2t+s@WCaO6ps{~m53J_z|4;Bx`|&;f{|O-0#~+5oA%anObO08INBz5L zfb!5#Q~UGrS5{H}-T14kE2}^NrGGage+2)_#~&7eCPK|oA^vC#3Wfod02+kC2BWbA z7$Fb}^CMxA7?dJ39EC;V@QP3bS`kMghLVU-vG0$H>na2T#RvYV=okE#V8i}R zoP3;!{{h=4!#}rwWi=%wwcpvln!1X{FZ=(SfX0Y~RE9t}!AB;@dJ0MUJKrUukBZat-;meW#G`XAbGQd5AM8c@@?^^}HM zkCvL!Q&T2t%1KQDYHC1Drbn6Kx zdHy$r{OSJx7yN=>@IM%6=uMnVj3D1P1pff!xfTF_e5rL>HX8oPLV$KXU?>3jtsX#4 z4XA0{dirZI@C$yyFZcz2Cv2Sm1)z!lnZtj`U!VW0DXISc{9j2``Pcd1-vK`z{S%_F zM0g|ujtE3S@gzSS0v8I448cI^>+|0x+W7Ccs1e&{##e@0SbYpio#anh4UwDt><=^8?4g zqCn!`X>KsFepN+L4u%ea2cV!(e-xZZ!lMX^cvL73Pb7T5tw0DxA*h*@Zv1v-f&56V zt@ywD#=?gEZ^#{#_`jXTU)aB@lBUYBXs~hDSg1y*40DWaJQ3>laqzdF4H|emL}3(fYc7KIvy2( z#$j~;5-s98Cb5|JXZF z&Ha6%QFt7fgM<^|KA~`8AefB?>to;~$Vv`)e_2sKPZ+N{Ih5349<5^Dhjv5>iFWAElx3f1yki3V%J& za4n>&hBo3ahv7Q~D1n3~qJFXrB+4I7!VoEK@Fc7c22J>mK>>6K2y`gQV|{|r(LrF) zpw4*xX)z_mBmT4k#g||({|tdYIsjY;tk-}OL4V;#qH;_IYDMZBC=Vpa51JVDTMpO? zfxv+y2I@BnK??Ds2zCQ7xBxWv2bW`PXKUr+=ws;OY+>tTZD($2yWt8qAQVm@MBwnq zKWk)YZ~2?E+Gw=V4>;NF{j0peLqjoWil-&vF@HeL-rm~M(AL=0$Hme5_goSP7#{=* zPel8p5pW_ntm40K?&M_cV{Gc^Y-wg`3_4f}0`dRd%clP^u(AFFr^+C3s{N19_^bV& zhQ{yjf2*l0|GNMAw}9SGaAyR7(*${$q%W=vQxXSISOgA<#s=t%yEvOEXo>IK0o9}G zhY5;+z@tOSzG(-PS&uvq>{wSJh41?`h4l0e$TbJ;jYDFq4XqKz>&I z@x_mX#vq-*tsD44eKQ7|!Ldkk#&?<_FnB1qxP-$%KMq6S@F;MX3A!*8(umvw^&5Gx z2^=3lBGV`2e+x*6DUt|y zMRG_6g$)P%;DkVOsKz-EO#s0Ea4g{HY6IA>DA^{=}fRl*05OBGI z0GDS`;4%pg<_4kwvOR#9kf?AJ1{X>;H_)+!qwzQ_<(U+U!vYATH0Wo*eIkg4+y;pT zS9L@jK8nnP85&O@0ud;H9LGWXM*%nz9z;g~>mUI=GWs1J26_Rg5CV$0!%Lomz+nBA zvOp#CkE2)(93v0nv%`Yy`I9gh3Txl15J;iqr7wsx5QPW31#SQVLLit!sX-ujQwMBK z1{5L?2Z)0*AZG$9Fcp}Z!MXv713Rd~f&S1*aJ8*3P9~=CW8LqbQk>jN7cA8&Quz1B zVKBG|vP>{&EJz&f4@BWeKm?pzjwAbNvLMJDP+c|r%WbBiJnWyJvrKpCd21XBhGC{S7;rC<~Q2MBO~P}HC?kny0x;TS+%QijrF$-O@y zjD=BNf2I-(!~i~&40uE^pkM|Ar1ys6!C?i&Jv=}>%5oa&>Z%&sB~|29)WJkm98d^A zfdy(C1?uYs8sdPLmw2o+0J0eq1MH;;eqHPomHa^g!3{td3DgBpNr?c49CM(k>K}0@ z55WDv0i}o)R8KI4iBmA+QJ}BI0?Ob^>`y8OZXZw~p%j^aSLhAZ`%#P66_%`5cw7jj z)(@p1LP~7)yETFQfHldSf-?<(@&{Mk!X|PZlfcq0cg;G#J;8CEu0AL#;nR#$C6%YVQliUSA9H{&uIB?p9g6av5uL2Sr zNs5k8LMaN87IrqKlqn@v@dpkF;^3}h+crRf@UK-@l>FJ0$f^OQFb@Epu>VUOU|X_* z`}hQc1_;XF&(V-85ELo$@Bu|5E=P_R;V2s?YPbE#jn^^7ic@+P`42gSpK`p`H>c!I zP`mKG2-J2Wo`j;5`=cqeu;e!qmh8{gt3fHGWn`!p33BD*kAVm1=qtwpJM;k+Kvots zZX}uzih+aflI-sy$fUp?BTz`_I^iFBAgKW8>jQFVIgl~1AtDe3Di2vapyi_Qa0C$@ z4!VRu6b3{1jcdy2%xU&0FpA~usW!g;3NsMp|V2}bo+`}(AUaJnw#4A zkj1)DCjhVXQw2{f*&~4-H-e&zL8N`CcVHN(Qzm#zRf05CHPZDHn`<;!iyP`nQPOvy45C!t- z2Qme$n-7vQNm81ST@%@QK?`3uUKlxM3i|QyrUq)m@AaMH0e_o#%-|p`ij$x=AtU{f z7ir18Kck41hKa9-XEq!i06IFbM^K3k&p~Ez{Uio2zi#Ux=zu_SH^@ccbV;TMRwU1X zRJ|tv)Kep}+JH*F?xn>5^0FCpvSfEgUP=QB;Z)4PZ^I4tiBkK|>&5`)j;8iLcJ|Je zcD7FX;^KhkMkP;h#6tne4SS`mTK<6o#g|KLcsbx_wQ!~?7N}EzG_~8(WY`{D1QFW#q+O-_70Q0RHRW|EsI0s{H!?|L*|m_#2_{!346- z{wHYsRs2Uuw#+If| z(2YYf==$ju`B)rAdET&no%KBm)ZEd~-hzBb0Nf(WsKJzA%CgY)!z*wjOY{LZtH6|%WTAghNGXA7$bP2_$SA?oV5;l5D7eA)N+5cr^(+D*5UBv}55mz@+&`2> zkwSjX`nj?)OnHOJe?UxWstQw9Ccpl756IsPRQsnyykUgE{|Jr0TK{RNYy9K+&oBG` zTR=i=eHR5M1Of`ENGOz|30R!I zyO5@i*GmSKmiTzbnzj8C;9$BI3Q`i+eGpEeLNjS0vp5e5++@E6^a1X27} zKa>P^l#=zw8@T^RpxVE&g`usvskNOsECl&)r|}o_zp|!==0C3gm44a(-vJT;Wy*y@ z?%H-;sl;$PqT*?>B&a0Rj;f`n|m}xxF10_ll<>_@7m+rwD^W$aaSTQd(4h#Fvj%b`HH6G+2o8_> zjXYT25fy>M2Y;_fW(5wCg=02^^!-B5IvG`%8kvk4I&%FQ5;?+eLb-7V=2Bx-6akP& z1!N=;het=FkmO5}1Ya`qzKXce4bMh)_`VcTqTomX=MNT=j{qq*t|?_3G$~qPjKfop zIFKkJ`3#UMvmaQXR#(|zk=*a~`+$H9@~3g5-mqIg&_g3O#!z+xh4KapL&~K~z#5Gu zMQ)tXZB(L2+=L z3nqn9PnJOI0a+kW!{_8_5FAu0o0QW`3N1J&14?58Xc^z_pQ;k%eg1#f_a7=sfAIZ> zrs^;M|95}{U{6{<#2_ecoW7$`R2NAI#F4<2o*xQW*A3*luLV_(65ghm11XexqzbAs z<>VanR~v6;=S#h zfB+O0g{N3Eg-1XFD)EN^{r(pWp_ZUd?}TD;fuMnaRtrT15(7ygegqiO59<8=2}JK? z=;ZVRLMV&?ClD0YKYsy>O-(GF?HrwcCQ1Ifh4PgP`FociK5_Ab2SXiAT`ip~?QEgW zhUQLkP+|zU)&sr0k3S|V1Rjin$^G_B{-h>^d~6ThxDEtTM-j=h0Rb8k9O4fH{XEEo z1Ym4uV{d6~Y63|7zUxpprF(KP9QYF&g&^}oegs8G{*3`U1Exp}`THGIBuG*b53VT{ zDc3uw6VK0GgGInWmxG7G@MH%K{r*eQA04^=g$>v#uqBvmd~-ux;zP|za6FPcLQs1= z4ncV!3)tA^Hxf|FpBj~;d};>$?RzuIV+amO0!NqfygrRn9)CNP0HqU-B{%kq#)IU+ zhrodK6wD`oLL>oDLRf()jQ{U-1o}O=1^qe9_1mXK_|E?m`7>9vlktjTcm5oZ27jVqhi@<(T^T~)@*T1d$ z{V;8Oaz!oPkhU`(9*+K*J1C4u$)tQpMZS!K$Atpqi5Q8aGy~--_rERT@e6*0jrkvg zf@48{`5%b@{Z;%&MdSB>|5aT{_1F2&-vU3yeNco z(=%&878~XWTfVSR>BsGVJ%g=(#?z;C`(pj+)*#YupP?Za@ZUUe72CSsVOjC)e1)@| z(CgO+S2aH4N?l*xT;LiS>l|B&E_J9HF)eLsXm(vb?6wwTW0h~n>mjDrktBL?=MGWi zYvQ(+jBf+`*Cg#c`fm;$+sVVO7qj|0cxc6M_3Ts27dN+lSaF?T&65#G2zkjI_T3%nW7=!0U51~vEn059+<&94V6A^qa#7TDcepaXO=!t-^O}!H{pu5v@>>6U z$;JIUXTBZyw6=0^b!Tr@{{HPpjjyOD=SlN1iqx)d{<@~B|7v-1-xbp5@QAgUkcxnv zUR#w!jzq^!d>yF_K5|5CWfHP_bAf0hu=X{#e=RdEYV$ZZOM+RP=bO2nBPLxRg=zLP zW*`o0apntk6vd*Jy`;JIdy|eeho1j*{AyTRH(LxB(Inm2IF&{yHSQ^{=apJRgg6;Ucu6=ZG zL&xLSbnmNPuEguYP20E!3nn?*1l%W<&R^w8(BD-4vOOoHgP%7>RQo}TOmi2^NJ6-` zbNEoa>j3-8!|{Cr6ITb!S@0`d#7FND0<@x>rQ6S3YvyS>IvGw}lCxY2>afadI>dH4 z;q63fH;q8;Ub=U@Cp)ZaybAAgOnGqn^}DTda}B?p@I8K|aF@$Hx2t(a1(AU+UGw7U z^V=C68N>E-9ln-eYD`ZLdnU<5uyajNJ*1RM26>>*0ek02Pu`iAw>f;sFJ zm>Pv*t71b)c}Ph|Cm-&F6IWmbX&g*jAaY4X&s#XJU` zZfTZiqjhXsiOcAEWpB*%d`fz1Gk>Y!MOPD+q)kDWCA3@A=#p78Nb^7{yz_qZ{iJ)n zbd%puzI`dUkC4MLU9~5b+%yja8&}cJwOHMAPz?0&UTYek`*cldVm>$w5fx8gs_{X< z#hZUS{_4o^CJg}#s2DasnVDoCu62y%(Gk<_#PhGa3pkh`rqYCa!Q~X`IAr$SWW4Yu zTwnN92>p?>Q0^GR1b$ZfqYMxBK++UsT8`X1MSH!l>=~y_+VjSn;>j`#1*6!P-t@7j z?sM+uIPSbu;MCeT68 zjaP~h54GiZwUzVIQF^A=^kE{L6AUudsBdv=tu2>G&mofg`Pt8Wt%N+Isbr6&@0EHL z7E<1YmpPmesBe&~fuXr8*W9S@ju<)WdB|cc^Y(rzzw(L%U@YXEUF_&0f^kIY%9f0p zfJZd5Mw@x`(2|k&>`O>XchMY7CI>CDbD!OXa!NJqtC$GlxNu<8QGOoqHJ z!D!IdQHs*>F4qojJ08vbyrG)0E?-S#=JPJ>*SHtW<+U`f z)e(~krHmdo%C1RuU2zw=(5%qUg8jH+y2JPmjW1XK0pzJb@zDLl+a0D46z5{Z0!`yM z2aX)vw*5LU!ncDnt#6A|Y`J7?xr*ULBcmL9@e>;OE1exvyZa{MMiUeE4Au;*IYPoN zxbiucC|l;f^(Y*YD7l*YbRQ2Riy3gh#m3h~?I6vo)Hs2G7pKyl1-t|d<^sDG#5-0= z@;75SuAO|Oe%ejBrEHj_2e_Xl9v({)4s6pb6XJL(Y{m@PHkWa=uBb}Vcp-L+Mcftf zw(VWpHLPB%9S<>R1LUR~668haIy!XX$iS?ECmhxX}`1{6u&wAKA38`d`)~~AfS1v7_ z$0ZXqp!5yOiHN$~_M;8~G^RrbUoZq`Zle>qAu}x3o`1cZ*()BUCTFe`acCOVuRgBdy^R75xy2#WXdSxh#l3op)05V9O%9 zvHXGk1^4a48hx%qLcvT{^GEdsSgvq5c8@>3(rqMg{G$5o3033D11IA@$;HgLUEC~H zKb+-WRquRZ=m-n4vS#rrKV0_E4kixy8cu0u#o&5BmZ-j|yUKC1vKN$Z0ui@{3s{U? z1Xv-@{F_`ZuQD5-FwKw>pE_S*CJym)vO?rAw-7EcEvoo%Al+>z_b{=@$~AbEk9-V0 z7q_R0XTY<#^ms{WX2|_#1}O=ZlUvrBu)*}O+`>oAfPBxjy_|kfv7NWW8V=sPOlC-JA<@Jrb z>|=BjPZXHb0wP1cp*|i&G6^_gRHpGMoXtE8`ax!GioyK)t?6T(IysXc4}7jqNlcb3 zE~pp09Z6)k8r4EPb=h;D(}^Pz6C!a;!#t@5m9vKgIMox6-(yivbn({YCQX0Ykr`vE zZw0SXYj=T4)+Tp#&nC1!x=~09WEAT@1K4F}Rtlc1RJ$m7T&eD$0mrRmx@hk>E0)bK z6Z4<1e9oPf^^`P-+H{d?G5J9t^N#BxM6S&@SKZl3q#I$iY3B_u?}2q;zl^06b6dTT z(v+dAju6sDz6M zpQ2+Bhm(oB4y$uAr(40y_qQMT$b~<|E*B&@VpJq+IeT7VJI&3*R$Lu7iy9b4gl$Xa zjgHg#Lh3bg%6L#RH_m#Cy?mW+kVtI1>)2+ZawzH;+$oiwNtfv$(eJI@r{_u#zT3Pg zokUi)0nt5&^aC&XDoUN=^^%*il9RNVhK;>q8&>~7>stLhoUt1*l|A4n)>Jiocz{+s z^?ctnpS>f!?Ne`DX8X4m!L|$c#4;XsJZ{OkWvy|CW$s~VG%S~CGh`MCv9GK-m5e(4 z=78tK@yxk6mQ2h*-Q-#*9`k{YYd?>scY*2d19widDr^!FFfl8Vt^tZ6IcDQ+>JfXN z(?*Hkmf}85SCPt6e)Zw(o|{Ejh+BKf7Cvv$z4|7GMcTJ>>Rl_i4ETf z+4a%ul<}qzwk}_Kwffm%K}GMo4YNwp)jE>>R>o52`KNJ3MTm}Ldv2|m#dZn;(j#%F z%{a97bKeY+4mt$O_;MYxJZwy}yM%;!I5=ieSLb@6y5CLz*|XU_Qr0D0pN@M>vc%Ed zN{laQd8M0wHR0m};e^L1#~WwrjbFN6r->0ruvH1J&#hnSDEquc$z;}3{?yKb$)o(6 zyoNKa}sCboiBXeq4kPpJhDqeAWFYH2A?}wn~2eVNRM6R_0jxkGs+CW7UOsMRY zj6%1FIQMG$iBoFj8Z^4WLLcSg;*&5~9g&6(frHU>JJ`5gh?jd@WS7n7)6ZL5HjHq6 z!=1m;*U;3>LwCM5BKQ%Vx7k&FQ`&9J=oG0ADV?iI5SnpqKW~+Z&KX%Nof}84c%g*$WG<_xjcjmR+H%)wX`N zr|9C7`O46}=LR?KV9Vpq__T0GD?LDbavCfxQGZPr{RVzMl zmyaMzWy0Bn3IW0U-scX6Pi^+&Jx~*`!Dah!FV80?8qXfK&yJqcNkY0dm;~>op$GD= zvnFTu=)7)3%Q}fTSEN+BxD4-VtoIh2#)K*F`Fu!K^Z8KMd(O461IiqyX^aP@IzDK~e=c?!gj6tfq|rOyfz;Qo8rhtC ze2FJ-O2)w}zM`AXydKNTWlYL;)#yf4KYIEomehWEf<;o@T(a2g}NEu(Mu5|HG;Ib&%xe( zE^oA|60e|ZmzrLgGAv&JJh#o}?IHzfn>8*XYFaMi2L}n6Wv(jV@)+8=+ZVV-i9#bH?k~#inFkvhv-Ua>qKI>w-2XYe9M8 zb(PLkb)F#67X8y(gd}!d$SJt=aPR)gcL`k=51tD*yEc+#TBcQv-oG?R#rPAvrnd*RUeV>?JhvO(;NyWDdHCqC8IL5wRpg)&BU6_5 z%c1D{yLgxaLw!%+P~|@L$iT&-zWz^s}u65w}j9tWR|?drOd2r*~D< zd}Q$?g{JWFl3SRak|I~GX@m(M+V>J;gO%cg}*y$ot{79;5y z7W3{w=OJtv0$esUu0^uP3}9@PXIrWRKObR3?7g4N@Sy!uXuFiQh&uy*@aXoWDy^zT zh@e~P(L5!rxL|jo?Srk{V{+VT$On1J4Fqk8WV;r>COK2l4+6uCr4zXt*OqVTZTV7N zeCtxyjghyd(Qi{`Phi$uX!anxSA%1VYirh`kG?$7aeUy_0F9-sWnay9Pd0Zc-}5~f zDa1<32L?duv8Ic=s_C~L1;xPQdw~)ixL_fBIREQ6$3B&e+XBd=Lj*5v!I>{s9)Ey}!%>S1l) z=6Y4~*(cviOmszFXU>T89-gEbVG!q5T6`xuW+AC@OJ>@18hSkMMA;UU><+&WeU|}P z3P(BfTq(PCwterX!YX=c^BP3gqIj4nYx}&5fkrY{uc{_2mAw^W*ZDrQ#^R(Bo%^O@ z`J*{-(bD{itjmy77fS@QKjH=kQBNtE4Zo_}}?2qG>y2*M*1~zz7G&t+} z7Z%F3vN1fC4Sx%d%TBrnOeMD7MQ89dr7wsr~rARrVx;hbY&c z!YtP2Jeg}d`-g9cx6bvb(Y*iZ#>>B8F;_Mah8d6nX7FohrMyR(IPK-={ z<+ZzgjNQQfve_r7-JYp&EB-G9GdqPRBQlPUwmQ8YEPeFGJiT7jk>i;@Vej;1#!0gm zX%_--v@Kusb>%q!WpH!~(ck2=Ojm1&Ua97tDm~_)bbx=yyOU;X+w1FDzfG1qSAjwo z?#D&x_1?i1p@a9SD-H#{yZcx$9hrYC5$Va{9c6lkTV7~SiUd+76X*5?e3#tHY(m`$f` z4_|h0*2#-??z?QKbv@jD?3AR0RdLx`96d9Q;OSn7rZwn-v8Fj z=f3aDEFTN!cF)M9y6v=;L$LClDlD1K^PieZXP|6x;+G#enD%N`K0YpqQ=8F+_d~1m z+=RZQRkBDnhV;)LC^?-SVjOguC&eS6GuC8p?_99`n@<<4KdQ#NwLZm4hxANOe2ljc ziSqHkqpfJ!E~vxo%J_;)G%4MZzUO`5q)nS!+~br3qK6KgyKem=@uTBQSIiyivryyAB&kk@Q)NBE`Ne_M#&!}lOkLzZXD+0XB^fg&GX~FjFvXk5X%?S}ElrVD7(s|dLz->^Kn>9`R`IduP z53C}bYoPlji1J6R?!E3(>yyk4t`OLQfb=x5$=wPRa%2pB@X@kA{!GwJ*aTImyjokr)p6u>%;0#aaX-j7` z_0CDWW3J8eOl%iR4Rn5a0iQR1*CqwdnPHkL?2w}JBFD8q@%>4=qa3NYW0U;*AAW0; z8K-?-LW*CQq8IMla^v2i3F8~Bh$XIA*}2E9&C*AQ?C-zY;jaI|cr!oqsFZJgifI~F zMcVWhgXVL|#ifS{yWJvc-$!gu@LIxYS%0ol^5Zmfdz<~GMpZ2CL8R}_!$*{#(qx6) zy?UA9rKzi4C}u=Z-^8C?+Zn2J%c6iMJfzl8NB%~;*~LJC6``7_(Uz5M<|kx?Y+4aj zoCn)o#3WbMv-g~e@W#$|;7^{24y@Wb+KITY`p&UP=EY{ldrF6oym>C?cOj}}kh!g$ zQ>LPsGljOfaP@-kv!!%otGB`3JAtg?FL}c)R}S~MV6;~gpu47D`a%>w-j+zj^k+Nq z#gs~MJhQHrb<ouc(Lz4Aw$_36%{LfSOq0f)+QdyaOeV_5wY`PX#+vifw^s6i%#Igabmc~Jg zyF8h$2FGH%vbf|gJ6ZYNHs^VvgVZI-dL61YyawCy&dV=eF|1kfw)%pjQRYiAC7C#n zY@Ryc?SZ7dqsvwXSx_1A?5#en?BRkZAPa%MQ_fscrP~hy#sqOj%TC5x}wT zRT@)l>6HSJp9f`pqE+ouZ*|T!gSN01dH#OtUhs}%&hp1YV?(w zk!0n=oABJM@j0(I*PPshI_H`GTwLwg?tM4!XFynFmrh2dcN`hwJiugXNRY?hN}IT7 zw~y_hK9SbvSn~_x&!0IJ9Hh*{j>?U*Sin_|)#ROEzF0Ty=si+)*|0A0ZlObo@2)xD5HNd80<|)FI{8qTwJXi!v$|v=lnc}(b(JJ%^V) z)D;+4GButFgw0H_Us2h1T1CepNLC87t-uCw5xp(vASn!e-%t^4z3ccy>V+?Xd=__r zk~@Mj939hvG#5WO(6kKl8Km7P>X$k2>7>uXn?nsL40P_OQl1sh^r}tJ=DKrnzI2lT zk1yZBsAb2!Kg_}vLDQ**FP-R3%aV|hGkR=(zNfkk8G1rS@Fo010Y=c0o$i!Tw#yc(4OADE_g8I7qGPitKg+)< z;T|it((t+?D+jOJ5Pok8ca#~-vqIqMKG|vc=g|7UT&K_@M7+7`d zYMi-SD880H?H+RYK}3|qgIiZwoeghxCo+w%SgF);6dPE^@>;Ql!^FG8Pf59Q>?%Y=N_LIdE6wS z@sasg$!3XWrL@8)?P{M{#EX=E^6Uj{wEWM%hGV%>zEp-ze=2v=cql66=X>_@EN4aW z*SOwmZ`qnmb06Bvl4_WR8v48WKbKjsbSI6kRnEyjUb?^g09i z&h)}=3*iWSJ%eu-Y3hC#`U?hM~?=n z(v($Kn6YWnH$5wUR06%~;Ez*GAIdn?(@>UO=>{D{%$g1^RLnkoa!UT2fZw_7=9HNu zTV5@=Ku#M*U*96*DmyBC{+)dF4b(dS_qb{U=*kT#rls=Qn5^EOM> zHr-2bX&U2NX{_ZE``~z1eh|IAuK6lnH=kgRseZ~B|K_-!snr*U*ZOR3Jv8YedS)gh zUDF)h9YATF&?b>9tZtDHx5HQ7EtWoLOEl#4IjXNO2=#WBS$fkuzg_-#P=lVnFMl^% z*UNZo%aUttH;m2o8tw}c^?mQ_JCwr@4r=i{D0zD9{KEcrOMR6xfdl3rN?D?ZdF|w6eo9%SdyHYjJE?A4We8tO!4ZT6KTe2D@v>t}@BuhM3PBU*( zILfLl$#zNX)_W zh3#rlQ042B3(5&bc7m)ibPPJF_NG$cUVkK0i=9i~P}so5IyZdEs@B~yct=oTz=Qn$ zV!2!wv9>z7cPQHf`A`U^Tb46e?G(b>O5S$V+~Lg6G+H~mB*cfzMVCIcTry&X zy^`&aXRd6iWtaVUv0|q3s|Tj>kw{Zf_il61m$N11BO^D_Iv>YdMxK~vP2BS}-h5SA zPWSPc`hHa{K}E%xI*$m4>xOGt2}7+k{)ZtQa_kC{><&pR%q@~eHwlaaiQFC8iv>^7K$Aimy;`tvI{N` zMh+_7TCPmzXoeO5H;-t=tk52kmh33!nqfdPNq+R-vK4mvOu7Sm7Gsc}#{HT$(Xst^ zorIorNO4G-d*u?(oImNzBmt$u|ndR*Wy|O3;24@^F|ZR6*4^f3@&oz|TlvQ^-Y>X0PY0%uUVf!za!yrz2<{2;Komgd0Lf&3-%J_Wkq4*=nCfaj8r%(H7 zCcNM4!7WN#{q%$=dz@S{PdaaI|K4{_+Ol5q#a|qSF{e_tZ}-2wpMG$t#pq5bi^9p+ zxOW+uNxmgn_w89n%pkzlEr$T)JsSF=P*!maR(EFd5Ozt9!Pmg9>f}ZL9o2mAT?Lfe z_HNJ3q6<7slTt`@?timqp|?_HnV+{=Q1#jKb6(L$Qd6W&osRt>7@N?5C8F{rG^L&yNJWQ z9dB>gog&4q_6O`v&n4F9lMYWD7-HMHLp-kOx#^Bbm0R)I#gU_zV^7ePxSRSLSu#Mk zDJ*!L^LwkN=#9&JlXvmOj=8)Wy3zZ$?ZD)n!EDW+pU+P%=BbS(UcD625J6`A4=*+5@@5 zgYK5Nq$VeE+T~Jx5&mP#C0m6g`#-iX8SI!?3ywt~!qyfq>5VS$W_V+_r>pqu8vo*& zyj}F_@i)u8{rh9X)?QxHd-}pBRp0I)BgfgbBS$*@zU}N)4Ow-VP|$`4=j&|yvgRuE zx;`j+HFzi*g?O^|MYuoH!cXJL^B_xzOuB!!D%Nt2env}{<0I>G70K??P2g#5W5k>B z>UW$=``zB!`#Cl26DWA{a`)u(zNOuh`#uI?%pi0JuYX0+mOOm3WNR|;V3%O_NtEyz zezle1dPCa;yA`QT(#KKqXACvjFMO)!na+dI%OB57(#nn!c8k5r?DOC)uZ-#~H{h8z zkDy5A9mu5Yc{$qrclutVyaos%&PbXFn*Ak)m3BP68n-=nU6arl)HyFyv{pr{qtO)_ z!gD~se9P67O)TOn%3bRWbVvTWGy z4+S(It%{*fXLPw!*7&rttonY{uz`rP`s<@zE;c^rc3(K4S3Vn-tSR30VVfT0{b%}; z+e@*pD(^ht8bYzyTs&yUn)O0z2zfKDJjnUU$x4a%$Ay(Lq!{(40c#fv-3yqlXY`sg zOCEl9kJe|YpQk^yKVV8~ODB!;T-cPyLJn>AT{V&H>qE`=vJ?n2$a`Xb>4V$NLK zQGzCOQ~jx=X9`12#Io9g2M0tA9TlT<&JY(qH`&hM5hTAZ^dEDx3v-;$n^+!2wsUMNkxd@wj_g*p$t+B}^ zQQkPELdT5%B!j5Lqr?X0GfrkkwkrJ$4HZY^lcrwV@yJ>6iFy=2L0b+9yhT4enf4UI zp67wcDQxGR$uRYgvs*GQEkxYYdMNjWw;O47(x79+fzzcSY=9eQ{<*}*G2L;`wpREq zeda^n_jc)7irnlRWoPMxuvLk}P-RH>oI85#@*ywMYth_Ah3!Pbp`FKY4VSy8{644- z**{&>VoEwDy-&^CDP3i>)9BKd11}p=K9^6Twak)g4OFgN7CTRL6nqx?sW$!4#bL9D zqwQ)R985dgx-5kA$Abim(`~J8iQL`6Ue}Oj`Ce7WrKsC};q$!69#$1TOiwwh8!Rg) zXs(?0XvybNxD6dO~ho5SfTC&h-BSwz;L z(-AFq804&`OwdII++A4*L9=1omh26^P(EQF)D$McVpH8Vp?k=w%UQWMsrQW!>&G`c zSZ1)(f|h%u(7>HR0nk8H+~$4CS}U`;eDCxT%kv7-1jJNp3sffd@m{ zNwi-1zVxvIN9HYYC(md3n&Dk4CympKWP3G;;?md^>^NL$R)Ma&PmSOCCS&n{5sy-v z*rGlgEGta7Wk&95J!8xL;to*~!y@asvbbX~wFc;QZ!hm{M{2T0)CPzRwFBbSmiLEE z4po(*AI7(I?XwwC=ju+V96e+=+^)E%#WKe-^fE5*U@1@1RB4@UV#?95Z5ENDY!3d` zG{QBdCo*!kPFOX+j#X^MLt8yX?#jBhFU?xb**Fv^G%M9US>mdRuo-X6C_igup{akG z1noOIRCaiPty~Vx>!}K=%SDCTr%kFBi`^IegV%2y3!b%=3(qDkZq|?Sg;HxT| z__7{9t&)3ThmFfkRj2cp23U8aqqp;%(>SV=-*NB6*OOS+g(zWq0-a!^-JLq)ipYzm ztKxN{R?o^XjMEWr+*NZ2-d*eaX7x^`)#~;eN2cb*bbJLbzVI>B__cQ_(_Q-&fvcqds;fh}rDxc&j2+9CPQzDO$xruGb?DkaMq+x&jGZ)rVf%zvr_5reRj0x%EMM zS?KkgcN_%=9>60kY+7%sLQ^Ggy>x2RYixL?`YJp>!EPUS$V*!Q$@ zl2aL0!uO_G`A(Mihw9!raJIc*ck~hBLc$vuk@>7)uF_56>*;)J1$EO}Yoe+}2Iw8{ zai_j5MaLo(wy#|n+Pt)LNAIQVU2k-_4%K9ZV2gGVVU2V2+-cYJl-4X1pW;;Swoh{T zzLGlgnW_3Hk=v|%afMkirBOdIxBYx`+e6UGKdzTikpy~N3P znJ1>TuV?p$nOw9;eC9rsd#GH1?T&RHEKbLmxAF}8l$eH%U4l#4{7Sg$3?`Lu!}7e~ z>DG?Q)P-8hK~Zb19yYiLFvi#l!CNhHpQmLYLZ&^l?JS)?W6NuKPL%y>K~6#X znIt1aJT*vlg~}(_6J2)XKJL**)*Ij zda~u|+b;I=6<5w`&|41JLqleCd35xUbNbB(UZ!fx7kA#ke7aHNDnQ4pzI<%{5`65N z8|MnfH^1V+rwI-Kh(LG0+P1+3M_=phZ@NAOcDwJ*&$rw=&$!TA0mLw<8PDr7db#kA z->*4CYEkxCXc*;qBw~htcBTAKdH>D9EYH=1cII7Tgc;QkF<;S{uBf*?%>|l%pL=;a z_s#^O^24lz2zI%a?}}c?&DODlT<&8NrR`w7ZRpu0+Q0 zq{X*HmF+(1xwBcU=U((hR{@6M`%Brjz*xDM>Dj<@FB81FaFdHi!ls9zvFyt`4EK9h3D#>AO4qAD3YZ(2B z{rBDu@};``hUFJCk38#?i( z2KP0qkG?^FNF-eGySsAM`A%-#?Xw;MGO^!YxIB7&E#;-|6`?1JO1Y;j9t|!9hKv}! z)TrKpW;2~@UNVG8QD2Y$T`HTv)zCANpMfI&7`^6=<-n=SJ@D()%hNUI~N6MYk=lG`OKuk z?d~(F+h$YEyrg$bbHC>r$=ikvv{FLasV%&uU2XRsHuN|(7;CrB+hIr494={Jr1rv6 z&yi;Hue++F7PlC$IcYZU^IogAs(<`YU}4SO!)IXaWu)T=(eg&Ed9ezQRgI(Xy6A)M z=I#{?RIwfz*-VTz966hQQ8&U?C=o(hhKUzRzPRV+#{2FK`spQ^$D5OfJ1 zqZ#?Uk-&Is@mrl*I?==88+7}0mSIgHQ_$87zudM1iguhinopK`L{k&`KbE|@dHt+z zjP2T_726Ju`)fT1S9f-)u6|u|n{J!_8e#b5rrx|yo5Z-nb<&wB9&VTI;({L>PN%f) zId$=EniY99s~ItIdY>Cf`W$fuwe;~B9!-ftW!(}SkiFQsiH_yW&v6IN`c6H| zVU8cmv3-}rQ3Xjg(Q2}kQc_RwgqbzA57V3%B3jgh2|ki}S5Bb)##&PWiLVcN=hs2M zRV(M}2lHt{PP=YZESs0HuB4z3$0S_)nfXxGW(7vU`5DWgM?C2V-ma>IUf-)n7$#EFfzXif(Q19)%Q#6);S-SAw9ch#MW5UFc=6}La+?7r?FPXAoA zLRd2j$>-<3$yumXN=R%NS;199P?>gb+kH+2o_g=;r94B1WUKrP4$(J$eo0c}m4p1p z&8oz4z>R|2TtWDD6VLAIvcXuj@F2IFYdhGYq%{=w9P2oAIf$u7<^HCgu_j!@^@3QN zsV!FN(*a z@V}E_ET4;i#}~iB0RFH;oV1OHH)U?dnVRgPB44C2 zz{rf+i$%Uma`2ht|Fr(cb6cT>_TOcS9|r8gQ<#8Fwg0MQ@BgUO*J}&?&vQJc?1*dO z6ohuwik5}2;O6FmM4Qb`l~Eb2dZKo=MFxu);hfp1UC?uo*GKn3&Jml!=q` zCqF(((|>JejT?aLKa2fub*P6x;ZZypRoa08c za4~DMK(&+b#f(-?_yRo=OXIw9#)DD8%IAQgW0e~)q%Y6-GO6I? zX2H_e<4a8nMm|ReD73Iq{;S*Hgc%ncB)*A7$HoOWU{2}Sgh1f)0nw4A=K~`{eLn_B zCbsu{ASjskd>|-#_k188JE&%S?gtjl2IPKRaf(R#xS||#`vGM+fbYx&R6OiC)^QS- z`vH_F9YcGL+Q){!o(HCme*J(R>1fyURLn6iW+lwZH<|L|x$+~b91+@j=ITdSpl6IGzT2KdFo)yp2 zL6&E4p^mEjz#?;v<4_RgnR_`DF!=!`@9t;sV=BVQ1B zW?g2f=qe8`bnVQ(M0NO-dAestES|mQbco`ImZO-&GZ#`ph|OM(i8?$U1_z1Ba+%}v z%Mil}t290L%=KN=^ zy8aijK7ZBIpa1gnpE2`~P8@F64?^b&>X`2Tn~ndBF@YB6f6wtOiQ_>`wu@02*dE|k z1G)#EoDvd)amEEQH&483=;US4M}sIdFk3>ukm$+^rG-9PxS|Sh;A1RPU~S05X5aNS zco_MZ-Eay^qM%$TNU2YL5J#s1cpV__X#GxY6id0Kkx#C)bJ{$G#yhz^5G%gV`N7qo zUxIxk=Ul~CgI+5t*{$4}{)LV!Tc@W6z+5SU?YAfc2QP`;oxQW8lhbsSxqmNxoh!kA zU;kh3>r!-kZWVvMfL|@^I(M@B+R{+xwsd@UX%N}+41ht9Io_r@*7IT zJ>b7T=1TZ43_H~B#OUf1<$Bk>4hrbdh$XRoba1@4zq=!rvR%(v)V;4u0sPm$Z)1D# zCk!F}OZSz3U9vq7{&nu4%5rE2?J{=l%t2)DX1Z3oMWu9@D~0H~lhgl{JMJAi7(`|0 z6qJNN9mk@S96-Ew!ra?|71}sMx#KWs(+?cr?SrI>T&e3qYs>Tp|6!b>pS{2y!0gg* zHoKso$u0z=bK_&-)~_K{4?nKD{1?*U2UPaj39q9o$LnNqBu8JUP5M^}&Hr)<@x$5b z=Snw@ZwFzL4zpy1rS7je!%J=m2Xos;hi4~yuiu~T9loV*$00BfPMFD<+YUSnJ)5X0 zDigiHobe~+9M0fA!kJ{_|NL<%ET21<_`?jF#11rx&3g zYXL|Gz85jUiC+O_{y4yUIVH*zO_a&yAeSg0<5)<3;`UKkP?$gNGkN{fHaT}4Q`UbS zU$XMwdUdh>pW}JEdw~8Fbg;iEMp1z>e8*)RZL*^WdTT9LtECsE+KTengtX$XP8f*g z|NBlsMIUBdxc)cLy%vp93P{= z7t54dFV$DYxA3EE4g!UuC+|2w!Z9Yf z;g!rsVB^OWLtfPb240Pb`s_O~5>^SXkx4Gn8HDOdQeALmacUz;>xcK0R7nP_Kj>L% zC{-G;@o|wgnsOW~G>$Zk8rZ${(JLZesJd4)I>@QV?7A0MR&?b$*+Id%nm#@O^c4fp zLc@&)psARy5)o1?ufYh^O(bMc#;|m(!JQfzqaAMb1>;NwF^T(HF{)zlRHiB`Xa~Ta zTld&a4L?C@#N>5ORCruV8n0UcO;7`;XVjR$oH=rsSAt9y0j((sl{-;M)`Hu&Y?}f! zK%es;y(z3C!6jd^d~Gs=NkLLerk0GQi4WMz zbaJv-j7k-vRFdp^@ff48R!-N7om-wk0~K@$zy?@uYREIotvWPqvVehrL-i1Ty?m+a z;w6gnXCR`QvLRwKipGo{>Y+iBscghMka)bFtWCX?>7A$qw6jz-h_S|YTAIlur%{J! z%M0}}@<6!6v^52XsSVDiUfj5f(-ee>I^~`i7aF229`e*d|ni`%qd#0#r)_mX(?%d3<4TRaJU| zjoCHGv_$jV@&4A?o1>G1Q|UOF%kAtQ?;h^#9&YdLVj@z`TtZhD?D~JvGlu`a_T7&2 zMD9OR<$vJ%v-1CXeWCwxxIqX8|xyg{RPHS8*O2*vMVQafbFCsDU6fX2_1@p*1odB zuCt0K!j^xJk^fL2=mD;(Ak;Uj1 zEHcDf1sSL1xzW|C5p;1?M3^XpRzg3@crXsK8A8Crb?U2Q1i{3@kQQ$vrY`rfPZ#>VLN@PLJN4eb_qL z6?>=R_~huvy`9}16`yi78<+CubR5dvpN>y zzjY#x-=7>Go$f;QI{@}@@9@nD)Uta3oKOjBg*37IBfN;ycU$}WRMpmdX#EMbZ~N%@ z=aap+@6N=#qy3#-NPN8uE!%p%zbmLJ=+yT9*51LY*x5SRddmSgj{wREWs|M@@NO5A za!}tE{C^vRb7D8>%o$!+p_eCTy6A_!)7@3Eb+UJg1M=qN2*BfTLJ7#ScZg@zhr0{~ zhgzg&1hU}!`_tW|Ejzng`vB_{du(PdEyTqCglEkDuRJhHs6Cvwjw$;;@One`U+Wti zi~avOp5Jmp`q z48jY1v{_EU;V)=r8;J18>y7F{|Nk7%l=**>i{Pi}|Ep_5_dl*L?tglo$MPvwUvtnJ`0?P?a)Eyo#H&|B zkq1df%mK6IO-vxOv%gAA!BY!pds!=0>V=h()D?ffJT4;S%1SQhc0{@XIl3<;zj^fngRCufsY<);+zx|c@D^U?cC$qaYB*TKT8Z0 z9kTK&lgPiW)pn}&-3BJ{Wfn{D7sdva@cp=mmqT#8EmY>W(Ity6D3V>*LE2^BBIhmk zozM+zw>=z@Jp;6OuWF{?f;c@TT>DMA_Dd>O1zm>z+wc9~1?m&z73b;cB8=$2dX*3Q zj*qr)+;Q%$gd_SnBYff#-gzad3Y%=&ffMnST^wIdq+tmi?u;=ZiZO7z91NopJP45n zRw^vJ1jtsI&`{a!Pv{AyES=zeE52sw`Vk#$j~hvg1^$)sAgj zl^2cm`bPW3Mx)hsI-QM|oyMBIv0k++FJ7*-Ugn^T8p)=*PEWiViZg%8SvEJ{_t^~+ zmcqof_xHa~UV3OtwpOZEW?Fi=TuzB@!}G7c5FW`(k?;lzha39pJH9mvEeB=yM)mp6 z9vJz*kk|3GRV7*Ac6UeyAE7c{)aA9`n zypXO1!KGPdXy?q#S2C?q9(vNqKm0sG|5K|r7W$v(c!uU*hsb!kI;QLYv-Y2jMq_dQ z_biWe<;p9{5AvQ9_N?&QiA!B4rpvrZf00urK?|YoKj|62{-4J8AD?OKzh0|m>3^fL zzF7ay@nl^A2??ZTExy_mCFL?qYk!kfKe@LjTgUHM4=a}IiBmIbN3B@jy~rMpwNjN_ z8;3s97xqJ!mIup~QeAm65^QCXB^@43n}f_ZymvB{l+H}nPh$X6(X|r$jeqG0dFE$m z{iAX8+ui-6w@-BV|Cbr=f6Utd!2Vxf#Q%AgXGzeK%jLcnJAq$_mAajMHB`)Ym;E6w z*$sUVI+p^(zCH!%!}3)uf8=XhP#NG44|3Q^*@k5u0K`wRqn&(;BPa z_guWwm8)4R)v=m4?j1G?8WZ?p$7w+hNZpfza>*@hVkCqhbbobh^pT7%vGJE680%A| zmg`^AP&$^4eh`=CL4?8g+m=V)RGn*B=XMZc;6)D)MlfEu8Z)B_GJ8!m5&Lb^C$Vg& z=8ew~is;CV7jUULTu~sZ3d9!O3x@F+2X{)%uQJhypUPIGzSX$N@98Yb7Q6exIEQ8!6-rw_y2MYFeVQA*!nuN&7_u80oGGxg49TD?4DV zK+3O*yaK4Cb-cXYxQx)Zg;Hu+92F!QxMUJca=iur4y609aC=ault)7X^dgSfaX5Lq zAM}j3lruFjU+P04ay-ULQg-QsO(0koYJIIIR*A!}VU zg8f}-!G1T*H&tTRGGJ)^KdI*zKU3EKdShc~|6i*vj#lT3Q@Y<&+>$HG+7n5S1#ah+wxJ} zFu+_^OrbKJ5cPx5wyvW?%0Sy-vIfB*0`$l0Uc-CgxgDo{-}WfZ4CK-8Salc-x>w#k z^dLt6e~O$F^hvV-8Lu7EYHX6uk}1T|DKB@ni^4j$p&5`0BlDh@;r`jFV8bA+0TwP@ z^;i-B1nbWylq0W)AtJ|G8D1z|5gPleAy=LB9X4f$Z*s(!akvBYwuPQYF6v}hTO6&d zY8|j5ZyZ<%y2B-3C~J)rnDAOJRjHF-&@NWl=n#ULWs1 zwGrY0-8qcp6}rM+7s|pc&W;QdRk4fItH4b@q^CRQNj9>nh`Fiu%)qe*lm(UwtTsp7uEc!ev;(4mHGX-T|ErsRaz z5}`ljmP;$Orl2dWf$O1Kes~ttB82YI28b9LI=DnERB#W%(KyLic4b8h(-376EL45v zHugg|2$gnFO%$U@376m3U#p=x51n5Ih~O7r>jRi5vwd@W5zBnXL2SYKOK1~Jm*=JH zAKLKgAj@oe>z-#=@)UCPaMbV!gQA#8q^0IE`3&3QJRm;C!sZ&x%kWAjV!~~dE-pZl z2%o5R4tXRoHlLpE3%WK^Vud`7z&k<1o?M6AzR2o0K#0aSljA9?MtZ41HCi-+lFK^L znvu(9Mp<-V_V^2|%@Ps6?ft!pBS)yaPt&gOG^d7>M-JMzh0DQ7HIEjoA_F*>yzs{_ zd#Van2B8vZmbva@eN>1P&^QXiQzEAHjpXMB9*^>I+Y3Bfe7Cz#pXmpFlv@Hhzv0GU zB-K?C)w`nt(A*~qMQp;Q$u3?}qqh?6XYSN-#N|jM+e>*CNbk(hrb6YZ0gz*iZIGFB zxs!pf9HVSpIGdcQU?}gQFV{Cew zd!``9)K8`wvXG>Xx!gAGBof`|esL)$;=oC~Gm?wvPN~wlo>|&zlO@1-jRzUg z2v(DcCR6hk?9G7FGP=2}iYYHA;F$)HIoTJGZh3ko3`N4}j9xO0IQlBOVU_^m#*Jt$ zMK2szMQcjp0L>I^2Lxwiv|D)Mtt=EIxujhg&)LqUB-VC87`s?D-&US3_}-BG_oSZx z{5(ScTW>7%zt8dv%|D0|h_7E-|65zw|3Aw!VgBXTF+UzWc>ZgZ`ubx1Kg%=2{ExPI zD@9i&XSOqfY5ML*U>Jyhf>w3>V)7JlbC3F5)TdPzT{$J1X%)iv}1DVe5NF4;Epb?YAJ>dt)i8iSpLCmALFr0iF^06G$`0ZC1E#-gOR@({5j0xL!wtw2( z-rC+hIb%AL{t87f0u20mf3hb`N|bxOb-F8p!7G%US5d$8ioW8nri(>ZK@tU_Os2~h zOb_IZxPN9!HpBWSE9-d(z?Ai0t88TBzphm`7V$rx<#~ejFGy{ZUxK#Q&%`DK6#CTZ>r zWQhDx`h2pLANbckMmBT8FbMM^3IIe76}H`hXN4*<7?Q=JQAredH>8;&&3rT<)9O># zZ}Yhp`a+QZMCe2g)QN{{m_{xz)ErdVkxrJ{*{Dbl2AEy)CL!M$ywTXFz zTI^pD1yIC|Ni|9>!gJZ!@k_akBSuwCL*!uK16Guh>9@imI+P+q3wVcy;n0?Hly5$g zOduF{01*9nBqZ4dn&y5O#6dgogfc~8*AX0i-0M_?EwQFb?HtmPo9oMiOzf(UXE&bo zFTvizSKAkW%|nfYrsLaV#{dBLZ$(nh>brEO8)EawO*HnRrjasnBmL5pYwa(d2jop5X4V=-(R|gPjTbll9=hvza`0u zKH;^0OX8sy|4}2J?(V-O@#MGvEr}<-{|`MkpY#U6CGk{u0Akag>=wYKoVqPq2|vU9 zgbY*%zjO%V9Ik40x&-@Wu(8q}u}>^}KijASKlVn7vKO7G* zVgFY~;LXGe`*DoGl>NV2sSln1tu5leKF^~9Bo>lME-+3i^pj!xA;s+sUrX}pl_>C9 zDTv>Hmlv>PFCJ0hvne-)&Zg^32;p`pkn` zHJ>+4&Xog+Tz#;^I|5L&0>AmlNUcsBhB)ZC?WVjur(&)^*=aUS&$tL(B{aGH|e9B>Uf;MQhOkdvQxMUbm zoCn}MnZ}F4s@Sw0&$@T)l~f@ad~b$Qi#uHY)1O)Be-vGPPW|uN#?bx0AcHLKe|VNh z^7c&?K_L^h;H%qZKWf`-`C!Bth^cx^cnN&(z6o2?ZzGPeKrm^VUQJB|+Kht)ByUO>)mVIzT-u;@-)v!gFp=LS z@(SGV>-TSwcz0FIQ5+`OUd}29zyY~S-}d!BcD>C_+74cvC zjR$V*9UY%8@)O6I?%aUCw$mDPVL;_TqHiBrMc8gQ>%AI$+9dDtps_*-h4j4}##dE` zy7GgsfD0`be&*l%!#-HbV}DbqZVxr)Q$CBaOTU?Y`IK11W>7X|DT`xvV}&jU4wd#9 zn?kV&{Ju)6Z$?r96f*#=%r9C_obGAU2@jnN@25OUF{4J^K&OcgFKO&D zXE~FdBC6reD}jbB>azh#;<>=cAQ)LH-r8E z(D~n5Wqo1)^DGb9+2@lvR-6^Zlu{S{VpwGlIBwjuNds0G)|Am+KV6$>yAcKRH?y1f zBoE0JnJmDZW<}Pv4Ei?$W1FxeW&i+hnd2BC6RS<r?Xo&qat7+LDunuV+s z$F}2k0^WI{Z8}|E0hs>C{1*);I&X@6?;0}z^J6rKir}%rCpo{sMX)T_azLi#%XQS* z3dRXr9#xpd)N`rijY@qOi0@aG&NnI%2lIDP+1S`Xp}JCUR904XZuHjB7hB6QAlaN` zM+0FlFl$n-JEEL2P)&y7qNF+RixN!7_wW-Kq&CR)yJ6@Do143bN4tk-tKu*?aDY*> zchTX33b0a_?+E|I%3Wl|@+?w=#8T{x8%}0?dBlrF9DrBY?TOjjSLpANeBWI9E$PRn zu|>10-(f8-(>#5nUMVbg{{O`1A^U$bWDI*K zA25yoUt7!W|MkY&BL45QJbK5Ln~dE4<)%sJ^Mz1vK>9e1wQmX^?DETc(I6_QiII@> zIT=dFtN2epbZ<&ui{Ho4x&L=^`t#}j(c9)J!9JEASGBb_6!Pxh{uu4Y5EWd|t683h zt$)1A<>6AmwDn&bivLlEx5fH@jwjLd$)gE*0sIgHA7TK|$h~nAHGsY+rD@QFVE|=7 zn?g!qTOdR-*$}*=dq~Ha(J-3&#l_lwqUS;DpGj-ce;@}ib^otq&wtk|i}?S~^USjU z>uE1cSoSJUnT}!X@@RHI5r8CnHs7pd05EDn2IhYry8iJ-$fxH2Yqf0rw|b+xxc~K8 zo-u0~r&<0@ZPU^uU}!N@{t+1$tN9Q9JZSw7*tqhE*MAju`(gQivHqXsQHRuIWAsYo zDH>peihkp2=Au7ND=EJFPK;42irRO7ujc92L3N7Iul~7=w1|T1P&j}1fo57#IYHm>9tEHNVzg}ag&3U} z_0mbpISqBrD*THO7<-$H36i1ul%orkF-(pXV#MYsH_@ObZ89^a4?--dwh1@FFg!9N zv>8W@)%2>P%XFJ`k-Ve$1`u-Q@twG6J4k$sKxg;fY;EuU^_3T_$ih4lAb)veI(A;E zHZF3q?!dEEjjPZT9EkHl_X5TOU3`AEA~rF@(EtE+a#V~2oeI&>gNZR+Iewy86vZ~0 zP^E?sl{hOy`Xo0a6^_s&sgW{oj>=1KH5@l8O3r40LvfzF7CKSiy7g5*lUWm%XbrmP z*JQN4QmU3J+*SWZygNGBeTA*V7K?8(bN8p;v!>I3c_Y;vCLmMKf7cpW``@+3;{5kn z9zHXS9KL~96kWk)ps^JX89?>>$~Fs`wr{^JZXfOJ=Gs?I`&t!05XGJ-1`~il&Iw;* zC#Tw?U8N?1>-Vw7$<^g%?H+WEx&%GEwP7!ed;NTF*s6Ji5KMW?llqmlZst`rxky^m zJ@8jW9_QwhEJ!WFld1jf(R3FvUO{u=qo?boVd2IDx znmR3>&;87>|Ig|DGj;#3uh+BspK5&(|MhvEDgHlrYfiK4^h5#Vim8%ViEK@5 z>4!`L3;_oponY*jPmKN4PV`WRkql}ThAid)*P2OztXIiQ#Z`7`8uwI=C(2eYpUIIY zZ?QbqnnyNc*jkZq?`5}Kn+9fjKjeMD3WEp8!;(5Z^v@I zQpy|d3=snf1T_SsmxOp}Ar|v2C`J`N!YfXU_KMR*Cpg6&V+;17@_mr~@0|$!;!v;!R224iOS9%b0QuQwO~|N`LYz+GXdJkAp4-~oJjEq>G+-CPul~7= z^Huzj6l^OiCE(|juSph0iK0sXbp&WLQxw~PAEl`8x$$!T-+q4OymDc#rfmzAQ8sz% z6SByXd4YN)ye!Uu4a*``)&Gg|QQz@TPv13{&;M=zyL9o*N_j+!{#KRB8t9G{Nf#OA zsAgo9hM`0*%Ky9m?^1bH6fj1B{2)YO_w*?BfDfg{jk=J}w?p;eZC<84?XK3;cRgnjD#F% zy{zQM#ns^>FWiHuA>V!r(*u-BLM$pa3HydI2_O@mWME#owJGrizeomyTzRFlY`*x* zFL|{gO6DOwP}pLslKZR`g-lJepGC1KYkV3H)*K)s@_Rw#vV~&GOA)W-C}6~{&2kws zmSk+7Xsvkbw4j7j97IJ2*uY{n9nGsCCD_2n>!7inJX1{?8W#blUk(Z6oXdTU%eme|erqA}(;G5gkN- zz~fb1w`jQ|gI*XvCG8=e3<#K}XsA60Lck;m30B~_?fZ5RIz$PJ{d?fBkaZ7i`(x0; z({ofA%@_e}10#SD4=FFa5k3%Td2>ucc`-dlqQ+<>rRgAT;WS)ZGn>MW8|ZcReG zku)Urs6}lD4xPq3cUaEy?|XQQb5aXA&@IV3=z#(w$&webb3yc>;SF@t^5Os(8%TY2MCU)^|5_m=POZ)mgx;R>T~LeZmB!jO}9yZflm96*=v z#g%n~%_(4D)xt&rcXLE46>g%GOR9pk`Wv)a$KHGO9hS&_I?r+v7vlHdMZst!uy^-^ z-uQjhw5%v3aezxWM0l$b-t0L(QYL_wJ8{|Z${=~_ddcPkW&?N60!2S5muH!&Klujx z2Y<%y|4iuTJo({gn*DEOX#cO&8jJgXpXC|r)-EI3PEwUG*59B18NdFO8hd^cFxCFQ zI<)>b8Vmi;vpkQA|1&-qMk;7%ewKVj=#d3IdH!e8`iIxB{RAAqH2V+uoL&Eo#rFv<92apvNB73oL zd#D0})em2p?@+cXxcCcZ^nUgVLButai&h(zh)%Ci%H`B;$Rn;IG4CYD1evvPkxNDG zpQ)%>002ah*TjgT=*xu1Av1u;6agT8Z_srq63izUqnupO-E;|txpF5ZN07=U-&I4b4RS2XA-z)Qc$pP$n6O2J(=3yrw`a3KrUd&+?32|7u73{PKTwg#NFw zw$T4S%QM^h*X+&G<4M5hloGW5lGT}(WF(E_;0&LJLc%lowv5!UrWL9)a(;ivd&@{n zndR~_nGq{qu%UmLXFUDqo%uQVzj|ee{?`}r-=F9Cl0@*q$4pi~9^w>7`h^vy=UUj2 z&@;6DJ+~EFp{q}Tnpcj8F@JcLqsP#LDeHf|ww_)8Ya6vi{HJGmr2qfEUJdVPx;aFC zMCM>-Y=$KC6Ycng5y2Hw=7URu;R%U8d}zadWbvTW$;tXnOHf&9PzCUR3eQOu; z9P&=J5Z+;Uo^H9x)3N0glo7Aw5?1;K#k=jk3WN4tg^xONB zy;9!_BfU6N>tLmX)qENaGL>_9JdTg|_qGnVcbo4|_D3y(%<i*4F|y_-DoyeP;e7O*n^PzM6 zj)08v*^DK>G_(94_zcN^WN@KQ|H@BN2U+;9Pq6>5Wa2+nA$#L5V*N>KpYr^d%YRem zU;0ALSH~3jzfoJu-v3aotS`=gp5-ax^LiI}W^w%XSRB89y}!3DfWZ^5_m8%JpwBre z9&U=a{^0nnxT%43_Rqb;*Kdw%KdlF^cei%#+rQTA!`qLYAFSG)`@`K2jh(|E2OE1o z?;rp8;^WcHukOCTwRYznUWNZWs>qDecB=b3_Q_7G_cFeE|M6YRZ@>J} z`uUryqpP#M7q5RQ*Vq0rc;U3x2d`gv@9%fYAMN1g{r)evy`1}D=jQ&KZu#fNhixxD z3V!;~u>bYb^$+#!oACWV&rW~*c(nfVjT2Y)>+g2%KUDtpBKB+XkDZV4o3;1eemCd2 zTQ7cmb9lNFIH$k<@{JqZd^7Nle%yP%-+B4+#liaho4wxcJ3ETv+v-Lb{kZXZ?O!`T z{aSAQ{L9|f?Z=(mFRusw&2{@_{dj%n=j~s%PuI)G@tJd9zxrU6cfy^!UxTZ|AI@68 zI`90>58;Qk`+E1yum5^+{g2k+n?vt??(}x|V=vlq?7f5c_5M$OZSU<5AMbzu_4Mca z^4a$5&g-&&>fF6QJh*q?zxnCx5^8-tGPC=H1Q4#y587?)V`7^-ZVp^7YSWH`?bc0jaH>sE|) z_2V0R@26jWxIb>J*S7DXZ~i}fZ`#l{vNQ_c&;AuXaNh$Y#&`pQCrrW)30v4nCfCTe zY%9o;BgufXJiq;|s$SHRWo(u>^PF*?IWt&l^;%tBd#&WV^@G$_ZvDt@T zC0BX1*Vx>i@2tOXHU0YK+WC^1|K`-(cdhN)uin!7?)zZ-Ro3a8=5L&{?QA>sWplr1 zxwi+a_F=o;KF$JEHr9`fi{hENa=ms~*gIRlwofkVua3UXzuaG1Xv}Zrvrg-9<-^Jm z{C_nStONYz=fBo2b{fa$^IvwY6}P&z`Nha@Iv}&gu*2>x4Vs&Nhz(1Tj zsusPA!o^9jzV-61eYw8t_#bi~kBhdK+pk?59vob6q}&B}zPPx0{$cy9)?77BBX`)` zJv(^+<o~f zx2&fvcFT?vp1Vd=KM)JxAT6ZRWuiuQa9at;UHUIt~EcQFW;>m!bv}S*_o@af4t7Sty*F4+&Vk;YKN7M(|&cDJ#g$BuX}s*^}xDorQFq5 zi#K-dgWJyE74}#64LGV>&c3m-ZO?zG6oPENyS8b3*?jeJ{`B(8Y5mno`^%SaOP7s& z!LFZmZc+=~?0it)-aV;rTI-jaYp=3ZYya+I&N>LbuD3jYyX~*+?%r81b00Up820)5 zi^J^Q-1))g{L975SHX5_@x62Feeu5S&E2e7=0?L`J87;jdK=mK4_oc`wVT$F{qmw> z9-UoQ-_0L?__~?hy7jmB4vIJDYqfSohan9-pnPu64Te`P((~V1Li@+;8^F)5YMXv$dC6Z=YW*_@_I2p1a~4H9GIB zJNqw-A6mJk^TSQp-rK_V`-A33qZ7S=j?B|nmm6Eny_9j|b+)?~Cnq;S&e^;?S~uT+ zSlM2@$$x#f^rcw6^DlC>Zy%fai&vLR*)N@3ZR6Xh33nJoz*2bHUF`FSPkYj z@~@81oSVh-gFP2u^t$Q4TKM+0a4_$BuZ|AR)?XQoFO|y4;q~QG?fO;ac;n^n&8v#P z)=5?GzRqps4p+9{ty=G@#@xoYgKzCz;dtr&;^FB@!8)7o9L?=7yxMP6Ru;Do?%r89 z`R)4N&dKWj-C?Bw+c@vMKlPe7mb17}hZDDSSh?M~XdG@g-mkt}Sv$(^eE52>y0dv? z?k+kX){NcOPUBrAJJfzHq*MTy?fuwY%N?(bo0H?qRWg+pWxPciqNiZLj!lEA^q!zXn^|+Y28rYI|#6tgXxU)zKBUc3j=Gvc^u~cx7+3UhD3*-aD_lJBJ0| zZQZ1dEvG%dvXk3cm|J~+S#6%IZEslh`GZO~zq$T#{pj}H>FT@fv+n%$_Pkl?UN7#S z&)=->ZlAYaZdK~vPE*dxnssyP=HAsl*k|8%cZ`omd%^bh`QFC2FAMKCjQaZe;>!=m z^^-!r7@Rcfjnn+X`{L<`)%V{%-g=kS)QVNT+x=)ab}AJ&Xx*&3=dY>_(_Y{G^6hTV zaF08;FN54SRL9f%nFtc5m#ZWBBW z52u^2^2euh8?RbR-HqzS))jSl*4Hl!``fi@>KxF;P4n#QynE(W zz8#%fTee+a$sXO**KgJrPBsfgW4F5-wC*lGelb?gcD(HECZP4Rd7wqk7QcK<+4Y6p z_4euZopZPUs%hCvg~jXU>ddW~06DI`x-xZf$@6EIB;_c1KyH4ZCZJpcuYa6d_*BZCgqqDsg``W0l&289c zRXcldWYk`+o!k^^ZX@;bA^@bgxpBH~)sOby?SE(;EUXY}@pI$pcEbc^e^#l89$>*eM9uh#io z&9Mqw?aQ@q=gsp)``z_gyZ&`9cWndpxw&N)jK%Yhb0?eED~D@`)l~7^=+0&D4nCgm zUo2j(wNLV^l`p$HN3RO+a&Vir?8OcD%f;Dgwz~PUX?fPk#^F(6^=$j>@VI6!HO*A6 zwRrh{q0qWJx!nG8alO)7TKPKPdUZE{uxfo>b&D&P^^JEc*R?svJ=!e#JGrl~D(2xy zPjj2YTAK6?m?s(@dF^Uib(Tgq#+rM3{}i;rQ|wV8cUMM@HQ9_95)68Sbk^cAgFFG{jmuj7z;7K{F# zQ=f z>N4ZItkW|5>t&1y$^2{6Ugklb;jb|{_-o35^Uo8tKe3Mo>;LlE#oXdp|2K*yf#ZWfb5V=8|?r z#%44%b<7}jjzPDVg_DAWn$)UUcRjP`aq81C|Lb#VyV^N7>>+c8F#uElktBjiiLW_p{}GIn$HAI^vP6mks;Y==v#4 zGPJC{-a_fpvT(o-qptbX(Sc)kmq|DPdO(H0l=`&8-Pk@ugPg@$?e;9{F#A9B{U1xq z{SX)%bp8vuxcs*`pC9{wj-=Gczn&YE*EFX{_MNq@wu#vQCKBLyA`LImc5eZ0}7v%F?>T%^0VU;_rJS5{QL(GA^oWgI{))M@xKa-WBLDRitw`4PJcF& z&E()Vmi}4al{7!-woP%r*UG`4>N)r4AK&D$4gT)M`!6U%>Hl=;U-RL845a@T(|D!0AfAEMWO*U)tY;R14<_J1I z<#i3EV8hF~*k6C~$M8r8AH0w;ZTa}<{zFR7`46LcKU)ak0q4K4*mM8q^4T%}Kaw&j z3XsCb$J;4st0^)#oI2K>2rXH4J3h+md zpZ#M;pidop7kU`9JiW1MCS@&!%ES>}g_!&bt9II$^24l^7|{u7CW2vQn6Mthq_8dz ze}yq%69y!76=m5SjYW?J76}1{opP>D4UZ=Qutelok;+9xHsxtnZY`e1qzPyas=y+` zld#Q**UFmAPK76!_xk zIcQ+oomx#M+M#@`L@vW~Yz69OYRNDG-In!k%UHi0xMl5-$e1dj>2uAjbQ(w>G_X$q z)hndfuM(F9Uf_S}6KYEYq@7gJB?YI6J1N3}$<4%IM9Eu_3{a8CW4$}j6Phfg;XoN^ zhv#e;u_8&?kP>-xMA$QVG@~Ez48P(t01+PYIFwx&p2?F7;pFTtt8}Rmm1~pnaFt2( z;&t#Z6?hHNMlq9L%4BDAQ};|G5;jQ815R{!(^Ec=-cgARU}8{danwX^Vyuqa=gR5Q zH+V`h6;NWpB0P**=rxK7Eh@TR!*Hx`qMnF1mb40e)3;#MD$B+uPmgxxF_AIHWQd-$ zOsR_z?AVpmUrW-bZCxdv>fT-5Oil z-C-g($xw}}j4>EI?K2YLI{nvb1N-lZP(O2+CuwVA_h2j2dXo3gVE!-LqyNdykK=!i zri>Y}e|PDB{<$FNIr_*x-2OX@_8(*Wzh7Va?|&Ew`l)?9V*eKw$M&BiDgF1qWd;T? z)JEou@7}X6LzDscKRoNP|1D<6^52mZ)aOi~6k?);*+U{AKt^5@g5ALPxqK#<%`EWe zwa{b~-(fgM*u~5|lffeWG~0ANCST-c;a^4mt?fFEa;$+#7VBQ6hWXq1+xhgzr`3*S z*Vu7j1RekLw4~hw&$zMt*{YQR9%2sD8O-*D>5PBVcmr6?sWz8eh98*T%;OrGp#iD9 zIU+t<*p}65Wc;RO+BH98xpT6extpXBX=Cs^XccF8*JhBx5$GQ$4Fdm1ET*i)DjqQ7 zJSk2UAlhv)wVZy}35+}L;~nl6Iu;uqFpA+$UBEZCiJsUQ>|m1Enj7RvD7UN_4sQrM za$#FkFKBCPOa99-Z+Q!oY}EyN!o%p{CO*m`M^EVZx>~DuLHp|c^87s)gemL|s z`XG!;D!w>2168|>KrPulu8l-S6?O4~b+1yi^G-Ezy}zA&MoyBggnThfbew_^(M1 zPi$hEvM=GXh{ph3g>X$y-1h7)T6yDokZ6k*XN6LD$adE#kq6~|4)-i*8W_OVnF^R; zqbWp}nRm#@PNPK8yfa#D8~2IY5Z>yuO1f7?D4e0ys0naTU{`^6ECw@TYNS9mYa+pr z&*s=$BQjL+6SqZ1_~lRZ9lR35@ULh9S2AJA-Iavz%nX4{U}VVD#dShxx4ok;Ur^pchod z6IQSS_5$Z#dy!#cV1GL(DI$3=P6xK$w!0)s7MOw60bDvT(hOUH;aGM2YRW_D?KQTk zoqIf?JfW8donn{+3ew*2jKH6r#Z`dGRg4OBP_t?XYcx5YEE|^w;EK_ zy($IH+=d0WaZ+gT4~@1v!QW0X!*-2tT`AgxzUMPg0jur0aGcjV9yJ?cxdr*2pUVb} z5A*UEPQ!%#TU1g~p9V&^FP=$)>sJ|e+%(V`o3KeqK!w3AH|X5qNrVlrnm)f;{&s|S z0lIv^vstas`c1M!kq!diQsOt6AHrw8l&PaY5wW&d^hxn!R$VyRm*FdUz2JMtbxb}E zcysC-4f=KB3MkUNJd6xyqrYOj(p8nCps7J80y_)5wd?45dn$$sjc0IBpFt%NAAC zVIU*~Q>+0pZQ4T&1QgX%=T!RK)1EVl#by5a&rH35|g z{a0+i{WokI4n3h)?1*Tonp^ct*a{FY_$N~iQt&Gz=%}UeYREK$mW|&W+j!aZ`Ko4C zkpxWsmd|L{f(sIc`X9DJHe7UyU%cQyN-tipcW%>R?@bGF(Ddss*Yww0(ZgReyt+#6 zh+klC$232u$8J5ih3Td-$s?@c)fHSrqRSfVIHW6tl~`#53N)E`la|CWgJaI7vBKXI z;@#g9Gk^Z=Ai%YZE@cBz=b98(<{hGBJh^zBxxgLvIcQQpq7fL$rD(ye1P0xHRhWXL z^5miz!QX<$z~zP2y}iB77&KNQ_-$U#pWEG8+t@$en1%7;7pFW*zKUc4xQwL#Rnmdk z#w{kTFdCjXRnR}0eiG#RV#WS;YC!OCYEfS)IW)vIS_RUSz$&dAvz_C=C)n!B@y>Dj zZ|8jHWc%Rsgq^P(9j)x2>}(vfgCn+fu)n@@vU9Kxzc$&*{v~_Av%d}}(;|YxylZMYiQPB!H!KcG5|`niKnG)R#EQ&({dUeK(|01z^QSFdI+7-@bvu+^i9j+et>@O zoS+lV>9sJM5d7ctkjK*iF#fu1!rwMliovDe7`%d-;#FWe zRlqHg7l69l7F=jGKK95vztd=-e^LB7DpFtsxUG@r9CgN@dL~|?@u#7>E%KOjx5%@_ z2Z>o2<+Ie!U&a6Tm;W4XtgP>CJX!hke+I{YpI_+F|KxMIvHWKgrN7iAmHLOtTvGo4 zkxMF-`la#~)Z#xy+Co+Ux~wIYx=+%QdZ?f!^)xw4Y6vk)YM_)QHH45Q^*9+z>Zu}@ z)B_|esi6fdsi(_VQcn`Eq=u8Or0y54q#h$%Nj*xml6s_MC6#(^xk~DJ#VV=il&Ykj zRj9&|Pmf52P*9RUCG`M#N@|ceB^8&Zr0y4{r0$cYr0x@?q#h(mfg2;GOHop~5G56r zp`-?iP`H&B|5KNr$mjC9NO9pwitZDVoWRBPzg}*VN{yu^zfEewNt3wDB$ax)#3Yq^ zxV$9wcyS3GiXK@>D)j(K3059XPLjI1x=KApN+N|M6ElCNo+=_q4Jjevi4upGkEBx1 zARS3PLO8-@BT_VydM?RG>KOzhsr%(3|1^8MVeEg<G}yV(nvznC5N~ZW5(+} z=Q4M~MqYFX=-($M1Guji(j9G1{#c&Ii31)39vsfKyc!XOblN~S*UZd>%zMAXk!u4u zOA0T*S+me|8>nn@`)C@1byg#WU$8!ad<^6}>kLUP>2&~2t?z7ZZX9jwpJaqb0=a4W zhK0j7yF`W{wvC7>#P?}lMG`Zdo=>WXZSNnPY?LTfeK-&0+5ikqK*$)dvn1D5Cop&) zacWmErd2@mrN}JRgl;V)Eha^92v{`3;rtqQD9O^~eptmMA1J5|7pT{%bm1GH?>4zf zA+bdf`ERLj)AL*}lY$8W{8Bz+0B6MP{-++xC(PW7sS%I@LrPZ?S-fX>DgG)0IlRnv z4tPG{-YoB#%pCl~O=$t4_8?ig++JlO&C2D?o!yOcSwBFMF5t<6U2)aZI%k2N=@bV9_!JzfYs85$!4?2jq zA4zc@KdQLVva!kU59sg{FN2{P9$v(}{pqNoP$ zWEh2IA+XRUlGf|tb5W)DJR<6FqzBC$F!pX+67lL|pNkB;8JVTrMBga{(39|FB5d?v z8Kkn*ugC~8DHWX^771OP02NH#3#)j#U`sG3IOkU+7f>o~ZR{N%ZmeZwR~!kd4Bv6C z@}EWo{fo;W`+o$4r}ps(`|tV1{Mi0`6lKu<hC%AfWY*F$B%-(er(tE4k`g2-?{kyvE4h!N!gF@UVQ)9?wj3;XVo6xz4-p| zvlrgxD9m`uBIwOLb}&`jMX~A=PJ?KG20(m>;&cR3Ygu;`^2)UBvfBxep|PB*-Km+3 z3$pgGLaB6&H4ZvKh)hbzrD+)DG_Y(xf~lVq89Bs~x9in_dRR zQe~b>(R6NPCyc3K{xLmKp}H#I!t88=Hx10}!0z>)e@^headp%hp#~k*=eR`EhS%^P zJwA#e#*KM+0E*eF9N|Ee`IF6VqE-k#z%l%sNZ5Sn-|}1s<&-73F{V~e_t#-wz=Y!b zrr7dd>_N-HekLr36|f1v>2_>X=+m?u^LEw`x;CmBs~xx(Z%85&!u*6>6~M$8s$@A_ z&xu(#R+o3#?gYN5p7Dd4OTgCi*z~-_fg#V2;BLlEcgRkt6PO;3fQdv11BS;@XsJ{) ztG3~V_7!PypzsZ8#3k_D0Wla%M+QHWfgzOxm$i(b+MJ#%EG!l0W};)iMe(K%9WV-R z7lSv53N`{&{Z6%Nnzcdeil3EA`0q6S>%l9_g^$V838#`maUc$@q;*K&{{2F%UFg8} z$v2@JN63usV52W~I=n=L1!N z;X8N=olZ2Z2^ay2ye34{mh#<%7)DsPi*<8ZQ8Pbin6WA2s@hi73hbxNp2E@$H*a1w zX%_h`qe2muqT)g8CpTDP>2yF-qNCU$L<^?OnZ^KK$498L=;Do z`7-H8rh)dctx8Dzh`-j{RtxrK6M8pm@#_-*|GOF4ad}i3O8!HH)8qSixco1-urSX5 zIg&Ee{^P&OfCVsu?;~tL2FU-ig={?jYk}ndWBK2&FA>hTZu!kQk1P37N5?4al_BI% zkj8%SUq48NOe`DE&V>07SgGz-J3caB6em(u!TSif)iU0G<Of1SY9T403CeyGn^-x{iYw2z0=e}#pGasKC#l;QVZ2u>f- z$3Xl)AJ6|;$SsWHzm22_dBc=+qL5~kX!8$5pjBrZ`)8k~glxUMcd$P7ne-(-xp0x+ z+;nf18EK=2)@ejrPK_zGe`0y?`6o5j!}=I-{^u8R@%(?qTyC8IZzKgyE$K&FZeWJ4 zR5}(wgJCkoEfFJD!H59p6;;UOGkGov#PiLjbNNgmla+!+l5>7DJ(o@Y&tI&V$;lUJ z$31ITeR`hD1tYJd;7Jr}5EXt?Aoz8ZRFE*Rz_0#M%)B0;#jVAg9i)I%@ zvkRFeS))ag%~{NEW;%gT#EI&KSf#3Mi8sag8=hH#4=x*fiJ2*q8zeO;I>_PZ;Y0YJ zSIuN&lW@#n*7uvD^@Z5uS#m8E9jNtmn+AXODr~21lLt6FEM#)pW3NjOv*Dr;w-1x@ zOi?`_eZ$4e!ksCxMhoyk@~iR}%nDNGX6mSnk$CXp}4DlkD4M9!q z0YKcVa3O}-pl}=X*BY!AGxOm`A;?i}HM^#PktXC;;vN=<0R_*fUW-3F9jg|&t}UTl zOri>Wm}kHy!T!o;;d#MBGB0HB;)uYC$(~`bSY=5qRXBPWdN>Lg96rs<^T(gdDHSqB zSv5RSIq2n;&||cXT8;eXrn9j4qH5S?F5F)3abFe`22~fG^*M=f*pim*0OTE;a#>d6zHzK}4@>kJLBRz&VQ34`DPCh=Qdz-fcKXzjD!9u$Qyru73hiIM1 zDqwF36wl*Ft6pj?_qk-VI<{Bj8r)HR=1G)PG0pzKL!VQ_((h(yP=`W=(DVkyxMP!o zRqk`6&xq({&O?X z;YooM`2H6c3S<6%B<0cjuLXo1)JJxZ{m(+r`ClBz{~JxAD6kXc zH<{8BGO`I<_+zT*4k;NqYk~xzSe-{_o8a_-_JA`8=$fV;ahh>rYyk8RD~~?^B16eA z_rN3W|NP?k{vSzs^8O1~%KNT?LHNIrkNN);;Pu%5XC#H=?$Ggcs$v_>DeiT1$EKPV zx7(Z)o}}gGt=Hz2@>B~QY^h#;3jW5bF(+YOxu7>$;BAVEu^8RFeo?Pqqezc`NnHImYET9d*!&|#zy9?8}9SQAm) z!C05&viE)4KVrl~TjG%)#8+Jmf{W*zOr!yn3jMCV2JK~E}IoAAeKN+ak1vMEwi@ixh>(+ zi8&R}oeWq7z$x4maH47PxXxpS;TM;u%l`%o0tWN{3vv2yVa)%Jrf~j08k#C92nfSm zQ>L*nBzrtCcYgsvPtD&w>v56g>F0m2AmG9Le*sWJVa)%JqCCg`%e-6t`gp|t&lku0 zKa%pC`>$nPi}W$@{$GsQ{}u9!`LX@qNQz9u$x15UW;8=w_&g@r#lhY)NP^Zl4N`eLR@{%P;2e{vXqSzrH+S|A)2! z8A$&X;_?3$^Ydf+ZzM&^f20LRf5DGy@+4zisxy=T=yy+UTn3gWoPU`C`ZODfryP~_rBX%^cvhton5=Y{X4jTeE4%d)`^1g|G$3G~(+o+;vZ`0& z@nnDZ{Kn<}@(lNX-2Scy3k*L0#kl;hSQztvBPsFCn=WA}lX3;4Jf_)HcPh=QnDE{E zl!YVCu|e6Yms^(aV^SzOim zq$KI|s;+ZmdJVH&>9Pr)Tk8*@9N;;BCYfX21(E5!o>9%dmL+_X#pb9kM#5_fq zhfY!#mIHXgs9E^Su$h9K6r+~LSmL*pXOaJFz5z)nV9@zrjOTwT3DaM1qgDjVs83Wt!fODoaBt08 zSt5yL;3gy<`Yft&?6j=-5S2+Xv|G^I6@$CO{H4o|Wy?r*LD@y?<)Gs^)5yQT>ooiR zQ)Q;4f9XqcC@|EZrAQtIABF82wQ{xNd8QK{D}_U`2A^J8%?+{PZAeFR)Qd^x$}qIB zjcKB}p2v#f3GqLEss1lFmj8~VJYoNzPye^L(5wF&`~QukaQ&b3&VH2PcbZi?0S1s} zyXQxT{@4!ue^YtF`TwQ*zxjnR{vSno!v6nK{m=Z^{(B_lS@!?Q`k!2n{3k!=|3*?$ zV+GK^x;)GM|HSj(YyX`q6vp}AMp7Oj{~Zf!|BK4A$bX(){+nA|9P58ZQpWP%vHbUu z@xOnm{I@vf|3^}uu>a2||Lw{DyI9DM<-a2-T>dKqc8&vo{M*VC&i^m9{~!DRjix+l z|9_qQH=iBv|47QS?Ell`KlyAt|92r*82f*YrcAOu^u8$_k-PK z0=Mk5pW4T^@vRGQyDz%zr`Aq4&32r?gkfoQi;{~gm9}iRV%TV5`1Y-NXZZm#m?V+r zyq9m<^$dT(dCj-#N64UQm6oS(44boEktXSB$d|r-+n|oickpgXaLMJnDZN2iLo}uR zjP)$v#QN5H=+}D}-sKaT>PDOB_U*Hq+-En|C-oa)bm^^-BkGUJ=s;X{+@MTL_Xo4; z><_U?avvyqql$wk#5053v$I`O~b@*kDWxD^?@+|j%G&<~q{eOVi zi`)OsFOK>DkrWYBoo&*du8BP^m5y;s5BY6tnSL^^y$1nylM&#=l);e~a{0D#+&*N+Wo(Rb@=-6S;y0aWIn@|h`R*i`Ll$0))jlJw@ zFZ0>|=HvE{D~~z9y^{_~5)-1z*Dq;UPe*wK3p0M-vSj@kaf$v6Py ze^YtN`5)E+>=F9kLVj%jHInj_{U6o<Bh<{!ev$vuruG<%DYCJ_aBf_K>O=%)(u^ z>g+pdhS|@tH1{7}2AzM~s?1fJX1&Z`4|euQC=ciV3fbZ~{{KkIQ2QTy^UyvXvHyz; zWB-qllt=9UK!4A88F2sS<`-h|fAVAdk5LuR{MxZRQ~?2!pA-5UU@xFjC8ULPYa$otgjick8gZ-JA6d8{2&Zgq9 zCi^HYKk^zX`qPT;>io(*o!g9R^JoMh#7SK5M~{SQ}%PH%-e^E&42QnQH^% zqdYH|>#iSUs4{HL zaPY8VFU$Z;Q+4rVS}oN@xxBfvyHPIxoRH~>dDEV0!=-cscwOBnDPhSJ9Tj>)@nNxL ze$gF6=PIi;USPn`vLF5rI>VD#hvC2xgDJZR&vgSHVJ1`W*mfD_K(m83dwn7@nK}8- zRGP^dhzK1z6+h>l!3@(VNlpH{c#IW3eHPF4a}|CFh+BS058%!JcRRhiv$nB+ zyupq(R@V16GA%g6+bjE98@mTv_yb^ue0q*xRq&4)_EO#FysTRuIYUm1ZoWf5XOc6&fSJMr*8{?_J~I{){l4;; z`(GfV=eqylZJhs~UmW}Yji&Uw9mTbR7!^={E}L1H8XwR9!tzl0Z`Exh$B%Rv@qNPx z10OE`TPTe4e~hL)b^nLC1P00fiuvC7Pld%X{vSn=_+R;QguWkZwAGui(@O58#Y73< zHsF#UUVU2oJI!EC8)hKIO8i&Ga$pgis#!K~3_En)3O!1+Ce*vP+C#XFlB%dtwM^hN zYSK4#8hNTTdyy>Ying5bVLJDJAmurc9)UCUgGh&cd*D@J9b(nOc6Eu7U^_{A2D?&i zA{Q3jktv_8kSK4Bq>)h3F{`HUBWnjdA4$dJ%EHGe`l41Nvd@UvRF`wI*Q``h8y^>W zs<#oxKwiXNX=BrtM6Fz+k~yrWueSD;n2-9TT=VVeq=z$o+DcySe=qy-Q2ftjH!Jl!3#%JMN6TBKl_H0Nk$jz$Gh^&Qfaee+wfqFI-XV@e*PbB1pWy5&%$DE%>R#~ zJa+$|k^U>>3-SCv^Z9Z9*U^;0JkNt}gOHO=O|o0MskCZ)rs8! zD=OzQGRK}Lp5!yp0F)^;X<6}}DYG9x^kK>bd`d|rN2xcrjHdFk71f7&rnGgK&;Ul( zcAZ)|aNkUqBEyso^fBzme=YOPgacDPTsc18SPzw0lkC_G0yDI(ht6o#|5#@6uPC*E zC;|ejhT}R`)v!@DmQsy~c1cqh-Apuv$GE>L!J+nz=sIE;C?Ej;Lm51}t;p+1wo}Kw z6|jw}N*54Q1hO6&*7x$i$k0qkxu_05@(YC?Tk#xoYqDm1`@v{uh8& zF=NfOIzb0!+GXY)5TZU>50lA1x+=JyT}!iu>6ji?iH`(#JbD1}zW~0TR8;!qCJes;Ii1QQkbD4>@=zwO*n?J%^??-`#-Skf!fmeXQ_CFWVl|A zDZ6`tekRt^zgrzU^73fQ)qe#D~Oo8ibc%0_| zE=GRa5&}rBO6?-_4G<_imOkR&@17qWt^)Y>4|A>RzJ85}Exa~$iG>P%yT&JY;u2Z7 zujAmv`Zz>1g%6tra?S8r$p`|^s&oRAm88TqrO^Q^wVKaf3c>{!(SM288eZY3M8T_& zlwvY*kT3<(obWPQYwNDb?_xPdqLOIVQ@*6wsomSA=`f>>&I@o;hi!y;jD4WHv|;JD zocGSdA_ zrsG&&@4GHz?e(8zzl&4uEB}5O{))D^tZ(mInPSb1TAR_HYGY6-w|U{9wd*!A81{U6 z;wn;q3MsCzVIZ!^e}_n?_;Ot#Cj(^J)E^U(9qd_!$Ots&&q zH~Oy(R%E3JW%S=^IrcRBpW!UPA1?n}Sjdm%ecA<)GW*u;kB+M z7L~}_b{l0a;pnvZJk6v;ZyC_Dyn=9u^0{_%99q?Dx>4$u2Sf}{WhAmF`s@Wz1ut0J z@Q7@}YBX@y(?$l|e=DuEh~ENfgq1l(fq!AV0CwxSfks?ur{-SA;0fs!JQ4Q_R;>*F zd?Fnub$jKap-eDIHmY?=i!`0hWOCV=jA>MxP+#%&{1wL=kgsosegqq&1 zEHYIyW(NOw)9O-}pm7ED9Hm?G==mo@{6wLvc($i+KOF?|0;m*C5yVNz@^ca7 zNP=sGcZ3?hj|6`kgK3m12bif2NKc>r__3_flv`#i!^0Yt(K^8Y#G|u(j)Yh7GcBXd zzOx@~5y#|KaB(hO0)J1`xyzSlJH@4z>n>|r~93S29^ zf)&awX-uUgrUx>l60(P8NF@QE8OX-o=L!sek*D=NBYT<@@)_{|K$p;m%l{S^i{tnY zBPq|Y{{vk@2HpSJd_4bWE<2|GM^h#-qT3RX@PP*?uxet!Jrw!5MCKbdBS$+kz)RX? zR~Wuv<_iBbZd{8hTlTDP1~T1lhTHu~YnztU!VBLDSkv_2W>(gHBEAqB3)LBqDLaos zqlCAw>FujjJaT~^&owbVtL9$9sfFjBs%-Zhb)!5;D8FogVhMbHuZj?*dB$zhZo{>) z8jkB}rdCuhCtD@0p^#0nQrY#ah6RJf01|0df`4n|77kUOTM@q^yi_8es%m4in{mPN zJoukXA|H$Y^M!mo|4%ME&i^r*(t}cyT%FZ(-Dy~(yhAhT6pJd0Vn)*(>%<n*%)6IY^R3KuJC)LJWIOVS$)9d!D5r(4)dySd^ zX^u?&-patOJNlUVRbGcNeZV30tFXf#i7s{KXmqyr{Hk1cQLyLUn4ZVYK1ksc^9886 z$kn6jg!ua?kH%R=C76i3>lIH#UME3ItcpI}$a~$=N!arChLqxk)JojA6?kNdEJbmB z0ig=}neya!eEoBR$3Be~BB0tGZb2g#$f4zMZyiZt_%4^4@Xlr^ypx~lX^fvlxnKQ; z(QhtsTjS{O`{OFzzobL3`1gY1n0$Gj@(lO?K$qY_{9nEp=l`KDJd#mL2jCt?uM(Rrk6KOs?knu#Q0M$Gn>e1u&xJfS9qEuu6jkyX+vzMXj&cm`{@ zZp|_Y`zbdBOhF=tQs(%YPeA?%t^GLGgF8sK2mH@}1d53?5AfkZ;OGZT<$7N~)V+n`&&2*2TcqZ(LRuSEc^!qkKwXnoj4_|oA;x@F@ z7$fx2lxM;J16;x%EdK@kKc5}Te@9WCasMC9|L1dy@%>+19P58aQu+mhP137Hd}EN! z@6oJDTaOzwnvl%Iq+bAg(R}nw2!7HHn(-595jMAgW;Q-kR)hH9qg?g*?sS#xbIlP!KGY+IaGdwdEAQ?Aa#U3V!yt0r*+fN`|;W5`T*xmj> zuQcT9bIVcw;^divZqBC1l50i=J$whtxGubC9aUubtdtI-6OFZ`S3v$^?M_}4<3+iV@X z_23q8Zkp{lRn!Xa@*G|8kx0=c9;BJb8j3l)Qj=j#G?uKHoX@}K6E=+%Cd8|WnLnY0 zuG?WPqf2)XIyn+yLB^uo!WFMC1Zdkr{1qmV6pi3;FGUk>B`~125g`#oJ;3fXU@Rgr z+3oFZ#-PDwT(2=F5|jCJBJtL&oZ~4MzYFrK#wuNOu7&D|N11Khq8EzM@T9KTp}d)Z zOVi93D+{gEV3WABu)bJwbVw~}6=1mxhfS;;vz_A!wz_h>bDTzP{m#ku!RZM*UpYEj z*+1FYIA#Y&Z0%rwedlE7U>|;MvX%Wy_I_u7JHdxB(`aZMCex;NGY`lY(wAw9v)HMTvCj z?yYbzx^)@(rTdDIr2V#>d$WUP7~7d@K{r*?qkXo-$MBB<{Zu*)+6b8$FD?8){0`}4 z(6GVsLpxtf0y% zODPb&BL66Xi^`UY){^(_wzssZP~kNXO*+>+`+jIqP_91nBTFzzuwau^LrCiae21H}nal zm9M$VA21Q1#Tcgfp|Xu{7IY)DnKjx#;LNu(bvzgN#_(Y9Y*UaZ8S6rzy4(|0`TPa??+9>n&gW(3VF$iL8gL6)u2y z(mP{%5lQNUqhZmq%p&^_l}IlTuM~^S^fsJ>Rw)50pemnTti2e3AUmgNFjTc9SRvzh zU9lm1PXrrc6hnPS*m42{LEYX}gu3?tQzUu>?mc0p>0X^QmsPBIjSeD6!cJ*6L8Kbq zf+%jFTbM>k5ld<&9AY~22AlkjyYy4tRueLmSq8TFO)5HDao;V6yfqhvAfD}`$l%2a z+3{#BEZ&R0gM2z17ly7?sQISw9TM?GQWL{`C%-E>Otc3?n^(}w)gPFswMJwxT;dIr zZaXw7xKgpkN)_8^ULkRF6>USjfZM8z5!=F>AE*CjLYqL;8bD22h4gpKe&DR?^6i1w zbg0BJ(khZx5fD0E8b&x6+qxE1z3Z51{Z2=Pp-sjTz_A5pq%9I4DvAL9hWn`tAP@J5 z>CFN$)UhagG+s3!A;YB|wM?WbBz4!eH#TPr3roc`QU5-W|AAG#HUmH7w*9JG!=zuW zxr*oB`sSRf9cgC|o91Cp@XnJS(C|RsUi963c0NCRFIYPYk!=rV+$&Ry>;;M6kffQ8 z){e)xN!rIKF6oa(w388{lYV$)lC7gPZVLek4l@y`5fL$??WE8!9Lhp+U&NfLBg>;O z4?B!w9&JR!BCW^(i4TzsgJR~8a1O)N2sDk#Y&3Zi^fv5Vn|>IP2K`P&ca%h{9!bka z;}5EFi`La`5NU1$<#?!RSB-|@rFisg4M+&xmK$&aoHxlJ(ob606Q(fgfFElm5-T+U z%OjZiz(n=?zTYV7Mm%;?uf0-abxdG1k+Zj5R2HZu687D=B%Bn52cF^RA(;jpD*V(h z!%E-4_*9iQ@sov8dVmRsoIWkT8K%OES532|<4CiDNtBz0*Fu3p8RvrFS~G!ljjly} zam1&5_MxAbnEgZ6@u=g3R`hBan{fV<0M@9ZADK9@N!TQrE`as8L4+P56rz`NWKe4u zgMl-HDCn0~o^1Iq#O+=naL-@ifLp*;(7to9vb&M?0wgEu$n{nX^kL+Ys(6eD_|S7v z*EAgq!l9Br&LC2Vw1=(0TGs@NZB;DW3iK}DMkj~5&YqfqR4~7B5pK0A3ziKRUTS zVOu7OxtMtNZVNa zO_bRAtaVG%(z>1I?y;F34GTbl7QnJF~^X%M?5s)nmDk%6bX-2 zsc|=4z!sehpjb&r&rHOfZS{T*Jrl_Mj!&9t{VM%g>UpH|ENGP7bGhpk?wgx10MI8< z(tafLb8ipHYd-L@?*W-@@rBOK@m-)5?p>jK7YGrtKEb~8>pzdaq|@8zo0yY+GGTdb zb^(`72=@MyFlzri5v!(Ois7ZDY$t*Laj!dV@?o&2q0Q(K6_J{HnRR&?@4LY!aFVrH zuhHPzy+-qi>TuDS62S_|C|o@@#?ALk_NBvPRB>4>$y`w&n`ROhVw4q^&CViktO;H@ zPXSzS#jF}a)a#iT>(%zTEEkX@SyyP1BvKTZURp?3Bh87SVN?17hJKShAm=xMs>X0x z0x|OrBiqBG@nE!cgTClxdPX`zkkOC8=Eq${pZSG_!r1NQL)A-%Cn8^UYx5 zA@wmJ{tzF;tAx?@CLR}LOH)mYCzAMFQ=KZ}Qq>Uj4$!AciL^_!kS>mjiq0sB0%}Jp zP`$;Ogf&59k}X1?Plt)a-lN^sDb3}$wpDu5MxVWnev_==jEO0ENZ|n_zJdqA4a6%Y zv{|>DnrN{nEPt#`tlC?t?>Ku$81+%>RVcCnGfWU=#K~fPJJPJTh5IDIaygO~V(`%K zU&ur$j8p43@T3;*8+wm)IRY?RC)I>S@v4aoC3$|AbO@N~16G3HlTpxyW-qw{nG%oD z5W?JJyVVSdsiM^(TX zs8U5kI)f|t$r6vWb<#1BY}qD52m$8ZLV-gV>3EV44QC~DrbcE*<5b_*(#)-p>MOJu znv|qOzZ)un+))4$eDkiHMCeVPn2JiqK)e#FX-Mzlnm z+cx|rW%>Eeel&rk|G}D{u0IpPhy^ z2mphtq8uGm6wZ6!PwUGNGbWBrPlev5YzL_Q)xZ705+7%39TFP`X#5iCD;9q&)Erw* z-JM3IYNQ?dfe2c21xNYm*N)ji%q#{gEiqzW^QS*q?;F+H#NRO{KT;;xwCG_bjlMuu zFcm|II1sZIF%0OD9K-?U^=qaNW~gg&00?l*%#V9?^Yu4T2DW44RbGq8<@nZGM;QD`v|ZJkNhyYw*W>OtZJ33HaK%${nbl4p z8FN1{+vG^igF7Naok?kO14sJM^k?~W^U$=oy4?^{1pa|3R*pmmL^HEan_fu@J_4|+5!gewYLU=Ep}25yP!8rg z=(J6qGw3YeY1gRs3j#T`gntnVb>LfrP)KOF9g0(Q+gQ;`xza6TFafa?p~^*vmt;28 z4}BWKl%^5RNh6VCT#)W?N#UFk)cdeDVkTrEo6O;`X*I&A0kgKpiC;#yJR{+tq?#M( zWRY~N9=%ADv=kvSv_jWKk@{WnDk`vA)wFJO+i$J8#3}1y&dktkb23Xa=4q13vs!&d zHH3;G7(o9Qa*Kr+{lAdS{corL6=U`6BYxHrvHv^iVluu}^l<|ky#oIoF7Q)v9QbKW zrvJli`jTw)ev<(nud!?Sx}Gu7q9Y=v9Bjr>jMTr+cB5bDj6HNCX(MHB#PkZd!^eRq zT}i0j2`TS{_A{1WHr`D0Dr6cHK8&^$9|?EY!P2m3Zz9A{i5H%jEorF%U|tV5n%tqeq>P4st--LH9t()kKgDF8D>7mplXC%*1_< z;)yh9qN)Bh9%LeOzlBWrOhDi-H&W62i<_*Bsjz=m`8D((+J1%d;DPiX{D{(j^9zN- znEo3@8Pk7b`fp7Cje`C=HXla*{g;q)euSJu2_9C}CzeFS5s8=dS>4c;*U{DZ=a6>( zs7X5xTqC3Gpt~_)_g_(-GyjiD4jQus7)1Xq_Qro-To~v79!cqw=`Fsa@r1BRH6C`O zP72K%Hy7SLI3aptZ{uX;@aSOcXk~A2XMc-rZyar8unyY<+GKNOXa5ANZEvg`on%Bi zqM?;qjbcY()Ee0>Ty>N*G7JmM0;u46hKI3*RT@%@2t$fGN)Zst2>g+YUxgQwh?+3- z>(?SHrNH6>xlZ4QT(SC0REs%~x`@*hGC!_%t*Ef6;RNDo*znoCp-Ypp_z?w-{UKFJ z0;v1)`qiyFioJ;+pz@Ctnv|a}(oM`6@K-JWK3ctX{eXE?r%n$>=d5>Q6c<|Pn+?B4sC2E##tVkp9FdPpLK2b|jro_D@q zu3FOWdsg)tw(Spg>YIsUOG?BTpI1WDu+7*z1@K~VxVptLi zyVOG?;fus3dg(h}_{?BpNeeb$a>;FSPv-#}*86G9>kUCI%lHd3z}IGXf*sXQ2Nm z8= zRVtoTA`uX#QavtYk|xCJQF`Z)zC9D4#!eA1od@0#W$inpq-;Rvy$%!D(}Re83Jh`y z?cF?Ryoyc<Yc20MB8aRjGiTY_LB?5|$|3Ooi#1=J02sJ;*mj*^1pCJ>v@3rF<)-}Irv`qpy< zLim@Kho1lBZNI;d>_g)}<`?t%{5byOD9ZEfKZUtBoFMr+7=Zut*&g|CZhkEP9Ziw( zl%tfq+D}CO(NM&Ha(Tm0cfyqJTOx2iN8#cokat4_$)_SV3Gdvd!`_>g4|MwLFW2;k zvPyVxHqx<8!q_I^Ic*X&00&-lIuunAl+Um?0^V7P9aPYe5!tT&gOl>%%JK2WIuJYj zu@EgILl?dc73ve=!-4hX{LXBd7k@Uy5*QW z-IN>k1|KB;%Kjpbderu|N>SKqX$wP=RC&CeJXfco<4WwXzb{KoiRvo4A_*SaYm)2kjSm zxZ8=h@KENkWHN^(HA#)AW_iHh7q}lLRDB^~RDCji)td@aP5SNK%oWX#1*UELTDEVk z1q3Ai!JlZbi^qbeg?GBrhzpn3Os9CRJm}6dusV-P1F#*gSGWwC=25j6)=M+ta^k1C z)rM<&ReFxUsB*ny+bN#9yWMuZfR^7jzIFL%{IILHz8NLx;Q15~>W#hzb#M z&;<R?&P!mO8qf=#)#h#0wU$+5a$Pd&$y>J_>H8C(9yTANpnWnZzDX*j;f`YUDxUAS%IYlq(wNPfufjqnzf zqtzOeCn>pNHd5K_*a-V`3kLeql=4wV`O(1of+u^tv~uSHc@J4r~&Zg z-q6PoeYK?nhbm6&-`tk*ZPC`XO=z!G^8~Jc3u)9Bldq&=l~H z!VJ3lUMqA&SIc*PB7R<_B`rxfdQ$dQwtRHLe?!?(wPrjrpNxz)3O8u*_`>yG;5$Ah z@pQN~f!^r;5FJ33S<8_g53{)fYPHT?e3lM}RH-bA@{gTZ*ysqWe~%fNFTPa_5{#Ts4Jvrg3(({&>_W zU_Wz_km`j;xUOe}9V$?$H5vvCD=kPawc5}zV8(Bz!`TzQ5|cuWsG&C(t=Df5Y;l^x zQwaDw9*pkFv!b@0dBDG9TrdCC|b2%hoW*a#n=)v8$&U+_&ub7CK}7()*kwi}Xre2gz(Enh_UPjsUK zeR31u4qzc$WEp|}x)d5zunD*=Yla9As?tI5275y52}hl2ybf^1k@>7rXvGi=^vxgY zJS)bq4~o?W)WVw#r%4<@@TbJ3yysiszcW0HC`J-(n$>GuK{@ScKtO?^eIl*9dS(lq zK#FA%)Cewe*5IM@`_aaNQj=3&Ry3mJAb?MQ|2cyZhgxRKO*3>;PxI}a`N8nnC+Y6q zZDB?Ndi5v0Q89_$_Ou=C^AlYlpTpPUfoK+oAAJ%3Jed%QG}xy~QWt%yhT%hx%(iV* zIVD!cj3C6%bF2`#3dI*;t+7-M;TEqZA z4^Wjc{r+*ZW57W7V`5kZ5i@|3PF-z)kzxZCJfh^Lz(Cm^bl7ic<8KH>Vs$7R)3b1n3m015{~#1hUHRIJ1Z zeYRQjHiLdFk;9}q{+s|OpX7I+DUuk*!jMfvvxp*U=3N|yfE7=wBuAiun5-s3U?f!m z910+f#I++igI7_?CxUolZO%vccXnd+(9p zFoXL$J^8(7cz}=PSFwh=o^3^IJ(&Kz>f)febr@yUaI*k0G@$8Zv>(x!%KDL6ivgkyC@3{X%2D&GRWnbj{vR(-!~d2iHuZpM0O!r#68n%t}_*& zQ!+d;8Yt=oc=V-Ds}$19k2$i$+g)+r_?>WQyfw%ZnbRg|-e~Az^wtmD=(ZD;RK`1j zzoFY~nu1xY;|lDAVnC1-kV_=g1HF+~IAF*{J4Q(=5^dd$2y#~L=DH+P(8u%%o3=7Q zIAG>0Bm?~!a;Kt=rn@3=wYCJss7XfSyM;m3trjI519CdS&q+}hS}YsPfrHEz;DL$P z5y9AB6F(=v>mr6XYy#1oqQ)X`!xX33+|LO>uoDwMCz9nugM=PZMkH8_PdsqX=NNs2 zEhLg1{X0#PkYFHhK}!L&^cevcxx@ybO+P*k?bSWQ>6JbAh9K{|I*AgLKI_NjJ3aJe z5><5Hm6QBMhJ>W2K3=91wp>;-Lp{^@a0{TLt)>ap8Ip9=~7d0<^`F zoT)fQm<2K66lKDSl1+(AyZdZFRB*w>{K~rY0a44JA;+N0Ohk($^XdUI{n`>c+H;xT zPa;G=PL{!oY-D@_J>!=lM`3`;yK=6S8k`G~vMHVanSzzYWD>xsD)AO<1gv(SQzv<~ zIN*wp<)A{a6EFH4xqf35vO6xZOB|8D)wqoh8*fCI_$Im;*czp1PTD=~vzho@BX5VC za1C#d5*u(xzm%g~(c9iPl)O?7kB2u_9Gb%Rk^51wOX+^v zhjdIDpALoN>ApNyT8h}xp`0fjif}(?gj(Xww2DIVGkMjwf#R~ws3^H&q7aJ9>7sj& zmlFnz3KQz^4I{~DqzxdYXI&3{@Jo>vuCA`UPDKiz)NR)4;+OD5I?4CG;};=jt_Z@m zB5facDntPZb+DfFhd2x%I7r_tBm_Q}LEIWnKpHj5YHLXOKbO^dBCk9y$olavEefVC z5+hX}#CO(sV zXo*Vfc%CQ`66zW7F~gVyR5C4JQ-G9zSQ5U z(=1j_kJXUCWXeXk*x^6_VSmWO7=|;S4B6hi7!a~*Ga}tEdjWmC(3K$u?sJ;6nOZBT z50Q!qu_SKC7A6fmxiCe(it*V(GXXWUwoF}Tr4|WBmC+VJq_>QQtAIMFrjk6R*5)~m z&!`|Y(8(jVo)kC)x0V`H*hiF0W_|eD*ly}F5#mNsqhtw{IJfe^In&zk6$zIt%~z2$ zZ=nD})^hn!_23>z#E3MVJu&K&kBlb5DY@VM87yAeI*C$V*X}r zljl{7iVTE|Hr7s`U9=prk4YO9mlSDjByWajl(bmXuEtm?DOT?)3C&|1IFx{j=2wCi z{_h_@C!#T*V&^Ah4)x==;&cNFU5n4*q<5-Kyo&ghH_f4(<6>Wn9^*$2V&p9JW3;jj@|hcpp<0_-A5!q5~uez zNEEf>%Ck&IJ)~QOLc!N)%1y(vhi?y)p>dj>)*uw6#YU}eu;kIpUepKSDsaVYS}r{r zWGSup@S{@$(?w-etN%rfL*%`y@kM0~`X1>Q2DUb6!_rFmDsByqzoqg!Zv8XNOyi7Q znq4WDm0L~%0Ly0HA(13(638GSG&@Gy ziGXK)eSx{e;&17#nf{K901oKFNOdNW;8 z$^vEMK!N%1`L?(Ea6Os8=es^;4V4*F`*+h@_W@N=ei~*)edKqMu}5X=dg4x`x-fBP z_=IE;UfFgzIrp=qs~|ZYO%~={>O%3LQJbmf{zSwQ{!SPv(0>?0H!@z;IOoYSY$ag# zjjJCCXeCPU1c;MD@YclGg2McZD;UYpFrx5Fvxa9>A}T=^v6YD_2&2ISCDw~o(rNs7 zu+>TZI+QjZoKIA$OUJ#X5;Hcp=bE+`}Us7VlWw}^}B{|Yk`TA3*9FmM@`tmHt5w0|@O_elU zG&OXTK-w4LByFXW30Ilxo6A0lXI>NjBBH67(+-SAZz&%Vsf0+m4^H=t33=@V&4 z&ZtLMVJLCoAUczP7v&U0k#Xxj=`q8mt-9a|{2(-r4W)tPv7uHYE{gwUG-{mmyoWDN zIugSPnff?^Y+@1`6mi}5)%cJou4m~_G$Dr6kChbraUzLCpmA)gY6ZevS}jbZX0n1Q zWWt1W(D3`g-zI1OapbP$kh<{3GH)fPd+T~|joPkzP2xKNdeGbi5o1#9FB+q9BTXwZ z5AfdoCJEpwW@Z8fEUt%y2Q*wme;17^#;dKOTnscp9hxR&bSCg6dl?aYaM{%Fuu{bS)Z6JO^pI5O~v8#?d8lwrfBFp4$7we(v z-ojz>5^YDg9iU-{;=cr6$j9!@tvMwxUP2^jCFh4OJ=5fZKxDWwj+bl4Z|j-CcO0*H zkJ?LI`-$53kzG-I6#Z_gL^Bt$0#RXtB*q;#N=#}}D+l*lO*u|G?jbvSi9V)XYyE5j(9b7f+tx@KJCuVXDSzcpU7xS? zy~&QIkAQMb@A(iomqQ%_(v{7_?*d{ufPP^7Y!E8oGp1QhWTmapbW>+mB&t+H7B*nZ ze~J13OtZ+NIDq`rfH%q>^N+YYu{1I*DJMR(G3}9VBtq%)jBPMCwN5V2!fjdk9*bL? zeZdPvi6YU~TDd3E;qgh|R;$rQi57*L`QEd0zYFwk)XiIPA%b8OZdV~px@4<_l^;0yyJ7f;m_s;lp_UW(>PRQ~xJW2hnaRjznG7P+sxbgllu$~e zdopRKz$75>`x*g3L>6303 z|Mm3XIs7a5F4)wVjQgNmH;Ae~D0(2#O3>|Hf9dPBfjYbu2L%)_(CB6YQp12Mjorcf zmNFJaAv^N)O;!*=HO>>`DYTo|Y850hRpdq~t7r|~$QoQJ>a9x(H=8rG4v&daeZzfe zmzE>amN)R*Ic%Y`U=JDvt>u5fGNE|7V3h#zYJ7ai5$AB0Ov3lJuZ`Ai(+DLjCuANX zKnKi#eNQh)`4TvYUxxS22W+}QliVLlCNMays^1yPKWEFnt{tn*-zbj1twLh6Io0c? z6ygu+*6RJcFIWXS7uZy2IDrEYmBhms?l86zD3K~@DoMiN+QB==WT%+tpG3KuELKwT z->95Jd`e1~T4Xf3XjFzvsH4~^2XeVqm=ZBzF#mXxlY5&{?s_Vrd7t94*WOE#)iXRa&TeUdPe`8hQsb8#jx|uX0X)^ zw&(29J2)iW^rW-&b{V$;Y*YFPlI0$7b$JJNvmVw_VlLa;%ZfGqLi$W!de!MWoY)+` zWi3iz5eN@ZIF6y~_*|7>Br!lY>`KEfu0}xzUa5Mt<+w)it2n19eXVQBu@GvfJ3jBm zxvjxKgt%-9=V7AS@+0xr>_+TO%dTRcj3usR6+T_@f_P6$6IA>TJ=W&Oema^Tcb?8? zWzonBjqx8f_PlcJ{(U=t3X5)MQTtU|kUnx6+Jof^`+&C7dBd$X=`1tYc+q^F8A%o7 z0?Y;TarAc129@SADR6}1En5ts#+FN2}iE$Z;vI1{@gWIT58saa5_>$;%Ddv z!I>K9N{=w>o_>AD+o>xiQ80OF^gXR&q#_+jWd<{M%a-zDa9yDsUtCAW4qt^oH3}6A z^la7o^H95hUbqZ3kjK(((T2^wbLn z!D#d@oUt#8aqtF$C9WJMc_6iK>wUlSdN`Y|qt)hHT1(QhuxsC#Lk=h|###oe5HxC4 z?LZ>!+91I~sY&h9wl~|K36J!~va!4tvkm*CWKoMK)4(NEPG?qQCk{!QgNl>vuqrjp zkuc^FSIEY1Em#zEOtUyJ%XL6+9@s-UmOPF#x{ zS4IqZF_F}wO%+o~Da>F^?ZU_4)+!JW>bvn0V)lyRJSfg&>97L{e2CJS=v{oq=MCWGU z%w?@Ij;+Kcc$t-6`5-h?MKdm3b`yD59pop&s}4)_#_Glzx&~5*SQM`wKX&)d9WAct z82g%my0}!&C;8o2{SWegFE0Ue_4+TH8@sple?H6aX7~R(^OBKjeQA|N1qMTw1+`uiSpt872?x@43SiD~N zQ&ReKCSI)1#zAwI^rf@d+L1#|%!APt-QR+&wme9=X&yRpRu7zTB=w2J?L7#rvA|== z>*2JHmAU?*H6E0o&0o5Cnw+DzLzkiE(pP0G?u+;QJ5P_C48WD+C0Mz(s9lQ1LlHcb|Q za{F}6S1Pyb_>W-RHd)E656DjQQyKUQD3TfY(ky_F5f+pFC>;*bpN1kg#O|fsT>P>i zw3jMrYqx4Bu-oFGqu9GY+=bAtaZ00R{EIGiKY9!gO1rds@xYTRbG#PZc~F?QerNiz z+@IW)c2~QbPcjT;Lp5%a!%;tXx#7aEbkP4uW8jei$JXXGF0k6m0XHa6U->Y;d;rXU z$+Bo(ydGRGJ02(W&ICOUqTckhQ9pbakH;u7PRFdkBDW2z>&uSlCnwrb5Cgg;pk2?! z#%)X3 z-6cGFUqDy@HK$D<>u{J9os*aNWaKS(v z9I8_s7Va_;tM(8z2MuTK*C_Q(0T0S^ZX5bOYrF~Sf`}!9RvFa*`;UU}^sbd$9_5N+ z$N1-%dE3FWFncF{s~k>#ms~F3WZWfL*3KPF>X9s_VEc=Nj)R5$(mv;e0_{rVtf2oT z=*i9>gJK)PR7Iw(9Wt4P>p{cOT&&fVrg%xB{!JW%k~5$nD-6F5dMj6%D`GjO9OjJK z^>Xs&A-wqZct_bocEN#4M#;=U8`Nz6imE{z2Jht%MmczxNZEV(?3vU4+>{7ntIo zc!{Ai?J%08iSifgApT%6i~0$-10h0s;=EPvSn+OO2C5)70>%!UMk~SoU_grRVRT9r zsY%C(p6tqvz;dW3s)wpN6?u18Nbg`7879xKHp<#k~3fpq0)nM5L5hZU<^ zOQ5`cTxd>8Hvd*@5^LogeKrD|MZrq}P+YvWRd{fhLSO;Cl)d z@r3eRmcV0$Za$fwoN$bYo7SLRXaeVy%)!iX)9G~CFz3@d^DmmN;4^F(LaLN??4K}@ z1^!?>?Ez|c=>o9emcVc+e)ThV?4{tv)?I~7K2+uNTlSVn5P=1P<+Sn-439)x%~hlC z<~CBEnZw`he*_o+wovPQSauytuI`$Y-IK1=djP0zi(VV*Pssav`L%^(KXTYT4U9G~2 zj&+EV16<3H6rhB|mggLa1!MExYWHa{cbNF}U`JN&{$HRmt`0++8r;Dece zS5-!-lrFos+{mTU#aXoc`lx75h_azg918`?YQ`&wj14Ot@A&6E4Gyl=28;hrEs(EyLcf`&kyw zu={h%WCUHGw^?u0bZh@~EX#~<8>cQ^rWFIC=2*t{^yLmm5E6N+6w&D9X1M|`ws9wE zI(Dts;tK3Mqfj7Kj1wgW{X%&UIGuR|^*PREd=&Enx#*k@tQ{>*4{8MLjz)n3$& z0P#Tv(NP(#FPjzbKbY7<$wXs?F8b%#6>}=&aN~=kC+k?99y$lvmqTDWVXkCCaV>h# zEI1jl^9Uf1QCwvao@pJXz_s111Md5qxKze}ThYjDMNyq@oK0j*;Q^m3{XDp$1RgX*U9)|LCd z%JP^c5%o5MXp0t}1Nq~V(t)r=`GL+?;yFaqs@g&CdI{}R<$4)Q-+Dcpjd>Txl>5iUEzg9fdg#DZ4v%Zpb( zA3T2iN>q&7UtkJ1Uz42j`xb;d%j6jqTXO^jX9BCKh(8(aP~t z6$AJT4SVBZbRb&PfIYu)H-$h*vooeX3f$e-ej3t37*?~iFLV;d^h%g26J9gtGB-_pQD-n6n+x3a#CZck zXvzU+N9LQ#jSc=#zRqx+4Y8rbPKvx`Vh^j*NwTRs!m|CB; ziNE}*QI_=Up$pyc$EJA|pImxQV3i)0%8!;05xUBhep48Zxq9bdhTFs%pZUHDs=9@h-6)51f^fw%(drUsRxsy|c~W&*JCqn0P#gd-tA`bWh4GL6dgci8Xwgj!L)n zI}oJR5RT@}5;vDI$lDg=@VrGXtiv!32VLbD!7=22rf1FoU0Y43*ys+-%x~tn^V=VH z(G1o_6$1HEs-XJHka}+WcWjDTtDmQnC)jS@#`5BOHeunDAKIVL$#5R{?kPG**dRCQ z3Fx*~JfhMa;2j;J`_E8U(o|Wq@Xl#el3Hs7i4s^H_aTqAaEPFv#?Q07Hg{5{gC zN1a~RTra}nPicPlX~K^d%vUH(VQ}t)Yc5y?R#`bS725a-Pvd>4M4ssABd${n>R4tiXVP3h@#fuA#|Tj zs9;mxhlgP@QNdaG+GKnBb}iYrzw7*N*8bb=P2*u94tRn6cYAkt+q3^}Z*Fei+J8UC zZ@&Fk?dKP<1FzIpg8eBliCL!;JPk)cEK#?XK#%z(X#6mwM-Q=wcAWmWR>O$I@hpo^ z&nD19|2x>)*xYTw|Lir{z2x zW@6yuaQ{a@q`gTRek?3I5?~aKkpwN95w;Q?+34ceev7t;P?GkulAq6K6r8%ym%Endhz`6 z!Rvz;&*86Mg8k?J6a3e~^T*8~ib<~;y{AwgDm{zKh~=uV3|!<4K&4WY5W+spD>@-~>l;o^y>4!1k437?0wK)O#vS3c9JmHz1`y=|~0=;NIbW&q8z)Gi9=0 zk<>;B-pLsN)A$U5w?S1g42QEH!Ls5X>(eBjtc#q74}i4RZopgMXFk|-od)EaGT#B! z+;t&v)cm@5h4WMk(auweFY1Pq;ybpamzWVe)4U7N4k#}(LFhpA;>#j;Rc*si*|B~( z`0r;=f(F`);T&xSIr%BBb%IgKanTdXw~8A(0#rgL^qCfsEFTA4v<~Ip#j)|f%;I!7 zH7~D-{9!GFJaOi(zA_V*C&gKImi4Akc%e9N%K7X59t2kH5@K!(AK3a-GezqI4=IdO zg$u{R56^u=e^Q#Mz|J_JdMsd#m$bk@^biQm-^J3n4@y>9v*mjG>5lca3#I7=bdfG} z$G{Y>Ql|iw1}tJzCfQ)+1Frt1$^A!}rnIMvuf;A1ZzMw&+-*uSHoD4gH>FmU2Ihd1 zI4NX06apNwN~>%ds%vsN9+1)4dWStWbYUlhpJ*sPB<{X;kop%yRo~q zd=L1w!8VXiEz7$>Ftz5SE5zHi;eKhWs{DQOGmexUeGAL&yd}l6k9CnI$Sfq0o3veT zF>MzfP8Cfp{`rbj!3}}lN{U+Oq%{6WmL)QJVE_H!|1HdjRX~@xA0qEDZI;m0ILR^F zv`Vf3TqXSxYGC=ar)LBkjIj?egN(x@+WuIz3!G4B4Ms9wTH)}f`VKHfo~qNYfl;JA z)i(cPyn~5wo*VDuMe8ilYcZij0r^%W?ITc|6cg*}>8q@doYj&T#|#7=Q^TzK5OA79 zSiN%?i+=r+e-cm&%;w%c3^_kD@n`<0&A>lCGz+W(bQWeK6b-sKendCQ;!$Ovqb594 zW8##VE?TEo(?pVcheNYWXK+4!B%|__T{%_$DR=K$rR35VZ>h#|1+T3BJNC(=(qF@H zLWP1J{D`zPn{-t!ay_t7$XQGTC3K+c3hVPv&>5r`8YjY(cxPyorRW~faM`OimH0-d zg*9DHk7^|W1PtH~Sj>)l@zA&%J#;5yX_{XZFcO)o{ULIiyU zel5jY_-JQko>kNf2_zaq(PLqPwRE-YhJnqvX{zEVUQmG`sXAQ7(V%LaXE3IL zwx(f*8jM;M2bniTO|Elwu7yM__u=%Z>ZJK@J4kEJsRo*ISp=%m2;Ni-Pr2P3DSNwXLPQhRo2ub2 zYU>8hX-5DV7W|(m1MCZpj!hQlsB9QsgtI)LWr%EBg>!d!1Z}}IafFMeQ$hFmUxn;Q zyg6JQWdIy6s*GsJMk_?LTOS?FZd%-4lZ>_a&dyuqCUIX(z0G*>d87VF4qWk8&n4A_ z=ImJ);tn3jpkgl9^oadFUS<)nyi?BdWM5mCox&rVXU7n~!X;{dP&FrU;j;(dvHmFO zqY`>?edk`N1$6jTzP6E@G-w zFS|Ul^YAPRj>dZO({UH&jbXtVusjL2x(J`AlV3nmvW<|&h&kdV@u9&-+C58G;7<4{1{8Nr!(FbVx+#U*Yr(;2xm&v2Fffgr= z`IOmkrlfp{y)f*%myZ$!jQS5rs`;fK>z7JGSot9T_(}O=N7szp+!la-W6M) zTjIV*=q<&Q(!{CO+>}EfPTC$YoQ(skOx5Egd~rP9N`~ReNQ3Fvts9NHVNy?ISkXyE z;kGym%nC5Epp<2Ywnv2C+D@mxBaa$|nSw4cW?K0_|8#9-1?pl|;!okDXHGZdDT#wB4qSZuld1{UcrHJSTA^>Bdl%g?lF( zQ-=Lg0T>Sl>?xUnau-O24{noEUlx!IHi_&$^V8U9&sqwtRhfbFk`dBos6|%2{DF2C z58#+wdJ~DUWdt_IhaGeAzl6&oC}If~e`gCgGRO6KO&2}e@V2o4rKEL99(28x#XP3V zK%9ddm4en>AM2{low#GaGY1dLlGIlaO{<-s6m-y_Fgz>E82%~OTcbRY6n`=&i<|nS zG?A!RYf%1qGikL-Z_?#cYAw;+tip=<7bP|J*a~J#h_AJPkuQwWcdBBi?NXS!kSR4h z`UHJ=5ow+sKz~+XFap~=E%{OvM`03)lp-zrdHBhI9q3i5raq}l?hV)f!Q>c)BtQ$~ z|E;|}KmX6x_TJ8|{Qo(A^XtFRetvnm|Mgiq3Z8+;+xP*VjFxcuZ1mSq?BBa}_`H?) zKdr?7_Uhh2X4>c3tj&I>!$91&S{3_afLDM%2pFEu;BjR z*}J#t>;La<-{$}OEWh&mzj8mn7%xz%+26d??BCw=U+FzB=uEj3iKZ_v&_CnAkZO^g zK3EeMsROF&OOC~znvr!^v{qmK)OqHg!qMh3BL{r2REF=|gaR%L$E~~X%7XRPtmahr@zP?bKG#THolkoN*R>i@{|)tS&3ngB zl}1yI!2QY|bK6>x_IR3~l|n90jvfRHI-B2-(~HN>TOS)0u)TTc>iXuWys@le9~+5Q%liLp-`m_R`2Xx} z-tzyS<2R50_xAJ4@cymV+%RxI3VfcZuyHFY+=>dHT2%O&1qJEmxjNTBTlsUY%w@Vz zmS8d625a^;?NORSIF@hj2gbzYXg7aUv@R*%WZINeZz=?Ttw_utAZ&^icO-zbq^>&t zVp|dVlUr)c<-RC`m7WPD>gp}32-Wy=N7aJzGh1D~9F)(1%wtDvJG#H(!reJ}`HLD> z?*Hu>GTxo0|qy< zn{pmatRm1WUM*#%<&*&;oq{3jS?X55V6pD^A)FsECfF~n`Y9iR4rZu*@MBO4@dZ#nNKMp$g62@wwedW4<0-?4v-GuS$04*j&T@o zpx+~1Iu`421<*u5T^_Hsg9ehrmG1bw8|Uq{WoM&G+?348od7*R!oSc-*_?V2hwiHc z2<0<7b|J|m=S|GaE3oFJ#yV$qucA}9D|mK4@E@?%oeclwPSF{YY~eE7MnvJ50JiC! z1$_DGG0}<<GBI2aU0MuW}`c+gv zC}Ch6bVO}X{=nYpOND+4>{2l+%>AY$XnKz!$Ov5Qvzm^IzyObfcccnMn}rT z38qfN3@TxgCYTll`Qs7q2`?5b0fxem`Py9{G2|M!yhPJTP9nPD=cx98KH6m9R=fy} z^DfNvt^=?asjgH;F+q!IGKq%)W&0ruJT0LxwZP?5V3JO&<$$zOY&r374I~420pW(g zjVV&i$OGL+F<1gNRti6jH|A4z9EuKbJ%bokr;fEz}&~ zHsQFazXZobp(rH486UX2-rlX8p$GF+Rt@FX@@HLtBquCf^2>G;Fe}WXmS08Vqnua-zJ7alW0LZfwK` zCW|>N$G!m+fLKcec|?1HcL2+sqzbbDJ5h=&-+ib5U7mOJg)EI`7iqM0RjP=@A|;76 zkOf>@0ML@Dp21#Jz{PFwz}j1AIcr3-rnSJfFNT1EFAON=d&rI4eNKF!P@3Pd6Wh4v7OdiBjof;}rDE-LRQR)Lv0%27{6^Zj$q4c1L87mIHB}4w zX9i-{mM)Mc3^Y4+eOx3_nW~lfAgJTuRzA?v%ewb%e4@*SXv>)0z8MrPQ~0As?}|^Ba~#yDqtxfPsKC?~?Q);R#~8r}8=Zg-n*Qqy;qcavkZ0lS!=~5;pB<77=YShvNV4o7pE~oCd2f<-9d6BWk>ZJ}YmxO(tK*73ucOIBF z(j6*IC%u-8)5*ms8L{4@o;jWjXI(0%l6NtkaKk&>raKE+bydht%mt5FyV3Z-nWlb3 zb0lh~JXoYsXfj%KsZw;u4M=fwQu5{KsH8&9ZHmcXNtVNYIEg3Tn6Iba4cBj}6t+^d`ZwT2hVGP0$(6(1<1y$S=&@u!nk;s?0D-tJlr(Q~}%7fO8 z{`6_Ae1l01Ez+H@^z)OQtOUQIKeeU$L;g>RbFeN-+o)80$dp_|cPE!~;l1nJ zld`myQkb2ic^A}~8I!H+YT@O{$fZyTacMf>(IOhxwRzSt81Yg%ikK~2G?&g_H9&FC z#No_JC;!MKVjIM3XdIW?Az@W9Ql38(*23g7o^@UaxFMOzIVO9h%q*x<%=A(o-kU0P z#kL2Qu4xE7eAE^bXOi_(cb~-y@v#aKh(XTmaTaZ6>w@gkG&~5)HhEj$ z-kd(m_i1Hyr%LL)8x|ymjV03pu8*zN^5aUDXqc`E zT3+|CsowX!Va0rO=V<}Jh({f+;RFN(#uo%vk!h7&ciDlf7w#2Se?P^VZiLUi$H?yv zPRv-=q2q$k5;W)VgxUIbRdDowKW7tPxa6V;2(OsVKr=)}6<3eiG?Wojz{nt|l!jFfJ0sq3k*vQE^6#(7zn{0m3#N+utl&yV|ngT^g`oR6(6jkbNFUA#ZtTj}j?U>EE z^oGfhM^mAq*xYUGW_SnG!*xGh%w8xV(%$xL!PE6C?)aPdgKBy`z@mI4y|XIDpT5C+`mYpi~NzCy~ce9Pa*U-)XVBQ9|QGL2?)heh9$k|Y0+{@ZYG*~ zN)8)1R47unTqi5<@6A|e_qTQe*IqSUC-p|#Hg*Ti&KvJos-oGK-EGS zXKd4F(fpXVt||(6zcnt*RTso1+0(-u9#4l0%7+!akDa8&h{^uwYQhtr5z@x9onHGx zv_?$?d{g-|BqeF)SV=-KV7c@khk*t+&ZJo(%9`#t-_pWq;AU|RI_gp_2ESF0J60{2T_ei{i2xx=2!ncj4y=7_Y#rug3WRxt&%# z_V+yNp|cN~K9Q)ykMb3I9u_?v6n`Y*#_e1k`?%PO>i)q&*W+eH%8y9u zpn}<`qba7Ul0AE`aOk{wX5EXeEkpu)|Uztu^QY75p-46AhG!;6U6GQz03oYYv#ME?%0C42j^k9^!<3} zKu28FuWIFtvVrA^!I7*%I=C2Iqm-(ieu0U0i72Iq0si$4-MeeVU=J*}0n5ef9`Hl{ za$F_OWte&i+E3@rB2Nu9apV25So=0)v!gqi%o-Z5Djiv`o~}7v`ogrjzXoOJ`oOm3r>f+xP`FPNMR5kAop2oM#XEZT00imD{=I z0qxGlKaA$yYijIS?6=e!mW{1e!48)h&4)D(NobuQ0xQZ$G0Ke6>B6Zd=h(&+Pa_kc zlmlASlcP7iS-BC0>MG+=kK|r;6{j2S%=otXRk4?Vb2VSLC^I{9mN*5?tdVHc1GR}` zzC`oX-Sez@9Q2eOLNITf#fw-mZvP-OUaZI(VaQr>NwNEvr2ULF5ORWXKxr+QNAv?Z zxg(UZ6pDGEftpJ)tlRw|(m)6w5N)%Sy=xvM!vBr<-S6I`E{eb#Z^^)M{{q|GoM3qr zL>yAL+Wr)!9Yq>w=c8rz0-M`siPw7~lJsxInZDlCVa*7IAwxH1iGZNSl(%3w(S4Vk zhM*)g#`IZS!M;$(MRQHqGkZXxikC4RX{6-Iw3MQfGRH)IT2N@iCh{tgVlAEerV1ng^bvP1w7Jm4(QM3gRYd zc48U1=nvVNkQqQ6N^~NnN7_+NrAv|_UK)sANI(${IrYl4eRxySC0=%FL*Rsk(yOT+ z3@$epMcy2QR0L8*l3q(H#d7*P#m#8c(YWkB;fWPr;Xr5V0&55f$6PVr7E~!~-7&t3 zr4cBuZ7$J@Djin&vj+F{m0m7F3{-RERDk#sC8HKvhpBwO#p{VQ)%qkAa8=8ZQyGaA~}P(m;|CsOrdj4x4XNHolVe(&?mt9fA(OU`jIW z7bZjK*+wQ;Msi?DIzzQki3i{i3{~*AA*k+OZ%yFMuZ-`yTO4@CAAQ-Z-WH~^tVT;?QJ)RR9dz_#1a z_a*TI2PF9T%CF{J_)Q}|_iv`0+73Jo$If*FMI*h~Ktx`vlPBSsEsgMM7c92B33P{% zyH&aB36TKo_3BkJN3)cFWuYgYQMB@1AQ6rrPUV0%hdxG>1=>U^agyL*&RyBUp3XLS zd|AaeP5i|dR%~a{09)sD6>Ol;Nb#R08UBd=5Bgr^=F#sTwEgJ=P@kf0a; z*e>MzMg+MssI}E&G^VRLRe~mm8M(|R(I3|7nH;tAmZU1noKp=HqcC?AUAO-Jcf2`r zu6eT@O?AmijEVy=W<=7&R2JdROp+6umxD`SNsO`NX61`lwQ9)WfNs=wAN%m%q~g9; zTim;=JW}Tzru4h;=_F-(K+)3vC0$UPzUZ(8hOtbb;h+K>@MZ)SGY9b# zoZklfj>qvw96XTbI2d4qyoIKr|2#2+uX>4DpHSfuk9LAy=8-Ly@J4-UM)A1esQK_p zX(=alH#26}iZ7n__TIg*Z5i_U-N8=WU9^L(!nE}u<4rw!3Qq@0xzjFZ^Eo z{SmikM@_i;g|3!uPu68-zvwF9UfT7w6b+C3^lHeM({<0~Z8+*twkKiTpAn4%FffOy zVyA3>bLOHxFu?oJPz~n7mMP}2fCc}*l`6c`Y|g7)izdiszOqs4qZDZ zXlLQ|DKus&@c1IFjH6#^C9RxIow+k;6NAA>cVY_ASdwaE~=?B`Rggki4}*s+^}!0qs(-39fH{G8P>XhU6VRT z@Tc$7rdXN;_7r=a!0I^;KL5A6M137sPiL&L7g9U=@eUBrV$CtM1)OOXy+$f^IlQ{b z^lToVOqT;Psv%z)I%&+lYp^s4#JbPUK-7aQ2p^v$hxiD63fcG6Rf`MSeP_?yQsuzv ziyZ@IhpUMl0WJpwnmQLN2*tSYvS_|q#g#>HKmXsC3q7u zzz@}I!4}45j+TKS`>{dtuAvddM$3L;QEHpYOi0q;5ql4--;l_u3-IkU5Bcsz@)$x- zaJDO&_Ga%9XiDV=@uz%A-J%Z8+QD`-e;Z^%hml0*#}Lbd=QzT5B52VNTecO98N&b z;*=gdSP^MDoh-Lno9s{*M&1>;?;w%xUp%mnL`18$hDS*RudEnqinkG8Kzzw2X;d=W zgrfsvqvivx3WruZTd*QZ^A=>WnM{GHQZ8F(aJ*!voItcZA!L%-TZnD(<%&^-rJB<) z0%yBQ)i@u(&J@A0S^xFN~bLEh{p}5#PWDCHg#}8b3t3;@50%d^hV4 z0^!(q3>WWr@5g>UTGY}ywHT4`HozaK;JE+9zP0&gfTZvIT|X-@D&Bv-^ZymY)923( z=51gTGjf6K%*ONS!)J;vyACWi7q^y4i%YR5b+FkC0JPpG!aiE7WO@r zsFc=qoLUMAMsFwI81K(g3dp_~l>%-YZ1*2?n}b*iRJHYJg~nud&esNqP45)NYaV=s z^-TlBqeR&7EMiHJ*#-bS-io*(a$eILCKukJrQ;uh7zd7HAP!5VIN|zK@I>V4vniV) zxwXI!rm$t;kN4_Uitz@hPdQHCyaW<>Wbs2p*1?l&g`lu13%ZqZRVA*#TowVv9);U4 zQlUVG88aE;3~|zU-)8%~)@KGb`i=-Fm|1B2O{Fj9YfD=YahB;>lBtsCkyU_`f7~^t zqBB}j8jg}pEDRakceP9&?N3%yBkC8NTF6!|!ng>jI(D~HrJ(_8%a^K{nvR%ER6_M{ z&UB3F;YUlhcauz4QlY#p^zM0Fgs$M&&yLM@DUuh&HurM_Z6eToI2lSVdjK=UR+FZ~ zMjrVC|4zz)`f-)R=T|T=(;C}}Da#Q78HBT22UZG< zdyq4@4DIo$f>F?I%T3F>WhE2sqNF7DQIXCBN6=I=PX|sfg|?p``v6$jwRfR$($_Mq zro=N`dt&{?AnCM#%~8KI>6Y{2$c~aP%-Ir4y3SX4hXr) zLU252bwY^AAoQZ}+Kza`h`~+selAm&&)0w1j2ULvZ6O6@=lF!1>T#cG@wcw@6K4BE z4fHZEMc;MLcB4u0)$}3-7?PJP2p;{%FBHsvlh~~^YPuBFHNfYS?W3q@qLV~-TP?vaxAIS%og@G&uFnktaLFds5xmCRW2iSGj>a0ywKuBxscdn-OrbjY{fcb{#h-q)t7={{Gj;}lvg z@oZr`?7Ykx6@N7IO0{v&Mr=y18KkW$laTk{5QAutMH+;D z^TIh(^?0HejkwCC3YcUv=3{2IP$40Av!#@vE3cIBznE!vhvH+QB)5ESZO~wQ7?#iY z13*bC`)2oMNBrR)iFzi9*>9zP(2xJOui1J$>}P9#ZL>e>=Nqr*`IWvo!secvv=U&C9_ld2g|5< z7`~v-Y5H}_dFe&DH7-gT7fbVw@gc(Z^RqIYqXbhZ6<5v{vA;P2grI_-H6+my!djxf z=?BsAf_XL=0TNtdD2d@&B~#@jZq56LD?D+79@K^;9dB+jGr}=&M2}-&B&2KEfXzj; z%c5|<{(JbuA?x=)GdglEsrACpjFRAot=tA*-HrfxRc{t2)&&dP&67Jr%PC~y_7OWU zsBARJ@hG*Tl^NP;gbk1#t!L3v+)dFz2v>t51Mc?rMKhK9*N?0>#IM{#eriPFuaZX* zt;c`L@;l|)NuTPIU)}u8f`8J<>?CQ{Fv{6wxA6{$*_(X;{DQaI{LbIZ-sI}?1BQ3! zZs`C3PQR7!{{H;EHd=@2?>%OKKGGAwm3gizSc&a8>N^3_gvk2Xw_j}rBEl~%;7sQ| zLU~mY70GE&i3GI&VBue1_Yq}GJ4<#sPapH$HVQAoQ}Fi) zw$_{}!8zKr2F%w9X>KjGS_HEu=#LA$$ImILY`j`5ONbV&j;Hk~t;OduWX{3-XO*CH zi?k0g1y=-|{nEKa`)mO`-rCx=R_!+oXT34x`B|nm@O+zUZHK>R*2hpr({E8#sUONi zH*OU+qt0%ksJ-fa*zaZ1d_?2F(&0eRGvI4|Lpabg!~21zRYmZsnL0L6IU+O-Vr6O{ zx$J!(;j=y)(kk$y5|}kE`tL4n_(DWx#lDGNL>7ui7Dvi8YX`BAqDoM`o#G{0ej3%( zKr=^HR`OY&EKxL=JA3uW6KD-`S}`-Ux94iHp&cGvDf%V+?1IU^sm{g_4!d)c zJ`sU<5Ew+f=#fs~R#L9zidiD}QJy*fCFf;&YN1vxAiEb+?Lx1Ta@)|gu|eoV z2B!0akB=y;x@XvblOqvyVxA4V6)=Z-Ow@gGCDIO3_pdau>Q|N+rzWQ-87o6O zN76bCy_Cb3KHrQeg(%cZUo zy;+}X`ZyN%Y`a_LC9@wbc%W2d90*P0qwT=uznZ{fl`V- zIC?6BDqHfAf5O-{6v?j$;oze-GK)YvG2>Y&87@}Cvbf8LV}3&d@Qnjp!VX$6rQgq2 z?Bj!>sAZB|GVypD=$FhgBkBXqQermcbI^F(3s@(3+G58MA73pDZskcefLYFhHMi2=3QRUJIebCc zYOQk3)~5DRrH-k)>#0>Ioi?IjBzulA(9acrv88F}CBp9F>LZ1Zmbs)M z3jXX$FMAb->>oLXtw>M@a0**Rd?sR~jZC$D7>E zC@E7yV;C1W(<}isGYhf0ExYy7XQmTx`_DP)sr<%0w! zju7#{2E{y$IE*r7--FQXOmu2!Fr6v#L@~*s=5|?7?!1>si*Xxcca(zWC&CZtv2Q2q zj5c+c6`;jHEGJs9DI3i|o=VH4cqN)`(EjnZ@Ex2~7HsNtG7o*QF0!NMR!o$Pu+P<; zN(3elOvkijmId)uULFng$R;1o+%H;&SvzZ!RS#V6qO?^tB1=}4T$0?iOh?&(Ue22T zY>?m^dW z3*TYo9mA%JJ9*5G3ror13Lb8jnBoRxO#++lIlIv_IqLi;9nZ@* z#a}?d2~m1|S+XzHn9|=5b9}P$TT;lQsukU&YNf>tK!;t!=P>0X>w?L& z9C6gboGV-Ka5RII_&~*uS!EO~`$3bc3K~A`Ob;X@vn}UzJfYwvC1$-;)mrL-xcRe; zXPJK!+_vC%F=X__GM^mRa#X?B8M$wr)LylLeJvH?S2?H1;a;jNC!k-~p*r+s5!bH| z!d~Z=Z?)T-e5qh&jR&u|uaCHkkJ8H5C*9*z%n};7qmC1Z%P>0>4wZ8Kmt>jky6e$zyIlM^=>eirTNSs(ldf=8x%MLBkTXnc( z6d8o$#S8H0T9+H6$(R+QKhyilOBz;r$3u3%79q3_}Mm&_$K#hce;nUqVeSo{O{Sg~r*!)9v-2cJP z?O^y4Y)*gi>@0iQ`(-F z*bae%_J^9;{j>{*%CyUkqze~_+2qFg9UQ+3Gn2VvJzM7^%sIA>^v~0tR@iU&(PWq5 z#+rQtLdjQmcj|Ngd8sgf{mqTN?N`0QJJ`75`zL(a-yJ~k(*^jhm(S~axAtc3=;S-y z17yEB%=iB6ZTH0jerfwtfnM>>8I1)CkP6haHKE)#ac*V{0v8u+V|!Ou$tNUh_tW2b zC+f;+AB=rX6OI@B4Hy+5d_z?zS;+~J_~X1BGim^<+2qMoCt_?!juJqVVo`y($^{`^ zXK>3;W9ZK^bwb!KNqU%`Np;7wwe7a4LLx}|evMd+AFN z{@HRPp+M%bn_wDM=$Fpxhj_5d%N_OqEU8UNn`Ot!z=SXaG9!*IJ(g0(d#F#XIXMu}6xBe2nHiNwprOXf0K4o8AKkweZJs?X8>&~(Tf&zB!LX34skys#EROWjxf z#mhI-;66knYvsfhTf|JiBjwAD;=hNQ7{!cq2RG=?6z_j1mOB$g2VKi<*K4wW43cvo zT8z}NdN5OJ5Vj{HfZ_o*-tK0S=uKuF9^vk&mIn}F?3Hmz_z}>?32mNEz&;g;}AMYf2zn@WxM@oYi9zmjbR4~Wl*I*nm zQ!Qg=!a@|qL^mk!xVq6RpRu`WXsIi~0ne$9d^=>dwPwPzOCLB@@#f`hv(5IAS3w zM8f@Xj(uytz5RiuCKTJ-ElJcqd%1E!Y7euH*|~6PzVJ?pc7fO7(4qtb3H6#UY}&*{G@{0To|Z8X^zc^+o_ELRonOa)gVO z>ixg5U@R{=+-~(Hraj4?5)QbUHaL?E^Y}i$<=vQ8bNe|mYo{yS5KF@Ye}?#fCb#YF z5%1S+jGR+(eXke)!h{Ep>o(%HTeey0*zc65^?|Vr@)kh3&?Tu`_w;y6U9beGfGF;L z7WHsAaKJgfbP!jAKv{^NyZZ;FV{w`5pz~<9`C4Pq~d-&P`Jm*c5f!_Zd%#ewY7J((h$X) zH%DWnN=&x4KEupTb=5*dG!mIFA=XV^8wq-Bec^zk-v0u&S;tZ75AmGS6dF=X2Xw0| z`gozRMGtR^p4-+|6~+MO*hcF9FYgQuyAWPWr{1GQ5GlRAQHc_?inOhvH73RKTLz^` z5GpTwLpyYXf8pbrfY?1VOxxy`ZAW4yGA6B%nU)>8RvsZJTss01X2(jC3*!yTd?-$6 zESt<1T=matRuPk^97Vb|3ZF;dn2)Ab8>P`Dk?UQC0Lm36rrOzpp(}?@c3LgXD_w}O zzSx%yI*46hWTTNqD?MksFM65^ zkdAYK*z^UriEeiW*8};yUe7IncaMerOJ5lWV z^Rl_q9Z;6B#sgdwmrY6=bKyRZ{dRggr#RrT@Rq6Ek+cpKJ_CAW%LbXP9?L1yY>k*)6i+Ft);I+xAw+RMWs3 z52|hxTjZAt={cCGF{V(t@KsVIVeRLhh)!-dZ+Eu(M&6FBzqbk&Q503CiLw#Nn|>cX zr(?F2d(Y^4Pk(p&H{rcC{s>D6%%HyhZ|eKs;@iP(ktqJQxf}B4dFF@QT3*8UCW~_* zj4@#((EFj;!`~7dvNOjtCqu2O{w${p9B`AX-`h8chzdsH)HRs#piu9{_QB`w#%^%g zJR>)4UMCZI$O}_DyFFD8J8W(u`vI-3Vd6Hys5=|)`V7()>(l+g4Fjvz1K zj5X>PZACUr2u)1*gI8-eZ;H0R-F~vR_eQoS1H6l5EM2HJ$TD}Ijsxk>6IrBD6&zv2 z2M8l#zrx`ZhgsB4b|UJk228{(4|t6t@3wf^z_UZV*eo^{Cq{|s@RU16vj9bzk4dcs zCbo+N|uMx`g;Q#Ck+b(86U$z3Vm|r;%;dK12qgQZF};0UcS# zA*w_2(W1th=*GHe01K$Ys)PBLM6xqIGOd=eFqY#DbZ(!71d{=t`XjpWZ|@=$WN@qT zTr455G!vBtnT9Y-mE|ul9tv4VUB>W%#133F``a$lXN@UK2bKq9+^!ke*p4$N)z? zWjXyJByLcMu8p%|))vqkVgc-#Y-ooQscNl)rp@N=)>e~S7jAb;nx9!~cRK|IHdCZ1 zI0vA@D-N=u`9kEWGMg}Sub%2Bi{vyyX)Iu8ql~vzj_#sDRirO$CY_HS-p&4VquJff zTR6-@85p002+SylR*8>n#egP1q?pN40|*J{fN?wkg0=qy7<8wvKNQRI)7;v2x!Seb z#?IE)-h%$f%;8>%$0%_YOy$7q-YC^$q_QZSYM?=5sfRH!c##r&L=Zx(TbL1uy$0$Ob+M)^yM(fQpk z+99u%fz_K7cvC)QOls}rPg^=*q;UQ1=XC5ftrPK}0_ceY*}AkgHwQ^*lj}kIZC3vM z>6>4V$N%SY|7=f>fTv#&BLVz3A1Ax}4f>bA8>ju3AphtsiKcA9H!#shYJopAnDZvl zXPzFYE&tvkin_gy4-lv4-V1sC^+^dLo}TD16s0+4uMj=*4M3=(tKx}@Ny z7(E>zg#L{P@py=n?Md7e4I6HR*GvvJ*ciry3B$AW{+9t0 z#9ag;7`S@U%=i*G??_blLNmajZJCPi@vOq`oC)~is|%?{;JIY;!YZON-iLi+cEY$7 z5Dr{>wr&c8vp+IqHAo|eY#%g~P?eQmb+R5W1{=iBx-h{{fAAgC3id5=1OMfR=uCr( z-z%k^Q>ji=HwMDoK-l|*o~YDy*<>t4^E0w#$q#qcg13kSTL`sbLM?=v66NEnq%D{g z=g6FV2wA(X%=|k=@HC_Gs)7i&at~&&KT>qy2+~ZMvqV1a#RPoC445v`NHg7 zmD)OexZp2pE&Up}n=?qy3vGU!pHpyU)&2_G&`SS}H*kkMAhiLI$e%3?(fpn+18#0^ zVuQZj?{;ee0P_!DgB|yB_$__=)lnG`|KvM<9xM@0{%FYuPo9}Ozn{&8+erTY)ICsSUB&iJOxzA2;30@wr>>gPif9r>Q^*)Vj z4_YrX2Csn*QW8tjdO_w{nt5e4SR=SXCQo=Foafs(h0u6>_@%(+fucyZG0q?%K9_5h zOxR=n8vF4CAQ{s1axv0Kyy$0Vt_;L z5RgbGvI$>A%ZIS&%AT%RlkkH$C@nDR{@FRixPa=us1%z*`#Fbia!z|&R{`T{}?lkUhg)^5Lm0^~5K7zV9j+)v-l~g3j2VsGF|Mt#-U5fUZbz>P= zz3A|Ls}q75FL+^Vq$Jn&g-oO#2=pi59)Hp3MA$z_WU0D$Aba;T!>B11vroqO@ynp8 z?Ww|^#MR)Jt`sPCwKGj(9eqH&k_Oob3&WsprH+k8^sA!9-*b1GUcGsygC zJj*U47c-PIfn`Ywks~d!1=>8y4|KyyFf}j}k#wY|#Kg4Ao`XGmh&~lU+ycEeNDF0g z>tUx^IbKtY;Fc#S&?KJu3H*J%q?(PCzMS+XY)o#+hc_+e=2$&CGB&B&B`4S=$E5v6 zx8H7mkt6hfV)3romHq|#96qzZV$kpP_&HpJd7t)ingoOZbdBe%0u|GGCsi3f6l9B z6-!|g(X2?c8ezzv8&}~KG!7*ah+#}5?=kRi|k=VV& zet(~_KA2pyJib&?Jyn;8xdw%N__j9~&FiUcZjX0=x;Ju{ec*|Q5MxnOdeBdsp9>ya z%?6{NVvQE&&lB{l;d*q~qxe+=P>_B_>|eRKAH z3%$-qjUN~U;9KyJILWB}!a4nAU+A?2p@1eS97zw|t#RzKM4OT(&Hurf?jGWpO>SV& zE(IJTYMcczIYr5F=4R}7DVIX_m+I2pP|b(y8iKCK zKv1$1_Isft*(^63VJ6DYQfQ*aQ36SWtZdU$U08VLJD@o0hjo$(0y&hK)Y=qWof)>t z?bUFXw6qWq-M<&i@uRU$5a~$&}gW;YHGmiNXz8UljF+*0@Sx9ofbrg42a}R zjF7FMfUK!#-L@V=oUw^o*dTxnRjc1eWVjIK7Luc_yo!l4gApI_Ghg@N=_vnhYUSE3 zNz!Q69>aqH zE{RY|KhlS~5FtVaFH&5dP@)TUO}nE9TB9q&hLIZb?+Ku1z{bW4?v$J#IpafOJQe_zyHZSA*wiPI<;Smf*%tu1Rpx2ZFvH%@<#4G(Phex zXPh}Q`ngjVAA*v-);MCC1NV)1Yf9FPKNqYJgRBYNq6)ie(~(593n{@nHuCo*B0pNR zCZz5!4?&>N<8N}%{TlcHjib*q9Vjc zOy?1ME%IlR-KApYg5HDDujjlgfNXFYDT{GZ9@aM}_IL}3zEfQLG zuR9vv&+pm`JKifpVybU1lWf#%JZX?S4zSB|S>f=Y5^-6yuvK9oG1{~6SO*IiA8yC3 zfuw@dvc6`7nxPseyC>!4V3yUCMxMd8j4x^l9~e72%rZSB>wS$0tbsLcXL8mG@n?}M zG|kMEU;LMNM-eHj6{3`|ecLF9G^FVVru#4buuAzop7sN3N=z0jiK?F%zZW%XCPOgR z0G2^z1GZ+}sJ)mx0~&Hve-&O*+kM{yg_hmIjp0rX<@l+~O->j0`{-X$h}tW74C*1d z9kw2Rx~ooIZ*JF?9s0|XO2uiPFwBQ6zKg2~&Jy8F2*{9p`Xc}l1Ix^X_c9_U8|TDe zoop;d{0$XAl>%hf7VQB9sr4{F1Vz1*w1^DpPqCAm(n4Gfj(nzkYP$EbD!Bf%fV@x` z2<6n!-%9qDnS|}?JY(h35>@=e8xjl)Bf=15!gcAmYM)3a8ZS2<-WsiEL-Rloh>Wp; zKTZU3v!Bqaj&9%N>2E9?Y-eL%pb)*(zSzP;9U^?!?{m|9F*!LvZqKD2iRcxOXw0Wi z5gEyMT(YwIKIP>dD56qDbab=up{c#lPAc}`O@AugDbye0MXUhI70Hg9MY?c1=4ut+ zDq>x7X{_olMm_BSjxRD2oDTm0!!!mphhVzEM-mpjL;y8XCbnj^2wCA-Rm5-<`8a}j zA-#omDs@taool0J6s4(-l_^ShG@6JP?HV@YRU}a?8ad=sM!Yn+jdCGlY_#TLN-BAS zBo*c+{V*@OLm4EG=o{BIqLc*I2-U#Imh8)i6d{HAwwkDb1wXmmn=~4mv{+EsS#V4s z6(BNv8q6ir$t{ysEJPAw8CF;e&!8HC6ARVfPA#H=qg-JYV5cZ4qJBv@N9BV~B-7kM zg37SAM{RAE!_vV)hQIsUjZ(2Rz3fvJBc3^h)}E!z#Z<+xZa1zd82U~>BjyO`z`{i+ z|M3_I#TFwnE4}FF9-C7rfvn@mJjRomBL9b(DxFdQ z41t>!qCmT~3!VZC z2fO*=z<{g!6Tg~4TojsFFvEp^9cZT?E+bh_`0h@~#!8)z=*3zR=@i03B-T&B>=k_Q z7eJ{1MnJj02w`YiJM3d%kHRo!_oDwygl;eNg{^>TYOjqZy+X)k|0I6H${ot@UHx9l z`3UTIG-<`65o(?0!exIjDxiHq`j)wlwySUnTlHz6wKI3v8;R=iwhB4nL%4i{1e_p}@NBG_)N5pg zk)J;{`L%yC{X-rJ0oox=noO!$fx?{&FJr>tPlp_`ik%-jUCxIej`wMz+t$datdiKL ziFe9-y7)eK@2(yDW53)l>v=wa`3AeFm?b7F*P%qNBo+-lmp{p02FTb`tmo_MZ*&Ko&C0%rL|j(=mWR?k$5JDMIybZT zdi4{)EmPea8wO~^zfBd7_up!;C#QNM@fIc!Z2P}@*qi@ay?|fp#9%ZVX#38LJ2C|@^_(v$cQi0F3rSRhcK~`d8N|UBrbng$N z#z$xt0pd0y`4>+((7Y>hatk0iOjBa*gw`V5(t-iA71MnY>ZG_!WKYwq#nD`H93NDv zN#qa`qkG!IF0tWLEQiE?810_J=lB~0@_JcR*8LG5`L%ST*I$x&WK1$2O5E2!G||0h z+4$wNMenRw(d2Tk_C&+>=EWK_Pu3N5Qc+7#dSj8PL}Xt4YLcQZO{fX}EK7fyFgxXZ zU}Ktu2ha%U{Q9oYi&%)K)&ho@LM0_wPI{>1gYR`QduopmsY0Qv>~$vs1RIcEknOYrz09mDin%-ur9s|Gvi-Ei^wmk zNP);T&fu?RVVNB{uncth-!fmekX57oPG1#kVytcYRjFkvzYc(Lf%&d1OGa4U|LNF` zD~)l$K#o^lAI6E0E*f-#D@$n->5c_EVwpk|BU|aX_rg6KSlBW(4H zttExVh>zizcMEaL#SmIlScrkmP(!<$>+kp|;5TfblLk)AgC*3n z`-B(mClfugCLy4m^p2vhm3C#=-pb{t+e6>A?}J-iJ>J^-U(;J6AEYG3gF!V>NHG<8 zTchXsjC)HMgk#Z&D35mwlbZl9lv z!D5Peg!~qR9+?|S{bE}b6Dol-i9@xp18^!VITlB{uwN!?shE#?C(Y*e$Wxo#R3+hI zTKZMUbEmuk>Kg(G$Z-3s!TGOn$ne?r$^YNKO4(9!By=Fi$cI=aOCb2-39JC6taBT? zVMfl}Bq8{f2%lE%%qpQ0b(8Hs8?m*Fl#{yBm$rg~t`zu?*pjqymO}_y zKN)P*n8QzOmF!pKMTo+QQ5IJ|OJvP>J{lZ|m~JD>0qsF^0dV&k6n=H?eE&4Z0_FXD z5N!-VgrdTPxJ>xFN5aQI!r^+E@xTB6G0%Q(ZHu|z6aw|26oYvJsu#i}CC27Ah$;er zjoD)UA3JUpTZs|`i`i>tW@ct)X0O>^Gpw0m&CJZq>@~BG>6qDTW@ct)IJxgVDSwHg zC_hnBKh>>iRZmMZqtZM-6;N-`gKDvA&uu$Bot-3|r7j>Te8K=QU1O9T38}r5JJOfr zQ_i^Pwk8H_yqo{s zC(6b~PTL#F|M(0H$aBAy{?JAR0Xq!FKrO(w#y;ovl)){Zvd-t&UhLV0|=V)y3cJ@X&_3M~j%grpno=Ha4}j*g|S~xktm;zV;a@ zY^gKktD$uFg8xTM-IJ*lx}8xYxD zV^<8-^g965wX02T#Dj?s)Hl1_>{~V8|BYbMIJA>lxSEZHq4yz3)(8kFh}1SA%R>K8 zj@QmwnFk9=5Bf6&axmTPG0N0rqVp57sDWzB7b>a2eDs4GwUr*VwLQYfgphHeAenY` zy&N&v0Q%K3D#*ZsbVnQZl3o4%2U^1f;zcu5A2Z-;$My4qo#WF3CBVP}>ASYrC}aIm z8Sk_660GO%>WcZuCzQBR29>H2=e=8&m_Jrfy@LJyFM^k`%3qNI@n;ikZk(~KoI9z%Y<`U6|S=XWcaa4yRv>SRtK2D zJ<$D#L|s`wNpPz58vt8b$BA{U-Lmquy<$jksNGU=vc1ZQwa20_`7LK-9#m_lEMWxF zbtC;{zgD=s9-O(1zgcIe_Azu*qWtg*taz)PDSc}d78rdZe( z!BoZ8d@lXCMk}#@*v1SVZ@zZuC zj)UvsWojsM`IG3InnE#dW^D!Ci2k1-OJ~coT(H6%$t!$OnX9C=pzWzwWMXC~z#OMzT(}Mc)ZqpM6&#&h_x_&j`TREhy4m;w zJ@!_8;cR`y?e;IdfVR7@HXcAa{xQ!1rYVdvSF{%fz=XHE9RdOY0ln*QNBixKt@!rpDgbe0 zxljIGPNMMfIxp~O9S}1OIu5^c?_@^PcKvR<_IeDkz1Uv1|Bjfs*MrMXg214or$r3_ z9bG8Ne7fq@KOV!l3DVm!8H}(oztXKD^7lg*IKZ41@isC+%=312fb~9hegQwR^FXyo zi_A94ueM2nQYQf(Grgd;y`8ob(4Ws!;~q?-b)^%Y_;%lM{EOv<_Rma1y7r1tbZw$+ zD}<;d-5vof+9UTq-*NUU`xUdmd2z#jqAiB^eN+)`e{EvzsVy*px%czesQ)2cLP>la ztzq2%wzIMEbOXxU%Jcc3U6xn6$Dpy0_kF^paT$iGx8mDtYoKro(^jG_+ZWbOjN6tG z;I=;kWsLu|CYd9vk_k4%Ih!;WoWg=v*bbDT{Apy z*Zp-yD5Ie%NTDcGswm^SxB<%t9J#MJ@j`>2T7ut1N9ozfogveV4oXR#m@-P}kX9N| zX6V?QEZnTpgMw+!A)x@KADt{gux1Qp*j~4zOrtf_ zKRdyhR$(XX&w$Y0vUKl|6;_=?)YWm?XqG<3@8pH~(3Za2Ek!SVJ)vfz*W2CtUZS4$ zn&^h1XA&Z_DA77pOP$W=8Q#Q4)C1WJBWIRR*K7J}E5+zB#=&u@{w&Ukg!q|77@JDi zsrjFu}b(tFrUmZaetnLLioVso1@_!>3m|3m4#M_2(sRY%ayOGMEL8$W9iO8&yu@FwS zxSY12r2MPw4!ky`RBmXlo|;El$cwQfA%cn##XpVxfkff1Oy7x}hC%AiVgDt))k3_n z#mIs<6?K;-D(*#sX8He^tUUVGzHJ);VJ+n)(C!bb_D9&f0^}6@xrl zL%X8z{zs`vi{Tw=o$FJF$9kQ~eTFWz&iluG{R?`VMGL1A6DoqYYP;TA2MJF&QhDMR(ZX)JC`BRiU7^Xo9KIIhXvd;O#a``Z zH6VI%A~&o2S^9E~M0*8bP12*H{1Bx__dT7Srb}|c{bcy3hIOax94ret*UfLOQ=gfz z&xy{ZxQ{Iq->jso1F9(AgW7!jWvfNZEZtM!V?vZ0R}{1>x3Rc#T&+#5N1FV5-pim>Pnb$gzQqF48OK`(tfL99vQ0R8JpJ6*yjc!MG(b1h7mbDJdq~+a};Nz;PKe$jRtD3;n zi0dnGl~E`kJ@b*LX!jD5gIagl6!DR*#v}Lg@a}e&A`C^o*3O_tGF5HA2NCl?(4@ky zU*t-(uB6$0?(&hvxh@zMfq0x$wD}aJD(xzM#;FmAR3c)R@a+um5(%ZeKfD75Az&kJ zrnrmu{a?3hpuUJ`7GA>oUEkC_<8289hZ7+8gqP1H{aLQcAYi!eZDq}zo3 z6J|AlWT4>pu$??1)49fB9)Q_n$k__~$6i||=;bA1wshyBjPl%3*{|ghs-P67lPqCfTpyHNLtu8}5 z%4%h(f4dRFmt4{FgxwCc&b!p4?qOG(cA`iEiZAZ;_&$rs;~I>oW#&CMcc;HZrnN7U zU|?9llJipzStu6ohW7Jkf{EBT1U&2s1$eImbOQ-lmeT7rC)vr|hNBQQ(7i}WVO%w} z$2_R_@UDJPjzvk##rz%cwKt3Y>vlP)Gm^)H@O)AeD`?+WaLuSV#p!!E5WCb(WE)mf}mM({?POVAfLB9r3q!)V>Ej z9&mLpkL~DG$b#$GbnIVJ^5NM~!h$JfTC{MO;sJNpv9iVH*!58EO`?M5DS5mfs||(; zKqptJL0!&FaXwLc_KBM{a8yn|@17N|Y;_1Oa+g|1ES=&r3~R(*KMMA$^lUrE16C-NQm!gXUX3TMeXc_sJm zwC|H$4$I(tSLV^1SE0|LsnH!K>FcvE&q*Q0;QCa(10ML)s%_`*qJL{*=4%V;j-vc4 zSd)|-5)CIwD;lTFjm@#JLpY}CBee|%;32N+y3st(zzT9y)>h*oT&!}U*;uMogsWinkJ0GM$Zer@|A()}+ z#q{Y^n-~SM1bE%QFKzfibK?-0{KI@zPc@gr;t_mn-=Nuir{7lJ2+l8GDT1v*bgwO) z_y4r%eRDPPg8dP%J@y%u{m1E+3=txfgC9*9$=&lFjqVAz1ThZ&Co2yTxh#HYDDRAB zHun_qb^ri4S`>dd9iiRpCd5RCkYF!-=s8FBo3Pd%Dl51<+1)J37rUh}xpnDS%SP@2 z<(u-=EBl(}TRZ51S^}#)*)bZ)LG3u4;|3!Srf^M?-llJDHHn_@3*7DSl3hBP+BnlN z!VJOf^*2{2BZV;ZE3cAHLL*CC=k{{963t+w#f`Ck1GQ;P#rDu4kXJ65wBTZ2U>l$1 zGl8j7BxX&vpoqON3w8CxV9dJX%b58II{wQQU+I#*(&a~IG@e#2<&GZ>ipKe9(bNE~ z^_Kwp@1KjPCmaepr^TwI;j7xzu|xX_ldKDDsACsfI80gn!t<9eCke@~aj~5jUwzFV zSRF4?l`#i&-gH@6O1ks-^IArIhm-S^reW!*mi!k3GO%2&)KveO4syFSl%P*-q9-t6 zgyie4ItjPY)y-Y8YbhENbPR_9R7er_vdmDLSl;Fq+)(T+0)m#fNOcchLUkJ&i|4$l zXNcia+7&24~p+)T34co}3Jn=Lr zUF(jPwE`#`PwO0oLmY1BvbGVFRe40M?*-gvJA36x%AmK`%J17toljl#i#)7v1;<$B z>1V1Yr?-#n^qW}KTN8#;9zBotI|`?7x=B|)CAjU481Jw*o$Uxk4WM;x& z|EQaSZtz|Tmlvw9UeB&((DU&3+IKyW;8Uh{Bz%SAyNwS~`Ln-E=|;xcOn}r^WVoA? zzfz>8ppsRBsCxw0wAz^_d z&ZnH@JCtONprH5;Z<+CQUPxdi#djvRvosjcSB0)6#Wwqw&Zf2p)Mf*#> zH6xHFa>KlYviJ%k<6kPC7#TVC=I1j>n9}0bXvd5$vMrCO_Q%XMKd$izv$H>Ik9q+W<;EsY)U)LpaeX)-z^XrQ!Hnt zRM^nSojys{mQ_s7HomKe1JqPEAkMULM2OF$ulM6A;yG)PKsiKy+Vgk}SgG4SReu#o za4iKgktSM4Cdz`_-9-tljn+`K@(&k1uZP|}y9&IR9V`#!g1ywK8ZtV=j<9M$X(8gj zPj)%ZEvPnG^h!!6Qufwj&z4_kk7QyFlDl<3Ef@~Ti<~2W$i|*AHbto9RNms1RV327 zU=AwDs9+R{0jqM*kQ&ia=dhF4T%?$>Jr@!9rqKJw+I1WU;ixv$zD#!$%0}?rWt{J9 zCuz_pnBA4buz!{^KP}(}R38-R7zVJ)@)i)bk^x)A+I=4HafVqP01D%HT-aOP(VDEW zcT6akT{!d0ZQi7rGVa#47_A>7ltR~4L18A;Tyq-)wNuN>nZvu5jeS3s^?vpWC7*k9 zKGVeS?w8-h5{YY$lRx20r@sF#Qh&83l`wK?em==vCbW*W)Q>k@BzIw#?FprhFn9HV zKmK{7#_l^2WHJdwKxJ6q8TONy3UnxkXsJu1ViN>UWjru9`q9t;ogCw7^}I?%s;U_Y zwC+#R+O(lcoZYJ7DV^k-A)n(HVRSFrh4(m$Rezz3s=nKCvt6A^!E;%BwCz%t>I&`i zqK`H;Gf7aR3DaQo)|y_Ngomw-S<=kRL~B@rIl?gSNZgn{`22eNJkbrC!|}t4SEGD4 z&bcv4Pz^|*7D8bDDP|5R+?Se@HM)gO^IZKI*v(#g7R*^YOthK(9ery7-F?6}m zYs(p3Lr7*rBM?=lC`Fja?I&$fm3T=o&&Ao=$oWvq$APTafM2hw7p!TK9_hF1XS@FCd#sX5Fw zKj^9Xv3Ayqfu&qw!#YMkZlA*@zsQcl0seF878=Chn5o#O$F++uo-AOScjV%aJAJ9& zwXEtJG3vVAn$Wsd)r;}jN>M`dd40E>QaPFvx)ajZ4}a6gi#kadGFu`aHK=EqLTpwr z4rowEmE;*KV?&^RGak0_i$FakGy;w@CC%FC}AXb--iFO2|+zr z^o}`*fdK(MmicH((`=Qte;6N;hQ06t@Fnw>u9nt^T*s2Z8wVFN?u4uM4noxTgKY_( za?PPGhTgL~m_o|a7%V7?8>)Wpzr0D?bAWnM%c`RD^X#!FiOrtCk(!SGvE}~0Y&tnb)h;b!BvG1ksHDqUi~}zx2UT;i87u>MJh!o82zz(Z1hJrog~Shi|uZEQA|ZB zX)B(FY;H^I#@%j~GAc-ffm{XT>k|6VP@)&o*jf&Uo6TG*;1YsZ|`9o=EY1KgLnJ2bZeu zlBisd)pkwbfQ3!0;<_3bj`W%QVCW_G(fRxKnG8h6FXux+&Ux=7*f(vRY$(=|l5%G=@r5W0}L*@Su3= zW&3LCfJp*CrmK)>bX#APwptu9?ZQ zF%OCq`e`KJ}|;(ANXT&DurFv#wLf9{ad;S=7pj-Ci@&_f#dq z)m#;D?Wr#>T`wE2H{4(2y>BqwMMy;rCs!Pwv>U{;uea| z*d_9C$Aqg$^=;XZ#3}By#$;CpL{KivD@9i6DN&663sn6$tRI3&CwPe>ekP5L=Et(+qkoQt5vlo0i)`9?p+Kp{`h^Hjfqw8<^Ezcl`MfDkagFcdi6i1C{CR5{;|mSAEzRjB%sD zAbC>VUCz8+SQl>M%Py3L7W0dnyRfq+^R}iX66W*(46Y#94fTS^$F&Aom>8nj-?rj8jNkf;iKEy~DSxJ$`7N&Qk+VN%2xjN$Z{#P_dscNn{D+F2`n0GkG? zOJr!Ri}F|;FfB-O0X`vQ&fSt)6!~2|Zp`gH;}G|kK+`7{gVg%8BvA6sgI&RVrfo6$ z7C%PnWKg9Cv80d{qQvO-)m?RKyy6d}I-&HHsk{B2#BAZuQUVsun8+$X-c{0r)V?}% z`EX~Lt7vBQwXC2UX<=S22|5QBdsbcB155g;<+z*9r;*MxN%331+W8<%iuM5np zKH#$JU_TP^cDNdcR~QspEH62(5LvG9oL+K^S;Hccy4xqx3yhUEnK(G|x!X>f+){`K zZVUT#aB3&aHBSMv&10&!+`2=a9l4%?`~ra|hj>2!@}8!%EhB212L&u6JT5#yi^47< zqYt$H)I7xa?^H8alGp@>F5ek@AVoG1@Bnl*EsX|pbiJ;9?bYk33k5Y#H4K0lK0z$O zAd@hLLf2(Ga>rRleCT1zR=b-4h_$b<4c+5*&lNf(ea}bcT$XKB$Cj`Uwf=4=lF^!2 z_eOO~?c7;Abgb*Xa{Ay7TwS&{yXw@GwlmyA{k9?HoN2V|PDm<((O;$h2(Bmxy^%FX zqJF9pmgdbCz?3MFwmEaomd!S=8%Cw+*7%a5jZH?;=aGJb?3WTUoNP~cxO9-POQ&%M zb`@|T5hY8v%2;htZ7u#vZ-1f5X0IJQ&j^{glPspdDVvvStX`1EZo?L^TN?Ufx~BF?`UJt7GoN4wj3U zdm)Q{;Yl>okm7aoV#cQ>7y2z%WD-d*!nCfLqTQI^_cCO5;g;y)I;9Maomr2rrC{8S zUn@aDL+jQg^$-<~iBEuv{33RWJdkCzawi*2$6)7>z8;iWo#A5&zKi}HVCe&_0BsdQ zGkk-%>tbF5E}`DDHV|We^g$zlF?A>p;{N}z+oG~JWWkoHEKp8|J1KZk7{aEX=IvSI|l1jU~h4`e%9 zepmJUqN1tGww)09E47(s>|?w7Ic0&#L!~1D_|jW@-4JtYtmZn8Xoiv*HB5V+Y4<&k zkw6W^+j)jD4tU`E3BGqQ-x4^dT{7ODR6bhpo(SbFSKqRK8}d+7RwEf>9)E8Za@4)f zb9KPtlXsG5&ZR#eMJd>I=$9kqxF$RKpx`5~o?4G@#7bHo_H3bbSs$#3x|I~@*~Oe8o9ib#0A54mV6n`!O%=+mP>e8io6b)LENy{QX0hQqumsApQMkWZu> zZ)wkMzhP4``!SP}f*n!2yc@cHb-Yc(+8|QjnWniS@*p}>ZTln-O@ZIqQtif;8b0}# zdA9hDDVXwuv%FA$Lf~)ZNAMvGm445+jsWi|VP4zo!f>AQZW)UC6!S(VRfc`?lkNn+ zoqp|ux7SV4nikcsWk>hfj7Ra?N5Nd2gJ{v$rpPVbAUcJrie-);8cTG)bdO-hBQkgO z^GGeZc0|R38+}6j9IAFzj$V8M&>I(Ie@0YPQpQ}Eq_XgKZy|`%lmqwN!$Sh*82Gx3 zw^QlUwvtO`Q)D`?n}o?bm*Iz>^fhj0F9s%H2znKMGYNPtVI?UJgO^XJS!hP>h;0Yl zRjl83Is`idy_vj!nxAB!dETJ{Ln=?N=?JsWCx-O=9dtDjGw}KuuFy*4Qzf;TJJk(K z%H>1oP2q-5mqc34e2YGD3N|-iA4oF(1vEV4T!9Gm^3py%2v(MkL?j)t&3dO%dPDBY zs}iah_HKUf)&CnXdfL%_HBDzhDp%msbNVrxqovp`!6k!Ql_rlZ)-K2=s19Zh1%IO# zZ@kyT4*lZcu92&2CYO7d+^P~hPcWEt2v4iQfIui0L^A$|0+|Xsz@T^}5K-)w^yLle zx7|^%RRb6YQ6VdCr85+FE1_zvM{QxD*+U`2wa+7wga1&$>+-3s+tw|8IY>JD3x5&h z0!qlMy%PM|X%7haqX~M^s$-Z1^_BAUU_Z_9d?^fmc(KzIKmEQHBt+ih+$@Oy{v*qR zcJ&G@2p;)v*~ilo96S;n?0lhL7M;;Z=_!KOpv*e5qXLG@QBe}xbMJJ*d+ETNVmXHB zmn!hSc*6$WSnKZl)5`BLTBkF87nk8t65;=7#*@Zww82D6x$m&aZB}(ALOCQK`B8+7 zEDQJxltN8XY}Tx-$ek#&E#+7Asd1~?AW!63z>6^Eh65{c<{Euu+~bawt%(LJu?QIH zkS5Ll^Tg!#dUCnsMFb{}3!sW%)=HOsbKn_@_X7#NpRJVz_aO3=iq)RG>(rhs!dXmL zc~5NLR~;v1b(~L$;Pf2j?V#-_-C~lJ6p~j0)9|ofUR3%jautPExm1mp+@hN|F znv{kJu4A?MT?-ttn|tqE6#<%{ZUtN-9fA|oi&7X%lO>Do&OC*H%*D7mwwI1|B zm9-3<@M5$7w4pJW)x2w^IxdYW`}?U7?YrgmTiS8{YjLlN4s zrOkJV4toNr6fYXyz6e>STp#|shs)6;tvVOP67&AyqO;5XwKF~PEdJGdmG*t}-#NJj zQRSG-A(;7;!Rb3cG1Pr$>wk4hSjfj`CF7+G6wMs5JZIa{^vHg2D|- z#CvW?RKvMA=&oRAm&& z_Ic0W27JvPaN$w(Bxu-eN+E%E3G}sH_$xK_mcoBsXSX@#MBJW&v66Qi680M*Y4~wSa!*LEC(!SStpn7=bWeoBwL3IKGh#3Q`6yoC9yLL;G70TPKs7#)q^FoJ_(zd@uoO7Ue%Xc1A z$4K|}6}?N0mBDQv?dtrV!RtzV_hIQ^F@(tY&)x17yY-AR)3=XYV$_$9ZC}L-0vWJ1 za0@Z&U*`tW2mU1=5|-nZ0}Sr#sb+a}1*y~t=inYx6oQ}uaM}o)gVl#zYj**DZmABR zg+mi21mF4-UaEB=>OyeDdUH~<+~OC%z-VDss+V{QTn|1zKl&VVR(Kmt2yidOfozf) zk|wGpuRTSdXTcMTnBx+?V1BEqk&27o++p`A!+X9UAyDl6wod>qUx7?(JpIkQz6{^7 zEBk-W=*xuN^Q89f;uei|tz&*D*mPgUwPz(Umdlng+r#wkc)OG|o5U7eCr5e6vJEvt zzU6+Rau?)#ly$^3baCnV+nw^eoZ&bxR=JB7l?}A7SqgII#j$zsi4;aI@oxhr%+uFf zs7rDbi$Q$D7~oqxyv}hgNAdKvUiMDFnE{MVAlp|f; ze*V@IFTHE&R=|A;?WWEjPB>MRv;!mpzFZreDG#i^grfF8^R1nuZiA5OrIrN6cWLR1 zbQBuuoa8)d=v*81E6`^~Fbt)`{TvMNl4)i1?p!x;ajx}(1E8rP%KR`jta?kCT;h(3 zpkB*gPR37mkfGf2+O7$Sof^R~6^cn@0{D#*Wy<)E*VW@M7Dm9JH6+!CUGTJ{ru=eR~a#>Szfz>6+PK_ zwK>>fuzC)j=RQ3>P%aAI@K^p&MbY}$Tt}c9r;ROnz_E(ph^(<=NKK0-R;b3w?{|9N zS#nmu45rU~xzyeJ@nhNImQ==6O$Azw1G~$D%y&nJ&&NUvl#Y_weY2p4u{R=?9yVG1AKSMt4d-RH5$U;ZqoyUs+lbC&)D|{c? z!o!(4GLsgc$%-Z|i9%Don)2aBg{yO<_BUDNcr&WrkuD0l&`AFg0Gybe-^_t!EFpK;ze|(_gX5naDICA-Ef@n8CE{v?3=MkekMgu69 zi38F&Yv>h;Cru<^f>L*s)O}0613Nld1Wf;)k*uAatZOHQ-!zFQokd-}=enbTBZ8bW zka{^-`|juQ_s_I}#fDv6ysrE6*Ruj75)NRvDk0Rh_C4T(~j@@})QLY3-ASJy)7H|VK)w=_4U zrwb{+X1Wddl_jhU+;umP2x_oP%vbs=FE}a!%59y>-3U->yr=Fq zqb{AFo+|aC3xj)Z|L2lM>)vIrpVubV8X&d@ae4?~PGkZ-t zwO(0+ZG-0fUX;tZVs9Va{vg-KFh7w;aL8$I5cgq2d5F$wcX9gAt{bo-^gc9Z1Z}j2 zQ{UfvNk+dc4q;k0jz+)^F_ezoujb-QzTrf;lUT`Z6<^g9Q*~07_a)2Ezu?rDxBJW^ z&yX3^lzbMWDFit(vR`#FU7?0r312&CojE_KPnLZ*Y{x!H6!0E*V8nYJE2Bp4O+kY3 zD~udqd-TF)|MNXy&9Q4``R*-6mM}*GxP5G>rPnOyw zMMZq$6t}1xF9IV~%rW7U)}c3H0L4DF^kSV`2?Nnx&?w-0P$)kk5F9;5Y}YEW#0b|b zZK@V5HX3C!dN_h!h|*buB*x$}$leAYP^mh~`5Tqdx<%D4^oGNnok!1^(>HQYA4YR< zjAnFAXOPMguqoa<9b3?FNA)9~Jol!T#qxt?b#(YSj>?Z^+k-PF`RA#;QMjPColgCs zebEYv96f>uZNs`wA3J^R14*SHP_Xd0s+&3V8uQhiroA$&(88hZ!;Jsb9qPxdrcgyy zdN#)?GskVSR&@) z=duQD1(#mh?S;}-6l`wLkHKo#K?cL{1Q_hruFu~b5d}uRr$?-=&V&jHvL!X;`Wr`l zg-^j5cKY32CG%a==14f|1{v`a_myF`;C)9O+1R1wwh+GHV>}V&Vh^hMgTR`rHVB8x zk}*xykzY;(&NYDcFMvu|3Bo_tu!ce-Dy=((2PG!sEd6kcUjiz})PI5?Cet!%Hi^PH zq?n)NTyD*_<^J9-sj+0)I{vM%#L)NJ`b?_p0-@v?Xrv&$Wk73zuD?Ngw;6QHpmp6P zP-mKg6d$@(32ss~H9~#mSCc?~Pa2q~4AKA}|C&3mJxa1OCUh0V-w*q58rg^|QbI(z z;+C=SVZHHZTc4-ze@4DTe&#!x&XVk4KqTV3mHhe9#n~Z{@OFR_XzawrAX7Ppaeay# zkjbu5nbxU{ZrM~Y>rat4W>n?5cUnotaOi#VCUe9;iSJ zEaw-XO8AtJf->3Tq%|C=igQ?a#j$rwVD?EF;-c=>$G49FiJwnsDBdrhH<}wHfc@|| zOnsIm+$Hsl1f&E@@Kv9GdD2F$j8bdRB*zFW%6*>h3N-30nT^%gQOLBaQ135!ad20C zb8G3mr<&9NO&dGZ*iG<)HXe7xLR`^_5mV1gF6>RH2sfY)-1vXb>&rN>p@SvxS(v2G znHc3}e(9Dwz((RHj>NF1`^bZ!{>RTYal3Z|rU|Y) zl#&}-Z^XTTiBl0bPHEu-y)jS+phNu;bY-`#_XgVj2iOF?@ZE&*eJyu4oPGcS^j{4w zU)@0$H?(jTte)}ZHC!Og=PX{gTOs>G6l^*UJt982z$XghTdPpN3w%nxj9B;;54#Y6 zXNxY5?LeD32KFM>ifZqPcDUe-Q@6wYWQc7Dmm__FC?x$g)ZT1?fZQ1of4;h8=e83S z;@Sf2QoV0=ZF$LKdG{7iZ~EZEa&=5No}#(b5)S4{N(RVJMT#cZs`cLp#ff3-J|)!a zg8D1Z;^xWkICNQb0#P2H59McfqnjSDC;V;XvH3+A-!;a(F_Ox!sNVB*mp?Cf8=(bw zC!9*B#!qX*@hh=J^s}L>sdntkvX(gucCPiJNzk#64Hm@d4e}Ljtz%>wn*)q0xKMz) zXbYsu>G`X3@Y-MZ`v*(9Iie{Ox&gLoZxLPTcLA5_pJ}*#3a`C!AH$#ZIeAx_-!B^- zyBrmr1^Dp?!bzUe@)yG~a-0=v%#3c0I#Or9z(fe!+?dMa##4`9&DuW1dGy1D9+80& z9uEdwExMQD3DHxmU~~7NI@3gDMv@U1++#b=i~&|#zk@qV0|Sik-WA*)!f-9DMoj;I zp}dt+j{L6GRU85OkU|rPU&Iisc`SGXnn>&uw*iDods`j^_n?ulu-BdG$$&Od(aQk)TL9JvPz`KT5uB8Z7|J?*iB{m}yfuXnxfO@YdivX;!t4qQM*zAY{yPVQ zu1z^vD4(mZ%F-9o+tPESoyRi_ylYll4XN!-;%2a75M!IvLAVU;`ivP*+ITS=bgT@_ zl4$@Yk{r217zj5RQh9R4mF)*rN*Dkp7N8=0#jv{b@LJGJoO6zHRUc*=_~PN7z7LuX z{_;5RxAb`s>B_6;3XG`(&D?>cE(+SBeBXGOi$HmCdBvY?jm>TWQXt2J&dvBTi<)W% z*ojLWR?AvUUQqCg)Coznt$Vb6&yHC{2+QXP)k(k~(~E8K@0;o6^Us|Tx7*k8g{`)k z9YRh2&$$h$vluJM8nk;_jOy(0mP@hq+sHdJL*GE-4bs3cb9Y}tzac$iWEoY(8f#sG zC4!-fN$R2IrG9njZ^2rqC-`-_AO04`l|1T8+-c|qYAQJo)Prsmu~`#kMl;W9UAb8O zWqI@GvmkqomZp27)2he?OH{Jrp~?_r;4zw@{Qemwo{e)v_Fr$sjgNihHUHB7Vz>Q{ z__IId+mQIsxNMK%xE!p}EdwqxyhuK3vbeuRS!9KW28U2Q3qPkuVK+pg+TG7EeFN63 zWNASVll8zWs4s_dHSo=|Wv%jH-MYDt1`k0ZihBlWo+$zYL63BxmHqs!0dD->qY<8L zyBG>H39ge0-W!RJ@dfyC{O6)5|D@H$vBX~Er(z&Y{E|jrnO-|^^k{AkvY3p$1%kr! z&Ns3O`dHM}LIcBwDMwhn9A}<@ zL5^OPf_$E1X3x)*`F!h2ip(c$OQfLic-SHGb~0n)<-;OtSI1d3H ztv9u&pj!QjrvRWki@pZLEeiwIt~`_{23Fy9jri8~-&>9Lp!=2-E7mK%rT$d|iBGA2 zJ1d>NBWV1l(0TB^3fnEZBK{=8XbSkjUx(a!1RFUM_+@9al&oE5vtd=E3i$Hog3PfV z*45%m-R8CSmnHoDsmf(51tDxl+yyf@>-xK|5-b&tzISC*cm%A`aaxwnqzci=vLZL{;OF)654t!)I>&oK8o<8*_5Wkl0Ab$)t<7?sdlYXUBuOZkf;3ZZ}2mQhPY{ zkzJx&9;$r~Rd-Oo2rJ?6WMOZl8xijVUmLknen3d6paKkqY>;5n)dO(-;Hh|`eP4ZR zU0j#y&weE~#l#1{ZKfIV++JdcfZ_)W>tBRzx*ug*Q&V`e;^6k4g71JS7xk=H16GF% zaJk_JkMH$4fv=R;W#!Fup+FYgkkm;!87iEvg#*E>N9*Z7NmmmL?nQq;bYcZ{gxWL? zp2~M~*rOt=BtOsMd`@)`r6cwR(`Lk2FWICzm<4Gh{O&cbLR-?woh)fa*R@ zbgwvu@^YIfNYrSgezw$(ZnbqwfKIKIb6taK+y6^R!081DoRYS=s+r{$Ie&!~WkQ8#@mN4;MQdHxCCXD?0#ZK$yQ98#@;mDeM2Ell~vT?azO+ z{kIjf{{m}=|Kqy<$}BAYPjvq0Fs!8iJO94~Br&jHkvaaqz#uOD-XspBn{K}^dy7}> z^2z$|`?&@)s^g~VO(gF(1&7vWZ*3prmIFZ%GoW`}dwaJ33{2_6 z4!n<_fVHFpA#!p0M`-))?c2^~)e80lh%kW<)ITcr$S2!3coI<3SqPeWD19IqH7F+p z&c(fy#(-E7bU}dk>xO<5 zp%tp|-gq}!`SdXC-jKQzC4~;W>`S(Ey3abB&NUOg;=-;txDCe<3>)G`HZUdEDX3sM z=!6Z-C%5Y~+i+FWr(dx49?^gHwyM#l4vT?FTzqH@K<|=<8<$0`Q0&4^!mS4nW7MC$ z8M?5Lw;eqh&~_j2?(aVN+*RK|g$S684q)FE?x2)F>TbSVl@dt{K~2bnG!{#z68ml7TkXf&9i#s^2v`-Tm~A6bV(OjkoLe zTw}9Utt(=rKm!~#7`cGN$mrWarC5VY38Nxpp10odK+~tP)6>eb6(>xx{w3k6x&3{9yQAf-5RutVeMdp=guK zLb0|eDonBM1b#p_dyh?5N_KTeIPpn66cuW)P(*MniaA%4NIeI_4c5>$10K|%pAvBu zC1CPhsLm@Frg~sWTkai4gOt?xGDg~N=LgaqT1+cOHKI5fHWyr~*yYTH7~G>CSA}y> zuHdN=;gkkhrHu+9Rpw&gH9Xry)5C?zezmoGyn|L^rY4dOSG0lk&hUlVKPqa`z&4yw zMO)Dt{@oIxVJD(5!^8?IMc|9m!ia$PHqaumC$3Q=A}pQ`xdd86qvHMkSeL>ajJ5P@ zgDT5_33{36%S`FJ2FHe~yI?hGa1@^j(h6G*N^2?cUv2vOb}OGd^Du7LTiG9ZhM|+U zKVz%vVf=OERBsP!$C`*KzDbUTab9@ogoe|Z5ovL_zS1a0qSl}ZaTz|KVF)d(^68JF zyLI-;%L#+^6u0xR_-M%vu30y_k+LiU85pt^GQ zs~B~mod~rO63xK21HY#4@eM?7#ByaP2VW*A%u*IvCZ6wm0fMV z0dp&gq06`X>)BK(d-0vOfsY!ADVEI)=Cr_F7B|I72~~Y()~!F|$~@dz94s$~?}`SK z_bcn~_6Aem*igk&tItj(bkJWR7Zdl-2I~*SUQIpjnx__~B_^8*W(R=aLJz^3Sh1Dx zrFbZ5EUY2HU)*d7h^&Ey3iw6ug-Zg!>K%EgF}Ku#3VaAnK(~H%#>E9ST#SCXEzQwb z7+G-lqBBOD6m9~Cr##897JT{N-9^k?_3l3KBd|U1_9gH&>$M|ne=8qR?4U7DllCAG z>PG~DDA}G6eEk+_m_AW3qYocm%{mrmdIa04s)IWX?G4LpAL~jS1r3Jy3BN4IcX8TVF0nCZQG9(``5OE z);;WIPRDFw)c~7W*U5lrecCN*8*-p2-Ut^Du5oNq3AUFY&|6%*j;{?6X}edH;xUANB&8@X*CmTWAry~tEA zE2PmQyke4|kw~YJH$UwP8v%mCT2;sr%K@wfvo_f0Rx@~;X@XwQYOUE!X=wW!;+%~F zp<_(pnCzC=GwLj%s9Mt8U|rH=z@r!CdX?Cd7j>a)u#HBgsGtk$b+Sq81PX6$LE#hK zBx4T-78ZBmmT$+gDUTFuMJo705c4M_!3CrlRij3G#C$^gi{0bnAIj?+wd!TsZlI?T zvT%e^eW>v^j2r{oX-;tTjMZ;|dV!#DnVz+fc}AKl4oLuW052oNXyEy@Tx4ykR;`um zTV|`)H`fr9+8ui^7G58ukhdpqk%cfSUE5s8oHcN#Da+W4nK8O>9RWCKRZ7-LLCvcR?Ci%T}g4(darZB)&O^STLR-5UfXzC zyCfL`#uS^3xNH%^x1+E}%}DuW&7!9mQs3IZ^7{c0zZS6&v1AmqRwEsc_5e2zm`;H^%0zC{P4(LS*DlJ`JlzO%o;9shzbeRI>6}U#s zBT}O!`0#qrL0tU$YdO@ljm^ttWDVl&N+t1H*KQJ9D4APcSOH$|Hg+pI=gQY#GZE0! zAeiGuy$>W?*m-6finQk1UQ`64gx&RS+_YtNqlcMcQ_Nqgj{s4bg-e??5Gjyqp+JAc zd;25gj$BmKNUnuMQlu0hyVvwO1LQGqN@%GN-Bs&FXaNyLR%Y=^C@BJ`aj!Q?;(lNa;a2IA zNbF&6V9Q}9o8|>}Y-_zxNQDakbvghjHCRo=vc>m6F7B)}JK%yO8?@{Xe>y!e`hkeQ zjT!W}xvN|^G zXniDES*xvY%ve3-ik?|HON zuClB7N~`Bld+ddSSn=J1$UvvshHRLoqqHD`q=95iHm+x4+6 z#t^J;!lyy1ijG&gDkcA@9g>wP>GnFJ|C?(s^Q|uP!~kpT-`e+pmoaWnv4BZJT4GCa zi4HCdK)`m6n3o*4F?x#9PH$kRrIH=@9&ZpglsZHmhrl=jCkEVqI+9hRM>SZ6yrFGx zLvb2&){aY6xmYF=;z+)w-%Azq_bUdRmzxOZJ!)>HEC>uZtNGnKmJNA>8$`s25lZ8^ z4Pj0SsJ_0Q(iv5PwlS95L2}4S&jxnBRDDUO2WctyO1ud}XBQ7LT4|Au+Dj>v0Jef; zh&x2e;r*;AD~`KS(Z)*>8hFm6(o3LTla->_HEe`}XiWP$6?DR&l%NQN9dw9r!rq&* zM+o3bZopUK3OC%uZD1qxy02wsvARygnWeLymz6T*L6w@QdQD}$l3VMQA%z}8b>wU<@SN}4LxB{1e;Ghiq>q?q1? z1%G@dHbE*vF(U<4H$ZJ|yin7r_v}<90>tH${kE|PTeSH)F^wMFWp7Io?J$`WTT>&T== z1v};d*#MrvGDl*ojw5mA0gsQGtE?)LIzU_^t`8oB8V|x%s@}O$rv-K=rO~wduSL$p1&!AT2-)>OA!& zNzW>QbtE=3MaJ6Z1}!^4QA2rUj1_Ap)INZFHZwLxmU=x!XL0c1OyLQST@_F5jCOCN zi%fA|)0P;5FqU);*0d(5B>+?!h0!^&O&4CCg1v*r=Q8^C1 zi> z0NJeToszbExpT9I9X2^HPSnvxy3koGWk7*-xvEFGYGT#t$$K_;Ai7!geYR-z$~K&}j`pTe(d_?uhC_NEaHsEOm_h)Z%j zv<&2;9ajujabD*EG_Xb;J7wHNG>}7`syigKRU~N0sJk(3=W<36pMb^mREj?6F{}@) z!k0F?`NKRp`>*4p^V5UZAEbKkiRzea|5XK9WXS$&V{2n!|MeWt35zR{+ol7Of|8hF zSLhC!7BE&7wvsXZM0x{|67L%-t&yRAm8KsyD?JcW-6)Gt@Anq#?vM6l*T3&IBOA>w zp41Zj5%#}pwT*@S?{hra`G3E2aC8p;?Vp}Kp#|_1`VW)7nVQsbnWkn;fw#Y@Z6k-z^$bW+^2@-D6N}FL zSexYEuj;xBQUHWubIJM_gjZCrqC(FG0mTK`FTfgQ3r^$^9lAD3CFmxTtRuP5;t!_!|pvgu%h8CWJ*v9Cpo~gOP} zCuQHeR`fdtNNB6y$by5^luRIa)YzVd?c^4y+p0JST2>}Y!-d~IWYl>3-||ck;d?DN zh_N#}eNrpcsRPOhBrb0MRv_%G1ETb@TPti(7;a!66rJ~5>1wg@u1T|qa2-pXESIN4m&0%@D8P4Bl1?zujzpe zzjvZ=(8rTpT_@Tm;LE2kjgpJ!8J{fuSH>@2UjExy_F1XQbCP=90=B(2)(b*#9H20$^|?x>=b8&&U0nl~Qw-Kb|r*KVSXeMZ#vuKJlltl)9Cn>A%|@A_dZkG!w)=A2g~Vhx=H ztAq5I4@1Z#0_AwL?jv|iP&>_=R3uTXvys2bo?deu|1+Pu>KE~`)#+EGJ?E+h&O=VUpa zYXxos5^7M{sHlP(&n9Ie<5O{Te7=8H_-W_#2!z_4C6Tf`V2e&18@q{TP&j(Pdx8ib zl=Ci=9*#@i(v!+c|I|d>hS9Zj64jDBnu&tUFYJzuXHql{b?c4_*5Gf9j>WMhy?#u? zOmexFijgq}plsWqGK{t%bpc1cfb=}bsYb4UpW3IUwHet6SIF*^Y*qoh2V(tgkoHO| zi~O*4O;km;v#xtYHeRSUAvWI)ZoDWA*tmKC&F~3L6hoXC1C}<49d!7F`qcep0Bt7# zWG!~0IDI@pe7ApCk;k~$c(m}oA)jFU%D%^JV}^|(KNqz1t$iaCRo(CfX5N(*N|djh zC`O4g=j;GT3#JF1O+Tc4vS|dP?Xmb&9W`5k@f9~|5!O;p%c)$MCbd_TEcInLxKvE5 zz?x)XZ^NKCbOegNU2)D&4gJc~6H)DcuJty0z02tf+`H7!lLj7oynkn-Hmy*&y1I%6 z&HKUzsDxL!n(_w|7Az8>;4Ug z34fJF48jQOok|~eCIpZf5A0`obIf?aWScWCt-*PbmEXILXOA8tGlv{11)X7}&Lj%?$J z=^1z>Q55rw_tG$njqc?tVy$_|(Fvl|5Gbv_6pIqRq5iF8wL&yIL*o>m!zW+@ zYRc^vs(CpEg=a2q3$3Qx1E28w*7Z7F_8a1XEg9Aqu=jLm2BV5kzE)_CW(W6dt7m0A z|7yTOQ+qOT6|iOKcWcB0P@lxNSRJaezAFlcEmloZixmS(WouEc=vT(Ny&|KpzCL}B zt`4aaA&g%J0g1anA3_P@hGQd$^gJPL1@t&@eHp<*JEf$Sd^BO6OSV&2(sdXcwC|At z-xW6a3g`QZTqCa}BzYbJg95lkIUx)39%#6ipRW`&seoca+3^+ZVW)u!AddzHP8A`0 zlVSJ}OO#7BLzY93LlA%6Q({Y;bzy9YagL?sGxXeP5evBN zLWZx2_d^b`vJJ%8E;Q zU7OMd$rd_?MiEQ)k?gU{VuuK8Ka_!ZD&P)U2A&&ovgMkmTFrIgJCv z1k9VZn2m-KFn&oX<}SdP#-5aWnQ?LjMMWqEh*iZ^m<$dRMdLh-9+XWZ$x%pC2stSX zl60G*BEA<~Gwv%OltOHvbYr7BJ<;ei6HT5d0KD$mG;D-~nhFGZZCT%nk*7E3MCEl0<+Kv{vwRw{`oygC~+ zL1s$^gsOPPj2sY5Ei>s&7bzd$=4u9ZN(2>{9f|~qjkkT+rr5POb&`=jGKZ=cu`%Cj zNQ!D>FqVK(n#`K|9&dzt7?*)6=oh&VVOw8GNA_V9D6Nk|slm=g1lh@wq=OtO%Cz#~ z6i9o&+5vk~K}YYE`&9~@bWEsJvi6kTID z$PVQXS==~5mMD%%ZB4;s0Jf!F5|NNPUVNRAf#VkN?7-2-QqYHij*#_b-YHeLv3=cv zj%ZZctX6>|3n-QxY0%@$o@*PV3CE0eJj1 z{XwVf5gRI{4mM%K_8Hm2z!Yf#*>L+`m7P5z1}e}_nY16&uq`iNW{I|T_sn<(l8!jW z%-rhmj+$)fQP|@h!;~{|WCW5t1fEXlf(;ephFD7-@J8{9P_1$@llfH`9L%pn;%FIG zXU4`xNrR+I*h)Ogf9gsfW=<3bdnVa8eUZe@`vVnzGwrnkto6L8hR}K>8GKRe6;j7t zN&k_V#pY(`p9B0T!w(u69fNc{OUQg6^MuT;CLE?JNTmB>Ui}88x}M`eCYo;pY?BigG@&_ixW;b!bp^g+sB zv5umeMukI>tE(_Qi&%yTcy@MZ7RpICC{MA|WGro;R6kUEDd6a+HWOg_nrYN%t%+dA#4WO@n)b{ zrDSuk!Xqt%7>wtw?MbzR>JYLRQshYRsH=lGn+3mCRUjlw)3Z@bflnb0QpD;}4p&TT z6Lvti=c0rOosePxjT4`p42OS|$3+1}a<$VnK|IY+WI%OZl*a1H5?1MIN9gAzMugBS zeX>NSt;qV~%5D4Z9kIP`5Dq$Bd5VUN4Ock-T;%3d7$+%jO{ zVXuVg!_QYz3m1i9ay9n!XefA5snWZzw7OU-(` z_`s(7qEyEOqj4svNyi^~<^PD2dSpy70*~lP?YU-;i~wsCl_!6mzlyssvKkQuQw>p; zb|W;hglSO>u)wX>60ea9X0@YeySJJKLsJ zd62?es$#G;2!z>P8T7NQLK4eJdg`!)*mzhhcx-~Kp~N(K3NgIj@-c)$PZ|t-0|q*d zQAH(Vd(&4-oJ5G8AP%4^rb9b$wOp%aH6QiTGiuN0QI*T85Mfyr_$uF0<$fX6in1|; z;Usi7-PE~vRSM!V_Jt*W0M5_#iAeR)$GtW1?FfTQ`bsfNf+}#VLrT4CD!MBFmYZIu zhps5{)z!zjIw|h;^>3O^{Wb`6c+oVsG}zDuZj8!KcJ|HR435Uj4?FDET^4W9|0HE~ zaDdq&K(UHL3yDLN;X(p1snGA<0Y;%jG37kyjHMOD8FKVzQA!=POFS)x4hx}r7#x_a z#xv+g{5!}PWZ#jxXA2L=Oe)e#aU?6EswgEWZEU{SG{gC-kPm?hpdi1EIDGm7hbJV( zs1fLdWC$enW;q=$o1BnQ4wDCJJT}v?!XMgyE;1Y8euy>NR4jwHq zX$GuZCKZAB`?|oG*DH)u@)iKIzP+P25~gI8QqopKqJyV^vgIJeP^c1|h@CXz5$-na z5D8c=kg&}$ql}n!DT^Z$hGHhF{jYQhWG}aIRkTe<wC!`@B}hTVccq@2x^X4xl3jB!<#aJ-cVgFRRMrTTu9F%utk{iYx!G zfcyc<+!=!wVsd~kxqUJ@;4>f6yy-Z{?BJuke76|zI}__f!&E*J|cj+NeCR{8wzruF9o8tlHLq;$07pxr9B=NkNIRB8zj&5#P>ix-2ZE1Yin`;^Rqnp z`Bw(+Pg%#K{Qnm7|13{-{*~_e%g_JX;{MNPdB)AZ6nmZo4<0`MTU(op_5Uo-wE0JI z*K(ugJatU=|HaFGYuWj)*Ve0>3;*Bec$P#Ovk5O(O9McGG((j zuL|hc9K*Fu1ooh2sB?#Ljga4`H^Bh(paw+lv?k~r(;JZi_Mm1A`jaO^exKe11JDc& z(1%0~HZ{yvpZhwl@)1BDR5hFCj;or!POn-6c~I4?J04dxeVtyl2J)b)$06Q`9MhZd z0L0@HkOtrPrK>hmM^u+DG`R{sF-)76R+IlSqN-7aXR3}2dWWi_)bZ8mLNiq%?X>cB zaPs&{(qiLl>Gf>Xwi9Unor9NV7zf0#$ANF@TLw@z(|AzwR_9lI#V`Zpv{yAM=Er05 z(?MCLKy`dQUVKgV4}6}Bg)%AGrVnMF09Id{D1qwtJjhJOaRB+uyg@FN4da>#~`~f>H;51WCQGILO*ECd1F@REZ)($>X?6 zj03K{Yv7CeodITM7z+fA2I55OLDIJ@piHK*p!`9{3-E>RSVC}_lq|@h%#*=pL5=}8 z8>l#i6K9EnN*qrL`ca5Bm>_y7w4!oDsoBPjEHu3ebMG8Z9aF_D8!o$lG1R;JJfORY zYb5LCrGYd?W8hHc$zZjAnFgy;Mu0Ulj{}R*;se?v`Bw%^`f+@5eM>xnP;WUfW~T9= z`e9~+$|U3f=CV$L8Ov3veh)#4r!3pZjoqXXcrBN~sJ9#-Gt*d5{T_@$6HUMfhs^gZ zxLn3@0OM|W>kNRWM~gq|4CWb5%>W-=XlxaDy}GPqZwQKBurG_m3LF|c&wVYc##piBp@zZQo{TO#aL^EB!nUg1G^W+^1&Qp;SEAGJg^I4;Hy8 zJE8a;mc%N1Ap91Xa_UVk1(m?&uF zS9mTFX9>3YFj;9%ALP%RQd%ZXP)Qq+71I(@T%Mp@pIeii4L6A2vnd&P!9RISOMom~5_b`;56gjDnjs&DbG6uilt2q`|NF zU8dxeulZb4;H5fZ{W=QZG~MtRZSMH>@Ej^W0;=D}DD|d;8qySw*Ao5#G>|&%4yh^l zcTPc(X83$cm?zhkd?ww_lkmw;qV1fbgqg6EvYPohl=nk{k5n@}1>9=nq{;FFSz*<1P=(Khn$i+nh7;cLZ2^38y~7t0SF+5$e2t!b@Uq zPvIpotFJIN7@r5Y3uBR|@EBea^ZN`hi6`?KUJ_5?H@qaKcn&WW3LKFuRw21o_2nTd zMnfYPvkRck5QVCs19*sS(-UD;Tzi4j2;1A@LT?hQ#%6H2s-k>sQ}hQDj&eho2Z;7T zFo2xVy#%X(K^^yQTU7q{U(Pp`2_P~~2NU2}Ur&HC$pv7Z4k|x}ncFpEcoee=v}zpz zANpeZjU?O_U)?Utn9CG4YGp!mCpr>5dT=NB20STDZE^jiP^I<$6Tr+F+AzX!{L$?h zWf?xtR1KMdPuqJr(7ARN;p>;mm|9ke6Sm~6$@Wt;JZJp<*nu_m_S1$S4H`6NJxzW~hDVpsUJadm5Ir4mjaU-nRRZ*TYDT{1*2R_4zk?lFOfv zIAJN|4t=IA1ndL-xaf7AOL`-QzcOLGhmKa}8K;{5kHp2hj^ z;{5kde*OzTYzO3kZFM5Kt*Icxp9W! zDpkr{vZi6wKf8kJXIC5p=AZU^bcJF@Kc#P>oJU`8*x%1}1Tml9KWlJ5RUxcwa3j2h zAqtybFhPPDX=guAU!UfXf~?_95UQ(Wqj&km_2{N0{Npv=+Wh^CYP{2%-shUL(F$Qb zaR+><>!fx(mr8c3Hg@8en->_*1L2X~d>V!G!(oR=zf#i6mjh=sVoY`>ZBxtta=yQ) zmS0}}PXE$BE0Z>^C(!iGtD}1wec{}#n6v&TRr6(R^5@nWN?*TuRrmUC;`z?)M)(WN zr6y8$^gUYJwa~fEt52Fi8B?I!+#AxPaho`G#k1$W!65Kw>9O~vMer~BjK2Rxj{f|r zA9|+fe`*_>>qGJXH|h)h&vQIu^*PH!3Y`@*>+m&Y-)8S4qwIV~9jlbKwrPWQG$k0aCmQ*40e|8w>!2--_`WAUuPC29 z_BTU6yaM@q6-M79{-xKv`HZ3enHyg}um4xIw!XPF;3Dle~_cYLCn67Uu==y@LKOtRr@7xv&0qXKyL_|rP_ zw=I4X+uLvO%5(P)hUfcbX&~t}k@}TZ#3zGbLlM+EBE`0%K_E{Mmbc;e${&h^&-G;K zzr3G2dQSh}Y8^fg(f|6^g8o0pGyeSdMB>8Y{C7e7zdY?T;ZsUe2ipT@No}0LLNzoENVc;hiIJsrQ zpthtFydA(QfFd!DZdwUU4I!6@Q7*A{0P6-F5*(aHFAja`oIpPVY%0KDZ5zDU2|)*r zC9(cUe9n@1XSc4QYiNf=ZpLy__iQ_Yqibj4jmK!jNXTsEqv`@lsf7d;2i#SmbB&?YCt&RPn(+Kpjxo zRi@Mx;(-E)H1=ZYw@e-8S^B3-M7aR4Ahp{gtU@G)VHRxbNVsK-_8=KVm`1)tmTbjU z*0}FV#NBY}^r2&8cmcQ<>CcdMhekGe3gzk5rDEJhBQg ztpciz;F66HYqHb`*aaDJE#<2-nJ`7^@!8HG2Sg>$$cGPiF*U=IZPjRtN~2X#G>~4< z6mv*ApM`*+ zn)|_P=<}}8@oRHhV<#<3EITLSDkLSS_?;p=|1N;v?u+t?DE;pw7|R#pU&-a~e_JU{ zS>Jyi^i4?uRs56$=gFxJEPy}k5T|Y9;mw$vai#{lsK^&-3@|dI_F|Fmk{o;{`9G`w z@x5kbqy2Y<;)emd@DwIsQ|-U1`TIYr>l?L&{^vO!Q+C9)a0Ws24jWaX`Uqs&UgL%}_N7a-nDo*p z`I8>f&TY(=SL9;?mu4%MjoJU88pcH(o~>RaUgJj748S>VL`#>mHd_v4$?n;|!VJt_ z40;^j$BEl3%kDj(ELRz~(Afla{|~Ize{_|R>vZkpLDivW$;_D_f-v|LK?=!D+$Yt! z;sdIkgfC{aa>5trkysk%l`|fU3RXS`3>~Z7fFXT(#+S(iCpQaPUym;}DH!=29iY&{ zM)|L9e-mb0aFF;W79ATG+<-ZyV-o^_&j&@wp#ZG#`-ram6Vj>EnuW$n6J|nSyqJ|RE8k?wkLSvdsB%PT>zS(`70P;!-Va5xo*9d?p`@Rn3Avcm zvp2*Do{`(yhGJz**x!a?PMcF=hM1lO0>;XibxMtZ(z6!P;WXwLb{#*OV5s;x4~Jrg zkDj&tL*b&wwP9(dM#zBC1Y|fE^t8qp@jxCxdQ?E@IWR64N8}-u=L2Xwq--`q^AI!0 z0huQ>TL)yG1NrjtnCAecB2LUqFVIw2qDt0Xa%w>xba_@h&jwkZy@fie@&k*^HI73; zlxObcP{8B|l)Ss2y^om)Cl4&90-HPlO&(Ye2T6XwN;K3ev)5sSN10=?RS@I{RIH*N z&r_=r^f*U%GBJ*qCImU2K$wPu9M92KBgXMOP{xKho)0KTTbXs4WumJ*xX`sb`x4dR zQ|9TO8L@cwnzJE_A6kxL63<*n1tB(jIVS4xco-ZcCeLM#&o4s^r>xTWtQ<*r)|nnl z8o#vG{^_3d{3njPP8m9k$YmY`&0hze`)q8CJ^!cklHB>vT5bI=Vq^ZQr$7JU=RafS zADuY7P7p@!6Vx%?|2H51xmw%USe*Yo$Fn3(1_{|N#uZ?DfLjge9(Zy}NDamr7s%W^ z^{Szhmq8y5qR_x>3H?Iit{q7WeY9{z72qJiSf;?*kcZ8o7ijP>@(H`)l$JzExloW& zpZp+>&jj!~K-|&#o!Tgt3QHrOg0*+nID^K!g#!>PzApq}chI+BA1S!qq&w&}W6Nn4 z&h;;JT-iB0GXNH>7`ETC3>>^9_V*6Xk5A9CRTloW^mW04|Gxge!q--OdtsMksD#M{lXyNdydp8|5+aeIp-|9qB5Ibq>hLA+h5pk;N(?ZxQFS^|=R?`2GIlUG2QKMwF- zPKh#Q6J-ho$R$e1IF{0%xP6os6y}fnOkV%AP0n4%l=Z)kFM0WIqqUGy>@g8WkD_!x(QSfEjbZUoikJG~8$anu_Tv5h2C$8jQfY ziG&Qw7?!p@xKkrzw8N{tV4SHUCUIY@MpX=+%G6{9tq|CA`yRWg;ipKAn7qM>3Xkh) z<8>>b32NZsaN|5Oypfx3-awn?kTJZX|<4}MGNPVFy=k;MM3HCQ?$eo|E z%4su~3iN10wROxofjJw6?`9ENHMlUV8Axi$)YGvv@d108O->h!QK>?dYMNay9%J;? z%IVmNd&@Iupn@&|*Z|8-4S8<4)rO``7BCQSs2;+vmoHUayhL&S3`A5@HbiVj(U{Rg zJv2x%m5q1@5|201wW*gfy%Uvyc3L%q7;9{&rI}807IlcWyigxwAB0OxTT^hD+Td*J z#f_^tOYu0RmNqa$kFfAaQci?Qk#f0UakZusMTszSk*k+-Zi$!OJNQ>c9T}IY2RzX5 zR}(s=Z<*;?!1P^@ZAvw`57rtIpn4Xttkf*Y;|qhUs?rl|%&tMEC7Ksb4tLJq9G|{F zla7;x!ruPL{?Xq4(eA-MCL-l5q;z$`uKx!;WBC8;z-zltm=TL0SN3&eH+*Az1Tnc@uIYQc(8wT-Z1Zmf;0>#x!!{ za%%;nH?E7k_7@mSZM22K%DQgk0^3PPQWz(%9k~<*t<|-oj=PE{!gg?vk^fL2zT-z63P{42M6CE<6 z_=vJa=mD;(Ak;Uj1EHcDf1sSL5dvSNw2)ei` zVoa1lE1@41JQxSr3?bm*I`!2xf?#4_q3L7=m&hT)dc|#*qXnit!Nd1K6hM_6Bhm?B z$W{wbBc39wbN6djYGNrkCW5=GYnN(ICy^oObMhN9PJ){*gH6SD_%pnqhrA313+Q`dVVahLNmnW z8}WYsboU*+?z}!YJUIV(RlGSkKLVHq5Rt@=IN3QpKiK_nxN|B_KAfH$pY22SdjR(6 z;ONaM)Uy8`I3Wvag*37MBfN;ScRPoNRMpN0X#FX*Z}<4*=hK6?@6N@$mGu+p@R6 za|p1`u*YU*Yau57J3M3df8~K;q4sdzI;QOZwd&fC{ny6U=3@VUj_0?65Ji;#irb=S zqCjyKzZjQ#V+I)~3wLRd7+X;o!+s$h+(m4Yp%=z71VGEq3WM;&0Bx2taQF+F*(PM{ zf@!_8!)lwIR>GjSRM-9-IYz0@i(w{sA;V6;K(pGgUC-O1GfBu8|$>frv-igPk6@A zf63KaarX)8m?r<%*6Ks@|Kk3i=XsX?T4{PgrAc?_GGP^Na3cVeKx@CEK_JRyL3-dc zA~PECl8LV?Omq>&V~h`96y;D@R>czKAAeksk3YpTX8oV;@9e$bw|dS~)G=NEKXm`^ zdUc`yd6p+*!uQH}3WYt23mJ1@eaI$MwlCf0#q)H}nDwtNf_;)Y9<2YbZEb8;7yAF_ zc&5z%lUxKpP5)n88@m5-V{!k}^E`GyvHBW=<{(H0ua-;vqaNQHn4_le>KNaH$P+~w-m>4fE#Dplt#03TD8wa~sc@MJS6`H7 zeNvN;I`AT1zv9IJRhj|z`eA?`YT|+v6h#imc#?S;4h2~D&hM{883(6cw4BBee zf)PG(3Gcj;RE148ozRW>$}WyCC$g}F4tK_w5GNS8T@Hp(2_A$<11lAlT>@mQOlYX= z_9yg&QkKpgFX;}NI7OA6z=_;@!0#xy?^a|hDmaW@QgPjCt=4uNyZT~tV|}ajVr#S6 za@*~#m+j3p2Pl_QeerUw`LY0I)JQheb$a5}P@MTQ&a%Dzq0erRuoNb)z5n{J$x9Dy z$=0k|b*80PC=`_FHa!383*nKx6bWyjaJiwczT;b?&~i|AZ&aWE?17R0L!PPjA5U-* zz%==gSla@ol^3VffC1j_=)d{nDx^wOuESZ2T32m_R9!>o#MDLw{36C6nRAlu{uZ zM?2q|Omw!#G>2;X>h?mhu53RWD^@lwM0ot7E$UKX3oJxw)}8|9h54x^fj2oP3SUj(q9ymNzg*5`*(WAum7j<{l{n8`d_ct^7MbRy1rQd&++740SO7D zW-aM%3ro2S)7sx=)lcE=>CVYJ*29YB_0*{uwWD^T?_OjN$GTM`*T$ib^o9M-Z{8dp9HHUK z3Pk|K#?`TLdtp#Y)L8&Kk|^LFJ8N9AkNhBVuLQ`XeO=Cbl&OPV%f>e8y|3#(aRif2UBynqCnIXh#k7L41+}u?$jBC%0wf6CR>sDR_7*v zpo1<)>>mo_knqFlp~_X)b0%c4VH~6Wpos@`ZQ^<(^2dqX8;nALoDgOr>0Hi`7mGm< z;Sm|0A1cVyfy3|?$_KIEa!P=nj_)=ANkF#0uo`kMLa=!GLF}Sqjw)8=k(T%yiz|@k zZ#`%Sttv#1!@Zpo8d$Rag%*X^gT5us(PM{ionb?r0cuupQe`vA8k_2}qkArlu{HJj zAEN(H8u^u5c7y934c_{Rg z`6!)FA@#mhUkndj^D{f=;+Zyy;)Z)}sUTf*4e&;=ky62M3znayG9#`S(y(fgv|luU zk?yKgD6qM@vIEvSn&PS`Du7BL#>?A{%LoHUD7}%*Q9!Vr&&+R!lYianSx`UANP?o}1x69J#7H?Av zq3x_AVNJ^lS?i(^?C(m^^t)-ksS@*+0YmHmNj<;#nX>*j>v{YC+U8nq;s5n4&yqUw zDd>eF1J<Gd70F?Nf`PlzmslCyN=TDUO$Xo(mB%Yezq^9 zqsgkc?RtQ}EjvJU!yqP2G=<7^BUHgb+d8feDFbbT$r^-%7|*L+04nllScMcTx-&{6gB1JFFj4N>{v$ z&P(numzBMOgBN4tOj_x-Q@M8U@%HVO+fUGdnSeG_S*x4$d<+$Z+AEt3S!q(*9tBlm zHL7Y!X0XJvYjv#LEOo;;5iJ-dm!coVv~8fa_H5(?u2^Cxk%5*%z{XW>z%mr#SM1WrT0xLo zuFlM|gswCPo{!4&;fYl17`jJ$C?a*_;wrOI4LyiPqctOH*NzpkBG#pdtoq7r>_=W0 zDFvgND8@1iSMb+gtD(7w++PN`MlQeB$0Tu%1K{=|q6V&u_=fYBk~f$x-_O=R#52%w zliBpK$U4y?lFR0X zS+rsL_zNykBA~m62NQ>maQBerT_I{gjVF&Bv~LI3gPUm{tyo13a4>o0k6-sx6)X+H zCDKlF-6#4)52>heVugn}yjyIhKezA{lTXE7;1S@v{X_apKk%d6R>*-4Hy0ymT_sVy zdn$;{eX5kiCR~{;=M^=2C)J=9&RkbqjWpD~l1Fy*&P;J8+@2Z$ImXxqnYmCn9RxhO zS8|bDQF-$;R!)wbF@1ijQAe*uwOohR;7NMc%PU*DIMI$RjbGu{$l$EZ74=emyyX&p;G^-X+Rz8gcATsQuP?tlKvmo|f*sT`Ex2L&h3SvzC zWU3(xN%B}I?9x^u(T(mXmzzEgoWwgLxqJb2Czn>=?OjO|1l()WCBS%%havF@c9n@H zlk+BQ&VbW0Lb|MqDK97Bxd@Os*%y$Id3q%bMZ)PQT{50H`YJ+Vo&e&`jc6{#Hyl?* zYb@~|tqB|#gl}Zln|Ls-3<)H;q-~i@ETlBo@<5=wTsGfUxbw%-2E*LpV1C*rHH^i5 zI4C)iQ4ZyVc)xO3P2TGCz~N5XbfFkB2yIx+w*Ypv(5D-{Vg0z`A~o{J7<|yG$96;m z8i{xjV({}nL-PNVMtAf&6n2y*BAaD&+<%|f4S|?j|UH) z|9W+OW3m39<(XmrN1GK|ao2KZJ0qHQ{!`1xf3I(@tuO4qp5293tEY;Tky0)*$jJ`+u{*A46__ z$Dk}=zwg+6lCWl7@A+ri`roML&VTD`kaMyApW~T-spAK-PTrIH zBS=9bIFR%-<}7clNEH)Ft!S*Ktw>WN)7vnDA0Xp9q&o%?o#Fy<@@>S&vQXo;E~PCs_Z2 zRBkDjKnlI&4oS%DmdHYy73c!wHYfwZJ10K|HzF+?YZw`zBo%mCXG7KjEKmMY=-^LU zpB-AW3Jf~6@S#m2b-$?BB67vryXAPrpg`K61Aqf{$j}Mht%MEa(N9QwW*Db4&>KA4 zUKLQFNmtJNGC<{^GIB_5Dz{h1fE_)rqvO~^$ha$^_j#KTogBQGOr4ys#8pHA)EtV$;lm|b$% zA@?M_(dYk(KJ>vBaS!#8?7|X}r7LZoYKk!QR4GClG+mLyd!`b<&{UAnQs{CKe#s98v)YcaK|Fb+_sg2%r_9b$e z`uW0y;|p>ErArj#cMcCGxq$aA@6`?^U}Gj!Kd;6 zn;UukAF%%m{{LB?CGu?3mp$&%Wse)iIW{r=Pkqzll6cy?9+$FrB+h%=BZZ)T+WQ`} zEqsa_AD6^TcRnsjPV@<{eOwX`z4(zD@pN}TE{P|<{c%Y=@%@kJx%;FyKrV@=x&soM z_GGs}E)~>m;Y#=!<|kyJLinXaP#17j^Tp$@bo}2#e9A>1BCm9z4f)bQms*ARZA-z zx>MgcGwnJZ^M)f@^F`BLKso=&)dxGgD*#2S@SBf})at}xNWz}iYRJoz+BSw^=YXXN zIzttU#e#Ag0x}>?!?T!*&MZ%KKFOe~>^>o~pXI^Lrvg?d zXoE(tg5_-v{e}VMc>pfbX}m10ifzaB?R(c*$rO_D4QD8|xWnh){h5XS$8q;_>VMa^ zhVFj`8Dw$)$Fn?=w{NHj8o8(yU)?STam!)L2P4Kr{5#&JrZ$gQ-8nbBXJ{&{&J`sk z)`yA}ea4jKg^FX29gCV^uLHq`moV_}8?ZI~HsTly1e1p8k=8(t?05ATS^e0is5yA8#WPg&?+8=okMhX2NwLzF-A7g3Dmq|3Ik2$nAO!+ z3@YL;QsQ4!#DD2G9=Nf0w0ycOP8?^ta|Ql7ZgbFq0hI%Zewkzy;ds%k_p0z|lf27? z#tI>nviGhSUsWCI$``%@FtR=PS^N+T`_HL}4ckI>d#Ev=ig}D(`pxXir_>@ghq4(< zSsb$)JMuU-tF+J97K%mS_f=}IWC8R?`M#=dvD6=^3BXhEm((&tXGoLOGASbMl|7i1SpMM5&CT6*D&sr$XHt=HN$QxfJ@0HCW6J@>*LePUd@3c)?t4NG5 zi&HcCl#9mjtJ@2K!JmZ@0b1muL5s_jvOCDct4Of-!cmkhyv0aRr6>#&o^|GwjRZos z61w`7#t{B&tz#TZ41va)|GtC-Dox_dQ~@!M|&W~AXvdFXU_KNV4m z88zw#I!$zV$zqo|%enjw>Cj9QFXJA>+nMIF8lxm=1CXl~h7YS4vGM*!+wNpa9s{kG z^mn%Xex0i|HII&Wd7+sf(U5thNsvH*VUb0V@q_%4n~j zu1$2jnC?q3vzzy156Kp}EWn)RMb?%K`Zxk(8?Ynh003`U;P@^RtIg(kc&*v;SgF>Y z0xN46S?b%mg{&0Ew(Ye;-g%*II$d4?nf=K87Y!#mZ;E2?8Z!X%V>F10;IYCdIlsU~ zuq@YfL8j%)mDJe^#)(@VRhY%p3#sIdtv(FI_p3_h8(YM|{FkV1ZEc}YU0vU-uB__Z z=&hkIHkV^SvbmGLUk0bpA06)> zov(_c@VyI+nzN4%7gT_ix_n3cCsytvD^_HY8YGr-d)#m`{a!fsE@-s+;i zNBVtx>9@2WpT-u=tA2;IxQr*m8eFXc2fnoeIVuK8ho2H9B!h2EL_zcPo9ormV(0&N zd>*p@HzLNchw=f_`2V%F{QkebxweS^{49^&vE?Qsw|}{5()oNT(i@OIPGjwx!Uw1F za=mO271YE?Ncx-%rQ=onryqGY*4N_qF?8<#ou2)Cc6j`@aYnFDq{mf#?G1%1{8unW z`!PfX7xZeD=V9v~ukv}g6fkZ5*N5VNtk<^|^8d3usisdJP4FtJ3^DK#MsJP18#h%0 z=zDS+22B_SPyw_lWfZn0LL`$7!8_WAbc{I-qp4q9tnDXy9<=_Mw3dShasX5J|7!mH zccZ$v|KWL_S@wTD?WGCJUgfFKF^p3g%?>C6kY>;4o0SXzMlHy|{Le$zKVG`|)ck+F zo{#^wzFDg+*8g)nW7aZGv;3Rcrlm>1&|;?iBQh>l^B??q(E1;+ape=Q{~GM}!}9-P z{Xfg24ynn;=#?l^G{6`Y{l@Lr8@$M`)H*gaj?M`M?sUn`uj4{A_}fUcQL>ZG}DsG3HpYY zUH~z>qUf;3j3qMdDiqI(zVDXLtXvul#UD z7Uq!v`O7EMv5RVL^Rgi84t+<}xC%YNfw&lSE@3Rt#phQ$W)m|U4FEtVN99=1sSq7K zm>AQM<0r~xQEs6LRc825iL)}KPx5k7;RrpF8Y%PUu%h%oc}({!)J!E%QrBKvM1OKG_jK*1E_vq*=8Zr_U*Uj-Q&IeLaXbxu2u2( zqTCbZZ~_p>IpJ&K7F1ibtJFkr{XW(>xw^uv-Gi=Cm!OBY4(x?VuU{+-TQ!dmf+=rh zQor)n&Ah567s+b62f?Z+;(T4q+8<>DI6TP)ksUp&d{8-JW{r|Kw#I8BH>eTwm#Gc` z<)DP$FebBdiM~a6ED%zBx>0%No##xa$4qQC&nz>U>7$yu zDb=@I)2oL(kFEYoQ>VrAxt|&K|2e&Xrtbgi8|!)fPi=h>|MhvEDgHlr<58pI_CyKf zim0WT@m}APkv`dX#%oKTms6K1(e^gJzjb?7kF0GPj@t&t-}!!d+bq4JjMT@u85JJp zWwfL(np1ZbwmzI5vbaex8U${Q3S=Sm#vVjIbXNwOeMmSwY7@$fvz3CJrAsRb8y+`! zN{uLFJ*+leB3~0*`XQ45L%_jDCm8z`Q)5516Ft;nB!^n1A&WV{wMJSX?^QBWag|+~ z#yyqeiL%uz=5iFtTdat+7Lm;uwpQfZo7pYbp@Es+4|yN7!r&vF1lAy{0}dR6Atrx>taM&bT+nx_(_I4A&_ZCJ3-G3iXIZ< z?T2A{ohe1YcHw%`yd zKLpwT-i^^OE|V67pV={P$Y*d@-^EHpMPYw;G;96?ke^-Fgp3*~#OXAS#(VG1_nO<= zXSgJf2kb)l)!&zKzREw6f^B8R0)9^Un&e?v6jl1KBS4#(;=}>`u;RY&CCkNs1;v$% z>ZQ4wc5PHfIpnEN$RbM?1?rLTqCW#REQ?H4|0gQPeK$Bed)HXL_?Po9>++kG%7_;I zttOQ<&>cILE;7nd&B!VZLy25e{&(YFR%KO`Fh+pomgek^kRJe4>6lS zGN#Oe$78)aQw)SP??wqBZ-cH?ZuIP=)m^SEeV=Uv!iA2ZIQD*Tr7*IEc{i>x4poJv z-!fzRNn|zwY8+HDW|;`tU06&O-We;3KSg2Ujz(#|qSfepQ7<%;uEk7i_{vR(0*-fF zyx$cE2Qu{re&Y3gj$t#&UbqKQL%#hMrUxjMgjiN=67~&a5YMCHGk?3YnVbKZ|l%*7!6YtOYirA*uZiv8_laECD<^)tGuzDJ=+WLfJ}$< z<0yDIC4Ssw8P0K81cPjNg+dXlgdY;M)JSLCC%*LBp5>X1{?8W#blUk(eJk((Ti;m3 ze|erqA}(;GF&#wzgvYD6Zqaf_2E8zTO4>s_84xf{(NKF1gn&sB60FeoTKBCma)}a_ z`}e?MA?qGG&d0Ecr{}0LnlS>{7DfOg9#UR-BLX1M^5&S7@?!K%ytf7qxB+3s79EI_ zvpzRD(^({^+?telBWXzMQH$CMT{?|-@35R5-1qPX?z9$ipj(nRW&;IAl0{Xkg6KbO zM^b24m)ujC^W(kaZ6W1F+)`mwK*o^wcw^AQ8|bF(Cm}G%T{^kQbfWx9T$FHf;@B?( z(eZ&mnFNV)rTR432!1b&+!xfIP%7VNqBrQRAf4X)E|7kK4S+Qt6oyg1A%?(~xW#^l|WUg&cGl5^^&rgN4J=ajy3F@-S}mfejOCS!&rF6q%zH0O-g{-l zVCG-H&Zj#@};?u#q*_}vHZWh{rf2tfK%oFq5FTU>uZbnKhN?o|Iauej_jVh zt>Rh3hf~4@NRh};$Vm&WA!z~l4&WJ2nUg+s$u`8X#w!fuA@g`mfmReOv;&{z8N2?~ zj`sQG|Jn%s-{#sv|Nkt{Z0ldMH%pHv0iRP!(E3YOXWEjHG>(IFd>RS~&*a-OQp1{6 zsLsgw{UPryBQa%`%gba&ta!nO{$ZZ+^q+U;=ivX=t3&jEeG&itd7dvx1Rs3NWcQOH zPI07PSZR8$g&he!L+ju7nvorO`UI%ab$yKa!?PSeh8|2={~Ps<{Q6(psxRU{J zx$8&%46_g?k?jTS&PKWP{S^62ef3q|DRaY3aFG^a;Te@83 ztd19_6+9wT zPNX~q>S#vEfj742JXd7$9V6fM2o5b=q`|Jqp=nT7krVrF~NV zu^v0uB;mD7M?0P)y=~=~YjFE_ee^~OI--PNO9JmA?1Xri9T$e?e9~Zb61fXe0i&La znq`%1(-aHY};t;&`?$jH!ee_w!m^w!7L2t zZTb#hxQcuyE=uXq9?vD`lbUbi{v$@#;zXrMksw@*o^x|*rJp21kEIR;era;U&WSV% zZ8ZQi2Uzy|<@So|A`>PnvHR@j0Z>%_bU`ishP8bXZ9Hk!L_{-lDGR|)6+SH0oX}U$ z;Vee(%jwr~{NxD8D4)$(@=G(z|Axh!PjBz2I5|HcIS|7tG&Qw_3j{6%a$ zN$pdf|8V(l%KS@TsQK!cBL8pJ*Yfv2)T$ec^PgvV%J{tA2cB7+ygd;oA6_3G>(0^b$Mz3){m%R0 z?uX62qaO!b2R|R4{P^PI@y)N^VX(7y=O1;WzaQ6HyT2CRwQmkjcB^}}!#(G8ui1N< zbU%E2*9=-Of3$!8rhD8yKX~!_m&*Fu{|sKZ&5gn97ygI)y~;-?y!mkW%WbdV{j_&; z|4paz^X5;xesUcCOP8=t< zwXG=raqIQkKllFeYo+<~F9$ofANLBsydDHM*R7Z9CmVY|@BXrTwoy4r&fWX)FrumGj-#?bnsy%)R??^#0!a@a7-qAK(Au;56KHzWMRZ)`x$*d{HU5 z(ZR>Ke|H{-t$)`2Uys7m&7WS>{^>?Pyu3U3=gqsDt*vjI_T9<*dV(ZpWjs9 z_}{!dYTw+wJFLDdoWA+{b?xB#|Fid|jcFrGqwxLAujsMwdu%5dv)RNNc#C%@ zlZyoikS!!431gh(`R#92b+^w{B}&yVuQJ z=5wdMuvcIH{K3|{&TcQabY7^WTMG*duW#2b8oOtA%V%%8rPlURV!Nxoc30Q5B{yxJ zuR3nyV(E5w{o-hEFWz8Zi%X;?Ss@We}+ud)@^7`&aZ~IN!>YQe8 zt+VZPJ8`|apEvC8!K!)KuD6fV0F{mPBkdx8rk8Hk4s&~F>o?}fMg7gux5d}{%S(;L zt!&zA9hN?oj^O{R32zU zQ$N0G9BzHcXyZcDU%jRpX)O6QZ zKiwSPm-b4lpWF{?rRw_X(doyvPmSHxqs#SDW22NPHS?>brd}$Q><=5e`TLKp(%D_1 zT3S1B4;PNAdFLW`apJ9Sy}oN-uJ2mzr_AT$yy;~2YZr$H2R9oDd&yqR7goOh~zHw-L$kujuH_TIS*ZaJ9uN#+34e#Lmb9>?Tb>6&AtbM-T z**mMUw**aB;cg8LbcJ-xkfo^=#+v+nc&kx$Lz+ zT;z{#tBL!xwzk(=T)104O@BPRz5I~RE^VLQHM)g^g--ftXCrgBu$uXpUTz%jy58%? z>UsMtyOsI4^XBu-x2krSIPz{!j(3}9o%^$+-2G?ko4at3-u-s{>3nJR^I7^^?)>$K zuHO0FJ38Op*($V78`jDG-Nt_JrtvMedEq4LA6L)TnoH-a=eHl0ve|{@t&Po%k8a-X z8I3nbH>-zsO*^_X+-`m0qFwz^TVLBWE^6KL%*DpO(Rh8ISh(F>IQ+PtX&U>;0YDp1Ijv))!COnVpXtt-M}XPTcnDxr20l zwZ5=(u)lTIyZo?v2q*pQb!VZz{`n?rw`#e)bK~sPsU222R{PCq`oJ=8onH6$+ktV{ zO4zG!3b$tMlikkV<@Q(iH8`qU*1lHSHWxota$Y*yTievGH{X0-JiWX=t-mR?udnZy zFB{pMSwHLCCYE~XMX$cSds5#t)-N~L-lVI>{@ulbao~MhZ#nLE+b!+x-WjhmpEs^G z^Zet*Vft?2{9tqOb>Z@jx1A__w7Slm~Hbh%kF53`rM zrP5mC=F_^n_WJm2ZFQ~FTg-OX^n?99!?Ewp*QW*VwzIXDSZ|+SEV-vUdyZYQjvAeh z)t&v<`A@CP^7-K=Y;QNW{qdmrS?h!^pd{cb1$LYI-Tv_#mUL7m$5c4kJj~% zpGw<>+w8Xw%h&npoqLg~-G6RoFWy`(r>{Gi+SaG~$LrO#rRM9Uoz-PKvG}=tSoIb* zvTu&htlPr*!JZ8;ded~@EZu+09W2_;o1=rX^*37Mx>7kgyt!Pi-MpzBZ@k{UeN%DQ zI*IDtw}q|DVQKrrs_~(!Eo|H$+_y8iTq!_$+TakkhwTG(HDv)`zc3R?$vAB@}V zc71Q>WOe`Uu#$sqT(mx(I?Y?dDlFCE#4R6Ix;qz*!|le$)eoh$qx8X*AmxA)5(yV-=hdE2-z9pAbaiB7xe9bdGywTivJ*F3+iS*_LA+e?e? z&6|bS=7n|tdDYr#)$Vq)M_V_adx!aUw^v!%?%9pY+Ft&{R^n5yovXdhY;Nyde)G1r zx0gO&)b`e{jjhX%)z;1H{KlDgc3j;w(%Me$xU{!gul06YAFVgNox_}Kw{8>KmepP? z?PPYA7FIuAR+}el+Z#rG@u1SnZmxe`Kk9xsUH!0q)?2*UUeqhSo5KG2;_d40_Ic~| zR;7M_ny^Z1#_g${`B3|0p55>6XrGVvyzTAty^Z_prH>n0eSN*~`qOd!B$v&5CyjdJ zG`sXMfBI?l z)6PoExwFHi&67`CZW`G8n@0PxVI(s4<~O5qzO-;-q*q&q7mF9W%NNUb>D$uAUej{y zk6nHP!M$Owt~T)AI8^S9y@b3tqW8k>v7 z?&q(whx^;#HWP=H-u|b{O|80@-a0$q(>Be#@#gwu_2TBu?&_zHwNIy;Z?eay3mb1* z%e{^2#nwfAVQss!oIWyJt2b|)#QKqS&}`PK%hvs;Z=IX1*C$ImO9#z2n~ZkuP{7VR^;a({GcY?)@gls>wx zuivgOoowdv+HP;xYu#OZzSc@-J5IX0326On5onRK!u98bSzp>+Z=Y`8S$F$ynufWY zE8H}9PA~5^8|{7Ds=r>aYl};_pK5noTbbLv`fl6F-lrEfUspe0Y&LW0#M0-+Qf^`U z-qw~s>Sw(|_qOz*(>StQ=jQ&}#+&Y1qgy>X+bfwjT77L{!#t~+>4PJ!_ImB)HdnJ7 ziPsk%AjQp%({-bMwEtoMQ|n-9?eOs8y1Bl8a<+e-U+8u6R_&znt+}4hdCR%=&PJ}Y z;4N*QU*2C{Y$dGi-OO6IwrYO7JS{Zb+~xAJZRO#P-0bcZ*1zqUH}^TaecH4NXQvCF zFOSyF&DZJmlZ#5-c2*1aa^iUH_R`L;ck_GoYvc9h$8W~@Ld`OATkXrW`}5{`!TfNu z)~5wcbMd?%?zJ{zc((t$mVRtz7T!9KFeX z$iQvdG7B5_^~Kp~y1MzgX*kBo#^F(J^=$j>@VKTgH}yoORk-}Plxy9cTy9@q+>~0& zrEiO^H+PE%tH!rgJ72o2Z+s}-)D|rJXfyBbWWK$r=$A*^NA2s{hr)d?v3GY~Sg7uu zCsx*WtnAmA7DCuH)r(kNJIF4-y7O<`WUAF37@086XNj3bn&&QY@8Dw@C-Um+%)+ zowRA=_af6wLvwW({RTF52mVWHLrHoGf?t;Ii4X7>y3}!#T<5Tsr1u7l6Aho7b~WjD zmP9kgn%#YP3d-Qg_o$G&`$~;9*^C$x40?m!ti@->U8$lnDr7gBZ2$O}RxNP($Gh}@ zFYq_-vZxSX=kzh${wLEH|6y^0|HqO@<)4+Ro^gxXF#dig);Rb+QwmKk2oxZjIZTYo^R7CM53hZA1qoz*}X%%am)gPD^udR?sITb8mEW zg*$nMzb541uSrABKM&OY%sw9d{+CS`GE0;9zj34?`!B;uJ*$t$?|&wX@!u!=|LfDR z{rBUvKckN)?0>#cnC$;J((wJK(B9AL<4Na#qW>|LG~)jEhjxENAH(SXLSOucMffF>%~Of+Q~Fl}A+%(WuD0M{^*&y1gQd6eQFn zR`t5==zX6PUyk`-UlSX5di5AhDh{FCJlSJ7t=K4@p_0CBN9zV{RM`AHnY!M2@E13f z%`c@#XokYVH0^FEB=m#TRtCjPkE?aWJz1}4W>@RE2@Eo{qGWHObZJExU>IB>T?VMq9^d08=q=Je7oux~VnXS<5byh>?O?B^ig9vXsZpVL>=ex-%QprjMw) zJ&T8OE;08f`}t=gff(nzaKk?9mR+X`832zSRIZbq3;b3FJgW|vxAD7|^M73$k^c*Y z6Mk$T!_I#u9hLv(3fYPOpRuI42-@>)VX9Z|6m4=bS$2ww4JcG8qx%N0=%yzp?tgcB z{Q37DL;6!1cK#Rp{C~lp6Z!vGlCZK>PJcR;PG#UWmiAfSeQCbeYwO~Eua&(&{qNkK zhb+U%rs+GQ2$B>uh@qhs-psPF?=6zN^OUj8KNCL_32HnJ$^1!KLAAItYFikw1#QE` zNXe%z4F~>Eris)I6s6&zaiQtj%+jm6>uL^nJ>=Rg^m3`Wwv|v@gt^BKqBvv)e)m?# zrV-CSk8=rZU)0=q6m&4`{P)NIDx{Yt{Qp>zG_xPL!7P(XN3a1MRjt-CtTH~`aa6#O z1GYjxB~E~*8@h+5mrnWgikd`u7W%l7kf)7jsvQ->4gT)M`!7f%z5l7wzvkon7)t*a zqVnHdKAWGM|8b=0Ke)$}CY#rJv^OSQb9fz>;<^S>u+imQ?61H0XZWOo4_?R^wtRAQ z{~@XG{0H8=U(5yYkn^7_^xglNYB@jE!-UqJt5#m^#($12q*UNNq1cQ!6WLj6{dW~A#CleGpp08 z03I37KpIAk#<7Td_mo8tVKPVU95HKT1^B0@&;F?+P^XT)i+32*JiRq)Iz=so!o(3> z1(^H_i+0)=@ps+S~e}z6^V+JJND$24u8jI=;EaUAZ3NB9-h z07SUU<3M(yIXVw6gp)IStkR=K{8*ceyQ_?w7cYZ<`Ht5RZRAtgSllWM4BvuYs|*vHJU!Z#$3*%ZlP-FaGNdkguwz&9{aTVfZR0BTRQLB9cI_1O z9riPKe7vhpc%-KLBEkfX?_$JffICfS>((!C!V=5On7>&qWsRy&4SW5=H6b=1%2>c(hn6eP7IKYhapg2{4XuHMy<#cTI?_jskuvl|| zQ4DtK0_vDLT4JZLgK1)GZjmRU*s@|cydmt!hHdeCL0wx@@?VzTR#DK zZ?9g*v0@6HXg4~$F|1nIt}p1{I+|Jb>;*?}=y%AG!^B%y0!G@R$5q+?smnuhERYCg z0eC}oVkeNZhO=GR#BBcOzG2cI{tU?Cza}j_v58rVzJ$vnJ_B^+f;Bm@+w;4q<&En> zqAgmS5{2-P?XFQE4~qR9?3vfp(1EQr<1x)dRfrzb?~sw5MTw$*r?uK9?h~~ktkvgz z>0T9~aE?}^Ccwc5y9(s72+WA7(F3wx69I-?w!q$Np`nVOxGmDdFaM(M;FTDLdqo4d zk^xKZt|WZN_ug^!vSFb*Y&lp5K7~5#HhZWo;%asMo!XgAQa~k4g6OVHu$!WPm-SoC zgvGqV6SQx4S!n*D(#g=hye+CC(6xhPd^*q(i{Y>FMA_u`I&@vS`(#p@c-3qHjYRxmvF3g=#Xm11IGe_JRiB6%=Q2e#fc zdn8I0n1R&+Tskn)6f41Sj5^kuaZq}DgKaA39#1F_=;c7C=;nZ&v^N~hbLZ!A6<~4| ztpXj?j2glkO^yf4#-#zc;0O^O04G_JWp=MGOIYoK->S_)8bz%!BQtmyB%kHtO8eJ(az9)rl zl$k4e6ZllEQ$cV5&~f}m0L)>VeElp;Ie~iFsF$l8)H(hN-}Lm#gBw%_1V(rocgm%!y6V_) z{R=`iAZqvy`X~Aweupz>*d0LE6&nDm38+lGe?|7&eaE)p&=Y#aj)<13*;TiQtpM?Y ze=^@d3VsCy9kmo(4XLKrGO^CFiI>fQS~b0jBw&19KBHX&E=U;ae^`lhxabtWdc}Vf zU%g@IUMV*|*m>^w)dQ!(Vf}xF6gRYhY~0BtNIecHQg3bdwn55!UeP3a%m1 zWsP+#dMkvLD766v>P+M$C2`E)n6p_d@b{F+`+I8c&%Z4MxR%zVXdwQ%riUy24pB0m zTs+QP;12ujHK`xb2#n-Xv|v{}jc&gxOhHn4a#1wzZ$V?=^1|wNyWNyVV!7%$d1~E_E1P`Yc z)s>P%LtLX2pqCO@rP49mIsSW!t(J~=j+1{|=Q}6c2d5|OymWL_+CSOZIA#Y&Z0%rw zedlE7U>|;MveNz~`?#~e4kyzffbpbv-ly3bcu*rL9---2tX$ zH9CN9fjodyV-fWb7^C6o`y1$+mci`+-Tpa2C!Eu3VKgE5zwRK9rvP9yyR5_CCKigo zrQjHOyO=Kk4EBd-`8N(^B0Kw2u%~zx=vEbQODF?Sm)(L3t;WY5%5yu72HF=zzvDv+ zi~zSa^qr&5=vPO_OEmg5cy0@Qrng(<*`kBQD2(!3;^(j8{|C!|jy6i`dmGPw{P{n_ z{l70R^}YXOGwF%^XB=s;)FqMlhsj(L{{WFoB9Zu|@)mr>e~z?;v;b6DOCs@*q$TlK zK}+I!a+bshVwS{EDNAAmAxq+EGM2=1MJ$O&NLUgh3s@4*m#-wAC0BepEieA3DnF6m<#mzZ!jlBuCnPz6 zi|c>A+$52hNKJm5)P$2JQJG01@qCF%BJp^6N#g0^5;_!pvXVpqLO{L0;t`S(EIgW= zByn|hm3WGjL<&i!=Kf4PS45H+Q9{B4C5|p1NhDrCI+A#TaD>Z7q-Z4ZQj(Fx3kXIM z56eaVY5I1f=>MR~H6oU$8UhWo|H&*ZMeYC6`3e6&mL!6JZs{$&VSF-$;(t&5wL;Xz z)LhC1fOhL}M#`1myICqNFcy^*QN%Znj^Vgb7+4W?l$d4z`h~yo_#B%ZjcZoi6k^#a)>+8XS~{TCUqxt~56H>H(5;0S^{zi>sa{M@9^q=Lhmthx9*eL7c|F-B&B{|C!k@|8M5& z>$#Z)G|m^hP?jsX!v1dtFaH1=3|pU+Uv-7`p@V4qp%CZMqlz0X8=L#WgpEEdgH)FPD>Q;s!uQS&i-aalfC^?F zgjGCUuq7B1obxM^3n&)1HujDWH`Y?JD~<&H2;Whz@}EWo{fpBu{eJ|6=l1ag{qMy> zW}^Q+jx=ol@x=cQ|NoQt-{VOm?Z1Ch;;+YZfy4CwGnwf7Z$2~e|2UrH-_c&HT{D~+ z<7UVi46RwRpS&8mUomBg0X*IHo<0hy{nW1O z9ef0Mdgr44Q@gj2lQN&)y{P}x?wh@eW7MABy{P~6*$ZoP6lOeU5!7a$I+&_yqgeGB zr$ID810X)c=X3;8YZ-Us@=7<&vfc5Jp)stg*{SJ_3$pgGK(Tm?B@Q}XfJ}dz3B3wRWs~xLm>P`y9Qe_@WQMYboCye>S{9|^iLS=o2 z3-j|0-ZU_?L%Uad{yD|_#?|rH2w%|g`5c#MR&yHelgCG1#JDmKcR(>;l_MOAGJmr9 zO?(xC3OI(JQ!$$l{Tq&Lp`5Y^H^$8B>Ha#*3z$%x-wa#%i#=*N*w2{dFg!NpHtmjy z5BfAMOYhFRUeCm*#%c%d#aoid1Ta4(R|POJx++--)^lp!j+EtHwmY6HilUg??BVZyB!jR!{6k06S^s1>jfqq3&94O487jX$ZcR&n! zv!TJyrC>;9&t@&nt2SpBa!bqkg}Lz9yC~jNp#w(2^UwS1x?;6r z5&xaUe?59-x$rT5I>A&DC=SG-6_pOD?%%J(+64w|UtAr!v4qU%4mQeRy}!RQq2(f8 zi2t7DUVAKiV|ZT8_jPRBww*M#?Z$Rv+qTUnjg!W<(YUc2JB@Llx6kkYew>5r+B0X* z+H37uM^*jdd29HamIImnwXE#+YI62q4;KHU)-592OjyJGndVY=gRL>RjoS+nJNu!mY)49w#F%N1S!8GC7OIFu$5J(aiI~G^u&& zIiKaq(eq|~i9J}agJPlhqO%E13q1+WTHG9(EEfn5RV=s_mGj418{yuuXQ}%0MGbj6h8Fc*N4-G)F(0rQb+*tca%BdvzlMCwn1)b-zL&pHO~AIgT9O6SgbD%XWsvSo)s zMRGyz|7*W3-2eeDr2u!P#fFy22c0NI!BC?^JTBa;NMRX)N^w z3=dEU9M`#nIdC~0pIn#qjPl#MZ_zJCfyTgsmv__HLixP1#FJnllM_?^swkTz0Ca|b z;SzxK1#mtty94fXW~e~Bx)}L-zNFvQ3rVuot8~GzBjvE$W#e_Bg&>NxG+8o~EIX;t z=6LgFEi^hc^$>96e)%*A@Z^0K_3H{}q~KSM3pr^Uz7@(@rXkHD760sEDv@}GnVYLX zxMy_!@mJ_-!=kyzKeg9VK1iu-L9*Lq;WE|6lfIQnp+&aoOVZt}`!pu1OQ|=DdZir! z1ug09ehT)>-eQVkydwH8nNV732vH&l!w`^f$3UDDUhem|eiN&XRZ4g+&9>@vz*wcb z>dwh2)N_O8Yw+;60YjO;r|$zhF%yEzI~%mc)KxlL=D_{mj@6{Tmu(p*FEIiXMWU zCNymFbE2tVbMVykbdb)(`GuQtjuc?|k*;uLxv(c`S)9dtKwMV0V)yTB)o z4nDcYy*CxJRd$>@49JBK3W2mnj7Q(j)L&$do=BT1vv6y8!M}YM-#`5(G^7H$u zRRla{H}#(JL=0mC_`DVF~*z)owYHhX<9ZBBqIx{Z(u_Jbmd@cfF`135Ksi2ZlgcJzNIaFr zO$sIDj?yks1t0K(bkDbukgHWsDY;t3*smwPn`FRloyM8PI~MG!9^i&JvkcVAb62J% zk=57<;CNv38DcX`qo)%oZYzc>H-uiNcjNz-2t-bFi@fnUaBg>R@^NnQiihGtn~52D z8`~cPy^Vo3e!&F(v0yJW)fEx{Ci#b^qi=&>qS?bC&lsUUikGAS7-ln2iG#lLel>1W z&F%pbsf9cNk2%Pm{a@`2SLsz>DWRkAXaI$i()<2$aem%?U_3?qj+7!#;PGNhS$R=} zO6cfQh7KypA6JkBU_G7(PM`qb?IHd1#ICq34MJrNm>B_i37*lv&&?(TUV%<%PlA~K z8)d`>-GNkgfbrDAHXxRK3C`s9<~ay1pRwu^1XpC zocOnlZ#HO7efO1B@dHSpO~GBGZ^~1o1IJ%ar@v$mxIuwG`(hspRjixuXPtNO5PToP z31^dg9CW~SxGV{NN}5^d50VN`Rl5$M-2&E!{(wjoe4jvw8dFjAA*L@PSqW>vA5}<) z(0|k9yGB7$v1X|FoxiWm>*Y{k>)bnQYbvMb=vlzSnqIDMW1?`>#Cgk$lYj^Rcj!y& zB$1N_R{YE9@zGzqS3y=*fA{n+f8>f-KildspF@*m=Y)Y5b2wzaKOfe6jWV}Era#&4 z{((I5UQFpb=^dT*CW= z^Q=V|{3n!MbR2j0x6@XoaYy(x<@l=LV~YU>Fy;N~U=5|PcaK6gq<%gjV-T+a8e2YK z9J?5#@Nek_WBvlBtD2@_qI<`=6baBQ>t%_Zu!wMP@}TRlDyfQdBET>-c+xT87L3vK z?|Gs#>L=r|ZGz=-%%>oBk#*qb_pGfT>T|uyq>|?#@=_pc8m9^Kv;QX*eqF+~Mu?>M(aWO)-H!7@N04fd? zssM0S-uJg?@OgLg6?l}(H{KemYJ`F~WW(2%h;&8I2Q+7Sdf>qUO9XmPyk ztlxn=>=_6Ly+5Aezl$`%OsKxG;ywa86D-Q7{{o^1QV58`phen#g~hv6{gQNYs$Rf96JNCiuGtW)&KQUao2G@FH0c6 z-*YWw7#X+w#KW&~m z`(Tw?8wqrTOU$lDvbTtst}{NWtSduI2{;)Usc^S1k4yo|_|l51H3s z)uPzS@fzVSr&J!My1}$9xgq^rX|Ks?Cd-RZ3Lk9`6!$@+JY*=)NCH5F%}1624uaw@ zfDdB}RL@viLljfTit}tM(Z2Be@EaB9AZ0{sa>!V(@H+z>j=bH_!|Hn@&LBb`?VIS3 z0$6=xw{IO&$_RopCI)H%wiKVI-rXyjNUB9~dvO~hj91j1f)3Mgdf{bHQ^Lly(fCiR zl%SAHs&~**lA;`-o^_yVQfaDyE`lVCu=LyR$Zp)losmyl7-ba0-`6t8F&eoWoOo7^ z6()yqcs`WJD(2W1pE=h01$ZgH3CfB2@M8LxA%N>mP((TCxj*LfAN>dd(tfY2sDCIo z$&X9GE;>AaoX!`Vh5%0Tb9_Mm!>5zWe@ECUg+KorSpQ>GLYWT~@4)4Akz&yYt-wAo zmWq)ETO8!!oAM6iob($50%_Aq2mJ}uLSi5R^xq)da@-W4r{jZHgHCZLXe^cHemCah zIR?}pRQ16tvi~1c{sdTQfvY$`f1;fBe)lI83y^^#K$|E6`gVqY0%V;7Dwn`mT45{D zuMEmlQhE9ZoKjDK&wY^tKLH?+HK}wdGM-kkUg%i{d3b#KXH>-rpJXYy0bKdl#a;KV zTf8*nwRgqKsltm?Y$n?06sy5~UivSnI0rR)q%GVmJlc@N`IOC(U)7fa?=H__+vS4Y zmrX_TmKxnRVvaXjNuQb3#kY%Dihst(*tL)_K|oPWZy7B zkl)(&U(&(Dc&x2K*5G?Dzw&ba@uOlvUHCI1O}hox7)i+_p83MjwF&hIo>Ap_LJ?w_ ziJOgI35Y(4$O9}BPP`EzvQ?9}_s+(p{!9V(s!_&ok`?bxO02FxRPV6x28cHAx*7P& zr1%2-q}tak__kPBA0xzqljNd+`uffO)KRcL01W);0DW)y;kmnLY1dDLR(Sw~e+K;m z7@Gl6Z^mhVfs3UP(9Ldv(VtIR;nb)k*vJClAJi00pK$zFEMuCd51xK}rZwapbZWd^ z>5vFfqKF@Q6^SIuR~X+hR$`!`HreMZKron#=Hp4SmD1fOcnzrf2q%62S$}MjZuh5N zwQ^r<*k9BtX|}X-xCy+-)=}eTHb%O%9yLtuV>Ok5)fM#RbN8ug6b_m#9W*EP37l}8 zO@4}GE;rc|bIOAt2jXtjc)(P`E$}rj8?CqSajKMFkRWl8V?O=q4QYrcFX?mEAA
8 zvJK>np1wO-xtIa$g;;I?Eq}cc57Sa(sP#TL0vWb=BYks z@IYxIXHL^KUmN9pIJQjX&t$G+DZM}8ThmC6CbkP0dHl8n^$qOdQ+#;nYfH?(xqE2p z=-S=(&V>Ty@CeRNqXS%Xj@dO<4dxnBtVAn*dovnoB=t#g#H^)Su$X4kKsQKq!?&I& zo}=(Aft}(I`zjGiBP$88*bgS_5(Z@PdJNy`yXRPQZbFTXxA&N|4f9_`maRN2r#Bgy zLYD?npns&l8|ROt+=P(7h~&*m-vMT(7=X1P{HZ{44`72p+B8{QlVnY&V* zJ)OVAyRQljHfxjUlwcE1{icpAMRLreIe=sX*kf&&uE4A>b0zfgK{J zNGj&|k&rS-#}`t3ZC5U+oK?Q#T+?i@xx_8&PM9h3%o9OYsfxcuy({J5S-*UeV0yP{ z*6NxrtYG8T(yd0mu73MLZS6r9I4l*|>fs|E+wNFGNr}?tcrha6Smv-XA*yKDrL<%^DG*nqmqv$FC{EqQ8LEg6-|En`hz-E$_=Fn>qKvdjCdZGNKDNO!9>r1(i+!n!~s1oz%7L<6nB10lbA= zr=D1=2xgk1uQ~2^wpOl!0OFGQQNLDq0+Gm~>Bw^e1(JWyhZ8+-%)ib5u=PoLgz--g zOHZYl9ouN?_0 zM?%C|s6My+)aHa-sv9Vkv>lrBYw!=>q^pk>sm?^nmsZ-S_(h?TVbO2^ZMdJQ!J>Gw zkDy+Nd5+Gfv5M%y*9dEb^_yIs$wnsw556t!yLBVu3XQAjK5>rA*BD73d#Z%+&`hHh zL)@5l(xg$qKpNB`OcDf~a4KMa{(~=>oBnUxr$R%r zWgUUvAO1-;CJUOIesj6G4FH`Q>>uS77nTPs|6;y5G0}s_x!fl@(_KeG5#J28XyqCO ze2JGFdmh8WX?_UI^ z;cc=%csIuZR;$05??peq>t^3z-b=ArQz+XF;Ezb0Et6jg(adzp|5n2R;r=!57Z7^- z_*--3!VomwvUm7ZC8J$;|In{q=rr%jshY&Ri+^^tR=mf z${jth8t2*{hVl?(6#{*T7{PzQ-xrmO|7WeD6!HL!lR?v#ZVN9WaqDs)t9Re`1?S2f z!-CV46r0^zFetOc3}^4ZdkK{|MuT>LBAlb7Bnj7)a6b?*6v{|6Ud?lc_**;g^A9ju zCXx7U?Pc5hDukAsfMj;*HbhHi=yUN3RU%bqxoZ{ip$ zy7oeUW>a=rY9pt+-jEn9FXmIM5i3np;q^Krj<6#*>G93y(2bj_8X>2`MQp#`hR`>Y ziY%K>f%$_dGl6T}>BOjhPH^!X;B;#t zQD{OHL>fz*Cz@KgO@trqBSe0AXywvlMrTGtU1dxezYZ)eifehe2}~sR^X2%wiA##o z2$eYPzci!S#0A_i053t?X!`9m+5Sewkp5L?kvS5B_>VSfC^X~r4XIN?3RQ20fRT%v zLQ>*-h!+%3x2vpxcN}zm=Wo>*h`Wzh1Vwu>N*4Qlv0>)ZhiGcp!ZtV)+_RQavww-o z7Vq4((=k@V#bML!xU+h3!Vy_Y-w7JHdxq}Np&P_~vC=}q!Wojy!n4%%^xHiGai`fa zG9;S|U8qNuuRQa*Mq79YSO=7dThK??JwvY5Bg=PO&%HXFmy4>ps!D`RvIkx$H6@)| zdv^q$ihxFuQnfM(UP4}{OGHMY_ffC2*}kULlIs(7;^~*Cc@KPBr&}sm!+cj`pHJ); z#;t?cuHGBVXl|j}Z_<9%@q?(HvzV}ThTSRR?I+C|IwkjxN zb5aL7$7rxk$TRAi@o`%2K#BUP`K%~}YqKx2n9F~8QvS>s3a!N}jRy&Ej~D&`ICEiM z4v&Hq6xL%toS4pD-vR$O)`GJnKzIQlQ9<~^17`u}Y)_&&ZBcTby*fgiR3P7y0V4>&Y7-8 zP(zrIIBcngV*(*yYUSSw#V8f+CeTpuk9PM)FhSmcC?EXSK>AQ3Ip>I56tzRtl)W2Dwgh!cRLT|b zv$G~r5pAqoR|Ti?4*fC?JJ=564zJ7x@@EFe>hjiguctERk8Fd@NN#~fy9s*L)Yg-= zxnzlq?AU#9k=FMM*|8Uz@4+@yw9K;S%_1ZQ-RV}3I}4(FtEf0M4__c}(>@g! zNJQwk6yQR&Tv>_Y->QC_u|xUvn9Pg5WTrOKIoCBJJgGUVnKDqb3#F51Bnxp!Fu=bo ztMWXNYnZ&mG1Zact^fU=%o+?t<%SCzfpqBp(1J+EQjJXhyMWXUEUnvo%qjYc14*<> zWisuSWcxy}swP@8QGRsy%`r2piqesuT~S#rv-R@bFrEJKnVLGs|0%DoJ5%z}oHKY>E_pF#vPHD%A3^ z9RBxRtuoVydz9txm`oqKSZcY)y0rHxbq}`w3P<_Ebr<0ynxQ5)bBQ|`)dA}M^$$6E z6?x!a=~P}Qk{AilT2Mm!TGc*p1 z#IR@`+xT}qeN-E?t2J8ho+l2k2%iqpnjxw-r__x9z&yAa79_C74j7cAYcLi>pGpkN zltuUGD)HA^k~_VB>P|n1Da`0_WxSpE^ELM44MH6Ijq~X2Ci~MZ_FWj6mZErrxL%AB zccS#Du{-lSn?as}lDDu#ihi+qK=UDl)0&_Iw}^wP+^LV zv_xMsufuJA_ZC+|FqEuPr--8p06gCcPHbvTH@PKfFHiEwP2e!Tq;rg~`a|5y6km=1 zB-s+H7Tya2QK~9drtCE@X5Xu+kw08OE6Yo>yihNnt^W8e5fx24%!N;P3iKoCf za%1%lHR>j&(h_T9^nItDygFjkN+@t2J7H5)!#s3;Jk1CSKxKyyYWcvu4eDb{0TL;D z_dp^!z?>Dr!Y3=%|F~>e{@_?|O@xDa^6ZV@*R(E@_DU}DoEY1p*G&v7@Y3x08xzf3 zk(aUTDyWr7{Q8C~wNXCOzkdxPr}M}p<`5WCy@_GJ&B*znbF;k>`pqH!#8_$AxGMB_ zMXAI}olsw5sm{$dSdB27hucAlylJ2K@KMXK$$DU^uTL66bh*x}dkM-689-OuaF}#y z*{S{0a;C(+w-i61{AK0a)2%CXo5IN$#{yA@(PrD>pf8`=aD1ZtN#YuW8ZhZ*%%NvU>+bZ~BwpSCFUMacQTqxZHjd;}~;roh}II zsv%DuD$GPCl5>;52(DD>)WHYivEZ@CVrU=rah+c=}dWj9~ImppGSBJKc- zxR#{Ex3`}~U#EVQeFS;3bEf?F4+3q)*BA(Q>^KLVu&c+l%(Abd*u`T<`f0)`l<(=L z0C$!sfOu7C&XqfG4;|F(z~9V=3h2qZ7Sx${UweR`(5xqFjq20)NtrE7V7cGf)1lGM2%pNmfvF*rPzF?x!wxo*|GPwnf?rm@M>n=TR z7y4DpJcEQ_RorEyY-YL3CZd#^=vCW6ZA)>WT<$nFBSPD*QEp3D*O2K8|M$#vh(?3l z(F*x-hZFDrZ%BO6>vwAkaP}Sgr640y{+U*gVD9NW@*Cx8)l1nEtN>dE_pfu8t16Mg6XAY#3?7ycEN(3(VA(-N;81_jxRH0Z!)AifVzD zxyVW+z-C^he5p7gIpr>O2xa7IJ`ah32hXwi$7NQSXULn$x6Q_$iC_bk_VLyb{&^YE z&}0TtG)pXk0abfZ@+c)g?JtGcnqQ>op-Xi}NU5Fg%F0XIsLq5e7U@MhIb3yiPs42y zU|l_;!*G6$4!RXY&0}pQt3)&)#gV=H$j(WM2n$ z`Lp`W@b3_S^J~I%gviVO>IM_-SmH|~wi%;J)v`;uNA_YHBKiaFjo0xTYYQ6zY<g zL6;^pA7Mt2otZzq(AfV))MQhHZ=DVyi7j{9GEqxVO_-L9D(hmrJHBN<6^r5yr<*)O zkwUoSn=j%8m?c$sl_mQ9eTet8)91FI|AgfV8bjd%;)je|YG)0ie+)q{LAwkFqd10s z>T#(?B?-y}3NE@!tvL3)L}7Fl;TqK9)T+ZS2^&uFD4x}82}i3RWEXlv4)=!WE?e<- zq!`oPYN@MzP!JRYKvb~mrhF&V9)*%^gFcIv+k80&0H_;hPkMw}= zy{q;YcVEc81WSnezPC2rC*n_?2>&|#tBLviGNy%o8O#Im)4?B{`1j73xdF=S9>K(F zB?}mj7t0gRTJ2KR!`|Zb9{Y1kcPGU_EMp4FPBB<2^O_!Vm{=s&H*8$1jt;45wzNN+ z(Ev6RNzNH<=TjzQAl)=&U-)l{OavTJ|Fa@?%ka>*JsVxVy2g2s1i3G6G)}Cyl`rXx z7(Eswwrctu%c2pKXmWvu5!;8EOQZPI-T83jr4Wuov>MWmKxn2p8Qj!U14ViOShn~M zrSlCu)_9VVllWW6Zx}eb9 zb2s7kmV6bA#~X;(8~hc*Z8r_i&AJV4q_-8lNv>RxI6G&c{K(n&QKSTFphNwfAN&jiao-Ux)QHGJ8t;I$oBDZL{z`y%zqL z6t+>1_-bM#CSjQ7&K**S#vZ%QdDYuti57A8WTn2^pJ=mLe*~#q1HpGaZP%Z z4O!*tKET`6rU7q1FElN9PU^HdR`$rEh_MDdu`7Be5ps!7mk{a)<${dM9^oDSahxHT zY0!mD2VVRLOy7en|L*}Iajdv3dQ31@)H=e#tzh;gN&`fZ;M_32 zM?}UxozonukNDFztlg*<{n$|T@qTv=`)=7yJV9E;OMk7da$EZCU#@@GG*boe#OW*Cf?`^3dAxmKyC{`JDxX%y`OR-n3ulTaqKc2yx zpLb82p`9e#9!5tgIl%=Y2SOW}!2Ot0zMH+^L3W>k)D(s{k$pIr{&{wNn?xl1>&Xe2 zOAhJ>`R{wUupQ&wJwF<@UuBCZXkfnzbkpLJGM{;b=WD=CA_*>yRy z)a#WG!g&|25=3OMd^Wtc3yC_W!2(;B!^$9K{}f!4_{c@=y?ht7(qC5X{L+WmGW5y# zum?d-p-s!@92j=Op6u>R`YQ(SY#cL_*B8}!J>BG{AFlkVK_kWNyd2L!ukV`bR^&

tVp=CX{j$&KdWmLASB3@Y5Fq_v1K|2n(!w63owI0sii5 zXHqQ#90d*?tO=T&k%&{vQLDdyCkPosb$)4pt?Dn-$$5O?R zAh^@gf3GPy9+_{X_W+0No)k`Y%M;Zq>t+hc_K7OFGBpiilkX7IdEgMBMJAU$lQDTX zr5oA1{V5k1wb^x8ob|jcd9?@hT)y{XB(N`!A3lmKfS*bNZbWCRmqEJF7SW&+GjhyF zAYw4=M}6&tz&FCB#J^P_HBUQqH23>V8O`;(pN2ZjbsX$j!s)oc(Bl90Z45Dg|-ltD)l7R4%9#$C~>#ov;%LiP-r8K7pL5JX-<6m)jBWP#-evIG)GmTl zEhMb)D5s)RN6$T}z6K$p%7q@ejxdkhmWcEu|5V4T;j!6sVHV_i5I%E-Gf7vjW{*42 zG{={3`e3O>W8(#@h3cp6El!v*x`(wu5R{gHGfR4Ob8(~d2s8Wq@|lOud6n%Oz{q~; z9-hT|ogUv8e0Te(qCe1QJI-Rv#1L($7&5c!q48`+jMsw(al&%lm~uzcWn2|&@SB|@Ex#ow@N<2SjJV6JOj`vA>D zE_SNE0|p`OvU!b~71@4C)w(0QB{qA@MRv0R{-3c%GER={FWidP)!2up`Ob|HiZ|xa zOym%2&(Alj;PGXT;%be3{s9mO%1F+2tL^R~rqrvMG|+D2Z4$1A#~0|U!6RUO%1i`I ztY4C`eMcVBPw2cJxvcv(4+7*9C`X^})bO;qu1L~he)NP2(E4NERs=An>5WqUzF zqlEl8v=!#c&xp?<$R$o#YA{yd=oVKo4jG$op`wP_R%QQ_h)RZDU*BH|AuQ1q6Kpvj zMJBkc_^3sP@T(HB1kBw5Em_PwS|m=sc6+bETYQT52imi{2tf|YEMuR9hp*m`NP;-V z%kFa&hU>lNN)%a9VzjaNv8;f(B;9rO=uBs~&D_oJbRxU!Ni@k1BD#O4XLZE!$WJtH z60{W>@Y(LOY!n?&5qYrV&aoy`@h28y8c&ZC!AzXB(uczkhJAuSwOvT)mIo6L{;Qi< zS763LD_tVGmnWKa5@r&p8OGuPQXfgstmBbd?bdf{+{-ARqEL0&p=BQr`Z70URybi9 zxp*lX9~UaWiw@g)9=*aRQOoIh7=5!9N|}@QXC+lBP$U~7upr;4VAX~l-${qwc zM6y=DMLu3ZBBJ1gI7m^3sIy#qXWB<7u|Kd2_o|wQOSPF!BqRsA&a#0zaJ_u5Xkj7= zT{U)`@I@s@M;)(9gjS|x26xE@zO9FHV_T08JoxHvCy5iPKQLmq22y#r!oCVW`mkc_ zjQkkT#3Xl}43B;J2HTlFP?rit(DYB33GBbcYQJE)7v(kFg(%z$Rt}3$Nxai1tae1$ zkwy>&E<^Ru^+Feqh~M4m(=zLTAr9jjLDR4f>cS+F)!%f6?_Nb_Q{1A?SRcu{i*j*Z zw9qT4-;xJE5{3x1)WE1kMJ{HkV5EcrceU`qXCLg{pL$xn zj#}GJ<(+HvHD0wRs!0wPV|K8vQYT+!cx;G_G1qlf-E-QJgI zW3Gq?K-m{B-U<8LR)AT$MSq;q1vXuz{>X&kj|9wPn4N3F0A28a*Um4PQE6UlBGWsl$7Em zoqLEAOn`rb-G-#r!Bpny*u%9oYC`ho#cdUeg;^|)p@GTrPLG`#Cg2$41rO;rkdwM% zt#0Bd83KJhTb&Q8e8-*$i&_l2rBno%S&o`8-<*hS#Q~+$e)vybl(!q*Afnf2WAR^| z5DGewxsmkhZwLF!)=|*2&2_ zDDImR(YNo7NSja_7R@cqL7}5l&Dhw8a9aY0xzUOM~!x!}t&AKZ2e}gAH^xRaMpraj?ja{xE*C8>>a0Mb+K;AM zS{a?K0QMKU)Rn;ZVh7QaUSx>1rKsdU1SD7d$892;o>*yki{2xF>hh4%C%l~rozqO0 zYX)ciiju|OJvDxd%{FVm^Oy5uwHM5@C?o>skRhr7;Z#N|{P90{71Hv532+!7)$?&j zL^N5-+K@D0bEUbyGHoV;XB%)X*jw;S#wH}A!QXfjd5H#%;$cN@MtfYn;iZh+z^uvn zEqJ>3ulhJLv_$u0LVLi3ubf z%Ca^Ce~yisdtNR~;6QT~?|=GlcmH!$%DrizXxxJWDeh6bDL`q{gwkD@R+^g_A%DLh z;PQs_5Q@tRqc6(6nD8<`sqq>VFYOxb&Xe|O50#arD7$0O@WZoKr4@tm-Ig|oRK^zj zC-!3A{))XU4vmeU@Vp|;|NqCzqL;UG;w|w=hRKA2l`7DrKQQ`6Sk*Tg>1gP+(73-` zRHRo8lk8l;%P}h1R0R3?=DZu{9-Rtqr4zTokkSB*OqTB-A}6$<{;|}98=&tqe;yo@ z-$Wd?hmCmPqV{id8+nqRV!&c60ycu)!oL>{zXvq|{ldL7AjA--8+wp&)}lgZB~YX&TvRmwkKWxq6m87` z5KSt!CgQhBaDB#>@%OSI?{ix$N`_hGW=wb9Fn%cUaR@Oq;tW3KSud(GcArSwQAizz zK*sW7sA}EcYs=eM1G$zh0+sy}+uO>$QAr$;)M@NYRdRMCPMHE90TJ&d5(_#Q(w_{? zI-ezMpK|^EdEKS2>?*uUIx$amEy2Mfj2|%w-QG;zy52Rk86D0(j~1chQ(@Oc$Z>8( zTwt4nzR=UfJ%Vq{Fh{A1+4&uE^{u8C${Br!tPBP>*;b)Z*N*Mq#>mN~%1IJ1`i~sL!P+iEOYQvjVlntg4wpjm4lVL}C3B{M9ki-3|2YNx3FkQ&yJ+ z)eGxSqbKNQd=YU*ZD6I!mna_Cpke!rR(&)@c9R8`DU(te-CYcxpbL8Ygsxi|+H(F- zeq1mLAP(qbDK6}jG=>L;TS`X2eX)Uvbf#mBk}2M`Jzbb?AYY|}wk9^`iB4c`%Bf&4 ztH+HsTzIZvdO6QH6|G)Q-uU)nzSqdm^#?0Y&-3$z``$|%OJV3YR+W;G-8d%~oL+^g}< z=9TKM@e5Ud6Gg$JgAMbyPS>)X=i($&QeGFp_F<(|?6V5rx~0rB(gN+(ihdfJH(MyrZmBiAk>Q-Q|&>~zGh z)OPYBl8Iz%^VlIWw+MM*O1ogW5W=Z>V*1l0 zyEwf=i8e82mT2Z}Pqrh;l+V@ad z@ov!17usiJXD&p?ey}QgdSeb{R@Tr(01q1fL`Q&RoV_1^1LG^X#rT~o%UqCFrGKs zn0JE1(%d@0sg75MBU|2Osl@Yx7%4vLHH!3j-K68e9{Tf>d zbiNqh&Q}Nx#J*fLN{EJ(7*f>v*;ycFh{j5yYr?T`{NAho3%f8Ds-C7{bZ09$EDl!m z335XbLTP=-EU>VtDEzZ2@Eo?^&bqkOyE+sNmHtS3^dcOy^V~{&{TI=Y%s9;9PK+yV z7}Z*`W*n2E1O^r>=E6*LVIbf%WrwGg;m61n9(wqTPa?LsPDv#?7m4l}_Haf5^8ER4)F*r;YsrfboToHJ_`#C)%QUVQ! z#hjxv4NhXFvE!S7D~gCl2qw7JGs&y1WyYu8AO-9!q;zp<;1SqPvf2v;?e^jZ+$1m9 zfXEth?tzpi_}TzdK&-zAE4m%b6bIku?PnzL%E@L%2)7!GzriISn%JFS72(}A=>}2C z;1fbq_6M`x*xf*S+o?W68&h<@I8JwHJv250&vbw%Zs&MDk=i}`Be8#MU=sK14Wkc+ zgfU)|tqqQvq*8y}5L)AbOT-^IEVQ)IaK!iyieL%w?mPbd5lsQa9+MX7I+| zomBl9lHh+%`~{QEqMWljyBgWQKSc;88^=giR%$v=c})?9+DzW6fBhn5=r%(#B@USz zHWSRn;d4wGY(MDH8mUY{+5d&2JDKSq^Nf2l_immJzt094>k&e*Yq3HL;mp!9k?GF! zxznkZ7Kxyn;46jO2Gt}XvSR#BcOmhPXKCt`H|;G^*R0iKPHT`sNWm>W8Wr>(jF^*< zz&S=Dwm+rBWmMQPZ9CF%U*3<8tEn{R$2B8n3Fyg)*zU1YL#~N(G!~?n4ENXN^+U}x zsmd0%#ebYj$3Y~5e<3zM`J;go%Ssp@5;lXg7gE(uKDcJAA@ZZYh9c6-0bwCuB_YB! z4DH9-)*QWPqsG5G2S*aa;UwzPRJ!r3TP|~}Z~@`WBdNq;0tso!#gtBB3g9hBc;L95 zk}$=JBK#=S7a{u((}nMb$*2Yey6{uMkB9dK!fzaj48EsRF%9S@J0(zA!E#I7;+x~T zF6Tn9BSop+r;r97`$TmYkiymmF9LASyEpyNbaB*QG+g4@5X@%i<)NXe^Dr_zQP+YS z_d;V{GqlbiOEX0v6U8!eqH*MoS70s9Td6%;Za9LnCE;`uvj*dAEc_t?4zpNfOoQ*b zU9Uy#oLOY2Dl|dXFxog_a$rBsgfTnI^dcaque481uUxe*qK+Wq8PJ5LQHIw_U;kWy8?zUdZwN5A=dD}r?C-ppTQ zMI22!97=sHbX}-8w>;T7@m*>o?<+pixzjV=GgYjRbUQn6DR~Hc@P$6YQ*z@-Ew+Xg zEC#?o)luA}Zr2>Kmq#<>Pxz#U zz&+c`3o7*FJ@zJl#2Y_;EACJfVv?^vr3*iB?YiALJPJoC3k~M?AC~1Hu!EF6^Vt+5 z{4lGGsHtK6p^-8~3-H)KHq!W~NZ)_@d{B%`U>nVAS6&?|N6?Yo5!J$clA}Pvq4+xC zU_fL|lXc}DEyNK>wXS^sD4Mn-M%N+1wfOYT!hx2+y|1md9_xR9mHd-+>vy6P*gI_? z+RnCnJ5=TLwUk@fP0De${G!>JAKML!q?(7=5p$j#cLI{i!PhZwAmTz zSf9!eLzZhUEODZs>EaXeO>AR}f*RAu+vLck_~UNduJY*{pexoY>Uz zN2EVFi$`6~07K_FTFJZMGo3w4qgXC&(6u@yDB8v?+%rrNQOxf9|?J zrbt^kDzFYt+DLF;Tfd+?X7`2)8&xHd6I{EcHs{DQzK~Fm(u}085o=U(-R=$jd1V-~ zj?03lD`_dOanc4+3|6X7K}6qXntEZY!W30esZ_Q2Bpxm?z#+TeN7wy;B?{FaCe@gi z$yTs}eA$?AtmZ&JkiL_eL{m91n1(!2v>(=?(ruzLmh$yMghFddpN*>Ke-@>X4nMp6 zt47LdO#k&>ErM}f^yrHQ57MQz#gEYndB z=vMKd;3_obre>I)k1QV3IU*Bei_SQ0gWH$|XMCHGoQ>7v&(3B2j@eE+=rLu7$_7Abi;rQtJv5QV2Go zA`{~gOOh}!j0n}xUq&S^kl5g2_kPqGkGs!xdhkaD6d6A=!r`lwUsR98wNZ<}S7gDp zF9zk6nv%=mzqp8ZujhOBd>c`zRLUv}OhwW;u)I*Nh<7Lgo~v#+`71uDyU#4#rMx?D zraxOKGFTpqYdrco8vPyq6`G{FY)HR}=anue0f1%G?~q6mItiqZ5U3ra?u5sqzP`fP z@~_lh#6Yi5CB>wt1l&PX|29myhhYgTCM5j?90O$^qWpqjhn!CYD0(+r^dAd+9S3sE z|3KaT;-mGX1D|iZ7&TNzOdZ@!f7wSAMfqtE74?brLSqlh*44nBNOfW0&fp8lBAl{m zb8_xyQGJ5sbTnz0bEymYgT~iPHTEYWmf&~HNP+%C7rLSG`i*m*EX7J5duUvPNI)Z2 zf+s+n9t68O`W6)GU;KfQ6b(ZUeo5AFv`XknkcD(*A`gUNXMz&zMGC1je$?6Ow0a#% z9S_bY`cIdZ-A%>zGmM8D`amg{vA^lj5O-Y5(WMVvZ>^5U?Hy1G!D%G^Xi01<>imUt z_CjsZJ2D`swr--p5-{il}2AvB@Gu24IL(s z_Jue}S?PGfRmS?}vQOff*Mz-@Xewf~1EWzJCiKIjFLSj(Um=hy(D;PuGigZ9sE1c! zByr&|I+K7G%;_423@gY%M-_oBbLJavnR`l7A6GB!xQS#{=$Sx#y>CxOqh@k zYVIKT+vMy&j@&jZdM>;*^seM|yS4+@sA=0bB)$`%2hB|pF($?SqA?mb(zGJ-0Po#x zk^ruvr>0QAVmnB9K*Ke(cTuQfyxJO6pn)p3lY2FB56537IEP7@c`C{UzYK? zeb5afd>Hr2>rS;*kbE4mdU7?xf}?(Mgh1l;4vGtZ_3H8WNjFB6PhVph#(wiJsj4J& z)TIqWpRT%Zy&BKFmqIu;8OD8X$KbRGwt@HwZC=G%MXow-XpAb{K3OJjyGRdBy9e5hmEC*6pJ(w7JX@CnNk~FX0xUpEW*yzne%G`|03;>L zQ!DvE1UpKkx$4sz~&;*5QeCcyhA04F;7@ti$LYv%veN@(Q;1utM=^wm+aF9ad#E2?KuRWZ2BbG9lEhxx;Kt~XvkR$FxGot1!BsIRMv z=?I)CJB=Cz+^FCTpNwK=K+#o5yX;z$x`Yqw8-um^jbqDS?AY_%;ba53j&x-s7XNb| ze~HK)!FalZe5kSIcNMK5Dt}U+5Uh0p8H-&e4EjJ2KsZ#e|Dv4tH84sjp|s}F`#7gN z&jkk)Hfc#Xl9V;6n(bCmws$K0we7KUWC^b-G1$GRA98jci|HqV$yNi9Juk45ofU#f zy1Ge-(M=gfYsrB`D95Zvl?pD$YK(Rm0BsmoE&Jhz){_^{nnAbw%fZtp-7fy?>A`dO zSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Q zd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4 zsmIax`t*zzhNUO1`9S*PjCCe01sIJDhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@I zNV@4sXX))SZUfk+^b;h@J>cr{4(w(L)Y=SD#1u%fNt28hFx5Zf)2b=^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf z*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qay5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58P(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_Et zUlilu4FpSEIZX0EYTwrTe&zLWHeE-n&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24M zf`w9(+NEu8wm%ad>5XM$c`are_DRX27Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p

    !Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBw zqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*i zWl@-?iKOL*bGY3O_EESe(B$iMZpEslq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb z{X=U!C_kIObn`ShM{kENL(QeRZXfmIu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuux zX+VY*13t08QRA*LGJ&wKzaX2GrJK0pzFDALDe1^0Ms|&C^&%%>M&xapECA*9>6))p zZrAZ2!MJU*l35>+o#v-9@D)%bGw`KZ03RbPCjC)59HKuBMQ(`QOS!rDWkF~!RnpdO z)lgu!#X(20cYnAGpwU+~KP@ul@VSM=jnE#Sx(Y$y) zxLkHTPUxKpdK^T(>1m^W_%0rgQDmHsS%F1v8&=ns9nnutw4)#fbW1?Ho{Np!m^{{A zdXL$+;|m69f>mn3N1L`@}ZxW*0pfYG~4c=W!2 zuK3*@vgwcixEVyMH?SrVtR)g2-9`^|t^RSSR9}E5K?7rLRz6f6CH>)ofjBr+r#LL! zWg=GXA!-g9&f2e0>YD-{l;_+w^nKQN6VwF}O9rhnssZ*N1>fmiE4e(%6~&J6&oT41 zgJ)s(PW)Cmocu1iT)@e=OR}t;JDAiXSxmw97YQ8)3;U&g&ItwDmB?8^|4Y!5oj(S} zHiW5)Oj|o-G7Hy(hNHPyt1C_Ml0^NRI0hwWKtWa*ejW5yt}<7|a!fhQ8MEu<9LucAy zG)WWXFV;c)!D1Hm6K)4Wg!IIDtK6~T-M$P|L2Lw!9XO3vg8jjO6yL+>lqyn_juAcC zl^cQOP)}43Rdp)z?yivDyOtqB0roQ4U~V%-VXT~Y1cgfi-nD~%_~&ueHoJ^NM6$-# z>@wmeQX{$VHmcoseWu9v;8g}j=LFf4q*6Rqib=}rz~Tex%F!~3M6?boR=1WwdHcA~ zoRn<-t=1&g$~pRM1UQR^>9S$Yr+4OGG+n`G*f4}tDeKrjVIT|q!FbvO z)b7#+V8Jbc;ZpqSXYSZb!HccC3Y&bW%ICN2Es-Ds3k1t)U2u8W6el7fRL6}J+zR7Cv#a<+q6dJ_Fc_r5e zgP5~3Q{_5UuTAAFI3{)MF{W^M=g}G4Szn_$b>CG594d!^S;x+RNyEEZg%cg?5G4n= zmLVxX35PAuIb0)=+)rWuoqdV=Npfv|M#7OwSQmHrg^Oy=VFm;)UxUC0Gykrtj8Z9G zc5k_nOQnmmYCqPT(KzD6J(aFtn1zc?7PSSMjTCc?w z*m*{wK&lugN(}mi@*Z$Lr*J%217kP04By^MT)0p-RCavpdr_fuUDLkE2k@zF`+8U| zHuztm0zJ(pIIs`8!fkw-z`VOBVLY7D{GBG8Ee>03*pFsi%5eyfx6F!8y0Ci>f;X!C z*~2s$&irR0AtB4}EFLk=9I?i^M^djAEb6HeD@j~@4#S#KI)o|k+8Rs@`<$W0PckHg z6y?mCZslZ3E!rjt9fdcZVOG3A7k(!Tjq&wGzs?MW%Yio#la<5H`&>CDDqEc~u3bo4 zSEpqjA=XVIC9-g3T$5CJCD2(elt}Q9dh6OVckoi7QrTx-xzLBOt>YXpi7G5wyKXEl zHip>B5fRS9>{K0TZpyko&5QGUA}ILn8d{+mf9|l)!kYb=(d05{TZ5~;s2u^~gAAgh zGFo3YE8c%Fv4@h0#tL2Z&#^1!RLJ4R7e`Olu{u3;4ze$Yz;wb~$%Nus^q^UAGGgZu zKpvyG$|5||I!u9UyIBX^_cw8=jQ_Txk=cr(I^8&{%(TUc>g}4RqNpWpfVGm;%NzZf zs(kHO-`bT?QYK@|M8!CkucoS|wP^9|l6wML#}Me{R3B8XXvqiFP3NsE_kES+F-s!q zZ3fX6Ej$PE$0wx&VTv>RLQ%Of^qB_@3^-+0$8nt@>e(?tlT04mat>BjzuYNvw{P@Z9 z?!n*pUmX@en&HJ(al3aB-v2SPfbD$RYpnn8hwH!?*4G5M{xm^8jAH~5A9cVm{Lh*{ zUwC#@HU|#QJuk!c0;U?{Q9IXx!zCicXmu?1&SgL-V7R419x=^l$h4EQ2np}1dgNU$VI`Q~yT=VLvs|uqg7(^G5l3gd=GrJaA?EB?f+YcvH zi@~I#c=#>nSNDoEOo02mQA`U{D7JQ|wAdPLUy-49mGNrSKIdIP22BpE$liy}L%gu8 z6IyIgY6l9ZlXQe}SlzN7%v-@aR;zN1W)i-Ox)?gu(0K#f`FI#l8ud=6zV@cId1PUz zHBc97`PlqzxGVoyt5`6sW@%sOB#h~mFjXeJX3k}9n)ss5U^+Gzxa*1Y287U*1I~`j zHDNOSy5Wya^C~{M^qjydJuH!$KVJ0{idw?(Vi{|J~l)+`6^@evaRK`>)#1 zFJcE?sjUS2Q(zLaPA7O8j(}LAZY_Zx^GVS7VMvc2Vh`;&{c){^5sBkj7N4F?poRW- zu(h$d+k*euYqEj$Fg=-E06WqQ4w8NwnmvtyCgu?|+8ZNi4H}QU z7_d=?IJr4Zf(GSvlvnk&zW@YEtQyY9@0znIVx}0ZBq^ElhB0O1BDKxLz{lbK zkAO&flaLHOu;4l-PQD9ZS#iMlJDW_#o%QvLi;H$hgKekTDV%KjFkgRq@aW0&!zV2@ z$KO~0)pc5XvmhL!+dkzO8HN{_XDY;yI5Ka+2++-&?7+FKEI=8+Cb6x_UMw{_OoC~B zz?!Q1{$X%%SPy>QKRh^W0*v1eUjO>yx7We%`>$T@KYxAj20n?V$lUNw48p*~c47MBsrRbd&p$Qgi2r6?hUeVA8rI>iDxr)ZX= zBs{IS(HIX|3IWx4_SQu;)4r$Twxa1FE^}Lg1+R zb@2-4sTQK0rxIV(4JXBSY)LOMBY38H7oZ(bUS@*Of#}7TMeeHFhM}@!{c`Z%&z=Mg zv=_rU+6;2?Q(Wr=qm<*KCzNj$H+BT5gih!)Eh1Sy4!CF?%D;2PXZUJ?1j zS_XOI%w2tDCM-{iv+OMEO`-5Yao&{k*Zn;RtlA~S+!j8t^{Hlx)(0L^7^eysj)fnd z`-c9cG*f|{aX|H0z#1=Ufr02D5SqV>rEwpWtg>dy_4d;p>uVQE(+lV#UFeR1DO{ya z0V)kx#HLKL!O90*{Y#Vkk1|bZPZwW{T@c<#hAg<-lw@plmECSittt)70Vi=%$aE+K zIAoPp-Kw|iLdQFUs{Y&wg2(ZIE>fW46g8Fxm~!n{);JG3ylo2C3}TSgjHO!V zY13)SF}rV+VOq2)I%u@wWHM!k3##*>YA1@(Q|IRAOYzaKPkw1_?|r}1Bt9VrMqv{7 z-$j$WosRQ0x(ccWe0`@N0u@ zAe~y4cY|PR%}G~?w`;@w(pFXZ`{ZXFDLeWWmfLwtif13|B2AE4NFq0ByWV2jEkv1%7Mq0kzPWWKb*;Z5}&V2V6dr(Xl3NPDVn{>69) z6X85J-p7m9S)$isLWu(Mtw`EOpf)Kc*45KjSsyv8B{7Z}2s);QS@j{{G>5Qy=P(xi z`X~P+pca_Ty?q#RerDp&{7;*Ke|%^bSOw@T%tk00baDKMZj{BN%05R;c&5h0DKlNP zPOqkkB=-)7W|_|5eELX6 zN&*NNz#Xud9rxm)aW{JCPR7zSzbarZ`Y|Oyc8S|`uJ|@SE=ihRieiNb`U?D7ins95 z&dNNis237QG=!qZ!USvSYS|3~n{m@r#ZkPV0zp!BxQwGg)i}v>0RzuqOapCA!wfYT zwJHuWZ;F~+=jve9uf8DgPbPn5dR&)TP!=hnp2IH7Xv^NM1ub{<0zSbg z{&3PqJD%>t=~LB7^WAok)|^ufH081gRHYHTsTiJeyE#(!cGrZ6CagDA!(Y_a4V=@C z05UB2KT!tQ7aAR#EY4BcFuVw7c|gk$*|rMj?(hiOf@$Ii7fq*v?(x40*^zj2xH`%J zI9^m4(U6T+h-kMyI+)$GxVBwk|t`M>fxnA%2BR)c&AqPU6C6558mlQPM{x^y2!? zy-*A2@T+`nOD(+Ow3@{gnY$pIJjVXGVot@em$D)c-KUOQkk5p%|6g6iRHI+$ ze2KjJl;x%;mSyZ>Da9sjk;k{Ph?opNk!qdI10=P zFtMPNWrwy$gx=atr@teQ8ikpHE-_|W`8l37b#fEdd{Llj&ZMP>RV*=y8#inFpx;H& zxDdn;ON|lTu$6kPJ47>^}3;*l5pM3awR{f%B3P(q^bdR=xazb{7xem|S`j ziLqq_Hphn@bMe1~%OWUZ2^N263pg^z^?6MfJ=^fMu>hr{bx9s{y_Lm0rprK_gB+ED z)?6R!s?MFbW4|*856hC&R}f9Bou3qR(4a6pE6W)EDc4)0JdqTCGAE0h`lK|Gs8?%H z{&_QLwMuW&7don3iZBq)rDvDTBvv0IJvZBFXeGK7VB-(k`uIa{5z4G8N~uQB!Ab7fZbInlP+| z`B+i|0BxRh@ksonlRDPdDBv2s6wA3h0U{%C25?s=)h=e>j8FXTg9ra7SpVPB?Yebs z7fdtH(--5GvOceTFmUWbh#m)S&)^GP{{QQy?tji{hUIaEG40A$6ECpf{@>ZVx9RKu z?`_}a|NAVz^83GXKff3+P^sD9yw&XA-t%ASJum1?xfF?}FE7wPj|vTbp5NeEn!Jl< zW6L3DMP29gMn4MB)jJRB{8-B9tyuSFv5S4K%F~gdG~LeDoNr&FM*L^eAV13yjpe)GiOz#FLL2OrS>+^0m^NO2i~essC%-Zh?3VHq|zI) z;zm@4@7#m}E(^!4yYI?^_0_EARQK`HVyHgXNL`&zdj!|D8c_cY^={33$4`|;Q;op= z${usuT9Nj6nxBDgg1PeNw-;vXc$Ie?H8x^p}}lg|DWSG zkN@}f^ULu5t=8Nya6bxso~W>KD=OTI3ZGh3_?iU;>E^jQ*FRhNbFR!~x=@y2G2I4h z_BHKMnnF01Z|(=i#N=onp+Q@EvJ2G0i`oH4aVBn?X2CF~S(nX^2tacqSCNWHoOPydrNl_7Y8j zCdEl;D%S`kg4_(oL##@J3g_A2BA_FRl71AA$~MsD1EbP)~p#t79!E^9=qa zbyDyzE)*49UKYFiozjz-iapAa6gSG$t_Cm!Iqbm^MG}HEG*qQnehPBx0G69}PXot2 zQELpesW=~w&c<)@;0@Ml`az1iFzWw!6#U&R7k<^Ymf|6Ume$;&N!gQ+f)4s7s_gqs zq)5I3ns`)toi}BtF}Dv#_?nqdDIv(KX>Ycg2geT{JU9-J4&YgKKsAnW7;m88BV9Tc z>u?3oL_l30ueE~)lEanm_`DnE?X_iRqe|SA%*mb5N!grw5r^)p1PJ9bJ9Z(-BepO9IvRio7#dUgH)RX=T1pB@Ohhua~u(;A34&MPKp2H#fT2Ibq zh@s?RG?V#~_zN9|Kn~)GivM4$oUk7HoGA;v;GN+=7?qR?0H)1G9S1%~gBY@4SMQ~b za`s4|!TG5itLgCSgXPj8UBHBW9WK&zPb08>dZ;G4rGQaVgoJLZMn1)O8#vpT$nMxj z&f^XxA3&P)+Eg!=%k-acVd1z(VfHSN9?)SQfxW#Zw({^cmd&tz~loC2$1Sb2F2H^ z2sST&d#&VA<<9+_rbFnK=!1w@#}rb=+zzg^96y&t3Y|vj1})Sa;5Om7sJ{fqMC6Wn z=oi39wK+o^;w~q4ad%CvqLZKOWICk6fhrf}pzT~vJldtE=0u};^K%BGzY#_?SNuVa z8I~B4kbEG(<96@_#sCi^%8loe5&_T&&}R)81TI;0+*E=!QK=QxUsuY?5f+wRAoiFe zGfa$6j3&X|G`oxMcwF+dT|t(e#aMp%Oh&Xrs@x;1pdlSE;zN&geMajfS7R8RN11(W z1=49ki4(`*Hm0MDT*tWDu*mVGxRRJ}aGI3lxx+s-v(X?I8`LdOAx(1t%kU&NS2eG# zOt9?>6{w@uVhS!w)0T7sk_sN+|F(@R)Ky{v`T@fmu3jtkZ)a;pJBt=c{cj`fVKTfN z^(B+=opL#O7tJc9t|s3Glr(Izs$|P1sTvG$Omd>UigCW3oNjEy1}2L+EXTe96o6Pu z1bIYzf_DJRoumr006S5NE8l&m|6QJU^o1;qW*2F+bycc}#3Ch$HIM~dTL93Ksh+`J zRKUe;@W9$zXgO;{v!=Dcwl9W&f-ejx=6lGE++GjNh-XqdMu~3@d zu@l?4<`%5tWsTf=!=+;FbX54WX|Z6oll(^7xycCe=Ru;cel=AK`DX@V)|M`iCJZz? zb$whUQJJch`5>s{;8s4+)62T|ZG583hG@%}-M$$VEmQcTM&v`|ey!)uL-QM!M7u7z zmw=`kzto+$ktnJxjH0e?% zCM4#KTx!(P1z?{N%Pyzxw+F#tGgQdqnLuop8fD+on4US#?#&PRs?5Si8~qz?r6gL~|r+r#x7sQfM+- zbg5Ew#|=nvb5io<=%}PZ&TWdxUrCn3emIFI-kT^FP*Ez|mk@`BDA45$R%M4cK4Fq- z7rUf@6dTJ)C!$_h1@NfUT6uH3_?rh{HgZ7NXQwPTmcKNW$~(P0N@aI~nYaA)C{na0 zrkvC)GUs${mZL~9iimTfs@B$2gufvrK=mS1R>ShH;KsP)E4K320 zuk`biovZ}Ep+B{y`a}LtiF2?nO53PZe8~6hPXgeOb7DhX)emcklvzhuUCJLqhrQT4 z$xSS2N*KAtp6M!?n8~%+R)?pP5~T@{j+R^ni$qxLt)6R)7mrF@Q5dv3E9!ImtN@Pm zB8M_k<__C;7 zM%=*C>?GCT8{SIv1U8vA8YmzXcw{F zV7Z2NC2V)lx&rsBkWPm9E#jP6=Si>1@A{)qkBv}>5Q1|zj%c=K*g-c-D?AU=Y@XZv zdpUg5@Rp{o=2BNZ*=Qr7v82mDb@Gj45MxfE8-p~~D;IklsP>v!EqpoSx_BcVggR81 z5}?ZB+;QcMEBfbE(kWxAk}BbJOu}9|weW{R&MK!!m9cJ#+&{FXGdif4k??GkLPsdVe6&Q7p zT6*vdm3#2LhNC_$=$3#15aYOYhaVpwW9c93iI%B4@0)?v>367VHTp)f?L+7M#wPFK zpOD}^qk(7INE+|7*eP19=@OIZYfrMf7q13hvSn2-H0?6i@v@V`49se z95zhvT(u}SqN^ySDz7OSn&nqQ$2~OCf1$VJ24lfWGbN@HJhGx`efK1MXNj-5>BmuQYgknZZZc;& zUc)64#gz$)Hg{}p%ss$Yhh6$~X7wlrmiOOn1(#o_??19Xf~>uG1d4n~dz*Nv;^vNi z>Z~j5Mk;D+qm<*nbCXve16GAF z%x#y=6@D_?>!_eT{8;H{RnSLCHuSAS{nI=Inn4 zwTj4q{3(Agl9E}RYDoq!8Fatoh697K%$8~pO=aD4?ko*h9GW`8aa}3VgZHb(^vxZ2 zX2B2g<&X8_n?Psnt<(V`S;vxN@#!g9`ojcniaKh->5@|pbU!?R$EX;us~h4jEV)%H>UojQga7w#^!NJ`}s>IB)vyG*kfcdPwYIvE$~@u@%ts zQO;@SSrS~2ln0)zk?jS}H`elr5}&SKA3JoFOJd4p2cyG@x}+3ByZsv$UOO-mpNNvU zDGS-IE2Al@P3QQjJL9pr1W9*WR*R@pr=qO&sym^Wi697|JK&-_daaF%N~f^?)kK^{ zcUO0c-dDX6?D32QzLfxo)`PhQg6pcVNZJUQ0&3^Crg#H7%>1gZ7aV4-zgQEplr75p2&@n91A(Xr?4)*UBd%DD6-vpho8FYH^|NSQQ z?R)vrt@pxg-CfC(G=+y%ONp;nms!iD^)c4q(FJt*v8%iM z{U6ZnkHO3loXTabEoZ3PmFRN4vHK2a#qmr1T*nI`2F}KH(kaZ;Dm!iO!aQW3zdhHO z-z%(X96TfE@@(!TRdOt90py*V2j=`(8#yOwGjSk;)1(Sdn793ECTH z(kt`3y!2V*g7ce%AJ1c&JrJnJZ}CFMqfs=7VKk`fC*Cz9x92p02goqMQrCk#Mfnnw zxP>sK2{OR2DmqDqyLa)4U_u`Mi)`DQ-e-bDKl~8MGrlXX)ieN^$fGKkZI$B zB80BixATfyiX?$w8kvvqG&vl~ZL>_>$RSn6}lDeGRD ziN#!dRnFZSo^kSqQx#9hvr=5V(NTl6^;&#%T)Yn^Hk+&gS|h^QDcuXNn;MMj^(GW5 z2QaTwbnWA~j*domH~{gI%4crss6psS=E$Fm{r#4^E+izVcu^GYi0g=#uIn4n3ir;? zvM1adg-I^&nE2JrbT+!`T+7`ge~$w4@|!n?w!SpingIyccpY(UhWJ=&Xhiu`5ZWZ0 zk)|d^{Uz5zX8%VCMaY!AOL0zAx=AmOO8_oHKv5MEmFs1IY0LbSc4EbGW2W$s^E4h%;atk;8Nv}8XHlPR15%pUagVAq zu>g*?&XH;4I>16jo8KqC4Rn5_yzGQ=Ys$J%R|A95On5|8Q9H2kHz z-RYDxw^Q^l-^xzkFCi-m9g!5F(#NPMU`a3ls^fdk8a~=hkEt~3a^;{m1}z?-%1M^~ z3z$OmY)qX@Nx;%em{p-tJpXWm37|Ewg09rPtc&(8XOg6D^?<=#p1*kAeYt;l_~fx$ z5>L`4AYP!SIV7+(F>C-V*Bj&k!uh~_3}wpth*oVP+<4`_5W09LT@zxQ+ffy z>sd4$cGKy^lmS|h|MT9?j-US@{&`#f=d=9g=6`bb^9!c`yjoe`+bTb|shw^%wbQqd zF-f1*7gKeAT|Hrv4P=>oN%r^Ub$jK@Lw97Q-~1jY0}yogv;J8;fkm8V(XY`EuR+a) zy_)j57>$shR zDf_BwC~Uf-=xAuyiMQ|XA&Pe1-{0%*?cg&&$vz|L1y3-rftHA=oRKK+XEBhCH>~eI zQhx(Lki7km)m$k5%8@fQ^Qnqkf#rrwrL6O*pG_4;01%O z1bpm+lWD@WHF-tMx^vZsEF7~_rfg9^%`!8m6*{e?Y8t0G)`Xbh-9(q&?=OCbvx&~L z8E4j2QtAb2IDrfVNo3{BP;TZ(Ia__WdO*^J@#O4Oy1muv!7$)1#Vz04p}*v)uYDWG z`?@E|9B0hs`{A0kNQ)s%Rnqxv@Ckoe6St_Zyag**LV;~Eo{xA_d?9Ljrp6XlHYV}*T$~5o~KXK z)3n}n;5=52geKVy>bRo}GgzOKrg${g&PbS~#0Q!jn9r+#V?jd#AY2DCP;_Rn2jtv+ zurK+s2QeI8gfq?ygW#UfvI4@qOo6qY(OP**he&bmfVyW%G-;3GewHGS-G&ukkCN7u z9~s(EH$4D*i>`5mn{4@64OZ7KgVrO#`M33z z4~)r|Z|imI*qZ--!a6Ho>+eSOKiY=lmVlnG|JmN$+}-x|KO6UM>py;$-(3BV-p?}(vBLMF*p53fP@xn9G8O=CGj+Mq$@la8>J+GI*#*WJ0y;U(~>bcDuV?%%}EM(#$qLuWGGk5 zZO%Y$D7(1=MrputGz(LlUui0f6PxSV+(2q`4a-SxUO6i>srhrdayoN0j+;zqUNN>S zCNB3!cE!}?^T%?v^yF$NH zz`3JTJRS|iO0HbmcCD-%1vD`})Xw`s1bjW7#yC-t>h^H)NYJ|43+pI1M7=;?N%9I6 zrtQ#TV58!5pjxP~buMiNVyP!|lSWKgKnkULE%Sz6ld_zER-OUV;ZOY9};S0ppfESf$C6`j^^}~DW+&g9F2m9igg9bWUzM9S~-XxP; zk5l_mmc9|Q)D(4NCI6ed;#8!7SWfIzHMSD3SCe?>+()7~En9~@@UHoLHY@4(b>9!*@j4QoJ(3c_}+nnq{5}ZcxJRCNQvnd-@pUQcnxS5WpLyE}j z*^DM0hB#3bau}pDNY zWk@MY-LZ;N#DZ7%=U4}VG^GHzQ3@1?Bf~Dj8C!Vc356B*B2?_;O^!V*oc11N6g!Ux z6t*@P#CRmbp{7WZKr`&WLr3*dn1rY7J%&z)cv>972O}H~IRH+Yl;hBAWkICG^0_jb zu+w!QZj9k{KtBFz?a480g1%D#EI`x0PM;^_h=atDI0Q{_IXje~p(o50b`a`T8XDLt|E zzuccAJ4)1Cg{0+%6kFp$Ndx~XlP62Rrfe+5euEX^cIU$}5y_Rtu3Tyu7zOQqm5~*f z5tAb1sz2v4W0`n9?dF~=ldfdwQ=5V}x+7v&ka2%E8+U1ho&om`JuFKk!1H0rMCT2l zjKQ{S7F@QcN&HVYCGZuwDxCiQU_i{ZO?gs%RkVvEGim0ES&Zk37T%Y*1|`YN_(zGs zoE>fk<-(odTmcgcxjB@WpgV0lEq+>R3`=xUlE%0w7c!2Z@+=STM(@d%pWh8Ifg$@| z=$PdGG(#2=eZy_!YkDxrG7#JN?;OeYTr_dFRNq1~e{+q9=`S9|oicieXF|E;xzwr_ zGmk8j9l9t0;LKRj-iBULF9iol&#iJQ#tEU4sX7#HN-N5g;auy~i4jE#822g5DCr{| z3BCHp8L&cNML};0He^z#9i)Je*#o2iQ_L5WMIdS9-0LZ{wl8EoCbkjrd!W!*qdiW9 z;UbQKQ*vlQhr$(zL9(EQ=wU1FV;Ewv_Svsa8J)g8^(G9a8M`eZXbHLpi1wAEzU8BP zoeQ!VxG<~>Q@tp^E4^E>y)tBZK7xbeqOzkds#hcSi<+2Rg8ykH^<9yNEEgKROdoIQ%R~!#$zNt@JIusW?EfU9o}~}UqXw7``)|0ZP^}sS>+|) zdhPLv7VV>rVfRgs3>GRvmS^eKMg=h&DLahv(!`7hWLa7HfPINssX$K+y32^kZ@Y*9 zR!JgQA%9Q9TncZVg(z{IQzZ~tCd?;BCT&WD#I6k`sl`+^=}*1c)^4Fk#>6D8{&x0? z242`H^WXo#NUCr1cQf%{gM0{YvdE45QojZHe|9$Zw!HYS&8@wy+xV}~@hgx2Qv3M@ zbN=j4ff2|sch3Mw?BBwE+6x*#gz(2hgx!wQAJ^>99-U<%Nu^`F$A1rpShESf?_W4y zS0xhKxG#x>;Gf^)KX-3a3f-m@`h+QkR%%xYZ-nD09y6LgUn9a15Gg*HVg7J3Z(b)x z(#iYranX*C51$gluzbWHw3rvw2d|kKF{y0nP(8wgyYRBkM+8N43<&DQ6Rgo298OP( zn-nzzOqBQ`^jA*VzIl$i9?JG{5s72t3jRetkxzer^)jc_La37CsSP5yHZi~hm4~J< z5-uSP>6Nyh0d76Uc`%~DAZb|AMV=~?s@&094}#8NWVXuy+sI{yb8;qPTp+O*4lpsH z?lhPUU6C$YDEKS?a5F4CD+5DRYFO??p|L-nG*G{gqQHo6t9W7 z*vTK2=gFeikNJ$ha$T-VCEw@jEdPv0d9I9Hk{N7qj;>oa{y*b)bNs)5K`opAb9-}p zXV=gF0N>y8|DWSm&HwxR`EAPrx6J=7^Zykw|6eELtU4%VL$1gVc|aDjM&9>p#cY7+ zX9;-Dg^xI89Yql#_boLt@EZ=j?udi!ssY309a;2N1#jrDF8PcYOIeP4yX6oHArs|`+zT;tB0m#{a=iv;L@1g%;MF}U z&GNHSRT*d&M?+)M%%@pYvGD$Ol~}HTWx`@)R&h_iY9!pv!=dCN?Xd}(TvItWW)M$A z!=NErH9>erb_F9vL_tXWg_2ChUQDuBe@^gaB{|}>Cbn6No=^pG72C|g?;T`JI89JT ze3FmXd~jkVlcbcsmCOUVy8eEB)}FkdtRmD^=0~ZkP z^yI1}psEi6!1M4zq~{V*-cU`+?ld}+2tGldLp|x4nWsgO3N3Lrn&PcsO|rw*LhFe| zxUAEt0CmkGs8p==l@AE~@{L#vkLqRi*qgy>xj{8hti&-7UAa`&8ATb;!!RD+qVN|) z;cH{?br5*@Lr~IO#%~hwk&AIYYzHb+h==UDuM^12;0e9qat66~w6H`L(++Hwg$ z^6FG+9df^Bp2Zh8%F9is9;T`HW$r2SPW*Jtl?ShK@*O6;>gw`&aiw7tS4ij2g>1Oj zqkY<07#YBlqq`~Q1D{Jnn!%sTcFC?ss|Au1%uaPZ8e`zJot4z0PzDV%?-J=PV{|&mgdv-l?SQL18+Zn1oPz-o*LS zu&v4sD&D=s0s5PyX%^x;peZF&<^zXy{|$)!F~5DYadd1QI#|n73AQk;$#ACjwH-J~ zMkZcAv0bZLx4EUlSEa(}`p(;WC4y|xEKfnQ6ls>mb$Z>7vR>VJt(@3%lRDI+)Hb=( zU#k?SAA++KDSmw&|GWNfm|i4#JuroyD+&E4rSnT&Db<920sO1;n7*Cmrbl!`SI4L1 zQIRQ)Ra8J<=hC$9DDjtQtP%C$`Y&f_4dLS%2Kg*Wli5iAW*-St&q-AZ)u|?iw=&~L z%Z%6IAgh_IrKQManX@@skW$T}3)gT#TnkL;Z7cb;1)3Fv-r$@@KL)m+_oq9ad@MC= za@>*ZjY(=MRq=8Rbe=^zV0H#Lpt;;fs4OA5L^*~Q_#}1uXObYf;1mn#405VXF9fw& zqV*{d7)cz$!yw2wPYhQavk5P-(v6&pg%xui#iJPGMA4~>hSH5sx@5F7rh!{J@EPd< z>~+IE$yF?iYX(}uXfPd#W-}$md|CetL)H#J>ch_`7noCz*Ey>NYQ+jJF(t&7rDB~~(7l_Z_yopw2q ztuU?mjG(s@+Pb!S0oNr4(-e8fk2kTootASwotxnJK0=(oIy+Z&L40~fkJedB^f_tL zb&A)r+vb3)w#R7Gweh!c9*4mSmjhD|*P2Xz!@+>^Qde+j7D;Ibur|VQnb(}nn_N7H zaM_{P$5>a2Fj|Q`wb;qB+XIC-&EZ9O8Oilw<*(MzNcl(f@U1Ii zNs_swVxYkK>A?I2bk*t!3#sVktJze)im}8W@9fj`w5=pjT!p$zVpTf&0wAtCjJ|M6 zj2$$|g5#(%lvBO!(6ADW;sG!kr)hdJ11^|c1%<_T8xuc5+)Rt!!c$m4N@~`dvZ{3z z$nn_>bDmiPX}9g*eZk~qlsO-F%~@4|4YT7eXJx+?(3ckFV4b6E(onCOhOA(Zoq+q* z1cA*SZfNg3?Y?y@+n2J?JQlpZ!#=(@XE%`1bm|y*|Iq>(iqlH-33qm)lb0>SlD_i!U&dZ?Wz*A!1K5ssgb{vjL~0 z4A0Ye5cK1WlWq;THdWHcL@|7~sKx&or{-ks7ljh}inB)o>UyofG$Kbs%-b+cVk(|y zQOl*n6!kLncm&$fQac^HSRwY2ER;)L$yrToBiC#MNe{*klWAlFnyEiz7%HMxD{df2O(Xac@|N7+Vi@&x< zgPZGP{{6psZwp>}`@gw;8~^=Tek%d&JJ4aqf20FsRq z139KZ33bmKrss_<=$TxFH0UI~F!Cf_$(vhm+bV^KBEI}$Ghp%?_hR&Dr!UxhK!TIU zaiX*@+wK20ornto&Kk7|uv9J7=di^)7^bIjU#Zhn%1CCLj7J0>-#^V~~0$X@-e^`s82~D$Sb2U~oe5A!o}$#OZbO ztZ&s?0{q{$@qfFu!6)xkG)m89L;(;=cjxaC>dZCF!9GMkYC4Hp$7+ON`RIq0Q<~*35 z!b%|0sa3&K8xLmaIdSY>NymIA@si>+u-Z0|VV*tu`b~Q?)}FmNm#oRHcM+zAh5x-g zQj@vg-Xh|&+rs21JNnwEQyUHile=a+a?^6twA{Q;Eq?`MfO$d>=vXAF)P8&Ql+tAY zr2w43^F@1Y;A|A&>~ld_3l7YP(C_{RFFn0Ph2wk52uwI)YUmcWVJ6c8f;Z^n3Y`wq zo`qzbaYYVXz_t^rGmVS^rUQ`+BPCh^6sG&zA(#K4M*rUw9bm9Go-N@`IAnCD^lW;% z_sn#+TU*;S-9tHBa*SX_XduIgY+QvAP$D|3+2P?+7?B+L@g#7NPrBWc-P&nwZnd_) zw=NlsYPXLYlSsw1webzh$hocxg{&ZD))TJD>SaTE+4vs*kN0wT5zcbONg;?h%PChx z(Bdl8)>#~f4x#b(PwGaV;E;wg8TO{uiOZA(B^u{qY09@yor%YDNrr7g{@(n zOy6UokO@-s+`!%{!2X5GUjrGz%PiPxZ@1w_rb=M22$^ZQS!j8J3^d$6L}1`n%hJKL z&pa1y6gJv0?KiCUTWgBO6giz-ZcX^$1sd~ZY1yKPsfX0PV**XAV_;aFLxL_9#f#ye)FyRFS#n(3QIFJAmtYiDnQkndI}rTAuBGW%nx4f zzy1}OSN<5*|K`m(U=iAO^5IjE9`_xJh2*XnE`Kqzp;Cyq_!4g zObghvI32|Oj?eZh8G;duKT|9p`Qc7xLq0_rb5FVb7TKnj;=|5>t%9q{3~HkkQMT^` z0xpdx_%$O6Zh+JjN`u}EnLTE##}kX)WGYJi3IW8k=k&k3cLhYnucd#?wnXVqb87^+ z&U_Tnf7CkuvI<+sV9goL-rmmggMp9b(BLdJ#RdX=g5((P5u!#oCY`%Wgbiyz729%e z<0{JnU-M9O$=W3DQ<0z(l#O8soer%_CW5r;e-m+a?)L0%US)fBH~sBVWrQfEWRgvZ zjog3vy5z)ds@?GxWApy*-tvRMuXzy9kS+v&efd}7*NnOca}z24*gChH%s$J+ceeI` z;LD<+16&vnMGU|TH;em|Zj_wIS;~cJss3uprEe6Ft^2#*8z7>>h*VxL919liMc)R~ z@5b&HG;%A6rx*;u6$Dw;FM+wo#1#6)D-`d^9i%xT_ z#OcL}O5Om}?$wk1$IqTvEw-@5qmUIb-8cab#`sI-?AK=uB&Ol^{XJ@k=M}_w#aOlU zqFa4@zsZxcxUP=yme4D5F(?oi#@yx0|B6(8h;a(zkOT5iWbLD1i%n@)HRFN&2Fma) z?*iQL&Z_M3*6w{CT8Ekaj7r>)3`v0=l78>vY}P{764eHZ&Dunf&0JH|4;%vBk#{H+ zQr*Y(w%%!Nkgy@L0(lf>{j;(m@9f}e?vJ&W1J2JocFRL=CDMl~y`yflx3_`2#VQLe zS8oLM{GZb(`d3sp846Vx4dwS}d3!3e{NBDLxAwL-@nRO}ju>AGwF;(ng16vAAk3E} zim5h$Am$6eK>R|9E900cc5g;fSYs_9HuDs)M)hzXnF77Oe?6C>_^bm%=E- zdcRWH&jv{Im11-!O5~;tl-8!V2Ui)AneeZ zFgmwK15*8SzI8nY+&M#Q^_p7?yZJqhpAYoLCM!gQHA00a>o;B9QBJO^azPH%O7Gf7 zVsnpoj8y)LAXw{2{J$N#TEhF7MZQNA!o8p6((FaS6LY<{LP{2kBl`O$3&$GD?#2e4 z5t2b+Ax=-DOfi0DZr1lZ_mv1EQ`KxCAF=5q?V}t1WU0+3gJ(qD=*OjD!$~ak5DHlvIPQd=ievq+tO>Y=pxc0~*l$mIn-U`~DVYr0Jin zwN0%ogv;t{8c9;N`pVoCGDL=HxyXb^Kv2&23Z ziHY)OIu{B}fy&jUQ3OnJ1Y4`Y8M?2%RXdH4u)k5 zV>BFcnCZn?YC;y#{UEyF@LH1bK-$2MNP!n(4k)zEjKY7U8M@1X^fi$XDVThAQrdDUqMMoP2G2G!m9_%7NPH27@SA&h_eI* zPvZ!r{v_mD9yo%RvP4g*LSBsxTxd6V^D8W;a@A$SgkJoCvC(`Q)@?1IB^pE%vc*V% zE-VZAMl=(L@mVV#z|9jEIP@>ca}9>8kn=cj8&Z}|OD0Pu9YgZPzH!c=h9&n-ae;nCaV zZQ}Y{i~qdx#bU=}(KCC|1I8s8Nh5g;l4)Lfp0Z*PYY2_Wa}e5~cXxy;eDrXT4x9xR zO|&u25ft*FW1q-mApc^0JB9>cBDp*@BM*%#QNwjy2GH3%PK>hIGl@uNjC7+A`_ zr(Ju|Nu*q1-NtoYSqWaT1&`FJ_yFz;<(T(2X=y{{R(oUTJA5E^(R<%vd!X5v`|lmA z7-0a)`aVhr#&Ht=k8B~*b`WLpd5EsNxr}0k?1u0#5(@JHf1 zCwL+jU#&w{mKWSNbXp_*H8W5uy&xIz(RN*M^_7HY8c#+k;Sweu#593e`EST;Y4P8m`T9r z-{WMEUgT@Gn*p{?$L+g!6!Ajo4n}v!(3_QRnsH`w99}j12ZE^igQ81z;N4iW;l;u zG#7%{9$*KvES$09y;-Ryzm7uOdHMj&5@GHS^tV?}X--^HPu>HGouvJAC>!0uu^t~E zBUAM@`S3QuVBxoTJR;@!JWuYhSfvXYZRQL9km z)2Ik6Z3f)~nh|Kkz}R>@v!-v~5=VDyQ-z$^6!y5Jh1qFal%G!05#05C{Zg)D6-38* zel_?3yPb1bAh?L$p4_ zvy|f$SC5Vrxg&i82ZwnbG|4)BEKRzq>93@D8X_-c)<+!r zyT}_!v?VMCT9H#UQdfrz7MLY3I-u?Lqns?HkM1Z=Kq!Ixk$ZzbTULyJI z-&o!i#%Z2}ec3AgCx^f~7mSfpbjs<(1lN^9M{3A`oygw;q@W>%p2f2$Rr6ePR}(4i zYH3e-KI{q`sAe)ixdHjrvxs1uo)yE0d}=<)qHsh3SQ4n_c1cM`%lm|znENu!EeQgE zGbL+f16@B4vvvAr-65r={Rn}_2W9@$JOuTIskmWW6$4tqx~j{APi2Yq??~u4DBl0T?DROOf?*ifc=F3P+%r7J_dc4 znv>6YES!`s4R@W%C28Vc;uYgk+ua+&KX5N)V3y#gcAAHvip!F_WiKiq2Z0_GhqK(y z1F-H%{GM;gY&ym~kAv~MQyCQ>D6waa!#E4@CEm+QVm+n@triiu7ILQ;s@rNALA(`` za)^ul;f<7#N2`Ub1fLF0(7>#aS(s@lyezU*nyoE0MdFr1xH~7&Sg_y_q>YJ0*D?PL z(-%2wgvm$&@qoDGF|rr^vuW~9k zM#IAgIWB=G>A{g{%36|O)<}C4r9A{T9v9av6EEqtXAERz zD7%fB(<1zvaSAQV%zTQbj(k5!Y|g5-9Ob&3$q@+0V?z7$uT!hdARPf#{$%8*R? z74hh$P-MmoY6N3=p~_}p#TL6AHNjLkDE_i`NZPss$D3feL9=^#cbXud*R^x%;@}^r z7A3T@FJPn)H*wSO^0=(ya_#NZ-FCC6m!?8B_Z?cuZ}On4BioP$VI~w1e!7(Zhq%Zv zqw7&e6VO^IQTp1?xds@SuKz_pE57| zuD1@to`;rz4h>9@gZ-^7xzCi;sGDO}qoY+E?e8HRWLO}25hT-5kF$P@Y${zTbWY!Z!8ZAl`<}($MPUfCS zXBrc`rYj>!YL8Gdv|EaQF6u@Re1hn6v?Z33B#2Fbg|V6J^NB!I!nn7NgvxM8p6-<_ zZj_7$4b255|4;%X8a5x)VanZMvK$o}Axtw2ZFP95LfmLf_`Ovj!rGWZH3M{uN+P;a z2XRi}vj}0D#T}t|x&BsJGvl1W#VPUd_TQaAm0q6aQ)N8LRIa$yoYIL=eZh7+jtVNo zcVRY)`^U}TcsT9H11{7s3Nb59|J^Zmh9W(1#mOY^Xa*a3l`&>s0iewI0EHc-)82%G z2~jkm#;9DP1Pw6Y&?JOnvBo+<_??U>-oC$w;|WKDy&W14m4!Nnfu5c4_{PZKjQht0 zYEC3v;^UF{0E)O8UXg|4+>wHFyqwRtXesBhI1RG_<(o%39-k(ZNsgADv%Gb*>WC7~ z(2a!gkG{2qN}4iSQ&f&Js<-4S5Z&}K(n+2hQLbYnj>-d?nGP0YOi`ijOffEqv`I{1 zVBFv^7Dz|q0Y!szdmar0T!%0BV-4n*SZO8*gQmu&0Qf3~b0j5QNKOluU z^wwq^X3zu&yEiN1_1hG{GwX%7w6Gj#zMe<|NA|T>x=tS>n`nnpPaKx*_ zP`)Q@^aC=pF9`PkM~N~BD{CF*1ACizF?Or}q7Sin6WZ5+!YF&&s#vN9(RrIcYNy#L z{MlQ@FU^q;h#OB2zQs!})8GAhg!_Y+OF|@i^?zC+o6} zg_)v?^v&up?=g?YcZR>)YV3cT{%y)b2gbN(h>p@UYI4GrGLbS`RB--G{xSW>)SiUe zHkd+t7*3P^88B<@B$}+_moguF1B=*uRJE`4J&t_!(fy6R`#*1PswYBJSM@(FY@u&d zkr{!e?OEq~#RdCAl(J7LV78_F=>RxL)xcOH zxkTFqAEtOj%o6=~%uf7?F2||ZL*?uQJ-{iWY;+U4MzpgW{BK5G_C>rR;gBwwU#1yd z)N#VePpOnNF+eK*-WsB7JXD?$7xBBe%^ODd$o_cp(o9+VMa=(fZ7F8oPwFU%Vak`< zVeemA>^d@SlpO-D_-OI-UAGXO5mCMd6pkrOLYgV(O?euG@51119fwFMR8W2ELIw!>}gu9Sg%M^(0(4<{4z9F^^ zkG*;w`?jC(SeBoCC3Oyr0|d(V(j{A(Wlgdnj&z z+U%9WhnqG>cV+%(=k8romEj4p z;1MUbd5x|m4IP7!Kg4*4cAOqH&`L2$JB2rEYwQR8C>_s$2%Jq2_SVM6_n0VXw;4zV zlamQ1RcQtXNxv;e=4~P)9LRNvE3!{@Gu7CeIyL7O=5NIh-qz*a+xpsH-X_W?85s>0 zWL1n{MD^6U)Bqq|944v=?!!*GIwMpCD^hKq|f*Z3r+ zVaVU*>rW3JJ$Zikqy^(;YESwaZJQuV0Xjz#w=xVbNXc-TiEAd|MBG-akAzY`#r?KY0D?i{D-czwf_#wg3F}!IQ(_ z#jD`ai|3CIULU-84uAa;>_7jX;J*%@KW-{DiLd}TNQ`fcNds^gMa}?}(nM!-8-~g0 zloWEPM&zsA%2X91y&~gA$Zl+fIkh!CGtn@eKuPXeQf~_it~>EK&`4r&OcQ?4>c_NM z#TcHqNxfM&5rr6vR76|nlP;O<;KRa!z_25p2D}w?25f-GI`MP8^P$c%4t(W$q$$g~!CHXdD7io^ekXQ@5`~$3wdqDu~ zL&-dv%!^6#8uBH8+skfy3UyuJ9*E1!FC9kr&Hmi@PgSb(i|2pX-rl&)|L{3}?*8kv zgE!j8g81Lf?Lz*i-Mx+N+xXwl@pFT1YhQ1ytzZA^Hq!PcB5f%{pdDvhbHZ$EUX*Rk z3bL)$K0d^j^CKfCS2OXo@=#$_je~1tq_h<^E3&rsr2=bfwQne_)*b9e1=ZGSpDm=8 zF~Q9r`|uK*}`T&c0wi4ae@fDa&k_HZ0+AFLbg`>4~dWET`Y0dul?r*#}fIv zq0rdnB4g(U#x4^VTL_CK{>B8w)~uM=+UE(0t^NB%#0m?^l&JRE!eL8$x~XW`GT@&i z7`CjVPaF$d*5xM%g)QmkD~NGQdAe4D2!k z`Nl$EmzmNRh=5&YSf4EbcByUursH3inc=^C`0Fxj@NX6Uy40qB%HY>!2kT7?MA~}YhQVEYwd=DTWjBBY^zWi6-!bp3v4BO8v6Rzssp)d%LcX97R0pH z;C5w`+9!@@t)A8VVAk5zV_9p9LRo8bBUx)Dfvjekt{uc$y#P)GYhk{H09Jo`74fUZ zA%A4-YV`zE;A-s}ajT^WdQ`E6__Z6fT3Z~mT602HYi`79ah0wety;Z4cBpC}Aaj5RuTNL$KTNr~{D~q-?XSE{y z^va{Cq6G`XPOEz|F{ia+$Z28Xb0SU`EP)C(t$lN`re^J~9cWs+Zk(xEzi%eSwC3;d zHyL4Se9pd>_)<~kdC{e{PZC^;{=ioVEu|AuyG~rG3M;Lz{iXJ?L8Y}NV@hkat3{L| z`Tpp5(%Ln`NjaKS1(VipDwec%1EHj~`H`edvaS(ETDy7_={H=c@e}>r_%FFMZ@2>Z zHR^xg+qtd({aJqg{wur4P4;n}_|L7|{r@aKcmEY*_T~2<>wn+w|EK>|?Z4>mZv+pn zzW?{`ZQq{%&+=Qe{~McRIci5)@7jILkN@7-*xA`~_kU{>{&^e!{W*U7eUei;9g=Z6 zFUf3J7lG%8KRpN@vL*3PKX&*pj5GMtkM+OQe)tm_4*5042f)*s11-NQxCs3*tD!tT zc=hDbYxxvJWcU*P^^hIB+vJZnNP|E4Z;-WT#^$j`-=eUg^yb z>UdPxTDpv5T<}w{8FYdTKHUz`LvdnT2BdL#a{+$ob^CYuEjs^O8>n5>p77Tq0gKN6 z?w)`DZ*TAJ+@Al>@uP$JQhaGUo!>a(@+E7mTTkQiV|u0Fq7q7Ab!eh3Bt~la?o^%e1#$lL1N#c?EZLujq?I{9yTEd0;hn1MEcWtK%mYo&Vj9l6aUaQh^2Me{XNs zzyEi3clK`2|L6FvuX~XVDjdZ342>{WicPv5aa&mnFhDD>70+;|v(Le9trrr!_W_T< zlx-u+9HK&aU>oDYW@?#7G`XzpUV1hLt<4~5q z3+IG;!mW*diP0)t-4ff)D~~g|M#Lnir3q<);k%jgxVCy`JMiJbUw=D%wOJKmiS0i+ z$P$5EAL&rwGW=kgU=${XSm$kKC#0AVbSZjId%LOy2#M7X)#DknhfX4?9Vx@kSOyIEcsniJzY zcj9I7w!vNH*YfDa^Ir~LJ=;fTmb)CSBXpm=fG7nF(3f>?*wXGe=q5xIsjyH%|5eO_Fdt%+&;E3ldtcnT3X61ovOL;tOQC#-&bGP7qF0H{L`5!avwUN*K2n*nR z`G0$BcYE8{|8L#9wf}vV-%9W_LQxR7<(v{3a@r%1?#b~#H?bHa5*gdUGhrF>XdGst z=BoSY5F_wwE0|Rv9t40?B>2#sol_#^F!)!Lr7Gf|;slWhqI-4HvR*MC#c3pJn8Yo5 z9A}-NXe_W2g%M3yp_~@XTyX#~J6)!ym?pROG(9CibUDC7H#-cR;sZ|cj*{DIMstM~19*JZ2s`Yy*ICWrvqR38#)F&YFu1r^9Ng{(!K*aGXk5sl|CxuY%#>0;=-%@ zmdFF#+8M_g;UHnRL6R8+p$*YHIlo(^9b6-tx$9iGK>;@)#%CxxZ0ckqGIj zbk?E2Rc{ZAZMHYJ?&B<9nGhskUBmI1l4TsagBk#Cfy9BcIY=BXqe)2wNb)74DHDbf zy2j&*oKiwhL~V)3PytmdN&@4RWfZnU*kB`vKrh(e+vGB9W3XU2ZVjSd7L7a9Uk4*J zM==T)ciX4`3MAMt_zS;PW9!P}6%}>2&syDFKu&v81CpaC1!^8hRAm9AJYG>To*qc( z@jM-xQNkZ318u=$m^2*F|J&Y|x3_I1dGFu+6c}kHByC=jEjz=E<5hele%7(|SoX}m zD=A!%fFz7bfFVdrw59p%Z~dyO8x0WDVL5UpOYDv#HX40Ych}W*l#H0(Wh4H(saWV| zFh4qhj~Rb0KeD0AZ)&92x_uGF>^cxmX*tzJQBQg1W`GEq>J%>?QV=doAMoO5{%q&jO9QeY4_HCw*4-Vze}_@2G|y-$AK?QSQUoPFs@Bmx zbJV1RIPhm2m7$s%r2ri%kS*XP&=x}hTi#E}Nytv!#K_xoY@{-dA{dA>5?VY4C*7ci zoEGtF`7;4rFC}ij#sV@{~v>+^dI&CrX;rWLH8f>?0=$P=|qY1~<9dp2*Vc*A#+mkPK!BDVqhZQnFO%_TI%Z3}SkT;&&<;yV&8K zF=g*PW;Nzx$jXtD-V4QZM;5l%Hw`AR^4PEp;TANLe63KJM>i`y`A^A*vQCd^WBk^QT$4RWaZ>w`p zG>qWX4iB*(aK5`8r)gH~8=lA0G!d9OZgkA{M_hp{db;HpYAp_cLW}6)5QWE6iA&0! zm&Wm3Q%lTZ>!=$TPq;CwylS$mgAfEI07vQl!)H&et_jC0id9i~V)1AlPn18ifryBK z3{RDz$t0YNn`Uea<|n`)Yl5{I4A@$A$M?~j;8fwl07DW^63BO|@n8@vz-X?yzgFeh z>04Tb<77yXxUV~7EHjk-&*#f0ToAF!&}iY+TQv*_lgx-j##83a5!IK*9R}1AfelRy zH|xyO6Wq)&4msJ5XPoPe%kh7~8tch`vnmHKgLqcBQX|Bkp= z6E(#7%)&RiXcUMcHa8PSV(~|2nCTb@O8g27MA)()0{O8z>Je-fB;0vj zhw6^8xxs_niH^b~CftM}2!3QrF$s?tab{sL2rV)N>^omO^C{72 z%n5Uz0a8%G!PbujnHgqQmd}`FtP6UTqot`eXjpDb?3GLthRSHddOM8W7@j=xYQLPd z?mTYSYcGHj&(x?Rt?iSjcDCQ@f83;hhaX2i{pa*!{qfn0_>BbCJ1hK`z8D{!?TTmN z^6xb)-x;Ie{Z`O#w(fA{C*Y9dY1-WTrG0Q`c?0A3N5E5DOWscgg@X2on2)CR#N}si z!S9INeM$R2Ki%4W_w(-A?oZnr{70?E7q4ghZ*v$P`Ga|#zK`O_HbD4(in261sz0uu zsW3wgr_(dA%r&0w*(j(}FQXyV^wR--_dc9cmsU%--Tej4oUdE!ehg+qP}nw$0PFZQHhO+s0|T z`?S9K@4d;q&D@unhe>AbhgFr-uBx?@T`4uw1;;nEAaE7@dE-6{7Pg)I z6?f`*?Oo0JkL;a0`rc(L{%wH%=MKCo4kUdLJ| zynft@Hx+RQonO%03E1rx1uZJ$9(B9tu%%|gNor!{{?ww}rT`0?`i|9=l*T7IjT8E! zu-`x^*(7YgPG}m1^t`ukA6`k^Zl5Y$oB%Im2y**bIE;$7w%t;~$3C*F^kOHxHVYU7!jc`I`cd*i&B(DgzgkEllMt~%KBse`k_CYrho%uyI|>Fb&I1X%!C=DcUHg>-5#1$;Y_8r_n)8>#|uu(0J^JU!BOg5Eith{S9lGdgaASLs~_iy z74eHjH5Ydt=2{u}R^F@RVgy(ha!?OPQXNuE=r}P9QJ0)$5`XBnT-XAYc(_ za5fbDw%T5-Rb*UYYA2qlWi=Na>Wz(g-8m+JxW`?K1 zd0%3C{~E~Q*GUe0`(Y12Lg|EkpOJBNX5g7P{SUyRuEcjIPQDD7@4tHNFiS^YR*wa%DR(Icrub6}iDeN+}IccPd} z0_}~;T|{cE*z!zjt~PM7S4%%E3LE&~lgPiA4%1}E8*f065TMt>^jX|6tQ;*yXm|2+ z&3v`6++{gbMqCMJ#Qp_-FZA{g7x3V$n(#@B@?D4?@&K!hMntcg-`3piSZ1@~OJu_b zwjS>VTw&vsdnUBLRH zpk4Wr;D@B&H_Hy{OB#);?2P3s_l`_iK0P<7oT;PV0l|7ha)nM=)e2DobuW;|vIAKL`q#$~SIke?v83g|rtM8v5$adECSvnMJ7N${h+AP|Dzk|B{B&N< zfpRc+y3%^Il{_z7_cHz+*3)-l$4iQ;UKLC;8%~f;NH%be#;31=orz2W$|9a(>JHW_ zU1B^`7`^`d<J<31u2mZrAELCklUsB?2tYr(L0%ReW}w;0!*e9l<>B9vrMl80}X8D@TnXA57m z7NWqt{eH`IWQAGgDO*>n7x*b}>;N3GytCW2-BGv6WZZ0c%X6K={IG;NU z@axgf>@N9`iY!_S(&ENy`Q!Vp!uBkH!Lo|F_`x^KVbOg^I2v*lLsz51oBR@ zgNHMfc}eD8G>DW)*67DP0z>#S`ZzKtz95?H8>H02dvQLDOL^kY%wkByJJ4by8YYpR zpjR8$bPUw}uVfvOMj{3R`O%+AEfW@R)@rl$x8SW~=j`tzZ5PS@_SUL2{A2JeMAwga zbM9y3Y&kNU{YX+6P|Xfx1}sKv?Sk(Q5?GHdrM6!!IeI+{#60K-cdi)ITJj4Apa|OW zvso>gq)axrXz4nhmk@&qo*Ws+NiW5&G4Emfo1);vQ0Ea0XCpp5ew|vjolp9U{SCJG zj_7v09on{D8?(rG|CguNOxcoxlFBLzU$GZh*T!=l|MiFnzX?jV-`5>Wea8&a2!({W zJR(QEV*kjX+x8TKFPWWxE_t-3k-?R@kps(c1^8W%5%}r*OOOvX!o{)FaKOJ=FI%xc zq9P;&C{rOlvf(3AZnYriNt&t=tRXF!Y}dbH5duC zMJyS>G15CR)i5NaVr-7(AygrST�iE^W~28sMs5+sQ%64p!DAetQYmx#M6uw|D0b zjfl%2L~K_yZO5+*w@zQM=C;5zaBEw1Pz|}wPgg~yG$serN0;jv1lx@;8_$eUac6M5&l=(_I4Trk0>>38}3KshVSZIM9U@N!Y5n z;teXn+`hK)L_}3W)1B)bA*}0T!9j~0W-=Z2DZ!Zj-v3cBiGqAryE(-HW2C{ zv2pAp4bIkW%n?~%e+%Tkn~31Fpv(BH^ml^086tS|r^)Gd{8+BlncK0dH`x@lk!S*pYgGZv zL-;JP^^6GOXSGz+uHl#_6ntK_PfaOcS}hkmk;u9ng#A5t&Y^YzEV-8SA~NSpO9Zr) z?DthSxvTa{cdSds!LjzqQ7ojQSW8w z#m`&&s+f*Ssv}GS*#t9@V>Gz9O7a@9z8X5CpsUda@^?V=O-J*OI`tqjnJkVhEttDJEClL%R{%VX z5x25BW4#h#mQ`3facQd+qwA*fOlV`n7bM=gZe5QaaQV}VCuWBmkAbi`aKNW_t59y8exwphaw21D4B?0Hq~M^@_WY!Ptlk_nu- z=+tUUL55aY#gD2&f^1K35i_e2r~LKN9cU2}l+B;{222+NkmeBUPY}GUzX#%q0SD`S z^Xt=qdyf3(MnrORd*$qRuKb87QWL#z0a63aD8iS43GaU;{4>V`mev6}oRQzO3*;98 zCr3YV!~gF2{5qon-n0o&li4s3`2l+jW|cDOq**Y{bA=#nIxOBfd2t9TeSB1kufsI$ zxE4Oz?+&@w=6gLh?U-;M+0cfg8^`C|hU0CGgGYXsl3;D>zg_-^ z9uv=09x1qp@IT4#9wag7jNE{khk)`-z}zF?XI=ss;OItB`!S&FT^|Z)nQI&d(0&7W zhX9>nw1sZ#b|emqbT|-Wo*ee~!?0UFVJ7mfdUWn8pqK`Ih!-*BHgWAr4A{G{XIvKM ztub*tBgdf@DV0hfIn_`bV~f#U*1F_*z3>x67v1C@+ivknYvfd0T>V6^x`n=20C6*V z$g3C{9@-rBoqW0Pu2+VVqO;HQz7{TSUEcU`2lp1BElgiW>wU%WT&rVlGOgdQLF?c% zoyxm-Q2{d_)i7Fd`Lx?z|Cj)sbb37S#eZjqMYzqIVX9-&!hg=XjCTxb+8y>{`kmc@ z-(s$W|17<%>My_Z+%{fbMuMWjV_Erio;g4Ofx8Eatf;kQJDD|y_^{#;T&3aqFJKmp z4_ol4ns*aGE!lz<`22V$q^}SaJWq55T{z9Udw@~OMa20d`CRpz&iOYpiHw`khP|<7 z$xqlgN6o?rFpzJFi>S^kL{0LTwm==SdR%Q-h-oZndQU$KoG4NZPP71|c%5eZzBXJH{0qspFZ` zPO6ggyvGs>+Q4SL#l*VUh`sSQ0Iyf&IkzAZyXL$V^?FCG_B{OPC^fFD6L^r+OqTyG zRhE|G+E?A=_{!bh+cJApAG*CGeD1(b!dW$#U2SI|HEsZ34Kqil#Dh!6$?a0z8W1~E z(a!}2oY`a_0QSa7xPpcxKnD+t6}OfXOY80PT?MaQsQDsIi=de6NpDWBL+6?biA(3W z_Q%>VVE=;ep04^RS%U2Fi2PuO%4bHxWZ!UGC7Z;5?IReNo4u92#U$V>heNLHh>2d8 zhR2b=s{Wu@VrKJ%7rRa3#0tv>ZBKIg7X5R$;xdW@-Vv`YHw`^tm;%ywj}4mwa(^r9 zo$^OTm1QwvU>*tgZ&HMU@4q4Uf8`77U0;*Bq;M~2vmeF_O@8sx6STdp( zs+d+w9~i>P?sLRc8&BcZHvL48!q6EF0m~3?JdhXkcio-O(7mh58n?}H+E1G_+BI#p zL*r{W4H+E-+4kyBX15lQ{?fEyiVGv&%;iv_j4_*a=$Wmh(Kh^~Lh5;LW$J&Da!0`~ zuE3aUx`3de#~pxocGZT8rtcAd$xKR;vJsR;r7<=}s0^KadN2bO6g)@l;UEFUiY{J5 ze$?7DJ>-%_lnris=Kf-Cb?C|0U6qGT8)0dP9Dg!KbvT}?X-Tr8ffX{!W~)&K`g(tk zh1-tY_kd13UUgowrsvsL9*&7UAXS(4RJqvJG^0AccU!Bm7+8Zfw@D?^sDc{x+$wq{ z6w@Ho$5En}Y69%0K1BX83UvQFTL{pj0UWgtcmWgzHJ=Xb`7|>Chke?KKRgG&5E+8% z{_6VB0hq7>>KMP(fc0U*7C&n){pqb>)WH2#lU@93?qH=lH5SC-v!SCb5Gq=wk9`*~ z*t2OYzTIsVXPYE)=U~}wF=!b_ILTz$LZv!7Co=FqWD9XzsaiMgQ8=J1U_*U+@35nr z(*a9Hz!p40#!M=vFm`t?V$Az(!NJLMef635%7S`7fjuAFm$t9F57ZR^iR>SgRe;M^ zLY?pX^UHs;eq>Jl_u#+TCjZ!1^hUpuCGJ!&nNp*gav&&k-Fh9%jxlHAkxVMP{ZhsGsDSJ zv+vU9Mw(^U$%vonDd>}K8E>1;sqSF}^=8d)g11NmVa3&Oms>)27>k*xgJH3M!N#+L zJm$7IRt*VCHq2iG9S&ErZ@D)$i%omx5PRI@I4&wIFrdGfQzgQ*RqvR!<*QO=a@SnZ ze@)k9Yg(LFa{|;ZXLvbR{2VZ4{}TA_lit7tiw<2xfZEE6sr!N^MhFRS8T!Gpe<|n6 z4HK+qs&WVC=!f>sTsw0a9ltc5`f3_JqJ+(!F;SIorR>1xTw@~RKM^b_IDm8J9FX`m z-vrMXt>*TmX%U;Qbrk#62>8E^#N2B3T{s#H_s#P%rT=n8^Me0#JOdX|nBok>H-2T&wtW)vl$TyvUS zHp!9Zp>uD7;GC`bf&h$L za4{N0@0!_z=$Zq^R}E8Z4ZLRMrF5DFK*Po9xYQ z1%_cBjvj+2Xq3;~r#*|waxXBXn^$y@R~NA*t$lWEhPW94^C=YooMTIun%{x%@%wHyth?ujVHnGgfOz!1DmuJA|9C+T-B+r`AoLleFc$}enw(JBd_ej;nN0mH)v#B`HE7eU>xf_09?<9uDH!De0}Vh?iwmc9 z4MZJIo7?a`RZx)g97cs5!{CcCZpfh3dr6uf;P|sVwmhqebCsU^L{!q()mHhZpTjtK zHG>+G4%J;dDmbW!bdXGlOUVP0fr!&W#P$r-z9B&8+-q;!`(uiu zD6Nbj;sVY@M$o(0Bkk^nX7*1{^U;CjmRP_*-v^=-vCa#?r}GKWopvGf4WRiQi3R}h zp8(Z|Cj7+1^Q>)60uQ^P8h?ji@f&>K+~x5O@DsdGDiN+M>R;AdgDAEQ0b&4)8~7!K zFYg%pW1mgm1lzTf_f3BFk$NpfCM)2jL_)uZZ27MyHoAa<71-lHf|>K7-A#~*_(tbu zE@kWHYz~Bbj=Zwn&<&ebs=@B%ek$2~)snlZu@B#@kcD{FuciyG<=W0}R>>~!Oow%VVI5-~?^5F>M zB&A_93Ro;N)-ZG!_*9mIAMSj2z%=2G-nR#Q%+kNjm&tP|Ej>yL^T4CnaFLtw)U~~z zc=WM9P4rs3)gbW+47YcURfXBy8us=8%sH_W2&Slzh0J^Y?ecc&I&Sa-6&E1=y~-YJ z50yHx_RV3sL)Mk=jVxHqiu_m?S${j(9}kKxd0ilje)cUNqaKD_@59i3h6*CB3YDNA z>K-OL>I+>Qb0L=HGt7TrVYzX=o=z0w*^aK*8P9Y&K>226!lt?wpY;{*WW3ILmxz>TjWkuq*kGk*Y?^G}yCCfkUd|ndYpySlV+~E#R zQo(#4rVFGMoXN3cBIqtP{o-CHu#D&6zTWq+ERq#+7*EJkz1V~5Pt!-A9to74_3h4i>=DM4|PGN)6FVU3UHzx$r=jyna3+WOr_ ziBt!9yoHvb#rG{lisQCwP4fty3ce0aCFnROBF>R2SENXht%F~QoHPrmUfy5Q{qw3h+h}dabwh=y2^ici=ux$*&-QWRF2FU{a zzCX)5<*h6M^8IVQsJ~pn8pJ~TUT5>ZViEu)%;zvz8-vZGM8&B^}qjJ`ZsG>>?IPuXn_R|f$3*mTZAa#o@Y zFK5a*IXcDW3C)ap@#bUo6jy9gXY8C^B`WH>NV4CW)c}LsQ7`;C9z)!$g}Iiqe7lVC zhEdJS2o$;AzYWul_9zp166sGhi-i{5$|#7lSoqy90tL@ zE7bYracE1ji4=Seh+(uWo@*aL$9i) zG&#fCD`F-N3{8GdiL_uT4J&+wky3(lxTRP|ixlI#j}=Eez_7C=Uoy%P?!U}V8nh|{ z+JOXX+hxGapOe1!`1+p7#9A1OC)`hWi|^1lMr0?nBfn>P?wx=k0fu!)I&0si-6cC2wj$bBIPXTS7K5pSFoOf~ zs@c7wK^seinaS4qfYP^Xmx%0|_U^-O)x#b9i*k$L+^)U5mcNBN=ukqMua(t0Ht~f$ zH^BvMI_C03ucn`s+ou^jypBD4gd@~ZA8G^tzz~RA9!qR0x;>8c22wu~hpvtr8N=GN zP`<<;^C8;&TO0pjVi|~I89Xxk@ijJ{onh8+e}5m#GDZ}|oM`!o;h58(T`?p8*CE!L zom`#4r;WQa)O2E9b-U@ME7J490x=}4wG#2^;~v5a^>fp~W+yyh?VGy~5ID)gi`Pf9 z^apN5y6VOpGltRN=_`d(hl2l*^hX!qdfEWboRYBhYzMKhX2HT4)%Tj6oipK4yHv?1 zhfqFCu!I@N)|u7!W%ZXTIGMXYOZq&$3A%YC$#a|;Miz`s9{=0sAz7jXFM> z=_DcCu?IbNWiR==jN8YTJgz}r8>IN9DbI+NHzI6F<3b)I8pmfrVIDikBO@u4GI0*N zeVJCno$7bayGQ7bwAY&BNHHJ}TE3(Gd{s-IrBQ&up1(9e%Cn0?Zi6JoqeY%x6T5m< zW{(q|QM$*#9c!#*rMe0{$?MJ?kuurYAK|Oq+6zp2CVUC-CVc;=f)pOJ<-gHL1*V?7 z_hxsDy5g)6cb#On===1!_PoD>=}5Gf?!~39%U1eOBIogb`?kQ_?t)F-zUCUb*E<&( z<^Tf>lN3TQ{+@|78o(d0ywz*TO@IR?og)b)^jBToDwqeQHA0mZ>)>Ct@2lt`GdG!i zR+rb5;m~P#)$LBWOP*|NI4xokS74aJMqkA_17BOl5hbytV4wvm1~ee&LiSfvV08hY zicaAxD3v@5+QJyEw1$k9nfR*c!M-4iUD?+CKF8@H@c9Y_%v%5U_`a`Oy%U{++K^=l zeM7Mz3MR@JY`^ffGI_fWO1Uj$fo&QJ`L|-d4FSw85+^&ryTMgy;XVyT69`{ZJ5$+` zpZ2UzCLTUGiTCjNZ9E+q4b*DO3ofB=Jh}o7kI>!xMaQzv72I{^Ur% z8)yIg-M;d#NhQ|8yjT90?Ll5ZhenrGecxr{#JIvweOKf!Y99e&N8Vo9*etMy#=1T9v0Y=DID(}kM4Uv$DPUTO=kIh@F! zkoYs*vF*bn6R^Ma=S!8F&%VFgDsxCpL(N|JkU+OM`}*a!Y0M{ELVlI z2xQFyg-5T2ol+3ZXt`NRQ-)hR&z!_N44UrNSLzHb+y%c z;tkziJ;9<6Iir9o$yXeRawDOTmtoJHnf&H5>LS6giAo_dY)p-cm>Dtgf0_b|D&j3Ve z0oMjv6o3Z508N;{9BLr4i4vl@W<2u=X&!qsM=*N{g*}!WKj+U+=X1qiO3?rdaant| zP^O6R_v-Ee;(=`pJe%M-sIb;Vcl zoY)7$fzUIt3evMMLbDD#i+93#BTHf$4Kzs19UU1(^eWuFQ0=@W6wmE(gXtHvS07CS zAfIpa-Gl!)RHy*&R$UrY1nbo=MKpSH;g3AiO0dr1^7DD7_gL94Klo$C8^0K0NA?IK zQV?P}DPjMs;BR~da+Um3O^R>fc7HB<)buSBNEyFoHdscIdgtWh)(@hLiM<_!Teh0vOg)p|Dae zV0VH+Gp1-2;Gpsv)Bmx(Y5%JCcKUZfP@Q}PQy$n0`e$IkJ%IT4{Rfiv zGk|u%<>#P%4;J$b==)j*yi)~uUktpGwSWKm}SZ%-N{S05l*Jd(9I>4G)N2tq%=~sFRx`|yW6vK9gp1CTKBuwZSg~lrkFtC zd5@G4r#c{*Hh#4ejx5x(L<^!z@_REIIw**Y>OrT0pcMjarb;kYARGl(oJYX022Zbz z^A?=A=aMS(uKv3#$g<$$-}?=Of8Tx5b(v&yS?=hRog7pHX6yl>en6NtrUYq$!XX=8 z#Rg!PYn0NNkw0Iac-Ma%i_Bbso2Kh9hhW0GqMmzRyq&ROGt^*j!DMvms;dg8K@j|) zR610X{9Dm+S7gD2i3g5SQvht;I)U;Yypo#`3i`|9|fUd|UuP`Git1fry}h{(t#_;$UMV`X9{6!Tvv)iRFL!{}~*dOss4~ z%q*O&oa`*j9Gt8~Ow62Y9PB_uO#ctm{@=pg^*^2ewPN<4VeRmL9rs_Dg~k6(p8qL^ ziRl02|Brw$1`5bG)^h9F$;m=#cC3_A#*~e%m_P*Q`)8K65k&Y3|R5PDM zyIF~FI-c~o6w88R!1bj=+bQZS(^P$1&XA3}rs3L}`hVw^sMBF6K=~hI!EKcq4es@I z@Gr-QW0}Uqz!UP?_W1UvPnq(b7HZnn_NUG(qsh-RJGD22vR&9B8t$LY-w(gUx|J*- z$v08JPYRzsKR`q9SB~qU@n6Hx_r^x`>)5y8M9ORc@8xShbW%#XysC z4gEQQo51z=Cn4m)H8C(^1@Jl@{42QdUpSin*4QMp<1VHCcYycoH)pkN+W$%f_$hpk z*aU1?0U8?q$MyV|Z(V1+?mFQczACPV$k%~GK*3+>1;ATR-AG5zm!zXC|JUEEz(=dq z>yz^V4SicXxFx{&r=i%{-)yGe|1<;0fu9-L$uXeffVy_K(r}~Vuem{f5lAL5oQe22 zqs70bpL!I?eA3|w{g1S6X`N3(lW;#sE+apti7R0`WV&{jlRLF()oaS4wd#kyF=!tE zS27HmXubk)br;Ieuz?|1!D-_T34x?cJNHl+io5C8U5|ZGdF?x%g)iy$F?}15$C?YT zket)2JU&XiETFiHzi^gGe?R38E^l|jmW3HqTDT&%K_%BTz zKTMs@MF|+EFQk{zAo+Z9ZvIWC%V#1pHy}0_@A@JjqiNg;1d+@-U#ty+LLDR*&QFc6?JJ%ssnYU( zGAL$8eIaZ@Bo-hwIPsYvVh3JjvmvB?1MdC@dK?=ud~l`Xu*mvdfp&1Dt-okH1ac;| z&M)Fs68?IO8nk2EG3b}aDs2Yn;?BoFJjSkk6Hhssfee99i-{jH6xKJ(h1J$dK-Y1; z5w6Uas)jYTT=Psii&|Joy0kAxwy8jsWI)xnV1v!}V2KW3wJd&;q2Q&VufU`UD@EZ* z(?g1bjC3*~dUcT)aImXZk}iSP5J=c0*W1EqBe50!74T&lko{jXgPEuYSHKwm;!RnN z8y!G4!ZpA*gVIV%3>Mpaf89H_Zas}VcQ%g4pCF)R>@S(Cd+9Vzof_(3?U)kLM0WX* zQLhSboCq+xabq+twKkH32~ir+L2tT;)eImAl)nEU>g?V6aIx(`;RvFWeFQ_%V?p7; zSGE9Q=_&={ma&6-iONqAD`CyJ28bgmp9;6^&G$ilvQ-e*li<9kyPEHH3PX`AoG+`lbsrUh#lqr-7w@>F~JzsRK`fs^LFCrOPg#Y%3+4DPce_`2;f9Z-V5i`?>nI zj@RRNAtbeurvPL|l~kdHTXz%+KASHl5bBK`SV@c*xv-%nimSbg$f@Te_RKl!w z8^6Wr*!2*LFy$0GQw0sB7&2d5%Mr3iW9NWV>uiOj^6$9C`oxChS*Lh5^07L%@`;^ z)Odi))4Y;R+Z!U9@mupPK4$EG0MGd=n}XIF-1kGvBDVX;d&*izbUcJWn zg=d2flH`L(tSdN|`1z9CV1(NJ=@QPyA3IV8jZ6)MO7< zTY-TtqXRP+&ao3$F?BNqZZ5^2iAVojYyJ5m@L=t+X{EITgMzVDFG|*W zGp5gM8xrWq9^O$yeeuz-oimXU-8n$IutS5gGliKjV~oNtnFook2A_jpCzFTZ^HHu< zkL34OM(u`}u~G|$>25Tjgx8@|@-hX5A-tx*_GM~p?1b&$r;V2LCNrE<9l{LG6eNab zAeyVhVc#Y_N8K)PB*gzws%_Au#gy&|$`79$MwWOj8s8ymg}1BV9$I467y!Nk4<0u6 z*_JrRwyxf!1fGTHg+ne0x>#{ht}4=L)2Ox2tgGf+M@rqs_hrIxAS_Mnm~c!AW1`Ww zU1hcmR|92*yjA~LY|>+tv8khM)3B}5slmmZR5QMCrXN;8@JAxhG9p$$F<7@5!+6RZ z$}Iiib#weYb0IdcU*g~U|8X*PO>LhMHg=d&6cYPe446HMF| z=T0|p4f<${3X3c)A#BT@{CElH^c?t?&ARKmoC#O5lOG7VmJ%&UZ4Hr`$OeYC4ATat zrq_Y&YV_To>|eA`>ad1&WDS~>335Wx8gxjHujut6f=D8_a6T2eIy;NHwVpJMu^D&} zK{ztxOD|9w2E#lo|IF(npAybCPXplp6h)s z=@}adMAeb<%mFb%;9?fo3=CT$6rwb}_}@s-YtmB$e6>}n`Yey%0i>e5S|G}%F&>aJdnWtj_w!S z%oqdFBvVhj!C>PQ3N|D7E?Nv3$goj&s|}{9No9}fx31vU+FpX!8qC}xBu)%c7nO;) zY1UyDfs3JOXN}PomO|x@_wAEKeFd?H>XwO;G{y7<(MM$2Wn*qO$-e3_ATt21P5~9F z8M7nLVC;c*b<&b=0b`PF6`BtKj!ri(AxVBI9D0Rf>Opciv2|ehm?C4v6pe%>fa&7e z!)))~roo@Yl4Z#_AXU&Ym7JT_TK8guljp#nw_&t>jgfz3HHuvA(qan`8o;NA z>8>RuR__7PRb8RrWe*VCcQ_`Bv;wf0=e?-3$g`f(?0RjBH&&mp&> ztdqzuM)pn2%x*N~^CWo?&A{#C1=41>6((XFiYt|XJq?+pHgU?H!cGLOZ z8B$rbN_@oyHjd22eE6G^REx!5JDO_g@-Y7|$C z+q&zDN;zMp3aWZdb!~==Z6Dj{){TkAD{z3tdPjSZkWrIL!y{15$$plonl>qNTt*)K z7ywL*A6Ua*`>3|G%0wT;lz;;?yjV8+uf5iTWJNKs3UV|ybY(WMjp9l*aHrfVZ^qTCOXM(WL@^if6vNV^g~+wh!S;yRsLL~xXbKxc=(N`riYKHP zPYY%mW-LzS{;Lc=PXp)^0GVSFg$Tku{}YAMGHs9tB`1rBRL7MFOGsJN+dLNCmSR;P z(3gXiLn2*=Uf8nf{a5V>Izb;?@ix|@figzU*t&DgJ`>yLIf?6C&Wf(@{A1FkvS*&^7 zB)W~Dm%M~nn`mjbO2LM(c_!cXXp7638mII5Vp)dP(g5g^CSSt${;#(l9EhNZ*hu1}gEY zuWWPngBgx@q;4i2K0Et0Qw_{1Y&yJ^T4FshY0`GvsunN~2{TDHNUfME zL69DfnqZLO(gQB;_**$Ld}Y+_QKYO3Un|^cF}^08rnANcFk7PxKCkhv7+a!fUL`MC zt2&w0WF;@M{e_DJQbFLDn|idsC37vJOc$fQ$8&@?%bTHOge9eK!-4GUKI$6t)^80+ z^JL=B#^?C>@b5KuzA1*LNQEdQ88|Nz*MgTHS0OFSK5x= zLiM|##HP@YZg+8)8}6azs14h%h8kC%$WXS~@^0yolU+B|#;RTVhsyUDg30V!5Bl23^%!kPP zz^L4*-hAFEQ%f%g9pIm=e0&Qy%_11~+=(YNwru|_)u>j6OhuJSJ@}?~OwxgB_IsC6 zQ#yme)*47xFg3U2fk)ZSPf;+X-E`9_jVoUMdsAXk?mv7a|4mmIRDeXbY%N8WO@~?{ z+z}(e%>%q(u}FpIA*XPNFEbE+T32Y80*d?RK76P!fwHSxp;dk`L(ve29CLwH!1}Wx z*08_#dqe9ZKyW4{KfoX6rPN(+AFyEnhCq40)NQ-;D}S8Qcsrpb3&Vd`cOdy z5kM8avo25E-k6DFknMvi?HDRST+r6qd#HYa_1p&CNG2+`U3|^1Cfel}ebjrJ37seV zME=Pa+5{^8Racy{c~<%AsTEPTl7z?S$)FO;Rh{z4OTHf^D*8NoZKkPwv{RvA5kQZS z{BN`FLe!;Gci%LBM)^$7H)S~AL8D0Y2M-}rL$aK$gbJlB4&sWpI+#q+6oOEoRKPU=S9l8+SUVPvUXefcCKikNBdJ){-zvgIGT#eg5ILq5C67_UuI!2{@9*YlTJ@iu8@;9PYkt5Ei zl^>&^y2JvOssCowepqK(yLl#~T>6%rT-F~OfdPGmrV&GXQXRdnF# zR7|a>z_u^W;NIoa?}CB(r8Fpl;C^4bQhw%)fst`U_*$St?4malU>Hv*mgL=mk)cwT7XB0 zc0e#d|J(TGs@x7fEqx7fHU!O;$?8*v*cIUuGI2-xsj}G@;;)ETQ&hg<-|BN2!9a)7 zEIVj}8iTcGrVt$t?=UTWe%}P$(0FHZa<2i^b9dmB`Jib$N)+3;PyKFeDFRgWIQRzx z*K{0|Vkg(x8h$>e*6VPyp4}&M7SE*;%`H4hi1KFJB*ab2Cn`>FiRp#Y=(#!QRX(0c znIk)RLW3AAszyZW+m@<@?Y?(+HRgfU2-14wYOnH_Oq0|@ycW*|0ROdOc z1T{2@SV_g77zNx<^hbAS@}77qxGyj_X9-Jep86*F1v9N?)8!i)J$-ax2uSBDMG|H! zpSptPLq?WhGRr`<(aEH^(5k_83t{mFE>4vXp&$^tlDcEN^85@7t-h;M){1=(+bi^- zBYvmPWPq4pGuYT4*jF*bf{D)e)HdwgDm`GK-KQ+|!Vq1{%0`i<9;6-a$05!O=qlv{ zqefJH-P7B+Wvp7-rpZL8%8h;+{byOLBg5=vZKDEld5zeaB=k|1n8+FPQj|(~*U1hn zDVLJ0E|B0Wo|06{sv>nXIe}ursd=M9E4!@jDq?2F-~WSr(@Gv#g0t*|)u&ty^DtUn32%rZnYhQ;cH5J6JN zO7t##l3}*?sIwN0os1qzg(g$`D3|2&6Sj{-M-;f82hqrem|wpkv#xxcM2_W)gK-10 zDF*B*85RWn2BQ%x?6g7`(TuniLBsc-3Q}MUl{?mFq8Qv7Vi4r$;B&3haO^Jqf^Qr! z-%GH50{^*)heu+aVww13JoR?W#9=c6V_s%dJ@c`${{vk>qQAVZO=*K<3!OuwNJ;jQ z?6HetiwJ8!kb!vQO5Hl$-rFl$VJ`sgM>&ut7JccpCQqYiMKI}>osTN2LDU~d%Jj205f9^-tOCBt*@NGRe#qSxQVSgq@?asxKs0;e z-Pzf(w5lT<$5j;$+A+I(ku{$~WSlZ8w;3sqqJV`4dKn*U3aA1NH9QrF4DIhsC;>M#Xf zMZ}lw;juuWToiv11|y^eT9h#?pDWN|TCj#whq2Qi^jZ!Z>$^P?hspO8M~9E;u>_ri z)8drfVS88^Xa!ydA%|&zVMR(<(lK+WtK_L)p!V^wVPPzKgRF$n!$P&fbT#AKgAG2z z5M#^ew&$QDNVFpDklA(5j29-6fl5M40*Nd#3fCYEQC!uT)gr)^ABlw7p_cb>IAnz) z@N6D%jc~MWOJ^yw0j8=TgW$LfIxZ0-Xq1e!g>Y0m*o6s6x;9T%+axe$L5EZkayijl z(77FMWlT0@bfVN!O4v+5n?R~Ql2xKeI27V-Q}vjZD!CO~_t7elnn6gLHBcUk#nA#> z>7xRGqbq1YrpkGB%pH~YE2O5x2KP?Ifr5W5*gLtJF9w@M? z<@ORK@{C-#QZdH;Qp8!x6^iLlKLo=8thy|knJ={+RKolR4X4&fwcFl<+CRhbo5@i zUnRgv$An5njvCiPHw;vIFsVVBlA*e@)2nnv^AM^uN*jYu(KUvH>`?xI#f@WRiK2+q z))Y(zV3)K@A`(*DjjmHNaMT8#9XR?(3i>e6A+o;AJ0f!AyP;A0hf2*8+3~4+oD%&iXYsL6&Ng+1Oe zOgR%rMj**U;OT@e*i;BGgw`X;;EP(XkT~v2`j5;kHa9*09NNhBL<=Qr6qWQ+tF5GQpJW{Tgw8xjy$=*_- zP;?9wsVg_Oh!hv$>$Q`Kz;YQy9?(N4q`m4GJ>-TIZpJ=EAEf*h=_sm6R5%p5t`w%H z5z7z(Pfz#FLK*1>W6AC1somKW&%uKQ;iyK2z1FuyGa#rqs-o3Agdz} zm2FKaRk0MJ$JC3WUN4OcYHufWj6{uZW*xfuvfzL;pa=Kg$siq zz8rgcG!(q3Q10EA+gDgB)ogisz$}m(j?V{~l1O)jdxwsAY^OEodcdZ8qEN#Gqj4sv zNyi^q<^PD2dSpy70*~lP?YU-;i~wsCl_z_izlyssvKk=;Qw>m-c0x3=glSO>u)wXh zBwiyI%xXu`ac(tthRB@uhleEzNb*J^K8}3M2KrbX9obS;Coi6MAdeMqKING_s`%wp z;;P-r9FiD>2!j{HCJ;x;V;GNgTO1i;NE|GbL2f8hMy#x$)iGKd@*st`RK;Lx5D2ro zGU#VVg(Q}d^wePovGK52@Yn=dLy2kf6k>S4RVj$e z*cT=718{zhM?|WRKJM*-XN4GC(o>3A5>$a>9a8FDQ_)rVx7c#KJ#)k#sW zuYc2Y>bHTf!;2=lrNM?SaAQ<OlBNrZmq4loKOiYezor!1`~&XA)&i$db4UEpakbXW-0#o)kXHJ(C0;@?5WAp4HQ zJzKayW)hKJiX&+eRYfU5X`}I?VTSWnAs>7dKtX;RarpEF4o^smQ6ta|$Ph^C%`!S% zHaQ`q93~IccxoTceoU8A!Tqs*d1phU zS#mY{Qn%-KMg;gbyr|5mh{kv%Ml%#~iF%%#03-qaVeces9XwiK(hOL+OezBL&$_^v z*DH)u@)iKIzMaE25~gI864F*hqJyV^vgIJeP^c1|h^-{z5$-mf00~$okg&xuql}n! z35z2WhGHhF{jYEVWG}OEm9dW$1q93y#L-ej|(%ou2XTvoY7OwA|h zlF<`LAxwn7<6Ess&(sQ%0L0UB8e2*ejo9Lcl)z1B*8IdSs=SgxghlJo#+Vq9Dcd?) z=z)j)xU@Hnw7yDPA{yp?(&BD7KxAUB#{u(wi()kE3r~gw24+xXt5y723f!C0zDT92 zrV}X4E@KVAe*JYtF_{VWCwIJ1Y?dPX(#RLKIg&5zc_UxY?nwPq0psu`iC)9+?m)o; zx(fYK!1`UA!wbJh?kIN*tkESK4o0*Y6)v@{q4sIx0H%13BF$N*7*a9;-e;#G@prLB zx&aCVPQNxc#cl}W_qHTH1YXB6KO6v65GNohE}!?{r*cxdSVs4yIM_53S60lD{|KV1 zfrXmk7Fsg<0O2Dg4Z%n!r=b|GjQ~J8G7dq=qyq><;TS~N+;-5v58dun48VY%Rx@4A zd|oT!tuSJQ_f{?^2hbJ+5<}^zp53$LmsMr*Ehv07X2{D=`IY~dL;e6|?vz0bF*!h& zoIaTx@R<*3-t@VG1X0TUECB>9vg5T<%4{{gcy)+?M~W@Cx3?vWT1lpI(z7fo@9%Bz z9-i(NDT?2FpET?G{GZRRATQ}^J?j>^1FIW4d_(|s%Zq&QWQGSRNAa?0`!EMcwTjGy zk_;3~TI9D*#olRNyxuz9J6+9v*gJc7^!`kI*g84cIy~FkJrzeMV*BWDXYXw9=n&rC zh^@n)#SeRjJFCKB2FJPUhuC&x^m}wcNGYcxo2kn6bufxhcpz&G$WRAW8>CR{8wzru zFFB&MlHLq;r$hwuOM5&l9`i{%Hb|c9iSL1Yxc}Gs#>V=>|LZxP?EEVO_ouAmG5&w+ zi}`<+Cq4g4_x$DOzrMKt^I4v8^Do7oC&7b<&;Q0oW3m39<(W4BDDIY=ur*H|ll_0I zjrCeJJ^!_8y;@oL|31gFB$Aj-c)3~<01BiT@{C&&I{`XQ%0oRv{%YNm{V&LPZ0?== z_A5NZ{U6pll-QK59|man`PFwh^ZnJgU%eWe5x{^TFMpW;DYpB)6A?7^k_KgF83(5Y zjlOklkQ3pPeo4VeWf==+(2YZ@eeHyJCjbFUrKBMaWgZ7sA8x`I^*aU1%rF)RdCr7} zhh#IrcM7YDfG2!US2hLE*aie%z+J!}X^`sE#Ij8?*V68YO|%Z{hUovQfR4>ET-!uo z4{C-wcNo_Q`F(m53_uTRKr zYBP02b=g9btKbvEqd2sXs47YwUyUv_Qx(!qD_aLAkFO*tHolf# z&q8fGf#%;Ccu9tFKn!~v_?En-0HrgH2PJQHe#KV|GeAyzRi$EHG$ubCl%)z(#@FLU z*JS^|=ebxYm6C4yQ056>^|gr-sD96aOl2Ggkk8DUK&k)Qg@aC!IWgE|lpCWv8F%#w4G|LD1KZ!58&A-42~Pz8O4>@(8<$ zcRSG_k4R26Z%na?wJ_V&1eUDRBr^+DPxixbO{0pAs|z@MJPBi(O+i&5%TQvfj*&&C z!N*8eV8g?e*IDkXv)|h1|F$H>L zks09A{ZMJ>m^2Qy%02}$nNlWD@pTkLm2Dif#M==*>6a9wRF+9_*iuizp_lX$Pm;&4 zakj&PF+jtrh)bC%nU-ZUj{{4aIb>{_glH%+-Q3~NdRGAaX>%cP|mJF37q;M%(ezNp_R zU}lD~K+tF)ilrVTc}oLIWf}|08+2VCU+9h{1eZ!lgB;2{8EhKl7;v+JiV`?cnkcBm z@uZ+1255r`qL)G|DmRpxZrsR1)2lG|&f(NCRm`&Cvilc9y}Qo>x|_I0(q3K~NOLp> z4rQJUR{NJ}uqtH)STplDuox}gr#+H?rNAT~#~0VP#1jbhmH}gC8V{-;q&BEjLIz+a z>m-3!6>xQ1dMRVd{2YRWE=-Dx(aUX z0r2!_@kgD(Jj1Ce;G+wTtpcxCmzPN+?Bq2KG@WfMw8(4Hv^CM;s%aYbAn>tY({)V* zGNEer;gdD-OBQgFWfC0iTc=>@gdupTtW#m4W1I;R-bX`}8B+iUY$;~sWe2yC?|R=$ zu$)3LmxptT74f~g5_?k=Xp1jQZ1{Zy>|N7#ZY1ib64Fi2W}O1FW3}lbbOWkN8U@$P zJ_WLCOR{FZkAkT)jsqB9!M+kRZ>xT%0GS!a0+DeO5C;EDgGfG)g#e6JXmL~3@5~hI zEHuMan%>I9sg0wKXR$OUf2Nz2d>#kE+<->zQ?u+)DxPbRzliLI61gecf%qMk#439r z{4R6961+^XQnI@gg6}+}Tq=cJsJFtqTJGn76CuD_iBw=Wa(E2$!9uuQf+*t?Tr zFtDjCZ*T!+^Hg*mQ8zs_;)cGBK-NK4|E^+OgsOlaHF5~{J*lkzOg=Z{$F35 z|3Ay~MCboQtecEu04wDpH$+{`IH^NqMa6^p3eV>0XXa#He;!AeC}`zZcrFp83AXw$ zS!qrm|9RvhR5V@4Dx%_sg%v;SVNZ>(kIzqR_}{>Nu|mU78mC*lxx zvdvBOht4IJoj`(dmj~t_>1F(F#+mp#0xZ3R6CdH#kxs%0bzVQ=B{8?B@RFF-R~Q?N z&jZ|rvB*<+3@?fKeTJ9BlX(pr|MkX)lHp_z%<1yE;* zLY312JjAByiLffJUEgj7olSABH;GkaGq_k)Q9d>)`hy8axgpF0MEf8ZKu+mif>pqv zu5-63%K!Us`5T9s% zOvCs2AZ6{^p9C6NuRRGQwo!jPC^k=jZ2810eF}B{TZ(|y3TYs0Z$1wZP1~5y2}zrl zKXzEgT9(h#u*9nTA!D5dq72F()Djeu(@;p^`Pku6`kJ}gFv4*B(d`*!89vWc4Vi&Y z+j}|Cxpo%e>z9g{T2zS>w&b+Q_ER)GWBmQtfi?B^(}o}k8cLxJeP=?4hm5_)H}G6B zhh@~bm(9Kx)(T^Qq9*^beKt(H9}7aC4a_r@+MfGCKsZ`n3XEyR{n#E2S!>VJGik5= zKz=zDgwKFxsD0<4tIA?~8kVyTIOa>;wHc?_Jp!^hOMSdBS)P9j(kWPHAKA=`smk)EvbV20)u}&x2A~v+a3csdJ3St`#(b zo>mqYV^fzI-W(Hy??<;HW#2s?l=&e%Y(j=cW5|AcuK67@)qZr}@C0tI!p*snEp@i| zSSW0WJqKAx^cIhAf^iTy&-5yj>&G`lSz6E43d6v9`kvAWL>o1v=o9VqoUrTo?R&m4 zPTX3d&msRO5Yb_i>v?YoKX4P^RW}0I_R7m2p#l28U~+a&NUpS)$^lU zk~VRk6AW23KNf~EXr9Cf0WrEp&IkS;$iHtVF+lQUcMkfdtefYVDQVFB*nxQzjZg7N zd`4}Qe`iHke}vQ9`JZv;zeXJTIZuD5+W&6UD?{hM)!O>v{P#JY#rf~z{P$0O{tG`W z8{~jZbt1W`uPuJUqhV=x{`m8TXr679k6`6hLl4($2|yYL<_>SUv4`O*RmxnlreV}S zyMpRxM;rm>pY(flg=%s;gw9ck#vb=%yw7<2Bye{QZk+ypx;W=bE$83Sm8Qdwi+uq;@=) zN_MI?cH)?u7Z}e2;gQ{Z8in)2VFyUR64J|;1E(}%Om-%1Q_KIhzdx@OUtau9|I$Az zlQym=(Dco#qk9^C;oPm5v;HSl^QCO^=hhiYU%z=(_xf()`OfV|_zTRXCQ^6wJzCqf z(7Da4Pntm)lcU?*o6@6klQ?z7vuD1+An<4DvG=7#@Gts|zW+sz{`{&RdZy@qs_TvV zQ2hV(`a=Kn9M4#N&hn5#XT{7qd`;Q6>HEkiJKs^qDy7X$iB-9!*;PXT7Q{EpGodbY zMGIZgL|xIS>%>P~B0l1})5Hx;35M*6M*dvDpV-SfXiGD?@5#?A$|sNg&Cm}oNB&;9 z(f5dd={0XYW9WbC#@Em5|5d5h8yiFZUu%s8{eO-pMgM`Ci_;#Gy5(=<2!BkV=6t!Q zfhNOreSJaK7j*pz>AG|0v{499m+vAXN@6aJg+&4Ho;E&<;(dW=JxIJA@tfG(e1lh> zJ9jWV-!Dr8Nwk@~8|ebUZ9>ukMk)OHhy*HUZL25(l5=-+8l9Ve*9U+-h(ois4M( zK~|t7QBc?Caj*z|!#hbGl!RJ&rHkkA5uuC75J^d6GgZfmlq*s#<5O_1nXr9qtI{P5 zSYMh7EuJs+jNAX8)BdZmK6L+Mb!}n)^(@a~|6lC?f13S&&zBp26$=TgMdn^@5cLoy z<{!xi$b+9-*Yf}f8cQ%3xusjUVTwHR0I=uA&Rv`@i4Pd~2?kDXnJ}nr=>%{2unM3^ zgrl2O0#ifCRP+ zFzELYSZ0h%sI`S5O>t2v`#a*Lu+-+}e$XwEpUJo17M(!F2YU~7KxLPyQkRGa3Lw(h z^QGTXb(m-ApDqyPe87UlZjZ1Ekr;+qu&pEEmL)oaco1S5`4W|6D=yQ@Zl~dW>~VV8f{T&v?}rj(hHg#p(aO6#D)B7 z8r?@@r-t?W@6(WXV$+iKSbRvUh5#!wU7)P3`)11v+Sdf0K?AY|mi_P=c!DLSDurPF zfg`H1RH+R|0Voz>A4MF%qOZP&cQ&r1*NMP9b#E|a#TDyCm0bBYBDQWQ>9hZ=TBzudFFxq#As3FG5w|SmrEzX7w-Ga2&22t zg@2PoI^krG*+g`6^JhH4fPc1$XH&LNCE2u36DDx7=sgd`9FopwAt0#ce()OlylZs) z+ML$dNy`$;&WX4RNeL=`rwGr#3*fi=qIfI{|2qlB^11kTeDV9=Rti(r_n!xS6Oup` zKPAC=a%uw$;14^*N!xgMQ|4xzsmU%X@#s&{*Ow1eQlxtd5*`F9dRw3g3ylKt*zx_I^j(v? z&SoguGpQK{R+xvxb2r2UHX~*j6Z1KnGI4VL z-FrY;t}<$)vkB_{A6TvT=qf|UzOv#6RfnD>GiQDX!r+q!DI_y-pH%1a52$t$zL?R< z316T`VriUL&Ui2?Sos_o7dVHx#!N}+60EHGd%71nHn=s>o zgTyzn=-9a62FxiPn-B^n74ssPD%B$;9@a4+I7Co(}{?@176DV+YlY&;7un z*?`=SD^3wfA6Jw^Za<(b2k@P_fQpAb$2v~pazB6)rDJH%QTy2N*Ym*C(XSuSBOUE} zo{Bl<#jJ!``6g3-JXd~1l_Nr1&s_beP}XzwekhXl%vhWbCH(|V$i$?cy&*>MjLgFjmH_Q)&d1p0$V$r!mK{>-fYqXI(DfpM8QA`huN8$jbBWz!LwhnPVQ$ULFhIw12L z$d`@BJO?NhabjkAfu_O|RnqQ~Qw!>#%d_HnI>_?uE!0t!A6R6raU2SwJaaFH0wzD8 zSuS&Yei>poVU@;bPxmC} zKT&jL7oo$5T;@U0{B_{D&-(h<^M5)o$(;YJRU3a1>+@GV{rN9H{~0s?=)~c6{UCIn zppNPOzuEZDmFoJ&;{5M9o+WWSh{<*_Dg)aC+-gAgz>`x#Vld9QK<4I&R}G!K4Eksg zg$8Cz=ob=QS)sJhM+;X}0S0v}m3B^>r_gvOw+CXy_c=ef8uUxBkK~-I_-fE=MJ2nHJJY|=ab@fD z)Bu<(MX>!AW#Hf?vAeT(c64%@t}^%UrLS`(`0wlg%Y9vnZqKdauNUyEWnJe^c7NPE z-8(wWoo&56{W=%-V%TePUpG76J(|OnzD|BaiMR*+_s3ib|Ak?P+MO6(eWG0Ny4OJg z9U8GDwvP^u_x5*p#8S5FIg7gYbt!=V`uA;Y5B`K9#DD3&@~=y_=fS_u9aLEk?Vw%8 zuAMoE?A=V)O1G$#4s)dtU3YT&pK`~&LkEMX44s0K@TcQgl#&C8*G`ywJFr3{M88qvHXAEiE62_D!zM#f0Hb>+vya&b|iDu zWR6;?u5vg~smtGMr45yO<#w;o%XkR#OO@ke6!>D9QtPGqs`wUvZ6pwSZqF&wQL=wDyTqipyI9JohCxE_U09t6c(Ev0R(^VouisdyJfx3x=49Xam zjy1SbBV)9~t-fHKsURkCUn@pc44%qVWd-d3*mLV1yQ$$PNR61h&WQ?-Yf0mEE1(H# z;Pi|d6PPnc4)aQo$s(XNC82UBD#==K`<87}fCfl?p(^L~VJr#uH)_hApR&qnGnWeV zXkE2+%sPQN8-?#?5n464Fe@oYYRS}+u{7}kdzns77K>4-LX=99T`wME^wrAgTCsD> zGiacKE&3$iO(u#GVdO$bFXhYjP9py973bV}ba z)6;VjSWFM7uC|JT0Tah}NiXR7>PY1Fdv|9X9)|9_STofOEQ z4dita?_D1RcBa0~Yv*3<9{zY<*xujUJv?h3?;aE`zI2Nh&r?2Q)_>v%{seVA;{3N- zsV~ldpW_)b|1xmh)6_Bb{C8t5OaH5D3;O>o&)JnD4))G;@V;eu0iH35+_>Cc!RU>3 zk=6bJW2ud{Fj(1@6FR_l(vcL#$?Jp;ML}y{Sz*^%#S>x6zsJabD3Ef1MLdJlF&1-l zvaI49a)iGq3fe9m|Jp%&fG5K;iXI&Xa|}ooOESMgmDrBu3D?izH}#1QnNfU1*&=k? zd`T%^--vBcpOYYjbb3uA5CKq(ySGa1T*b&@bPE<4;;n*=)AHQtYSjq3xGEw{ltC+@ zA7wlk2iXiE;Nd#;)iHu#Vqc-@WCa(?A;Nma?G;B0OnQQc?}N~XDmg}^9l(&S=AcGA zMONqTod81!V%M}6O0=2F;cQdXMCuDqFa`r^^KjDyB&K-kQ*_0~&vL+I)H%<~sqTc> zVGNKGyD;_`M33Yi88%Zjy#)2Y+ZCrrZ_Yk!o$QLeQ*nH9^yA*n?v9F2xtfhj`ExoB zY+#Ob@O{e7xx>pisogxa@#bo}$l-rIL);@#2y&MqXr-i4NJz24sy zR26h;dw*;1U{&mF9c;bj0Gvkv<%F`y)_r)li%B`CZwvmvjlnsw8+7IjudC3@lQUiP z!`|ucs@OW&JH-Kcb8-aWaX6s_WZ65!v+BcLhJr&aQZoWs@csSiZqk;W-K~9qb&5SU zGnW=(;(x+3X8%_n7$wvm&RfTn{l8jS8?yguR4R-8|2dxDazf-${>yKQyomz&Rs3RH z>Wvv>oGjd>L1Ju&K?M7SbZ{4uMTTA&%Mbu9+bayh3w*R$PQl?XXl5Ieu?wbc6Mw-0 zp|jtc4*d2o*T=yBALc|bPKB&N27!jpK=?ULwJL(t-!NXxC)uCAEsxMhGJPLbaz)eQO4iE-l3+k%7Y`r*bG81nGD$S2Tr8Za-SCT{lDQEL;odLTZ*op zppI$se|4=kB>yk&|9PHg>96IM>z7+}hb|LV;rKTq9QdMG6r=}EA~K^9FPZo{!bBI5 zKf?I%c~J~RsZ=hB;*UQr$j6`J8MFRRcDHs8c1u0`De9Q6{~x;lw_aK3f1c$@nee?b zo?LE+;zC9oSRb+pmF-KndGS2mGiLp(i(sFmjtA@is~hW$+Cu;T9M6>bf0B#fr|JKz zYeV-xt}pI?dY;GfDOO)|&>Hyh;MH=0e-y;4S3{8pNk_~9v*k@pAhWZ-N=(613ut>; zD^==+m6FsIf4@8~BIL?SF6VYcx&b-5FD7zC%W7YvB01s_*^P zlDP3~0_LdYIXcGoAaq4uhPUkZt&(RA{PtDfvMIzRmnn0ZGFP9MW_?nVk2>%?Uccf- z09Bd+_WFU39%|y86cl+5$awACFFYj=)ZcE5BiRewr|{V?yZC)`Z*(f;u79@C8-LV zY}$bn@s(X1UrwZ92_5c?F(HaEaJw7~qY^v_kp@;OEV~5AR+-RH+3ip038gHZyKa0n zXyFu0uYX9*B7XeI@|7t_`Ki6uD z{r`EMN%8;rgId|kJ)r+UY9AO+U6x+e7m?t}xdtS+p)WlO|Gm%j_#g9&0Mpk0#?bj+ zt+ui7|9X~(E@^cYb2Wl13i=T`10;4onloy7K?}BrD0afp_+mt^HW>^GE~I{ri5uUs zdM<|V%<1^vSB_U$6@`vt2cd<(A`lZOC3KutWOL|ms;FQxoS0I`rQ>L4Ta${;_L$~S zO<&!fE7q0mXCuYRCgmt3t7?3vRFW&zCCG4LcIdp2t_8uRS!QVG%*|IhJcT>%LRq-HI?+7u<_GE8fK zlT|;twr*P1?j``RV;txYg6BVnMZd-!#)2tKaurywjDdSu54Cnm6tpHVPUO_+rOt zK@LdWlY?@}Eo@>WgdlW(b!_yJj4rY9mmnDHQ>B*cU(!%ImW_T8m*qi(!S~yiN8ePP zYgp%Y5Mtm(4-ZB#Ubq@FqX{y5O*IkwZPO>QY^Uap&k%~}$c-0psX1IxAgT()7TpVm z@fZhpO3kk_(TJbQR;0ewxXJJ7EXfwT`@%Sfdw;U8a@F*l2^r59$EZJO;Tc$m7|W1c zUP9*v9sQBnz)U0n%NcSbG4Mk?g~B5`1(`aqAKXHDKl0jk0npR-oF-O7{yPX3?-z(1 z^nFpqDm>B>e=%RxiE&W{L(9Xwr7a`KWXGwex{xO55<42Zd4iz`~PQo7V%#f@n0A5Ul;LT z7tep^GqnHnR`8^CJY4_ZsIILo^#9NC49)+OM*iUE5$8XZ%KBpdpW_*tf9?7EM8Ti_ zGQ;_QV<`S}wZ72*KFdR)pUg*wfhyz@?_2f7@X$3svvV$#T@`XUHdj}6z*>QnUln-;P)X}}dAo5Lp>GSN)Ur4# zNHlQCB$(uS3;rEQ_g~@mpiC)`h6LzE9I@kY@^(My8E+|PYGA(9heG6dsB^({dk)T8 z82+g4Af!B$CHK|svNXEI+tdPRJ1cNl4YWemx@ZLZyV8RFZklhZ#H?k&(E5K;&o6$a ztpD}K#?b!1R$Ivb&+;s(BcGgJC^BG8J6V8g;U@ueBbi1GB3F&CEDsHb_z~8pzqq<>$xvZE%WjZ112cd0UM~9Sww!vf# zfctX8C-hFB#!~?o>7|APig}pA6g;|^(878V? z7pYf|%VFixjNE4RkWvWaU36}IzlvadAkJuoN+a5FDIyXpXcd@LPsOrR>XtG?d=*5o zXhRB!MvDT%FEMo9_)l~%a{%TS1?BwZsc3FsTDvv^IcK*~Lc-%((k zve-tG=t!b1qsCIjeTDG~SCXMa4cXF?c#}-Y39ltWf5ZN;nP8u+4R;u&#>ev3^{ZKT8sc^ZLt zf`&c04!M1i)p39jjc+E$Q&x@iQiE!=Xapsfb)q#Rm(7f_=)mmp7g(DmB7WQZdlN^F zPn{k6-pw6|4+GCDJT&-N*W<5GkN>6o#in zOz9iR&kZ~t<>R&&c((X%cb`7f5Bw;%1af}EjloE&t0by-M+Km{PZWySgiDiMyrf2N zCECy2spE*tkw&(c@+^?vnW0UE%2NX%#~9lnGv{(A1D{9tQm&CpDsLY1%E^&4rVnN{ z>gc7YR_o9bJWdXgd0|WUB-(AI;VS$(-Z~K95bfo2IxK&g91mYA;)It8!-gNha17!r zRFhu{k2V|HUoQFDQpn!7!ibTl#}q0e4jbQ%{S>IyC7t&|3H%WZ;!Dnc84c`!1|SG+ z&Cf`xKt$Y<_(?QrNQywh#4LsC4Ljgnni2K@Vh_MDWwyk7-@QXZEzcm0veNDEVTE67 zSG!f7X4L}9%Ez1lM22h>>SAYd^uyi@tKG)f^fdQOL5!)NOf_U7NgZ>!ZQ4mBy3zgO zQclEylXzz&7tf*Y_@dNzdY3%2wACg{fbkj+GNKWzCKFAj<}KKp0jFhjb6FKrUQWO> z4Ip!}FCg9W^hy|tgwq+lWEyewRdmBF0mO|P(OimNIIfD;l*9p=DcBAO&d6xD@WfkL zC`fWiyE2}$ol8lq?Se3Nv24DrJYDd;A^Gn~J^%T6g#NeQSm=MB_zqJ0h zwy^(ymS@8J%dKO6Jb3W@*DCe(#rl7iXNLJ7ZSz)&u1d~qX9Uyq|J7{#?^7l*J^M^s|Lc{^`Co0V zQeF6eJe+a!}*9UtzSA|7lxoCnPf_Y~R`bX>)sPd-vpw=}h`76u}5E@az4_o-ip< z?)BE`t_TLNP;y>H{n9J?iocpJ7Fh*J6ofLFE?+P`kT>G~nJL)}>z}Nw=OF-7)_<+C zk&XYlR^3>{|9F5<;h=iUHnPwvrB7MfkBT8*89g&e~3C8B3G;dT8>r>3Z$J4060*G6rIrB zirGLKomjNnfT7`s-r(8hs(=D5x^m=~0VgU;7x@%n8FF%!?=h z5II!Xb_bpns>onS7K=tDQQ+N>W{NcP(SS^=PhG#w=UV6sLH-k=6FE>P9VB7&f^y86`WEW_f`(Y3V?Z6Yt z6op+!aPV=jQxUernkuz(NJnn2FAp-Yt3ICHc+$TFdkbG}UjQ}_H4d7NZ;u@V0NlS7 zNjaa}a@z&|-hn-D$TTp~Q z;WPI9rz!6MW%I(htbwQT|Bdym{ty0L@c+;9ERkoEzU*(CF8fzZ%I7)?SD(+ ziSPeI&&?;j0dPq?)g6G?v?sd-a4Dy5i&nzVFh3y!)xj?vf;fk(nlGMyrQ>%m{gwvx zsRX-EJ{KcdiJKUZ1~R`vJ;KMp^_MvwGTYjnZxTRq-ld!ut3p??f*u0BAa?^;>#f^}f*{KFg^uTdTp5*vo)0Tu?U~J?b~mk_-KcZxIrL!vy4zF+k+Qq_ zROLpaa!CklWpMS`f+H;wV@aqr915DWel@WL|vBG{FBQRzEuU6_q=YMO9 z_^;3Nr~rwDWReSvlM4N0*nUWHJHywKym}=HyjBY0_uu6OEZK`kRQPPlO`)^tIuk;; z9SV6?%3e~!mzR+HYok;ttZ?W?edEZq>r~7eZfMQtO_OuwKq6Nk?C_2N6s^E-J~C3P z6Ne!VdTzTZFVE>%7>1hzR>tU1lh5aK%JBrqfHaj;q2=&8-A`q-ob##u99a&}V#+$R zJkj|igKn}3zDR$T2REN`Se>8^8ZFb8H#sgD1{CK3I8UbWqOdA9ZO60j9eX8JNCw}V zq156Im;dx<7WyAWSD#b=yS6cO|1ZcOi~Ap*<&nI7Q$}7aNw$}>$^mdd z?$Wn?y^mdQa})VhG@RjUy14Vv6R%Yj3sea5CxECRo;QhOx}pg+p@RdtJ@{y%6Z_GIL{ZA{aaB56t2yOSw-1hiVx-`V#6iToe-il+Iq-v0|WeqYq~sEswDBHz2l48Z&t4Wc4=tnf+BFK`ho%e5SkY58&;b+&?W!j?xBW-;|#DtV()9|q$4 zRi*QdO2onZT~szUHc+Up)EkwRRh=8XHT1>Satuf|C)v?Jm6p#i=F>J@p;Jp-wYYU9?Azyom?G1&z`?o(v`!PfX7xZeD=V9v~uX1^~6fkZ5*M{PM)N30H z`Ttp-MAIjaCgcV1LkxU~0YD@7#!1uw`ks`gK@)}nlmTrDDTQr;5Xodi@Q&^w9b-nr zXzCXiYx{|w2d#f5twsNV9Kh85zmh%wU9T+S|3A+&%l@yYy)a?ft2|{ohOx_|*#SiW zlI+=hvyuV8s0A6A|9R;8#~UG^n*XoWvhm;Qjq2k5*JpXgtYw^L`8TyqOOt@1#Z37} zWL&J~Klt;Y^*>y-aIaY`fo1@%BgPOF-%$Pn1v8382+z7+)$c)ft95q(ctBx+yZPG>Zj^Z0Y z$eG7?;-c*!@ht+K-FvgOz5CZ!Ua%qy^GJaF<&o*wd8OL8$jQ0`&sH_ALQilY&IjEK z7z=dq`PGWp#0*CR0MN-%F%ontL`M%M#&qTQiDFR{+h{_S8a`CwtPJUs+>BH>LXV_I z%Dg!$FTK@p+^8ryn*k2RdG1>1M1AYlSN%+8O<1Be=%Qbf(e_HITB>kY{TuP_=wSC1 zwhmh?zRAqppMKApPXFbNRCAbsOg;ZyYh>+z*BXoS-)DLF%rJ8J23}Eg1)G7!Ry9kXThT6-=(4yF9)&mB{WL7TFw+N2~ z0*X&JD$l(0oa*$LiB0F3WhPU7R8u#l`c8X#^^oVW)qiQ~G+Jd;)K9o31e8{~mF_M{ z1xX3%?(Xhb5CNrA8k9!5n?;aZO1hWsUV7R6UH|u<`(ZxJoS8H4oO#~oc_y0trS1g! zk)>R`gJ4sw6GsgdJk+=za6icA;L)F=xebZ3<}Ycf3${Dv@(R4s!^AI z$jP}!&L5@+TD#0N<>B)pZ|@*EwudA(#ZnXFtarRTMNAQJG$DwCL+3Z)D`F_V4rUs$<5<31Dyw9kE zy+7BRN%7rkiT{@YhA#cb;H+EviXfS0GAkkYYaah%Qo6l<09n7qd-!*Wh??k&4 zXW=B*)19&A=|Y)#h)B9a<-nElrlv?O+HI;vjU2-`1QTiqUb}`(b77_r*!SqYpL~DE z9s_JfX^dHfy3xcb#!d_}y^$JrXL-gyVn1+@_5QCceb;*)Mb|&Y2VFFf8)Y`PHh~Yg zjD)ji{gH3L!(%k|7JmQa~%>e0o5HWA`Q3qmd4~(+_c7Mic9_qU>ZH%BWZE ztibsr_~WjQMlU()RRm#Va(@W_MJs)}(oF2-1608oZ6uQ)hc@x%Oof+lzKdw^OP6Yg zZtGIx*6o~Uz#-h5fsor9cc4BZFMV~G)OM|HP*i*Od+5jbLzd*_XXPHBMlx;at^F+c z(l6FEk^w@@dI8FkhivsCSU~rbN(U)l^`;Y*3%2OG&qcx~YU<%xD*yVGJJEyy>uiqH zaQ<~dKG&+B@hx7h5`oHg)OCF^_t)CRn;&6*Gx=Hfz}tvkHA%n#k`K)O(?8NDz)Qm5 z?9b5tHzy5j`$$rYgL>|v_xNwtIA5WxjhCU@&i^HR7vvP zcdCa)&2-+PJ~okR?QS$h{mt`OYXuo(*ikEOew2PlKP} zFuadcD}B|jn$_Ad8^IYPXRtlvU$=)skqpJ5&)_1~GL7-)Qb1+!b@>iSs%Nxq$Kig#?Da5^{pPt;hpM&^H zpXn*7yhL7XSL(84;g)mK`5M&o`p3)!$dSqbfG$7MBOx$}S03RE@dvLT(P?Y9I^-ZU z6xV(CYz_pM*6(@+F?FXNm zQ<0;_`6~u&#$SZLgXCDf8jbxcaJfz?v4Q!8gv$H1+Qj4Pj<#KLuBX$ht@z?M6$)IA z;_e56>+SuX-$BrRquf-(;c!=__4fqCil+$FU_wn}tX6b%|$e4xg%@N6gZG zv7glJJ>CYGi)7H2N2v-Pj|PJ}T7&&SvPDeK^~ghrVrcVTMdfy_tSN--p>zcE)KpP9 ztD&M-k_uzD=UyF2Nw2hS@@ zZRFm3LpSbw(`S@^VLN%5%#Yf%`VEqxhdH9P@KKnKm#Qs@l=V@mT>_$l7!g^Nz8CNX z>|~_(M+l^6PCy*8a8OB0eH(CRkYDe5%3pZOsPkZnKs*%uGs_kA`z)whr$D9bF{r41 z>YrDJmETKmM_3epj@q*uvHL=6FqOLh&n1EU@mAD(QB@j&u*szxsQxN&BQd#!tQ|nm z#lodY??7W-fP$rWr0<*W9UJ;CTy@u5p9P1HFf>lqQrGcKf=~=J-ZYTmv_`YP)<;~V zKj7O`evSp3%b(lT5`HiiXt!_H_;zrOU1F@Z7A3L8{tBk%sgh)XL)NZ6i_D72#z1*T z9H1J<8q=fVPtA}1Rplkh^c|*2hD^R17iVKbdPX`#$tuo^W=nYP-4D&f(G*bw=Uu)I zay;)AJH_v5v_yE{GV$dfJjl4o`GPY3Od4UqnS!Q{x97H!?`;S-tUpFm&-(?S&*pEM zEZO@Ei!|#`$DyqJj*;q_>OS65J%~c}ABr#1hl&Ut!ZlZ0L~`M5-6zj&et zg^n_vE)f^GrVSs?m-LXOI=+;%;jC2&w&mZkSPwF|TIXQE6hQyzWYyl7m6cupoo76f z^S^KUyTI-#RQ)GPE;~T51{hV;a&7(Fg8nDz?J&`%z=_frJ3KnI=VY(t=w-PXxSFDi zF*d}*>?ADI9{;>qA?y@1wRlaCHROcdRA~N_=ALtM@ut?dX_5!fQ#b%9Zz7TZyz$aJ z*w*bktvZ@iS=x`AjH-zyMg|9JEW3L_;#c`2tv1C`Le-!0l3{S!bt8GpQO=BvkvRR! z&v=M_iS0w_^Rda_z#NC{HMr+1fRvcbVEjxVW!vz0NmwR2%~QoIxzLyJCI9Emd3*H~ zwn+%uY?r4*+(UmOwPX~niUDxkd~@<>wo=ZuB`pbIKmd0)j{XWW<8Q7Q_^|}61Q>r7 z*bnicT2w}(jiXBD zl(;qiY-L_XZ12vFJlSQ*mOjo#b^ zCfg(=d<1BmeDt2hbC_AYM_ifkNKO^yEsQx0c~Z055c`4IuMqEJ&y6~h?vm1RIEtJ$ zqFy$w_0vt_tSCeS{-EjA<#nk*kiYJ0qM2EgLs=3DdTq6035+9q`H^su@5h@b`wF_% zUvMR?KH1TCeZIi&hk1Lg7j%m|pV4)%iU0YhZv0RP-JVj+cQl?*0MV+>VX4&%_Qv{l zY^7oF*5ku|Iu7}3Ylkp1w&dfcL&_lXI!F`RH-z$I@spK_Z_T#|r|1M9}BZI9qCaH~&S_ewCRLE7=9bpn>cToOI8)`;HGvrih_V#Zd#Y?{uj zsa^*Bd1L(DmC8BX4$KCUi9%Y3V0~vsNWHx?Tv*U!(S?h zjY4i=D6H(Dh9BQU`-{eQ^bb*Kp~$IASNQ90((gWNk3mue9JZoYJU>3L6-2$2K%Ta z160k;CkTQ$Wh)OPj8pw(!9r)RK4QfK5hfFA4x@&daU=6tq zsNxkjg3f4qLcNUP4wC-eoy}fQWV0>Zdg#fM`P|tm-C3yp2{lr5aS+z*k_CAxp zKDPJVCjQ1LYnJjy^aX*yT1a~=k@GuH`|0i~fw;&W)Ego#BIO)(sc|tA9fhbZr~#F` zLBE^>0ltshLq#_kZnS-n{-=p;A}TGf4b+xd2KE%0(Xr++4|_buXI z$JLF!oN&ME?R7X}0+PXlKYtEAxp9RqX%ItoMfwhg;uoBN<%h!s&*Ocw+ZI>pvz^cY z$qTod6`tdvV{vIWpdqBgR4QRI7ydYhRoO*!wu+!Mra`*TKh6d0`-MK2u3B5@bPGi+ z#2$m1@S)U!=U!#4opeEe6Rgf@x@zx0S5850pnHD+R$C?w&6sR4^E1srXziaNHh*`+ zk>l!ibOfQx;x8y~MWlO{{DBz=*={b;SxDTYpPj}OQg0l7!z=0#?5}~yAVOYTxt^Pe zoVyAO_tcB~4Pjl@x{0M{)PkfsE4nUw0s+k;xo0y4w{V3Ws3>pqJs1X~5`;O=_p z8K}#!66rL>M(1scJf;ixqB?`t3Q0LPv3Gm6KaG#ys;?pF&P|c`TfUWdHOWDKP9a3y z>n)TT1Mmy6xDII{*IU0(vA3e-cM-lqp?-Cwr(FT?-%^zT=ytv7r;D`%aZdq)BXFY! zOEK;e^O<_)7n)Zsb*U;f$u3Kz!zm0SVW}gq73i-cIWB`i+i!OH0%rntm>;W6D=VF9 z`&X7H23ix>`Xe8nmb-yKCTKNXaf|1%g6p=W-&y(J+qh%n-EmVZub`erWc}RrafZ|W zM_Xj4mX~x>%Xv@0$Ky`Ah*J@RGOui~&qPb(>Fmv3=wHuseBIN2-|moHjB@8HItsD@ z0k2)#)4DppmQbq#<5?(mNDinQ+%%O59kt7w-yAJVXSfF(+4ZsRA(Nm=lM}&&$^BZt zYLeED<^Y!+k-W*FN@zUHa7eVk&$k6_MWV-n+BIaDV*gI0pyk$$quQ5Sr+H7jfJdsk zMe3BZy5_99Mo2ezPMuEe`^mzf@{E}o!rSX9#Kz6$CKa%7De345^nUa>)w1%tIq(cA zsjp8lbRgB!%ibFuje%QOwcaDFoOVw_>pL2JH|Qp4bYj=#Hn$k{p@AXL9%HD_lY0B) zklYI7bb%Y60N+(u^X#*@nX$1X&=jKURFhqr{EzzcX@a|?n&Zch&*No}WqVpWJ1q(@ zJAdy#oR|8vPd&$~H6uGco?YHQ&g*VmR)q_hZxY0M#jd0yAak}Zmy50jb2qos zTLZgl=FL*Mpqy5M1y~;3&Fx5cw_ye8t|8G;UD{(8-`qX_w2GK^xZU17-Ho;kwSZsu zc(nTSE{xEgI`5qA>w3{OevI!ok@jEHmvk%GZS|z{TMzDe&=tbhQuuv3a_I`If+0@I zFA$Be@dEMTv(QeYcTe5p11G%N9r@UwxAd?oDF$6zGIY)p&P_$Y;}K`7+eQ|!zK?U# zHTl&-WD|OmZql4PFt3kBR5?_1h{Ba-O1A`8U4pf24{x^zznk`0-y2z%5SN*b^0mBu zZsFVN!Q=Ca_LcGW{>0<<+s(({0r2LK6WyxY<3y*A>FsXg=VdJOf8{oBXN0`nyTMv3 zjUqW8_nwr*TVWnWI)Y>wnyqVro3D+`swYpWPu%i+c%-Xn`;?@E*0L&VK|Ld#)rJ=5 zt776ej?w7}GofDDlI|x)wLyOH)7}oZlGQnp*jC@u)RhS+*{$9kp6D;5iJtlfmr2ks z;?K@Koh=T=ZaohYpum6-Lr~*%PY<%kduf>L?L5CUsmL5`lCb>E2H1#B zT6MCBm5F&%$L^5O`i+9KlYp}rui1m(sRT+=36`1mHpb&y@O5Ar7&>XKkZW=cy6}i2$dFrk-2eaG%Vy9 zyBupFwr`G>Wnedb6GtgI*}$q)6{Z)}gUFEG#Oc<=rlZQ{w6A@71o|8KCuc-M>2sUbH;$1O1EEF)mxfpXI^*r-fW<&0H))!1u37JM8tr)(G6s+XyyDPP3zK^&VZH29?#%o zvtqGRTle6=SNCowc3aJzf`T?-axQMC%gY^4`Yvl-+^)G8c0+Tj98M?1 z33|7>$IWN1$3?KxPA~n7wRxA(MbBjzhj@ElWcyrV#@yb>@@K~+>Cv(!z#%=yRkXc7 z_MMXiX}M(HKAzp&!6o}8&sMv+1M_5V$3%?`*mG&Po%4g2uNr&Tp@Pd9cpT|oB4C4b zSY$gDN9VFwS0;GTq(k3RuZPR|M2Kb*;XmZ|x=rL{ZVq#uDtfuQJ|l%p;mOp$`|o{| zXWfNl(7gp4JfN8uyoUez{NoVKzR%fg`59R)EE>K771oMQKSP#5REs(?*2Ki20>Y<- zH+zrPH(Pt-XGdj;&FW=2ZdXHPUQ}*|AJ^iK2Il2LTwOXF(=Dn;D7W*?Kirkv-0 zeVn*chl+_9)vA;FlHzB(39Cy{ueI6UT3*6;`<8Z7z^2A-fm27*dBhlXcIPjHb z$0O>g0T|XHZVz3ap;3#8*$D00{DRv8nVK+;oKB zlEf6fUF<@EmT!oKUw24H$oc9y*un5t)8ewU-77EvykvjgsfM`8HOet-LuhwGmq*vm z=KNMnkwLz$FrORPfNf)vDp#;8C-GhjxN~q?0an%N@7Hqt4Nd$`H3U4~(%+H$$>5(uLZ#A=9Q0Hd%Suis3&d?lkYRz!*jil;i2miW=+zoRn5oHJx>wgPX#$fw!ify013Z_fJVYY1lq8@8{ny$#g5Pl{M+vf*)UTOhM5TRPf1F5NX?p^8?BoNGL7 z?BC9ApB2<UfR}_NeLb%QrM#@sTR~TD!Pt1`0d8?|fSXQlRJsD(&qj z53Q0AED{MYAhK@}2x7#Dm*5*FOx#sKb)trX8$UY=^fRot`<-hBc8N7$&4y0uxXieZ zUU8(nMgOoVYvC)Z6jj21AiRXa`U3P~Tq%cJiifYi1s8hF=W0H4y#clsPGeRjeDWN7 zClLnbElw!d6OL{cJfz}P7nHbKo@+YdjCYL_x;xusvyUiSERs2^iKBFCpx|R9zs5YQ z8n7CattjMU?{XDfLSFJ!8T1k)J^O`E7R^ruValHP?y2yL6CSvQ&v zy@7F(A|%VCUNT9&A#r6J7fbLdC}oWViI68ipxT%lAPmlbi>?FIYgmB(CvqUMIB7)M zr~-4I%do#3p;qnnoYg}6X7;CDdp?QxM`yMiRhpa~7O9|Vm+e-eGbh)@D>*hMkHo8& zr&=g(={gw{P@BB(n@~w;{3Ux?K|m=p{Mh01aME9MA1;E{kE(EdaR^ zg(ncC)hS(=`2HHOR7YZoBHQ^8(lJ-N#Lv5G-HTg*LFEqrV8TT7c z*9C;WH!E?rHWIT-j7q=wRp~EjZZHgeYWtGP+a9U46BITyR0!m>b z9jO%cy?Mci)x?k#f6-!As6b52{p5`QMYN`wZyVK$o_$iIe&t%e9E~jy-2+%Tw9}zm zMNEL+kYxa*`!FkDGC7U%VZkfnDtnK3B($z&PMD9X_X8TWdhw>*nlL4@Y5TjzD+HZ z`@)FoqDjhpeGuB63mlIoJ()4)U0A`%y^&r^ZBMmznRG({g_6?f56KnMn!sJPkrKjG zo7&=sus#+WTqt4M)5-lG#5s4OH1OL>5yT!b0R*c*)%I=aBc-$HyPTV63dXGk-nPY; zfaVF9#tAxHv{uiXJuf-~ClCR{0=dE2p}eE7m6RgL#SAycIXNorlZo@n;#`pVk6FqZ z+e(Uiet{&R-?bIoa0FU@xMh;F4a}Bo_R=j2CU=DY5|r@fZVJhGYdd!x(!c#PI=D4b zgBuU(qZt^>d-vyk8fH~5w0rKG%`j{dW{kE%<|jgnNrNi}bU%Pe8)L1IAV#^4rMorr z?+|ON#ju258cqgk6gqy?B@ozm7$Doeg39oLd8L3N)>QE2R~A)arz>YSm8iYvVp6+4cqQij zkoHA7(8bV&A{Jd&5}(V%{Q*)|dGdjvC;+Vgd;@hKT({^2>|ZVM0n#b_Y}iSCLqjWU z4wY>DqPb%8-OsrUd?Y8YS27Ly-V_>^zo_y5GQu%`TV>QHPHC&$8&8Y(Wts5($!7B5 z!+nI^tPMmZC{A{9*}zV%Ob1nhKRaBoiZb4c_U?==_Vu(i{>od+`9lhw_U6lZ zhN{fVKZC12aQAyTV;tE!j_{(ceZO&q=!2=-Y)+GgGueM0dW~0kQ!3I4)~Tb+aTG7s zzRJKb-2fdDIevUroTvSl38Uql86F75yx?N*Fzt7*Ixo!sD)PMvJ7lKSe3l(D$gG~|yUUl%H)Q=aze%Mc z_T|Z9`mEW<=`t4+ru?II)1seweLY1UdkKktH!le0yw&A1>n=^k?s47io;$5k8m+8Z z(2IzcD<*F@I zfr->DZPdawQZ2}#UtVw9zSR1r>rbotP1GXtvssK_tDJ*xdB5?Qzg4%(<$v*n#B5$f z)iIE@$lZKyX=&L3Q^OKkc}H|jey~Wy(YkIGQF~seouQKVEdD`ylUp_7x}?;94nB#N zH7g?MYb)N0wG#N$40%4AvbMdfXsxY5#-o47E+>AjjlKY%8L``8Tv8q;>lehA6m-Vl zpe4?u)~GUyuP8vEmuTo$aQr&?DckLaX+u`jjY%`9RPJrLnt3wl>1fj`Wfyu(?)%n# zU!u`sok0Pg$jt(e+#xotvH{R4DBHl?@*9Y@>Xz&y~_IdTkd`<$2EhGofOH23<9% z-9Om#>pqjz>51MgSK<<(!)M+ry&Q?~5UaasS!2>@=*6wV-)IhNVAODu=}9y*97ybzi6sT)X}><-1XbhyM6h zG?Yax@lc1&eNULPEk0Ey0%YH`_5$f0L($?Ce6IYL`C76d99!RIA#%HG{<3_D5W+Ql z_hc+=9-Nsm~ zyvFLvqc=wjYCly=r1vh__uRttHq2!1K>1RmfVf?wv}Q;3N4a6`=M9t}+ZFOCV-`6i zVd&Fnys{fI?*_R`(ul%ELOYes_bAkONi?7LQjD40p-w{H%5(iR@)7tG>VOKTFEP1a zGp?+Bj!~OpyQwZz%n?v&T%u8CF*~Y*FJv=XNd4Pb&w2ShgGj!-skbew&Zr9J&lf`; zcJ2l(<%Rg@Z{B2D;=L=RTwD_zd;LlDf&I|7XPT$1(q8bgGS0WNFPwBk4c$(ZEKFT& z|JjjErD=`lr~P}5z?szVSR&>4&*Lrx&(hTOeCE71AIZKrE6!ffXtO-hNJR_SwbQ&? zAR$Bf^`czm0Bi|A1zWASAH3+cRQT|5ZuOU0pKh4{Z|N-0q|at=-YalL>dBT;G&w)* zEe=9TC-sCHV;Ie^T7%^~NsW_uXMsABhRs5)ry~+TBk(3B#61TeZg2QCq7-ThoiaO@ zBLIzE9I>}Egod}%%sl1NcHV5@m*xyICe}si>AB;5<94drPO2f)wJgD7owD9iHGDOM zoA5Sg5F4cS)eodL_Jk~pKw04LNW=S(=cH+zb@w&pa%an956y3J|A!LdtGqd5Mj=M) zD{^nRjsbOc5^FlPGGTRW^B!`6d9l z=9L^n;zNhhd9b|H(})=&-yTozrUp<$qsJJ2!s7C8w^sQY=>` z_Bl4J=XCSlB8jx-r$GdUxbXNe3hQ6y{O>IWa^2`E5C?CRHM9VfvcWe;Z@lIEXYN?0 zM7Uz%sE^%VpVdUm7W$lJEHj~c22i~P|fS4pVB)#HkcY3 zr7?nH^uiCdQCmNlq8xb|x&NHIUt~CcQY#8a%3bc4D~7+^XpztNnxz08W%+*_EQmU4 z8Mc~Uqn{+DW3;tMo79vBkpNILq*qgYLr?3a^X?=-K@Eh2{!{=`>EJ*@>2*d&u_nNq z_3?=AwWm^vCRls@v*FXeqR}w+yNu>yO#&rD%|w!>;(Qi6CA>GbN_c4v#ZiO}#re!u zN|JhiQUbqxVG?QzW4Z}`P(Cu)N}qL~PM_`XOP|%U=BQx#rmLx*R#mLY!={)Wh;5Vf@-7a*#d74@?_ZmHSs(~R5#N+tO` zd`cy>JUmL0CdM++g$lYU%91jgpVOmLQ;TbAYBbf8QxxBf{24p1*pE@vlvP&rFZ{E) z%TO_kqo|;%PMF}n^p!Zi*i@N6B@p$u;*mxBu=M!4D>SZ0@&z z^2h~D&);UWlL=oH%Dw}n_$Ycqnv>4#y{?9?1l6c7$S*eBYj)?pvKG%^cC_2tGFz|1 zX%dX7dJQ!FQ75t^OIP06q^>B;5LPu(@;!aNLEW)>4K=V+bX2NEw|5M&^YYrZw*nX$ zBwh`x&WLbQ_bf5-KdX27pz@|i9mbxLxp^I|Dd!vnY*-h4s5t5mU|qm8w?~s149jC` zuMrFX4gadu`I)a8Et^Nqwu0H)?u`Q<+h^I{LJIu-g*sWK@631o?931E-n+ED>sBkl zf!+tVj;LaP>hY^!&cBBk%N%nud z)T0>Qv}y6`g}u154Vbjv+n{q*#(Cb1H8Q$;%TDB=%k6e{;+h6|L{0HVRVO`(smy0q zP{Wn~@#^77_K{AQMQytPS!r_*%wA^zA~!cTW3$v^`>`ghkaS~PKqNW?^c4@YT3tS* zV=Qp$eHTJ826nG85dS@173u$BK^k>7WROGP9`d7>KEHRj;$rCB zQv76dpWu}a2+|*z8DlO146h|x6Im8PlRSGvx6mTih+8`KC;M$+2FWv#cnT0zTp1g!F1j?=ZZ9|-4_i6G8WjYsPI<(aJ&X%^e z!!?Hmn?Z3^1|1n)lpSV#Hs4UuW(e}7upb{QOcun;pZN#wZ^6ra&tJ3HNOuQaBD6Z) zd^z%Uf&%aUHBXxQ=M?d7zm5GN0-ODYr$hHvgshAzD5Enq)E5HFfEt?wIy znTC>UX3+ttL@}@&O9-e=feQ6^-P z7?GzA3XxTL%C5U4i|v}e$+}G^(S2dyAb}${s?ns?4D1zFl!Wx>P70B=H{w6l%mYQy zm|wlYC8t&RS)w^!wH!sZtXDh`-X~K0GNadv;Ey>k4aJiRW|TI*@jU-$N3Xz|x;pLL zoNoyT{DB-X?_Sn66WsOJ?2FH}Z^Y+*Im}~LbA;-$Z-Qs;YZYoa$)uRoS#p)J2f{_0 zQs&=;!1p=oeSe~_kU_t=Qoj-Ch>pL~zniR8(Qki_cUdqa;YgqygUk(RtB%339+!Mk z5k&b)ATwR2ET2FdBkFvE&0Fkm6SMg<)~jqn4WrRJB1>|MHSYOw8@chP9~Oh9ag~ln zIvjNcB0<<61y;KP=86q=8snIgA-Ct%wrB>9QS7mGACY?+MWmIJu3Qm`@Nyt&nW5F=WO?RVsG;$&7+F^~7=;V}>_P_JZrL65Snq}U|r}=-3ou=vZ zO5#10J3>?9za`S3R@#FU(`8{U54Etrxnw{ZdKqyo=BOU5RSndBd;*~3!wHbo(N9-& z^tt)#L)*Kcf2!hvY)wx4c}oZAU~-1N3@$K7=YNOH;IiJ|zNKRX=pg@2#NXTpeIRZV z0mdU4Vq)?ZwYYDhKMUTH0XJk7N#AU?m$G;PRF1hd$03Ei*sTx0*!}5HTMY+SYN?mC zG9JooRWZJ6nP=_d@AS!qdd+m}*cQiA8kW6uc`H;pi~P3xcfVj(Kk?YA_o2XSm?ZE-+H?C! znt{#TQAv8)6J5Z&WV#-O5;v92^&5FTw*0eqwdFF*1tVTcuk+o6^B{KESyjZGDY>xD z!*=IK5Yl`=MXl$Z_?bcH(G1L(xxn_o7A2m<29Kzt^&TEdBpz^+6 z2KAXSj%WYew#11$-<5NV#j`z{=J)B?X> z%yoRtH9IrItjy;-@tqmoxnSKTE`IfaD2dx4@s)Zp8iZC5DS9G_+d_DtL(e{%wwBB) z-oX9!Ke$v!K|lN6n!@*9U>FJHIt)Il=6_b-cgP~R1_p4jRA(!hRH z9jT4smLGJ@`Kfa-?oH>L*}v);ffXY0iLrm(J_JYX)E4H+2jY4ZKKt+`H#k_4K-di< z^yJS$M5Hf{|3~R2{J&z!I=$iK648e8MP? z(djG&pyZ#{nL!&b?m(d)!9ZfML=X_ku`9dK`})ajc<2d)eGzy92&D9R_#OC*>D0&X z5#M#R+i9uBuDGaSt518vCY)f(0ly;gTeNwkF+f&xnW?$6gutaIhsW9{j5Vu*}5MY>VMm+>jDjmM9R&gptCb#t4yxOkS{>J-!{THzi*e)mn12y6Sh!jP%^6mi&TA~0Q zo+=5+vo97kY%}`gDU!6Ao#3z^WqVM`V~^zBhka1p>y5upAkodq{|5L z=--E&BpZVN+q@Kbt&K_SHQxo&EN%%Pxr+U#H&DeGmHrWBcBrkOtns}BQvlJ+`gnyP zU#iS%L*o;EL!4+rXA&49(?J;ZrspDOt8&zm?-mOQhd|Z<1jg@(36SqU9PEDr#HId0 z?kgJ6?F5ct3*?7@=?A*=e~^wn0ZIQZU`0O!TN)#CIEV)y z!O6rEr*O^kj8~eup4#&n$`tQ64ARxi8>U0D*Ywq@Pv$?K;E3Z-g@uKv3NSK3ewlt7 zN=0<;i*OTUkhKBZw|6_cS_Y2vqG!F7zzVXryEeG9!FX!tS zoYWo(c%!=As|~?)sWN}r3N}+@AD?T9S|%_xMOaD?$sj@g0WXo~S$80*jPq__XdlGL zq*SKolV>#Jl)0;%p?a}u2!64PGWj4dLJgDZt%9lEB{ZwHx>(T$4qc<@{CL5#$JQs| zozhW9-Ag1t-e(pyPP|i0-Yhuy3S<=U@&UX@mGlMepR*Y7M`p-K<mX%ilYLz!0t6D7N`3WTn|7Mu@?ZP^Ai?|&@zJ(B6AdnmY`7Y zgT&KbKqTER7clz;|CjieJFqU``uem#unTS<7^p|uG1_nfG!Re$IRMWX1^w@P z;w}Xo@VtWNKY?Q-PxO)EDSf+Oe)E0Niy?5e#P$=Q2?zc~YCqa|3oML)U`vFib-4u=3~Zdub+{$V1q4 zN_L+AtqtyD0y|Ks)cx6O9_WvG%UOp`i5(TJ6p;nTr1V&!iMBMAh&g+&@fzPrQ)~eyE(p+{buf_uod(L{rN`aJDCFf9)^6e|huAEoKo)4kQZlC4}RUM?QBq1X8JX1Rp*pdtQcCh0td)+ zy!6Rc0v)lb;f-grgD74jbJ6sNAe`UfH`g!D&r(e{uKR^#abG00ya2+5SKNa~!`|o2 zXaNFP?!j~_~fmQ zoGcSRmRPM$%Z9EPmKMZ0(Y*^>vwkMZ_ppuJ-$^{1^dPJQ$p@e!fsA|LCt~6L33%kc z1>k-eWPbrhyQ@$B=2QQX0}yHXM&uu7Yl?Pqx`LLaE7pjQ)F@ibv;qgwzA&Fl=_M$a zn#FRI6A=g3oAX)(B|Ctza0`z0PjyM3H1ScXCJUsrB_N%W?JfOQz zL%U>Y8EpVo2@0J*a{FKWO9QL=fOv|`gW1y$ty=ZC#;zwE2;>4Z*$H^TJP>ZKp(g-e zc8WVtCe~xnLcQWC)9g-%PKXzzsDo>}$!+9w8zI<#vag>FPvnl60K4ey{Zef--K)hC z4`NIkf`KBPJ*WW?qfI#?u{*$-PJIy=_?M4EilaogpdVnnF5I?%^WfCqOaD{Hq4F5J z&|`htUtuUClP?f>b!hGpZdqJ{@E>{x91dtT~?uF+%N_|0g; z<3Q>{?X^!!gMTk4ej~?JVsI7w?X*1fi4ba%+GQ3kN#ybKe_fdk>fJCZ+|G=CMk=4Q zPsLfVr}O_6rR~Pnc1Ce+mXQ`pCFdNCl=1zd@%%{;POvnfL`8J4QWw@+nBdjka2Qa- zvi^c6LDA}^!&q$7@Qd~g3S;PUA(ODjbW^Ym-$H_@zcZ+1QPK+1f>1c2?HZJcr}EYjwuY1)e}` zs_3;OFAA^^dk{qym{IQo6so8a1Z5QZ-OHU0u46><;Y-Vl;!>;nvOBNwVKI1PX4M~m zs%~7!NpGlqOqG5VOnqsWW&A8u3Pqcu#a7f`zn;t%rL>~MpTGM1QK9kr>e3o(21srA z`cId`WYeZ*2S!(oYg$^JbxZ=b!cVXCIZ7U0bNeMTq?vaVOFe#nI0L4Z z@5}sSOo={~()IdN{;_adESKBI57zu%R|OS7`A&iPN9dDsB7^Ai~Yc_3&Uau_3mF@aFT^9X`jDj+ovHw_`?- z)BF1kv^xGR%dXb}5gl{Go{QoBPTnXLfr~3xt%r4q%wZ`k(n3a2Hrt&}{&%#1kL6@AJpVHvpGUn|n6-&O0@WVM!_wj?L8 zd7+ceRQN8X*{x=3_0Og@4gH7_ZRpq)iLS1cH>l60T;=aVVRV1OQD?%F#W7sRwoaP7v0ezZ2%?6765%fE!VDVj10|n@0r) zCYbA7BvRZOuI+bK8PUF#Rf}~EeJAZ;oKxUcYdYSYtw^+!p_~H`+P#TL?M_c^KBXYv zYBs=IOavc+E>lqjBC%?)zF39Waxy-`N43sC;c=!%$mmuNFV-?Sge$mE&kl$G2jMwJ-Pklo%lxpSE~rRy;tOn0LNa?wloRp z&^?G)ZVR*vdHEPx^;g%ePmQBJgOrFVY$fbtsQ-<_>A7HpkV|GbF~_AD1teU~`rMol!pgr2<>&arXUdhJvkp5I(2cr)qp2E}i{|7%n zz`sO#1kThCA|3Yafmelfh*b;Q)g?xP?Ih_L>`JwXTv&8RrhK+SqP#VdMnXl$teU=$ ztR3)tBo&h@3m>ECi&~AyJ|kjNUCzngvQkNHd|c$I-bNe)c@cZ1jZIq;wQ`9{=CGc= z+S*rQKI)Tl&9|qM9?tY>D|xm5z3j(h@jsW5Kdz6*-~Ywj!r1aYTmoU;W zp&zL{e*fneb7TGQNXoPJe@F?yK>Ba77^na8#WDRil9H?ljT~|=r5v*2oOxe0NfPW2 z|BdZ7hOaENw1#K2d<-pTVUYCUKM%FQkNASj9Ebmc8%95-zNEn(`$f6ZvFt~VO`LE0 z&TE$|hX0gatFCREMBhE@Hr4&(K5}r$|L(K<66LY@Uml;w z7y%8E|K@x6|M`4z?Ef>8k_huXLcSR0OeIMTID>d7gE~Z`$3!_-$vVo)|6=~@?=Fu$ z|NLruoC)Bd^IwR^f6f;d3gi5LBPnrV&;x`^GFGVhw)*S=yl_NSv=ln{vu`+=WOT89 zyeq#fl{P!J4G+es<9X%r=l}6W;7^eMEG*{6{QoG*Q}_P`>Ayn05YPWJpC9Lc9Zea` z^E~P{2szo*Bs)hhF$x)UXE=e3t|!b5G5$M#g0@2xqt9s=4YP)Z=kXM5JESI%dIle^ z1H4l9NZI3uS|zUinJ)2uW-^ksbh%C6m+V)z{6B0?b~*=F$515d<3^$Dwmh@t-u4Vk z51s$eg_#(JF?o~`9ZXVszPLIoOw@;3rdYB**bTC+wj5>}o^6>P*9b{#XYpN6ia)Lq z!_h~r)+5mzNvGvBe0FC}p;5L89R;p{3I-oRE4Q$`qH-=HbL@HINj?(|K$%jLmK7hE zGW+WYtqp7@XMfIVcDQz7lG=Pz{U8hzK+;`KZ$S`FCeGL2YU(0+m z;lPv+SB{T2)V7pN(icGuG%|(<=V=v{{^5`%vf`+PSAmwcA0q(gs6|!!({T0 zt_rSa*V3$EI;MwJ;v>Nwj~+n$FMzKn6_tLu2}7|>@10OCl|8Q@CyB+@S`Q{eg<9_KlLi;>^9gaDGOQo9I!0|W|BrH}ac zyXQxTs{p?J!(6MnZ{H$f3$IOGVxdCcuJH+;xI`B2>o_>EJ`NF0;lpNuTr+%DGJ?Rf zDxJV&B`I-DX>`C!t>&}Wf^fk_^k3t(hF3T$QSd4xrI<_{Bus%cC%lZ-+PZ7bI?QOJ^8(z|VH;r{V;|@)ZCLs(r$2`aNB^0r+XngrMhT4HB2~;* zJLtY+|M?I5EuJ+xa)ZQYrdTth)@HP)+89*IZC*HN?YfN&hCQF2xQf)DLW(PF7>FzK-yzZ|zFb$x z$pBe4_1i>b2YXf_G6KyxG(uE%946Fj7%!ImG>PzLr#>ggB$;Pa(R58hvg6iFt+`r< z+?4piB~HO2FRgHi;mnkI69DZcO{6~;Y!J#2;MP2-pwAw8!s3Ojyo96TiAlC0 zL`0!4yzm{ZSv6-WU`+!!Y9c^dXq?;bctUywPsF`~RV#x(pGe0^-Cnt9C=*PQjcQ%eB28yA znOt@zV;a>axk6X}ijip53?7}JjNugCO-BYgL$q2#h1hyTB_VP&XyzYzQSnUUW+;Ph z@n^+sSRokb!cN@6RiJ(v%?!KZc}w{ETro^giU3QgF_B#1F&?~5#lip-PL1slFhd=! zvAWghcw81mNoTr9!@yht?vV1f0-rZ%!d5UKLQU_^@)ei>wykzdw(oK|@o6`6;$J#h1ybeE>&wHm4*6eb2{Q;OyhB~K$l zHSdj9n_SH3R=0U=l3`G-8QqVGcYTKWr%}?e?*<#x(pz@aaWJ3=A>7{)4YH17o07ex zXefO?j&wkQO3s84@^JuY6>rZjH9K4{54E7H3V+f5zrgtiI_+T|V8Ho@Bi}>+FXqSe z|42&o{F5PmqR>@5+tat74uW_AREnku;v{7Gr3i8)!8O7=LXAH}g1?W!G)k2N%v1-Y zr_cWSYgwZyx6D?Chczmrb%6hcM`!sO39sU3T1K1wV1Knm9FuF;a;E!!8VL%NX6+gF zGZIiG;lt>FpW1y-D+wbBC1ZROGC(v^kQOBM*>4Z7UB+;_?`Rn|21^f?3Yll{!l z9zQ5FO9_HiaxWZ=da2e@DFS)CV%R|RmXfe2aINqPRw%cmF_n^-9>|bN$R3&@l>~fd zARGITD=_>;p4JbH?0Hhi7r_4mT|yr(|65!vj^jU!q`biX4|E9`bpL1b@%*2;?3n%^ zO_{`qZc9MI2Oglns)+&jP~_(lnQz#P9PP{iFKL%uVfccXEBw>AbuFrF*|WYG$aK3I zZucjxZCX|fFMKOtP1A#$Sy}gq_(EtbRA)S<>^usM65hV0w{KGM$OU>l*Tnd&ntKVS z7G8R)vfXpkjq)I&{IUUxCGh#ZDngXz8MjHh3)jYKIIgFeT2Z~6Y?ZWzLN>)pW!JMB z77P*tNTgW_{;iQ)I8=FVMf{5JQi*)3s*TNV#s$mE;D0iSd@BCW7xMA^Ke_BU|Ho)b z4@ymPbym-Hr(uoq4$Y)fEUGMu8BKGn6MM*(dn~@CaZZobbxL9?L9q9}j^7fxe^T;W z88fv^Hv_Uzfrv$(R2y^Ql)rUMuiLLi7>*|FHEIH+IWqNoD+9Og=ws?vc^$^|35V3L z!VZ5Vy40DY(b?Mbt8(2%!Jd0-dLB3XAcarN7og@MSC6U_;_st88fO)iU?TFaS3D7U zodhkhD*ALI?{!NjVawYaQi>N+D{zh(Sb0=aH`cghcUa zCX$F5G22`65q8P&gqjq#h|;7)R!OV)cIJKH8LZ*DHOnOIr`!-Q1&JI=nd56d0r?}e z_TyL&?jYSB@IU_%C??WK_*iR9d#ITZs_()eB|}&I66y5oQ@_K2hz1fY85MOLm#GPi zB^=^+(>;RXnXo5XMRYIH@7oB~!V+ISe&IEX+t5;DjL=6@UIhOSa0!33{1@>5e0D7V z9YuM;{eLq5pU*AE_kVG5tp6QJ=@$$(Nv{_1jX^fQN3$kvJ#NuxLNXJRiuv0TZULg2 zukJ(u+!{tqoqh|#TNrH}tKIUY+h!z;VjlJiU*b04L zb=zI3at^5!lE_liKAM`?+}4G1&+7TOLY(_%%j(ZE5IBNK zn_lreqdP4*ZPKZRe3}*dDQE7QUA$a@?J~KuO#BU8uWi>0V5>APPNen`Id@=HJj=W_ z+2jw+PdaYH^Apzr8l6Q45A3f5^<{5A!#xrm%BmBpTb*@Oqf9gx>aEtNMwAug@M6Nu zIFS0x@XT0%WZZZadzd8h%0d=xKY?(C$6U)`cl!gq(vYjqEl2r_lV=LLIh!6!t{EBh z@Et7c4&});rX$CY8jk{=?$oP)34j=_7;}meUgb&}bZdAP=B1e~CAT*y*!7su``gM3 z-v2TdWe*+j@co}#C}!jQKe_~u@BdMh$Lc8l(jV7>s;omHu&CSokzZTNmX6x9k2X}yT(`?77qE>j9=jeiuM2ar) zAk9S9P|Vqtnha~Av1HBUeEtKUuxYF?Azn?){0=R2-41IRUAlwN$&m;PG8W|)u6TVR zK-(7LuP}+EXat9QDVlIAfdRFR2#Fx-0d}VWV-bnT?(Xg~1`RgjdW|`en9QFOiMM9u z98bCUU65ZjR_UU1EmTK5%538fy-je9F*`V7YX|%5J108_`|xX% zt?Xa2k30M8X=YmJ!T`(I_Hg{@;eg9%)^N>^O*1k8DW&m6ZatWn)97F(w+3neP>Igq za;5YM=s9G-4KT@Ut7QcS_eSlR6m)~3g)S~GN~BA7?}UTVoy*8C-B*Mp?YHGTm>o33 z*v?c7x~ZBT?Xx95hJOs`r_yQAM##)~Y2gRrcSt9Lh7Fb<+9|7g&@NCPtnFG(5F3!s z<@UHX@D214k|1OX5M~*L1~AncP{>i&o>h)#1yxR2N`dGV`9}#{RJK&KmL$7}Ts8wJ zS7z?&8J%!V;XtkrvERb^ICyUJ5SfDCbUQ#g;dp#$nhC=UOc;zzVn~fQ4IgTm4)eQC zb*ctKIws#=pYJ8lS;t!=K!=Y3Zr~#%=Y0Sm+-aQ24m4vE$ttZ#`G$L#VGiB_cv!gB zl-w060Mt-8Dp)3hoC?f5H7PojkzW*iAh7KpoNSatL>R;8GRG>OD8&f~$>sX-E+cEW zG^I$q#cs$XlZa1fn{;6vpp1ktwJcIzK9Fzut=hfEr(D(@p^_QBFn%;AneR-2FVUjc z;QmNrMMz>x(p(G*)x}}m<02xC)u;ke^dtwW#zQUuIS!&vb({WX zpPVQ9D0@izpxZW+-$cUkMBeZvt(7%BX5>AOai086cX3Z{To=LiX(JTNCRZ?F?Oi;^ z@d!0%bF1;Kc^T4>DDFLkb66xR#3Lx2ntu-(iWW>@|3t@(f zTXHNrO|gymU*Y1Bn|_*GZ~5YfwmjlVWIbf9Z~?@V-Wk)2NKzjh4U3j#7TJHOM0$aE zrC4O9_u(A0N(oQ_Rr%~h`W8 z)O`S$BGDso?+GhS_v)m%tYXD$bPz!jc1p7eBGvE~L~#S%!Zb>XSW+|L5Yw4A*yIn~ zrJw4ynvkK)GO)$(QqkFp`))bpt+^-!@oXPO1}|2~jz?o*@m};D zsk^qlu{m2!P-%XY_&CxwRLP!^K=BIZmTSssOX*kK&=Xd@aHX+;J|e28Qi6f=i} za~P&ZplMWQqsfz?w_)en^uvfW=yxi*qa<4ONLn@;e^8BEw61Q0NOKz~$3soKYBUTl z#iM6yKtkxY+<+6{yh{d=e$v98FojVE{8%fISg8qE9>L59CaT}}{YFtY;<1~0?Uf>{ zV*;azoW1R$vOq17ueY*pDdKp157yN^lACc zFcn_BYMLb-N17E(qTDpR777%~I2Q!hnhC6HbS>hGBR=J`5B>sm^M;#}$qF2k< zg!7*SutpvI$i#_F!Y0Xd0j$R@BJ>EM5WSougIdEF44fH6LBF)}WXpdbZubI#d;SOq z+yb_O_ML;3-Ho&tAURP-uD4>K4c$qQ*@bb|5(aH50Gbzz97%Pmgrcctpv4FL#l>yW| z#Hn9c>AgnJq~T}Gwx#qwV%<^_lsf)p+D6+)+Q#B&Z!!$-Cx(V13NEJ9FI+lip5>z$)V?#iK5O;Z z31jKG%MuXhfNA512TgAPehq(xQD6wCPfzg8yK7n)m@}fM%g`=yI$d;xd{UReG(<@M?yaj_K>{h126j?kl7Yr=-eFN1zO?W z6?$-i5E1JW>^r~y^XN-Dy^p?$Iq4@8mN#Y>aM^@l@4pD6_OBDMYWk%ZURug_68InY zrqd=L274OXj2=-Dsi~J)mzVLr8*Bn6S&Q`=4X)j5G@qyr7o8~)tdNYt)njAae9vUp z9Uh~K%VJ69iUQd*leiG0thj7;7I|Y$@XC1#;Cd@&)exdy&%{`-w$Ej`fF#MfLX#ws zqQLahLb@7hP7Dp3(ibrFo9qEOzX?<|hRYI&nRgi39u|!Uqoo`4MK9Ac(h-7;egsC3 zk3tL%l}++F+}0frqr7LvW(WW0W%d7BHpWOFkGKEKFDw+s_Mf9Dzh?iVCLjasKj#;7 z@%Uebd~O{7eIzAf|FKdtTI_>Sbt`Q8tpPtGb|0$RS`*0Vz-=RieQsb>7$53a?}oAx z$-YUl5*ZtbjEzKI*hoYwyeIlzQtFv+1{05|j{)(A_#j>-jIKBFv>;oWYFa#z#OIpo zR1ue|hM;$VK2=JjU803_aa2@vMoAPOOdR$e?XFH~F2}X4 z(wjE=?0xi`WCdqTOvytE4y7U-479TpkF`a-ul2r%17Nl;vlZW3k;$c0G=trcnSVb zm#ZbY01o2+vc;bG&-1y3G5Yz$)Iq`UWtL(T!xm`ttP&C^*$8v|i8Bg^rcnTAB>ZJ=cxMb(yjwt^tVwe4SV{ zSY8SsE9{6#mFH=9^(1G$+d@C3=aFLjs1$}3jpUkA#^tiNt{ITgyXC7U;kaXdQw}U# z-W(q;+JPbGO3)jc5=aX&GKLQGlO{Q;0?t5{DjL!mT)|J4c%-e9j)`Q;HW@+)Fz*%$ z9KuM)lYD46E15GjGCLZl`o5NCZiQ4|p~cXoBqjRYPzmIY0+1M2*IQKsp8?&(z%uMZ z5FYwVT`Lp^XS9XT06H-VNWU>8pG7U#ZunO+A*I|Y#68`MMkXWkO72jfp3$kH#o{vi zp@)M?I`}MZ0}@gPgfZj!W#987R(3R^CEDD!;WsJE&ky!j6G-~MSo6!xS3($(;8gFe zR?DneF!GmZOm654HkF9#G|12y$l-~w_~s4)U~pBGql1dVdGGsaeHmiL#IfnA(A$*l z0JXpRw|}w3$C+A(#D)PHzeM_q#UBeb$Cgufr%|aIX@`Cwg4SHYQGWWZV|EZTi@{1u zjM&%w=}*@CMzuEaXN<{@lnFL1dYDP0FOU^X#ZV#+#H>XO19~I}ae#UImg$2T>Y5w? z0vt2*;~w37{Y{jC?bvvg*CKK`{y2eo?7j3w)q%){*BhDv`@0F$arvd?W%xhmf#|OT z`M+XeAs+uVTU;2&e;G-coSpqu8bDS11PG^X3zalL0K*s4Z-JB=D+|ZU!hepkaFVs) z;%pgq#FaG+7lR8X89|Yu7zhU8tRsBBeQ3p%64ra#6LhNJEUr#qaCcxbxN3JqR3YgB zq<2pi=T?A&1F-RN07&I9)9@`Gq@Ey%;vhN!ifRL~Z{2*-j$Qe7eR;^ZR?{v_J2 z>dmASL(A)N_nS7%!a}&>DY?vQCyWa~*WrCeImkmhZG{RQnZy99qJ^3WYlGtwAUxG~5ow zDY|W}Xr)}~mNA%sSc*{PqQgrvo9c%?4Pi>t2!L{gu6Pv{SgmSWx4P}O z)?DJ0bunjVXtp_-r5W=yN##YYKBF2!#Sjdj{|mXrLX7@j$magH)BlRGdhrpzXo=YW zopdo7-zxgJ0gYaP{|*=UsW=Y&G$zykVK#k9HhO=P0UochYx%mKG0~zUBBmT{#!-ya zf5>*DU+9cIbR%gaWp2du3b@0^fhS!_sND%E?}YXIwk&w5^wJ>=FvCEqhKrX+!;hNCfb(C`43|tlvcq|(TYcpIw2k8 zfVP9~fs(64!lvRk<7C~0IE7MKN4!SxIeV+*S^ zq!tl|6m^s$AeIsMBNx94FD4N+Vdl4QMOI3I#RYPmeh9f@^_i#^b0BpQrzvE9T zVN=5i#M7|hvj;<$CS~y>3L5)Es*(gy59Rf%TlW-u6F)%ZA1O2`KVPJqm^0w7$YdA0 zlL0<#TZ>*^6Of^~8OX&B(+|&NU{8Q@HN(0+&Fb)ksxQxQd>b{Z{Td~pjHJy=ApY2c z_cINKg961+gxU0vLJ4n$Z|u}J6UUa6h%r8|gr;Gev3CmK z#o}~@wjy5>zJ2}*@FH^6$b`kPBoub3hepB|iB0s0JzbXUpKd}4xDE`kcEM~{}eDM)Stu?f9!M9=?CA1bVGy+j~{e`$H_`A^>Vhx^DrHvVINF`v(m<3Em~yv+Vn zn0vzslCOgS_&=ZRk^koA$MWCN6d6xBO3ADJMC2b0Mf^LLHw<+rOzFNQ0_SrSE^Y#O zH$;$pDq@rH!EHM1qiOj-r@y_vp+A&W!lSd1j%^agHVH3jlb``O@S@Y9sEVL`hP@N; z&Pwc{f`*L9cI_XWln+;qk2ltV*x`?bXc-y0@NKA2p9mjLq?E)jR@-tYCngz+^9GBAo<_oLcS;db8#I1Ya}K4{_ok(F&!|b z1IBc~3)2Don{|HHHsn!D_?~R7B9+1xd*4AHhn`!V(PSe1@A?E03Z}%zjUl+0qg?Rj*T(LMmrvFA!lIcIW zpZ^79pVq*b;2RTszsecqk^J$*(Xnrg(ZQIwfeQPZsAn^}=M}u8F7CbGy)0IYCxV&aM#dGCBcbQHgnhBQ^Kh3Q+T+^%4bNoe>>mA!p@zmYzw(AA7{I>DE%SYpf zUA_0sxLIhX9U87gD#VF;(Fg|`&HSa8Rgf=r7D0WW15;>&y+$!92}(LXt+fIT3T+fL zjev}&D<&c`O0(XAMX}mpRT;DhBTT`8uh&hU)lWHcM|$L0a)m99&%R)=*SE*rR>if` ze1v~|WoIFHi;5XK+(LWUz4gtQwQ+l2K3I zyX{EdU-%@yvJ$1}M#MsY5J~|o5L>RK7Rb^R8c->h0Vq#o)bMC4cmw0)Q%^Kj&ySwPjNFQkZ(WkMAQaeKpfG78cK8EPqrSqb7EkBO+UN>xi$nJ4J%BrvE7_^R5 zjhfaEks}B;bVcA1yu#*S(>H*ofQJ-j(AD=^p(DCle()3V^C~TANy5>SvbVD3qZ9r+ z%8sfv~!>tMQM)!y40IJMdj`Vn#%@ttFyYN~@(8r73 z(;*NOez)3za8t#>kR7I2Crb5-9wl&{$KPol3P8wpbo>X+N+V7>5I9?d`k>JJ2HH>t zrq_Rh9NQAi(g4$=S1SFDZDd{v!nILqfP<)nTv!}FFe9^JtOQ;fkLg(Fko0|L2{|phK>O< zem5P?p752J6lz2by}4+;ev4p>(-fXUz~AwBgu=nfaMV~I04Ee)!derlWpXmLD$Ad z6IxF=>P+KxfGdv7XO%)LhG3v?{!r&xF@}9mtTvz)-efpU;sAo*B`)PX-vR%f;bBBE zl4#Sc-rx$#X-5MB3JmQNY2DQ`Tj&H*EQ_E_J+eVdBVr9$-Li{|(3X!W&d=WMtdg+y-A8RQ$5dGYl zoS~|?vdOR;qGKW#t~j7w!E2;N3;^^1RTD@4 z+u%$r94%FE@&|GbKQmzv0p0c<`DtyH)mPynhs^^Iip3GJ@Cs>uD~Sro z&nY~RVTW*+`KItOr1ph8kY9;JsOVI1Mg`@KK(u6dsji%&X?S)QWuYO>L2f_>xjgd` zz_sA}M#ChLk!p^}E+mV%XL`+brUG zC`m=4t-BFH&dS|fmt+e1m_A|CRt5+M%zTAppg%+IRJ74_R|KxsmY^6l$!L7HFsQoK zqJ(2WPAB*|Dat~NWrI0zkl6w}F!44b82e-5=j0Dv#PE(yAevLuSmbS(;uM?vIROZE zV&dmSvV3Te&_l|I1dH*72k!YAqmQtKM6#oQr%4hL4CF0nDS(zfBj6&J*Z{QY$H$?) zdSE!cvgh6q5DaGr6e0G~51To1zI_bXk1wpfxg6~_p(ASRrmOjuE}DRF6cpACo#E|{2KS(iQ_ zYWY3n7<8G5Xpv-IJwT>kTVh9hF7t;;gy_e~GI)`Vj8C9v{4(Sy3@~|D&XrPwb3sxz zrSm^iu(Fs;0ytGA-hz#Q)$ViZB(D|+T=B6SR0wwBMV}+rZ;V2A$0c@&Bht4TxAAe~ zjR+IpMK=RmqZG|ayQh6N6Q673?T{0Wg5*<{J`pG$qCOuUlNt+Ue~cdK#|;dZO?)03 zRuah!w_U6D+chVtW{<&!V^tXz`Dh)st&qlZ-(nVIB4CMjNG0}knza+E82 z-}{D=SIXh>@WzTmQ`kOoKMHm!-B0_Fj!EOwp>RCim*+}L5nDQx^Q1!&?$?Y^OT3#_ zQAmC!ulhDnT(%h%C09%oLUB1=bno$U!hlg>LLI(gBpHpg0i^V->!A;RDbm8#)s@$& zNa2&Z&01aj5}rsW`QCT@BE-xULD*KL?c+{`C?KH@)|37ahXDi!>6?Xwz~?fEJHrV` zqefY64JrTUvRY5%mB$5HKi;K9!PJHPRW-1a^?r(o{1Vl7e&yG@d<*Cn<{Mo&U6&yVm-6`jwyyt zNmOxpfo(zB+#w?qd3a#uV4z(2?lkoFRbv>y;VLcCkvOy1Us{kdHPw(3;!@X!4Xl!{ zk035z#I4ezEAVfZwH1>m!>Y@d`df9H#meci8WNaH*$5Xq{O3RHH+dMtaORUC+nW~y zLRM`?q#I_hppRF&GQ_}rPIER>YX$WoQZXTx#O>I^q=6?FrpQ+@K3ixepoZ3#sq3uN zBEhIK+5(95meFt(PzTjilBd+#Jjd}F6@&&ldBoO}0*Bz%Qez7Hh;qrS4__PGOhx&ylPRAfsoP0+Uc{4mLv8tX`|wjBCU<&%@B=} z7K_@|7%L^k>RlzFd5i;x5>V0nO3=dp{q5&OH0D$6{DjP*e*9LPZa|@H@j0CIPPK_w z5x?@LIh1o;>}%0u{K!F!oQ1x8>QX;}8~?O`%BPP5Y* zgrcDDymvLesH{QXBmKg_ z)&^}@S}9+}t-;e}K|tVH=B+k9oqoWv4I0pa6kw!< zjSg?Mhs1bcS}%c4OQz3a)%yg`jsw0XtK~Z^v0&8hPU8d9WSJZLN->7gHYqeNQFK=y zDuFc0VIoDM0;haV;7D7GfLlQ**%VUi8WPe7Hen)@5D`m~Fffc5)zDiVpN8-C^MW75>aP3QBeeFxhb+K6baAuFq~YAPv-7ZbN89xKA7r#Eesi)fF(5^*N(=2M}I{osV^JS zZ$iCt$4LNS+01(+l7vkH86<>e$7nkd@T{+|Ft_|Gy%#aiD>O;5NtJ**i00pxE%z`g zVa0-^pMYba>?4$4nCy`Ai2z0Krb|j$pllo{F#iMJ_EsORClmO5*T<}(GGl80ZhGrJ zqAJQy!>p)J{4O%~sBB$N+=)~dChiQMkSxM0+b$>PewK6}IwGxgk` zh*-kk2_psi4@2li#;Y3VJXwaV1ni-4^&79AEm#_15YH+}{DE5S&KhN=sr}(dI8=vlnTL^vHmq+NO(^^{C**=6GIW#-@1) zYaW^>dQVVF=}23GJe!H`@^AcB;V-$2Arv`8cEIns`w}?jSmhK>?Q`$C+gt#mTsDsz2v*(dSLYrG6>`bG>R~NCJo6M_2?=LB`zF9XA|+t)M~^<@xP2ljgy`a@Wn|-VmKjFA19DaOhSVquDiY(9}>m&Ed7Zl#E|;2 zl43tjB#{U-j%`(~K$uIbg^AQmRxpK3n2-({en0rzE80X+`D%-n-u<0bIq*OrU_p^^ov@hHL2WqEW?owN;dh zfhMR!(_}3xd6etz;u=%{Yj;U8L9uzO=mbaF8g+OP2XpZ1Q;&>rBCE#5J-%YmadEW4 z!3=B>IM{L!v0FZpmZM`4`>K!outxl{On%z~-7vz3aj(4YbYBI@#}TV1S2HR&>J>)_ zBwp{JxbRo69@kI$38H*@n#eHrx_?PiC1Im3eHeOd)s^>ZGV{I?!LjKm?(;hqr$w+0 z#82q+D%L7?)p18-G~rfcnY`^{Jv7}rI80um?FhF6H0)6Pm*5Ne)V;Ygr{u*;hy<j5QTsl!D~gYz-z}AB<|0-gDol{XxZ_5N zNlj|y;9jd~YbHSX}c?&K?5RAg@DuhXwO@>}WeW)TiF@8364{b90jf1lC11Ens4F3>w2nR0Ia^hYc z=_DT)3FRs?8QCn8L1bDr24IR3N@;XYChc?_TjZD@8w3d*M02RT6v{%SD(9rAOcD{@ z2i>cLU^HsnggJU*z4djn0m#-sdC+H}kI>NH^~kGwox5VjR>|%#fBpaLy?KAz*0m^l z|9$)vF!fqd4oS_j!^Vjf+iBF}=~+&5&a-tXkc1@EB)|fsWY*FB>~~Fj1VB=A`dOSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Qd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e z7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4smIax`t*zzhNUO1`9S*PjCCe01sIJD zhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@INV@4sXX))SZUfk+^b;h@J>cr{4(w(< ztfRzSwzroRYx;%snZER@(|0(rIeg1nl)xeo9-wd>L)Y=SD#1u%fNt28hFx5Zf)2b= z^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qa zy5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58 zP(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_EtUlilu4FpSEIZX0EYTwrTe&zLWHeE-n z&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24Mf`w9(+NEu8wm%ad>5XM$c`are_DRX2 z7Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p!Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBwqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK z5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*iWl@-?iKOL*bGY3O_EESe(B$iMZpEsl zq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb{X=U!C_kIObn`ShM{kENL(QeRZXfmI zu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuuxX+VY*13t08QRA*LGJ&wKzaX2GrJK0p z082o$zrI$8FICdkZq-m=x5Yt6v3GyC3!z=(lt#_? z7hURp^cWtLc4_zGfhSewcrCc|pfGR!&h%rsKe;RIu68${WEjeZYTP7;qkisk!-Zez zp#PD^z#{{Wt<7s(V6~S6Zcw1U@?m`W0GR)hWzoENJ-A$UJWlAH33?nvz3FMAe)ujP zk5Octj#+_4ZW~tDmmSehPPC&S26Rh6yPk`U+n7AoUV4w&x8n;O#@<5gmsy;sD1c~! znW!=h!y&pyLg|zxQkNuX+(b`>xJ$CE zojaJ+BUwzr_7@2q2Mhb9ea;C5+Lg#zLH|q8lbt^X#WsYgicDKOWHJlagNCEISgR{d z@sdRSn>Yp~XFx$#7=9h}R<1Hv#BxkI%o(%m<>bvnc=7G=jz(=TchluW@F180?>4I4cYUVF_TW_p zM&|_ClcZ8SR*Ff=>%igz>B`YEiA1yxD^|CbKzaMP(43TP{;k#|*2+2hYy>!qhU2^h zT6mtu1FEnT68XV@@=R4MD&KVcvX{K0tI1Jv%)1z^D~f#Fj8>SylQOTmk+ zy9%3psLJQJ>@ATX0t*DoY2_an9*MS^t480=ZKOOii|txYJC_`_7kpiPmaz(lOUSyK z9_5XWt7y4vO}^ZtTxoaa(r)iIEZj%a9NjyHNKy5nQEiyEAJALnF@}~qoYylRS0#D!8=B`PrrY=Wcv()K$keW21wYlo3LL;@ZtdhZeNo=9@v_=gdm(wAv z_5#(@JndAQ*%z2$JhT%~;yLar3%YRvLCWqAK|J}UNy6!f8n$Y#ttLfTdkf~Ra)Gl` z%Gx4A-UvpysD3T{azU6$BfiOM@WoyvmJ}Mq#(5>z2ZNZiGgIX{Rj*CuEI1~0>@lWr zc<0d>+gV?uId$Jv1sp1efLX`RfJwukuUexRxO)KnaH}&pBKpk=##V|DAn_ z`blzaen!HPN>~?n_=SsV&S3@wE?5E28`o)^f>fV_ls!bB)Q_=WEB2?p8Z;7nQ*OmCR~OYDdiEy4tX6nT86z{_p>aVVfW{j$q2eWZ?oR0>DK<~Se6;z zHcnl-Oe+RN&9RK@>B}9CASCisDWcKI&2j}?Y~xPSbnIHM#TD3jMxj8e7$-^$`i1fy za6YGSJXix`H@6Jm-b-A#P&ZU|eCvBrp>$o-zQ_mgscrjuSS~jBU!ej$%_cao54yr_ ze44<#yC-2hoYMTACY&t}TWr{mW?jm02#>eSicY$)dk=y)s{Gl*G#SqPXCfgX%kL~6 zG0q&Z#<@pQuNExosS+zmTzn40no>H1De&4FObq*+p~X)!B!m>@%$jcHWJ)dCCJ7yd zH=bcuyg(OzCku`7^+mtV428>qHxQGR!_NC$IVLJwoiVOmNLp8?Wga2cO(G?-aAjPR zRCy)PSuT`F@Q`}z+B0|XQlV1WXI{C`hp?^V959J0ELyv6EG{;N*vb(R&cf_e9cgaL zx<1W|^LrvF`0W~6p&Ebgu+PGp{h86^GH6?atG%cl0pf!UqN6feUp6b=e=xC!l8MF& zUG&efE9O+l;l>w7Pu8(IJ#-GTFNeT%!d%IO;#%~eS#UC9=Mg|2qqxc2 z2i*5JajA^|wxW^QilRE*IIGOG#fj?enx~?uC2fGUlGMu^{h6wK?O5O1l~GbAW6MOv zIF_%bs;0GQ@$8a&0$Rrq=;c%&RIX^r2h~mIttQME0+kUmJ_@sv=o}MH3|csxiR#a2Mr83W`3~{ePRw`^{KPapt%2f9dCMO)TtG$+2kM<%^0=nH%hg6QM)%qm|>QDhBWw8urG+=s>zqu7-v2SuvVi zb`OJyuwpv#_-tJB>Zq#~z=YScdGT|fp+4y?%Dht5O1u&fhWY*14w7i#&~{B5`^|5&S7 zFsx>2U+5%^>6I{5CcI|OWp0}IqRwDCHW#?-iSq`8(3Attj?6ce8yozge4XJs8)8wl zWT^%4uAUM}jU5c8N&L@pfUY>!5LJcjYZ1FeFtt8w6My+rqb%vyLl?T?k4^I`KDqRq zz$!f~l^-o1B6O80{iZM+bM?-_47Z6jKJ$GQRD%z16fzuH<6UAq9ylu{ZM`+MzNkPM zduN-$pT*DJG4Xf~_wGF>>7JBXf+p>>6KnV~9hGkDcOXcsAso${C2lTbkhd+!;dzT( zSchR64!X)Qf@8@4OwXJFy0)55vC$ovncvKD=eIxZq8Y4HE$gjmFu=YD&!qo0+W%%gL-=?%a)|Q;Ph49=VV2R|SsnY$;yKG8lS@y$3 z{#{EaSFu!cV3c|8RKdq-xkl{ToVLa(pv;S~_=uDzxzv$W>#ZC!?TFv16-wLB1CiB>qb@kND4GeJ7@SzZRf*I{&%povANrV|JiG@f%Pyw znOp!n(hLrgejA!Sje#cS5j5H#Q`tOu&^T6?n~9HZMl z{LZ@~!A&717NxvVTe8Nep7t;t?2H9Aa!X??(&s`~z6aBx@;e%?Pk zIBWup-w$5@`r^0O!SDO8UhO}BeemQkc=0ND^y2yBgVzTyp2J_i1pCkbC-|>}=Z~8~ z6q8;xdQYJ~RC*Sd5zAF!8Mw$9fJ&t(A%uOHS8_VV0y(E>mZKy*zzL4xJm(r8fbA>6 zFdoGdsrOWv6m(OAZ$L_a(vb`#z`eu$o`vWpX3Av0BB_lMypuBkrtuj9Z-c607!GGY zf@Q@&)~884Sr<7E9{_2s-GH~i&wQ}wIt|D-WxfNdx$8pUsQGpA3g@X7qMfG_U(^jJ z#dmB;FEJx{rg;~j9Z+6og3y8J#g|3ys@jI3vSa;n@ZZm#1P!zo!#Uava`IDL>ja~e zV(;e$;7fRC$=ptR{j)5s$rA`4V4OqmcOtQhs2VDJ2 zllzY{O=(XTUyEH3-bjWlxZ9LuY;={~Zc42x4a@;2aZ<>1Cn!Vh+~Gki_d4(KZZXkkyQ(TIXrgY05FXZIR)ztbc>AqPfb68GOllf0dd^L{#r+Q5#i z_pcHJuzKe(7XA7s|0JLmn9aR?7;=7Q z;?Mj~n}L6PXckxn=q$`eC>nHe{D^Lp#iPnTM@@L9#>6QzU9?WGrimo?4u@u$&ft9d zNJix;yK<`hQ|{iiO39@!-cpU_3SL?LckGi#rN4&ZgbD>c_z`JoHtDKd71rmUpfgA>G){ym@y^gFOVK@|;j&k4D)Eg@3v0TZ9@R<$2pGT}u$Ue9;-PUj zdgxBZ(loy+U@rPGB|vtG+jOq@Ha;#%nqG=xg$Viz{91~)@X^l7JgcY|5=bQgyhDqe0a;$#Ve%&tOagZB4@rH5j!j4l-|wnq24VVAZd_ zAn;Ene`R`HmswDDIhu;qWrORe6f>T~F3V`k-mL{Kck}{2!6^Q4(nmXa;s_T_r-JVBzY5urcyqWq$^bZCR2k8bjaG~1l=#^9O85C3>a|565^tJ{BW%|Ey1pBpy+Trqbs zOA7UyFz9@2_@^Adq7TsWxjhu*PRD{WFOx@U11(M#^C`38OiB3?dtumjFCQfe81)~L zRP#$e)-RQWu<}9v@ssk$l!RumD%6IbLW`0-y(_jpx5Rys&|8WprHNCmxhaP}oU}b) zI2#96nX1Q0_~LlHl?=m`kp|PTTQ?eY!=#?bu%eTS!fkOBm=$1RK`F})ZI1}OwVh6X zM;oH;c` zl0w1{Xr_u&_S^(>n8JCIrNg?a^Fzw{V>qbO46XZa3`2+1P9>6iV^d=Hx%Lr_a4?E`Ke+idG zP{a}}{>~O~WRC0enl5^_;ca69N=fUIJm`8Wi+N0!fj9>_Dg~{%KGs#8J8{Q;XAT~g zC8@604oDMecL^YD`aJJ73AO?^_A+#9a{gUK-pNq`o}|66-|e*T}W?Y*5_`TukL=GT9r z{rvKB|Le1K6g&fwxA6l!87<-R+32sK*uQt{@Odloe_DzE%NHJEXwNY%(L6|<4t`Pw zkKX`Puj@sU>0f;Q%1ESLTF2z{r-o!I&S#^h&fG4Rc;z)=SPS#9qy_-mJn7<*_(>;q ztglhPHF_zQb9n+pM&JzKu1>05%)l9+_}vE&{!g&}zopxC>)I}uW}c@n#w}%iUio0) z*o6>14&0u>7rOla*G=93oYM@;;|gQim8~XTV8Q*rvv+UP*Z<$!zRmylS$^gBf8~CD zF@7Mh^I3%LnT6@!J2a+v`~2`3)Ww8vH!J!Lu}Z7tO|&L(Yo2&gqSQ6rihj z9@P1Q$DYd{3^7G{BhnfEMCWNt-p}jrq*PumE{F zjr;Go7&DVN^vV>~I=f-!?BR+Iw3OnI9hE{-kMb$frUwdrz`u20^*F&=A!$}u%fg`f zaZY))>=urx%Z%w>~y1V0-h>)%DF$d1G0{#$7qWReL9|jj^V%+V+_BSLUI+G3L2X zdX`+z&n5)iB>xYbPkb^%KQy+M_gua4g^44~&V) z(Qf{zXkAji$+Rh{-c$(wT9KGPK-d&3?nnSD?JlR)YV&5 z5vuX$j;aOaXSTX}IVhh2na7UUc65Kmg}Za|@)tF%-dD)CJuIu_1>n7UUv5jco>wK3 zq*DwHa{-n1SIGMB4Zz;pt3?g^CARz#mD`HTyVsxGC{K8k{2vE8byb4(CHcRd?Rz_Z z{hu9R3UB$p&+(hb|9SiQ!XXE}Y-*?OReR96<3a;N2 z;ES4stClJvKh7&PqGBuXIO3T5G`ps=`RCKfx6dMg4f|Y z(rRLwe>`g(nw~d$yjsdi%P9jyIt4@4 zv(&AA!D8L-LpVQTOt4>C^;13s9n4Vs;K!hz06$j8T2AH}{7dSj;9p!QD!9BXcK17_ zCovU!lp`r_l&M_}UcTJC)KCK=x2h;F?>EAeBb;9;p zfn7OXQExZ31xp60HV4j~l5F7fHV?~zL_?JB=Bz89Ag&7cGE4h7NUTPIxhvp2C<^L; z9>I+rBDHJ%NCo7Gt`2e7Y}oNumdappr8ykF14=xHL-e(toXrqJ$-`(S^Cj^YIt+mv z#1j?&zg9V6J@h$K7J9)u!+$U;DHQ-rn~gdSe2xY&WWlc9OB?0vkwAm|2EqofE4-Byi!it#pZwlR_2v5%a`9ZEicH0iaeUM!dC zKjFf{agW06T_8Q6;Tou_scr%f9f-2YQ5!CTV@4LvZ-9Lq*w+arjSuudi4W)g-C1)? z60&RP5C@&oTnGFh#rB4%3!oWD_h}xk1fxXk03jGwy$yUtSMLb!! zYgBcSx2!LRg)Gsg1k5CLhA_zh^C_8)j+BWLOr3@qRKg@pFf9u5$0OboUMyGw422={ zwYxrI$Te_ziKda9M0CT?QSAYJw8_A&co7=sU6|=z2VgH!U8#&>f)>+c5)T8)_CpqU zT0&uJfy<}BB%M~v0coY!a^l|_NCxl%!VQ7R2OJO})tL;6uT>FjUjFu4$)n1h`#DXA z&@Isi5wVUbq>Q;8TxmIeE{PO6jnWNTs5!uG!f{c5366=#9rMsHfRSo*hB(AsPVD0D znp#CCKiSE2NQDDcF3LgMxtw^kOHIv*M)T(93`Bn;jB2j#MdJiz~L8(FBU#02yMhBsWjR_fo*){J%*Et2}*M%u$Qaj z?_xUPhIh72cNVhhs*s(S3m&m{qw#?=P5p@GNYqYwut=rQWVGl~rRa_ukmBZ~LE0Q7)jORJJc64h>PD%NeZ74sm?KB-JidU=$}?gTS$`Rh@nXiZExsaa&s>Dnwukzy1P z=R{Slt*HoqLrQ?^MW(EVC;&G29p|Eq&r{f=O;T^34TL=YD@Kp z{GSr%U|p29QK|Tl@7tdQz#-?vhPtXB)(|PPj?6=FV!Od|4ed(U?x1xA?pGn5 z4DnmUIkV1_UX|bVN1+}Yp%5Vi=WZO)Y|XHPZkASf9;VqmxB2&S_@?14OjM>Mmz|0s4yi!mBqQ^${APm&#Rx2n?~8c!h?EGTP5*&l{rJ;yuutkD3b(O{A2DKOsG`BSC=>i$w85O? zIHjRks&v&KX?u%mc%3@T+^3_N9jxAi%BG)=rP3-e>L9iB;2A3S;Cl^6eOk~h z0Rte$aqA90K0e0MKh_g1Q+3`q1Fh5VP}OSmjbz)0&iRc^-owkyX0R0;1uG!4oI8eW ze7&hQzWnu@BkOgX6hA=LW6lRKiHf7F$8VqHF>C~uZBZdhT`D^29+E4ZX`t74<{aob zy)ALH{njv~PTf6xKh@n*tor`2DS;2iCkMI_X)G3feJ%1K1~xcsnBKW+QEo(6QA$-_ zQ!+HmuY`_!Xr%u_i{D9;<>}GMeFFrK(*)Z?Z9`^d{&0zig>|g87om`Dn)Ye8R$A9N0uRaE>3SpSrE}JX-WVY8)L3{YI z($A`(kCJXK4dLX?he1z=q4vn-mW)J75W2D)M9x829&OCo{|ssskpcNr{$3;{vpCg~ z3|=zme#s3724k5m)gYS6y64eLJMPSaALPp)>&G{N&e~h4 z14OcpCCB2^Q?m4j3EUKQ)P&O|ryS^hcmR)4F<0vRzk3Q&gMI@l$uk zV{-|T?zXHJQKwEtS?g7ILNOCT5I}dpMR)XC8yA&MVg0L#IE(JC?i9VRdL`K783}wV z0T8VRa}5O7Rbi2|5i$kT&Tmce26UMDRb9!^WOz5?hfDFvyTiGTs{B-|&rx7!=3nAU zV3!6*3$RL4UR|JLSfoQJd0!mt-!1lZiNU@JI$<;D^x*&dP3p;2k95K+)dzlC_GX?` z5|G>X@}pbth1t5hk|${j5380EU#~8+mP_kntihuT=<;J%clrB2pxYmVnIkxr%UWB` zP`4}5<$7cH9ngy7m-@Mm7eWl2jq9XSn5k8E+TMkE$Uc92t}(w?SkpLoM$YBg+)1kB zSkwZ@J2%OzCKq5cqL z*BESUTA|!HWGeV*93zCVKM*q%#iA6=P~_6(SUJhr$~v$z|D`wwM0q*AmbFu}4JqoF z@LnVCRM#E54(DL*wf9lKAve~aU89+riO(aI6=bj?#ds66H_oJ2=68ANv&aSKHwizU z$25B&P>n6 z;uFDyJpLEiwl}@c1c`q5A^3mqc&~~cdLGkWaNz41W@jPO#sx(PU9E5D6}J>g0^Rtu z%<36BebYL6%ZVhZtLI!^%iylXCSEYRD5XC>Sj&1qha>O2O;$cg3mMDkkD%T{x#+U4 zhw?Uop;UWdE+dFZ=gUe_TrmL|Ol+tkT9`uhA~>z8*o`_M11{7)NwYG|w+LkzrhpQd z4&gXgQJv^I?S*f!Ru8%Wet2f<-l%3bj;Pp=3K_7}=bBU2y)qMvx%R4@yEQ!HO+|*Hn(38xOKNtJ^Eq7f=NKo;jDBKa(5iecWH=q^nouOqvkP*D^okGzuji)1_(nOLx1|DQRw}=wH5-oxWc} zRunoSDMF=>QBlB>U;tFd_nb9+w3{ANY1HM)L2nFNJV2F`Ed3WSh3MIsI+>DyrI#?P zLZx{A;RX{xYhVRkse4%$?Oo0!N!{uJgSk9^@w)qR|M2k1W49!pq)R}&K&gi;7$L5d zI}M{3CRxPx+3h3OAdc$gldM>GKiHwb?)mHgsnUerX#S`40)*GIXgKVq(}^hqv>^ZI zy`3FD|Nr*A-P`&Isu< zAj{-SvcE5{+bdrlx+5$7=Jz-mfS|jd_0Qr7EaEhaevO8B4Qejz)s)Z0XoUP6ZYSp*5I#a54-}*;iFVVbc{wM?b zj-08PPgUFsEH~WhvL~=EN5P1mv~qbM>1`}Q*1ZWDcV!26J{+mSdpKPfi)Iwalp>Qq!kzD?(B4|w29Kwy`Yey?`xuP6qro(| z%&iH4L&c(~vr0UOzxpk{Q?TqsCd3TyCc5l?fAKq~~kIJ2&jQZG=$31lEh zA}eQxax+KD+3Lg91ClO`CugV9?X6Z1h5>geZu#C0{Ut|z?b|rs*F8z*IAbo~50@pU zT>eF+!PQ#?ZNG|!(FE=yyGJY1zjQ$4LvKIn&|hnANezRcuB`&Aj&v;?mbuF`*P71P zGED2)LPd|@FKS${D|96=Bt_AhFvCz-CNB2oe=N!X9%O_F>bsJ@(T(DL)Sqfy24caY zWzn7h=Y3%-=+n{H9~OHg>)BJbjv;ruC)+=dp4mG|6sI z#~o#u!TOvu#iOxyM#3Z|KG5XAd|m|{3mOst;X0UsqBDa%Am{FbeaVkKh~e-eoN-nA`h(MfK75P|42%-47CZEbIETLNSY(5(f$QVY9o#V4(NGKiB_oVQB5uD1>_ zE!8h+HUiv%9ko~e$k2wm=>gbVbd4k2WXsQLu)1~`v>pl0zpbx)U`)PzTd!Nk*8KMq z)>-*le>bZC(KZ~n1oV9U&-Ui#?zXT0*|>LG|M9c@=IVd+etr?%&&OpszC!ELZ0FZZ z&HOE>3iP&KTTfu+e_X62FqU2EPi;4@6x+%Tcl8ltffp9UD~-%;YB-%0^Dhc~D<;5H zz&RZy*PwIEYA%o`=TRp1In|I8#p=9nc4@t#l{?0TBP^jRs7%%Z#ypcqPLkM>E|1kM z#bH|@1Dt{Z6y;W4!Av4^kk>S6aEhzpfa80eylZ$mPF+23K1zDAQ!pz_){jSJi$9Zq zc;aVgD4@JD$cCg_inMX=H6`G$t*55XV( zKcrE6gr#QgH2Q68SZswOT^vEPM7S>;TfcsOQZ<7P%`ir_p(w zPIK3>y7Vwn&Pd6S%NR#bQa1@?yV#IiRh@*{Kj`e?2nOFbU;|Tcs%_`E9GobLr>P@d z;lbD_B>~iNoFCgEaV(scjLA_MEXZk2Qn)h~E1@Jqxms>>2698$%@r_81CFCvnBx3O zQ(2tYT+ikPQk!d7PIB|gS(!=ApVO7onX7T!WJ2?bv0X87xj(WirY@g9maC;FS3|jx z1mz0YbyJkjpV*a?kgMTbI}Q1@#xpO^xIP*;nQ2@By~$kT3g-FEWgAx@Zz$im0#}`J zeE#lTBfq%n^5!y(>q*>Pj&TL@Mzf47pf{Fhykb+XoH|^SFE@GkGU>ugQiS`MT9z<; z*$FI>AYAox11Z8a4fyyZ;T{pcPMYv5tIz#9dh z>IxA@#isp?6s@$UVj`9b5WnNC`41#2p&f2l;y>?1pDu*v8``R~-mIR*t4ly7xePIC zA!K0*7xrMO6J`x&og_}t_?TjP+DjH1V1oyh};c|@vTcT0g z40JMNV7vba@R{eMPOtt#Z-UDb_#k8y!ohJwN0boj;mQZj9i`&&XdqT{<+v+kiHcOWhl@vo*418EN4X*D1^P;oSEw*;hZX}H6`upuLWQk!X)_Q@ zJ)xU4V#)$iDAjA3H}sm6 zXXvDd!zI`kp^3}yr=wn+MA{hyBl+ej#^Mv}JXpE2`Ded^0XE)nheyG8!5jDG(OOyL zXvIc)U>(A#HtzZx?```q1una5u+KroM#1Ud|NMu?f}hqlt%f(RcB;**moBVQb0QLA*z*VKrSsa~^#R%8iZ zAhrg)s6;EdluEB3-c#q^DKkIV7tb6t(9!bMbY}4;ndEw$+K;mIjhLmTs2eN!-`o|a zA_c^9^1sB5>q6xN)UqGCti;i|BSDlI2iSV!CrK0QfF5*wGozLvpAe}+7Mx`12 zf-X4to+!fvomVK*%@MqvDI{EiAkHbO2dB6OB0Gp08SpDZN?GcTRg@wYyt+TfIuN8O z1;C9`pg0^Eb`j3l!W&O0tgsiMVkd8M>|x=w_b8*-c|4%7wZS09BN+}gMUn)XVgDUE zs*l1XJZ0}ObUMV-;t)O<;c&I8og3H;V1PxWuTB=X0q;vv1XMm!3q1^XLgaTif&6q?mk4PT-X5Tz( z>0fMIa1j$0niV{>rS@gm)7k`%W|o^rlu7A{t^eiz9NAH#<|-sDH>B7a7fKrVSD8Fn z`ZZ-^DfSzz2)8>Qj)_RFGZ_t%9GOWoSIlBOSG4fH#5E{MX2w5C4Cd@`Gbk7C1m_BvSjf$x#01@G+iCIB zQe#-6lae&XMY)i11eIrba5s8Sw*35VfC&uQ_d>@c_oo@Mkmwt3BVW^lNtS`w#((EX zw&$XWyQTUTn)#b+L`;A2DDITeLp&48CC{Z+wU~Kine5O-0RU&liuN}2ih3zHNP2FS zQ!!2ml}y#4a8p`QrVQs=r%sG0Qoy)RSw=}8=}73+H_m_+0xJr7Q?MbEI_)3@gv=fw z1(;&Km@EQGBj;XEp|yP>>oKv7h~EQ+#v1K$A`BOC44jff3py08Kn#)vEkqAnaUa7F zgSF3ob;{`U?Ws3mFwNL)2|-KHJwUXt9Q7?9-RoSC&A^3WU6|@c`CaMViX|UcU5G$0 zlGJA&@W8WS$)E{kajbg=IvYG?^gBcXSiN{s*M*Vu))kj zRx#>&d&}2E_y4tCqAqSPxIfj$%UzxGK`(V{mhAr0x2J532h`rCrhSQ;(U#nwA9r)= zWvjk4uehKeePL>M!7JXJW-6Cu(B9bSD;oDBO8w2AhK1AVxeON4XUH-Q8f0>F^!oTf zoN>$jc1t6nxEduTp)H5J2(AUIG-TMz-y@$or6w>Bz> z*+|)8l$R!EJRr-;$_MOA%t{4%YS3LqOn%!%1h7gH!3z0%8s<`X^DIP(>zpcq$TDF* zF*0dWA|!TgC`m1*s!4z9&9-(6Ju)UHY4x|WS2Xa#PMQDy2S!qTo4=ch{~F{&c#}nL z+?V<-$p5pmvA5;Le{F8$xF_KQ+kB^IXe0=zn7>4B|{-DLYs6Kej z%!o;4ONZ(aCftRWbv_~}nqxpvFP>nH-r#V0O5CKV8DOHs523$u%J$83)b&udkBdkg z8&~iz@`-%<`>U5Zr4~Y!98YZ!!L^A29;iGtg^_RxX-KcM{S0vHG0uY#1qMmOk}mR8 znN;PD)_M?h4kNQ&2G~X}JDig<5#s`hy>Nhu33aEzZ0L$~(L%vr`G?ElH2rk~JICip zTlFro6p?-yQn?GPxe*2IuV#-#x(EWjJ)O=gI74H0_>98AQe(+D@k-TLn1s7y833D# zUuU$UyeYXJ4y_VO0(STMD$10oetvi&2c>Mt75O0#$U@f0`+lvM4G{e-0nfSc5vQ!9C?e#(rA7vR!=cxm zaY(+wn2R$@iDhOc(O9Wg$bnpWB3b|e9w*n5d}i#us_MKs-@Ov20gjY&RLV}7L-f0^;LuBXqWf`PIM3(-lWlyZks_J zI4gJ+6 zpAloJONRpo&I8!L!Wst7!{C8st)mK5nO$v)oI)zFM5a{uoHoJvhR%K2NK^~PNf)kl zT=;dj96}*vqI{8iA!bhGXW~$<*Wio@MNa-0-rueg z%N4LpSd7dn?&(*Jgu8h-lw71eHbIkXD(A)w;)!S&G(@W=2+zo_V5EpB2#LQ?lF8VM zNfztR3BIf(N1WEgHfzxnsvxdnn>qNsgNzBM3F?SX^6{DvPOM~-l+w47c_3HU->=Ww zllPNVgu2T7$ku8BsJ#;f(s|?)>_TVOs$)qaO3HzrT$Kb=^&tRw9$tv_Tq4RFswvr> zMrRViC+KsiCp|Osv?x-cCGJL3ycMiTcGy~IJ+TOvbs80*u2}??inYG-0fAq>5o_U5 zz04kaGgvJ*s0NCaIOd@%m&!V$ClcZ4AB+0xy3EN}7xOx|m+-?l9l@ zO(H&WG0unWKxGQ?kX`q6B3Xh}eye3^zEVlYDkm=`$EFnK5?SJuN+Lc!i!g6>T_@fS zhjGzw;r4J@)vZ)Fik6bkIh$94eHHeGI($G|F5yRBohq$E?$^w-_~J%+x#`ryH1)pB zJ!RgBpN_fm;8jk(!-Q8|T|O_aG>qa3>HN8n4flGqPdf`E16Xo&H^qG5b7@F3_;cAV z+4X3(KyrfFsjf$344k&JbB*%e@v1A80laPbX!65^22hIP>;Sv znT|oMo7Cl;#iZ>S1Qydfm6SawOlK355K7ORIDZkw{JF%j;%unYk4Zc7N#{B&eXoP11HJI#Oo)vYgOwuw^aD5R2W^~d0VeU zkS&_!DM*$g&C<9|uiH`9t2?ii6MJq_hkBISCU^R4mE!b6aF!y)udm~O*WV4(izKfH zrqFXGq5q_GeyJ;^n$RzRe{~+yx3k>zh;HcW_>?>nvx3kYoYUyX!1nY0bjOpArG`z8JCeOINlm3HUXFpzvq%Tb&Hx8A zm-`5nB_x+9$It?wq)z`#5+oO#Vj-PDPPOTUpf*diJ_Q0Ji9>i81R3Xv;fiB6;RRN@ zk#n)IV$P#@6l0tyI(5-dy75VujCRH}a7zb1BOQRfZn!78ie+)lKr0vxrX$g8ro@;J z%$Jxb^&-u(SrGQn`ht_Ef@E{$&I;q#MBP+&q9T(J-#W9DBLhByE-}(%ngsf$ri%;l zHcf^z!9}MRuFq|ot^%=jQQE4+N+zq4q?5eUE+?`TrZt}t^mam9*H$m!y2N0bBJcR| zCN{Uza;~Ry6CB@1i1Sxx=c+Dq-$uE0L!bJ6U#npb)1y zya+ENxjwA?)fyTpKPg|bl>2rErDN)(bO5lS-!yl4t04IIQ4nDA7`;==S!X;dLwIQ4 zsm(xdb%ClYn$C8XN}+$HG|@6`F$!fCqFw{Obww;mGM7{g6j(nUn7@FoT0LPQ6}@~l zo9b6FmiXhHeVU%Ol_ZL*PgC<#U994#Ls<#~)R)SGH07m09 zO;2XP1(U0wu=s9c;zx*^Y0+DF3JXX{&3aQ-wXOm=KAU0AGixC2wjI1Ln7oWK=i{z9 zs|v7TcHHHx?6(5?(xM!!bCgXQ>Q&Q_73{GSaKD-$u-U^6?VYFHw{B(oQWl!Wg4cK0 z$9G1@El;tN?;NSjB4MGD+C-%Mu51~;E7F+Po@Dv_#cPutrh*LLUZ1zu=eK!%dNkz5 zFHh@oTZ&xWjLv)U1t#(>*1aY~>`6vdAQovh;B=JXc^VIbew=aAtpV4jO8S^6hVK@& z_&?*+oUHw#P$FM(_DDcouN9a^UH2#nUWmxpbJKUWOizKs#D$r(+jOWS|!H zFMUr*VXb?P3BC8D4YWRD!tecPf31&fQMcrw{V5ly^dR!l%MQ?BriyC>v*Z0Hp(|Yp zh^>FsaXB13EmZG{;W*rOVH6I3HYY^c3XoQ5yX+WZEWh=Px*Y;>|09Qb$zjJ-ezyD#!;ib3#o7=bX z-=F2T62QI#9cC;DGy>FWD=WcHd!xM>G%z~4wXxUQ+5|bN75oyv2if(MC4Q{043ZrB z4-5v%ps$b$g~kLV;>S@h4wLoYdedYwrQFCSA`S^4*+?;vV+xc|_q<_x-q?bk$yG>$ zPSOh_PtujVx%IZKQiv$x%P%$qCckknMvr#-g1rYMIC&f=O8c_i{%_NXxDep1QJVlu z)k1v^TfBo|dK&kYI!&dFWVXrJltAbLC=+p99Z$N_xDWVdl~UkB1TG71#-X9H;thRl zv1IKJxr|)s6rdblE~!^qs#t{b5K+UT zHRR~@h}0RAR-9NcPlE6qb``w>VFmYT?D=#&PP2)Qtez%RK?z>9rsLBLYe&4Iq&A1c zC>rDPoy4b8@drKuxfmnyt^n*e^XNBz)aks)V&Ho7)=TzHUeF0HBsvjGE#6EDcId6- zBY`JijC(f*sdtiQnE0np4o0EUtVs+8ClnuYwj4y9UN_JBR;?w#|7{!pw_6*0@?J%w z^jt<1Y;Jfv--mN0l|1zhc_(BOHJ_)XUC4011+P8a6~`LD?*t2xi1~Frn)KL^P4z{;Ecm5G@+^B3`XSSU3!S5U{K7E(cFub zNw5YOaEI0g!6Lsn4DR9gucLet{1--vM+vLP;Q?v1IEWL?AM6++(+ZOr8LemnuYP^< zluF^y?5ydWr2xg6hQ&-^F9HNjtjGT;tpDA{*2Ef_FS&Gg*u`CxjuL8u=FwVk*5gAmZ?9+Dm~K4S<4R z4g>u5Ny4uY1`={u_19T=4%qbQz{0(Kye?34o(0eU>Ks5J@0)GoiCEen#K&UXP8nxaY|qVUfpow&Ahj42a8EhgsO0-8v<03wvc01}>@^R4#x?JYbl zE5YX8eMAxb=5z|Ql2?Yy>=>=EZnarsl%k{#@)?qRsyvL-Y+;HFDSE@XVzZuUz9G$n z;~a2}YSkUH=}yrLO&sFLthg%aBgMzi5`w3KJsU9R!SobX0+CLw3ZB|{FhkFYWA{or z<~xa(6sLjJwt)=u?9tb6+MBWV?9I7kO>Vu5FfADKj5ue=_CP&%P*FK%v za44AEHQSM!mYb&K=6!1UDbeQ%mB;$-La^M2Colu==WDGDJ zh+G&c(F&k2-QNzm{0BAq|EA~wgT3)=32(w7qcf#v)6>0Yrn}wR+NS9q%Gr`*1S>)V z8AfE|DvW><(OJz751+z_i!Ob-`~ zr$>nrM`QFqnZ%<=fu(H`xI5}-DY%dh@_)&Z&Op1b zfNk-1uD}Zbfl%+>6}VgX?;SPhuIQ|4064fr5Aa$uD@Qpdl%3Y z^O`3>)Nzx9g)#l^S>xW^-8l*v5BffH3Re<4;jp-&SwXAy#um0FB#8lo-j`v-7w>nc zR(qaGJ&?A}mere%#*D~mI)s;4VJA%DiPdn+40!wdjol+9wY3;yTEL#g=^*ZRe70Z7 z5R6#-nPU0K4|g&f@+r!gd&=#%$TqbUA9e<86@j0Ko>=TAQ&H+y2q2z4r~lo(DD*l+Y*+)T*p_=6S6LSLnunrG)+TYE ziUggYYz#x_bZA{N5u{cBn~1A(w`X_rD%-QW>2HrJBSbMJlWa#}`Zkz;H+Hw6$y3a3t4EIP z=^(vGhG{t99CYXqKSLDL4QY`&4&75ZN{Bu#SOeYv*6uD|bedx&PA^VW@&=%Gub%8b ze)hy_v4t%jg{+9_#tCpR#$PgLzdmCiF%7rx?@>cMuOP-N#;T^b#;Wd zgkF)0L4m+9<}P3USETYoj8hng9FT`1Yaaz$Y)ZST84u()P=;@L7vP3>R%MU3cJK4h zI?U{6RN{tYNDB0j^m`X)vlgOQWw^-gPpgbk4u z$fGdppOp=HX9rhvf2_3}aDLvgTON8Vkv>%E9d)C z8OKbqdoz;48fyWunWum?s)zf?6qp|F(WqG?Bje&V@uYK5qZOYa@xjwP|fe2Grx`dw7@VNwW{RI z6ivk4%vGo2`BrfDY&e_uzo&INc2yF`G`{+=XidmL>A3E?6h&IMz^hH#X>ukPHe7ae5kMit#gZ zv%cTCuS6J`s%8uMh)pMHALTH*iHxS&g77_^u|w7&1R}5D1;EQJQvev}5#`iH{D4D{ zu#0UjN^=|F9s-o%yr~dZj-;v;DvM3qdwW~fPM2es*3!?ccK7z=L?b4#r~v05RnPGN zb~c@8K6Mi$^ZPZWUvtD9QOX#wJKMCU)~O{OwTj5skonTb#lh}PKYRAhZg0pCZ7RTH zB!obWlSRs>q#A7HlW;U94GSP*BOK-!(17N*JYb;P_qQ-3P5*4IZF;qCmCdcK?+wjm z+zbw0ibpK6nSd%>4_>Sik2qEIFa;PEOPUuZaxfZ2gP3bV80CdXOq4&MnVpEwlzzTe!~-ZB>=92H<5M`EqCwUaYKNLwd<>%RF3f1dxxi|4Oj z9sK;;>x1Vv=mN69|8rw=_g=yOXLsY)|KoG~UUJ10x-T%2PYL>`a4@GmlJD6C!1fa! zO;P36)#u;Q>#p~JeP17iz!hXJLOpwYdz8PnpL_n<=liDnxVrz}?#|}kt^eQW___N( zjC)y#a_o)bz%~3ox9)A+?*Hfbx%>ZY|KRy+`2Q!b4sXx{bW!{VY`eezJDXd#_y6bk z{cxw%va))fMhQiKvSy!HC5HNygVVq!r87#8%T34w-872?T zK!}<+4r##nQ=K?0mZusH+E}PNfd}uXF8d5)?d*Bar%&kZXD12wut( zJ*5hHH8yae-Qdlyu$; zSv)pw<*ZX3g-LiSN?FGZ4Zx$1ao6p`4M}*Lyt(s+!mxuwpi)!oV8^4=c7BF+TJmpt{uJM_eTN1)A0`CS5gU6!C61I0I7#ZZu)Xo^U4>C9gjuN z>_rb4mt-W3Xj*YaEe0>hSDwC5T0Ld&+2DxL4N@yQ|!f**Ub4)8jJ}i7p`pRp8%^Hkf z01cQe8^s9N-MbvDsg8#iVt`5JX>L3rom^4*n<6P{xl1F{Uvj3_D21qB1cZPS_IJbuw!2x5DH9n7+D#*X)9 zrJDRY3UTM@12jv7xj)d~UOlBbaY;RS4d)!XF5+XRD!-{Ot? zw%!TkZ+>Qv)qBYwK!5oBZT;n|7q4GDdI5i#PcHeN@SjWS5c~Zl#afq?=BCMl31+o|mHacpl;jM#=L5q52pY=NG-lO0DsP z?3f%2Z^KYWI8)`?S=!YX#NE5$3CM_d?>fB#rs>E^P6|b>LWxhKBCxa>bPs4opb-OO z&S8Z(3q1q! zN9LFd~83Gt{mcDn1U;`V7xfj#FGcI#%S4^bH&w z=5^2{>-4cS>8i3TM22<3WZ1oTutIO%*7>^!e7QH#`v!QP2jn6;Ybn@o>qo~y!;0C(w(c$puE{PA*bR z00w-WF#P1}0k=wFD7_iu=^}>@!yq;FECDT7@9*twY^(+i5TVa7P2-woNSQWyOUV9N z@i-g|&;yNUM2^YIzd^3%2D&#*;6!00l=!mHn>9{1twMQ;?Ie+!U;h7@`h&!SY#bIn~%q_nH0J>~hZD{P>e$pGaB z6>+j zl$Q1*1Rfuh`BU={)ElPahH+I4Xa(!4E(^a~ra}XllBhwz-p#`NzTdUJeI%y@V zmE6&k{LsB#+bSjGd~6X8iq}gsu`1HgV!i3>Hib`)C;UjUtv06`oJ6QJ*UTU(sF@8M zsX#`>4JKTC6EB$&uds+COo>d;eej#Uv|EcWKK3c+8S%e!ivduVuX~(meU^eQ#9cXr zl8HiAPq6})RIa%K;&>W98D9elH%2wTH580LSZXB23*O#Bc}tijU+`vJoW=b!Mm=Pr zH2+dq7s7xrIGvJiequ4St88}>xOOqsa5w_?6aGVinZWoM^j&IBKIgG;Qo1zUbtadj ziGPV#j7x2IZwUXuy_A7jf}h%H9)c<^OYWAvsDK;#rRMBrM;onokNt7Qc7R!GVrF7}5vQbHcB7P1n2 zIygZCvqENJrls(*$Wm#xw$v1fTMFUsoJ3>6fow;c^Z-_l*pyLjYWV9+1n(X&kteZK2F%Z<6O<&SQdDUA&UJhk z{8RVako?;;BIfnhG$}SKwj9=p9MDaZt{Mj~g@`U1t&QqsMC=<451ZidX!w?c^&q7| zYmFTyfjQ;41fHY^N2V!jNrG7;?NOBW5ZHKJT(eBPq}QG?kd>kAHfBzX@NdQ`v@A38 zDVjR+{UotTi%<%Z+dbAPLO9Ehpo{uaTy+ZnktIJt*{CT)GUZpqqnARF88fI6jNyeU zn}HQu>~_=yQ{kZa%i1An>kb@mg5?Iy?&aNSf_z@r&Z&!of1FyB(8|7mkwVdNom#=*`JvkZJ zDgL>r8%6L5qR-KmSW1#0HUSpKX0p#G0#OO$-Z~O0!y$RPSF*TKG8!~A7nJ-%36N;m zd{BoecZbPxRA_`S%`mjp;iU?3qcP$4R)q*_V+z#_&@C#7=t>>LIfc(6glQIcgyQA; zTV>6Ra|Rcu#KYTvcLG&y++ zP{Sz1tTg?1$JiN)^uQG-lf0uDY~)qOn0W<&GUEdjc92ec6AmUs(S#bKa)}Z&z<@)O z5Q@bb>jdFKF!kcEaNuBZD*U9~Y=Ok#LERN8$r0;%azB z7LIdA3eNFzKI5XLoX6rc%m$Qi9_e^|nouS=T6)g%*3qgXN;pF|62?FJ))p#h%4khd zIm)QslB+;;)5l0Bd2U3xj*U1f4`^mOSdcMAg|;)rxFFIdF@=F~gTq)L9gPPR4bJU( zG!SqdzTA&Bm}6q4nIH_B8n?ncpN?2_-s4VAVoWMG&SF#x>GEVq$Yf5Uwqq^Dfs#sO z%+C0l0msDJVMuDeoCJ!7NxYx2L)zuQ-_J;yd5i{_7XAHz6z0%dn{k*y6CCW`tccfd zQvlDb7v9psa-jKoA_*MX*Iwy5eT;0P9ZHqYR7AZ5u${mWuMR``p0Lpm$jrVV*#93T z${?()b(jzAZQ{k)t^SKX#Nth8UjquG>}{)JsTxG*ZT_g8W~cCHZxz2ZM?N5KJXvi9 zt8mSdPUkJW7-%b<Le|pNi z(PH2&(|O61&7@T`drbUKn!HV1gH_Lx;xA8t3uL-IA^?&Il76g8vR6#);`7ruc^|xd zx!)wwU;uZCWRfHcbz-N}fr$*~uSJ5;TH~{E`P9ebutT4$%QhBfiYn4KtHZpxTyt%2K2vJ?t|Fp1$zEMSDU~cxNSMT?uVLAnV zEDR9q@m_iK_}3llX0kFbq9+vcgZs}O@9oTAt-e5=i}7L>Y^#s?7!J;MWZBSds}IzB zo$g$G!&AgdS;L}tB_~AMwh&&~@gTia+~ZBawO(#`1I{(9-a*4vcU>jF-8G4!+CFCb zT*#VVwvrGm!!M8RjF+}&o$D1B><>}OKBa)!mhz_q;2>24V~OMvZ5Mo);t?@R^xrW% z@h7?*r(zG4vlH|Hr;M`EP3RiY&T{a-8Fkqg@rr~)x@3NtW^_@<2`4|LQqsf#srY+q zh_3Nac}85s@8ULZ7~LcL- z#m{%$LUcw%`5I6-rZ5RYVF-l}b5%ak(+gJbZESc1;y2n*8A5Pt_`O${v_NhoG-|Iteii9s$?ev6K<+LgH}> zdw2tJNiUHefe!^o}e)g5r zIe>Dtf2sqbs@`5(*?(Z$&4zb5V+BcL!T?!*R+ihG=IY9T^4S5vrug5)RcN$0tGISW zo}m3A9ALPXBq3AgZdErO_%GXMPSC9{i8e)puFix|c3SVDxB+UjuTBheOp|b)^Xax7 znw2E1bIOcJ?vsw&TEWcKqh1|u+8o`L`JbJ;cTH7>C&+?FoY>|yx|TF_3_|`8 z;~m;@delHG#U$+%-mI;$AM~SiJOd(dHbK~18ynwaqM+SoAQ?!)PxOu*WmC+iDHN2@V=bo#GlUF4|n1(uYf-D8-97){DFuWio!)Ye2#n3-yO^Gr8RW57xHqo4|vr=kkn8n5V0A0=# zSf%~L;Nb9WJ@|S5@ZhldHu?SF^{+2}dma3~|LWEL^VbJY4uco3f=4f&KR$SU@ZvfA z^-Hk-{C|S~I(YuLsnjIG0^lGqzA+{Zz+n_Q15ip6oy~0+CZ|(U$e|jMuXZa_RfzP8 zj2j`lu@&aj*7VFo!*l{Axob(iEhxC|#N$9CiN!HZ_(7{5(`FT8c-|)UX5B;-VklA( zZJkfLWVVA33kL$jj(8gIR?r!+0Uqnb&-KoSI?Fil$&U|$4NO2t(NIW->}Qww&{*KG zp;yL(zXsuKlfKrL5nfwp01w4zVIJUB2!ljK;|EMp^q;`E4a2_v(_~xazqO)OeN7iH z4vr|UXq{kWudw!j7nvmYk@A=1+lXDHISxZ&E$s3Sur}@m0k97x^Jp?JCdq5amjG@r zyX`5|b%A>zE-$}y7~MDfbK^f%sm?E+|6zN3^EUs(=lHq%uhS0RXdesWe>b-a`JZ<8 zHg;~~e?Q014YsX)y|K1_{jb|d+nb2Ar3`^~oNdhsv#ohiwlyorwpRQ25L?cVjGSD} z#MjD0g;g~Uu9cC}R@AJ>+S->2tgY3)p|DzaupbpvTdRGxkXptBH-GHM$I}wj(rDV+ ze`+u-pvN~7N?WT*jA`uy)!e1L6`kONF5K%xmpX6gEp!48b@XgqzrC#S|6XDTwc2M3 zoBh}cl|aV{BJ9e^IU%yOf2#=DTJ1k1K9+Z}#96=gpBEfUvW`A+ENoeqpCA;r zq?@lG61MDk-v+`~1;Q5h@GFdiW%^SR1zY=+L9ojJ|12@E%M9cj3xQo`N?#xXc9~&) zwgA|rw*8xqe_dvV|L)WfCcE;Gol zBJg#oP5x@*UX`7pBAn0$tS*O1$1{9~tCx5=t<8;Ot(63_nq|6n5Nq`UI1#Lc`4$3L{pnT2uNH^=k+G}Q6HtMxwQIz! zmLlj;#TMe%ZqRCNam;GX30bYV5v#>jx^}c`_4?SMs#W-WjY!p6d7x@x?VLE(BJS%j z)!Ii!shYJciBMgVs=48224Y!c>Jq%|w-=aNt9?CTsSDZiE5)SNt{aj%pEbW$JZkMD z!cl8iiAJq09gMm#7Pam(4@<|Px@T`u)MssB3~H?`+R~iWity7bkD`heEDSrX?#aZQ z)`}sgg^ACJI9;#=D%iC4&BdCUwYzqpY3;gkre^)VnHbZWzr){TgsJg4`&!~lMVaSC zm)1T>a4Gr&Um>)VPDt%KaiuD(w7&M2+Q$Z!)|QMZt<|m;QHtdIqvJ_y*9a%&Xi^nS zTDz%O(%KD#lGf%&k}}DQSWMaG}Oe^mF6C>@YW$93XAw{G|Uv;5rsSB%-0-+!$CeY^jk{#UjCqPxElJh=M)-@CVcd;UMmZ_)m5 zY?9@u9c8_1_c1^Idt+l~XUpCHt<8J8TetDwpX0aRCpo3lAsMIhlFWv65qN(1(}Un4 zTN3~DV~793ID4h@WojmEQcIjz@*9rOPFOWW!E#u1kQBIqr;@oy8RDD=`@6t-e7 zzyVkka-B-YWJo70%gO%BZUvJprNC**gCwzs9L0#?h}gU=#E>lYZlopJ?eX&%*rc@C;eVr8!C=50yAE%HK@8NP&696(DBf+8g77lZ7 z2m2o~nt>37d)?>Sy<%OX+F}`yrUKVc~+*N)pk6t|g z<>1w`eRO8I%h5VQ_t^`GQosOxS?7i=?T&+PLPU`Y3l&sefHaKOD;~m?u0A)6cs?yY zaWV6a5KkPMKYCSL6xsF;L`LGViutT3=|%ktN4;b+Rma|6 zvDRxG)U}tb%c*c2!XR|vw>)CUO&#(~o<_k*L{VuHrzKhZ_#I#2Dij)l!1A#t*1Zjm zc)r4_m>_Ic9=NuY$HNxIWiLN>3*P6_8Z46kF~eRP`OJ^70M3{Hx3_k;w|)Kp*1cQ% z-)H%)1WzLr1%X@6DUl(kJp$>T9RG6@i!maRu^l`UmLZSEVHRqxx}Od)0>8F`Sq0)j z07ylG58c^0B~lK9e??iUBK|2(5Q!kVS0^p&74uP?MxusE+@i;E)(MKn0xMA%(S#Ms zX~E1D2N1K)eJs6c9i+jbvy?*pEpxBc&%JzosBD&ANhaZV~ zqba#xW18Quq@m>yx0L#SusH9(c&^UN`zS9igfA^X}yWL*H1ZW(x zuQP*bk5`T>B54J{aX1giiwOo8HS#shhZbAH#NI^{{HB4?0$f3)y}^PHuQNcT_OS3c zrZqTF@JQd=lt&pueyt_}DP0agv?;8?_aQke*6s9r|1K_ORGydvohP z&hnKBK?2q_9FHkk#-Tf?0pJ!$95|bU#NjfUlth3eUox69VHlxnJg&$oCG!&|Ey}%eVYR!L`q4VDW#D}h5#0iBCL=)If2~m_&Zo&*OgQf(< zbA%KM7pf18@{pnACx~4EcSV2bkrYQj?{9bj;qblLMpWDn-3zA%_Be+tiW zZG)%ykw83&25A-63gn(`Kic zc07ug#LsxqW7*SlucUB50+P@s0X9L}rY-evzvn&YRG|QZS}aHI&Lw8r5rIOX>QvR) zm&N8!_MSX9ARF?46=ZJP{Q=^47?n!*jF$2lK7b)bP~xL%1KqPgO*)7Jf5urEs;N;5 z(2)Y!0$u`bF%+=n{hE9TIjEZ$d3%nHRK{5Z0|`b#kEh_I8`RNLXljjT#Rv&Q&3XZa z4E+<0h2n}9gk?WYTa0{o{^5WI+btV9Cj8&ggmdbSIqeK5;bgrcN3nbe`(A&Nd`M+X zK&D8Yhpa9GAqy!N_F#l#u?tPEMN^g73`MP$MwDmTuDs^I_h=AZZ{Z<$6Q*^tSDEtF)>sJZ>k zhxh#HY1e82a=cVqzE&~Igwz!$GEhn6fq)#)Rbe6DnS^Jw3y>fu4n;4T3iGv*DVo-? z4?7L7KRZ4K7Yjb{csNT>F><3y)eO9x+=jFN3SIMR({OMai@Jj-;V|-3lO2Sx-Rwlo z4GmsX2(m#km?5QXmbgmEQl0yI8_O_==_QKasbuV8hj+%5qxYEAn2#YVM@o{X6F*Lm zkyI-B6f%w5@R~oFaU;7EbG}0^;h~E-_Q9x4gwAmQkuga_8bR0FzyKa6adpbW zB$Q$kCm@2GWCdA{@E2AXn-NbF%>^=!0u!AT_~A&{D@i~LWEX*P+KYmxz!~0>b*Dab z(fjCaHa$tC&Ka)*Sd50$Gx0@fO+Ak!k~tkGvF^T|&X#Bx!Kob|V?W@0cRNnktk^d^ zkEdlKFm+gT%=SlKfh>EvHW>;NUg3($193eQFvnUXdOQ&e`XUA5d#^1RE8##a58S1u`QUN0E4Uv z)@CqZYt^0DM{j~t1%m;GB%CCW?^N@_AX$LXT=Vx@l_wwH&?=lJLxRM%?u@a_Q1(Bc zFQ0Hh#41Chh1Y1+Fd$4aBN7=;nKwsPUmAB9P)`IlbS>PhGfPi!Gs8IKVmqdDIk11* zef{#;%U`;>w9^C?O{R`vkf{%!ILNjD`))j!{8H@cN-ZDnzWn9M>sN308Q5HGgeg#KNAZ3}vyUWX#EGT60}O8fDv{pQns2pY1%YmSz9)~)zJ0D{G*7dZcEIhXP zkmE&%h;g*G6=VwbO4^Y{@>$S=O4?SNTd5_@Klqd2=V`j1_+tgmn+#Q)O1>#JxJj8C z&b&`_9)M;Osi*;GV@Imw^as?Dv&$Gsnt)+?9g;27;fvJ}vW)l`;Nv)DJ;uJ=>UvxE zI-Lw7n!ST@!J3RMqIwgP@8Tp$f_$!v?|5sx@ISWb{w!uAeTK?_WVMj#e}|t&KKp}f345|8&+y=zH33-Dw+>^@O*@-S)w6o#tPT z(0@86@7AVFtp zNI643%M-#VCuakbBY_^zwd32CRt-xf2hZ2H;xI_4Y)pE?eJmi4h@8s z<`~nx+pML)Xhg=&PH{>JmuT{{)`sl(v>l)sYd-hKg77u^JPEB^BdvAZaWaC-+0)OlXcKw#yEY?{y%0Uh|vyAG{2;imRJ}#=-|B&29@(X>P1x@Lko35# z1{Q{y)I@J@v^HB?V-|y-#R3ahZ#Dh)NUH16*q=Cpi=VzTb_i7^i_~ivQR<6@PT{A4 z41LMX+Mjb;bEGMraXETXi^$0!`4XBOmeK7gm^YP6$?z=)hA|gxlz4sO6*hU4{F5g! zoN1jvsRb&OfC)z*@590xNG{@`*<*KrL{%Z~rUge@ajTU;LU*&?kTT~yi$v@Eu-Juy zE8LYcPTi9vuEu}YtzkD$X2?;~uklV5@e%^(sVI(-g*{506jHJ1SvgZPDc^Y`cTpKBFHU-VTtN|ES;ZN7g!M*Uej_bj+H1(gA;R=?mK$T5H8 zpFeHtQGZE-AGBf+ej$niq-DypR@U~7H0^r#M2&~U+7U0{R2^~rtBPiWOhw4Soi4Sqlq9x^~Rll-)Zv@x$iIN^Ly zs0+p1isV3?Chx*n)L!97t;19z-Z66Zr&4>$=L)@37ApM{A4FG;xn^LmMR6i34kM1~ zKH|buxfwYMQ>*LNWQJX2z2YL3*5MTC-KTQ4-qB$WhfS+dqiKHp;a=%Lx*l7Dh%e}E zbPijs)?w=r!9QvBkb6A)ATR?^j`QJU%+MHfac3sC6JSnd)HGw-l8+iIbjSORKYPd9 zxKAjqQv_F<4Bsz6OMuNPdbQUY7!o4{H%C)s_Zc)xBjduL3RiRbc)7Cl+3bu-(>FI>LF4K#B&viwZcqoFHULoRvBoatx`K`Iwkf5Yb_hO&zo8%hw6T;VA3MeQ<*@w460pEjJHZ{xqDc~^K0O^2XX!Ano(My@FP*G zM#*vsgY!N5M!_lL~O0%usa_qjQb39eF<@jEy=T##^bR46XZ^v93{TxM2 zb=xDNUzme+*XpxAJY*Z6(D+wxo^-u^&Kx>DHGYD;af$XJ2e#W!dg?1}XX83I#t;Qj zIT?SY8$LT?2ZtY)+UNsBwV+VO6pjFYPx|b}{yrfQ4~68x-6g|eBsx|B^T?}dz?ne+ zK{$;1%(V^Y>Q`k!-6cUc@!DW1;Dw^1MVoF0bMHsu=SHK&r??CDW{+ko{EEdrjB6Z& z950MP(T*i8UriaB9N>h+FnwAHBt!HLSF6THme83?frlmRg37`OX;DqQsbJ~=NQ|~Q zkFG}1`^unNZ&xZnvYoCr^5^}q&Sg}<)#faNgN2eBNUcq8t(mBUW|PZfG-nfdZLrR2 zO=9Jgk<$nvSs?>k5=*9(J4@U3No1bPo00?GC~#Quu{-HU zQUy>~&@h*xeTu6A7yFBdZW0z$6 zHxrsEeWm&6G>HZw43tn$BWFO>+ZBQoUHfau|Fc&S$sifngLX`Brfysy<$fg zxC?{LVue~m(=|KXiDS5Cnmj@F<~>@<{#LEHiSwo ziR|lVq#;|q2wUipjB*bX>S~t^Da*ebDcK*MARqPV2z6Y7G;f4f??y3w6Z?fiFXDk2 z2;~Kxa?Hna>};a;k&^b2@~W_{kpOB6nK8v#j4CCVbF}6N0+I@(jB9;6IOAO`7zlks zrgZx@C3x|T|DxWWe59q<^t#5B{3=sb&7ewvv$0nAH6g7w=P+|W{SOm=EC>T$LTOK0 z*LI+;%i)g4VuWR%PiEa6Cc>%kdz`IgK-(o?Z5g`-&{>&{`Kw97%1Bi%52FF(NvH%8 z4zmPY3Jel;!1=d%j4g&LHjQ&H2$jDu-l>0^z=q6%>$77~IV(!ag5iaj2@f8teC!kf z*6O(qV#Josr|+(NoFUtv4Ch&okdiq~w8si+t$QjvCv`g%dnP`ZpkkYpDgG1+Lt|;b zHO&(i4aIhat?O zv(h3SppOG2dm%jKcN_j;OhcW|V0-b_y+g0T7Yh5vCEo^qS_9Tm0+ z4ylnoxsbHh2o{e7_U;@&03Y#zl%nc1TA42JtolZpOzFDb4fX7D;=!5xuxij@Hn5iL zatCOM4|k5&aura*lzEexHE`?5cvN+(|8rOk^C=C)aM+-^IM*vvVW+JVoOm6T_1NA6 zw?f9`oKyk|Qp7dDNkH^doV8x3%hPlj{A_)E@n;b|w^=P!q{A-+77-j%RtWFzy{Q|2 z_9+{jqQ5gO~Mj^NZvEYD$lh81m z+`FQNg|Y}vz|lwMD3gL0Ta-G-Ss4mjoD}f>5NGp}mlV@hVJf;K@zjBUc5;45%v8u^y57#e zSfZaL*Jbg4W!Zm-<_Fga2fQ@@-$pV1Z)dA>Zx#P{8&_G{hmw13QJVKSpNGjKVnY1B zAYWHW9Q41(dHJJV%ksZxWq(>X$ownUCFg(R{`N-U{CDo(U*-S2l}iLg)iXlV|KHch);=o*lN%4)2^D-mTyLQ~SvM9M7ZpncR42=$AaV6IpC{$@yP~|1-t> z?~ebsI~zs(ztOq3;{R^tx)T1+Hp2@4ukioB2>yo^u7J{6vx&SxvuGF;pV_j#3lC)X z7jA2rJGO6$ zPs^%>;|6qoIe6%XEPldi;*=o2^4zd(uhm+&?nUpox&Zq|^(en+dg?Cu_B!pb=;VYG z6b%??e7MCn1Au}$K%r@xSxq=9*+IP-4v*F3M(?vB)OgrTXR1us10i~i;B&7(@6mD^ z^O7wBhhGb{=K z8!P~<`2Q9E|7HCD0QAV~cCmqwa~8Xf_*!v}BBIvarR|8)=4@MraNv~|EgNPI8n)s( z{g0DZYMt{B;>M~q?Zo>w6|cErcsyliF75#E2-#DQBjwVHsrp`(oVaSPE&rGnaaV%v ztzq*wn^D}9WDV8!Z)M|e2i3){)~FxO791UWRoXw}@~JNlK>%ia+aG}a&F3@)gpW(p z0!CwvCgVn)9)IdX7U(6t(u%_m&a;-X5-pZF%99P2_iEp?kH747o_Chja7ibU@bHrN zZ5F*{BQeh}?I}%BzG{5IfSeZEn_02H{#84syWub`TPiwlJ!!7*qD9O2<2x0#M&oE0 zY8KrG%Iy`tg;((<+BCdz)N@u={1Lkx9CXuUm>hX$XWn=Erj}%&7ymIsZlnhuKHAF< zuFIA_+ve^AZ;dd}V=&{#J;(FCyZ)IcP`rP>wq&C!L6RiX;&S4?$3T$@JWozq9JX46 z6Kc1cd!N9-{=Di|R$c$h13j;<)hii{XxP%O*2Pd7GMl+;PiGc0G*ufhT9nq{zb3k@Pc_$s#JDMjzUi!>AK7Mi0E1? z6xVZ6!9%YLFCT3DE{V15U#_j60=rxs{Yo_DH zL+lQwqPwSXXsRz0Z~3`tRWV#<1h2G5j4DwQVY%o|d5xYb4XTVK6r)%F*pl&u@?U&% zbK}o{Tq^&;+F!K)Z)|l|^51P-SC{_~y;+d`IzRjl#-FM_s;-2;i-o@`3xCyrYvGSs zzBHUJq`i-uPP7Ki~8(4e#g4oQT$o!Sir9gwt?;I{MEcy+pL*?|upz`_qbNSn&*(^9<|W zt5^d)Q%(AYDo~MRma~=Y8YY#Hc(mDk>nh}BDU4OT4RVn#;oR&!2Ygdi_vq)06BpvV zrf6DdRwo1smJSGX*+GF))7RuBd2Nyx@?JV91@{EEps3&kMMV)62dKCO_drnr7a}Sk zC?E>1N5$(Js=cifY|UOmHo zo$NjAP4~&;UY>tme$n#v^C!Mt_)2)lbyuH!#3iox7wk52nw(IuZ*^b7kRIBnMMzUxo9u;uNK7JvBVoJG~^ z!@UmUKAdsdGh@f;*FC%X*umR(@Az(>XQuAAw9l_QS;&syuvf@ z$%|^<5_=CF7hc9&8s1)A_|SC=zppv(xvDdV?cBL)(~318eEi7y&$VvdI`N~npKh$4 z-h1QVqYO73bFz8m=(B#ibkXGt#=cZ}?dnrz_dRm!rCBTHz0FTG-}?09JMUiDu`_Ra z^C8l<@`siUSmS-L@70qY@?3hYU4PLX-%cBP!<8kIKDdARf`>BsFJG@(aOE?lwsAub z9Ber!sS^eAdc%Qt`G1GThf%&?PH=h%H<)cTQ`mHgv z?T4dpO&R1Koz<;7a!IQyEboM`R&_xcdWna zkG0F6xc!gDz}s*1|6_+^=1(2HcMTKlcKM*O7=P8N=RZ;X@Zys9$2~u0 z>BVziwjK1JsmE1Lzihw}7aafM&2N3&_C-m_gyt8IIq526{z)%6%*~Ru(AM$E%l1B- z-3#9@Tl~#UhxXn0*24wcRy=X|@i#qJG>E(P{uQH6IP%ET4>;$57cYElaPWYqCmuh3 zz?t5*-9NuLdc84YT+R1`U*5E6wJGhpC!c!Z^_M=~)|S0MzV)-??>f--QTfM59on$r z*^9pYZer8r?=HWg_d``_Yo9sowL?E?-|<4tua{N5H~H{yrexpQe%6xI`)8cHwITSd zKI5dtZ*R*vwm5i8UenCk7o2uY*}>;b{k8x4uO|I)-sg*3Jvrh=|L6UN^!_2u^3Bgj zZ{=TDI&{eB9aT>jb}X3oYxXlUwsb6>*>S*G`B!go?5N)2SRAUovcs`%>ewwE9T)9- zzW-BWORsqR=OVxF$RW*l6;HZi_-kL!Zl7@D3(bc5H3!YV_?f;pu9?;JZhprPb2hA< zw)Ct|1&6q>biy%ho4JQ4{dV-T^BO)m@zlc)F(TX6i+7yANN~)!X5D6K(z%~+Zu{AK zSKzb*T!-Fr@U0UbXzn}x_vxFCx#R3Phd=U(P;o#{vC+d*Pc{lgX= zh-`G@wNvwHYx{oh+|o_A5l&o_H!EI#&; zMPFaJ>iS>jEV!jPZRnP}&wY8<)z#Pk@!FRY?%(jc{Z-&fjH_TH8^rpu@F`*7l@*X8kz zXTG{|QsXz*wtn#4n6p|YUnELbk3Qm~PoHmX?pP5>J0s_+^Yj-k5B&Tf?H??A_4;Y|Y}?WAs-N5DzH;`9 zhh{A~sp{v$F1+XdOWej~&%Ai{mv`Lz?kl0YMh!W&w54y~?N5jKk$0cwf8_(ebHY>N z;eYhK<;a`1pI3I*?i-$bJ#)t8Cw(zz%^bs=se@1WFudj&spW-N4lGN(a>{ADH%!hw zMtvXxZ(9*8Ct1`t+!Y zQgUJ2E9am5;#=p8ojrH-8z*sfzddr|t2^8OxO&@||={Q=*8|J;w$ zZk;>THE&L%v*48HR_F@m8lL+<4WbEi1ox_sY@F z=53yQwH{mG!i=Pljx$!pg<^yTvpedllawc@x<>-sGZ zZ+?2%)rZb=4*O#3qZh9_sA~D;Qp!iUU+=iL3H><+P4n(x+Kc zpkvT0%WwPThFh;2H8}gmZ|^(doKL>)zoP2yPqxf|W8k#&o|?AW_g&ICn=d_K=lu7k z)ZX%9>#1)J8h*;HZ!LfHt69FAUtF+k%!bPi%O6PJec-$+j`{e68(tEqXt=b3@gc6K~Ek4NS_M{o|w7W9Pp9%fbaa z1}vNX`*)KDe#ABAPd_i;n)K!8p6xr^@BaDAU*@h2PkMUSicxdTW40Z8@~KxpID7Ct zqjK-<|M=1KxKYPQmwI3Av*-;=^R5lq*G&ELsq{1KSAI8ra?yknuljJo&1+wKJaa<_ z|NNHoYhIi8?ETlhXltn)e(fQ%$BcPx$y3v}f4pPZ&Oh#bcipi27JrLwy`*^f;r@G^ zm&|sbR#JAz(wwdLJhgkMZrJ1J-LRnXvw_8yPqs|nz4MqIEkh4HWMt|g7v7V5%@ppN zs;tEaTKW$S4mjz|`M+HE@_Fs4O$!fw@&Vz)xrL{Ha7FH;_r6!Su=jKC-1NrhzE|G+ z>8#77(<_fknsb`RbJWb+KMEbO+m=4%#aCw@Ht?$8a~;p!zVZ3GGy8m&J>!?9Eo(W<9w5nPZ=+_~NrW zzL@L2Xx7uKH{H15&d*Lf?A+>Ycg`Q*@b;b0zWKsC;~##^RQ8*-z0AM$rPWKbS8p4Xe&PZ?)OS|x#&d7I?ahOawp5@0Sg85rw@-Nb zL&F=(ZfrH&`eOCyrLF}_Z+&iVNpM~G=Mm3r{bQKibY5}RH;z-r?tb?74sn@d?%0mT z#;T4V#+XiAH}cNu_4x~Cr7oGfeZ{7h-^LvH#p#)ct^dyT*_V&!jC}RHlkY$JmQ9Oy z&OxU?d2!Iv@5=Y}r=BF9{n;ZMKl**Z)GfVt+}vLMO7Ay%{g~DAvZHO(nH71*cl_Sc zF=%(voE2eisPQpx_Gcf~FE6`q%=bfu7W=2$=D(CYyZxbAV~)LY{rNju^e2A2{wHzP zWrph>_nor)%uU;#9DMqQr^YUQ`Q71X-CzFWlb$2y+;WWPt*1_Z9v_xzIm5>Bnz{!c@89u(B&o`^ECy9Gtxn+6@Azbu zY3KvDy)ifVz;|aa+R*$&>c=k+oA%s2-&rr|Fy7Pg;d>|VoF<;tv3}*ZCGT}CUeqeC z>u4MBaj0YM`Xzn7{iSBdi+69{ymJ08FD>7;%&jZ zzUKWo+nd(z8h><1lB3X~IgyE0*HOt>x?eQHy#eMq+ z1Mj-{BTt{f=chN_f9~=16_33!Ht7z3$)fj`9$0XS<^7jtwT^wU|6OZ7)n8sV@rXs| zawmNFO#fM#_u57;e(=!8&wu0UYpWam2Ns(ecRy@jcjngduXZe~*;-xS%lu_W)}}r` zKObm%vU=xQas5T_-1+^KhJn}op8r+fl!yD6&w208QBObm;VbSF?{gfmEBN`!CvML= zr()LEH?H1v#Oh$*?e7l$@r*TZHGlMO!@?tS`e(h=D}P1Dv)AMfT{!vV72GY0-kYF% z>7i}YUz-yS7oYsc`OaTMCy%dsx%}6ZywDM82S4`tNz+d~<1Fv68&_AJbM>nyTh2JW^4i_!W%Rr9 zsT2Qjjy!IN)$zeAhuu_k(#kU|D~IoV{E@n;?|eP=?Mc4*!ybSBq-zdXvv$?Et2zcB zv3>3I-|yJ?R>x0G&#mlbdghN|uXXf!c=l8i|YVv|rDNpX4a^vYoKljtAGjH#BYx=`&N9=rl zaLt21Pd)YHWnUXgo7WDVDpl^>GD7TgpZV_I3kzSrr|6-EQ{I2UpWUnw4YPugwAzBA^~(!Rg`{P;;94)7Wd|Mk`j?^{z; z^;zYp$)j@pZ{K$0$I~rt)66M3pN-xU8gtOhrcn>(bu2#bz2(cN-u0lqWKQlSR~$F* z=!-Va8u3%|mGf?N-T%tz4YR(t`Zr%ajQ{=mL#|$V<$BxPckY;Uy!Yg~m)||L{>>MX z-`A};{mYCW?PqaU9IzDaJocF5hkbG3*6cHrd>#G1`t-hvpLPom>hIchjOF=FPxkrc z**iuZ9Gq8EbBC_s>B7w~t=S?^d;O7NC%RZROqc0E1d1`Xq z3%UF^Q-8eh;X`j3ytU##8!Y!ceA_XXzP2^}fY}4bR2(of@a3j6W{&V2f5m05zkBqw zFJAfitnEja+h1+3eBiW^laJpxcC)c#o#1oaXWspOneq3B-~T+-FC-bBEPZK#@7lLc zc5skoi@7(YRLy*6xUKQ*4XO6a zQ)eu{Bdh)OzJo>EGj|;IN2u2-`z_)pZyPJGdgR?dKEL%x~TTej@7H4TYPuN;*jy zji34aKGD>8)7-opU-;>U+&=TqFbl~yZ+XhH=Dvq@RXb)p@#Mm5zdxvA=*{O(J^Iy~ zKASw$;gv4@`k1A6KDXtSnKN9z7m~Ba-|@`SOMx^8M!|*`A%|IdR^{ z2Y>Lw%|`@A80^Q5%@{cHqOzAhd-|d$?z`=n#*es9A6dEd^6&dx>R6)RdSG~M!2!=c z@M@n46Yo98h0a=X>MLol|L3dMRu<`wJRvvt!%5rj&qQNOc5}a^-1K?!)-Qj4V)=Vj z&(C$_E;re9-%8a}R==>Qbl0xIM_>Hhn&0o=_I}c;@{+GyS?65x@e!|XE?MyWi;o|1 z&-JB-;3?O9@Wb0J ztW6&4R@b)A%cp-l=OS@=KmGjUw#>`kbeG3^^68fyQ$6(1Wskmg!n$XEy8YP9QH4w8 zkvBZjzW5;jtFK-7?52{9%kKNa(UNlZ#9eEj|R+6NoM4=>oO zkKK1Y(sAekV-Nkl7dot0Px#*tPBG9B4w>m6li=b5vLLta+cqo~OIAh(g1^~WndGk} zjee70&CW#DwCwck%rt9Ob~>_Hv#e=py^v+!b|Y~JOEMS2U2)+bLZI_}IGfwOhkEEx zkoxz(B=|X}R|xRPE6YL2W;XjoC+G8ul5FOJf|(1;-hd9_;1fMU0Feav$4VlDoFp}i zAs5Q9$WnGzdb-@49;~-!w>q7z)^txW-I6^io%0UzGz2r75Pk>yGo*pl9q z-k|%Z2j3GE_|F%ejeN*0`1t+MMi=mJ%}UFPf&WZPMtTqYcSk5JFD*tczFy!0wgz63 z1YTF1YcHw9{}+^_JhD4dkv-tl>B_505Eqn<9$rS_po^1vWNe){5uJ068Z89yH2HiG zk3v#wz=@pUkPk_c7uAOapUa3_fD?xE(dtO5u?QJOWS0Fwv(wAFU5zH(9~B`5IcFp1 z;UyEKnFP^{Td4Q(X4+@-Kvu?KF8s#QS(o!oBlyl2>qwp`ghr`jxC^t7)JqL-}%$FGtJ3EXN-Dr)?#s zgPJ7TLl%L8zA#{CW%gOLv7Qe#N?zXQRx0WuzvvGL^`c@>1_+XH|x`L81s4TZ~Br=OZna!@5_t*0-7w{J*3dQ(9D2T%e87RhO2J&bOB%vlPNRGOx6392&v<0dFCbnXVdc2k|Yu6Yscy z3&*p5v)r64hwva}UNUQc(?qBT$J0MF$|ux^xR3zRk)Jdv#5;u`Bq%>)z4l6=>tNt?K6Soohd6~ly#hF6&Fp%zpe}?~EA)$#6nI!N2Xan$mW@hK~Us`rX z4F1o^wpe@ce|LnWvj7s!^%#92Bi{lLUFj7hBsoJu5F>O6Z%se~7^pEO2_g<37EQcQ z4Dulq3I~wvqn%|_;nanH}Z#12b4>TcT1=9CR zc5*VpU#4IP>Xk8wp~=V-;)BT8get1+l?4?kdJGqS4g+ipE{qGEtM4Hn_d#IrPf^}} zYNIRo2Y88re``ioFO<2T`V$rYpTj>}e|CuOpEkPU|1;9!);~SHhyL%DAc^6SlSc-X zpv4rNhxbb+G2}7e(*VA6;2&d}$!f}^5k|>Az{oq(45`R4 zWhkf;@5F@%o{S<_mY+6_!`c{!ID;MFb;GNl>*-<>H8{z0Z=YLLV|0Ki`lUBZ7x zdK~>{&Fq2y?g(v|(bEeqy$$JsjDvk(u~_w~5FN&#NR#N~&{$`P$1IJ@!O4)4X0c`& zE!jp(R;6{I&5~hDOCL}3iOm6}INf9-MlevNOn;sl%wpoh4C3x#+&9KxKRfH}he zFNd6%!IML+dbQdrXvl{8Sx}9UM|q_sqpHds1ts}qrS_7_S{x~(k%g6|qYFyl!;40i zR#e*aYaQ`1!Or%$Mcp@f9Fe>8-j|;Lbh-}5!hzUqhFkJ5woCxEYRLmc{xv&q< zn8D1;PIj|q9D=*WIh|rSAP+SKdB1_Q)*{HricyTN*$YA;4=;;BJYjkpZOLwAN(VyUt4KeWp4S1b`~>uF!>=XIpofAc$FO9&T{lu za*&OoP2(lbsRIH^rxV<$1{o(o2YKAVS~PjG8X?CABLghV&8sXeAD2VLAyFC7WYjPb8AHfKk7WGq49m#q zGMEj>=uR`H=yJ>KqYJty%#OkoU1|A<+`PQfDwyg$6`+T6q%|9~W=+xQD465{)C&O* zg?a-UqX9Jw7(${D1x;fkG??_Pg6fb!$}6W2k-Xwm=+clOsGzhE4Mj0m)4JFj%jgA2 zcw@3#nr{RmF4!a4tsI# zhyq7t?g+r-D&{7@5tl{B`y@CfLcB+i@PUufG&|e#OY=q-lsn1`M%XJV%f}7qETP>D zM-aI#42Zb+@G5&zzN4h7cz8ki09*8Td%JpO_iIy{Y7`LlKebPKOi4svF~M~dKGwrQxKA1ym-kxONQEiy2m|XUj_#M zJ}w+^djBE)kF1Qi`@gKr9{GQ_gjo3>(VWT{dJd+@hMtqA(_s|g0IocTXrOV;k|P)r znmCyU+$*nAK5J`v9Gn%0Z^YhU;Z1FkDs`JfG!3N4>_-|A++&9t$_!X4|R|+%< zenllI#0yPUz7l2u`X)LX#E`80l1>3?Ke z(kwmtAKeky`m35%`=gC6`M(7Ef7Xm1{NEiR7XK$9yPGQYaULS* z3Asa}A18!(zbNzgPf(;{qeK#;vvNQ-6C0n@-yC%fz|N3h7;}~JG9|biFhyt-jgGHV zAV?Y1W{rx_hi{SjP=Lb~DYr^vD+|g?a*G_f`T6CMd_o{5pS>huK6=ZgWFof!|2z7J z3j8bj$NNJEqznGfnwcIa|IJM6;s3fN5d9AzJ0iLiRByt?Qx#xA3_y~dYSByPJTc%F zJmC;8A#HY_81Oh^%Fq-)hXD=$Pt`Rv7A3LC4j%vZK_)3242mK7Tz2&n;APf`;N$}m z>1wgP5*4velBSA{aB3U5>CuPl!vQ%AxrgQ;3#g!xtf0e!xm!_6l*0MBNwoK|Db(O3 zDg`IBv&jnb0T&-|VhSqKJ{Ob|Rn!{xCyJINuZt+Z;ZY@SCB!>LzaKY5?k8zOYN8bO zcrYf6Pr#Gt#uEn@ZP5wAkk}-+;-WD+_i@g+=!mgIbi5}dhJ!e_6k7|iiHJ-FT}zvd znPX`8lyZ4i50~7Ey${hMaI(!t2Aqndut1D|5MF3}{b5e39)bNK%-WqT>jQ;{=@{H|LXhI*s_uajAHYiy&qtMT5Jw$rNuRLp;_t=orSV9A}IGX@<4F->IzwhcNR#WwLsCUw6c868FU62(uPA(u32P<6An`sS z5N=U*k_Q>$6CFVjPhBg`L$c`3Zce5L8ltBcqDK`o-b^v^oYRZxXf#~LoeVBFs8d?!>sWuujE9M`rW-E>W}@lcXH-^~h{pgev$X-u&1Nywh&ZQ{m!woA z;>ts~1uhV)0f{FnDB=;BbULHah|ygVu?j{5BKu0Gs}Nu$GT0XiAXy+e6deuPa~ee! zfgxvRTY~$7M~Yj;^XC$q18|Q_hK~Pl!h46HY>^oxav`urms%y6_tScn$)gpheR7e7 zj%t;yQDk*%h`0j}oUct*l+KhMM9k9RuaQ<^PGM^nJ0NxCf+5}*X#n?HU0ro|;?C8f zWQoVSh4+cg>fVt>ADIR++wenxIj>}kjtkbQb4DizZzh#JY1Papt4}+ZuqJr!>Y)r7 zG+C+w zhHcxtBD-c$70XsrgoH8UrAwh(s3w9TWl{8XQ7**0@s7c}zzmrsb66I90%#VP)oM&$ z+3!msy8?q5a{D+Bn96c8ESlI1@CCyPOT0RGvYQl3d@Xz^>y}DVc|0c=VSzXe^ee&q zR#{M<%@Hq~Pzi|dNP`r$(H?LiKyrXvn|Q^TUs6D;e}4*G{rjun1qg!}|B`ROG685b zGEAMWzpAXA7pEx>3Yla9y_l2qcq8Rf@yMYfI&#uCTYsIduC7kkkL9AZFzs`HD>3}A zqRB|cV56Ee>2w++7bVj^ws0Y8=XC2G|K8ZMWM^mZ!Jb8zghueV z=bTJ2RAgIIVw|if+ZV=IO*$heR0Hb3j4?r_%FZM%AMm>1Lh8)pm4N%LNCQTr6viYf z{(}!7ri%@D6J)tzN_7))G>Mc%pQvO?&%a^X zMN)Y1RNyUnb@%{OMBcDB{doH6VGYB#Ap_n-1~{kisxsUNoj1Be7?-;+tzf`oHBeNH z0gdizf_79agF7SRS~2xaL@l@)g3B>L&}j&ejjB;x2L$3qLlK}9a{z?lR1I3kOb2X; zj8w-3gFXTDnm}%0Q>P-<1_Csqb)f1_u0d^4D)KZFT;LM(3yPOo2dp)5?%?=f5KI;tA&2__;|fj!ZxY4q4*blEiqZfdfs)BYDQ0-X_c zAm*?XQb7>z^9l9%*8vWU9cUJUxOH0R5`aeF{s+(q$Q&stq@~t~B~chN<@l(lI0EOP z1ONs=Fv~#|6(ddbP>4l65wv46;WG<-N&wn1$})x`K-K3em^CsS+R4bdD7eWfjM)oA zges=A114&4+l(~EJq}L65S{~Si(&PMom7A~if(sACzSGk&4g*9qHA`h*JzvEYf6eqQzWgKO{+O2 zrelOAP`iZ}QNrgFW}~7kQV4}5DI^x(LU}DrF*-3PL~VW~Qg3u^7z#l@1Rv8*O#Qa< zA&J&2LHl7pPv#i+-!Di+8qC;6mY4E(JkVc2vx~q71cBTlc0!~%Z71Qj71p4h5ZNMO z8zVZm3ilf)!h$v@x-K=fZgSM!X(X>jT$JxL4-UV4pXe<$?0LPnE7=oHUz@7 zMx|P`e4;a&MRY(qBm5Z$M(7JXM40Y`OTn<9hIga5i9xu!!m6t@%xw{TN@kR&V~eSi z42xhXOvP$BfdEKS$gUNnL|Y<&Svt%ZL~t7Mw?K9($TOHf37~v1@oPeLlH_v$2?8L4 z&t{NExCtnT)S8l7PF7SDA!3uKOa`tX0Gi+UC!G`EBKk)pJN+Y^0Pgfq=F3Z>xPQnH zIMfK$kLS(d6C|MIYZ8fvl_*6dq_0&j&ERTNdwUg`2sIkWaY~q}Bs;s!BZRt!MuYS{ zo%fMqG4lll_dxbwsz*;sf+0*hCho~;-Va3xXd{r@Fe}E$4PNwYQ4;&_9`y9&?BBnL zfF&%Cmb;9|`{>bD(=agtBpBRXqK^xhm`DJFO2b5R3O#fP0}2KSM3_RsBe%>RvD8CM z!cVtgyaW)C36=7=ML_z12-uk_dBw2LrQjA!;@5>lQLckc7&4(M>f=z>P%K1xCR4Zp z%p@_=BUXzB>vUGQ|VFe2p%QPG@(6SXKUa6 zMWVCbOa(4HeNe! zyyFUqY=qMI7}FL2gatzaKG%ytlfcF(6qp4g-3n}iLKyTpm&-^dLZ!vhO;oRdYnBM? z<6?{%SMV0m_wA%UK0qLtNqk5ql~0KbnIeqR0D}~iO^GZ5y-IF%gQ)iwjQAkk^$Cr< z4S=gAQmYZ%yQLegCf=8AVqTU*LBEF1+{4&-pE=u13z@sDG9?vS2IE$vGZ-|2gF34* z>u=d^n@_JqF3;e8Xw|4e2e;}7V-)8f;0TzpjY?b64+iSs~TQpuNe7H=>J%( z)_D8BjBHDf{!e!V5JCd$CwUc#k8+<(IX)GUgh8swg&KKTk!NAZwyIom9aGM$gEOd3 zqfT09(xsU&ErVl2z)&*0US~qZ@F`JoD{!-ZfgYPNuF(ZIH9DaZS{JFVlJn5JR8=7r@g@(d^FVz#9+R!6>O(TEcy+_iKQs^)Mkrr-r18pV886WWtf z9TDHw>dZ)CBJy{Kfe6rLm{6HAfpp3=Qw3y-a%|U`%xtDjk{1u(F4F@qDBwYcgQO^% zM3XKv(Uc+1!wJ#;))Z|Gf{|5fR}~cEnednt#SlurTNu$^r^_-axABx5BDxkJFaHY~ z8f31RG6vJYfqt2KQ1!n&uyu^=%>B?tSN4C_^!WE*GJEvDyCrBOmv9N}_hW|K=!Sc+ z5HDkrQ6N^zMk68~LNrKFz<5LQ0#n8$HTqJx_tAsY!DKR^T1q={^1*x+TDU4Vd0gO(ifO zR<1%6X)8fGIvx8C1G5L00b&@01^%EIAQF0}=R{wE0~WQ3^9khqP`Ky>wPHq|T{B~Z zg!xDTj7vo2T`5UfGF7|1B=i2^^{alF;lQRyiGzb5;XnMbhMc$ z+$d)SefN@C_L1u=%?nkfxTlIpph2vsPg&JPGEgSoNvsR&h|B;Y$<-5lL`e-&sitEc z@m9fd5v2p>Mv;t^_CTpgr_)sG7D8}oLOiw=S0 z1Z6+a+o3j}M4~Iu3ltAi7l#}HzBwMB3vQzL#x_CZQihyVUapC!W-s)pchO<8nZTn| z=LA4eCO2wgJ#<68?FffLu;_5{Zcr^baj#wUF-bZKV!cF!ShxbGaxKmURCPpklSZ^i z=>3n(heD!<<`-mj^F%d3?ZGrr(en*QG1(XhqJ*nt;k_c{=ZrY<|1)fH{)FKABN+ z&^fqAz+0lu6w}uL-=abujwc((!S1JECpCKorm?cld4?fQ)>)}V>-Yn8LHPt5Y-`SH|7FNEJ})& zEgKhU0B@@jypv)U&yQzGfhwx5TnT*`&D^#ja^nit*2=xVq7zK*SL?J6-s;G>$abh> z(SZAP2-Cg&RXJ`TYA=!`_QGx*(QqL>uZ!I|5knJu84NQ7h$kAysml=6oRV4x_12+e zI!Ge!kDEeTPz+!y-xIz275gm3;FRjoQ2W_bO-#htR*j3;;!;c!tAtah(jCw`Zd!1+ zMzsyM$0|OD*{9a67thlMx84Wl&WI-BhoQ=qJ@ttploV5HZtK z&OMiUBq;4OMUoKj6L{4&4knH^Qx|!}jNyVhNpt8^vLLPd5b?Sknq9pnd3vtp#h8a1t$Z+vV97F%_m+QZ-=>M#=IQefzdU}ul?`{c6imrxE zb(Dd3jaiK7pz{jB1*WA=U)ZJ5q$dV2L>J!g$A67JYGRGge-ktHQE5Seu?s*fi6CIc z@WJ^MI8S9KwpJw`!;wpH6Wb4Rx_EdgLSf<)E)WJD#Dzf+SJjGqf}3}?I(-Vwq<)iA z8ca)lt%TMKxF~%Lb|!!hL6?NkjW(UGKgy-b|D_d-w2r8sP+b)~GgZ_LM^R-326?{# z)q-X`cq#{ja$E_tua9^R(QAZM%!)y^s8AcCO7C>al|d>ha;g?QJ?N+zzKfTL(iGK> z04^w2cZOmBJWP5>C2&k&A|sCKD(wv{7Z;SnM0rldOB!b=kr5I4o+wE1gt+gIRF@HO zJwWX=0Ea3w8Q+`<6~K9_=#%2cYgCg-tpSFj;@O485IBCtpH3cAUS?LQL$!Ay#utqC zWHwWoW=(`kxXCB*_+CA#3KD9X<*t4O$jnEJ|P3h~5(Kb3YM85g3f z8r`DCtc-wF3XW-|dTG&C;7XUsf$yXa!YBz7RDed=Zjsq%`ic?dN>r|}`;}3?E@CWI zD0|B#SV#qq!Ey|!LG4{Nv#m-rD|Dm6(Z)6_@9Ny$M=&IaA%%>Kwgv(t5!AoGGBq`d zVqtCn{z%1d(H?+ke>vjpf_FvRNr7!4%8e+cb!Koy?Uf>3C(4O}BC%Dye&AVSRx+I8 zOo((>p^#9G;)w+Mn-{^q@z_8^;!#pVb-+Qo#}i_lZf8*GC$tdT7L0Te0`zrM0?V|6 z66fYIGV8pb)Uq(Dmv$`+qFOJ-od&E;N%gf7GtJ12myf0plQiO#qsYF;sUv%rnwvz# zRBS%!%;Em!0zB|h-HW#9i#SB-6z(bCTu%3rpJ>{Ww#yWkgXG+xc5X!H5`VJOA}jJU z8~@BFzM9ZL{1X&wNiz8XiR@UhrkN}maJXoqGL$INZhpj_M_%OV-Ts8eR9#Nhkxu8T z*9SUX1&;~K$bEvDJ*Gie9#{?bEivO#XIQm}S0;eXG4z3D*6GUG`|c43J1R{dL(8)j zW7#wW#~y7J2@IAgITXmIln75wY(?$3KPt;DMgs`))%90-91Vr6U?I2$mlCKDirTq;e( z&;r5Y9NV7+DLG?3kpX6+WQj5w$`;mXY)lcc87A&ch)A<4AhZx+03xm#HD#Fv^`9#| zyj59i=2}SU0m({oK_x`S!n;(n4j=HM#HgGK#OT^n45C^3J!1`4h@nTFE{}-^NIzoT zCa`^{HASkyZOgS_k5tDL#G^E_nYJ>1uAbRqw- zWLV<;e`ojH|8`4gBYv^;KoeW_sj5RP@Ms;DTg^mDZZ$HIFwUU$jm2DJWf{}5E3JcU z)-;>NIv(dy{bK2b22+{bNn3IADf?>}bs$bY*h#68huBbLZ#HF21)X_m}zx!Ni@f?_it za)*6pO3eejVZhWSe8GoIjxP3LCzc0Vu@T)m)|9r8 znLSfwghq6c_v_RaqH9QC-lE*K2AolK{nHD!k3$UnyZEMkj{v%Y|Maw2_|LLfd+fiu zC3FS<;Jof{Ab_~ydyN75MaOrB1Y%!(`(K04{T)>Jrw`%omo~cM|I)ML_`l4I9{vAr z332Z~$36gQGDq|gnVSN*I><>T&lbk052c_K>V3rsj~6nhD~Vp=%IVjpsjS9Q+pbIW z2vj*`KRao-x3t~k6y=p+eTOLA8-GiW$m&5>7Eel zxvbM?_M&!(_PIT{`<9TtUoy_bppiu3Oey~xZ{+{%!7O?I8{R4WU!`2M>Zouj0?cdu-?m{xf6m|I(~Dy$AlgBm8|(hXhc$ zLitR849DOo&^A-|P;zDpQ!yi2D>#{G+fdQF>V&yj4EexdfpZbvQFuB49D~y6<`8|B z5w|$xY%n-Hm%0)rb>RM07F9U%a=}F^#WT^VxClHxfPYn$+mRL%>4xW46d*C216QA^ zaHp6Iu&}$>;ifZpAODS46@L<+Qu?%2`C_JGKOD4WHz?6#z zOL9_~Mmrmi25ehWkuHg#Fi>hG_FhDS0%(YtdJ^S1eK^n<0H@brf*jH#NyJs?K-tz4 z_Hm%rjq8J#aYDRN(}*PcniOki@`AMqP_CdDsLFz$579?9!5J+vR)jdjDcvFN<3XR6 z^fSu>+W8{rwlT@Z{lO@Z|x@`+nlWRRAY_61aaAWTMu}j73Ga%m++5!R6x} z&=AdNRhB{Gxe)FGQF4v9RVQA5@i*=mOsz>r^8G!OOsb%J2UkRX{KcBs5XdqIL!vA? zMW5nIg+0#)lMiQ|@(4IeS4!oV5PJ#Gh9t`kLk)o5J-EXa8^b{uElza>5Z=vkox@#+ zufIA6xZ+?lij-rTGGsR=JVa%mK5B=XQ0m%A1G1wXsJYE?k z=cS-Di#1bY$3h7IvM7TgpbOzG3u^L{irgWd_+r4MbBMfRE-KI9!5bqHS3clgC?C6SO?A|buO znVpkbQ$>u|m1IJs(l&?(WS9aV>~VFNs7ociO+|juCAi@)PX@<4<)$K+@_-Y(MM7Rr z;sX+ObOPq{68I^>H4y(0?wB4@>o9oQ3MN)&Q$?7HW-qgnR!0MZl5i+MU!QcP?U$99d$PBzZYXq%&hXVo?N^ zdr9iJLeK|rUje4i2uziaaSEiNmv7vNZXNnTM^ zzP)4w8jeerlvbi5d$GL|S6f+1nq-yP3o4+x;(~JUyjYn#++Jj_9G8j;?Ug0CR$OIa zX*tS8Wx3^*_Pna1+;UV_RbEzFQGmOUk1H;*mlT%cb_$9MN-9mbT^xrB#^4WBF%qAC zq_Ny8Jc4r8$Gp zPjc3#BDIMWosPOeA@3j~ZGFT6D0{R}-|4FvtbdBPbF=6VV8~Z|YdYfk?cn^btPI+F z>asN0=y534?8@U(QH^Ulg(Er2<|~eJ_MiL9PR{?3m-p?X(|>Qy|5*Qz*%?_q^nbU6 zgy(-o&-veT{`Z{!J?H;Fe*TAo{(t}ZpP=8oFH7@s79#@iuYVm45O@A7ZaW+izZrj* z5a{Ckw^}md?*Gzz?0>r_FmEwP`ye6RlgjqPr-2vVH$-q>Kp|UkMq#K$IXTEcVa0$Z zPiF6!CP!y;P%mjLH;|SFc#VnD82P-6&oGmkmx0hQQb#H>Oc|PGvKUfQ=%caJDOdH-HNPI|B3iL@&iM=))&GkMI_?;NSGhNP$k623hnAP6ur+~{O>anr7Y<`6lc!K+BJ zjlQ>tr-`kj<~hV#Ln^Ylc(CAhr9>41vIx)7UX<$by8pi(I>-N#qWDA#}rKq={vcA)T;Zm7=wCD@ybGG>f!>dLB^7a6C1$X!`O{~8(E1Liwya?y8Rz20D1j3;(+qv>8&=vL>o2LFiO?4%o-xLxebJ(ie%IB5-zzN$|o_%q>MC zNcZ%SIzUy9lDcdGBFG;_kiT9*{z+|g;z*BJButg*+eSO zQ#;@dnH=N*@ z|18C0s|_i`j_XXjK6b|@wQ0xF9?^}B*|JeOvoL4m)$Do@Uoia)8&XIF`b}ScXC#1{ z$i8V}I3%bEqzjm)peYf}3^hX}N&yo+;9fQ&0>uu{koqgjK}siFiv7O=F)C&;^B%3M zxOWqe_BivJR7QJ6XJL^np9gACC-?6z+n!(*ka4ZP%S=9!i_GEK%{2&viA?@s$X5Fs zRR2+J1hczSO2x@kh7XiHQkYTd*K- zD8>Uhs77y8^xur2UU!r%Hc9moD zJD5X5vhd9Bsbq`lE)`=K5IF!CwBqT5CK4RHZRFV9GbWcXu4edm@6P`O^dF3cEbhL# z0O(5p$C4H6|0_EyJG+Pe>yE&nm>uTPoImyT1rb4TI7_Ic9+vQbE5yP-6E^Nc>EB-H z|Ht0{rCBXK@4t6XAbR%t$Z9K;6?s#DLOeXo371(0a%d9?m?2(LM$Y=KrHL*1#IyAFIJ##Df5OC9y^yvJsvbNu;Mqsv31s`M0-vKl2z z6RUU_VvWMwx&^mL&tTj)H6F<8xI{{Sk?AB(9Q6K1$bg9-O@~MkxK?Oq>x-!f%FB^Q zzXB3P@sDP3k=vaL1|e4>;2_^+%IC!E=MlE5=n6m5y*!kh;s5#Z_8*A$hK3 zLZB1rM;sRH!B=||_6Gjp&Cb8W1#|`fX>tBP($XzG{C~HEh@_8QO;9K@#}V)$@ZK#6 z@KmcJ2GA*wJ~%WuA-)1L-av*ZfvtgTDJ>Zyc@4Ta8DoruQ7d2Uf$e=1_5%JXLNx~d zG6m4(`EQB6|4p}K^_>6R687f&S2uuR4`8q4F_UW;mpL&xpdf%q_Sk%Tiw5wH>Olj4 zKkOa+%e>#U|LFg;G)o-)pO)1F|J@Nffn`{5_BZO7W-0-3z)bQd$k+qT|MIXG@E@is zmHQ3;!P{pX{AcvQf42nXlA7okS*5)B=SIuR?Pw4vu%_239a zeZ?89dx-TAF%MDHK8)~!9z0J9&n=R-HR;3aI3gLI^neGW11L6eYW;z)ILP<*BkRX8@9+naJ8D@=&>6L*dgKs0BkyuC3 z7odqTPk@(=E*_At5#w2VVQyZ*Svfv2g%zeVf%z{VQ5~zXShH$%tZmWfQd&&KBY}yi z343bsT!4wsBu=6#W-uGL0&;U?lu*Qfw06gM*!&@*5gDDJLKQWAAjC+_KeIZ+{}S(mmu&Zm3P_jtzv)@A`o9^Lp8MZ!3G~iT;xQc- z#&Bp95LE+}IXO-NDi~CBvw&zDGQ^lynqQ!EdUP52-S*Q~IKs zO6{?_U=Ui|b91`A9UdMU84@00vkRYvvOlQT#cMSuV1h|r^Pa{PtKCfDYtKcZCEejb zD$>Jx)$Hwf6dl0$Mb;qM#H&g#Dif@%rXs7ZfDoc<2--0 z`F|Qa^@RN$Iz9jQne|VX=YK|K-1{%tnLYkryC-yE{{v6JI6S-`88BZFa;n6*KPWIy zpVW3na5I~ia`tSi%?95ic)!U{v~3(N-i--=*RW)pwseZ3q~4jCk?zk~88OGw_&?%V z6do(DDlek!Ch^gL;Am8;)J3eZ!yz9YE^{{fXWZeDJ^{bDccpMnL#;^`9Rlre7cByl z_2*hsOT@NBHT{4{z*9h-kM2R)PajeCQ%<5kYcLYCwG43@b9k>gA_ZctO7^O_lAWo> z?JL6*MORNBlS5Ce#q`js9>|P%ZAEhWI;dH$i%d+{(t@$E388A{?u1ks$;ioInL)gV z;F(mMh=6qq_0H?&1fMC&8m9rpihvK z^%Da6lp0H|7Mk)n5JtI(r9Rm#tfU@+97&R*>c(IZ)zlPZE)DVlc*--mW`b*isdhk$ zIYE#5S(&f~4~LVOiHu^Xrpd|_LkYStpPxCwWKKl}@Dacg5Hcj3?(%RTS5h*m_@eXt zRT5Q!q&sDA_Hn1yosk`gVV)1kWb-;Wx6Fqeeol6Jlg&xPqB{Zg;(-A>R-B)rOW4C$ zGpx=%aqjC9S$LQBZ~#B08IE+(#GRlAL%+_j1AvDX4v4 zp@x5&zUwONf&SlTPGGyb|H(>^z5lUVdftERo)Al&a6#DsL`ZHxYUU|j!L|hcA}z}C<@Ix3hGM>sR*ui5zwot2*l|(MZ=^6U znf;B742r2O5>IP`n~N|QqT-DWWig*47QR=si&qsD@&cl_EULVE~U^HnSOLG%?>kQo6C3ug4{LV^}ism<%*p zqrG_<7zZl`@GMHuPd_IF;DStb=|{cb!IJo-ddkDOc*=s|Z19AF9-72I_Usu!Yt^E} zYep3Dm7uItl=($>!2h1`|Gshp+SUCJM*Ok&KbbxHKiw19#={h;L@uJM;d&L|7WOrB zdZGEra1Wu$FalFC8c5GEBA_S<5SHi@oUKkV#1l+t47Oql3rKg-@*BA6GvXTrNRaKVkYF3Khs;>1{=b~$RWfKF*|BFGz1L!=!A zC|x2?ZsYkDD8~g_{dioOR)_%|b?^z81Ob4Prj>$VKh1?0(+&^t2qB)*#FeG_r8dO) zML1INtY99)$pvUuzu1I_$@ydv6Ubh2a}hNNV-Bh@z~V@f&xnzR4#@-%!9 zOx7hl7nC!>U~G-@-k=@@k>!m&1tKZ<0HBf&;)YTEf*pcCnCT~cK@l}MvVcZ*kYEJ# zr+i!_Qeq1>3g%GIZ}bE`=JK*)c_l7;%&=bd}7lpA$Lghqk^Jrbz5TQ3cPRPqNNpNhm?;jC<1wA z7!SD>dATO&jsYC28nO*=n!~12+)bEtk)|-Lw&6ajzV~v5LJ3`aO)Mo*izZJ-22Ce1 zdDj~DcYdyFH7g7eKforKB6w8^UiR$VQzovOoy2C|XU3eT+Ah)gz^ehLr-67sF`M^h zrT)tg*nfG5IsYko-)A>JG<2o^Yl%JoF-K_W;s3fNbZXYlJlgI_RNezW|NS8r{uSZ% zzC;0C>i=8g{Quy{9{BH$@R$7mbnXlz%6+JQZ}MqekM!V^?hoAG zW6%Grp7+1HC-l7k)${&G&-))e?|=NA_dg;^SD+WdDGwYgQW*?-vVkdN`9(?gwGz1< znD*e!3IY+kj08W3fH3sqR7!U!x+(zt2CesgY83(-R~v2QoFGKx{RWdxr@V%o;3*RA zo8%C|vKnf2QC|D^s;IUAu0WD}4)7=nwoGsxvKLjv6v34QePNG4T%LAWm}R9}UYt(H zlrd^l7q?Lz#8@i2v5226s^yWm7@6qUkpWs#}R_!(jOa2^rD1L?Ojy5G14q-QRd4l#y>Mr@HU8*#e4mM_`_Og|KnhNO&|5S*f|Jm!``&IzhCI27y{x8nnuFqvMX>5+ZMVQZowJHEnvC>(~RYmk}l_oZivg&xxj#3H+L>6Pz41& z(t-UFV&Gpn$GVgMx5mr=F#q2p|L>Ntckr*0H%WgT1?*2QL6u)paVEzINzHX|44no{ zLO0pAB$Tj53sm=#^7~i5TSnNFy?MNhWrT)%$k2aHh{gZ(JnmllFT)at|1*00zjsgg zCz0TvzGmWravY_Y&@Rl-b*>&g5E2;t`-J)s7ZTJPAcvRtfu|q3w$k6j2VKB_W?E*f z{--rNy+{AETLQEHFH)glBw2XsB3~lvU|Qb{5!X-T#5W{xt`Ma@n1pD3h;1Z#X+!PE zndJxj z0VqN(UY)YfkOJy)+AJ~2O0~?#om#PCJ!WA3fFhP+s=Zk3AXI-;al=r3ZfQJiM%vZJ zXj=|N-izq0<<4|!!Q)nn#<*(?O~$Jr$stY%P;)ktOMRar_EBH;Desg74aXS54x{#d zWDb+HkjbtFNkEf)@*QcMNc|1JoWjZR=O+jQ{ z=@S-YTmiusJ<*Ac*R;=$>8PWWMAUsM(g(x!^u4uO_70iZkdn9s+A&gFLCKgJLtbgg zsH$>DZeCt#RY|3RsF+4gkb0>CSA>cYDP02PYDVD$n>fJ-tFKSkw8CV-9fNWwLLms= zFszC0PF3Z|5=T+#2zv>vOEN7pjQ!Bwq^MkA?c~XA?J3BH@V`WvR0u#();OVvYAm&Q zf`FvK^oog?PHRnLOGIiityBr)ii}CIj}@qKjVw0u6~k=W2BYEkUqG3V4tK zsx=^Zi_jy&TXwWC?oPW}tr|tlg-8KSJ2h65$!P6raidtYxM_}`-`q00V|2kdy6As? zjujp;YSYk(wrY2aGOxI2#NH-qS`!XLd1R6Fn^=;8f^t$@Rk__1lKoE01n5cy)MA0Ssin;+*Fc-O8qgYGRyYf8P$O$gt zV$rpxBXlFuhLNF_^D|Ej9E#RL6HjXk2L5a> zOa9Zu^8a99{2x)XP;URs`?w9F;h(t&{eMfW|EJ8%?6h7eb07C3VfcT}|0P_1W&yRY z+USD+&q_;Ai_`zk?z#WzmSBW1ya3b8sBARw zTs8tVrD5*uJbTIT!m_lnnd0z*-27JOq%>DabAx*{m)0VTZW*1GUos|~Z68-uHfCT$ zY11U3D3F`p;w$ln&MUP#^Csy=x|@p1@+|q*qI_3*e!YK??5%1TSs!o?8pDkn;4Sr5 z+6NAwXwFC<6&}dfXNHFl^i{Ryn;TqWQ&rK#X1`9T&TncR;4zQOs?PJtrQ+D?EZ6w4 zjiWR2nnG3QRaT5?D9s#H$jg?ZjFI`R)t2!C4NkzWM zS4^5XKoFY-gngxB>{UhXL4yVsXSNpF{mmm?k|Z}ZM&uwnV z*G(KA4m3472W6CH=8wypm{*Z$E|V+y)(meoXU-4hw@ebfC8I0rC-EZ#?$M#@^wtbd z;iT~c8%Ncb6qfj^bQR474Sp$~ciD@pGJ<0RY4#DL8(POrsuQC;<5H}G0QbzOksA_*g*r$IzD7?kb*6hlIR?t=9^R^mS$_vkHwAvd({vuHxTQ#D| zHKM4&n{FK+cAJacgT{{%`Q}hjYkF37cD==KHk$`D<&E_ejrqU!uCz%}EM0%+S9qsB zOm&!5fPhGL@Gt;iDu3McobFXhiRm$P)=e%d* zyw9^Iq}Gn~xF*2uw0ca@S~G@RnTlddX{J1*h=Tzd20EN@10-hHj%-X(AvLplF4Wwt^R}fyHvzmg#$Tyi{qKFdIkT2znm3+e8Gz_Y6AJJ|vnJ)@eY# zCy--O%>Ge8!esrgfo%+>YfWTq#XDr6ci5HIVEy@oI%=}9)nv@?b`sZ|tSzC_gEe`- z9(RW6!V6(Qcd+eT8P}b0m!PNtMO&m#jeAqVt!tzmGt_uJIg$gC8pl1F)EP>g_35$2 zQ=-a{R+|J!8>L9wBuO&pwR!Z|_eg1v>m)sj1yIz{NI{fo!gT8UP-S>O9>enq>PGO; zP=wKF-3EeYfT1`gk2%S(Dbv(o!RDn=e>HP8c6GD_r`IrezU|HuKAB@j(@~pNGLq*Z znATBu1<>F;pqrz$dQf=uAl9irP&auP1LXS6~|3{id~a7V07F zDX5t0z!B2ufro*6Vg~hvRPCXSCO6w#JA4FgA+g(r_aFuLA;J>)IH_Bd97>H2-0!yL z>y54nfS9Dy32#f=qa-57xxb0Q5yWp+W4TGqC1``l_1@0h&JUu@cRRQ@v;66B-yR;; z)&^mf2w3(hiME?EC8xb+qX80~HrwvUXmD_>mbj*bz|h3K6YrLw66!sJp;<>Ub~3EA zhmKW00$|F5LZ5*{ff>nR-JJvrC#?5rVgYXK<811P3X+ajSputJ*BH30O_7e!~A=7lJz6F=eeBB5<0~yGUG>Z&jvGv2&3>x`v8Xb1& zX5{QWAfQ@!>Kfx9Z0wOCHPkXy?f65DWXbWlO%1e$4pGuClXE3+XL3v(dKA4aH8Po)@OK< zZaV{j31y`j&$@#sAbru=_Vw%IWDE*glSqA&g9jJ}%6rh$CTJ5gayKLu*0eozcGMqz!I4=uWBOURWSmGh%*! z7TKxepu5PSRKbwxOL& zlu)A=!Ej*9so{H6ooiz8x&_u<#Xrs|zvCHuz9Dwj^MinfyTbzH4uPc_1GLux#)l9w z>M+Z7)lJgjxaM3j2K375sD0gA*U`3=NE4lPAgzl`$N{x94!qa*TZgWI#DSLrTE`DD zvI}>cAk|lOdrEU{XNip#hX%{c8FAN}Q9VvNU~3LD7l$=Il(CfJIoYds7R%!d@JZT9 zX93(Z#;$bayV_hFBpfFX+Q(J1-`184gV)ECz% z=jX1~T`YpcOQ}F^>6Ym-{OY(LXu)K=tE15tfh0{L2}BZ_>~!3Tp=^76usG}{B)kAnWLoPn}=!=)%IpErbyd1C;aCXSc$LcMK`$x-tN z2|WUuQwYX|Npd76TfYv^G<}G!8p4pw=E$pejbQKz+vN=I3OG`A%n(e@9&2#+i?j5U)$Z8x@WC$82HON z7#LVH9UJ>j2Tlh|K8zYi2xRN}Tw!el0-AHHiGbWO(1^Y%9q?UB_O_N7c(OaB+pQgK z?Q~HZknUPr(qP+_bQc~4TFn}NGN zB0)H_eO#J>b5*2ew+=B=Ww8t*3J(ZiLZ@ngGCOpzTsd{Mzj0*H@ExQRs`OE|W!&wp z>2SFL;kBEsKG}|mXt+EFr|g;(Xh8>1Sv!Exel(Yd3a--Ov_UOad{=BCJvf_9Jr{2W zD@B??I$O7$$eFeU5uqeb5+;U8*d_pbxY}dEJO`=dWr5CcOLw)c@9ggil)|6g4R7+3cncah@Ce~r`=C(UoeoLe4X%D!-)qpAZ!_04xKmYwN`yaV||9cO)+WsdJsUMWapKpJ>k@LUb+W)VY>+OGLXa6B- zd`J6ZFnVkM_mDqo|ANr_2c_{{`hUCs@h;LW zY^nEKw%R{~{yxxG*pyF%Y0M=u*TV?~*vPr0gNm^^ziR562_Wa7+YgnI!m0lNl(`Hd z^OZC3&q?{~H=w;Y^+|40A!PnO74{gBca_ESna{IrhqumcRBE3-6{fEHB>Pnw%A!r^ z8=@&_VeDY{j1u~*!5;pIGyPg9u|%?d(A=GNh=H7B=;7jZCqG?!s0^^5P}kxjp^@(% z9*V;u;Gf;njP189!g7m69bQ%Hx3vEo^ZyGn?(gekZ|Oe*zc~MGG%)mL|M@Or6!!Jy zg>vJiym8st2_C6>eCLg2w3mecZ$YT!Q zkle@6P2>Kvfy3r}@bt zG^_dDcuamhyO;Jng=KhQ)AW0-V2~_GgKD{Hiak_g?@3{D%Ic82rlqvjJf@ z{eKVnP)W8Fo=iC4bXT)taG3edzJiw2gD5iNFlUzVi$!(yncz!_F!`kxMoyZ|B9;kM zJ?Ih*q=@5*qR))t{Gnvjtv%E(obxPnx=hXAdW&ovd7q3}j#1U{q@pRSYTPovRzzu&hu0d>YPzj z3viAv@zw|~+VsTr^5xup^W2wRBd6Ulj1$pL!N*!GmoxV~mdx*G<9eUSl6|~P_A&SW zm;{d(N^-(fdAj;+n2W8IuMey|&8(|_$ye-Ou2xI-BL7CaJ@r4LmqqG05dtZEMc+pVV+9>ZvWwd{PA__hek2>Xz z?J9~VLfF91KazYtVIfyEzZEgAQ8TlyR`3Uxv_+XqbR>sfXqCy4K|4sT}ruyd4J zlpkY+ky#~{*IQKcoG1#Sk}pW}gCgUZpYyeQqxP{(EHNWrbANft`r&H7ew%0Y+&!Ku z^MqPdFiF0u&zzK~!jLSb87XFY6Cx-xY+&s#e$e+fX6M)+Z z@96HtPn^R6*1nuB1DsZrq4VWxS9+c5bDXTFw4a0aO(y(hfxjv0SM)khk@GoycGmB- z>guymqxo*FB6|6z$j|gUITGD(w;jz*ZgP{G+~g)Vxyem#a+90fGBmo6fK!Spp5WxT{f(qZ6VQ_Wt?%n&o@7{g?|DL7L=X9v5 zuCA)?uI>W@hYcd(6(RpgP*PITR96Qmsm6M$q@uQ-QUOp_(Nxt`S5el`R0WijRh87# zAb|RRlq)Kb2t+s@WCaO6ps{~m53J_z|4;Bx`|&;f{|O-0#~+5oA%anObO08INBz5L zfb!5#Q~UGrS5{H}-T14kE2}^NrGGage+2)_#~&7eCPK|oA^vC#3Wfod02+kC2BWbA z7$Fb}^CMxA7?dJ39EC;V@QP3bS`kMghLVU-vG0$H>na2T#RvYV=okE#V8i}R zoP3;!{{h=4!#}rwWi=%wwcpvln!1X{FZ=(SfX0Y~RE9t}!AB;@dJ0MUJKrUukBZat-;meW#G`XAbGQd5AM8c@@?^^}HM zkCvL!Q&T2t%1KQDYHC1Drbn6Kx zdHy$r{OSJx7yN=>@IM%6=uMnVj3D1P1pff!xfTF_e5rL>HX8oPLV$KXU?>3jtsX#4 z4XA0{dirZI@C$yyFZcz2Cv2Sm1)z!lnZtj`U!VW0DXISc{9j2``Pcd1-vK`z{S%_F zM0g|ujtE3S@gzSS0v8I448cI^>+|0x+W7Ccs1e&{##e@0SbYpio#anh4UwDt><=^8?4g zqCn!`X>KsFepN+L4u%ea2cV!(e-xZZ!lMX^cvL73Pb7T5tw0DxA*h*@Zv1v-f&56V zt@ywD#=?gEZ^#{#_`jXTU)aB@lBUYBXs~hDSg1y*40DWaJQ3>laqzdF4H|emL}3(fYc7KIvy2( z#$j~;5-s98Cb5|JXZF z&Ha6%QFt7fgM<^|KA~`8AefB?>to;~$Vv`)e_2sKPZ+N{Ih5349<5^Dhjv5>iFWAElx3f1yki3V%J& za4n>&hBo3ahv7Q~D1n3~qJFXrB+4I7!VoEK@Fc7c22J>mK>>6K2y`gQV|{|r(LrF) zpw4*xX)z_mBmT4k#g||({|tdYIsjY;tk-}OL4V;#qH;_IYDMZBC=Vpa51JVDTMpO? zfxv+y2I@BnK??Ds2zCQ7xBxWv2bW`PXKUr+=ws;OY+>tTZD($2yWt8qAQVm@MBwnq zKWk)YZ~2?E+Gw=V4>;NF{j0peLqjoWil-&vF@HeL-rm~M(AL=0$Hme5_goSP7#{=* zPel8p5pW_ntm40K?&M_cV{Gc^Y-wg`3_4f}0`dRd%clP^u(AFFr^+C3s{N19_^bV& zhQ{yjf2*l0|GNMAw}9SGaAyR7(*${$q%W=vQxXSISOgA<#s=t%yEvOEXo>IK0o9}G zhY5;+z@tOSzG(-PS&uvq>{wSJh41?`h4l0e$TbJ;jYDFq4XqKz>&I z@x_mX#vq-*tsD44eKQ7|!Ldkk#&?<_FnB1qxP-$%KMq6S@F;MX3A!*8(umvw^&5Gx z2^=3lBGV`2e+x*6DUt|y zMRG_6g$)P%;DkVOsKz-EO#s0Ea4g{HY6IA>DA^{=}fRl*05OBGI z0GDS`;4%pg<_4kwvOR#9kf?AJ1{X>;H_)+!qwzQ_<(U+U!vYATH0Wo*eIkg4+y;pT zS9L@jK8nnP85&O@0ud;H9LGWXM*%nz9z;g~>mUI=GWs1J26_Rg5CV$0!%Lomz+nBA zvOp#CkE2)(93v0nv%`Yy`I9gh3Txl15J;iqr7wsx5QPW31#SQVLLit!sX-ujQwMBK z1{5L?2Z)0*AZG$9Fcp}Z!MXv713Rd~f&S1*aJ8*3P9~=CW8LqbQk>jN7cA8&Quz1B zVKBG|vP>{&EJz&f4@BWeKm?pzjwAbNvLMJDP+c|r%WbBiJnWyJvrKpCd21XBhGC{S7;rC<~Q2MBO~P}HC?kny0x;TS+%QijrF$-O@y zjD=BNf2I-(!~i~&40uE^pkM|Ar1ys6!C?i&Jv=}>%5oa&>Z%&sB~|29)WJkm98d^A zfdy(C1?uYs8sdPLmw2o+0J0eq1MH;;eqHPomHa^g!3{td3DgBpNr?c49CM(k>K}0@ z55WDv0i}o)R8KI4iBmA+QJ}BI0?Ob^>`y8OZXZw~p%j^aSLhAZ`%#P66_%`5cw7jj z)(@p1LP~7)yETFQfHldSf-?<(@&{Mk!X|PZlfcq0cg;G#J;8CEu0AL#;nR#$C6%YVQliUSA9H{&uIB?p9g6av5uL2Sr zNs5k8LMaN87IrqKlqn@v@dpkF;^3}h+crRf@UK-@l>FJ0$f^OQFb@Epu>VUOU|X_* z`}hQc1_;XF&(V-85ELo$@Bu|5E=P_R;V2s?YPbE#jn^^7ic@+P`42gSpK`p`H>c!I zP`mKG2-J2Wo`j;5`=cqeu;e!qmh8{gt3fHGWn`!p33BD*kAVm1=qtwpJM;k+Kvots zZX}uzih+aflI-sy$fUp?BTz`_I^iFBAgKW8>jQFVIgl~1AtDe3Di2vapyi_Qa0C$@ z4!VRu6b3{1jcdy2%xU&0FpA~usW!g;3NsMp|V2}bo+`}(AUaJnw#4A zkj1)DCjhVXQw2{f*&~4-H-e&zL8N`CcVHN(Qzm#zRf05CHPZDHn`<;!iyP`nQPOvy45C!t- z2Qme$n-7vQNm81ST@%@QK?`3uUKlxM3i|QyrUq)m@AaMH0e_o#%-|p`ij$x=AtU{f z7ir18Kck41hKa9-XEq!i06IFbM^K3k&p~Ez{Uio2zi#Ux=zu_SH^@ccbV;TMRwU1X zRJ|tv)Kep}+JH*F?xn>5^0FCpvSfEgUP=QB;Z)4PZ^I4tiBkK|>&5`)j;8iLcJ|Je zcD7FX;^KhkMkP;h#6tne4SS`mTK<6o#g|KLcsbx_wQ!~?7N}EzG_~8(WY`{D1QFW#q+O-_70Q0RHRW|EsI0s{H!?|L*|m_#2_{!346- z{wHYsRs2Uuw#+If| z(2YYf==$ju`B)rAdET&no%KBm)ZEd~-hzBb0Nf(WsKJzA%CgY)!z*wjOY{LZtH6|%WTAghNGXA7$bP2_$SA?oV5;l5D7eA)N+5cr^(+D*5UBv}55mz@+&`2> zkwSjX`nj?)OnHOJe?UxWstQw9Ccpl756IsPRQsnyykUgE{|Jr0TK{RNYy9K+&oBG` zTR=i=eHR5M1Of`ENGOz|30R!I zyO5@i*GmSKmiTzbnzj8C;9$BI3Q`i+eGpEeLNjS0vp5e5++@E6^a1X27} zKa>P^l#=zw8@T^RpxVE&g`usvskNOsECl&)r|}o_zp|!==0C3gm44a(-vJT;Wy*y@ z?%H-;sl;$PqT*?>B&a0Rj;f`n|m}xxF10_ll<>_@7m+rwD^W$aaSTQd(4h#Fvj%b`HH6G+2o8_> zjXYT25fy>M2Y;_fW(5wCg=02^^!-B5IvG`%8kvk4I&%FQ5;?+eLb-7V=2Bx-6akP& z1!N=;het=FkmO5}1Ya`qzKXce4bMh)_`VcTqTomX=MNT=j{qq*t|?_3G$~qPjKfop zIFKkJ`3#UMvmaQXR#(|zk=*a~`+$H9@~3g5-mqIg&_g3O#!z+xh4KapL&~K~z#5Gu zMQ)tXZB(L2+=L z3nqn9PnJOI0a+kW!{_8_5FAu0o0QW`3N1J&14?58Xc^z_pQ;k%eg1#f_a7=sfAIZ> zrs^;M|95}{U{6{<#2_ecoW7$`R2NAI#F4<2o*xQW*A3*luLV_(65ghm11XexqzbAs z<>VanR~v6;=S#h zfB+O0g{N3Eg-1XFD)EN^{r(pWp_ZUd?}TD;fuMnaRtrT15(7ygegqiO59<8=2}JK? z=;ZVRLMV&?ClD0YKYsy>O-(GF?HrwcCQ1Ifh4PgP`FociK5_Ab2SXiAT`ip~?QEgW zhUQLkP+|zU)&sr0k3S|V1Rjin$^G_B{-h>^d~6ThxDEtTM-j=h0Rb8k9O4fH{XEEo z1Ym4uV{d6~Y63|7zUxpprF(KP9QYF&g&^}oegs8G{*3`U1Exp}`THGIBuG*b53VT{ zDc3uw6VK0GgGInWmxG7G@MH%K{r*eQA04^=g$>v#uqBvmd~-ux;zP|za6FPcLQs1= z4ncV!3)tA^Hxf|FpBj~;d};>$?RzuIV+amO0!NqfygrRn9)CNP0HqU-B{%kq#)IU+ zhrodK6wD`oLL>oDLRf()jQ{U-1o}O=1^qe9_1mXK_|E?m`7>9vlktjTcm5oZ27jVqhi@<(T^T~)@*T1d$ z{V;8Oaz!oPkhU`(9*+K*J1C4u$)tQpMZS!K$Atpqi5Q8aGy~--_rERT@e6*0jrkvg zf@48{`5%b@{Z;%&MdSB>|5aT{_1F2&-vU3yeNco z(=%&878~XWTfVSR>BsGVJ%g=(#?z;C`(pj+)*#YupP?Za@ZUUe72CSsVOjC)e1)@| z(CgO+S2aH4N?l*xT;LiS>l|B&E_J9HF)eLsXm(vb?6wwTW0h~n>mjDrktBL?=MGWi zYvQ(+jBf+`*Cg#c`fm;$+sVVO7qj|0cxc6M_3Ts27dN+lSaF?T&65#G2zkjI_T3%nW7=!0U51~vEn059+<&94V6A^qa#7TDcepaXO=!t-^O}!H{pu5v@>>6U z$;JIUXTBZyw6=0^b!Tr@{{HPpjjyOD=SlN1iqx)d{<@~B|7v-1-xbp5@QAgUkcxnv zUR#w!jzq^!d>yF_K5|5CWfHP_bAf0hu=X{#e=RdEYV$ZZOM+RP=bO2nBPLxRg=zLP zW*`o0apntk6vd*Jy`;JIdy|eeho1j*{AyTRH(LxB(Inm2IF&{yHSQ^{=apJRgg6;Ucu6=ZG zL&xLSbnmNPuEguYP20E!3nn?*1l%W<&R^w8(BD-4vOOoHgP%7>RQo}TOmi2^NJ6-` zbNEoa>j3-8!|{Cr6ITb!S@0`d#7FND0<@x>rQ6S3YvyS>IvGw}lCxY2>afadI>dH4 z;q63fH;q8;Ub=U@Cp)ZaybAAgOnGqn^}DTda}B?p@I8K|aF@$Hx2t(a1(AU+UGw7U z^V=C68N>E-9ln-eYD`ZLdnU<5uyajNJ*1RM26>>*0ek02Pu`iAw>f;sFJ zm>Pv*t71b)c}Ph|Cm-&F6IWmbX&g*jAaY4X&s#XJU` zZfTZiqjhXsiOcAEWpB*%d`fz1Gk>Y!MOPD+q)kDWCA3@A=#p78Nb^7{yz_qZ{iJ)n zbd%puzI`dUkC4MLU9~5b+%yja8&}cJwOHMAPz?0&UTYek`*cldVm>$w5fx8gs_{X< z#hZUS{_4o^CJg}#s2DasnVDoCu62y%(Gk<_#PhGa3pkh`rqYCa!Q~X`IAr$SWW4Yu zTwnN92>p?>Q0^GR1b$ZfqYMxBK++UsT8`X1MSH!l>=~y_+VjSn;>j`#1*6!P-t@7j z?sM+uIPSbu;MCeT68 zjaP~h54GiZwUzVIQF^A=^kE{L6AUudsBdv=tu2>G&mofg`Pt8Wt%N+Isbr6&@0EHL z7E<1YmpPmesBe&~fuXr8*W9S@ju<)WdB|cc^Y(rzzw(L%U@YXEUF_&0f^kIY%9f0p zfJZd5Mw@x`(2|k&>`O>XchMY7CI>CDbD!OXa!NJqtC$GlxNu<8QGOoqHJ z!D!IdQHs*>F4qojJ08vbyrG)0E?-S#=JPJ>*SHtW<+U`f z)e(~krHmdo%C1RuU2zw=(5%qUg8jH+y2JPmjW1XK0pzJb@zDLl+a0D46z5{Z0!`yM z2aX)vw*5LU!ncDnt#6A|Y`J7?xr*ULBcmL9@e>;OE1exvyZa{MMiUeE4Au;*IYPoN zxbiucC|l;f^(Y*YD7l*YbRQ2Riy3gh#m3h~?I6vo)Hs2G7pKyl1-t|d<^sDG#5-0= z@;75SuAO|Oe%ejBrEHj_2e_Xl9v({)4s6pb6XJL(Y{m@PHkWa=uBb}Vcp-L+Mcftf zw(VWpHLPB%9S<>R1LUR~668haIy!XX$iS?ECmhxX}`1{6u&wAKA38`d`)~~AfS1v7_ z$0ZXqp!5yOiHN$~_M;8~G^RrbUoZq`Zle>qAu}x3o`1cZ*()BUCTFe`acCOVuRgBdy^R75xy2#WXdSxh#l3op)05V9O%9 zvHXGk1^4a48hx%qLcvT{^GEdsSgvq5c8@>3(rqMg{G$5o3033D11IA@$;HgLUEC~H zKb+-WRquRZ=m-n4vS#rrKV0_E4kixy8cu0u#o&5BmZ-j|yUKC1vKN$Z0ui@{3s{U? z1Xv-@{F_`ZuQD5-FwKw>pE_S*CJym)vO?rAw-7EcEvoo%Al+>z_b{=@$~AbEk9-V0 z7q_R0XTY<#^ms{WX2|_#1}O=ZlUvrBu)*}O+`>oAfPBxjy_|kfv7NWW8V=sPOlC-JA<@Jrb z>|=BjPZXHb0wP1cp*|i&G6^_gRHpGMoXtE8`ax!GioyK)t?6T(IysXc4}7jqNlcb3 zE~pp09Z6)k8r4EPb=h;D(}^Pz6C!a;!#t@5m9vKgIMox6-(yivbn({YCQX0Ykr`vE zZw0SXYj=T4)+Tp#&nC1!x=~09WEAT@1K4F}Rtlc1RJ$m7T&eD$0mrRmx@hk>E0)bK z6Z4<1e9oPf^^`P-+H{d?G5J9t^N#BxM6S&@SKZl3q#I$iY3B_u?}2q;zl^06b6dTT z(v+dAju6sDz6M zpQ2+Bhm(oB4y$uAr(40y_qQMT$b~<|E*B&@VpJq+IeT7VJI&3*R$Lu7iy9b4gl$Xa zjgHg#Lh3bg%6L#RH_m#Cy?mW+kVtI1>)2+ZawzH;+$oiwNtfv$(eJI@r{_u#zT3Pg zokUi)0nt5&^aC&XDoUN=^^%*il9RNVhK;>q8&>~7>stLhoUt1*l|A4n)>Jiocz{+s z^?ctnpS>f!?Ne`DX8X4m!L|$c#4;XsJZ{OkWvy|CW$s~VG%S~CGh`MCv9GK-m5e(4 z=78tK@yxk6mQ2h*-Q-#*9`k{YYd?>scY*2d19widDr^!FFfl8Vt^tZ6IcDQ+>JfXN z(?*Hkmf}85SCPt6e)Zw(o|{Ejh+BKf7Cvv$z4|7GMcTJ>>Rl_i4ETf z+4a%ul<}qzwk}_Kwffm%K}GMo4YNwp)jE>>R>o52`KNJ3MTm}Ldv2|m#dZn;(j#%F z%{a97bKeY+4mt$O_;MYxJZwy}yM%;!I5=ieSLb@6y5CLz*|XU_Qr0D0pN@M>vc%Ed zN{laQd8M0wHR0m};e^L1#~WwrjbFN6r->0ruvH1J&#hnSDEquc$z;}3{?yKb$)o(6 zyoNKa}sCboiBXeq4kPpJhDqeAWFYH2A?}wn~2eVNRM6R_0jxkGs+CW7UOsMRY zj6%1FIQMG$iBoFj8Z^4WLLcSg;*&5~9g&6(frHU>JJ`5gh?jd@WS7n7)6ZL5HjHq6 z!=1m;*U;3>LwCM5BKQ%Vx7k&FQ`&9J=oG0ADV?iI5SnpqKW~+Z&KX%Nof}84c%g*$WG<_xjcjmR+H%)wX`N zr|9C7`O46}=LR?KV9Vpq__T0GD?LDbavCfxQGZPr{RVzMl zmyaMzWy0Bn3IW0U-scX6Pi^+&Jx~*`!Dah!FV80?8qXfK&yJqcNkY0dm;~>op$GD= zvnFTu=)7)3%Q}fTSEN+BxD4-VtoIh2#)K*F`Fu!K^Z8KMd(O461IiqyX^aP@IzDK~e=c?!gj6tfq|rOyfz;Qo8rhtC ze2FJ-O2)w}zM`AXydKNTWlYL;)#yf4KYIEomehWEf<;o@T(a2g}NEu(Mu5|HG;Ib&%xe( zE^oA|60e|ZmzrLgGAv&JJh#o}?IHzfn>8*XYFaMi2L}n6Wv(jV@)+8=+ZVV-i9#bH?k~#inFkvhv-Ua>qKI>w-2XYe9M8 zb(PLkb)F#67X8y(gd}!d$SJt=aPR)gcL`k=51tD*yEc+#TBcQv-oG?R#rPAvrnd*RUeV>?JhvO(;NyWDdHCqC8IL5wRpg)&BU6_5 z%c1D{yLgxaLw!%+P~|@L$iT&-zWz^s}u65w}j9tWR|?drOd2r*~D< zd}Q$?g{JWFl3SRak|I~GX@m(M+V>J;gO%cg}*y$ot{79;5y z7W3{w=OJtv0$esUu0^uP3}9@PXIrWRKObR3?7g4N@Sy!uXuFiQh&uy*@aXoWDy^zT zh@e~P(L5!rxL|jo?Srk{V{+VT$On1J4Fqk8WV;r>COK2l4+6uCr4zXt*OqVTZTV7N zeCtxyjghyd(Qi{`Phi$uX!anxSA%1VYirh`kG?$7aeUy_0F9-sWnay9Pd0Zc-}5~f zDa1<32L?duv8Ic=s_C~L1;xPQdw~)ixL_fBIREQ6$3B&e+XBd=Lj*5v!I>{s9)Ey}!%>S1l) z=6Y4~*(cviOmszFXU>T89-gEbVG!q5T6`xuW+AC@OJ>@18hSkMMA;UU><+&WeU|}P z3P(BfTq(PCwterX!YX=c^BP3gqIj4nYx}&5fkrY{uc{_2mAw^W*ZDrQ#^R(Bo%^O@ z`J*{-(bD{itjmy77fS@QKjH=kQBNtE4Zo_}}?2qG>y2*M*1~zz7G&t+} z7Z%F3vN1fC4Sx%d%TBrnOeMD7MQ89dr7wsr~rARrVx;hbY&c z!YtP2Jeg}d`-g9cx6bvb(Y*iZ#>>B8F;_Mah8d6nX7FohrMyR(IPK-={ z<+ZzgjNQQfve_r7-JYp&EB-G9GdqPRBQlPUwmQ8YEPeFGJiT7jk>i;@Vej;1#!0gm zX%_--v@Kusb>%q!WpH!~(ck2=Ojm1&Ua97tDm~_)bbx=yyOU;X+w1FDzfG1qSAjwo z?#D&x_1?i1p@a9SD-H#{yZcx$9hrYC5$Va{9c6lkTV7~SiUd+76X*5?e3#tHY(m`$f` z4_|h0*2#-??z?QKbv@jD?3AR0RdLx`96d9Q;OSn7rZwn-v8Fj z=f3aDEFTN!cF)M9y6v=;L$LClDlD1K^PieZXP|6x;+G#enD%N`K0YpqQ=8F+_d~1m z+=RZQRkBDnhV;)LC^?-SVjOguC&eS6GuC8p?_99`n@<<4KdQ#NwLZm4hxANOe2ljc ziSqHkqpfJ!E~vxo%J_;)G%4MZzUO`5q)nS!+~br3qK6KgyKem=@uTBQSIiyivryyAB&kk@Q)NBE`Ne_M#&!}lOkLzZXD+0XB^fg&GX~FjFvXk5X%?S}ElrVD7(s|dLz->^Kn>9`R`IduP z53C}bYoPlji1J6R?!E3(>yyk4t`OLQfb=x5$=wPRa%2pB@X@kA{!GwJ*aTImyjokr)p6u>%;0#aaX-j7` z_0CDWW3J8eOl%iR4Rn5a0iQR1*CqwdnPHkL?2w}JBFD8q@%>4=qa3NYW0U;*AAW0; z8K-?-LW*CQq8IMla^v2i3F8~Bh$XIA*}2E9&C*AQ?C-zY;jaI|cr!oqsFZJgifI~F zMcVWhgXVL|#ifS{yWJvc-$!gu@LIxYS%0ol^5Zmfdz<~GMpZ2CL8R}_!$*{#(qx6) zy?UA9rKzi4C}u=Z-^8C?+Zn2J%c6iMJfzl8NB%~;*~LJC6``7_(Uz5M<|kx?Y+4aj zoCn)o#3WbMv-g~e@W#$|;7^{24y@Wb+KITY`p&UP=EY{ldrF6oym>C?cOj}}kh!g$ zQ>LPsGljOfaP@-kv!!%otGB`3JAtg?FL}c)R}S~MV6;~gpu47D`a%>w-j+zj^k+Nq z#gs~MJhQHrb<ouc(Lz4Aw$_36%{LfSOq0f)+QdyaOeV_5wY`PX#+vifw^s6i%#Igabmc~Jg zyF8h$2FGH%vbf|gJ6ZYNHs^VvgVZI-dL61YyawCy&dV=eF|1kfw)%pjQRYiAC7C#n zY@Ryc?SZ7dqsvwXSx_1A?5#en?BRkZAPa%MQ_fscrP~hy#sqOj%TC5x}wT zRT@)l>6HSJp9f`pqE+ouZ*|T!gSN01dH#OtUhs}%&hp1YV?(w zk!0n=oABJM@j0(I*PPshI_H`GTwLwg?tM4!XFynFmrh2dcN`hwJiugXNRY?hN}IT7 zw~y_hK9SbvSn~_x&!0IJ9Hh*{j>?U*Sin_|)#ROEzF0Ty=si+)*|0A0ZlObo@2)xD5HNd80<|)FI{8qTwJXi!v$|v=lnc}(b(JJ%^V) z)D;+4GButFgw0H_Us2h1T1CepNLC87t-uCw5xp(vASn!e-%t^4z3ccy>V+?Xd=__r zk~@Mj939hvG#5WO(6kKl8Km7P>X$k2>7>uXn?nsL40P_OQl1sh^r}tJ=DKrnzI2lT zk1yZBsAb2!Kg_}vLDQ**FP-R3%aV|hGkR=(zNfkk8G1rS@Fo010Y=c0o$i!Tw#yc(4OADE_g8I7qGPitKg+)< z;T|it((t+?D+jOJ5Pok8ca#~-vqIqMKG|vc=g|7UT&K_@M7+7`d zYMi-SD880H?H+RYK}3|qgIiZwoeghxCo+w%SgF);6dPE^@>;Ql!^FG8Pf59Q>?%Y=N_LIdE6wS z@sasg$!3XWrL@8)?P{M{#EX=E^6Uj{wEWM%hGV%>zEp-ze=2v=cql66=X>_@EN4aW z*SOwmZ`qnmb06Bvl4_WR8v48WKbKjsbSI6kRnEyjUb?^g09i z&h)}=3*iWSJ%eu-Y3hC#`U?hM~?=n z(v($Kn6YWnH$5wUR06%~;Ez*GAIdn?(@>UO=>{D{%$g1^RLnkoa!UT2fZw_7=9HNu zTV5@=Ku#M*U*96*DmyBC{+)dF4b(dS_qb{U=*kT#rls=Qn5^EOM> zHr-2bX&U2NX{_ZE``~z1eh|IAuK6lnH=kgRseZ~B|K_-!snr*U*ZOR3Jv8YedS)gh zUDF)h9YATF&?b>9tZtDHx5HQ7EtWoLOEl#4IjXNO2=#WBS$fkuzg_-#P=lVnFMl^% z*UNZo%aUttH;m2o8tw}c^?mQ_JCwr@4r=i{D0zD9{KEcrOMR6xfdl3rN?D?ZdF|w6eo9%SdyHYjJE?A4We8tO!4ZT6KTe2D@v>t}@BuhM3PBU*( zILfLl$#zNX)_W zh3#rlQ042B3(5&bc7m)ibPPJF_NG$cUVkK0i=9i~P}so5IyZdEs@B~yct=oTz=Qn$ zV!2!wv9>z7cPQHf`A`U^Tb46e?G(b>O5S$V+~Lg6G+H~mB*cfzMVCIcTry&X zy^`&aXRd6iWtaVUv0|q3s|Tj>kw{Zf_il61m$N11BO^D_Iv>YdMxK~vP2BS}-h5SA zPWSPc`hHa{K}E%xI*$m4>xOGt2}7+k{)ZtQa_kC{><&pR%q@~eHwlaaiQFC8iv>^7K$Aimy;`tvI{N` zMh+_7TCPmzXoeO5H;-t=tk52kmh33!nqfdPNq+R-vK4mvOu7Sm7Gsc}#{HT$(Xst^ zorIorNO4G-d*u?(oImNzBmt$u|ndR*Wy|O3;24@^F|ZR6*4^f3@&oz|TlvQ^-Y>X0PY0%uUVf!za!yrz2<{2;Komgd0Lf&3-%J_Wkq4*=nCfaj8r%(H7 zCcNM4!7WN#{q%$=dz@S{PdaaI|K4{_+Ol5q#a|qSF{e_tZ}-2wpMG$t#pq5bi^9p+ zxOW+uNxmgn_w89n%pkzlEr$T)JsSF=P*!maR(EFd5Ozt9!Pmg9>f}ZL9o2mAT?Lfe z_HNJ3q6<7slTt`@?timqp|?_HnV+{=Q1#jKb6(L$Qd6W&osRt>7@N?5C8F{rG^L&yNJWQ z9dB>gog&4q_6O`v&n4F9lMYWD7-HMHLp-kOx#^Bbm0R)I#gU_zV^7ePxSRSLSu#Mk zDJ*!L^LwkN=#9&JlXvmOj=8)Wy3zZ$?ZD)n!EDW+pU+P%=BbS(UcD625J6`A4=*+5@@5 zgYK5Nq$VeE+T~Jx5&mP#C0m6g`#-iX8SI!?3ywt~!qyfq>5VS$W_V+_r>pqu8vo*& zyj}F_@i)u8{rh9X)?QxHd-}pBRp0I)BgfgbBS$*@zU}N)4Ow-VP|$`4=j&|yvgRuE zx;`j+HFzi*g?O^|MYuoH!cXJL^B_xzOuB!!D%Nt2env}{<0I>G70K??P2g#5W5k>B z>UW$=``zB!`#Cl26DWA{a`)u(zNOuh`#uI?%pi0JuYX0+mOOm3WNR|;V3%O_NtEyz zezle1dPCa;yA`QT(#KKqXACvjFMO)!na+dI%OB57(#nn!c8k5r?DOC)uZ-#~H{h8z zkDy5A9mu5Yc{$qrclutVyaos%&PbXFn*Ak)m3BP68n-=nU6arl)HyFyv{pr{qtO)_ z!gD~se9P67O)TOn%3bRWbVvTWGy z4+S(It%{*fXLPw!*7&rttonY{uz`rP`s<@zE;c^rc3(K4S3Vn-tSR30VVfT0{b%}; z+e@*pD(^ht8bYzyTs&yUn)O0z2zfKDJjnUU$x4a%$Ay(Lq!{(40c#fv-3yqlXY`sg zOCEl9kJe|YpQk^yKVV8~ODB!;T-cPyLJn>AT{V&H>qE`=vJ?n2$a`Xb>4V$NLK zQGzCOQ~jx=X9`12#Io9g2M0tA9TlT<&JY(qH`&hM5hTAZ^dEDx3v-;$n^+!2wsUMNkxd@wj_g*p$t+B}^ zQQkPELdT5%B!j5Lqr?X0GfrkkwkrJ$4HZY^lcrwV@yJ>6iFy=2L0b+9yhT4enf4UI zp67wcDQxGR$uRYgvs*GQEkxYYdMNjWw;O47(x79+fzzcSY=9eQ{<*}*G2L;`wpREq zeda^n_jc)7irnlRWoPMxuvLk}P-RH>oI85#@*ywMYth_Ah3!Pbp`FKY4VSy8{644- z**{&>VoEwDy-&^CDP3i>)9BKd11}p=K9^6Twak)g4OFgN7CTRL6nqx?sW$!4#bL9D zqwQ)R985dgx-5kA$Abim(`~J8iQL`6Ue}Oj`Ce7WrKsC};q$!69#$1TOiwwh8!Rg) zXs(?0XvybNxD6dO~ho5SfTC&h-BSwz;L z(-AFq804&`OwdII++A4*L9=1omh26^P(EQF)D$McVpH8Vp?k=w%UQWMsrQW!>&G`c zSZ1)(f|h%u(7>HR0nk8H+~$4CS}U`;eDCxT%kv7-1jJNp3sffd@m{ zNwi-1zVxvIN9HYYC(md3n&Dk4CympKWP3G;;?md^>^NL$R)Ma&PmSOCCS&n{5sy-v z*rGlgEGta7Wk&95J!8xL;to*~!y@asvbbX~wFc;QZ!hm{M{2T0)CPzRwFBbSmiLEE z4po(*AI7(I?XwwC=ju+V96e+=+^)E%#WKe-^fE5*U@1@1RB4@UV#?95Z5ENDY!3d` zG{QBdCo*!kPFOX+j#X^MLt8yX?#jBhFU?xb**Fv^G%M9US>mdRuo-X6C_igup{akG z1noOIRCaiPty~Vx>!}K=%SDCTr%kFBi`^IegV%2y3!b%=3(qDkZq|?Sg;HxT| z__7{9t&)3ThmFfkRj2cp23U8aqqp;%(>SV=-*NB6*OOS+g(zWq0-a!^-JLq)ipYzm ztKxN{R?o^XjMEWr+*NZ2-d*eaX7x^`)#~;eN2cb*bbJLbzVI>B__cQ_(_Q-&fvcqds;fh}rDxc&j2+9CPQzDO$xruGb?DkaMq+x&jGZ)rVf%zvr_5reRj0x%EMM zS?KkgcN_%=9>60kY+7%sLQ^Ggy>x2RYixL?`YJp>!EPUS$V*!Q$@ zl2aL0!uO_G`A(Mihw9!raJIc*ck~hBLc$vuk@>7)uF_56>*;)J1$EO}Yoe+}2Iw8{ zai_j5MaLo(wy#|n+Pt)LNAIQVU2k-_4%K9ZV2gGVVU2V2+-cYJl-4X1pW;;Swoh{T zzLGlgnW_3Hk=v|%afMkirBOdIxBYx`+e6UGKdzTikpy~N3P znJ1>TuV?p$nOw9;eC9rsd#GH1?T&RHEKbLmxAF}8l$eH%U4l#4{7Sg$3?`Lu!}7e~ z>DG?Q)P-8hK~Zb19yYiLFvi#l!CNhHpQmLYLZ&^l?JS)?W6NuKPL%y>K~6#X znIt1aJT*vlg~}(_6J2)XKJL**)*Ij zda~u|+b;I=6<5w`&|41JLqleCd35xUbNbB(UZ!fx7kA#ke7aHNDnQ4pzI<%{5`65N z8|MnfH^1V+rwI-Kh(LG0+P1+3M_=phZ@NAOcDwJ*&$rw=&$!TA0mLw<8PDr7db#kA z->*4CYEkxCXc*;qBw~htcBTAKdH>D9EYH=1cII7Tgc;QkF<;S{uBf*?%>|l%pL=;a z_s#^O^24lz2zI%a?}}c?&DODlT<&8NrR`w7ZRpu0+Q0 zq{X*HmF+(1xwBcU=U((hR{@6M`%Brjz*xDM>Dj<@FB81FaFdHi!ls9zvFyt`4EK9h3D#>AO4qAD3YZ(2B z{rBDu@};``hUFJCk38#?i( z2KP0qkG?^FNF-eGySsAM`A%-#?Xw;MGO^!YxIB7&E#;-|6`?1JO1Y;j9t|!9hKv}! z)TrKpW;2~@UNVG8QD2Y$T`HTv)zCANpMfI&7`^6=<-n=SJ@D()%hNUI~N6MYk=lG`OKuk z?d~(F+h$YEyrg$bbHC>r$=ikvv{FLasV%&uU2XRsHuN|(7;CrB+hIr494={Jr1rv6 z&yi;Hue++F7PlC$IcYZU^IogAs(<`YU}4SO!)IXaWu)T=(eg&Ed9ezQRgI(Xy6A)M z=I#{?RIwfz*-VTz966hQQ8&U?C=o(hhKUzRzPRV+#{2FK`spQ^$D5OfJ1 zqZ#?Uk-&Is@mrl*I?==88+7}0mSIgHQ_$87zudM1iguhinopK`L{k&`KbE|@dHt+z zjP2T_726Ju`)fT1S9f-)u6|u|n{J!_8e#b5rrx|yo5Z-nb<&wB9&VTI;({L>PN%f) zId$=EniY99s~ItIdY>Cf`W$fuwe;~B9!-ftW!(}SkiFQsiH_yW&v6IN`c6H| zVU8cmv3-}rQ3Xjg(Q2}kQc_RwgqbzA57V3%B3jgh2|ki}S5Bb)##&PWiLVcN=hs2M zRV(M}2lHt{PP=YZESs0HuB4z3$0S_)nfXxGW(7vU`5DWgM?C2V-ma>IUf-)n7$#EFfzXif(Q19)%Q#6);S-SAw9ch#MW5UFc=6}La+?7r?FPXAoA zLRd2j$>-<3$yumXN=R%NS;199P?>gb+kH+2o_g=;r94B1WUKrP4$(J$eo0c}m4p1p z&8oz4z>R|2TtWDD6VLAIvcXuj@F2IFYdhGYq%{=w9P2oAIf$u7<^HCgu_j!@^@3QN zsV!FN(*a z@V}E_ET4;i#}~iB0RFH;oV1OHH)U?dnVRgPB44C2 zz{rf+i$%Uma`2ht|Fr(cb6cT>_TOcS9|r8gQ<#8Fwg0MQ@BgUO*J}&?&vQJc?1*dO z6ohuwik5}2;O6FmM4Qb`l~Eb2dZKo=MFxu);hfp1UC?uo*GKn3&Jml!=q` zCqF(((|>JejT?aLKa2fub*P6x;ZZypRoa08c za4~DMK(&+b#f(-?_yRo=OXIw9#)DD8%IAQgW0e~)q%Y6-GO6I? zX2H_e<4a8nMm|ReD73Iq{;S*Hgc%ncB)*A7$HoOWU{2}Sgh1f)0nw4A=K~`{eLn_B zCbsu{ASjskd>|-#_k188JE&%S?gtjl2IPKRaf(R#xS||#`vGM+fbYx&R6OiC)^QS- z`vH_F9YcGL+Q){!o(HCme*J(R>1fyURLn6iW+lwZH<|L|x$+~b91+@j=ITdSpl6IGzT2KdFo)yp2 zL6&E4p^mEjz#?;v<4_RgnR_`DF!=!`@9t;sV=BVQ1B zW?g2f=qe8`bnVQ(M0NO-dAestES|mQbco`ImZO-&GZ#`ph|OM(i8?$U1_z1Ba+%}v z%Mil}t290L%=KN=^ zy8aijK7ZBIpa1gnpE2`~P8@F64?^b&>X`2Tn~ndBF@YB6f6wtOiQ_>`wu@02*dE|k z1G)#EoDvd)amEEQH&483=;US4M}sIdFk3>ukm$+^rG-9PxS|Sh;A1RPU~S05X5aNS zco_MZ-Eay^qM%$TNU2YL5J#s1cpV__X#GxY6id0Kkx#C)bJ{$G#yhz^5G%gV`N7qo zUxIxk=Ul~CgI+5t*{$4}{)LV!Tc@W6z+5SU?YAfc2QP`;oxQW8lhbsSxqmNxoh!kA zU;kh3>r!-kZWVvMfL|@^I(M@B+R{+xwsd@UX%N}+41ht9Io_r@*7IT zJ>b7T=1TZ43_H~B#OUf1<$Bk>4hrbdh$XRoba1@4zq=!rvR%(v)V;4u0sPm$Z)1D# zCk!F}OZSz3U9vq7{&nu4%5rE2?J{=l%t2)DX1Z3oMWu9@D~0H~lhgl{JMJAi7(`|0 z6qJNN9mk@S96-Ew!ra?|71}sMx#KWs(+?cr?SrI>T&e3qYs>Tp|6!b>pS{2y!0gg* zHoKso$u0z=bK_&-)~_K{4?nKD{1?*U2UPaj39q9o$LnNqBu8JUP5M^}&Hr)<@x$5b z=Snw@ZwFzL4zpy1rS7je!%J=m2Xos;hi4~yuiu~T9loV*$00BfPMFD<+YUSnJ)5X0 zDigiHobe~+9M0fA!kJ{_|NL<%ET21<_`?jF#11rx&3g zYXL|Gz85jUiC+O_{y4yUIVH*zO_a&yAeSg0<5)<3;`UKkP?$gNGkN{fHaT}4Q`UbS zU$XMwdUdh>pW}JEdw~8Fbg;iEMp1z>e8*)RZL*^WdTT9LtECsE+KTengtX$XP8f*g z|NBlsMIUBdxc)cLy%vp93P{= z7t54dFV$DYxA3EE4g!UuC+|2w!Z9Yf z;g!rsVB^OWLtfPb240Pb`s_O~5>^SXkx4Gn8HDOdQeALmacUz;>xcK0R7nP_Kj>L% zC{-G;@o|wgnsOW~G>$Zk8rZ${(JLZesJd4)I>@QV?7A0MR&?b$*+Id%nm#@O^c4fp zLc@&)psARy5)o1?ufYh^O(bMc#;|m(!JQfzqaAMb1>;NwF^T(HF{)zlRHiB`Xa~Ta zTld&a4L?C@#N>5ORCruV8n0UcO;7`;XVjR$oH=rsSAt9y0j((sl{-;M)`Hu&Y?}f! zK%es;y(z3C!6jd^d~Gs=NkLLerk0GQi4WMz zbaJv-j7k-vRFdp^@ff48R!-N7om-wk0~K@$zy?@uYREIotvWPqvVehrL-i1Ty?m+a z;w6gnXCR`QvLRwKipGo{>Y+iBscghMka)bFtWCX?>7A$qw6jz-h_S|YTAIlur%{J! z%M0}}@<6!6v^52XsSVDiUfj5f(-ee>I^~`i7aF229`e*d|ni`%qd#0#r)_mX(?%d3<4TRaJU| zjoCHGv_$jV@&4A?o1>G1Q|UOF%kAtQ?;h^#9&YdLVj@z`TtZhD?D~JvGlu`a_T7&2 zMD9OR<$vJ%v-1CXeWCwxxIqX8|xyg{RPHS8*O2*vMVQafbFCsDU6fX2_1@p*1odB zuCt0K!j^xJk^fL2=mD;(Ak;Uj1 zEHcDf1sSL1xzW|C5p;1?M3^XpRzg3@crXsK8A8Crb?U2Q1i{3@kQQ$vrY`rfPZ#>VLN@PLJN4eb_qL z6?>=R_~huvy`9}16`yi78<+CubR5dvpN>y zzjY#x-=7>Go$f;QI{@}@@9@nD)Uta3oKOjBg*37IBfN;ycU$}WRMpmdX#EMbZ~N%@ z=aap+@6N=#qy3#-NPN8uE!%p%zbmLJ=+yT9*51LY*x5SRddmSgj{wREWs|M@@NO5A za!}tE{C^vRb7D8>%o$!+p_eCTy6A_!)7@3Eb+UJg1M=qN2*BfTLJ7#ScZg@zhr0{~ zhgzg&1hU}!`_tW|Ejzng`vB_{du(PdEyTqCglEkDuRJhHs6Cvwjw$;;@One`U+Wti zi~avOp5Jmp`q z48jY1v{_EU;V)=r8;J18>y7F{|Nk7%l=**>i{Pi}|Ep_5_dl*L?tglo$MPvwUvtnJ`0?P?a)Eyo#H&|B zkq1df%mK6IO-vxOv%gAA!BY!pds!=0>V=h()D?ffJT4;S%1SQhc0{@XIl3<;zj^fngRCufsY<);+zx|c@D^U?cC$qaYB*TKT8Z0 z9kTK&lgPiW)pn}&-3BJ{Wfn{D7sdva@cp=mmqT#8EmY>W(Ity6D3V>*LE2^BBIhmk zozM+zw>=z@Jp;6OuWF{?f;c@TT>DMA_Dd>O1zm>z+wc9~1?m&z73b;cB8=$2dX*3Q zj*qr)+;Q%$gd_SnBYff#-gzad3Y%=&ffMnST^wIdq+tmi?u;=ZiZO7z91NopJP45n zRw^vJ1jtsI&`{a!Pv{AyES=zeE52sw`Vk#$j~hvg1^$)sAgj zl^2cm`bPW3Mx)hsI-QM|oyMBIv0k++FJ7*-Ugn^T8p)=*PEWiViZg%8SvEJ{_t^~+ zmcqof_xHa~UV3OtwpOZEW?Fi=TuzB@!}G7c5FW`(k?;lzha39pJH9mvEeB=yM)mp6 z9vJz*kk|3GRV7*Ac6UeyAE7c{)aA9`n zypXO1!KGPdXy?q#S2C?q9(vNqKm0sG|5K|r7W$v(c!uU*hsb!kI;QLYv-Y2jMq_dQ z_biWe<;p9{5AvQ9_N?&QiA!B4rpvrZf00urK?|YoKj|62{-4J8AD?OKzh0|m>3^fL zzF7ay@nl^A2??ZTExy_mCFL?qYk!kfKe@LjTgUHM4=a}IiBmIbN3B@jy~rMpwNjN_ z8;3s97xqJ!mIup~QeAm65^QCXB^@43n}f_ZymvB{l+H}nPh$X6(X|r$jeqG0dFE$m z{iAX8+ui-6w@-BV|Cbr=f6Utd!2Vxf#Q%AgXGzeK%jLcnJAq$_mAajMHB`)Ym;E6w z*$sUVI+p^(zCH!%!}3)uf8=XhP#NG44|3Q^*@k5u0K`wRqn&(;BPa z_guWwm8)4R)v=m4?j1G?8WZ?p$7w+hNZpfza>*@hVkCqhbbobh^pT7%vGJE680%A| zmg`^AP&$^4eh`=CL4?8g+m=V)RGn*B=XMZc;6)D)MlfEu8Z)B_GJ8!m5&Lb^C$Vg& z=8ew~is;CV7jUULTu~sZ3d9!O3x@F+2X{)%uQJhypUPIGzSX$N@98Yb7Q6exIEQ8!6-rw_y2MYFeVQA*!nuN&7_u80oGGxg49TD?4DV zK+3O*yaK4Cb-cXYxQx)Zg;Hu+92F!QxMUJca=iur4y609aC=ault)7X^dgSfaX5Lq zAM}j3lruFjU+P04ay-ULQg-QsO(0koYJIIIR*A!}VU zg8f}-!G1T*H&tTRGGJ)^KdI*zKU3EKdShc~|6i*vj#lT3Q@Y<&+>$HG+7n5S1#ah+wxJ} zFu+_^OrbKJ5cPx5wyvW?%0Sy-vIfB*0`$l0Uc-CgxgDo{-}WfZ4CK-8Salc-x>w#k z^dLt6e~O$F^hvV-8Lu7EYHX6uk}1T|DKB@ni^4j$p&5`0BlDh@;r`jFV8bA+0TwP@ z^;i-B1nbWylq0W)AtJ|G8D1z|5gPleAy=LB9X4f$Z*s(!akvBYwuPQYF6v}hTO6&d zY8|j5ZyZ<%y2B-3C~J)rnDAOJRjHF-&@NWl=n#ULWs1 zwGrY0-8qcp6}rM+7s|pc&W;QdRk4fItH4b@q^CRQNj9>nh`Fiu%)qe*lm(UwtTsp7uEc!ev;(4mHGX-T|ErsRaz z5}`ljmP;$Orl2dWf$O1Kes~ttB82YI28b9LI=DnERB#W%(KyLic4b8h(-376EL45v zHugg|2$gnFO%$U@376m3U#p=x51n5Ih~O7r>jRi5vwd@W5zBnXL2SYKOK1~Jm*=JH zAKLKgAj@oe>z-#=@)UCPaMbV!gQA#8q^0IE`3&3QJRm;C!sZ&x%kWAjV!~~dE-pZl z2%o5R4tXRoHlLpE3%WK^Vud`7z&k<1o?M6AzR2o0K#0aSljA9?MtZ41HCi-+lFK^L znvu(9Mp<-V_V^2|%@Ps6?ft!pBS)yaPt&gOG^d7>M-JMzh0DQ7HIEjoA_F*>yzs{_ zd#Van2B8vZmbva@eN>1P&^QXiQzEAHjpXMB9*^>I+Y3Bfe7Cz#pXmpFlv@Hhzv0GU zB-K?C)w`nt(A*~qMQp;Q$u3?}qqh?6XYSN-#N|jM+e>*CNbk(hrb6YZ0gz*iZIGFB zxs!pf9HVSpIGdcQU?}gQFV{Cew zd!``9)K8`wvXG>Xx!gAGBof`|esL)$;=oC~Gm?wvPN~wlo>|&zlO@1-jRzUg z2v(DcCR6hk?9G7FGP=2}iYYHA;F$)HIoTJGZh3ko3`N4}j9xO0IQlBOVU_^m#*Jt$ zMK2szMQcjp0L>I^2Lxwiv|D)Mtt=EIxujhg&)LqUB-VC87`s?D-&US3_}-BG_oSZx z{5(ScTW>7%zt8dv%|D0|h_7E-|65zw|3Aw!VgBXTF+UzWc>ZgZ`ubx1Kg%=2{ExPI zD@9i&XSOqfY5ML*U>Jyhf>w3>V)7JlbC3F5)TdPzT{$J1X%)iv}1DVe5NF4;Epb?YAJ>dt)i8iSpLCmALFr0iF^06G$`0ZC1E#-gOR@({5j0xL!wtw2( z-rC+hIb%AL{t87f0u20mf3hb`N|bxOb-F8p!7G%US5d$8ioW8nri(>ZK@tU_Os2~h zOb_IZxPN9!HpBWSE9-d(z?Ai0t88TBzphm`7V$rx<#~ejFGy{ZUxK#Q&%`DK6#CTZ>r zWQhDx`h2pLANbckMmBT8FbMM^3IIe76}H`hXN4*<7?Q=JQAredH>8;&&3rT<)9O># zZ}Yhp`a+QZMCe2g)QN{{m_{xz)ErdVkxrJ{*{Dbl2AEy)CL!M$ywTXFz zTI^pD1yIC|Ni|9>!gJZ!@k_akBSuwCL*!uK16Guh>9@imI+P+q3wVcy;n0?Hly5$g zOduF{01*9nBqZ4dn&y5O#6dgogfc~8*AX0i-0M_?EwQFb?HtmPo9oMiOzf(UXE&bo zFTvizSKAkW%|nfYrsLaV#{dBLZ$(nh>brEO8)EawO*HnRrjasnBmL5pYwa(d2jop5X4V=-(R|gPjTbll9=hvza`0u zKH;^0OX8sy|4}2J?(V-O@#MGvEr}<-{|`MkpY#U6CGk{u0Akag>=wYKoVqPq2|vU9 zgbY*%zjO%V9Ik40x&-@Wu(8q}u}>^}KijASKlVn7vKO7G* zVgFY~;LXGe`*DoGl>NV2sSln1tu5leKF^~9Bo>lME-+3i^pj!xA;s+sUrX}pl_>C9 zDTv>Hmlv>PFCJ0hvne-)&Zg^32;p`pkn` zHJ>+4&Xog+Tz#;^I|5L&0>AmlNUcsBhB)ZC?WVjur(&)^*=aUS&$tL(B{aGH|e9B>Uf;MQhOkdvQxMUbm zoCn}MnZ}F4s@Sw0&$@T)l~f@ad~b$Qi#uHY)1O)Be-vGPPW|uN#?bx0AcHLKe|VNh z^7c&?K_L^h;H%qZKWf`-`C!Bth^cx^cnN&(z6o2?ZzGPeKrm^VUQJB|+Kht)ByUO>)mVIzT-u;@-)v!gFp=LS z@(SGV>-TSwcz0FIQ5+`OUd}29zyY~S-}d!BcD>C_+74cvC zjR$V*9UY%8@)O6I?%aUCw$mDPVL;_TqHiBrMc8gQ>%AI$+9dDtps_*-h4j4}##dE` zy7GgsfD0`be&*l%!#-HbV}DbqZVxr)Q$CBaOTU?Y`IK11W>7X|DT`xvV}&jU4wd#9 zn?kV&{Ju)6Z$?r96f*#=%r9C_obGAU2@jnN@25OUF{4J^K&OcgFKO&D zXE~FdBC6reD}jbB>azh#;<>=cAQ)LH-r8E z(D~n5Wqo1)^DGb9+2@lvR-6^Zlu{S{VpwGlIBwjuNds0G)|Am+KV6$>yAcKRH?y1f zBoE0JnJmDZW<}Pv4Ei?$W1FxeW&i+hnd2BC6RS<r?Xo&qat7+LDunuV+s z$F}2k0^WI{Z8}|E0hs>C{1*);I&X@6?;0}z^J6rKir}%rCpo{sMX)T_azLi#%XQS* z3dRXr9#xpd)N`rijY@qOi0@aG&NnI%2lIDP+1S`Xp}JCUR904XZuHjB7hB6QAlaN` zM+0FlFl$n-JEEL2P)&y7qNF+RixN!7_wW-Kq&CR)yJ6@Do143bN4tk-tKu*?aDY*> zchTX33b0a_?+E|I%3Wl|@+?w=#8T{x8%}0?dBlrF9DrBY?TOjjSLpANeBWI9E$PRn zu|>10-(f8-(>#5nUMVbg{{O`1A^U$bWDI*K zA25yoUt7!W|MkY&BL45QJbK5Ln~dE4<)%sJ^Mz1vK>9e1wQmX^?DETc(I6_QiII@> zIT=dFtN2epbZ<&ui{Ho4x&L=^`t#}j(c9)J!9JEASGBb_6!Pxh{uu4Y5EWd|t683h zt$)1A<>6AmwDn&bivLlEx5fH@jwjLd$)gE*0sIgHA7TK|$h~nAHGsY+rD@QFVE|=7 zn?g!qTOdR-*$}*=dq~Ha(J-3&#l_lwqUS;DpGj-ce;@}ib^otq&wtk|i}?S~^USjU z>uE1cSoSJUnT}!X@@RHI5r8CnHs7pd05EDn2IhYry8iJ-$fxH2Yqf0rw|b+xxc~K8 zo-u0~r&<0@ZPU^uU}!N@{t+1$tN9Q9JZSw7*tqhE*MAju`(gQivHqXsQHRuIWAsYo zDH>peihkp2=Au7ND=EJFPK;42irRO7ujc92L3N7Iul~7=w1|T1P&j}1fo57#IYHm>9tEHNVzg}ag&3U} z_0mbpISqBrD*THO7<-$H36i1ul%orkF-(pXV#MYsH_@ObZ89^a4?--dwh1@FFg!9N zv>8W@)%2>P%XFJ`k-Ve$1`u-Q@twG6J4k$sKxg;fY;EuU^_3T_$ih4lAb)veI(A;E zHZF3q?!dEEjjPZT9EkHl_X5TOU3`AEA~rF@(EtE+a#V~2oeI&>gNZR+Iewy86vZ~0 zP^E?sl{hOy`Xo0a6^_s&sgW{oj>=1KH5@l8O3r40LvfzF7CKSiy7g5*lUWm%XbrmP z*JQN4QmU3J+*SWZygNGBeTA*V7K?8(bN8p;v!>I3c_Y;vCLmMKf7cpW``@+3;{5kn z9zHXS9KL~96kWk)ps^JX89?>>$~Fs`wr{^JZXfOJ=Gs?I`&t!05XGJ-1`~il&Iw;* zC#Tw?U8N?1>-Vw7$<^g%?H+WEx&%GEwP7!ed;NTF*s6Ji5KMW?llqmlZst`rxky^m zJ@8jW9_QwhEJ!WFld1jf(R3FvUO{u=qo?boVd2IDx znmR3>&;87>|Ig|DGj;#3uh+BspK5&(|MhvEDgHlrYfiK4^h5#Vim8%ViEK@5 z>4!`L3;_oponY*jPmKN4PV`WRkql}ThAid)*P2OztXIiQ#Z`7`8uwI=C(2eYpUIIY zZ?QbqnnyNc*jkZq?`5}Kn+9fjKjeMD3WEp8!;(5Z^v@I zQpy|d3=snf1T_SsmxOp}Ar|v2C`J`N!YfXU_KMR*Cpg6&V+;17@_mr~@0|$!;!v;!R224iOS9%b0QuQwO~|N`LYz+GXdJkAp4-~oJjEq>G+-CPul~7= z^Huzj6l^OiCE(|juSph0iK0sXbp&WLQxw~PAEl`8x$$!T-+q4OymDc#rfmzAQ8sz% z6SByXd4YN)ye!Uu4a*``)&Gg|QQz@TPv13{&;M=zyL9o*N_j+!{#KRB8t9G{Nf#OA zsAgo9hM`0*%Ky9m?^1bH6fj1B{2)YO_w*?BfDfg{jk=J}w?p;eZC<84?XK3;cRgnjD#F% zy{zQM#ns^>FWiHuA>V!r(*u-BLM$pa3HydI2_O@mWME#owJGrizeomyTzRFlY`*x* zFL|{gO6DOwP}pLslKZR`g-lJepGC1KYkV3H)*K)s@_Rw#vV~&GOA)W-C}6~{&2kws zmSk+7Xsvkbw4j7j97IJ2*uY{n9nGsCCD_2n>!7inJX1{?8W#blUk(Z6oXdTU%eme|erqA}(;G5gkN- zz~fb1w`jQ|gI*XvCG8=e3<#K}XsA60Lck;m30B~_?fZ5RIz$PJ{d?fBkaZ7i`(x0; z({ofA%@_e}10#SD4=FFa5k3%Td2>ucc`-dlqQ+<>rRgAT;WS)ZGn>MW8|ZcReG zku)Urs6}lD4xPq3cUaEy?|XQQb5aXA&@IV3=z#(w$&webb3yc>;SF@t^5Os(8%TY2MCU)^|5_m=POZ)mgx;R>T~LeZmB!jO}9yZflm96*=v z#g%n~%_(4D)xt&rcXLE46>g%GOR9pk`Wv)a$KHGO9hS&_I?r+v7vlHdMZst!uy^-^ z-uQjhw5%v3aezxWM0l$b-t0L(QYL_wJ8{|Z${=~_ddcPkW&?N60!2S5muH!&Klujx z2Y<%y|4iuTJo({gn*DEOX#cO&8jJgXpXC|r)-EI3PEwUG*59B18NdFO8hd^cFxCFQ zI<)>b8Vmi;vpkQA|1&-qMk;7%ewKVj=#d3IdH!e8`iIxB{RAAqH2V+uoL&Eo#rFv<92apvNB73oL zd#D0})em2p?@+cXxcCcZ^nUgVLButai&h(zh)%Ci%H`B;$Rn;IG4CYD1evvPkxNDG zpQ)%>002ah*TjgT=*xu1Av1u;6agT8Z_srq63izUqnupO-E;|txpF5ZN07=U-&I4b4RS2XA-z)Qc$pP$n6O2J(=3yrw`a3KrUd&+?32|7u73{PKTwg#NFw zw$T4S%QM^h*X+&G<4M5hloGW5lGT}(WF(E_;0&LJLc%lowv5!UrWL9)a(;ivd&@{n zndR~_nGq{qu%UmLXFUDqo%uQVzj|ee{?`}r-=F9Cl0@*q$4pi~9^w>7`h^vy=UUj2 z&@;6DJ+~EFp{q}Tnpcj8F@JcLqsP#LDeHf|ww_)8Ya6vi{HJGmr2qfEUJdVPx;aFC zMCM>-Y=$KC6Ycng5y2Hw=7URu;R%U8d}zadWbvTW$;tXnOHf&9PzCUR3eQOu; z9P&=J5Z+;Uo^H9x)3N0glo7Aw5?1;K#k=jk3WN4tg^xONB zy;9!_BfU6N>tLmX)qENaGL>_9JdTg|_qGnVcbo4|_D3y(%<i*4F|y_-DoyeP;e7O*n^PzM6 zj)08v*^DK>G_(94_zcN^WN@KQ|H@BN2U+;9Pq6>5Wa2+nA$#L5V*N>KpYr^d%YRem zU;0ALSH~3jzfoJu-v3aotS`=gp5-ax^LiI}W^w%XSRB89y}!3DfWZ^5_m8%JpwBre z9&U=a{^0nnxT%43_Rqb;*Kdw%KdlF^cei%#+rQTA!`qLYAFSG)`@`K2jh(|E2OE1o z?;rp8;^WcHukOCTwRYznUWNZWs>qDecB=b3_Q_7G_cFeE|M6YRZ@>J} z`uUryqpP#M7q5RQ*Vq0rc;U3x2d`gv@9%fYAMN1g{r)evy`1}D=jQ&KZu#fNhixxD z3V!;~u>bYb^$+#!oACWV&rW~*c(nfVjT2Y)>+g2%KUDtpBKB+XkDZV4o3;1eemCd2 zTQ7cmb9lNFIH$k<@{JqZd^7Nle%yP%-+B4+#liaho4wxcJ3ETv+v-Lb{kZXZ?O!`T z{aSAQ{L9|f?Z=(mFRusw&2{@_{dj%n=j~s%PuI)G@tJd9zxrU6cfy^!UxTZ|AI@68 zI`90>58;Qk`+E1yum5^+{g2k+n?vt??(}x|V=vlq?7f5c_5M$OZSU<5AMbzu_4Mca z^4a$5&g-&&>fF6QJh*q?zxnCx5^8-tGPC=H1Q4#y587?)V`7^-ZVp^7YSWH`?bc0jaH>sE|) z_2V0R@26jWxIb>J*S7DXZ~i}fZ`#l{vNQ_c&;AuXaNh$Y#&`pQCrrW)30v4nCfCTe zY%9o;BgufXJiq;|s$SHRWo(u>^PF*?IWt&l^;%tBd#&WV^@G$_ZvDt@T zC0BX1*Vx>i@2tOXHU0YK+WC^1|K`-(cdhN)uin!7?)zZ-Ro3a8=5L&{?QA>sWplr1 zxwi+a_F=o;KF$JEHr9`fi{hENa=ms~*gIRlwofkVua3UXzuaG1Xv}Zrvrg-9<-^Jm z{C_nStONYz=fBo2b{fa$^IvwY6}P&z`Nha@Iv}&gu*2>x4Vs&Nhz(1Tj zsusPA!o^9jzV-61eYw8t_#bi~kBhdK+pk?59vob6q}&B}zPPx0{$cy9)?77BBX`)` zJv(^+<o~f zx2&fvcFT?vp1Vd=KM)JxAT6ZRWuiuQa9at;UHUIt~EcQFW;>m!bv}S*_o@af4t7Sty*F4+&Vk;YKN7M(|&cDJ#g$BuX}s*^}xDorQFq5 zi#K-dgWJyE74}#64LGV>&c3m-ZO?zG6oPENyS8b3*?jeJ{`B(8Y5mno`^%SaOP7s& z!LFZmZc+=~?0it)-aV;rTI-jaYp=3ZYya+I&N>LbuD3jYyX~*+?%r81b00Up820)5 zi^J^Q-1))g{L975SHX5_@x62Feeu5S&E2e7=0?L`J87;jdK=mK4_oc`wVT$F{qmw> z9-UoQ-_0L?__~?hy7jmB4vIJDYqfSohan9-pnPu64Te`P((~V1Li@+;8^F)5YMXv$dC6Z=YW*_@_I2p1a~4H9GIB zJNqw-A6mJk^TSQp-rK_V`-A33qZ7S=j?B|nmm6Eny_9j|b+)?~Cnq;S&e^;?S~uT+ zSlM2@$$x#f^rcw6^DlC>Zy%fai&vLR*)N@3ZR6Xh33nJoz*2bHUF`FSPkYj z@~@81oSVh-gFP2u^t$Q4TKM+0a4_$BuZ|AR)?XQoFO|y4;q~QG?fO;ac;n^n&8v#P z)=5?GzRqps4p+9{ty=G@#@xoYgKzCz;dtr&;^FB@!8)7o9L?=7yxMP6Ru;Do?%r89 z`R)4N&dKWj-C?Bw+c@vMKlPe7mb17}hZDDSSh?M~XdG@g-mkt}Sv$(^eE52>y0dv? z?k+kX){NcOPUBrAJJfzHq*MTy?fuwY%N?(bo0H?qRWg+pWxPciqNiZLj!lEA^q!zXn^|+Y28rYI|#6tgXxU)zKBUc3j=Gvc^u~cx7+3UhD3*-aD_lJBJ0| zZQZ1dEvG%dvXk3cm|J~+S#6%IZEslh`GZO~zq$T#{pj}H>FT@fv+n%$_Pkl?UN7#S z&)=->ZlAYaZdK~vPE*dxnssyP=HAsl*k|8%cZ`omd%^bh`QFC2FAMKCjQaZe;>!=m z^^-!r7@Rcfjnn+X`{L<`)%V{%-g=kS)QVNT+x=)ab}AJ&Xx*&3=dY>_(_Y{G^6hTV zaF08;FN54SRL9f%nFtc5m#ZWBBW z52u^2^2euh8?RbR-HqzS))jSl*4Hl!``fi@>KxF;P4n#QynE(W zz8#%fTee+a$sXO**KgJrPBsfgW4F5-wC*lGelb?gcD(HECZP4Rd7wqk7QcK<+4Y6p z_4euZopZPUs%hCvg~jXU>ddW~06DI`x-xZf$@6EIB;_c1KyH4ZCZJpcuYa6d_*BZCgqqDsg``W0l&289c zRXcldWYk`+o!k^^ZX@;bA^@bgxpBH~)sOby?SE(;EUXY}@pI$pcEbc^e^#l89$>*eM9uh#io z&9Mqw?aQ@q=gsp)``z_gyZ&`9cWndpxw&N)jK%Yhb0?eED~D@`)l~7^=+0&D4nCgm zUo2j(wNLV^l`p$HN3RO+a&Vir?8OcD%f;Dgwz~PUX?fPk#^F(6^=$j>@VI6!HO*A6 zwRrh{q0qWJx!nG8alO)7TKPKPdUZE{uxfo>b&D&P^^JEc*R?svJ=!e#JGrl~D(2xy zPjj2YTAK6?m?s(@dF^Uib(Tgq#+rM3{}i;rQ|wV8cUMM@HQ9_95)68Sbk^cAgFFG{jmuj7z;7K{F# zQ=f z>N4ZItkW|5>t&1y$^2{6Ugklb;jb|{_-o35^Uo8tKe3Mo>;LlE#oXdp|2K*yf#ZWfb5V=8|?r z#%44%b<7}jjzPDVg_DAWn$)UUcRjP`aq81C|Lb#VyV^N7>>+c8F#uElktBjiiLW_p{}GIn$HAI^vP6mks;Y==v#4 zGPJC{-a_fpvT(o-qptbX(Sc)kmq|DPdO(H0l=`&8-Pk@ugPg@$?e;9{F#A9B{U1xq z{SX)%bp8vuxcs*`pC9{wj-=Gczn&YE*EFX{_MNq@wu#vQCKBLyA`LImc5eZ0}7v%F?>T%^0VU;_rJS5{QL(GA^oWgI{))M@xKa-WBLDRitw`4PJcF& z&E()Vmi}4al{7!-woP%r*UG`4>N)r4AK&D$4gT)M`!6U%>Hl=;U-RL845a@T(|D!0AfAEMWO*U)tY;R14<_J1I z<#i3EV8hF~*k6C~$M8r8AH0w;ZTa}<{zFR7`46LcKU)ak0q4K4*mM8q^4T%}Kaw&j z3XsCb$J;4st0^)#oI2K>2rXH4J3h+md zpZ#M;pidop7kU`9JiW1MCS@&!%ES>}g_!&bt9II$^24l^7|{u7CW2vQn6Mthq_8dz ze}yq%69y!76=m5SjYW?J76}1{opP>D4UZ=Qutelok;+9xHsxtnZY`e1qzPyas=y+` zld#Q**UFmAPK76!_xk zIcQ+oomx#M+M#@`L@vW~Yz69OYRNDG-In!k%UHi0xMl5-$e1dj>2uAjbQ(w>G_X$q z)hndfuM(F9Uf_S}6KYEYq@7gJB?YI6J1N3}$<4%IM9Eu_3{a8CW4$}j6Phfg;XoN^ zhv#e;u_8&?kP>-xMA$QVG@~Ez48P(t01+PYIFwx&p2?F7;pFTtt8}Rmm1~pnaFt2( z;&t#Z6?hHNMlq9L%4BDAQ};|G5;jQ815R{!(^Ec=-cgARU}8{danwX^Vyuqa=gR5Q zH+V`h6;NWpB0P**=rxK7Eh@TR!*Hx`qMnF1mb40e)3;#MD$B+uPmgxxF_AIHWQd-$ zOsR_z?AVpmUrW-bZCxdv>fT-5Oil z-C-g($xw}}j4>EI?K2YLI{nvb1N-lZP(O2+CuwVA_h2j2dXo3gVE!-LqyNdykK=!i zri>Y}e|PDB{<$FNIr_*x-2OX@_8(*Wzh7Va?|&Ew`l)?9V*eKw$M&BiDgF1qWd;T? z)JEou@7}X6LzDscKRoNP|1D<6^52mZ)aOi~6k?);*+U{AKt^5@g5ALPxqK#<%`EWe zwa{b~-(fgM*u~5|lffeWG~0ANCST-c;a^4mt?fFEa;$+#7VBQ6hWXq1+xhgzr`3*S z*Vu7j1RekLw4~hw&$zMt*{YQR9%2sD8O-*D>5PBVcmr6?sWz8eh98*T%;OrGp#iD9 zIU+t<*p}65Wc;RO+BH98xpT6extpXBX=Cs^XccF8*JhBx5$GQ$4Fdm1ET*i)DjqQ7 zJSk2UAlhv)wVZy}35+}L;~nl6Iu;uqFpA+$UBEZCiJsUQ>|m1Enj7RvD7UN_4sQrM za$#FkFKBCPOa99-Z+Q!oY}EyN!o%p{CO*m`M^EVZx>~DuLHp|c^87s)gemL|s z`XG!;D!w>2168|>KrPulu8l-S6?O4~b+1yi^G-Ezy}zA&MoyBggnThfbew_^(M1 zPi$hEvM=GXh{ph3g>X$y-1h7)T6yDokZ6k*XN6LD$adE#kq6~|4)-i*8W_OVnF^R; zqbWp}nRm#@PNPK8yfa#D8~2IY5Z>yuO1f7?D4e0ys0naTU{`^6ECw@TYNS9mYa+pr z&*s=$BQjL+6SqZ1_~lRZ9lR35@ULh9S2AJA-Iavz%nX4{U}VVD#dShxx4ok;Ur^pchod z6IQSS_5$Z#dy!#cV1GL(DI$3=P6xK$w!0)s7MOw60bDvT(hOUH;aGM2YRW_D?KQTk zoqIf?JfW8donn{+3ew*2jKH6r#Z`dGRg4OBP_t?XYcx5YEE|^w;EK_ zy($IH+=d0WaZ+gT4~@1v!QW0X!*-2tT`AgxzUMPg0jur0aGcjV9yJ?cxdr*2pUVb} z5A*UEPQ!%#TU1g~p9V&^FP=$)>sJ|e+%(V`o3KeqK!w3AH|X5qNrVlrnm)f;{&s|S z0lIv^vstas`c1M!kq!diQsOt6AHrw8l&PaY5wW&d^hxn!R$VyRm*FdUz2JMtbxb}E zcysC-4f=KB3MkUNJd6xyqrYOj(p8nCps7J80y_)5wd?45dn$$sjc0IBpFt%NAAC zVIU*~Q>+0pZQ4T&1QgX%=T!RK)1EVl#by5a&rH35|g z{a0+i{WokI4n3h)?1*Tonp^ct*a{FY_$N~iQt&Gz=%}UeYREK$mW|&W+j!aZ`Ko4C zkpxWsmd|L{f(sIc`X9DJHe7UyU%cQyN-tipcW%>R?@bGF(Ddss*Yww0(ZgReyt+#6 zh+klC$232u$8J5ih3Td-$s?@c)fHSrqRSfVIHW6tl~`#53N)E`la|CWgJaI7vBKXI z;@#g9Gk^Z=Ai%YZE@cBz=b98(<{hGBJh^zBxxgLvIcQQpq7fL$rD(ye1P0xHRhWXL z^5miz!QX<$z~zP2y}iB77&KNQ_-$U#pWEG8+t@$en1%7;7pFW*zKUc4xQwL#Rnmdk z#w{kTFdCjXRnR}0eiG#RV#WS;YC!OCYEfS)IW)vIS_RUSz$&dAvz_C=C)n!B@y>Dj zZ|8jHWc%Rsgq^P(9j)x2>}(vfgCn+fu)n@@vU9Kxzc$&*{v~_Av%d}}(;|YxylZMYiQPB!H!KcG5|`niKnG)R#EQ&({dUeK(|01z^QSFdI+7-@bvu+^i9j+et>@O zoS+lV>9sJM5d7ctkjK*iF#fu1!rwMliovDe7`%d-;#FWe zRlqHg7l69l7F=jGKK95vztd=-e^LB7DpFtsxUG@r9CgN@dL~|?@u#7>E%KOjx5%@_ z2Z>o2<+Ie!U&a6Tm;W4XtgP>CJX!hke+I{YpI_+F|KxMIvHWKgrN7iAmHLOtTvGo4 zkxMF-`la#~)Z#xy+Co+Ux~wIYx=+%QdZ?f!^)xw4Y6vk)YM_)QHH45Q^*9+z>Zu}@ z)B_|esi6fdsi(_VQcn`Eq=u8Or0y54q#h$%Nj*xml6s_MC6#(^xk~DJ#VV=il&Ykj zRj9&|Pmf52P*9RUCG`M#N@|ceB^8&Zr0y4{r0$cYr0x@?q#h(mfg2;GOHop~5G56r zp`-?iP`H&B|5KNr$mjC9NO9pwitZDVoWRBPzg}*VN{yu^zfEewNt3wDB$ax)#3Yq^ zxV$9wcyS3GiXK@>D)j(K3059XPLjI1x=KApN+N|M6ElCNo+=_q4Jjevi4upGkEBx1 zARS3PLO8-@BT_VydM?RG>KOzhsr%(3|1^8MVeEg<G}yV(nvznC5N~ZW5(+} z=Q4M~MqYFX=-($M1Guji(j9G1{#c&Ii31)39vsfKyc!XOblN~S*UZd>%zMAXk!u4u zOA0T*S+me|8>nn@`)C@1byg#WU$8!ad<^6}>kLUP>2&~2t?z7ZZX9jwpJaqb0=a4W zhK0j7yF`W{wvC7>#P?}lMG`Zdo=>WXZSNnPY?LTfeK-&0+5ikqK*$)dvn1D5Cop&) zacWmErd2@mrN}JRgl;V)Eha^92v{`3;rtqQD9O^~eptmMA1J5|7pT{%bm1GH?>4zf zA+bdf`ERLj)AL*}lY$8W{8Bz+0B6MP{-++xC(PW7sS%I@LrPZ?S-fX>DgG)0IlRnv z4tPG{-YoB#%pCl~O=$t4_8?ig++JlO&C2D?o!yOcSwBFMF5t<6U2)aZI%k2N=@bV9_!JzfYs85$!4?2jq zA4zc@KdQLVva!kU59sg{FN2{P9$v(}{pqNoP$ zWEh2IA+XRUlGf|tb5W)DJR<6FqzBC$F!pX+67lL|pNkB;8JVTrMBga{(39|FB5d?v z8Kkn*ugC~8DHWX^771OP02NH#3#)j#U`sG3IOkU+7f>o~ZR{N%ZmeZwR~!kd4Bv6C z@}EWo{fo;W`+o$4r}ps(`|tV1{Mi0`6lKu<hC%AfWY*F$B%-(er(tE4k`g2-?{kyvE4h!N!gF@UVQ)9?wj3;XVo6xz4-p| zvlrgxD9m`uBIwOLb}&`jMX~A=PJ?KG20(m>;&cR3Ygu;`^2)UBvfBxep|PB*-Km+3 z3$pgGLaB6&H4ZvKh)hbzrD+)DG_Y(xf~lVq89Bs~x9in_dRR zQe~b>(R6NPCyc3K{xLmKp}H#I!t88=Hx10}!0z>)e@^headp%hp#~k*=eR`EhS%^P zJwA#e#*KM+0E*eF9N|Ee`IF6VqE-k#z%l%sNZ5Sn-|}1s<&-73F{V~e_t#-wz=Y!b zrr7dd>_N-HekLr36|f1v>2_>X=+m?u^LEw`x;CmBs~xx(Z%85&!u*6>6~M$8s$@A_ z&xu(#R+o3#?gYN5p7Dd4OTgCi*z~-_fg#V2;BLlEcgRkt6PO;3fQdv11BS;@XsJ{) ztG3~V_7!PypzsZ8#3k_D0Wla%M+QHWfgzOxm$i(b+MJ#%EG!l0W};)iMe(K%9WV-R z7lSv53N`{&{Z6%Nnzcdeil3EA`0q6S>%l9_g^$V838#`maUc$@q;*K&{{2F%UFg8} z$v2@JN63usV52W~I=n=L1!N z;X8N=olZ2Z2^ay2ye34{mh#<%7)DsPi*<8ZQ8Pbin6WA2s@hi73hbxNp2E@$H*a1w zX%_h`qe2muqT)g8CpTDP>2yF-qNCU$L<^?OnZ^KK$498L=;Do z`7-H8rh)dctx8Dzh`-j{RtxrK6M8pm@#_-*|GOF4ad}i3O8!HH)8qSixco1-urSX5 zIg&Ee{^P&OfCVsu?;~tL2FU-ig={?jYk}ndWBK2&FA>hTZu!kQk1P37N5?4al_BI% zkj8%SUq48NOe`DE&V>07SgGz-J3caB6em(u!TSif)iU0G<Of1SY9T403CeyGn^-x{iYw2z0=e}#pGasKC#l;QVZ2u>f- z$3Xl)AJ6|;$SsWHzm22_dBc=+qL5~kX!8$5pjBrZ`)8k~glxUMcd$P7ne-(-xp0x+ z+;nf18EK=2)@ejrPK_zGe`0y?`6o5j!}=I-{^u8R@%(?qTyC8IZzKgyE$K&FZeWJ4 zR5}(wgJCkoEfFJD!H59p6;;UOGkGov#PiLjbNNgmla+!+l5>7DJ(o@Y&tI&V$;lUJ z$31ITeR`hD1tYJd;7Jr}5EXt?Aoz8ZRFE*Rz_0#M%)B0;#jVAg9i)I%@ zvkRFeS))ag%~{NEW;%gT#EI&KSf#3Mi8sag8=hH#4=x*fiJ2*q8zeO;I>_PZ;Y0YJ zSIuN&lW@#n*7uvD^@Z5uS#m8E9jNtmn+AXODr~21lLt6FEM#)pW3NjOv*Dr;w-1x@ zOi?`_eZ$4e!ksCxMhoyk@~iR}%nDNGX6mSnk$CXp}4DlkD4M9!q z0YKcVa3O}-pl}=X*BY!AGxOm`A;?i}HM^#PktXC;;vN=<0R_*fUW-3F9jg|&t}UTl zOri>Wm}kHy!T!o;;d#MBGB0HB;)uYC$(~`bSY=5qRXBPWdN>Lg96rs<^T(gdDHSqB zSv5RSIq2n;&||cXT8;eXrn9j4qH5S?F5F)3abFe`22~fG^*M=f*pim*0OTE;a#>d6zHzK}4@>kJLBRz&VQ34`DPCh=Qdz-fcKXzjD!9u$Qyru73hiIM1 zDqwF36wl*Ft6pj?_qk-VI<{Bj8r)HR=1G)PG0pzKL!VQ_((h(yP=`W=(DVkyxMP!o zRqk`6&xq({&O?X z;YooM`2H6c3S<6%B<0cjuLXo1)JJxZ{m(+r`ClBz{~JxAD6kXc zH<{8BGO`I<_+zT*4k;NqYk~xzSe-{_o8a_-_JA`8=$fV;ahh>rYyk8RD~~?^B16eA z_rN3W|NP?k{vSzs^8O1~%KNT?LHNIrkNN);;Pu%5XC#H=?$Ggcs$v_>DeiT1$EKPV zx7(Z)o}}gGt=Hz2@>B~QY^h#;3jW5bF(+YOxu7>$;BAVEu^8RFeo?Pqqezc`NnHImYET9d*!&|#zy9?8}9SQAm) z!C05&viE)4KVrl~TjG%)#8+Jmf{W*zOr!yn3jMCV2JK~E}IoAAeKN+ak1vMEwi@ixh>(+ zi8&R}oeWq7z$x4maH47PxXxpS;TM;u%l`%o0tWN{3vv2yVa)%Jrf~j08k#C92nfSm zQ>L*nBzrtCcYgsvPtD&w>v56g>F0m2AmG9Le*sWJVa)%JqCCg`%e-6t`gp|t&lku0 zKa%pC`>$nPi}W$@{$GsQ{}u9!`LX@qNQz9u$x15UW;8=w_&g@r#lhY)NP^Zl4N`eLR@{%P;2e{vXqSzrH+S|A)2! z8A$&X;_?3$^Ydf+ZzM&^f20LRf5DGy@+4zisxy=T=yy+UTn3gWoPU`C`ZODfryP~_rBX%^cvhton5=Y{X4jTeE4%d)`^1g|G$3G~(+o+;vZ`0& z@nnDZ{Kn<}@(lNX-2Scy3k*L0#kl;hSQztvBPsFCn=WA}lX3;4Jf_)HcPh=QnDE{E zl!YVCu|e6Yms^(aV^SzOim zq$KI|s;+ZmdJVH&>9Pr)Tk8*@9N;;BCYfX21(E5!o>9%dmL+_X#pb9kM#5_fq zhfY!#mIHXgs9E^Su$h9K6r+~LSmL*pXOaJFz5z)nV9@zrjOTwT3DaM1qgDjVs83Wt!fODoaBt08 zSt5yL;3gy<`Yft&?6j=-5S2+Xv|G^I6@$CO{H4o|Wy?r*LD@y?<)Gs^)5yQT>ooiR zQ)Q;4f9XqcC@|EZrAQtIABF82wQ{xNd8QK{D}_U`2A^J8%?+{PZAeFR)Qd^x$}qIB zjcKB}p2v#f3GqLEss1lFmj8~VJYoNzPye^L(5wF&`~QukaQ&b3&VH2PcbZi?0S1s} zyXQxT{@4!ue^YtF`TwQ*zxjnR{vSno!v6nK{m=Z^{(B_lS@!?Q`k!2n{3k!=|3*?$ zV+GK^x;)GM|HSj(YyX`q6vp}AMp7Oj{~Zf!|BK4A$bX(){+nA|9P58ZQpWP%vHbUu z@xOnm{I@vf|3^}uu>a2||Lw{DyI9DM<-a2-T>dKqc8&vo{M*VC&i^m9{~!DRjix+l z|9_qQH=iBv|47QS?Ell`KlyAt|92r*82f*YrcAOu^u8$_k-PK z0=Mk5pW4T^@vRGQyDz%zr`Aq4&32r?gkfoQi;{~gm9}iRV%TV5`1Y-NXZZm#m?V+r zyq9m<^$dT(dCj-#N64UQm6oS(44boEktXSB$d|r-+n|oickpgXaLMJnDZN2iLo}uR zjP)$v#QN5H=+}D}-sKaT>PDOB_U*Hq+-En|C-oa)bm^^-BkGUJ=s;X{+@MTL_Xo4; z><_U?avvyqql$wk#5053v$I`O~b@*kDWxD^?@+|j%G&<~q{eOVi zi`)OsFOK>DkrWYBoo&*du8BP^m5y;s5BY6tnSL^^y$1nylM&#=l);e~a{0D#+&*N+Wo(Rb@=-6S;y0aWIn@|h`R*i`Ll$0))jlJw@ zFZ0>|=HvE{D~~z9y^{_~5)-1z*Dq;UPe*wK3p0M-vSj@kaf$v6Py ze^YtN`5)E+>=F9kLVj%jHInj_{U6o<Bh<{!ev$vuruG<%DYCJ_aBf_K>O=%)(u^ z>g+pdhS|@tH1{7}2AzM~s?1fJX1&Z`4|euQC=ciV3fbZ~{{KkIQ2QTy^UyvXvHyz; zWB-qllt=9UK!4A88F2sS<`-h|fAVAdk5LuR{MxZRQ~?2!pA-5UU@xFjC8ULPYa$otgjick8gZ-JA6d8{2&Zgq9 zCi^HYKk^zX`qPT;>io(*o!g9R^JoMh#7SK5M~{SQ}%PH%-e^E&42QnQH^% zqdYH|>#iSUs4{HL zaPY8VFU$Z;Q+4rVS}oN@xxBfvyHPIxoRH~>dDEV0!=-cscwOBnDPhSJ9Tj>)@nNxL ze$gF6=PIi;USPn`vLF5rI>VD#hvC2xgDJZR&vgSHVJ1`W*mfD_K(m83dwn7@nK}8- zRGP^dhzK1z6+h>l!3@(VNlpH{c#IW3eHPF4a}|CFh+BS058%!JcRRhiv$nB+ zyupq(R@V16GA%g6+bjE98@mTv_yb^ue0q*xRq&4)_EO#FysTRuIYUm1ZoWf5XOc6&fSJMr*8{?_J~I{){l4;; z`(GfV=eqylZJhs~UmW}Yji&Uw9mTbR7!^={E}L1H8XwR9!tzl0Z`Exh$B%Rv@qNPx z10OE`TPTe4e~hL)b^nLC1P00fiuvC7Pld%X{vSn=_+R;QguWkZwAGui(@O58#Y73< zHsF#UUVU2oJI!EC8)hKIO8i&Ga$pgis#!K~3_En)3O!1+Ce*vP+C#XFlB%dtwM^hN zYSK4#8hNTTdyy>Ying5bVLJDJAmurc9)UCUgGh&cd*D@J9b(nOc6Eu7U^_{A2D?&i zA{Q3jktv_8kSK4Bq>)h3F{`HUBWnjdA4$dJ%EHGe`l41Nvd@UvRF`wI*Q``h8y^>W zs<#oxKwiXNX=BrtM6Fz+k~yrWueSD;n2-9TT=VVeq=z$o+DcySe=qy-Q2ftjH!Jl!3#%JMN6TBKl_H0Nk$jz$Gh^&Qfaee+wfqFI-XV@e*PbB1pWy5&%$DE%>R#~ zJa+$|k^U>>3-SCv^Z9Z9*U^;0JkNt}gOHO=O|o0MskCZ)rs8! zD=OzQGRK}Lp5!yp0F)^;X<6}}DYG9x^kK>bd`d|rN2xcrjHdFk71f7&rnGgK&;Ul( zcAZ)|aNkUqBEyso^fBzme=YOPgacDPTsc18SPzw0lkC_G0yDI(ht6o#|5#@6uPC*E zC;|ejhT}R`)v!@DmQsy~c1cqh-Apuv$GE>L!J+nz=sIE;C?Ej;Lm51}t;p+1wo}Kw z6|jw}N*54Q1hO6&*7x$i$k0qkxu_05@(YC?Tk#xoYqDm1`@v{uh8& zF=NfOIzb0!+GXY)5TZU>50lA1x+=JyT}!iu>6ji?iH`(#JbD1}zW~0TR8;!qCJes;Ii1QQkbD4>@=zwO*n?J%^??-`#-Skf!fmeXQ_CFWVl|A zDZ6`tekRt^zgrzU^73fQ)qe#D~Oo8ibc%0_| zE=GRa5&}rBO6?-_4G<_imOkR&@17qWt^)Y>4|A>RzJ85}Exa~$iG>P%yT&JY;u2Z7 zujAmv`Zz>1g%6tra?S8r$p`|^s&oRAm88TqrO^Q^wVKaf3c>{!(SM288eZY3M8T_& zlwvY*kT3<(obWPQYwNDb?_xPdqLOIVQ@*6wsomSA=`f>>&I@o;hi!y;jD4WHv|;JD zocGSdA_ zrsG&&@4GHz?e(8zzl&4uEB}5O{))D^tZ(mInPSb1TAR_HYGY6-w|U{9wd*!A81{U6 z;wn;q3MsCzVIZ!^e}_n?_;Ot#Cj(^J)E^U(9qd_!$Ots&&q zH~Oy(R%E3JW%S=^IrcRBpW!UPA1?n}Sjdm%ecA<)GW*u;kB+M z7L~}_b{l0a;pnvZJk6v;ZyC_Dyn=9u^0{_%99q?Dx>4$u2Sf}{WhAmF`s@Wz1ut0J z@Q7@}YBX@y(?$l|e=DuEh~ENfgq1l(fq!AV0CwxSfks?ur{-SA;0fs!JQ4Q_R;>*F zd?Fnub$jKap-eDIHmY?=i!`0hWOCV=jA>MxP+#%&{1wL=kgsosegqq&1 zEHYIyW(NOw)9O-}pm7ED9Hm?G==mo@{6wLvc($i+KOF?|0;m*C5yVNz@^ca7 zNP=sGcZ3?hj|6`kgK3m12bif2NKc>r__3_flv`#i!^0Yt(K^8Y#G|u(j)Yh7GcBXd zzOx@~5y#|KaB(hO0)J1`xyzSlJH@4z>n>|r~93S29^ zf)&awX-uUgrUx>l60(P8NF@QE8OX-o=L!sek*D=NBYT<@@)_{|K$p;m%l{S^i{tnY zBPq|Y{{vk@2HpSJd_4bWE<2|GM^h#-qT3RX@PP*?uxet!Jrw!5MCKbdBS$+kz)RX? zR~Wuv<_iBbZd{8hTlTDP1~T1lhTHu~YnztU!VBLDSkv_2W>(gHBEAqB3)LBqDLaos zqlCAw>FujjJaT~^&owbVtL9$9sfFjBs%-Zhb)!5;D8FogVhMbHuZj?*dB$zhZo{>) z8jkB}rdCuhCtD@0p^#0nQrY#ah6RJf01|0df`4n|77kUOTM@q^yi_8es%m4in{mPN zJoukXA|H$Y^M!mo|4%ME&i^r*(t}cyT%FZ(-Dy~(yhAhT6pJd0Vn)*(>%<n*%)6IY^R3KuJC)LJWIOVS$)9d!D5r(4)dySd^ zX^u?&-patOJNlUVRbGcNeZV30tFXf#i7s{KXmqyr{Hk1cQLyLUn4ZVYK1ksc^9886 z$kn6jg!ua?kH%R=C76i3>lIH#UME3ItcpI}$a~$=N!arChLqxk)JojA6?kNdEJbmB z0ig=}neya!eEoBR$3Be~BB0tGZb2g#$f4zMZyiZt_%4^4@Xlr^ypx~lX^fvlxnKQ; z(QhtsTjS{O`{OFzzobL3`1gY1n0$Gj@(lO?K$qY_{9nEp=l`KDJd#mL2jCt?uM(Rrk6KOs?knu#Q0M$Gn>e1u&xJfS9qEuu6jkyX+vzMXj&cm`{@ zZp|_Y`zbdBOhF=tQs(%YPeA?%t^GLGgF8sK2mH@}1d53?5AfkZ;OGZT<$7N~)V+n`&&2*2TcqZ(LRuSEc^!qkKwXnoj4_|oA;x@F@ z7$fx2lxM;J16;x%EdK@kKc5}Te@9WCasMC9|L1dy@%>+19P58aQu+mhP137Hd}EN! z@6oJDTaOzwnvl%Iq+bAg(R}nw2!7HHn(-595jMAgW;Q-kR)hH9qg?g*?sS#xbIlP!KGY+IaGdwdEAQ?Aa#U3V!yt0r*+fN`|;W5`T*xmj> zuQcT9bIVcw;^divZqBC1l50i=J$whtxGubC9aUubtdtI-6OFZ`S3v$^?M_}4<3+iV@X z_23q8Zkp{lRn!Xa@*G|8kx0=c9;BJb8j3l)Qj=j#G?uKHoX@}K6E=+%Cd8|WnLnY0 zuG?WPqf2)XIyn+yLB^uo!WFMC1Zdkr{1qmV6pi3;FGUk>B`~125g`#oJ;3fXU@Rgr z+3oFZ#-PDwT(2=F5|jCJBJtL&oZ~4MzYFrK#wuNOu7&D|N11Khq8EzM@T9KTp}d)Z zOVi93D+{gEV3WABu)bJwbVw~}6=1mxhfS;;vz_A!wz_h>bDTzP{m#ku!RZM*UpYEj z*+1FYIA#Y&Z0%rwedlE7U>|;MvX%Wy_I_u7JHdxB(`aZMCex;NGY`lY(wAw9v)HMTvCj z?yYbzx^)@(rTdDIr2V#>d$WUP7~7d@K{r*?qkXo-$MBB<{Zu*)+6b8$FD?8){0`}4 z(6GVsLpxtf0y% zODPb&BL66Xi^`UY){^(_wzssZP~kNXO*+>+`+jIqP_91nBTFzzuwau^LrCiae21H}nal zm9M$VA21Q1#Tcgfp|Xu{7IY)DnKjx#;LNu(bvzgN#_(Y9Y*UaZ8S6rzy4(|0`TPa??+9>n&gW(3VF$iL8gL6)u2y z(mP{%5lQNUqhZmq%p&^_l}IlTuM~^S^fsJ>Rw)50pemnTti2e3AUmgNFjTc9SRvzh zU9lm1PXrrc6hnPS*m42{LEYX}gu3?tQzUu>?mc0p>0X^QmsPBIjSeD6!cJ*6L8Kbq zf+%jFTbM>k5ld<&9AY~22AlkjyYy4tRueLmSq8TFO)5HDao;V6yfqhvAfD}`$l%2a z+3{#BEZ&R0gM2z17ly7?sQISw9TM?GQWL{`C%-E>Otc3?n^(}w)gPFswMJwxT;dIr zZaXw7xKgpkN)_8^ULkRF6>USjfZM8z5!=F>AE*CjLYqL;8bD22h4gpKe&DR?^6i1w zbg0BJ(khZx5fD0E8b&x6+qxE1z3Z51{Z2=Pp-sjTz_A5pq%9I4DvAL9hWn`tAP@J5 z>CFN$)UhagG+s3!A;YB|wM?WbBz4!eH#TPr3roc`QU5-W|AAG#HUmH7w*9JG!=zuW zxr*oB`sSRf9cgC|o91Cp@XnJS(C|RsUi963c0NCRFIYPYk!=rV+$&Ry>;;M6kffQ8 z){e)xN!rIKF6oa(w388{lYV$)lC7gPZVLek4l@y`5fL$??WE8!9Lhp+U&NfLBg>;O z4?B!w9&JR!BCW^(i4TzsgJR~8a1O)N2sDk#Y&3Zi^fv5Vn|>IP2K`P&ca%h{9!bka z;}5EFi`La`5NU1$<#?!RSB-|@rFisg4M+&xmK$&aoHxlJ(ob606Q(fgfFElm5-T+U z%OjZiz(n=?zTYV7Mm%;?uf0-abxdG1k+Zj5R2HZu687D=B%Bn52cF^RA(;jpD*V(h z!%E-4_*9iQ@sov8dVmRsoIWkT8K%OES532|<4CiDNtBz0*Fu3p8RvrFS~G!ljjly} zam1&5_MxAbnEgZ6@u=g3R`hBan{fV<0M@9ZADK9@N!TQrE`as8L4+P56rz`NWKe4u zgMl-HDCn0~o^1Iq#O+=naL-@ifLp*;(7to9vb&M?0wgEu$n{nX^kL+Ys(6eD_|S7v z*EAgq!l9Br&LC2Vw1=(0TGs@NZB;DW3iK}DMkj~5&YqfqR4~7B5pK0A3ziKRUTS zVOu7OxtMtNZVNa zO_bRAtaVG%(z>1I?y;F34GTbl7QnJF~^X%M?5s)nmDk%6bX-2 zsc|=4z!sehpjb&r&rHOfZS{T*Jrl_Mj!&9t{VM%g>UpH|ENGP7bGhpk?wgx10MI8< z(tafLb8ipHYd-L@?*W-@@rBOK@m-)5?p>jK7YGrtKEb~8>pzdaq|@8zo0yY+GGTdb zb^(`72=@MyFlzri5v!(Ois7ZDY$t*Laj!dV@?o&2q0Q(K6_J{HnRR&?@4LY!aFVrH zuhHPzy+-qi>TuDS62S_|C|o@@#?ALk_NBvPRB>4>$y`w&n`ROhVw4q^&CViktO;H@ zPXSzS#jF}a)a#iT>(%zTEEkX@SyyP1BvKTZURp?3Bh87SVN?17hJKShAm=xMs>X0x z0x|OrBiqBG@nE!cgTClxdPX`zkkOC8=Eq${pZSG_!r1NQL)A-%Cn8^UYx5 zA@wmJ{tzF;tAx?@CLR}LOH)mYCzAMFQ=KZ}Qq>Uj4$!AciL^_!kS>mjiq0sB0%}Jp zP`$;Ogf&59k}X1?Plt)a-lN^sDb3}$wpDu5MxVWnev_==jEO0ENZ|n_zJdqA4a6%Y zv{|>DnrN{nEPt#`tlC?t?>Ku$81+%>RVcCnGfWU=#K~fPJJPJTh5IDIaygO~V(`%K zU&ur$j8p43@T3;*8+wm)IRY?RC)I>S@v4aoC3$|AbO@N~16G3HlTpxyW-qw{nG%oD z5W?JJyVVSdsiM^(TX zs8U5kI)f|t$r6vWb<#1BY}qD52m$8ZLV-gV>3EV44QC~DrbcE*<5b_*(#)-p>MOJu znv|qOzZ)un+))4$eDkiHMCeVPn2JiqK)e#FX-Mzlnm z+cx|rW%>Eeel&rk|G}D{u0IpPhy^ z2mphtq8uGm6wZ6!PwUGNGbWBrPlev5YzL_Q)xZ705+7%39TFP`X#5iCD;9q&)Erw* z-JM3IYNQ?dfe2c21xNYm*N)ji%q#{gEiqzW^QS*q?;F+H#NRO{KT;;xwCG_bjlMuu zFcm|II1sZIF%0OD9K-?U^=qaNW~gg&00?l*%#V9?^Yu4T2DW44RbGq8<@nZGM;QD`v|ZJkNhyYw*W>OtZJ33HaK%${nbl4p z8FN1{+vG^igF7Naok?kO14sJM^k?~W^U$=oy4?^{1pa|3R*pmmL^HEan_fu@J_4|+5!gewYLU=Ep}25yP!8rg z=(J6qGw3YeY1gRs3j#T`gntnVb>LfrP)KOF9g0(Q+gQ;`xza6TFafa?p~^*vmt;28 z4}BWKl%^5RNh6VCT#)W?N#UFk)cdeDVkTrEo6O;`X*I&A0kgKpiC;#yJR{+tq?#M( zWRY~N9=%ADv=kvSv_jWKk@{WnDk`vA)wFJO+i$J8#3}1y&dktkb23Xa=4q13vs!&d zHH3;G7(o9Qa*Kr+{lAdS{corL6=U`6BYxHrvHv^iVluu}^l<|ky#oIoF7Q)v9QbKW zrvJli`jTw)ev<(nud!?Sx}Gu7q9Y=v9Bjr>jMTr+cB5bDj6HNCX(MHB#PkZd!^eRq zT}i0j2`TS{_A{1WHr`D0Dr6cHK8&^$9|?EY!P2m3Zz9A{i5H%jEorF%U|tV5n%tqeq>P4st--LH9t()kKgDF8D>7mplXC%*1_< z;)yh9qN)Bh9%LeOzlBWrOhDi-H&W62i<_*Bsjz=m`8D((+J1%d;DPiX{D{(j^9zN- znEo3@8Pk7b`fp7Cje`C=HXla*{g;q)euSJu2_9C}CzeFS5s8=dS>4c;*U{DZ=a6>( zs7X5xTqC3Gpt~_)_g_(-GyjiD4jQus7)1Xq_Qro-To~v79!cqw=`Fsa@r1BRH6C`O zP72K%Hy7SLI3aptZ{uX;@aSOcXk~A2XMc-rZyar8unyY<+GKNOXa5ANZEvg`on%Bi zqM?;qjbcY()Ee0>Ty>N*G7JmM0;u46hKI3*RT@%@2t$fGN)Zst2>g+YUxgQwh?+3- z>(?SHrNH6>xlZ4QT(SC0REs%~x`@*hGC!_%t*Ef6;RNDo*znoCp-Ypp_z?w-{UKFJ z0;v1)`qiyFioJ;+pz@Ctnv|a}(oM`6@K-JWK3ctX{eXE?r%n$>=d5>Q6c<|Pn+?B4sC2E##tVkp9FdPpLK2b|jro_D@q zu3FOWdsg)tw(Spg>YIsUOG?BTpI1WDu+7*z1@K~VxVptLi zyVOG?;fus3dg(h}_{?BpNeeb$a>;FSPv-#}*86G9>kUCI%lHd3z}IGXf*sXQ2Nm z8= zRVtoTA`uX#QavtYk|xCJQF`Z)zC9D4#!eA1od@0#W$inpq-;Rvy$%!D(}Re83Jh`y z?cF?Ryoyc<Yc20MB8aRjGiTY_LB?5|$|3Ooi#1=J02sJ;*mj*^1pCJ>v@3rF<)-}Irv`qpy< zLim@Kho1lBZNI;d>_g)}<`?t%{5byOD9ZEfKZUtBoFMr+7=Zut*&g|CZhkEP9Ziw( zl%tfq+D}CO(NM&Ha(Tm0cfyqJTOx2iN8#cokat4_$)_SV3Gdvd!`_>g4|MwLFW2;k zvPyVxHqx<8!q_I^Ic*X&00&-lIuunAl+Um?0^V7P9aPYe5!tT&gOl>%%JK2WIuJYj zu@EgILl?dc73ve=!-4hX{LXBd7k@Uy5*QW z-IN>k1|KB;%Kjpbderu|N>SKqX$wP=RC&CeJXfco<4WwXzb{KoiRvo4A_*SaYm)2kjSm zxZ8=h@KENkWHN^(HA#)AW_iHh7q}lLRDB^~RDCji)td@aP5SNK%oWX#1*UELTDEVk z1q3Ai!JlZbi^qbeg?GBrhzpn3Os9CRJm}6dusV-P1F#*gSGWwC=25j6)=M+ta^k1C z)rM<&ReFxUsB*ny+bN#9yWMuZfR^7jzIFL%{IILHz8NLx;Q15~>W#hzb#M z&;<R?&P!mO8qf=#)#h#0wU$+5a$Pd&$y>J_>H8C(9yTANpnWnZzDX*j;f`YUDxUAS%IYlq(wNPfufjqnzf zqtzOeCn>pNHd5K_*a-V`3kLeql=4wV`O(1of+u^tv~uSHc@J4r~&Zg z-q6PoeYK?nhbm6&-`tk*ZPC`XO=z!G^8~Jc3u)9Bldq&=l~H z!VJ3lUMqA&SIc*PB7R<_B`rxfdQ$dQwtRHLe?!?(wPrjrpNxz)3O8u*_`>yG;5$Ah z@pQN~f!^r;5FJ33S<8_g53{)fYPHT?e3lM}RH-bA@{gTZ*ysqWe~%fNFTPa_5{#Ts4Jvrg3(({&>_W zU_Wz_km`j;xUOe}9V$?$H5vvCD=kPawc5}zV8(Bz!`TzQ5|cuWsG&C(t=Df5Y;l^x zQwaDw9*pkFv!b@0dBDG9TrdCC|b2%hoW*a#n=)v8$&U+_&ub7CK}7()*kwi}Xre2gz(Enh_UPjsUK zeR31u4qzc$WEp|}x)d5zunD*=Yla9As?tI5275y52}hl2ybf^1k@>7rXvGi=^vxgY zJS)bq4~o?W)WVw#r%4<@@TbJ3yysiszcW0HC`J-(n$>GuK{@ScKtO?^eIl*9dS(lq zK#FA%)Cewe*5IM@`_aaNQj=3&Ry3mJAb?MQ|2cyZhgxRKO*3>;PxI}a`N8nnC+Y6q zZDB?Ndi5v0Q89_$_Ou=C^AlYlpTpPUfoK+oAAJ%3Jed%QG}xy~QWt%yhT%hx%(iV* zIVD!cj3C6%bF2`#3dI*;t+7-M;TEqZA z4^Wjc{r+*ZW57W7V`5kZ5i@|3PF-z)kzxZCJfh^Lz(Cm^bl7ic<8KH>Vs$7R)3b1n3m015{~#1hUHRIJ1Z zeYRQjHiLdFk;9}q{+s|OpX7I+DUuk*!jMfvvxp*U=3N|yfE7=wBuAiun5-s3U?f!m z910+f#I++igI7_?CxUolZO%vccXnd+(9p zFoXL$J^8(7cz}=PSFwh=o^3^IJ(&Kz>f)febr@yUaI*k0G@$8Zv>(x!%KDL6ivgkyC@3{X%2D&GRWnbj{vR(-!~d2iHuZpM0O!r#68n%t}_*& zQ!+d;8Yt=oc=V-Ds}$19k2$i$+g)+r_?>WQyfw%ZnbRg|-e~Az^wtmD=(ZD;RK`1j zzoFY~nu1xY;|lDAVnC1-kV_=g1HF+~IAF*{J4Q(=5^dd$2y#~L=DH+P(8u%%o3=7Q zIAG>0Bm?~!a;Kt=rn@3=wYCJss7XfSyM;m3trjI519CdS&q+}hS}YsPfrHEz;DL$P z5y9AB6F(=v>mr6XYy#1oqQ)X`!xX33+|LO>uoDwMCz9nugM=PZMkH8_PdsqX=NNs2 zEhLg1{X0#PkYFHhK}!L&^cevcxx@ybO+P*k?bSWQ>6JbAh9K{|I*AgLKI_NjJ3aJe z5><5Hm6QBMhJ>W2K3=91wp>;-Lp{^@a0{TLt)>ap8Ip9=~7d0<^`F zoT)fQm<2K66lKDSl1+(AyZdZFRB*w>{K~rY0a44JA;+N0Ohk($^XdUI{n`>c+H;xT zPa;G=PL{!oY-D@_J>!=lM`3`;yK=6S8k`G~vMHVanSzzYWD>xsD)AO<1gv(SQzv<~ zIN*wp<)A{a6EFH4xqf35vO6xZOB|8D)wqoh8*fCI_$Im;*czp1PTD=~vzho@BX5VC za1C#d5*u(xzm%g~(c9iPl)O?7kB2u_9Gb%Rk^51wOX+^v zhjdIDpALoN>ApNyT8h}xp`0fjif}(?gj(Xww2DIVGkMjwf#R~ws3^H&q7aJ9>7sj& zmlFnz3KQz^4I{~DqzxdYXI&3{@Jo>vuCA`UPDKiz)NR)4;+OD5I?4CG;};=jt_Z@m zB5facDntPZb+DfFhd2x%I7r_tBm_Q}LEIWnKpHj5YHLXOKbO^dBCk9y$olavEefVC z5+hX}#CO(sV zXo*Vfc%CQ`66zW7F~gVyR5C4JQ-G9zSQ5U z(=1j_kJXUCWXeXk*x^6_VSmWO7=|;S4B6hi7!a~*Ga}tEdjWmC(3K$u?sJ;6nOZBT z50Q!qu_SKC7A6fmxiCe(it*V(GXXWUwoF}Tr4|WBmC+VJq_>QQtAIMFrjk6R*5)~m z&!`|Y(8(jVo)kC)x0V`H*hiF0W_|eD*ly}F5#mNsqhtw{IJfe^In&zk6$zIt%~z2$ zZ=nD})^hn!_23>z#E3MVJu&K&kBlb5DY@VM87yAeI*C$V*X}r zljl{7iVTE|Hr7s`U9=prk4YO9mlSDjByWajl(bmXuEtm?DOT?)3C&|1IFx{j=2wCi z{_h_@C!#T*V&^Ah4)x==;&cNFU5n4*q<5-Kyo&ghH_f4(<6>Wn9^*$2V&p9JW3;jj@|hcpp<0_-A5!q5~uez zNEEf>%Ck&IJ)~QOLc!N)%1y(vhi?y)p>dj>)*uw6#YU}eu;kIpUepKSDsaVYS}r{r zWGSup@S{@$(?w-etN%rfL*%`y@kM0~`X1>Q2DUb6!_rFmDsByqzoqg!Zv8XNOyi7Q znq4WDm0L~%0Ly0HA(13(638GSG&@Gy ziGXK)eSx{e;&17#nf{K901oKFNOdNW;8 z$^vEMK!N%1`L?(Ea6Os8=es^;4V4*F`*+h@_W@N=ei~*)edKqMu}5X=dg4x`x-fBP z_=IE;UfFgzIrp=qs~|ZYO%~={>O%3LQJbmf{zSwQ{!SPv(0>?0H!@z;IOoYSY$ag# zjjJCCXeCPU1c;MD@YclGg2McZD;UYpFrx5Fvxa9>A}T=^v6YD_2&2ISCDw~o(rNs7 zu+>TZI+QjZoKIA$OUJ#X5;Hcp=bE+`}Us7VlWw}^}B{|Yk`TA3*9FmM@`tmHt5w0|@O_elU zG&OXTK-w4LByFXW30Ilxo6A0lXI>NjBBH67(+-SAZz&%Vsf0+m4^H=t33=@V&4 z&ZtLMVJLCoAUczP7v&U0k#Xxj=`q8mt-9a|{2(-r4W)tPv7uHYE{gwUG-{mmyoWDN zIugSPnff?^Y+@1`6mi}5)%cJou4m~_G$Dr6kChbraUzLCpmA)gY6ZevS}jbZX0n1Q zWWt1W(D3`g-zI1OapbP$kh<{3GH)fPd+T~|joPkzP2xKNdeGbi5o1#9FB+q9BTXwZ z5AfdoCJEpwW@Z8fEUt%y2Q*wme;17^#;dKOTnscp9hxR&bSCg6dl?aYaM{%Fuu{bS)Z6JO^pI5O~v8#?d8lwrfBFp4$7we(v z-ojz>5^YDg9iU-{;=cr6$j9!@tvMwxUP2^jCFh4OJ=5fZKxDWwj+bl4Z|j-CcO0*H zkJ?LI`-$53kzG-I6#Z_gL^Bt$0#RXtB*q;#N=#}}D+l*lO*u|G?jbvSi9V)XYyE5j(9b7f+tx@KJCuVXDSzcpU7xS? zy~&QIkAQMb@A(iomqQ%_(v{7_?*d{ufPP^7Y!E8oGp1QhWTmapbW>+mB&t+H7B*nZ ze~J13OtZ+NIDq`rfH%q>^N+YYu{1I*DJMR(G3}9VBtq%)jBPMCwN5V2!fjdk9*bL? zeZdPvi6YU~TDd3E;qgh|R;$rQi57*L`QEd0zYFwk)XiIPA%b8OZdV~px@4<_l^;0yyJ7f;m_s;lp_UW(>PRQ~xJW2hnaRjznG7P+sxbgllu$~e zdopRKz$75>`x*g3L>6303 z|Mm3XIs7a5F4)wVjQgNmH;Ae~D0(2#O3>|Hf9dPBfjYbu2L%)_(CB6YQp12Mjorcf zmNFJaAv^N)O;!*=HO>>`DYTo|Y850hRpdq~t7r|~$QoQJ>a9x(H=8rG4v&daeZzfe zmzE>amN)R*Ic%Y`U=JDvt>u5fGNE|7V3h#zYJ7ai5$AB0Ov3lJuZ`Ai(+DLjCuANX zKnKi#eNQh)`4TvYUxxS22W+}QliVLlCNMays^1yPKWEFnt{tn*-zbj1twLh6Io0c? z6ygu+*6RJcFIWXS7uZy2IDrEYmBhms?l86zD3K~@DoMiN+QB==WT%+tpG3KuELKwT z->95Jd`e1~T4Xf3XjFzvsH4~^2XeVqm=ZBzF#mXxlY5&{?s_Vrd7t94*WOE#)iXRa&TeUdPe`8hQsb8#jx|uX0X)^ zw&(29J2)iW^rW-&b{V$;Y*YFPlI0$7b$JJNvmVw_VlLa;%ZfGqLi$W!de!MWoY)+` zWi3iz5eN@ZIF6y~_*|7>Br!lY>`KEfu0}xzUa5Mt<+w)it2n19eXVQBu@GvfJ3jBm zxvjxKgt%-9=V7AS@+0xr>_+TO%dTRcj3usR6+T_@f_P6$6IA>TJ=W&Oema^Tcb?8? zWzonBjqx8f_PlcJ{(U=t3X5)MQTtU|kUnx6+Jof^`+&C7dBd$X=`1tYc+q^F8A%o7 z0?Y;TarAc129@SADR6}1En5ts#+FN2}iE$Z;vI1{@gWIT58saa5_>$;%Ddv z!I>K9N{=w>o_>AD+o>xiQ80OF^gXR&q#_+jWd<{M%a-zDa9yDsUtCAW4qt^oH3}6A z^la7o^H95hUbqZ3kjK(((T2^wbLn z!D#d@oUt#8aqtF$C9WJMc_6iK>wUlSdN`Y|qt)hHT1(QhuxsC#Lk=h|###oe5HxC4 z?LZ>!+91I~sY&h9wl~|K36J!~va!4tvkm*CWKoMK)4(NEPG?qQCk{!QgNl>vuqrjp zkuc^FSIEY1Em#zEOtUyJ%XL6+9@s-UmOPF#x{ zS4IqZF_F}wO%+o~Da>F^?ZU_4)+!JW>bvn0V)lyRJSfg&>97L{e2CJS=v{oq=MCWGU z%w?@Ij;+Kcc$t-6`5-h?MKdm3b`yD59pop&s}4)_#_Glzx&~5*SQM`wKX&)d9WAct z82g%my0}!&C;8o2{SWegFE0Ue_4+TH8@sple?H6aX7~R(^OBKjeQA|N1qMTw1+`uiSpt872?x@43SiD~N zQ&ReKCSI)1#zAwI^rf@d+L1#|%!APt-QR+&wme9=X&yRpRu7zTB=w2J?L7#rvA|== z>*2JHmAU?*H6E0o&0o5Cnw+DzLzkiE(pP0G?u+;QJ5P_C48WD+C0Mz(s9lQ1LlHcb|Q za{F}6S1Pyb_>W-RHd)E656DjQQyKUQD3TfY(ky_F5f+pFC>;*bpN1kg#O|fsT>P>i zw3jMrYqx4Bu-oFGqu9GY+=bAtaZ00R{EIGiKY9!gO1rds@xYTRbG#PZc~F?QerNiz z+@IW)c2~QbPcjT;Lp5%a!%;tXx#7aEbkP4uW8jei$JXXGF0k6m0XHa6U->Y;d;rXU z$+Bo(ydGRGJ02(W&ICOUqTckhQ9pbakH;u7PRFdkBDW2z>&uSlCnwrb5Cgg;pk2?! z#%)X3 z-6cGFUqDy@HK$D<>u{J9os*aNWaKS(v z9I8_s7Va_;tM(8z2MuTK*C_Q(0T0S^ZX5bOYrF~Sf`}!9RvFa*`;UU}^sbd$9_5N+ z$N1-%dE3FWFncF{s~k>#ms~F3WZWfL*3KPF>X9s_VEc=Nj)R5$(mv;e0_{rVtf2oT z=*i9>gJK)PR7Iw(9Wt4P>p{cOT&&fVrg%xB{!JW%k~5$nD-6F5dMj6%D`GjO9OjJK z^>Xs&A-wqZct_bocEN#4M#;=U8`Nz6imE{z2Jht%MmczxNZEV(?3vU4+>{7ntIo zc!{Ai?J%08iSifgApT%6i~0$-10h0s;=EPvSn+OO2C5)70>%!UMk~SoU_grRVRT9r zsY%C(p6tqvz;dW3s)wpN6?u18Nbg`7879xKHp<#k~3fpq0)nM5L5hZU<^ zOQ5`cTxd>8Hvd*@5^LogeKrD|MZrq}P+YvWRd{fhLSO;Cl)d z@r3eRmcV0$Za$fwoN$bYo7SLRXaeVy%)!iX)9G~CFz3@d^DmmN;4^F(LaLN??4K}@ z1^!?>?Ez|c=>o9emcVc+e)ThV?4{tv)?I~7K2+uNTlSVn5P=1P<+Sn-439)x%~hlC z<~CBEnZw`he*_o+wovPQSauytuI`$Y-IK1=djP0zi(VV*Pssav`L%^(KXTYT4U9G~2 zj&+EV16<3H6rhB|mggLa1!MExYWHa{cbNF}U`JN&{$HRmt`0++8r;Dece zS5-!-lrFos+{mTU#aXoc`lx75h_azg918`?YQ`&wj14Ot@A&6E4Gyl=28;hrEs(EyLcf`&kyw zu={h%WCUHGw^?u0bZh@~EX#~<8>cQ^rWFIC=2*t{^yLmm5E6N+6w&D9X1M|`ws9wE zI(Dts;tK3Mqfj7Kj1wgW{X%&UIGuR|^*PREd=&Enx#*k@tQ{>*4{8MLjz)n3$& z0P#Tv(NP(#FPjzbKbY7<$wXs?F8b%#6>}=&aN~=kC+k?99y$lvmqTDWVXkCCaV>h# zEI1jl^9Uf1QCwvao@pJXz_s111Md5qxKze}ThYjDMNyq@oK0j*;Q^m3{XDp$1RgX*U9)|LCd z%JP^c5%o5MXp0t}1Nq~V(t)r=`GL+?;yFaqs@g&CdI{}R<$4)Q-+Dcpjd>Txl>5iUEzg9fdg#DZ4v%Zpb( zA3T2iN>q&7UtkJ1Uz42j`xb;d%j6jqTXO^jX9BCKh(8(aP~t z6$AJT4SVBZbRb&PfIYu)H-$h*vooeX3f$e-ej3t37*?~iFLV;d^h%g26J9gtGB-_pQD-n6n+x3a#CZck zXvzU+N9LQ#jSc=#zRqx+4Y8rbPKvx`Vh^j*NwTRs!m|CB; ziNE}*QI_=Up$pyc$EJA|pImxQV3i)0%8!;05xUBhep48Zxq9bdhTFs%pZUHDs=9@h-6)51f^fw%(drUsRxsy|c~W&*JCqn0P#gd-tA`bWh4GL6dgci8Xwgj!L)n zI}oJR5RT@}5;vDI$lDg=@VrGXtiv!32VLbD!7=22rf1FoU0Y43*ys+-%x~tn^V=VH z(G1o_6$1HEs-XJHka}+WcWjDTtDmQnC)jS@#`5BOHeunDAKIVL$#5R{?kPG**dRCQ z3Fx*~JfhMa;2j;J`_E8U(o|Wq@Xl#el3Hs7i4s^H_aTqAaEPFv#?Q07Hg{5{gC zN1a~RTra}nPicPlX~K^d%vUH(VQ}t)Yc5y?R#`bS725a-Pvd>4M4ssABd${n>R4tiXVP3h@#fuA#|Tj zs9;mxhlgP@QNdaG+GKnBb}iYrzw7*N*8bb=P2*u94tRn6cYAkt+q3^}Z*Fei+J8UC zZ@&Fk?dKP<1FzIpg8eBliCL!;JPk)cEK#?XK#%z(X#6mwM-Q=wcAWmWR>O$I@hpo^ z&nD19|2x>)*xYTw|Lir{z2x zW@6yuaQ{a@q`gTRek?3I5?~aKkpwN95w;Q?+34ceev7t;P?GkulAq6K6r8%ym%Endhz`6 z!Rvz;&*86Mg8k?J6a3e~^T*8~ib<~;y{AwgDm{zKh~=uV3|!<4K&4WY5W+spD>@-~>l;o^y>4!1k437?0wK)O#vS3c9JmHz1`y=|~0=;NIbW&q8z)Gi9=0 zk<>;B-pLsN)A$U5w?S1g42QEH!Ls5X>(eBjtc#q74}i4RZopgMXFk|-od)EaGT#B! z+;t&v)cm@5h4WMk(auweFY1Pq;ybpamzWVe)4U7N4k#}(LFhpA;>#j;Rc*si*|B~( z`0r;=f(F`);T&xSIr%BBb%IgKanTdXw~8A(0#rgL^qCfsEFTA4v<~Ip#j)|f%;I!7 zH7~D-{9!GFJaOi(zA_V*C&gKImi4Akc%e9N%K7X59t2kH5@K!(AK3a-GezqI4=IdO zg$u{R56^u=e^Q#Mz|J_JdMsd#m$bk@^biQm-^J3n4@y>9v*mjG>5lca3#I7=bdfG} z$G{Y>Ql|iw1}tJzCfQ)+1Frt1$^A!}rnIMvuf;A1ZzMw&+-*uSHoD4gH>FmU2Ihd1 zI4NX06apNwN~>%ds%vsN9+1)4dWStWbYUlhpJ*sPB<{X;kop%yRo~q zd=L1w!8VXiEz7$>Ftz5SE5zHi;eKhWs{DQOGmexUeGAL&yd}l6k9CnI$Sfq0o3veT zF>MzfP8Cfp{`rbj!3}}lN{U+Oq%{6WmL)QJVE_H!|1HdjRX~@xA0qEDZI;m0ILR^F zv`Vf3TqXSxYGC=ar)LBkjIj?egN(x@+WuIz3!G4B4Ms9wTH)}f`VKHfo~qNYfl;JA z)i(cPyn~5wo*VDuMe8ilYcZij0r^%W?ITc|6cg*}>8q@doYj&T#|#7=Q^TzK5OA79 zSiN%?i+=r+e-cm&%;w%c3^_kD@n`<0&A>lCGz+W(bQWeK6b-sKendCQ;!$Ovqb594 zW8##VE?TEo(?pVcheNYWXK+4!B%|__T{%_$DR=K$rR35VZ>h#|1+T3BJNC(=(qF@H zLWP1J{D`zPn{-t!ay_t7$XQGTC3K+c3hVPv&>5r`8YjY(cxPyorRW~faM`OimH0-d zg*9DHk7^|W1PtH~Sj>)l@zA&%J#;5yX_{XZFcO)o{ULIiyU zel5jY_-JQko>kNf2_zaq(PLqPwRE-YhJnqvX{zEVUQmG`sXAQ7(V%LaXE3IL zwx(f*8jM;M2bniTO|Elwu7yM__u=%Z>ZJK@J4kEJsRo*ISp=%m2;Ni-Pr2P3DSNwXLPQhRo2ub2 zYU>8hX-5DV7W|(m1MCZpj!hQlsB9QsgtI)LWr%EBg>!d!1Z}}IafFMeQ$hFmUxn;Q zyg6JQWdIy6s*GsJMk_?LTOS?FZd%-4lZ>_a&dyuqCUIX(z0G*>d87VF4qWk8&n4A_ z=ImJ);tn3jpkgl9^oadFUS<)nyi?BdWM5mCox&rVXU7n~!X;{dP&FrU;j;(dvHmFO zqY`>?edk`N1$6jTzP6E@G-w zFS|Ul^YAPRj>dZO({UH&jbXtVusjL2x(J`AlV3nmvW<|&h&kdV@u9&-+C58G;7<4{1{8Nr!(FbVx+#U*Yr(;2xm&v2Fffgr= z`IOmkrlfp{y)f*%myZ$!jQS5rs`;fK>z7JGSot9T_(}O=N7szp+!la-W6M) zTjIV*=q<&Q(!{CO+>}EfPTC$YoQ(skOx5Egd~rP9N`~ReNQ3Fvts9NHVNy?ISkXyE z;kGym%nC5Epp<2Ywnv2C+D@mxBaa$|nSw4cW?K0_|8#9-1?pl|;!okDXHGZdDT#wB4qSZuld1{UcrHJSTA^>Bdl%g?lF( zQ-=Lg0T>Sl>?xUnau-O24{noEUlx!IHi_&$^V8U9&sqwtRhfbFk`dBos6|%2{DF2C z58#+wdJ~DUWdt_IhaGeAzl6&oC}If~e`gCgGRO6KO&2}e@V2o4rKEL99(28x#XP3V zK%9ddm4en>AM2{low#GaGY1dLlGIlaO{<-s6m-y_Fgz>E82%~OTcbRY6n`=&i<|nS zG?A!RYf%1qGikL-Z_?#cYAw;+tip=<7bP|J*a~J#h_AJPkuQwWcdBBi?NXS!kSR4h z`UHJ=5ow+sKz~+XFap~=E%{OvM`03)lp-zrdHBhI9q3i5raq}l?hV)f!Q>c)BtQ$~ z|E;|}KmX6x_TJ8|{Qo(A^XtFRetvnm|Mgiq3Z8+;+xP*VjFxcuZ1mSq?BBa}_`H?) zKdr?7_Uhh2X4>c3tj&I>!$91&S{3_afLDM%2pFEu;BjR z*}J#t>;La<-{$}OEWh&mzj8mn7%xz%+26d??BCw=U+FzB=uEj3iKZ_v&_CnAkZO^g zK3EeMsROF&OOC~znvr!^v{qmK)OqHg!qMh3BL{r2REF=|gaR%L$E~~X%7XRPtmahr@zP?bKG#THolkoN*R>i@{|)tS&3ngB zl}1yI!2QY|bK6>x_IR3~l|n90jvfRHI-B2-(~HN>TOS)0u)TTc>iXuWys@le9~+5Q%liLp-`m_R`2Xx} z-tzyS<2R50_xAJ4@cymV+%RxI3VfcZuyHFY+=>dHT2%O&1qJEmxjNTBTlsUY%w@Vz zmS8d625a^;?NORSIF@hj2gbzYXg7aUv@R*%WZINeZz=?Ttw_utAZ&^icO-zbq^>&t zVp|dVlUr)c<-RC`m7WPD>gp}32-Wy=N7aJzGh1D~9F)(1%wtDvJG#H(!reJ}`HLD> z?*Hu>GTxo0|qy< zn{pmatRm1WUM*#%<&*&;oq{3jS?X55V6pD^A)FsECfF~n`Y9iR4rZu*@MBO4@dZ#nNKMp$g62@wwedW4<0-?4v-GuS$04*j&T@o zpx+~1Iu`421<*u5T^_Hsg9ehrmG1bw8|Uq{WoM&G+?348od7*R!oSc-*_?V2hwiHc z2<0<7b|J|m=S|GaE3oFJ#yV$qucA}9D|mK4@E@?%oeclwPSF{YY~eE7MnvJ50JiC! z1$_DGG0}<<GBI2aU0MuW}`c+gv zC}Ch6bVO}X{=nYpOND+4>{2l+%>AY$XnKz!$Ov5Qvzm^IzyObfcccnMn}rT z38qfN3@TxgCYTll`Qs7q2`?5b0fxem`Py9{G2|M!yhPJTP9nPD=cx98KH6m9R=fy} z^DfNvt^=?asjgH;F+q!IGKq%)W&0ruJT0LxwZP?5V3JO&<$$zOY&r374I~420pW(g zjVV&i$OGL+F<1gNRti6jH|A4z9EuKbJ%bokr;fEz}&~ zHsQFazXZobp(rH486UX2-rlX8p$GF+Rt@FX@@HLtBquCf^2>G;Fe}WXmS08Vqnua-zJ7alW0LZfwK` zCW|>N$G!m+fLKcec|?1HcL2+sqzbbDJ5h=&-+ib5U7mOJg)EI`7iqM0RjP=@A|;76 zkOf>@0ML@Dp21#Jz{PFwz}j1AIcr3-rnSJfFNT1EFAON=d&rI4eNKF!P@3Pd6Wh4v7OdiBjof;}rDE-LRQR)Lv0%27{6^Zj$q4c1L87mIHB}4w zX9i-{mM)Mc3^Y4+eOx3_nW~lfAgJTuRzA?v%ewb%e4@*SXv>)0z8MrPQ~0As?}|^Ba~#yDqtxfPsKC?~?Q);R#~8r}8=Zg-n*Qqy;qcavkZ0lS!=~5;pB<77=YShvNV4o7pE~oCd2f<-9d6BWk>ZJ}YmxO(tK*73ucOIBF z(j6*IC%u-8)5*ms8L{4@o;jWjXI(0%l6NtkaKk&>raKE+bydht%mt5FyV3Z-nWlb3 zb0lh~JXoYsXfj%KsZw;u4M=fwQu5{KsH8&9ZHmcXNtVNYIEg3Tn6Iba4cBj}6t+^d`ZwT2hVGP0$(6(1<1y$S=&@u!nk;s?0D-tJlr(Q~}%7fO8 z{`6_Ae1l01Ez+H@^z)OQtOUQIKeeU$L;g>RbFeN-+o)80$dp_|cPE!~;l1nJ zld`myQkb2ic^A}~8I!H+YT@O{$fZyTacMf>(IOhxwRzSt81Yg%ikK~2G?&g_H9&FC z#No_JC;!MKVjIM3XdIW?Az@W9Ql38(*23g7o^@UaxFMOzIVO9h%q*x<%=A(o-kU0P z#kL2Qu4xE7eAE^bXOi_(cb~-y@v#aKh(XTmaTaZ6>w@gkG&~5)HhEj$ z-kd(m_i1Hyr%LL)8x|ymjV03pu8*zN^5aUDXqc`E zT3+|CsowX!Va0rO=V<}Jh({f+;RFN(#uo%vk!h7&ciDlf7w#2Se?P^VZiLUi$H?yv zPRv-=q2q$k5;W)VgxUIbRdDowKW7tPxa6V;2(OsVKr=)}6<3eiG?Wojz{nt|l!jFfJ0sq3k*vQE^6#(7zn{0m3#N+utl&yV|ngT^g`oR6(6jkbNFUA#ZtTj}j?U>EE z^oGfhM^mAq*xYUGW_SnG!*xGh%w8xV(%$xL!PE6C?)aPdgKBy`z@mI4y|XIDpT5C+`mYpi~NzCy~ce9Pa*U-)XVBQ9|QGL2?)heh9$k|Y0+{@ZYG*~ zN)8)1R47unTqi5<@6A|e_qTQe*IqSUC-p|#Hg*Ti&KvJos-oGK-EGS zXKd4F(fpXVt||(6zcnt*RTso1+0(-u9#4l0%7+!akDa8&h{^uwYQhtr5z@x9onHGx zv_?$?d{g-|BqeF)SV=-KV7c@khk*t+&ZJo(%9`#t-_pWq;AU|RI_gp_2ESF0J60{2T_ei{i2xx=2!ncj4y=7_Y#rug3WRxt&%# z_V+yNp|cN~K9Q)ykMb3I9u_?v6n`Y*#_e1k`?%PO>i)q&*W+eH%8y9u zpn}<`qba7Ul0AE`aOk{wX5EXeEkpu)|Uztu^QY75p-46AhG!;6U6GQz03oYYv#ME?%0C42j^k9^!<3} zKu28FuWIFtvVrA^!I7*%I=C2Iqm-(ieu0U0i72Iq0si$4-MeeVU=J*}0n5ef9`Hl{ za$F_OWte&i+E3@rB2Nu9apV25So=0)v!gqi%o-Z5Djiv`o~}7v`ogrjzXoOJ`oOm3r>f+xP`FPNMR5kAop2oM#XEZT00imD{=I z0qxGlKaA$yYijIS?6=e!mW{1e!48)h&4)D(NobuQ0xQZ$G0Ke6>B6Zd=h(&+Pa_kc zlmlASlcP7iS-BC0>MG+=kK|r;6{j2S%=otXRk4?Vb2VSLC^I{9mN*5?tdVHc1GR}` zzC`oX-Sez@9Q2eOLNITf#fw-mZvP-OUaZI(VaQr>NwNEvr2ULF5ORWXKxr+QNAv?Z zxg(UZ6pDGEftpJ)tlRw|(m)6w5N)%Sy=xvM!vBr<-S6I`E{eb#Z^^)M{{q|GoM3qr zL>yAL+Wr)!9Yq>w=c8rz0-M`siPw7~lJsxInZDlCVa*7IAwxH1iGZNSl(%3w(S4Vk zhM*)g#`IZS!M;$(MRQHqGkZXxikC4RX{6-Iw3MQfGRH)IT2N@iCh{tgVlAEerV1ng^bvP1w7Jm4(QM3gRYd zc48U1=nvVNkQqQ6N^~NnN7_+NrAv|_UK)sANI(${IrYl4eRxySC0=%FL*Rsk(yOT+ z3@$epMcy2QR0L8*l3q(H#d7*P#m#8c(YWkB;fWPr;Xr5V0&55f$6PVr7E~!~-7&t3 zr4cBuZ7$J@Djin&vj+F{m0m7F3{-RERDk#sC8HKvhpBwO#p{VQ)%qkAa8=8ZQyGaA~}P(m;|CsOrdj4x4XNHolVe(&?mt9fA(OU`jIW z7bZjK*+wQ;Msi?DIzzQki3i{i3{~*AA*k+OZ%yFMuZ-`yTO4@CAAQ-Z-WH~^tVT;?QJ)RR9dz_#1a z_a*TI2PF9T%CF{J_)Q}|_iv`0+73Jo$If*FMI*h~Ktx`vlPBSsEsgMM7c92B33P{% zyH&aB36TKo_3BkJN3)cFWuYgYQMB@1AQ6rrPUV0%hdxG>1=>U^agyL*&RyBUp3XLS zd|AaeP5i|dR%~a{09)sD6>Ol;Nb#R08UBd=5Bgr^=F#sTwEgJ=P@kf0a; z*e>MzMg+MssI}E&G^VRLRe~mm8M(|R(I3|7nH;tAmZU1noKp=HqcC?AUAO-Jcf2`r zu6eT@O?AmijEVy=W<=7&R2JdROp+6umxD`SNsO`NX61`lwQ9)WfNs=wAN%m%q~g9; zTim;=JW}Tzru4h;=_F-(K+)3vC0$UPzUZ(8hOtbb;h+K>@MZ)SGY9b# zoZklfj>qvw96XTbI2d4qyoIKr|2#2+uX>4DpHSfuk9LAy=8-Ly@J4-UM)A1esQK_p zX(=alH#26}iZ7n__TIg*Z5i_U-N8=WU9^L(!nE}u<4rw!3Qq@0xzjFZ^Eo z{SmikM@_i;g|3!uPu68-zvwF9UfT7w6b+C3^lHeM({<0~Z8+*twkKiTpAn4%FffOy zVyA3>bLOHxFu?oJPz~n7mMP}2fCc}*l`6c`Y|g7)izdiszOqs4qZDZ zXlLQ|DKus&@c1IFjH6#^C9RxIow+k;6NAA>cVY_ASdwaE~=?B`Rggki4}*s+^}!0qs(-39fH{G8P>XhU6VRT z@Tc$7rdXN;_7r=a!0I^;KL5A6M137sPiL&L7g9U=@eUBrV$CtM1)OOXy+$f^IlQ{b z^lToVOqT;Psv%z)I%&+lYp^s4#JbPUK-7aQ2p^v$hxiD63fcG6Rf`MSeP_?yQsuzv ziyZ@IhpUMl0WJpwnmQLN2*tSYvS_|q#g#>HKmXsC3q7u zzz@}I!4}45j+TKS`>{dtuAvddM$3L;QEHpYOi0q;5ql4--;l_u3-IkU5Bcsz@)$x- zaJDO&_Ga%9XiDV=@uz%A-J%Z8+QD`-e;Z^%hml0*#}Lbd=QzT5B52VNTecO98N&b z;*=gdSP^MDoh-Lno9s{*M&1>;?;w%xUp%mnL`18$hDS*RudEnqinkG8Kzzw2X;d=W zgrfsvqvivx3WruZTd*QZ^A=>WnM{GHQZ8F(aJ*!voItcZA!L%-TZnD(<%&^-rJB<) z0%yBQ)i@u(&J@A0S^xFN~bLEh{p}5#PWDCHg#}8b3t3;@50%d^hV4 z0^!(q3>WWr@5g>UTGY}ywHT4`HozaK;JE+9zP0&gfTZvIT|X-@D&Bv-^ZymY)923( z=51gTGjf6K%*ONS!)J;vyACWi7q^y4i%YR5b+FkC0JPpG!aiE7WO@r zsFc=qoLUMAMsFwI81K(g3dp_~l>%-YZ1*2?n}b*iRJHYJg~nud&esNqP45)NYaV=s z^-TlBqeR&7EMiHJ*#-bS-io*(a$eILCKukJrQ;uh7zd7HAP!5VIN|zK@I>V4vniV) zxwXI!rm$t;kN4_Uitz@hPdQHCyaW<>Wbs2p*1?l&g`lu13%ZqZRVA*#TowVv9);U4 zQlUVG88aE;3~|zU-)8%~)@KGb`i=-Fm|1B2O{Fj9YfD=YahB;>lBtsCkyU_`f7~^t zqBB}j8jg}pEDRakceP9&?N3%yBkC8NTF6!|!ng>jI(D~HrJ(_8%a^K{nvR%ER6_M{ z&UB3F;YUlhcauz4QlY#p^zM0Fgs$M&&yLM@DUuh&HurM_Z6eToI2lSVdjK=UR+FZ~ zMjrVC|4zz)`f-)R=T|T=(;C}}Da#Q78HBT22UZG< zdyq4@4DIo$f>F?I%T3F>WhE2sqNF7DQIXCBN6=I=PX|sfg|?p``v6$jwRfR$($_Mq zro=N`dt&{?AnCM#%~8KI>6Y{2$c~aP%-Ir4y3SX4hXr) zLU252bwY^AAoQZ}+Kza`h`~+selAm&&)0w1j2ULvZ6O6@=lF!1>T#cG@wcw@6K4BE z4fHZEMc;MLcB4u0)$}3-7?PJP2p;{%FBHsvlh~~^YPuBFHNfYS?W3q@qLV~-TP?vaxAIS%og@G&uFnktaLFds5xmCRW2iSGj>a0ywKuBxscdn-OrbjY{fcb{#h-q)t7={{Gj;}lvg z@oZr`?7Ykx6@N7IO0{v&Mr=y18KkW$laTk{5QAutMH+;D z^TIh(^?0HejkwCC3YcUv=3{2IP$40Av!#@vE3cIBznE!vhvH+QB)5ESZO~wQ7?#iY z13*bC`)2oMNBrR)iFzi9*>9zP(2xJOui1J$>}P9#ZL>e>=Nqr*`IWvo!secvv=U&C9_ld2g|5< z7`~v-Y5H}_dFe&DH7-gT7fbVw@gc(Z^RqIYqXbhZ6<5v{vA;P2grI_-H6+my!djxf z=?BsAf_XL=0TNtdD2d@&B~#@jZq56LD?D+79@K^;9dB+jGr}=&M2}-&B&2KEfXzj; z%c5|<{(JbuA?x=)GdglEsrACpjFRAot=tA*-HrfxRc{t2)&&dP&67Jr%PC~y_7OWU zsBARJ@hG*Tl^NP;gbk1#t!L3v+)dFz2v>t51Mc?rMKhK9*N?0>#IM{#eriPFuaZX* zt;c`L@;l|)NuTPIU)}u8f`8J<>?CQ{Fv{6wxA6{$*_(X;{DQaI{LbIZ-sI}?1BQ3! zZs`C3PQR7!{{H;EHd=@2?>%OKKGGAwm3gizSc&a8>N^3_gvk2Xw_j}rBEl~%;7sQ| zLU~mY70GE&i3GI&VBue1_Yq}GJ4<#sPapH$HVQAoQ}Fi) zw$_{}!8zKr2F%w9X>KjGS_HEu=#LA$$ImILY`j`5ONbV&j;Hk~t;OduWX{3-XO*CH zi?k0g1y=-|{nEKa`)mO`-rCx=R_!+oXT34x`B|nm@O+zUZHK>R*2hpr({E8#sUONi zH*OU+qt0%ksJ-fa*zaZ1d_?2F(&0eRGvI4|Lpabg!~21zRYmZsnL0L6IU+O-Vr6O{ zx$J!(;j=y)(kk$y5|}kE`tL4n_(DWx#lDGNL>7ui7Dvi8YX`BAqDoM`o#G{0ej3%( zKr=^HR`OY&EKxL=JA3uW6KD-`S}`-Ux94iHp&cGvDf%V+?1IU^sm{g_4!d)c zJ`sU<5Ew+f=#fs~R#L9zidiD}QJy*fCFf;&YN1vxAiEb+?Lx1Ta@)|gu|eoV z2B!0akB=y;x@XvblOqvyVxA4V6)=Z-Ow@gGCDIO3_pdau>Q|N+rzWQ-87o6O zN76bCy_Cb3KHrQeg(%cZUo zy;+}X`ZyN%Y`a_LC9@wbc%W2d90*P0qwT=uznZ{fl`V- zIC?6BDqHfAf5O-{6v?j$;oze-GK)YvG2>Y&87@}Cvbf8LV}3&d@Qnjp!VX$6rQgq2 z?Bj!>sAZB|GVypD=$FhgBkBXqQermcbI^F(3s@(3+G58MA73pDZskcefLYFhHMi2=3QRUJIebCc zYOQk3)~5DRrH-k)>#0>Ioi?IjBzulA(9acrv88F}CBp9F>LZ1Zmbs)M z3jXX$FMAb->>oLXtw>M@a0**Rd?sR~jZC$D7>E zC@E7yV;C1W(<}isGYhf0ExYy7XQmTx`_DP)sr<%0w! zju7#{2E{y$IE*r7--FQXOmu2!Fr6v#L@~*s=5|?7?!1>si*Xxcca(zWC&CZtv2Q2q zj5c+c6`;jHEGJs9DI3i|o=VH4cqN)`(EjnZ@Ex2~7HsNtG7o*QF0!NMR!o$Pu+P<; zN(3elOvkijmId)uULFng$R;1o+%H;&SvzZ!RS#V6qO?^tB1=}4T$0?iOh?&(Ue22T zY>?m^dW z3*TYo9mA%JJ9*5G3ror13Lb8jnBoRxO#++lIlIv_IqLi;9nZ@* z#a}?d2~m1|S+XzHn9|=5b9}P$TT;lQsukU&YNf>tK!;t!=P>0X>w?L& z9C6gboGV-Ka5RII_&~*uS!EO~`$3bc3K~A`Ob;X@vn}UzJfYwvC1$-;)mrL-xcRe; zXPJK!+_vC%F=X__GM^mRa#X?B8M$wr)LylLeJvH?S2?H1;a;jNC!k-~p*r+s5!bH| z!d~Z=Z?)T-e5qh&jR&u|uaCHkkJ8H5C*9*z%n};7qmC1Z%P>0>4wZ8Kmt>jky6e$zyIlM^=>eirTNSs(ldf=8x%MLBkTXnc( z6d8o$#S8H0T9+H6$(R+QKhyilOBz;r$3u3%79q3_}Mm&_$K#hce;nUqVeSo{O{Sg~r*!)9v-2cJP z?O^y4Y)*gi>@0iQ`(-F z*bae%_J^9;{j>{*%CyUkqze~_+2qFg9UQ+3Gn2VvJzM7^%sIA>^v~0tR@iU&(PWq5 z#+rQtLdjQmcj|Ngd8sgf{mqTN?N`0QJJ`75`zL(a-yJ~k(*^jhm(S~axAtc3=;S-y z17yEB%=iB6ZTH0jerfwtfnM>>8I1)CkP6haHKE)#ac*V{0v8u+V|!Ou$tNUh_tW2b zC+f;+AB=rX6OI@B4Hy+5d_z?zS;+~J_~X1BGim^<+2qMoCt_?!juJqVVo`y($^{`^ zXK>3;W9ZK^bwb!KNqU%`Np;7wwe7a4LLx}|evMd+AFN z{@HRPp+M%bn_wDM=$Fpxhj_5d%N_OqEU8UNn`Ot!z=SXaG9!*IJ(g0(d#F#XIXMu}6xBe2nHiNwprOXf0K4o8AKkweZJs?X8>&~(Tf&zB!LX34skys#EROWjxf z#mhI-;66knYvsfhTf|JiBjwAD;=hNQ7{!cq2RG=?6z_j1mOB$g2VKi<*K4wW43cvo zT8z}NdN5OJ5Vj{HfZ_o*-tK0S=uKuF9^vk&mIn}F?3Hmz_z}>?32mNEz&;g;}AMYf2zn@WxM@oYi9zmjbR4~Wl*I*nm zQ!Qg=!a@|qL^mk!xVq6RpRu`WXsIi~0ne$9d^=>dwPwPzOCLB@@#f`hv(5IAS3w zM8f@Xj(uytz5RiuCKTJ-ElJcqd%1E!Y7euH*|~6PzVJ?pc7fO7(4qtb3H6#UY}&*{G@{0To|Z8X^zc^+o_ELRonOa)gVO z>ixg5U@R{=+-~(Hraj4?5)QbUHaL?E^Y}i$<=vQ8bNe|mYo{yS5KF@Ye}?#fCb#YF z5%1S+jGR+(eXke)!h{Ep>o(%HTeey0*zc65^?|Vr@)kh3&?Tu`_w;y6U9beGfGF;L z7WHsAaKJgfbP!jAKv{^NyZZ;FV{w`5pz~<9`C4Pq~d-&P`Jm*c5f!_Zd%#ewY7J((h$X) zH%DWnN=&x4KEupTb=5*dG!mIFA=XV^8wq-Bec^zk-v0u&S;tZ75AmGS6dF=X2Xw0| z`gozRMGtR^p4-+|6~+MO*hcF9FYgQuyAWPWr{1GQ5GlRAQHc_?inOhvH73RKTLz^` z5GpTwLpyYXf8pbrfY?1VOxxy`ZAW4yGA6B%nU)>8RvsZJTss01X2(jC3*!yTd?-$6 zESt<1T=matRuPk^97Vb|3ZF;dn2)Ab8>P`Dk?UQC0Lm36rrOzpp(}?@c3LgXD_w}O zzSx%yI*46hWTTNqD?MksFM65^ zkdAYK*z^UriEeiW*8};yUe7IncaMerOJ5lWV z^Rl_q9Z;6B#sgdwmrY6=bKyRZ{dRggr#RrT@Rq6Ek+cpKJ_CAW%LbXP9?L1yY>k*)6i+Ft);I+xAw+RMWs3 z52|hxTjZAt={cCGF{V(t@KsVIVeRLhh)!-dZ+Eu(M&6FBzqbk&Q503CiLw#Nn|>cX zr(?F2d(Y^4Pk(p&H{rcC{s>D6%%HyhZ|eKs;@iP(ktqJQxf}B4dFF@QT3*8UCW~_* zj4@#((EFj;!`~7dvNOjtCqu2O{w${p9B`AX-`h8chzdsH)HRs#piu9{_QB`w#%^%g zJR>)4UMCZI$O}_DyFFD8J8W(u`vI-3Vd6Hys5=|)`V7()>(l+g4Fjvz1K zj5X>PZACUr2u)1*gI8-eZ;H0R-F~vR_eQoS1H6l5EM2HJ$TD}Ijsxk>6IrBD6&zv2 z2M8l#zrx`ZhgsB4b|UJk228{(4|t6t@3wf^z_UZV*eo^{Cq{|s@RU16vj9bzk4dcs zCbo+N|uMx`g;Q#Ck+b(86U$z3Vm|r;%;dK12qgQZF};0UcS# zA*w_2(W1th=*GHe01K$Ys)PBLM6xqIGOd=eFqY#DbZ(!71d{=t`XjpWZ|@=$WN@qT zTr455G!vBtnT9Y-mE|ul9tv4VUB>W%#133F``a$lXN@UK2bKq9+^!ke*p4$N)z? zWjXyJByLcMu8p%|))vqkVgc-#Y-ooQscNl)rp@N=)>e~S7jAb;nx9!~cRK|IHdCZ1 zI0vA@D-N=u`9kEWGMg}Sub%2Bi{vyyX)Iu8ql~vzj_#sDRirO$CY_HS-p&4VquJff zTR6-@85p002+SylR*8>n#egP1q?pN40|*J{fN?wkg0=qy7<8wvKNQRI)7;v2x!Seb z#?IE)-h%$f%;8>%$0%_YOy$7q-YC^$q_QZSYM?=5sfRH!c##r&L=Zx(TbL1uy$0$Ob+M)^yM(fQpk z+99u%fz_K7cvC)QOls}rPg^=*q;UQ1=XC5ftrPK}0_ceY*}AkgHwQ^*lj}kIZC3vM z>6>4V$N%SY|7=f>fTv#&BLVz3A1Ax}4f>bA8>ju3AphtsiKcA9H!#shYJopAnDZvl zXPzFYE&tvkin_gy4-lv4-V1sC^+^dLo}TD16s0+4uMj=*4M3=(tKx}@Ny z7(E>zg#L{P@py=n?Md7e4I6HR*GvvJ*ciry3B$AW{+9t0 z#9ag;7`S@U%=i*G??_blLNmajZJCPi@vOq`oC)~is|%?{;JIY;!YZON-iLi+cEY$7 z5Dr{>wr&c8vp+IqHAo|eY#%g~P?eQmb+R5W1{=iBx-h{{fAAgC3id5=1OMfR=uCr( z-z%k^Q>ji=HwMDoK-l|*o~YDy*<>t4^E0w#$q#qcg13kSTL`sbLM?=v66NEnq%D{g z=g6FV2wA(X%=|k=@HC_Gs)7i&at~&&KT>qy2+~ZMvqV1a#RPoC445v`NHg7 zmD)OexZp2pE&Up}n=?qy3vGU!pHpyU)&2_G&`SS}H*kkMAhiLI$e%3?(fpn+18#0^ zVuQZj?{;ee0P_!DgB|yB_$__=)lnG`|KvM<9xM@0{%FYuPo9}Ozn{&8+erTY)ICsSUB&iJOxzA2;30@wr>>gPif9r>Q^*)Vj z4_YrX2Csn*QW8tjdO_w{nt5e4SR=SXCQo=Foafs(h0u6>_@%(+fucyZG0q?%K9_5h zOxR=n8vF4CAQ{s1axv0Kyy$0Vt_;L z5RgbGvI$>A%ZIS&%AT%RlkkH$C@nDR{@FRixPa=us1%z*`#Fbia!z|&R{`T{}?lkUhg)^5Lm0^~5K7zV9j+)v-l~g3j2VsGF|Mt#-U5fUZbz>P= zz3A|Ls}q75FL+^Vq$Jn&g-oO#2=pi59)Hp3MA$z_WU0D$Aba;T!>B11vroqO@ynp8 z?Ww|^#MR)Jt`sPCwKGj(9eqH&k_Oob3&WsprH+k8^sA!9-*b1GUcGsygC zJj*U47c-PIfn`Ywks~d!1=>8y4|KyyFf}j}k#wY|#Kg4Ao`XGmh&~lU+ycEeNDF0g z>tUx^IbKtY;Fc#S&?KJu3H*J%q?(PCzMS+XY)o#+hc_+e=2$&CGB&B&B`4S=$E5v6 zx8H7mkt6hfV)3romHq|#96qzZV$kpP_&HpJd7t)ingoOZbdBe%0u|GGCsi3f6l9B z6-!|g(X2?c8ezzv8&}~KG!7*ah+#}5?=kRi|k=VV& zet(~_KA2pyJib&?Jyn;8xdw%N__j9~&FiUcZjX0=x;Ju{ec*|Q5MxnOdeBdsp9>ya z%?6{NVvQE&&lB{l;d*q~qxe+=P>_B_>|eRKAH z3%$-qjUN~U;9KyJILWB}!a4nAU+A?2p@1eS97zw|t#RzKM4OT(&Hurf?jGWpO>SV& zE(IJTYMcczIYr5F=4R}7DVIX_m+I2pP|b(y8iKCK zKv1$1_Isft*(^63VJ6DYQfQ*aQ36SWtZdU$U08VLJD@o0hjo$(0y&hK)Y=qWof)>t z?bUFXw6qWq-M<&i@uRU$5a~$&}gW;YHGmiNXz8UljF+*0@Sx9ofbrg42a}R zjF7FMfUK!#-L@V=oUw^o*dTxnRjc1eWVjIK7Luc_yo!l4gApI_Ghg@N=_vnhYUSE3 zNz!Q69>aqH zE{RY|KhlS~5FtVaFH&5dP@)TUO}nE9TB9q&hLIZb?+Ku1z{bW4?v$J#IpafOJQe_zyHZSA*wiPI<;Smf*%tu1Rpx2ZFvH%@<#4G(Phex zXPh}Q`ngjVAA*v-);MCC1NV)1Yf9FPKNqYJgRBYNq6)ie(~(593n{@nHuCo*B0pNR zCZz5!4?&>N<8N}%{TlcHjib*q9Vjc zOy?1ME%IlR-KApYg5HDDujjlgfNXFYDT{GZ9@aM}_IL}3zEfQLG zuR9vv&+pm`JKifpVybU1lWf#%JZX?S4zSB|S>f=Y5^-6yuvK9oG1{~6SO*IiA8yC3 zfuw@dvc6`7nxPseyC>!4V3yUCMxMd8j4x^l9~e72%rZSB>wS$0tbsLcXL8mG@n?}M zG|kMEU;LMNM-eHj6{3`|ecLF9G^FVVru#4buuAzop7sN3N=z0jiK?F%zZW%XCPOgR z0G2^z1GZ+}sJ)mx0~&Hve-&O*+kM{yg_hmIjp0rX<@l+~O->j0`{-X$h}tW74C*1d z9kw2Rx~ooIZ*JF?9s0|XO2uiPFwBQ6zKg2~&Jy8F2*{9p`Xc}l1Ix^X_c9_U8|TDe zoop;d{0$XAl>%hf7VQB9sr4{F1Vz1*w1^DpPqCAm(n4Gfj(nzkYP$EbD!Bf%fV@x` z2<6n!-%9qDnS|}?JY(h35>@=e8xjl)Bf=15!gcAmYM)3a8ZS2<-WsiEL-Rloh>Wp; zKTZU3v!Bqaj&9%N>2E9?Y-eL%pb)*(zSzP;9U^?!?{m|9F*!LvZqKD2iRcxOXw0Wi z5gEyMT(YwIKIP>dD56qDbab=up{c#lPAc}`O@AugDbye0MXUhI70Hg9MY?c1=4ut+ zDq>x7X{_olMm_BSjxRD2oDTm0!!!mphhVzEM-mpjL;y8XCbnj^2wCA-Rm5-<`8a}j zA-#omDs@taool0J6s4(-l_^ShG@6JP?HV@YRU}a?8ad=sM!Yn+jdCGlY_#TLN-BAS zBo*c+{V*@OLm4EG=o{BIqLc*I2-U#Imh8)i6d{HAwwkDb1wXmmn=~4mv{+EsS#V4s z6(BNv8q6ir$t{ysEJPAw8CF;e&!8HC6ARVfPA#H=qg-JYV5cZ4qJBv@N9BV~B-7kM zg37SAM{RAE!_vV)hQIsUjZ(2Rz3fvJBc3^h)}E!z#Z<+xZa1zd82U~>BjyO`z`{i+ z|M3_I#TFwnE4}FF9-C7rfvn@mJjRomBL9b(DxFdQ z41t>!qCmT~3!VZC z2fO*=z<{g!6Tg~4TojsFFvEp^9cZT?E+bh_`0h@~#!8)z=*3zR=@i03B-T&B>=k_Q z7eJ{1MnJj02w`YiJM3d%kHRo!_oDwygl;eNg{^>TYOjqZy+X)k|0I6H${ot@UHx9l z`3UTIG-<`65o(?0!exIjDxiHq`j)wlwySUnTlHz6wKI3v8;R=iwhB4nL%4i{1e_p}@NBG_)N5pg zk)J;{`L%yC{X-rJ0oox=noO!$fx?{&FJr>tPlp_`ik%-jUCxIej`wMz+t$datdiKL ziFe9-y7)eK@2(yDW53)l>v=wa`3AeFm?b7F*P%qNBo+-lmp{p02FTb`tmo_MZ*&Ko&C0%rL|j(=mWR?k$5JDMIybZT zdi4{)EmPea8wO~^zfBd7_up!;C#QNM@fIc!Z2P}@*qi@ay?|fp#9%ZVX#38LJ2C|@^_(v$cQi0F3rSRhcK~`d8N|UBrbng$N z#z$xt0pd0y`4>+((7Y>hatk0iOjBa*gw`V5(t-iA71MnY>ZG_!WKYwq#nD`H93NDv zN#qa`qkG!IF0tWLEQiE?810_J=lB~0@_JcR*8LG5`L%ST*I$x&WK1$2O5E2!G||0h z+4$wNMenRw(d2Tk_C&+>=EWK_Pu3N5Qc+7#dSj8PL}Xt4YLcQZO{fX}EK7fyFgxXZ zU}Ktu2ha%U{Q9oYi&%)K)&ho@LM0_wPI{>1gYR`QduopmsY0Qv>~$vs1RIcEknOYrz09mDin%-ur9s|Gvi-Ei^wmk zNP);T&fu?RVVNB{uncth-!fmekX57oPG1#kVytcYRjFkvzYc(Lf%&d1OGa4U|LNF` zD~)l$K#o^lAI6E0E*f-#D@$n->5c_EVwpk|BU|aX_rg6KSlBW(4H zttExVh>zizcMEaL#SmIlScrkmP(!<$>+kp|;5TfblLk)AgC*3n z`-B(mClfugCLy4m^p2vhm3C#=-pb{t+e6>A?}J-iJ>J^-U(;J6AEYG3gF!V>NHG<8 zTchXsjC)HMgk#Z&D35mwlbZl9lv z!D5Peg!~qR9+?|S{bE}b6Dol-i9@xp18^!VITlB{uwN!?shE#?C(Y*e$Wxo#R3+hI zTKZMUbEmuk>Kg(G$Z-3s!TGOn$ne?r$^YNKO4(9!By=Fi$cI=aOCb2-39JC6taBT? zVMfl}Bq8{f2%lE%%qpQ0b(8Hs8?m*Fl#{yBm$rg~t`zu?*pjqymO}_y zKN)P*n8QzOmF!pKMTo+QQ5IJ|OJvP>J{lZ|m~JD>0qsF^0dV&k6n=H?eE&4Z0_FXD z5N!-VgrdTPxJ>xFN5aQI!r^+E@xTB6G0%Q(ZHu|z6aw|26oYvJsu#i}CC27Ah$;er zjoD)UA3JUpTZs|`i`i>tW@ct)X0O>^Gpw0m&CJZq>@~BG>6qDTW@ct)IJxgVDSwHg zC_hnBKh>>iRZmMZqtZM-6;N-`gKDvA&uu$Bot-3|r7j>Te8K=QU1O9T38}r5JJOfr zQ_i^Pwk8H_yqo{s zC(6b~PTL#F|M(0H$aBAy{?JAR0Xq!FKrO(w#y;ovl)){Zvd-t&UhLV0|=V)y3cJ@X&_3M~j%grpno=Ha4}j*g|S~xktm;zV;a@ zY^gKktD$uFg8xTM-IJ*lx}8xYxD zV^<8-^g965wX02T#Dj?s)Hl1_>{~V8|BYbMIJA>lxSEZHq4yz3)(8kFh}1SA%R>K8 zj@QmwnFk9=5Bf6&axmTPG0N0rqVp57sDWzB7b>a2eDs4GwUr*VwLQYfgphHeAenY` zy&N&v0Q%K3D#*ZsbVnQZl3o4%2U^1f;zcu5A2Z-;$My4qo#WF3CBVP}>ASYrC}aIm z8Sk_660GO%>WcZuCzQBR29>H2=e=8&m_Jrfy@LJyFM^k`%3qNI@n;ikZk(~KoI9z%Y<`U6|S=XWcaa4yRv>SRtK2D zJ<$D#L|s`wNpPz58vt8b$BA{U-Lmquy<$jksNGU=vc1ZQwa20_`7LK-9#m_lEMWxF zbtC;{zgD=s9-O(1zgcIe_Azu*qWtg*taz)PDSc}d78rdZe( z!BoZ8d@lXCMk}#@*v1SVZ@zZuC zj)UvsWojsM`IG3InnE#dW^D!Ci2k1-OJ~coT(H6%$t!$OnX9C=pzWzwWMXC~z#OMzT(}Mc)ZqpM6&#&h_x_&j`TREhy4m;w zJ@!_8;cR`y?e;IdfVR7@HXcAa{xQ!1rYVdvSF{%fz=XHE9RdOY0ln*QNBixKt@!rpDgbe0 zxljIGPNMMfIxp~O9S}1OIu5^c?_@^PcKvR<_IeDkz1Uv1|Bjfs*MrMXg214or$r3_ z9bG8Ne7fq@KOV!l3DVm!8H}(oztXKD^7lg*IKZ41@isC+%=312fb~9hegQwR^FXyo zi_A94ueM2nQYQf(Grgd;y`8ob(4Ws!;~q?-b)^%Y_;%lM{EOv<_Rma1y7r1tbZw$+ zD}<;d-5vof+9UTq-*NUU`xUdmd2z#jqAiB^eN+)`e{EvzsVy*px%czesQ)2cLP>la ztzq2%wzIMEbOXxU%Jcc3U6xn6$Dpy0_kF^paT$iGx8mDtYoKro(^jG_+ZWbOjN6tG z;I=;kWsLu|CYd9vk_k4%Ih!;WoWg=v*bbDT{Apy z*Zp-yD5Ie%NTDcGswm^SxB<%t9J#MJ@j`>2T7ut1N9ozfogveV4oXR#m@-P}kX9N| zX6V?QEZnTpgMw+!A)x@KADt{gux1Qp*j~4zOrtf_ zKRdyhR$(XX&w$Y0vUKl|6;_=?)YWm?XqG<3@8pH~(3Za2Ek!SVJ)vfz*W2CtUZS4$ zn&^h1XA&Z_DA77pOP$W=8Q#Q4)C1WJBWIRR*K7J}E5+zB#=&u@{w&Ukg!q|77@JDi zsrjFu}b(tFrUmZaetnLLioVso1@_!>3m|3m4#M_2(sRY%ayOGMEL8$W9iO8&yu@FwS zxSY12r2MPw4!ky`RBmXlo|;El$cwQfA%cn##XpVxfkff1Oy7x}hC%AiVgDt))k3_n z#mIs<6?K;-D(*#sX8He^tUUVGzHJ);VJ+n)(C!bb_D9&f0^}6@xrl zL%X8z{zs`vi{Tw=o$FJF$9kQ~eTFWz&iluG{R?`VMGL1A6DoqYYP;TA2MJF&QhDMR(ZX)JC`BRiU7^Xo9KIIhXvd;O#a``Z zH6VI%A~&o2S^9E~M0*8bP12*H{1Bx__dT7Srb}|c{bcy3hIOax94ret*UfLOQ=gfz z&xy{ZxQ{Iq->jso1F9(AgW7!jWvfNZEZtM!V?vZ0R}{1>x3Rc#T&+#5N1FV5-pim>Pnb$gzQqF48OK`(tfL99vQ0R8JpJ6*yjc!MG(b1h7mbDJdq~+a};Nz;PKe$jRtD3;n zi0dnGl~E`kJ@b*LX!jD5gIagl6!DR*#v}Lg@a}e&A`C^o*3O_tGF5HA2NCl?(4@ky zU*t-(uB6$0?(&hvxh@zMfq0x$wD}aJD(xzM#;FmAR3c)R@a+um5(%ZeKfD75Az&kJ zrnrmu{a?3hpuUJ`7GA>oUEkC_<8289hZ7+8gqP1H{aLQcAYi!eZDq}zo3 z6J|AlWT4>pu$??1)49fB9)Q_n$k__~$6i||=;bA1wshyBjPl%3*{|ghs-P67lPqCfTpyHNLtu8}5 z%4%h(f4dRFmt4{FgxwCc&b!p4?qOG(cA`iEiZAZ;_&$rs;~I>oW#&CMcc;HZrnN7U zU|?9llJipzStu6ohW7Jkf{EBT1U&2s1$eImbOQ-lmeT7rC)vr|hNBQQ(7i}WVO%w} z$2_R_@UDJPjzvk##rz%cwKt3Y>vlP)Gm^)H@O)AeD`?+WaLuSV#p!!E5WCb(WE)mf}mM({?POVAfLB9r3q!)V>Ej z9&mLpkL~DG$b#$GbnIVJ^5NM~!h$JfTC{MO;sJNpv9iVH*!58EO`?M5DS5mfs||(; zKqptJL0!&FaXwLc_KBM{a8yn|@17N|Y;_1Oa+g|1ES=&r3~R(*KMMA$^lUrE16C-NQm!gXUX3TMeXc_sJm zwC|H$4$I(tSLV^1SE0|LsnH!K>FcvE&q*Q0;QCa(10ML)s%_`*qJL{*=4%V;j-vc4 zSd)|-5)CIwD;lTFjm@#JLpY}CBee|%;32N+y3st(zzT9y)>h*oT&!}U*;uMogsWinkJ0GM$Zer@|A()}+ z#q{Y^n-~SM1bE%QFKzfibK?-0{KI@zPc@gr;t_mn-=Nuir{7lJ2+l8GDT1v*bgwO) z_y4r%eRDPPg8dP%J@y%u{m1E+3=txfgC9*9$=&lFjqVAz1ThZ&Co2yTxh#HYDDRAB zHun_qb^ri4S`>dd9iiRpCd5RCkYF!-=s8FBo3Pd%Dl51<+1)J37rUh}xpnDS%SP@2 z<(u-=EBl(}TRZ51S^}#)*)bZ)LG3u4;|3!Srf^M?-llJDHHn_@3*7DSl3hBP+BnlN z!VJOf^*2{2BZV;ZE3cAHLL*CC=k{{963t+w#f`Ck1GQ;P#rDu4kXJ65wBTZ2U>l$1 zGl8j7BxX&vpoqON3w8CxV9dJX%b58II{wQQU+I#*(&a~IG@e#2<&GZ>ipKe9(bNE~ z^_Kwp@1KjPCmaepr^TwI;j7xzu|xX_ldKDDsACsfI80gn!t<9eCke@~aj~5jUwzFV zSRF4?l`#i&-gH@6O1ks-^IArIhm-S^reW!*mi!k3GO%2&)KveO4syFSl%P*-q9-t6 zgyie4ItjPY)y-Y8YbhENbPR_9R7er_vdmDLSl;Fq+)(T+0)m#fNOcchLUkJ&i|4$l zXNcia+7&24~p+)T34co}3Jn=Lr zUF(jPwE`#`PwO0oLmY1BvbGVFRe40M?*-gvJA36x%AmK`%J17toljl#i#)7v1;<$B z>1V1Yr?-#n^qW}KTN8#;9zBotI|`?7x=B|)CAjU481Jw*o$Uxk4WM;x& z|EQaSZtz|Tmlvw9UeB&((DU&3+IKyW;8Uh{Bz%SAyNwS~`Ln-E=|;xcOn}r^WVoA? zzfz>8ppsRBsCxw0wAz^_d z&ZnH@JCtONprH5;Z<+CQUPxdi#djvRvosjcSB0)6#Wwqw&Zf2p)Mf*#> zH6xHFa>KlYviJ%k<6kPC7#TVC=I1j>n9}0bXvd5$vMrCO_Q%XMKd$izv$H>Ik9q+W<;EsY)U)LpaeX)-z^XrQ!Hnt zRM^nSojys{mQ_s7HomKe1JqPEAkMULM2OF$ulM6A;yG)PKsiKy+Vgk}SgG4SReu#o za4iKgktSM4Cdz`_-9-tljn+`K@(&k1uZP|}y9&IR9V`#!g1ywK8ZtV=j<9M$X(8gj zPj)%ZEvPnG^h!!6Qufwj&z4_kk7QyFlDl<3Ef@~Ti<~2W$i|*AHbto9RNms1RV327 zU=AwDs9+R{0jqM*kQ&ia=dhF4T%?$>Jr@!9rqKJw+I1WU;ixv$zD#!$%0}?rWt{J9 zCuz_pnBA4buz!{^KP}(}R38-R7zVJ)@)i)bk^x)A+I=4HafVqP01D%HT-aOP(VDEW zcT6akT{!d0ZQi7rGVa#47_A>7ltR~4L18A;Tyq-)wNuN>nZvu5jeS3s^?vpWC7*k9 zKGVeS?w8-h5{YY$lRx20r@sF#Qh&83l`wK?em==vCbW*W)Q>k@BzIw#?FprhFn9HV zKmK{7#_l^2WHJdwKxJ6q8TONy3UnxkXsJu1ViN>UWjru9`q9t;ogCw7^}I?%s;U_Y zwC+#R+O(lcoZYJ7DV^k-A)n(HVRSFrh4(m$Rezz3s=nKCvt6A^!E;%BwCz%t>I&`i zqK`H;Gf7aR3DaQo)|y_Ngomw-S<=kRL~B@rIl?gSNZgn{`22eNJkbrC!|}t4SEGD4 z&bcv4Pz^|*7D8bDDP|5R+?Se@HM)gO^IZKI*v(#g7R*^YOthK(9ery7-F?6}m zYs(p3Lr7*rBM?=lC`Fja?I&$fm3T=o&&Ao=$oWvq$APTafM2hw7p!TK9_hF1XS@FCd#sX5Fw zKj^9Xv3Ayqfu&qw!#YMkZlA*@zsQcl0seF878=Chn5o#O$F++uo-AOScjV%aJAJ9& zwXEtJG3vVAn$Wsd)r;}jN>M`dd40E>QaPFvx)ajZ4}a6gi#kadGFu`aHK=EqLTpwr z4rowEmE;*KV?&^RGak0_i$FakGy;w@CC%FC}AXb--iFO2|+zr z^o}`*fdK(MmicH((`=Qte;6N;hQ06t@Fnw>u9nt^T*s2Z8wVFN?u4uM4noxTgKY_( za?PPGhTgL~m_o|a7%V7?8>)Wpzr0D?bAWnM%c`RD^X#!FiOrtCk(!SGvE}~0Y&tnb)h;b!BvG1ksHDqUi~}zx2UT;i87u>MJh!o82zz(Z1hJrog~Shi|uZEQA|ZB zX)B(FY;H^I#@%j~GAc-ffm{XT>k|6VP@)&o*jf&Uo6TG*;1YsZ|`9o=EY1KgLnJ2bZeu zlBisd)pkwbfQ3!0;<_3bj`W%QVCW_G(fRxKnG8h6FXux+&Ux=7*f(vRY$(=|l5%G=@r5W0}L*@Su3= zW&3LCfJp*CrmK)>bX#APwptu9?ZQ zF%OCq`e`KJ}|;(ANXT&DurFv#wLf9{ad;S=7pj-Ci@&_f#dq z)m#;D?Wr#>T`wE2H{4(2y>BqwMMy;rCs!Pwv>U{;uea| z*d_9C$Aqg$^=;XZ#3}By#$;CpL{KivD@9i6DN&663sn6$tRI3&CwPe>ekP5L=Et(+qkoQt5vlo0i)`9?p+Kp{`h^Hjfqw8<^Ezcl`MfDkagFcdi6i1C{CR5{;|mSAEzRjB%sD zAbC>VUCz8+SQl>M%Py3L7W0dnyRfq+^R}iX66W*(46Y#94fTS^$F&Aom>8nj-?rj8jNkf;iKEy~DSxJ$`7N&Qk+VN%2xjN$Z{#P_dscNn{D+F2`n0GkG? zOJr!Ri}F|;FfB-O0X`vQ&fSt)6!~2|Zp`gH;}G|kK+`7{gVg%8BvA6sgI&RVrfo6$ z7C%PnWKg9Cv80d{qQvO-)m?RKyy6d}I-&HHsk{B2#BAZuQUVsun8+$X-c{0r)V?}% z`EX~Lt7vBQwXC2UX<=S22|5QBdsbcB155g;<+z*9r;*MxN%331+W8<%iuM5np zKH#$JU_TP^cDNdcR~QspEH62(5LvG9oL+K^S;Hccy4xqx3yhUEnK(G|x!X>f+){`K zZVUT#aB3&aHBSMv&10&!+`2=a9l4%?`~ra|hj>2!@}8!%EhB212L&u6JT5#yi^47< zqYt$H)I7xa?^H8alGp@>F5ek@AVoG1@Bnl*EsX|pbiJ;9?bYk33k5Y#H4K0lK0z$O zAd@hLLf2(Ga>rRleCT1zR=b-4h_$b<4c+5*&lNf(ea}bcT$XKB$Cj`Uwf=4=lF^!2 z_eOO~?c7;Abgb*Xa{Ay7TwS&{yXw@GwlmyA{k9?HoN2V|PDm<((O;$h2(Bmxy^%FX zqJF9pmgdbCz?3MFwmEaomd!S=8%Cw+*7%a5jZH?;=aGJb?3WTUoNP~cxO9-POQ&%M zb`@|T5hY8v%2;htZ7u#vZ-1f5X0IJQ&j^{glPspdDVvvStX`1EZo?L^TN?Ufx~BF?`UJt7GoN4wj3U zdm)Q{;Yl>okm7aoV#cQ>7y2z%WD-d*!nCfLqTQI^_cCO5;g;y)I;9Maomr2rrC{8S zUn@aDL+jQg^$-<~iBEuv{33RWJdkCzawi*2$6)7>z8;iWo#A5&zKi}HVCe&_0BsdQ zGkk-%>tbF5E}`DDHV|We^g$zlF?A>p;{N}z+oG~JWWkoHEKp8|J1KZk7{aEX=IvSI|l1jU~h4`e%9 zepmJUqN1tGww)09E47(s>|?w7Ic0&#L!~1D_|jW@-4JtYtmZn8Xoiv*HB5V+Y4<&k zkw6W^+j)jD4tU`E3BGqQ-x4^dT{7ODR6bhpo(SbFSKqRK8}d+7RwEf>9)E8Za@4)f zb9KPtlXsG5&ZR#eMJd>I=$9kqxF$RKpx`5~o?4G@#7bHo_H3bbSs$#3x|I~@*~Oe8o9ib#0A54mV6n`!O%=+mP>e8io6b)LENy{QX0hQqumsApQMkWZu> zZ)wkMzhP4``!SP}f*n!2yc@cHb-Yc(+8|QjnWniS@*p}>ZTln-O@ZIqQtif;8b0}# zdA9hDDVXwuv%FA$Lf~)ZNAMvGm445+jsWi|VP4zo!f>AQZW)UC6!S(VRfc`?lkNn+ zoqp|ux7SV4nikcsWk>hfj7Ra?N5Nd2gJ{v$rpPVbAUcJrie-);8cTG)bdO-hBQkgO z^GGeZc0|R38+}6j9IAFzj$V8M&>I(Ie@0YPQpQ}Eq_XgKZy|`%lmqwN!$Sh*82Gx3 zw^QlUwvtO`Q)D`?n}o?bm*Iz>^fhj0F9s%H2znKMGYNPtVI?UJgO^XJS!hP>h;0Yl zRjl83Is`idy_vj!nxAB!dETJ{Ln=?N=?JsWCx-O=9dtDjGw}KuuFy*4Qzf;TJJk(K z%H>1oP2q-5mqc34e2YGD3N|-iA4oF(1vEV4T!9Gm^3py%2v(MkL?j)t&3dO%dPDBY zs}iah_HKUf)&CnXdfL%_HBDzhDp%msbNVrxqovp`!6k!Ql_rlZ)-K2=s19Zh1%IO# zZ@kyT4*lZcu92&2CYO7d+^P~hPcWEt2v4iQfIui0L^A$|0+|Xsz@T^}5K-)w^yLle zx7|^%RRb6YQ6VdCr85+FE1_zvM{QxD*+U`2wa+7wga1&$>+-3s+tw|8IY>JD3x5&h z0!qlMy%PM|X%7haqX~M^s$-Z1^_BAUU_Z_9d?^fmc(KzIKmEQHBt+ih+$@Oy{v*qR zcJ&G@2p;)v*~ilo96S;n?0lhL7M;;Z=_!KOpv*e5qXLG@QBe}xbMJJ*d+ETNVmXHB zmn!hSc*6$WSnKZl)5`BLTBkF87nk8t65;=7#*@Zww82D6x$m&aZB}(ALOCQK`B8+7 zEDQJxltN8XY}Tx-$ek#&E#+7Asd1~?AW!63z>6^Eh65{c<{Euu+~bawt%(LJu?QIH zkS5Ll^Tg!#dUCnsMFb{}3!sW%)=HOsbKn_@_X7#NpRJVz_aO3=iq)RG>(rhs!dXmL zc~5NLR~;v1b(~L$;Pf2j?V#-_-C~lJ6p~j0)9|ofUR3%jautPExm1mp+@hN|F znv{kJu4A?MT?-ttn|tqE6#<%{ZUtN-9fA|oi&7X%lO>Do&OC*H%*D7mwwI1|B zm9-3<@M5$7w4pJW)x2w^IxdYW`}?U7?YrgmTiS8{YjLlN4s zrOkJV4toNr6fYXyz6e>STp#|shs)6;tvVOP67&AyqO;5XwKF~PEdJGdmG*t}-#NJj zQRSG-A(;7;!Rb3cG1Pr$>wk4hSjfj`CF7+G6wMs5JZIa{^vHg2D|- z#CvW?RKvMA=&oRAm&& z_Ic0W27JvPaN$w(Bxu-eN+E%E3G}sH_$xK_mcoBsXSX@#MBJW&v66Qi680M*Y4~wSa!*LEC(!SStpn7=bWeoBwL3IKGh#3Q`6yoC9yLL;G70TPKs7#)q^FoJ_(zd@uoO7Ue%Xc1A z$4K|}6}?N0mBDQv?dtrV!RtzV_hIQ^F@(tY&)x17yY-AR)3=XYV$_$9ZC}L-0vWJ1 za0@Z&U*`tW2mU1=5|-nZ0}Sr#sb+a}1*y~t=inYx6oQ}uaM}o)gVl#zYj**DZmABR zg+mi21mF4-UaEB=>OyeDdUH~<+~OC%z-VDss+V{QTn|1zKl&VVR(Kmt2yidOfozf) zk|wGpuRTSdXTcMTnBx+?V1BEqk&27o++p`A!+X9UAyDl6wod>qUx7?(JpIkQz6{^7 zEBk-W=*xuN^Q89f;uei|tz&*D*mPgUwPz(Umdlng+r#wkc)OG|o5U7eCr5e6vJEvt zzU6+Rau?)#ly$^3baCnV+nw^eoZ&bxR=JB7l?}A7SqgII#j$zsi4;aI@oxhr%+uFf zs7rDbi$Q$D7~oqxyv}hgNAdKvUiMDFnE{MVAlp|f; ze*V@IFTHE&R=|A;?WWEjPB>MRv;!mpzFZreDG#i^grfF8^R1nuZiA5OrIrN6cWLR1 zbQBuuoa8)d=v*81E6`^~Fbt)`{TvMNl4)i1?p!x;ajx}(1E8rP%KR`jta?kCT;h(3 zpkB*gPR37mkfGf2+O7$Sof^R~6^cn@0{D#*Wy<)E*VW@M7Dm9JH6+!CUGTJ{ru=eR~a#>Szfz>6+PK_ zwK>>fuzC)j=RQ3>P%aAI@K^p&MbY}$Tt}c9r;ROnz_E(ph^(<=NKK0-R;b3w?{|9N zS#nmu45rU~xzyeJ@nhNImQ==6O$Azw1G~$D%y&nJ&&NUvl#Y_weY2p4u{R=?9yVG1AKSMt4d-RH5$U;ZqoyUs+lbC&)D|{c? z!o!(4GLsgc$%-Z|i9%Don)2aBg{yO<_BUDNcr&WrkuD0l&`AFg0Gybe-^_t!EFpK;ze|(_gX5naDICA-Ef@n8CE{v?3=MkekMgu69 zi38F&Yv>h;Cru<^f>L*s)O}0613Nld1Wf;)k*uAatZOHQ-!zFQokd-}=enbTBZ8bW zka{^-`|juQ_s_I}#fDv6ysrE6*Ruj75)NRvDk0Rh_C4T(~j@@})QLY3-ASJy)7H|VK)w=_4U zrwb{+X1Wddl_jhU+;umP2x_oP%vbs=FE}a!%59y>-3U->yr=Fq zqb{AFo+|aC3xj)Z|L2lM>)vIrpVubV8X&d@ae4?~PGkZ-t zwO(0+ZG-0fUX;tZVs9Va{vg-KFh7w;aL8$I5cgq2d5F$wcX9gAt{bo-^gc9Z1Z}j2 zQ{UfvNk+dc4q;k0jz+)^F_ezoujb-QzTrf;lUT`Z6<^g9Q*~07_a)2Ezu?rDxBJW^ z&yX3^lzbMWDFit(vR`#FU7?0r312&CojE_KPnLZ*Y{x!H6!0E*V8nYJE2Bp4O+kY3 zD~udqd-TF)|MNXy&9Q4``R*-6mM}*GxP5G>rPnOyw zMMZq$6t}1xF9IV~%rW7U)}c3H0L4DF^kSV`2?Nnx&?w-0P$)kk5F9;5Y}YEW#0b|b zZK@V5HX3C!dN_h!h|*buB*x$}$leAYP^mh~`5Tqdx<%D4^oGNnok!1^(>HQYA4YR< zjAnFAXOPMguqoa<9b3?FNA)9~Jol!T#qxt?b#(YSj>?Z^+k-PF`RA#;QMjPColgCs zebEYv96f>uZNs`wA3J^R14*SHP_Xd0s+&3V8uQhiroA$&(88hZ!;Jsb9qPxdrcgyy zdN#)?GskVSR&@) z=duQD1(#mh?S;}-6l`wLkHKo#K?cL{1Q_hruFu~b5d}uRr$?-=&V&jHvL!X;`Wr`l zg-^j5cKY32CG%a==14f|1{v`a_myF`;C)9O+1R1wwh+GHV>}V&Vh^hMgTR`rHVB8x zk}*xykzY;(&NYDcFMvu|3Bo_tu!ce-Dy=((2PG!sEd6kcUjiz})PI5?Cet!%Hi^PH zq?n)NTyD*_<^J9-sj+0)I{vM%#L)NJ`b?_p0-@v?Xrv&$Wk73zuD?Ngw;6QHpmp6P zP-mKg6d$@(32ss~H9~#mSCc?~Pa2q~4AKA}|C&3mJxa1OCUh0V-w*q58rg^|QbI(z z;+C=SVZHHZTc4-ze@4DTe&#!x&XVk4KqTV3mHhe9#n~Z{@OFR_XzawrAX7Ppaeay# zkjbu5nbxU{ZrM~Y>rat4W>n?5cUnotaOi#VCUe9;iSJ zEaw-XO8AtJf->3Tq%|C=igQ?a#j$rwVD?EF;-c=>$G49FiJwnsDBdrhH<}wHfc@|| zOnsIm+$Hsl1f&E@@Kv9GdD2F$j8bdRB*zFW%6*>h3N-30nT^%gQOLBaQ135!ad20C zb8G3mr<&9NO&dGZ*iG<)HXe7xLR`^_5mV1gF6>RH2sfY)-1vXb>&rN>p@SvxS(v2G znHc3}e(9Dwz((RHj>NF1`^bZ!{>RTYal3Z|rU|Y) zl#&}-Z^XTTiBl0bPHEu-y)jS+phNu;bY-`#_XgVj2iOF?@ZE&*eJyu4oPGcS^j{4w zU)@0$H?(jTte)}ZHC!Og=PX{gTOs>G6l^*UJt982z$XghTdPpN3w%nxj9B;;54#Y6 zXNxY5?LeD32KFM>ifZqPcDUe-Q@6wYWQc7Dmm__FC?x$g)ZT1?fZQ1of4;h8=e83S z;@Sf2QoV0=ZF$LKdG{7iZ~EZEa&=5No}#(b5)S4{N(RVJMT#cZs`cLp#ff3-J|)!a zg8D1Z;^xWkICNQb0#P2H59McfqnjSDC;V;XvH3+A-!;a(F_Ox!sNVB*mp?Cf8=(bw zC!9*B#!qX*@hh=J^s}L>sdntkvX(gucCPiJNzk#64Hm@d4e}Ljtz%>wn*)q0xKMz) zXbYsu>G`X3@Y-MZ`v*(9Iie{Ox&gLoZxLPTcLA5_pJ}*#3a`C!AH$#ZIeAx_-!B^- zyBrmr1^Dp?!bzUe@)yG~a-0=v%#3c0I#Or9z(fe!+?dMa##4`9&DuW1dGy1D9+80& z9uEdwExMQD3DHxmU~~7NI@3gDMv@U1++#b=i~&|#zk@qV0|Sik-WA*)!f-9DMoj;I zp}dt+j{L6GRU85OkU|rPU&Iisc`SGXnn>&uw*iDods`j^_n?ulu-BdG$$&Od(aQk)TL9JvPz`KT5uB8Z7|J?*iB{m}yfuXnxfO@YdivX;!t4qQM*zAY{yPVQ zu1z^vD4(mZ%F-9o+tPESoyRi_ylYll4XN!-;%2a75M!IvLAVU;`ivP*+ITS=bgT@_ zl4$@Yk{r217zj5RQh9R4mF)*rN*Dkp7N8=0#jv{b@LJGJoO6zHRUc*=_~PN7z7LuX z{_;5RxAb`s>B_6;3XG`(&D?>cE(+SBeBXGOi$HmCdBvY?jm>TWQXt2J&dvBTi<)W% z*ojLWR?AvUUQqCg)Coznt$Vb6&yHC{2+QXP)k(k~(~E8K@0;o6^Us|Tx7*k8g{`)k z9YRh2&$$h$vluJM8nk;_jOy(0mP@hq+sHdJL*GE-4bs3cb9Y}tzac$iWEoY(8f#sG zC4!-fN$R2IrG9njZ^2rqC-`-_AO04`l|1T8+-c|qYAQJo)Prsmu~`#kMl;W9UAb8O zWqI@GvmkqomZp27)2he?OH{Jrp~?_r;4zw@{Qemwo{e)v_Fr$sjgNihHUHB7Vz>Q{ z__IId+mQIsxNMK%xE!p}EdwqxyhuK3vbeuRS!9KW28U2Q3qPkuVK+pg+TG7EeFN63 zWNASVll8zWs4s_dHSo=|Wv%jH-MYDt1`k0ZihBlWo+$zYL63BxmHqs!0dD->qY<8L zyBG>H39ge0-W!RJ@dfyC{O6)5|D@H$vBX~Er(z&Y{E|jrnO-|^^k{AkvY3p$1%kr! z&Ns3O`dHM}LIcBwDMwhn9A}<@ zL5^OPf_$E1X3x)*`F!h2ip(c$OQfLic-SHGb~0n)<-;OtSI1d3H ztv9u&pj!QjrvRWki@pZLEeiwIt~`_{23Fy9jri8~-&>9Lp!=2-E7mK%rT$d|iBGA2 zJ1d>NBWV1l(0TB^3fnEZBK{=8XbSkjUx(a!1RFUM_+@9al&oE5vtd=E3i$Hog3PfV z*45%m-R8CSmnHoDsmf(51tDxl+yyf@>-xK|5-b&tzISC*cm%A`aaxwnqzci=vLZL{;OF)654t!)I>&oK8o<8*_5Wkl0Ab$)t<7?sdlYXUBuOZkf;3ZZ}2mQhPY{ zkzJx&9;$r~Rd-Oo2rJ?6WMOZl8xijVUmLknen3d6paKkqY>;5n)dO(-;Hh|`eP4ZR zU0j#y&weE~#l#1{ZKfIV++JdcfZ_)W>tBRzx*ug*Q&V`e;^6k4g71JS7xk=H16GF% zaJk_JkMH$4fv=R;W#!Fup+FYgkkm;!87iEvg#*E>N9*Z7NmmmL?nQq;bYcZ{gxWL? zp2~M~*rOt=BtOsMd`@)`r6cwR(`Lk2FWICzm<4Gh{O&cbLR-?woh)fa*R@ zbgwvu@^YIfNYrSgezw$(ZnbqwfKIKIb6taK+y6^R!081DoRYS=s+r{$Ie&!~WkQ8#@mN4;MQdHxCCXD?0#ZK$yQ98#@;mDeM2Ell~vT?azO+ z{kIjf{{m}=|Kqy<$}BAYPjvq0Fs!8iJO94~Br&jHkvaaqz#uOD-XspBn{K}^dy7}> z^2z$|`?&@)s^g~VO(gF(1&7vWZ*3prmIFZ%GoW`}dwaJ33{2_6 z4!n<_fVHFpA#!p0M`-))?c2^~)e80lh%kW<)ITcr$S2!3coI<3SqPeWD19IqH7F+p z&c(fy#(-E7bU}dk>xO<5 zp%tp|-gq}!`SdXC-jKQzC4~;W>`S(Ey3abB&NUOg;=-;txDCe<3>)G`HZUdEDX3sM z=!6Z-C%5Y~+i+FWr(dx49?^gHwyM#l4vT?FTzqH@K<|=<8<$0`Q0&4^!mS4nW7MC$ z8M?5Lw;eqh&~_j2?(aVN+*RK|g$S684q)FE?x2)F>TbSVl@dt{K~2bnG!{#z68ml7TkXf&9i#s^2v`-Tm~A6bV(OjkoLe zTw}9Utt(=rKm!~#7`cGN$mrWarC5VY38Nxpp10odK+~tP)6>eb6(>xx{w3k6x&3{9yQAf-5RutVeMdp=guK zLb0|eDonBM1b#p_dyh?5N_KTeIPpn66cuW)P(*MniaA%4NIeI_4c5>$10K|%pAvBu zC1CPhsLm@Frg~sWTkai4gOt?xGDg~N=LgaqT1+cOHKI5fHWyr~*yYTH7~G>CSA}y> zuHdN=;gkkhrHu+9Rpw&gH9Xry)5C?zezmoGyn|L^rY4dOSG0lk&hUlVKPqa`z&4yw zMO)Dt{@oIxVJD(5!^8?IMc|9m!ia$PHqaumC$3Q=A}pQ`xdd86qvHMkSeL>ajJ5P@ zgDT5_33{36%S`FJ2FHe~yI?hGa1@^j(h6G*N^2?cUv2vOb}OGd^Du7LTiG9ZhM|+U zKVz%vVf=OERBsP!$C`*KzDbUTab9@ogoe|Z5ovL_zS1a0qSl}ZaTz|KVF)d(^68JF zyLI-;%L#+^6u0xR_-M%vu30y_k+LiU85pt^GQ zs~B~mod~rO63xK21HY#4@eM?7#ByaP2VW*A%u*IvCZ6wm0fMV z0dp&gq06`X>)BK(d-0vOfsY!ADVEI)=Cr_F7B|I72~~Y()~!F|$~@dz94s$~?}`SK z_bcn~_6Aem*igk&tItj(bkJWR7Zdl-2I~*SUQIpjnx__~B_^8*W(R=aLJz^3Sh1Dx zrFbZ5EUY2HU)*d7h^&Ey3iw6ug-Zg!>K%EgF}Ku#3VaAnK(~H%#>E9ST#SCXEzQwb z7+G-lqBBOD6m9~Cr##897JT{N-9^k?_3l3KBd|U1_9gH&>$M|ne=8qR?4U7DllCAG z>PG~DDA}G6eEk+_m_AW3qYocm%{mrmdIa04s)IWX?G4LpAL~jS1r3Jy3BN4IcX8TVF0nCZQG9(``5OE z);;WIPRDFw)c~7W*U5lrecCN*8*-p2-Ut^Du5oNq3AUFY&|6%*j;{?6X}edH;xUANB&8@X*CmTWAry~tEA zE2PmQyke4|kw~YJH$UwP8v%mCT2;sr%K@wfvo_f0Rx@~;X@XwQYOUE!X=wW!;+%~F zp<_(pnCzC=GwLj%s9Mt8U|rH=z@r!CdX?Cd7j>a)u#HBgsGtk$b+Sq81PX6$LE#hK zBx4T-78ZBmmT$+gDUTFuMJo705c4M_!3CrlRij3G#C$^gi{0bnAIj?+wd!TsZlI?T zvT%e^eW>v^j2r{oX-;tTjMZ;|dV!#DnVz+fc}AKl4oLuW052oNXyEy@Tx4ykR;`um zTV|`)H`fr9+8ui^7G58ukhdpqk%cfSUE5s8oHcN#Da+W4nK8O>9RWCKRZ7-LLCvcR?Ci%T}g4(darZB)&O^STLR-5UfXzC zyCfL`#uS^3xNH%^x1+E}%}DuW&7!9mQs3IZ^7{c0zZS6&v1AmqRwEsc_5e2zm`;H^%0zC{P4(LS*DlJ`JlzO%o;9shzbeRI>6}U#s zBT}O!`0#qrL0tU$YdO@ljm^ttWDVl&N+t1H*KQJ9D4APcSOH$|Hg+pI=gQY#GZE0! zAeiGuy$>W?*m-6finQk1UQ`64gx&RS+_YtNqlcMcQ_Nqgj{s4bg-e??5Gjyqp+JAc zd;25gj$BmKNUnuMQlu0hyVvwO1LQGqN@%GN-Bs&FXaNyLR%Y=^C@BJ`aj!Q?;(lNa;a2IA zNbF&6V9Q}9o8|>}Y-_zxNQDakbvghjHCRo=vc>m6F7B)}JK%yO8?@{Xe>y!e`hkeQ zjT!W}xvN|^G zXniDES*xvY%ve3-ik?|HON zuClB7N~`Bld+ddSSn=J1$UvvshHRLoqqHD`q=95iHm+x4+6 z#t^J;!lyy1ijG&gDkcA@9g>wP>GnFJ|C?(s^Q|uP!~kpT-`e+pmoaWnv4BZJT4GCa zi4HCdK)`m6n3o*4F?x#9PH$kRrIH=@9&ZpglsZHmhrl=jCkEVqI+9hRM>SZ6yrFGx zLvb2&){aY6xmYF=;z+)w-%Azq_bUdRmzxOZJ!)>HEC>uZtNGnKmJNA>8$`s25lZ8^ z4Pj0SsJ_0Q(iv5PwlS95L2}4S&jxnBRDDUO2WctyO1ud}XBQ7LT4|Au+Dj>v0Jef; zh&x2e;r*;AD~`KS(Z)*>8hFm6(o3LTla->_HEe`}XiWP$6?DR&l%NQN9dw9r!rq&* zM+o3bZopUK3OC%uZD1qxy02wsvARygnWeLymz6T*L6w@QdQD}$l3VMQA%z}8b>wU<@SN}4LxB{1e;Ghiq>q?q1? z1%G@dHbE*vF(U<4H$ZJ|yin7r_v}<90>tH${kE|PTeSH)F^wMFWp7Io?J$`WTT>&T== z1v};d*#MrvGDl*ojw5mA0gsQGtE?)LIzU_^t`8oB8V|x%s@}O$rv-K=rO~wduSL$p1&!AT2-)>OA!& zNzW>QbtE=3MaJ6Z1}!^4QA2rUj1_Ap)INZFHZwLxmU=x!XL0c1OyLQST@_F5jCOCN zi%fA|)0P;5FqU);*0d(5B>+?!h0!^&O&4CCg1v*r=Q8^C1 zi> z0NJeToszbExpT9I9X2^HPSnvxy3koGWk7*-xvEFGYGT#t$$K_;Ai7!geYR-z$~K&}j`pTe(d_?uhC_NEaHsEOm_h)Z%j zv<&2;9ajujabD*EG_Xb;J7wHNG>}7`syigKRU~N0sJk(3=W<36pMb^mREj?6F{}@) z!k0F?`NKRp`>*4p^V5UZAEbKkiRzea|5XK9WXS$&V{2n!|MeWt35zR{+ol7Of|8hF zSLhC!7BE&7wvsXZM0x{|67L%-t&yRAm8KsyD?JcW-6)Gt@Anq#?vM6l*T3&IBOA>w zp41Zj5%#}pwT*@S?{hra`G3E2aC8p;?Vp}Kp#|_1`VW)7nVQsbnWkn;fw#Y@Z6k-z^$bW+^2@-D6N}FL zSexYEuj;xBQUHWubIJM_gjZCrqC(FG0mTK`FTfgQ3r^$^9lAD3CFmxTtRuP5;t!_!|pvgu%h8CWJ*v9Cpo~gOP} zCuQHeR`fdtNNB6y$by5^luRIa)YzVd?c^4y+p0JST2>}Y!-d~IWYl>3-||ck;d?DN zh_N#}eNrpcsRPOhBrb0MRv_%G1ETb@TPti(7;a!66rJ~5>1wg@u1T|qa2-pXESIN4m&0%@D8P4Bl1?zujzpe zzjvZ=(8rTpT_@Tm;LE2kjgpJ!8J{fuSH>@2UjExy_F1XQbCP=90=B(2)(b*#9H20$^|?x>=b8&&U0nl~Qw-Kb|r*KVSXeMZ#vuKJlltl)9Cn>A%|@A_dZkG!w)=A2g~Vhx=H ztAq5I4@1Z#0_AwL?jv|iP&>_=R3uTXvys2bo?deu|1+Pu>KE~`)#+EGJ?E+h&O=VUpa zYXxos5^7M{sHlP(&n9Ie<5O{Te7=8H_-W_#2!z_4C6Tf`V2e&18@q{TP&j(Pdx8ib zl=Ci=9*#@i(v!+c|I|d>hS9Zj64jDBnu&tUFYJzuXHql{b?c4_*5Gf9j>WMhy?#u? zOmexFijgq}plsWqGK{t%bpc1cfb=}bsYb4UpW3IUwHet6SIF*^Y*qoh2V(tgkoHO| zi~O*4O;km;v#xtYHeRSUAvWI)ZoDWA*tmKC&F~3L6hoXC1C}<49d!7F`qcep0Bt7# zWG!~0IDI@pe7ApCk;k~$c(m}oA)jFU%D%^JV}^|(KNqz1t$iaCRo(CfX5N(*N|djh zC`O4g=j;GT3#JF1O+Tc4vS|dP?Xmb&9W`5k@f9~|5!O;p%c)$MCbd_TEcInLxKvE5 zz?x)XZ^NKCbOegNU2)D&4gJc~6H)DcuJty0z02tf+`H7!lLj7oynkn-Hmy*&y1I%6 z&HKUzsDxL!n(_w|7Az8>;4Ug z34fJF48jQOok|~eCIpZf5A0`obIf?aWScWCt-*PbmEXILXOA8tGlv{11)X7}&Lj%?$J z=^1z>Q55rw_tG$njqc?tVy$_|(Fvl|5Gbv_6pIqRq5iF8wL&yIL*o>m!zW+@ zYRc^vs(CpEg=a2q3$3Qx1E28w*7Z7F_8a1XEg9Aqu=jLm2BV5kzE)_CW(W6dt7m0A z|7yTOQ+qOT6|iOKcWcB0P@lxNSRJaezAFlcEmloZixmS(WouEc=vT(Ny&|KpzCL}B zt`4aaA&g%J0g1anA3_P@hGQd$^gJPL1@t&@eHp<*JEf$Sd^BO6OSV&2(sdXcwC|At z-xW6a3g`QZTqCa}BzYbJg95lkIUx)39%#6ipRW`&seoca+3^+ZVW)u!AddzHP8A`0 zlVSJ}OO#7BLzY93LlA%6Q({Y;bzy9YagL?sGxXeP5evBN zLWZx2_d^b`vJJ%8E;Q zU7OMd$rd_?MiEQ)k?gU{VuuK8Ka_!ZD&P)U2A&&ovgMkmTFrIgJCv z1k9VZn2m-KFn&oX<}SdP#-5aWnQ?LjMMWqEh*iZ^m<$dRMdLh-9+XWZ$x%pC2stSX zl60G*BEA<~Gwv%OltOHvbYr7BJ<;ei6HT5d0KD$mG;D-~nhFGZZCT%nk*7E3MCEl0<+Kv{vwRw{`oygC~+ zL1s$^gsOPPj2sY5Ei>s&7bzd$=4u9ZN(2>{9f|~qjkkT+rr5POb&`=jGKZ=cu`%Cj zNQ!D>FqVK(n#`K|9&dzt7?*)6=oh&VVOw8GNA_V9D6Nk|slm=g1lh@wq=OtO%Cz#~ z6i9o&+5vk~K}YYE`&9~@bWEsJvi6kTID z$PVQXS==~5mMD%%ZB4;s0Jf!F5|NNPUVNRAf#VkN?7-2-QqYHij*#_b-YHeLv3=cv zj%ZZctX6>|3n-QxY0%@$o@*PV3CE0eJj1 z{XwVf5gRI{4mM%K_8Hm2z!Yf#*>L+`m7P5z1}e}_nY16&uq`iNW{I|T_sn<(l8!jW z%-rhmj+$)fQP|@h!;~{|WCW5t1fEXlf(;ephFD7-@J8{9P_1$@llfH`9L%pn;%FIG zXU4`xNrR+I*h)Ogf9gsfW=<3bdnVa8eUZe@`vVnzGwrnkto6L8hR}K>8GKRe6;j7t zN&k_V#pY(`p9B0T!w(u69fNc{OUQg6^MuT;CLE?JNTmB>Ui}88x}M`eCYo;pY?BigG@&_ixW;b!bp^g+sB zv5umeMukI>tE(_Qi&%yTcy@MZ7RpICC{MA|WGro;R6kUEDd6a+HWOg_nrYN%t%+dA#4WO@n)b{ zrDSuk!Xqt%7>wtw?MbzR>JYLRQshYRsH=lGn+3mCRUjlw)3Z@bflnb0QpD;}4p&TT z6Lvti=c0rOosePxjT4`p42OS|$3+1}a<$VnK|IY+WI%OZl*a1H5?1MIN9gAzMugBS zeX>NSt;qV~%5D4Z9kIP`5Dq$Bd5VUN4Ock-T;%3d7$+%jO{ zVXuVg!_QYz3m1i9ay9n!XefA5snWZzw7OU-(` z_`s(7qEyEOqj4svNyi^~<^PD2dSpy70*~lP?YU-;i~wsCl_!6mzlyssvKkQuQw>p; zb|W;hglSO>u)wX>60ea9X0@YeySJJKLsJ zd62?es$#G;2!z>P8T7NQLK4eJdg`!)*mzhhcx-~Kp~N(K3NgIj@-c)$PZ|t-0|q*d zQAH(Vd(&4-oJ5G8AP%4^rb9b$wOp%aH6QiTGiuN0QI*T85Mfyr_$uF0<$fX6in1|; z;Usi7-PE~vRSM!V_Jt*W0M5_#iAeR)$GtW1?FfTQ`bsfNf+}#VLrT4CD!MBFmYZIu zhps5{)z!zjIw|h;^>3O^{Wb`6c+oVsG}zDuZj8!KcJ|HR435Uj4?FDET^4W9|0HE~ zaDdq&K(UHL3yDLN;X(p1snGA<0Y;%jG37kyjHMOD8FKVzQA!=POFS)x4hx}r7#x_a z#xv+g{5!}PWZ#jxXA2L=Oe)e#aU?6EswgEWZEU{SG{gC-kPm?hpdi1EIDGm7hbJV( zs1fLdWC$enW;q=$o1BnQ4wDCJJT}v?!XMgyE;1Y8euy>NR4jwHq zX$GuZCKZAB`?|oG*DH)u@)iKIzP+P25~gI8QqopKqJyV^vgIJeP^c1|h@CXz5$-na z5D8c=kg&}$ql}n!DT^Z$hGHhF{jYQhWG}aIRkTe<wC!`@B}hTVccq@2x^X4xl3jB!<#aJ-cVgFRRMrTTu9F%utk{iYx!G zfcyc<+!=!wVsd~kxqUJ@;4>f6yy-Z{?BJuke76|zI}__f!&E*J|cj+NeCR{8wzruF9o8tlHLq;$07pxr9B=NkNIRB8zj&5#P>ix-2ZE1Yin`;^Rqnp z`Bw(+Pg%#K{Qnm7|13{-{*~_e%g_JX;{MNPdB)AZ6nmZo4<0`MTU(op_5Uo-wE0JI z*K(ugJatU=|HaFGYuWj)*Ve0>3;*Bec$P#Ovk5O(O9McGG((j zuL|hc9K*Fu1ooh2sB?#Ljga4`H^Bh(paw+lv?k~r(;JZi_Mm1A`jaO^exKe11JDc& z(1%0~HZ{yvpZhwl@)1BDR5hFCj;or!POn-6c~I4?J04dxeVtyl2J)b)$06Q`9MhZd z0L0@HkOtrPrK>hmM^u+DG`R{sF-)76R+IlSqN-7aXR3}2dWWi_)bZ8mLNiq%?X>cB zaPs&{(qiLl>Gf>Xwi9Unor9NV7zf0#$ANF@TLw@z(|AzwR_9lI#V`Zpv{yAM=Er05 z(?MCLKy`dQUVKgV4}6}Bg)%AGrVnMF09Id{D1qwtJjhJOaRB+uyg@FN4da>#~`~f>H;51WCQGILO*ECd1F@REZ)($>X?6 zj03K{Yv7CeodITM7z+fA2I55OLDIJ@piHK*p!`9{3-E>RSVC}_lq|@h%#*=pL5=}8 z8>l#i6K9EnN*qrL`ca5Bm>_y7w4!oDsoBPjEHu3ebMG8Z9aF_D8!o$lG1R;JJfORY zYb5LCrGYd?W8hHc$zZjAnFgy;Mu0Ulj{}R*;se?v`Bw%^`f+@5eM>xnP;WUfW~T9= z`e9~+$|U3f=CV$L8Ov3veh)#4r!3pZjoqXXcrBN~sJ9#-Gt*d5{T_@$6HUMfhs^gZ zxLn3@0OM|W>kNRWM~gq|4CWb5%>W-=XlxaDy}GPqZwQKBurG_m3LF|c&wVYc##piBp@zZQo{TO#aL^EB!nUg1G^W+^1&Qp;SEAGJg^I4;Hy8 zJE8a;mc%N1Ap91Xa_UVk1(m?&uF zS9mTFX9>3YFj;9%ALP%RQd%ZXP)Qq+71I(@T%Mp@pIeii4L6A2vnd&P!9RISOMom~5_b`;56gjDnjs&DbG6uilt2q`|NF zU8dxeulZb4;H5fZ{W=QZG~MtRZSMH>@Ej^W0;=D}DD|d;8qySw*Ao5#G>|&%4yh^l zcTPc(X83$cm?zhkd?ww_lkmw;qV1fbgqg6EvYPohl=nk{k5n@}1>9=nq{;FFSz*<1P=(Khn$i+nh7;cLZ2^38y~7t0SF+5$e2t!b@Uq zPvIpotFJIN7@r5Y3uBR|@EBea^ZN`hi6`?KUJ_5?H@qaKcn&WW3LKFuRw21o_2nTd zMnfYPvkRck5QVCs19*sS(-UD;Tzi4j2;1A@LT?hQ#%6H2s-k>sQ}hQDj&eho2Z;7T zFo2xVy#%X(K^^yQTU7q{U(Pp`2_P~~2NU2}Ur&HC$pv7Z4k|x}ncFpEcoee=v}zpz zANpeZjU?O_U)?Utn9CG4YGp!mCpr>5dT=NB20STDZE^jiP^I<$6Tr+F+AzX!{L$?h zWf?xtR1KMdPuqJr(7ARN;p>;mm|9ke6Sm~6$@Wt;JZJp<*nu_m_S1$S4H`6NJxzW~hDVpsUJadm5Ir4mjaU-nRRZ*TYDT{1*2R_4zk?lFOfv zIAJN|4t=IA1ndL-xaf7AOL`-QzcOLGhmKa}8K;{5kHp2hj^ z;{5kde*OzTYzO3kZFM5Kt*Icxp9W! zDpkr{vZi6wKf8kJXIC5p=AZU^bcJF@Kc#P>oJU`8*x%1}1Tml9KWlJ5RUxcwa3j2h zAqtybFhPPDX=guAU!UfXf~?_95UQ(Wqj&km_2{N0{Npv=+Wh^CYP{2%-shUL(F$Qb zaR+><>!fx(mr8c3Hg@8en->_*1L2X~d>V!G!(oR=zf#i6mjh=sVoY`>ZBxtta=yQ) zmS0}}PXE$BE0Z>^C(!iGtD}1wec{}#n6v&TRr6(R^5@nWN?*TuRrmUC;`z?)M)(WN zr6y8$^gUYJwa~fEt52Fi8B?I!+#AxPaho`G#k1$W!65Kw>9O~vMer~BjK2Rxj{f|r zA9|+fe`*_>>qGJXH|h)h&vQIu^*PH!3Y`@*>+m&Y-)8S4qwIV~9jlbKwrPWQG$k0aCmQ*40e|8w>!2--_`WAUuPC29 z_BTU6yaM@q6-M79{-xKv`HZ3enHyg}um4xIw!XPF;3Dle~_cYLCn67Uu==y@LKOtRr@7xv&0qXKyL_|rP_ zw=I4X+uLvO%5(P)hUfcbX&~t}k@}TZ#3zGbLlM+EBE`0%K_E{Mmbc;e${&h^&-G;K zzr3G2dQSh}Y8^fg(f|6^g8o0pGyeSdMB>8Y{C7e7zdY?T;ZsUe2ipT@No}0LLNzoENVc;hiIJsrQ zpthtFydA(QfFd!DZdwUU4I!6@Q7*A{0P6-F5*(aHFAja`oIpPVY%0KDZ5zDU2|)*r zC9(cUe9n@1XSc4QYiNf=ZpLy__iQ_Yqibj4jmK!jNXTsEqv`@lsf7d;2i#SmbB&?YCt&RPn(+Kpjxo zRi@Mx;(-E)H1=ZYw@e-8S^B3-M7aR4Ahp{gtU@G)VHRxbNVsK-_8=KVm`1)tmTbjU z*0}FV#NBY}^r2&8cmcQ<>CcdMhekGe3gzk5rDEJhBQg ztpciz;F66HYqHb`*aaDJE#<2-nJ`7^@!8HG2Sg>$$cGPiF*U=IZPjRtN~2X#G>~4< z6mv*ApM`*+ zn)|_P=<}}8@oRHhV<#<3EITLSDkLSS_?;p=|1N;v?u+t?DE;pw7|R#pU&-a~e_JU{ zS>Jyi^i4?uRs56$=gFxJEPy}k5T|Y9;mw$vai#{lsK^&-3@|dI_F|Fmk{o;{`9G`w z@x5kbqy2Y<;)emd@DwIsQ|-U1`TIYr>l?L&{^vO!Q+C9)a0Ws24jWaX`Uqs&UgL%}_N7a-nDo*p z`I8>f&TY(=SL9;?mu4%MjoJU88pcH(o~>RaUgJj748S>VL`#>mHd_v4$?n;|!VJt_ z40;^j$BEl3%kDj(ELRz~(Afla{|~Ize{_|R>vZkpLDivW$;_D_f-v|LK?=!D+$Yt! z;sdIkgfC{aa>5trkysk%l`|fU3RXS`3>~Z7fFXT(#+S(iCpQaPUym;}DH!=29iY&{ zM)|L9e-mb0aFF;W79ATG+<-ZyV-o^_&j&@wp#ZG#`-ram6Vj>EnuW$n6J|nSyqJ|RE8k?wkLSvdsB%PT>zS(`70P;!-Va5xo*9d?p`@Rn3Avcm zvp2*Do{`(yhGJz**x!a?PMcF=hM1lO0>;XibxMtZ(z6!P;WXwLb{#*OV5s;x4~Jrg zkDj&tL*b&wwP9(dM#zBC1Y|fE^t8qp@jxCxdQ?E@IWR64N8}-u=L2Xwq--`q^AI!0 z0huQ>TL)yG1NrjtnCAecB2LUqFVIw2qDt0Xa%w>xba_@h&jwkZy@fie@&k*^HI73; zlxObcP{8B|l)Ss2y^om)Cl4&90-HPlO&(Ye2T6XwN;K3ev)5sSN10=?RS@I{RIH*N z&r_=r^f*U%GBJ*qCImU2K$wPu9M92KBgXMOP{xKho)0KTTbXs4WumJ*xX`sb`x4dR zQ|9TO8L@cwnzJE_A6kxL63<*n1tB(jIVS4xco-ZcCeLM#&o4s^r>xTWtQ<*r)|nnl z8o#vG{^_3d{3njPP8m9k$YmY`&0hze`)q8CJ^!cklHB>vT5bI=Vq^ZQr$7JU=RafS zADuY7P7p@!6Vx%?|2H51xmw%USe*Yo$Fn3(1_{|N#uZ?DfLjge9(Zy}NDamr7s%W^ z^{Szhmq8y5qR_x>3H?Iit{q7WeY9{z72qJiSf;?*kcZ8o7ijP>@(H`)l$JzExloW& zpZp+>&jj!~K-|&#o!Tgt3QHrOg0*+nID^K!g#!>PzApq}chI+BA1S!qq&w&}W6Nn4 z&h;;JT-iB0GXNH>7`ETC3>>^9_V*6Xk5A9CRTloW^mW04|Gxge!q--OdtsMksD#M{lXyNdydp8|5+aeIp-|9qB5Ibq>hLA+h5pk;N(?ZxQFS^|=R?`2GIlUG2QKMwF- zPKh#Q6J-ho$R$e1IF{0%xP6os6y}fnOkV%AP0n4%l=Z)kFM0WIqqUGy>@g8WkD_!x(QSfEjbZUoikJG~8$anu_Tv5h2C$8jQfY ziG&Qw7?!p@xKkrzw8N{tV4SHUCUIY@MpX=+%G6{9tq|CA`yRWg;ipKAn7qM>3Xkh) z<8>>b32NZsaN|5Oypfx3-awn?kTJZX|<4}MGNPVFy=k;MM3HCQ?$eo|E z%4su~3iN10wROxofjJw6?`9ENHMlUV8Axi$)YGvv@d108O->h!QK>?dYMNay9%J;? z%IVmNd&@Iupn@&|*Z|8-4S8<4)rO``7BCQSs2;+vmoHUayhL&S3`A5@HbiVj(U{Rg zJv2x%m5q1@5|201wW*gfy%Uvyc3L%q7;9{&rI}807IlcWyigxwAB0OxTT^hD+Td*J z#f_^tOYu0RmNqa$kFfAaQci?Qk#f0UakZusMTszSk*k+-Zi$!OJNQ>c9T}IY2RzX5 zR}(s=Z<*;?!1P^@ZAvw`57rtIpn4Xttkf*Y;|qhUs?rl|%&tMEC7Ksb4tLJq9G|{F zla7;x!ruPL{?Xq4(eA-MCL-l5q;z$`uKx!;WBC8;z-zltm=TL0SN3&eH+*Az1Tnc@uIYQc(8wT-Z1Zmf;0>#x!!{ za%%;nH?E7k_7@mSZM22K%DQgk0^3PPQWz(%9k~<*t<|-oj=PE{!gg?vk^fL2zT-z63P{42M6CE<6 z_=vJa=mD;(Ak;Uj1EHcDf1sSL5dvSNw2)ei` zVoa1lE1@41JQxSr3?bm*I`!2xf?#4_q3L7=m&hT)dc|#*qXnit!Nd1K6hM_6Bhm?B z$W{wbBc39wbN6djYGNrkCW5=GYnN(ICy^oObMhN9PJ){*gH6SD_%pnqhrA313+Q`dVVahLNmnW z8}WYsboU*+?z}!YJUIV(RlGSkKLVHq5Rt@=IN3QpKiK_nxN|B_KAfH$pY22SdjR(6 z;ONaM)Uy8`I3Wvag*37MBfN;ScRPoNRMpN0X#FX*Z}<4*=hK6?@6N@$mGu+p@R6 za|p1`u*YU*Yau57J3M3df8~K;q4sdzI;QOZwd&fC{ny6U=3@VUj_0?65Ji;#irb=S zqCjyKzZjQ#V+I)~3wLRd7+X;o!+s$h+(m4Yp%=z71VGEq3WM;&0Bx2taQF+F*(PM{ zf@!_8!)lwIR>GjSRM-9-IYz0@i(w{sA;V6;K(pGgUC-O1GfBu8|$>frv-igPk6@A zf63KaarX)8m?r<%*6Ks@|Kk3i=XsX?T4{PgrAc?_GGP^Na3cVeKx@CEK_JRyL3-dc zA~PECl8LV?Omq>&V~h`96y;D@R>czKAAeksk3YpTX8oV;@9e$bw|dS~)G=NEKXm`^ zdUc`yd6p+*!uQH}3WYt23mJ1@eaI$MwlCf0#q)H}nDwtNf_;)Y9<2YbZEb8;7yAF_ zc&5z%lUxKpP5)n88@m5-V{!k}^E`GyvHBW=<{(H0ua-;vqaNQHn4_le>KNaH$P+~w-m>4fE#Dplt#03TD8wa~sc@MJS6`H7 zeNvN;I`AT1zv9IJRhj|z`eA?`YT|+v6h#imc#?S;4h2~D&hM{883(6cw4BBee zf)PG(3Gcj;RE148ozRW>$}WyCC$g}F4tK_w5GNS8T@Hp(2_A$<11lAlT>@mQOlYX= z_9yg&QkKpgFX;}NI7OA6z=_;@!0#xy?^a|hDmaW@QgPjCt=4uNyZT~tV|}ajVr#S6 za@*~#m+j3p2Pl_QeerUw`LY0I)JQheb$a5}P@MTQ&a%Dzq0erRuoNb)z5n{J$x9Dy z$=0k|b*80PC=`_FHa!383*nKx6bWyjaJiwczT;b?&~i|AZ&aWE?17R0L!PPjA5U-* zz%==gSla@ol^3VffC1j_=)d{nDx^wOuESZ2T32m_R9!>o#MDLw{36C6nRAlu{uZ zM?2q|Omw!#G>2;X>h?mhu53RWD^@lwM0ot7E$UKX3oJxw)}8|9h54x^fj2oP3SUj(q9ymNzg*5`*(WAum7j<{l{n8`d_ct^7MbRy1rQd&++740SO7D zW-aM%3ro2S)7sx=)lcE=>CVYJ*29YB_0*{uwWD^T?_OjN$GTM`*T$ib^o9M-Z{8dp9HHUK z3Pk|K#?`TLdtp#Y)L8&Kk|^LFJ8N9AkNhBVuLQ`XeO=Cbl&OPV%f>e8y|3#(aRif2UBynqCnIXh#k7L41+}u?$jBC%0wf6CR>sDR_7*v zpo1<)>>mo_knqFlp~_X)b0%c4VH~6Wpos@`ZQ^<(^2dqX8;nALoDgOr>0Hi`7mGm< z;Sm|0A1cVyfy3|?$_KIEa!P=nj_)=ANkF#0uo`kMLa=!GLF}Sqjw)8=k(T%yiz|@k zZ#`%Sttv#1!@Zpo8d$Rag%*X^gT5us(PM{ionb?r0cuupQe`vA8k_2}qkArlu{HJj zAEN(H8u^u5c7y934c_{Rg z`6!)FA@#mhUkndj^D{f=;+Zyy;)Z)}sUTf*4e&;=ky62M3znayG9#`S(y(fgv|luU zk?yKgD6qM@vIEvSn&PS`Du7BL#>?A{%LoHUD7}%*Q9!Vr&&+R!lYianSx`UANP?o}1x69J#7H?Av zq3x_AVNJ^lS?i(^?C(m^^t)-ksS@*+0YmHmNj<;#nX>*j>v{YC+U8nq;s5n4&yqUw zDd>eF1J<Gd70F?Nf`PlzmslCyN=TDUO$Xo(mB%Yezq^9 zqsgkc?RtQ}EjvJU!yqP2G=<7^BUHgb+d8feDFbbT$r^-%7|*L+04nllScMcTx-&{6gB1JFFj4N>{v$ z&P(numzBMOgBN4tOj_x-Q@M8U@%HVO+fUGdnSeG_S*x4$d<+$Z+AEt3S!q(*9tBlm zHL7Y!X0XJvYjv#LEOo;;5iJ-dm!coVv~8fa_H5(?u2^Cxk%5*%z{XW>z%mr#SM1WrT0xLo zuFlM|gswCPo{!4&;fYl17`jJ$C?a*_;wrOI4LyiPqctOH*NzpkBG#pdtoq7r>_=W0 zDFvgND8@1iSMb+gtD(7w++PN`MlQeB$0Tu%1K{=|q6V&u_=fYBk~f$x-_O=R#52%w zliBpK$U4y?lFR0X zS+rsL_zNykBA~m62NQ>maQBerT_I{gjVF&Bv~LI3gPUm{tyo13a4>o0k6-sx6)X+H zCDKlF-6#4)52>heVugn}yjyIhKezA{lTXE7;1S@v{X_apKk%d6R>*-4Hy0ymT_sVy zdn$;{eX5kiCR~{;=M^=2C)J=9&RkbqjWpD~l1Fy*&P;J8+@2Z$ImXxqnYmCn9RxhO zS8|bDQF-$;R!)wbF@1ijQAe*uwOohR;7NMc%PU*DIMI$RjbGu{$l$EZ74=emyyX&p;G^-X+Rz8gcATsQuP?tlKvmo|f*sT`Ex2L&h3SvzC zWU3(xN%B}I?9x^u(T(mXmzzEgoWwgLxqJb2Czn>=?OjO|1l()WCBS%%havF@c9n@H zlk+BQ&VbW0Lb|MqDK97Bxd@Os*%y$Id3q%bMZ)PQT{50H`YJ+Vo&e&`jc6{#Hyl?* zYb@~|tqB|#gl}Zln|Ls-3<)H;q-~i@ETlBo@<5=wTsGfUxbw%-2E*LpV1C*rHH^i5 zI4C)iQ4ZyVc)xO3P2TGCz~N5XbfFkB2yIx+w*Ypv(5D-{Vg0z`A~o{J7<|yG$96;m z8i{xjV({}nL-PNVMtAf&6n2y*BAaD&+<%|f4S|?j|UH) z|9W+OW3m39<(XmrN1GK|ao2KZJ0qHQ{!`1xf3I(@tuO4qp5293tEY;Tky0)*$jJ`+u{*A46__ z$Dk}=zwg+6lCWl7@A+ri`roML&VTD`kaMyApW~T-spAK-PTrIH zBS=9bIFR%-<}7clNEH)Ft!S*Ktw>WN)7vnDA0Xp9q&o%?o#Fy<@@>S&vQXo;E~PCs_Z2 zRBkDjKnlI&4oS%DmdHYy73c!wHYfwZJ10K|HzF+?YZw`zBo%mCXG7KjEKmMY=-^LU zpB-AW3Jf~6@S#m2b-$?BB67vryXAPrpg`K61Aqf{$j}Mht%MEa(N9QwW*Db4&>KA4 zUKLQFNmtJNGC<{^GIB_5Dz{h1fE_)rqvO~^$ha$^_j#KTogBQGOr4ys#8pHA)EtV$;lm|b$% zA@?M_(dYk(KJ>vBaS!#8?7|X}r7LZoYKk!QR4GClG+mLyd!`b<&{UAnQs{CKe#s98v)YcaK|Fb+_sg2%r_9b$e z`uW0y;|p>ErArj#cMcCGxq$aA@6`?^U}Gj!Kd;6 zn;UukAF%%m{{LB?CGu?3mp$&%Wse)iIW{r=Pkqzll6cy?9+$FrB+h%=BZZ)T+WQ`} zEqsa_AD6^TcRnsjPV@<{eOwX`z4(zD@pN}TE{P|<{c%Y=@%@kJx%;FyKrV@=x&soM z_GGs}E)~>m;Y#=!<|kyJLinXaP#17j^Tp$@bo}2#e9A>1BCm9z4f)bQms*ARZA-z zx>MgcGwnJZ^M)f@^F`BLKso=&)dxGgD*#2S@SBf})at}xNWz}iYRJoz+BSw^=YXXN zIzttU#e#Ag0x}>?!?T!*&MZ%KKFOe~>^>o~pXI^Lrvg?d zXoE(tg5_-v{e}VMc>pfbX}m10ifzaB?R(c*$rO_D4QD8|xWnh){h5XS$8q;_>VMa^ zhVFj`8Dw$)$Fn?=w{NHj8o8(yU)?STam!)L2P4Kr{5#&JrZ$gQ-8nbBXJ{&{&J`sk z)`yA}ea4jKg^FX29gCV^uLHq`moV_}8?ZI~HsTly1e1p8k=8(t?05ATS^e0is5yA8#WPg&?+8=okMhX2NwLzF-A7g3Dmq|3Ik2$nAO!+ z3@YL;QsQ4!#DD2G9=Nf0w0ycOP8?^ta|Ql7ZgbFq0hI%Zewkzy;ds%k_p0z|lf27? z#tI>nviGhSUsWCI$``%@FtR=PS^N+T`_HL}4ckI>d#Ev=ig}D(`pxXir_>@ghq4(< zSsb$)JMuU-tF+J97K%mS_f=}IWC8R?`M#=dvD6=^3BXhEm((&tXGoLOGASbMl|7i1SpMM5&CT6*D&sr$XHt=HN$QxfJ@0HCW6J@>*LePUd@3c)?t4NG5 zi&HcCl#9mjtJ@2K!JmZ@0b1muL5s_jvOCDct4Of-!cmkhyv0aRr6>#&o^|GwjRZos z61w`7#t{B&tz#TZ41va)|GtC-Dox_dQ~@!M|&W~AXvdFXU_KNV4m z88zw#I!$zV$zqo|%enjw>Cj9QFXJA>+nMIF8lxm=1CXl~h7YS4vGM*!+wNpa9s{kG z^mn%Xex0i|HII&Wd7+sf(U5thNsvH*VUb0V@q_%4n~j zu1$2jnC?q3vzzy156Kp}EWn)RMb?%K`Zxk(8?Ynh003`U;P@^RtIg(kc&*v;SgF>Y z0xN46S?b%mg{&0Ew(Ye;-g%*II$d4?nf=K87Y!#mZ;E2?8Z!X%V>F10;IYCdIlsU~ zuq@YfL8j%)mDJe^#)(@VRhY%p3#sIdtv(FI_p3_h8(YM|{FkV1ZEc}YU0vU-uB__Z z=&hkIHkV^SvbmGLUk0bpA06)> zov(_c@VyI+nzN4%7gT_ix_n3cCsytvD^_HY8YGr-d)#m`{a!fsE@-s+;i zNBVtx>9@2WpT-u=tA2;IxQr*m8eFXc2fnoeIVuK8ho2H9B!h2EL_zcPo9ormV(0&N zd>*p@HzLNchw=f_`2V%F{QkebxweS^{49^&vE?Qsw|}{5()oNT(i@OIPGjwx!Uw1F za=mO271YE?Ncx-%rQ=onryqGY*4N_qF?8<#ou2)Cc6j`@aYnFDq{mf#?G1%1{8unW z`!PfX7xZeD=V9v~ukv}g6fkZ5*N5VNtk<^|^8d3usisdJP4FtJ3^DK#MsJP18#h%0 z=zDS+22B_SPyw_lWfZn0LL`$7!8_WAbc{I-qp4q9tnDXy9<=_Mw3dShasX5J|7!mH zccZ$v|KWL_S@wTD?WGCJUgfFKF^p3g%?>C6kY>;4o0SXzMlHy|{Le$zKVG`|)ck+F zo{#^wzFDg+*8g)nW7aZGv;3Rcrlm>1&|;?iBQh>l^B??q(E1;+ape=Q{~GM}!}9-P z{Xfg24ynn;=#?l^G{6`Y{l@Lr8@$M`)H*gaj?M`M?sUn`uj4{A_}fUcQL>ZG}DsG3HpYY zUH~z>qUf;3j3qMdDiqI(zVDXLtXvul#UD z7Uq!v`O7EMv5RVL^Rgi84t+<}xC%YNfw&lSE@3Rt#phQ$W)m|U4FEtVN99=1sSq7K zm>AQM<0r~xQEs6LRc825iL)}KPx5k7;RrpF8Y%PUu%h%oc}({!)J!E%QrBKvM1OKG_jK*1E_vq*=8Zr_U*Uj-Q&IeLaXbxu2u2( zqTCbZZ~_p>IpJ&K7F1ibtJFkr{XW(>xw^uv-Gi=Cm!OBY4(x?VuU{+-TQ!dmf+=rh zQor)n&Ah567s+b62f?Z+;(T4q+8<>DI6TP)ksUp&d{8-JW{r|Kw#I8BH>eTwm#Gc` z<)DP$FebBdiM~a6ED%zBx>0%No##xa$4qQC&nz>U>7$yu zDb=@I)2oL(kFEYoQ>VrAxt|&K|2e&Xrtbgi8|!)fPi=h>|MhvEDgHlr<58pI_CyKf zim0WT@m}APkv`dX#%oKTms6K1(e^gJzjb?7kF0GPj@t&t-}!!d+bq4JjMT@u85JJp zWwfL(np1ZbwmzI5vbaex8U${Q3S=Sm#vVjIbXNwOeMmSwY7@$fvz3CJrAsRb8y+`! zN{uLFJ*+leB3~0*`XQ45L%_jDCm8z`Q)5516Ft;nB!^n1A&WV{wMJSX?^QBWag|+~ z#yyqeiL%uz=5iFtTdat+7Lm;uwpQfZo7pYbp@Es+4|yN7!r&vF1lAy{0}dR6Atrx>taM&bT+nx_(_I4A&_ZCJ3-G3iXIZ< z?T2A{ohe1YcHw%`yd zKLpwT-i^^OE|V67pV={P$Y*d@-^EHpMPYw;G;96?ke^-Fgp3*~#OXAS#(VG1_nO<= zXSgJf2kb)l)!&zKzREw6f^B8R0)9^Un&e?v6jl1KBS4#(;=}>`u;RY&CCkNs1;v$% z>ZQ4wc5PHfIpnEN$RbM?1?rLTqCW#REQ?H4|0gQPeK$Bed)HXL_?Po9>++kG%7_;I zttOQ<&>cILE;7nd&B!VZLy25e{&(YFR%KO`Fh+pomgek^kRJe4>6lS zGN#Oe$78)aQw)SP??wqBZ-cH?ZuIP=)m^SEeV=Uv!iA2ZIQD*Tr7*IEc{i>x4poJv z-!fzRNn|zwY8+HDW|;`tU06&O-We;3KSg2Ujz(#|qSfepQ7<%;uEk7i_{vR(0*-fF zyx$cE2Qu{re&Y3gj$t#&UbqKQL%#hMrUxjMgjiN=67~&a5YMCHGk?3YnVbKZ|l%*7!6YtOYirA*uZiv8_laECD<^)tGuzDJ=+WLfJ}$< z<0yDIC4Ssw8P0K81cPjNg+dXlgdY;M)JSLCC%*LBp5>X1{?8W#blUk(eJk((Ti;m3 ze|erqA}(;GF&#wzgvYD6Zqaf_2E8zTO4>s_84xf{(NKF1gn&sB60FeoTKBCma)}a_ z`}e?MA?qGG&d0Ecr{}0LnlS>{7DfOg9#UR-BLX1M^5&S7@?!K%ytf7qxB+3s79EI_ zvpzRD(^({^+?telBWXzMQH$CMT{?|-@35R5-1qPX?z9$ipj(nRW&;IAl0{Xkg6KbO zM^b24m)ujC^W(kaZ6W1F+)`mwK*o^wcw^AQ8|bF(Cm}G%T{^kQbfWx9T$FHf;@B?( z(eZ&mnFNV)rTR432!1b&+!xfIP%7VNqBrQRAf4X)E|7kK4S+Qt6oyg1A%?(~xW#^l|WUg&cGl5^^&rgN4J=ajy3F@-S}mfejOCS!&rF6q%zH0O-g{-l zVCG-H&Zj#@};?u#q*_}vHZWh{rf2tfK%oFq5FTU>uZbnKhN?o|Iauej_jVh zt>Rh3hf~4@NRh};$Vm&WA!z~l4&WJ2nUg+s$u`8X#w!fuA@g`mfmReOv;&{z8N2?~ zj`sQG|Jn%s-{#sv|Nkt{Z0ldMH%pHv0iRP!(E3YOXWEjHG>(IFd>RS~&*a-OQp1{6 zsLsgw{UPryBQa%`%gba&ta!nO{$ZZ+^q+U;=ivX=t3&jEeG&itd7dvx1Rs3NWcQOH zPI07PSZR8$g&he!L+ju7nvorO`UI%ab$yKa!?PSeh8|2={~Ps<{Q6(psxRU{J zx$8&%46_g?k?jTS&PKWP{S^62ef3q|DRaY3aFG^a;Te@83 ztd19_6+9wT zPNX~q>S#vEfj742JXd7$9V6fM2o5b=q`|Jqp=nT7krVrF~NV zu^v0uB;mD7M?0P)y=~=~YjFE_ee^~OI--PNO9JmA?1Xri9T$e?e9~Zb61fXe0i&La znq`%1(-aHY};t;&`?$jH!ee_w!m^w!7L2t zZTb#hxQcuyE=uXq9?vD`lbUbi{v$@#;zXrMksw@*o^x|*rJp21kEIR;era;U&WSV% zZ8ZQi2Uzy|<@So|A`>PnvHR@j0Z>%_bU`ishP8bXZ9Hk!L_{-lDGR|)6+SH0oX}U$ z;Vee(%jwr~{NxD8D4)$(@=G(z|Axh!PjBz2I5|HcIS|7tG&Qw_3j{6%a$ zN$pdf|8V(l%KS@TsQK!cBL8pJ*Yfv2)T$ec^PgvV%J{tA2cB7+ygd;oA6_3G>(0^b$Mz3){m%R0 z?uX62qaO!b2R|R4{P^PI@y)N^VX(7y=O1;WzaQ6HyT2CRwQmkjcB^}}!#(G8ui1N< zbU%E2*9=-Of3$!8rhD8yKX~!_m&*Fu{|sKZ&5gn97ygI)y~;-?y!mkW%WbdV{j_&; z|4paz^X5;xesUcCOP8=t< zwXG=raqIQkKllFeYo+<~F9$ofANLBsydDHM*R7Z9CmVY|@BXrTwoy4r&fWX)FrumGj-#?bnsy%)R??^#0!a@a7-qAK(Au;56KHzWMRZ)`x$*d{HU5 z(ZR>Ke|H{-t$)`2Uys7m&7WS>{^>?Pyu3U3=gqsDt*vjI_T9<*dV(ZpWjs9 z_}{!dYTw+wJFLDdoWA+{b?xB#|Fid|jcFrGqwxLAujsMwdu%5dv)RNNc#C%@ zlZyoikS!!431gh(`R#92b+^w{B}&yVuQJ z=5wdMuvcIH{K3|{&TcQabY7^WTMG*duW#2b8oOtA%V%%8rPlURV!Nxoc30Q5B{yxJ zuR3nyV(E5w{o-hEFWz8Zi%X;?Ss@We}+ud)@^7`&aZ~IN!>YQe8 zt+VZPJ8`|apEvC8!K!)KuD6fV0F{mPBkdx8rk8Hk4s&~F>o?}fMg7gux5d}{%S(;L zt!&zA9hN?oj^O{R32zU zQ$N0G9BzHcXyZcDU%jRpX)O6QZ zKiwSPm-b4lpWF{?rRw_X(doyvPmSHxqs#SDW22NPHS?>brd}$Q><=5e`TLKp(%D_1 zT3S1B4;PNAdFLW`apJ9Sy}oN-uJ2mzr_AT$yy;~2YZr$H2R9oDd&yqR7goOh~zHw-L$kujuH_TIS*ZaJ9uN#+34e#Lmb9>?Tb>6&AtbM-T z**mMUw**aB;cg8LbcJ-xkfo^=#+v+nc&kx$Lz+ zT;z{#tBL!xwzk(=T)104O@BPRz5I~RE^VLQHM)g^g--ftXCrgBu$uXpUTz%jy58%? z>UsMtyOsI4^XBu-x2krSIPz{!j(3}9o%^$+-2G?ko4at3-u-s{>3nJR^I7^^?)>$K zuHO0FJ38Op*($V78`jDG-Nt_JrtvMedEq4LA6L)TnoH-a=eHl0ve|{@t&Po%k8a-X z8I3nbH>-zsO*^_X+-`m0qFwz^TVLBWE^6KL%*DpO(Rh8ISh(F>IQ+PtX&U>;0YDp1Ijv))!COnVpXtt-M}XPTcnDxr20l zwZ5=(u)lTIyZo?v2q*pQb!VZz{`n?rw`#e)bK~sPsU222R{PCq`oJ=8onH6$+ktV{ zO4zG!3b$tMlikkV<@Q(iH8`qU*1lHSHWxota$Y*yTievGH{X0-JiWX=t-mR?udnZy zFB{pMSwHLCCYE~XMX$cSds5#t)-N~L-lVI>{@ulbao~MhZ#nLE+b!+x-WjhmpEs^G z^Zet*Vft?2{9tqOb>Z@jx1A__w7Slm~Hbh%kF53`rM zrP5mC=F_^n_WJm2ZFQ~FTg-OX^n?99!?Ewp*QW*VwzIXDSZ|+SEV-vUdyZYQjvAeh z)t&v<`A@CP^7-K=Y;QNW{qdmrS?h!^pd{cb1$LYI-Tv_#mUL7m$5c4kJj~% zpGw<>+w8Xw%h&npoqLg~-G6RoFWy`(r>{Gi+SaG~$LrO#rRM9Uoz-PKvG}=tSoIb* zvTu&htlPr*!JZ8;ded~@EZu+09W2_;o1=rX^*37Mx>7kgyt!Pi-MpzBZ@k{UeN%DQ zI*IDtw}q|DVQKrrs_~(!Eo|H$+_y8iTq!_$+TakkhwTG(HDv)`zc3R?$vAB@}V zc71Q>WOe`Uu#$sqT(mx(I?Y?dDlFCE#4R6Ix;qz*!|le$)eoh$qx8X*AmxA)5(yV-=hdE2-z9pAbaiB7xe9bdGywTivJ*F3+iS*_LA+e?e? z&6|bS=7n|tdDYr#)$Vq)M_V_adx!aUw^v!%?%9pY+Ft&{R^n5yovXdhY;Nyde)G1r zx0gO&)b`e{jjhX%)z;1H{KlDgc3j;w(%Me$xU{!gul06YAFVgNox_}Kw{8>KmepP? z?PPYA7FIuAR+}el+Z#rG@u1SnZmxe`Kk9xsUH!0q)?2*UUeqhSo5KG2;_d40_Ic~| zR;7M_ny^Z1#_g${`B3|0p55>6XrGVvyzTAty^Z_prH>n0eSN*~`qOd!B$v&5CyjdJ zG`sXMfBI?l z)6PoExwFHi&67`CZW`G8n@0PxVI(s4<~O5qzO-;-q*q&q7mF9W%NNUb>D$uAUej{y zk6nHP!M$Owt~T)AI8^S9y@b3tqW8k>v7 z?&q(whx^;#HWP=H-u|b{O|80@-a0$q(>Be#@#gwu_2TBu?&_zHwNIy;Z?eay3mb1* z%e{^2#nwfAVQss!oIWyJt2b|)#QKqS&}`PK%hvs;Z=IX1*C$ImO9#z2n~ZkuP{7VR^;a({GcY?)@gls>wx zuivgOoowdv+HP;xYu#OZzSc@-J5IX0326On5onRK!u98bSzp>+Z=Y`8S$F$ynufWY zE8H}9PA~5^8|{7Ds=r>aYl};_pK5noTbbLv`fl6F-lrEfUspe0Y&LW0#M0-+Qf^`U z-qw~s>Sw(|_qOz*(>StQ=jQ&}#+&Y1qgy>X+bfwjT77L{!#t~+>4PJ!_ImB)HdnJ7 ziPsk%AjQp%({-bMwEtoMQ|n-9?eOs8y1Bl8a<+e-U+8u6R_&znt+}4hdCR%=&PJ}Y z;4N*QU*2C{Y$dGi-OO6IwrYO7JS{Zb+~xAJZRO#P-0bcZ*1zqUH}^TaecH4NXQvCF zFOSyF&DZJmlZ#5-c2*1aa^iUH_R`L;ck_GoYvc9h$8W~@Ld`OATkXrW`}5{`!TfNu z)~5wcbMd?%?zJ{zc((t$mVRtz7T!9KFeX z$iQvdG7B5_^~Kp~y1MzgX*kBo#^F(J^=$j>@VKTgH}yoORk-}Plxy9cTy9@q+>~0& zrEiO^H+PE%tH!rgJ72o2Z+s}-)D|rJXfyBbWWK$r=$A*^NA2s{hr)d?v3GY~Sg7uu zCsx*WtnAmA7DCuH)r(kNJIF4-y7O<`WUAF37@086XNj3bn&&QY@8Dw@C-Um+%)+ zowRA=_af6wLvwW({RTF52mVWHLrHoGf?t;Ii4X7>y3}!#T<5Tsr1u7l6Aho7b~WjD zmP9kgn%#YP3d-Qg_o$G&`$~;9*^C$x40?m!ti@->U8$lnDr7gBZ2$O}RxNP($Gh}@ zFYq_-vZxSX=kzh${wLEH|6y^0|HqO@<)4+Ro^gxXF#dig);Rb+QwmKk2oxZjIZTYo^R7CM53hZA1qoz*}X%%am)gPD^udR?sITb8mEW zg*$nMzb541uSrABKM&OY%sw9d{+CS`GE0;9zj34?`!B;uJ*$t$?|&wX@!u!=|LfDR z{rBUvKckN)?0>#cnC$;J((wJK(B9AL<4Na#qW>|LG~)jEhjxENAH(SXLSOucMffF>%~Of+Q~Fl}A+%(WuD0M{^*&y1gQd6eQFn zR`t5==zX6PUyk`-UlSX5di5AhDh{FCJlSJ7t=K4@p_0CBN9zV{RM`AHnY!M2@E13f z%`c@#XokYVH0^FEB=m#TRtCjPkE?aWJz1}4W>@RE2@Eo{qGWHObZJExU>IB>T?VMq9^d08=q=Je7oux~VnXS<5byh>?O?B^ig9vXsZpVL>=ex-%QprjMw) zJ&T8OE;08f`}t=gff(nzaKk?9mR+X`832zSRIZbq3;b3FJgW|vxAD7|^M73$k^c*Y z6Mk$T!_I#u9hLv(3fYPOpRuI42-@>)VX9Z|6m4=bS$2ww4JcG8qx%N0=%yzp?tgcB z{Q37DL;6!1cK#Rp{C~lp6Z!vGlCZK>PJcR;PG#UWmiAfSeQCbeYwO~Eua&(&{qNkK zhb+U%rs+GQ2$B>uh@qhs-psPF?=6zN^OUj8KNCL_32HnJ$^1!KLAAItYFikw1#QE` zNXe%z4F~>Eris)I6s6&zaiQtj%+jm6>uL^nJ>=Rg^m3`Wwv|v@gt^BKqBvv)e)m?# zrV-CSk8=rZU)0=q6m&4`{P)NIDx{Yt{Qp>zG_xPL!7P(XN3a1MRjt-CtTH~`aa6#O z1GYjxB~E~*8@h+5mrnWgikd`u7W%l7kf)7jsvQ->4gT)M`!7f%z5l7wzvkon7)t*a zqVnHdKAWGM|8b=0Ke)$}CY#rJv^OSQb9fz>;<^S>u+imQ?61H0XZWOo4_?R^wtRAQ z{~@XG{0H8=U(5yYkn^7_^xglNYB@jE!-UqJt5#m^#($12q*UNNq1cQ!6WLj6{dW~A#CleGpp08 z03I37KpIAk#<7Td_mo8tVKPVU95HKT1^B0@&;F?+P^XT)i+32*JiRq)Iz=so!o(3> z1(^H_i+0)=@ps+S~e}z6^V+JJND$24u8jI=;EaUAZ3NB9-h z07SUU<3M(yIXVw6gp)IStkR=K{8*ceyQ_?w7cYZ<`Ht5RZRAtgSllWM4BvuYs|*vHJU!Z#$3*%ZlP-FaGNdkguwz&9{aTVfZR0BTRQLB9cI_1O z9riPKe7vhpc%-KLBEkfX?_$JffICfS>((!C!V=5On7>&qWsRy&4SW5=H6b=1%2>c(hn6eP7IKYhapg2{4XuHMy<#cTI?_jskuvl|| zQ4DtK0_vDLT4JZLgK1)GZjmRU*s@|cydmt!hHdeCL0wx@@?VzTR#DK zZ?9g*v0@6HXg4~$F|1nIt}p1{I+|Jb>;*?}=y%AG!^B%y0!G@R$5q+?smnuhERYCg z0eC}oVkeNZhO=GR#BBcOzG2cI{tU?Cza}j_v58rVzJ$vnJ_B^+f;Bm@+w;4q<&En> zqAgmS5{2-P?XFQE4~qR9?3vfp(1EQr<1x)dRfrzb?~sw5MTw$*r?uK9?h~~ktkvgz z>0T9~aE?}^Ccwc5y9(s72+WA7(F3wx69I-?w!q$Np`nVOxGmDdFaM(M;FTDLdqo4d zk^xKZt|WZN_ug^!vSFb*Y&lp5K7~5#HhZWo;%asMo!XgAQa~k4g6OVHu$!WPm-SoC zgvGqV6SQx4S!n*D(#g=hye+CC(6xhPd^*q(i{Y>FMA_u`I&@vS`(#p@c-3qHjYRxmvF3g=#Xm11IGe_JRiB6%=Q2e#fc zdn8I0n1R&+Tskn)6f41Sj5^kuaZq}DgKaA39#1F_=;c7C=;nZ&v^N~hbLZ!A6<~4| ztpXj?j2glkO^yf4#-#zc;0O^O04G_JWp=MGOIYoK->S_)8bz%!BQtmyB%kHtO8eJ(az9)rl zl$k4e6ZllEQ$cV5&~f}m0L)>VeElp;Ie~iFsF$l8)H(hN-}Lm#gBw%_1V(rocgm%!y6V_) z{R=`iAZqvy`X~Aweupz>*d0LE6&nDm38+lGe?|7&eaE)p&=Y#aj)<13*;TiQtpM?Y ze=^@d3VsCy9kmo(4XLKrGO^CFiI>fQS~b0jBw&19KBHX&E=U;ae^`lhxabtWdc}Vf zU%g@IUMV*|*m>^w)dQ!(Vf}xF6gRYhY~0BtNIecHQg3bdwn55!UeP3a%m1 zWsP+#dMkvLD766v>P+M$C2`E)n6p_d@b{F+`+I8c&%Z4MxR%zVXdwQ%riUy24pB0m zTs+QP;12ujHK`xb2#n-Xv|v{}jc&gxOhHn4a#1wzZ$V?=^1|wNyWNyVV!7%$d1~E_E1P`Yc z)s>P%LtLX2pqCO@rP49mIsSW!t(J~=j+1{|=Q}6c2d5|OymWL_+CSOZIA#Y&Z0%rw zedlE7U>|;MveNz~`?#~e4kyzffbpbv-ly3bcu*rL9---2tX$ zH9CN9fjodyV-fWb7^C6o`y1$+mci`+-Tpa2C!Eu3VKgE5zwRK9rvP9yyR5_CCKigo zrQjHOyO=Kk4EBd-`8N(^B0Kw2u%~zx=vEbQODF?Sm)(L3t;WY5%5yu72HF=zzvDv+ zi~zSa^qr&5=vPO_OEmg5cy0@Qrng(<*`kBQD2(!3;^(j8{|C!|jy6i`dmGPw{P{n_ z{l70R^}YXOGwF%^XB=s;)FqMlhsj(L{{WFoB9Zu|@)mr>e~z?;v;b6DOCs@*q$TlK zK}+I!a+bshVwS{EDNAAmAxq+EGM2=1MJ$O&NLUgh3s@4*m#-wAC0BepEieA3DnF6m<#mzZ!jlBuCnPz6 zi|c>A+$52hNKJm5)P$2JQJG01@qCF%BJp^6N#g0^5;_!pvXVpqLO{L0;t`S(EIgW= zByn|hm3WGjL<&i!=Kf4PS45H+Q9{B4C5|p1NhDrCI+A#TaD>Z7q-Z4ZQj(Fx3kXIM z56eaVY5I1f=>MR~H6oU$8UhWo|H&*ZMeYC6`3e6&mL!6JZs{$&VSF-$;(t&5wL;Xz z)LhC1fOhL}M#`1myICqNFcy^*QN%Znj^Vgb7+4W?l$d4z`h~yo_#B%ZjcZoi6k^#a)>+8XS~{TCUqxt~56H>H(5;0S^{zi>sa{M@9^q=Lhmthx9*eL7c|F-B&B{|C!k@|8M5& z>$#Z)G|m^hP?jsX!v1dtFaH1=3|pU+Uv-7`p@V4qp%CZMqlz0X8=L#WgpEEdgH)FPD>Q;s!uQS&i-aalfC^?F zgjGCUuq7B1obxM^3n&)1HujDWH`Y?JD~<&H2;Whz@}EWo{fpBu{eJ|6=l1ag{qMy> zW}^Q+jx=ol@x=cQ|NoQt-{VOm?Z1Ch;;+YZfy4CwGnwf7Z$2~e|2UrH-_c&HT{D~+ z<7UVi46RwRpS&8mUomBg0X*IHo<0hy{nW1O z9ef0Mdgr44Q@gj2lQN&)y{P}x?wh@eW7MABy{P~6*$ZoP6lOeU5!7a$I+&_yqgeGB zr$ID810X)c=X3;8YZ-Us@=7<&vfc5Jp)stg*{SJ_3$pgGK(Tm?B@Q}XfJ}dz3B3wRWs~xLm>P`y9Qe_@WQMYboCye>S{9|^iLS=o2 z3-j|0-ZU_?L%Uad{yD|_#?|rH2w%|g`5c#MR&yHelgCG1#JDmKcR(>;l_MOAGJmr9 zO?(xC3OI(JQ!$$l{Tq&Lp`5Y^H^$8B>Ha#*3z$%x-wa#%i#=*N*w2{dFg!NpHtmjy z5BfAMOYhFRUeCm*#%c%d#aoid1Ta4(R|POJx++--)^lp!j+EtHwmY6HilUg??BVZyB!jR!{6k06S^s1>jfqq3&94O487jX$ZcR&n! zv!TJyrC>;9&t@&nt2SpBa!bqkg}Lz9yC~jNp#w(2^UwS1x?;6r z5&xaUe?59-x$rT5I>A&DC=SG-6_pOD?%%J(+64w|UtAr!v4qU%4mQeRy}!RQq2(f8 zi2t7DUVAKiV|ZT8_jPRBww*M#?Z$Rv+qTUnjg!W<(YUc2JB@Llx6kkYew>5r+B0X* z+H37uM^*jdd29HamIImnwXE#+YI62q4;KHU)-592OjyJGndVY=gRL>RjoS+nJNu!mY)49w#F%N1S!8GC7OIFu$5J(aiI~G^u&& zIiKaq(eq|~i9J}agJPlhqO%E13q1+WTHG9(EEfn5RV=s_mGj418{yuuXQ}%0MGbj6h8Fc*N4-G)F(0rQb+*tca%BdvzlMCwn1)b-zL&pHO~AIgT9O6SgbD%XWsvSo)s zMRGyz|7*W3-2eeDr2u!P#fFy22c0NI!BC?^JTBa;NMRX)N^w z3=dEU9M`#nIdC~0pIn#qjPl#MZ_zJCfyTgsmv__HLixP1#FJnllM_?^swkTz0Ca|b z;SzxK1#mtty94fXW~e~Bx)}L-zNFvQ3rVuot8~GzBjvE$W#e_Bg&>NxG+8o~EIX;t z=6LgFEi^hc^$>96e)%*A@Z^0K_3H{}q~KSM3pr^Uz7@(@rXkHD760sEDv@}GnVYLX zxMy_!@mJ_-!=kyzKeg9VK1iu-L9*Lq;WE|6lfIQnp+&aoOVZt}`!pu1OQ|=DdZir! z1ug09ehT)>-eQVkydwH8nNV732vH&l!w`^f$3UDDUhem|eiN&XRZ4g+&9>@vz*wcb z>dwh2)N_O8Yw+;60YjO;r|$zhF%yEzI~%mc)KxlL=D_{mj@6{Tmu(p*FEIiXMWU zCNymFbE2tVbMVykbdb)(`GuQtjuc?|k*;uLxv(c`S)9dtKwMV0V)yTB)o z4nDcYy*CxJRd$>@49JBK3W2mnj7Q(j)L&$do=BT1vv6y8!M}YM-#`5(G^7H$u zRRla{H}#(JL=0mC_`DVF~*z)owYHhX<9ZBBqIx{Z(u_Jbmd@cfF`135Ksi2ZlgcJzNIaFr zO$sIDj?yks1t0K(bkDbukgHWsDY;t3*smwPn`FRloyM8PI~MG!9^i&JvkcVAb62J% zk=57<;CNv38DcX`qo)%oZYzc>H-uiNcjNz-2t-bFi@fnUaBg>R@^NnQiihGtn~52D z8`~cPy^Vo3e!&F(v0yJW)fEx{Ci#b^qi=&>qS?bC&lsUUikGAS7-ln2iG#lLel>1W z&F%pbsf9cNk2%Pm{a@`2SLsz>DWRkAXaI$i()<2$aem%?U_3?qj+7!#;PGNhS$R=} zO6cfQh7KypA6JkBU_G7(PM`qb?IHd1#ICq34MJrNm>B_i37*lv&&?(TUV%<%PlA~K z8)d`>-GNkgfbrDAHXxRK3C`s9<~ay1pRwu^1XpC zocOnlZ#HO7efO1B@dHSpO~GBGZ^~1o1IJ%ar@v$mxIuwG`(hspRjixuXPtNO5PToP z31^dg9CW~SxGV{NN}5^d50VN`Rl5$M-2&E!{(wjoe4jvw8dFjAA*L@PSqW>vA5}<) z(0|k9yGB7$v1X|FoxiWm>*Y{k>)bnQYbvMb=vlzSnqIDMW1?`>#Cgk$lYj^Rcj!y& zB$1N_R{YE9@zGzqS3y=*fA{n+f8>f-KildspF@*m=Y)Y5b2wzaKOfe6jWV}Era#&4 z{((I5UQFpb=^dT*CW= z^Q=V|{3n!MbR2j0x6@XoaYy(x<@l=LV~YU>Fy;N~U=5|PcaK6gq<%gjV-T+a8e2YK z9J?5#@Nek_WBvlBtD2@_qI<`=6baBQ>t%_Zu!wMP@}TRlDyfQdBET>-c+xT87L3vK z?|Gs#>L=r|ZGz=-%%>oBk#*qb_pGfT>T|uyq>|?#@=_pc8m9^Kv;QX*eqF+~Mu?>M(aWO)-H!7@N04fd? zssM0S-uJg?@OgLg6?l}(H{KemYJ`F~WW(2%h;&8I2Q+7Sdf>qUO9XmPyk ztlxn=>=_6Ly+5Aezl$`%OsKxG;ywa86D-Q7{{o^1QV58`phen#g~hv6{gQNYs$Rf96JNCiuGtW)&KQUao2G@FH0c6 z-*YWw7#X+w#KW&~m z`(Tw?8wqrTOU$lDvbTtst}{NWtSduI2{;)Usc^S1k4yo|_|l51H3s z)uPzS@fzVSr&J!My1}$9xgq^rX|Ks?Cd-RZ3Lk9`6!$@+JY*=)NCH5F%}1624uaw@ zfDdB}RL@viLljfTit}tM(Z2Be@EaB9AZ0{sa>!V(@H+z>j=bH_!|Hn@&LBb`?VIS3 z0$6=xw{IO&$_RopCI)H%wiKVI-rXyjNUB9~dvO~hj91j1f)3Mgdf{bHQ^Lly(fCiR zl%SAHs&~**lA;`-o^_yVQfaDyE`lVCu=LyR$Zp)losmyl7-ba0-`6t8F&eoWoOo7^ z6()yqcs`WJD(2W1pE=h01$ZgH3CfB2@M8LxA%N>mP((TCxj*LfAN>dd(tfY2sDCIo z$&X9GE;>AaoX!`Vh5%0Tb9_Mm!>5zWe@ECUg+KorSpQ>GLYWT~@4)4Akz&yYt-wAo zmWq)ETO8!!oAM6iob($50%_Aq2mJ}uLSi5R^xq)da@-W4r{jZHgHCZLXe^cHemCah zIR?}pRQ16tvi~1c{sdTQfvY$`f1;fBe)lI83y^^#K$|E6`gVqY0%V;7Dwn`mT45{D zuMEmlQhE9ZoKjDK&wY^tKLH?+HK}wdGM-kkUg%i{d3b#KXH>-rpJXYy0bKdl#a;KV zTf8*nwRgqKsltm?Y$n?06sy5~UivSnI0rR)q%GVmJlc@N`IOC(U)7fa?=H__+vS4Y zmrX_TmKxnRVvaXjNuQb3#kY%Dihst(*tL)_K|oPWZy7B zkl)(&U(&(Dc&x2K*5G?Dzw&ba@uOlvUHCI1O}hox7)i+_p83MjwF&hIo>Ap_LJ?w_ ziJOgI35Y(4$O9}BPP`EzvQ?9}_s+(p{!9V(s!_&ok`?bxO02FxRPV6x28cHAx*7P& zr1%2-q}tak__kPBA0xzqljNd+`uffO)KRcL01W);0DW)y;kmnLY1dDLR(Sw~e+K;m z7@Gl6Z^mhVfs3UP(9Ldv(VtIR;nb)k*vJClAJi00pK$zFEMuCd51xK}rZwapbZWd^ z>5vFfqKF@Q6^SIuR~X+hR$`!`HreMZKron#=Hp4SmD1fOcnzrf2q%62S$}MjZuh5N zwQ^r<*k9BtX|}X-xCy+-)=}eTHb%O%9yLtuV>Ok5)fM#RbN8ug6b_m#9W*EP37l}8 zO@4}GE;rc|bIOAt2jXtjc)(P`E$}rj8?CqSajKMFkRWl8V?O=q4QYrcFX?mEAA
    8 zvJK>np1wO-xtIa$g;;I?Eq}cc57Sa(sP#TL0vWb=BYks z@IYxIXHL^KUmN9pIJQjX&t$G+DZM}8ThmC6CbkP0dHl8n^$qOdQ+#;nYfH?(xqE2p z=-S=(&V>Ty@CeRNqXS%Xj@dO<4dxnBtVAn*dovnoB=t#g#H^)Su$X4kKsQKq!?&I& zo}=(Aft}(I`zjGiBP$88*bgS_5(Z@PdJNy`yXRPQZbFTXxA&N|4f9_`maRN2r#Bgy zLYD?npns&l8|ROt+=P(7h~&*m-vMT(7=X1P{HZ{44`72p+B8{QlVnY&V* zJ)OVAyRQljHfxjUlwcE1{icpAMRLreIe=sX*kf&&uE4A>b0zfgK{J zNGj&|k&rS-#}`t3ZC5U+oK?Q#T+?i@xx_8&PM9h3%o9OYsfxcuy({J5S-*UeV0yP{ z*6NxrtYG8T(yd0mu73MLZS6r9I4l*|>fs|E+wNFGNr}?tcrha6Smv-XA*yKDrL<%^DG*nqmqv$FC{EqQ8LEg6-|En`hz-E$_=Fn>qKvdjCdZGNKDNO!9>r1(i+!n!~s1oz%7L<6nB10lbA= zr=D1=2xgk1uQ~2^wpOl!0OFGQQNLDq0+Gm~>Bw^e1(JWyhZ8+-%)ib5u=PoLgz--g zOHZYl9ouN?_0 zM?%C|s6My+)aHa-sv9Vkv>lrBYw!=>q^pk>sm?^nmsZ-S_(h?TVbO2^ZMdJQ!J>Gw zkDy+Nd5+Gfv5M%y*9dEb^_yIs$wnsw556t!yLBVu3XQAjK5>rA*BD73d#Z%+&`hHh zL)@5l(xg$qKpNB`OcDf~a4KMa{(~=>oBnUxr$R%r zWgUUvAO1-;CJUOIesj6G4FH`Q>>uS77nTPs|6;y5G0}s_x!fl@(_KeG5#J28XyqCO ze2JGFdmh8WX?_UI^ z;cc=%csIuZR;$05??peq>t^3z-b=ArQz+XF;Ezb0Et6jg(adzp|5n2R;r=!57Z7^- z_*--3!VomwvUm7ZC8J$;|In{q=rr%jshY&Ri+^^tR=mf z${jth8t2*{hVl?(6#{*T7{PzQ-xrmO|7WeD6!HL!lR?v#ZVN9WaqDs)t9Re`1?S2f z!-CV46r0^zFetOc3}^4ZdkK{|MuT>LBAlb7Bnj7)a6b?*6v{|6Ud?lc_**;g^A9ju zCXx7U?Pc5hDukAsfMj;*HbhHi=yUN3RU%bqxoZ{ip$ zy7oeUW>a=rY9pt+-jEn9FXmIM5i3np;q^Krj<6#*>G93y(2bj_8X>2`MQp#`hR`>Y ziY%K>f%$_dGl6T}>BOjhPH^!X;B;#t zQD{OHL>fz*Cz@KgO@trqBSe0AXywvlMrTGtU1dxezYZ)eifehe2}~sR^X2%wiA##o z2$eYPzci!S#0A_i053t?X!`9m+5Sewkp5L?kvS5B_>VSfC^X~r4XIN?3RQ20fRT%v zLQ>*-h!+%3x2vpxcN}zm=Wo>*h`Wzh1Vwu>N*4Qlv0>)ZhiGcp!ZtV)+_RQavww-o z7Vq4((=k@V#bML!xU+h3!Vy_Y-w7JHdxq}Np&P_~vC=}q!Wojy!n4%%^xHiGai`fa zG9;S|U8qNuuRQa*Mq79YSO=7dThK??JwvY5Bg=PO&%HXFmy4>ps!D`RvIkx$H6@)| zdv^q$ihxFuQnfM(UP4}{OGHMY_ffC2*}kULlIs(7;^~*Cc@KPBr&}sm!+cj`pHJ); z#;t?cuHGBVXl|j}Z_<9%@q?(HvzV}ThTSRR?I+C|IwkjxN zb5aL7$7rxk$TRAi@o`%2K#BUP`K%~}YqKx2n9F~8QvS>s3a!N}jRy&Ej~D&`ICEiM z4v&Hq6xL%toS4pD-vR$O)`GJnKzIQlQ9<~^17`u}Y)_&&ZBcTby*fgiR3P7y0V4>&Y7-8 zP(zrIIBcngV*(*yYUSSw#V8f+CeTpuk9PM)FhSmcC?EXSK>AQ3Ip>I56tzRtl)W2Dwgh!cRLT|b zv$G~r5pAqoR|Ti?4*fC?JJ=564zJ7x@@EFe>hjiguctERk8Fd@NN#~fy9s*L)Yg-= zxnzlq?AU#9k=FMM*|8Uz@4+@yw9K;S%_1ZQ-RV}3I}4(FtEf0M4__c}(>@g! zNJQwk6yQR&Tv>_Y->QC_u|xUvn9Pg5WTrOKIoCBJJgGUVnKDqb3#F51Bnxp!Fu=bo ztMWXNYnZ&mG1Zact^fU=%o+?t<%SCzfpqBp(1J+EQjJXhyMWXUEUnvo%qjYc14*<> zWisuSWcxy}swP@8QGRsy%`r2piqesuT~S#rv-R@bFrEJKnVLGs|0%DoJ5%z}oHKY>E_pF#vPHD%A3^ z9RBxRtuoVydz9txm`oqKSZcY)y0rHxbq}`w3P<_Ebr<0ynxQ5)bBQ|`)dA}M^$$6E z6?x!a=~P}Qk{AilT2Mm!TGc*p1 z#IR@`+xT}qeN-E?t2J8ho+l2k2%iqpnjxw-r__x9z&yAa79_C74j7cAYcLi>pGpkN zltuUGD)HA^k~_VB>P|n1Da`0_WxSpE^ELM44MH6Ijq~X2Ci~MZ_FWj6mZErrxL%AB zccS#Du{-lSn?as}lDDu#ihi+qK=UDl)0&_Iw}^wP+^LV zv_xMsufuJA_ZC+|FqEuPr--8p06gCcPHbvTH@PKfFHiEwP2e!Tq;rg~`a|5y6km=1 zB-s+H7Tya2QK~9drtCE@X5Xu+kw08OE6Yo>yihNnt^W8e5fx24%!N;P3iKoCf za%1%lHR>j&(h_T9^nItDygFjkN+@t2J7H5)!#s3;Jk1CSKxKyyYWcvu4eDb{0TL;D z_dp^!z?>Dr!Y3=%|F~>e{@_?|O@xDa^6ZV@*R(E@_DU}DoEY1p*G&v7@Y3x08xzf3 zk(aUTDyWr7{Q8C~wNXCOzkdxPr}M}p<`5WCy@_GJ&B*znbF;k>`pqH!#8_$AxGMB_ zMXAI}olsw5sm{$dSdB27hucAlylJ2K@KMXK$$DU^uTL66bh*x}dkM-689-OuaF}#y z*{S{0a;C(+w-i61{AK0a)2%CXo5IN$#{yA@(PrD>pf8`=aD1ZtN#YuW8ZhZ*%%NvU>+bZ~BwpSCFUMacQTqxZHjd;}~;roh}II zsv%DuD$GPCl5>;52(DD>)WHYivEZ@CVrU=rah+c=}dWj9~ImppGSBJKc- zxR#{Ex3`}~U#EVQeFS;3bEf?F4+3q)*BA(Q>^KLVu&c+l%(Abd*u`T<`f0)`l<(=L z0C$!sfOu7C&XqfG4;|F(z~9V=3h2qZ7Sx${UweR`(5xqFjq20)NtrE7V7cGf)1lGM2%pNmfvF*rPzF?x!wxo*|GPwnf?rm@M>n=TR z7y4DpJcEQ_RorEyY-YL3CZd#^=vCW6ZA)>WT<$nFBSPD*QEp3D*O2K8|M$#vh(?3l z(F*x-hZFDrZ%BO6>vwAkaP}Sgr640y{+U*gVD9NW@*Cx8)l1nEtN>dE_pfu8t16Mg6XAY#3?7ycEN(3(VA(-N;81_jxRH0Z!)AifVzD zxyVW+z-C^he5p7gIpr>O2xa7IJ`ah32hXwi$7NQSXULn$x6Q_$iC_bk_VLyb{&^YE z&}0TtG)pXk0abfZ@+c)g?JtGcnqQ>op-Xi}NU5Fg%F0XIsLq5e7U@MhIb3yiPs42y zU|l_;!*G6$4!RXY&0}pQt3)&)#gV=H$j(WM2n$ z`Lp`W@b3_S^J~I%gviVO>IM_-SmH|~wi%;J)v`;uNA_YHBKiaFjo0xTYYQ6zY<g zL6;^pA7Mt2otZzq(AfV))MQhHZ=DVyi7j{9GEqxVO_-L9D(hmrJHBN<6^r5yr<*)O zkwUoSn=j%8m?c$sl_mQ9eTet8)91FI|AgfV8bjd%;)je|YG)0ie+)q{LAwkFqd10s z>T#(?B?-y}3NE@!tvL3)L}7Fl;TqK9)T+ZS2^&uFD4x}82}i3RWEXlv4)=!WE?e<- zq!`oPYN@MzP!JRYKvb~mrhF&V9)*%^gFcIv+k80&0H_;hPkMw}= zy{q;YcVEc81WSnezPC2rC*n_?2>&|#tBLviGNy%o8O#Im)4?B{`1j73xdF=S9>K(F zB?}mj7t0gRTJ2KR!`|Zb9{Y1kcPGU_EMp4FPBB<2^O_!Vm{=s&H*8$1jt;45wzNN+ z(Ev6RNzNH<=TjzQAl)=&U-)l{OavTJ|Fa@?%ka>*JsVxVy2g2s1i3G6G)}Cyl`rXx z7(Eswwrctu%c2pKXmWvu5!;8EOQZPI-T83jr4Wuov>MWmKxn2p8Qj!U14ViOShn~M zrSlCu)_9VVllWW6Zx}eb9 zb2s7kmV6bA#~X;(8~hc*Z8r_i&AJV4q_-8lNv>RxI6G&c{K(n&QKSTFphNwfAN&jiao-Ux)QHGJ8t;I$oBDZL{z`y%zqL z6t+>1_-bM#CSjQ7&K**S#vZ%QdDYuti57A8WTn2^pJ=mLe*~#q1HpGaZP%Z z4O!*tKET`6rU7q1FElN9PU^HdR`$rEh_MDdu`7Be5ps!7mk{a)<${dM9^oDSahxHT zY0!mD2VVRLOy7en|L*}Iajdv3dQ31@)H=e#tzh;gN&`fZ;M_32 zM?}UxozonukNDFztlg*<{n$|T@qTv=`)=7yJV9E;OMk7da$EZCU#@@GG*boe#OW*Cf?`^3dAxmKyC{`JDxX%y`OR-n3ulTaqKc2yx zpLb82p`9e#9!5tgIl%=Y2SOW}!2Ot0zMH+^L3W>k)D(s{k$pIr{&{wNn?xl1>&Xe2 zOAhJ>`R{wUupQ&wJwF<@UuBCZXkfnzbkpLJGM{;b=WD=CA_*>yRy z)a#WG!g&|25=3OMd^Wtc3yC_W!2(;B!^$9K{}f!4_{c@=y?ht7(qC5X{L+WmGW5y# zum?d-p-s!@92j=Op6u>R`YQ(SY#cL_*B8}!J>BG{AFlkVK_kWNyd2L!ukV`bR^&

    tVp=CX{j$&KdWmLASB3@Y5Fq_v1K|2n(!w63owI0sii5 zXHqQ#90d*?tO=T&k%&{vQLDdyCkPosb$)4pt?Dn-$$5O?R zAh^@gf3GPy9+_{X_W+0No)k`Y%M;Zq>t+hc_K7OFGBpiilkX7IdEgMBMJAU$lQDTX zr5oA1{V5k1wb^x8ob|jcd9?@hT)y{XB(N`!A3lmKfS*bNZbWCRmqEJF7SW&+GjhyF zAYw4=M}6&tz&FCB#J^P_HBUQqH23>V8O`;(pN2ZjbsX$j!s)oc(Bl90Z45Dg|-ltD)l7R4%9#$C~>#ov;%LiP-r8K7pL5JX-<6m)jBWP#-evIG)GmTl zEhMb)D5s)RN6$T}z6K$p%7q@ejxdkhmWcEu|5V4T;j!6sVHV_i5I%E-Gf7vjW{*42 zG{={3`e3O>W8(#@h3cp6El!v*x`(wu5R{gHGfR4Ob8(~d2s8Wq@|lOud6n%Oz{q~; z9-hT|ogUv8e0Te(qCe1QJI-Rv#1L($7&5c!q48`+jMsw(al&%lm~uzcWn2|&@SB|@Ex#ow@N<2SjJV6JOj`vA>D zE_SNE0|p`OvU!b~71@4C)w(0QB{qA@MRv0R{-3c%GER={FWidP)!2up`Ob|HiZ|xa zOym%2&(Alj;PGXT;%be3{s9mO%1F+2tL^R~rqrvMG|+D2Z4$1A#~0|U!6RUO%1i`I ztY4C`eMcVBPw2cJxvcv(4+7*9C`X^})bO;qu1L~he)NP2(E4NERs=An>5WqUzF zqlEl8v=!#c&xp?<$R$o#YA{yd=oVKo4jG$op`wP_R%QQ_h)RZDU*BH|AuQ1q6Kpvj zMJBkc_^3sP@T(HB1kBw5Em_PwS|m=sc6+bETYQT52imi{2tf|YEMuR9hp*m`NP;-V z%kFa&hU>lNN)%a9VzjaNv8;f(B;9rO=uBs~&D_oJbRxU!Ni@k1BD#O4XLZE!$WJtH z60{W>@Y(LOY!n?&5qYrV&aoy`@h28y8c&ZC!AzXB(uczkhJAuSwOvT)mIo6L{;Qi< zS763LD_tVGmnWKa5@r&p8OGuPQXfgstmBbd?bdf{+{-ARqEL0&p=BQr`Z70URybi9 zxp*lX9~UaWiw@g)9=*aRQOoIh7=5!9N|}@QXC+lBP$U~7upr;4VAX~l-${qwc zM6y=DMLu3ZBBJ1gI7m^3sIy#qXWB<7u|Kd2_o|wQOSPF!BqRsA&a#0zaJ_u5Xkj7= zT{U)`@I@s@M;)(9gjS|x26xE@zO9FHV_T08JoxHvCy5iPKQLmq22y#r!oCVW`mkc_ zjQkkT#3Xl}43B;J2HTlFP?rit(DYB33GBbcYQJE)7v(kFg(%z$Rt}3$Nxai1tae1$ zkwy>&E<^Ru^+Feqh~M4m(=zLTAr9jjLDR4f>cS+F)!%f6?_Nb_Q{1A?SRcu{i*j*Z zw9qT4-;xJE5{3x1)WE1kMJ{HkV5EcrceU`qXCLg{pL$xn zj#}GJ<(+HvHD0wRs!0wPV|K8vQYT+!cx;G_G1qlf-E-QJgI zW3Gq?K-m{B-U<8LR)AT$MSq;q1vXuz{>X&kj|9wPn4N3F0A28a*Um4PQE6UlBGWsl$7Em zoqLEAOn`rb-G-#r!Bpny*u%9oYC`ho#cdUeg;^|)p@GTrPLG`#Cg2$41rO;rkdwM% zt#0Bd83KJhTb&Q8e8-*$i&_l2rBno%S&o`8-<*hS#Q~+$e)vybl(!q*Afnf2WAR^| z5DGewxsmkhZwLF!)=|*2&2_ zDDImR(YNo7NSja_7R@cqL7}5l&Dhw8a9aY0xzUOM~!x!}t&AKZ2e}gAH^xRaMpraj?ja{xE*C8>>a0Mb+K;AM zS{a?K0QMKU)Rn;ZVh7QaUSx>1rKsdU1SD7d$892;o>*yki{2xF>hh4%C%l~rozqO0 zYX)ciiju|OJvDxd%{FVm^Oy5uwHM5@C?o>skRhr7;Z#N|{P90{71Hv532+!7)$?&j zL^N5-+K@D0bEUbyGHoV;XB%)X*jw;S#wH}A!QXfjd5H#%;$cN@MtfYn;iZh+z^uvn zEqJ>3ulhJLv_$u0LVLi3ubf z%Ca^Ce~yisdtNR~;6QT~?|=GlcmH!$%DrizXxxJWDeh6bDL`q{gwkD@R+^g_A%DLh z;PQs_5Q@tRqc6(6nD8<`sqq>VFYOxb&Xe|O50#arD7$0O@WZoKr4@tm-Ig|oRK^zj zC-!3A{))XU4vmeU@Vp|;|NqCzqL;UG;w|w=hRKA2l`7DrKQQ`6Sk*Tg>1gP+(73-` zRHRo8lk8l;%P}h1R0R3?=DZu{9-Rtqr4zTokkSB*OqTB-A}6$<{;|}98=&tqe;yo@ z-$Wd?hmCmPqV{id8+nqRV!&c60ycu)!oL>{zXvq|{ldL7AjA--8+wp&)}lgZB~YX&TvRmwkKWxq6m87` z5KSt!CgQhBaDB#>@%OSI?{ix$N`_hGW=wb9Fn%cUaR@Oq;tW3KSud(GcArSwQAizz zK*sW7sA}EcYs=eM1G$zh0+sy}+uO>$QAr$;)M@NYRdRMCPMHE90TJ&d5(_#Q(w_{? zI-ezMpK|^EdEKS2>?*uUIx$amEy2Mfj2|%w-QG;zy52Rk86D0(j~1chQ(@Oc$Z>8( zTwt4nzR=UfJ%Vq{Fh{A1+4&uE^{u8C${Br!tPBP>*;b)Z*N*Mq#>mN~%1IJ1`i~sL!P+iEOYQvjVlntg4wpjm4lVL}C3B{M9ki-3|2YNx3FkQ&yJ+ z)eGxSqbKNQd=YU*ZD6I!mna_Cpke!rR(&)@c9R8`DU(te-CYcxpbL8Ygsxi|+H(F- zeq1mLAP(qbDK6}jG=>L;TS`X2eX)Uvbf#mBk}2M`Jzbb?AYY|}wk9^`iB4c`%Bf&4 ztH+HsTzIZvdO6QH6|G)Q-uU)nzSqdm^#?0Y&-3$z``$|%OJV3YR+W;G-8d%~oL+^g}< z=9TKM@e5Ud6Gg$JgAMbyPS>)X=i($&QeGFp_F<(|?6V5rx~0rB(gN+(ihdfJH(MyrZmBiAk>Q-Q|&>~zGh z)OPYBl8Iz%^VlIWw+MM*O1ogW5W=Z>V*1l0 zyEwf=i8e82mT2Z}Pqrh;l+V@ad z@ov!17usiJXD&p?ey}QgdSeb{R@Tr(01q1fL`Q&RoV_1^1LG^X#rT~o%UqCFrGKs zn0JE1(%d@0sg75MBU|2Osl@Yx7%4vLHH!3j-K68e9{Tf>d zbiNqh&Q}Nx#J*fLN{EJ(7*f>v*;ycFh{j5yYr?T`{NAho3%f8Ds-C7{bZ09$EDl!m z335XbLTP=-EU>VtDEzZ2@Eo?^&bqkOyE+sNmHtS3^dcOy^V~{&{TI=Y%s9;9PK+yV z7}Z*`W*n2E1O^r>=E6*LVIbf%WrwGg;m61n9(wqTPa?LsPDv#?7m4l}_Haf5^8ER4)F*r;YsrfboToHJ_`#C)%QUVQ! z#hjxv4NhXFvE!S7D~gCl2qw7JGs&y1WyYu8AO-9!q;zp<;1SqPvf2v;?e^jZ+$1m9 zfXEth?tzpi_}TzdK&-zAE4m%b6bIku?PnzL%E@L%2)7!GzriISn%JFS72(}A=>}2C z;1fbq_6M`x*xf*S+o?W68&h<@I8JwHJv250&vbw%Zs&MDk=i}`Be8#MU=sK14Wkc+ zgfU)|tqqQvq*8y}5L)AbOT-^IEVQ)IaK!iyieL%w?mPbd5lsQa9+MX7I+| zomBl9lHh+%`~{QEqMWljyBgWQKSc;88^=giR%$v=c})?9+DzW6fBhn5=r%(#B@USz zHWSRn;d4wGY(MDH8mUY{+5d&2JDKSq^Nf2l_immJzt094>k&e*Yq3HL;mp!9k?GF! zxznkZ7Kxyn;46jO2Gt}XvSR#BcOmhPXKCt`H|;G^*R0iKPHT`sNWm>W8Wr>(jF^*< zz&S=Dwm+rBWmMQPZ9CF%U*3<8tEn{R$2B8n3Fyg)*zU1YL#~N(G!~?n4ENXN^+U}x zsmd0%#ebYj$3Y~5e<3zM`J;go%Ssp@5;lXg7gE(uKDcJAA@ZZYh9c6-0bwCuB_YB! z4DH9-)*QWPqsG5G2S*aa;UwzPRJ!r3TP|~}Z~@`WBdNq;0tso!#gtBB3g9hBc;L95 zk}$=JBK#=S7a{u((}nMb$*2Yey6{uMkB9dK!fzaj48EsRF%9S@J0(zA!E#I7;+x~T zF6Tn9BSop+r;r97`$TmYkiymmF9LASyEpyNbaB*QG+g4@5X@%i<)NXe^Dr_zQP+YS z_d;V{GqlbiOEX0v6U8!eqH*MoS70s9Td6%;Za9LnCE;`uvj*dAEc_t?4zpNfOoQ*b zU9Uy#oLOY2Dl|dXFxog_a$rBsgfTnI^dcaque481uUxe*qK+Wq8PJ5LQHIw_U;kWy8?zUdZwN5A=dD}r?C-ppTQ zMI22!97=sHbX}-8w>;T7@m*>o?<+pixzjV=GgYjRbUQn6DR~Hc@P$6YQ*z@-Ew+Xg zEC#?o)luA}Zr2>Kmq#<>Pxz#U zz&+c`3o7*FJ@zJl#2Y_;EACJfVv?^vr3*iB?YiALJPJoC3k~M?AC~1Hu!EF6^Vt+5 z{4lGGsHtK6p^-8~3-H)KHq!W~NZ)_@d{B%`U>nVAS6&?|N6?Yo5!J$clA}Pvq4+xC zU_fL|lXc}DEyNK>wXS^sD4Mn-M%N+1wfOYT!hx2+y|1md9_xR9mHd-+>vy6P*gI_? z+RnCnJ5=TLwUk@fP0De${G!>JAKML!q?(7=5p$j#cLI{i!PhZwAmTz zSf9!eLzZhUEODZs>EaXeO>AR}f*RAu+vLck_~UNduJY*{pexoY>Uz zN2EVFi$`6~07K_FTFJZMGo3w4qgXC&(6u@yDB8v?+%rrNQOxf9|?J zrbt^kDzFYt+DLF;Tfd+?X7`2)8&xHd6I{EcHs{DQzK~Fm(u}085o=U(-R=$jd1V-~ zj?03lD`_dOanc4+3|6X7K}6qXntEZY!W30esZ_Q2Bpxm?z#+TeN7wy;B?{FaCe@gi z$yTs}eA$?AtmZ&JkiL_eL{m91n1(!2v>(=?(ruzLmh$yMghFddpN*>Ke-@>X4nMp6 zt47LdO#k&>ErM}f^yrHQ57MQz#gEYndB z=vMKd;3_obre>I)k1QV3IU*Bei_SQ0gWH$|XMCHGoQ>7v&(3B2j@eE+=rLu7$_7Abi;rQtJv5QV2Go zA`{~gOOh}!j0n}xUq&S^kl5g2_kPqGkGs!xdhkaD6d6A=!r`lwUsR98wNZ<}S7gDp zF9zk6nv%=mzqp8ZujhOBd>c`zRLUv}OhwW;u)I*Nh<7Lgo~v#+`71uDyU#4#rMx?D zraxOKGFTpqYdrco8vPyq6`G{FY)HR}=anue0f1%G?~q6mItiqZ5U3ra?u5sqzP`fP z@~_lh#6Yi5CB>wt1l&PX|29myhhYgTCM5j?90O$^qWpqjhn!CYD0(+r^dAd+9S3sE z|3KaT;-mGX1D|iZ7&TNzOdZ@!f7wSAMfqtE74?brLSqlh*44nBNOfW0&fp8lBAl{m zb8_xyQGJ5sbTnz0bEymYgT~iPHTEYWmf&~HNP+%C7rLSG`i*m*EX7J5duUvPNI)Z2 zf+s+n9t68O`W6)GU;KfQ6b(ZUeo5AFv`XknkcD(*A`gUNXMz&zMGC1je$?6Ow0a#% z9S_bY`cIdZ-A%>zGmM8D`amg{vA^lj5O-Y5(WMVvZ>^5U?Hy1G!D%G^Xi01<>imUt z_CjsZJ2D`swr--p5-{il}2AvB@Gu24IL(s z_Jue}S?PGfRmS?}vQOff*Mz-@Xewf~1EWzJCiKIjFLSj(Um=hy(D;PuGigZ9sE1c! zByr&|I+K7G%;_423@gY%M-_oBbLJavnR`l7A6GB!xQS#{=$Sx#y>CxOqh@k zYVIKT+vMy&j@&jZdM>;*^seM|yS4+@sA=0bB)$`%2hB|pF($?SqA?mb(zGJ-0Po#x zk^ruvr>0QAVmnB9K*Ke(cTuQfyxJO6pn)p3lY2FB56537IEP7@c`C{UzYK? zeb5afd>Hr2>rS;*kbE4mdU7?xf}?(Mgh1l;4vGtZ_3H8WNjFB6PhVph#(wiJsj4J& z)TIqWpRT%Zy&BKFmqIu;8OD8X$KbRGwt@HwZC=G%MXow-XpAb{K3OJjyGRdBy9e5hmEC*6pJ(w7JX@CnNk~FX0xUpEW*yzne%G`|03;>L zQ!DvE1UpKkx$4sz~&;*5QeCcyhA04F;7@ti$LYv%veN@(Q;1utM=^wm+aF9ad#E2?KuRWZ2BbG9lEhxx;Kt~XvkR$FxGot1!BsIRMv z=?I)CJB=Cz+^FCTpNwK=K+#o5yX;z$x`Yqw8-um^jbqDS?AY_%;ba53j&x-s7XNb| ze~HK)!FalZe5kSIcNMK5Dt}U+5Uh0p8H-&e4EjJ2KsZ#e|Dv4tH84sjp|s}F`#7gN z&jkk)Hfc#Xl9V;6n(bCmws$K0we7KUWC^b-G1$GRA98jci|HqV$yNi9Juk45ofU#f zy1Ge-(M=gfYsrB`D95Zvl?pD$YK(Rm0BsmoE&Jhz){_^{nnAbw%fZtp-7fy?>A`dO zSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Q zd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4 zsmIax`t*zzhNUO1`9S*PjCCe01sIJDhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@I zNV@4sXX))SZUfk+^b;h@J>cr{4(w(L)Y=SD#1u%fNt28hFx5Zf)2b=^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf z*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qay5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58P(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_Et zUlilu4FpSEIZX0EYTwrTe&zLWHeE-n&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24M zf`w9(+NEu8wm%ad>5XM$c`are_DRX27Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p

      !Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBw zqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*i zWl@-?iKOL*bGY3O_EESe(B$iMZpEslq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb z{X=U!C_kIObn`ShM{kENL(QeRZXfmIu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuux zX+VY*13t08QRA*LGJ&wKzaX2GrJK0pzFDALDe1^0Ms|&C^&%%>M&xapECA*9>6))p zZrAZ2!MJU*l35>+o#v-9@D)%bGw`KZ03RbPCjC)59HKuBMQ(`QOS!rDWkF~!RnpdO z)lgu!#X(20cYnAGpwU+~KP@ul@VSM=jnE#Sx(Y$y) zxLkHTPUxKpdK^T(>1m^W_%0rgQDmHsS%F1v8&=ns9nnutw4)#fbW1?Ho{Np!m^{{A zdXL$+;|m69f>mn3N1L`@}ZxW*0pfYG~4c=W!2 zuK3*@vgwcixEVyMH?SrVtR)g2-9`^|t^RSSR9}E5K?7rLRz6f6CH>)ofjBr+r#LL! zWg=GXA!-g9&f2e0>YD-{l;_+w^nKQN6VwF}O9rhnssZ*N1>fmiE4e(%6~&J6&oT41 zgJ)s(PW)Cmocu1iT)@e=OR}t;JDAiXSxmw97YQ8)3;U&g&ItwDmB?8^|4Y!5oj(S} zHiW5)Oj|o-G7Hy(hNHPyt1C_Ml0^NRI0hwWKtWa*ejW5yt}<7|a!fhQ8MEu<9LucAy zG)WWXFV;c)!D1Hm6K)4Wg!IIDtK6~T-M$P|L2Lw!9XO3vg8jjO6yL+>lqyn_juAcC zl^cQOP)}43Rdp)z?yivDyOtqB0roQ4U~V%-VXT~Y1cgfi-nD~%_~&ueHoJ^NM6$-# z>@wmeQX{$VHmcoseWu9v;8g}j=LFf4q*6Rqib=}rz~Tex%F!~3M6?boR=1WwdHcA~ zoRn<-t=1&g$~pRM1UQR^>9S$Yr+4OGG+n`G*f4}tDeKrjVIT|q!FbvO z)b7#+V8Jbc;ZpqSXYSZb!HccC3Y&bW%ICN2Es-Ds3k1t)U2u8W6el7fRL6}J+zR7Cv#a<+q6dJ_Fc_r5e zgP5~3Q{_5UuTAAFI3{)MF{W^M=g}G4Szn_$b>CG594d!^S;x+RNyEEZg%cg?5G4n= zmLVxX35PAuIb0)=+)rWuoqdV=Npfv|M#7OwSQmHrg^Oy=VFm;)UxUC0Gykrtj8Z9G zc5k_nOQnmmYCqPT(KzD6J(aFtn1zc?7PSSMjTCc?w z*m*{wK&lugN(}mi@*Z$Lr*J%217kP04By^MT)0p-RCavpdr_fuUDLkE2k@zF`+8U| zHuztm0zJ(pIIs`8!fkw-z`VOBVLY7D{GBG8Ee>03*pFsi%5eyfx6F!8y0Ci>f;X!C z*~2s$&irR0AtB4}EFLk=9I?i^M^djAEb6HeD@j~@4#S#KI)o|k+8Rs@`<$W0PckHg z6y?mCZslZ3E!rjt9fdcZVOG3A7k(!Tjq&wGzs?MW%Yio#la<5H`&>CDDqEc~u3bo4 zSEpqjA=XVIC9-g3T$5CJCD2(elt}Q9dh6OVckoi7QrTx-xzLBOt>YXpi7G5wyKXEl zHip>B5fRS9>{K0TZpyko&5QGUA}ILn8d{+mf9|l)!kYb=(d05{TZ5~;s2u^~gAAgh zGFo3YE8c%Fv4@h0#tL2Z&#^1!RLJ4R7e`Olu{u3;4ze$Yz;wb~$%Nus^q^UAGGgZu zKpvyG$|5||I!u9UyIBX^_cw8=jQ_Txk=cr(I^8&{%(TUc>g}4RqNpWpfVGm;%NzZf zs(kHO-`bT?QYK@|M8!CkucoS|wP^9|l6wML#}Me{R3B8XXvqiFP3NsE_kES+F-s!q zZ3fX6Ej$PE$0wx&VTv>RLQ%Of^qB_@3^-+0$8nt@>e(?tlT04mat>BjzuYNvw{P@Z9 z?!n*pUmX@en&HJ(al3aB-v2SPfbD$RYpnn8hwH!?*4G5M{xm^8jAH~5A9cVm{Lh*{ zUwC#@HU|#QJuk!c0;U?{Q9IXx!zCicXmu?1&SgL-V7R419x=^l$h4EQ2np}1dgNU$VI`Q~yT=VLvs|uqg7(^G5l3gd=GrJaA?EB?f+YcvH zi@~I#c=#>nSNDoEOo02mQA`U{D7JQ|wAdPLUy-49mGNrSKIdIP22BpE$liy}L%gu8 z6IyIgY6l9ZlXQe}SlzN7%v-@aR;zN1W)i-Ox)?gu(0K#f`FI#l8ud=6zV@cId1PUz zHBc97`PlqzxGVoyt5`6sW@%sOB#h~mFjXeJX3k}9n)ss5U^+Gzxa*1Y287U*1I~`j zHDNOSy5Wya^C~{M^qjydJuH!$KVJ0{idw?(Vi{|J~l)+`6^@evaRK`>)#1 zFJcE?sjUS2Q(zLaPA7O8j(}LAZY_Zx^GVS7VMvc2Vh`;&{c){^5sBkj7N4F?poRW- zu(h$d+k*euYqEj$Fg=-E06WqQ4w8NwnmvtyCgu?|+8ZNi4H}QU z7_d=?IJr4Zf(GSvlvnk&zW@YEtQyY9@0znIVx}0ZBq^ElhB0O1BDKxLz{lbK zkAO&flaLHOu;4l-PQD9ZS#iMlJDW_#o%QvLi;H$hgKekTDV%KjFkgRq@aW0&!zV2@ z$KO~0)pc5XvmhL!+dkzO8HN{_XDY;yI5Ka+2++-&?7+FKEI=8+Cb6x_UMw{_OoC~B zz?!Q1{$X%%SPy>QKRh^W0*v1eUjO>yx7We%`>$T@KYxAj20n?V$lUNw48p*~c47MBsrRbd&p$Qgi2r6?hUeVA8rI>iDxr)ZX= zBs{IS(HIX|3IWx4_SQu;)4r$Twxa1FE^}Lg1+R zb@2-4sTQK0rxIV(4JXBSY)LOMBY38H7oZ(bUS@*Of#}7TMeeHFhM}@!{c`Z%&z=Mg zv=_rU+6;2?Q(Wr=qm<*KCzNj$H+BT5gih!)Eh1Sy4!CF?%D;2PXZUJ?1j zS_XOI%w2tDCM-{iv+OMEO`-5Yao&{k*Zn;RtlA~S+!j8t^{Hlx)(0L^7^eysj)fnd z`-c9cG*f|{aX|H0z#1=Ufr02D5SqV>rEwpWtg>dy_4d;p>uVQE(+lV#UFeR1DO{ya z0V)kx#HLKL!O90*{Y#Vkk1|bZPZwW{T@c<#hAg<-lw@plmECSittt)70Vi=%$aE+K zIAoPp-Kw|iLdQFUs{Y&wg2(ZIE>fW46g8Fxm~!n{);JG3ylo2C3}TSgjHO!V zY13)SF}rV+VOq2)I%u@wWHM!k3##*>YA1@(Q|IRAOYzaKPkw1_?|r}1Bt9VrMqv{7 z-$j$WosRQ0x(ccWe0`@N0u@ zAe~y4cY|PR%}G~?w`;@w(pFXZ`{ZXFDLeWWmfLwtif13|B2AE4NFq0ByWV2jEkv1%7Mq0kzPWWKb*;Z5}&V2V6dr(Xl3NPDVn{>69) z6X85J-p7m9S)$isLWu(Mtw`EOpf)Kc*45KjSsyv8B{7Z}2s);QS@j{{G>5Qy=P(xi z`X~P+pca_Ty?q#RerDp&{7;*Ke|%^bSOw@T%tk00baDKMZj{BN%05R;c&5h0DKlNP zPOqkkB=-)7W|_|5eELX6 zN&*NNz#Xud9rxm)aW{JCPR7zSzbarZ`Y|Oyc8S|`uJ|@SE=ihRieiNb`U?D7ins95 z&dNNis237QG=!qZ!USvSYS|3~n{m@r#ZkPV0zp!BxQwGg)i}v>0RzuqOapCA!wfYT zwJHuWZ;F~+=jve9uf8DgPbPn5dR&)TP!=hnp2IH7Xv^NM1ub{<0zSbg z{&3PqJD%>t=~LB7^WAok)|^ufH081gRHYHTsTiJeyE#(!cGrZ6CagDA!(Y_a4V=@C z05UB2KT!tQ7aAR#EY4BcFuVw7c|gk$*|rMj?(hiOf@$Ii7fq*v?(x40*^zj2xH`%J zI9^m4(U6T+h-kMyI+)$GxVBwk|t`M>fxnA%2BR)c&AqPU6C6558mlQPM{x^y2!? zy-*A2@T+`nOD(+Ow3@{gnY$pIJjVXGVot@em$D)c-KUOQkk5p%|6g6iRHI+$ ze2KjJl;x%;mSyZ>Da9sjk;k{Ph?opNk!qdI10=P zFtMPNWrwy$gx=atr@teQ8ikpHE-_|W`8l37b#fEdd{Llj&ZMP>RV*=y8#inFpx;H& zxDdn;ON|lTu$6kPJ47>^}3;*l5pM3awR{f%B3P(q^bdR=xazb{7xem|S`j ziLqq_Hphn@bMe1~%OWUZ2^N263pg^z^?6MfJ=^fMu>hr{bx9s{y_Lm0rprK_gB+ED z)?6R!s?MFbW4|*856hC&R}f9Bou3qR(4a6pE6W)EDc4)0JdqTCGAE0h`lK|Gs8?%H z{&_QLwMuW&7don3iZBq)rDvDTBvv0IJvZBFXeGK7VB-(k`uIa{5z4G8N~uQB!Ab7fZbInlP+| z`B+i|0BxRh@ksonlRDPdDBv2s6wA3h0U{%C25?s=)h=e>j8FXTg9ra7SpVPB?Yebs z7fdtH(--5GvOceTFmUWbh#m)S&)^GP{{QQy?tji{hUIaEG40A$6ECpf{@>ZVx9RKu z?`_}a|NAVz^83GXKff3+P^sD9yw&XA-t%ASJum1?xfF?}FE7wPj|vTbp5NeEn!Jl< zW6L3DMP29gMn4MB)jJRB{8-B9tyuSFv5S4K%F~gdG~LeDoNr&FM*L^eAV13yjpe)GiOz#FLL2OrS>+^0m^NO2i~essC%-Zh?3VHq|zI) z;zm@4@7#m}E(^!4yYI?^_0_EARQK`HVyHgXNL`&zdj!|D8c_cY^={33$4`|;Q;op= z${usuT9Nj6nxBDgg1PeNw-;vXc$Ie?H8x^p}}lg|DWSG zkN@}f^ULu5t=8Nya6bxso~W>KD=OTI3ZGh3_?iU;>E^jQ*FRhNbFR!~x=@y2G2I4h z_BHKMnnF01Z|(=i#N=onp+Q@EvJ2G0i`oH4aVBn?X2CF~S(nX^2tacqSCNWHoOPydrNl_7Y8j zCdEl;D%S`kg4_(oL##@J3g_A2BA_FRl71AA$~MsD1EbP)~p#t79!E^9=qa zbyDyzE)*49UKYFiozjz-iapAa6gSG$t_Cm!Iqbm^MG}HEG*qQnehPBx0G69}PXot2 zQELpesW=~w&c<)@;0@Ml`az1iFzWw!6#U&R7k<^Ymf|6Ume$;&N!gQ+f)4s7s_gqs zq)5I3ns`)toi}BtF}Dv#_?nqdDIv(KX>Ycg2geT{JU9-J4&YgKKsAnW7;m88BV9Tc z>u?3oL_l30ueE~)lEanm_`DnE?X_iRqe|SA%*mb5N!grw5r^)p1PJ9bJ9Z(-BepO9IvRio7#dUgH)RX=T1pB@Ohhua~u(;A34&MPKp2H#fT2Ibq zh@s?RG?V#~_zN9|Kn~)GivM4$oUk7HoGA;v;GN+=7?qR?0H)1G9S1%~gBY@4SMQ~b za`s4|!TG5itLgCSgXPj8UBHBW9WK&zPb08>dZ;G4rGQaVgoJLZMn1)O8#vpT$nMxj z&f^XxA3&P)+Eg!=%k-acVd1z(VfHSN9?)SQfxW#Zw({^cmd&tz~loC2$1Sb2F2H^ z2sST&d#&VA<<9+_rbFnK=!1w@#}rb=+zzg^96y&t3Y|vj1})Sa;5Om7sJ{fqMC6Wn z=oi39wK+o^;w~q4ad%CvqLZKOWICk6fhrf}pzT~vJldtE=0u};^K%BGzY#_?SNuVa z8I~B4kbEG(<96@_#sCi^%8loe5&_T&&}R)81TI;0+*E=!QK=QxUsuY?5f+wRAoiFe zGfa$6j3&X|G`oxMcwF+dT|t(e#aMp%Oh&Xrs@x;1pdlSE;zN&geMajfS7R8RN11(W z1=49ki4(`*Hm0MDT*tWDu*mVGxRRJ}aGI3lxx+s-v(X?I8`LdOAx(1t%kU&NS2eG# zOt9?>6{w@uVhS!w)0T7sk_sN+|F(@R)Ky{v`T@fmu3jtkZ)a;pJBt=c{cj`fVKTfN z^(B+=opL#O7tJc9t|s3Glr(Izs$|P1sTvG$Omd>UigCW3oNjEy1}2L+EXTe96o6Pu z1bIYzf_DJRoumr006S5NE8l&m|6QJU^o1;qW*2F+bycc}#3Ch$HIM~dTL93Ksh+`J zRKUe;@W9$zXgO;{v!=Dcwl9W&f-ejx=6lGE++GjNh-XqdMu~3@d zu@l?4<`%5tWsTf=!=+;FbX54WX|Z6oll(^7xycCe=Ru;cel=AK`DX@V)|M`iCJZz? zb$whUQJJch`5>s{;8s4+)62T|ZG583hG@%}-M$$VEmQcTM&v`|ey!)uL-QM!M7u7z zmw=`kzto+$ktnJxjH0e?% zCM4#KTx!(P1z?{N%Pyzxw+F#tGgQdqnLuop8fD+on4US#?#&PRs?5Si8~qz?r6gL~|r+r#x7sQfM+- zbg5Ew#|=nvb5io<=%}PZ&TWdxUrCn3emIFI-kT^FP*Ez|mk@`BDA45$R%M4cK4Fq- z7rUf@6dTJ)C!$_h1@NfUT6uH3_?rh{HgZ7NXQwPTmcKNW$~(P0N@aI~nYaA)C{na0 zrkvC)GUs${mZL~9iimTfs@B$2gufvrK=mS1R>ShH;KsP)E4K320 zuk`biovZ}Ep+B{y`a}LtiF2?nO53PZe8~6hPXgeOb7DhX)emcklvzhuUCJLqhrQT4 z$xSS2N*KAtp6M!?n8~%+R)?pP5~T@{j+R^ni$qxLt)6R)7mrF@Q5dv3E9!ImtN@Pm zB8M_k<__C;7 zM%=*C>?GCT8{SIv1U8vA8YmzXcw{F zV7Z2NC2V)lx&rsBkWPm9E#jP6=Si>1@A{)qkBv}>5Q1|zj%c=K*g-c-D?AU=Y@XZv zdpUg5@Rp{o=2BNZ*=Qr7v82mDb@Gj45MxfE8-p~~D;IklsP>v!EqpoSx_BcVggR81 z5}?ZB+;QcMEBfbE(kWxAk}BbJOu}9|weW{R&MK!!m9cJ#+&{FXGdif4k??GkLPsdVe6&Q7p zT6*vdm3#2LhNC_$=$3#15aYOYhaVpwW9c93iI%B4@0)?v>367VHTp)f?L+7M#wPFK zpOD}^qk(7INE+|7*eP19=@OIZYfrMf7q13hvSn2-H0?6i@v@V`49se z95zhvT(u}SqN^ySDz7OSn&nqQ$2~OCf1$VJ24lfWGbN@HJhGx`efK1MXNj-5>BmuQYgknZZZc;& zUc)64#gz$)Hg{}p%ss$Yhh6$~X7wlrmiOOn1(#o_??19Xf~>uG1d4n~dz*Nv;^vNi z>Z~j5Mk;D+qm<*nbCXve16GAF z%x#y=6@D_?>!_eT{8;H{RnSLCHuSAS{nI=Inn4 zwTj4q{3(Agl9E}RYDoq!8Fatoh697K%$8~pO=aD4?ko*h9GW`8aa}3VgZHb(^vxZ2 zX2B2g<&X8_n?Psnt<(V`S;vxN@#!g9`ojcniaKh->5@|pbU!?R$EX;us~h4jEV)%H>UojQga7w#^!NJ`}s>IB)vyG*kfcdPwYIvE$~@u@%ts zQO;@SSrS~2ln0)zk?jS}H`elr5}&SKA3JoFOJd4p2cyG@x}+3ByZsv$UOO-mpNNvU zDGS-IE2Al@P3QQjJL9pr1W9*WR*R@pr=qO&sym^Wi697|JK&-_daaF%N~f^?)kK^{ zcUO0c-dDX6?D32QzLfxo)`PhQg6pcVNZJUQ0&3^Crg#H7%>1gZ7aV4-zgQEplr75p2&@n91A(Xr?4)*UBd%DD6-vpho8FYH^|NSQQ z?R)vrt@pxg-CfC(G=+y%ONp;nms!iD^)c4q(FJt*v8%iM z{U6ZnkHO3loXTabEoZ3PmFRN4vHK2a#qmr1T*nI`2F}KH(kaZ;Dm!iO!aQW3zdhHO z-z%(X96TfE@@(!TRdOt90py*V2j=`(8#yOwGjSk;)1(Sdn793ECTH z(kt`3y!2V*g7ce%AJ1c&JrJnJZ}CFMqfs=7VKk`fC*Cz9x92p02goqMQrCk#Mfnnw zxP>sK2{OR2DmqDqyLa)4U_u`Mi)`DQ-e-bDKl~8MGrlXX)ieN^$fGKkZI$B zB80BixATfyiX?$w8kvvqG&vl~ZL>_>$RSn6}lDeGRD ziN#!dRnFZSo^kSqQx#9hvr=5V(NTl6^;&#%T)Yn^Hk+&gS|h^QDcuXNn;MMj^(GW5 z2QaTwbnWA~j*domH~{gI%4crss6psS=E$Fm{r#4^E+izVcu^GYi0g=#uIn4n3ir;? zvM1adg-I^&nE2JrbT+!`T+7`ge~$w4@|!n?w!SpingIyccpY(UhWJ=&Xhiu`5ZWZ0 zk)|d^{Uz5zX8%VCMaY!AOL0zAx=AmOO8_oHKv5MEmFs1IY0LbSc4EbGW2W$s^E4h%;atk;8Nv}8XHlPR15%pUagVAq zu>g*?&XH;4I>16jo8KqC4Rn5_yzGQ=Ys$J%R|A95On5|8Q9H2kHz z-RYDxw^Q^l-^xzkFCi-m9g!5F(#NPMU`a3ls^fdk8a~=hkEt~3a^;{m1}z?-%1M^~ z3z$OmY)qX@Nx;%em{p-tJpXWm37|Ewg09rPtc&(8XOg6D^?<=#p1*kAeYt;l_~fx$ z5>L`4AYP!SIV7+(F>C-V*Bj&k!uh~_3}wpth*oVP+<4`_5W09LT@zxQ+ffy z>sd4$cGKy^lmS|h|MT9?j-US@{&`#f=d=9g=6`bb^9!c`yjoe`+bTb|shw^%wbQqd zF-f1*7gKeAT|Hrv4P=>oN%r^Ub$jK@Lw97Q-~1jY0}yogv;J8;fkm8V(XY`EuR+a) zy_)j57>$shR zDf_BwC~Uf-=xAuyiMQ|XA&Pe1-{0%*?cg&&$vz|L1y3-rftHA=oRKK+XEBhCH>~eI zQhx(Lki7km)m$k5%8@fQ^Qnqkf#rrwrL6O*pG_4;01%O z1bpm+lWD@WHF-tMx^vZsEF7~_rfg9^%`!8m6*{e?Y8t0G)`Xbh-9(q&?=OCbvx&~L z8E4j2QtAb2IDrfVNo3{BP;TZ(Ia__WdO*^J@#O4Oy1muv!7$)1#Vz04p}*v)uYDWG z`?@E|9B0hs`{A0kNQ)s%Rnqxv@Ckoe6St_Zyag**LV;~Eo{xA_d?9Ljrp6XlHYV}*T$~5o~KXK z)3n}n;5=52geKVy>bRo}GgzOKrg${g&PbS~#0Q!jn9r+#V?jd#AY2DCP;_Rn2jtv+ zurK+s2QeI8gfq?ygW#UfvI4@qOo6qY(OP**he&bmfVyW%G-;3GewHGS-G&ukkCN7u z9~s(EH$4D*i>`5mn{4@64OZ7KgVrO#`M33z z4~)r|Z|imI*qZ--!a6Ho>+eSOKiY=lmVlnG|JmN$+}-x|KO6UM>py;$-(3BV-p?}(vBLMF*p53fP@xn9G8O=CGj+Mq$@la8>J+GI*#*WJ0y;U(~>bcDuV?%%}EM(#$qLuWGGk5 zZO%Y$D7(1=MrputGz(LlUui0f6PxSV+(2q`4a-SxUO6i>srhrdayoN0j+;zqUNN>S zCNB3!cE!}?^T%?v^yF$NH zz`3JTJRS|iO0HbmcCD-%1vD`})Xw`s1bjW7#yC-t>h^H)NYJ|43+pI1M7=;?N%9I6 zrtQ#TV58!5pjxP~buMiNVyP!|lSWKgKnkULE%Sz6ld_zER-OUV;ZOY9};S0ppfESf$C6`j^^}~DW+&g9F2m9igg9bWUzM9S~-XxP; zk5l_mmc9|Q)D(4NCI6ed;#8!7SWfIzHMSD3SCe?>+()7~En9~@@UHoLHY@4(b>9!*@j4QoJ(3c_}+nnq{5}ZcxJRCNQvnd-@pUQcnxS5WpLyE}j z*^DM0hB#3bau}pDNY zWk@MY-LZ;N#DZ7%=U4}VG^GHzQ3@1?Bf~Dj8C!Vc356B*B2?_;O^!V*oc11N6g!Ux z6t*@P#CRmbp{7WZKr`&WLr3*dn1rY7J%&z)cv>972O}H~IRH+Yl;hBAWkICG^0_jb zu+w!QZj9k{KtBFz?a480g1%D#EI`x0PM;^_h=atDI0Q{_IXje~p(o50b`a`T8XDLt|E zzuccAJ4)1Cg{0+%6kFp$Ndx~XlP62Rrfe+5euEX^cIU$}5y_Rtu3Tyu7zOQqm5~*f z5tAb1sz2v4W0`n9?dF~=ldfdwQ=5V}x+7v&ka2%E8+U1ho&om`JuFKk!1H0rMCT2l zjKQ{S7F@QcN&HVYCGZuwDxCiQU_i{ZO?gs%RkVvEGim0ES&Zk37T%Y*1|`YN_(zGs zoE>fk<-(odTmcgcxjB@WpgV0lEq+>R3`=xUlE%0w7c!2Z@+=STM(@d%pWh8Ifg$@| z=$PdGG(#2=eZy_!YkDxrG7#JN?;OeYTr_dFRNq1~e{+q9=`S9|oicieXF|E;xzwr_ zGmk8j9l9t0;LKRj-iBULF9iol&#iJQ#tEU4sX7#HN-N5g;auy~i4jE#822g5DCr{| z3BCHp8L&cNML};0He^z#9i)Je*#o2iQ_L5WMIdS9-0LZ{wl8EoCbkjrd!W!*qdiW9 z;UbQKQ*vlQhr$(zL9(EQ=wU1FV;Ewv_Svsa8J)g8^(G9a8M`eZXbHLpi1wAEzU8BP zoeQ!VxG<~>Q@tp^E4^E>y)tBZK7xbeqOzkds#hcSi<+2Rg8ykH^<9yNEEgKROdoIQ%R~!#$zNt@JIusW?EfU9o}~}UqXw7``)|0ZP^}sS>+|) zdhPLv7VV>rVfRgs3>GRvmS^eKMg=h&DLahv(!`7hWLa7HfPINssX$K+y32^kZ@Y*9 zR!JgQA%9Q9TncZVg(z{IQzZ~tCd?;BCT&WD#I6k`sl`+^=}*1c)^4Fk#>6D8{&x0? z242`H^WXo#NUCr1cQf%{gM0{YvdE45QojZHe|9$Zw!HYS&8@wy+xV}~@hgx2Qv3M@ zbN=j4ff2|sch3Mw?BBwE+6x*#gz(2hgx!wQAJ^>99-U<%Nu^`F$A1rpShESf?_W4y zS0xhKxG#x>;Gf^)KX-3a3f-m@`h+QkR%%xYZ-nD09y6LgUn9a15Gg*HVg7J3Z(b)x z(#iYranX*C51$gluzbWHw3rvw2d|kKF{y0nP(8wgyYRBkM+8N43<&DQ6Rgo298OP( zn-nzzOqBQ`^jA*VzIl$i9?JG{5s72t3jRetkxzer^)jc_La37CsSP5yHZi~hm4~J< z5-uSP>6Nyh0d76Uc`%~DAZb|AMV=~?s@&094}#8NWVXuy+sI{yb8;qPTp+O*4lpsH z?lhPUU6C$YDEKS?a5F4CD+5DRYFO??p|L-nG*G{gqQHo6t9W7 z*vTK2=gFeikNJ$ha$T-VCEw@jEdPv0d9I9Hk{N7qj;>oa{y*b)bNs)5K`opAb9-}p zXV=gF0N>y8|DWSm&HwxR`EAPrx6J=7^Zykw|6eELtU4%VL$1gVc|aDjM&9>p#cY7+ zX9;-Dg^xI89Yql#_boLt@EZ=j?udi!ssY309a;2N1#jrDF8PcYOIeP4yX6oHArs|`+zT;tB0m#{a=iv;L@1g%;MF}U z&GNHSRT*d&M?+)M%%@pYvGD$Ol~}HTWx`@)R&h_iY9!pv!=dCN?Xd}(TvItWW)M$A z!=NErH9>erb_F9vL_tXWg_2ChUQDuBe@^gaB{|}>Cbn6No=^pG72C|g?;T`JI89JT ze3FmXd~jkVlcbcsmCOUVy8eEB)}FkdtRmD^=0~ZkP z^yI1}psEi6!1M4zq~{V*-cU`+?ld}+2tGldLp|x4nWsgO3N3Lrn&PcsO|rw*LhFe| zxUAEt0CmkGs8p==l@AE~@{L#vkLqRi*qgy>xj{8hti&-7UAa`&8ATb;!!RD+qVN|) z;cH{?br5*@Lr~IO#%~hwk&AIYYzHb+h==UDuM^12;0e9qat66~w6H`L(++Hwg$ z^6FG+9df^Bp2Zh8%F9is9;T`HW$r2SPW*Jtl?ShK@*O6;>gw`&aiw7tS4ij2g>1Oj zqkY<07#YBlqq`~Q1D{Jnn!%sTcFC?ss|Au1%uaPZ8e`zJot4z0PzDV%?-J=PV{|&mgdv-l?SQL18+Zn1oPz-o*LS zu&v4sD&D=s0s5PyX%^x;peZF&<^zXy{|$)!F~5DYadd1QI#|n73AQk;$#ACjwH-J~ zMkZcAv0bZLx4EUlSEa(}`p(;WC4y|xEKfnQ6ls>mb$Z>7vR>VJt(@3%lRDI+)Hb=( zU#k?SAA++KDSmw&|GWNfm|i4#JuroyD+&E4rSnT&Db<920sO1;n7*Cmrbl!`SI4L1 zQIRQ)Ra8J<=hC$9DDjtQtP%C$`Y&f_4dLS%2Kg*Wli5iAW*-St&q-AZ)u|?iw=&~L z%Z%6IAgh_IrKQManX@@skW$T}3)gT#TnkL;Z7cb;1)3Fv-r$@@KL)m+_oq9ad@MC= za@>*ZjY(=MRq=8Rbe=^zV0H#Lpt;;fs4OA5L^*~Q_#}1uXObYf;1mn#405VXF9fw& zqV*{d7)cz$!yw2wPYhQavk5P-(v6&pg%xui#iJPGMA4~>hSH5sx@5F7rh!{J@EPd< z>~+IE$yF?iYX(}uXfPd#W-}$md|CetL)H#J>ch_`7noCz*Ey>NYQ+jJF(t&7rDB~~(7l_Z_yopw2q ztuU?mjG(s@+Pb!S0oNr4(-e8fk2kTootASwotxnJK0=(oIy+Z&L40~fkJedB^f_tL zb&A)r+vb3)w#R7Gweh!c9*4mSmjhD|*P2Xz!@+>^Qde+j7D;Ibur|VQnb(}nn_N7H zaM_{P$5>a2Fj|Q`wb;qB+XIC-&EZ9O8Oilw<*(MzNcl(f@U1Ii zNs_swVxYkK>A?I2bk*t!3#sVktJze)im}8W@9fj`w5=pjT!p$zVpTf&0wAtCjJ|M6 zj2$$|g5#(%lvBO!(6ADW;sG!kr)hdJ11^|c1%<_T8xuc5+)Rt!!c$m4N@~`dvZ{3z z$nn_>bDmiPX}9g*eZk~qlsO-F%~@4|4YT7eXJx+?(3ckFV4b6E(onCOhOA(Zoq+q* z1cA*SZfNg3?Y?y@+n2J?JQlpZ!#=(@XE%`1bm|y*|Iq>(iqlH-33qm)lb0>SlD_i!U&dZ?Wz*A!1K5ssgb{vjL~0 z4A0Ye5cK1WlWq;THdWHcL@|7~sKx&or{-ks7ljh}inB)o>UyofG$Kbs%-b+cVk(|y zQOl*n6!kLncm&$fQac^HSRwY2ER;)L$yrToBiC#MNe{*klWAlFnyEiz7%HMxD{df2O(Xac@|N7+Vi@&x< zgPZGP{{6psZwp>}`@gw;8~^=Tek%d&JJ4aqf20FsRq z139KZ33bmKrss_<=$TxFH0UI~F!Cf_$(vhm+bV^KBEI}$Ghp%?_hR&Dr!UxhK!TIU zaiX*@+wK20ornto&Kk7|uv9J7=di^)7^bIjU#Zhn%1CCLj7J0>-#^V~~0$X@-e^`s82~D$Sb2U~oe5A!o}$#OZbO ztZ&s?0{q{$@qfFu!6)xkG)m89L;(;=cjxaC>dZCF!9GMkYC4Hp$7+ON`RIq0Q<~*35 z!b%|0sa3&K8xLmaIdSY>NymIA@si>+u-Z0|VV*tu`b~Q?)}FmNm#oRHcM+zAh5x-g zQj@vg-Xh|&+rs21JNnwEQyUHile=a+a?^6twA{Q;Eq?`MfO$d>=vXAF)P8&Ql+tAY zr2w43^F@1Y;A|A&>~ld_3l7YP(C_{RFFn0Ph2wk52uwI)YUmcWVJ6c8f;Z^n3Y`wq zo`qzbaYYVXz_t^rGmVS^rUQ`+BPCh^6sG&zA(#K4M*rUw9bm9Go-N@`IAnCD^lW;% z_sn#+TU*;S-9tHBa*SX_XduIgY+QvAP$D|3+2P?+7?B+L@g#7NPrBWc-P&nwZnd_) zw=NlsYPXLYlSsw1webzh$hocxg{&ZD))TJD>SaTE+4vs*kN0wT5zcbONg;?h%PChx z(Bdl8)>#~f4x#b(PwGaV;E;wg8TO{uiOZA(B^u{qY09@yor%YDNrr7g{@(n zOy6UokO@-s+`!%{!2X5GUjrGz%PiPxZ@1w_rb=M22$^ZQS!j8J3^d$6L}1`n%hJKL z&pa1y6gJv0?KiCUTWgBO6giz-ZcX^$1sd~ZY1yKPsfX0PV**XAV_;aFLxL_9#f#ye)FyRFS#n(3QIFJAmtYiDnQkndI}rTAuBGW%nx4f zzy1}OSN<5*|K`m(U=iAO^5IjE9`_xJh2*XnE`Kqzp;Cyq_!4g zObghvI32|Oj?eZh8G;duKT|9p`Qc7xLq0_rb5FVb7TKnj;=|5>t%9q{3~HkkQMT^` z0xpdx_%$O6Zh+JjN`u}EnLTE##}kX)WGYJi3IW8k=k&k3cLhYnucd#?wnXVqb87^+ z&U_Tnf7CkuvI<+sV9goL-rmmggMp9b(BLdJ#RdX=g5((P5u!#oCY`%Wgbiyz729%e z<0{JnU-M9O$=W3DQ<0z(l#O8soer%_CW5r;e-m+a?)L0%US)fBH~sBVWrQfEWRgvZ zjog3vy5z)ds@?GxWApy*-tvRMuXzy9kS+v&efd}7*NnOca}z24*gChH%s$J+ceeI` z;LD<+16&vnMGU|TH;em|Zj_wIS;~cJss3uprEe6Ft^2#*8z7>>h*VxL919liMc)R~ z@5b&HG;%A6rx*;u6$Dw;FM+wo#1#6)D-`d^9i%xT_ z#OcL}O5Om}?$wk1$IqTvEw-@5qmUIb-8cab#`sI-?AK=uB&Ol^{XJ@k=M}_w#aOlU zqFa4@zsZxcxUP=yme4D5F(?oi#@yx0|B6(8h;a(zkOT5iWbLD1i%n@)HRFN&2Fma) z?*iQL&Z_M3*6w{CT8Ekaj7r>)3`v0=l78>vY}P{764eHZ&Dunf&0JH|4;%vBk#{H+ zQr*Y(w%%!Nkgy@L0(lf>{j;(m@9f}e?vJ&W1J2JocFRL=CDMl~y`yflx3_`2#VQLe zS8oLM{GZb(`d3sp846Vx4dwS}d3!3e{NBDLxAwL-@nRO}ju>AGwF;(ng16vAAk3E} zim5h$Am$6eK>R|9E900cc5g;fSYs_9HuDs)M)hzXnF77Oe?6C>_^bm%=E- zdcRWH&jv{Im11-!O5~;tl-8!V2Ui)AneeZ zFgmwK15*8SzI8nY+&M#Q^_p7?yZJqhpAYoLCM!gQHA00a>o;B9QBJO^azPH%O7Gf7 zVsnpoj8y)LAXw{2{J$N#TEhF7MZQNA!o8p6((FaS6LY<{LP{2kBl`O$3&$GD?#2e4 z5t2b+Ax=-DOfi0DZr1lZ_mv1EQ`KxCAF=5q?V}t1WU0+3gJ(qD=*OjD!$~ak5DHlvIPQd=ievq+tO>Y=pxc0~*l$mIn-U`~DVYr0Jin zwN0%ogv;t{8c9;N`pVoCGDL=HxyXb^Kv2&23Z ziHY)OIu{B}fy&jUQ3OnJ1Y4`Y8M?2%RXdH4u)k5 zV>BFcnCZn?YC;y#{UEyF@LH1bK-$2MNP!n(4k)zEjKY7U8M@1X^fi$XDVThAQrdDUqMMoP2G2G!m9_%7NPH27@SA&h_eI* zPvZ!r{v_mD9yo%RvP4g*LSBsxTxd6V^D8W;a@A$SgkJoCvC(`Q)@?1IB^pE%vc*V% zE-VZAMl=(L@mVV#z|9jEIP@>ca}9>8kn=cj8&Z}|OD0Pu9YgZPzH!c=h9&n-ae;nCaV zZQ}Y{i~qdx#bU=}(KCC|1I8s8Nh5g;l4)Lfp0Z*PYY2_Wa}e5~cXxy;eDrXT4x9xR zO|&u25ft*FW1q-mApc^0JB9>cBDp*@BM*%#QNwjy2GH3%PK>hIGl@uNjC7+A`_ zr(Ju|Nu*q1-NtoYSqWaT1&`FJ_yFz;<(T(2X=y{{R(oUTJA5E^(R<%vd!X5v`|lmA z7-0a)`aVhr#&Ht=k8B~*b`WLpd5EsNxr}0k?1u0#5(@JHf1 zCwL+jU#&w{mKWSNbXp_*H8W5uy&xIz(RN*M^_7HY8c#+k;Sweu#593e`EST;Y4P8m`T9r z-{WMEUgT@Gn*p{?$L+g!6!Ajo4n}v!(3_QRnsH`w99}j12ZE^igQ81z;N4iW;l;u zG#7%{9$*KvES$09y;-Ryzm7uOdHMj&5@GHS^tV?}X--^HPu>HGouvJAC>!0uu^t~E zBUAM@`S3QuVBxoTJR;@!JWuYhSfvXYZRQL9km z)2Ik6Z3f)~nh|Kkz}R>@v!-v~5=VDyQ-z$^6!y5Jh1qFal%G!05#05C{Zg)D6-38* zel_?3yPb1bAh?L$p4_ zvy|f$SC5Vrxg&i82ZwnbG|4)BEKRzq>93@D8X_-c)<+!r zyT}_!v?VMCT9H#UQdfrz7MLY3I-u?Lqns?HkM1Z=Kq!Ixk$ZzbTULyJI z-&o!i#%Z2}ec3AgCx^f~7mSfpbjs<(1lN^9M{3A`oygw;q@W>%p2f2$Rr6ePR}(4i zYH3e-KI{q`sAe)ixdHjrvxs1uo)yE0d}=<)qHsh3SQ4n_c1cM`%lm|znENu!EeQgE zGbL+f16@B4vvvAr-65r={Rn}_2W9@$JOuTIskmWW6$4tqx~j{APi2Yq??~u4DBl0T?DROOf?*ifc=F3P+%r7J_dc4 znv>6YES!`s4R@W%C28Vc;uYgk+ua+&KX5N)V3y#gcAAHvip!F_WiKiq2Z0_GhqK(y z1F-H%{GM;gY&ym~kAv~MQyCQ>D6waa!#E4@CEm+QVm+n@triiu7ILQ;s@rNALA(`` za)^ul;f<7#N2`Ub1fLF0(7>#aS(s@lyezU*nyoE0MdFr1xH~7&Sg_y_q>YJ0*D?PL z(-%2wgvm$&@qoDGF|rr^vuW~9k zM#IAgIWB=G>A{g{%36|O)<}C4r9A{T9v9av6EEqtXAERz zD7%fB(<1zvaSAQV%zTQbj(k5!Y|g5-9Ob&3$q@+0V?z7$uT!hdARPf#{$%8*R? z74hh$P-MmoY6N3=p~_}p#TL6AHNjLkDE_i`NZPss$D3feL9=^#cbXud*R^x%;@}^r z7A3T@FJPn)H*wSO^0=(ya_#NZ-FCC6m!?8B_Z?cuZ}On4BioP$VI~w1e!7(Zhq%Zv zqw7&e6VO^IQTp1?xds@SuKz_pE57| zuD1@to`;rz4h>9@gZ-^7xzCi;sGDO}qoY+E?e8HRWLO}25hT-5kF$P@Y${zTbWY!Z!8ZAl`<}($MPUfCS zXBrc`rYj>!YL8Gdv|EaQF6u@Re1hn6v?Z33B#2Fbg|V6J^NB!I!nn7NgvxM8p6-<_ zZj_7$4b255|4;%X8a5x)VanZMvK$o}Axtw2ZFP95LfmLf_`Ovj!rGWZH3M{uN+P;a z2XRi}vj}0D#T}t|x&BsJGvl1W#VPUd_TQaAm0q6aQ)N8LRIa$yoYIL=eZh7+jtVNo zcVRY)`^U}TcsT9H11{7s3Nb59|J^Zmh9W(1#mOY^Xa*a3l`&>s0iewI0EHc-)82%G z2~jkm#;9DP1Pw6Y&?JOnvBo+<_??U>-oC$w;|WKDy&W14m4!Nnfu5c4_{PZKjQht0 zYEC3v;^UF{0E)O8UXg|4+>wHFyqwRtXesBhI1RG_<(o%39-k(ZNsgADv%Gb*>WC7~ z(2a!gkG{2qN}4iSQ&f&Js<-4S5Z&}K(n+2hQLbYnj>-d?nGP0YOi`ijOffEqv`I{1 zVBFv^7Dz|q0Y!szdmar0T!%0BV-4n*SZO8*gQmu&0Qf3~b0j5QNKOluU z^wwq^X3zu&yEiN1_1hG{GwX%7w6Gj#zMe<|NA|T>x=tS>n`nnpPaKx*_ zP`)Q@^aC=pF9`PkM~N~BD{CF*1ACizF?Or}q7Sin6WZ5+!YF&&s#vN9(RrIcYNy#L z{MlQ@FU^q;h#OB2zQs!})8GAhg!_Y+OF|@i^?zC+o6} zg_)v?^v&up?=g?YcZR>)YV3cT{%y)b2gbN(h>p@UYI4GrGLbS`RB--G{xSW>)SiUe zHkd+t7*3P^88B<@B$}+_moguF1B=*uRJE`4J&t_!(fy6R`#*1PswYBJSM@(FY@u&d zkr{!e?OEq~#RdCAl(J7LV78_F=>RxL)xcOH zxkTFqAEtOj%o6=~%uf7?F2||ZL*?uQJ-{iWY;+U4MzpgW{BK5G_C>rR;gBwwU#1yd z)N#VePpOnNF+eK*-WsB7JXD?$7xBBe%^ODd$o_cp(o9+VMa=(fZ7F8oPwFU%Vak`< zVeemA>^d@SlpO-D_-OI-UAGXO5mCMd6pkrOLYgV(O?euG@51119fwFMR8W2ELIw!>}gu9Sg%M^(0(4<{4z9F^^ zkG*;w`?jC(SeBoCC3Oyr0|d(V(j{A(Wlgdnj&z z+U%9WhnqG>cV+%(=k8romEj4p z;1MUbd5x|m4IP7!Kg4*4cAOqH&`L2$JB2rEYwQR8C>_s$2%Jq2_SVM6_n0VXw;4zV zlamQ1RcQtXNxv;e=4~P)9LRNvE3!{@Gu7CeIyL7O=5NIh-qz*a+xpsH-X_W?85s>0 zWL1n{MD^6U)Bqq|944v=?!!*GIwMpCD^hKq|f*Z3r+ zVaVU*>rW3JJ$Zikqy^(;YESwaZJQuV0Xjz#w=xVbNXc-TiEAd|MBG-akAzY`#r?KY0D?i{D-czwf_#wg3F}!IQ(_ z#jD`ai|3CIULU-84uAa;>_7jX;J*%@KW-{DiLd}TNQ`fcNds^gMa}?}(nM!-8-~g0 zloWEPM&zsA%2X91y&~gA$Zl+fIkh!CGtn@eKuPXeQf~_it~>EK&`4r&OcQ?4>c_NM z#TcHqNxfM&5rr6vR76|nlP;O<;KRa!z_25p2D}w?25f-GI`MP8^P$c%4t(W$q$$g~!CHXdD7io^ekXQ@5`~$3wdqDu~ zL&-dv%!^6#8uBH8+skfy3UyuJ9*E1!FC9kr&Hmi@PgSb(i|2pX-rl&)|L{3}?*8kv zgE!j8g81Lf?Lz*i-Mx+N+xXwl@pFT1YhQ1ytzZA^Hq!PcB5f%{pdDvhbHZ$EUX*Rk z3bL)$K0d^j^CKfCS2OXo@=#$_je~1tq_h<^E3&rsr2=bfwQne_)*b9e1=ZGSpDm=8 zF~Q9r`|uK*}`T&c0wi4ae@fDa&k_HZ0+AFLbg`>4~dWET`Y0dul?r*#}fIv zq0rdnB4g(U#x4^VTL_CK{>B8w)~uM=+UE(0t^NB%#0m?^l&JRE!eL8$x~XW`GT@&i z7`CjVPaF$d*5xM%g)QmkD~NGQdAe4D2!k z`Nl$EmzmNRh=5&YSf4EbcByUursH3inc=^C`0Fxj@NX6Uy40qB%HY>!2kT7?MA~}YhQVEYwd=DTWjBBY^zWi6-!bp3v4BO8v6Rzssp)d%LcX97R0pH z;C5w`+9!@@t)A8VVAk5zV_9p9LRo8bBUx)Dfvjekt{uc$y#P)GYhk{H09Jo`74fUZ zA%A4-YV`zE;A-s}ajT^WdQ`E6__Z6fT3Z~mT602HYi`79ah0wety;Z4cBpC}Aaj5RuTNL$KTNr~{D~q-?XSE{y z^va{Cq6G`XPOEz|F{ia+$Z28Xb0SU`EP)C(t$lN`re^J~9cWs+Zk(xEzi%eSwC3;d zHyL4Se9pd>_)<~kdC{e{PZC^;{=ioVEu|AuyG~rG3M;Lz{iXJ?L8Y}NV@hkat3{L| z`Tpp5(%Ln`NjaKS1(VipDwec%1EHj~`H`edvaS(ETDy7_={H=c@e}>r_%FFMZ@2>Z zHR^xg+qtd({aJqg{wur4P4;n}_|L7|{r@aKcmEY*_T~2<>wn+w|EK>|?Z4>mZv+pn zzW?{`ZQq{%&+=Qe{~McRIci5)@7jILkN@7-*xA`~_kU{>{&^e!{W*U7eUei;9g=Z6 zFUf3J7lG%8KRpN@vL*3PKX&*pj5GMtkM+OQe)tm_4*5042f)*s11-NQxCs3*tD!tT zc=hDbYxxvJWcU*P^^hIB+vJZnNP|E4Z;-WT#^$j`-=eUg^yb z>UdPxTDpv5T<}w{8FYdTKHUz`LvdnT2BdL#a{+$ob^CYuEjs^O8>n5>p77Tq0gKN6 z?w)`DZ*TAJ+@Al>@uP$JQhaGUo!>a(@+E7mTTkQiV|u0Fq7q7Ab!eh3Bt~la?o^%e1#$lL1N#c?EZLujq?I{9yTEd0;hn1MEcWtK%mYo&Vj9l6aUaQh^2Me{XNs zzyEi3clK`2|L6FvuX~XVDjdZ342>{WicPv5aa&mnFhDD>70+;|v(Le9trrr!_W_T< zlx-u+9HK&aU>oDYW@?#7G`XzpUV1hLt<4~5q z3+IG;!mW*diP0)t-4ff)D~~g|M#Lnir3q<);k%jgxVCy`JMiJbUw=D%wOJKmiS0i+ z$P$5EAL&rwGW=kgU=${XSm$kKC#0AVbSZjId%LOy2#M7X)#DknhfX4?9Vx@kSOyIEcsniJzY zcj9I7w!vNH*YfDa^Ir~LJ=;fTmb)CSBXpm=fG7nF(3f>?*wXGe=q5xIsjyH%|5eO_Fdt%+&;E3ldtcnT3X61ovOL;tOQC#-&bGP7qF0H{L`5!avwUN*K2n*nR z`G0$BcYE8{|8L#9wf}vV-%9W_LQxR7<(v{3a@r%1?#b~#H?bHa5*gdUGhrF>XdGst z=BoSY5F_wwE0|Rv9t40?B>2#sol_#^F!)!Lr7Gf|;slWhqI-4HvR*MC#c3pJn8Yo5 z9A}-NXe_W2g%M3yp_~@XTyX#~J6)!ym?pROG(9CibUDC7H#-cR;sZ|cj*{DIMstM~19*JZ2s`Yy*ICWrvqR38#)F&YFu1r^9Ng{(!K*aGXk5sl|CxuY%#>0;=-%@ zmdFF#+8M_g;UHnRL6R8+p$*YHIlo(^9b6-tx$9iGK>;@)#%CxxZ0ckqGIj zbk?E2Rc{ZAZMHYJ?&B<9nGhskUBmI1l4TsagBk#Cfy9BcIY=BXqe)2wNb)74DHDbf zy2j&*oKiwhL~V)3PytmdN&@4RWfZnU*kB`vKrh(e+vGB9W3XU2ZVjSd7L7a9Uk4*J zM==T)ciX4`3MAMt_zS;PW9!P}6%}>2&syDFKu&v81CpaC1!^8hRAm9AJYG>To*qc( z@jM-xQNkZ318u=$m^2*F|J&Y|x3_I1dGFu+6c}kHByC=jEjz=E<5hele%7(|SoX}m zD=A!%fFz7bfFVdrw59p%Z~dyO8x0WDVL5UpOYDv#HX40Ych}W*l#H0(Wh4H(saWV| zFh4qhj~Rb0KeD0AZ)&92x_uGF>^cxmX*tzJQBQg1W`GEq>J%>?QV=doAMoO5{%q&jO9QeY4_HCw*4-Vze}_@2G|y-$AK?QSQUoPFs@Bmx zbJV1RIPhm2m7$s%r2ri%kS*XP&=x}hTi#E}Nytv!#K_xoY@{-dA{dA>5?VY4C*7ci zoEGtF`7;4rFC}ij#sV@{~v>+^dI&CrX;rWLH8f>?0=$P=|qY1~<9dp2*Vc*A#+mkPK!BDVqhZQnFO%_TI%Z3}SkT;&&<;yV&8K zF=g*PW;Nzx$jXtD-V4QZM;5l%Hw`AR^4PEp;TANLe63KJM>i`y`A^A*vQCd^WBk^QT$4RWaZ>w`p zG>qWX4iB*(aK5`8r)gH~8=lA0G!d9OZgkA{M_hp{db;HpYAp_cLW}6)5QWE6iA&0! zm&Wm3Q%lTZ>!=$TPq;CwylS$mgAfEI07vQl!)H&et_jC0id9i~V)1AlPn18ifryBK z3{RDz$t0YNn`Uea<|n`)Yl5{I4A@$A$M?~j;8fwl07DW^63BO|@n8@vz-X?yzgFeh z>04Tb<77yXxUV~7EHjk-&*#f0ToAF!&}iY+TQv*_lgx-j##83a5!IK*9R}1AfelRy zH|xyO6Wq)&4msJ5XPoPe%kh7~8tch`vnmHKgLqcBQX|Bkp= z6E(#7%)&RiXcUMcHa8PSV(~|2nCTb@O8g27MA)()0{O8z>Je-fB;0vj zhw6^8xxs_niH^b~CftM}2!3QrF$s?tab{sL2rV)N>^omO^C{72 z%n5Uz0a8%G!PbujnHgqQmd}`FtP6UTqot`eXjpDb?3GLthRSHddOM8W7@j=xYQLPd z?mTYSYcGHj&(x?Rt?iSjcDCQ@f83;hhaX2i{pa*!{qfn0_>BbCJ1hK`z8D{!?TTmN z^6xb)-x;Ie{Z`O#w(fA{C*Y9dY1-WTrG0Q`c?0A3N5E5DOWscgg@X2on2)CR#N}si z!S9INeM$R2Ki%4W_w(-A?oZnr{70?E7q4ghZ*v$P`Ga|#zK`O_HbD4(in261sz0uu zsW3wgr_(dA%r&0w*(j(}FQXyV^wR--_dc9cmsU%--Tej4oUdE!ehg+qP}nw$0PFZQHhO+s0|T z`?S9K@4d;q&D@unhe>AbhgFr-uBx?@T`4uw1;;nEAaE7@dE-6{7Pg)I z6?f`*?Oo0JkL;a0`rc(L{%wH%=MKCo4kUdLJ| zynft@Hx+RQonO%03E1rx1uZJ$9(B9tu%%|gNor!{{?ww}rT`0?`i|9=l*T7IjT8E! zu-`x^*(7YgPG}m1^t`ukA6`k^Zl5Y$oB%Im2y**bIE;$7w%t;~$3C*F^kOHxHVYU7!jc`I`cd*i&B(DgzgkEllMt~%KBse`k_CYrho%uyI|>Fb&I1X%!C=DcUHg>-5#1$;Y_8r_n)8>#|uu(0J^JU!BOg5Eith{S9lGdgaASLs~_iy z74eHjH5Ydt=2{u}R^F@RVgy(ha!?OPQXNuE=r}P9QJ0)$5`XBnT-XAYc(_ za5fbDw%T5-Rb*UYYA2qlWi=Na>Wz(g-8m+JxW`?K1 zd0%3C{~E~Q*GUe0`(Y12Lg|EkpOJBNX5g7P{SUyRuEcjIPQDD7@4tHNFiS^YR*wa%DR(Icrub6}iDeN+}IccPd} z0_}~;T|{cE*z!zjt~PM7S4%%E3LE&~lgPiA4%1}E8*f065TMt>^jX|6tQ;*yXm|2+ z&3v`6++{gbMqCMJ#Qp_-FZA{g7x3V$n(#@B@?D4?@&K!hMntcg-`3piSZ1@~OJu_b zwjS>VTw&vsdnUBLRH zpk4Wr;D@B&H_Hy{OB#);?2P3s_l`_iK0P<7oT;PV0l|7ha)nM=)e2DobuW;|vIAKL`q#$~SIke?v83g|rtM8v5$adECSvnMJ7N${h+AP|Dzk|B{B&N< zfpRc+y3%^Il{_z7_cHz+*3)-l$4iQ;UKLC;8%~f;NH%be#;31=orz2W$|9a(>JHW_ zU1B^`7`^`d<J<31u2mZrAELCklUsB?2tYr(L0%ReW}w;0!*e9l<>B9vrMl80}X8D@TnXA57m z7NWqt{eH`IWQAGgDO*>n7x*b}>;N3GytCW2-BGv6WZZ0c%X6K={IG;NU z@axgf>@N9`iY!_S(&ENy`Q!Vp!uBkH!Lo|F_`x^KVbOg^I2v*lLsz51oBR@ zgNHMfc}eD8G>DW)*67DP0z>#S`ZzKtz95?H8>H02dvQLDOL^kY%wkByJJ4by8YYpR zpjR8$bPUw}uVfvOMj{3R`O%+AEfW@R)@rl$x8SW~=j`tzZ5PS@_SUL2{A2JeMAwga zbM9y3Y&kNU{YX+6P|Xfx1}sKv?Sk(Q5?GHdrM6!!IeI+{#60K-cdi)ITJj4Apa|OW zvso>gq)axrXz4nhmk@&qo*Ws+NiW5&G4Emfo1);vQ0Ea0XCpp5ew|vjolp9U{SCJG zj_7v09on{D8?(rG|CguNOxcoxlFBLzU$GZh*T!=l|MiFnzX?jV-`5>Wea8&a2!({W zJR(QEV*kjX+x8TKFPWWxE_t-3k-?R@kps(c1^8W%5%}r*OOOvX!o{)FaKOJ=FI%xc zq9P;&C{rOlvf(3AZnYriNt&t=tRXF!Y}dbH5duC zMJyS>G15CR)i5NaVr-7(AygrST�iE^W~28sMs5+sQ%64p!DAetQYmx#M6uw|D0b zjfl%2L~K_yZO5+*w@zQM=C;5zaBEw1Pz|}wPgg~yG$serN0;jv1lx@;8_$eUac6M5&l=(_I4Trk0>>38}3KshVSZIM9U@N!Y5n z;teXn+`hK)L_}3W)1B)bA*}0T!9j~0W-=Z2DZ!Zj-v3cBiGqAryE(-HW2C{ zv2pAp4bIkW%n?~%e+%Tkn~31Fpv(BH^ml^086tS|r^)Gd{8+BlncK0dH`x@lk!S*pYgGZv zL-;JP^^6GOXSGz+uHl#_6ntK_PfaOcS}hkmk;u9ng#A5t&Y^YzEV-8SA~NSpO9Zr) z?DthSxvTa{cdSds!LjzqQ7ojQSW8w z#m`&&s+f*Ssv}GS*#t9@V>Gz9O7a@9z8X5CpsUda@^?V=O-J*OI`tqjnJkVhEttDJEClL%R{%VX z5x25BW4#h#mQ`3facQd+qwA*fOlV`n7bM=gZe5QaaQV}VCuWBmkAbi`aKNW_t59y8exwphaw21D4B?0Hq~M^@_WY!Ptlk_nu- z=+tUUL55aY#gD2&f^1K35i_e2r~LKN9cU2}l+B;{222+NkmeBUPY}GUzX#%q0SD`S z^Xt=qdyf3(MnrORd*$qRuKb87QWL#z0a63aD8iS43GaU;{4>V`mev6}oRQzO3*;98 zCr3YV!~gF2{5qon-n0o&li4s3`2l+jW|cDOq**Y{bA=#nIxOBfd2t9TeSB1kufsI$ zxE4Oz?+&@w=6gLh?U-;M+0cfg8^`C|hU0CGgGYXsl3;D>zg_-^ z9uv=09x1qp@IT4#9wag7jNE{khk)`-z}zF?XI=ss;OItB`!S&FT^|Z)nQI&d(0&7W zhX9>nw1sZ#b|emqbT|-Wo*ee~!?0UFVJ7mfdUWn8pqK`Ih!-*BHgWAr4A{G{XIvKM ztub*tBgdf@DV0hfIn_`bV~f#U*1F_*z3>x67v1C@+ivknYvfd0T>V6^x`n=20C6*V z$g3C{9@-rBoqW0Pu2+VVqO;HQz7{TSUEcU`2lp1BElgiW>wU%WT&rVlGOgdQLF?c% zoyxm-Q2{d_)i7Fd`Lx?z|Cj)sbb37S#eZjqMYzqIVX9-&!hg=XjCTxb+8y>{`kmc@ z-(s$W|17<%>My_Z+%{fbMuMWjV_Erio;g4Ofx8Eatf;kQJDD|y_^{#;T&3aqFJKmp z4_ol4ns*aGE!lz<`22V$q^}SaJWq55T{z9Udw@~OMa20d`CRpz&iOYpiHw`khP|<7 z$xqlgN6o?rFpzJFi>S^kL{0LTwm==SdR%Q-h-oZndQU$KoG4NZPP71|c%5eZzBXJH{0qspFZ` zPO6ggyvGs>+Q4SL#l*VUh`sSQ0Iyf&IkzAZyXL$V^?FCG_B{OPC^fFD6L^r+OqTyG zRhE|G+E?A=_{!bh+cJApAG*CGeD1(b!dW$#U2SI|HEsZ34Kqil#Dh!6$?a0z8W1~E z(a!}2oY`a_0QSa7xPpcxKnD+t6}OfXOY80PT?MaQsQDsIi=de6NpDWBL+6?biA(3W z_Q%>VVE=;ep04^RS%U2Fi2PuO%4bHxWZ!UGC7Z;5?IReNo4u92#U$V>heNLHh>2d8 zhR2b=s{Wu@VrKJ%7rRa3#0tv>ZBKIg7X5R$;xdW@-Vv`YHw`^tm;%ywj}4mwa(^r9 zo$^OTm1QwvU>*tgZ&HMU@4q4Uf8`77U0;*Bq;M~2vmeF_O@8sx6STdp( zs+d+w9~i>P?sLRc8&BcZHvL48!q6EF0m~3?JdhXkcio-O(7mh58n?}H+E1G_+BI#p zL*r{W4H+E-+4kyBX15lQ{?fEyiVGv&%;iv_j4_*a=$Wmh(Kh^~Lh5;LW$J&Da!0`~ zuE3aUx`3de#~pxocGZT8rtcAd$xKR;vJsR;r7<=}s0^KadN2bO6g)@l;UEFUiY{J5 ze$?7DJ>-%_lnris=Kf-Cb?C|0U6qGT8)0dP9Dg!KbvT}?X-Tr8ffX{!W~)&K`g(tk zh1-tY_kd13UUgowrsvsL9*&7UAXS(4RJqvJG^0AccU!Bm7+8Zfw@D?^sDc{x+$wq{ z6w@Ho$5En}Y69%0K1BX83UvQFTL{pj0UWgtcmWgzHJ=Xb`7|>Chke?KKRgG&5E+8% z{_6VB0hq7>>KMP(fc0U*7C&n){pqb>)WH2#lU@93?qH=lH5SC-v!SCb5Gq=wk9`*~ z*t2OYzTIsVXPYE)=U~}wF=!b_ILTz$LZv!7Co=FqWD9XzsaiMgQ8=J1U_*U+@35nr z(*a9Hz!p40#!M=vFm`t?V$Az(!NJLMef635%7S`7fjuAFm$t9F57ZR^iR>SgRe;M^ zLY?pX^UHs;eq>Jl_u#+TCjZ!1^hUpuCGJ!&nNp*gav&&k-Fh9%jxlHAkxVMP{ZhsGsDSJ zv+vU9Mw(^U$%vonDd>}K8E>1;sqSF}^=8d)g11NmVa3&Oms>)27>k*xgJH3M!N#+L zJm$7IRt*VCHq2iG9S&ErZ@D)$i%omx5PRI@I4&wIFrdGfQzgQ*RqvR!<*QO=a@SnZ ze@)k9Yg(LFa{|;ZXLvbR{2VZ4{}TA_lit7tiw<2xfZEE6sr!N^MhFRS8T!Gpe<|n6 z4HK+qs&WVC=!f>sTsw0a9ltc5`f3_JqJ+(!F;SIorR>1xTw@~RKM^b_IDm8J9FX`m z-vrMXt>*TmX%U;Qbrk#62>8E^#N2B3T{s#H_s#P%rT=n8^Me0#JOdX|nBok>H-2T&wtW)vl$TyvUS zHp!9Zp>uD7;GC`bf&h$L za4{N0@0!_z=$Zq^R}E8Z4ZLRMrF5DFK*Po9xYQ z1%_cBjvj+2Xq3;~r#*|waxXBXn^$y@R~NA*t$lWEhPW94^C=YooMTIun%{x%@%wHyth?ujVHnGgfOz!1DmuJA|9C+T-B+r`AoLleFc$}enw(JBd_ej;nN0mH)v#B`HE7eU>xf_09?<9uDH!De0}Vh?iwmc9 z4MZJIo7?a`RZx)g97cs5!{CcCZpfh3dr6uf;P|sVwmhqebCsU^L{!q()mHhZpTjtK zHG>+G4%J;dDmbW!bdXGlOUVP0fr!&W#P$r-z9B&8+-q;!`(uiu zD6Nbj;sVY@M$o(0Bkk^nX7*1{^U;CjmRP_*-v^=-vCa#?r}GKWopvGf4WRiQi3R}h zp8(Z|Cj7+1^Q>)60uQ^P8h?ji@f&>K+~x5O@DsdGDiN+M>R;AdgDAEQ0b&4)8~7!K zFYg%pW1mgm1lzTf_f3BFk$NpfCM)2jL_)uZZ27MyHoAa<71-lHf|>K7-A#~*_(tbu zE@kWHYz~Bbj=Zwn&<&ebs=@B%ek$2~)snlZu@B#@kcD{FuciyG<=W0}R>>~!Oow%VVI5-~?^5F>M zB&A_93Ro;N)-ZG!_*9mIAMSj2z%=2G-nR#Q%+kNjm&tP|Ej>yL^T4CnaFLtw)U~~z zc=WM9P4rs3)gbW+47YcURfXBy8us=8%sH_W2&Slzh0J^Y?ecc&I&Sa-6&E1=y~-YJ z50yHx_RV3sL)Mk=jVxHqiu_m?S${j(9}kKxd0ilje)cUNqaKD_@59i3h6*CB3YDNA z>K-OL>I+>Qb0L=HGt7TrVYzX=o=z0w*^aK*8P9Y&K>226!lt?wpY;{*WW3ILmxz>TjWkuq*kGk*Y?^G}yCCfkUd|ndYpySlV+~E#R zQo(#4rVFGMoXN3cBIqtP{o-CHu#D&6zTWq+ERq#+7*EJkz1V~5Pt!-A9to74_3h4i>=DM4|PGN)6FVU3UHzx$r=jyna3+WOr_ ziBt!9yoHvb#rG{lisQCwP4fty3ce0aCFnROBF>R2SENXht%F~QoHPrmUfy5Q{qw3h+h}dabwh=y2^ici=ux$*&-QWRF2FU{a zzCX)5<*h6M^8IVQsJ~pn8pJ~TUT5>ZViEu)%;zvz8-vZGM8&B^}qjJ`ZsG>>?IPuXn_R|f$3*mTZAa#o@Y zFK5a*IXcDW3C)ap@#bUo6jy9gXY8C^B`WH>NV4CW)c}LsQ7`;C9z)!$g}Iiqe7lVC zhEdJS2o$;AzYWul_9zp166sGhi-i{5$|#7lSoqy90tL@ zE7bYracE1ji4=Seh+(uWo@*aL$9i) zG&#fCD`F-N3{8GdiL_uT4J&+wky3(lxTRP|ixlI#j}=Eez_7C=Uoy%P?!U}V8nh|{ z+JOXX+hxGapOe1!`1+p7#9A1OC)`hWi|^1lMr0?nBfn>P?wx=k0fu!)I&0si-6cC2wj$bBIPXTS7K5pSFoOf~ zs@c7wK^seinaS4qfYP^Xmx%0|_U^-O)x#b9i*k$L+^)U5mcNBN=ukqMua(t0Ht~f$ zH^BvMI_C03ucn`s+ou^jypBD4gd@~ZA8G^tzz~RA9!qR0x;>8c22wu~hpvtr8N=GN zP`<<;^C8;&TO0pjVi|~I89Xxk@ijJ{onh8+e}5m#GDZ}|oM`!o;h58(T`?p8*CE!L zom`#4r;WQa)O2E9b-U@ME7J490x=}4wG#2^;~v5a^>fp~W+yyh?VGy~5ID)gi`Pf9 z^apN5y6VOpGltRN=_`d(hl2l*^hX!qdfEWboRYBhYzMKhX2HT4)%Tj6oipK4yHv?1 zhfqFCu!I@N)|u7!W%ZXTIGMXYOZq&$3A%YC$#a|;Miz`s9{=0sAz7jXFM> z=_DcCu?IbNWiR==jN8YTJgz}r8>IN9DbI+NHzI6F<3b)I8pmfrVIDikBO@u4GI0*N zeVJCno$7bayGQ7bwAY&BNHHJ}TE3(Gd{s-IrBQ&up1(9e%Cn0?Zi6JoqeY%x6T5m< zW{(q|QM$*#9c!#*rMe0{$?MJ?kuurYAK|Oq+6zp2CVUC-CVc;=f)pOJ<-gHL1*V?7 z_hxsDy5g)6cb#On===1!_PoD>=}5Gf?!~39%U1eOBIogb`?kQ_?t)F-zUCUb*E<&( z<^Tf>lN3TQ{+@|78o(d0ywz*TO@IR?og)b)^jBToDwqeQHA0mZ>)>Ct@2lt`GdG!i zR+rb5;m~P#)$LBWOP*|NI4xokS74aJMqkA_17BOl5hbytV4wvm1~ee&LiSfvV08hY zicaAxD3v@5+QJyEw1$k9nfR*c!M-4iUD?+CKF8@H@c9Y_%v%5U_`a`Oy%U{++K^=l zeM7Mz3MR@JY`^ffGI_fWO1Uj$fo&QJ`L|-d4FSw85+^&ryTMgy;XVyT69`{ZJ5$+` zpZ2UzCLTUGiTCjNZ9E+q4b*DO3ofB=Jh}o7kI>!xMaQzv72I{^Ur% z8)yIg-M;d#NhQ|8yjT90?Ll5ZhenrGecxr{#JIvweOKf!Y99e&N8Vo9*etMy#=1T9v0Y=DID(}kM4Uv$DPUTO=kIh@F! zkoYs*vF*bn6R^Ma=S!8F&%VFgDsxCpL(N|JkU+OM`}*a!Y0M{ELVlI z2xQFyg-5T2ol+3ZXt`NRQ-)hR&z!_N44UrNSLzHb+y%c z;tkziJ;9<6Iir9o$yXeRawDOTmtoJHnf&H5>LS6giAo_dY)p-cm>Dtgf0_b|D&j3Ve z0oMjv6o3Z508N;{9BLr4i4vl@W<2u=X&!qsM=*N{g*}!WKj+U+=X1qiO3?rdaant| zP^O6R_v-Ee;(=`pJe%M-sIb;Vcl zoY)7$fzUIt3evMMLbDD#i+93#BTHf$4Kzs19UU1(^eWuFQ0=@W6wmE(gXtHvS07CS zAfIpa-Gl!)RHy*&R$UrY1nbo=MKpSH;g3AiO0dr1^7DD7_gL94Klo$C8^0K0NA?IK zQV?P}DPjMs;BR~da+Um3O^R>fc7HB<)buSBNEyFoHdscIdgtWh)(@hLiM<_!Teh0vOg)p|Dae zV0VH+Gp1-2;Gpsv)Bmx(Y5%JCcKUZfP@Q}PQy$n0`e$IkJ%IT4{Rfiv zGk|u%<>#P%4;J$b==)j*yi)~uUktpGwSWKm}SZ%-N{S05l*Jd(9I>4G)N2tq%=~sFRx`|yW6vK9gp1CTKBuwZSg~lrkFtC zd5@G4r#c{*Hh#4ejx5x(L<^!z@_REIIw**Y>OrT0pcMjarb;kYARGl(oJYX022Zbz z^A?=A=aMS(uKv3#$g<$$-}?=Of8Tx5b(v&yS?=hRog7pHX6yl>en6NtrUYq$!XX=8 z#Rg!PYn0NNkw0Iac-Ma%i_Bbso2Kh9hhW0GqMmzRyq&ROGt^*j!DMvms;dg8K@j|) zR610X{9Dm+S7gD2i3g5SQvht;I)U;Yypo#`3i`|9|fUd|UuP`Git1fry}h{(t#_;$UMV`X9{6!Tvv)iRFL!{}~*dOss4~ z%q*O&oa`*j9Gt8~Ow62Y9PB_uO#ctm{@=pg^*^2ewPN<4VeRmL9rs_Dg~k6(p8qL^ ziRl02|Brw$1`5bG)^h9F$;m=#cC3_A#*~e%m_P*Q`)8K65k&Y3|R5PDM zyIF~FI-c~o6w88R!1bj=+bQZS(^P$1&XA3}rs3L}`hVw^sMBF6K=~hI!EKcq4es@I z@Gr-QW0}Uqz!UP?_W1UvPnq(b7HZnn_NUG(qsh-RJGD22vR&9B8t$LY-w(gUx|J*- z$v08JPYRzsKR`q9SB~qU@n6Hx_r^x`>)5y8M9ORc@8xShbW%#XysC z4gEQQo51z=Cn4m)H8C(^1@Jl@{42QdUpSin*4QMp<1VHCcYycoH)pkN+W$%f_$hpk z*aU1?0U8?q$MyV|Z(V1+?mFQczACPV$k%~GK*3+>1;ATR-AG5zm!zXC|JUEEz(=dq z>yz^V4SicXxFx{&r=i%{-)yGe|1<;0fu9-L$uXeffVy_K(r}~Vuem{f5lAL5oQe22 zqs70bpL!I?eA3|w{g1S6X`N3(lW;#sE+apti7R0`WV&{jlRLF()oaS4wd#kyF=!tE zS27HmXubk)br;Ieuz?|1!D-_T34x?cJNHl+io5C8U5|ZGdF?x%g)iy$F?}15$C?YT zket)2JU&XiETFiHzi^gGe?R38E^l|jmW3HqTDT&%K_%BTz zKTMs@MF|+EFQk{zAo+Z9ZvIWC%V#1pHy}0_@A@JjqiNg;1d+@-U#ty+LLDR*&QFc6?JJ%ssnYU( zGAL$8eIaZ@Bo-hwIPsYvVh3JjvmvB?1MdC@dK?=ud~l`Xu*mvdfp&1Dt-okH1ac;| z&M)Fs68?IO8nk2EG3b}aDs2Yn;?BoFJjSkk6Hhssfee99i-{jH6xKJ(h1J$dK-Y1; z5w6Uas)jYTT=Psii&|Joy0kAxwy8jsWI)xnV1v!}V2KW3wJd&;q2Q&VufU`UD@EZ* z(?g1bjC3*~dUcT)aImXZk}iSP5J=c0*W1EqBe50!74T&lko{jXgPEuYSHKwm;!RnN z8y!G4!ZpA*gVIV%3>Mpaf89H_Zas}VcQ%g4pCF)R>@S(Cd+9Vzof_(3?U)kLM0WX* zQLhSboCq+xabq+twKkH32~ir+L2tT;)eImAl)nEU>g?V6aIx(`;RvFWeFQ_%V?p7; zSGE9Q=_&={ma&6-iONqAD`CyJ28bgmp9;6^&G$ilvQ-e*li<9kyPEHH3PX`AoG+`lbsrUh#lqr-7w@>F~JzsRK`fs^LFCrOPg#Y%3+4DPce_`2;f9Z-V5i`?>nI zj@RRNAtbeurvPL|l~kdHTXz%+KASHl5bBK`SV@c*xv-%nimSbg$f@Te_RKl!w z8^6Wr*!2*LFy$0GQw0sB7&2d5%Mr3iW9NWV>uiOj^6$9C`oxChS*Lh5^07L%@`;^ z)Odi))4Y;R+Z!U9@mupPK4$EG0MGd=n}XIF-1kGvBDVX;d&*izbUcJWn zg=d2flH`L(tSdN|`1z9CV1(NJ=@QPyA3IV8jZ6)MO7< zTY-TtqXRP+&ao3$F?BNqZZ5^2iAVojYyJ5m@L=t+X{EITgMzVDFG|*W zGp5gM8xrWq9^O$yeeuz-oimXU-8n$IutS5gGliKjV~oNtnFook2A_jpCzFTZ^HHu< zkL34OM(u`}u~G|$>25Tjgx8@|@-hX5A-tx*_GM~p?1b&$r;V2LCNrE<9l{LG6eNab zAeyVhVc#Y_N8K)PB*gzws%_Au#gy&|$`79$MwWOj8s8ymg}1BV9$I467y!Nk4<0u6 z*_JrRwyxf!1fGTHg+ne0x>#{ht}4=L)2Ox2tgGf+M@rqs_hrIxAS_Mnm~c!AW1`Ww zU1hcmR|92*yjA~LY|>+tv8khM)3B}5slmmZR5QMCrXN;8@JAxhG9p$$F<7@5!+6RZ z$}Iiib#weYb0IdcU*g~U|8X*PO>LhMHg=d&6cYPe446HMF| z=T0|p4f<${3X3c)A#BT@{CElH^c?t?&ARKmoC#O5lOG7VmJ%&UZ4Hr`$OeYC4ATat zrq_Y&YV_To>|eA`>ad1&WDS~>335Wx8gxjHujut6f=D8_a6T2eIy;NHwVpJMu^D&} zK{ztxOD|9w2E#lo|IF(npAybCPXplp6h)s z=@}adMAeb<%mFb%;9?fo3=CT$6rwb}_}@s-YtmB$e6>}n`Yey%0i>e5S|G}%F&>aJdnWtj_w!S z%oqdFBvVhj!C>PQ3N|D7E?Nv3$goj&s|}{9No9}fx31vU+FpX!8qC}xBu)%c7nO;) zY1UyDfs3JOXN}PomO|x@_wAEKeFd?H>XwO;G{y7<(MM$2Wn*qO$-e3_ATt21P5~9F z8M7nLVC;c*b<&b=0b`PF6`BtKj!ri(AxVBI9D0Rf>Opciv2|ehm?C4v6pe%>fa&7e z!)))~roo@Yl4Z#_AXU&Ym7JT_TK8guljp#nw_&t>jgfz3HHuvA(qan`8o;NA z>8>RuR__7PRb8RrWe*VCcQ_`Bv;wf0=e?-3$g`f(?0RjBH&&mp&> ztdqzuM)pn2%x*N~^CWo?&A{#C1=41>6((XFiYt|XJq?+pHgU?H!cGLOZ z8B$rbN_@oyHjd22eE6G^REx!5JDO_g@-Y7|$C z+q&zDN;zMp3aWZdb!~==Z6Dj{){TkAD{z3tdPjSZkWrIL!y{15$$plonl>qNTt*)K z7ywL*A6Ua*`>3|G%0wT;lz;;?yjV8+uf5iTWJNKs3UV|ybY(WMjp9l*aHrfVZ^qTCOXM(WL@^if6vNV^g~+wh!S;yRsLL~xXbKxc=(N`riYKHP zPYY%mW-LzS{;Lc=PXp)^0GVSFg$Tku{}YAMGHs9tB`1rBRL7MFOGsJN+dLNCmSR;P z(3gXiLn2*=Uf8nf{a5V>Izb;?@ix|@figzU*t&DgJ`>yLIf?6C&Wf(@{A1FkvS*&^7 zB)W~Dm%M~nn`mjbO2LM(c_!cXXp7638mII5Vp)dP(g5g^CSSt${;#(l9EhNZ*hu1}gEY zuWWPngBgx@q;4i2K0Et0Qw_{1Y&yJ^T4FshY0`GvsunN~2{TDHNUfME zL69DfnqZLO(gQB;_**$Ld}Y+_QKYO3Un|^cF}^08rnANcFk7PxKCkhv7+a!fUL`MC zt2&w0WF;@M{e_DJQbFLDn|idsC37vJOc$fQ$8&@?%bTHOge9eK!-4GUKI$6t)^80+ z^JL=B#^?C>@b5KuzA1*LNQEdQ88|Nz*MgTHS0OFSK5x= zLiM|##HP@YZg+8)8}6azs14h%h8kC%$WXS~@^0yolU+B|#;RTVhsyUDg30V!5Bl23^%!kPP zz^L4*-hAFEQ%f%g9pIm=e0&Qy%_11~+=(YNwru|_)u>j6OhuJSJ@}?~OwxgB_IsC6 zQ#yme)*47xFg3U2fk)ZSPf;+X-E`9_jVoUMdsAXk?mv7a|4mmIRDeXbY%N8WO@~?{ z+z}(e%>%q(u}FpIA*XPNFEbE+T32Y80*d?RK76P!fwHSxp;dk`L(ve29CLwH!1}Wx z*08_#dqe9ZKyW4{KfoX6rPN(+AFyEnhCq40)NQ-;D}S8Qcsrpb3&Vd`cOdy z5kM8avo25E-k6DFknMvi?HDRST+r6qd#HYa_1p&CNG2+`U3|^1Cfel}ebjrJ37seV zME=Pa+5{^8Racy{c~<%AsTEPTl7z?S$)FO;Rh{z4OTHf^D*8NoZKkPwv{RvA5kQZS z{BN`FLe!;Gci%LBM)^$7H)S~AL8D0Y2M-}rL$aK$gbJlB4&sWpI+#q+6oOEoRKPU=S9l8+SUVPvUXefcCKikNBdJ){-zvgIGT#eg5ILq5C67_UuI!2{@9*YlTJ@iu8@;9PYkt5Ei zl^>&^y2JvOssCowepqK(yLl#~T>6%rT-F~OfdPGmrV&GXQXRdnF# zR7|a>z_u^W;NIoa?}CB(r8Fpl;C^4bQhw%)fst`U_*$St?4malU>Hv*mgL=mk)cwT7XB0 zc0e#d|J(TGs@x7fEqx7fHU!O;$?8*v*cIUuGI2-xsj}G@;;)ETQ&hg<-|BN2!9a)7 zEIVj}8iTcGrVt$t?=UTWe%}P$(0FHZa<2i^b9dmB`Jib$N)+3;PyKFeDFRgWIQRzx z*K{0|Vkg(x8h$>e*6VPyp4}&M7SE*;%`H4hi1KFJB*ab2Cn`>FiRp#Y=(#!QRX(0c znIk)RLW3AAszyZW+m@<@?Y?(+HRgfU2-14wYOnH_Oq0|@ycW*|0ROdOc z1T{2@SV_g77zNx<^hbAS@}77qxGyj_X9-Jep86*F1v9N?)8!i)J$-ax2uSBDMG|H! zpSptPLq?WhGRr`<(aEH^(5k_83t{mFE>4vXp&$^tlDcEN^85@7t-h;M){1=(+bi^- zBYvmPWPq4pGuYT4*jF*bf{D)e)HdwgDm`GK-KQ+|!Vq1{%0`i<9;6-a$05!O=qlv{ zqefJH-P7B+Wvp7-rpZL8%8h;+{byOLBg5=vZKDEld5zeaB=k|1n8+FPQj|(~*U1hn zDVLJ0E|B0Wo|06{sv>nXIe}ursd=M9E4!@jDq?2F-~WSr(@Gv#g0t*|)u&ty^DtUn32%rZnYhQ;cH5J6JN zO7t##l3}*?sIwN0os1qzg(g$`D3|2&6Sj{-M-;f82hqrem|wpkv#xxcM2_W)gK-10 zDF*B*85RWn2BQ%x?6g7`(TuniLBsc-3Q}MUl{?mFq8Qv7Vi4r$;B&3haO^Jqf^Qr! z-%GH50{^*)heu+aVww13JoR?W#9=c6V_s%dJ@c`${{vk>qQAVZO=*K<3!OuwNJ;jQ z?6HetiwJ8!kb!vQO5Hl$-rFl$VJ`sgM>&ut7JccpCQqYiMKI}>osTN2LDU~d%Jj205f9^-tOCBt*@NGRe#qSxQVSgq@?asxKs0;e z-Pzf(w5lT<$5j;$+A+I(ku{$~WSlZ8w;3sqqJV`4dKn*U3aA1NH9QrF4DIhsC;>M#Xf zMZ}lw;juuWToiv11|y^eT9h#?pDWN|TCj#whq2Qi^jZ!Z>$^P?hspO8M~9E;u>_ri z)8drfVS88^Xa!ydA%|&zVMR(<(lK+WtK_L)p!V^wVPPzKgRF$n!$P&fbT#AKgAG2z z5M#^ew&$QDNVFpDklA(5j29-6fl5M40*Nd#3fCYEQC!uT)gr)^ABlw7p_cb>IAnz) z@N6D%jc~MWOJ^yw0j8=TgW$LfIxZ0-Xq1e!g>Y0m*o6s6x;9T%+axe$L5EZkayijl z(77FMWlT0@bfVN!O4v+5n?R~Ql2xKeI27V-Q}vjZD!CO~_t7elnn6gLHBcUk#nA#> z>7xRGqbq1YrpkGB%pH~YE2O5x2KP?Ifr5W5*gLtJF9w@M? z<@ORK@{C-#QZdH;Qp8!x6^iLlKLo=8thy|knJ={+RKolR4X4&fwcFl<+CRhbo5@i zUnRgv$An5njvCiPHw;vIFsVVBlA*e@)2nnv^AM^uN*jYu(KUvH>`?xI#f@WRiK2+q z))Y(zV3)K@A`(*DjjmHNaMT8#9XR?(3i>e6A+o;AJ0f!AyP;A0hf2*8+3~4+oD%&iXYsL6&Ng+1Oe zOgR%rMj**U;OT@e*i;BGgw`X;;EP(XkT~v2`j5;kHa9*09NNhBL<=Qr6qWQ+tF5GQpJW{Tgw8xjy$=*_- zP;?9wsVg_Oh!hv$>$Q`Kz;YQy9?(N4q`m4GJ>-TIZpJ=EAEf*h=_sm6R5%p5t`w%H z5z7z(Pfz#FLK*1>W6AC1somKW&%uKQ;iyK2z1FuyGa#rqs-o3Agdz} zm2FKaRk0MJ$JC3WUN4OcYHufWj6{uZW*xfuvfzL;pa=Kg$siq zz8rgcG!(q3Q10EA+gDgB)ogisz$}m(j?V{~l1O)jdxwsAY^OEodcdZ8qEN#Gqj4sv zNyi^q<^PD2dSpy70*~lP?YU-;i~wsCl_z_izlyssvKk=;Qw>m-c0x3=glSO>u)wXh zBwiyI%xXu`ac(tthRB@uhleEzNb*J^K8}3M2KrbX9obS;Coi6MAdeMqKING_s`%wp z;;P-r9FiD>2!j{HCJ;x;V;GNgTO1i;NE|GbL2f8hMy#x$)iGKd@*st`RK;Lx5D2ro zGU#VVg(Q}d^wePovGK52@Yn=dLy2kf6k>S4RVj$e z*cT=718{zhM?|WRKJM*-XN4GC(o>3A5>$a>9a8FDQ_)rVx7c#KJ#)k#sW zuYc2Y>bHTf!;2=lrNM?SaAQ<OlBNrZmq4loKOiYezor!1`~&XA)&i$db4UEpakbXW-0#o)kXHJ(C0;@?5WAp4HQ zJzKayW)hKJiX&+eRYfU5X`}I?VTSWnAs>7dKtX;RarpEF4o^smQ6ta|$Ph^C%`!S% zHaQ`q93~IccxoTceoU8A!Tqs*d1phU zS#mY{Qn%-KMg;gbyr|5mh{kv%Ml%#~iF%%#03-qaVeces9XwiK(hOL+OezBL&$_^v z*DH)u@)iKIzMaE25~gI864F*hqJyV^vgIJeP^c1|h^-{z5$-mf00~$okg&xuql}n! z35z2WhGHhF{jYEVWG}OEm9dW$1q93y#L-ej|(%ou2XTvoY7OwA|h zlF<`LAxwn7<6Ess&(sQ%0L0UB8e2*ejo9Lcl)z1B*8IdSs=SgxghlJo#+Vq9Dcd?) z=z)j)xU@Hnw7yDPA{yp?(&BD7KxAUB#{u(wi()kE3r~gw24+xXt5y723f!C0zDT92 zrV}X4E@KVAe*JYtF_{VWCwIJ1Y?dPX(#RLKIg&5zc_UxY?nwPq0psu`iC)9+?m)o; zx(fYK!1`UA!wbJh?kIN*tkESK4o0*Y6)v@{q4sIx0H%13BF$N*7*a9;-e;#G@prLB zx&aCVPQNxc#cl}W_qHTH1YXB6KO6v65GNohE}!?{r*cxdSVs4yIM_53S60lD{|KV1 zfrXmk7Fsg<0O2Dg4Z%n!r=b|GjQ~J8G7dq=qyq><;TS~N+;-5v58dun48VY%Rx@4A zd|oT!tuSJQ_f{?^2hbJ+5<}^zp53$LmsMr*Ehv07X2{D=`IY~dL;e6|?vz0bF*!h& zoIaTx@R<*3-t@VG1X0TUECB>9vg5T<%4{{gcy)+?M~W@Cx3?vWT1lpI(z7fo@9%Bz z9-i(NDT?2FpET?G{GZRRATQ}^J?j>^1FIW4d_(|s%Zq&QWQGSRNAa?0`!EMcwTjGy zk_;3~TI9D*#olRNyxuz9J6+9v*gJc7^!`kI*g84cIy~FkJrzeMV*BWDXYXw9=n&rC zh^@n)#SeRjJFCKB2FJPUhuC&x^m}wcNGYcxo2kn6bufxhcpz&G$WRAW8>CR{8wzru zFFB&MlHLq;r$hwuOM5&l9`i{%Hb|c9iSL1Yxc}Gs#>V=>|LZxP?EEVO_ouAmG5&w+ zi}`<+Cq4g4_x$DOzrMKt^I4v8^Do7oC&7b<&;Q0oW3m39<(W4BDDIY=ur*H|ll_0I zjrCeJJ^!_8y;@oL|31gFB$Aj-c)3~<01BiT@{C&&I{`XQ%0oRv{%YNm{V&LPZ0?== z_A5NZ{U6pll-QK59|man`PFwh^ZnJgU%eWe5x{^TFMpW;DYpB)6A?7^k_KgF83(5Y zjlOklkQ3pPeo4VeWf==+(2YZ@eeHyJCjbFUrKBMaWgZ7sA8x`I^*aU1%rF)RdCr7} zhh#IrcM7YDfG2!US2hLE*aie%z+J!}X^`sE#Ij8?*V68YO|%Z{hUovQfR4>ET-!uo z4{C-wcNo_Q`F(m53_uTRKr zYBP02b=g9btKbvEqd2sXs47YwUyUv_Qx(!qD_aLAkFO*tHolf# z&q8fGf#%;Ccu9tFKn!~v_?En-0HrgH2PJQHe#KV|GeAyzRi$EHG$ubCl%)z(#@FLU z*JS^|=ebxYm6C4yQ056>^|gr-sD96aOl2Ggkk8DUK&k)Qg@aC!IWgE|lpCWv8F%#w4G|LD1KZ!58&A-42~Pz8O4>@(8<$ zcRSG_k4R26Z%na?wJ_V&1eUDRBr^+DPxixbO{0pAs|z@MJPBi(O+i&5%TQvfj*&&C z!N*8eV8g?e*IDkXv)|h1|F$H>L zks09A{ZMJ>m^2Qy%02}$nNlWD@pTkLm2Dif#M==*>6a9wRF+9_*iuizp_lX$Pm;&4 zakj&PF+jtrh)bC%nU-ZUj{{4aIb>{_glH%+-Q3~NdRGAaX>%cP|mJF37q;M%(ezNp_R zU}lD~K+tF)ilrVTc}oLIWf}|08+2VCU+9h{1eZ!lgB;2{8EhKl7;v+JiV`?cnkcBm z@uZ+1255r`qL)G|DmRpxZrsR1)2lG|&f(NCRm`&Cvilc9y}Qo>x|_I0(q3K~NOLp> z4rQJUR{NJ}uqtH)STplDuox}gr#+H?rNAT~#~0VP#1jbhmH}gC8V{-;q&BEjLIz+a z>m-3!6>xQ1dMRVd{2YRWE=-Dx(aUX z0r2!_@kgD(Jj1Ce;G+wTtpcxCmzPN+?Bq2KG@WfMw8(4Hv^CM;s%aYbAn>tY({)V* zGNEer;gdD-OBQgFWfC0iTc=>@gdupTtW#m4W1I;R-bX`}8B+iUY$;~sWe2yC?|R=$ zu$)3LmxptT74f~g5_?k=Xp1jQZ1{Zy>|N7#ZY1ib64Fi2W}O1FW3}lbbOWkN8U@$P zJ_WLCOR{FZkAkT)jsqB9!M+kRZ>xT%0GS!a0+DeO5C;EDgGfG)g#e6JXmL~3@5~hI zEHuMan%>I9sg0wKXR$OUf2Nz2d>#kE+<->zQ?u+)DxPbRzliLI61gecf%qMk#439r z{4R6961+^XQnI@gg6}+}Tq=cJsJFtqTJGn76CuD_iBw=Wa(E2$!9uuQf+*t?Tr zFtDjCZ*T!+^Hg*mQ8zs_;)cGBK-NK4|E^+OgsOlaHF5~{J*lkzOg=Z{$F35 z|3Ay~MCboQtecEu04wDpH$+{`IH^NqMa6^p3eV>0XXa#He;!AeC}`zZcrFp83AXw$ zS!qrm|9RvhR5V@4Dx%_sg%v;SVNZ>(kIzqR_}{>Nu|mU78mC*lxx zvdvBOht4IJoj`(dmj~t_>1F(F#+mp#0xZ3R6CdH#kxs%0bzVQ=B{8?B@RFF-R~Q?N z&jZ|rvB*<+3@?fKeTJ9BlX(pr|MkX)lHp_z%<1yE;* zLY312JjAByiLffJUEgj7olSABH;GkaGq_k)Q9d>)`hy8axgpF0MEf8ZKu+mif>pqv zu5-63%K!Us`5T9s% zOvCs2AZ6{^p9C6NuRRGQwo!jPC^k=jZ2810eF}B{TZ(|y3TYs0Z$1wZP1~5y2}zrl zKXzEgT9(h#u*9nTA!D5dq72F()Djeu(@;p^`Pku6`kJ}gFv4*B(d`*!89vWc4Vi&Y z+j}|Cxpo%e>z9g{T2zS>w&b+Q_ER)GWBmQtfi?B^(}o}k8cLxJeP=?4hm5_)H}G6B zhh@~bm(9Kx)(T^Qq9*^beKt(H9}7aC4a_r@+MfGCKsZ`n3XEyR{n#E2S!>VJGik5= zKz=zDgwKFxsD0<4tIA?~8kVyTIOa>;wHc?_Jp!^hOMSdBS)P9j(kWPHAKA=`smk)EvbV20)u}&x2A~v+a3csdJ3St`#(b zo>mqYV^fzI-W(Hy??<;HW#2s?l=&e%Y(j=cW5|AcuK67@)qZr}@C0tI!p*snEp@i| zSSW0WJqKAx^cIhAf^iTy&-5yj>&G`lSz6E43d6v9`kvAWL>o1v=o9VqoUrTo?R&m4 zPTX3d&msRO5Yb_i>v?YoKX4P^RW}0I_R7m2p#l28U~+a&NUpS)$^lU zk~VRk6AW23KNf~EXr9Cf0WrEp&IkS;$iHtVF+lQUcMkfdtefYVDQVFB*nxQzjZg7N zd`4}Qe`iHke}vQ9`JZv;zeXJTIZuD5+W&6UD?{hM)!O>v{P#JY#rf~z{P$0O{tG`W z8{~jZbt1W`uPuJUqhV=x{`m8TXr679k6`6hLl4($2|yYL<_>SUv4`O*RmxnlreV}S zyMpRxM;rm>pY(flg=%s;gw9ck#vb=%yw7<2Bye{QZk+ypx;W=bE$83Sm8Qdwi+uq;@=) zN_MI?cH)?u7Z}e2;gQ{Z8in)2VFyUR64J|;1E(}%Om-%1Q_KIhzdx@OUtau9|I$Az zlQym=(Dco#qk9^C;oPm5v;HSl^QCO^=hhiYU%z=(_xf()`OfV|_zTRXCQ^6wJzCqf z(7Da4Pntm)lcU?*o6@6klQ?z7vuD1+An<4DvG=7#@Gts|zW+sz{`{&RdZy@qs_TvV zQ2hV(`a=Kn9M4#N&hn5#XT{7qd`;Q6>HEkiJKs^qDy7X$iB-9!*;PXT7Q{EpGodbY zMGIZgL|xIS>%>P~B0l1})5Hx;35M*6M*dvDpV-SfXiGD?@5#?A$|sNg&Cm}oNB&;9 z(f5dd={0XYW9WbC#@Em5|5d5h8yiFZUu%s8{eO-pMgM`Ci_;#Gy5(=<2!BkV=6t!Q zfhNOreSJaK7j*pz>AG|0v{499m+vAXN@6aJg+&4Ho;E&<;(dW=JxIJA@tfG(e1lh> zJ9jWV-!Dr8Nwk@~8|ebUZ9>ukMk)OHhy*HUZL25(l5=-+8l9Ve*9U+-h(ois4M( zK~|t7QBc?Caj*z|!#hbGl!RJ&rHkkA5uuC75J^d6GgZfmlq*s#<5O_1nXr9qtI{P5 zSYMh7EuJs+jNAX8)BdZmK6L+Mb!}n)^(@a~|6lC?f13S&&zBp26$=TgMdn^@5cLoy z<{!xi$b+9-*Yf}f8cQ%3xusjUVTwHR0I=uA&Rv`@i4Pd~2?kDXnJ}nr=>%{2unM3^ zgrl2O0#ifCRP+ zFzELYSZ0h%sI`S5O>t2v`#a*Lu+-+}e$XwEpUJo17M(!F2YU~7KxLPyQkRGa3Lw(h z^QGTXb(m-ApDqyPe87UlZjZ1Ekr;+qu&pEEmL)oaco1S5`4W|6D=yQ@Zl~dW>~VV8f{T&v?}rj(hHg#p(aO6#D)B7 z8r?@@r-t?W@6(WXV$+iKSbRvUh5#!wU7)P3`)11v+Sdf0K?AY|mi_P=c!DLSDurPF zfg`H1RH+R|0Voz>A4MF%qOZP&cQ&r1*NMP9b#E|a#TDyCm0bBYBDQWQ>9hZ=TBzudFFxq#As3FG5w|SmrEzX7w-Ga2&22t zg@2PoI^krG*+g`6^JhH4fPc1$XH&LNCE2u36DDx7=sgd`9FopwAt0#ce()OlylZs) z+ML$dNy`$;&WX4RNeL=`rwGr#3*fi=qIfI{|2qlB^11kTeDV9=Rti(r_n!xS6Oup` zKPAC=a%uw$;14^*N!xgMQ|4xzsmU%X@#s&{*Ow1eQlxtd5*`F9dRw3g3ylKt*zx_I^j(v? z&SoguGpQK{R+xvxb2r2UHX~*j6Z1KnGI4VL z-FrY;t}<$)vkB_{A6TvT=qf|UzOv#6RfnD>GiQDX!r+q!DI_y-pH%1a52$t$zL?R< z316T`VriUL&Ui2?Sos_o7dVHx#!N}+60EHGd%71nHn=s>o zgTyzn=-9a62FxiPn-B^n74ssPD%B$;9@a4+I7Co(}{?@176DV+YlY&;7un z*?`=SD^3wfA6Jw^Za<(b2k@P_fQpAb$2v~pazB6)rDJH%QTy2N*Ym*C(XSuSBOUE} zo{Bl<#jJ!``6g3-JXd~1l_Nr1&s_beP}XzwekhXl%vhWbCH(|V$i$?cy&*>MjLgFjmH_Q)&d1p0$V$r!mK{>-fYqXI(DfpM8QA`huN8$jbBWz!LwhnPVQ$ULFhIw12L z$d`@BJO?NhabjkAfu_O|RnqQ~Qw!>#%d_HnI>_?uE!0t!A6R6raU2SwJaaFH0wzD8 zSuS&Yei>poVU@;bPxmC} zKT&jL7oo$5T;@U0{B_{D&-(h<^M5)o$(;YJRU3a1>+@GV{rN9H{~0s?=)~c6{UCIn zppNPOzuEZDmFoJ&;{5M9o+WWSh{<*_Dg)aC+-gAgz>`x#Vld9QK<4I&R}G!K4Eksg zg$8Cz=ob=QS)sJhM+;X}0S0v}m3B^>r_gvOw+CXy_c=ef8uUxBkK~-I_-fE=MJ2nHJJY|=ab@fD z)Bu<(MX>!AW#Hf?vAeT(c64%@t}^%UrLS`(`0wlg%Y9vnZqKdauNUyEWnJe^c7NPE z-8(wWoo&56{W=%-V%TePUpG76J(|OnzD|BaiMR*+_s3ib|Ak?P+MO6(eWG0Ny4OJg z9U8GDwvP^u_x5*p#8S5FIg7gYbt!=V`uA;Y5B`K9#DD3&@~=y_=fS_u9aLEk?Vw%8 zuAMoE?A=V)O1G$#4s)dtU3YT&pK`~&LkEMX44s0K@TcQgl#&C8*G`ywJFr3{M88qvHXAEiE62_D!zM#f0Hb>+vya&b|iDu zWR6;?u5vg~smtGMr45yO<#w;o%XkR#OO@ke6!>D9QtPGqs`wUvZ6pwSZqF&wQL=wDyTqipyI9JohCxE_U09t6c(Ev0R(^VouisdyJfx3x=49Xam zjy1SbBV)9~t-fHKsURkCUn@pc44%qVWd-d3*mLV1yQ$$PNR61h&WQ?-Yf0mEE1(H# z;Pi|d6PPnc4)aQo$s(XNC82UBD#==K`<87}fCfl?p(^L~VJr#uH)_hApR&qnGnWeV zXkE2+%sPQN8-?#?5n464Fe@oYYRS}+u{7}kdzns77K>4-LX=99T`wME^wrAgTCsD> zGiacKE&3$iO(u#GVdO$bFXhYjP9py973bV}ba z)6;VjSWFM7uC|JT0Tah}NiXR7>PY1Fdv|9X9)|9_STofOEQ z4dita?_D1RcBa0~Yv*3<9{zY<*xujUJv?h3?;aE`zI2Nh&r?2Q)_>v%{seVA;{3N- zsV~ldpW_)b|1xmh)6_Bb{C8t5OaH5D3;O>o&)JnD4))G;@V;eu0iH35+_>Cc!RU>3 zk=6bJW2ud{Fj(1@6FR_l(vcL#$?Jp;ML}y{Sz*^%#S>x6zsJabD3Ef1MLdJlF&1-l zvaI49a)iGq3fe9m|Jp%&fG5K;iXI&Xa|}ooOESMgmDrBu3D?izH}#1QnNfU1*&=k? zd`T%^--vBcpOYYjbb3uA5CKq(ySGa1T*b&@bPE<4;;n*=)AHQtYSjq3xGEw{ltC+@ zA7wlk2iXiE;Nd#;)iHu#Vqc-@WCa(?A;Nma?G;B0OnQQc?}N~XDmg}^9l(&S=AcGA zMONqTod81!V%M}6O0=2F;cQdXMCuDqFa`r^^KjDyB&K-kQ*_0~&vL+I)H%<~sqTc> zVGNKGyD;_`M33Yi88%Zjy#)2Y+ZCrrZ_Yk!o$QLeQ*nH9^yA*n?v9F2xtfhj`ExoB zY+#Ob@O{e7xx>pisogxa@#bo}$l-rIL);@#2y&MqXr-i4NJz24sy zR26h;dw*;1U{&mF9c;bj0Gvkv<%F`y)_r)li%B`CZwvmvjlnsw8+7IjudC3@lQUiP z!`|ucs@OW&JH-Kcb8-aWaX6s_WZ65!v+BcLhJr&aQZoWs@csSiZqk;W-K~9qb&5SU zGnW=(;(x+3X8%_n7$wvm&RfTn{l8jS8?yguR4R-8|2dxDazf-${>yKQyomz&Rs3RH z>Wvv>oGjd>L1Ju&K?M7SbZ{4uMTTA&%Mbu9+bayh3w*R$PQl?XXl5Ieu?wbc6Mw-0 zp|jtc4*d2o*T=yBALc|bPKB&N27!jpK=?ULwJL(t-!NXxC)uCAEsxMhGJPLbaz)eQO4iE-l3+k%7Y`r*bG81nGD$S2Tr8Za-SCT{lDQEL;odLTZ*op zppI$se|4=kB>yk&|9PHg>96IM>z7+}hb|LV;rKTq9QdMG6r=}EA~K^9FPZo{!bBI5 zKf?I%c~J~RsZ=hB;*UQr$j6`J8MFRRcDHs8c1u0`De9Q6{~x;lw_aK3f1c$@nee?b zo?LE+;zC9oSRb+pmF-KndGS2mGiLp(i(sFmjtA@is~hW$+Cu;T9M6>bf0B#fr|JKz zYeV-xt}pI?dY;GfDOO)|&>Hyh;MH=0e-y;4S3{8pNk_~9v*k@pAhWZ-N=(613ut>; zD^==+m6FsIf4@8~BIL?SF6VYcx&b-5FD7zC%W7YvB01s_*^P zlDP3~0_LdYIXcGoAaq4uhPUkZt&(RA{PtDfvMIzRmnn0ZGFP9MW_?nVk2>%?Uccf- z09Bd+_WFU39%|y86cl+5$awACFFYj=)ZcE5BiRewr|{V?yZC)`Z*(f;u79@C8-LV zY}$bn@s(X1UrwZ92_5c?F(HaEaJw7~qY^v_kp@;OEV~5AR+-RH+3ip038gHZyKa0n zXyFu0uYX9*B7XeI@|7t_`Ki6uD z{r`EMN%8;rgId|kJ)r+UY9AO+U6x+e7m?t}xdtS+p)WlO|Gm%j_#g9&0Mpk0#?bj+ zt+ui7|9X~(E@^cYb2Wl13i=T`10;4onloy7K?}BrD0afp_+mt^HW>^GE~I{ri5uUs zdM<|V%<1^vSB_U$6@`vt2cd<(A`lZOC3KutWOL|ms;FQxoS0I`rQ>L4Ta${;_L$~S zO<&!fE7q0mXCuYRCgmt3t7?3vRFW&zCCG4LcIdp2t_8uRS!QVG%*|IhJcT>%LRq-HI?+7u<_GE8fK zlT|;twr*P1?j``RV;txYg6BVnMZd-!#)2tKaurywjDdSu54Cnm6tpHVPUO_+rOt zK@LdWlY?@}Eo@>WgdlW(b!_yJj4rY9mmnDHQ>B*cU(!%ImW_T8m*qi(!S~yiN8ePP zYgp%Y5Mtm(4-ZB#Ubq@FqX{y5O*IkwZPO>QY^Uap&k%~}$c-0psX1IxAgT()7TpVm z@fZhpO3kk_(TJbQR;0ewxXJJ7EXfwT`@%Sfdw;U8a@F*l2^r59$EZJO;Tc$m7|W1c zUP9*v9sQBnz)U0n%NcSbG4Mk?g~B5`1(`aqAKXHDKl0jk0npR-oF-O7{yPX3?-z(1 z^nFpqDm>B>e=%RxiE&W{L(9Xwr7a`KWXGwex{xO55<42Zd4iz`~PQo7V%#f@n0A5Ul;LT z7tep^GqnHnR`8^CJY4_ZsIILo^#9NC49)+OM*iUE5$8XZ%KBpdpW_*tf9?7EM8Ti_ zGQ;_QV<`S}wZ72*KFdR)pUg*wfhyz@?_2f7@X$3svvV$#T@`XUHdj}6z*>QnUln-;P)X}}dAo5Lp>GSN)Ur4# zNHlQCB$(uS3;rEQ_g~@mpiC)`h6LzE9I@kY@^(My8E+|PYGA(9heG6dsB^({dk)T8 z82+g4Af!B$CHK|svNXEI+tdPRJ1cNl4YWemx@ZLZyV8RFZklhZ#H?k&(E5K;&o6$a ztpD}K#?b!1R$Ivb&+;s(BcGgJC^BG8J6V8g;U@ueBbi1GB3F&CEDsHb_z~8pzqq<>$xvZE%WjZ112cd0UM~9Sww!vf# zfctX8C-hFB#!~?o>7|APig}pA6g;|^(878V? z7pYf|%VFixjNE4RkWvWaU36}IzlvadAkJuoN+a5FDIyXpXcd@LPsOrR>XtG?d=*5o zXhRB!MvDT%FEMo9_)l~%a{%TS1?BwZsc3FsTDvv^IcK*~Lc-%((k zve-tG=t!b1qsCIjeTDG~SCXMa4cXF?c#}-Y39ltWf5ZN;nP8u+4R;u&#>ev3^{ZKT8sc^ZLt zf`&c04!M1i)p39jjc+E$Q&x@iQiE!=Xapsfb)q#Rm(7f_=)mmp7g(DmB7WQZdlN^F zPn{k6-pw6|4+GCDJT&-N*W<5GkN>6o#in zOz9iR&kZ~t<>R&&c((X%cb`7f5Bw;%1af}EjloE&t0by-M+Km{PZWySgiDiMyrf2N zCECy2spE*tkw&(c@+^?vnW0UE%2NX%#~9lnGv{(A1D{9tQm&CpDsLY1%E^&4rVnN{ z>gc7YR_o9bJWdXgd0|WUB-(AI;VS$(-Z~K95bfo2IxK&g91mYA;)It8!-gNha17!r zRFhu{k2V|HUoQFDQpn!7!ibTl#}q0e4jbQ%{S>IyC7t&|3H%WZ;!Dnc84c`!1|SG+ z&Cf`xKt$Y<_(?QrNQywh#4LsC4Ljgnni2K@Vh_MDWwyk7-@QXZEzcm0veNDEVTE67 zSG!f7X4L}9%Ez1lM22h>>SAYd^uyi@tKG)f^fdQOL5!)NOf_U7NgZ>!ZQ4mBy3zgO zQclEylXzz&7tf*Y_@dNzdY3%2wACg{fbkj+GNKWzCKFAj<}KKp0jFhjb6FKrUQWO> z4Ip!}FCg9W^hy|tgwq+lWEyewRdmBF0mO|P(OimNIIfD;l*9p=DcBAO&d6xD@WfkL zC`fWiyE2}$ol8lq?Se3Nv24DrJYDd;A^Gn~J^%T6g#NeQSm=MB_zqJ0h zwy^(ymS@8J%dKO6Jb3W@*DCe(#rl7iXNLJ7ZSz)&u1d~qX9Uyq|J7{#?^7l*J^M^s|Lc{^`Co0V zQeF6eJe+a!}*9UtzSA|7lxoCnPf_Y~R`bX>)sPd-vpw=}h`76u}5E@az4_o-ip< z?)BE`t_TLNP;y>H{n9J?iocpJ7Fh*J6ofLFE?+P`kT>G~nJL)}>z}Nw=OF-7)_<+C zk&XYlR^3>{|9F5<;h=iUHnPwvrB7MfkBT8*89g&e~3C8B3G;dT8>r>3Z$J4060*G6rIrB zirGLKomjNnfT7`s-r(8hs(=D5x^m=~0VgU;7x@%n8FF%!?=h z5II!Xb_bpns>onS7K=tDQQ+N>W{NcP(SS^=PhG#w=UV6sLH-k=6FE>P9VB7&f^y86`WEW_f`(Y3V?Z6Yt z6op+!aPV=jQxUernkuz(NJnn2FAp-Yt3ICHc+$TFdkbG}UjQ}_H4d7NZ;u@V0NlS7 zNjaa}a@z&|-hn-D$TTp~Q z;WPI9rz!6MW%I(htbwQT|Bdym{ty0L@c+;9ERkoEzU*(CF8fzZ%I7)?SD(+ ziSPeI&&?;j0dPq?)g6G?v?sd-a4Dy5i&nzVFh3y!)xj?vf;fk(nlGMyrQ>%m{gwvx zsRX-EJ{KcdiJKUZ1~R`vJ;KMp^_MvwGTYjnZxTRq-ld!ut3p??f*u0BAa?^;>#f^}f*{KFg^uTdTp5*vo)0Tu?U~J?b~mk_-KcZxIrL!vy4zF+k+Qq_ zROLpaa!CklWpMS`f+H;wV@aqr915DWel@WL|vBG{FBQRzEuU6_q=YMO9 z_^;3Nr~rwDWReSvlM4N0*nUWHJHywKym}=HyjBY0_uu6OEZK`kRQPPlO`)^tIuk;; z9SV6?%3e~!mzR+HYok;ttZ?W?edEZq>r~7eZfMQtO_OuwKq6Nk?C_2N6s^E-J~C3P z6Ne!VdTzTZFVE>%7>1hzR>tU1lh5aK%JBrqfHaj;q2=&8-A`q-ob##u99a&}V#+$R zJkj|igKn}3zDR$T2REN`Se>8^8ZFb8H#sgD1{CK3I8UbWqOdA9ZO60j9eX8JNCw}V zq156Im;dx<7WyAWSD#b=yS6cO|1ZcOi~Ap*<&nI7Q$}7aNw$}>$^mdd z?$Wn?y^mdQa})VhG@RjUy14Vv6R%Yj3sea5CxECRo;QhOx}pg+p@RdtJ@{y%6Z_GIL{ZA{aaB56t2yOSw-1hiVx-`V#6iToe-il+Iq-v0|WeqYq~sEswDBHz2l48Z&t4Wc4=tnf+BFK`ho%e5SkY58&;b+&?W!j?xBW-;|#DtV()9|q$4 zRi*QdO2onZT~szUHc+Up)EkwRRh=8XHT1>Satuf|C)v?Jm6p#i=F>J@p;Jp-wYYU9?Azyom?G1&z`?o(v`!PfX7xZeD=V9v~uX1^~6fkZ5*M{PM)N30H z`Ttp-MAIjaCgcV1LkxU~0YD@7#!1uw`ks`gK@)}nlmTrDDTQr;5Xodi@Q&^w9b-nr zXzCXiYx{|w2d#f5twsNV9Kh85zmh%wU9T+S|3A+&%l@yYy)a?ft2|{ohOx_|*#SiW zlI+=hvyuV8s0A6A|9R;8#~UG^n*XoWvhm;Qjq2k5*JpXgtYw^L`8TyqOOt@1#Z37} zWL&J~Klt;Y^*>y-aIaY`fo1@%BgPOF-%$Pn1v8382+z7+)$c)ft95q(ctBx+yZPG>Zj^Z0Y z$eG7?;-c*!@ht+K-FvgOz5CZ!Ua%qy^GJaF<&o*wd8OL8$jQ0`&sH_ALQilY&IjEK z7z=dq`PGWp#0*CR0MN-%F%ontL`M%M#&qTQiDFR{+h{_S8a`CwtPJUs+>BH>LXV_I z%Dg!$FTK@p+^8ryn*k2RdG1>1M1AYlSN%+8O<1Be=%Qbf(e_HITB>kY{TuP_=wSC1 zwhmh?zRAqppMKApPXFbNRCAbsOg;ZyYh>+z*BXoS-)DLF%rJ8J23}Eg1)G7!Ry9kXThT6-=(4yF9)&mB{WL7TFw+N2~ z0*X&JD$l(0oa*$LiB0F3WhPU7R8u#l`c8X#^^oVW)qiQ~G+Jd;)K9o31e8{~mF_M{ z1xX3%?(Xhb5CNrA8k9!5n?;aZO1hWsUV7R6UH|u<`(ZxJoS8H4oO#~oc_y0trS1g! zk)>R`gJ4sw6GsgdJk+=za6icA;L)F=xebZ3<}Ycf3${Dv@(R4s!^AI z$jP}!&L5@+TD#0N<>B)pZ|@*EwudA(#ZnXFtarRTMNAQJG$DwCL+3Z)D`F_V4rUs$<5<31Dyw9kE zy+7BRN%7rkiT{@YhA#cb;H+EviXfS0GAkkYYaah%Qo6l<09n7qd-!*Wh??k&4 zXW=B*)19&A=|Y)#h)B9a<-nElrlv?O+HI;vjU2-`1QTiqUb}`(b77_r*!SqYpL~DE z9s_JfX^dHfy3xcb#!d_}y^$JrXL-gyVn1+@_5QCceb;*)Mb|&Y2VFFf8)Y`PHh~Yg zjD)ji{gH3L!(%k|7JmQa~%>e0o5HWA`Q3qmd4~(+_c7Mic9_qU>ZH%BWZE ztibsr_~WjQMlU()RRm#Va(@W_MJs)}(oF2-1608oZ6uQ)hc@x%Oof+lzKdw^OP6Yg zZtGIx*6o~Uz#-h5fsor9cc4BZFMV~G)OM|HP*i*Od+5jbLzd*_XXPHBMlx;at^F+c z(l6FEk^w@@dI8FkhivsCSU~rbN(U)l^`;Y*3%2OG&qcx~YU<%xD*yVGJJEyy>uiqH zaQ<~dKG&+B@hx7h5`oHg)OCF^_t)CRn;&6*Gx=Hfz}tvkHA%n#k`K)O(?8NDz)Qm5 z?9b5tHzy5j`$$rYgL>|v_xNwtIA5WxjhCU@&i^HR7vvP zcdCa)&2-+PJ~okR?QS$h{mt`OYXuo(*ikEOew2PlKP} zFuadcD}B|jn$_Ad8^IYPXRtlvU$=)skqpJ5&)_1~GL7-)Qb1+!b@>iSs%Nxq$Kig#?Da5^{pPt;hpM&^H zpXn*7yhL7XSL(84;g)mK`5M&o`p3)!$dSqbfG$7MBOx$}S03RE@dvLT(P?Y9I^-ZU z6xV(CYz_pM*6(@+F?FXNm zQ<0;_`6~u&#$SZLgXCDf8jbxcaJfz?v4Q!8gv$H1+Qj4Pj<#KLuBX$ht@z?M6$)IA z;_e56>+SuX-$BrRquf-(;c!=__4fqCil+$FU_wn}tX6b%|$e4xg%@N6gZG zv7glJJ>CYGi)7H2N2v-Pj|PJ}T7&&SvPDeK^~ghrVrcVTMdfy_tSN--p>zcE)KpP9 ztD&M-k_uzD=UyF2Nw2hS@@ zZRFm3LpSbw(`S@^VLN%5%#Yf%`VEqxhdH9P@KKnKm#Qs@l=V@mT>_$l7!g^Nz8CNX z>|~_(M+l^6PCy*8a8OB0eH(CRkYDe5%3pZOsPkZnKs*%uGs_kA`z)whr$D9bF{r41 z>YrDJmETKmM_3epj@q*uvHL=6FqOLh&n1EU@mAD(QB@j&u*szxsQxN&BQd#!tQ|nm z#lodY??7W-fP$rWr0<*W9UJ;CTy@u5p9P1HFf>lqQrGcKf=~=J-ZYTmv_`YP)<;~V zKj7O`evSp3%b(lT5`HiiXt!_H_;zrOU1F@Z7A3L8{tBk%sgh)XL)NZ6i_D72#z1*T z9H1J<8q=fVPtA}1Rplkh^c|*2hD^R17iVKbdPX`#$tuo^W=nYP-4D&f(G*bw=Uu)I zay;)AJH_v5v_yE{GV$dfJjl4o`GPY3Od4UqnS!Q{x97H!?`;S-tUpFm&-(?S&*pEM zEZO@Ei!|#`$DyqJj*;q_>OS65J%~c}ABr#1hl&Ut!ZlZ0L~`M5-6zj&et zg^n_vE)f^GrVSs?m-LXOI=+;%;jC2&w&mZkSPwF|TIXQE6hQyzWYyl7m6cupoo76f z^S^KUyTI-#RQ)GPE;~T51{hV;a&7(Fg8nDz?J&`%z=_frJ3KnI=VY(t=w-PXxSFDi zF*d}*>?ADI9{;>qA?y@1wRlaCHROcdRA~N_=ALtM@ut?dX_5!fQ#b%9Zz7TZyz$aJ z*w*bktvZ@iS=x`AjH-zyMg|9JEW3L_;#c`2tv1C`Le-!0l3{S!bt8GpQO=BvkvRR! z&v=M_iS0w_^Rda_z#NC{HMr+1fRvcbVEjxVW!vz0NmwR2%~QoIxzLyJCI9Emd3*H~ zwn+%uY?r4*+(UmOwPX~niUDxkd~@<>wo=ZuB`pbIKmd0)j{XWW<8Q7Q_^|}61Q>r7 z*bnicT2w}(jiXBD zl(;qiY-L_XZ12vFJlSQ*mOjo#b^ zCfg(=d<1BmeDt2hbC_AYM_ifkNKO^yEsQx0c~Z055c`4IuMqEJ&y6~h?vm1RIEtJ$ zqFy$w_0vt_tSCeS{-EjA<#nk*kiYJ0qM2EgLs=3DdTq6035+9q`H^su@5h@b`wF_% zUvMR?KH1TCeZIi&hk1Lg7j%m|pV4)%iU0YhZv0RP-JVj+cQl?*0MV+>VX4&%_Qv{l zY^7oF*5ku|Iu7}3Ylkp1w&dfcL&_lXI!F`RH-z$I@spK_Z_T#|r|1M9}BZI9qCaH~&S_ewCRLE7=9bpn>cToOI8)`;HGvrih_V#Zd#Y?{uj zsa^*Bd1L(DmC8BX4$KCUi9%Y3V0~vsNWHx?Tv*U!(S?h zjY4i=D6H(Dh9BQU`-{eQ^bb*Kp~$IASNQ90((gWNk3mue9JZoYJU>3L6-2$2K%Ta z160k;CkTQ$Wh)OPj8pw(!9r)RK4QfK5hfFA4x@&daU=6tq zsNxkjg3f4qLcNUP4wC-eoy}fQWV0>Zdg#fM`P|tm-C3yp2{lr5aS+z*k_CAxp zKDPJVCjQ1LYnJjy^aX*yT1a~=k@GuH`|0i~fw;&W)Ego#BIO)(sc|tA9fhbZr~#F` zLBE^>0ltshLq#_kZnS-n{-=p;A}TGf4b+xd2KE%0(Xr++4|_buXI z$JLF!oN&ME?R7X}0+PXlKYtEAxp9RqX%ItoMfwhg;uoBN<%h!s&*Ocw+ZI>pvz^cY z$qTod6`tdvV{vIWpdqBgR4QRI7ydYhRoO*!wu+!Mra`*TKh6d0`-MK2u3B5@bPGi+ z#2$m1@S)U!=U!#4opeEe6Rgf@x@zx0S5850pnHD+R$C?w&6sR4^E1srXziaNHh*`+ zk>l!ibOfQx;x8y~MWlO{{DBz=*={b;SxDTYpPj}OQg0l7!z=0#?5}~yAVOYTxt^Pe zoVyAO_tcB~4Pjl@x{0M{)PkfsE4nUw0s+k;xo0y4w{V3Ws3>pqJs1X~5`;O=_p z8K}#!66rL>M(1scJf;ixqB?`t3Q0LPv3Gm6KaG#ys;?pF&P|c`TfUWdHOWDKP9a3y z>n)TT1Mmy6xDII{*IU0(vA3e-cM-lqp?-Cwr(FT?-%^zT=ytv7r;D`%aZdq)BXFY! zOEK;e^O<_)7n)Zsb*U;f$u3Kz!zm0SVW}gq73i-cIWB`i+i!OH0%rntm>;W6D=VF9 z`&X7H23ix>`Xe8nmb-yKCTKNXaf|1%g6p=W-&y(J+qh%n-EmVZub`erWc}RrafZ|W zM_Xj4mX~x>%Xv@0$Ky`Ah*J@RGOui~&qPb(>Fmv3=wHuseBIN2-|moHjB@8HItsD@ z0k2)#)4DppmQbq#<5?(mNDinQ+%%O59kt7w-yAJVXSfF(+4ZsRA(Nm=lM}&&$^BZt zYLeED<^Y!+k-W*FN@zUHa7eVk&$k6_MWV-n+BIaDV*gI0pyk$$quQ5Sr+H7jfJdsk zMe3BZy5_99Mo2ezPMuEe`^mzf@{E}o!rSX9#Kz6$CKa%7De345^nUa>)w1%tIq(cA zsjp8lbRgB!%ibFuje%QOwcaDFoOVw_>pL2JH|Qp4bYj=#Hn$k{p@AXL9%HD_lY0B) zklYI7bb%Y60N+(u^X#*@nX$1X&=jKURFhqr{EzzcX@a|?n&Zch&*No}WqVpWJ1q(@ zJAdy#oR|8vPd&$~H6uGco?YHQ&g*VmR)q_hZxY0M#jd0yAak}Zmy50jb2qos zTLZgl=FL*Mpqy5M1y~;3&Fx5cw_ye8t|8G;UD{(8-`qX_w2GK^xZU17-Ho;kwSZsu zc(nTSE{xEgI`5qA>w3{OevI!ok@jEHmvk%GZS|z{TMzDe&=tbhQuuv3a_I`If+0@I zFA$Be@dEMTv(QeYcTe5p11G%N9r@UwxAd?oDF$6zGIY)p&P_$Y;}K`7+eQ|!zK?U# zHTl&-WD|OmZql4PFt3kBR5?_1h{Ba-O1A`8U4pf24{x^zznk`0-y2z%5SN*b^0mBu zZsFVN!Q=Ca_LcGW{>0<<+s(({0r2LK6WyxY<3y*A>FsXg=VdJOf8{oBXN0`nyTMv3 zjUqW8_nwr*TVWnWI)Y>wnyqVro3D+`swYpWPu%i+c%-Xn`;?@E*0L&VK|Ld#)rJ=5 zt776ej?w7}GofDDlI|x)wLyOH)7}oZlGQnp*jC@u)RhS+*{$9kp6D;5iJtlfmr2ks z;?K@Koh=T=ZaohYpum6-Lr~*%PY<%kduf>L?L5CUsmL5`lCb>E2H1#B zT6MCBm5F&%$L^5O`i+9KlYp}rui1m(sRT+=36`1mHpb&y@O5Ar7&>XKkZW=cy6}i2$dFrk-2eaG%Vy9 zyBupFwr`G>Wnedb6GtgI*}$q)6{Z)}gUFEG#Oc<=rlZQ{w6A@71o|8KCuc-M>2sUbH;$1O1EEF)mxfpXI^*r-fW<&0H))!1u37JM8tr)(G6s+XyyDPP3zK^&VZH29?#%o zvtqGRTle6=SNCowc3aJzf`T?-axQMC%gY^4`Yvl-+^)G8c0+Tj98M?1 z33|7>$IWN1$3?KxPA~n7wRxA(MbBjzhj@ElWcyrV#@yb>@@K~+>Cv(!z#%=yRkXc7 z_MMXiX}M(HKAzp&!6o}8&sMv+1M_5V$3%?`*mG&Po%4g2uNr&Tp@Pd9cpT|oB4C4b zSY$gDN9VFwS0;GTq(k3RuZPR|M2Kb*;XmZ|x=rL{ZVq#uDtfuQJ|l%p;mOp$`|o{| zXWfNl(7gp4JfN8uyoUez{NoVKzR%fg`59R)EE>K771oMQKSP#5REs(?*2Ki20>Y<- zH+zrPH(Pt-XGdj;&FW=2ZdXHPUQ}*|AJ^iK2Il2LTwOXF(=Dn;D7W*?Kirkv-0 zeVn*chl+_9)vA;FlHzB(39Cy{ueI6UT3*6;`<8Z7z^2A-fm27*dBhlXcIPjHb z$0O>g0T|XHZVz3ap;3#8*$D00{DRv8nVK+;oKB zlEf6fUF<@EmT!oKUw24H$oc9y*un5t)8ewU-77EvykvjgsfM`8HOet-LuhwGmq*vm z=KNMnkwLz$FrORPfNf)vDp#;8C-GhjxN~q?0an%N@7Hqt4Nd$`H3U4~(%+H$$>5(uLZ#A=9Q0Hd%Suis3&d?lkYRz!*jil;i2miW=+zoRn5oHJx>wgPX#$fw!ify013Z_fJVYY1lq8@8{ny$#g5Pl{M+vf*)UTOhM5TRPf1F5NX?p^8?BoNGL7 z?BC9ApB2<UfR}_NeLb%QrM#@sTR~TD!Pt1`0d8?|fSXQlRJsD(&qj z53Q0AED{MYAhK@}2x7#Dm*5*FOx#sKb)trX8$UY=^fRot`<-hBc8N7$&4y0uxXieZ zUU8(nMgOoVYvC)Z6jj21AiRXa`U3P~Tq%cJiifYi1s8hF=W0H4y#clsPGeRjeDWN7 zClLnbElw!d6OL{cJfz}P7nHbKo@+YdjCYL_x;xusvyUiSERs2^iKBFCpx|R9zs5YQ z8n7CattjMU?{XDfLSFJ!8T1k)J^O`E7R^ruValHP?y2yL6CSvQ&v zy@7F(A|%VCUNT9&A#r6J7fbLdC}oWViI68ipxT%lAPmlbi>?FIYgmB(CvqUMIB7)M zr~-4I%do#3p;qnnoYg}6X7;CDdp?QxM`yMiRhpa~7O9|Vm+e-eGbh)@D>*hMkHo8& zr&=g(={gw{P@BB(n@~w;{3Ux?K|m=p{Mh01aME9MA1;E{kE(EdaR^ zg(ncC)hS(=`2HHOR7YZoBHQ^8(lJ-N#Lv5G-HTg*LFEqrV8TT7c z*9C;WH!E?rHWIT-j7q=wRp~EjZZHgeYWtGP+a9U46BITyR0!m>b z9jO%cy?Mci)x?k#f6-!As6b52{p5`QMYN`wZyVK$o_$iIe&t%e9E~jy-2+%Tw9}zm zMNEL+kYxa*`!FkDGC7U%VZkfnDtnK3B($z&PMD9X_X8TWdhw>*nlL4@Y5TjzD+HZ z`@)FoqDjhpeGuB63mlIoJ()4)U0A`%y^&r^ZBMmznRG({g_6?f56KnMn!sJPkrKjG zo7&=sus#+WTqt4M)5-lG#5s4OH1OL>5yT!b0R*c*)%I=aBc-$HyPTV63dXGk-nPY; zfaVF9#tAxHv{uiXJuf-~ClCR{0=dE2p}eE7m6RgL#SAycIXNorlZo@n;#`pVk6FqZ z+e(Uiet{&R-?bIoa0FU@xMh;F4a}Bo_R=j2CU=DY5|r@fZVJhGYdd!x(!c#PI=D4b zgBuU(qZt^>d-vyk8fH~5w0rKG%`j{dW{kE%<|jgnNrNi}bU%Pe8)L1IAV#^4rMorr z?+|ON#ju258cqgk6gqy?B@ozm7$Doeg39oLd8L3N)>QE2R~A)arz>YSm8iYvVp6+4cqQij zkoHA7(8bV&A{Jd&5}(V%{Q*)|dGdjvC;+Vgd;@hKT({^2>|ZVM0n#b_Y}iSCLqjWU z4wY>DqPb%8-OsrUd?Y8YS27Ly-V_>^zo_y5GQu%`TV>QHPHC&$8&8Y(Wts5($!7B5 z!+nI^tPMmZC{A{9*}zV%Ob1nhKRaBoiZb4c_U?==_Vu(i{>od+`9lhw_U6lZ zhN{fVKZC12aQAyTV;tE!j_{(ceZO&q=!2=-Y)+GgGueM0dW~0kQ!3I4)~Tb+aTG7s zzRJKb-2fdDIevUroTvSl38Uql86F75yx?N*Fzt7*Ixo!sD)PMvJ7lKSe3l(D$gG~|yUUl%H)Q=aze%Mc z_T|Z9`mEW<=`t4+ru?II)1seweLY1UdkKktH!le0yw&A1>n=^k?s47io;$5k8m+8Z z(2IzcD<*F@I zfr->DZPdawQZ2}#UtVw9zSR1r>rbotP1GXtvssK_tDJ*xdB5?Qzg4%(<$v*n#B5$f z)iIE@$lZKyX=&L3Q^OKkc}H|jey~Wy(YkIGQF~seouQKVEdD`ylUp_7x}?;94nB#N zH7g?MYb)N0wG#N$40%4AvbMdfXsxY5#-o47E+>AjjlKY%8L``8Tv8q;>lehA6m-Vl zpe4?u)~GUyuP8vEmuTo$aQr&?DckLaX+u`jjY%`9RPJrLnt3wl>1fj`Wfyu(?)%n# zU!u`sok0Pg$jt(e+#xotvH{R4DBHl?@*9Y@>Xz&y~_IdTkd`<$2EhGofOH23<9% z-9Om#>pqjz>51MgSK<<(!)M+ry&Q?~5UaasS!2>@=*6wV-)IhNVAODu=}9y*97ybzi6sT)X}><-1XbhyM6h zG?Yax@lc1&eNULPEk0Ey0%YH`_5$f0L($?Ce6IYL`C76d99!RIA#%HG{<3_D5W+Ql z_hc+=9-Nsm~ zyvFLvqc=wjYCly=r1vh__uRttHq2!1K>1RmfVf?wv}Q;3N4a6`=M9t}+ZFOCV-`6i zVd&Fnys{fI?*_R`(ul%ELOYes_bAkONi?7LQjD40p-w{H%5(iR@)7tG>VOKTFEP1a zGp?+Bj!~OpyQwZz%n?v&T%u8CF*~Y*FJv=XNd4Pb&w2ShgGj!-skbew&Zr9J&lf`; zcJ2l(<%Rg@Z{B2D;=L=RTwD_zd;LlDf&I|7XPT$1(q8bgGS0WNFPwBk4c$(ZEKFT& z|JjjErD=`lr~P}5z?szVSR&>4&*Lrx&(hTOeCE71AIZKrE6!ffXtO-hNJR_SwbQ&? zAR$Bf^`czm0Bi|A1zWASAH3+cRQT|5ZuOU0pKh4{Z|N-0q|at=-YalL>dBT;G&w)* zEe=9TC-sCHV;Ie^T7%^~NsW_uXMsABhRs5)ry~+TBk(3B#61TeZg2QCq7-ThoiaO@ zBLIzE9I>}Egod}%%sl1NcHV5@m*xyICe}si>AB;5<94drPO2f)wJgD7owD9iHGDOM zoA5Sg5F4cS)eodL_Jk~pKw04LNW=S(=cH+zb@w&pa%an956y3J|A!LdtGqd5Mj=M) zD{^nRjsbOc5^FlPGGTRW^B!`6d9l z=9L^n;zNhhd9b|H(})=&-yTozrUp<$qsJJ2!s7C8w^sQY=>` z_Bl4J=XCSlB8jx-r$GdUxbXNe3hQ6y{O>IWa^2`E5C?CRHM9VfvcWe;Z@lIEXYN?0 zM7Uz%sE^%VpVdUm7W$lJEHj~c22i~P|fS4pVB)#HkcY3 zr7?nH^uiCdQCmNlq8xb|x&NHIUt~CcQY#8a%3bc4D~7+^XpztNnxz08W%+*_EQmU4 z8Mc~Uqn{+DW3;tMo79vBkpNILq*qgYLr?3a^X?=-K@Eh2{!{=`>EJ*@>2*d&u_nNq z_3?=AwWm^vCRls@v*FXeqR}w+yNu>yO#&rD%|w!>;(Qi6CA>GbN_c4v#ZiO}#re!u zN|JhiQUbqxVG?QzW4Z}`P(Cu)N}qL~PM_`XOP|%U=BQx#rmLx*R#mLY!={)Wh;5Vf@-7a*#d74@?_ZmHSs(~R5#N+tO` zd`cy>JUmL0CdM++g$lYU%91jgpVOmLQ;TbAYBbf8QxxBf{24p1*pE@vlvP&rFZ{E) z%TO_kqo|;%PMF}n^p!Zi*i@N6B@p$u;*mxBu=M!4D>SZ0@&z z^2h~D&);UWlL=oH%Dw}n_$Ycqnv>4#y{?9?1l6c7$S*eBYj)?pvKG%^cC_2tGFz|1 zX%dX7dJQ!FQ75t^OIP06q^>B;5LPu(@;!aNLEW)>4K=V+bX2NEw|5M&^YYrZw*nX$ zBwh`x&WLbQ_bf5-KdX27pz@|i9mbxLxp^I|Dd!vnY*-h4s5t5mU|qm8w?~s149jC` zuMrFX4gadu`I)a8Et^Nqwu0H)?u`Q<+h^I{LJIu-g*sWK@631o?931E-n+ED>sBkl zf!+tVj;LaP>hY^!&cBBk%N%nud z)T0>Qv}y6`g}u154Vbjv+n{q*#(Cb1H8Q$;%TDB=%k6e{;+h6|L{0HVRVO`(smy0q zP{Wn~@#^77_K{AQMQytPS!r_*%wA^zA~!cTW3$v^`>`ghkaS~PKqNW?^c4@YT3tS* zV=Qp$eHTJ826nG85dS@173u$BK^k>7WROGP9`d7>KEHRj;$rCB zQv76dpWu}a2+|*z8DlO146h|x6Im8PlRSGvx6mTih+8`KC;M$+2FWv#cnT0zTp1g!F1j?=ZZ9|-4_i6G8WjYsPI<(aJ&X%^e z!!?Hmn?Z3^1|1n)lpSV#Hs4UuW(e}7upb{QOcun;pZN#wZ^6ra&tJ3HNOuQaBD6Z) zd^z%Uf&%aUHBXxQ=M?d7zm5GN0-ODYr$hHvgshAzD5Enq)E5HFfEt?wIy znTC>UX3+ttL@}@&O9-e=feQ6^-P z7?GzA3XxTL%C5U4i|v}e$+}G^(S2dyAb}${s?ns?4D1zFl!Wx>P70B=H{w6l%mYQy zm|wlYC8t&RS)w^!wH!sZtXDh`-X~K0GNadv;Ey>k4aJiRW|TI*@jU-$N3Xz|x;pLL zoNoyT{DB-X?_Sn66WsOJ?2FH}Z^Y+*Im}~LbA;-$Z-Qs;YZYoa$)uRoS#p)J2f{_0 zQs&=;!1p=oeSe~_kU_t=Qoj-Ch>pL~zniR8(Qki_cUdqa;YgqygUk(RtB%339+!Mk z5k&b)ATwR2ET2FdBkFvE&0Fkm6SMg<)~jqn4WrRJB1>|MHSYOw8@chP9~Oh9ag~ln zIvjNcB0<<61y;KP=86q=8snIgA-Ct%wrB>9QS7mGACY?+MWmIJu3Qm`@Nyt&nW5F=WO?RVsG;$&7+F^~7=;V}>_P_JZrL65Snq}U|r}=-3ou=vZ zO5#10J3>?9za`S3R@#FU(`8{U54Etrxnw{ZdKqyo=BOU5RSndBd;*~3!wHbo(N9-& z^tt)#L)*Kcf2!hvY)wx4c}oZAU~-1N3@$K7=YNOH;IiJ|zNKRX=pg@2#NXTpeIRZV z0mdU4Vq)?ZwYYDhKMUTH0XJk7N#AU?m$G;PRF1hd$03Ei*sTx0*!}5HTMY+SYN?mC zG9JooRWZJ6nP=_d@AS!qdd+m}*cQiA8kW6uc`H;pi~P3xcfVj(Kk?YA_o2XSm?ZE-+H?C! znt{#TQAv8)6J5Z&WV#-O5;v92^&5FTw*0eqwdFF*1tVTcuk+o6^B{KESyjZGDY>xD z!*=IK5Yl`=MXl$Z_?bcH(G1L(xxn_o7A2m<29Kzt^&TEdBpz^+6 z2KAXSj%WYew#11$-<5NV#j`z{=J)B?X> z%yoRtH9IrItjy;-@tqmoxnSKTE`IfaD2dx4@s)Zp8iZC5DS9G_+d_DtL(e{%wwBB) z-oX9!Ke$v!K|lN6n!@*9U>FJHIt)Il=6_b-cgP~R1_p4jRA(!hRH z9jT4smLGJ@`Kfa-?oH>L*}v);ffXY0iLrm(J_JYX)E4H+2jY4ZKKt+`H#k_4K-di< z^yJS$M5Hf{|3~R2{J&z!I=$iK648e8MP? z(djG&pyZ#{nL!&b?m(d)!9ZfML=X_ku`9dK`})ajc<2d)eGzy92&D9R_#OC*>D0&X z5#M#R+i9uBuDGaSt518vCY)f(0ly;gTeNwkF+f&xnW?$6gutaIhsW9{j5Vu*}5MY>VMm+>jDjmM9R&gptCb#t4yxOkS{>J-!{THzi*e)mn12y6Sh!jP%^6mi&TA~0Q zo+=5+vo97kY%}`gDU!6Ao#3z^WqVM`V~^zBhka1p>y5upAkodq{|5L z=--E&BpZVN+q@Kbt&K_SHQxo&EN%%Pxr+U#H&DeGmHrWBcBrkOtns}BQvlJ+`gnyP zU#iS%L*o;EL!4+rXA&49(?J;ZrspDOt8&zm?-mOQhd|Z<1jg@(36SqU9PEDr#HId0 z?kgJ6?F5ct3*?7@=?A*=e~^wn0ZIQZU`0O!TN)#CIEV)y z!O6rEr*O^kj8~eup4#&n$`tQ64ARxi8>U0D*Ywq@Pv$?K;E3Z-g@uKv3NSK3ewlt7 zN=0<;i*OTUkhKBZw|6_cS_Y2vqG!F7zzVXryEeG9!FX!tS zoYWo(c%!=As|~?)sWN}r3N}+@AD?T9S|%_xMOaD?$sj@g0WXo~S$80*jPq__XdlGL zq*SKolV>#Jl)0;%p?a}u2!64PGWj4dLJgDZt%9lEB{ZwHx>(T$4qc<@{CL5#$JQs| zozhW9-Ag1t-e(pyPP|i0-Yhuy3S<=U@&UX@mGlMepR*Y7M`p-K<mX%ilYLz!0t6D7N`3WTn|7Mu@?ZP^Ai?|&@zJ(B6AdnmY`7Y zgT&KbKqTER7clz;|CjieJFqU``uem#unTS<7^p|uG1_nfG!Re$IRMWX1^w@P z;w}Xo@VtWNKY?Q-PxO)EDSf+Oe)E0Niy?5e#P$=Q2?zc~YCqa|3oML)U`vFib-4u=3~Zdub+{$V1q4 zN_L+AtqtyD0y|Ks)cx6O9_WvG%UOp`i5(TJ6p;nTr1V&!iMBMAh&g+&@fzPrQ)~eyE(p+{buf_uod(L{rN`aJDCFf9)^6e|huAEoKo)4kQZlC4}RUM?QBq1X8JX1Rp*pdtQcCh0td)+ zy!6Rc0v)lb;f-grgD74jbJ6sNAe`UfH`g!D&r(e{uKR^#abG00ya2+5SKNa~!`|o2 zXaNFP?!j~_~fmQ zoGcSRmRPM$%Z9EPmKMZ0(Y*^>vwkMZ_ppuJ-$^{1^dPJQ$p@e!fsA|LCt~6L33%kc z1>k-eWPbrhyQ@$B=2QQX0}yHXM&uu7Yl?Pqx`LLaE7pjQ)F@ibv;qgwzA&Fl=_M$a zn#FRI6A=g3oAX)(B|Ctza0`z0PjyM3H1ScXCJUsrB_N%W?JfOQz zL%U>Y8EpVo2@0J*a{FKWO9QL=fOv|`gW1y$ty=ZC#;zwE2;>4Z*$H^TJP>ZKp(g-e zc8WVtCe~xnLcQWC)9g-%PKXzzsDo>}$!+9w8zI<#vag>FPvnl60K4ey{Zef--K)hC z4`NIkf`KBPJ*WW?qfI#?u{*$-PJIy=_?M4EilaogpdVnnF5I?%^WfCqOaD{Hq4F5J z&|`htUtuUClP?f>b!hGpZdqJ{@E>{x91dtT~?uF+%N_|0g; z<3Q>{?X^!!gMTk4ej~?JVsI7w?X*1fi4ba%+GQ3kN#ybKe_fdk>fJCZ+|G=CMk=4Q zPsLfVr}O_6rR~Pnc1Ce+mXQ`pCFdNCl=1zd@%%{;POvnfL`8J4QWw@+nBdjka2Qa- zvi^c6LDA}^!&q$7@Qd~g3S;PUA(ODjbW^Ym-$H_@zcZ+1QPK+1f>1c2?HZJcr}EYjwuY1)e}` zs_3;OFAA^^dk{qym{IQo6so8a1Z5QZ-OHU0u46><;Y-Vl;!>;nvOBNwVKI1PX4M~m zs%~7!NpGlqOqG5VOnqsWW&A8u3Pqcu#a7f`zn;t%rL>~MpTGM1QK9kr>e3o(21srA z`cId`WYeZ*2S!(oYg$^JbxZ=b!cVXCIZ7U0bNeMTq?vaVOFe#nI0L4Z z@5}sSOo={~()IdN{;_adESKBI57zu%R|OS7`A&iPN9dDsB7^Ai~Yc_3&Uau_3mF@aFT^9X`jDj+ovHw_`?- z)BF1kv^xGR%dXb}5gl{Go{QoBPTnXLfr~3xt%r4q%wZ`k(n3a2Hrt&}{&%#1kL6@AJpVHvpGUn|n6-&O0@WVM!_wj?L8 zd7+ceRQN8X*{x=3_0Og@4gH7_ZRpq)iLS1cH>l60T;=aVVRV1OQD?%F#W7sRwoaP7v0ezZ2%?6765%fE!VDVj10|n@0r) zCYbA7BvRZOuI+bK8PUF#Rf}~EeJAZ;oKxUcYdYSYtw^+!p_~H`+P#TL?M_c^KBXYv zYBs=IOavc+E>lqjBC%?)zF39Waxy-`N43sC;c=!%$mmuNFV-?Sge$mE&kl$G2jMwJ-Pklo%lxpSE~rRy;tOn0LNa?wloRp z&^?G)ZVR*vdHEPx^;g%ePmQBJgOrFVY$fbtsQ-<_>A7HpkV|GbF~_AD1teU~`rMol!pgr2<>&arXUdhJvkp5I(2cr)qp2E}i{|7%n zz`sO#1kThCA|3Yafmelfh*b;Q)g?xP?Ih_L>`JwXTv&8RrhK+SqP#VdMnXl$teU=$ ztR3)tBo&h@3m>ECi&~AyJ|kjNUCzngvQkNHd|c$I-bNe)c@cZ1jZIq;wQ`9{=CGc= z+S*rQKI)Tl&9|qM9?tY>D|xm5z3j(h@jsW5Kdz6*-~Ywj!r1aYTmoU;W zp&zL{e*fneb7TGQNXoPJe@F?yK>Ba77^na8#WDRil9H?ljT~|=r5v*2oOxe0NfPW2 z|BdZ7hOaENw1#K2d<-pTVUYCUKM%FQkNASj9Ebmc8%95-zNEn(`$f6ZvFt~VO`LE0 z&TE$|hX0gatFCREMBhE@Hr4&(K5}r$|L(K<66LY@Uml;w z7y%8E|K@x6|M`4z?Ef>8k_huXLcSR0OeIMTID>d7gE~Z`$3!_-$vVo)|6=~@?=Fu$ z|NLruoC)Bd^IwR^f6f;d3gi5LBPnrV&;x`^GFGVhw)*S=yl_NSv=ln{vu`+=WOT89 zyeq#fl{P!J4G+es<9X%r=l}6W;7^eMEG*{6{QoG*Q}_P`>Ayn05YPWJpC9Lc9Zea` z^E~P{2szo*Bs)hhF$x)UXE=e3t|!b5G5$M#g0@2xqt9s=4YP)Z=kXM5JESI%dIle^ z1H4l9NZI3uS|zUinJ)2uW-^ksbh%C6m+V)z{6B0?b~*=F$515d<3^$Dwmh@t-u4Vk z51s$eg_#(JF?o~`9ZXVszPLIoOw@;3rdYB**bTC+wj5>}o^6>P*9b{#XYpN6ia)Lq z!_h~r)+5mzNvGvBe0FC}p;5L89R;p{3I-oRE4Q$`qH-=HbL@HINj?(|K$%jLmK7hE zGW+WYtqp7@XMfIVcDQz7lG=Pz{U8hzK+;`KZ$S`FCeGL2YU(0+m z;lPv+SB{T2)V7pN(icGuG%|(<=V=v{{^5`%vf`+PSAmwcA0q(gs6|!!({T0 zt_rSa*V3$EI;MwJ;v>Nwj~+n$FMzKn6_tLu2}7|>@10OCl|8Q@CyB+@S`Q{eg<9_KlLi;>^9gaDGOQo9I!0|W|BrH}ac zyXQxTs{p?J!(6MnZ{H$f3$IOGVxdCcuJH+;xI`B2>o_>EJ`NF0;lpNuTr+%DGJ?Rf zDxJV&B`I-DX>`C!t>&}Wf^fk_^k3t(hF3T$QSd4xrI<_{Bus%cC%lZ-+PZ7bI?QOJ^8(z|VH;r{V;|@)ZCLs(r$2`aNB^0r+XngrMhT4HB2~;* zJLtY+|M?I5EuJ+xa)ZQYrdTth)@HP)+89*IZC*HN?YfN&hCQF2xQf)DLW(PF7>FzK-yzZ|zFb$x z$pBe4_1i>b2YXf_G6KyxG(uE%946Fj7%!ImG>PzLr#>ggB$;Pa(R58hvg6iFt+`r< z+?4piB~HO2FRgHi;mnkI69DZcO{6~;Y!J#2;MP2-pwAw8!s3Ojyo96TiAlC0 zL`0!4yzm{ZSv6-WU`+!!Y9c^dXq?;bctUywPsF`~RV#x(pGe0^-Cnt9C=*PQjcQ%eB28yA znOt@zV;a>axk6X}ijip53?7}JjNugCO-BYgL$q2#h1hyTB_VP&XyzYzQSnUUW+;Ph z@n^+sSRokb!cN@6RiJ(v%?!KZc}w{ETro^giU3QgF_B#1F&?~5#lip-PL1slFhd=! zvAWghcw81mNoTr9!@yht?vV1f0-rZ%!d5UKLQU_^@)ei>wykzdw(oK|@o6`6;$J#h1ybeE>&wHm4*6eb2{Q;OyhB~K$l zHSdj9n_SH3R=0U=l3`G-8QqVGcYTKWr%}?e?*<#x(pz@aaWJ3=A>7{)4YH17o07ex zXefO?j&wkQO3s84@^JuY6>rZjH9K4{54E7H3V+f5zrgtiI_+T|V8Ho@Bi}>+FXqSe z|42&o{F5PmqR>@5+tat74uW_AREnku;v{7Gr3i8)!8O7=LXAH}g1?W!G)k2N%v1-Y zr_cWSYgwZyx6D?Chczmrb%6hcM`!sO39sU3T1K1wV1Knm9FuF;a;E!!8VL%NX6+gF zGZIiG;lt>FpW1y-D+wbBC1ZROGC(v^kQOBM*>4Z7UB+;_?`Rn|21^f?3Yll{!l z9zQ5FO9_HiaxWZ=da2e@DFS)CV%R|RmXfe2aINqPRw%cmF_n^-9>|bN$R3&@l>~fd zARGITD=_>;p4JbH?0Hhi7r_4mT|yr(|65!vj^jU!q`biX4|E9`bpL1b@%*2;?3n%^ zO_{`qZc9MI2Oglns)+&jP~_(lnQz#P9PP{iFKL%uVfccXEBw>AbuFrF*|WYG$aK3I zZucjxZCX|fFMKOtP1A#$Sy}gq_(EtbRA)S<>^usM65hV0w{KGM$OU>l*Tnd&ntKVS z7G8R)vfXpkjq)I&{IUUxCGh#ZDngXz8MjHh3)jYKIIgFeT2Z~6Y?ZWzLN>)pW!JMB z77P*tNTgW_{;iQ)I8=FVMf{5JQi*)3s*TNV#s$mE;D0iSd@BCW7xMA^Ke_BU|Ho)b z4@ymPbym-Hr(uoq4$Y)fEUGMu8BKGn6MM*(dn~@CaZZobbxL9?L9q9}j^7fxe^T;W z88fv^Hv_Uzfrv$(R2y^Ql)rUMuiLLi7>*|FHEIH+IWqNoD+9Og=ws?vc^$^|35V3L z!VZ5Vy40DY(b?Mbt8(2%!Jd0-dLB3XAcarN7og@MSC6U_;_st88fO)iU?TFaS3D7U zodhkhD*ALI?{!NjVawYaQi>N+D{zh(Sb0=aH`cghcUa zCX$F5G22`65q8P&gqjq#h|;7)R!OV)cIJKH8LZ*DHOnOIr`!-Q1&JI=nd56d0r?}e z_TyL&?jYSB@IU_%C??WK_*iR9d#ITZs_()eB|}&I66y5oQ@_K2hz1fY85MOLm#GPi zB^=^+(>;RXnXo5XMRYIH@7oB~!V+ISe&IEX+t5;DjL=6@UIhOSa0!33{1@>5e0D7V z9YuM;{eLq5pU*AE_kVG5tp6QJ=@$$(Nv{_1jX^fQN3$kvJ#NuxLNXJRiuv0TZULg2 zukJ(u+!{tqoqh|#TNrH}tKIUY+h!z;VjlJiU*b04L zb=zI3at^5!lE_liKAM`?+}4G1&+7TOLY(_%%j(ZE5IBNK zn_lreqdP4*ZPKZRe3}*dDQE7QUA$a@?J~KuO#BU8uWi>0V5>APPNen`Id@=HJj=W_ z+2jw+PdaYH^Apzr8l6Q45A3f5^<{5A!#xrm%BmBpTb*@Oqf9gx>aEtNMwAug@M6Nu zIFS0x@XT0%WZZZadzd8h%0d=xKY?(C$6U)`cl!gq(vYjqEl2r_lV=LLIh!6!t{EBh z@Et7c4&});rX$CY8jk{=?$oP)34j=_7;}meUgb&}bZdAP=B1e~CAT*y*!7su``gM3 z-v2TdWe*+j@co}#C}!jQKe_~u@BdMh$Lc8l(jV7>s;omHu&CSokzZTNmX6x9k2X}yT(`?77qE>j9=jeiuM2ar) zAk9S9P|Vqtnha~Av1HBUeEtKUuxYF?Azn?){0=R2-41IRUAlwN$&m;PG8W|)u6TVR zK-(7LuP}+EXat9QDVlIAfdRFR2#Fx-0d}VWV-bnT?(Xg~1`RgjdW|`en9QFOiMM9u z98bCUU65ZjR_UU1EmTK5%538fy-je9F*`V7YX|%5J108_`|xX% zt?Xa2k30M8X=YmJ!T`(I_Hg{@;eg9%)^N>^O*1k8DW&m6ZatWn)97F(w+3neP>Igq za;5YM=s9G-4KT@Ut7QcS_eSlR6m)~3g)S~GN~BA7?}UTVoy*8C-B*Mp?YHGTm>o33 z*v?c7x~ZBT?Xx95hJOs`r_yQAM##)~Y2gRrcSt9Lh7Fb<+9|7g&@NCPtnFG(5F3!s z<@UHX@D214k|1OX5M~*L1~AncP{>i&o>h)#1yxR2N`dGV`9}#{RJK&KmL$7}Ts8wJ zS7z?&8J%!V;XtkrvERb^ICyUJ5SfDCbUQ#g;dp#$nhC=UOc;zzVn~fQ4IgTm4)eQC zb*ctKIws#=pYJ8lS;t!=K!=Y3Zr~#%=Y0Sm+-aQ24m4vE$ttZ#`G$L#VGiB_cv!gB zl-w060Mt-8Dp)3hoC?f5H7PojkzW*iAh7KpoNSatL>R;8GRG>OD8&f~$>sX-E+cEW zG^I$q#cs$XlZa1fn{;6vpp1ktwJcIzK9Fzut=hfEr(D(@p^_QBFn%;AneR-2FVUjc z;QmNrMMz>x(p(G*)x}}m<02xC)u;ke^dtwW#zQUuIS!&vb({WX zpPVQ9D0@izpxZW+-$cUkMBeZvt(7%BX5>AOai086cX3Z{To=LiX(JTNCRZ?F?Oi;^ z@d!0%bF1;Kc^T4>DDFLkb66xR#3Lx2ntu-(iWW>@|3t@(f zTXHNrO|gymU*Y1Bn|_*GZ~5YfwmjlVWIbf9Z~?@V-Wk)2NKzjh4U3j#7TJHOM0$aE zrC4O9_u(A0N(oQ_Rr%~h`W8 z)O`S$BGDso?+GhS_v)m%tYXD$bPz!jc1p7eBGvE~L~#S%!Zb>XSW+|L5Yw4A*yIn~ zrJw4ynvkK)GO)$(QqkFp`))bpt+^-!@oXPO1}|2~jz?o*@m};D zsk^qlu{m2!P-%XY_&CxwRLP!^K=BIZmTSssOX*kK&=Xd@aHX+;J|e28Qi6f=i} za~P&ZplMWQqsfz?w_)en^uvfW=yxi*qa<4ONLn@;e^8BEw61Q0NOKz~$3soKYBUTl z#iM6yKtkxY+<+6{yh{d=e$v98FojVE{8%fISg8qE9>L59CaT}}{YFtY;<1~0?Uf>{ zV*;azoW1R$vOq17ueY*pDdKp157yN^lACc zFcn_BYMLb-N17E(qTDpR777%~I2Q!hnhC6HbS>hGBR=J`5B>sm^M;#}$qF2k< zg!7*SutpvI$i#_F!Y0Xd0j$R@BJ>EM5WSougIdEF44fH6LBF)}WXpdbZubI#d;SOq z+yb_O_ML;3-Ho&tAURP-uD4>K4c$qQ*@bb|5(aH50Gbzz97%Pmgrcctpv4FL#l>yW| z#Hn9c>AgnJq~T}Gwx#qwV%<^_lsf)p+D6+)+Q#B&Z!!$-Cx(V13NEJ9FI+lip5>z$)V?#iK5O;Z z31jKG%MuXhfNA512TgAPehq(xQD6wCPfzg8yK7n)m@}fM%g`=yI$d;xd{UReG(<@M?yaj_K>{h126j?kl7Yr=-eFN1zO?W z6?$-i5E1JW>^r~y^XN-Dy^p?$Iq4@8mN#Y>aM^@l@4pD6_OBDMYWk%ZURug_68InY zrqd=L274OXj2=-Dsi~J)mzVLr8*Bn6S&Q`=4X)j5G@qyr7o8~)tdNYt)njAae9vUp z9Uh~K%VJ69iUQd*leiG0thj7;7I|Y$@XC1#;Cd@&)exdy&%{`-w$Ej`fF#MfLX#ws zqQLahLb@7hP7Dp3(ibrFo9qEOzX?<|hRYI&nRgi39u|!Uqoo`4MK9Ac(h-7;egsC3 zk3tL%l}++F+}0frqr7LvW(WW0W%d7BHpWOFkGKEKFDw+s_Mf9Dzh?iVCLjasKj#;7 z@%Uebd~O{7eIzAf|FKdtTI_>Sbt`Q8tpPtGb|0$RS`*0Vz-=RieQsb>7$53a?}oAx z$-YUl5*ZtbjEzKI*hoYwyeIlzQtFv+1{05|j{)(A_#j>-jIKBFv>;oWYFa#z#OIpo zR1ue|hM;$VK2=JjU803_aa2@vMoAPOOdR$e?XFH~F2}X4 z(wjE=?0xi`WCdqTOvytE4y7U-479TpkF`a-ul2r%17Nl;vlZW3k;$c0G=trcnSVb zm#ZbY01o2+vc;bG&-1y3G5Yz$)Iq`UWtL(T!xm`ttP&C^*$8v|i8Bg^rcnTAB>ZJ=cxMb(yjwt^tVwe4SV{ zSY8SsE9{6#mFH=9^(1G$+d@C3=aFLjs1$}3jpUkA#^tiNt{ITgyXC7U;kaXdQw}U# z-W(q;+JPbGO3)jc5=aX&GKLQGlO{Q;0?t5{DjL!mT)|J4c%-e9j)`Q;HW@+)Fz*%$ z9KuM)lYD46E15GjGCLZl`o5NCZiQ4|p~cXoBqjRYPzmIY0+1M2*IQKsp8?&(z%uMZ z5FYwVT`Lp^XS9XT06H-VNWU>8pG7U#ZunO+A*I|Y#68`MMkXWkO72jfp3$kH#o{vi zp@)M?I`}MZ0}@gPgfZj!W#987R(3R^CEDD!;WsJE&ky!j6G-~MSo6!xS3($(;8gFe zR?DneF!GmZOm654HkF9#G|12y$l-~w_~s4)U~pBGql1dVdGGsaeHmiL#IfnA(A$*l z0JXpRw|}w3$C+A(#D)PHzeM_q#UBeb$Cgufr%|aIX@`Cwg4SHYQGWWZV|EZTi@{1u zjM&%w=}*@CMzuEaXN<{@lnFL1dYDP0FOU^X#ZV#+#H>XO19~I}ae#UImg$2T>Y5w? z0vt2*;~w37{Y{jC?bvvg*CKK`{y2eo?7j3w)q%){*BhDv`@0F$arvd?W%xhmf#|OT z`M+XeAs+uVTU;2&e;G-coSpqu8bDS11PG^X3zalL0K*s4Z-JB=D+|ZU!hepkaFVs) z;%pgq#FaG+7lR8X89|Yu7zhU8tRsBBeQ3p%64ra#6LhNJEUr#qaCcxbxN3JqR3YgB zq<2pi=T?A&1F-RN07&I9)9@`Gq@Ey%;vhN!ifRL~Z{2*-j$Qe7eR;^ZR?{v_J2 z>dmASL(A)N_nS7%!a}&>DY?vQCyWa~*WrCeImkmhZG{RQnZy99qJ^3WYlGtwAUxG~5ow zDY|W}Xr)}~mNA%sSc*{PqQgrvo9c%?4Pi>t2!L{gu6Pv{SgmSWx4P}O z)?DJ0bunjVXtp_-r5W=yN##YYKBF2!#Sjdj{|mXrLX7@j$magH)BlRGdhrpzXo=YW zopdo7-zxgJ0gYaP{|*=UsW=Y&G$zykVK#k9HhO=P0UochYx%mKG0~zUBBmT{#!-ya zf5>*DU+9cIbR%gaWp2du3b@0^fhS!_sND%E?}YXIwk&w5^wJ>=FvCEqhKrX+!;hNCfb(C`43|tlvcq|(TYcpIw2k8 zfVP9~fs(64!lvRk<7C~0IE7MKN4!SxIeV+*S^ zq!tl|6m^s$AeIsMBNx94FD4N+Vdl4QMOI3I#RYPmeh9f@^_i#^b0BpQrzvE9T zVN=5i#M7|hvj;<$CS~y>3L5)Es*(gy59Rf%TlW-u6F)%ZA1O2`KVPJqm^0w7$YdA0 zlL0<#TZ>*^6Of^~8OX&B(+|&NU{8Q@HN(0+&Fb)ksxQxQd>b{Z{Td~pjHJy=ApY2c z_cINKg961+gxU0vLJ4n$Z|u}J6UUa6h%r8|gr;Gev3CmK z#o}~@wjy5>zJ2}*@FH^6$b`kPBoub3hepB|iB0s0JzbXUpKd}4xDE`kcEM~{}eDM)Stu?f9!M9=?CA1bVGy+j~{e`$H_`A^>Vhx^DrHvVINF`v(m<3Em~yv+Vn zn0vzslCOgS_&=ZRk^koA$MWCN6d6xBO3ADJMC2b0Mf^LLHw<+rOzFNQ0_SrSE^Y#O zH$;$pDq@rH!EHM1qiOj-r@y_vp+A&W!lSd1j%^agHVH3jlb``O@S@Y9sEVL`hP@N; z&Pwc{f`*L9cI_XWln+;qk2ltV*x`?bXc-y0@NKA2p9mjLq?E)jR@-tYCngz+^9GBAo<_oLcS;db8#I1Ya}K4{_ok(F&!|b z1IBc~3)2Don{|HHHsn!D_?~R7B9+1xd*4AHhn`!V(PSe1@A?E03Z}%zjUl+0qg?Rj*T(LMmrvFA!lIcIW zpZ^79pVq*b;2RTszsecqk^J$*(Xnrg(ZQIwfeQPZsAn^}=M}u8F7CbGy)0IYCxV&aM#dGCBcbQHgnhBQ^Kh3Q+T+^%4bNoe>>mA!p@zmYzw(AA7{I>DE%SYpf zUA_0sxLIhX9U87gD#VF;(Fg|`&HSa8Rgf=r7D0WW15;>&y+$!92}(LXt+fIT3T+fL zjev}&D<&c`O0(XAMX}mpRT;DhBTT`8uh&hU)lWHcM|$L0a)m99&%R)=*SE*rR>if` ze1v~|WoIFHi;5XK+(LWUz4gtQwQ+l2K3I zyX{EdU-%@yvJ$1}M#MsY5J~|o5L>RK7Rb^R8c->h0Vq#o)bMC4cmw0)Q%^Kj&ySwPjNFQkZ(WkMAQaeKpfG78cK8EPqrSqb7EkBO+UN>xi$nJ4J%BrvE7_^R5 zjhfaEks}B;bVcA1yu#*S(>H*ofQJ-j(AD=^p(DCle()3V^C~TANy5>SvbVD3qZ9r+ z%8sfv~!>tMQM)!y40IJMdj`Vn#%@ttFyYN~@(8r73 z(;*NOez)3za8t#>kR7I2Crb5-9wl&{$KPol3P8wpbo>X+N+V7>5I9?d`k>JJ2HH>t zrq_Rh9NQAi(g4$=S1SFDZDd{v!nILqfP<)nTv!}FFe9^JtOQ;fkLg(Fko0|L2{|phK>O< zem5P?p752J6lz2by}4+;ev4p>(-fXUz~AwBgu=nfaMV~I04Ee)!derlWpXmLD$Ad z6IxF=>P+KxfGdv7XO%)LhG3v?{!r&xF@}9mtTvz)-efpU;sAo*B`)PX-vR%f;bBBE zl4#Sc-rx$#X-5MB3JmQNY2DQ`Tj&H*EQ_E_J+eVdBVr9$-Li{|(3X!W&d=WMtdg+y-A8RQ$5dGYl zoS~|?vdOR;qGKW#t~j7w!E2;N3;^^1RTD@4 z+u%$r94%FE@&|GbKQmzv0p0c<`DtyH)mPynhs^^Iip3GJ@Cs>uD~Sro z&nY~RVTW*+`KItOr1ph8kY9;JsOVI1Mg`@KK(u6dsji%&X?S)QWuYO>L2f_>xjgd` zz_sA}M#ChLk!p^}E+mV%XL`+brUG zC`m=4t-BFH&dS|fmt+e1m_A|CRt5+M%zTAppg%+IRJ74_R|KxsmY^6l$!L7HFsQoK zqJ(2WPAB*|Dat~NWrI0zkl6w}F!44b82e-5=j0Dv#PE(yAevLuSmbS(;uM?vIROZE zV&dmSvV3Te&_l|I1dH*72k!YAqmQtKM6#oQr%4hL4CF0nDS(zfBj6&J*Z{QY$H$?) zdSE!cvgh6q5DaGr6e0G~51To1zI_bXk1wpfxg6~_p(ASRrmOjuE}DRF6cpACo#E|{2KS(iQ_ zYWY3n7<8G5Xpv-IJwT>kTVh9hF7t;;gy_e~GI)`Vj8C9v{4(Sy3@~|D&XrPwb3sxz zrSm^iu(Fs;0ytGA-hz#Q)$ViZB(D|+T=B6SR0wwBMV}+rZ;V2A$0c@&Bht4TxAAe~ zjR+IpMK=RmqZG|ayQh6N6Q673?T{0Wg5*<{J`pG$qCOuUlNt+Ue~cdK#|;dZO?)03 zRuah!w_U6D+chVtW{<&!V^tXz`Dh)st&qlZ-(nVIB4CMjNG0}knza+E82 z-}{D=SIXh>@WzTmQ`kOoKMHm!-B0_Fj!EOwp>RCim*+}L5nDQx^Q1!&?$?Y^OT3#_ zQAmC!ulhDnT(%h%C09%oLUB1=bno$U!hlg>LLI(gBpHpg0i^V->!A;RDbm8#)s@$& zNa2&Z&01aj5}rsW`QCT@BE-xULD*KL?c+{`C?KH@)|37ahXDi!>6?Xwz~?fEJHrV` zqefY64JrTUvRY5%mB$5HKi;K9!PJHPRW-1a^?r(o{1Vl7e&yG@d<*Cn<{Mo&U6&yVm-6`jwyyt zNmOxpfo(zB+#w?qd3a#uV4z(2?lkoFRbv>y;VLcCkvOy1Us{kdHPw(3;!@X!4Xl!{ zk035z#I4ezEAVfZwH1>m!>Y@d`df9H#meci8WNaH*$5Xq{O3RHH+dMtaORUC+nW~y zLRM`?q#I_hppRF&GQ_}rPIER>YX$WoQZXTx#O>I^q=6?FrpQ+@K3ixepoZ3#sq3uN zBEhIK+5(95meFt(PzTjilBd+#Jjd}F6@&&ldBoO}0*Bz%Qez7Hh;qrS4__PGOhx&ylPRAfsoP0+Uc{4mLv8tX`|wjBCU<&%@B=} z7K_@|7%L^k>RlzFd5i;x5>V0nO3=dp{q5&OH0D$6{DjP*e*9LPZa|@H@j0CIPPK_w z5x?@LIh1o;>}%0u{K!F!oQ1x8>QX;}8~?O`%BPP5Y* zgrcDDymvLesH{QXBmKg_ z)&^}@S}9+}t-;e}K|tVH=B+k9oqoWv4I0pa6kw!< zjSg?Mhs1bcS}%c4OQz3a)%yg`jsw0XtK~Z^v0&8hPU8d9WSJZLN->7gHYqeNQFK=y zDuFc0VIoDM0;haV;7D7GfLlQ**%VUi8WPe7Hen)@5D`m~Fffc5)zDiVpN8-C^MW75>aP3QBeeFxhb+K6baAuFq~YAPv-7ZbN89xKA7r#Eesi)fF(5^*N(=2M}I{osV^JS zZ$iCt$4LNS+01(+l7vkH86<>e$7nkd@T{+|Ft_|Gy%#aiD>O;5NtJ**i00pxE%z`g zVa0-^pMYba>?4$4nCy`Ai2z0Krb|j$pllo{F#iMJ_EsORClmO5*T<}(GGl80ZhGrJ zqAJQy!>p)J{4O%~sBB$N+=)~dChiQMkSxM0+b$>PewK6}IwGxgk` zh*-kk2_psi4@2li#;Y3VJXwaV1ni-4^&79AEm#_15YH+}{DE5S&KhN=sr}(dI8=vlnTL^vHmq+NO(^^{C**=6GIW#-@1) zYaW^>dQVVF=}23GJe!H`@^AcB;V-$2Arv`8cEIns`w}?jSmhK>?Q`$C+gt#mTsDsz2v*(dSLYrG6>`bG>R~NCJo6M_2?=LB`zF9XA|+t)M~^<@xP2ljgy`a@Wn|-VmKjFA19DaOhSVquDiY(9}>m&Ed7Zl#E|;2 zl43tjB#{U-j%`(~K$uIbg^AQmRxpK3n2-({en0rzE80X+`D%-n-u<0bIq*OrU_p^^ov@hHL2WqEW?owN;dh zfhMR!(_}3xd6etz;u=%{Yj;U8L9uzO=mbaF8g+OP2XpZ1Q;&>rBCE#5J-%YmadEW4 z!3=B>IM{L!v0FZpmZM`4`>K!outxl{On%z~-7vz3aj(4YbYBI@#}TV1S2HR&>J>)_ zBwp{JxbRo69@kI$38H*@n#eHrx_?PiC1Im3eHeOd)s^>ZGV{I?!LjKm?(;hqr$w+0 z#82q+D%L7?)p18-G~rfcnY`^{Jv7}rI80um?FhF6H0)6Pm*5Ne)V;Ygr{u*;hy<j5QTsl!D~gYz-z}AB<|0-gDol{XxZ_5N zNlj|y;9jd~YbHSX}c?&K?5RAg@DuhXwO@>}WeW)TiF@8364{b90jf1lC11Ens4F3>w2nR0Ia^hYc z=_DT)3FRs?8QCn8L1bDr24IR3N@;XYChc?_TjZD@8w3d*M02RT6v{%SD(9rAOcD{@ z2i>cLU^HsnggJU*z4djn0m#-sdC+H}kI>NH^~kGwox5VjR>|%#fBpaLy?KAz*0m^l z|9$)vF!fqd4oS_j!^Vjf+iBF}=~+&5&a-tXkc1@EB)|fsWY*FB>~~Fj1VB=A`dOSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Qd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e z7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4smIax`t*zzhNUO1`9S*PjCCe01sIJD zhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@INV@4sXX))SZUfk+^b;h@J>cr{4(w(< ztfRzSwzroRYx;%snZER@(|0(rIeg1nl)xeo9-wd>L)Y=SD#1u%fNt28hFx5Zf)2b= z^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qa zy5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58 zP(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_EtUlilu4FpSEIZX0EYTwrTe&zLWHeE-n z&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24Mf`w9(+NEu8wm%ad>5XM$c`are_DRX2 z7Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p!Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBwqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK z5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*iWl@-?iKOL*bGY3O_EESe(B$iMZpEsl zq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb{X=U!C_kIObn`ShM{kENL(QeRZXfmI zu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuuxX+VY*13t08QRA*LGJ&wKzaX2GrJK0p z082o$zrI$8FICdkZq-m=x5Yt6v3GyC3!z=(lt#_? z7hURp^cWtLc4_zGfhSewcrCc|pfGR!&h%rsKe;RIu68${WEjeZYTP7;qkisk!-Zez zp#PD^z#{{Wt<7s(V6~S6Zcw1U@?m`W0GR)hWzoENJ-A$UJWlAH33?nvz3FMAe)ujP zk5Octj#+_4ZW~tDmmSehPPC&S26Rh6yPk`U+n7AoUV4w&x8n;O#@<5gmsy;sD1c~! znW!=h!y&pyLg|zxQkNuX+(b`>xJ$CE zojaJ+BUwzr_7@2q2Mhb9ea;C5+Lg#zLH|q8lbt^X#WsYgicDKOWHJlagNCEISgR{d z@sdRSn>Yp~XFx$#7=9h}R<1Hv#BxkI%o(%m<>bvnc=7G=jz(=TchluW@F180?>4I4cYUVF_TW_p zM&|_ClcZ8SR*Ff=>%igz>B`YEiA1yxD^|CbKzaMP(43TP{;k#|*2+2hYy>!qhU2^h zT6mtu1FEnT68XV@@=R4MD&KVcvX{K0tI1Jv%)1z^D~f#Fj8>SylQOTmk+ zy9%3psLJQJ>@ATX0t*DoY2_an9*MS^t480=ZKOOii|txYJC_`_7kpiPmaz(lOUSyK z9_5XWt7y4vO}^ZtTxoaa(r)iIEZj%a9NjyHNKy5nQEiyEAJALnF@}~qoYylRS0#D!8=B`PrrY=Wcv()K$keW21wYlo3LL;@ZtdhZeNo=9@v_=gdm(wAv z_5#(@JndAQ*%z2$JhT%~;yLar3%YRvLCWqAK|J}UNy6!f8n$Y#ttLfTdkf~Ra)Gl` z%Gx4A-UvpysD3T{azU6$BfiOM@WoyvmJ}Mq#(5>z2ZNZiGgIX{Rj*CuEI1~0>@lWr zc<0d>+gV?uId$Jv1sp1efLX`RfJwukuUexRxO)KnaH}&pBKpk=##V|DAn_ z`blzaen!HPN>~?n_=SsV&S3@wE?5E28`o)^f>fV_ls!bB)Q_=WEB2?p8Z;7nQ*OmCR~OYDdiEy4tX6nT86z{_p>aVVfW{j$q2eWZ?oR0>DK<~Se6;z zHcnl-Oe+RN&9RK@>B}9CASCisDWcKI&2j}?Y~xPSbnIHM#TD3jMxj8e7$-^$`i1fy za6YGSJXix`H@6Jm-b-A#P&ZU|eCvBrp>$o-zQ_mgscrjuSS~jBU!ej$%_cao54yr_ ze44<#yC-2hoYMTACY&t}TWr{mW?jm02#>eSicY$)dk=y)s{Gl*G#SqPXCfgX%kL~6 zG0q&Z#<@pQuNExosS+zmTzn40no>H1De&4FObq*+p~X)!B!m>@%$jcHWJ)dCCJ7yd zH=bcuyg(OzCku`7^+mtV428>qHxQGR!_NC$IVLJwoiVOmNLp8?Wga2cO(G?-aAjPR zRCy)PSuT`F@Q`}z+B0|XQlV1WXI{C`hp?^V959J0ELyv6EG{;N*vb(R&cf_e9cgaL zx<1W|^LrvF`0W~6p&Ebgu+PGp{h86^GH6?atG%cl0pf!UqN6feUp6b=e=xC!l8MF& zUG&efE9O+l;l>w7Pu8(IJ#-GTFNeT%!d%IO;#%~eS#UC9=Mg|2qqxc2 z2i*5JajA^|wxW^QilRE*IIGOG#fj?enx~?uC2fGUlGMu^{h6wK?O5O1l~GbAW6MOv zIF_%bs;0GQ@$8a&0$Rrq=;c%&RIX^r2h~mIttQME0+kUmJ_@sv=o}MH3|csxiR#a2Mr83W`3~{ePRw`^{KPapt%2f9dCMO)TtG$+2kM<%^0=nH%hg6QM)%qm|>QDhBWw8urG+=s>zqu7-v2SuvVi zb`OJyuwpv#_-tJB>Zq#~z=YScdGT|fp+4y?%Dht5O1u&fhWY*14w7i#&~{B5`^|5&S7 zFsx>2U+5%^>6I{5CcI|OWp0}IqRwDCHW#?-iSq`8(3Attj?6ce8yozge4XJs8)8wl zWT^%4uAUM}jU5c8N&L@pfUY>!5LJcjYZ1FeFtt8w6My+rqb%vyLl?T?k4^I`KDqRq zz$!f~l^-o1B6O80{iZM+bM?-_47Z6jKJ$GQRD%z16fzuH<6UAq9ylu{ZM`+MzNkPM zduN-$pT*DJG4Xf~_wGF>>7JBXf+p>>6KnV~9hGkDcOXcsAso${C2lTbkhd+!;dzT( zSchR64!X)Qf@8@4OwXJFy0)55vC$ovncvKD=eIxZq8Y4HE$gjmFu=YD&!qo0+W%%gL-=?%a)|Q;Ph49=VV2R|SsnY$;yKG8lS@y$3 z{#{EaSFu!cV3c|8RKdq-xkl{ToVLa(pv;S~_=uDzxzv$W>#ZC!?TFv16-wLB1CiB>qb@kND4GeJ7@SzZRf*I{&%povANrV|JiG@f%Pyw znOp!n(hLrgejA!Sje#cS5j5H#Q`tOu&^T6?n~9HZMl z{LZ@~!A&717NxvVTe8Nep7t;t?2H9Aa!X??(&s`~z6aBx@;e%?Pk zIBWup-w$5@`r^0O!SDO8UhO}BeemQkc=0ND^y2yBgVzTyp2J_i1pCkbC-|>}=Z~8~ z6q8;xdQYJ~RC*Sd5zAF!8Mw$9fJ&t(A%uOHS8_VV0y(E>mZKy*zzL4xJm(r8fbA>6 zFdoGdsrOWv6m(OAZ$L_a(vb`#z`eu$o`vWpX3Av0BB_lMypuBkrtuj9Z-c607!GGY zf@Q@&)~884Sr<7E9{_2s-GH~i&wQ}wIt|D-WxfNdx$8pUsQGpA3g@X7qMfG_U(^jJ z#dmB;FEJx{rg;~j9Z+6og3y8J#g|3ys@jI3vSa;n@ZZm#1P!zo!#Uava`IDL>ja~e zV(;e$;7fRC$=ptR{j)5s$rA`4V4OqmcOtQhs2VDJ2 zllzY{O=(XTUyEH3-bjWlxZ9LuY;={~Zc42x4a@;2aZ<>1Cn!Vh+~Gki_d4(KZZXkkyQ(TIXrgY05FXZIR)ztbc>AqPfb68GOllf0dd^L{#r+Q5#i z_pcHJuzKe(7XA7s|0JLmn9aR?7;=7Q z;?Mj~n}L6PXckxn=q$`eC>nHe{D^Lp#iPnTM@@L9#>6QzU9?WGrimo?4u@u$&ft9d zNJix;yK<`hQ|{iiO39@!-cpU_3SL?LckGi#rN4&ZgbD>c_z`JoHtDKd71rmUpfgA>G){ym@y^gFOVK@|;j&k4D)Eg@3v0TZ9@R<$2pGT}u$Ue9;-PUj zdgxBZ(loy+U@rPGB|vtG+jOq@Ha;#%nqG=xg$Viz{91~)@X^l7JgcY|5=bQgyhDqe0a;$#Ve%&tOagZB4@rH5j!j4l-|wnq24VVAZd_ zAn;Ene`R`HmswDDIhu;qWrORe6f>T~F3V`k-mL{Kck}{2!6^Q4(nmXa;s_T_r-JVBzY5urcyqWq$^bZCR2k8bjaG~1l=#^9O85C3>a|565^tJ{BW%|Ey1pBpy+Trqbs zOA7UyFz9@2_@^Adq7TsWxjhu*PRD{WFOx@U11(M#^C`38OiB3?dtumjFCQfe81)~L zRP#$e)-RQWu<}9v@ssk$l!RumD%6IbLW`0-y(_jpx5Rys&|8WprHNCmxhaP}oU}b) zI2#96nX1Q0_~LlHl?=m`kp|PTTQ?eY!=#?bu%eTS!fkOBm=$1RK`F})ZI1}OwVh6X zM;oH;c` zl0w1{Xr_u&_S^(>n8JCIrNg?a^Fzw{V>qbO46XZa3`2+1P9>6iV^d=Hx%Lr_a4?E`Ke+idG zP{a}}{>~O~WRC0enl5^_;ca69N=fUIJm`8Wi+N0!fj9>_Dg~{%KGs#8J8{Q;XAT~g zC8@604oDMecL^YD`aJJ73AO?^_A+#9a{gUK-pNq`o}|66-|e*T}W?Y*5_`TukL=GT9r z{rvKB|Le1K6g&fwxA6l!87<-R+32sK*uQt{@Odloe_DzE%NHJEXwNY%(L6|<4t`Pw zkKX`Puj@sU>0f;Q%1ESLTF2z{r-o!I&S#^h&fG4Rc;z)=SPS#9qy_-mJn7<*_(>;q ztglhPHF_zQb9n+pM&JzKu1>05%)l9+_}vE&{!g&}zopxC>)I}uW}c@n#w}%iUio0) z*o6>14&0u>7rOla*G=93oYM@;;|gQim8~XTV8Q*rvv+UP*Z<$!zRmylS$^gBf8~CD zF@7Mh^I3%LnT6@!J2a+v`~2`3)Ww8vH!J!Lu}Z7tO|&L(Yo2&gqSQ6rihj z9@P1Q$DYd{3^7G{BhnfEMCWNt-p}jrq*PumE{F zjr;Go7&DVN^vV>~I=f-!?BR+Iw3OnI9hE{-kMb$frUwdrz`u20^*F&=A!$}u%fg`f zaZY))>=urx%Z%w>~y1V0-h>)%DF$d1G0{#$7qWReL9|jj^V%+V+_BSLUI+G3L2X zdX`+z&n5)iB>xYbPkb^%KQy+M_gua4g^44~&V) z(Qf{zXkAji$+Rh{-c$(wT9KGPK-d&3?nnSD?JlR)YV&5 z5vuX$j;aOaXSTX}IVhh2na7UUc65Kmg}Za|@)tF%-dD)CJuIu_1>n7UUv5jco>wK3 zq*DwHa{-n1SIGMB4Zz;pt3?g^CARz#mD`HTyVsxGC{K8k{2vE8byb4(CHcRd?Rz_Z z{hu9R3UB$p&+(hb|9SiQ!XXE}Y-*?OReR96<3a;N2 z;ES4stClJvKh7&PqGBuXIO3T5G`ps=`RCKfx6dMg4f|Y z(rRLwe>`g(nw~d$yjsdi%P9jyIt4@4 zv(&AA!D8L-LpVQTOt4>C^;13s9n4Vs;K!hz06$j8T2AH}{7dSj;9p!QD!9BXcK17_ zCovU!lp`r_l&M_}UcTJC)KCK=x2h;F?>EAeBb;9;p zfn7OXQExZ31xp60HV4j~l5F7fHV?~zL_?JB=Bz89Ag&7cGE4h7NUTPIxhvp2C<^L; z9>I+rBDHJ%NCo7Gt`2e7Y}oNumdappr8ykF14=xHL-e(toXrqJ$-`(S^Cj^YIt+mv z#1j?&zg9V6J@h$K7J9)u!+$U;DHQ-rn~gdSe2xY&WWlc9OB?0vkwAm|2EqofE4-Byi!it#pZwlR_2v5%a`9ZEicH0iaeUM!dC zKjFf{agW06T_8Q6;Tou_scr%f9f-2YQ5!CTV@4LvZ-9Lq*w+arjSuudi4W)g-C1)? z60&RP5C@&oTnGFh#rB4%3!oWD_h}xk1fxXk03jGwy$yUtSMLb!! zYgBcSx2!LRg)Gsg1k5CLhA_zh^C_8)j+BWLOr3@qRKg@pFf9u5$0OboUMyGw422={ zwYxrI$Te_ziKda9M0CT?QSAYJw8_A&co7=sU6|=z2VgH!U8#&>f)>+c5)T8)_CpqU zT0&uJfy<}BB%M~v0coY!a^l|_NCxl%!VQ7R2OJO})tL;6uT>FjUjFu4$)n1h`#DXA z&@Isi5wVUbq>Q;8TxmIeE{PO6jnWNTs5!uG!f{c5366=#9rMsHfRSo*hB(AsPVD0D znp#CCKiSE2NQDDcF3LgMxtw^kOHIv*M)T(93`Bn;jB2j#MdJiz~L8(FBU#02yMhBsWjR_fo*){J%*Et2}*M%u$Qaj z?_xUPhIh72cNVhhs*s(S3m&m{qw#?=P5p@GNYqYwut=rQWVGl~rRa_ukmBZ~LE0Q7)jORJJc64h>PD%NeZ74sm?KB-JidU=$}?gTS$`Rh@nXiZExsaa&s>Dnwukzy1P z=R{Slt*HoqLrQ?^MW(EVC;&G29p|Eq&r{f=O;T^34TL=YD@Kp z{GSr%U|p29QK|Tl@7tdQz#-?vhPtXB)(|PPj?6=FV!Od|4ed(U?x1xA?pGn5 z4DnmUIkV1_UX|bVN1+}Yp%5Vi=WZO)Y|XHPZkASf9;VqmxB2&S_@?14OjM>Mmz|0s4yi!mBqQ^${APm&#Rx2n?~8c!h?EGTP5*&l{rJ;yuutkD3b(O{A2DKOsG`BSC=>i$w85O? zIHjRks&v&KX?u%mc%3@T+^3_N9jxAi%BG)=rP3-e>L9iB;2A3S;Cl^6eOk~h z0Rte$aqA90K0e0MKh_g1Q+3`q1Fh5VP}OSmjbz)0&iRc^-owkyX0R0;1uG!4oI8eW ze7&hQzWnu@BkOgX6hA=LW6lRKiHf7F$8VqHF>C~uZBZdhT`D^29+E4ZX`t74<{aob zy)ALH{njv~PTf6xKh@n*tor`2DS;2iCkMI_X)G3feJ%1K1~xcsnBKW+QEo(6QA$-_ zQ!+HmuY`_!Xr%u_i{D9;<>}GMeFFrK(*)Z?Z9`^d{&0zig>|g87om`Dn)Ye8R$A9N0uRaE>3SpSrE}JX-WVY8)L3{YI z($A`(kCJXK4dLX?he1z=q4vn-mW)J75W2D)M9x829&OCo{|ssskpcNr{$3;{vpCg~ z3|=zme#s3724k5m)gYS6y64eLJMPSaALPp)>&G{N&e~h4 z14OcpCCB2^Q?m4j3EUKQ)P&O|ryS^hcmR)4F<0vRzk3Q&gMI@l$uk zV{-|T?zXHJQKwEtS?g7ILNOCT5I}dpMR)XC8yA&MVg0L#IE(JC?i9VRdL`K783}wV z0T8VRa}5O7Rbi2|5i$kT&Tmce26UMDRb9!^WOz5?hfDFvyTiGTs{B-|&rx7!=3nAU zV3!6*3$RL4UR|JLSfoQJd0!mt-!1lZiNU@JI$<;D^x*&dP3p;2k95K+)dzlC_GX?` z5|G>X@}pbth1t5hk|${j5380EU#~8+mP_kntihuT=<;J%clrB2pxYmVnIkxr%UWB` zP`4}5<$7cH9ngy7m-@Mm7eWl2jq9XSn5k8E+TMkE$Uc92t}(w?SkpLoM$YBg+)1kB zSkwZ@J2%OzCKq5cqL z*BESUTA|!HWGeV*93zCVKM*q%#iA6=P~_6(SUJhr$~v$z|D`wwM0q*AmbFu}4JqoF z@LnVCRM#E54(DL*wf9lKAve~aU89+riO(aI6=bj?#ds66H_oJ2=68ANv&aSKHwizU z$25B&P>n6 z;uFDyJpLEiwl}@c1c`q5A^3mqc&~~cdLGkWaNz41W@jPO#sx(PU9E5D6}J>g0^Rtu z%<36BebYL6%ZVhZtLI!^%iylXCSEYRD5XC>Sj&1qha>O2O;$cg3mMDkkD%T{x#+U4 zhw?Uop;UWdE+dFZ=gUe_TrmL|Ol+tkT9`uhA~>z8*o`_M11{7)NwYG|w+LkzrhpQd z4&gXgQJv^I?S*f!Ru8%Wet2f<-l%3bj;Pp=3K_7}=bBU2y)qMvx%R4@yEQ!HO+|*Hn(38xOKNtJ^Eq7f=NKo;jDBKa(5iecWH=q^nouOqvkP*D^okGzuji)1_(nOLx1|DQRw}=wH5-oxWc} zRunoSDMF=>QBlB>U;tFd_nb9+w3{ANY1HM)L2nFNJV2F`Ed3WSh3MIsI+>DyrI#?P zLZx{A;RX{xYhVRkse4%$?Oo0!N!{uJgSk9^@w)qR|M2k1W49!pq)R}&K&gi;7$L5d zI}M{3CRxPx+3h3OAdc$gldM>GKiHwb?)mHgsnUerX#S`40)*GIXgKVq(}^hqv>^ZI zy`3FD|Nr*A-P`&Isu< zAj{-SvcE5{+bdrlx+5$7=Jz-mfS|jd_0Qr7EaEhaevO8B4Qejz)s)Z0XoUP6ZYSp*5I#a54-}*;iFVVbc{wM?b zj-08PPgUFsEH~WhvL~=EN5P1mv~qbM>1`}Q*1ZWDcV!26J{+mSdpKPfi)Iwalp>Qq!kzD?(B4|w29Kwy`Yey?`xuP6qro(| z%&iH4L&c(~vr0UOzxpk{Q?TqsCd3TyCc5l?fAKq~~kIJ2&jQZG=$31lEh zA}eQxax+KD+3Lg91ClO`CugV9?X6Z1h5>geZu#C0{Ut|z?b|rs*F8z*IAbo~50@pU zT>eF+!PQ#?ZNG|!(FE=yyGJY1zjQ$4LvKIn&|hnANezRcuB`&Aj&v;?mbuF`*P71P zGED2)LPd|@FKS${D|96=Bt_AhFvCz-CNB2oe=N!X9%O_F>bsJ@(T(DL)Sqfy24caY zWzn7h=Y3%-=+n{H9~OHg>)BJbjv;ruC)+=dp4mG|6sI z#~o#u!TOvu#iOxyM#3Z|KG5XAd|m|{3mOst;X0UsqBDa%Am{FbeaVkKh~e-eoN-nA`h(MfK75P|42%-47CZEbIETLNSY(5(f$QVY9o#V4(NGKiB_oVQB5uD1>_ zE!8h+HUiv%9ko~e$k2wm=>gbVbd4k2WXsQLu)1~`v>pl0zpbx)U`)PzTd!Nk*8KMq z)>-*le>bZC(KZ~n1oV9U&-Ui#?zXT0*|>LG|M9c@=IVd+etr?%&&OpszC!ELZ0FZZ z&HOE>3iP&KTTfu+e_X62FqU2EPi;4@6x+%Tcl8ltffp9UD~-%;YB-%0^Dhc~D<;5H zz&RZy*PwIEYA%o`=TRp1In|I8#p=9nc4@t#l{?0TBP^jRs7%%Z#ypcqPLkM>E|1kM z#bH|@1Dt{Z6y;W4!Av4^kk>S6aEhzpfa80eylZ$mPF+23K1zDAQ!pz_){jSJi$9Zq zc;aVgD4@JD$cCg_inMX=H6`G$t*55XV( zKcrE6gr#QgH2Q68SZswOT^vEPM7S>;TfcsOQZ<7P%`ir_p(w zPIK3>y7Vwn&Pd6S%NR#bQa1@?yV#IiRh@*{Kj`e?2nOFbU;|Tcs%_`E9GobLr>P@d z;lbD_B>~iNoFCgEaV(scjLA_MEXZk2Qn)h~E1@Jqxms>>2698$%@r_81CFCvnBx3O zQ(2tYT+ikPQk!d7PIB|gS(!=ApVO7onX7T!WJ2?bv0X87xj(WirY@g9maC;FS3|jx z1mz0YbyJkjpV*a?kgMTbI}Q1@#xpO^xIP*;nQ2@By~$kT3g-FEWgAx@Zz$im0#}`J zeE#lTBfq%n^5!y(>q*>Pj&TL@Mzf47pf{Fhykb+XoH|^SFE@GkGU>ugQiS`MT9z<; z*$FI>AYAox11Z8a4fyyZ;T{pcPMYv5tIz#9dh z>IxA@#isp?6s@$UVj`9b5WnNC`41#2p&f2l;y>?1pDu*v8``R~-mIR*t4ly7xePIC zA!K0*7xrMO6J`x&og_}t_?TjP+DjH1V1oyh};c|@vTcT0g z40JMNV7vba@R{eMPOtt#Z-UDb_#k8y!ohJwN0boj;mQZj9i`&&XdqT{<+v+kiHcOWhl@vo*418EN4X*D1^P;oSEw*;hZX}H6`upuLWQk!X)_Q@ zJ)xU4V#)$iDAjA3H}sm6 zXXvDd!zI`kp^3}yr=wn+MA{hyBl+ej#^Mv}JXpE2`Ded^0XE)nheyG8!5jDG(OOyL zXvIc)U>(A#HtzZx?```q1una5u+KroM#1Ud|NMu?f}hqlt%f(RcB;**moBVQb0QLA*z*VKrSsa~^#R%8iZ zAhrg)s6;EdluEB3-c#q^DKkIV7tb6t(9!bMbY}4;ndEw$+K;mIjhLmTs2eN!-`o|a zA_c^9^1sB5>q6xN)UqGCti;i|BSDlI2iSV!CrK0QfF5*wGozLvpAe}+7Mx`12 zf-X4to+!fvomVK*%@MqvDI{EiAkHbO2dB6OB0Gp08SpDZN?GcTRg@wYyt+TfIuN8O z1;C9`pg0^Eb`j3l!W&O0tgsiMVkd8M>|x=w_b8*-c|4%7wZS09BN+}gMUn)XVgDUE zs*l1XJZ0}ObUMV-;t)O<;c&I8og3H;V1PxWuTB=X0q;vv1XMm!3q1^XLgaTif&6q?mk4PT-X5Tz( z>0fMIa1j$0niV{>rS@gm)7k`%W|o^rlu7A{t^eiz9NAH#<|-sDH>B7a7fKrVSD8Fn z`ZZ-^DfSzz2)8>Qj)_RFGZ_t%9GOWoSIlBOSG4fH#5E{MX2w5C4Cd@`Gbk7C1m_BvSjf$x#01@G+iCIB zQe#-6lae&XMY)i11eIrba5s8Sw*35VfC&uQ_d>@c_oo@Mkmwt3BVW^lNtS`w#((EX zw&$XWyQTUTn)#b+L`;A2DDITeLp&48CC{Z+wU~Kine5O-0RU&liuN}2ih3zHNP2FS zQ!!2ml}y#4a8p`QrVQs=r%sG0Qoy)RSw=}8=}73+H_m_+0xJr7Q?MbEI_)3@gv=fw z1(;&Km@EQGBj;XEp|yP>>oKv7h~EQ+#v1K$A`BOC44jff3py08Kn#)vEkqAnaUa7F zgSF3ob;{`U?Ws3mFwNL)2|-KHJwUXt9Q7?9-RoSC&A^3WU6|@c`CaMViX|UcU5G$0 zlGJA&@W8WS$)E{kajbg=IvYG?^gBcXSiN{s*M*Vu))kj zRx#>&d&}2E_y4tCqAqSPxIfj$%UzxGK`(V{mhAr0x2J532h`rCrhSQ;(U#nwA9r)= zWvjk4uehKeePL>M!7JXJW-6Cu(B9bSD;oDBO8w2AhK1AVxeON4XUH-Q8f0>F^!oTf zoN>$jc1t6nxEduTp)H5J2(AUIG-TMz-y@$or6w>Bz> z*+|)8l$R!EJRr-;$_MOA%t{4%YS3LqOn%!%1h7gH!3z0%8s<`X^DIP(>zpcq$TDF* zF*0dWA|!TgC`m1*s!4z9&9-(6Ju)UHY4x|WS2Xa#PMQDy2S!qTo4=ch{~F{&c#}nL z+?V<-$p5pmvA5;Le{F8$xF_KQ+kB^IXe0=zn7>4B|{-DLYs6Kej z%!o;4ONZ(aCftRWbv_~}nqxpvFP>nH-r#V0O5CKV8DOHs523$u%J$83)b&udkBdkg z8&~iz@`-%<`>U5Zr4~Y!98YZ!!L^A29;iGtg^_RxX-KcM{S0vHG0uY#1qMmOk}mR8 znN;PD)_M?h4kNQ&2G~X}JDig<5#s`hy>Nhu33aEzZ0L$~(L%vr`G?ElH2rk~JICip zTlFro6p?-yQn?GPxe*2IuV#-#x(EWjJ)O=gI74H0_>98AQe(+D@k-TLn1s7y833D# zUuU$UyeYXJ4y_VO0(STMD$10oetvi&2c>Mt75O0#$U@f0`+lvM4G{e-0nfSc5vQ!9C?e#(rA7vR!=cxm zaY(+wn2R$@iDhOc(O9Wg$bnpWB3b|e9w*n5d}i#us_MKs-@Ov20gjY&RLV}7L-f0^;LuBXqWf`PIM3(-lWlyZks_J zI4gJ+6 zpAloJONRpo&I8!L!Wst7!{C8st)mK5nO$v)oI)zFM5a{uoHoJvhR%K2NK^~PNf)kl zT=;dj96}*vqI{8iA!bhGXW~$<*Wio@MNa-0-rueg z%N4LpSd7dn?&(*Jgu8h-lw71eHbIkXD(A)w;)!S&G(@W=2+zo_V5EpB2#LQ?lF8VM zNfztR3BIf(N1WEgHfzxnsvxdnn>qNsgNzBM3F?SX^6{DvPOM~-l+w47c_3HU->=Ww zllPNVgu2T7$ku8BsJ#;f(s|?)>_TVOs$)qaO3HzrT$Kb=^&tRw9$tv_Tq4RFswvr> zMrRViC+KsiCp|Osv?x-cCGJL3ycMiTcGy~IJ+TOvbs80*u2}??inYG-0fAq>5o_U5 zz04kaGgvJ*s0NCaIOd@%m&!V$ClcZ4AB+0xy3EN}7xOx|m+-?l9l@ zO(H&WG0unWKxGQ?kX`q6B3Xh}eye3^zEVlYDkm=`$EFnK5?SJuN+Lc!i!g6>T_@fS zhjGzw;r4J@)vZ)Fik6bkIh$94eHHeGI($G|F5yRBohq$E?$^w-_~J%+x#`ryH1)pB zJ!RgBpN_fm;8jk(!-Q8|T|O_aG>qa3>HN8n4flGqPdf`E16Xo&H^qG5b7@F3_;cAV z+4X3(KyrfFsjf$344k&JbB*%e@v1A80laPbX!65^22hIP>;Sv znT|oMo7Cl;#iZ>S1Qydfm6SawOlK355K7ORIDZkw{JF%j;%unYk4Zc7N#{B&eXoP11HJI#Oo)vYgOwuw^aD5R2W^~d0VeU zkS&_!DM*$g&C<9|uiH`9t2?ii6MJq_hkBISCU^R4mE!b6aF!y)udm~O*WV4(izKfH zrqFXGq5q_GeyJ;^n$RzRe{~+yx3k>zh;HcW_>?>nvx3kYoYUyX!1nY0bjOpArG`z8JCeOINlm3HUXFpzvq%Tb&Hx8A zm-`5nB_x+9$It?wq)z`#5+oO#Vj-PDPPOTUpf*diJ_Q0Ji9>i81R3Xv;fiB6;RRN@ zk#n)IV$P#@6l0tyI(5-dy75VujCRH}a7zb1BOQRfZn!78ie+)lKr0vxrX$g8ro@;J z%$Jxb^&-u(SrGQn`ht_Ef@E{$&I;q#MBP+&q9T(J-#W9DBLhByE-}(%ngsf$ri%;l zHcf^z!9}MRuFq|ot^%=jQQE4+N+zq4q?5eUE+?`TrZt}t^mam9*H$m!y2N0bBJcR| zCN{Uza;~Ry6CB@1i1Sxx=c+Dq-$uE0L!bJ6U#npb)1y zya+ENxjwA?)fyTpKPg|bl>2rErDN)(bO5lS-!yl4t04IIQ4nDA7`;==S!X;dLwIQ4 zsm(xdb%ClYn$C8XN}+$HG|@6`F$!fCqFw{Obww;mGM7{g6j(nUn7@FoT0LPQ6}@~l zo9b6FmiXhHeVU%Ol_ZL*PgC<#U994#Ls<#~)R)SGH07m09 zO;2XP1(U0wu=s9c;zx*^Y0+DF3JXX{&3aQ-wXOm=KAU0AGixC2wjI1Ln7oWK=i{z9 zs|v7TcHHHx?6(5?(xM!!bCgXQ>Q&Q_73{GSaKD-$u-U^6?VYFHw{B(oQWl!Wg4cK0 z$9G1@El;tN?;NSjB4MGD+C-%Mu51~;E7F+Po@Dv_#cPutrh*LLUZ1zu=eK!%dNkz5 zFHh@oTZ&xWjLv)U1t#(>*1aY~>`6vdAQovh;B=JXc^VIbew=aAtpV4jO8S^6hVK@& z_&?*+oUHw#P$FM(_DDcouN9a^UH2#nUWmxpbJKUWOizKs#D$r(+jOWS|!H zFMUr*VXb?P3BC8D4YWRD!tecPf31&fQMcrw{V5ly^dR!l%MQ?BriyC>v*Z0Hp(|Yp zh^>FsaXB13EmZG{;W*rOVH6I3HYY^c3XoQ5yX+WZEWh=Px*Y;>|09Qb$zjJ-ezyD#!;ib3#o7=bX z-=F2T62QI#9cC;DGy>FWD=WcHd!xM>G%z~4wXxUQ+5|bN75oyv2if(MC4Q{043ZrB z4-5v%ps$b$g~kLV;>S@h4wLoYdedYwrQFCSA`S^4*+?;vV+xc|_q<_x-q?bk$yG>$ zPSOh_PtujVx%IZKQiv$x%P%$qCckknMvr#-g1rYMIC&f=O8c_i{%_NXxDep1QJVlu z)k1v^TfBo|dK&kYI!&dFWVXrJltAbLC=+p99Z$N_xDWVdl~UkB1TG71#-X9H;thRl zv1IKJxr|)s6rdblE~!^qs#t{b5K+UT zHRR~@h}0RAR-9NcPlE6qb``w>VFmYT?D=#&PP2)Qtez%RK?z>9rsLBLYe&4Iq&A1c zC>rDPoy4b8@drKuxfmnyt^n*e^XNBz)aks)V&Ho7)=TzHUeF0HBsvjGE#6EDcId6- zBY`JijC(f*sdtiQnE0np4o0EUtVs+8ClnuYwj4y9UN_JBR;?w#|7{!pw_6*0@?J%w z^jt<1Y;Jfv--mN0l|1zhc_(BOHJ_)XUC4011+P8a6~`LD?*t2xi1~Frn)KL^P4z{;Ecm5G@+^B3`XSSU3!S5U{K7E(cFub zNw5YOaEI0g!6Lsn4DR9gucLet{1--vM+vLP;Q?v1IEWL?AM6++(+ZOr8LemnuYP^< zluF^y?5ydWr2xg6hQ&-^F9HNjtjGT;tpDA{*2Ef_FS&Gg*u`CxjuL8u=FwVk*5gAmZ?9+Dm~K4S<4R z4g>u5Ny4uY1`={u_19T=4%qbQz{0(Kye?34o(0eU>Ks5J@0)GoiCEen#K&UXP8nxaY|qVUfpow&Ahj42a8EhgsO0-8v<03wvc01}>@^R4#x?JYbl zE5YX8eMAxb=5z|Ql2?Yy>=>=EZnarsl%k{#@)?qRsyvL-Y+;HFDSE@XVzZuUz9G$n z;~a2}YSkUH=}yrLO&sFLthg%aBgMzi5`w3KJsU9R!SobX0+CLw3ZB|{FhkFYWA{or z<~xa(6sLjJwt)=u?9tb6+MBWV?9I7kO>Vu5FfADKj5ue=_CP&%P*FK%v za44AEHQSM!mYb&K=6!1UDbeQ%mB;$-La^M2Colu==WDGDJ zh+G&c(F&k2-QNzm{0BAq|EA~wgT3)=32(w7qcf#v)6>0Yrn}wR+NS9q%Gr`*1S>)V z8AfE|DvW><(OJz751+z_i!Ob-`~ zr$>nrM`QFqnZ%<=fu(H`xI5}-DY%dh@_)&Z&Op1b zfNk-1uD}Zbfl%+>6}VgX?;SPhuIQ|4064fr5Aa$uD@Qpdl%3Y z^O`3>)Nzx9g)#l^S>xW^-8l*v5BffH3Re<4;jp-&SwXAy#um0FB#8lo-j`v-7w>nc zR(qaGJ&?A}mere%#*D~mI)s;4VJA%DiPdn+40!wdjol+9wY3;yTEL#g=^*ZRe70Z7 z5R6#-nPU0K4|g&f@+r!gd&=#%$TqbUA9e<86@j0Ko>=TAQ&H+y2q2z4r~lo(DD*l+Y*+)T*p_=6S6LSLnunrG)+TYE ziUggYYz#x_bZA{N5u{cBn~1A(w`X_rD%-QW>2HrJBSbMJlWa#}`Zkz;H+Hw6$y3a3t4EIP z=^(vGhG{t99CYXqKSLDL4QY`&4&75ZN{Bu#SOeYv*6uD|bedx&PA^VW@&=%Gub%8b ze)hy_v4t%jg{+9_#tCpR#$PgLzdmCiF%7rx?@>cMuOP-N#;T^b#;Wd zgkF)0L4m+9<}P3USETYoj8hng9FT`1Yaaz$Y)ZST84u()P=;@L7vP3>R%MU3cJK4h zI?U{6RN{tYNDB0j^m`X)vlgOQWw^-gPpgbk4u z$fGdppOp=HX9rhvf2_3}aDLvgTON8Vkv>%E9d)C z8OKbqdoz;48fyWunWum?s)zf?6qp|F(WqG?Bje&V@uYK5qZOYa@xjwP|fe2Grx`dw7@VNwW{RI z6ivk4%vGo2`BrfDY&e_uzo&INc2yF`G`{+=XidmL>A3E?6h&IMz^hH#X>ukPHe7ae5kMit#gZ zv%cTCuS6J`s%8uMh)pMHALTH*iHxS&g77_^u|w7&1R}5D1;EQJQvev}5#`iH{D4D{ zu#0UjN^=|F9s-o%yr~dZj-;v;DvM3qdwW~fPM2es*3!?ccK7z=L?b4#r~v05RnPGN zb~c@8K6Mi$^ZPZWUvtD9QOX#wJKMCU)~O{OwTj5skonTb#lh}PKYRAhZg0pCZ7RTH zB!obWlSRs>q#A7HlW;U94GSP*BOK-!(17N*JYb;P_qQ-3P5*4IZF;qCmCdcK?+wjm z+zbw0ibpK6nSd%>4_>Sik2qEIFa;PEOPUuZaxfZ2gP3bV80CdXOq4&MnVpEwlzzTe!~-ZB>=92H<5M`EqCwUaYKNLwd<>%RF3f1dxxi|4Oj z9sK;;>x1Vv=mN69|8rw=_g=yOXLsY)|KoG~UUJ10x-T%2PYL>`a4@GmlJD6C!1fa! zO;P36)#u;Q>#p~JeP17iz!hXJLOpwYdz8PnpL_n<=liDnxVrz}?#|}kt^eQW___N( zjC)y#a_o)bz%~3ox9)A+?*Hfbx%>ZY|KRy+`2Q!b4sXx{bW!{VY`eezJDXd#_y6bk z{cxw%va))fMhQiKvSy!HC5HNygVVq!r87#8%T34w-872?T zK!}<+4r##nQ=K?0mZusH+E}PNfd}uXF8d5)?d*Bar%&kZXD12wut( zJ*5hHH8yae-Qdlyu$; zSv)pw<*ZX3g-LiSN?FGZ4Zx$1ao6p`4M}*Lyt(s+!mxuwpi)!oV8^4=c7BF+TJmpt{uJM_eTN1)A0`CS5gU6!C61I0I7#ZZu)Xo^U4>C9gjuN z>_rb4mt-W3Xj*YaEe0>hSDwC5T0Ld&+2DxL4N@yQ|!f**Ub4)8jJ}i7p`pRp8%^Hkf z01cQe8^s9N-MbvDsg8#iVt`5JX>L3rom^4*n<6P{xl1F{Uvj3_D21qB1cZPS_IJbuw!2x5DH9n7+D#*X)9 zrJDRY3UTM@12jv7xj)d~UOlBbaY;RS4d)!XF5+XRD!-{Ot? zw%!TkZ+>Qv)qBYwK!5oBZT;n|7q4GDdI5i#PcHeN@SjWS5c~Zl#afq?=BCMl31+o|mHacpl;jM#=L5q52pY=NG-lO0DsP z?3f%2Z^KYWI8)`?S=!YX#NE5$3CM_d?>fB#rs>E^P6|b>LWxhKBCxa>bPs4opb-OO z&S8Z(3q1q! zN9LFd~83Gt{mcDn1U;`V7xfj#FGcI#%S4^bH&w z=5^2{>-4cS>8i3TM22<3WZ1oTutIO%*7>^!e7QH#`v!QP2jn6;Ybn@o>qo~y!;0C(w(c$puE{PA*bR z00w-WF#P1}0k=wFD7_iu=^}>@!yq;FECDT7@9*twY^(+i5TVa7P2-woNSQWyOUV9N z@i-g|&;yNUM2^YIzd^3%2D&#*;6!00l=!mHn>9{1twMQ;?Ie+!U;h7@`h&!SY#bIn~%q_nH0J>~hZD{P>e$pGaB z6>+j zl$Q1*1Rfuh`BU={)ElPahH+I4Xa(!4E(^a~ra}XllBhwz-p#`NzTdUJeI%y@V zmE6&k{LsB#+bSjGd~6X8iq}gsu`1HgV!i3>Hib`)C;UjUtv06`oJ6QJ*UTU(sF@8M zsX#`>4JKTC6EB$&uds+COo>d;eej#Uv|EcWKK3c+8S%e!ivduVuX~(meU^eQ#9cXr zl8HiAPq6})RIa%K;&>W98D9elH%2wTH580LSZXB23*O#Bc}tijU+`vJoW=b!Mm=Pr zH2+dq7s7xrIGvJiequ4St88}>xOOqsa5w_?6aGVinZWoM^j&IBKIgG;Qo1zUbtadj ziGPV#j7x2IZwUXuy_A7jf}h%H9)c<^OYWAvsDK;#rRMBrM;onokNt7Qc7R!GVrF7}5vQbHcB7P1n2 zIygZCvqENJrls(*$Wm#xw$v1fTMFUsoJ3>6fow;c^Z-_l*pyLjYWV9+1n(X&kteZK2F%Z<6O<&SQdDUA&UJhk z{8RVako?;;BIfnhG$}SKwj9=p9MDaZt{Mj~g@`U1t&QqsMC=<451ZidX!w?c^&q7| zYmFTyfjQ;41fHY^N2V!jNrG7;?NOBW5ZHKJT(eBPq}QG?kd>kAHfBzX@NdQ`v@A38 zDVjR+{UotTi%<%Z+dbAPLO9Ehpo{uaTy+ZnktIJt*{CT)GUZpqqnARF88fI6jNyeU zn}HQu>~_=yQ{kZa%i1An>kb@mg5?Iy?&aNSf_z@r&Z&!of1FyB(8|7mkwVdNom#=*`JvkZJ zDgL>r8%6L5qR-KmSW1#0HUSpKX0p#G0#OO$-Z~O0!y$RPSF*TKG8!~A7nJ-%36N;m zd{BoecZbPxRA_`S%`mjp;iU?3qcP$4R)q*_V+z#_&@C#7=t>>LIfc(6glQIcgyQA; zTV>6Ra|Rcu#KYTvcLG&y++ zP{Sz1tTg?1$JiN)^uQG-lf0uDY~)qOn0W<&GUEdjc92ec6AmUs(S#bKa)}Z&z<@)O z5Q@bb>jdFKF!kcEaNuBZD*U9~Y=Ok#LERN8$r0;%azB z7LIdA3eNFzKI5XLoX6rc%m$Qi9_e^|nouS=T6)g%*3qgXN;pF|62?FJ))p#h%4khd zIm)QslB+;;)5l0Bd2U3xj*U1f4`^mOSdcMAg|;)rxFFIdF@=F~gTq)L9gPPR4bJU( zG!SqdzTA&Bm}6q4nIH_B8n?ncpN?2_-s4VAVoWMG&SF#x>GEVq$Yf5Uwqq^Dfs#sO z%+C0l0msDJVMuDeoCJ!7NxYx2L)zuQ-_J;yd5i{_7XAHz6z0%dn{k*y6CCW`tccfd zQvlDb7v9psa-jKoA_*MX*Iwy5eT;0P9ZHqYR7AZ5u${mWuMR``p0Lpm$jrVV*#93T z${?()b(jzAZQ{k)t^SKX#Nth8UjquG>}{)JsTxG*ZT_g8W~cCHZxz2ZM?N5KJXvi9 zt8mSdPUkJW7-%b<Le|pNi z(PH2&(|O61&7@T`drbUKn!HV1gH_Lx;xA8t3uL-IA^?&Il76g8vR6#);`7ruc^|xd zx!)wwU;uZCWRfHcbz-N}fr$*~uSJ5;TH~{E`P9ebutT4$%QhBfiYn4KtHZpxTyt%2K2vJ?t|Fp1$zEMSDU~cxNSMT?uVLAnV zEDR9q@m_iK_}3llX0kFbq9+vcgZs}O@9oTAt-e5=i}7L>Y^#s?7!J;MWZBSds}IzB zo$g$G!&AgdS;L}tB_~AMwh&&~@gTia+~ZBawO(#`1I{(9-a*4vcU>jF-8G4!+CFCb zT*#VVwvrGm!!M8RjF+}&o$D1B><>}OKBa)!mhz_q;2>24V~OMvZ5Mo);t?@R^xrW% z@h7?*r(zG4vlH|Hr;M`EP3RiY&T{a-8Fkqg@rr~)x@3NtW^_@<2`4|LQqsf#srY+q zh_3Nac}85s@8ULZ7~LcL- z#m{%$LUcw%`5I6-rZ5RYVF-l}b5%ak(+gJbZESc1;y2n*8A5Pt_`O${v_NhoG-|Iteii9s$?ev6K<+LgH}> zdw2tJNiUHefe!^o}e)g5r zIe>Dtf2sqbs@`5(*?(Z$&4zb5V+BcL!T?!*R+ihG=IY9T^4S5vrug5)RcN$0tGISW zo}m3A9ALPXBq3AgZdErO_%GXMPSC9{i8e)puFix|c3SVDxB+UjuTBheOp|b)^Xax7 znw2E1bIOcJ?vsw&TEWcKqh1|u+8o`L`JbJ;cTH7>C&+?FoY>|yx|TF_3_|`8 z;~m;@delHG#U$+%-mI;$AM~SiJOd(dHbK~18ynwaqM+SoAQ?!)PxOu*WmC+iDHN2@V=bo#GlUF4|n1(uYf-D8-97){DFuWio!)Ye2#n3-yO^Gr8RW57xHqo4|vr=kkn8n5V0A0=# zSf%~L;Nb9WJ@|S5@ZhldHu?SF^{+2}dma3~|LWEL^VbJY4uco3f=4f&KR$SU@ZvfA z^-Hk-{C|S~I(YuLsnjIG0^lGqzA+{Zz+n_Q15ip6oy~0+CZ|(U$e|jMuXZa_RfzP8 zj2j`lu@&aj*7VFo!*l{Axob(iEhxC|#N$9CiN!HZ_(7{5(`FT8c-|)UX5B;-VklA( zZJkfLWVVA33kL$jj(8gIR?r!+0Uqnb&-KoSI?Fil$&U|$4NO2t(NIW->}Qww&{*KG zp;yL(zXsuKlfKrL5nfwp01w4zVIJUB2!ljK;|EMp^q;`E4a2_v(_~xazqO)OeN7iH z4vr|UXq{kWudw!j7nvmYk@A=1+lXDHISxZ&E$s3Sur}@m0k97x^Jp?JCdq5amjG@r zyX`5|b%A>zE-$}y7~MDfbK^f%sm?E+|6zN3^EUs(=lHq%uhS0RXdesWe>b-a`JZ<8 zHg;~~e?Q014YsX)y|K1_{jb|d+nb2Ar3`^~oNdhsv#ohiwlyorwpRQ25L?cVjGSD} z#MjD0g;g~Uu9cC}R@AJ>+S->2tgY3)p|DzaupbpvTdRGxkXptBH-GHM$I}wj(rDV+ ze`+u-pvN~7N?WT*jA`uy)!e1L6`kONF5K%xmpX6gEp!48b@XgqzrC#S|6XDTwc2M3 zoBh}cl|aV{BJ9e^IU%yOf2#=DTJ1k1K9+Z}#96=gpBEfUvW`A+ENoeqpCA;r zq?@lG61MDk-v+`~1;Q5h@GFdiW%^SR1zY=+L9ojJ|12@E%M9cj3xQo`N?#xXc9~&) zwgA|rw*8xqe_dvV|L)WfCcE;Gol zBJg#oP5x@*UX`7pBAn0$tS*O1$1{9~tCx5=t<8;Ot(63_nq|6n5Nq`UI1#Lc`4$3L{pnT2uNH^=k+G}Q6HtMxwQIz! zmLlj;#TMe%ZqRCNam;GX30bYV5v#>jx^}c`_4?SMs#W-WjY!p6d7x@x?VLE(BJS%j z)!Ii!shYJciBMgVs=48224Y!c>Jq%|w-=aNt9?CTsSDZiE5)SNt{aj%pEbW$JZkMD z!cl8iiAJq09gMm#7Pam(4@<|Px@T`u)MssB3~H?`+R~iWity7bkD`heEDSrX?#aZQ z)`}sgg^ACJI9;#=D%iC4&BdCUwYzqpY3;gkre^)VnHbZWzr){TgsJg4`&!~lMVaSC zm)1T>a4Gr&Um>)VPDt%KaiuD(w7&M2+Q$Z!)|QMZt<|m;QHtdIqvJ_y*9a%&Xi^nS zTDz%O(%KD#lGf%&k}}DQSWMaG}Oe^mF6C>@YW$93XAw{G|Uv;5rsSB%-0-+!$CeY^jk{#UjCqPxElJh=M)-@CVcd;UMmZ_)m5 zY?9@u9c8_1_c1^Idt+l~XUpCHt<8J8TetDwpX0aRCpo3lAsMIhlFWv65qN(1(}Un4 zTN3~DV~793ID4h@WojmEQcIjz@*9rOPFOWW!E#u1kQBIqr;@oy8RDD=`@6t-e7 zzyVkka-B-YWJo70%gO%BZUvJprNC**gCwzs9L0#?h}gU=#E>lYZlopJ?eX&%*rc@C;eVr8!C=50yAE%HK@8NP&696(DBf+8g77lZ7 z2m2o~nt>37d)?>Sy<%OX+F}`yrUKVc~+*N)pk6t|g z<>1w`eRO8I%h5VQ_t^`GQosOxS?7i=?T&+PLPU`Y3l&sefHaKOD;~m?u0A)6cs?yY zaWV6a5KkPMKYCSL6xsF;L`LGViutT3=|%ktN4;b+Rma|6 zvDRxG)U}tb%c*c2!XR|vw>)CUO&#(~o<_k*L{VuHrzKhZ_#I#2Dij)l!1A#t*1Zjm zc)r4_m>_Ic9=NuY$HNxIWiLN>3*P6_8Z46kF~eRP`OJ^70M3{Hx3_k;w|)Kp*1cQ% z-)H%)1WzLr1%X@6DUl(kJp$>T9RG6@i!maRu^l`UmLZSEVHRqxx}Od)0>8F`Sq0)j z07ylG58c^0B~lK9e??iUBK|2(5Q!kVS0^p&74uP?MxusE+@i;E)(MKn0xMA%(S#Ms zX~E1D2N1K)eJs6c9i+jbvy?*pEpxBc&%JzosBD&ANhaZV~ zqba#xW18Quq@m>yx0L#SusH9(c&^UN`zS9igfA^X}yWL*H1ZW(x zuQP*bk5`T>B54J{aX1giiwOo8HS#shhZbAH#NI^{{HB4?0$f3)y}^PHuQNcT_OS3c zrZqTF@JQd=lt&pueyt_}DP0agv?;8?_aQke*6s9r|1K_ORGydvohP z&hnKBK?2q_9FHkk#-Tf?0pJ!$95|bU#NjfUlth3eUox69VHlxnJg&$oCG!&|Ey}%eVYR!L`q4VDW#D}h5#0iBCL=)If2~m_&Zo&*OgQf(< zbA%KM7pf18@{pnACx~4EcSV2bkrYQj?{9bj;qblLMpWDn-3zA%_Be+tiW zZG)%ykw83&25A-63gn(`Kic zc07ug#LsxqW7*SlucUB50+P@s0X9L}rY-evzvn&YRG|QZS}aHI&Lw8r5rIOX>QvR) zm&N8!_MSX9ARF?46=ZJP{Q=^47?n!*jF$2lK7b)bP~xL%1KqPgO*)7Jf5urEs;N;5 z(2)Y!0$u`bF%+=n{hE9TIjEZ$d3%nHRK{5Z0|`b#kEh_I8`RNLXljjT#Rv&Q&3XZa z4E+<0h2n}9gk?WYTa0{o{^5WI+btV9Cj8&ggmdbSIqeK5;bgrcN3nbe`(A&Nd`M+X zK&D8Yhpa9GAqy!N_F#l#u?tPEMN^g73`MP$MwDmTuDs^I_h=AZZ{Z<$6Q*^tSDEtF)>sJZ>k zhxh#HY1e82a=cVqzE&~Igwz!$GEhn6fq)#)Rbe6DnS^Jw3y>fu4n;4T3iGv*DVo-? z4?7L7KRZ4K7Yjb{csNT>F><3y)eO9x+=jFN3SIMR({OMai@Jj-;V|-3lO2Sx-Rwlo z4GmsX2(m#km?5QXmbgmEQl0yI8_O_==_QKasbuV8hj+%5qxYEAn2#YVM@o{X6F*Lm zkyI-B6f%w5@R~oFaU;7EbG}0^;h~E-_Q9x4gwAmQkuga_8bR0FzyKa6adpbW zB$Q$kCm@2GWCdA{@E2AXn-NbF%>^=!0u!AT_~A&{D@i~LWEX*P+KYmxz!~0>b*Dab z(fjCaHa$tC&Ka)*Sd50$Gx0@fO+Ak!k~tkGvF^T|&X#Bx!Kob|V?W@0cRNnktk^d^ zkEdlKFm+gT%=SlKfh>EvHW>;NUg3($193eQFvnUXdOQ&e`XUA5d#^1RE8##a58S1u`QUN0E4Uv z)@CqZYt^0DM{j~t1%m;GB%CCW?^N@_AX$LXT=Vx@l_wwH&?=lJLxRM%?u@a_Q1(Bc zFQ0Hh#41Chh1Y1+Fd$4aBN7=;nKwsPUmAB9P)`IlbS>PhGfPi!Gs8IKVmqdDIk11* zef{#;%U`;>w9^C?O{R`vkf{%!ILNjD`))j!{8H@cN-ZDnzWn9M>sN308Q5HGgeg#KNAZ3}vyUWX#EGT60}O8fDv{pQns2pY1%YmSz9)~)zJ0D{G*7dZcEIhXP zkmE&%h;g*G6=VwbO4^Y{@>$S=O4?SNTd5_@Klqd2=V`j1_+tgmn+#Q)O1>#JxJj8C z&b&`_9)M;Osi*;GV@Imw^as?Dv&$Gsnt)+?9g;27;fvJ}vW)l`;Nv)DJ;uJ=>UvxE zI-Lw7n!ST@!J3RMqIwgP@8Tp$f_$!v?|5sx@ISWb{w!uAeTK?_WVMj#e}|t&KKp}f345|8&+y=zH33-Dw+>^@O*@-S)w6o#tPT z(0@86@7AVFtp zNI643%M-#VCuakbBY_^zwd32CRt-xf2hZ2H;xI_4Y)pE?eJmi4h@8s z<`~nx+pML)Xhg=&PH{>JmuT{{)`sl(v>l)sYd-hKg77u^JPEB^BdvAZaWaC-+0)OlXcKw#yEY?{y%0Uh|vyAG{2;imRJ}#=-|B&29@(X>P1x@Lko35# z1{Q{y)I@J@v^HB?V-|y-#R3ahZ#Dh)NUH16*q=Cpi=VzTb_i7^i_~ivQR<6@PT{A4 z41LMX+Mjb;bEGMraXETXi^$0!`4XBOmeK7gm^YP6$?z=)hA|gxlz4sO6*hU4{F5g! zoN1jvsRb&OfC)z*@590xNG{@`*<*KrL{%Z~rUge@ajTU;LU*&?kTT~yi$v@Eu-Juy zE8LYcPTi9vuEu}YtzkD$X2?;~uklV5@e%^(sVI(-g*{506jHJ1SvgZPDc^Y`cTpKBFHU-VTtN|ES;ZN7g!M*Uej_bj+H1(gA;R=?mK$T5H8 zpFeHtQGZE-AGBf+ej$niq-DypR@U~7H0^r#M2&~U+7U0{R2^~rtBPiWOhw4Soi4Sqlq9x^~Rll-)Zv@x$iIN^Ly zs0+p1isV3?Chx*n)L!97t;19z-Z66Zr&4>$=L)@37ApM{A4FG;xn^LmMR6i34kM1~ zKH|buxfwYMQ>*LNWQJX2z2YL3*5MTC-KTQ4-qB$WhfS+dqiKHp;a=%Lx*l7Dh%e}E zbPijs)?w=r!9QvBkb6A)ATR?^j`QJU%+MHfac3sC6JSnd)HGw-l8+iIbjSORKYPd9 zxKAjqQv_F<4Bsz6OMuNPdbQUY7!o4{H%C)s_Zc)xBjduL3RiRbc)7Cl+3bu-(>FI>LF4K#B&viwZcqoFHULoRvBoatx`K`Iwkf5Yb_hO&zo8%hw6T;VA3MeQ<*@w460pEjJHZ{xqDc~^K0O^2XX!Ano(My@FP*G zM#*vsgY!N5M!_lL~O0%usa_qjQb39eF<@jEy=T##^bR46XZ^v93{TxM2 zb=xDNUzme+*XpxAJY*Z6(D+wxo^-u^&Kx>DHGYD;af$XJ2e#W!dg?1}XX83I#t;Qj zIT?SY8$LT?2ZtY)+UNsBwV+VO6pjFYPx|b}{yrfQ4~68x-6g|eBsx|B^T?}dz?ne+ zK{$;1%(V^Y>Q`k!-6cUc@!DW1;Dw^1MVoF0bMHsu=SHK&r??CDW{+ko{EEdrjB6Z& z950MP(T*i8UriaB9N>h+FnwAHBt!HLSF6THme83?frlmRg37`OX;DqQsbJ~=NQ|~Q zkFG}1`^unNZ&xZnvYoCr^5^}q&Sg}<)#faNgN2eBNUcq8t(mBUW|PZfG-nfdZLrR2 zO=9Jgk<$nvSs?>k5=*9(J4@U3No1bPo00?GC~#Quu{-HU zQUy>~&@h*xeTu6A7yFBdZW0z$6 zHxrsEeWm&6G>HZw43tn$BWFO>+ZBQoUHfau|Fc&S$sifngLX`Brfysy<$fg zxC?{LVue~m(=|KXiDS5Cnmj@F<~>@<{#LEHiSwo ziR|lVq#;|q2wUipjB*bX>S~t^Da*ebDcK*MARqPV2z6Y7G;f4f??y3w6Z?fiFXDk2 z2;~Kxa?Hna>};a;k&^b2@~W_{kpOB6nK8v#j4CCVbF}6N0+I@(jB9;6IOAO`7zlks zrgZx@C3x|T|DxWWe59q<^t#5B{3=sb&7ewvv$0nAH6g7w=P+|W{SOm=EC>T$LTOK0 z*LI+;%i)g4VuWR%PiEa6Cc>%kdz`IgK-(o?Z5g`-&{>&{`Kw97%1Bi%52FF(NvH%8 z4zmPY3Jel;!1=d%j4g&LHjQ&H2$jDu-l>0^z=q6%>$77~IV(!ag5iaj2@f8teC!kf z*6O(qV#Josr|+(NoFUtv4Ch&okdiq~w8si+t$QjvCv`g%dnP`ZpkkYpDgG1+Lt|;b zHO&(i4aIhat?O zv(h3SppOG2dm%jKcN_j;OhcW|V0-b_y+g0T7Yh5vCEo^qS_9Tm0+ z4ylnoxsbHh2o{e7_U;@&03Y#zl%nc1TA42JtolZpOzFDb4fX7D;=!5xuxij@Hn5iL zatCOM4|k5&aura*lzEexHE`?5cvN+(|8rOk^C=C)aM+-^IM*vvVW+JVoOm6T_1NA6 zw?f9`oKyk|Qp7dDNkH^doV8x3%hPlj{A_)E@n;b|w^=P!q{A-+77-j%RtWFzy{Q|2 z_9+{jqQ5gO~Mj^NZvEYD$lh81m z+`FQNg|Y}vz|lwMD3gL0Ta-G-Ss4mjoD}f>5NGp}mlV@hVJf;K@zjBUc5;45%v8u^y57#e zSfZaL*Jbg4W!Zm-<_Fga2fQ@@-$pV1Z)dA>Zx#P{8&_G{hmw13QJVKSpNGjKVnY1B zAYWHW9Q41(dHJJV%ksZxWq(>X$ownUCFg(R{`N-U{CDo(U*-S2l}iLg)iXlV|KHch);=o*lN%4)2^D-mTyLQ~SvM9M7ZpncR42=$AaV6IpC{$@yP~|1-t> z?~ebsI~zs(ztOq3;{R^tx)T1+Hp2@4ukioB2>yo^u7J{6vx&SxvuGF;pV_j#3lC)X z7jA2rJGO6$ zPs^%>;|6qoIe6%XEPldi;*=o2^4zd(uhm+&?nUpox&Zq|^(en+dg?Cu_B!pb=;VYG z6b%??e7MCn1Au}$K%r@xSxq=9*+IP-4v*F3M(?vB)OgrTXR1us10i~i;B&7(@6mD^ z^O7wBhhGb{=K z8!P~<`2Q9E|7HCD0QAV~cCmqwa~8Xf_*!v}BBIvarR|8)=4@MraNv~|EgNPI8n)s( z{g0DZYMt{B;>M~q?Zo>w6|cErcsyliF75#E2-#DQBjwVHsrp`(oVaSPE&rGnaaV%v ztzq*wn^D}9WDV8!Z)M|e2i3){)~FxO791UWRoXw}@~JNlK>%ia+aG}a&F3@)gpW(p z0!CwvCgVn)9)IdX7U(6t(u%_m&a;-X5-pZF%99P2_iEp?kH747o_Chja7ibU@bHrN zZ5F*{BQeh}?I}%BzG{5IfSeZEn_02H{#84syWub`TPiwlJ!!7*qD9O2<2x0#M&oE0 zY8KrG%Iy`tg;((<+BCdz)N@u={1Lkx9CXuUm>hX$XWn=Erj}%&7ymIsZlnhuKHAF< zuFIA_+ve^AZ;dd}V=&{#J;(FCyZ)IcP`rP>wq&C!L6RiX;&S4?$3T$@JWozq9JX46 z6Kc1cd!N9-{=Di|R$c$h13j;<)hii{XxP%O*2Pd7GMl+;PiGc0G*ufhT9nq{zb3k@Pc_$s#JDMjzUi!>AK7Mi0E1? z6xVZ6!9%YLFCT3DE{V15U#_j60=rxs{Yo_DH zL+lQwqPwSXXsRz0Z~3`tRWV#<1h2G5j4DwQVY%o|d5xYb4XTVK6r)%F*pl&u@?U&% zbK}o{Tq^&;+F!K)Z)|l|^51P-SC{_~y;+d`IzRjl#-FM_s;-2;i-o@`3xCyrYvGSs zzBHUJq`i-uPP7Ki~8(4e#g4oQT$o!Sir9gwt?;I{MEcy+pL*?|upz`_qbNSn&*(^9<|W zt5^d)Q%(AYDo~MRma~=Y8YY#Hc(mDk>nh}BDU4OT4RVn#;oR&!2Ygdi_vq)06BpvV zrf6DdRwo1smJSGX*+GF))7RuBd2Nyx@?JV91@{EEps3&kMMV)62dKCO_drnr7a}Sk zC?E>1N5$(Js=cifY|UOmHo zo$NjAP4~&;UY>tme$n#v^C!Mt_)2)lbyuH!#3iox7wk52nw(IuZ*^b7kRIBnMMzUxo9u;uNK7JvBVoJG~^ z!@UmUKAdsdGh@f;*FC%X*umR(@Az(>XQuAAw9l_QS;&syuvf@ z$%|^<5_=CF7hc9&8s1)A_|SC=zppv(xvDdV?cBL)(~318eEi7y&$VvdI`N~npKh$4 z-h1QVqYO73bFz8m=(B#ibkXGt#=cZ}?dnrz_dRm!rCBTHz0FTG-}?09JMUiDu`_Ra z^C8l<@`siUSmS-L@70qY@?3hYU4PLX-%cBP!<8kIKDdARf`>BsFJG@(aOE?lwsAub z9Ber!sS^eAdc%Qt`G1GThf%&?PH=h%H<)cTQ`mHgv z?T4dpO&R1Koz<;7a!IQyEboM`R&_xcdWna zkG0F6xc!gDz}s*1|6_+^=1(2HcMTKlcKM*O7=P8N=RZ;X@Zys9$2~u0 z>BVziwjK1JsmE1Lzihw}7aafM&2N3&_C-m_gyt8IIq526{z)%6%*~Ru(AM$E%l1B- z-3#9@Tl~#UhxXn0*24wcRy=X|@i#qJG>E(P{uQH6IP%ET4>;$57cYElaPWYqCmuh3 zz?t5*-9NuLdc84YT+R1`U*5E6wJGhpC!c!Z^_M=~)|S0MzV)-??>f--QTfM59on$r z*^9pYZer8r?=HWg_d``_Yo9sowL?E?-|<4tua{N5H~H{yrexpQe%6xI`)8cHwITSd zKI5dtZ*R*vwm5i8UenCk7o2uY*}>;b{k8x4uO|I)-sg*3Jvrh=|L6UN^!_2u^3Bgj zZ{=TDI&{eB9aT>jb}X3oYxXlUwsb6>*>S*G`B!go?5N)2SRAUovcs`%>ewwE9T)9- zzW-BWORsqR=OVxF$RW*l6;HZi_-kL!Zl7@D3(bc5H3!YV_?f;pu9?;JZhprPb2hA< zw)Ct|1&6q>biy%ho4JQ4{dV-T^BO)m@zlc)F(TX6i+7yANN~)!X5D6K(z%~+Zu{AK zSKzb*T!-Fr@U0UbXzn}x_vxFCx#R3Phd=U(P;o#{vC+d*Pc{lgX= zh-`G@wNvwHYx{oh+|o_A5l&o_H!EI#&; zMPFaJ>iS>jEV!jPZRnP}&wY8<)z#Pk@!FRY?%(jc{Z-&fjH_TH8^rpu@F`*7l@*X8kz zXTG{|QsXz*wtn#4n6p|YUnELbk3Qm~PoHmX?pP5>J0s_+^Yj-k5B&Tf?H??A_4;Y|Y}?WAs-N5DzH;`9 zhh{A~sp{v$F1+XdOWej~&%Ai{mv`Lz?kl0YMh!W&w54y~?N5jKk$0cwf8_(ebHY>N z;eYhK<;a`1pI3I*?i-$bJ#)t8Cw(zz%^bs=se@1WFudj&spW-N4lGN(a>{ADH%!hw zMtvXxZ(9*8Ct1`t+!Y zQgUJ2E9am5;#=p8ojrH-8z*sfzddr|t2^8OxO&@||={Q=*8|J;w$ zZk;>THE&L%v*48HR_F@m8lL+<4WbEi1ox_sY@F z=53yQwH{mG!i=Pljx$!pg<^yTvpedllawc@x<>-sGZ zZ+?2%)rZb=4*O#3qZh9_sA~D;Qp!iUU+=iL3H><+P4n(x+Kc zpkvT0%WwPThFh;2H8}gmZ|^(doKL>)zoP2yPqxf|W8k#&o|?AW_g&ICn=d_K=lu7k z)ZX%9>#1)J8h*;HZ!LfHt69FAUtF+k%!bPi%O6PJec-$+j`{e68(tEqXt=b3@gc6K~Ek4NS_M{o|w7W9Pp9%fbaa z1}vNX`*)KDe#ABAPd_i;n)K!8p6xr^@BaDAU*@h2PkMUSicxdTW40Z8@~KxpID7Ct zqjK-<|M=1KxKYPQmwI3Av*-;=^R5lq*G&ELsq{1KSAI8ra?yknuljJo&1+wKJaa<_ z|NNHoYhIi8?ETlhXltn)e(fQ%$BcPx$y3v}f4pPZ&Oh#bcipi27JrLwy`*^f;r@G^ zm&|sbR#JAz(wwdLJhgkMZrJ1J-LRnXvw_8yPqs|nz4MqIEkh4HWMt|g7v7V5%@ppN zs;tEaTKW$S4mjz|`M+HE@_Fs4O$!fw@&Vz)xrL{Ha7FH;_r6!Su=jKC-1NrhzE|G+ z>8#77(<_fknsb`RbJWb+KMEbO+m=4%#aCw@Ht?$8a~;p!zVZ3GGy8m&J>!?9Eo(W<9w5nPZ=+_~NrW zzL@L2Xx7uKH{H15&d*Lf?A+>Ycg`Q*@b;b0zWKsC;~##^RQ8*-z0AM$rPWKbS8p4Xe&PZ?)OS|x#&d7I?ahOawp5@0Sg85rw@-Nb zL&F=(ZfrH&`eOCyrLF}_Z+&iVNpM~G=Mm3r{bQKibY5}RH;z-r?tb?74sn@d?%0mT z#;T4V#+XiAH}cNu_4x~Cr7oGfeZ{7h-^LvH#p#)ct^dyT*_V&!jC}RHlkY$JmQ9Oy z&OxU?d2!Iv@5=Y}r=BF9{n;ZMKl**Z)GfVt+}vLMO7Ay%{g~DAvZHO(nH71*cl_Sc zF=%(voE2eisPQpx_Gcf~FE6`q%=bfu7W=2$=D(CYyZxbAV~)LY{rNju^e2A2{wHzP zWrph>_nor)%uU;#9DMqQr^YUQ`Q71X-CzFWlb$2y+;WWPt*1_Z9v_xzIm5>Bnz{!c@89u(B&o`^ECy9Gtxn+6@Azbu zY3KvDy)ifVz;|aa+R*$&>c=k+oA%s2-&rr|Fy7Pg;d>|VoF<;tv3}*ZCGT}CUeqeC z>u4MBaj0YM`Xzn7{iSBdi+69{ymJ08FD>7;%&jZ zzUKWo+nd(z8h><1lB3X~IgyE0*HOt>x?eQHy#eMq+ z1Mj-{BTt{f=chN_f9~=16_33!Ht7z3$)fj`9$0XS<^7jtwT^wU|6OZ7)n8sV@rXs| zawmNFO#fM#_u57;e(=!8&wu0UYpWam2Ns(ecRy@jcjngduXZe~*;-xS%lu_W)}}r` zKObm%vU=xQas5T_-1+^KhJn}op8r+fl!yD6&w208QBObm;VbSF?{gfmEBN`!CvML= zr()LEH?H1v#Oh$*?e7l$@r*TZHGlMO!@?tS`e(h=D}P1Dv)AMfT{!vV72GY0-kYF% z>7i}YUz-yS7oYsc`OaTMCy%dsx%}6ZywDM82S4`tNz+d~<1Fv68&_AJbM>nyTh2JW^4i_!W%Rr9 zsT2Qjjy!IN)$zeAhuu_k(#kU|D~IoV{E@n;?|eP=?Mc4*!ybSBq-zdXvv$?Et2zcB zv3>3I-|yJ?R>x0G&#mlbdghN|uXXf!c=l8i|YVv|rDNpX4a^vYoKljtAGjH#BYx=`&N9=rl zaLt21Pd)YHWnUXgo7WDVDpl^>GD7TgpZV_I3kzSrr|6-EQ{I2UpWUnw4YPugwAzBA^~(!Rg`{P;;94)7Wd|Mk`j?^{z; z^;zYp$)j@pZ{K$0$I~rt)66M3pN-xU8gtOhrcn>(bu2#bz2(cN-u0lqWKQlSR~$F* z=!-Va8u3%|mGf?N-T%tz4YR(t`Zr%ajQ{=mL#|$V<$BxPckY;Uy!Yg~m)||L{>>MX z-`A};{mYCW?PqaU9IzDaJocF5hkbG3*6cHrd>#G1`t-hvpLPom>hIchjOF=FPxkrc z**iuZ9Gq8EbBC_s>B7w~t=S?^d;O7NC%RZROqc0E1d1`Xq z3%UF^Q-8eh;X`j3ytU##8!Y!ceA_XXzP2^}fY}4bR2(of@a3j6W{&V2f5m05zkBqw zFJAfitnEja+h1+3eBiW^laJpxcC)c#o#1oaXWspOneq3B-~T+-FC-bBEPZK#@7lLc zc5skoi@7(YRLy*6xUKQ*4XO6a zQ)eu{Bdh)OzJo>EGj|;IN2u2-`z_)pZyPJGdgR?dKEL%x~TTej@7H4TYPuN;*jy zji34aKGD>8)7-opU-;>U+&=TqFbl~yZ+XhH=Dvq@RXb)p@#Mm5zdxvA=*{O(J^Iy~ zKASw$;gv4@`k1A6KDXtSnKN9z7m~Ba-|@`SOMx^8M!|*`A%|IdR^{ z2Y>Lw%|`@A80^Q5%@{cHqOzAhd-|d$?z`=n#*es9A6dEd^6&dx>R6)RdSG~M!2!=c z@M@n46Yo98h0a=X>MLol|L3dMRu<`wJRvvt!%5rj&qQNOc5}a^-1K?!)-Qj4V)=Vj z&(C$_E;re9-%8a}R==>Qbl0xIM_>Hhn&0o=_I}c;@{+GyS?65x@e!|XE?MyWi;o|1 z&-JB-;3?O9@Wb0J ztW6&4R@b)A%cp-l=OS@=KmGjUw#>`kbeG3^^68fyQ$6(1Wskmg!n$XEy8YP9QH4w8 zkvBZjzW5;jtFK-7?52{9%kKNa(UNlZ#9eEj|R+6NoM4=>oO zkKK1Y(sAekV-Nkl7dot0Px#*tPBG9B4w>m6li=b5vLLta+cqo~OIAh(g1^~WndGk} zjee70&CW#DwCwck%rt9Ob~>_Hv#e=py^v+!b|Y~JOEMS2U2)+bLZI_}IGfwOhkEEx zkoxz(B=|X}R|xRPE6YL2W;XjoC+G8ul5FOJf|(1;-hd9_;1fMU0Feav$4VlDoFp}i zAs5Q9$WnGzdb-@49;~-!w>q7z)^txW-I6^io%0UzGz2r75Pk>yGo*pl9q z-k|%Z2j3GE_|F%ejeN*0`1t+MMi=mJ%}UFPf&WZPMtTqYcSk5JFD*tczFy!0wgz63 z1YTF1YcHw9{}+^_JhD4dkv-tl>B_505Eqn<9$rS_po^1vWNe){5uJ068Z89yH2HiG zk3v#wz=@pUkPk_c7uAOapUa3_fD?xE(dtO5u?QJOWS0Fwv(wAFU5zH(9~B`5IcFp1 z;UyEKnFP^{Td4Q(X4+@-Kvu?KF8s#QS(o!oBlyl2>qwp`ghr`jxC^t7)JqL-}%$FGtJ3EXN-Dr)?#s zgPJ7TLl%L8zA#{CW%gOLv7Qe#N?zXQRx0WuzvvGL^`c@>1_+XH|x`L81s4TZ~Br=OZna!@5_t*0-7w{J*3dQ(9D2T%e87RhO2J&bOB%vlPNRGOx6392&v<0dFCbnXVdc2k|Yu6Yscy z3&*p5v)r64hwva}UNUQc(?qBT$J0MF$|ux^xR3zRk)Jdv#5;u`Bq%>)z4l6=>tNt?K6Soohd6~ly#hF6&Fp%zpe}?~EA)$#6nI!N2Xan$mW@hK~Us`rX z4F1o^wpe@ce|LnWvj7s!^%#92Bi{lLUFj7hBsoJu5F>O6Z%se~7^pEO2_g<37EQcQ z4Dulq3I~wvqn%|_;nanH}Z#12b4>TcT1=9CR zc5*VpU#4IP>Xk8wp~=V-;)BT8get1+l?4?kdJGqS4g+ipE{qGEtM4Hn_d#IrPf^}} zYNIRo2Y88re``ioFO<2T`V$rYpTj>}e|CuOpEkPU|1;9!);~SHhyL%DAc^6SlSc-X zpv4rNhxbb+G2}7e(*VA6;2&d}$!f}^5k|>Az{oq(45`R4 zWhkf;@5F@%o{S<_mY+6_!`c{!ID;MFb;GNl>*-<>H8{z0Z=YLLV|0Ki`lUBZ7x zdK~>{&Fq2y?g(v|(bEeqy$$JsjDvk(u~_w~5FN&#NR#N~&{$`P$1IJ@!O4)4X0c`& zE!jp(R;6{I&5~hDOCL}3iOm6}INf9-MlevNOn;sl%wpoh4C3x#+&9KxKRfH}he zFNd6%!IML+dbQdrXvl{8Sx}9UM|q_sqpHds1ts}qrS_7_S{x~(k%g6|qYFyl!;40i zR#e*aYaQ`1!Or%$Mcp@f9Fe>8-j|;Lbh-}5!hzUqhFkJ5woCxEYRLmc{xv&q< zn8D1;PIj|q9D=*WIh|rSAP+SKdB1_Q)*{HricyTN*$YA;4=;;BJYjkpZOLwAN(VyUt4KeWp4S1b`~>uF!>=XIpofAc$FO9&T{lu za*&OoP2(lbsRIH^rxV<$1{o(o2YKAVS~PjG8X?CABLghV&8sXeAD2VLAyFC7WYjPb8AHfKk7WGq49m#q zGMEj>=uR`H=yJ>KqYJty%#OkoU1|A<+`PQfDwyg$6`+T6q%|9~W=+xQD465{)C&O* zg?a-UqX9Jw7(${D1x;fkG??_Pg6fb!$}6W2k-Xwm=+clOsGzhE4Mj0m)4JFj%jgA2 zcw@3#nr{RmF4!a4tsI# zhyq7t?g+r-D&{7@5tl{B`y@CfLcB+i@PUufG&|e#OY=q-lsn1`M%XJV%f}7qETP>D zM-aI#42Zb+@G5&zzN4h7cz8ki09*8Td%JpO_iIy{Y7`LlKebPKOi4svF~M~dKGwrQxKA1ym-kxONQEiy2m|XUj_#M zJ}w+^djBE)kF1Qi`@gKr9{GQ_gjo3>(VWT{dJd+@hMtqA(_s|g0IocTXrOV;k|P)r znmCyU+$*nAK5J`v9Gn%0Z^YhU;Z1FkDs`JfG!3N4>_-|A++&9t$_!X4|R|+%< zenllI#0yPUz7l2u`X)LX#E`80l1>3?Ke z(kwmtAKeky`m35%`=gC6`M(7Ef7Xm1{NEiR7XK$9yPGQYaULS* z3Asa}A18!(zbNzgPf(;{qeK#;vvNQ-6C0n@-yC%fz|N3h7;}~JG9|biFhyt-jgGHV zAV?Y1W{rx_hi{SjP=Lb~DYr^vD+|g?a*G_f`T6CMd_o{5pS>huK6=ZgWFof!|2z7J z3j8bj$NNJEqznGfnwcIa|IJM6;s3fN5d9AzJ0iLiRByt?Qx#xA3_y~dYSByPJTc%F zJmC;8A#HY_81Oh^%Fq-)hXD=$Pt`Rv7A3LC4j%vZK_)3242mK7Tz2&n;APf`;N$}m z>1wgP5*4velBSA{aB3U5>CuPl!vQ%AxrgQ;3#g!xtf0e!xm!_6l*0MBNwoK|Db(O3 zDg`IBv&jnb0T&-|VhSqKJ{Ob|Rn!{xCyJINuZt+Z;ZY@SCB!>LzaKY5?k8zOYN8bO zcrYf6Pr#Gt#uEn@ZP5wAkk}-+;-WD+_i@g+=!mgIbi5}dhJ!e_6k7|iiHJ-FT}zvd znPX`8lyZ4i50~7Ey${hMaI(!t2Aqndut1D|5MF3}{b5e39)bNK%-WqT>jQ;{=@{H|LXhI*s_uajAHYiy&qtMT5Jw$rNuRLp;_t=orSV9A}IGX@<4F->IzwhcNR#WwLsCUw6c868FU62(uPA(u32P<6An`sS z5N=U*k_Q>$6CFVjPhBg`L$c`3Zce5L8ltBcqDK`o-b^v^oYRZxXf#~LoeVBFs8d?!>sWuujE9M`rW-E>W}@lcXH-^~h{pgev$X-u&1Nywh&ZQ{m!woA z;>ts~1uhV)0f{FnDB=;BbULHah|ygVu?j{5BKu0Gs}Nu$GT0XiAXy+e6deuPa~ee! zfgxvRTY~$7M~Yj;^XC$q18|Q_hK~Pl!h46HY>^oxav`urms%y6_tScn$)gpheR7e7 zj%t;yQDk*%h`0j}oUct*l+KhMM9k9RuaQ<^PGM^nJ0NxCf+5}*X#n?HU0ro|;?C8f zWQoVSh4+cg>fVt>ADIR++wenxIj>}kjtkbQb4DizZzh#JY1Papt4}+ZuqJr!>Y)r7 zG+C+w zhHcxtBD-c$70XsrgoH8UrAwh(s3w9TWl{8XQ7**0@s7c}zzmrsb66I90%#VP)oM&$ z+3!msy8?q5a{D+Bn96c8ESlI1@CCyPOT0RGvYQl3d@Xz^>y}DVc|0c=VSzXe^ee&q zR#{M<%@Hq~Pzi|dNP`r$(H?LiKyrXvn|Q^TUs6D;e}4*G{rjun1qg!}|B`ROG685b zGEAMWzpAXA7pEx>3Yla9y_l2qcq8Rf@yMYfI&#uCTYsIduC7kkkL9AZFzs`HD>3}A zqRB|cV56Ee>2w++7bVj^ws0Y8=XC2G|K8ZMWM^mZ!Jb8zghueV z=bTJ2RAgIIVw|if+ZV=IO*$heR0Hb3j4?r_%FZM%AMm>1Lh8)pm4N%LNCQTr6viYf z{(}!7ri%@D6J)tzN_7))G>Mc%pQvO?&%a^X zMN)Y1RNyUnb@%{OMBcDB{doH6VGYB#Ap_n-1~{kisxsUNoj1Be7?-;+tzf`oHBeNH z0gdizf_79agF7SRS~2xaL@l@)g3B>L&}j&ejjB;x2L$3qLlK}9a{z?lR1I3kOb2X; zj8w-3gFXTDnm}%0Q>P-<1_Csqb)f1_u0d^4D)KZFT;LM(3yPOo2dp)5?%?=f5KI;tA&2__;|fj!ZxY4q4*blEiqZfdfs)BYDQ0-X_c zAm*?XQb7>z^9l9%*8vWU9cUJUxOH0R5`aeF{s+(q$Q&stq@~t~B~chN<@l(lI0EOP z1ONs=Fv~#|6(ddbP>4l65wv46;WG<-N&wn1$})x`K-K3em^CsS+R4bdD7eWfjM)oA zges=A114&4+l(~EJq}L65S{~Si(&PMom7A~if(sACzSGk&4g*9qHA`h*JzvEYf6eqQzWgKO{+O2 zrelOAP`iZ}QNrgFW}~7kQV4}5DI^x(LU}DrF*-3PL~VW~Qg3u^7z#l@1Rv8*O#Qa< zA&J&2LHl7pPv#i+-!Di+8qC;6mY4E(JkVc2vx~q71cBTlc0!~%Z71Qj71p4h5ZNMO z8zVZm3ilf)!h$v@x-K=fZgSM!X(X>jT$JxL4-UV4pXe<$?0LPnE7=oHUz@7 zMx|P`e4;a&MRY(qBm5Z$M(7JXM40Y`OTn<9hIga5i9xu!!m6t@%xw{TN@kR&V~eSi z42xhXOvP$BfdEKS$gUNnL|Y<&Svt%ZL~t7Mw?K9($TOHf37~v1@oPeLlH_v$2?8L4 z&t{NExCtnT)S8l7PF7SDA!3uKOa`tX0Gi+UC!G`EBKk)pJN+Y^0Pgfq=F3Z>xPQnH zIMfK$kLS(d6C|MIYZ8fvl_*6dq_0&j&ERTNdwUg`2sIkWaY~q}Bs;s!BZRt!MuYS{ zo%fMqG4lll_dxbwsz*;sf+0*hCho~;-Va3xXd{r@Fe}E$4PNwYQ4;&_9`y9&?BBnL zfF&%Cmb;9|`{>bD(=agtBpBRXqK^xhm`DJFO2b5R3O#fP0}2KSM3_RsBe%>RvD8CM z!cVtgyaW)C36=7=ML_z12-uk_dBw2LrQjA!;@5>lQLckc7&4(M>f=z>P%K1xCR4Zp z%p@_=BUXzB>vUGQ|VFe2p%QPG@(6SXKUa6 zMWVCbOa(4HeNe! zyyFUqY=qMI7}FL2gatzaKG%ytlfcF(6qp4g-3n}iLKyTpm&-^dLZ!vhO;oRdYnBM? z<6?{%SMV0m_wA%UK0qLtNqk5ql~0KbnIeqR0D}~iO^GZ5y-IF%gQ)iwjQAkk^$Cr< z4S=gAQmYZ%yQLegCf=8AVqTU*LBEF1+{4&-pE=u13z@sDG9?vS2IE$vGZ-|2gF34* z>u=d^n@_JqF3;e8Xw|4e2e;}7V-)8f;0TzpjY?b64+iSs~TQpuNe7H=>J%( z)_D8BjBHDf{!e!V5JCd$CwUc#k8+<(IX)GUgh8swg&KKTk!NAZwyIom9aGM$gEOd3 zqfT09(xsU&ErVl2z)&*0US~qZ@F`JoD{!-ZfgYPNuF(ZIH9DaZS{JFVlJn5JR8=7r@g@(d^FVz#9+R!6>O(TEcy+_iKQs^)Mkrr-r18pV886WWtf z9TDHw>dZ)CBJy{Kfe6rLm{6HAfpp3=Qw3y-a%|U`%xtDjk{1u(F4F@qDBwYcgQO^% zM3XKv(Uc+1!wJ#;))Z|Gf{|5fR}~cEnednt#SlurTNu$^r^_-axABx5BDxkJFaHY~ z8f31RG6vJYfqt2KQ1!n&uyu^=%>B?tSN4C_^!WE*GJEvDyCrBOmv9N}_hW|K=!Sc+ z5HDkrQ6N^zMk68~LNrKFz<5LQ0#n8$HTqJx_tAsY!DKR^T1q={^1*x+TDU4Vd0gO(ifO zR<1%6X)8fGIvx8C1G5L00b&@01^%EIAQF0}=R{wE0~WQ3^9khqP`Ky>wPHq|T{B~Z zg!xDTj7vo2T`5UfGF7|1B=i2^^{alF;lQRyiGzb5;XnMbhMc$ z+$d)SefN@C_L1u=%?nkfxTlIpph2vsPg&JPGEgSoNvsR&h|B;Y$<-5lL`e-&sitEc z@m9fd5v2p>Mv;t^_CTpgr_)sG7D8}oLOiw=S0 z1Z6+a+o3j}M4~Iu3ltAi7l#}HzBwMB3vQzL#x_CZQihyVUapC!W-s)pchO<8nZTn| z=LA4eCO2wgJ#<68?FffLu;_5{Zcr^baj#wUF-bZKV!cF!ShxbGaxKmURCPpklSZ^i z=>3n(heD!<<`-mj^F%d3?ZGrr(en*QG1(XhqJ*nt;k_c{=ZrY<|1)fH{)FKABN+ z&^fqAz+0lu6w}uL-=abujwc((!S1JECpCKorm?cld4?fQ)>)}V>-Yn8LHPt5Y-`SH|7FNEJ})& zEgKhU0B@@jypv)U&yQzGfhwx5TnT*`&D^#ja^nit*2=xVq7zK*SL?J6-s;G>$abh> z(SZAP2-Cg&RXJ`TYA=!`_QGx*(QqL>uZ!I|5knJu84NQ7h$kAysml=6oRV4x_12+e zI!Ge!kDEeTPz+!y-xIz275gm3;FRjoQ2W_bO-#htR*j3;;!;c!tAtah(jCw`Zd!1+ zMzsyM$0|OD*{9a67thlMx84Wl&WI-BhoQ=qJ@ttploV5HZtK z&OMiUBq;4OMUoKj6L{4&4knH^Qx|!}jNyVhNpt8^vLLPd5b?Sknq9pnd3vtp#h8a1t$Z+vV97F%_m+QZ-=>M#=IQefzdU}ul?`{c6imrxE zb(Dd3jaiK7pz{jB1*WA=U)ZJ5q$dV2L>J!g$A67JYGRGge-ktHQE5Seu?s*fi6CIc z@WJ^MI8S9KwpJw`!;wpH6Wb4Rx_EdgLSf<)E)WJD#Dzf+SJjGqf}3}?I(-Vwq<)iA z8ca)lt%TMKxF~%Lb|!!hL6?NkjW(UGKgy-b|D_d-w2r8sP+b)~GgZ_LM^R-326?{# z)q-X`cq#{ja$E_tua9^R(QAZM%!)y^s8AcCO7C>al|d>ha;g?QJ?N+zzKfTL(iGK> z04^w2cZOmBJWP5>C2&k&A|sCKD(wv{7Z;SnM0rldOB!b=kr5I4o+wE1gt+gIRF@HO zJwWX=0Ea3w8Q+`<6~K9_=#%2cYgCg-tpSFj;@O485IBCtpH3cAUS?LQL$!Ay#utqC zWHwWoW=(`kxXCB*_+CA#3KD9X<*t4O$jnEJ|P3h~5(Kb3YM85g3f z8r`DCtc-wF3XW-|dTG&C;7XUsf$yXa!YBz7RDed=Zjsq%`ic?dN>r|}`;}3?E@CWI zD0|B#SV#qq!Ey|!LG4{Nv#m-rD|Dm6(Z)6_@9Ny$M=&IaA%%>Kwgv(t5!AoGGBq`d zVqtCn{z%1d(H?+ke>vjpf_FvRNr7!4%8e+cb!Koy?Uf>3C(4O}BC%Dye&AVSRx+I8 zOo((>p^#9G;)w+Mn-{^q@z_8^;!#pVb-+Qo#}i_lZf8*GC$tdT7L0Te0`zrM0?V|6 z66fYIGV8pb)Uq(Dmv$`+qFOJ-od&E;N%gf7GtJ12myf0plQiO#qsYF;sUv%rnwvz# zRBS%!%;Em!0zB|h-HW#9i#SB-6z(bCTu%3rpJ>{Ww#yWkgXG+xc5X!H5`VJOA}jJU z8~@BFzM9ZL{1X&wNiz8XiR@UhrkN}maJXoqGL$INZhpj_M_%OV-Ts8eR9#Nhkxu8T z*9SUX1&;~K$bEvDJ*Gie9#{?bEivO#XIQm}S0;eXG4z3D*6GUG`|c43J1R{dL(8)j zW7#wW#~y7J2@IAgITXmIln75wY(?$3KPt;DMgs`))%90-91Vr6U?I2$mlCKDirTq;e( z&;r5Y9NV7+DLG?3kpX6+WQj5w$`;mXY)lcc87A&ch)A<4AhZx+03xm#HD#Fv^`9#| zyj59i=2}SU0m({oK_x`S!n;(n4j=HM#HgGK#OT^n45C^3J!1`4h@nTFE{}-^NIzoT zCa`^{HASkyZOgS_k5tDL#G^E_nYJ>1uAbRqw- zWLV<;e`ojH|8`4gBYv^;KoeW_sj5RP@Ms;DTg^mDZZ$HIFwUU$jm2DJWf{}5E3JcU z)-;>NIv(dy{bK2b22+{bNn3IADf?>}bs$bY*h#68huBbLZ#HF21)X_m}zx!Ni@f?_it za)*6pO3eejVZhWSe8GoIjxP3LCzc0Vu@T)m)|9r8 znLSfwghq6c_v_RaqH9QC-lE*K2AolK{nHD!k3$UnyZEMkj{v%Y|Maw2_|LLfd+fiu zC3FS<;Jof{Ab_~ydyN75MaOrB1Y%!(`(K04{T)>Jrw`%omo~cM|I)ML_`l4I9{vAr z332Z~$36gQGDq|gnVSN*I><>T&lbk052c_K>V3rsj~6nhD~Vp=%IVjpsjS9Q+pbIW z2vj*`KRao-x3t~k6y=p+eTOLA8-GiW$m&5>7Eel zxvbM?_M&!(_PIT{`<9TtUoy_bppiu3Oey~xZ{+{%!7O?I8{R4WU!`2M>Zouj0?cdu-?m{xf6m|I(~Dy$AlgBm8|(hXhc$ zLitR849DOo&^A-|P;zDpQ!yi2D>#{G+fdQF>V&yj4EexdfpZbvQFuB49D~y6<`8|B z5w|$xY%n-Hm%0)rb>RM07F9U%a=}F^#WT^VxClHxfPYn$+mRL%>4xW46d*C216QA^ zaHp6Iu&}$>;ifZpAODS46@L<+Qu?%2`C_JGKOD4WHz?6#z zOL9_~Mmrmi25ehWkuHg#Fi>hG_FhDS0%(YtdJ^S1eK^n<0H@brf*jH#NyJs?K-tz4 z_Hm%rjq8J#aYDRN(}*PcniOki@`AMqP_CdDsLFz$579?9!5J+vR)jdjDcvFN<3XR6 z^fSu>+W8{rwlT@Z{lO@Z|x@`+nlWRRAY_61aaAWTMu}j73Ga%m++5!R6x} z&=AdNRhB{Gxe)FGQF4v9RVQA5@i*=mOsz>r^8G!OOsb%J2UkRX{KcBs5XdqIL!vA? zMW5nIg+0#)lMiQ|@(4IeS4!oV5PJ#Gh9t`kLk)o5J-EXa8^b{uElza>5Z=vkox@#+ zufIA6xZ+?lij-rTGGsR=JVa%mK5B=XQ0m%A1G1wXsJYE?k z=cS-Di#1bY$3h7IvM7TgpbOzG3u^L{irgWd_+r4MbBMfRE-KI9!5bqHS3clgC?C6SO?A|buO znVpkbQ$>u|m1IJs(l&?(WS9aV>~VFNs7ociO+|juCAi@)PX@<4<)$K+@_-Y(MM7Rr z;sX+ObOPq{68I^>H4y(0?wB4@>o9oQ3MN)&Q$?7HW-qgnR!0MZl5i+MU!QcP?U$99d$PBzZYXq%&hXVo?N^ zdr9iJLeK|rUje4i2uziaaSEiNmv7vNZXNnTM^ zzP)4w8jeerlvbi5d$GL|S6f+1nq-yP3o4+x;(~JUyjYn#++Jj_9G8j;?Ug0CR$OIa zX*tS8Wx3^*_Pna1+;UV_RbEzFQGmOUk1H;*mlT%cb_$9MN-9mbT^xrB#^4WBF%qAC zq_Ny8Jc4r8$Gp zPjc3#BDIMWosPOeA@3j~ZGFT6D0{R}-|4FvtbdBPbF=6VV8~Z|YdYfk?cn^btPI+F z>asN0=y534?8@U(QH^Ulg(Er2<|~eJ_MiL9PR{?3m-p?X(|>Qy|5*Qz*%?_q^nbU6 zgy(-o&-veT{`Z{!J?H;Fe*TAo{(t}ZpP=8oFH7@s79#@iuYVm45O@A7ZaW+izZrj* z5a{Ckw^}md?*Gzz?0>r_FmEwP`ye6RlgjqPr-2vVH$-q>Kp|UkMq#K$IXTEcVa0$Z zPiF6!CP!y;P%mjLH;|SFc#VnD82P-6&oGmkmx0hQQb#H>Oc|PGvKUfQ=%caJDOdH-HNPI|B3iL@&iM=))&GkMI_?;NSGhNP$k623hnAP6ur+~{O>anr7Y<`6lc!K+BJ zjlQ>tr-`kj<~hV#Ln^Ylc(CAhr9>41vIx)7UX<$by8pi(I>-N#qWDA#}rKq={vcA)T;Zm7=wCD@ybGG>f!>dLB^7a6C1$X!`O{~8(E1Liwya?y8Rz20D1j3;(+qv>8&=vL>o2LFiO?4%o-xLxebJ(ie%IB5-zzN$|o_%q>MC zNcZ%SIzUy9lDcdGBFG;_kiT9*{z+|g;z*BJButg*+eSO zQ#;@dnH=N*@ z|18C0s|_i`j_XXjK6b|@wQ0xF9?^}B*|JeOvoL4m)$Do@Uoia)8&XIF`b}ScXC#1{ z$i8V}I3%bEqzjm)peYf}3^hX}N&yo+;9fQ&0>uu{koqgjK}siFiv7O=F)C&;^B%3M zxOWqe_BivJR7QJ6XJL^np9gACC-?6z+n!(*ka4ZP%S=9!i_GEK%{2&viA?@s$X5Fs zRR2+J1hczSO2x@kh7XiHQkYTd*K- zD8>Uhs77y8^xur2UU!r%Hc9moD zJD5X5vhd9Bsbq`lE)`=K5IF!CwBqT5CK4RHZRFV9GbWcXu4edm@6P`O^dF3cEbhL# z0O(5p$C4H6|0_EyJG+Pe>yE&nm>uTPoImyT1rb4TI7_Ic9+vQbE5yP-6E^Nc>EB-H z|Ht0{rCBXK@4t6XAbR%t$Z9K;6?s#DLOeXo371(0a%d9?m?2(LM$Y=KrHL*1#IyAFIJ##Df5OC9y^yvJsvbNu;Mqsv31s`M0-vKl2z z6RUU_VvWMwx&^mL&tTj)H6F<8xI{{Sk?AB(9Q6K1$bg9-O@~MkxK?Oq>x-!f%FB^Q zzXB3P@sDP3k=vaL1|e4>;2_^+%IC!E=MlE5=n6m5y*!kh;s5#Z_8*A$hK3 zLZB1rM;sRH!B=||_6Gjp&Cb8W1#|`fX>tBP($XzG{C~HEh@_8QO;9K@#}V)$@ZK#6 z@KmcJ2GA*wJ~%WuA-)1L-av*ZfvtgTDJ>Zyc@4Ta8DoruQ7d2Uf$e=1_5%JXLNx~d zG6m4(`EQB6|4p}K^_>6R687f&S2uuR4`8q4F_UW;mpL&xpdf%q_Sk%Tiw5wH>Olj4 zKkOa+%e>#U|LFg;G)o-)pO)1F|J@Nffn`{5_BZO7W-0-3z)bQd$k+qT|MIXG@E@is zmHQ3;!P{pX{AcvQf42nXlA7okS*5)B=SIuR?Pw4vu%_239a zeZ?89dx-TAF%MDHK8)~!9z0J9&n=R-HR;3aI3gLI^neGW11L6eYW;z)ILP<*BkRX8@9+naJ8D@=&>6L*dgKs0BkyuC3 z7odqTPk@(=E*_At5#w2VVQyZ*Svfv2g%zeVf%z{VQ5~zXShH$%tZmWfQd&&KBY}yi z343bsT!4wsBu=6#W-uGL0&;U?lu*Qfw06gM*!&@*5gDDJLKQWAAjC+_KeIZ+{}S(mmu&Zm3P_jtzv)@A`o9^Lp8MZ!3G~iT;xQc- z#&Bp95LE+}IXO-NDi~CBvw&zDGQ^lynqQ!EdUP52-S*Q~IKs zO6{?_U=Ui|b91`A9UdMU84@00vkRYvvOlQT#cMSuV1h|r^Pa{PtKCfDYtKcZCEejb zD$>Jx)$Hwf6dl0$Mb;qM#H&g#Dif@%rXs7ZfDoc<2--0 z`F|Qa^@RN$Iz9jQne|VX=YK|K-1{%tnLYkryC-yE{{v6JI6S-`88BZFa;n6*KPWIy zpVW3na5I~ia`tSi%?95ic)!U{v~3(N-i--=*RW)pwseZ3q~4jCk?zk~88OGw_&?%V z6do(DDlek!Ch^gL;Am8;)J3eZ!yz9YE^{{fXWZeDJ^{bDccpMnL#;^`9Rlre7cByl z_2*hsOT@NBHT{4{z*9h-kM2R)PajeCQ%<5kYcLYCwG43@b9k>gA_ZctO7^O_lAWo> z?JL6*MORNBlS5Ce#q`js9>|P%ZAEhWI;dH$i%d+{(t@$E388A{?u1ks$;ioInL)gV z;F(mMh=6qq_0H?&1fMC&8m9rpihvK z^%Da6lp0H|7Mk)n5JtI(r9Rm#tfU@+97&R*>c(IZ)zlPZE)DVlc*--mW`b*isdhk$ zIYE#5S(&f~4~LVOiHu^Xrpd|_LkYStpPxCwWKKl}@Dacg5Hcj3?(%RTS5h*m_@eXt zRT5Q!q&sDA_Hn1yosk`gVV)1kWb-;Wx6Fqeeol6Jlg&xPqB{Zg;(-A>R-B)rOW4C$ zGpx=%aqjC9S$LQBZ~#B08IE+(#GRlAL%+_j1AvDX4v4 zp@x5&zUwONf&SlTPGGyb|H(>^z5lUVdftERo)Al&a6#DsL`ZHxYUU|j!L|hcA}z}C<@Ix3hGM>sR*ui5zwot2*l|(MZ=^6U znf;B742r2O5>IP`n~N|QqT-DWWig*47QR=si&qsD@&cl_EULVE~U^HnSOLG%?>kQo6C3ug4{LV^}ism<%*p zqrG_<7zZl`@GMHuPd_IF;DStb=|{cb!IJo-ddkDOc*=s|Z19AF9-72I_Usu!Yt^E} zYep3Dm7uItl=($>!2h1`|Gshp+SUCJM*Ok&KbbxHKiw19#={h;L@uJM;d&L|7WOrB zdZGEra1Wu$FalFC8c5GEBA_S<5SHi@oUKkV#1l+t47Oql3rKg-@*BA6GvXTrNRaKVkYF3Khs;>1{=b~$RWfKF*|BFGz1L!=!A zC|x2?ZsYkDD8~g_{dioOR)_%|b?^z81Ob4Prj>$VKh1?0(+&^t2qB)*#FeG_r8dO) zML1INtY99)$pvUuzu1I_$@ydv6Ubh2a}hNNV-Bh@z~V@f&xnzR4#@-%!9 zOx7hl7nC!>U~G-@-k=@@k>!m&1tKZ<0HBf&;)YTEf*pcCnCT~cK@l}MvVcZ*kYEJ# zr+i!_Qeq1>3g%GIZ}bE`=JK*)c_l7;%&=bd}7lpA$Lghqk^Jrbz5TQ3cPRPqNNpNhm?;jC<1wA z7!SD>dATO&jsYC28nO*=n!~12+)bEtk)|-Lw&6ajzV~v5LJ3`aO)Mo*izZJ-22Ce1 zdDj~DcYdyFH7g7eKforKB6w8^UiR$VQzovOoy2C|XU3eT+Ah)gz^ehLr-67sF`M^h zrT)tg*nfG5IsYko-)A>JG<2o^Yl%JoF-K_W;s3fNbZXYlJlgI_RNezW|NS8r{uSZ% zzC;0C>i=8g{Quy{9{BH$@R$7mbnXlz%6+JQZ}MqekM!V^?hoAG zW6%Grp7+1HC-l7k)${&G&-))e?|=NA_dg;^SD+WdDGwYgQW*?-vVkdN`9(?gwGz1< znD*e!3IY+kj08W3fH3sqR7!U!x+(zt2CesgY83(-R~v2QoFGKx{RWdxr@V%o;3*RA zo8%C|vKnf2QC|D^s;IUAu0WD}4)7=nwoGsxvKLjv6v34QePNG4T%LAWm}R9}UYt(H zlrd^l7q?Lz#8@i2v5226s^yWm7@6qUkpWs#}R_!(jOa2^rD1L?Ojy5G14q-QRd4l#y>Mr@HU8*#e4mM_`_Og|KnhNO&|5S*f|Jm!``&IzhCI27y{x8nnuFqvMX>5+ZMVQZowJHEnvC>(~RYmk}l_oZivg&xxj#3H+L>6Pz41& z(t-UFV&Gpn$GVgMx5mr=F#q2p|L>Ntckr*0H%WgT1?*2QL6u)paVEzINzHX|44no{ zLO0pAB$Tj53sm=#^7~i5TSnNFy?MNhWrT)%$k2aHh{gZ(JnmllFT)at|1*00zjsgg zCz0TvzGmWravY_Y&@Rl-b*>&g5E2;t`-J)s7ZTJPAcvRtfu|q3w$k6j2VKB_W?E*f z{--rNy+{AETLQEHFH)glBw2XsB3~lvU|Qb{5!X-T#5W{xt`Ma@n1pD3h;1Z#X+!PE zndJxj z0VqN(UY)YfkOJy)+AJ~2O0~?#om#PCJ!WA3fFhP+s=Zk3AXI-;al=r3ZfQJiM%vZJ zXj=|N-izq0<<4|!!Q)nn#<*(?O~$Jr$stY%P;)ktOMRar_EBH;Desg74aXS54x{#d zWDb+HkjbtFNkEf)@*QcMNc|1JoWjZR=O+jQ{ z=@S-YTmiusJ<*Ac*R;=$>8PWWMAUsM(g(x!^u4uO_70iZkdn9s+A&gFLCKgJLtbgg zsH$>DZeCt#RY|3RsF+4gkb0>CSA>cYDP02PYDVD$n>fJ-tFKSkw8CV-9fNWwLLms= zFszC0PF3Z|5=T+#2zv>vOEN7pjQ!Bwq^MkA?c~XA?J3BH@V`WvR0u#();OVvYAm&Q zf`FvK^oog?PHRnLOGIiityBr)ii}CIj}@qKjVw0u6~k=W2BYEkUqG3V4tK zsx=^Zi_jy&TXwWC?oPW}tr|tlg-8KSJ2h65$!P6raidtYxM_}`-`q00V|2kdy6As? zjujp;YSYk(wrY2aGOxI2#NH-qS`!XLd1R6Fn^=;8f^t$@Rk__1lKoE01n5cy)MA0Ssin;+*Fc-O8qgYGRyYf8P$O$gt zV$rpxBXlFuhLNF_^D|Ej9E#RL6HjXk2L5a> zOa9Zu^8a99{2x)XP;URs`?w9F;h(t&{eMfW|EJ8%?6h7eb07C3VfcT}|0P_1W&yRY z+USD+&q_;Ai_`zk?z#WzmSBW1ya3b8sBARw zTs8tVrD5*uJbTIT!m_lnnd0z*-27JOq%>DabAx*{m)0VTZW*1GUos|~Z68-uHfCT$ zY11U3D3F`p;w$ln&MUP#^Csy=x|@p1@+|q*qI_3*e!YK??5%1TSs!o?8pDkn;4Sr5 z+6NAwXwFC<6&}dfXNHFl^i{Ryn;TqWQ&rK#X1`9T&TncR;4zQOs?PJtrQ+D?EZ6w4 zjiWR2nnG3QRaT5?D9s#H$jg?ZjFI`R)t2!C4NkzWM zS4^5XKoFY-gngxB>{UhXL4yVsXSNpF{mmm?k|Z}ZM&uwnV z*G(KA4m3472W6CH=8wypm{*Z$E|V+y)(meoXU-4hw@ebfC8I0rC-EZ#?$M#@^wtbd z;iT~c8%Ncb6qfj^bQR474Sp$~ciD@pGJ<0RY4#DL8(POrsuQC;<5H}G0QbzOksA_*g*r$IzD7?kb*6hlIR?t=9^R^mS$_vkHwAvd({vuHxTQ#D| zHKM4&n{FK+cAJacgT{{%`Q}hjYkF37cD==KHk$`D<&E_ejrqU!uCz%}EM0%+S9qsB zOm&!5fPhGL@Gt;iDu3McobFXhiRm$P)=e%d* zyw9^Iq}Gn~xF*2uw0ca@S~G@RnTlddX{J1*h=Tzd20EN@10-hHj%-X(AvLplF4Wwt^R}fyHvzmg#$Tyi{qKFdIkT2znm3+e8Gz_Y6AJJ|vnJ)@eY# zCy--O%>Ge8!esrgfo%+>YfWTq#XDr6ci5HIVEy@oI%=}9)nv@?b`sZ|tSzC_gEe`- z9(RW6!V6(Qcd+eT8P}b0m!PNtMO&m#jeAqVt!tzmGt_uJIg$gC8pl1F)EP>g_35$2 zQ=-a{R+|J!8>L9wBuO&pwR!Z|_eg1v>m)sj1yIz{NI{fo!gT8UP-S>O9>enq>PGO; zP=wKF-3EeYfT1`gk2%S(Dbv(o!RDn=e>HP8c6GD_r`IrezU|HuKAB@j(@~pNGLq*Z znATBu1<>F;pqrz$dQf=uAl9irP&auP1LXS6~|3{id~a7V07F zDX5t0z!B2ufro*6Vg~hvRPCXSCO6w#JA4FgA+g(r_aFuLA;J>)IH_Bd97>H2-0!yL z>y54nfS9Dy32#f=qa-57xxb0Q5yWp+W4TGqC1``l_1@0h&JUu@cRRQ@v;66B-yR;; z)&^mf2w3(hiME?EC8xb+qX80~HrwvUXmD_>mbj*bz|h3K6YrLw66!sJp;<>Ub~3EA zhmKW00$|F5LZ5*{ff>nR-JJvrC#?5rVgYXK<811P3X+ajSputJ*BH30O_7e!~A=7lJz6F=eeBB5<0~yGUG>Z&jvGv2&3>x`v8Xb1& zX5{QWAfQ@!>Kfx9Z0wOCHPkXy?f65DWXbWlO%1e$4pGuClXE3+XL3v(dKA4aH8Po)@OK< zZaV{j31y`j&$@#sAbru=_Vw%IWDE*glSqA&g9jJ}%6rh$CTJ5gayKLu*0eozcGMqz!I4=uWBOURWSmGh%*! z7TKxepu5PSRKbwxOL& zlu)A=!Ej*9so{H6ooiz8x&_u<#Xrs|zvCHuz9Dwj^MinfyTbzH4uPc_1GLux#)l9w z>M+Z7)lJgjxaM3j2K375sD0gA*U`3=NE4lPAgzl`$N{x94!qa*TZgWI#DSLrTE`DD zvI}>cAk|lOdrEU{XNip#hX%{c8FAN}Q9VvNU~3LD7l$=Il(CfJIoYds7R%!d@JZT9 zX93(Z#;$bayV_hFBpfFX+Q(J1-`184gV)ECz% z=jX1~T`YpcOQ}F^>6Ym-{OY(LXu)K=tE15tfh0{L2}BZ_>~!3Tp=^76usG}{B)kAnWLoPn}=!=)%IpErbyd1C;aCXSc$LcMK`$x-tN z2|WUuQwYX|Npd76TfYv^G<}G!8p4pw=E$pejbQKz+vN=I3OG`A%n(e@9&2#+i?j5U)$Z8x@WC$82HON z7#LVH9UJ>j2Tlh|K8zYi2xRN}Tw!el0-AHHiGbWO(1^Y%9q?UB_O_N7c(OaB+pQgK z?Q~HZknUPr(qP+_bQc~4TFn}NGN zB0)H_eO#J>b5*2ew+=B=Ww8t*3J(ZiLZ@ngGCOpzTsd{Mzj0*H@ExQRs`OE|W!&wp z>2SFL;kBEsKG}|mXt+EFr|g;(Xh8>1Sv!Exel(Yd3a--Ov_UOad{=BCJvf_9Jr{2W zD@B??I$O7$$eFeU5uqeb5+;U8*d_pbxY}dEJO`=dWr5CcOLw)c@9ggil)|6g4R7+3cncah@Ce~r`=C(UoeoLe4X%D!-)qpAZ!_04xKmYwN`yaV||9cO)+WsdJsUMWapKpJ>k@LUb+W)VY>+OGLXa6B- zd`J6ZFnVkM_mDqo|ANr_2c_{{`hUCs@h;LW zY^nEKw%R{~{yxxG*pyF%Y0M=u*TV?~*vPr0gNm^^ziR562_Wa7+YgnI!m0lNl(`Hd z^OZC3&q?{~H=w;Y^+|40A!PnO74{gBca_ESna{IrhqumcRBE3-6{fEHB>Pnw%A!r^ z8=@&_VeDY{j1u~*!5;pIGyPg9u|%?d(A=GNh=H7B=;7jZCqG?!s0^^5P}kxjp^@(% z9*V;u;Gf;njP189!g7m69bQ%Hx3vEo^ZyGn?(gekZ|Oe*zc~MGG%)mL|M@Or6!!Jy zg>vJiym8st2_C6>eCLg2w3mecZ$YT!Q zkle@6P2>Kvfy3r}@bt zG^_dDcuamhyO;Jng=KhQ)AW0-V2~_GgKD{Hiak_g?@3{D%Ic82rlqvjJf@ z{eKVnP)W8Fo=iC4bXT)taG3edzJiw2gD5iNFlUzVi$!(yncz!_F!`kxMoyZ|B9;kM zJ?Ih*q=@5*qR))t{Gnvjtv%E(obxPnx=hXAdW&ovd7q3}j#1U{q@pRSYTPovRzzu&hu0d>YPzj z3viAv@zw|~+VsTr^5xup^W2wRBd6Ulj1$pL!N*!GmoxV~mdx*G<9eUSl6|~P_A&SW zm;{d(N^-(fdAj;+n2W8IuMey|&8(|_$ye-Ou2xI-BL7CaJ@r4LmqqG05dtZEMc+pVV+9>ZvWwd{PA__hek2>Xz z?J9~VLfF91KazYtVIfyEzZEgAQ8TlyR`3Uxv_+XqbR>sfXqCy4K|4sT}ruyd4J zlpkY+ky#~{*IQKcoG1#Sk}pW}gCgUZpYyeQqxP{(EHNWrbANft`r&H7ew%0Y+&!Ku z^MqPdFiF0u&zzK~!jLSb87XFY6Cx-xY+&s#e$e+fX6M)+Z z@96HtPn^R6*1nuB1DsZrq4VWxS9+c5bDXTFw4a0aO(y(hfxjv0SM)khk@GoycGmB- z>guymqxo*FB6|6z$j|gUITGD(w;jz*ZgP{G+~g)Vxyem#a+90f Date: Wed, 8 Nov 2017 17:32:34 -0600 Subject: [PATCH 05/68] ssh work --- ssh/cjz.sh | 67 ------------------------------------------------ ssh/conjur-chef | Bin 308902 -> 0 bytes ssh/conjur.tgz | Bin 308902 -> 0 bytes ssh/foo.json | 9 ------- 4 files changed, 76 deletions(-) delete mode 100644 ssh/cjz.sh delete mode 100644 ssh/conjur-chef delete mode 100644 ssh/conjur.tgz delete mode 100644 ssh/foo.json diff --git a/ssh/cjz.sh b/ssh/cjz.sh deleted file mode 100644 index 9788269..0000000 --- a/ssh/cjz.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -set -e - -# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below. - -sudo -n tee /etc/conjur.conf > /dev/null << EOF -account: dev -appliance_url: https://conjur/api -cert_file: /etc/conjur-dev.pem -netrc_path: /etc/conjur.identity -plugins: [] -EOF - -sudo -n tee /etc/conjur-dev.pem > /dev/null << EOF ------BEGIN CERTIFICATE----- -MIIDQjCCAiqgAwIBAgIVALqX0m7HrKhD4Uk9lFlOIoNydCp7MA0GCSqGSIb3DQEB -CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD -Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDYyMTUzNTVaFw0yNzExMDQyMTUzNTVa -MBkxFzAVBgNVBAMMDmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAvM4J/GIu+HH0ML3PL1bl8/BQTa7BCDDEfHD9spkFkOA145OQ -KrBqRXvNCy0DO0hNg50a1343MmN3z/kA2SQO5b6WRhO0XZAs/qJxol5vDwmuhYaj -oWfo1rfTZ4uWTq+/JsxVJlYfpgYdwZ8otJP5FWMoDjWaDRC8ERlwIVLQzDiHdgLy -aZLQA4o/jIj3Ym+PpVQs9ga9VvdTj+GJriYWPIwkJ0CW9V0fO8oQnUFeYe9qsFHM -rcSbXTR19T6TNPICl1VTTHvsgqay/xnW1XQ04cW1FCVH9Fo0FmDWmzofI4e5Cx47 -gD/u83d4e4yTUicTQOapSI89dDPIwVADnTyLTQIDAQABo18wXTAOBgNVHQ8BAf8E -BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC -DmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF -AAOCAQEAbOkn3UkoI0j2jglBN1Dz45ne+ujMfQgO7oCFYGwUSZhP717ZkLltO6gG -PVaeI0D4kdLZiGA2IJz4dn+q4IN5T6LhgaChnpBBJbTH5S1popBw1gjxt4YTK5Gk -MnfmRXlPKMgir/EbsyWXVRuFK7LmP20irQdDVTyutxJpH1zwuZnJnlGxPcYVk/Gz -ja+npLxBx0tdYcgI2mxLhnlSRjOdrPPfeKUdtCfr+scWKTFx3AuQP4MW+XjVxBNV -EPkvle/iYWVkbRafmQl5CIimvXsvebXQ2RA8x5Ghs6Y7XXGYRWSZSOzj91o25/aD -kpHAvc5gn9btn7Cc8fDEIMZt8Vr96A== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhjCCAm6gAwIBAgIJAKICRrRs6JwDMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV -BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s -b2NhbDAeFw0xNzExMDYyMTUzNTNaFw0yNzExMDQyMTUzNTNaMDsxDDAKBgNVBAoT -A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh -bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpmdcR9BVxoOQLSubyz -+NI5RINhVrVKtgaE8v4R/x9xZRuZkbwCL4XjqSO0zult6fUij9dz5y1M2ggfS46M -Vx0GTOZmxI719sgPA0xmurnEdNd6AwVN0Z30NrXHwlS7O5ZSYsynDY/2h1QWs1/b -zHQiSHsvcIWyCODQA/3ERoogqvCWVS9MnXzy4C3zyyuzoym4yQ/vF1lBNd54G43h -ZhHZnB0zSQk/frdkvQiR+N9XWFDic6Fvy8ptz8N1N9e2uLBxQ1d6L8JScobqFDmC -9wWWrodedOvjJXi1XQMPxsxYhqjO52K5nc8Ejw6Y6ACIJBW0fXd+7/Z1lRoSrtN3 -nPkCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo -b3N0ggZjb25qdXIwHQYDVR0OBBYEFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMB8GA1Ud -IwQYMBaAFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMAwGA1UdEwQFMAMBAf8wCwYDVR0P -BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCJ5ft3Ns/1EOw3Jz/lp+ZERorCbLd3 -n9UpTMzJmArtNniGzek2UASrcAyfn73XUzuTdnDvy3e9vzFfjPVwUN8OqKS3tEN4 -20GBHznFOkiv5eLfJNj4DXwKbscDcr1ZdaFfFGrfohXbJeTQvme1CeOUkxPLso30 -z+28r+3027kwY3vtRwoEwZ1U6QcILZVmnjfVqXw03YmlCAFyBDkOnS2fvH9g0Kk5 -l1Gnau81lfhyNs3IZs6BJQ785UxryEJw5ALEx+RGvs0dpt1Rd+T7g7su1kLoflaJ -zGq+0kYcz/2/lmD08iJhmDOsKztQ8GidX2ZoQMgqQ7/kNMNmFxZxVAwY ------END CERTIFICATE----- -EOF - -sudo -n touch /etc/conjur.identity -sudo -n chmod 600 /etc/conjur.identity -sudo -n tee /etc/conjur.identity > /dev/null << EOF -machine https://conjur/api/authn - login host/foo - password 2f0hya82dg022224e67mm3c59c1118nxdcj1qbrc7g215539jfy57dm -EOF - -curl -L https://www.opscode.com/chef/install.sh | sudo -n bash -sudo -n chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur diff --git a/ssh/conjur-chef b/ssh/conjur-chef deleted file mode 100644 index adb5fd36c29bb20a515d239611a8888c1ece36df..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 308902 zcmV)3K+C@$iwFR_qkdNa1MIv9Kvc=HFgyeaLyjUK9FhcK$QhKJBqxzP%nUFv%)kVa zpeR8=RFYr<$r4n8f`W>GBmo6fK!Spp5WxT{f(qZ6VQ_Wt?%n&o@7{g?|DL7L=X9v5 zuCA)?uI>W@hYcd(6(RpgP*PITR96Qmsm6M$q@uQ-QUOp_(Nxt`S5el`R0WijRh87# zAb|RRlq)Kb2t+s@WCaO6ps{~m53J_z|4;Bx`|&;f{|O-0#~+5oA%anObO08INBz5L zfb!5#Q~UGrS5{H}-T14kE2}^NrGGage+2)_#~&7eCPK|oA^vC#3Wfod02+kC2BWbA z7$Fb}^CMxA7?dJ39EC;V@QP3bS`kMghLVU-vG0$H>na2T#RvYV=okE#V8i}R zoP3;!{{h=4!#}rwWi=%wwcpvln!1X{FZ=(SfX0Y~RE9t}!AB;@dJ0MUJKrUukBZat-;meW#G`XAbGQd5AM8c@@?^^}HM zkCvL!Q&T2t%1KQDYHC1Drbn6Kx zdHy$r{OSJx7yN=>@IM%6=uMnVj3D1P1pff!xfTF_e5rL>HX8oPLV$KXU?>3jtsX#4 z4XA0{dirZI@C$yyFZcz2Cv2Sm1)z!lnZtj`U!VW0DXISc{9j2``Pcd1-vK`z{S%_F zM0g|ujtE3S@gzSS0v8I448cI^>+|0x+W7Ccs1e&{##e@0SbYpio#anh4UwDt><=^8?4g zqCn!`X>KsFepN+L4u%ea2cV!(e-xZZ!lMX^cvL73Pb7T5tw0DxA*h*@Zv1v-f&56V zt@ywD#=?gEZ^#{#_`jXTU)aB@lBUYBXs~hDSg1y*40DWaJQ3>laqzdF4H|emL}3(fYc7KIvy2( z#$j~;5-s98Cb5|JXZF z&Ha6%QFt7fgM<^|KA~`8AefB?>to;~$Vv`)e_2sKPZ+N{Ih5349<5^Dhjv5>iFWAElx3f1yki3V%J& za4n>&hBo3ahv7Q~D1n3~qJFXrB+4I7!VoEK@Fc7c22J>mK>>6K2y`gQV|{|r(LrF) zpw4*xX)z_mBmT4k#g||({|tdYIsjY;tk-}OL4V;#qH;_IYDMZBC=Vpa51JVDTMpO? zfxv+y2I@BnK??Ds2zCQ7xBxWv2bW`PXKUr+=ws;OY+>tTZD($2yWt8qAQVm@MBwnq zKWk)YZ~2?E+Gw=V4>;NF{j0peLqjoWil-&vF@HeL-rm~M(AL=0$Hme5_goSP7#{=* zPel8p5pW_ntm40K?&M_cV{Gc^Y-wg`3_4f}0`dRd%clP^u(AFFr^+C3s{N19_^bV& zhQ{yjf2*l0|GNMAw}9SGaAyR7(*${$q%W=vQxXSISOgA<#s=t%yEvOEXo>IK0o9}G zhY5;+z@tOSzG(-PS&uvq>{wSJh41?`h4l0e$TbJ;jYDFq4XqKz>&I z@x_mX#vq-*tsD44eKQ7|!Ldkk#&?<_FnB1qxP-$%KMq6S@F;MX3A!*8(umvw^&5Gx z2^=3lBGV`2e+x*6DUt|y zMRG_6g$)P%;DkVOsKz-EO#s0Ea4g{HY6IA>DA^{=}fRl*05OBGI z0GDS`;4%pg<_4kwvOR#9kf?AJ1{X>;H_)+!qwzQ_<(U+U!vYATH0Wo*eIkg4+y;pT zS9L@jK8nnP85&O@0ud;H9LGWXM*%nz9z;g~>mUI=GWs1J26_Rg5CV$0!%Lomz+nBA zvOp#CkE2)(93v0nv%`Yy`I9gh3Txl15J;iqr7wsx5QPW31#SQVLLit!sX-ujQwMBK z1{5L?2Z)0*AZG$9Fcp}Z!MXv713Rd~f&S1*aJ8*3P9~=CW8LqbQk>jN7cA8&Quz1B zVKBG|vP>{&EJz&f4@BWeKm?pzjwAbNvLMJDP+c|r%WbBiJnWyJvrKpCd21XBhGC{S7;rC<~Q2MBO~P}HC?kny0x;TS+%QijrF$-O@y zjD=BNf2I-(!~i~&40uE^pkM|Ar1ys6!C?i&Jv=}>%5oa&>Z%&sB~|29)WJkm98d^A zfdy(C1?uYs8sdPLmw2o+0J0eq1MH;;eqHPomHa^g!3{td3DgBpNr?c49CM(k>K}0@ z55WDv0i}o)R8KI4iBmA+QJ}BI0?Ob^>`y8OZXZw~p%j^aSLhAZ`%#P66_%`5cw7jj z)(@p1LP~7)yETFQfHldSf-?<(@&{Mk!X|PZlfcq0cg;G#J;8CEu0AL#;nR#$C6%YVQliUSA9H{&uIB?p9g6av5uL2Sr zNs5k8LMaN87IrqKlqn@v@dpkF;^3}h+crRf@UK-@l>FJ0$f^OQFb@Epu>VUOU|X_* z`}hQc1_;XF&(V-85ELo$@Bu|5E=P_R;V2s?YPbE#jn^^7ic@+P`42gSpK`p`H>c!I zP`mKG2-J2Wo`j;5`=cqeu;e!qmh8{gt3fHGWn`!p33BD*kAVm1=qtwpJM;k+Kvots zZX}uzih+aflI-sy$fUp?BTz`_I^iFBAgKW8>jQFVIgl~1AtDe3Di2vapyi_Qa0C$@ z4!VRu6b3{1jcdy2%xU&0FpA~usW!g;3NsMp|V2}bo+`}(AUaJnw#4A zkj1)DCjhVXQw2{f*&~4-H-e&zL8N`CcVHN(Qzm#zRf05CHPZDHn`<;!iyP`nQPOvy45C!t- z2Qme$n-7vQNm81ST@%@QK?`3uUKlxM3i|QyrUq)m@AaMH0e_o#%-|p`ij$x=AtU{f z7ir18Kck41hKa9-XEq!i06IFbM^K3k&p~Ez{Uio2zi#Ux=zu_SH^@ccbV;TMRwU1X zRJ|tv)Kep}+JH*F?xn>5^0FCpvSfEgUP=QB;Z)4PZ^I4tiBkK|>&5`)j;8iLcJ|Je zcD7FX;^KhkMkP;h#6tne4SS`mTK<6o#g|KLcsbx_wQ!~?7N}EzG_~8(WY`{D1QFW#q+O-_70Q0RHRW|EsI0s{H!?|L*|m_#2_{!346- z{wHYsRs2Uuw#+If| z(2YYf==$ju`B)rAdET&no%KBm)ZEd~-hzBb0Nf(WsKJzA%CgY)!z*wjOY{LZtH6|%WTAghNGXA7$bP2_$SA?oV5;l5D7eA)N+5cr^(+D*5UBv}55mz@+&`2> zkwSjX`nj?)OnHOJe?UxWstQw9Ccpl756IsPRQsnyykUgE{|Jr0TK{RNYy9K+&oBG` zTR=i=eHR5M1Of`ENGOz|30R!I zyO5@i*GmSKmiTzbnzj8C;9$BI3Q`i+eGpEeLNjS0vp5e5++@E6^a1X27} zKa>P^l#=zw8@T^RpxVE&g`usvskNOsECl&)r|}o_zp|!==0C3gm44a(-vJT;Wy*y@ z?%H-;sl;$PqT*?>B&a0Rj;f`n|m}xxF10_ll<>_@7m+rwD^W$aaSTQd(4h#Fvj%b`HH6G+2o8_> zjXYT25fy>M2Y;_fW(5wCg=02^^!-B5IvG`%8kvk4I&%FQ5;?+eLb-7V=2Bx-6akP& z1!N=;het=FkmO5}1Ya`qzKXce4bMh)_`VcTqTomX=MNT=j{qq*t|?_3G$~qPjKfop zIFKkJ`3#UMvmaQXR#(|zk=*a~`+$H9@~3g5-mqIg&_g3O#!z+xh4KapL&~K~z#5Gu zMQ)tXZB(L2+=L z3nqn9PnJOI0a+kW!{_8_5FAu0o0QW`3N1J&14?58Xc^z_pQ;k%eg1#f_a7=sfAIZ> zrs^;M|95}{U{6{<#2_ecoW7$`R2NAI#F4<2o*xQW*A3*luLV_(65ghm11XexqzbAs z<>VanR~v6;=S#h zfB+O0g{N3Eg-1XFD)EN^{r(pWp_ZUd?}TD;fuMnaRtrT15(7ygegqiO59<8=2}JK? z=;ZVRLMV&?ClD0YKYsy>O-(GF?HrwcCQ1Ifh4PgP`FociK5_Ab2SXiAT`ip~?QEgW zhUQLkP+|zU)&sr0k3S|V1Rjin$^G_B{-h>^d~6ThxDEtTM-j=h0Rb8k9O4fH{XEEo z1Ym4uV{d6~Y63|7zUxpprF(KP9QYF&g&^}oegs8G{*3`U1Exp}`THGIBuG*b53VT{ zDc3uw6VK0GgGInWmxG7G@MH%K{r*eQA04^=g$>v#uqBvmd~-ux;zP|za6FPcLQs1= z4ncV!3)tA^Hxf|FpBj~;d};>$?RzuIV+amO0!NqfygrRn9)CNP0HqU-B{%kq#)IU+ zhrodK6wD`oLL>oDLRf()jQ{U-1o}O=1^qe9_1mXK_|E?m`7>9vlktjTcm5oZ27jVqhi@<(T^T~)@*T1d$ z{V;8Oaz!oPkhU`(9*+K*J1C4u$)tQpMZS!K$Atpqi5Q8aGy~--_rERT@e6*0jrkvg zf@48{`5%b@{Z;%&MdSB>|5aT{_1F2&-vU3yeNco z(=%&878~XWTfVSR>BsGVJ%g=(#?z;C`(pj+)*#YupP?Za@ZUUe72CSsVOjC)e1)@| z(CgO+S2aH4N?l*xT;LiS>l|B&E_J9HF)eLsXm(vb?6wwTW0h~n>mjDrktBL?=MGWi zYvQ(+jBf+`*Cg#c`fm;$+sVVO7qj|0cxc6M_3Ts27dN+lSaF?T&65#G2zkjI_T3%nW7=!0U51~vEn059+<&94V6A^qa#7TDcepaXO=!t-^O}!H{pu5v@>>6U z$;JIUXTBZyw6=0^b!Tr@{{HPpjjyOD=SlN1iqx)d{<@~B|7v-1-xbp5@QAgUkcxnv zUR#w!jzq^!d>yF_K5|5CWfHP_bAf0hu=X{#e=RdEYV$ZZOM+RP=bO2nBPLxRg=zLP zW*`o0apntk6vd*Jy`;JIdy|eeho1j*{AyTRH(LxB(Inm2IF&{yHSQ^{=apJRgg6;Ucu6=ZG zL&xLSbnmNPuEguYP20E!3nn?*1l%W<&R^w8(BD-4vOOoHgP%7>RQo}TOmi2^NJ6-` zbNEoa>j3-8!|{Cr6ITb!S@0`d#7FND0<@x>rQ6S3YvyS>IvGw}lCxY2>afadI>dH4 z;q63fH;q8;Ub=U@Cp)ZaybAAgOnGqn^}DTda}B?p@I8K|aF@$Hx2t(a1(AU+UGw7U z^V=C68N>E-9ln-eYD`ZLdnU<5uyajNJ*1RM26>>*0ek02Pu`iAw>f;sFJ zm>Pv*t71b)c}Ph|Cm-&F6IWmbX&g*jAaY4X&s#XJU` zZfTZiqjhXsiOcAEWpB*%d`fz1Gk>Y!MOPD+q)kDWCA3@A=#p78Nb^7{yz_qZ{iJ)n zbd%puzI`dUkC4MLU9~5b+%yja8&}cJwOHMAPz?0&UTYek`*cldVm>$w5fx8gs_{X< z#hZUS{_4o^CJg}#s2DasnVDoCu62y%(Gk<_#PhGa3pkh`rqYCa!Q~X`IAr$SWW4Yu zTwnN92>p?>Q0^GR1b$ZfqYMxBK++UsT8`X1MSH!l>=~y_+VjSn;>j`#1*6!P-t@7j z?sM+uIPSbu;MCeT68 zjaP~h54GiZwUzVIQF^A=^kE{L6AUudsBdv=tu2>G&mofg`Pt8Wt%N+Isbr6&@0EHL z7E<1YmpPmesBe&~fuXr8*W9S@ju<)WdB|cc^Y(rzzw(L%U@YXEUF_&0f^kIY%9f0p zfJZd5Mw@x`(2|k&>`O>XchMY7CI>CDbD!OXa!NJqtC$GlxNu<8QGOoqHJ z!D!IdQHs*>F4qojJ08vbyrG)0E?-S#=JPJ>*SHtW<+U`f z)e(~krHmdo%C1RuU2zw=(5%qUg8jH+y2JPmjW1XK0pzJb@zDLl+a0D46z5{Z0!`yM z2aX)vw*5LU!ncDnt#6A|Y`J7?xr*ULBcmL9@e>;OE1exvyZa{MMiUeE4Au;*IYPoN zxbiucC|l;f^(Y*YD7l*YbRQ2Riy3gh#m3h~?I6vo)Hs2G7pKyl1-t|d<^sDG#5-0= z@;75SuAO|Oe%ejBrEHj_2e_Xl9v({)4s6pb6XJL(Y{m@PHkWa=uBb}Vcp-L+Mcftf zw(VWpHLPB%9S<>R1LUR~668haIy!XX$iS?ECmhxX}`1{6u&wAKA38`d`)~~AfS1v7_ z$0ZXqp!5yOiHN$~_M;8~G^RrbUoZq`Zle>qAu}x3o`1cZ*()BUCTFe`acCOVuRgBdy^R75xy2#WXdSxh#l3op)05V9O%9 zvHXGk1^4a48hx%qLcvT{^GEdsSgvq5c8@>3(rqMg{G$5o3033D11IA@$;HgLUEC~H zKb+-WRquRZ=m-n4vS#rrKV0_E4kixy8cu0u#o&5BmZ-j|yUKC1vKN$Z0ui@{3s{U? z1Xv-@{F_`ZuQD5-FwKw>pE_S*CJym)vO?rAw-7EcEvoo%Al+>z_b{=@$~AbEk9-V0 z7q_R0XTY<#^ms{WX2|_#1}O=ZlUvrBu)*}O+`>oAfPBxjy_|kfv7NWW8V=sPOlC-JA<@Jrb z>|=BjPZXHb0wP1cp*|i&G6^_gRHpGMoXtE8`ax!GioyK)t?6T(IysXc4}7jqNlcb3 zE~pp09Z6)k8r4EPb=h;D(}^Pz6C!a;!#t@5m9vKgIMox6-(yivbn({YCQX0Ykr`vE zZw0SXYj=T4)+Tp#&nC1!x=~09WEAT@1K4F}Rtlc1RJ$m7T&eD$0mrRmx@hk>E0)bK z6Z4<1e9oPf^^`P-+H{d?G5J9t^N#BxM6S&@SKZl3q#I$iY3B_u?}2q;zl^06b6dTT z(v+dAju6sDz6M zpQ2+Bhm(oB4y$uAr(40y_qQMT$b~<|E*B&@VpJq+IeT7VJI&3*R$Lu7iy9b4gl$Xa zjgHg#Lh3bg%6L#RH_m#Cy?mW+kVtI1>)2+ZawzH;+$oiwNtfv$(eJI@r{_u#zT3Pg zokUi)0nt5&^aC&XDoUN=^^%*il9RNVhK;>q8&>~7>stLhoUt1*l|A4n)>Jiocz{+s z^?ctnpS>f!?Ne`DX8X4m!L|$c#4;XsJZ{OkWvy|CW$s~VG%S~CGh`MCv9GK-m5e(4 z=78tK@yxk6mQ2h*-Q-#*9`k{YYd?>scY*2d19widDr^!FFfl8Vt^tZ6IcDQ+>JfXN z(?*Hkmf}85SCPt6e)Zw(o|{Ejh+BKf7Cvv$z4|7GMcTJ>>Rl_i4ETf z+4a%ul<}qzwk}_Kwffm%K}GMo4YNwp)jE>>R>o52`KNJ3MTm}Ldv2|m#dZn;(j#%F z%{a97bKeY+4mt$O_;MYxJZwy}yM%;!I5=ieSLb@6y5CLz*|XU_Qr0D0pN@M>vc%Ed zN{laQd8M0wHR0m};e^L1#~WwrjbFN6r->0ruvH1J&#hnSDEquc$z;}3{?yKb$)o(6 zyoNKa}sCboiBXeq4kPpJhDqeAWFYH2A?}wn~2eVNRM6R_0jxkGs+CW7UOsMRY zj6%1FIQMG$iBoFj8Z^4WLLcSg;*&5~9g&6(frHU>JJ`5gh?jd@WS7n7)6ZL5HjHq6 z!=1m;*U;3>LwCM5BKQ%Vx7k&FQ`&9J=oG0ADV?iI5SnpqKW~+Z&KX%Nof}84c%g*$WG<_xjcjmR+H%)wX`N zr|9C7`O46}=LR?KV9Vpq__T0GD?LDbavCfxQGZPr{RVzMl zmyaMzWy0Bn3IW0U-scX6Pi^+&Jx~*`!Dah!FV80?8qXfK&yJqcNkY0dm;~>op$GD= zvnFTu=)7)3%Q}fTSEN+BxD4-VtoIh2#)K*F`Fu!K^Z8KMd(O461IiqyX^aP@IzDK~e=c?!gj6tfq|rOyfz;Qo8rhtC ze2FJ-O2)w}zM`AXydKNTWlYL;)#yf4KYIEomehWEf<;o@T(a2g}NEu(Mu5|HG;Ib&%xe( zE^oA|60e|ZmzrLgGAv&JJh#o}?IHzfn>8*XYFaMi2L}n6Wv(jV@)+8=+ZVV-i9#bH?k~#inFkvhv-Ua>qKI>w-2XYe9M8 zb(PLkb)F#67X8y(gd}!d$SJt=aPR)gcL`k=51tD*yEc+#TBcQv-oG?R#rPAvrnd*RUeV>?JhvO(;NyWDdHCqC8IL5wRpg)&BU6_5 z%c1D{yLgxaLw!%+P~|@L$iT&-zWz^s}u65w}j9tWR|?drOd2r*~D< zd}Q$?g{JWFl3SRak|I~GX@m(M+V>J;gO%cg}*y$ot{79;5y z7W3{w=OJtv0$esUu0^uP3}9@PXIrWRKObR3?7g4N@Sy!uXuFiQh&uy*@aXoWDy^zT zh@e~P(L5!rxL|jo?Srk{V{+VT$On1J4Fqk8WV;r>COK2l4+6uCr4zXt*OqVTZTV7N zeCtxyjghyd(Qi{`Phi$uX!anxSA%1VYirh`kG?$7aeUy_0F9-sWnay9Pd0Zc-}5~f zDa1<32L?duv8Ic=s_C~L1;xPQdw~)ixL_fBIREQ6$3B&e+XBd=Lj*5v!I>{s9)Ey}!%>S1l) z=6Y4~*(cviOmszFXU>T89-gEbVG!q5T6`xuW+AC@OJ>@18hSkMMA;UU><+&WeU|}P z3P(BfTq(PCwterX!YX=c^BP3gqIj4nYx}&5fkrY{uc{_2mAw^W*ZDrQ#^R(Bo%^O@ z`J*{-(bD{itjmy77fS@QKjH=kQBNtE4Zo_}}?2qG>y2*M*1~zz7G&t+} z7Z%F3vN1fC4Sx%d%TBrnOeMD7MQ89dr7wsr~rARrVx;hbY&c z!YtP2Jeg}d`-g9cx6bvb(Y*iZ#>>B8F;_Mah8d6nX7FohrMyR(IPK-={ z<+ZzgjNQQfve_r7-JYp&EB-G9GdqPRBQlPUwmQ8YEPeFGJiT7jk>i;@Vej;1#!0gm zX%_--v@Kusb>%q!WpH!~(ck2=Ojm1&Ua97tDm~_)bbx=yyOU;X+w1FDzfG1qSAjwo z?#D&x_1?i1p@a9SD-H#{yZcx$9hrYC5$Va{9c6lkTV7~SiUd+76X*5?e3#tHY(m`$f` z4_|h0*2#-??z?QKbv@jD?3AR0RdLx`96d9Q;OSn7rZwn-v8Fj z=f3aDEFTN!cF)M9y6v=;L$LClDlD1K^PieZXP|6x;+G#enD%N`K0YpqQ=8F+_d~1m z+=RZQRkBDnhV;)LC^?-SVjOguC&eS6GuC8p?_99`n@<<4KdQ#NwLZm4hxANOe2ljc ziSqHkqpfJ!E~vxo%J_;)G%4MZzUO`5q)nS!+~br3qK6KgyKem=@uTBQSIiyivryyAB&kk@Q)NBE`Ne_M#&!}lOkLzZXD+0XB^fg&GX~FjFvXk5X%?S}ElrVD7(s|dLz->^Kn>9`R`IduP z53C}bYoPlji1J6R?!E3(>yyk4t`OLQfb=x5$=wPRa%2pB@X@kA{!GwJ*aTImyjokr)p6u>%;0#aaX-j7` z_0CDWW3J8eOl%iR4Rn5a0iQR1*CqwdnPHkL?2w}JBFD8q@%>4=qa3NYW0U;*AAW0; z8K-?-LW*CQq8IMla^v2i3F8~Bh$XIA*}2E9&C*AQ?C-zY;jaI|cr!oqsFZJgifI~F zMcVWhgXVL|#ifS{yWJvc-$!gu@LIxYS%0ol^5Zmfdz<~GMpZ2CL8R}_!$*{#(qx6) zy?UA9rKzi4C}u=Z-^8C?+Zn2J%c6iMJfzl8NB%~;*~LJC6``7_(Uz5M<|kx?Y+4aj zoCn)o#3WbMv-g~e@W#$|;7^{24y@Wb+KITY`p&UP=EY{ldrF6oym>C?cOj}}kh!g$ zQ>LPsGljOfaP@-kv!!%otGB`3JAtg?FL}c)R}S~MV6;~gpu47D`a%>w-j+zj^k+Nq z#gs~MJhQHrb<ouc(Lz4Aw$_36%{LfSOq0f)+QdyaOeV_5wY`PX#+vifw^s6i%#Igabmc~Jg zyF8h$2FGH%vbf|gJ6ZYNHs^VvgVZI-dL61YyawCy&dV=eF|1kfw)%pjQRYiAC7C#n zY@Ryc?SZ7dqsvwXSx_1A?5#en?BRkZAPa%MQ_fscrP~hy#sqOj%TC5x}wT zRT@)l>6HSJp9f`pqE+ouZ*|T!gSN01dH#OtUhs}%&hp1YV?(w zk!0n=oABJM@j0(I*PPshI_H`GTwLwg?tM4!XFynFmrh2dcN`hwJiugXNRY?hN}IT7 zw~y_hK9SbvSn~_x&!0IJ9Hh*{j>?U*Sin_|)#ROEzF0Ty=si+)*|0A0ZlObo@2)xD5HNd80<|)FI{8qTwJXi!v$|v=lnc}(b(JJ%^V) z)D;+4GButFgw0H_Us2h1T1CepNLC87t-uCw5xp(vASn!e-%t^4z3ccy>V+?Xd=__r zk~@Mj939hvG#5WO(6kKl8Km7P>X$k2>7>uXn?nsL40P_OQl1sh^r}tJ=DKrnzI2lT zk1yZBsAb2!Kg_}vLDQ**FP-R3%aV|hGkR=(zNfkk8G1rS@Fo010Y=c0o$i!Tw#yc(4OADE_g8I7qGPitKg+)< z;T|it((t+?D+jOJ5Pok8ca#~-vqIqMKG|vc=g|7UT&K_@M7+7`d zYMi-SD880H?H+RYK}3|qgIiZwoeghxCo+w%SgF);6dPE^@>;Ql!^FG8Pf59Q>?%Y=N_LIdE6wS z@sasg$!3XWrL@8)?P{M{#EX=E^6Uj{wEWM%hGV%>zEp-ze=2v=cql66=X>_@EN4aW z*SOwmZ`qnmb06Bvl4_WR8v48WKbKjsbSI6kRnEyjUb?^g09i z&h)}=3*iWSJ%eu-Y3hC#`U?hM~?=n z(v($Kn6YWnH$5wUR06%~;Ez*GAIdn?(@>UO=>{D{%$g1^RLnkoa!UT2fZw_7=9HNu zTV5@=Ku#M*U*96*DmyBC{+)dF4b(dS_qb{U=*kT#rls=Qn5^EOM> zHr-2bX&U2NX{_ZE``~z1eh|IAuK6lnH=kgRseZ~B|K_-!snr*U*ZOR3Jv8YedS)gh zUDF)h9YATF&?b>9tZtDHx5HQ7EtWoLOEl#4IjXNO2=#WBS$fkuzg_-#P=lVnFMl^% z*UNZo%aUttH;m2o8tw}c^?mQ_JCwr@4r=i{D0zD9{KEcrOMR6xfdl3rN?D?ZdF|w6eo9%SdyHYjJE?A4We8tO!4ZT6KTe2D@v>t}@BuhM3PBU*( zILfLl$#zNX)_W zh3#rlQ042B3(5&bc7m)ibPPJF_NG$cUVkK0i=9i~P}so5IyZdEs@B~yct=oTz=Qn$ zV!2!wv9>z7cPQHf`A`U^Tb46e?G(b>O5S$V+~Lg6G+H~mB*cfzMVCIcTry&X zy^`&aXRd6iWtaVUv0|q3s|Tj>kw{Zf_il61m$N11BO^D_Iv>YdMxK~vP2BS}-h5SA zPWSPc`hHa{K}E%xI*$m4>xOGt2}7+k{)ZtQa_kC{><&pR%q@~eHwlaaiQFC8iv>^7K$Aimy;`tvI{N` zMh+_7TCPmzXoeO5H;-t=tk52kmh33!nqfdPNq+R-vK4mvOu7Sm7Gsc}#{HT$(Xst^ zorIorNO4G-d*u?(oImNzBmt$u|ndR*Wy|O3;24@^F|ZR6*4^f3@&oz|TlvQ^-Y>X0PY0%uUVf!za!yrz2<{2;Komgd0Lf&3-%J_Wkq4*=nCfaj8r%(H7 zCcNM4!7WN#{q%$=dz@S{PdaaI|K4{_+Ol5q#a|qSF{e_tZ}-2wpMG$t#pq5bi^9p+ zxOW+uNxmgn_w89n%pkzlEr$T)JsSF=P*!maR(EFd5Ozt9!Pmg9>f}ZL9o2mAT?Lfe z_HNJ3q6<7slTt`@?timqp|?_HnV+{=Q1#jKb6(L$Qd6W&osRt>7@N?5C8F{rG^L&yNJWQ z9dB>gog&4q_6O`v&n4F9lMYWD7-HMHLp-kOx#^Bbm0R)I#gU_zV^7ePxSRSLSu#Mk zDJ*!L^LwkN=#9&JlXvmOj=8)Wy3zZ$?ZD)n!EDW+pU+P%=BbS(UcD625J6`A4=*+5@@5 zgYK5Nq$VeE+T~Jx5&mP#C0m6g`#-iX8SI!?3ywt~!qyfq>5VS$W_V+_r>pqu8vo*& zyj}F_@i)u8{rh9X)?QxHd-}pBRp0I)BgfgbBS$*@zU}N)4Ow-VP|$`4=j&|yvgRuE zx;`j+HFzi*g?O^|MYuoH!cXJL^B_xzOuB!!D%Nt2env}{<0I>G70K??P2g#5W5k>B z>UW$=``zB!`#Cl26DWA{a`)u(zNOuh`#uI?%pi0JuYX0+mOOm3WNR|;V3%O_NtEyz zezle1dPCa;yA`QT(#KKqXACvjFMO)!na+dI%OB57(#nn!c8k5r?DOC)uZ-#~H{h8z zkDy5A9mu5Yc{$qrclutVyaos%&PbXFn*Ak)m3BP68n-=nU6arl)HyFyv{pr{qtO)_ z!gD~se9P67O)TOn%3bRWbVvTWGy z4+S(It%{*fXLPw!*7&rttonY{uz`rP`s<@zE;c^rc3(K4S3Vn-tSR30VVfT0{b%}; z+e@*pD(^ht8bYzyTs&yUn)O0z2zfKDJjnUU$x4a%$Ay(Lq!{(40c#fv-3yqlXY`sg zOCEl9kJe|YpQk^yKVV8~ODB!;T-cPyLJn>AT{V&H>qE`=vJ?n2$a`Xb>4V$NLK zQGzCOQ~jx=X9`12#Io9g2M0tA9TlT<&JY(qH`&hM5hTAZ^dEDx3v-;$n^+!2wsUMNkxd@wj_g*p$t+B}^ zQQkPELdT5%B!j5Lqr?X0GfrkkwkrJ$4HZY^lcrwV@yJ>6iFy=2L0b+9yhT4enf4UI zp67wcDQxGR$uRYgvs*GQEkxYYdMNjWw;O47(x79+fzzcSY=9eQ{<*}*G2L;`wpREq zeda^n_jc)7irnlRWoPMxuvLk}P-RH>oI85#@*ywMYth_Ah3!Pbp`FKY4VSy8{644- z**{&>VoEwDy-&^CDP3i>)9BKd11}p=K9^6Twak)g4OFgN7CTRL6nqx?sW$!4#bL9D zqwQ)R985dgx-5kA$Abim(`~J8iQL`6Ue}Oj`Ce7WrKsC};q$!69#$1TOiwwh8!Rg) zXs(?0XvybNxD6dO~ho5SfTC&h-BSwz;L z(-AFq804&`OwdII++A4*L9=1omh26^P(EQF)D$McVpH8Vp?k=w%UQWMsrQW!>&G`c zSZ1)(f|h%u(7>HR0nk8H+~$4CS}U`;eDCxT%kv7-1jJNp3sffd@m{ zNwi-1zVxvIN9HYYC(md3n&Dk4CympKWP3G;;?md^>^NL$R)Ma&PmSOCCS&n{5sy-v z*rGlgEGta7Wk&95J!8xL;to*~!y@asvbbX~wFc;QZ!hm{M{2T0)CPzRwFBbSmiLEE z4po(*AI7(I?XwwC=ju+V96e+=+^)E%#WKe-^fE5*U@1@1RB4@UV#?95Z5ENDY!3d` zG{QBdCo*!kPFOX+j#X^MLt8yX?#jBhFU?xb**Fv^G%M9US>mdRuo-X6C_igup{akG z1noOIRCaiPty~Vx>!}K=%SDCTr%kFBi`^IegV%2y3!b%=3(qDkZq|?Sg;HxT| z__7{9t&)3ThmFfkRj2cp23U8aqqp;%(>SV=-*NB6*OOS+g(zWq0-a!^-JLq)ipYzm ztKxN{R?o^XjMEWr+*NZ2-d*eaX7x^`)#~;eN2cb*bbJLbzVI>B__cQ_(_Q-&fvcqds;fh}rDxc&j2+9CPQzDO$xruGb?DkaMq+x&jGZ)rVf%zvr_5reRj0x%EMM zS?KkgcN_%=9>60kY+7%sLQ^Ggy>x2RYixL?`YJp>!EPUS$V*!Q$@ zl2aL0!uO_G`A(Mihw9!raJIc*ck~hBLc$vuk@>7)uF_56>*;)J1$EO}Yoe+}2Iw8{ zai_j5MaLo(wy#|n+Pt)LNAIQVU2k-_4%K9ZV2gGVVU2V2+-cYJl-4X1pW;;Swoh{T zzLGlgnW_3Hk=v|%afMkirBOdIxBYx`+e6UGKdzTikpy~N3P znJ1>TuV?p$nOw9;eC9rsd#GH1?T&RHEKbLmxAF}8l$eH%U4l#4{7Sg$3?`Lu!}7e~ z>DG?Q)P-8hK~Zb19yYiLFvi#l!CNhHpQmLYLZ&^l?JS)?W6NuKPL%y>K~6#X znIt1aJT*vlg~}(_6J2)XKJL**)*Ij zda~u|+b;I=6<5w`&|41JLqleCd35xUbNbB(UZ!fx7kA#ke7aHNDnQ4pzI<%{5`65N z8|MnfH^1V+rwI-Kh(LG0+P1+3M_=phZ@NAOcDwJ*&$rw=&$!TA0mLw<8PDr7db#kA z->*4CYEkxCXc*;qBw~htcBTAKdH>D9EYH=1cII7Tgc;QkF<;S{uBf*?%>|l%pL=;a z_s#^O^24lz2zI%a?}}c?&DODlT<&8NrR`w7ZRpu0+Q0 zq{X*HmF+(1xwBcU=U((hR{@6M`%Brjz*xDM>Dj<@FB81FaFdHi!ls9zvFyt`4EK9h3D#>AO4qAD3YZ(2B z{rBDu@};``hUFJCk38#?i( z2KP0qkG?^FNF-eGySsAM`A%-#?Xw;MGO^!YxIB7&E#;-|6`?1JO1Y;j9t|!9hKv}! z)TrKpW;2~@UNVG8QD2Y$T`HTv)zCANpMfI&7`^6=<-n=SJ@D()%hNUI~N6MYk=lG`OKuk z?d~(F+h$YEyrg$bbHC>r$=ikvv{FLasV%&uU2XRsHuN|(7;CrB+hIr494={Jr1rv6 z&yi;Hue++F7PlC$IcYZU^IogAs(<`YU}4SO!)IXaWu)T=(eg&Ed9ezQRgI(Xy6A)M z=I#{?RIwfz*-VTz966hQQ8&U?C=o(hhKUzRzPRV+#{2FK`spQ^$D5OfJ1 zqZ#?Uk-&Is@mrl*I?==88+7}0mSIgHQ_$87zudM1iguhinopK`L{k&`KbE|@dHt+z zjP2T_726Ju`)fT1S9f-)u6|u|n{J!_8e#b5rrx|yo5Z-nb<&wB9&VTI;({L>PN%f) zId$=EniY99s~ItIdY>Cf`W$fuwe;~B9!-ftW!(}SkiFQsiH_yW&v6IN`c6H| zVU8cmv3-}rQ3Xjg(Q2}kQc_RwgqbzA57V3%B3jgh2|ki}S5Bb)##&PWiLVcN=hs2M zRV(M}2lHt{PP=YZESs0HuB4z3$0S_)nfXxGW(7vU`5DWgM?C2V-ma>IUf-)n7$#EFfzXif(Q19)%Q#6);S-SAw9ch#MW5UFc=6}La+?7r?FPXAoA zLRd2j$>-<3$yumXN=R%NS;199P?>gb+kH+2o_g=;r94B1WUKrP4$(J$eo0c}m4p1p z&8oz4z>R|2TtWDD6VLAIvcXuj@F2IFYdhGYq%{=w9P2oAIf$u7<^HCgu_j!@^@3QN zsV!FN(*a z@V}E_ET4;i#}~iB0RFH;oV1OHH)U?dnVRgPB44C2 zz{rf+i$%Uma`2ht|Fr(cb6cT>_TOcS9|r8gQ<#8Fwg0MQ@BgUO*J}&?&vQJc?1*dO z6ohuwik5}2;O6FmM4Qb`l~Eb2dZKo=MFxu);hfp1UC?uo*GKn3&Jml!=q` zCqF(((|>JejT?aLKa2fub*P6x;ZZypRoa08c za4~DMK(&+b#f(-?_yRo=OXIw9#)DD8%IAQgW0e~)q%Y6-GO6I? zX2H_e<4a8nMm|ReD73Iq{;S*Hgc%ncB)*A7$HoOWU{2}Sgh1f)0nw4A=K~`{eLn_B zCbsu{ASjskd>|-#_k188JE&%S?gtjl2IPKRaf(R#xS||#`vGM+fbYx&R6OiC)^QS- z`vH_F9YcGL+Q){!o(HCme*J(R>1fyURLn6iW+lwZH<|L|x$+~b91+@j=ITdSpl6IGzT2KdFo)yp2 zL6&E4p^mEjz#?;v<4_RgnR_`DF!=!`@9t;sV=BVQ1B zW?g2f=qe8`bnVQ(M0NO-dAestES|mQbco`ImZO-&GZ#`ph|OM(i8?$U1_z1Ba+%}v z%Mil}t290L%=KN=^ zy8aijK7ZBIpa1gnpE2`~P8@F64?^b&>X`2Tn~ndBF@YB6f6wtOiQ_>`wu@02*dE|k z1G)#EoDvd)amEEQH&483=;US4M}sIdFk3>ukm$+^rG-9PxS|Sh;A1RPU~S05X5aNS zco_MZ-Eay^qM%$TNU2YL5J#s1cpV__X#GxY6id0Kkx#C)bJ{$G#yhz^5G%gV`N7qo zUxIxk=Ul~CgI+5t*{$4}{)LV!Tc@W6z+5SU?YAfc2QP`;oxQW8lhbsSxqmNxoh!kA zU;kh3>r!-kZWVvMfL|@^I(M@B+R{+xwsd@UX%N}+41ht9Io_r@*7IT zJ>b7T=1TZ43_H~B#OUf1<$Bk>4hrbdh$XRoba1@4zq=!rvR%(v)V;4u0sPm$Z)1D# zCk!F}OZSz3U9vq7{&nu4%5rE2?J{=l%t2)DX1Z3oMWu9@D~0H~lhgl{JMJAi7(`|0 z6qJNN9mk@S96-Ew!ra?|71}sMx#KWs(+?cr?SrI>T&e3qYs>Tp|6!b>pS{2y!0gg* zHoKso$u0z=bK_&-)~_K{4?nKD{1?*U2UPaj39q9o$LnNqBu8JUP5M^}&Hr)<@x$5b z=Snw@ZwFzL4zpy1rS7je!%J=m2Xos;hi4~yuiu~T9loV*$00BfPMFD<+YUSnJ)5X0 zDigiHobe~+9M0fA!kJ{_|NL<%ET21<_`?jF#11rx&3g zYXL|Gz85jUiC+O_{y4yUIVH*zO_a&yAeSg0<5)<3;`UKkP?$gNGkN{fHaT}4Q`UbS zU$XMwdUdh>pW}JEdw~8Fbg;iEMp1z>e8*)RZL*^WdTT9LtECsE+KTengtX$XP8f*g z|NBlsMIUBdxc)cLy%vp93P{= z7t54dFV$DYxA3EE4g!UuC+|2w!Z9Yf z;g!rsVB^OWLtfPb240Pb`s_O~5>^SXkx4Gn8HDOdQeALmacUz;>xcK0R7nP_Kj>L% zC{-G;@o|wgnsOW~G>$Zk8rZ${(JLZesJd4)I>@QV?7A0MR&?b$*+Id%nm#@O^c4fp zLc@&)psARy5)o1?ufYh^O(bMc#;|m(!JQfzqaAMb1>;NwF^T(HF{)zlRHiB`Xa~Ta zTld&a4L?C@#N>5ORCruV8n0UcO;7`;XVjR$oH=rsSAt9y0j((sl{-;M)`Hu&Y?}f! zK%es;y(z3C!6jd^d~Gs=NkLLerk0GQi4WMz zbaJv-j7k-vRFdp^@ff48R!-N7om-wk0~K@$zy?@uYREIotvWPqvVehrL-i1Ty?m+a z;w6gnXCR`QvLRwKipGo{>Y+iBscghMka)bFtWCX?>7A$qw6jz-h_S|YTAIlur%{J! z%M0}}@<6!6v^52XsSVDiUfj5f(-ee>I^~`i7aF229`e*d|ni`%qd#0#r)_mX(?%d3<4TRaJU| zjoCHGv_$jV@&4A?o1>G1Q|UOF%kAtQ?;h^#9&YdLVj@z`TtZhD?D~JvGlu`a_T7&2 zMD9OR<$vJ%v-1CXeWCwxxIqX8|xyg{RPHS8*O2*vMVQafbFCsDU6fX2_1@p*1odB zuCt0K!j^xJk^fL2=mD;(Ak;Uj1 zEHcDf1sSL1xzW|C5p;1?M3^XpRzg3@crXsK8A8Crb?U2Q1i{3@kQQ$vrY`rfPZ#>VLN@PLJN4eb_qL z6?>=R_~huvy`9}16`yi78<+CubR5dvpN>y zzjY#x-=7>Go$f;QI{@}@@9@nD)Uta3oKOjBg*37IBfN;ycU$}WRMpmdX#EMbZ~N%@ z=aap+@6N=#qy3#-NPN8uE!%p%zbmLJ=+yT9*51LY*x5SRddmSgj{wREWs|M@@NO5A za!}tE{C^vRb7D8>%o$!+p_eCTy6A_!)7@3Eb+UJg1M=qN2*BfTLJ7#ScZg@zhr0{~ zhgzg&1hU}!`_tW|Ejzng`vB_{du(PdEyTqCglEkDuRJhHs6Cvwjw$;;@One`U+Wti zi~avOp5Jmp`q z48jY1v{_EU;V)=r8;J18>y7F{|Nk7%l=**>i{Pi}|Ep_5_dl*L?tglo$MPvwUvtnJ`0?P?a)Eyo#H&|B zkq1df%mK6IO-vxOv%gAA!BY!pds!=0>V=h()D?ffJT4;S%1SQhc0{@XIl3<;zj^fngRCufsY<);+zx|c@D^U?cC$qaYB*TKT8Z0 z9kTK&lgPiW)pn}&-3BJ{Wfn{D7sdva@cp=mmqT#8EmY>W(Ity6D3V>*LE2^BBIhmk zozM+zw>=z@Jp;6OuWF{?f;c@TT>DMA_Dd>O1zm>z+wc9~1?m&z73b;cB8=$2dX*3Q zj*qr)+;Q%$gd_SnBYff#-gzad3Y%=&ffMnST^wIdq+tmi?u;=ZiZO7z91NopJP45n zRw^vJ1jtsI&`{a!Pv{AyES=zeE52sw`Vk#$j~hvg1^$)sAgj zl^2cm`bPW3Mx)hsI-QM|oyMBIv0k++FJ7*-Ugn^T8p)=*PEWiViZg%8SvEJ{_t^~+ zmcqof_xHa~UV3OtwpOZEW?Fi=TuzB@!}G7c5FW`(k?;lzha39pJH9mvEeB=yM)mp6 z9vJz*kk|3GRV7*Ac6UeyAE7c{)aA9`n zypXO1!KGPdXy?q#S2C?q9(vNqKm0sG|5K|r7W$v(c!uU*hsb!kI;QLYv-Y2jMq_dQ z_biWe<;p9{5AvQ9_N?&QiA!B4rpvrZf00urK?|YoKj|62{-4J8AD?OKzh0|m>3^fL zzF7ay@nl^A2??ZTExy_mCFL?qYk!kfKe@LjTgUHM4=a}IiBmIbN3B@jy~rMpwNjN_ z8;3s97xqJ!mIup~QeAm65^QCXB^@43n}f_ZymvB{l+H}nPh$X6(X|r$jeqG0dFE$m z{iAX8+ui-6w@-BV|Cbr=f6Utd!2Vxf#Q%AgXGzeK%jLcnJAq$_mAajMHB`)Ym;E6w z*$sUVI+p^(zCH!%!}3)uf8=XhP#NG44|3Q^*@k5u0K`wRqn&(;BPa z_guWwm8)4R)v=m4?j1G?8WZ?p$7w+hNZpfza>*@hVkCqhbbobh^pT7%vGJE680%A| zmg`^AP&$^4eh`=CL4?8g+m=V)RGn*B=XMZc;6)D)MlfEu8Z)B_GJ8!m5&Lb^C$Vg& z=8ew~is;CV7jUULTu~sZ3d9!O3x@F+2X{)%uQJhypUPIGzSX$N@98Yb7Q6exIEQ8!6-rw_y2MYFeVQA*!nuN&7_u80oGGxg49TD?4DV zK+3O*yaK4Cb-cXYxQx)Zg;Hu+92F!QxMUJca=iur4y609aC=ault)7X^dgSfaX5Lq zAM}j3lruFjU+P04ay-ULQg-QsO(0koYJIIIR*A!}VU zg8f}-!G1T*H&tTRGGJ)^KdI*zKU3EKdShc~|6i*vj#lT3Q@Y<&+>$HG+7n5S1#ah+wxJ} zFu+_^OrbKJ5cPx5wyvW?%0Sy-vIfB*0`$l0Uc-CgxgDo{-}WfZ4CK-8Salc-x>w#k z^dLt6e~O$F^hvV-8Lu7EYHX6uk}1T|DKB@ni^4j$p&5`0BlDh@;r`jFV8bA+0TwP@ z^;i-B1nbWylq0W)AtJ|G8D1z|5gPleAy=LB9X4f$Z*s(!akvBYwuPQYF6v}hTO6&d zY8|j5ZyZ<%y2B-3C~J)rnDAOJRjHF-&@NWl=n#ULWs1 zwGrY0-8qcp6}rM+7s|pc&W;QdRk4fItH4b@q^CRQNj9>nh`Fiu%)qe*lm(UwtTsp7uEc!ev;(4mHGX-T|ErsRaz z5}`ljmP;$Orl2dWf$O1Kes~ttB82YI28b9LI=DnERB#W%(KyLic4b8h(-376EL45v zHugg|2$gnFO%$U@376m3U#p=x51n5Ih~O7r>jRi5vwd@W5zBnXL2SYKOK1~Jm*=JH zAKLKgAj@oe>z-#=@)UCPaMbV!gQA#8q^0IE`3&3QJRm;C!sZ&x%kWAjV!~~dE-pZl z2%o5R4tXRoHlLpE3%WK^Vud`7z&k<1o?M6AzR2o0K#0aSljA9?MtZ41HCi-+lFK^L znvu(9Mp<-V_V^2|%@Ps6?ft!pBS)yaPt&gOG^d7>M-JMzh0DQ7HIEjoA_F*>yzs{_ zd#Van2B8vZmbva@eN>1P&^QXiQzEAHjpXMB9*^>I+Y3Bfe7Cz#pXmpFlv@Hhzv0GU zB-K?C)w`nt(A*~qMQp;Q$u3?}qqh?6XYSN-#N|jM+e>*CNbk(hrb6YZ0gz*iZIGFB zxs!pf9HVSpIGdcQU?}gQFV{Cew zd!``9)K8`wvXG>Xx!gAGBof`|esL)$;=oC~Gm?wvPN~wlo>|&zlO@1-jRzUg z2v(DcCR6hk?9G7FGP=2}iYYHA;F$)HIoTJGZh3ko3`N4}j9xO0IQlBOVU_^m#*Jt$ zMK2szMQcjp0L>I^2Lxwiv|D)Mtt=EIxujhg&)LqUB-VC87`s?D-&US3_}-BG_oSZx z{5(ScTW>7%zt8dv%|D0|h_7E-|65zw|3Aw!VgBXTF+UzWc>ZgZ`ubx1Kg%=2{ExPI zD@9i&XSOqfY5ML*U>Jyhf>w3>V)7JlbC3F5)TdPzT{$J1X%)iv}1DVe5NF4;Epb?YAJ>dt)i8iSpLCmALFr0iF^06G$`0ZC1E#-gOR@({5j0xL!wtw2( z-rC+hIb%AL{t87f0u20mf3hb`N|bxOb-F8p!7G%US5d$8ioW8nri(>ZK@tU_Os2~h zOb_IZxPN9!HpBWSE9-d(z?Ai0t88TBzphm`7V$rx<#~ejFGy{ZUxK#Q&%`DK6#CTZ>r zWQhDx`h2pLANbckMmBT8FbMM^3IIe76}H`hXN4*<7?Q=JQAredH>8;&&3rT<)9O># zZ}Yhp`a+QZMCe2g)QN{{m_{xz)ErdVkxrJ{*{Dbl2AEy)CL!M$ywTXFz zTI^pD1yIC|Ni|9>!gJZ!@k_akBSuwCL*!uK16Guh>9@imI+P+q3wVcy;n0?Hly5$g zOduF{01*9nBqZ4dn&y5O#6dgogfc~8*AX0i-0M_?EwQFb?HtmPo9oMiOzf(UXE&bo zFTvizSKAkW%|nfYrsLaV#{dBLZ$(nh>brEO8)EawO*HnRrjasnBmL5pYwa(d2jop5X4V=-(R|gPjTbll9=hvza`0u zKH;^0OX8sy|4}2J?(V-O@#MGvEr}<-{|`MkpY#U6CGk{u0Akag>=wYKoVqPq2|vU9 zgbY*%zjO%V9Ik40x&-@Wu(8q}u}>^}KijASKlVn7vKO7G* zVgFY~;LXGe`*DoGl>NV2sSln1tu5leKF^~9Bo>lME-+3i^pj!xA;s+sUrX}pl_>C9 zDTv>Hmlv>PFCJ0hvne-)&Zg^32;p`pkn` zHJ>+4&Xog+Tz#;^I|5L&0>AmlNUcsBhB)ZC?WVjur(&)^*=aUS&$tL(B{aGH|e9B>Uf;MQhOkdvQxMUbm zoCn}MnZ}F4s@Sw0&$@T)l~f@ad~b$Qi#uHY)1O)Be-vGPPW|uN#?bx0AcHLKe|VNh z^7c&?K_L^h;H%qZKWf`-`C!Bth^cx^cnN&(z6o2?ZzGPeKrm^VUQJB|+Kht)ByUO>)mVIzT-u;@-)v!gFp=LS z@(SGV>-TSwcz0FIQ5+`OUd}29zyY~S-}d!BcD>C_+74cvC zjR$V*9UY%8@)O6I?%aUCw$mDPVL;_TqHiBrMc8gQ>%AI$+9dDtps_*-h4j4}##dE` zy7GgsfD0`be&*l%!#-HbV}DbqZVxr)Q$CBaOTU?Y`IK11W>7X|DT`xvV}&jU4wd#9 zn?kV&{Ju)6Z$?r96f*#=%r9C_obGAU2@jnN@25OUF{4J^K&OcgFKO&D zXE~FdBC6reD}jbB>azh#;<>=cAQ)LH-r8E z(D~n5Wqo1)^DGb9+2@lvR-6^Zlu{S{VpwGlIBwjuNds0G)|Am+KV6$>yAcKRH?y1f zBoE0JnJmDZW<}Pv4Ei?$W1FxeW&i+hnd2BC6RS<r?Xo&qat7+LDunuV+s z$F}2k0^WI{Z8}|E0hs>C{1*);I&X@6?;0}z^J6rKir}%rCpo{sMX)T_azLi#%XQS* z3dRXr9#xpd)N`rijY@qOi0@aG&NnI%2lIDP+1S`Xp}JCUR904XZuHjB7hB6QAlaN` zM+0FlFl$n-JEEL2P)&y7qNF+RixN!7_wW-Kq&CR)yJ6@Do143bN4tk-tKu*?aDY*> zchTX33b0a_?+E|I%3Wl|@+?w=#8T{x8%}0?dBlrF9DrBY?TOjjSLpANeBWI9E$PRn zu|>10-(f8-(>#5nUMVbg{{O`1A^U$bWDI*K zA25yoUt7!W|MkY&BL45QJbK5Ln~dE4<)%sJ^Mz1vK>9e1wQmX^?DETc(I6_QiII@> zIT=dFtN2epbZ<&ui{Ho4x&L=^`t#}j(c9)J!9JEASGBb_6!Pxh{uu4Y5EWd|t683h zt$)1A<>6AmwDn&bivLlEx5fH@jwjLd$)gE*0sIgHA7TK|$h~nAHGsY+rD@QFVE|=7 zn?g!qTOdR-*$}*=dq~Ha(J-3&#l_lwqUS;DpGj-ce;@}ib^otq&wtk|i}?S~^USjU z>uE1cSoSJUnT}!X@@RHI5r8CnHs7pd05EDn2IhYry8iJ-$fxH2Yqf0rw|b+xxc~K8 zo-u0~r&<0@ZPU^uU}!N@{t+1$tN9Q9JZSw7*tqhE*MAju`(gQivHqXsQHRuIWAsYo zDH>peihkp2=Au7ND=EJFPK;42irRO7ujc92L3N7Iul~7=w1|T1P&j}1fo57#IYHm>9tEHNVzg}ag&3U} z_0mbpISqBrD*THO7<-$H36i1ul%orkF-(pXV#MYsH_@ObZ89^a4?--dwh1@FFg!9N zv>8W@)%2>P%XFJ`k-Ve$1`u-Q@twG6J4k$sKxg;fY;EuU^_3T_$ih4lAb)veI(A;E zHZF3q?!dEEjjPZT9EkHl_X5TOU3`AEA~rF@(EtE+a#V~2oeI&>gNZR+Iewy86vZ~0 zP^E?sl{hOy`Xo0a6^_s&sgW{oj>=1KH5@l8O3r40LvfzF7CKSiy7g5*lUWm%XbrmP z*JQN4QmU3J+*SWZygNGBeTA*V7K?8(bN8p;v!>I3c_Y;vCLmMKf7cpW``@+3;{5kn z9zHXS9KL~96kWk)ps^JX89?>>$~Fs`wr{^JZXfOJ=Gs?I`&t!05XGJ-1`~il&Iw;* zC#Tw?U8N?1>-Vw7$<^g%?H+WEx&%GEwP7!ed;NTF*s6Ji5KMW?llqmlZst`rxky^m zJ@8jW9_QwhEJ!WFld1jf(R3FvUO{u=qo?boVd2IDx znmR3>&;87>|Ig|DGj;#3uh+BspK5&(|MhvEDgHlrYfiK4^h5#Vim8%ViEK@5 z>4!`L3;_oponY*jPmKN4PV`WRkql}ThAid)*P2OztXIiQ#Z`7`8uwI=C(2eYpUIIY zZ?QbqnnyNc*jkZq?`5}Kn+9fjKjeMD3WEp8!;(5Z^v@I zQpy|d3=snf1T_SsmxOp}Ar|v2C`J`N!YfXU_KMR*Cpg6&V+;17@_mr~@0|$!;!v;!R224iOS9%b0QuQwO~|N`LYz+GXdJkAp4-~oJjEq>G+-CPul~7= z^Huzj6l^OiCE(|juSph0iK0sXbp&WLQxw~PAEl`8x$$!T-+q4OymDc#rfmzAQ8sz% z6SByXd4YN)ye!Uu4a*``)&Gg|QQz@TPv13{&;M=zyL9o*N_j+!{#KRB8t9G{Nf#OA zsAgo9hM`0*%Ky9m?^1bH6fj1B{2)YO_w*?BfDfg{jk=J}w?p;eZC<84?XK3;cRgnjD#F% zy{zQM#ns^>FWiHuA>V!r(*u-BLM$pa3HydI2_O@mWME#owJGrizeomyTzRFlY`*x* zFL|{gO6DOwP}pLslKZR`g-lJepGC1KYkV3H)*K)s@_Rw#vV~&GOA)W-C}6~{&2kws zmSk+7Xsvkbw4j7j97IJ2*uY{n9nGsCCD_2n>!7inJX1{?8W#blUk(Z6oXdTU%eme|erqA}(;G5gkN- zz~fb1w`jQ|gI*XvCG8=e3<#K}XsA60Lck;m30B~_?fZ5RIz$PJ{d?fBkaZ7i`(x0; z({ofA%@_e}10#SD4=FFa5k3%Td2>ucc`-dlqQ+<>rRgAT;WS)ZGn>MW8|ZcReG zku)Urs6}lD4xPq3cUaEy?|XQQb5aXA&@IV3=z#(w$&webb3yc>;SF@t^5Os(8%TY2MCU)^|5_m=POZ)mgx;R>T~LeZmB!jO}9yZflm96*=v z#g%n~%_(4D)xt&rcXLE46>g%GOR9pk`Wv)a$KHGO9hS&_I?r+v7vlHdMZst!uy^-^ z-uQjhw5%v3aezxWM0l$b-t0L(QYL_wJ8{|Z${=~_ddcPkW&?N60!2S5muH!&Klujx z2Y<%y|4iuTJo({gn*DEOX#cO&8jJgXpXC|r)-EI3PEwUG*59B18NdFO8hd^cFxCFQ zI<)>b8Vmi;vpkQA|1&-qMk;7%ewKVj=#d3IdH!e8`iIxB{RAAqH2V+uoL&Eo#rFv<92apvNB73oL zd#D0})em2p?@+cXxcCcZ^nUgVLButai&h(zh)%Ci%H`B;$Rn;IG4CYD1evvPkxNDG zpQ)%>002ah*TjgT=*xu1Av1u;6agT8Z_srq63izUqnupO-E;|txpF5ZN07=U-&I4b4RS2XA-z)Qc$pP$n6O2J(=3yrw`a3KrUd&+?32|7u73{PKTwg#NFw zw$T4S%QM^h*X+&G<4M5hloGW5lGT}(WF(E_;0&LJLc%lowv5!UrWL9)a(;ivd&@{n zndR~_nGq{qu%UmLXFUDqo%uQVzj|ee{?`}r-=F9Cl0@*q$4pi~9^w>7`h^vy=UUj2 z&@;6DJ+~EFp{q}Tnpcj8F@JcLqsP#LDeHf|ww_)8Ya6vi{HJGmr2qfEUJdVPx;aFC zMCM>-Y=$KC6Ycng5y2Hw=7URu;R%U8d}zadWbvTW$;tXnOHf&9PzCUR3eQOu; z9P&=J5Z+;Uo^H9x)3N0glo7Aw5?1;K#k=jk3WN4tg^xONB zy;9!_BfU6N>tLmX)qENaGL>_9JdTg|_qGnVcbo4|_D3y(%<i*4F|y_-DoyeP;e7O*n^PzM6 zj)08v*^DK>G_(94_zcN^WN@KQ|H@BN2U+;9Pq6>5Wa2+nA$#L5V*N>KpYr^d%YRem zU;0ALSH~3jzfoJu-v3aotS`=gp5-ax^LiI}W^w%XSRB89y}!3DfWZ^5_m8%JpwBre z9&U=a{^0nnxT%43_Rqb;*Kdw%KdlF^cei%#+rQTA!`qLYAFSG)`@`K2jh(|E2OE1o z?;rp8;^WcHukOCTwRYznUWNZWs>qDecB=b3_Q_7G_cFeE|M6YRZ@>J} z`uUryqpP#M7q5RQ*Vq0rc;U3x2d`gv@9%fYAMN1g{r)evy`1}D=jQ&KZu#fNhixxD z3V!;~u>bYb^$+#!oACWV&rW~*c(nfVjT2Y)>+g2%KUDtpBKB+XkDZV4o3;1eemCd2 zTQ7cmb9lNFIH$k<@{JqZd^7Nle%yP%-+B4+#liaho4wxcJ3ETv+v-Lb{kZXZ?O!`T z{aSAQ{L9|f?Z=(mFRusw&2{@_{dj%n=j~s%PuI)G@tJd9zxrU6cfy^!UxTZ|AI@68 zI`90>58;Qk`+E1yum5^+{g2k+n?vt??(}x|V=vlq?7f5c_5M$OZSU<5AMbzu_4Mca z^4a$5&g-&&>fF6QJh*q?zxnCx5^8-tGPC=H1Q4#y587?)V`7^-ZVp^7YSWH`?bc0jaH>sE|) z_2V0R@26jWxIb>J*S7DXZ~i}fZ`#l{vNQ_c&;AuXaNh$Y#&`pQCrrW)30v4nCfCTe zY%9o;BgufXJiq;|s$SHRWo(u>^PF*?IWt&l^;%tBd#&WV^@G$_ZvDt@T zC0BX1*Vx>i@2tOXHU0YK+WC^1|K`-(cdhN)uin!7?)zZ-Ro3a8=5L&{?QA>sWplr1 zxwi+a_F=o;KF$JEHr9`fi{hENa=ms~*gIRlwofkVua3UXzuaG1Xv}Zrvrg-9<-^Jm z{C_nStONYz=fBo2b{fa$^IvwY6}P&z`Nha@Iv}&gu*2>x4Vs&Nhz(1Tj zsusPA!o^9jzV-61eYw8t_#bi~kBhdK+pk?59vob6q}&B}zPPx0{$cy9)?77BBX`)` zJv(^+<o~f zx2&fvcFT?vp1Vd=KM)JxAT6ZRWuiuQa9at;UHUIt~EcQFW;>m!bv}S*_o@af4t7Sty*F4+&Vk;YKN7M(|&cDJ#g$BuX}s*^}xDorQFq5 zi#K-dgWJyE74}#64LGV>&c3m-ZO?zG6oPENyS8b3*?jeJ{`B(8Y5mno`^%SaOP7s& z!LFZmZc+=~?0it)-aV;rTI-jaYp=3ZYya+I&N>LbuD3jYyX~*+?%r81b00Up820)5 zi^J^Q-1))g{L975SHX5_@x62Feeu5S&E2e7=0?L`J87;jdK=mK4_oc`wVT$F{qmw> z9-UoQ-_0L?__~?hy7jmB4vIJDYqfSohan9-pnPu64Te`P((~V1Li@+;8^F)5YMXv$dC6Z=YW*_@_I2p1a~4H9GIB zJNqw-A6mJk^TSQp-rK_V`-A33qZ7S=j?B|nmm6Eny_9j|b+)?~Cnq;S&e^;?S~uT+ zSlM2@$$x#f^rcw6^DlC>Zy%fai&vLR*)N@3ZR6Xh33nJoz*2bHUF`FSPkYj z@~@81oSVh-gFP2u^t$Q4TKM+0a4_$BuZ|AR)?XQoFO|y4;q~QG?fO;ac;n^n&8v#P z)=5?GzRqps4p+9{ty=G@#@xoYgKzCz;dtr&;^FB@!8)7o9L?=7yxMP6Ru;Do?%r89 z`R)4N&dKWj-C?Bw+c@vMKlPe7mb17}hZDDSSh?M~XdG@g-mkt}Sv$(^eE52>y0dv? z?k+kX){NcOPUBrAJJfzHq*MTy?fuwY%N?(bo0H?qRWg+pWxPciqNiZLj!lEA^q!zXn^|+Y28rYI|#6tgXxU)zKBUc3j=Gvc^u~cx7+3UhD3*-aD_lJBJ0| zZQZ1dEvG%dvXk3cm|J~+S#6%IZEslh`GZO~zq$T#{pj}H>FT@fv+n%$_Pkl?UN7#S z&)=->ZlAYaZdK~vPE*dxnssyP=HAsl*k|8%cZ`omd%^bh`QFC2FAMKCjQaZe;>!=m z^^-!r7@Rcfjnn+X`{L<`)%V{%-g=kS)QVNT+x=)ab}AJ&Xx*&3=dY>_(_Y{G^6hTV zaF08;FN54SRL9f%nFtc5m#ZWBBW z52u^2^2euh8?RbR-HqzS))jSl*4Hl!``fi@>KxF;P4n#QynE(W zz8#%fTee+a$sXO**KgJrPBsfgW4F5-wC*lGelb?gcD(HECZP4Rd7wqk7QcK<+4Y6p z_4euZopZPUs%hCvg~jXU>ddW~06DI`x-xZf$@6EIB;_c1KyH4ZCZJpcuYa6d_*BZCgqqDsg``W0l&289c zRXcldWYk`+o!k^^ZX@;bA^@bgxpBH~)sOby?SE(;EUXY}@pI$pcEbc^e^#l89$>*eM9uh#io z&9Mqw?aQ@q=gsp)``z_gyZ&`9cWndpxw&N)jK%Yhb0?eED~D@`)l~7^=+0&D4nCgm zUo2j(wNLV^l`p$HN3RO+a&Vir?8OcD%f;Dgwz~PUX?fPk#^F(6^=$j>@VI6!HO*A6 zwRrh{q0qWJx!nG8alO)7TKPKPdUZE{uxfo>b&D&P^^JEc*R?svJ=!e#JGrl~D(2xy zPjj2YTAK6?m?s(@dF^Uib(Tgq#+rM3{}i;rQ|wV8cUMM@HQ9_95)68Sbk^cAgFFG{jmuj7z;7K{F# zQ=f z>N4ZItkW|5>t&1y$^2{6Ugklb;jb|{_-o35^Uo8tKe3Mo>;LlE#oXdp|2K*yf#ZWfb5V=8|?r z#%44%b<7}jjzPDVg_DAWn$)UUcRjP`aq81C|Lb#VyV^N7>>+c8F#uElktBjiiLW_p{}GIn$HAI^vP6mks;Y==v#4 zGPJC{-a_fpvT(o-qptbX(Sc)kmq|DPdO(H0l=`&8-Pk@ugPg@$?e;9{F#A9B{U1xq z{SX)%bp8vuxcs*`pC9{wj-=Gczn&YE*EFX{_MNq@wu#vQCKBLyA`LImc5eZ0}7v%F?>T%^0VU;_rJS5{QL(GA^oWgI{))M@xKa-WBLDRitw`4PJcF& z&E()Vmi}4al{7!-woP%r*UG`4>N)r4AK&D$4gT)M`!6U%>Hl=;U-RL845a@T(|D!0AfAEMWO*U)tY;R14<_J1I z<#i3EV8hF~*k6C~$M8r8AH0w;ZTa}<{zFR7`46LcKU)ak0q4K4*mM8q^4T%}Kaw&j z3XsCb$J;4st0^)#oI2K>2rXH4J3h+md zpZ#M;pidop7kU`9JiW1MCS@&!%ES>}g_!&bt9II$^24l^7|{u7CW2vQn6Mthq_8dz ze}yq%69y!76=m5SjYW?J76}1{opP>D4UZ=Qutelok;+9xHsxtnZY`e1qzPyas=y+` zld#Q**UFmAPK76!_xk zIcQ+oomx#M+M#@`L@vW~Yz69OYRNDG-In!k%UHi0xMl5-$e1dj>2uAjbQ(w>G_X$q z)hndfuM(F9Uf_S}6KYEYq@7gJB?YI6J1N3}$<4%IM9Eu_3{a8CW4$}j6Phfg;XoN^ zhv#e;u_8&?kP>-xMA$QVG@~Ez48P(t01+PYIFwx&p2?F7;pFTtt8}Rmm1~pnaFt2( z;&t#Z6?hHNMlq9L%4BDAQ};|G5;jQ815R{!(^Ec=-cgARU}8{danwX^Vyuqa=gR5Q zH+V`h6;NWpB0P**=rxK7Eh@TR!*Hx`qMnF1mb40e)3;#MD$B+uPmgxxF_AIHWQd-$ zOsR_z?AVpmUrW-bZCxdv>fT-5Oil z-C-g($xw}}j4>EI?K2YLI{nvb1N-lZP(O2+CuwVA_h2j2dXo3gVE!-LqyNdykK=!i zri>Y}e|PDB{<$FNIr_*x-2OX@_8(*Wzh7Va?|&Ew`l)?9V*eKw$M&BiDgF1qWd;T? z)JEou@7}X6LzDscKRoNP|1D<6^52mZ)aOi~6k?);*+U{AKt^5@g5ALPxqK#<%`EWe zwa{b~-(fgM*u~5|lffeWG~0ANCST-c;a^4mt?fFEa;$+#7VBQ6hWXq1+xhgzr`3*S z*Vu7j1RekLw4~hw&$zMt*{YQR9%2sD8O-*D>5PBVcmr6?sWz8eh98*T%;OrGp#iD9 zIU+t<*p}65Wc;RO+BH98xpT6extpXBX=Cs^XccF8*JhBx5$GQ$4Fdm1ET*i)DjqQ7 zJSk2UAlhv)wVZy}35+}L;~nl6Iu;uqFpA+$UBEZCiJsUQ>|m1Enj7RvD7UN_4sQrM za$#FkFKBCPOa99-Z+Q!oY}EyN!o%p{CO*m`M^EVZx>~DuLHp|c^87s)gemL|s z`XG!;D!w>2168|>KrPulu8l-S6?O4~b+1yi^G-Ezy}zA&MoyBggnThfbew_^(M1 zPi$hEvM=GXh{ph3g>X$y-1h7)T6yDokZ6k*XN6LD$adE#kq6~|4)-i*8W_OVnF^R; zqbWp}nRm#@PNPK8yfa#D8~2IY5Z>yuO1f7?D4e0ys0naTU{`^6ECw@TYNS9mYa+pr z&*s=$BQjL+6SqZ1_~lRZ9lR35@ULh9S2AJA-Iavz%nX4{U}VVD#dShxx4ok;Ur^pchod z6IQSS_5$Z#dy!#cV1GL(DI$3=P6xK$w!0)s7MOw60bDvT(hOUH;aGM2YRW_D?KQTk zoqIf?JfW8donn{+3ew*2jKH6r#Z`dGRg4OBP_t?XYcx5YEE|^w;EK_ zy($IH+=d0WaZ+gT4~@1v!QW0X!*-2tT`AgxzUMPg0jur0aGcjV9yJ?cxdr*2pUVb} z5A*UEPQ!%#TU1g~p9V&^FP=$)>sJ|e+%(V`o3KeqK!w3AH|X5qNrVlrnm)f;{&s|S z0lIv^vstas`c1M!kq!diQsOt6AHrw8l&PaY5wW&d^hxn!R$VyRm*FdUz2JMtbxb}E zcysC-4f=KB3MkUNJd6xyqrYOj(p8nCps7J80y_)5wd?45dn$$sjc0IBpFt%NAAC zVIU*~Q>+0pZQ4T&1QgX%=T!RK)1EVl#by5a&rH35|g z{a0+i{WokI4n3h)?1*Tonp^ct*a{FY_$N~iQt&Gz=%}UeYREK$mW|&W+j!aZ`Ko4C zkpxWsmd|L{f(sIc`X9DJHe7UyU%cQyN-tipcW%>R?@bGF(Ddss*Yww0(ZgReyt+#6 zh+klC$232u$8J5ih3Td-$s?@c)fHSrqRSfVIHW6tl~`#53N)E`la|CWgJaI7vBKXI z;@#g9Gk^Z=Ai%YZE@cBz=b98(<{hGBJh^zBxxgLvIcQQpq7fL$rD(ye1P0xHRhWXL z^5miz!QX<$z~zP2y}iB77&KNQ_-$U#pWEG8+t@$en1%7;7pFW*zKUc4xQwL#Rnmdk z#w{kTFdCjXRnR}0eiG#RV#WS;YC!OCYEfS)IW)vIS_RUSz$&dAvz_C=C)n!B@y>Dj zZ|8jHWc%Rsgq^P(9j)x2>}(vfgCn+fu)n@@vU9Kxzc$&*{v~_Av%d}}(;|YxylZMYiQPB!H!KcG5|`niKnG)R#EQ&({dUeK(|01z^QSFdI+7-@bvu+^i9j+et>@O zoS+lV>9sJM5d7ctkjK*iF#fu1!rwMliovDe7`%d-;#FWe zRlqHg7l69l7F=jGKK95vztd=-e^LB7DpFtsxUG@r9CgN@dL~|?@u#7>E%KOjx5%@_ z2Z>o2<+Ie!U&a6Tm;W4XtgP>CJX!hke+I{YpI_+F|KxMIvHWKgrN7iAmHLOtTvGo4 zkxMF-`la#~)Z#xy+Co+Ux~wIYx=+%QdZ?f!^)xw4Y6vk)YM_)QHH45Q^*9+z>Zu}@ z)B_|esi6fdsi(_VQcn`Eq=u8Or0y54q#h$%Nj*xml6s_MC6#(^xk~DJ#VV=il&Ykj zRj9&|Pmf52P*9RUCG`M#N@|ceB^8&Zr0y4{r0$cYr0x@?q#h(mfg2;GOHop~5G56r zp`-?iP`H&B|5KNr$mjC9NO9pwitZDVoWRBPzg}*VN{yu^zfEewNt3wDB$ax)#3Yq^ zxV$9wcyS3GiXK@>D)j(K3059XPLjI1x=KApN+N|M6ElCNo+=_q4Jjevi4upGkEBx1 zARS3PLO8-@BT_VydM?RG>KOzhsr%(3|1^8MVeEg<G}yV(nvznC5N~ZW5(+} z=Q4M~MqYFX=-($M1Guji(j9G1{#c&Ii31)39vsfKyc!XOblN~S*UZd>%zMAXk!u4u zOA0T*S+me|8>nn@`)C@1byg#WU$8!ad<^6}>kLUP>2&~2t?z7ZZX9jwpJaqb0=a4W zhK0j7yF`W{wvC7>#P?}lMG`Zdo=>WXZSNnPY?LTfeK-&0+5ikqK*$)dvn1D5Cop&) zacWmErd2@mrN}JRgl;V)Eha^92v{`3;rtqQD9O^~eptmMA1J5|7pT{%bm1GH?>4zf zA+bdf`ERLj)AL*}lY$8W{8Bz+0B6MP{-++xC(PW7sS%I@LrPZ?S-fX>DgG)0IlRnv z4tPG{-YoB#%pCl~O=$t4_8?ig++JlO&C2D?o!yOcSwBFMF5t<6U2)aZI%k2N=@bV9_!JzfYs85$!4?2jq zA4zc@KdQLVva!kU59sg{FN2{P9$v(}{pqNoP$ zWEh2IA+XRUlGf|tb5W)DJR<6FqzBC$F!pX+67lL|pNkB;8JVTrMBga{(39|FB5d?v z8Kkn*ugC~8DHWX^771OP02NH#3#)j#U`sG3IOkU+7f>o~ZR{N%ZmeZwR~!kd4Bv6C z@}EWo{fo;W`+o$4r}ps(`|tV1{Mi0`6lKu<hC%AfWY*F$B%-(er(tE4k`g2-?{kyvE4h!N!gF@UVQ)9?wj3;XVo6xz4-p| zvlrgxD9m`uBIwOLb}&`jMX~A=PJ?KG20(m>;&cR3Ygu;`^2)UBvfBxep|PB*-Km+3 z3$pgGLaB6&H4ZvKh)hbzrD+)DG_Y(xf~lVq89Bs~x9in_dRR zQe~b>(R6NPCyc3K{xLmKp}H#I!t88=Hx10}!0z>)e@^headp%hp#~k*=eR`EhS%^P zJwA#e#*KM+0E*eF9N|Ee`IF6VqE-k#z%l%sNZ5Sn-|}1s<&-73F{V~e_t#-wz=Y!b zrr7dd>_N-HekLr36|f1v>2_>X=+m?u^LEw`x;CmBs~xx(Z%85&!u*6>6~M$8s$@A_ z&xu(#R+o3#?gYN5p7Dd4OTgCi*z~-_fg#V2;BLlEcgRkt6PO;3fQdv11BS;@XsJ{) ztG3~V_7!PypzsZ8#3k_D0Wla%M+QHWfgzOxm$i(b+MJ#%EG!l0W};)iMe(K%9WV-R z7lSv53N`{&{Z6%Nnzcdeil3EA`0q6S>%l9_g^$V838#`maUc$@q;*K&{{2F%UFg8} z$v2@JN63usV52W~I=n=L1!N z;X8N=olZ2Z2^ay2ye34{mh#<%7)DsPi*<8ZQ8Pbin6WA2s@hi73hbxNp2E@$H*a1w zX%_h`qe2muqT)g8CpTDP>2yF-qNCU$L<^?OnZ^KK$498L=;Do z`7-H8rh)dctx8Dzh`-j{RtxrK6M8pm@#_-*|GOF4ad}i3O8!HH)8qSixco1-urSX5 zIg&Ee{^P&OfCVsu?;~tL2FU-ig={?jYk}ndWBK2&FA>hTZu!kQk1P37N5?4al_BI% zkj8%SUq48NOe`DE&V>07SgGz-J3caB6em(u!TSif)iU0G<Of1SY9T403CeyGn^-x{iYw2z0=e}#pGasKC#l;QVZ2u>f- z$3Xl)AJ6|;$SsWHzm22_dBc=+qL5~kX!8$5pjBrZ`)8k~glxUMcd$P7ne-(-xp0x+ z+;nf18EK=2)@ejrPK_zGe`0y?`6o5j!}=I-{^u8R@%(?qTyC8IZzKgyE$K&FZeWJ4 zR5}(wgJCkoEfFJD!H59p6;;UOGkGov#PiLjbNNgmla+!+l5>7DJ(o@Y&tI&V$;lUJ z$31ITeR`hD1tYJd;7Jr}5EXt?Aoz8ZRFE*Rz_0#M%)B0;#jVAg9i)I%@ zvkRFeS))ag%~{NEW;%gT#EI&KSf#3Mi8sag8=hH#4=x*fiJ2*q8zeO;I>_PZ;Y0YJ zSIuN&lW@#n*7uvD^@Z5uS#m8E9jNtmn+AXODr~21lLt6FEM#)pW3NjOv*Dr;w-1x@ zOi?`_eZ$4e!ksCxMhoyk@~iR}%nDNGX6mSnk$CXp}4DlkD4M9!q z0YKcVa3O}-pl}=X*BY!AGxOm`A;?i}HM^#PktXC;;vN=<0R_*fUW-3F9jg|&t}UTl zOri>Wm}kHy!T!o;;d#MBGB0HB;)uYC$(~`bSY=5qRXBPWdN>Lg96rs<^T(gdDHSqB zSv5RSIq2n;&||cXT8;eXrn9j4qH5S?F5F)3abFe`22~fG^*M=f*pim*0OTE;a#>d6zHzK}4@>kJLBRz&VQ34`DPCh=Qdz-fcKXzjD!9u$Qyru73hiIM1 zDqwF36wl*Ft6pj?_qk-VI<{Bj8r)HR=1G)PG0pzKL!VQ_((h(yP=`W=(DVkyxMP!o zRqk`6&xq({&O?X z;YooM`2H6c3S<6%B<0cjuLXo1)JJxZ{m(+r`ClBz{~JxAD6kXc zH<{8BGO`I<_+zT*4k;NqYk~xzSe-{_o8a_-_JA`8=$fV;ahh>rYyk8RD~~?^B16eA z_rN3W|NP?k{vSzs^8O1~%KNT?LHNIrkNN);;Pu%5XC#H=?$Ggcs$v_>DeiT1$EKPV zx7(Z)o}}gGt=Hz2@>B~QY^h#;3jW5bF(+YOxu7>$;BAVEu^8RFeo?Pqqezc`NnHImYET9d*!&|#zy9?8}9SQAm) z!C05&viE)4KVrl~TjG%)#8+Jmf{W*zOr!yn3jMCV2JK~E}IoAAeKN+ak1vMEwi@ixh>(+ zi8&R}oeWq7z$x4maH47PxXxpS;TM;u%l`%o0tWN{3vv2yVa)%Jrf~j08k#C92nfSm zQ>L*nBzrtCcYgsvPtD&w>v56g>F0m2AmG9Le*sWJVa)%JqCCg`%e-6t`gp|t&lku0 zKa%pC`>$nPi}W$@{$GsQ{}u9!`LX@qNQz9u$x15UW;8=w_&g@r#lhY)NP^Zl4N`eLR@{%P;2e{vXqSzrH+S|A)2! z8A$&X;_?3$^Ydf+ZzM&^f20LRf5DGy@+4zisxy=T=yy+UTn3gWoPU`C`ZODfryP~_rBX%^cvhton5=Y{X4jTeE4%d)`^1g|G$3G~(+o+;vZ`0& z@nnDZ{Kn<}@(lNX-2Scy3k*L0#kl;hSQztvBPsFCn=WA}lX3;4Jf_)HcPh=QnDE{E zl!YVCu|e6Yms^(aV^SzOim zq$KI|s;+ZmdJVH&>9Pr)Tk8*@9N;;BCYfX21(E5!o>9%dmL+_X#pb9kM#5_fq zhfY!#mIHXgs9E^Su$h9K6r+~LSmL*pXOaJFz5z)nV9@zrjOTwT3DaM1qgDjVs83Wt!fODoaBt08 zSt5yL;3gy<`Yft&?6j=-5S2+Xv|G^I6@$CO{H4o|Wy?r*LD@y?<)Gs^)5yQT>ooiR zQ)Q;4f9XqcC@|EZrAQtIABF82wQ{xNd8QK{D}_U`2A^J8%?+{PZAeFR)Qd^x$}qIB zjcKB}p2v#f3GqLEss1lFmj8~VJYoNzPye^L(5wF&`~QukaQ&b3&VH2PcbZi?0S1s} zyXQxT{@4!ue^YtF`TwQ*zxjnR{vSno!v6nK{m=Z^{(B_lS@!?Q`k!2n{3k!=|3*?$ zV+GK^x;)GM|HSj(YyX`q6vp}AMp7Oj{~Zf!|BK4A$bX(){+nA|9P58ZQpWP%vHbUu z@xOnm{I@vf|3^}uu>a2||Lw{DyI9DM<-a2-T>dKqc8&vo{M*VC&i^m9{~!DRjix+l z|9_qQH=iBv|47QS?Ell`KlyAt|92r*82f*YrcAOu^u8$_k-PK z0=Mk5pW4T^@vRGQyDz%zr`Aq4&32r?gkfoQi;{~gm9}iRV%TV5`1Y-NXZZm#m?V+r zyq9m<^$dT(dCj-#N64UQm6oS(44boEktXSB$d|r-+n|oickpgXaLMJnDZN2iLo}uR zjP)$v#QN5H=+}D}-sKaT>PDOB_U*Hq+-En|C-oa)bm^^-BkGUJ=s;X{+@MTL_Xo4; z><_U?avvyqql$wk#5053v$I`O~b@*kDWxD^?@+|j%G&<~q{eOVi zi`)OsFOK>DkrWYBoo&*du8BP^m5y;s5BY6tnSL^^y$1nylM&#=l);e~a{0D#+&*N+Wo(Rb@=-6S;y0aWIn@|h`R*i`Ll$0))jlJw@ zFZ0>|=HvE{D~~z9y^{_~5)-1z*Dq;UPe*wK3p0M-vSj@kaf$v6Py ze^YtN`5)E+>=F9kLVj%jHInj_{U6o<Bh<{!ev$vuruG<%DYCJ_aBf_K>O=%)(u^ z>g+pdhS|@tH1{7}2AzM~s?1fJX1&Z`4|euQC=ciV3fbZ~{{KkIQ2QTy^UyvXvHyz; zWB-qllt=9UK!4A88F2sS<`-h|fAVAdk5LuR{MxZRQ~?2!pA-5UU@xFjC8ULPYa$otgjick8gZ-JA6d8{2&Zgq9 zCi^HYKk^zX`qPT;>io(*o!g9R^JoMh#7SK5M~{SQ}%PH%-e^E&42QnQH^% zqdYH|>#iSUs4{HL zaPY8VFU$Z;Q+4rVS}oN@xxBfvyHPIxoRH~>dDEV0!=-cscwOBnDPhSJ9Tj>)@nNxL ze$gF6=PIi;USPn`vLF5rI>VD#hvC2xgDJZR&vgSHVJ1`W*mfD_K(m83dwn7@nK}8- zRGP^dhzK1z6+h>l!3@(VNlpH{c#IW3eHPF4a}|CFh+BS058%!JcRRhiv$nB+ zyupq(R@V16GA%g6+bjE98@mTv_yb^ue0q*xRq&4)_EO#FysTRuIYUm1ZoWf5XOc6&fSJMr*8{?_J~I{){l4;; z`(GfV=eqylZJhs~UmW}Yji&Uw9mTbR7!^={E}L1H8XwR9!tzl0Z`Exh$B%Rv@qNPx z10OE`TPTe4e~hL)b^nLC1P00fiuvC7Pld%X{vSn=_+R;QguWkZwAGui(@O58#Y73< zHsF#UUVU2oJI!EC8)hKIO8i&Ga$pgis#!K~3_En)3O!1+Ce*vP+C#XFlB%dtwM^hN zYSK4#8hNTTdyy>Ying5bVLJDJAmurc9)UCUgGh&cd*D@J9b(nOc6Eu7U^_{A2D?&i zA{Q3jktv_8kSK4Bq>)h3F{`HUBWnjdA4$dJ%EHGe`l41Nvd@UvRF`wI*Q``h8y^>W zs<#oxKwiXNX=BrtM6Fz+k~yrWueSD;n2-9TT=VVeq=z$o+DcySe=qy-Q2ftjH!Jl!3#%JMN6TBKl_H0Nk$jz$Gh^&Qfaee+wfqFI-XV@e*PbB1pWy5&%$DE%>R#~ zJa+$|k^U>>3-SCv^Z9Z9*U^;0JkNt}gOHO=O|o0MskCZ)rs8! zD=OzQGRK}Lp5!yp0F)^;X<6}}DYG9x^kK>bd`d|rN2xcrjHdFk71f7&rnGgK&;Ul( zcAZ)|aNkUqBEyso^fBzme=YOPgacDPTsc18SPzw0lkC_G0yDI(ht6o#|5#@6uPC*E zC;|ejhT}R`)v!@DmQsy~c1cqh-Apuv$GE>L!J+nz=sIE;C?Ej;Lm51}t;p+1wo}Kw z6|jw}N*54Q1hO6&*7x$i$k0qkxu_05@(YC?Tk#xoYqDm1`@v{uh8& zF=NfOIzb0!+GXY)5TZU>50lA1x+=JyT}!iu>6ji?iH`(#JbD1}zW~0TR8;!qCJes;Ii1QQkbD4>@=zwO*n?J%^??-`#-Skf!fmeXQ_CFWVl|A zDZ6`tekRt^zgrzU^73fQ)qe#D~Oo8ibc%0_| zE=GRa5&}rBO6?-_4G<_imOkR&@17qWt^)Y>4|A>RzJ85}Exa~$iG>P%yT&JY;u2Z7 zujAmv`Zz>1g%6tra?S8r$p`|^s&oRAm88TqrO^Q^wVKaf3c>{!(SM288eZY3M8T_& zlwvY*kT3<(obWPQYwNDb?_xPdqLOIVQ@*6wsomSA=`f>>&I@o;hi!y;jD4WHv|;JD zocGSdA_ zrsG&&@4GHz?e(8zzl&4uEB}5O{))D^tZ(mInPSb1TAR_HYGY6-w|U{9wd*!A81{U6 z;wn;q3MsCzVIZ!^e}_n?_;Ot#Cj(^J)E^U(9qd_!$Ots&&q zH~Oy(R%E3JW%S=^IrcRBpW!UPA1?n}Sjdm%ecA<)GW*u;kB+M z7L~}_b{l0a;pnvZJk6v;ZyC_Dyn=9u^0{_%99q?Dx>4$u2Sf}{WhAmF`s@Wz1ut0J z@Q7@}YBX@y(?$l|e=DuEh~ENfgq1l(fq!AV0CwxSfks?ur{-SA;0fs!JQ4Q_R;>*F zd?Fnub$jKap-eDIHmY?=i!`0hWOCV=jA>MxP+#%&{1wL=kgsosegqq&1 zEHYIyW(NOw)9O-}pm7ED9Hm?G==mo@{6wLvc($i+KOF?|0;m*C5yVNz@^ca7 zNP=sGcZ3?hj|6`kgK3m12bif2NKc>r__3_flv`#i!^0Yt(K^8Y#G|u(j)Yh7GcBXd zzOx@~5y#|KaB(hO0)J1`xyzSlJH@4z>n>|r~93S29^ zf)&awX-uUgrUx>l60(P8NF@QE8OX-o=L!sek*D=NBYT<@@)_{|K$p;m%l{S^i{tnY zBPq|Y{{vk@2HpSJd_4bWE<2|GM^h#-qT3RX@PP*?uxet!Jrw!5MCKbdBS$+kz)RX? zR~Wuv<_iBbZd{8hTlTDP1~T1lhTHu~YnztU!VBLDSkv_2W>(gHBEAqB3)LBqDLaos zqlCAw>FujjJaT~^&owbVtL9$9sfFjBs%-Zhb)!5;D8FogVhMbHuZj?*dB$zhZo{>) z8jkB}rdCuhCtD@0p^#0nQrY#ah6RJf01|0df`4n|77kUOTM@q^yi_8es%m4in{mPN zJoukXA|H$Y^M!mo|4%ME&i^r*(t}cyT%FZ(-Dy~(yhAhT6pJd0Vn)*(>%<n*%)6IY^R3KuJC)LJWIOVS$)9d!D5r(4)dySd^ zX^u?&-patOJNlUVRbGcNeZV30tFXf#i7s{KXmqyr{Hk1cQLyLUn4ZVYK1ksc^9886 z$kn6jg!ua?kH%R=C76i3>lIH#UME3ItcpI}$a~$=N!arChLqxk)JojA6?kNdEJbmB z0ig=}neya!eEoBR$3Be~BB0tGZb2g#$f4zMZyiZt_%4^4@Xlr^ypx~lX^fvlxnKQ; z(QhtsTjS{O`{OFzzobL3`1gY1n0$Gj@(lO?K$qY_{9nEp=l`KDJd#mL2jCt?uM(Rrk6KOs?knu#Q0M$Gn>e1u&xJfS9qEuu6jkyX+vzMXj&cm`{@ zZp|_Y`zbdBOhF=tQs(%YPeA?%t^GLGgF8sK2mH@}1d53?5AfkZ;OGZT<$7N~)V+n`&&2*2TcqZ(LRuSEc^!qkKwXnoj4_|oA;x@F@ z7$fx2lxM;J16;x%EdK@kKc5}Te@9WCasMC9|L1dy@%>+19P58aQu+mhP137Hd}EN! z@6oJDTaOzwnvl%Iq+bAg(R}nw2!7HHn(-595jMAgW;Q-kR)hH9qg?g*?sS#xbIlP!KGY+IaGdwdEAQ?Aa#U3V!yt0r*+fN`|;W5`T*xmj> zuQcT9bIVcw;^divZqBC1l50i=J$whtxGubC9aUubtdtI-6OFZ`S3v$^?M_}4<3+iV@X z_23q8Zkp{lRn!Xa@*G|8kx0=c9;BJb8j3l)Qj=j#G?uKHoX@}K6E=+%Cd8|WnLnY0 zuG?WPqf2)XIyn+yLB^uo!WFMC1Zdkr{1qmV6pi3;FGUk>B`~125g`#oJ;3fXU@Rgr z+3oFZ#-PDwT(2=F5|jCJBJtL&oZ~4MzYFrK#wuNOu7&D|N11Khq8EzM@T9KTp}d)Z zOVi93D+{gEV3WABu)bJwbVw~}6=1mxhfS;;vz_A!wz_h>bDTzP{m#ku!RZM*UpYEj z*+1FYIA#Y&Z0%rwedlE7U>|;MvX%Wy_I_u7JHdxB(`aZMCex;NGY`lY(wAw9v)HMTvCj z?yYbzx^)@(rTdDIr2V#>d$WUP7~7d@K{r*?qkXo-$MBB<{Zu*)+6b8$FD?8){0`}4 z(6GVsLpxtf0y% zODPb&BL66Xi^`UY){^(_wzssZP~kNXO*+>+`+jIqP_91nBTFzzuwau^LrCiae21H}nal zm9M$VA21Q1#Tcgfp|Xu{7IY)DnKjx#;LNu(bvzgN#_(Y9Y*UaZ8S6rzy4(|0`TPa??+9>n&gW(3VF$iL8gL6)u2y z(mP{%5lQNUqhZmq%p&^_l}IlTuM~^S^fsJ>Rw)50pemnTti2e3AUmgNFjTc9SRvzh zU9lm1PXrrc6hnPS*m42{LEYX}gu3?tQzUu>?mc0p>0X^QmsPBIjSeD6!cJ*6L8Kbq zf+%jFTbM>k5ld<&9AY~22AlkjyYy4tRueLmSq8TFO)5HDao;V6yfqhvAfD}`$l%2a z+3{#BEZ&R0gM2z17ly7?sQISw9TM?GQWL{`C%-E>Otc3?n^(}w)gPFswMJwxT;dIr zZaXw7xKgpkN)_8^ULkRF6>USjfZM8z5!=F>AE*CjLYqL;8bD22h4gpKe&DR?^6i1w zbg0BJ(khZx5fD0E8b&x6+qxE1z3Z51{Z2=Pp-sjTz_A5pq%9I4DvAL9hWn`tAP@J5 z>CFN$)UhagG+s3!A;YB|wM?WbBz4!eH#TPr3roc`QU5-W|AAG#HUmH7w*9JG!=zuW zxr*oB`sSRf9cgC|o91Cp@XnJS(C|RsUi963c0NCRFIYPYk!=rV+$&Ry>;;M6kffQ8 z){e)xN!rIKF6oa(w388{lYV$)lC7gPZVLek4l@y`5fL$??WE8!9Lhp+U&NfLBg>;O z4?B!w9&JR!BCW^(i4TzsgJR~8a1O)N2sDk#Y&3Zi^fv5Vn|>IP2K`P&ca%h{9!bka z;}5EFi`La`5NU1$<#?!RSB-|@rFisg4M+&xmK$&aoHxlJ(ob606Q(fgfFElm5-T+U z%OjZiz(n=?zTYV7Mm%;?uf0-abxdG1k+Zj5R2HZu687D=B%Bn52cF^RA(;jpD*V(h z!%E-4_*9iQ@sov8dVmRsoIWkT8K%OES532|<4CiDNtBz0*Fu3p8RvrFS~G!ljjly} zam1&5_MxAbnEgZ6@u=g3R`hBan{fV<0M@9ZADK9@N!TQrE`as8L4+P56rz`NWKe4u zgMl-HDCn0~o^1Iq#O+=naL-@ifLp*;(7to9vb&M?0wgEu$n{nX^kL+Ys(6eD_|S7v z*EAgq!l9Br&LC2Vw1=(0TGs@NZB;DW3iK}DMkj~5&YqfqR4~7B5pK0A3ziKRUTS zVOu7OxtMtNZVNa zO_bRAtaVG%(z>1I?y;F34GTbl7QnJF~^X%M?5s)nmDk%6bX-2 zsc|=4z!sehpjb&r&rHOfZS{T*Jrl_Mj!&9t{VM%g>UpH|ENGP7bGhpk?wgx10MI8< z(tafLb8ipHYd-L@?*W-@@rBOK@m-)5?p>jK7YGrtKEb~8>pzdaq|@8zo0yY+GGTdb zb^(`72=@MyFlzri5v!(Ois7ZDY$t*Laj!dV@?o&2q0Q(K6_J{HnRR&?@4LY!aFVrH zuhHPzy+-qi>TuDS62S_|C|o@@#?ALk_NBvPRB>4>$y`w&n`ROhVw4q^&CViktO;H@ zPXSzS#jF}a)a#iT>(%zTEEkX@SyyP1BvKTZURp?3Bh87SVN?17hJKShAm=xMs>X0x z0x|OrBiqBG@nE!cgTClxdPX`zkkOC8=Eq${pZSG_!r1NQL)A-%Cn8^UYx5 zA@wmJ{tzF;tAx?@CLR}LOH)mYCzAMFQ=KZ}Qq>Uj4$!AciL^_!kS>mjiq0sB0%}Jp zP`$;Ogf&59k}X1?Plt)a-lN^sDb3}$wpDu5MxVWnev_==jEO0ENZ|n_zJdqA4a6%Y zv{|>DnrN{nEPt#`tlC?t?>Ku$81+%>RVcCnGfWU=#K~fPJJPJTh5IDIaygO~V(`%K zU&ur$j8p43@T3;*8+wm)IRY?RC)I>S@v4aoC3$|AbO@N~16G3HlTpxyW-qw{nG%oD z5W?JJyVVSdsiM^(TX zs8U5kI)f|t$r6vWb<#1BY}qD52m$8ZLV-gV>3EV44QC~DrbcE*<5b_*(#)-p>MOJu znv|qOzZ)un+))4$eDkiHMCeVPn2JiqK)e#FX-Mzlnm z+cx|rW%>Eeel&rk|G}D{u0IpPhy^ z2mphtq8uGm6wZ6!PwUGNGbWBrPlev5YzL_Q)xZ705+7%39TFP`X#5iCD;9q&)Erw* z-JM3IYNQ?dfe2c21xNYm*N)ji%q#{gEiqzW^QS*q?;F+H#NRO{KT;;xwCG_bjlMuu zFcm|II1sZIF%0OD9K-?U^=qaNW~gg&00?l*%#V9?^Yu4T2DW44RbGq8<@nZGM;QD`v|ZJkNhyYw*W>OtZJ33HaK%${nbl4p z8FN1{+vG^igF7Naok?kO14sJM^k?~W^U$=oy4?^{1pa|3R*pmmL^HEan_fu@J_4|+5!gewYLU=Ep}25yP!8rg z=(J6qGw3YeY1gRs3j#T`gntnVb>LfrP)KOF9g0(Q+gQ;`xza6TFafa?p~^*vmt;28 z4}BWKl%^5RNh6VCT#)W?N#UFk)cdeDVkTrEo6O;`X*I&A0kgKpiC;#yJR{+tq?#M( zWRY~N9=%ADv=kvSv_jWKk@{WnDk`vA)wFJO+i$J8#3}1y&dktkb23Xa=4q13vs!&d zHH3;G7(o9Qa*Kr+{lAdS{corL6=U`6BYxHrvHv^iVluu}^l<|ky#oIoF7Q)v9QbKW zrvJli`jTw)ev<(nud!?Sx}Gu7q9Y=v9Bjr>jMTr+cB5bDj6HNCX(MHB#PkZd!^eRq zT}i0j2`TS{_A{1WHr`D0Dr6cHK8&^$9|?EY!P2m3Zz9A{i5H%jEorF%U|tV5n%tqeq>P4st--LH9t()kKgDF8D>7mplXC%*1_< z;)yh9qN)Bh9%LeOzlBWrOhDi-H&W62i<_*Bsjz=m`8D((+J1%d;DPiX{D{(j^9zN- znEo3@8Pk7b`fp7Cje`C=HXla*{g;q)euSJu2_9C}CzeFS5s8=dS>4c;*U{DZ=a6>( zs7X5xTqC3Gpt~_)_g_(-GyjiD4jQus7)1Xq_Qro-To~v79!cqw=`Fsa@r1BRH6C`O zP72K%Hy7SLI3aptZ{uX;@aSOcXk~A2XMc-rZyar8unyY<+GKNOXa5ANZEvg`on%Bi zqM?;qjbcY()Ee0>Ty>N*G7JmM0;u46hKI3*RT@%@2t$fGN)Zst2>g+YUxgQwh?+3- z>(?SHrNH6>xlZ4QT(SC0REs%~x`@*hGC!_%t*Ef6;RNDo*znoCp-Ypp_z?w-{UKFJ z0;v1)`qiyFioJ;+pz@Ctnv|a}(oM`6@K-JWK3ctX{eXE?r%n$>=d5>Q6c<|Pn+?B4sC2E##tVkp9FdPpLK2b|jro_D@q zu3FOWdsg)tw(Spg>YIsUOG?BTpI1WDu+7*z1@K~VxVptLi zyVOG?;fus3dg(h}_{?BpNeeb$a>;FSPv-#}*86G9>kUCI%lHd3z}IGXf*sXQ2Nm z8= zRVtoTA`uX#QavtYk|xCJQF`Z)zC9D4#!eA1od@0#W$inpq-;Rvy$%!D(}Re83Jh`y z?cF?Ryoyc<Yc20MB8aRjGiTY_LB?5|$|3Ooi#1=J02sJ;*mj*^1pCJ>v@3rF<)-}Irv`qpy< zLim@Kho1lBZNI;d>_g)}<`?t%{5byOD9ZEfKZUtBoFMr+7=Zut*&g|CZhkEP9Ziw( zl%tfq+D}CO(NM&Ha(Tm0cfyqJTOx2iN8#cokat4_$)_SV3Gdvd!`_>g4|MwLFW2;k zvPyVxHqx<8!q_I^Ic*X&00&-lIuunAl+Um?0^V7P9aPYe5!tT&gOl>%%JK2WIuJYj zu@EgILl?dc73ve=!-4hX{LXBd7k@Uy5*QW z-IN>k1|KB;%Kjpbderu|N>SKqX$wP=RC&CeJXfco<4WwXzb{KoiRvo4A_*SaYm)2kjSm zxZ8=h@KENkWHN^(HA#)AW_iHh7q}lLRDB^~RDCji)td@aP5SNK%oWX#1*UELTDEVk z1q3Ai!JlZbi^qbeg?GBrhzpn3Os9CRJm}6dusV-P1F#*gSGWwC=25j6)=M+ta^k1C z)rM<&ReFxUsB*ny+bN#9yWMuZfR^7jzIFL%{IILHz8NLx;Q15~>W#hzb#M z&;<R?&P!mO8qf=#)#h#0wU$+5a$Pd&$y>J_>H8C(9yTANpnWnZzDX*j;f`YUDxUAS%IYlq(wNPfufjqnzf zqtzOeCn>pNHd5K_*a-V`3kLeql=4wV`O(1of+u^tv~uSHc@J4r~&Zg z-q6PoeYK?nhbm6&-`tk*ZPC`XO=z!G^8~Jc3u)9Bldq&=l~H z!VJ3lUMqA&SIc*PB7R<_B`rxfdQ$dQwtRHLe?!?(wPrjrpNxz)3O8u*_`>yG;5$Ah z@pQN~f!^r;5FJ33S<8_g53{)fYPHT?e3lM}RH-bA@{gTZ*ysqWe~%fNFTPa_5{#Ts4Jvrg3(({&>_W zU_Wz_km`j;xUOe}9V$?$H5vvCD=kPawc5}zV8(Bz!`TzQ5|cuWsG&C(t=Df5Y;l^x zQwaDw9*pkFv!b@0dBDG9TrdCC|b2%hoW*a#n=)v8$&U+_&ub7CK}7()*kwi}Xre2gz(Enh_UPjsUK zeR31u4qzc$WEp|}x)d5zunD*=Yla9As?tI5275y52}hl2ybf^1k@>7rXvGi=^vxgY zJS)bq4~o?W)WVw#r%4<@@TbJ3yysiszcW0HC`J-(n$>GuK{@ScKtO?^eIl*9dS(lq zK#FA%)Cewe*5IM@`_aaNQj=3&Ry3mJAb?MQ|2cyZhgxRKO*3>;PxI}a`N8nnC+Y6q zZDB?Ndi5v0Q89_$_Ou=C^AlYlpTpPUfoK+oAAJ%3Jed%QG}xy~QWt%yhT%hx%(iV* zIVD!cj3C6%bF2`#3dI*;t+7-M;TEqZA z4^Wjc{r+*ZW57W7V`5kZ5i@|3PF-z)kzxZCJfh^Lz(Cm^bl7ic<8KH>Vs$7R)3b1n3m015{~#1hUHRIJ1Z zeYRQjHiLdFk;9}q{+s|OpX7I+DUuk*!jMfvvxp*U=3N|yfE7=wBuAiun5-s3U?f!m z910+f#I++igI7_?CxUolZO%vccXnd+(9p zFoXL$J^8(7cz}=PSFwh=o^3^IJ(&Kz>f)febr@yUaI*k0G@$8Zv>(x!%KDL6ivgkyC@3{X%2D&GRWnbj{vR(-!~d2iHuZpM0O!r#68n%t}_*& zQ!+d;8Yt=oc=V-Ds}$19k2$i$+g)+r_?>WQyfw%ZnbRg|-e~Az^wtmD=(ZD;RK`1j zzoFY~nu1xY;|lDAVnC1-kV_=g1HF+~IAF*{J4Q(=5^dd$2y#~L=DH+P(8u%%o3=7Q zIAG>0Bm?~!a;Kt=rn@3=wYCJss7XfSyM;m3trjI519CdS&q+}hS}YsPfrHEz;DL$P z5y9AB6F(=v>mr6XYy#1oqQ)X`!xX33+|LO>uoDwMCz9nugM=PZMkH8_PdsqX=NNs2 zEhLg1{X0#PkYFHhK}!L&^cevcxx@ybO+P*k?bSWQ>6JbAh9K{|I*AgLKI_NjJ3aJe z5><5Hm6QBMhJ>W2K3=91wp>;-Lp{^@a0{TLt)>ap8Ip9=~7d0<^`F zoT)fQm<2K66lKDSl1+(AyZdZFRB*w>{K~rY0a44JA;+N0Ohk($^XdUI{n`>c+H;xT zPa;G=PL{!oY-D@_J>!=lM`3`;yK=6S8k`G~vMHVanSzzYWD>xsD)AO<1gv(SQzv<~ zIN*wp<)A{a6EFH4xqf35vO6xZOB|8D)wqoh8*fCI_$Im;*czp1PTD=~vzho@BX5VC za1C#d5*u(xzm%g~(c9iPl)O?7kB2u_9Gb%Rk^51wOX+^v zhjdIDpALoN>ApNyT8h}xp`0fjif}(?gj(Xww2DIVGkMjwf#R~ws3^H&q7aJ9>7sj& zmlFnz3KQz^4I{~DqzxdYXI&3{@Jo>vuCA`UPDKiz)NR)4;+OD5I?4CG;};=jt_Z@m zB5facDntPZb+DfFhd2x%I7r_tBm_Q}LEIWnKpHj5YHLXOKbO^dBCk9y$olavEefVC z5+hX}#CO(sV zXo*Vfc%CQ`66zW7F~gVyR5C4JQ-G9zSQ5U z(=1j_kJXUCWXeXk*x^6_VSmWO7=|;S4B6hi7!a~*Ga}tEdjWmC(3K$u?sJ;6nOZBT z50Q!qu_SKC7A6fmxiCe(it*V(GXXWUwoF}Tr4|WBmC+VJq_>QQtAIMFrjk6R*5)~m z&!`|Y(8(jVo)kC)x0V`H*hiF0W_|eD*ly}F5#mNsqhtw{IJfe^In&zk6$zIt%~z2$ zZ=nD})^hn!_23>z#E3MVJu&K&kBlb5DY@VM87yAeI*C$V*X}r zljl{7iVTE|Hr7s`U9=prk4YO9mlSDjByWajl(bmXuEtm?DOT?)3C&|1IFx{j=2wCi z{_h_@C!#T*V&^Ah4)x==;&cNFU5n4*q<5-Kyo&ghH_f4(<6>Wn9^*$2V&p9JW3;jj@|hcpp<0_-A5!q5~uez zNEEf>%Ck&IJ)~QOLc!N)%1y(vhi?y)p>dj>)*uw6#YU}eu;kIpUepKSDsaVYS}r{r zWGSup@S{@$(?w-etN%rfL*%`y@kM0~`X1>Q2DUb6!_rFmDsByqzoqg!Zv8XNOyi7Q znq4WDm0L~%0Ly0HA(13(638GSG&@Gy ziGXK)eSx{e;&17#nf{K901oKFNOdNW;8 z$^vEMK!N%1`L?(Ea6Os8=es^;4V4*F`*+h@_W@N=ei~*)edKqMu}5X=dg4x`x-fBP z_=IE;UfFgzIrp=qs~|ZYO%~={>O%3LQJbmf{zSwQ{!SPv(0>?0H!@z;IOoYSY$ag# zjjJCCXeCPU1c;MD@YclGg2McZD;UYpFrx5Fvxa9>A}T=^v6YD_2&2ISCDw~o(rNs7 zu+>TZI+QjZoKIA$OUJ#X5;Hcp=bE+`}Us7VlWw}^}B{|Yk`TA3*9FmM@`tmHt5w0|@O_elU zG&OXTK-w4LByFXW30Ilxo6A0lXI>NjBBH67(+-SAZz&%Vsf0+m4^H=t33=@V&4 z&ZtLMVJLCoAUczP7v&U0k#Xxj=`q8mt-9a|{2(-r4W)tPv7uHYE{gwUG-{mmyoWDN zIugSPnff?^Y+@1`6mi}5)%cJou4m~_G$Dr6kChbraUzLCpmA)gY6ZevS}jbZX0n1Q zWWt1W(D3`g-zI1OapbP$kh<{3GH)fPd+T~|joPkzP2xKNdeGbi5o1#9FB+q9BTXwZ z5AfdoCJEpwW@Z8fEUt%y2Q*wme;17^#;dKOTnscp9hxR&bSCg6dl?aYaM{%Fuu{bS)Z6JO^pI5O~v8#?d8lwrfBFp4$7we(v z-ojz>5^YDg9iU-{;=cr6$j9!@tvMwxUP2^jCFh4OJ=5fZKxDWwj+bl4Z|j-CcO0*H zkJ?LI`-$53kzG-I6#Z_gL^Bt$0#RXtB*q;#N=#}}D+l*lO*u|G?jbvSi9V)XYyE5j(9b7f+tx@KJCuVXDSzcpU7xS? zy~&QIkAQMb@A(iomqQ%_(v{7_?*d{ufPP^7Y!E8oGp1QhWTmapbW>+mB&t+H7B*nZ ze~J13OtZ+NIDq`rfH%q>^N+YYu{1I*DJMR(G3}9VBtq%)jBPMCwN5V2!fjdk9*bL? zeZdPvi6YU~TDd3E;qgh|R;$rQi57*L`QEd0zYFwk)XiIPA%b8OZdV~px@4<_l^;0yyJ7f;m_s;lp_UW(>PRQ~xJW2hnaRjznG7P+sxbgllu$~e zdopRKz$75>`x*g3L>6303 z|Mm3XIs7a5F4)wVjQgNmH;Ae~D0(2#O3>|Hf9dPBfjYbu2L%)_(CB6YQp12Mjorcf zmNFJaAv^N)O;!*=HO>>`DYTo|Y850hRpdq~t7r|~$QoQJ>a9x(H=8rG4v&daeZzfe zmzE>amN)R*Ic%Y`U=JDvt>u5fGNE|7V3h#zYJ7ai5$AB0Ov3lJuZ`Ai(+DLjCuANX zKnKi#eNQh)`4TvYUxxS22W+}QliVLlCNMays^1yPKWEFnt{tn*-zbj1twLh6Io0c? z6ygu+*6RJcFIWXS7uZy2IDrEYmBhms?l86zD3K~@DoMiN+QB==WT%+tpG3KuELKwT z->95Jd`e1~T4Xf3XjFzvsH4~^2XeVqm=ZBzF#mXxlY5&{?s_Vrd7t94*WOE#)iXRa&TeUdPe`8hQsb8#jx|uX0X)^ zw&(29J2)iW^rW-&b{V$;Y*YFPlI0$7b$JJNvmVw_VlLa;%ZfGqLi$W!de!MWoY)+` zWi3iz5eN@ZIF6y~_*|7>Br!lY>`KEfu0}xzUa5Mt<+w)it2n19eXVQBu@GvfJ3jBm zxvjxKgt%-9=V7AS@+0xr>_+TO%dTRcj3usR6+T_@f_P6$6IA>TJ=W&Oema^Tcb?8? zWzonBjqx8f_PlcJ{(U=t3X5)MQTtU|kUnx6+Jof^`+&C7dBd$X=`1tYc+q^F8A%o7 z0?Y;TarAc129@SADR6}1En5ts#+FN2}iE$Z;vI1{@gWIT58saa5_>$;%Ddv z!I>K9N{=w>o_>AD+o>xiQ80OF^gXR&q#_+jWd<{M%a-zDa9yDsUtCAW4qt^oH3}6A z^la7o^H95hUbqZ3kjK(((T2^wbLn z!D#d@oUt#8aqtF$C9WJMc_6iK>wUlSdN`Y|qt)hHT1(QhuxsC#Lk=h|###oe5HxC4 z?LZ>!+91I~sY&h9wl~|K36J!~va!4tvkm*CWKoMK)4(NEPG?qQCk{!QgNl>vuqrjp zkuc^FSIEY1Em#zEOtUyJ%XL6+9@s-UmOPF#x{ zS4IqZF_F}wO%+o~Da>F^?ZU_4)+!JW>bvn0V)lyRJSfg&>97L{e2CJS=v{oq=MCWGU z%w?@Ij;+Kcc$t-6`5-h?MKdm3b`yD59pop&s}4)_#_Glzx&~5*SQM`wKX&)d9WAct z82g%my0}!&C;8o2{SWegFE0Ue_4+TH8@sple?H6aX7~R(^OBKjeQA|N1qMTw1+`uiSpt872?x@43SiD~N zQ&ReKCSI)1#zAwI^rf@d+L1#|%!APt-QR+&wme9=X&yRpRu7zTB=w2J?L7#rvA|== z>*2JHmAU?*H6E0o&0o5Cnw+DzLzkiE(pP0G?u+;QJ5P_C48WD+C0Mz(s9lQ1LlHcb|Q za{F}6S1Pyb_>W-RHd)E656DjQQyKUQD3TfY(ky_F5f+pFC>;*bpN1kg#O|fsT>P>i zw3jMrYqx4Bu-oFGqu9GY+=bAtaZ00R{EIGiKY9!gO1rds@xYTRbG#PZc~F?QerNiz z+@IW)c2~QbPcjT;Lp5%a!%;tXx#7aEbkP4uW8jei$JXXGF0k6m0XHa6U->Y;d;rXU z$+Bo(ydGRGJ02(W&ICOUqTckhQ9pbakH;u7PRFdkBDW2z>&uSlCnwrb5Cgg;pk2?! z#%)X3 z-6cGFUqDy@HK$D<>u{J9os*aNWaKS(v z9I8_s7Va_;tM(8z2MuTK*C_Q(0T0S^ZX5bOYrF~Sf`}!9RvFa*`;UU}^sbd$9_5N+ z$N1-%dE3FWFncF{s~k>#ms~F3WZWfL*3KPF>X9s_VEc=Nj)R5$(mv;e0_{rVtf2oT z=*i9>gJK)PR7Iw(9Wt4P>p{cOT&&fVrg%xB{!JW%k~5$nD-6F5dMj6%D`GjO9OjJK z^>Xs&A-wqZct_bocEN#4M#;=U8`Nz6imE{z2Jht%MmczxNZEV(?3vU4+>{7ntIo zc!{Ai?J%08iSifgApT%6i~0$-10h0s;=EPvSn+OO2C5)70>%!UMk~SoU_grRVRT9r zsY%C(p6tqvz;dW3s)wpN6?u18Nbg`7879xKHp<#k~3fpq0)nM5L5hZU<^ zOQ5`cTxd>8Hvd*@5^LogeKrD|MZrq}P+YvWRd{fhLSO;Cl)d z@r3eRmcV0$Za$fwoN$bYo7SLRXaeVy%)!iX)9G~CFz3@d^DmmN;4^F(LaLN??4K}@ z1^!?>?Ez|c=>o9emcVc+e)ThV?4{tv)?I~7K2+uNTlSVn5P=1P<+Sn-439)x%~hlC z<~CBEnZw`he*_o+wovPQSauytuI`$Y-IK1=djP0zi(VV*Pssav`L%^(KXTYT4U9G~2 zj&+EV16<3H6rhB|mggLa1!MExYWHa{cbNF}U`JN&{$HRmt`0++8r;Dece zS5-!-lrFos+{mTU#aXoc`lx75h_azg918`?YQ`&wj14Ot@A&6E4Gyl=28;hrEs(EyLcf`&kyw zu={h%WCUHGw^?u0bZh@~EX#~<8>cQ^rWFIC=2*t{^yLmm5E6N+6w&D9X1M|`ws9wE zI(Dts;tK3Mqfj7Kj1wgW{X%&UIGuR|^*PREd=&Enx#*k@tQ{>*4{8MLjz)n3$& z0P#Tv(NP(#FPjzbKbY7<$wXs?F8b%#6>}=&aN~=kC+k?99y$lvmqTDWVXkCCaV>h# zEI1jl^9Uf1QCwvao@pJXz_s111Md5qxKze}ThYjDMNyq@oK0j*;Q^m3{XDp$1RgX*U9)|LCd z%JP^c5%o5MXp0t}1Nq~V(t)r=`GL+?;yFaqs@g&CdI{}R<$4)Q-+Dcpjd>Txl>5iUEzg9fdg#DZ4v%Zpb( zA3T2iN>q&7UtkJ1Uz42j`xb;d%j6jqTXO^jX9BCKh(8(aP~t z6$AJT4SVBZbRb&PfIYu)H-$h*vooeX3f$e-ej3t37*?~iFLV;d^h%g26J9gtGB-_pQD-n6n+x3a#CZck zXvzU+N9LQ#jSc=#zRqx+4Y8rbPKvx`Vh^j*NwTRs!m|CB; ziNE}*QI_=Up$pyc$EJA|pImxQV3i)0%8!;05xUBhep48Zxq9bdhTFs%pZUHDs=9@h-6)51f^fw%(drUsRxsy|c~W&*JCqn0P#gd-tA`bWh4GL6dgci8Xwgj!L)n zI}oJR5RT@}5;vDI$lDg=@VrGXtiv!32VLbD!7=22rf1FoU0Y43*ys+-%x~tn^V=VH z(G1o_6$1HEs-XJHka}+WcWjDTtDmQnC)jS@#`5BOHeunDAKIVL$#5R{?kPG**dRCQ z3Fx*~JfhMa;2j;J`_E8U(o|Wq@Xl#el3Hs7i4s^H_aTqAaEPFv#?Q07Hg{5{gC zN1a~RTra}nPicPlX~K^d%vUH(VQ}t)Yc5y?R#`bS725a-Pvd>4M4ssABd${n>R4tiXVP3h@#fuA#|Tj zs9;mxhlgP@QNdaG+GKnBb}iYrzw7*N*8bb=P2*u94tRn6cYAkt+q3^}Z*Fei+J8UC zZ@&Fk?dKP<1FzIpg8eBliCL!;JPk)cEK#?XK#%z(X#6mwM-Q=wcAWmWR>O$I@hpo^ z&nD19|2x>)*xYTw|Lir{z2x zW@6yuaQ{a@q`gTRek?3I5?~aKkpwN95w;Q?+34ceev7t;P?GkulAq6K6r8%ym%Endhz`6 z!Rvz;&*86Mg8k?J6a3e~^T*8~ib<~;y{AwgDm{zKh~=uV3|!<4K&4WY5W+spD>@-~>l;o^y>4!1k437?0wK)O#vS3c9JmHz1`y=|~0=;NIbW&q8z)Gi9=0 zk<>;B-pLsN)A$U5w?S1g42QEH!Ls5X>(eBjtc#q74}i4RZopgMXFk|-od)EaGT#B! z+;t&v)cm@5h4WMk(auweFY1Pq;ybpamzWVe)4U7N4k#}(LFhpA;>#j;Rc*si*|B~( z`0r;=f(F`);T&xSIr%BBb%IgKanTdXw~8A(0#rgL^qCfsEFTA4v<~Ip#j)|f%;I!7 zH7~D-{9!GFJaOi(zA_V*C&gKImi4Akc%e9N%K7X59t2kH5@K!(AK3a-GezqI4=IdO zg$u{R56^u=e^Q#Mz|J_JdMsd#m$bk@^biQm-^J3n4@y>9v*mjG>5lca3#I7=bdfG} z$G{Y>Ql|iw1}tJzCfQ)+1Frt1$^A!}rnIMvuf;A1ZzMw&+-*uSHoD4gH>FmU2Ihd1 zI4NX06apNwN~>%ds%vsN9+1)4dWStWbYUlhpJ*sPB<{X;kop%yRo~q zd=L1w!8VXiEz7$>Ftz5SE5zHi;eKhWs{DQOGmexUeGAL&yd}l6k9CnI$Sfq0o3veT zF>MzfP8Cfp{`rbj!3}}lN{U+Oq%{6WmL)QJVE_H!|1HdjRX~@xA0qEDZI;m0ILR^F zv`Vf3TqXSxYGC=ar)LBkjIj?egN(x@+WuIz3!G4B4Ms9wTH)}f`VKHfo~qNYfl;JA z)i(cPyn~5wo*VDuMe8ilYcZij0r^%W?ITc|6cg*}>8q@doYj&T#|#7=Q^TzK5OA79 zSiN%?i+=r+e-cm&%;w%c3^_kD@n`<0&A>lCGz+W(bQWeK6b-sKendCQ;!$Ovqb594 zW8##VE?TEo(?pVcheNYWXK+4!B%|__T{%_$DR=K$rR35VZ>h#|1+T3BJNC(=(qF@H zLWP1J{D`zPn{-t!ay_t7$XQGTC3K+c3hVPv&>5r`8YjY(cxPyorRW~faM`OimH0-d zg*9DHk7^|W1PtH~Sj>)l@zA&%J#;5yX_{XZFcO)o{ULIiyU zel5jY_-JQko>kNf2_zaq(PLqPwRE-YhJnqvX{zEVUQmG`sXAQ7(V%LaXE3IL zwx(f*8jM;M2bniTO|Elwu7yM__u=%Z>ZJK@J4kEJsRo*ISp=%m2;Ni-Pr2P3DSNwXLPQhRo2ub2 zYU>8hX-5DV7W|(m1MCZpj!hQlsB9QsgtI)LWr%EBg>!d!1Z}}IafFMeQ$hFmUxn;Q zyg6JQWdIy6s*GsJMk_?LTOS?FZd%-4lZ>_a&dyuqCUIX(z0G*>d87VF4qWk8&n4A_ z=ImJ);tn3jpkgl9^oadFUS<)nyi?BdWM5mCox&rVXU7n~!X;{dP&FrU;j;(dvHmFO zqY`>?edk`N1$6jTzP6E@G-w zFS|Ul^YAPRj>dZO({UH&jbXtVusjL2x(J`AlV3nmvW<|&h&kdV@u9&-+C58G;7<4{1{8Nr!(FbVx+#U*Yr(;2xm&v2Fffgr= z`IOmkrlfp{y)f*%myZ$!jQS5rs`;fK>z7JGSot9T_(}O=N7szp+!la-W6M) zTjIV*=q<&Q(!{CO+>}EfPTC$YoQ(skOx5Egd~rP9N`~ReNQ3Fvts9NHVNy?ISkXyE z;kGym%nC5Epp<2Ywnv2C+D@mxBaa$|nSw4cW?K0_|8#9-1?pl|;!okDXHGZdDT#wB4qSZuld1{UcrHJSTA^>Bdl%g?lF( zQ-=Lg0T>Sl>?xUnau-O24{noEUlx!IHi_&$^V8U9&sqwtRhfbFk`dBos6|%2{DF2C z58#+wdJ~DUWdt_IhaGeAzl6&oC}If~e`gCgGRO6KO&2}e@V2o4rKEL99(28x#XP3V zK%9ddm4en>AM2{low#GaGY1dLlGIlaO{<-s6m-y_Fgz>E82%~OTcbRY6n`=&i<|nS zG?A!RYf%1qGikL-Z_?#cYAw;+tip=<7bP|J*a~J#h_AJPkuQwWcdBBi?NXS!kSR4h z`UHJ=5ow+sKz~+XFap~=E%{OvM`03)lp-zrdHBhI9q3i5raq}l?hV)f!Q>c)BtQ$~ z|E;|}KmX6x_TJ8|{Qo(A^XtFRetvnm|Mgiq3Z8+;+xP*VjFxcuZ1mSq?BBa}_`H?) zKdr?7_Uhh2X4>c3tj&I>!$91&S{3_afLDM%2pFEu;BjR z*}J#t>;La<-{$}OEWh&mzj8mn7%xz%+26d??BCw=U+FzB=uEj3iKZ_v&_CnAkZO^g zK3EeMsROF&OOC~znvr!^v{qmK)OqHg!qMh3BL{r2REF=|gaR%L$E~~X%7XRPtmahr@zP?bKG#THolkoN*R>i@{|)tS&3ngB zl}1yI!2QY|bK6>x_IR3~l|n90jvfRHI-B2-(~HN>TOS)0u)TTc>iXuWys@le9~+5Q%liLp-`m_R`2Xx} z-tzyS<2R50_xAJ4@cymV+%RxI3VfcZuyHFY+=>dHT2%O&1qJEmxjNTBTlsUY%w@Vz zmS8d625a^;?NORSIF@hj2gbzYXg7aUv@R*%WZINeZz=?Ttw_utAZ&^icO-zbq^>&t zVp|dVlUr)c<-RC`m7WPD>gp}32-Wy=N7aJzGh1D~9F)(1%wtDvJG#H(!reJ}`HLD> z?*Hu>GTxo0|qy< zn{pmatRm1WUM*#%<&*&;oq{3jS?X55V6pD^A)FsECfF~n`Y9iR4rZu*@MBO4@dZ#nNKMp$g62@wwedW4<0-?4v-GuS$04*j&T@o zpx+~1Iu`421<*u5T^_Hsg9ehrmG1bw8|Uq{WoM&G+?348od7*R!oSc-*_?V2hwiHc z2<0<7b|J|m=S|GaE3oFJ#yV$qucA}9D|mK4@E@?%oeclwPSF{YY~eE7MnvJ50JiC! z1$_DGG0}<<GBI2aU0MuW}`c+gv zC}Ch6bVO}X{=nYpOND+4>{2l+%>AY$XnKz!$Ov5Qvzm^IzyObfcccnMn}rT z38qfN3@TxgCYTll`Qs7q2`?5b0fxem`Py9{G2|M!yhPJTP9nPD=cx98KH6m9R=fy} z^DfNvt^=?asjgH;F+q!IGKq%)W&0ruJT0LxwZP?5V3JO&<$$zOY&r374I~420pW(g zjVV&i$OGL+F<1gNRti6jH|A4z9EuKbJ%bokr;fEz}&~ zHsQFazXZobp(rH486UX2-rlX8p$GF+Rt@FX@@HLtBquCf^2>G;Fe}WXmS08Vqnua-zJ7alW0LZfwK` zCW|>N$G!m+fLKcec|?1HcL2+sqzbbDJ5h=&-+ib5U7mOJg)EI`7iqM0RjP=@A|;76 zkOf>@0ML@Dp21#Jz{PFwz}j1AIcr3-rnSJfFNT1EFAON=d&rI4eNKF!P@3Pd6Wh4v7OdiBjof;}rDE-LRQR)Lv0%27{6^Zj$q4c1L87mIHB}4w zX9i-{mM)Mc3^Y4+eOx3_nW~lfAgJTuRzA?v%ewb%e4@*SXv>)0z8MrPQ~0As?}|^Ba~#yDqtxfPsKC?~?Q);R#~8r}8=Zg-n*Qqy;qcavkZ0lS!=~5;pB<77=YShvNV4o7pE~oCd2f<-9d6BWk>ZJ}YmxO(tK*73ucOIBF z(j6*IC%u-8)5*ms8L{4@o;jWjXI(0%l6NtkaKk&>raKE+bydht%mt5FyV3Z-nWlb3 zb0lh~JXoYsXfj%KsZw;u4M=fwQu5{KsH8&9ZHmcXNtVNYIEg3Tn6Iba4cBj}6t+^d`ZwT2hVGP0$(6(1<1y$S=&@u!nk;s?0D-tJlr(Q~}%7fO8 z{`6_Ae1l01Ez+H@^z)OQtOUQIKeeU$L;g>RbFeN-+o)80$dp_|cPE!~;l1nJ zld`myQkb2ic^A}~8I!H+YT@O{$fZyTacMf>(IOhxwRzSt81Yg%ikK~2G?&g_H9&FC z#No_JC;!MKVjIM3XdIW?Az@W9Ql38(*23g7o^@UaxFMOzIVO9h%q*x<%=A(o-kU0P z#kL2Qu4xE7eAE^bXOi_(cb~-y@v#aKh(XTmaTaZ6>w@gkG&~5)HhEj$ z-kd(m_i1Hyr%LL)8x|ymjV03pu8*zN^5aUDXqc`E zT3+|CsowX!Va0rO=V<}Jh({f+;RFN(#uo%vk!h7&ciDlf7w#2Se?P^VZiLUi$H?yv zPRv-=q2q$k5;W)VgxUIbRdDowKW7tPxa6V;2(OsVKr=)}6<3eiG?Wojz{nt|l!jFfJ0sq3k*vQE^6#(7zn{0m3#N+utl&yV|ngT^g`oR6(6jkbNFUA#ZtTj}j?U>EE z^oGfhM^mAq*xYUGW_SnG!*xGh%w8xV(%$xL!PE6C?)aPdgKBy`z@mI4y|XIDpT5C+`mYpi~NzCy~ce9Pa*U-)XVBQ9|QGL2?)heh9$k|Y0+{@ZYG*~ zN)8)1R47unTqi5<@6A|e_qTQe*IqSUC-p|#Hg*Ti&KvJos-oGK-EGS zXKd4F(fpXVt||(6zcnt*RTso1+0(-u9#4l0%7+!akDa8&h{^uwYQhtr5z@x9onHGx zv_?$?d{g-|BqeF)SV=-KV7c@khk*t+&ZJo(%9`#t-_pWq;AU|RI_gp_2ESF0J60{2T_ei{i2xx=2!ncj4y=7_Y#rug3WRxt&%# z_V+yNp|cN~K9Q)ykMb3I9u_?v6n`Y*#_e1k`?%PO>i)q&*W+eH%8y9u zpn}<`qba7Ul0AE`aOk{wX5EXeEkpu)|Uztu^QY75p-46AhG!;6U6GQz03oYYv#ME?%0C42j^k9^!<3} zKu28FuWIFtvVrA^!I7*%I=C2Iqm-(ieu0U0i72Iq0si$4-MeeVU=J*}0n5ef9`Hl{ za$F_OWte&i+E3@rB2Nu9apV25So=0)v!gqi%o-Z5Djiv`o~}7v`ogrjzXoOJ`oOm3r>f+xP`FPNMR5kAop2oM#XEZT00imD{=I z0qxGlKaA$yYijIS?6=e!mW{1e!48)h&4)D(NobuQ0xQZ$G0Ke6>B6Zd=h(&+Pa_kc zlmlASlcP7iS-BC0>MG+=kK|r;6{j2S%=otXRk4?Vb2VSLC^I{9mN*5?tdVHc1GR}` zzC`oX-Sez@9Q2eOLNITf#fw-mZvP-OUaZI(VaQr>NwNEvr2ULF5ORWXKxr+QNAv?Z zxg(UZ6pDGEftpJ)tlRw|(m)6w5N)%Sy=xvM!vBr<-S6I`E{eb#Z^^)M{{q|GoM3qr zL>yAL+Wr)!9Yq>w=c8rz0-M`siPw7~lJsxInZDlCVa*7IAwxH1iGZNSl(%3w(S4Vk zhM*)g#`IZS!M;$(MRQHqGkZXxikC4RX{6-Iw3MQfGRH)IT2N@iCh{tgVlAEerV1ng^bvP1w7Jm4(QM3gRYd zc48U1=nvVNkQqQ6N^~NnN7_+NrAv|_UK)sANI(${IrYl4eRxySC0=%FL*Rsk(yOT+ z3@$epMcy2QR0L8*l3q(H#d7*P#m#8c(YWkB;fWPr;Xr5V0&55f$6PVr7E~!~-7&t3 zr4cBuZ7$J@Djin&vj+F{m0m7F3{-RERDk#sC8HKvhpBwO#p{VQ)%qkAa8=8ZQyGaA~}P(m;|CsOrdj4x4XNHolVe(&?mt9fA(OU`jIW z7bZjK*+wQ;Msi?DIzzQki3i{i3{~*AA*k+OZ%yFMuZ-`yTO4@CAAQ-Z-WH~^tVT;?QJ)RR9dz_#1a z_a*TI2PF9T%CF{J_)Q}|_iv`0+73Jo$If*FMI*h~Ktx`vlPBSsEsgMM7c92B33P{% zyH&aB36TKo_3BkJN3)cFWuYgYQMB@1AQ6rrPUV0%hdxG>1=>U^agyL*&RyBUp3XLS zd|AaeP5i|dR%~a{09)sD6>Ol;Nb#R08UBd=5Bgr^=F#sTwEgJ=P@kf0a; z*e>MzMg+MssI}E&G^VRLRe~mm8M(|R(I3|7nH;tAmZU1noKp=HqcC?AUAO-Jcf2`r zu6eT@O?AmijEVy=W<=7&R2JdROp+6umxD`SNsO`NX61`lwQ9)WfNs=wAN%m%q~g9; zTim;=JW}Tzru4h;=_F-(K+)3vC0$UPzUZ(8hOtbb;h+K>@MZ)SGY9b# zoZklfj>qvw96XTbI2d4qyoIKr|2#2+uX>4DpHSfuk9LAy=8-Ly@J4-UM)A1esQK_p zX(=alH#26}iZ7n__TIg*Z5i_U-N8=WU9^L(!nE}u<4rw!3Qq@0xzjFZ^Eo z{SmikM@_i;g|3!uPu68-zvwF9UfT7w6b+C3^lHeM({<0~Z8+*twkKiTpAn4%FffOy zVyA3>bLOHxFu?oJPz~n7mMP}2fCc}*l`6c`Y|g7)izdiszOqs4qZDZ zXlLQ|DKus&@c1IFjH6#^C9RxIow+k;6NAA>cVY_ASdwaE~=?B`Rggki4}*s+^}!0qs(-39fH{G8P>XhU6VRT z@Tc$7rdXN;_7r=a!0I^;KL5A6M137sPiL&L7g9U=@eUBrV$CtM1)OOXy+$f^IlQ{b z^lToVOqT;Psv%z)I%&+lYp^s4#JbPUK-7aQ2p^v$hxiD63fcG6Rf`MSeP_?yQsuzv ziyZ@IhpUMl0WJpwnmQLN2*tSYvS_|q#g#>HKmXsC3q7u zzz@}I!4}45j+TKS`>{dtuAvddM$3L;QEHpYOi0q;5ql4--;l_u3-IkU5Bcsz@)$x- zaJDO&_Ga%9XiDV=@uz%A-J%Z8+QD`-e;Z^%hml0*#}Lbd=QzT5B52VNTecO98N&b z;*=gdSP^MDoh-Lno9s{*M&1>;?;w%xUp%mnL`18$hDS*RudEnqinkG8Kzzw2X;d=W zgrfsvqvivx3WruZTd*QZ^A=>WnM{GHQZ8F(aJ*!voItcZA!L%-TZnD(<%&^-rJB<) z0%yBQ)i@u(&J@A0S^xFN~bLEh{p}5#PWDCHg#}8b3t3;@50%d^hV4 z0^!(q3>WWr@5g>UTGY}ywHT4`HozaK;JE+9zP0&gfTZvIT|X-@D&Bv-^ZymY)923( z=51gTGjf6K%*ONS!)J;vyACWi7q^y4i%YR5b+FkC0JPpG!aiE7WO@r zsFc=qoLUMAMsFwI81K(g3dp_~l>%-YZ1*2?n}b*iRJHYJg~nud&esNqP45)NYaV=s z^-TlBqeR&7EMiHJ*#-bS-io*(a$eILCKukJrQ;uh7zd7HAP!5VIN|zK@I>V4vniV) zxwXI!rm$t;kN4_Uitz@hPdQHCyaW<>Wbs2p*1?l&g`lu13%ZqZRVA*#TowVv9);U4 zQlUVG88aE;3~|zU-)8%~)@KGb`i=-Fm|1B2O{Fj9YfD=YahB;>lBtsCkyU_`f7~^t zqBB}j8jg}pEDRakceP9&?N3%yBkC8NTF6!|!ng>jI(D~HrJ(_8%a^K{nvR%ER6_M{ z&UB3F;YUlhcauz4QlY#p^zM0Fgs$M&&yLM@DUuh&HurM_Z6eToI2lSVdjK=UR+FZ~ zMjrVC|4zz)`f-)R=T|T=(;C}}Da#Q78HBT22UZG< zdyq4@4DIo$f>F?I%T3F>WhE2sqNF7DQIXCBN6=I=PX|sfg|?p``v6$jwRfR$($_Mq zro=N`dt&{?AnCM#%~8KI>6Y{2$c~aP%-Ir4y3SX4hXr) zLU252bwY^AAoQZ}+Kza`h`~+selAm&&)0w1j2ULvZ6O6@=lF!1>T#cG@wcw@6K4BE z4fHZEMc;MLcB4u0)$}3-7?PJP2p;{%FBHsvlh~~^YPuBFHNfYS?W3q@qLV~-TP?vaxAIS%og@G&uFnktaLFds5xmCRW2iSGj>a0ywKuBxscdn-OrbjY{fcb{#h-q)t7={{Gj;}lvg z@oZr`?7Ykx6@N7IO0{v&Mr=y18KkW$laTk{5QAutMH+;D z^TIh(^?0HejkwCC3YcUv=3{2IP$40Av!#@vE3cIBznE!vhvH+QB)5ESZO~wQ7?#iY z13*bC`)2oMNBrR)iFzi9*>9zP(2xJOui1J$>}P9#ZL>e>=Nqr*`IWvo!secvv=U&C9_ld2g|5< z7`~v-Y5H}_dFe&DH7-gT7fbVw@gc(Z^RqIYqXbhZ6<5v{vA;P2grI_-H6+my!djxf z=?BsAf_XL=0TNtdD2d@&B~#@jZq56LD?D+79@K^;9dB+jGr}=&M2}-&B&2KEfXzj; z%c5|<{(JbuA?x=)GdglEsrACpjFRAot=tA*-HrfxRc{t2)&&dP&67Jr%PC~y_7OWU zsBARJ@hG*Tl^NP;gbk1#t!L3v+)dFz2v>t51Mc?rMKhK9*N?0>#IM{#eriPFuaZX* zt;c`L@;l|)NuTPIU)}u8f`8J<>?CQ{Fv{6wxA6{$*_(X;{DQaI{LbIZ-sI}?1BQ3! zZs`C3PQR7!{{H;EHd=@2?>%OKKGGAwm3gizSc&a8>N^3_gvk2Xw_j}rBEl~%;7sQ| zLU~mY70GE&i3GI&VBue1_Yq}GJ4<#sPapH$HVQAoQ}Fi) zw$_{}!8zKr2F%w9X>KjGS_HEu=#LA$$ImILY`j`5ONbV&j;Hk~t;OduWX{3-XO*CH zi?k0g1y=-|{nEKa`)mO`-rCx=R_!+oXT34x`B|nm@O+zUZHK>R*2hpr({E8#sUONi zH*OU+qt0%ksJ-fa*zaZ1d_?2F(&0eRGvI4|Lpabg!~21zRYmZsnL0L6IU+O-Vr6O{ zx$J!(;j=y)(kk$y5|}kE`tL4n_(DWx#lDGNL>7ui7Dvi8YX`BAqDoM`o#G{0ej3%( zKr=^HR`OY&EKxL=JA3uW6KD-`S}`-Ux94iHp&cGvDf%V+?1IU^sm{g_4!d)c zJ`sU<5Ew+f=#fs~R#L9zidiD}QJy*fCFf;&YN1vxAiEb+?Lx1Ta@)|gu|eoV z2B!0akB=y;x@XvblOqvyVxA4V6)=Z-Ow@gGCDIO3_pdau>Q|N+rzWQ-87o6O zN76bCy_Cb3KHrQeg(%cZUo zy;+}X`ZyN%Y`a_LC9@wbc%W2d90*P0qwT=uznZ{fl`V- zIC?6BDqHfAf5O-{6v?j$;oze-GK)YvG2>Y&87@}Cvbf8LV}3&d@Qnjp!VX$6rQgq2 z?Bj!>sAZB|GVypD=$FhgBkBXqQermcbI^F(3s@(3+G58MA73pDZskcefLYFhHMi2=3QRUJIebCc zYOQk3)~5DRrH-k)>#0>Ioi?IjBzulA(9acrv88F}CBp9F>LZ1Zmbs)M z3jXX$FMAb->>oLXtw>M@a0**Rd?sR~jZC$D7>E zC@E7yV;C1W(<}isGYhf0ExYy7XQmTx`_DP)sr<%0w! zju7#{2E{y$IE*r7--FQXOmu2!Fr6v#L@~*s=5|?7?!1>si*Xxcca(zWC&CZtv2Q2q zj5c+c6`;jHEGJs9DI3i|o=VH4cqN)`(EjnZ@Ex2~7HsNtG7o*QF0!NMR!o$Pu+P<; zN(3elOvkijmId)uULFng$R;1o+%H;&SvzZ!RS#V6qO?^tB1=}4T$0?iOh?&(Ue22T zY>?m^dW z3*TYo9mA%JJ9*5G3ror13Lb8jnBoRxO#++lIlIv_IqLi;9nZ@* z#a}?d2~m1|S+XzHn9|=5b9}P$TT;lQsukU&YNf>tK!;t!=P>0X>w?L& z9C6gboGV-Ka5RII_&~*uS!EO~`$3bc3K~A`Ob;X@vn}UzJfYwvC1$-;)mrL-xcRe; zXPJK!+_vC%F=X__GM^mRa#X?B8M$wr)LylLeJvH?S2?H1;a;jNC!k-~p*r+s5!bH| z!d~Z=Z?)T-e5qh&jR&u|uaCHkkJ8H5C*9*z%n};7qmC1Z%P>0>4wZ8Kmt>jky6e$zyIlM^=>eirTNSs(ldf=8x%MLBkTXnc( z6d8o$#S8H0T9+H6$(R+QKhyilOBz;r$3u3%79q3_}Mm&_$K#hce;nUqVeSo{O{Sg~r*!)9v-2cJP z?O^y4Y)*gi>@0iQ`(-F z*bae%_J^9;{j>{*%CyUkqze~_+2qFg9UQ+3Gn2VvJzM7^%sIA>^v~0tR@iU&(PWq5 z#+rQtLdjQmcj|Ngd8sgf{mqTN?N`0QJJ`75`zL(a-yJ~k(*^jhm(S~axAtc3=;S-y z17yEB%=iB6ZTH0jerfwtfnM>>8I1)CkP6haHKE)#ac*V{0v8u+V|!Ou$tNUh_tW2b zC+f;+AB=rX6OI@B4Hy+5d_z?zS;+~J_~X1BGim^<+2qMoCt_?!juJqVVo`y($^{`^ zXK>3;W9ZK^bwb!KNqU%`Np;7wwe7a4LLx}|evMd+AFN z{@HRPp+M%bn_wDM=$Fpxhj_5d%N_OqEU8UNn`Ot!z=SXaG9!*IJ(g0(d#F#XIXMu}6xBe2nHiNwprOXf0K4o8AKkweZJs?X8>&~(Tf&zB!LX34skys#EROWjxf z#mhI-;66knYvsfhTf|JiBjwAD;=hNQ7{!cq2RG=?6z_j1mOB$g2VKi<*K4wW43cvo zT8z}NdN5OJ5Vj{HfZ_o*-tK0S=uKuF9^vk&mIn}F?3Hmz_z}>?32mNEz&;g;}AMYf2zn@WxM@oYi9zmjbR4~Wl*I*nm zQ!Qg=!a@|qL^mk!xVq6RpRu`WXsIi~0ne$9d^=>dwPwPzOCLB@@#f`hv(5IAS3w zM8f@Xj(uytz5RiuCKTJ-ElJcqd%1E!Y7euH*|~6PzVJ?pc7fO7(4qtb3H6#UY}&*{G@{0To|Z8X^zc^+o_ELRonOa)gVO z>ixg5U@R{=+-~(Hraj4?5)QbUHaL?E^Y}i$<=vQ8bNe|mYo{yS5KF@Ye}?#fCb#YF z5%1S+jGR+(eXke)!h{Ep>o(%HTeey0*zc65^?|Vr@)kh3&?Tu`_w;y6U9beGfGF;L z7WHsAaKJgfbP!jAKv{^NyZZ;FV{w`5pz~<9`C4Pq~d-&P`Jm*c5f!_Zd%#ewY7J((h$X) zH%DWnN=&x4KEupTb=5*dG!mIFA=XV^8wq-Bec^zk-v0u&S;tZ75AmGS6dF=X2Xw0| z`gozRMGtR^p4-+|6~+MO*hcF9FYgQuyAWPWr{1GQ5GlRAQHc_?inOhvH73RKTLz^` z5GpTwLpyYXf8pbrfY?1VOxxy`ZAW4yGA6B%nU)>8RvsZJTss01X2(jC3*!yTd?-$6 zESt<1T=matRuPk^97Vb|3ZF;dn2)Ab8>P`Dk?UQC0Lm36rrOzpp(}?@c3LgXD_w}O zzSx%yI*46hWTTNqD?MksFM65^ zkdAYK*z^UriEeiW*8};yUe7IncaMerOJ5lWV z^Rl_q9Z;6B#sgdwmrY6=bKyRZ{dRggr#RrT@Rq6Ek+cpKJ_CAW%LbXP9?L1yY>k*)6i+Ft);I+xAw+RMWs3 z52|hxTjZAt={cCGF{V(t@KsVIVeRLhh)!-dZ+Eu(M&6FBzqbk&Q503CiLw#Nn|>cX zr(?F2d(Y^4Pk(p&H{rcC{s>D6%%HyhZ|eKs;@iP(ktqJQxf}B4dFF@QT3*8UCW~_* zj4@#((EFj;!`~7dvNOjtCqu2O{w${p9B`AX-`h8chzdsH)HRs#piu9{_QB`w#%^%g zJR>)4UMCZI$O}_DyFFD8J8W(u`vI-3Vd6Hys5=|)`V7()>(l+g4Fjvz1K zj5X>PZACUr2u)1*gI8-eZ;H0R-F~vR_eQoS1H6l5EM2HJ$TD}Ijsxk>6IrBD6&zv2 z2M8l#zrx`ZhgsB4b|UJk228{(4|t6t@3wf^z_UZV*eo^{Cq{|s@RU16vj9bzk4dcs zCbo+N|uMx`g;Q#Ck+b(86U$z3Vm|r;%;dK12qgQZF};0UcS# zA*w_2(W1th=*GHe01K$Ys)PBLM6xqIGOd=eFqY#DbZ(!71d{=t`XjpWZ|@=$WN@qT zTr455G!vBtnT9Y-mE|ul9tv4VUB>W%#133F``a$lXN@UK2bKq9+^!ke*p4$N)z? zWjXyJByLcMu8p%|))vqkVgc-#Y-ooQscNl)rp@N=)>e~S7jAb;nx9!~cRK|IHdCZ1 zI0vA@D-N=u`9kEWGMg}Sub%2Bi{vyyX)Iu8ql~vzj_#sDRirO$CY_HS-p&4VquJff zTR6-@85p002+SylR*8>n#egP1q?pN40|*J{fN?wkg0=qy7<8wvKNQRI)7;v2x!Seb z#?IE)-h%$f%;8>%$0%_YOy$7q-YC^$q_QZSYM?=5sfRH!c##r&L=Zx(TbL1uy$0$Ob+M)^yM(fQpk z+99u%fz_K7cvC)QOls}rPg^=*q;UQ1=XC5ftrPK}0_ceY*}AkgHwQ^*lj}kIZC3vM z>6>4V$N%SY|7=f>fTv#&BLVz3A1Ax}4f>bA8>ju3AphtsiKcA9H!#shYJopAnDZvl zXPzFYE&tvkin_gy4-lv4-V1sC^+^dLo}TD16s0+4uMj=*4M3=(tKx}@Ny z7(E>zg#L{P@py=n?Md7e4I6HR*GvvJ*ciry3B$AW{+9t0 z#9ag;7`S@U%=i*G??_blLNmajZJCPi@vOq`oC)~is|%?{;JIY;!YZON-iLi+cEY$7 z5Dr{>wr&c8vp+IqHAo|eY#%g~P?eQmb+R5W1{=iBx-h{{fAAgC3id5=1OMfR=uCr( z-z%k^Q>ji=HwMDoK-l|*o~YDy*<>t4^E0w#$q#qcg13kSTL`sbLM?=v66NEnq%D{g z=g6FV2wA(X%=|k=@HC_Gs)7i&at~&&KT>qy2+~ZMvqV1a#RPoC445v`NHg7 zmD)OexZp2pE&Up}n=?qy3vGU!pHpyU)&2_G&`SS}H*kkMAhiLI$e%3?(fpn+18#0^ zVuQZj?{;ee0P_!DgB|yB_$__=)lnG`|KvM<9xM@0{%FYuPo9}Ozn{&8+erTY)ICsSUB&iJOxzA2;30@wr>>gPif9r>Q^*)Vj z4_YrX2Csn*QW8tjdO_w{nt5e4SR=SXCQo=Foafs(h0u6>_@%(+fucyZG0q?%K9_5h zOxR=n8vF4CAQ{s1axv0Kyy$0Vt_;L z5RgbGvI$>A%ZIS&%AT%RlkkH$C@nDR{@FRixPa=us1%z*`#Fbia!z|&R{`T{}?lkUhg)^5Lm0^~5K7zV9j+)v-l~g3j2VsGF|Mt#-U5fUZbz>P= zz3A|Ls}q75FL+^Vq$Jn&g-oO#2=pi59)Hp3MA$z_WU0D$Aba;T!>B11vroqO@ynp8 z?Ww|^#MR)Jt`sPCwKGj(9eqH&k_Oob3&WsprH+k8^sA!9-*b1GUcGsygC zJj*U47c-PIfn`Ywks~d!1=>8y4|KyyFf}j}k#wY|#Kg4Ao`XGmh&~lU+ycEeNDF0g z>tUx^IbKtY;Fc#S&?KJu3H*J%q?(PCzMS+XY)o#+hc_+e=2$&CGB&B&B`4S=$E5v6 zx8H7mkt6hfV)3romHq|#96qzZV$kpP_&HpJd7t)ingoOZbdBe%0u|GGCsi3f6l9B z6-!|g(X2?c8ezzv8&}~KG!7*ah+#}5?=kRi|k=VV& zet(~_KA2pyJib&?Jyn;8xdw%N__j9~&FiUcZjX0=x;Ju{ec*|Q5MxnOdeBdsp9>ya z%?6{NVvQE&&lB{l;d*q~qxe+=P>_B_>|eRKAH z3%$-qjUN~U;9KyJILWB}!a4nAU+A?2p@1eS97zw|t#RzKM4OT(&Hurf?jGWpO>SV& zE(IJTYMcczIYr5F=4R}7DVIX_m+I2pP|b(y8iKCK zKv1$1_Isft*(^63VJ6DYQfQ*aQ36SWtZdU$U08VLJD@o0hjo$(0y&hK)Y=qWof)>t z?bUFXw6qWq-M<&i@uRU$5a~$&}gW;YHGmiNXz8UljF+*0@Sx9ofbrg42a}R zjF7FMfUK!#-L@V=oUw^o*dTxnRjc1eWVjIK7Luc_yo!l4gApI_Ghg@N=_vnhYUSE3 zNz!Q69>aqH zE{RY|KhlS~5FtVaFH&5dP@)TUO}nE9TB9q&hLIZb?+Ku1z{bW4?v$J#IpafOJQe_zyHZSA*wiPI<;Smf*%tu1Rpx2ZFvH%@<#4G(Phex zXPh}Q`ngjVAA*v-);MCC1NV)1Yf9FPKNqYJgRBYNq6)ie(~(593n{@nHuCo*B0pNR zCZz5!4?&>N<8N}%{TlcHjib*q9Vjc zOy?1ME%IlR-KApYg5HDDujjlgfNXFYDT{GZ9@aM}_IL}3zEfQLG zuR9vv&+pm`JKifpVybU1lWf#%JZX?S4zSB|S>f=Y5^-6yuvK9oG1{~6SO*IiA8yC3 zfuw@dvc6`7nxPseyC>!4V3yUCMxMd8j4x^l9~e72%rZSB>wS$0tbsLcXL8mG@n?}M zG|kMEU;LMNM-eHj6{3`|ecLF9G^FVVru#4buuAzop7sN3N=z0jiK?F%zZW%XCPOgR z0G2^z1GZ+}sJ)mx0~&Hve-&O*+kM{yg_hmIjp0rX<@l+~O->j0`{-X$h}tW74C*1d z9kw2Rx~ooIZ*JF?9s0|XO2uiPFwBQ6zKg2~&Jy8F2*{9p`Xc}l1Ix^X_c9_U8|TDe zoop;d{0$XAl>%hf7VQB9sr4{F1Vz1*w1^DpPqCAm(n4Gfj(nzkYP$EbD!Bf%fV@x` z2<6n!-%9qDnS|}?JY(h35>@=e8xjl)Bf=15!gcAmYM)3a8ZS2<-WsiEL-Rloh>Wp; zKTZU3v!Bqaj&9%N>2E9?Y-eL%pb)*(zSzP;9U^?!?{m|9F*!LvZqKD2iRcxOXw0Wi z5gEyMT(YwIKIP>dD56qDbab=up{c#lPAc}`O@AugDbye0MXUhI70Hg9MY?c1=4ut+ zDq>x7X{_olMm_BSjxRD2oDTm0!!!mphhVzEM-mpjL;y8XCbnj^2wCA-Rm5-<`8a}j zA-#omDs@taool0J6s4(-l_^ShG@6JP?HV@YRU}a?8ad=sM!Yn+jdCGlY_#TLN-BAS zBo*c+{V*@OLm4EG=o{BIqLc*I2-U#Imh8)i6d{HAwwkDb1wXmmn=~4mv{+EsS#V4s z6(BNv8q6ir$t{ysEJPAw8CF;e&!8HC6ARVfPA#H=qg-JYV5cZ4qJBv@N9BV~B-7kM zg37SAM{RAE!_vV)hQIsUjZ(2Rz3fvJBc3^h)}E!z#Z<+xZa1zd82U~>BjyO`z`{i+ z|M3_I#TFwnE4}FF9-C7rfvn@mJjRomBL9b(DxFdQ z41t>!qCmT~3!VZC z2fO*=z<{g!6Tg~4TojsFFvEp^9cZT?E+bh_`0h@~#!8)z=*3zR=@i03B-T&B>=k_Q z7eJ{1MnJj02w`YiJM3d%kHRo!_oDwygl;eNg{^>TYOjqZy+X)k|0I6H${ot@UHx9l z`3UTIG-<`65o(?0!exIjDxiHq`j)wlwySUnTlHz6wKI3v8;R=iwhB4nL%4i{1e_p}@NBG_)N5pg zk)J;{`L%yC{X-rJ0oox=noO!$fx?{&FJr>tPlp_`ik%-jUCxIej`wMz+t$datdiKL ziFe9-y7)eK@2(yDW53)l>v=wa`3AeFm?b7F*P%qNBo+-lmp{p02FTb`tmo_MZ*&Ko&C0%rL|j(=mWR?k$5JDMIybZT zdi4{)EmPea8wO~^zfBd7_up!;C#QNM@fIc!Z2P}@*qi@ay?|fp#9%ZVX#38LJ2C|@^_(v$cQi0F3rSRhcK~`d8N|UBrbng$N z#z$xt0pd0y`4>+((7Y>hatk0iOjBa*gw`V5(t-iA71MnY>ZG_!WKYwq#nD`H93NDv zN#qa`qkG!IF0tWLEQiE?810_J=lB~0@_JcR*8LG5`L%ST*I$x&WK1$2O5E2!G||0h z+4$wNMenRw(d2Tk_C&+>=EWK_Pu3N5Qc+7#dSj8PL}Xt4YLcQZO{fX}EK7fyFgxXZ zU}Ktu2ha%U{Q9oYi&%)K)&ho@LM0_wPI{>1gYR`QduopmsY0Qv>~$vs1RIcEknOYrz09mDin%-ur9s|Gvi-Ei^wmk zNP);T&fu?RVVNB{uncth-!fmekX57oPG1#kVytcYRjFkvzYc(Lf%&d1OGa4U|LNF` zD~)l$K#o^lAI6E0E*f-#D@$n->5c_EVwpk|BU|aX_rg6KSlBW(4H zttExVh>zizcMEaL#SmIlScrkmP(!<$>+kp|;5TfblLk)AgC*3n z`-B(mClfugCLy4m^p2vhm3C#=-pb{t+e6>A?}J-iJ>J^-U(;J6AEYG3gF!V>NHG<8 zTchXsjC)HMgk#Z&D35mwlbZl9lv z!D5Peg!~qR9+?|S{bE}b6Dol-i9@xp18^!VITlB{uwN!?shE#?C(Y*e$Wxo#R3+hI zTKZMUbEmuk>Kg(G$Z-3s!TGOn$ne?r$^YNKO4(9!By=Fi$cI=aOCb2-39JC6taBT? zVMfl}Bq8{f2%lE%%qpQ0b(8Hs8?m*Fl#{yBm$rg~t`zu?*pjqymO}_y zKN)P*n8QzOmF!pKMTo+QQ5IJ|OJvP>J{lZ|m~JD>0qsF^0dV&k6n=H?eE&4Z0_FXD z5N!-VgrdTPxJ>xFN5aQI!r^+E@xTB6G0%Q(ZHu|z6aw|26oYvJsu#i}CC27Ah$;er zjoD)UA3JUpTZs|`i`i>tW@ct)X0O>^Gpw0m&CJZq>@~BG>6qDTW@ct)IJxgVDSwHg zC_hnBKh>>iRZmMZqtZM-6;N-`gKDvA&uu$Bot-3|r7j>Te8K=QU1O9T38}r5JJOfr zQ_i^Pwk8H_yqo{s zC(6b~PTL#F|M(0H$aBAy{?JAR0Xq!FKrO(w#y;ovl)){Zvd-t&UhLV0|=V)y3cJ@X&_3M~j%grpno=Ha4}j*g|S~xktm;zV;a@ zY^gKktD$uFg8xTM-IJ*lx}8xYxD zV^<8-^g965wX02T#Dj?s)Hl1_>{~V8|BYbMIJA>lxSEZHq4yz3)(8kFh}1SA%R>K8 zj@QmwnFk9=5Bf6&axmTPG0N0rqVp57sDWzB7b>a2eDs4GwUr*VwLQYfgphHeAenY` zy&N&v0Q%K3D#*ZsbVnQZl3o4%2U^1f;zcu5A2Z-;$My4qo#WF3CBVP}>ASYrC}aIm z8Sk_660GO%>WcZuCzQBR29>H2=e=8&m_Jrfy@LJyFM^k`%3qNI@n;ikZk(~KoI9z%Y<`U6|S=XWcaa4yRv>SRtK2D zJ<$D#L|s`wNpPz58vt8b$BA{U-Lmquy<$jksNGU=vc1ZQwa20_`7LK-9#m_lEMWxF zbtC;{zgD=s9-O(1zgcIe_Azu*qWtg*taz)PDSc}d78rdZe( z!BoZ8d@lXCMk}#@*v1SVZ@zZuC zj)UvsWojsM`IG3InnE#dW^D!Ci2k1-OJ~coT(H6%$t!$OnX9C=pzWzwWMXC~z#OMzT(}Mc)ZqpM6&#&h_x_&j`TREhy4m;w zJ@!_8;cR`y?e;IdfVR7@HXcAa{xQ!1rYVdvSF{%fz=XHE9RdOY0ln*QNBixKt@!rpDgbe0 zxljIGPNMMfIxp~O9S}1OIu5^c?_@^PcKvR<_IeDkz1Uv1|Bjfs*MrMXg214or$r3_ z9bG8Ne7fq@KOV!l3DVm!8H}(oztXKD^7lg*IKZ41@isC+%=312fb~9hegQwR^FXyo zi_A94ueM2nQYQf(Grgd;y`8ob(4Ws!;~q?-b)^%Y_;%lM{EOv<_Rma1y7r1tbZw$+ zD}<;d-5vof+9UTq-*NUU`xUdmd2z#jqAiB^eN+)`e{EvzsVy*px%czesQ)2cLP>la ztzq2%wzIMEbOXxU%Jcc3U6xn6$Dpy0_kF^paT$iGx8mDtYoKro(^jG_+ZWbOjN6tG z;I=;kWsLu|CYd9vk_k4%Ih!;WoWg=v*bbDT{Apy z*Zp-yD5Ie%NTDcGswm^SxB<%t9J#MJ@j`>2T7ut1N9ozfogveV4oXR#m@-P}kX9N| zX6V?QEZnTpgMw+!A)x@KADt{gux1Qp*j~4zOrtf_ zKRdyhR$(XX&w$Y0vUKl|6;_=?)YWm?XqG<3@8pH~(3Za2Ek!SVJ)vfz*W2CtUZS4$ zn&^h1XA&Z_DA77pOP$W=8Q#Q4)C1WJBWIRR*K7J}E5+zB#=&u@{w&Ukg!q|77@JDi zsrjFu}b(tFrUmZaetnLLioVso1@_!>3m|3m4#M_2(sRY%ayOGMEL8$W9iO8&yu@FwS zxSY12r2MPw4!ky`RBmXlo|;El$cwQfA%cn##XpVxfkff1Oy7x}hC%AiVgDt))k3_n z#mIs<6?K;-D(*#sX8He^tUUVGzHJ);VJ+n)(C!bb_D9&f0^}6@xrl zL%X8z{zs`vi{Tw=o$FJF$9kQ~eTFWz&iluG{R?`VMGL1A6DoqYYP;TA2MJF&QhDMR(ZX)JC`BRiU7^Xo9KIIhXvd;O#a``Z zH6VI%A~&o2S^9E~M0*8bP12*H{1Bx__dT7Srb}|c{bcy3hIOax94ret*UfLOQ=gfz z&xy{ZxQ{Iq->jso1F9(AgW7!jWvfNZEZtM!V?vZ0R}{1>x3Rc#T&+#5N1FV5-pim>Pnb$gzQqF48OK`(tfL99vQ0R8JpJ6*yjc!MG(b1h7mbDJdq~+a};Nz;PKe$jRtD3;n zi0dnGl~E`kJ@b*LX!jD5gIagl6!DR*#v}Lg@a}e&A`C^o*3O_tGF5HA2NCl?(4@ky zU*t-(uB6$0?(&hvxh@zMfq0x$wD}aJD(xzM#;FmAR3c)R@a+um5(%ZeKfD75Az&kJ zrnrmu{a?3hpuUJ`7GA>oUEkC_<8289hZ7+8gqP1H{aLQcAYi!eZDq}zo3 z6J|AlWT4>pu$??1)49fB9)Q_n$k__~$6i||=;bA1wshyBjPl%3*{|ghs-P67lPqCfTpyHNLtu8}5 z%4%h(f4dRFmt4{FgxwCc&b!p4?qOG(cA`iEiZAZ;_&$rs;~I>oW#&CMcc;HZrnN7U zU|?9llJipzStu6ohW7Jkf{EBT1U&2s1$eImbOQ-lmeT7rC)vr|hNBQQ(7i}WVO%w} z$2_R_@UDJPjzvk##rz%cwKt3Y>vlP)Gm^)H@O)AeD`?+WaLuSV#p!!E5WCb(WE)mf}mM({?POVAfLB9r3q!)V>Ej z9&mLpkL~DG$b#$GbnIVJ^5NM~!h$JfTC{MO;sJNpv9iVH*!58EO`?M5DS5mfs||(; zKqptJL0!&FaXwLc_KBM{a8yn|@17N|Y;_1Oa+g|1ES=&r3~R(*KMMA$^lUrE16C-NQm!gXUX3TMeXc_sJm zwC|H$4$I(tSLV^1SE0|LsnH!K>FcvE&q*Q0;QCa(10ML)s%_`*qJL{*=4%V;j-vc4 zSd)|-5)CIwD;lTFjm@#JLpY}CBee|%;32N+y3st(zzT9y)>h*oT&!}U*;uMogsWinkJ0GM$Zer@|A()}+ z#q{Y^n-~SM1bE%QFKzfibK?-0{KI@zPc@gr;t_mn-=Nuir{7lJ2+l8GDT1v*bgwO) z_y4r%eRDPPg8dP%J@y%u{m1E+3=txfgC9*9$=&lFjqVAz1ThZ&Co2yTxh#HYDDRAB zHun_qb^ri4S`>dd9iiRpCd5RCkYF!-=s8FBo3Pd%Dl51<+1)J37rUh}xpnDS%SP@2 z<(u-=EBl(}TRZ51S^}#)*)bZ)LG3u4;|3!Srf^M?-llJDHHn_@3*7DSl3hBP+BnlN z!VJOf^*2{2BZV;ZE3cAHLL*CC=k{{963t+w#f`Ck1GQ;P#rDu4kXJ65wBTZ2U>l$1 zGl8j7BxX&vpoqON3w8CxV9dJX%b58II{wQQU+I#*(&a~IG@e#2<&GZ>ipKe9(bNE~ z^_Kwp@1KjPCmaepr^TwI;j7xzu|xX_ldKDDsACsfI80gn!t<9eCke@~aj~5jUwzFV zSRF4?l`#i&-gH@6O1ks-^IArIhm-S^reW!*mi!k3GO%2&)KveO4syFSl%P*-q9-t6 zgyie4ItjPY)y-Y8YbhENbPR_9R7er_vdmDLSl;Fq+)(T+0)m#fNOcchLUkJ&i|4$l zXNcia+7&24~p+)T34co}3Jn=Lr zUF(jPwE`#`PwO0oLmY1BvbGVFRe40M?*-gvJA36x%AmK`%J17toljl#i#)7v1;<$B z>1V1Yr?-#n^qW}KTN8#;9zBotI|`?7x=B|)CAjU481Jw*o$Uxk4WM;x& z|EQaSZtz|Tmlvw9UeB&((DU&3+IKyW;8Uh{Bz%SAyNwS~`Ln-E=|;xcOn}r^WVoA? zzfz>8ppsRBsCxw0wAz^_d z&ZnH@JCtONprH5;Z<+CQUPxdi#djvRvosjcSB0)6#Wwqw&Zf2p)Mf*#> zH6xHFa>KlYviJ%k<6kPC7#TVC=I1j>n9}0bXvd5$vMrCO_Q%XMKd$izv$H>Ik9q+W<;EsY)U)LpaeX)-z^XrQ!Hnt zRM^nSojys{mQ_s7HomKe1JqPEAkMULM2OF$ulM6A;yG)PKsiKy+Vgk}SgG4SReu#o za4iKgktSM4Cdz`_-9-tljn+`K@(&k1uZP|}y9&IR9V`#!g1ywK8ZtV=j<9M$X(8gj zPj)%ZEvPnG^h!!6Qufwj&z4_kk7QyFlDl<3Ef@~Ti<~2W$i|*AHbto9RNms1RV327 zU=AwDs9+R{0jqM*kQ&ia=dhF4T%?$>Jr@!9rqKJw+I1WU;ixv$zD#!$%0}?rWt{J9 zCuz_pnBA4buz!{^KP}(}R38-R7zVJ)@)i)bk^x)A+I=4HafVqP01D%HT-aOP(VDEW zcT6akT{!d0ZQi7rGVa#47_A>7ltR~4L18A;Tyq-)wNuN>nZvu5jeS3s^?vpWC7*k9 zKGVeS?w8-h5{YY$lRx20r@sF#Qh&83l`wK?em==vCbW*W)Q>k@BzIw#?FprhFn9HV zKmK{7#_l^2WHJdwKxJ6q8TONy3UnxkXsJu1ViN>UWjru9`q9t;ogCw7^}I?%s;U_Y zwC+#R+O(lcoZYJ7DV^k-A)n(HVRSFrh4(m$Rezz3s=nKCvt6A^!E;%BwCz%t>I&`i zqK`H;Gf7aR3DaQo)|y_Ngomw-S<=kRL~B@rIl?gSNZgn{`22eNJkbrC!|}t4SEGD4 z&bcv4Pz^|*7D8bDDP|5R+?Se@HM)gO^IZKI*v(#g7R*^YOthK(9ery7-F?6}m zYs(p3Lr7*rBM?=lC`Fja?I&$fm3T=o&&Ao=$oWvq$APTafM2hw7p!TK9_hF1XS@FCd#sX5Fw zKj^9Xv3Ayqfu&qw!#YMkZlA*@zsQcl0seF878=Chn5o#O$F++uo-AOScjV%aJAJ9& zwXEtJG3vVAn$Wsd)r;}jN>M`dd40E>QaPFvx)ajZ4}a6gi#kadGFu`aHK=EqLTpwr z4rowEmE;*KV?&^RGak0_i$FakGy;w@CC%FC}AXb--iFO2|+zr z^o}`*fdK(MmicH((`=Qte;6N;hQ06t@Fnw>u9nt^T*s2Z8wVFN?u4uM4noxTgKY_( za?PPGhTgL~m_o|a7%V7?8>)Wpzr0D?bAWnM%c`RD^X#!FiOrtCk(!SGvE}~0Y&tnb)h;b!BvG1ksHDqUi~}zx2UT;i87u>MJh!o82zz(Z1hJrog~Shi|uZEQA|ZB zX)B(FY;H^I#@%j~GAc-ffm{XT>k|6VP@)&o*jf&Uo6TG*;1YsZ|`9o=EY1KgLnJ2bZeu zlBisd)pkwbfQ3!0;<_3bj`W%QVCW_G(fRxKnG8h6FXux+&Ux=7*f(vRY$(=|l5%G=@r5W0}L*@Su3= zW&3LCfJp*CrmK)>bX#APwptu9?ZQ zF%OCq`e`KJ}|;(ANXT&DurFv#wLf9{ad;S=7pj-Ci@&_f#dq z)m#;D?Wr#>T`wE2H{4(2y>BqwMMy;rCs!Pwv>U{;uea| z*d_9C$Aqg$^=;XZ#3}By#$;CpL{KivD@9i6DN&663sn6$tRI3&CwPe>ekP5L=Et(+qkoQt5vlo0i)`9?p+Kp{`h^Hjfqw8<^Ezcl`MfDkagFcdi6i1C{CR5{;|mSAEzRjB%sD zAbC>VUCz8+SQl>M%Py3L7W0dnyRfq+^R}iX66W*(46Y#94fTS^$F&Aom>8nj-?rj8jNkf;iKEy~DSxJ$`7N&Qk+VN%2xjN$Z{#P_dscNn{D+F2`n0GkG? zOJr!Ri}F|;FfB-O0X`vQ&fSt)6!~2|Zp`gH;}G|kK+`7{gVg%8BvA6sgI&RVrfo6$ z7C%PnWKg9Cv80d{qQvO-)m?RKyy6d}I-&HHsk{B2#BAZuQUVsun8+$X-c{0r)V?}% z`EX~Lt7vBQwXC2UX<=S22|5QBdsbcB155g;<+z*9r;*MxN%331+W8<%iuM5np zKH#$JU_TP^cDNdcR~QspEH62(5LvG9oL+K^S;Hccy4xqx3yhUEnK(G|x!X>f+){`K zZVUT#aB3&aHBSMv&10&!+`2=a9l4%?`~ra|hj>2!@}8!%EhB212L&u6JT5#yi^47< zqYt$H)I7xa?^H8alGp@>F5ek@AVoG1@Bnl*EsX|pbiJ;9?bYk33k5Y#H4K0lK0z$O zAd@hLLf2(Ga>rRleCT1zR=b-4h_$b<4c+5*&lNf(ea}bcT$XKB$Cj`Uwf=4=lF^!2 z_eOO~?c7;Abgb*Xa{Ay7TwS&{yXw@GwlmyA{k9?HoN2V|PDm<((O;$h2(Bmxy^%FX zqJF9pmgdbCz?3MFwmEaomd!S=8%Cw+*7%a5jZH?;=aGJb?3WTUoNP~cxO9-POQ&%M zb`@|T5hY8v%2;htZ7u#vZ-1f5X0IJQ&j^{glPspdDVvvStX`1EZo?L^TN?Ufx~BF?`UJt7GoN4wj3U zdm)Q{;Yl>okm7aoV#cQ>7y2z%WD-d*!nCfLqTQI^_cCO5;g;y)I;9Maomr2rrC{8S zUn@aDL+jQg^$-<~iBEuv{33RWJdkCzawi*2$6)7>z8;iWo#A5&zKi}HVCe&_0BsdQ zGkk-%>tbF5E}`DDHV|We^g$zlF?A>p;{N}z+oG~JWWkoHEKp8|J1KZk7{aEX=IvSI|l1jU~h4`e%9 zepmJUqN1tGww)09E47(s>|?w7Ic0&#L!~1D_|jW@-4JtYtmZn8Xoiv*HB5V+Y4<&k zkw6W^+j)jD4tU`E3BGqQ-x4^dT{7ODR6bhpo(SbFSKqRK8}d+7RwEf>9)E8Za@4)f zb9KPtlXsG5&ZR#eMJd>I=$9kqxF$RKpx`5~o?4G@#7bHo_H3bbSs$#3x|I~@*~Oe8o9ib#0A54mV6n`!O%=+mP>e8io6b)LENy{QX0hQqumsApQMkWZu> zZ)wkMzhP4``!SP}f*n!2yc@cHb-Yc(+8|QjnWniS@*p}>ZTln-O@ZIqQtif;8b0}# zdA9hDDVXwuv%FA$Lf~)ZNAMvGm445+jsWi|VP4zo!f>AQZW)UC6!S(VRfc`?lkNn+ zoqp|ux7SV4nikcsWk>hfj7Ra?N5Nd2gJ{v$rpPVbAUcJrie-);8cTG)bdO-hBQkgO z^GGeZc0|R38+}6j9IAFzj$V8M&>I(Ie@0YPQpQ}Eq_XgKZy|`%lmqwN!$Sh*82Gx3 zw^QlUwvtO`Q)D`?n}o?bm*Iz>^fhj0F9s%H2znKMGYNPtVI?UJgO^XJS!hP>h;0Yl zRjl83Is`idy_vj!nxAB!dETJ{Ln=?N=?JsWCx-O=9dtDjGw}KuuFy*4Qzf;TJJk(K z%H>1oP2q-5mqc34e2YGD3N|-iA4oF(1vEV4T!9Gm^3py%2v(MkL?j)t&3dO%dPDBY zs}iah_HKUf)&CnXdfL%_HBDzhDp%msbNVrxqovp`!6k!Ql_rlZ)-K2=s19Zh1%IO# zZ@kyT4*lZcu92&2CYO7d+^P~hPcWEt2v4iQfIui0L^A$|0+|Xsz@T^}5K-)w^yLle zx7|^%RRb6YQ6VdCr85+FE1_zvM{QxD*+U`2wa+7wga1&$>+-3s+tw|8IY>JD3x5&h z0!qlMy%PM|X%7haqX~M^s$-Z1^_BAUU_Z_9d?^fmc(KzIKmEQHBt+ih+$@Oy{v*qR zcJ&G@2p;)v*~ilo96S;n?0lhL7M;;Z=_!KOpv*e5qXLG@QBe}xbMJJ*d+ETNVmXHB zmn!hSc*6$WSnKZl)5`BLTBkF87nk8t65;=7#*@Zww82D6x$m&aZB}(ALOCQK`B8+7 zEDQJxltN8XY}Tx-$ek#&E#+7Asd1~?AW!63z>6^Eh65{c<{Euu+~bawt%(LJu?QIH zkS5Ll^Tg!#dUCnsMFb{}3!sW%)=HOsbKn_@_X7#NpRJVz_aO3=iq)RG>(rhs!dXmL zc~5NLR~;v1b(~L$;Pf2j?V#-_-C~lJ6p~j0)9|ofUR3%jautPExm1mp+@hN|F znv{kJu4A?MT?-ttn|tqE6#<%{ZUtN-9fA|oi&7X%lO>Do&OC*H%*D7mwwI1|B zm9-3<@M5$7w4pJW)x2w^IxdYW`}?U7?YrgmTiS8{YjLlN4s zrOkJV4toNr6fYXyz6e>STp#|shs)6;tvVOP67&AyqO;5XwKF~PEdJGdmG*t}-#NJj zQRSG-A(;7;!Rb3cG1Pr$>wk4hSjfj`CF7+G6wMs5JZIa{^vHg2D|- z#CvW?RKvMA=&oRAm&& z_Ic0W27JvPaN$w(Bxu-eN+E%E3G}sH_$xK_mcoBsXSX@#MBJW&v66Qi680M*Y4~wSa!*LEC(!SStpn7=bWeoBwL3IKGh#3Q`6yoC9yLL;G70TPKs7#)q^FoJ_(zd@uoO7Ue%Xc1A z$4K|}6}?N0mBDQv?dtrV!RtzV_hIQ^F@(tY&)x17yY-AR)3=XYV$_$9ZC}L-0vWJ1 za0@Z&U*`tW2mU1=5|-nZ0}Sr#sb+a}1*y~t=inYx6oQ}uaM}o)gVl#zYj**DZmABR zg+mi21mF4-UaEB=>OyeDdUH~<+~OC%z-VDss+V{QTn|1zKl&VVR(Kmt2yidOfozf) zk|wGpuRTSdXTcMTnBx+?V1BEqk&27o++p`A!+X9UAyDl6wod>qUx7?(JpIkQz6{^7 zEBk-W=*xuN^Q89f;uei|tz&*D*mPgUwPz(Umdlng+r#wkc)OG|o5U7eCr5e6vJEvt zzU6+Rau?)#ly$^3baCnV+nw^eoZ&bxR=JB7l?}A7SqgII#j$zsi4;aI@oxhr%+uFf zs7rDbi$Q$D7~oqxyv}hgNAdKvUiMDFnE{MVAlp|f; ze*V@IFTHE&R=|A;?WWEjPB>MRv;!mpzFZreDG#i^grfF8^R1nuZiA5OrIrN6cWLR1 zbQBuuoa8)d=v*81E6`^~Fbt)`{TvMNl4)i1?p!x;ajx}(1E8rP%KR`jta?kCT;h(3 zpkB*gPR37mkfGf2+O7$Sof^R~6^cn@0{D#*Wy<)E*VW@M7Dm9JH6+!CUGTJ{ru=eR~a#>Szfz>6+PK_ zwK>>fuzC)j=RQ3>P%aAI@K^p&MbY}$Tt}c9r;ROnz_E(ph^(<=NKK0-R;b3w?{|9N zS#nmu45rU~xzyeJ@nhNImQ==6O$Azw1G~$D%y&nJ&&NUvl#Y_weY2p4u{R=?9yVG1AKSMt4d-RH5$U;ZqoyUs+lbC&)D|{c? z!o!(4GLsgc$%-Z|i9%Don)2aBg{yO<_BUDNcr&WrkuD0l&`AFg0Gybe-^_t!EFpK;ze|(_gX5naDICA-Ef@n8CE{v?3=MkekMgu69 zi38F&Yv>h;Cru<^f>L*s)O}0613Nld1Wf;)k*uAatZOHQ-!zFQokd-}=enbTBZ8bW zka{^-`|juQ_s_I}#fDv6ysrE6*Ruj75)NRvDk0Rh_C4T(~j@@})QLY3-ASJy)7H|VK)w=_4U zrwb{+X1Wddl_jhU+;umP2x_oP%vbs=FE}a!%59y>-3U->yr=Fq zqb{AFo+|aC3xj)Z|L2lM>)vIrpVubV8X&d@ae4?~PGkZ-t zwO(0+ZG-0fUX;tZVs9Va{vg-KFh7w;aL8$I5cgq2d5F$wcX9gAt{bo-^gc9Z1Z}j2 zQ{UfvNk+dc4q;k0jz+)^F_ezoujb-QzTrf;lUT`Z6<^g9Q*~07_a)2Ezu?rDxBJW^ z&yX3^lzbMWDFit(vR`#FU7?0r312&CojE_KPnLZ*Y{x!H6!0E*V8nYJE2Bp4O+kY3 zD~udqd-TF)|MNXy&9Q4``R*-6mM}*GxP5G>rPnOyw zMMZq$6t}1xF9IV~%rW7U)}c3H0L4DF^kSV`2?Nnx&?w-0P$)kk5F9;5Y}YEW#0b|b zZK@V5HX3C!dN_h!h|*buB*x$}$leAYP^mh~`5Tqdx<%D4^oGNnok!1^(>HQYA4YR< zjAnFAXOPMguqoa<9b3?FNA)9~Jol!T#qxt?b#(YSj>?Z^+k-PF`RA#;QMjPColgCs zebEYv96f>uZNs`wA3J^R14*SHP_Xd0s+&3V8uQhiroA$&(88hZ!;Jsb9qPxdrcgyy zdN#)?GskVSR&@) z=duQD1(#mh?S;}-6l`wLkHKo#K?cL{1Q_hruFu~b5d}uRr$?-=&V&jHvL!X;`Wr`l zg-^j5cKY32CG%a==14f|1{v`a_myF`;C)9O+1R1wwh+GHV>}V&Vh^hMgTR`rHVB8x zk}*xykzY;(&NYDcFMvu|3Bo_tu!ce-Dy=((2PG!sEd6kcUjiz})PI5?Cet!%Hi^PH zq?n)NTyD*_<^J9-sj+0)I{vM%#L)NJ`b?_p0-@v?Xrv&$Wk73zuD?Ngw;6QHpmp6P zP-mKg6d$@(32ss~H9~#mSCc?~Pa2q~4AKA}|C&3mJxa1OCUh0V-w*q58rg^|QbI(z z;+C=SVZHHZTc4-ze@4DTe&#!x&XVk4KqTV3mHhe9#n~Z{@OFR_XzawrAX7Ppaeay# zkjbu5nbxU{ZrM~Y>rat4W>n?5cUnotaOi#VCUe9;iSJ zEaw-XO8AtJf->3Tq%|C=igQ?a#j$rwVD?EF;-c=>$G49FiJwnsDBdrhH<}wHfc@|| zOnsIm+$Hsl1f&E@@Kv9GdD2F$j8bdRB*zFW%6*>h3N-30nT^%gQOLBaQ135!ad20C zb8G3mr<&9NO&dGZ*iG<)HXe7xLR`^_5mV1gF6>RH2sfY)-1vXb>&rN>p@SvxS(v2G znHc3}e(9Dwz((RHj>NF1`^bZ!{>RTYal3Z|rU|Y) zl#&}-Z^XTTiBl0bPHEu-y)jS+phNu;bY-`#_XgVj2iOF?@ZE&*eJyu4oPGcS^j{4w zU)@0$H?(jTte)}ZHC!Og=PX{gTOs>G6l^*UJt982z$XghTdPpN3w%nxj9B;;54#Y6 zXNxY5?LeD32KFM>ifZqPcDUe-Q@6wYWQc7Dmm__FC?x$g)ZT1?fZQ1of4;h8=e83S z;@Sf2QoV0=ZF$LKdG{7iZ~EZEa&=5No}#(b5)S4{N(RVJMT#cZs`cLp#ff3-J|)!a zg8D1Z;^xWkICNQb0#P2H59McfqnjSDC;V;XvH3+A-!;a(F_Ox!sNVB*mp?Cf8=(bw zC!9*B#!qX*@hh=J^s}L>sdntkvX(gucCPiJNzk#64Hm@d4e}Ljtz%>wn*)q0xKMz) zXbYsu>G`X3@Y-MZ`v*(9Iie{Ox&gLoZxLPTcLA5_pJ}*#3a`C!AH$#ZIeAx_-!B^- zyBrmr1^Dp?!bzUe@)yG~a-0=v%#3c0I#Or9z(fe!+?dMa##4`9&DuW1dGy1D9+80& z9uEdwExMQD3DHxmU~~7NI@3gDMv@U1++#b=i~&|#zk@qV0|Sik-WA*)!f-9DMoj;I zp}dt+j{L6GRU85OkU|rPU&Iisc`SGXnn>&uw*iDods`j^_n?ulu-BdG$$&Od(aQk)TL9JvPz`KT5uB8Z7|J?*iB{m}yfuXnxfO@YdivX;!t4qQM*zAY{yPVQ zu1z^vD4(mZ%F-9o+tPESoyRi_ylYll4XN!-;%2a75M!IvLAVU;`ivP*+ITS=bgT@_ zl4$@Yk{r217zj5RQh9R4mF)*rN*Dkp7N8=0#jv{b@LJGJoO6zHRUc*=_~PN7z7LuX z{_;5RxAb`s>B_6;3XG`(&D?>cE(+SBeBXGOi$HmCdBvY?jm>TWQXt2J&dvBTi<)W% z*ojLWR?AvUUQqCg)Coznt$Vb6&yHC{2+QXP)k(k~(~E8K@0;o6^Us|Tx7*k8g{`)k z9YRh2&$$h$vluJM8nk;_jOy(0mP@hq+sHdJL*GE-4bs3cb9Y}tzac$iWEoY(8f#sG zC4!-fN$R2IrG9njZ^2rqC-`-_AO04`l|1T8+-c|qYAQJo)Prsmu~`#kMl;W9UAb8O zWqI@GvmkqomZp27)2he?OH{Jrp~?_r;4zw@{Qemwo{e)v_Fr$sjgNihHUHB7Vz>Q{ z__IId+mQIsxNMK%xE!p}EdwqxyhuK3vbeuRS!9KW28U2Q3qPkuVK+pg+TG7EeFN63 zWNASVll8zWs4s_dHSo=|Wv%jH-MYDt1`k0ZihBlWo+$zYL63BxmHqs!0dD->qY<8L zyBG>H39ge0-W!RJ@dfyC{O6)5|D@H$vBX~Er(z&Y{E|jrnO-|^^k{AkvY3p$1%kr! z&Ns3O`dHM}LIcBwDMwhn9A}<@ zL5^OPf_$E1X3x)*`F!h2ip(c$OQfLic-SHGb~0n)<-;OtSI1d3H ztv9u&pj!QjrvRWki@pZLEeiwIt~`_{23Fy9jri8~-&>9Lp!=2-E7mK%rT$d|iBGA2 zJ1d>NBWV1l(0TB^3fnEZBK{=8XbSkjUx(a!1RFUM_+@9al&oE5vtd=E3i$Hog3PfV z*45%m-R8CSmnHoDsmf(51tDxl+yyf@>-xK|5-b&tzISC*cm%A`aaxwnqzci=vLZL{;OF)654t!)I>&oK8o<8*_5Wkl0Ab$)t<7?sdlYXUBuOZkf;3ZZ}2mQhPY{ zkzJx&9;$r~Rd-Oo2rJ?6WMOZl8xijVUmLknen3d6paKkqY>;5n)dO(-;Hh|`eP4ZR zU0j#y&weE~#l#1{ZKfIV++JdcfZ_)W>tBRzx*ug*Q&V`e;^6k4g71JS7xk=H16GF% zaJk_JkMH$4fv=R;W#!Fup+FYgkkm;!87iEvg#*E>N9*Z7NmmmL?nQq;bYcZ{gxWL? zp2~M~*rOt=BtOsMd`@)`r6cwR(`Lk2FWICzm<4Gh{O&cbLR-?woh)fa*R@ zbgwvu@^YIfNYrSgezw$(ZnbqwfKIKIb6taK+y6^R!081DoRYS=s+r{$Ie&!~WkQ8#@mN4;MQdHxCCXD?0#ZK$yQ98#@;mDeM2Ell~vT?azO+ z{kIjf{{m}=|Kqy<$}BAYPjvq0Fs!8iJO94~Br&jHkvaaqz#uOD-XspBn{K}^dy7}> z^2z$|`?&@)s^g~VO(gF(1&7vWZ*3prmIFZ%GoW`}dwaJ33{2_6 z4!n<_fVHFpA#!p0M`-))?c2^~)e80lh%kW<)ITcr$S2!3coI<3SqPeWD19IqH7F+p z&c(fy#(-E7bU}dk>xO<5 zp%tp|-gq}!`SdXC-jKQzC4~;W>`S(Ey3abB&NUOg;=-;txDCe<3>)G`HZUdEDX3sM z=!6Z-C%5Y~+i+FWr(dx49?^gHwyM#l4vT?FTzqH@K<|=<8<$0`Q0&4^!mS4nW7MC$ z8M?5Lw;eqh&~_j2?(aVN+*RK|g$S684q)FE?x2)F>TbSVl@dt{K~2bnG!{#z68ml7TkXf&9i#s^2v`-Tm~A6bV(OjkoLe zTw}9Utt(=rKm!~#7`cGN$mrWarC5VY38Nxpp10odK+~tP)6>eb6(>xx{w3k6x&3{9yQAf-5RutVeMdp=guK zLb0|eDonBM1b#p_dyh?5N_KTeIPpn66cuW)P(*MniaA%4NIeI_4c5>$10K|%pAvBu zC1CPhsLm@Frg~sWTkai4gOt?xGDg~N=LgaqT1+cOHKI5fHWyr~*yYTH7~G>CSA}y> zuHdN=;gkkhrHu+9Rpw&gH9Xry)5C?zezmoGyn|L^rY4dOSG0lk&hUlVKPqa`z&4yw zMO)Dt{@oIxVJD(5!^8?IMc|9m!ia$PHqaumC$3Q=A}pQ`xdd86qvHMkSeL>ajJ5P@ zgDT5_33{36%S`FJ2FHe~yI?hGa1@^j(h6G*N^2?cUv2vOb}OGd^Du7LTiG9ZhM|+U zKVz%vVf=OERBsP!$C`*KzDbUTab9@ogoe|Z5ovL_zS1a0qSl}ZaTz|KVF)d(^68JF zyLI-;%L#+^6u0xR_-M%vu30y_k+LiU85pt^GQ zs~B~mod~rO63xK21HY#4@eM?7#ByaP2VW*A%u*IvCZ6wm0fMV z0dp&gq06`X>)BK(d-0vOfsY!ADVEI)=Cr_F7B|I72~~Y()~!F|$~@dz94s$~?}`SK z_bcn~_6Aem*igk&tItj(bkJWR7Zdl-2I~*SUQIpjnx__~B_^8*W(R=aLJz^3Sh1Dx zrFbZ5EUY2HU)*d7h^&Ey3iw6ug-Zg!>K%EgF}Ku#3VaAnK(~H%#>E9ST#SCXEzQwb z7+G-lqBBOD6m9~Cr##897JT{N-9^k?_3l3KBd|U1_9gH&>$M|ne=8qR?4U7DllCAG z>PG~DDA}G6eEk+_m_AW3qYocm%{mrmdIa04s)IWX?G4LpAL~jS1r3Jy3BN4IcX8TVF0nCZQG9(``5OE z);;WIPRDFw)c~7W*U5lrecCN*8*-p2-Ut^Du5oNq3AUFY&|6%*j;{?6X}edH;xUANB&8@X*CmTWAry~tEA zE2PmQyke4|kw~YJH$UwP8v%mCT2;sr%K@wfvo_f0Rx@~;X@XwQYOUE!X=wW!;+%~F zp<_(pnCzC=GwLj%s9Mt8U|rH=z@r!CdX?Cd7j>a)u#HBgsGtk$b+Sq81PX6$LE#hK zBx4T-78ZBmmT$+gDUTFuMJo705c4M_!3CrlRij3G#C$^gi{0bnAIj?+wd!TsZlI?T zvT%e^eW>v^j2r{oX-;tTjMZ;|dV!#DnVz+fc}AKl4oLuW052oNXyEy@Tx4ykR;`um zTV|`)H`fr9+8ui^7G58ukhdpqk%cfSUE5s8oHcN#Da+W4nK8O>9RWCKRZ7-LLCvcR?Ci%T}g4(darZB)&O^STLR-5UfXzC zyCfL`#uS^3xNH%^x1+E}%}DuW&7!9mQs3IZ^7{c0zZS6&v1AmqRwEsc_5e2zm`;H^%0zC{P4(LS*DlJ`JlzO%o;9shzbeRI>6}U#s zBT}O!`0#qrL0tU$YdO@ljm^ttWDVl&N+t1H*KQJ9D4APcSOH$|Hg+pI=gQY#GZE0! zAeiGuy$>W?*m-6finQk1UQ`64gx&RS+_YtNqlcMcQ_Nqgj{s4bg-e??5Gjyqp+JAc zd;25gj$BmKNUnuMQlu0hyVvwO1LQGqN@%GN-Bs&FXaNyLR%Y=^C@BJ`aj!Q?;(lNa;a2IA zNbF&6V9Q}9o8|>}Y-_zxNQDakbvghjHCRo=vc>m6F7B)}JK%yO8?@{Xe>y!e`hkeQ zjT!W}xvN|^G zXniDES*xvY%ve3-ik?|HON zuClB7N~`Bld+ddSSn=J1$UvvshHRLoqqHD`q=95iHm+x4+6 z#t^J;!lyy1ijG&gDkcA@9g>wP>GnFJ|C?(s^Q|uP!~kpT-`e+pmoaWnv4BZJT4GCa zi4HCdK)`m6n3o*4F?x#9PH$kRrIH=@9&ZpglsZHmhrl=jCkEVqI+9hRM>SZ6yrFGx zLvb2&){aY6xmYF=;z+)w-%Azq_bUdRmzxOZJ!)>HEC>uZtNGnKmJNA>8$`s25lZ8^ z4Pj0SsJ_0Q(iv5PwlS95L2}4S&jxnBRDDUO2WctyO1ud}XBQ7LT4|Au+Dj>v0Jef; zh&x2e;r*;AD~`KS(Z)*>8hFm6(o3LTla->_HEe`}XiWP$6?DR&l%NQN9dw9r!rq&* zM+o3bZopUK3OC%uZD1qxy02wsvARygnWeLymz6T*L6w@QdQD}$l3VMQA%z}8b>wU<@SN}4LxB{1e;Ghiq>q?q1? z1%G@dHbE*vF(U<4H$ZJ|yin7r_v}<90>tH${kE|PTeSH)F^wMFWp7Io?J$`WTT>&T== z1v};d*#MrvGDl*ojw5mA0gsQGtE?)LIzU_^t`8oB8V|x%s@}O$rv-K=rO~wduSL$p1&!AT2-)>OA!& zNzW>QbtE=3MaJ6Z1}!^4QA2rUj1_Ap)INZFHZwLxmU=x!XL0c1OyLQST@_F5jCOCN zi%fA|)0P;5FqU);*0d(5B>+?!h0!^&O&4CCg1v*r=Q8^C1 zi> z0NJeToszbExpT9I9X2^HPSnvxy3koGWk7*-xvEFGYGT#t$$K_;Ai7!geYR-z$~K&}j`pTe(d_?uhC_NEaHsEOm_h)Z%j zv<&2;9ajujabD*EG_Xb;J7wHNG>}7`syigKRU~N0sJk(3=W<36pMb^mREj?6F{}@) z!k0F?`NKRp`>*4p^V5UZAEbKkiRzea|5XK9WXS$&V{2n!|MeWt35zR{+ol7Of|8hF zSLhC!7BE&7wvsXZM0x{|67L%-t&yRAm8KsyD?JcW-6)Gt@Anq#?vM6l*T3&IBOA>w zp41Zj5%#}pwT*@S?{hra`G3E2aC8p;?Vp}Kp#|_1`VW)7nVQsbnWkn;fw#Y@Z6k-z^$bW+^2@-D6N}FL zSexYEuj;xBQUHWubIJM_gjZCrqC(FG0mTK`FTfgQ3r^$^9lAD3CFmxTtRuP5;t!_!|pvgu%h8CWJ*v9Cpo~gOP} zCuQHeR`fdtNNB6y$by5^luRIa)YzVd?c^4y+p0JST2>}Y!-d~IWYl>3-||ck;d?DN zh_N#}eNrpcsRPOhBrb0MRv_%G1ETb@TPti(7;a!66rJ~5>1wg@u1T|qa2-pXESIN4m&0%@D8P4Bl1?zujzpe zzjvZ=(8rTpT_@Tm;LE2kjgpJ!8J{fuSH>@2UjExy_F1XQbCP=90=B(2)(b*#9H20$^|?x>=b8&&U0nl~Qw-Kb|r*KVSXeMZ#vuKJlltl)9Cn>A%|@A_dZkG!w)=A2g~Vhx=H ztAq5I4@1Z#0_AwL?jv|iP&>_=R3uTXvys2bo?deu|1+Pu>KE~`)#+EGJ?E+h&O=VUpa zYXxos5^7M{sHlP(&n9Ie<5O{Te7=8H_-W_#2!z_4C6Tf`V2e&18@q{TP&j(Pdx8ib zl=Ci=9*#@i(v!+c|I|d>hS9Zj64jDBnu&tUFYJzuXHql{b?c4_*5Gf9j>WMhy?#u? zOmexFijgq}plsWqGK{t%bpc1cfb=}bsYb4UpW3IUwHet6SIF*^Y*qoh2V(tgkoHO| zi~O*4O;km;v#xtYHeRSUAvWI)ZoDWA*tmKC&F~3L6hoXC1C}<49d!7F`qcep0Bt7# zWG!~0IDI@pe7ApCk;k~$c(m}oA)jFU%D%^JV}^|(KNqz1t$iaCRo(CfX5N(*N|djh zC`O4g=j;GT3#JF1O+Tc4vS|dP?Xmb&9W`5k@f9~|5!O;p%c)$MCbd_TEcInLxKvE5 zz?x)XZ^NKCbOegNU2)D&4gJc~6H)DcuJty0z02tf+`H7!lLj7oynkn-Hmy*&y1I%6 z&HKUzsDxL!n(_w|7Az8>;4Ug z34fJF48jQOok|~eCIpZf5A0`obIf?aWScWCt-*PbmEXILXOA8tGlv{11)X7}&Lj%?$J z=^1z>Q55rw_tG$njqc?tVy$_|(Fvl|5Gbv_6pIqRq5iF8wL&yIL*o>m!zW+@ zYRc^vs(CpEg=a2q3$3Qx1E28w*7Z7F_8a1XEg9Aqu=jLm2BV5kzE)_CW(W6dt7m0A z|7yTOQ+qOT6|iOKcWcB0P@lxNSRJaezAFlcEmloZixmS(WouEc=vT(Ny&|KpzCL}B zt`4aaA&g%J0g1anA3_P@hGQd$^gJPL1@t&@eHp<*JEf$Sd^BO6OSV&2(sdXcwC|At z-xW6a3g`QZTqCa}BzYbJg95lkIUx)39%#6ipRW`&seoca+3^+ZVW)u!AddzHP8A`0 zlVSJ}OO#7BLzY93LlA%6Q({Y;bzy9YagL?sGxXeP5evBN zLWZx2_d^b`vJJ%8E;Q zU7OMd$rd_?MiEQ)k?gU{VuuK8Ka_!ZD&P)U2A&&ovgMkmTFrIgJCv z1k9VZn2m-KFn&oX<}SdP#-5aWnQ?LjMMWqEh*iZ^m<$dRMdLh-9+XWZ$x%pC2stSX zl60G*BEA<~Gwv%OltOHvbYr7BJ<;ei6HT5d0KD$mG;D-~nhFGZZCT%nk*7E3MCEl0<+Kv{vwRw{`oygC~+ zL1s$^gsOPPj2sY5Ei>s&7bzd$=4u9ZN(2>{9f|~qjkkT+rr5POb&`=jGKZ=cu`%Cj zNQ!D>FqVK(n#`K|9&dzt7?*)6=oh&VVOw8GNA_V9D6Nk|slm=g1lh@wq=OtO%Cz#~ z6i9o&+5vk~K}YYE`&9~@bWEsJvi6kTID z$PVQXS==~5mMD%%ZB4;s0Jf!F5|NNPUVNRAf#VkN?7-2-QqYHij*#_b-YHeLv3=cv zj%ZZctX6>|3n-QxY0%@$o@*PV3CE0eJj1 z{XwVf5gRI{4mM%K_8Hm2z!Yf#*>L+`m7P5z1}e}_nY16&uq`iNW{I|T_sn<(l8!jW z%-rhmj+$)fQP|@h!;~{|WCW5t1fEXlf(;ephFD7-@J8{9P_1$@llfH`9L%pn;%FIG zXU4`xNrR+I*h)Ogf9gsfW=<3bdnVa8eUZe@`vVnzGwrnkto6L8hR}K>8GKRe6;j7t zN&k_V#pY(`p9B0T!w(u69fNc{OUQg6^MuT;CLE?JNTmB>Ui}88x}M`eCYo;pY?BigG@&_ixW;b!bp^g+sB zv5umeMukI>tE(_Qi&%yTcy@MZ7RpICC{MA|WGro;R6kUEDd6a+HWOg_nrYN%t%+dA#4WO@n)b{ zrDSuk!Xqt%7>wtw?MbzR>JYLRQshYRsH=lGn+3mCRUjlw)3Z@bflnb0QpD;}4p&TT z6Lvti=c0rOosePxjT4`p42OS|$3+1}a<$VnK|IY+WI%OZl*a1H5?1MIN9gAzMugBS zeX>NSt;qV~%5D4Z9kIP`5Dq$Bd5VUN4Ock-T;%3d7$+%jO{ zVXuVg!_QYz3m1i9ay9n!XefA5snWZzw7OU-(` z_`s(7qEyEOqj4svNyi^~<^PD2dSpy70*~lP?YU-;i~wsCl_!6mzlyssvKkQuQw>p; zb|W;hglSO>u)wX>60ea9X0@YeySJJKLsJ zd62?es$#G;2!z>P8T7NQLK4eJdg`!)*mzhhcx-~Kp~N(K3NgIj@-c)$PZ|t-0|q*d zQAH(Vd(&4-oJ5G8AP%4^rb9b$wOp%aH6QiTGiuN0QI*T85Mfyr_$uF0<$fX6in1|; z;Usi7-PE~vRSM!V_Jt*W0M5_#iAeR)$GtW1?FfTQ`bsfNf+}#VLrT4CD!MBFmYZIu zhps5{)z!zjIw|h;^>3O^{Wb`6c+oVsG}zDuZj8!KcJ|HR435Uj4?FDET^4W9|0HE~ zaDdq&K(UHL3yDLN;X(p1snGA<0Y;%jG37kyjHMOD8FKVzQA!=POFS)x4hx}r7#x_a z#xv+g{5!}PWZ#jxXA2L=Oe)e#aU?6EswgEWZEU{SG{gC-kPm?hpdi1EIDGm7hbJV( zs1fLdWC$enW;q=$o1BnQ4wDCJJT}v?!XMgyE;1Y8euy>NR4jwHq zX$GuZCKZAB`?|oG*DH)u@)iKIzP+P25~gI8QqopKqJyV^vgIJeP^c1|h@CXz5$-na z5D8c=kg&}$ql}n!DT^Z$hGHhF{jYQhWG}aIRkTe<wC!`@B}hTVccq@2x^X4xl3jB!<#aJ-cVgFRRMrTTu9F%utk{iYx!G zfcyc<+!=!wVsd~kxqUJ@;4>f6yy-Z{?BJuke76|zI}__f!&E*J|cj+NeCR{8wzruF9o8tlHLq;$07pxr9B=NkNIRB8zj&5#P>ix-2ZE1Yin`;^Rqnp z`Bw(+Pg%#K{Qnm7|13{-{*~_e%g_JX;{MNPdB)AZ6nmZo4<0`MTU(op_5Uo-wE0JI z*K(ugJatU=|HaFGYuWj)*Ve0>3;*Bec$P#Ovk5O(O9McGG((j zuL|hc9K*Fu1ooh2sB?#Ljga4`H^Bh(paw+lv?k~r(;JZi_Mm1A`jaO^exKe11JDc& z(1%0~HZ{yvpZhwl@)1BDR5hFCj;or!POn-6c~I4?J04dxeVtyl2J)b)$06Q`9MhZd z0L0@HkOtrPrK>hmM^u+DG`R{sF-)76R+IlSqN-7aXR3}2dWWi_)bZ8mLNiq%?X>cB zaPs&{(qiLl>Gf>Xwi9Unor9NV7zf0#$ANF@TLw@z(|AzwR_9lI#V`Zpv{yAM=Er05 z(?MCLKy`dQUVKgV4}6}Bg)%AGrVnMF09Id{D1qwtJjhJOaRB+uyg@FN4da>#~`~f>H;51WCQGILO*ECd1F@REZ)($>X?6 zj03K{Yv7CeodITM7z+fA2I55OLDIJ@piHK*p!`9{3-E>RSVC}_lq|@h%#*=pL5=}8 z8>l#i6K9EnN*qrL`ca5Bm>_y7w4!oDsoBPjEHu3ebMG8Z9aF_D8!o$lG1R;JJfORY zYb5LCrGYd?W8hHc$zZjAnFgy;Mu0Ulj{}R*;se?v`Bw%^`f+@5eM>xnP;WUfW~T9= z`e9~+$|U3f=CV$L8Ov3veh)#4r!3pZjoqXXcrBN~sJ9#-Gt*d5{T_@$6HUMfhs^gZ zxLn3@0OM|W>kNRWM~gq|4CWb5%>W-=XlxaDy}GPqZwQKBurG_m3LF|c&wVYc##piBp@zZQo{TO#aL^EB!nUg1G^W+^1&Qp;SEAGJg^I4;Hy8 zJE8a;mc%N1Ap91Xa_UVk1(m?&uF zS9mTFX9>3YFj;9%ALP%RQd%ZXP)Qq+71I(@T%Mp@pIeii4L6A2vnd&P!9RISOMom~5_b`;56gjDnjs&DbG6uilt2q`|NF zU8dxeulZb4;H5fZ{W=QZG~MtRZSMH>@Ej^W0;=D}DD|d;8qySw*Ao5#G>|&%4yh^l zcTPc(X83$cm?zhkd?ww_lkmw;qV1fbgqg6EvYPohl=nk{k5n@}1>9=nq{;FFSz*<1P=(Khn$i+nh7;cLZ2^38y~7t0SF+5$e2t!b@Uq zPvIpotFJIN7@r5Y3uBR|@EBea^ZN`hi6`?KUJ_5?H@qaKcn&WW3LKFuRw21o_2nTd zMnfYPvkRck5QVCs19*sS(-UD;Tzi4j2;1A@LT?hQ#%6H2s-k>sQ}hQDj&eho2Z;7T zFo2xVy#%X(K^^yQTU7q{U(Pp`2_P~~2NU2}Ur&HC$pv7Z4k|x}ncFpEcoee=v}zpz zANpeZjU?O_U)?Utn9CG4YGp!mCpr>5dT=NB20STDZE^jiP^I<$6Tr+F+AzX!{L$?h zWf?xtR1KMdPuqJr(7ARN;p>;mm|9ke6Sm~6$@Wt;JZJp<*nu_m_S1$S4H`6NJxzW~hDVpsUJadm5Ir4mjaU-nRRZ*TYDT{1*2R_4zk?lFOfv zIAJN|4t=IA1ndL-xaf7AOL`-QzcOLGhmKa}8K;{5kHp2hj^ z;{5kde*OzTYzO3kZFM5Kt*Icxp9W! zDpkr{vZi6wKf8kJXIC5p=AZU^bcJF@Kc#P>oJU`8*x%1}1Tml9KWlJ5RUxcwa3j2h zAqtybFhPPDX=guAU!UfXf~?_95UQ(Wqj&km_2{N0{Npv=+Wh^CYP{2%-shUL(F$Qb zaR+><>!fx(mr8c3Hg@8en->_*1L2X~d>V!G!(oR=zf#i6mjh=sVoY`>ZBxtta=yQ) zmS0}}PXE$BE0Z>^C(!iGtD}1wec{}#n6v&TRr6(R^5@nWN?*TuRrmUC;`z?)M)(WN zr6y8$^gUYJwa~fEt52Fi8B?I!+#AxPaho`G#k1$W!65Kw>9O~vMer~BjK2Rxj{f|r zA9|+fe`*_>>qGJXH|h)h&vQIu^*PH!3Y`@*>+m&Y-)8S4qwIV~9jlbKwrPWQG$k0aCmQ*40e|8w>!2--_`WAUuPC29 z_BTU6yaM@q6-M79{-xKv`HZ3enHyg}um4xIw!XPF;3Dle~_cYLCn67Uu==y@LKOtRr@7xv&0qXKyL_|rP_ zw=I4X+uLvO%5(P)hUfcbX&~t}k@}TZ#3zGbLlM+EBE`0%K_E{Mmbc;e${&h^&-G;K zzr3G2dQSh}Y8^fg(f|6^g8o0pGyeSdMB>8Y{C7e7zdY?T;ZsUe2ipT@No}0LLNzoENVc;hiIJsrQ zpthtFydA(QfFd!DZdwUU4I!6@Q7*A{0P6-F5*(aHFAja`oIpPVY%0KDZ5zDU2|)*r zC9(cUe9n@1XSc4QYiNf=ZpLy__iQ_Yqibj4jmK!jNXTsEqv`@lsf7d;2i#SmbB&?YCt&RPn(+Kpjxo zRi@Mx;(-E)H1=ZYw@e-8S^B3-M7aR4Ahp{gtU@G)VHRxbNVsK-_8=KVm`1)tmTbjU z*0}FV#NBY}^r2&8cmcQ<>CcdMhekGe3gzk5rDEJhBQg ztpciz;F66HYqHb`*aaDJE#<2-nJ`7^@!8HG2Sg>$$cGPiF*U=IZPjRtN~2X#G>~4< z6mv*ApM`*+ zn)|_P=<}}8@oRHhV<#<3EITLSDkLSS_?;p=|1N;v?u+t?DE;pw7|R#pU&-a~e_JU{ zS>Jyi^i4?uRs56$=gFxJEPy}k5T|Y9;mw$vai#{lsK^&-3@|dI_F|Fmk{o;{`9G`w z@x5kbqy2Y<;)emd@DwIsQ|-U1`TIYr>l?L&{^vO!Q+C9)a0Ws24jWaX`Uqs&UgL%}_N7a-nDo*p z`I8>f&TY(=SL9;?mu4%MjoJU88pcH(o~>RaUgJj748S>VL`#>mHd_v4$?n;|!VJt_ z40;^j$BEl3%kDj(ELRz~(Afla{|~Ize{_|R>vZkpLDivW$;_D_f-v|LK?=!D+$Yt! z;sdIkgfC{aa>5trkysk%l`|fU3RXS`3>~Z7fFXT(#+S(iCpQaPUym;}DH!=29iY&{ zM)|L9e-mb0aFF;W79ATG+<-ZyV-o^_&j&@wp#ZG#`-ram6Vj>EnuW$n6J|nSyqJ|RE8k?wkLSvdsB%PT>zS(`70P;!-Va5xo*9d?p`@Rn3Avcm zvp2*Do{`(yhGJz**x!a?PMcF=hM1lO0>;XibxMtZ(z6!P;WXwLb{#*OV5s;x4~Jrg zkDj&tL*b&wwP9(dM#zBC1Y|fE^t8qp@jxCxdQ?E@IWR64N8}-u=L2Xwq--`q^AI!0 z0huQ>TL)yG1NrjtnCAecB2LUqFVIw2qDt0Xa%w>xba_@h&jwkZy@fie@&k*^HI73; zlxObcP{8B|l)Ss2y^om)Cl4&90-HPlO&(Ye2T6XwN;K3ev)5sSN10=?RS@I{RIH*N z&r_=r^f*U%GBJ*qCImU2K$wPu9M92KBgXMOP{xKho)0KTTbXs4WumJ*xX`sb`x4dR zQ|9TO8L@cwnzJE_A6kxL63<*n1tB(jIVS4xco-ZcCeLM#&o4s^r>xTWtQ<*r)|nnl z8o#vG{^_3d{3njPP8m9k$YmY`&0hze`)q8CJ^!cklHB>vT5bI=Vq^ZQr$7JU=RafS zADuY7P7p@!6Vx%?|2H51xmw%USe*Yo$Fn3(1_{|N#uZ?DfLjge9(Zy}NDamr7s%W^ z^{Szhmq8y5qR_x>3H?Iit{q7WeY9{z72qJiSf;?*kcZ8o7ijP>@(H`)l$JzExloW& zpZp+>&jj!~K-|&#o!Tgt3QHrOg0*+nID^K!g#!>PzApq}chI+BA1S!qq&w&}W6Nn4 z&h;;JT-iB0GXNH>7`ETC3>>^9_V*6Xk5A9CRTloW^mW04|Gxge!q--OdtsMksD#M{lXyNdydp8|5+aeIp-|9qB5Ibq>hLA+h5pk;N(?ZxQFS^|=R?`2GIlUG2QKMwF- zPKh#Q6J-ho$R$e1IF{0%xP6os6y}fnOkV%AP0n4%l=Z)kFM0WIqqUGy>@g8WkD_!x(QSfEjbZUoikJG~8$anu_Tv5h2C$8jQfY ziG&Qw7?!p@xKkrzw8N{tV4SHUCUIY@MpX=+%G6{9tq|CA`yRWg;ipKAn7qM>3Xkh) z<8>>b32NZsaN|5Oypfx3-awn?kTJZX|<4}MGNPVFy=k;MM3HCQ?$eo|E z%4su~3iN10wROxofjJw6?`9ENHMlUV8Axi$)YGvv@d108O->h!QK>?dYMNay9%J;? z%IVmNd&@Iupn@&|*Z|8-4S8<4)rO``7BCQSs2;+vmoHUayhL&S3`A5@HbiVj(U{Rg zJv2x%m5q1@5|201wW*gfy%Uvyc3L%q7;9{&rI}807IlcWyigxwAB0OxTT^hD+Td*J z#f_^tOYu0RmNqa$kFfAaQci?Qk#f0UakZusMTszSk*k+-Zi$!OJNQ>c9T}IY2RzX5 zR}(s=Z<*;?!1P^@ZAvw`57rtIpn4Xttkf*Y;|qhUs?rl|%&tMEC7Ksb4tLJq9G|{F zla7;x!ruPL{?Xq4(eA-MCL-l5q;z$`uKx!;WBC8;z-zltm=TL0SN3&eH+*Az1Tnc@uIYQc(8wT-Z1Zmf;0>#x!!{ za%%;nH?E7k_7@mSZM22K%DQgk0^3PPQWz(%9k~<*t<|-oj=PE{!gg?vk^fL2zT-z63P{42M6CE<6 z_=vJa=mD;(Ak;Uj1EHcDf1sSL5dvSNw2)ei` zVoa1lE1@41JQxSr3?bm*I`!2xf?#4_q3L7=m&hT)dc|#*qXnit!Nd1K6hM_6Bhm?B z$W{wbBc39wbN6djYGNrkCW5=GYnN(ICy^oObMhN9PJ){*gH6SD_%pnqhrA313+Q`dVVahLNmnW z8}WYsboU*+?z}!YJUIV(RlGSkKLVHq5Rt@=IN3QpKiK_nxN|B_KAfH$pY22SdjR(6 z;ONaM)Uy8`I3Wvag*37MBfN;ScRPoNRMpN0X#FX*Z}<4*=hK6?@6N@$mGu+p@R6 za|p1`u*YU*Yau57J3M3df8~K;q4sdzI;QOZwd&fC{ny6U=3@VUj_0?65Ji;#irb=S zqCjyKzZjQ#V+I)~3wLRd7+X;o!+s$h+(m4Yp%=z71VGEq3WM;&0Bx2taQF+F*(PM{ zf@!_8!)lwIR>GjSRM-9-IYz0@i(w{sA;V6;K(pGgUC-O1GfBu8|$>frv-igPk6@A zf63KaarX)8m?r<%*6Ks@|Kk3i=XsX?T4{PgrAc?_GGP^Na3cVeKx@CEK_JRyL3-dc zA~PECl8LV?Omq>&V~h`96y;D@R>czKAAeksk3YpTX8oV;@9e$bw|dS~)G=NEKXm`^ zdUc`yd6p+*!uQH}3WYt23mJ1@eaI$MwlCf0#q)H}nDwtNf_;)Y9<2YbZEb8;7yAF_ zc&5z%lUxKpP5)n88@m5-V{!k}^E`GyvHBW=<{(H0ua-;vqaNQHn4_le>KNaH$P+~w-m>4fE#Dplt#03TD8wa~sc@MJS6`H7 zeNvN;I`AT1zv9IJRhj|z`eA?`YT|+v6h#imc#?S;4h2~D&hM{883(6cw4BBee zf)PG(3Gcj;RE148ozRW>$}WyCC$g}F4tK_w5GNS8T@Hp(2_A$<11lAlT>@mQOlYX= z_9yg&QkKpgFX;}NI7OA6z=_;@!0#xy?^a|hDmaW@QgPjCt=4uNyZT~tV|}ajVr#S6 za@*~#m+j3p2Pl_QeerUw`LY0I)JQheb$a5}P@MTQ&a%Dzq0erRuoNb)z5n{J$x9Dy z$=0k|b*80PC=`_FHa!383*nKx6bWyjaJiwczT;b?&~i|AZ&aWE?17R0L!PPjA5U-* zz%==gSla@ol^3VffC1j_=)d{nDx^wOuESZ2T32m_R9!>o#MDLw{36C6nRAlu{uZ zM?2q|Omw!#G>2;X>h?mhu53RWD^@lwM0ot7E$UKX3oJxw)}8|9h54x^fj2oP3SUj(q9ymNzg*5`*(WAum7j<{l{n8`d_ct^7MbRy1rQd&++740SO7D zW-aM%3ro2S)7sx=)lcE=>CVYJ*29YB_0*{uwWD^T?_OjN$GTM`*T$ib^o9M-Z{8dp9HHUK z3Pk|K#?`TLdtp#Y)L8&Kk|^LFJ8N9AkNhBVuLQ`XeO=Cbl&OPV%f>e8y|3#(aRif2UBynqCnIXh#k7L41+}u?$jBC%0wf6CR>sDR_7*v zpo1<)>>mo_knqFlp~_X)b0%c4VH~6Wpos@`ZQ^<(^2dqX8;nALoDgOr>0Hi`7mGm< z;Sm|0A1cVyfy3|?$_KIEa!P=nj_)=ANkF#0uo`kMLa=!GLF}Sqjw)8=k(T%yiz|@k zZ#`%Sttv#1!@Zpo8d$Rag%*X^gT5us(PM{ionb?r0cuupQe`vA8k_2}qkArlu{HJj zAEN(H8u^u5c7y934c_{Rg z`6!)FA@#mhUkndj^D{f=;+Zyy;)Z)}sUTf*4e&;=ky62M3znayG9#`S(y(fgv|luU zk?yKgD6qM@vIEvSn&PS`Du7BL#>?A{%LoHUD7}%*Q9!Vr&&+R!lYianSx`UANP?o}1x69J#7H?Av zq3x_AVNJ^lS?i(^?C(m^^t)-ksS@*+0YmHmNj<;#nX>*j>v{YC+U8nq;s5n4&yqUw zDd>eF1J<Gd70F?Nf`PlzmslCyN=TDUO$Xo(mB%Yezq^9 zqsgkc?RtQ}EjvJU!yqP2G=<7^BUHgb+d8feDFbbT$r^-%7|*L+04nllScMcTx-&{6gB1JFFj4N>{v$ z&P(numzBMOgBN4tOj_x-Q@M8U@%HVO+fUGdnSeG_S*x4$d<+$Z+AEt3S!q(*9tBlm zHL7Y!X0XJvYjv#LEOo;;5iJ-dm!coVv~8fa_H5(?u2^Cxk%5*%z{XW>z%mr#SM1WrT0xLo zuFlM|gswCPo{!4&;fYl17`jJ$C?a*_;wrOI4LyiPqctOH*NzpkBG#pdtoq7r>_=W0 zDFvgND8@1iSMb+gtD(7w++PN`MlQeB$0Tu%1K{=|q6V&u_=fYBk~f$x-_O=R#52%w zliBpK$U4y?lFR0X zS+rsL_zNykBA~m62NQ>maQBerT_I{gjVF&Bv~LI3gPUm{tyo13a4>o0k6-sx6)X+H zCDKlF-6#4)52>heVugn}yjyIhKezA{lTXE7;1S@v{X_apKk%d6R>*-4Hy0ymT_sVy zdn$;{eX5kiCR~{;=M^=2C)J=9&RkbqjWpD~l1Fy*&P;J8+@2Z$ImXxqnYmCn9RxhO zS8|bDQF-$;R!)wbF@1ijQAe*uwOohR;7NMc%PU*DIMI$RjbGu{$l$EZ74=emyyX&p;G^-X+Rz8gcATsQuP?tlKvmo|f*sT`Ex2L&h3SvzC zWU3(xN%B}I?9x^u(T(mXmzzEgoWwgLxqJb2Czn>=?OjO|1l()WCBS%%havF@c9n@H zlk+BQ&VbW0Lb|MqDK97Bxd@Os*%y$Id3q%bMZ)PQT{50H`YJ+Vo&e&`jc6{#Hyl?* zYb@~|tqB|#gl}Zln|Ls-3<)H;q-~i@ETlBo@<5=wTsGfUxbw%-2E*LpV1C*rHH^i5 zI4C)iQ4ZyVc)xO3P2TGCz~N5XbfFkB2yIx+w*Ypv(5D-{Vg0z`A~o{J7<|yG$96;m z8i{xjV({}nL-PNVMtAf&6n2y*BAaD&+<%|f4S|?j|UH) z|9W+OW3m39<(XmrN1GK|ao2KZJ0qHQ{!`1xf3I(@tuO4qp5293tEY;Tky0)*$jJ`+u{*A46__ z$Dk}=zwg+6lCWl7@A+ri`roML&VTD`kaMyApW~T-spAK-PTrIH zBS=9bIFR%-<}7clNEH)Ft!S*Ktw>WN)7vnDA0Xp9q&o%?o#Fy<@@>S&vQXo;E~PCs_Z2 zRBkDjKnlI&4oS%DmdHYy73c!wHYfwZJ10K|HzF+?YZw`zBo%mCXG7KjEKmMY=-^LU zpB-AW3Jf~6@S#m2b-$?BB67vryXAPrpg`K61Aqf{$j}Mht%MEa(N9QwW*Db4&>KA4 zUKLQFNmtJNGC<{^GIB_5Dz{h1fE_)rqvO~^$ha$^_j#KTogBQGOr4ys#8pHA)EtV$;lm|b$% zA@?M_(dYk(KJ>vBaS!#8?7|X}r7LZoYKk!QR4GClG+mLyd!`b<&{UAnQs{CKe#s98v)YcaK|Fb+_sg2%r_9b$e z`uW0y;|p>ErArj#cMcCGxq$aA@6`?^U}Gj!Kd;6 zn;UukAF%%m{{LB?CGu?3mp$&%Wse)iIW{r=Pkqzll6cy?9+$FrB+h%=BZZ)T+WQ`} zEqsa_AD6^TcRnsjPV@<{eOwX`z4(zD@pN}TE{P|<{c%Y=@%@kJx%;FyKrV@=x&soM z_GGs}E)~>m;Y#=!<|kyJLinXaP#17j^Tp$@bo}2#e9A>1BCm9z4f)bQms*ARZA-z zx>MgcGwnJZ^M)f@^F`BLKso=&)dxGgD*#2S@SBf})at}xNWz}iYRJoz+BSw^=YXXN zIzttU#e#Ag0x}>?!?T!*&MZ%KKFOe~>^>o~pXI^Lrvg?d zXoE(tg5_-v{e}VMc>pfbX}m10ifzaB?R(c*$rO_D4QD8|xWnh){h5XS$8q;_>VMa^ zhVFj`8Dw$)$Fn?=w{NHj8o8(yU)?STam!)L2P4Kr{5#&JrZ$gQ-8nbBXJ{&{&J`sk z)`yA}ea4jKg^FX29gCV^uLHq`moV_}8?ZI~HsTly1e1p8k=8(t?05ATS^e0is5yA8#WPg&?+8=okMhX2NwLzF-A7g3Dmq|3Ik2$nAO!+ z3@YL;QsQ4!#DD2G9=Nf0w0ycOP8?^ta|Ql7ZgbFq0hI%Zewkzy;ds%k_p0z|lf27? z#tI>nviGhSUsWCI$``%@FtR=PS^N+T`_HL}4ckI>d#Ev=ig}D(`pxXir_>@ghq4(< zSsb$)JMuU-tF+J97K%mS_f=}IWC8R?`M#=dvD6=^3BXhEm((&tXGoLOGASbMl|7i1SpMM5&CT6*D&sr$XHt=HN$QxfJ@0HCW6J@>*LePUd@3c)?t4NG5 zi&HcCl#9mjtJ@2K!JmZ@0b1muL5s_jvOCDct4Of-!cmkhyv0aRr6>#&o^|GwjRZos z61w`7#t{B&tz#TZ41va)|GtC-Dox_dQ~@!M|&W~AXvdFXU_KNV4m z88zw#I!$zV$zqo|%enjw>Cj9QFXJA>+nMIF8lxm=1CXl~h7YS4vGM*!+wNpa9s{kG z^mn%Xex0i|HII&Wd7+sf(U5thNsvH*VUb0V@q_%4n~j zu1$2jnC?q3vzzy156Kp}EWn)RMb?%K`Zxk(8?Ynh003`U;P@^RtIg(kc&*v;SgF>Y z0xN46S?b%mg{&0Ew(Ye;-g%*II$d4?nf=K87Y!#mZ;E2?8Z!X%V>F10;IYCdIlsU~ zuq@YfL8j%)mDJe^#)(@VRhY%p3#sIdtv(FI_p3_h8(YM|{FkV1ZEc}YU0vU-uB__Z z=&hkIHkV^SvbmGLUk0bpA06)> zov(_c@VyI+nzN4%7gT_ix_n3cCsytvD^_HY8YGr-d)#m`{a!fsE@-s+;i zNBVtx>9@2WpT-u=tA2;IxQr*m8eFXc2fnoeIVuK8ho2H9B!h2EL_zcPo9ormV(0&N zd>*p@HzLNchw=f_`2V%F{QkebxweS^{49^&vE?Qsw|}{5()oNT(i@OIPGjwx!Uw1F za=mO271YE?Ncx-%rQ=onryqGY*4N_qF?8<#ou2)Cc6j`@aYnFDq{mf#?G1%1{8unW z`!PfX7xZeD=V9v~ukv}g6fkZ5*N5VNtk<^|^8d3usisdJP4FtJ3^DK#MsJP18#h%0 z=zDS+22B_SPyw_lWfZn0LL`$7!8_WAbc{I-qp4q9tnDXy9<=_Mw3dShasX5J|7!mH zccZ$v|KWL_S@wTD?WGCJUgfFKF^p3g%?>C6kY>;4o0SXzMlHy|{Le$zKVG`|)ck+F zo{#^wzFDg+*8g)nW7aZGv;3Rcrlm>1&|;?iBQh>l^B??q(E1;+ape=Q{~GM}!}9-P z{Xfg24ynn;=#?l^G{6`Y{l@Lr8@$M`)H*gaj?M`M?sUn`uj4{A_}fUcQL>ZG}DsG3HpYY zUH~z>qUf;3j3qMdDiqI(zVDXLtXvul#UD z7Uq!v`O7EMv5RVL^Rgi84t+<}xC%YNfw&lSE@3Rt#phQ$W)m|U4FEtVN99=1sSq7K zm>AQM<0r~xQEs6LRc825iL)}KPx5k7;RrpF8Y%PUu%h%oc}({!)J!E%QrBKvM1OKG_jK*1E_vq*=8Zr_U*Uj-Q&IeLaXbxu2u2( zqTCbZZ~_p>IpJ&K7F1ibtJFkr{XW(>xw^uv-Gi=Cm!OBY4(x?VuU{+-TQ!dmf+=rh zQor)n&Ah567s+b62f?Z+;(T4q+8<>DI6TP)ksUp&d{8-JW{r|Kw#I8BH>eTwm#Gc` z<)DP$FebBdiM~a6ED%zBx>0%No##xa$4qQC&nz>U>7$yu zDb=@I)2oL(kFEYoQ>VrAxt|&K|2e&Xrtbgi8|!)fPi=h>|MhvEDgHlr<58pI_CyKf zim0WT@m}APkv`dX#%oKTms6K1(e^gJzjb?7kF0GPj@t&t-}!!d+bq4JjMT@u85JJp zWwfL(np1ZbwmzI5vbaex8U${Q3S=Sm#vVjIbXNwOeMmSwY7@$fvz3CJrAsRb8y+`! zN{uLFJ*+leB3~0*`XQ45L%_jDCm8z`Q)5516Ft;nB!^n1A&WV{wMJSX?^QBWag|+~ z#yyqeiL%uz=5iFtTdat+7Lm;uwpQfZo7pYbp@Es+4|yN7!r&vF1lAy{0}dR6Atrx>taM&bT+nx_(_I4A&_ZCJ3-G3iXIZ< z?T2A{ohe1YcHw%`yd zKLpwT-i^^OE|V67pV={P$Y*d@-^EHpMPYw;G;96?ke^-Fgp3*~#OXAS#(VG1_nO<= zXSgJf2kb)l)!&zKzREw6f^B8R0)9^Un&e?v6jl1KBS4#(;=}>`u;RY&CCkNs1;v$% z>ZQ4wc5PHfIpnEN$RbM?1?rLTqCW#REQ?H4|0gQPeK$Bed)HXL_?Po9>++kG%7_;I zttOQ<&>cILE;7nd&B!VZLy25e{&(YFR%KO`Fh+pomgek^kRJe4>6lS zGN#Oe$78)aQw)SP??wqBZ-cH?ZuIP=)m^SEeV=Uv!iA2ZIQD*Tr7*IEc{i>x4poJv z-!fzRNn|zwY8+HDW|;`tU06&O-We;3KSg2Ujz(#|qSfepQ7<%;uEk7i_{vR(0*-fF zyx$cE2Qu{re&Y3gj$t#&UbqKQL%#hMrUxjMgjiN=67~&a5YMCHGk?3YnVbKZ|l%*7!6YtOYirA*uZiv8_laECD<^)tGuzDJ=+WLfJ}$< z<0yDIC4Ssw8P0K81cPjNg+dXlgdY;M)JSLCC%*LBp5>X1{?8W#blUk(eJk((Ti;m3 ze|erqA}(;GF&#wzgvYD6Zqaf_2E8zTO4>s_84xf{(NKF1gn&sB60FeoTKBCma)}a_ z`}e?MA?qGG&d0Ecr{}0LnlS>{7DfOg9#UR-BLX1M^5&S7@?!K%ytf7qxB+3s79EI_ zvpzRD(^({^+?telBWXzMQH$CMT{?|-@35R5-1qPX?z9$ipj(nRW&;IAl0{Xkg6KbO zM^b24m)ujC^W(kaZ6W1F+)`mwK*o^wcw^AQ8|bF(Cm}G%T{^kQbfWx9T$FHf;@B?( z(eZ&mnFNV)rTR432!1b&+!xfIP%7VNqBrQRAf4X)E|7kK4S+Qt6oyg1A%?(~xW#^l|WUg&cGl5^^&rgN4J=ajy3F@-S}mfejOCS!&rF6q%zH0O-g{-l zVCG-H&Zj#@};?u#q*_}vHZWh{rf2tfK%oFq5FTU>uZbnKhN?o|Iauej_jVh zt>Rh3hf~4@NRh};$Vm&WA!z~l4&WJ2nUg+s$u`8X#w!fuA@g`mfmReOv;&{z8N2?~ zj`sQG|Jn%s-{#sv|Nkt{Z0ldMH%pHv0iRP!(E3YOXWEjHG>(IFd>RS~&*a-OQp1{6 zsLsgw{UPryBQa%`%gba&ta!nO{$ZZ+^q+U;=ivX=t3&jEeG&itd7dvx1Rs3NWcQOH zPI07PSZR8$g&he!L+ju7nvorO`UI%ab$yKa!?PSeh8|2={~Ps<{Q6(psxRU{J zx$8&%46_g?k?jTS&PKWP{S^62ef3q|DRaY3aFG^a;Te@83 ztd19_6+9wT zPNX~q>S#vEfj742JXd7$9V6fM2o5b=q`|Jqp=nT7krVrF~NV zu^v0uB;mD7M?0P)y=~=~YjFE_ee^~OI--PNO9JmA?1Xri9T$e?e9~Zb61fXe0i&La znq`%1(-aHY};t;&`?$jH!ee_w!m^w!7L2t zZTb#hxQcuyE=uXq9?vD`lbUbi{v$@#;zXrMksw@*o^x|*rJp21kEIR;era;U&WSV% zZ8ZQi2Uzy|<@So|A`>PnvHR@j0Z>%_bU`ishP8bXZ9Hk!L_{-lDGR|)6+SH0oX}U$ z;Vee(%jwr~{NxD8D4)$(@=G(z|Axh!PjBz2I5|HcIS|7tG&Qw_3j{6%a$ zN$pdf|8V(l%KS@TsQK!cBL8pJ*Yfv2)T$ec^PgvV%J{tA2cB7+ygd;oA6_3G>(0^b$Mz3){m%R0 z?uX62qaO!b2R|R4{P^PI@y)N^VX(7y=O1;WzaQ6HyT2CRwQmkjcB^}}!#(G8ui1N< zbU%E2*9=-Of3$!8rhD8yKX~!_m&*Fu{|sKZ&5gn97ygI)y~;-?y!mkW%WbdV{j_&; z|4paz^X5;xesUcCOP8=t< zwXG=raqIQkKllFeYo+<~F9$ofANLBsydDHM*R7Z9CmVY|@BXrTwoy4r&fWX)FrumGj-#?bnsy%)R??^#0!a@a7-qAK(Au;56KHzWMRZ)`x$*d{HU5 z(ZR>Ke|H{-t$)`2Uys7m&7WS>{^>?Pyu3U3=gqsDt*vjI_T9<*dV(ZpWjs9 z_}{!dYTw+wJFLDdoWA+{b?xB#|Fid|jcFrGqwxLAujsMwdu%5dv)RNNc#C%@ zlZyoikS!!431gh(`R#92b+^w{B}&yVuQJ z=5wdMuvcIH{K3|{&TcQabY7^WTMG*duW#2b8oOtA%V%%8rPlURV!Nxoc30Q5B{yxJ zuR3nyV(E5w{o-hEFWz8Zi%X;?Ss@We}+ud)@^7`&aZ~IN!>YQe8 zt+VZPJ8`|apEvC8!K!)KuD6fV0F{mPBkdx8rk8Hk4s&~F>o?}fMg7gux5d}{%S(;L zt!&zA9hN?oj^O{R32zU zQ$N0G9BzHcXyZcDU%jRpX)O6QZ zKiwSPm-b4lpWF{?rRw_X(doyvPmSHxqs#SDW22NPHS?>brd}$Q><=5e`TLKp(%D_1 zT3S1B4;PNAdFLW`apJ9Sy}oN-uJ2mzr_AT$yy;~2YZr$H2R9oDd&yqR7goOh~zHw-L$kujuH_TIS*ZaJ9uN#+34e#Lmb9>?Tb>6&AtbM-T z**mMUw**aB;cg8LbcJ-xkfo^=#+v+nc&kx$Lz+ zT;z{#tBL!xwzk(=T)104O@BPRz5I~RE^VLQHM)g^g--ftXCrgBu$uXpUTz%jy58%? z>UsMtyOsI4^XBu-x2krSIPz{!j(3}9o%^$+-2G?ko4at3-u-s{>3nJR^I7^^?)>$K zuHO0FJ38Op*($V78`jDG-Nt_JrtvMedEq4LA6L)TnoH-a=eHl0ve|{@t&Po%k8a-X z8I3nbH>-zsO*^_X+-`m0qFwz^TVLBWE^6KL%*DpO(Rh8ISh(F>IQ+PtX&U>;0YDp1Ijv))!COnVpXtt-M}XPTcnDxr20l zwZ5=(u)lTIyZo?v2q*pQb!VZz{`n?rw`#e)bK~sPsU222R{PCq`oJ=8onH6$+ktV{ zO4zG!3b$tMlikkV<@Q(iH8`qU*1lHSHWxota$Y*yTievGH{X0-JiWX=t-mR?udnZy zFB{pMSwHLCCYE~XMX$cSds5#t)-N~L-lVI>{@ulbao~MhZ#nLE+b!+x-WjhmpEs^G z^Zet*Vft?2{9tqOb>Z@jx1A__w7Slm~Hbh%kF53`rM zrP5mC=F_^n_WJm2ZFQ~FTg-OX^n?99!?Ewp*QW*VwzIXDSZ|+SEV-vUdyZYQjvAeh z)t&v<`A@CP^7-K=Y;QNW{qdmrS?h!^pd{cb1$LYI-Tv_#mUL7m$5c4kJj~% zpGw<>+w8Xw%h&npoqLg~-G6RoFWy`(r>{Gi+SaG~$LrO#rRM9Uoz-PKvG}=tSoIb* zvTu&htlPr*!JZ8;ded~@EZu+09W2_;o1=rX^*37Mx>7kgyt!Pi-MpzBZ@k{UeN%DQ zI*IDtw}q|DVQKrrs_~(!Eo|H$+_y8iTq!_$+TakkhwTG(HDv)`zc3R?$vAB@}V zc71Q>WOe`Uu#$sqT(mx(I?Y?dDlFCE#4R6Ix;qz*!|le$)eoh$qx8X*AmxA)5(yV-=hdE2-z9pAbaiB7xe9bdGywTivJ*F3+iS*_LA+e?e? z&6|bS=7n|tdDYr#)$Vq)M_V_adx!aUw^v!%?%9pY+Ft&{R^n5yovXdhY;Nyde)G1r zx0gO&)b`e{jjhX%)z;1H{KlDgc3j;w(%Me$xU{!gul06YAFVgNox_}Kw{8>KmepP? z?PPYA7FIuAR+}el+Z#rG@u1SnZmxe`Kk9xsUH!0q)?2*UUeqhSo5KG2;_d40_Ic~| zR;7M_ny^Z1#_g${`B3|0p55>6XrGVvyzTAty^Z_prH>n0eSN*~`qOd!B$v&5CyjdJ zG`sXMfBI?l z)6PoExwFHi&67`CZW`G8n@0PxVI(s4<~O5qzO-;-q*q&q7mF9W%NNUb>D$uAUej{y zk6nHP!M$Owt~T)AI8^S9y@b3tqW8k>v7 z?&q(whx^;#HWP=H-u|b{O|80@-a0$q(>Be#@#gwu_2TBu?&_zHwNIy;Z?eay3mb1* z%e{^2#nwfAVQss!oIWyJt2b|)#QKqS&}`PK%hvs;Z=IX1*C$ImO9#z2n~ZkuP{7VR^;a({GcY?)@gls>wx zuivgOoowdv+HP;xYu#OZzSc@-J5IX0326On5onRK!u98bSzp>+Z=Y`8S$F$ynufWY zE8H}9PA~5^8|{7Ds=r>aYl};_pK5noTbbLv`fl6F-lrEfUspe0Y&LW0#M0-+Qf^`U z-qw~s>Sw(|_qOz*(>StQ=jQ&}#+&Y1qgy>X+bfwjT77L{!#t~+>4PJ!_ImB)HdnJ7 ziPsk%AjQp%({-bMwEtoMQ|n-9?eOs8y1Bl8a<+e-U+8u6R_&znt+}4hdCR%=&PJ}Y z;4N*QU*2C{Y$dGi-OO6IwrYO7JS{Zb+~xAJZRO#P-0bcZ*1zqUH}^TaecH4NXQvCF zFOSyF&DZJmlZ#5-c2*1aa^iUH_R`L;ck_GoYvc9h$8W~@Ld`OATkXrW`}5{`!TfNu z)~5wcbMd?%?zJ{zc((t$mVRtz7T!9KFeX z$iQvdG7B5_^~Kp~y1MzgX*kBo#^F(J^=$j>@VKTgH}yoORk-}Plxy9cTy9@q+>~0& zrEiO^H+PE%tH!rgJ72o2Z+s}-)D|rJXfyBbWWK$r=$A*^NA2s{hr)d?v3GY~Sg7uu zCsx*WtnAmA7DCuH)r(kNJIF4-y7O<`WUAF37@086XNj3bn&&QY@8Dw@C-Um+%)+ zowRA=_af6wLvwW({RTF52mVWHLrHoGf?t;Ii4X7>y3}!#T<5Tsr1u7l6Aho7b~WjD zmP9kgn%#YP3d-Qg_o$G&`$~;9*^C$x40?m!ti@->U8$lnDr7gBZ2$O}RxNP($Gh}@ zFYq_-vZxSX=kzh${wLEH|6y^0|HqO@<)4+Ro^gxXF#dig);Rb+QwmKk2oxZjIZTYo^R7CM53hZA1qoz*}X%%am)gPD^udR?sITb8mEW zg*$nMzb541uSrABKM&OY%sw9d{+CS`GE0;9zj34?`!B;uJ*$t$?|&wX@!u!=|LfDR z{rBUvKckN)?0>#cnC$;J((wJK(B9AL<4Na#qW>|LG~)jEhjxENAH(SXLSOucMffF>%~Of+Q~Fl}A+%(WuD0M{^*&y1gQd6eQFn zR`t5==zX6PUyk`-UlSX5di5AhDh{FCJlSJ7t=K4@p_0CBN9zV{RM`AHnY!M2@E13f z%`c@#XokYVH0^FEB=m#TRtCjPkE?aWJz1}4W>@RE2@Eo{qGWHObZJExU>IB>T?VMq9^d08=q=Je7oux~VnXS<5byh>?O?B^ig9vXsZpVL>=ex-%QprjMw) zJ&T8OE;08f`}t=gff(nzaKk?9mR+X`832zSRIZbq3;b3FJgW|vxAD7|^M73$k^c*Y z6Mk$T!_I#u9hLv(3fYPOpRuI42-@>)VX9Z|6m4=bS$2ww4JcG8qx%N0=%yzp?tgcB z{Q37DL;6!1cK#Rp{C~lp6Z!vGlCZK>PJcR;PG#UWmiAfSeQCbeYwO~Eua&(&{qNkK zhb+U%rs+GQ2$B>uh@qhs-psPF?=6zN^OUj8KNCL_32HnJ$^1!KLAAItYFikw1#QE` zNXe%z4F~>Eris)I6s6&zaiQtj%+jm6>uL^nJ>=Rg^m3`Wwv|v@gt^BKqBvv)e)m?# zrV-CSk8=rZU)0=q6m&4`{P)NIDx{Yt{Qp>zG_xPL!7P(XN3a1MRjt-CtTH~`aa6#O z1GYjxB~E~*8@h+5mrnWgikd`u7W%l7kf)7jsvQ->4gT)M`!7f%z5l7wzvkon7)t*a zqVnHdKAWGM|8b=0Ke)$}CY#rJv^OSQb9fz>;<^S>u+imQ?61H0XZWOo4_?R^wtRAQ z{~@XG{0H8=U(5yYkn^7_^xglNYB@jE!-UqJt5#m^#($12q*UNNq1cQ!6WLj6{dW~A#CleGpp08 z03I37KpIAk#<7Td_mo8tVKPVU95HKT1^B0@&;F?+P^XT)i+32*JiRq)Iz=so!o(3> z1(^H_i+0)=@ps+S~e}z6^V+JJND$24u8jI=;EaUAZ3NB9-h z07SUU<3M(yIXVw6gp)IStkR=K{8*ceyQ_?w7cYZ<`Ht5RZRAtgSllWM4BvuYs|*vHJU!Z#$3*%ZlP-FaGNdkguwz&9{aTVfZR0BTRQLB9cI_1O z9riPKe7vhpc%-KLBEkfX?_$JffICfS>((!C!V=5On7>&qWsRy&4SW5=H6b=1%2>c(hn6eP7IKYhapg2{4XuHMy<#cTI?_jskuvl|| zQ4DtK0_vDLT4JZLgK1)GZjmRU*s@|cydmt!hHdeCL0wx@@?VzTR#DK zZ?9g*v0@6HXg4~$F|1nIt}p1{I+|Jb>;*?}=y%AG!^B%y0!G@R$5q+?smnuhERYCg z0eC}oVkeNZhO=GR#BBcOzG2cI{tU?Cza}j_v58rVzJ$vnJ_B^+f;Bm@+w;4q<&En> zqAgmS5{2-P?XFQE4~qR9?3vfp(1EQr<1x)dRfrzb?~sw5MTw$*r?uK9?h~~ktkvgz z>0T9~aE?}^Ccwc5y9(s72+WA7(F3wx69I-?w!q$Np`nVOxGmDdFaM(M;FTDLdqo4d zk^xKZt|WZN_ug^!vSFb*Y&lp5K7~5#HhZWo;%asMo!XgAQa~k4g6OVHu$!WPm-SoC zgvGqV6SQx4S!n*D(#g=hye+CC(6xhPd^*q(i{Y>FMA_u`I&@vS`(#p@c-3qHjYRxmvF3g=#Xm11IGe_JRiB6%=Q2e#fc zdn8I0n1R&+Tskn)6f41Sj5^kuaZq}DgKaA39#1F_=;c7C=;nZ&v^N~hbLZ!A6<~4| ztpXj?j2glkO^yf4#-#zc;0O^O04G_JWp=MGOIYoK->S_)8bz%!BQtmyB%kHtO8eJ(az9)rl zl$k4e6ZllEQ$cV5&~f}m0L)>VeElp;Ie~iFsF$l8)H(hN-}Lm#gBw%_1V(rocgm%!y6V_) z{R=`iAZqvy`X~Aweupz>*d0LE6&nDm38+lGe?|7&eaE)p&=Y#aj)<13*;TiQtpM?Y ze=^@d3VsCy9kmo(4XLKrGO^CFiI>fQS~b0jBw&19KBHX&E=U;ae^`lhxabtWdc}Vf zU%g@IUMV*|*m>^w)dQ!(Vf}xF6gRYhY~0BtNIecHQg3bdwn55!UeP3a%m1 zWsP+#dMkvLD766v>P+M$C2`E)n6p_d@b{F+`+I8c&%Z4MxR%zVXdwQ%riUy24pB0m zTs+QP;12ujHK`xb2#n-Xv|v{}jc&gxOhHn4a#1wzZ$V?=^1|wNyWNyVV!7%$d1~E_E1P`Yc z)s>P%LtLX2pqCO@rP49mIsSW!t(J~=j+1{|=Q}6c2d5|OymWL_+CSOZIA#Y&Z0%rw zedlE7U>|;MveNz~`?#~e4kyzffbpbv-ly3bcu*rL9---2tX$ zH9CN9fjodyV-fWb7^C6o`y1$+mci`+-Tpa2C!Eu3VKgE5zwRK9rvP9yyR5_CCKigo zrQjHOyO=Kk4EBd-`8N(^B0Kw2u%~zx=vEbQODF?Sm)(L3t;WY5%5yu72HF=zzvDv+ zi~zSa^qr&5=vPO_OEmg5cy0@Qrng(<*`kBQD2(!3;^(j8{|C!|jy6i`dmGPw{P{n_ z{l70R^}YXOGwF%^XB=s;)FqMlhsj(L{{WFoB9Zu|@)mr>e~z?;v;b6DOCs@*q$TlK zK}+I!a+bshVwS{EDNAAmAxq+EGM2=1MJ$O&NLUgh3s@4*m#-wAC0BepEieA3DnF6m<#mzZ!jlBuCnPz6 zi|c>A+$52hNKJm5)P$2JQJG01@qCF%BJp^6N#g0^5;_!pvXVpqLO{L0;t`S(EIgW= zByn|hm3WGjL<&i!=Kf4PS45H+Q9{B4C5|p1NhDrCI+A#TaD>Z7q-Z4ZQj(Fx3kXIM z56eaVY5I1f=>MR~H6oU$8UhWo|H&*ZMeYC6`3e6&mL!6JZs{$&VSF-$;(t&5wL;Xz z)LhC1fOhL}M#`1myICqNFcy^*QN%Znj^Vgb7+4W?l$d4z`h~yo_#B%ZjcZoi6k^#a)>+8XS~{TCUqxt~56H>H(5;0S^{zi>sa{M@9^q=Lhmthx9*eL7c|F-B&B{|C!k@|8M5& z>$#Z)G|m^hP?jsX!v1dtFaH1=3|pU+Uv-7`p@V4qp%CZMqlz0X8=L#WgpEEdgH)FPD>Q;s!uQS&i-aalfC^?F zgjGCUuq7B1obxM^3n&)1HujDWH`Y?JD~<&H2;Whz@}EWo{fpBu{eJ|6=l1ag{qMy> zW}^Q+jx=ol@x=cQ|NoQt-{VOm?Z1Ch;;+YZfy4CwGnwf7Z$2~e|2UrH-_c&HT{D~+ z<7UVi46RwRpS&8mUomBg0X*IHo<0hy{nW1O z9ef0Mdgr44Q@gj2lQN&)y{P}x?wh@eW7MABy{P~6*$ZoP6lOeU5!7a$I+&_yqgeGB zr$ID810X)c=X3;8YZ-Us@=7<&vfc5Jp)stg*{SJ_3$pgGK(Tm?B@Q}XfJ}dz3B3wRWs~xLm>P`y9Qe_@WQMYboCye>S{9|^iLS=o2 z3-j|0-ZU_?L%Uad{yD|_#?|rH2w%|g`5c#MR&yHelgCG1#JDmKcR(>;l_MOAGJmr9 zO?(xC3OI(JQ!$$l{Tq&Lp`5Y^H^$8B>Ha#*3z$%x-wa#%i#=*N*w2{dFg!NpHtmjy z5BfAMOYhFRUeCm*#%c%d#aoid1Ta4(R|POJx++--)^lp!j+EtHwmY6HilUg??BVZyB!jR!{6k06S^s1>jfqq3&94O487jX$ZcR&n! zv!TJyrC>;9&t@&nt2SpBa!bqkg}Lz9yC~jNp#w(2^UwS1x?;6r z5&xaUe?59-x$rT5I>A&DC=SG-6_pOD?%%J(+64w|UtAr!v4qU%4mQeRy}!RQq2(f8 zi2t7DUVAKiV|ZT8_jPRBww*M#?Z$Rv+qTUnjg!W<(YUc2JB@Llx6kkYew>5r+B0X* z+H37uM^*jdd29HamIImnwXE#+YI62q4;KHU)-592OjyJGndVY=gRL>RjoS+nJNu!mY)49w#F%N1S!8GC7OIFu$5J(aiI~G^u&& zIiKaq(eq|~i9J}agJPlhqO%E13q1+WTHG9(EEfn5RV=s_mGj418{yuuXQ}%0MGbj6h8Fc*N4-G)F(0rQb+*tca%BdvzlMCwn1)b-zL&pHO~AIgT9O6SgbD%XWsvSo)s zMRGyz|7*W3-2eeDr2u!P#fFy22c0NI!BC?^JTBa;NMRX)N^w z3=dEU9M`#nIdC~0pIn#qjPl#MZ_zJCfyTgsmv__HLixP1#FJnllM_?^swkTz0Ca|b z;SzxK1#mtty94fXW~e~Bx)}L-zNFvQ3rVuot8~GzBjvE$W#e_Bg&>NxG+8o~EIX;t z=6LgFEi^hc^$>96e)%*A@Z^0K_3H{}q~KSM3pr^Uz7@(@rXkHD760sEDv@}GnVYLX zxMy_!@mJ_-!=kyzKeg9VK1iu-L9*Lq;WE|6lfIQnp+&aoOVZt}`!pu1OQ|=DdZir! z1ug09ehT)>-eQVkydwH8nNV732vH&l!w`^f$3UDDUhem|eiN&XRZ4g+&9>@vz*wcb z>dwh2)N_O8Yw+;60YjO;r|$zhF%yEzI~%mc)KxlL=D_{mj@6{Tmu(p*FEIiXMWU zCNymFbE2tVbMVykbdb)(`GuQtjuc?|k*;uLxv(c`S)9dtKwMV0V)yTB)o z4nDcYy*CxJRd$>@49JBK3W2mnj7Q(j)L&$do=BT1vv6y8!M}YM-#`5(G^7H$u zRRla{H}#(JL=0mC_`DVF~*z)owYHhX<9ZBBqIx{Z(u_Jbmd@cfF`135Ksi2ZlgcJzNIaFr zO$sIDj?yks1t0K(bkDbukgHWsDY;t3*smwPn`FRloyM8PI~MG!9^i&JvkcVAb62J% zk=57<;CNv38DcX`qo)%oZYzc>H-uiNcjNz-2t-bFi@fnUaBg>R@^NnQiihGtn~52D z8`~cPy^Vo3e!&F(v0yJW)fEx{Ci#b^qi=&>qS?bC&lsUUikGAS7-ln2iG#lLel>1W z&F%pbsf9cNk2%Pm{a@`2SLsz>DWRkAXaI$i()<2$aem%?U_3?qj+7!#;PGNhS$R=} zO6cfQh7KypA6JkBU_G7(PM`qb?IHd1#ICq34MJrNm>B_i37*lv&&?(TUV%<%PlA~K z8)d`>-GNkgfbrDAHXxRK3C`s9<~ay1pRwu^1XpC zocOnlZ#HO7efO1B@dHSpO~GBGZ^~1o1IJ%ar@v$mxIuwG`(hspRjixuXPtNO5PToP z31^dg9CW~SxGV{NN}5^d50VN`Rl5$M-2&E!{(wjoe4jvw8dFjAA*L@PSqW>vA5}<) z(0|k9yGB7$v1X|FoxiWm>*Y{k>)bnQYbvMb=vlzSnqIDMW1?`>#Cgk$lYj^Rcj!y& zB$1N_R{YE9@zGzqS3y=*fA{n+f8>f-KildspF@*m=Y)Y5b2wzaKOfe6jWV}Era#&4 z{((I5UQFpb=^dT*CW= z^Q=V|{3n!MbR2j0x6@XoaYy(x<@l=LV~YU>Fy;N~U=5|PcaK6gq<%gjV-T+a8e2YK z9J?5#@Nek_WBvlBtD2@_qI<`=6baBQ>t%_Zu!wMP@}TRlDyfQdBET>-c+xT87L3vK z?|Gs#>L=r|ZGz=-%%>oBk#*qb_pGfT>T|uyq>|?#@=_pc8m9^Kv;QX*eqF+~Mu?>M(aWO)-H!7@N04fd? zssM0S-uJg?@OgLg6?l}(H{KemYJ`F~WW(2%h;&8I2Q+7Sdf>qUO9XmPyk ztlxn=>=_6Ly+5Aezl$`%OsKxG;ywa86D-Q7{{o^1QV58`phen#g~hv6{gQNYs$Rf96JNCiuGtW)&KQUao2G@FH0c6 z-*YWw7#X+w#KW&~m z`(Tw?8wqrTOU$lDvbTtst}{NWtSduI2{;)Usc^S1k4yo|_|l51H3s z)uPzS@fzVSr&J!My1}$9xgq^rX|Ks?Cd-RZ3Lk9`6!$@+JY*=)NCH5F%}1624uaw@ zfDdB}RL@viLljfTit}tM(Z2Be@EaB9AZ0{sa>!V(@H+z>j=bH_!|Hn@&LBb`?VIS3 z0$6=xw{IO&$_RopCI)H%wiKVI-rXyjNUB9~dvO~hj91j1f)3Mgdf{bHQ^Lly(fCiR zl%SAHs&~**lA;`-o^_yVQfaDyE`lVCu=LyR$Zp)losmyl7-ba0-`6t8F&eoWoOo7^ z6()yqcs`WJD(2W1pE=h01$ZgH3CfB2@M8LxA%N>mP((TCxj*LfAN>dd(tfY2sDCIo z$&X9GE;>AaoX!`Vh5%0Tb9_Mm!>5zWe@ECUg+KorSpQ>GLYWT~@4)4Akz&yYt-wAo zmWq)ETO8!!oAM6iob($50%_Aq2mJ}uLSi5R^xq)da@-W4r{jZHgHCZLXe^cHemCah zIR?}pRQ16tvi~1c{sdTQfvY$`f1;fBe)lI83y^^#K$|E6`gVqY0%V;7Dwn`mT45{D zuMEmlQhE9ZoKjDK&wY^tKLH?+HK}wdGM-kkUg%i{d3b#KXH>-rpJXYy0bKdl#a;KV zTf8*nwRgqKsltm?Y$n?06sy5~UivSnI0rR)q%GVmJlc@N`IOC(U)7fa?=H__+vS4Y zmrX_TmKxnRVvaXjNuQb3#kY%Dihst(*tL)_K|oPWZy7B zkl)(&U(&(Dc&x2K*5G?Dzw&ba@uOlvUHCI1O}hox7)i+_p83MjwF&hIo>Ap_LJ?w_ ziJOgI35Y(4$O9}BPP`EzvQ?9}_s+(p{!9V(s!_&ok`?bxO02FxRPV6x28cHAx*7P& zr1%2-q}tak__kPBA0xzqljNd+`uffO)KRcL01W);0DW)y;kmnLY1dDLR(Sw~e+K;m z7@Gl6Z^mhVfs3UP(9Ldv(VtIR;nb)k*vJClAJi00pK$zFEMuCd51xK}rZwapbZWd^ z>5vFfqKF@Q6^SIuR~X+hR$`!`HreMZKron#=Hp4SmD1fOcnzrf2q%62S$}MjZuh5N zwQ^r<*k9BtX|}X-xCy+-)=}eTHb%O%9yLtuV>Ok5)fM#RbN8ug6b_m#9W*EP37l}8 zO@4}GE;rc|bIOAt2jXtjc)(P`E$}rj8?CqSajKMFkRWl8V?O=q4QYrcFX?mEAA
      8 zvJK>np1wO-xtIa$g;;I?Eq}cc57Sa(sP#TL0vWb=BYks z@IYxIXHL^KUmN9pIJQjX&t$G+DZM}8ThmC6CbkP0dHl8n^$qOdQ+#;nYfH?(xqE2p z=-S=(&V>Ty@CeRNqXS%Xj@dO<4dxnBtVAn*dovnoB=t#g#H^)Su$X4kKsQKq!?&I& zo}=(Aft}(I`zjGiBP$88*bgS_5(Z@PdJNy`yXRPQZbFTXxA&N|4f9_`maRN2r#Bgy zLYD?npns&l8|ROt+=P(7h~&*m-vMT(7=X1P{HZ{44`72p+B8{QlVnY&V* zJ)OVAyRQljHfxjUlwcE1{icpAMRLreIe=sX*kf&&uE4A>b0zfgK{J zNGj&|k&rS-#}`t3ZC5U+oK?Q#T+?i@xx_8&PM9h3%o9OYsfxcuy({J5S-*UeV0yP{ z*6NxrtYG8T(yd0mu73MLZS6r9I4l*|>fs|E+wNFGNr}?tcrha6Smv-XA*yKDrL<%^DG*nqmqv$FC{EqQ8LEg6-|En`hz-E$_=Fn>qKvdjCdZGNKDNO!9>r1(i+!n!~s1oz%7L<6nB10lbA= zr=D1=2xgk1uQ~2^wpOl!0OFGQQNLDq0+Gm~>Bw^e1(JWyhZ8+-%)ib5u=PoLgz--g zOHZYl9ouN?_0 zM?%C|s6My+)aHa-sv9Vkv>lrBYw!=>q^pk>sm?^nmsZ-S_(h?TVbO2^ZMdJQ!J>Gw zkDy+Nd5+Gfv5M%y*9dEb^_yIs$wnsw556t!yLBVu3XQAjK5>rA*BD73d#Z%+&`hHh zL)@5l(xg$qKpNB`OcDf~a4KMa{(~=>oBnUxr$R%r zWgUUvAO1-;CJUOIesj6G4FH`Q>>uS77nTPs|6;y5G0}s_x!fl@(_KeG5#J28XyqCO ze2JGFdmh8WX?_UI^ z;cc=%csIuZR;$05??peq>t^3z-b=ArQz+XF;Ezb0Et6jg(adzp|5n2R;r=!57Z7^- z_*--3!VomwvUm7ZC8J$;|In{q=rr%jshY&Ri+^^tR=mf z${jth8t2*{hVl?(6#{*T7{PzQ-xrmO|7WeD6!HL!lR?v#ZVN9WaqDs)t9Re`1?S2f z!-CV46r0^zFetOc3}^4ZdkK{|MuT>LBAlb7Bnj7)a6b?*6v{|6Ud?lc_**;g^A9ju zCXx7U?Pc5hDukAsfMj;*HbhHi=yUN3RU%bqxoZ{ip$ zy7oeUW>a=rY9pt+-jEn9FXmIM5i3np;q^Krj<6#*>G93y(2bj_8X>2`MQp#`hR`>Y ziY%K>f%$_dGl6T}>BOjhPH^!X;B;#t zQD{OHL>fz*Cz@KgO@trqBSe0AXywvlMrTGtU1dxezYZ)eifehe2}~sR^X2%wiA##o z2$eYPzci!S#0A_i053t?X!`9m+5Sewkp5L?kvS5B_>VSfC^X~r4XIN?3RQ20fRT%v zLQ>*-h!+%3x2vpxcN}zm=Wo>*h`Wzh1Vwu>N*4Qlv0>)ZhiGcp!ZtV)+_RQavww-o z7Vq4((=k@V#bML!xU+h3!Vy_Y-w7JHdxq}Np&P_~vC=}q!Wojy!n4%%^xHiGai`fa zG9;S|U8qNuuRQa*Mq79YSO=7dThK??JwvY5Bg=PO&%HXFmy4>ps!D`RvIkx$H6@)| zdv^q$ihxFuQnfM(UP4}{OGHMY_ffC2*}kULlIs(7;^~*Cc@KPBr&}sm!+cj`pHJ); z#;t?cuHGBVXl|j}Z_<9%@q?(HvzV}ThTSRR?I+C|IwkjxN zb5aL7$7rxk$TRAi@o`%2K#BUP`K%~}YqKx2n9F~8QvS>s3a!N}jRy&Ej~D&`ICEiM z4v&Hq6xL%toS4pD-vR$O)`GJnKzIQlQ9<~^17`u}Y)_&&ZBcTby*fgiR3P7y0V4>&Y7-8 zP(zrIIBcngV*(*yYUSSw#V8f+CeTpuk9PM)FhSmcC?EXSK>AQ3Ip>I56tzRtl)W2Dwgh!cRLT|b zv$G~r5pAqoR|Ti?4*fC?JJ=564zJ7x@@EFe>hjiguctERk8Fd@NN#~fy9s*L)Yg-= zxnzlq?AU#9k=FMM*|8Uz@4+@yw9K;S%_1ZQ-RV}3I}4(FtEf0M4__c}(>@g! zNJQwk6yQR&Tv>_Y->QC_u|xUvn9Pg5WTrOKIoCBJJgGUVnKDqb3#F51Bnxp!Fu=bo ztMWXNYnZ&mG1Zact^fU=%o+?t<%SCzfpqBp(1J+EQjJXhyMWXUEUnvo%qjYc14*<> zWisuSWcxy}swP@8QGRsy%`r2piqesuT~S#rv-R@bFrEJKnVLGs|0%DoJ5%z}oHKY>E_pF#vPHD%A3^ z9RBxRtuoVydz9txm`oqKSZcY)y0rHxbq}`w3P<_Ebr<0ynxQ5)bBQ|`)dA}M^$$6E z6?x!a=~P}Qk{AilT2Mm!TGc*p1 z#IR@`+xT}qeN-E?t2J8ho+l2k2%iqpnjxw-r__x9z&yAa79_C74j7cAYcLi>pGpkN zltuUGD)HA^k~_VB>P|n1Da`0_WxSpE^ELM44MH6Ijq~X2Ci~MZ_FWj6mZErrxL%AB zccS#Du{-lSn?as}lDDu#ihi+qK=UDl)0&_Iw}^wP+^LV zv_xMsufuJA_ZC+|FqEuPr--8p06gCcPHbvTH@PKfFHiEwP2e!Tq;rg~`a|5y6km=1 zB-s+H7Tya2QK~9drtCE@X5Xu+kw08OE6Yo>yihNnt^W8e5fx24%!N;P3iKoCf za%1%lHR>j&(h_T9^nItDygFjkN+@t2J7H5)!#s3;Jk1CSKxKyyYWcvu4eDb{0TL;D z_dp^!z?>Dr!Y3=%|F~>e{@_?|O@xDa^6ZV@*R(E@_DU}DoEY1p*G&v7@Y3x08xzf3 zk(aUTDyWr7{Q8C~wNXCOzkdxPr}M}p<`5WCy@_GJ&B*znbF;k>`pqH!#8_$AxGMB_ zMXAI}olsw5sm{$dSdB27hucAlylJ2K@KMXK$$DU^uTL66bh*x}dkM-689-OuaF}#y z*{S{0a;C(+w-i61{AK0a)2%CXo5IN$#{yA@(PrD>pf8`=aD1ZtN#YuW8ZhZ*%%NvU>+bZ~BwpSCFUMacQTqxZHjd;}~;roh}II zsv%DuD$GPCl5>;52(DD>)WHYivEZ@CVrU=rah+c=}dWj9~ImppGSBJKc- zxR#{Ex3`}~U#EVQeFS;3bEf?F4+3q)*BA(Q>^KLVu&c+l%(Abd*u`T<`f0)`l<(=L z0C$!sfOu7C&XqfG4;|F(z~9V=3h2qZ7Sx${UweR`(5xqFjq20)NtrE7V7cGf)1lGM2%pNmfvF*rPzF?x!wxo*|GPwnf?rm@M>n=TR z7y4DpJcEQ_RorEyY-YL3CZd#^=vCW6ZA)>WT<$nFBSPD*QEp3D*O2K8|M$#vh(?3l z(F*x-hZFDrZ%BO6>vwAkaP}Sgr640y{+U*gVD9NW@*Cx8)l1nEtN>dE_pfu8t16Mg6XAY#3?7ycEN(3(VA(-N;81_jxRH0Z!)AifVzD zxyVW+z-C^he5p7gIpr>O2xa7IJ`ah32hXwi$7NQSXULn$x6Q_$iC_bk_VLyb{&^YE z&}0TtG)pXk0abfZ@+c)g?JtGcnqQ>op-Xi}NU5Fg%F0XIsLq5e7U@MhIb3yiPs42y zU|l_;!*G6$4!RXY&0}pQt3)&)#gV=H$j(WM2n$ z`Lp`W@b3_S^J~I%gviVO>IM_-SmH|~wi%;J)v`;uNA_YHBKiaFjo0xTYYQ6zY<g zL6;^pA7Mt2otZzq(AfV))MQhHZ=DVyi7j{9GEqxVO_-L9D(hmrJHBN<6^r5yr<*)O zkwUoSn=j%8m?c$sl_mQ9eTet8)91FI|AgfV8bjd%;)je|YG)0ie+)q{LAwkFqd10s z>T#(?B?-y}3NE@!tvL3)L}7Fl;TqK9)T+ZS2^&uFD4x}82}i3RWEXlv4)=!WE?e<- zq!`oPYN@MzP!JRYKvb~mrhF&V9)*%^gFcIv+k80&0H_;hPkMw}= zy{q;YcVEc81WSnezPC2rC*n_?2>&|#tBLviGNy%o8O#Im)4?B{`1j73xdF=S9>K(F zB?}mj7t0gRTJ2KR!`|Zb9{Y1kcPGU_EMp4FPBB<2^O_!Vm{=s&H*8$1jt;45wzNN+ z(Ev6RNzNH<=TjzQAl)=&U-)l{OavTJ|Fa@?%ka>*JsVxVy2g2s1i3G6G)}Cyl`rXx z7(Eswwrctu%c2pKXmWvu5!;8EOQZPI-T83jr4Wuov>MWmKxn2p8Qj!U14ViOShn~M zrSlCu)_9VVllWW6Zx}eb9 zb2s7kmV6bA#~X;(8~hc*Z8r_i&AJV4q_-8lNv>RxI6G&c{K(n&QKSTFphNwfAN&jiao-Ux)QHGJ8t;I$oBDZL{z`y%zqL z6t+>1_-bM#CSjQ7&K**S#vZ%QdDYuti57A8WTn2^pJ=mLe*~#q1HpGaZP%Z z4O!*tKET`6rU7q1FElN9PU^HdR`$rEh_MDdu`7Be5ps!7mk{a)<${dM9^oDSahxHT zY0!mD2VVRLOy7en|L*}Iajdv3dQ31@)H=e#tzh;gN&`fZ;M_32 zM?}UxozonukNDFztlg*<{n$|T@qTv=`)=7yJV9E;OMk7da$EZCU#@@GG*boe#OW*Cf?`^3dAxmKyC{`JDxX%y`OR-n3ulTaqKc2yx zpLb82p`9e#9!5tgIl%=Y2SOW}!2Ot0zMH+^L3W>k)D(s{k$pIr{&{wNn?xl1>&Xe2 zOAhJ>`R{wUupQ&wJwF<@UuBCZXkfnzbkpLJGM{;b=WD=CA_*>yRy z)a#WG!g&|25=3OMd^Wtc3yC_W!2(;B!^$9K{}f!4_{c@=y?ht7(qC5X{L+WmGW5y# zum?d-p-s!@92j=Op6u>R`YQ(SY#cL_*B8}!J>BG{AFlkVK_kWNyd2L!ukV`bR^&

      tVp=CX{j$&KdWmLASB3@Y5Fq_v1K|2n(!w63owI0sii5 zXHqQ#90d*?tO=T&k%&{vQLDdyCkPosb$)4pt?Dn-$$5O?R zAh^@gf3GPy9+_{X_W+0No)k`Y%M;Zq>t+hc_K7OFGBpiilkX7IdEgMBMJAU$lQDTX zr5oA1{V5k1wb^x8ob|jcd9?@hT)y{XB(N`!A3lmKfS*bNZbWCRmqEJF7SW&+GjhyF zAYw4=M}6&tz&FCB#J^P_HBUQqH23>V8O`;(pN2ZjbsX$j!s)oc(Bl90Z45Dg|-ltD)l7R4%9#$C~>#ov;%LiP-r8K7pL5JX-<6m)jBWP#-evIG)GmTl zEhMb)D5s)RN6$T}z6K$p%7q@ejxdkhmWcEu|5V4T;j!6sVHV_i5I%E-Gf7vjW{*42 zG{={3`e3O>W8(#@h3cp6El!v*x`(wu5R{gHGfR4Ob8(~d2s8Wq@|lOud6n%Oz{q~; z9-hT|ogUv8e0Te(qCe1QJI-Rv#1L($7&5c!q48`+jMsw(al&%lm~uzcWn2|&@SB|@Ex#ow@N<2SjJV6JOj`vA>D zE_SNE0|p`OvU!b~71@4C)w(0QB{qA@MRv0R{-3c%GER={FWidP)!2up`Ob|HiZ|xa zOym%2&(Alj;PGXT;%be3{s9mO%1F+2tL^R~rqrvMG|+D2Z4$1A#~0|U!6RUO%1i`I ztY4C`eMcVBPw2cJxvcv(4+7*9C`X^})bO;qu1L~he)NP2(E4NERs=An>5WqUzF zqlEl8v=!#c&xp?<$R$o#YA{yd=oVKo4jG$op`wP_R%QQ_h)RZDU*BH|AuQ1q6Kpvj zMJBkc_^3sP@T(HB1kBw5Em_PwS|m=sc6+bETYQT52imi{2tf|YEMuR9hp*m`NP;-V z%kFa&hU>lNN)%a9VzjaNv8;f(B;9rO=uBs~&D_oJbRxU!Ni@k1BD#O4XLZE!$WJtH z60{W>@Y(LOY!n?&5qYrV&aoy`@h28y8c&ZC!AzXB(uczkhJAuSwOvT)mIo6L{;Qi< zS763LD_tVGmnWKa5@r&p8OGuPQXfgstmBbd?bdf{+{-ARqEL0&p=BQr`Z70URybi9 zxp*lX9~UaWiw@g)9=*aRQOoIh7=5!9N|}@QXC+lBP$U~7upr;4VAX~l-${qwc zM6y=DMLu3ZBBJ1gI7m^3sIy#qXWB<7u|Kd2_o|wQOSPF!BqRsA&a#0zaJ_u5Xkj7= zT{U)`@I@s@M;)(9gjS|x26xE@zO9FHV_T08JoxHvCy5iPKQLmq22y#r!oCVW`mkc_ zjQkkT#3Xl}43B;J2HTlFP?rit(DYB33GBbcYQJE)7v(kFg(%z$Rt}3$Nxai1tae1$ zkwy>&E<^Ru^+Feqh~M4m(=zLTAr9jjLDR4f>cS+F)!%f6?_Nb_Q{1A?SRcu{i*j*Z zw9qT4-;xJE5{3x1)WE1kMJ{HkV5EcrceU`qXCLg{pL$xn zj#}GJ<(+HvHD0wRs!0wPV|K8vQYT+!cx;G_G1qlf-E-QJgI zW3Gq?K-m{B-U<8LR)AT$MSq;q1vXuz{>X&kj|9wPn4N3F0A28a*Um4PQE6UlBGWsl$7Em zoqLEAOn`rb-G-#r!Bpny*u%9oYC`ho#cdUeg;^|)p@GTrPLG`#Cg2$41rO;rkdwM% zt#0Bd83KJhTb&Q8e8-*$i&_l2rBno%S&o`8-<*hS#Q~+$e)vybl(!q*Afnf2WAR^| z5DGewxsmkhZwLF!)=|*2&2_ zDDImR(YNo7NSja_7R@cqL7}5l&Dhw8a9aY0xzUOM~!x!}t&AKZ2e}gAH^xRaMpraj?ja{xE*C8>>a0Mb+K;AM zS{a?K0QMKU)Rn;ZVh7QaUSx>1rKsdU1SD7d$892;o>*yki{2xF>hh4%C%l~rozqO0 zYX)ciiju|OJvDxd%{FVm^Oy5uwHM5@C?o>skRhr7;Z#N|{P90{71Hv532+!7)$?&j zL^N5-+K@D0bEUbyGHoV;XB%)X*jw;S#wH}A!QXfjd5H#%;$cN@MtfYn;iZh+z^uvn zEqJ>3ulhJLv_$u0LVLi3ubf z%Ca^Ce~yisdtNR~;6QT~?|=GlcmH!$%DrizXxxJWDeh6bDL`q{gwkD@R+^g_A%DLh z;PQs_5Q@tRqc6(6nD8<`sqq>VFYOxb&Xe|O50#arD7$0O@WZoKr4@tm-Ig|oRK^zj zC-!3A{))XU4vmeU@Vp|;|NqCzqL;UG;w|w=hRKA2l`7DrKQQ`6Sk*Tg>1gP+(73-` zRHRo8lk8l;%P}h1R0R3?=DZu{9-Rtqr4zTokkSB*OqTB-A}6$<{;|}98=&tqe;yo@ z-$Wd?hmCmPqV{id8+nqRV!&c60ycu)!oL>{zXvq|{ldL7AjA--8+wp&)}lgZB~YX&TvRmwkKWxq6m87` z5KSt!CgQhBaDB#>@%OSI?{ix$N`_hGW=wb9Fn%cUaR@Oq;tW3KSud(GcArSwQAizz zK*sW7sA}EcYs=eM1G$zh0+sy}+uO>$QAr$;)M@NYRdRMCPMHE90TJ&d5(_#Q(w_{? zI-ezMpK|^EdEKS2>?*uUIx$amEy2Mfj2|%w-QG;zy52Rk86D0(j~1chQ(@Oc$Z>8( zTwt4nzR=UfJ%Vq{Fh{A1+4&uE^{u8C${Br!tPBP>*;b)Z*N*Mq#>mN~%1IJ1`i~sL!P+iEOYQvjVlntg4wpjm4lVL}C3B{M9ki-3|2YNx3FkQ&yJ+ z)eGxSqbKNQd=YU*ZD6I!mna_Cpke!rR(&)@c9R8`DU(te-CYcxpbL8Ygsxi|+H(F- zeq1mLAP(qbDK6}jG=>L;TS`X2eX)Uvbf#mBk}2M`Jzbb?AYY|}wk9^`iB4c`%Bf&4 ztH+HsTzIZvdO6QH6|G)Q-uU)nzSqdm^#?0Y&-3$z``$|%OJV3YR+W;G-8d%~oL+^g}< z=9TKM@e5Ud6Gg$JgAMbyPS>)X=i($&QeGFp_F<(|?6V5rx~0rB(gN+(ihdfJH(MyrZmBiAk>Q-Q|&>~zGh z)OPYBl8Iz%^VlIWw+MM*O1ogW5W=Z>V*1l0 zyEwf=i8e82mT2Z}Pqrh;l+V@ad z@ov!17usiJXD&p?ey}QgdSeb{R@Tr(01q1fL`Q&RoV_1^1LG^X#rT~o%UqCFrGKs zn0JE1(%d@0sg75MBU|2Osl@Yx7%4vLHH!3j-K68e9{Tf>d zbiNqh&Q}Nx#J*fLN{EJ(7*f>v*;ycFh{j5yYr?T`{NAho3%f8Ds-C7{bZ09$EDl!m z335XbLTP=-EU>VtDEzZ2@Eo?^&bqkOyE+sNmHtS3^dcOy^V~{&{TI=Y%s9;9PK+yV z7}Z*`W*n2E1O^r>=E6*LVIbf%WrwGg;m61n9(wqTPa?LsPDv#?7m4l}_Haf5^8ER4)F*r;YsrfboToHJ_`#C)%QUVQ! z#hjxv4NhXFvE!S7D~gCl2qw7JGs&y1WyYu8AO-9!q;zp<;1SqPvf2v;?e^jZ+$1m9 zfXEth?tzpi_}TzdK&-zAE4m%b6bIku?PnzL%E@L%2)7!GzriISn%JFS72(}A=>}2C z;1fbq_6M`x*xf*S+o?W68&h<@I8JwHJv250&vbw%Zs&MDk=i}`Be8#MU=sK14Wkc+ zgfU)|tqqQvq*8y}5L)AbOT-^IEVQ)IaK!iyieL%w?mPbd5lsQa9+MX7I+| zomBl9lHh+%`~{QEqMWljyBgWQKSc;88^=giR%$v=c})?9+DzW6fBhn5=r%(#B@USz zHWSRn;d4wGY(MDH8mUY{+5d&2JDKSq^Nf2l_immJzt094>k&e*Yq3HL;mp!9k?GF! zxznkZ7Kxyn;46jO2Gt}XvSR#BcOmhPXKCt`H|;G^*R0iKPHT`sNWm>W8Wr>(jF^*< zz&S=Dwm+rBWmMQPZ9CF%U*3<8tEn{R$2B8n3Fyg)*zU1YL#~N(G!~?n4ENXN^+U}x zsmd0%#ebYj$3Y~5e<3zM`J;go%Ssp@5;lXg7gE(uKDcJAA@ZZYh9c6-0bwCuB_YB! z4DH9-)*QWPqsG5G2S*aa;UwzPRJ!r3TP|~}Z~@`WBdNq;0tso!#gtBB3g9hBc;L95 zk}$=JBK#=S7a{u((}nMb$*2Yey6{uMkB9dK!fzaj48EsRF%9S@J0(zA!E#I7;+x~T zF6Tn9BSop+r;r97`$TmYkiymmF9LASyEpyNbaB*QG+g4@5X@%i<)NXe^Dr_zQP+YS z_d;V{GqlbiOEX0v6U8!eqH*MoS70s9Td6%;Za9LnCE;`uvj*dAEc_t?4zpNfOoQ*b zU9Uy#oLOY2Dl|dXFxog_a$rBsgfTnI^dcaque481uUxe*qK+Wq8PJ5LQHIw_U;kWy8?zUdZwN5A=dD}r?C-ppTQ zMI22!97=sHbX}-8w>;T7@m*>o?<+pixzjV=GgYjRbUQn6DR~Hc@P$6YQ*z@-Ew+Xg zEC#?o)luA}Zr2>Kmq#<>Pxz#U zz&+c`3o7*FJ@zJl#2Y_;EACJfVv?^vr3*iB?YiALJPJoC3k~M?AC~1Hu!EF6^Vt+5 z{4lGGsHtK6p^-8~3-H)KHq!W~NZ)_@d{B%`U>nVAS6&?|N6?Yo5!J$clA}Pvq4+xC zU_fL|lXc}DEyNK>wXS^sD4Mn-M%N+1wfOYT!hx2+y|1md9_xR9mHd-+>vy6P*gI_? z+RnCnJ5=TLwUk@fP0De${G!>JAKML!q?(7=5p$j#cLI{i!PhZwAmTz zSf9!eLzZhUEODZs>EaXeO>AR}f*RAu+vLck_~UNduJY*{pexoY>Uz zN2EVFi$`6~07K_FTFJZMGo3w4qgXC&(6u@yDB8v?+%rrNQOxf9|?J zrbt^kDzFYt+DLF;Tfd+?X7`2)8&xHd6I{EcHs{DQzK~Fm(u}085o=U(-R=$jd1V-~ zj?03lD`_dOanc4+3|6X7K}6qXntEZY!W30esZ_Q2Bpxm?z#+TeN7wy;B?{FaCe@gi z$yTs}eA$?AtmZ&JkiL_eL{m91n1(!2v>(=?(ruzLmh$yMghFddpN*>Ke-@>X4nMp6 zt47LdO#k&>ErM}f^yrHQ57MQz#gEYndB z=vMKd;3_obre>I)k1QV3IU*Bei_SQ0gWH$|XMCHGoQ>7v&(3B2j@eE+=rLu7$_7Abi;rQtJv5QV2Go zA`{~gOOh}!j0n}xUq&S^kl5g2_kPqGkGs!xdhkaD6d6A=!r`lwUsR98wNZ<}S7gDp zF9zk6nv%=mzqp8ZujhOBd>c`zRLUv}OhwW;u)I*Nh<7Lgo~v#+`71uDyU#4#rMx?D zraxOKGFTpqYdrco8vPyq6`G{FY)HR}=anue0f1%G?~q6mItiqZ5U3ra?u5sqzP`fP z@~_lh#6Yi5CB>wt1l&PX|29myhhYgTCM5j?90O$^qWpqjhn!CYD0(+r^dAd+9S3sE z|3KaT;-mGX1D|iZ7&TNzOdZ@!f7wSAMfqtE74?brLSqlh*44nBNOfW0&fp8lBAl{m zb8_xyQGJ5sbTnz0bEymYgT~iPHTEYWmf&~HNP+%C7rLSG`i*m*EX7J5duUvPNI)Z2 zf+s+n9t68O`W6)GU;KfQ6b(ZUeo5AFv`XknkcD(*A`gUNXMz&zMGC1je$?6Ow0a#% z9S_bY`cIdZ-A%>zGmM8D`amg{vA^lj5O-Y5(WMVvZ>^5U?Hy1G!D%G^Xi01<>imUt z_CjsZJ2D`swr--p5-{il}2AvB@Gu24IL(s z_Jue}S?PGfRmS?}vQOff*Mz-@Xewf~1EWzJCiKIjFLSj(Um=hy(D;PuGigZ9sE1c! zByr&|I+K7G%;_423@gY%M-_oBbLJavnR`l7A6GB!xQS#{=$Sx#y>CxOqh@k zYVIKT+vMy&j@&jZdM>;*^seM|yS4+@sA=0bB)$`%2hB|pF($?SqA?mb(zGJ-0Po#x zk^ruvr>0QAVmnB9K*Ke(cTuQfyxJO6pn)p3lY2FB56537IEP7@c`C{UzYK? zeb5afd>Hr2>rS;*kbE4mdU7?xf}?(Mgh1l;4vGtZ_3H8WNjFB6PhVph#(wiJsj4J& z)TIqWpRT%Zy&BKFmqIu;8OD8X$KbRGwt@HwZC=G%MXow-XpAb{K3OJjyGRdBy9e5hmEC*6pJ(w7JX@CnNk~FX0xUpEW*yzne%G`|03;>L zQ!DvE1UpKkx$4sz~&;*5QeCcyhA04F;7@ti$LYv%veN@(Q;1utM=^wm+aF9ad#E2?KuRWZ2BbG9lEhxx;Kt~XvkR$FxGot1!BsIRMv z=?I)CJB=Cz+^FCTpNwK=K+#o5yX;z$x`Yqw8-um^jbqDS?AY_%;ba53j&x-s7XNb| ze~HK)!FalZe5kSIcNMK5Dt}U+5Uh0p8H-&e4EjJ2KsZ#e|Dv4tH84sjp|s}F`#7gN z&jkk)Hfc#Xl9V;6n(bCmws$K0we7KUWC^b-G1$GRA98jci|HqV$yNi9Juk45ofU#f zy1Ge-(M=gfYsrB`D95Zvl?pD$YK(Rm0BsmoE&Jhz){_^{nnAbw%fZtp-7fy?>A`dO zSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Q zd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4 zsmIax`t*zzhNUO1`9S*PjCCe01sIJDhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@I zNV@4sXX))SZUfk+^b;h@J>cr{4(w(L)Y=SD#1u%fNt28hFx5Zf)2b=^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf z*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qay5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58P(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_Et zUlilu4FpSEIZX0EYTwrTe&zLWHeE-n&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24M zf`w9(+NEu8wm%ad>5XM$c`are_DRX27Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p

        !Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBw zqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*i zWl@-?iKOL*bGY3O_EESe(B$iMZpEslq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb z{X=U!C_kIObn`ShM{kENL(QeRZXfmIu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuux zX+VY*13t08QRA*LGJ&wKzaX2GrJK0pzFDALDe1^0Ms|&C^&%%>M&xapECA*9>6))p zZrAZ2!MJU*l35>+o#v-9@D)%bGw`KZ03RbPCjC)59HKuBMQ(`QOS!rDWkF~!RnpdO z)lgu!#X(20cYnAGpwU+~KP@ul@VSM=jnE#Sx(Y$y) zxLkHTPUxKpdK^T(>1m^W_%0rgQDmHsS%F1v8&=ns9nnutw4)#fbW1?Ho{Np!m^{{A zdXL$+;|m69f>mn3N1L`@}ZxW*0pfYG~4c=W!2 zuK3*@vgwcixEVyMH?SrVtR)g2-9`^|t^RSSR9}E5K?7rLRz6f6CH>)ofjBr+r#LL! zWg=GXA!-g9&f2e0>YD-{l;_+w^nKQN6VwF}O9rhnssZ*N1>fmiE4e(%6~&J6&oT41 zgJ)s(PW)Cmocu1iT)@e=OR}t;JDAiXSxmw97YQ8)3;U&g&ItwDmB?8^|4Y!5oj(S} zHiW5)Oj|o-G7Hy(hNHPyt1C_Ml0^NRI0hwWKtWa*ejW5yt}<7|a!fhQ8MEu<9LucAy zG)WWXFV;c)!D1Hm6K)4Wg!IIDtK6~T-M$P|L2Lw!9XO3vg8jjO6yL+>lqyn_juAcC zl^cQOP)}43Rdp)z?yivDyOtqB0roQ4U~V%-VXT~Y1cgfi-nD~%_~&ueHoJ^NM6$-# z>@wmeQX{$VHmcoseWu9v;8g}j=LFf4q*6Rqib=}rz~Tex%F!~3M6?boR=1WwdHcA~ zoRn<-t=1&g$~pRM1UQR^>9S$Yr+4OGG+n`G*f4}tDeKrjVIT|q!FbvO z)b7#+V8Jbc;ZpqSXYSZb!HccC3Y&bW%ICN2Es-Ds3k1t)U2u8W6el7fRL6}J+zR7Cv#a<+q6dJ_Fc_r5e zgP5~3Q{_5UuTAAFI3{)MF{W^M=g}G4Szn_$b>CG594d!^S;x+RNyEEZg%cg?5G4n= zmLVxX35PAuIb0)=+)rWuoqdV=Npfv|M#7OwSQmHrg^Oy=VFm;)UxUC0Gykrtj8Z9G zc5k_nOQnmmYCqPT(KzD6J(aFtn1zc?7PSSMjTCc?w z*m*{wK&lugN(}mi@*Z$Lr*J%217kP04By^MT)0p-RCavpdr_fuUDLkE2k@zF`+8U| zHuztm0zJ(pIIs`8!fkw-z`VOBVLY7D{GBG8Ee>03*pFsi%5eyfx6F!8y0Ci>f;X!C z*~2s$&irR0AtB4}EFLk=9I?i^M^djAEb6HeD@j~@4#S#KI)o|k+8Rs@`<$W0PckHg z6y?mCZslZ3E!rjt9fdcZVOG3A7k(!Tjq&wGzs?MW%Yio#la<5H`&>CDDqEc~u3bo4 zSEpqjA=XVIC9-g3T$5CJCD2(elt}Q9dh6OVckoi7QrTx-xzLBOt>YXpi7G5wyKXEl zHip>B5fRS9>{K0TZpyko&5QGUA}ILn8d{+mf9|l)!kYb=(d05{TZ5~;s2u^~gAAgh zGFo3YE8c%Fv4@h0#tL2Z&#^1!RLJ4R7e`Olu{u3;4ze$Yz;wb~$%Nus^q^UAGGgZu zKpvyG$|5||I!u9UyIBX^_cw8=jQ_Txk=cr(I^8&{%(TUc>g}4RqNpWpfVGm;%NzZf zs(kHO-`bT?QYK@|M8!CkucoS|wP^9|l6wML#}Me{R3B8XXvqiFP3NsE_kES+F-s!q zZ3fX6Ej$PE$0wx&VTv>RLQ%Of^qB_@3^-+0$8nt@>e(?tlT04mat>BjzuYNvw{P@Z9 z?!n*pUmX@en&HJ(al3aB-v2SPfbD$RYpnn8hwH!?*4G5M{xm^8jAH~5A9cVm{Lh*{ zUwC#@HU|#QJuk!c0;U?{Q9IXx!zCicXmu?1&SgL-V7R419x=^l$h4EQ2np}1dgNU$VI`Q~yT=VLvs|uqg7(^G5l3gd=GrJaA?EB?f+YcvH zi@~I#c=#>nSNDoEOo02mQA`U{D7JQ|wAdPLUy-49mGNrSKIdIP22BpE$liy}L%gu8 z6IyIgY6l9ZlXQe}SlzN7%v-@aR;zN1W)i-Ox)?gu(0K#f`FI#l8ud=6zV@cId1PUz zHBc97`PlqzxGVoyt5`6sW@%sOB#h~mFjXeJX3k}9n)ss5U^+Gzxa*1Y287U*1I~`j zHDNOSy5Wya^C~{M^qjydJuH!$KVJ0{idw?(Vi{|J~l)+`6^@evaRK`>)#1 zFJcE?sjUS2Q(zLaPA7O8j(}LAZY_Zx^GVS7VMvc2Vh`;&{c){^5sBkj7N4F?poRW- zu(h$d+k*euYqEj$Fg=-E06WqQ4w8NwnmvtyCgu?|+8ZNi4H}QU z7_d=?IJr4Zf(GSvlvnk&zW@YEtQyY9@0znIVx}0ZBq^ElhB0O1BDKxLz{lbK zkAO&flaLHOu;4l-PQD9ZS#iMlJDW_#o%QvLi;H$hgKekTDV%KjFkgRq@aW0&!zV2@ z$KO~0)pc5XvmhL!+dkzO8HN{_XDY;yI5Ka+2++-&?7+FKEI=8+Cb6x_UMw{_OoC~B zz?!Q1{$X%%SPy>QKRh^W0*v1eUjO>yx7We%`>$T@KYxAj20n?V$lUNw48p*~c47MBsrRbd&p$Qgi2r6?hUeVA8rI>iDxr)ZX= zBs{IS(HIX|3IWx4_SQu;)4r$Twxa1FE^}Lg1+R zb@2-4sTQK0rxIV(4JXBSY)LOMBY38H7oZ(bUS@*Of#}7TMeeHFhM}@!{c`Z%&z=Mg zv=_rU+6;2?Q(Wr=qm<*KCzNj$H+BT5gih!)Eh1Sy4!CF?%D;2PXZUJ?1j zS_XOI%w2tDCM-{iv+OMEO`-5Yao&{k*Zn;RtlA~S+!j8t^{Hlx)(0L^7^eysj)fnd z`-c9cG*f|{aX|H0z#1=Ufr02D5SqV>rEwpWtg>dy_4d;p>uVQE(+lV#UFeR1DO{ya z0V)kx#HLKL!O90*{Y#Vkk1|bZPZwW{T@c<#hAg<-lw@plmECSittt)70Vi=%$aE+K zIAoPp-Kw|iLdQFUs{Y&wg2(ZIE>fW46g8Fxm~!n{);JG3ylo2C3}TSgjHO!V zY13)SF}rV+VOq2)I%u@wWHM!k3##*>YA1@(Q|IRAOYzaKPkw1_?|r}1Bt9VrMqv{7 z-$j$WosRQ0x(ccWe0`@N0u@ zAe~y4cY|PR%}G~?w`;@w(pFXZ`{ZXFDLeWWmfLwtif13|B2AE4NFq0ByWV2jEkv1%7Mq0kzPWWKb*;Z5}&V2V6dr(Xl3NPDVn{>69) z6X85J-p7m9S)$isLWu(Mtw`EOpf)Kc*45KjSsyv8B{7Z}2s);QS@j{{G>5Qy=P(xi z`X~P+pca_Ty?q#RerDp&{7;*Ke|%^bSOw@T%tk00baDKMZj{BN%05R;c&5h0DKlNP zPOqkkB=-)7W|_|5eELX6 zN&*NNz#Xud9rxm)aW{JCPR7zSzbarZ`Y|Oyc8S|`uJ|@SE=ihRieiNb`U?D7ins95 z&dNNis237QG=!qZ!USvSYS|3~n{m@r#ZkPV0zp!BxQwGg)i}v>0RzuqOapCA!wfYT zwJHuWZ;F~+=jve9uf8DgPbPn5dR&)TP!=hnp2IH7Xv^NM1ub{<0zSbg z{&3PqJD%>t=~LB7^WAok)|^ufH081gRHYHTsTiJeyE#(!cGrZ6CagDA!(Y_a4V=@C z05UB2KT!tQ7aAR#EY4BcFuVw7c|gk$*|rMj?(hiOf@$Ii7fq*v?(x40*^zj2xH`%J zI9^m4(U6T+h-kMyI+)$GxVBwk|t`M>fxnA%2BR)c&AqPU6C6558mlQPM{x^y2!? zy-*A2@T+`nOD(+Ow3@{gnY$pIJjVXGVot@em$D)c-KUOQkk5p%|6g6iRHI+$ ze2KjJl;x%;mSyZ>Da9sjk;k{Ph?opNk!qdI10=P zFtMPNWrwy$gx=atr@teQ8ikpHE-_|W`8l37b#fEdd{Llj&ZMP>RV*=y8#inFpx;H& zxDdn;ON|lTu$6kPJ47>^}3;*l5pM3awR{f%B3P(q^bdR=xazb{7xem|S`j ziLqq_Hphn@bMe1~%OWUZ2^N263pg^z^?6MfJ=^fMu>hr{bx9s{y_Lm0rprK_gB+ED z)?6R!s?MFbW4|*856hC&R}f9Bou3qR(4a6pE6W)EDc4)0JdqTCGAE0h`lK|Gs8?%H z{&_QLwMuW&7don3iZBq)rDvDTBvv0IJvZBFXeGK7VB-(k`uIa{5z4G8N~uQB!Ab7fZbInlP+| z`B+i|0BxRh@ksonlRDPdDBv2s6wA3h0U{%C25?s=)h=e>j8FXTg9ra7SpVPB?Yebs z7fdtH(--5GvOceTFmUWbh#m)S&)^GP{{QQy?tji{hUIaEG40A$6ECpf{@>ZVx9RKu z?`_}a|NAVz^83GXKff3+P^sD9yw&XA-t%ASJum1?xfF?}FE7wPj|vTbp5NeEn!Jl< zW6L3DMP29gMn4MB)jJRB{8-B9tyuSFv5S4K%F~gdG~LeDoNr&FM*L^eAV13yjpe)GiOz#FLL2OrS>+^0m^NO2i~essC%-Zh?3VHq|zI) z;zm@4@7#m}E(^!4yYI?^_0_EARQK`HVyHgXNL`&zdj!|D8c_cY^={33$4`|;Q;op= z${usuT9Nj6nxBDgg1PeNw-;vXc$Ie?H8x^p}}lg|DWSG zkN@}f^ULu5t=8Nya6bxso~W>KD=OTI3ZGh3_?iU;>E^jQ*FRhNbFR!~x=@y2G2I4h z_BHKMnnF01Z|(=i#N=onp+Q@EvJ2G0i`oH4aVBn?X2CF~S(nX^2tacqSCNWHoOPydrNl_7Y8j zCdEl;D%S`kg4_(oL##@J3g_A2BA_FRl71AA$~MsD1EbP)~p#t79!E^9=qa zbyDyzE)*49UKYFiozjz-iapAa6gSG$t_Cm!Iqbm^MG}HEG*qQnehPBx0G69}PXot2 zQELpesW=~w&c<)@;0@Ml`az1iFzWw!6#U&R7k<^Ymf|6Ume$;&N!gQ+f)4s7s_gqs zq)5I3ns`)toi}BtF}Dv#_?nqdDIv(KX>Ycg2geT{JU9-J4&YgKKsAnW7;m88BV9Tc z>u?3oL_l30ueE~)lEanm_`DnE?X_iRqe|SA%*mb5N!grw5r^)p1PJ9bJ9Z(-BepO9IvRio7#dUgH)RX=T1pB@Ohhua~u(;A34&MPKp2H#fT2Ibq zh@s?RG?V#~_zN9|Kn~)GivM4$oUk7HoGA;v;GN+=7?qR?0H)1G9S1%~gBY@4SMQ~b za`s4|!TG5itLgCSgXPj8UBHBW9WK&zPb08>dZ;G4rGQaVgoJLZMn1)O8#vpT$nMxj z&f^XxA3&P)+Eg!=%k-acVd1z(VfHSN9?)SQfxW#Zw({^cmd&tz~loC2$1Sb2F2H^ z2sST&d#&VA<<9+_rbFnK=!1w@#}rb=+zzg^96y&t3Y|vj1})Sa;5Om7sJ{fqMC6Wn z=oi39wK+o^;w~q4ad%CvqLZKOWICk6fhrf}pzT~vJldtE=0u};^K%BGzY#_?SNuVa z8I~B4kbEG(<96@_#sCi^%8loe5&_T&&}R)81TI;0+*E=!QK=QxUsuY?5f+wRAoiFe zGfa$6j3&X|G`oxMcwF+dT|t(e#aMp%Oh&Xrs@x;1pdlSE;zN&geMajfS7R8RN11(W z1=49ki4(`*Hm0MDT*tWDu*mVGxRRJ}aGI3lxx+s-v(X?I8`LdOAx(1t%kU&NS2eG# zOt9?>6{w@uVhS!w)0T7sk_sN+|F(@R)Ky{v`T@fmu3jtkZ)a;pJBt=c{cj`fVKTfN z^(B+=opL#O7tJc9t|s3Glr(Izs$|P1sTvG$Omd>UigCW3oNjEy1}2L+EXTe96o6Pu z1bIYzf_DJRoumr006S5NE8l&m|6QJU^o1;qW*2F+bycc}#3Ch$HIM~dTL93Ksh+`J zRKUe;@W9$zXgO;{v!=Dcwl9W&f-ejx=6lGE++GjNh-XqdMu~3@d zu@l?4<`%5tWsTf=!=+;FbX54WX|Z6oll(^7xycCe=Ru;cel=AK`DX@V)|M`iCJZz? zb$whUQJJch`5>s{;8s4+)62T|ZG583hG@%}-M$$VEmQcTM&v`|ey!)uL-QM!M7u7z zmw=`kzto+$ktnJxjH0e?% zCM4#KTx!(P1z?{N%Pyzxw+F#tGgQdqnLuop8fD+on4US#?#&PRs?5Si8~qz?r6gL~|r+r#x7sQfM+- zbg5Ew#|=nvb5io<=%}PZ&TWdxUrCn3emIFI-kT^FP*Ez|mk@`BDA45$R%M4cK4Fq- z7rUf@6dTJ)C!$_h1@NfUT6uH3_?rh{HgZ7NXQwPTmcKNW$~(P0N@aI~nYaA)C{na0 zrkvC)GUs${mZL~9iimTfs@B$2gufvrK=mS1R>ShH;KsP)E4K320 zuk`biovZ}Ep+B{y`a}LtiF2?nO53PZe8~6hPXgeOb7DhX)emcklvzhuUCJLqhrQT4 z$xSS2N*KAtp6M!?n8~%+R)?pP5~T@{j+R^ni$qxLt)6R)7mrF@Q5dv3E9!ImtN@Pm zB8M_k<__C;7 zM%=*C>?GCT8{SIv1U8vA8YmzXcw{F zV7Z2NC2V)lx&rsBkWPm9E#jP6=Si>1@A{)qkBv}>5Q1|zj%c=K*g-c-D?AU=Y@XZv zdpUg5@Rp{o=2BNZ*=Qr7v82mDb@Gj45MxfE8-p~~D;IklsP>v!EqpoSx_BcVggR81 z5}?ZB+;QcMEBfbE(kWxAk}BbJOu}9|weW{R&MK!!m9cJ#+&{FXGdif4k??GkLPsdVe6&Q7p zT6*vdm3#2LhNC_$=$3#15aYOYhaVpwW9c93iI%B4@0)?v>367VHTp)f?L+7M#wPFK zpOD}^qk(7INE+|7*eP19=@OIZYfrMf7q13hvSn2-H0?6i@v@V`49se z95zhvT(u}SqN^ySDz7OSn&nqQ$2~OCf1$VJ24lfWGbN@HJhGx`efK1MXNj-5>BmuQYgknZZZc;& zUc)64#gz$)Hg{}p%ss$Yhh6$~X7wlrmiOOn1(#o_??19Xf~>uG1d4n~dz*Nv;^vNi z>Z~j5Mk;D+qm<*nbCXve16GAF z%x#y=6@D_?>!_eT{8;H{RnSLCHuSAS{nI=Inn4 zwTj4q{3(Agl9E}RYDoq!8Fatoh697K%$8~pO=aD4?ko*h9GW`8aa}3VgZHb(^vxZ2 zX2B2g<&X8_n?Psnt<(V`S;vxN@#!g9`ojcniaKh->5@|pbU!?R$EX;us~h4jEV)%H>UojQga7w#^!NJ`}s>IB)vyG*kfcdPwYIvE$~@u@%ts zQO;@SSrS~2ln0)zk?jS}H`elr5}&SKA3JoFOJd4p2cyG@x}+3ByZsv$UOO-mpNNvU zDGS-IE2Al@P3QQjJL9pr1W9*WR*R@pr=qO&sym^Wi697|JK&-_daaF%N~f^?)kK^{ zcUO0c-dDX6?D32QzLfxo)`PhQg6pcVNZJUQ0&3^Crg#H7%>1gZ7aV4-zgQEplr75p2&@n91A(Xr?4)*UBd%DD6-vpho8FYH^|NSQQ z?R)vrt@pxg-CfC(G=+y%ONp;nms!iD^)c4q(FJt*v8%iM z{U6ZnkHO3loXTabEoZ3PmFRN4vHK2a#qmr1T*nI`2F}KH(kaZ;Dm!iO!aQW3zdhHO z-z%(X96TfE@@(!TRdOt90py*V2j=`(8#yOwGjSk;)1(Sdn793ECTH z(kt`3y!2V*g7ce%AJ1c&JrJnJZ}CFMqfs=7VKk`fC*Cz9x92p02goqMQrCk#Mfnnw zxP>sK2{OR2DmqDqyLa)4U_u`Mi)`DQ-e-bDKl~8MGrlXX)ieN^$fGKkZI$B zB80BixATfyiX?$w8kvvqG&vl~ZL>_>$RSn6}lDeGRD ziN#!dRnFZSo^kSqQx#9hvr=5V(NTl6^;&#%T)Yn^Hk+&gS|h^QDcuXNn;MMj^(GW5 z2QaTwbnWA~j*domH~{gI%4crss6psS=E$Fm{r#4^E+izVcu^GYi0g=#uIn4n3ir;? zvM1adg-I^&nE2JrbT+!`T+7`ge~$w4@|!n?w!SpingIyccpY(UhWJ=&Xhiu`5ZWZ0 zk)|d^{Uz5zX8%VCMaY!AOL0zAx=AmOO8_oHKv5MEmFs1IY0LbSc4EbGW2W$s^E4h%;atk;8Nv}8XHlPR15%pUagVAq zu>g*?&XH;4I>16jo8KqC4Rn5_yzGQ=Ys$J%R|A95On5|8Q9H2kHz z-RYDxw^Q^l-^xzkFCi-m9g!5F(#NPMU`a3ls^fdk8a~=hkEt~3a^;{m1}z?-%1M^~ z3z$OmY)qX@Nx;%em{p-tJpXWm37|Ewg09rPtc&(8XOg6D^?<=#p1*kAeYt;l_~fx$ z5>L`4AYP!SIV7+(F>C-V*Bj&k!uh~_3}wpth*oVP+<4`_5W09LT@zxQ+ffy z>sd4$cGKy^lmS|h|MT9?j-US@{&`#f=d=9g=6`bb^9!c`yjoe`+bTb|shw^%wbQqd zF-f1*7gKeAT|Hrv4P=>oN%r^Ub$jK@Lw97Q-~1jY0}yogv;J8;fkm8V(XY`EuR+a) zy_)j57>$shR zDf_BwC~Uf-=xAuyiMQ|XA&Pe1-{0%*?cg&&$vz|L1y3-rftHA=oRKK+XEBhCH>~eI zQhx(Lki7km)m$k5%8@fQ^Qnqkf#rrwrL6O*pG_4;01%O z1bpm+lWD@WHF-tMx^vZsEF7~_rfg9^%`!8m6*{e?Y8t0G)`Xbh-9(q&?=OCbvx&~L z8E4j2QtAb2IDrfVNo3{BP;TZ(Ia__WdO*^J@#O4Oy1muv!7$)1#Vz04p}*v)uYDWG z`?@E|9B0hs`{A0kNQ)s%Rnqxv@Ckoe6St_Zyag**LV;~Eo{xA_d?9Ljrp6XlHYV}*T$~5o~KXK z)3n}n;5=52geKVy>bRo}GgzOKrg${g&PbS~#0Q!jn9r+#V?jd#AY2DCP;_Rn2jtv+ zurK+s2QeI8gfq?ygW#UfvI4@qOo6qY(OP**he&bmfVyW%G-;3GewHGS-G&ukkCN7u z9~s(EH$4D*i>`5mn{4@64OZ7KgVrO#`M33z z4~)r|Z|imI*qZ--!a6Ho>+eSOKiY=lmVlnG|JmN$+}-x|KO6UM>py;$-(3BV-p?}(vBLMF*p53fP@xn9G8O=CGj+Mq$@la8>J+GI*#*WJ0y;U(~>bcDuV?%%}EM(#$qLuWGGk5 zZO%Y$D7(1=MrputGz(LlUui0f6PxSV+(2q`4a-SxUO6i>srhrdayoN0j+;zqUNN>S zCNB3!cE!}?^T%?v^yF$NH zz`3JTJRS|iO0HbmcCD-%1vD`})Xw`s1bjW7#yC-t>h^H)NYJ|43+pI1M7=;?N%9I6 zrtQ#TV58!5pjxP~buMiNVyP!|lSWKgKnkULE%Sz6ld_zER-OUV;ZOY9};S0ppfESf$C6`j^^}~DW+&g9F2m9igg9bWUzM9S~-XxP; zk5l_mmc9|Q)D(4NCI6ed;#8!7SWfIzHMSD3SCe?>+()7~En9~@@UHoLHY@4(b>9!*@j4QoJ(3c_}+nnq{5}ZcxJRCNQvnd-@pUQcnxS5WpLyE}j z*^DM0hB#3bau}pDNY zWk@MY-LZ;N#DZ7%=U4}VG^GHzQ3@1?Bf~Dj8C!Vc356B*B2?_;O^!V*oc11N6g!Ux z6t*@P#CRmbp{7WZKr`&WLr3*dn1rY7J%&z)cv>972O}H~IRH+Yl;hBAWkICG^0_jb zu+w!QZj9k{KtBFz?a480g1%D#EI`x0PM;^_h=atDI0Q{_IXje~p(o50b`a`T8XDLt|E zzuccAJ4)1Cg{0+%6kFp$Ndx~XlP62Rrfe+5euEX^cIU$}5y_Rtu3Tyu7zOQqm5~*f z5tAb1sz2v4W0`n9?dF~=ldfdwQ=5V}x+7v&ka2%E8+U1ho&om`JuFKk!1H0rMCT2l zjKQ{S7F@QcN&HVYCGZuwDxCiQU_i{ZO?gs%RkVvEGim0ES&Zk37T%Y*1|`YN_(zGs zoE>fk<-(odTmcgcxjB@WpgV0lEq+>R3`=xUlE%0w7c!2Z@+=STM(@d%pWh8Ifg$@| z=$PdGG(#2=eZy_!YkDxrG7#JN?;OeYTr_dFRNq1~e{+q9=`S9|oicieXF|E;xzwr_ zGmk8j9l9t0;LKRj-iBULF9iol&#iJQ#tEU4sX7#HN-N5g;auy~i4jE#822g5DCr{| z3BCHp8L&cNML};0He^z#9i)Je*#o2iQ_L5WMIdS9-0LZ{wl8EoCbkjrd!W!*qdiW9 z;UbQKQ*vlQhr$(zL9(EQ=wU1FV;Ewv_Svsa8J)g8^(G9a8M`eZXbHLpi1wAEzU8BP zoeQ!VxG<~>Q@tp^E4^E>y)tBZK7xbeqOzkds#hcSi<+2Rg8ykH^<9yNEEgKROdoIQ%R~!#$zNt@JIusW?EfU9o}~}UqXw7``)|0ZP^}sS>+|) zdhPLv7VV>rVfRgs3>GRvmS^eKMg=h&DLahv(!`7hWLa7HfPINssX$K+y32^kZ@Y*9 zR!JgQA%9Q9TncZVg(z{IQzZ~tCd?;BCT&WD#I6k`sl`+^=}*1c)^4Fk#>6D8{&x0? z242`H^WXo#NUCr1cQf%{gM0{YvdE45QojZHe|9$Zw!HYS&8@wy+xV}~@hgx2Qv3M@ zbN=j4ff2|sch3Mw?BBwE+6x*#gz(2hgx!wQAJ^>99-U<%Nu^`F$A1rpShESf?_W4y zS0xhKxG#x>;Gf^)KX-3a3f-m@`h+QkR%%xYZ-nD09y6LgUn9a15Gg*HVg7J3Z(b)x z(#iYranX*C51$gluzbWHw3rvw2d|kKF{y0nP(8wgyYRBkM+8N43<&DQ6Rgo298OP( zn-nzzOqBQ`^jA*VzIl$i9?JG{5s72t3jRetkxzer^)jc_La37CsSP5yHZi~hm4~J< z5-uSP>6Nyh0d76Uc`%~DAZb|AMV=~?s@&094}#8NWVXuy+sI{yb8;qPTp+O*4lpsH z?lhPUU6C$YDEKS?a5F4CD+5DRYFO??p|L-nG*G{gqQHo6t9W7 z*vTK2=gFeikNJ$ha$T-VCEw@jEdPv0d9I9Hk{N7qj;>oa{y*b)bNs)5K`opAb9-}p zXV=gF0N>y8|DWSm&HwxR`EAPrx6J=7^Zykw|6eELtU4%VL$1gVc|aDjM&9>p#cY7+ zX9;-Dg^xI89Yql#_boLt@EZ=j?udi!ssY309a;2N1#jrDF8PcYOIeP4yX6oHArs|`+zT;tB0m#{a=iv;L@1g%;MF}U z&GNHSRT*d&M?+)M%%@pYvGD$Ol~}HTWx`@)R&h_iY9!pv!=dCN?Xd}(TvItWW)M$A z!=NErH9>erb_F9vL_tXWg_2ChUQDuBe@^gaB{|}>Cbn6No=^pG72C|g?;T`JI89JT ze3FmXd~jkVlcbcsmCOUVy8eEB)}FkdtRmD^=0~ZkP z^yI1}psEi6!1M4zq~{V*-cU`+?ld}+2tGldLp|x4nWsgO3N3Lrn&PcsO|rw*LhFe| zxUAEt0CmkGs8p==l@AE~@{L#vkLqRi*qgy>xj{8hti&-7UAa`&8ATb;!!RD+qVN|) z;cH{?br5*@Lr~IO#%~hwk&AIYYzHb+h==UDuM^12;0e9qat66~w6H`L(++Hwg$ z^6FG+9df^Bp2Zh8%F9is9;T`HW$r2SPW*Jtl?ShK@*O6;>gw`&aiw7tS4ij2g>1Oj zqkY<07#YBlqq`~Q1D{Jnn!%sTcFC?ss|Au1%uaPZ8e`zJot4z0PzDV%?-J=PV{|&mgdv-l?SQL18+Zn1oPz-o*LS zu&v4sD&D=s0s5PyX%^x;peZF&<^zXy{|$)!F~5DYadd1QI#|n73AQk;$#ACjwH-J~ zMkZcAv0bZLx4EUlSEa(}`p(;WC4y|xEKfnQ6ls>mb$Z>7vR>VJt(@3%lRDI+)Hb=( zU#k?SAA++KDSmw&|GWNfm|i4#JuroyD+&E4rSnT&Db<920sO1;n7*Cmrbl!`SI4L1 zQIRQ)Ra8J<=hC$9DDjtQtP%C$`Y&f_4dLS%2Kg*Wli5iAW*-St&q-AZ)u|?iw=&~L z%Z%6IAgh_IrKQManX@@skW$T}3)gT#TnkL;Z7cb;1)3Fv-r$@@KL)m+_oq9ad@MC= za@>*ZjY(=MRq=8Rbe=^zV0H#Lpt;;fs4OA5L^*~Q_#}1uXObYf;1mn#405VXF9fw& zqV*{d7)cz$!yw2wPYhQavk5P-(v6&pg%xui#iJPGMA4~>hSH5sx@5F7rh!{J@EPd< z>~+IE$yF?iYX(}uXfPd#W-}$md|CetL)H#J>ch_`7noCz*Ey>NYQ+jJF(t&7rDB~~(7l_Z_yopw2q ztuU?mjG(s@+Pb!S0oNr4(-e8fk2kTootASwotxnJK0=(oIy+Z&L40~fkJedB^f_tL zb&A)r+vb3)w#R7Gweh!c9*4mSmjhD|*P2Xz!@+>^Qde+j7D;Ibur|VQnb(}nn_N7H zaM_{P$5>a2Fj|Q`wb;qB+XIC-&EZ9O8Oilw<*(MzNcl(f@U1Ii zNs_swVxYkK>A?I2bk*t!3#sVktJze)im}8W@9fj`w5=pjT!p$zVpTf&0wAtCjJ|M6 zj2$$|g5#(%lvBO!(6ADW;sG!kr)hdJ11^|c1%<_T8xuc5+)Rt!!c$m4N@~`dvZ{3z z$nn_>bDmiPX}9g*eZk~qlsO-F%~@4|4YT7eXJx+?(3ckFV4b6E(onCOhOA(Zoq+q* z1cA*SZfNg3?Y?y@+n2J?JQlpZ!#=(@XE%`1bm|y*|Iq>(iqlH-33qm)lb0>SlD_i!U&dZ?Wz*A!1K5ssgb{vjL~0 z4A0Ye5cK1WlWq;THdWHcL@|7~sKx&or{-ks7ljh}inB)o>UyofG$Kbs%-b+cVk(|y zQOl*n6!kLncm&$fQac^HSRwY2ER;)L$yrToBiC#MNe{*klWAlFnyEiz7%HMxD{df2O(Xac@|N7+Vi@&x< zgPZGP{{6psZwp>}`@gw;8~^=Tek%d&JJ4aqf20FsRq z139KZ33bmKrss_<=$TxFH0UI~F!Cf_$(vhm+bV^KBEI}$Ghp%?_hR&Dr!UxhK!TIU zaiX*@+wK20ornto&Kk7|uv9J7=di^)7^bIjU#Zhn%1CCLj7J0>-#^V~~0$X@-e^`s82~D$Sb2U~oe5A!o}$#OZbO ztZ&s?0{q{$@qfFu!6)xkG)m89L;(;=cjxaC>dZCF!9GMkYC4Hp$7+ON`RIq0Q<~*35 z!b%|0sa3&K8xLmaIdSY>NymIA@si>+u-Z0|VV*tu`b~Q?)}FmNm#oRHcM+zAh5x-g zQj@vg-Xh|&+rs21JNnwEQyUHile=a+a?^6twA{Q;Eq?`MfO$d>=vXAF)P8&Ql+tAY zr2w43^F@1Y;A|A&>~ld_3l7YP(C_{RFFn0Ph2wk52uwI)YUmcWVJ6c8f;Z^n3Y`wq zo`qzbaYYVXz_t^rGmVS^rUQ`+BPCh^6sG&zA(#K4M*rUw9bm9Go-N@`IAnCD^lW;% z_sn#+TU*;S-9tHBa*SX_XduIgY+QvAP$D|3+2P?+7?B+L@g#7NPrBWc-P&nwZnd_) zw=NlsYPXLYlSsw1webzh$hocxg{&ZD))TJD>SaTE+4vs*kN0wT5zcbONg;?h%PChx z(Bdl8)>#~f4x#b(PwGaV;E;wg8TO{uiOZA(B^u{qY09@yor%YDNrr7g{@(n zOy6UokO@-s+`!%{!2X5GUjrGz%PiPxZ@1w_rb=M22$^ZQS!j8J3^d$6L}1`n%hJKL z&pa1y6gJv0?KiCUTWgBO6giz-ZcX^$1sd~ZY1yKPsfX0PV**XAV_;aFLxL_9#f#ye)FyRFS#n(3QIFJAmtYiDnQkndI}rTAuBGW%nx4f zzy1}OSN<5*|K`m(U=iAO^5IjE9`_xJh2*XnE`Kqzp;Cyq_!4g zObghvI32|Oj?eZh8G;duKT|9p`Qc7xLq0_rb5FVb7TKnj;=|5>t%9q{3~HkkQMT^` z0xpdx_%$O6Zh+JjN`u}EnLTE##}kX)WGYJi3IW8k=k&k3cLhYnucd#?wnXVqb87^+ z&U_Tnf7CkuvI<+sV9goL-rmmggMp9b(BLdJ#RdX=g5((P5u!#oCY`%Wgbiyz729%e z<0{JnU-M9O$=W3DQ<0z(l#O8soer%_CW5r;e-m+a?)L0%US)fBH~sBVWrQfEWRgvZ zjog3vy5z)ds@?GxWApy*-tvRMuXzy9kS+v&efd}7*NnOca}z24*gChH%s$J+ceeI` z;LD<+16&vnMGU|TH;em|Zj_wIS;~cJss3uprEe6Ft^2#*8z7>>h*VxL919liMc)R~ z@5b&HG;%A6rx*;u6$Dw;FM+wo#1#6)D-`d^9i%xT_ z#OcL}O5Om}?$wk1$IqTvEw-@5qmUIb-8cab#`sI-?AK=uB&Ol^{XJ@k=M}_w#aOlU zqFa4@zsZxcxUP=yme4D5F(?oi#@yx0|B6(8h;a(zkOT5iWbLD1i%n@)HRFN&2Fma) z?*iQL&Z_M3*6w{CT8Ekaj7r>)3`v0=l78>vY}P{764eHZ&Dunf&0JH|4;%vBk#{H+ zQr*Y(w%%!Nkgy@L0(lf>{j;(m@9f}e?vJ&W1J2JocFRL=CDMl~y`yflx3_`2#VQLe zS8oLM{GZb(`d3sp846Vx4dwS}d3!3e{NBDLxAwL-@nRO}ju>AGwF;(ng16vAAk3E} zim5h$Am$6eK>R|9E900cc5g;fSYs_9HuDs)M)hzXnF77Oe?6C>_^bm%=E- zdcRWH&jv{Im11-!O5~;tl-8!V2Ui)AneeZ zFgmwK15*8SzI8nY+&M#Q^_p7?yZJqhpAYoLCM!gQHA00a>o;B9QBJO^azPH%O7Gf7 zVsnpoj8y)LAXw{2{J$N#TEhF7MZQNA!o8p6((FaS6LY<{LP{2kBl`O$3&$GD?#2e4 z5t2b+Ax=-DOfi0DZr1lZ_mv1EQ`KxCAF=5q?V}t1WU0+3gJ(qD=*OjD!$~ak5DHlvIPQd=ievq+tO>Y=pxc0~*l$mIn-U`~DVYr0Jin zwN0%ogv;t{8c9;N`pVoCGDL=HxyXb^Kv2&23Z ziHY)OIu{B}fy&jUQ3OnJ1Y4`Y8M?2%RXdH4u)k5 zV>BFcnCZn?YC;y#{UEyF@LH1bK-$2MNP!n(4k)zEjKY7U8M@1X^fi$XDVThAQrdDUqMMoP2G2G!m9_%7NPH27@SA&h_eI* zPvZ!r{v_mD9yo%RvP4g*LSBsxTxd6V^D8W;a@A$SgkJoCvC(`Q)@?1IB^pE%vc*V% zE-VZAMl=(L@mVV#z|9jEIP@>ca}9>8kn=cj8&Z}|OD0Pu9YgZPzH!c=h9&n-ae;nCaV zZQ}Y{i~qdx#bU=}(KCC|1I8s8Nh5g;l4)Lfp0Z*PYY2_Wa}e5~cXxy;eDrXT4x9xR zO|&u25ft*FW1q-mApc^0JB9>cBDp*@BM*%#QNwjy2GH3%PK>hIGl@uNjC7+A`_ zr(Ju|Nu*q1-NtoYSqWaT1&`FJ_yFz;<(T(2X=y{{R(oUTJA5E^(R<%vd!X5v`|lmA z7-0a)`aVhr#&Ht=k8B~*b`WLpd5EsNxr}0k?1u0#5(@JHf1 zCwL+jU#&w{mKWSNbXp_*H8W5uy&xIz(RN*M^_7HY8c#+k;Sweu#593e`EST;Y4P8m`T9r z-{WMEUgT@Gn*p{?$L+g!6!Ajo4n}v!(3_QRnsH`w99}j12ZE^igQ81z;N4iW;l;u zG#7%{9$*KvES$09y;-Ryzm7uOdHMj&5@GHS^tV?}X--^HPu>HGouvJAC>!0uu^t~E zBUAM@`S3QuVBxoTJR;@!JWuYhSfvXYZRQL9km z)2Ik6Z3f)~nh|Kkz}R>@v!-v~5=VDyQ-z$^6!y5Jh1qFal%G!05#05C{Zg)D6-38* zel_?3yPb1bAh?L$p4_ zvy|f$SC5Vrxg&i82ZwnbG|4)BEKRzq>93@D8X_-c)<+!r zyT}_!v?VMCT9H#UQdfrz7MLY3I-u?Lqns?HkM1Z=Kq!Ixk$ZzbTULyJI z-&o!i#%Z2}ec3AgCx^f~7mSfpbjs<(1lN^9M{3A`oygw;q@W>%p2f2$Rr6ePR}(4i zYH3e-KI{q`sAe)ixdHjrvxs1uo)yE0d}=<)qHsh3SQ4n_c1cM`%lm|znENu!EeQgE zGbL+f16@B4vvvAr-65r={Rn}_2W9@$JOuTIskmWW6$4tqx~j{APi2Yq??~u4DBl0T?DROOf?*ifc=F3P+%r7J_dc4 znv>6YES!`s4R@W%C28Vc;uYgk+ua+&KX5N)V3y#gcAAHvip!F_WiKiq2Z0_GhqK(y z1F-H%{GM;gY&ym~kAv~MQyCQ>D6waa!#E4@CEm+QVm+n@triiu7ILQ;s@rNALA(`` za)^ul;f<7#N2`Ub1fLF0(7>#aS(s@lyezU*nyoE0MdFr1xH~7&Sg_y_q>YJ0*D?PL z(-%2wgvm$&@qoDGF|rr^vuW~9k zM#IAgIWB=G>A{g{%36|O)<}C4r9A{T9v9av6EEqtXAERz zD7%fB(<1zvaSAQV%zTQbj(k5!Y|g5-9Ob&3$q@+0V?z7$uT!hdARPf#{$%8*R? z74hh$P-MmoY6N3=p~_}p#TL6AHNjLkDE_i`NZPss$D3feL9=^#cbXud*R^x%;@}^r z7A3T@FJPn)H*wSO^0=(ya_#NZ-FCC6m!?8B_Z?cuZ}On4BioP$VI~w1e!7(Zhq%Zv zqw7&e6VO^IQTp1?xds@SuKz_pE57| zuD1@to`;rz4h>9@gZ-^7xzCi;sGDO}qoY+E?e8HRWLO}25hT-5kF$P@Y${zTbWY!Z!8ZAl`<}($MPUfCS zXBrc`rYj>!YL8Gdv|EaQF6u@Re1hn6v?Z33B#2Fbg|V6J^NB!I!nn7NgvxM8p6-<_ zZj_7$4b255|4;%X8a5x)VanZMvK$o}Axtw2ZFP95LfmLf_`Ovj!rGWZH3M{uN+P;a z2XRi}vj}0D#T}t|x&BsJGvl1W#VPUd_TQaAm0q6aQ)N8LRIa$yoYIL=eZh7+jtVNo zcVRY)`^U}TcsT9H11{7s3Nb59|J^Zmh9W(1#mOY^Xa*a3l`&>s0iewI0EHc-)82%G z2~jkm#;9DP1Pw6Y&?JOnvBo+<_??U>-oC$w;|WKDy&W14m4!Nnfu5c4_{PZKjQht0 zYEC3v;^UF{0E)O8UXg|4+>wHFyqwRtXesBhI1RG_<(o%39-k(ZNsgADv%Gb*>WC7~ z(2a!gkG{2qN}4iSQ&f&Js<-4S5Z&}K(n+2hQLbYnj>-d?nGP0YOi`ijOffEqv`I{1 zVBFv^7Dz|q0Y!szdmar0T!%0BV-4n*SZO8*gQmu&0Qf3~b0j5QNKOluU z^wwq^X3zu&yEiN1_1hG{GwX%7w6Gj#zMe<|NA|T>x=tS>n`nnpPaKx*_ zP`)Q@^aC=pF9`PkM~N~BD{CF*1ACizF?Or}q7Sin6WZ5+!YF&&s#vN9(RrIcYNy#L z{MlQ@FU^q;h#OB2zQs!})8GAhg!_Y+OF|@i^?zC+o6} zg_)v?^v&up?=g?YcZR>)YV3cT{%y)b2gbN(h>p@UYI4GrGLbS`RB--G{xSW>)SiUe zHkd+t7*3P^88B<@B$}+_moguF1B=*uRJE`4J&t_!(fy6R`#*1PswYBJSM@(FY@u&d zkr{!e?OEq~#RdCAl(J7LV78_F=>RxL)xcOH zxkTFqAEtOj%o6=~%uf7?F2||ZL*?uQJ-{iWY;+U4MzpgW{BK5G_C>rR;gBwwU#1yd z)N#VePpOnNF+eK*-WsB7JXD?$7xBBe%^ODd$o_cp(o9+VMa=(fZ7F8oPwFU%Vak`< zVeemA>^d@SlpO-D_-OI-UAGXO5mCMd6pkrOLYgV(O?euG@51119fwFMR8W2ELIw!>}gu9Sg%M^(0(4<{4z9F^^ zkG*;w`?jC(SeBoCC3Oyr0|d(V(j{A(Wlgdnj&z z+U%9WhnqG>cV+%(=k8romEj4p z;1MUbd5x|m4IP7!Kg4*4cAOqH&`L2$JB2rEYwQR8C>_s$2%Jq2_SVM6_n0VXw;4zV zlamQ1RcQtXNxv;e=4~P)9LRNvE3!{@Gu7CeIyL7O=5NIh-qz*a+xpsH-X_W?85s>0 zWL1n{MD^6U)Bqq|944v=?!!*GIwMpCD^hKq|f*Z3r+ zVaVU*>rW3JJ$Zikqy^(;YESwaZJQuV0Xjz#w=xVbNXc-TiEAd|MBG-akAzY`#r?KY0D?i{D-czwf_#wg3F}!IQ(_ z#jD`ai|3CIULU-84uAa;>_7jX;J*%@KW-{DiLd}TNQ`fcNds^gMa}?}(nM!-8-~g0 zloWEPM&zsA%2X91y&~gA$Zl+fIkh!CGtn@eKuPXeQf~_it~>EK&`4r&OcQ?4>c_NM z#TcHqNxfM&5rr6vR76|nlP;O<;KRa!z_25p2D}w?25f-GI`MP8^P$c%4t(W$q$$g~!CHXdD7io^ekXQ@5`~$3wdqDu~ zL&-dv%!^6#8uBH8+skfy3UyuJ9*E1!FC9kr&Hmi@PgSb(i|2pX-rl&)|L{3}?*8kv zgE!j8g81Lf?Lz*i-Mx+N+xXwl@pFT1YhQ1ytzZA^Hq!PcB5f%{pdDvhbHZ$EUX*Rk z3bL)$K0d^j^CKfCS2OXo@=#$_je~1tq_h<^E3&rsr2=bfwQne_)*b9e1=ZGSpDm=8 zF~Q9r`|uK*}`T&c0wi4ae@fDa&k_HZ0+AFLbg`>4~dWET`Y0dul?r*#}fIv zq0rdnB4g(U#x4^VTL_CK{>B8w)~uM=+UE(0t^NB%#0m?^l&JRE!eL8$x~XW`GT@&i z7`CjVPaF$d*5xM%g)QmkD~NGQdAe4D2!k z`Nl$EmzmNRh=5&YSf4EbcByUursH3inc=^C`0Fxj@NX6Uy40qB%HY>!2kT7?MA~}YhQVEYwd=DTWjBBY^zWi6-!bp3v4BO8v6Rzssp)d%LcX97R0pH z;C5w`+9!@@t)A8VVAk5zV_9p9LRo8bBUx)Dfvjekt{uc$y#P)GYhk{H09Jo`74fUZ zA%A4-YV`zE;A-s}ajT^WdQ`E6__Z6fT3Z~mT602HYi`79ah0wety;Z4cBpC}Aaj5RuTNL$KTNr~{D~q-?XSE{y z^va{Cq6G`XPOEz|F{ia+$Z28Xb0SU`EP)C(t$lN`re^J~9cWs+Zk(xEzi%eSwC3;d zHyL4Se9pd>_)<~kdC{e{PZC^;{=ioVEu|AuyG~rG3M;Lz{iXJ?L8Y}NV@hkat3{L| z`Tpp5(%Ln`NjaKS1(VipDwec%1EHj~`H`edvaS(ETDy7_={H=c@e}>r_%FFMZ@2>Z zHR^xg+qtd({aJqg{wur4P4;n}_|L7|{r@aKcmEY*_T~2<>wn+w|EK>|?Z4>mZv+pn zzW?{`ZQq{%&+=Qe{~McRIci5)@7jILkN@7-*xA`~_kU{>{&^e!{W*U7eUei;9g=Z6 zFUf3J7lG%8KRpN@vL*3PKX&*pj5GMtkM+OQe)tm_4*5042f)*s11-NQxCs3*tD!tT zc=hDbYxxvJWcU*P^^hIB+vJZnNP|E4Z;-WT#^$j`-=eUg^yb z>UdPxTDpv5T<}w{8FYdTKHUz`LvdnT2BdL#a{+$ob^CYuEjs^O8>n5>p77Tq0gKN6 z?w)`DZ*TAJ+@Al>@uP$JQhaGUo!>a(@+E7mTTkQiV|u0Fq7q7Ab!eh3Bt~la?o^%e1#$lL1N#c?EZLujq?I{9yTEd0;hn1MEcWtK%mYo&Vj9l6aUaQh^2Me{XNs zzyEi3clK`2|L6FvuX~XVDjdZ342>{WicPv5aa&mnFhDD>70+;|v(Le9trrr!_W_T< zlx-u+9HK&aU>oDYW@?#7G`XzpUV1hLt<4~5q z3+IG;!mW*diP0)t-4ff)D~~g|M#Lnir3q<);k%jgxVCy`JMiJbUw=D%wOJKmiS0i+ z$P$5EAL&rwGW=kgU=${XSm$kKC#0AVbSZjId%LOy2#M7X)#DknhfX4?9Vx@kSOyIEcsniJzY zcj9I7w!vNH*YfDa^Ir~LJ=;fTmb)CSBXpm=fG7nF(3f>?*wXGe=q5xIsjyH%|5eO_Fdt%+&;E3ldtcnT3X61ovOL;tOQC#-&bGP7qF0H{L`5!avwUN*K2n*nR z`G0$BcYE8{|8L#9wf}vV-%9W_LQxR7<(v{3a@r%1?#b~#H?bHa5*gdUGhrF>XdGst z=BoSY5F_wwE0|Rv9t40?B>2#sol_#^F!)!Lr7Gf|;slWhqI-4HvR*MC#c3pJn8Yo5 z9A}-NXe_W2g%M3yp_~@XTyX#~J6)!ym?pROG(9CibUDC7H#-cR;sZ|cj*{DIMstM~19*JZ2s`Yy*ICWrvqR38#)F&YFu1r^9Ng{(!K*aGXk5sl|CxuY%#>0;=-%@ zmdFF#+8M_g;UHnRL6R8+p$*YHIlo(^9b6-tx$9iGK>;@)#%CxxZ0ckqGIj zbk?E2Rc{ZAZMHYJ?&B<9nGhskUBmI1l4TsagBk#Cfy9BcIY=BXqe)2wNb)74DHDbf zy2j&*oKiwhL~V)3PytmdN&@4RWfZnU*kB`vKrh(e+vGB9W3XU2ZVjSd7L7a9Uk4*J zM==T)ciX4`3MAMt_zS;PW9!P}6%}>2&syDFKu&v81CpaC1!^8hRAm9AJYG>To*qc( z@jM-xQNkZ318u=$m^2*F|J&Y|x3_I1dGFu+6c}kHByC=jEjz=E<5hele%7(|SoX}m zD=A!%fFz7bfFVdrw59p%Z~dyO8x0WDVL5UpOYDv#HX40Ych}W*l#H0(Wh4H(saWV| zFh4qhj~Rb0KeD0AZ)&92x_uGF>^cxmX*tzJQBQg1W`GEq>J%>?QV=doAMoO5{%q&jO9QeY4_HCw*4-Vze}_@2G|y-$AK?QSQUoPFs@Bmx zbJV1RIPhm2m7$s%r2ri%kS*XP&=x}hTi#E}Nytv!#K_xoY@{-dA{dA>5?VY4C*7ci zoEGtF`7;4rFC}ij#sV@{~v>+^dI&CrX;rWLH8f>?0=$P=|qY1~<9dp2*Vc*A#+mkPK!BDVqhZQnFO%_TI%Z3}SkT;&&<;yV&8K zF=g*PW;Nzx$jXtD-V4QZM;5l%Hw`AR^4PEp;TANLe63KJM>i`y`A^A*vQCd^WBk^QT$4RWaZ>w`p zG>qWX4iB*(aK5`8r)gH~8=lA0G!d9OZgkA{M_hp{db;HpYAp_cLW}6)5QWE6iA&0! zm&Wm3Q%lTZ>!=$TPq;CwylS$mgAfEI07vQl!)H&et_jC0id9i~V)1AlPn18ifryBK z3{RDz$t0YNn`Uea<|n`)Yl5{I4A@$A$M?~j;8fwl07DW^63BO|@n8@vz-X?yzgFeh z>04Tb<77yXxUV~7EHjk-&*#f0ToAF!&}iY+TQv*_lgx-j##83a5!IK*9R}1AfelRy zH|xyO6Wq)&4msJ5XPoPe%kh7~8tch`vnmHKgLqcBQX|Bkp= z6E(#7%)&RiXcUMcHa8PSV(~|2nCTb@O8g27MA)()0{O8z>Je-fB;0vj zhw6^8xxs_niH^b~CftM}2!3QrF$s?tab{sL2rV)N>^omO^C{72 z%n5Uz0a8%G!PbujnHgqQmd}`FtP6UTqot`eXjpDb?3GLthRSHddOM8W7@j=xYQLPd z?mTYSYcGHj&(x?Rt?iSjcDCQ@f83;hhaX2i{pa*!{qfn0_>BbCJ1hK`z8D{!?TTmN z^6xb)-x;Ie{Z`O#w(fA{C*Y9dY1-WTrG0Q`c?0A3N5E5DOWscgg@X2on2)CR#N}si z!S9INeM$R2Ki%4W_w(-A?oZnr{70?E7q4ghZ*v$P`Ga|#zK`O_HbD4(in261sz0uu zsW3wgr_(dA%r&0w*(j(}FQXyV^wR--_dc9cmsU%--Tej4oUdE!ehg+qP}nw$0PFZQHhO+s0|T z`?S9K@4d;q&D@unhe>AbhgFr-uBx?@T`4uw1;;nEAaE7@dE-6{7Pg)I z6?f`*?Oo0JkL;a0`rc(L{%wH%=MKCo4kUdLJ| zynft@Hx+RQonO%03E1rx1uZJ$9(B9tu%%|gNor!{{?ww}rT`0?`i|9=l*T7IjT8E! zu-`x^*(7YgPG}m1^t`ukA6`k^Zl5Y$oB%Im2y**bIE;$7w%t;~$3C*F^kOHxHVYU7!jc`I`cd*i&B(DgzgkEllMt~%KBse`k_CYrho%uyI|>Fb&I1X%!C=DcUHg>-5#1$;Y_8r_n)8>#|uu(0J^JU!BOg5Eith{S9lGdgaASLs~_iy z74eHjH5Ydt=2{u}R^F@RVgy(ha!?OPQXNuE=r}P9QJ0)$5`XBnT-XAYc(_ za5fbDw%T5-Rb*UYYA2qlWi=Na>Wz(g-8m+JxW`?K1 zd0%3C{~E~Q*GUe0`(Y12Lg|EkpOJBNX5g7P{SUyRuEcjIPQDD7@4tHNFiS^YR*wa%DR(Icrub6}iDeN+}IccPd} z0_}~;T|{cE*z!zjt~PM7S4%%E3LE&~lgPiA4%1}E8*f065TMt>^jX|6tQ;*yXm|2+ z&3v`6++{gbMqCMJ#Qp_-FZA{g7x3V$n(#@B@?D4?@&K!hMntcg-`3piSZ1@~OJu_b zwjS>VTw&vsdnUBLRH zpk4Wr;D@B&H_Hy{OB#);?2P3s_l`_iK0P<7oT;PV0l|7ha)nM=)e2DobuW;|vIAKL`q#$~SIke?v83g|rtM8v5$adECSvnMJ7N${h+AP|Dzk|B{B&N< zfpRc+y3%^Il{_z7_cHz+*3)-l$4iQ;UKLC;8%~f;NH%be#;31=orz2W$|9a(>JHW_ zU1B^`7`^`d<J<31u2mZrAELCklUsB?2tYr(L0%ReW}w;0!*e9l<>B9vrMl80}X8D@TnXA57m z7NWqt{eH`IWQAGgDO*>n7x*b}>;N3GytCW2-BGv6WZZ0c%X6K={IG;NU z@axgf>@N9`iY!_S(&ENy`Q!Vp!uBkH!Lo|F_`x^KVbOg^I2v*lLsz51oBR@ zgNHMfc}eD8G>DW)*67DP0z>#S`ZzKtz95?H8>H02dvQLDOL^kY%wkByJJ4by8YYpR zpjR8$bPUw}uVfvOMj{3R`O%+AEfW@R)@rl$x8SW~=j`tzZ5PS@_SUL2{A2JeMAwga zbM9y3Y&kNU{YX+6P|Xfx1}sKv?Sk(Q5?GHdrM6!!IeI+{#60K-cdi)ITJj4Apa|OW zvso>gq)axrXz4nhmk@&qo*Ws+NiW5&G4Emfo1);vQ0Ea0XCpp5ew|vjolp9U{SCJG zj_7v09on{D8?(rG|CguNOxcoxlFBLzU$GZh*T!=l|MiFnzX?jV-`5>Wea8&a2!({W zJR(QEV*kjX+x8TKFPWWxE_t-3k-?R@kps(c1^8W%5%}r*OOOvX!o{)FaKOJ=FI%xc zq9P;&C{rOlvf(3AZnYriNt&t=tRXF!Y}dbH5duC zMJyS>G15CR)i5NaVr-7(AygrST�iE^W~28sMs5+sQ%64p!DAetQYmx#M6uw|D0b zjfl%2L~K_yZO5+*w@zQM=C;5zaBEw1Pz|}wPgg~yG$serN0;jv1lx@;8_$eUac6M5&l=(_I4Trk0>>38}3KshVSZIM9U@N!Y5n z;teXn+`hK)L_}3W)1B)bA*}0T!9j~0W-=Z2DZ!Zj-v3cBiGqAryE(-HW2C{ zv2pAp4bIkW%n?~%e+%Tkn~31Fpv(BH^ml^086tS|r^)Gd{8+BlncK0dH`x@lk!S*pYgGZv zL-;JP^^6GOXSGz+uHl#_6ntK_PfaOcS}hkmk;u9ng#A5t&Y^YzEV-8SA~NSpO9Zr) z?DthSxvTa{cdSds!LjzqQ7ojQSW8w z#m`&&s+f*Ssv}GS*#t9@V>Gz9O7a@9z8X5CpsUda@^?V=O-J*OI`tqjnJkVhEttDJEClL%R{%VX z5x25BW4#h#mQ`3facQd+qwA*fOlV`n7bM=gZe5QaaQV}VCuWBmkAbi`aKNW_t59y8exwphaw21D4B?0Hq~M^@_WY!Ptlk_nu- z=+tUUL55aY#gD2&f^1K35i_e2r~LKN9cU2}l+B;{222+NkmeBUPY}GUzX#%q0SD`S z^Xt=qdyf3(MnrORd*$qRuKb87QWL#z0a63aD8iS43GaU;{4>V`mev6}oRQzO3*;98 zCr3YV!~gF2{5qon-n0o&li4s3`2l+jW|cDOq**Y{bA=#nIxOBfd2t9TeSB1kufsI$ zxE4Oz?+&@w=6gLh?U-;M+0cfg8^`C|hU0CGgGYXsl3;D>zg_-^ z9uv=09x1qp@IT4#9wag7jNE{khk)`-z}zF?XI=ss;OItB`!S&FT^|Z)nQI&d(0&7W zhX9>nw1sZ#b|emqbT|-Wo*ee~!?0UFVJ7mfdUWn8pqK`Ih!-*BHgWAr4A{G{XIvKM ztub*tBgdf@DV0hfIn_`bV~f#U*1F_*z3>x67v1C@+ivknYvfd0T>V6^x`n=20C6*V z$g3C{9@-rBoqW0Pu2+VVqO;HQz7{TSUEcU`2lp1BElgiW>wU%WT&rVlGOgdQLF?c% zoyxm-Q2{d_)i7Fd`Lx?z|Cj)sbb37S#eZjqMYzqIVX9-&!hg=XjCTxb+8y>{`kmc@ z-(s$W|17<%>My_Z+%{fbMuMWjV_Erio;g4Ofx8Eatf;kQJDD|y_^{#;T&3aqFJKmp z4_ol4ns*aGE!lz<`22V$q^}SaJWq55T{z9Udw@~OMa20d`CRpz&iOYpiHw`khP|<7 z$xqlgN6o?rFpzJFi>S^kL{0LTwm==SdR%Q-h-oZndQU$KoG4NZPP71|c%5eZzBXJH{0qspFZ` zPO6ggyvGs>+Q4SL#l*VUh`sSQ0Iyf&IkzAZyXL$V^?FCG_B{OPC^fFD6L^r+OqTyG zRhE|G+E?A=_{!bh+cJApAG*CGeD1(b!dW$#U2SI|HEsZ34Kqil#Dh!6$?a0z8W1~E z(a!}2oY`a_0QSa7xPpcxKnD+t6}OfXOY80PT?MaQsQDsIi=de6NpDWBL+6?biA(3W z_Q%>VVE=;ep04^RS%U2Fi2PuO%4bHxWZ!UGC7Z;5?IReNo4u92#U$V>heNLHh>2d8 zhR2b=s{Wu@VrKJ%7rRa3#0tv>ZBKIg7X5R$;xdW@-Vv`YHw`^tm;%ywj}4mwa(^r9 zo$^OTm1QwvU>*tgZ&HMU@4q4Uf8`77U0;*Bq;M~2vmeF_O@8sx6STdp( zs+d+w9~i>P?sLRc8&BcZHvL48!q6EF0m~3?JdhXkcio-O(7mh58n?}H+E1G_+BI#p zL*r{W4H+E-+4kyBX15lQ{?fEyiVGv&%;iv_j4_*a=$Wmh(Kh^~Lh5;LW$J&Da!0`~ zuE3aUx`3de#~pxocGZT8rtcAd$xKR;vJsR;r7<=}s0^KadN2bO6g)@l;UEFUiY{J5 ze$?7DJ>-%_lnris=Kf-Cb?C|0U6qGT8)0dP9Dg!KbvT}?X-Tr8ffX{!W~)&K`g(tk zh1-tY_kd13UUgowrsvsL9*&7UAXS(4RJqvJG^0AccU!Bm7+8Zfw@D?^sDc{x+$wq{ z6w@Ho$5En}Y69%0K1BX83UvQFTL{pj0UWgtcmWgzHJ=Xb`7|>Chke?KKRgG&5E+8% z{_6VB0hq7>>KMP(fc0U*7C&n){pqb>)WH2#lU@93?qH=lH5SC-v!SCb5Gq=wk9`*~ z*t2OYzTIsVXPYE)=U~}wF=!b_ILTz$LZv!7Co=FqWD9XzsaiMgQ8=J1U_*U+@35nr z(*a9Hz!p40#!M=vFm`t?V$Az(!NJLMef635%7S`7fjuAFm$t9F57ZR^iR>SgRe;M^ zLY?pX^UHs;eq>Jl_u#+TCjZ!1^hUpuCGJ!&nNp*gav&&k-Fh9%jxlHAkxVMP{ZhsGsDSJ zv+vU9Mw(^U$%vonDd>}K8E>1;sqSF}^=8d)g11NmVa3&Oms>)27>k*xgJH3M!N#+L zJm$7IRt*VCHq2iG9S&ErZ@D)$i%omx5PRI@I4&wIFrdGfQzgQ*RqvR!<*QO=a@SnZ ze@)k9Yg(LFa{|;ZXLvbR{2VZ4{}TA_lit7tiw<2xfZEE6sr!N^MhFRS8T!Gpe<|n6 z4HK+qs&WVC=!f>sTsw0a9ltc5`f3_JqJ+(!F;SIorR>1xTw@~RKM^b_IDm8J9FX`m z-vrMXt>*TmX%U;Qbrk#62>8E^#N2B3T{s#H_s#P%rT=n8^Me0#JOdX|nBok>H-2T&wtW)vl$TyvUS zHp!9Zp>uD7;GC`bf&h$L za4{N0@0!_z=$Zq^R}E8Z4ZLRMrF5DFK*Po9xYQ z1%_cBjvj+2Xq3;~r#*|waxXBXn^$y@R~NA*t$lWEhPW94^C=YooMTIun%{x%@%wHyth?ujVHnGgfOz!1DmuJA|9C+T-B+r`AoLleFc$}enw(JBd_ej;nN0mH)v#B`HE7eU>xf_09?<9uDH!De0}Vh?iwmc9 z4MZJIo7?a`RZx)g97cs5!{CcCZpfh3dr6uf;P|sVwmhqebCsU^L{!q()mHhZpTjtK zHG>+G4%J;dDmbW!bdXGlOUVP0fr!&W#P$r-z9B&8+-q;!`(uiu zD6Nbj;sVY@M$o(0Bkk^nX7*1{^U;CjmRP_*-v^=-vCa#?r}GKWopvGf4WRiQi3R}h zp8(Z|Cj7+1^Q>)60uQ^P8h?ji@f&>K+~x5O@DsdGDiN+M>R;AdgDAEQ0b&4)8~7!K zFYg%pW1mgm1lzTf_f3BFk$NpfCM)2jL_)uZZ27MyHoAa<71-lHf|>K7-A#~*_(tbu zE@kWHYz~Bbj=Zwn&<&ebs=@B%ek$2~)snlZu@B#@kcD{FuciyG<=W0}R>>~!Oow%VVI5-~?^5F>M zB&A_93Ro;N)-ZG!_*9mIAMSj2z%=2G-nR#Q%+kNjm&tP|Ej>yL^T4CnaFLtw)U~~z zc=WM9P4rs3)gbW+47YcURfXBy8us=8%sH_W2&Slzh0J^Y?ecc&I&Sa-6&E1=y~-YJ z50yHx_RV3sL)Mk=jVxHqiu_m?S${j(9}kKxd0ilje)cUNqaKD_@59i3h6*CB3YDNA z>K-OL>I+>Qb0L=HGt7TrVYzX=o=z0w*^aK*8P9Y&K>226!lt?wpY;{*WW3ILmxz>TjWkuq*kGk*Y?^G}yCCfkUd|ndYpySlV+~E#R zQo(#4rVFGMoXN3cBIqtP{o-CHu#D&6zTWq+ERq#+7*EJkz1V~5Pt!-A9to74_3h4i>=DM4|PGN)6FVU3UHzx$r=jyna3+WOr_ ziBt!9yoHvb#rG{lisQCwP4fty3ce0aCFnROBF>R2SENXht%F~QoHPrmUfy5Q{qw3h+h}dabwh=y2^ici=ux$*&-QWRF2FU{a zzCX)5<*h6M^8IVQsJ~pn8pJ~TUT5>ZViEu)%;zvz8-vZGM8&B^}qjJ`ZsG>>?IPuXn_R|f$3*mTZAa#o@Y zFK5a*IXcDW3C)ap@#bUo6jy9gXY8C^B`WH>NV4CW)c}LsQ7`;C9z)!$g}Iiqe7lVC zhEdJS2o$;AzYWul_9zp166sGhi-i{5$|#7lSoqy90tL@ zE7bYracE1ji4=Seh+(uWo@*aL$9i) zG&#fCD`F-N3{8GdiL_uT4J&+wky3(lxTRP|ixlI#j}=Eez_7C=Uoy%P?!U}V8nh|{ z+JOXX+hxGapOe1!`1+p7#9A1OC)`hWi|^1lMr0?nBfn>P?wx=k0fu!)I&0si-6cC2wj$bBIPXTS7K5pSFoOf~ zs@c7wK^seinaS4qfYP^Xmx%0|_U^-O)x#b9i*k$L+^)U5mcNBN=ukqMua(t0Ht~f$ zH^BvMI_C03ucn`s+ou^jypBD4gd@~ZA8G^tzz~RA9!qR0x;>8c22wu~hpvtr8N=GN zP`<<;^C8;&TO0pjVi|~I89Xxk@ijJ{onh8+e}5m#GDZ}|oM`!o;h58(T`?p8*CE!L zom`#4r;WQa)O2E9b-U@ME7J490x=}4wG#2^;~v5a^>fp~W+yyh?VGy~5ID)gi`Pf9 z^apN5y6VOpGltRN=_`d(hl2l*^hX!qdfEWboRYBhYzMKhX2HT4)%Tj6oipK4yHv?1 zhfqFCu!I@N)|u7!W%ZXTIGMXYOZq&$3A%YC$#a|;Miz`s9{=0sAz7jXFM> z=_DcCu?IbNWiR==jN8YTJgz}r8>IN9DbI+NHzI6F<3b)I8pmfrVIDikBO@u4GI0*N zeVJCno$7bayGQ7bwAY&BNHHJ}TE3(Gd{s-IrBQ&up1(9e%Cn0?Zi6JoqeY%x6T5m< zW{(q|QM$*#9c!#*rMe0{$?MJ?kuurYAK|Oq+6zp2CVUC-CVc;=f)pOJ<-gHL1*V?7 z_hxsDy5g)6cb#On===1!_PoD>=}5Gf?!~39%U1eOBIogb`?kQ_?t)F-zUCUb*E<&( z<^Tf>lN3TQ{+@|78o(d0ywz*TO@IR?og)b)^jBToDwqeQHA0mZ>)>Ct@2lt`GdG!i zR+rb5;m~P#)$LBWOP*|NI4xokS74aJMqkA_17BOl5hbytV4wvm1~ee&LiSfvV08hY zicaAxD3v@5+QJyEw1$k9nfR*c!M-4iUD?+CKF8@H@c9Y_%v%5U_`a`Oy%U{++K^=l zeM7Mz3MR@JY`^ffGI_fWO1Uj$fo&QJ`L|-d4FSw85+^&ryTMgy;XVyT69`{ZJ5$+` zpZ2UzCLTUGiTCjNZ9E+q4b*DO3ofB=Jh}o7kI>!xMaQzv72I{^Ur% z8)yIg-M;d#NhQ|8yjT90?Ll5ZhenrGecxr{#JIvweOKf!Y99e&N8Vo9*etMy#=1T9v0Y=DID(}kM4Uv$DPUTO=kIh@F! zkoYs*vF*bn6R^Ma=S!8F&%VFgDsxCpL(N|JkU+OM`}*a!Y0M{ELVlI z2xQFyg-5T2ol+3ZXt`NRQ-)hR&z!_N44UrNSLzHb+y%c z;tkziJ;9<6Iir9o$yXeRawDOTmtoJHnf&H5>LS6giAo_dY)p-cm>Dtgf0_b|D&j3Ve z0oMjv6o3Z508N;{9BLr4i4vl@W<2u=X&!qsM=*N{g*}!WKj+U+=X1qiO3?rdaant| zP^O6R_v-Ee;(=`pJe%M-sIb;Vcl zoY)7$fzUIt3evMMLbDD#i+93#BTHf$4Kzs19UU1(^eWuFQ0=@W6wmE(gXtHvS07CS zAfIpa-Gl!)RHy*&R$UrY1nbo=MKpSH;g3AiO0dr1^7DD7_gL94Klo$C8^0K0NA?IK zQV?P}DPjMs;BR~da+Um3O^R>fc7HB<)buSBNEyFoHdscIdgtWh)(@hLiM<_!Teh0vOg)p|Dae zV0VH+Gp1-2;Gpsv)Bmx(Y5%JCcKUZfP@Q}PQy$n0`e$IkJ%IT4{Rfiv zGk|u%<>#P%4;J$b==)j*yi)~uUktpGwSWKm}SZ%-N{S05l*Jd(9I>4G)N2tq%=~sFRx`|yW6vK9gp1CTKBuwZSg~lrkFtC zd5@G4r#c{*Hh#4ejx5x(L<^!z@_REIIw**Y>OrT0pcMjarb;kYARGl(oJYX022Zbz z^A?=A=aMS(uKv3#$g<$$-}?=Of8Tx5b(v&yS?=hRog7pHX6yl>en6NtrUYq$!XX=8 z#Rg!PYn0NNkw0Iac-Ma%i_Bbso2Kh9hhW0GqMmzRyq&ROGt^*j!DMvms;dg8K@j|) zR610X{9Dm+S7gD2i3g5SQvht;I)U;Yypo#`3i`|9|fUd|UuP`Git1fry}h{(t#_;$UMV`X9{6!Tvv)iRFL!{}~*dOss4~ z%q*O&oa`*j9Gt8~Ow62Y9PB_uO#ctm{@=pg^*^2ewPN<4VeRmL9rs_Dg~k6(p8qL^ ziRl02|Brw$1`5bG)^h9F$;m=#cC3_A#*~e%m_P*Q`)8K65k&Y3|R5PDM zyIF~FI-c~o6w88R!1bj=+bQZS(^P$1&XA3}rs3L}`hVw^sMBF6K=~hI!EKcq4es@I z@Gr-QW0}Uqz!UP?_W1UvPnq(b7HZnn_NUG(qsh-RJGD22vR&9B8t$LY-w(gUx|J*- z$v08JPYRzsKR`q9SB~qU@n6Hx_r^x`>)5y8M9ORc@8xShbW%#XysC z4gEQQo51z=Cn4m)H8C(^1@Jl@{42QdUpSin*4QMp<1VHCcYycoH)pkN+W$%f_$hpk z*aU1?0U8?q$MyV|Z(V1+?mFQczACPV$k%~GK*3+>1;ATR-AG5zm!zXC|JUEEz(=dq z>yz^V4SicXxFx{&r=i%{-)yGe|1<;0fu9-L$uXeffVy_K(r}~Vuem{f5lAL5oQe22 zqs70bpL!I?eA3|w{g1S6X`N3(lW;#sE+apti7R0`WV&{jlRLF()oaS4wd#kyF=!tE zS27HmXubk)br;Ieuz?|1!D-_T34x?cJNHl+io5C8U5|ZGdF?x%g)iy$F?}15$C?YT zket)2JU&XiETFiHzi^gGe?R38E^l|jmW3HqTDT&%K_%BTz zKTMs@MF|+EFQk{zAo+Z9ZvIWC%V#1pHy}0_@A@JjqiNg;1d+@-U#ty+LLDR*&QFc6?JJ%ssnYU( zGAL$8eIaZ@Bo-hwIPsYvVh3JjvmvB?1MdC@dK?=ud~l`Xu*mvdfp&1Dt-okH1ac;| z&M)Fs68?IO8nk2EG3b}aDs2Yn;?BoFJjSkk6Hhssfee99i-{jH6xKJ(h1J$dK-Y1; z5w6Uas)jYTT=Psii&|Joy0kAxwy8jsWI)xnV1v!}V2KW3wJd&;q2Q&VufU`UD@EZ* z(?g1bjC3*~dUcT)aImXZk}iSP5J=c0*W1EqBe50!74T&lko{jXgPEuYSHKwm;!RnN z8y!G4!ZpA*gVIV%3>Mpaf89H_Zas}VcQ%g4pCF)R>@S(Cd+9Vzof_(3?U)kLM0WX* zQLhSboCq+xabq+twKkH32~ir+L2tT;)eImAl)nEU>g?V6aIx(`;RvFWeFQ_%V?p7; zSGE9Q=_&={ma&6-iONqAD`CyJ28bgmp9;6^&G$ilvQ-e*li<9kyPEHH3PX`AoG+`lbsrUh#lqr-7w@>F~JzsRK`fs^LFCrOPg#Y%3+4DPce_`2;f9Z-V5i`?>nI zj@RRNAtbeurvPL|l~kdHTXz%+KASHl5bBK`SV@c*xv-%nimSbg$f@Te_RKl!w z8^6Wr*!2*LFy$0GQw0sB7&2d5%Mr3iW9NWV>uiOj^6$9C`oxChS*Lh5^07L%@`;^ z)Odi))4Y;R+Z!U9@mupPK4$EG0MGd=n}XIF-1kGvBDVX;d&*izbUcJWn zg=d2flH`L(tSdN|`1z9CV1(NJ=@QPyA3IV8jZ6)MO7< zTY-TtqXRP+&ao3$F?BNqZZ5^2iAVojYyJ5m@L=t+X{EITgMzVDFG|*W zGp5gM8xrWq9^O$yeeuz-oimXU-8n$IutS5gGliKjV~oNtnFook2A_jpCzFTZ^HHu< zkL34OM(u`}u~G|$>25Tjgx8@|@-hX5A-tx*_GM~p?1b&$r;V2LCNrE<9l{LG6eNab zAeyVhVc#Y_N8K)PB*gzws%_Au#gy&|$`79$MwWOj8s8ymg}1BV9$I467y!Nk4<0u6 z*_JrRwyxf!1fGTHg+ne0x>#{ht}4=L)2Ox2tgGf+M@rqs_hrIxAS_Mnm~c!AW1`Ww zU1hcmR|92*yjA~LY|>+tv8khM)3B}5slmmZR5QMCrXN;8@JAxhG9p$$F<7@5!+6RZ z$}Iiib#weYb0IdcU*g~U|8X*PO>LhMHg=d&6cYPe446HMF| z=T0|p4f<${3X3c)A#BT@{CElH^c?t?&ARKmoC#O5lOG7VmJ%&UZ4Hr`$OeYC4ATat zrq_Y&YV_To>|eA`>ad1&WDS~>335Wx8gxjHujut6f=D8_a6T2eIy;NHwVpJMu^D&} zK{ztxOD|9w2E#lo|IF(npAybCPXplp6h)s z=@}adMAeb<%mFb%;9?fo3=CT$6rwb}_}@s-YtmB$e6>}n`Yey%0i>e5S|G}%F&>aJdnWtj_w!S z%oqdFBvVhj!C>PQ3N|D7E?Nv3$goj&s|}{9No9}fx31vU+FpX!8qC}xBu)%c7nO;) zY1UyDfs3JOXN}PomO|x@_wAEKeFd?H>XwO;G{y7<(MM$2Wn*qO$-e3_ATt21P5~9F z8M7nLVC;c*b<&b=0b`PF6`BtKj!ri(AxVBI9D0Rf>Opciv2|ehm?C4v6pe%>fa&7e z!)))~roo@Yl4Z#_AXU&Ym7JT_TK8guljp#nw_&t>jgfz3HHuvA(qan`8o;NA z>8>RuR__7PRb8RrWe*VCcQ_`Bv;wf0=e?-3$g`f(?0RjBH&&mp&> ztdqzuM)pn2%x*N~^CWo?&A{#C1=41>6((XFiYt|XJq?+pHgU?H!cGLOZ z8B$rbN_@oyHjd22eE6G^REx!5JDO_g@-Y7|$C z+q&zDN;zMp3aWZdb!~==Z6Dj{){TkAD{z3tdPjSZkWrIL!y{15$$plonl>qNTt*)K z7ywL*A6Ua*`>3|G%0wT;lz;;?yjV8+uf5iTWJNKs3UV|ybY(WMjp9l*aHrfVZ^qTCOXM(WL@^if6vNV^g~+wh!S;yRsLL~xXbKxc=(N`riYKHP zPYY%mW-LzS{;Lc=PXp)^0GVSFg$Tku{}YAMGHs9tB`1rBRL7MFOGsJN+dLNCmSR;P z(3gXiLn2*=Uf8nf{a5V>Izb;?@ix|@figzU*t&DgJ`>yLIf?6C&Wf(@{A1FkvS*&^7 zB)W~Dm%M~nn`mjbO2LM(c_!cXXp7638mII5Vp)dP(g5g^CSSt${;#(l9EhNZ*hu1}gEY zuWWPngBgx@q;4i2K0Et0Qw_{1Y&yJ^T4FshY0`GvsunN~2{TDHNUfME zL69DfnqZLO(gQB;_**$Ld}Y+_QKYO3Un|^cF}^08rnANcFk7PxKCkhv7+a!fUL`MC zt2&w0WF;@M{e_DJQbFLDn|idsC37vJOc$fQ$8&@?%bTHOge9eK!-4GUKI$6t)^80+ z^JL=B#^?C>@b5KuzA1*LNQEdQ88|Nz*MgTHS0OFSK5x= zLiM|##HP@YZg+8)8}6azs14h%h8kC%$WXS~@^0yolU+B|#;RTVhsyUDg30V!5Bl23^%!kPP zz^L4*-hAFEQ%f%g9pIm=e0&Qy%_11~+=(YNwru|_)u>j6OhuJSJ@}?~OwxgB_IsC6 zQ#yme)*47xFg3U2fk)ZSPf;+X-E`9_jVoUMdsAXk?mv7a|4mmIRDeXbY%N8WO@~?{ z+z}(e%>%q(u}FpIA*XPNFEbE+T32Y80*d?RK76P!fwHSxp;dk`L(ve29CLwH!1}Wx z*08_#dqe9ZKyW4{KfoX6rPN(+AFyEnhCq40)NQ-;D}S8Qcsrpb3&Vd`cOdy z5kM8avo25E-k6DFknMvi?HDRST+r6qd#HYa_1p&CNG2+`U3|^1Cfel}ebjrJ37seV zME=Pa+5{^8Racy{c~<%AsTEPTl7z?S$)FO;Rh{z4OTHf^D*8NoZKkPwv{RvA5kQZS z{BN`FLe!;Gci%LBM)^$7H)S~AL8D0Y2M-}rL$aK$gbJlB4&sWpI+#q+6oOEoRKPU=S9l8+SUVPvUXefcCKikNBdJ){-zvgIGT#eg5ILq5C67_UuI!2{@9*YlTJ@iu8@;9PYkt5Ei zl^>&^y2JvOssCowepqK(yLl#~T>6%rT-F~OfdPGmrV&GXQXRdnF# zR7|a>z_u^W;NIoa?}CB(r8Fpl;C^4bQhw%)fst`U_*$St?4malU>Hv*mgL=mk)cwT7XB0 zc0e#d|J(TGs@x7fEqx7fHU!O;$?8*v*cIUuGI2-xsj}G@;;)ETQ&hg<-|BN2!9a)7 zEIVj}8iTcGrVt$t?=UTWe%}P$(0FHZa<2i^b9dmB`Jib$N)+3;PyKFeDFRgWIQRzx z*K{0|Vkg(x8h$>e*6VPyp4}&M7SE*;%`H4hi1KFJB*ab2Cn`>FiRp#Y=(#!QRX(0c znIk)RLW3AAszyZW+m@<@?Y?(+HRgfU2-14wYOnH_Oq0|@ycW*|0ROdOc z1T{2@SV_g77zNx<^hbAS@}77qxGyj_X9-Jep86*F1v9N?)8!i)J$-ax2uSBDMG|H! zpSptPLq?WhGRr`<(aEH^(5k_83t{mFE>4vXp&$^tlDcEN^85@7t-h;M){1=(+bi^- zBYvmPWPq4pGuYT4*jF*bf{D)e)HdwgDm`GK-KQ+|!Vq1{%0`i<9;6-a$05!O=qlv{ zqefJH-P7B+Wvp7-rpZL8%8h;+{byOLBg5=vZKDEld5zeaB=k|1n8+FPQj|(~*U1hn zDVLJ0E|B0Wo|06{sv>nXIe}ursd=M9E4!@jDq?2F-~WSr(@Gv#g0t*|)u&ty^DtUn32%rZnYhQ;cH5J6JN zO7t##l3}*?sIwN0os1qzg(g$`D3|2&6Sj{-M-;f82hqrem|wpkv#xxcM2_W)gK-10 zDF*B*85RWn2BQ%x?6g7`(TuniLBsc-3Q}MUl{?mFq8Qv7Vi4r$;B&3haO^Jqf^Qr! z-%GH50{^*)heu+aVww13JoR?W#9=c6V_s%dJ@c`${{vk>qQAVZO=*K<3!OuwNJ;jQ z?6HetiwJ8!kb!vQO5Hl$-rFl$VJ`sgM>&ut7JccpCQqYiMKI}>osTN2LDU~d%Jj205f9^-tOCBt*@NGRe#qSxQVSgq@?asxKs0;e z-Pzf(w5lT<$5j;$+A+I(ku{$~WSlZ8w;3sqqJV`4dKn*U3aA1NH9QrF4DIhsC;>M#Xf zMZ}lw;juuWToiv11|y^eT9h#?pDWN|TCj#whq2Qi^jZ!Z>$^P?hspO8M~9E;u>_ri z)8drfVS88^Xa!ydA%|&zVMR(<(lK+WtK_L)p!V^wVPPzKgRF$n!$P&fbT#AKgAG2z z5M#^ew&$QDNVFpDklA(5j29-6fl5M40*Nd#3fCYEQC!uT)gr)^ABlw7p_cb>IAnz) z@N6D%jc~MWOJ^yw0j8=TgW$LfIxZ0-Xq1e!g>Y0m*o6s6x;9T%+axe$L5EZkayijl z(77FMWlT0@bfVN!O4v+5n?R~Ql2xKeI27V-Q}vjZD!CO~_t7elnn6gLHBcUk#nA#> z>7xRGqbq1YrpkGB%pH~YE2O5x2KP?Ifr5W5*gLtJF9w@M? z<@ORK@{C-#QZdH;Qp8!x6^iLlKLo=8thy|knJ={+RKolR4X4&fwcFl<+CRhbo5@i zUnRgv$An5njvCiPHw;vIFsVVBlA*e@)2nnv^AM^uN*jYu(KUvH>`?xI#f@WRiK2+q z))Y(zV3)K@A`(*DjjmHNaMT8#9XR?(3i>e6A+o;AJ0f!AyP;A0hf2*8+3~4+oD%&iXYsL6&Ng+1Oe zOgR%rMj**U;OT@e*i;BGgw`X;;EP(XkT~v2`j5;kHa9*09NNhBL<=Qr6qWQ+tF5GQpJW{Tgw8xjy$=*_- zP;?9wsVg_Oh!hv$>$Q`Kz;YQy9?(N4q`m4GJ>-TIZpJ=EAEf*h=_sm6R5%p5t`w%H z5z7z(Pfz#FLK*1>W6AC1somKW&%uKQ;iyK2z1FuyGa#rqs-o3Agdz} zm2FKaRk0MJ$JC3WUN4OcYHufWj6{uZW*xfuvfzL;pa=Kg$siq zz8rgcG!(q3Q10EA+gDgB)ogisz$}m(j?V{~l1O)jdxwsAY^OEodcdZ8qEN#Gqj4sv zNyi^q<^PD2dSpy70*~lP?YU-;i~wsCl_z_izlyssvKk=;Qw>m-c0x3=glSO>u)wXh zBwiyI%xXu`ac(tthRB@uhleEzNb*J^K8}3M2KrbX9obS;Coi6MAdeMqKING_s`%wp z;;P-r9FiD>2!j{HCJ;x;V;GNgTO1i;NE|GbL2f8hMy#x$)iGKd@*st`RK;Lx5D2ro zGU#VVg(Q}d^wePovGK52@Yn=dLy2kf6k>S4RVj$e z*cT=718{zhM?|WRKJM*-XN4GC(o>3A5>$a>9a8FDQ_)rVx7c#KJ#)k#sW zuYc2Y>bHTf!;2=lrNM?SaAQ<OlBNrZmq4loKOiYezor!1`~&XA)&i$db4UEpakbXW-0#o)kXHJ(C0;@?5WAp4HQ zJzKayW)hKJiX&+eRYfU5X`}I?VTSWnAs>7dKtX;RarpEF4o^smQ6ta|$Ph^C%`!S% zHaQ`q93~IccxoTceoU8A!Tqs*d1phU zS#mY{Qn%-KMg;gbyr|5mh{kv%Ml%#~iF%%#03-qaVeces9XwiK(hOL+OezBL&$_^v z*DH)u@)iKIzMaE25~gI864F*hqJyV^vgIJeP^c1|h^-{z5$-mf00~$okg&xuql}n! z35z2WhGHhF{jYEVWG}OEm9dW$1q93y#L-ej|(%ou2XTvoY7OwA|h zlF<`LAxwn7<6Ess&(sQ%0L0UB8e2*ejo9Lcl)z1B*8IdSs=SgxghlJo#+Vq9Dcd?) z=z)j)xU@Hnw7yDPA{yp?(&BD7KxAUB#{u(wi()kE3r~gw24+xXt5y723f!C0zDT92 zrV}X4E@KVAe*JYtF_{VWCwIJ1Y?dPX(#RLKIg&5zc_UxY?nwPq0psu`iC)9+?m)o; zx(fYK!1`UA!wbJh?kIN*tkESK4o0*Y6)v@{q4sIx0H%13BF$N*7*a9;-e;#G@prLB zx&aCVPQNxc#cl}W_qHTH1YXB6KO6v65GNohE}!?{r*cxdSVs4yIM_53S60lD{|KV1 zfrXmk7Fsg<0O2Dg4Z%n!r=b|GjQ~J8G7dq=qyq><;TS~N+;-5v58dun48VY%Rx@4A zd|oT!tuSJQ_f{?^2hbJ+5<}^zp53$LmsMr*Ehv07X2{D=`IY~dL;e6|?vz0bF*!h& zoIaTx@R<*3-t@VG1X0TUECB>9vg5T<%4{{gcy)+?M~W@Cx3?vWT1lpI(z7fo@9%Bz z9-i(NDT?2FpET?G{GZRRATQ}^J?j>^1FIW4d_(|s%Zq&QWQGSRNAa?0`!EMcwTjGy zk_;3~TI9D*#olRNyxuz9J6+9v*gJc7^!`kI*g84cIy~FkJrzeMV*BWDXYXw9=n&rC zh^@n)#SeRjJFCKB2FJPUhuC&x^m}wcNGYcxo2kn6bufxhcpz&G$WRAW8>CR{8wzru zFFB&MlHLq;r$hwuOM5&l9`i{%Hb|c9iSL1Yxc}Gs#>V=>|LZxP?EEVO_ouAmG5&w+ zi}`<+Cq4g4_x$DOzrMKt^I4v8^Do7oC&7b<&;Q0oW3m39<(W4BDDIY=ur*H|ll_0I zjrCeJJ^!_8y;@oL|31gFB$Aj-c)3~<01BiT@{C&&I{`XQ%0oRv{%YNm{V&LPZ0?== z_A5NZ{U6pll-QK59|man`PFwh^ZnJgU%eWe5x{^TFMpW;DYpB)6A?7^k_KgF83(5Y zjlOklkQ3pPeo4VeWf==+(2YZ@eeHyJCjbFUrKBMaWgZ7sA8x`I^*aU1%rF)RdCr7} zhh#IrcM7YDfG2!US2hLE*aie%z+J!}X^`sE#Ij8?*V68YO|%Z{hUovQfR4>ET-!uo z4{C-wcNo_Q`F(m53_uTRKr zYBP02b=g9btKbvEqd2sXs47YwUyUv_Qx(!qD_aLAkFO*tHolf# z&q8fGf#%;Ccu9tFKn!~v_?En-0HrgH2PJQHe#KV|GeAyzRi$EHG$ubCl%)z(#@FLU z*JS^|=ebxYm6C4yQ056>^|gr-sD96aOl2Ggkk8DUK&k)Qg@aC!IWgE|lpCWv8F%#w4G|LD1KZ!58&A-42~Pz8O4>@(8<$ zcRSG_k4R26Z%na?wJ_V&1eUDRBr^+DPxixbO{0pAs|z@MJPBi(O+i&5%TQvfj*&&C z!N*8eV8g?e*IDkXv)|h1|F$H>L zks09A{ZMJ>m^2Qy%02}$nNlWD@pTkLm2Dif#M==*>6a9wRF+9_*iuizp_lX$Pm;&4 zakj&PF+jtrh)bC%nU-ZUj{{4aIb>{_glH%+-Q3~NdRGAaX>%cP|mJF37q;M%(ezNp_R zU}lD~K+tF)ilrVTc}oLIWf}|08+2VCU+9h{1eZ!lgB;2{8EhKl7;v+JiV`?cnkcBm z@uZ+1255r`qL)G|DmRpxZrsR1)2lG|&f(NCRm`&Cvilc9y}Qo>x|_I0(q3K~NOLp> z4rQJUR{NJ}uqtH)STplDuox}gr#+H?rNAT~#~0VP#1jbhmH}gC8V{-;q&BEjLIz+a z>m-3!6>xQ1dMRVd{2YRWE=-Dx(aUX z0r2!_@kgD(Jj1Ce;G+wTtpcxCmzPN+?Bq2KG@WfMw8(4Hv^CM;s%aYbAn>tY({)V* zGNEer;gdD-OBQgFWfC0iTc=>@gdupTtW#m4W1I;R-bX`}8B+iUY$;~sWe2yC?|R=$ zu$)3LmxptT74f~g5_?k=Xp1jQZ1{Zy>|N7#ZY1ib64Fi2W}O1FW3}lbbOWkN8U@$P zJ_WLCOR{FZkAkT)jsqB9!M+kRZ>xT%0GS!a0+DeO5C;EDgGfG)g#e6JXmL~3@5~hI zEHuMan%>I9sg0wKXR$OUf2Nz2d>#kE+<->zQ?u+)DxPbRzliLI61gecf%qMk#439r z{4R6961+^XQnI@gg6}+}Tq=cJsJFtqTJGn76CuD_iBw=Wa(E2$!9uuQf+*t?Tr zFtDjCZ*T!+^Hg*mQ8zs_;)cGBK-NK4|E^+OgsOlaHF5~{J*lkzOg=Z{$F35 z|3Ay~MCboQtecEu04wDpH$+{`IH^NqMa6^p3eV>0XXa#He;!AeC}`zZcrFp83AXw$ zS!qrm|9RvhR5V@4Dx%_sg%v;SVNZ>(kIzqR_}{>Nu|mU78mC*lxx zvdvBOht4IJoj`(dmj~t_>1F(F#+mp#0xZ3R6CdH#kxs%0bzVQ=B{8?B@RFF-R~Q?N z&jZ|rvB*<+3@?fKeTJ9BlX(pr|MkX)lHp_z%<1yE;* zLY312JjAByiLffJUEgj7olSABH;GkaGq_k)Q9d>)`hy8axgpF0MEf8ZKu+mif>pqv zu5-63%K!Us`5T9s% zOvCs2AZ6{^p9C6NuRRGQwo!jPC^k=jZ2810eF}B{TZ(|y3TYs0Z$1wZP1~5y2}zrl zKXzEgT9(h#u*9nTA!D5dq72F()Djeu(@;p^`Pku6`kJ}gFv4*B(d`*!89vWc4Vi&Y z+j}|Cxpo%e>z9g{T2zS>w&b+Q_ER)GWBmQtfi?B^(}o}k8cLxJeP=?4hm5_)H}G6B zhh@~bm(9Kx)(T^Qq9*^beKt(H9}7aC4a_r@+MfGCKsZ`n3XEyR{n#E2S!>VJGik5= zKz=zDgwKFxsD0<4tIA?~8kVyTIOa>;wHc?_Jp!^hOMSdBS)P9j(kWPHAKA=`smk)EvbV20)u}&x2A~v+a3csdJ3St`#(b zo>mqYV^fzI-W(Hy??<;HW#2s?l=&e%Y(j=cW5|AcuK67@)qZr}@C0tI!p*snEp@i| zSSW0WJqKAx^cIhAf^iTy&-5yj>&G`lSz6E43d6v9`kvAWL>o1v=o9VqoUrTo?R&m4 zPTX3d&msRO5Yb_i>v?YoKX4P^RW}0I_R7m2p#l28U~+a&NUpS)$^lU zk~VRk6AW23KNf~EXr9Cf0WrEp&IkS;$iHtVF+lQUcMkfdtefYVDQVFB*nxQzjZg7N zd`4}Qe`iHke}vQ9`JZv;zeXJTIZuD5+W&6UD?{hM)!O>v{P#JY#rf~z{P$0O{tG`W z8{~jZbt1W`uPuJUqhV=x{`m8TXr679k6`6hLl4($2|yYL<_>SUv4`O*RmxnlreV}S zyMpRxM;rm>pY(flg=%s;gw9ck#vb=%yw7<2Bye{QZk+ypx;W=bE$83Sm8Qdwi+uq;@=) zN_MI?cH)?u7Z}e2;gQ{Z8in)2VFyUR64J|;1E(}%Om-%1Q_KIhzdx@OUtau9|I$Az zlQym=(Dco#qk9^C;oPm5v;HSl^QCO^=hhiYU%z=(_xf()`OfV|_zTRXCQ^6wJzCqf z(7Da4Pntm)lcU?*o6@6klQ?z7vuD1+An<4DvG=7#@Gts|zW+sz{`{&RdZy@qs_TvV zQ2hV(`a=Kn9M4#N&hn5#XT{7qd`;Q6>HEkiJKs^qDy7X$iB-9!*;PXT7Q{EpGodbY zMGIZgL|xIS>%>P~B0l1})5Hx;35M*6M*dvDpV-SfXiGD?@5#?A$|sNg&Cm}oNB&;9 z(f5dd={0XYW9WbC#@Em5|5d5h8yiFZUu%s8{eO-pMgM`Ci_;#Gy5(=<2!BkV=6t!Q zfhNOreSJaK7j*pz>AG|0v{499m+vAXN@6aJg+&4Ho;E&<;(dW=JxIJA@tfG(e1lh> zJ9jWV-!Dr8Nwk@~8|ebUZ9>ukMk)OHhy*HUZL25(l5=-+8l9Ve*9U+-h(ois4M( zK~|t7QBc?Caj*z|!#hbGl!RJ&rHkkA5uuC75J^d6GgZfmlq*s#<5O_1nXr9qtI{P5 zSYMh7EuJs+jNAX8)BdZmK6L+Mb!}n)^(@a~|6lC?f13S&&zBp26$=TgMdn^@5cLoy z<{!xi$b+9-*Yf}f8cQ%3xusjUVTwHR0I=uA&Rv`@i4Pd~2?kDXnJ}nr=>%{2unM3^ zgrl2O0#ifCRP+ zFzELYSZ0h%sI`S5O>t2v`#a*Lu+-+}e$XwEpUJo17M(!F2YU~7KxLPyQkRGa3Lw(h z^QGTXb(m-ApDqyPe87UlZjZ1Ekr;+qu&pEEmL)oaco1S5`4W|6D=yQ@Zl~dW>~VV8f{T&v?}rj(hHg#p(aO6#D)B7 z8r?@@r-t?W@6(WXV$+iKSbRvUh5#!wU7)P3`)11v+Sdf0K?AY|mi_P=c!DLSDurPF zfg`H1RH+R|0Voz>A4MF%qOZP&cQ&r1*NMP9b#E|a#TDyCm0bBYBDQWQ>9hZ=TBzudFFxq#As3FG5w|SmrEzX7w-Ga2&22t zg@2PoI^krG*+g`6^JhH4fPc1$XH&LNCE2u36DDx7=sgd`9FopwAt0#ce()OlylZs) z+ML$dNy`$;&WX4RNeL=`rwGr#3*fi=qIfI{|2qlB^11kTeDV9=Rti(r_n!xS6Oup` zKPAC=a%uw$;14^*N!xgMQ|4xzsmU%X@#s&{*Ow1eQlxtd5*`F9dRw3g3ylKt*zx_I^j(v? z&SoguGpQK{R+xvxb2r2UHX~*j6Z1KnGI4VL z-FrY;t}<$)vkB_{A6TvT=qf|UzOv#6RfnD>GiQDX!r+q!DI_y-pH%1a52$t$zL?R< z316T`VriUL&Ui2?Sos_o7dVHx#!N}+60EHGd%71nHn=s>o zgTyzn=-9a62FxiPn-B^n74ssPD%B$;9@a4+I7Co(}{?@176DV+YlY&;7un z*?`=SD^3wfA6Jw^Za<(b2k@P_fQpAb$2v~pazB6)rDJH%QTy2N*Ym*C(XSuSBOUE} zo{Bl<#jJ!``6g3-JXd~1l_Nr1&s_beP}XzwekhXl%vhWbCH(|V$i$?cy&*>MjLgFjmH_Q)&d1p0$V$r!mK{>-fYqXI(DfpM8QA`huN8$jbBWz!LwhnPVQ$ULFhIw12L z$d`@BJO?NhabjkAfu_O|RnqQ~Qw!>#%d_HnI>_?uE!0t!A6R6raU2SwJaaFH0wzD8 zSuS&Yei>poVU@;bPxmC} zKT&jL7oo$5T;@U0{B_{D&-(h<^M5)o$(;YJRU3a1>+@GV{rN9H{~0s?=)~c6{UCIn zppNPOzuEZDmFoJ&;{5M9o+WWSh{<*_Dg)aC+-gAgz>`x#Vld9QK<4I&R}G!K4Eksg zg$8Cz=ob=QS)sJhM+;X}0S0v}m3B^>r_gvOw+CXy_c=ef8uUxBkK~-I_-fE=MJ2nHJJY|=ab@fD z)Bu<(MX>!AW#Hf?vAeT(c64%@t}^%UrLS`(`0wlg%Y9vnZqKdauNUyEWnJe^c7NPE z-8(wWoo&56{W=%-V%TePUpG76J(|OnzD|BaiMR*+_s3ib|Ak?P+MO6(eWG0Ny4OJg z9U8GDwvP^u_x5*p#8S5FIg7gYbt!=V`uA;Y5B`K9#DD3&@~=y_=fS_u9aLEk?Vw%8 zuAMoE?A=V)O1G$#4s)dtU3YT&pK`~&LkEMX44s0K@TcQgl#&C8*G`ywJFr3{M88qvHXAEiE62_D!zM#f0Hb>+vya&b|iDu zWR6;?u5vg~smtGMr45yO<#w;o%XkR#OO@ke6!>D9QtPGqs`wUvZ6pwSZqF&wQL=wDyTqipyI9JohCxE_U09t6c(Ev0R(^VouisdyJfx3x=49Xam zjy1SbBV)9~t-fHKsURkCUn@pc44%qVWd-d3*mLV1yQ$$PNR61h&WQ?-Yf0mEE1(H# z;Pi|d6PPnc4)aQo$s(XNC82UBD#==K`<87}fCfl?p(^L~VJr#uH)_hApR&qnGnWeV zXkE2+%sPQN8-?#?5n464Fe@oYYRS}+u{7}kdzns77K>4-LX=99T`wME^wrAgTCsD> zGiacKE&3$iO(u#GVdO$bFXhYjP9py973bV}ba z)6;VjSWFM7uC|JT0Tah}NiXR7>PY1Fdv|9X9)|9_STofOEQ z4dita?_D1RcBa0~Yv*3<9{zY<*xujUJv?h3?;aE`zI2Nh&r?2Q)_>v%{seVA;{3N- zsV~ldpW_)b|1xmh)6_Bb{C8t5OaH5D3;O>o&)JnD4))G;@V;eu0iH35+_>Cc!RU>3 zk=6bJW2ud{Fj(1@6FR_l(vcL#$?Jp;ML}y{Sz*^%#S>x6zsJabD3Ef1MLdJlF&1-l zvaI49a)iGq3fe9m|Jp%&fG5K;iXI&Xa|}ooOESMgmDrBu3D?izH}#1QnNfU1*&=k? zd`T%^--vBcpOYYjbb3uA5CKq(ySGa1T*b&@bPE<4;;n*=)AHQtYSjq3xGEw{ltC+@ zA7wlk2iXiE;Nd#;)iHu#Vqc-@WCa(?A;Nma?G;B0OnQQc?}N~XDmg}^9l(&S=AcGA zMONqTod81!V%M}6O0=2F;cQdXMCuDqFa`r^^KjDyB&K-kQ*_0~&vL+I)H%<~sqTc> zVGNKGyD;_`M33Yi88%Zjy#)2Y+ZCrrZ_Yk!o$QLeQ*nH9^yA*n?v9F2xtfhj`ExoB zY+#Ob@O{e7xx>pisogxa@#bo}$l-rIL);@#2y&MqXr-i4NJz24sy zR26h;dw*;1U{&mF9c;bj0Gvkv<%F`y)_r)li%B`CZwvmvjlnsw8+7IjudC3@lQUiP z!`|ucs@OW&JH-Kcb8-aWaX6s_WZ65!v+BcLhJr&aQZoWs@csSiZqk;W-K~9qb&5SU zGnW=(;(x+3X8%_n7$wvm&RfTn{l8jS8?yguR4R-8|2dxDazf-${>yKQyomz&Rs3RH z>Wvv>oGjd>L1Ju&K?M7SbZ{4uMTTA&%Mbu9+bayh3w*R$PQl?XXl5Ieu?wbc6Mw-0 zp|jtc4*d2o*T=yBALc|bPKB&N27!jpK=?ULwJL(t-!NXxC)uCAEsxMhGJPLbaz)eQO4iE-l3+k%7Y`r*bG81nGD$S2Tr8Za-SCT{lDQEL;odLTZ*op zppI$se|4=kB>yk&|9PHg>96IM>z7+}hb|LV;rKTq9QdMG6r=}EA~K^9FPZo{!bBI5 zKf?I%c~J~RsZ=hB;*UQr$j6`J8MFRRcDHs8c1u0`De9Q6{~x;lw_aK3f1c$@nee?b zo?LE+;zC9oSRb+pmF-KndGS2mGiLp(i(sFmjtA@is~hW$+Cu;T9M6>bf0B#fr|JKz zYeV-xt}pI?dY;GfDOO)|&>Hyh;MH=0e-y;4S3{8pNk_~9v*k@pAhWZ-N=(613ut>; zD^==+m6FsIf4@8~BIL?SF6VYcx&b-5FD7zC%W7YvB01s_*^P zlDP3~0_LdYIXcGoAaq4uhPUkZt&(RA{PtDfvMIzRmnn0ZGFP9MW_?nVk2>%?Uccf- z09Bd+_WFU39%|y86cl+5$awACFFYj=)ZcE5BiRewr|{V?yZC)`Z*(f;u79@C8-LV zY}$bn@s(X1UrwZ92_5c?F(HaEaJw7~qY^v_kp@;OEV~5AR+-RH+3ip038gHZyKa0n zXyFu0uYX9*B7XeI@|7t_`Ki6uD z{r`EMN%8;rgId|kJ)r+UY9AO+U6x+e7m?t}xdtS+p)WlO|Gm%j_#g9&0Mpk0#?bj+ zt+ui7|9X~(E@^cYb2Wl13i=T`10;4onloy7K?}BrD0afp_+mt^HW>^GE~I{ri5uUs zdM<|V%<1^vSB_U$6@`vt2cd<(A`lZOC3KutWOL|ms;FQxoS0I`rQ>L4Ta${;_L$~S zO<&!fE7q0mXCuYRCgmt3t7?3vRFW&zCCG4LcIdp2t_8uRS!QVG%*|IhJcT>%LRq-HI?+7u<_GE8fK zlT|;twr*P1?j``RV;txYg6BVnMZd-!#)2tKaurywjDdSu54Cnm6tpHVPUO_+rOt zK@LdWlY?@}Eo@>WgdlW(b!_yJj4rY9mmnDHQ>B*cU(!%ImW_T8m*qi(!S~yiN8ePP zYgp%Y5Mtm(4-ZB#Ubq@FqX{y5O*IkwZPO>QY^Uap&k%~}$c-0psX1IxAgT()7TpVm z@fZhpO3kk_(TJbQR;0ewxXJJ7EXfwT`@%Sfdw;U8a@F*l2^r59$EZJO;Tc$m7|W1c zUP9*v9sQBnz)U0n%NcSbG4Mk?g~B5`1(`aqAKXHDKl0jk0npR-oF-O7{yPX3?-z(1 z^nFpqDm>B>e=%RxiE&W{L(9Xwr7a`KWXGwex{xO55<42Zd4iz`~PQo7V%#f@n0A5Ul;LT z7tep^GqnHnR`8^CJY4_ZsIILo^#9NC49)+OM*iUE5$8XZ%KBpdpW_*tf9?7EM8Ti_ zGQ;_QV<`S}wZ72*KFdR)pUg*wfhyz@?_2f7@X$3svvV$#T@`XUHdj}6z*>QnUln-;P)X}}dAo5Lp>GSN)Ur4# zNHlQCB$(uS3;rEQ_g~@mpiC)`h6LzE9I@kY@^(My8E+|PYGA(9heG6dsB^({dk)T8 z82+g4Af!B$CHK|svNXEI+tdPRJ1cNl4YWemx@ZLZyV8RFZklhZ#H?k&(E5K;&o6$a ztpD}K#?b!1R$Ivb&+;s(BcGgJC^BG8J6V8g;U@ueBbi1GB3F&CEDsHb_z~8pzqq<>$xvZE%WjZ112cd0UM~9Sww!vf# zfctX8C-hFB#!~?o>7|APig}pA6g;|^(878V? z7pYf|%VFixjNE4RkWvWaU36}IzlvadAkJuoN+a5FDIyXpXcd@LPsOrR>XtG?d=*5o zXhRB!MvDT%FEMo9_)l~%a{%TS1?BwZsc3FsTDvv^IcK*~Lc-%((k zve-tG=t!b1qsCIjeTDG~SCXMa4cXF?c#}-Y39ltWf5ZN;nP8u+4R;u&#>ev3^{ZKT8sc^ZLt zf`&c04!M1i)p39jjc+E$Q&x@iQiE!=Xapsfb)q#Rm(7f_=)mmp7g(DmB7WQZdlN^F zPn{k6-pw6|4+GCDJT&-N*W<5GkN>6o#in zOz9iR&kZ~t<>R&&c((X%cb`7f5Bw;%1af}EjloE&t0by-M+Km{PZWySgiDiMyrf2N zCECy2spE*tkw&(c@+^?vnW0UE%2NX%#~9lnGv{(A1D{9tQm&CpDsLY1%E^&4rVnN{ z>gc7YR_o9bJWdXgd0|WUB-(AI;VS$(-Z~K95bfo2IxK&g91mYA;)It8!-gNha17!r zRFhu{k2V|HUoQFDQpn!7!ibTl#}q0e4jbQ%{S>IyC7t&|3H%WZ;!Dnc84c`!1|SG+ z&Cf`xKt$Y<_(?QrNQywh#4LsC4Ljgnni2K@Vh_MDWwyk7-@QXZEzcm0veNDEVTE67 zSG!f7X4L}9%Ez1lM22h>>SAYd^uyi@tKG)f^fdQOL5!)NOf_U7NgZ>!ZQ4mBy3zgO zQclEylXzz&7tf*Y_@dNzdY3%2wACg{fbkj+GNKWzCKFAj<}KKp0jFhjb6FKrUQWO> z4Ip!}FCg9W^hy|tgwq+lWEyewRdmBF0mO|P(OimNIIfD;l*9p=DcBAO&d6xD@WfkL zC`fWiyE2}$ol8lq?Se3Nv24DrJYDd;A^Gn~J^%T6g#NeQSm=MB_zqJ0h zwy^(ymS@8J%dKO6Jb3W@*DCe(#rl7iXNLJ7ZSz)&u1d~qX9Uyq|J7{#?^7l*J^M^s|Lc{^`Co0V zQeF6eJe+a!}*9UtzSA|7lxoCnPf_Y~R`bX>)sPd-vpw=}h`76u}5E@az4_o-ip< z?)BE`t_TLNP;y>H{n9J?iocpJ7Fh*J6ofLFE?+P`kT>G~nJL)}>z}Nw=OF-7)_<+C zk&XYlR^3>{|9F5<;h=iUHnPwvrB7MfkBT8*89g&e~3C8B3G;dT8>r>3Z$J4060*G6rIrB zirGLKomjNnfT7`s-r(8hs(=D5x^m=~0VgU;7x@%n8FF%!?=h z5II!Xb_bpns>onS7K=tDQQ+N>W{NcP(SS^=PhG#w=UV6sLH-k=6FE>P9VB7&f^y86`WEW_f`(Y3V?Z6Yt z6op+!aPV=jQxUernkuz(NJnn2FAp-Yt3ICHc+$TFdkbG}UjQ}_H4d7NZ;u@V0NlS7 zNjaa}a@z&|-hn-D$TTp~Q z;WPI9rz!6MW%I(htbwQT|Bdym{ty0L@c+;9ERkoEzU*(CF8fzZ%I7)?SD(+ ziSPeI&&?;j0dPq?)g6G?v?sd-a4Dy5i&nzVFh3y!)xj?vf;fk(nlGMyrQ>%m{gwvx zsRX-EJ{KcdiJKUZ1~R`vJ;KMp^_MvwGTYjnZxTRq-ld!ut3p??f*u0BAa?^;>#f^}f*{KFg^uTdTp5*vo)0Tu?U~J?b~mk_-KcZxIrL!vy4zF+k+Qq_ zROLpaa!CklWpMS`f+H;wV@aqr915DWel@WL|vBG{FBQRzEuU6_q=YMO9 z_^;3Nr~rwDWReSvlM4N0*nUWHJHywKym}=HyjBY0_uu6OEZK`kRQPPlO`)^tIuk;; z9SV6?%3e~!mzR+HYok;ttZ?W?edEZq>r~7eZfMQtO_OuwKq6Nk?C_2N6s^E-J~C3P z6Ne!VdTzTZFVE>%7>1hzR>tU1lh5aK%JBrqfHaj;q2=&8-A`q-ob##u99a&}V#+$R zJkj|igKn}3zDR$T2REN`Se>8^8ZFb8H#sgD1{CK3I8UbWqOdA9ZO60j9eX8JNCw}V zq156Im;dx<7WyAWSD#b=yS6cO|1ZcOi~Ap*<&nI7Q$}7aNw$}>$^mdd z?$Wn?y^mdQa})VhG@RjUy14Vv6R%Yj3sea5CxECRo;QhOx}pg+p@RdtJ@{y%6Z_GIL{ZA{aaB56t2yOSw-1hiVx-`V#6iToe-il+Iq-v0|WeqYq~sEswDBHz2l48Z&t4Wc4=tnf+BFK`ho%e5SkY58&;b+&?W!j?xBW-;|#DtV()9|q$4 zRi*QdO2onZT~szUHc+Up)EkwRRh=8XHT1>Satuf|C)v?Jm6p#i=F>J@p;Jp-wYYU9?Azyom?G1&z`?o(v`!PfX7xZeD=V9v~uX1^~6fkZ5*M{PM)N30H z`Ttp-MAIjaCgcV1LkxU~0YD@7#!1uw`ks`gK@)}nlmTrDDTQr;5Xodi@Q&^w9b-nr zXzCXiYx{|w2d#f5twsNV9Kh85zmh%wU9T+S|3A+&%l@yYy)a?ft2|{ohOx_|*#SiW zlI+=hvyuV8s0A6A|9R;8#~UG^n*XoWvhm;Qjq2k5*JpXgtYw^L`8TyqOOt@1#Z37} zWL&J~Klt;Y^*>y-aIaY`fo1@%BgPOF-%$Pn1v8382+z7+)$c)ft95q(ctBx+yZPG>Zj^Z0Y z$eG7?;-c*!@ht+K-FvgOz5CZ!Ua%qy^GJaF<&o*wd8OL8$jQ0`&sH_ALQilY&IjEK z7z=dq`PGWp#0*CR0MN-%F%ontL`M%M#&qTQiDFR{+h{_S8a`CwtPJUs+>BH>LXV_I z%Dg!$FTK@p+^8ryn*k2RdG1>1M1AYlSN%+8O<1Be=%Qbf(e_HITB>kY{TuP_=wSC1 zwhmh?zRAqppMKApPXFbNRCAbsOg;ZyYh>+z*BXoS-)DLF%rJ8J23}Eg1)G7!Ry9kXThT6-=(4yF9)&mB{WL7TFw+N2~ z0*X&JD$l(0oa*$LiB0F3WhPU7R8u#l`c8X#^^oVW)qiQ~G+Jd;)K9o31e8{~mF_M{ z1xX3%?(Xhb5CNrA8k9!5n?;aZO1hWsUV7R6UH|u<`(ZxJoS8H4oO#~oc_y0trS1g! zk)>R`gJ4sw6GsgdJk+=za6icA;L)F=xebZ3<}Ycf3${Dv@(R4s!^AI z$jP}!&L5@+TD#0N<>B)pZ|@*EwudA(#ZnXFtarRTMNAQJG$DwCL+3Z)D`F_V4rUs$<5<31Dyw9kE zy+7BRN%7rkiT{@YhA#cb;H+EviXfS0GAkkYYaah%Qo6l<09n7qd-!*Wh??k&4 zXW=B*)19&A=|Y)#h)B9a<-nElrlv?O+HI;vjU2-`1QTiqUb}`(b77_r*!SqYpL~DE z9s_JfX^dHfy3xcb#!d_}y^$JrXL-gyVn1+@_5QCceb;*)Mb|&Y2VFFf8)Y`PHh~Yg zjD)ji{gH3L!(%k|7JmQa~%>e0o5HWA`Q3qmd4~(+_c7Mic9_qU>ZH%BWZE ztibsr_~WjQMlU()RRm#Va(@W_MJs)}(oF2-1608oZ6uQ)hc@x%Oof+lzKdw^OP6Yg zZtGIx*6o~Uz#-h5fsor9cc4BZFMV~G)OM|HP*i*Od+5jbLzd*_XXPHBMlx;at^F+c z(l6FEk^w@@dI8FkhivsCSU~rbN(U)l^`;Y*3%2OG&qcx~YU<%xD*yVGJJEyy>uiqH zaQ<~dKG&+B@hx7h5`oHg)OCF^_t)CRn;&6*Gx=Hfz}tvkHA%n#k`K)O(?8NDz)Qm5 z?9b5tHzy5j`$$rYgL>|v_xNwtIA5WxjhCU@&i^HR7vvP zcdCa)&2-+PJ~okR?QS$h{mt`OYXuo(*ikEOew2PlKP} zFuadcD}B|jn$_Ad8^IYPXRtlvU$=)skqpJ5&)_1~GL7-)Qb1+!b@>iSs%Nxq$Kig#?Da5^{pPt;hpM&^H zpXn*7yhL7XSL(84;g)mK`5M&o`p3)!$dSqbfG$7MBOx$}S03RE@dvLT(P?Y9I^-ZU z6xV(CYz_pM*6(@+F?FXNm zQ<0;_`6~u&#$SZLgXCDf8jbxcaJfz?v4Q!8gv$H1+Qj4Pj<#KLuBX$ht@z?M6$)IA z;_e56>+SuX-$BrRquf-(;c!=__4fqCil+$FU_wn}tX6b%|$e4xg%@N6gZG zv7glJJ>CYGi)7H2N2v-Pj|PJ}T7&&SvPDeK^~ghrVrcVTMdfy_tSN--p>zcE)KpP9 ztD&M-k_uzD=UyF2Nw2hS@@ zZRFm3LpSbw(`S@^VLN%5%#Yf%`VEqxhdH9P@KKnKm#Qs@l=V@mT>_$l7!g^Nz8CNX z>|~_(M+l^6PCy*8a8OB0eH(CRkYDe5%3pZOsPkZnKs*%uGs_kA`z)whr$D9bF{r41 z>YrDJmETKmM_3epj@q*uvHL=6FqOLh&n1EU@mAD(QB@j&u*szxsQxN&BQd#!tQ|nm z#lodY??7W-fP$rWr0<*W9UJ;CTy@u5p9P1HFf>lqQrGcKf=~=J-ZYTmv_`YP)<;~V zKj7O`evSp3%b(lT5`HiiXt!_H_;zrOU1F@Z7A3L8{tBk%sgh)XL)NZ6i_D72#z1*T z9H1J<8q=fVPtA}1Rplkh^c|*2hD^R17iVKbdPX`#$tuo^W=nYP-4D&f(G*bw=Uu)I zay;)AJH_v5v_yE{GV$dfJjl4o`GPY3Od4UqnS!Q{x97H!?`;S-tUpFm&-(?S&*pEM zEZO@Ei!|#`$DyqJj*;q_>OS65J%~c}ABr#1hl&Ut!ZlZ0L~`M5-6zj&et zg^n_vE)f^GrVSs?m-LXOI=+;%;jC2&w&mZkSPwF|TIXQE6hQyzWYyl7m6cupoo76f z^S^KUyTI-#RQ)GPE;~T51{hV;a&7(Fg8nDz?J&`%z=_frJ3KnI=VY(t=w-PXxSFDi zF*d}*>?ADI9{;>qA?y@1wRlaCHROcdRA~N_=ALtM@ut?dX_5!fQ#b%9Zz7TZyz$aJ z*w*bktvZ@iS=x`AjH-zyMg|9JEW3L_;#c`2tv1C`Le-!0l3{S!bt8GpQO=BvkvRR! z&v=M_iS0w_^Rda_z#NC{HMr+1fRvcbVEjxVW!vz0NmwR2%~QoIxzLyJCI9Emd3*H~ zwn+%uY?r4*+(UmOwPX~niUDxkd~@<>wo=ZuB`pbIKmd0)j{XWW<8Q7Q_^|}61Q>r7 z*bnicT2w}(jiXBD zl(;qiY-L_XZ12vFJlSQ*mOjo#b^ zCfg(=d<1BmeDt2hbC_AYM_ifkNKO^yEsQx0c~Z055c`4IuMqEJ&y6~h?vm1RIEtJ$ zqFy$w_0vt_tSCeS{-EjA<#nk*kiYJ0qM2EgLs=3DdTq6035+9q`H^su@5h@b`wF_% zUvMR?KH1TCeZIi&hk1Lg7j%m|pV4)%iU0YhZv0RP-JVj+cQl?*0MV+>VX4&%_Qv{l zY^7oF*5ku|Iu7}3Ylkp1w&dfcL&_lXI!F`RH-z$I@spK_Z_T#|r|1M9}BZI9qCaH~&S_ewCRLE7=9bpn>cToOI8)`;HGvrih_V#Zd#Y?{uj zsa^*Bd1L(DmC8BX4$KCUi9%Y3V0~vsNWHx?Tv*U!(S?h zjY4i=D6H(Dh9BQU`-{eQ^bb*Kp~$IASNQ90((gWNk3mue9JZoYJU>3L6-2$2K%Ta z160k;CkTQ$Wh)OPj8pw(!9r)RK4QfK5hfFA4x@&daU=6tq zsNxkjg3f4qLcNUP4wC-eoy}fQWV0>Zdg#fM`P|tm-C3yp2{lr5aS+z*k_CAxp zKDPJVCjQ1LYnJjy^aX*yT1a~=k@GuH`|0i~fw;&W)Ego#BIO)(sc|tA9fhbZr~#F` zLBE^>0ltshLq#_kZnS-n{-=p;A}TGf4b+xd2KE%0(Xr++4|_buXI z$JLF!oN&ME?R7X}0+PXlKYtEAxp9RqX%ItoMfwhg;uoBN<%h!s&*Ocw+ZI>pvz^cY z$qTod6`tdvV{vIWpdqBgR4QRI7ydYhRoO*!wu+!Mra`*TKh6d0`-MK2u3B5@bPGi+ z#2$m1@S)U!=U!#4opeEe6Rgf@x@zx0S5850pnHD+R$C?w&6sR4^E1srXziaNHh*`+ zk>l!ibOfQx;x8y~MWlO{{DBz=*={b;SxDTYpPj}OQg0l7!z=0#?5}~yAVOYTxt^Pe zoVyAO_tcB~4Pjl@x{0M{)PkfsE4nUw0s+k;xo0y4w{V3Ws3>pqJs1X~5`;O=_p z8K}#!66rL>M(1scJf;ixqB?`t3Q0LPv3Gm6KaG#ys;?pF&P|c`TfUWdHOWDKP9a3y z>n)TT1Mmy6xDII{*IU0(vA3e-cM-lqp?-Cwr(FT?-%^zT=ytv7r;D`%aZdq)BXFY! zOEK;e^O<_)7n)Zsb*U;f$u3Kz!zm0SVW}gq73i-cIWB`i+i!OH0%rntm>;W6D=VF9 z`&X7H23ix>`Xe8nmb-yKCTKNXaf|1%g6p=W-&y(J+qh%n-EmVZub`erWc}RrafZ|W zM_Xj4mX~x>%Xv@0$Ky`Ah*J@RGOui~&qPb(>Fmv3=wHuseBIN2-|moHjB@8HItsD@ z0k2)#)4DppmQbq#<5?(mNDinQ+%%O59kt7w-yAJVXSfF(+4ZsRA(Nm=lM}&&$^BZt zYLeED<^Y!+k-W*FN@zUHa7eVk&$k6_MWV-n+BIaDV*gI0pyk$$quQ5Sr+H7jfJdsk zMe3BZy5_99Mo2ezPMuEe`^mzf@{E}o!rSX9#Kz6$CKa%7De345^nUa>)w1%tIq(cA zsjp8lbRgB!%ibFuje%QOwcaDFoOVw_>pL2JH|Qp4bYj=#Hn$k{p@AXL9%HD_lY0B) zklYI7bb%Y60N+(u^X#*@nX$1X&=jKURFhqr{EzzcX@a|?n&Zch&*No}WqVpWJ1q(@ zJAdy#oR|8vPd&$~H6uGco?YHQ&g*VmR)q_hZxY0M#jd0yAak}Zmy50jb2qos zTLZgl=FL*Mpqy5M1y~;3&Fx5cw_ye8t|8G;UD{(8-`qX_w2GK^xZU17-Ho;kwSZsu zc(nTSE{xEgI`5qA>w3{OevI!ok@jEHmvk%GZS|z{TMzDe&=tbhQuuv3a_I`If+0@I zFA$Be@dEMTv(QeYcTe5p11G%N9r@UwxAd?oDF$6zGIY)p&P_$Y;}K`7+eQ|!zK?U# zHTl&-WD|OmZql4PFt3kBR5?_1h{Ba-O1A`8U4pf24{x^zznk`0-y2z%5SN*b^0mBu zZsFVN!Q=Ca_LcGW{>0<<+s(({0r2LK6WyxY<3y*A>FsXg=VdJOf8{oBXN0`nyTMv3 zjUqW8_nwr*TVWnWI)Y>wnyqVro3D+`swYpWPu%i+c%-Xn`;?@E*0L&VK|Ld#)rJ=5 zt776ej?w7}GofDDlI|x)wLyOH)7}oZlGQnp*jC@u)RhS+*{$9kp6D;5iJtlfmr2ks z;?K@Koh=T=ZaohYpum6-Lr~*%PY<%kduf>L?L5CUsmL5`lCb>E2H1#B zT6MCBm5F&%$L^5O`i+9KlYp}rui1m(sRT+=36`1mHpb&y@O5Ar7&>XKkZW=cy6}i2$dFrk-2eaG%Vy9 zyBupFwr`G>Wnedb6GtgI*}$q)6{Z)}gUFEG#Oc<=rlZQ{w6A@71o|8KCuc-M>2sUbH;$1O1EEF)mxfpXI^*r-fW<&0H))!1u37JM8tr)(G6s+XyyDPP3zK^&VZH29?#%o zvtqGRTle6=SNCowc3aJzf`T?-axQMC%gY^4`Yvl-+^)G8c0+Tj98M?1 z33|7>$IWN1$3?KxPA~n7wRxA(MbBjzhj@ElWcyrV#@yb>@@K~+>Cv(!z#%=yRkXc7 z_MMXiX}M(HKAzp&!6o}8&sMv+1M_5V$3%?`*mG&Po%4g2uNr&Tp@Pd9cpT|oB4C4b zSY$gDN9VFwS0;GTq(k3RuZPR|M2Kb*;XmZ|x=rL{ZVq#uDtfuQJ|l%p;mOp$`|o{| zXWfNl(7gp4JfN8uyoUez{NoVKzR%fg`59R)EE>K771oMQKSP#5REs(?*2Ki20>Y<- zH+zrPH(Pt-XGdj;&FW=2ZdXHPUQ}*|AJ^iK2Il2LTwOXF(=Dn;D7W*?Kirkv-0 zeVn*chl+_9)vA;FlHzB(39Cy{ueI6UT3*6;`<8Z7z^2A-fm27*dBhlXcIPjHb z$0O>g0T|XHZVz3ap;3#8*$D00{DRv8nVK+;oKB zlEf6fUF<@EmT!oKUw24H$oc9y*un5t)8ewU-77EvykvjgsfM`8HOet-LuhwGmq*vm z=KNMnkwLz$FrORPfNf)vDp#;8C-GhjxN~q?0an%N@7Hqt4Nd$`H3U4~(%+H$$>5(uLZ#A=9Q0Hd%Suis3&d?lkYRz!*jil;i2miW=+zoRn5oHJx>wgPX#$fw!ify013Z_fJVYY1lq8@8{ny$#g5Pl{M+vf*)UTOhM5TRPf1F5NX?p^8?BoNGL7 z?BC9ApB2<UfR}_NeLb%QrM#@sTR~TD!Pt1`0d8?|fSXQlRJsD(&qj z53Q0AED{MYAhK@}2x7#Dm*5*FOx#sKb)trX8$UY=^fRot`<-hBc8N7$&4y0uxXieZ zUU8(nMgOoVYvC)Z6jj21AiRXa`U3P~Tq%cJiifYi1s8hF=W0H4y#clsPGeRjeDWN7 zClLnbElw!d6OL{cJfz}P7nHbKo@+YdjCYL_x;xusvyUiSERs2^iKBFCpx|R9zs5YQ z8n7CattjMU?{XDfLSFJ!8T1k)J^O`E7R^ruValHP?y2yL6CSvQ&v zy@7F(A|%VCUNT9&A#r6J7fbLdC}oWViI68ipxT%lAPmlbi>?FIYgmB(CvqUMIB7)M zr~-4I%do#3p;qnnoYg}6X7;CDdp?QxM`yMiRhpa~7O9|Vm+e-eGbh)@D>*hMkHo8& zr&=g(={gw{P@BB(n@~w;{3Ux?K|m=p{Mh01aME9MA1;E{kE(EdaR^ zg(ncC)hS(=`2HHOR7YZoBHQ^8(lJ-N#Lv5G-HTg*LFEqrV8TT7c z*9C;WH!E?rHWIT-j7q=wRp~EjZZHgeYWtGP+a9U46BITyR0!m>b z9jO%cy?Mci)x?k#f6-!As6b52{p5`QMYN`wZyVK$o_$iIe&t%e9E~jy-2+%Tw9}zm zMNEL+kYxa*`!FkDGC7U%VZkfnDtnK3B($z&PMD9X_X8TWdhw>*nlL4@Y5TjzD+HZ z`@)FoqDjhpeGuB63mlIoJ()4)U0A`%y^&r^ZBMmznRG({g_6?f56KnMn!sJPkrKjG zo7&=sus#+WTqt4M)5-lG#5s4OH1OL>5yT!b0R*c*)%I=aBc-$HyPTV63dXGk-nPY; zfaVF9#tAxHv{uiXJuf-~ClCR{0=dE2p}eE7m6RgL#SAycIXNorlZo@n;#`pVk6FqZ z+e(Uiet{&R-?bIoa0FU@xMh;F4a}Bo_R=j2CU=DY5|r@fZVJhGYdd!x(!c#PI=D4b zgBuU(qZt^>d-vyk8fH~5w0rKG%`j{dW{kE%<|jgnNrNi}bU%Pe8)L1IAV#^4rMorr z?+|ON#ju258cqgk6gqy?B@ozm7$Doeg39oLd8L3N)>QE2R~A)arz>YSm8iYvVp6+4cqQij zkoHA7(8bV&A{Jd&5}(V%{Q*)|dGdjvC;+Vgd;@hKT({^2>|ZVM0n#b_Y}iSCLqjWU z4wY>DqPb%8-OsrUd?Y8YS27Ly-V_>^zo_y5GQu%`TV>QHPHC&$8&8Y(Wts5($!7B5 z!+nI^tPMmZC{A{9*}zV%Ob1nhKRaBoiZb4c_U?==_Vu(i{>od+`9lhw_U6lZ zhN{fVKZC12aQAyTV;tE!j_{(ceZO&q=!2=-Y)+GgGueM0dW~0kQ!3I4)~Tb+aTG7s zzRJKb-2fdDIevUroTvSl38Uql86F75yx?N*Fzt7*Ixo!sD)PMvJ7lKSe3l(D$gG~|yUUl%H)Q=aze%Mc z_T|Z9`mEW<=`t4+ru?II)1seweLY1UdkKktH!le0yw&A1>n=^k?s47io;$5k8m+8Z z(2IzcD<*F@I zfr->DZPdawQZ2}#UtVw9zSR1r>rbotP1GXtvssK_tDJ*xdB5?Qzg4%(<$v*n#B5$f z)iIE@$lZKyX=&L3Q^OKkc}H|jey~Wy(YkIGQF~seouQKVEdD`ylUp_7x}?;94nB#N zH7g?MYb)N0wG#N$40%4AvbMdfXsxY5#-o47E+>AjjlKY%8L``8Tv8q;>lehA6m-Vl zpe4?u)~GUyuP8vEmuTo$aQr&?DckLaX+u`jjY%`9RPJrLnt3wl>1fj`Wfyu(?)%n# zU!u`sok0Pg$jt(e+#xotvH{R4DBHl?@*9Y@>Xz&y~_IdTkd`<$2EhGofOH23<9% z-9Om#>pqjz>51MgSK<<(!)M+ry&Q?~5UaasS!2>@=*6wV-)IhNVAODu=}9y*97ybzi6sT)X}><-1XbhyM6h zG?Yax@lc1&eNULPEk0Ey0%YH`_5$f0L($?Ce6IYL`C76d99!RIA#%HG{<3_D5W+Ql z_hc+=9-Nsm~ zyvFLvqc=wjYCly=r1vh__uRttHq2!1K>1RmfVf?wv}Q;3N4a6`=M9t}+ZFOCV-`6i zVd&Fnys{fI?*_R`(ul%ELOYes_bAkONi?7LQjD40p-w{H%5(iR@)7tG>VOKTFEP1a zGp?+Bj!~OpyQwZz%n?v&T%u8CF*~Y*FJv=XNd4Pb&w2ShgGj!-skbew&Zr9J&lf`; zcJ2l(<%Rg@Z{B2D;=L=RTwD_zd;LlDf&I|7XPT$1(q8bgGS0WNFPwBk4c$(ZEKFT& z|JjjErD=`lr~P}5z?szVSR&>4&*Lrx&(hTOeCE71AIZKrE6!ffXtO-hNJR_SwbQ&? zAR$Bf^`czm0Bi|A1zWASAH3+cRQT|5ZuOU0pKh4{Z|N-0q|at=-YalL>dBT;G&w)* zEe=9TC-sCHV;Ie^T7%^~NsW_uXMsABhRs5)ry~+TBk(3B#61TeZg2QCq7-ThoiaO@ zBLIzE9I>}Egod}%%sl1NcHV5@m*xyICe}si>AB;5<94drPO2f)wJgD7owD9iHGDOM zoA5Sg5F4cS)eodL_Jk~pKw04LNW=S(=cH+zb@w&pa%an956y3J|A!LdtGqd5Mj=M) zD{^nRjsbOc5^FlPGGTRW^B!`6d9l z=9L^n;zNhhd9b|H(})=&-yTozrUp<$qsJJ2!s7C8w^sQY=>` z_Bl4J=XCSlB8jx-r$GdUxbXNe3hQ6y{O>IWa^2`E5C?CRHM9VfvcWe;Z@lIEXYN?0 zM7Uz%sE^%VpVdUm7W$lJEHj~c22i~P|fS4pVB)#HkcY3 zr7?nH^uiCdQCmNlq8xb|x&NHIUt~CcQY#8a%3bc4D~7+^XpztNnxz08W%+*_EQmU4 z8Mc~Uqn{+DW3;tMo79vBkpNILq*qgYLr?3a^X?=-K@Eh2{!{=`>EJ*@>2*d&u_nNq z_3?=AwWm^vCRls@v*FXeqR}w+yNu>yO#&rD%|w!>;(Qi6CA>GbN_c4v#ZiO}#re!u zN|JhiQUbqxVG?QzW4Z}`P(Cu)N}qL~PM_`XOP|%U=BQx#rmLx*R#mLY!={)Wh;5Vf@-7a*#d74@?_ZmHSs(~R5#N+tO` zd`cy>JUmL0CdM++g$lYU%91jgpVOmLQ;TbAYBbf8QxxBf{24p1*pE@vlvP&rFZ{E) z%TO_kqo|;%PMF}n^p!Zi*i@N6B@p$u;*mxBu=M!4D>SZ0@&z z^2h~D&);UWlL=oH%Dw}n_$Ycqnv>4#y{?9?1l6c7$S*eBYj)?pvKG%^cC_2tGFz|1 zX%dX7dJQ!FQ75t^OIP06q^>B;5LPu(@;!aNLEW)>4K=V+bX2NEw|5M&^YYrZw*nX$ zBwh`x&WLbQ_bf5-KdX27pz@|i9mbxLxp^I|Dd!vnY*-h4s5t5mU|qm8w?~s149jC` zuMrFX4gadu`I)a8Et^Nqwu0H)?u`Q<+h^I{LJIu-g*sWK@631o?931E-n+ED>sBkl zf!+tVj;LaP>hY^!&cBBk%N%nud z)T0>Qv}y6`g}u154Vbjv+n{q*#(Cb1H8Q$;%TDB=%k6e{;+h6|L{0HVRVO`(smy0q zP{Wn~@#^77_K{AQMQytPS!r_*%wA^zA~!cTW3$v^`>`ghkaS~PKqNW?^c4@YT3tS* zV=Qp$eHTJ826nG85dS@173u$BK^k>7WROGP9`d7>KEHRj;$rCB zQv76dpWu}a2+|*z8DlO146h|x6Im8PlRSGvx6mTih+8`KC;M$+2FWv#cnT0zTp1g!F1j?=ZZ9|-4_i6G8WjYsPI<(aJ&X%^e z!!?Hmn?Z3^1|1n)lpSV#Hs4UuW(e}7upb{QOcun;pZN#wZ^6ra&tJ3HNOuQaBD6Z) zd^z%Uf&%aUHBXxQ=M?d7zm5GN0-ODYr$hHvgshAzD5Enq)E5HFfEt?wIy znTC>UX3+ttL@}@&O9-e=feQ6^-P z7?GzA3XxTL%C5U4i|v}e$+}G^(S2dyAb}${s?ns?4D1zFl!Wx>P70B=H{w6l%mYQy zm|wlYC8t&RS)w^!wH!sZtXDh`-X~K0GNadv;Ey>k4aJiRW|TI*@jU-$N3Xz|x;pLL zoNoyT{DB-X?_Sn66WsOJ?2FH}Z^Y+*Im}~LbA;-$Z-Qs;YZYoa$)uRoS#p)J2f{_0 zQs&=;!1p=oeSe~_kU_t=Qoj-Ch>pL~zniR8(Qki_cUdqa;YgqygUk(RtB%339+!Mk z5k&b)ATwR2ET2FdBkFvE&0Fkm6SMg<)~jqn4WrRJB1>|MHSYOw8@chP9~Oh9ag~ln zIvjNcB0<<61y;KP=86q=8snIgA-Ct%wrB>9QS7mGACY?+MWmIJu3Qm`@Nyt&nW5F=WO?RVsG;$&7+F^~7=;V}>_P_JZrL65Snq}U|r}=-3ou=vZ zO5#10J3>?9za`S3R@#FU(`8{U54Etrxnw{ZdKqyo=BOU5RSndBd;*~3!wHbo(N9-& z^tt)#L)*Kcf2!hvY)wx4c}oZAU~-1N3@$K7=YNOH;IiJ|zNKRX=pg@2#NXTpeIRZV z0mdU4Vq)?ZwYYDhKMUTH0XJk7N#AU?m$G;PRF1hd$03Ei*sTx0*!}5HTMY+SYN?mC zG9JooRWZJ6nP=_d@AS!qdd+m}*cQiA8kW6uc`H;pi~P3xcfVj(Kk?YA_o2XSm?ZE-+H?C! znt{#TQAv8)6J5Z&WV#-O5;v92^&5FTw*0eqwdFF*1tVTcuk+o6^B{KESyjZGDY>xD z!*=IK5Yl`=MXl$Z_?bcH(G1L(xxn_o7A2m<29Kzt^&TEdBpz^+6 z2KAXSj%WYew#11$-<5NV#j`z{=J)B?X> z%yoRtH9IrItjy;-@tqmoxnSKTE`IfaD2dx4@s)Zp8iZC5DS9G_+d_DtL(e{%wwBB) z-oX9!Ke$v!K|lN6n!@*9U>FJHIt)Il=6_b-cgP~R1_p4jRA(!hRH z9jT4smLGJ@`Kfa-?oH>L*}v);ffXY0iLrm(J_JYX)E4H+2jY4ZKKt+`H#k_4K-di< z^yJS$M5Hf{|3~R2{J&z!I=$iK648e8MP? z(djG&pyZ#{nL!&b?m(d)!9ZfML=X_ku`9dK`})ajc<2d)eGzy92&D9R_#OC*>D0&X z5#M#R+i9uBuDGaSt518vCY)f(0ly;gTeNwkF+f&xnW?$6gutaIhsW9{j5Vu*}5MY>VMm+>jDjmM9R&gptCb#t4yxOkS{>J-!{THzi*e)mn12y6Sh!jP%^6mi&TA~0Q zo+=5+vo97kY%}`gDU!6Ao#3z^WqVM`V~^zBhka1p>y5upAkodq{|5L z=--E&BpZVN+q@Kbt&K_SHQxo&EN%%Pxr+U#H&DeGmHrWBcBrkOtns}BQvlJ+`gnyP zU#iS%L*o;EL!4+rXA&49(?J;ZrspDOt8&zm?-mOQhd|Z<1jg@(36SqU9PEDr#HId0 z?kgJ6?F5ct3*?7@=?A*=e~^wn0ZIQZU`0O!TN)#CIEV)y z!O6rEr*O^kj8~eup4#&n$`tQ64ARxi8>U0D*Ywq@Pv$?K;E3Z-g@uKv3NSK3ewlt7 zN=0<;i*OTUkhKBZw|6_cS_Y2vqG!F7zzVXryEeG9!FX!tS zoYWo(c%!=As|~?)sWN}r3N}+@AD?T9S|%_xMOaD?$sj@g0WXo~S$80*jPq__XdlGL zq*SKolV>#Jl)0;%p?a}u2!64PGWj4dLJgDZt%9lEB{ZwHx>(T$4qc<@{CL5#$JQs| zozhW9-Ag1t-e(pyPP|i0-Yhuy3S<=U@&UX@mGlMepR*Y7M`p-K<mX%ilYLz!0t6D7N`3WTn|7Mu@?ZP^Ai?|&@zJ(B6AdnmY`7Y zgT&KbKqTER7clz;|CjieJFqU``uem#unTS<7^p|uG1_nfG!Re$IRMWX1^w@P z;w}Xo@VtWNKY?Q-PxO)EDSf+Oe)E0Niy?5e#P$=Q2?zc~YCqa|3oML)U`vFib-4u=3~Zdub+{$V1q4 zN_L+AtqtyD0y|Ks)cx6O9_WvG%UOp`i5(TJ6p;nTr1V&!iMBMAh&g+&@fzPrQ)~eyE(p+{buf_uod(L{rN`aJDCFf9)^6e|huAEoKo)4kQZlC4}RUM?QBq1X8JX1Rp*pdtQcCh0td)+ zy!6Rc0v)lb;f-grgD74jbJ6sNAe`UfH`g!D&r(e{uKR^#abG00ya2+5SKNa~!`|o2 zXaNFP?!j~_~fmQ zoGcSRmRPM$%Z9EPmKMZ0(Y*^>vwkMZ_ppuJ-$^{1^dPJQ$p@e!fsA|LCt~6L33%kc z1>k-eWPbrhyQ@$B=2QQX0}yHXM&uu7Yl?Pqx`LLaE7pjQ)F@ibv;qgwzA&Fl=_M$a zn#FRI6A=g3oAX)(B|Ctza0`z0PjyM3H1ScXCJUsrB_N%W?JfOQz zL%U>Y8EpVo2@0J*a{FKWO9QL=fOv|`gW1y$ty=ZC#;zwE2;>4Z*$H^TJP>ZKp(g-e zc8WVtCe~xnLcQWC)9g-%PKXzzsDo>}$!+9w8zI<#vag>FPvnl60K4ey{Zef--K)hC z4`NIkf`KBPJ*WW?qfI#?u{*$-PJIy=_?M4EilaogpdVnnF5I?%^WfCqOaD{Hq4F5J z&|`htUtuUClP?f>b!hGpZdqJ{@E>{x91dtT~?uF+%N_|0g; z<3Q>{?X^!!gMTk4ej~?JVsI7w?X*1fi4ba%+GQ3kN#ybKe_fdk>fJCZ+|G=CMk=4Q zPsLfVr}O_6rR~Pnc1Ce+mXQ`pCFdNCl=1zd@%%{;POvnfL`8J4QWw@+nBdjka2Qa- zvi^c6LDA}^!&q$7@Qd~g3S;PUA(ODjbW^Ym-$H_@zcZ+1QPK+1f>1c2?HZJcr}EYjwuY1)e}` zs_3;OFAA^^dk{qym{IQo6so8a1Z5QZ-OHU0u46><;Y-Vl;!>;nvOBNwVKI1PX4M~m zs%~7!NpGlqOqG5VOnqsWW&A8u3Pqcu#a7f`zn;t%rL>~MpTGM1QK9kr>e3o(21srA z`cId`WYeZ*2S!(oYg$^JbxZ=b!cVXCIZ7U0bNeMTq?vaVOFe#nI0L4Z z@5}sSOo={~()IdN{;_adESKBI57zu%R|OS7`A&iPN9dDsB7^Ai~Yc_3&Uau_3mF@aFT^9X`jDj+ovHw_`?- z)BF1kv^xGR%dXb}5gl{Go{QoBPTnXLfr~3xt%r4q%wZ`k(n3a2Hrt&}{&%#1kL6@AJpVHvpGUn|n6-&O0@WVM!_wj?L8 zd7+ceRQN8X*{x=3_0Og@4gH7_ZRpq)iLS1cH>l60T;=aVVRV1OQD?%F#W7sRwoaP7v0ezZ2%?6765%fE!VDVj10|n@0r) zCYbA7BvRZOuI+bK8PUF#Rf}~EeJAZ;oKxUcYdYSYtw^+!p_~H`+P#TL?M_c^KBXYv zYBs=IOavc+E>lqjBC%?)zF39Waxy-`N43sC;c=!%$mmuNFV-?Sge$mE&kl$G2jMwJ-Pklo%lxpSE~rRy;tOn0LNa?wloRp z&^?G)ZVR*vdHEPx^;g%ePmQBJgOrFVY$fbtsQ-<_>A7HpkV|GbF~_AD1teU~`rMol!pgr2<>&arXUdhJvkp5I(2cr)qp2E}i{|7%n zz`sO#1kThCA|3Yafmelfh*b;Q)g?xP?Ih_L>`JwXTv&8RrhK+SqP#VdMnXl$teU=$ ztR3)tBo&h@3m>ECi&~AyJ|kjNUCzngvQkNHd|c$I-bNe)c@cZ1jZIq;wQ`9{=CGc= z+S*rQKI)Tl&9|qM9?tY>D|xm5z3j(h@jsW5Kdz6*-~Ywj!r1aYTmoU;W zp&zL{e*fneb7TGQNXoPJe@F?yK>Ba77^na8#WDRil9H?ljT~|=r5v*2oOxe0NfPW2 z|BdZ7hOaENw1#K2d<-pTVUYCUKM%FQkNASj9Ebmc8%95-zNEn(`$f6ZvFt~VO`LE0 z&TE$|hX0gatFCREMBhE@Hr4&(K5}r$|L(K<66LY@Uml;w z7y%8E|K@x6|M`4z?Ef>8k_huXLcSR0OeIMTID>d7gE~Z`$3!_-$vVo)|6=~@?=Fu$ z|NLruoC)Bd^IwR^f6f;d3gi5LBPnrV&;x`^GFGVhw)*S=yl_NSv=ln{vu`+=WOT89 zyeq#fl{P!J4G+es<9X%r=l}6W;7^eMEG*{6{QoG*Q}_P`>Ayn05YPWJpC9Lc9Zea` z^E~P{2szo*Bs)hhF$x)UXE=e3t|!b5G5$M#g0@2xqt9s=4YP)Z=kXM5JESI%dIle^ z1H4l9NZI3uS|zUinJ)2uW-^ksbh%C6m+V)z{6B0?b~*=F$515d<3^$Dwmh@t-u4Vk z51s$eg_#(JF?o~`9ZXVszPLIoOw@;3rdYB**bTC+wj5>}o^6>P*9b{#XYpN6ia)Lq z!_h~r)+5mzNvGvBe0FC}p;5L89R;p{3I-oRE4Q$`qH-=HbL@HINj?(|K$%jLmK7hE zGW+WYtqp7@XMfIVcDQz7lG=Pz{U8hzK+;`KZ$S`FCeGL2YU(0+m z;lPv+SB{T2)V7pN(icGuG%|(<=V=v{{^5`%vf`+PSAmwcA0q(gs6|!!({T0 zt_rSa*V3$EI;MwJ;v>Nwj~+n$FMzKn6_tLu2}7|>@10OCl|8Q@CyB+@S`Q{eg<9_KlLi;>^9gaDGOQo9I!0|W|BrH}ac zyXQxTs{p?J!(6MnZ{H$f3$IOGVxdCcuJH+;xI`B2>o_>EJ`NF0;lpNuTr+%DGJ?Rf zDxJV&B`I-DX>`C!t>&}Wf^fk_^k3t(hF3T$QSd4xrI<_{Bus%cC%lZ-+PZ7bI?QOJ^8(z|VH;r{V;|@)ZCLs(r$2`aNB^0r+XngrMhT4HB2~;* zJLtY+|M?I5EuJ+xa)ZQYrdTth)@HP)+89*IZC*HN?YfN&hCQF2xQf)DLW(PF7>FzK-yzZ|zFb$x z$pBe4_1i>b2YXf_G6KyxG(uE%946Fj7%!ImG>PzLr#>ggB$;Pa(R58hvg6iFt+`r< z+?4piB~HO2FRgHi;mnkI69DZcO{6~;Y!J#2;MP2-pwAw8!s3Ojyo96TiAlC0 zL`0!4yzm{ZSv6-WU`+!!Y9c^dXq?;bctUywPsF`~RV#x(pGe0^-Cnt9C=*PQjcQ%eB28yA znOt@zV;a>axk6X}ijip53?7}JjNugCO-BYgL$q2#h1hyTB_VP&XyzYzQSnUUW+;Ph z@n^+sSRokb!cN@6RiJ(v%?!KZc}w{ETro^giU3QgF_B#1F&?~5#lip-PL1slFhd=! zvAWghcw81mNoTr9!@yht?vV1f0-rZ%!d5UKLQU_^@)ei>wykzdw(oK|@o6`6;$J#h1ybeE>&wHm4*6eb2{Q;OyhB~K$l zHSdj9n_SH3R=0U=l3`G-8QqVGcYTKWr%}?e?*<#x(pz@aaWJ3=A>7{)4YH17o07ex zXefO?j&wkQO3s84@^JuY6>rZjH9K4{54E7H3V+f5zrgtiI_+T|V8Ho@Bi}>+FXqSe z|42&o{F5PmqR>@5+tat74uW_AREnku;v{7Gr3i8)!8O7=LXAH}g1?W!G)k2N%v1-Y zr_cWSYgwZyx6D?Chczmrb%6hcM`!sO39sU3T1K1wV1Knm9FuF;a;E!!8VL%NX6+gF zGZIiG;lt>FpW1y-D+wbBC1ZROGC(v^kQOBM*>4Z7UB+;_?`Rn|21^f?3Yll{!l z9zQ5FO9_HiaxWZ=da2e@DFS)CV%R|RmXfe2aINqPRw%cmF_n^-9>|bN$R3&@l>~fd zARGITD=_>;p4JbH?0Hhi7r_4mT|yr(|65!vj^jU!q`biX4|E9`bpL1b@%*2;?3n%^ zO_{`qZc9MI2Oglns)+&jP~_(lnQz#P9PP{iFKL%uVfccXEBw>AbuFrF*|WYG$aK3I zZucjxZCX|fFMKOtP1A#$Sy}gq_(EtbRA)S<>^usM65hV0w{KGM$OU>l*Tnd&ntKVS z7G8R)vfXpkjq)I&{IUUxCGh#ZDngXz8MjHh3)jYKIIgFeT2Z~6Y?ZWzLN>)pW!JMB z77P*tNTgW_{;iQ)I8=FVMf{5JQi*)3s*TNV#s$mE;D0iSd@BCW7xMA^Ke_BU|Ho)b z4@ymPbym-Hr(uoq4$Y)fEUGMu8BKGn6MM*(dn~@CaZZobbxL9?L9q9}j^7fxe^T;W z88fv^Hv_Uzfrv$(R2y^Ql)rUMuiLLi7>*|FHEIH+IWqNoD+9Og=ws?vc^$^|35V3L z!VZ5Vy40DY(b?Mbt8(2%!Jd0-dLB3XAcarN7og@MSC6U_;_st88fO)iU?TFaS3D7U zodhkhD*ALI?{!NjVawYaQi>N+D{zh(Sb0=aH`cghcUa zCX$F5G22`65q8P&gqjq#h|;7)R!OV)cIJKH8LZ*DHOnOIr`!-Q1&JI=nd56d0r?}e z_TyL&?jYSB@IU_%C??WK_*iR9d#ITZs_()eB|}&I66y5oQ@_K2hz1fY85MOLm#GPi zB^=^+(>;RXnXo5XMRYIH@7oB~!V+ISe&IEX+t5;DjL=6@UIhOSa0!33{1@>5e0D7V z9YuM;{eLq5pU*AE_kVG5tp6QJ=@$$(Nv{_1jX^fQN3$kvJ#NuxLNXJRiuv0TZULg2 zukJ(u+!{tqoqh|#TNrH}tKIUY+h!z;VjlJiU*b04L zb=zI3at^5!lE_liKAM`?+}4G1&+7TOLY(_%%j(ZE5IBNK zn_lreqdP4*ZPKZRe3}*dDQE7QUA$a@?J~KuO#BU8uWi>0V5>APPNen`Id@=HJj=W_ z+2jw+PdaYH^Apzr8l6Q45A3f5^<{5A!#xrm%BmBpTb*@Oqf9gx>aEtNMwAug@M6Nu zIFS0x@XT0%WZZZadzd8h%0d=xKY?(C$6U)`cl!gq(vYjqEl2r_lV=LLIh!6!t{EBh z@Et7c4&});rX$CY8jk{=?$oP)34j=_7;}meUgb&}bZdAP=B1e~CAT*y*!7su``gM3 z-v2TdWe*+j@co}#C}!jQKe_~u@BdMh$Lc8l(jV7>s;omHu&CSokzZTNmX6x9k2X}yT(`?77qE>j9=jeiuM2ar) zAk9S9P|Vqtnha~Av1HBUeEtKUuxYF?Azn?){0=R2-41IRUAlwN$&m;PG8W|)u6TVR zK-(7LuP}+EXat9QDVlIAfdRFR2#Fx-0d}VWV-bnT?(Xg~1`RgjdW|`en9QFOiMM9u z98bCUU65ZjR_UU1EmTK5%538fy-je9F*`V7YX|%5J108_`|xX% zt?Xa2k30M8X=YmJ!T`(I_Hg{@;eg9%)^N>^O*1k8DW&m6ZatWn)97F(w+3neP>Igq za;5YM=s9G-4KT@Ut7QcS_eSlR6m)~3g)S~GN~BA7?}UTVoy*8C-B*Mp?YHGTm>o33 z*v?c7x~ZBT?Xx95hJOs`r_yQAM##)~Y2gRrcSt9Lh7Fb<+9|7g&@NCPtnFG(5F3!s z<@UHX@D214k|1OX5M~*L1~AncP{>i&o>h)#1yxR2N`dGV`9}#{RJK&KmL$7}Ts8wJ zS7z?&8J%!V;XtkrvERb^ICyUJ5SfDCbUQ#g;dp#$nhC=UOc;zzVn~fQ4IgTm4)eQC zb*ctKIws#=pYJ8lS;t!=K!=Y3Zr~#%=Y0Sm+-aQ24m4vE$ttZ#`G$L#VGiB_cv!gB zl-w060Mt-8Dp)3hoC?f5H7PojkzW*iAh7KpoNSatL>R;8GRG>OD8&f~$>sX-E+cEW zG^I$q#cs$XlZa1fn{;6vpp1ktwJcIzK9Fzut=hfEr(D(@p^_QBFn%;AneR-2FVUjc z;QmNrMMz>x(p(G*)x}}m<02xC)u;ke^dtwW#zQUuIS!&vb({WX zpPVQ9D0@izpxZW+-$cUkMBeZvt(7%BX5>AOai086cX3Z{To=LiX(JTNCRZ?F?Oi;^ z@d!0%bF1;Kc^T4>DDFLkb66xR#3Lx2ntu-(iWW>@|3t@(f zTXHNrO|gymU*Y1Bn|_*GZ~5YfwmjlVWIbf9Z~?@V-Wk)2NKzjh4U3j#7TJHOM0$aE zrC4O9_u(A0N(oQ_Rr%~h`W8 z)O`S$BGDso?+GhS_v)m%tYXD$bPz!jc1p7eBGvE~L~#S%!Zb>XSW+|L5Yw4A*yIn~ zrJw4ynvkK)GO)$(QqkFp`))bpt+^-!@oXPO1}|2~jz?o*@m};D zsk^qlu{m2!P-%XY_&CxwRLP!^K=BIZmTSssOX*kK&=Xd@aHX+;J|e28Qi6f=i} za~P&ZplMWQqsfz?w_)en^uvfW=yxi*qa<4ONLn@;e^8BEw61Q0NOKz~$3soKYBUTl z#iM6yKtkxY+<+6{yh{d=e$v98FojVE{8%fISg8qE9>L59CaT}}{YFtY;<1~0?Uf>{ zV*;azoW1R$vOq17ueY*pDdKp157yN^lACc zFcn_BYMLb-N17E(qTDpR777%~I2Q!hnhC6HbS>hGBR=J`5B>sm^M;#}$qF2k< zg!7*SutpvI$i#_F!Y0Xd0j$R@BJ>EM5WSougIdEF44fH6LBF)}WXpdbZubI#d;SOq z+yb_O_ML;3-Ho&tAURP-uD4>K4c$qQ*@bb|5(aH50Gbzz97%Pmgrcctpv4FL#l>yW| z#Hn9c>AgnJq~T}Gwx#qwV%<^_lsf)p+D6+)+Q#B&Z!!$-Cx(V13NEJ9FI+lip5>z$)V?#iK5O;Z z31jKG%MuXhfNA512TgAPehq(xQD6wCPfzg8yK7n)m@}fM%g`=yI$d;xd{UReG(<@M?yaj_K>{h126j?kl7Yr=-eFN1zO?W z6?$-i5E1JW>^r~y^XN-Dy^p?$Iq4@8mN#Y>aM^@l@4pD6_OBDMYWk%ZURug_68InY zrqd=L274OXj2=-Dsi~J)mzVLr8*Bn6S&Q`=4X)j5G@qyr7o8~)tdNYt)njAae9vUp z9Uh~K%VJ69iUQd*leiG0thj7;7I|Y$@XC1#;Cd@&)exdy&%{`-w$Ej`fF#MfLX#ws zqQLahLb@7hP7Dp3(ibrFo9qEOzX?<|hRYI&nRgi39u|!Uqoo`4MK9Ac(h-7;egsC3 zk3tL%l}++F+}0frqr7LvW(WW0W%d7BHpWOFkGKEKFDw+s_Mf9Dzh?iVCLjasKj#;7 z@%Uebd~O{7eIzAf|FKdtTI_>Sbt`Q8tpPtGb|0$RS`*0Vz-=RieQsb>7$53a?}oAx z$-YUl5*ZtbjEzKI*hoYwyeIlzQtFv+1{05|j{)(A_#j>-jIKBFv>;oWYFa#z#OIpo zR1ue|hM;$VK2=JjU803_aa2@vMoAPOOdR$e?XFH~F2}X4 z(wjE=?0xi`WCdqTOvytE4y7U-479TpkF`a-ul2r%17Nl;vlZW3k;$c0G=trcnSVb zm#ZbY01o2+vc;bG&-1y3G5Yz$)Iq`UWtL(T!xm`ttP&C^*$8v|i8Bg^rcnTAB>ZJ=cxMb(yjwt^tVwe4SV{ zSY8SsE9{6#mFH=9^(1G$+d@C3=aFLjs1$}3jpUkA#^tiNt{ITgyXC7U;kaXdQw}U# z-W(q;+JPbGO3)jc5=aX&GKLQGlO{Q;0?t5{DjL!mT)|J4c%-e9j)`Q;HW@+)Fz*%$ z9KuM)lYD46E15GjGCLZl`o5NCZiQ4|p~cXoBqjRYPzmIY0+1M2*IQKsp8?&(z%uMZ z5FYwVT`Lp^XS9XT06H-VNWU>8pG7U#ZunO+A*I|Y#68`MMkXWkO72jfp3$kH#o{vi zp@)M?I`}MZ0}@gPgfZj!W#987R(3R^CEDD!;WsJE&ky!j6G-~MSo6!xS3($(;8gFe zR?DneF!GmZOm654HkF9#G|12y$l-~w_~s4)U~pBGql1dVdGGsaeHmiL#IfnA(A$*l z0JXpRw|}w3$C+A(#D)PHzeM_q#UBeb$Cgufr%|aIX@`Cwg4SHYQGWWZV|EZTi@{1u zjM&%w=}*@CMzuEaXN<{@lnFL1dYDP0FOU^X#ZV#+#H>XO19~I}ae#UImg$2T>Y5w? z0vt2*;~w37{Y{jC?bvvg*CKK`{y2eo?7j3w)q%){*BhDv`@0F$arvd?W%xhmf#|OT z`M+XeAs+uVTU;2&e;G-coSpqu8bDS11PG^X3zalL0K*s4Z-JB=D+|ZU!hepkaFVs) z;%pgq#FaG+7lR8X89|Yu7zhU8tRsBBeQ3p%64ra#6LhNJEUr#qaCcxbxN3JqR3YgB zq<2pi=T?A&1F-RN07&I9)9@`Gq@Ey%;vhN!ifRL~Z{2*-j$Qe7eR;^ZR?{v_J2 z>dmASL(A)N_nS7%!a}&>DY?vQCyWa~*WrCeImkmhZG{RQnZy99qJ^3WYlGtwAUxG~5ow zDY|W}Xr)}~mNA%sSc*{PqQgrvo9c%?4Pi>t2!L{gu6Pv{SgmSWx4P}O z)?DJ0bunjVXtp_-r5W=yN##YYKBF2!#Sjdj{|mXrLX7@j$magH)BlRGdhrpzXo=YW zopdo7-zxgJ0gYaP{|*=UsW=Y&G$zykVK#k9HhO=P0UochYx%mKG0~zUBBmT{#!-ya zf5>*DU+9cIbR%gaWp2du3b@0^fhS!_sND%E?}YXIwk&w5^wJ>=FvCEqhKrX+!;hNCfb(C`43|tlvcq|(TYcpIw2k8 zfVP9~fs(64!lvRk<7C~0IE7MKN4!SxIeV+*S^ zq!tl|6m^s$AeIsMBNx94FD4N+Vdl4QMOI3I#RYPmeh9f@^_i#^b0BpQrzvE9T zVN=5i#M7|hvj;<$CS~y>3L5)Es*(gy59Rf%TlW-u6F)%ZA1O2`KVPJqm^0w7$YdA0 zlL0<#TZ>*^6Of^~8OX&B(+|&NU{8Q@HN(0+&Fb)ksxQxQd>b{Z{Td~pjHJy=ApY2c z_cINKg961+gxU0vLJ4n$Z|u}J6UUa6h%r8|gr;Gev3CmK z#o}~@wjy5>zJ2}*@FH^6$b`kPBoub3hepB|iB0s0JzbXUpKd}4xDE`kcEM~{}eDM)Stu?f9!M9=?CA1bVGy+j~{e`$H_`A^>Vhx^DrHvVINF`v(m<3Em~yv+Vn zn0vzslCOgS_&=ZRk^koA$MWCN6d6xBO3ADJMC2b0Mf^LLHw<+rOzFNQ0_SrSE^Y#O zH$;$pDq@rH!EHM1qiOj-r@y_vp+A&W!lSd1j%^agHVH3jlb``O@S@Y9sEVL`hP@N; z&Pwc{f`*L9cI_XWln+;qk2ltV*x`?bXc-y0@NKA2p9mjLq?E)jR@-tYCngz+^9GBAo<_oLcS;db8#I1Ya}K4{_ok(F&!|b z1IBc~3)2Don{|HHHsn!D_?~R7B9+1xd*4AHhn`!V(PSe1@A?E03Z}%zjUl+0qg?Rj*T(LMmrvFA!lIcIW zpZ^79pVq*b;2RTszsecqk^J$*(Xnrg(ZQIwfeQPZsAn^}=M}u8F7CbGy)0IYCxV&aM#dGCBcbQHgnhBQ^Kh3Q+T+^%4bNoe>>mA!p@zmYzw(AA7{I>DE%SYpf zUA_0sxLIhX9U87gD#VF;(Fg|`&HSa8Rgf=r7D0WW15;>&y+$!92}(LXt+fIT3T+fL zjev}&D<&c`O0(XAMX}mpRT;DhBTT`8uh&hU)lWHcM|$L0a)m99&%R)=*SE*rR>if` ze1v~|WoIFHi;5XK+(LWUz4gtQwQ+l2K3I zyX{EdU-%@yvJ$1}M#MsY5J~|o5L>RK7Rb^R8c->h0Vq#o)bMC4cmw0)Q%^Kj&ySwPjNFQkZ(WkMAQaeKpfG78cK8EPqrSqb7EkBO+UN>xi$nJ4J%BrvE7_^R5 zjhfaEks}B;bVcA1yu#*S(>H*ofQJ-j(AD=^p(DCle()3V^C~TANy5>SvbVD3qZ9r+ z%8sfv~!>tMQM)!y40IJMdj`Vn#%@ttFyYN~@(8r73 z(;*NOez)3za8t#>kR7I2Crb5-9wl&{$KPol3P8wpbo>X+N+V7>5I9?d`k>JJ2HH>t zrq_Rh9NQAi(g4$=S1SFDZDd{v!nILqfP<)nTv!}FFe9^JtOQ;fkLg(Fko0|L2{|phK>O< zem5P?p752J6lz2by}4+;ev4p>(-fXUz~AwBgu=nfaMV~I04Ee)!derlWpXmLD$Ad z6IxF=>P+KxfGdv7XO%)LhG3v?{!r&xF@}9mtTvz)-efpU;sAo*B`)PX-vR%f;bBBE zl4#Sc-rx$#X-5MB3JmQNY2DQ`Tj&H*EQ_E_J+eVdBVr9$-Li{|(3X!W&d=WMtdg+y-A8RQ$5dGYl zoS~|?vdOR;qGKW#t~j7w!E2;N3;^^1RTD@4 z+u%$r94%FE@&|GbKQmzv0p0c<`DtyH)mPynhs^^Iip3GJ@Cs>uD~Sro z&nY~RVTW*+`KItOr1ph8kY9;JsOVI1Mg`@KK(u6dsji%&X?S)QWuYO>L2f_>xjgd` zz_sA}M#ChLk!p^}E+mV%XL`+brUG zC`m=4t-BFH&dS|fmt+e1m_A|CRt5+M%zTAppg%+IRJ74_R|KxsmY^6l$!L7HFsQoK zqJ(2WPAB*|Dat~NWrI0zkl6w}F!44b82e-5=j0Dv#PE(yAevLuSmbS(;uM?vIROZE zV&dmSvV3Te&_l|I1dH*72k!YAqmQtKM6#oQr%4hL4CF0nDS(zfBj6&J*Z{QY$H$?) zdSE!cvgh6q5DaGr6e0G~51To1zI_bXk1wpfxg6~_p(ASRrmOjuE}DRF6cpACo#E|{2KS(iQ_ zYWY3n7<8G5Xpv-IJwT>kTVh9hF7t;;gy_e~GI)`Vj8C9v{4(Sy3@~|D&XrPwb3sxz zrSm^iu(Fs;0ytGA-hz#Q)$ViZB(D|+T=B6SR0wwBMV}+rZ;V2A$0c@&Bht4TxAAe~ zjR+IpMK=RmqZG|ayQh6N6Q673?T{0Wg5*<{J`pG$qCOuUlNt+Ue~cdK#|;dZO?)03 zRuah!w_U6D+chVtW{<&!V^tXz`Dh)st&qlZ-(nVIB4CMjNG0}knza+E82 z-}{D=SIXh>@WzTmQ`kOoKMHm!-B0_Fj!EOwp>RCim*+}L5nDQx^Q1!&?$?Y^OT3#_ zQAmC!ulhDnT(%h%C09%oLUB1=bno$U!hlg>LLI(gBpHpg0i^V->!A;RDbm8#)s@$& zNa2&Z&01aj5}rsW`QCT@BE-xULD*KL?c+{`C?KH@)|37ahXDi!>6?Xwz~?fEJHrV` zqefY64JrTUvRY5%mB$5HKi;K9!PJHPRW-1a^?r(o{1Vl7e&yG@d<*Cn<{Mo&U6&yVm-6`jwyyt zNmOxpfo(zB+#w?qd3a#uV4z(2?lkoFRbv>y;VLcCkvOy1Us{kdHPw(3;!@X!4Xl!{ zk035z#I4ezEAVfZwH1>m!>Y@d`df9H#meci8WNaH*$5Xq{O3RHH+dMtaORUC+nW~y zLRM`?q#I_hppRF&GQ_}rPIER>YX$WoQZXTx#O>I^q=6?FrpQ+@K3ixepoZ3#sq3uN zBEhIK+5(95meFt(PzTjilBd+#Jjd}F6@&&ldBoO}0*Bz%Qez7Hh;qrS4__PGOhx&ylPRAfsoP0+Uc{4mLv8tX`|wjBCU<&%@B=} z7K_@|7%L^k>RlzFd5i;x5>V0nO3=dp{q5&OH0D$6{DjP*e*9LPZa|@H@j0CIPPK_w z5x?@LIh1o;>}%0u{K!F!oQ1x8>QX;}8~?O`%BPP5Y* zgrcDDymvLesH{QXBmKg_ z)&^}@S}9+}t-;e}K|tVH=B+k9oqoWv4I0pa6kw!< zjSg?Mhs1bcS}%c4OQz3a)%yg`jsw0XtK~Z^v0&8hPU8d9WSJZLN->7gHYqeNQFK=y zDuFc0VIoDM0;haV;7D7GfLlQ**%VUi8WPe7Hen)@5D`m~Fffc5)zDiVpN8-C^MW75>aP3QBeeFxhb+K6baAuFq~YAPv-7ZbN89xKA7r#Eesi)fF(5^*N(=2M}I{osV^JS zZ$iCt$4LNS+01(+l7vkH86<>e$7nkd@T{+|Ft_|Gy%#aiD>O;5NtJ**i00pxE%z`g zVa0-^pMYba>?4$4nCy`Ai2z0Krb|j$pllo{F#iMJ_EsORClmO5*T<}(GGl80ZhGrJ zqAJQy!>p)J{4O%~sBB$N+=)~dChiQMkSxM0+b$>PewK6}IwGxgk` zh*-kk2_psi4@2li#;Y3VJXwaV1ni-4^&79AEm#_15YH+}{DE5S&KhN=sr}(dI8=vlnTL^vHmq+NO(^^{C**=6GIW#-@1) zYaW^>dQVVF=}23GJe!H`@^AcB;V-$2Arv`8cEIns`w}?jSmhK>?Q`$C+gt#mTsDsz2v*(dSLYrG6>`bG>R~NCJo6M_2?=LB`zF9XA|+t)M~^<@xP2ljgy`a@Wn|-VmKjFA19DaOhSVquDiY(9}>m&Ed7Zl#E|;2 zl43tjB#{U-j%`(~K$uIbg^AQmRxpK3n2-({en0rzE80X+`D%-n-u<0bIq*OrU_p^^ov@hHL2WqEW?owN;dh zfhMR!(_}3xd6etz;u=%{Yj;U8L9uzO=mbaF8g+OP2XpZ1Q;&>rBCE#5J-%YmadEW4 z!3=B>IM{L!v0FZpmZM`4`>K!outxl{On%z~-7vz3aj(4YbYBI@#}TV1S2HR&>J>)_ zBwp{JxbRo69@kI$38H*@n#eHrx_?PiC1Im3eHeOd)s^>ZGV{I?!LjKm?(;hqr$w+0 z#82q+D%L7?)p18-G~rfcnY`^{Jv7}rI80um?FhF6H0)6Pm*5Ne)V;Ygr{u*;hy<j5QTsl!D~gYz-z}AB<|0-gDol{XxZ_5N zNlj|y;9jd~YbHSX}c?&K?5RAg@DuhXwO@>}WeW)TiF@8364{b90jf1lC11Ens4F3>w2nR0Ia^hYc z=_DT)3FRs?8QCn8L1bDr24IR3N@;XYChc?_TjZD@8w3d*M02RT6v{%SD(9rAOcD{@ z2i>cLU^HsnggJU*z4djn0m#-sdC+H}kI>NH^~kGwox5VjR>|%#fBpaLy?KAz*0m^l z|9$)vF!fqd4oS_j!^Vjf+iBF}=~+&5&a-tXkc1@EB)|fsWY*FB>~~Fj1VB=A`dOSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Qd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e z7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4smIax`t*zzhNUO1`9S*PjCCe01sIJD zhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@INV@4sXX))SZUfk+^b;h@J>cr{4(w(< ztfRzSwzroRYx;%snZER@(|0(rIeg1nl)xeo9-wd>L)Y=SD#1u%fNt28hFx5Zf)2b= z^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qa zy5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58 zP(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_EtUlilu4FpSEIZX0EYTwrTe&zLWHeE-n z&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24Mf`w9(+NEu8wm%ad>5XM$c`are_DRX2 z7Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p!Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBwqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK z5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*iWl@-?iKOL*bGY3O_EESe(B$iMZpEsl zq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb{X=U!C_kIObn`ShM{kENL(QeRZXfmI zu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuuxX+VY*13t08QRA*LGJ&wKzaX2GrJK0p z082o$zrI$8FICdkZq-m=x5Yt6v3GyC3!z=(lt#_? z7hURp^cWtLc4_zGfhSewcrCc|pfGR!&h%rsKe;RIu68${WEjeZYTP7;qkisk!-Zez zp#PD^z#{{Wt<7s(V6~S6Zcw1U@?m`W0GR)hWzoENJ-A$UJWlAH33?nvz3FMAe)ujP zk5Octj#+_4ZW~tDmmSehPPC&S26Rh6yPk`U+n7AoUV4w&x8n;O#@<5gmsy;sD1c~! znW!=h!y&pyLg|zxQkNuX+(b`>xJ$CE zojaJ+BUwzr_7@2q2Mhb9ea;C5+Lg#zLH|q8lbt^X#WsYgicDKOWHJlagNCEISgR{d z@sdRSn>Yp~XFx$#7=9h}R<1Hv#BxkI%o(%m<>bvnc=7G=jz(=TchluW@F180?>4I4cYUVF_TW_p zM&|_ClcZ8SR*Ff=>%igz>B`YEiA1yxD^|CbKzaMP(43TP{;k#|*2+2hYy>!qhU2^h zT6mtu1FEnT68XV@@=R4MD&KVcvX{K0tI1Jv%)1z^D~f#Fj8>SylQOTmk+ zy9%3psLJQJ>@ATX0t*DoY2_an9*MS^t480=ZKOOii|txYJC_`_7kpiPmaz(lOUSyK z9_5XWt7y4vO}^ZtTxoaa(r)iIEZj%a9NjyHNKy5nQEiyEAJALnF@}~qoYylRS0#D!8=B`PrrY=Wcv()K$keW21wYlo3LL;@ZtdhZeNo=9@v_=gdm(wAv z_5#(@JndAQ*%z2$JhT%~;yLar3%YRvLCWqAK|J}UNy6!f8n$Y#ttLfTdkf~Ra)Gl` z%Gx4A-UvpysD3T{azU6$BfiOM@WoyvmJ}Mq#(5>z2ZNZiGgIX{Rj*CuEI1~0>@lWr zc<0d>+gV?uId$Jv1sp1efLX`RfJwukuUexRxO)KnaH}&pBKpk=##V|DAn_ z`blzaen!HPN>~?n_=SsV&S3@wE?5E28`o)^f>fV_ls!bB)Q_=WEB2?p8Z;7nQ*OmCR~OYDdiEy4tX6nT86z{_p>aVVfW{j$q2eWZ?oR0>DK<~Se6;z zHcnl-Oe+RN&9RK@>B}9CASCisDWcKI&2j}?Y~xPSbnIHM#TD3jMxj8e7$-^$`i1fy za6YGSJXix`H@6Jm-b-A#P&ZU|eCvBrp>$o-zQ_mgscrjuSS~jBU!ej$%_cao54yr_ ze44<#yC-2hoYMTACY&t}TWr{mW?jm02#>eSicY$)dk=y)s{Gl*G#SqPXCfgX%kL~6 zG0q&Z#<@pQuNExosS+zmTzn40no>H1De&4FObq*+p~X)!B!m>@%$jcHWJ)dCCJ7yd zH=bcuyg(OzCku`7^+mtV428>qHxQGR!_NC$IVLJwoiVOmNLp8?Wga2cO(G?-aAjPR zRCy)PSuT`F@Q`}z+B0|XQlV1WXI{C`hp?^V959J0ELyv6EG{;N*vb(R&cf_e9cgaL zx<1W|^LrvF`0W~6p&Ebgu+PGp{h86^GH6?atG%cl0pf!UqN6feUp6b=e=xC!l8MF& zUG&efE9O+l;l>w7Pu8(IJ#-GTFNeT%!d%IO;#%~eS#UC9=Mg|2qqxc2 z2i*5JajA^|wxW^QilRE*IIGOG#fj?enx~?uC2fGUlGMu^{h6wK?O5O1l~GbAW6MOv zIF_%bs;0GQ@$8a&0$Rrq=;c%&RIX^r2h~mIttQME0+kUmJ_@sv=o}MH3|csxiR#a2Mr83W`3~{ePRw`^{KPapt%2f9dCMO)TtG$+2kM<%^0=nH%hg6QM)%qm|>QDhBWw8urG+=s>zqu7-v2SuvVi zb`OJyuwpv#_-tJB>Zq#~z=YScdGT|fp+4y?%Dht5O1u&fhWY*14w7i#&~{B5`^|5&S7 zFsx>2U+5%^>6I{5CcI|OWp0}IqRwDCHW#?-iSq`8(3Attj?6ce8yozge4XJs8)8wl zWT^%4uAUM}jU5c8N&L@pfUY>!5LJcjYZ1FeFtt8w6My+rqb%vyLl?T?k4^I`KDqRq zz$!f~l^-o1B6O80{iZM+bM?-_47Z6jKJ$GQRD%z16fzuH<6UAq9ylu{ZM`+MzNkPM zduN-$pT*DJG4Xf~_wGF>>7JBXf+p>>6KnV~9hGkDcOXcsAso${C2lTbkhd+!;dzT( zSchR64!X)Qf@8@4OwXJFy0)55vC$ovncvKD=eIxZq8Y4HE$gjmFu=YD&!qo0+W%%gL-=?%a)|Q;Ph49=VV2R|SsnY$;yKG8lS@y$3 z{#{EaSFu!cV3c|8RKdq-xkl{ToVLa(pv;S~_=uDzxzv$W>#ZC!?TFv16-wLB1CiB>qb@kND4GeJ7@SzZRf*I{&%povANrV|JiG@f%Pyw znOp!n(hLrgejA!Sje#cS5j5H#Q`tOu&^T6?n~9HZMl z{LZ@~!A&717NxvVTe8Nep7t;t?2H9Aa!X??(&s`~z6aBx@;e%?Pk zIBWup-w$5@`r^0O!SDO8UhO}BeemQkc=0ND^y2yBgVzTyp2J_i1pCkbC-|>}=Z~8~ z6q8;xdQYJ~RC*Sd5zAF!8Mw$9fJ&t(A%uOHS8_VV0y(E>mZKy*zzL4xJm(r8fbA>6 zFdoGdsrOWv6m(OAZ$L_a(vb`#z`eu$o`vWpX3Av0BB_lMypuBkrtuj9Z-c607!GGY zf@Q@&)~884Sr<7E9{_2s-GH~i&wQ}wIt|D-WxfNdx$8pUsQGpA3g@X7qMfG_U(^jJ z#dmB;FEJx{rg;~j9Z+6og3y8J#g|3ys@jI3vSa;n@ZZm#1P!zo!#Uava`IDL>ja~e zV(;e$;7fRC$=ptR{j)5s$rA`4V4OqmcOtQhs2VDJ2 zllzY{O=(XTUyEH3-bjWlxZ9LuY;={~Zc42x4a@;2aZ<>1Cn!Vh+~Gki_d4(KZZXkkyQ(TIXrgY05FXZIR)ztbc>AqPfb68GOllf0dd^L{#r+Q5#i z_pcHJuzKe(7XA7s|0JLmn9aR?7;=7Q z;?Mj~n}L6PXckxn=q$`eC>nHe{D^Lp#iPnTM@@L9#>6QzU9?WGrimo?4u@u$&ft9d zNJix;yK<`hQ|{iiO39@!-cpU_3SL?LckGi#rN4&ZgbD>c_z`JoHtDKd71rmUpfgA>G){ym@y^gFOVK@|;j&k4D)Eg@3v0TZ9@R<$2pGT}u$Ue9;-PUj zdgxBZ(loy+U@rPGB|vtG+jOq@Ha;#%nqG=xg$Viz{91~)@X^l7JgcY|5=bQgyhDqe0a;$#Ve%&tOagZB4@rH5j!j4l-|wnq24VVAZd_ zAn;Ene`R`HmswDDIhu;qWrORe6f>T~F3V`k-mL{Kck}{2!6^Q4(nmXa;s_T_r-JVBzY5urcyqWq$^bZCR2k8bjaG~1l=#^9O85C3>a|565^tJ{BW%|Ey1pBpy+Trqbs zOA7UyFz9@2_@^Adq7TsWxjhu*PRD{WFOx@U11(M#^C`38OiB3?dtumjFCQfe81)~L zRP#$e)-RQWu<}9v@ssk$l!RumD%6IbLW`0-y(_jpx5Rys&|8WprHNCmxhaP}oU}b) zI2#96nX1Q0_~LlHl?=m`kp|PTTQ?eY!=#?bu%eTS!fkOBm=$1RK`F})ZI1}OwVh6X zM;oH;c` zl0w1{Xr_u&_S^(>n8JCIrNg?a^Fzw{V>qbO46XZa3`2+1P9>6iV^d=Hx%Lr_a4?E`Ke+idG zP{a}}{>~O~WRC0enl5^_;ca69N=fUIJm`8Wi+N0!fj9>_Dg~{%KGs#8J8{Q;XAT~g zC8@604oDMecL^YD`aJJ73AO?^_A+#9a{gUK-pNq`o}|66-|e*T}W?Y*5_`TukL=GT9r z{rvKB|Le1K6g&fwxA6l!87<-R+32sK*uQt{@Odloe_DzE%NHJEXwNY%(L6|<4t`Pw zkKX`Puj@sU>0f;Q%1ESLTF2z{r-o!I&S#^h&fG4Rc;z)=SPS#9qy_-mJn7<*_(>;q ztglhPHF_zQb9n+pM&JzKu1>05%)l9+_}vE&{!g&}zopxC>)I}uW}c@n#w}%iUio0) z*o6>14&0u>7rOla*G=93oYM@;;|gQim8~XTV8Q*rvv+UP*Z<$!zRmylS$^gBf8~CD zF@7Mh^I3%LnT6@!J2a+v`~2`3)Ww8vH!J!Lu}Z7tO|&L(Yo2&gqSQ6rihj z9@P1Q$DYd{3^7G{BhnfEMCWNt-p}jrq*PumE{F zjr;Go7&DVN^vV>~I=f-!?BR+Iw3OnI9hE{-kMb$frUwdrz`u20^*F&=A!$}u%fg`f zaZY))>=urx%Z%w>~y1V0-h>)%DF$d1G0{#$7qWReL9|jj^V%+V+_BSLUI+G3L2X zdX`+z&n5)iB>xYbPkb^%KQy+M_gua4g^44~&V) z(Qf{zXkAji$+Rh{-c$(wT9KGPK-d&3?nnSD?JlR)YV&5 z5vuX$j;aOaXSTX}IVhh2na7UUc65Kmg}Za|@)tF%-dD)CJuIu_1>n7UUv5jco>wK3 zq*DwHa{-n1SIGMB4Zz;pt3?g^CARz#mD`HTyVsxGC{K8k{2vE8byb4(CHcRd?Rz_Z z{hu9R3UB$p&+(hb|9SiQ!XXE}Y-*?OReR96<3a;N2 z;ES4stClJvKh7&PqGBuXIO3T5G`ps=`RCKfx6dMg4f|Y z(rRLwe>`g(nw~d$yjsdi%P9jyIt4@4 zv(&AA!D8L-LpVQTOt4>C^;13s9n4Vs;K!hz06$j8T2AH}{7dSj;9p!QD!9BXcK17_ zCovU!lp`r_l&M_}UcTJC)KCK=x2h;F?>EAeBb;9;p zfn7OXQExZ31xp60HV4j~l5F7fHV?~zL_?JB=Bz89Ag&7cGE4h7NUTPIxhvp2C<^L; z9>I+rBDHJ%NCo7Gt`2e7Y}oNumdappr8ykF14=xHL-e(toXrqJ$-`(S^Cj^YIt+mv z#1j?&zg9V6J@h$K7J9)u!+$U;DHQ-rn~gdSe2xY&WWlc9OB?0vkwAm|2EqofE4-Byi!it#pZwlR_2v5%a`9ZEicH0iaeUM!dC zKjFf{agW06T_8Q6;Tou_scr%f9f-2YQ5!CTV@4LvZ-9Lq*w+arjSuudi4W)g-C1)? z60&RP5C@&oTnGFh#rB4%3!oWD_h}xk1fxXk03jGwy$yUtSMLb!! zYgBcSx2!LRg)Gsg1k5CLhA_zh^C_8)j+BWLOr3@qRKg@pFf9u5$0OboUMyGw422={ zwYxrI$Te_ziKda9M0CT?QSAYJw8_A&co7=sU6|=z2VgH!U8#&>f)>+c5)T8)_CpqU zT0&uJfy<}BB%M~v0coY!a^l|_NCxl%!VQ7R2OJO})tL;6uT>FjUjFu4$)n1h`#DXA z&@Isi5wVUbq>Q;8TxmIeE{PO6jnWNTs5!uG!f{c5366=#9rMsHfRSo*hB(AsPVD0D znp#CCKiSE2NQDDcF3LgMxtw^kOHIv*M)T(93`Bn;jB2j#MdJiz~L8(FBU#02yMhBsWjR_fo*){J%*Et2}*M%u$Qaj z?_xUPhIh72cNVhhs*s(S3m&m{qw#?=P5p@GNYqYwut=rQWVGl~rRa_ukmBZ~LE0Q7)jORJJc64h>PD%NeZ74sm?KB-JidU=$}?gTS$`Rh@nXiZExsaa&s>Dnwukzy1P z=R{Slt*HoqLrQ?^MW(EVC;&G29p|Eq&r{f=O;T^34TL=YD@Kp z{GSr%U|p29QK|Tl@7tdQz#-?vhPtXB)(|PPj?6=FV!Od|4ed(U?x1xA?pGn5 z4DnmUIkV1_UX|bVN1+}Yp%5Vi=WZO)Y|XHPZkASf9;VqmxB2&S_@?14OjM>Mmz|0s4yi!mBqQ^${APm&#Rx2n?~8c!h?EGTP5*&l{rJ;yuutkD3b(O{A2DKOsG`BSC=>i$w85O? zIHjRks&v&KX?u%mc%3@T+^3_N9jxAi%BG)=rP3-e>L9iB;2A3S;Cl^6eOk~h z0Rte$aqA90K0e0MKh_g1Q+3`q1Fh5VP}OSmjbz)0&iRc^-owkyX0R0;1uG!4oI8eW ze7&hQzWnu@BkOgX6hA=LW6lRKiHf7F$8VqHF>C~uZBZdhT`D^29+E4ZX`t74<{aob zy)ALH{njv~PTf6xKh@n*tor`2DS;2iCkMI_X)G3feJ%1K1~xcsnBKW+QEo(6QA$-_ zQ!+HmuY`_!Xr%u_i{D9;<>}GMeFFrK(*)Z?Z9`^d{&0zig>|g87om`Dn)Ye8R$A9N0uRaE>3SpSrE}JX-WVY8)L3{YI z($A`(kCJXK4dLX?he1z=q4vn-mW)J75W2D)M9x829&OCo{|ssskpcNr{$3;{vpCg~ z3|=zme#s3724k5m)gYS6y64eLJMPSaALPp)>&G{N&e~h4 z14OcpCCB2^Q?m4j3EUKQ)P&O|ryS^hcmR)4F<0vRzk3Q&gMI@l$uk zV{-|T?zXHJQKwEtS?g7ILNOCT5I}dpMR)XC8yA&MVg0L#IE(JC?i9VRdL`K783}wV z0T8VRa}5O7Rbi2|5i$kT&Tmce26UMDRb9!^WOz5?hfDFvyTiGTs{B-|&rx7!=3nAU zV3!6*3$RL4UR|JLSfoQJd0!mt-!1lZiNU@JI$<;D^x*&dP3p;2k95K+)dzlC_GX?` z5|G>X@}pbth1t5hk|${j5380EU#~8+mP_kntihuT=<;J%clrB2pxYmVnIkxr%UWB` zP`4}5<$7cH9ngy7m-@Mm7eWl2jq9XSn5k8E+TMkE$Uc92t}(w?SkpLoM$YBg+)1kB zSkwZ@J2%OzCKq5cqL z*BESUTA|!HWGeV*93zCVKM*q%#iA6=P~_6(SUJhr$~v$z|D`wwM0q*AmbFu}4JqoF z@LnVCRM#E54(DL*wf9lKAve~aU89+riO(aI6=bj?#ds66H_oJ2=68ANv&aSKHwizU z$25B&P>n6 z;uFDyJpLEiwl}@c1c`q5A^3mqc&~~cdLGkWaNz41W@jPO#sx(PU9E5D6}J>g0^Rtu z%<36BebYL6%ZVhZtLI!^%iylXCSEYRD5XC>Sj&1qha>O2O;$cg3mMDkkD%T{x#+U4 zhw?Uop;UWdE+dFZ=gUe_TrmL|Ol+tkT9`uhA~>z8*o`_M11{7)NwYG|w+LkzrhpQd z4&gXgQJv^I?S*f!Ru8%Wet2f<-l%3bj;Pp=3K_7}=bBU2y)qMvx%R4@yEQ!HO+|*Hn(38xOKNtJ^Eq7f=NKo;jDBKa(5iecWH=q^nouOqvkP*D^okGzuji)1_(nOLx1|DQRw}=wH5-oxWc} zRunoSDMF=>QBlB>U;tFd_nb9+w3{ANY1HM)L2nFNJV2F`Ed3WSh3MIsI+>DyrI#?P zLZx{A;RX{xYhVRkse4%$?Oo0!N!{uJgSk9^@w)qR|M2k1W49!pq)R}&K&gi;7$L5d zI}M{3CRxPx+3h3OAdc$gldM>GKiHwb?)mHgsnUerX#S`40)*GIXgKVq(}^hqv>^ZI zy`3FD|Nr*A-P`&Isu< zAj{-SvcE5{+bdrlx+5$7=Jz-mfS|jd_0Qr7EaEhaevO8B4Qejz)s)Z0XoUP6ZYSp*5I#a54-}*;iFVVbc{wM?b zj-08PPgUFsEH~WhvL~=EN5P1mv~qbM>1`}Q*1ZWDcV!26J{+mSdpKPfi)Iwalp>Qq!kzD?(B4|w29Kwy`Yey?`xuP6qro(| z%&iH4L&c(~vr0UOzxpk{Q?TqsCd3TyCc5l?fAKq~~kIJ2&jQZG=$31lEh zA}eQxax+KD+3Lg91ClO`CugV9?X6Z1h5>geZu#C0{Ut|z?b|rs*F8z*IAbo~50@pU zT>eF+!PQ#?ZNG|!(FE=yyGJY1zjQ$4LvKIn&|hnANezRcuB`&Aj&v;?mbuF`*P71P zGED2)LPd|@FKS${D|96=Bt_AhFvCz-CNB2oe=N!X9%O_F>bsJ@(T(DL)Sqfy24caY zWzn7h=Y3%-=+n{H9~OHg>)BJbjv;ruC)+=dp4mG|6sI z#~o#u!TOvu#iOxyM#3Z|KG5XAd|m|{3mOst;X0UsqBDa%Am{FbeaVkKh~e-eoN-nA`h(MfK75P|42%-47CZEbIETLNSY(5(f$QVY9o#V4(NGKiB_oVQB5uD1>_ zE!8h+HUiv%9ko~e$k2wm=>gbVbd4k2WXsQLu)1~`v>pl0zpbx)U`)PzTd!Nk*8KMq z)>-*le>bZC(KZ~n1oV9U&-Ui#?zXT0*|>LG|M9c@=IVd+etr?%&&OpszC!ELZ0FZZ z&HOE>3iP&KTTfu+e_X62FqU2EPi;4@6x+%Tcl8ltffp9UD~-%;YB-%0^Dhc~D<;5H zz&RZy*PwIEYA%o`=TRp1In|I8#p=9nc4@t#l{?0TBP^jRs7%%Z#ypcqPLkM>E|1kM z#bH|@1Dt{Z6y;W4!Av4^kk>S6aEhzpfa80eylZ$mPF+23K1zDAQ!pz_){jSJi$9Zq zc;aVgD4@JD$cCg_inMX=H6`G$t*55XV( zKcrE6gr#QgH2Q68SZswOT^vEPM7S>;TfcsOQZ<7P%`ir_p(w zPIK3>y7Vwn&Pd6S%NR#bQa1@?yV#IiRh@*{Kj`e?2nOFbU;|Tcs%_`E9GobLr>P@d z;lbD_B>~iNoFCgEaV(scjLA_MEXZk2Qn)h~E1@Jqxms>>2698$%@r_81CFCvnBx3O zQ(2tYT+ikPQk!d7PIB|gS(!=ApVO7onX7T!WJ2?bv0X87xj(WirY@g9maC;FS3|jx z1mz0YbyJkjpV*a?kgMTbI}Q1@#xpO^xIP*;nQ2@By~$kT3g-FEWgAx@Zz$im0#}`J zeE#lTBfq%n^5!y(>q*>Pj&TL@Mzf47pf{Fhykb+XoH|^SFE@GkGU>ugQiS`MT9z<; z*$FI>AYAox11Z8a4fyyZ;T{pcPMYv5tIz#9dh z>IxA@#isp?6s@$UVj`9b5WnNC`41#2p&f2l;y>?1pDu*v8``R~-mIR*t4ly7xePIC zA!K0*7xrMO6J`x&og_}t_?TjP+DjH1V1oyh};c|@vTcT0g z40JMNV7vba@R{eMPOtt#Z-UDb_#k8y!ohJwN0boj;mQZj9i`&&XdqT{<+v+kiHcOWhl@vo*418EN4X*D1^P;oSEw*;hZX}H6`upuLWQk!X)_Q@ zJ)xU4V#)$iDAjA3H}sm6 zXXvDd!zI`kp^3}yr=wn+MA{hyBl+ej#^Mv}JXpE2`Ded^0XE)nheyG8!5jDG(OOyL zXvIc)U>(A#HtzZx?```q1una5u+KroM#1Ud|NMu?f}hqlt%f(RcB;**moBVQb0QLA*z*VKrSsa~^#R%8iZ zAhrg)s6;EdluEB3-c#q^DKkIV7tb6t(9!bMbY}4;ndEw$+K;mIjhLmTs2eN!-`o|a zA_c^9^1sB5>q6xN)UqGCti;i|BSDlI2iSV!CrK0QfF5*wGozLvpAe}+7Mx`12 zf-X4to+!fvomVK*%@MqvDI{EiAkHbO2dB6OB0Gp08SpDZN?GcTRg@wYyt+TfIuN8O z1;C9`pg0^Eb`j3l!W&O0tgsiMVkd8M>|x=w_b8*-c|4%7wZS09BN+}gMUn)XVgDUE zs*l1XJZ0}ObUMV-;t)O<;c&I8og3H;V1PxWuTB=X0q;vv1XMm!3q1^XLgaTif&6q?mk4PT-X5Tz( z>0fMIa1j$0niV{>rS@gm)7k`%W|o^rlu7A{t^eiz9NAH#<|-sDH>B7a7fKrVSD8Fn z`ZZ-^DfSzz2)8>Qj)_RFGZ_t%9GOWoSIlBOSG4fH#5E{MX2w5C4Cd@`Gbk7C1m_BvSjf$x#01@G+iCIB zQe#-6lae&XMY)i11eIrba5s8Sw*35VfC&uQ_d>@c_oo@Mkmwt3BVW^lNtS`w#((EX zw&$XWyQTUTn)#b+L`;A2DDITeLp&48CC{Z+wU~Kine5O-0RU&liuN}2ih3zHNP2FS zQ!!2ml}y#4a8p`QrVQs=r%sG0Qoy)RSw=}8=}73+H_m_+0xJr7Q?MbEI_)3@gv=fw z1(;&Km@EQGBj;XEp|yP>>oKv7h~EQ+#v1K$A`BOC44jff3py08Kn#)vEkqAnaUa7F zgSF3ob;{`U?Ws3mFwNL)2|-KHJwUXt9Q7?9-RoSC&A^3WU6|@c`CaMViX|UcU5G$0 zlGJA&@W8WS$)E{kajbg=IvYG?^gBcXSiN{s*M*Vu))kj zRx#>&d&}2E_y4tCqAqSPxIfj$%UzxGK`(V{mhAr0x2J532h`rCrhSQ;(U#nwA9r)= zWvjk4uehKeePL>M!7JXJW-6Cu(B9bSD;oDBO8w2AhK1AVxeON4XUH-Q8f0>F^!oTf zoN>$jc1t6nxEduTp)H5J2(AUIG-TMz-y@$or6w>Bz> z*+|)8l$R!EJRr-;$_MOA%t{4%YS3LqOn%!%1h7gH!3z0%8s<`X^DIP(>zpcq$TDF* zF*0dWA|!TgC`m1*s!4z9&9-(6Ju)UHY4x|WS2Xa#PMQDy2S!qTo4=ch{~F{&c#}nL z+?V<-$p5pmvA5;Le{F8$xF_KQ+kB^IXe0=zn7>4B|{-DLYs6Kej z%!o;4ONZ(aCftRWbv_~}nqxpvFP>nH-r#V0O5CKV8DOHs523$u%J$83)b&udkBdkg z8&~iz@`-%<`>U5Zr4~Y!98YZ!!L^A29;iGtg^_RxX-KcM{S0vHG0uY#1qMmOk}mR8 znN;PD)_M?h4kNQ&2G~X}JDig<5#s`hy>Nhu33aEzZ0L$~(L%vr`G?ElH2rk~JICip zTlFro6p?-yQn?GPxe*2IuV#-#x(EWjJ)O=gI74H0_>98AQe(+D@k-TLn1s7y833D# zUuU$UyeYXJ4y_VO0(STMD$10oetvi&2c>Mt75O0#$U@f0`+lvM4G{e-0nfSc5vQ!9C?e#(rA7vR!=cxm zaY(+wn2R$@iDhOc(O9Wg$bnpWB3b|e9w*n5d}i#us_MKs-@Ov20gjY&RLV}7L-f0^;LuBXqWf`PIM3(-lWlyZks_J zI4gJ+6 zpAloJONRpo&I8!L!Wst7!{C8st)mK5nO$v)oI)zFM5a{uoHoJvhR%K2NK^~PNf)kl zT=;dj96}*vqI{8iA!bhGXW~$<*Wio@MNa-0-rueg z%N4LpSd7dn?&(*Jgu8h-lw71eHbIkXD(A)w;)!S&G(@W=2+zo_V5EpB2#LQ?lF8VM zNfztR3BIf(N1WEgHfzxnsvxdnn>qNsgNzBM3F?SX^6{DvPOM~-l+w47c_3HU->=Ww zllPNVgu2T7$ku8BsJ#;f(s|?)>_TVOs$)qaO3HzrT$Kb=^&tRw9$tv_Tq4RFswvr> zMrRViC+KsiCp|Osv?x-cCGJL3ycMiTcGy~IJ+TOvbs80*u2}??inYG-0fAq>5o_U5 zz04kaGgvJ*s0NCaIOd@%m&!V$ClcZ4AB+0xy3EN}7xOx|m+-?l9l@ zO(H&WG0unWKxGQ?kX`q6B3Xh}eye3^zEVlYDkm=`$EFnK5?SJuN+Lc!i!g6>T_@fS zhjGzw;r4J@)vZ)Fik6bkIh$94eHHeGI($G|F5yRBohq$E?$^w-_~J%+x#`ryH1)pB zJ!RgBpN_fm;8jk(!-Q8|T|O_aG>qa3>HN8n4flGqPdf`E16Xo&H^qG5b7@F3_;cAV z+4X3(KyrfFsjf$344k&JbB*%e@v1A80laPbX!65^22hIP>;Sv znT|oMo7Cl;#iZ>S1Qydfm6SawOlK355K7ORIDZkw{JF%j;%unYk4Zc7N#{B&eXoP11HJI#Oo)vYgOwuw^aD5R2W^~d0VeU zkS&_!DM*$g&C<9|uiH`9t2?ii6MJq_hkBISCU^R4mE!b6aF!y)udm~O*WV4(izKfH zrqFXGq5q_GeyJ;^n$RzRe{~+yx3k>zh;HcW_>?>nvx3kYoYUyX!1nY0bjOpArG`z8JCeOINlm3HUXFpzvq%Tb&Hx8A zm-`5nB_x+9$It?wq)z`#5+oO#Vj-PDPPOTUpf*diJ_Q0Ji9>i81R3Xv;fiB6;RRN@ zk#n)IV$P#@6l0tyI(5-dy75VujCRH}a7zb1BOQRfZn!78ie+)lKr0vxrX$g8ro@;J z%$Jxb^&-u(SrGQn`ht_Ef@E{$&I;q#MBP+&q9T(J-#W9DBLhByE-}(%ngsf$ri%;l zHcf^z!9}MRuFq|ot^%=jQQE4+N+zq4q?5eUE+?`TrZt}t^mam9*H$m!y2N0bBJcR| zCN{Uza;~Ry6CB@1i1Sxx=c+Dq-$uE0L!bJ6U#npb)1y zya+ENxjwA?)fyTpKPg|bl>2rErDN)(bO5lS-!yl4t04IIQ4nDA7`;==S!X;dLwIQ4 zsm(xdb%ClYn$C8XN}+$HG|@6`F$!fCqFw{Obww;mGM7{g6j(nUn7@FoT0LPQ6}@~l zo9b6FmiXhHeVU%Ol_ZL*PgC<#U994#Ls<#~)R)SGH07m09 zO;2XP1(U0wu=s9c;zx*^Y0+DF3JXX{&3aQ-wXOm=KAU0AGixC2wjI1Ln7oWK=i{z9 zs|v7TcHHHx?6(5?(xM!!bCgXQ>Q&Q_73{GSaKD-$u-U^6?VYFHw{B(oQWl!Wg4cK0 z$9G1@El;tN?;NSjB4MGD+C-%Mu51~;E7F+Po@Dv_#cPutrh*LLUZ1zu=eK!%dNkz5 zFHh@oTZ&xWjLv)U1t#(>*1aY~>`6vdAQovh;B=JXc^VIbew=aAtpV4jO8S^6hVK@& z_&?*+oUHw#P$FM(_DDcouN9a^UH2#nUWmxpbJKUWOizKs#D$r(+jOWS|!H zFMUr*VXb?P3BC8D4YWRD!tecPf31&fQMcrw{V5ly^dR!l%MQ?BriyC>v*Z0Hp(|Yp zh^>FsaXB13EmZG{;W*rOVH6I3HYY^c3XoQ5yX+WZEWh=Px*Y;>|09Qb$zjJ-ezyD#!;ib3#o7=bX z-=F2T62QI#9cC;DGy>FWD=WcHd!xM>G%z~4wXxUQ+5|bN75oyv2if(MC4Q{043ZrB z4-5v%ps$b$g~kLV;>S@h4wLoYdedYwrQFCSA`S^4*+?;vV+xc|_q<_x-q?bk$yG>$ zPSOh_PtujVx%IZKQiv$x%P%$qCckknMvr#-g1rYMIC&f=O8c_i{%_NXxDep1QJVlu z)k1v^TfBo|dK&kYI!&dFWVXrJltAbLC=+p99Z$N_xDWVdl~UkB1TG71#-X9H;thRl zv1IKJxr|)s6rdblE~!^qs#t{b5K+UT zHRR~@h}0RAR-9NcPlE6qb``w>VFmYT?D=#&PP2)Qtez%RK?z>9rsLBLYe&4Iq&A1c zC>rDPoy4b8@drKuxfmnyt^n*e^XNBz)aks)V&Ho7)=TzHUeF0HBsvjGE#6EDcId6- zBY`JijC(f*sdtiQnE0np4o0EUtVs+8ClnuYwj4y9UN_JBR;?w#|7{!pw_6*0@?J%w z^jt<1Y;Jfv--mN0l|1zhc_(BOHJ_)XUC4011+P8a6~`LD?*t2xi1~Frn)KL^P4z{;Ecm5G@+^B3`XSSU3!S5U{K7E(cFub zNw5YOaEI0g!6Lsn4DR9gucLet{1--vM+vLP;Q?v1IEWL?AM6++(+ZOr8LemnuYP^< zluF^y?5ydWr2xg6hQ&-^F9HNjtjGT;tpDA{*2Ef_FS&Gg*u`CxjuL8u=FwVk*5gAmZ?9+Dm~K4S<4R z4g>u5Ny4uY1`={u_19T=4%qbQz{0(Kye?34o(0eU>Ks5J@0)GoiCEen#K&UXP8nxaY|qVUfpow&Ahj42a8EhgsO0-8v<03wvc01}>@^R4#x?JYbl zE5YX8eMAxb=5z|Ql2?Yy>=>=EZnarsl%k{#@)?qRsyvL-Y+;HFDSE@XVzZuUz9G$n z;~a2}YSkUH=}yrLO&sFLthg%aBgMzi5`w3KJsU9R!SobX0+CLw3ZB|{FhkFYWA{or z<~xa(6sLjJwt)=u?9tb6+MBWV?9I7kO>Vu5FfADKj5ue=_CP&%P*FK%v za44AEHQSM!mYb&K=6!1UDbeQ%mB;$-La^M2Colu==WDGDJ zh+G&c(F&k2-QNzm{0BAq|EA~wgT3)=32(w7qcf#v)6>0Yrn}wR+NS9q%Gr`*1S>)V z8AfE|DvW><(OJz751+z_i!Ob-`~ zr$>nrM`QFqnZ%<=fu(H`xI5}-DY%dh@_)&Z&Op1b zfNk-1uD}Zbfl%+>6}VgX?;SPhuIQ|4064fr5Aa$uD@Qpdl%3Y z^O`3>)Nzx9g)#l^S>xW^-8l*v5BffH3Re<4;jp-&SwXAy#um0FB#8lo-j`v-7w>nc zR(qaGJ&?A}mere%#*D~mI)s;4VJA%DiPdn+40!wdjol+9wY3;yTEL#g=^*ZRe70Z7 z5R6#-nPU0K4|g&f@+r!gd&=#%$TqbUA9e<86@j0Ko>=TAQ&H+y2q2z4r~lo(DD*l+Y*+)T*p_=6S6LSLnunrG)+TYE ziUggYYz#x_bZA{N5u{cBn~1A(w`X_rD%-QW>2HrJBSbMJlWa#}`Zkz;H+Hw6$y3a3t4EIP z=^(vGhG{t99CYXqKSLDL4QY`&4&75ZN{Bu#SOeYv*6uD|bedx&PA^VW@&=%Gub%8b ze)hy_v4t%jg{+9_#tCpR#$PgLzdmCiF%7rx?@>cMuOP-N#;T^b#;Wd zgkF)0L4m+9<}P3USETYoj8hng9FT`1Yaaz$Y)ZST84u()P=;@L7vP3>R%MU3cJK4h zI?U{6RN{tYNDB0j^m`X)vlgOQWw^-gPpgbk4u z$fGdppOp=HX9rhvf2_3}aDLvgTON8Vkv>%E9d)C z8OKbqdoz;48fyWunWum?s)zf?6qp|F(WqG?Bje&V@uYK5qZOYa@xjwP|fe2Grx`dw7@VNwW{RI z6ivk4%vGo2`BrfDY&e_uzo&INc2yF`G`{+=XidmL>A3E?6h&IMz^hH#X>ukPHe7ae5kMit#gZ zv%cTCuS6J`s%8uMh)pMHALTH*iHxS&g77_^u|w7&1R}5D1;EQJQvev}5#`iH{D4D{ zu#0UjN^=|F9s-o%yr~dZj-;v;DvM3qdwW~fPM2es*3!?ccK7z=L?b4#r~v05RnPGN zb~c@8K6Mi$^ZPZWUvtD9QOX#wJKMCU)~O{OwTj5skonTb#lh}PKYRAhZg0pCZ7RTH zB!obWlSRs>q#A7HlW;U94GSP*BOK-!(17N*JYb;P_qQ-3P5*4IZF;qCmCdcK?+wjm z+zbw0ibpK6nSd%>4_>Sik2qEIFa;PEOPUuZaxfZ2gP3bV80CdXOq4&MnVpEwlzzTe!~-ZB>=92H<5M`EqCwUaYKNLwd<>%RF3f1dxxi|4Oj z9sK;;>x1Vv=mN69|8rw=_g=yOXLsY)|KoG~UUJ10x-T%2PYL>`a4@GmlJD6C!1fa! zO;P36)#u;Q>#p~JeP17iz!hXJLOpwYdz8PnpL_n<=liDnxVrz}?#|}kt^eQW___N( zjC)y#a_o)bz%~3ox9)A+?*Hfbx%>ZY|KRy+`2Q!b4sXx{bW!{VY`eezJDXd#_y6bk z{cxw%va))fMhQiKvSy!HC5HNygVVq!r87#8%T34w-872?T zK!}<+4r##nQ=K?0mZusH+E}PNfd}uXF8d5)?d*Bar%&kZXD12wut( zJ*5hHH8yae-Qdlyu$; zSv)pw<*ZX3g-LiSN?FGZ4Zx$1ao6p`4M}*Lyt(s+!mxuwpi)!oV8^4=c7BF+TJmpt{uJM_eTN1)A0`CS5gU6!C61I0I7#ZZu)Xo^U4>C9gjuN z>_rb4mt-W3Xj*YaEe0>hSDwC5T0Ld&+2DxL4N@yQ|!f**Ub4)8jJ}i7p`pRp8%^Hkf z01cQe8^s9N-MbvDsg8#iVt`5JX>L3rom^4*n<6P{xl1F{Uvj3_D21qB1cZPS_IJbuw!2x5DH9n7+D#*X)9 zrJDRY3UTM@12jv7xj)d~UOlBbaY;RS4d)!XF5+XRD!-{Ot? zw%!TkZ+>Qv)qBYwK!5oBZT;n|7q4GDdI5i#PcHeN@SjWS5c~Zl#afq?=BCMl31+o|mHacpl;jM#=L5q52pY=NG-lO0DsP z?3f%2Z^KYWI8)`?S=!YX#NE5$3CM_d?>fB#rs>E^P6|b>LWxhKBCxa>bPs4opb-OO z&S8Z(3q1q! zN9LFd~83Gt{mcDn1U;`V7xfj#FGcI#%S4^bH&w z=5^2{>-4cS>8i3TM22<3WZ1oTutIO%*7>^!e7QH#`v!QP2jn6;Ybn@o>qo~y!;0C(w(c$puE{PA*bR z00w-WF#P1}0k=wFD7_iu=^}>@!yq;FECDT7@9*twY^(+i5TVa7P2-woNSQWyOUV9N z@i-g|&;yNUM2^YIzd^3%2D&#*;6!00l=!mHn>9{1twMQ;?Ie+!U;h7@`h&!SY#bIn~%q_nH0J>~hZD{P>e$pGaB z6>+j zl$Q1*1Rfuh`BU={)ElPahH+I4Xa(!4E(^a~ra}XllBhwz-p#`NzTdUJeI%y@V zmE6&k{LsB#+bSjGd~6X8iq}gsu`1HgV!i3>Hib`)C;UjUtv06`oJ6QJ*UTU(sF@8M zsX#`>4JKTC6EB$&uds+COo>d;eej#Uv|EcWKK3c+8S%e!ivduVuX~(meU^eQ#9cXr zl8HiAPq6})RIa%K;&>W98D9elH%2wTH580LSZXB23*O#Bc}tijU+`vJoW=b!Mm=Pr zH2+dq7s7xrIGvJiequ4St88}>xOOqsa5w_?6aGVinZWoM^j&IBKIgG;Qo1zUbtadj ziGPV#j7x2IZwUXuy_A7jf}h%H9)c<^OYWAvsDK;#rRMBrM;onokNt7Qc7R!GVrF7}5vQbHcB7P1n2 zIygZCvqENJrls(*$Wm#xw$v1fTMFUsoJ3>6fow;c^Z-_l*pyLjYWV9+1n(X&kteZK2F%Z<6O<&SQdDUA&UJhk z{8RVako?;;BIfnhG$}SKwj9=p9MDaZt{Mj~g@`U1t&QqsMC=<451ZidX!w?c^&q7| zYmFTyfjQ;41fHY^N2V!jNrG7;?NOBW5ZHKJT(eBPq}QG?kd>kAHfBzX@NdQ`v@A38 zDVjR+{UotTi%<%Z+dbAPLO9Ehpo{uaTy+ZnktIJt*{CT)GUZpqqnARF88fI6jNyeU zn}HQu>~_=yQ{kZa%i1An>kb@mg5?Iy?&aNSf_z@r&Z&!of1FyB(8|7mkwVdNom#=*`JvkZJ zDgL>r8%6L5qR-KmSW1#0HUSpKX0p#G0#OO$-Z~O0!y$RPSF*TKG8!~A7nJ-%36N;m zd{BoecZbPxRA_`S%`mjp;iU?3qcP$4R)q*_V+z#_&@C#7=t>>LIfc(6glQIcgyQA; zTV>6Ra|Rcu#KYTvcLG&y++ zP{Sz1tTg?1$JiN)^uQG-lf0uDY~)qOn0W<&GUEdjc92ec6AmUs(S#bKa)}Z&z<@)O z5Q@bb>jdFKF!kcEaNuBZD*U9~Y=Ok#LERN8$r0;%azB z7LIdA3eNFzKI5XLoX6rc%m$Qi9_e^|nouS=T6)g%*3qgXN;pF|62?FJ))p#h%4khd zIm)QslB+;;)5l0Bd2U3xj*U1f4`^mOSdcMAg|;)rxFFIdF@=F~gTq)L9gPPR4bJU( zG!SqdzTA&Bm}6q4nIH_B8n?ncpN?2_-s4VAVoWMG&SF#x>GEVq$Yf5Uwqq^Dfs#sO z%+C0l0msDJVMuDeoCJ!7NxYx2L)zuQ-_J;yd5i{_7XAHz6z0%dn{k*y6CCW`tccfd zQvlDb7v9psa-jKoA_*MX*Iwy5eT;0P9ZHqYR7AZ5u${mWuMR``p0Lpm$jrVV*#93T z${?()b(jzAZQ{k)t^SKX#Nth8UjquG>}{)JsTxG*ZT_g8W~cCHZxz2ZM?N5KJXvi9 zt8mSdPUkJW7-%b<Le|pNi z(PH2&(|O61&7@T`drbUKn!HV1gH_Lx;xA8t3uL-IA^?&Il76g8vR6#);`7ruc^|xd zx!)wwU;uZCWRfHcbz-N}fr$*~uSJ5;TH~{E`P9ebutT4$%QhBfiYn4KtHZpxTyt%2K2vJ?t|Fp1$zEMSDU~cxNSMT?uVLAnV zEDR9q@m_iK_}3llX0kFbq9+vcgZs}O@9oTAt-e5=i}7L>Y^#s?7!J;MWZBSds}IzB zo$g$G!&AgdS;L}tB_~AMwh&&~@gTia+~ZBawO(#`1I{(9-a*4vcU>jF-8G4!+CFCb zT*#VVwvrGm!!M8RjF+}&o$D1B><>}OKBa)!mhz_q;2>24V~OMvZ5Mo);t?@R^xrW% z@h7?*r(zG4vlH|Hr;M`EP3RiY&T{a-8Fkqg@rr~)x@3NtW^_@<2`4|LQqsf#srY+q zh_3Nac}85s@8ULZ7~LcL- z#m{%$LUcw%`5I6-rZ5RYVF-l}b5%ak(+gJbZESc1;y2n*8A5Pt_`O${v_NhoG-|Iteii9s$?ev6K<+LgH}> zdw2tJNiUHefe!^o}e)g5r zIe>Dtf2sqbs@`5(*?(Z$&4zb5V+BcL!T?!*R+ihG=IY9T^4S5vrug5)RcN$0tGISW zo}m3A9ALPXBq3AgZdErO_%GXMPSC9{i8e)puFix|c3SVDxB+UjuTBheOp|b)^Xax7 znw2E1bIOcJ?vsw&TEWcKqh1|u+8o`L`JbJ;cTH7>C&+?FoY>|yx|TF_3_|`8 z;~m;@delHG#U$+%-mI;$AM~SiJOd(dHbK~18ynwaqM+SoAQ?!)PxOu*WmC+iDHN2@V=bo#GlUF4|n1(uYf-D8-97){DFuWio!)Ye2#n3-yO^Gr8RW57xHqo4|vr=kkn8n5V0A0=# zSf%~L;Nb9WJ@|S5@ZhldHu?SF^{+2}dma3~|LWEL^VbJY4uco3f=4f&KR$SU@ZvfA z^-Hk-{C|S~I(YuLsnjIG0^lGqzA+{Zz+n_Q15ip6oy~0+CZ|(U$e|jMuXZa_RfzP8 zj2j`lu@&aj*7VFo!*l{Axob(iEhxC|#N$9CiN!HZ_(7{5(`FT8c-|)UX5B;-VklA( zZJkfLWVVA33kL$jj(8gIR?r!+0Uqnb&-KoSI?Fil$&U|$4NO2t(NIW->}Qww&{*KG zp;yL(zXsuKlfKrL5nfwp01w4zVIJUB2!ljK;|EMp^q;`E4a2_v(_~xazqO)OeN7iH z4vr|UXq{kWudw!j7nvmYk@A=1+lXDHISxZ&E$s3Sur}@m0k97x^Jp?JCdq5amjG@r zyX`5|b%A>zE-$}y7~MDfbK^f%sm?E+|6zN3^EUs(=lHq%uhS0RXdesWe>b-a`JZ<8 zHg;~~e?Q014YsX)y|K1_{jb|d+nb2Ar3`^~oNdhsv#ohiwlyorwpRQ25L?cVjGSD} z#MjD0g;g~Uu9cC}R@AJ>+S->2tgY3)p|DzaupbpvTdRGxkXptBH-GHM$I}wj(rDV+ ze`+u-pvN~7N?WT*jA`uy)!e1L6`kONF5K%xmpX6gEp!48b@XgqzrC#S|6XDTwc2M3 zoBh}cl|aV{BJ9e^IU%yOf2#=DTJ1k1K9+Z}#96=gpBEfUvW`A+ENoeqpCA;r zq?@lG61MDk-v+`~1;Q5h@GFdiW%^SR1zY=+L9ojJ|12@E%M9cj3xQo`N?#xXc9~&) zwgA|rw*8xqe_dvV|L)WfCcE;Gol zBJg#oP5x@*UX`7pBAn0$tS*O1$1{9~tCx5=t<8;Ot(63_nq|6n5Nq`UI1#Lc`4$3L{pnT2uNH^=k+G}Q6HtMxwQIz! zmLlj;#TMe%ZqRCNam;GX30bYV5v#>jx^}c`_4?SMs#W-WjY!p6d7x@x?VLE(BJS%j z)!Ii!shYJciBMgVs=48224Y!c>Jq%|w-=aNt9?CTsSDZiE5)SNt{aj%pEbW$JZkMD z!cl8iiAJq09gMm#7Pam(4@<|Px@T`u)MssB3~H?`+R~iWity7bkD`heEDSrX?#aZQ z)`}sgg^ACJI9;#=D%iC4&BdCUwYzqpY3;gkre^)VnHbZWzr){TgsJg4`&!~lMVaSC zm)1T>a4Gr&Um>)VPDt%KaiuD(w7&M2+Q$Z!)|QMZt<|m;QHtdIqvJ_y*9a%&Xi^nS zTDz%O(%KD#lGf%&k}}DQSWMaG}Oe^mF6C>@YW$93XAw{G|Uv;5rsSB%-0-+!$CeY^jk{#UjCqPxElJh=M)-@CVcd;UMmZ_)m5 zY?9@u9c8_1_c1^Idt+l~XUpCHt<8J8TetDwpX0aRCpo3lAsMIhlFWv65qN(1(}Un4 zTN3~DV~793ID4h@WojmEQcIjz@*9rOPFOWW!E#u1kQBIqr;@oy8RDD=`@6t-e7 zzyVkka-B-YWJo70%gO%BZUvJprNC**gCwzs9L0#?h}gU=#E>lYZlopJ?eX&%*rc@C;eVr8!C=50yAE%HK@8NP&696(DBf+8g77lZ7 z2m2o~nt>37d)?>Sy<%OX+F}`yrUKVc~+*N)pk6t|g z<>1w`eRO8I%h5VQ_t^`GQosOxS?7i=?T&+PLPU`Y3l&sefHaKOD;~m?u0A)6cs?yY zaWV6a5KkPMKYCSL6xsF;L`LGViutT3=|%ktN4;b+Rma|6 zvDRxG)U}tb%c*c2!XR|vw>)CUO&#(~o<_k*L{VuHrzKhZ_#I#2Dij)l!1A#t*1Zjm zc)r4_m>_Ic9=NuY$HNxIWiLN>3*P6_8Z46kF~eRP`OJ^70M3{Hx3_k;w|)Kp*1cQ% z-)H%)1WzLr1%X@6DUl(kJp$>T9RG6@i!maRu^l`UmLZSEVHRqxx}Od)0>8F`Sq0)j z07ylG58c^0B~lK9e??iUBK|2(5Q!kVS0^p&74uP?MxusE+@i;E)(MKn0xMA%(S#Ms zX~E1D2N1K)eJs6c9i+jbvy?*pEpxBc&%JzosBD&ANhaZV~ zqba#xW18Quq@m>yx0L#SusH9(c&^UN`zS9igfA^X}yWL*H1ZW(x zuQP*bk5`T>B54J{aX1giiwOo8HS#shhZbAH#NI^{{HB4?0$f3)y}^PHuQNcT_OS3c zrZqTF@JQd=lt&pueyt_}DP0agv?;8?_aQke*6s9r|1K_ORGydvohP z&hnKBK?2q_9FHkk#-Tf?0pJ!$95|bU#NjfUlth3eUox69VHlxnJg&$oCG!&|Ey}%eVYR!L`q4VDW#D}h5#0iBCL=)If2~m_&Zo&*OgQf(< zbA%KM7pf18@{pnACx~4EcSV2bkrYQj?{9bj;qblLMpWDn-3zA%_Be+tiW zZG)%ykw83&25A-63gn(`Kic zc07ug#LsxqW7*SlucUB50+P@s0X9L}rY-evzvn&YRG|QZS}aHI&Lw8r5rIOX>QvR) zm&N8!_MSX9ARF?46=ZJP{Q=^47?n!*jF$2lK7b)bP~xL%1KqPgO*)7Jf5urEs;N;5 z(2)Y!0$u`bF%+=n{hE9TIjEZ$d3%nHRK{5Z0|`b#kEh_I8`RNLXljjT#Rv&Q&3XZa z4E+<0h2n}9gk?WYTa0{o{^5WI+btV9Cj8&ggmdbSIqeK5;bgrcN3nbe`(A&Nd`M+X zK&D8Yhpa9GAqy!N_F#l#u?tPEMN^g73`MP$MwDmTuDs^I_h=AZZ{Z<$6Q*^tSDEtF)>sJZ>k zhxh#HY1e82a=cVqzE&~Igwz!$GEhn6fq)#)Rbe6DnS^Jw3y>fu4n;4T3iGv*DVo-? z4?7L7KRZ4K7Yjb{csNT>F><3y)eO9x+=jFN3SIMR({OMai@Jj-;V|-3lO2Sx-Rwlo z4GmsX2(m#km?5QXmbgmEQl0yI8_O_==_QKasbuV8hj+%5qxYEAn2#YVM@o{X6F*Lm zkyI-B6f%w5@R~oFaU;7EbG}0^;h~E-_Q9x4gwAmQkuga_8bR0FzyKa6adpbW zB$Q$kCm@2GWCdA{@E2AXn-NbF%>^=!0u!AT_~A&{D@i~LWEX*P+KYmxz!~0>b*Dab z(fjCaHa$tC&Ka)*Sd50$Gx0@fO+Ak!k~tkGvF^T|&X#Bx!Kob|V?W@0cRNnktk^d^ zkEdlKFm+gT%=SlKfh>EvHW>;NUg3($193eQFvnUXdOQ&e`XUA5d#^1RE8##a58S1u`QUN0E4Uv z)@CqZYt^0DM{j~t1%m;GB%CCW?^N@_AX$LXT=Vx@l_wwH&?=lJLxRM%?u@a_Q1(Bc zFQ0Hh#41Chh1Y1+Fd$4aBN7=;nKwsPUmAB9P)`IlbS>PhGfPi!Gs8IKVmqdDIk11* zef{#;%U`;>w9^C?O{R`vkf{%!ILNjD`))j!{8H@cN-ZDnzWn9M>sN308Q5HGgeg#KNAZ3}vyUWX#EGT60}O8fDv{pQns2pY1%YmSz9)~)zJ0D{G*7dZcEIhXP zkmE&%h;g*G6=VwbO4^Y{@>$S=O4?SNTd5_@Klqd2=V`j1_+tgmn+#Q)O1>#JxJj8C z&b&`_9)M;Osi*;GV@Imw^as?Dv&$Gsnt)+?9g;27;fvJ}vW)l`;Nv)DJ;uJ=>UvxE zI-Lw7n!ST@!J3RMqIwgP@8Tp$f_$!v?|5sx@ISWb{w!uAeTK?_WVMj#e}|t&KKp}f345|8&+y=zH33-Dw+>^@O*@-S)w6o#tPT z(0@86@7AVFtp zNI643%M-#VCuakbBY_^zwd32CRt-xf2hZ2H;xI_4Y)pE?eJmi4h@8s z<`~nx+pML)Xhg=&PH{>JmuT{{)`sl(v>l)sYd-hKg77u^JPEB^BdvAZaWaC-+0)OlXcKw#yEY?{y%0Uh|vyAG{2;imRJ}#=-|B&29@(X>P1x@Lko35# z1{Q{y)I@J@v^HB?V-|y-#R3ahZ#Dh)NUH16*q=Cpi=VzTb_i7^i_~ivQR<6@PT{A4 z41LMX+Mjb;bEGMraXETXi^$0!`4XBOmeK7gm^YP6$?z=)hA|gxlz4sO6*hU4{F5g! zoN1jvsRb&OfC)z*@590xNG{@`*<*KrL{%Z~rUge@ajTU;LU*&?kTT~yi$v@Eu-Juy zE8LYcPTi9vuEu}YtzkD$X2?;~uklV5@e%^(sVI(-g*{506jHJ1SvgZPDc^Y`cTpKBFHU-VTtN|ES;ZN7g!M*Uej_bj+H1(gA;R=?mK$T5H8 zpFeHtQGZE-AGBf+ej$niq-DypR@U~7H0^r#M2&~U+7U0{R2^~rtBPiWOhw4Soi4Sqlq9x^~Rll-)Zv@x$iIN^Ly zs0+p1isV3?Chx*n)L!97t;19z-Z66Zr&4>$=L)@37ApM{A4FG;xn^LmMR6i34kM1~ zKH|buxfwYMQ>*LNWQJX2z2YL3*5MTC-KTQ4-qB$WhfS+dqiKHp;a=%Lx*l7Dh%e}E zbPijs)?w=r!9QvBkb6A)ATR?^j`QJU%+MHfac3sC6JSnd)HGw-l8+iIbjSORKYPd9 zxKAjqQv_F<4Bsz6OMuNPdbQUY7!o4{H%C)s_Zc)xBjduL3RiRbc)7Cl+3bu-(>FI>LF4K#B&viwZcqoFHULoRvBoatx`K`Iwkf5Yb_hO&zo8%hw6T;VA3MeQ<*@w460pEjJHZ{xqDc~^K0O^2XX!Ano(My@FP*G zM#*vsgY!N5M!_lL~O0%usa_qjQb39eF<@jEy=T##^bR46XZ^v93{TxM2 zb=xDNUzme+*XpxAJY*Z6(D+wxo^-u^&Kx>DHGYD;af$XJ2e#W!dg?1}XX83I#t;Qj zIT?SY8$LT?2ZtY)+UNsBwV+VO6pjFYPx|b}{yrfQ4~68x-6g|eBsx|B^T?}dz?ne+ zK{$;1%(V^Y>Q`k!-6cUc@!DW1;Dw^1MVoF0bMHsu=SHK&r??CDW{+ko{EEdrjB6Z& z950MP(T*i8UriaB9N>h+FnwAHBt!HLSF6THme83?frlmRg37`OX;DqQsbJ~=NQ|~Q zkFG}1`^unNZ&xZnvYoCr^5^}q&Sg}<)#faNgN2eBNUcq8t(mBUW|PZfG-nfdZLrR2 zO=9Jgk<$nvSs?>k5=*9(J4@U3No1bPo00?GC~#Quu{-HU zQUy>~&@h*xeTu6A7yFBdZW0z$6 zHxrsEeWm&6G>HZw43tn$BWFO>+ZBQoUHfau|Fc&S$sifngLX`Brfysy<$fg zxC?{LVue~m(=|KXiDS5Cnmj@F<~>@<{#LEHiSwo ziR|lVq#;|q2wUipjB*bX>S~t^Da*ebDcK*MARqPV2z6Y7G;f4f??y3w6Z?fiFXDk2 z2;~Kxa?Hna>};a;k&^b2@~W_{kpOB6nK8v#j4CCVbF}6N0+I@(jB9;6IOAO`7zlks zrgZx@C3x|T|DxWWe59q<^t#5B{3=sb&7ewvv$0nAH6g7w=P+|W{SOm=EC>T$LTOK0 z*LI+;%i)g4VuWR%PiEa6Cc>%kdz`IgK-(o?Z5g`-&{>&{`Kw97%1Bi%52FF(NvH%8 z4zmPY3Jel;!1=d%j4g&LHjQ&H2$jDu-l>0^z=q6%>$77~IV(!ag5iaj2@f8teC!kf z*6O(qV#Josr|+(NoFUtv4Ch&okdiq~w8si+t$QjvCv`g%dnP`ZpkkYpDgG1+Lt|;b zHO&(i4aIhat?O zv(h3SppOG2dm%jKcN_j;OhcW|V0-b_y+g0T7Yh5vCEo^qS_9Tm0+ z4ylnoxsbHh2o{e7_U;@&03Y#zl%nc1TA42JtolZpOzFDb4fX7D;=!5xuxij@Hn5iL zatCOM4|k5&aura*lzEexHE`?5cvN+(|8rOk^C=C)aM+-^IM*vvVW+JVoOm6T_1NA6 zw?f9`oKyk|Qp7dDNkH^doV8x3%hPlj{A_)E@n;b|w^=P!q{A-+77-j%RtWFzy{Q|2 z_9+{jqQ5gO~Mj^NZvEYD$lh81m z+`FQNg|Y}vz|lwMD3gL0Ta-G-Ss4mjoD}f>5NGp}mlV@hVJf;K@zjBUc5;45%v8u^y57#e zSfZaL*Jbg4W!Zm-<_Fga2fQ@@-$pV1Z)dA>Zx#P{8&_G{hmw13QJVKSpNGjKVnY1B zAYWHW9Q41(dHJJV%ksZxWq(>X$ownUCFg(R{`N-U{CDo(U*-S2l}iLg)iXlV|KHch);=o*lN%4)2^D-mTyLQ~SvM9M7ZpncR42=$AaV6IpC{$@yP~|1-t> z?~ebsI~zs(ztOq3;{R^tx)T1+Hp2@4ukioB2>yo^u7J{6vx&SxvuGF;pV_j#3lC)X z7jA2rJGO6$ zPs^%>;|6qoIe6%XEPldi;*=o2^4zd(uhm+&?nUpox&Zq|^(en+dg?Cu_B!pb=;VYG z6b%??e7MCn1Au}$K%r@xSxq=9*+IP-4v*F3M(?vB)OgrTXR1us10i~i;B&7(@6mD^ z^O7wBhhGb{=K z8!P~<`2Q9E|7HCD0QAV~cCmqwa~8Xf_*!v}BBIvarR|8)=4@MraNv~|EgNPI8n)s( z{g0DZYMt{B;>M~q?Zo>w6|cErcsyliF75#E2-#DQBjwVHsrp`(oVaSPE&rGnaaV%v ztzq*wn^D}9WDV8!Z)M|e2i3){)~FxO791UWRoXw}@~JNlK>%ia+aG}a&F3@)gpW(p z0!CwvCgVn)9)IdX7U(6t(u%_m&a;-X5-pZF%99P2_iEp?kH747o_Chja7ibU@bHrN zZ5F*{BQeh}?I}%BzG{5IfSeZEn_02H{#84syWub`TPiwlJ!!7*qD9O2<2x0#M&oE0 zY8KrG%Iy`tg;((<+BCdz)N@u={1Lkx9CXuUm>hX$XWn=Erj}%&7ymIsZlnhuKHAF< zuFIA_+ve^AZ;dd}V=&{#J;(FCyZ)IcP`rP>wq&C!L6RiX;&S4?$3T$@JWozq9JX46 z6Kc1cd!N9-{=Di|R$c$h13j;<)hii{XxP%O*2Pd7GMl+;PiGc0G*ufhT9nq{zb3k@Pc_$s#JDMjzUi!>AK7Mi0E1? z6xVZ6!9%YLFCT3DE{V15U#_j60=rxs{Yo_DH zL+lQwqPwSXXsRz0Z~3`tRWV#<1h2G5j4DwQVY%o|d5xYb4XTVK6r)%F*pl&u@?U&% zbK}o{Tq^&;+F!K)Z)|l|^51P-SC{_~y;+d`IzRjl#-FM_s;-2;i-o@`3xCyrYvGSs zzBHUJq`i-uPP7Ki~8(4e#g4oQT$o!Sir9gwt?;I{MEcy+pL*?|upz`_qbNSn&*(^9<|W zt5^d)Q%(AYDo~MRma~=Y8YY#Hc(mDk>nh}BDU4OT4RVn#;oR&!2Ygdi_vq)06BpvV zrf6DdRwo1smJSGX*+GF))7RuBd2Nyx@?JV91@{EEps3&kMMV)62dKCO_drnr7a}Sk zC?E>1N5$(Js=cifY|UOmHo zo$NjAP4~&;UY>tme$n#v^C!Mt_)2)lbyuH!#3iox7wk52nw(IuZ*^b7kRIBnMMzUxo9u;uNK7JvBVoJG~^ z!@UmUKAdsdGh@f;*FC%X*umR(@Az(>XQuAAw9l_QS;&syuvf@ z$%|^<5_=CF7hc9&8s1)A_|SC=zppv(xvDdV?cBL)(~318eEi7y&$VvdI`N~npKh$4 z-h1QVqYO73bFz8m=(B#ibkXGt#=cZ}?dnrz_dRm!rCBTHz0FTG-}?09JMUiDu`_Ra z^C8l<@`siUSmS-L@70qY@?3hYU4PLX-%cBP!<8kIKDdARf`>BsFJG@(aOE?lwsAub z9Ber!sS^eAdc%Qt`G1GThf%&?PH=h%H<)cTQ`mHgv z?T4dpO&R1Koz<;7a!IQyEboM`R&_xcdWna zkG0F6xc!gDz}s*1|6_+^=1(2HcMTKlcKM*O7=P8N=RZ;X@Zys9$2~u0 z>BVziwjK1JsmE1Lzihw}7aafM&2N3&_C-m_gyt8IIq526{z)%6%*~Ru(AM$E%l1B- z-3#9@Tl~#UhxXn0*24wcRy=X|@i#qJG>E(P{uQH6IP%ET4>;$57cYElaPWYqCmuh3 zz?t5*-9NuLdc84YT+R1`U*5E6wJGhpC!c!Z^_M=~)|S0MzV)-??>f--QTfM59on$r z*^9pYZer8r?=HWg_d``_Yo9sowL?E?-|<4tua{N5H~H{yrexpQe%6xI`)8cHwITSd zKI5dtZ*R*vwm5i8UenCk7o2uY*}>;b{k8x4uO|I)-sg*3Jvrh=|L6UN^!_2u^3Bgj zZ{=TDI&{eB9aT>jb}X3oYxXlUwsb6>*>S*G`B!go?5N)2SRAUovcs`%>ewwE9T)9- zzW-BWORsqR=OVxF$RW*l6;HZi_-kL!Zl7@D3(bc5H3!YV_?f;pu9?;JZhprPb2hA< zw)Ct|1&6q>biy%ho4JQ4{dV-T^BO)m@zlc)F(TX6i+7yANN~)!X5D6K(z%~+Zu{AK zSKzb*T!-Fr@U0UbXzn}x_vxFCx#R3Phd=U(P;o#{vC+d*Pc{lgX= zh-`G@wNvwHYx{oh+|o_A5l&o_H!EI#&; zMPFaJ>iS>jEV!jPZRnP}&wY8<)z#Pk@!FRY?%(jc{Z-&fjH_TH8^rpu@F`*7l@*X8kz zXTG{|QsXz*wtn#4n6p|YUnELbk3Qm~PoHmX?pP5>J0s_+^Yj-k5B&Tf?H??A_4;Y|Y}?WAs-N5DzH;`9 zhh{A~sp{v$F1+XdOWej~&%Ai{mv`Lz?kl0YMh!W&w54y~?N5jKk$0cwf8_(ebHY>N z;eYhK<;a`1pI3I*?i-$bJ#)t8Cw(zz%^bs=se@1WFudj&spW-N4lGN(a>{ADH%!hw zMtvXxZ(9*8Ct1`t+!Y zQgUJ2E9am5;#=p8ojrH-8z*sfzddr|t2^8OxO&@||={Q=*8|J;w$ zZk;>THE&L%v*48HR_F@m8lL+<4WbEi1ox_sY@F z=53yQwH{mG!i=Pljx$!pg<^yTvpedllawc@x<>-sGZ zZ+?2%)rZb=4*O#3qZh9_sA~D;Qp!iUU+=iL3H><+P4n(x+Kc zpkvT0%WwPThFh;2H8}gmZ|^(doKL>)zoP2yPqxf|W8k#&o|?AW_g&ICn=d_K=lu7k z)ZX%9>#1)J8h*;HZ!LfHt69FAUtF+k%!bPi%O6PJec-$+j`{e68(tEqXt=b3@gc6K~Ek4NS_M{o|w7W9Pp9%fbaa z1}vNX`*)KDe#ABAPd_i;n)K!8p6xr^@BaDAU*@h2PkMUSicxdTW40Z8@~KxpID7Ct zqjK-<|M=1KxKYPQmwI3Av*-;=^R5lq*G&ELsq{1KSAI8ra?yknuljJo&1+wKJaa<_ z|NNHoYhIi8?ETlhXltn)e(fQ%$BcPx$y3v}f4pPZ&Oh#bcipi27JrLwy`*^f;r@G^ zm&|sbR#JAz(wwdLJhgkMZrJ1J-LRnXvw_8yPqs|nz4MqIEkh4HWMt|g7v7V5%@ppN zs;tEaTKW$S4mjz|`M+HE@_Fs4O$!fw@&Vz)xrL{Ha7FH;_r6!Su=jKC-1NrhzE|G+ z>8#77(<_fknsb`RbJWb+KMEbO+m=4%#aCw@Ht?$8a~;p!zVZ3GGy8m&J>!?9Eo(W<9w5nPZ=+_~NrW zzL@L2Xx7uKH{H15&d*Lf?A+>Ycg`Q*@b;b0zWKsC;~##^RQ8*-z0AM$rPWKbS8p4Xe&PZ?)OS|x#&d7I?ahOawp5@0Sg85rw@-Nb zL&F=(ZfrH&`eOCyrLF}_Z+&iVNpM~G=Mm3r{bQKibY5}RH;z-r?tb?74sn@d?%0mT z#;T4V#+XiAH}cNu_4x~Cr7oGfeZ{7h-^LvH#p#)ct^dyT*_V&!jC}RHlkY$JmQ9Oy z&OxU?d2!Iv@5=Y}r=BF9{n;ZMKl**Z)GfVt+}vLMO7Ay%{g~DAvZHO(nH71*cl_Sc zF=%(voE2eisPQpx_Gcf~FE6`q%=bfu7W=2$=D(CYyZxbAV~)LY{rNju^e2A2{wHzP zWrph>_nor)%uU;#9DMqQr^YUQ`Q71X-CzFWlb$2y+;WWPt*1_Z9v_xzIm5>Bnz{!c@89u(B&o`^ECy9Gtxn+6@Azbu zY3KvDy)ifVz;|aa+R*$&>c=k+oA%s2-&rr|Fy7Pg;d>|VoF<;tv3}*ZCGT}CUeqeC z>u4MBaj0YM`Xzn7{iSBdi+69{ymJ08FD>7;%&jZ zzUKWo+nd(z8h><1lB3X~IgyE0*HOt>x?eQHy#eMq+ z1Mj-{BTt{f=chN_f9~=16_33!Ht7z3$)fj`9$0XS<^7jtwT^wU|6OZ7)n8sV@rXs| zawmNFO#fM#_u57;e(=!8&wu0UYpWam2Ns(ecRy@jcjngduXZe~*;-xS%lu_W)}}r` zKObm%vU=xQas5T_-1+^KhJn}op8r+fl!yD6&w208QBObm;VbSF?{gfmEBN`!CvML= zr()LEH?H1v#Oh$*?e7l$@r*TZHGlMO!@?tS`e(h=D}P1Dv)AMfT{!vV72GY0-kYF% z>7i}YUz-yS7oYsc`OaTMCy%dsx%}6ZywDM82S4`tNz+d~<1Fv68&_AJbM>nyTh2JW^4i_!W%Rr9 zsT2Qjjy!IN)$zeAhuu_k(#kU|D~IoV{E@n;?|eP=?Mc4*!ybSBq-zdXvv$?Et2zcB zv3>3I-|yJ?R>x0G&#mlbdghN|uXXf!c=l8i|YVv|rDNpX4a^vYoKljtAGjH#BYx=`&N9=rl zaLt21Pd)YHWnUXgo7WDVDpl^>GD7TgpZV_I3kzSrr|6-EQ{I2UpWUnw4YPugwAzBA^~(!Rg`{P;;94)7Wd|Mk`j?^{z; z^;zYp$)j@pZ{K$0$I~rt)66M3pN-xU8gtOhrcn>(bu2#bz2(cN-u0lqWKQlSR~$F* z=!-Va8u3%|mGf?N-T%tz4YR(t`Zr%ajQ{=mL#|$V<$BxPckY;Uy!Yg~m)||L{>>MX z-`A};{mYCW?PqaU9IzDaJocF5hkbG3*6cHrd>#G1`t-hvpLPom>hIchjOF=FPxkrc z**iuZ9Gq8EbBC_s>B7w~t=S?^d;O7NC%RZROqc0E1d1`Xq z3%UF^Q-8eh;X`j3ytU##8!Y!ceA_XXzP2^}fY}4bR2(of@a3j6W{&V2f5m05zkBqw zFJAfitnEja+h1+3eBiW^laJpxcC)c#o#1oaXWspOneq3B-~T+-FC-bBEPZK#@7lLc zc5skoi@7(YRLy*6xUKQ*4XO6a zQ)eu{Bdh)OzJo>EGj|;IN2u2-`z_)pZyPJGdgR?dKEL%x~TTej@7H4TYPuN;*jy zji34aKGD>8)7-opU-;>U+&=TqFbl~yZ+XhH=Dvq@RXb)p@#Mm5zdxvA=*{O(J^Iy~ zKASw$;gv4@`k1A6KDXtSnKN9z7m~Ba-|@`SOMx^8M!|*`A%|IdR^{ z2Y>Lw%|`@A80^Q5%@{cHqOzAhd-|d$?z`=n#*es9A6dEd^6&dx>R6)RdSG~M!2!=c z@M@n46Yo98h0a=X>MLol|L3dMRu<`wJRvvt!%5rj&qQNOc5}a^-1K?!)-Qj4V)=Vj z&(C$_E;re9-%8a}R==>Qbl0xIM_>Hhn&0o=_I}c;@{+GyS?65x@e!|XE?MyWi;o|1 z&-JB-;3?O9@Wb0J ztW6&4R@b)A%cp-l=OS@=KmGjUw#>`kbeG3^^68fyQ$6(1Wskmg!n$XEy8YP9QH4w8 zkvBZjzW5;jtFK-7?52{9%kKNa(UNlZ#9eEj|R+6NoM4=>oO zkKK1Y(sAekV-Nkl7dot0Px#*tPBG9B4w>m6li=b5vLLta+cqo~OIAh(g1^~WndGk} zjee70&CW#DwCwck%rt9Ob~>_Hv#e=py^v+!b|Y~JOEMS2U2)+bLZI_}IGfwOhkEEx zkoxz(B=|X}R|xRPE6YL2W;XjoC+G8ul5FOJf|(1;-hd9_;1fMU0Feav$4VlDoFp}i zAs5Q9$WnGzdb-@49;~-!w>q7z)^txW-I6^io%0UzGz2r75Pk>yGo*pl9q z-k|%Z2j3GE_|F%ejeN*0`1t+MMi=mJ%}UFPf&WZPMtTqYcSk5JFD*tczFy!0wgz63 z1YTF1YcHw9{}+^_JhD4dkv-tl>B_505Eqn<9$rS_po^1vWNe){5uJ068Z89yH2HiG zk3v#wz=@pUkPk_c7uAOapUa3_fD?xE(dtO5u?QJOWS0Fwv(wAFU5zH(9~B`5IcFp1 z;UyEKnFP^{Td4Q(X4+@-Kvu?KF8s#QS(o!oBlyl2>qwp`ghr`jxC^t7)JqL-}%$FGtJ3EXN-Dr)?#s zgPJ7TLl%L8zA#{CW%gOLv7Qe#N?zXQRx0WuzvvGL^`c@>1_+XH|x`L81s4TZ~Br=OZna!@5_t*0-7w{J*3dQ(9D2T%e87RhO2J&bOB%vlPNRGOx6392&v<0dFCbnXVdc2k|Yu6Yscy z3&*p5v)r64hwva}UNUQc(?qBT$J0MF$|ux^xR3zRk)Jdv#5;u`Bq%>)z4l6=>tNt?K6Soohd6~ly#hF6&Fp%zpe}?~EA)$#6nI!N2Xan$mW@hK~Us`rX z4F1o^wpe@ce|LnWvj7s!^%#92Bi{lLUFj7hBsoJu5F>O6Z%se~7^pEO2_g<37EQcQ z4Dulq3I~wvqn%|_;nanH}Z#12b4>TcT1=9CR zc5*VpU#4IP>Xk8wp~=V-;)BT8get1+l?4?kdJGqS4g+ipE{qGEtM4Hn_d#IrPf^}} zYNIRo2Y88re``ioFO<2T`V$rYpTj>}e|CuOpEkPU|1;9!);~SHhyL%DAc^6SlSc-X zpv4rNhxbb+G2}7e(*VA6;2&d}$!f}^5k|>Az{oq(45`R4 zWhkf;@5F@%o{S<_mY+6_!`c{!ID;MFb;GNl>*-<>H8{z0Z=YLLV|0Ki`lUBZ7x zdK~>{&Fq2y?g(v|(bEeqy$$JsjDvk(u~_w~5FN&#NR#N~&{$`P$1IJ@!O4)4X0c`& zE!jp(R;6{I&5~hDOCL}3iOm6}INf9-MlevNOn;sl%wpoh4C3x#+&9KxKRfH}he zFNd6%!IML+dbQdrXvl{8Sx}9UM|q_sqpHds1ts}qrS_7_S{x~(k%g6|qYFyl!;40i zR#e*aYaQ`1!Or%$Mcp@f9Fe>8-j|;Lbh-}5!hzUqhFkJ5woCxEYRLmc{xv&q< zn8D1;PIj|q9D=*WIh|rSAP+SKdB1_Q)*{HricyTN*$YA;4=;;BJYjkpZOLwAN(VyUt4KeWp4S1b`~>uF!>=XIpofAc$FO9&T{lu za*&OoP2(lbsRIH^rxV<$1{o(o2YKAVS~PjG8X?CABLghV&8sXeAD2VLAyFC7WYjPb8AHfKk7WGq49m#q zGMEj>=uR`H=yJ>KqYJty%#OkoU1|A<+`PQfDwyg$6`+T6q%|9~W=+xQD465{)C&O* zg?a-UqX9Jw7(${D1x;fkG??_Pg6fb!$}6W2k-Xwm=+clOsGzhE4Mj0m)4JFj%jgA2 zcw@3#nr{RmF4!a4tsI# zhyq7t?g+r-D&{7@5tl{B`y@CfLcB+i@PUufG&|e#OY=q-lsn1`M%XJV%f}7qETP>D zM-aI#42Zb+@G5&zzN4h7cz8ki09*8Td%JpO_iIy{Y7`LlKebPKOi4svF~M~dKGwrQxKA1ym-kxONQEiy2m|XUj_#M zJ}w+^djBE)kF1Qi`@gKr9{GQ_gjo3>(VWT{dJd+@hMtqA(_s|g0IocTXrOV;k|P)r znmCyU+$*nAK5J`v9Gn%0Z^YhU;Z1FkDs`JfG!3N4>_-|A++&9t$_!X4|R|+%< zenllI#0yPUz7l2u`X)LX#E`80l1>3?Ke z(kwmtAKeky`m35%`=gC6`M(7Ef7Xm1{NEiR7XK$9yPGQYaULS* z3Asa}A18!(zbNzgPf(;{qeK#;vvNQ-6C0n@-yC%fz|N3h7;}~JG9|biFhyt-jgGHV zAV?Y1W{rx_hi{SjP=Lb~DYr^vD+|g?a*G_f`T6CMd_o{5pS>huK6=ZgWFof!|2z7J z3j8bj$NNJEqznGfnwcIa|IJM6;s3fN5d9AzJ0iLiRByt?Qx#xA3_y~dYSByPJTc%F zJmC;8A#HY_81Oh^%Fq-)hXD=$Pt`Rv7A3LC4j%vZK_)3242mK7Tz2&n;APf`;N$}m z>1wgP5*4velBSA{aB3U5>CuPl!vQ%AxrgQ;3#g!xtf0e!xm!_6l*0MBNwoK|Db(O3 zDg`IBv&jnb0T&-|VhSqKJ{Ob|Rn!{xCyJINuZt+Z;ZY@SCB!>LzaKY5?k8zOYN8bO zcrYf6Pr#Gt#uEn@ZP5wAkk}-+;-WD+_i@g+=!mgIbi5}dhJ!e_6k7|iiHJ-FT}zvd znPX`8lyZ4i50~7Ey${hMaI(!t2Aqndut1D|5MF3}{b5e39)bNK%-WqT>jQ;{=@{H|LXhI*s_uajAHYiy&qtMT5Jw$rNuRLp;_t=orSV9A}IGX@<4F->IzwhcNR#WwLsCUw6c868FU62(uPA(u32P<6An`sS z5N=U*k_Q>$6CFVjPhBg`L$c`3Zce5L8ltBcqDK`o-b^v^oYRZxXf#~LoeVBFs8d?!>sWuujE9M`rW-E>W}@lcXH-^~h{pgev$X-u&1Nywh&ZQ{m!woA z;>ts~1uhV)0f{FnDB=;BbULHah|ygVu?j{5BKu0Gs}Nu$GT0XiAXy+e6deuPa~ee! zfgxvRTY~$7M~Yj;^XC$q18|Q_hK~Pl!h46HY>^oxav`urms%y6_tScn$)gpheR7e7 zj%t;yQDk*%h`0j}oUct*l+KhMM9k9RuaQ<^PGM^nJ0NxCf+5}*X#n?HU0ro|;?C8f zWQoVSh4+cg>fVt>ADIR++wenxIj>}kjtkbQb4DizZzh#JY1Papt4}+ZuqJr!>Y)r7 zG+C+w zhHcxtBD-c$70XsrgoH8UrAwh(s3w9TWl{8XQ7**0@s7c}zzmrsb66I90%#VP)oM&$ z+3!msy8?q5a{D+Bn96c8ESlI1@CCyPOT0RGvYQl3d@Xz^>y}DVc|0c=VSzXe^ee&q zR#{M<%@Hq~Pzi|dNP`r$(H?LiKyrXvn|Q^TUs6D;e}4*G{rjun1qg!}|B`ROG685b zGEAMWzpAXA7pEx>3Yla9y_l2qcq8Rf@yMYfI&#uCTYsIduC7kkkL9AZFzs`HD>3}A zqRB|cV56Ee>2w++7bVj^ws0Y8=XC2G|K8ZMWM^mZ!Jb8zghueV z=bTJ2RAgIIVw|if+ZV=IO*$heR0Hb3j4?r_%FZM%AMm>1Lh8)pm4N%LNCQTr6viYf z{(}!7ri%@D6J)tzN_7))G>Mc%pQvO?&%a^X zMN)Y1RNyUnb@%{OMBcDB{doH6VGYB#Ap_n-1~{kisxsUNoj1Be7?-;+tzf`oHBeNH z0gdizf_79agF7SRS~2xaL@l@)g3B>L&}j&ejjB;x2L$3qLlK}9a{z?lR1I3kOb2X; zj8w-3gFXTDnm}%0Q>P-<1_Csqb)f1_u0d^4D)KZFT;LM(3yPOo2dp)5?%?=f5KI;tA&2__;|fj!ZxY4q4*blEiqZfdfs)BYDQ0-X_c zAm*?XQb7>z^9l9%*8vWU9cUJUxOH0R5`aeF{s+(q$Q&stq@~t~B~chN<@l(lI0EOP z1ONs=Fv~#|6(ddbP>4l65wv46;WG<-N&wn1$})x`K-K3em^CsS+R4bdD7eWfjM)oA zges=A114&4+l(~EJq}L65S{~Si(&PMom7A~if(sACzSGk&4g*9qHA`h*JzvEYf6eqQzWgKO{+O2 zrelOAP`iZ}QNrgFW}~7kQV4}5DI^x(LU}DrF*-3PL~VW~Qg3u^7z#l@1Rv8*O#Qa< zA&J&2LHl7pPv#i+-!Di+8qC;6mY4E(JkVc2vx~q71cBTlc0!~%Z71Qj71p4h5ZNMO z8zVZm3ilf)!h$v@x-K=fZgSM!X(X>jT$JxL4-UV4pXe<$?0LPnE7=oHUz@7 zMx|P`e4;a&MRY(qBm5Z$M(7JXM40Y`OTn<9hIga5i9xu!!m6t@%xw{TN@kR&V~eSi z42xhXOvP$BfdEKS$gUNnL|Y<&Svt%ZL~t7Mw?K9($TOHf37~v1@oPeLlH_v$2?8L4 z&t{NExCtnT)S8l7PF7SDA!3uKOa`tX0Gi+UC!G`EBKk)pJN+Y^0Pgfq=F3Z>xPQnH zIMfK$kLS(d6C|MIYZ8fvl_*6dq_0&j&ERTNdwUg`2sIkWaY~q}Bs;s!BZRt!MuYS{ zo%fMqG4lll_dxbwsz*;sf+0*hCho~;-Va3xXd{r@Fe}E$4PNwYQ4;&_9`y9&?BBnL zfF&%Cmb;9|`{>bD(=agtBpBRXqK^xhm`DJFO2b5R3O#fP0}2KSM3_RsBe%>RvD8CM z!cVtgyaW)C36=7=ML_z12-uk_dBw2LrQjA!;@5>lQLckc7&4(M>f=z>P%K1xCR4Zp z%p@_=BUXzB>vUGQ|VFe2p%QPG@(6SXKUa6 zMWVCbOa(4HeNe! zyyFUqY=qMI7}FL2gatzaKG%ytlfcF(6qp4g-3n}iLKyTpm&-^dLZ!vhO;oRdYnBM? z<6?{%SMV0m_wA%UK0qLtNqk5ql~0KbnIeqR0D}~iO^GZ5y-IF%gQ)iwjQAkk^$Cr< z4S=gAQmYZ%yQLegCf=8AVqTU*LBEF1+{4&-pE=u13z@sDG9?vS2IE$vGZ-|2gF34* z>u=d^n@_JqF3;e8Xw|4e2e;}7V-)8f;0TzpjY?b64+iSs~TQpuNe7H=>J%( z)_D8BjBHDf{!e!V5JCd$CwUc#k8+<(IX)GUgh8swg&KKTk!NAZwyIom9aGM$gEOd3 zqfT09(xsU&ErVl2z)&*0US~qZ@F`JoD{!-ZfgYPNuF(ZIH9DaZS{JFVlJn5JR8=7r@g@(d^FVz#9+R!6>O(TEcy+_iKQs^)Mkrr-r18pV886WWtf z9TDHw>dZ)CBJy{Kfe6rLm{6HAfpp3=Qw3y-a%|U`%xtDjk{1u(F4F@qDBwYcgQO^% zM3XKv(Uc+1!wJ#;))Z|Gf{|5fR}~cEnednt#SlurTNu$^r^_-axABx5BDxkJFaHY~ z8f31RG6vJYfqt2KQ1!n&uyu^=%>B?tSN4C_^!WE*GJEvDyCrBOmv9N}_hW|K=!Sc+ z5HDkrQ6N^zMk68~LNrKFz<5LQ0#n8$HTqJx_tAsY!DKR^T1q={^1*x+TDU4Vd0gO(ifO zR<1%6X)8fGIvx8C1G5L00b&@01^%EIAQF0}=R{wE0~WQ3^9khqP`Ky>wPHq|T{B~Z zg!xDTj7vo2T`5UfGF7|1B=i2^^{alF;lQRyiGzb5;XnMbhMc$ z+$d)SefN@C_L1u=%?nkfxTlIpph2vsPg&JPGEgSoNvsR&h|B;Y$<-5lL`e-&sitEc z@m9fd5v2p>Mv;t^_CTpgr_)sG7D8}oLOiw=S0 z1Z6+a+o3j}M4~Iu3ltAi7l#}HzBwMB3vQzL#x_CZQihyVUapC!W-s)pchO<8nZTn| z=LA4eCO2wgJ#<68?FffLu;_5{Zcr^baj#wUF-bZKV!cF!ShxbGaxKmURCPpklSZ^i z=>3n(heD!<<`-mj^F%d3?ZGrr(en*QG1(XhqJ*nt;k_c{=ZrY<|1)fH{)FKABN+ z&^fqAz+0lu6w}uL-=abujwc((!S1JECpCKorm?cld4?fQ)>)}V>-Yn8LHPt5Y-`SH|7FNEJ})& zEgKhU0B@@jypv)U&yQzGfhwx5TnT*`&D^#ja^nit*2=xVq7zK*SL?J6-s;G>$abh> z(SZAP2-Cg&RXJ`TYA=!`_QGx*(QqL>uZ!I|5knJu84NQ7h$kAysml=6oRV4x_12+e zI!Ge!kDEeTPz+!y-xIz275gm3;FRjoQ2W_bO-#htR*j3;;!;c!tAtah(jCw`Zd!1+ zMzsyM$0|OD*{9a67thlMx84Wl&WI-BhoQ=qJ@ttploV5HZtK z&OMiUBq;4OMUoKj6L{4&4knH^Qx|!}jNyVhNpt8^vLLPd5b?Sknq9pnd3vtp#h8a1t$Z+vV97F%_m+QZ-=>M#=IQefzdU}ul?`{c6imrxE zb(Dd3jaiK7pz{jB1*WA=U)ZJ5q$dV2L>J!g$A67JYGRGge-ktHQE5Seu?s*fi6CIc z@WJ^MI8S9KwpJw`!;wpH6Wb4Rx_EdgLSf<)E)WJD#Dzf+SJjGqf}3}?I(-Vwq<)iA z8ca)lt%TMKxF~%Lb|!!hL6?NkjW(UGKgy-b|D_d-w2r8sP+b)~GgZ_LM^R-326?{# z)q-X`cq#{ja$E_tua9^R(QAZM%!)y^s8AcCO7C>al|d>ha;g?QJ?N+zzKfTL(iGK> z04^w2cZOmBJWP5>C2&k&A|sCKD(wv{7Z;SnM0rldOB!b=kr5I4o+wE1gt+gIRF@HO zJwWX=0Ea3w8Q+`<6~K9_=#%2cYgCg-tpSFj;@O485IBCtpH3cAUS?LQL$!Ay#utqC zWHwWoW=(`kxXCB*_+CA#3KD9X<*t4O$jnEJ|P3h~5(Kb3YM85g3f z8r`DCtc-wF3XW-|dTG&C;7XUsf$yXa!YBz7RDed=Zjsq%`ic?dN>r|}`;}3?E@CWI zD0|B#SV#qq!Ey|!LG4{Nv#m-rD|Dm6(Z)6_@9Ny$M=&IaA%%>Kwgv(t5!AoGGBq`d zVqtCn{z%1d(H?+ke>vjpf_FvRNr7!4%8e+cb!Koy?Uf>3C(4O}BC%Dye&AVSRx+I8 zOo((>p^#9G;)w+Mn-{^q@z_8^;!#pVb-+Qo#}i_lZf8*GC$tdT7L0Te0`zrM0?V|6 z66fYIGV8pb)Uq(Dmv$`+qFOJ-od&E;N%gf7GtJ12myf0plQiO#qsYF;sUv%rnwvz# zRBS%!%;Em!0zB|h-HW#9i#SB-6z(bCTu%3rpJ>{Ww#yWkgXG+xc5X!H5`VJOA}jJU z8~@BFzM9ZL{1X&wNiz8XiR@UhrkN}maJXoqGL$INZhpj_M_%OV-Ts8eR9#Nhkxu8T z*9SUX1&;~K$bEvDJ*Gie9#{?bEivO#XIQm}S0;eXG4z3D*6GUG`|c43J1R{dL(8)j zW7#wW#~y7J2@IAgITXmIln75wY(?$3KPt;DMgs`))%90-91Vr6U?I2$mlCKDirTq;e( z&;r5Y9NV7+DLG?3kpX6+WQj5w$`;mXY)lcc87A&ch)A<4AhZx+03xm#HD#Fv^`9#| zyj59i=2}SU0m({oK_x`S!n;(n4j=HM#HgGK#OT^n45C^3J!1`4h@nTFE{}-^NIzoT zCa`^{HASkyZOgS_k5tDL#G^E_nYJ>1uAbRqw- zWLV<;e`ojH|8`4gBYv^;KoeW_sj5RP@Ms;DTg^mDZZ$HIFwUU$jm2DJWf{}5E3JcU z)-;>NIv(dy{bK2b22+{bNn3IADf?>}bs$bY*h#68huBbLZ#HF21)X_m}zx!Ni@f?_it za)*6pO3eejVZhWSe8GoIjxP3LCzc0Vu@T)m)|9r8 znLSfwghq6c_v_RaqH9QC-lE*K2AolK{nHD!k3$UnyZEMkj{v%Y|Maw2_|LLfd+fiu zC3FS<;Jof{Ab_~ydyN75MaOrB1Y%!(`(K04{T)>Jrw`%omo~cM|I)ML_`l4I9{vAr z332Z~$36gQGDq|gnVSN*I><>T&lbk052c_K>V3rsj~6nhD~Vp=%IVjpsjS9Q+pbIW z2vj*`KRao-x3t~k6y=p+eTOLA8-GiW$m&5>7Eel zxvbM?_M&!(_PIT{`<9TtUoy_bppiu3Oey~xZ{+{%!7O?I8{R4WU!`2M>Zouj0?cdu-?m{xf6m|I(~Dy$AlgBm8|(hXhc$ zLitR849DOo&^A-|P;zDpQ!yi2D>#{G+fdQF>V&yj4EexdfpZbvQFuB49D~y6<`8|B z5w|$xY%n-Hm%0)rb>RM07F9U%a=}F^#WT^VxClHxfPYn$+mRL%>4xW46d*C216QA^ zaHp6Iu&}$>;ifZpAODS46@L<+Qu?%2`C_JGKOD4WHz?6#z zOL9_~Mmrmi25ehWkuHg#Fi>hG_FhDS0%(YtdJ^S1eK^n<0H@brf*jH#NyJs?K-tz4 z_Hm%rjq8J#aYDRN(}*PcniOki@`AMqP_CdDsLFz$579?9!5J+vR)jdjDcvFN<3XR6 z^fSu>+W8{rwlT@Z{lO@Z|x@`+nlWRRAY_61aaAWTMu}j73Ga%m++5!R6x} z&=AdNRhB{Gxe)FGQF4v9RVQA5@i*=mOsz>r^8G!OOsb%J2UkRX{KcBs5XdqIL!vA? zMW5nIg+0#)lMiQ|@(4IeS4!oV5PJ#Gh9t`kLk)o5J-EXa8^b{uElza>5Z=vkox@#+ zufIA6xZ+?lij-rTGGsR=JVa%mK5B=XQ0m%A1G1wXsJYE?k z=cS-Di#1bY$3h7IvM7TgpbOzG3u^L{irgWd_+r4MbBMfRE-KI9!5bqHS3clgC?C6SO?A|buO znVpkbQ$>u|m1IJs(l&?(WS9aV>~VFNs7ociO+|juCAi@)PX@<4<)$K+@_-Y(MM7Rr z;sX+ObOPq{68I^>H4y(0?wB4@>o9oQ3MN)&Q$?7HW-qgnR!0MZl5i+MU!QcP?U$99d$PBzZYXq%&hXVo?N^ zdr9iJLeK|rUje4i2uziaaSEiNmv7vNZXNnTM^ zzP)4w8jeerlvbi5d$GL|S6f+1nq-yP3o4+x;(~JUyjYn#++Jj_9G8j;?Ug0CR$OIa zX*tS8Wx3^*_Pna1+;UV_RbEzFQGmOUk1H;*mlT%cb_$9MN-9mbT^xrB#^4WBF%qAC zq_Ny8Jc4r8$Gp zPjc3#BDIMWosPOeA@3j~ZGFT6D0{R}-|4FvtbdBPbF=6VV8~Z|YdYfk?cn^btPI+F z>asN0=y534?8@U(QH^Ulg(Er2<|~eJ_MiL9PR{?3m-p?X(|>Qy|5*Qz*%?_q^nbU6 zgy(-o&-veT{`Z{!J?H;Fe*TAo{(t}ZpP=8oFH7@s79#@iuYVm45O@A7ZaW+izZrj* z5a{Ckw^}md?*Gzz?0>r_FmEwP`ye6RlgjqPr-2vVH$-q>Kp|UkMq#K$IXTEcVa0$Z zPiF6!CP!y;P%mjLH;|SFc#VnD82P-6&oGmkmx0hQQb#H>Oc|PGvKUfQ=%caJDOdH-HNPI|B3iL@&iM=))&GkMI_?;NSGhNP$k623hnAP6ur+~{O>anr7Y<`6lc!K+BJ zjlQ>tr-`kj<~hV#Ln^Ylc(CAhr9>41vIx)7UX<$by8pi(I>-N#qWDA#}rKq={vcA)T;Zm7=wCD@ybGG>f!>dLB^7a6C1$X!`O{~8(E1Liwya?y8Rz20D1j3;(+qv>8&=vL>o2LFiO?4%o-xLxebJ(ie%IB5-zzN$|o_%q>MC zNcZ%SIzUy9lDcdGBFG;_kiT9*{z+|g;z*BJButg*+eSO zQ#;@dnH=N*@ z|18C0s|_i`j_XXjK6b|@wQ0xF9?^}B*|JeOvoL4m)$Do@Uoia)8&XIF`b}ScXC#1{ z$i8V}I3%bEqzjm)peYf}3^hX}N&yo+;9fQ&0>uu{koqgjK}siFiv7O=F)C&;^B%3M zxOWqe_BivJR7QJ6XJL^np9gACC-?6z+n!(*ka4ZP%S=9!i_GEK%{2&viA?@s$X5Fs zRR2+J1hczSO2x@kh7XiHQkYTd*K- zD8>Uhs77y8^xur2UU!r%Hc9moD zJD5X5vhd9Bsbq`lE)`=K5IF!CwBqT5CK4RHZRFV9GbWcXu4edm@6P`O^dF3cEbhL# z0O(5p$C4H6|0_EyJG+Pe>yE&nm>uTPoImyT1rb4TI7_Ic9+vQbE5yP-6E^Nc>EB-H z|Ht0{rCBXK@4t6XAbR%t$Z9K;6?s#DLOeXo371(0a%d9?m?2(LM$Y=KrHL*1#IyAFIJ##Df5OC9y^yvJsvbNu;Mqsv31s`M0-vKl2z z6RUU_VvWMwx&^mL&tTj)H6F<8xI{{Sk?AB(9Q6K1$bg9-O@~MkxK?Oq>x-!f%FB^Q zzXB3P@sDP3k=vaL1|e4>;2_^+%IC!E=MlE5=n6m5y*!kh;s5#Z_8*A$hK3 zLZB1rM;sRH!B=||_6Gjp&Cb8W1#|`fX>tBP($XzG{C~HEh@_8QO;9K@#}V)$@ZK#6 z@KmcJ2GA*wJ~%WuA-)1L-av*ZfvtgTDJ>Zyc@4Ta8DoruQ7d2Uf$e=1_5%JXLNx~d zG6m4(`EQB6|4p}K^_>6R687f&S2uuR4`8q4F_UW;mpL&xpdf%q_Sk%Tiw5wH>Olj4 zKkOa+%e>#U|LFg;G)o-)pO)1F|J@Nffn`{5_BZO7W-0-3z)bQd$k+qT|MIXG@E@is zmHQ3;!P{pX{AcvQf42nXlA7okS*5)B=SIuR?Pw4vu%_239a zeZ?89dx-TAF%MDHK8)~!9z0J9&n=R-HR;3aI3gLI^neGW11L6eYW;z)ILP<*BkRX8@9+naJ8D@=&>6L*dgKs0BkyuC3 z7odqTPk@(=E*_At5#w2VVQyZ*Svfv2g%zeVf%z{VQ5~zXShH$%tZmWfQd&&KBY}yi z343bsT!4wsBu=6#W-uGL0&;U?lu*Qfw06gM*!&@*5gDDJLKQWAAjC+_KeIZ+{}S(mmu&Zm3P_jtzv)@A`o9^Lp8MZ!3G~iT;xQc- z#&Bp95LE+}IXO-NDi~CBvw&zDGQ^lynqQ!EdUP52-S*Q~IKs zO6{?_U=Ui|b91`A9UdMU84@00vkRYvvOlQT#cMSuV1h|r^Pa{PtKCfDYtKcZCEejb zD$>Jx)$Hwf6dl0$Mb;qM#H&g#Dif@%rXs7ZfDoc<2--0 z`F|Qa^@RN$Iz9jQne|VX=YK|K-1{%tnLYkryC-yE{{v6JI6S-`88BZFa;n6*KPWIy zpVW3na5I~ia`tSi%?95ic)!U{v~3(N-i--=*RW)pwseZ3q~4jCk?zk~88OGw_&?%V z6do(DDlek!Ch^gL;Am8;)J3eZ!yz9YE^{{fXWZeDJ^{bDccpMnL#;^`9Rlre7cByl z_2*hsOT@NBHT{4{z*9h-kM2R)PajeCQ%<5kYcLYCwG43@b9k>gA_ZctO7^O_lAWo> z?JL6*MORNBlS5Ce#q`js9>|P%ZAEhWI;dH$i%d+{(t@$E388A{?u1ks$;ioInL)gV z;F(mMh=6qq_0H?&1fMC&8m9rpihvK z^%Da6lp0H|7Mk)n5JtI(r9Rm#tfU@+97&R*>c(IZ)zlPZE)DVlc*--mW`b*isdhk$ zIYE#5S(&f~4~LVOiHu^Xrpd|_LkYStpPxCwWKKl}@Dacg5Hcj3?(%RTS5h*m_@eXt zRT5Q!q&sDA_Hn1yosk`gVV)1kWb-;Wx6Fqeeol6Jlg&xPqB{Zg;(-A>R-B)rOW4C$ zGpx=%aqjC9S$LQBZ~#B08IE+(#GRlAL%+_j1AvDX4v4 zp@x5&zUwONf&SlTPGGyb|H(>^z5lUVdftERo)Al&a6#DsL`ZHxYUU|j!L|hcA}z}C<@Ix3hGM>sR*ui5zwot2*l|(MZ=^6U znf;B742r2O5>IP`n~N|QqT-DWWig*47QR=si&qsD@&cl_EULVE~U^HnSOLG%?>kQo6C3ug4{LV^}ism<%*p zqrG_<7zZl`@GMHuPd_IF;DStb=|{cb!IJo-ddkDOc*=s|Z19AF9-72I_Usu!Yt^E} zYep3Dm7uItl=($>!2h1`|Gshp+SUCJM*Ok&KbbxHKiw19#={h;L@uJM;d&L|7WOrB zdZGEra1Wu$FalFC8c5GEBA_S<5SHi@oUKkV#1l+t47Oql3rKg-@*BA6GvXTrNRaKVkYF3Khs;>1{=b~$RWfKF*|BFGz1L!=!A zC|x2?ZsYkDD8~g_{dioOR)_%|b?^z81Ob4Prj>$VKh1?0(+&^t2qB)*#FeG_r8dO) zML1INtY99)$pvUuzu1I_$@ydv6Ubh2a}hNNV-Bh@z~V@f&xnzR4#@-%!9 zOx7hl7nC!>U~G-@-k=@@k>!m&1tKZ<0HBf&;)YTEf*pcCnCT~cK@l}MvVcZ*kYEJ# zr+i!_Qeq1>3g%GIZ}bE`=JK*)c_l7;%&=bd}7lpA$Lghqk^Jrbz5TQ3cPRPqNNpNhm?;jC<1wA z7!SD>dATO&jsYC28nO*=n!~12+)bEtk)|-Lw&6ajzV~v5LJ3`aO)Mo*izZJ-22Ce1 zdDj~DcYdyFH7g7eKforKB6w8^UiR$VQzovOoy2C|XU3eT+Ah)gz^ehLr-67sF`M^h zrT)tg*nfG5IsYko-)A>JG<2o^Yl%JoF-K_W;s3fNbZXYlJlgI_RNezW|NS8r{uSZ% zzC;0C>i=8g{Quy{9{BH$@R$7mbnXlz%6+JQZ}MqekM!V^?hoAG zW6%Grp7+1HC-l7k)${&G&-))e?|=NA_dg;^SD+WdDGwYgQW*?-vVkdN`9(?gwGz1< znD*e!3IY+kj08W3fH3sqR7!U!x+(zt2CesgY83(-R~v2QoFGKx{RWdxr@V%o;3*RA zo8%C|vKnf2QC|D^s;IUAu0WD}4)7=nwoGsxvKLjv6v34QePNG4T%LAWm}R9}UYt(H zlrd^l7q?Lz#8@i2v5226s^yWm7@6qUkpWs#}R_!(jOa2^rD1L?Ojy5G14q-QRd4l#y>Mr@HU8*#e4mM_`_Og|KnhNO&|5S*f|Jm!``&IzhCI27y{x8nnuFqvMX>5+ZMVQZowJHEnvC>(~RYmk}l_oZivg&xxj#3H+L>6Pz41& z(t-UFV&Gpn$GVgMx5mr=F#q2p|L>Ntckr*0H%WgT1?*2QL6u)paVEzINzHX|44no{ zLO0pAB$Tj53sm=#^7~i5TSnNFy?MNhWrT)%$k2aHh{gZ(JnmllFT)at|1*00zjsgg zCz0TvzGmWravY_Y&@Rl-b*>&g5E2;t`-J)s7ZTJPAcvRtfu|q3w$k6j2VKB_W?E*f z{--rNy+{AETLQEHFH)glBw2XsB3~lvU|Qb{5!X-T#5W{xt`Ma@n1pD3h;1Z#X+!PE zndJxj z0VqN(UY)YfkOJy)+AJ~2O0~?#om#PCJ!WA3fFhP+s=Zk3AXI-;al=r3ZfQJiM%vZJ zXj=|N-izq0<<4|!!Q)nn#<*(?O~$Jr$stY%P;)ktOMRar_EBH;Desg74aXS54x{#d zWDb+HkjbtFNkEf)@*QcMNc|1JoWjZR=O+jQ{ z=@S-YTmiusJ<*Ac*R;=$>8PWWMAUsM(g(x!^u4uO_70iZkdn9s+A&gFLCKgJLtbgg zsH$>DZeCt#RY|3RsF+4gkb0>CSA>cYDP02PYDVD$n>fJ-tFKSkw8CV-9fNWwLLms= zFszC0PF3Z|5=T+#2zv>vOEN7pjQ!Bwq^MkA?c~XA?J3BH@V`WvR0u#();OVvYAm&Q zf`FvK^oog?PHRnLOGIiityBr)ii}CIj}@qKjVw0u6~k=W2BYEkUqG3V4tK zsx=^Zi_jy&TXwWC?oPW}tr|tlg-8KSJ2h65$!P6raidtYxM_}`-`q00V|2kdy6As? zjujp;YSYk(wrY2aGOxI2#NH-qS`!XLd1R6Fn^=;8f^t$@Rk__1lKoE01n5cy)MA0Ssin;+*Fc-O8qgYGRyYf8P$O$gt zV$rpxBXlFuhLNF_^D|Ej9E#RL6HjXk2L5a> zOa9Zu^8a99{2x)XP;URs`?w9F;h(t&{eMfW|EJ8%?6h7eb07C3VfcT}|0P_1W&yRY z+USD+&q_;Ai_`zk?z#WzmSBW1ya3b8sBARw zTs8tVrD5*uJbTIT!m_lnnd0z*-27JOq%>DabAx*{m)0VTZW*1GUos|~Z68-uHfCT$ zY11U3D3F`p;w$ln&MUP#^Csy=x|@p1@+|q*qI_3*e!YK??5%1TSs!o?8pDkn;4Sr5 z+6NAwXwFC<6&}dfXNHFl^i{Ryn;TqWQ&rK#X1`9T&TncR;4zQOs?PJtrQ+D?EZ6w4 zjiWR2nnG3QRaT5?D9s#H$jg?ZjFI`R)t2!C4NkzWM zS4^5XKoFY-gngxB>{UhXL4yVsXSNpF{mmm?k|Z}ZM&uwnV z*G(KA4m3472W6CH=8wypm{*Z$E|V+y)(meoXU-4hw@ebfC8I0rC-EZ#?$M#@^wtbd z;iT~c8%Ncb6qfj^bQR474Sp$~ciD@pGJ<0RY4#DL8(POrsuQC;<5H}G0QbzOksA_*g*r$IzD7?kb*6hlIR?t=9^R^mS$_vkHwAvd({vuHxTQ#D| zHKM4&n{FK+cAJacgT{{%`Q}hjYkF37cD==KHk$`D<&E_ejrqU!uCz%}EM0%+S9qsB zOm&!5fPhGL@Gt;iDu3McobFXhiRm$P)=e%d* zyw9^Iq}Gn~xF*2uw0ca@S~G@RnTlddX{J1*h=Tzd20EN@10-hHj%-X(AvLplF4Wwt^R}fyHvzmg#$Tyi{qKFdIkT2znm3+e8Gz_Y6AJJ|vnJ)@eY# zCy--O%>Ge8!esrgfo%+>YfWTq#XDr6ci5HIVEy@oI%=}9)nv@?b`sZ|tSzC_gEe`- z9(RW6!V6(Qcd+eT8P}b0m!PNtMO&m#jeAqVt!tzmGt_uJIg$gC8pl1F)EP>g_35$2 zQ=-a{R+|J!8>L9wBuO&pwR!Z|_eg1v>m)sj1yIz{NI{fo!gT8UP-S>O9>enq>PGO; zP=wKF-3EeYfT1`gk2%S(Dbv(o!RDn=e>HP8c6GD_r`IrezU|HuKAB@j(@~pNGLq*Z znATBu1<>F;pqrz$dQf=uAl9irP&auP1LXS6~|3{id~a7V07F zDX5t0z!B2ufro*6Vg~hvRPCXSCO6w#JA4FgA+g(r_aFuLA;J>)IH_Bd97>H2-0!yL z>y54nfS9Dy32#f=qa-57xxb0Q5yWp+W4TGqC1``l_1@0h&JUu@cRRQ@v;66B-yR;; z)&^mf2w3(hiME?EC8xb+qX80~HrwvUXmD_>mbj*bz|h3K6YrLw66!sJp;<>Ub~3EA zhmKW00$|F5LZ5*{ff>nR-JJvrC#?5rVgYXK<811P3X+ajSputJ*BH30O_7e!~A=7lJz6F=eeBB5<0~yGUG>Z&jvGv2&3>x`v8Xb1& zX5{QWAfQ@!>Kfx9Z0wOCHPkXy?f65DWXbWlO%1e$4pGuClXE3+XL3v(dKA4aH8Po)@OK< zZaV{j31y`j&$@#sAbru=_Vw%IWDE*glSqA&g9jJ}%6rh$CTJ5gayKLu*0eozcGMqz!I4=uWBOURWSmGh%*! z7TKxepu5PSRKbwxOL& zlu)A=!Ej*9so{H6ooiz8x&_u<#Xrs|zvCHuz9Dwj^MinfyTbzH4uPc_1GLux#)l9w z>M+Z7)lJgjxaM3j2K375sD0gA*U`3=NE4lPAgzl`$N{x94!qa*TZgWI#DSLrTE`DD zvI}>cAk|lOdrEU{XNip#hX%{c8FAN}Q9VvNU~3LD7l$=Il(CfJIoYds7R%!d@JZT9 zX93(Z#;$bayV_hFBpfFX+Q(J1-`184gV)ECz% z=jX1~T`YpcOQ}F^>6Ym-{OY(LXu)K=tE15tfh0{L2}BZ_>~!3Tp=^76usG}{B)kAnWLoPn}=!=)%IpErbyd1C;aCXSc$LcMK`$x-tN z2|WUuQwYX|Npd76TfYv^G<}G!8p4pw=E$pejbQKz+vN=I3OG`A%n(e@9&2#+i?j5U)$Z8x@WC$82HON z7#LVH9UJ>j2Tlh|K8zYi2xRN}Tw!el0-AHHiGbWO(1^Y%9q?UB_O_N7c(OaB+pQgK z?Q~HZknUPr(qP+_bQc~4TFn}NGN zB0)H_eO#J>b5*2ew+=B=Ww8t*3J(ZiLZ@ngGCOpzTsd{Mzj0*H@ExQRs`OE|W!&wp z>2SFL;kBEsKG}|mXt+EFr|g;(Xh8>1Sv!Exel(Yd3a--Ov_UOad{=BCJvf_9Jr{2W zD@B??I$O7$$eFeU5uqeb5+;U8*d_pbxY}dEJO`=dWr5CcOLw)c@9ggil)|6g4R7+3cncah@Ce~r`=C(UoeoLe4X%D!-)qpAZ!_04xKmYwN`yaV||9cO)+WsdJsUMWapKpJ>k@LUb+W)VY>+OGLXa6B- zd`J6ZFnVkM_mDqo|ANr_2c_{{`hUCs@h;LW zY^nEKw%R{~{yxxG*pyF%Y0M=u*TV?~*vPr0gNm^^ziR562_Wa7+YgnI!m0lNl(`Hd z^OZC3&q?{~H=w;Y^+|40A!PnO74{gBca_ESna{IrhqumcRBE3-6{fEHB>Pnw%A!r^ z8=@&_VeDY{j1u~*!5;pIGyPg9u|%?d(A=GNh=H7B=;7jZCqG?!s0^^5P}kxjp^@(% z9*V;u;Gf;njP189!g7m69bQ%Hx3vEo^ZyGn?(gekZ|Oe*zc~MGG%)mL|M@Or6!!Jy zg>vJiym8st2_C6>eCLg2w3mecZ$YT!Q zkle@6P2>Kvfy3r}@bt zG^_dDcuamhyO;Jng=KhQ)AW0-V2~_GgKD{Hiak_g?@3{D%Ic82rlqvjJf@ z{eKVnP)W8Fo=iC4bXT)taG3edzJiw2gD5iNFlUzVi$!(yncz!_F!`kxMoyZ|B9;kM zJ?Ih*q=@5*qR))t{Gnvjtv%E(obxPnx=hXAdW&ovd7q3}j#1U{q@pRSYTPovRzzu&hu0d>YPzj z3viAv@zw|~+VsTr^5xup^W2wRBd6Ulj1$pL!N*!GmoxV~mdx*G<9eUSl6|~P_A&SW zm;{d(N^-(fdAj;+n2W8IuMey|&8(|_$ye-Ou2xI-BL7CaJ@r4LmqqG05dtZEMc+pVV+9>ZvWwd{PA__hek2>Xz z?J9~VLfF91KazYtVIfyEzZEgAQ8TlyR`3Uxv_+XqbR>sfXqCy4K|4sT}ruyd4J zlpkY+ky#~{*IQKcoG1#Sk}pW}gCgUZpYyeQqxP{(EHNWrbANft`r&H7ew%0Y+&!Ku z^MqPdFiF0u&zzK~!jLSb87XFY6Cx-xY+&s#e$e+fX6M)+Z z@96HtPn^R6*1nuB1DsZrq4VWxS9+c5bDXTFw4a0aO(y(hfxjv0SM)khk@GoycGmB- z>guymqxo*FB6|6z$j|gUITGD(w;jz*ZgP{G+~g)Vxyem#a+90fGBmo6fK!Spp5WxT{f(qZ6VQ_Wt?%n&o@7{g?|DL7L=X9v5 zuCA)?uI>W@hYcd(6(RpgP*PITR96Qmsm6M$q@uQ-QUOp_(Nxt`S5el`R0WijRh87# zAb|RRlq)Kb2t+s@WCaO6ps{~m53J_z|4;Bx`|&;f{|O-0#~+5oA%anObO08INBz5L zfb!5#Q~UGrS5{H}-T14kE2}^NrGGage+2)_#~&7eCPK|oA^vC#3Wfod02+kC2BWbA z7$Fb}^CMxA7?dJ39EC;V@QP3bS`kMghLVU-vG0$H>na2T#RvYV=okE#V8i}R zoP3;!{{h=4!#}rwWi=%wwcpvln!1X{FZ=(SfX0Y~RE9t}!AB;@dJ0MUJKrUukBZat-;meW#G`XAbGQd5AM8c@@?^^}HM zkCvL!Q&T2t%1KQDYHC1Drbn6Kx zdHy$r{OSJx7yN=>@IM%6=uMnVj3D1P1pff!xfTF_e5rL>HX8oPLV$KXU?>3jtsX#4 z4XA0{dirZI@C$yyFZcz2Cv2Sm1)z!lnZtj`U!VW0DXISc{9j2``Pcd1-vK`z{S%_F zM0g|ujtE3S@gzSS0v8I448cI^>+|0x+W7Ccs1e&{##e@0SbYpio#anh4UwDt><=^8?4g zqCn!`X>KsFepN+L4u%ea2cV!(e-xZZ!lMX^cvL73Pb7T5tw0DxA*h*@Zv1v-f&56V zt@ywD#=?gEZ^#{#_`jXTU)aB@lBUYBXs~hDSg1y*40DWaJQ3>laqzdF4H|emL}3(fYc7KIvy2( z#$j~;5-s98Cb5|JXZF z&Ha6%QFt7fgM<^|KA~`8AefB?>to;~$Vv`)e_2sKPZ+N{Ih5349<5^Dhjv5>iFWAElx3f1yki3V%J& za4n>&hBo3ahv7Q~D1n3~qJFXrB+4I7!VoEK@Fc7c22J>mK>>6K2y`gQV|{|r(LrF) zpw4*xX)z_mBmT4k#g||({|tdYIsjY;tk-}OL4V;#qH;_IYDMZBC=Vpa51JVDTMpO? zfxv+y2I@BnK??Ds2zCQ7xBxWv2bW`PXKUr+=ws;OY+>tTZD($2yWt8qAQVm@MBwnq zKWk)YZ~2?E+Gw=V4>;NF{j0peLqjoWil-&vF@HeL-rm~M(AL=0$Hme5_goSP7#{=* zPel8p5pW_ntm40K?&M_cV{Gc^Y-wg`3_4f}0`dRd%clP^u(AFFr^+C3s{N19_^bV& zhQ{yjf2*l0|GNMAw}9SGaAyR7(*${$q%W=vQxXSISOgA<#s=t%yEvOEXo>IK0o9}G zhY5;+z@tOSzG(-PS&uvq>{wSJh41?`h4l0e$TbJ;jYDFq4XqKz>&I z@x_mX#vq-*tsD44eKQ7|!Ldkk#&?<_FnB1qxP-$%KMq6S@F;MX3A!*8(umvw^&5Gx z2^=3lBGV`2e+x*6DUt|y zMRG_6g$)P%;DkVOsKz-EO#s0Ea4g{HY6IA>DA^{=}fRl*05OBGI z0GDS`;4%pg<_4kwvOR#9kf?AJ1{X>;H_)+!qwzQ_<(U+U!vYATH0Wo*eIkg4+y;pT zS9L@jK8nnP85&O@0ud;H9LGWXM*%nz9z;g~>mUI=GWs1J26_Rg5CV$0!%Lomz+nBA zvOp#CkE2)(93v0nv%`Yy`I9gh3Txl15J;iqr7wsx5QPW31#SQVLLit!sX-ujQwMBK z1{5L?2Z)0*AZG$9Fcp}Z!MXv713Rd~f&S1*aJ8*3P9~=CW8LqbQk>jN7cA8&Quz1B zVKBG|vP>{&EJz&f4@BWeKm?pzjwAbNvLMJDP+c|r%WbBiJnWyJvrKpCd21XBhGC{S7;rC<~Q2MBO~P}HC?kny0x;TS+%QijrF$-O@y zjD=BNf2I-(!~i~&40uE^pkM|Ar1ys6!C?i&Jv=}>%5oa&>Z%&sB~|29)WJkm98d^A zfdy(C1?uYs8sdPLmw2o+0J0eq1MH;;eqHPomHa^g!3{td3DgBpNr?c49CM(k>K}0@ z55WDv0i}o)R8KI4iBmA+QJ}BI0?Ob^>`y8OZXZw~p%j^aSLhAZ`%#P66_%`5cw7jj z)(@p1LP~7)yETFQfHldSf-?<(@&{Mk!X|PZlfcq0cg;G#J;8CEu0AL#;nR#$C6%YVQliUSA9H{&uIB?p9g6av5uL2Sr zNs5k8LMaN87IrqKlqn@v@dpkF;^3}h+crRf@UK-@l>FJ0$f^OQFb@Epu>VUOU|X_* z`}hQc1_;XF&(V-85ELo$@Bu|5E=P_R;V2s?YPbE#jn^^7ic@+P`42gSpK`p`H>c!I zP`mKG2-J2Wo`j;5`=cqeu;e!qmh8{gt3fHGWn`!p33BD*kAVm1=qtwpJM;k+Kvots zZX}uzih+aflI-sy$fUp?BTz`_I^iFBAgKW8>jQFVIgl~1AtDe3Di2vapyi_Qa0C$@ z4!VRu6b3{1jcdy2%xU&0FpA~usW!g;3NsMp|V2}bo+`}(AUaJnw#4A zkj1)DCjhVXQw2{f*&~4-H-e&zL8N`CcVHN(Qzm#zRf05CHPZDHn`<;!iyP`nQPOvy45C!t- z2Qme$n-7vQNm81ST@%@QK?`3uUKlxM3i|QyrUq)m@AaMH0e_o#%-|p`ij$x=AtU{f z7ir18Kck41hKa9-XEq!i06IFbM^K3k&p~Ez{Uio2zi#Ux=zu_SH^@ccbV;TMRwU1X zRJ|tv)Kep}+JH*F?xn>5^0FCpvSfEgUP=QB;Z)4PZ^I4tiBkK|>&5`)j;8iLcJ|Je zcD7FX;^KhkMkP;h#6tne4SS`mTK<6o#g|KLcsbx_wQ!~?7N}EzG_~8(WY`{D1QFW#q+O-_70Q0RHRW|EsI0s{H!?|L*|m_#2_{!346- z{wHYsRs2Uuw#+If| z(2YYf==$ju`B)rAdET&no%KBm)ZEd~-hzBb0Nf(WsKJzA%CgY)!z*wjOY{LZtH6|%WTAghNGXA7$bP2_$SA?oV5;l5D7eA)N+5cr^(+D*5UBv}55mz@+&`2> zkwSjX`nj?)OnHOJe?UxWstQw9Ccpl756IsPRQsnyykUgE{|Jr0TK{RNYy9K+&oBG` zTR=i=eHR5M1Of`ENGOz|30R!I zyO5@i*GmSKmiTzbnzj8C;9$BI3Q`i+eGpEeLNjS0vp5e5++@E6^a1X27} zKa>P^l#=zw8@T^RpxVE&g`usvskNOsECl&)r|}o_zp|!==0C3gm44a(-vJT;Wy*y@ z?%H-;sl;$PqT*?>B&a0Rj;f`n|m}xxF10_ll<>_@7m+rwD^W$aaSTQd(4h#Fvj%b`HH6G+2o8_> zjXYT25fy>M2Y;_fW(5wCg=02^^!-B5IvG`%8kvk4I&%FQ5;?+eLb-7V=2Bx-6akP& z1!N=;het=FkmO5}1Ya`qzKXce4bMh)_`VcTqTomX=MNT=j{qq*t|?_3G$~qPjKfop zIFKkJ`3#UMvmaQXR#(|zk=*a~`+$H9@~3g5-mqIg&_g3O#!z+xh4KapL&~K~z#5Gu zMQ)tXZB(L2+=L z3nqn9PnJOI0a+kW!{_8_5FAu0o0QW`3N1J&14?58Xc^z_pQ;k%eg1#f_a7=sfAIZ> zrs^;M|95}{U{6{<#2_ecoW7$`R2NAI#F4<2o*xQW*A3*luLV_(65ghm11XexqzbAs z<>VanR~v6;=S#h zfB+O0g{N3Eg-1XFD)EN^{r(pWp_ZUd?}TD;fuMnaRtrT15(7ygegqiO59<8=2}JK? z=;ZVRLMV&?ClD0YKYsy>O-(GF?HrwcCQ1Ifh4PgP`FociK5_Ab2SXiAT`ip~?QEgW zhUQLkP+|zU)&sr0k3S|V1Rjin$^G_B{-h>^d~6ThxDEtTM-j=h0Rb8k9O4fH{XEEo z1Ym4uV{d6~Y63|7zUxpprF(KP9QYF&g&^}oegs8G{*3`U1Exp}`THGIBuG*b53VT{ zDc3uw6VK0GgGInWmxG7G@MH%K{r*eQA04^=g$>v#uqBvmd~-ux;zP|za6FPcLQs1= z4ncV!3)tA^Hxf|FpBj~;d};>$?RzuIV+amO0!NqfygrRn9)CNP0HqU-B{%kq#)IU+ zhrodK6wD`oLL>oDLRf()jQ{U-1o}O=1^qe9_1mXK_|E?m`7>9vlktjTcm5oZ27jVqhi@<(T^T~)@*T1d$ z{V;8Oaz!oPkhU`(9*+K*J1C4u$)tQpMZS!K$Atpqi5Q8aGy~--_rERT@e6*0jrkvg zf@48{`5%b@{Z;%&MdSB>|5aT{_1F2&-vU3yeNco z(=%&878~XWTfVSR>BsGVJ%g=(#?z;C`(pj+)*#YupP?Za@ZUUe72CSsVOjC)e1)@| z(CgO+S2aH4N?l*xT;LiS>l|B&E_J9HF)eLsXm(vb?6wwTW0h~n>mjDrktBL?=MGWi zYvQ(+jBf+`*Cg#c`fm;$+sVVO7qj|0cxc6M_3Ts27dN+lSaF?T&65#G2zkjI_T3%nW7=!0U51~vEn059+<&94V6A^qa#7TDcepaXO=!t-^O}!H{pu5v@>>6U z$;JIUXTBZyw6=0^b!Tr@{{HPpjjyOD=SlN1iqx)d{<@~B|7v-1-xbp5@QAgUkcxnv zUR#w!jzq^!d>yF_K5|5CWfHP_bAf0hu=X{#e=RdEYV$ZZOM+RP=bO2nBPLxRg=zLP zW*`o0apntk6vd*Jy`;JIdy|eeho1j*{AyTRH(LxB(Inm2IF&{yHSQ^{=apJRgg6;Ucu6=ZG zL&xLSbnmNPuEguYP20E!3nn?*1l%W<&R^w8(BD-4vOOoHgP%7>RQo}TOmi2^NJ6-` zbNEoa>j3-8!|{Cr6ITb!S@0`d#7FND0<@x>rQ6S3YvyS>IvGw}lCxY2>afadI>dH4 z;q63fH;q8;Ub=U@Cp)ZaybAAgOnGqn^}DTda}B?p@I8K|aF@$Hx2t(a1(AU+UGw7U z^V=C68N>E-9ln-eYD`ZLdnU<5uyajNJ*1RM26>>*0ek02Pu`iAw>f;sFJ zm>Pv*t71b)c}Ph|Cm-&F6IWmbX&g*jAaY4X&s#XJU` zZfTZiqjhXsiOcAEWpB*%d`fz1Gk>Y!MOPD+q)kDWCA3@A=#p78Nb^7{yz_qZ{iJ)n zbd%puzI`dUkC4MLU9~5b+%yja8&}cJwOHMAPz?0&UTYek`*cldVm>$w5fx8gs_{X< z#hZUS{_4o^CJg}#s2DasnVDoCu62y%(Gk<_#PhGa3pkh`rqYCa!Q~X`IAr$SWW4Yu zTwnN92>p?>Q0^GR1b$ZfqYMxBK++UsT8`X1MSH!l>=~y_+VjSn;>j`#1*6!P-t@7j z?sM+uIPSbu;MCeT68 zjaP~h54GiZwUzVIQF^A=^kE{L6AUudsBdv=tu2>G&mofg`Pt8Wt%N+Isbr6&@0EHL z7E<1YmpPmesBe&~fuXr8*W9S@ju<)WdB|cc^Y(rzzw(L%U@YXEUF_&0f^kIY%9f0p zfJZd5Mw@x`(2|k&>`O>XchMY7CI>CDbD!OXa!NJqtC$GlxNu<8QGOoqHJ z!D!IdQHs*>F4qojJ08vbyrG)0E?-S#=JPJ>*SHtW<+U`f z)e(~krHmdo%C1RuU2zw=(5%qUg8jH+y2JPmjW1XK0pzJb@zDLl+a0D46z5{Z0!`yM z2aX)vw*5LU!ncDnt#6A|Y`J7?xr*ULBcmL9@e>;OE1exvyZa{MMiUeE4Au;*IYPoN zxbiucC|l;f^(Y*YD7l*YbRQ2Riy3gh#m3h~?I6vo)Hs2G7pKyl1-t|d<^sDG#5-0= z@;75SuAO|Oe%ejBrEHj_2e_Xl9v({)4s6pb6XJL(Y{m@PHkWa=uBb}Vcp-L+Mcftf zw(VWpHLPB%9S<>R1LUR~668haIy!XX$iS?ECmhxX}`1{6u&wAKA38`d`)~~AfS1v7_ z$0ZXqp!5yOiHN$~_M;8~G^RrbUoZq`Zle>qAu}x3o`1cZ*()BUCTFe`acCOVuRgBdy^R75xy2#WXdSxh#l3op)05V9O%9 zvHXGk1^4a48hx%qLcvT{^GEdsSgvq5c8@>3(rqMg{G$5o3033D11IA@$;HgLUEC~H zKb+-WRquRZ=m-n4vS#rrKV0_E4kixy8cu0u#o&5BmZ-j|yUKC1vKN$Z0ui@{3s{U? z1Xv-@{F_`ZuQD5-FwKw>pE_S*CJym)vO?rAw-7EcEvoo%Al+>z_b{=@$~AbEk9-V0 z7q_R0XTY<#^ms{WX2|_#1}O=ZlUvrBu)*}O+`>oAfPBxjy_|kfv7NWW8V=sPOlC-JA<@Jrb z>|=BjPZXHb0wP1cp*|i&G6^_gRHpGMoXtE8`ax!GioyK)t?6T(IysXc4}7jqNlcb3 zE~pp09Z6)k8r4EPb=h;D(}^Pz6C!a;!#t@5m9vKgIMox6-(yivbn({YCQX0Ykr`vE zZw0SXYj=T4)+Tp#&nC1!x=~09WEAT@1K4F}Rtlc1RJ$m7T&eD$0mrRmx@hk>E0)bK z6Z4<1e9oPf^^`P-+H{d?G5J9t^N#BxM6S&@SKZl3q#I$iY3B_u?}2q;zl^06b6dTT z(v+dAju6sDz6M zpQ2+Bhm(oB4y$uAr(40y_qQMT$b~<|E*B&@VpJq+IeT7VJI&3*R$Lu7iy9b4gl$Xa zjgHg#Lh3bg%6L#RH_m#Cy?mW+kVtI1>)2+ZawzH;+$oiwNtfv$(eJI@r{_u#zT3Pg zokUi)0nt5&^aC&XDoUN=^^%*il9RNVhK;>q8&>~7>stLhoUt1*l|A4n)>Jiocz{+s z^?ctnpS>f!?Ne`DX8X4m!L|$c#4;XsJZ{OkWvy|CW$s~VG%S~CGh`MCv9GK-m5e(4 z=78tK@yxk6mQ2h*-Q-#*9`k{YYd?>scY*2d19widDr^!FFfl8Vt^tZ6IcDQ+>JfXN z(?*Hkmf}85SCPt6e)Zw(o|{Ejh+BKf7Cvv$z4|7GMcTJ>>Rl_i4ETf z+4a%ul<}qzwk}_Kwffm%K}GMo4YNwp)jE>>R>o52`KNJ3MTm}Ldv2|m#dZn;(j#%F z%{a97bKeY+4mt$O_;MYxJZwy}yM%;!I5=ieSLb@6y5CLz*|XU_Qr0D0pN@M>vc%Ed zN{laQd8M0wHR0m};e^L1#~WwrjbFN6r->0ruvH1J&#hnSDEquc$z;}3{?yKb$)o(6 zyoNKa}sCboiBXeq4kPpJhDqeAWFYH2A?}wn~2eVNRM6R_0jxkGs+CW7UOsMRY zj6%1FIQMG$iBoFj8Z^4WLLcSg;*&5~9g&6(frHU>JJ`5gh?jd@WS7n7)6ZL5HjHq6 z!=1m;*U;3>LwCM5BKQ%Vx7k&FQ`&9J=oG0ADV?iI5SnpqKW~+Z&KX%Nof}84c%g*$WG<_xjcjmR+H%)wX`N zr|9C7`O46}=LR?KV9Vpq__T0GD?LDbavCfxQGZPr{RVzMl zmyaMzWy0Bn3IW0U-scX6Pi^+&Jx~*`!Dah!FV80?8qXfK&yJqcNkY0dm;~>op$GD= zvnFTu=)7)3%Q}fTSEN+BxD4-VtoIh2#)K*F`Fu!K^Z8KMd(O461IiqyX^aP@IzDK~e=c?!gj6tfq|rOyfz;Qo8rhtC ze2FJ-O2)w}zM`AXydKNTWlYL;)#yf4KYIEomehWEf<;o@T(a2g}NEu(Mu5|HG;Ib&%xe( zE^oA|60e|ZmzrLgGAv&JJh#o}?IHzfn>8*XYFaMi2L}n6Wv(jV@)+8=+ZVV-i9#bH?k~#inFkvhv-Ua>qKI>w-2XYe9M8 zb(PLkb)F#67X8y(gd}!d$SJt=aPR)gcL`k=51tD*yEc+#TBcQv-oG?R#rPAvrnd*RUeV>?JhvO(;NyWDdHCqC8IL5wRpg)&BU6_5 z%c1D{yLgxaLw!%+P~|@L$iT&-zWz^s}u65w}j9tWR|?drOd2r*~D< zd}Q$?g{JWFl3SRak|I~GX@m(M+V>J;gO%cg}*y$ot{79;5y z7W3{w=OJtv0$esUu0^uP3}9@PXIrWRKObR3?7g4N@Sy!uXuFiQh&uy*@aXoWDy^zT zh@e~P(L5!rxL|jo?Srk{V{+VT$On1J4Fqk8WV;r>COK2l4+6uCr4zXt*OqVTZTV7N zeCtxyjghyd(Qi{`Phi$uX!anxSA%1VYirh`kG?$7aeUy_0F9-sWnay9Pd0Zc-}5~f zDa1<32L?duv8Ic=s_C~L1;xPQdw~)ixL_fBIREQ6$3B&e+XBd=Lj*5v!I>{s9)Ey}!%>S1l) z=6Y4~*(cviOmszFXU>T89-gEbVG!q5T6`xuW+AC@OJ>@18hSkMMA;UU><+&WeU|}P z3P(BfTq(PCwterX!YX=c^BP3gqIj4nYx}&5fkrY{uc{_2mAw^W*ZDrQ#^R(Bo%^O@ z`J*{-(bD{itjmy77fS@QKjH=kQBNtE4Zo_}}?2qG>y2*M*1~zz7G&t+} z7Z%F3vN1fC4Sx%d%TBrnOeMD7MQ89dr7wsr~rARrVx;hbY&c z!YtP2Jeg}d`-g9cx6bvb(Y*iZ#>>B8F;_Mah8d6nX7FohrMyR(IPK-={ z<+ZzgjNQQfve_r7-JYp&EB-G9GdqPRBQlPUwmQ8YEPeFGJiT7jk>i;@Vej;1#!0gm zX%_--v@Kusb>%q!WpH!~(ck2=Ojm1&Ua97tDm~_)bbx=yyOU;X+w1FDzfG1qSAjwo z?#D&x_1?i1p@a9SD-H#{yZcx$9hrYC5$Va{9c6lkTV7~SiUd+76X*5?e3#tHY(m`$f` z4_|h0*2#-??z?QKbv@jD?3AR0RdLx`96d9Q;OSn7rZwn-v8Fj z=f3aDEFTN!cF)M9y6v=;L$LClDlD1K^PieZXP|6x;+G#enD%N`K0YpqQ=8F+_d~1m z+=RZQRkBDnhV;)LC^?-SVjOguC&eS6GuC8p?_99`n@<<4KdQ#NwLZm4hxANOe2ljc ziSqHkqpfJ!E~vxo%J_;)G%4MZzUO`5q)nS!+~br3qK6KgyKem=@uTBQSIiyivryyAB&kk@Q)NBE`Ne_M#&!}lOkLzZXD+0XB^fg&GX~FjFvXk5X%?S}ElrVD7(s|dLz->^Kn>9`R`IduP z53C}bYoPlji1J6R?!E3(>yyk4t`OLQfb=x5$=wPRa%2pB@X@kA{!GwJ*aTImyjokr)p6u>%;0#aaX-j7` z_0CDWW3J8eOl%iR4Rn5a0iQR1*CqwdnPHkL?2w}JBFD8q@%>4=qa3NYW0U;*AAW0; z8K-?-LW*CQq8IMla^v2i3F8~Bh$XIA*}2E9&C*AQ?C-zY;jaI|cr!oqsFZJgifI~F zMcVWhgXVL|#ifS{yWJvc-$!gu@LIxYS%0ol^5Zmfdz<~GMpZ2CL8R}_!$*{#(qx6) zy?UA9rKzi4C}u=Z-^8C?+Zn2J%c6iMJfzl8NB%~;*~LJC6``7_(Uz5M<|kx?Y+4aj zoCn)o#3WbMv-g~e@W#$|;7^{24y@Wb+KITY`p&UP=EY{ldrF6oym>C?cOj}}kh!g$ zQ>LPsGljOfaP@-kv!!%otGB`3JAtg?FL}c)R}S~MV6;~gpu47D`a%>w-j+zj^k+Nq z#gs~MJhQHrb<ouc(Lz4Aw$_36%{LfSOq0f)+QdyaOeV_5wY`PX#+vifw^s6i%#Igabmc~Jg zyF8h$2FGH%vbf|gJ6ZYNHs^VvgVZI-dL61YyawCy&dV=eF|1kfw)%pjQRYiAC7C#n zY@Ryc?SZ7dqsvwXSx_1A?5#en?BRkZAPa%MQ_fscrP~hy#sqOj%TC5x}wT zRT@)l>6HSJp9f`pqE+ouZ*|T!gSN01dH#OtUhs}%&hp1YV?(w zk!0n=oABJM@j0(I*PPshI_H`GTwLwg?tM4!XFynFmrh2dcN`hwJiugXNRY?hN}IT7 zw~y_hK9SbvSn~_x&!0IJ9Hh*{j>?U*Sin_|)#ROEzF0Ty=si+)*|0A0ZlObo@2)xD5HNd80<|)FI{8qTwJXi!v$|v=lnc}(b(JJ%^V) z)D;+4GButFgw0H_Us2h1T1CepNLC87t-uCw5xp(vASn!e-%t^4z3ccy>V+?Xd=__r zk~@Mj939hvG#5WO(6kKl8Km7P>X$k2>7>uXn?nsL40P_OQl1sh^r}tJ=DKrnzI2lT zk1yZBsAb2!Kg_}vLDQ**FP-R3%aV|hGkR=(zNfkk8G1rS@Fo010Y=c0o$i!Tw#yc(4OADE_g8I7qGPitKg+)< z;T|it((t+?D+jOJ5Pok8ca#~-vqIqMKG|vc=g|7UT&K_@M7+7`d zYMi-SD880H?H+RYK}3|qgIiZwoeghxCo+w%SgF);6dPE^@>;Ql!^FG8Pf59Q>?%Y=N_LIdE6wS z@sasg$!3XWrL@8)?P{M{#EX=E^6Uj{wEWM%hGV%>zEp-ze=2v=cql66=X>_@EN4aW z*SOwmZ`qnmb06Bvl4_WR8v48WKbKjsbSI6kRnEyjUb?^g09i z&h)}=3*iWSJ%eu-Y3hC#`U?hM~?=n z(v($Kn6YWnH$5wUR06%~;Ez*GAIdn?(@>UO=>{D{%$g1^RLnkoa!UT2fZw_7=9HNu zTV5@=Ku#M*U*96*DmyBC{+)dF4b(dS_qb{U=*kT#rls=Qn5^EOM> zHr-2bX&U2NX{_ZE``~z1eh|IAuK6lnH=kgRseZ~B|K_-!snr*U*ZOR3Jv8YedS)gh zUDF)h9YATF&?b>9tZtDHx5HQ7EtWoLOEl#4IjXNO2=#WBS$fkuzg_-#P=lVnFMl^% z*UNZo%aUttH;m2o8tw}c^?mQ_JCwr@4r=i{D0zD9{KEcrOMR6xfdl3rN?D?ZdF|w6eo9%SdyHYjJE?A4We8tO!4ZT6KTe2D@v>t}@BuhM3PBU*( zILfLl$#zNX)_W zh3#rlQ042B3(5&bc7m)ibPPJF_NG$cUVkK0i=9i~P}so5IyZdEs@B~yct=oTz=Qn$ zV!2!wv9>z7cPQHf`A`U^Tb46e?G(b>O5S$V+~Lg6G+H~mB*cfzMVCIcTry&X zy^`&aXRd6iWtaVUv0|q3s|Tj>kw{Zf_il61m$N11BO^D_Iv>YdMxK~vP2BS}-h5SA zPWSPc`hHa{K}E%xI*$m4>xOGt2}7+k{)ZtQa_kC{><&pR%q@~eHwlaaiQFC8iv>^7K$Aimy;`tvI{N` zMh+_7TCPmzXoeO5H;-t=tk52kmh33!nqfdPNq+R-vK4mvOu7Sm7Gsc}#{HT$(Xst^ zorIorNO4G-d*u?(oImNzBmt$u|ndR*Wy|O3;24@^F|ZR6*4^f3@&oz|TlvQ^-Y>X0PY0%uUVf!za!yrz2<{2;Komgd0Lf&3-%J_Wkq4*=nCfaj8r%(H7 zCcNM4!7WN#{q%$=dz@S{PdaaI|K4{_+Ol5q#a|qSF{e_tZ}-2wpMG$t#pq5bi^9p+ zxOW+uNxmgn_w89n%pkzlEr$T)JsSF=P*!maR(EFd5Ozt9!Pmg9>f}ZL9o2mAT?Lfe z_HNJ3q6<7slTt`@?timqp|?_HnV+{=Q1#jKb6(L$Qd6W&osRt>7@N?5C8F{rG^L&yNJWQ z9dB>gog&4q_6O`v&n4F9lMYWD7-HMHLp-kOx#^Bbm0R)I#gU_zV^7ePxSRSLSu#Mk zDJ*!L^LwkN=#9&JlXvmOj=8)Wy3zZ$?ZD)n!EDW+pU+P%=BbS(UcD625J6`A4=*+5@@5 zgYK5Nq$VeE+T~Jx5&mP#C0m6g`#-iX8SI!?3ywt~!qyfq>5VS$W_V+_r>pqu8vo*& zyj}F_@i)u8{rh9X)?QxHd-}pBRp0I)BgfgbBS$*@zU}N)4Ow-VP|$`4=j&|yvgRuE zx;`j+HFzi*g?O^|MYuoH!cXJL^B_xzOuB!!D%Nt2env}{<0I>G70K??P2g#5W5k>B z>UW$=``zB!`#Cl26DWA{a`)u(zNOuh`#uI?%pi0JuYX0+mOOm3WNR|;V3%O_NtEyz zezle1dPCa;yA`QT(#KKqXACvjFMO)!na+dI%OB57(#nn!c8k5r?DOC)uZ-#~H{h8z zkDy5A9mu5Yc{$qrclutVyaos%&PbXFn*Ak)m3BP68n-=nU6arl)HyFyv{pr{qtO)_ z!gD~se9P67O)TOn%3bRWbVvTWGy z4+S(It%{*fXLPw!*7&rttonY{uz`rP`s<@zE;c^rc3(K4S3Vn-tSR30VVfT0{b%}; z+e@*pD(^ht8bYzyTs&yUn)O0z2zfKDJjnUU$x4a%$Ay(Lq!{(40c#fv-3yqlXY`sg zOCEl9kJe|YpQk^yKVV8~ODB!;T-cPyLJn>AT{V&H>qE`=vJ?n2$a`Xb>4V$NLK zQGzCOQ~jx=X9`12#Io9g2M0tA9TlT<&JY(qH`&hM5hTAZ^dEDx3v-;$n^+!2wsUMNkxd@wj_g*p$t+B}^ zQQkPELdT5%B!j5Lqr?X0GfrkkwkrJ$4HZY^lcrwV@yJ>6iFy=2L0b+9yhT4enf4UI zp67wcDQxGR$uRYgvs*GQEkxYYdMNjWw;O47(x79+fzzcSY=9eQ{<*}*G2L;`wpREq zeda^n_jc)7irnlRWoPMxuvLk}P-RH>oI85#@*ywMYth_Ah3!Pbp`FKY4VSy8{644- z**{&>VoEwDy-&^CDP3i>)9BKd11}p=K9^6Twak)g4OFgN7CTRL6nqx?sW$!4#bL9D zqwQ)R985dgx-5kA$Abim(`~J8iQL`6Ue}Oj`Ce7WrKsC};q$!69#$1TOiwwh8!Rg) zXs(?0XvybNxD6dO~ho5SfTC&h-BSwz;L z(-AFq804&`OwdII++A4*L9=1omh26^P(EQF)D$McVpH8Vp?k=w%UQWMsrQW!>&G`c zSZ1)(f|h%u(7>HR0nk8H+~$4CS}U`;eDCxT%kv7-1jJNp3sffd@m{ zNwi-1zVxvIN9HYYC(md3n&Dk4CympKWP3G;;?md^>^NL$R)Ma&PmSOCCS&n{5sy-v z*rGlgEGta7Wk&95J!8xL;to*~!y@asvbbX~wFc;QZ!hm{M{2T0)CPzRwFBbSmiLEE z4po(*AI7(I?XwwC=ju+V96e+=+^)E%#WKe-^fE5*U@1@1RB4@UV#?95Z5ENDY!3d` zG{QBdCo*!kPFOX+j#X^MLt8yX?#jBhFU?xb**Fv^G%M9US>mdRuo-X6C_igup{akG z1noOIRCaiPty~Vx>!}K=%SDCTr%kFBi`^IegV%2y3!b%=3(qDkZq|?Sg;HxT| z__7{9t&)3ThmFfkRj2cp23U8aqqp;%(>SV=-*NB6*OOS+g(zWq0-a!^-JLq)ipYzm ztKxN{R?o^XjMEWr+*NZ2-d*eaX7x^`)#~;eN2cb*bbJLbzVI>B__cQ_(_Q-&fvcqds;fh}rDxc&j2+9CPQzDO$xruGb?DkaMq+x&jGZ)rVf%zvr_5reRj0x%EMM zS?KkgcN_%=9>60kY+7%sLQ^Ggy>x2RYixL?`YJp>!EPUS$V*!Q$@ zl2aL0!uO_G`A(Mihw9!raJIc*ck~hBLc$vuk@>7)uF_56>*;)J1$EO}Yoe+}2Iw8{ zai_j5MaLo(wy#|n+Pt)LNAIQVU2k-_4%K9ZV2gGVVU2V2+-cYJl-4X1pW;;Swoh{T zzLGlgnW_3Hk=v|%afMkirBOdIxBYx`+e6UGKdzTikpy~N3P znJ1>TuV?p$nOw9;eC9rsd#GH1?T&RHEKbLmxAF}8l$eH%U4l#4{7Sg$3?`Lu!}7e~ z>DG?Q)P-8hK~Zb19yYiLFvi#l!CNhHpQmLYLZ&^l?JS)?W6NuKPL%y>K~6#X znIt1aJT*vlg~}(_6J2)XKJL**)*Ij zda~u|+b;I=6<5w`&|41JLqleCd35xUbNbB(UZ!fx7kA#ke7aHNDnQ4pzI<%{5`65N z8|MnfH^1V+rwI-Kh(LG0+P1+3M_=phZ@NAOcDwJ*&$rw=&$!TA0mLw<8PDr7db#kA z->*4CYEkxCXc*;qBw~htcBTAKdH>D9EYH=1cII7Tgc;QkF<;S{uBf*?%>|l%pL=;a z_s#^O^24lz2zI%a?}}c?&DODlT<&8NrR`w7ZRpu0+Q0 zq{X*HmF+(1xwBcU=U((hR{@6M`%Brjz*xDM>Dj<@FB81FaFdHi!ls9zvFyt`4EK9h3D#>AO4qAD3YZ(2B z{rBDu@};``hUFJCk38#?i( z2KP0qkG?^FNF-eGySsAM`A%-#?Xw;MGO^!YxIB7&E#;-|6`?1JO1Y;j9t|!9hKv}! z)TrKpW;2~@UNVG8QD2Y$T`HTv)zCANpMfI&7`^6=<-n=SJ@D()%hNUI~N6MYk=lG`OKuk z?d~(F+h$YEyrg$bbHC>r$=ikvv{FLasV%&uU2XRsHuN|(7;CrB+hIr494={Jr1rv6 z&yi;Hue++F7PlC$IcYZU^IogAs(<`YU}4SO!)IXaWu)T=(eg&Ed9ezQRgI(Xy6A)M z=I#{?RIwfz*-VTz966hQQ8&U?C=o(hhKUzRzPRV+#{2FK`spQ^$D5OfJ1 zqZ#?Uk-&Is@mrl*I?==88+7}0mSIgHQ_$87zudM1iguhinopK`L{k&`KbE|@dHt+z zjP2T_726Ju`)fT1S9f-)u6|u|n{J!_8e#b5rrx|yo5Z-nb<&wB9&VTI;({L>PN%f) zId$=EniY99s~ItIdY>Cf`W$fuwe;~B9!-ftW!(}SkiFQsiH_yW&v6IN`c6H| zVU8cmv3-}rQ3Xjg(Q2}kQc_RwgqbzA57V3%B3jgh2|ki}S5Bb)##&PWiLVcN=hs2M zRV(M}2lHt{PP=YZESs0HuB4z3$0S_)nfXxGW(7vU`5DWgM?C2V-ma>IUf-)n7$#EFfzXif(Q19)%Q#6);S-SAw9ch#MW5UFc=6}La+?7r?FPXAoA zLRd2j$>-<3$yumXN=R%NS;199P?>gb+kH+2o_g=;r94B1WUKrP4$(J$eo0c}m4p1p z&8oz4z>R|2TtWDD6VLAIvcXuj@F2IFYdhGYq%{=w9P2oAIf$u7<^HCgu_j!@^@3QN zsV!FN(*a z@V}E_ET4;i#}~iB0RFH;oV1OHH)U?dnVRgPB44C2 zz{rf+i$%Uma`2ht|Fr(cb6cT>_TOcS9|r8gQ<#8Fwg0MQ@BgUO*J}&?&vQJc?1*dO z6ohuwik5}2;O6FmM4Qb`l~Eb2dZKo=MFxu);hfp1UC?uo*GKn3&Jml!=q` zCqF(((|>JejT?aLKa2fub*P6x;ZZypRoa08c za4~DMK(&+b#f(-?_yRo=OXIw9#)DD8%IAQgW0e~)q%Y6-GO6I? zX2H_e<4a8nMm|ReD73Iq{;S*Hgc%ncB)*A7$HoOWU{2}Sgh1f)0nw4A=K~`{eLn_B zCbsu{ASjskd>|-#_k188JE&%S?gtjl2IPKRaf(R#xS||#`vGM+fbYx&R6OiC)^QS- z`vH_F9YcGL+Q){!o(HCme*J(R>1fyURLn6iW+lwZH<|L|x$+~b91+@j=ITdSpl6IGzT2KdFo)yp2 zL6&E4p^mEjz#?;v<4_RgnR_`DF!=!`@9t;sV=BVQ1B zW?g2f=qe8`bnVQ(M0NO-dAestES|mQbco`ImZO-&GZ#`ph|OM(i8?$U1_z1Ba+%}v z%Mil}t290L%=KN=^ zy8aijK7ZBIpa1gnpE2`~P8@F64?^b&>X`2Tn~ndBF@YB6f6wtOiQ_>`wu@02*dE|k z1G)#EoDvd)amEEQH&483=;US4M}sIdFk3>ukm$+^rG-9PxS|Sh;A1RPU~S05X5aNS zco_MZ-Eay^qM%$TNU2YL5J#s1cpV__X#GxY6id0Kkx#C)bJ{$G#yhz^5G%gV`N7qo zUxIxk=Ul~CgI+5t*{$4}{)LV!Tc@W6z+5SU?YAfc2QP`;oxQW8lhbsSxqmNxoh!kA zU;kh3>r!-kZWVvMfL|@^I(M@B+R{+xwsd@UX%N}+41ht9Io_r@*7IT zJ>b7T=1TZ43_H~B#OUf1<$Bk>4hrbdh$XRoba1@4zq=!rvR%(v)V;4u0sPm$Z)1D# zCk!F}OZSz3U9vq7{&nu4%5rE2?J{=l%t2)DX1Z3oMWu9@D~0H~lhgl{JMJAi7(`|0 z6qJNN9mk@S96-Ew!ra?|71}sMx#KWs(+?cr?SrI>T&e3qYs>Tp|6!b>pS{2y!0gg* zHoKso$u0z=bK_&-)~_K{4?nKD{1?*U2UPaj39q9o$LnNqBu8JUP5M^}&Hr)<@x$5b z=Snw@ZwFzL4zpy1rS7je!%J=m2Xos;hi4~yuiu~T9loV*$00BfPMFD<+YUSnJ)5X0 zDigiHobe~+9M0fA!kJ{_|NL<%ET21<_`?jF#11rx&3g zYXL|Gz85jUiC+O_{y4yUIVH*zO_a&yAeSg0<5)<3;`UKkP?$gNGkN{fHaT}4Q`UbS zU$XMwdUdh>pW}JEdw~8Fbg;iEMp1z>e8*)RZL*^WdTT9LtECsE+KTengtX$XP8f*g z|NBlsMIUBdxc)cLy%vp93P{= z7t54dFV$DYxA3EE4g!UuC+|2w!Z9Yf z;g!rsVB^OWLtfPb240Pb`s_O~5>^SXkx4Gn8HDOdQeALmacUz;>xcK0R7nP_Kj>L% zC{-G;@o|wgnsOW~G>$Zk8rZ${(JLZesJd4)I>@QV?7A0MR&?b$*+Id%nm#@O^c4fp zLc@&)psARy5)o1?ufYh^O(bMc#;|m(!JQfzqaAMb1>;NwF^T(HF{)zlRHiB`Xa~Ta zTld&a4L?C@#N>5ORCruV8n0UcO;7`;XVjR$oH=rsSAt9y0j((sl{-;M)`Hu&Y?}f! zK%es;y(z3C!6jd^d~Gs=NkLLerk0GQi4WMz zbaJv-j7k-vRFdp^@ff48R!-N7om-wk0~K@$zy?@uYREIotvWPqvVehrL-i1Ty?m+a z;w6gnXCR`QvLRwKipGo{>Y+iBscghMka)bFtWCX?>7A$qw6jz-h_S|YTAIlur%{J! z%M0}}@<6!6v^52XsSVDiUfj5f(-ee>I^~`i7aF229`e*d|ni`%qd#0#r)_mX(?%d3<4TRaJU| zjoCHGv_$jV@&4A?o1>G1Q|UOF%kAtQ?;h^#9&YdLVj@z`TtZhD?D~JvGlu`a_T7&2 zMD9OR<$vJ%v-1CXeWCwxxIqX8|xyg{RPHS8*O2*vMVQafbFCsDU6fX2_1@p*1odB zuCt0K!j^xJk^fL2=mD;(Ak;Uj1 zEHcDf1sSL1xzW|C5p;1?M3^XpRzg3@crXsK8A8Crb?U2Q1i{3@kQQ$vrY`rfPZ#>VLN@PLJN4eb_qL z6?>=R_~huvy`9}16`yi78<+CubR5dvpN>y zzjY#x-=7>Go$f;QI{@}@@9@nD)Uta3oKOjBg*37IBfN;ycU$}WRMpmdX#EMbZ~N%@ z=aap+@6N=#qy3#-NPN8uE!%p%zbmLJ=+yT9*51LY*x5SRddmSgj{wREWs|M@@NO5A za!}tE{C^vRb7D8>%o$!+p_eCTy6A_!)7@3Eb+UJg1M=qN2*BfTLJ7#ScZg@zhr0{~ zhgzg&1hU}!`_tW|Ejzng`vB_{du(PdEyTqCglEkDuRJhHs6Cvwjw$;;@One`U+Wti zi~avOp5Jmp`q z48jY1v{_EU;V)=r8;J18>y7F{|Nk7%l=**>i{Pi}|Ep_5_dl*L?tglo$MPvwUvtnJ`0?P?a)Eyo#H&|B zkq1df%mK6IO-vxOv%gAA!BY!pds!=0>V=h()D?ffJT4;S%1SQhc0{@XIl3<;zj^fngRCufsY<);+zx|c@D^U?cC$qaYB*TKT8Z0 z9kTK&lgPiW)pn}&-3BJ{Wfn{D7sdva@cp=mmqT#8EmY>W(Ity6D3V>*LE2^BBIhmk zozM+zw>=z@Jp;6OuWF{?f;c@TT>DMA_Dd>O1zm>z+wc9~1?m&z73b;cB8=$2dX*3Q zj*qr)+;Q%$gd_SnBYff#-gzad3Y%=&ffMnST^wIdq+tmi?u;=ZiZO7z91NopJP45n zRw^vJ1jtsI&`{a!Pv{AyES=zeE52sw`Vk#$j~hvg1^$)sAgj zl^2cm`bPW3Mx)hsI-QM|oyMBIv0k++FJ7*-Ugn^T8p)=*PEWiViZg%8SvEJ{_t^~+ zmcqof_xHa~UV3OtwpOZEW?Fi=TuzB@!}G7c5FW`(k?;lzha39pJH9mvEeB=yM)mp6 z9vJz*kk|3GRV7*Ac6UeyAE7c{)aA9`n zypXO1!KGPdXy?q#S2C?q9(vNqKm0sG|5K|r7W$v(c!uU*hsb!kI;QLYv-Y2jMq_dQ z_biWe<;p9{5AvQ9_N?&QiA!B4rpvrZf00urK?|YoKj|62{-4J8AD?OKzh0|m>3^fL zzF7ay@nl^A2??ZTExy_mCFL?qYk!kfKe@LjTgUHM4=a}IiBmIbN3B@jy~rMpwNjN_ z8;3s97xqJ!mIup~QeAm65^QCXB^@43n}f_ZymvB{l+H}nPh$X6(X|r$jeqG0dFE$m z{iAX8+ui-6w@-BV|Cbr=f6Utd!2Vxf#Q%AgXGzeK%jLcnJAq$_mAajMHB`)Ym;E6w z*$sUVI+p^(zCH!%!}3)uf8=XhP#NG44|3Q^*@k5u0K`wRqn&(;BPa z_guWwm8)4R)v=m4?j1G?8WZ?p$7w+hNZpfza>*@hVkCqhbbobh^pT7%vGJE680%A| zmg`^AP&$^4eh`=CL4?8g+m=V)RGn*B=XMZc;6)D)MlfEu8Z)B_GJ8!m5&Lb^C$Vg& z=8ew~is;CV7jUULTu~sZ3d9!O3x@F+2X{)%uQJhypUPIGzSX$N@98Yb7Q6exIEQ8!6-rw_y2MYFeVQA*!nuN&7_u80oGGxg49TD?4DV zK+3O*yaK4Cb-cXYxQx)Zg;Hu+92F!QxMUJca=iur4y609aC=ault)7X^dgSfaX5Lq zAM}j3lruFjU+P04ay-ULQg-QsO(0koYJIIIR*A!}VU zg8f}-!G1T*H&tTRGGJ)^KdI*zKU3EKdShc~|6i*vj#lT3Q@Y<&+>$HG+7n5S1#ah+wxJ} zFu+_^OrbKJ5cPx5wyvW?%0Sy-vIfB*0`$l0Uc-CgxgDo{-}WfZ4CK-8Salc-x>w#k z^dLt6e~O$F^hvV-8Lu7EYHX6uk}1T|DKB@ni^4j$p&5`0BlDh@;r`jFV8bA+0TwP@ z^;i-B1nbWylq0W)AtJ|G8D1z|5gPleAy=LB9X4f$Z*s(!akvBYwuPQYF6v}hTO6&d zY8|j5ZyZ<%y2B-3C~J)rnDAOJRjHF-&@NWl=n#ULWs1 zwGrY0-8qcp6}rM+7s|pc&W;QdRk4fItH4b@q^CRQNj9>nh`Fiu%)qe*lm(UwtTsp7uEc!ev;(4mHGX-T|ErsRaz z5}`ljmP;$Orl2dWf$O1Kes~ttB82YI28b9LI=DnERB#W%(KyLic4b8h(-376EL45v zHugg|2$gnFO%$U@376m3U#p=x51n5Ih~O7r>jRi5vwd@W5zBnXL2SYKOK1~Jm*=JH zAKLKgAj@oe>z-#=@)UCPaMbV!gQA#8q^0IE`3&3QJRm;C!sZ&x%kWAjV!~~dE-pZl z2%o5R4tXRoHlLpE3%WK^Vud`7z&k<1o?M6AzR2o0K#0aSljA9?MtZ41HCi-+lFK^L znvu(9Mp<-V_V^2|%@Ps6?ft!pBS)yaPt&gOG^d7>M-JMzh0DQ7HIEjoA_F*>yzs{_ zd#Van2B8vZmbva@eN>1P&^QXiQzEAHjpXMB9*^>I+Y3Bfe7Cz#pXmpFlv@Hhzv0GU zB-K?C)w`nt(A*~qMQp;Q$u3?}qqh?6XYSN-#N|jM+e>*CNbk(hrb6YZ0gz*iZIGFB zxs!pf9HVSpIGdcQU?}gQFV{Cew zd!``9)K8`wvXG>Xx!gAGBof`|esL)$;=oC~Gm?wvPN~wlo>|&zlO@1-jRzUg z2v(DcCR6hk?9G7FGP=2}iYYHA;F$)HIoTJGZh3ko3`N4}j9xO0IQlBOVU_^m#*Jt$ zMK2szMQcjp0L>I^2Lxwiv|D)Mtt=EIxujhg&)LqUB-VC87`s?D-&US3_}-BG_oSZx z{5(ScTW>7%zt8dv%|D0|h_7E-|65zw|3Aw!VgBXTF+UzWc>ZgZ`ubx1Kg%=2{ExPI zD@9i&XSOqfY5ML*U>Jyhf>w3>V)7JlbC3F5)TdPzT{$J1X%)iv}1DVe5NF4;Epb?YAJ>dt)i8iSpLCmALFr0iF^06G$`0ZC1E#-gOR@({5j0xL!wtw2( z-rC+hIb%AL{t87f0u20mf3hb`N|bxOb-F8p!7G%US5d$8ioW8nri(>ZK@tU_Os2~h zOb_IZxPN9!HpBWSE9-d(z?Ai0t88TBzphm`7V$rx<#~ejFGy{ZUxK#Q&%`DK6#CTZ>r zWQhDx`h2pLANbckMmBT8FbMM^3IIe76}H`hXN4*<7?Q=JQAredH>8;&&3rT<)9O># zZ}Yhp`a+QZMCe2g)QN{{m_{xz)ErdVkxrJ{*{Dbl2AEy)CL!M$ywTXFz zTI^pD1yIC|Ni|9>!gJZ!@k_akBSuwCL*!uK16Guh>9@imI+P+q3wVcy;n0?Hly5$g zOduF{01*9nBqZ4dn&y5O#6dgogfc~8*AX0i-0M_?EwQFb?HtmPo9oMiOzf(UXE&bo zFTvizSKAkW%|nfYrsLaV#{dBLZ$(nh>brEO8)EawO*HnRrjasnBmL5pYwa(d2jop5X4V=-(R|gPjTbll9=hvza`0u zKH;^0OX8sy|4}2J?(V-O@#MGvEr}<-{|`MkpY#U6CGk{u0Akag>=wYKoVqPq2|vU9 zgbY*%zjO%V9Ik40x&-@Wu(8q}u}>^}KijASKlVn7vKO7G* zVgFY~;LXGe`*DoGl>NV2sSln1tu5leKF^~9Bo>lME-+3i^pj!xA;s+sUrX}pl_>C9 zDTv>Hmlv>PFCJ0hvne-)&Zg^32;p`pkn` zHJ>+4&Xog+Tz#;^I|5L&0>AmlNUcsBhB)ZC?WVjur(&)^*=aUS&$tL(B{aGH|e9B>Uf;MQhOkdvQxMUbm zoCn}MnZ}F4s@Sw0&$@T)l~f@ad~b$Qi#uHY)1O)Be-vGPPW|uN#?bx0AcHLKe|VNh z^7c&?K_L^h;H%qZKWf`-`C!Bth^cx^cnN&(z6o2?ZzGPeKrm^VUQJB|+Kht)ByUO>)mVIzT-u;@-)v!gFp=LS z@(SGV>-TSwcz0FIQ5+`OUd}29zyY~S-}d!BcD>C_+74cvC zjR$V*9UY%8@)O6I?%aUCw$mDPVL;_TqHiBrMc8gQ>%AI$+9dDtps_*-h4j4}##dE` zy7GgsfD0`be&*l%!#-HbV}DbqZVxr)Q$CBaOTU?Y`IK11W>7X|DT`xvV}&jU4wd#9 zn?kV&{Ju)6Z$?r96f*#=%r9C_obGAU2@jnN@25OUF{4J^K&OcgFKO&D zXE~FdBC6reD}jbB>azh#;<>=cAQ)LH-r8E z(D~n5Wqo1)^DGb9+2@lvR-6^Zlu{S{VpwGlIBwjuNds0G)|Am+KV6$>yAcKRH?y1f zBoE0JnJmDZW<}Pv4Ei?$W1FxeW&i+hnd2BC6RS<r?Xo&qat7+LDunuV+s z$F}2k0^WI{Z8}|E0hs>C{1*);I&X@6?;0}z^J6rKir}%rCpo{sMX)T_azLi#%XQS* z3dRXr9#xpd)N`rijY@qOi0@aG&NnI%2lIDP+1S`Xp}JCUR904XZuHjB7hB6QAlaN` zM+0FlFl$n-JEEL2P)&y7qNF+RixN!7_wW-Kq&CR)yJ6@Do143bN4tk-tKu*?aDY*> zchTX33b0a_?+E|I%3Wl|@+?w=#8T{x8%}0?dBlrF9DrBY?TOjjSLpANeBWI9E$PRn zu|>10-(f8-(>#5nUMVbg{{O`1A^U$bWDI*K zA25yoUt7!W|MkY&BL45QJbK5Ln~dE4<)%sJ^Mz1vK>9e1wQmX^?DETc(I6_QiII@> zIT=dFtN2epbZ<&ui{Ho4x&L=^`t#}j(c9)J!9JEASGBb_6!Pxh{uu4Y5EWd|t683h zt$)1A<>6AmwDn&bivLlEx5fH@jwjLd$)gE*0sIgHA7TK|$h~nAHGsY+rD@QFVE|=7 zn?g!qTOdR-*$}*=dq~Ha(J-3&#l_lwqUS;DpGj-ce;@}ib^otq&wtk|i}?S~^USjU z>uE1cSoSJUnT}!X@@RHI5r8CnHs7pd05EDn2IhYry8iJ-$fxH2Yqf0rw|b+xxc~K8 zo-u0~r&<0@ZPU^uU}!N@{t+1$tN9Q9JZSw7*tqhE*MAju`(gQivHqXsQHRuIWAsYo zDH>peihkp2=Au7ND=EJFPK;42irRO7ujc92L3N7Iul~7=w1|T1P&j}1fo57#IYHm>9tEHNVzg}ag&3U} z_0mbpISqBrD*THO7<-$H36i1ul%orkF-(pXV#MYsH_@ObZ89^a4?--dwh1@FFg!9N zv>8W@)%2>P%XFJ`k-Ve$1`u-Q@twG6J4k$sKxg;fY;EuU^_3T_$ih4lAb)veI(A;E zHZF3q?!dEEjjPZT9EkHl_X5TOU3`AEA~rF@(EtE+a#V~2oeI&>gNZR+Iewy86vZ~0 zP^E?sl{hOy`Xo0a6^_s&sgW{oj>=1KH5@l8O3r40LvfzF7CKSiy7g5*lUWm%XbrmP z*JQN4QmU3J+*SWZygNGBeTA*V7K?8(bN8p;v!>I3c_Y;vCLmMKf7cpW``@+3;{5kn z9zHXS9KL~96kWk)ps^JX89?>>$~Fs`wr{^JZXfOJ=Gs?I`&t!05XGJ-1`~il&Iw;* zC#Tw?U8N?1>-Vw7$<^g%?H+WEx&%GEwP7!ed;NTF*s6Ji5KMW?llqmlZst`rxky^m zJ@8jW9_QwhEJ!WFld1jf(R3FvUO{u=qo?boVd2IDx znmR3>&;87>|Ig|DGj;#3uh+BspK5&(|MhvEDgHlrYfiK4^h5#Vim8%ViEK@5 z>4!`L3;_oponY*jPmKN4PV`WRkql}ThAid)*P2OztXIiQ#Z`7`8uwI=C(2eYpUIIY zZ?QbqnnyNc*jkZq?`5}Kn+9fjKjeMD3WEp8!;(5Z^v@I zQpy|d3=snf1T_SsmxOp}Ar|v2C`J`N!YfXU_KMR*Cpg6&V+;17@_mr~@0|$!;!v;!R224iOS9%b0QuQwO~|N`LYz+GXdJkAp4-~oJjEq>G+-CPul~7= z^Huzj6l^OiCE(|juSph0iK0sXbp&WLQxw~PAEl`8x$$!T-+q4OymDc#rfmzAQ8sz% z6SByXd4YN)ye!Uu4a*``)&Gg|QQz@TPv13{&;M=zyL9o*N_j+!{#KRB8t9G{Nf#OA zsAgo9hM`0*%Ky9m?^1bH6fj1B{2)YO_w*?BfDfg{jk=J}w?p;eZC<84?XK3;cRgnjD#F% zy{zQM#ns^>FWiHuA>V!r(*u-BLM$pa3HydI2_O@mWME#owJGrizeomyTzRFlY`*x* zFL|{gO6DOwP}pLslKZR`g-lJepGC1KYkV3H)*K)s@_Rw#vV~&GOA)W-C}6~{&2kws zmSk+7Xsvkbw4j7j97IJ2*uY{n9nGsCCD_2n>!7inJX1{?8W#blUk(Z6oXdTU%eme|erqA}(;G5gkN- zz~fb1w`jQ|gI*XvCG8=e3<#K}XsA60Lck;m30B~_?fZ5RIz$PJ{d?fBkaZ7i`(x0; z({ofA%@_e}10#SD4=FFa5k3%Td2>ucc`-dlqQ+<>rRgAT;WS)ZGn>MW8|ZcReG zku)Urs6}lD4xPq3cUaEy?|XQQb5aXA&@IV3=z#(w$&webb3yc>;SF@t^5Os(8%TY2MCU)^|5_m=POZ)mgx;R>T~LeZmB!jO}9yZflm96*=v z#g%n~%_(4D)xt&rcXLE46>g%GOR9pk`Wv)a$KHGO9hS&_I?r+v7vlHdMZst!uy^-^ z-uQjhw5%v3aezxWM0l$b-t0L(QYL_wJ8{|Z${=~_ddcPkW&?N60!2S5muH!&Klujx z2Y<%y|4iuTJo({gn*DEOX#cO&8jJgXpXC|r)-EI3PEwUG*59B18NdFO8hd^cFxCFQ zI<)>b8Vmi;vpkQA|1&-qMk;7%ewKVj=#d3IdH!e8`iIxB{RAAqH2V+uoL&Eo#rFv<92apvNB73oL zd#D0})em2p?@+cXxcCcZ^nUgVLButai&h(zh)%Ci%H`B;$Rn;IG4CYD1evvPkxNDG zpQ)%>002ah*TjgT=*xu1Av1u;6agT8Z_srq63izUqnupO-E;|txpF5ZN07=U-&I4b4RS2XA-z)Qc$pP$n6O2J(=3yrw`a3KrUd&+?32|7u73{PKTwg#NFw zw$T4S%QM^h*X+&G<4M5hloGW5lGT}(WF(E_;0&LJLc%lowv5!UrWL9)a(;ivd&@{n zndR~_nGq{qu%UmLXFUDqo%uQVzj|ee{?`}r-=F9Cl0@*q$4pi~9^w>7`h^vy=UUj2 z&@;6DJ+~EFp{q}Tnpcj8F@JcLqsP#LDeHf|ww_)8Ya6vi{HJGmr2qfEUJdVPx;aFC zMCM>-Y=$KC6Ycng5y2Hw=7URu;R%U8d}zadWbvTW$;tXnOHf&9PzCUR3eQOu; z9P&=J5Z+;Uo^H9x)3N0glo7Aw5?1;K#k=jk3WN4tg^xONB zy;9!_BfU6N>tLmX)qENaGL>_9JdTg|_qGnVcbo4|_D3y(%<i*4F|y_-DoyeP;e7O*n^PzM6 zj)08v*^DK>G_(94_zcN^WN@KQ|H@BN2U+;9Pq6>5Wa2+nA$#L5V*N>KpYr^d%YRem zU;0ALSH~3jzfoJu-v3aotS`=gp5-ax^LiI}W^w%XSRB89y}!3DfWZ^5_m8%JpwBre z9&U=a{^0nnxT%43_Rqb;*Kdw%KdlF^cei%#+rQTA!`qLYAFSG)`@`K2jh(|E2OE1o z?;rp8;^WcHukOCTwRYznUWNZWs>qDecB=b3_Q_7G_cFeE|M6YRZ@>J} z`uUryqpP#M7q5RQ*Vq0rc;U3x2d`gv@9%fYAMN1g{r)evy`1}D=jQ&KZu#fNhixxD z3V!;~u>bYb^$+#!oACWV&rW~*c(nfVjT2Y)>+g2%KUDtpBKB+XkDZV4o3;1eemCd2 zTQ7cmb9lNFIH$k<@{JqZd^7Nle%yP%-+B4+#liaho4wxcJ3ETv+v-Lb{kZXZ?O!`T z{aSAQ{L9|f?Z=(mFRusw&2{@_{dj%n=j~s%PuI)G@tJd9zxrU6cfy^!UxTZ|AI@68 zI`90>58;Qk`+E1yum5^+{g2k+n?vt??(}x|V=vlq?7f5c_5M$OZSU<5AMbzu_4Mca z^4a$5&g-&&>fF6QJh*q?zxnCx5^8-tGPC=H1Q4#y587?)V`7^-ZVp^7YSWH`?bc0jaH>sE|) z_2V0R@26jWxIb>J*S7DXZ~i}fZ`#l{vNQ_c&;AuXaNh$Y#&`pQCrrW)30v4nCfCTe zY%9o;BgufXJiq;|s$SHRWo(u>^PF*?IWt&l^;%tBd#&WV^@G$_ZvDt@T zC0BX1*Vx>i@2tOXHU0YK+WC^1|K`-(cdhN)uin!7?)zZ-Ro3a8=5L&{?QA>sWplr1 zxwi+a_F=o;KF$JEHr9`fi{hENa=ms~*gIRlwofkVua3UXzuaG1Xv}Zrvrg-9<-^Jm z{C_nStONYz=fBo2b{fa$^IvwY6}P&z`Nha@Iv}&gu*2>x4Vs&Nhz(1Tj zsusPA!o^9jzV-61eYw8t_#bi~kBhdK+pk?59vob6q}&B}zPPx0{$cy9)?77BBX`)` zJv(^+<o~f zx2&fvcFT?vp1Vd=KM)JxAT6ZRWuiuQa9at;UHUIt~EcQFW;>m!bv}S*_o@af4t7Sty*F4+&Vk;YKN7M(|&cDJ#g$BuX}s*^}xDorQFq5 zi#K-dgWJyE74}#64LGV>&c3m-ZO?zG6oPENyS8b3*?jeJ{`B(8Y5mno`^%SaOP7s& z!LFZmZc+=~?0it)-aV;rTI-jaYp=3ZYya+I&N>LbuD3jYyX~*+?%r81b00Up820)5 zi^J^Q-1))g{L975SHX5_@x62Feeu5S&E2e7=0?L`J87;jdK=mK4_oc`wVT$F{qmw> z9-UoQ-_0L?__~?hy7jmB4vIJDYqfSohan9-pnPu64Te`P((~V1Li@+;8^F)5YMXv$dC6Z=YW*_@_I2p1a~4H9GIB zJNqw-A6mJk^TSQp-rK_V`-A33qZ7S=j?B|nmm6Eny_9j|b+)?~Cnq;S&e^;?S~uT+ zSlM2@$$x#f^rcw6^DlC>Zy%fai&vLR*)N@3ZR6Xh33nJoz*2bHUF`FSPkYj z@~@81oSVh-gFP2u^t$Q4TKM+0a4_$BuZ|AR)?XQoFO|y4;q~QG?fO;ac;n^n&8v#P z)=5?GzRqps4p+9{ty=G@#@xoYgKzCz;dtr&;^FB@!8)7o9L?=7yxMP6Ru;Do?%r89 z`R)4N&dKWj-C?Bw+c@vMKlPe7mb17}hZDDSSh?M~XdG@g-mkt}Sv$(^eE52>y0dv? z?k+kX){NcOPUBrAJJfzHq*MTy?fuwY%N?(bo0H?qRWg+pWxPciqNiZLj!lEA^q!zXn^|+Y28rYI|#6tgXxU)zKBUc3j=Gvc^u~cx7+3UhD3*-aD_lJBJ0| zZQZ1dEvG%dvXk3cm|J~+S#6%IZEslh`GZO~zq$T#{pj}H>FT@fv+n%$_Pkl?UN7#S z&)=->ZlAYaZdK~vPE*dxnssyP=HAsl*k|8%cZ`omd%^bh`QFC2FAMKCjQaZe;>!=m z^^-!r7@Rcfjnn+X`{L<`)%V{%-g=kS)QVNT+x=)ab}AJ&Xx*&3=dY>_(_Y{G^6hTV zaF08;FN54SRL9f%nFtc5m#ZWBBW z52u^2^2euh8?RbR-HqzS))jSl*4Hl!``fi@>KxF;P4n#QynE(W zz8#%fTee+a$sXO**KgJrPBsfgW4F5-wC*lGelb?gcD(HECZP4Rd7wqk7QcK<+4Y6p z_4euZopZPUs%hCvg~jXU>ddW~06DI`x-xZf$@6EIB;_c1KyH4ZCZJpcuYa6d_*BZCgqqDsg``W0l&289c zRXcldWYk`+o!k^^ZX@;bA^@bgxpBH~)sOby?SE(;EUXY}@pI$pcEbc^e^#l89$>*eM9uh#io z&9Mqw?aQ@q=gsp)``z_gyZ&`9cWndpxw&N)jK%Yhb0?eED~D@`)l~7^=+0&D4nCgm zUo2j(wNLV^l`p$HN3RO+a&Vir?8OcD%f;Dgwz~PUX?fPk#^F(6^=$j>@VI6!HO*A6 zwRrh{q0qWJx!nG8alO)7TKPKPdUZE{uxfo>b&D&P^^JEc*R?svJ=!e#JGrl~D(2xy zPjj2YTAK6?m?s(@dF^Uib(Tgq#+rM3{}i;rQ|wV8cUMM@HQ9_95)68Sbk^cAgFFG{jmuj7z;7K{F# zQ=f z>N4ZItkW|5>t&1y$^2{6Ugklb;jb|{_-o35^Uo8tKe3Mo>;LlE#oXdp|2K*yf#ZWfb5V=8|?r z#%44%b<7}jjzPDVg_DAWn$)UUcRjP`aq81C|Lb#VyV^N7>>+c8F#uElktBjiiLW_p{}GIn$HAI^vP6mks;Y==v#4 zGPJC{-a_fpvT(o-qptbX(Sc)kmq|DPdO(H0l=`&8-Pk@ugPg@$?e;9{F#A9B{U1xq z{SX)%bp8vuxcs*`pC9{wj-=Gczn&YE*EFX{_MNq@wu#vQCKBLyA`LImc5eZ0}7v%F?>T%^0VU;_rJS5{QL(GA^oWgI{))M@xKa-WBLDRitw`4PJcF& z&E()Vmi}4al{7!-woP%r*UG`4>N)r4AK&D$4gT)M`!6U%>Hl=;U-RL845a@T(|D!0AfAEMWO*U)tY;R14<_J1I z<#i3EV8hF~*k6C~$M8r8AH0w;ZTa}<{zFR7`46LcKU)ak0q4K4*mM8q^4T%}Kaw&j z3XsCb$J;4st0^)#oI2K>2rXH4J3h+md zpZ#M;pidop7kU`9JiW1MCS@&!%ES>}g_!&bt9II$^24l^7|{u7CW2vQn6Mthq_8dz ze}yq%69y!76=m5SjYW?J76}1{opP>D4UZ=Qutelok;+9xHsxtnZY`e1qzPyas=y+` zld#Q**UFmAPK76!_xk zIcQ+oomx#M+M#@`L@vW~Yz69OYRNDG-In!k%UHi0xMl5-$e1dj>2uAjbQ(w>G_X$q z)hndfuM(F9Uf_S}6KYEYq@7gJB?YI6J1N3}$<4%IM9Eu_3{a8CW4$}j6Phfg;XoN^ zhv#e;u_8&?kP>-xMA$QVG@~Ez48P(t01+PYIFwx&p2?F7;pFTtt8}Rmm1~pnaFt2( z;&t#Z6?hHNMlq9L%4BDAQ};|G5;jQ815R{!(^Ec=-cgARU}8{danwX^Vyuqa=gR5Q zH+V`h6;NWpB0P**=rxK7Eh@TR!*Hx`qMnF1mb40e)3;#MD$B+uPmgxxF_AIHWQd-$ zOsR_z?AVpmUrW-bZCxdv>fT-5Oil z-C-g($xw}}j4>EI?K2YLI{nvb1N-lZP(O2+CuwVA_h2j2dXo3gVE!-LqyNdykK=!i zri>Y}e|PDB{<$FNIr_*x-2OX@_8(*Wzh7Va?|&Ew`l)?9V*eKw$M&BiDgF1qWd;T? z)JEou@7}X6LzDscKRoNP|1D<6^52mZ)aOi~6k?);*+U{AKt^5@g5ALPxqK#<%`EWe zwa{b~-(fgM*u~5|lffeWG~0ANCST-c;a^4mt?fFEa;$+#7VBQ6hWXq1+xhgzr`3*S z*Vu7j1RekLw4~hw&$zMt*{YQR9%2sD8O-*D>5PBVcmr6?sWz8eh98*T%;OrGp#iD9 zIU+t<*p}65Wc;RO+BH98xpT6extpXBX=Cs^XccF8*JhBx5$GQ$4Fdm1ET*i)DjqQ7 zJSk2UAlhv)wVZy}35+}L;~nl6Iu;uqFpA+$UBEZCiJsUQ>|m1Enj7RvD7UN_4sQrM za$#FkFKBCPOa99-Z+Q!oY}EyN!o%p{CO*m`M^EVZx>~DuLHp|c^87s)gemL|s z`XG!;D!w>2168|>KrPulu8l-S6?O4~b+1yi^G-Ezy}zA&MoyBggnThfbew_^(M1 zPi$hEvM=GXh{ph3g>X$y-1h7)T6yDokZ6k*XN6LD$adE#kq6~|4)-i*8W_OVnF^R; zqbWp}nRm#@PNPK8yfa#D8~2IY5Z>yuO1f7?D4e0ys0naTU{`^6ECw@TYNS9mYa+pr z&*s=$BQjL+6SqZ1_~lRZ9lR35@ULh9S2AJA-Iavz%nX4{U}VVD#dShxx4ok;Ur^pchod z6IQSS_5$Z#dy!#cV1GL(DI$3=P6xK$w!0)s7MOw60bDvT(hOUH;aGM2YRW_D?KQTk zoqIf?JfW8donn{+3ew*2jKH6r#Z`dGRg4OBP_t?XYcx5YEE|^w;EK_ zy($IH+=d0WaZ+gT4~@1v!QW0X!*-2tT`AgxzUMPg0jur0aGcjV9yJ?cxdr*2pUVb} z5A*UEPQ!%#TU1g~p9V&^FP=$)>sJ|e+%(V`o3KeqK!w3AH|X5qNrVlrnm)f;{&s|S z0lIv^vstas`c1M!kq!diQsOt6AHrw8l&PaY5wW&d^hxn!R$VyRm*FdUz2JMtbxb}E zcysC-4f=KB3MkUNJd6xyqrYOj(p8nCps7J80y_)5wd?45dn$$sjc0IBpFt%NAAC zVIU*~Q>+0pZQ4T&1QgX%=T!RK)1EVl#by5a&rH35|g z{a0+i{WokI4n3h)?1*Tonp^ct*a{FY_$N~iQt&Gz=%}UeYREK$mW|&W+j!aZ`Ko4C zkpxWsmd|L{f(sIc`X9DJHe7UyU%cQyN-tipcW%>R?@bGF(Ddss*Yww0(ZgReyt+#6 zh+klC$232u$8J5ih3Td-$s?@c)fHSrqRSfVIHW6tl~`#53N)E`la|CWgJaI7vBKXI z;@#g9Gk^Z=Ai%YZE@cBz=b98(<{hGBJh^zBxxgLvIcQQpq7fL$rD(ye1P0xHRhWXL z^5miz!QX<$z~zP2y}iB77&KNQ_-$U#pWEG8+t@$en1%7;7pFW*zKUc4xQwL#Rnmdk z#w{kTFdCjXRnR}0eiG#RV#WS;YC!OCYEfS)IW)vIS_RUSz$&dAvz_C=C)n!B@y>Dj zZ|8jHWc%Rsgq^P(9j)x2>}(vfgCn+fu)n@@vU9Kxzc$&*{v~_Av%d}}(;|YxylZMYiQPB!H!KcG5|`niKnG)R#EQ&({dUeK(|01z^QSFdI+7-@bvu+^i9j+et>@O zoS+lV>9sJM5d7ctkjK*iF#fu1!rwMliovDe7`%d-;#FWe zRlqHg7l69l7F=jGKK95vztd=-e^LB7DpFtsxUG@r9CgN@dL~|?@u#7>E%KOjx5%@_ z2Z>o2<+Ie!U&a6Tm;W4XtgP>CJX!hke+I{YpI_+F|KxMIvHWKgrN7iAmHLOtTvGo4 zkxMF-`la#~)Z#xy+Co+Ux~wIYx=+%QdZ?f!^)xw4Y6vk)YM_)QHH45Q^*9+z>Zu}@ z)B_|esi6fdsi(_VQcn`Eq=u8Or0y54q#h$%Nj*xml6s_MC6#(^xk~DJ#VV=il&Ykj zRj9&|Pmf52P*9RUCG`M#N@|ceB^8&Zr0y4{r0$cYr0x@?q#h(mfg2;GOHop~5G56r zp`-?iP`H&B|5KNr$mjC9NO9pwitZDVoWRBPzg}*VN{yu^zfEewNt3wDB$ax)#3Yq^ zxV$9wcyS3GiXK@>D)j(K3059XPLjI1x=KApN+N|M6ElCNo+=_q4Jjevi4upGkEBx1 zARS3PLO8-@BT_VydM?RG>KOzhsr%(3|1^8MVeEg<G}yV(nvznC5N~ZW5(+} z=Q4M~MqYFX=-($M1Guji(j9G1{#c&Ii31)39vsfKyc!XOblN~S*UZd>%zMAXk!u4u zOA0T*S+me|8>nn@`)C@1byg#WU$8!ad<^6}>kLUP>2&~2t?z7ZZX9jwpJaqb0=a4W zhK0j7yF`W{wvC7>#P?}lMG`Zdo=>WXZSNnPY?LTfeK-&0+5ikqK*$)dvn1D5Cop&) zacWmErd2@mrN}JRgl;V)Eha^92v{`3;rtqQD9O^~eptmMA1J5|7pT{%bm1GH?>4zf zA+bdf`ERLj)AL*}lY$8W{8Bz+0B6MP{-++xC(PW7sS%I@LrPZ?S-fX>DgG)0IlRnv z4tPG{-YoB#%pCl~O=$t4_8?ig++JlO&C2D?o!yOcSwBFMF5t<6U2)aZI%k2N=@bV9_!JzfYs85$!4?2jq zA4zc@KdQLVva!kU59sg{FN2{P9$v(}{pqNoP$ zWEh2IA+XRUlGf|tb5W)DJR<6FqzBC$F!pX+67lL|pNkB;8JVTrMBga{(39|FB5d?v z8Kkn*ugC~8DHWX^771OP02NH#3#)j#U`sG3IOkU+7f>o~ZR{N%ZmeZwR~!kd4Bv6C z@}EWo{fo;W`+o$4r}ps(`|tV1{Mi0`6lKu<hC%AfWY*F$B%-(er(tE4k`g2-?{kyvE4h!N!gF@UVQ)9?wj3;XVo6xz4-p| zvlrgxD9m`uBIwOLb}&`jMX~A=PJ?KG20(m>;&cR3Ygu;`^2)UBvfBxep|PB*-Km+3 z3$pgGLaB6&H4ZvKh)hbzrD+)DG_Y(xf~lVq89Bs~x9in_dRR zQe~b>(R6NPCyc3K{xLmKp}H#I!t88=Hx10}!0z>)e@^headp%hp#~k*=eR`EhS%^P zJwA#e#*KM+0E*eF9N|Ee`IF6VqE-k#z%l%sNZ5Sn-|}1s<&-73F{V~e_t#-wz=Y!b zrr7dd>_N-HekLr36|f1v>2_>X=+m?u^LEw`x;CmBs~xx(Z%85&!u*6>6~M$8s$@A_ z&xu(#R+o3#?gYN5p7Dd4OTgCi*z~-_fg#V2;BLlEcgRkt6PO;3fQdv11BS;@XsJ{) ztG3~V_7!PypzsZ8#3k_D0Wla%M+QHWfgzOxm$i(b+MJ#%EG!l0W};)iMe(K%9WV-R z7lSv53N`{&{Z6%Nnzcdeil3EA`0q6S>%l9_g^$V838#`maUc$@q;*K&{{2F%UFg8} z$v2@JN63usV52W~I=n=L1!N z;X8N=olZ2Z2^ay2ye34{mh#<%7)DsPi*<8ZQ8Pbin6WA2s@hi73hbxNp2E@$H*a1w zX%_h`qe2muqT)g8CpTDP>2yF-qNCU$L<^?OnZ^KK$498L=;Do z`7-H8rh)dctx8Dzh`-j{RtxrK6M8pm@#_-*|GOF4ad}i3O8!HH)8qSixco1-urSX5 zIg&Ee{^P&OfCVsu?;~tL2FU-ig={?jYk}ndWBK2&FA>hTZu!kQk1P37N5?4al_BI% zkj8%SUq48NOe`DE&V>07SgGz-J3caB6em(u!TSif)iU0G<Of1SY9T403CeyGn^-x{iYw2z0=e}#pGasKC#l;QVZ2u>f- z$3Xl)AJ6|;$SsWHzm22_dBc=+qL5~kX!8$5pjBrZ`)8k~glxUMcd$P7ne-(-xp0x+ z+;nf18EK=2)@ejrPK_zGe`0y?`6o5j!}=I-{^u8R@%(?qTyC8IZzKgyE$K&FZeWJ4 zR5}(wgJCkoEfFJD!H59p6;;UOGkGov#PiLjbNNgmla+!+l5>7DJ(o@Y&tI&V$;lUJ z$31ITeR`hD1tYJd;7Jr}5EXt?Aoz8ZRFE*Rz_0#M%)B0;#jVAg9i)I%@ zvkRFeS))ag%~{NEW;%gT#EI&KSf#3Mi8sag8=hH#4=x*fiJ2*q8zeO;I>_PZ;Y0YJ zSIuN&lW@#n*7uvD^@Z5uS#m8E9jNtmn+AXODr~21lLt6FEM#)pW3NjOv*Dr;w-1x@ zOi?`_eZ$4e!ksCxMhoyk@~iR}%nDNGX6mSnk$CXp}4DlkD4M9!q z0YKcVa3O}-pl}=X*BY!AGxOm`A;?i}HM^#PktXC;;vN=<0R_*fUW-3F9jg|&t}UTl zOri>Wm}kHy!T!o;;d#MBGB0HB;)uYC$(~`bSY=5qRXBPWdN>Lg96rs<^T(gdDHSqB zSv5RSIq2n;&||cXT8;eXrn9j4qH5S?F5F)3abFe`22~fG^*M=f*pim*0OTE;a#>d6zHzK}4@>kJLBRz&VQ34`DPCh=Qdz-fcKXzjD!9u$Qyru73hiIM1 zDqwF36wl*Ft6pj?_qk-VI<{Bj8r)HR=1G)PG0pzKL!VQ_((h(yP=`W=(DVkyxMP!o zRqk`6&xq({&O?X z;YooM`2H6c3S<6%B<0cjuLXo1)JJxZ{m(+r`ClBz{~JxAD6kXc zH<{8BGO`I<_+zT*4k;NqYk~xzSe-{_o8a_-_JA`8=$fV;ahh>rYyk8RD~~?^B16eA z_rN3W|NP?k{vSzs^8O1~%KNT?LHNIrkNN);;Pu%5XC#H=?$Ggcs$v_>DeiT1$EKPV zx7(Z)o}}gGt=Hz2@>B~QY^h#;3jW5bF(+YOxu7>$;BAVEu^8RFeo?Pqqezc`NnHImYET9d*!&|#zy9?8}9SQAm) z!C05&viE)4KVrl~TjG%)#8+Jmf{W*zOr!yn3jMCV2JK~E}IoAAeKN+ak1vMEwi@ixh>(+ zi8&R}oeWq7z$x4maH47PxXxpS;TM;u%l`%o0tWN{3vv2yVa)%Jrf~j08k#C92nfSm zQ>L*nBzrtCcYgsvPtD&w>v56g>F0m2AmG9Le*sWJVa)%JqCCg`%e-6t`gp|t&lku0 zKa%pC`>$nPi}W$@{$GsQ{}u9!`LX@qNQz9u$x15UW;8=w_&g@r#lhY)NP^Zl4N`eLR@{%P;2e{vXqSzrH+S|A)2! z8A$&X;_?3$^Ydf+ZzM&^f20LRf5DGy@+4zisxy=T=yy+UTn3gWoPU`C`ZODfryP~_rBX%^cvhton5=Y{X4jTeE4%d)`^1g|G$3G~(+o+;vZ`0& z@nnDZ{Kn<}@(lNX-2Scy3k*L0#kl;hSQztvBPsFCn=WA}lX3;4Jf_)HcPh=QnDE{E zl!YVCu|e6Yms^(aV^SzOim zq$KI|s;+ZmdJVH&>9Pr)Tk8*@9N;;BCYfX21(E5!o>9%dmL+_X#pb9kM#5_fq zhfY!#mIHXgs9E^Su$h9K6r+~LSmL*pXOaJFz5z)nV9@zrjOTwT3DaM1qgDjVs83Wt!fODoaBt08 zSt5yL;3gy<`Yft&?6j=-5S2+Xv|G^I6@$CO{H4o|Wy?r*LD@y?<)Gs^)5yQT>ooiR zQ)Q;4f9XqcC@|EZrAQtIABF82wQ{xNd8QK{D}_U`2A^J8%?+{PZAeFR)Qd^x$}qIB zjcKB}p2v#f3GqLEss1lFmj8~VJYoNzPye^L(5wF&`~QukaQ&b3&VH2PcbZi?0S1s} zyXQxT{@4!ue^YtF`TwQ*zxjnR{vSno!v6nK{m=Z^{(B_lS@!?Q`k!2n{3k!=|3*?$ zV+GK^x;)GM|HSj(YyX`q6vp}AMp7Oj{~Zf!|BK4A$bX(){+nA|9P58ZQpWP%vHbUu z@xOnm{I@vf|3^}uu>a2||Lw{DyI9DM<-a2-T>dKqc8&vo{M*VC&i^m9{~!DRjix+l z|9_qQH=iBv|47QS?Ell`KlyAt|92r*82f*YrcAOu^u8$_k-PK z0=Mk5pW4T^@vRGQyDz%zr`Aq4&32r?gkfoQi;{~gm9}iRV%TV5`1Y-NXZZm#m?V+r zyq9m<^$dT(dCj-#N64UQm6oS(44boEktXSB$d|r-+n|oickpgXaLMJnDZN2iLo}uR zjP)$v#QN5H=+}D}-sKaT>PDOB_U*Hq+-En|C-oa)bm^^-BkGUJ=s;X{+@MTL_Xo4; z><_U?avvyqql$wk#5053v$I`O~b@*kDWxD^?@+|j%G&<~q{eOVi zi`)OsFOK>DkrWYBoo&*du8BP^m5y;s5BY6tnSL^^y$1nylM&#=l);e~a{0D#+&*N+Wo(Rb@=-6S;y0aWIn@|h`R*i`Ll$0))jlJw@ zFZ0>|=HvE{D~~z9y^{_~5)-1z*Dq;UPe*wK3p0M-vSj@kaf$v6Py ze^YtN`5)E+>=F9kLVj%jHInj_{U6o<Bh<{!ev$vuruG<%DYCJ_aBf_K>O=%)(u^ z>g+pdhS|@tH1{7}2AzM~s?1fJX1&Z`4|euQC=ciV3fbZ~{{KkIQ2QTy^UyvXvHyz; zWB-qllt=9UK!4A88F2sS<`-h|fAVAdk5LuR{MxZRQ~?2!pA-5UU@xFjC8ULPYa$otgjick8gZ-JA6d8{2&Zgq9 zCi^HYKk^zX`qPT;>io(*o!g9R^JoMh#7SK5M~{SQ}%PH%-e^E&42QnQH^% zqdYH|>#iSUs4{HL zaPY8VFU$Z;Q+4rVS}oN@xxBfvyHPIxoRH~>dDEV0!=-cscwOBnDPhSJ9Tj>)@nNxL ze$gF6=PIi;USPn`vLF5rI>VD#hvC2xgDJZR&vgSHVJ1`W*mfD_K(m83dwn7@nK}8- zRGP^dhzK1z6+h>l!3@(VNlpH{c#IW3eHPF4a}|CFh+BS058%!JcRRhiv$nB+ zyupq(R@V16GA%g6+bjE98@mTv_yb^ue0q*xRq&4)_EO#FysTRuIYUm1ZoWf5XOc6&fSJMr*8{?_J~I{){l4;; z`(GfV=eqylZJhs~UmW}Yji&Uw9mTbR7!^={E}L1H8XwR9!tzl0Z`Exh$B%Rv@qNPx z10OE`TPTe4e~hL)b^nLC1P00fiuvC7Pld%X{vSn=_+R;QguWkZwAGui(@O58#Y73< zHsF#UUVU2oJI!EC8)hKIO8i&Ga$pgis#!K~3_En)3O!1+Ce*vP+C#XFlB%dtwM^hN zYSK4#8hNTTdyy>Ying5bVLJDJAmurc9)UCUgGh&cd*D@J9b(nOc6Eu7U^_{A2D?&i zA{Q3jktv_8kSK4Bq>)h3F{`HUBWnjdA4$dJ%EHGe`l41Nvd@UvRF`wI*Q``h8y^>W zs<#oxKwiXNX=BrtM6Fz+k~yrWueSD;n2-9TT=VVeq=z$o+DcySe=qy-Q2ftjH!Jl!3#%JMN6TBKl_H0Nk$jz$Gh^&Qfaee+wfqFI-XV@e*PbB1pWy5&%$DE%>R#~ zJa+$|k^U>>3-SCv^Z9Z9*U^;0JkNt}gOHO=O|o0MskCZ)rs8! zD=OzQGRK}Lp5!yp0F)^;X<6}}DYG9x^kK>bd`d|rN2xcrjHdFk71f7&rnGgK&;Ul( zcAZ)|aNkUqBEyso^fBzme=YOPgacDPTsc18SPzw0lkC_G0yDI(ht6o#|5#@6uPC*E zC;|ejhT}R`)v!@DmQsy~c1cqh-Apuv$GE>L!J+nz=sIE;C?Ej;Lm51}t;p+1wo}Kw z6|jw}N*54Q1hO6&*7x$i$k0qkxu_05@(YC?Tk#xoYqDm1`@v{uh8& zF=NfOIzb0!+GXY)5TZU>50lA1x+=JyT}!iu>6ji?iH`(#JbD1}zW~0TR8;!qCJes;Ii1QQkbD4>@=zwO*n?J%^??-`#-Skf!fmeXQ_CFWVl|A zDZ6`tekRt^zgrzU^73fQ)qe#D~Oo8ibc%0_| zE=GRa5&}rBO6?-_4G<_imOkR&@17qWt^)Y>4|A>RzJ85}Exa~$iG>P%yT&JY;u2Z7 zujAmv`Zz>1g%6tra?S8r$p`|^s&oRAm88TqrO^Q^wVKaf3c>{!(SM288eZY3M8T_& zlwvY*kT3<(obWPQYwNDb?_xPdqLOIVQ@*6wsomSA=`f>>&I@o;hi!y;jD4WHv|;JD zocGSdA_ zrsG&&@4GHz?e(8zzl&4uEB}5O{))D^tZ(mInPSb1TAR_HYGY6-w|U{9wd*!A81{U6 z;wn;q3MsCzVIZ!^e}_n?_;Ot#Cj(^J)E^U(9qd_!$Ots&&q zH~Oy(R%E3JW%S=^IrcRBpW!UPA1?n}Sjdm%ecA<)GW*u;kB+M z7L~}_b{l0a;pnvZJk6v;ZyC_Dyn=9u^0{_%99q?Dx>4$u2Sf}{WhAmF`s@Wz1ut0J z@Q7@}YBX@y(?$l|e=DuEh~ENfgq1l(fq!AV0CwxSfks?ur{-SA;0fs!JQ4Q_R;>*F zd?Fnub$jKap-eDIHmY?=i!`0hWOCV=jA>MxP+#%&{1wL=kgsosegqq&1 zEHYIyW(NOw)9O-}pm7ED9Hm?G==mo@{6wLvc($i+KOF?|0;m*C5yVNz@^ca7 zNP=sGcZ3?hj|6`kgK3m12bif2NKc>r__3_flv`#i!^0Yt(K^8Y#G|u(j)Yh7GcBXd zzOx@~5y#|KaB(hO0)J1`xyzSlJH@4z>n>|r~93S29^ zf)&awX-uUgrUx>l60(P8NF@QE8OX-o=L!sek*D=NBYT<@@)_{|K$p;m%l{S^i{tnY zBPq|Y{{vk@2HpSJd_4bWE<2|GM^h#-qT3RX@PP*?uxet!Jrw!5MCKbdBS$+kz)RX? zR~Wuv<_iBbZd{8hTlTDP1~T1lhTHu~YnztU!VBLDSkv_2W>(gHBEAqB3)LBqDLaos zqlCAw>FujjJaT~^&owbVtL9$9sfFjBs%-Zhb)!5;D8FogVhMbHuZj?*dB$zhZo{>) z8jkB}rdCuhCtD@0p^#0nQrY#ah6RJf01|0df`4n|77kUOTM@q^yi_8es%m4in{mPN zJoukXA|H$Y^M!mo|4%ME&i^r*(t}cyT%FZ(-Dy~(yhAhT6pJd0Vn)*(>%<n*%)6IY^R3KuJC)LJWIOVS$)9d!D5r(4)dySd^ zX^u?&-patOJNlUVRbGcNeZV30tFXf#i7s{KXmqyr{Hk1cQLyLUn4ZVYK1ksc^9886 z$kn6jg!ua?kH%R=C76i3>lIH#UME3ItcpI}$a~$=N!arChLqxk)JojA6?kNdEJbmB z0ig=}neya!eEoBR$3Be~BB0tGZb2g#$f4zMZyiZt_%4^4@Xlr^ypx~lX^fvlxnKQ; z(QhtsTjS{O`{OFzzobL3`1gY1n0$Gj@(lO?K$qY_{9nEp=l`KDJd#mL2jCt?uM(Rrk6KOs?knu#Q0M$Gn>e1u&xJfS9qEuu6jkyX+vzMXj&cm`{@ zZp|_Y`zbdBOhF=tQs(%YPeA?%t^GLGgF8sK2mH@}1d53?5AfkZ;OGZT<$7N~)V+n`&&2*2TcqZ(LRuSEc^!qkKwXnoj4_|oA;x@F@ z7$fx2lxM;J16;x%EdK@kKc5}Te@9WCasMC9|L1dy@%>+19P58aQu+mhP137Hd}EN! z@6oJDTaOzwnvl%Iq+bAg(R}nw2!7HHn(-595jMAgW;Q-kR)hH9qg?g*?sS#xbIlP!KGY+IaGdwdEAQ?Aa#U3V!yt0r*+fN`|;W5`T*xmj> zuQcT9bIVcw;^divZqBC1l50i=J$whtxGubC9aUubtdtI-6OFZ`S3v$^?M_}4<3+iV@X z_23q8Zkp{lRn!Xa@*G|8kx0=c9;BJb8j3l)Qj=j#G?uKHoX@}K6E=+%Cd8|WnLnY0 zuG?WPqf2)XIyn+yLB^uo!WFMC1Zdkr{1qmV6pi3;FGUk>B`~125g`#oJ;3fXU@Rgr z+3oFZ#-PDwT(2=F5|jCJBJtL&oZ~4MzYFrK#wuNOu7&D|N11Khq8EzM@T9KTp}d)Z zOVi93D+{gEV3WABu)bJwbVw~}6=1mxhfS;;vz_A!wz_h>bDTzP{m#ku!RZM*UpYEj z*+1FYIA#Y&Z0%rwedlE7U>|;MvX%Wy_I_u7JHdxB(`aZMCex;NGY`lY(wAw9v)HMTvCj z?yYbzx^)@(rTdDIr2V#>d$WUP7~7d@K{r*?qkXo-$MBB<{Zu*)+6b8$FD?8){0`}4 z(6GVsLpxtf0y% zODPb&BL66Xi^`UY){^(_wzssZP~kNXO*+>+`+jIqP_91nBTFzzuwau^LrCiae21H}nal zm9M$VA21Q1#Tcgfp|Xu{7IY)DnKjx#;LNu(bvzgN#_(Y9Y*UaZ8S6rzy4(|0`TPa??+9>n&gW(3VF$iL8gL6)u2y z(mP{%5lQNUqhZmq%p&^_l}IlTuM~^S^fsJ>Rw)50pemnTti2e3AUmgNFjTc9SRvzh zU9lm1PXrrc6hnPS*m42{LEYX}gu3?tQzUu>?mc0p>0X^QmsPBIjSeD6!cJ*6L8Kbq zf+%jFTbM>k5ld<&9AY~22AlkjyYy4tRueLmSq8TFO)5HDao;V6yfqhvAfD}`$l%2a z+3{#BEZ&R0gM2z17ly7?sQISw9TM?GQWL{`C%-E>Otc3?n^(}w)gPFswMJwxT;dIr zZaXw7xKgpkN)_8^ULkRF6>USjfZM8z5!=F>AE*CjLYqL;8bD22h4gpKe&DR?^6i1w zbg0BJ(khZx5fD0E8b&x6+qxE1z3Z51{Z2=Pp-sjTz_A5pq%9I4DvAL9hWn`tAP@J5 z>CFN$)UhagG+s3!A;YB|wM?WbBz4!eH#TPr3roc`QU5-W|AAG#HUmH7w*9JG!=zuW zxr*oB`sSRf9cgC|o91Cp@XnJS(C|RsUi963c0NCRFIYPYk!=rV+$&Ry>;;M6kffQ8 z){e)xN!rIKF6oa(w388{lYV$)lC7gPZVLek4l@y`5fL$??WE8!9Lhp+U&NfLBg>;O z4?B!w9&JR!BCW^(i4TzsgJR~8a1O)N2sDk#Y&3Zi^fv5Vn|>IP2K`P&ca%h{9!bka z;}5EFi`La`5NU1$<#?!RSB-|@rFisg4M+&xmK$&aoHxlJ(ob606Q(fgfFElm5-T+U z%OjZiz(n=?zTYV7Mm%;?uf0-abxdG1k+Zj5R2HZu687D=B%Bn52cF^RA(;jpD*V(h z!%E-4_*9iQ@sov8dVmRsoIWkT8K%OES532|<4CiDNtBz0*Fu3p8RvrFS~G!ljjly} zam1&5_MxAbnEgZ6@u=g3R`hBan{fV<0M@9ZADK9@N!TQrE`as8L4+P56rz`NWKe4u zgMl-HDCn0~o^1Iq#O+=naL-@ifLp*;(7to9vb&M?0wgEu$n{nX^kL+Ys(6eD_|S7v z*EAgq!l9Br&LC2Vw1=(0TGs@NZB;DW3iK}DMkj~5&YqfqR4~7B5pK0A3ziKRUTS zVOu7OxtMtNZVNa zO_bRAtaVG%(z>1I?y;F34GTbl7QnJF~^X%M?5s)nmDk%6bX-2 zsc|=4z!sehpjb&r&rHOfZS{T*Jrl_Mj!&9t{VM%g>UpH|ENGP7bGhpk?wgx10MI8< z(tafLb8ipHYd-L@?*W-@@rBOK@m-)5?p>jK7YGrtKEb~8>pzdaq|@8zo0yY+GGTdb zb^(`72=@MyFlzri5v!(Ois7ZDY$t*Laj!dV@?o&2q0Q(K6_J{HnRR&?@4LY!aFVrH zuhHPzy+-qi>TuDS62S_|C|o@@#?ALk_NBvPRB>4>$y`w&n`ROhVw4q^&CViktO;H@ zPXSzS#jF}a)a#iT>(%zTEEkX@SyyP1BvKTZURp?3Bh87SVN?17hJKShAm=xMs>X0x z0x|OrBiqBG@nE!cgTClxdPX`zkkOC8=Eq${pZSG_!r1NQL)A-%Cn8^UYx5 zA@wmJ{tzF;tAx?@CLR}LOH)mYCzAMFQ=KZ}Qq>Uj4$!AciL^_!kS>mjiq0sB0%}Jp zP`$;Ogf&59k}X1?Plt)a-lN^sDb3}$wpDu5MxVWnev_==jEO0ENZ|n_zJdqA4a6%Y zv{|>DnrN{nEPt#`tlC?t?>Ku$81+%>RVcCnGfWU=#K~fPJJPJTh5IDIaygO~V(`%K zU&ur$j8p43@T3;*8+wm)IRY?RC)I>S@v4aoC3$|AbO@N~16G3HlTpxyW-qw{nG%oD z5W?JJyVVSdsiM^(TX zs8U5kI)f|t$r6vWb<#1BY}qD52m$8ZLV-gV>3EV44QC~DrbcE*<5b_*(#)-p>MOJu znv|qOzZ)un+))4$eDkiHMCeVPn2JiqK)e#FX-Mzlnm z+cx|rW%>Eeel&rk|G}D{u0IpPhy^ z2mphtq8uGm6wZ6!PwUGNGbWBrPlev5YzL_Q)xZ705+7%39TFP`X#5iCD;9q&)Erw* z-JM3IYNQ?dfe2c21xNYm*N)ji%q#{gEiqzW^QS*q?;F+H#NRO{KT;;xwCG_bjlMuu zFcm|II1sZIF%0OD9K-?U^=qaNW~gg&00?l*%#V9?^Yu4T2DW44RbGq8<@nZGM;QD`v|ZJkNhyYw*W>OtZJ33HaK%${nbl4p z8FN1{+vG^igF7Naok?kO14sJM^k?~W^U$=oy4?^{1pa|3R*pmmL^HEan_fu@J_4|+5!gewYLU=Ep}25yP!8rg z=(J6qGw3YeY1gRs3j#T`gntnVb>LfrP)KOF9g0(Q+gQ;`xza6TFafa?p~^*vmt;28 z4}BWKl%^5RNh6VCT#)W?N#UFk)cdeDVkTrEo6O;`X*I&A0kgKpiC;#yJR{+tq?#M( zWRY~N9=%ADv=kvSv_jWKk@{WnDk`vA)wFJO+i$J8#3}1y&dktkb23Xa=4q13vs!&d zHH3;G7(o9Qa*Kr+{lAdS{corL6=U`6BYxHrvHv^iVluu}^l<|ky#oIoF7Q)v9QbKW zrvJli`jTw)ev<(nud!?Sx}Gu7q9Y=v9Bjr>jMTr+cB5bDj6HNCX(MHB#PkZd!^eRq zT}i0j2`TS{_A{1WHr`D0Dr6cHK8&^$9|?EY!P2m3Zz9A{i5H%jEorF%U|tV5n%tqeq>P4st--LH9t()kKgDF8D>7mplXC%*1_< z;)yh9qN)Bh9%LeOzlBWrOhDi-H&W62i<_*Bsjz=m`8D((+J1%d;DPiX{D{(j^9zN- znEo3@8Pk7b`fp7Cje`C=HXla*{g;q)euSJu2_9C}CzeFS5s8=dS>4c;*U{DZ=a6>( zs7X5xTqC3Gpt~_)_g_(-GyjiD4jQus7)1Xq_Qro-To~v79!cqw=`Fsa@r1BRH6C`O zP72K%Hy7SLI3aptZ{uX;@aSOcXk~A2XMc-rZyar8unyY<+GKNOXa5ANZEvg`on%Bi zqM?;qjbcY()Ee0>Ty>N*G7JmM0;u46hKI3*RT@%@2t$fGN)Zst2>g+YUxgQwh?+3- z>(?SHrNH6>xlZ4QT(SC0REs%~x`@*hGC!_%t*Ef6;RNDo*znoCp-Ypp_z?w-{UKFJ z0;v1)`qiyFioJ;+pz@Ctnv|a}(oM`6@K-JWK3ctX{eXE?r%n$>=d5>Q6c<|Pn+?B4sC2E##tVkp9FdPpLK2b|jro_D@q zu3FOWdsg)tw(Spg>YIsUOG?BTpI1WDu+7*z1@K~VxVptLi zyVOG?;fus3dg(h}_{?BpNeeb$a>;FSPv-#}*86G9>kUCI%lHd3z}IGXf*sXQ2Nm z8= zRVtoTA`uX#QavtYk|xCJQF`Z)zC9D4#!eA1od@0#W$inpq-;Rvy$%!D(}Re83Jh`y z?cF?Ryoyc<Yc20MB8aRjGiTY_LB?5|$|3Ooi#1=J02sJ;*mj*^1pCJ>v@3rF<)-}Irv`qpy< zLim@Kho1lBZNI;d>_g)}<`?t%{5byOD9ZEfKZUtBoFMr+7=Zut*&g|CZhkEP9Ziw( zl%tfq+D}CO(NM&Ha(Tm0cfyqJTOx2iN8#cokat4_$)_SV3Gdvd!`_>g4|MwLFW2;k zvPyVxHqx<8!q_I^Ic*X&00&-lIuunAl+Um?0^V7P9aPYe5!tT&gOl>%%JK2WIuJYj zu@EgILl?dc73ve=!-4hX{LXBd7k@Uy5*QW z-IN>k1|KB;%Kjpbderu|N>SKqX$wP=RC&CeJXfco<4WwXzb{KoiRvo4A_*SaYm)2kjSm zxZ8=h@KENkWHN^(HA#)AW_iHh7q}lLRDB^~RDCji)td@aP5SNK%oWX#1*UELTDEVk z1q3Ai!JlZbi^qbeg?GBrhzpn3Os9CRJm}6dusV-P1F#*gSGWwC=25j6)=M+ta^k1C z)rM<&ReFxUsB*ny+bN#9yWMuZfR^7jzIFL%{IILHz8NLx;Q15~>W#hzb#M z&;<R?&P!mO8qf=#)#h#0wU$+5a$Pd&$y>J_>H8C(9yTANpnWnZzDX*j;f`YUDxUAS%IYlq(wNPfufjqnzf zqtzOeCn>pNHd5K_*a-V`3kLeql=4wV`O(1of+u^tv~uSHc@J4r~&Zg z-q6PoeYK?nhbm6&-`tk*ZPC`XO=z!G^8~Jc3u)9Bldq&=l~H z!VJ3lUMqA&SIc*PB7R<_B`rxfdQ$dQwtRHLe?!?(wPrjrpNxz)3O8u*_`>yG;5$Ah z@pQN~f!^r;5FJ33S<8_g53{)fYPHT?e3lM}RH-bA@{gTZ*ysqWe~%fNFTPa_5{#Ts4Jvrg3(({&>_W zU_Wz_km`j;xUOe}9V$?$H5vvCD=kPawc5}zV8(Bz!`TzQ5|cuWsG&C(t=Df5Y;l^x zQwaDw9*pkFv!b@0dBDG9TrdCC|b2%hoW*a#n=)v8$&U+_&ub7CK}7()*kwi}Xre2gz(Enh_UPjsUK zeR31u4qzc$WEp|}x)d5zunD*=Yla9As?tI5275y52}hl2ybf^1k@>7rXvGi=^vxgY zJS)bq4~o?W)WVw#r%4<@@TbJ3yysiszcW0HC`J-(n$>GuK{@ScKtO?^eIl*9dS(lq zK#FA%)Cewe*5IM@`_aaNQj=3&Ry3mJAb?MQ|2cyZhgxRKO*3>;PxI}a`N8nnC+Y6q zZDB?Ndi5v0Q89_$_Ou=C^AlYlpTpPUfoK+oAAJ%3Jed%QG}xy~QWt%yhT%hx%(iV* zIVD!cj3C6%bF2`#3dI*;t+7-M;TEqZA z4^Wjc{r+*ZW57W7V`5kZ5i@|3PF-z)kzxZCJfh^Lz(Cm^bl7ic<8KH>Vs$7R)3b1n3m015{~#1hUHRIJ1Z zeYRQjHiLdFk;9}q{+s|OpX7I+DUuk*!jMfvvxp*U=3N|yfE7=wBuAiun5-s3U?f!m z910+f#I++igI7_?CxUolZO%vccXnd+(9p zFoXL$J^8(7cz}=PSFwh=o^3^IJ(&Kz>f)febr@yUaI*k0G@$8Zv>(x!%KDL6ivgkyC@3{X%2D&GRWnbj{vR(-!~d2iHuZpM0O!r#68n%t}_*& zQ!+d;8Yt=oc=V-Ds}$19k2$i$+g)+r_?>WQyfw%ZnbRg|-e~Az^wtmD=(ZD;RK`1j zzoFY~nu1xY;|lDAVnC1-kV_=g1HF+~IAF*{J4Q(=5^dd$2y#~L=DH+P(8u%%o3=7Q zIAG>0Bm?~!a;Kt=rn@3=wYCJss7XfSyM;m3trjI519CdS&q+}hS}YsPfrHEz;DL$P z5y9AB6F(=v>mr6XYy#1oqQ)X`!xX33+|LO>uoDwMCz9nugM=PZMkH8_PdsqX=NNs2 zEhLg1{X0#PkYFHhK}!L&^cevcxx@ybO+P*k?bSWQ>6JbAh9K{|I*AgLKI_NjJ3aJe z5><5Hm6QBMhJ>W2K3=91wp>;-Lp{^@a0{TLt)>ap8Ip9=~7d0<^`F zoT)fQm<2K66lKDSl1+(AyZdZFRB*w>{K~rY0a44JA;+N0Ohk($^XdUI{n`>c+H;xT zPa;G=PL{!oY-D@_J>!=lM`3`;yK=6S8k`G~vMHVanSzzYWD>xsD)AO<1gv(SQzv<~ zIN*wp<)A{a6EFH4xqf35vO6xZOB|8D)wqoh8*fCI_$Im;*czp1PTD=~vzho@BX5VC za1C#d5*u(xzm%g~(c9iPl)O?7kB2u_9Gb%Rk^51wOX+^v zhjdIDpALoN>ApNyT8h}xp`0fjif}(?gj(Xww2DIVGkMjwf#R~ws3^H&q7aJ9>7sj& zmlFnz3KQz^4I{~DqzxdYXI&3{@Jo>vuCA`UPDKiz)NR)4;+OD5I?4CG;};=jt_Z@m zB5facDntPZb+DfFhd2x%I7r_tBm_Q}LEIWnKpHj5YHLXOKbO^dBCk9y$olavEefVC z5+hX}#CO(sV zXo*Vfc%CQ`66zW7F~gVyR5C4JQ-G9zSQ5U z(=1j_kJXUCWXeXk*x^6_VSmWO7=|;S4B6hi7!a~*Ga}tEdjWmC(3K$u?sJ;6nOZBT z50Q!qu_SKC7A6fmxiCe(it*V(GXXWUwoF}Tr4|WBmC+VJq_>QQtAIMFrjk6R*5)~m z&!`|Y(8(jVo)kC)x0V`H*hiF0W_|eD*ly}F5#mNsqhtw{IJfe^In&zk6$zIt%~z2$ zZ=nD})^hn!_23>z#E3MVJu&K&kBlb5DY@VM87yAeI*C$V*X}r zljl{7iVTE|Hr7s`U9=prk4YO9mlSDjByWajl(bmXuEtm?DOT?)3C&|1IFx{j=2wCi z{_h_@C!#T*V&^Ah4)x==;&cNFU5n4*q<5-Kyo&ghH_f4(<6>Wn9^*$2V&p9JW3;jj@|hcpp<0_-A5!q5~uez zNEEf>%Ck&IJ)~QOLc!N)%1y(vhi?y)p>dj>)*uw6#YU}eu;kIpUepKSDsaVYS}r{r zWGSup@S{@$(?w-etN%rfL*%`y@kM0~`X1>Q2DUb6!_rFmDsByqzoqg!Zv8XNOyi7Q znq4WDm0L~%0Ly0HA(13(638GSG&@Gy ziGXK)eSx{e;&17#nf{K901oKFNOdNW;8 z$^vEMK!N%1`L?(Ea6Os8=es^;4V4*F`*+h@_W@N=ei~*)edKqMu}5X=dg4x`x-fBP z_=IE;UfFgzIrp=qs~|ZYO%~={>O%3LQJbmf{zSwQ{!SPv(0>?0H!@z;IOoYSY$ag# zjjJCCXeCPU1c;MD@YclGg2McZD;UYpFrx5Fvxa9>A}T=^v6YD_2&2ISCDw~o(rNs7 zu+>TZI+QjZoKIA$OUJ#X5;Hcp=bE+`}Us7VlWw}^}B{|Yk`TA3*9FmM@`tmHt5w0|@O_elU zG&OXTK-w4LByFXW30Ilxo6A0lXI>NjBBH67(+-SAZz&%Vsf0+m4^H=t33=@V&4 z&ZtLMVJLCoAUczP7v&U0k#Xxj=`q8mt-9a|{2(-r4W)tPv7uHYE{gwUG-{mmyoWDN zIugSPnff?^Y+@1`6mi}5)%cJou4m~_G$Dr6kChbraUzLCpmA)gY6ZevS}jbZX0n1Q zWWt1W(D3`g-zI1OapbP$kh<{3GH)fPd+T~|joPkzP2xKNdeGbi5o1#9FB+q9BTXwZ z5AfdoCJEpwW@Z8fEUt%y2Q*wme;17^#;dKOTnscp9hxR&bSCg6dl?aYaM{%Fuu{bS)Z6JO^pI5O~v8#?d8lwrfBFp4$7we(v z-ojz>5^YDg9iU-{;=cr6$j9!@tvMwxUP2^jCFh4OJ=5fZKxDWwj+bl4Z|j-CcO0*H zkJ?LI`-$53kzG-I6#Z_gL^Bt$0#RXtB*q;#N=#}}D+l*lO*u|G?jbvSi9V)XYyE5j(9b7f+tx@KJCuVXDSzcpU7xS? zy~&QIkAQMb@A(iomqQ%_(v{7_?*d{ufPP^7Y!E8oGp1QhWTmapbW>+mB&t+H7B*nZ ze~J13OtZ+NIDq`rfH%q>^N+YYu{1I*DJMR(G3}9VBtq%)jBPMCwN5V2!fjdk9*bL? zeZdPvi6YU~TDd3E;qgh|R;$rQi57*L`QEd0zYFwk)XiIPA%b8OZdV~px@4<_l^;0yyJ7f;m_s;lp_UW(>PRQ~xJW2hnaRjznG7P+sxbgllu$~e zdopRKz$75>`x*g3L>6303 z|Mm3XIs7a5F4)wVjQgNmH;Ae~D0(2#O3>|Hf9dPBfjYbu2L%)_(CB6YQp12Mjorcf zmNFJaAv^N)O;!*=HO>>`DYTo|Y850hRpdq~t7r|~$QoQJ>a9x(H=8rG4v&daeZzfe zmzE>amN)R*Ic%Y`U=JDvt>u5fGNE|7V3h#zYJ7ai5$AB0Ov3lJuZ`Ai(+DLjCuANX zKnKi#eNQh)`4TvYUxxS22W+}QliVLlCNMays^1yPKWEFnt{tn*-zbj1twLh6Io0c? z6ygu+*6RJcFIWXS7uZy2IDrEYmBhms?l86zD3K~@DoMiN+QB==WT%+tpG3KuELKwT z->95Jd`e1~T4Xf3XjFzvsH4~^2XeVqm=ZBzF#mXxlY5&{?s_Vrd7t94*WOE#)iXRa&TeUdPe`8hQsb8#jx|uX0X)^ zw&(29J2)iW^rW-&b{V$;Y*YFPlI0$7b$JJNvmVw_VlLa;%ZfGqLi$W!de!MWoY)+` zWi3iz5eN@ZIF6y~_*|7>Br!lY>`KEfu0}xzUa5Mt<+w)it2n19eXVQBu@GvfJ3jBm zxvjxKgt%-9=V7AS@+0xr>_+TO%dTRcj3usR6+T_@f_P6$6IA>TJ=W&Oema^Tcb?8? zWzonBjqx8f_PlcJ{(U=t3X5)MQTtU|kUnx6+Jof^`+&C7dBd$X=`1tYc+q^F8A%o7 z0?Y;TarAc129@SADR6}1En5ts#+FN2}iE$Z;vI1{@gWIT58saa5_>$;%Ddv z!I>K9N{=w>o_>AD+o>xiQ80OF^gXR&q#_+jWd<{M%a-zDa9yDsUtCAW4qt^oH3}6A z^la7o^H95hUbqZ3kjK(((T2^wbLn z!D#d@oUt#8aqtF$C9WJMc_6iK>wUlSdN`Y|qt)hHT1(QhuxsC#Lk=h|###oe5HxC4 z?LZ>!+91I~sY&h9wl~|K36J!~va!4tvkm*CWKoMK)4(NEPG?qQCk{!QgNl>vuqrjp zkuc^FSIEY1Em#zEOtUyJ%XL6+9@s-UmOPF#x{ zS4IqZF_F}wO%+o~Da>F^?ZU_4)+!JW>bvn0V)lyRJSfg&>97L{e2CJS=v{oq=MCWGU z%w?@Ij;+Kcc$t-6`5-h?MKdm3b`yD59pop&s}4)_#_Glzx&~5*SQM`wKX&)d9WAct z82g%my0}!&C;8o2{SWegFE0Ue_4+TH8@sple?H6aX7~R(^OBKjeQA|N1qMTw1+`uiSpt872?x@43SiD~N zQ&ReKCSI)1#zAwI^rf@d+L1#|%!APt-QR+&wme9=X&yRpRu7zTB=w2J?L7#rvA|== z>*2JHmAU?*H6E0o&0o5Cnw+DzLzkiE(pP0G?u+;QJ5P_C48WD+C0Mz(s9lQ1LlHcb|Q za{F}6S1Pyb_>W-RHd)E656DjQQyKUQD3TfY(ky_F5f+pFC>;*bpN1kg#O|fsT>P>i zw3jMrYqx4Bu-oFGqu9GY+=bAtaZ00R{EIGiKY9!gO1rds@xYTRbG#PZc~F?QerNiz z+@IW)c2~QbPcjT;Lp5%a!%;tXx#7aEbkP4uW8jei$JXXGF0k6m0XHa6U->Y;d;rXU z$+Bo(ydGRGJ02(W&ICOUqTckhQ9pbakH;u7PRFdkBDW2z>&uSlCnwrb5Cgg;pk2?! z#%)X3 z-6cGFUqDy@HK$D<>u{J9os*aNWaKS(v z9I8_s7Va_;tM(8z2MuTK*C_Q(0T0S^ZX5bOYrF~Sf`}!9RvFa*`;UU}^sbd$9_5N+ z$N1-%dE3FWFncF{s~k>#ms~F3WZWfL*3KPF>X9s_VEc=Nj)R5$(mv;e0_{rVtf2oT z=*i9>gJK)PR7Iw(9Wt4P>p{cOT&&fVrg%xB{!JW%k~5$nD-6F5dMj6%D`GjO9OjJK z^>Xs&A-wqZct_bocEN#4M#;=U8`Nz6imE{z2Jht%MmczxNZEV(?3vU4+>{7ntIo zc!{Ai?J%08iSifgApT%6i~0$-10h0s;=EPvSn+OO2C5)70>%!UMk~SoU_grRVRT9r zsY%C(p6tqvz;dW3s)wpN6?u18Nbg`7879xKHp<#k~3fpq0)nM5L5hZU<^ zOQ5`cTxd>8Hvd*@5^LogeKrD|MZrq}P+YvWRd{fhLSO;Cl)d z@r3eRmcV0$Za$fwoN$bYo7SLRXaeVy%)!iX)9G~CFz3@d^DmmN;4^F(LaLN??4K}@ z1^!?>?Ez|c=>o9emcVc+e)ThV?4{tv)?I~7K2+uNTlSVn5P=1P<+Sn-439)x%~hlC z<~CBEnZw`he*_o+wovPQSauytuI`$Y-IK1=djP0zi(VV*Pssav`L%^(KXTYT4U9G~2 zj&+EV16<3H6rhB|mggLa1!MExYWHa{cbNF}U`JN&{$HRmt`0++8r;Dece zS5-!-lrFos+{mTU#aXoc`lx75h_azg918`?YQ`&wj14Ot@A&6E4Gyl=28;hrEs(EyLcf`&kyw zu={h%WCUHGw^?u0bZh@~EX#~<8>cQ^rWFIC=2*t{^yLmm5E6N+6w&D9X1M|`ws9wE zI(Dts;tK3Mqfj7Kj1wgW{X%&UIGuR|^*PREd=&Enx#*k@tQ{>*4{8MLjz)n3$& z0P#Tv(NP(#FPjzbKbY7<$wXs?F8b%#6>}=&aN~=kC+k?99y$lvmqTDWVXkCCaV>h# zEI1jl^9Uf1QCwvao@pJXz_s111Md5qxKze}ThYjDMNyq@oK0j*;Q^m3{XDp$1RgX*U9)|LCd z%JP^c5%o5MXp0t}1Nq~V(t)r=`GL+?;yFaqs@g&CdI{}R<$4)Q-+Dcpjd>Txl>5iUEzg9fdg#DZ4v%Zpb( zA3T2iN>q&7UtkJ1Uz42j`xb;d%j6jqTXO^jX9BCKh(8(aP~t z6$AJT4SVBZbRb&PfIYu)H-$h*vooeX3f$e-ej3t37*?~iFLV;d^h%g26J9gtGB-_pQD-n6n+x3a#CZck zXvzU+N9LQ#jSc=#zRqx+4Y8rbPKvx`Vh^j*NwTRs!m|CB; ziNE}*QI_=Up$pyc$EJA|pImxQV3i)0%8!;05xUBhep48Zxq9bdhTFs%pZUHDs=9@h-6)51f^fw%(drUsRxsy|c~W&*JCqn0P#gd-tA`bWh4GL6dgci8Xwgj!L)n zI}oJR5RT@}5;vDI$lDg=@VrGXtiv!32VLbD!7=22rf1FoU0Y43*ys+-%x~tn^V=VH z(G1o_6$1HEs-XJHka}+WcWjDTtDmQnC)jS@#`5BOHeunDAKIVL$#5R{?kPG**dRCQ z3Fx*~JfhMa;2j;J`_E8U(o|Wq@Xl#el3Hs7i4s^H_aTqAaEPFv#?Q07Hg{5{gC zN1a~RTra}nPicPlX~K^d%vUH(VQ}t)Yc5y?R#`bS725a-Pvd>4M4ssABd${n>R4tiXVP3h@#fuA#|Tj zs9;mxhlgP@QNdaG+GKnBb}iYrzw7*N*8bb=P2*u94tRn6cYAkt+q3^}Z*Fei+J8UC zZ@&Fk?dKP<1FzIpg8eBliCL!;JPk)cEK#?XK#%z(X#6mwM-Q=wcAWmWR>O$I@hpo^ z&nD19|2x>)*xYTw|Lir{z2x zW@6yuaQ{a@q`gTRek?3I5?~aKkpwN95w;Q?+34ceev7t;P?GkulAq6K6r8%ym%Endhz`6 z!Rvz;&*86Mg8k?J6a3e~^T*8~ib<~;y{AwgDm{zKh~=uV3|!<4K&4WY5W+spD>@-~>l;o^y>4!1k437?0wK)O#vS3c9JmHz1`y=|~0=;NIbW&q8z)Gi9=0 zk<>;B-pLsN)A$U5w?S1g42QEH!Ls5X>(eBjtc#q74}i4RZopgMXFk|-od)EaGT#B! z+;t&v)cm@5h4WMk(auweFY1Pq;ybpamzWVe)4U7N4k#}(LFhpA;>#j;Rc*si*|B~( z`0r;=f(F`);T&xSIr%BBb%IgKanTdXw~8A(0#rgL^qCfsEFTA4v<~Ip#j)|f%;I!7 zH7~D-{9!GFJaOi(zA_V*C&gKImi4Akc%e9N%K7X59t2kH5@K!(AK3a-GezqI4=IdO zg$u{R56^u=e^Q#Mz|J_JdMsd#m$bk@^biQm-^J3n4@y>9v*mjG>5lca3#I7=bdfG} z$G{Y>Ql|iw1}tJzCfQ)+1Frt1$^A!}rnIMvuf;A1ZzMw&+-*uSHoD4gH>FmU2Ihd1 zI4NX06apNwN~>%ds%vsN9+1)4dWStWbYUlhpJ*sPB<{X;kop%yRo~q zd=L1w!8VXiEz7$>Ftz5SE5zHi;eKhWs{DQOGmexUeGAL&yd}l6k9CnI$Sfq0o3veT zF>MzfP8Cfp{`rbj!3}}lN{U+Oq%{6WmL)QJVE_H!|1HdjRX~@xA0qEDZI;m0ILR^F zv`Vf3TqXSxYGC=ar)LBkjIj?egN(x@+WuIz3!G4B4Ms9wTH)}f`VKHfo~qNYfl;JA z)i(cPyn~5wo*VDuMe8ilYcZij0r^%W?ITc|6cg*}>8q@doYj&T#|#7=Q^TzK5OA79 zSiN%?i+=r+e-cm&%;w%c3^_kD@n`<0&A>lCGz+W(bQWeK6b-sKendCQ;!$Ovqb594 zW8##VE?TEo(?pVcheNYWXK+4!B%|__T{%_$DR=K$rR35VZ>h#|1+T3BJNC(=(qF@H zLWP1J{D`zPn{-t!ay_t7$XQGTC3K+c3hVPv&>5r`8YjY(cxPyorRW~faM`OimH0-d zg*9DHk7^|W1PtH~Sj>)l@zA&%J#;5yX_{XZFcO)o{ULIiyU zel5jY_-JQko>kNf2_zaq(PLqPwRE-YhJnqvX{zEVUQmG`sXAQ7(V%LaXE3IL zwx(f*8jM;M2bniTO|Elwu7yM__u=%Z>ZJK@J4kEJsRo*ISp=%m2;Ni-Pr2P3DSNwXLPQhRo2ub2 zYU>8hX-5DV7W|(m1MCZpj!hQlsB9QsgtI)LWr%EBg>!d!1Z}}IafFMeQ$hFmUxn;Q zyg6JQWdIy6s*GsJMk_?LTOS?FZd%-4lZ>_a&dyuqCUIX(z0G*>d87VF4qWk8&n4A_ z=ImJ);tn3jpkgl9^oadFUS<)nyi?BdWM5mCox&rVXU7n~!X;{dP&FrU;j;(dvHmFO zqY`>?edk`N1$6jTzP6E@G-w zFS|Ul^YAPRj>dZO({UH&jbXtVusjL2x(J`AlV3nmvW<|&h&kdV@u9&-+C58G;7<4{1{8Nr!(FbVx+#U*Yr(;2xm&v2Fffgr= z`IOmkrlfp{y)f*%myZ$!jQS5rs`;fK>z7JGSot9T_(}O=N7szp+!la-W6M) zTjIV*=q<&Q(!{CO+>}EfPTC$YoQ(skOx5Egd~rP9N`~ReNQ3Fvts9NHVNy?ISkXyE z;kGym%nC5Epp<2Ywnv2C+D@mxBaa$|nSw4cW?K0_|8#9-1?pl|;!okDXHGZdDT#wB4qSZuld1{UcrHJSTA^>Bdl%g?lF( zQ-=Lg0T>Sl>?xUnau-O24{noEUlx!IHi_&$^V8U9&sqwtRhfbFk`dBos6|%2{DF2C z58#+wdJ~DUWdt_IhaGeAzl6&oC}If~e`gCgGRO6KO&2}e@V2o4rKEL99(28x#XP3V zK%9ddm4en>AM2{low#GaGY1dLlGIlaO{<-s6m-y_Fgz>E82%~OTcbRY6n`=&i<|nS zG?A!RYf%1qGikL-Z_?#cYAw;+tip=<7bP|J*a~J#h_AJPkuQwWcdBBi?NXS!kSR4h z`UHJ=5ow+sKz~+XFap~=E%{OvM`03)lp-zrdHBhI9q3i5raq}l?hV)f!Q>c)BtQ$~ z|E;|}KmX6x_TJ8|{Qo(A^XtFRetvnm|Mgiq3Z8+;+xP*VjFxcuZ1mSq?BBa}_`H?) zKdr?7_Uhh2X4>c3tj&I>!$91&S{3_afLDM%2pFEu;BjR z*}J#t>;La<-{$}OEWh&mzj8mn7%xz%+26d??BCw=U+FzB=uEj3iKZ_v&_CnAkZO^g zK3EeMsROF&OOC~znvr!^v{qmK)OqHg!qMh3BL{r2REF=|gaR%L$E~~X%7XRPtmahr@zP?bKG#THolkoN*R>i@{|)tS&3ngB zl}1yI!2QY|bK6>x_IR3~l|n90jvfRHI-B2-(~HN>TOS)0u)TTc>iXuWys@le9~+5Q%liLp-`m_R`2Xx} z-tzyS<2R50_xAJ4@cymV+%RxI3VfcZuyHFY+=>dHT2%O&1qJEmxjNTBTlsUY%w@Vz zmS8d625a^;?NORSIF@hj2gbzYXg7aUv@R*%WZINeZz=?Ttw_utAZ&^icO-zbq^>&t zVp|dVlUr)c<-RC`m7WPD>gp}32-Wy=N7aJzGh1D~9F)(1%wtDvJG#H(!reJ}`HLD> z?*Hu>GTxo0|qy< zn{pmatRm1WUM*#%<&*&;oq{3jS?X55V6pD^A)FsECfF~n`Y9iR4rZu*@MBO4@dZ#nNKMp$g62@wwedW4<0-?4v-GuS$04*j&T@o zpx+~1Iu`421<*u5T^_Hsg9ehrmG1bw8|Uq{WoM&G+?348od7*R!oSc-*_?V2hwiHc z2<0<7b|J|m=S|GaE3oFJ#yV$qucA}9D|mK4@E@?%oeclwPSF{YY~eE7MnvJ50JiC! z1$_DGG0}<<GBI2aU0MuW}`c+gv zC}Ch6bVO}X{=nYpOND+4>{2l+%>AY$XnKz!$Ov5Qvzm^IzyObfcccnMn}rT z38qfN3@TxgCYTll`Qs7q2`?5b0fxem`Py9{G2|M!yhPJTP9nPD=cx98KH6m9R=fy} z^DfNvt^=?asjgH;F+q!IGKq%)W&0ruJT0LxwZP?5V3JO&<$$zOY&r374I~420pW(g zjVV&i$OGL+F<1gNRti6jH|A4z9EuKbJ%bokr;fEz}&~ zHsQFazXZobp(rH486UX2-rlX8p$GF+Rt@FX@@HLtBquCf^2>G;Fe}WXmS08Vqnua-zJ7alW0LZfwK` zCW|>N$G!m+fLKcec|?1HcL2+sqzbbDJ5h=&-+ib5U7mOJg)EI`7iqM0RjP=@A|;76 zkOf>@0ML@Dp21#Jz{PFwz}j1AIcr3-rnSJfFNT1EFAON=d&rI4eNKF!P@3Pd6Wh4v7OdiBjof;}rDE-LRQR)Lv0%27{6^Zj$q4c1L87mIHB}4w zX9i-{mM)Mc3^Y4+eOx3_nW~lfAgJTuRzA?v%ewb%e4@*SXv>)0z8MrPQ~0As?}|^Ba~#yDqtxfPsKC?~?Q);R#~8r}8=Zg-n*Qqy;qcavkZ0lS!=~5;pB<77=YShvNV4o7pE~oCd2f<-9d6BWk>ZJ}YmxO(tK*73ucOIBF z(j6*IC%u-8)5*ms8L{4@o;jWjXI(0%l6NtkaKk&>raKE+bydht%mt5FyV3Z-nWlb3 zb0lh~JXoYsXfj%KsZw;u4M=fwQu5{KsH8&9ZHmcXNtVNYIEg3Tn6Iba4cBj}6t+^d`ZwT2hVGP0$(6(1<1y$S=&@u!nk;s?0D-tJlr(Q~}%7fO8 z{`6_Ae1l01Ez+H@^z)OQtOUQIKeeU$L;g>RbFeN-+o)80$dp_|cPE!~;l1nJ zld`myQkb2ic^A}~8I!H+YT@O{$fZyTacMf>(IOhxwRzSt81Yg%ikK~2G?&g_H9&FC z#No_JC;!MKVjIM3XdIW?Az@W9Ql38(*23g7o^@UaxFMOzIVO9h%q*x<%=A(o-kU0P z#kL2Qu4xE7eAE^bXOi_(cb~-y@v#aKh(XTmaTaZ6>w@gkG&~5)HhEj$ z-kd(m_i1Hyr%LL)8x|ymjV03pu8*zN^5aUDXqc`E zT3+|CsowX!Va0rO=V<}Jh({f+;RFN(#uo%vk!h7&ciDlf7w#2Se?P^VZiLUi$H?yv zPRv-=q2q$k5;W)VgxUIbRdDowKW7tPxa6V;2(OsVKr=)}6<3eiG?Wojz{nt|l!jFfJ0sq3k*vQE^6#(7zn{0m3#N+utl&yV|ngT^g`oR6(6jkbNFUA#ZtTj}j?U>EE z^oGfhM^mAq*xYUGW_SnG!*xGh%w8xV(%$xL!PE6C?)aPdgKBy`z@mI4y|XIDpT5C+`mYpi~NzCy~ce9Pa*U-)XVBQ9|QGL2?)heh9$k|Y0+{@ZYG*~ zN)8)1R47unTqi5<@6A|e_qTQe*IqSUC-p|#Hg*Ti&KvJos-oGK-EGS zXKd4F(fpXVt||(6zcnt*RTso1+0(-u9#4l0%7+!akDa8&h{^uwYQhtr5z@x9onHGx zv_?$?d{g-|BqeF)SV=-KV7c@khk*t+&ZJo(%9`#t-_pWq;AU|RI_gp_2ESF0J60{2T_ei{i2xx=2!ncj4y=7_Y#rug3WRxt&%# z_V+yNp|cN~K9Q)ykMb3I9u_?v6n`Y*#_e1k`?%PO>i)q&*W+eH%8y9u zpn}<`qba7Ul0AE`aOk{wX5EXeEkpu)|Uztu^QY75p-46AhG!;6U6GQz03oYYv#ME?%0C42j^k9^!<3} zKu28FuWIFtvVrA^!I7*%I=C2Iqm-(ieu0U0i72Iq0si$4-MeeVU=J*}0n5ef9`Hl{ za$F_OWte&i+E3@rB2Nu9apV25So=0)v!gqi%o-Z5Djiv`o~}7v`ogrjzXoOJ`oOm3r>f+xP`FPNMR5kAop2oM#XEZT00imD{=I z0qxGlKaA$yYijIS?6=e!mW{1e!48)h&4)D(NobuQ0xQZ$G0Ke6>B6Zd=h(&+Pa_kc zlmlASlcP7iS-BC0>MG+=kK|r;6{j2S%=otXRk4?Vb2VSLC^I{9mN*5?tdVHc1GR}` zzC`oX-Sez@9Q2eOLNITf#fw-mZvP-OUaZI(VaQr>NwNEvr2ULF5ORWXKxr+QNAv?Z zxg(UZ6pDGEftpJ)tlRw|(m)6w5N)%Sy=xvM!vBr<-S6I`E{eb#Z^^)M{{q|GoM3qr zL>yAL+Wr)!9Yq>w=c8rz0-M`siPw7~lJsxInZDlCVa*7IAwxH1iGZNSl(%3w(S4Vk zhM*)g#`IZS!M;$(MRQHqGkZXxikC4RX{6-Iw3MQfGRH)IT2N@iCh{tgVlAEerV1ng^bvP1w7Jm4(QM3gRYd zc48U1=nvVNkQqQ6N^~NnN7_+NrAv|_UK)sANI(${IrYl4eRxySC0=%FL*Rsk(yOT+ z3@$epMcy2QR0L8*l3q(H#d7*P#m#8c(YWkB;fWPr;Xr5V0&55f$6PVr7E~!~-7&t3 zr4cBuZ7$J@Djin&vj+F{m0m7F3{-RERDk#sC8HKvhpBwO#p{VQ)%qkAa8=8ZQyGaA~}P(m;|CsOrdj4x4XNHolVe(&?mt9fA(OU`jIW z7bZjK*+wQ;Msi?DIzzQki3i{i3{~*AA*k+OZ%yFMuZ-`yTO4@CAAQ-Z-WH~^tVT;?QJ)RR9dz_#1a z_a*TI2PF9T%CF{J_)Q}|_iv`0+73Jo$If*FMI*h~Ktx`vlPBSsEsgMM7c92B33P{% zyH&aB36TKo_3BkJN3)cFWuYgYQMB@1AQ6rrPUV0%hdxG>1=>U^agyL*&RyBUp3XLS zd|AaeP5i|dR%~a{09)sD6>Ol;Nb#R08UBd=5Bgr^=F#sTwEgJ=P@kf0a; z*e>MzMg+MssI}E&G^VRLRe~mm8M(|R(I3|7nH;tAmZU1noKp=HqcC?AUAO-Jcf2`r zu6eT@O?AmijEVy=W<=7&R2JdROp+6umxD`SNsO`NX61`lwQ9)WfNs=wAN%m%q~g9; zTim;=JW}Tzru4h;=_F-(K+)3vC0$UPzUZ(8hOtbb;h+K>@MZ)SGY9b# zoZklfj>qvw96XTbI2d4qyoIKr|2#2+uX>4DpHSfuk9LAy=8-Ly@J4-UM)A1esQK_p zX(=alH#26}iZ7n__TIg*Z5i_U-N8=WU9^L(!nE}u<4rw!3Qq@0xzjFZ^Eo z{SmikM@_i;g|3!uPu68-zvwF9UfT7w6b+C3^lHeM({<0~Z8+*twkKiTpAn4%FffOy zVyA3>bLOHxFu?oJPz~n7mMP}2fCc}*l`6c`Y|g7)izdiszOqs4qZDZ zXlLQ|DKus&@c1IFjH6#^C9RxIow+k;6NAA>cVY_ASdwaE~=?B`Rggki4}*s+^}!0qs(-39fH{G8P>XhU6VRT z@Tc$7rdXN;_7r=a!0I^;KL5A6M137sPiL&L7g9U=@eUBrV$CtM1)OOXy+$f^IlQ{b z^lToVOqT;Psv%z)I%&+lYp^s4#JbPUK-7aQ2p^v$hxiD63fcG6Rf`MSeP_?yQsuzv ziyZ@IhpUMl0WJpwnmQLN2*tSYvS_|q#g#>HKmXsC3q7u zzz@}I!4}45j+TKS`>{dtuAvddM$3L;QEHpYOi0q;5ql4--;l_u3-IkU5Bcsz@)$x- zaJDO&_Ga%9XiDV=@uz%A-J%Z8+QD`-e;Z^%hml0*#}Lbd=QzT5B52VNTecO98N&b z;*=gdSP^MDoh-Lno9s{*M&1>;?;w%xUp%mnL`18$hDS*RudEnqinkG8Kzzw2X;d=W zgrfsvqvivx3WruZTd*QZ^A=>WnM{GHQZ8F(aJ*!voItcZA!L%-TZnD(<%&^-rJB<) z0%yBQ)i@u(&J@A0S^xFN~bLEh{p}5#PWDCHg#}8b3t3;@50%d^hV4 z0^!(q3>WWr@5g>UTGY}ywHT4`HozaK;JE+9zP0&gfTZvIT|X-@D&Bv-^ZymY)923( z=51gTGjf6K%*ONS!)J;vyACWi7q^y4i%YR5b+FkC0JPpG!aiE7WO@r zsFc=qoLUMAMsFwI81K(g3dp_~l>%-YZ1*2?n}b*iRJHYJg~nud&esNqP45)NYaV=s z^-TlBqeR&7EMiHJ*#-bS-io*(a$eILCKukJrQ;uh7zd7HAP!5VIN|zK@I>V4vniV) zxwXI!rm$t;kN4_Uitz@hPdQHCyaW<>Wbs2p*1?l&g`lu13%ZqZRVA*#TowVv9);U4 zQlUVG88aE;3~|zU-)8%~)@KGb`i=-Fm|1B2O{Fj9YfD=YahB;>lBtsCkyU_`f7~^t zqBB}j8jg}pEDRakceP9&?N3%yBkC8NTF6!|!ng>jI(D~HrJ(_8%a^K{nvR%ER6_M{ z&UB3F;YUlhcauz4QlY#p^zM0Fgs$M&&yLM@DUuh&HurM_Z6eToI2lSVdjK=UR+FZ~ zMjrVC|4zz)`f-)R=T|T=(;C}}Da#Q78HBT22UZG< zdyq4@4DIo$f>F?I%T3F>WhE2sqNF7DQIXCBN6=I=PX|sfg|?p``v6$jwRfR$($_Mq zro=N`dt&{?AnCM#%~8KI>6Y{2$c~aP%-Ir4y3SX4hXr) zLU252bwY^AAoQZ}+Kza`h`~+selAm&&)0w1j2ULvZ6O6@=lF!1>T#cG@wcw@6K4BE z4fHZEMc;MLcB4u0)$}3-7?PJP2p;{%FBHsvlh~~^YPuBFHNfYS?W3q@qLV~-TP?vaxAIS%og@G&uFnktaLFds5xmCRW2iSGj>a0ywKuBxscdn-OrbjY{fcb{#h-q)t7={{Gj;}lvg z@oZr`?7Ykx6@N7IO0{v&Mr=y18KkW$laTk{5QAutMH+;D z^TIh(^?0HejkwCC3YcUv=3{2IP$40Av!#@vE3cIBznE!vhvH+QB)5ESZO~wQ7?#iY z13*bC`)2oMNBrR)iFzi9*>9zP(2xJOui1J$>}P9#ZL>e>=Nqr*`IWvo!secvv=U&C9_ld2g|5< z7`~v-Y5H}_dFe&DH7-gT7fbVw@gc(Z^RqIYqXbhZ6<5v{vA;P2grI_-H6+my!djxf z=?BsAf_XL=0TNtdD2d@&B~#@jZq56LD?D+79@K^;9dB+jGr}=&M2}-&B&2KEfXzj; z%c5|<{(JbuA?x=)GdglEsrACpjFRAot=tA*-HrfxRc{t2)&&dP&67Jr%PC~y_7OWU zsBARJ@hG*Tl^NP;gbk1#t!L3v+)dFz2v>t51Mc?rMKhK9*N?0>#IM{#eriPFuaZX* zt;c`L@;l|)NuTPIU)}u8f`8J<>?CQ{Fv{6wxA6{$*_(X;{DQaI{LbIZ-sI}?1BQ3! zZs`C3PQR7!{{H;EHd=@2?>%OKKGGAwm3gizSc&a8>N^3_gvk2Xw_j}rBEl~%;7sQ| zLU~mY70GE&i3GI&VBue1_Yq}GJ4<#sPapH$HVQAoQ}Fi) zw$_{}!8zKr2F%w9X>KjGS_HEu=#LA$$ImILY`j`5ONbV&j;Hk~t;OduWX{3-XO*CH zi?k0g1y=-|{nEKa`)mO`-rCx=R_!+oXT34x`B|nm@O+zUZHK>R*2hpr({E8#sUONi zH*OU+qt0%ksJ-fa*zaZ1d_?2F(&0eRGvI4|Lpabg!~21zRYmZsnL0L6IU+O-Vr6O{ zx$J!(;j=y)(kk$y5|}kE`tL4n_(DWx#lDGNL>7ui7Dvi8YX`BAqDoM`o#G{0ej3%( zKr=^HR`OY&EKxL=JA3uW6KD-`S}`-Ux94iHp&cGvDf%V+?1IU^sm{g_4!d)c zJ`sU<5Ew+f=#fs~R#L9zidiD}QJy*fCFf;&YN1vxAiEb+?Lx1Ta@)|gu|eoV z2B!0akB=y;x@XvblOqvyVxA4V6)=Z-Ow@gGCDIO3_pdau>Q|N+rzWQ-87o6O zN76bCy_Cb3KHrQeg(%cZUo zy;+}X`ZyN%Y`a_LC9@wbc%W2d90*P0qwT=uznZ{fl`V- zIC?6BDqHfAf5O-{6v?j$;oze-GK)YvG2>Y&87@}Cvbf8LV}3&d@Qnjp!VX$6rQgq2 z?Bj!>sAZB|GVypD=$FhgBkBXqQermcbI^F(3s@(3+G58MA73pDZskcefLYFhHMi2=3QRUJIebCc zYOQk3)~5DRrH-k)>#0>Ioi?IjBzulA(9acrv88F}CBp9F>LZ1Zmbs)M z3jXX$FMAb->>oLXtw>M@a0**Rd?sR~jZC$D7>E zC@E7yV;C1W(<}isGYhf0ExYy7XQmTx`_DP)sr<%0w! zju7#{2E{y$IE*r7--FQXOmu2!Fr6v#L@~*s=5|?7?!1>si*Xxcca(zWC&CZtv2Q2q zj5c+c6`;jHEGJs9DI3i|o=VH4cqN)`(EjnZ@Ex2~7HsNtG7o*QF0!NMR!o$Pu+P<; zN(3elOvkijmId)uULFng$R;1o+%H;&SvzZ!RS#V6qO?^tB1=}4T$0?iOh?&(Ue22T zY>?m^dW z3*TYo9mA%JJ9*5G3ror13Lb8jnBoRxO#++lIlIv_IqLi;9nZ@* z#a}?d2~m1|S+XzHn9|=5b9}P$TT;lQsukU&YNf>tK!;t!=P>0X>w?L& z9C6gboGV-Ka5RII_&~*uS!EO~`$3bc3K~A`Ob;X@vn}UzJfYwvC1$-;)mrL-xcRe; zXPJK!+_vC%F=X__GM^mRa#X?B8M$wr)LylLeJvH?S2?H1;a;jNC!k-~p*r+s5!bH| z!d~Z=Z?)T-e5qh&jR&u|uaCHkkJ8H5C*9*z%n};7qmC1Z%P>0>4wZ8Kmt>jky6e$zyIlM^=>eirTNSs(ldf=8x%MLBkTXnc( z6d8o$#S8H0T9+H6$(R+QKhyilOBz;r$3u3%79q3_}Mm&_$K#hce;nUqVeSo{O{Sg~r*!)9v-2cJP z?O^y4Y)*gi>@0iQ`(-F z*bae%_J^9;{j>{*%CyUkqze~_+2qFg9UQ+3Gn2VvJzM7^%sIA>^v~0tR@iU&(PWq5 z#+rQtLdjQmcj|Ngd8sgf{mqTN?N`0QJJ`75`zL(a-yJ~k(*^jhm(S~axAtc3=;S-y z17yEB%=iB6ZTH0jerfwtfnM>>8I1)CkP6haHKE)#ac*V{0v8u+V|!Ou$tNUh_tW2b zC+f;+AB=rX6OI@B4Hy+5d_z?zS;+~J_~X1BGim^<+2qMoCt_?!juJqVVo`y($^{`^ zXK>3;W9ZK^bwb!KNqU%`Np;7wwe7a4LLx}|evMd+AFN z{@HRPp+M%bn_wDM=$Fpxhj_5d%N_OqEU8UNn`Ot!z=SXaG9!*IJ(g0(d#F#XIXMu}6xBe2nHiNwprOXf0K4o8AKkweZJs?X8>&~(Tf&zB!LX34skys#EROWjxf z#mhI-;66knYvsfhTf|JiBjwAD;=hNQ7{!cq2RG=?6z_j1mOB$g2VKi<*K4wW43cvo zT8z}NdN5OJ5Vj{HfZ_o*-tK0S=uKuF9^vk&mIn}F?3Hmz_z}>?32mNEz&;g;}AMYf2zn@WxM@oYi9zmjbR4~Wl*I*nm zQ!Qg=!a@|qL^mk!xVq6RpRu`WXsIi~0ne$9d^=>dwPwPzOCLB@@#f`hv(5IAS3w zM8f@Xj(uytz5RiuCKTJ-ElJcqd%1E!Y7euH*|~6PzVJ?pc7fO7(4qtb3H6#UY}&*{G@{0To|Z8X^zc^+o_ELRonOa)gVO z>ixg5U@R{=+-~(Hraj4?5)QbUHaL?E^Y}i$<=vQ8bNe|mYo{yS5KF@Ye}?#fCb#YF z5%1S+jGR+(eXke)!h{Ep>o(%HTeey0*zc65^?|Vr@)kh3&?Tu`_w;y6U9beGfGF;L z7WHsAaKJgfbP!jAKv{^NyZZ;FV{w`5pz~<9`C4Pq~d-&P`Jm*c5f!_Zd%#ewY7J((h$X) zH%DWnN=&x4KEupTb=5*dG!mIFA=XV^8wq-Bec^zk-v0u&S;tZ75AmGS6dF=X2Xw0| z`gozRMGtR^p4-+|6~+MO*hcF9FYgQuyAWPWr{1GQ5GlRAQHc_?inOhvH73RKTLz^` z5GpTwLpyYXf8pbrfY?1VOxxy`ZAW4yGA6B%nU)>8RvsZJTss01X2(jC3*!yTd?-$6 zESt<1T=matRuPk^97Vb|3ZF;dn2)Ab8>P`Dk?UQC0Lm36rrOzpp(}?@c3LgXD_w}O zzSx%yI*46hWTTNqD?MksFM65^ zkdAYK*z^UriEeiW*8};yUe7IncaMerOJ5lWV z^Rl_q9Z;6B#sgdwmrY6=bKyRZ{dRggr#RrT@Rq6Ek+cpKJ_CAW%LbXP9?L1yY>k*)6i+Ft);I+xAw+RMWs3 z52|hxTjZAt={cCGF{V(t@KsVIVeRLhh)!-dZ+Eu(M&6FBzqbk&Q503CiLw#Nn|>cX zr(?F2d(Y^4Pk(p&H{rcC{s>D6%%HyhZ|eKs;@iP(ktqJQxf}B4dFF@QT3*8UCW~_* zj4@#((EFj;!`~7dvNOjtCqu2O{w${p9B`AX-`h8chzdsH)HRs#piu9{_QB`w#%^%g zJR>)4UMCZI$O}_DyFFD8J8W(u`vI-3Vd6Hys5=|)`V7()>(l+g4Fjvz1K zj5X>PZACUr2u)1*gI8-eZ;H0R-F~vR_eQoS1H6l5EM2HJ$TD}Ijsxk>6IrBD6&zv2 z2M8l#zrx`ZhgsB4b|UJk228{(4|t6t@3wf^z_UZV*eo^{Cq{|s@RU16vj9bzk4dcs zCbo+N|uMx`g;Q#Ck+b(86U$z3Vm|r;%;dK12qgQZF};0UcS# zA*w_2(W1th=*GHe01K$Ys)PBLM6xqIGOd=eFqY#DbZ(!71d{=t`XjpWZ|@=$WN@qT zTr455G!vBtnT9Y-mE|ul9tv4VUB>W%#133F``a$lXN@UK2bKq9+^!ke*p4$N)z? zWjXyJByLcMu8p%|))vqkVgc-#Y-ooQscNl)rp@N=)>e~S7jAb;nx9!~cRK|IHdCZ1 zI0vA@D-N=u`9kEWGMg}Sub%2Bi{vyyX)Iu8ql~vzj_#sDRirO$CY_HS-p&4VquJff zTR6-@85p002+SylR*8>n#egP1q?pN40|*J{fN?wkg0=qy7<8wvKNQRI)7;v2x!Seb z#?IE)-h%$f%;8>%$0%_YOy$7q-YC^$q_QZSYM?=5sfRH!c##r&L=Zx(TbL1uy$0$Ob+M)^yM(fQpk z+99u%fz_K7cvC)QOls}rPg^=*q;UQ1=XC5ftrPK}0_ceY*}AkgHwQ^*lj}kIZC3vM z>6>4V$N%SY|7=f>fTv#&BLVz3A1Ax}4f>bA8>ju3AphtsiKcA9H!#shYJopAnDZvl zXPzFYE&tvkin_gy4-lv4-V1sC^+^dLo}TD16s0+4uMj=*4M3=(tKx}@Ny z7(E>zg#L{P@py=n?Md7e4I6HR*GvvJ*ciry3B$AW{+9t0 z#9ag;7`S@U%=i*G??_blLNmajZJCPi@vOq`oC)~is|%?{;JIY;!YZON-iLi+cEY$7 z5Dr{>wr&c8vp+IqHAo|eY#%g~P?eQmb+R5W1{=iBx-h{{fAAgC3id5=1OMfR=uCr( z-z%k^Q>ji=HwMDoK-l|*o~YDy*<>t4^E0w#$q#qcg13kSTL`sbLM?=v66NEnq%D{g z=g6FV2wA(X%=|k=@HC_Gs)7i&at~&&KT>qy2+~ZMvqV1a#RPoC445v`NHg7 zmD)OexZp2pE&Up}n=?qy3vGU!pHpyU)&2_G&`SS}H*kkMAhiLI$e%3?(fpn+18#0^ zVuQZj?{;ee0P_!DgB|yB_$__=)lnG`|KvM<9xM@0{%FYuPo9}Ozn{&8+erTY)ICsSUB&iJOxzA2;30@wr>>gPif9r>Q^*)Vj z4_YrX2Csn*QW8tjdO_w{nt5e4SR=SXCQo=Foafs(h0u6>_@%(+fucyZG0q?%K9_5h zOxR=n8vF4CAQ{s1axv0Kyy$0Vt_;L z5RgbGvI$>A%ZIS&%AT%RlkkH$C@nDR{@FRixPa=us1%z*`#Fbia!z|&R{`T{}?lkUhg)^5Lm0^~5K7zV9j+)v-l~g3j2VsGF|Mt#-U5fUZbz>P= zz3A|Ls}q75FL+^Vq$Jn&g-oO#2=pi59)Hp3MA$z_WU0D$Aba;T!>B11vroqO@ynp8 z?Ww|^#MR)Jt`sPCwKGj(9eqH&k_Oob3&WsprH+k8^sA!9-*b1GUcGsygC zJj*U47c-PIfn`Ywks~d!1=>8y4|KyyFf}j}k#wY|#Kg4Ao`XGmh&~lU+ycEeNDF0g z>tUx^IbKtY;Fc#S&?KJu3H*J%q?(PCzMS+XY)o#+hc_+e=2$&CGB&B&B`4S=$E5v6 zx8H7mkt6hfV)3romHq|#96qzZV$kpP_&HpJd7t)ingoOZbdBe%0u|GGCsi3f6l9B z6-!|g(X2?c8ezzv8&}~KG!7*ah+#}5?=kRi|k=VV& zet(~_KA2pyJib&?Jyn;8xdw%N__j9~&FiUcZjX0=x;Ju{ec*|Q5MxnOdeBdsp9>ya z%?6{NVvQE&&lB{l;d*q~qxe+=P>_B_>|eRKAH z3%$-qjUN~U;9KyJILWB}!a4nAU+A?2p@1eS97zw|t#RzKM4OT(&Hurf?jGWpO>SV& zE(IJTYMcczIYr5F=4R}7DVIX_m+I2pP|b(y8iKCK zKv1$1_Isft*(^63VJ6DYQfQ*aQ36SWtZdU$U08VLJD@o0hjo$(0y&hK)Y=qWof)>t z?bUFXw6qWq-M<&i@uRU$5a~$&}gW;YHGmiNXz8UljF+*0@Sx9ofbrg42a}R zjF7FMfUK!#-L@V=oUw^o*dTxnRjc1eWVjIK7Luc_yo!l4gApI_Ghg@N=_vnhYUSE3 zNz!Q69>aqH zE{RY|KhlS~5FtVaFH&5dP@)TUO}nE9TB9q&hLIZb?+Ku1z{bW4?v$J#IpafOJQe_zyHZSA*wiPI<;Smf*%tu1Rpx2ZFvH%@<#4G(Phex zXPh}Q`ngjVAA*v-);MCC1NV)1Yf9FPKNqYJgRBYNq6)ie(~(593n{@nHuCo*B0pNR zCZz5!4?&>N<8N}%{TlcHjib*q9Vjc zOy?1ME%IlR-KApYg5HDDujjlgfNXFYDT{GZ9@aM}_IL}3zEfQLG zuR9vv&+pm`JKifpVybU1lWf#%JZX?S4zSB|S>f=Y5^-6yuvK9oG1{~6SO*IiA8yC3 zfuw@dvc6`7nxPseyC>!4V3yUCMxMd8j4x^l9~e72%rZSB>wS$0tbsLcXL8mG@n?}M zG|kMEU;LMNM-eHj6{3`|ecLF9G^FVVru#4buuAzop7sN3N=z0jiK?F%zZW%XCPOgR z0G2^z1GZ+}sJ)mx0~&Hve-&O*+kM{yg_hmIjp0rX<@l+~O->j0`{-X$h}tW74C*1d z9kw2Rx~ooIZ*JF?9s0|XO2uiPFwBQ6zKg2~&Jy8F2*{9p`Xc}l1Ix^X_c9_U8|TDe zoop;d{0$XAl>%hf7VQB9sr4{F1Vz1*w1^DpPqCAm(n4Gfj(nzkYP$EbD!Bf%fV@x` z2<6n!-%9qDnS|}?JY(h35>@=e8xjl)Bf=15!gcAmYM)3a8ZS2<-WsiEL-Rloh>Wp; zKTZU3v!Bqaj&9%N>2E9?Y-eL%pb)*(zSzP;9U^?!?{m|9F*!LvZqKD2iRcxOXw0Wi z5gEyMT(YwIKIP>dD56qDbab=up{c#lPAc}`O@AugDbye0MXUhI70Hg9MY?c1=4ut+ zDq>x7X{_olMm_BSjxRD2oDTm0!!!mphhVzEM-mpjL;y8XCbnj^2wCA-Rm5-<`8a}j zA-#omDs@taool0J6s4(-l_^ShG@6JP?HV@YRU}a?8ad=sM!Yn+jdCGlY_#TLN-BAS zBo*c+{V*@OLm4EG=o{BIqLc*I2-U#Imh8)i6d{HAwwkDb1wXmmn=~4mv{+EsS#V4s z6(BNv8q6ir$t{ysEJPAw8CF;e&!8HC6ARVfPA#H=qg-JYV5cZ4qJBv@N9BV~B-7kM zg37SAM{RAE!_vV)hQIsUjZ(2Rz3fvJBc3^h)}E!z#Z<+xZa1zd82U~>BjyO`z`{i+ z|M3_I#TFwnE4}FF9-C7rfvn@mJjRomBL9b(DxFdQ z41t>!qCmT~3!VZC z2fO*=z<{g!6Tg~4TojsFFvEp^9cZT?E+bh_`0h@~#!8)z=*3zR=@i03B-T&B>=k_Q z7eJ{1MnJj02w`YiJM3d%kHRo!_oDwygl;eNg{^>TYOjqZy+X)k|0I6H${ot@UHx9l z`3UTIG-<`65o(?0!exIjDxiHq`j)wlwySUnTlHz6wKI3v8;R=iwhB4nL%4i{1e_p}@NBG_)N5pg zk)J;{`L%yC{X-rJ0oox=noO!$fx?{&FJr>tPlp_`ik%-jUCxIej`wMz+t$datdiKL ziFe9-y7)eK@2(yDW53)l>v=wa`3AeFm?b7F*P%qNBo+-lmp{p02FTb`tmo_MZ*&Ko&C0%rL|j(=mWR?k$5JDMIybZT zdi4{)EmPea8wO~^zfBd7_up!;C#QNM@fIc!Z2P}@*qi@ay?|fp#9%ZVX#38LJ2C|@^_(v$cQi0F3rSRhcK~`d8N|UBrbng$N z#z$xt0pd0y`4>+((7Y>hatk0iOjBa*gw`V5(t-iA71MnY>ZG_!WKYwq#nD`H93NDv zN#qa`qkG!IF0tWLEQiE?810_J=lB~0@_JcR*8LG5`L%ST*I$x&WK1$2O5E2!G||0h z+4$wNMenRw(d2Tk_C&+>=EWK_Pu3N5Qc+7#dSj8PL}Xt4YLcQZO{fX}EK7fyFgxXZ zU}Ktu2ha%U{Q9oYi&%)K)&ho@LM0_wPI{>1gYR`QduopmsY0Qv>~$vs1RIcEknOYrz09mDin%-ur9s|Gvi-Ei^wmk zNP);T&fu?RVVNB{uncth-!fmekX57oPG1#kVytcYRjFkvzYc(Lf%&d1OGa4U|LNF` zD~)l$K#o^lAI6E0E*f-#D@$n->5c_EVwpk|BU|aX_rg6KSlBW(4H zttExVh>zizcMEaL#SmIlScrkmP(!<$>+kp|;5TfblLk)AgC*3n z`-B(mClfugCLy4m^p2vhm3C#=-pb{t+e6>A?}J-iJ>J^-U(;J6AEYG3gF!V>NHG<8 zTchXsjC)HMgk#Z&D35mwlbZl9lv z!D5Peg!~qR9+?|S{bE}b6Dol-i9@xp18^!VITlB{uwN!?shE#?C(Y*e$Wxo#R3+hI zTKZMUbEmuk>Kg(G$Z-3s!TGOn$ne?r$^YNKO4(9!By=Fi$cI=aOCb2-39JC6taBT? zVMfl}Bq8{f2%lE%%qpQ0b(8Hs8?m*Fl#{yBm$rg~t`zu?*pjqymO}_y zKN)P*n8QzOmF!pKMTo+QQ5IJ|OJvP>J{lZ|m~JD>0qsF^0dV&k6n=H?eE&4Z0_FXD z5N!-VgrdTPxJ>xFN5aQI!r^+E@xTB6G0%Q(ZHu|z6aw|26oYvJsu#i}CC27Ah$;er zjoD)UA3JUpTZs|`i`i>tW@ct)X0O>^Gpw0m&CJZq>@~BG>6qDTW@ct)IJxgVDSwHg zC_hnBKh>>iRZmMZqtZM-6;N-`gKDvA&uu$Bot-3|r7j>Te8K=QU1O9T38}r5JJOfr zQ_i^Pwk8H_yqo{s zC(6b~PTL#F|M(0H$aBAy{?JAR0Xq!FKrO(w#y;ovl)){Zvd-t&UhLV0|=V)y3cJ@X&_3M~j%grpno=Ha4}j*g|S~xktm;zV;a@ zY^gKktD$uFg8xTM-IJ*lx}8xYxD zV^<8-^g965wX02T#Dj?s)Hl1_>{~V8|BYbMIJA>lxSEZHq4yz3)(8kFh}1SA%R>K8 zj@QmwnFk9=5Bf6&axmTPG0N0rqVp57sDWzB7b>a2eDs4GwUr*VwLQYfgphHeAenY` zy&N&v0Q%K3D#*ZsbVnQZl3o4%2U^1f;zcu5A2Z-;$My4qo#WF3CBVP}>ASYrC}aIm z8Sk_660GO%>WcZuCzQBR29>H2=e=8&m_Jrfy@LJyFM^k`%3qNI@n;ikZk(~KoI9z%Y<`U6|S=XWcaa4yRv>SRtK2D zJ<$D#L|s`wNpPz58vt8b$BA{U-Lmquy<$jksNGU=vc1ZQwa20_`7LK-9#m_lEMWxF zbtC;{zgD=s9-O(1zgcIe_Azu*qWtg*taz)PDSc}d78rdZe( z!BoZ8d@lXCMk}#@*v1SVZ@zZuC zj)UvsWojsM`IG3InnE#dW^D!Ci2k1-OJ~coT(H6%$t!$OnX9C=pzWzwWMXC~z#OMzT(}Mc)ZqpM6&#&h_x_&j`TREhy4m;w zJ@!_8;cR`y?e;IdfVR7@HXcAa{xQ!1rYVdvSF{%fz=XHE9RdOY0ln*QNBixKt@!rpDgbe0 zxljIGPNMMfIxp~O9S}1OIu5^c?_@^PcKvR<_IeDkz1Uv1|Bjfs*MrMXg214or$r3_ z9bG8Ne7fq@KOV!l3DVm!8H}(oztXKD^7lg*IKZ41@isC+%=312fb~9hegQwR^FXyo zi_A94ueM2nQYQf(Grgd;y`8ob(4Ws!;~q?-b)^%Y_;%lM{EOv<_Rma1y7r1tbZw$+ zD}<;d-5vof+9UTq-*NUU`xUdmd2z#jqAiB^eN+)`e{EvzsVy*px%czesQ)2cLP>la ztzq2%wzIMEbOXxU%Jcc3U6xn6$Dpy0_kF^paT$iGx8mDtYoKro(^jG_+ZWbOjN6tG z;I=;kWsLu|CYd9vk_k4%Ih!;WoWg=v*bbDT{Apy z*Zp-yD5Ie%NTDcGswm^SxB<%t9J#MJ@j`>2T7ut1N9ozfogveV4oXR#m@-P}kX9N| zX6V?QEZnTpgMw+!A)x@KADt{gux1Qp*j~4zOrtf_ zKRdyhR$(XX&w$Y0vUKl|6;_=?)YWm?XqG<3@8pH~(3Za2Ek!SVJ)vfz*W2CtUZS4$ zn&^h1XA&Z_DA77pOP$W=8Q#Q4)C1WJBWIRR*K7J}E5+zB#=&u@{w&Ukg!q|77@JDi zsrjFu}b(tFrUmZaetnLLioVso1@_!>3m|3m4#M_2(sRY%ayOGMEL8$W9iO8&yu@FwS zxSY12r2MPw4!ky`RBmXlo|;El$cwQfA%cn##XpVxfkff1Oy7x}hC%AiVgDt))k3_n z#mIs<6?K;-D(*#sX8He^tUUVGzHJ);VJ+n)(C!bb_D9&f0^}6@xrl zL%X8z{zs`vi{Tw=o$FJF$9kQ~eTFWz&iluG{R?`VMGL1A6DoqYYP;TA2MJF&QhDMR(ZX)JC`BRiU7^Xo9KIIhXvd;O#a``Z zH6VI%A~&o2S^9E~M0*8bP12*H{1Bx__dT7Srb}|c{bcy3hIOax94ret*UfLOQ=gfz z&xy{ZxQ{Iq->jso1F9(AgW7!jWvfNZEZtM!V?vZ0R}{1>x3Rc#T&+#5N1FV5-pim>Pnb$gzQqF48OK`(tfL99vQ0R8JpJ6*yjc!MG(b1h7mbDJdq~+a};Nz;PKe$jRtD3;n zi0dnGl~E`kJ@b*LX!jD5gIagl6!DR*#v}Lg@a}e&A`C^o*3O_tGF5HA2NCl?(4@ky zU*t-(uB6$0?(&hvxh@zMfq0x$wD}aJD(xzM#;FmAR3c)R@a+um5(%ZeKfD75Az&kJ zrnrmu{a?3hpuUJ`7GA>oUEkC_<8289hZ7+8gqP1H{aLQcAYi!eZDq}zo3 z6J|AlWT4>pu$??1)49fB9)Q_n$k__~$6i||=;bA1wshyBjPl%3*{|ghs-P67lPqCfTpyHNLtu8}5 z%4%h(f4dRFmt4{FgxwCc&b!p4?qOG(cA`iEiZAZ;_&$rs;~I>oW#&CMcc;HZrnN7U zU|?9llJipzStu6ohW7Jkf{EBT1U&2s1$eImbOQ-lmeT7rC)vr|hNBQQ(7i}WVO%w} z$2_R_@UDJPjzvk##rz%cwKt3Y>vlP)Gm^)H@O)AeD`?+WaLuSV#p!!E5WCb(WE)mf}mM({?POVAfLB9r3q!)V>Ej z9&mLpkL~DG$b#$GbnIVJ^5NM~!h$JfTC{MO;sJNpv9iVH*!58EO`?M5DS5mfs||(; zKqptJL0!&FaXwLc_KBM{a8yn|@17N|Y;_1Oa+g|1ES=&r3~R(*KMMA$^lUrE16C-NQm!gXUX3TMeXc_sJm zwC|H$4$I(tSLV^1SE0|LsnH!K>FcvE&q*Q0;QCa(10ML)s%_`*qJL{*=4%V;j-vc4 zSd)|-5)CIwD;lTFjm@#JLpY}CBee|%;32N+y3st(zzT9y)>h*oT&!}U*;uMogsWinkJ0GM$Zer@|A()}+ z#q{Y^n-~SM1bE%QFKzfibK?-0{KI@zPc@gr;t_mn-=Nuir{7lJ2+l8GDT1v*bgwO) z_y4r%eRDPPg8dP%J@y%u{m1E+3=txfgC9*9$=&lFjqVAz1ThZ&Co2yTxh#HYDDRAB zHun_qb^ri4S`>dd9iiRpCd5RCkYF!-=s8FBo3Pd%Dl51<+1)J37rUh}xpnDS%SP@2 z<(u-=EBl(}TRZ51S^}#)*)bZ)LG3u4;|3!Srf^M?-llJDHHn_@3*7DSl3hBP+BnlN z!VJOf^*2{2BZV;ZE3cAHLL*CC=k{{963t+w#f`Ck1GQ;P#rDu4kXJ65wBTZ2U>l$1 zGl8j7BxX&vpoqON3w8CxV9dJX%b58II{wQQU+I#*(&a~IG@e#2<&GZ>ipKe9(bNE~ z^_Kwp@1KjPCmaepr^TwI;j7xzu|xX_ldKDDsACsfI80gn!t<9eCke@~aj~5jUwzFV zSRF4?l`#i&-gH@6O1ks-^IArIhm-S^reW!*mi!k3GO%2&)KveO4syFSl%P*-q9-t6 zgyie4ItjPY)y-Y8YbhENbPR_9R7er_vdmDLSl;Fq+)(T+0)m#fNOcchLUkJ&i|4$l zXNcia+7&24~p+)T34co}3Jn=Lr zUF(jPwE`#`PwO0oLmY1BvbGVFRe40M?*-gvJA36x%AmK`%J17toljl#i#)7v1;<$B z>1V1Yr?-#n^qW}KTN8#;9zBotI|`?7x=B|)CAjU481Jw*o$Uxk4WM;x& z|EQaSZtz|Tmlvw9UeB&((DU&3+IKyW;8Uh{Bz%SAyNwS~`Ln-E=|;xcOn}r^WVoA? zzfz>8ppsRBsCxw0wAz^_d z&ZnH@JCtONprH5;Z<+CQUPxdi#djvRvosjcSB0)6#Wwqw&Zf2p)Mf*#> zH6xHFa>KlYviJ%k<6kPC7#TVC=I1j>n9}0bXvd5$vMrCO_Q%XMKd$izv$H>Ik9q+W<;EsY)U)LpaeX)-z^XrQ!Hnt zRM^nSojys{mQ_s7HomKe1JqPEAkMULM2OF$ulM6A;yG)PKsiKy+Vgk}SgG4SReu#o za4iKgktSM4Cdz`_-9-tljn+`K@(&k1uZP|}y9&IR9V`#!g1ywK8ZtV=j<9M$X(8gj zPj)%ZEvPnG^h!!6Qufwj&z4_kk7QyFlDl<3Ef@~Ti<~2W$i|*AHbto9RNms1RV327 zU=AwDs9+R{0jqM*kQ&ia=dhF4T%?$>Jr@!9rqKJw+I1WU;ixv$zD#!$%0}?rWt{J9 zCuz_pnBA4buz!{^KP}(}R38-R7zVJ)@)i)bk^x)A+I=4HafVqP01D%HT-aOP(VDEW zcT6akT{!d0ZQi7rGVa#47_A>7ltR~4L18A;Tyq-)wNuN>nZvu5jeS3s^?vpWC7*k9 zKGVeS?w8-h5{YY$lRx20r@sF#Qh&83l`wK?em==vCbW*W)Q>k@BzIw#?FprhFn9HV zKmK{7#_l^2WHJdwKxJ6q8TONy3UnxkXsJu1ViN>UWjru9`q9t;ogCw7^}I?%s;U_Y zwC+#R+O(lcoZYJ7DV^k-A)n(HVRSFrh4(m$Rezz3s=nKCvt6A^!E;%BwCz%t>I&`i zqK`H;Gf7aR3DaQo)|y_Ngomw-S<=kRL~B@rIl?gSNZgn{`22eNJkbrC!|}t4SEGD4 z&bcv4Pz^|*7D8bDDP|5R+?Se@HM)gO^IZKI*v(#g7R*^YOthK(9ery7-F?6}m zYs(p3Lr7*rBM?=lC`Fja?I&$fm3T=o&&Ao=$oWvq$APTafM2hw7p!TK9_hF1XS@FCd#sX5Fw zKj^9Xv3Ayqfu&qw!#YMkZlA*@zsQcl0seF878=Chn5o#O$F++uo-AOScjV%aJAJ9& zwXEtJG3vVAn$Wsd)r;}jN>M`dd40E>QaPFvx)ajZ4}a6gi#kadGFu`aHK=EqLTpwr z4rowEmE;*KV?&^RGak0_i$FakGy;w@CC%FC}AXb--iFO2|+zr z^o}`*fdK(MmicH((`=Qte;6N;hQ06t@Fnw>u9nt^T*s2Z8wVFN?u4uM4noxTgKY_( za?PPGhTgL~m_o|a7%V7?8>)Wpzr0D?bAWnM%c`RD^X#!FiOrtCk(!SGvE}~0Y&tnb)h;b!BvG1ksHDqUi~}zx2UT;i87u>MJh!o82zz(Z1hJrog~Shi|uZEQA|ZB zX)B(FY;H^I#@%j~GAc-ffm{XT>k|6VP@)&o*jf&Uo6TG*;1YsZ|`9o=EY1KgLnJ2bZeu zlBisd)pkwbfQ3!0;<_3bj`W%QVCW_G(fRxKnG8h6FXux+&Ux=7*f(vRY$(=|l5%G=@r5W0}L*@Su3= zW&3LCfJp*CrmK)>bX#APwptu9?ZQ zF%OCq`e`KJ}|;(ANXT&DurFv#wLf9{ad;S=7pj-Ci@&_f#dq z)m#;D?Wr#>T`wE2H{4(2y>BqwMMy;rCs!Pwv>U{;uea| z*d_9C$Aqg$^=;XZ#3}By#$;CpL{KivD@9i6DN&663sn6$tRI3&CwPe>ekP5L=Et(+qkoQt5vlo0i)`9?p+Kp{`h^Hjfqw8<^Ezcl`MfDkagFcdi6i1C{CR5{;|mSAEzRjB%sD zAbC>VUCz8+SQl>M%Py3L7W0dnyRfq+^R}iX66W*(46Y#94fTS^$F&Aom>8nj-?rj8jNkf;iKEy~DSxJ$`7N&Qk+VN%2xjN$Z{#P_dscNn{D+F2`n0GkG? zOJr!Ri}F|;FfB-O0X`vQ&fSt)6!~2|Zp`gH;}G|kK+`7{gVg%8BvA6sgI&RVrfo6$ z7C%PnWKg9Cv80d{qQvO-)m?RKyy6d}I-&HHsk{B2#BAZuQUVsun8+$X-c{0r)V?}% z`EX~Lt7vBQwXC2UX<=S22|5QBdsbcB155g;<+z*9r;*MxN%331+W8<%iuM5np zKH#$JU_TP^cDNdcR~QspEH62(5LvG9oL+K^S;Hccy4xqx3yhUEnK(G|x!X>f+){`K zZVUT#aB3&aHBSMv&10&!+`2=a9l4%?`~ra|hj>2!@}8!%EhB212L&u6JT5#yi^47< zqYt$H)I7xa?^H8alGp@>F5ek@AVoG1@Bnl*EsX|pbiJ;9?bYk33k5Y#H4K0lK0z$O zAd@hLLf2(Ga>rRleCT1zR=b-4h_$b<4c+5*&lNf(ea}bcT$XKB$Cj`Uwf=4=lF^!2 z_eOO~?c7;Abgb*Xa{Ay7TwS&{yXw@GwlmyA{k9?HoN2V|PDm<((O;$h2(Bmxy^%FX zqJF9pmgdbCz?3MFwmEaomd!S=8%Cw+*7%a5jZH?;=aGJb?3WTUoNP~cxO9-POQ&%M zb`@|T5hY8v%2;htZ7u#vZ-1f5X0IJQ&j^{glPspdDVvvStX`1EZo?L^TN?Ufx~BF?`UJt7GoN4wj3U zdm)Q{;Yl>okm7aoV#cQ>7y2z%WD-d*!nCfLqTQI^_cCO5;g;y)I;9Maomr2rrC{8S zUn@aDL+jQg^$-<~iBEuv{33RWJdkCzawi*2$6)7>z8;iWo#A5&zKi}HVCe&_0BsdQ zGkk-%>tbF5E}`DDHV|We^g$zlF?A>p;{N}z+oG~JWWkoHEKp8|J1KZk7{aEX=IvSI|l1jU~h4`e%9 zepmJUqN1tGww)09E47(s>|?w7Ic0&#L!~1D_|jW@-4JtYtmZn8Xoiv*HB5V+Y4<&k zkw6W^+j)jD4tU`E3BGqQ-x4^dT{7ODR6bhpo(SbFSKqRK8}d+7RwEf>9)E8Za@4)f zb9KPtlXsG5&ZR#eMJd>I=$9kqxF$RKpx`5~o?4G@#7bHo_H3bbSs$#3x|I~@*~Oe8o9ib#0A54mV6n`!O%=+mP>e8io6b)LENy{QX0hQqumsApQMkWZu> zZ)wkMzhP4``!SP}f*n!2yc@cHb-Yc(+8|QjnWniS@*p}>ZTln-O@ZIqQtif;8b0}# zdA9hDDVXwuv%FA$Lf~)ZNAMvGm445+jsWi|VP4zo!f>AQZW)UC6!S(VRfc`?lkNn+ zoqp|ux7SV4nikcsWk>hfj7Ra?N5Nd2gJ{v$rpPVbAUcJrie-);8cTG)bdO-hBQkgO z^GGeZc0|R38+}6j9IAFzj$V8M&>I(Ie@0YPQpQ}Eq_XgKZy|`%lmqwN!$Sh*82Gx3 zw^QlUwvtO`Q)D`?n}o?bm*Iz>^fhj0F9s%H2znKMGYNPtVI?UJgO^XJS!hP>h;0Yl zRjl83Is`idy_vj!nxAB!dETJ{Ln=?N=?JsWCx-O=9dtDjGw}KuuFy*4Qzf;TJJk(K z%H>1oP2q-5mqc34e2YGD3N|-iA4oF(1vEV4T!9Gm^3py%2v(MkL?j)t&3dO%dPDBY zs}iah_HKUf)&CnXdfL%_HBDzhDp%msbNVrxqovp`!6k!Ql_rlZ)-K2=s19Zh1%IO# zZ@kyT4*lZcu92&2CYO7d+^P~hPcWEt2v4iQfIui0L^A$|0+|Xsz@T^}5K-)w^yLle zx7|^%RRb6YQ6VdCr85+FE1_zvM{QxD*+U`2wa+7wga1&$>+-3s+tw|8IY>JD3x5&h z0!qlMy%PM|X%7haqX~M^s$-Z1^_BAUU_Z_9d?^fmc(KzIKmEQHBt+ih+$@Oy{v*qR zcJ&G@2p;)v*~ilo96S;n?0lhL7M;;Z=_!KOpv*e5qXLG@QBe}xbMJJ*d+ETNVmXHB zmn!hSc*6$WSnKZl)5`BLTBkF87nk8t65;=7#*@Zww82D6x$m&aZB}(ALOCQK`B8+7 zEDQJxltN8XY}Tx-$ek#&E#+7Asd1~?AW!63z>6^Eh65{c<{Euu+~bawt%(LJu?QIH zkS5Ll^Tg!#dUCnsMFb{}3!sW%)=HOsbKn_@_X7#NpRJVz_aO3=iq)RG>(rhs!dXmL zc~5NLR~;v1b(~L$;Pf2j?V#-_-C~lJ6p~j0)9|ofUR3%jautPExm1mp+@hN|F znv{kJu4A?MT?-ttn|tqE6#<%{ZUtN-9fA|oi&7X%lO>Do&OC*H%*D7mwwI1|B zm9-3<@M5$7w4pJW)x2w^IxdYW`}?U7?YrgmTiS8{YjLlN4s zrOkJV4toNr6fYXyz6e>STp#|shs)6;tvVOP67&AyqO;5XwKF~PEdJGdmG*t}-#NJj zQRSG-A(;7;!Rb3cG1Pr$>wk4hSjfj`CF7+G6wMs5JZIa{^vHg2D|- z#CvW?RKvMA=&oRAm&& z_Ic0W27JvPaN$w(Bxu-eN+E%E3G}sH_$xK_mcoBsXSX@#MBJW&v66Qi680M*Y4~wSa!*LEC(!SStpn7=bWeoBwL3IKGh#3Q`6yoC9yLL;G70TPKs7#)q^FoJ_(zd@uoO7Ue%Xc1A z$4K|}6}?N0mBDQv?dtrV!RtzV_hIQ^F@(tY&)x17yY-AR)3=XYV$_$9ZC}L-0vWJ1 za0@Z&U*`tW2mU1=5|-nZ0}Sr#sb+a}1*y~t=inYx6oQ}uaM}o)gVl#zYj**DZmABR zg+mi21mF4-UaEB=>OyeDdUH~<+~OC%z-VDss+V{QTn|1zKl&VVR(Kmt2yidOfozf) zk|wGpuRTSdXTcMTnBx+?V1BEqk&27o++p`A!+X9UAyDl6wod>qUx7?(JpIkQz6{^7 zEBk-W=*xuN^Q89f;uei|tz&*D*mPgUwPz(Umdlng+r#wkc)OG|o5U7eCr5e6vJEvt zzU6+Rau?)#ly$^3baCnV+nw^eoZ&bxR=JB7l?}A7SqgII#j$zsi4;aI@oxhr%+uFf zs7rDbi$Q$D7~oqxyv}hgNAdKvUiMDFnE{MVAlp|f; ze*V@IFTHE&R=|A;?WWEjPB>MRv;!mpzFZreDG#i^grfF8^R1nuZiA5OrIrN6cWLR1 zbQBuuoa8)d=v*81E6`^~Fbt)`{TvMNl4)i1?p!x;ajx}(1E8rP%KR`jta?kCT;h(3 zpkB*gPR37mkfGf2+O7$Sof^R~6^cn@0{D#*Wy<)E*VW@M7Dm9JH6+!CUGTJ{ru=eR~a#>Szfz>6+PK_ zwK>>fuzC)j=RQ3>P%aAI@K^p&MbY}$Tt}c9r;ROnz_E(ph^(<=NKK0-R;b3w?{|9N zS#nmu45rU~xzyeJ@nhNImQ==6O$Azw1G~$D%y&nJ&&NUvl#Y_weY2p4u{R=?9yVG1AKSMt4d-RH5$U;ZqoyUs+lbC&)D|{c? z!o!(4GLsgc$%-Z|i9%Don)2aBg{yO<_BUDNcr&WrkuD0l&`AFg0Gybe-^_t!EFpK;ze|(_gX5naDICA-Ef@n8CE{v?3=MkekMgu69 zi38F&Yv>h;Cru<^f>L*s)O}0613Nld1Wf;)k*uAatZOHQ-!zFQokd-}=enbTBZ8bW zka{^-`|juQ_s_I}#fDv6ysrE6*Ruj75)NRvDk0Rh_C4T(~j@@})QLY3-ASJy)7H|VK)w=_4U zrwb{+X1Wddl_jhU+;umP2x_oP%vbs=FE}a!%59y>-3U->yr=Fq zqb{AFo+|aC3xj)Z|L2lM>)vIrpVubV8X&d@ae4?~PGkZ-t zwO(0+ZG-0fUX;tZVs9Va{vg-KFh7w;aL8$I5cgq2d5F$wcX9gAt{bo-^gc9Z1Z}j2 zQ{UfvNk+dc4q;k0jz+)^F_ezoujb-QzTrf;lUT`Z6<^g9Q*~07_a)2Ezu?rDxBJW^ z&yX3^lzbMWDFit(vR`#FU7?0r312&CojE_KPnLZ*Y{x!H6!0E*V8nYJE2Bp4O+kY3 zD~udqd-TF)|MNXy&9Q4``R*-6mM}*GxP5G>rPnOyw zMMZq$6t}1xF9IV~%rW7U)}c3H0L4DF^kSV`2?Nnx&?w-0P$)kk5F9;5Y}YEW#0b|b zZK@V5HX3C!dN_h!h|*buB*x$}$leAYP^mh~`5Tqdx<%D4^oGNnok!1^(>HQYA4YR< zjAnFAXOPMguqoa<9b3?FNA)9~Jol!T#qxt?b#(YSj>?Z^+k-PF`RA#;QMjPColgCs zebEYv96f>uZNs`wA3J^R14*SHP_Xd0s+&3V8uQhiroA$&(88hZ!;Jsb9qPxdrcgyy zdN#)?GskVSR&@) z=duQD1(#mh?S;}-6l`wLkHKo#K?cL{1Q_hruFu~b5d}uRr$?-=&V&jHvL!X;`Wr`l zg-^j5cKY32CG%a==14f|1{v`a_myF`;C)9O+1R1wwh+GHV>}V&Vh^hMgTR`rHVB8x zk}*xykzY;(&NYDcFMvu|3Bo_tu!ce-Dy=((2PG!sEd6kcUjiz})PI5?Cet!%Hi^PH zq?n)NTyD*_<^J9-sj+0)I{vM%#L)NJ`b?_p0-@v?Xrv&$Wk73zuD?Ngw;6QHpmp6P zP-mKg6d$@(32ss~H9~#mSCc?~Pa2q~4AKA}|C&3mJxa1OCUh0V-w*q58rg^|QbI(z z;+C=SVZHHZTc4-ze@4DTe&#!x&XVk4KqTV3mHhe9#n~Z{@OFR_XzawrAX7Ppaeay# zkjbu5nbxU{ZrM~Y>rat4W>n?5cUnotaOi#VCUe9;iSJ zEaw-XO8AtJf->3Tq%|C=igQ?a#j$rwVD?EF;-c=>$G49FiJwnsDBdrhH<}wHfc@|| zOnsIm+$Hsl1f&E@@Kv9GdD2F$j8bdRB*zFW%6*>h3N-30nT^%gQOLBaQ135!ad20C zb8G3mr<&9NO&dGZ*iG<)HXe7xLR`^_5mV1gF6>RH2sfY)-1vXb>&rN>p@SvxS(v2G znHc3}e(9Dwz((RHj>NF1`^bZ!{>RTYal3Z|rU|Y) zl#&}-Z^XTTiBl0bPHEu-y)jS+phNu;bY-`#_XgVj2iOF?@ZE&*eJyu4oPGcS^j{4w zU)@0$H?(jTte)}ZHC!Og=PX{gTOs>G6l^*UJt982z$XghTdPpN3w%nxj9B;;54#Y6 zXNxY5?LeD32KFM>ifZqPcDUe-Q@6wYWQc7Dmm__FC?x$g)ZT1?fZQ1of4;h8=e83S z;@Sf2QoV0=ZF$LKdG{7iZ~EZEa&=5No}#(b5)S4{N(RVJMT#cZs`cLp#ff3-J|)!a zg8D1Z;^xWkICNQb0#P2H59McfqnjSDC;V;XvH3+A-!;a(F_Ox!sNVB*mp?Cf8=(bw zC!9*B#!qX*@hh=J^s}L>sdntkvX(gucCPiJNzk#64Hm@d4e}Ljtz%>wn*)q0xKMz) zXbYsu>G`X3@Y-MZ`v*(9Iie{Ox&gLoZxLPTcLA5_pJ}*#3a`C!AH$#ZIeAx_-!B^- zyBrmr1^Dp?!bzUe@)yG~a-0=v%#3c0I#Or9z(fe!+?dMa##4`9&DuW1dGy1D9+80& z9uEdwExMQD3DHxmU~~7NI@3gDMv@U1++#b=i~&|#zk@qV0|Sik-WA*)!f-9DMoj;I zp}dt+j{L6GRU85OkU|rPU&Iisc`SGXnn>&uw*iDods`j^_n?ulu-BdG$$&Od(aQk)TL9JvPz`KT5uB8Z7|J?*iB{m}yfuXnxfO@YdivX;!t4qQM*zAY{yPVQ zu1z^vD4(mZ%F-9o+tPESoyRi_ylYll4XN!-;%2a75M!IvLAVU;`ivP*+ITS=bgT@_ zl4$@Yk{r217zj5RQh9R4mF)*rN*Dkp7N8=0#jv{b@LJGJoO6zHRUc*=_~PN7z7LuX z{_;5RxAb`s>B_6;3XG`(&D?>cE(+SBeBXGOi$HmCdBvY?jm>TWQXt2J&dvBTi<)W% z*ojLWR?AvUUQqCg)Coznt$Vb6&yHC{2+QXP)k(k~(~E8K@0;o6^Us|Tx7*k8g{`)k z9YRh2&$$h$vluJM8nk;_jOy(0mP@hq+sHdJL*GE-4bs3cb9Y}tzac$iWEoY(8f#sG zC4!-fN$R2IrG9njZ^2rqC-`-_AO04`l|1T8+-c|qYAQJo)Prsmu~`#kMl;W9UAb8O zWqI@GvmkqomZp27)2he?OH{Jrp~?_r;4zw@{Qemwo{e)v_Fr$sjgNihHUHB7Vz>Q{ z__IId+mQIsxNMK%xE!p}EdwqxyhuK3vbeuRS!9KW28U2Q3qPkuVK+pg+TG7EeFN63 zWNASVll8zWs4s_dHSo=|Wv%jH-MYDt1`k0ZihBlWo+$zYL63BxmHqs!0dD->qY<8L zyBG>H39ge0-W!RJ@dfyC{O6)5|D@H$vBX~Er(z&Y{E|jrnO-|^^k{AkvY3p$1%kr! z&Ns3O`dHM}LIcBwDMwhn9A}<@ zL5^OPf_$E1X3x)*`F!h2ip(c$OQfLic-SHGb~0n)<-;OtSI1d3H ztv9u&pj!QjrvRWki@pZLEeiwIt~`_{23Fy9jri8~-&>9Lp!=2-E7mK%rT$d|iBGA2 zJ1d>NBWV1l(0TB^3fnEZBK{=8XbSkjUx(a!1RFUM_+@9al&oE5vtd=E3i$Hog3PfV z*45%m-R8CSmnHoDsmf(51tDxl+yyf@>-xK|5-b&tzISC*cm%A`aaxwnqzci=vLZL{;OF)654t!)I>&oK8o<8*_5Wkl0Ab$)t<7?sdlYXUBuOZkf;3ZZ}2mQhPY{ zkzJx&9;$r~Rd-Oo2rJ?6WMOZl8xijVUmLknen3d6paKkqY>;5n)dO(-;Hh|`eP4ZR zU0j#y&weE~#l#1{ZKfIV++JdcfZ_)W>tBRzx*ug*Q&V`e;^6k4g71JS7xk=H16GF% zaJk_JkMH$4fv=R;W#!Fup+FYgkkm;!87iEvg#*E>N9*Z7NmmmL?nQq;bYcZ{gxWL? zp2~M~*rOt=BtOsMd`@)`r6cwR(`Lk2FWICzm<4Gh{O&cbLR-?woh)fa*R@ zbgwvu@^YIfNYrSgezw$(ZnbqwfKIKIb6taK+y6^R!081DoRYS=s+r{$Ie&!~WkQ8#@mN4;MQdHxCCXD?0#ZK$yQ98#@;mDeM2Ell~vT?azO+ z{kIjf{{m}=|Kqy<$}BAYPjvq0Fs!8iJO94~Br&jHkvaaqz#uOD-XspBn{K}^dy7}> z^2z$|`?&@)s^g~VO(gF(1&7vWZ*3prmIFZ%GoW`}dwaJ33{2_6 z4!n<_fVHFpA#!p0M`-))?c2^~)e80lh%kW<)ITcr$S2!3coI<3SqPeWD19IqH7F+p z&c(fy#(-E7bU}dk>xO<5 zp%tp|-gq}!`SdXC-jKQzC4~;W>`S(Ey3abB&NUOg;=-;txDCe<3>)G`HZUdEDX3sM z=!6Z-C%5Y~+i+FWr(dx49?^gHwyM#l4vT?FTzqH@K<|=<8<$0`Q0&4^!mS4nW7MC$ z8M?5Lw;eqh&~_j2?(aVN+*RK|g$S684q)FE?x2)F>TbSVl@dt{K~2bnG!{#z68ml7TkXf&9i#s^2v`-Tm~A6bV(OjkoLe zTw}9Utt(=rKm!~#7`cGN$mrWarC5VY38Nxpp10odK+~tP)6>eb6(>xx{w3k6x&3{9yQAf-5RutVeMdp=guK zLb0|eDonBM1b#p_dyh?5N_KTeIPpn66cuW)P(*MniaA%4NIeI_4c5>$10K|%pAvBu zC1CPhsLm@Frg~sWTkai4gOt?xGDg~N=LgaqT1+cOHKI5fHWyr~*yYTH7~G>CSA}y> zuHdN=;gkkhrHu+9Rpw&gH9Xry)5C?zezmoGyn|L^rY4dOSG0lk&hUlVKPqa`z&4yw zMO)Dt{@oIxVJD(5!^8?IMc|9m!ia$PHqaumC$3Q=A}pQ`xdd86qvHMkSeL>ajJ5P@ zgDT5_33{36%S`FJ2FHe~yI?hGa1@^j(h6G*N^2?cUv2vOb}OGd^Du7LTiG9ZhM|+U zKVz%vVf=OERBsP!$C`*KzDbUTab9@ogoe|Z5ovL_zS1a0qSl}ZaTz|KVF)d(^68JF zyLI-;%L#+^6u0xR_-M%vu30y_k+LiU85pt^GQ zs~B~mod~rO63xK21HY#4@eM?7#ByaP2VW*A%u*IvCZ6wm0fMV z0dp&gq06`X>)BK(d-0vOfsY!ADVEI)=Cr_F7B|I72~~Y()~!F|$~@dz94s$~?}`SK z_bcn~_6Aem*igk&tItj(bkJWR7Zdl-2I~*SUQIpjnx__~B_^8*W(R=aLJz^3Sh1Dx zrFbZ5EUY2HU)*d7h^&Ey3iw6ug-Zg!>K%EgF}Ku#3VaAnK(~H%#>E9ST#SCXEzQwb z7+G-lqBBOD6m9~Cr##897JT{N-9^k?_3l3KBd|U1_9gH&>$M|ne=8qR?4U7DllCAG z>PG~DDA}G6eEk+_m_AW3qYocm%{mrmdIa04s)IWX?G4LpAL~jS1r3Jy3BN4IcX8TVF0nCZQG9(``5OE z);;WIPRDFw)c~7W*U5lrecCN*8*-p2-Ut^Du5oNq3AUFY&|6%*j;{?6X}edH;xUANB&8@X*CmTWAry~tEA zE2PmQyke4|kw~YJH$UwP8v%mCT2;sr%K@wfvo_f0Rx@~;X@XwQYOUE!X=wW!;+%~F zp<_(pnCzC=GwLj%s9Mt8U|rH=z@r!CdX?Cd7j>a)u#HBgsGtk$b+Sq81PX6$LE#hK zBx4T-78ZBmmT$+gDUTFuMJo705c4M_!3CrlRij3G#C$^gi{0bnAIj?+wd!TsZlI?T zvT%e^eW>v^j2r{oX-;tTjMZ;|dV!#DnVz+fc}AKl4oLuW052oNXyEy@Tx4ykR;`um zTV|`)H`fr9+8ui^7G58ukhdpqk%cfSUE5s8oHcN#Da+W4nK8O>9RWCKRZ7-LLCvcR?Ci%T}g4(darZB)&O^STLR-5UfXzC zyCfL`#uS^3xNH%^x1+E}%}DuW&7!9mQs3IZ^7{c0zZS6&v1AmqRwEsc_5e2zm`;H^%0zC{P4(LS*DlJ`JlzO%o;9shzbeRI>6}U#s zBT}O!`0#qrL0tU$YdO@ljm^ttWDVl&N+t1H*KQJ9D4APcSOH$|Hg+pI=gQY#GZE0! zAeiGuy$>W?*m-6finQk1UQ`64gx&RS+_YtNqlcMcQ_Nqgj{s4bg-e??5Gjyqp+JAc zd;25gj$BmKNUnuMQlu0hyVvwO1LQGqN@%GN-Bs&FXaNyLR%Y=^C@BJ`aj!Q?;(lNa;a2IA zNbF&6V9Q}9o8|>}Y-_zxNQDakbvghjHCRo=vc>m6F7B)}JK%yO8?@{Xe>y!e`hkeQ zjT!W}xvN|^G zXniDES*xvY%ve3-ik?|HON zuClB7N~`Bld+ddSSn=J1$UvvshHRLoqqHD`q=95iHm+x4+6 z#t^J;!lyy1ijG&gDkcA@9g>wP>GnFJ|C?(s^Q|uP!~kpT-`e+pmoaWnv4BZJT4GCa zi4HCdK)`m6n3o*4F?x#9PH$kRrIH=@9&ZpglsZHmhrl=jCkEVqI+9hRM>SZ6yrFGx zLvb2&){aY6xmYF=;z+)w-%Azq_bUdRmzxOZJ!)>HEC>uZtNGnKmJNA>8$`s25lZ8^ z4Pj0SsJ_0Q(iv5PwlS95L2}4S&jxnBRDDUO2WctyO1ud}XBQ7LT4|Au+Dj>v0Jef; zh&x2e;r*;AD~`KS(Z)*>8hFm6(o3LTla->_HEe`}XiWP$6?DR&l%NQN9dw9r!rq&* zM+o3bZopUK3OC%uZD1qxy02wsvARygnWeLymz6T*L6w@QdQD}$l3VMQA%z}8b>wU<@SN}4LxB{1e;Ghiq>q?q1? z1%G@dHbE*vF(U<4H$ZJ|yin7r_v}<90>tH${kE|PTeSH)F^wMFWp7Io?J$`WTT>&T== z1v};d*#MrvGDl*ojw5mA0gsQGtE?)LIzU_^t`8oB8V|x%s@}O$rv-K=rO~wduSL$p1&!AT2-)>OA!& zNzW>QbtE=3MaJ6Z1}!^4QA2rUj1_Ap)INZFHZwLxmU=x!XL0c1OyLQST@_F5jCOCN zi%fA|)0P;5FqU);*0d(5B>+?!h0!^&O&4CCg1v*r=Q8^C1 zi> z0NJeToszbExpT9I9X2^HPSnvxy3koGWk7*-xvEFGYGT#t$$K_;Ai7!geYR-z$~K&}j`pTe(d_?uhC_NEaHsEOm_h)Z%j zv<&2;9ajujabD*EG_Xb;J7wHNG>}7`syigKRU~N0sJk(3=W<36pMb^mREj?6F{}@) z!k0F?`NKRp`>*4p^V5UZAEbKkiRzea|5XK9WXS$&V{2n!|MeWt35zR{+ol7Of|8hF zSLhC!7BE&7wvsXZM0x{|67L%-t&yRAm8KsyD?JcW-6)Gt@Anq#?vM6l*T3&IBOA>w zp41Zj5%#}pwT*@S?{hra`G3E2aC8p;?Vp}Kp#|_1`VW)7nVQsbnWkn;fw#Y@Z6k-z^$bW+^2@-D6N}FL zSexYEuj;xBQUHWubIJM_gjZCrqC(FG0mTK`FTfgQ3r^$^9lAD3CFmxTtRuP5;t!_!|pvgu%h8CWJ*v9Cpo~gOP} zCuQHeR`fdtNNB6y$by5^luRIa)YzVd?c^4y+p0JST2>}Y!-d~IWYl>3-||ck;d?DN zh_N#}eNrpcsRPOhBrb0MRv_%G1ETb@TPti(7;a!66rJ~5>1wg@u1T|qa2-pXESIN4m&0%@D8P4Bl1?zujzpe zzjvZ=(8rTpT_@Tm;LE2kjgpJ!8J{fuSH>@2UjExy_F1XQbCP=90=B(2)(b*#9H20$^|?x>=b8&&U0nl~Qw-Kb|r*KVSXeMZ#vuKJlltl)9Cn>A%|@A_dZkG!w)=A2g~Vhx=H ztAq5I4@1Z#0_AwL?jv|iP&>_=R3uTXvys2bo?deu|1+Pu>KE~`)#+EGJ?E+h&O=VUpa zYXxos5^7M{sHlP(&n9Ie<5O{Te7=8H_-W_#2!z_4C6Tf`V2e&18@q{TP&j(Pdx8ib zl=Ci=9*#@i(v!+c|I|d>hS9Zj64jDBnu&tUFYJzuXHql{b?c4_*5Gf9j>WMhy?#u? zOmexFijgq}plsWqGK{t%bpc1cfb=}bsYb4UpW3IUwHet6SIF*^Y*qoh2V(tgkoHO| zi~O*4O;km;v#xtYHeRSUAvWI)ZoDWA*tmKC&F~3L6hoXC1C}<49d!7F`qcep0Bt7# zWG!~0IDI@pe7ApCk;k~$c(m}oA)jFU%D%^JV}^|(KNqz1t$iaCRo(CfX5N(*N|djh zC`O4g=j;GT3#JF1O+Tc4vS|dP?Xmb&9W`5k@f9~|5!O;p%c)$MCbd_TEcInLxKvE5 zz?x)XZ^NKCbOegNU2)D&4gJc~6H)DcuJty0z02tf+`H7!lLj7oynkn-Hmy*&y1I%6 z&HKUzsDxL!n(_w|7Az8>;4Ug z34fJF48jQOok|~eCIpZf5A0`obIf?aWScWCt-*PbmEXILXOA8tGlv{11)X7}&Lj%?$J z=^1z>Q55rw_tG$njqc?tVy$_|(Fvl|5Gbv_6pIqRq5iF8wL&yIL*o>m!zW+@ zYRc^vs(CpEg=a2q3$3Qx1E28w*7Z7F_8a1XEg9Aqu=jLm2BV5kzE)_CW(W6dt7m0A z|7yTOQ+qOT6|iOKcWcB0P@lxNSRJaezAFlcEmloZixmS(WouEc=vT(Ny&|KpzCL}B zt`4aaA&g%J0g1anA3_P@hGQd$^gJPL1@t&@eHp<*JEf$Sd^BO6OSV&2(sdXcwC|At z-xW6a3g`QZTqCa}BzYbJg95lkIUx)39%#6ipRW`&seoca+3^+ZVW)u!AddzHP8A`0 zlVSJ}OO#7BLzY93LlA%6Q({Y;bzy9YagL?sGxXeP5evBN zLWZx2_d^b`vJJ%8E;Q zU7OMd$rd_?MiEQ)k?gU{VuuK8Ka_!ZD&P)U2A&&ovgMkmTFrIgJCv z1k9VZn2m-KFn&oX<}SdP#-5aWnQ?LjMMWqEh*iZ^m<$dRMdLh-9+XWZ$x%pC2stSX zl60G*BEA<~Gwv%OltOHvbYr7BJ<;ei6HT5d0KD$mG;D-~nhFGZZCT%nk*7E3MCEl0<+Kv{vwRw{`oygC~+ zL1s$^gsOPPj2sY5Ei>s&7bzd$=4u9ZN(2>{9f|~qjkkT+rr5POb&`=jGKZ=cu`%Cj zNQ!D>FqVK(n#`K|9&dzt7?*)6=oh&VVOw8GNA_V9D6Nk|slm=g1lh@wq=OtO%Cz#~ z6i9o&+5vk~K}YYE`&9~@bWEsJvi6kTID z$PVQXS==~5mMD%%ZB4;s0Jf!F5|NNPUVNRAf#VkN?7-2-QqYHij*#_b-YHeLv3=cv zj%ZZctX6>|3n-QxY0%@$o@*PV3CE0eJj1 z{XwVf5gRI{4mM%K_8Hm2z!Yf#*>L+`m7P5z1}e}_nY16&uq`iNW{I|T_sn<(l8!jW z%-rhmj+$)fQP|@h!;~{|WCW5t1fEXlf(;ephFD7-@J8{9P_1$@llfH`9L%pn;%FIG zXU4`xNrR+I*h)Ogf9gsfW=<3bdnVa8eUZe@`vVnzGwrnkto6L8hR}K>8GKRe6;j7t zN&k_V#pY(`p9B0T!w(u69fNc{OUQg6^MuT;CLE?JNTmB>Ui}88x}M`eCYo;pY?BigG@&_ixW;b!bp^g+sB zv5umeMukI>tE(_Qi&%yTcy@MZ7RpICC{MA|WGro;R6kUEDd6a+HWOg_nrYN%t%+dA#4WO@n)b{ zrDSuk!Xqt%7>wtw?MbzR>JYLRQshYRsH=lGn+3mCRUjlw)3Z@bflnb0QpD;}4p&TT z6Lvti=c0rOosePxjT4`p42OS|$3+1}a<$VnK|IY+WI%OZl*a1H5?1MIN9gAzMugBS zeX>NSt;qV~%5D4Z9kIP`5Dq$Bd5VUN4Ock-T;%3d7$+%jO{ zVXuVg!_QYz3m1i9ay9n!XefA5snWZzw7OU-(` z_`s(7qEyEOqj4svNyi^~<^PD2dSpy70*~lP?YU-;i~wsCl_!6mzlyssvKkQuQw>p; zb|W;hglSO>u)wX>60ea9X0@YeySJJKLsJ zd62?es$#G;2!z>P8T7NQLK4eJdg`!)*mzhhcx-~Kp~N(K3NgIj@-c)$PZ|t-0|q*d zQAH(Vd(&4-oJ5G8AP%4^rb9b$wOp%aH6QiTGiuN0QI*T85Mfyr_$uF0<$fX6in1|; z;Usi7-PE~vRSM!V_Jt*W0M5_#iAeR)$GtW1?FfTQ`bsfNf+}#VLrT4CD!MBFmYZIu zhps5{)z!zjIw|h;^>3O^{Wb`6c+oVsG}zDuZj8!KcJ|HR435Uj4?FDET^4W9|0HE~ zaDdq&K(UHL3yDLN;X(p1snGA<0Y;%jG37kyjHMOD8FKVzQA!=POFS)x4hx}r7#x_a z#xv+g{5!}PWZ#jxXA2L=Oe)e#aU?6EswgEWZEU{SG{gC-kPm?hpdi1EIDGm7hbJV( zs1fLdWC$enW;q=$o1BnQ4wDCJJT}v?!XMgyE;1Y8euy>NR4jwHq zX$GuZCKZAB`?|oG*DH)u@)iKIzP+P25~gI8QqopKqJyV^vgIJeP^c1|h@CXz5$-na z5D8c=kg&}$ql}n!DT^Z$hGHhF{jYQhWG}aIRkTe<wC!`@B}hTVccq@2x^X4xl3jB!<#aJ-cVgFRRMrTTu9F%utk{iYx!G zfcyc<+!=!wVsd~kxqUJ@;4>f6yy-Z{?BJuke76|zI}__f!&E*J|cj+NeCR{8wzruF9o8tlHLq;$07pxr9B=NkNIRB8zj&5#P>ix-2ZE1Yin`;^Rqnp z`Bw(+Pg%#K{Qnm7|13{-{*~_e%g_JX;{MNPdB)AZ6nmZo4<0`MTU(op_5Uo-wE0JI z*K(ugJatU=|HaFGYuWj)*Ve0>3;*Bec$P#Ovk5O(O9McGG((j zuL|hc9K*Fu1ooh2sB?#Ljga4`H^Bh(paw+lv?k~r(;JZi_Mm1A`jaO^exKe11JDc& z(1%0~HZ{yvpZhwl@)1BDR5hFCj;or!POn-6c~I4?J04dxeVtyl2J)b)$06Q`9MhZd z0L0@HkOtrPrK>hmM^u+DG`R{sF-)76R+IlSqN-7aXR3}2dWWi_)bZ8mLNiq%?X>cB zaPs&{(qiLl>Gf>Xwi9Unor9NV7zf0#$ANF@TLw@z(|AzwR_9lI#V`Zpv{yAM=Er05 z(?MCLKy`dQUVKgV4}6}Bg)%AGrVnMF09Id{D1qwtJjhJOaRB+uyg@FN4da>#~`~f>H;51WCQGILO*ECd1F@REZ)($>X?6 zj03K{Yv7CeodITM7z+fA2I55OLDIJ@piHK*p!`9{3-E>RSVC}_lq|@h%#*=pL5=}8 z8>l#i6K9EnN*qrL`ca5Bm>_y7w4!oDsoBPjEHu3ebMG8Z9aF_D8!o$lG1R;JJfORY zYb5LCrGYd?W8hHc$zZjAnFgy;Mu0Ulj{}R*;se?v`Bw%^`f+@5eM>xnP;WUfW~T9= z`e9~+$|U3f=CV$L8Ov3veh)#4r!3pZjoqXXcrBN~sJ9#-Gt*d5{T_@$6HUMfhs^gZ zxLn3@0OM|W>kNRWM~gq|4CWb5%>W-=XlxaDy}GPqZwQKBurG_m3LF|c&wVYc##piBp@zZQo{TO#aL^EB!nUg1G^W+^1&Qp;SEAGJg^I4;Hy8 zJE8a;mc%N1Ap91Xa_UVk1(m?&uF zS9mTFX9>3YFj;9%ALP%RQd%ZXP)Qq+71I(@T%Mp@pIeii4L6A2vnd&P!9RISOMom~5_b`;56gjDnjs&DbG6uilt2q`|NF zU8dxeulZb4;H5fZ{W=QZG~MtRZSMH>@Ej^W0;=D}DD|d;8qySw*Ao5#G>|&%4yh^l zcTPc(X83$cm?zhkd?ww_lkmw;qV1fbgqg6EvYPohl=nk{k5n@}1>9=nq{;FFSz*<1P=(Khn$i+nh7;cLZ2^38y~7t0SF+5$e2t!b@Uq zPvIpotFJIN7@r5Y3uBR|@EBea^ZN`hi6`?KUJ_5?H@qaKcn&WW3LKFuRw21o_2nTd zMnfYPvkRck5QVCs19*sS(-UD;Tzi4j2;1A@LT?hQ#%6H2s-k>sQ}hQDj&eho2Z;7T zFo2xVy#%X(K^^yQTU7q{U(Pp`2_P~~2NU2}Ur&HC$pv7Z4k|x}ncFpEcoee=v}zpz zANpeZjU?O_U)?Utn9CG4YGp!mCpr>5dT=NB20STDZE^jiP^I<$6Tr+F+AzX!{L$?h zWf?xtR1KMdPuqJr(7ARN;p>;mm|9ke6Sm~6$@Wt;JZJp<*nu_m_S1$S4H`6NJxzW~hDVpsUJadm5Ir4mjaU-nRRZ*TYDT{1*2R_4zk?lFOfv zIAJN|4t=IA1ndL-xaf7AOL`-QzcOLGhmKa}8K;{5kHp2hj^ z;{5kde*OzTYzO3kZFM5Kt*Icxp9W! zDpkr{vZi6wKf8kJXIC5p=AZU^bcJF@Kc#P>oJU`8*x%1}1Tml9KWlJ5RUxcwa3j2h zAqtybFhPPDX=guAU!UfXf~?_95UQ(Wqj&km_2{N0{Npv=+Wh^CYP{2%-shUL(F$Qb zaR+><>!fx(mr8c3Hg@8en->_*1L2X~d>V!G!(oR=zf#i6mjh=sVoY`>ZBxtta=yQ) zmS0}}PXE$BE0Z>^C(!iGtD}1wec{}#n6v&TRr6(R^5@nWN?*TuRrmUC;`z?)M)(WN zr6y8$^gUYJwa~fEt52Fi8B?I!+#AxPaho`G#k1$W!65Kw>9O~vMer~BjK2Rxj{f|r zA9|+fe`*_>>qGJXH|h)h&vQIu^*PH!3Y`@*>+m&Y-)8S4qwIV~9jlbKwrPWQG$k0aCmQ*40e|8w>!2--_`WAUuPC29 z_BTU6yaM@q6-M79{-xKv`HZ3enHyg}um4xIw!XPF;3Dle~_cYLCn67Uu==y@LKOtRr@7xv&0qXKyL_|rP_ zw=I4X+uLvO%5(P)hUfcbX&~t}k@}TZ#3zGbLlM+EBE`0%K_E{Mmbc;e${&h^&-G;K zzr3G2dQSh}Y8^fg(f|6^g8o0pGyeSdMB>8Y{C7e7zdY?T;ZsUe2ipT@No}0LLNzoENVc;hiIJsrQ zpthtFydA(QfFd!DZdwUU4I!6@Q7*A{0P6-F5*(aHFAja`oIpPVY%0KDZ5zDU2|)*r zC9(cUe9n@1XSc4QYiNf=ZpLy__iQ_Yqibj4jmK!jNXTsEqv`@lsf7d;2i#SmbB&?YCt&RPn(+Kpjxo zRi@Mx;(-E)H1=ZYw@e-8S^B3-M7aR4Ahp{gtU@G)VHRxbNVsK-_8=KVm`1)tmTbjU z*0}FV#NBY}^r2&8cmcQ<>CcdMhekGe3gzk5rDEJhBQg ztpciz;F66HYqHb`*aaDJE#<2-nJ`7^@!8HG2Sg>$$cGPiF*U=IZPjRtN~2X#G>~4< z6mv*ApM`*+ zn)|_P=<}}8@oRHhV<#<3EITLSDkLSS_?;p=|1N;v?u+t?DE;pw7|R#pU&-a~e_JU{ zS>Jyi^i4?uRs56$=gFxJEPy}k5T|Y9;mw$vai#{lsK^&-3@|dI_F|Fmk{o;{`9G`w z@x5kbqy2Y<;)emd@DwIsQ|-U1`TIYr>l?L&{^vO!Q+C9)a0Ws24jWaX`Uqs&UgL%}_N7a-nDo*p z`I8>f&TY(=SL9;?mu4%MjoJU88pcH(o~>RaUgJj748S>VL`#>mHd_v4$?n;|!VJt_ z40;^j$BEl3%kDj(ELRz~(Afla{|~Ize{_|R>vZkpLDivW$;_D_f-v|LK?=!D+$Yt! z;sdIkgfC{aa>5trkysk%l`|fU3RXS`3>~Z7fFXT(#+S(iCpQaPUym;}DH!=29iY&{ zM)|L9e-mb0aFF;W79ATG+<-ZyV-o^_&j&@wp#ZG#`-ram6Vj>EnuW$n6J|nSyqJ|RE8k?wkLSvdsB%PT>zS(`70P;!-Va5xo*9d?p`@Rn3Avcm zvp2*Do{`(yhGJz**x!a?PMcF=hM1lO0>;XibxMtZ(z6!P;WXwLb{#*OV5s;x4~Jrg zkDj&tL*b&wwP9(dM#zBC1Y|fE^t8qp@jxCxdQ?E@IWR64N8}-u=L2Xwq--`q^AI!0 z0huQ>TL)yG1NrjtnCAecB2LUqFVIw2qDt0Xa%w>xba_@h&jwkZy@fie@&k*^HI73; zlxObcP{8B|l)Ss2y^om)Cl4&90-HPlO&(Ye2T6XwN;K3ev)5sSN10=?RS@I{RIH*N z&r_=r^f*U%GBJ*qCImU2K$wPu9M92KBgXMOP{xKho)0KTTbXs4WumJ*xX`sb`x4dR zQ|9TO8L@cwnzJE_A6kxL63<*n1tB(jIVS4xco-ZcCeLM#&o4s^r>xTWtQ<*r)|nnl z8o#vG{^_3d{3njPP8m9k$YmY`&0hze`)q8CJ^!cklHB>vT5bI=Vq^ZQr$7JU=RafS zADuY7P7p@!6Vx%?|2H51xmw%USe*Yo$Fn3(1_{|N#uZ?DfLjge9(Zy}NDamr7s%W^ z^{Szhmq8y5qR_x>3H?Iit{q7WeY9{z72qJiSf;?*kcZ8o7ijP>@(H`)l$JzExloW& zpZp+>&jj!~K-|&#o!Tgt3QHrOg0*+nID^K!g#!>PzApq}chI+BA1S!qq&w&}W6Nn4 z&h;;JT-iB0GXNH>7`ETC3>>^9_V*6Xk5A9CRTloW^mW04|Gxge!q--OdtsMksD#M{lXyNdydp8|5+aeIp-|9qB5Ibq>hLA+h5pk;N(?ZxQFS^|=R?`2GIlUG2QKMwF- zPKh#Q6J-ho$R$e1IF{0%xP6os6y}fnOkV%AP0n4%l=Z)kFM0WIqqUGy>@g8WkD_!x(QSfEjbZUoikJG~8$anu_Tv5h2C$8jQfY ziG&Qw7?!p@xKkrzw8N{tV4SHUCUIY@MpX=+%G6{9tq|CA`yRWg;ipKAn7qM>3Xkh) z<8>>b32NZsaN|5Oypfx3-awn?kTJZX|<4}MGNPVFy=k;MM3HCQ?$eo|E z%4su~3iN10wROxofjJw6?`9ENHMlUV8Axi$)YGvv@d108O->h!QK>?dYMNay9%J;? z%IVmNd&@Iupn@&|*Z|8-4S8<4)rO``7BCQSs2;+vmoHUayhL&S3`A5@HbiVj(U{Rg zJv2x%m5q1@5|201wW*gfy%Uvyc3L%q7;9{&rI}807IlcWyigxwAB0OxTT^hD+Td*J z#f_^tOYu0RmNqa$kFfAaQci?Qk#f0UakZusMTszSk*k+-Zi$!OJNQ>c9T}IY2RzX5 zR}(s=Z<*;?!1P^@ZAvw`57rtIpn4Xttkf*Y;|qhUs?rl|%&tMEC7Ksb4tLJq9G|{F zla7;x!ruPL{?Xq4(eA-MCL-l5q;z$`uKx!;WBC8;z-zltm=TL0SN3&eH+*Az1Tnc@uIYQc(8wT-Z1Zmf;0>#x!!{ za%%;nH?E7k_7@mSZM22K%DQgk0^3PPQWz(%9k~<*t<|-oj=PE{!gg?vk^fL2zT-z63P{42M6CE<6 z_=vJa=mD;(Ak;Uj1EHcDf1sSL5dvSNw2)ei` zVoa1lE1@41JQxSr3?bm*I`!2xf?#4_q3L7=m&hT)dc|#*qXnit!Nd1K6hM_6Bhm?B z$W{wbBc39wbN6djYGNrkCW5=GYnN(ICy^oObMhN9PJ){*gH6SD_%pnqhrA313+Q`dVVahLNmnW z8}WYsboU*+?z}!YJUIV(RlGSkKLVHq5Rt@=IN3QpKiK_nxN|B_KAfH$pY22SdjR(6 z;ONaM)Uy8`I3Wvag*37MBfN;ScRPoNRMpN0X#FX*Z}<4*=hK6?@6N@$mGu+p@R6 za|p1`u*YU*Yau57J3M3df8~K;q4sdzI;QOZwd&fC{ny6U=3@VUj_0?65Ji;#irb=S zqCjyKzZjQ#V+I)~3wLRd7+X;o!+s$h+(m4Yp%=z71VGEq3WM;&0Bx2taQF+F*(PM{ zf@!_8!)lwIR>GjSRM-9-IYz0@i(w{sA;V6;K(pGgUC-O1GfBu8|$>frv-igPk6@A zf63KaarX)8m?r<%*6Ks@|Kk3i=XsX?T4{PgrAc?_GGP^Na3cVeKx@CEK_JRyL3-dc zA~PECl8LV?Omq>&V~h`96y;D@R>czKAAeksk3YpTX8oV;@9e$bw|dS~)G=NEKXm`^ zdUc`yd6p+*!uQH}3WYt23mJ1@eaI$MwlCf0#q)H}nDwtNf_;)Y9<2YbZEb8;7yAF_ zc&5z%lUxKpP5)n88@m5-V{!k}^E`GyvHBW=<{(H0ua-;vqaNQHn4_le>KNaH$P+~w-m>4fE#Dplt#03TD8wa~sc@MJS6`H7 zeNvN;I`AT1zv9IJRhj|z`eA?`YT|+v6h#imc#?S;4h2~D&hM{883(6cw4BBee zf)PG(3Gcj;RE148ozRW>$}WyCC$g}F4tK_w5GNS8T@Hp(2_A$<11lAlT>@mQOlYX= z_9yg&QkKpgFX;}NI7OA6z=_;@!0#xy?^a|hDmaW@QgPjCt=4uNyZT~tV|}ajVr#S6 za@*~#m+j3p2Pl_QeerUw`LY0I)JQheb$a5}P@MTQ&a%Dzq0erRuoNb)z5n{J$x9Dy z$=0k|b*80PC=`_FHa!383*nKx6bWyjaJiwczT;b?&~i|AZ&aWE?17R0L!PPjA5U-* zz%==gSla@ol^3VffC1j_=)d{nDx^wOuESZ2T32m_R9!>o#MDLw{36C6nRAlu{uZ zM?2q|Omw!#G>2;X>h?mhu53RWD^@lwM0ot7E$UKX3oJxw)}8|9h54x^fj2oP3SUj(q9ymNzg*5`*(WAum7j<{l{n8`d_ct^7MbRy1rQd&++740SO7D zW-aM%3ro2S)7sx=)lcE=>CVYJ*29YB_0*{uwWD^T?_OjN$GTM`*T$ib^o9M-Z{8dp9HHUK z3Pk|K#?`TLdtp#Y)L8&Kk|^LFJ8N9AkNhBVuLQ`XeO=Cbl&OPV%f>e8y|3#(aRif2UBynqCnIXh#k7L41+}u?$jBC%0wf6CR>sDR_7*v zpo1<)>>mo_knqFlp~_X)b0%c4VH~6Wpos@`ZQ^<(^2dqX8;nALoDgOr>0Hi`7mGm< z;Sm|0A1cVyfy3|?$_KIEa!P=nj_)=ANkF#0uo`kMLa=!GLF}Sqjw)8=k(T%yiz|@k zZ#`%Sttv#1!@Zpo8d$Rag%*X^gT5us(PM{ionb?r0cuupQe`vA8k_2}qkArlu{HJj zAEN(H8u^u5c7y934c_{Rg z`6!)FA@#mhUkndj^D{f=;+Zyy;)Z)}sUTf*4e&;=ky62M3znayG9#`S(y(fgv|luU zk?yKgD6qM@vIEvSn&PS`Du7BL#>?A{%LoHUD7}%*Q9!Vr&&+R!lYianSx`UANP?o}1x69J#7H?Av zq3x_AVNJ^lS?i(^?C(m^^t)-ksS@*+0YmHmNj<;#nX>*j>v{YC+U8nq;s5n4&yqUw zDd>eF1J<Gd70F?Nf`PlzmslCyN=TDUO$Xo(mB%Yezq^9 zqsgkc?RtQ}EjvJU!yqP2G=<7^BUHgb+d8feDFbbT$r^-%7|*L+04nllScMcTx-&{6gB1JFFj4N>{v$ z&P(numzBMOgBN4tOj_x-Q@M8U@%HVO+fUGdnSeG_S*x4$d<+$Z+AEt3S!q(*9tBlm zHL7Y!X0XJvYjv#LEOo;;5iJ-dm!coVv~8fa_H5(?u2^Cxk%5*%z{XW>z%mr#SM1WrT0xLo zuFlM|gswCPo{!4&;fYl17`jJ$C?a*_;wrOI4LyiPqctOH*NzpkBG#pdtoq7r>_=W0 zDFvgND8@1iSMb+gtD(7w++PN`MlQeB$0Tu%1K{=|q6V&u_=fYBk~f$x-_O=R#52%w zliBpK$U4y?lFR0X zS+rsL_zNykBA~m62NQ>maQBerT_I{gjVF&Bv~LI3gPUm{tyo13a4>o0k6-sx6)X+H zCDKlF-6#4)52>heVugn}yjyIhKezA{lTXE7;1S@v{X_apKk%d6R>*-4Hy0ymT_sVy zdn$;{eX5kiCR~{;=M^=2C)J=9&RkbqjWpD~l1Fy*&P;J8+@2Z$ImXxqnYmCn9RxhO zS8|bDQF-$;R!)wbF@1ijQAe*uwOohR;7NMc%PU*DIMI$RjbGu{$l$EZ74=emyyX&p;G^-X+Rz8gcATsQuP?tlKvmo|f*sT`Ex2L&h3SvzC zWU3(xN%B}I?9x^u(T(mXmzzEgoWwgLxqJb2Czn>=?OjO|1l()WCBS%%havF@c9n@H zlk+BQ&VbW0Lb|MqDK97Bxd@Os*%y$Id3q%bMZ)PQT{50H`YJ+Vo&e&`jc6{#Hyl?* zYb@~|tqB|#gl}Zln|Ls-3<)H;q-~i@ETlBo@<5=wTsGfUxbw%-2E*LpV1C*rHH^i5 zI4C)iQ4ZyVc)xO3P2TGCz~N5XbfFkB2yIx+w*Ypv(5D-{Vg0z`A~o{J7<|yG$96;m z8i{xjV({}nL-PNVMtAf&6n2y*BAaD&+<%|f4S|?j|UH) z|9W+OW3m39<(XmrN1GK|ao2KZJ0qHQ{!`1xf3I(@tuO4qp5293tEY;Tky0)*$jJ`+u{*A46__ z$Dk}=zwg+6lCWl7@A+ri`roML&VTD`kaMyApW~T-spAK-PTrIH zBS=9bIFR%-<}7clNEH)Ft!S*Ktw>WN)7vnDA0Xp9q&o%?o#Fy<@@>S&vQXo;E~PCs_Z2 zRBkDjKnlI&4oS%DmdHYy73c!wHYfwZJ10K|HzF+?YZw`zBo%mCXG7KjEKmMY=-^LU zpB-AW3Jf~6@S#m2b-$?BB67vryXAPrpg`K61Aqf{$j}Mht%MEa(N9QwW*Db4&>KA4 zUKLQFNmtJNGC<{^GIB_5Dz{h1fE_)rqvO~^$ha$^_j#KTogBQGOr4ys#8pHA)EtV$;lm|b$% zA@?M_(dYk(KJ>vBaS!#8?7|X}r7LZoYKk!QR4GClG+mLyd!`b<&{UAnQs{CKe#s98v)YcaK|Fb+_sg2%r_9b$e z`uW0y;|p>ErArj#cMcCGxq$aA@6`?^U}Gj!Kd;6 zn;UukAF%%m{{LB?CGu?3mp$&%Wse)iIW{r=Pkqzll6cy?9+$FrB+h%=BZZ)T+WQ`} zEqsa_AD6^TcRnsjPV@<{eOwX`z4(zD@pN}TE{P|<{c%Y=@%@kJx%;FyKrV@=x&soM z_GGs}E)~>m;Y#=!<|kyJLinXaP#17j^Tp$@bo}2#e9A>1BCm9z4f)bQms*ARZA-z zx>MgcGwnJZ^M)f@^F`BLKso=&)dxGgD*#2S@SBf})at}xNWz}iYRJoz+BSw^=YXXN zIzttU#e#Ag0x}>?!?T!*&MZ%KKFOe~>^>o~pXI^Lrvg?d zXoE(tg5_-v{e}VMc>pfbX}m10ifzaB?R(c*$rO_D4QD8|xWnh){h5XS$8q;_>VMa^ zhVFj`8Dw$)$Fn?=w{NHj8o8(yU)?STam!)L2P4Kr{5#&JrZ$gQ-8nbBXJ{&{&J`sk z)`yA}ea4jKg^FX29gCV^uLHq`moV_}8?ZI~HsTly1e1p8k=8(t?05ATS^e0is5yA8#WPg&?+8=okMhX2NwLzF-A7g3Dmq|3Ik2$nAO!+ z3@YL;QsQ4!#DD2G9=Nf0w0ycOP8?^ta|Ql7ZgbFq0hI%Zewkzy;ds%k_p0z|lf27? z#tI>nviGhSUsWCI$``%@FtR=PS^N+T`_HL}4ckI>d#Ev=ig}D(`pxXir_>@ghq4(< zSsb$)JMuU-tF+J97K%mS_f=}IWC8R?`M#=dvD6=^3BXhEm((&tXGoLOGASbMl|7i1SpMM5&CT6*D&sr$XHt=HN$QxfJ@0HCW6J@>*LePUd@3c)?t4NG5 zi&HcCl#9mjtJ@2K!JmZ@0b1muL5s_jvOCDct4Of-!cmkhyv0aRr6>#&o^|GwjRZos z61w`7#t{B&tz#TZ41va)|GtC-Dox_dQ~@!M|&W~AXvdFXU_KNV4m z88zw#I!$zV$zqo|%enjw>Cj9QFXJA>+nMIF8lxm=1CXl~h7YS4vGM*!+wNpa9s{kG z^mn%Xex0i|HII&Wd7+sf(U5thNsvH*VUb0V@q_%4n~j zu1$2jnC?q3vzzy156Kp}EWn)RMb?%K`Zxk(8?Ynh003`U;P@^RtIg(kc&*v;SgF>Y z0xN46S?b%mg{&0Ew(Ye;-g%*II$d4?nf=K87Y!#mZ;E2?8Z!X%V>F10;IYCdIlsU~ zuq@YfL8j%)mDJe^#)(@VRhY%p3#sIdtv(FI_p3_h8(YM|{FkV1ZEc}YU0vU-uB__Z z=&hkIHkV^SvbmGLUk0bpA06)> zov(_c@VyI+nzN4%7gT_ix_n3cCsytvD^_HY8YGr-d)#m`{a!fsE@-s+;i zNBVtx>9@2WpT-u=tA2;IxQr*m8eFXc2fnoeIVuK8ho2H9B!h2EL_zcPo9ormV(0&N zd>*p@HzLNchw=f_`2V%F{QkebxweS^{49^&vE?Qsw|}{5()oNT(i@OIPGjwx!Uw1F za=mO271YE?Ncx-%rQ=onryqGY*4N_qF?8<#ou2)Cc6j`@aYnFDq{mf#?G1%1{8unW z`!PfX7xZeD=V9v~ukv}g6fkZ5*N5VNtk<^|^8d3usisdJP4FtJ3^DK#MsJP18#h%0 z=zDS+22B_SPyw_lWfZn0LL`$7!8_WAbc{I-qp4q9tnDXy9<=_Mw3dShasX5J|7!mH zccZ$v|KWL_S@wTD?WGCJUgfFKF^p3g%?>C6kY>;4o0SXzMlHy|{Le$zKVG`|)ck+F zo{#^wzFDg+*8g)nW7aZGv;3Rcrlm>1&|;?iBQh>l^B??q(E1;+ape=Q{~GM}!}9-P z{Xfg24ynn;=#?l^G{6`Y{l@Lr8@$M`)H*gaj?M`M?sUn`uj4{A_}fUcQL>ZG}DsG3HpYY zUH~z>qUf;3j3qMdDiqI(zVDXLtXvul#UD z7Uq!v`O7EMv5RVL^Rgi84t+<}xC%YNfw&lSE@3Rt#phQ$W)m|U4FEtVN99=1sSq7K zm>AQM<0r~xQEs6LRc825iL)}KPx5k7;RrpF8Y%PUu%h%oc}({!)J!E%QrBKvM1OKG_jK*1E_vq*=8Zr_U*Uj-Q&IeLaXbxu2u2( zqTCbZZ~_p>IpJ&K7F1ibtJFkr{XW(>xw^uv-Gi=Cm!OBY4(x?VuU{+-TQ!dmf+=rh zQor)n&Ah567s+b62f?Z+;(T4q+8<>DI6TP)ksUp&d{8-JW{r|Kw#I8BH>eTwm#Gc` z<)DP$FebBdiM~a6ED%zBx>0%No##xa$4qQC&nz>U>7$yu zDb=@I)2oL(kFEYoQ>VrAxt|&K|2e&Xrtbgi8|!)fPi=h>|MhvEDgHlr<58pI_CyKf zim0WT@m}APkv`dX#%oKTms6K1(e^gJzjb?7kF0GPj@t&t-}!!d+bq4JjMT@u85JJp zWwfL(np1ZbwmzI5vbaex8U${Q3S=Sm#vVjIbXNwOeMmSwY7@$fvz3CJrAsRb8y+`! zN{uLFJ*+leB3~0*`XQ45L%_jDCm8z`Q)5516Ft;nB!^n1A&WV{wMJSX?^QBWag|+~ z#yyqeiL%uz=5iFtTdat+7Lm;uwpQfZo7pYbp@Es+4|yN7!r&vF1lAy{0}dR6Atrx>taM&bT+nx_(_I4A&_ZCJ3-G3iXIZ< z?T2A{ohe1YcHw%`yd zKLpwT-i^^OE|V67pV={P$Y*d@-^EHpMPYw;G;96?ke^-Fgp3*~#OXAS#(VG1_nO<= zXSgJf2kb)l)!&zKzREw6f^B8R0)9^Un&e?v6jl1KBS4#(;=}>`u;RY&CCkNs1;v$% z>ZQ4wc5PHfIpnEN$RbM?1?rLTqCW#REQ?H4|0gQPeK$Bed)HXL_?Po9>++kG%7_;I zttOQ<&>cILE;7nd&B!VZLy25e{&(YFR%KO`Fh+pomgek^kRJe4>6lS zGN#Oe$78)aQw)SP??wqBZ-cH?ZuIP=)m^SEeV=Uv!iA2ZIQD*Tr7*IEc{i>x4poJv z-!fzRNn|zwY8+HDW|;`tU06&O-We;3KSg2Ujz(#|qSfepQ7<%;uEk7i_{vR(0*-fF zyx$cE2Qu{re&Y3gj$t#&UbqKQL%#hMrUxjMgjiN=67~&a5YMCHGk?3YnVbKZ|l%*7!6YtOYirA*uZiv8_laECD<^)tGuzDJ=+WLfJ}$< z<0yDIC4Ssw8P0K81cPjNg+dXlgdY;M)JSLCC%*LBp5>X1{?8W#blUk(eJk((Ti;m3 ze|erqA}(;GF&#wzgvYD6Zqaf_2E8zTO4>s_84xf{(NKF1gn&sB60FeoTKBCma)}a_ z`}e?MA?qGG&d0Ecr{}0LnlS>{7DfOg9#UR-BLX1M^5&S7@?!K%ytf7qxB+3s79EI_ zvpzRD(^({^+?telBWXzMQH$CMT{?|-@35R5-1qPX?z9$ipj(nRW&;IAl0{Xkg6KbO zM^b24m)ujC^W(kaZ6W1F+)`mwK*o^wcw^AQ8|bF(Cm}G%T{^kQbfWx9T$FHf;@B?( z(eZ&mnFNV)rTR432!1b&+!xfIP%7VNqBrQRAf4X)E|7kK4S+Qt6oyg1A%?(~xW#^l|WUg&cGl5^^&rgN4J=ajy3F@-S}mfejOCS!&rF6q%zH0O-g{-l zVCG-H&Zj#@};?u#q*_}vHZWh{rf2tfK%oFq5FTU>uZbnKhN?o|Iauej_jVh zt>Rh3hf~4@NRh};$Vm&WA!z~l4&WJ2nUg+s$u`8X#w!fuA@g`mfmReOv;&{z8N2?~ zj`sQG|Jn%s-{#sv|Nkt{Z0ldMH%pHv0iRP!(E3YOXWEjHG>(IFd>RS~&*a-OQp1{6 zsLsgw{UPryBQa%`%gba&ta!nO{$ZZ+^q+U;=ivX=t3&jEeG&itd7dvx1Rs3NWcQOH zPI07PSZR8$g&he!L+ju7nvorO`UI%ab$yKa!?PSeh8|2={~Ps<{Q6(psxRU{J zx$8&%46_g?k?jTS&PKWP{S^62ef3q|DRaY3aFG^a;Te@83 ztd19_6+9wT zPNX~q>S#vEfj742JXd7$9V6fM2o5b=q`|Jqp=nT7krVrF~NV zu^v0uB;mD7M?0P)y=~=~YjFE_ee^~OI--PNO9JmA?1Xri9T$e?e9~Zb61fXe0i&La znq`%1(-aHY};t;&`?$jH!ee_w!m^w!7L2t zZTb#hxQcuyE=uXq9?vD`lbUbi{v$@#;zXrMksw@*o^x|*rJp21kEIR;era;U&WSV% zZ8ZQi2Uzy|<@So|A`>PnvHR@j0Z>%_bU`ishP8bXZ9Hk!L_{-lDGR|)6+SH0oX}U$ z;Vee(%jwr~{NxD8D4)$(@=G(z|Axh!PjBz2I5|HcIS|7tG&Qw_3j{6%a$ zN$pdf|8V(l%KS@TsQK!cBL8pJ*Yfv2)T$ec^PgvV%J{tA2cB7+ygd;oA6_3G>(0^b$Mz3){m%R0 z?uX62qaO!b2R|R4{P^PI@y)N^VX(7y=O1;WzaQ6HyT2CRwQmkjcB^}}!#(G8ui1N< zbU%E2*9=-Of3$!8rhD8yKX~!_m&*Fu{|sKZ&5gn97ygI)y~;-?y!mkW%WbdV{j_&; z|4paz^X5;xesUcCOP8=t< zwXG=raqIQkKllFeYo+<~F9$ofANLBsydDHM*R7Z9CmVY|@BXrTwoy4r&fWX)FrumGj-#?bnsy%)R??^#0!a@a7-qAK(Au;56KHzWMRZ)`x$*d{HU5 z(ZR>Ke|H{-t$)`2Uys7m&7WS>{^>?Pyu3U3=gqsDt*vjI_T9<*dV(ZpWjs9 z_}{!dYTw+wJFLDdoWA+{b?xB#|Fid|jcFrGqwxLAujsMwdu%5dv)RNNc#C%@ zlZyoikS!!431gh(`R#92b+^w{B}&yVuQJ z=5wdMuvcIH{K3|{&TcQabY7^WTMG*duW#2b8oOtA%V%%8rPlURV!Nxoc30Q5B{yxJ zuR3nyV(E5w{o-hEFWz8Zi%X;?Ss@We}+ud)@^7`&aZ~IN!>YQe8 zt+VZPJ8`|apEvC8!K!)KuD6fV0F{mPBkdx8rk8Hk4s&~F>o?}fMg7gux5d}{%S(;L zt!&zA9hN?oj^O{R32zU zQ$N0G9BzHcXyZcDU%jRpX)O6QZ zKiwSPm-b4lpWF{?rRw_X(doyvPmSHxqs#SDW22NPHS?>brd}$Q><=5e`TLKp(%D_1 zT3S1B4;PNAdFLW`apJ9Sy}oN-uJ2mzr_AT$yy;~2YZr$H2R9oDd&yqR7goOh~zHw-L$kujuH_TIS*ZaJ9uN#+34e#Lmb9>?Tb>6&AtbM-T z**mMUw**aB;cg8LbcJ-xkfo^=#+v+nc&kx$Lz+ zT;z{#tBL!xwzk(=T)104O@BPRz5I~RE^VLQHM)g^g--ftXCrgBu$uXpUTz%jy58%? z>UsMtyOsI4^XBu-x2krSIPz{!j(3}9o%^$+-2G?ko4at3-u-s{>3nJR^I7^^?)>$K zuHO0FJ38Op*($V78`jDG-Nt_JrtvMedEq4LA6L)TnoH-a=eHl0ve|{@t&Po%k8a-X z8I3nbH>-zsO*^_X+-`m0qFwz^TVLBWE^6KL%*DpO(Rh8ISh(F>IQ+PtX&U>;0YDp1Ijv))!COnVpXtt-M}XPTcnDxr20l zwZ5=(u)lTIyZo?v2q*pQb!VZz{`n?rw`#e)bK~sPsU222R{PCq`oJ=8onH6$+ktV{ zO4zG!3b$tMlikkV<@Q(iH8`qU*1lHSHWxota$Y*yTievGH{X0-JiWX=t-mR?udnZy zFB{pMSwHLCCYE~XMX$cSds5#t)-N~L-lVI>{@ulbao~MhZ#nLE+b!+x-WjhmpEs^G z^Zet*Vft?2{9tqOb>Z@jx1A__w7Slm~Hbh%kF53`rM zrP5mC=F_^n_WJm2ZFQ~FTg-OX^n?99!?Ewp*QW*VwzIXDSZ|+SEV-vUdyZYQjvAeh z)t&v<`A@CP^7-K=Y;QNW{qdmrS?h!^pd{cb1$LYI-Tv_#mUL7m$5c4kJj~% zpGw<>+w8Xw%h&npoqLg~-G6RoFWy`(r>{Gi+SaG~$LrO#rRM9Uoz-PKvG}=tSoIb* zvTu&htlPr*!JZ8;ded~@EZu+09W2_;o1=rX^*37Mx>7kgyt!Pi-MpzBZ@k{UeN%DQ zI*IDtw}q|DVQKrrs_~(!Eo|H$+_y8iTq!_$+TakkhwTG(HDv)`zc3R?$vAB@}V zc71Q>WOe`Uu#$sqT(mx(I?Y?dDlFCE#4R6Ix;qz*!|le$)eoh$qx8X*AmxA)5(yV-=hdE2-z9pAbaiB7xe9bdGywTivJ*F3+iS*_LA+e?e? z&6|bS=7n|tdDYr#)$Vq)M_V_adx!aUw^v!%?%9pY+Ft&{R^n5yovXdhY;Nyde)G1r zx0gO&)b`e{jjhX%)z;1H{KlDgc3j;w(%Me$xU{!gul06YAFVgNox_}Kw{8>KmepP? z?PPYA7FIuAR+}el+Z#rG@u1SnZmxe`Kk9xsUH!0q)?2*UUeqhSo5KG2;_d40_Ic~| zR;7M_ny^Z1#_g${`B3|0p55>6XrGVvyzTAty^Z_prH>n0eSN*~`qOd!B$v&5CyjdJ zG`sXMfBI?l z)6PoExwFHi&67`CZW`G8n@0PxVI(s4<~O5qzO-;-q*q&q7mF9W%NNUb>D$uAUej{y zk6nHP!M$Owt~T)AI8^S9y@b3tqW8k>v7 z?&q(whx^;#HWP=H-u|b{O|80@-a0$q(>Be#@#gwu_2TBu?&_zHwNIy;Z?eay3mb1* z%e{^2#nwfAVQss!oIWyJt2b|)#QKqS&}`PK%hvs;Z=IX1*C$ImO9#z2n~ZkuP{7VR^;a({GcY?)@gls>wx zuivgOoowdv+HP;xYu#OZzSc@-J5IX0326On5onRK!u98bSzp>+Z=Y`8S$F$ynufWY zE8H}9PA~5^8|{7Ds=r>aYl};_pK5noTbbLv`fl6F-lrEfUspe0Y&LW0#M0-+Qf^`U z-qw~s>Sw(|_qOz*(>StQ=jQ&}#+&Y1qgy>X+bfwjT77L{!#t~+>4PJ!_ImB)HdnJ7 ziPsk%AjQp%({-bMwEtoMQ|n-9?eOs8y1Bl8a<+e-U+8u6R_&znt+}4hdCR%=&PJ}Y z;4N*QU*2C{Y$dGi-OO6IwrYO7JS{Zb+~xAJZRO#P-0bcZ*1zqUH}^TaecH4NXQvCF zFOSyF&DZJmlZ#5-c2*1aa^iUH_R`L;ck_GoYvc9h$8W~@Ld`OATkXrW`}5{`!TfNu z)~5wcbMd?%?zJ{zc((t$mVRtz7T!9KFeX z$iQvdG7B5_^~Kp~y1MzgX*kBo#^F(J^=$j>@VKTgH}yoORk-}Plxy9cTy9@q+>~0& zrEiO^H+PE%tH!rgJ72o2Z+s}-)D|rJXfyBbWWK$r=$A*^NA2s{hr)d?v3GY~Sg7uu zCsx*WtnAmA7DCuH)r(kNJIF4-y7O<`WUAF37@086XNj3bn&&QY@8Dw@C-Um+%)+ zowRA=_af6wLvwW({RTF52mVWHLrHoGf?t;Ii4X7>y3}!#T<5Tsr1u7l6Aho7b~WjD zmP9kgn%#YP3d-Qg_o$G&`$~;9*^C$x40?m!ti@->U8$lnDr7gBZ2$O}RxNP($Gh}@ zFYq_-vZxSX=kzh${wLEH|6y^0|HqO@<)4+Ro^gxXF#dig);Rb+QwmKk2oxZjIZTYo^R7CM53hZA1qoz*}X%%am)gPD^udR?sITb8mEW zg*$nMzb541uSrABKM&OY%sw9d{+CS`GE0;9zj34?`!B;uJ*$t$?|&wX@!u!=|LfDR z{rBUvKckN)?0>#cnC$;J((wJK(B9AL<4Na#qW>|LG~)jEhjxENAH(SXLSOucMffF>%~Of+Q~Fl}A+%(WuD0M{^*&y1gQd6eQFn zR`t5==zX6PUyk`-UlSX5di5AhDh{FCJlSJ7t=K4@p_0CBN9zV{RM`AHnY!M2@E13f z%`c@#XokYVH0^FEB=m#TRtCjPkE?aWJz1}4W>@RE2@Eo{qGWHObZJExU>IB>T?VMq9^d08=q=Je7oux~VnXS<5byh>?O?B^ig9vXsZpVL>=ex-%QprjMw) zJ&T8OE;08f`}t=gff(nzaKk?9mR+X`832zSRIZbq3;b3FJgW|vxAD7|^M73$k^c*Y z6Mk$T!_I#u9hLv(3fYPOpRuI42-@>)VX9Z|6m4=bS$2ww4JcG8qx%N0=%yzp?tgcB z{Q37DL;6!1cK#Rp{C~lp6Z!vGlCZK>PJcR;PG#UWmiAfSeQCbeYwO~Eua&(&{qNkK zhb+U%rs+GQ2$B>uh@qhs-psPF?=6zN^OUj8KNCL_32HnJ$^1!KLAAItYFikw1#QE` zNXe%z4F~>Eris)I6s6&zaiQtj%+jm6>uL^nJ>=Rg^m3`Wwv|v@gt^BKqBvv)e)m?# zrV-CSk8=rZU)0=q6m&4`{P)NIDx{Yt{Qp>zG_xPL!7P(XN3a1MRjt-CtTH~`aa6#O z1GYjxB~E~*8@h+5mrnWgikd`u7W%l7kf)7jsvQ->4gT)M`!7f%z5l7wzvkon7)t*a zqVnHdKAWGM|8b=0Ke)$}CY#rJv^OSQb9fz>;<^S>u+imQ?61H0XZWOo4_?R^wtRAQ z{~@XG{0H8=U(5yYkn^7_^xglNYB@jE!-UqJt5#m^#($12q*UNNq1cQ!6WLj6{dW~A#CleGpp08 z03I37KpIAk#<7Td_mo8tVKPVU95HKT1^B0@&;F?+P^XT)i+32*JiRq)Iz=so!o(3> z1(^H_i+0)=@ps+S~e}z6^V+JJND$24u8jI=;EaUAZ3NB9-h z07SUU<3M(yIXVw6gp)IStkR=K{8*ceyQ_?w7cYZ<`Ht5RZRAtgSllWM4BvuYs|*vHJU!Z#$3*%ZlP-FaGNdkguwz&9{aTVfZR0BTRQLB9cI_1O z9riPKe7vhpc%-KLBEkfX?_$JffICfS>((!C!V=5On7>&qWsRy&4SW5=H6b=1%2>c(hn6eP7IKYhapg2{4XuHMy<#cTI?_jskuvl|| zQ4DtK0_vDLT4JZLgK1)GZjmRU*s@|cydmt!hHdeCL0wx@@?VzTR#DK zZ?9g*v0@6HXg4~$F|1nIt}p1{I+|Jb>;*?}=y%AG!^B%y0!G@R$5q+?smnuhERYCg z0eC}oVkeNZhO=GR#BBcOzG2cI{tU?Cza}j_v58rVzJ$vnJ_B^+f;Bm@+w;4q<&En> zqAgmS5{2-P?XFQE4~qR9?3vfp(1EQr<1x)dRfrzb?~sw5MTw$*r?uK9?h~~ktkvgz z>0T9~aE?}^Ccwc5y9(s72+WA7(F3wx69I-?w!q$Np`nVOxGmDdFaM(M;FTDLdqo4d zk^xKZt|WZN_ug^!vSFb*Y&lp5K7~5#HhZWo;%asMo!XgAQa~k4g6OVHu$!WPm-SoC zgvGqV6SQx4S!n*D(#g=hye+CC(6xhPd^*q(i{Y>FMA_u`I&@vS`(#p@c-3qHjYRxmvF3g=#Xm11IGe_JRiB6%=Q2e#fc zdn8I0n1R&+Tskn)6f41Sj5^kuaZq}DgKaA39#1F_=;c7C=;nZ&v^N~hbLZ!A6<~4| ztpXj?j2glkO^yf4#-#zc;0O^O04G_JWp=MGOIYoK->S_)8bz%!BQtmyB%kHtO8eJ(az9)rl zl$k4e6ZllEQ$cV5&~f}m0L)>VeElp;Ie~iFsF$l8)H(hN-}Lm#gBw%_1V(rocgm%!y6V_) z{R=`iAZqvy`X~Aweupz>*d0LE6&nDm38+lGe?|7&eaE)p&=Y#aj)<13*;TiQtpM?Y ze=^@d3VsCy9kmo(4XLKrGO^CFiI>fQS~b0jBw&19KBHX&E=U;ae^`lhxabtWdc}Vf zU%g@IUMV*|*m>^w)dQ!(Vf}xF6gRYhY~0BtNIecHQg3bdwn55!UeP3a%m1 zWsP+#dMkvLD766v>P+M$C2`E)n6p_d@b{F+`+I8c&%Z4MxR%zVXdwQ%riUy24pB0m zTs+QP;12ujHK`xb2#n-Xv|v{}jc&gxOhHn4a#1wzZ$V?=^1|wNyWNyVV!7%$d1~E_E1P`Yc z)s>P%LtLX2pqCO@rP49mIsSW!t(J~=j+1{|=Q}6c2d5|OymWL_+CSOZIA#Y&Z0%rw zedlE7U>|;MveNz~`?#~e4kyzffbpbv-ly3bcu*rL9---2tX$ zH9CN9fjodyV-fWb7^C6o`y1$+mci`+-Tpa2C!Eu3VKgE5zwRK9rvP9yyR5_CCKigo zrQjHOyO=Kk4EBd-`8N(^B0Kw2u%~zx=vEbQODF?Sm)(L3t;WY5%5yu72HF=zzvDv+ zi~zSa^qr&5=vPO_OEmg5cy0@Qrng(<*`kBQD2(!3;^(j8{|C!|jy6i`dmGPw{P{n_ z{l70R^}YXOGwF%^XB=s;)FqMlhsj(L{{WFoB9Zu|@)mr>e~z?;v;b6DOCs@*q$TlK zK}+I!a+bshVwS{EDNAAmAxq+EGM2=1MJ$O&NLUgh3s@4*m#-wAC0BepEieA3DnF6m<#mzZ!jlBuCnPz6 zi|c>A+$52hNKJm5)P$2JQJG01@qCF%BJp^6N#g0^5;_!pvXVpqLO{L0;t`S(EIgW= zByn|hm3WGjL<&i!=Kf4PS45H+Q9{B4C5|p1NhDrCI+A#TaD>Z7q-Z4ZQj(Fx3kXIM z56eaVY5I1f=>MR~H6oU$8UhWo|H&*ZMeYC6`3e6&mL!6JZs{$&VSF-$;(t&5wL;Xz z)LhC1fOhL}M#`1myICqNFcy^*QN%Znj^Vgb7+4W?l$d4z`h~yo_#B%ZjcZoi6k^#a)>+8XS~{TCUqxt~56H>H(5;0S^{zi>sa{M@9^q=Lhmthx9*eL7c|F-B&B{|C!k@|8M5& z>$#Z)G|m^hP?jsX!v1dtFaH1=3|pU+Uv-7`p@V4qp%CZMqlz0X8=L#WgpEEdgH)FPD>Q;s!uQS&i-aalfC^?F zgjGCUuq7B1obxM^3n&)1HujDWH`Y?JD~<&H2;Whz@}EWo{fpBu{eJ|6=l1ag{qMy> zW}^Q+jx=ol@x=cQ|NoQt-{VOm?Z1Ch;;+YZfy4CwGnwf7Z$2~e|2UrH-_c&HT{D~+ z<7UVi46RwRpS&8mUomBg0X*IHo<0hy{nW1O z9ef0Mdgr44Q@gj2lQN&)y{P}x?wh@eW7MABy{P~6*$ZoP6lOeU5!7a$I+&_yqgeGB zr$ID810X)c=X3;8YZ-Us@=7<&vfc5Jp)stg*{SJ_3$pgGK(Tm?B@Q}XfJ}dz3B3wRWs~xLm>P`y9Qe_@WQMYboCye>S{9|^iLS=o2 z3-j|0-ZU_?L%Uad{yD|_#?|rH2w%|g`5c#MR&yHelgCG1#JDmKcR(>;l_MOAGJmr9 zO?(xC3OI(JQ!$$l{Tq&Lp`5Y^H^$8B>Ha#*3z$%x-wa#%i#=*N*w2{dFg!NpHtmjy z5BfAMOYhFRUeCm*#%c%d#aoid1Ta4(R|POJx++--)^lp!j+EtHwmY6HilUg??BVZyB!jR!{6k06S^s1>jfqq3&94O487jX$ZcR&n! zv!TJyrC>;9&t@&nt2SpBa!bqkg}Lz9yC~jNp#w(2^UwS1x?;6r z5&xaUe?59-x$rT5I>A&DC=SG-6_pOD?%%J(+64w|UtAr!v4qU%4mQeRy}!RQq2(f8 zi2t7DUVAKiV|ZT8_jPRBww*M#?Z$Rv+qTUnjg!W<(YUc2JB@Llx6kkYew>5r+B0X* z+H37uM^*jdd29HamIImnwXE#+YI62q4;KHU)-592OjyJGndVY=gRL>RjoS+nJNu!mY)49w#F%N1S!8GC7OIFu$5J(aiI~G^u&& zIiKaq(eq|~i9J}agJPlhqO%E13q1+WTHG9(EEfn5RV=s_mGj418{yuuXQ}%0MGbj6h8Fc*N4-G)F(0rQb+*tca%BdvzlMCwn1)b-zL&pHO~AIgT9O6SgbD%XWsvSo)s zMRGyz|7*W3-2eeDr2u!P#fFy22c0NI!BC?^JTBa;NMRX)N^w z3=dEU9M`#nIdC~0pIn#qjPl#MZ_zJCfyTgsmv__HLixP1#FJnllM_?^swkTz0Ca|b z;SzxK1#mtty94fXW~e~Bx)}L-zNFvQ3rVuot8~GzBjvE$W#e_Bg&>NxG+8o~EIX;t z=6LgFEi^hc^$>96e)%*A@Z^0K_3H{}q~KSM3pr^Uz7@(@rXkHD760sEDv@}GnVYLX zxMy_!@mJ_-!=kyzKeg9VK1iu-L9*Lq;WE|6lfIQnp+&aoOVZt}`!pu1OQ|=DdZir! z1ug09ehT)>-eQVkydwH8nNV732vH&l!w`^f$3UDDUhem|eiN&XRZ4g+&9>@vz*wcb z>dwh2)N_O8Yw+;60YjO;r|$zhF%yEzI~%mc)KxlL=D_{mj@6{Tmu(p*FEIiXMWU zCNymFbE2tVbMVykbdb)(`GuQtjuc?|k*;uLxv(c`S)9dtKwMV0V)yTB)o z4nDcYy*CxJRd$>@49JBK3W2mnj7Q(j)L&$do=BT1vv6y8!M}YM-#`5(G^7H$u zRRla{H}#(JL=0mC_`DVF~*z)owYHhX<9ZBBqIx{Z(u_Jbmd@cfF`135Ksi2ZlgcJzNIaFr zO$sIDj?yks1t0K(bkDbukgHWsDY;t3*smwPn`FRloyM8PI~MG!9^i&JvkcVAb62J% zk=57<;CNv38DcX`qo)%oZYzc>H-uiNcjNz-2t-bFi@fnUaBg>R@^NnQiihGtn~52D z8`~cPy^Vo3e!&F(v0yJW)fEx{Ci#b^qi=&>qS?bC&lsUUikGAS7-ln2iG#lLel>1W z&F%pbsf9cNk2%Pm{a@`2SLsz>DWRkAXaI$i()<2$aem%?U_3?qj+7!#;PGNhS$R=} zO6cfQh7KypA6JkBU_G7(PM`qb?IHd1#ICq34MJrNm>B_i37*lv&&?(TUV%<%PlA~K z8)d`>-GNkgfbrDAHXxRK3C`s9<~ay1pRwu^1XpC zocOnlZ#HO7efO1B@dHSpO~GBGZ^~1o1IJ%ar@v$mxIuwG`(hspRjixuXPtNO5PToP z31^dg9CW~SxGV{NN}5^d50VN`Rl5$M-2&E!{(wjoe4jvw8dFjAA*L@PSqW>vA5}<) z(0|k9yGB7$v1X|FoxiWm>*Y{k>)bnQYbvMb=vlzSnqIDMW1?`>#Cgk$lYj^Rcj!y& zB$1N_R{YE9@zGzqS3y=*fA{n+f8>f-KildspF@*m=Y)Y5b2wzaKOfe6jWV}Era#&4 z{((I5UQFpb=^dT*CW= z^Q=V|{3n!MbR2j0x6@XoaYy(x<@l=LV~YU>Fy;N~U=5|PcaK6gq<%gjV-T+a8e2YK z9J?5#@Nek_WBvlBtD2@_qI<`=6baBQ>t%_Zu!wMP@}TRlDyfQdBET>-c+xT87L3vK z?|Gs#>L=r|ZGz=-%%>oBk#*qb_pGfT>T|uyq>|?#@=_pc8m9^Kv;QX*eqF+~Mu?>M(aWO)-H!7@N04fd? zssM0S-uJg?@OgLg6?l}(H{KemYJ`F~WW(2%h;&8I2Q+7Sdf>qUO9XmPyk ztlxn=>=_6Ly+5Aezl$`%OsKxG;ywa86D-Q7{{o^1QV58`phen#g~hv6{gQNYs$Rf96JNCiuGtW)&KQUao2G@FH0c6 z-*YWw7#X+w#KW&~m z`(Tw?8wqrTOU$lDvbTtst}{NWtSduI2{;)Usc^S1k4yo|_|l51H3s z)uPzS@fzVSr&J!My1}$9xgq^rX|Ks?Cd-RZ3Lk9`6!$@+JY*=)NCH5F%}1624uaw@ zfDdB}RL@viLljfTit}tM(Z2Be@EaB9AZ0{sa>!V(@H+z>j=bH_!|Hn@&LBb`?VIS3 z0$6=xw{IO&$_RopCI)H%wiKVI-rXyjNUB9~dvO~hj91j1f)3Mgdf{bHQ^Lly(fCiR zl%SAHs&~**lA;`-o^_yVQfaDyE`lVCu=LyR$Zp)losmyl7-ba0-`6t8F&eoWoOo7^ z6()yqcs`WJD(2W1pE=h01$ZgH3CfB2@M8LxA%N>mP((TCxj*LfAN>dd(tfY2sDCIo z$&X9GE;>AaoX!`Vh5%0Tb9_Mm!>5zWe@ECUg+KorSpQ>GLYWT~@4)4Akz&yYt-wAo zmWq)ETO8!!oAM6iob($50%_Aq2mJ}uLSi5R^xq)da@-W4r{jZHgHCZLXe^cHemCah zIR?}pRQ16tvi~1c{sdTQfvY$`f1;fBe)lI83y^^#K$|E6`gVqY0%V;7Dwn`mT45{D zuMEmlQhE9ZoKjDK&wY^tKLH?+HK}wdGM-kkUg%i{d3b#KXH>-rpJXYy0bKdl#a;KV zTf8*nwRgqKsltm?Y$n?06sy5~UivSnI0rR)q%GVmJlc@N`IOC(U)7fa?=H__+vS4Y zmrX_TmKxnRVvaXjNuQb3#kY%Dihst(*tL)_K|oPWZy7B zkl)(&U(&(Dc&x2K*5G?Dzw&ba@uOlvUHCI1O}hox7)i+_p83MjwF&hIo>Ap_LJ?w_ ziJOgI35Y(4$O9}BPP`EzvQ?9}_s+(p{!9V(s!_&ok`?bxO02FxRPV6x28cHAx*7P& zr1%2-q}tak__kPBA0xzqljNd+`uffO)KRcL01W);0DW)y;kmnLY1dDLR(Sw~e+K;m z7@Gl6Z^mhVfs3UP(9Ldv(VtIR;nb)k*vJClAJi00pK$zFEMuCd51xK}rZwapbZWd^ z>5vFfqKF@Q6^SIuR~X+hR$`!`HreMZKron#=Hp4SmD1fOcnzrf2q%62S$}MjZuh5N zwQ^r<*k9BtX|}X-xCy+-)=}eTHb%O%9yLtuV>Ok5)fM#RbN8ug6b_m#9W*EP37l}8 zO@4}GE;rc|bIOAt2jXtjc)(P`E$}rj8?CqSajKMFkRWl8V?O=q4QYrcFX?mEAA
        8 zvJK>np1wO-xtIa$g;;I?Eq}cc57Sa(sP#TL0vWb=BYks z@IYxIXHL^KUmN9pIJQjX&t$G+DZM}8ThmC6CbkP0dHl8n^$qOdQ+#;nYfH?(xqE2p z=-S=(&V>Ty@CeRNqXS%Xj@dO<4dxnBtVAn*dovnoB=t#g#H^)Su$X4kKsQKq!?&I& zo}=(Aft}(I`zjGiBP$88*bgS_5(Z@PdJNy`yXRPQZbFTXxA&N|4f9_`maRN2r#Bgy zLYD?npns&l8|ROt+=P(7h~&*m-vMT(7=X1P{HZ{44`72p+B8{QlVnY&V* zJ)OVAyRQljHfxjUlwcE1{icpAMRLreIe=sX*kf&&uE4A>b0zfgK{J zNGj&|k&rS-#}`t3ZC5U+oK?Q#T+?i@xx_8&PM9h3%o9OYsfxcuy({J5S-*UeV0yP{ z*6NxrtYG8T(yd0mu73MLZS6r9I4l*|>fs|E+wNFGNr}?tcrha6Smv-XA*yKDrL<%^DG*nqmqv$FC{EqQ8LEg6-|En`hz-E$_=Fn>qKvdjCdZGNKDNO!9>r1(i+!n!~s1oz%7L<6nB10lbA= zr=D1=2xgk1uQ~2^wpOl!0OFGQQNLDq0+Gm~>Bw^e1(JWyhZ8+-%)ib5u=PoLgz--g zOHZYl9ouN?_0 zM?%C|s6My+)aHa-sv9Vkv>lrBYw!=>q^pk>sm?^nmsZ-S_(h?TVbO2^ZMdJQ!J>Gw zkDy+Nd5+Gfv5M%y*9dEb^_yIs$wnsw556t!yLBVu3XQAjK5>rA*BD73d#Z%+&`hHh zL)@5l(xg$qKpNB`OcDf~a4KMa{(~=>oBnUxr$R%r zWgUUvAO1-;CJUOIesj6G4FH`Q>>uS77nTPs|6;y5G0}s_x!fl@(_KeG5#J28XyqCO ze2JGFdmh8WX?_UI^ z;cc=%csIuZR;$05??peq>t^3z-b=ArQz+XF;Ezb0Et6jg(adzp|5n2R;r=!57Z7^- z_*--3!VomwvUm7ZC8J$;|In{q=rr%jshY&Ri+^^tR=mf z${jth8t2*{hVl?(6#{*T7{PzQ-xrmO|7WeD6!HL!lR?v#ZVN9WaqDs)t9Re`1?S2f z!-CV46r0^zFetOc3}^4ZdkK{|MuT>LBAlb7Bnj7)a6b?*6v{|6Ud?lc_**;g^A9ju zCXx7U?Pc5hDukAsfMj;*HbhHi=yUN3RU%bqxoZ{ip$ zy7oeUW>a=rY9pt+-jEn9FXmIM5i3np;q^Krj<6#*>G93y(2bj_8X>2`MQp#`hR`>Y ziY%K>f%$_dGl6T}>BOjhPH^!X;B;#t zQD{OHL>fz*Cz@KgO@trqBSe0AXywvlMrTGtU1dxezYZ)eifehe2}~sR^X2%wiA##o z2$eYPzci!S#0A_i053t?X!`9m+5Sewkp5L?kvS5B_>VSfC^X~r4XIN?3RQ20fRT%v zLQ>*-h!+%3x2vpxcN}zm=Wo>*h`Wzh1Vwu>N*4Qlv0>)ZhiGcp!ZtV)+_RQavww-o z7Vq4((=k@V#bML!xU+h3!Vy_Y-w7JHdxq}Np&P_~vC=}q!Wojy!n4%%^xHiGai`fa zG9;S|U8qNuuRQa*Mq79YSO=7dThK??JwvY5Bg=PO&%HXFmy4>ps!D`RvIkx$H6@)| zdv^q$ihxFuQnfM(UP4}{OGHMY_ffC2*}kULlIs(7;^~*Cc@KPBr&}sm!+cj`pHJ); z#;t?cuHGBVXl|j}Z_<9%@q?(HvzV}ThTSRR?I+C|IwkjxN zb5aL7$7rxk$TRAi@o`%2K#BUP`K%~}YqKx2n9F~8QvS>s3a!N}jRy&Ej~D&`ICEiM z4v&Hq6xL%toS4pD-vR$O)`GJnKzIQlQ9<~^17`u}Y)_&&ZBcTby*fgiR3P7y0V4>&Y7-8 zP(zrIIBcngV*(*yYUSSw#V8f+CeTpuk9PM)FhSmcC?EXSK>AQ3Ip>I56tzRtl)W2Dwgh!cRLT|b zv$G~r5pAqoR|Ti?4*fC?JJ=564zJ7x@@EFe>hjiguctERk8Fd@NN#~fy9s*L)Yg-= zxnzlq?AU#9k=FMM*|8Uz@4+@yw9K;S%_1ZQ-RV}3I}4(FtEf0M4__c}(>@g! zNJQwk6yQR&Tv>_Y->QC_u|xUvn9Pg5WTrOKIoCBJJgGUVnKDqb3#F51Bnxp!Fu=bo ztMWXNYnZ&mG1Zact^fU=%o+?t<%SCzfpqBp(1J+EQjJXhyMWXUEUnvo%qjYc14*<> zWisuSWcxy}swP@8QGRsy%`r2piqesuT~S#rv-R@bFrEJKnVLGs|0%DoJ5%z}oHKY>E_pF#vPHD%A3^ z9RBxRtuoVydz9txm`oqKSZcY)y0rHxbq}`w3P<_Ebr<0ynxQ5)bBQ|`)dA}M^$$6E z6?x!a=~P}Qk{AilT2Mm!TGc*p1 z#IR@`+xT}qeN-E?t2J8ho+l2k2%iqpnjxw-r__x9z&yAa79_C74j7cAYcLi>pGpkN zltuUGD)HA^k~_VB>P|n1Da`0_WxSpE^ELM44MH6Ijq~X2Ci~MZ_FWj6mZErrxL%AB zccS#Du{-lSn?as}lDDu#ihi+qK=UDl)0&_Iw}^wP+^LV zv_xMsufuJA_ZC+|FqEuPr--8p06gCcPHbvTH@PKfFHiEwP2e!Tq;rg~`a|5y6km=1 zB-s+H7Tya2QK~9drtCE@X5Xu+kw08OE6Yo>yihNnt^W8e5fx24%!N;P3iKoCf za%1%lHR>j&(h_T9^nItDygFjkN+@t2J7H5)!#s3;Jk1CSKxKyyYWcvu4eDb{0TL;D z_dp^!z?>Dr!Y3=%|F~>e{@_?|O@xDa^6ZV@*R(E@_DU}DoEY1p*G&v7@Y3x08xzf3 zk(aUTDyWr7{Q8C~wNXCOzkdxPr}M}p<`5WCy@_GJ&B*znbF;k>`pqH!#8_$AxGMB_ zMXAI}olsw5sm{$dSdB27hucAlylJ2K@KMXK$$DU^uTL66bh*x}dkM-689-OuaF}#y z*{S{0a;C(+w-i61{AK0a)2%CXo5IN$#{yA@(PrD>pf8`=aD1ZtN#YuW8ZhZ*%%NvU>+bZ~BwpSCFUMacQTqxZHjd;}~;roh}II zsv%DuD$GPCl5>;52(DD>)WHYivEZ@CVrU=rah+c=}dWj9~ImppGSBJKc- zxR#{Ex3`}~U#EVQeFS;3bEf?F4+3q)*BA(Q>^KLVu&c+l%(Abd*u`T<`f0)`l<(=L z0C$!sfOu7C&XqfG4;|F(z~9V=3h2qZ7Sx${UweR`(5xqFjq20)NtrE7V7cGf)1lGM2%pNmfvF*rPzF?x!wxo*|GPwnf?rm@M>n=TR z7y4DpJcEQ_RorEyY-YL3CZd#^=vCW6ZA)>WT<$nFBSPD*QEp3D*O2K8|M$#vh(?3l z(F*x-hZFDrZ%BO6>vwAkaP}Sgr640y{+U*gVD9NW@*Cx8)l1nEtN>dE_pfu8t16Mg6XAY#3?7ycEN(3(VA(-N;81_jxRH0Z!)AifVzD zxyVW+z-C^he5p7gIpr>O2xa7IJ`ah32hXwi$7NQSXULn$x6Q_$iC_bk_VLyb{&^YE z&}0TtG)pXk0abfZ@+c)g?JtGcnqQ>op-Xi}NU5Fg%F0XIsLq5e7U@MhIb3yiPs42y zU|l_;!*G6$4!RXY&0}pQt3)&)#gV=H$j(WM2n$ z`Lp`W@b3_S^J~I%gviVO>IM_-SmH|~wi%;J)v`;uNA_YHBKiaFjo0xTYYQ6zY<g zL6;^pA7Mt2otZzq(AfV))MQhHZ=DVyi7j{9GEqxVO_-L9D(hmrJHBN<6^r5yr<*)O zkwUoSn=j%8m?c$sl_mQ9eTet8)91FI|AgfV8bjd%;)je|YG)0ie+)q{LAwkFqd10s z>T#(?B?-y}3NE@!tvL3)L}7Fl;TqK9)T+ZS2^&uFD4x}82}i3RWEXlv4)=!WE?e<- zq!`oPYN@MzP!JRYKvb~mrhF&V9)*%^gFcIv+k80&0H_;hPkMw}= zy{q;YcVEc81WSnezPC2rC*n_?2>&|#tBLviGNy%o8O#Im)4?B{`1j73xdF=S9>K(F zB?}mj7t0gRTJ2KR!`|Zb9{Y1kcPGU_EMp4FPBB<2^O_!Vm{=s&H*8$1jt;45wzNN+ z(Ev6RNzNH<=TjzQAl)=&U-)l{OavTJ|Fa@?%ka>*JsVxVy2g2s1i3G6G)}Cyl`rXx z7(Eswwrctu%c2pKXmWvu5!;8EOQZPI-T83jr4Wuov>MWmKxn2p8Qj!U14ViOShn~M zrSlCu)_9VVllWW6Zx}eb9 zb2s7kmV6bA#~X;(8~hc*Z8r_i&AJV4q_-8lNv>RxI6G&c{K(n&QKSTFphNwfAN&jiao-Ux)QHGJ8t;I$oBDZL{z`y%zqL z6t+>1_-bM#CSjQ7&K**S#vZ%QdDYuti57A8WTn2^pJ=mLe*~#q1HpGaZP%Z z4O!*tKET`6rU7q1FElN9PU^HdR`$rEh_MDdu`7Be5ps!7mk{a)<${dM9^oDSahxHT zY0!mD2VVRLOy7en|L*}Iajdv3dQ31@)H=e#tzh;gN&`fZ;M_32 zM?}UxozonukNDFztlg*<{n$|T@qTv=`)=7yJV9E;OMk7da$EZCU#@@GG*boe#OW*Cf?`^3dAxmKyC{`JDxX%y`OR-n3ulTaqKc2yx zpLb82p`9e#9!5tgIl%=Y2SOW}!2Ot0zMH+^L3W>k)D(s{k$pIr{&{wNn?xl1>&Xe2 zOAhJ>`R{wUupQ&wJwF<@UuBCZXkfnzbkpLJGM{;b=WD=CA_*>yRy z)a#WG!g&|25=3OMd^Wtc3yC_W!2(;B!^$9K{}f!4_{c@=y?ht7(qC5X{L+WmGW5y# zum?d-p-s!@92j=Op6u>R`YQ(SY#cL_*B8}!J>BG{AFlkVK_kWNyd2L!ukV`bR^&

        tVp=CX{j$&KdWmLASB3@Y5Fq_v1K|2n(!w63owI0sii5 zXHqQ#90d*?tO=T&k%&{vQLDdyCkPosb$)4pt?Dn-$$5O?R zAh^@gf3GPy9+_{X_W+0No)k`Y%M;Zq>t+hc_K7OFGBpiilkX7IdEgMBMJAU$lQDTX zr5oA1{V5k1wb^x8ob|jcd9?@hT)y{XB(N`!A3lmKfS*bNZbWCRmqEJF7SW&+GjhyF zAYw4=M}6&tz&FCB#J^P_HBUQqH23>V8O`;(pN2ZjbsX$j!s)oc(Bl90Z45Dg|-ltD)l7R4%9#$C~>#ov;%LiP-r8K7pL5JX-<6m)jBWP#-evIG)GmTl zEhMb)D5s)RN6$T}z6K$p%7q@ejxdkhmWcEu|5V4T;j!6sVHV_i5I%E-Gf7vjW{*42 zG{={3`e3O>W8(#@h3cp6El!v*x`(wu5R{gHGfR4Ob8(~d2s8Wq@|lOud6n%Oz{q~; z9-hT|ogUv8e0Te(qCe1QJI-Rv#1L($7&5c!q48`+jMsw(al&%lm~uzcWn2|&@SB|@Ex#ow@N<2SjJV6JOj`vA>D zE_SNE0|p`OvU!b~71@4C)w(0QB{qA@MRv0R{-3c%GER={FWidP)!2up`Ob|HiZ|xa zOym%2&(Alj;PGXT;%be3{s9mO%1F+2tL^R~rqrvMG|+D2Z4$1A#~0|U!6RUO%1i`I ztY4C`eMcVBPw2cJxvcv(4+7*9C`X^})bO;qu1L~he)NP2(E4NERs=An>5WqUzF zqlEl8v=!#c&xp?<$R$o#YA{yd=oVKo4jG$op`wP_R%QQ_h)RZDU*BH|AuQ1q6Kpvj zMJBkc_^3sP@T(HB1kBw5Em_PwS|m=sc6+bETYQT52imi{2tf|YEMuR9hp*m`NP;-V z%kFa&hU>lNN)%a9VzjaNv8;f(B;9rO=uBs~&D_oJbRxU!Ni@k1BD#O4XLZE!$WJtH z60{W>@Y(LOY!n?&5qYrV&aoy`@h28y8c&ZC!AzXB(uczkhJAuSwOvT)mIo6L{;Qi< zS763LD_tVGmnWKa5@r&p8OGuPQXfgstmBbd?bdf{+{-ARqEL0&p=BQr`Z70URybi9 zxp*lX9~UaWiw@g)9=*aRQOoIh7=5!9N|}@QXC+lBP$U~7upr;4VAX~l-${qwc zM6y=DMLu3ZBBJ1gI7m^3sIy#qXWB<7u|Kd2_o|wQOSPF!BqRsA&a#0zaJ_u5Xkj7= zT{U)`@I@s@M;)(9gjS|x26xE@zO9FHV_T08JoxHvCy5iPKQLmq22y#r!oCVW`mkc_ zjQkkT#3Xl}43B;J2HTlFP?rit(DYB33GBbcYQJE)7v(kFg(%z$Rt}3$Nxai1tae1$ zkwy>&E<^Ru^+Feqh~M4m(=zLTAr9jjLDR4f>cS+F)!%f6?_Nb_Q{1A?SRcu{i*j*Z zw9qT4-;xJE5{3x1)WE1kMJ{HkV5EcrceU`qXCLg{pL$xn zj#}GJ<(+HvHD0wRs!0wPV|K8vQYT+!cx;G_G1qlf-E-QJgI zW3Gq?K-m{B-U<8LR)AT$MSq;q1vXuz{>X&kj|9wPn4N3F0A28a*Um4PQE6UlBGWsl$7Em zoqLEAOn`rb-G-#r!Bpny*u%9oYC`ho#cdUeg;^|)p@GTrPLG`#Cg2$41rO;rkdwM% zt#0Bd83KJhTb&Q8e8-*$i&_l2rBno%S&o`8-<*hS#Q~+$e)vybl(!q*Afnf2WAR^| z5DGewxsmkhZwLF!)=|*2&2_ zDDImR(YNo7NSja_7R@cqL7}5l&Dhw8a9aY0xzUOM~!x!}t&AKZ2e}gAH^xRaMpraj?ja{xE*C8>>a0Mb+K;AM zS{a?K0QMKU)Rn;ZVh7QaUSx>1rKsdU1SD7d$892;o>*yki{2xF>hh4%C%l~rozqO0 zYX)ciiju|OJvDxd%{FVm^Oy5uwHM5@C?o>skRhr7;Z#N|{P90{71Hv532+!7)$?&j zL^N5-+K@D0bEUbyGHoV;XB%)X*jw;S#wH}A!QXfjd5H#%;$cN@MtfYn;iZh+z^uvn zEqJ>3ulhJLv_$u0LVLi3ubf z%Ca^Ce~yisdtNR~;6QT~?|=GlcmH!$%DrizXxxJWDeh6bDL`q{gwkD@R+^g_A%DLh z;PQs_5Q@tRqc6(6nD8<`sqq>VFYOxb&Xe|O50#arD7$0O@WZoKr4@tm-Ig|oRK^zj zC-!3A{))XU4vmeU@Vp|;|NqCzqL;UG;w|w=hRKA2l`7DrKQQ`6Sk*Tg>1gP+(73-` zRHRo8lk8l;%P}h1R0R3?=DZu{9-Rtqr4zTokkSB*OqTB-A}6$<{;|}98=&tqe;yo@ z-$Wd?hmCmPqV{id8+nqRV!&c60ycu)!oL>{zXvq|{ldL7AjA--8+wp&)}lgZB~YX&TvRmwkKWxq6m87` z5KSt!CgQhBaDB#>@%OSI?{ix$N`_hGW=wb9Fn%cUaR@Oq;tW3KSud(GcArSwQAizz zK*sW7sA}EcYs=eM1G$zh0+sy}+uO>$QAr$;)M@NYRdRMCPMHE90TJ&d5(_#Q(w_{? zI-ezMpK|^EdEKS2>?*uUIx$amEy2Mfj2|%w-QG;zy52Rk86D0(j~1chQ(@Oc$Z>8( zTwt4nzR=UfJ%Vq{Fh{A1+4&uE^{u8C${Br!tPBP>*;b)Z*N*Mq#>mN~%1IJ1`i~sL!P+iEOYQvjVlntg4wpjm4lVL}C3B{M9ki-3|2YNx3FkQ&yJ+ z)eGxSqbKNQd=YU*ZD6I!mna_Cpke!rR(&)@c9R8`DU(te-CYcxpbL8Ygsxi|+H(F- zeq1mLAP(qbDK6}jG=>L;TS`X2eX)Uvbf#mBk}2M`Jzbb?AYY|}wk9^`iB4c`%Bf&4 ztH+HsTzIZvdO6QH6|G)Q-uU)nzSqdm^#?0Y&-3$z``$|%OJV3YR+W;G-8d%~oL+^g}< z=9TKM@e5Ud6Gg$JgAMbyPS>)X=i($&QeGFp_F<(|?6V5rx~0rB(gN+(ihdfJH(MyrZmBiAk>Q-Q|&>~zGh z)OPYBl8Iz%^VlIWw+MM*O1ogW5W=Z>V*1l0 zyEwf=i8e82mT2Z}Pqrh;l+V@ad z@ov!17usiJXD&p?ey}QgdSeb{R@Tr(01q1fL`Q&RoV_1^1LG^X#rT~o%UqCFrGKs zn0JE1(%d@0sg75MBU|2Osl@Yx7%4vLHH!3j-K68e9{Tf>d zbiNqh&Q}Nx#J*fLN{EJ(7*f>v*;ycFh{j5yYr?T`{NAho3%f8Ds-C7{bZ09$EDl!m z335XbLTP=-EU>VtDEzZ2@Eo?^&bqkOyE+sNmHtS3^dcOy^V~{&{TI=Y%s9;9PK+yV z7}Z*`W*n2E1O^r>=E6*LVIbf%WrwGg;m61n9(wqTPa?LsPDv#?7m4l}_Haf5^8ER4)F*r;YsrfboToHJ_`#C)%QUVQ! z#hjxv4NhXFvE!S7D~gCl2qw7JGs&y1WyYu8AO-9!q;zp<;1SqPvf2v;?e^jZ+$1m9 zfXEth?tzpi_}TzdK&-zAE4m%b6bIku?PnzL%E@L%2)7!GzriISn%JFS72(}A=>}2C z;1fbq_6M`x*xf*S+o?W68&h<@I8JwHJv250&vbw%Zs&MDk=i}`Be8#MU=sK14Wkc+ zgfU)|tqqQvq*8y}5L)AbOT-^IEVQ)IaK!iyieL%w?mPbd5lsQa9+MX7I+| zomBl9lHh+%`~{QEqMWljyBgWQKSc;88^=giR%$v=c})?9+DzW6fBhn5=r%(#B@USz zHWSRn;d4wGY(MDH8mUY{+5d&2JDKSq^Nf2l_immJzt094>k&e*Yq3HL;mp!9k?GF! zxznkZ7Kxyn;46jO2Gt}XvSR#BcOmhPXKCt`H|;G^*R0iKPHT`sNWm>W8Wr>(jF^*< zz&S=Dwm+rBWmMQPZ9CF%U*3<8tEn{R$2B8n3Fyg)*zU1YL#~N(G!~?n4ENXN^+U}x zsmd0%#ebYj$3Y~5e<3zM`J;go%Ssp@5;lXg7gE(uKDcJAA@ZZYh9c6-0bwCuB_YB! z4DH9-)*QWPqsG5G2S*aa;UwzPRJ!r3TP|~}Z~@`WBdNq;0tso!#gtBB3g9hBc;L95 zk}$=JBK#=S7a{u((}nMb$*2Yey6{uMkB9dK!fzaj48EsRF%9S@J0(zA!E#I7;+x~T zF6Tn9BSop+r;r97`$TmYkiymmF9LASyEpyNbaB*QG+g4@5X@%i<)NXe^Dr_zQP+YS z_d;V{GqlbiOEX0v6U8!eqH*MoS70s9Td6%;Za9LnCE;`uvj*dAEc_t?4zpNfOoQ*b zU9Uy#oLOY2Dl|dXFxog_a$rBsgfTnI^dcaque481uUxe*qK+Wq8PJ5LQHIw_U;kWy8?zUdZwN5A=dD}r?C-ppTQ zMI22!97=sHbX}-8w>;T7@m*>o?<+pixzjV=GgYjRbUQn6DR~Hc@P$6YQ*z@-Ew+Xg zEC#?o)luA}Zr2>Kmq#<>Pxz#U zz&+c`3o7*FJ@zJl#2Y_;EACJfVv?^vr3*iB?YiALJPJoC3k~M?AC~1Hu!EF6^Vt+5 z{4lGGsHtK6p^-8~3-H)KHq!W~NZ)_@d{B%`U>nVAS6&?|N6?Yo5!J$clA}Pvq4+xC zU_fL|lXc}DEyNK>wXS^sD4Mn-M%N+1wfOYT!hx2+y|1md9_xR9mHd-+>vy6P*gI_? z+RnCnJ5=TLwUk@fP0De${G!>JAKML!q?(7=5p$j#cLI{i!PhZwAmTz zSf9!eLzZhUEODZs>EaXeO>AR}f*RAu+vLck_~UNduJY*{pexoY>Uz zN2EVFi$`6~07K_FTFJZMGo3w4qgXC&(6u@yDB8v?+%rrNQOxf9|?J zrbt^kDzFYt+DLF;Tfd+?X7`2)8&xHd6I{EcHs{DQzK~Fm(u}085o=U(-R=$jd1V-~ zj?03lD`_dOanc4+3|6X7K}6qXntEZY!W30esZ_Q2Bpxm?z#+TeN7wy;B?{FaCe@gi z$yTs}eA$?AtmZ&JkiL_eL{m91n1(!2v>(=?(ruzLmh$yMghFddpN*>Ke-@>X4nMp6 zt47LdO#k&>ErM}f^yrHQ57MQz#gEYndB z=vMKd;3_obre>I)k1QV3IU*Bei_SQ0gWH$|XMCHGoQ>7v&(3B2j@eE+=rLu7$_7Abi;rQtJv5QV2Go zA`{~gOOh}!j0n}xUq&S^kl5g2_kPqGkGs!xdhkaD6d6A=!r`lwUsR98wNZ<}S7gDp zF9zk6nv%=mzqp8ZujhOBd>c`zRLUv}OhwW;u)I*Nh<7Lgo~v#+`71uDyU#4#rMx?D zraxOKGFTpqYdrco8vPyq6`G{FY)HR}=anue0f1%G?~q6mItiqZ5U3ra?u5sqzP`fP z@~_lh#6Yi5CB>wt1l&PX|29myhhYgTCM5j?90O$^qWpqjhn!CYD0(+r^dAd+9S3sE z|3KaT;-mGX1D|iZ7&TNzOdZ@!f7wSAMfqtE74?brLSqlh*44nBNOfW0&fp8lBAl{m zb8_xyQGJ5sbTnz0bEymYgT~iPHTEYWmf&~HNP+%C7rLSG`i*m*EX7J5duUvPNI)Z2 zf+s+n9t68O`W6)GU;KfQ6b(ZUeo5AFv`XknkcD(*A`gUNXMz&zMGC1je$?6Ow0a#% z9S_bY`cIdZ-A%>zGmM8D`amg{vA^lj5O-Y5(WMVvZ>^5U?Hy1G!D%G^Xi01<>imUt z_CjsZJ2D`swr--p5-{il}2AvB@Gu24IL(s z_Jue}S?PGfRmS?}vQOff*Mz-@Xewf~1EWzJCiKIjFLSj(Um=hy(D;PuGigZ9sE1c! zByr&|I+K7G%;_423@gY%M-_oBbLJavnR`l7A6GB!xQS#{=$Sx#y>CxOqh@k zYVIKT+vMy&j@&jZdM>;*^seM|yS4+@sA=0bB)$`%2hB|pF($?SqA?mb(zGJ-0Po#x zk^ruvr>0QAVmnB9K*Ke(cTuQfyxJO6pn)p3lY2FB56537IEP7@c`C{UzYK? zeb5afd>Hr2>rS;*kbE4mdU7?xf}?(Mgh1l;4vGtZ_3H8WNjFB6PhVph#(wiJsj4J& z)TIqWpRT%Zy&BKFmqIu;8OD8X$KbRGwt@HwZC=G%MXow-XpAb{K3OJjyGRdBy9e5hmEC*6pJ(w7JX@CnNk~FX0xUpEW*yzne%G`|03;>L zQ!DvE1UpKkx$4sz~&;*5QeCcyhA04F;7@ti$LYv%veN@(Q;1utM=^wm+aF9ad#E2?KuRWZ2BbG9lEhxx;Kt~XvkR$FxGot1!BsIRMv z=?I)CJB=Cz+^FCTpNwK=K+#o5yX;z$x`Yqw8-um^jbqDS?AY_%;ba53j&x-s7XNb| ze~HK)!FalZe5kSIcNMK5Dt}U+5Uh0p8H-&e4EjJ2KsZ#e|Dv4tH84sjp|s}F`#7gN z&jkk)Hfc#Xl9V;6n(bCmws$K0we7KUWC^b-G1$GRA98jci|HqV$yNi9Juk45ofU#f zy1Ge-(M=gfYsrB`D95Zvl?pD$YK(Rm0BsmoE&Jhz){_^{nnAbw%fZtp-7fy?>A`dO zSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Q zd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4 zsmIax`t*zzhNUO1`9S*PjCCe01sIJDhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@I zNV@4sXX))SZUfk+^b;h@J>cr{4(w(L)Y=SD#1u%fNt28hFx5Zf)2b=^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf z*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qay5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58P(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_Et zUlilu4FpSEIZX0EYTwrTe&zLWHeE-n&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24M zf`w9(+NEu8wm%ad>5XM$c`are_DRX27Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p

          !Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBw zqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*i zWl@-?iKOL*bGY3O_EESe(B$iMZpEslq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb z{X=U!C_kIObn`ShM{kENL(QeRZXfmIu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuux zX+VY*13t08QRA*LGJ&wKzaX2GrJK0pzFDALDe1^0Ms|&C^&%%>M&xapECA*9>6))p zZrAZ2!MJU*l35>+o#v-9@D)%bGw`KZ03RbPCjC)59HKuBMQ(`QOS!rDWkF~!RnpdO z)lgu!#X(20cYnAGpwU+~KP@ul@VSM=jnE#Sx(Y$y) zxLkHTPUxKpdK^T(>1m^W_%0rgQDmHsS%F1v8&=ns9nnutw4)#fbW1?Ho{Np!m^{{A zdXL$+;|m69f>mn3N1L`@}ZxW*0pfYG~4c=W!2 zuK3*@vgwcixEVyMH?SrVtR)g2-9`^|t^RSSR9}E5K?7rLRz6f6CH>)ofjBr+r#LL! zWg=GXA!-g9&f2e0>YD-{l;_+w^nKQN6VwF}O9rhnssZ*N1>fmiE4e(%6~&J6&oT41 zgJ)s(PW)Cmocu1iT)@e=OR}t;JDAiXSxmw97YQ8)3;U&g&ItwDmB?8^|4Y!5oj(S} zHiW5)Oj|o-G7Hy(hNHPyt1C_Ml0^NRI0hwWKtWa*ejW5yt}<7|a!fhQ8MEu<9LucAy zG)WWXFV;c)!D1Hm6K)4Wg!IIDtK6~T-M$P|L2Lw!9XO3vg8jjO6yL+>lqyn_juAcC zl^cQOP)}43Rdp)z?yivDyOtqB0roQ4U~V%-VXT~Y1cgfi-nD~%_~&ueHoJ^NM6$-# z>@wmeQX{$VHmcoseWu9v;8g}j=LFf4q*6Rqib=}rz~Tex%F!~3M6?boR=1WwdHcA~ zoRn<-t=1&g$~pRM1UQR^>9S$Yr+4OGG+n`G*f4}tDeKrjVIT|q!FbvO z)b7#+V8Jbc;ZpqSXYSZb!HccC3Y&bW%ICN2Es-Ds3k1t)U2u8W6el7fRL6}J+zR7Cv#a<+q6dJ_Fc_r5e zgP5~3Q{_5UuTAAFI3{)MF{W^M=g}G4Szn_$b>CG594d!^S;x+RNyEEZg%cg?5G4n= zmLVxX35PAuIb0)=+)rWuoqdV=Npfv|M#7OwSQmHrg^Oy=VFm;)UxUC0Gykrtj8Z9G zc5k_nOQnmmYCqPT(KzD6J(aFtn1zc?7PSSMjTCc?w z*m*{wK&lugN(}mi@*Z$Lr*J%217kP04By^MT)0p-RCavpdr_fuUDLkE2k@zF`+8U| zHuztm0zJ(pIIs`8!fkw-z`VOBVLY7D{GBG8Ee>03*pFsi%5eyfx6F!8y0Ci>f;X!C z*~2s$&irR0AtB4}EFLk=9I?i^M^djAEb6HeD@j~@4#S#KI)o|k+8Rs@`<$W0PckHg z6y?mCZslZ3E!rjt9fdcZVOG3A7k(!Tjq&wGzs?MW%Yio#la<5H`&>CDDqEc~u3bo4 zSEpqjA=XVIC9-g3T$5CJCD2(elt}Q9dh6OVckoi7QrTx-xzLBOt>YXpi7G5wyKXEl zHip>B5fRS9>{K0TZpyko&5QGUA}ILn8d{+mf9|l)!kYb=(d05{TZ5~;s2u^~gAAgh zGFo3YE8c%Fv4@h0#tL2Z&#^1!RLJ4R7e`Olu{u3;4ze$Yz;wb~$%Nus^q^UAGGgZu zKpvyG$|5||I!u9UyIBX^_cw8=jQ_Txk=cr(I^8&{%(TUc>g}4RqNpWpfVGm;%NzZf zs(kHO-`bT?QYK@|M8!CkucoS|wP^9|l6wML#}Me{R3B8XXvqiFP3NsE_kES+F-s!q zZ3fX6Ej$PE$0wx&VTv>RLQ%Of^qB_@3^-+0$8nt@>e(?tlT04mat>BjzuYNvw{P@Z9 z?!n*pUmX@en&HJ(al3aB-v2SPfbD$RYpnn8hwH!?*4G5M{xm^8jAH~5A9cVm{Lh*{ zUwC#@HU|#QJuk!c0;U?{Q9IXx!zCicXmu?1&SgL-V7R419x=^l$h4EQ2np}1dgNU$VI`Q~yT=VLvs|uqg7(^G5l3gd=GrJaA?EB?f+YcvH zi@~I#c=#>nSNDoEOo02mQA`U{D7JQ|wAdPLUy-49mGNrSKIdIP22BpE$liy}L%gu8 z6IyIgY6l9ZlXQe}SlzN7%v-@aR;zN1W)i-Ox)?gu(0K#f`FI#l8ud=6zV@cId1PUz zHBc97`PlqzxGVoyt5`6sW@%sOB#h~mFjXeJX3k}9n)ss5U^+Gzxa*1Y287U*1I~`j zHDNOSy5Wya^C~{M^qjydJuH!$KVJ0{idw?(Vi{|J~l)+`6^@evaRK`>)#1 zFJcE?sjUS2Q(zLaPA7O8j(}LAZY_Zx^GVS7VMvc2Vh`;&{c){^5sBkj7N4F?poRW- zu(h$d+k*euYqEj$Fg=-E06WqQ4w8NwnmvtyCgu?|+8ZNi4H}QU z7_d=?IJr4Zf(GSvlvnk&zW@YEtQyY9@0znIVx}0ZBq^ElhB0O1BDKxLz{lbK zkAO&flaLHOu;4l-PQD9ZS#iMlJDW_#o%QvLi;H$hgKekTDV%KjFkgRq@aW0&!zV2@ z$KO~0)pc5XvmhL!+dkzO8HN{_XDY;yI5Ka+2++-&?7+FKEI=8+Cb6x_UMw{_OoC~B zz?!Q1{$X%%SPy>QKRh^W0*v1eUjO>yx7We%`>$T@KYxAj20n?V$lUNw48p*~c47MBsrRbd&p$Qgi2r6?hUeVA8rI>iDxr)ZX= zBs{IS(HIX|3IWx4_SQu;)4r$Twxa1FE^}Lg1+R zb@2-4sTQK0rxIV(4JXBSY)LOMBY38H7oZ(bUS@*Of#}7TMeeHFhM}@!{c`Z%&z=Mg zv=_rU+6;2?Q(Wr=qm<*KCzNj$H+BT5gih!)Eh1Sy4!CF?%D;2PXZUJ?1j zS_XOI%w2tDCM-{iv+OMEO`-5Yao&{k*Zn;RtlA~S+!j8t^{Hlx)(0L^7^eysj)fnd z`-c9cG*f|{aX|H0z#1=Ufr02D5SqV>rEwpWtg>dy_4d;p>uVQE(+lV#UFeR1DO{ya z0V)kx#HLKL!O90*{Y#Vkk1|bZPZwW{T@c<#hAg<-lw@plmECSittt)70Vi=%$aE+K zIAoPp-Kw|iLdQFUs{Y&wg2(ZIE>fW46g8Fxm~!n{);JG3ylo2C3}TSgjHO!V zY13)SF}rV+VOq2)I%u@wWHM!k3##*>YA1@(Q|IRAOYzaKPkw1_?|r}1Bt9VrMqv{7 z-$j$WosRQ0x(ccWe0`@N0u@ zAe~y4cY|PR%}G~?w`;@w(pFXZ`{ZXFDLeWWmfLwtif13|B2AE4NFq0ByWV2jEkv1%7Mq0kzPWWKb*;Z5}&V2V6dr(Xl3NPDVn{>69) z6X85J-p7m9S)$isLWu(Mtw`EOpf)Kc*45KjSsyv8B{7Z}2s);QS@j{{G>5Qy=P(xi z`X~P+pca_Ty?q#RerDp&{7;*Ke|%^bSOw@T%tk00baDKMZj{BN%05R;c&5h0DKlNP zPOqkkB=-)7W|_|5eELX6 zN&*NNz#Xud9rxm)aW{JCPR7zSzbarZ`Y|Oyc8S|`uJ|@SE=ihRieiNb`U?D7ins95 z&dNNis237QG=!qZ!USvSYS|3~n{m@r#ZkPV0zp!BxQwGg)i}v>0RzuqOapCA!wfYT zwJHuWZ;F~+=jve9uf8DgPbPn5dR&)TP!=hnp2IH7Xv^NM1ub{<0zSbg z{&3PqJD%>t=~LB7^WAok)|^ufH081gRHYHTsTiJeyE#(!cGrZ6CagDA!(Y_a4V=@C z05UB2KT!tQ7aAR#EY4BcFuVw7c|gk$*|rMj?(hiOf@$Ii7fq*v?(x40*^zj2xH`%J zI9^m4(U6T+h-kMyI+)$GxVBwk|t`M>fxnA%2BR)c&AqPU6C6558mlQPM{x^y2!? zy-*A2@T+`nOD(+Ow3@{gnY$pIJjVXGVot@em$D)c-KUOQkk5p%|6g6iRHI+$ ze2KjJl;x%;mSyZ>Da9sjk;k{Ph?opNk!qdI10=P zFtMPNWrwy$gx=atr@teQ8ikpHE-_|W`8l37b#fEdd{Llj&ZMP>RV*=y8#inFpx;H& zxDdn;ON|lTu$6kPJ47>^}3;*l5pM3awR{f%B3P(q^bdR=xazb{7xem|S`j ziLqq_Hphn@bMe1~%OWUZ2^N263pg^z^?6MfJ=^fMu>hr{bx9s{y_Lm0rprK_gB+ED z)?6R!s?MFbW4|*856hC&R}f9Bou3qR(4a6pE6W)EDc4)0JdqTCGAE0h`lK|Gs8?%H z{&_QLwMuW&7don3iZBq)rDvDTBvv0IJvZBFXeGK7VB-(k`uIa{5z4G8N~uQB!Ab7fZbInlP+| z`B+i|0BxRh@ksonlRDPdDBv2s6wA3h0U{%C25?s=)h=e>j8FXTg9ra7SpVPB?Yebs z7fdtH(--5GvOceTFmUWbh#m)S&)^GP{{QQy?tji{hUIaEG40A$6ECpf{@>ZVx9RKu z?`_}a|NAVz^83GXKff3+P^sD9yw&XA-t%ASJum1?xfF?}FE7wPj|vTbp5NeEn!Jl< zW6L3DMP29gMn4MB)jJRB{8-B9tyuSFv5S4K%F~gdG~LeDoNr&FM*L^eAV13yjpe)GiOz#FLL2OrS>+^0m^NO2i~essC%-Zh?3VHq|zI) z;zm@4@7#m}E(^!4yYI?^_0_EARQK`HVyHgXNL`&zdj!|D8c_cY^={33$4`|;Q;op= z${usuT9Nj6nxBDgg1PeNw-;vXc$Ie?H8x^p}}lg|DWSG zkN@}f^ULu5t=8Nya6bxso~W>KD=OTI3ZGh3_?iU;>E^jQ*FRhNbFR!~x=@y2G2I4h z_BHKMnnF01Z|(=i#N=onp+Q@EvJ2G0i`oH4aVBn?X2CF~S(nX^2tacqSCNWHoOPydrNl_7Y8j zCdEl;D%S`kg4_(oL##@J3g_A2BA_FRl71AA$~MsD1EbP)~p#t79!E^9=qa zbyDyzE)*49UKYFiozjz-iapAa6gSG$t_Cm!Iqbm^MG}HEG*qQnehPBx0G69}PXot2 zQELpesW=~w&c<)@;0@Ml`az1iFzWw!6#U&R7k<^Ymf|6Ume$;&N!gQ+f)4s7s_gqs zq)5I3ns`)toi}BtF}Dv#_?nqdDIv(KX>Ycg2geT{JU9-J4&YgKKsAnW7;m88BV9Tc z>u?3oL_l30ueE~)lEanm_`DnE?X_iRqe|SA%*mb5N!grw5r^)p1PJ9bJ9Z(-BepO9IvRio7#dUgH)RX=T1pB@Ohhua~u(;A34&MPKp2H#fT2Ibq zh@s?RG?V#~_zN9|Kn~)GivM4$oUk7HoGA;v;GN+=7?qR?0H)1G9S1%~gBY@4SMQ~b za`s4|!TG5itLgCSgXPj8UBHBW9WK&zPb08>dZ;G4rGQaVgoJLZMn1)O8#vpT$nMxj z&f^XxA3&P)+Eg!=%k-acVd1z(VfHSN9?)SQfxW#Zw({^cmd&tz~loC2$1Sb2F2H^ z2sST&d#&VA<<9+_rbFnK=!1w@#}rb=+zzg^96y&t3Y|vj1})Sa;5Om7sJ{fqMC6Wn z=oi39wK+o^;w~q4ad%CvqLZKOWICk6fhrf}pzT~vJldtE=0u};^K%BGzY#_?SNuVa z8I~B4kbEG(<96@_#sCi^%8loe5&_T&&}R)81TI;0+*E=!QK=QxUsuY?5f+wRAoiFe zGfa$6j3&X|G`oxMcwF+dT|t(e#aMp%Oh&Xrs@x;1pdlSE;zN&geMajfS7R8RN11(W z1=49ki4(`*Hm0MDT*tWDu*mVGxRRJ}aGI3lxx+s-v(X?I8`LdOAx(1t%kU&NS2eG# zOt9?>6{w@uVhS!w)0T7sk_sN+|F(@R)Ky{v`T@fmu3jtkZ)a;pJBt=c{cj`fVKTfN z^(B+=opL#O7tJc9t|s3Glr(Izs$|P1sTvG$Omd>UigCW3oNjEy1}2L+EXTe96o6Pu z1bIYzf_DJRoumr006S5NE8l&m|6QJU^o1;qW*2F+bycc}#3Ch$HIM~dTL93Ksh+`J zRKUe;@W9$zXgO;{v!=Dcwl9W&f-ejx=6lGE++GjNh-XqdMu~3@d zu@l?4<`%5tWsTf=!=+;FbX54WX|Z6oll(^7xycCe=Ru;cel=AK`DX@V)|M`iCJZz? zb$whUQJJch`5>s{;8s4+)62T|ZG583hG@%}-M$$VEmQcTM&v`|ey!)uL-QM!M7u7z zmw=`kzto+$ktnJxjH0e?% zCM4#KTx!(P1z?{N%Pyzxw+F#tGgQdqnLuop8fD+on4US#?#&PRs?5Si8~qz?r6gL~|r+r#x7sQfM+- zbg5Ew#|=nvb5io<=%}PZ&TWdxUrCn3emIFI-kT^FP*Ez|mk@`BDA45$R%M4cK4Fq- z7rUf@6dTJ)C!$_h1@NfUT6uH3_?rh{HgZ7NXQwPTmcKNW$~(P0N@aI~nYaA)C{na0 zrkvC)GUs${mZL~9iimTfs@B$2gufvrK=mS1R>ShH;KsP)E4K320 zuk`biovZ}Ep+B{y`a}LtiF2?nO53PZe8~6hPXgeOb7DhX)emcklvzhuUCJLqhrQT4 z$xSS2N*KAtp6M!?n8~%+R)?pP5~T@{j+R^ni$qxLt)6R)7mrF@Q5dv3E9!ImtN@Pm zB8M_k<__C;7 zM%=*C>?GCT8{SIv1U8vA8YmzXcw{F zV7Z2NC2V)lx&rsBkWPm9E#jP6=Si>1@A{)qkBv}>5Q1|zj%c=K*g-c-D?AU=Y@XZv zdpUg5@Rp{o=2BNZ*=Qr7v82mDb@Gj45MxfE8-p~~D;IklsP>v!EqpoSx_BcVggR81 z5}?ZB+;QcMEBfbE(kWxAk}BbJOu}9|weW{R&MK!!m9cJ#+&{FXGdif4k??GkLPsdVe6&Q7p zT6*vdm3#2LhNC_$=$3#15aYOYhaVpwW9c93iI%B4@0)?v>367VHTp)f?L+7M#wPFK zpOD}^qk(7INE+|7*eP19=@OIZYfrMf7q13hvSn2-H0?6i@v@V`49se z95zhvT(u}SqN^ySDz7OSn&nqQ$2~OCf1$VJ24lfWGbN@HJhGx`efK1MXNj-5>BmuQYgknZZZc;& zUc)64#gz$)Hg{}p%ss$Yhh6$~X7wlrmiOOn1(#o_??19Xf~>uG1d4n~dz*Nv;^vNi z>Z~j5Mk;D+qm<*nbCXve16GAF z%x#y=6@D_?>!_eT{8;H{RnSLCHuSAS{nI=Inn4 zwTj4q{3(Agl9E}RYDoq!8Fatoh697K%$8~pO=aD4?ko*h9GW`8aa}3VgZHb(^vxZ2 zX2B2g<&X8_n?Psnt<(V`S;vxN@#!g9`ojcniaKh->5@|pbU!?R$EX;us~h4jEV)%H>UojQga7w#^!NJ`}s>IB)vyG*kfcdPwYIvE$~@u@%ts zQO;@SSrS~2ln0)zk?jS}H`elr5}&SKA3JoFOJd4p2cyG@x}+3ByZsv$UOO-mpNNvU zDGS-IE2Al@P3QQjJL9pr1W9*WR*R@pr=qO&sym^Wi697|JK&-_daaF%N~f^?)kK^{ zcUO0c-dDX6?D32QzLfxo)`PhQg6pcVNZJUQ0&3^Crg#H7%>1gZ7aV4-zgQEplr75p2&@n91A(Xr?4)*UBd%DD6-vpho8FYH^|NSQQ z?R)vrt@pxg-CfC(G=+y%ONp;nms!iD^)c4q(FJt*v8%iM z{U6ZnkHO3loXTabEoZ3PmFRN4vHK2a#qmr1T*nI`2F}KH(kaZ;Dm!iO!aQW3zdhHO z-z%(X96TfE@@(!TRdOt90py*V2j=`(8#yOwGjSk;)1(Sdn793ECTH z(kt`3y!2V*g7ce%AJ1c&JrJnJZ}CFMqfs=7VKk`fC*Cz9x92p02goqMQrCk#Mfnnw zxP>sK2{OR2DmqDqyLa)4U_u`Mi)`DQ-e-bDKl~8MGrlXX)ieN^$fGKkZI$B zB80BixATfyiX?$w8kvvqG&vl~ZL>_>$RSn6}lDeGRD ziN#!dRnFZSo^kSqQx#9hvr=5V(NTl6^;&#%T)Yn^Hk+&gS|h^QDcuXNn;MMj^(GW5 z2QaTwbnWA~j*domH~{gI%4crss6psS=E$Fm{r#4^E+izVcu^GYi0g=#uIn4n3ir;? zvM1adg-I^&nE2JrbT+!`T+7`ge~$w4@|!n?w!SpingIyccpY(UhWJ=&Xhiu`5ZWZ0 zk)|d^{Uz5zX8%VCMaY!AOL0zAx=AmOO8_oHKv5MEmFs1IY0LbSc4EbGW2W$s^E4h%;atk;8Nv}8XHlPR15%pUagVAq zu>g*?&XH;4I>16jo8KqC4Rn5_yzGQ=Ys$J%R|A95On5|8Q9H2kHz z-RYDxw^Q^l-^xzkFCi-m9g!5F(#NPMU`a3ls^fdk8a~=hkEt~3a^;{m1}z?-%1M^~ z3z$OmY)qX@Nx;%em{p-tJpXWm37|Ewg09rPtc&(8XOg6D^?<=#p1*kAeYt;l_~fx$ z5>L`4AYP!SIV7+(F>C-V*Bj&k!uh~_3}wpth*oVP+<4`_5W09LT@zxQ+ffy z>sd4$cGKy^lmS|h|MT9?j-US@{&`#f=d=9g=6`bb^9!c`yjoe`+bTb|shw^%wbQqd zF-f1*7gKeAT|Hrv4P=>oN%r^Ub$jK@Lw97Q-~1jY0}yogv;J8;fkm8V(XY`EuR+a) zy_)j57>$shR zDf_BwC~Uf-=xAuyiMQ|XA&Pe1-{0%*?cg&&$vz|L1y3-rftHA=oRKK+XEBhCH>~eI zQhx(Lki7km)m$k5%8@fQ^Qnqkf#rrwrL6O*pG_4;01%O z1bpm+lWD@WHF-tMx^vZsEF7~_rfg9^%`!8m6*{e?Y8t0G)`Xbh-9(q&?=OCbvx&~L z8E4j2QtAb2IDrfVNo3{BP;TZ(Ia__WdO*^J@#O4Oy1muv!7$)1#Vz04p}*v)uYDWG z`?@E|9B0hs`{A0kNQ)s%Rnqxv@Ckoe6St_Zyag**LV;~Eo{xA_d?9Ljrp6XlHYV}*T$~5o~KXK z)3n}n;5=52geKVy>bRo}GgzOKrg${g&PbS~#0Q!jn9r+#V?jd#AY2DCP;_Rn2jtv+ zurK+s2QeI8gfq?ygW#UfvI4@qOo6qY(OP**he&bmfVyW%G-;3GewHGS-G&ukkCN7u z9~s(EH$4D*i>`5mn{4@64OZ7KgVrO#`M33z z4~)r|Z|imI*qZ--!a6Ho>+eSOKiY=lmVlnG|JmN$+}-x|KO6UM>py;$-(3BV-p?}(vBLMF*p53fP@xn9G8O=CGj+Mq$@la8>J+GI*#*WJ0y;U(~>bcDuV?%%}EM(#$qLuWGGk5 zZO%Y$D7(1=MrputGz(LlUui0f6PxSV+(2q`4a-SxUO6i>srhrdayoN0j+;zqUNN>S zCNB3!cE!}?^T%?v^yF$NH zz`3JTJRS|iO0HbmcCD-%1vD`})Xw`s1bjW7#yC-t>h^H)NYJ|43+pI1M7=;?N%9I6 zrtQ#TV58!5pjxP~buMiNVyP!|lSWKgKnkULE%Sz6ld_zER-OUV;ZOY9};S0ppfESf$C6`j^^}~DW+&g9F2m9igg9bWUzM9S~-XxP; zk5l_mmc9|Q)D(4NCI6ed;#8!7SWfIzHMSD3SCe?>+()7~En9~@@UHoLHY@4(b>9!*@j4QoJ(3c_}+nnq{5}ZcxJRCNQvnd-@pUQcnxS5WpLyE}j z*^DM0hB#3bau}pDNY zWk@MY-LZ;N#DZ7%=U4}VG^GHzQ3@1?Bf~Dj8C!Vc356B*B2?_;O^!V*oc11N6g!Ux z6t*@P#CRmbp{7WZKr`&WLr3*dn1rY7J%&z)cv>972O}H~IRH+Yl;hBAWkICG^0_jb zu+w!QZj9k{KtBFz?a480g1%D#EI`x0PM;^_h=atDI0Q{_IXje~p(o50b`a`T8XDLt|E zzuccAJ4)1Cg{0+%6kFp$Ndx~XlP62Rrfe+5euEX^cIU$}5y_Rtu3Tyu7zOQqm5~*f z5tAb1sz2v4W0`n9?dF~=ldfdwQ=5V}x+7v&ka2%E8+U1ho&om`JuFKk!1H0rMCT2l zjKQ{S7F@QcN&HVYCGZuwDxCiQU_i{ZO?gs%RkVvEGim0ES&Zk37T%Y*1|`YN_(zGs zoE>fk<-(odTmcgcxjB@WpgV0lEq+>R3`=xUlE%0w7c!2Z@+=STM(@d%pWh8Ifg$@| z=$PdGG(#2=eZy_!YkDxrG7#JN?;OeYTr_dFRNq1~e{+q9=`S9|oicieXF|E;xzwr_ zGmk8j9l9t0;LKRj-iBULF9iol&#iJQ#tEU4sX7#HN-N5g;auy~i4jE#822g5DCr{| z3BCHp8L&cNML};0He^z#9i)Je*#o2iQ_L5WMIdS9-0LZ{wl8EoCbkjrd!W!*qdiW9 z;UbQKQ*vlQhr$(zL9(EQ=wU1FV;Ewv_Svsa8J)g8^(G9a8M`eZXbHLpi1wAEzU8BP zoeQ!VxG<~>Q@tp^E4^E>y)tBZK7xbeqOzkds#hcSi<+2Rg8ykH^<9yNEEgKROdoIQ%R~!#$zNt@JIusW?EfU9o}~}UqXw7``)|0ZP^}sS>+|) zdhPLv7VV>rVfRgs3>GRvmS^eKMg=h&DLahv(!`7hWLa7HfPINssX$K+y32^kZ@Y*9 zR!JgQA%9Q9TncZVg(z{IQzZ~tCd?;BCT&WD#I6k`sl`+^=}*1c)^4Fk#>6D8{&x0? z242`H^WXo#NUCr1cQf%{gM0{YvdE45QojZHe|9$Zw!HYS&8@wy+xV}~@hgx2Qv3M@ zbN=j4ff2|sch3Mw?BBwE+6x*#gz(2hgx!wQAJ^>99-U<%Nu^`F$A1rpShESf?_W4y zS0xhKxG#x>;Gf^)KX-3a3f-m@`h+QkR%%xYZ-nD09y6LgUn9a15Gg*HVg7J3Z(b)x z(#iYranX*C51$gluzbWHw3rvw2d|kKF{y0nP(8wgyYRBkM+8N43<&DQ6Rgo298OP( zn-nzzOqBQ`^jA*VzIl$i9?JG{5s72t3jRetkxzer^)jc_La37CsSP5yHZi~hm4~J< z5-uSP>6Nyh0d76Uc`%~DAZb|AMV=~?s@&094}#8NWVXuy+sI{yb8;qPTp+O*4lpsH z?lhPUU6C$YDEKS?a5F4CD+5DRYFO??p|L-nG*G{gqQHo6t9W7 z*vTK2=gFeikNJ$ha$T-VCEw@jEdPv0d9I9Hk{N7qj;>oa{y*b)bNs)5K`opAb9-}p zXV=gF0N>y8|DWSm&HwxR`EAPrx6J=7^Zykw|6eELtU4%VL$1gVc|aDjM&9>p#cY7+ zX9;-Dg^xI89Yql#_boLt@EZ=j?udi!ssY309a;2N1#jrDF8PcYOIeP4yX6oHArs|`+zT;tB0m#{a=iv;L@1g%;MF}U z&GNHSRT*d&M?+)M%%@pYvGD$Ol~}HTWx`@)R&h_iY9!pv!=dCN?Xd}(TvItWW)M$A z!=NErH9>erb_F9vL_tXWg_2ChUQDuBe@^gaB{|}>Cbn6No=^pG72C|g?;T`JI89JT ze3FmXd~jkVlcbcsmCOUVy8eEB)}FkdtRmD^=0~ZkP z^yI1}psEi6!1M4zq~{V*-cU`+?ld}+2tGldLp|x4nWsgO3N3Lrn&PcsO|rw*LhFe| zxUAEt0CmkGs8p==l@AE~@{L#vkLqRi*qgy>xj{8hti&-7UAa`&8ATb;!!RD+qVN|) z;cH{?br5*@Lr~IO#%~hwk&AIYYzHb+h==UDuM^12;0e9qat66~w6H`L(++Hwg$ z^6FG+9df^Bp2Zh8%F9is9;T`HW$r2SPW*Jtl?ShK@*O6;>gw`&aiw7tS4ij2g>1Oj zqkY<07#YBlqq`~Q1D{Jnn!%sTcFC?ss|Au1%uaPZ8e`zJot4z0PzDV%?-J=PV{|&mgdv-l?SQL18+Zn1oPz-o*LS zu&v4sD&D=s0s5PyX%^x;peZF&<^zXy{|$)!F~5DYadd1QI#|n73AQk;$#ACjwH-J~ zMkZcAv0bZLx4EUlSEa(}`p(;WC4y|xEKfnQ6ls>mb$Z>7vR>VJt(@3%lRDI+)Hb=( zU#k?SAA++KDSmw&|GWNfm|i4#JuroyD+&E4rSnT&Db<920sO1;n7*Cmrbl!`SI4L1 zQIRQ)Ra8J<=hC$9DDjtQtP%C$`Y&f_4dLS%2Kg*Wli5iAW*-St&q-AZ)u|?iw=&~L z%Z%6IAgh_IrKQManX@@skW$T}3)gT#TnkL;Z7cb;1)3Fv-r$@@KL)m+_oq9ad@MC= za@>*ZjY(=MRq=8Rbe=^zV0H#Lpt;;fs4OA5L^*~Q_#}1uXObYf;1mn#405VXF9fw& zqV*{d7)cz$!yw2wPYhQavk5P-(v6&pg%xui#iJPGMA4~>hSH5sx@5F7rh!{J@EPd< z>~+IE$yF?iYX(}uXfPd#W-}$md|CetL)H#J>ch_`7noCz*Ey>NYQ+jJF(t&7rDB~~(7l_Z_yopw2q ztuU?mjG(s@+Pb!S0oNr4(-e8fk2kTootASwotxnJK0=(oIy+Z&L40~fkJedB^f_tL zb&A)r+vb3)w#R7Gweh!c9*4mSmjhD|*P2Xz!@+>^Qde+j7D;Ibur|VQnb(}nn_N7H zaM_{P$5>a2Fj|Q`wb;qB+XIC-&EZ9O8Oilw<*(MzNcl(f@U1Ii zNs_swVxYkK>A?I2bk*t!3#sVktJze)im}8W@9fj`w5=pjT!p$zVpTf&0wAtCjJ|M6 zj2$$|g5#(%lvBO!(6ADW;sG!kr)hdJ11^|c1%<_T8xuc5+)Rt!!c$m4N@~`dvZ{3z z$nn_>bDmiPX}9g*eZk~qlsO-F%~@4|4YT7eXJx+?(3ckFV4b6E(onCOhOA(Zoq+q* z1cA*SZfNg3?Y?y@+n2J?JQlpZ!#=(@XE%`1bm|y*|Iq>(iqlH-33qm)lb0>SlD_i!U&dZ?Wz*A!1K5ssgb{vjL~0 z4A0Ye5cK1WlWq;THdWHcL@|7~sKx&or{-ks7ljh}inB)o>UyofG$Kbs%-b+cVk(|y zQOl*n6!kLncm&$fQac^HSRwY2ER;)L$yrToBiC#MNe{*klWAlFnyEiz7%HMxD{df2O(Xac@|N7+Vi@&x< zgPZGP{{6psZwp>}`@gw;8~^=Tek%d&JJ4aqf20FsRq z139KZ33bmKrss_<=$TxFH0UI~F!Cf_$(vhm+bV^KBEI}$Ghp%?_hR&Dr!UxhK!TIU zaiX*@+wK20ornto&Kk7|uv9J7=di^)7^bIjU#Zhn%1CCLj7J0>-#^V~~0$X@-e^`s82~D$Sb2U~oe5A!o}$#OZbO ztZ&s?0{q{$@qfFu!6)xkG)m89L;(;=cjxaC>dZCF!9GMkYC4Hp$7+ON`RIq0Q<~*35 z!b%|0sa3&K8xLmaIdSY>NymIA@si>+u-Z0|VV*tu`b~Q?)}FmNm#oRHcM+zAh5x-g zQj@vg-Xh|&+rs21JNnwEQyUHile=a+a?^6twA{Q;Eq?`MfO$d>=vXAF)P8&Ql+tAY zr2w43^F@1Y;A|A&>~ld_3l7YP(C_{RFFn0Ph2wk52uwI)YUmcWVJ6c8f;Z^n3Y`wq zo`qzbaYYVXz_t^rGmVS^rUQ`+BPCh^6sG&zA(#K4M*rUw9bm9Go-N@`IAnCD^lW;% z_sn#+TU*;S-9tHBa*SX_XduIgY+QvAP$D|3+2P?+7?B+L@g#7NPrBWc-P&nwZnd_) zw=NlsYPXLYlSsw1webzh$hocxg{&ZD))TJD>SaTE+4vs*kN0wT5zcbONg;?h%PChx z(Bdl8)>#~f4x#b(PwGaV;E;wg8TO{uiOZA(B^u{qY09@yor%YDNrr7g{@(n zOy6UokO@-s+`!%{!2X5GUjrGz%PiPxZ@1w_rb=M22$^ZQS!j8J3^d$6L}1`n%hJKL z&pa1y6gJv0?KiCUTWgBO6giz-ZcX^$1sd~ZY1yKPsfX0PV**XAV_;aFLxL_9#f#ye)FyRFS#n(3QIFJAmtYiDnQkndI}rTAuBGW%nx4f zzy1}OSN<5*|K`m(U=iAO^5IjE9`_xJh2*XnE`Kqzp;Cyq_!4g zObghvI32|Oj?eZh8G;duKT|9p`Qc7xLq0_rb5FVb7TKnj;=|5>t%9q{3~HkkQMT^` z0xpdx_%$O6Zh+JjN`u}EnLTE##}kX)WGYJi3IW8k=k&k3cLhYnucd#?wnXVqb87^+ z&U_Tnf7CkuvI<+sV9goL-rmmggMp9b(BLdJ#RdX=g5((P5u!#oCY`%Wgbiyz729%e z<0{JnU-M9O$=W3DQ<0z(l#O8soer%_CW5r;e-m+a?)L0%US)fBH~sBVWrQfEWRgvZ zjog3vy5z)ds@?GxWApy*-tvRMuXzy9kS+v&efd}7*NnOca}z24*gChH%s$J+ceeI` z;LD<+16&vnMGU|TH;em|Zj_wIS;~cJss3uprEe6Ft^2#*8z7>>h*VxL919liMc)R~ z@5b&HG;%A6rx*;u6$Dw;FM+wo#1#6)D-`d^9i%xT_ z#OcL}O5Om}?$wk1$IqTvEw-@5qmUIb-8cab#`sI-?AK=uB&Ol^{XJ@k=M}_w#aOlU zqFa4@zsZxcxUP=yme4D5F(?oi#@yx0|B6(8h;a(zkOT5iWbLD1i%n@)HRFN&2Fma) z?*iQL&Z_M3*6w{CT8Ekaj7r>)3`v0=l78>vY}P{764eHZ&Dunf&0JH|4;%vBk#{H+ zQr*Y(w%%!Nkgy@L0(lf>{j;(m@9f}e?vJ&W1J2JocFRL=CDMl~y`yflx3_`2#VQLe zS8oLM{GZb(`d3sp846Vx4dwS}d3!3e{NBDLxAwL-@nRO}ju>AGwF;(ng16vAAk3E} zim5h$Am$6eK>R|9E900cc5g;fSYs_9HuDs)M)hzXnF77Oe?6C>_^bm%=E- zdcRWH&jv{Im11-!O5~;tl-8!V2Ui)AneeZ zFgmwK15*8SzI8nY+&M#Q^_p7?yZJqhpAYoLCM!gQHA00a>o;B9QBJO^azPH%O7Gf7 zVsnpoj8y)LAXw{2{J$N#TEhF7MZQNA!o8p6((FaS6LY<{LP{2kBl`O$3&$GD?#2e4 z5t2b+Ax=-DOfi0DZr1lZ_mv1EQ`KxCAF=5q?V}t1WU0+3gJ(qD=*OjD!$~ak5DHlvIPQd=ievq+tO>Y=pxc0~*l$mIn-U`~DVYr0Jin zwN0%ogv;t{8c9;N`pVoCGDL=HxyXb^Kv2&23Z ziHY)OIu{B}fy&jUQ3OnJ1Y4`Y8M?2%RXdH4u)k5 zV>BFcnCZn?YC;y#{UEyF@LH1bK-$2MNP!n(4k)zEjKY7U8M@1X^fi$XDVThAQrdDUqMMoP2G2G!m9_%7NPH27@SA&h_eI* zPvZ!r{v_mD9yo%RvP4g*LSBsxTxd6V^D8W;a@A$SgkJoCvC(`Q)@?1IB^pE%vc*V% zE-VZAMl=(L@mVV#z|9jEIP@>ca}9>8kn=cj8&Z}|OD0Pu9YgZPzH!c=h9&n-ae;nCaV zZQ}Y{i~qdx#bU=}(KCC|1I8s8Nh5g;l4)Lfp0Z*PYY2_Wa}e5~cXxy;eDrXT4x9xR zO|&u25ft*FW1q-mApc^0JB9>cBDp*@BM*%#QNwjy2GH3%PK>hIGl@uNjC7+A`_ zr(Ju|Nu*q1-NtoYSqWaT1&`FJ_yFz;<(T(2X=y{{R(oUTJA5E^(R<%vd!X5v`|lmA z7-0a)`aVhr#&Ht=k8B~*b`WLpd5EsNxr}0k?1u0#5(@JHf1 zCwL+jU#&w{mKWSNbXp_*H8W5uy&xIz(RN*M^_7HY8c#+k;Sweu#593e`EST;Y4P8m`T9r z-{WMEUgT@Gn*p{?$L+g!6!Ajo4n}v!(3_QRnsH`w99}j12ZE^igQ81z;N4iW;l;u zG#7%{9$*KvES$09y;-Ryzm7uOdHMj&5@GHS^tV?}X--^HPu>HGouvJAC>!0uu^t~E zBUAM@`S3QuVBxoTJR;@!JWuYhSfvXYZRQL9km z)2Ik6Z3f)~nh|Kkz}R>@v!-v~5=VDyQ-z$^6!y5Jh1qFal%G!05#05C{Zg)D6-38* zel_?3yPb1bAh?L$p4_ zvy|f$SC5Vrxg&i82ZwnbG|4)BEKRzq>93@D8X_-c)<+!r zyT}_!v?VMCT9H#UQdfrz7MLY3I-u?Lqns?HkM1Z=Kq!Ixk$ZzbTULyJI z-&o!i#%Z2}ec3AgCx^f~7mSfpbjs<(1lN^9M{3A`oygw;q@W>%p2f2$Rr6ePR}(4i zYH3e-KI{q`sAe)ixdHjrvxs1uo)yE0d}=<)qHsh3SQ4n_c1cM`%lm|znENu!EeQgE zGbL+f16@B4vvvAr-65r={Rn}_2W9@$JOuTIskmWW6$4tqx~j{APi2Yq??~u4DBl0T?DROOf?*ifc=F3P+%r7J_dc4 znv>6YES!`s4R@W%C28Vc;uYgk+ua+&KX5N)V3y#gcAAHvip!F_WiKiq2Z0_GhqK(y z1F-H%{GM;gY&ym~kAv~MQyCQ>D6waa!#E4@CEm+QVm+n@triiu7ILQ;s@rNALA(`` za)^ul;f<7#N2`Ub1fLF0(7>#aS(s@lyezU*nyoE0MdFr1xH~7&Sg_y_q>YJ0*D?PL z(-%2wgvm$&@qoDGF|rr^vuW~9k zM#IAgIWB=G>A{g{%36|O)<}C4r9A{T9v9av6EEqtXAERz zD7%fB(<1zvaSAQV%zTQbj(k5!Y|g5-9Ob&3$q@+0V?z7$uT!hdARPf#{$%8*R? z74hh$P-MmoY6N3=p~_}p#TL6AHNjLkDE_i`NZPss$D3feL9=^#cbXud*R^x%;@}^r z7A3T@FJPn)H*wSO^0=(ya_#NZ-FCC6m!?8B_Z?cuZ}On4BioP$VI~w1e!7(Zhq%Zv zqw7&e6VO^IQTp1?xds@SuKz_pE57| zuD1@to`;rz4h>9@gZ-^7xzCi;sGDO}qoY+E?e8HRWLO}25hT-5kF$P@Y${zTbWY!Z!8ZAl`<}($MPUfCS zXBrc`rYj>!YL8Gdv|EaQF6u@Re1hn6v?Z33B#2Fbg|V6J^NB!I!nn7NgvxM8p6-<_ zZj_7$4b255|4;%X8a5x)VanZMvK$o}Axtw2ZFP95LfmLf_`Ovj!rGWZH3M{uN+P;a z2XRi}vj}0D#T}t|x&BsJGvl1W#VPUd_TQaAm0q6aQ)N8LRIa$yoYIL=eZh7+jtVNo zcVRY)`^U}TcsT9H11{7s3Nb59|J^Zmh9W(1#mOY^Xa*a3l`&>s0iewI0EHc-)82%G z2~jkm#;9DP1Pw6Y&?JOnvBo+<_??U>-oC$w;|WKDy&W14m4!Nnfu5c4_{PZKjQht0 zYEC3v;^UF{0E)O8UXg|4+>wHFyqwRtXesBhI1RG_<(o%39-k(ZNsgADv%Gb*>WC7~ z(2a!gkG{2qN}4iSQ&f&Js<-4S5Z&}K(n+2hQLbYnj>-d?nGP0YOi`ijOffEqv`I{1 zVBFv^7Dz|q0Y!szdmar0T!%0BV-4n*SZO8*gQmu&0Qf3~b0j5QNKOluU z^wwq^X3zu&yEiN1_1hG{GwX%7w6Gj#zMe<|NA|T>x=tS>n`nnpPaKx*_ zP`)Q@^aC=pF9`PkM~N~BD{CF*1ACizF?Or}q7Sin6WZ5+!YF&&s#vN9(RrIcYNy#L z{MlQ@FU^q;h#OB2zQs!})8GAhg!_Y+OF|@i^?zC+o6} zg_)v?^v&up?=g?YcZR>)YV3cT{%y)b2gbN(h>p@UYI4GrGLbS`RB--G{xSW>)SiUe zHkd+t7*3P^88B<@B$}+_moguF1B=*uRJE`4J&t_!(fy6R`#*1PswYBJSM@(FY@u&d zkr{!e?OEq~#RdCAl(J7LV78_F=>RxL)xcOH zxkTFqAEtOj%o6=~%uf7?F2||ZL*?uQJ-{iWY;+U4MzpgW{BK5G_C>rR;gBwwU#1yd z)N#VePpOnNF+eK*-WsB7JXD?$7xBBe%^ODd$o_cp(o9+VMa=(fZ7F8oPwFU%Vak`< zVeemA>^d@SlpO-D_-OI-UAGXO5mCMd6pkrOLYgV(O?euG@51119fwFMR8W2ELIw!>}gu9Sg%M^(0(4<{4z9F^^ zkG*;w`?jC(SeBoCC3Oyr0|d(V(j{A(Wlgdnj&z z+U%9WhnqG>cV+%(=k8romEj4p z;1MUbd5x|m4IP7!Kg4*4cAOqH&`L2$JB2rEYwQR8C>_s$2%Jq2_SVM6_n0VXw;4zV zlamQ1RcQtXNxv;e=4~P)9LRNvE3!{@Gu7CeIyL7O=5NIh-qz*a+xpsH-X_W?85s>0 zWL1n{MD^6U)Bqq|944v=?!!*GIwMpCD^hKq|f*Z3r+ zVaVU*>rW3JJ$Zikqy^(;YESwaZJQuV0Xjz#w=xVbNXc-TiEAd|MBG-akAzY`#r?KY0D?i{D-czwf_#wg3F}!IQ(_ z#jD`ai|3CIULU-84uAa;>_7jX;J*%@KW-{DiLd}TNQ`fcNds^gMa}?}(nM!-8-~g0 zloWEPM&zsA%2X91y&~gA$Zl+fIkh!CGtn@eKuPXeQf~_it~>EK&`4r&OcQ?4>c_NM z#TcHqNxfM&5rr6vR76|nlP;O<;KRa!z_25p2D}w?25f-GI`MP8^P$c%4t(W$q$$g~!CHXdD7io^ekXQ@5`~$3wdqDu~ zL&-dv%!^6#8uBH8+skfy3UyuJ9*E1!FC9kr&Hmi@PgSb(i|2pX-rl&)|L{3}?*8kv zgE!j8g81Lf?Lz*i-Mx+N+xXwl@pFT1YhQ1ytzZA^Hq!PcB5f%{pdDvhbHZ$EUX*Rk z3bL)$K0d^j^CKfCS2OXo@=#$_je~1tq_h<^E3&rsr2=bfwQne_)*b9e1=ZGSpDm=8 zF~Q9r`|uK*}`T&c0wi4ae@fDa&k_HZ0+AFLbg`>4~dWET`Y0dul?r*#}fIv zq0rdnB4g(U#x4^VTL_CK{>B8w)~uM=+UE(0t^NB%#0m?^l&JRE!eL8$x~XW`GT@&i z7`CjVPaF$d*5xM%g)QmkD~NGQdAe4D2!k z`Nl$EmzmNRh=5&YSf4EbcByUursH3inc=^C`0Fxj@NX6Uy40qB%HY>!2kT7?MA~}YhQVEYwd=DTWjBBY^zWi6-!bp3v4BO8v6Rzssp)d%LcX97R0pH z;C5w`+9!@@t)A8VVAk5zV_9p9LRo8bBUx)Dfvjekt{uc$y#P)GYhk{H09Jo`74fUZ zA%A4-YV`zE;A-s}ajT^WdQ`E6__Z6fT3Z~mT602HYi`79ah0wety;Z4cBpC}Aaj5RuTNL$KTNr~{D~q-?XSE{y z^va{Cq6G`XPOEz|F{ia+$Z28Xb0SU`EP)C(t$lN`re^J~9cWs+Zk(xEzi%eSwC3;d zHyL4Se9pd>_)<~kdC{e{PZC^;{=ioVEu|AuyG~rG3M;Lz{iXJ?L8Y}NV@hkat3{L| z`Tpp5(%Ln`NjaKS1(VipDwec%1EHj~`H`edvaS(ETDy7_={H=c@e}>r_%FFMZ@2>Z zHR^xg+qtd({aJqg{wur4P4;n}_|L7|{r@aKcmEY*_T~2<>wn+w|EK>|?Z4>mZv+pn zzW?{`ZQq{%&+=Qe{~McRIci5)@7jILkN@7-*xA`~_kU{>{&^e!{W*U7eUei;9g=Z6 zFUf3J7lG%8KRpN@vL*3PKX&*pj5GMtkM+OQe)tm_4*5042f)*s11-NQxCs3*tD!tT zc=hDbYxxvJWcU*P^^hIB+vJZnNP|E4Z;-WT#^$j`-=eUg^yb z>UdPxTDpv5T<}w{8FYdTKHUz`LvdnT2BdL#a{+$ob^CYuEjs^O8>n5>p77Tq0gKN6 z?w)`DZ*TAJ+@Al>@uP$JQhaGUo!>a(@+E7mTTkQiV|u0Fq7q7Ab!eh3Bt~la?o^%e1#$lL1N#c?EZLujq?I{9yTEd0;hn1MEcWtK%mYo&Vj9l6aUaQh^2Me{XNs zzyEi3clK`2|L6FvuX~XVDjdZ342>{WicPv5aa&mnFhDD>70+;|v(Le9trrr!_W_T< zlx-u+9HK&aU>oDYW@?#7G`XzpUV1hLt<4~5q z3+IG;!mW*diP0)t-4ff)D~~g|M#Lnir3q<);k%jgxVCy`JMiJbUw=D%wOJKmiS0i+ z$P$5EAL&rwGW=kgU=${XSm$kKC#0AVbSZjId%LOy2#M7X)#DknhfX4?9Vx@kSOyIEcsniJzY zcj9I7w!vNH*YfDa^Ir~LJ=;fTmb)CSBXpm=fG7nF(3f>?*wXGe=q5xIsjyH%|5eO_Fdt%+&;E3ldtcnT3X61ovOL;tOQC#-&bGP7qF0H{L`5!avwUN*K2n*nR z`G0$BcYE8{|8L#9wf}vV-%9W_LQxR7<(v{3a@r%1?#b~#H?bHa5*gdUGhrF>XdGst z=BoSY5F_wwE0|Rv9t40?B>2#sol_#^F!)!Lr7Gf|;slWhqI-4HvR*MC#c3pJn8Yo5 z9A}-NXe_W2g%M3yp_~@XTyX#~J6)!ym?pROG(9CibUDC7H#-cR;sZ|cj*{DIMstM~19*JZ2s`Yy*ICWrvqR38#)F&YFu1r^9Ng{(!K*aGXk5sl|CxuY%#>0;=-%@ zmdFF#+8M_g;UHnRL6R8+p$*YHIlo(^9b6-tx$9iGK>;@)#%CxxZ0ckqGIj zbk?E2Rc{ZAZMHYJ?&B<9nGhskUBmI1l4TsagBk#Cfy9BcIY=BXqe)2wNb)74DHDbf zy2j&*oKiwhL~V)3PytmdN&@4RWfZnU*kB`vKrh(e+vGB9W3XU2ZVjSd7L7a9Uk4*J zM==T)ciX4`3MAMt_zS;PW9!P}6%}>2&syDFKu&v81CpaC1!^8hRAm9AJYG>To*qc( z@jM-xQNkZ318u=$m^2*F|J&Y|x3_I1dGFu+6c}kHByC=jEjz=E<5hele%7(|SoX}m zD=A!%fFz7bfFVdrw59p%Z~dyO8x0WDVL5UpOYDv#HX40Ych}W*l#H0(Wh4H(saWV| zFh4qhj~Rb0KeD0AZ)&92x_uGF>^cxmX*tzJQBQg1W`GEq>J%>?QV=doAMoO5{%q&jO9QeY4_HCw*4-Vze}_@2G|y-$AK?QSQUoPFs@Bmx zbJV1RIPhm2m7$s%r2ri%kS*XP&=x}hTi#E}Nytv!#K_xoY@{-dA{dA>5?VY4C*7ci zoEGtF`7;4rFC}ij#sV@{~v>+^dI&CrX;rWLH8f>?0=$P=|qY1~<9dp2*Vc*A#+mkPK!BDVqhZQnFO%_TI%Z3}SkT;&&<;yV&8K zF=g*PW;Nzx$jXtD-V4QZM;5l%Hw`AR^4PEp;TANLe63KJM>i`y`A^A*vQCd^WBk^QT$4RWaZ>w`p zG>qWX4iB*(aK5`8r)gH~8=lA0G!d9OZgkA{M_hp{db;HpYAp_cLW}6)5QWE6iA&0! zm&Wm3Q%lTZ>!=$TPq;CwylS$mgAfEI07vQl!)H&et_jC0id9i~V)1AlPn18ifryBK z3{RDz$t0YNn`Uea<|n`)Yl5{I4A@$A$M?~j;8fwl07DW^63BO|@n8@vz-X?yzgFeh z>04Tb<77yXxUV~7EHjk-&*#f0ToAF!&}iY+TQv*_lgx-j##83a5!IK*9R}1AfelRy zH|xyO6Wq)&4msJ5XPoPe%kh7~8tch`vnmHKgLqcBQX|Bkp= z6E(#7%)&RiXcUMcHa8PSV(~|2nCTb@O8g27MA)()0{O8z>Je-fB;0vj zhw6^8xxs_niH^b~CftM}2!3QrF$s?tab{sL2rV)N>^omO^C{72 z%n5Uz0a8%G!PbujnHgqQmd}`FtP6UTqot`eXjpDb?3GLthRSHddOM8W7@j=xYQLPd z?mTYSYcGHj&(x?Rt?iSjcDCQ@f83;hhaX2i{pa*!{qfn0_>BbCJ1hK`z8D{!?TTmN z^6xb)-x;Ie{Z`O#w(fA{C*Y9dY1-WTrG0Q`c?0A3N5E5DOWscgg@X2on2)CR#N}si z!S9INeM$R2Ki%4W_w(-A?oZnr{70?E7q4ghZ*v$P`Ga|#zK`O_HbD4(in261sz0uu zsW3wgr_(dA%r&0w*(j(}FQXyV^wR--_dc9cmsU%--Tej4oUdE!ehg+qP}nw$0PFZQHhO+s0|T z`?S9K@4d;q&D@unhe>AbhgFr-uBx?@T`4uw1;;nEAaE7@dE-6{7Pg)I z6?f`*?Oo0JkL;a0`rc(L{%wH%=MKCo4kUdLJ| zynft@Hx+RQonO%03E1rx1uZJ$9(B9tu%%|gNor!{{?ww}rT`0?`i|9=l*T7IjT8E! zu-`x^*(7YgPG}m1^t`ukA6`k^Zl5Y$oB%Im2y**bIE;$7w%t;~$3C*F^kOHxHVYU7!jc`I`cd*i&B(DgzgkEllMt~%KBse`k_CYrho%uyI|>Fb&I1X%!C=DcUHg>-5#1$;Y_8r_n)8>#|uu(0J^JU!BOg5Eith{S9lGdgaASLs~_iy z74eHjH5Ydt=2{u}R^F@RVgy(ha!?OPQXNuE=r}P9QJ0)$5`XBnT-XAYc(_ za5fbDw%T5-Rb*UYYA2qlWi=Na>Wz(g-8m+JxW`?K1 zd0%3C{~E~Q*GUe0`(Y12Lg|EkpOJBNX5g7P{SUyRuEcjIPQDD7@4tHNFiS^YR*wa%DR(Icrub6}iDeN+}IccPd} z0_}~;T|{cE*z!zjt~PM7S4%%E3LE&~lgPiA4%1}E8*f065TMt>^jX|6tQ;*yXm|2+ z&3v`6++{gbMqCMJ#Qp_-FZA{g7x3V$n(#@B@?D4?@&K!hMntcg-`3piSZ1@~OJu_b zwjS>VTw&vsdnUBLRH zpk4Wr;D@B&H_Hy{OB#);?2P3s_l`_iK0P<7oT;PV0l|7ha)nM=)e2DobuW;|vIAKL`q#$~SIke?v83g|rtM8v5$adECSvnMJ7N${h+AP|Dzk|B{B&N< zfpRc+y3%^Il{_z7_cHz+*3)-l$4iQ;UKLC;8%~f;NH%be#;31=orz2W$|9a(>JHW_ zU1B^`7`^`d<J<31u2mZrAELCklUsB?2tYr(L0%ReW}w;0!*e9l<>B9vrMl80}X8D@TnXA57m z7NWqt{eH`IWQAGgDO*>n7x*b}>;N3GytCW2-BGv6WZZ0c%X6K={IG;NU z@axgf>@N9`iY!_S(&ENy`Q!Vp!uBkH!Lo|F_`x^KVbOg^I2v*lLsz51oBR@ zgNHMfc}eD8G>DW)*67DP0z>#S`ZzKtz95?H8>H02dvQLDOL^kY%wkByJJ4by8YYpR zpjR8$bPUw}uVfvOMj{3R`O%+AEfW@R)@rl$x8SW~=j`tzZ5PS@_SUL2{A2JeMAwga zbM9y3Y&kNU{YX+6P|Xfx1}sKv?Sk(Q5?GHdrM6!!IeI+{#60K-cdi)ITJj4Apa|OW zvso>gq)axrXz4nhmk@&qo*Ws+NiW5&G4Emfo1);vQ0Ea0XCpp5ew|vjolp9U{SCJG zj_7v09on{D8?(rG|CguNOxcoxlFBLzU$GZh*T!=l|MiFnzX?jV-`5>Wea8&a2!({W zJR(QEV*kjX+x8TKFPWWxE_t-3k-?R@kps(c1^8W%5%}r*OOOvX!o{)FaKOJ=FI%xc zq9P;&C{rOlvf(3AZnYriNt&t=tRXF!Y}dbH5duC zMJyS>G15CR)i5NaVr-7(AygrST�iE^W~28sMs5+sQ%64p!DAetQYmx#M6uw|D0b zjfl%2L~K_yZO5+*w@zQM=C;5zaBEw1Pz|}wPgg~yG$serN0;jv1lx@;8_$eUac6M5&l=(_I4Trk0>>38}3KshVSZIM9U@N!Y5n z;teXn+`hK)L_}3W)1B)bA*}0T!9j~0W-=Z2DZ!Zj-v3cBiGqAryE(-HW2C{ zv2pAp4bIkW%n?~%e+%Tkn~31Fpv(BH^ml^086tS|r^)Gd{8+BlncK0dH`x@lk!S*pYgGZv zL-;JP^^6GOXSGz+uHl#_6ntK_PfaOcS}hkmk;u9ng#A5t&Y^YzEV-8SA~NSpO9Zr) z?DthSxvTa{cdSds!LjzqQ7ojQSW8w z#m`&&s+f*Ssv}GS*#t9@V>Gz9O7a@9z8X5CpsUda@^?V=O-J*OI`tqjnJkVhEttDJEClL%R{%VX z5x25BW4#h#mQ`3facQd+qwA*fOlV`n7bM=gZe5QaaQV}VCuWBmkAbi`aKNW_t59y8exwphaw21D4B?0Hq~M^@_WY!Ptlk_nu- z=+tUUL55aY#gD2&f^1K35i_e2r~LKN9cU2}l+B;{222+NkmeBUPY}GUzX#%q0SD`S z^Xt=qdyf3(MnrORd*$qRuKb87QWL#z0a63aD8iS43GaU;{4>V`mev6}oRQzO3*;98 zCr3YV!~gF2{5qon-n0o&li4s3`2l+jW|cDOq**Y{bA=#nIxOBfd2t9TeSB1kufsI$ zxE4Oz?+&@w=6gLh?U-;M+0cfg8^`C|hU0CGgGYXsl3;D>zg_-^ z9uv=09x1qp@IT4#9wag7jNE{khk)`-z}zF?XI=ss;OItB`!S&FT^|Z)nQI&d(0&7W zhX9>nw1sZ#b|emqbT|-Wo*ee~!?0UFVJ7mfdUWn8pqK`Ih!-*BHgWAr4A{G{XIvKM ztub*tBgdf@DV0hfIn_`bV~f#U*1F_*z3>x67v1C@+ivknYvfd0T>V6^x`n=20C6*V z$g3C{9@-rBoqW0Pu2+VVqO;HQz7{TSUEcU`2lp1BElgiW>wU%WT&rVlGOgdQLF?c% zoyxm-Q2{d_)i7Fd`Lx?z|Cj)sbb37S#eZjqMYzqIVX9-&!hg=XjCTxb+8y>{`kmc@ z-(s$W|17<%>My_Z+%{fbMuMWjV_Erio;g4Ofx8Eatf;kQJDD|y_^{#;T&3aqFJKmp z4_ol4ns*aGE!lz<`22V$q^}SaJWq55T{z9Udw@~OMa20d`CRpz&iOYpiHw`khP|<7 z$xqlgN6o?rFpzJFi>S^kL{0LTwm==SdR%Q-h-oZndQU$KoG4NZPP71|c%5eZzBXJH{0qspFZ` zPO6ggyvGs>+Q4SL#l*VUh`sSQ0Iyf&IkzAZyXL$V^?FCG_B{OPC^fFD6L^r+OqTyG zRhE|G+E?A=_{!bh+cJApAG*CGeD1(b!dW$#U2SI|HEsZ34Kqil#Dh!6$?a0z8W1~E z(a!}2oY`a_0QSa7xPpcxKnD+t6}OfXOY80PT?MaQsQDsIi=de6NpDWBL+6?biA(3W z_Q%>VVE=;ep04^RS%U2Fi2PuO%4bHxWZ!UGC7Z;5?IReNo4u92#U$V>heNLHh>2d8 zhR2b=s{Wu@VrKJ%7rRa3#0tv>ZBKIg7X5R$;xdW@-Vv`YHw`^tm;%ywj}4mwa(^r9 zo$^OTm1QwvU>*tgZ&HMU@4q4Uf8`77U0;*Bq;M~2vmeF_O@8sx6STdp( zs+d+w9~i>P?sLRc8&BcZHvL48!q6EF0m~3?JdhXkcio-O(7mh58n?}H+E1G_+BI#p zL*r{W4H+E-+4kyBX15lQ{?fEyiVGv&%;iv_j4_*a=$Wmh(Kh^~Lh5;LW$J&Da!0`~ zuE3aUx`3de#~pxocGZT8rtcAd$xKR;vJsR;r7<=}s0^KadN2bO6g)@l;UEFUiY{J5 ze$?7DJ>-%_lnris=Kf-Cb?C|0U6qGT8)0dP9Dg!KbvT}?X-Tr8ffX{!W~)&K`g(tk zh1-tY_kd13UUgowrsvsL9*&7UAXS(4RJqvJG^0AccU!Bm7+8Zfw@D?^sDc{x+$wq{ z6w@Ho$5En}Y69%0K1BX83UvQFTL{pj0UWgtcmWgzHJ=Xb`7|>Chke?KKRgG&5E+8% z{_6VB0hq7>>KMP(fc0U*7C&n){pqb>)WH2#lU@93?qH=lH5SC-v!SCb5Gq=wk9`*~ z*t2OYzTIsVXPYE)=U~}wF=!b_ILTz$LZv!7Co=FqWD9XzsaiMgQ8=J1U_*U+@35nr z(*a9Hz!p40#!M=vFm`t?V$Az(!NJLMef635%7S`7fjuAFm$t9F57ZR^iR>SgRe;M^ zLY?pX^UHs;eq>Jl_u#+TCjZ!1^hUpuCGJ!&nNp*gav&&k-Fh9%jxlHAkxVMP{ZhsGsDSJ zv+vU9Mw(^U$%vonDd>}K8E>1;sqSF}^=8d)g11NmVa3&Oms>)27>k*xgJH3M!N#+L zJm$7IRt*VCHq2iG9S&ErZ@D)$i%omx5PRI@I4&wIFrdGfQzgQ*RqvR!<*QO=a@SnZ ze@)k9Yg(LFa{|;ZXLvbR{2VZ4{}TA_lit7tiw<2xfZEE6sr!N^MhFRS8T!Gpe<|n6 z4HK+qs&WVC=!f>sTsw0a9ltc5`f3_JqJ+(!F;SIorR>1xTw@~RKM^b_IDm8J9FX`m z-vrMXt>*TmX%U;Qbrk#62>8E^#N2B3T{s#H_s#P%rT=n8^Me0#JOdX|nBok>H-2T&wtW)vl$TyvUS zHp!9Zp>uD7;GC`bf&h$L za4{N0@0!_z=$Zq^R}E8Z4ZLRMrF5DFK*Po9xYQ z1%_cBjvj+2Xq3;~r#*|waxXBXn^$y@R~NA*t$lWEhPW94^C=YooMTIun%{x%@%wHyth?ujVHnGgfOz!1DmuJA|9C+T-B+r`AoLleFc$}enw(JBd_ej;nN0mH)v#B`HE7eU>xf_09?<9uDH!De0}Vh?iwmc9 z4MZJIo7?a`RZx)g97cs5!{CcCZpfh3dr6uf;P|sVwmhqebCsU^L{!q()mHhZpTjtK zHG>+G4%J;dDmbW!bdXGlOUVP0fr!&W#P$r-z9B&8+-q;!`(uiu zD6Nbj;sVY@M$o(0Bkk^nX7*1{^U;CjmRP_*-v^=-vCa#?r}GKWopvGf4WRiQi3R}h zp8(Z|Cj7+1^Q>)60uQ^P8h?ji@f&>K+~x5O@DsdGDiN+M>R;AdgDAEQ0b&4)8~7!K zFYg%pW1mgm1lzTf_f3BFk$NpfCM)2jL_)uZZ27MyHoAa<71-lHf|>K7-A#~*_(tbu zE@kWHYz~Bbj=Zwn&<&ebs=@B%ek$2~)snlZu@B#@kcD{FuciyG<=W0}R>>~!Oow%VVI5-~?^5F>M zB&A_93Ro;N)-ZG!_*9mIAMSj2z%=2G-nR#Q%+kNjm&tP|Ej>yL^T4CnaFLtw)U~~z zc=WM9P4rs3)gbW+47YcURfXBy8us=8%sH_W2&Slzh0J^Y?ecc&I&Sa-6&E1=y~-YJ z50yHx_RV3sL)Mk=jVxHqiu_m?S${j(9}kKxd0ilje)cUNqaKD_@59i3h6*CB3YDNA z>K-OL>I+>Qb0L=HGt7TrVYzX=o=z0w*^aK*8P9Y&K>226!lt?wpY;{*WW3ILmxz>TjWkuq*kGk*Y?^G}yCCfkUd|ndYpySlV+~E#R zQo(#4rVFGMoXN3cBIqtP{o-CHu#D&6zTWq+ERq#+7*EJkz1V~5Pt!-A9to74_3h4i>=DM4|PGN)6FVU3UHzx$r=jyna3+WOr_ ziBt!9yoHvb#rG{lisQCwP4fty3ce0aCFnROBF>R2SENXht%F~QoHPrmUfy5Q{qw3h+h}dabwh=y2^ici=ux$*&-QWRF2FU{a zzCX)5<*h6M^8IVQsJ~pn8pJ~TUT5>ZViEu)%;zvz8-vZGM8&B^}qjJ`ZsG>>?IPuXn_R|f$3*mTZAa#o@Y zFK5a*IXcDW3C)ap@#bUo6jy9gXY8C^B`WH>NV4CW)c}LsQ7`;C9z)!$g}Iiqe7lVC zhEdJS2o$;AzYWul_9zp166sGhi-i{5$|#7lSoqy90tL@ zE7bYracE1ji4=Seh+(uWo@*aL$9i) zG&#fCD`F-N3{8GdiL_uT4J&+wky3(lxTRP|ixlI#j}=Eez_7C=Uoy%P?!U}V8nh|{ z+JOXX+hxGapOe1!`1+p7#9A1OC)`hWi|^1lMr0?nBfn>P?wx=k0fu!)I&0si-6cC2wj$bBIPXTS7K5pSFoOf~ zs@c7wK^seinaS4qfYP^Xmx%0|_U^-O)x#b9i*k$L+^)U5mcNBN=ukqMua(t0Ht~f$ zH^BvMI_C03ucn`s+ou^jypBD4gd@~ZA8G^tzz~RA9!qR0x;>8c22wu~hpvtr8N=GN zP`<<;^C8;&TO0pjVi|~I89Xxk@ijJ{onh8+e}5m#GDZ}|oM`!o;h58(T`?p8*CE!L zom`#4r;WQa)O2E9b-U@ME7J490x=}4wG#2^;~v5a^>fp~W+yyh?VGy~5ID)gi`Pf9 z^apN5y6VOpGltRN=_`d(hl2l*^hX!qdfEWboRYBhYzMKhX2HT4)%Tj6oipK4yHv?1 zhfqFCu!I@N)|u7!W%ZXTIGMXYOZq&$3A%YC$#a|;Miz`s9{=0sAz7jXFM> z=_DcCu?IbNWiR==jN8YTJgz}r8>IN9DbI+NHzI6F<3b)I8pmfrVIDikBO@u4GI0*N zeVJCno$7bayGQ7bwAY&BNHHJ}TE3(Gd{s-IrBQ&up1(9e%Cn0?Zi6JoqeY%x6T5m< zW{(q|QM$*#9c!#*rMe0{$?MJ?kuurYAK|Oq+6zp2CVUC-CVc;=f)pOJ<-gHL1*V?7 z_hxsDy5g)6cb#On===1!_PoD>=}5Gf?!~39%U1eOBIogb`?kQ_?t)F-zUCUb*E<&( z<^Tf>lN3TQ{+@|78o(d0ywz*TO@IR?og)b)^jBToDwqeQHA0mZ>)>Ct@2lt`GdG!i zR+rb5;m~P#)$LBWOP*|NI4xokS74aJMqkA_17BOl5hbytV4wvm1~ee&LiSfvV08hY zicaAxD3v@5+QJyEw1$k9nfR*c!M-4iUD?+CKF8@H@c9Y_%v%5U_`a`Oy%U{++K^=l zeM7Mz3MR@JY`^ffGI_fWO1Uj$fo&QJ`L|-d4FSw85+^&ryTMgy;XVyT69`{ZJ5$+` zpZ2UzCLTUGiTCjNZ9E+q4b*DO3ofB=Jh}o7kI>!xMaQzv72I{^Ur% z8)yIg-M;d#NhQ|8yjT90?Ll5ZhenrGecxr{#JIvweOKf!Y99e&N8Vo9*etMy#=1T9v0Y=DID(}kM4Uv$DPUTO=kIh@F! zkoYs*vF*bn6R^Ma=S!8F&%VFgDsxCpL(N|JkU+OM`}*a!Y0M{ELVlI z2xQFyg-5T2ol+3ZXt`NRQ-)hR&z!_N44UrNSLzHb+y%c z;tkziJ;9<6Iir9o$yXeRawDOTmtoJHnf&H5>LS6giAo_dY)p-cm>Dtgf0_b|D&j3Ve z0oMjv6o3Z508N;{9BLr4i4vl@W<2u=X&!qsM=*N{g*}!WKj+U+=X1qiO3?rdaant| zP^O6R_v-Ee;(=`pJe%M-sIb;Vcl zoY)7$fzUIt3evMMLbDD#i+93#BTHf$4Kzs19UU1(^eWuFQ0=@W6wmE(gXtHvS07CS zAfIpa-Gl!)RHy*&R$UrY1nbo=MKpSH;g3AiO0dr1^7DD7_gL94Klo$C8^0K0NA?IK zQV?P}DPjMs;BR~da+Um3O^R>fc7HB<)buSBNEyFoHdscIdgtWh)(@hLiM<_!Teh0vOg)p|Dae zV0VH+Gp1-2;Gpsv)Bmx(Y5%JCcKUZfP@Q}PQy$n0`e$IkJ%IT4{Rfiv zGk|u%<>#P%4;J$b==)j*yi)~uUktpGwSWKm}SZ%-N{S05l*Jd(9I>4G)N2tq%=~sFRx`|yW6vK9gp1CTKBuwZSg~lrkFtC zd5@G4r#c{*Hh#4ejx5x(L<^!z@_REIIw**Y>OrT0pcMjarb;kYARGl(oJYX022Zbz z^A?=A=aMS(uKv3#$g<$$-}?=Of8Tx5b(v&yS?=hRog7pHX6yl>en6NtrUYq$!XX=8 z#Rg!PYn0NNkw0Iac-Ma%i_Bbso2Kh9hhW0GqMmzRyq&ROGt^*j!DMvms;dg8K@j|) zR610X{9Dm+S7gD2i3g5SQvht;I)U;Yypo#`3i`|9|fUd|UuP`Git1fry}h{(t#_;$UMV`X9{6!Tvv)iRFL!{}~*dOss4~ z%q*O&oa`*j9Gt8~Ow62Y9PB_uO#ctm{@=pg^*^2ewPN<4VeRmL9rs_Dg~k6(p8qL^ ziRl02|Brw$1`5bG)^h9F$;m=#cC3_A#*~e%m_P*Q`)8K65k&Y3|R5PDM zyIF~FI-c~o6w88R!1bj=+bQZS(^P$1&XA3}rs3L}`hVw^sMBF6K=~hI!EKcq4es@I z@Gr-QW0}Uqz!UP?_W1UvPnq(b7HZnn_NUG(qsh-RJGD22vR&9B8t$LY-w(gUx|J*- z$v08JPYRzsKR`q9SB~qU@n6Hx_r^x`>)5y8M9ORc@8xShbW%#XysC z4gEQQo51z=Cn4m)H8C(^1@Jl@{42QdUpSin*4QMp<1VHCcYycoH)pkN+W$%f_$hpk z*aU1?0U8?q$MyV|Z(V1+?mFQczACPV$k%~GK*3+>1;ATR-AG5zm!zXC|JUEEz(=dq z>yz^V4SicXxFx{&r=i%{-)yGe|1<;0fu9-L$uXeffVy_K(r}~Vuem{f5lAL5oQe22 zqs70bpL!I?eA3|w{g1S6X`N3(lW;#sE+apti7R0`WV&{jlRLF()oaS4wd#kyF=!tE zS27HmXubk)br;Ieuz?|1!D-_T34x?cJNHl+io5C8U5|ZGdF?x%g)iy$F?}15$C?YT zket)2JU&XiETFiHzi^gGe?R38E^l|jmW3HqTDT&%K_%BTz zKTMs@MF|+EFQk{zAo+Z9ZvIWC%V#1pHy}0_@A@JjqiNg;1d+@-U#ty+LLDR*&QFc6?JJ%ssnYU( zGAL$8eIaZ@Bo-hwIPsYvVh3JjvmvB?1MdC@dK?=ud~l`Xu*mvdfp&1Dt-okH1ac;| z&M)Fs68?IO8nk2EG3b}aDs2Yn;?BoFJjSkk6Hhssfee99i-{jH6xKJ(h1J$dK-Y1; z5w6Uas)jYTT=Psii&|Joy0kAxwy8jsWI)xnV1v!}V2KW3wJd&;q2Q&VufU`UD@EZ* z(?g1bjC3*~dUcT)aImXZk}iSP5J=c0*W1EqBe50!74T&lko{jXgPEuYSHKwm;!RnN z8y!G4!ZpA*gVIV%3>Mpaf89H_Zas}VcQ%g4pCF)R>@S(Cd+9Vzof_(3?U)kLM0WX* zQLhSboCq+xabq+twKkH32~ir+L2tT;)eImAl)nEU>g?V6aIx(`;RvFWeFQ_%V?p7; zSGE9Q=_&={ma&6-iONqAD`CyJ28bgmp9;6^&G$ilvQ-e*li<9kyPEHH3PX`AoG+`lbsrUh#lqr-7w@>F~JzsRK`fs^LFCrOPg#Y%3+4DPce_`2;f9Z-V5i`?>nI zj@RRNAtbeurvPL|l~kdHTXz%+KASHl5bBK`SV@c*xv-%nimSbg$f@Te_RKl!w z8^6Wr*!2*LFy$0GQw0sB7&2d5%Mr3iW9NWV>uiOj^6$9C`oxChS*Lh5^07L%@`;^ z)Odi))4Y;R+Z!U9@mupPK4$EG0MGd=n}XIF-1kGvBDVX;d&*izbUcJWn zg=d2flH`L(tSdN|`1z9CV1(NJ=@QPyA3IV8jZ6)MO7< zTY-TtqXRP+&ao3$F?BNqZZ5^2iAVojYyJ5m@L=t+X{EITgMzVDFG|*W zGp5gM8xrWq9^O$yeeuz-oimXU-8n$IutS5gGliKjV~oNtnFook2A_jpCzFTZ^HHu< zkL34OM(u`}u~G|$>25Tjgx8@|@-hX5A-tx*_GM~p?1b&$r;V2LCNrE<9l{LG6eNab zAeyVhVc#Y_N8K)PB*gzws%_Au#gy&|$`79$MwWOj8s8ymg}1BV9$I467y!Nk4<0u6 z*_JrRwyxf!1fGTHg+ne0x>#{ht}4=L)2Ox2tgGf+M@rqs_hrIxAS_Mnm~c!AW1`Ww zU1hcmR|92*yjA~LY|>+tv8khM)3B}5slmmZR5QMCrXN;8@JAxhG9p$$F<7@5!+6RZ z$}Iiib#weYb0IdcU*g~U|8X*PO>LhMHg=d&6cYPe446HMF| z=T0|p4f<${3X3c)A#BT@{CElH^c?t?&ARKmoC#O5lOG7VmJ%&UZ4Hr`$OeYC4ATat zrq_Y&YV_To>|eA`>ad1&WDS~>335Wx8gxjHujut6f=D8_a6T2eIy;NHwVpJMu^D&} zK{ztxOD|9w2E#lo|IF(npAybCPXplp6h)s z=@}adMAeb<%mFb%;9?fo3=CT$6rwb}_}@s-YtmB$e6>}n`Yey%0i>e5S|G}%F&>aJdnWtj_w!S z%oqdFBvVhj!C>PQ3N|D7E?Nv3$goj&s|}{9No9}fx31vU+FpX!8qC}xBu)%c7nO;) zY1UyDfs3JOXN}PomO|x@_wAEKeFd?H>XwO;G{y7<(MM$2Wn*qO$-e3_ATt21P5~9F z8M7nLVC;c*b<&b=0b`PF6`BtKj!ri(AxVBI9D0Rf>Opciv2|ehm?C4v6pe%>fa&7e z!)))~roo@Yl4Z#_AXU&Ym7JT_TK8guljp#nw_&t>jgfz3HHuvA(qan`8o;NA z>8>RuR__7PRb8RrWe*VCcQ_`Bv;wf0=e?-3$g`f(?0RjBH&&mp&> ztdqzuM)pn2%x*N~^CWo?&A{#C1=41>6((XFiYt|XJq?+pHgU?H!cGLOZ z8B$rbN_@oyHjd22eE6G^REx!5JDO_g@-Y7|$C z+q&zDN;zMp3aWZdb!~==Z6Dj{){TkAD{z3tdPjSZkWrIL!y{15$$plonl>qNTt*)K z7ywL*A6Ua*`>3|G%0wT;lz;;?yjV8+uf5iTWJNKs3UV|ybY(WMjp9l*aHrfVZ^qTCOXM(WL@^if6vNV^g~+wh!S;yRsLL~xXbKxc=(N`riYKHP zPYY%mW-LzS{;Lc=PXp)^0GVSFg$Tku{}YAMGHs9tB`1rBRL7MFOGsJN+dLNCmSR;P z(3gXiLn2*=Uf8nf{a5V>Izb;?@ix|@figzU*t&DgJ`>yLIf?6C&Wf(@{A1FkvS*&^7 zB)W~Dm%M~nn`mjbO2LM(c_!cXXp7638mII5Vp)dP(g5g^CSSt${;#(l9EhNZ*hu1}gEY zuWWPngBgx@q;4i2K0Et0Qw_{1Y&yJ^T4FshY0`GvsunN~2{TDHNUfME zL69DfnqZLO(gQB;_**$Ld}Y+_QKYO3Un|^cF}^08rnANcFk7PxKCkhv7+a!fUL`MC zt2&w0WF;@M{e_DJQbFLDn|idsC37vJOc$fQ$8&@?%bTHOge9eK!-4GUKI$6t)^80+ z^JL=B#^?C>@b5KuzA1*LNQEdQ88|Nz*MgTHS0OFSK5x= zLiM|##HP@YZg+8)8}6azs14h%h8kC%$WXS~@^0yolU+B|#;RTVhsyUDg30V!5Bl23^%!kPP zz^L4*-hAFEQ%f%g9pIm=e0&Qy%_11~+=(YNwru|_)u>j6OhuJSJ@}?~OwxgB_IsC6 zQ#yme)*47xFg3U2fk)ZSPf;+X-E`9_jVoUMdsAXk?mv7a|4mmIRDeXbY%N8WO@~?{ z+z}(e%>%q(u}FpIA*XPNFEbE+T32Y80*d?RK76P!fwHSxp;dk`L(ve29CLwH!1}Wx z*08_#dqe9ZKyW4{KfoX6rPN(+AFyEnhCq40)NQ-;D}S8Qcsrpb3&Vd`cOdy z5kM8avo25E-k6DFknMvi?HDRST+r6qd#HYa_1p&CNG2+`U3|^1Cfel}ebjrJ37seV zME=Pa+5{^8Racy{c~<%AsTEPTl7z?S$)FO;Rh{z4OTHf^D*8NoZKkPwv{RvA5kQZS z{BN`FLe!;Gci%LBM)^$7H)S~AL8D0Y2M-}rL$aK$gbJlB4&sWpI+#q+6oOEoRKPU=S9l8+SUVPvUXefcCKikNBdJ){-zvgIGT#eg5ILq5C67_UuI!2{@9*YlTJ@iu8@;9PYkt5Ei zl^>&^y2JvOssCowepqK(yLl#~T>6%rT-F~OfdPGmrV&GXQXRdnF# zR7|a>z_u^W;NIoa?}CB(r8Fpl;C^4bQhw%)fst`U_*$St?4malU>Hv*mgL=mk)cwT7XB0 zc0e#d|J(TGs@x7fEqx7fHU!O;$?8*v*cIUuGI2-xsj}G@;;)ETQ&hg<-|BN2!9a)7 zEIVj}8iTcGrVt$t?=UTWe%}P$(0FHZa<2i^b9dmB`Jib$N)+3;PyKFeDFRgWIQRzx z*K{0|Vkg(x8h$>e*6VPyp4}&M7SE*;%`H4hi1KFJB*ab2Cn`>FiRp#Y=(#!QRX(0c znIk)RLW3AAszyZW+m@<@?Y?(+HRgfU2-14wYOnH_Oq0|@ycW*|0ROdOc z1T{2@SV_g77zNx<^hbAS@}77qxGyj_X9-Jep86*F1v9N?)8!i)J$-ax2uSBDMG|H! zpSptPLq?WhGRr`<(aEH^(5k_83t{mFE>4vXp&$^tlDcEN^85@7t-h;M){1=(+bi^- zBYvmPWPq4pGuYT4*jF*bf{D)e)HdwgDm`GK-KQ+|!Vq1{%0`i<9;6-a$05!O=qlv{ zqefJH-P7B+Wvp7-rpZL8%8h;+{byOLBg5=vZKDEld5zeaB=k|1n8+FPQj|(~*U1hn zDVLJ0E|B0Wo|06{sv>nXIe}ursd=M9E4!@jDq?2F-~WSr(@Gv#g0t*|)u&ty^DtUn32%rZnYhQ;cH5J6JN zO7t##l3}*?sIwN0os1qzg(g$`D3|2&6Sj{-M-;f82hqrem|wpkv#xxcM2_W)gK-10 zDF*B*85RWn2BQ%x?6g7`(TuniLBsc-3Q}MUl{?mFq8Qv7Vi4r$;B&3haO^Jqf^Qr! z-%GH50{^*)heu+aVww13JoR?W#9=c6V_s%dJ@c`${{vk>qQAVZO=*K<3!OuwNJ;jQ z?6HetiwJ8!kb!vQO5Hl$-rFl$VJ`sgM>&ut7JccpCQqYiMKI}>osTN2LDU~d%Jj205f9^-tOCBt*@NGRe#qSxQVSgq@?asxKs0;e z-Pzf(w5lT<$5j;$+A+I(ku{$~WSlZ8w;3sqqJV`4dKn*U3aA1NH9QrF4DIhsC;>M#Xf zMZ}lw;juuWToiv11|y^eT9h#?pDWN|TCj#whq2Qi^jZ!Z>$^P?hspO8M~9E;u>_ri z)8drfVS88^Xa!ydA%|&zVMR(<(lK+WtK_L)p!V^wVPPzKgRF$n!$P&fbT#AKgAG2z z5M#^ew&$QDNVFpDklA(5j29-6fl5M40*Nd#3fCYEQC!uT)gr)^ABlw7p_cb>IAnz) z@N6D%jc~MWOJ^yw0j8=TgW$LfIxZ0-Xq1e!g>Y0m*o6s6x;9T%+axe$L5EZkayijl z(77FMWlT0@bfVN!O4v+5n?R~Ql2xKeI27V-Q}vjZD!CO~_t7elnn6gLHBcUk#nA#> z>7xRGqbq1YrpkGB%pH~YE2O5x2KP?Ifr5W5*gLtJF9w@M? z<@ORK@{C-#QZdH;Qp8!x6^iLlKLo=8thy|knJ={+RKolR4X4&fwcFl<+CRhbo5@i zUnRgv$An5njvCiPHw;vIFsVVBlA*e@)2nnv^AM^uN*jYu(KUvH>`?xI#f@WRiK2+q z))Y(zV3)K@A`(*DjjmHNaMT8#9XR?(3i>e6A+o;AJ0f!AyP;A0hf2*8+3~4+oD%&iXYsL6&Ng+1Oe zOgR%rMj**U;OT@e*i;BGgw`X;;EP(XkT~v2`j5;kHa9*09NNhBL<=Qr6qWQ+tF5GQpJW{Tgw8xjy$=*_- zP;?9wsVg_Oh!hv$>$Q`Kz;YQy9?(N4q`m4GJ>-TIZpJ=EAEf*h=_sm6R5%p5t`w%H z5z7z(Pfz#FLK*1>W6AC1somKW&%uKQ;iyK2z1FuyGa#rqs-o3Agdz} zm2FKaRk0MJ$JC3WUN4OcYHufWj6{uZW*xfuvfzL;pa=Kg$siq zz8rgcG!(q3Q10EA+gDgB)ogisz$}m(j?V{~l1O)jdxwsAY^OEodcdZ8qEN#Gqj4sv zNyi^q<^PD2dSpy70*~lP?YU-;i~wsCl_z_izlyssvKk=;Qw>m-c0x3=glSO>u)wXh zBwiyI%xXu`ac(tthRB@uhleEzNb*J^K8}3M2KrbX9obS;Coi6MAdeMqKING_s`%wp z;;P-r9FiD>2!j{HCJ;x;V;GNgTO1i;NE|GbL2f8hMy#x$)iGKd@*st`RK;Lx5D2ro zGU#VVg(Q}d^wePovGK52@Yn=dLy2kf6k>S4RVj$e z*cT=718{zhM?|WRKJM*-XN4GC(o>3A5>$a>9a8FDQ_)rVx7c#KJ#)k#sW zuYc2Y>bHTf!;2=lrNM?SaAQ<OlBNrZmq4loKOiYezor!1`~&XA)&i$db4UEpakbXW-0#o)kXHJ(C0;@?5WAp4HQ zJzKayW)hKJiX&+eRYfU5X`}I?VTSWnAs>7dKtX;RarpEF4o^smQ6ta|$Ph^C%`!S% zHaQ`q93~IccxoTceoU8A!Tqs*d1phU zS#mY{Qn%-KMg;gbyr|5mh{kv%Ml%#~iF%%#03-qaVeces9XwiK(hOL+OezBL&$_^v z*DH)u@)iKIzMaE25~gI864F*hqJyV^vgIJeP^c1|h^-{z5$-mf00~$okg&xuql}n! z35z2WhGHhF{jYEVWG}OEm9dW$1q93y#L-ej|(%ou2XTvoY7OwA|h zlF<`LAxwn7<6Ess&(sQ%0L0UB8e2*ejo9Lcl)z1B*8IdSs=SgxghlJo#+Vq9Dcd?) z=z)j)xU@Hnw7yDPA{yp?(&BD7KxAUB#{u(wi()kE3r~gw24+xXt5y723f!C0zDT92 zrV}X4E@KVAe*JYtF_{VWCwIJ1Y?dPX(#RLKIg&5zc_UxY?nwPq0psu`iC)9+?m)o; zx(fYK!1`UA!wbJh?kIN*tkESK4o0*Y6)v@{q4sIx0H%13BF$N*7*a9;-e;#G@prLB zx&aCVPQNxc#cl}W_qHTH1YXB6KO6v65GNohE}!?{r*cxdSVs4yIM_53S60lD{|KV1 zfrXmk7Fsg<0O2Dg4Z%n!r=b|GjQ~J8G7dq=qyq><;TS~N+;-5v58dun48VY%Rx@4A zd|oT!tuSJQ_f{?^2hbJ+5<}^zp53$LmsMr*Ehv07X2{D=`IY~dL;e6|?vz0bF*!h& zoIaTx@R<*3-t@VG1X0TUECB>9vg5T<%4{{gcy)+?M~W@Cx3?vWT1lpI(z7fo@9%Bz z9-i(NDT?2FpET?G{GZRRATQ}^J?j>^1FIW4d_(|s%Zq&QWQGSRNAa?0`!EMcwTjGy zk_;3~TI9D*#olRNyxuz9J6+9v*gJc7^!`kI*g84cIy~FkJrzeMV*BWDXYXw9=n&rC zh^@n)#SeRjJFCKB2FJPUhuC&x^m}wcNGYcxo2kn6bufxhcpz&G$WRAW8>CR{8wzru zFFB&MlHLq;r$hwuOM5&l9`i{%Hb|c9iSL1Yxc}Gs#>V=>|LZxP?EEVO_ouAmG5&w+ zi}`<+Cq4g4_x$DOzrMKt^I4v8^Do7oC&7b<&;Q0oW3m39<(W4BDDIY=ur*H|ll_0I zjrCeJJ^!_8y;@oL|31gFB$Aj-c)3~<01BiT@{C&&I{`XQ%0oRv{%YNm{V&LPZ0?== z_A5NZ{U6pll-QK59|man`PFwh^ZnJgU%eWe5x{^TFMpW;DYpB)6A?7^k_KgF83(5Y zjlOklkQ3pPeo4VeWf==+(2YZ@eeHyJCjbFUrKBMaWgZ7sA8x`I^*aU1%rF)RdCr7} zhh#IrcM7YDfG2!US2hLE*aie%z+J!}X^`sE#Ij8?*V68YO|%Z{hUovQfR4>ET-!uo z4{C-wcNo_Q`F(m53_uTRKr zYBP02b=g9btKbvEqd2sXs47YwUyUv_Qx(!qD_aLAkFO*tHolf# z&q8fGf#%;Ccu9tFKn!~v_?En-0HrgH2PJQHe#KV|GeAyzRi$EHG$ubCl%)z(#@FLU z*JS^|=ebxYm6C4yQ056>^|gr-sD96aOl2Ggkk8DUK&k)Qg@aC!IWgE|lpCWv8F%#w4G|LD1KZ!58&A-42~Pz8O4>@(8<$ zcRSG_k4R26Z%na?wJ_V&1eUDRBr^+DPxixbO{0pAs|z@MJPBi(O+i&5%TQvfj*&&C z!N*8eV8g?e*IDkXv)|h1|F$H>L zks09A{ZMJ>m^2Qy%02}$nNlWD@pTkLm2Dif#M==*>6a9wRF+9_*iuizp_lX$Pm;&4 zakj&PF+jtrh)bC%nU-ZUj{{4aIb>{_glH%+-Q3~NdRGAaX>%cP|mJF37q;M%(ezNp_R zU}lD~K+tF)ilrVTc}oLIWf}|08+2VCU+9h{1eZ!lgB;2{8EhKl7;v+JiV`?cnkcBm z@uZ+1255r`qL)G|DmRpxZrsR1)2lG|&f(NCRm`&Cvilc9y}Qo>x|_I0(q3K~NOLp> z4rQJUR{NJ}uqtH)STplDuox}gr#+H?rNAT~#~0VP#1jbhmH}gC8V{-;q&BEjLIz+a z>m-3!6>xQ1dMRVd{2YRWE=-Dx(aUX z0r2!_@kgD(Jj1Ce;G+wTtpcxCmzPN+?Bq2KG@WfMw8(4Hv^CM;s%aYbAn>tY({)V* zGNEer;gdD-OBQgFWfC0iTc=>@gdupTtW#m4W1I;R-bX`}8B+iUY$;~sWe2yC?|R=$ zu$)3LmxptT74f~g5_?k=Xp1jQZ1{Zy>|N7#ZY1ib64Fi2W}O1FW3}lbbOWkN8U@$P zJ_WLCOR{FZkAkT)jsqB9!M+kRZ>xT%0GS!a0+DeO5C;EDgGfG)g#e6JXmL~3@5~hI zEHuMan%>I9sg0wKXR$OUf2Nz2d>#kE+<->zQ?u+)DxPbRzliLI61gecf%qMk#439r z{4R6961+^XQnI@gg6}+}Tq=cJsJFtqTJGn76CuD_iBw=Wa(E2$!9uuQf+*t?Tr zFtDjCZ*T!+^Hg*mQ8zs_;)cGBK-NK4|E^+OgsOlaHF5~{J*lkzOg=Z{$F35 z|3Ay~MCboQtecEu04wDpH$+{`IH^NqMa6^p3eV>0XXa#He;!AeC}`zZcrFp83AXw$ zS!qrm|9RvhR5V@4Dx%_sg%v;SVNZ>(kIzqR_}{>Nu|mU78mC*lxx zvdvBOht4IJoj`(dmj~t_>1F(F#+mp#0xZ3R6CdH#kxs%0bzVQ=B{8?B@RFF-R~Q?N z&jZ|rvB*<+3@?fKeTJ9BlX(pr|MkX)lHp_z%<1yE;* zLY312JjAByiLffJUEgj7olSABH;GkaGq_k)Q9d>)`hy8axgpF0MEf8ZKu+mif>pqv zu5-63%K!Us`5T9s% zOvCs2AZ6{^p9C6NuRRGQwo!jPC^k=jZ2810eF}B{TZ(|y3TYs0Z$1wZP1~5y2}zrl zKXzEgT9(h#u*9nTA!D5dq72F()Djeu(@;p^`Pku6`kJ}gFv4*B(d`*!89vWc4Vi&Y z+j}|Cxpo%e>z9g{T2zS>w&b+Q_ER)GWBmQtfi?B^(}o}k8cLxJeP=?4hm5_)H}G6B zhh@~bm(9Kx)(T^Qq9*^beKt(H9}7aC4a_r@+MfGCKsZ`n3XEyR{n#E2S!>VJGik5= zKz=zDgwKFxsD0<4tIA?~8kVyTIOa>;wHc?_Jp!^hOMSdBS)P9j(kWPHAKA=`smk)EvbV20)u}&x2A~v+a3csdJ3St`#(b zo>mqYV^fzI-W(Hy??<;HW#2s?l=&e%Y(j=cW5|AcuK67@)qZr}@C0tI!p*snEp@i| zSSW0WJqKAx^cIhAf^iTy&-5yj>&G`lSz6E43d6v9`kvAWL>o1v=o9VqoUrTo?R&m4 zPTX3d&msRO5Yb_i>v?YoKX4P^RW}0I_R7m2p#l28U~+a&NUpS)$^lU zk~VRk6AW23KNf~EXr9Cf0WrEp&IkS;$iHtVF+lQUcMkfdtefYVDQVFB*nxQzjZg7N zd`4}Qe`iHke}vQ9`JZv;zeXJTIZuD5+W&6UD?{hM)!O>v{P#JY#rf~z{P$0O{tG`W z8{~jZbt1W`uPuJUqhV=x{`m8TXr679k6`6hLl4($2|yYL<_>SUv4`O*RmxnlreV}S zyMpRxM;rm>pY(flg=%s;gw9ck#vb=%yw7<2Bye{QZk+ypx;W=bE$83Sm8Qdwi+uq;@=) zN_MI?cH)?u7Z}e2;gQ{Z8in)2VFyUR64J|;1E(}%Om-%1Q_KIhzdx@OUtau9|I$Az zlQym=(Dco#qk9^C;oPm5v;HSl^QCO^=hhiYU%z=(_xf()`OfV|_zTRXCQ^6wJzCqf z(7Da4Pntm)lcU?*o6@6klQ?z7vuD1+An<4DvG=7#@Gts|zW+sz{`{&RdZy@qs_TvV zQ2hV(`a=Kn9M4#N&hn5#XT{7qd`;Q6>HEkiJKs^qDy7X$iB-9!*;PXT7Q{EpGodbY zMGIZgL|xIS>%>P~B0l1})5Hx;35M*6M*dvDpV-SfXiGD?@5#?A$|sNg&Cm}oNB&;9 z(f5dd={0XYW9WbC#@Em5|5d5h8yiFZUu%s8{eO-pMgM`Ci_;#Gy5(=<2!BkV=6t!Q zfhNOreSJaK7j*pz>AG|0v{499m+vAXN@6aJg+&4Ho;E&<;(dW=JxIJA@tfG(e1lh> zJ9jWV-!Dr8Nwk@~8|ebUZ9>ukMk)OHhy*HUZL25(l5=-+8l9Ve*9U+-h(ois4M( zK~|t7QBc?Caj*z|!#hbGl!RJ&rHkkA5uuC75J^d6GgZfmlq*s#<5O_1nXr9qtI{P5 zSYMh7EuJs+jNAX8)BdZmK6L+Mb!}n)^(@a~|6lC?f13S&&zBp26$=TgMdn^@5cLoy z<{!xi$b+9-*Yf}f8cQ%3xusjUVTwHR0I=uA&Rv`@i4Pd~2?kDXnJ}nr=>%{2unM3^ zgrl2O0#ifCRP+ zFzELYSZ0h%sI`S5O>t2v`#a*Lu+-+}e$XwEpUJo17M(!F2YU~7KxLPyQkRGa3Lw(h z^QGTXb(m-ApDqyPe87UlZjZ1Ekr;+qu&pEEmL)oaco1S5`4W|6D=yQ@Zl~dW>~VV8f{T&v?}rj(hHg#p(aO6#D)B7 z8r?@@r-t?W@6(WXV$+iKSbRvUh5#!wU7)P3`)11v+Sdf0K?AY|mi_P=c!DLSDurPF zfg`H1RH+R|0Voz>A4MF%qOZP&cQ&r1*NMP9b#E|a#TDyCm0bBYBDQWQ>9hZ=TBzudFFxq#As3FG5w|SmrEzX7w-Ga2&22t zg@2PoI^krG*+g`6^JhH4fPc1$XH&LNCE2u36DDx7=sgd`9FopwAt0#ce()OlylZs) z+ML$dNy`$;&WX4RNeL=`rwGr#3*fi=qIfI{|2qlB^11kTeDV9=Rti(r_n!xS6Oup` zKPAC=a%uw$;14^*N!xgMQ|4xzsmU%X@#s&{*Ow1eQlxtd5*`F9dRw3g3ylKt*zx_I^j(v? z&SoguGpQK{R+xvxb2r2UHX~*j6Z1KnGI4VL z-FrY;t}<$)vkB_{A6TvT=qf|UzOv#6RfnD>GiQDX!r+q!DI_y-pH%1a52$t$zL?R< z316T`VriUL&Ui2?Sos_o7dVHx#!N}+60EHGd%71nHn=s>o zgTyzn=-9a62FxiPn-B^n74ssPD%B$;9@a4+I7Co(}{?@176DV+YlY&;7un z*?`=SD^3wfA6Jw^Za<(b2k@P_fQpAb$2v~pazB6)rDJH%QTy2N*Ym*C(XSuSBOUE} zo{Bl<#jJ!``6g3-JXd~1l_Nr1&s_beP}XzwekhXl%vhWbCH(|V$i$?cy&*>MjLgFjmH_Q)&d1p0$V$r!mK{>-fYqXI(DfpM8QA`huN8$jbBWz!LwhnPVQ$ULFhIw12L z$d`@BJO?NhabjkAfu_O|RnqQ~Qw!>#%d_HnI>_?uE!0t!A6R6raU2SwJaaFH0wzD8 zSuS&Yei>poVU@;bPxmC} zKT&jL7oo$5T;@U0{B_{D&-(h<^M5)o$(;YJRU3a1>+@GV{rN9H{~0s?=)~c6{UCIn zppNPOzuEZDmFoJ&;{5M9o+WWSh{<*_Dg)aC+-gAgz>`x#Vld9QK<4I&R}G!K4Eksg zg$8Cz=ob=QS)sJhM+;X}0S0v}m3B^>r_gvOw+CXy_c=ef8uUxBkK~-I_-fE=MJ2nHJJY|=ab@fD z)Bu<(MX>!AW#Hf?vAeT(c64%@t}^%UrLS`(`0wlg%Y9vnZqKdauNUyEWnJe^c7NPE z-8(wWoo&56{W=%-V%TePUpG76J(|OnzD|BaiMR*+_s3ib|Ak?P+MO6(eWG0Ny4OJg z9U8GDwvP^u_x5*p#8S5FIg7gYbt!=V`uA;Y5B`K9#DD3&@~=y_=fS_u9aLEk?Vw%8 zuAMoE?A=V)O1G$#4s)dtU3YT&pK`~&LkEMX44s0K@TcQgl#&C8*G`ywJFr3{M88qvHXAEiE62_D!zM#f0Hb>+vya&b|iDu zWR6;?u5vg~smtGMr45yO<#w;o%XkR#OO@ke6!>D9QtPGqs`wUvZ6pwSZqF&wQL=wDyTqipyI9JohCxE_U09t6c(Ev0R(^VouisdyJfx3x=49Xam zjy1SbBV)9~t-fHKsURkCUn@pc44%qVWd-d3*mLV1yQ$$PNR61h&WQ?-Yf0mEE1(H# z;Pi|d6PPnc4)aQo$s(XNC82UBD#==K`<87}fCfl?p(^L~VJr#uH)_hApR&qnGnWeV zXkE2+%sPQN8-?#?5n464Fe@oYYRS}+u{7}kdzns77K>4-LX=99T`wME^wrAgTCsD> zGiacKE&3$iO(u#GVdO$bFXhYjP9py973bV}ba z)6;VjSWFM7uC|JT0Tah}NiXR7>PY1Fdv|9X9)|9_STofOEQ z4dita?_D1RcBa0~Yv*3<9{zY<*xujUJv?h3?;aE`zI2Nh&r?2Q)_>v%{seVA;{3N- zsV~ldpW_)b|1xmh)6_Bb{C8t5OaH5D3;O>o&)JnD4))G;@V;eu0iH35+_>Cc!RU>3 zk=6bJW2ud{Fj(1@6FR_l(vcL#$?Jp;ML}y{Sz*^%#S>x6zsJabD3Ef1MLdJlF&1-l zvaI49a)iGq3fe9m|Jp%&fG5K;iXI&Xa|}ooOESMgmDrBu3D?izH}#1QnNfU1*&=k? zd`T%^--vBcpOYYjbb3uA5CKq(ySGa1T*b&@bPE<4;;n*=)AHQtYSjq3xGEw{ltC+@ zA7wlk2iXiE;Nd#;)iHu#Vqc-@WCa(?A;Nma?G;B0OnQQc?}N~XDmg}^9l(&S=AcGA zMONqTod81!V%M}6O0=2F;cQdXMCuDqFa`r^^KjDyB&K-kQ*_0~&vL+I)H%<~sqTc> zVGNKGyD;_`M33Yi88%Zjy#)2Y+ZCrrZ_Yk!o$QLeQ*nH9^yA*n?v9F2xtfhj`ExoB zY+#Ob@O{e7xx>pisogxa@#bo}$l-rIL);@#2y&MqXr-i4NJz24sy zR26h;dw*;1U{&mF9c;bj0Gvkv<%F`y)_r)li%B`CZwvmvjlnsw8+7IjudC3@lQUiP z!`|ucs@OW&JH-Kcb8-aWaX6s_WZ65!v+BcLhJr&aQZoWs@csSiZqk;W-K~9qb&5SU zGnW=(;(x+3X8%_n7$wvm&RfTn{l8jS8?yguR4R-8|2dxDazf-${>yKQyomz&Rs3RH z>Wvv>oGjd>L1Ju&K?M7SbZ{4uMTTA&%Mbu9+bayh3w*R$PQl?XXl5Ieu?wbc6Mw-0 zp|jtc4*d2o*T=yBALc|bPKB&N27!jpK=?ULwJL(t-!NXxC)uCAEsxMhGJPLbaz)eQO4iE-l3+k%7Y`r*bG81nGD$S2Tr8Za-SCT{lDQEL;odLTZ*op zppI$se|4=kB>yk&|9PHg>96IM>z7+}hb|LV;rKTq9QdMG6r=}EA~K^9FPZo{!bBI5 zKf?I%c~J~RsZ=hB;*UQr$j6`J8MFRRcDHs8c1u0`De9Q6{~x;lw_aK3f1c$@nee?b zo?LE+;zC9oSRb+pmF-KndGS2mGiLp(i(sFmjtA@is~hW$+Cu;T9M6>bf0B#fr|JKz zYeV-xt}pI?dY;GfDOO)|&>Hyh;MH=0e-y;4S3{8pNk_~9v*k@pAhWZ-N=(613ut>; zD^==+m6FsIf4@8~BIL?SF6VYcx&b-5FD7zC%W7YvB01s_*^P zlDP3~0_LdYIXcGoAaq4uhPUkZt&(RA{PtDfvMIzRmnn0ZGFP9MW_?nVk2>%?Uccf- z09Bd+_WFU39%|y86cl+5$awACFFYj=)ZcE5BiRewr|{V?yZC)`Z*(f;u79@C8-LV zY}$bn@s(X1UrwZ92_5c?F(HaEaJw7~qY^v_kp@;OEV~5AR+-RH+3ip038gHZyKa0n zXyFu0uYX9*B7XeI@|7t_`Ki6uD z{r`EMN%8;rgId|kJ)r+UY9AO+U6x+e7m?t}xdtS+p)WlO|Gm%j_#g9&0Mpk0#?bj+ zt+ui7|9X~(E@^cYb2Wl13i=T`10;4onloy7K?}BrD0afp_+mt^HW>^GE~I{ri5uUs zdM<|V%<1^vSB_U$6@`vt2cd<(A`lZOC3KutWOL|ms;FQxoS0I`rQ>L4Ta${;_L$~S zO<&!fE7q0mXCuYRCgmt3t7?3vRFW&zCCG4LcIdp2t_8uRS!QVG%*|IhJcT>%LRq-HI?+7u<_GE8fK zlT|;twr*P1?j``RV;txYg6BVnMZd-!#)2tKaurywjDdSu54Cnm6tpHVPUO_+rOt zK@LdWlY?@}Eo@>WgdlW(b!_yJj4rY9mmnDHQ>B*cU(!%ImW_T8m*qi(!S~yiN8ePP zYgp%Y5Mtm(4-ZB#Ubq@FqX{y5O*IkwZPO>QY^Uap&k%~}$c-0psX1IxAgT()7TpVm z@fZhpO3kk_(TJbQR;0ewxXJJ7EXfwT`@%Sfdw;U8a@F*l2^r59$EZJO;Tc$m7|W1c zUP9*v9sQBnz)U0n%NcSbG4Mk?g~B5`1(`aqAKXHDKl0jk0npR-oF-O7{yPX3?-z(1 z^nFpqDm>B>e=%RxiE&W{L(9Xwr7a`KWXGwex{xO55<42Zd4iz`~PQo7V%#f@n0A5Ul;LT z7tep^GqnHnR`8^CJY4_ZsIILo^#9NC49)+OM*iUE5$8XZ%KBpdpW_*tf9?7EM8Ti_ zGQ;_QV<`S}wZ72*KFdR)pUg*wfhyz@?_2f7@X$3svvV$#T@`XUHdj}6z*>QnUln-;P)X}}dAo5Lp>GSN)Ur4# zNHlQCB$(uS3;rEQ_g~@mpiC)`h6LzE9I@kY@^(My8E+|PYGA(9heG6dsB^({dk)T8 z82+g4Af!B$CHK|svNXEI+tdPRJ1cNl4YWemx@ZLZyV8RFZklhZ#H?k&(E5K;&o6$a ztpD}K#?b!1R$Ivb&+;s(BcGgJC^BG8J6V8g;U@ueBbi1GB3F&CEDsHb_z~8pzqq<>$xvZE%WjZ112cd0UM~9Sww!vf# zfctX8C-hFB#!~?o>7|APig}pA6g;|^(878V? z7pYf|%VFixjNE4RkWvWaU36}IzlvadAkJuoN+a5FDIyXpXcd@LPsOrR>XtG?d=*5o zXhRB!MvDT%FEMo9_)l~%a{%TS1?BwZsc3FsTDvv^IcK*~Lc-%((k zve-tG=t!b1qsCIjeTDG~SCXMa4cXF?c#}-Y39ltWf5ZN;nP8u+4R;u&#>ev3^{ZKT8sc^ZLt zf`&c04!M1i)p39jjc+E$Q&x@iQiE!=Xapsfb)q#Rm(7f_=)mmp7g(DmB7WQZdlN^F zPn{k6-pw6|4+GCDJT&-N*W<5GkN>6o#in zOz9iR&kZ~t<>R&&c((X%cb`7f5Bw;%1af}EjloE&t0by-M+Km{PZWySgiDiMyrf2N zCECy2spE*tkw&(c@+^?vnW0UE%2NX%#~9lnGv{(A1D{9tQm&CpDsLY1%E^&4rVnN{ z>gc7YR_o9bJWdXgd0|WUB-(AI;VS$(-Z~K95bfo2IxK&g91mYA;)It8!-gNha17!r zRFhu{k2V|HUoQFDQpn!7!ibTl#}q0e4jbQ%{S>IyC7t&|3H%WZ;!Dnc84c`!1|SG+ z&Cf`xKt$Y<_(?QrNQywh#4LsC4Ljgnni2K@Vh_MDWwyk7-@QXZEzcm0veNDEVTE67 zSG!f7X4L}9%Ez1lM22h>>SAYd^uyi@tKG)f^fdQOL5!)NOf_U7NgZ>!ZQ4mBy3zgO zQclEylXzz&7tf*Y_@dNzdY3%2wACg{fbkj+GNKWzCKFAj<}KKp0jFhjb6FKrUQWO> z4Ip!}FCg9W^hy|tgwq+lWEyewRdmBF0mO|P(OimNIIfD;l*9p=DcBAO&d6xD@WfkL zC`fWiyE2}$ol8lq?Se3Nv24DrJYDd;A^Gn~J^%T6g#NeQSm=MB_zqJ0h zwy^(ymS@8J%dKO6Jb3W@*DCe(#rl7iXNLJ7ZSz)&u1d~qX9Uyq|J7{#?^7l*J^M^s|Lc{^`Co0V zQeF6eJe+a!}*9UtzSA|7lxoCnPf_Y~R`bX>)sPd-vpw=}h`76u}5E@az4_o-ip< z?)BE`t_TLNP;y>H{n9J?iocpJ7Fh*J6ofLFE?+P`kT>G~nJL)}>z}Nw=OF-7)_<+C zk&XYlR^3>{|9F5<;h=iUHnPwvrB7MfkBT8*89g&e~3C8B3G;dT8>r>3Z$J4060*G6rIrB zirGLKomjNnfT7`s-r(8hs(=D5x^m=~0VgU;7x@%n8FF%!?=h z5II!Xb_bpns>onS7K=tDQQ+N>W{NcP(SS^=PhG#w=UV6sLH-k=6FE>P9VB7&f^y86`WEW_f`(Y3V?Z6Yt z6op+!aPV=jQxUernkuz(NJnn2FAp-Yt3ICHc+$TFdkbG}UjQ}_H4d7NZ;u@V0NlS7 zNjaa}a@z&|-hn-D$TTp~Q z;WPI9rz!6MW%I(htbwQT|Bdym{ty0L@c+;9ERkoEzU*(CF8fzZ%I7)?SD(+ ziSPeI&&?;j0dPq?)g6G?v?sd-a4Dy5i&nzVFh3y!)xj?vf;fk(nlGMyrQ>%m{gwvx zsRX-EJ{KcdiJKUZ1~R`vJ;KMp^_MvwGTYjnZxTRq-ld!ut3p??f*u0BAa?^;>#f^}f*{KFg^uTdTp5*vo)0Tu?U~J?b~mk_-KcZxIrL!vy4zF+k+Qq_ zROLpaa!CklWpMS`f+H;wV@aqr915DWel@WL|vBG{FBQRzEuU6_q=YMO9 z_^;3Nr~rwDWReSvlM4N0*nUWHJHywKym}=HyjBY0_uu6OEZK`kRQPPlO`)^tIuk;; z9SV6?%3e~!mzR+HYok;ttZ?W?edEZq>r~7eZfMQtO_OuwKq6Nk?C_2N6s^E-J~C3P z6Ne!VdTzTZFVE>%7>1hzR>tU1lh5aK%JBrqfHaj;q2=&8-A`q-ob##u99a&}V#+$R zJkj|igKn}3zDR$T2REN`Se>8^8ZFb8H#sgD1{CK3I8UbWqOdA9ZO60j9eX8JNCw}V zq156Im;dx<7WyAWSD#b=yS6cO|1ZcOi~Ap*<&nI7Q$}7aNw$}>$^mdd z?$Wn?y^mdQa})VhG@RjUy14Vv6R%Yj3sea5CxECRo;QhOx}pg+p@RdtJ@{y%6Z_GIL{ZA{aaB56t2yOSw-1hiVx-`V#6iToe-il+Iq-v0|WeqYq~sEswDBHz2l48Z&t4Wc4=tnf+BFK`ho%e5SkY58&;b+&?W!j?xBW-;|#DtV()9|q$4 zRi*QdO2onZT~szUHc+Up)EkwRRh=8XHT1>Satuf|C)v?Jm6p#i=F>J@p;Jp-wYYU9?Azyom?G1&z`?o(v`!PfX7xZeD=V9v~uX1^~6fkZ5*M{PM)N30H z`Ttp-MAIjaCgcV1LkxU~0YD@7#!1uw`ks`gK@)}nlmTrDDTQr;5Xodi@Q&^w9b-nr zXzCXiYx{|w2d#f5twsNV9Kh85zmh%wU9T+S|3A+&%l@yYy)a?ft2|{ohOx_|*#SiW zlI+=hvyuV8s0A6A|9R;8#~UG^n*XoWvhm;Qjq2k5*JpXgtYw^L`8TyqOOt@1#Z37} zWL&J~Klt;Y^*>y-aIaY`fo1@%BgPOF-%$Pn1v8382+z7+)$c)ft95q(ctBx+yZPG>Zj^Z0Y z$eG7?;-c*!@ht+K-FvgOz5CZ!Ua%qy^GJaF<&o*wd8OL8$jQ0`&sH_ALQilY&IjEK z7z=dq`PGWp#0*CR0MN-%F%ontL`M%M#&qTQiDFR{+h{_S8a`CwtPJUs+>BH>LXV_I z%Dg!$FTK@p+^8ryn*k2RdG1>1M1AYlSN%+8O<1Be=%Qbf(e_HITB>kY{TuP_=wSC1 zwhmh?zRAqppMKApPXFbNRCAbsOg;ZyYh>+z*BXoS-)DLF%rJ8J23}Eg1)G7!Ry9kXThT6-=(4yF9)&mB{WL7TFw+N2~ z0*X&JD$l(0oa*$LiB0F3WhPU7R8u#l`c8X#^^oVW)qiQ~G+Jd;)K9o31e8{~mF_M{ z1xX3%?(Xhb5CNrA8k9!5n?;aZO1hWsUV7R6UH|u<`(ZxJoS8H4oO#~oc_y0trS1g! zk)>R`gJ4sw6GsgdJk+=za6icA;L)F=xebZ3<}Ycf3${Dv@(R4s!^AI z$jP}!&L5@+TD#0N<>B)pZ|@*EwudA(#ZnXFtarRTMNAQJG$DwCL+3Z)D`F_V4rUs$<5<31Dyw9kE zy+7BRN%7rkiT{@YhA#cb;H+EviXfS0GAkkYYaah%Qo6l<09n7qd-!*Wh??k&4 zXW=B*)19&A=|Y)#h)B9a<-nElrlv?O+HI;vjU2-`1QTiqUb}`(b77_r*!SqYpL~DE z9s_JfX^dHfy3xcb#!d_}y^$JrXL-gyVn1+@_5QCceb;*)Mb|&Y2VFFf8)Y`PHh~Yg zjD)ji{gH3L!(%k|7JmQa~%>e0o5HWA`Q3qmd4~(+_c7Mic9_qU>ZH%BWZE ztibsr_~WjQMlU()RRm#Va(@W_MJs)}(oF2-1608oZ6uQ)hc@x%Oof+lzKdw^OP6Yg zZtGIx*6o~Uz#-h5fsor9cc4BZFMV~G)OM|HP*i*Od+5jbLzd*_XXPHBMlx;at^F+c z(l6FEk^w@@dI8FkhivsCSU~rbN(U)l^`;Y*3%2OG&qcx~YU<%xD*yVGJJEyy>uiqH zaQ<~dKG&+B@hx7h5`oHg)OCF^_t)CRn;&6*Gx=Hfz}tvkHA%n#k`K)O(?8NDz)Qm5 z?9b5tHzy5j`$$rYgL>|v_xNwtIA5WxjhCU@&i^HR7vvP zcdCa)&2-+PJ~okR?QS$h{mt`OYXuo(*ikEOew2PlKP} zFuadcD}B|jn$_Ad8^IYPXRtlvU$=)skqpJ5&)_1~GL7-)Qb1+!b@>iSs%Nxq$Kig#?Da5^{pPt;hpM&^H zpXn*7yhL7XSL(84;g)mK`5M&o`p3)!$dSqbfG$7MBOx$}S03RE@dvLT(P?Y9I^-ZU z6xV(CYz_pM*6(@+F?FXNm zQ<0;_`6~u&#$SZLgXCDf8jbxcaJfz?v4Q!8gv$H1+Qj4Pj<#KLuBX$ht@z?M6$)IA z;_e56>+SuX-$BrRquf-(;c!=__4fqCil+$FU_wn}tX6b%|$e4xg%@N6gZG zv7glJJ>CYGi)7H2N2v-Pj|PJ}T7&&SvPDeK^~ghrVrcVTMdfy_tSN--p>zcE)KpP9 ztD&M-k_uzD=UyF2Nw2hS@@ zZRFm3LpSbw(`S@^VLN%5%#Yf%`VEqxhdH9P@KKnKm#Qs@l=V@mT>_$l7!g^Nz8CNX z>|~_(M+l^6PCy*8a8OB0eH(CRkYDe5%3pZOsPkZnKs*%uGs_kA`z)whr$D9bF{r41 z>YrDJmETKmM_3epj@q*uvHL=6FqOLh&n1EU@mAD(QB@j&u*szxsQxN&BQd#!tQ|nm z#lodY??7W-fP$rWr0<*W9UJ;CTy@u5p9P1HFf>lqQrGcKf=~=J-ZYTmv_`YP)<;~V zKj7O`evSp3%b(lT5`HiiXt!_H_;zrOU1F@Z7A3L8{tBk%sgh)XL)NZ6i_D72#z1*T z9H1J<8q=fVPtA}1Rplkh^c|*2hD^R17iVKbdPX`#$tuo^W=nYP-4D&f(G*bw=Uu)I zay;)AJH_v5v_yE{GV$dfJjl4o`GPY3Od4UqnS!Q{x97H!?`;S-tUpFm&-(?S&*pEM zEZO@Ei!|#`$DyqJj*;q_>OS65J%~c}ABr#1hl&Ut!ZlZ0L~`M5-6zj&et zg^n_vE)f^GrVSs?m-LXOI=+;%;jC2&w&mZkSPwF|TIXQE6hQyzWYyl7m6cupoo76f z^S^KUyTI-#RQ)GPE;~T51{hV;a&7(Fg8nDz?J&`%z=_frJ3KnI=VY(t=w-PXxSFDi zF*d}*>?ADI9{;>qA?y@1wRlaCHROcdRA~N_=ALtM@ut?dX_5!fQ#b%9Zz7TZyz$aJ z*w*bktvZ@iS=x`AjH-zyMg|9JEW3L_;#c`2tv1C`Le-!0l3{S!bt8GpQO=BvkvRR! z&v=M_iS0w_^Rda_z#NC{HMr+1fRvcbVEjxVW!vz0NmwR2%~QoIxzLyJCI9Emd3*H~ zwn+%uY?r4*+(UmOwPX~niUDxkd~@<>wo=ZuB`pbIKmd0)j{XWW<8Q7Q_^|}61Q>r7 z*bnicT2w}(jiXBD zl(;qiY-L_XZ12vFJlSQ*mOjo#b^ zCfg(=d<1BmeDt2hbC_AYM_ifkNKO^yEsQx0c~Z055c`4IuMqEJ&y6~h?vm1RIEtJ$ zqFy$w_0vt_tSCeS{-EjA<#nk*kiYJ0qM2EgLs=3DdTq6035+9q`H^su@5h@b`wF_% zUvMR?KH1TCeZIi&hk1Lg7j%m|pV4)%iU0YhZv0RP-JVj+cQl?*0MV+>VX4&%_Qv{l zY^7oF*5ku|Iu7}3Ylkp1w&dfcL&_lXI!F`RH-z$I@spK_Z_T#|r|1M9}BZI9qCaH~&S_ewCRLE7=9bpn>cToOI8)`;HGvrih_V#Zd#Y?{uj zsa^*Bd1L(DmC8BX4$KCUi9%Y3V0~vsNWHx?Tv*U!(S?h zjY4i=D6H(Dh9BQU`-{eQ^bb*Kp~$IASNQ90((gWNk3mue9JZoYJU>3L6-2$2K%Ta z160k;CkTQ$Wh)OPj8pw(!9r)RK4QfK5hfFA4x@&daU=6tq zsNxkjg3f4qLcNUP4wC-eoy}fQWV0>Zdg#fM`P|tm-C3yp2{lr5aS+z*k_CAxp zKDPJVCjQ1LYnJjy^aX*yT1a~=k@GuH`|0i~fw;&W)Ego#BIO)(sc|tA9fhbZr~#F` zLBE^>0ltshLq#_kZnS-n{-=p;A}TGf4b+xd2KE%0(Xr++4|_buXI z$JLF!oN&ME?R7X}0+PXlKYtEAxp9RqX%ItoMfwhg;uoBN<%h!s&*Ocw+ZI>pvz^cY z$qTod6`tdvV{vIWpdqBgR4QRI7ydYhRoO*!wu+!Mra`*TKh6d0`-MK2u3B5@bPGi+ z#2$m1@S)U!=U!#4opeEe6Rgf@x@zx0S5850pnHD+R$C?w&6sR4^E1srXziaNHh*`+ zk>l!ibOfQx;x8y~MWlO{{DBz=*={b;SxDTYpPj}OQg0l7!z=0#?5}~yAVOYTxt^Pe zoVyAO_tcB~4Pjl@x{0M{)PkfsE4nUw0s+k;xo0y4w{V3Ws3>pqJs1X~5`;O=_p z8K}#!66rL>M(1scJf;ixqB?`t3Q0LPv3Gm6KaG#ys;?pF&P|c`TfUWdHOWDKP9a3y z>n)TT1Mmy6xDII{*IU0(vA3e-cM-lqp?-Cwr(FT?-%^zT=ytv7r;D`%aZdq)BXFY! zOEK;e^O<_)7n)Zsb*U;f$u3Kz!zm0SVW}gq73i-cIWB`i+i!OH0%rntm>;W6D=VF9 z`&X7H23ix>`Xe8nmb-yKCTKNXaf|1%g6p=W-&y(J+qh%n-EmVZub`erWc}RrafZ|W zM_Xj4mX~x>%Xv@0$Ky`Ah*J@RGOui~&qPb(>Fmv3=wHuseBIN2-|moHjB@8HItsD@ z0k2)#)4DppmQbq#<5?(mNDinQ+%%O59kt7w-yAJVXSfF(+4ZsRA(Nm=lM}&&$^BZt zYLeED<^Y!+k-W*FN@zUHa7eVk&$k6_MWV-n+BIaDV*gI0pyk$$quQ5Sr+H7jfJdsk zMe3BZy5_99Mo2ezPMuEe`^mzf@{E}o!rSX9#Kz6$CKa%7De345^nUa>)w1%tIq(cA zsjp8lbRgB!%ibFuje%QOwcaDFoOVw_>pL2JH|Qp4bYj=#Hn$k{p@AXL9%HD_lY0B) zklYI7bb%Y60N+(u^X#*@nX$1X&=jKURFhqr{EzzcX@a|?n&Zch&*No}WqVpWJ1q(@ zJAdy#oR|8vPd&$~H6uGco?YHQ&g*VmR)q_hZxY0M#jd0yAak}Zmy50jb2qos zTLZgl=FL*Mpqy5M1y~;3&Fx5cw_ye8t|8G;UD{(8-`qX_w2GK^xZU17-Ho;kwSZsu zc(nTSE{xEgI`5qA>w3{OevI!ok@jEHmvk%GZS|z{TMzDe&=tbhQuuv3a_I`If+0@I zFA$Be@dEMTv(QeYcTe5p11G%N9r@UwxAd?oDF$6zGIY)p&P_$Y;}K`7+eQ|!zK?U# zHTl&-WD|OmZql4PFt3kBR5?_1h{Ba-O1A`8U4pf24{x^zznk`0-y2z%5SN*b^0mBu zZsFVN!Q=Ca_LcGW{>0<<+s(({0r2LK6WyxY<3y*A>FsXg=VdJOf8{oBXN0`nyTMv3 zjUqW8_nwr*TVWnWI)Y>wnyqVro3D+`swYpWPu%i+c%-Xn`;?@E*0L&VK|Ld#)rJ=5 zt776ej?w7}GofDDlI|x)wLyOH)7}oZlGQnp*jC@u)RhS+*{$9kp6D;5iJtlfmr2ks z;?K@Koh=T=ZaohYpum6-Lr~*%PY<%kduf>L?L5CUsmL5`lCb>E2H1#B zT6MCBm5F&%$L^5O`i+9KlYp}rui1m(sRT+=36`1mHpb&y@O5Ar7&>XKkZW=cy6}i2$dFrk-2eaG%Vy9 zyBupFwr`G>Wnedb6GtgI*}$q)6{Z)}gUFEG#Oc<=rlZQ{w6A@71o|8KCuc-M>2sUbH;$1O1EEF)mxfpXI^*r-fW<&0H))!1u37JM8tr)(G6s+XyyDPP3zK^&VZH29?#%o zvtqGRTle6=SNCowc3aJzf`T?-axQMC%gY^4`Yvl-+^)G8c0+Tj98M?1 z33|7>$IWN1$3?KxPA~n7wRxA(MbBjzhj@ElWcyrV#@yb>@@K~+>Cv(!z#%=yRkXc7 z_MMXiX}M(HKAzp&!6o}8&sMv+1M_5V$3%?`*mG&Po%4g2uNr&Tp@Pd9cpT|oB4C4b zSY$gDN9VFwS0;GTq(k3RuZPR|M2Kb*;XmZ|x=rL{ZVq#uDtfuQJ|l%p;mOp$`|o{| zXWfNl(7gp4JfN8uyoUez{NoVKzR%fg`59R)EE>K771oMQKSP#5REs(?*2Ki20>Y<- zH+zrPH(Pt-XGdj;&FW=2ZdXHPUQ}*|AJ^iK2Il2LTwOXF(=Dn;D7W*?Kirkv-0 zeVn*chl+_9)vA;FlHzB(39Cy{ueI6UT3*6;`<8Z7z^2A-fm27*dBhlXcIPjHb z$0O>g0T|XHZVz3ap;3#8*$D00{DRv8nVK+;oKB zlEf6fUF<@EmT!oKUw24H$oc9y*un5t)8ewU-77EvykvjgsfM`8HOet-LuhwGmq*vm z=KNMnkwLz$FrORPfNf)vDp#;8C-GhjxN~q?0an%N@7Hqt4Nd$`H3U4~(%+H$$>5(uLZ#A=9Q0Hd%Suis3&d?lkYRz!*jil;i2miW=+zoRn5oHJx>wgPX#$fw!ify013Z_fJVYY1lq8@8{ny$#g5Pl{M+vf*)UTOhM5TRPf1F5NX?p^8?BoNGL7 z?BC9ApB2<UfR}_NeLb%QrM#@sTR~TD!Pt1`0d8?|fSXQlRJsD(&qj z53Q0AED{MYAhK@}2x7#Dm*5*FOx#sKb)trX8$UY=^fRot`<-hBc8N7$&4y0uxXieZ zUU8(nMgOoVYvC)Z6jj21AiRXa`U3P~Tq%cJiifYi1s8hF=W0H4y#clsPGeRjeDWN7 zClLnbElw!d6OL{cJfz}P7nHbKo@+YdjCYL_x;xusvyUiSERs2^iKBFCpx|R9zs5YQ z8n7CattjMU?{XDfLSFJ!8T1k)J^O`E7R^ruValHP?y2yL6CSvQ&v zy@7F(A|%VCUNT9&A#r6J7fbLdC}oWViI68ipxT%lAPmlbi>?FIYgmB(CvqUMIB7)M zr~-4I%do#3p;qnnoYg}6X7;CDdp?QxM`yMiRhpa~7O9|Vm+e-eGbh)@D>*hMkHo8& zr&=g(={gw{P@BB(n@~w;{3Ux?K|m=p{Mh01aME9MA1;E{kE(EdaR^ zg(ncC)hS(=`2HHOR7YZoBHQ^8(lJ-N#Lv5G-HTg*LFEqrV8TT7c z*9C;WH!E?rHWIT-j7q=wRp~EjZZHgeYWtGP+a9U46BITyR0!m>b z9jO%cy?Mci)x?k#f6-!As6b52{p5`QMYN`wZyVK$o_$iIe&t%e9E~jy-2+%Tw9}zm zMNEL+kYxa*`!FkDGC7U%VZkfnDtnK3B($z&PMD9X_X8TWdhw>*nlL4@Y5TjzD+HZ z`@)FoqDjhpeGuB63mlIoJ()4)U0A`%y^&r^ZBMmznRG({g_6?f56KnMn!sJPkrKjG zo7&=sus#+WTqt4M)5-lG#5s4OH1OL>5yT!b0R*c*)%I=aBc-$HyPTV63dXGk-nPY; zfaVF9#tAxHv{uiXJuf-~ClCR{0=dE2p}eE7m6RgL#SAycIXNorlZo@n;#`pVk6FqZ z+e(Uiet{&R-?bIoa0FU@xMh;F4a}Bo_R=j2CU=DY5|r@fZVJhGYdd!x(!c#PI=D4b zgBuU(qZt^>d-vyk8fH~5w0rKG%`j{dW{kE%<|jgnNrNi}bU%Pe8)L1IAV#^4rMorr z?+|ON#ju258cqgk6gqy?B@ozm7$Doeg39oLd8L3N)>QE2R~A)arz>YSm8iYvVp6+4cqQij zkoHA7(8bV&A{Jd&5}(V%{Q*)|dGdjvC;+Vgd;@hKT({^2>|ZVM0n#b_Y}iSCLqjWU z4wY>DqPb%8-OsrUd?Y8YS27Ly-V_>^zo_y5GQu%`TV>QHPHC&$8&8Y(Wts5($!7B5 z!+nI^tPMmZC{A{9*}zV%Ob1nhKRaBoiZb4c_U?==_Vu(i{>od+`9lhw_U6lZ zhN{fVKZC12aQAyTV;tE!j_{(ceZO&q=!2=-Y)+GgGueM0dW~0kQ!3I4)~Tb+aTG7s zzRJKb-2fdDIevUroTvSl38Uql86F75yx?N*Fzt7*Ixo!sD)PMvJ7lKSe3l(D$gG~|yUUl%H)Q=aze%Mc z_T|Z9`mEW<=`t4+ru?II)1seweLY1UdkKktH!le0yw&A1>n=^k?s47io;$5k8m+8Z z(2IzcD<*F@I zfr->DZPdawQZ2}#UtVw9zSR1r>rbotP1GXtvssK_tDJ*xdB5?Qzg4%(<$v*n#B5$f z)iIE@$lZKyX=&L3Q^OKkc}H|jey~Wy(YkIGQF~seouQKVEdD`ylUp_7x}?;94nB#N zH7g?MYb)N0wG#N$40%4AvbMdfXsxY5#-o47E+>AjjlKY%8L``8Tv8q;>lehA6m-Vl zpe4?u)~GUyuP8vEmuTo$aQr&?DckLaX+u`jjY%`9RPJrLnt3wl>1fj`Wfyu(?)%n# zU!u`sok0Pg$jt(e+#xotvH{R4DBHl?@*9Y@>Xz&y~_IdTkd`<$2EhGofOH23<9% z-9Om#>pqjz>51MgSK<<(!)M+ry&Q?~5UaasS!2>@=*6wV-)IhNVAODu=}9y*97ybzi6sT)X}><-1XbhyM6h zG?Yax@lc1&eNULPEk0Ey0%YH`_5$f0L($?Ce6IYL`C76d99!RIA#%HG{<3_D5W+Ql z_hc+=9-Nsm~ zyvFLvqc=wjYCly=r1vh__uRttHq2!1K>1RmfVf?wv}Q;3N4a6`=M9t}+ZFOCV-`6i zVd&Fnys{fI?*_R`(ul%ELOYes_bAkONi?7LQjD40p-w{H%5(iR@)7tG>VOKTFEP1a zGp?+Bj!~OpyQwZz%n?v&T%u8CF*~Y*FJv=XNd4Pb&w2ShgGj!-skbew&Zr9J&lf`; zcJ2l(<%Rg@Z{B2D;=L=RTwD_zd;LlDf&I|7XPT$1(q8bgGS0WNFPwBk4c$(ZEKFT& z|JjjErD=`lr~P}5z?szVSR&>4&*Lrx&(hTOeCE71AIZKrE6!ffXtO-hNJR_SwbQ&? zAR$Bf^`czm0Bi|A1zWASAH3+cRQT|5ZuOU0pKh4{Z|N-0q|at=-YalL>dBT;G&w)* zEe=9TC-sCHV;Ie^T7%^~NsW_uXMsABhRs5)ry~+TBk(3B#61TeZg2QCq7-ThoiaO@ zBLIzE9I>}Egod}%%sl1NcHV5@m*xyICe}si>AB;5<94drPO2f)wJgD7owD9iHGDOM zoA5Sg5F4cS)eodL_Jk~pKw04LNW=S(=cH+zb@w&pa%an956y3J|A!LdtGqd5Mj=M) zD{^nRjsbOc5^FlPGGTRW^B!`6d9l z=9L^n;zNhhd9b|H(})=&-yTozrUp<$qsJJ2!s7C8w^sQY=>` z_Bl4J=XCSlB8jx-r$GdUxbXNe3hQ6y{O>IWa^2`E5C?CRHM9VfvcWe;Z@lIEXYN?0 zM7Uz%sE^%VpVdUm7W$lJEHj~c22i~P|fS4pVB)#HkcY3 zr7?nH^uiCdQCmNlq8xb|x&NHIUt~CcQY#8a%3bc4D~7+^XpztNnxz08W%+*_EQmU4 z8Mc~Uqn{+DW3;tMo79vBkpNILq*qgYLr?3a^X?=-K@Eh2{!{=`>EJ*@>2*d&u_nNq z_3?=AwWm^vCRls@v*FXeqR}w+yNu>yO#&rD%|w!>;(Qi6CA>GbN_c4v#ZiO}#re!u zN|JhiQUbqxVG?QzW4Z}`P(Cu)N}qL~PM_`XOP|%U=BQx#rmLx*R#mLY!={)Wh;5Vf@-7a*#d74@?_ZmHSs(~R5#N+tO` zd`cy>JUmL0CdM++g$lYU%91jgpVOmLQ;TbAYBbf8QxxBf{24p1*pE@vlvP&rFZ{E) z%TO_kqo|;%PMF}n^p!Zi*i@N6B@p$u;*mxBu=M!4D>SZ0@&z z^2h~D&);UWlL=oH%Dw}n_$Ycqnv>4#y{?9?1l6c7$S*eBYj)?pvKG%^cC_2tGFz|1 zX%dX7dJQ!FQ75t^OIP06q^>B;5LPu(@;!aNLEW)>4K=V+bX2NEw|5M&^YYrZw*nX$ zBwh`x&WLbQ_bf5-KdX27pz@|i9mbxLxp^I|Dd!vnY*-h4s5t5mU|qm8w?~s149jC` zuMrFX4gadu`I)a8Et^Nqwu0H)?u`Q<+h^I{LJIu-g*sWK@631o?931E-n+ED>sBkl zf!+tVj;LaP>hY^!&cBBk%N%nud z)T0>Qv}y6`g}u154Vbjv+n{q*#(Cb1H8Q$;%TDB=%k6e{;+h6|L{0HVRVO`(smy0q zP{Wn~@#^77_K{AQMQytPS!r_*%wA^zA~!cTW3$v^`>`ghkaS~PKqNW?^c4@YT3tS* zV=Qp$eHTJ826nG85dS@173u$BK^k>7WROGP9`d7>KEHRj;$rCB zQv76dpWu}a2+|*z8DlO146h|x6Im8PlRSGvx6mTih+8`KC;M$+2FWv#cnT0zTp1g!F1j?=ZZ9|-4_i6G8WjYsPI<(aJ&X%^e z!!?Hmn?Z3^1|1n)lpSV#Hs4UuW(e}7upb{QOcun;pZN#wZ^6ra&tJ3HNOuQaBD6Z) zd^z%Uf&%aUHBXxQ=M?d7zm5GN0-ODYr$hHvgshAzD5Enq)E5HFfEt?wIy znTC>UX3+ttL@}@&O9-e=feQ6^-P z7?GzA3XxTL%C5U4i|v}e$+}G^(S2dyAb}${s?ns?4D1zFl!Wx>P70B=H{w6l%mYQy zm|wlYC8t&RS)w^!wH!sZtXDh`-X~K0GNadv;Ey>k4aJiRW|TI*@jU-$N3Xz|x;pLL zoNoyT{DB-X?_Sn66WsOJ?2FH}Z^Y+*Im}~LbA;-$Z-Qs;YZYoa$)uRoS#p)J2f{_0 zQs&=;!1p=oeSe~_kU_t=Qoj-Ch>pL~zniR8(Qki_cUdqa;YgqygUk(RtB%339+!Mk z5k&b)ATwR2ET2FdBkFvE&0Fkm6SMg<)~jqn4WrRJB1>|MHSYOw8@chP9~Oh9ag~ln zIvjNcB0<<61y;KP=86q=8snIgA-Ct%wrB>9QS7mGACY?+MWmIJu3Qm`@Nyt&nW5F=WO?RVsG;$&7+F^~7=;V}>_P_JZrL65Snq}U|r}=-3ou=vZ zO5#10J3>?9za`S3R@#FU(`8{U54Etrxnw{ZdKqyo=BOU5RSndBd;*~3!wHbo(N9-& z^tt)#L)*Kcf2!hvY)wx4c}oZAU~-1N3@$K7=YNOH;IiJ|zNKRX=pg@2#NXTpeIRZV z0mdU4Vq)?ZwYYDhKMUTH0XJk7N#AU?m$G;PRF1hd$03Ei*sTx0*!}5HTMY+SYN?mC zG9JooRWZJ6nP=_d@AS!qdd+m}*cQiA8kW6uc`H;pi~P3xcfVj(Kk?YA_o2XSm?ZE-+H?C! znt{#TQAv8)6J5Z&WV#-O5;v92^&5FTw*0eqwdFF*1tVTcuk+o6^B{KESyjZGDY>xD z!*=IK5Yl`=MXl$Z_?bcH(G1L(xxn_o7A2m<29Kzt^&TEdBpz^+6 z2KAXSj%WYew#11$-<5NV#j`z{=J)B?X> z%yoRtH9IrItjy;-@tqmoxnSKTE`IfaD2dx4@s)Zp8iZC5DS9G_+d_DtL(e{%wwBB) z-oX9!Ke$v!K|lN6n!@*9U>FJHIt)Il=6_b-cgP~R1_p4jRA(!hRH z9jT4smLGJ@`Kfa-?oH>L*}v);ffXY0iLrm(J_JYX)E4H+2jY4ZKKt+`H#k_4K-di< z^yJS$M5Hf{|3~R2{J&z!I=$iK648e8MP? z(djG&pyZ#{nL!&b?m(d)!9ZfML=X_ku`9dK`})ajc<2d)eGzy92&D9R_#OC*>D0&X z5#M#R+i9uBuDGaSt518vCY)f(0ly;gTeNwkF+f&xnW?$6gutaIhsW9{j5Vu*}5MY>VMm+>jDjmM9R&gptCb#t4yxOkS{>J-!{THzi*e)mn12y6Sh!jP%^6mi&TA~0Q zo+=5+vo97kY%}`gDU!6Ao#3z^WqVM`V~^zBhka1p>y5upAkodq{|5L z=--E&BpZVN+q@Kbt&K_SHQxo&EN%%Pxr+U#H&DeGmHrWBcBrkOtns}BQvlJ+`gnyP zU#iS%L*o;EL!4+rXA&49(?J;ZrspDOt8&zm?-mOQhd|Z<1jg@(36SqU9PEDr#HId0 z?kgJ6?F5ct3*?7@=?A*=e~^wn0ZIQZU`0O!TN)#CIEV)y z!O6rEr*O^kj8~eup4#&n$`tQ64ARxi8>U0D*Ywq@Pv$?K;E3Z-g@uKv3NSK3ewlt7 zN=0<;i*OTUkhKBZw|6_cS_Y2vqG!F7zzVXryEeG9!FX!tS zoYWo(c%!=As|~?)sWN}r3N}+@AD?T9S|%_xMOaD?$sj@g0WXo~S$80*jPq__XdlGL zq*SKolV>#Jl)0;%p?a}u2!64PGWj4dLJgDZt%9lEB{ZwHx>(T$4qc<@{CL5#$JQs| zozhW9-Ag1t-e(pyPP|i0-Yhuy3S<=U@&UX@mGlMepR*Y7M`p-K<mX%ilYLz!0t6D7N`3WTn|7Mu@?ZP^Ai?|&@zJ(B6AdnmY`7Y zgT&KbKqTER7clz;|CjieJFqU``uem#unTS<7^p|uG1_nfG!Re$IRMWX1^w@P z;w}Xo@VtWNKY?Q-PxO)EDSf+Oe)E0Niy?5e#P$=Q2?zc~YCqa|3oML)U`vFib-4u=3~Zdub+{$V1q4 zN_L+AtqtyD0y|Ks)cx6O9_WvG%UOp`i5(TJ6p;nTr1V&!iMBMAh&g+&@fzPrQ)~eyE(p+{buf_uod(L{rN`aJDCFf9)^6e|huAEoKo)4kQZlC4}RUM?QBq1X8JX1Rp*pdtQcCh0td)+ zy!6Rc0v)lb;f-grgD74jbJ6sNAe`UfH`g!D&r(e{uKR^#abG00ya2+5SKNa~!`|o2 zXaNFP?!j~_~fmQ zoGcSRmRPM$%Z9EPmKMZ0(Y*^>vwkMZ_ppuJ-$^{1^dPJQ$p@e!fsA|LCt~6L33%kc z1>k-eWPbrhyQ@$B=2QQX0}yHXM&uu7Yl?Pqx`LLaE7pjQ)F@ibv;qgwzA&Fl=_M$a zn#FRI6A=g3oAX)(B|Ctza0`z0PjyM3H1ScXCJUsrB_N%W?JfOQz zL%U>Y8EpVo2@0J*a{FKWO9QL=fOv|`gW1y$ty=ZC#;zwE2;>4Z*$H^TJP>ZKp(g-e zc8WVtCe~xnLcQWC)9g-%PKXzzsDo>}$!+9w8zI<#vag>FPvnl60K4ey{Zef--K)hC z4`NIkf`KBPJ*WW?qfI#?u{*$-PJIy=_?M4EilaogpdVnnF5I?%^WfCqOaD{Hq4F5J z&|`htUtuUClP?f>b!hGpZdqJ{@E>{x91dtT~?uF+%N_|0g; z<3Q>{?X^!!gMTk4ej~?JVsI7w?X*1fi4ba%+GQ3kN#ybKe_fdk>fJCZ+|G=CMk=4Q zPsLfVr}O_6rR~Pnc1Ce+mXQ`pCFdNCl=1zd@%%{;POvnfL`8J4QWw@+nBdjka2Qa- zvi^c6LDA}^!&q$7@Qd~g3S;PUA(ODjbW^Ym-$H_@zcZ+1QPK+1f>1c2?HZJcr}EYjwuY1)e}` zs_3;OFAA^^dk{qym{IQo6so8a1Z5QZ-OHU0u46><;Y-Vl;!>;nvOBNwVKI1PX4M~m zs%~7!NpGlqOqG5VOnqsWW&A8u3Pqcu#a7f`zn;t%rL>~MpTGM1QK9kr>e3o(21srA z`cId`WYeZ*2S!(oYg$^JbxZ=b!cVXCIZ7U0bNeMTq?vaVOFe#nI0L4Z z@5}sSOo={~()IdN{;_adESKBI57zu%R|OS7`A&iPN9dDsB7^Ai~Yc_3&Uau_3mF@aFT^9X`jDj+ovHw_`?- z)BF1kv^xGR%dXb}5gl{Go{QoBPTnXLfr~3xt%r4q%wZ`k(n3a2Hrt&}{&%#1kL6@AJpVHvpGUn|n6-&O0@WVM!_wj?L8 zd7+ceRQN8X*{x=3_0Og@4gH7_ZRpq)iLS1cH>l60T;=aVVRV1OQD?%F#W7sRwoaP7v0ezZ2%?6765%fE!VDVj10|n@0r) zCYbA7BvRZOuI+bK8PUF#Rf}~EeJAZ;oKxUcYdYSYtw^+!p_~H`+P#TL?M_c^KBXYv zYBs=IOavc+E>lqjBC%?)zF39Waxy-`N43sC;c=!%$mmuNFV-?Sge$mE&kl$G2jMwJ-Pklo%lxpSE~rRy;tOn0LNa?wloRp z&^?G)ZVR*vdHEPx^;g%ePmQBJgOrFVY$fbtsQ-<_>A7HpkV|GbF~_AD1teU~`rMol!pgr2<>&arXUdhJvkp5I(2cr)qp2E}i{|7%n zz`sO#1kThCA|3Yafmelfh*b;Q)g?xP?Ih_L>`JwXTv&8RrhK+SqP#VdMnXl$teU=$ ztR3)tBo&h@3m>ECi&~AyJ|kjNUCzngvQkNHd|c$I-bNe)c@cZ1jZIq;wQ`9{=CGc= z+S*rQKI)Tl&9|qM9?tY>D|xm5z3j(h@jsW5Kdz6*-~Ywj!r1aYTmoU;W zp&zL{e*fneb7TGQNXoPJe@F?yK>Ba77^na8#WDRil9H?ljT~|=r5v*2oOxe0NfPW2 z|BdZ7hOaENw1#K2d<-pTVUYCUKM%FQkNASj9Ebmc8%95-zNEn(`$f6ZvFt~VO`LE0 z&TE$|hX0gatFCREMBhE@Hr4&(K5}r$|L(K<66LY@Uml;w z7y%8E|K@x6|M`4z?Ef>8k_huXLcSR0OeIMTID>d7gE~Z`$3!_-$vVo)|6=~@?=Fu$ z|NLruoC)Bd^IwR^f6f;d3gi5LBPnrV&;x`^GFGVhw)*S=yl_NSv=ln{vu`+=WOT89 zyeq#fl{P!J4G+es<9X%r=l}6W;7^eMEG*{6{QoG*Q}_P`>Ayn05YPWJpC9Lc9Zea` z^E~P{2szo*Bs)hhF$x)UXE=e3t|!b5G5$M#g0@2xqt9s=4YP)Z=kXM5JESI%dIle^ z1H4l9NZI3uS|zUinJ)2uW-^ksbh%C6m+V)z{6B0?b~*=F$515d<3^$Dwmh@t-u4Vk z51s$eg_#(JF?o~`9ZXVszPLIoOw@;3rdYB**bTC+wj5>}o^6>P*9b{#XYpN6ia)Lq z!_h~r)+5mzNvGvBe0FC}p;5L89R;p{3I-oRE4Q$`qH-=HbL@HINj?(|K$%jLmK7hE zGW+WYtqp7@XMfIVcDQz7lG=Pz{U8hzK+;`KZ$S`FCeGL2YU(0+m z;lPv+SB{T2)V7pN(icGuG%|(<=V=v{{^5`%vf`+PSAmwcA0q(gs6|!!({T0 zt_rSa*V3$EI;MwJ;v>Nwj~+n$FMzKn6_tLu2}7|>@10OCl|8Q@CyB+@S`Q{eg<9_KlLi;>^9gaDGOQo9I!0|W|BrH}ac zyXQxTs{p?J!(6MnZ{H$f3$IOGVxdCcuJH+;xI`B2>o_>EJ`NF0;lpNuTr+%DGJ?Rf zDxJV&B`I-DX>`C!t>&}Wf^fk_^k3t(hF3T$QSd4xrI<_{Bus%cC%lZ-+PZ7bI?QOJ^8(z|VH;r{V;|@)ZCLs(r$2`aNB^0r+XngrMhT4HB2~;* zJLtY+|M?I5EuJ+xa)ZQYrdTth)@HP)+89*IZC*HN?YfN&hCQF2xQf)DLW(PF7>FzK-yzZ|zFb$x z$pBe4_1i>b2YXf_G6KyxG(uE%946Fj7%!ImG>PzLr#>ggB$;Pa(R58hvg6iFt+`r< z+?4piB~HO2FRgHi;mnkI69DZcO{6~;Y!J#2;MP2-pwAw8!s3Ojyo96TiAlC0 zL`0!4yzm{ZSv6-WU`+!!Y9c^dXq?;bctUywPsF`~RV#x(pGe0^-Cnt9C=*PQjcQ%eB28yA znOt@zV;a>axk6X}ijip53?7}JjNugCO-BYgL$q2#h1hyTB_VP&XyzYzQSnUUW+;Ph z@n^+sSRokb!cN@6RiJ(v%?!KZc}w{ETro^giU3QgF_B#1F&?~5#lip-PL1slFhd=! zvAWghcw81mNoTr9!@yht?vV1f0-rZ%!d5UKLQU_^@)ei>wykzdw(oK|@o6`6;$J#h1ybeE>&wHm4*6eb2{Q;OyhB~K$l zHSdj9n_SH3R=0U=l3`G-8QqVGcYTKWr%}?e?*<#x(pz@aaWJ3=A>7{)4YH17o07ex zXefO?j&wkQO3s84@^JuY6>rZjH9K4{54E7H3V+f5zrgtiI_+T|V8Ho@Bi}>+FXqSe z|42&o{F5PmqR>@5+tat74uW_AREnku;v{7Gr3i8)!8O7=LXAH}g1?W!G)k2N%v1-Y zr_cWSYgwZyx6D?Chczmrb%6hcM`!sO39sU3T1K1wV1Knm9FuF;a;E!!8VL%NX6+gF zGZIiG;lt>FpW1y-D+wbBC1ZROGC(v^kQOBM*>4Z7UB+;_?`Rn|21^f?3Yll{!l z9zQ5FO9_HiaxWZ=da2e@DFS)CV%R|RmXfe2aINqPRw%cmF_n^-9>|bN$R3&@l>~fd zARGITD=_>;p4JbH?0Hhi7r_4mT|yr(|65!vj^jU!q`biX4|E9`bpL1b@%*2;?3n%^ zO_{`qZc9MI2Oglns)+&jP~_(lnQz#P9PP{iFKL%uVfccXEBw>AbuFrF*|WYG$aK3I zZucjxZCX|fFMKOtP1A#$Sy}gq_(EtbRA)S<>^usM65hV0w{KGM$OU>l*Tnd&ntKVS z7G8R)vfXpkjq)I&{IUUxCGh#ZDngXz8MjHh3)jYKIIgFeT2Z~6Y?ZWzLN>)pW!JMB z77P*tNTgW_{;iQ)I8=FVMf{5JQi*)3s*TNV#s$mE;D0iSd@BCW7xMA^Ke_BU|Ho)b z4@ymPbym-Hr(uoq4$Y)fEUGMu8BKGn6MM*(dn~@CaZZobbxL9?L9q9}j^7fxe^T;W z88fv^Hv_Uzfrv$(R2y^Ql)rUMuiLLi7>*|FHEIH+IWqNoD+9Og=ws?vc^$^|35V3L z!VZ5Vy40DY(b?Mbt8(2%!Jd0-dLB3XAcarN7og@MSC6U_;_st88fO)iU?TFaS3D7U zodhkhD*ALI?{!NjVawYaQi>N+D{zh(Sb0=aH`cghcUa zCX$F5G22`65q8P&gqjq#h|;7)R!OV)cIJKH8LZ*DHOnOIr`!-Q1&JI=nd56d0r?}e z_TyL&?jYSB@IU_%C??WK_*iR9d#ITZs_()eB|}&I66y5oQ@_K2hz1fY85MOLm#GPi zB^=^+(>;RXnXo5XMRYIH@7oB~!V+ISe&IEX+t5;DjL=6@UIhOSa0!33{1@>5e0D7V z9YuM;{eLq5pU*AE_kVG5tp6QJ=@$$(Nv{_1jX^fQN3$kvJ#NuxLNXJRiuv0TZULg2 zukJ(u+!{tqoqh|#TNrH}tKIUY+h!z;VjlJiU*b04L zb=zI3at^5!lE_liKAM`?+}4G1&+7TOLY(_%%j(ZE5IBNK zn_lreqdP4*ZPKZRe3}*dDQE7QUA$a@?J~KuO#BU8uWi>0V5>APPNen`Id@=HJj=W_ z+2jw+PdaYH^Apzr8l6Q45A3f5^<{5A!#xrm%BmBpTb*@Oqf9gx>aEtNMwAug@M6Nu zIFS0x@XT0%WZZZadzd8h%0d=xKY?(C$6U)`cl!gq(vYjqEl2r_lV=LLIh!6!t{EBh z@Et7c4&});rX$CY8jk{=?$oP)34j=_7;}meUgb&}bZdAP=B1e~CAT*y*!7su``gM3 z-v2TdWe*+j@co}#C}!jQKe_~u@BdMh$Lc8l(jV7>s;omHu&CSokzZTNmX6x9k2X}yT(`?77qE>j9=jeiuM2ar) zAk9S9P|Vqtnha~Av1HBUeEtKUuxYF?Azn?){0=R2-41IRUAlwN$&m;PG8W|)u6TVR zK-(7LuP}+EXat9QDVlIAfdRFR2#Fx-0d}VWV-bnT?(Xg~1`RgjdW|`en9QFOiMM9u z98bCUU65ZjR_UU1EmTK5%538fy-je9F*`V7YX|%5J108_`|xX% zt?Xa2k30M8X=YmJ!T`(I_Hg{@;eg9%)^N>^O*1k8DW&m6ZatWn)97F(w+3neP>Igq za;5YM=s9G-4KT@Ut7QcS_eSlR6m)~3g)S~GN~BA7?}UTVoy*8C-B*Mp?YHGTm>o33 z*v?c7x~ZBT?Xx95hJOs`r_yQAM##)~Y2gRrcSt9Lh7Fb<+9|7g&@NCPtnFG(5F3!s z<@UHX@D214k|1OX5M~*L1~AncP{>i&o>h)#1yxR2N`dGV`9}#{RJK&KmL$7}Ts8wJ zS7z?&8J%!V;XtkrvERb^ICyUJ5SfDCbUQ#g;dp#$nhC=UOc;zzVn~fQ4IgTm4)eQC zb*ctKIws#=pYJ8lS;t!=K!=Y3Zr~#%=Y0Sm+-aQ24m4vE$ttZ#`G$L#VGiB_cv!gB zl-w060Mt-8Dp)3hoC?f5H7PojkzW*iAh7KpoNSatL>R;8GRG>OD8&f~$>sX-E+cEW zG^I$q#cs$XlZa1fn{;6vpp1ktwJcIzK9Fzut=hfEr(D(@p^_QBFn%;AneR-2FVUjc z;QmNrMMz>x(p(G*)x}}m<02xC)u;ke^dtwW#zQUuIS!&vb({WX zpPVQ9D0@izpxZW+-$cUkMBeZvt(7%BX5>AOai086cX3Z{To=LiX(JTNCRZ?F?Oi;^ z@d!0%bF1;Kc^T4>DDFLkb66xR#3Lx2ntu-(iWW>@|3t@(f zTXHNrO|gymU*Y1Bn|_*GZ~5YfwmjlVWIbf9Z~?@V-Wk)2NKzjh4U3j#7TJHOM0$aE zrC4O9_u(A0N(oQ_Rr%~h`W8 z)O`S$BGDso?+GhS_v)m%tYXD$bPz!jc1p7eBGvE~L~#S%!Zb>XSW+|L5Yw4A*yIn~ zrJw4ynvkK)GO)$(QqkFp`))bpt+^-!@oXPO1}|2~jz?o*@m};D zsk^qlu{m2!P-%XY_&CxwRLP!^K=BIZmTSssOX*kK&=Xd@aHX+;J|e28Qi6f=i} za~P&ZplMWQqsfz?w_)en^uvfW=yxi*qa<4ONLn@;e^8BEw61Q0NOKz~$3soKYBUTl z#iM6yKtkxY+<+6{yh{d=e$v98FojVE{8%fISg8qE9>L59CaT}}{YFtY;<1~0?Uf>{ zV*;azoW1R$vOq17ueY*pDdKp157yN^lACc zFcn_BYMLb-N17E(qTDpR777%~I2Q!hnhC6HbS>hGBR=J`5B>sm^M;#}$qF2k< zg!7*SutpvI$i#_F!Y0Xd0j$R@BJ>EM5WSougIdEF44fH6LBF)}WXpdbZubI#d;SOq z+yb_O_ML;3-Ho&tAURP-uD4>K4c$qQ*@bb|5(aH50Gbzz97%Pmgrcctpv4FL#l>yW| z#Hn9c>AgnJq~T}Gwx#qwV%<^_lsf)p+D6+)+Q#B&Z!!$-Cx(V13NEJ9FI+lip5>z$)V?#iK5O;Z z31jKG%MuXhfNA512TgAPehq(xQD6wCPfzg8yK7n)m@}fM%g`=yI$d;xd{UReG(<@M?yaj_K>{h126j?kl7Yr=-eFN1zO?W z6?$-i5E1JW>^r~y^XN-Dy^p?$Iq4@8mN#Y>aM^@l@4pD6_OBDMYWk%ZURug_68InY zrqd=L274OXj2=-Dsi~J)mzVLr8*Bn6S&Q`=4X)j5G@qyr7o8~)tdNYt)njAae9vUp z9Uh~K%VJ69iUQd*leiG0thj7;7I|Y$@XC1#;Cd@&)exdy&%{`-w$Ej`fF#MfLX#ws zqQLahLb@7hP7Dp3(ibrFo9qEOzX?<|hRYI&nRgi39u|!Uqoo`4MK9Ac(h-7;egsC3 zk3tL%l}++F+}0frqr7LvW(WW0W%d7BHpWOFkGKEKFDw+s_Mf9Dzh?iVCLjasKj#;7 z@%Uebd~O{7eIzAf|FKdtTI_>Sbt`Q8tpPtGb|0$RS`*0Vz-=RieQsb>7$53a?}oAx z$-YUl5*ZtbjEzKI*hoYwyeIlzQtFv+1{05|j{)(A_#j>-jIKBFv>;oWYFa#z#OIpo zR1ue|hM;$VK2=JjU803_aa2@vMoAPOOdR$e?XFH~F2}X4 z(wjE=?0xi`WCdqTOvytE4y7U-479TpkF`a-ul2r%17Nl;vlZW3k;$c0G=trcnSVb zm#ZbY01o2+vc;bG&-1y3G5Yz$)Iq`UWtL(T!xm`ttP&C^*$8v|i8Bg^rcnTAB>ZJ=cxMb(yjwt^tVwe4SV{ zSY8SsE9{6#mFH=9^(1G$+d@C3=aFLjs1$}3jpUkA#^tiNt{ITgyXC7U;kaXdQw}U# z-W(q;+JPbGO3)jc5=aX&GKLQGlO{Q;0?t5{DjL!mT)|J4c%-e9j)`Q;HW@+)Fz*%$ z9KuM)lYD46E15GjGCLZl`o5NCZiQ4|p~cXoBqjRYPzmIY0+1M2*IQKsp8?&(z%uMZ z5FYwVT`Lp^XS9XT06H-VNWU>8pG7U#ZunO+A*I|Y#68`MMkXWkO72jfp3$kH#o{vi zp@)M?I`}MZ0}@gPgfZj!W#987R(3R^CEDD!;WsJE&ky!j6G-~MSo6!xS3($(;8gFe zR?DneF!GmZOm654HkF9#G|12y$l-~w_~s4)U~pBGql1dVdGGsaeHmiL#IfnA(A$*l z0JXpRw|}w3$C+A(#D)PHzeM_q#UBeb$Cgufr%|aIX@`Cwg4SHYQGWWZV|EZTi@{1u zjM&%w=}*@CMzuEaXN<{@lnFL1dYDP0FOU^X#ZV#+#H>XO19~I}ae#UImg$2T>Y5w? z0vt2*;~w37{Y{jC?bvvg*CKK`{y2eo?7j3w)q%){*BhDv`@0F$arvd?W%xhmf#|OT z`M+XeAs+uVTU;2&e;G-coSpqu8bDS11PG^X3zalL0K*s4Z-JB=D+|ZU!hepkaFVs) z;%pgq#FaG+7lR8X89|Yu7zhU8tRsBBeQ3p%64ra#6LhNJEUr#qaCcxbxN3JqR3YgB zq<2pi=T?A&1F-RN07&I9)9@`Gq@Ey%;vhN!ifRL~Z{2*-j$Qe7eR;^ZR?{v_J2 z>dmASL(A)N_nS7%!a}&>DY?vQCyWa~*WrCeImkmhZG{RQnZy99qJ^3WYlGtwAUxG~5ow zDY|W}Xr)}~mNA%sSc*{PqQgrvo9c%?4Pi>t2!L{gu6Pv{SgmSWx4P}O z)?DJ0bunjVXtp_-r5W=yN##YYKBF2!#Sjdj{|mXrLX7@j$magH)BlRGdhrpzXo=YW zopdo7-zxgJ0gYaP{|*=UsW=Y&G$zykVK#k9HhO=P0UochYx%mKG0~zUBBmT{#!-ya zf5>*DU+9cIbR%gaWp2du3b@0^fhS!_sND%E?}YXIwk&w5^wJ>=FvCEqhKrX+!;hNCfb(C`43|tlvcq|(TYcpIw2k8 zfVP9~fs(64!lvRk<7C~0IE7MKN4!SxIeV+*S^ zq!tl|6m^s$AeIsMBNx94FD4N+Vdl4QMOI3I#RYPmeh9f@^_i#^b0BpQrzvE9T zVN=5i#M7|hvj;<$CS~y>3L5)Es*(gy59Rf%TlW-u6F)%ZA1O2`KVPJqm^0w7$YdA0 zlL0<#TZ>*^6Of^~8OX&B(+|&NU{8Q@HN(0+&Fb)ksxQxQd>b{Z{Td~pjHJy=ApY2c z_cINKg961+gxU0vLJ4n$Z|u}J6UUa6h%r8|gr;Gev3CmK z#o}~@wjy5>zJ2}*@FH^6$b`kPBoub3hepB|iB0s0JzbXUpKd}4xDE`kcEM~{}eDM)Stu?f9!M9=?CA1bVGy+j~{e`$H_`A^>Vhx^DrHvVINF`v(m<3Em~yv+Vn zn0vzslCOgS_&=ZRk^koA$MWCN6d6xBO3ADJMC2b0Mf^LLHw<+rOzFNQ0_SrSE^Y#O zH$;$pDq@rH!EHM1qiOj-r@y_vp+A&W!lSd1j%^agHVH3jlb``O@S@Y9sEVL`hP@N; z&Pwc{f`*L9cI_XWln+;qk2ltV*x`?bXc-y0@NKA2p9mjLq?E)jR@-tYCngz+^9GBAo<_oLcS;db8#I1Ya}K4{_ok(F&!|b z1IBc~3)2Don{|HHHsn!D_?~R7B9+1xd*4AHhn`!V(PSe1@A?E03Z}%zjUl+0qg?Rj*T(LMmrvFA!lIcIW zpZ^79pVq*b;2RTszsecqk^J$*(Xnrg(ZQIwfeQPZsAn^}=M}u8F7CbGy)0IYCxV&aM#dGCBcbQHgnhBQ^Kh3Q+T+^%4bNoe>>mA!p@zmYzw(AA7{I>DE%SYpf zUA_0sxLIhX9U87gD#VF;(Fg|`&HSa8Rgf=r7D0WW15;>&y+$!92}(LXt+fIT3T+fL zjev}&D<&c`O0(XAMX}mpRT;DhBTT`8uh&hU)lWHcM|$L0a)m99&%R)=*SE*rR>if` ze1v~|WoIFHi;5XK+(LWUz4gtQwQ+l2K3I zyX{EdU-%@yvJ$1}M#MsY5J~|o5L>RK7Rb^R8c->h0Vq#o)bMC4cmw0)Q%^Kj&ySwPjNFQkZ(WkMAQaeKpfG78cK8EPqrSqb7EkBO+UN>xi$nJ4J%BrvE7_^R5 zjhfaEks}B;bVcA1yu#*S(>H*ofQJ-j(AD=^p(DCle()3V^C~TANy5>SvbVD3qZ9r+ z%8sfv~!>tMQM)!y40IJMdj`Vn#%@ttFyYN~@(8r73 z(;*NOez)3za8t#>kR7I2Crb5-9wl&{$KPol3P8wpbo>X+N+V7>5I9?d`k>JJ2HH>t zrq_Rh9NQAi(g4$=S1SFDZDd{v!nILqfP<)nTv!}FFe9^JtOQ;fkLg(Fko0|L2{|phK>O< zem5P?p752J6lz2by}4+;ev4p>(-fXUz~AwBgu=nfaMV~I04Ee)!derlWpXmLD$Ad z6IxF=>P+KxfGdv7XO%)LhG3v?{!r&xF@}9mtTvz)-efpU;sAo*B`)PX-vR%f;bBBE zl4#Sc-rx$#X-5MB3JmQNY2DQ`Tj&H*EQ_E_J+eVdBVr9$-Li{|(3X!W&d=WMtdg+y-A8RQ$5dGYl zoS~|?vdOR;qGKW#t~j7w!E2;N3;^^1RTD@4 z+u%$r94%FE@&|GbKQmzv0p0c<`DtyH)mPynhs^^Iip3GJ@Cs>uD~Sro z&nY~RVTW*+`KItOr1ph8kY9;JsOVI1Mg`@KK(u6dsji%&X?S)QWuYO>L2f_>xjgd` zz_sA}M#ChLk!p^}E+mV%XL`+brUG zC`m=4t-BFH&dS|fmt+e1m_A|CRt5+M%zTAppg%+IRJ74_R|KxsmY^6l$!L7HFsQoK zqJ(2WPAB*|Dat~NWrI0zkl6w}F!44b82e-5=j0Dv#PE(yAevLuSmbS(;uM?vIROZE zV&dmSvV3Te&_l|I1dH*72k!YAqmQtKM6#oQr%4hL4CF0nDS(zfBj6&J*Z{QY$H$?) zdSE!cvgh6q5DaGr6e0G~51To1zI_bXk1wpfxg6~_p(ASRrmOjuE}DRF6cpACo#E|{2KS(iQ_ zYWY3n7<8G5Xpv-IJwT>kTVh9hF7t;;gy_e~GI)`Vj8C9v{4(Sy3@~|D&XrPwb3sxz zrSm^iu(Fs;0ytGA-hz#Q)$ViZB(D|+T=B6SR0wwBMV}+rZ;V2A$0c@&Bht4TxAAe~ zjR+IpMK=RmqZG|ayQh6N6Q673?T{0Wg5*<{J`pG$qCOuUlNt+Ue~cdK#|;dZO?)03 zRuah!w_U6D+chVtW{<&!V^tXz`Dh)st&qlZ-(nVIB4CMjNG0}knza+E82 z-}{D=SIXh>@WzTmQ`kOoKMHm!-B0_Fj!EOwp>RCim*+}L5nDQx^Q1!&?$?Y^OT3#_ zQAmC!ulhDnT(%h%C09%oLUB1=bno$U!hlg>LLI(gBpHpg0i^V->!A;RDbm8#)s@$& zNa2&Z&01aj5}rsW`QCT@BE-xULD*KL?c+{`C?KH@)|37ahXDi!>6?Xwz~?fEJHrV` zqefY64JrTUvRY5%mB$5HKi;K9!PJHPRW-1a^?r(o{1Vl7e&yG@d<*Cn<{Mo&U6&yVm-6`jwyyt zNmOxpfo(zB+#w?qd3a#uV4z(2?lkoFRbv>y;VLcCkvOy1Us{kdHPw(3;!@X!4Xl!{ zk035z#I4ezEAVfZwH1>m!>Y@d`df9H#meci8WNaH*$5Xq{O3RHH+dMtaORUC+nW~y zLRM`?q#I_hppRF&GQ_}rPIER>YX$WoQZXTx#O>I^q=6?FrpQ+@K3ixepoZ3#sq3uN zBEhIK+5(95meFt(PzTjilBd+#Jjd}F6@&&ldBoO}0*Bz%Qez7Hh;qrS4__PGOhx&ylPRAfsoP0+Uc{4mLv8tX`|wjBCU<&%@B=} z7K_@|7%L^k>RlzFd5i;x5>V0nO3=dp{q5&OH0D$6{DjP*e*9LPZa|@H@j0CIPPK_w z5x?@LIh1o;>}%0u{K!F!oQ1x8>QX;}8~?O`%BPP5Y* zgrcDDymvLesH{QXBmKg_ z)&^}@S}9+}t-;e}K|tVH=B+k9oqoWv4I0pa6kw!< zjSg?Mhs1bcS}%c4OQz3a)%yg`jsw0XtK~Z^v0&8hPU8d9WSJZLN->7gHYqeNQFK=y zDuFc0VIoDM0;haV;7D7GfLlQ**%VUi8WPe7Hen)@5D`m~Fffc5)zDiVpN8-C^MW75>aP3QBeeFxhb+K6baAuFq~YAPv-7ZbN89xKA7r#Eesi)fF(5^*N(=2M}I{osV^JS zZ$iCt$4LNS+01(+l7vkH86<>e$7nkd@T{+|Ft_|Gy%#aiD>O;5NtJ**i00pxE%z`g zVa0-^pMYba>?4$4nCy`Ai2z0Krb|j$pllo{F#iMJ_EsORClmO5*T<}(GGl80ZhGrJ zqAJQy!>p)J{4O%~sBB$N+=)~dChiQMkSxM0+b$>PewK6}IwGxgk` zh*-kk2_psi4@2li#;Y3VJXwaV1ni-4^&79AEm#_15YH+}{DE5S&KhN=sr}(dI8=vlnTL^vHmq+NO(^^{C**=6GIW#-@1) zYaW^>dQVVF=}23GJe!H`@^AcB;V-$2Arv`8cEIns`w}?jSmhK>?Q`$C+gt#mTsDsz2v*(dSLYrG6>`bG>R~NCJo6M_2?=LB`zF9XA|+t)M~^<@xP2ljgy`a@Wn|-VmKjFA19DaOhSVquDiY(9}>m&Ed7Zl#E|;2 zl43tjB#{U-j%`(~K$uIbg^AQmRxpK3n2-({en0rzE80X+`D%-n-u<0bIq*OrU_p^^ov@hHL2WqEW?owN;dh zfhMR!(_}3xd6etz;u=%{Yj;U8L9uzO=mbaF8g+OP2XpZ1Q;&>rBCE#5J-%YmadEW4 z!3=B>IM{L!v0FZpmZM`4`>K!outxl{On%z~-7vz3aj(4YbYBI@#}TV1S2HR&>J>)_ zBwp{JxbRo69@kI$38H*@n#eHrx_?PiC1Im3eHeOd)s^>ZGV{I?!LjKm?(;hqr$w+0 z#82q+D%L7?)p18-G~rfcnY`^{Jv7}rI80um?FhF6H0)6Pm*5Ne)V;Ygr{u*;hy<j5QTsl!D~gYz-z}AB<|0-gDol{XxZ_5N zNlj|y;9jd~YbHSX}c?&K?5RAg@DuhXwO@>}WeW)TiF@8364{b90jf1lC11Ens4F3>w2nR0Ia^hYc z=_DT)3FRs?8QCn8L1bDr24IR3N@;XYChc?_TjZD@8w3d*M02RT6v{%SD(9rAOcD{@ z2i>cLU^HsnggJU*z4djn0m#-sdC+H}kI>NH^~kGwox5VjR>|%#fBpaLy?KAz*0m^l z|9$)vF!fqd4oS_j!^Vjf+iBF}=~+&5&a-tXkc1@EB)|fsWY*FB>~~Fj1VB=A`dOSMXi1sWBP%LAh=aRew<-|0aY5igZC|EEQ&&Qd#c;VhYi?`>Zjt=py%N?10T-S!pe9*q&E95$e z7eaAXJzzN))@7bAycyv8rVOug9Jro9Kq%=4smIax`t*zzhNUO1`9S*PjCCe01sIJD zhri_D!m{;@{y7bY-ARgJ=bO!7s~K$1*`;@INV@4sXX))SZUfk+^b;h@J>cr{4(w(< ztfRzSwzroRYx;%snZER@(|0(rIeg1nl)xeo9-wd>L)Y=SD#1u%fNt28hFx5Zf)2b= z^=Qj+jpA2vPEq<=*OFr))J}JN-i>oxgMkQf*%Z#hM78Bd;;-3_*qfGJ#XK2HT+1qa zy5a@#o|Y!4_#Jwz&5!+bG(YYl7OY(VXTMac58 zP(c9blquk}%LdyH#CoLT{n6>E7Y>5a=v_EtUlilu4FpSEIZX0EYTwrTe&zLWHeE-n z&9}6cq-9~(zA=X!P+W|)3|1j%)T-KnMB24Mf`w9(+NEu8wm%ad>5XM$c`are_DRX2 z7Ez{wOQ@XAtj10pk~RkwC)r_DYMLWq%p!Idw`RYqP%=^>>0St>;xiUyq%*7B{Yp81iBwqnA8Rl$+j1AWUqwgIAn=XjLx(09vIK z5&)1hxUOQBak_C=+rd_w92b?g%?qv}Jj>*iWl@-?iKOL*bGY3O_EESe(B$iMZpEsl zq}s7Y-M~4BT-^*-J)dZ;QY?th&A^$X&ozb{X=U!C_kIObn`ShM{kENL(QeRZXfmI zu_VlQ04pj~d}UdMWP$bA&?}+KDCDf$nsuuxX+VY*13t08QRA*LGJ&wKzaX2GrJK0p z082o$zrI$8FICdkZq-m=x5Yt6v3GyC3!z=(lt#_? z7hURp^cWtLc4_zGfhSewcrCc|pfGR!&h%rsKe;RIu68${WEjeZYTP7;qkisk!-Zez zp#PD^z#{{Wt<7s(V6~S6Zcw1U@?m`W0GR)hWzoENJ-A$UJWlAH33?nvz3FMAe)ujP zk5Octj#+_4ZW~tDmmSehPPC&S26Rh6yPk`U+n7AoUV4w&x8n;O#@<5gmsy;sD1c~! znW!=h!y&pyLg|zxQkNuX+(b`>xJ$CE zojaJ+BUwzr_7@2q2Mhb9ea;C5+Lg#zLH|q8lbt^X#WsYgicDKOWHJlagNCEISgR{d z@sdRSn>Yp~XFx$#7=9h}R<1Hv#BxkI%o(%m<>bvnc=7G=jz(=TchluW@F180?>4I4cYUVF_TW_p zM&|_ClcZ8SR*Ff=>%igz>B`YEiA1yxD^|CbKzaMP(43TP{;k#|*2+2hYy>!qhU2^h zT6mtu1FEnT68XV@@=R4MD&KVcvX{K0tI1Jv%)1z^D~f#Fj8>SylQOTmk+ zy9%3psLJQJ>@ATX0t*DoY2_an9*MS^t480=ZKOOii|txYJC_`_7kpiPmaz(lOUSyK z9_5XWt7y4vO}^ZtTxoaa(r)iIEZj%a9NjyHNKy5nQEiyEAJALnF@}~qoYylRS0#D!8=B`PrrY=Wcv()K$keW21wYlo3LL;@ZtdhZeNo=9@v_=gdm(wAv z_5#(@JndAQ*%z2$JhT%~;yLar3%YRvLCWqAK|J}UNy6!f8n$Y#ttLfTdkf~Ra)Gl` z%Gx4A-UvpysD3T{azU6$BfiOM@WoyvmJ}Mq#(5>z2ZNZiGgIX{Rj*CuEI1~0>@lWr zc<0d>+gV?uId$Jv1sp1efLX`RfJwukuUexRxO)KnaH}&pBKpk=##V|DAn_ z`blzaen!HPN>~?n_=SsV&S3@wE?5E28`o)^f>fV_ls!bB)Q_=WEB2?p8Z;7nQ*OmCR~OYDdiEy4tX6nT86z{_p>aVVfW{j$q2eWZ?oR0>DK<~Se6;z zHcnl-Oe+RN&9RK@>B}9CASCisDWcKI&2j}?Y~xPSbnIHM#TD3jMxj8e7$-^$`i1fy za6YGSJXix`H@6Jm-b-A#P&ZU|eCvBrp>$o-zQ_mgscrjuSS~jBU!ej$%_cao54yr_ ze44<#yC-2hoYMTACY&t}TWr{mW?jm02#>eSicY$)dk=y)s{Gl*G#SqPXCfgX%kL~6 zG0q&Z#<@pQuNExosS+zmTzn40no>H1De&4FObq*+p~X)!B!m>@%$jcHWJ)dCCJ7yd zH=bcuyg(OzCku`7^+mtV428>qHxQGR!_NC$IVLJwoiVOmNLp8?Wga2cO(G?-aAjPR zRCy)PSuT`F@Q`}z+B0|XQlV1WXI{C`hp?^V959J0ELyv6EG{;N*vb(R&cf_e9cgaL zx<1W|^LrvF`0W~6p&Ebgu+PGp{h86^GH6?atG%cl0pf!UqN6feUp6b=e=xC!l8MF& zUG&efE9O+l;l>w7Pu8(IJ#-GTFNeT%!d%IO;#%~eS#UC9=Mg|2qqxc2 z2i*5JajA^|wxW^QilRE*IIGOG#fj?enx~?uC2fGUlGMu^{h6wK?O5O1l~GbAW6MOv zIF_%bs;0GQ@$8a&0$Rrq=;c%&RIX^r2h~mIttQME0+kUmJ_@sv=o}MH3|csxiR#a2Mr83W`3~{ePRw`^{KPapt%2f9dCMO)TtG$+2kM<%^0=nH%hg6QM)%qm|>QDhBWw8urG+=s>zqu7-v2SuvVi zb`OJyuwpv#_-tJB>Zq#~z=YScdGT|fp+4y?%Dht5O1u&fhWY*14w7i#&~{B5`^|5&S7 zFsx>2U+5%^>6I{5CcI|OWp0}IqRwDCHW#?-iSq`8(3Attj?6ce8yozge4XJs8)8wl zWT^%4uAUM}jU5c8N&L@pfUY>!5LJcjYZ1FeFtt8w6My+rqb%vyLl?T?k4^I`KDqRq zz$!f~l^-o1B6O80{iZM+bM?-_47Z6jKJ$GQRD%z16fzuH<6UAq9ylu{ZM`+MzNkPM zduN-$pT*DJG4Xf~_wGF>>7JBXf+p>>6KnV~9hGkDcOXcsAso${C2lTbkhd+!;dzT( zSchR64!X)Qf@8@4OwXJFy0)55vC$ovncvKD=eIxZq8Y4HE$gjmFu=YD&!qo0+W%%gL-=?%a)|Q;Ph49=VV2R|SsnY$;yKG8lS@y$3 z{#{EaSFu!cV3c|8RKdq-xkl{ToVLa(pv;S~_=uDzxzv$W>#ZC!?TFv16-wLB1CiB>qb@kND4GeJ7@SzZRf*I{&%povANrV|JiG@f%Pyw znOp!n(hLrgejA!Sje#cS5j5H#Q`tOu&^T6?n~9HZMl z{LZ@~!A&717NxvVTe8Nep7t;t?2H9Aa!X??(&s`~z6aBx@;e%?Pk zIBWup-w$5@`r^0O!SDO8UhO}BeemQkc=0ND^y2yBgVzTyp2J_i1pCkbC-|>}=Z~8~ z6q8;xdQYJ~RC*Sd5zAF!8Mw$9fJ&t(A%uOHS8_VV0y(E>mZKy*zzL4xJm(r8fbA>6 zFdoGdsrOWv6m(OAZ$L_a(vb`#z`eu$o`vWpX3Av0BB_lMypuBkrtuj9Z-c607!GGY zf@Q@&)~884Sr<7E9{_2s-GH~i&wQ}wIt|D-WxfNdx$8pUsQGpA3g@X7qMfG_U(^jJ z#dmB;FEJx{rg;~j9Z+6og3y8J#g|3ys@jI3vSa;n@ZZm#1P!zo!#Uava`IDL>ja~e zV(;e$;7fRC$=ptR{j)5s$rA`4V4OqmcOtQhs2VDJ2 zllzY{O=(XTUyEH3-bjWlxZ9LuY;={~Zc42x4a@;2aZ<>1Cn!Vh+~Gki_d4(KZZXkkyQ(TIXrgY05FXZIR)ztbc>AqPfb68GOllf0dd^L{#r+Q5#i z_pcHJuzKe(7XA7s|0JLmn9aR?7;=7Q z;?Mj~n}L6PXckxn=q$`eC>nHe{D^Lp#iPnTM@@L9#>6QzU9?WGrimo?4u@u$&ft9d zNJix;yK<`hQ|{iiO39@!-cpU_3SL?LckGi#rN4&ZgbD>c_z`JoHtDKd71rmUpfgA>G){ym@y^gFOVK@|;j&k4D)Eg@3v0TZ9@R<$2pGT}u$Ue9;-PUj zdgxBZ(loy+U@rPGB|vtG+jOq@Ha;#%nqG=xg$Viz{91~)@X^l7JgcY|5=bQgyhDqe0a;$#Ve%&tOagZB4@rH5j!j4l-|wnq24VVAZd_ zAn;Ene`R`HmswDDIhu;qWrORe6f>T~F3V`k-mL{Kck}{2!6^Q4(nmXa;s_T_r-JVBzY5urcyqWq$^bZCR2k8bjaG~1l=#^9O85C3>a|565^tJ{BW%|Ey1pBpy+Trqbs zOA7UyFz9@2_@^Adq7TsWxjhu*PRD{WFOx@U11(M#^C`38OiB3?dtumjFCQfe81)~L zRP#$e)-RQWu<}9v@ssk$l!RumD%6IbLW`0-y(_jpx5Rys&|8WprHNCmxhaP}oU}b) zI2#96nX1Q0_~LlHl?=m`kp|PTTQ?eY!=#?bu%eTS!fkOBm=$1RK`F})ZI1}OwVh6X zM;oH;c` zl0w1{Xr_u&_S^(>n8JCIrNg?a^Fzw{V>qbO46XZa3`2+1P9>6iV^d=Hx%Lr_a4?E`Ke+idG zP{a}}{>~O~WRC0enl5^_;ca69N=fUIJm`8Wi+N0!fj9>_Dg~{%KGs#8J8{Q;XAT~g zC8@604oDMecL^YD`aJJ73AO?^_A+#9a{gUK-pNq`o}|66-|e*T}W?Y*5_`TukL=GT9r z{rvKB|Le1K6g&fwxA6l!87<-R+32sK*uQt{@Odloe_DzE%NHJEXwNY%(L6|<4t`Pw zkKX`Puj@sU>0f;Q%1ESLTF2z{r-o!I&S#^h&fG4Rc;z)=SPS#9qy_-mJn7<*_(>;q ztglhPHF_zQb9n+pM&JzKu1>05%)l9+_}vE&{!g&}zopxC>)I}uW}c@n#w}%iUio0) z*o6>14&0u>7rOla*G=93oYM@;;|gQim8~XTV8Q*rvv+UP*Z<$!zRmylS$^gBf8~CD zF@7Mh^I3%LnT6@!J2a+v`~2`3)Ww8vH!J!Lu}Z7tO|&L(Yo2&gqSQ6rihj z9@P1Q$DYd{3^7G{BhnfEMCWNt-p}jrq*PumE{F zjr;Go7&DVN^vV>~I=f-!?BR+Iw3OnI9hE{-kMb$frUwdrz`u20^*F&=A!$}u%fg`f zaZY))>=urx%Z%w>~y1V0-h>)%DF$d1G0{#$7qWReL9|jj^V%+V+_BSLUI+G3L2X zdX`+z&n5)iB>xYbPkb^%KQy+M_gua4g^44~&V) z(Qf{zXkAji$+Rh{-c$(wT9KGPK-d&3?nnSD?JlR)YV&5 z5vuX$j;aOaXSTX}IVhh2na7UUc65Kmg}Za|@)tF%-dD)CJuIu_1>n7UUv5jco>wK3 zq*DwHa{-n1SIGMB4Zz;pt3?g^CARz#mD`HTyVsxGC{K8k{2vE8byb4(CHcRd?Rz_Z z{hu9R3UB$p&+(hb|9SiQ!XXE}Y-*?OReR96<3a;N2 z;ES4stClJvKh7&PqGBuXIO3T5G`ps=`RCKfx6dMg4f|Y z(rRLwe>`g(nw~d$yjsdi%P9jyIt4@4 zv(&AA!D8L-LpVQTOt4>C^;13s9n4Vs;K!hz06$j8T2AH}{7dSj;9p!QD!9BXcK17_ zCovU!lp`r_l&M_}UcTJC)KCK=x2h;F?>EAeBb;9;p zfn7OXQExZ31xp60HV4j~l5F7fHV?~zL_?JB=Bz89Ag&7cGE4h7NUTPIxhvp2C<^L; z9>I+rBDHJ%NCo7Gt`2e7Y}oNumdappr8ykF14=xHL-e(toXrqJ$-`(S^Cj^YIt+mv z#1j?&zg9V6J@h$K7J9)u!+$U;DHQ-rn~gdSe2xY&WWlc9OB?0vkwAm|2EqofE4-Byi!it#pZwlR_2v5%a`9ZEicH0iaeUM!dC zKjFf{agW06T_8Q6;Tou_scr%f9f-2YQ5!CTV@4LvZ-9Lq*w+arjSuudi4W)g-C1)? z60&RP5C@&oTnGFh#rB4%3!oWD_h}xk1fxXk03jGwy$yUtSMLb!! zYgBcSx2!LRg)Gsg1k5CLhA_zh^C_8)j+BWLOr3@qRKg@pFf9u5$0OboUMyGw422={ zwYxrI$Te_ziKda9M0CT?QSAYJw8_A&co7=sU6|=z2VgH!U8#&>f)>+c5)T8)_CpqU zT0&uJfy<}BB%M~v0coY!a^l|_NCxl%!VQ7R2OJO})tL;6uT>FjUjFu4$)n1h`#DXA z&@Isi5wVUbq>Q;8TxmIeE{PO6jnWNTs5!uG!f{c5366=#9rMsHfRSo*hB(AsPVD0D znp#CCKiSE2NQDDcF3LgMxtw^kOHIv*M)T(93`Bn;jB2j#MdJiz~L8(FBU#02yMhBsWjR_fo*){J%*Et2}*M%u$Qaj z?_xUPhIh72cNVhhs*s(S3m&m{qw#?=P5p@GNYqYwut=rQWVGl~rRa_ukmBZ~LE0Q7)jORJJc64h>PD%NeZ74sm?KB-JidU=$}?gTS$`Rh@nXiZExsaa&s>Dnwukzy1P z=R{Slt*HoqLrQ?^MW(EVC;&G29p|Eq&r{f=O;T^34TL=YD@Kp z{GSr%U|p29QK|Tl@7tdQz#-?vhPtXB)(|PPj?6=FV!Od|4ed(U?x1xA?pGn5 z4DnmUIkV1_UX|bVN1+}Yp%5Vi=WZO)Y|XHPZkASf9;VqmxB2&S_@?14OjM>Mmz|0s4yi!mBqQ^${APm&#Rx2n?~8c!h?EGTP5*&l{rJ;yuutkD3b(O{A2DKOsG`BSC=>i$w85O? zIHjRks&v&KX?u%mc%3@T+^3_N9jxAi%BG)=rP3-e>L9iB;2A3S;Cl^6eOk~h z0Rte$aqA90K0e0MKh_g1Q+3`q1Fh5VP}OSmjbz)0&iRc^-owkyX0R0;1uG!4oI8eW ze7&hQzWnu@BkOgX6hA=LW6lRKiHf7F$8VqHF>C~uZBZdhT`D^29+E4ZX`t74<{aob zy)ALH{njv~PTf6xKh@n*tor`2DS;2iCkMI_X)G3feJ%1K1~xcsnBKW+QEo(6QA$-_ zQ!+HmuY`_!Xr%u_i{D9;<>}GMeFFrK(*)Z?Z9`^d{&0zig>|g87om`Dn)Ye8R$A9N0uRaE>3SpSrE}JX-WVY8)L3{YI z($A`(kCJXK4dLX?he1z=q4vn-mW)J75W2D)M9x829&OCo{|ssskpcNr{$3;{vpCg~ z3|=zme#s3724k5m)gYS6y64eLJMPSaALPp)>&G{N&e~h4 z14OcpCCB2^Q?m4j3EUKQ)P&O|ryS^hcmR)4F<0vRzk3Q&gMI@l$uk zV{-|T?zXHJQKwEtS?g7ILNOCT5I}dpMR)XC8yA&MVg0L#IE(JC?i9VRdL`K783}wV z0T8VRa}5O7Rbi2|5i$kT&Tmce26UMDRb9!^WOz5?hfDFvyTiGTs{B-|&rx7!=3nAU zV3!6*3$RL4UR|JLSfoQJd0!mt-!1lZiNU@JI$<;D^x*&dP3p;2k95K+)dzlC_GX?` z5|G>X@}pbth1t5hk|${j5380EU#~8+mP_kntihuT=<;J%clrB2pxYmVnIkxr%UWB` zP`4}5<$7cH9ngy7m-@Mm7eWl2jq9XSn5k8E+TMkE$Uc92t}(w?SkpLoM$YBg+)1kB zSkwZ@J2%OzCKq5cqL z*BESUTA|!HWGeV*93zCVKM*q%#iA6=P~_6(SUJhr$~v$z|D`wwM0q*AmbFu}4JqoF z@LnVCRM#E54(DL*wf9lKAve~aU89+riO(aI6=bj?#ds66H_oJ2=68ANv&aSKHwizU z$25B&P>n6 z;uFDyJpLEiwl}@c1c`q5A^3mqc&~~cdLGkWaNz41W@jPO#sx(PU9E5D6}J>g0^Rtu z%<36BebYL6%ZVhZtLI!^%iylXCSEYRD5XC>Sj&1qha>O2O;$cg3mMDkkD%T{x#+U4 zhw?Uop;UWdE+dFZ=gUe_TrmL|Ol+tkT9`uhA~>z8*o`_M11{7)NwYG|w+LkzrhpQd z4&gXgQJv^I?S*f!Ru8%Wet2f<-l%3bj;Pp=3K_7}=bBU2y)qMvx%R4@yEQ!HO+|*Hn(38xOKNtJ^Eq7f=NKo;jDBKa(5iecWH=q^nouOqvkP*D^okGzuji)1_(nOLx1|DQRw}=wH5-oxWc} zRunoSDMF=>QBlB>U;tFd_nb9+w3{ANY1HM)L2nFNJV2F`Ed3WSh3MIsI+>DyrI#?P zLZx{A;RX{xYhVRkse4%$?Oo0!N!{uJgSk9^@w)qR|M2k1W49!pq)R}&K&gi;7$L5d zI}M{3CRxPx+3h3OAdc$gldM>GKiHwb?)mHgsnUerX#S`40)*GIXgKVq(}^hqv>^ZI zy`3FD|Nr*A-P`&Isu< zAj{-SvcE5{+bdrlx+5$7=Jz-mfS|jd_0Qr7EaEhaevO8B4Qejz)s)Z0XoUP6ZYSp*5I#a54-}*;iFVVbc{wM?b zj-08PPgUFsEH~WhvL~=EN5P1mv~qbM>1`}Q*1ZWDcV!26J{+mSdpKPfi)Iwalp>Qq!kzD?(B4|w29Kwy`Yey?`xuP6qro(| z%&iH4L&c(~vr0UOzxpk{Q?TqsCd3TyCc5l?fAKq~~kIJ2&jQZG=$31lEh zA}eQxax+KD+3Lg91ClO`CugV9?X6Z1h5>geZu#C0{Ut|z?b|rs*F8z*IAbo~50@pU zT>eF+!PQ#?ZNG|!(FE=yyGJY1zjQ$4LvKIn&|hnANezRcuB`&Aj&v;?mbuF`*P71P zGED2)LPd|@FKS${D|96=Bt_AhFvCz-CNB2oe=N!X9%O_F>bsJ@(T(DL)Sqfy24caY zWzn7h=Y3%-=+n{H9~OHg>)BJbjv;ruC)+=dp4mG|6sI z#~o#u!TOvu#iOxyM#3Z|KG5XAd|m|{3mOst;X0UsqBDa%Am{FbeaVkKh~e-eoN-nA`h(MfK75P|42%-47CZEbIETLNSY(5(f$QVY9o#V4(NGKiB_oVQB5uD1>_ zE!8h+HUiv%9ko~e$k2wm=>gbVbd4k2WXsQLu)1~`v>pl0zpbx)U`)PzTd!Nk*8KMq z)>-*le>bZC(KZ~n1oV9U&-Ui#?zXT0*|>LG|M9c@=IVd+etr?%&&OpszC!ELZ0FZZ z&HOE>3iP&KTTfu+e_X62FqU2EPi;4@6x+%Tcl8ltffp9UD~-%;YB-%0^Dhc~D<;5H zz&RZy*PwIEYA%o`=TRp1In|I8#p=9nc4@t#l{?0TBP^jRs7%%Z#ypcqPLkM>E|1kM z#bH|@1Dt{Z6y;W4!Av4^kk>S6aEhzpfa80eylZ$mPF+23K1zDAQ!pz_){jSJi$9Zq zc;aVgD4@JD$cCg_inMX=H6`G$t*55XV( zKcrE6gr#QgH2Q68SZswOT^vEPM7S>;TfcsOQZ<7P%`ir_p(w zPIK3>y7Vwn&Pd6S%NR#bQa1@?yV#IiRh@*{Kj`e?2nOFbU;|Tcs%_`E9GobLr>P@d z;lbD_B>~iNoFCgEaV(scjLA_MEXZk2Qn)h~E1@Jqxms>>2698$%@r_81CFCvnBx3O zQ(2tYT+ikPQk!d7PIB|gS(!=ApVO7onX7T!WJ2?bv0X87xj(WirY@g9maC;FS3|jx z1mz0YbyJkjpV*a?kgMTbI}Q1@#xpO^xIP*;nQ2@By~$kT3g-FEWgAx@Zz$im0#}`J zeE#lTBfq%n^5!y(>q*>Pj&TL@Mzf47pf{Fhykb+XoH|^SFE@GkGU>ugQiS`MT9z<; z*$FI>AYAox11Z8a4fyyZ;T{pcPMYv5tIz#9dh z>IxA@#isp?6s@$UVj`9b5WnNC`41#2p&f2l;y>?1pDu*v8``R~-mIR*t4ly7xePIC zA!K0*7xrMO6J`x&og_}t_?TjP+DjH1V1oyh};c|@vTcT0g z40JMNV7vba@R{eMPOtt#Z-UDb_#k8y!ohJwN0boj;mQZj9i`&&XdqT{<+v+kiHcOWhl@vo*418EN4X*D1^P;oSEw*;hZX}H6`upuLWQk!X)_Q@ zJ)xU4V#)$iDAjA3H}sm6 zXXvDd!zI`kp^3}yr=wn+MA{hyBl+ej#^Mv}JXpE2`Ded^0XE)nheyG8!5jDG(OOyL zXvIc)U>(A#HtzZx?```q1una5u+KroM#1Ud|NMu?f}hqlt%f(RcB;**moBVQb0QLA*z*VKrSsa~^#R%8iZ zAhrg)s6;EdluEB3-c#q^DKkIV7tb6t(9!bMbY}4;ndEw$+K;mIjhLmTs2eN!-`o|a zA_c^9^1sB5>q6xN)UqGCti;i|BSDlI2iSV!CrK0QfF5*wGozLvpAe}+7Mx`12 zf-X4to+!fvomVK*%@MqvDI{EiAkHbO2dB6OB0Gp08SpDZN?GcTRg@wYyt+TfIuN8O z1;C9`pg0^Eb`j3l!W&O0tgsiMVkd8M>|x=w_b8*-c|4%7wZS09BN+}gMUn)XVgDUE zs*l1XJZ0}ObUMV-;t)O<;c&I8og3H;V1PxWuTB=X0q;vv1XMm!3q1^XLgaTif&6q?mk4PT-X5Tz( z>0fMIa1j$0niV{>rS@gm)7k`%W|o^rlu7A{t^eiz9NAH#<|-sDH>B7a7fKrVSD8Fn z`ZZ-^DfSzz2)8>Qj)_RFGZ_t%9GOWoSIlBOSG4fH#5E{MX2w5C4Cd@`Gbk7C1m_BvSjf$x#01@G+iCIB zQe#-6lae&XMY)i11eIrba5s8Sw*35VfC&uQ_d>@c_oo@Mkmwt3BVW^lNtS`w#((EX zw&$XWyQTUTn)#b+L`;A2DDITeLp&48CC{Z+wU~Kine5O-0RU&liuN}2ih3zHNP2FS zQ!!2ml}y#4a8p`QrVQs=r%sG0Qoy)RSw=}8=}73+H_m_+0xJr7Q?MbEI_)3@gv=fw z1(;&Km@EQGBj;XEp|yP>>oKv7h~EQ+#v1K$A`BOC44jff3py08Kn#)vEkqAnaUa7F zgSF3ob;{`U?Ws3mFwNL)2|-KHJwUXt9Q7?9-RoSC&A^3WU6|@c`CaMViX|UcU5G$0 zlGJA&@W8WS$)E{kajbg=IvYG?^gBcXSiN{s*M*Vu))kj zRx#>&d&}2E_y4tCqAqSPxIfj$%UzxGK`(V{mhAr0x2J532h`rCrhSQ;(U#nwA9r)= zWvjk4uehKeePL>M!7JXJW-6Cu(B9bSD;oDBO8w2AhK1AVxeON4XUH-Q8f0>F^!oTf zoN>$jc1t6nxEduTp)H5J2(AUIG-TMz-y@$or6w>Bz> z*+|)8l$R!EJRr-;$_MOA%t{4%YS3LqOn%!%1h7gH!3z0%8s<`X^DIP(>zpcq$TDF* zF*0dWA|!TgC`m1*s!4z9&9-(6Ju)UHY4x|WS2Xa#PMQDy2S!qTo4=ch{~F{&c#}nL z+?V<-$p5pmvA5;Le{F8$xF_KQ+kB^IXe0=zn7>4B|{-DLYs6Kej z%!o;4ONZ(aCftRWbv_~}nqxpvFP>nH-r#V0O5CKV8DOHs523$u%J$83)b&udkBdkg z8&~iz@`-%<`>U5Zr4~Y!98YZ!!L^A29;iGtg^_RxX-KcM{S0vHG0uY#1qMmOk}mR8 znN;PD)_M?h4kNQ&2G~X}JDig<5#s`hy>Nhu33aEzZ0L$~(L%vr`G?ElH2rk~JICip zTlFro6p?-yQn?GPxe*2IuV#-#x(EWjJ)O=gI74H0_>98AQe(+D@k-TLn1s7y833D# zUuU$UyeYXJ4y_VO0(STMD$10oetvi&2c>Mt75O0#$U@f0`+lvM4G{e-0nfSc5vQ!9C?e#(rA7vR!=cxm zaY(+wn2R$@iDhOc(O9Wg$bnpWB3b|e9w*n5d}i#us_MKs-@Ov20gjY&RLV}7L-f0^;LuBXqWf`PIM3(-lWlyZks_J zI4gJ+6 zpAloJONRpo&I8!L!Wst7!{C8st)mK5nO$v)oI)zFM5a{uoHoJvhR%K2NK^~PNf)kl zT=;dj96}*vqI{8iA!bhGXW~$<*Wio@MNa-0-rueg z%N4LpSd7dn?&(*Jgu8h-lw71eHbIkXD(A)w;)!S&G(@W=2+zo_V5EpB2#LQ?lF8VM zNfztR3BIf(N1WEgHfzxnsvxdnn>qNsgNzBM3F?SX^6{DvPOM~-l+w47c_3HU->=Ww zllPNVgu2T7$ku8BsJ#;f(s|?)>_TVOs$)qaO3HzrT$Kb=^&tRw9$tv_Tq4RFswvr> zMrRViC+KsiCp|Osv?x-cCGJL3ycMiTcGy~IJ+TOvbs80*u2}??inYG-0fAq>5o_U5 zz04kaGgvJ*s0NCaIOd@%m&!V$ClcZ4AB+0xy3EN}7xOx|m+-?l9l@ zO(H&WG0unWKxGQ?kX`q6B3Xh}eye3^zEVlYDkm=`$EFnK5?SJuN+Lc!i!g6>T_@fS zhjGzw;r4J@)vZ)Fik6bkIh$94eHHeGI($G|F5yRBohq$E?$^w-_~J%+x#`ryH1)pB zJ!RgBpN_fm;8jk(!-Q8|T|O_aG>qa3>HN8n4flGqPdf`E16Xo&H^qG5b7@F3_;cAV z+4X3(KyrfFsjf$344k&JbB*%e@v1A80laPbX!65^22hIP>;Sv znT|oMo7Cl;#iZ>S1Qydfm6SawOlK355K7ORIDZkw{JF%j;%unYk4Zc7N#{B&eXoP11HJI#Oo)vYgOwuw^aD5R2W^~d0VeU zkS&_!DM*$g&C<9|uiH`9t2?ii6MJq_hkBISCU^R4mE!b6aF!y)udm~O*WV4(izKfH zrqFXGq5q_GeyJ;^n$RzRe{~+yx3k>zh;HcW_>?>nvx3kYoYUyX!1nY0bjOpArG`z8JCeOINlm3HUXFpzvq%Tb&Hx8A zm-`5nB_x+9$It?wq)z`#5+oO#Vj-PDPPOTUpf*diJ_Q0Ji9>i81R3Xv;fiB6;RRN@ zk#n)IV$P#@6l0tyI(5-dy75VujCRH}a7zb1BOQRfZn!78ie+)lKr0vxrX$g8ro@;J z%$Jxb^&-u(SrGQn`ht_Ef@E{$&I;q#MBP+&q9T(J-#W9DBLhByE-}(%ngsf$ri%;l zHcf^z!9}MRuFq|ot^%=jQQE4+N+zq4q?5eUE+?`TrZt}t^mam9*H$m!y2N0bBJcR| zCN{Uza;~Ry6CB@1i1Sxx=c+Dq-$uE0L!bJ6U#npb)1y zya+ENxjwA?)fyTpKPg|bl>2rErDN)(bO5lS-!yl4t04IIQ4nDA7`;==S!X;dLwIQ4 zsm(xdb%ClYn$C8XN}+$HG|@6`F$!fCqFw{Obww;mGM7{g6j(nUn7@FoT0LPQ6}@~l zo9b6FmiXhHeVU%Ol_ZL*PgC<#U994#Ls<#~)R)SGH07m09 zO;2XP1(U0wu=s9c;zx*^Y0+DF3JXX{&3aQ-wXOm=KAU0AGixC2wjI1Ln7oWK=i{z9 zs|v7TcHHHx?6(5?(xM!!bCgXQ>Q&Q_73{GSaKD-$u-U^6?VYFHw{B(oQWl!Wg4cK0 z$9G1@El;tN?;NSjB4MGD+C-%Mu51~;E7F+Po@Dv_#cPutrh*LLUZ1zu=eK!%dNkz5 zFHh@oTZ&xWjLv)U1t#(>*1aY~>`6vdAQovh;B=JXc^VIbew=aAtpV4jO8S^6hVK@& z_&?*+oUHw#P$FM(_DDcouN9a^UH2#nUWmxpbJKUWOizKs#D$r(+jOWS|!H zFMUr*VXb?P3BC8D4YWRD!tecPf31&fQMcrw{V5ly^dR!l%MQ?BriyC>v*Z0Hp(|Yp zh^>FsaXB13EmZG{;W*rOVH6I3HYY^c3XoQ5yX+WZEWh=Px*Y;>|09Qb$zjJ-ezyD#!;ib3#o7=bX z-=F2T62QI#9cC;DGy>FWD=WcHd!xM>G%z~4wXxUQ+5|bN75oyv2if(MC4Q{043ZrB z4-5v%ps$b$g~kLV;>S@h4wLoYdedYwrQFCSA`S^4*+?;vV+xc|_q<_x-q?bk$yG>$ zPSOh_PtujVx%IZKQiv$x%P%$qCckknMvr#-g1rYMIC&f=O8c_i{%_NXxDep1QJVlu z)k1v^TfBo|dK&kYI!&dFWVXrJltAbLC=+p99Z$N_xDWVdl~UkB1TG71#-X9H;thRl zv1IKJxr|)s6rdblE~!^qs#t{b5K+UT zHRR~@h}0RAR-9NcPlE6qb``w>VFmYT?D=#&PP2)Qtez%RK?z>9rsLBLYe&4Iq&A1c zC>rDPoy4b8@drKuxfmnyt^n*e^XNBz)aks)V&Ho7)=TzHUeF0HBsvjGE#6EDcId6- zBY`JijC(f*sdtiQnE0np4o0EUtVs+8ClnuYwj4y9UN_JBR;?w#|7{!pw_6*0@?J%w z^jt<1Y;Jfv--mN0l|1zhc_(BOHJ_)XUC4011+P8a6~`LD?*t2xi1~Frn)KL^P4z{;Ecm5G@+^B3`XSSU3!S5U{K7E(cFub zNw5YOaEI0g!6Lsn4DR9gucLet{1--vM+vLP;Q?v1IEWL?AM6++(+ZOr8LemnuYP^< zluF^y?5ydWr2xg6hQ&-^F9HNjtjGT;tpDA{*2Ef_FS&Gg*u`CxjuL8u=FwVk*5gAmZ?9+Dm~K4S<4R z4g>u5Ny4uY1`={u_19T=4%qbQz{0(Kye?34o(0eU>Ks5J@0)GoiCEen#K&UXP8nxaY|qVUfpow&Ahj42a8EhgsO0-8v<03wvc01}>@^R4#x?JYbl zE5YX8eMAxb=5z|Ql2?Yy>=>=EZnarsl%k{#@)?qRsyvL-Y+;HFDSE@XVzZuUz9G$n z;~a2}YSkUH=}yrLO&sFLthg%aBgMzi5`w3KJsU9R!SobX0+CLw3ZB|{FhkFYWA{or z<~xa(6sLjJwt)=u?9tb6+MBWV?9I7kO>Vu5FfADKj5ue=_CP&%P*FK%v za44AEHQSM!mYb&K=6!1UDbeQ%mB;$-La^M2Colu==WDGDJ zh+G&c(F&k2-QNzm{0BAq|EA~wgT3)=32(w7qcf#v)6>0Yrn}wR+NS9q%Gr`*1S>)V z8AfE|DvW><(OJz751+z_i!Ob-`~ zr$>nrM`QFqnZ%<=fu(H`xI5}-DY%dh@_)&Z&Op1b zfNk-1uD}Zbfl%+>6}VgX?;SPhuIQ|4064fr5Aa$uD@Qpdl%3Y z^O`3>)Nzx9g)#l^S>xW^-8l*v5BffH3Re<4;jp-&SwXAy#um0FB#8lo-j`v-7w>nc zR(qaGJ&?A}mere%#*D~mI)s;4VJA%DiPdn+40!wdjol+9wY3;yTEL#g=^*ZRe70Z7 z5R6#-nPU0K4|g&f@+r!gd&=#%$TqbUA9e<86@j0Ko>=TAQ&H+y2q2z4r~lo(DD*l+Y*+)T*p_=6S6LSLnunrG)+TYE ziUggYYz#x_bZA{N5u{cBn~1A(w`X_rD%-QW>2HrJBSbMJlWa#}`Zkz;H+Hw6$y3a3t4EIP z=^(vGhG{t99CYXqKSLDL4QY`&4&75ZN{Bu#SOeYv*6uD|bedx&PA^VW@&=%Gub%8b ze)hy_v4t%jg{+9_#tCpR#$PgLzdmCiF%7rx?@>cMuOP-N#;T^b#;Wd zgkF)0L4m+9<}P3USETYoj8hng9FT`1Yaaz$Y)ZST84u()P=;@L7vP3>R%MU3cJK4h zI?U{6RN{tYNDB0j^m`X)vlgOQWw^-gPpgbk4u z$fGdppOp=HX9rhvf2_3}aDLvgTON8Vkv>%E9d)C z8OKbqdoz;48fyWunWum?s)zf?6qp|F(WqG?Bje&V@uYK5qZOYa@xjwP|fe2Grx`dw7@VNwW{RI z6ivk4%vGo2`BrfDY&e_uzo&INc2yF`G`{+=XidmL>A3E?6h&IMz^hH#X>ukPHe7ae5kMit#gZ zv%cTCuS6J`s%8uMh)pMHALTH*iHxS&g77_^u|w7&1R}5D1;EQJQvev}5#`iH{D4D{ zu#0UjN^=|F9s-o%yr~dZj-;v;DvM3qdwW~fPM2es*3!?ccK7z=L?b4#r~v05RnPGN zb~c@8K6Mi$^ZPZWUvtD9QOX#wJKMCU)~O{OwTj5skonTb#lh}PKYRAhZg0pCZ7RTH zB!obWlSRs>q#A7HlW;U94GSP*BOK-!(17N*JYb;P_qQ-3P5*4IZF;qCmCdcK?+wjm z+zbw0ibpK6nSd%>4_>Sik2qEIFa;PEOPUuZaxfZ2gP3bV80CdXOq4&MnVpEwlzzTe!~-ZB>=92H<5M`EqCwUaYKNLwd<>%RF3f1dxxi|4Oj z9sK;;>x1Vv=mN69|8rw=_g=yOXLsY)|KoG~UUJ10x-T%2PYL>`a4@GmlJD6C!1fa! zO;P36)#u;Q>#p~JeP17iz!hXJLOpwYdz8PnpL_n<=liDnxVrz}?#|}kt^eQW___N( zjC)y#a_o)bz%~3ox9)A+?*Hfbx%>ZY|KRy+`2Q!b4sXx{bW!{VY`eezJDXd#_y6bk z{cxw%va))fMhQiKvSy!HC5HNygVVq!r87#8%T34w-872?T zK!}<+4r##nQ=K?0mZusH+E}PNfd}uXF8d5)?d*Bar%&kZXD12wut( zJ*5hHH8yae-Qdlyu$; zSv)pw<*ZX3g-LiSN?FGZ4Zx$1ao6p`4M}*Lyt(s+!mxuwpi)!oV8^4=c7BF+TJmpt{uJM_eTN1)A0`CS5gU6!C61I0I7#ZZu)Xo^U4>C9gjuN z>_rb4mt-W3Xj*YaEe0>hSDwC5T0Ld&+2DxL4N@yQ|!f**Ub4)8jJ}i7p`pRp8%^Hkf z01cQe8^s9N-MbvDsg8#iVt`5JX>L3rom^4*n<6P{xl1F{Uvj3_D21qB1cZPS_IJbuw!2x5DH9n7+D#*X)9 zrJDRY3UTM@12jv7xj)d~UOlBbaY;RS4d)!XF5+XRD!-{Ot? zw%!TkZ+>Qv)qBYwK!5oBZT;n|7q4GDdI5i#PcHeN@SjWS5c~Zl#afq?=BCMl31+o|mHacpl;jM#=L5q52pY=NG-lO0DsP z?3f%2Z^KYWI8)`?S=!YX#NE5$3CM_d?>fB#rs>E^P6|b>LWxhKBCxa>bPs4opb-OO z&S8Z(3q1q! zN9LFd~83Gt{mcDn1U;`V7xfj#FGcI#%S4^bH&w z=5^2{>-4cS>8i3TM22<3WZ1oTutIO%*7>^!e7QH#`v!QP2jn6;Ybn@o>qo~y!;0C(w(c$puE{PA*bR z00w-WF#P1}0k=wFD7_iu=^}>@!yq;FECDT7@9*twY^(+i5TVa7P2-woNSQWyOUV9N z@i-g|&;yNUM2^YIzd^3%2D&#*;6!00l=!mHn>9{1twMQ;?Ie+!U;h7@`h&!SY#bIn~%q_nH0J>~hZD{P>e$pGaB z6>+j zl$Q1*1Rfuh`BU={)ElPahH+I4Xa(!4E(^a~ra}XllBhwz-p#`NzTdUJeI%y@V zmE6&k{LsB#+bSjGd~6X8iq}gsu`1HgV!i3>Hib`)C;UjUtv06`oJ6QJ*UTU(sF@8M zsX#`>4JKTC6EB$&uds+COo>d;eej#Uv|EcWKK3c+8S%e!ivduVuX~(meU^eQ#9cXr zl8HiAPq6})RIa%K;&>W98D9elH%2wTH580LSZXB23*O#Bc}tijU+`vJoW=b!Mm=Pr zH2+dq7s7xrIGvJiequ4St88}>xOOqsa5w_?6aGVinZWoM^j&IBKIgG;Qo1zUbtadj ziGPV#j7x2IZwUXuy_A7jf}h%H9)c<^OYWAvsDK;#rRMBrM;onokNt7Qc7R!GVrF7}5vQbHcB7P1n2 zIygZCvqENJrls(*$Wm#xw$v1fTMFUsoJ3>6fow;c^Z-_l*pyLjYWV9+1n(X&kteZK2F%Z<6O<&SQdDUA&UJhk z{8RVako?;;BIfnhG$}SKwj9=p9MDaZt{Mj~g@`U1t&QqsMC=<451ZidX!w?c^&q7| zYmFTyfjQ;41fHY^N2V!jNrG7;?NOBW5ZHKJT(eBPq}QG?kd>kAHfBzX@NdQ`v@A38 zDVjR+{UotTi%<%Z+dbAPLO9Ehpo{uaTy+ZnktIJt*{CT)GUZpqqnARF88fI6jNyeU zn}HQu>~_=yQ{kZa%i1An>kb@mg5?Iy?&aNSf_z@r&Z&!of1FyB(8|7mkwVdNom#=*`JvkZJ zDgL>r8%6L5qR-KmSW1#0HUSpKX0p#G0#OO$-Z~O0!y$RPSF*TKG8!~A7nJ-%36N;m zd{BoecZbPxRA_`S%`mjp;iU?3qcP$4R)q*_V+z#_&@C#7=t>>LIfc(6glQIcgyQA; zTV>6Ra|Rcu#KYTvcLG&y++ zP{Sz1tTg?1$JiN)^uQG-lf0uDY~)qOn0W<&GUEdjc92ec6AmUs(S#bKa)}Z&z<@)O z5Q@bb>jdFKF!kcEaNuBZD*U9~Y=Ok#LERN8$r0;%azB z7LIdA3eNFzKI5XLoX6rc%m$Qi9_e^|nouS=T6)g%*3qgXN;pF|62?FJ))p#h%4khd zIm)QslB+;;)5l0Bd2U3xj*U1f4`^mOSdcMAg|;)rxFFIdF@=F~gTq)L9gPPR4bJU( zG!SqdzTA&Bm}6q4nIH_B8n?ncpN?2_-s4VAVoWMG&SF#x>GEVq$Yf5Uwqq^Dfs#sO z%+C0l0msDJVMuDeoCJ!7NxYx2L)zuQ-_J;yd5i{_7XAHz6z0%dn{k*y6CCW`tccfd zQvlDb7v9psa-jKoA_*MX*Iwy5eT;0P9ZHqYR7AZ5u${mWuMR``p0Lpm$jrVV*#93T z${?()b(jzAZQ{k)t^SKX#Nth8UjquG>}{)JsTxG*ZT_g8W~cCHZxz2ZM?N5KJXvi9 zt8mSdPUkJW7-%b<Le|pNi z(PH2&(|O61&7@T`drbUKn!HV1gH_Lx;xA8t3uL-IA^?&Il76g8vR6#);`7ruc^|xd zx!)wwU;uZCWRfHcbz-N}fr$*~uSJ5;TH~{E`P9ebutT4$%QhBfiYn4KtHZpxTyt%2K2vJ?t|Fp1$zEMSDU~cxNSMT?uVLAnV zEDR9q@m_iK_}3llX0kFbq9+vcgZs}O@9oTAt-e5=i}7L>Y^#s?7!J;MWZBSds}IzB zo$g$G!&AgdS;L}tB_~AMwh&&~@gTia+~ZBawO(#`1I{(9-a*4vcU>jF-8G4!+CFCb zT*#VVwvrGm!!M8RjF+}&o$D1B><>}OKBa)!mhz_q;2>24V~OMvZ5Mo);t?@R^xrW% z@h7?*r(zG4vlH|Hr;M`EP3RiY&T{a-8Fkqg@rr~)x@3NtW^_@<2`4|LQqsf#srY+q zh_3Nac}85s@8ULZ7~LcL- z#m{%$LUcw%`5I6-rZ5RYVF-l}b5%ak(+gJbZESc1;y2n*8A5Pt_`O${v_NhoG-|Iteii9s$?ev6K<+LgH}> zdw2tJNiUHefe!^o}e)g5r zIe>Dtf2sqbs@`5(*?(Z$&4zb5V+BcL!T?!*R+ihG=IY9T^4S5vrug5)RcN$0tGISW zo}m3A9ALPXBq3AgZdErO_%GXMPSC9{i8e)puFix|c3SVDxB+UjuTBheOp|b)^Xax7 znw2E1bIOcJ?vsw&TEWcKqh1|u+8o`L`JbJ;cTH7>C&+?FoY>|yx|TF_3_|`8 z;~m;@delHG#U$+%-mI;$AM~SiJOd(dHbK~18ynwaqM+SoAQ?!)PxOu*WmC+iDHN2@V=bo#GlUF4|n1(uYf-D8-97){DFuWio!)Ye2#n3-yO^Gr8RW57xHqo4|vr=kkn8n5V0A0=# zSf%~L;Nb9WJ@|S5@ZhldHu?SF^{+2}dma3~|LWEL^VbJY4uco3f=4f&KR$SU@ZvfA z^-Hk-{C|S~I(YuLsnjIG0^lGqzA+{Zz+n_Q15ip6oy~0+CZ|(U$e|jMuXZa_RfzP8 zj2j`lu@&aj*7VFo!*l{Axob(iEhxC|#N$9CiN!HZ_(7{5(`FT8c-|)UX5B;-VklA( zZJkfLWVVA33kL$jj(8gIR?r!+0Uqnb&-KoSI?Fil$&U|$4NO2t(NIW->}Qww&{*KG zp;yL(zXsuKlfKrL5nfwp01w4zVIJUB2!ljK;|EMp^q;`E4a2_v(_~xazqO)OeN7iH z4vr|UXq{kWudw!j7nvmYk@A=1+lXDHISxZ&E$s3Sur}@m0k97x^Jp?JCdq5amjG@r zyX`5|b%A>zE-$}y7~MDfbK^f%sm?E+|6zN3^EUs(=lHq%uhS0RXdesWe>b-a`JZ<8 zHg;~~e?Q014YsX)y|K1_{jb|d+nb2Ar3`^~oNdhsv#ohiwlyorwpRQ25L?cVjGSD} z#MjD0g;g~Uu9cC}R@AJ>+S->2tgY3)p|DzaupbpvTdRGxkXptBH-GHM$I}wj(rDV+ ze`+u-pvN~7N?WT*jA`uy)!e1L6`kONF5K%xmpX6gEp!48b@XgqzrC#S|6XDTwc2M3 zoBh}cl|aV{BJ9e^IU%yOf2#=DTJ1k1K9+Z}#96=gpBEfUvW`A+ENoeqpCA;r zq?@lG61MDk-v+`~1;Q5h@GFdiW%^SR1zY=+L9ojJ|12@E%M9cj3xQo`N?#xXc9~&) zwgA|rw*8xqe_dvV|L)WfCcE;Gol zBJg#oP5x@*UX`7pBAn0$tS*O1$1{9~tCx5=t<8;Ot(63_nq|6n5Nq`UI1#Lc`4$3L{pnT2uNH^=k+G}Q6HtMxwQIz! zmLlj;#TMe%ZqRCNam;GX30bYV5v#>jx^}c`_4?SMs#W-WjY!p6d7x@x?VLE(BJS%j z)!Ii!shYJciBMgVs=48224Y!c>Jq%|w-=aNt9?CTsSDZiE5)SNt{aj%pEbW$JZkMD z!cl8iiAJq09gMm#7Pam(4@<|Px@T`u)MssB3~H?`+R~iWity7bkD`heEDSrX?#aZQ z)`}sgg^ACJI9;#=D%iC4&BdCUwYzqpY3;gkre^)VnHbZWzr){TgsJg4`&!~lMVaSC zm)1T>a4Gr&Um>)VPDt%KaiuD(w7&M2+Q$Z!)|QMZt<|m;QHtdIqvJ_y*9a%&Xi^nS zTDz%O(%KD#lGf%&k}}DQSWMaG}Oe^mF6C>@YW$93XAw{G|Uv;5rsSB%-0-+!$CeY^jk{#UjCqPxElJh=M)-@CVcd;UMmZ_)m5 zY?9@u9c8_1_c1^Idt+l~XUpCHt<8J8TetDwpX0aRCpo3lAsMIhlFWv65qN(1(}Un4 zTN3~DV~793ID4h@WojmEQcIjz@*9rOPFOWW!E#u1kQBIqr;@oy8RDD=`@6t-e7 zzyVkka-B-YWJo70%gO%BZUvJprNC**gCwzs9L0#?h}gU=#E>lYZlopJ?eX&%*rc@C;eVr8!C=50yAE%HK@8NP&696(DBf+8g77lZ7 z2m2o~nt>37d)?>Sy<%OX+F}`yrUKVc~+*N)pk6t|g z<>1w`eRO8I%h5VQ_t^`GQosOxS?7i=?T&+PLPU`Y3l&sefHaKOD;~m?u0A)6cs?yY zaWV6a5KkPMKYCSL6xsF;L`LGViutT3=|%ktN4;b+Rma|6 zvDRxG)U}tb%c*c2!XR|vw>)CUO&#(~o<_k*L{VuHrzKhZ_#I#2Dij)l!1A#t*1Zjm zc)r4_m>_Ic9=NuY$HNxIWiLN>3*P6_8Z46kF~eRP`OJ^70M3{Hx3_k;w|)Kp*1cQ% z-)H%)1WzLr1%X@6DUl(kJp$>T9RG6@i!maRu^l`UmLZSEVHRqxx}Od)0>8F`Sq0)j z07ylG58c^0B~lK9e??iUBK|2(5Q!kVS0^p&74uP?MxusE+@i;E)(MKn0xMA%(S#Ms zX~E1D2N1K)eJs6c9i+jbvy?*pEpxBc&%JzosBD&ANhaZV~ zqba#xW18Quq@m>yx0L#SusH9(c&^UN`zS9igfA^X}yWL*H1ZW(x zuQP*bk5`T>B54J{aX1giiwOo8HS#shhZbAH#NI^{{HB4?0$f3)y}^PHuQNcT_OS3c zrZqTF@JQd=lt&pueyt_}DP0agv?;8?_aQke*6s9r|1K_ORGydvohP z&hnKBK?2q_9FHkk#-Tf?0pJ!$95|bU#NjfUlth3eUox69VHlxnJg&$oCG!&|Ey}%eVYR!L`q4VDW#D}h5#0iBCL=)If2~m_&Zo&*OgQf(< zbA%KM7pf18@{pnACx~4EcSV2bkrYQj?{9bj;qblLMpWDn-3zA%_Be+tiW zZG)%ykw83&25A-63gn(`Kic zc07ug#LsxqW7*SlucUB50+P@s0X9L}rY-evzvn&YRG|QZS}aHI&Lw8r5rIOX>QvR) zm&N8!_MSX9ARF?46=ZJP{Q=^47?n!*jF$2lK7b)bP~xL%1KqPgO*)7Jf5urEs;N;5 z(2)Y!0$u`bF%+=n{hE9TIjEZ$d3%nHRK{5Z0|`b#kEh_I8`RNLXljjT#Rv&Q&3XZa z4E+<0h2n}9gk?WYTa0{o{^5WI+btV9Cj8&ggmdbSIqeK5;bgrcN3nbe`(A&Nd`M+X zK&D8Yhpa9GAqy!N_F#l#u?tPEMN^g73`MP$MwDmTuDs^I_h=AZZ{Z<$6Q*^tSDEtF)>sJZ>k zhxh#HY1e82a=cVqzE&~Igwz!$GEhn6fq)#)Rbe6DnS^Jw3y>fu4n;4T3iGv*DVo-? z4?7L7KRZ4K7Yjb{csNT>F><3y)eO9x+=jFN3SIMR({OMai@Jj-;V|-3lO2Sx-Rwlo z4GmsX2(m#km?5QXmbgmEQl0yI8_O_==_QKasbuV8hj+%5qxYEAn2#YVM@o{X6F*Lm zkyI-B6f%w5@R~oFaU;7EbG}0^;h~E-_Q9x4gwAmQkuga_8bR0FzyKa6adpbW zB$Q$kCm@2GWCdA{@E2AXn-NbF%>^=!0u!AT_~A&{D@i~LWEX*P+KYmxz!~0>b*Dab z(fjCaHa$tC&Ka)*Sd50$Gx0@fO+Ak!k~tkGvF^T|&X#Bx!Kob|V?W@0cRNnktk^d^ zkEdlKFm+gT%=SlKfh>EvHW>;NUg3($193eQFvnUXdOQ&e`XUA5d#^1RE8##a58S1u`QUN0E4Uv z)@CqZYt^0DM{j~t1%m;GB%CCW?^N@_AX$LXT=Vx@l_wwH&?=lJLxRM%?u@a_Q1(Bc zFQ0Hh#41Chh1Y1+Fd$4aBN7=;nKwsPUmAB9P)`IlbS>PhGfPi!Gs8IKVmqdDIk11* zef{#;%U`;>w9^C?O{R`vkf{%!ILNjD`))j!{8H@cN-ZDnzWn9M>sN308Q5HGgeg#KNAZ3}vyUWX#EGT60}O8fDv{pQns2pY1%YmSz9)~)zJ0D{G*7dZcEIhXP zkmE&%h;g*G6=VwbO4^Y{@>$S=O4?SNTd5_@Klqd2=V`j1_+tgmn+#Q)O1>#JxJj8C z&b&`_9)M;Osi*;GV@Imw^as?Dv&$Gsnt)+?9g;27;fvJ}vW)l`;Nv)DJ;uJ=>UvxE zI-Lw7n!ST@!J3RMqIwgP@8Tp$f_$!v?|5sx@ISWb{w!uAeTK?_WVMj#e}|t&KKp}f345|8&+y=zH33-Dw+>^@O*@-S)w6o#tPT z(0@86@7AVFtp zNI643%M-#VCuakbBY_^zwd32CRt-xf2hZ2H;xI_4Y)pE?eJmi4h@8s z<`~nx+pML)Xhg=&PH{>JmuT{{)`sl(v>l)sYd-hKg77u^JPEB^BdvAZaWaC-+0)OlXcKw#yEY?{y%0Uh|vyAG{2;imRJ}#=-|B&29@(X>P1x@Lko35# z1{Q{y)I@J@v^HB?V-|y-#R3ahZ#Dh)NUH16*q=Cpi=VzTb_i7^i_~ivQR<6@PT{A4 z41LMX+Mjb;bEGMraXETXi^$0!`4XBOmeK7gm^YP6$?z=)hA|gxlz4sO6*hU4{F5g! zoN1jvsRb&OfC)z*@590xNG{@`*<*KrL{%Z~rUge@ajTU;LU*&?kTT~yi$v@Eu-Juy zE8LYcPTi9vuEu}YtzkD$X2?;~uklV5@e%^(sVI(-g*{506jHJ1SvgZPDc^Y`cTpKBFHU-VTtN|ES;ZN7g!M*Uej_bj+H1(gA;R=?mK$T5H8 zpFeHtQGZE-AGBf+ej$niq-DypR@U~7H0^r#M2&~U+7U0{R2^~rtBPiWOhw4Soi4Sqlq9x^~Rll-)Zv@x$iIN^Ly zs0+p1isV3?Chx*n)L!97t;19z-Z66Zr&4>$=L)@37ApM{A4FG;xn^LmMR6i34kM1~ zKH|buxfwYMQ>*LNWQJX2z2YL3*5MTC-KTQ4-qB$WhfS+dqiKHp;a=%Lx*l7Dh%e}E zbPijs)?w=r!9QvBkb6A)ATR?^j`QJU%+MHfac3sC6JSnd)HGw-l8+iIbjSORKYPd9 zxKAjqQv_F<4Bsz6OMuNPdbQUY7!o4{H%C)s_Zc)xBjduL3RiRbc)7Cl+3bu-(>FI>LF4K#B&viwZcqoFHULoRvBoatx`K`Iwkf5Yb_hO&zo8%hw6T;VA3MeQ<*@w460pEjJHZ{xqDc~^K0O^2XX!Ano(My@FP*G zM#*vsgY!N5M!_lL~O0%usa_qjQb39eF<@jEy=T##^bR46XZ^v93{TxM2 zb=xDNUzme+*XpxAJY*Z6(D+wxo^-u^&Kx>DHGYD;af$XJ2e#W!dg?1}XX83I#t;Qj zIT?SY8$LT?2ZtY)+UNsBwV+VO6pjFYPx|b}{yrfQ4~68x-6g|eBsx|B^T?}dz?ne+ zK{$;1%(V^Y>Q`k!-6cUc@!DW1;Dw^1MVoF0bMHsu=SHK&r??CDW{+ko{EEdrjB6Z& z950MP(T*i8UriaB9N>h+FnwAHBt!HLSF6THme83?frlmRg37`OX;DqQsbJ~=NQ|~Q zkFG}1`^unNZ&xZnvYoCr^5^}q&Sg}<)#faNgN2eBNUcq8t(mBUW|PZfG-nfdZLrR2 zO=9Jgk<$nvSs?>k5=*9(J4@U3No1bPo00?GC~#Quu{-HU zQUy>~&@h*xeTu6A7yFBdZW0z$6 zHxrsEeWm&6G>HZw43tn$BWFO>+ZBQoUHfau|Fc&S$sifngLX`Brfysy<$fg zxC?{LVue~m(=|KXiDS5Cnmj@F<~>@<{#LEHiSwo ziR|lVq#;|q2wUipjB*bX>S~t^Da*ebDcK*MARqPV2z6Y7G;f4f??y3w6Z?fiFXDk2 z2;~Kxa?Hna>};a;k&^b2@~W_{kpOB6nK8v#j4CCVbF}6N0+I@(jB9;6IOAO`7zlks zrgZx@C3x|T|DxWWe59q<^t#5B{3=sb&7ewvv$0nAH6g7w=P+|W{SOm=EC>T$LTOK0 z*LI+;%i)g4VuWR%PiEa6Cc>%kdz`IgK-(o?Z5g`-&{>&{`Kw97%1Bi%52FF(NvH%8 z4zmPY3Jel;!1=d%j4g&LHjQ&H2$jDu-l>0^z=q6%>$77~IV(!ag5iaj2@f8teC!kf z*6O(qV#Josr|+(NoFUtv4Ch&okdiq~w8si+t$QjvCv`g%dnP`ZpkkYpDgG1+Lt|;b zHO&(i4aIhat?O zv(h3SppOG2dm%jKcN_j;OhcW|V0-b_y+g0T7Yh5vCEo^qS_9Tm0+ z4ylnoxsbHh2o{e7_U;@&03Y#zl%nc1TA42JtolZpOzFDb4fX7D;=!5xuxij@Hn5iL zatCOM4|k5&aura*lzEexHE`?5cvN+(|8rOk^C=C)aM+-^IM*vvVW+JVoOm6T_1NA6 zw?f9`oKyk|Qp7dDNkH^doV8x3%hPlj{A_)E@n;b|w^=P!q{A-+77-j%RtWFzy{Q|2 z_9+{jqQ5gO~Mj^NZvEYD$lh81m z+`FQNg|Y}vz|lwMD3gL0Ta-G-Ss4mjoD}f>5NGp}mlV@hVJf;K@zjBUc5;45%v8u^y57#e zSfZaL*Jbg4W!Zm-<_Fga2fQ@@-$pV1Z)dA>Zx#P{8&_G{hmw13QJVKSpNGjKVnY1B zAYWHW9Q41(dHJJV%ksZxWq(>X$ownUCFg(R{`N-U{CDo(U*-S2l}iLg)iXlV|KHch);=o*lN%4)2^D-mTyLQ~SvM9M7ZpncR42=$AaV6IpC{$@yP~|1-t> z?~ebsI~zs(ztOq3;{R^tx)T1+Hp2@4ukioB2>yo^u7J{6vx&SxvuGF;pV_j#3lC)X z7jA2rJGO6$ zPs^%>;|6qoIe6%XEPldi;*=o2^4zd(uhm+&?nUpox&Zq|^(en+dg?Cu_B!pb=;VYG z6b%??e7MCn1Au}$K%r@xSxq=9*+IP-4v*F3M(?vB)OgrTXR1us10i~i;B&7(@6mD^ z^O7wBhhGb{=K z8!P~<`2Q9E|7HCD0QAV~cCmqwa~8Xf_*!v}BBIvarR|8)=4@MraNv~|EgNPI8n)s( z{g0DZYMt{B;>M~q?Zo>w6|cErcsyliF75#E2-#DQBjwVHsrp`(oVaSPE&rGnaaV%v ztzq*wn^D}9WDV8!Z)M|e2i3){)~FxO791UWRoXw}@~JNlK>%ia+aG}a&F3@)gpW(p z0!CwvCgVn)9)IdX7U(6t(u%_m&a;-X5-pZF%99P2_iEp?kH747o_Chja7ibU@bHrN zZ5F*{BQeh}?I}%BzG{5IfSeZEn_02H{#84syWub`TPiwlJ!!7*qD9O2<2x0#M&oE0 zY8KrG%Iy`tg;((<+BCdz)N@u={1Lkx9CXuUm>hX$XWn=Erj}%&7ymIsZlnhuKHAF< zuFIA_+ve^AZ;dd}V=&{#J;(FCyZ)IcP`rP>wq&C!L6RiX;&S4?$3T$@JWozq9JX46 z6Kc1cd!N9-{=Di|R$c$h13j;<)hii{XxP%O*2Pd7GMl+;PiGc0G*ufhT9nq{zb3k@Pc_$s#JDMjzUi!>AK7Mi0E1? z6xVZ6!9%YLFCT3DE{V15U#_j60=rxs{Yo_DH zL+lQwqPwSXXsRz0Z~3`tRWV#<1h2G5j4DwQVY%o|d5xYb4XTVK6r)%F*pl&u@?U&% zbK}o{Tq^&;+F!K)Z)|l|^51P-SC{_~y;+d`IzRjl#-FM_s;-2;i-o@`3xCyrYvGSs zzBHUJq`i-uPP7Ki~8(4e#g4oQT$o!Sir9gwt?;I{MEcy+pL*?|upz`_qbNSn&*(^9<|W zt5^d)Q%(AYDo~MRma~=Y8YY#Hc(mDk>nh}BDU4OT4RVn#;oR&!2Ygdi_vq)06BpvV zrf6DdRwo1smJSGX*+GF))7RuBd2Nyx@?JV91@{EEps3&kMMV)62dKCO_drnr7a}Sk zC?E>1N5$(Js=cifY|UOmHo zo$NjAP4~&;UY>tme$n#v^C!Mt_)2)lbyuH!#3iox7wk52nw(IuZ*^b7kRIBnMMzUxo9u;uNK7JvBVoJG~^ z!@UmUKAdsdGh@f;*FC%X*umR(@Az(>XQuAAw9l_QS;&syuvf@ z$%|^<5_=CF7hc9&8s1)A_|SC=zppv(xvDdV?cBL)(~318eEi7y&$VvdI`N~npKh$4 z-h1QVqYO73bFz8m=(B#ibkXGt#=cZ}?dnrz_dRm!rCBTHz0FTG-}?09JMUiDu`_Ra z^C8l<@`siUSmS-L@70qY@?3hYU4PLX-%cBP!<8kIKDdARf`>BsFJG@(aOE?lwsAub z9Ber!sS^eAdc%Qt`G1GThf%&?PH=h%H<)cTQ`mHgv z?T4dpO&R1Koz<;7a!IQyEboM`R&_xcdWna zkG0F6xc!gDz}s*1|6_+^=1(2HcMTKlcKM*O7=P8N=RZ;X@Zys9$2~u0 z>BVziwjK1JsmE1Lzihw}7aafM&2N3&_C-m_gyt8IIq526{z)%6%*~Ru(AM$E%l1B- z-3#9@Tl~#UhxXn0*24wcRy=X|@i#qJG>E(P{uQH6IP%ET4>;$57cYElaPWYqCmuh3 zz?t5*-9NuLdc84YT+R1`U*5E6wJGhpC!c!Z^_M=~)|S0MzV)-??>f--QTfM59on$r z*^9pYZer8r?=HWg_d``_Yo9sowL?E?-|<4tua{N5H~H{yrexpQe%6xI`)8cHwITSd zKI5dtZ*R*vwm5i8UenCk7o2uY*}>;b{k8x4uO|I)-sg*3Jvrh=|L6UN^!_2u^3Bgj zZ{=TDI&{eB9aT>jb}X3oYxXlUwsb6>*>S*G`B!go?5N)2SRAUovcs`%>ewwE9T)9- zzW-BWORsqR=OVxF$RW*l6;HZi_-kL!Zl7@D3(bc5H3!YV_?f;pu9?;JZhprPb2hA< zw)Ct|1&6q>biy%ho4JQ4{dV-T^BO)m@zlc)F(TX6i+7yANN~)!X5D6K(z%~+Zu{AK zSKzb*T!-Fr@U0UbXzn}x_vxFCx#R3Phd=U(P;o#{vC+d*Pc{lgX= zh-`G@wNvwHYx{oh+|o_A5l&o_H!EI#&; zMPFaJ>iS>jEV!jPZRnP}&wY8<)z#Pk@!FRY?%(jc{Z-&fjH_TH8^rpu@F`*7l@*X8kz zXTG{|QsXz*wtn#4n6p|YUnELbk3Qm~PoHmX?pP5>J0s_+^Yj-k5B&Tf?H??A_4;Y|Y}?WAs-N5DzH;`9 zhh{A~sp{v$F1+XdOWej~&%Ai{mv`Lz?kl0YMh!W&w54y~?N5jKk$0cwf8_(ebHY>N z;eYhK<;a`1pI3I*?i-$bJ#)t8Cw(zz%^bs=se@1WFudj&spW-N4lGN(a>{ADH%!hw zMtvXxZ(9*8Ct1`t+!Y zQgUJ2E9am5;#=p8ojrH-8z*sfzddr|t2^8OxO&@||={Q=*8|J;w$ zZk;>THE&L%v*48HR_F@m8lL+<4WbEi1ox_sY@F z=53yQwH{mG!i=Pljx$!pg<^yTvpedllawc@x<>-sGZ zZ+?2%)rZb=4*O#3qZh9_sA~D;Qp!iUU+=iL3H><+P4n(x+Kc zpkvT0%WwPThFh;2H8}gmZ|^(doKL>)zoP2yPqxf|W8k#&o|?AW_g&ICn=d_K=lu7k z)ZX%9>#1)J8h*;HZ!LfHt69FAUtF+k%!bPi%O6PJec-$+j`{e68(tEqXt=b3@gc6K~Ek4NS_M{o|w7W9Pp9%fbaa z1}vNX`*)KDe#ABAPd_i;n)K!8p6xr^@BaDAU*@h2PkMUSicxdTW40Z8@~KxpID7Ct zqjK-<|M=1KxKYPQmwI3Av*-;=^R5lq*G&ELsq{1KSAI8ra?yknuljJo&1+wKJaa<_ z|NNHoYhIi8?ETlhXltn)e(fQ%$BcPx$y3v}f4pPZ&Oh#bcipi27JrLwy`*^f;r@G^ zm&|sbR#JAz(wwdLJhgkMZrJ1J-LRnXvw_8yPqs|nz4MqIEkh4HWMt|g7v7V5%@ppN zs;tEaTKW$S4mjz|`M+HE@_Fs4O$!fw@&Vz)xrL{Ha7FH;_r6!Su=jKC-1NrhzE|G+ z>8#77(<_fknsb`RbJWb+KMEbO+m=4%#aCw@Ht?$8a~;p!zVZ3GGy8m&J>!?9Eo(W<9w5nPZ=+_~NrW zzL@L2Xx7uKH{H15&d*Lf?A+>Ycg`Q*@b;b0zWKsC;~##^RQ8*-z0AM$rPWKbS8p4Xe&PZ?)OS|x#&d7I?ahOawp5@0Sg85rw@-Nb zL&F=(ZfrH&`eOCyrLF}_Z+&iVNpM~G=Mm3r{bQKibY5}RH;z-r?tb?74sn@d?%0mT z#;T4V#+XiAH}cNu_4x~Cr7oGfeZ{7h-^LvH#p#)ct^dyT*_V&!jC}RHlkY$JmQ9Oy z&OxU?d2!Iv@5=Y}r=BF9{n;ZMKl**Z)GfVt+}vLMO7Ay%{g~DAvZHO(nH71*cl_Sc zF=%(voE2eisPQpx_Gcf~FE6`q%=bfu7W=2$=D(CYyZxbAV~)LY{rNju^e2A2{wHzP zWrph>_nor)%uU;#9DMqQr^YUQ`Q71X-CzFWlb$2y+;WWPt*1_Z9v_xzIm5>Bnz{!c@89u(B&o`^ECy9Gtxn+6@Azbu zY3KvDy)ifVz;|aa+R*$&>c=k+oA%s2-&rr|Fy7Pg;d>|VoF<;tv3}*ZCGT}CUeqeC z>u4MBaj0YM`Xzn7{iSBdi+69{ymJ08FD>7;%&jZ zzUKWo+nd(z8h><1lB3X~IgyE0*HOt>x?eQHy#eMq+ z1Mj-{BTt{f=chN_f9~=16_33!Ht7z3$)fj`9$0XS<^7jtwT^wU|6OZ7)n8sV@rXs| zawmNFO#fM#_u57;e(=!8&wu0UYpWam2Ns(ecRy@jcjngduXZe~*;-xS%lu_W)}}r` zKObm%vU=xQas5T_-1+^KhJn}op8r+fl!yD6&w208QBObm;VbSF?{gfmEBN`!CvML= zr()LEH?H1v#Oh$*?e7l$@r*TZHGlMO!@?tS`e(h=D}P1Dv)AMfT{!vV72GY0-kYF% z>7i}YUz-yS7oYsc`OaTMCy%dsx%}6ZywDM82S4`tNz+d~<1Fv68&_AJbM>nyTh2JW^4i_!W%Rr9 zsT2Qjjy!IN)$zeAhuu_k(#kU|D~IoV{E@n;?|eP=?Mc4*!ybSBq-zdXvv$?Et2zcB zv3>3I-|yJ?R>x0G&#mlbdghN|uXXf!c=l8i|YVv|rDNpX4a^vYoKljtAGjH#BYx=`&N9=rl zaLt21Pd)YHWnUXgo7WDVDpl^>GD7TgpZV_I3kzSrr|6-EQ{I2UpWUnw4YPugwAzBA^~(!Rg`{P;;94)7Wd|Mk`j?^{z; z^;zYp$)j@pZ{K$0$I~rt)66M3pN-xU8gtOhrcn>(bu2#bz2(cN-u0lqWKQlSR~$F* z=!-Va8u3%|mGf?N-T%tz4YR(t`Zr%ajQ{=mL#|$V<$BxPckY;Uy!Yg~m)||L{>>MX z-`A};{mYCW?PqaU9IzDaJocF5hkbG3*6cHrd>#G1`t-hvpLPom>hIchjOF=FPxkrc z**iuZ9Gq8EbBC_s>B7w~t=S?^d;O7NC%RZROqc0E1d1`Xq z3%UF^Q-8eh;X`j3ytU##8!Y!ceA_XXzP2^}fY}4bR2(of@a3j6W{&V2f5m05zkBqw zFJAfitnEja+h1+3eBiW^laJpxcC)c#o#1oaXWspOneq3B-~T+-FC-bBEPZK#@7lLc zc5skoi@7(YRLy*6xUKQ*4XO6a zQ)eu{Bdh)OzJo>EGj|;IN2u2-`z_)pZyPJGdgR?dKEL%x~TTej@7H4TYPuN;*jy zji34aKGD>8)7-opU-;>U+&=TqFbl~yZ+XhH=Dvq@RXb)p@#Mm5zdxvA=*{O(J^Iy~ zKASw$;gv4@`k1A6KDXtSnKN9z7m~Ba-|@`SOMx^8M!|*`A%|IdR^{ z2Y>Lw%|`@A80^Q5%@{cHqOzAhd-|d$?z`=n#*es9A6dEd^6&dx>R6)RdSG~M!2!=c z@M@n46Yo98h0a=X>MLol|L3dMRu<`wJRvvt!%5rj&qQNOc5}a^-1K?!)-Qj4V)=Vj z&(C$_E;re9-%8a}R==>Qbl0xIM_>Hhn&0o=_I}c;@{+GyS?65x@e!|XE?MyWi;o|1 z&-JB-;3?O9@Wb0J ztW6&4R@b)A%cp-l=OS@=KmGjUw#>`kbeG3^^68fyQ$6(1Wskmg!n$XEy8YP9QH4w8 zkvBZjzW5;jtFK-7?52{9%kKNa(UNlZ#9eEj|R+6NoM4=>oO zkKK1Y(sAekV-Nkl7dot0Px#*tPBG9B4w>m6li=b5vLLta+cqo~OIAh(g1^~WndGk} zjee70&CW#DwCwck%rt9Ob~>_Hv#e=py^v+!b|Y~JOEMS2U2)+bLZI_}IGfwOhkEEx zkoxz(B=|X}R|xRPE6YL2W;XjoC+G8ul5FOJf|(1;-hd9_;1fMU0Feav$4VlDoFp}i zAs5Q9$WnGzdb-@49;~-!w>q7z)^txW-I6^io%0UzGz2r75Pk>yGo*pl9q z-k|%Z2j3GE_|F%ejeN*0`1t+MMi=mJ%}UFPf&WZPMtTqYcSk5JFD*tczFy!0wgz63 z1YTF1YcHw9{}+^_JhD4dkv-tl>B_505Eqn<9$rS_po^1vWNe){5uJ068Z89yH2HiG zk3v#wz=@pUkPk_c7uAOapUa3_fD?xE(dtO5u?QJOWS0Fwv(wAFU5zH(9~B`5IcFp1 z;UyEKnFP^{Td4Q(X4+@-Kvu?KF8s#QS(o!oBlyl2>qwp`ghr`jxC^t7)JqL-}%$FGtJ3EXN-Dr)?#s zgPJ7TLl%L8zA#{CW%gOLv7Qe#N?zXQRx0WuzvvGL^`c@>1_+XH|x`L81s4TZ~Br=OZna!@5_t*0-7w{J*3dQ(9D2T%e87RhO2J&bOB%vlPNRGOx6392&v<0dFCbnXVdc2k|Yu6Yscy z3&*p5v)r64hwva}UNUQc(?qBT$J0MF$|ux^xR3zRk)Jdv#5;u`Bq%>)z4l6=>tNt?K6Soohd6~ly#hF6&Fp%zpe}?~EA)$#6nI!N2Xan$mW@hK~Us`rX z4F1o^wpe@ce|LnWvj7s!^%#92Bi{lLUFj7hBsoJu5F>O6Z%se~7^pEO2_g<37EQcQ z4Dulq3I~wvqn%|_;nanH}Z#12b4>TcT1=9CR zc5*VpU#4IP>Xk8wp~=V-;)BT8get1+l?4?kdJGqS4g+ipE{qGEtM4Hn_d#IrPf^}} zYNIRo2Y88re``ioFO<2T`V$rYpTj>}e|CuOpEkPU|1;9!);~SHhyL%DAc^6SlSc-X zpv4rNhxbb+G2}7e(*VA6;2&d}$!f}^5k|>Az{oq(45`R4 zWhkf;@5F@%o{S<_mY+6_!`c{!ID;MFb;GNl>*-<>H8{z0Z=YLLV|0Ki`lUBZ7x zdK~>{&Fq2y?g(v|(bEeqy$$JsjDvk(u~_w~5FN&#NR#N~&{$`P$1IJ@!O4)4X0c`& zE!jp(R;6{I&5~hDOCL}3iOm6}INf9-MlevNOn;sl%wpoh4C3x#+&9KxKRfH}he zFNd6%!IML+dbQdrXvl{8Sx}9UM|q_sqpHds1ts}qrS_7_S{x~(k%g6|qYFyl!;40i zR#e*aYaQ`1!Or%$Mcp@f9Fe>8-j|;Lbh-}5!hzUqhFkJ5woCxEYRLmc{xv&q< zn8D1;PIj|q9D=*WIh|rSAP+SKdB1_Q)*{HricyTN*$YA;4=;;BJYjkpZOLwAN(VyUt4KeWp4S1b`~>uF!>=XIpofAc$FO9&T{lu za*&OoP2(lbsRIH^rxV<$1{o(o2YKAVS~PjG8X?CABLghV&8sXeAD2VLAyFC7WYjPb8AHfKk7WGq49m#q zGMEj>=uR`H=yJ>KqYJty%#OkoU1|A<+`PQfDwyg$6`+T6q%|9~W=+xQD465{)C&O* zg?a-UqX9Jw7(${D1x;fkG??_Pg6fb!$}6W2k-Xwm=+clOsGzhE4Mj0m)4JFj%jgA2 zcw@3#nr{RmF4!a4tsI# zhyq7t?g+r-D&{7@5tl{B`y@CfLcB+i@PUufG&|e#OY=q-lsn1`M%XJV%f}7qETP>D zM-aI#42Zb+@G5&zzN4h7cz8ki09*8Td%JpO_iIy{Y7`LlKebPKOi4svF~M~dKGwrQxKA1ym-kxONQEiy2m|XUj_#M zJ}w+^djBE)kF1Qi`@gKr9{GQ_gjo3>(VWT{dJd+@hMtqA(_s|g0IocTXrOV;k|P)r znmCyU+$*nAK5J`v9Gn%0Z^YhU;Z1FkDs`JfG!3N4>_-|A++&9t$_!X4|R|+%< zenllI#0yPUz7l2u`X)LX#E`80l1>3?Ke z(kwmtAKeky`m35%`=gC6`M(7Ef7Xm1{NEiR7XK$9yPGQYaULS* z3Asa}A18!(zbNzgPf(;{qeK#;vvNQ-6C0n@-yC%fz|N3h7;}~JG9|biFhyt-jgGHV zAV?Y1W{rx_hi{SjP=Lb~DYr^vD+|g?a*G_f`T6CMd_o{5pS>huK6=ZgWFof!|2z7J z3j8bj$NNJEqznGfnwcIa|IJM6;s3fN5d9AzJ0iLiRByt?Qx#xA3_y~dYSByPJTc%F zJmC;8A#HY_81Oh^%Fq-)hXD=$Pt`Rv7A3LC4j%vZK_)3242mK7Tz2&n;APf`;N$}m z>1wgP5*4velBSA{aB3U5>CuPl!vQ%AxrgQ;3#g!xtf0e!xm!_6l*0MBNwoK|Db(O3 zDg`IBv&jnb0T&-|VhSqKJ{Ob|Rn!{xCyJINuZt+Z;ZY@SCB!>LzaKY5?k8zOYN8bO zcrYf6Pr#Gt#uEn@ZP5wAkk}-+;-WD+_i@g+=!mgIbi5}dhJ!e_6k7|iiHJ-FT}zvd znPX`8lyZ4i50~7Ey${hMaI(!t2Aqndut1D|5MF3}{b5e39)bNK%-WqT>jQ;{=@{H|LXhI*s_uajAHYiy&qtMT5Jw$rNuRLp;_t=orSV9A}IGX@<4F->IzwhcNR#WwLsCUw6c868FU62(uPA(u32P<6An`sS z5N=U*k_Q>$6CFVjPhBg`L$c`3Zce5L8ltBcqDK`o-b^v^oYRZxXf#~LoeVBFs8d?!>sWuujE9M`rW-E>W}@lcXH-^~h{pgev$X-u&1Nywh&ZQ{m!woA z;>ts~1uhV)0f{FnDB=;BbULHah|ygVu?j{5BKu0Gs}Nu$GT0XiAXy+e6deuPa~ee! zfgxvRTY~$7M~Yj;^XC$q18|Q_hK~Pl!h46HY>^oxav`urms%y6_tScn$)gpheR7e7 zj%t;yQDk*%h`0j}oUct*l+KhMM9k9RuaQ<^PGM^nJ0NxCf+5}*X#n?HU0ro|;?C8f zWQoVSh4+cg>fVt>ADIR++wenxIj>}kjtkbQb4DizZzh#JY1Papt4}+ZuqJr!>Y)r7 zG+C+w zhHcxtBD-c$70XsrgoH8UrAwh(s3w9TWl{8XQ7**0@s7c}zzmrsb66I90%#VP)oM&$ z+3!msy8?q5a{D+Bn96c8ESlI1@CCyPOT0RGvYQl3d@Xz^>y}DVc|0c=VSzXe^ee&q zR#{M<%@Hq~Pzi|dNP`r$(H?LiKyrXvn|Q^TUs6D;e}4*G{rjun1qg!}|B`ROG685b zGEAMWzpAXA7pEx>3Yla9y_l2qcq8Rf@yMYfI&#uCTYsIduC7kkkL9AZFzs`HD>3}A zqRB|cV56Ee>2w++7bVj^ws0Y8=XC2G|K8ZMWM^mZ!Jb8zghueV z=bTJ2RAgIIVw|if+ZV=IO*$heR0Hb3j4?r_%FZM%AMm>1Lh8)pm4N%LNCQTr6viYf z{(}!7ri%@D6J)tzN_7))G>Mc%pQvO?&%a^X zMN)Y1RNyUnb@%{OMBcDB{doH6VGYB#Ap_n-1~{kisxsUNoj1Be7?-;+tzf`oHBeNH z0gdizf_79agF7SRS~2xaL@l@)g3B>L&}j&ejjB;x2L$3qLlK}9a{z?lR1I3kOb2X; zj8w-3gFXTDnm}%0Q>P-<1_Csqb)f1_u0d^4D)KZFT;LM(3yPOo2dp)5?%?=f5KI;tA&2__;|fj!ZxY4q4*blEiqZfdfs)BYDQ0-X_c zAm*?XQb7>z^9l9%*8vWU9cUJUxOH0R5`aeF{s+(q$Q&stq@~t~B~chN<@l(lI0EOP z1ONs=Fv~#|6(ddbP>4l65wv46;WG<-N&wn1$})x`K-K3em^CsS+R4bdD7eWfjM)oA zges=A114&4+l(~EJq}L65S{~Si(&PMom7A~if(sACzSGk&4g*9qHA`h*JzvEYf6eqQzWgKO{+O2 zrelOAP`iZ}QNrgFW}~7kQV4}5DI^x(LU}DrF*-3PL~VW~Qg3u^7z#l@1Rv8*O#Qa< zA&J&2LHl7pPv#i+-!Di+8qC;6mY4E(JkVc2vx~q71cBTlc0!~%Z71Qj71p4h5ZNMO z8zVZm3ilf)!h$v@x-K=fZgSM!X(X>jT$JxL4-UV4pXe<$?0LPnE7=oHUz@7 zMx|P`e4;a&MRY(qBm5Z$M(7JXM40Y`OTn<9hIga5i9xu!!m6t@%xw{TN@kR&V~eSi z42xhXOvP$BfdEKS$gUNnL|Y<&Svt%ZL~t7Mw?K9($TOHf37~v1@oPeLlH_v$2?8L4 z&t{NExCtnT)S8l7PF7SDA!3uKOa`tX0Gi+UC!G`EBKk)pJN+Y^0Pgfq=F3Z>xPQnH zIMfK$kLS(d6C|MIYZ8fvl_*6dq_0&j&ERTNdwUg`2sIkWaY~q}Bs;s!BZRt!MuYS{ zo%fMqG4lll_dxbwsz*;sf+0*hCho~;-Va3xXd{r@Fe}E$4PNwYQ4;&_9`y9&?BBnL zfF&%Cmb;9|`{>bD(=agtBpBRXqK^xhm`DJFO2b5R3O#fP0}2KSM3_RsBe%>RvD8CM z!cVtgyaW)C36=7=ML_z12-uk_dBw2LrQjA!;@5>lQLckc7&4(M>f=z>P%K1xCR4Zp z%p@_=BUXzB>vUGQ|VFe2p%QPG@(6SXKUa6 zMWVCbOa(4HeNe! zyyFUqY=qMI7}FL2gatzaKG%ytlfcF(6qp4g-3n}iLKyTpm&-^dLZ!vhO;oRdYnBM? z<6?{%SMV0m_wA%UK0qLtNqk5ql~0KbnIeqR0D}~iO^GZ5y-IF%gQ)iwjQAkk^$Cr< z4S=gAQmYZ%yQLegCf=8AVqTU*LBEF1+{4&-pE=u13z@sDG9?vS2IE$vGZ-|2gF34* z>u=d^n@_JqF3;e8Xw|4e2e;}7V-)8f;0TzpjY?b64+iSs~TQpuNe7H=>J%( z)_D8BjBHDf{!e!V5JCd$CwUc#k8+<(IX)GUgh8swg&KKTk!NAZwyIom9aGM$gEOd3 zqfT09(xsU&ErVl2z)&*0US~qZ@F`JoD{!-ZfgYPNuF(ZIH9DaZS{JFVlJn5JR8=7r@g@(d^FVz#9+R!6>O(TEcy+_iKQs^)Mkrr-r18pV886WWtf z9TDHw>dZ)CBJy{Kfe6rLm{6HAfpp3=Qw3y-a%|U`%xtDjk{1u(F4F@qDBwYcgQO^% zM3XKv(Uc+1!wJ#;))Z|Gf{|5fR}~cEnednt#SlurTNu$^r^_-axABx5BDxkJFaHY~ z8f31RG6vJYfqt2KQ1!n&uyu^=%>B?tSN4C_^!WE*GJEvDyCrBOmv9N}_hW|K=!Sc+ z5HDkrQ6N^zMk68~LNrKFz<5LQ0#n8$HTqJx_tAsY!DKR^T1q={^1*x+TDU4Vd0gO(ifO zR<1%6X)8fGIvx8C1G5L00b&@01^%EIAQF0}=R{wE0~WQ3^9khqP`Ky>wPHq|T{B~Z zg!xDTj7vo2T`5UfGF7|1B=i2^^{alF;lQRyiGzb5;XnMbhMc$ z+$d)SefN@C_L1u=%?nkfxTlIpph2vsPg&JPGEgSoNvsR&h|B;Y$<-5lL`e-&sitEc z@m9fd5v2p>Mv;t^_CTpgr_)sG7D8}oLOiw=S0 z1Z6+a+o3j}M4~Iu3ltAi7l#}HzBwMB3vQzL#x_CZQihyVUapC!W-s)pchO<8nZTn| z=LA4eCO2wgJ#<68?FffLu;_5{Zcr^baj#wUF-bZKV!cF!ShxbGaxKmURCPpklSZ^i z=>3n(heD!<<`-mj^F%d3?ZGrr(en*QG1(XhqJ*nt;k_c{=ZrY<|1)fH{)FKABN+ z&^fqAz+0lu6w}uL-=abujwc((!S1JECpCKorm?cld4?fQ)>)}V>-Yn8LHPt5Y-`SH|7FNEJ})& zEgKhU0B@@jypv)U&yQzGfhwx5TnT*`&D^#ja^nit*2=xVq7zK*SL?J6-s;G>$abh> z(SZAP2-Cg&RXJ`TYA=!`_QGx*(QqL>uZ!I|5knJu84NQ7h$kAysml=6oRV4x_12+e zI!Ge!kDEeTPz+!y-xIz275gm3;FRjoQ2W_bO-#htR*j3;;!;c!tAtah(jCw`Zd!1+ zMzsyM$0|OD*{9a67thlMx84Wl&WI-BhoQ=qJ@ttploV5HZtK z&OMiUBq;4OMUoKj6L{4&4knH^Qx|!}jNyVhNpt8^vLLPd5b?Sknq9pnd3vtp#h8a1t$Z+vV97F%_m+QZ-=>M#=IQefzdU}ul?`{c6imrxE zb(Dd3jaiK7pz{jB1*WA=U)ZJ5q$dV2L>J!g$A67JYGRGge-ktHQE5Seu?s*fi6CIc z@WJ^MI8S9KwpJw`!;wpH6Wb4Rx_EdgLSf<)E)WJD#Dzf+SJjGqf}3}?I(-Vwq<)iA z8ca)lt%TMKxF~%Lb|!!hL6?NkjW(UGKgy-b|D_d-w2r8sP+b)~GgZ_LM^R-326?{# z)q-X`cq#{ja$E_tua9^R(QAZM%!)y^s8AcCO7C>al|d>ha;g?QJ?N+zzKfTL(iGK> z04^w2cZOmBJWP5>C2&k&A|sCKD(wv{7Z;SnM0rldOB!b=kr5I4o+wE1gt+gIRF@HO zJwWX=0Ea3w8Q+`<6~K9_=#%2cYgCg-tpSFj;@O485IBCtpH3cAUS?LQL$!Ay#utqC zWHwWoW=(`kxXCB*_+CA#3KD9X<*t4O$jnEJ|P3h~5(Kb3YM85g3f z8r`DCtc-wF3XW-|dTG&C;7XUsf$yXa!YBz7RDed=Zjsq%`ic?dN>r|}`;}3?E@CWI zD0|B#SV#qq!Ey|!LG4{Nv#m-rD|Dm6(Z)6_@9Ny$M=&IaA%%>Kwgv(t5!AoGGBq`d zVqtCn{z%1d(H?+ke>vjpf_FvRNr7!4%8e+cb!Koy?Uf>3C(4O}BC%Dye&AVSRx+I8 zOo((>p^#9G;)w+Mn-{^q@z_8^;!#pVb-+Qo#}i_lZf8*GC$tdT7L0Te0`zrM0?V|6 z66fYIGV8pb)Uq(Dmv$`+qFOJ-od&E;N%gf7GtJ12myf0plQiO#qsYF;sUv%rnwvz# zRBS%!%;Em!0zB|h-HW#9i#SB-6z(bCTu%3rpJ>{Ww#yWkgXG+xc5X!H5`VJOA}jJU z8~@BFzM9ZL{1X&wNiz8XiR@UhrkN}maJXoqGL$INZhpj_M_%OV-Ts8eR9#Nhkxu8T z*9SUX1&;~K$bEvDJ*Gie9#{?bEivO#XIQm}S0;eXG4z3D*6GUG`|c43J1R{dL(8)j zW7#wW#~y7J2@IAgITXmIln75wY(?$3KPt;DMgs`))%90-91Vr6U?I2$mlCKDirTq;e( z&;r5Y9NV7+DLG?3kpX6+WQj5w$`;mXY)lcc87A&ch)A<4AhZx+03xm#HD#Fv^`9#| zyj59i=2}SU0m({oK_x`S!n;(n4j=HM#HgGK#OT^n45C^3J!1`4h@nTFE{}-^NIzoT zCa`^{HASkyZOgS_k5tDL#G^E_nYJ>1uAbRqw- zWLV<;e`ojH|8`4gBYv^;KoeW_sj5RP@Ms;DTg^mDZZ$HIFwUU$jm2DJWf{}5E3JcU z)-;>NIv(dy{bK2b22+{bNn3IADf?>}bs$bY*h#68huBbLZ#HF21)X_m}zx!Ni@f?_it za)*6pO3eejVZhWSe8GoIjxP3LCzc0Vu@T)m)|9r8 znLSfwghq6c_v_RaqH9QC-lE*K2AolK{nHD!k3$UnyZEMkj{v%Y|Maw2_|LLfd+fiu zC3FS<;Jof{Ab_~ydyN75MaOrB1Y%!(`(K04{T)>Jrw`%omo~cM|I)ML_`l4I9{vAr z332Z~$36gQGDq|gnVSN*I><>T&lbk052c_K>V3rsj~6nhD~Vp=%IVjpsjS9Q+pbIW z2vj*`KRao-x3t~k6y=p+eTOLA8-GiW$m&5>7Eel zxvbM?_M&!(_PIT{`<9TtUoy_bppiu3Oey~xZ{+{%!7O?I8{R4WU!`2M>Zouj0?cdu-?m{xf6m|I(~Dy$AlgBm8|(hXhc$ zLitR849DOo&^A-|P;zDpQ!yi2D>#{G+fdQF>V&yj4EexdfpZbvQFuB49D~y6<`8|B z5w|$xY%n-Hm%0)rb>RM07F9U%a=}F^#WT^VxClHxfPYn$+mRL%>4xW46d*C216QA^ zaHp6Iu&}$>;ifZpAODS46@L<+Qu?%2`C_JGKOD4WHz?6#z zOL9_~Mmrmi25ehWkuHg#Fi>hG_FhDS0%(YtdJ^S1eK^n<0H@brf*jH#NyJs?K-tz4 z_Hm%rjq8J#aYDRN(}*PcniOki@`AMqP_CdDsLFz$579?9!5J+vR)jdjDcvFN<3XR6 z^fSu>+W8{rwlT@Z{lO@Z|x@`+nlWRRAY_61aaAWTMu}j73Ga%m++5!R6x} z&=AdNRhB{Gxe)FGQF4v9RVQA5@i*=mOsz>r^8G!OOsb%J2UkRX{KcBs5XdqIL!vA? zMW5nIg+0#)lMiQ|@(4IeS4!oV5PJ#Gh9t`kLk)o5J-EXa8^b{uElza>5Z=vkox@#+ zufIA6xZ+?lij-rTGGsR=JVa%mK5B=XQ0m%A1G1wXsJYE?k z=cS-Di#1bY$3h7IvM7TgpbOzG3u^L{irgWd_+r4MbBMfRE-KI9!5bqHS3clgC?C6SO?A|buO znVpkbQ$>u|m1IJs(l&?(WS9aV>~VFNs7ociO+|juCAi@)PX@<4<)$K+@_-Y(MM7Rr z;sX+ObOPq{68I^>H4y(0?wB4@>o9oQ3MN)&Q$?7HW-qgnR!0MZl5i+MU!QcP?U$99d$PBzZYXq%&hXVo?N^ zdr9iJLeK|rUje4i2uziaaSEiNmv7vNZXNnTM^ zzP)4w8jeerlvbi5d$GL|S6f+1nq-yP3o4+x;(~JUyjYn#++Jj_9G8j;?Ug0CR$OIa zX*tS8Wx3^*_Pna1+;UV_RbEzFQGmOUk1H;*mlT%cb_$9MN-9mbT^xrB#^4WBF%qAC zq_Ny8Jc4r8$Gp zPjc3#BDIMWosPOeA@3j~ZGFT6D0{R}-|4FvtbdBPbF=6VV8~Z|YdYfk?cn^btPI+F z>asN0=y534?8@U(QH^Ulg(Er2<|~eJ_MiL9PR{?3m-p?X(|>Qy|5*Qz*%?_q^nbU6 zgy(-o&-veT{`Z{!J?H;Fe*TAo{(t}ZpP=8oFH7@s79#@iuYVm45O@A7ZaW+izZrj* z5a{Ckw^}md?*Gzz?0>r_FmEwP`ye6RlgjqPr-2vVH$-q>Kp|UkMq#K$IXTEcVa0$Z zPiF6!CP!y;P%mjLH;|SFc#VnD82P-6&oGmkmx0hQQb#H>Oc|PGvKUfQ=%caJDOdH-HNPI|B3iL@&iM=))&GkMI_?;NSGhNP$k623hnAP6ur+~{O>anr7Y<`6lc!K+BJ zjlQ>tr-`kj<~hV#Ln^Ylc(CAhr9>41vIx)7UX<$by8pi(I>-N#qWDA#}rKq={vcA)T;Zm7=wCD@ybGG>f!>dLB^7a6C1$X!`O{~8(E1Liwya?y8Rz20D1j3;(+qv>8&=vL>o2LFiO?4%o-xLxebJ(ie%IB5-zzN$|o_%q>MC zNcZ%SIzUy9lDcdGBFG;_kiT9*{z+|g;z*BJButg*+eSO zQ#;@dnH=N*@ z|18C0s|_i`j_XXjK6b|@wQ0xF9?^}B*|JeOvoL4m)$Do@Uoia)8&XIF`b}ScXC#1{ z$i8V}I3%bEqzjm)peYf}3^hX}N&yo+;9fQ&0>uu{koqgjK}siFiv7O=F)C&;^B%3M zxOWqe_BivJR7QJ6XJL^np9gACC-?6z+n!(*ka4ZP%S=9!i_GEK%{2&viA?@s$X5Fs zRR2+J1hczSO2x@kh7XiHQkYTd*K- zD8>Uhs77y8^xur2UU!r%Hc9moD zJD5X5vhd9Bsbq`lE)`=K5IF!CwBqT5CK4RHZRFV9GbWcXu4edm@6P`O^dF3cEbhL# z0O(5p$C4H6|0_EyJG+Pe>yE&nm>uTPoImyT1rb4TI7_Ic9+vQbE5yP-6E^Nc>EB-H z|Ht0{rCBXK@4t6XAbR%t$Z9K;6?s#DLOeXo371(0a%d9?m?2(LM$Y=KrHL*1#IyAFIJ##Df5OC9y^yvJsvbNu;Mqsv31s`M0-vKl2z z6RUU_VvWMwx&^mL&tTj)H6F<8xI{{Sk?AB(9Q6K1$bg9-O@~MkxK?Oq>x-!f%FB^Q zzXB3P@sDP3k=vaL1|e4>;2_^+%IC!E=MlE5=n6m5y*!kh;s5#Z_8*A$hK3 zLZB1rM;sRH!B=||_6Gjp&Cb8W1#|`fX>tBP($XzG{C~HEh@_8QO;9K@#}V)$@ZK#6 z@KmcJ2GA*wJ~%WuA-)1L-av*ZfvtgTDJ>Zyc@4Ta8DoruQ7d2Uf$e=1_5%JXLNx~d zG6m4(`EQB6|4p}K^_>6R687f&S2uuR4`8q4F_UW;mpL&xpdf%q_Sk%Tiw5wH>Olj4 zKkOa+%e>#U|LFg;G)o-)pO)1F|J@Nffn`{5_BZO7W-0-3z)bQd$k+qT|MIXG@E@is zmHQ3;!P{pX{AcvQf42nXlA7okS*5)B=SIuR?Pw4vu%_239a zeZ?89dx-TAF%MDHK8)~!9z0J9&n=R-HR;3aI3gLI^neGW11L6eYW;z)ILP<*BkRX8@9+naJ8D@=&>6L*dgKs0BkyuC3 z7odqTPk@(=E*_At5#w2VVQyZ*Svfv2g%zeVf%z{VQ5~zXShH$%tZmWfQd&&KBY}yi z343bsT!4wsBu=6#W-uGL0&;U?lu*Qfw06gM*!&@*5gDDJLKQWAAjC+_KeIZ+{}S(mmu&Zm3P_jtzv)@A`o9^Lp8MZ!3G~iT;xQc- z#&Bp95LE+}IXO-NDi~CBvw&zDGQ^lynqQ!EdUP52-S*Q~IKs zO6{?_U=Ui|b91`A9UdMU84@00vkRYvvOlQT#cMSuV1h|r^Pa{PtKCfDYtKcZCEejb zD$>Jx)$Hwf6dl0$Mb;qM#H&g#Dif@%rXs7ZfDoc<2--0 z`F|Qa^@RN$Iz9jQne|VX=YK|K-1{%tnLYkryC-yE{{v6JI6S-`88BZFa;n6*KPWIy zpVW3na5I~ia`tSi%?95ic)!U{v~3(N-i--=*RW)pwseZ3q~4jCk?zk~88OGw_&?%V z6do(DDlek!Ch^gL;Am8;)J3eZ!yz9YE^{{fXWZeDJ^{bDccpMnL#;^`9Rlre7cByl z_2*hsOT@NBHT{4{z*9h-kM2R)PajeCQ%<5kYcLYCwG43@b9k>gA_ZctO7^O_lAWo> z?JL6*MORNBlS5Ce#q`js9>|P%ZAEhWI;dH$i%d+{(t@$E388A{?u1ks$;ioInL)gV z;F(mMh=6qq_0H?&1fMC&8m9rpihvK z^%Da6lp0H|7Mk)n5JtI(r9Rm#tfU@+97&R*>c(IZ)zlPZE)DVlc*--mW`b*isdhk$ zIYE#5S(&f~4~LVOiHu^Xrpd|_LkYStpPxCwWKKl}@Dacg5Hcj3?(%RTS5h*m_@eXt zRT5Q!q&sDA_Hn1yosk`gVV)1kWb-;Wx6Fqeeol6Jlg&xPqB{Zg;(-A>R-B)rOW4C$ zGpx=%aqjC9S$LQBZ~#B08IE+(#GRlAL%+_j1AvDX4v4 zp@x5&zUwONf&SlTPGGyb|H(>^z5lUVdftERo)Al&a6#DsL`ZHxYUU|j!L|hcA}z}C<@Ix3hGM>sR*ui5zwot2*l|(MZ=^6U znf;B742r2O5>IP`n~N|QqT-DWWig*47QR=si&qsD@&cl_EULVE~U^HnSOLG%?>kQo6C3ug4{LV^}ism<%*p zqrG_<7zZl`@GMHuPd_IF;DStb=|{cb!IJo-ddkDOc*=s|Z19AF9-72I_Usu!Yt^E} zYep3Dm7uItl=($>!2h1`|Gshp+SUCJM*Ok&KbbxHKiw19#={h;L@uJM;d&L|7WOrB zdZGEra1Wu$FalFC8c5GEBA_S<5SHi@oUKkV#1l+t47Oql3rKg-@*BA6GvXTrNRaKVkYF3Khs;>1{=b~$RWfKF*|BFGz1L!=!A zC|x2?ZsYkDD8~g_{dioOR)_%|b?^z81Ob4Prj>$VKh1?0(+&^t2qB)*#FeG_r8dO) zML1INtY99)$pvUuzu1I_$@ydv6Ubh2a}hNNV-Bh@z~V@f&xnzR4#@-%!9 zOx7hl7nC!>U~G-@-k=@@k>!m&1tKZ<0HBf&;)YTEf*pcCnCT~cK@l}MvVcZ*kYEJ# zr+i!_Qeq1>3g%GIZ}bE`=JK*)c_l7;%&=bd}7lpA$Lghqk^Jrbz5TQ3cPRPqNNpNhm?;jC<1wA z7!SD>dATO&jsYC28nO*=n!~12+)bEtk)|-Lw&6ajzV~v5LJ3`aO)Mo*izZJ-22Ce1 zdDj~DcYdyFH7g7eKforKB6w8^UiR$VQzovOoy2C|XU3eT+Ah)gz^ehLr-67sF`M^h zrT)tg*nfG5IsYko-)A>JG<2o^Yl%JoF-K_W;s3fNbZXYlJlgI_RNezW|NS8r{uSZ% zzC;0C>i=8g{Quy{9{BH$@R$7mbnXlz%6+JQZ}MqekM!V^?hoAG zW6%Grp7+1HC-l7k)${&G&-))e?|=NA_dg;^SD+WdDGwYgQW*?-vVkdN`9(?gwGz1< znD*e!3IY+kj08W3fH3sqR7!U!x+(zt2CesgY83(-R~v2QoFGKx{RWdxr@V%o;3*RA zo8%C|vKnf2QC|D^s;IUAu0WD}4)7=nwoGsxvKLjv6v34QePNG4T%LAWm}R9}UYt(H zlrd^l7q?Lz#8@i2v5226s^yWm7@6qUkpWs#}R_!(jOa2^rD1L?Ojy5G14q-QRd4l#y>Mr@HU8*#e4mM_`_Og|KnhNO&|5S*f|Jm!``&IzhCI27y{x8nnuFqvMX>5+ZMVQZowJHEnvC>(~RYmk}l_oZivg&xxj#3H+L>6Pz41& z(t-UFV&Gpn$GVgMx5mr=F#q2p|L>Ntckr*0H%WgT1?*2QL6u)paVEzINzHX|44no{ zLO0pAB$Tj53sm=#^7~i5TSnNFy?MNhWrT)%$k2aHh{gZ(JnmllFT)at|1*00zjsgg zCz0TvzGmWravY_Y&@Rl-b*>&g5E2;t`-J)s7ZTJPAcvRtfu|q3w$k6j2VKB_W?E*f z{--rNy+{AETLQEHFH)glBw2XsB3~lvU|Qb{5!X-T#5W{xt`Ma@n1pD3h;1Z#X+!PE zndJxj z0VqN(UY)YfkOJy)+AJ~2O0~?#om#PCJ!WA3fFhP+s=Zk3AXI-;al=r3ZfQJiM%vZJ zXj=|N-izq0<<4|!!Q)nn#<*(?O~$Jr$stY%P;)ktOMRar_EBH;Desg74aXS54x{#d zWDb+HkjbtFNkEf)@*QcMNc|1JoWjZR=O+jQ{ z=@S-YTmiusJ<*Ac*R;=$>8PWWMAUsM(g(x!^u4uO_70iZkdn9s+A&gFLCKgJLtbgg zsH$>DZeCt#RY|3RsF+4gkb0>CSA>cYDP02PYDVD$n>fJ-tFKSkw8CV-9fNWwLLms= zFszC0PF3Z|5=T+#2zv>vOEN7pjQ!Bwq^MkA?c~XA?J3BH@V`WvR0u#();OVvYAm&Q zf`FvK^oog?PHRnLOGIiityBr)ii}CIj}@qKjVw0u6~k=W2BYEkUqG3V4tK zsx=^Zi_jy&TXwWC?oPW}tr|tlg-8KSJ2h65$!P6raidtYxM_}`-`q00V|2kdy6As? zjujp;YSYk(wrY2aGOxI2#NH-qS`!XLd1R6Fn^=;8f^t$@Rk__1lKoE01n5cy)MA0Ssin;+*Fc-O8qgYGRyYf8P$O$gt zV$rpxBXlFuhLNF_^D|Ej9E#RL6HjXk2L5a> zOa9Zu^8a99{2x)XP;URs`?w9F;h(t&{eMfW|EJ8%?6h7eb07C3VfcT}|0P_1W&yRY z+USD+&q_;Ai_`zk?z#WzmSBW1ya3b8sBARw zTs8tVrD5*uJbTIT!m_lnnd0z*-27JOq%>DabAx*{m)0VTZW*1GUos|~Z68-uHfCT$ zY11U3D3F`p;w$ln&MUP#^Csy=x|@p1@+|q*qI_3*e!YK??5%1TSs!o?8pDkn;4Sr5 z+6NAwXwFC<6&}dfXNHFl^i{Ryn;TqWQ&rK#X1`9T&TncR;4zQOs?PJtrQ+D?EZ6w4 zjiWR2nnG3QRaT5?D9s#H$jg?ZjFI`R)t2!C4NkzWM zS4^5XKoFY-gngxB>{UhXL4yVsXSNpF{mmm?k|Z}ZM&uwnV z*G(KA4m3472W6CH=8wypm{*Z$E|V+y)(meoXU-4hw@ebfC8I0rC-EZ#?$M#@^wtbd z;iT~c8%Ncb6qfj^bQR474Sp$~ciD@pGJ<0RY4#DL8(POrsuQC;<5H}G0QbzOksA_*g*r$IzD7?kb*6hlIR?t=9^R^mS$_vkHwAvd({vuHxTQ#D| zHKM4&n{FK+cAJacgT{{%`Q}hjYkF37cD==KHk$`D<&E_ejrqU!uCz%}EM0%+S9qsB zOm&!5fPhGL@Gt;iDu3McobFXhiRm$P)=e%d* zyw9^Iq}Gn~xF*2uw0ca@S~G@RnTlddX{J1*h=Tzd20EN@10-hHj%-X(AvLplF4Wwt^R}fyHvzmg#$Tyi{qKFdIkT2znm3+e8Gz_Y6AJJ|vnJ)@eY# zCy--O%>Ge8!esrgfo%+>YfWTq#XDr6ci5HIVEy@oI%=}9)nv@?b`sZ|tSzC_gEe`- z9(RW6!V6(Qcd+eT8P}b0m!PNtMO&m#jeAqVt!tzmGt_uJIg$gC8pl1F)EP>g_35$2 zQ=-a{R+|J!8>L9wBuO&pwR!Z|_eg1v>m)sj1yIz{NI{fo!gT8UP-S>O9>enq>PGO; zP=wKF-3EeYfT1`gk2%S(Dbv(o!RDn=e>HP8c6GD_r`IrezU|HuKAB@j(@~pNGLq*Z znATBu1<>F;pqrz$dQf=uAl9irP&auP1LXS6~|3{id~a7V07F zDX5t0z!B2ufro*6Vg~hvRPCXSCO6w#JA4FgA+g(r_aFuLA;J>)IH_Bd97>H2-0!yL z>y54nfS9Dy32#f=qa-57xxb0Q5yWp+W4TGqC1``l_1@0h&JUu@cRRQ@v;66B-yR;; z)&^mf2w3(hiME?EC8xb+qX80~HrwvUXmD_>mbj*bz|h3K6YrLw66!sJp;<>Ub~3EA zhmKW00$|F5LZ5*{ff>nR-JJvrC#?5rVgYXK<811P3X+ajSputJ*BH30O_7e!~A=7lJz6F=eeBB5<0~yGUG>Z&jvGv2&3>x`v8Xb1& zX5{QWAfQ@!>Kfx9Z0wOCHPkXy?f65DWXbWlO%1e$4pGuClXE3+XL3v(dKA4aH8Po)@OK< zZaV{j31y`j&$@#sAbru=_Vw%IWDE*glSqA&g9jJ}%6rh$CTJ5gayKLu*0eozcGMqz!I4=uWBOURWSmGh%*! z7TKxepu5PSRKbwxOL& zlu)A=!Ej*9so{H6ooiz8x&_u<#Xrs|zvCHuz9Dwj^MinfyTbzH4uPc_1GLux#)l9w z>M+Z7)lJgjxaM3j2K375sD0gA*U`3=NE4lPAgzl`$N{x94!qa*TZgWI#DSLrTE`DD zvI}>cAk|lOdrEU{XNip#hX%{c8FAN}Q9VvNU~3LD7l$=Il(CfJIoYds7R%!d@JZT9 zX93(Z#;$bayV_hFBpfFX+Q(J1-`184gV)ECz% z=jX1~T`YpcOQ}F^>6Ym-{OY(LXu)K=tE15tfh0{L2}BZ_>~!3Tp=^76usG}{B)kAnWLoPn}=!=)%IpErbyd1C;aCXSc$LcMK`$x-tN z2|WUuQwYX|Npd76TfYv^G<}G!8p4pw=E$pejbQKz+vN=I3OG`A%n(e@9&2#+i?j5U)$Z8x@WC$82HON z7#LVH9UJ>j2Tlh|K8zYi2xRN}Tw!el0-AHHiGbWO(1^Y%9q?UB_O_N7c(OaB+pQgK z?Q~HZknUPr(qP+_bQc~4TFn}NGN zB0)H_eO#J>b5*2ew+=B=Ww8t*3J(ZiLZ@ngGCOpzTsd{Mzj0*H@ExQRs`OE|W!&wp z>2SFL;kBEsKG}|mXt+EFr|g;(Xh8>1Sv!Exel(Yd3a--Ov_UOad{=BCJvf_9Jr{2W zD@B??I$O7$$eFeU5uqeb5+;U8*d_pbxY}dEJO`=dWr5CcOLw)c@9ggil)|6g4R7+3cncah@Ce~r`=C(UoeoLe4X%D!-)qpAZ!_04xKmYwN`yaV||9cO)+WsdJsUMWapKpJ>k@LUb+W)VY>+OGLXa6B- zd`J6ZFnVkM_mDqo|ANr_2c_{{`hUCs@h;LW zY^nEKw%R{~{yxxG*pyF%Y0M=u*TV?~*vPr0gNm^^ziR562_Wa7+YgnI!m0lNl(`Hd z^OZC3&q?{~H=w;Y^+|40A!PnO74{gBca_ESna{IrhqumcRBE3-6{fEHB>Pnw%A!r^ z8=@&_VeDY{j1u~*!5;pIGyPg9u|%?d(A=GNh=H7B=;7jZCqG?!s0^^5P}kxjp^@(% z9*V;u;Gf;njP189!g7m69bQ%Hx3vEo^ZyGn?(gekZ|Oe*zc~MGG%)mL|M@Or6!!Jy zg>vJiym8st2_C6>eCLg2w3mecZ$YT!Q zkle@6P2>Kvfy3r}@bt zG^_dDcuamhyO;Jng=KhQ)AW0-V2~_GgKD{Hiak_g?@3{D%Ic82rlqvjJf@ z{eKVnP)W8Fo=iC4bXT)taG3edzJiw2gD5iNFlUzVi$!(yncz!_F!`kxMoyZ|B9;kM zJ?Ih*q=@5*qR))t{Gnvjtv%E(obxPnx=hXAdW&ovd7q3}j#1U{q@pRSYTPovRzzu&hu0d>YPzj z3viAv@zw|~+VsTr^5xup^W2wRBd6Ulj1$pL!N*!GmoxV~mdx*G<9eUSl6|~P_A&SW zm;{d(N^-(fdAj;+n2W8IuMey|&8(|_$ye-Ou2xI-BL7CaJ@r4LmqqG05dtZEMc+pVV+9>ZvWwd{PA__hek2>Xz z?J9~VLfF91KazYtVIfyEzZEgAQ8TlyR`3Uxv_+XqbR>sfXqCy4K|4sT}ruyd4J zlpkY+ky#~{*IQKcoG1#Sk}pW}gCgUZpYyeQqxP{(EHNWrbANft`r&H7ew%0Y+&!Ku z^MqPdFiF0u&zzK~!jLSb87XFY6Cx-xY+&s#e$e+fX6M)+Z z@96HtPn^R6*1nuB1DsZrq4VWxS9+c5bDXTFw4a0aO(y(hfxjv0SM)khk@GoycGmB- z>guymqxo*FB6|6z$j|gUITGD(w;jz*ZgP{G+~g)Vxyem#a+90f Date: Tue, 14 Nov 2017 14:21:51 -0600 Subject: [PATCH 06/68] make ssh demo work --- .env | 2 +- 0-startup-conjur.sh | 6 +- build/vm/Dockerfile | 17 +- build/vm/configure-ssh.sh | 12 +- build/vm/logshipper.conf | 6 - build/vm/write_dummy_id_files.sh | 64 --- docker-compose.yml | 4 +- etc/conjur-dev.pem | 62 +-- etc/conjur.conf | 2 +- ldap/0-setup-ldap.sh | 2 +- ldap/barclays.ldif | 18 + ldap/ldap-add.sh | 2 + ldap/ldap-bootstrap.ldif | 819 ------------------------------- ldap/ldap-search.sh | 2 + ssh/0-setup-ssh.sh | 20 +- ssh/3_ssh_user_to_host.sh | 1 + ssh/rack.yml | 1 + ssh/ssh-mgmt.yml | 26 +- users-policy.yml | 11 +- webapp1-policy.yml | 11 +- 20 files changed, 125 insertions(+), 963 deletions(-) delete mode 100644 build/vm/logshipper.conf delete mode 100755 build/vm/write_dummy_id_files.sh create mode 100644 ldap/barclays.ldif create mode 100755 ldap/ldap-add.sh delete mode 100644 ldap/ldap-bootstrap.ldif create mode 100755 ldap/ldap-search.sh diff --git a/.env b/.env index 3754f72..8cbead3 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ APP_HOSTNAME=webapp1%2Ftomcat_host VAR_ID=webapp1%2Fdatabase_password -SLEEP_TIME=5 +SLEEP_TIME=30 diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 9a24323..e8713d1 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -6,9 +6,9 @@ CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 main() { - all_down # bring down anything still running +# all_down # bring down anything still running - conjur_up +# conjur_up cli_up docker-compose up -d scope # weave scope @@ -69,7 +69,7 @@ cli_up() { echo "-----" echo "Copy Conjur config and certificate to CLI" docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/etc - docker cp -L ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem $CLI_CONT_ID:/etc/conjur.pem + docker cp -L ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem $CLI_CONT_ID:/etc docker-compose exec cli conjur authn login -u admin -p $CONJUR_MASTER_PASSWORD docker-compose exec cli conjur bootstrap -q } diff --git a/build/vm/Dockerfile b/build/vm/Dockerfile index a610a19..b118c0f 100644 --- a/build/vm/Dockerfile +++ b/build/vm/Dockerfile @@ -1,15 +1,16 @@ -FROM phusion/baseimage:0.9.16 +FROM ubuntu:14.04 + +RUN apt-get update -y; \ + apt-get install -y curl openssh-server; \ + apt-get autoclean # Add scripts to finish the SSH configuration COPY configure-ssh.sh /root -COPY write_dummy_id_files.sh /root -# Install Chef to run the SSH configuration cookbooks -RUN /root/write_dummy_id_files.sh \ - && cd /tmp \ - && curl -L https://www.opscode.com/chef/install.sh | sudo -n bash \ - && sudo -n chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur::install +# Install Chef, download Conjur cookbook and run the Conjur installation recipe +RUN cd /tmp \ + && curl -L https://www.opscode.com/chef/install.sh | bash \ + && chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur::install # Cleanup RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - diff --git a/build/vm/configure-ssh.sh b/build/vm/configure-ssh.sh index 6e3687b..e9d7303 100755 --- a/build/vm/configure-ssh.sh +++ b/build/vm/configure-ssh.sh @@ -1,7 +1,11 @@ #!/bin/bash set -e -rm /etc/service/sshd/down -/etc/my_init.d/00_regen_ssh_host_keys.sh -service ssh start -/etc/service/logshipper/run & +service nscd restart +service nslcd restart +service ssh restart +service rsyslog restart + +chgrp conjur /usr/sbin/logshipper +chown logshipper /usr/sbin/logshipper +/usr/sbin/logshipper -n /var/run/logshipper >> /var/log/logshipper.log 2>&1 & diff --git a/build/vm/logshipper.conf b/build/vm/logshipper.conf deleted file mode 100644 index 3b45cf3..0000000 --- a/build/vm/logshipper.conf +++ /dev/null @@ -1,6 +0,0 @@ - description "Conjur log shipping agent" - - respawn - - # workaround a bug in logshipper 0.1.0 - env HOME=/etc diff --git a/build/vm/write_dummy_id_files.sh b/build/vm/write_dummy_id_files.sh deleted file mode 100755 index b3a21e7..0000000 --- a/build/vm/write_dummy_id_files.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -set -e - -# Implementation note: 'tee' is used as a sudo-friendly 'cat' to populate a file with the contents provided below. - -sudo -n tee /etc/conjur.conf > /dev/null << EOF -account: dev -appliance_url: https://conjur/api -cert_file: /etc/conjur-dev.pem -netrc_path: /etc/conjur.identity -plugins: [] -EOF - -sudo -n tee /etc/conjur-dev.pem > /dev/null << EOF ------BEGIN CERTIFICATE----- -MIIDQjCCAiqgAwIBAgIVALqX0m7HrKhD4Uk9lFlOIoNydCp7MA0GCSqGSIb3DQEB -CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD -Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDYyMTUzNTVaFw0yNzExMDQyMTUzNTVa -MBkxFzAVBgNVBAMMDmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAvM4J/GIu+HH0ML3PL1bl8/BQTa7BCDDEfHD9spkFkOA145OQ -KrBqRXvNCy0DO0hNg50a1343MmN3z/kA2SQO5b6WRhO0XZAs/qJxol5vDwmuhYaj -oWfo1rfTZ4uWTq+/JsxVJlYfpgYdwZ8otJP5FWMoDjWaDRC8ERlwIVLQzDiHdgLy -aZLQA4o/jIj3Ym+PpVQs9ga9VvdTj+GJriYWPIwkJ0CW9V0fO8oQnUFeYe9qsFHM -rcSbXTR19T6TNPICl1VTTHvsgqay/xnW1XQ04cW1FCVH9Fo0FmDWmzofI4e5Cx47 -gD/u83d4e4yTUicTQOapSI89dDPIwVADnTyLTQIDAQABo18wXTAOBgNVHQ8BAf8E -BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC -DmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF -AAOCAQEAbOkn3UkoI0j2jglBN1Dz45ne+ujMfQgO7oCFYGwUSZhP717ZkLltO6gG -PVaeI0D4kdLZiGA2IJz4dn+q4IN5T6LhgaChnpBBJbTH5S1popBw1gjxt4YTK5Gk -MnfmRXlPKMgir/EbsyWXVRuFK7LmP20irQdDVTyutxJpH1zwuZnJnlGxPcYVk/Gz -ja+npLxBx0tdYcgI2mxLhnlSRjOdrPPfeKUdtCfr+scWKTFx3AuQP4MW+XjVxBNV -EPkvle/iYWVkbRafmQl5CIimvXsvebXQ2RA8x5Ghs6Y7XXGYRWSZSOzj91o25/aD -kpHAvc5gn9btn7Cc8fDEIMZt8Vr96A== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhjCCAm6gAwIBAgIJAKICRrRs6JwDMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV -BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s -b2NhbDAeFw0xNzExMDYyMTUzNTNaFw0yNzExMDQyMTUzNTNaMDsxDDAKBgNVBAoT -A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh -bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMpmdcR9BVxoOQLSubyz -+NI5RINhVrVKtgaE8v4R/x9xZRuZkbwCL4XjqSO0zult6fUij9dz5y1M2ggfS46M -Vx0GTOZmxI719sgPA0xmurnEdNd6AwVN0Z30NrXHwlS7O5ZSYsynDY/2h1QWs1/b -zHQiSHsvcIWyCODQA/3ERoogqvCWVS9MnXzy4C3zyyuzoym4yQ/vF1lBNd54G43h -ZhHZnB0zSQk/frdkvQiR+N9XWFDic6Fvy8ptz8N1N9e2uLBxQ1d6L8JScobqFDmC -9wWWrodedOvjJXi1XQMPxsxYhqjO52K5nc8Ejw6Y6ACIJBW0fXd+7/Z1lRoSrtN3 -nPkCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo -b3N0ggZjb25qdXIwHQYDVR0OBBYEFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMB8GA1Ud -IwQYMBaAFIv5+iHhl0kcAVUNnJ+8yNkCbcFlMAwGA1UdEwQFMAMBAf8wCwYDVR0P -BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCJ5ft3Ns/1EOw3Jz/lp+ZERorCbLd3 -n9UpTMzJmArtNniGzek2UASrcAyfn73XUzuTdnDvy3e9vzFfjPVwUN8OqKS3tEN4 -20GBHznFOkiv5eLfJNj4DXwKbscDcr1ZdaFfFGrfohXbJeTQvme1CeOUkxPLso30 -z+28r+3027kwY3vtRwoEwZ1U6QcILZVmnjfVqXw03YmlCAFyBDkOnS2fvH9g0Kk5 -l1Gnau81lfhyNs3IZs6BJQ785UxryEJw5ALEx+RGvs0dpt1Rd+T7g7su1kLoflaJ -zGq+0kYcz/2/lmD08iJhmDOsKztQ8GidX2ZoQMgqQ7/kNMNmFxZxVAwY ------END CERTIFICATE----- -EOF - -sudo -n touch /etc/conjur.identity -sudo -n chmod 600 /etc/conjur.identity -sudo -n tee /etc/conjur.identity > /dev/null << EOF -machine https://conjur/api/authn - login host/foo - password 2f0hya82dg022224e67mm3c59c1118nxdcj1qbrc7g215539jfy57dm -EOF diff --git a/docker-compose.yml b/docker-compose.yml index 7640dbe..9ee5328 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: # package installation on the host machine. This makes managing multi-version Conjur # environments easier. conjur: - image: registry2.itci.conjur.net/conjur-appliance:4.9.9.1 + image: registry2.itci.conjur.net/conjur-appliance:4.10.0.0 hostname: conjur volumes: - ./:/src:z @@ -78,7 +78,7 @@ services: build: ./build/ldap restart: always volumes: - - ./ldap/ldap-bootstrap.ldif:/ldap-bootstrap.ldif + - .:/src # Splunk enterprise server for Splunk monitoring demonstration. # This requires the Conjur and Nginx logs be exported from the Conjur container. diff --git a/etc/conjur-dev.pem b/etc/conjur-dev.pem index d30dfdf..c3fe8bb 100644 --- a/etc/conjur-dev.pem +++ b/etc/conjur-dev.pem @@ -1,41 +1,41 @@ -----BEGIN CERTIFICATE----- -MIIDQjCCAiqgAwIBAgIVAJ224OZXVc3Ti/TfMm/oh942/lrWMA0GCSqGSIb3DQEB +MIIDQjCCAiqgAwIBAgIVAMS3suHgS1mxJv8HM75NTsygTEAfMA0GCSqGSIb3DQEB CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD -Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMDgyMjI3NTBaFw0yNzExMDYyMjI3NTBa +Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMTQxODUxMjhaFw0yNzExMTIxODUxMjha MBkxFzAVBgNVBAMMDmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAqQ7oHXKCRcqmMelNtsWsw7N68k9CZrlxzc47TbGE1ZDlh4vR -gvm8hkx0ukd3PXbo+YfUNj1pk+vzuIcgE+QeFE6AUcGYkFFkK6KHfmk0rWQFB/Lz -R0TXdOVGBd1SOH9XuU5u+55BLMfBIZrI3b4KEkyVvGgc5M3tmEo1QEjirTSwmEHN -ZxJUdDz1wIwV7uBiOqZ2OBwrY6uLijgVrIGwlHLIrnuD9zr+zgL+sio1HYQQu3RS -kevoaBUAL+c0AjbKpGV+QSSeRYyC0hHAjCtxDYpBtCBCW08T42+d+c6VyOM6rcE6 -/B9vj/UenMpd2SbC4vfi2d2DogcLIHUCIzsYywIDAQABo18wXTAOBgNVHQ8BAf8E +AQ8AMIIBCgKCAQEArZxwZ/4SG2EHZ6+9Ge/ghqhfUIK/kdXel4dc9+CX2MTstm0i +XU1kNNLhgoHpjctS3gosXA2TlXOUF/Z7F7EBbNUR8+oIKH8W9KxsHlYvM6pOI84u +VpkH2yi6h5ohtJsRo+xlTI5YaiMYbaVGj79ITsZsnPDCilSdmOcAmjuktiRKujIr +LqrKk9PmL6BllKxdLBH40kTfgiIKb78AK6vQ0Dy+x5BS7S2fRljr9PP3mHp8ZK+s +aaCLN+IrGlvf1jZB9sCyq2ZZjEcC8RMVd8lEgYY5ohkgxlA/vOVF6AQ/XegMpGsU +DktjJGENnHjRVd7QllisbuLPgHWVmCAhaaVn4wIDAQABo18wXTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC DmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF -AAOCAQEAuoOzz32s1K1BmYZPh0K3k68fzw3TJQ3UyGuaW3GRuK3jrTdqtUytwg0c -Os+Eg3hcEKvVv9xsIyrFjd6HThEZovldyfPQcOL/32yXkawe+JPGtXouul37Gckj -903i4K5/rgAgmukEwI8EHyVHvhOveE5bjZd0PdEZ/xKNUElGI1ke13a/beWIJndg -tAX0qt5lh0vVeF2avuDv494VjKHysZ1hVHUYJRcK8ys/0LsPVCagu8y+yW9YEzE+ -Zs1NXKud/dKNXIcjKTXBGtOsCiMc3VRomWhhequKjKRDQY35BKY7xlDwoSdKZtHv -Rz+zV8d1eTIJuvvOMTKFXlcOLvx2Gg== +AAOCAQEAaIrI33jnWNXWGt/DG7GqoP64SUatXPk3WduswS8xXBo8Ou2gZWGlJ+ws +okw8ZD2VS1hTar9X9P3WVGqlLcI1LKjf49d3JF7Iq6Hy0fJkorcSpcE0ULCKJQIo +ZGdguqM6FggXqO6BuWctCBziO6yFiGrkEoib9VQYRrlFItSge+HX8r7U+uFBQxwO +lTxtOPVP9xsekS/V+23BUZehXfgifLfhuN11BIgJUPdQLWQH48PvPT7sL3xdF0jw +7U8hLYFSdRklEoD4eXP7tnMDb79d9C8pfi/2xRUKpuQKn9OfAWM8h2rK8fXR4FTS +wPjOaNz9DJLMFq0v1LmL33cMW9wJ9Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDhjCCAm6gAwIBAgIJAMH0h2JdKB2/MA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV +MIIDhjCCAm6gAwIBAgIJAOOIVmibqhqRMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s -b2NhbDAeFw0xNzExMDgyMjI3NDhaFw0yNzExMDYyMjI3NDhaMDsxDDAKBgNVBAoT +b2NhbDAeFw0xNzExMTQxODUxMjZaFw0yNzExMTIxODUxMjZaMDsxDDAKBgNVBAoT A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh -bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+BDu3PNsd+7ZWn6Pfv -FPErvCu5/TgZPDir5r82gfu5IWY1+2Toeuw2GNSFoctzrbOh45WAgR7dyOkI90R4 -53ByaDRlOcxk8e1Nh59vGUhX9qrYjMA6KhKEtwyAq8zeU0fOQD+LedkB8USb0sZP -qHQ3ap0i+ibjfnxdlU20M0eWzWlwK0GGhL3s33xQHypBXbYI0vrD3L2xXg5JNyuK -8zQX5HBBj5+tajRBZi+lmDZrQ0dpzN32MsJPxOX2d8PpATFLtC1/CwMDO97cxrVh -XHmpaeGwdNgN/K1/beNBSNavGDd8yikkay28bOYcSpIL1O/PYnJB4Rm60jeCU+gI -WhcCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo -b3N0ggZjb25qdXIwHQYDVR0OBBYEFEygD2ACnTL5ROsg6cu/m9hY8kovMB8GA1Ud -IwQYMBaAFEygD2ACnTL5ROsg6cu/m9hY8kovMAwGA1UdEwQFMAMBAf8wCwYDVR0P -BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQC9YpT4PLM8KNW5bbMX5vSFnvo7rpfV -dqnbYyQs6w4U/RKtWB0i0ehZhDXz97o/d4HJVd9wJAjPr9Eagy4sdELRZ1cpQLT3 -E7TWfDGHL6Q7etxm33YIXRDFJfl7NjRH+cyadL5i4LdeU4yNczQv8dsGTMMxNX2j -K0sr3xOQ+IrJd851vs5pVVq/KS5PSAoFtd7fRFo4YYNihiGAo6VVC1xuyH78mYwH -k7MymVjrDaah9FBDNtWq/OeKIwrPQPRa4bCo4DBBatAuQU6h6lIPkAVvOva3o6HL -Q4i8s/StTXxUC6B428O3jH1vH0tJhPMNL+t7YjJXoaestzkXhO0qhPpd +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIpUSe+z2u6jiM2B9gW +nqwQlm6+BSs1jFxIf1eMvd33Cw/D6zLA7Gg9eq5HpmOaPNUqCU12fKX83OTagzsy +4SZDo1y+aaQrhcCSNXbnpsvnGixXgUJgcb992j6R98K/zDzkKhxxqSP5brDjxJo+ +uY4yTn3TkDgOWLsN+eldxa/8EoRZ1RZ6zzEZCn2YXJcQ/KIwmxc+OLvXq68GJFEq +eqYNCIU1hsV7VRZcJX83i/NNOY8dmrA92mDCWFs8nwyvENOE0fvr+iLIsZDc5hQM +zaT0/lXYu+BcS7nkcdWka20hIO0V7qsjzsJhrGF7vkivLozwXPdkOWWLvGpHijxy +hesCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo +b3N0ggZjb25qdXIwHQYDVR0OBBYEFEj0YzE0HrIyYmIDwXxvqCLTYd2BMB8GA1Ud +IwQYMBaAFEj0YzE0HrIyYmIDwXxvqCLTYd2BMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQAujOEpemuY6OYvR9E4gzsEhqhWlZL5 +LMWTCymbs4ZbF2XSV/J0VMBJNd0hRlpjlcsG/ctSuJ8O5v0jv/5Tl0A0QnNUnJa6 +aeJ4eTR1rhyLCgM8pPxWqb42qJ9a/jBh8Wqkl8AhP3ZTmDMGdVu6qu+uYFD6mFh2 +RY34Lak2IxQwp8ACOkwtLZXoJvCuD8O1swUnQCB5HegoXK8Y+rmoPr7DspaFWGY+ +kLR8onOO3fZDUGSV5gIxg16PY3u/UOkDUr1V3p5IaFTzgRywTRekqkf9fwNfpZ4h +C7rH+TuLqsQr7xfi3As7+aBVyjQsTahs9HQM0Y/Y49zANzhFWW9SiF+D -----END CERTIFICATE----- diff --git a/etc/conjur.conf b/etc/conjur.conf index 2a547bc..bbce0da 100644 --- a/etc/conjur.conf +++ b/etc/conjur.conf @@ -1,5 +1,5 @@ --- appliance_url: https://conjur/api account: dev -cert_file: "/etc/conjur.pem" +cert_file: "/etc/conjur-dev.pem" plugins: [] diff --git a/ldap/0-setup-ldap.sh b/ldap/0-setup-ldap.sh index 5e49065..a391cca 100755 --- a/ldap/0-setup-ldap.sh +++ b/ldap/0-setup-ldap.sh @@ -27,7 +27,7 @@ main() { # hopefully prevent intermittent failures sleep 2 # load demo groups & users from mounted file - docker-compose exec -T ldap bash -c 'ldapadd -x -D cn=admin,dc=example,dc=org -w admin -f /ldap-bootstrap.ldif' + docker-compose exec -T ldap bash -c 'ldapadd -x -D cn=admin,dc=example,dc=org -w admin -f /src/ldap/ldap-bootstrap.ldif' } main "$@" diff --git a/ldap/barclays.ldif b/ldap/barclays.ldif new file mode 100644 index 0000000..fed02f0 --- /dev/null +++ b/ldap/barclays.ldif @@ -0,0 +1,18 @@ +dn: cn=hr-admin,dc=example,dc=org +cn: hr-admin +gidNumber: 10000 +objectClass: posixGroup +objectClass: top +memberUid: tammy\ + +dn: uid=tammy\,dc=example,dc=org +cn: tammy +uidNumber: 9996 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10000 +sn: tammy +homeDirectory: /home/tammy +memberOf: cn=hr-admin,dc=example,dc=org + diff --git a/ldap/ldap-add.sh b/ldap/ldap-add.sh new file mode 100755 index 0000000..d479489 --- /dev/null +++ b/ldap/ldap-add.sh @@ -0,0 +1,2 @@ +#!/bin/bash -ex +docker-compose exec -T ldap bash -c "ldapadd -x -D cn=admin,dc=example,dc=org -w admin -f /src/ldap/$1" diff --git a/ldap/ldap-bootstrap.ldif b/ldap/ldap-bootstrap.ldif deleted file mode 100644 index 05e619e..0000000 --- a/ldap/ldap-bootstrap.ldif +++ /dev/null @@ -1,819 +0,0 @@ -dn: cn=hr-admin,dc=example,dc=org -cn: hr-admin -gidNumber: 10000 -objectClass: posixGroup -objectClass: top -memberUid: kyle.wheeler -memberUid: marin.dubois - -dn: cn=hr,dc=example,dc=org -cn: hr -gidNumber: 10002 -objectClass: posixGroup -objectClass: top -memberUid: carol.rodriquez -memberUid: karen.wood -memberUid: caroline.mccoy - -dn: cn=devops,dc=example,dc=org -cn: devops -gidNumber: 10003 -objectClass: posixGroup -objectClass: top -memberUid: bob -memberUid: wayne.walker -memberUid: constance.bourgeois -memberUid: noelie.garnier - -dn: cn=developers,dc=example,dc=org -cn: developers -gidNumber: 10004 -objectClass: posixGroup -objectClass: top -memberUid: faiz.rooker -memberUid: soledad.reyes -memberUid: sofia.tikkanen -memberUid: alfredo.coleman -memberUid: gabin.dupont -memberUid: belen.cano -memberUid: emmi.korpela -memberUid: annie.diaz -memberUid: ted.holland -memberUid: jimmy.knight -memberUid: alberto.morgan -memberUid: benjamin.garnier -memberUid: lotta.aho -memberUid: carol -memberUid: ted -memberUid: alice - - -dn: cn=researchers-admin,dc=example,dc=org -cn: researchers-admin -gidNumber: 10005 -objectClass: posixGroup -objectClass: top -memberUid: amber.fitzgerald -memberUid: frederick.curtis -memberUid: brian.scott - - -dn: cn=researchers,dc=example,dc=org -cn: researchers -gidNumber: 10006 -objectClass: posixGroup -objectClass: top -memberUid: paula.guerrero -memberUid: jalila.eerland -memberUid: alicia.montgomery -memberUid: renatus.broersma -memberUid: elsa.takala -memberUid: elena.montero -memberUid: vicky.johnson -memberUid: adele.dupuis -memberUid: maria.pastor -memberUid: dustin.bailey - - -dn: cn=qa-admin,dc=example,dc=org -cn: qa-admin -gidNumber: 10007 -objectClass: posixGroup -objectClass: top -memberUid: steve.peterson -memberUid: rosie.pearson - - -dn: cn=qa,dc=example,dc=org -cn: qa -gidNumber: 10008 -objectClass: posixGroup -objectClass: top -memberUid: emilia.calvo -memberUid: rafael.pena -memberUid: mia.caldwell -memberUid: encarnacion.lorenzo -memberUid: konsta.lampi -memberUid: jamie.martin -memberUid: manuel.flores -memberUid: alex.mills - -dn: cn=operations-admin,dc=example,dc=org -cn: operations-admin -gidNumber: 10009 -objectClass: posixGroup -objectClass: top -memberUid: meline.lopez -memberUid: hector.jackson -memberUid: anton.honkala - - -dn: cn=operations,dc=example,dc=org -cn: operations -gidNumber: 10010 -objectClass: posixGroup -objectClass: top -memberUid: isabel.hidalgo -memberUid: alvin.bennett -memberUid: calvin.castillo -memberUid: aada.heikkila -memberUid: sam.davies -memberUid: caitlin.nichols -memberUid: sara.tucker -memberUid: travis.owens -memberUid: lis.houwer -memberUid: mike.thomas -memberUid: raquel.caballero -memberUid: ricky.martin - - -dn: uid=kyle.wheeler,dc=example,dc=org -cn: kyle.wheeler -uidNumber: 10211 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10000 -sn: wheeler -homeDirectory: /home/kyle.wheeler - -dn: uid=marin.dubois,dc=example,dc=org -cn: marin.dubois -uidNumber: 10212 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10000 -sn: dubois -homeDirectory: /home/marin.dubois - - -dn: uid=carol.rodriquez,dc=example,dc=org -cn: carol.rodriquez -uidNumber: 10213 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10002 -sn: rodriquez -homeDirectory: /home/carol.rodriquez - - -dn: uid=karen.wood,dc=example,dc=org -cn: karen.wood -uidNumber: 10214 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10002 -sn: wood -homeDirectory: /home/karen.wood - - -dn: uid=caroline.mccoy,dc=example,dc=org -cn: caroline.mccoy -uidNumber: 10215 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10002 -sn: mccoy -homeDirectory: /home/caroline.mccoy - - -dn: uid=wayne.walker,dc=example,dc=org -cn: wayne.walker -uidNumber: 10216 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10003 -sn: walker -homeDirectory: /home/wayne.walker - - -dn: uid=constance.bourgeois,dc=example,dc=org -cn: constance.bourgeois -uidNumber: 10217 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10003 -sn: bourgeois -homeDirectory: /home/constance.bourgeois - - -dn: uid=noelie.garnier,dc=example,dc=org -cn: noelie.garnier -uidNumber: 10218 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10003 -sn: garnier -homeDirectory: /home/noelie.garnier - - -dn: uid=faiz.rooker,dc=example,dc=org -cn: faiz.rooker -uidNumber: 10219 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: rooker -homeDirectory: /home/faiz.rooker - - -dn: uid=soledad.reyes,dc=example,dc=org -cn: soledad.reyes -uidNumber: 10220 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: reyes -homeDirectory: /home/soledad.reyes - - -dn: uid=sofia.tikkanen,dc=example,dc=org -cn: sofia.tikkanen -uidNumber: 10221 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: tikkanen -homeDirectory: /home/sofia.tikkanen - - -dn: uid=alfredo.coleman,dc=example,dc=org -cn: alfredo.coleman -uidNumber: 10222 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: coleman -homeDirectory: /home/alfredo.coleman - - -dn: uid=gabin.dupont,dc=example,dc=org -cn: gabin.dupont -uidNumber: 10223 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: dupont -homeDirectory: /home/gabin.dupont - - -dn: uid=belen.cano,dc=example,dc=org -cn: belen.cano -uidNumber: 10224 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: cano -homeDirectory: /home/belen.cano - - -dn: uid=emmi.korpela,dc=example,dc=org -cn: emmi.korpela -uidNumber: 10225 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: korpela -homeDirectory: /home/emmi.korpela - - -dn: uid=annie.diaz,dc=example,dc=org -cn: annie.diaz -uidNumber: 10226 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: diaz -homeDirectory: /home/annie.diaz - - -dn: uid=ted.holland,dc=example,dc=org -cn: ted.holland -uidNumber: 10227 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: holland -homeDirectory: /home/ted.holland - - -dn: uid=jimmy.knight,dc=example,dc=org -cn: jimmy.knight -uidNumber: 10228 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: knight -homeDirectory: /home/jimmy.knight - - -dn: uid=alberto.morgan,dc=example,dc=org -cn: alberto.morgan -uidNumber: 10229 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: morgan -homeDirectory: /home/alberto.morgan - - -dn: uid=benjamin.garnier,dc=example,dc=org -cn: benjamin.garnier -uidNumber: 10230 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: garnier -homeDirectory: /home/benjamin.garnier - - -dn: uid=lotta.aho,dc=example,dc=org -cn: lotta.aho -uidNumber: 10231 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: aho -homeDirectory: /home/lotta.aho - - -dn: uid=amber.fitzgerald,dc=example,dc=org -cn: amber.fitzgerald -uidNumber: 10232 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10005 -sn: fitzgerald -homeDirectory: /home/amber.fitzgerald - - -dn: uid=frederick.curtis,dc=example,dc=org -cn: frederick.curtis -uidNumber: 10233 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10005 -sn: curtis -homeDirectory: /home/frederick.curtis - - -dn: uid=brian.scott,dc=example,dc=org -cn: brian.scott -uidNumber: 10234 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10005 -sn: scott -homeDirectory: /home/brian.scott - - -dn: uid=paula.guerrero,dc=example,dc=org -cn: paula.guerrero -uidNumber: 10235 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: guerrero -homeDirectory: /home/paula.guerrero - - -dn: uid=jalila.eerland,dc=example,dc=org -cn: jalila.eerland -uidNumber: 10236 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: eerland -homeDirectory: /home/jalila.eerland - - -dn: uid=alicia.montgomery,dc=example,dc=org -cn: alicia.montgomery -uidNumber: 10237 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: montgomery -homeDirectory: /home/alicia.montgomery - - -dn: uid=renatus.broersma,dc=example,dc=org -cn: renatus.broersma -uidNumber: 10238 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: broersma -homeDirectory: /home/renatus.broersma - - -dn: uid=elsa.takala,dc=example,dc=org -cn: elsa.takala -uidNumber: 10239 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: takala -homeDirectory: /home/elsa.takala - - -dn: uid=elena.montero,dc=example,dc=org -cn: elena.montero -uidNumber: 10240 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: montero -homeDirectory: /home/elena.montero - - -dn: uid=vicky.johnson,dc=example,dc=org -cn: vicky.johnson -uidNumber: 10241 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: johnson -homeDirectory: /home/vicky.johnson - - -dn: uid=adele.dupuis,dc=example,dc=org -cn: adele.dupuis -uidNumber: 10242 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: dupuis -homeDirectory: /home/adele.dupuis - - -dn: uid=maria.pastor,dc=example,dc=org -cn: maria.pastor -uidNumber: 10243 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: pastor -homeDirectory: /home/maria.pastor - - -dn: uid=dustin.bailey,dc=example,dc=org -cn: dustin.bailey -uidNumber: 10244 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10006 -sn: bailey -homeDirectory: /home/dustin.bailey - - -dn: uid=steve.peterson,dc=example,dc=org -cn: steve.peterson -uidNumber: 10245 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10007 -sn: peterson -homeDirectory: /home/steve.peterson - - -dn: uid=rosie.pearson,dc=example,dc=org -cn: rosie.pearson -uidNumber: 10246 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10007 -sn: pearson -homeDirectory: /home/rosie.pearson - - -dn: uid=emilia.calvo,dc=example,dc=org -cn: emilia.calvo -uidNumber: 10247 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: calvo -homeDirectory: /home/emilia.calvo - - -dn: uid=rafael.pena,dc=example,dc=org -cn: rafael.pena -uidNumber: 10248 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: peña -homeDirectory: /home/rafael.pena - - -dn: uid=mia.caldwell,dc=example,dc=org -cn: mia.caldwell -uidNumber: 10249 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: caldwell -homeDirectory: /home/mia.caldwell - - -dn: uid=encarnacion.lorenzo,dc=example,dc=org -cn: encarnacion.lorenzo -uidNumber: 10250 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: lorenzo -homeDirectory: /home/encarnacion.lorenzo - - -dn: uid=konsta.lampi,dc=example,dc=org -cn: konsta.lampi -uidNumber: 10251 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: lampi -homeDirectory: /home/konsta.lampi - - -dn: uid=jamie.martin,dc=example,dc=org -cn: jamie.martin -uidNumber: 10252 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: martin -homeDirectory: /home/jamie.martin - - -dn: uid=manuel.flores,dc=example,dc=org -cn: manuel.flores -uidNumber: 10253 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: flores -homeDirectory: /home/manuel.flores - - -dn: uid=alex.mills,dc=example,dc=org -cn: alex.mills -uidNumber: 10254 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10008 -sn: mills -homeDirectory: /home/alex.mills - - -dn: uid=meline.lopez,dc=example,dc=org -cn: meline.lopez -uidNumber: 10255 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10009 -sn: lopez -homeDirectory: /home/meline.lopez - - -dn: uid=hector.jackson,dc=example,dc=org -cn: hector.jackson -uidNumber: 10256 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10009 -sn: jackson -homeDirectory: /home/hector.jackson - - -dn: uid=anton.honkala,dc=example,dc=org -cn: anton.honkala -uidNumber: 10257 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10009 -sn: honkala -homeDirectory: /home/anton.honkala - - -dn: uid=isabel.hidalgo,dc=example,dc=org -cn: isabel.hidalgo -uidNumber: 10258 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: hidalgo -homeDirectory: /home/isabel.hidalgo - - -dn: uid=alvin.bennett,dc=example,dc=org -cn: alvin.bennett -uidNumber: 10259 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: bennett -homeDirectory: /home/alvin.bennett - - -dn: uid=calvin.castillo,dc=example,dc=org -cn: calvin.castillo -uidNumber: 10260 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: castillo -homeDirectory: /home/calvin.castillo - - -dn: uid=aada.heikkila,dc=example,dc=org -cn: aada.heikkila -uidNumber: 10261 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: heikkila -homeDirectory: /home/aada.heikkila - - -dn: uid=sam.davies,dc=example,dc=org -cn: sam.davies -uidNumber: 10262 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: davies -homeDirectory: /home/sam.davies - - -dn: uid=caitlin.nichols,dc=example,dc=org -cn: caitlin.nichols -uidNumber: 10263 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: nichols -homeDirectory: /home/caitlin.nichols - - -dn: uid=sara.tucker,dc=example,dc=org -cn: sara.tucker -uidNumber: 10264 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: tucker -homeDirectory: /home/sara.tucker - - -dn: uid=travis.owens,dc=example,dc=org -cn: travis.owens -uidNumber: 10265 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: owens -homeDirectory: /home/travis.owens - - -dn: uid=lis.houwer,dc=example,dc=org -cn: lis.houwer -uidNumber: 10266 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: houwer -homeDirectory: /home/lis.houwer - - -dn: uid=mike.thomas,dc=example,dc=org -cn: mike.thomas -uidNumber: 10267 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: thomas -homeDirectory: /home/mike.thomas - - -dn: uid=raquel.caballero,dc=example,dc=org -cn: raquel.caballero -uidNumber: 10268 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: caballero -homeDirectory: /home/raquel.caballero - -dn: uid=ricky.martin,dc=example,dc=org -cn: ricky.martin -uidNumber: 10269 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10010 -sn: martin -homeDirectory: /home/ricky.martin -memberOf: cn=operations,dc=example,dc=org - -dn: uid=bob,dc=example,dc=org -cn: bob -uidNumber: 9999 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10003 -sn: bob -homeDirectory: /home/bob -memberOf: cn=devops,dc=example,dc=org - -dn: uid=carol,dc=example,dc=org -cn: carol -uidNumber: 9998 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: carol -homeDirectory: /home/carol -memberOf: cn=developers,dc=example,dc=org - -dn: uid=ted,dc=example,dc=org -cn: ted -uidNumber: 9997 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: ted -homeDirectory: /home/ted -memberOf: cn=developers,dc=example,dc=org - -dn: uid=alice,dc=example,dc=org -cn: alice -uidNumber: 9996 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10004 -sn: alice -homeDirectory: /home/alice -memberOf: cn=developers,dc=example,dc=org diff --git a/ldap/ldap-search.sh b/ldap/ldap-search.sh new file mode 100755 index 0000000..ca4a452 --- /dev/null +++ b/ldap/ldap-search.sh @@ -0,0 +1,2 @@ +#!/bin/bash -ex +docker-compose exec -T ldap bash -c "ldapsearch -x -h localhost -b dc=example,dc=org -D cn=admin,dc=example,dc=org -w admin -L $1" diff --git a/ssh/0-setup-ssh.sh b/ssh/0-setup-ssh.sh index cea2d8a..9a51ce1 100755 --- a/ssh/0-setup-ssh.sh +++ b/ssh/0-setup-ssh.sh @@ -1,6 +1,8 @@ -#!/bin/bash -ex +#!/bin/bash -e set -o pipefail +CONJUR_MASTER_ORGACCOUNT=dev +CONJUR_MASTER_URL=https://conjur/api RACK_SERVICE_NAME=vm RACK_POLICY_NAME=rack RACK_POLICY_FILE=$RACK_POLICY_NAME.yml @@ -37,7 +39,7 @@ main() { docker cp ../etc/conjur.conf $cname:/etc docker cp ../etc/conjur-dev.pem $cname:/etc - # put hostname (container name) and api-key in id file + # replace hostname (container name) and api-key in template file api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $cname) cat ../etc/template.identity | sed s={{NAME}}=host/$cname= | sed s/{{PWD}}/$api_key/ > $cname.identity @@ -45,20 +47,20 @@ main() { docker cp $cname.identity $cname:/etc/conjur.identity rm $cname.identity -# docker cp ../build/vm/conjur_authorized_keys $cname:/opt/conjur/bin - docker cp ../build/vm/logshipper.conf $cname:/etc/init + # run chef recipe to configure vm for ssh access docker exec \ - -e CONJUR_AUTHN_LOGIN="host/$cname" \ - -e CONJUR_AUTHN_API_KEY=$api_key \ + -e CONJURRC=/etc/conjur.conf \ + -e CONJUR_ACCOUNT=$CONJUR_MASTER_ORGACCOUNT \ + -e CONJUR_APPLIANCE_URL=$CONJUR_MASTER_URL \ + -e CONJUR_AUTHN_LOGIN="host/$cname" \ + -e CONJUR_AUTHN_API_KEY=$api_key \ $cname chef-solo -o conjur::configure # finish configuration, start sshd & logshipper - docker cp ../build/vm/configure-ssh.sh $cname:/root docker exec $cname sudo /root/configure-ssh.sh done - printf "\nCompleted bringing up %n rack host identities.\n" - printf "\nRack host identities now in Conjur:\n" + printf "\n\nRack host identities now in Conjur:\n" echo $rack_cont_names } diff --git a/ssh/3_ssh_user_to_host.sh b/ssh/3_ssh_user_to_host.sh index 301e0de..ae7c2f8 100755 --- a/ssh/3_ssh_user_to_host.sh +++ b/ssh/3_ssh_user_to_host.sh @@ -8,4 +8,5 @@ USER=$1 CNAME=$2 printf "\n\nUser %s attempting to ssh from CLI container to container %s:\n\n" $USER $CNAME set -x +docker exec $CNAME service nscd restart docker-compose exec cli ssh -i /src/ssh/id_$USER $USER@$CNAME diff --git a/ssh/rack.yml b/ssh/rack.yml index 20dceb6..d6886ef 100644 --- a/ssh/rack.yml +++ b/ssh/rack.yml @@ -1,2 +1,3 @@ --- - !host cdemo_vm_1 +- !host cdemo_vm_2 diff --git a/ssh/ssh-mgmt.yml b/ssh/ssh-mgmt.yml index 66c26f5..23bb259 100644 --- a/ssh/ssh-mgmt.yml +++ b/ssh/ssh-mgmt.yml @@ -1,16 +1,28 @@ --- - !policy - id: prod + id: prod_vm_access body: - - !layer prod_rack - - - !grant - role: !layer prod_rack - members: + - !permit + roles: + - !group /devops + - !group /developers + privileges: [ read, execute ] + resources: - !host /cdemo_vm_1 - !permit role: !group /devops - privileges: [ read, execute ] + privileges: [ update ] resources: - !host /cdemo_vm_1 + +- !policy + id: dev_vm_access + body: + - !permit + roles: + - !group /devops + - !group /developers + privileges: [ read, execute, update ] + resources: + - !host /cdemo_vm_2 diff --git a/users-policy.yml b/users-policy.yml index 3aca2a4..5d5aca5 100644 --- a/users-policy.yml +++ b/users-policy.yml @@ -1,13 +1,16 @@ --- - !user bob - !group devops +- !group developers - !grant role: !group devops members: !user bob -- !user carol -- !user ted -- !user alice - +- !grant + role: !group devops + members: + - !user carol + - !user ted + - !user alice diff --git a/webapp1-policy.yml b/webapp1-policy.yml index e91dc32..a1adc94 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -6,10 +6,15 @@ - &variables - !variable database_password - - !host &tomcat_host tomcat_host + - !layer &tomcat_hosts tomcat_hosts - - !permit - role: *tomcat_host + - !deny + role: *tomcat_hosts privileges: [ read, execute ] resource: *variables + - !host &tomcat_host tomcat_host + + - !grant + role: *tomcat_hosts + member: *tomcat_host From 4a7c553311f04130c754ebcd25fcb254ee85b207 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Tue, 14 Nov 2017 15:03:15 -0600 Subject: [PATCH 07/68] updated README --- README.md | 61 +- etc/conjur.pem | 42 -- ldap/barclays.ldif | 18 - ldap/ldap-bootstrap.ldif | 819 ++++++++++++++++++++++ simple_hf_example/1_set_hf_token.sh | 155 ++++ simple_hf_example/2_get_secret_restapi.sh | 156 +++++ simple_hf_example/2_get_secret_summon.sh | 177 +++++ simple_hf_example/3_cleanup.sh | 107 +++ simple_hf_example/EDIT.ME | 13 + simple_hf_example/get_ip_addrs.sh | 1 + simple_hf_example/policy.yml | 26 + simple_hf_example/setup_summon.sh | 8 + simple_hf_example/tomcat.xml.erb | 5 + 13 files changed, 1514 insertions(+), 74 deletions(-) delete mode 100644 etc/conjur.pem delete mode 100644 ldap/barclays.ldif create mode 100644 ldap/ldap-bootstrap.ldif create mode 100755 simple_hf_example/1_set_hf_token.sh create mode 100755 simple_hf_example/2_get_secret_restapi.sh create mode 100755 simple_hf_example/2_get_secret_summon.sh create mode 100755 simple_hf_example/3_cleanup.sh create mode 100644 simple_hf_example/EDIT.ME create mode 100755 simple_hf_example/get_ip_addrs.sh create mode 100644 simple_hf_example/policy.yml create mode 100755 simple_hf_example/setup_summon.sh create mode 100644 simple_hf_example/tomcat.xml.erb diff --git a/README.md b/README.md index d41a4d1..2f3aa40 100644 --- a/README.md +++ b/README.md @@ -7,18 +7,17 @@ NOTE: This demo uses a single identity for all instances of the application. Thi Scenario: Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. Dependencies: - - docker & docker-compose - install-dependencies.sh installs these - - internet access for initial run, can run air gapped after + - docker & docker-compose - can be installed w/ ./etc/install-dependencies.sh + - internet access required for initial builds, can run standalone after that -Demo files: - - 0-startup-conjur.sh - takes no arguments - initialize demo environment: +Demo root directory (.../cdemo): + - 0-startup-conjur.sh - takes no arguments - initializes demo environment: + - triggers builds of ALL demo images - this can take a really long time - prepare accordingly! - startups up Conjur, Conjur client CLI and Weave Scope containers - Loads users-policy.yml and sets all user passwords to “foo” - loads demo policies and sets secret values to the secret name prefixed with “ThisIsThe" - 1-setup-containers.sh - takes two arguments (see demo scenario below) - starts up client application containers that fetch secrets from Conjur. - 2-shutdown-containers.sh - takes no arguments - shuts down all client application containers. - - _conjur_init.sh - Conjur initialization script run from CLI container. - - _demo_init.sh - demo initialization script run from CLI container. - docker-compose.yml - file that drives all container builds and configurations. - .env - file of environment variables for client application containers, referenced from docker-compose.yml, dynamically created by 1-setup-containers.sh - load_policy.sh - loads a supplied policy file @@ -27,14 +26,7 @@ Demo files: - dbpassword_rotator.sh - sets the database password to a random hex value every 5 seconds - apikey_rotator.sh - rotates the API key once. - Build directories - all builds are triggered from docker-compose.yml (i.e. no build scripts): - - build/webapp: - - Dockerfile - defines Alpine images w/ bash and curl - - webapp1.sh - script loaded into image as entry point when container is started. It is resilient to API key rotation. - - build/conjurcli: - - Dockerfile - build parameters for rich Conjur CLI client container - -Demo scenario: +Basic demo scenario: - run 0-startup-conjur.sh. REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY. When complete demo environment is ready. - run 1-setup_containers.sh w/ 2 args - REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY: - number of containers to create @@ -46,3 +38,44 @@ Demo scenario: - change "permit" to "deny" in policy file, reload policy and show how none of the containers can fetch secrets - 2-shutdown-containers.sh - brings down all webapp containers. - docker-compose down - brings down all containers incl. conjur, cli & scope. + +./ldap - LDAP demo directory: + - 0-setup-ldap.sh - brings up OpenLDAP server container and loads ldap-boostrap.ldif to populate it + - 1-ldap-sync.sh - imports ldap-sync.yml created by the Conjur web UI LDAP interface + +./splunk - Splunk demo directory: + - 0-setup-splunk.sh - brings up the Splunk Enterprise container - watch the log till you see its listening then ctrl-C + +./ssh - SSH demo directory: + - 0-setup-ssh.sh - takes 1 argument for # of "rack VMs" to bring up, configures each w/ Chef cookbook + - 1_create_key_for_user.sh - takes 1 argument (user name) - creates SSH key for given user and stored pub key in Conjur + - 2_test_fetch_userkey_from_host.sh - takes 2 arguments (user, container name) - tests if container can fetch user's pub key + - 3_ssh_user_to_host.sh - takes 2 arguments (user, container) - attempts to ssh as user to container/host + - 4_roles_with_resource_permissions.sh - takes 2 arguments (host:container, privilege) - shows all roles holding privilege on resource + - 5_review_activity_on_resource.sh - takes 1 argument (host:container) - displays audit records for resource + - rack.yml - policy file created and loaded by 0-setup-ssh.sh + - load_policy.sh - utility for loading ssh-mgmt.yml during demo to effect access changes + - ssh-mgmt.yml - defines access policies for Dev and Prod VM access + +./simple_hf_example - very basic Host Factory demo: + +./etc directory: + - _conjur_init.sh - Conjur initialization script run from CLI container. + - _demo_init.sh - demo initialization script run from CLI container. + - conjur*, template.identity - configuration files for client connections + - install-dependencies.sh - installs docker and docker-compose + +Build directories - all image builds are triggered via docker-compose.yml (i.e. no build scripts): + - build/conjurcli: + - Dockerfile - builds a rich Conjur CLI client container + - build/ldap: + - Dockerfile - builds a OpenLDAP server container + - build/splunk + - Dockerfile - builds a Splunk Enterprise container + - build/vm: + - Dockerfile - builds a rack of "VM" containers for SSH key management demo + - configure-ssh.sh - script to startup services on rack VMs after configuration + - build/webapp: + - Dockerfile - builds webapp image based on Alpine w/ bash and curl installed + - webapp1.sh - script loaded into image as entry point when container is started. It is resilient to API key rotation. + diff --git a/etc/conjur.pem b/etc/conjur.pem deleted file mode 100644 index 74fbad4..0000000 --- a/etc/conjur.pem +++ /dev/null @@ -1,42 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDVzCCAj+gAwIBAgIVALGpOOgVjXiUx6SpiuLsfqZ8kk5FMA0GCSqGSIb3DQEB -CwUAMEIxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQD -ExVjb25qdXIuY3liZXJhcmsubG9jYWwwHhcNMTcxMTA2MDM0NzA4WhcNMjcxMTA0 -MDM0NzA4WjAgMR4wHAYDVQQDDBVjb25qdXIuY3liZXJhcmsubG9jYWwwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaquy+0hjlWiZLe5k9oaSApzRNmYlu -i3Y9W43+qS/duJuLMAyaHiXxd+BpskycY+kh2NGd864cJfogmkIRCdxdn/HHTZ7H -19dquVZpm9zg/wwtKapRD14gbivZnSuuw+gzw/lYtayXcFJC6RroscMUA3k8RFCG -XLJ6b6E3k5pRRvyHeDIYT8qbiKIQHX0f7OjwGRL4X/RWGor3HkJNL1NPBT0kOYJd -s/uF5XtgwH2N+IchtqxxBPaxX8/5yikvhVRdRUgzF0HcEBV+Qj/ZnOc0AtYg0I9w -T1hF1y2BRvaPKzbmTzqgmtLxWqwf/loQC6e5wkTOGSJvaG5pHI81Fm29AgMBAAGj -ZjBkMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/Y -BwkwMwYDVR0RBCwwKoIVY29uanVyLmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SC -BmNvbmp1cjANBgkqhkiG9w0BAQsFAAOCAQEASWCgZaSR7jLPV169Cb81q/tGFOgR -QmsAhS0gjO+mvR7GWXcu/wT1OZ4lFKuPBn0XHYXWrf8CifQjtB6MTEmsvEE+MS8o -7zh7rTiRhRf7QVGjOuzUb+z8D/ShQZzLO1nTfjdDA4bp2dThtUcpakU5XGyOPk75 -T7LMO/YdeM5Na1HDNvNoTLTOl4CJVwDp3w/kTR3cFBXEfJxqU53X1ncOF+KDdHsh -qcwp3vrLgmmXrf+exBvZZLq7vi9pwHkbu0I5/PvydiuwN/MEmhy76ttxeMNfY/kD -WMQIxjaMZQb6TmGnPKJ3anxtCj9gY7C3PF8hdQp7V/ulM+Z/6F4wdiVyVg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDmzCCAoOgAwIBAgIJAOuFDc1d30TxMA0GCSqGSIb3DQEBCwUAMEIxDDAKBgNV -BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMR4wHAYDVQQDExVjb25qdXIuY3li -ZXJhcmsubG9jYWwwHhcNMTcxMTA2MDM0NzA2WhcNMjcxMTA0MDM0NzA2WjBCMQww -CgYDVQQKEwNkZXYxEjAQBgNVBAsTCUNvbmp1ciBDQTEeMBwGA1UEAxMVY29uanVy -LmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -vKHa81j5naUYbrLMDtuSPC39GFirONJX0OeTcoCD1XNh/d+Qq3KLEUAhDWKwHZyv -rhc/t+oC3fpSIyEEpwxR/NW7I+zOdC4rvnkW152FuQc81tMigW86Nc+7WxPgDIdY -IVEPeOvDJUz9ztRC8me/NPmY3e+FzOiBQSget/EOLZJ1t2yVU5eEk+WF9pWgmUyD -loMvlXdFPN1cc60S6ypEYusJKWtBPzzOpXRy+j4/x9D5Yp8xHQSXv8oek37yuA8+ -LumbOOu2HCGSbN/1hcgtu7rfG70NeOzAwJtjNHVTgdeV0N5TZVHyH3l2AoRHIey7 -r3FeHDR9hwE2i3jaHmGr8QIDAQABo4GTMIGQMDMGA1UdEQQsMCqCFWNvbmp1ci5j -eWJlcmFyay5sb2NhbIIJbG9jYWxob3N0ggZjb25qdXIwHQYDVR0OBBYEFJ7+m6Ss -13pslEGIBxY+mVcOBtkyMB8GA1UdIwQYMBaAFJ7+m6Ss13pslEGIBxY+mVcOBtky -MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQAX -+zKNXHZgHIk6+zmA1LdLqxYVqFkSnoDEqxDvfWBhdH7lvOK60TM0w+YQu0rswXV2 -CsEDYyxSTvMug0MRLe2M87KaR3B74tEOSkuQlw0C4u4mzIcrOo6VhiL49pKoMprM -b/XhqBOj+PED+xa1+f5IrAptS483SfWDxhGsZ76otcucQifFdU2oV5XixUEs1Z+2 -TfkjjU0jiXsgwQQ2XLHm+yKlZ1hTollaZCu92Br2bCbGbA4RPUW1Rkq7CjC0GJp4 -mQKc99fhbyxmWudnf8dZarhS5uX4n+x8rPUPnrNmKS+IE5IzzUKPFotSKwHnHIwX -Ocatge0DTnqn5AjVlUye ------END CERTIFICATE----- diff --git a/ldap/barclays.ldif b/ldap/barclays.ldif deleted file mode 100644 index fed02f0..0000000 --- a/ldap/barclays.ldif +++ /dev/null @@ -1,18 +0,0 @@ -dn: cn=hr-admin,dc=example,dc=org -cn: hr-admin -gidNumber: 10000 -objectClass: posixGroup -objectClass: top -memberUid: tammy\ - -dn: uid=tammy\,dc=example,dc=org -cn: tammy -uidNumber: 9996 -objectClass: top -objectClass: person -objectClass: posixAccount -gidNumber: 10000 -sn: tammy -homeDirectory: /home/tammy -memberOf: cn=hr-admin,dc=example,dc=org - diff --git a/ldap/ldap-bootstrap.ldif b/ldap/ldap-bootstrap.ldif new file mode 100644 index 0000000..05e619e --- /dev/null +++ b/ldap/ldap-bootstrap.ldif @@ -0,0 +1,819 @@ +dn: cn=hr-admin,dc=example,dc=org +cn: hr-admin +gidNumber: 10000 +objectClass: posixGroup +objectClass: top +memberUid: kyle.wheeler +memberUid: marin.dubois + +dn: cn=hr,dc=example,dc=org +cn: hr +gidNumber: 10002 +objectClass: posixGroup +objectClass: top +memberUid: carol.rodriquez +memberUid: karen.wood +memberUid: caroline.mccoy + +dn: cn=devops,dc=example,dc=org +cn: devops +gidNumber: 10003 +objectClass: posixGroup +objectClass: top +memberUid: bob +memberUid: wayne.walker +memberUid: constance.bourgeois +memberUid: noelie.garnier + +dn: cn=developers,dc=example,dc=org +cn: developers +gidNumber: 10004 +objectClass: posixGroup +objectClass: top +memberUid: faiz.rooker +memberUid: soledad.reyes +memberUid: sofia.tikkanen +memberUid: alfredo.coleman +memberUid: gabin.dupont +memberUid: belen.cano +memberUid: emmi.korpela +memberUid: annie.diaz +memberUid: ted.holland +memberUid: jimmy.knight +memberUid: alberto.morgan +memberUid: benjamin.garnier +memberUid: lotta.aho +memberUid: carol +memberUid: ted +memberUid: alice + + +dn: cn=researchers-admin,dc=example,dc=org +cn: researchers-admin +gidNumber: 10005 +objectClass: posixGroup +objectClass: top +memberUid: amber.fitzgerald +memberUid: frederick.curtis +memberUid: brian.scott + + +dn: cn=researchers,dc=example,dc=org +cn: researchers +gidNumber: 10006 +objectClass: posixGroup +objectClass: top +memberUid: paula.guerrero +memberUid: jalila.eerland +memberUid: alicia.montgomery +memberUid: renatus.broersma +memberUid: elsa.takala +memberUid: elena.montero +memberUid: vicky.johnson +memberUid: adele.dupuis +memberUid: maria.pastor +memberUid: dustin.bailey + + +dn: cn=qa-admin,dc=example,dc=org +cn: qa-admin +gidNumber: 10007 +objectClass: posixGroup +objectClass: top +memberUid: steve.peterson +memberUid: rosie.pearson + + +dn: cn=qa,dc=example,dc=org +cn: qa +gidNumber: 10008 +objectClass: posixGroup +objectClass: top +memberUid: emilia.calvo +memberUid: rafael.pena +memberUid: mia.caldwell +memberUid: encarnacion.lorenzo +memberUid: konsta.lampi +memberUid: jamie.martin +memberUid: manuel.flores +memberUid: alex.mills + +dn: cn=operations-admin,dc=example,dc=org +cn: operations-admin +gidNumber: 10009 +objectClass: posixGroup +objectClass: top +memberUid: meline.lopez +memberUid: hector.jackson +memberUid: anton.honkala + + +dn: cn=operations,dc=example,dc=org +cn: operations +gidNumber: 10010 +objectClass: posixGroup +objectClass: top +memberUid: isabel.hidalgo +memberUid: alvin.bennett +memberUid: calvin.castillo +memberUid: aada.heikkila +memberUid: sam.davies +memberUid: caitlin.nichols +memberUid: sara.tucker +memberUid: travis.owens +memberUid: lis.houwer +memberUid: mike.thomas +memberUid: raquel.caballero +memberUid: ricky.martin + + +dn: uid=kyle.wheeler,dc=example,dc=org +cn: kyle.wheeler +uidNumber: 10211 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10000 +sn: wheeler +homeDirectory: /home/kyle.wheeler + +dn: uid=marin.dubois,dc=example,dc=org +cn: marin.dubois +uidNumber: 10212 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10000 +sn: dubois +homeDirectory: /home/marin.dubois + + +dn: uid=carol.rodriquez,dc=example,dc=org +cn: carol.rodriquez +uidNumber: 10213 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10002 +sn: rodriquez +homeDirectory: /home/carol.rodriquez + + +dn: uid=karen.wood,dc=example,dc=org +cn: karen.wood +uidNumber: 10214 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10002 +sn: wood +homeDirectory: /home/karen.wood + + +dn: uid=caroline.mccoy,dc=example,dc=org +cn: caroline.mccoy +uidNumber: 10215 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10002 +sn: mccoy +homeDirectory: /home/caroline.mccoy + + +dn: uid=wayne.walker,dc=example,dc=org +cn: wayne.walker +uidNumber: 10216 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: walker +homeDirectory: /home/wayne.walker + + +dn: uid=constance.bourgeois,dc=example,dc=org +cn: constance.bourgeois +uidNumber: 10217 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: bourgeois +homeDirectory: /home/constance.bourgeois + + +dn: uid=noelie.garnier,dc=example,dc=org +cn: noelie.garnier +uidNumber: 10218 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: garnier +homeDirectory: /home/noelie.garnier + + +dn: uid=faiz.rooker,dc=example,dc=org +cn: faiz.rooker +uidNumber: 10219 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: rooker +homeDirectory: /home/faiz.rooker + + +dn: uid=soledad.reyes,dc=example,dc=org +cn: soledad.reyes +uidNumber: 10220 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: reyes +homeDirectory: /home/soledad.reyes + + +dn: uid=sofia.tikkanen,dc=example,dc=org +cn: sofia.tikkanen +uidNumber: 10221 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: tikkanen +homeDirectory: /home/sofia.tikkanen + + +dn: uid=alfredo.coleman,dc=example,dc=org +cn: alfredo.coleman +uidNumber: 10222 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: coleman +homeDirectory: /home/alfredo.coleman + + +dn: uid=gabin.dupont,dc=example,dc=org +cn: gabin.dupont +uidNumber: 10223 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: dupont +homeDirectory: /home/gabin.dupont + + +dn: uid=belen.cano,dc=example,dc=org +cn: belen.cano +uidNumber: 10224 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: cano +homeDirectory: /home/belen.cano + + +dn: uid=emmi.korpela,dc=example,dc=org +cn: emmi.korpela +uidNumber: 10225 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: korpela +homeDirectory: /home/emmi.korpela + + +dn: uid=annie.diaz,dc=example,dc=org +cn: annie.diaz +uidNumber: 10226 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: diaz +homeDirectory: /home/annie.diaz + + +dn: uid=ted.holland,dc=example,dc=org +cn: ted.holland +uidNumber: 10227 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: holland +homeDirectory: /home/ted.holland + + +dn: uid=jimmy.knight,dc=example,dc=org +cn: jimmy.knight +uidNumber: 10228 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: knight +homeDirectory: /home/jimmy.knight + + +dn: uid=alberto.morgan,dc=example,dc=org +cn: alberto.morgan +uidNumber: 10229 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: morgan +homeDirectory: /home/alberto.morgan + + +dn: uid=benjamin.garnier,dc=example,dc=org +cn: benjamin.garnier +uidNumber: 10230 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: garnier +homeDirectory: /home/benjamin.garnier + + +dn: uid=lotta.aho,dc=example,dc=org +cn: lotta.aho +uidNumber: 10231 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: aho +homeDirectory: /home/lotta.aho + + +dn: uid=amber.fitzgerald,dc=example,dc=org +cn: amber.fitzgerald +uidNumber: 10232 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10005 +sn: fitzgerald +homeDirectory: /home/amber.fitzgerald + + +dn: uid=frederick.curtis,dc=example,dc=org +cn: frederick.curtis +uidNumber: 10233 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10005 +sn: curtis +homeDirectory: /home/frederick.curtis + + +dn: uid=brian.scott,dc=example,dc=org +cn: brian.scott +uidNumber: 10234 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10005 +sn: scott +homeDirectory: /home/brian.scott + + +dn: uid=paula.guerrero,dc=example,dc=org +cn: paula.guerrero +uidNumber: 10235 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: guerrero +homeDirectory: /home/paula.guerrero + + +dn: uid=jalila.eerland,dc=example,dc=org +cn: jalila.eerland +uidNumber: 10236 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: eerland +homeDirectory: /home/jalila.eerland + + +dn: uid=alicia.montgomery,dc=example,dc=org +cn: alicia.montgomery +uidNumber: 10237 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: montgomery +homeDirectory: /home/alicia.montgomery + + +dn: uid=renatus.broersma,dc=example,dc=org +cn: renatus.broersma +uidNumber: 10238 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: broersma +homeDirectory: /home/renatus.broersma + + +dn: uid=elsa.takala,dc=example,dc=org +cn: elsa.takala +uidNumber: 10239 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: takala +homeDirectory: /home/elsa.takala + + +dn: uid=elena.montero,dc=example,dc=org +cn: elena.montero +uidNumber: 10240 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: montero +homeDirectory: /home/elena.montero + + +dn: uid=vicky.johnson,dc=example,dc=org +cn: vicky.johnson +uidNumber: 10241 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: johnson +homeDirectory: /home/vicky.johnson + + +dn: uid=adele.dupuis,dc=example,dc=org +cn: adele.dupuis +uidNumber: 10242 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: dupuis +homeDirectory: /home/adele.dupuis + + +dn: uid=maria.pastor,dc=example,dc=org +cn: maria.pastor +uidNumber: 10243 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: pastor +homeDirectory: /home/maria.pastor + + +dn: uid=dustin.bailey,dc=example,dc=org +cn: dustin.bailey +uidNumber: 10244 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10006 +sn: bailey +homeDirectory: /home/dustin.bailey + + +dn: uid=steve.peterson,dc=example,dc=org +cn: steve.peterson +uidNumber: 10245 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10007 +sn: peterson +homeDirectory: /home/steve.peterson + + +dn: uid=rosie.pearson,dc=example,dc=org +cn: rosie.pearson +uidNumber: 10246 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10007 +sn: pearson +homeDirectory: /home/rosie.pearson + + +dn: uid=emilia.calvo,dc=example,dc=org +cn: emilia.calvo +uidNumber: 10247 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: calvo +homeDirectory: /home/emilia.calvo + + +dn: uid=rafael.pena,dc=example,dc=org +cn: rafael.pena +uidNumber: 10248 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: peña +homeDirectory: /home/rafael.pena + + +dn: uid=mia.caldwell,dc=example,dc=org +cn: mia.caldwell +uidNumber: 10249 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: caldwell +homeDirectory: /home/mia.caldwell + + +dn: uid=encarnacion.lorenzo,dc=example,dc=org +cn: encarnacion.lorenzo +uidNumber: 10250 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: lorenzo +homeDirectory: /home/encarnacion.lorenzo + + +dn: uid=konsta.lampi,dc=example,dc=org +cn: konsta.lampi +uidNumber: 10251 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: lampi +homeDirectory: /home/konsta.lampi + + +dn: uid=jamie.martin,dc=example,dc=org +cn: jamie.martin +uidNumber: 10252 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: martin +homeDirectory: /home/jamie.martin + + +dn: uid=manuel.flores,dc=example,dc=org +cn: manuel.flores +uidNumber: 10253 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: flores +homeDirectory: /home/manuel.flores + + +dn: uid=alex.mills,dc=example,dc=org +cn: alex.mills +uidNumber: 10254 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10008 +sn: mills +homeDirectory: /home/alex.mills + + +dn: uid=meline.lopez,dc=example,dc=org +cn: meline.lopez +uidNumber: 10255 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10009 +sn: lopez +homeDirectory: /home/meline.lopez + + +dn: uid=hector.jackson,dc=example,dc=org +cn: hector.jackson +uidNumber: 10256 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10009 +sn: jackson +homeDirectory: /home/hector.jackson + + +dn: uid=anton.honkala,dc=example,dc=org +cn: anton.honkala +uidNumber: 10257 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10009 +sn: honkala +homeDirectory: /home/anton.honkala + + +dn: uid=isabel.hidalgo,dc=example,dc=org +cn: isabel.hidalgo +uidNumber: 10258 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: hidalgo +homeDirectory: /home/isabel.hidalgo + + +dn: uid=alvin.bennett,dc=example,dc=org +cn: alvin.bennett +uidNumber: 10259 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: bennett +homeDirectory: /home/alvin.bennett + + +dn: uid=calvin.castillo,dc=example,dc=org +cn: calvin.castillo +uidNumber: 10260 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: castillo +homeDirectory: /home/calvin.castillo + + +dn: uid=aada.heikkila,dc=example,dc=org +cn: aada.heikkila +uidNumber: 10261 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: heikkila +homeDirectory: /home/aada.heikkila + + +dn: uid=sam.davies,dc=example,dc=org +cn: sam.davies +uidNumber: 10262 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: davies +homeDirectory: /home/sam.davies + + +dn: uid=caitlin.nichols,dc=example,dc=org +cn: caitlin.nichols +uidNumber: 10263 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: nichols +homeDirectory: /home/caitlin.nichols + + +dn: uid=sara.tucker,dc=example,dc=org +cn: sara.tucker +uidNumber: 10264 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: tucker +homeDirectory: /home/sara.tucker + + +dn: uid=travis.owens,dc=example,dc=org +cn: travis.owens +uidNumber: 10265 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: owens +homeDirectory: /home/travis.owens + + +dn: uid=lis.houwer,dc=example,dc=org +cn: lis.houwer +uidNumber: 10266 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: houwer +homeDirectory: /home/lis.houwer + + +dn: uid=mike.thomas,dc=example,dc=org +cn: mike.thomas +uidNumber: 10267 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: thomas +homeDirectory: /home/mike.thomas + + +dn: uid=raquel.caballero,dc=example,dc=org +cn: raquel.caballero +uidNumber: 10268 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: caballero +homeDirectory: /home/raquel.caballero + +dn: uid=ricky.martin,dc=example,dc=org +cn: ricky.martin +uidNumber: 10269 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10010 +sn: martin +homeDirectory: /home/ricky.martin +memberOf: cn=operations,dc=example,dc=org + +dn: uid=bob,dc=example,dc=org +cn: bob +uidNumber: 9999 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10003 +sn: bob +homeDirectory: /home/bob +memberOf: cn=devops,dc=example,dc=org + +dn: uid=carol,dc=example,dc=org +cn: carol +uidNumber: 9998 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: carol +homeDirectory: /home/carol +memberOf: cn=developers,dc=example,dc=org + +dn: uid=ted,dc=example,dc=org +cn: ted +uidNumber: 9997 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: ted +homeDirectory: /home/ted +memberOf: cn=developers,dc=example,dc=org + +dn: uid=alice,dc=example,dc=org +cn: alice +uidNumber: 9996 +objectClass: top +objectClass: person +objectClass: posixAccount +gidNumber: 10004 +sn: alice +homeDirectory: /home/alice +memberOf: cn=developers,dc=example,dc=org diff --git a/simple_hf_example/1_set_hf_token.sh b/simple_hf_example/1_set_hf_token.sh new file mode 100755 index 0000000..425ad58 --- /dev/null +++ b/simple_hf_example/1_set_hf_token.sh @@ -0,0 +1,155 @@ +#!/bin/bash +# +# Admin_process - simulates the role of a security administrator that creates and distributes Host Factory tokens +# +# Usage: admin_process + +##### +# HARD CODED VALUES from ../policy.yml in parent directory +declare HOST_FACTORY_NAME=webapp1/tomcat_factory +declare HOST_NAME=tomcat1 +declare VAR_ID=webapp1/database_password +###### + +# data specs and time math are not portable - set DATE_SPEC to the correct platform +readonly MAC_DATE='date -v+"$dur_time_secs"S +%Y-%m-%dT%H%%3A%M%%3A%S%z' +readonly LINUX_DATE='date --iso-8601=seconds --date="$dur_time_secs seconds"' +DATE_SPEC=$MAC_DATE +if [[ "$(uname -s)" == "Linux" ]]; then + DATE_SPEC=$LINUX_DATE +fi + +# get pointers to Conjur REST API endpoint and SSL certificate +source EDIT.ME +if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then + printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" + exit 1 +fi + +#declare DEBUG_BREAKPT="" +declare DEBUG_BREAKPT="read -n 1 -s -p 'Press any key to continue'" + +# global variables +declare ADMIN_SESSION_TOKEN +declare CONJUR_HOST_FACTORY_TOKEN +declare URLIFIED + +################## +# USER AUTHN - get admin session token based on user name and password +# - no arguments +user_authn() { + printf "\nEnter admin user name: " + read admin_name + printf "Enter the admin password (it will not be echoed): " + read -s admin_pwd + + # Login user, authenticate and get API key for session + local access_token=$(curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --user $admin_name:$admin_pwd \ + $CONJUR_APPLIANCE_URL/authn/users/login) + + local response=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --data $access_token \ + $CONJUR_APPLIANCE_URL/authn/users/$admin_name/authenticate) + ADMIN_SESSION_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') + +} + +################ +# URLIFY - converts '/' and ':' in input string to hex equivalents +# in: $1 - string to convert +# out: URLIFIED - converted string in global variable +urlify() { + local str=$1; shift + str=$(echo $str | sed 's= =%20=g') + str=$(echo $str | sed 's=/=%2F=g') + str=$(echo $str | sed 's=:=%3A=g') + str=$(echo $str | sed 's=+=-=g') # added as hack to change + to - in timezone offset in linux date string + URLIFIED=$str +} + +################ MAIN ################ +# HOST FACTORY TOKEN CREATE a new HF token with a defined expiration date +# $1 - host factory id +# $2 - dur time - hf token lifespan in seconds +hf_token_create() { + local hf_id=$1; shift + local dur_time_secs=$1; shift + + local token_exp_time=$(eval $DATE_SPEC) + urlify $token_exp_time + token_exp_time=$URLIFIED + printf "Token exp time= %s\n" $token_exp_time + + CONJUR_HOST_FACTORY_TOKEN=$( curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --request POST \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$ADMIN_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/host_factories/{$hf_id}/tokens?expiration=$token_exp_time \ + | jq -r '.[] | .token') +} + +################ +# HOST FACTORY SHOW - show info about host factory including all associated tokens +hf_show() { + local hf_id=$1; shift + + printf "\nHost factory %s:\n" $hf_id + curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --header "Content-Type: application/json" \ + --header "Authorization: Token token=\"$ADMIN_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/host_factories/{$hf_id} \ + | jq -r ' .tokens | .[] ' +} + +################ +# HOST FACTORY TOKEN REVOKE (delete) the host factory token +hf_token_revoke() { + local hf_token=$1; shift + curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --request DELETE \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$ADMIN_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/host_factories/tokens/$hf_token +} + +################ MAIN ################ +# $1 - name of output file +main() { + + if [[ $# -ne 1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 + fi + local output_file=$1 + + # authenticate (login) user + user_authn # get admin session token based on user name and password + + urlify $HOST_FACTORY_NAME + HOST_FACTORY_NAME=$URLIFIED + + hf_show $HOST_FACTORY_NAME + # create a host factory token + hf_token_create $HOST_FACTORY_NAME 200000 + printf "\nHF token is: %s\n" $CONJUR_HOST_FACTORY_TOKEN + hf_show $HOST_FACTORY_NAME + + # write out host factory token, host name and variable name to file + echo $CONJUR_HOST_FACTORY_TOKEN > $output_file + echo $HOST_NAME >> $output_file + echo $VAR_ID >> $output_file + printf "\n\nWrote HF token, app name and variable name to file '%s'...\n\n\n" $output_file +} + +main "$@" +exit diff --git a/simple_hf_example/2_get_secret_restapi.sh b/simple_hf_example/2_get_secret_restapi.sh new file mode 100755 index 0000000..7c43934 --- /dev/null +++ b/simple_hf_example/2_get_secret_restapi.sh @@ -0,0 +1,156 @@ +#!/bin/bash + +# get pointers to Conjur api and SSL certificate +source EDIT.ME +if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then + printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" + exit 1 +fi + +# global variables +declare ADMIN_SESSION_TOKEN +declare HOST_API_KEY +declare HOST_SESSION_TOKEN +declare SECRET_VALUE +declare URLIFIED + +declare DEBUG_BREAKPT="" +#declare DEBUG_BREAKPT="read -n 1 -s -p 'Press any key to continue'" + +################ +# REGISTER HOST to the associated layer using the host factory token +# Note that if the host already exists, this command will create a new API key for it +# $1 - application name + +hf_register_host() { + local hf_token=$1; shift + local host_name=$1; shift + + HOST_API_KEY=$( curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --request POST \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$hf_token\"" \ + $CONJUR_APPLIANCE_URL/host_factories/hosts?id=$host_name \ + | jq -r '.api_key') + +} + +################ +# HOST AUTHN using its name and API key to get session token +# $1 - host name +# $2 - API key +host_authn() { + local host_name=$1; shift + local host_api_key=$1; shift + + urlify $host_name + local host_name_urlfmt=host%2F$URLIFIED # authn requires host/ prefix + + # Authenticate host w/ its name & API key to get session token + response=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --request POST \ + --data-binary $host_api_key \ + $CONJUR_APPLIANCE_URL/authn/users/{$host_name_urlfmt}/authenticate) + HOST_SESSION_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') +} + +# URLIFY - converts '/' and ':' in input string to hex equivalents +# in: $1 - string to convert +# out: URLIFIED - converted string in global variable +urlify() { + local str=$1; shift + str=$(echo $str | sed 's= =%20=g') + str=$(echo $str | sed 's=/=%2F=g') + str=$(echo $str | sed 's=:=%3A=g') + URLIFIED=$str +} + +# LIST RESOURCES accessible to application +# in: host_name +list_resources() { + local host_name=$1; shift + + curl -s \ + --cacert $CONJUR_CERT_FILE \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$HOST_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/authz/{$host_name}/resources/variable +} + +################ +# FETCH SECRET using session token +# $1 - name of secret to fetch +fetch_secret() { + local var_id=$1; shift + + urlify $var_id + local var_id_urlfmt=$URLIFIED + + # FETCH variable value + SECRET_VALUE=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --request GET \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$HOST_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/variables/{$var_id_urlfmt}/value) + +} + + +################ MAIN ################ +# $1 - name of input file containing three lines for HF token, host name and name of variable to read + +main() { + if [[ $# -ne 1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 + fi + local input_file=$1 + + local hf_token host_name var_id + + local i=1 + while read line + do + case $i in + 1) + hf_token=$line + ;; + 2) + host_name=$line + ;; + 3) + var_id=$line + esac + (( i++ )) + done < "$input_file" + + printf "\n\nIn worker process, using:\n\tHF token: %s\n\tto get API key for app: %s\n\tto fetch value of variable: %s\n" $hf_token $host_name $var_id + read -n 1 -s -p "Press any key to continue" + + hf_register_host $hf_token $host_name # NOTE hostname not in URL format - sets HOST_API_KEY global value + + if [[ "$HOST_API_KEY" == "" ]]; then + printf "\n\nAPI key not generated. Perhaps host factory token has expired. Please regenerate...\n\n" + exit 1 + fi + + printf "\n\nAPI key for %s is: %s \n\n" $host_name $HOST_API_KEY + read -n 1 -s -p "Press any key to continue" + + host_authn $host_name $HOST_API_KEY # sets HOST_SESSION_TOKEN value + +# list_resources $host_name + + fetch_secret $var_id # sets SECRET_VALUE + + echo + echo + echo "Value for" $var_id "is:" $SECRET_VALUE + echo +} + +main "$@" diff --git a/simple_hf_example/2_get_secret_summon.sh b/simple_hf_example/2_get_secret_summon.sh new file mode 100755 index 0000000..ee51a77 --- /dev/null +++ b/simple_hf_example/2_get_secret_summon.sh @@ -0,0 +1,177 @@ +#!/bin/bash + +# this script reads a host factory token, a host name and a variable name from a file +# It uses the host factory token to create an API key for the host, then uses that identity +# to fetch the value of the variable with summon-conjur +# +# It then replaces a token in a Tomcat.xml.erb file with the fetched secret value and writes +# the processed text to a file called temp.out. This demonstrates a DIY form of template processing. +# +# The point of this demo is that secrets can be securely fetched with a very lightweight client +# configuration (the summon-conjur executable, a certificate, the Conjur URL, a hostname and an API key). +# And then those secrets can be injected into a configuration file. + +# get pointers to Conjur api and SSL certificate +source ./EDIT.ME +if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then + printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" + exit 1 +fi + +# global variables +declare ADMIN_SESSION_TOKEN + +# global variables +declare CONJUR_AUTHN_API_KEY +declare CONJUR_AUTHN_TOKEN +declare SECRET_VALUE +declare URLIFIED + +################ +# REGISTER HOST to the associated layer using the host factory token +# Note that if the host already exists, this command will create a new API key for it +# $1 - application name + +hf_register_host() { + local hf_token=$1; shift + local host_name=$1; shift + + local response_json=$(curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --request POST \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$hf_token\"" \ + $CONJUR_APPLIANCE_URL/host_factories/hosts?id=$host_name) + CONJUR_AUTHN_API_KEY=$(echo $response_json | jq -r '.api_key') +} + +################ +# HOST AUTHN using its name and API key to get session token +# $1 - host name +# $2 - API key +host_authn() { + local host_name=$1; shift + local host_api_key=$1; shift + + urlify $host_name + local host_name_urlfmt=host%2F$URLIFIED # authn requires host/ prefix + + # Authenticate host w/ its name & API key to get session token + response=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --request POST \ + --data-binary $host_api_key \ + $CONJUR_APPLIANCE_URL/authn/users/{$host_name_urlfmt}/authenticate) + CONJUR_AUTHN_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') +} + +# URLIFY - converts '/' and ':' in input string to hex equivalents +# in: $1 - string to convert +# out: URLIFIED - converted string in global variable +urlify() { + local str=$1; shift + str=$(echo $str | sed 's= =%20=g') + str=$(echo $str | sed 's=/=%2F=g') + str=$(echo $str | sed 's=:=%3A=g') + URLIFIED=$str +} + +# LIST RESOURCES accessible to application +# in: host_name +list_resources() { + local host_name=$1; shift + local host_name_urlfmt + + curl -s \ + --cacert $CONJUR_CERT_FILE \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$CONJUR_AUTHN_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/authz/{$host_name}/resources/variable +} + +############### +# DEBUG OUT - prints values of environment variables used by summon-conjur +# +debug_out() { + printf "\n\nCONJUR_APPLIANCE_URL: %s\n" $CONJUR_APPLIANCE_URL + printf "CONJUR_CERT_FILE: %s\n" $CONJUR_CERT_FILE + printf "CONJUR_AUTHN_LOGIN: %s\n" $CONJUR_AUTHN_LOGIN + printf "CONJUR_AUTHN_API_KEY: %s\n" $CONJUR_AUTHN_API_KEY + printf "CONJUR_AUTHN_TOKEN: %s\n" $CONJUR_AUTHN_TOKEN +} + +################ MAIN ################ +# $1 - name of input file containing three lines for HF token, host name and name of variable to read + +main() { + if [[ $# -ne 1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 + fi + local input_file=$1 + + local hf_token host_name var_id + + local i=1 + while read line + do + case $i in + 1) + hf_token=$line + ;; + 2) + host_name=$line + ;; + 3) + var_id=$line + esac + (( i++ )) + done < "$input_file" + + printf "\n\nIn worker process, using:\n\tHF token: %s\n\tto get API key for app: %s\n\tto fetch value of variable: %s\n" $hf_token $host_name $var_id + read -n 1 -s -p "Press any key to continue" + + export CONJUR_AUTHN_LOGIN=$host_name + + hf_register_host $hf_token $host_name # NOTE NOT URL FORMAT - sets CONJUR_AUTHN_API_KEY value + + if [[ "$CONJUR_AUTHN_API_KEY" == "" ]]; then + printf "\n\nHost factory token has expired. Please regenerate...\n\n" + exit 1 + fi + + printf "\n\nAPI key for %s is: %s \n\n" $host_name $CONJUR_AUTHN_API_KEY + read -n 1 -s -p "Press any key to continue" + + host_authn $host_name $CONJUR_AUTHN_API_KEY # sets CONJUR_AUTHN_TOKEN value + +# list_resources $host_name + + unset CONJUR_AUTHN_TOKEN # work around a summon-conjur bug + debug_out + SECRET_VALUE=$(summon-conjur $var_id) # call summon-conjur using host identity + urlify "$SECRET_VALUE" + SECRET_VALUE=$URLIFIED + + echo + echo + echo "Value for" $var_id "is:" $SECRET_VALUE + echo + read -n 1 -s -p "Press any key to continue" + + TEMPLATE=tomcat.xml.erb + printf -v SED_STRING "s=@database_password=%s=g" $SECRET_VALUE + OUTPUT=$(cat $TEMPLATE) + OUTPUT1=$(sed $SED_STRING <<< "$OUTPUT") + echo "$OUTPUT1" > temp.out + + echo + echo + echo "Contents of processed template:" + cat $"temp.out" + echo +} + +main "$@" +exit diff --git a/simple_hf_example/3_cleanup.sh b/simple_hf_example/3_cleanup.sh new file mode 100755 index 0000000..0517340 --- /dev/null +++ b/simple_hf_example/3_cleanup.sh @@ -0,0 +1,107 @@ +#!/bin/bash + +# get pointers to Conjur api and SSL certificate +source EDIT.ME +if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then + printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" + exit 1 +fi + +### HARD CODED VALUES ### +declare HOST_FACTORY_NAME=webapp1/tomcat_factory +###### + +# global variables +declare ADMIN_SESSION_TOKEN +declare URLIFIED + +declare DEBUG_BREAKPT="" +#declare DEBUG_BREAKPT="read -n 1 -s -p 'Press any key to continue'" + +################## +# USER AUTHN - get admin session token based on user name and password +# - no arguments +user_authn() { + printf "\nEnter admin user name: " + read admin_name + printf "Enter the admin password (it will not be echoed): " + read -s admin_pwd + + # Login user, authenticate and get API key for session + local access_token=$(curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --user $admin_name:$admin_pwd \ + $CONJUR_APPLIANCE_URL/authn/users/login) + + local response=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --data $access_token \ + $CONJUR_APPLIANCE_URL/authn/users/$admin_name/authenticate) + ADMIN_SESSION_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') + +} + +################ +# LIST ALL HF TOKENS - list all tokens for a host factory +# in: host factory id +# out: TOKENS array (global) +hf_tokens_get() { + local hf_id=$1; shift + + HF_TOKENS=$( curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --header "Content-Type: application/json" \ + --header "Authorization: Token token=\"$ADMIN_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/host_factories/{$hf_id} \ + | jq -r ' .tokens ' ) +} + + +################ +# HOST FACTORY TOKEN REVOKE (delete) the host factory token +hf_token_revoke() { + local hf_token=$1; shift + curl \ + -s \ + --cacert $CONJUR_CERT_FILE \ + --request DELETE \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$ADMIN_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/host_factories/tokens/$hf_token +} + +# URLIFY - converts '/' and ':' in input string to hex equivalents +# in: $1 - string to convert +# out: URLIFIED - converted string in global variable +urlify() { + local str=$1; shift + str=$(echo $str | sed 's= =%20=g') + str=$(echo $str | sed 's=/=%2F=g') + str=$(echo $str | sed 's=:=%3A=g') + URLIFIED=$str +} + +################ MAIN ################ +# + +main() { + user_authn + + urlify $HOST_FACTORY_NAME + HOST_FACTORY_NAME=$URLIFIED + + hf_tokens_get $HOST_FACTORY_NAME # sets HF_TOKENS + printf "\nHost factory %s:\n" $HOST_FACTORY_NAME + echo $HF_TOKENS | jq -r '.[]' + TOKENS=$(echo $HF_TOKENS | jq -r ' .[] | .token') + + for tkn in $TOKENS; do + printf "Revoking token: %s\n" $tkn + # hf_token_revoke $tkn + done + +} + +main "$@" diff --git a/simple_hf_example/EDIT.ME b/simple_hf_example/EDIT.ME new file mode 100644 index 0000000..f55032b --- /dev/null +++ b/simple_hf_example/EDIT.ME @@ -0,0 +1,13 @@ +# These values are used by all REST API calls +# Note: if you've initialized the Conjur CLI, both of these values can be found in your ~/.conjurrc file + +# set this to point to your Conjur master URL +export CONJUR_APPLIANCE_URL=https://localhost/api +export CONJUR_CERT_FILE=~/conjur-dev.pem + +# if you have not installed the Conjur CLI, you can generate a certificate +# using evoke from within the conjur master container, then copy it into the current +# directory with these commands: +# docker exec evoke ca issue conjur-ACCT.pem +# docker cp :/opt/conjur/etc/ssl/conjur-ACCT.pem . +# where ACCT is the account name you used when initializing the conjur master (e.g. dev) diff --git a/simple_hf_example/get_ip_addrs.sh b/simple_hf_example/get_ip_addrs.sh new file mode 100755 index 0000000..d142474 --- /dev/null +++ b/simple_hf_example/get_ip_addrs.sh @@ -0,0 +1 @@ +ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' diff --git a/simple_hf_example/policy.yml b/simple_hf_example/policy.yml new file mode 100644 index 0000000..8de904f --- /dev/null +++ b/simple_hf_example/policy.yml @@ -0,0 +1,26 @@ +--- +- !group devops +- !user bob + +- !grant + role: !group devops + member: !user bob + +- !policy + id: webapp1 + owner: !group devops + body: + - &variables + - !variable database_password + - !variable api_key + + - !layer &tomcat_hosts tomcat_hosts + - !host-factory + id: tomcat_factory + layers: [ *tomcat_hosts ] + + - !permit + role: *tomcat_hosts + privileges: [ read, execute ] + resource: *variables + diff --git a/simple_hf_example/setup_summon.sh b/simple_hf_example/setup_summon.sh new file mode 100755 index 0000000..5da2f93 --- /dev/null +++ b/simple_hf_example/setup_summon.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# write IP address of conjur master to host file, install jq and summon-conjur +sudo chmod a+w /etc/hosts +sudo echo $(netstat -rn | awk '/^0.0.0.0/ {print $2}') "conjur" >> /etc/hosts +sudo apt-get install jq +curl -LO https://github.com/conjurinc/summon-conjur/releases/download/v0.2.0/summon-conjur_v0.2.0_linux-amd64.tar.gz +tar xvf summon-conjur_v0.2.0_linux-amd64.tar.gz +sudo mv summon-conjur /usr/local/bin diff --git a/simple_hf_example/tomcat.xml.erb b/simple_hf_example/tomcat.xml.erb new file mode 100644 index 0000000..ad50dfb --- /dev/null +++ b/simple_hf_example/tomcat.xml.erb @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file From d29e9ec0b71729ea3fd4430d01a02dd6bdc9e367 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Tue, 14 Nov 2017 15:11:12 -0600 Subject: [PATCH 08/68] updated README --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2f3aa40..aea38eb 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,6 @@ # cdemo - a tour of Conjur using containers -Goal: A self-contained implementation of a simple Conjur application for demonstration in docker-compose and serve as a reference model for best practices. - -NOTE: This demo uses a single identity for all instances of the application. This is best practice as it is scalable to potentially thousands of instances, whereas use of the Host Factory token does not. - -Scenario: Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. +This is self-contained implementation of a basic Conjur implementation to demonstrate all key capabilities and to serve as a foundation for POCs and implementations. Dependencies: - docker & docker-compose - can be installed w/ ./etc/install-dependencies.sh @@ -27,6 +23,8 @@ Demo root directory (.../cdemo): - apikey_rotator.sh - rotates the API key once. Basic demo scenario: + Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. + - run 0-startup-conjur.sh. REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY. When complete demo environment is ready. - run 1-setup_containers.sh w/ 2 args - REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY: - number of containers to create From 5272d0fc8c49782cd0da03b483b585260f35b366 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Tue, 14 Nov 2017 15:40:53 -0600 Subject: [PATCH 09/68] uncomment conjur startup - doh --- 0-startup-conjur.sh | 4 ++-- README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index e8713d1..c04e8ba 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -6,9 +6,9 @@ CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 main() { -# all_down # bring down anything still running + all_down # bring down anything still running -# conjur_up + conjur_up cli_up docker-compose up -d scope # weave scope diff --git a/README.md b/README.md index aea38eb..72e9d74 100644 --- a/README.md +++ b/README.md @@ -71,8 +71,8 @@ Build directories - all image builds are triggered via docker-compose.yml (i.e. - build/splunk - Dockerfile - builds a Splunk Enterprise container - build/vm: - - Dockerfile - builds a rack of "VM" containers for SSH key management demo - - configure-ssh.sh - script to startup services on rack VMs after configuration + - Dockerfile - builds a "rack VM" image for SSH key management demo + - configure-ssh.sh - script to startup services on rack VM after configuration - build/webapp: - Dockerfile - builds webapp image based on Alpine w/ bash and curl installed - webapp1.sh - script loaded into image as entry point when container is started. It is resilient to API key rotation. From 4fa97aadd591260484e98b1332005d4bdb923f97 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Thu, 16 Nov 2017 17:41:00 -0600 Subject: [PATCH 10/68] QA'd for CentOS 7 --- .env | 2 +- 0-startup-conjur.sh | 43 ++++++++++++++++------- 2-shutdown-containers.sh | 1 - docker-compose.yml | 8 ++--- etc/conjur-dev.pem | 70 ++++++++++++++++++------------------- etc/install-dependencies.sh | 67 +++++++++++++++++++++++++++-------- etc/template.identity | 4 --- ssh/0-setup-ssh.sh | 11 ++---- ssh/cdemo_vm_1.identity | 4 +++ ssh/cdemo_vm_2.identity | 4 +++ ssh/rack.yml | 2 +- ssh/ssh-mgmt.yml | 5 ++- users-policy.yml | 6 +++- webapp1-policy.yml | 6 ++-- 14 files changed, 147 insertions(+), 86 deletions(-) delete mode 100644 etc/template.identity create mode 100644 ssh/cdemo_vm_1.identity create mode 100644 ssh/cdemo_vm_2.identity diff --git a/.env b/.env index 8cbead3..3754f72 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ APP_HOSTNAME=webapp1%2Ftomcat_host VAR_ID=webapp1%2Fdatabase_password -SLEEP_TIME=30 +SLEEP_TIME=5 diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index c04e8ba..1af31c2 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,30 +1,44 @@ #!/bin/bash -e set -o pipefail +CONJUR_CONTAINER_TARFILE= + + CONJUR_MASTER_HOSTNAME=cyberark.local CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 main() { + + echo "Bringing down all running containers and restarting - proceed?" + select yn in "Yes" "No"; do + case $yn in + Yes ) break;; + No ) exit;; + esac + done + all_down # bring down anything still running conjur_up cli_up docker-compose up -d scope # weave scope - docker-compose build ldap # trigger image pull - docker-compose build splunk # trigger image pull + docker-compose build ldap + docker-compose build splunk + docker-compose build vm + docker-compose build webapp # initialize "scalability" demo docker-compose exec cli "/src/etc/_demo-init.sh" - clear echo echo "Demo environment ready!" echo "The Conjur service is running as hostname: $CONJUR_HOSTNAME" echo } +############################ all_down() { echo "-----" echo "Bringng down all running services & deleting dangling volumes" @@ -35,8 +49,20 @@ all_down() { fi } +############################ conjur_up() { echo "-----" + if [[ "$CONJUR_CONTAINER_TARFILE" == "" ]]; then + printf "\n\nEdit this script to set CONJUR_CONTAINER_TARFILE to the location of the Conjur appliance tarfile to load.\n\n" + exit -1 + fi + + if [[ "$(docker images --format {{.Repository}} | grep conjur-appliance)" == "" ]]; then + echo "Loading image from tarfile..." + LOAD_MSG=$(docker load -q -i $CONJUR_CONTAINER_TARFILE) + IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message + sudo docker tag $IMAGE_ID conjur-appliance:latest + fi echo "Bringing up Conjur" docker-compose up -d conjur @@ -59,6 +85,7 @@ conjur_up() { sudo mv /tmp/foo /etc/hosts } +############################ cli_up() { echo "-----" echo "Bring up CLI client" @@ -74,16 +101,6 @@ cli_up() { docker-compose exec cli conjur bootstrap -q } -updatehostsfile() { - local containername="$1" - local tmpfile=/tmp/${1}.tmp - - conthostname=$(docker inspect --format '{{ .Config.Hostname }}' $containername) - echo "---- Update hosts file for $conthostname" - grep -v $conthostname /etc/hosts > $tmpfile - echo -e 127.0.0.1 '\t' $conthostname >> $tmpfile - sudo mv $tmpfile /etc/hosts -} main "$@" diff --git a/2-shutdown-containers.sh b/2-shutdown-containers.sh index 8a3440f..7570c44 100755 --- a/2-shutdown-containers.sh +++ b/2-shutdown-containers.sh @@ -2,6 +2,5 @@ docker-compose rm -svf webapp docker-compose rm -svf ldap docker-compose rm -svf vm -docker-compose rm -svf splunk docker volume rm $(docker volume ls -qf dangling=true) diff --git a/docker-compose.yml b/docker-compose.yml index 9ee5328..5d5bb5f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,12 +7,12 @@ services: # package installation on the host machine. This makes managing multi-version Conjur # environments easier. conjur: - image: registry2.itci.conjur.net/conjur-appliance:4.10.0.0 + image: conjur-appliance:latest hostname: conjur volumes: - ./:/src:z - - ./log:/var/log/conjur # exported conjur audit log - - ./log:/var/log/nginx # exported nginx audit log + - ~/log:/var/log/conjur # exported conjur audit log + - ~/log:/var/log/nginx # exported nginx audit log security_opt: - seccomp:unconfined ports: @@ -93,7 +93,7 @@ services: SPLUNK_ENABLE_LISTEN: 9997 SPLUNK_ADD: tcp 1514 volumes: - - .:/src + - ~/log:/log - opt-splunk-etc:/opt/splunk/etc - opt-splunk-var:/opt/splunk/var ports: diff --git a/etc/conjur-dev.pem b/etc/conjur-dev.pem index c3fe8bb..87c056b 100644 --- a/etc/conjur-dev.pem +++ b/etc/conjur-dev.pem @@ -1,41 +1,41 @@ -----BEGIN CERTIFICATE----- -MIIDQjCCAiqgAwIBAgIVAMS3suHgS1mxJv8HM75NTsygTEAfMA0GCSqGSIb3DQEB -CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD -Ew5jeWJlcmFyay5sb2NhbDAeFw0xNzExMTQxODUxMjhaFw0yNzExMTIxODUxMjha -MBkxFzAVBgNVBAMMDmN5YmVyYXJrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEArZxwZ/4SG2EHZ6+9Ge/ghqhfUIK/kdXel4dc9+CX2MTstm0i -XU1kNNLhgoHpjctS3gosXA2TlXOUF/Z7F7EBbNUR8+oIKH8W9KxsHlYvM6pOI84u -VpkH2yi6h5ohtJsRo+xlTI5YaiMYbaVGj79ITsZsnPDCilSdmOcAmjuktiRKujIr -LqrKk9PmL6BllKxdLBH40kTfgiIKb78AK6vQ0Dy+x5BS7S2fRljr9PP3mHp8ZK+s -aaCLN+IrGlvf1jZB9sCyq2ZZjEcC8RMVd8lEgYY5ohkgxlA/vOVF6AQ/XegMpGsU -DktjJGENnHjRVd7QllisbuLPgHWVmCAhaaVn4wIDAQABo18wXTAOBgNVHQ8BAf8E -BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC -DmN5YmVyYXJrLmxvY2Fsgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF -AAOCAQEAaIrI33jnWNXWGt/DG7GqoP64SUatXPk3WduswS8xXBo8Ou2gZWGlJ+ws -okw8ZD2VS1hTar9X9P3WVGqlLcI1LKjf49d3JF7Iq6Hy0fJkorcSpcE0ULCKJQIo -ZGdguqM6FggXqO6BuWctCBziO6yFiGrkEoib9VQYRrlFItSge+HX8r7U+uFBQxwO -lTxtOPVP9xsekS/V+23BUZehXfgifLfhuN11BIgJUPdQLWQH48PvPT7sL3xdF0jw -7U8hLYFSdRklEoD4eXP7tnMDb79d9C8pfi/2xRUKpuQKn9OfAWM8h2rK8fXR4FTS -wPjOaNz9DJLMFq0v1LmL33cMW9wJ9Q== +MIIDQTCCAimgAwIBAgIUZHszV4hnY7zHDCnsW6m08HFHp2QwDQYJKoZIhvcNAQEL +BQAwOzEMMAoGA1UEChMDZGV2MRIwEAYDVQQLEwlDb25qdXIgQ0ExFzAVBgNVBAMT +DmN5YmVyYXJrLmxvY2FsMB4XDTE3MTExNjIyMjczMloXDTI3MTExNDIyMjczMlow +GTEXMBUGA1UEAwwOY3liZXJhcmsubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDCFB5Fviwa/a4IydlzaFoCOal5E6oEEGdOMMK6KjDOfGlXu7Z1 +qwHQlfnGYwxZjvMWcIlt1FU+xN1XAtoJnaHxijNdu2Q6LIzwQr3k9A0ArFCdjk4X +qNM2lhzDtV648IH+1l6vEbXTLgQHXNelqMIqtdE69MejA8lxiUwK1cWQoif6/C4S +l9JATXr/SZ7Z86iYvVKhW0cQBsh1v4UEt9Ub84tOwwWbey8OK6cmQzcPB0eBSjnh +Pg5SqdSqhtV/lclmgQCFB3XaqFApBq2S1l7w+/KYkiq/CqCEIIxJtVeK+sxVmbqB +GWHI4JPs6yI3VPt9IJZlF8Ox2Lb0plXRV4cnAgMBAAGjXzBdMA4GA1UdDwEB/wQE +AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwLAYDVR0RBCUwI4IO +Y3liZXJhcmsubG9jYWyCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUA +A4IBAQCWIwrglMXJj3XzBWdiz06s9jULsYmtlADQFXS59vnP+CjdCbK2l5eQ16ym +zFnbV/gToidPKpFQp44Gd5FbjcjgUJlRC7zjtTto/AMj0GOnJjB62delbUilVWgm +RJ4kJ8SbfccTga/Pe//LaqO1aLu5wD3USDihz+7V0ezINfePIjMdgJpmNp4K7Uf5 +svvF3OwbBylVR6s40MDEf6qOE/ZT3X7vQAYOv2QV0QqHhESIH0Gex07A6NzKvwoy +2Vx1iGPfS6ahNvFo2M/KTFLkBiW/PahQfnZTCw32r1sSTsrUPU7y25800OjVF9Hu +Wb2sunp8dVQhb/H+xu9gWQfCE4v4 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDhjCCAm6gAwIBAgIJAOOIVmibqhqRMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV +MIIDhjCCAm6gAwIBAgIJAJGXZqEDfy/WMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s -b2NhbDAeFw0xNzExMTQxODUxMjZaFw0yNzExMTIxODUxMjZaMDsxDDAKBgNVBAoT +b2NhbDAeFw0xNzExMTYyMjI3MzBaFw0yNzExMTQyMjI3MzBaMDsxDDAKBgNVBAoT A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh -bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIpUSe+z2u6jiM2B9gW -nqwQlm6+BSs1jFxIf1eMvd33Cw/D6zLA7Gg9eq5HpmOaPNUqCU12fKX83OTagzsy -4SZDo1y+aaQrhcCSNXbnpsvnGixXgUJgcb992j6R98K/zDzkKhxxqSP5brDjxJo+ -uY4yTn3TkDgOWLsN+eldxa/8EoRZ1RZ6zzEZCn2YXJcQ/KIwmxc+OLvXq68GJFEq -eqYNCIU1hsV7VRZcJX83i/NNOY8dmrA92mDCWFs8nwyvENOE0fvr+iLIsZDc5hQM -zaT0/lXYu+BcS7nkcdWka20hIO0V7qsjzsJhrGF7vkivLozwXPdkOWWLvGpHijxy -hesCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo -b3N0ggZjb25qdXIwHQYDVR0OBBYEFEj0YzE0HrIyYmIDwXxvqCLTYd2BMB8GA1Ud -IwQYMBaAFEj0YzE0HrIyYmIDwXxvqCLTYd2BMAwGA1UdEwQFMAMBAf8wCwYDVR0P -BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQAujOEpemuY6OYvR9E4gzsEhqhWlZL5 -LMWTCymbs4ZbF2XSV/J0VMBJNd0hRlpjlcsG/ctSuJ8O5v0jv/5Tl0A0QnNUnJa6 -aeJ4eTR1rhyLCgM8pPxWqb42qJ9a/jBh8Wqkl8AhP3ZTmDMGdVu6qu+uYFD6mFh2 -RY34Lak2IxQwp8ACOkwtLZXoJvCuD8O1swUnQCB5HegoXK8Y+rmoPr7DspaFWGY+ -kLR8onOO3fZDUGSV5gIxg16PY3u/UOkDUr1V3p5IaFTzgRywTRekqkf9fwNfpZ4h -C7rH+TuLqsQr7xfi3As7+aBVyjQsTahs9HQM0Y/Y49zANzhFWW9SiF+D +bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOuTSq2o1BRaUaH5WF4h +BRGuQJuoSc60+mJCxNkYI/P14N/1v+emnyQgn97KknBEIKCQwN7zyHQQuYbRyUkT +oIijjFMCDkJ9fJq3kBzUeQFnVrWHcMHQOIEKNk5JHahNbLXc4kDaEmSmB1zgp14w +NZj62k/X2ETqi0lT6vbEvUWvJJoOg6AUY2G7yPmC3QC9/o+RYur0scAlTCZCF3Mn +MF4rloQ4NQzDsbSDfNCROvv8whInqVQTVgYK1T9T1Ht15ASlzMl7JtXxVYHtjmbH +IZtC3NPI/Q3OvIPWwtFC0zHcEpgg5ItePLIaNqZj2ohykLfEXxzzhrtCQNqWer50 +b3cCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo +b3N0ggZjb25qdXIwHQYDVR0OBBYEFGQQ9maqVwrH8R/KC1crpbScJtwfMB8GA1Ud +IwQYMBaAFGQQ9maqVwrH8R/KC1crpbScJtwfMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCKJO6/97A3/lOqqgTqHPc8/Zxjb7Fu +BGe+TsTyB474DxQQhTLhKMwFucrO04eU4J782B0Pg+fgMKB1DEFsn3PmFdAmMi0K +yDnLnQnuznkyo9cQysb5O95N3SFe9oLH5Pvu+yM55EI9gNkypZZ2dIsM5BMUiYIA +jwlasDNoMl6ipHOy0Bh23Nqq/mW4Te8wduBVlEtAdpWwCM20nbKR0nl5WhzLnfMm +zZAoGZjGj9xoGbibb114Afh+wu7x0x6nZSdPB0mnMTtHwlAK7j65yLXHLf1KJCWn +WYifrE3kcllIHe1dj1Peq2fdTSjLzKg1xBSCSt64i9jj2Wx5aePrz9VB -----END CERTIFICATE----- diff --git a/etc/install-dependencies.sh b/etc/install-dependencies.sh index a8d119a..f939a0f 100755 --- a/etc/install-dependencies.sh +++ b/etc/install-dependencies.sh @@ -1,16 +1,55 @@ #!/bin/bash -e -# install docker ce -sudo yum install -y yum-utils \ - device-mapper-persistent-data \ - lvm2 -sudo yum-config-manager \ - --add-repo \ - https://download.docker.com/linux/centos/docker-ce.repo -sudo yum install docker-ce -sudo systemctl start docker - -# install docker-compose -sudo curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose -sudo chmod +x /usr/local/bin/docker-compose -docker-compose --version +main() { + install_docker + install_docker_compose + install_jq + install_conjur_cli + configure_env + echo "Logout and log back in to run docker commands w/o sudo..." +} + +install_docker() { + echo "Installing Docker..." + sudo yum install -y yum-utils \ + device-mapper-persistent-data \ + lvm2 + sudo yum-config-manager \ + --add-repo \ + https://download.docker.com/linux/centos/docker-ce.repo + sudo yum install -y docker-ce + # add user to docker group to run docker w/o sudo + sudo usermod -aG docker $USER + sudo systemctl start docker +} + +install_docker_compose() { + # install docker-compose + sudo curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose + sudo chmod +x /usr/local/bin/docker-compose + docker-compose --version +} + +install_jq() { + echo "Installing jq..." + curl -LO https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 + + chmod a+x jq-linux64 + sudo mv jq-linux64 /usr/local/bin/jq +} + +install_conjur_cli() { + curl -o conjur.rpm -L https://github.com/cyberark/conjur-cli/releases/download/v5.4.0/conjur-5.4.0-1.el6.x86_64.rpm \ + && sudo rpm -i conjur.rpm \ + && rm conjur.rpm +} + +configure_env() { + echo "Configuring environment..." + sudo chmod a+w /etc/bashrc + sudo echo PATH=\$PATH:/usr/local/bin >> /etc/bashrc + sudo chmod go-w /etc/bashrc + . ~/.bashrc +} + +main $@ diff --git a/etc/template.identity b/etc/template.identity deleted file mode 100644 index 5887149..0000000 --- a/etc/template.identity +++ /dev/null @@ -1,4 +0,0 @@ -machine https://conjur/api/authn - login host/{{NAME}} - password {{PWD}} - diff --git a/ssh/0-setup-ssh.sh b/ssh/0-setup-ssh.sh index 9a51ce1..c3b30ee 100755 --- a/ssh/0-setup-ssh.sh +++ b/ssh/0-setup-ssh.sh @@ -6,6 +6,7 @@ CONJUR_MASTER_URL=https://conjur/api RACK_SERVICE_NAME=vm RACK_POLICY_NAME=rack RACK_POLICY_FILE=$RACK_POLICY_NAME.yml +ACCESS_POLICY_FILE=ssh-mgmt.yml ################ MAIN ################ # $1 = number of rack machine containers to create @@ -17,6 +18,7 @@ main() { printf "\n-----\nBringing down old, then up all rack vm containers...\n" local NUM_CONTS=$1; shift + NUM_CONTS=$(( 2 > $NUM_CONTS ? 2 : $NUM_CONTS )) # you have to have at least two VMs docker-compose rm -svf $RACK_SERVICE_NAME docker-compose up -d --scale $RACK_SERVICE_NAME=$NUM_CONTS $RACK_SERVICE_NAME @@ -28,6 +30,7 @@ main() { done docker-compose exec -T cli conjur authn login -u admin -p Cyberark1 docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh/$RACK_POLICY_FILE + docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh/$ACCESS_POLICY_FILE printf "\n-----\nCreating host identity files and copying into containers...\n" @@ -39,14 +42,6 @@ main() { docker cp ../etc/conjur.conf $cname:/etc docker cp ../etc/conjur-dev.pem $cname:/etc - # replace hostname (container name) and api-key in template file - api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $cname) - cat ../etc/template.identity | sed s={{NAME}}=host/$cname= | sed s/{{PWD}}/$api_key/ > $cname.identity - - # copy host identity file to container - docker cp $cname.identity $cname:/etc/conjur.identity - rm $cname.identity - # run chef recipe to configure vm for ssh access docker exec \ -e CONJURRC=/etc/conjur.conf \ diff --git a/ssh/cdemo_vm_1.identity b/ssh/cdemo_vm_1.identity new file mode 100644 index 0000000..0689997 --- /dev/null +++ b/ssh/cdemo_vm_1.identity @@ -0,0 +1,4 @@ +machine https://conjur/api/authn + login host/host/cdemo_vm_1 + password 3x517553e280wz13g7w2m3gt9mw224rdy5y3rfshq122jz7gr2jdc0z + diff --git a/ssh/cdemo_vm_2.identity b/ssh/cdemo_vm_2.identity new file mode 100644 index 0000000..f037598 --- /dev/null +++ b/ssh/cdemo_vm_2.identity @@ -0,0 +1,4 @@ +machine https://conjur/api/authn + login host/host/cdemo_vm_2 + password 18p6seq166h29q3g0kpt532qey8h3jvn35562v1rf1xb9v6386j995 + diff --git a/ssh/rack.yml b/ssh/rack.yml index d6886ef..96bffeb 100644 --- a/ssh/rack.yml +++ b/ssh/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_1 - !host cdemo_vm_2 +- !host cdemo_vm_1 diff --git a/ssh/ssh-mgmt.yml b/ssh/ssh-mgmt.yml index 23bb259..cb4e45b 100644 --- a/ssh/ssh-mgmt.yml +++ b/ssh/ssh-mgmt.yml @@ -1,11 +1,13 @@ --- +# Default policy is that only DevOps has access to Prod servers + - !policy id: prod_vm_access body: - !permit roles: - !group /devops - - !group /developers +# - !group /developers privileges: [ read, execute ] resources: - !host /cdemo_vm_1 @@ -16,6 +18,7 @@ resources: - !host /cdemo_vm_1 +# DevOps and Developers have full access to Dev servers - !policy id: dev_vm_access body: diff --git a/users-policy.yml b/users-policy.yml index 5d5aca5..eebbd53 100644 --- a/users-policy.yml +++ b/users-policy.yml @@ -1,5 +1,9 @@ --- - !user bob +- !user carol +- !user ted +- !user alice + - !group devops - !group developers @@ -9,7 +13,7 @@ !user bob - !grant - role: !group devops + role: !group developers members: - !user carol - !user ted diff --git a/webapp1-policy.yml b/webapp1-policy.yml index a1adc94..59a930a 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -6,15 +6,15 @@ - &variables - !variable database_password + - !host &tomcat_host tomcat_host + - !layer &tomcat_hosts tomcat_hosts - - !deny + - !permit role: *tomcat_hosts privileges: [ read, execute ] resource: *variables - - !host &tomcat_host tomcat_host - - !grant role: *tomcat_hosts member: *tomcat_host From ac4e6428ce14170703645d117f5d0b73772abeec Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Thu, 16 Nov 2017 17:44:32 -0600 Subject: [PATCH 11/68] QA'd for CentOS --- ssh/0-setup-ssh.sh | 2 +- ssh/cdemo_vm_1.identity | 4 ---- ssh/cdemo_vm_2.identity | 4 ---- 3 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 ssh/cdemo_vm_1.identity delete mode 100644 ssh/cdemo_vm_2.identity diff --git a/ssh/0-setup-ssh.sh b/ssh/0-setup-ssh.sh index c3b30ee..f22babc 100755 --- a/ssh/0-setup-ssh.sh +++ b/ssh/0-setup-ssh.sh @@ -33,7 +33,7 @@ main() { docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh/$ACCESS_POLICY_FILE - printf "\n-----\nCreating host identity files and copying into containers...\n" + printf "\n-----\nConfiguring hosts for SSH & identities ...\n" CLI_CONT_ID=$(docker-compose ps -q cli) for cname in $rack_cont_names; do # note: conjur.conf and conjur-.pem are diff --git a/ssh/cdemo_vm_1.identity b/ssh/cdemo_vm_1.identity deleted file mode 100644 index 0689997..0000000 --- a/ssh/cdemo_vm_1.identity +++ /dev/null @@ -1,4 +0,0 @@ -machine https://conjur/api/authn - login host/host/cdemo_vm_1 - password 3x517553e280wz13g7w2m3gt9mw224rdy5y3rfshq122jz7gr2jdc0z - diff --git a/ssh/cdemo_vm_2.identity b/ssh/cdemo_vm_2.identity deleted file mode 100644 index f037598..0000000 --- a/ssh/cdemo_vm_2.identity +++ /dev/null @@ -1,4 +0,0 @@ -machine https://conjur/api/authn - login host/host/cdemo_vm_2 - password 18p6seq166h29q3g0kpt532qey8h3jvn35562v1rf1xb9v6386j995 - From 03c1586025e53a0dc667cf099d68274717142a1d Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 17 Nov 2017 13:29:32 -0600 Subject: [PATCH 12/68] minor README tweaks --- README.md | 6 +++--- simple_hf_example/get_ip_addrs.sh | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) delete mode 100755 simple_hf_example/get_ip_addrs.sh diff --git a/README.md b/README.md index 72e9d74..e51d6d2 100644 --- a/README.md +++ b/README.md @@ -26,10 +26,10 @@ Basic demo scenario: Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. - run 0-startup-conjur.sh. REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY. When complete demo environment is ready. - - run 1-setup_containers.sh w/ 2 args - REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY: + - run 1-setup_containers.sh w/ 2 args: - number of containers to create - number seconds for each container client to sleep betwixt secrets fetches -] - run watch_container_log.sh on one of the containers (containers named cont-1 to cont-n) + - run watch_container_log.sh on one of the containers (containers named cont-1 to cont-n) - OR run weave scope (https://www.weave.works/oss/scope/), click into a container and 'tail -f cc.log' - change secret in UI - watch it change in watched log - audit_policy to show how we can see if current state is compliant with policy doc, change "permit" to "deny" for tomcat_hosts permissions, re-run audit_policy to show how to detect non-compliance @@ -60,7 +60,7 @@ Basic demo scenario: ./etc directory: - _conjur_init.sh - Conjur initialization script run from CLI container. - _demo_init.sh - demo initialization script run from CLI container. - - conjur*, template.identity - configuration files for client connections + - conjur.conf, conjur-xxx.pem - configuration files for conjurization - install-dependencies.sh - installs docker and docker-compose Build directories - all image builds are triggered via docker-compose.yml (i.e. no build scripts): diff --git a/simple_hf_example/get_ip_addrs.sh b/simple_hf_example/get_ip_addrs.sh deleted file mode 100755 index d142474..0000000 --- a/simple_hf_example/get_ip_addrs.sh +++ /dev/null @@ -1 +0,0 @@ -ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' From 36ff04be100337e271d260d225878ab89ad1d341 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 19 Nov 2017 19:50:56 -0600 Subject: [PATCH 13/68] added cluster subdir & script --- 0-startup-conjur.sh | 4 +- build/conjurcli/.Dockerfile.swp | Bin 0 -> 12288 bytes cluster/0-setup-cluster.sh | 31 +++++++++++++ docker-compose.yml | 18 ++++++++ etc/conjur-dev.pem | 74 ++++++++++++++++---------------- 5 files changed, 88 insertions(+), 39 deletions(-) create mode 100644 build/conjurcli/.Dockerfile.swp create mode 100755 cluster/0-setup-cluster.sh diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 1af31c2..c5c4d31 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,10 +1,10 @@ #!/bin/bash -e set -o pipefail -CONJUR_CONTAINER_TARFILE= +CONJUR_CONTAINER_TARFILE="" -CONJUR_MASTER_HOSTNAME=cyberark.local +CONJUR_MASTER_HOSTNAME=cdemo_conjur_1 CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 diff --git a/build/conjurcli/.Dockerfile.swp b/build/conjurcli/.Dockerfile.swp new file mode 100644 index 0000000000000000000000000000000000000000..bf32ee46055da9f9492b7640fe8d36f9759e6df1 GIT binary patch literal 12288 zcmeI&&rTFE7y$6%9X0v_pP0ab%#_t-F-u~ihzW*e$p(l7(R4dyr%Pu#w4MEv80A5P zL|?%-@D)6A-xFrobe5{HQWlbb2`T0Pf%0yk>uFjshrv0w{n2D1ZVe zfC4CRlLcHhK|cBg+!`%na#T)SC`YeYpa2S>01BW03ZMWApa2S>01BW03fw>e77^0& zhyE|c!QcP?KR*BeyhF&AkEcFneVp7THrHU7ClCxlrq(f~;OwS!FdtUKxu6mXRSO4CYVT^*&}0cI zI`lijLF`;+>y&n+i}QBKbwc^DEetdJqs!JoaogGmC72bKM!KIW%_7<>M;^DiBF*yJ zMr(V$xw5taJ5w~bhT67FsZ6Dt+9g}f)y>8-?7->aCu)b5?pew^M(5e-;SubXlN3DG zFk`fK^`+6gDl_mNc$_h7`^CxBFD2 /tmp/$CONJUR_ROLE-seed.tar" + docker cp $CONJUR_MASTER_CNAME:/tmp/$CONJUR_ROLE-seed.tar /tmp/ + CONTAINER_ID=cdemo_${CONJUR_ROLE}_1 + docker cp /tmp/$CONJUR_ROLE-seed.tar $CONTAINER_ID:/tmp/seed + rm /tmp/$CONJUR_ROLE-seed.tar + MASTER_IP_ARG="" + if [[ $CONJUR_ROLE == "standby" ]]; then + MASTER_IP_ARG="-i $(docker inspect cdemo_conjur_1 | jq -r .[].NetworkSettings.Networks.cdemo_default.IPAddress)" + fi + docker-compose exec $CONJUR_ROLE bash -c "evoke unpack seed /tmp/seed && evoke configure $CONJUR_ROLE $MASTER_IP_ARG" +} + +main "$@" diff --git a/docker-compose.yml b/docker-compose.yml index 5d5bb5f..4742849 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,6 +20,24 @@ services: - 636:636 restart: always + standby: + image: conjur-appliance:latest + hostname: conjur + volumes: + - ./:/src:z + security_opt: + - seccomp:unconfined + restart: always + + follower: + image: conjur-appliance:latest + hostname: conjur + volumes: + - ./:/src:z + security_opt: + - seccomp:unconfined + restart: always + cli: environment: CONJUR_ACCOUNT: dev diff --git a/etc/conjur-dev.pem b/etc/conjur-dev.pem index 87c056b..8631ddc 100644 --- a/etc/conjur-dev.pem +++ b/etc/conjur-dev.pem @@ -1,41 +1,41 @@ -----BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIUZHszV4hnY7zHDCnsW6m08HFHp2QwDQYJKoZIhvcNAQEL -BQAwOzEMMAoGA1UEChMDZGV2MRIwEAYDVQQLEwlDb25qdXIgQ0ExFzAVBgNVBAMT -DmN5YmVyYXJrLmxvY2FsMB4XDTE3MTExNjIyMjczMloXDTI3MTExNDIyMjczMlow -GTEXMBUGA1UEAwwOY3liZXJhcmsubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDCFB5Fviwa/a4IydlzaFoCOal5E6oEEGdOMMK6KjDOfGlXu7Z1 -qwHQlfnGYwxZjvMWcIlt1FU+xN1XAtoJnaHxijNdu2Q6LIzwQr3k9A0ArFCdjk4X -qNM2lhzDtV648IH+1l6vEbXTLgQHXNelqMIqtdE69MejA8lxiUwK1cWQoif6/C4S -l9JATXr/SZ7Z86iYvVKhW0cQBsh1v4UEt9Ub84tOwwWbey8OK6cmQzcPB0eBSjnh -Pg5SqdSqhtV/lclmgQCFB3XaqFApBq2S1l7w+/KYkiq/CqCEIIxJtVeK+sxVmbqB -GWHI4JPs6yI3VPt9IJZlF8Ox2Lb0plXRV4cnAgMBAAGjXzBdMA4GA1UdDwEB/wQE -AwIFoDAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwLAYDVR0RBCUwI4IO -Y3liZXJhcmsubG9jYWyCCWxvY2FsaG9zdIIGY29uanVyMA0GCSqGSIb3DQEBCwUA -A4IBAQCWIwrglMXJj3XzBWdiz06s9jULsYmtlADQFXS59vnP+CjdCbK2l5eQ16ym -zFnbV/gToidPKpFQp44Gd5FbjcjgUJlRC7zjtTto/AMj0GOnJjB62delbUilVWgm -RJ4kJ8SbfccTga/Pe//LaqO1aLu5wD3USDihz+7V0ezINfePIjMdgJpmNp4K7Uf5 -svvF3OwbBylVR6s40MDEf6qOE/ZT3X7vQAYOv2QV0QqHhESIH0Gex07A6NzKvwoy -2Vx1iGPfS6ahNvFo2M/KTFLkBiW/PahQfnZTCw32r1sSTsrUPU7y25800OjVF9Hu -Wb2sunp8dVQhb/H+xu9gWQfCE4v4 +MIIDQjCCAiqgAwIBAgIVAMRM9lIzuqG4qqgzFDQx+U3xPdXEMA0GCSqGSIb3DQEB +CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD +FA5jZGVtb19jb25qdXJfMTAeFw0xNzExMTkyMzQ5MzNaFw0yNzExMTcyMzQ5MzNa +MBkxFzAVBgNVBAMMDmNkZW1vX2Nvbmp1cl8xMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA3k4QstugbkULtAQQ1YKQPAf42YYFv7QCesOANnYuMkPwR9qm +KywoegqZ9ni0FJXIyaLwiBQsCb8EK/aGoZTGYqdtL1is5IHiEBBGIIjgrow1fvEq ++NO8LuNbtYZSc1VuEUB262+sFCfdZDqIFqdstoT+u/B2gnv04nhEE0ewd/XzJdgv +aoZWF/W0pWGdFuf9XnzozTgbDJkl7wzd3Oe5rmebWBLeqZBYb1MfmwSP0mJLJ5e/ +1rnKBUOVdhIbqsdp7f7SLTFMkBA9qy4OcFOrd8JBfhYi70DOoc58tEORYTcTTSId +hMr+bIBRUzgrdO/5DVBJ5EKxM+9PwHXOo5gDHwIDAQABo18wXTAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC +DmNkZW1vX2Nvbmp1cl8xgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF +AAOCAQEAkrmudHRfiN8ziWZd3ppjMlTptywz9bjK7314xRsWPiQfyWPSGAt6jwRF +gudcazPXjDVlPU/WO+U7NZaAd9aypsf8WfTq/5agwQpKuf2o18ZhtBdJLk+Xmffk +gLQjIY/hxZp7N6iTM5RQ7shpOe1+8HCLm/TUGg67O5jyN9KM1uWlqGOrsy3Lme4Q +o4igJRR5kr6CNA+cagiT588817ag/XM3W1tIkqhJn2b8IXDnguLHp3Tg6LyleSlC +sLI26e166zF/MIz8PDa3ir6YIABi7E2hZKs22mXw1NS1K/2HCWVufgTm3BjReHFo +PfSKgUbxuk6xyRB+Jq4ZxkuyLCYnQw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDhjCCAm6gAwIBAgIJAJGXZqEDfy/WMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV -BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5s -b2NhbDAeFw0xNzExMTYyMjI3MzBaFw0yNzExMTQyMjI3MzBaMDsxDDAKBgNVBAoT -A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDEw5jeWJlcmFyay5sb2Nh -bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOuTSq2o1BRaUaH5WF4h -BRGuQJuoSc60+mJCxNkYI/P14N/1v+emnyQgn97KknBEIKCQwN7zyHQQuYbRyUkT -oIijjFMCDkJ9fJq3kBzUeQFnVrWHcMHQOIEKNk5JHahNbLXc4kDaEmSmB1zgp14w -NZj62k/X2ETqi0lT6vbEvUWvJJoOg6AUY2G7yPmC3QC9/o+RYur0scAlTCZCF3Mn -MF4rloQ4NQzDsbSDfNCROvv8whInqVQTVgYK1T9T1Ht15ASlzMl7JtXxVYHtjmbH -IZtC3NPI/Q3OvIPWwtFC0zHcEpgg5ItePLIaNqZj2ohykLfEXxzzhrtCQNqWer50 -b3cCAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jeWJlcmFyay5sb2NhbIIJbG9jYWxo -b3N0ggZjb25qdXIwHQYDVR0OBBYEFGQQ9maqVwrH8R/KC1crpbScJtwfMB8GA1Ud -IwQYMBaAFGQQ9maqVwrH8R/KC1crpbScJtwfMAwGA1UdEwQFMAMBAf8wCwYDVR0P -BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCKJO6/97A3/lOqqgTqHPc8/Zxjb7Fu -BGe+TsTyB474DxQQhTLhKMwFucrO04eU4J782B0Pg+fgMKB1DEFsn3PmFdAmMi0K -yDnLnQnuznkyo9cQysb5O95N3SFe9oLH5Pvu+yM55EI9gNkypZZ2dIsM5BMUiYIA -jwlasDNoMl6ipHOy0Bh23Nqq/mW4Te8wduBVlEtAdpWwCM20nbKR0nl5WhzLnfMm -zZAoGZjGj9xoGbibb114Afh+wu7x0x6nZSdPB0mnMTtHwlAK7j65yLXHLf1KJCWn -WYifrE3kcllIHe1dj1Peq2fdTSjLzKg1xBSCSt64i9jj2Wx5aePrz9VB +MIIDhjCCAm6gAwIBAgIJAPIfMdU3LcSYMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV +BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDFA5jZGVtb19jb25q +dXJfMTAeFw0xNzExMTkyMzQ5MzFaFw0yNzExMTcyMzQ5MzFaMDsxDDAKBgNVBAoT +A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDFA5jZGVtb19jb25qdXJf +MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKB/n5mnaEU0O/I8Vs +n0ANkXx4Oac9/1OZ1k/d65g3/ieYyE7v5CjgCf5wGRbvRzgjSloIdHIBSJ+BJQxx +W58E2Deu4bzhGsF2iVv5lJtjcooz/UNHPBXLJL//gBvdnkOVn+aOsHnE4pSUa3XD +dQoQ9duKEwRZ89cqjocvsJi9oAOKK8J4X4NURL7+8NME7YCengQOh+W/E6LPE3SD +aguJ12tQveO/u/AatHNEi1Iu9q/xmSC97kGR6XtxVPvCazzhUV1WxoHRLe9wMQvv +oCgvMuvkpFTTwJdiVMdSqBjhIQQRb7yYJxbGZBAr3b7UywqAozCxAHobjNI7jDMZ +3m8CAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jZGVtb19jb25qdXJfMYIJbG9jYWxo +b3N0ggZjb25qdXIwHQYDVR0OBBYEFAwpYVEDcfOHy1Zl7ZhWAtV6lwOCMB8GA1Ud +IwQYMBaAFAwpYVEDcfOHy1Zl7ZhWAtV6lwOCMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCSi3VRdEj6ygxjET5LuFo1+1bWtLl5 +s1hH7Cg5Xnb3bz87ntzhvh813wN1aBs7P73jEgJR4WFJ1012M2QAPgfCqitWHV1J +FwmRqT1vARqzS+CDKuC00OjFQmuq63BUeIjq81HcqPqHNt2PwBXj2fcSbjGggJtM +cE71ds0bs5JFwqoU8dvCMslxwoLmBekSl9McLyYHqoXZqQrF0+Z4lDVtJjiXND7t +INZo1zGJ+OewSm0FaMbExx1kMHtk/cQOdONbTpSifyHNKzEORtp8YoXp9WL/zSlK +9nnikAasTLdYNepVxkPCnrsjDdxdYz+0x4Z2Zkq7Of51a3sOPuDV+KXE -----END CERTIFICATE----- From 08fc5546b6714591f58ba70b7096ceafec788410 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 19 Nov 2017 19:51:59 -0600 Subject: [PATCH 14/68] added cluster subdir & script --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index d89190b..f0e4144 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +etc/conjur* log/* ldap/ldap-sync.yml ssh/id* From 5d8d298178eabafd89f753c2e6ec62e49da9fd46 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 19 Nov 2017 19:54:34 -0600 Subject: [PATCH 15/68] remove etc/conjur* --- .gitignore | 1 - etc/conjur-dev.pem | 41 ----------------------------------------- etc/conjur.conf | 5 ----- 3 files changed, 47 deletions(-) delete mode 100644 etc/conjur-dev.pem delete mode 100644 etc/conjur.conf diff --git a/.gitignore b/.gitignore index f0e4144..d89190b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -etc/conjur* log/* ldap/ldap-sync.yml ssh/id* diff --git a/etc/conjur-dev.pem b/etc/conjur-dev.pem deleted file mode 100644 index 8631ddc..0000000 --- a/etc/conjur-dev.pem +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDQjCCAiqgAwIBAgIVAMRM9lIzuqG4qqgzFDQx+U3xPdXEMA0GCSqGSIb3DQEB -CwUAMDsxDDAKBgNVBAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQD -FA5jZGVtb19jb25qdXJfMTAeFw0xNzExMTkyMzQ5MzNaFw0yNzExMTcyMzQ5MzNa -MBkxFzAVBgNVBAMMDmNkZW1vX2Nvbmp1cl8xMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA3k4QstugbkULtAQQ1YKQPAf42YYFv7QCesOANnYuMkPwR9qm -KywoegqZ9ni0FJXIyaLwiBQsCb8EK/aGoZTGYqdtL1is5IHiEBBGIIjgrow1fvEq -+NO8LuNbtYZSc1VuEUB262+sFCfdZDqIFqdstoT+u/B2gnv04nhEE0ewd/XzJdgv -aoZWF/W0pWGdFuf9XnzozTgbDJkl7wzd3Oe5rmebWBLeqZBYb1MfmwSP0mJLJ5e/ -1rnKBUOVdhIbqsdp7f7SLTFMkBA9qy4OcFOrd8JBfhYi70DOoc58tEORYTcTTSId -hMr+bIBRUzgrdO/5DVBJ5EKxM+9PwHXOo5gDHwIDAQABo18wXTAOBgNVHQ8BAf8E -BAMCBaAwHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv2AcJMCwGA1UdEQQlMCOC -DmNkZW1vX2Nvbmp1cl8xgglsb2NhbGhvc3SCBmNvbmp1cjANBgkqhkiG9w0BAQsF -AAOCAQEAkrmudHRfiN8ziWZd3ppjMlTptywz9bjK7314xRsWPiQfyWPSGAt6jwRF -gudcazPXjDVlPU/WO+U7NZaAd9aypsf8WfTq/5agwQpKuf2o18ZhtBdJLk+Xmffk -gLQjIY/hxZp7N6iTM5RQ7shpOe1+8HCLm/TUGg67O5jyN9KM1uWlqGOrsy3Lme4Q -o4igJRR5kr6CNA+cagiT588817ag/XM3W1tIkqhJn2b8IXDnguLHp3Tg6LyleSlC -sLI26e166zF/MIz8PDa3ir6YIABi7E2hZKs22mXw1NS1K/2HCWVufgTm3BjReHFo -PfSKgUbxuk6xyRB+Jq4ZxkuyLCYnQw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhjCCAm6gAwIBAgIJAPIfMdU3LcSYMA0GCSqGSIb3DQEBCwUAMDsxDDAKBgNV -BAoTA2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDFA5jZGVtb19jb25q -dXJfMTAeFw0xNzExMTkyMzQ5MzFaFw0yNzExMTcyMzQ5MzFaMDsxDDAKBgNVBAoT -A2RldjESMBAGA1UECxMJQ29uanVyIENBMRcwFQYDVQQDFA5jZGVtb19jb25qdXJf -MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyKB/n5mnaEU0O/I8Vs -n0ANkXx4Oac9/1OZ1k/d65g3/ieYyE7v5CjgCf5wGRbvRzgjSloIdHIBSJ+BJQxx -W58E2Deu4bzhGsF2iVv5lJtjcooz/UNHPBXLJL//gBvdnkOVn+aOsHnE4pSUa3XD -dQoQ9duKEwRZ89cqjocvsJi9oAOKK8J4X4NURL7+8NME7YCengQOh+W/E6LPE3SD -aguJ12tQveO/u/AatHNEi1Iu9q/xmSC97kGR6XtxVPvCazzhUV1WxoHRLe9wMQvv -oCgvMuvkpFTTwJdiVMdSqBjhIQQRb7yYJxbGZBAr3b7UywqAozCxAHobjNI7jDMZ -3m8CAwEAAaOBjDCBiTAsBgNVHREEJTAjgg5jZGVtb19jb25qdXJfMYIJbG9jYWxo -b3N0ggZjb25qdXIwHQYDVR0OBBYEFAwpYVEDcfOHy1Zl7ZhWAtV6lwOCMB8GA1Ud -IwQYMBaAFAwpYVEDcfOHy1Zl7ZhWAtV6lwOCMAwGA1UdEwQFMAMBAf8wCwYDVR0P -BAQDAgHmMA0GCSqGSIb3DQEBCwUAA4IBAQCSi3VRdEj6ygxjET5LuFo1+1bWtLl5 -s1hH7Cg5Xnb3bz87ntzhvh813wN1aBs7P73jEgJR4WFJ1012M2QAPgfCqitWHV1J -FwmRqT1vARqzS+CDKuC00OjFQmuq63BUeIjq81HcqPqHNt2PwBXj2fcSbjGggJtM -cE71ds0bs5JFwqoU8dvCMslxwoLmBekSl9McLyYHqoXZqQrF0+Z4lDVtJjiXND7t -INZo1zGJ+OewSm0FaMbExx1kMHtk/cQOdONbTpSifyHNKzEORtp8YoXp9WL/zSlK -9nnikAasTLdYNepVxkPCnrsjDdxdYz+0x4Z2Zkq7Of51a3sOPuDV+KXE ------END CERTIFICATE----- diff --git a/etc/conjur.conf b/etc/conjur.conf deleted file mode 100644 index bbce0da..0000000 --- a/etc/conjur.conf +++ /dev/null @@ -1,5 +0,0 @@ ---- -appliance_url: https://conjur/api -account: dev -cert_file: "/etc/conjur-dev.pem" -plugins: [] From 59a42e46d4cc261fc38d494dfe5057433080fb42 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 19 Nov 2017 20:51:32 -0600 Subject: [PATCH 16/68] fix SSH --- .1-setup-containers.sh.swp | Bin 0 -> 4096 bytes .gitignore | 1 + 0-startup-conjur.sh | 2 +- build/conjurcli/.Dockerfile.swp | Bin 12288 -> 0 bytes cluster/0-setup-cluster.sh | 2 +- etc/conjur.conf | 5 +++++ ssh/0-setup-ssh.sh | 2 ++ ssh/rack.yml | 2 +- 8 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 .1-setup-containers.sh.swp delete mode 100644 build/conjurcli/.Dockerfile.swp create mode 100644 etc/conjur.conf diff --git a/.1-setup-containers.sh.swp b/.1-setup-containers.sh.swp new file mode 100644 index 0000000000000000000000000000000000000000..e06344755288183d64e26669359880b885665f51 GIT binary patch literal 4096 zcmYc?2=nw+FxN9-00IF9hRaHPQK4mv7$&}DWJpQP%?Ak+0y+7~i8&eh#U*-RR!V+u zVrCu|O?4mx^>ZszGK=(`^YgMwi}aJhLWa78CVP$6&ekJ z(GZ{@1b7*YjSLMy1}G~jDhLaOQef7o*3l3c4S~@R7!85Z5Eu=C(GVC7fzc2c4S}H+ F0sw^^Bl`dV literal 0 HcmV?d00001 diff --git a/.gitignore b/.gitignore index d89190b..456b369 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +etc/conjur*.pem log/* ldap/ldap-sync.yml ssh/id* diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index c5c4d31..e511058 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,7 +1,7 @@ #!/bin/bash -e set -o pipefail -CONJUR_CONTAINER_TARFILE="" +CONJUR_CONTAINER_TARFILE= CONJUR_MASTER_HOSTNAME=cdemo_conjur_1 diff --git a/build/conjurcli/.Dockerfile.swp b/build/conjurcli/.Dockerfile.swp deleted file mode 100644 index bf32ee46055da9f9492b7640fe8d36f9759e6df1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI&&rTFE7y$6%9X0v_pP0ab%#_t-F-u~ihzW*e$p(l7(R4dyr%Pu#w4MEv80A5P zL|?%-@D)6A-xFrobe5{HQWlbb2`T0Pf%0yk>uFjshrv0w{n2D1ZVe zfC4CRlLcHhK|cBg+!`%na#T)SC`YeYpa2S>01BW03ZMWApa2S>01BW03fw>e77^0& zhyE|c!QcP?KR*BeyhF&AkEcFneVp7THrHU7ClCxlrq(f~;OwS!FdtUKxu6mXRSO4CYVT^*&}0cI zI`lijLF`;+>y&n+i}QBKbwc^DEetdJqs!JoaogGmC72bKM!KIW%_7<>M;^DiBF*yJ zMr(V$xw5taJ5w~bhT67FsZ6Dt+9g}f)y>8-?7->aCu)b5?pew^M(5e-;SubXlN3DG zFk`fK^`+6gDl_mNc$_h7`^CxBFD2 Date: Sun, 19 Nov 2017 20:53:15 -0600 Subject: [PATCH 17/68] fix SSH --- .1-setup-containers.sh.swp | Bin 4096 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .1-setup-containers.sh.swp diff --git a/.1-setup-containers.sh.swp b/.1-setup-containers.sh.swp deleted file mode 100644 index e06344755288183d64e26669359880b885665f51..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4096 zcmYc?2=nw+FxN9-00IF9hRaHPQK4mv7$&}DWJpQP%?Ak+0y+7~i8&eh#U*-RR!V+u zVrCu|O?4mx^>ZszGK=(`^YgMwi}aJhLWa78CVP$6&ekJ z(GZ{@1b7*YjSLMy1}G~jDhLaOQef7o*3l3c4S~@R7!85Z5Eu=C(GVC7fzc2c4S}H+ F0sw^^Bl`dV From 8da20892d324b75a6957d8fa99f3a21763a6d709 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 24 Nov 2017 14:34:53 -0600 Subject: [PATCH 18/68] add failover & recovery in ./cluster/ --- 0-startup-conjur.sh | 64 ++++++++----- build/etcd/Dockerfile | 1 + build/haproxy/Dockerfile | 12 +++ build/haproxy/conjur-health-check.sh | 13 +++ build/haproxy/haproxy.cfg | 50 ++++++++++ build/haproxy/start.sh | 4 + cluster/0-setup-cluster.sh | 136 ++++++++++++++++++++++++--- cluster/1-cluster-failover.sh | 33 +++++++ cluster/cluster.yml | 13 +++ docker-compose.yml | 45 ++++++--- etc/conjur.json | 5 + etc/haproxy.cfg | 59 ++++++++++++ etc/haproxy.cfg.template | 23 +++++ etc/install-dependencies.sh | 1 + etc/update_haproxy.sh | 84 +++++++++++++++++ ssh/rack.yml | 2 +- ssh/ssh-mgmt.yml | 1 + webapp1-policy.yml | 2 +- 18 files changed, 500 insertions(+), 48 deletions(-) create mode 100644 build/etcd/Dockerfile create mode 100644 build/haproxy/Dockerfile create mode 100755 build/haproxy/conjur-health-check.sh create mode 100644 build/haproxy/haproxy.cfg create mode 100755 build/haproxy/start.sh create mode 100755 cluster/1-cluster-failover.sh create mode 100644 cluster/cluster.yml create mode 100644 etc/conjur.json create mode 100644 etc/haproxy.cfg create mode 100644 etc/haproxy.cfg.template create mode 100755 etc/update_haproxy.sh diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index e511058..a583722 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,16 +1,17 @@ #!/bin/bash -e set -o pipefail -CONJUR_CONTAINER_TARFILE= +CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.10.0.0.tar - -CONJUR_MASTER_HOSTNAME=cdemo_conjur_1 +CONJUR_INGRESS_NAME=conjur +CONJUR_MASTER_HOSTNAME=haproxy CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 main() { - echo "Bringing down all running containers and restarting - proceed?" + printf "\n\nBringing down all running containers and restarting.\n" + printf "\n\n\tThis will destroy your currently running environment - proceed?\n\n" select yn in "Yes" "No"; do case $yn in Yes ) break;; @@ -21,27 +22,30 @@ main() { all_down # bring down anything still running conjur_up + haproxy_up cli_up - docker-compose up -d scope # weave scope + docker-compose up -d scope # bring up webscope + docker-compose build webapp # force build of demo app + # initialize "scalability" demo + docker-compose exec cli "/src/etc/_demo-init.sh" + + # force builds of images for demo modules docker-compose build ldap docker-compose build splunk docker-compose build vm - docker-compose build webapp - - # initialize "scalability" demo - docker-compose exec cli "/src/etc/_demo-init.sh" + docker-compose build etcd echo echo "Demo environment ready!" - echo "The Conjur service is running as hostname: $CONJUR_HOSTNAME" + echo "The Conjur service is running as hostname: $CONJUR_INGRESS_NAME" echo } ############################ all_down() { echo "-----" - echo "Bringng down all running services & deleting dangling volumes" + printf "\n-----\nBringng down all running services & deleting dangling volumes\n" docker-compose down --remove-orphans dangling_vols=$(docker volume ls -qf dangling=true) if [[ "$dangling_vols" != "" ]]; then @@ -63,26 +67,43 @@ conjur_up() { IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message sudo docker tag $IMAGE_ID conjur-appliance:latest fi + echo "Bringing up Conjur" - docker-compose up -d conjur + docker-compose up -d conjur_node + CONJUR_MASTER_CONT_ID=cdemo_conjur_node_1 - CONJUR_CONT_ID=$(docker-compose ps -q conjur) - CONJUR_HOSTNAME=$(docker inspect --format '{{ .Config.Hostname }}' $CONJUR_CONT_ID) echo "-----" - echo "Initializing Conjur" - docker-compose exec conjur evoke configure master -h $CONJUR_MASTER_HOSTNAME -p $CONJUR_MASTER_PASSWORD $CONJUR_MASTER_ORGACCOUNT + echo "Initializing Conjur Master" + docker exec $CONJUR_MASTER_CONT_ID \ + evoke configure master \ + -j /src/etc/conjur.json \ + -h $CONJUR_MASTER_HOSTNAME \ + -p $CONJUR_MASTER_PASSWORD \ + $CONJUR_MASTER_ORGACCOUNT echo "-----" echo "Get certificate from Conjur" rm -f ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem # cache cert for copying to other containers - docker cp -L $CONJUR_CONT_ID:/opt/conjur/etc/ssl/conjur.pem ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem + docker cp -L $CONJUR_MASTER_CONT_ID:/opt/conjur/etc/ssl/conjur.pem ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem + +} - echo "---- Update hosts file with Conjur container hostname: $CONJUR_HOSTNAME" - grep -v $CONJUR_HOSTNAME /etc/hosts > /tmp/foo - echo -e 127.0.0.1 '\t' $CONJUR_HOSTNAME >> /tmp/foo - sudo mv /tmp/foo /etc/hosts +############################ +haproxy_up() { + # bring up hproxy, rename as ingress, update & start + docker-compose up -d haproxy + docker container rename cdemo_haproxy_1 $CONJUR_INGRESS_NAME + pushd ./etc && ./update_haproxy.sh $CONJUR_INGRESS_NAME && popd + + hosts_entry=$(grep $CONJUR_INGRESS_NAME /etc/hosts) + if [[ "$host_entry" == "" ]]; then + echo "---- Update hosts file with Conjur container hostname: $CONJUR_INGRESS_NAME" + grep -v $CONJUR_INGRESS_NAME /etc/hosts > /tmp/foo + echo -e 127.0.0.1 '\t' $CONJUR_INGRESS_NAME >> /tmp/foo + sudo mv /tmp/foo /etc/hosts + fi } ############################ @@ -103,4 +124,3 @@ cli_up() { main "$@" - diff --git a/build/etcd/Dockerfile b/build/etcd/Dockerfile new file mode 100644 index 0000000..426b424 --- /dev/null +++ b/build/etcd/Dockerfile @@ -0,0 +1 @@ +FROM quay.io/coreos/etcd diff --git a/build/haproxy/Dockerfile b/build/haproxy/Dockerfile new file mode 100644 index 0000000..488f839 --- /dev/null +++ b/build/haproxy/Dockerfile @@ -0,0 +1,12 @@ +FROM haproxy:1.7 + +RUN apt-get update +RUN apt-get install -y \ + curl \ + jq \ + vim + +COPY haproxy.cfg /usr/local/etc/haproxy/ +COPY conjur-health-check.sh /root/ +COPY start.sh / + diff --git a/build/haproxy/conjur-health-check.sh b/build/haproxy/conjur-health-check.sh new file mode 100755 index 0000000..3157423 --- /dev/null +++ b/build/haproxy/conjur-health-check.sh @@ -0,0 +1,13 @@ +#!/bin/bash +server_address=$3 + +# echo "server_address: " $server_address + +conjur_ok=$(curl -k -s https://$server_address/health | jq '.ok') +if [[ "$conjur_ok" == "true" ]]; then + # echo "Conjur is OK" + exit 0 +fi +# echo "Conjur is NOT OK" +# echo "check status value:" $conjur_ok +exit -1 diff --git a/build/haproxy/haproxy.cfg b/build/haproxy/haproxy.cfg new file mode 100644 index 0000000..cee7c1a --- /dev/null +++ b/build/haproxy/haproxy.cfg @@ -0,0 +1,50 @@ +global + maxconn 256 + external-check + +defaults + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + +frontend f_conjur_master_http + mode tcp + bind *:443 + default_backend b_conjur_master_http + +frontend f_conjur_master_pg + mode tcp + bind *:5432 + default_backend b_conjur_master_pg + +frontend f_conjur_master_ldap + mode tcp + bind *:636 + default_backend b_conjur_master_ldap +# HTTP backend info is generated by http_servers.sh +backend b_conjur_master_http + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_1 172.19.0.2:443 check +# PG backend info is generated by pg_servers.sh +backend b_conjur_master_pg + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_1 172.19.0.2:5432 check +# LDAP backend info is generated by ldap_servers.sh +backend b_conjur_master_ldap + mode tcp + balance static-rr + option external-check + default-server inter 30s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_1 172.19.0.2:636 check diff --git a/build/haproxy/start.sh b/build/haproxy/start.sh new file mode 100755 index 0000000..1476958 --- /dev/null +++ b/build/haproxy/start.sh @@ -0,0 +1,4 @@ +#!/bin/bash -ex + +# haproxy.cfg is created and updated by update_haproxy.sh script in cdemo/etc +exec haproxy -f /usr/local/etc/haproxy/haproxy.cfg diff --git a/cluster/0-setup-cluster.sh b/cluster/0-setup-cluster.sh index 8eeac3a..69b85a1 100755 --- a/cluster/0-setup-cluster.sh +++ b/cluster/0-setup-cluster.sh @@ -1,31 +1,141 @@ -#!/bin/bash -x +#!/bin/bash set -eo pipefail -CONJUR_MASTER_CNAME=cdemo_conjur_1 +CONJUR_MASTER_CNAME="" +CONJUR_INGRESS_NAME=conjur +NUM_STATEFUL_NODES=3 # 1 master + n standbys +NUM_FOLLOWERS=0 +CLUSTER_NAME=dev +CLUSTER_MANAGER_CONT_NAME=cdemo_etcd_1 +CLUSTER_POLICY_FILE=cluster.yml main() { - docker-compose rm -svf standby follower - docker-compose up -d standby follower - setup_node standby - setup_node follower - docker-compose exec conjur bash -c "evoke replication sync" + # find master node + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ $crole == master ]]; then + CONJUR_MASTER_CNAME=$cname + CONJUR_MASTER_IP="$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname)" + break + fi + done + + setup_standbys + setup_followers + setup_etcd +} + +############################# +setup_standbys() { + # generate seed file + docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-standby > /tmp/standby-seed.tar" + # copy to local /tmp + docker cp $CONJUR_MASTER_CNAME:/tmp/standby-seed.tar /tmp/ + + # bring up new nodes + # "no-recreate" prevents recreation of existing nodes + docker-compose up -d --no-recreate --scale "conjur_node=$NUM_STATEFUL_NODES" conjur_node + + # configure each uninitialized stateful node as a standby + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ "$crole" == "blank" ]]; then + setup_node standby $cname + fi + done + rm /tmp/standby-seed.tar + + sleep 10 # give cluster state time to settle, then start synchronous replication + docker exec $CONJUR_MASTER_CNAME bash -c "evoke replication sync" + + # bounce proxy to add new standbys to its configuration + pushd ../etc && ./update_haproxy.sh conjur && popd +} + + +############################# +setup_followers() { + # generate seed file that references haproxy + # and copy to local /tmp + docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed follower $CONJUR_INGRESS_NAME > /tmp/follower-seed.tar" + docker cp $CONJUR_MASTER_CNAME:/tmp/follower-seed.tar /tmp/ + + docker-compose up -d --no-recreate --scale "follower=$NUM_FOLLOWERS" follower + + # configure each uninitialized node as a standby + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ "$crole" == blank ]]; then + setup_node follower $cname + fi + done + rm /tmp/follower-seed.tar } + +############################# setup_node() { local CONJUR_ROLE=$1; shift # role is either "standby" or "follower" + local CONTAINER_ID=$1; shift echo "Creating $CONJUR_ROLE" - docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed $CONJUR_ROLE conjur-$CONJUR_ROLE > /tmp/$CONJUR_ROLE-seed.tar" - docker cp $CONJUR_MASTER_CNAME:/tmp/$CONJUR_ROLE-seed.tar /tmp/ - CONTAINER_ID=cdemo_${CONJUR_ROLE}_1 docker cp /tmp/$CONJUR_ROLE-seed.tar $CONTAINER_ID:/tmp/seed - rm /tmp/$CONJUR_ROLE-seed.tar MASTER_IP_ARG="" if [[ $CONJUR_ROLE == "standby" ]]; then - MASTER_IP_ARG="-i $(docker inspect cdemo_conjur_1 | jq -r .[].NetworkSettings.Networks.cdemo_default.IPAddress)" + MASTER_IP_ARG="-i $CONJUR_MASTER_IP" fi - docker-compose exec $CONJUR_ROLE bash -c "evoke unpack seed /tmp/seed && evoke configure $CONJUR_ROLE $MASTER_IP_ARG" + docker exec $CONTAINER_ID bash -c "evoke unpack seed /tmp/seed && evoke configure $CONJUR_ROLE -j /src/etc/conjur.json $MASTER_IP_ARG" +} + + +############################# +setup_etcd() { + # startup etcd cluster manager + docker-compose up -d etcd + # build cluster policy file + construct_cluster_policy + + # load policy describing cluster + docker-compose exec cli conjur authn login -u admin -p Cyberark1 + docker-compose exec cli conjur policy load --as-group=security_admin /src/cluster/$CLUSTER_POLICY_FILE + + # enroll each stateful node in cluster + for cont_name in $cont_list; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) + docker exec $cont_name evoke cluster enroll -a $cont_ip -n $cont_name $CLUSTER_NAME + done +} + + +############################# +construct_cluster_policy() { + # create policy file header + cat < $CLUSTER_POLICY_FILE +--- +- !policy + id: conjur/cluster/$CLUSTER_NAME + body: + - !layer + + - &hosts +POLICY_HEADER + # for each stateful node, add hosts entries to policy file + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cont_name in $cont_list; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) + printf " - !host %s\n" $cont_name >> $CLUSTER_POLICY_FILE + done + # add footer to policy file + cat <> $CLUSTER_POLICY_FILE + - !grant + role: !layer + member: *hosts +POLICY_FOOTER + } main "$@" diff --git a/cluster/1-cluster-failover.sh b/cluster/1-cluster-failover.sh new file mode 100755 index 0000000..9030c73 --- /dev/null +++ b/cluster/1-cluster-failover.sh @@ -0,0 +1,33 @@ +#!/bin/bash -e +set -o pipefail + +main() { + kill_master + wait_for_new_master + ./0-setup-cluster.sh +} + +kill_master() { + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ $crole == master ]]; then + docker stop $cname && docker rm $cname + fi + done +} + +wait_for_new_master() { + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + MASTER_FOUND=false + while [[ $MASTER_FOUND == false ]]; do + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ $crole == master ]]; then + MASTER_FOUND=true + fi + done + done +} + +main "$@" diff --git a/cluster/cluster.yml b/cluster/cluster.yml new file mode 100644 index 0000000..9fa7036 --- /dev/null +++ b/cluster/cluster.yml @@ -0,0 +1,13 @@ +--- +- !policy + id: conjur/cluster/dev + body: + - !layer + + - &hosts + - !host cdemo_conjur_node_6 + - !host cdemo_conjur_node_5 + - !host cdemo_conjur_node_4 + - !grant + role: !layer + member: *hosts diff --git a/docker-compose.yml b/docker-compose.yml index 4742849..de53d9d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,32 +6,55 @@ services: # The CLI container is used to execute Conjur commands in lieu of requiring the CLI # package installation on the host machine. This makes managing multi-version Conjur # environments easier. - conjur: + conjur_node: image: conjur-appliance:latest - hostname: conjur + labels: + role: "conjur_node" volumes: - ./:/src:z - ~/log:/var/log/conjur # exported conjur audit log - ~/log:/var/log/nginx # exported nginx audit log security_opt: - seccomp:unconfined - ports: - - 443:443 - - 636:636 restart: always - standby: - image: conjur-appliance:latest + haproxy: + image: haproxy:conjur hostname: conjur + build: ./build/haproxy volumes: - ./:/src:z - security_opt: - - seccomp:unconfined + ports: + - 443:443 restart: always + entrypoint: /start.sh + + etcd: + hostname: etcd + image: quay.io/coreos/etcd + build: ./build/etcd + ports: + - 2379:2379 + command: + - etcd + - -debug + - -name + - etcd + - -advertise-client-urls + - http://etcd:2379 + - -listen-client-urls + - http://0.0.0.0:2379 + - -initial-advertise-peer-urls + - http://etcd:2380 + - -listen-peer-urls + - http://0.0.0.0:2380 + - -initial-cluster + - etcd=http://etcd:2380 follower: image: conjur-appliance:latest - hostname: conjur + labels: + role: "conjur_follower" volumes: - ./:/src:z security_opt: @@ -42,6 +65,7 @@ services: environment: CONJUR_ACCOUNT: dev CONJUR_APPLIANCE_URL: https://conjur/api + hostname: conjurcli image: my-conjurcli:5.4.0 build: ./build/conjurcli volumes: @@ -49,7 +73,6 @@ services: - ./:/src:z - "/var/run/docker.sock:/var/run/docker.sock:rw" # enable docker commands from in container - "/usr/bin/docker:/usr/bin/docker:z" - hostname: conjurcli entrypoint: sleep command: infinity diff --git a/etc/conjur.json b/etc/conjur.json new file mode 100644 index 0000000..6d18e7e --- /dev/null +++ b/etc/conjur.json @@ -0,0 +1,5 @@ +{ + "postgresql": { + "allocated_memory_kb": 100000 + } +} diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg new file mode 100644 index 0000000..0729b04 --- /dev/null +++ b/etc/haproxy.cfg @@ -0,0 +1,59 @@ +global + maxconn 256 + external-check + +defaults + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + +frontend f_conjur_master_http + mode tcp + bind *:443 + default_backend b_conjur_master_http + +frontend f_conjur_master_pg + mode tcp + bind *:5432 + default_backend b_conjur_master_pg + +frontend f_conjur_master_ldap + mode tcp + bind *:636 + default_backend b_conjur_master_ldap + +# HTTP backend info is generated by http_servers.sh +backend b_conjur_master_http + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_6 172.19.0.6:443 check + server cdemo_conjur_node_5 172.19.0.7:443 check + server cdemo_conjur_node_4 172.19.0.2:443 check + +# PG backend info is generated by pg_servers.sh +backend b_conjur_master_pg + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_6 172.19.0.6:5432 check + server cdemo_conjur_node_5 172.19.0.7:5432 check + server cdemo_conjur_node_4 172.19.0.2:5432 check + +# LDAP backend info is generated by ldap_servers.sh +backend b_conjur_master_ldap + mode tcp + balance static-rr + option external-check + default-server inter 30s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_6 172.19.0.6:636 check + server cdemo_conjur_node_5 172.19.0.7:636 check + server cdemo_conjur_node_4 172.19.0.2:636 check diff --git a/etc/haproxy.cfg.template b/etc/haproxy.cfg.template new file mode 100644 index 0000000..00eaf20 --- /dev/null +++ b/etc/haproxy.cfg.template @@ -0,0 +1,23 @@ +global + maxconn 256 + external-check + +defaults + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + +frontend f_conjur_master_http + mode tcp + bind *:443 + default_backend b_conjur_master_http + +frontend f_conjur_master_pg + mode tcp + bind *:5432 + default_backend b_conjur_master_pg + +frontend f_conjur_master_ldap + mode tcp + bind *:636 + default_backend b_conjur_master_ldap diff --git a/etc/install-dependencies.sh b/etc/install-dependencies.sh index f939a0f..d90eeae 100755 --- a/etc/install-dependencies.sh +++ b/etc/install-dependencies.sh @@ -1,6 +1,7 @@ #!/bin/bash -e main() { + yum install -y etcd install_docker install_docker_compose install_jq diff --git a/etc/update_haproxy.sh b/etc/update_haproxy.sh new file mode 100755 index 0000000..3d189ca --- /dev/null +++ b/etc/update_haproxy.sh @@ -0,0 +1,84 @@ +#!/bin/bash -e +set -o pipefail + +# This script updates the HAProxy configuration for currently running Conjur containers +# and restarts the proxy daemon + +destination_file="haproxy.cfg" + +# takes one argument: the name of the HAProxy container to update +main() { + haproxy_cname=$1 + cp haproxy.cfg.template $destination_file + update_http_servers + update_pg_servers + update_ldap_servers + + docker cp haproxy.cfg $haproxy_cname:/usr/local/etc/haproxy/haproxy.cfg + docker restart $haproxy_cname +} + + # Appends Conjur HTTP server info in HAProxy format to haproxy.cfg. +update_http_servers() { + cat <> $destination_file + +# HTTP backend info is generated by http_servers.sh +backend b_conjur_master_http + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" +CONFIG + + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cont_name in $cont_list; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) + echo -e '\t' server $cont_name $cont_ip:443 check >> $destination_file + done +} + + # Appends Conjur PostgreSQL server info in HAProxy format to haproxy.cfg. +update_pg_servers() { + cat <> $destination_file + +# PG backend info is generated by pg_servers.sh +backend b_conjur_master_pg + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" +CONFIG + + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cont_name in $cont_list; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) + echo -e '\t' server $cont_name $cont_ip:5432 check >> $destination_file + done +} + + # Appends Conjur LDAP server info in HAProxy format to haproxy.cfg. +update_ldap_servers() { + cat <> $destination_file + +# LDAP backend info is generated by ldap_servers.sh +backend b_conjur_master_ldap + mode tcp + balance static-rr + option external-check + default-server inter 30s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" +CONFIG + + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cont_name in $cont_list; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) + echo -e '\t' server $cont_name $cont_ip:636 check >> $destination_file + done +} + +main "$@" diff --git a/ssh/rack.yml b/ssh/rack.yml index d6886ef..96bffeb 100644 --- a/ssh/rack.yml +++ b/ssh/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_1 - !host cdemo_vm_2 +- !host cdemo_vm_1 diff --git a/ssh/ssh-mgmt.yml b/ssh/ssh-mgmt.yml index cb4e45b..a154622 100644 --- a/ssh/ssh-mgmt.yml +++ b/ssh/ssh-mgmt.yml @@ -1,5 +1,6 @@ --- # Default policy is that only DevOps has access to Prod servers +# Un-comment "- !group /developers" and reload policy to give developers non-sudo access to Prod - !policy id: prod_vm_access diff --git a/webapp1-policy.yml b/webapp1-policy.yml index 59a930a..e55e36e 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -10,7 +10,7 @@ - !layer &tomcat_hosts tomcat_hosts - - !permit + - !deny role: *tomcat_hosts privileges: [ read, execute ] resource: *variables From 83c940b349702895d5a2535f5387e70dcccd39bc Mon Sep 17 00:00:00 2001 From: Conjur Demo Date: Fri, 24 Nov 2017 13:21:03 -0800 Subject: [PATCH 19/68] webapp tweaks --- build/webapp/webapp1.sh | 1 + etc/haproxy.cfg | 12 +++--------- webapp1-policy.yml | 2 +- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/build/webapp/webapp1.sh b/build/webapp/webapp1.sh index 6945823..cce3d4e 100644 --- a/build/webapp/webapp1.sh +++ b/build/webapp/webapp1.sh @@ -8,6 +8,7 @@ printf "\n\n\nExecuting within the container...\n\n" # SLEEP_TIME - environment variable name to fetch CONJUR_HOST=conjur +#CONJUR_HOST=cdemo_follower_1 declare ENDPOINT=https://$CONJUR_HOST/api declare LOGFILE=cc.log declare INPUT_FILE=/data/foo diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 0729b04..6b17ec7 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -30,9 +30,7 @@ backend b_conjur_master_http default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_6 172.19.0.6:443 check - server cdemo_conjur_node_5 172.19.0.7:443 check - server cdemo_conjur_node_4 172.19.0.2:443 check + server cdemo_conjur_node_1 172.18.0.2:443 check # PG backend info is generated by pg_servers.sh backend b_conjur_master_pg @@ -42,9 +40,7 @@ backend b_conjur_master_pg default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_6 172.19.0.6:5432 check - server cdemo_conjur_node_5 172.19.0.7:5432 check - server cdemo_conjur_node_4 172.19.0.2:5432 check + server cdemo_conjur_node_1 172.18.0.2:5432 check # LDAP backend info is generated by ldap_servers.sh backend b_conjur_master_ldap @@ -54,6 +50,4 @@ backend b_conjur_master_ldap default-server inter 30s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_6 172.19.0.6:636 check - server cdemo_conjur_node_5 172.19.0.7:636 check - server cdemo_conjur_node_4 172.19.0.2:636 check + server cdemo_conjur_node_1 172.18.0.2:636 check diff --git a/webapp1-policy.yml b/webapp1-policy.yml index e55e36e..59a930a 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -10,7 +10,7 @@ - !layer &tomcat_hosts tomcat_hosts - - !deny + - !permit role: *tomcat_hosts privileges: [ read, execute ] resource: *variables From c4fc716aec21721edffad1f3d1a5c5dd83f84f05 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Fri, 24 Nov 2017 13:32:51 -0800 Subject: [PATCH 20/68] fix follower init --- cluster/0-setup-cluster.sh | 4 ++-- cluster/cluster.yml | 6 +++--- etc/haproxy.cfg | 6 ++++++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/cluster/0-setup-cluster.sh b/cluster/0-setup-cluster.sh index 69b85a1..8810218 100755 --- a/cluster/0-setup-cluster.sh +++ b/cluster/0-setup-cluster.sh @@ -4,7 +4,7 @@ set -eo pipefail CONJUR_MASTER_CNAME="" CONJUR_INGRESS_NAME=conjur NUM_STATEFUL_NODES=3 # 1 master + n standbys -NUM_FOLLOWERS=0 +NUM_FOLLOWERS=1 CLUSTER_NAME=dev CLUSTER_MANAGER_CONT_NAME=cdemo_etcd_1 CLUSTER_POLICY_FILE=cluster.yml @@ -65,7 +65,7 @@ setup_followers() { docker-compose up -d --no-recreate --scale "follower=$NUM_FOLLOWERS" follower # configure each uninitialized node as a standby - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + cont_list=$(docker ps -f "label=role=conjur_follower" --format {{.Names}}) for cname in $cont_list; do crole=$(docker exec $cname sh -c "evoke role") if [[ "$crole" == blank ]]; then diff --git a/cluster/cluster.yml b/cluster/cluster.yml index 9fa7036..cc61e53 100644 --- a/cluster/cluster.yml +++ b/cluster/cluster.yml @@ -5,9 +5,9 @@ - !layer - &hosts - - !host cdemo_conjur_node_6 - - !host cdemo_conjur_node_5 - - !host cdemo_conjur_node_4 + - !host cdemo_conjur_node_3 + - !host cdemo_conjur_node_2 + - !host cdemo_conjur_node_1 - !grant role: !layer member: *hosts diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 6b17ec7..68dd312 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -30,6 +30,8 @@ backend b_conjur_master_http default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.7:443 check + server cdemo_conjur_node_2 172.18.0.8:443 check server cdemo_conjur_node_1 172.18.0.2:443 check # PG backend info is generated by pg_servers.sh @@ -40,6 +42,8 @@ backend b_conjur_master_pg default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.7:5432 check + server cdemo_conjur_node_2 172.18.0.8:5432 check server cdemo_conjur_node_1 172.18.0.2:5432 check # LDAP backend info is generated by ldap_servers.sh @@ -50,4 +54,6 @@ backend b_conjur_master_ldap default-server inter 30s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.7:636 check + server cdemo_conjur_node_2 172.18.0.8:636 check server cdemo_conjur_node_1 172.18.0.2:636 check From 8683226dbddf30d554c6439907ec6cc80a8ab6e1 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 24 Nov 2017 20:37:07 -0600 Subject: [PATCH 21/68] check version for failover support --- 0-startup-conjur.sh | 2 +- cluster/0-setup-cluster.sh | 5 +++++ cluster/1-cluster-failover.sh | 17 +++++++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index a583722..01e90d5 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,7 +1,7 @@ #!/bin/bash -e set -o pipefail -CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.10.0.0.tar +CONJUR_CONTAINER_TARFILE="" CONJUR_INGRESS_NAME=conjur CONJUR_MASTER_HOSTNAME=haproxy diff --git a/cluster/0-setup-cluster.sh b/cluster/0-setup-cluster.sh index 8810218..efcc569 100755 --- a/cluster/0-setup-cluster.sh +++ b/cluster/0-setup-cluster.sh @@ -28,6 +28,7 @@ main() { ############################# setup_standbys() { + printf "\n-----\nConfiguring standby nodes...\n" # generate seed file docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-standby > /tmp/standby-seed.tar" # copy to local /tmp @@ -47,6 +48,7 @@ setup_standbys() { done rm /tmp/standby-seed.tar + printf "\n-----\nWaiting for cluster state to settle...\n" sleep 10 # give cluster state time to settle, then start synchronous replication docker exec $CONJUR_MASTER_CNAME bash -c "evoke replication sync" @@ -57,6 +59,7 @@ setup_standbys() { ############################# setup_followers() { + printf "\n-----\nConfiguring follower nodes...\n" # generate seed file that references haproxy # and copy to local /tmp docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed follower $CONJUR_INGRESS_NAME > /tmp/follower-seed.tar" @@ -94,6 +97,7 @@ setup_node() { ############################# setup_etcd() { + printf "\n-----\nConfiguring cluster policy...\n" # startup etcd cluster manager docker-compose up -d etcd # build cluster policy file @@ -103,6 +107,7 @@ setup_etcd() { docker-compose exec cli conjur authn login -u admin -p Cyberark1 docker-compose exec cli conjur policy load --as-group=security_admin /src/cluster/$CLUSTER_POLICY_FILE + printf "\n-----\nEnrolling Conjur nodes with cluster manager...\n" # enroll each stateful node in cluster for cont_name in $cont_list; do cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) diff --git a/cluster/1-cluster-failover.sh b/cluster/1-cluster-failover.sh index 9030c73..c8c9070 100755 --- a/cluster/1-cluster-failover.sh +++ b/cluster/1-cluster-failover.sh @@ -2,12 +2,28 @@ set -o pipefail main() { + check_conjur_version kill_master wait_for_new_master ./0-setup-cluster.sh } +check_conjur_version() { + printf "\n-----\nChecking if Conjur version supports failover...\n" + conjur_version=$(docker-compose exec cli conjur version | awk -F " " '/Conjur appliance version:/ { print $4 }') + conjur_major=$(echo $conjur_version | awk -F "." '{ print $1 }') + conjur_minor=$(echo $conjur_version | awk -F "." '{ print $2 }') + conjur_point=$(echo $conjur_version | awk -F "." '{ print $3 }') + + if [[ ($conjur_major -ne 4) || (($conjur_minor -lt 10) && ($conjur_point -lt 10)) ]]; then + printf "\nConjur version %i.%i.%i is running.\n" $conjur_major $conjur_minor $conjur_point + printf "Failover is only supported in Conjur version 4.9.10 or greater.\n\n" + exit -1 + fi +} + kill_master() { + printf "\n-----\nStopping and removing current master...\n" cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) for cname in $cont_list; do crole=$(docker exec $cname sh -c "evoke role") @@ -18,6 +34,7 @@ kill_master() { } wait_for_new_master() { + printf "\n-----\nWaiting for standby to be promoted to master...\n" cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) MASTER_FOUND=false while [[ $MASTER_FOUND == false ]]; do From 2dbce8e93932f19a4e4d960a7ffeca913c02d0b0 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 24 Nov 2017 20:57:00 -0600 Subject: [PATCH 22/68] updated README --- README.md | 15 +++++++++++++++ flist | 11 +++++++++++ 2 files changed, 26 insertions(+) create mode 100644 flist diff --git a/README.md b/README.md index e51d6d2..536ba8f 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ This is self-contained implementation of a basic Conjur implementation to demons Dependencies: - docker & docker-compose - can be installed w/ ./etc/install-dependencies.sh - internet access required for initial builds, can run standalone after that + - Conjur 4.9.10 or greater required for auto-failover Demo root directory (.../cdemo): - 0-startup-conjur.sh - takes no arguments - initializes demo environment: @@ -56,6 +57,18 @@ Basic demo scenario: - ssh-mgmt.yml - defines access policies for Dev and Prod VM access ./simple_hf_example - very basic Host Factory demo: + - 1_set_hf_token.sh - one argument: output file, creats HF token, hostname and variable to retrieve + - 2_get_secret_restapi.sh - one argument: outfile from above, redeems HF token, retrieves variable w/ REST API + - 2_get_secret_summon.sh - one argument: outfile from above, redeems HF token, retrieves variable w/ Summon + - 3_cleanup.sh - deletes old HF tokens + - EDIT.ME - connection info for Conjur + - policy.yml - webapp policy to create variable for retrieval + - setup_summon.sh - installs summon + - tomcat.xml.erb - example template for secrets injection via Summon + +./cluster - adds standbys and a follower to cluster: + - 0-setup-cluster.sh - brings cluster to default state of 1-master/2-standbys/1-follower + - 1-cluster-failover.sh - removes current master to trigger auto-failover, adds replacement standy ./etc directory: - _conjur_init.sh - Conjur initialization script run from CLI container. @@ -66,6 +79,8 @@ Basic demo scenario: Build directories - all image builds are triggered via docker-compose.yml (i.e. no build scripts): - build/conjurcli: - Dockerfile - builds a rich Conjur CLI client container + - build/etcd: + - Dockerfile - builds a container to run etcd cluster - build/ldap: - Dockerfile - builds a OpenLDAP server container - build/splunk diff --git a/flist b/flist new file mode 100644 index 0000000..cafb3a7 --- /dev/null +++ b/flist @@ -0,0 +1,11 @@ + +.. +. +1_set_hf_token.sh +2_get_secret_restapi.sh +2_get_secret_summon.sh +3_cleanup.sh +EDIT.ME +policy.yml +setup_summon.sh +tomcat.xml.erb From b9240616ca84281c82bbcfdc739e9dad73150f24 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 25 Nov 2017 13:16:13 -0600 Subject: [PATCH 23/68] add verbiage re: Conjur tarfile --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 536ba8f..74b38cc 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,10 @@ This is self-contained implementation of a basic Conjur implementation to demonstrate all key capabilities and to serve as a foundation for POCs and implementations. Dependencies: + - locally available conjur docker image tarfile - v4.9.10 or greater required for auto-failover + - request download image via https://www.cyberark.com/get-conjur-enterprise/ - docker & docker-compose - can be installed w/ ./etc/install-dependencies.sh - internet access required for initial builds, can run standalone after that - - Conjur 4.9.10 or greater required for auto-failover Demo root directory (.../cdemo): - 0-startup-conjur.sh - takes no arguments - initializes demo environment: From 64e900383a224a7b9f1645af1e0c59cb601eff11 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 25 Nov 2017 13:19:31 -0600 Subject: [PATCH 24/68] update README w/ tarfile info, move audit logs back to subdirectory --- README.md | 1 + docker-compose.yml | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 74b38cc..f917287 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ Dependencies: Demo root directory (.../cdemo): - 0-startup-conjur.sh - takes no arguments - initializes demo environment: + - EDIT SCRIPT WITH PATH TO CONJUR TARFILE BEFORE RUNNING. - triggers builds of ALL demo images - this can take a really long time - prepare accordingly! - startups up Conjur, Conjur client CLI and Weave Scope containers - Loads users-policy.yml and sets all user passwords to “foo” diff --git a/docker-compose.yml b/docker-compose.yml index de53d9d..4a24016 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,8 +12,8 @@ services: role: "conjur_node" volumes: - ./:/src:z - - ~/log:/var/log/conjur # exported conjur audit log - - ~/log:/var/log/nginx # exported nginx audit log + - ./log:/var/log/conjur # exported conjur audit log + - ./log:/var/log/nginx # exported nginx audit log security_opt: - seccomp:unconfined restart: always @@ -134,7 +134,7 @@ services: SPLUNK_ENABLE_LISTEN: 9997 SPLUNK_ADD: tcp 1514 volumes: - - ~/log:/log + - ./log:/log - opt-splunk-etc:/opt/splunk/etc - opt-splunk-var:/opt/splunk/var ports: From a1119e94891e1443b3a4fbb5bade93de8a2e668a Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 25 Nov 2017 13:30:58 -0600 Subject: [PATCH 25/68] better advice on build time for all images --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f917287..f45f104 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Dependencies: Demo root directory (.../cdemo): - 0-startup-conjur.sh - takes no arguments - initializes demo environment: - EDIT SCRIPT WITH PATH TO CONJUR TARFILE BEFORE RUNNING. - - triggers builds of ALL demo images - this can take a really long time - prepare accordingly! + - triggers builds of ALL demo images - this can take 30 minutes or more - prepare accordingly! - startups up Conjur, Conjur client CLI and Weave Scope containers - Loads users-policy.yml and sets all user passwords to “foo” - loads demo policies and sets secret values to the secret name prefixed with “ThisIsThe" From 54b10162383375947c37c5b6e66fe6f15a5a065c Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 2 Dec 2017 09:34:53 -0600 Subject: [PATCH 26/68] failover tweaks --- 0-startup-conjur.sh | 92 +++++++++++++-------- README.md | 1 + build/webapp/webapp1.sh | 7 +- cluster/0-setup-cluster.sh | 146 ---------------------------------- cluster/0-setup-standbys.sh | 115 ++++++++++++++++++++++++++ cluster/1-cluster-failover.sh | 50 ------------ cluster/1-trigger-failover.sh | 130 ++++++++++++++++++++++++++++++ cluster/cluster.yml | 6 +- dbpassword_rotator.sh | 14 +++- docker-compose.yml | 12 +-- etc/conjur.conf | 2 +- etc/haproxy.cfg | 28 ++++--- etc/update_haproxy.sh | 12 ++- flist | 11 --- inspect-cluster.sh | 16 ++++ ssh/0-setup-ssh.sh | 2 +- ssh/rack.yml | 2 +- ssh/ssh-mgmt.yml | 2 +- webapp1-policy.yml | 2 +- 19 files changed, 375 insertions(+), 275 deletions(-) delete mode 100755 cluster/0-setup-cluster.sh create mode 100755 cluster/0-setup-standbys.sh delete mode 100755 cluster/1-cluster-failover.sh create mode 100755 cluster/1-trigger-failover.sh delete mode 100644 flist create mode 100755 inspect-cluster.sh diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 01e90d5..42fcce7 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,29 +1,23 @@ -#!/bin/bash -e -set -o pipefail +#!/bin/bash +set -eo pipefail -CONJUR_CONTAINER_TARFILE="" +CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.10.0.0.tar -CONJUR_INGRESS_NAME=conjur -CONJUR_MASTER_HOSTNAME=haproxy +CONJUR_MASTER_INGRESS=conjur_master +CONJUR_FOLLOWER_INGRESS=conjur_follower +CONJUR_MASTER_HOSTNAME=conjur_master CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 main() { - printf "\n\nBringing down all running containers and restarting.\n" - printf "\n\n\tThis will destroy your currently running environment - proceed?\n\n" - select yn in "Yes" "No"; do - case $yn in - Yes ) break;; - No ) exit;; - esac - done - all_down # bring down anything still running - conjur_up + conjur_master_up haproxy_up cli_up + conjur_follower_up + update_etc_hosts docker-compose up -d scope # bring up webscope docker-compose build webapp # force build of demo app @@ -31,19 +25,28 @@ main() { docker-compose exec cli "/src/etc/_demo-init.sh" # force builds of images for demo modules + docker-compose build etcd docker-compose build ldap - docker-compose build splunk docker-compose build vm - docker-compose build etcd + docker-compose build splunk echo echo "Demo environment ready!" - echo "The Conjur service is running as hostname: $CONJUR_INGRESS_NAME" + echo "The Conjur service is running as hostname: $CONJUR_MASTER_INGRESS" echo } ############################ all_down() { + printf "\n\nBringing down all running containers.\n" + printf "\n\n\tThis will destroy your currently running environment - proceed?\n\n" + select yn in "Yes" "No"; do + case $yn in + Yes ) break;; + No ) exit -1;; + esac + done + echo "-----" printf "\n-----\nBringng down all running services & deleting dangling volumes\n" docker-compose down --remove-orphans @@ -54,7 +57,7 @@ all_down() { } ############################ -conjur_up() { +conjur_master_up() { echo "-----" if [[ "$CONJUR_CONTAINER_TARFILE" == "" ]]; then printf "\n\nEdit this script to set CONJUR_CONTAINER_TARFILE to the location of the Conjur appliance tarfile to load.\n\n" @@ -70,7 +73,7 @@ conjur_up() { echo "Bringing up Conjur" docker-compose up -d conjur_node - CONJUR_MASTER_CONT_ID=cdemo_conjur_node_1 + CONJUR_MASTER_CONT_ID=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) echo "-----" @@ -94,22 +97,14 @@ conjur_up() { haproxy_up() { # bring up hproxy, rename as ingress, update & start docker-compose up -d haproxy - docker container rename cdemo_haproxy_1 $CONJUR_INGRESS_NAME - pushd ./etc && ./update_haproxy.sh $CONJUR_INGRESS_NAME && popd - - hosts_entry=$(grep $CONJUR_INGRESS_NAME /etc/hosts) - if [[ "$host_entry" == "" ]]; then - echo "---- Update hosts file with Conjur container hostname: $CONJUR_INGRESS_NAME" - grep -v $CONJUR_INGRESS_NAME /etc/hosts > /tmp/foo - echo -e 127.0.0.1 '\t' $CONJUR_INGRESS_NAME >> /tmp/foo - sudo mv /tmp/foo /etc/hosts - fi + haproxy_cname=$(docker ps -f "label=role=conjur_proxy" --format {{.Names}}) + docker container rename $haproxy_cname $CONJUR_MASTER_INGRESS + pushd ./etc && ./update_haproxy.sh $CONJUR_MASTER_INGRESS && popd } ############################ cli_up() { - echo "-----" - echo "Bring up CLI client" + printf "\n-----\nBring up CLI client...\n" docker-compose up -d cli CLI_CONT_ID=$(docker-compose ps -q cli) @@ -122,5 +117,38 @@ cli_up() { docker-compose exec cli conjur bootstrap -q } +############################# +conjur_follower_up() { + printf "\n-----\nConfiguring follower node...\n" + + # get container name of conjur master + conjur_master_cname=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + # generate seed file that references haproxy + docker exec -it $conjur_master_cname bash -c "evoke seed follower $CONJUR_MASTER_INGRESS > /tmp/follower-seed.tar" + # and copy to local /tmp + docker cp $conjur_master_cname:/tmp/follower-seed.tar /tmp/ + docker-compose up -d follower + # only one follower + conjur_follower_cname=$(docker ps -f "label=role=conjur_follower" --format {{.Names}}) + docker rename $conjur_follower_cname $CONJUR_FOLLOWER_INGRESS + + docker cp /tmp/follower-seed.tar $CONJUR_FOLLOWER_INGRESS:/tmp/seed + docker exec $CONJUR_FOLLOWER_INGRESS bash -c "evoke unpack seed /tmp/seed && evoke configure follower -j /src/etc/conjur.json" + rm /tmp/follower-seed.tar +} +############################ +update_etc_hosts() { + set +e + hosts_entry=$(grep $CONJUR_MASTER_INGRESS /etc/hosts) + set -e + if [[ "$hosts_entry" == "" ]]; then + echo "---- Updating hosts file with Conjur Master and Follower ingress name & port..." + grep -v $CONJUR_MASTER_INGRESS /etc/hosts > /tmp/foo + printf "127.0.0.1\t%s\n" $CONJUR_MASTER_INGRESS >> /tmp/foo + sudo mv /tmp/foo /etc/hosts + fi +} + +############################ main "$@" diff --git a/README.md b/README.md index f45f104..ee4fea0 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Demo root directory (.../cdemo): - docker-compose.yml - file that drives all container builds and configurations. - .env - file of environment variables for client application containers, referenced from docker-compose.yml, dynamically created by 1-setup-containers.sh - load_policy.sh - loads a supplied policy file + - master-control.sh - inspect, pause/unpause, or kill Conjur master. - audit_policy.sh - compares a supplied policy file against current Conjur state, reports any deviations. - watch_container_log.sh - takes no arguments - runs tail on container #1 script logfile to monitor fetch activity - dbpassword_rotator.sh - sets the database password to a random hex value every 5 seconds diff --git a/build/webapp/webapp1.sh b/build/webapp/webapp1.sh index cce3d4e..f20cc1e 100644 --- a/build/webapp/webapp1.sh +++ b/build/webapp/webapp1.sh @@ -2,14 +2,13 @@ printf "\n\n\nExecuting within the container...\n\n" -# environment variables set in .env file +# environment variable values set in .env file generated by startup script: # APP_HOSTNAME - host identity for all instances of this app # VAR_ID - environment variable name to fetch # SLEEP_TIME - environment variable name to fetch -CONJUR_HOST=conjur -#CONJUR_HOST=cdemo_follower_1 -declare ENDPOINT=https://$CONJUR_HOST/api + # use follower, not conjur master +declare ENDPOINT=https://conjur_follower/api declare LOGFILE=cc.log declare INPUT_FILE=/data/foo diff --git a/cluster/0-setup-cluster.sh b/cluster/0-setup-cluster.sh deleted file mode 100755 index efcc569..0000000 --- a/cluster/0-setup-cluster.sh +++ /dev/null @@ -1,146 +0,0 @@ -#!/bin/bash -set -eo pipefail - -CONJUR_MASTER_CNAME="" -CONJUR_INGRESS_NAME=conjur -NUM_STATEFUL_NODES=3 # 1 master + n standbys -NUM_FOLLOWERS=1 -CLUSTER_NAME=dev -CLUSTER_MANAGER_CONT_NAME=cdemo_etcd_1 -CLUSTER_POLICY_FILE=cluster.yml - -main() { - # find master node - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cname in $cont_list; do - crole=$(docker exec $cname sh -c "evoke role") - if [[ $crole == master ]]; then - CONJUR_MASTER_CNAME=$cname - CONJUR_MASTER_IP="$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname)" - break - fi - done - - setup_standbys - setup_followers - setup_etcd -} - -############################# -setup_standbys() { - printf "\n-----\nConfiguring standby nodes...\n" - # generate seed file - docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-standby > /tmp/standby-seed.tar" - # copy to local /tmp - docker cp $CONJUR_MASTER_CNAME:/tmp/standby-seed.tar /tmp/ - - # bring up new nodes - # "no-recreate" prevents recreation of existing nodes - docker-compose up -d --no-recreate --scale "conjur_node=$NUM_STATEFUL_NODES" conjur_node - - # configure each uninitialized stateful node as a standby - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cname in $cont_list; do - crole=$(docker exec $cname sh -c "evoke role") - if [[ "$crole" == "blank" ]]; then - setup_node standby $cname - fi - done - rm /tmp/standby-seed.tar - - printf "\n-----\nWaiting for cluster state to settle...\n" - sleep 10 # give cluster state time to settle, then start synchronous replication - docker exec $CONJUR_MASTER_CNAME bash -c "evoke replication sync" - - # bounce proxy to add new standbys to its configuration - pushd ../etc && ./update_haproxy.sh conjur && popd -} - - -############################# -setup_followers() { - printf "\n-----\nConfiguring follower nodes...\n" - # generate seed file that references haproxy - # and copy to local /tmp - docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed follower $CONJUR_INGRESS_NAME > /tmp/follower-seed.tar" - docker cp $CONJUR_MASTER_CNAME:/tmp/follower-seed.tar /tmp/ - - docker-compose up -d --no-recreate --scale "follower=$NUM_FOLLOWERS" follower - - # configure each uninitialized node as a standby - cont_list=$(docker ps -f "label=role=conjur_follower" --format {{.Names}}) - for cname in $cont_list; do - crole=$(docker exec $cname sh -c "evoke role") - if [[ "$crole" == blank ]]; then - setup_node follower $cname - fi - done - rm /tmp/follower-seed.tar - } - - -############################# -setup_node() { - local CONJUR_ROLE=$1; shift # role is either "standby" or "follower" - local CONTAINER_ID=$1; shift - - echo "Creating $CONJUR_ROLE" - - docker cp /tmp/$CONJUR_ROLE-seed.tar $CONTAINER_ID:/tmp/seed - MASTER_IP_ARG="" - if [[ $CONJUR_ROLE == "standby" ]]; then - MASTER_IP_ARG="-i $CONJUR_MASTER_IP" - fi - docker exec $CONTAINER_ID bash -c "evoke unpack seed /tmp/seed && evoke configure $CONJUR_ROLE -j /src/etc/conjur.json $MASTER_IP_ARG" -} - - -############################# -setup_etcd() { - printf "\n-----\nConfiguring cluster policy...\n" - # startup etcd cluster manager - docker-compose up -d etcd - # build cluster policy file - construct_cluster_policy - - # load policy describing cluster - docker-compose exec cli conjur authn login -u admin -p Cyberark1 - docker-compose exec cli conjur policy load --as-group=security_admin /src/cluster/$CLUSTER_POLICY_FILE - - printf "\n-----\nEnrolling Conjur nodes with cluster manager...\n" - # enroll each stateful node in cluster - for cont_name in $cont_list; do - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - docker exec $cont_name evoke cluster enroll -a $cont_ip -n $cont_name $CLUSTER_NAME - done -} - - -############################# -construct_cluster_policy() { - # create policy file header - cat < $CLUSTER_POLICY_FILE ---- -- !policy - id: conjur/cluster/$CLUSTER_NAME - body: - - !layer - - - &hosts -POLICY_HEADER - # for each stateful node, add hosts entries to policy file - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cont_name in $cont_list; do - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - printf " - !host %s\n" $cont_name >> $CLUSTER_POLICY_FILE - done - # add footer to policy file - cat <> $CLUSTER_POLICY_FILE - - !grant - role: !layer - member: *hosts -POLICY_FOOTER - -} - -main "$@" diff --git a/cluster/0-setup-standbys.sh b/cluster/0-setup-standbys.sh new file mode 100755 index 0000000..5ae711a --- /dev/null +++ b/cluster/0-setup-standbys.sh @@ -0,0 +1,115 @@ +#!/bin/bash +set -eo pipefail + +CONJUR_MASTER_CNAME="" +CONJUR_MASTER_IP="" +CONJUR_MASTER_INGRESS=conjur_master +NUM_STATEFUL_NODES=3 # 1 master + n standbys + +main() { + + find_current_master + start_new_standbys + wait_for_healthy_master + setup_standbys + update_load_balancer + ../inspect-cluster.sh +} + +############################# +find_current_master() { + # find master node, get container name & IP address + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ $crole == master ]]; then + CONJUR_MASTER_CNAME=$cname + CONJUR_MASTER_IP="$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname)" + break + fi + done +} + +############################# +start_new_standbys() { + printf "\n-----\nBringing up new standby node(s)...\n" + # "no-recreate" prevents recreation of existing nodes + docker-compose up -d --no-recreate --scale "conjur_node=$NUM_STATEFUL_NODES" conjur_node +} + +############################# +setup_standbys() { + printf "\n-----\nConfiguring standby nodes...\n" + # generate seed file + docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-standby > /tmp/standby-seed.tar" + # copy to local /tmp + docker cp $CONJUR_MASTER_CNAME:/tmp/standby-seed.tar /tmp/ + + # configure each uninitialized stateful node as a standby + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ "$crole" == "blank" ]]; then + docker cp /tmp/standby-seed.tar $cname:/tmp/seed + docker exec $cname bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" + fi + done + rm /tmp/standby-seed.tar + + wait_for_standbys + # start synchronous replication + docker exec $CONJUR_MASTER_CNAME bash -c "evoke replication sync" +} + + +############################# +wait_for_healthy_master() { + printf "\n-----\nWaiting for master to report healthy...\n" + set +e + while : ; do + printf "..." + sleep 2 + healthy=$(curl -sk https://conjur_master/health | jq -r '.ok') + if [[ $healthy == true ]]; then + break + fi + done + set -e +} + + +############################# +wait_for_standbys() { + printf "\n-----\nWaiting for all standbys to report streaming replication...\n" + set +e + let num_standbys=$NUM_STATEFUL_NODES-1 + while : ; do + printf "..." + sleep 2 + standby_state=$(curl -sk https://conjur_master/health | jq -r '.database.archive_replication_status.pg_stat_replication | .[].state') + all_good=true + standby_count=0 + for i in $standby_state; do + if [[ $i != streaming ]]; then + all_good=false + break + fi + let standby_count=$standby_count+1 + done + if [[ ($all_good == true) && ($standby_count == $num_standbys) ]]; then + break + fi + done + printf "\n" + set -e +} + +############################# +update_load_balancer() { + printf "\n-----\nUpdating load balancer configuration...\n" + pushd ../etc \ + && ./update_haproxy.sh $CONJUR_MASTER_INGRESS \ + && popd +} + +main $@ diff --git a/cluster/1-cluster-failover.sh b/cluster/1-cluster-failover.sh deleted file mode 100755 index c8c9070..0000000 --- a/cluster/1-cluster-failover.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -e -set -o pipefail - -main() { - check_conjur_version - kill_master - wait_for_new_master - ./0-setup-cluster.sh -} - -check_conjur_version() { - printf "\n-----\nChecking if Conjur version supports failover...\n" - conjur_version=$(docker-compose exec cli conjur version | awk -F " " '/Conjur appliance version:/ { print $4 }') - conjur_major=$(echo $conjur_version | awk -F "." '{ print $1 }') - conjur_minor=$(echo $conjur_version | awk -F "." '{ print $2 }') - conjur_point=$(echo $conjur_version | awk -F "." '{ print $3 }') - - if [[ ($conjur_major -ne 4) || (($conjur_minor -lt 10) && ($conjur_point -lt 10)) ]]; then - printf "\nConjur version %i.%i.%i is running.\n" $conjur_major $conjur_minor $conjur_point - printf "Failover is only supported in Conjur version 4.9.10 or greater.\n\n" - exit -1 - fi -} - -kill_master() { - printf "\n-----\nStopping and removing current master...\n" - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cname in $cont_list; do - crole=$(docker exec $cname sh -c "evoke role") - if [[ $crole == master ]]; then - docker stop $cname && docker rm $cname - fi - done -} - -wait_for_new_master() { - printf "\n-----\nWaiting for standby to be promoted to master...\n" - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - MASTER_FOUND=false - while [[ $MASTER_FOUND == false ]]; do - for cname in $cont_list; do - crole=$(docker exec $cname sh -c "evoke role") - if [[ $crole == master ]]; then - MASTER_FOUND=true - fi - done - done -} - -main "$@" diff --git a/cluster/1-trigger-failover.sh b/cluster/1-trigger-failover.sh new file mode 100755 index 0000000..63e9b77 --- /dev/null +++ b/cluster/1-trigger-failover.sh @@ -0,0 +1,130 @@ +#!/bin/bash -e +set -o pipefail + +CLUSTER_NAME=dev +CLUSTER_MANAGER_CONT_NAME="" +CLUSTER_POLICY_FILE=cluster.yml + +main() { + START_TIME=$(date) + check_conjur_version + setup_etcd + kill_master + wait_for_new_master + wait_for_healthy_master + ./0-setup-standbys.sh + END_TIME=$(date) + printf "\nFailover complete. Cluster back in operational state.\n" + printf " Started: %s\n" "$START_TIME" + printf "Completed: %s\n" "$END_TIME" +} + +########################### +check_conjur_version() { + printf "\n-----\nChecking if Conjur version supports failover...\n" + conjur_version=$(docker-compose exec cli conjur version | awk -F " " '/Conjur appliance version:/ { print $4 }') + conjur_major=$(echo $conjur_version | awk -F "." '{ print $1 }') + conjur_minor=$(echo $conjur_version | awk -F "." '{ print $2 }') + conjur_point=$(echo $conjur_version | awk -F "." '{ print $3 }') + + if [[ ($conjur_major -ne 4) || (($conjur_minor -lt 10) && ($conjur_point -lt 10)) ]]; then + printf "\nConjur version %i.%i.%i is running.\n" $conjur_major $conjur_minor $conjur_point + printf "Failover is only supported in Conjur version 4.9.10 or greater.\n\n" + exit -1 + fi +} + +########################### +kill_master() { + printf "\n-----\nKilling current master...\n" + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ $crole == master ]]; then + printf "Stopping: " + docker stop $cname + printf "Removing: " + docker rm $cname + fi + done +} + +########################### +wait_for_new_master() { + printf "\n-----\nWaiting for standby to be promoted to master...\n" + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + MASTER_FOUND=false + while [[ $MASTER_FOUND == false ]]; do + for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + if [[ $crole == master ]]; then + MASTER_FOUND=true + fi + done + done +} + +############################# +wait_for_healthy_master() { + printf "\n-----\nWaiting for master to report healthy...\n" + set +e + while : ; do + printf "..." + sleep 2 + healthy=$(curl -sk https://conjur_master/health | jq -r '.ok') + if [[ $healthy == true ]]; then + break + fi + done + printf "\n" + set -e +} + +############################# +setup_etcd() { + printf "\n-----\nConfiguring etcd cluster manager and cluster policy...\n" + # startup etcd cluster manager + docker-compose up -d etcd + # build cluster policy file + construct_cluster_policy + + # load policy describing cluster + docker-compose exec cli conjur authn login -u admin -p Cyberark1 + docker-compose exec cli conjur policy load --as-group=security_admin /src/cluster/$CLUSTER_POLICY_FILE + + printf "\n-----\nEnrolling Conjur nodes with cluster manager...\n" + # enroll each stateful node in cluster + for cname in $cont_list; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) + docker exec $cname evoke cluster enroll -a $cont_ip -n $cname $CLUSTER_NAME + done +} + +############################# +construct_cluster_policy() { + # create policy file header + cat < $CLUSTER_POLICY_FILE +--- +- !policy + id: conjur/cluster/$CLUSTER_NAME + body: + - !layer + + - &hosts +POLICY_HEADER + # for each stateful node, add hosts entries to policy file + cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + for cname in $cont_list; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) + printf " - !host %s\n" $cname >> $CLUSTER_POLICY_FILE + done + # add footer to policy file + cat <> $CLUSTER_POLICY_FILE + - !grant + role: !layer + member: *hosts +POLICY_FOOTER + +} + +main "$@" diff --git a/cluster/cluster.yml b/cluster/cluster.yml index cc61e53..e7f9676 100644 --- a/cluster/cluster.yml +++ b/cluster/cluster.yml @@ -5,9 +5,9 @@ - !layer - &hosts - - !host cdemo_conjur_node_3 - - !host cdemo_conjur_node_2 - - !host cdemo_conjur_node_1 + - !host cdemo_conjur_node_8 + - !host cdemo_conjur_node_7 + - !host cdemo_conjur_node_6 - !grant role: !layer member: *hosts diff --git a/dbpassword_rotator.sh b/dbpassword_rotator.sh index b342de5..e22a5b9 100755 --- a/dbpassword_rotator.sh +++ b/dbpassword_rotator.sh @@ -3,7 +3,17 @@ VAR_ID=webapp1/database_password while [[ 1 == 1 ]]; do new_value=$(openssl rand -hex 12) - docker-compose exec -T cli conjur variable values add $VAR_ID $new_value &> /dev/null - echo $(date "+%H:%M:%S") "$VAR_ID is now: $new_value" + msg=$(docker-compose exec -T cli conjur variable values add $VAR_ID $new_value) + if [[ "$msg" == "Value added" ]]; then + echo $(date "+%H:%M:%S") "$VAR_ID is now: $new_value" + else + echo $msg + fi + sleep 5 +done + +while [[ 1 == 1 ]]; do + new_pwd=$(openssl rand -hex 12) + error_msg=$(conjur variable values add db/password $new_pwd 2>&1 >/dev/null) sleep 5 done diff --git a/docker-compose.yml b/docker-compose.yml index 4a24016..d0c751a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -22,6 +22,8 @@ services: image: haproxy:conjur hostname: conjur build: ./build/haproxy + labels: + role: "conjur_proxy" volumes: - ./:/src:z ports: @@ -30,11 +32,9 @@ services: entrypoint: /start.sh etcd: - hostname: etcd image: quay.io/coreos/etcd + hostname: etcd build: ./build/etcd - ports: - - 2379:2379 command: - etcd - -debug @@ -64,7 +64,7 @@ services: cli: environment: CONJUR_ACCOUNT: dev - CONJUR_APPLIANCE_URL: https://conjur/api + CONJUR_APPLIANCE_URL: https://conjur_master/api hostname: conjurcli image: my-conjurcli:5.4.0 build: ./build/conjurcli @@ -97,8 +97,8 @@ services: - data:/data entrypoint: /root/webapp1.sh environment: - - APP_HOSTNAME # values for these variables are in .env file - - VAR_ID # written by 1-setup-containers.sh + - APP_HOSTNAME # values for these variables are in .env file + - VAR_ID # written by 1-setup-containers.sh - SLEEP_TIME # VM containers for SSH management demonstration. diff --git a/etc/conjur.conf b/etc/conjur.conf index bbce0da..3d63249 100644 --- a/etc/conjur.conf +++ b/etc/conjur.conf @@ -1,5 +1,5 @@ --- -appliance_url: https://conjur/api +appliance_url: https://conjur_master/api account: dev cert_file: "/etc/conjur-dev.pem" plugins: [] diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 68dd312..004c75a 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -1,3 +1,4 @@ +# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. global maxconn 256 external-check @@ -22,7 +23,8 @@ frontend f_conjur_master_ldap bind *:636 default_backend b_conjur_master_ldap -# HTTP backend info is generated by http_servers.sh +# HTTP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_http mode tcp balance static-rr @@ -30,11 +32,12 @@ backend b_conjur_master_http default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.7:443 check - server cdemo_conjur_node_2 172.18.0.8:443 check - server cdemo_conjur_node_1 172.18.0.2:443 check + server cdemo_conjur_node_9 172.18.0.8:443 check + server cdemo_conjur_node_8 172.18.0.7:443 check + server cdemo_conjur_node_6 172.18.0.2:443 check -# PG backend info is generated by pg_servers.sh +# PG backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp balance static-rr @@ -42,11 +45,12 @@ backend b_conjur_master_pg default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.7:5432 check - server cdemo_conjur_node_2 172.18.0.8:5432 check - server cdemo_conjur_node_1 172.18.0.2:5432 check + server cdemo_conjur_node_9 172.18.0.8:5432 check + server cdemo_conjur_node_8 172.18.0.7:5432 check + server cdemo_conjur_node_6 172.18.0.2:5432 check -# LDAP backend info is generated by ldap_servers.sh +# LDAP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp balance static-rr @@ -54,6 +58,6 @@ backend b_conjur_master_ldap default-server inter 30s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.7:636 check - server cdemo_conjur_node_2 172.18.0.8:636 check - server cdemo_conjur_node_1 172.18.0.2:636 check + server cdemo_conjur_node_9 172.18.0.8:636 check + server cdemo_conjur_node_8 172.18.0.7:636 check + server cdemo_conjur_node_6 172.18.0.2:636 check diff --git a/etc/update_haproxy.sh b/etc/update_haproxy.sh index 3d189ca..73b2234 100755 --- a/etc/update_haproxy.sh +++ b/etc/update_haproxy.sh @@ -9,7 +9,8 @@ destination_file="haproxy.cfg" # takes one argument: the name of the HAProxy container to update main() { haproxy_cname=$1 - cp haproxy.cfg.template $destination_file + echo "# This file is generated by $0 in $(pwd)." > $destination_file + cat haproxy.cfg.template >> $destination_file update_http_servers update_pg_servers update_ldap_servers @@ -22,7 +23,8 @@ main() { update_http_servers() { cat <> $destination_file -# HTTP backend info is generated by http_servers.sh +# HTTP backend info +# Generated by $0 in $(pwd) backend b_conjur_master_http mode tcp balance static-rr @@ -43,7 +45,8 @@ CONFIG update_pg_servers() { cat <> $destination_file -# PG backend info is generated by pg_servers.sh +# PG backend info +# Generated by $0 in $(pwd) backend b_conjur_master_pg mode tcp balance static-rr @@ -64,7 +67,8 @@ CONFIG update_ldap_servers() { cat <> $destination_file -# LDAP backend info is generated by ldap_servers.sh +# LDAP backend info +# Generated by $0 in $(pwd) backend b_conjur_master_ldap mode tcp balance static-rr diff --git a/flist b/flist deleted file mode 100644 index cafb3a7..0000000 --- a/flist +++ /dev/null @@ -1,11 +0,0 @@ - -.. -. -1_set_hf_token.sh -2_get_secret_restapi.sh -2_get_secret_summon.sh -3_cleanup.sh -EDIT.ME -policy.yml -setup_summon.sh -tomcat.xml.erb diff --git a/inspect-cluster.sh b/inspect-cluster.sh new file mode 100755 index 0000000..9eb7807 --- /dev/null +++ b/inspect-cluster.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +printf "\n\nLoad balancer config:\n----------------\n" +docker-compose exec haproxy cat /usr/local/etc/haproxy/haproxy.cfg + +printf "\n\nRunning containers:\n----------------\n" +docker ps --format "{{.Names}}\t\t{{.Status}}" + +printf "\n\nStateful node info:\n----------------\n" +cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) +for cname in $cont_list; do + crole=$(docker exec $cname sh -c "evoke role") + cip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) + printf "%s, %s, %s\n" $cname $crole $cip +done +printf "\n\n" diff --git a/ssh/0-setup-ssh.sh b/ssh/0-setup-ssh.sh index a31d686..b46a494 100755 --- a/ssh/0-setup-ssh.sh +++ b/ssh/0-setup-ssh.sh @@ -2,7 +2,7 @@ set -o pipefail CONJUR_MASTER_ORGACCOUNT=dev -CONJUR_MASTER_URL=https://conjur/api +CONJUR_MASTER_URL=https://conjur_master/api RACK_SERVICE_NAME=vm RACK_POLICY_NAME=rack RACK_POLICY_FILE=$RACK_POLICY_NAME.yml diff --git a/ssh/rack.yml b/ssh/rack.yml index 96bffeb..d6886ef 100644 --- a/ssh/rack.yml +++ b/ssh/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_2 - !host cdemo_vm_1 +- !host cdemo_vm_2 diff --git a/ssh/ssh-mgmt.yml b/ssh/ssh-mgmt.yml index a154622..c1d6cf8 100644 --- a/ssh/ssh-mgmt.yml +++ b/ssh/ssh-mgmt.yml @@ -8,7 +8,7 @@ - !permit roles: - !group /devops -# - !group /developers + - !group /developers privileges: [ read, execute ] resources: - !host /cdemo_vm_1 diff --git a/webapp1-policy.yml b/webapp1-policy.yml index 59a930a..e55e36e 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -10,7 +10,7 @@ - !layer &tomcat_hosts tomcat_hosts - - !permit + - !deny role: *tomcat_hosts privileges: [ read, execute ] resource: *variables From af97924561b3026d5a85cd7cf5c4cea1991f527b Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 2 Dec 2017 14:21:19 -0600 Subject: [PATCH 27/68] remove tarfile ref --- 0-startup-conjur.sh | 6 +++++- cluster/cluster.yml | 6 +++--- etc/haproxy.cfg | 20 ++++++++++---------- etc/install-dependencies.sh | 2 +- ssh/ssh-mgmt.yml | 2 +- 5 files changed, 20 insertions(+), 16 deletions(-) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 42fcce7..9be92f3 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,7 +1,8 @@ #!/bin/bash set -eo pipefail -CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.10.0.0.tar + # EDIT TO POINT TO YOUR LOCAL CONJUR IMAGE TARFILE +CONJUR_CONTAINER_TARFILE="" CONJUR_MASTER_INGRESS=conjur_master CONJUR_FOLLOWER_INGRESS=conjur_follower @@ -13,6 +14,9 @@ main() { all_down # bring down anything still running + docker-compose build haproxy + docker-compose build cli + conjur_master_up haproxy_up cli_up diff --git a/cluster/cluster.yml b/cluster/cluster.yml index e7f9676..dc1bf74 100644 --- a/cluster/cluster.yml +++ b/cluster/cluster.yml @@ -5,9 +5,9 @@ - !layer - &hosts - - !host cdemo_conjur_node_8 - - !host cdemo_conjur_node_7 - - !host cdemo_conjur_node_6 + - !host cdemo_conjur_node_5 + - !host cdemo_conjur_node_4 + - !host cdemo_conjur_node_3 - !grant role: !layer member: *hosts diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 004c75a..9cff8a6 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -1,4 +1,4 @@ -# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. +# This file is generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc. global maxconn 256 external-check @@ -24,7 +24,7 @@ frontend f_conjur_master_ldap default_backend b_conjur_master_ldap # HTTP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +# Generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc backend b_conjur_master_http mode tcp balance static-rr @@ -32,12 +32,12 @@ backend b_conjur_master_http default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_9 172.18.0.8:443 check - server cdemo_conjur_node_8 172.18.0.7:443 check server cdemo_conjur_node_6 172.18.0.2:443 check + server cdemo_conjur_node_5 172.18.0.8:443 check + server cdemo_conjur_node_3 172.18.0.7:443 check # PG backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +# Generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp balance static-rr @@ -45,12 +45,12 @@ backend b_conjur_master_pg default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_9 172.18.0.8:5432 check - server cdemo_conjur_node_8 172.18.0.7:5432 check server cdemo_conjur_node_6 172.18.0.2:5432 check + server cdemo_conjur_node_5 172.18.0.8:5432 check + server cdemo_conjur_node_3 172.18.0.7:5432 check # LDAP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +# Generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp balance static-rr @@ -58,6 +58,6 @@ backend b_conjur_master_ldap default-server inter 30s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_9 172.18.0.8:636 check - server cdemo_conjur_node_8 172.18.0.7:636 check server cdemo_conjur_node_6 172.18.0.2:636 check + server cdemo_conjur_node_5 172.18.0.8:636 check + server cdemo_conjur_node_3 172.18.0.7:636 check diff --git a/etc/install-dependencies.sh b/etc/install-dependencies.sh index d90eeae..236b8f6 100755 --- a/etc/install-dependencies.sh +++ b/etc/install-dependencies.sh @@ -1,7 +1,7 @@ #!/bin/bash -e main() { - yum install -y etcd + sudo yum install -y etcd install_docker install_docker_compose install_jq diff --git a/ssh/ssh-mgmt.yml b/ssh/ssh-mgmt.yml index c1d6cf8..a154622 100644 --- a/ssh/ssh-mgmt.yml +++ b/ssh/ssh-mgmt.yml @@ -8,7 +8,7 @@ - !permit roles: - !group /devops - - !group /developers +# - !group /developers privileges: [ read, execute ] resources: - !host /cdemo_vm_1 From 2bcf4ded11e86d4f1ff23a5f8b14e9b94a753119 Mon Sep 17 00:00:00 2001 From: Brian Kelly Date: Tue, 5 Dec 2017 13:31:24 -0500 Subject: [PATCH 28/68] Adding GPLv3 license --- LICENSE | 674 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 674 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..94a9ed0 --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. From 18cde3e8b7846d43a61f3331abfa5db71efe8126 Mon Sep 17 00:00:00 2001 From: "Joe Garcia, CISSP" Date: Tue, 5 Dec 2017 15:15:29 -0500 Subject: [PATCH 29/68] Show progress while loading from tarfile --- 0-startup-conjur.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 9be92f3..c7e2300 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -70,7 +70,7 @@ conjur_master_up() { if [[ "$(docker images --format {{.Repository}} | grep conjur-appliance)" == "" ]]; then echo "Loading image from tarfile..." - LOAD_MSG=$(docker load -q -i $CONJUR_CONTAINER_TARFILE) + LOAD_MSG=$(docker load -i $CONJUR_CONTAINER_TARFILE) IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message sudo docker tag $IMAGE_ID conjur-appliance:latest fi From 4775c75031c81e7e9d822509832ce388db1d1f30 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Thu, 7 Dec 2017 10:48:22 -0600 Subject: [PATCH 30/68] reset webapp policy to permit access --- 0-startup-conjur.sh | 4 ++-- build/hsm/Dockerfile | 20 ++++++++++++++++++++ build/hsm/README.md | 34 ++++++++++++++++++++++++++++++++++ build/hsm/key.pem | 28 ++++++++++++++++++++++++++++ cluster/cluster.yml | 4 ++-- docker-compose.yml | 4 ++++ etc/haproxy.cfg | 26 +++++++++++++------------- ssh/rack.yml | 2 +- webapp1-policy.yml | 2 +- 9 files changed, 105 insertions(+), 19 deletions(-) create mode 100755 build/hsm/Dockerfile create mode 100755 build/hsm/README.md create mode 100755 build/hsm/key.pem diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 9be92f3..8258662 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -2,7 +2,7 @@ set -eo pipefail # EDIT TO POINT TO YOUR LOCAL CONJUR IMAGE TARFILE -CONJUR_CONTAINER_TARFILE="" +CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.10.0.0.tar CONJUR_MASTER_INGRESS=conjur_master CONJUR_FOLLOWER_INGRESS=conjur_follower @@ -70,7 +70,7 @@ conjur_master_up() { if [[ "$(docker images --format {{.Repository}} | grep conjur-appliance)" == "" ]]; then echo "Loading image from tarfile..." - LOAD_MSG=$(docker load -q -i $CONJUR_CONTAINER_TARFILE) + LOAD_MSG=$(docker load -i $CONJUR_CONTAINER_TARFILE) IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message sudo docker tag $IMAGE_ID conjur-appliance:latest fi diff --git a/build/hsm/Dockerfile b/build/hsm/Dockerfile new file mode 100755 index 0000000..3e43cc2 --- /dev/null +++ b/build/hsm/Dockerfile @@ -0,0 +1,20 @@ +FROM ubuntu:16.04 +MAINTAINER Roland Bracewell Shoemaker + +RUN apt-get update && apt-get install -y softhsm git-core build-essential cmake libssl-dev libseccomp-dev && \ + rm -rf /var/lib/apt/lists/* + +RUN git clone https://github.com/SUNET/pkcs11-proxy && \ + cd pkcs11-proxy && \ + cmake . && make && make install + +COPY key.pem /root/key.pem + +RUN echo "0:/var/lib/softhsm/slot0.db" > /etc/softhsm/softhsm.conf && \ + softhsm --init-token --slot 0 --label key --pin 1234 --so-pin 0000 && \ + softhsm --import /root/key.pem --slot 0 --label key --id BEEF --pin 1234 + +EXPOSE 5657 +ENV PKCS11_DAEMON_SOCKET="tcp://0.0.0.0:5657" +CMD [ "/usr/local/bin/pkcs11-daemon", "/usr/lib/softhsm/libsofthsm.so" ] + diff --git a/build/hsm/README.md b/build/hsm/README.md new file mode 100755 index 0000000..24ba3ce --- /dev/null +++ b/build/hsm/README.md @@ -0,0 +1,34 @@ +# docker-hsm + +![](https://media.giphy.com/media/IrWD6XLtH5jaw/giphy.gif) + +A simple `Dockerfile` that wraps [SoftHSM](https://www.opendnssec.org/softhsm/) using [PKCS11-Proxy](https://github.com/SUNET/pkcs11-proxy) in order +to help test software that interacts with network connected HSMs (and move +signing completely out of process when using SoftHSM locally). Requires +the PKCS11-proxy module to communicate. + +The Slot 0 PIN is set to `1234` and the SO PIN is `0000`. Port `5657` is exposed for +PKCS11 communication. `key.pem` should be replaced with something actually useful +before building the Docker image. + +``` +# build/run the container +$ docker build -t some-unique-name . +... +$ docker run some-unique-name +... + +$ PKCS11_PROXY_SOCKET="tcp://172.17.0.2:5657" pkcs11-tool --module=/usr/lib/libpkcs11-proxy.so -L Available +Available slots: +Slot 0 (0x0): SoftHSM + token label : key + token manufacturer : SoftHSM + token model : SoftHSM + token flags : rng, login required, PIN initialized, token initialized, other flags=0x40 + hardware version : 1.3 + firmware version : 1.3 + serial num : 1 +``` + +**This is not safe. It will not protect your keys. Don't use it for real things.** + diff --git a/build/hsm/key.pem b/build/hsm/key.pem new file mode 100755 index 0000000..e3b5697 --- /dev/null +++ b/build/hsm/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCCkd5mgXFErJ3 +F2M0E9dw+Ta/md5i8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9 +r9tSQcL8VM6WUOM8tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHS +zUYtNKNeFI6Glamj7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p5 +8QkP4LHLShVLXDa8BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aP +kE/cefmP+1xOfUuDHOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w +5qxSPTarAgMBAAECggEAZh00uhjFOo35X1TufwSGF0z/c9uMvfMB4i1ufM2qgXud +WXLSLcrksZhhTfLAS4KSTa3PtSKqLBoPg1tdhy9WZqZWxaIxw8ybzaGtn8HNHGyr +LzsVlSLT2ATN4C7VAT9+DeVext0kWHtdz3r5mGagJq2Yx9jRGpQW6rBA9h4ol699 +BM09UPCcdlGmpdrb0jDjyfohG139EBSmEeB+Jim+oLO1sXe/LvWllU0UL527CExp +ykiIjASd4s7tFErV9sVJ+bDI97GOyBUGcVMiQ+TRPKFr0kfLgbJz24l8ycPI4odp +IGY+6igicg67n5BktAH+UfCQlUIpWbF2SwRAMht0AQKBgQD8gocy2VuCPj285hBY +8g/1GFd58HkCh54bOhAOb2PK+NE4mRuHCBlBj/tQOmgYz2Pna2k5ldJSUwXsUKkx +9R7hutnwXbcQTSQIRcjhYDLeGetJYXR96ylDig+6XjdW3A5SIc2JzlbVThP39TTm +gRqE/rj9G4ARMfHxffp7YT5AqwKBgQDEuN0pYMKjaW0xvc7WYUOqGHqt2di/BwMr +Ur438MtePArELY35P6kDcrfnlacDToA3Tebk9Rw18y1kl3BFO7VdJbQJSa6RWbp5 +aK7E5lq1pCrdyhGwiaI1f5VgzeY8ywS3TqGqU9GOqpENiZqgs1ly9l8gZSaw8/yF +uDWGg7jiAQKBgQCyLtGEmkiuoYkjUR1cBoQoKeMgkwZxOI3jHJfT99ptkiLhU3lP +UfGwiA+JT43BZCdVWEBKeGSP3zIgzdJ3BEekdhvwN9FEWYsBo2zbTOzYOWYExBZV +/KmDlVr/4hge3O3mGyBVDBvOLWh94rRPq+6wxqZ3RP6cI6hdBs7IXZh2PQKBgQDB +rav4kA4xKpvaDCC2yj3/Gmi1/zO5J2NEZQtoMgdXeM+0w5Dy4204Otq7A4jR5Ziw +Wl9H7dZfe1Kmpb5gO1/dHEC7oDJhYjEIVTs0GgMWsFGP2OE/qNHtz/W2wCC8m7jB +7IWYFzvLNTzoUiDNtKYNXGjdkRjdwOlOkcUI8Wi2AQKBgQC9EJsMz/ySt58IvwWy +fQJyg742j21pXHqlMnmHygnSgNa7f3yPQK3FxjvhIPmgu7x8+sSUtXHOjKhZML3p +SdTm/yN487hOYp03jy/wVXLcCDp9XhBeIt/z/TZMPMjAHOLG9xG6cF8AOVq7mLBc +tsDWUHoXPZj/YciXZLq3fPuXyw== +-----END PRIVATE KEY----- diff --git a/cluster/cluster.yml b/cluster/cluster.yml index dc1bf74..620d8ed 100644 --- a/cluster/cluster.yml +++ b/cluster/cluster.yml @@ -5,9 +5,9 @@ - !layer - &hosts - - !host cdemo_conjur_node_5 - - !host cdemo_conjur_node_4 + - !host cdemo_conjur_node_2 - !host cdemo_conjur_node_3 + - !host cdemo_conjur_node_1 - !grant role: !layer member: *hosts diff --git a/docker-compose.yml b/docker-compose.yml index d0c751a..38d90bc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -51,6 +51,10 @@ services: - -initial-cluster - etcd=http://etcd:2380 + hsm: + image: softhsm:latest + build: ./build/hsm + follower: image: conjur-appliance:latest labels: diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 9cff8a6..83646a6 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -1,4 +1,4 @@ -# This file is generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc. +# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. global maxconn 256 external-check @@ -24,7 +24,7 @@ frontend f_conjur_master_ldap default_backend b_conjur_master_ldap # HTTP backend info -# Generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_http mode tcp balance static-rr @@ -32,12 +32,12 @@ backend b_conjur_master_http default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_6 172.18.0.2:443 check - server cdemo_conjur_node_5 172.18.0.8:443 check - server cdemo_conjur_node_3 172.18.0.7:443 check + server cdemo_conjur_node_4 172.18.0.2:443 check + server cdemo_conjur_node_2 172.18.0.10:443 check + server cdemo_conjur_node_3 172.18.0.9:443 check # PG backend info -# Generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp balance static-rr @@ -45,12 +45,12 @@ backend b_conjur_master_pg default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_6 172.18.0.2:5432 check - server cdemo_conjur_node_5 172.18.0.8:5432 check - server cdemo_conjur_node_3 172.18.0.7:5432 check + server cdemo_conjur_node_4 172.18.0.2:5432 check + server cdemo_conjur_node_2 172.18.0.10:5432 check + server cdemo_conjur_node_3 172.18.0.9:5432 check # LDAP backend info -# Generated by ./update_haproxy.sh in /home/demo/mydir/Conjur/cdemo/etc +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp balance static-rr @@ -58,6 +58,6 @@ backend b_conjur_master_ldap default-server inter 30s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_6 172.18.0.2:636 check - server cdemo_conjur_node_5 172.18.0.8:636 check - server cdemo_conjur_node_3 172.18.0.7:636 check + server cdemo_conjur_node_4 172.18.0.2:636 check + server cdemo_conjur_node_2 172.18.0.10:636 check + server cdemo_conjur_node_3 172.18.0.9:636 check diff --git a/ssh/rack.yml b/ssh/rack.yml index d6886ef..96bffeb 100644 --- a/ssh/rack.yml +++ b/ssh/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_1 - !host cdemo_vm_2 +- !host cdemo_vm_1 diff --git a/webapp1-policy.yml b/webapp1-policy.yml index e55e36e..59a930a 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -10,7 +10,7 @@ - !layer &tomcat_hosts tomcat_hosts - - !deny + - !permit role: *tomcat_hosts privileges: [ read, execute ] resource: *variables From efac3e7fab525823c1e2dfb001954fc27333de23 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Thu, 7 Dec 2017 10:49:07 -0600 Subject: [PATCH 31/68] reset webapp policy to permit access --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 456b369..c101e81 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ etc/conjur*.pem log/* ldap/ldap-sync.yml ssh/id* +build/hsm/* From 0b17f449a638c3908396c83b5eaa12465c9f085f Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Thu, 7 Dec 2017 19:44:47 -0600 Subject: [PATCH 32/68] dont err if .env doesnt exist --- 1-setup-containers.sh | 2 +- policy/apps/myapp.yml | 47 +++++++++++++++++++++ policy/apps/myapp_grants.yml | 12 ++++++ policy/policy.yml | 11 +++++ policy/users.yml | 79 ++++++++++++++++++++++++++++++++++++ 5 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 policy/apps/myapp.yml create mode 100644 policy/apps/myapp_grants.yml create mode 100644 policy/policy.yml create mode 100644 policy/users.yml diff --git a/1-setup-containers.sh b/1-setup-containers.sh index 11ce6dd..fae99fe 100755 --- a/1-setup-containers.sh +++ b/1-setup-containers.sh @@ -16,7 +16,7 @@ main() { local NUM_CONTS=$1; shift local SLEEP_TIME=$1; shift - rm .env + rm -f .env # login in cli container as devops admin docker-compose exec -T cli conjur authn login -u bob -p foo diff --git a/policy/apps/myapp.yml b/policy/apps/myapp.yml new file mode 100644 index 0000000..31d54a0 --- /dev/null +++ b/policy/apps/myapp.yml @@ -0,0 +1,47 @@ + +- !policy + id: myapp + body: + - &variables + - !variable + id: database/username + annotations: + description: Application database username + - !variable + id: database/password + annotations: + description: Application database password + - !variable + id: stripe/private_key + annotations: + description: Stripe API key + + - !layer + + - !host-factory + layer: [ !layer ] + + - !group secrets-users + - !group secrets-managers + + # secrets-managers has role secrets-users + - !grant + role: !group secrets-users + member: !group secrets-managers + + # secrets-users can read and execute + - !permit + resource: *variables + privileges: [ read, execute ] + role: !group secrets-users + + # secrets-managers can update (and read and execute, via role grant) + - !permit + resource: *variables + privileges: [ update ] + role: !group secrets-managers + + # Application layer has the secrets-users role + - !grant + role: !group secrets-users + member: !layer diff --git a/policy/apps/myapp_grants.yml b/policy/apps/myapp_grants.yml new file mode 100644 index 0000000..c7bff9c --- /dev/null +++ b/policy/apps/myapp_grants.yml @@ -0,0 +1,12 @@ + +# Grant the team_leads group permission to read+write the "myapp" variables in staging +- !grant + role: !group staging/myapp/secrets-managers + members: + - !group team_leads + +# Grant the security_ops group permission to read+write the "myapp" variables in production +- !grant + role: !group production/myapp/secrets-managers + members: + - !group security_ops diff --git a/policy/policy.yml b/policy/policy.yml new file mode 100644 index 0000000..849fa92 --- /dev/null +++ b/policy/policy.yml @@ -0,0 +1,11 @@ +# Top-level policy file + +# Define "staging" namespace, owned by the "developers" team +- !policy + id: staging + owner: !group developers + +# Define "production" namespace, owned by the "security_ops" team +- !policy + id: production + owner: !group security_ops diff --git a/policy/users.yml b/policy/users.yml new file mode 100644 index 0000000..3041efd --- /dev/null +++ b/policy/users.yml @@ -0,0 +1,79 @@ +# Create groups +- !group security_ops + +- !group team_leads + +- !group developers + +# Grant the less-powerful groups to the more-powerful groups +- !grant + role: !group developers + member: !group team_leads + +- !grant + role: !group team_leads + member: !group security_ops + + +# Create users +- !user + id: jason.vanderhoof + annotations: + first_name: Jason + last_name: Vanderhoof + email: jason.vanderhoof@cyberark.com + +- !user + id: marcel.calisto + annotations: + first_name: Marcel + last_name: Calisto + email: marcel.calisto@cyberark.com + +- !user + id: ernest.alvin + annotations: + first_name: Ernest + last_name: Alvin + email: ernest.alvin@cyberark.com + +- !user + id: victoria.nandita + annotations: + first_name: Victoria + last_name: Nandita + email: victoria.nandita@cyberark.com + +- !user + id: sophie.madelon + annotations: + first_name: Sophie + last_name: Madelon + email: sophie.madelon@cyberark.com + +- !user + id: terrance.blake + annotations: + first_name: Terrance + last_name: Blake + email: terrance.blake@cyberark.com + + +# Grant group roles to users (i.e. add users to groups) +- !grant + role: !group developers + members: + - !user marcel.calisto + - !user ernest.alvin + - !user sophie.madelon + +- !grant + role: !group team_leads + members: + - !user jason.vanderhoof + - !user victoria.nandita + +- !grant + role: !group security_ops + members: + - !user terrance.blake From 0fb69a9df6af499fe5b8f616b11da2cc765bfa65 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 8 Dec 2017 09:24:41 -0600 Subject: [PATCH 33/68] added policy demo --- .README.md.swp | Bin 0 -> 20480 bytes .env | 4 +- README.md | 3 +- ...ependencies.sh => _install-dependencies.sh | 0 etc/haproxy.cfg | 12 +-- ldap/README.md | 3 + policy/0-setup-policies.sh | 6 ++ policy/apps/myapp_grants.yml | 12 --- policy/load_policy.sh | 8 ++ policy/policy.yml | 19 ++++- policy/users.yml | 79 ------------------ policy/{apps/myapp.yml => webapp.yml} | 31 +++---- policy/webapp_grants.yml | 21 +++++ users-policy.yml | 30 +++++-- webapp1-policy.yml | 16 ++-- 15 files changed, 104 insertions(+), 140 deletions(-) create mode 100644 .README.md.swp rename etc/install-dependencies.sh => _install-dependencies.sh (100%) create mode 100644 ldap/README.md create mode 100755 policy/0-setup-policies.sh delete mode 100644 policy/apps/myapp_grants.yml create mode 100755 policy/load_policy.sh delete mode 100644 policy/users.yml rename policy/{apps/myapp.yml => webapp.yml} (50%) create mode 100644 policy/webapp_grants.yml diff --git a/.README.md.swp b/.README.md.swp new file mode 100644 index 0000000000000000000000000000000000000000..1a7c128e15a7b2260a4d136a6591cdae5e0f36b6 GIT binary patch literal 20480 zcmeHOON=8&8SW7BAR!@2P9PF$XC-zPjoa(p4S^AtiN~9Dn4Ou-V;91~DtDLd&a}Hb zUDe}p4iG?s3z2dI@sbb{ClKNiAt6xUfDnjB0*45}B_M%v;24P$eE(n7c6*pvL5M^o zdXyip+tvT8{&yAq3)j2X#3TM?4}bT0-q*kLfhYg|!ykCRevjupm1>oZMnz)i$J74; zS?DZ}5_6&D7upY|eU&$4e&7e`xcb&7=LnnaG+HuwtlVSkHhNf`row% zY7M+;8Ys-5@u7S6FI{Y1Ae?8H&WH!@-+$B4*NAEj)EcNYP-~#pK&^pV1GNTf4b&QV z>ubPdw|bufn{RWhzSn);a_sZ%?)$sl=R?PSztw$Tai1SN_PhI9f7BYNHBf7y)XGfm#Fq0}V)=xqsvi&-)pG&i~8)|99{5yx#&EfEB<)fZyEf zc?sY_z_0G{yk7#o4d?;R0DkmN&zk^RfS2wDUcm3~^1ROjUVDe zz%2lxO+0)V@aNk-?@xdX@EBkT@bYb*cL=x}@G=GwcLBbHfx~sc?SR_=f58Cb(}44U zWx(x#=P<R zAi^kDfl2e}s^={*k;O%FVEJJD8U%zHDY47Hh)!Zuj%ycM5mh6jMCCv{kp^^WU7QYu ziQ-sH(?V#aL}avxBW+Yd>|#kG0+Yv$HgRQpdX!ECL6RnlES4-{&W8wOA_j^~ zMJw!=(af_f!pQU-YN&9AWrCOS23rxVxyW;J2W?or8i>bP97#NyL}pa-0gXa0rwT#N zWYTdUO>cy)(}LyHI!Y5wA~o_N5vOtl?m}hYIwT?Q8Zi(kmctRXqLH>>c%^GZrsN6F z*;`<$@D;pB{ zkaJB7+KhAX&R8^{xWEUcbIc=CA!qH)wxx$3$wJZu|DCjJ%d@3gBytSK=|Q7K=Fb00 z&O0%ZVvJi@w7F>l4Unbc9W{_F%0;kzJ5l96lJ*41;E> z?CV(6V70Yu2%U?>7LO=+k%FjRoh?MHH8Q7Y3w&@Oi0zA=&J+9HozAZ4ZtitXE1@*9FA+z}b!043 zrqfr$J88f7wtaUMp}P+YTteJsgVI4$I9Y^gazT7kj}t(rx`pDO~~9#9f@*zKzp4aIyH ztSt_k4Nqp5h4kSeP#LQOMo{&aLzzdiA46P<6)rd+DvPp|a2_aRfB+g9SsDOM4qe#y9XzV1HLVKGpX9@GNn(hJ#?TF=o^(I68Gdh)^jxE z67Qy}hdV+Q3yItAfHe=F>M8PQYY9w?O*SIUQCUF#>Cz%QAO~^sarcn23gVX0nY(^sGUn#1B!0E=w} zSSjt?X`#K*Wu!Ma9q&?gRWU?|#^lj(2u@0CfMu_3Y*}`qm*5>2; zJ7RBb=Sp{@BOdJ_Rdpy!ZFV;wvnFyvsv~~5w>V~h$Vn!War6xM;?1jg=&H9){X(9m z@P)Ez5X-*r+gsG)Q6#Zf8Y2{=|yt?6tuTN#CP54wG$!3f%@u>;V3PkP3~@zeBy`1_J+S6%S?s zjP!vTgo+LuC}Do6Go+4!(wL7eKq8{e1bKj53_?*qV{fS;hh|1sb>z&XGR=<}}v-UoOcz5WY;=K)>7RloxP z>iu^CJAgI7>*)Kx3m5_hfLj57L;wFhz&8Lxzzx6|z2*|01=fD^U)DzDW0Nf#5@i8 z=f6WR3(cHos6|$xFS>@lq8CAWa7}yJlX0Jhq(HR>kzVI9mdl;4Ja+RX%QkgoA@xdY zF}h+!BT76PamGO_6H`k|$xwyBhyfT?*iDOp+IM;eChe4SJ}PxuqLgL(dQM#tDi9*& zrlqd7C|~Df=1`u*ww#SwG4Y~0juRhEPAOfEWr9cC>r*xbo|4(aamnb(SZ^{wtzfYe z(VMb&>TI%thUShpXJ@|U&>oc|7|WrZu?>0!6Ft5;rkutWZCg!I+8G#BiJVVWe z1*_hpw8OKKl8O%$4yZ|-xwsAsb+N0nVLep)ozSi=N51kgkF!SO`fptprj{iBPl3q* zg{LhJkB*M~OpPlx&n)jw8;%BYon}s zY*|hN2B@HdsLc=lLsWhf`!dsBImK_41EE=EYI)7UD|NBu%)qwuROvb8V&GXRXIF#_ z(cYpji7_l^TjxsMjx5kv@Oec!%i-CR8(6z%ggI0LS;XbE7PVljVaYbp9#h@lpXz3- zF-T+dqAJI%ynGpUK;+9s93rR?wF?QiTj^R4JI(cv#<8#RJ~mYyNve&7QTU)*mwJ$L zz!)V@VRA{NpZW6YgL z3T-b_p_b0S*0H9SI8LHukn&n<3%u}BFNl>)3U@RSDjGNCryA+BIc2RxgAkoB#rL$>4XJPmPx z=hm=*)Z8x2(+V7)VLr$PK|fOOv_L8>_~efx5ClKHNLWIKX+h<{gr_Zbc1LWS z!--eXr&@-|w|dqZdQ3LWnT4vf)vaYQ$eDJ z|673TfPKItfS1tsPXR}O>wrIk#vcGL0+`+#EYj=OY7NvHs5MY)pw>XGfm#D^MGeq2 zYO#)|lCZu{i2i7P*Rj4&IPXL1`-J6$iq7fl`-C*St?v{5U)?995P&0l8cpDCN?PDz zbDCy8Zjkdm;Q1{bT&}`3U^i#NsF3dMVaQs!sYgA(y$Nn-Qn(iIDBnonQB`^U2-CBF E0$ZD<3;+NC literal 0 HcmV?d00001 diff --git a/.env b/.env index 3754f72..a92e51f 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ -APP_HOSTNAME=webapp1%2Ftomcat_host -VAR_ID=webapp1%2Fdatabase_password +APP_HOSTNAME=staging%2Fwebapp1%2Ftomcat_host +VAR_ID=staging%2Fwebapp1%2Fdatabase_password SLEEP_TIME=5 diff --git a/README.md b/README.md index ee4fea0..6483a90 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,9 @@ This is self-contained implementation of a basic Conjur implementation to demonstrate all key capabilities and to serve as a foundation for POCs and implementations. Dependencies: + - TO INSTALL DOCKER, DOCKER-COMPOSE, JQ, ETC - run _install-dependencies.sh - locally available conjur docker image tarfile - v4.9.10 or greater required for auto-failover - request download image via https://www.cyberark.com/get-conjur-enterprise/ - - docker & docker-compose - can be installed w/ ./etc/install-dependencies.sh - internet access required for initial builds, can run standalone after that Demo root directory (.../cdemo): @@ -25,6 +25,7 @@ Demo root directory (.../cdemo): - watch_container_log.sh - takes no arguments - runs tail on container #1 script logfile to monitor fetch activity - dbpassword_rotator.sh - sets the database password to a random hex value every 5 seconds - apikey_rotator.sh - rotates the API key once. + - inspect-cluster.sh Basic demo scenario: Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. diff --git a/etc/install-dependencies.sh b/_install-dependencies.sh similarity index 100% rename from etc/install-dependencies.sh rename to _install-dependencies.sh diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 83646a6..57b0ebd 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -32,9 +32,7 @@ backend b_conjur_master_http default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_4 172.18.0.2:443 check - server cdemo_conjur_node_2 172.18.0.10:443 check - server cdemo_conjur_node_3 172.18.0.9:443 check + server cdemo_conjur_node_1 172.18.0.2:443 check # PG backend info # Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc @@ -45,9 +43,7 @@ backend b_conjur_master_pg default-server inter 5s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_4 172.18.0.2:5432 check - server cdemo_conjur_node_2 172.18.0.10:5432 check - server cdemo_conjur_node_3 172.18.0.9:5432 check + server cdemo_conjur_node_1 172.18.0.2:5432 check # LDAP backend info # Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc @@ -58,6 +54,4 @@ backend b_conjur_master_ldap default-server inter 30s fall 3 rise 2 external-check path "/usr/bin:/usr/local/bin" external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_4 172.18.0.2:636 check - server cdemo_conjur_node_2 172.18.0.10:636 check - server cdemo_conjur_node_3 172.18.0.9:636 check + server cdemo_conjur_node_1 172.18.0.2:636 check diff --git a/ldap/README.md b/ldap/README.md new file mode 100644 index 0000000..9fe0f01 --- /dev/null +++ b/ldap/README.md @@ -0,0 +1,3 @@ +# LDAP demo directory: + - 0-setup-ldap.sh - brings up OpenLDAP server container and loads ldap-boostrap.ldif to populate it + - 1-ldap-sync.sh - imports ldap-sync.yml created by the Conjur web UI LDAP interface diff --git a/policy/0-setup-policies.sh b/policy/0-setup-policies.sh new file mode 100755 index 0000000..4d3e628 --- /dev/null +++ b/policy/0-setup-policies.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -eo pipefail +printf "\n\n-----\nApplying application policies to environments...\n\n" +./load_policy.sh policy.yml +printf "\n\n-----\nBinding admin groups to app secrets_manager roles in environments...\n\n" +./load_policy.sh webapp_grants.yml diff --git a/policy/apps/myapp_grants.yml b/policy/apps/myapp_grants.yml deleted file mode 100644 index c7bff9c..0000000 --- a/policy/apps/myapp_grants.yml +++ /dev/null @@ -1,12 +0,0 @@ - -# Grant the team_leads group permission to read+write the "myapp" variables in staging -- !grant - role: !group staging/myapp/secrets-managers - members: - - !group team_leads - -# Grant the security_ops group permission to read+write the "myapp" variables in production -- !grant - role: !group production/myapp/secrets-managers - members: - - !group security_ops diff --git a/policy/load_policy.sh b/policy/load_policy.sh new file mode 100755 index 0000000..326c433 --- /dev/null +++ b/policy/load_policy.sh @@ -0,0 +1,8 @@ +#!/bin/bash +if [[ -z $1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 +fi +POLICY_FILE=$1 +docker-compose exec cli conjur authn login +docker-compose exec -T cli conjur policy load --as-group security_admin /src/policy/$POLICY_FILE diff --git a/policy/policy.yml b/policy/policy.yml index 849fa92..4da56a6 100644 --- a/policy/policy.yml +++ b/policy/policy.yml @@ -1,11 +1,22 @@ # Top-level policy file -# Define "staging" namespace, owned by the "developers" team +# Developers own the Development environment - !policy - id: staging + id: development owner: !group developers + body: + - !include webapp.yml + +# DevOps owns the Staging environment +- !policy + id: staging + owner: !group devops + body: + - !include webapp.yml -# Define "production" namespace, owned by the "security_ops" team +# SecOps owns the Production environment - !policy id: production - owner: !group security_ops + owner: !group sec_ops + body: + - !include webapp.yml diff --git a/policy/users.yml b/policy/users.yml deleted file mode 100644 index 3041efd..0000000 --- a/policy/users.yml +++ /dev/null @@ -1,79 +0,0 @@ -# Create groups -- !group security_ops - -- !group team_leads - -- !group developers - -# Grant the less-powerful groups to the more-powerful groups -- !grant - role: !group developers - member: !group team_leads - -- !grant - role: !group team_leads - member: !group security_ops - - -# Create users -- !user - id: jason.vanderhoof - annotations: - first_name: Jason - last_name: Vanderhoof - email: jason.vanderhoof@cyberark.com - -- !user - id: marcel.calisto - annotations: - first_name: Marcel - last_name: Calisto - email: marcel.calisto@cyberark.com - -- !user - id: ernest.alvin - annotations: - first_name: Ernest - last_name: Alvin - email: ernest.alvin@cyberark.com - -- !user - id: victoria.nandita - annotations: - first_name: Victoria - last_name: Nandita - email: victoria.nandita@cyberark.com - -- !user - id: sophie.madelon - annotations: - first_name: Sophie - last_name: Madelon - email: sophie.madelon@cyberark.com - -- !user - id: terrance.blake - annotations: - first_name: Terrance - last_name: Blake - email: terrance.blake@cyberark.com - - -# Grant group roles to users (i.e. add users to groups) -- !grant - role: !group developers - members: - - !user marcel.calisto - - !user ernest.alvin - - !user sophie.madelon - -- !grant - role: !group team_leads - members: - - !user jason.vanderhoof - - !user victoria.nandita - -- !grant - role: !group security_ops - members: - - !user terrance.blake diff --git a/policy/apps/myapp.yml b/policy/webapp.yml similarity index 50% rename from policy/apps/myapp.yml rename to policy/webapp.yml index 31d54a0..28df274 100644 --- a/policy/apps/myapp.yml +++ b/policy/webapp.yml @@ -1,47 +1,42 @@ - +--- - !policy - id: myapp + id: webapp1 body: - &variables - - !variable - id: database/username - annotations: - description: Application database username - - !variable - id: database/password + - !variable + id: database_password annotations: description: Application database password - - !variable - id: stripe/private_key - annotations: - description: Stripe API key - !layer - - !host-factory - layer: [ !layer ] + - !host tomcat_host + + - !grant + role: !layer + member: !host tomcat_host - !group secrets-users - !group secrets-managers - # secrets-managers has role secrets-users +# secrets-managers are also secrets-users - !grant role: !group secrets-users member: !group secrets-managers - # secrets-users can read and execute +# secrets-users can discover and fetch - !permit resource: *variables privileges: [ read, execute ] role: !group secrets-users - # secrets-managers can update (and read and execute, via role grant) +# secrets-managers can update (and discover and fetch, via role grant) - !permit resource: *variables privileges: [ update ] role: !group secrets-managers - # Application layer has the secrets-users role +# Application layer is a secrets-user - !grant role: !group secrets-users member: !layer diff --git a/policy/webapp_grants.yml b/policy/webapp_grants.yml new file mode 100644 index 0000000..f7dcd0a --- /dev/null +++ b/policy/webapp_grants.yml @@ -0,0 +1,21 @@ + +# Development role bindings +# developers can fetch & update secrets for myapp in development +- !grant + role: !group development/webapp/secrets-managers + members: + - !group developers + +# Staging role bindings +# devops can fetch & update secrets for myapp in staging +- !grant + role: !group staging/webapp/secrets-managers + members: + - !group devops + +# Production role bindings +# sec_ops can fetch & update secrets for myapp in production +- !grant + role: !group production/webapp/secrets-managers + members: + - !group sec_ops diff --git a/users-policy.yml b/users-policy.yml index eebbd53..bedd370 100644 --- a/users-policy.yml +++ b/users-policy.yml @@ -1,20 +1,34 @@ --- -- !user bob -- !user carol -- !user ted -- !user alice +- !user ted # no group +- !user carol # developer +- !user bob # devops +- !user alice # sec_ops +- !group sec_ops - !group devops - !group developers +# Grant the less-powerful groups to the more-powerful groups - !grant - role: !group devops - members: - !user bob + role: !group developers + member: !group devops +- !grant + role: !group devops + member: !group sec_ops + +# Grant group roles to users - !grant role: !group developers members: - !user carol - - !user ted + +- !grant + role: !group devops + members: + - !user bob + +- !grant + role: !group sec_ops + members: - !user alice diff --git a/webapp1-policy.yml b/webapp1-policy.yml index 59a930a..3c943ab 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -5,16 +5,18 @@ body: - &variables - !variable database_password + annotations: + description: Application database password - - !host &tomcat_host tomcat_host + - !layer - - !layer &tomcat_hosts tomcat_hosts + - !host tomcat_host + + - !grant + role: !layer + member: !host tomcat_host - !permit - role: *tomcat_hosts + role: !layer privileges: [ read, execute ] resource: *variables - - - !grant - role: *tomcat_hosts - member: *tomcat_host From 267b189c19b5ad3f1dd299980a4af4f69b6e1c97 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 8 Dec 2017 09:25:29 -0600 Subject: [PATCH 34/68] added policy demo --- .README.md.swp | Bin 20480 -> 0 bytes .gitignore | 1 + README.md | 9 ++------- 3 files changed, 3 insertions(+), 7 deletions(-) delete mode 100644 .README.md.swp diff --git a/.README.md.swp b/.README.md.swp deleted file mode 100644 index 1a7c128e15a7b2260a4d136a6591cdae5e0f36b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20480 zcmeHOON=8&8SW7BAR!@2P9PF$XC-zPjoa(p4S^AtiN~9Dn4Ou-V;91~DtDLd&a}Hb zUDe}p4iG?s3z2dI@sbb{ClKNiAt6xUfDnjB0*45}B_M%v;24P$eE(n7c6*pvL5M^o zdXyip+tvT8{&yAq3)j2X#3TM?4}bT0-q*kLfhYg|!ykCRevjupm1>oZMnz)i$J74; zS?DZ}5_6&D7upY|eU&$4e&7e`xcb&7=LnnaG+HuwtlVSkHhNf`row% zY7M+;8Ys-5@u7S6FI{Y1Ae?8H&WH!@-+$B4*NAEj)EcNYP-~#pK&^pV1GNTf4b&QV z>ubPdw|bufn{RWhzSn);a_sZ%?)$sl=R?PSztw$Tai1SN_PhI9f7BYNHBf7y)XGfm#Fq0}V)=xqsvi&-)pG&i~8)|99{5yx#&EfEB<)fZyEf zc?sY_z_0G{yk7#o4d?;R0DkmN&zk^RfS2wDUcm3~^1ROjUVDe zz%2lxO+0)V@aNk-?@xdX@EBkT@bYb*cL=x}@G=GwcLBbHfx~sc?SR_=f58Cb(}44U zWx(x#=P<R zAi^kDfl2e}s^={*k;O%FVEJJD8U%zHDY47Hh)!Zuj%ycM5mh6jMCCv{kp^^WU7QYu ziQ-sH(?V#aL}avxBW+Yd>|#kG0+Yv$HgRQpdX!ECL6RnlES4-{&W8wOA_j^~ zMJw!=(af_f!pQU-YN&9AWrCOS23rxVxyW;J2W?or8i>bP97#NyL}pa-0gXa0rwT#N zWYTdUO>cy)(}LyHI!Y5wA~o_N5vOtl?m}hYIwT?Q8Zi(kmctRXqLH>>c%^GZrsN6F z*;`<$@D;pB{ zkaJB7+KhAX&R8^{xWEUcbIc=CA!qH)wxx$3$wJZu|DCjJ%d@3gBytSK=|Q7K=Fb00 z&O0%ZVvJi@w7F>l4Unbc9W{_F%0;kzJ5l96lJ*41;E> z?CV(6V70Yu2%U?>7LO=+k%FjRoh?MHH8Q7Y3w&@Oi0zA=&J+9HozAZ4ZtitXE1@*9FA+z}b!043 zrqfr$J88f7wtaUMp}P+YTteJsgVI4$I9Y^gazT7kj}t(rx`pDO~~9#9f@*zKzp4aIyH ztSt_k4Nqp5h4kSeP#LQOMo{&aLzzdiA46P<6)rd+DvPp|a2_aRfB+g9SsDOM4qe#y9XzV1HLVKGpX9@GNn(hJ#?TF=o^(I68Gdh)^jxE z67Qy}hdV+Q3yItAfHe=F>M8PQYY9w?O*SIUQCUF#>Cz%QAO~^sarcn23gVX0nY(^sGUn#1B!0E=w} zSSjt?X`#K*Wu!Ma9q&?gRWU?|#^lj(2u@0CfMu_3Y*}`qm*5>2; zJ7RBb=Sp{@BOdJ_Rdpy!ZFV;wvnFyvsv~~5w>V~h$Vn!War6xM;?1jg=&H9){X(9m z@P)Ez5X-*r+gsG)Q6#Zf8Y2{=|yt?6tuTN#CP54wG$!3f%@u>;V3PkP3~@zeBy`1_J+S6%S?s zjP!vTgo+LuC}Do6Go+4!(wL7eKq8{e1bKj53_?*qV{fS;hh|1sb>z&XGR=<}}v-UoOcz5WY;=K)>7RloxP z>iu^CJAgI7>*)Kx3m5_hfLj57L;wFhz&8Lxzzx6|z2*|01=fD^U)DzDW0Nf#5@i8 z=f6WR3(cHos6|$xFS>@lq8CAWa7}yJlX0Jhq(HR>kzVI9mdl;4Ja+RX%QkgoA@xdY zF}h+!BT76PamGO_6H`k|$xwyBhyfT?*iDOp+IM;eChe4SJ}PxuqLgL(dQM#tDi9*& zrlqd7C|~Df=1`u*ww#SwG4Y~0juRhEPAOfEWr9cC>r*xbo|4(aamnb(SZ^{wtzfYe z(VMb&>TI%thUShpXJ@|U&>oc|7|WrZu?>0!6Ft5;rkutWZCg!I+8G#BiJVVWe z1*_hpw8OKKl8O%$4yZ|-xwsAsb+N0nVLep)ozSi=N51kgkF!SO`fptprj{iBPl3q* zg{LhJkB*M~OpPlx&n)jw8;%BYon}s zY*|hN2B@HdsLc=lLsWhf`!dsBImK_41EE=EYI)7UD|NBu%)qwuROvb8V&GXRXIF#_ z(cYpji7_l^TjxsMjx5kv@Oec!%i-CR8(6z%ggI0LS;XbE7PVljVaYbp9#h@lpXz3- zF-T+dqAJI%ynGpUK;+9s93rR?wF?QiTj^R4JI(cv#<8#RJ~mYyNve&7QTU)*mwJ$L zz!)V@VRA{NpZW6YgL z3T-b_p_b0S*0H9SI8LHukn&n<3%u}BFNl>)3U@RSDjGNCryA+BIc2RxgAkoB#rL$>4XJPmPx z=hm=*)Z8x2(+V7)VLr$PK|fOOv_L8>_~efx5ClKHNLWIKX+h<{gr_Zbc1LWS z!--eXr&@-|w|dqZdQ3LWnT4vf)vaYQ$eDJ z|673TfPKItfS1tsPXR}O>wrIk#vcGL0+`+#EYj=OY7NvHs5MY)pw>XGfm#D^MGeq2 zYO#)|lCZu{i2i7P*Rj4&IPXL1`-J6$iq7fl`-C*St?v{5U)?995P&0l8cpDCN?PDz zbDCy8Zjkdm;Q1{bT&}`3U^i#NsF3dMVaQs!sYgA(y$Nn-Qn(iIDBnonQB`^U2-CBF E0$ZD<3;+NC diff --git a/.gitignore b/.gitignore index c101e81..384a4dd 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ log/* ldap/ldap-sync.yml ssh/id* build/hsm/* +*.swp diff --git a/README.md b/README.md index 6483a90..bd89b16 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Demo root directory (.../cdemo): - watch_container_log.sh - takes no arguments - runs tail on container #1 script logfile to monitor fetch activity - dbpassword_rotator.sh - sets the database password to a random hex value every 5 seconds - apikey_rotator.sh - rotates the API key once. - - inspect-cluster.sh + - inspect-cluster.sh - echos current state of cluster. Basic demo scenario: Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. @@ -54,11 +54,7 @@ Basic demo scenario: - 1_create_key_for_user.sh - takes 1 argument (user name) - creates SSH key for given user and stored pub key in Conjur - 2_test_fetch_userkey_from_host.sh - takes 2 arguments (user, container name) - tests if container can fetch user's pub key - 3_ssh_user_to_host.sh - takes 2 arguments (user, container) - attempts to ssh as user to container/host - - 4_roles_with_resource_permissions.sh - takes 2 arguments (host:container, privilege) - shows all roles holding privilege on resource - - 5_review_activity_on_resource.sh - takes 1 argument (host:container) - displays audit records for resource - - rack.yml - policy file created and loaded by 0-setup-ssh.sh - - load_policy.sh - utility for loading ssh-mgmt.yml during demo to effect access changes - - ssh-mgmt.yml - defines access policies for Dev and Prod VM access + - 4_roles_with_resource_permissions.sh - takes 2 arguments (host:container, privilege) - shows all roles holding privilege on resource - 5_review_activity_on_resource.sh - takes 1 argument (host:container) - displays audit records for resource - rack.yml - policy file created and loaded by 0-setup-ssh.sh - load_policy.sh - utility for loading ssh-mgmt.yml during demo to effect access changes - ssh-mgmt.yml - defines access policies for Dev and Prod VM access ./simple_hf_example - very basic Host Factory demo: - 1_set_hf_token.sh - one argument: output file, creats HF token, hostname and variable to retrieve @@ -78,7 +74,6 @@ Basic demo scenario: - _conjur_init.sh - Conjur initialization script run from CLI container. - _demo_init.sh - demo initialization script run from CLI container. - conjur.conf, conjur-xxx.pem - configuration files for conjurization - - install-dependencies.sh - installs docker and docker-compose Build directories - all image builds are triggered via docker-compose.yml (i.e. no build scripts): - build/conjurcli: From efda0973939aaebcd717269ef63e727dfdc498de Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 8 Dec 2017 09:36:58 -0600 Subject: [PATCH 35/68] refactored README --- README.md | 51 +++++-------------------------------- build/README.md | 17 +++++++++++++ cluster/README.md | 3 +++ simple_hf_example/README.md | 9 +++++++ splunk/README.md | 2 ++ ssh/README.md | 7 +++++ 6 files changed, 45 insertions(+), 44 deletions(-) create mode 100644 build/README.md create mode 100644 cluster/README.md create mode 100644 simple_hf_example/README.md create mode 100644 splunk/README.md create mode 100644 ssh/README.md diff --git a/README.md b/README.md index bd89b16..f2dfee8 100644 --- a/README.md +++ b/README.md @@ -42,52 +42,15 @@ Basic demo scenario: - 2-shutdown-containers.sh - brings down all webapp containers. - docker-compose down - brings down all containers incl. conjur, cli & scope. -./ldap - LDAP demo directory: - - 0-setup-ldap.sh - brings up OpenLDAP server container and loads ldap-boostrap.ldif to populate it - - 1-ldap-sync.sh - imports ldap-sync.yml created by the Conjur web UI LDAP interface - -./splunk - Splunk demo directory: - - 0-setup-splunk.sh - brings up the Splunk Enterprise container - watch the log till you see its listening then ctrl-C - -./ssh - SSH demo directory: - - 0-setup-ssh.sh - takes 1 argument for # of "rack VMs" to bring up, configures each w/ Chef cookbook - - 1_create_key_for_user.sh - takes 1 argument (user name) - creates SSH key for given user and stored pub key in Conjur - - 2_test_fetch_userkey_from_host.sh - takes 2 arguments (user, container name) - tests if container can fetch user's pub key - - 3_ssh_user_to_host.sh - takes 2 arguments (user, container) - attempts to ssh as user to container/host - - 4_roles_with_resource_permissions.sh - takes 2 arguments (host:container, privilege) - shows all roles holding privilege on resource - 5_review_activity_on_resource.sh - takes 1 argument (host:container) - displays audit records for resource - rack.yml - policy file created and loaded by 0-setup-ssh.sh - load_policy.sh - utility for loading ssh-mgmt.yml during demo to effect access changes - ssh-mgmt.yml - defines access policies for Dev and Prod VM access - -./simple_hf_example - very basic Host Factory demo: - - 1_set_hf_token.sh - one argument: output file, creats HF token, hostname and variable to retrieve - - 2_get_secret_restapi.sh - one argument: outfile from above, redeems HF token, retrieves variable w/ REST API - - 2_get_secret_summon.sh - one argument: outfile from above, redeems HF token, retrieves variable w/ Summon - - 3_cleanup.sh - deletes old HF tokens - - EDIT.ME - connection info for Conjur - - policy.yml - webapp policy to create variable for retrieval - - setup_summon.sh - installs summon - - tomcat.xml.erb - example template for secrets injection via Summon - -./cluster - adds standbys and a follower to cluster: - - 0-setup-cluster.sh - brings cluster to default state of 1-master/2-standbys/1-follower - - 1-cluster-failover.sh - removes current master to trigger auto-failover, adds replacement standy - ./etc directory: - _conjur_init.sh - Conjur initialization script run from CLI container. - _demo_init.sh - demo initialization script run from CLI container. - conjur.conf, conjur-xxx.pem - configuration files for conjurization -Build directories - all image builds are triggered via docker-compose.yml (i.e. no build scripts): - - build/conjurcli: - - Dockerfile - builds a rich Conjur CLI client container - - build/etcd: - - Dockerfile - builds a container to run etcd cluster - - build/ldap: - - Dockerfile - builds a OpenLDAP server container - - build/splunk - - Dockerfile - builds a Splunk Enterprise container - - build/vm: - - Dockerfile - builds a "rack VM" image for SSH key management demo - - configure-ssh.sh - script to startup services on rack VM after configuration - - build/webapp: - - Dockerfile - builds webapp image based on Alpine w/ bash and curl installed - - webapp1.sh - script loaded into image as entry point when container is started. It is resilient to API key rotation. - +Demo directories: + - ./cluster - adds standbys to cluster and shows failover + - ./ldap - shows LDAP synchronization w/ an OpenLDAP server + - ./policy - shows how to apply policies across multiple environments + - ./splunk - brings up Splunk to monitor audit messages and NGINX logs + - ./ssh - shows how to use policies to control SSH and sudo on hosts + - ./simple_hf_example - a very basic Host Factory demo diff --git a/build/README.md b/build/README.md new file mode 100644 index 0000000..28899ca --- /dev/null +++ b/build/README.md @@ -0,0 +1,17 @@ +# Build directories + +All image builds are triggered via docker-compose.yml (i.e. no build scripts): + - build/conjurcli: + - Dockerfile - builds a rich Conjur CLI client container + - build/etcd: + - Dockerfile - builds a container to run etcd cluster + - build/ldap: + - Dockerfile - builds a OpenLDAP server container + - build/splunk + - Dockerfile - builds a Splunk Enterprise container + - build/vm: + - Dockerfile - builds a "rack VM" image for SSH key management demo + - configure-ssh.sh - script to startup services on rack VM after configuration + - build/webapp: + - Dockerfile - builds webapp image based on Alpine w/ bash and curl installed + - webapp1.sh - script loaded into image as entry point when container is started. It is resilient to API key rotation. diff --git a/cluster/README.md b/cluster/README.md new file mode 100644 index 0000000..d486e07 --- /dev/null +++ b/cluster/README.md @@ -0,0 +1,3 @@ +# adds standbys to cluster and shows failover + - 0-setup-cluster.sh - brings cluster to default state of 1-master/2-standbys/1-follower + - 1-cluster-failover.sh - removes current master to trigger auto-failover, adds replacement standy diff --git a/simple_hf_example/README.md b/simple_hf_example/README.md new file mode 100644 index 0000000..ba61332 --- /dev/null +++ b/simple_hf_example/README.md @@ -0,0 +1,9 @@ +# A very basic Host Factory demo + - 1_set_hf_token.sh - one argument: output file, creats HF token, hostname and variable to retrieve + - 2_get_secret_restapi.sh - one argument: outfile from above, redeems HF token, retrieves variable w/ REST API + - 2_get_secret_summon.sh - one argument: outfile from above, redeems HF token, retrieves variable w/ Summon + - 3_cleanup.sh - deletes old HF tokens + - EDIT.ME - connection info for Conjur + - policy.yml - webapp policy to create variable for retrieval + - setup_summon.sh - installs summon + - tomcat.xml.erb - example template for secrets injection via Summon diff --git a/splunk/README.md b/splunk/README.md new file mode 100644 index 0000000..a3ba96a --- /dev/null +++ b/splunk/README.md @@ -0,0 +1,2 @@ +# Splunk demo directory: + - 0-setup-splunk.sh - brings up the Splunk Enterprise container - watch the log till you see its listening then ctrl-C diff --git a/ssh/README.md b/ssh/README.md new file mode 100644 index 0000000..6df6ede --- /dev/null +++ b/ssh/README.md @@ -0,0 +1,7 @@ +# SSH demo directory + + - 0-setup-ssh.sh - takes 1 argument for # of "rack VMs" to bring up, configures each w/ Chef cookbook + - 1_create_key_for_user.sh - takes 1 argument (user name) - creates SSH key for given user and stored pub key in Conjur + - 2_test_fetch_userkey_from_host.sh - takes 2 arguments (user, container name) - tests if container can fetch user's pub key + - 3_ssh_user_to_host.sh - takes 2 arguments (user, container) - attempts to ssh as user to container/host + - 4_roles_with_resource_permissions.sh - takes 2 arguments (host:container, privilege) - shows all roles holding privilege on resource - 5_review_activity_on_resource.sh - takes 1 argument (host:container) - displays audit records for resource - rack.yml - policy file created and loaded by 0-setup-ssh.sh - load_policy.sh - utility for loading ssh-mgmt.yml during demo to effect access changes - ssh-mgmt.yml - defines access policies for Dev and Prod VM access From 0211a8f9706d03de7fc61d458c7b7697bf0d2e10 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 8 Dec 2017 09:49:51 -0600 Subject: [PATCH 36/68] readme tweaks --- README.md | 10 +++++----- build/README.md | 8 +++++++- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f2dfee8..eb801f0 100644 --- a/README.md +++ b/README.md @@ -42,11 +42,6 @@ Basic demo scenario: - 2-shutdown-containers.sh - brings down all webapp containers. - docker-compose down - brings down all containers incl. conjur, cli & scope. -./etc directory: - - _conjur_init.sh - Conjur initialization script run from CLI container. - - _demo_init.sh - demo initialization script run from CLI container. - - conjur.conf, conjur-xxx.pem - configuration files for conjurization - Demo directories: - ./cluster - adds standbys to cluster and shows failover - ./ldap - shows LDAP synchronization w/ an OpenLDAP server @@ -54,3 +49,8 @@ Demo directories: - ./splunk - brings up Splunk to monitor audit messages and NGINX logs - ./ssh - shows how to use policies to control SSH and sudo on hosts - ./simple_hf_example - a very basic Host Factory demo + +./etc directory: + - _conjur_init.sh - Conjur initialization script run from CLI container. + - _demo_init.sh - demo initialization script run from CLI container. + - conjur.conf, conjur-xxx.pem - configuration files for conjurization diff --git a/build/README.md b/build/README.md index 28899ca..cb81089 100644 --- a/build/README.md +++ b/build/README.md @@ -4,7 +4,13 @@ All image builds are triggered via docker-compose.yml (i.e. no build scripts): - build/conjurcli: - Dockerfile - builds a rich Conjur CLI client container - build/etcd: - - Dockerfile - builds a container to run etcd cluster + - Dockerfile - builds a container to run etcd cluster manager + - build/haproxy: + - Dockerfile - builds HAproxy health checking load balancer + - conjur-health-check.sh - script HA proxy runs to route request to healthy master + - start.sh - entrypoint for container + - build/hsm: + - work in progress - not ready to show yet. - build/ldap: - Dockerfile - builds a OpenLDAP server container - build/splunk From 8357bfd25635d1fb86a90a457e8555368b647d53 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Fri, 8 Dec 2017 09:52:16 -0600 Subject: [PATCH 37/68] Update README.md --- build/README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/build/README.md b/build/README.md index cb81089..2aac149 100644 --- a/build/README.md +++ b/build/README.md @@ -1,23 +1,23 @@ # Build directories All image builds are triggered via docker-compose.yml (i.e. no build scripts): - - build/conjurcli: + - conjurcli: - Dockerfile - builds a rich Conjur CLI client container - - build/etcd: + - etcd: - Dockerfile - builds a container to run etcd cluster manager - - build/haproxy: + - haproxy: - Dockerfile - builds HAproxy health checking load balancer - conjur-health-check.sh - script HA proxy runs to route request to healthy master - start.sh - entrypoint for container - - build/hsm: + - hsm: - work in progress - not ready to show yet. - - build/ldap: + - ldap: - Dockerfile - builds a OpenLDAP server container - - build/splunk + - splunk - Dockerfile - builds a Splunk Enterprise container - - build/vm: + - vm: - Dockerfile - builds a "rack VM" image for SSH key management demo - configure-ssh.sh - script to startup services on rack VM after configuration - - build/webapp: + - webapp: - Dockerfile - builds webapp image based on Alpine w/ bash and curl installed - webapp1.sh - script loaded into image as entry point when container is started. It is resilient to API key rotation. From 4d801ee02904c036e7decd5a424e78584ca96b82 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Fri, 8 Dec 2017 11:34:30 -0600 Subject: [PATCH 38/68] refactored policy demo --- _install-dependencies.sh | 3 +++ policy/0-setup-policies.sh | 16 ++++++++++---- policy/{ => apps}/webapp.yml | 0 policy/apps/webapp_role_bindings.yml | 33 ++++++++++++++++++++++++++++ policy/dev-policy.yml | 8 +++++++ policy/load_policy.sh | 2 +- policy/master-policy.yml | 9 ++++++++ policy/policy.yml | 22 ------------------- policy/prod-policy.yml | 8 +++++++ policy/test-policy.yml | 8 +++++++ policy/webapp_grants.yml | 21 ------------------ users-policy.yml | 4 ++-- webapp1-policy.yml | 2 -- 13 files changed, 84 insertions(+), 52 deletions(-) rename policy/{ => apps}/webapp.yml (100%) create mode 100644 policy/apps/webapp_role_bindings.yml create mode 100644 policy/dev-policy.yml create mode 100644 policy/master-policy.yml delete mode 100644 policy/policy.yml create mode 100644 policy/prod-policy.yml create mode 100644 policy/test-policy.yml delete mode 100644 policy/webapp_grants.yml diff --git a/_install-dependencies.sh b/_install-dependencies.sh index 236b8f6..c456d37 100755 --- a/_install-dependencies.sh +++ b/_install-dependencies.sh @@ -51,6 +51,9 @@ configure_env() { sudo echo PATH=\$PATH:/usr/local/bin >> /etc/bashrc sudo chmod go-w /etc/bashrc . ~/.bashrc + # bounce IP forwarding to reset route through any proxy + sudo sysctl -w net.ipv4.ip_forward=0 + sudo sysctl -w net.ipv4.ip_forward=1 } main $@ diff --git a/policy/0-setup-policies.sh b/policy/0-setup-policies.sh index 4d3e628..5aad3bc 100755 --- a/policy/0-setup-policies.sh +++ b/policy/0-setup-policies.sh @@ -1,6 +1,14 @@ #!/bin/bash set -eo pipefail -printf "\n\n-----\nApplying application policies to environments...\n\n" -./load_policy.sh policy.yml -printf "\n\n-----\nBinding admin groups to app secrets_manager roles in environments...\n\n" -./load_policy.sh webapp_grants.yml +clear +printf "\nFirst let\'s look at the webapp1 application policy.\n" +printf "Note the roles for secrets_users and secrets_managers:\n\n" +read -n 1 -s -r -p "Press any key when ready..." +clear +more apps/webapp.yml + +printf "\n\n-----\nLoading master policy, which:\n" +printf "\t- applies application policies across all environments\n" +printf "\t- applies the policies that bind users to application roles.\n\n" +printf "This requires security_admin credentials.\n\n" +./load_policy.sh master-policy.yml diff --git a/policy/webapp.yml b/policy/apps/webapp.yml similarity index 100% rename from policy/webapp.yml rename to policy/apps/webapp.yml diff --git a/policy/apps/webapp_role_bindings.yml b/policy/apps/webapp_role_bindings.yml new file mode 100644 index 0000000..000b38c --- /dev/null +++ b/policy/apps/webapp_role_bindings.yml @@ -0,0 +1,33 @@ + +###################################### +# Dev environment role bindings + +# developers can fetch & update secrets for webapp in development +- !grant + role: !group dev/webapp1/secrets-managers + members: + - !group developers + +###################################### +# Test environment role bindings for webapp1 + +# devops can fetch & update secrets for webapp in Test +- !grant + role: !group test/webapp1/secrets-managers + members: + - !group devops + +###################################### +# Production environment role bindings for webapp1 + +# sec_ops can fetch & update secrets for webapp in Prod +- !grant + role: !group prod/webapp1/secrets-managers + members: + - !group sec_ops + +# devops can fetch (but not update) secrets for webapp1 in Prod +- !grant + role: !group prod/webapp1/secrets-users + members: + - !group devops diff --git a/policy/dev-policy.yml b/policy/dev-policy.yml new file mode 100644 index 0000000..c495dc0 --- /dev/null +++ b/policy/dev-policy.yml @@ -0,0 +1,8 @@ +# Development environment policy + +# Developers own the Dev environment +- !policy + id: dev + owner: !group developers + body: + - !include apps/webapp.yml diff --git a/policy/load_policy.sh b/policy/load_policy.sh index 326c433..ed69e01 100755 --- a/policy/load_policy.sh +++ b/policy/load_policy.sh @@ -5,4 +5,4 @@ if [[ -z $1 ]] ; then fi POLICY_FILE=$1 docker-compose exec cli conjur authn login -docker-compose exec -T cli conjur policy load --as-group security_admin /src/policy/$POLICY_FILE +docker-compose exec -T cli bash -c "cd /src/policy && conjur policy load --as-group security_admin $POLICY_FILE" diff --git a/policy/master-policy.yml b/policy/master-policy.yml new file mode 100644 index 0000000..311a778 --- /dev/null +++ b/policy/master-policy.yml @@ -0,0 +1,9 @@ +# Top-level policy file + +# Environment policies +- !include dev-policy.yml +- !include test-policy.yml +- !include prod-policy.yml + +# Policies to bind users to application roles +- !include apps/webapp_role_bindings.yml diff --git a/policy/policy.yml b/policy/policy.yml deleted file mode 100644 index 4da56a6..0000000 --- a/policy/policy.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Top-level policy file - -# Developers own the Development environment -- !policy - id: development - owner: !group developers - body: - - !include webapp.yml - -# DevOps owns the Staging environment -- !policy - id: staging - owner: !group devops - body: - - !include webapp.yml - -# SecOps owns the Production environment -- !policy - id: production - owner: !group sec_ops - body: - - !include webapp.yml diff --git a/policy/prod-policy.yml b/policy/prod-policy.yml new file mode 100644 index 0000000..5c709da --- /dev/null +++ b/policy/prod-policy.yml @@ -0,0 +1,8 @@ +# Production environment policy + +# SecOps owns the Production environment +- !policy + id: prod + owner: !group sec_ops + body: + - !include apps/webapp.yml diff --git a/policy/test-policy.yml b/policy/test-policy.yml new file mode 100644 index 0000000..9b2fb4e --- /dev/null +++ b/policy/test-policy.yml @@ -0,0 +1,8 @@ +# Test environment policy + +# DevOps owns the Test environment +- !policy + id: test + owner: !group devops + body: + - !include apps/webapp.yml diff --git a/policy/webapp_grants.yml b/policy/webapp_grants.yml deleted file mode 100644 index f7dcd0a..0000000 --- a/policy/webapp_grants.yml +++ /dev/null @@ -1,21 +0,0 @@ - -# Development role bindings -# developers can fetch & update secrets for myapp in development -- !grant - role: !group development/webapp/secrets-managers - members: - - !group developers - -# Staging role bindings -# devops can fetch & update secrets for myapp in staging -- !grant - role: !group staging/webapp/secrets-managers - members: - - !group devops - -# Production role bindings -# sec_ops can fetch & update secrets for myapp in production -- !grant - role: !group production/webapp/secrets-managers - members: - - !group sec_ops diff --git a/users-policy.yml b/users-policy.yml index bedd370..149478c 100644 --- a/users-policy.yml +++ b/users-policy.yml @@ -4,9 +4,9 @@ - !user bob # devops - !user alice # sec_ops -- !group sec_ops -- !group devops - !group developers +- !group devops +- !group sec_ops # Grant the less-powerful groups to the more-powerful groups - !grant diff --git a/webapp1-policy.yml b/webapp1-policy.yml index 3c943ab..164f4b2 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -5,8 +5,6 @@ body: - &variables - !variable database_password - annotations: - description: Application database password - !layer From 5872a72e1ad66163a15fd75c714fa2d9457ad198 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Wed, 13 Dec 2017 13:49:37 -0600 Subject: [PATCH 39/68] add prompt in 3-shutdown-all.sh to prevent inadvertent shutdowns --- .env | 4 ++-- 0-startup-conjur.sh | 2 +- 3-shutdown-all.sh | 10 ++++++++++ Create CentOS 7 VM.pdf | Bin 0 -> 55756 bytes .../1_set_hf_token.sh | 0 .../2_get_secret_restapi.sh | 0 .../2_get_secret_summon.sh | 0 .../3_cleanup.sh | 0 {simple_hf_example => host_factory}/EDIT.ME | 0 {simple_hf_example => host_factory}/README.md | 0 {simple_hf_example => host_factory}/policy.yml | 0 .../setup_summon.sh | 4 +--- .../tomcat.xml.erb | 0 ssh/rack.yml | 2 +- 14 files changed, 15 insertions(+), 7 deletions(-) create mode 100644 Create CentOS 7 VM.pdf rename {simple_hf_example => host_factory}/1_set_hf_token.sh (100%) rename {simple_hf_example => host_factory}/2_get_secret_restapi.sh (100%) rename {simple_hf_example => host_factory}/2_get_secret_summon.sh (100%) rename {simple_hf_example => host_factory}/3_cleanup.sh (100%) rename {simple_hf_example => host_factory}/EDIT.ME (100%) rename {simple_hf_example => host_factory}/README.md (100%) rename {simple_hf_example => host_factory}/policy.yml (100%) rename {simple_hf_example => host_factory}/setup_summon.sh (52%) rename {simple_hf_example => host_factory}/tomcat.xml.erb (100%) diff --git a/.env b/.env index a92e51f..3754f72 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ -APP_HOSTNAME=staging%2Fwebapp1%2Ftomcat_host -VAR_ID=staging%2Fwebapp1%2Fdatabase_password +APP_HOSTNAME=webapp1%2Ftomcat_host +VAR_ID=webapp1%2Fdatabase_password SLEEP_TIME=5 diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 8258662..c7e2300 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -2,7 +2,7 @@ set -eo pipefail # EDIT TO POINT TO YOUR LOCAL CONJUR IMAGE TARFILE -CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.10.0.0.tar +CONJUR_CONTAINER_TARFILE="" CONJUR_MASTER_INGRESS=conjur_master CONJUR_FOLLOWER_INGRESS=conjur_follower diff --git a/3-shutdown-all.sh b/3-shutdown-all.sh index 6bd3af9..321162f 100755 --- a/3-shutdown-all.sh +++ b/3-shutdown-all.sh @@ -1,3 +1,13 @@ #!/bin/bash -e + +printf "\n\nBringing down all running containers.\n" +printf "\n\n\tThis will destroy your currently running environment - proceed?\n\n" +select yn in "Yes" "No"; do + case $yn in + Yes ) break;; + No ) exit -1;; + esac +done + docker-compose down -v diff --git a/Create CentOS 7 VM.pdf b/Create CentOS 7 VM.pdf new file mode 100644 index 0000000000000000000000000000000000000000..da1f46fb55b8a7c911b778f8438515042ff0a74d GIT binary patch literal 55756 zcmbq*WmsKXvMufw+}XIh2X}XOcXtTx?(QzZ6Ck*|OCY$ryF>Cwa?*YJcHj5<``(|u z)~Yq7=49?&HL6BIDlaTb%SguzL)y1{wR>E8oj27t0K)=c0N5E?!f^g?&#%LC6< zPJNy|2H*LxdKZzqu4Z4H&N+8tOSVKRR@xRLY;8XcUM&(N3#lvQnZ{7_Bzbybn#O)- zm^VQEp^SduNj-BiAt{Ug_u#S51HD)85vFGuk zgZ@Le_!d-Kaq~R*nU;;7WY;dMs>W)Gr6$e9legb}k6A4$A}YV^q|Ui2@HKS%+wh=@ za&Dp0_!Z&7>QH3Ol%Q^$80L)=JA%h5Va*LM5?9QO#U7XU>0}&zvUM$5;YE~vpW>#S zW!D02>&>9Uex_>ETB9lc1pnyP?v9Z1e0p|%z5iTJnHk&NwwAWaR$ve}U?DworXRUX zWuShJUo5Tyn(H9`p?y-g`2s7mKxZZ86Cmg~`l`C3xsHQk<4Si=*7tRZW`i4khFcO- zVz8)m4D(TM=dv?xxI4lm3`dE1K_V4Dd8<03e1%XM(+U)u*z&Tdknvcwqh3Ka!H-nJ z2j3)l{vG`Im=GP53MI&ZI-630Dzb+WAqFupDJpPp_6k3cxAKqz=7l2ze4QWkzh@3c1VU=*vk+KtcR5A&j`-hz~3y!y05cUazrMxC3lCNy0n~WaXU9p1& z&PI2wt>*zMTA9t!1w>(3w==U{;;}Co>>>H)*B?4dEcWLG#9<%2V-V=WuChcVg4RtW zGD;beKYo{cR8}maU=x8JZKZ5%rFUx`WKT_P@=>Bym0?{6cXAh4g>bpvRQ!I&wEd&A zJxQ`XDSl2nm=sP-3~OmUhhQx>LxrmqvkaZj3Y~udd?C=qvT6dQxAmha3Z#m$)f;Xd5Cy$l;*tf%-=G1hx~9KLmQQ97^+`3moWP#Gd*-{Q!d1 z-wxZ=4kxi7^PW5*-JdrAtUIBMngeqra#0VHsIV-UXXv$8R5sng?Jy{(G;W zY%&r4{da5P`M2wiwWKIAd>!WW1}-Bn%Wa5t`RUr2T~dKH4RX-%CGeiJOi0?WLlIEI zJ7}=V8k-eja35jebb3_Elbtr=;NUED0^6}GUgKxR<~90CEV+T8RD=d{!OlpufDfy2 zb0shG-uO$%MC0~~NX496-eIV0yh|lVe65*d4}L<#sf6GA9L|Jf?b$PNnd~p;$K;l@8=CkJ0!$vE_O16r@?U4A|WGR}fS{v4s>^#mP_m*;QlrkeuQfYK~5A8&-PmE^(e3xhdsm!89CWmhgyoQHpb#~^%|ol zYM(-j2gLdgsrEsemEJdO;ba>7wHIOK*u4R zjiCpV(ea&A9ckd^BW9&D`i>&dEjrkOa90dE?2)r^cM>AH zG5NkG#tk|P*?!5D+p^AFoX8vqux?(A?Q&_0#*nar9f9ijKuH$S5F<%!YoJ~gP9^>j zoI{K)kX*!vbJ)WH*$FLnBS+hocR2X%l1TOhQ^%|Gt)z>M^4Oty87*t^F0Td+tQC~9 z3L1l`#Ah+#%(q3zoY;KLE=Y*T&D+*Y=IBL62bk`HNahuHAUPw$CO@66X)+${x2kZ6rDO*_#yWiZ z%pN9A=i;K~vTdW$$YlZMSgFcBiCpcWd72_#<3)aaw$w5P2Gjs_h2b`+MTMSzBRVSW zJ##G5HR$-n$XE`y_Dn~n9TyoRvjMP(PAmFZ(l?Ztq#n(7W83=PK_+r%}M zKb?zQRaJD@5ZPhLvT>u17H)7rK9Hunxga~ig&RAJRbMez%V#}2`aI`4N5_{){)wFe zgIJ<<-Fjs25r+mX;&Nnku48pBbI$h(j~tLK)`5}_zRRWS{a~+td;(ktg$KFbcL_tl zt{&Q_=*rdO#2OSA5dj-$cM6sXPs#0OIGVW!j1H(+_3D@a+2 zv2r)gfPEAmyrGXkH|?a_<)jeNS%odbqvKAk6>K~D_cJz+;a@q#QLn_%JVa;1$yvFh zrEg^ng47TUeaY}y@X3{>Rg}WwQ`HYYB?&>QcSp5RsdxKlMaHNomBl+LjmTgS+NGET z${SO{aE=UPEY=&9!0DvV032_oQ%Y8u)1cae(?CVT>~S|7EGF}Lfb)gLSBOwDw7S}? zCT+st;=aLg$D!_8NlsxB^{8ME2NB zL|df`0nsg>az{bhFBa8#9JchTa#_RC%9UEuK`y}QHG?Zyefh!s`Z};Nl6GLaQTLRY zmuGW9>!JKFoKrP$5%VYHKvcR4qYUGrQEeNk5`EEw&z3rT@W`2Tz#);>DNNWX1R52t zr@#%p@N>99XzmgmS%Fdf(I`$xA#*;LU%Il$5WyoE;ch6tfN~x(**YP;o$(iy?kgiD zCyEMN%`3F#YBoPznts?xTaZ8{Gfl%+;m_PwB^>r)awjf$_c(njoKG*DUSLQ^6~o6xp2M4P~bK{~g;JML#iN{aPFwK?d^uPuKB zt4cp#NzFdupwBMG4A3;MFm^^iJ#PGR@2a2+wV+Mx-BF%kdpIPf;teD&Ym4Ur4#dTI z4#Yrab|Fd|E>U*7++XU*C5B!@;O3sXlJMEWax{aU;Ay03CHwKHDax&+u<1k*>Bdq( ziqsWh>~Kbk*41&%5-agq0XA1C3@zsQ$?Y?pLNC8a3hQN{W(#wB){E`j$=z;7Z`Hcd zUK^QPBWUjYoeB!~@i2_!!h zn^R}|mo{aCw4sPpDr>KhQ4w-`?T}aZOGOc4vsxHh=vAHXUiayB)^)((P+2a5^DcC` z1o83@y>$YT`TVA3?mKg8N`623g?%xlvy($EiS#ya6g3|o!ffUgAt)I?3JJYPVACxo zIZ2w{4Cl@|d}uYXox#*?i&@qP(e`mLUA%0c*LFrgIW z01iC@fz_ZiboV#Ej|vnb#oQUUo>79}if#wbrRo=0!8w5ajJVeKnwxU``u9+6h{xXTgLLmY&iufYtyF5(Ov*;x!Ic>6tbmvFE!Ef}?I0F) zGff>g*d>Y0n_5lWCXx`c#(-3s9&l4MAMGjcKS&hrp%QFeb^GpNYOwZiIc~8dM zl2_6uU^zQYl5qh}{8M}o2Nh^Ay^>= zk#L}7e17RZNyL}A*BL3=J-Sh0p+w{E(UzUnI2b#8+tR@Mr5Tw(K`~Le;YSy1j9vSt zmhcz)f(<87!%U^{-3D1GWj(Dddmngl;8X;!i@A(XiPzu8(y|IocLw)VuL?a2`jP?} z5zN&NV#axU4J1E-R`ofSn9i0$PFtHf} z7p?2nkb8NA#IF@J(TEr# zz}Sz6KXSVba9~VqjsJ>Ayxsi_WBiO={JgR-F>(HU`}3aZZy^q44|@{;y}W_huTMu4 zTW0|C?{J5riIbg+qmhXdfbF+H$j;XJ?Y$G=XNcr29wK96Y+)d1=MKa zikq_1B6{d#JA3;SG7*6E2KxgvV1`Q^4NM_i!cQI~B#6va7+e(f9i^(Vau={zD3Or} zDr{hY;XL#elKeoog0RT$YLpf9c@^vRTE^?3#`@xZC1$Xx}{uCK51$I&jyfsVSJ)gD}YKOFK_`dYSk@-Q5|TpKq3!}jDwbMv9%nH3AP1=f>y4M2LLkG|vHYFEQJR01KBeEO|GdX0dxPWcqYjr}SvZNS)Lx zvl-?tJ$X|P7sG(zS7VnV0!*r5lWrb=T7`Rhs_|{l{IPR!9p6Xkm1pR~v&tpe$z+Z| zRF1~F^+_dtJ37!EiDo8VT}QGCP`wQV|L$g`+&KW~3LL0@E$bRT#9B9@ZwrnbHuB`e z+6g${*qo1cT3?SOSgNL}a(5v_wjHYzz(|b<+6t9_hz+ z7pKMea4$_(ZWqR7@PUfLK@xOOxOrLDv94L4M*$pedkq;vg3MV4nqe7l2>{ z7#DzD11;@=X8k`*fyoB2*+Xc9sdd5I!@~KA@xz34OECbi`CC8*Tp*zp2$aX67a^t# zenZ01gz^v)kmo=J?H3AA$G=YfzkrZfLsf%shLQ|( zX+~+P(inSerbx{Gj{(JobDv7o$t(F>q1oPLM$`7G>c{G9)uw&|T`)M|!bKSD!rH>M z_i4h^X0m0i25Ur|k81Th?uFkZyL4}(T0=b#KXxcUmrJfk=qvfX z?j!$U?F?x# zA-3SxVvm`odYSt7OD0PUcw+2D&tDS{`)>#i+HasuNKLeMDRyypv3Ki66d`&T^dFcN zv5KP-qgtb4uUYn*C$}e;*=j6wf3#61KT_FJc_kAinf8t(KFdIBP36#duTht z{erVAMQf1v+`Hq0&8CUVsBK7cPx4P+B}&(`H6|!0;3o=U;V>>RW@#}UryVw%a2@06 zjOn8E-0kycRhE;tHIJXhWagvyUHfeMRu^~{Uz?t(5v360#UcljN)z|7Ct-ENQft)W z)oL0O?hVf^&r5mV^M>ZF`?$M- z(He>f3-z^%#}3U5iA6@EOQE}o4vY1R%!$c}c#5QoNTsUNXw>b9MrlR?N_fx-aL_zS zTpd5&&#X#?Zl7$yY@g9FYp2wmEIBspejJ^wj??SbaG=7+A;4Ql`Vo%O^Kn?#EH&tJ(6n%BpH8@uM70E(#5RbWK*NU1XT2-`osUUz zNrjZmAE!T#TLjfV)PEHuHHfIC)?wx$Z>R5NDP$088L^lTQke6=OGb@Cu z;BVF1%gwTGI^8Xsw;ji^HUJy(#fwqV(P$H#b=!!wS%o}>+75m5y7RpO!Dc~)&34)e zEd=X+Yc%WARnxjE%jHxe-RWDy(XEIrIntGc<8=*hwa3-5yP(td;=AH!w+&Y)x0Thy zmTUENLk-=wUZ8211$%AM2lGC*m|b2&+U>mmSS_IM@2{e*s&RV z?MI%Cr`bz`%k!P3fOA(uer?lt#q2JeRya_y7zRVw9H&J)#8FeFO zQj_r$Xjz$@xo$pJf&;;qk>MDj@70`nTk3aava4&W*GBzQYjiK09X~F&KfkD?R+v?D z>Tr2yd$*s4yheY+Z_P>3JMpnNY&f@RKeVrVP1&xB=>YfMf6{rTU%PAZ-i`T@jRP79 z@pMMl;rT;%h3C+F?R6URBcd+f*awbR^H-yj?E-QbIjWp;zN*)`hk4VF?KdZR^ZJu@ zVP>%*O+xfPk{@g2dch|@PEw23iynzpiA_d5My-DMbklz^8kPEWJGhhb`55z* zx94^*ih^AN9ne@Q4*_jFH5wgCDH_V<&g4PN6(Zrn)IXdc$5akZmw7oa5AOnXRO4*Fs>gPK$fKA z5@tl(%rbfB71^wrG;AO9IoLjCOIlburC0z;&8g3cY`ggr0i|SuADM+Ddf%faNcG6{ z0Mfo$IQ#fzQ&mkTKIb_xN{|UsDWx?7Plvj`5lF~8i`B(yXwwyLTvS3Kcbho)fnsoe zYh&#Y;f-k1}ziq#-_P}?1*dTvsjvrlcU%O`GA$I3)0@4FFJ1P_46^{h8YkN zF-7Ua;Hm~U9mK15>WlXTsTT4j3dRxlHw0fN6B(cjaM!MjR&BXrjDE#Xx#dzzIX705~x8IaE)0Jb>_W(>-3%R9SU0CXR@@ezTTg3RjP7r zVCu+y-=P^N^5Y9tKGd#|tmD{InJlmEw4v^(>8ef$Lp$dtmcdZR5fIvf`U=?FO|OJe zB}Hhm+Nr)$BSmQBSjU`E=~m9_w~Bf?xkA|R?Bv6RigJw>aJ6ye* z^U#=yGjqF-^U|pB?vn?fvw~)?1r|6o{iPVTF4g56)(kS~#1it4auD?U=khbqD;s)Q zC(DY-2M7dvmufdRu-0|A)#f92n)>dk!n9#R5!~7i1)F~0v;u_HHu)!hse7n8r5n)M z6G-&g{FV_GF*R6~_xhyCs~K`?hlI8=Y8GL251Iaoc4uF1X@NdAug()igB0lVd$}yL z?V~hzR+I;>zL$6xnN+UoTi^lVHogU5Tn++%K42ph$(Dw6%N8n@#vUq_xj@=C0^mu1 zUG=~=7s=E=nYRP}29A$o#+bfKgou5$KU<+Gpr$$QPpR)8MmS;D+So%ptal%i&kQv%JlsNDfD639Kzi*!iiz|b(~InzBR;tUN?I|!UgjlV!b?v^0OOIV8GDN~`6N^Z}fwIs9Gu2RI!0&(& zLF=RBH$mv!)DNyZ6ljISN|_Su;XMHGMuFKFHME3QoAF!0GkR=euR=zlWJ5Z!_@p|J z=yXk6#z>_29rmooISHR3qJyy+2lPwI9JIxxf|b&;HasfrWRaBqsu3b32Or*|;gU(u zy;|3yuxV>!Lgp9e^oBS_b&y@HJ7rS}k<{);Rxa~O$_tFX$AFND{jaMUGzNYH%SZD0 zp|24vtehvu5qXt%UAyZs$F$$bRT1aTqH>K*I_u}Xykilln7PV|10)E5fx>q3v{xO$ zK;yaq%zFv9l&^RnGbQ{Y!&pGMfnl|$nEHc+Xb#XeV)xPCVS4c57MP6Tpd{q!8ut=1 zw9ay{8ZC10Rrqqq_5ghv@KKFR#O54>kM+TjUYat}WFd*x9@)C8s2PGpGC#OYH%QOO zU_SPSBgq;@MeWMmrJ&ENEY=mODp?6^;L_wXSK%<=Js8|E3MDSjjb;WSP>RI`_AoC+ zD(X=CApiVId`=1F@w)2f`}zR#g~= zaL+W-&nOHsoY7&L3QL9tBAk_n=U;e$IYr4xd*gEIA&_Q!q4K(SwfT!Q=!Kb2a`PYE61e;#H973nmpogUyH>}icPDxP)?>4FmQnJqY6LFvOc zH>}|a<-n~W z-D_F#q!mH(zH0)Y2A(^CRk!-p81%cgu(OhrxC44VD9 zCY~a$O}zKvUerC)9nuL~M{u-Zn!9e)ER-dmWE9$IDV1BfqroO`xxpm1&>K?#jD3&I zFUL6A4#rMB-alY`FEXRN03R%65i0UXcY=yFow7Bg^}mXyz{JnckTbx*NRLm=X|sCA zR-{`?w^~({r+DTX@O_2K!ZG5TTf+ll3s=B-9$rA_iqM=1cKyhqM}!Z7+Hf`fRIc-x z##ZH&0d3zb4w0yIxt(0_lS&ZQ)q+yrkCB=^rj)@B!Aeu}0hmN-i-&2bP?;Z5b8zEG z`=zm+g?%o@F5d*E8Kk9cn(m%5Uk@aLjwnjXVoF9_!g27tORx=l!y72YTiMNiIJ2@e zhO;I)zO4SihkJj@?~$Y(3IWs#@)Ir7t=tj9wn=)y^TBiit|n_EUUHSW6=;L1FWHU zK|8KC8mFy81+f{`gdrGl$kaVEOiA^b$};iF_f?^F+v&2vf_F9A3%$s#*^1J`^18cV z*$isaE#hec98*8Ip((i@lTNWWuf)era)xE!20CSV`#Y5OV@EoGw+%$>_tCF1_9!A9m8nl6$O9+<)^G8luK7L)iCXK{{5~*KR92 zKWB!-e|q_xG84fP?X81OO*IOW(SPO&dN-;xjOoGdSS&%3!e`5U4BQwf}? zFB=&_wZ*Hr_;Pwi;C!%K+~fJ1gKr*s%prKO{<{yDll^+!6?5EhTTo_qFp0khd9FvvEGBKGtCw~U{ltXaQMwz4y>xtQ_{x-WC(4CH`5$e5i_tyxJ+C;J}K zc{>fyt9%LDE)6o+u7uz^dE*SKlM#0~89iIPgSWRdgz&@K4+4_#7L0#~=D*PNPlV0P z!S)Ym&iFIc^apnTH~BQC-}$Jw+}B?TwO_#fZy7b1f61u*BpLt7-2LqNXR80-l-i#> z+RvQY-*abw?&nEsJp`zrQafBqDURbYR_xXC)C=s z;<_kD{C-XC9u)r6=#eM=ZlEF+bc@-`!!t;a4RFk!Q8WJTTV}MT!otah&K*9RZ_l92 zZlg(z6H!yrLFCsJnDNccqb{> z4BpRD*NC=Xd2dm(41v}NwgZ%T1ltW+tCeqKP;LbRKVV3swR8mqLGG0l;AfYg6`9zA zv7sOFC18LI)`YpKpMM%SRwt;ty^Qd+SME<8Vgpt!mJkn|T~x7X7N_jUicC^mPmIJ* z%hXIhV?u1tR85vc8%^?r@8=zHfh%Eoy$#fH4Rb-zc&|%L$V~*cKQ+KyBg*ChwTV*v zGR4M@94jJAhAdRk-fH(8kG!ch;^oZTN+YGJVEQ#ywC!`Pp3@_x)J#GbgiihEEYzU| zuA(2#k)%x|yZF)ovM`mo$uqESG`7s*wn@;UqV%?PpdtZbY!wbl+0cUsUUEuqy+}oZ z&DV099=9yh1Tf8?~4$_s>0@v^#%xjMR05^u_HlTdbEO~4`W+#%M75+T}kJ9$zG z1B)`dyltO&8KFumh-pFlHsAqQv&d1ummI3)ww)u>>~Xxuh!oL!%I>3EHy@(@LUNikFQiaM(3Zb!!5(@JzG@(H4n=uqSIl9G$SP`nPgfCC~sg#$i0 z><81+w%CFxCDQ{|vuE3y;3g6(49sWFwQlAK+7EFl!w zVp_wo&SgZ`-sVX9B)sP##E~eZ@BZ$C3#+2GR449Db&$218T+^Xc_yxRT?xHxl7xJv zD*W$dB^O8`qy5q1PF4iu3k9m4nK_}fVKbhYVJXtIwX@RO7b!=c?d9>+c-2s#{c|0% zzpRQK!ixHP_p3nqw`b7nl!h~8Ar_N0$B>FQ%4!+w^^(esC=w&r!9?u|svY_lOvvRT zYW2C+xqE&tES~drxjn0nL9Wz|fIgY*k*?xqK{0QK$%#OEx4~4FtEr>2I{?i^)~WFc zdcAV@ecNhX$Y?)1^YH!~ZTpf={XZC}KYR~HW@grZSdE`_i9c53zcNt&lkxHEm;Jvo zP=BXY{QnxLKUU_afqLU`F#Utl@po(WH>>o=puHK)zuC5eT}^8Pv$s89`rSzIFUAlp)0;EJ$oNL(VPs%n z)q$axc-t}yBLQ18Ym>L*N-yAK^plMA^W{$l&hMvRo#=%O?8Qwi%*>quZ0zg+dL?HQ z8`Ym()PGB1*f@XkcU;YWtp~uy@b*f^!2S0VBLmA{ioBI`nJ@vE|8Rr;d|7@8{;c({ zB+8razmh1w9~l8GOm7?X|EvcK#(-B=R(Wc@?_fW_BnKq|DZDHpuVnyO?ja(XyMyb$WT9jt-FON#9LA4a({3k zP(khIiYnrWK|CQZyXB0WWCiX=#;oUMEpJ){T)J)U3Os0qtg${1Nl!8Mb&Oo&YBAlf zhq0H5ZiKc+7d8=xp(tV0R^E739NR``{RWb1`%ktpgu0=<_0=v_j2>GM`p27ru*qsI zJQXVlV8s;m{zLNs;}ApjfGM>t-N2s5p~xHYqtjuN_2ER5z?az8HT%UIBjxr;SmRIY)*HN@|Q=7P^U*Bq3Dmv7A%NbbmPIY2{A;CINL-RmOn3$_#^uC(DJmJdV|YB-CADy{aHtD3aO~q%gXtgx zN0jJhqg)^YPnGD#rsR-91eGEqZuXBi2DfVsHx6p(Rc|} zls@Lg1nq?iw;;_K1scO2E^Pp8zMUS~f?Xaag>w~Hp)pOzR%U>#w_X%(i8igMvtd~| zGPSp$Z6KjnIsT=Y<)dvgm#}y)0= zGI3hDbgk`&@NO%lc7)|Q@@=ZHxQgn1l_4@5{+>_IaY?UneIMb);jw1{r4aCz1I9Lu z72Q>MX(!XB_WZdggrQWBCz;t*Y-0vToCjQiH_p1G@L7k>{vrp}8hC6igII%?!Hjzj2U|52|CiC2P{w z#O)i>FefO@Qq|gECXxt$yM|=Ss=#e4Bn^B*Iz5#e&oQ`O;BP}KiEQL&yOXfSPzSnE z`s72lH9Z;W=7+6Ol{+Lgfc)kSI`j-ea@ynU7cXDJZ>P4j>%+?QpemL{U%JR$X4)#py z;ci0wwy7R_b3Tl_gA^93rSMGWj*8HmyJ;5}&LtacKooy|%g4{kk_Vq@fW(Vd(TB%? z?*l*CbA9ptC0m;Gc^Kn_+MA!R{0FGoZm)A1_-H=Xa^MBn2oJ1p0hOoZ8p5TtdU$pcp2>Lik3dYTOzDVAbpto#VB;ke-h~s`~{U}IX z#+Ohaw?ht&TAS}Jl?Qqja9WGf?hba>6KNl#9Ort4{}@3wt@}Z^GSRYlsfn1F;PCn; zvW)m$rTHmS6DZr}2;?T=LNs+Qzm9L8E3oJgjiThp@VGIfhu?}&4%v?awhvj~y9PcP zs}6CGjee>9dXhjBLlbclj{EiaMg~*L3(tVtiNO-VJP2(H{CHD#0i@krhu{l9^c=tj zzwH6GoOuE56>>_G6-W)!L+SAuF+uOJyX!8O63eYL#JIY;{)dFGnj1ey*+eb?`tN1Wl@;);KQ2mo`F>l zw+)GwIQ=1UtbUe|G0-v+r@yY~RB!RDkX<3pA$m*VS$^z{z$tzL5zzA$gY>I5+Z3=A$amdi1fiAE(@O#N{ zTS>BNNHfd8m(&_3cwXePfrM`0L3R5%(A8iKxf+rYKHxoOL06{Y7u#m=hYqjyJd+?Y z%Zu`#1U6j2YjUJ}@tY-@jLBs%__!q|8*{#-$Qa6f2Dew%mcmxYv+##7K-5NG2g}9G zdyR?!W)q~F4xB>pzKMz7cR|F0gg55%hM?X{m4|o~M2Gv@+yfZSf4m910f823Ha2w9 z2+xXI@VUdvSO$L##ua4MSVJ(`4__6;9U^@ZT3fyiJgB z=4&=FJ|5CrD16dQkdOn7DvDB`v8-$&eFFY~*%87MFV!Q#AsyR`>}B;3op=qO)6R7% zQ-@0Tm4sUk{sI5+^D++gh#eI*Z913PT{N>@8l$)7c%~xUxcV$K1$_Z)7Occ~q%30+F?fde{3>M{X#BE>mKcJqr0n@YS z6VCG|Abrww2;LeqccZ|*q>`;NHS+8_bU{T+kQel7&|JmVQ-;ca00ToonjtIKA!PcL zg$a~>Km)B1mpCOxE9Jt`AdQx~#YQuDXf=Iwv??3gZ+VM~W?8gU!)Dd>qux3MN*TwJ zMX7-d%Q8s?y9JahNq$p)<9jVuM*EjO^oIV%o+?Iyv&~sW>$3TLnV0_bs0s?(7~j}? z-O+|xKW3xko?uXaPc$37_UDWSbn5l)?QR}>+VPK<5SH?{uW3|jfdNYgY_VFz%kre( z2lp{`MP4Iyg&f-|&}e0=6qi9O+S4*C{U9PeD_=D2pCuzJ?jXiUvtsCwWyTmQBsaLaVB{x#Ia9VG6{I=$ z&i$A@vZKCbhY>DEIsg7HO_ zTJ9pI7BA!7^oQeB1#N#*DZYis%M79REN16mW&`N`8{N$)y8CkVVfsr?X6dP&m1(`t zoZfA9?ZU)|KLS^=cU!TQ)w~n693a|0mAkOUbQgHx%SYi{8OE`7EREBkTHqF-o7#V( zP-BUX0Bp(52I0P>M-|vYOEIYy3lK_1o8C>t#^ktHu)3OlUoWWj@vmVjsTei1H7EU& zmakCPF!S~cbBzo-HWzk|dt_-11GY7Iap9*Hto*s1*O+`6Cu1e>;bVcdo%6ktU`4x1 z&J^lSGb9>Nt3Yv~GF_oPoHiKjm)sGEQ6_W916E`3K>ZD$7fD8Q1;V0t7oiqOrffUh z_;T-{&INEhfmK2CfaKUaoziPTzx(Rt1C0S8Dn2w)L)kopk6h5nTXs&6JYK@n!uUX3 zl1)!yjz=Vd@%c-0`pSk>eS5K4?1}%ZdENgxcrTu*i~@&p+xw{=N3oKU^BbyFCQvFG zoAV-F4`Lpa&@YsOz#nK*tY!|ZK>B1eUG{)g#=~BalTbrM0<~+h)0X` zfVng4HPyD*b`xm{$%#4bX9Pz#4f+DTyOAjTcewn^vH$7pGjXyp|3Lu%4(I+0a3&=$ zp)8_AEn{M9ZAYtUV&-D~hOvGXF#HoG!7%?-xA0Fq_J2cYKM~VE02(B3c& z6U?uo3x=P_i2kmTK&=BP5Lim{m&kM zp8wwOPv76NKP~>-k^a{HuU+`NI>H698Cpw4GqGe^}0MIhCvjW)P z!X9ssnenYs=Rf0f&bO${-{3hj+gtqPAMl+0t>)-2c+ScB4}1<_W%&!Wivu|R6{)|S z_M&+X(;H|J<_b>7kD*a_6hk zd6x4$#>hFuh!p|^?D!6_iA@CDLka>59ZCcNwsQpph7SFC2rY^(4N0H1AQCCo4*gy4 zr+1vF!r;Q(4%29eD?=?XO|Xeu_aAe>V$Yv`oZn|kxTvVzw|%%hT2*O2&+$-7%T8uC z%;z#)Z zE;hHf6jjrHB)RoI5jbg_MzM+$My|GLWw%znM(Sw9+N0?sh3WiUBTXOtksM;DU2)Vf zmV@w1r(I882KlS>;)Nn?-=PbMGFzwRQQFzD-t8mWEMYUL;h7S~?@bRh8 zNWfU>^K0|00;>0>eD9_^Q>S9psOky8U)}lJ9h;R~6$R8r=0;POEK;Qo9mU&cV|*TX zm7X`LymKXfAm3!?`R+~in?HSt$nY~v%qs~wE)|@g^Mxz2qf4?_SDp@LdeWRy(<8Ig zgMMO)??7_?PWPlewSGTsmOEgTt5YnueW;E0Dlx(c~_jM_sx>;1d47y=sz6@-|`q~KPpQZ+AWrNQPN{SE5+?C?f2HTZG zk23}br@OEeVv%SXy|l4UF#Oeqi>AK-Q>-C zQaU9rG4Y^)PlN+HN|B2>2dNx_Kcy+rI5Mrw$ZaQ>XQJdgV-K{KJAfMPiD2`uyJ6+< zt3xD1svKuM)el=}JujHd%5RvQnQ!5X>vOjEXpokh7t7ZuGyB~&J+ z%SHqlfDT962L{;!2#-3c7(kVmY|w}}k({v(@AZ(I*&n#-@aIfzDUMx7@3|mw33R3@ z)^cbWM#;;X(_6@Nwih-%0=U3dw)b^zQ)~-5k8f@*XXaBL@240>lrUyV133Yxgr3b0 z`^DBO4#l1bw9D)3LUKs5**&IQv4`>X<+=Q|r{H&DsXG)UKZGYl{SgY*B(DZVx$$bH z8*&}3-@eoxbGP70ySlcmfo(Fj^0Y2qeRpZfwA)NvhS!l~8F6za{u(|}@Nv$_F~}`^ zMwu=1OwBX#{*FDU=4AjAglXpju{1C*O3WEFr7v@b24F{LvF)%d586nN7`r7ellMg3 zgt+x^ZpI95#TIbT{e{#NQE8O2EPMcj74oR<4Dt+-s$)R&4$}rC>LhMsM6t;MWSX%| z(wUj1_f!T`q**i7z#tBmd)W(vo-y8JYSIuDk6SWjy0rsoAm$!`YXzl?8t=UJ?44Z+ zV^VzcHekspmD_e=(8>S3=y(iNu81zB&#(-65s5oNAqA*hDsuq6AU5bimrJdTT9V+3 z(*}^5aI*F13AmnmFmgwO{Ac6Ns_nQN#cLD#(&(^~OMUY(#qnne;WNGyz{7wiYPrCQ za1)B{93RHup)9U&P9Lhp8KI7Hh>eLAj*?$K7?W$&Y=)Iw(QRY*BUA}n$ZP#2`nRED zSovD3J0mT*#-ouTGH)fWHbttnh`(K}Ska{ek&31qZbLrayjMI@dA_oGbz^C9Zi_Z7824LcNRHDbqoJUfIq(z8gAJetV<`{2NRlqd`-nA+ zN?@m`h+PM2zs}9?*LjYj!YaFJNaPAT8S-P8uj)DY@7%$A&|QcG*7E}jY=zG(u4|m* zTBWPyNn*M>V}}n{P9T;AsiWh4fzeqaJAmmAbTvdWDXoOoqCb{Wr@r%M%_)F31%m

          vDWfE}!eY)W| zCEg4yV>HtVbx&z8U~Dp_66C}4bN9=OUB79E29tc;aCeGRl(_UP!H(KO>bJ#wDiO7C zmuwNOS$RY`aJidzeCMapX}>CfHqio`s*dlhhxiLAsUaf_Z zzLvtfxFC9xM|XBPqt4C!v{0AmgnaKXHwXgbhCp5FsVG)hn&5~yS-Cxs? z6p>092OcjU7oiR}iZtqK>}Kz2U2tDyo_Nf>@a@R>0DR*MS)d!d5g9@;K|9hsa;S=~ zLR{Kfuf2@Bq`th%w#$aiX6ewj5l~DiDK6-YmJYo{25a;j3Rw+g|IrxDj@x){6QKS`nwNYOl`DXCmHphw`oBQ1RBL6L)bZc+oX@9JIDMXlg%=6+sDdMUlN~8`L&g(^OI)SA5 zPJ_`#akZJGnZ!eUj;bAQ>MVW4!64r$fj0JX-;XhQsZryJ=J+x>1L-W{#Gi(Xgne;; z|Igu}<&N$|D4#%eEhtx_g6L7h9=v_x9E;diaQ618Nj8us? z*W}Tym{p(Kzylqlat_=EgPi@W_AfG3vH~4K#~*yr5bXZ=TK$8$l0s=QxA5X9qs)mL zWYu}?A-k!|G6p)ib{Ilw5S{ZqDO5=9`IK}s+B&&e@kCqMLRt>;P4D>&T!z=InHwGRzLrf9)ZewWx&Nq+H) zKmmDc%;Wvy*pgf8oy>X%o1Am9hyvpj^FS-|D!wb|XxuM~`X?m^lz@!Vnl?vyds|;B znhxN=E$Ei7ix1nROji%9cc;G$Vxwn3s#$lJc8PNcxEK|Up~5mn5-9_5nxa4iUz!$s z=72*U1S)edZD)Sg%M?|l58|PXuQQ?~YUub-ptJ#Zyz(rrxW0H)AMa07K5E)jO7elM zcHWBJyRGewUJ;j)Ic@eocc&qUZa=nCO978Vn9q}C!52wNPSiC$fnE>;TB}f6xu#gl z3d$9gqp%B=b`}kF(lb^`TKYozq`-gh`V-7av8ANbbYR382$&aMzuJq>`J=PL8Ow{? zatxP{SHn$B$Q2TCu;moD!)G_g3>_rFs_Jlm97{PDV^lp{tHPV|1GI8?oBI9-s3iH#!eXL%^Me{nUT>edlVwsHNow-=D%-52I~Hyd zqGL!#dhb!89XlK*Q%jdEmN{Jnmbk=?sJkcv)Ncx0mb;^Vdw~SL5I=p#s;j=fAMMFX zEN=lev|fb0TXz64xb1wNb(Vd>MsSttg%_(>l4wW$Dn>40cs|d#&U&~$iL|?C^64g* zUauz|K5n0&HS~+F)TShEQYLPBuGA&5{Cr9Z(2eFz;f%W!G6v)%+wSP2n9%N}rA~AQ z;>ksRdvpyx)LcvN6J`VJnZ;Qc4o+#w1YC6oxg)mI{a|<$2^+{zgDYxIt=d`ZEvp(y znhBjhDJM6Z4D2P>3{!~NNa&*CwLTN6u4Rxu3Fo_GFG;3FHV=+WJ~Bail&NXmNH9*d zV1G9TZN|{wdj^&#no%zCH0dwA4)tS=;eLGXmtNs%DL(|lA5BG^$-q$R{3-D~*$p}v zjXPzsFfXH2w!yyGYIHm*Rp3auynTz|z8QR(idn$jOStmc_IpE1qD{E1s3}aH12B-b zQk#-hPn;|>$Z_IWT*Y%%DLz@SDw{R;mt((4WR$4u&}!E_ypvKr8K!Te)owZNgxO0O zh%$;qCmoeYwz!CUlqkDdSFF~&X>cArHac4}U{moXQF#+B(!9X?99*~>Al=0qz)CDz zEVR^)Iym&k)p15^)_z564rS7hRwch2c=Yeh89IP|V6F%iqhK+MB3%73`fa)hy4^3y z<9g)B6K{NzxBzJ$naVlh>X%cSUlVLhrDYa%w^i<4EQMYGeNN)pUr_9C!R*N8vDt;P zs4kKi9Er1VErncM&+otHtfGPG;{92jrSKtYiU%K}eW=lVQ~3p*Tou>L_yGFZE~c_t zF4=p!;0Ua&h?~+K%irQ0Ej(M^Hc+|NUrBqnsaha-6W=P?s{Y4VMIZgycj*}Zzsi4&x|bU*>ZR4H0c+3_kYqCEz5q_Z znR@fy0jJ|lzxy77GxGe~P#4PIM!^_4a-BFLoJNEN2@#s{gX0?E%E>KAFR7;+JrMf3 z2XjHkj7;Z4yO2;;#p|52AlgM3~;+_S^(nw)j zzeAY5O)i`{u$YYTYF-@1nu9K0Lx@|^uQITim>;jznCf^Z;Mu63JxpSMiv_kQ18B60 zp-uW}pN7Z5)b?^auArW)R)|(*e2oGGNq$mF_h3Cf6zL>tv?cs!!vB{7jWkuVh<)0? zHhtfaeeV!|F!inh+s^;s)`KrEm_>yOO}&8+Tm+V?PALidi>Z4aKmqta76`$a8_+pZ zW2@-4b3{Yrq5k_s?ZH?0Kk-lSN0!j*g`dZf=!5~ytw8jOtV{NOWNv*-y_O9%f8F8v zXm(l#ppQR!-&`GxE%E%U3jGQN9PLWiQE#`tGB1otWq)#UNwM;{C|tvfiRQAqe}*(m z$u+6ZGucy1k>!7nur#q`V$*K8a#YbMDbzcC)i9OjoM+oW!J(t%Pwn<9t*YiWzsIZKLS&%o8ER%bp;VXf+h&vUrZ0=hx6mM<{^e82!*7--|=`46Dx<`vlZN7M$JYauX{ak(_8!2rI zr7oCj?QM{+^tWo9U+X#47*kj2NhjZ@5;xf{ehif~yJj7Qz}uy<=~sH+rXI;ZrN z>!0$fl5w;t>|#NVXVn<;UvW1bFO0HUwo+;^IqTf6FT zxK*~fpPMJUpR2oU=hnEzW>BvVCKj#=Ezl`drL!g*TooO;-tEFjTRDl;{n7B7 z(-RG4IW@6T@32>x7)@fzP|p6WZFw1u**U~Zf^JVG4W-T7!s<`q%tnh4%FpEKR=G)P z*G$CPljzI}d0_cDmW&X-w_puschg#FOk~i2EdmE8(X=lt(Gt{-UiKD0KA~%k5CcI0 zBIld#=XU$ONdMVjl!ZR(qID4d$NM6KrD6OK2}`*`wd>+8hUdlO&KZXMh^mw2@SJb6 z%7rY6xQ(l--#na7F^F^p>8PnqH4_aabZq7>UPB0l9O6V8n|XcAbD!Y0zJc)rj4Ad9 z-HRkoahSZB_%EFgxmo>()q;gfWhi2bc5LBEe1BCkZbYU4%(3Gk9eHS1Wq;;k-V8E9 zMFxH@-QnRfa4}-)k}}1Ta;jiOT^y|oRU-u^nF=9NN;g$3QnkHrS*>#e(@J&_0CWQf zRagi{!@jh;7~v>+!z!=YOJu*88K%r3_kL`vt(Za#pY{h>OOg*<4%h8-2uBEY=ib6z z`yq0N=$a&aQFj^}lrQ8~epJP#aLPGLPy zpgYHT_#CRFv>3AnaspFoe7vSuVp6yJqR0BrEomD+ZLAl;|Rf%ba70R*vA|``_ z*=;d^>vDfoLnrNIVQ8xn%stciAA!Q@jLg^lwy+7M#eUD>=Ra{5TBi+so(<^@USafJ zBd6Q1L$@!J9{U4DKTLN+XV^2z4gDaZ-=p7Hq71EOHB3atjJ4lu$jnE>SikZc1o9~F zoOAd*NLh-2;lwg!!m?S7`f&I#9oBCm1A*t)`k5`|o+!pMBtb(|_vY_B`k$R!7$$L% zjuudbCFF~eqlyd_UZvHmeeBX0#Vejo&f+2|zf;3-bx_f>x+RfFa$u1YnH&T z6;hJSDrV-&dzg(>q>Siab z$t>+X)5&-hmls+SwvoyV7%IJyF1NnQDLbX}VkaaDTt348BD4!a{2`L>S(+5ZW*8J- zCtoLD|E^}%SdqL$(YUC-wz#aWW2I^3Y31*rFJZ0%C7|sxC1WQolf5Lw9q~KycRN{B zM~FgNVO|H6G z+p0)mM0?lmbvO4h(FZ{t#$VlJgWDS;p9)*7Qlj7GX_P9}Z>H0k;3`!Y-rb5P6tNi{R0^J5xa@T2S#=nGo?GlXa)_#r zvmwbDbu`KyvcMubAxwEsar8rtsL<+%4m;o(+nW9p98AMxG(_upH<&2Z+h{%z-e{px zp(<3InDIH+@a;?6L{bBQyW&<}-h4YgZ!_WkEJ4W;%awq+9*J^ozC|y*&o+uzwQgw` z2?UQi-nh;!;N?3JYwpn`3b{k~iL{mlMzAMJ?Y2)Nlq{5n^0D?l2#N=;FT%s5tqO~A zJ$1SIP_^-KTnIlJ7aw5#h$!H?)d8!#bwh5xi+$F3@ZvZ%!8!w7kp|DoS6!0zKRk54 zv(8efnUMa-RSKi0izwpIY%+an>-ZrMae(e`hwHiD8M;oyN(LsG)xSf91u51AbFy%+ z-~zKZ);|ko7i@CwDi>4Laxlq3(U;~}X73uniAcC40wdo+P0vo2h-)JwE!iCFVx?G7 zNXXXID-=6zxRmz@&QUbPu)!_+%8W;32;XK5oYErhzuqfz!A8G5CehHKC0ckBK?oa;KtY@GoztR*V78l=;dM0 z=;djMj(3w=A@0We{cjHL1jn|}n^7k;eIjry#GRjJe~9o#Jkua?+fmwy)|ltxo6qS( zgqMjE--%puej=zFPRRyax31^?LAcR9qv-ayd3ve1w&a%Z98|!>oQK?59~D0>K=y{k zehjDEAI!uVroD$C-T|m->>YPWc&l+>z+uF@T^$b>vMX&(aO+`}Vhe#Y@cTXI8z?IA zgGqvcSs?!bCL0_hh1{wTMDO|l?Te}t0~{fuh?b&S37fscDD2Y&BshL?nOfdOUlWT1 zk>b}ImGQD^0-T#q1f27*34KETizB*$&_j;`8DoJM_=<74^`ITvMz2!`4`rPJQ>=cB z>S57coiS?&Og%IIa%s`)n3CvK)m z?bO?|b;B8&iybRFN=Y9C!8o?&H#k$nr3&3kPiWGsq?d{_P-j0@`MvT=VJ&SHt3vwD zLH~>(nVRqC_)vh^?*oxkThABtMZA#HRk``f|B<{OSnujvA3A}|b#pgdz!~Hh)|ZMH zj~Y$@vp2#KhKWXriVh-)H)9qvJLrF&eWHDTA-*Bt8Nz$}0M3xX`#lyTcpP4Te2P7+ zkLf{?hppdS zL+qj2`vA-(-q#W78BjYkTfX!nq3UYJ8YMM1-A%pljHSA7C#y|N*3Z#IvUwnXNSuT z+Jr=s(bhy#BfFV=btka(FoP+=fH(OR_*WZeU*ad4TeR-Y+HHmOs&y!Xp&8TpJiY)N zW^JwZjuDFUNrq~B)#rZH36cpq89Ar?#)p10LC1i$L`RWix$AyhxKj*g-DPi#N@t7h z0aVu8aR&pQkLO`WOjD>!|5lGmv6~6@n8cyhZ(K8EgZUYBmDQnj*$k}5+8MPzxS1ZJ zZHuDNs zDNo?$on=+;mVu;S&#_Ygcr@VBxXun_;w&qnZY8TLrfjBlr|b*@DcH<)jJ&%WEW{Q@ zLH^cS~+efOdbaD3v-@WK$3ceQbH%h??r~v z2Ui||&mT9^f$vgqnhVt+5E#i5{cdNIb3x6xKW@l>M3{Ssh@GXTk(eU2Z`eN4GqQ+% zF9$$$^HmNA{s|_2rj69$H5%G3XQhKbotokzV&>MgE2-9XKk{{h<)HOrHKTE;=V>L6wb=NZ96#Iv zpJ=Nz&Hyz-+_-T1oP{=RorfONOV#?>_yp~=*JIaTxx1)wl=XZrnB@rEFf`CJdbqkJ zquq7!hrTra3DB#sI<;i;l~S#|_BO!Tj0L>U7qbZo74K3_qJIU`zSneEw|-!Nd){_w z9enA0C81;Q@~G+VV%AlBu9T|1$?5IFs3y~%YwXvM+9}bqsscYwZaqTxGoc;Kc}O%8 zJ2&=RoZUDdIx2R|{Jg%hq5nHZ)9$;?KqALnZ671ueqv8o+IU$RIiFD4aNd@YBodiN z5ZVo3b*M*YP!4l?cAGM^=Czy*AR5P0V7TQkHRT8tX6Ray={o$TS-mMq%-F;plIw(? zqAQc0!=5cD=31&Q6iea!@x@%E#R;RNRF!3_GU}khYa(L5)e_b$Yq18BW%+Yf%>fRw zi-sTW;0oRABiYrCbGHwk3RNvB9mATI7`j-Ncm_1Jk&Q{K#T0X9W$aoRdTII@)l{>W zEMJ@UF_raWnAO9&%-Ry)f>(w_n97)0kuxJ4L+Zv!*&>U%iio7b23f5#nptlfE%PYg z4Rr$r8iTow5c98whiPlO#?OJQ2mEcI!kU&iWu0=RB4(TLiZj`1dr;G`J-j@=Yk(TG zy`Kw2lpqCAq&fMv8JsMJ4{8;f%FL7{7B_xPLCOiEN(_sdW@h9A##-)>tf=$5#FT`=LJ2z-sYSOZMK7LtVj|MRzcmahK+RRoSe+slBH7dv0jPMM z`+65N2Cz46!63)EOk4v}??|q?=N7~!bXZufRfKemVi8F%cVmPO*2uGPi|a2pJ~aOrw)wkZvWs&hm0LLvO{gi{Wxq;O#R`O30}Zyog!dd)^2Q5 zTTce{j+16WRGjb?;kY5=kl+Byw(r=(%GEv?ophRgr96&X&$5YoWqM?Jbh<jp33g# z@ocGtLr@FIiR~HwN?|p`Txq8b)`==_5L|u0FWnzH=^0A9N`4_3dOf$}?`R+^W4;AG zWJy{2Y{`F9gOH_+%qY3uV})cx^V4NyN1P$1HHC-WRzRPdxbw5< zgdx|fRc$0~(!Juc*}F1&S7WX2aCv<()qQ-HVsgKfSnEJ|R4fZ12{s_e6Lkdmt?j7{ zLsbK@r|XhQ1Xa?Ff;J8d3D6%T}@} z<}|Eez+h6UpvwLToqDV{hd+BQ!gfF*CsqR;-ykqSjGB=~Wotf(*&z|MG2F5qB#v@E z8ov6IU3H z9C6tWCfyipx;C|`mR0-K(8^JM z$93(^jO?Y2Tx1pgQ!4hKS?2#4bNwAi{Ws|P?^}OC*WVcN|CWmV_pI~3&iX&YxBuPA z{wMmD?%TOR&CL3Z`+gU6zv%ya`j+*ZDE}9I%ka0P>%Zt*CKkHC=-YpVW52Vj{}s9Y z_i*grqq2XS`F|p}f0_9I`kWa4vXK7U#St0)nachPxn=pq^fzwz|3cgbsX==xE~I^R zI$UzzqSHeX$Rv#a3IrjEgNG1Aj~Amy!X=N51u_1WE`|?JmB{N$LGfE%2NJ^EqEhxi zWy#tLp9QiJ$(ER`$q3~p?4cG~U8`BW-+AD}iooH?=L$yD(&vKfWpm5T>!|H0n_;EF z&HFk=GWkZeD7I|X>!-4GL7oSuYN6S^oMbo$oE81wmh{4mPF_j z>J)d>kPnh7b+^6hAm3?#n=xH${hF~BFTlDsx0kRy3wu-sT{|w3 z17dbL17v1vH3_lI5Z!HJp<&c%KN8{G=nS)H;_qNvWha@AU2>;{ zy<(5}7Ed(QIJU?G4+Hq_V@nL0>xxYyV z3bi0i?S`G80SS3`ISM%nLr^M*Um0xO+9y4pcfQ2{6o3(cmA-o2761|V033!GNdWD> z?z|AX{2W3hDuH$=c_D;ql1S6Z3g@|svLca(VcerZnUt?!_IK?{cDwis!2G^6yfLh- zy5eGG;z2o=9H2Gm(@@JlT#;=7bPL6GRofx+nh004bJTF`-Xw@G0NUJ$MYR>El9 z0PPsiSL{cgBtJPXxgbW&uAp7+e%`+RgLA<-e+!xs>FAF{?h4^kz$b)eQ)&&JrVdM$ zl>#I1(db0A9}&!nu@G*1XvxT%ic@+ zZ)On}L)1;Y5ms^$l}!W8g#)OE&Ni)UkDY5xYgQVkO%t|jqw7s()@ww~l@w_K?U9!E z?SAF3n&#U#V3RvWz|7$u(bdGoC>T?q;8{GwZ~Yj`uJ~8ZCd*Lv8j7vV;>KsACU@eQ z<#*xv>0xs8Jufy;>bb_==~U;BsA|y~>eSj}Ov&Zc1Ihdnegj4$^}p2>DxA;IE%KQ* z%^TAz!x3oz|m3J{uPkGwF$5UMXU|<66tvD&; zs9Q)(?}n#C+o)yW5Dwt$kj~ZF$>In|Y$~KLpf4nRNmt+6;v*2ixNYfjqwmz)u=XNi zI}LD(0(=ZuLXz0HI3GZ?BX+Ow8b=l1q`)5x2Mlgm`$$Vg?hfDEK&bYKY^7=U8nSp^4{UYmB~n}l@R1z9eIC_ z5|Y+3B`jW<``xl#ijBZ#NtP%-c5>sNXC;MTpC~w=jSV^yicf|0 zjg5|z*UK}$Ru&AOjSS|1Qw!mZzywNT*(6iXt=k%`GY8>5-0=vsjdL+>+`*~o>HgYJ_Dh~z&nAcy-B4>6ieWAv(P70DCTp};Xwme1w zhojD(wPGAN0WpMY`H#b)MPV-6>&U?H0T%gq0wKN71&PYD8V%8x1v$JdQ96aB!xCaO z9YXPtq|R_$yj#W1rD|^s4btwBlX3`J0$J*T@n#%C&&uwRLAc};#Vn-(&d@QAlsN_t znd8K_#ORFbG=Lp4#CdVl3 zV|ys!>s1eC9t|Cg!JYAJKWWVs8l6fOB02hvTS0#w=ZPGHfDd5X3ATY7K)s~FnAAw zQ#@yRaKahU;YrFv-9%=;kKTC=6(s<2l-HPay%CVgEe(E*-XUCFFv0V)D4wDAd1Ae{ z`4-2M_A39Nu)?W>NU zm_27PKI#wW8$|2<3G@MP?xCNAuxBbXi{XGb$&O=4qx1)9aRG65ael)sp+#JUrK=IE zl!LF6ygW>*erF}n)v2BOUHm+>Geh?x>@nQqnIW~4d+g&+1Pwmvw1im|`Wde3rmP>A z$wNt!2YJK!!>z*taeP*-P4F$mcE_W?Psr+Hr6!OC*P02^V`dUm)A$Uh$Y1>#SW_fi zxoHmoLjEKyIiT5WXS|>aK0tC0hrA$nP3b@gr4F$6k5DUzuJr@&=CYDVhs6+&2(Rlg z4`&geM{z9nMJ+ii%x4fp+|6|RbYCftg;7m5~^ z7UG^oZ1}lKYFLCANhexPH>g4P#c`tTj{I^%H26&5C7xq2@#U{78ofsq$vUOlj2Y=c zAlwNfQlvzd<@vp4*(Y-Yz%$h6nHY07_73LLeFS1~uTn5Rs4-2YtoH*hqBxLZQ;3cB zQ%1VKv`bOCuaYouWu5qH(9@fcCpL$SAEQ`O2{Y+p)JAHyVfH@PEaoKj#HDCz-1)9? zc-l1V5)Ul7Ik>4>&fL)KcsAQ@!|w#x9Ailg_93eHn<3WJT-_pcLwya(*oQd=TBA4I*8A?8 zl*O~mo4%o%0xY3;Gp;klgFkaJPJEu3aYI<1fEJDYRfWPE!cgv$A@mn?_K@wEYy`5a z3b-!|32}GyzE?v<82$)w`_MW3mc1URU#C5iLYTue+5+r|xfA`f)oQp-Hj=vPA zu8kit7?mqB7~m;{GTbwN=btUjWZo#cyOnxLLY>cyQ=Us525&%_NekJigu9yMbdQ;P zcDI&glq)t}m3J4%mgSzFWsA$YZw+Rlx}|))2ASx=Y5=k34c4jtdd$BkcOlD2(zy0& z_0_tQZq30hLc3;qLGx^ef*-oVPp4k?Slq^v^VfkH{nZ9lHdw`o*W|7q{=pciWsl+& z!>oJsfx#v9@yx$KfV)(%Nzn@UYVDb4U1a6@b(N2^42=6*XZmbc?1t>}k4r>KKWc68 zX2H|GO<_vPti~wUsIz%L&L6*_{G&A0LeBZMypFI<5;9=V{bHz#0)M@rkc5xoJzkB_|UXV2R zvZCA9Gt2Ah=^19{1`DI5#F|K>YKckuht#Nz69_>S;`RaY%IIg9Y_w}>+E#N- z+xQXWaby>wALVe|JD5|2-Q0ItPBpSOONyWBNY`+1Z;{d1-f2SIdynh`-P{BK-lcOW zk7cJY-}wW!tge}_rAaAR-!ZbdLq-WgbSgJySI*#G!Xy6h5OfYI%^~P$3Vz%`>LPWQ zo>WzNOIPa#Ae?-vefU=}OUg~yzr33lK`YHfjz2Y5DxP5hdFwRIVNlV?w-^VNYY~4S zA2Vx~3?2(JEtQ}aU=3lS)aP-F_{`W|Mb~7l3S9OlRV7(b11dG;!FHve3wLodd7TYm zY=xR)A5FAXH5iX+`wU`+T&}NqqzG&*!T-s(Zc?xzKo`U+p}e&a=x9842UjkW?jkSU zjn?Ho;Fu%PSLEjtJJKK#i=HPAOX9G{OwBGuiMS1)~g*{FmmzT z<`;YjwbHO%L=N0KnMeCWdtT@aVJ;(pPr*^b<>A||U~2^Vkm=kc9mIZzsmE=MexEYs;V{k05GJB1$k_>wMb5Wz6u=KE`WNl z)W8CWUW2#TflvcenaF7Dc8mrdD6A|#hNnJmp0W>>vTk;|ra-wdPVMbMxXs$p!2~ zQ&3~}H-vS0iqi{dsBe>kw2Z(KD&cD#3TWjyH41C#_zoQQ%`5Y69!Q1dz7i>zBk&E!!ETsmk93N!ozjIa6qfYb?=B%hMs)BkqH8suy93@NFqO=n>(4`4r>k_*bK$ zdL6^}l~B$#E2o7*use^LWIPd$KEc*j_oHjeXDjzI=|?a~k#?!Vq@gVO0>sjiz;F_*Wvi_; z)5I-@j_3kM0td7a}Bqcr8Kh`Tqlt@dNRw$6-yTK`>KcW)yU($g~^hsiHca`f(4WoJevR$+uGd$ee-LB38h=NQulHzl39 z(lK~9EYoX8bst)q?GY%(>eF_s6V7QHxG#>D?Pd5EsYoa1>#$Gu=gKC-9}EMhNYdS2 zG_9#D8=h9Lusp+clmcf4Yg0wM`!{pUb*3{G8_l^|JGr5!Gb}XbnJ-{0-6hBW(2@Mh z-pk0s@awNe*I#3Q>vR39v-ho<`#<^l6y?N(l|}!lfZ(^WH2g<={a^h+D2BhOCFJpG z|7X3(|Kfk3`*sBX|NRgD?h5!n)&KAa{HHy>pZPZz!N2zVNAaFJ^=PY~lFVWd37v|DhcGPc#3Y8mo+q%->oAHb#7wZ_6Lu zccb$EQETx1Mfs=JfR2&zKY9)5=)V;Q|E3`P@5KgCjDLIk^8aRA{QJOP-SB@J2pRvW zjQ*?3%Je_-8ceWSxFRbhA1#)yU0pgBpM)zoA1&Z*kFuI+9u7^{<0cG*asp)0UHNA@V= zC^_@I+}bGXe46KaT5LITnqphf$hfKm2W|lJZ)nvsLh7g4@C34{?zAaq;Z~*w)Qzby zQ(uF}EC0gawXNRx<0a);kpggULij*=wrdcIn2Aat=s6ArX)K7@)YLzuZq#XSuy-2f z))6(BfTi3dc@8It*PfxwJU_HV`VF0>V>Vkx#o!cx9I-Gh$yAsq0q8e0ZX19#_M3Ui zz4wry<71ujfdZxS`3nMY5)1py(HrIEPJT*?K0k0l7Wx3ikUSo0Xe8VvhD0c>g%?E4 zY~8^zo|##B%BST%&BNMbUbqpglKJ%Ugv!YqTWdCXPa8f#SI#aj8DXP$tAJl8(Y;Tg zcfQYRe%=CfGNMfdUN3F9vIo*G>glj#yZ4OBSaqXSxXy-mCEoPk3480q;xRvbvwAMUc&fC!^CCEB+}?}^>{JjTluQ5ytL?es@# z@Xc_&bzry|z1Gcv#wOX$frfd;a!%UPaknTKuv2U>IEtxV4**MjAnFXr(*V{wu^$%8 zmJ4P)IJsSRJQF16 zivI|dj7yj_7Ku`Bz%X0ujCN#`egi#AbF`j51oa_&b7Wqc@dSb7FQuEnEYtkBQm81w z@Bh~U+V1DA9ccuCTAViJ%Z~B+xZLti89Pr)UlIFDIU!yBUsy^Sn=|JO0`W8Xkyb<$ABNRR5wkvvF~0my1be= zrk|Ne<~gP*@M#$>L`331Jk_6hyyj6|poq7+PC=zF9=dioEG9kFs$(A8L(r{=$h>0P zu-U0~mW<*(I=gcmEjYQ4b;Kn(^*h7N3VNBa#(=15Hb%b^D|K>{pTB0K5Kne9suqsrVC~9{ce7Fa!Mg)yR-Y7S3ux!I|IPq!cD@VOFlDu4_H^IRpiG)O_7Eo{H zu!aqTPd38fqlcbYm#R-#v64r@TI;}6f5EyIwSPOR$2Pb?lee3Bi9~E$gSja3Fu)(R zo3If+e>~o=1X-{Pr=D5k!K%c^Sihqp^i;BiigRLO!J0IhOKaPjspB1jM8#*rGF+M}UtEdHo5AYSu zV2}`~`m}KH@bOqf-FPAh7y(Tfv_|{BxMDFHtI`krK1lSc1Xof%i%fHPj88<_hiWx8Q)r2y<}1G`|Dj^D zf>WOSsGM+B7tm|``M_xAqnav(qi$WbqH7pWuxIv#?L<@Rn;iSb_u6C5QqF_l_hk!!allvn^0b@FFptk z7c|6s-L)!eU}s0lbc^_zseP~Vkj)n4sn~?XcO!Qzj(>9~VWiW+VCc1@hiChChMbSI zrWC&X8O}jzkaL$exoONtdeX^q!rmyIYEoO0NjYP0>q?tsZyA8%^1IX-eCMeMC+AZ{5{P9OuF(2htXecSf0Z#l9 z^S4?3{cGcA$uEb26|`2u5$I?}Mu3Y=Byx}XQ>T+NxG^get$Nq-c$CA`Wjp)I| zB2f6uP(Euzg-1hn___1{JiW&}=H2)J5SNl%O z&K;gpd=Y86(9g00DZ*ofH-iQb-mokp4#H3>) ztIxA`@s3N(3g^8}<1*VsaJ9S69+MhzDPAyi64H*A#q%nz<}h>H_qh2w)ZLttTIf#2 zxXkJ6U;ia8}6cE;p>@NLMvj0n@ z6Q7OtsTa!{@8$Z*)UE|OqSc1SM&FYEKs_lRgXamfGBt2@b>^!1v{g&xGHT8?9%K+m3s{J~yba0CbqojhgGsKCjNNr$JvUxz&1-_%9Z5G_DsD)R0D`BXUqBrT3wQz?9gXk*0}jz@XT(d?xM{RAiz-UYCA2o9BAt8*s++?cR17p4w#edxRO|j zY$J+I6tr22=+Se+weW>bzc?D+NPl0%o{e?Afm$*)*{7w}oPQF*!&G;2_=jRtTwOp`EO@lHD$x3!+OI0BH$ zMqM?`;#O?q0!QK1T|V6<5Tic#j3OhCXxk9ug<_Gb#;B(icx2{1l}4Y3fbHFpM%9^M z+*`56?)|Q%GL38fu?xioQ~5RvtApBK9LrRP<=c61a4_qYIy=%jo&RG-qMc?&IO( zw!XQLIUxSwo^ZLyLq2|96+({MfZL*VFjy{3rx(=Zc&mbuQXHc8A^a~y2hO5Sp) zc+A=d{iGpb$Io$HhA(5%+!+_&*k8eaWHx~U&Z;LU<{f>`^-!*H<0qbJzWFiU%i?QQ zk-BRv--sptPv>>-uj}yB-L4e_o65E>eZ(aL%!xwc*Ehfu@-I-kUgLK8BT8nvX+zbt z>@X7SzVA76E5xQ7ebdU$`l znNiNx*1vASatCXP0(-09xGT^p%|o&un8KOp9$PJ+bBkOQV+G|^p#y@_o-r|k z=$HUTAjf~qZNl+;Y7+p+NcfYz$#x%D^`F!xl7_nXDP8U(2>(cPLdXJ2%ktC4$PDVh zKZB=!J@_xtQ<=X7M*W%6I@cjEu~z_f`8ZOimgqYAM479TOcLBOTEJ zDO#Ne;2jWzWYH<|@lY!@4@`@KM%qvxr7j|bvGzWIdAcI?s#09oN(?fJ;9(Yr?O~+u zAAr`6eDXp8Er#qmpRMKDn%?x*_@Mx!;2a?!r&Y{-tOBpb`TaIeyGRd`-Of zLqb1$=6{)lP?40Dk`ensivHF!e|BaVP~_eJUo#Ml->v=MtoPsM7VZhe_n-gv_oK}B z|DZknf&8+EZ@=6xe|&yD;?FI=9`m2Mj9>TnpZD-%k3atZJO&8)O8EYU{5mu7wF&>0 z%g;vs*6816CjJt~w`qxchV=Jn%l9gS1*9^V896}Og7rQf5(nddR2gh6piA=pQ1`i! z=$JtB8Na9u77kFVq;D#N4fMm0bV$sspu^q6qM&?9zvu||dnWi#wm0)PBKI#U;@4TQ zA1dPe4Au`70h<3{{~we@b|S33!f3Uh(D!>$|RXeOox4$2`W`*jV(_il?}2xJn51)Y0X*2pqe7SHqL3Q9IN#01t*t zc&ccnkCj_JF=Kwwv$WjO>C*jjs-szEFNf%gnb8$vWd;=jL>ME1E5H-~3 z(l1J1^$vk$XV;6!(*7)L^Mqh&=cJ&K*+JAaUdE)QWA2$H8k)MF-zp;+4~iOlUMITN zFag%1ohLgyo;!0xtwVmJ=FmHUrJi8(Q+NXbpUvUh;A>Y^PiLFCS0ys_Mmjp^Hxt^~(B;1Cyj~m(rYdU_TuF~@%@CkyX;;Hf|C!sR5^XP5< zDWUTNZnHU@{ui3yM&67nV3#d5ubym|Z4M7wm7?Q9eLPhTp0`S?NA818Y?dW#((b$A z(}B!kpj_b}{5T?zpUQes@o<)MvTWpTKJ}w>+K5Y^J;~Z@f<>?Vq;PVa9kj98p2yN+ zXy}V2YPA>RnPySrdE@zeR?#~( zxodV4&3#ayYn3d=#HB1~Wz&L|E8*2Wob@)t$=dZxt>x2C!kr`Bwu*BYCvytnwbT)MZ4EY(Dm1q+6Vr4BYe zbJlUMR*}r0v0`(!rqrs5xE9rP$mTnt#s*hcDw)j%y*|m{twfc)x*7-&$Zp)!Q5)ZLB^eq)Wv@God@9c#cXcKrfisgH zRXlIkssv;@>{YXt&zxNu!artXg%SY^4%XcVYs+=uOwxf7PWeVr07y)dH zEg{V`-2%>nhYcn-tOwK_#ESB1RGt%+8=QsQ1;Pgo*u0T<@u&mP;5sDl(PkdQds8$6 z_F-+1hoXaa^eiy+>oBL=C+IsI0o8BIG`~ZK_h>Z1bpOQe^@LT2Bd|KLY&K}e$bwD3 z4hw{SgNpqWxcrFyP@B(i&zWo%*deqmK0gR^Eg%G_7dK)^_XRUd#<*|uDYQzb?$cJ5x^*SQ}xXt;H8R+hte$~y*|um>*S@Ilr+L&&E{#!|CrT3w%p<-Le&+PM2% zVfCrs3X9?*@0_uY&TjNUe!|R07N;EiPf1sfw`a<0e46U=^A+n)cf0kampx8)Sd>fM zCMrcl?y_=E@SynWnfj(nC$bMTRWl9T%VtNGK02Y@X6_UC-ceqQEb_tJ$)1O{dZOM# z*>ljT-reWnt=byrAwC6HC)chnLQ+}>iMrcU-Od6%y(rPSnE9}f^!M^FeX{-Vs%2?` zW8cmO>>B@?EsoY;DNP2}f-U`;*tLY7+C0=s4PY~yb9=jWs61VOQLI^EF`2+p`&zNt zblkLVXY2S$;UKTd(R(BuM3M3oMLBdfV;)$Xf~Rd7G#%scTXkTIHaZ3(jJWXV(UvCx zqRjZA!b?*^FT~4KnEhUh*wMyNyy3OXSM*Vy(n)|C@{?o|Wf0&XFW*oAxRLt}w(ZAb z@}hh+);pJkOAS~Aegj8LZJ;pAsnQo9s}o5pyYp14T#Z84-?y9(4!;2Bw0he4Wc~d^ zJhrqYDEpaLAvi<7f|#6EIx#8o$m?vB2siLY*jNQ1zuzY)Y0G!`Z_7$NUXeK@0W9t^nt-VeQNMLpkv1P|4LMSw zsmpG%qC=vmUF#5-O>lh5<@`l`KK^rzR`x|5vf@Nm{-T|D&$GO5+eBHLS>ghr`OXP3W99f;fob6Pb&|ATA zic!OBYe)xd;R$$D?+g5*LfJxXEvdRV2<6~VyE#aoq-Xeb4>Q(^?xRx$n`Wq{n6ReC z^*M)Sw0Q)fWvpiT88%2S%Ig$f11V{tZgjvW;CCNDHzP4ZXg#!ksOs(u(3q%ii`44T z>Z#H&ul-;WDN_=1h*~UPUSwJJpr=x)eb`K*dseLqYtUh9CqJRRdAZv%odIH?-t|(W zy8mi_M1_`TT9d`qj5gfkd`G%!c?IJv**Rl1-~EHfW+*{Y<%Z`iA+{96@oc&QZGdR+7=+F%;K3x$kfGcxSC(9#uwiJo5sGS7oc{=jBa8B%;<1})(->DoccIt=YH$}pAH4Fj*yS1Xk*ix4#vn>j=$iX?@ zB-(%#MEsi}4+`6LC4vNW9;~L~%K&wV+#$g*+R1MwnsR%N1i^oi)h! zc1V6U<+Aq!ml3&n;|OxWIIkG(riD509-n$<__1VcNm0>&(=Nglf0@Ei6kj!F^~=vB z2mm5ORrN|~DRuFFXhpFPgF zq;TBVoN8qch;T?~uF%e9uq+NY8Sk9;lb5Jl6J+!X?Zim4wb&|EywN2N)o7o+B{M05 zpo>XsNB#;8={^1qwk?d3g5?3-KKU}hXfkK?KN<&E!2}NZ2&rK%c~175Q(H+=ny`oL z%aD-~xkqOBCI}Vr_n)*1jG_Zw12eP1*qq{?p$cZ*d_M5UcUy0ns+P2KDlVqN4%ktf zNDW~%Ex8%*nhZ@Xud^#sueO?FI*hhq#tIZ7mTDCYp9oEHwPHU@*gvQdz8jru;a%d! zL7#^;7+p7{J`4#~vB0pl0xi&|ecK&%%QXMx>k3^p?AskCx|l}Nt4~5r(NT1RhZ!h< z4gAR!mrns0$cq1S><0{#2X!J2ZfK0czg{1>t-Z&0lXPcQXGdeCWVBz_fO#Bas zAM}ptVcs^wl;T@}yEc35vpd6I<0d^ATOAJed_y9tGm$yd0pa4@U<<@#$ZfK{r1`f6 z1ttUNJqW$D0zte2kt85)VVIzIM5Eind>s<_#th20J&nNP!E_7W!UJ|Nzh;^RI+=m% zgwkHqj%&R>>rJXlyZm>wnDSVD>(2jDb|3#7Lb4-OU)Ugw#YxejT$|aFwE)dgts@0s zvP*(e4i4l7<#t&)iWQVbWFTn_v+FchO^Mc&wxaym`K*Y?0s(5&0{pB zComQbe|;TtgG?x4bcBoWJ1W<=kvkhM$zwH-@*CN1b&;VX*V1eg+!-Fy8d->i^8BPm z5bO7z`3=jJVwEo4=)^p!Pr9U1#Ny%E@FR(86<`bPBF(T{$J9|wO~6nSnkjGo+ze}-`LBuBOEiQOi9~WUdtRiSHW? z_RR`x?0OKlyz<&2DJ&Q?AmV3z-qrDVlAQ>L!eHquXo14m@fmgC0Z~bJ&2avN^HViOR6K;uAas+y>o?kVwPW`uDqgDOV-(6;|=CH!-lk^%L2i&pm5~Hb3^mfO|A##67<~lSBn%h1>$Vlo~o>4?%kiIS3ZEZ%}Hf=1fUJw zfs=Vu2Ng{fE>Zh^At&lyD#VB9Rw@rhZpwLb(^V`v*fW_p9;i&baewc(fa@Rm%cU7pL2 zb*DTVPc(*|-mzXpk24QmysgA*QD9bEx;bjGsiZ1yc<;1d>+ZxuLS=XS9-gOoBvr@~ z>Eu*}z8Nl+)PHgC5W8d3dZo96R1G&$ck`G6EJ`#8sQEeiwo}Z=4lIH*Y=|@o!vk~C z|ELv#X-eI#!Kqk~=pi&)t&v8~n5+?2&o+S92(X$gTeQGM)oy2Htq zz(i{Au0SbqR_5g{_OxcSw432s#Z>0J$9lCh=>A=7nV{ryXxYz`pOTE!gtLEaImWXZhZe+UCfiJJE93ns+`<PJoN z9S;k)1I(SP>(WfkKjFw1Mz;|3@~S)wDuao^(oHh?FdOG@kzv3?YNxl!?e&@L@OkXh zwa4};zb%sJy#`R$xpf&+3jG7T{YY_EAR`c>Y5lNHE2|xX^?68o`b%_t+f1rnOfjd| zE`dukKsYyJu-~a;Y~OWSxRS^BC3pMD14+iUDsJn-C;JyIb|s0!cV>;1(+!x_wz?h8 zPOsN(in(xug?-*-X}cP1DW4Yi7DX7m%VOQvevZ1+E3UNI^tj3+&XZplo=R6#B#VxW zV0aLyFL+HZw=9Zpx*sR;HiV@6S(1fAKO9&(ECa&~dU`g}c&o|V5a`yj+Y zRw{tC71J1y;f3UuSR3(VxO7DKs!`ESwgPATh+bpbjmUU^*C~T^y9l|zSeQ^|IQcYv zb$+-SljEV3mpgp*y1aznVld}YzeY!5z>S#JXRXrAFXMUGjw=@yXVPPEUx#NgO4I#XR(^&=Zq-&ETR{04YGu$iz+4ffzKd-B9&&7M*!|; zyQ!TwZ(*6X5J#O*CtGPv;}l02rLkAhSQJDBgk%l$CO^m3opz(RucDwymY^mA~STShmtS`>Jz}ZSc;U#RP{X zTm=tqO}w;9h%q1Iw;2UiWfK>3Gbg+*vEb7^`-Z z$#`{sZU3jPqVD&Wn~eodb8+e`om`PeH&ctSS4xtpj=Nds`lK<((~iCo;i8(fpSg{9 zF^mW@k^#l~i$RU8ved8T0NlCq|#N@2)HR6i96 z(kI$H*1Uc)}7vl7y&U^>~U@^Rvzp|%g6 zisQNXDiBSqD>g9xov5CzSQlG&9R<-m>2l(0x5zMSWL9zhMi6KkW(`U7vK%yLSa0hV zE=|zuVMkppL#SQ;(PO9LLo}K#_eD;>pj~Gw;ryzF<0$5pk#Q3b!xT5{q2?LkGLGiC zg)uecMIf^NqMEdIiYv`0iYoc6x!$IUJ*MnM;){=XgVO}Q$ZD9@B$khH2A_+FGcoJ7-*%%W@=m&-|eDq z;L2d$qlilEZlc5&rIxec40qcLEwP?vuG~(WH)poFmFup1re*yMJM(vky;lg=g6bDW zy8=a<{cKe|Np2^m@<#!7))WI$`KD7lo!tTKZ%j$ciFk3|+D(VsaoJjl4D58(;&IfF ztT`^vgd}|fjU5GD_T75x~dyRjwel~E2@h{MN8uQ z9b{^^zrSVZN?oj9mU2?+gqG+I!ADXpNUYvBwW~X z-_F-ILCf4+8^=#Ba+q^C-e_=zPQ_MC67b7tt2%`tTEX7i^o6w}XuPy7woc!9SGRk< zxRC4$y=d4dR6YNIA$N3~^r4a#yH^48F-4in6V9lDl6{sAZMqi_*Rj4du-YUN`a_7t z+r|1zdg1&Zv}4M-KVwnoX30ueI$FMKlV7uXPAb1a;i_Ci9X0~$ zal6#vej(ak{kG7vP5tP`QXPFTs6WZ>qhr8PXh@@V$x_4GWKN=(UAM0|vU;BKz{A68 z+TtW3bSMPFgHYPr@OHlPa}o5rt}g_t*CcN}4er4f;r`?M-&jz!g_{g>R+M!vmIb67 zueXlUTSJg#B-th`JX&sZ-`q%3m3wYkIQQKeccB0Sy<=*J8OMWOP7`SXlbK@2YZ5u! zxX`USTX$66!nNFQyOi64XF?~i;IP&0@EI=GHRAk3jki?FF#ExOU zs_T&0KrflrK*#8qr++_J8~*1PpsRNIyznj(+unw zbK#g$_gsg%D;QbWhWhEhqf(4aM9_5K891qNxB*=Y9&Rlpr-!v}!&re3Of3l;(+s!6 ztLj=VH@@@Sz@x-*;i&?WvUU;R0hZKgGEXlCeS-U0N{J^$vWfLPC(ks}i<)ePaf3>!NB4QYt4{g>A0v1d9};Z&48Fx_P^EjGOC z$&q)jpUsc4R@HKxvBj3$>Cq3xnQUnt4S5%Nrslo7^{{iBT48HPjwg4wM7b)Q`6Pf- zEOq(O(jmZPKB6nX>e&weF|xCR3+E{BzJ$Sh=VOF6c7zDu+oKn^FZQwCx)n65#t}(% zM}}eO9M~}Gh8s~Sb2R1y>nnqiFGzRmYR6^wRn2h#s~Pg`B)RAuFMODpQ7t3Juw`^>UdkQt8qD@KR0(OXy)0LJ9}J3=gMY+;7f8~;yhO?!4H_!JEh-n z+4P^1Ht09AFci{Dz3~53vtym+qlzu!V{1h=KhRYheK9H>ngqxWL!&9YSkVnMAr@i| zCr%JWlFE8RE+>dWl@WmYN$@)?7UK;r2gQ=LUKR}`zet;((d~kt)=vp|spEmrx94@i z!`KA9de(f6A2$zv@n6<0dDHk=X~k2rTyU=r5Ud^ObvDW>~1}$Yj(#^D!jZ zR5f54AW@cNTi8PH_YABaaW=@kn3zFdIogkxY+OR`DVT2M)T?5#x0q*sWITpEWCR6m zuS~RfRX+70jG`=s7I%HlW=XAm`0fbHU%l0T6Ttl> z(&1!esE}Zr8f1QWmp_f47@;+Uot#ta-C}ZOO+kVDX%)tj6k};Uf7X#H$s`a8MV|N+ z`Kp#=3W#f8wW2h6DFy-A73^=Z#yu=(VSc@`D@5bD!629!vJ|seP7iO!|AwY0mm%%)+Pdfy%8NN!C2+jDI{dZpNXPgISNYUNV=LT1iUo0nqwUC_=J&#q#%>|4r@ zKCjJ|o~#Cs&sfZc*EzkqY9`u;JEuB-;tcKf8W4#{6sD{O$~oMyz*LHE@lYH3%u8Sa zYhQjJXCMCj&C@w}v#0<3idA)sDS_65ZOz??A1|}!GyGyOG7nD~lss)PK_(TLJ_k%6 z!0kM#vFE>OeSGqkd?Z#XPn$EnQIFsK z29Knag0QeEjexF&sh+LrUko0Wd!CCN$SwIF_8`l5-_ZYwJ;=oR8+-8Uwm--$-#H$j z_17RFLTYZnOUIsV@8rXgrmySM){xk~d_#=1;qVnLcsT zU|GL_pVAp&CXVE%d|6BBXK<&AGlZaiI6yk{K# z$)|C3wjz6AnWz))gmJ}7dT4Tn6U|Xpw|Of8FbRYjuD28 zm&9Z#^Q$yIq|hp6XIt1|H*grP(zSQDCpC#jPyDe!j6vpyV6QGG)@~Zwo13c^&Pudl z+2>zLd5e2fk)!iML3JGIu(shtLE%HO5*q2qyq>1*HV#=h@yDt8($Gta(7E zd!cs$dW0^I@=*t|o8he z<_#Xoo53!(4QbShJ8jk+PQxokeI*Vm4?p|gaFw&wx4p|V^vd~harw*jGRnQTJ*_JaZ!X(<&ZgtZ*3M9kShp};(N?iEa3yIi zEV!0QNvjIccs`!{LaMy?g@kBlpYVlv$*iGwTOH8zsxJ%)%{T639AjBq7>dY5r3~;u zpsSOut)EVAngc)qd`F4$z}nL!UKWch}XCx#0 z)e%Tp!j;`COAm7!(SH&4k5I9{D$9Qt_P;C3|BHL}h_V@+L6;<6|`(QD@1^3DX*ZagAF@@q!i?%D9=4pt)F z_X2cI7Y_p<0v-Yd!vi2`wD{N5@_=g5X&FcXjU;(q>3D%p`h#{i0r#8qeJKEKg?#im%kW#TrP%n_jBdM;6jlz$*;RG|1OD zT(F0i>)EZvSXQT;Qia!>N{9>^sSnOPo|_%Rwk~tH#5k{J#k5GCg=ws{oF34uPEma_ z##zlKeF5Z3HQ?F8HrkWh?9EaxcNrVC#Ddd8K3Hm$wW#XdFnN;{8f#IxX{{7|qCp~QV%*&o=4YV=uzisQ zgyzKNt!DG)f@VY;TucZp2zci$Qk+LjUvesj(<{um*9etG2R?J_j6~|=O zR!a82%QjC~9Wn?u&kB#D^L_a~J;Jwr(g=oaAsx+ zrPW$an!+!j35m1!(!Fg^RGIA5Ny6E2kZ}%IW9MUW^jIZG8u5(AQniO?g~#uuD_W>x zVOK3AvoG{+v^DqKwoJs|MJ1@d=Idk2II%Npy%9@;boPe-M8q3}u4h6;IFz3)9R*P1 z*Nkze+JS;zCy0AbpcqVfdM|^e3)W`7XCNe(Ox?4>t4(DjsV=(~um8a;qb`KU%sW zbARe-TwCZ(Hi6Z)yzgIBHqmfGY=n9k65ZZs551)`t%~6a$I)5a7E83{*qDl7(=sR~ zTg#7Sx6Ix%0&k#uE=?!PO3hs19*R9=hcfGL9hE%V$1UDuoHSY?Jl274437DcGVzsL zySp2U(QH(z7+{jhGv7in#W#p!tU%fvep#vO8Dy3`(QIJ8_j)FNbkz{g@hdWfjE>o3 z#G5eq&kyj@V=0AlH52MsSmI|%?P8f_TTyFcI++yUz$6?$Q69h z&_1_xBvVC)mp6yMqIFBk*FFEGX@%h6#VyvI95I#D6e)`sS61dQV8e35vQ`a0EVK(_ zc-YZiHq5RJ~+5MI%ygd8iyvv+*5sY=??+Jbhnu^0}c!%zyNKH`p_J;YTCV))4@ zHdwka-HpZ`#wX>s6&i8CmLjSn1e6EUc2t+)S&Z8Y4OU=G5OM{m&H2<1(w8=sHkC8b z*7o6Xhhj*ND|h0YLp4V84WuqeAH4)VM(sv9 zin(SJZ6w)0OKASUu`;~^^RmH>&5VyBv^Q0ctd^L{w};6PGE1r!6nOZUYEVZ+ni2(` z;xv@10*?kSloOuI508MoIL~f`+kw|0TrHn956`T|MG{Y$?^8%_k(jykmiXB)KuywG z;|#yaZ}x_~XhJD`}rBgnh>5kh3Zt_$!x=!}3U~D!sOz)bhk3EG0 zrIeiCCC8I;yu**%hE#%`8+lXx1EK&^e$ISUPNk_UA3iEPdDoG+%g4f((e^T?@)%_- z;siL$1qZ@TWiFQqni&LXYsqdz$+?{-d|MsRYhjK_{jE6MJ!@sWE2xd|bodA89D z)6}sd@zV{Np>v}lnF(Aq(=}dQ8?G4E&}+(lcyACss9wJx136DeT|XJO_i1ewL|WhV z-di5*PmJW^qL_}3=ID(NPsw=)FBHR0VmaFMscCrFhD5J7qL*Yb&c3<7ktTz3aQU}9CAePi>xNxh)AEocs)Ll99u{(m93us zOG{p`PLowk8NHt3t1Q|k2yiw_qj<-bBH^LRw%t!c39_b@WV->nWiZIzV<*nfQAaMN zrEcTRd|WaBdd_WTHAunGR-!9%dYXea!P+J98wW4ti!EGpf`Ua-Mz2L*f;m%HaJ}SfyNCR8x5=R9^6Jc zT&ZnqVJ0C%fjM{O8ZRq+ENLKmuLyRPrbEXm@^THb8D%l30x2$MgvtaxQR_Hg*KmeE z!g8TRl4uhlcTI$wH6)c=w8;Rzsrf{2YH(XDvn?}9X!-}*|%-^CV5fWfWmg= z)*F*S02T9r5|gG9eQu@4(KyH!8<-B75vMy@(<$?6AL5zkC74Uy`ATN zv`r~xs&8v;XKiFpsBCR(KuAX@U~8yrZ%8Nr@&S^TCuAd3lA<@T)_11*XVV{EtCUi@ z`h=h&Dj-7wJ%EXxl~C3}*Vf*JP)1N#0OWsU=xqOUqkF5**W=wEsxhPH&P-wj${>uC*I|89`_x^8N1C3s(Zkf+pFE0vVB!TmbSk97&dmrkGx*b#!9 z7rz#G_Dn{S^C$XkMELU&-PzXA=-&T~6$a$5`Ta!*^2h?R5E>DF!&sOBK+w+aUxZfQ zF-B(Ky$j`U*u4b>H0=2e1FhUU^8Jo6-}{IDi7_*Sy20<|*nsz5$-iMhAUh}$;O`iK zm4gY?hQF2jw)Q&)WaqedUi+;asAhlFjftHFN~V=Rm;_lS2f7wO7T4d8!2${~`DcG-0iEAp7|2Wf zZ;a`$e!v21=)cN=8uhPp0doA+ek{z4Ab0UU&JWapf3_c}++WubNdEzTshhp6uBnBg zEzG?Jmp63*sbY}*LeARSp737c_j40sRz}u@-<7zSAfY-TH>0ir2ar_{z{GB-%cc)B w0x)qf0@(Fg4FGH`dU}jZyfFX0$hV0LJA2R_?5omdVFtxQfFUCjk`{*fKe_%j9{>OV literal 0 HcmV?d00001 diff --git a/simple_hf_example/1_set_hf_token.sh b/host_factory/1_set_hf_token.sh similarity index 100% rename from simple_hf_example/1_set_hf_token.sh rename to host_factory/1_set_hf_token.sh diff --git a/simple_hf_example/2_get_secret_restapi.sh b/host_factory/2_get_secret_restapi.sh similarity index 100% rename from simple_hf_example/2_get_secret_restapi.sh rename to host_factory/2_get_secret_restapi.sh diff --git a/simple_hf_example/2_get_secret_summon.sh b/host_factory/2_get_secret_summon.sh similarity index 100% rename from simple_hf_example/2_get_secret_summon.sh rename to host_factory/2_get_secret_summon.sh diff --git a/simple_hf_example/3_cleanup.sh b/host_factory/3_cleanup.sh similarity index 100% rename from simple_hf_example/3_cleanup.sh rename to host_factory/3_cleanup.sh diff --git a/simple_hf_example/EDIT.ME b/host_factory/EDIT.ME similarity index 100% rename from simple_hf_example/EDIT.ME rename to host_factory/EDIT.ME diff --git a/simple_hf_example/README.md b/host_factory/README.md similarity index 100% rename from simple_hf_example/README.md rename to host_factory/README.md diff --git a/simple_hf_example/policy.yml b/host_factory/policy.yml similarity index 100% rename from simple_hf_example/policy.yml rename to host_factory/policy.yml diff --git a/simple_hf_example/setup_summon.sh b/host_factory/setup_summon.sh similarity index 52% rename from simple_hf_example/setup_summon.sh rename to host_factory/setup_summon.sh index 5da2f93..5f044b0 100755 --- a/simple_hf_example/setup_summon.sh +++ b/host_factory/setup_summon.sh @@ -3,6 +3,4 @@ sudo chmod a+w /etc/hosts sudo echo $(netstat -rn | awk '/^0.0.0.0/ {print $2}') "conjur" >> /etc/hosts sudo apt-get install jq -curl -LO https://github.com/conjurinc/summon-conjur/releases/download/v0.2.0/summon-conjur_v0.2.0_linux-amd64.tar.gz -tar xvf summon-conjur_v0.2.0_linux-amd64.tar.gz -sudo mv summon-conjur /usr/local/bin +curl -sSL https://github.com/raw/cyberark/summon/master/install.sh | bash diff --git a/simple_hf_example/tomcat.xml.erb b/host_factory/tomcat.xml.erb similarity index 100% rename from simple_hf_example/tomcat.xml.erb rename to host_factory/tomcat.xml.erb diff --git a/ssh/rack.yml b/ssh/rack.yml index 96bffeb..d6886ef 100644 --- a/ssh/rack.yml +++ b/ssh/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_2 - !host cdemo_vm_1 +- !host cdemo_vm_2 From c2fef1cefb61bbeacf2b78705fe2a0433300fad1 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Wed, 20 Dec 2017 08:57:06 -0600 Subject: [PATCH 40/68] add script for LDAP sync UI step --- build/haproxy/Dockerfile | 1 - ldap/1-create-policy.sh | 11 +++++++++++ ldap/{1-ldap-sync.sh => 2-ldap-sync.sh} | 0 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100755 ldap/1-create-policy.sh rename ldap/{1-ldap-sync.sh => 2-ldap-sync.sh} (100%) diff --git a/build/haproxy/Dockerfile b/build/haproxy/Dockerfile index 488f839..fd7ba55 100644 --- a/build/haproxy/Dockerfile +++ b/build/haproxy/Dockerfile @@ -9,4 +9,3 @@ RUN apt-get install -y \ COPY haproxy.cfg /usr/local/etc/haproxy/ COPY conjur-health-check.sh /root/ COPY start.sh / - diff --git a/ldap/1-create-policy.sh b/ldap/1-create-policy.sh new file mode 100755 index 0000000..3e1ca4f --- /dev/null +++ b/ldap/1-create-policy.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -eo pipefail +printf "\n\n-----\nCreate ldap policy file...\n\n" +printf "Use the Conjur UI to:\n" +printf "\t- connect to the LDAP server (search password is 'admin'\n" +printf "\t- review users and groups filter settings\n" +printf "\t- click 'Test Configuration' to preview users & groups to sync\n" +printf "\t- click 'Save & Schedule' when ready to run sync script\n\n" +read -n 1 -s -r -p "Press any key to continue..." +open https://conjur_master/ui/settings/ldap-sync/ + diff --git a/ldap/1-ldap-sync.sh b/ldap/2-ldap-sync.sh similarity index 100% rename from ldap/1-ldap-sync.sh rename to ldap/2-ldap-sync.sh From e8724a227d81902f95e1566b2d8466be0ac3f5fb Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Wed, 20 Dec 2017 09:38:38 -0600 Subject: [PATCH 41/68] add host factory to webapp1 policy --- webapp1-policy.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/webapp1-policy.yml b/webapp1-policy.yml index 164f4b2..8fc3c51 100644 --- a/webapp1-policy.yml +++ b/webapp1-policy.yml @@ -18,3 +18,7 @@ role: !layer privileges: [ read, execute ] resource: *variables + + - !host-factory + id: tomcat_factory + layers: [ !layer ] From e77e6f844660491fb5171a35710988cc7f55e186 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Wed, 20 Dec 2017 11:47:33 -0600 Subject: [PATCH 42/68] setup /etc/profile.d/cdemo.sh --- _install-dependencies.sh | 20 ++++++++++++-------- host_factory/1_set_hf_token.sh | 2 +- host_factory/README.md | 1 - host_factory/policy.yml | 26 -------------------------- ldap/1-create-policy.sh | 2 +- 5 files changed, 14 insertions(+), 37 deletions(-) delete mode 100644 host_factory/policy.yml diff --git a/_install-dependencies.sh b/_install-dependencies.sh index c456d37..8b6f8d5 100755 --- a/_install-dependencies.sh +++ b/_install-dependencies.sh @@ -1,6 +1,7 @@ #!/bin/bash -e main() { + sudo yum makecache fast sudo yum install -y etcd install_docker install_docker_compose @@ -46,14 +47,17 @@ install_conjur_cli() { } configure_env() { - echo "Configuring environment..." - sudo chmod a+w /etc/bashrc - sudo echo PATH=\$PATH:/usr/local/bin >> /etc/bashrc - sudo chmod go-w /etc/bashrc - . ~/.bashrc - # bounce IP forwarding to reset route through any proxy - sudo sysctl -w net.ipv4.ip_forward=0 - sudo sysctl -w net.ipv4.ip_forward=1 + echo "Configuring environment..." + SHELL_INIT_FILE=/etc/profile.d/cdemo.sh + sudo rm -f $SHELL_INIT_FILE + + sudo touch $SHELL_INIT_FILE + sudo chmod a+w $SHELL_INIT_FILE + sudo echo PATH=\$PATH:/usr/local/bin >> $SHELL_INIT_FILE + # ensure internet connectivity on shell startup + sudo echo "sudo sysctl -w net.ipv4.ip_forward=1" >> $SHELL_INIT_FILE + sudo echo "sudo dhclient -v" >> $SHELL_INIT_FILE + sudo chmod go-w $SHELL_INIT_FILE } main $@ diff --git a/host_factory/1_set_hf_token.sh b/host_factory/1_set_hf_token.sh index 425ad58..3ad37c8 100755 --- a/host_factory/1_set_hf_token.sh +++ b/host_factory/1_set_hf_token.sh @@ -5,7 +5,7 @@ # Usage: admin_process ##### -# HARD CODED VALUES from ../policy.yml in parent directory +# HARD CODED VALUES from ../webapp1-policy.yml in parent directory declare HOST_FACTORY_NAME=webapp1/tomcat_factory declare HOST_NAME=tomcat1 declare VAR_ID=webapp1/database_password diff --git a/host_factory/README.md b/host_factory/README.md index ba61332..1852fba 100644 --- a/host_factory/README.md +++ b/host_factory/README.md @@ -4,6 +4,5 @@ - 2_get_secret_summon.sh - one argument: outfile from above, redeems HF token, retrieves variable w/ Summon - 3_cleanup.sh - deletes old HF tokens - EDIT.ME - connection info for Conjur - - policy.yml - webapp policy to create variable for retrieval - setup_summon.sh - installs summon - tomcat.xml.erb - example template for secrets injection via Summon diff --git a/host_factory/policy.yml b/host_factory/policy.yml deleted file mode 100644 index 8de904f..0000000 --- a/host_factory/policy.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- !group devops -- !user bob - -- !grant - role: !group devops - member: !user bob - -- !policy - id: webapp1 - owner: !group devops - body: - - &variables - - !variable database_password - - !variable api_key - - - !layer &tomcat_hosts tomcat_hosts - - !host-factory - id: tomcat_factory - layers: [ *tomcat_hosts ] - - - !permit - role: *tomcat_hosts - privileges: [ read, execute ] - resource: *variables - diff --git a/ldap/1-create-policy.sh b/ldap/1-create-policy.sh index 3e1ca4f..cfa9c1f 100755 --- a/ldap/1-create-policy.sh +++ b/ldap/1-create-policy.sh @@ -7,5 +7,5 @@ printf "\t- review users and groups filter settings\n" printf "\t- click 'Test Configuration' to preview users & groups to sync\n" printf "\t- click 'Save & Schedule' when ready to run sync script\n\n" read -n 1 -s -r -p "Press any key to continue..." -open https://conjur_master/ui/settings/ldap-sync/ +xdg-open https://conjur_master/ui/settings/ldap-sync/ From d952f89c7455e7ea02dc92112196fa201f12b4d4 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Fri, 29 Dec 2017 14:45:22 -0600 Subject: [PATCH 43/68] Update README.md --- cluster/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/README.md b/cluster/README.md index d486e07..d0f0b34 100644 --- a/cluster/README.md +++ b/cluster/README.md @@ -1,3 +1,3 @@ # adds standbys to cluster and shows failover - - 0-setup-cluster.sh - brings cluster to default state of 1-master/2-standbys/1-follower - - 1-cluster-failover.sh - removes current master to trigger auto-failover, adds replacement standy + - 0-setup-cluster.sh - brings stateful sub-cluster to default of 1-master/2-standbys + - 1-cluster-failover.sh - removes current master to trigger auto-failover, calls 0-setup-cluster to replace standby From cec0912f9ab06468847125763cb22da57542093a Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 30 Dec 2017 12:06:17 -0600 Subject: [PATCH 44/68] added ansible, fixed hf/summon demo --- 0-startup-conjur.sh | 12 +- 2-shutdown-containers.sh | 2 +- ...e CentOS 7 VM.pdf => Create-CentOS7-VM.pdf | Bin apikey_rotator.sh | 23 +- build/ansible/Dockerfile | 13 + build/haproxy/Dockerfile | 3 +- build/webapp/webapp1.sh | 3 +- cluster/0-setup-standbys.sh | 6 +- cluster/1-trigger-failover.sh | 9 +- cluster/cluster.log | 2 + cluster/cluster.stdout | 374 ++++++++++++++++++ cluster/cluster.yml | 2 +- cluster/conjur.conf | 9 + docker-compose.yml | 16 +- etc/haproxy.cfg | 30 +- etc/haproxy.cfg.template | 6 +- etc/update_haproxy.sh | 26 +- host_factory/0_setup_summon.sh | 7 + host_factory/1_set_hf_token.sh | 13 +- host_factory/2_get_secret_restapi.sh | 9 +- host_factory/2_get_secret_summon.sh | 196 ++++----- host_factory/3_cleanup.sh | 9 +- host_factory/EDIT.ME | 13 - host_factory/conjur_summon_provider.sh | 85 ++++ host_factory/process_template.sh | 18 + host_factory/secrets.yml | 1 + host_factory/setup_summon.sh | 6 - host_factory/temp.out | 5 + ldap/1-create-policy.sh | 11 +- policy/apps/webapp.yml | 24 +- {ssh => ssh_ansible}/0-setup-ssh.sh | 42 +- {ssh => ssh_ansible}/1_create_key_for_user.sh | 0 .../2_ssh_user_to_host.sh | 7 +- ssh_ansible/3_ansible_user_host_module.sh | 10 + .../4_roles_with_resource_permissions.sh | 0 .../5_review_activity_on_resource.sh | 0 {ssh => ssh_ansible}/README.md | 0 .../_test_fetch_userkey_from_host.sh | 0 ssh_ansible/ansible_hosts | 5 + ssh_ansible/id_bob | 27 ++ ssh_ansible/id_carol | 27 ++ {ssh => ssh_ansible}/load_policy.sh | 2 +- {ssh => ssh_ansible}/rack.yml | 2 +- {ssh => ssh_ansible}/ssh-mgmt.yml | 2 +- 44 files changed, 812 insertions(+), 245 deletions(-) rename Create CentOS 7 VM.pdf => Create-CentOS7-VM.pdf (100%) create mode 100644 build/ansible/Dockerfile create mode 100644 cluster/cluster.log create mode 100644 cluster/cluster.stdout create mode 100644 cluster/conjur.conf create mode 100755 host_factory/0_setup_summon.sh delete mode 100644 host_factory/EDIT.ME create mode 100755 host_factory/conjur_summon_provider.sh create mode 100755 host_factory/process_template.sh create mode 100644 host_factory/secrets.yml delete mode 100755 host_factory/setup_summon.sh create mode 100644 host_factory/temp.out rename {ssh => ssh_ansible}/0-setup-ssh.sh (76%) rename {ssh => ssh_ansible}/1_create_key_for_user.sh (100%) rename ssh/3_ssh_user_to_host.sh => ssh_ansible/2_ssh_user_to_host.sh (70%) create mode 100755 ssh_ansible/3_ansible_user_host_module.sh rename {ssh => ssh_ansible}/4_roles_with_resource_permissions.sh (100%) rename {ssh => ssh_ansible}/5_review_activity_on_resource.sh (100%) rename {ssh => ssh_ansible}/README.md (100%) rename ssh/2_test_fetch_userkey_from_host.sh => ssh_ansible/_test_fetch_userkey_from_host.sh (100%) create mode 100644 ssh_ansible/ansible_hosts create mode 100644 ssh_ansible/id_bob create mode 100644 ssh_ansible/id_carol rename {ssh => ssh_ansible}/load_policy.sh (86%) rename {ssh => ssh_ansible}/rack.yml (100%) rename {ssh => ssh_ansible}/ssh-mgmt.yml (96%) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index c7e2300..7bf5a81 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -2,7 +2,7 @@ set -eo pipefail # EDIT TO POINT TO YOUR LOCAL CONJUR IMAGE TARFILE -CONJUR_CONTAINER_TARFILE="" +CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.9.11.0.tar CONJUR_MASTER_INGRESS=conjur_master CONJUR_FOLLOWER_INGRESS=conjur_follower @@ -72,7 +72,7 @@ conjur_master_up() { echo "Loading image from tarfile..." LOAD_MSG=$(docker load -i $CONJUR_CONTAINER_TARFILE) IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message - sudo docker tag $IMAGE_ID conjur-appliance:latest + docker tag $IMAGE_ID conjur-appliance:latest fi echo "Bringing up Conjur" @@ -101,8 +101,6 @@ conjur_master_up() { haproxy_up() { # bring up hproxy, rename as ingress, update & start docker-compose up -d haproxy - haproxy_cname=$(docker ps -f "label=role=conjur_proxy" --format {{.Names}}) - docker container rename $haproxy_cname $CONJUR_MASTER_INGRESS pushd ./etc && ./update_haproxy.sh $CONJUR_MASTER_INGRESS && popd } @@ -118,7 +116,7 @@ cli_up() { docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/etc docker cp -L ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem $CLI_CONT_ID:/etc docker-compose exec cli conjur authn login -u admin -p $CONJUR_MASTER_PASSWORD - docker-compose exec cli conjur bootstrap -q + } ############################# @@ -155,4 +153,6 @@ update_etc_hosts() { } ############################ -main "$@" + +main $@ + diff --git a/2-shutdown-containers.sh b/2-shutdown-containers.sh index 7570c44..2104f4d 100755 --- a/2-shutdown-containers.sh +++ b/2-shutdown-containers.sh @@ -2,5 +2,5 @@ docker-compose rm -svf webapp docker-compose rm -svf ldap docker-compose rm -svf vm +docker-compose rm -svf ansible docker volume rm $(docker volume ls -qf dangling=true) - diff --git a/Create CentOS 7 VM.pdf b/Create-CentOS7-VM.pdf similarity index 100% rename from Create CentOS 7 VM.pdf rename to Create-CentOS7-VM.pdf diff --git a/apikey_rotator.sh b/apikey_rotator.sh index 622fd37..1988d9c 100755 --- a/apikey_rotator.sh +++ b/apikey_rotator.sh @@ -1,11 +1,18 @@ -#!/bin/bash -e -set -o pipefail +#!/bin/bash +set -eo pipefail APP_HOSTNAME=webapp1/tomcat_host - # rotate API key - # write new key to nondescript file in shared volume -api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $APP_HOSTNAME) -echo $api_key > local_foo -docker cp local_foo $(docker-compose ps -q cli):/data/foo -rm local_foo + # rotate api key for host +api_key=$(docker-compose exec -T cli \ + conjur host rotate_api_key --host $APP_HOSTNAME) + + # if no arg provided +if [[ "$1" == "" ]]; then + # write new key to nondescript file in shared volume + echo $api_key > local_foo + docker cp local_foo $(docker-compose ps -q cli):/data/foo + rm local_foo + sleep 5 + docker-compose exec cli rm /data/foo +fi diff --git a/build/ansible/Dockerfile b/build/ansible/Dockerfile new file mode 100644 index 0000000..a7bfd87 --- /dev/null +++ b/build/ansible/Dockerfile @@ -0,0 +1,13 @@ +from williamyeh/ansible:centos7-onbuild + +# ==> Specify requirements filename; default = "requirements.yml" +#ENV REQUIREMENTS requirements.yml + +# ==> Specify playbook filename; default = "playbook.yml" +#ENV PLAYBOOK playbook.yml + +# ==> Specify inventory filename; default = "/etc/ansible/hosts" +#ENV INVENTORY inventory.ini + +# ==> Executing Ansible (with a simple wrapper)... +RUN ansible-playbook-wrapper diff --git a/build/haproxy/Dockerfile b/build/haproxy/Dockerfile index fd7ba55..08c4f91 100644 --- a/build/haproxy/Dockerfile +++ b/build/haproxy/Dockerfile @@ -1,11 +1,10 @@ FROM haproxy:1.7 +RUN apt-get clean RUN apt-get update RUN apt-get install -y \ curl \ - jq \ vim COPY haproxy.cfg /usr/local/etc/haproxy/ -COPY conjur-health-check.sh /root/ COPY start.sh / diff --git a/build/webapp/webapp1.sh b/build/webapp/webapp1.sh index f20cc1e..7dedc94 100644 --- a/build/webapp/webapp1.sh +++ b/build/webapp/webapp1.sh @@ -24,7 +24,8 @@ while : ; do if [[ "$APP_API_KEY" != "$OLD_APP_API_KEY" ]]; then break else - sleep 2 + echo "Waiting for new API key." >> $LOGFILE + sleep $SLEEP_TIME fi done echo "New API key is:" $APP_API_KEY >> $LOGFILE diff --git a/cluster/0-setup-standbys.sh b/cluster/0-setup-standbys.sh index 5ae711a..da62bb4 100755 --- a/cluster/0-setup-standbys.sh +++ b/cluster/0-setup-standbys.sh @@ -12,6 +12,9 @@ main() { start_new_standbys wait_for_healthy_master setup_standbys + wait_for_standbys + # start synchronous replication + docker exec $CONJUR_MASTER_CNAME bash -c "evoke replication sync" update_load_balancer ../inspect-cluster.sh } @@ -56,9 +59,6 @@ setup_standbys() { done rm /tmp/standby-seed.tar - wait_for_standbys - # start synchronous replication - docker exec $CONJUR_MASTER_CNAME bash -c "evoke replication sync" } diff --git a/cluster/1-trigger-failover.sh b/cluster/1-trigger-failover.sh index 63e9b77..dab837a 100755 --- a/cluster/1-trigger-failover.sh +++ b/cluster/1-trigger-failover.sh @@ -1,5 +1,5 @@ -#!/bin/bash -e -set -o pipefail +#!/bin/bash +set -eo pipefail CLUSTER_NAME=dev CLUSTER_MANAGER_CONT_NAME="" @@ -27,9 +27,9 @@ check_conjur_version() { conjur_minor=$(echo $conjur_version | awk -F "." '{ print $2 }') conjur_point=$(echo $conjur_version | awk -F "." '{ print $3 }') - if [[ ($conjur_major -ne 4) || (($conjur_minor -lt 10) && ($conjur_point -lt 10)) ]]; then + if [[ ($conjur_major -ne 4) || (($conjur_minor -lt 10) && ($conjur_point -ne 10)) ]]; then printf "\nConjur version %i.%i.%i is running.\n" $conjur_major $conjur_minor $conjur_point - printf "Failover is only supported in Conjur version 4.9.10 or greater.\n\n" + printf "This script only supports failover in Conjur version 4.9.10.\n\n" exit -1 fi } @@ -109,7 +109,6 @@ construct_cluster_policy() { id: conjur/cluster/$CLUSTER_NAME body: - !layer - - &hosts POLICY_HEADER # for each stateful node, add hosts entries to policy file diff --git a/cluster/cluster.log b/cluster/cluster.log new file mode 100644 index 0000000..357018a --- /dev/null +++ b/cluster/cluster.log @@ -0,0 +1,2 @@ +Dec 22 17:40:30 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:40:31 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... diff --git a/cluster/cluster.stdout b/cluster/cluster.stdout new file mode 100644 index 0000000..5eb6a0d --- /dev/null +++ b/cluster/cluster.stdout @@ -0,0 +1,374 @@ +Load balancer config: +---------------- +# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. +global + maxconn 256 + external-check + +defaults + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + +frontend f_conjur_master_http + mode tcp + bind *:443 + default_backend b_conjur_master_http + +frontend f_conjur_master_pg + mode tcp + bind *:5432 + default_backend b_conjur_master_pg + +frontend f_conjur_master_ldap + mode tcp + bind *:636 + default_backend b_conjur_master_ldap + +# HTTP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +backend b_conjur_master_http + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.8:443 check + server cdemo_conjur_node_2 172.18.0.7:443 check + server cdemo_conjur_node_1 172.18.0.2:443 check + +# PG backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +backend b_conjur_master_pg + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.8:5432 check + server cdemo_conjur_node_2 172.18.0.7:5432 check + server cdemo_conjur_node_1 172.18.0.2:5432 check + +# LDAP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +backend b_conjur_master_ldap + mode tcp + balance static-rr + option external-check + default-server inter 30s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.8:636 check + server cdemo_conjur_node_2 172.18.0.7:636 check + server cdemo_conjur_node_1 172.18.0.2:636 check + + +Running containers: +---------------- +cdemo_conjur_node_3 Up About a minute +cdemo_conjur_node_2 Up About a minute +cdemo_scope_1 Up 3 minutes +conjur_follower Up 4 minutes +cdemo_cli_1 Up 4 minutes +conjur_master Up 1 second +cdemo_conjur_node_1 Up 6 minutes +artifacturlweb_app_1 Up 2 hours + + +Stateful node info: +---------------- +cdemo_conjur_node_3, standby, 172.18.0.8 +cdemo_conjur_node_2, standby, 172.18.0.7 +cdemo_conjur_node_1, master, 172.18.0.2 + + +~/Conjur/cdemo/cluster >> ./1-trigger-failover.sh + +----- +Checking if Conjur version supports failover... + +----- +Configuring etcd cluster manager and cluster policy... +Logged in +Create policy role 'conjur/cluster/dev' +Create policy resource 'conjur/cluster/dev' +Create layer 'conjur/cluster/dev' +Create host 'conjur/cluster/dev/cdemo_conjur_node_3' +Create host 'conjur/cluster/dev/cdemo_conjur_node_2' +Create host 'conjur/cluster/dev/cdemo_conjur_node_1' +Grant layer 'conjur/cluster/dev' to host 'conjur/cluster/dev/cdemo_conjur_node_3' +Grant layer 'conjur/cluster/dev' to host 'conjur/cluster/dev/cdemo_conjur_node_2' +Grant layer 'conjur/cluster/dev' to host 'conjur/cluster/dev/cdemo_conjur_node_1' +{"dev:host:conjur/cluster/dev/cdemo_conjur_node_3":"e053ty343epk4xgqah6ysdmbn299z94t3qy9rk32ssxenecs3g9b","dev:host:conjur/cluster/dev/cdemo_conjur_node_2":"3yaks29194d5m22jqw97x2em645q2g8n0zw7qdp76228cd4r3aayy16","dev:host:conjur/cluster/dev/cdemo_conjur_node_1":"23027zrh353dv3sp2hf52xyb2bd3zy55ta2mzrkaw1s5emj44yj55m"} + +----- +Enrolling Conjur nodes with cluster manager... +error: Unknown option -a + +NAME + enroll - Enroll this node in the named Conjur cluster + +SYNOPSIS + evoke [global options] cluster enroll [command options] cluster-name + +COMMAND OPTIONS + -n, --cluster-machine-name=name - Name for this machine in the cluster + (default: 1b3de23dad45) +~/Conjur/cdemo/cluster >> vi 1-trigger-failover.sh +~/Conjur/cdemo/cluster >> ./1-trigger-failover.sh + +----- +Checking if Conjur version supports failover... + +----- +Configuring cluster management... +Logged in +{} + +----- +Enrolling Conjur nodes with cluster manager... +error: Received extra command arguments +~/Conjur/cdemo/cluster >> vi 1-trigger-failover.sh +~/Conjur/cdemo/cluster >> ./1-trigger-failover.sh + +----- +Checking if Conjur version supports failover... + +----- +Configuring cluster management... +Logged in +{} + +----- +Enrolling Conjur nodes with cluster manager... +[2017-12-22T17:10:21+00:00] INFO: *** Chef 10.34.6 *** +[2017-12-22T17:10:21+00:00] WARN: Run List override has been provided. +[2017-12-22T17:10:21+00:00] WARN: Original Run List: [] +[2017-12-22T17:10:21+00:00] WARN: Overridden Run List: [recipe[conjur::cluster]] +[2017-12-22T17:10:21+00:00] INFO: Run List is [recipe[conjur::cluster]] +[2017-12-22T17:10:21+00:00] INFO: Run List expands to [conjur::cluster] +[2017-12-22T17:10:21+00:00] INFO: Starting Chef Run for 1b3de23dad45 +[2017-12-22T17:10:21+00:00] INFO: Running start handlers +[2017-12-22T17:10:21+00:00] INFO: Start handlers complete. +[2017-12-22T17:10:21+00:00] WARN: Cloning resource attributes for service[etcd-proxy] from prior resource (CHEF-3694) +[2017-12-22T17:10:21+00:00] WARN: Previous service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:21+00:00] WARN: Current service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:21+00:00] WARN: Cloning resource attributes for service[etcd] from prior resource (CHEF-3694) +[2017-12-22T17:10:21+00:00] WARN: Previous service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:21+00:00] WARN: Current service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:21+00:00] WARN: Cloning resource attributes for service[cluster] from prior resource (CHEF-3694) +[2017-12-22T17:10:21+00:00] WARN: Previous service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:21+00:00] WARN: Current service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:21+00:00] INFO: Processing template[/opt/conjur/etc/conjur.conf] action create (conjur::_conjur_conf line 1) +[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] backed up to /var/chef/backup/opt/conjur/etc/conjur.conf.chef-20171222171021 +[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] updated content +[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] owner changed to 999 +[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] group changed to 999 +[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] mode changed to 644 +[2017-12-22T17:10:21+00:00] INFO: Processing service[etcd-proxy] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:23+00:00] INFO: service[etcd-proxy] enabled +[2017-12-22T17:10:23+00:00] INFO: Processing service[etcd-proxy] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:23+00:00] INFO: Processing service[etcd] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:28+00:00] INFO: service[etcd] enabled +[2017-12-22T17:10:28+00:00] INFO: Processing service[etcd] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:28+00:00] INFO: Processing service[cluster] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:33+00:00] INFO: service[cluster] enabled +[2017-12-22T17:10:33+00:00] INFO: Processing service[cluster] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:33+00:00] INFO: Chef Run complete in 12.303429835 seconds +[2017-12-22T17:10:33+00:00] INFO: Running report handlers +[2017-12-22T17:10:33+00:00] INFO: Report handlers complete +Enrolled in cluster "dev", members: + cdemo_conjur_node_3 + cdemo_conjur_node_2 + cdemo_conjur_node_1 +[2017-12-22T17:10:35+00:00] INFO: *** Chef 10.34.6 *** +[2017-12-22T17:10:35+00:00] WARN: Run List override has been provided. +[2017-12-22T17:10:35+00:00] WARN: Original Run List: [] +[2017-12-22T17:10:35+00:00] WARN: Overridden Run List: [recipe[conjur::cluster]] +[2017-12-22T17:10:35+00:00] INFO: Run List is [recipe[conjur::cluster]] +[2017-12-22T17:10:35+00:00] INFO: Run List expands to [conjur::cluster] +[2017-12-22T17:10:35+00:00] INFO: Starting Chef Run for a263e40bff34 +[2017-12-22T17:10:35+00:00] INFO: Running start handlers +[2017-12-22T17:10:35+00:00] INFO: Start handlers complete. +[2017-12-22T17:10:35+00:00] WARN: Cloning resource attributes for service[etcd-proxy] from prior resource (CHEF-3694) +[2017-12-22T17:10:35+00:00] WARN: Previous service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:35+00:00] WARN: Current service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:35+00:00] WARN: Cloning resource attributes for service[etcd] from prior resource (CHEF-3694) +[2017-12-22T17:10:35+00:00] WARN: Previous service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:35+00:00] WARN: Current service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:35+00:00] WARN: Cloning resource attributes for service[cluster] from prior resource (CHEF-3694) +[2017-12-22T17:10:35+00:00] WARN: Previous service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:35+00:00] WARN: Current service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:35+00:00] INFO: Processing template[/opt/conjur/etc/conjur.conf] action create (conjur::_conjur_conf line 1) +[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] backed up to /var/chef/backup/opt/conjur/etc/conjur.conf.chef-20171222171035 +[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] updated content +[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] owner changed to 999 +[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] group changed to 999 +[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] mode changed to 644 +[2017-12-22T17:10:35+00:00] INFO: Processing service[etcd-proxy] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:38+00:00] INFO: service[etcd-proxy] enabled +[2017-12-22T17:10:38+00:00] INFO: Processing service[etcd-proxy] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:38+00:00] INFO: Processing service[etcd] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:43+00:00] INFO: service[etcd] enabled +[2017-12-22T17:10:43+00:00] INFO: Processing service[etcd] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:43+00:00] INFO: Processing service[cluster] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:48+00:00] INFO: service[cluster] enabled +[2017-12-22T17:10:48+00:00] INFO: Processing service[cluster] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:48+00:00] INFO: Chef Run complete in 12.801079398 seconds +[2017-12-22T17:10:48+00:00] INFO: Running report handlers +[2017-12-22T17:10:48+00:00] INFO: Report handlers complete +Enrolled in cluster "dev", members: + cdemo_conjur_node_3 + cdemo_conjur_node_2 + cdemo_conjur_node_1 +[2017-12-22T17:10:50+00:00] INFO: *** Chef 10.34.6 *** +[2017-12-22T17:10:51+00:00] WARN: Run List override has been provided. +[2017-12-22T17:10:51+00:00] WARN: Original Run List: [] +[2017-12-22T17:10:51+00:00] WARN: Overridden Run List: [recipe[conjur::cluster]] +[2017-12-22T17:10:51+00:00] INFO: Run List is [recipe[conjur::cluster]] +[2017-12-22T17:10:51+00:00] INFO: Run List expands to [conjur::cluster] +[2017-12-22T17:10:51+00:00] INFO: Starting Chef Run for 0dabb6a4379a +[2017-12-22T17:10:51+00:00] INFO: Running start handlers +[2017-12-22T17:10:51+00:00] INFO: Start handlers complete. +[2017-12-22T17:10:51+00:00] WARN: Cloning resource attributes for service[etcd-proxy] from prior resource (CHEF-3694) +[2017-12-22T17:10:51+00:00] WARN: Previous service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:51+00:00] WARN: Current service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:51+00:00] WARN: Cloning resource attributes for service[etcd] from prior resource (CHEF-3694) +[2017-12-22T17:10:51+00:00] WARN: Previous service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:51+00:00] WARN: Current service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:51+00:00] WARN: Cloning resource attributes for service[cluster] from prior resource (CHEF-3694) +[2017-12-22T17:10:51+00:00] WARN: Previous service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' +[2017-12-22T17:10:51+00:00] WARN: Current service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' +[2017-12-22T17:10:51+00:00] INFO: Processing template[/opt/conjur/etc/conjur.conf] action create (conjur::_conjur_conf line 1) +[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] backed up to /var/chef/backup/opt/conjur/etc/conjur.conf.chef-20171222171051 +[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] updated content +[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] owner changed to 999 +[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] group changed to 999 +[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] mode changed to 644 +[2017-12-22T17:10:51+00:00] INFO: Processing service[etcd-proxy] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:53+00:00] INFO: service[etcd-proxy] enabled +[2017-12-22T17:10:53+00:00] INFO: Processing service[etcd-proxy] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:53+00:00] INFO: Processing service[etcd] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:10:58+00:00] INFO: service[etcd] enabled +[2017-12-22T17:10:58+00:00] INFO: Processing service[etcd] action start (conjur::_cluster_service line 7) +[2017-12-22T17:10:58+00:00] INFO: Processing service[cluster] action enable (conjur::_cluster_service line 3) +[2017-12-22T17:11:03+00:00] INFO: service[cluster] enabled +[2017-12-22T17:11:03+00:00] INFO: Processing service[cluster] action start (conjur::_cluster_service line 7) +[2017-12-22T17:11:03+00:00] INFO: Chef Run complete in 12.814428459 seconds +[2017-12-22T17:11:03+00:00] INFO: Running report handlers +[2017-12-22T17:11:03+00:00] INFO: Report handlers complete +Enrolled in cluster "dev", members: + cdemo_conjur_node_3 + cdemo_conjur_node_2 + cdemo_conjur_node_1 + +----- +Killing current master... +Stopping: cdemo_conjur_node_1 +Removing: cdemo_conjur_node_1 + +----- +Waiting for standby to be promoted to master... +~/Conjur/cdemo/cluster >> cd .. +~/Conjur/cdemo >> ./inspect-cluster.sh + + +Load balancer config: +---------------- +# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. +global + maxconn 256 + external-check + +defaults + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + +frontend f_conjur_master_http + mode tcp + bind *:443 + default_backend b_conjur_master_http + +frontend f_conjur_master_pg + mode tcp + bind *:5432 + default_backend b_conjur_master_pg + +frontend f_conjur_master_ldap + mode tcp + bind *:636 + default_backend b_conjur_master_ldap + +# HTTP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +backend b_conjur_master_http + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.8:443 check + server cdemo_conjur_node_2 172.18.0.7:443 check + server cdemo_conjur_node_1 172.18.0.2:443 check + +# PG backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +backend b_conjur_master_pg + mode tcp + balance static-rr + option external-check + default-server inter 5s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.8:5432 check + server cdemo_conjur_node_2 172.18.0.7:5432 check + server cdemo_conjur_node_1 172.18.0.2:5432 check + +# LDAP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc +backend b_conjur_master_ldap + mode tcp + balance static-rr + option external-check + default-server inter 30s fall 3 rise 2 + external-check path "/usr/bin:/usr/local/bin" + external-check command "/root/conjur-health-check.sh" + server cdemo_conjur_node_3 172.18.0.8:636 check + server cdemo_conjur_node_2 172.18.0.7:636 check + server cdemo_conjur_node_1 172.18.0.2:636 check + + +Running containers: +---------------- +cdemo_conjur_node_3 Up 15 minutes +cdemo_conjur_node_2 Up 15 minutes +cdemo_scope_1 Up 15 minutes +conjur_follower Up 17 minutes +cdemo_cli_1 Up 18 minutes +conjur_master Up 13 minutes +artifacturlweb_app_1 Up 3 hours + + +Stateful node info: +---------------- +cdemo_conjur_node_3, standby, 172.18.0.8 +cdemo_conjur_node_2, standby, 172.18.0.7 + + +~/Conjur/cdemo >> cat cdemo_conjur_node_2:/var/log/cluster.log +cat: cdemo_conjur_node_2:/var/log/cluster.log: No such file or directory +~/Conjur/cdemo >> docker exec cdemo_conjur_node_2 cat /var/log/cluster.log +Dec 22 17:40:30 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:40:31 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:42:31 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:42:32 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:44:33 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:44:33 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:46:34 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:46:34 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... +Dec 22 17:48:35 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... + diff --git a/cluster/cluster.yml b/cluster/cluster.yml index 620d8ed..cc61e53 100644 --- a/cluster/cluster.yml +++ b/cluster/cluster.yml @@ -5,8 +5,8 @@ - !layer - &hosts - - !host cdemo_conjur_node_2 - !host cdemo_conjur_node_3 + - !host cdemo_conjur_node_2 - !host cdemo_conjur_node_1 - !grant role: !layer diff --git a/cluster/conjur.conf b/cluster/conjur.conf new file mode 100644 index 0000000..869e8bb --- /dev/null +++ b/cluster/conjur.conf @@ -0,0 +1,9 @@ +CONJUR_ACCOUNT=dev +ENABLED=true +LOG_LEVEL=warn +TRUSTED_PROXIES=127.0.0.1/32 +CONJUR_MASTER_HOST=172.18.0.2:443 +CLUSTER_NAME=dev +CLUSTER_MACHINE_NAME=cdemo_conjur_node_2 +CLUSTER_MACHINE_ADDRESS=cdemo_conjur_node_2 +ETCD_INITIAL_CLUSTER=cdemo_conjur_node_3=http://cdemo_conjur_node_3:2380,cdemo_conjur_node_2=http://cdemo_conjur_node_2:2380,cdemo_conjur_node_1=http://cdemo_conjur_node_1:2380 diff --git a/docker-compose.yml b/docker-compose.yml index 38d90bc..86e70ca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,8 @@ services: haproxy: image: haproxy:conjur - hostname: conjur + hostname: conjur_proxy + container_name: conjur_master build: ./build/haproxy labels: role: "conjur_proxy" @@ -119,6 +120,7 @@ services: # Open LDAP server for ldap sync demonstration. # This service is brought up by the ./ldap/0-setup-ldap.sh script. ldap: + container_name: ldap_server image: osixia/openldap:1.1.7 build: ./build/ldap restart: always @@ -130,6 +132,7 @@ services: # See volumes: specification for the Conjur service above. # This service is brought up by the ./splunk/0-setup-splunk.sh script. splunk: + container_name: splunk hostname: splunkenterprise image: splunk/splunk:7.0.0 build: ./build/splunk @@ -147,6 +150,17 @@ services: - "8088:8088" - "1514:1514" + ansible: + container_name: ansible + image: "ansible:centos7" + build: build/ansible + environment: + ANSIBLE_HOST_KEY_CHECKING: "false" + volumes: + - ./:/src:rw + - ./ssh_ansible/ansible_hosts:/etc/ansible/hosts:rw + entrypoint: "sleep infinity" + volumes: data: opt-splunk-etc: diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 57b0ebd..148cb5b 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -4,9 +4,9 @@ global external-check defaults - timeout connect 5000ms - timeout client 50000ms - timeout server 50000ms + timeout connect 5s + timeout client 5s + timeout server 5s frontend f_conjur_master_http mode tcp @@ -28,30 +28,26 @@ frontend f_conjur_master_ldap backend b_conjur_master_http mode tcp balance static-rr - option external-check default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_1 172.18.0.2:443 check + option httpchk GET /health + http-check expect status 200 + server cdemo_conjur_node_1 cdemo_conjur_node_1:443 check port 443 check-ssl verify none # PG backend info # Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp balance static-rr - option external-check - default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_1 172.18.0.2:5432 check + default-server inter 5s fall 3 rise 2 + option httpchk GET /health + http-check expect status 200 + server cdemo_conjur_node_1 cdemo_conjur_node_1:5432 check port 443 check-ssl verify none # LDAP backend info # Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp balance static-rr - option external-check - default-server inter 30s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_1 172.18.0.2:636 check + option ldap-check + default-server inter 5s fall 3 rise 2 + server cdemo_conjur_node_1 cdemo_conjur_node_1:636 check check-ssl verify none diff --git a/etc/haproxy.cfg.template b/etc/haproxy.cfg.template index 00eaf20..ab8859f 100644 --- a/etc/haproxy.cfg.template +++ b/etc/haproxy.cfg.template @@ -3,9 +3,9 @@ global external-check defaults - timeout connect 5000ms - timeout client 50000ms - timeout server 50000ms + timeout connect 5s + timeout client 5s + timeout server 5s frontend f_conjur_master_http mode tcp diff --git a/etc/update_haproxy.sh b/etc/update_haproxy.sh index 73b2234..9884bd0 100755 --- a/etc/update_haproxy.sh +++ b/etc/update_haproxy.sh @@ -28,16 +28,15 @@ update_http_servers() { backend b_conjur_master_http mode tcp balance static-rr - option external-check default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" + option httpchk GET /health + http-check expect status 200 CONFIG cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) for cont_name in $cont_list; do cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - echo -e '\t' server $cont_name $cont_ip:443 check >> $destination_file + echo -e '\t' server $cont_name $cont_name:443 check port 443 check-ssl verify none >> $destination_file done } @@ -50,16 +49,15 @@ update_pg_servers() { backend b_conjur_master_pg mode tcp balance static-rr - option external-check - default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" + default-server inter 5s fall 3 rise 2 + option httpchk GET /health + http-check expect status 200 CONFIG cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) for cont_name in $cont_list; do cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - echo -e '\t' server $cont_name $cont_ip:5432 check >> $destination_file + echo -e '\t' server $cont_name $cont_name:5432 check port 443 check-ssl verify none >> $destination_file done } @@ -72,17 +70,15 @@ update_ldap_servers() { backend b_conjur_master_ldap mode tcp balance static-rr - option external-check - default-server inter 30s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" + default-server inter 5s fall 3 rise 2 + option ldap-check CONFIG cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) for cont_name in $cont_list; do cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - echo -e '\t' server $cont_name $cont_ip:636 check >> $destination_file + echo -e '\t' server $cont_name $cont_name:636 check check-ssl verify none >> $destination_file done } -main "$@" +main $@ diff --git a/host_factory/0_setup_summon.sh b/host_factory/0_setup_summon.sh new file mode 100755 index 0000000..1f6d7b7 --- /dev/null +++ b/host_factory/0_setup_summon.sh @@ -0,0 +1,7 @@ +#!/bin/bash +if [[ "$(which summon)" == "" ]]; then + printf "\nInstalling Summon...\n" + curl -sSL https://github.com/raw/cyberark/summon/master/install.sh | bash +else + printf "\nSummon already installed.\n" +fi diff --git a/host_factory/1_set_hf_token.sh b/host_factory/1_set_hf_token.sh index 3ad37c8..9b9817e 100755 --- a/host_factory/1_set_hf_token.sh +++ b/host_factory/1_set_hf_token.sh @@ -4,10 +4,14 @@ # # Usage: admin_process +# get pointers to Conjur REST API endpoint and SSL certificate +export CONJUR_APPLIANCE_URL=https://conjur_master/api +export CONJUR_CERT_FILE=../etc/conjur-dev.pem + ##### # HARD CODED VALUES from ../webapp1-policy.yml in parent directory declare HOST_FACTORY_NAME=webapp1/tomcat_factory -declare HOST_NAME=tomcat1 +declare HOST_NAME=tomcat_host_from_hf_token declare VAR_ID=webapp1/database_password ###### @@ -19,13 +23,6 @@ if [[ "$(uname -s)" == "Linux" ]]; then DATE_SPEC=$LINUX_DATE fi -# get pointers to Conjur REST API endpoint and SSL certificate -source EDIT.ME -if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then - printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" - exit 1 -fi - #declare DEBUG_BREAKPT="" declare DEBUG_BREAKPT="read -n 1 -s -p 'Press any key to continue'" diff --git a/host_factory/2_get_secret_restapi.sh b/host_factory/2_get_secret_restapi.sh index 7c43934..5734ca2 100755 --- a/host_factory/2_get_secret_restapi.sh +++ b/host_factory/2_get_secret_restapi.sh @@ -1,11 +1,8 @@ #!/bin/bash -# get pointers to Conjur api and SSL certificate -source EDIT.ME -if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then - printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" - exit 1 -fi +# get pointers to Conjur REST API endpoint and SSL certificate +export CONJUR_APPLIANCE_URL=https://conjur_master/api +export CONJUR_CERT_FILE=../etc/conjur-dev.pem # global variables declare ADMIN_SESSION_TOKEN diff --git a/host_factory/2_get_secret_summon.sh b/host_factory/2_get_secret_summon.sh index ee51a77..f9cfd8d 100755 --- a/host_factory/2_get_secret_summon.sh +++ b/host_factory/2_get_secret_summon.sh @@ -1,41 +1,82 @@ -#!/bin/bash +#!/bin/bash +set -eo pipefail -# this script reads a host factory token, a host name and a variable name from a file -# It uses the host factory token to create an API key for the host, then uses that identity -# to fetch the value of the variable with summon-conjur -# -# It then replaces a token in a Tomcat.xml.erb file with the fetched secret value and writes -# the processed text to a file called temp.out. This demonstrates a DIY form of template processing. -# # The point of this demo is that secrets can be securely fetched with a very lightweight client -# configuration (the summon-conjur executable, a certificate, the Conjur URL, a hostname and an API key). +# configuration (the summon executable, a certificate, the Conjur URL, a hostname and an API key). # And then those secrets can be injected into a configuration file. +# This script flow is: +# - read host factory token, host name & variable name from a file (input parameter). +# - redeem host factory token for API key for the host +# - use that identity to fetch secret with summon +# - replace token in a Tomcat.xml.erb file with the fetched secret value +# - write the processed text to a file called temp.out. + # get pointers to Conjur api and SSL certificate -source ./EDIT.ME -if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then - printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" - exit 1 -fi +export CONJUR_APPLIANCE_URL=https://conjur_master/api +export CONJUR_CERT_FILE=../etc/conjur-dev.pem -# global variables -declare ADMIN_SESSION_TOKEN +# other env vars needed by summon/summon-conjur +export CONJUR_MAJOR_VERSION=4 +export CONJUR_ACCOUNT=dev +export CONJUR_AUTHN_LOGIN="" +export CONJUR_AUTHN_API_KEY="" # global variables -declare CONJUR_AUTHN_API_KEY -declare CONJUR_AUTHN_TOKEN declare SECRET_VALUE declare URLIFIED +################ MAIN ################ +# $1 - name of input file containing three lines for HF token, host name and name of variable to read + +main() { + if [[ $# -ne 1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 + fi + local input_file=$1 + + local hf_token host_name var_id + + local i=1 + while read line + do + case $i in + 1) hf_token=$line + ;; + 2) host_name=$line + ;; + 3) var_id=$line + esac + (( i++ )) + done < "$input_file" + + printf "\n\nIn %s, using:\n\tHF token: %s\n\tto get API key for app: %s\n\tto fetch value of variable: %s\n" $0 $hf_token $host_name $var_id + read -n 1 -s -p "Press any key to continue" + + # enrolls host in layer & sets CONJUR_AUTHN_API_KEY + redeem_hf_token $hf_token $host_name + printf "\n\nAPI key for %s is: %s \n\n" $host_name $CONJUR_AUTHN_API_KEY + read -n 1 -s -p "Press any key to continue" + + urlify $host_name + CONJUR_AUTHN_LOGIN=host%2F$URLIFIED + + # call summon using host identity + summon -p ./conjur_summon_provider.sh --yaml "DB_PWD: !var $var_id" ./process_template.sh +#summon -p ./conjur_summon_provider.sh -f ./secrets.yaml ./process_template.sh +} + ################ -# REGISTER HOST to the associated layer using the host factory token +# REDEEM_HF_TOKEN - enroll host to the associated layer using the host factory token # Note that if the host already exists, this command will create a new API key for it # $1 - application name -hf_register_host() { +redeem_hf_token() { local hf_token=$1; shift local host_name=$1; shift + # note that host_name is NOT in URL format local response_json=$(curl \ -s \ --cacert $CONJUR_CERT_FILE \ @@ -44,6 +85,11 @@ hf_register_host() { -H "Authorization: Token token=\"$hf_token\"" \ $CONJUR_APPLIANCE_URL/host_factories/hosts?id=$host_name) CONJUR_AUTHN_API_KEY=$(echo $response_json | jq -r '.api_key') + + if [[ "$CONJUR_AUTHN_API_KEY" == "" ]]; then + printf "\n\nHost factory token has expired. Please regenerate...\n\n" + exit 1 + fi } ################ @@ -54,18 +100,19 @@ host_authn() { local host_name=$1; shift local host_api_key=$1; shift - urlify $host_name - local host_name_urlfmt=host%2F$URLIFIED # authn requires host/ prefix + # authn requires host/hostname in URL format + # replace any /-: in hostname and prepend w/ host%2F # Authenticate host w/ its name & API key to get session token response=$(curl -s \ --cacert $CONJUR_CERT_FILE \ --request POST \ --data-binary $host_api_key \ - $CONJUR_APPLIANCE_URL/authn/users/{$host_name_urlfmt}/authenticate) + $CONJUR_APPLIANCE_URL/authn/users/{$CONJUR_AUTHN_LOGIN}/authenticate) CONJUR_AUTHN_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') } +################ # URLIFY - converts '/' and ':' in input string to hex equivalents # in: $1 - string to convert # out: URLIFIED - converted string in global variable @@ -77,101 +124,18 @@ urlify() { URLIFIED=$str } -# LIST RESOURCES accessible to application -# in: host_name -list_resources() { - local host_name=$1; shift - local host_name_urlfmt - - curl -s \ - --cacert $CONJUR_CERT_FILE \ - -H "Content-Type: application/json" \ - -H "Authorization: Token token=\"$CONJUR_AUTHN_TOKEN\"" \ - $CONJUR_APPLIANCE_URL/authz/{$host_name}/resources/variable -} - ############### -# DEBUG OUT - prints values of environment variables used by summon-conjur +# DEBUG OUT - prints values of environment variables used by Conjur API # debug_out() { - printf "\n\nCONJUR_APPLIANCE_URL: %s\n" $CONJUR_APPLIANCE_URL - printf "CONJUR_CERT_FILE: %s\n" $CONJUR_CERT_FILE - printf "CONJUR_AUTHN_LOGIN: %s\n" $CONJUR_AUTHN_LOGIN - printf "CONJUR_AUTHN_API_KEY: %s\n" $CONJUR_AUTHN_API_KEY - printf "CONJUR_AUTHN_TOKEN: %s\n" $CONJUR_AUTHN_TOKEN + printf "\n\nEnv vars used by summon-conjur:\n" + printf "\tCONJUR_MAJOR_VERSION: %s\n" $CONJUR_MAJOR_VERSION + printf "\tCONJUR_ACCOUNT: %s\n" $CONJUR_ACCOUNT + printf "\tCONJUR_APPLIANCE_URL: %s\n" $CONJUR_APPLIANCE_URL + printf "\tCONJUR_CERT_FILE: %s\n" $CONJUR_CERT_FILE + printf "\tCONJUR_AUTHN_LOGIN: %s\n" $CONJUR_AUTHN_LOGIN + printf "\tCONJUR_AUTHN_API_KEY: %s\n" $CONJUR_AUTHN_API_KEY + printf "\tCONJUR_AUTHN_TOKEN: %s\n" $CONJUR_AUTHN_TOKEN } -################ MAIN ################ -# $1 - name of input file containing three lines for HF token, host name and name of variable to read - -main() { - if [[ $# -ne 1 ]] ; then - printf "\n\tUsage: %s \n\n" $0 - exit 1 - fi - local input_file=$1 - - local hf_token host_name var_id - - local i=1 - while read line - do - case $i in - 1) - hf_token=$line - ;; - 2) - host_name=$line - ;; - 3) - var_id=$line - esac - (( i++ )) - done < "$input_file" - - printf "\n\nIn worker process, using:\n\tHF token: %s\n\tto get API key for app: %s\n\tto fetch value of variable: %s\n" $hf_token $host_name $var_id - read -n 1 -s -p "Press any key to continue" - - export CONJUR_AUTHN_LOGIN=$host_name - - hf_register_host $hf_token $host_name # NOTE NOT URL FORMAT - sets CONJUR_AUTHN_API_KEY value - - if [[ "$CONJUR_AUTHN_API_KEY" == "" ]]; then - printf "\n\nHost factory token has expired. Please regenerate...\n\n" - exit 1 - fi - - printf "\n\nAPI key for %s is: %s \n\n" $host_name $CONJUR_AUTHN_API_KEY - read -n 1 -s -p "Press any key to continue" - - host_authn $host_name $CONJUR_AUTHN_API_KEY # sets CONJUR_AUTHN_TOKEN value - -# list_resources $host_name - - unset CONJUR_AUTHN_TOKEN # work around a summon-conjur bug - debug_out - SECRET_VALUE=$(summon-conjur $var_id) # call summon-conjur using host identity - urlify "$SECRET_VALUE" - SECRET_VALUE=$URLIFIED - - echo - echo - echo "Value for" $var_id "is:" $SECRET_VALUE - echo - read -n 1 -s -p "Press any key to continue" - - TEMPLATE=tomcat.xml.erb - printf -v SED_STRING "s=@database_password=%s=g" $SECRET_VALUE - OUTPUT=$(cat $TEMPLATE) - OUTPUT1=$(sed $SED_STRING <<< "$OUTPUT") - echo "$OUTPUT1" > temp.out - - echo - echo - echo "Contents of processed template:" - cat $"temp.out" - echo -} - -main "$@" -exit +main $@ diff --git a/host_factory/3_cleanup.sh b/host_factory/3_cleanup.sh index 0517340..4a9301f 100755 --- a/host_factory/3_cleanup.sh +++ b/host_factory/3_cleanup.sh @@ -1,11 +1,8 @@ #!/bin/bash # get pointers to Conjur api and SSL certificate -source EDIT.ME -if [[ "$CONJUR_APPLIANCE_URL" = "" ]] ; then - printf "\n\nEdit file EDIT.ME to set your appliance URL and certificate path.\n\n" - exit 1 -fi +export CONJUR_APPLIANCE_URL=https://conjur_master/api +export CONJUR_CERT_FILE=../etc/conjur-dev.pem ### HARD CODED VALUES ### declare HOST_FACTORY_NAME=webapp1/tomcat_factory @@ -99,7 +96,7 @@ main() { for tkn in $TOKENS; do printf "Revoking token: %s\n" $tkn - # hf_token_revoke $tkn + hf_token_revoke $tkn done } diff --git a/host_factory/EDIT.ME b/host_factory/EDIT.ME deleted file mode 100644 index f55032b..0000000 --- a/host_factory/EDIT.ME +++ /dev/null @@ -1,13 +0,0 @@ -# These values are used by all REST API calls -# Note: if you've initialized the Conjur CLI, both of these values can be found in your ~/.conjurrc file - -# set this to point to your Conjur master URL -export CONJUR_APPLIANCE_URL=https://localhost/api -export CONJUR_CERT_FILE=~/conjur-dev.pem - -# if you have not installed the Conjur CLI, you can generate a certificate -# using evoke from within the conjur master container, then copy it into the current -# directory with these commands: -# docker exec evoke ca issue conjur-ACCT.pem -# docker cp :/opt/conjur/etc/ssl/conjur-ACCT.pem . -# where ACCT is the account name you used when initializing the conjur master (e.g. dev) diff --git a/host_factory/conjur_summon_provider.sh b/host_factory/conjur_summon_provider.sh new file mode 100755 index 0000000..516da2c --- /dev/null +++ b/host_factory/conjur_summon_provider.sh @@ -0,0 +1,85 @@ +#!/bin/bash +set -eo pipefail + +# authn creds exported as environment variables from caller +# CONJUR_APPLIANCE_URL +# CONJUR_CERT_FILE +# CONJUR_AUTHN_LOGIN +# CONJUR_AUTHN_API_KEY + +# global variables +declare ADMIN_SESSION_TOKEN +declare HOST_API_KEY +declare HOST_SESSION_TOKEN +declare SECRET_VALUE +declare URLIFIED + +declare DEBUG_BREAKPT="" +#declare DEBUG_BREAKPT="read -n 1 -s -p 'Press any key to continue'" + +################ MAIN ################ +# $1 - name of variable to retrieve + +main() { + if [[ $# -ne 1 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 + fi + var_id=$1 + + host_authn $CONJUR_AUTHN_LOGIN $CONJUR_AUTHN_API_KEY # sets HOST_SESSION_TOKEN value + + fetch_secret $var_id # sets SECRET_VALUE + + echo $SECRET_VALUE +} + + +################ +# HOST AUTHN using its name and API key to get session token +# $1 - host name +# $2 - API key +host_authn() { + local host_name=$1; shift + local host_api_key=$1; shift + + # Authenticate host w/ its name & API key to get session token + response=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --request POST \ + --data-binary $host_api_key \ + $CONJUR_APPLIANCE_URL/authn/users/{$host_name}/authenticate) + HOST_SESSION_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') +} + +################ +# URLIFY - converts '/' and ':' in input string to hex equivalents +# in: $1 - string to convert +# out: URLIFIED - converted string in global variable +urlify() { + local str=$1; shift + str=$(echo $str | sed 's= =%20=g') + str=$(echo $str | sed 's=/=%2F=g') + str=$(echo $str | sed 's=:=%3A=g') + URLIFIED=$str +} + +################ +# FETCH SECRET using session token +# $1 - name of secret to fetch +fetch_secret() { + local var_id=$1; shift + + urlify $var_id + local var_id_urlfmt=$URLIFIED + + # FETCH variable value + SECRET_VALUE=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --request GET \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$HOST_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/variables/{$var_id_urlfmt}/value) +} + +main $@ diff --git a/host_factory/process_template.sh b/host_factory/process_template.sh new file mode 100755 index 0000000..cc8ff30 --- /dev/null +++ b/host_factory/process_template.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +main() { + printf "\n\nValue for %s is: %s\n\n" "DB_PWD" $DB_PWD + read -n 1 -s -p "Press any key to continue" + + TEMPLATE=tomcat.xml.erb + printf -v SED_STRING "s=@database_password=%s=g" $DB_PWD + OUTPUT=$(cat $TEMPLATE) + OUTPUT1=$(sed $SED_STRING <<< "$OUTPUT") + echo "$OUTPUT1" > temp.out + + printf "\n\nContents of processed template:\n" + cat $"temp.out" + printf "\n\n" +} + +main $@ diff --git a/host_factory/secrets.yml b/host_factory/secrets.yml new file mode 100644 index 0000000..b63c867 --- /dev/null +++ b/host_factory/secrets.yml @@ -0,0 +1 @@ +DB_PWD: !var webapp1/database_password diff --git a/host_factory/setup_summon.sh b/host_factory/setup_summon.sh deleted file mode 100755 index 5f044b0..0000000 --- a/host_factory/setup_summon.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -# write IP address of conjur master to host file, install jq and summon-conjur -sudo chmod a+w /etc/hosts -sudo echo $(netstat -rn | awk '/^0.0.0.0/ {print $2}') "conjur" >> /etc/hosts -sudo apt-get install jq -curl -sSL https://github.com/raw/cyberark/summon/master/install.sh | bash diff --git a/host_factory/temp.out b/host_factory/temp.out new file mode 100644 index 0000000..3d2e304 --- /dev/null +++ b/host_factory/temp.out @@ -0,0 +1,5 @@ + + + + + diff --git a/ldap/1-create-policy.sh b/ldap/1-create-policy.sh index cfa9c1f..34c7a50 100755 --- a/ldap/1-create-policy.sh +++ b/ldap/1-create-policy.sh @@ -2,10 +2,15 @@ set -eo pipefail printf "\n\n-----\nCreate ldap policy file...\n\n" printf "Use the Conjur UI to:\n" -printf "\t- connect to the LDAP server (search password is 'admin'\n" -printf "\t- review users and groups filter settings\n" +printf "\t- connect to the LDAP server (upper right gear icon in UI)\n" +printf "\t- connect to the LDAP server (search password is 'admin')\n" +printf "\t- review & edit filter settings for users and groups\n" printf "\t- click 'Test Configuration' to preview users & groups to sync\n" printf "\t- click 'Save & Schedule' when ready to run sync script\n\n" read -n 1 -s -r -p "Press any key to continue..." -xdg-open https://conjur_master/ui/settings/ldap-sync/ +if [[ "$(uname -s)" == "Linux" ]]; then + xdg-open https://conjur_master/ui/settings/ldap-sync/ +else + open https://conjur_master/ui/settings/ldap-sync/ +fi diff --git a/policy/apps/webapp.yml b/policy/apps/webapp.yml index 28df274..f100045 100644 --- a/policy/apps/webapp.yml +++ b/policy/apps/webapp.yml @@ -1,12 +1,10 @@ --- - !policy id: webapp1 + owner: !group devops body: - &variables - - !variable - id: database_password - annotations: - description: Application database password + - !variable database_password - !layer @@ -16,6 +14,16 @@ role: !layer member: !host tomcat_host + - !permit + role: !layer + privileges: [ read, execute ] + resource: *variables + + - !host-factory + id: tomcat_factory + layers: [ !layer ] + +# groups & permissions below are hooks for per-env role bindings - !group secrets-users - !group secrets-managers @@ -24,19 +32,15 @@ role: !group secrets-users member: !group secrets-managers -# secrets-users can discover and fetch +# secrets-users can discover (read) and fetch (execute) - !permit resource: *variables privileges: [ read, execute ] role: !group secrets-users -# secrets-managers can update (and discover and fetch, via role grant) +# secrets-managers can also update - !permit resource: *variables privileges: [ update ] role: !group secrets-managers -# Application layer is a secrets-user - - !grant - role: !group secrets-users - member: !layer diff --git a/ssh/0-setup-ssh.sh b/ssh_ansible/0-setup-ssh.sh similarity index 76% rename from ssh/0-setup-ssh.sh rename to ssh_ansible/0-setup-ssh.sh index b46a494..9129aa1 100755 --- a/ssh/0-setup-ssh.sh +++ b/ssh_ansible/0-setup-ssh.sh @@ -7,6 +7,8 @@ RACK_SERVICE_NAME=vm RACK_POLICY_NAME=rack RACK_POLICY_FILE=$RACK_POLICY_NAME.yml ACCESS_POLICY_FILE=ssh-mgmt.yml +NUM_CONTS="" +RACK_CONT_NAMES="" ################ MAIN ################ # $1 = number of rack machine containers to create @@ -15,27 +17,48 @@ main() { printf "\n\tUsage: %s \n\n" $0 exit 1 fi + NUM_CONTS=$1; shift + setup_rack_vms + setup_ansible +} + +###################### +setup_rack_vms() { + refresh_vms + construct_host_policy + conjurize_vms + + printf "\n\nRack host identities now in Conjur:\n" + echo $RACK_CONT_NAMES +} +###################### +refresh_vms() { printf "\n-----\nBringing down old, then up all rack vm containers...\n" - local NUM_CONTS=$1; shift NUM_CONTS=$(( 2 > $NUM_CONTS ? 2 : $NUM_CONTS )) # you have to have at least two VMs docker-compose rm -svf $RACK_SERVICE_NAME docker-compose up -d --scale $RACK_SERVICE_NAME=$NUM_CONTS $RACK_SERVICE_NAME +} +###################### +construct_host_policy() { printf "\n-----\nConstructing & loading rack host policy...\n" echo "---" > $RACK_POLICY_FILE - rack_cont_names=$(docker ps --format "{{.Names}}" | grep $RACK_SERVICE_NAME) - for cname in $rack_cont_names; do + RACK_CONT_NAMES=$(docker ps --format "{{.Names}}" | grep $RACK_SERVICE_NAME) + for cname in $RACK_CONT_NAMES; do echo "- !host" $cname >> $RACK_POLICY_FILE done docker-compose exec -T cli conjur authn login -u admin -p Cyberark1 - docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh/$RACK_POLICY_FILE - docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh/$ACCESS_POLICY_FILE + docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh_ansible/$RACK_POLICY_FILE + docker-compose exec -T cli conjur policy load --as-group=security_admin /src/ssh_ansible/$ACCESS_POLICY_FILE +} +###################### +conjurize_vms() { printf "\n-----\nConfiguring hosts for SSH & identities ...\n" CLI_CONT_ID=$(docker-compose ps -q cli) - for cname in $rack_cont_names; do + for cname in $RACK_CONT_NAMES; do # note: conjur.conf and conjur-.pem are # copied from conjur container to shared volume # just after conjur service is brought up. @@ -56,10 +79,13 @@ main() { # finish configuration, start sshd & logshipper docker exec $cname sudo /root/configure-ssh.sh done +} - printf "\n\nRack host identities now in Conjur:\n" - echo $rack_cont_names +###################### +setup_ansible() { + docker-compose up -d ansible } + main "$@" diff --git a/ssh/1_create_key_for_user.sh b/ssh_ansible/1_create_key_for_user.sh similarity index 100% rename from ssh/1_create_key_for_user.sh rename to ssh_ansible/1_create_key_for_user.sh diff --git a/ssh/3_ssh_user_to_host.sh b/ssh_ansible/2_ssh_user_to_host.sh similarity index 70% rename from ssh/3_ssh_user_to_host.sh rename to ssh_ansible/2_ssh_user_to_host.sh index ae7c2f8..fcc5e35 100755 --- a/ssh/3_ssh_user_to_host.sh +++ b/ssh_ansible/2_ssh_user_to_host.sh @@ -1,5 +1,5 @@ -#!/bin/bash -e -set -o pipefail +#!/bin/bash +set -eo pipefail if [[ $# -ne 2 ]] ; then printf "\n\tUsage: %s \n\n" $0 exit 1 @@ -9,4 +9,5 @@ CNAME=$2 printf "\n\nUser %s attempting to ssh from CLI container to container %s:\n\n" $USER $CNAME set -x docker exec $CNAME service nscd restart -docker-compose exec cli ssh -i /src/ssh/id_$USER $USER@$CNAME +set +x +docker-compose exec cli ssh -i /src/ssh_ansible/id_$USER $USER@$CNAME diff --git a/ssh_ansible/3_ansible_user_host_module.sh b/ssh_ansible/3_ansible_user_host_module.sh new file mode 100755 index 0000000..0abbcad --- /dev/null +++ b/ssh_ansible/3_ansible_user_host_module.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -eo pipefail +if [[ $# -ne 3 ]] ; then + printf "\n\tUsage: %s \n\n" $0 + exit 1 +fi +USER=$1 +CNAME=$2 +MNAME=$3 +docker-compose exec ansible ansible -m $MNAME $CNAME --private-key=/src/ssh_ansible/id_$USER -u $USER diff --git a/ssh/4_roles_with_resource_permissions.sh b/ssh_ansible/4_roles_with_resource_permissions.sh similarity index 100% rename from ssh/4_roles_with_resource_permissions.sh rename to ssh_ansible/4_roles_with_resource_permissions.sh diff --git a/ssh/5_review_activity_on_resource.sh b/ssh_ansible/5_review_activity_on_resource.sh similarity index 100% rename from ssh/5_review_activity_on_resource.sh rename to ssh_ansible/5_review_activity_on_resource.sh diff --git a/ssh/README.md b/ssh_ansible/README.md similarity index 100% rename from ssh/README.md rename to ssh_ansible/README.md diff --git a/ssh/2_test_fetch_userkey_from_host.sh b/ssh_ansible/_test_fetch_userkey_from_host.sh similarity index 100% rename from ssh/2_test_fetch_userkey_from_host.sh rename to ssh_ansible/_test_fetch_userkey_from_host.sh diff --git a/ssh_ansible/ansible_hosts b/ssh_ansible/ansible_hosts new file mode 100644 index 0000000..3a72ba3 --- /dev/null +++ b/ssh_ansible/ansible_hosts @@ -0,0 +1,5 @@ +[dev] +cdemo_vm_2 + +[prod] +cdemo_vm_1 diff --git a/ssh_ansible/id_bob b/ssh_ansible/id_bob new file mode 100644 index 0000000..2450192 --- /dev/null +++ b/ssh_ansible/id_bob @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA6HOjJ60Us36jRbtaMrsO91XMQAKDI93+vvimcyMEmnNTaiG2 +KZTQEhg83afM2vdjpWakJmi8bntICspaZ9DktY6/QcZgauDZng/YYvpoI4f9Ifmy +5QIRaWxSm36B5m5LBRDYu0HDjK58EVOh+HxNQsPM/eIt/g8QPQNYUvzBmI7kpjFM +Ra362gQfwicWegJAgMsRw+ZDlpBcWgl5pCYpWaTrCZI7fAmpIa7enLS3gFYZTnlV +TVbQQADFj8gtEc9qHZvfbQs42LiYEAB/ExSGCoxktSezixOMktg0S/5XFWmi42SG +mgvxPWv3nF4cNMczsbVhJhs+kK4IiBrYVS91DQIDAQABAoIBAEeKX2p0oGxly0ZI +1QfL/l0s8MG6hDXjuuV3jXLeEiqe18tQOMovXKJVB1aIsEmr3eUn49lWXrf6BUAc +6xoMdndSSZaqwT3jmdZFtikwPCDDV6q/OMm2izlQ91OX6c7LnxceCjYHlXGUueZz +QORDDVxA+rQgilsos6yzfNl9pO+YZIuzGRnQ+cQMGk1vLUTygMfFWcdQR6zz5kvo +75jvZaQyjkU9e7oQd9hIcIVIujChWMKBlAgkcTtryi4qaYnipQSblsf4midBI6j9 ++sowkJFiq0AW3vL0JYkKS3tA3Jxvw7DTk9HoAaSEVaWvmATSlEdJcVUasH/RCi0x +RyxhIwECgYEA/fKIaVOG3DtvZH1VX89JNN40xUfMZ6Zrqc7y11vuqihVpZV9h5F/ +z0QOwTNrSPV0f5QCjIAv9nN4VGXUyvuz9EshYgg8yZoyhK9EF/jdm86yEYBFLn5J +OcaCxheoUNR0PLeKR57vDzfqVrIk5VBBACICEckvC8cS31tfbzwEaKECgYEA6lSg +K2gCxlHymRUG/HJSa6KCYLujEuEYjEQssvYPj2SVU2rYGS37XtgdC79S1KVjZdhJ +Q3ym/5KK28245tEV0EAUc/TYJ7aZoqUTKzgGF2saQoT+9leO8Yk+zneZktctfyRS +nB9JnZq3Fe+dVWY0ZkFeQ9TjZSS3SWJmuV4bmO0CgYEAiVhECNshBDms/GeA5imh +CVPorI4xchmi/xsrYeiZwzO/ZqfcVZcOzhWb+UgLDVGbqWhunHiz+BHpkZPlq8bI +RCbiLjgQUGTyT6rPJDv3902qJyb9w7CPgAzqK6Md6GGPYEtQIX5HAy8Vsb/1joSC +M0UxY1cw96i6f0zW571JESECgYB7/T0m2oklULUR5PtmVkNgKoPcFUyrL6mihmw0 +YVhIYktU8SLY5+iq/aUY0ypL1BstB210pR9j+bE5rrfYgeeN4mowFOzOzqKqWbgz +1Rf8CjLB4cdap2e+TAWMj+IVvX+YV6rSawezueqIU9onFsZBGPN85sdPfEbzMHr0 +OGRX3QKBgG6pvrYyChUkiP0WU+0JaMrl1hyTiJRp9asbYMKWdyJRlO3hjlP6nLU9 +J7sZjEE9y2ga25CqmFvbkMV5rl3fdExISAWZHf9U1DwBrBImMtP8hB9bhv07CUL8 +/ANYonUEFz3jQW5sRpuHESHcOld+ewA1j5eVTUjeeSMI1Lw7YBbD +-----END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_carol b/ssh_ansible/id_carol new file mode 100644 index 0000000..71e1c94 --- /dev/null +++ b/ssh_ansible/id_carol @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1QoqG2z9VG6sSkACIqTRoPI4x1LNfzuqaT2LG5nzDs6/Ivyc +diUJGhvy0RdCykWqab6sD/UKkoxt9gdQSK/PZ+tD3Eny8dHVdHetPlDgdbFei9k+ +axfJVYmSoC2TVklLANZrvJx1mTDCP0ZE+I4nIfzHt0sg9VxL30Fh016hO51/wQuF +vGc/uloH4DQ700FExrqwAf9y9R5BIHY3DYYCWWjnfLQXpNBAtr+qjLg8olCQb9FJ +FOONFIqgGMhFrE7tbEWKCLm4c4u6QR75h9eiSMb/qwiA9cPF4qFoI2nV7TbqI4Zz +twANYmTXL5+R3U01JMhc2j9YOgIOkYXdxWEjlQIDAQABAoIBAEuF4/F/DLue1GMq +F9eyOEJnPCulNgZx33KZh7QMOnc4YdgEV28mp/hiig0Hwvyz/7qnBpZNlybms6Cx +bQunj85WP+NbL838RkCYoIjj4P64Fz1akV8jupMhRyKTpZTEPNuaJ+1gRew9tc76 +mT7IHiVVWHOpJZD13EvUANsOw/e+srb/Et1VOyoAv2iEb3ec+Ai3qz6gjc+57E4x +yi1JA8MdJz+FgrS+s83/Ifr8chqFf2Y8ixhgXeXHzMibQACAJX4ntoK1UU9g+Um6 +W3ys1/7+7FOmWRVHT2BjAfx5G1BEzqFXLAeWMZyH5j1y/nsBx0uJKpKnieqKxpVV +kYkapC0CgYEA/oiMEVFBzbLQuAS1YlzRGcUezkkUGHzvy6rKngiV/isggTcHTAZ8 +bFkftzod1nWW132WHAlu5QwK1vVEsQWaRznq/Z+spJWoYTiMOEYxmeGh4qKWNpdk +FAnjLiVOeMyfxCVieiwmWQttYlXQqEnA6v5HKgSUvSvc5V06jQRBDP8CgYEA1kRp +WkFiSStLGzISb4FXi3q7Htclau2wYZo6y0lI/iFK5ZN4bnZvU5H2/9PkpJMYOHsY +rvUX60eE4ZXBsrDzlrZB8nkTBw4i5Z1gC0Im23siTNC0tCzlIBI2g8fABSvIwZZ0 +qVP/Dlgpe/+IuS6GUzzKaAY/Q+JyrUkYlhaeS2sCgYEA+bykIYGmnNqr60HDbkU/ +bJd6CFCvhO9goGZs8u3drUpHVEDXygI7JluzwKUnDXrGi5xPIicnRVixcgOoaD/l +BamQJVT7oWitkuZWvggxNpipq6J23A1iRj8FRguYmPG8eElt/A1BevC5XFhyqAvl +WywuSs2/2nQlAm6cuivIX6UCgYEAiG3c6wQQ0egIFZPnWypvFLeb58Iz6AbaNPtg +DkpmeLG4H7+rgiJVNlANhs1jm0qxtFzk1Znnlf7e5EhXojC7mS4JhZuD+w0MOUng +eqqvVTbtGx4UwViIt8gBAB2y7Vf4pxLmy15ZW8fU+kg1xTuTefKOKng31kCcpiuR +xRc3yWsCgYEAie/Twly/hGW0ovxlZgKiSk9TEVdybgyzjw7MVVBSFURO631uo9Jw +oskXTYQ4cIEhX9XP+Asf8w+Kjlugr+skSPLYFqg8I7Pgb89lbQVgJvK6O+m2cVgh +AHT7tTqM+wJEPfsfTDii3gU5TgSYnCojTCYfAhPyeS9im10yMvb5MxM= +-----END RSA PRIVATE KEY----- diff --git a/ssh/load_policy.sh b/ssh_ansible/load_policy.sh similarity index 86% rename from ssh/load_policy.sh rename to ssh_ansible/load_policy.sh index 2226787..f637ae3 100755 --- a/ssh/load_policy.sh +++ b/ssh_ansible/load_policy.sh @@ -5,4 +5,4 @@ if [[ -z $1 ]] ; then fi POLICY_FILE=$1 docker-compose exec cli conjur authn login -u admin -p Cyberark1 -docker-compose exec -T cli conjur policy load --as-group security_admin /src/ssh/$POLICY_FILE +docker-compose exec -T cli conjur policy load --as-group security_admin /src/ssh_ansible/$POLICY_FILE diff --git a/ssh/rack.yml b/ssh_ansible/rack.yml similarity index 100% rename from ssh/rack.yml rename to ssh_ansible/rack.yml index d6886ef..96bffeb 100644 --- a/ssh/rack.yml +++ b/ssh_ansible/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_1 - !host cdemo_vm_2 +- !host cdemo_vm_1 diff --git a/ssh/ssh-mgmt.yml b/ssh_ansible/ssh-mgmt.yml similarity index 96% rename from ssh/ssh-mgmt.yml rename to ssh_ansible/ssh-mgmt.yml index a154622..c1d6cf8 100644 --- a/ssh/ssh-mgmt.yml +++ b/ssh_ansible/ssh-mgmt.yml @@ -8,7 +8,7 @@ - !permit roles: - !group /devops -# - !group /developers + - !group /developers privileges: [ read, execute ] resources: - !host /cdemo_vm_1 From 85d96d30d1a06de58f5dbe8ec65ef40584a44e66 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 31 Dec 2017 07:38:28 -0600 Subject: [PATCH 45/68] use httpchk, dns names in load balancer --- 0-startup-conjur.sh | 7 ++----- Create-CentOS7-VM.pdf | Bin 55756 -> 55655 bytes _install-dependencies.sh | 1 - build/haproxy/start.sh | 11 ++++++++--- etc/update_haproxy.sh | 8 ++++---- 5 files changed, 14 insertions(+), 13 deletions(-) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 7bf5a81..4e3e00c 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -2,7 +2,7 @@ set -eo pipefail # EDIT TO POINT TO YOUR LOCAL CONJUR IMAGE TARFILE -CONJUR_CONTAINER_TARFILE=~/conjur-install-images/conjur-appliance-4.9.11.0.tar +CONJUR_CONTAINER_TARFILE= CONJUR_MASTER_INGRESS=conjur_master CONJUR_FOLLOWER_INGRESS=conjur_follower @@ -14,9 +14,6 @@ main() { all_down # bring down anything still running - docker-compose build haproxy - docker-compose build cli - conjur_master_up haproxy_up cli_up @@ -69,7 +66,7 @@ conjur_master_up() { fi if [[ "$(docker images --format {{.Repository}} | grep conjur-appliance)" == "" ]]; then - echo "Loading image from tarfile..." + echo "Loading image from tarfile. This takes about a minute..." LOAD_MSG=$(docker load -i $CONJUR_CONTAINER_TARFILE) IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message docker tag $IMAGE_ID conjur-appliance:latest diff --git a/Create-CentOS7-VM.pdf b/Create-CentOS7-VM.pdf index da1f46fb55b8a7c911b778f8438515042ff0a74d..5125b84b86973aec294786616a8e4c79ef16e15c 100644 GIT binary patch delta 45850 zcma&NV{m3q^er6Qb~3ST+qP}n$rDekC$?>SV%y0ilT2)zcYe3(Uv=NN?uT1-s?O?N z{o!=&>UH*7yL-AB{J04`Q5~?wiPkr#X3RuW&MAlbQLcnPrI?DWOO;flui7dxqnsCI zB^`dCz0fx&DDOzq`4sR3E*(T30TCQEDYGG?6G!=WeSVej5%(b+NLIQ3GkE9osEk}b zU`)V0r4UvBMPXvF8Ko|Qu`VnNdWHuW)0t;iMELaFr}S&-p#46A@je;Ovi3-PRVZnri&{wIUv94 zmj|dUP&?}bj4A0Prb4z11uQiL>z#H>}g2l*+kc}%v2TcWIc5rArgr2|Nxo|CIw zf3F&^2Cy%iHlEJO)t$s{GqE!VpDm|x1I0eWs34($_;Dcx@v=Eo34UZ9fibaEt{HTl z>nUC;1sS4t9kIO0{qH9~)nlFw%!6ZtMjB$faxFcD@W2p$NMsU~a?y0S@|q39-LsYc zEUG=#v~ts`Xuy({rb*`YvrmLo<=xLFTWL*xL`B}-YZ8GS4>5j^>n_X9%d@wPwT{y@ z@Yb7R_P8x>5g(Ti^4pL3vHU$|SyHASY9mx7NYPkPyo5FOUv`~7u5DvQug7nvjP*@t zz-C5dgFfv~W}`d*GhP)G$UE)cT&L}IBdW<|U!k+Wpk1$TCZH+#ORy8CyTPlb_@KEI$KuU$b~ljr2wKBO%e z*QLZYZ?pEsa|OCL2Im#ViF~6s4+G=s(O8B+1HfMxdj=$ia?T1i>^P1SdmO%uagrST z^GAVHHn+bqir75z#dz@#`QTUW@pdkrR}!cW3Wz7}34(|TI`I{Y%%RCzf#T`H$UI-( znCU`kV5V8qElT5UpD}X@TESWQb8mKK;c=k>cwStT>wLQ-4p(U*dKm1M1HIyCI2Qk1P628>5h$+FWLtA-ma%v7Km@nwieiqshF)!6H^7HT zD$2YWoScTPiO-z)p6MW6D{GZU(hxpGoTwXSCWAr(v-@`dIkHaD^+t4T`Bb9;HkDi&6JiV$rf{tj1i|SAB~}G!zR?nj7$MT}?*dnYX}f z_AL|z>1vOuVVXoUU3`{E&e*&y0w4_ashoa8{JkV-<8S9Fj060yQfx3rUzgQWYx>z~ z1O{gt{La_@0<@0U*?G${z;w*L{#>C+5cl~A!-hH=#I->Qx)q8g?*i7?JFsQgvr4`O3Gxtf!MlrJo?dT?67blKQ8ETHz*^3RQ9RP247lC-b zuCTwfLNJX(%crfO-p)^Ak-RwWT+eal9&oLz#f!fR=(;E!iZ~L&)%$d-I`#z*G<~A= zM7OMQvey5;7}kN_aTGz;z(;FY>ViEFFzEkopedAuWG_`-mC)pX zv7;IZ?!ngO_{H1`JQtu=Ok9B?GH)TJtwQr`Mo#Zrg0a&*E^|P@-Bj56SDD<*urWnJMG-K6C!26al@9`t6S~u$Vg3qlXmz~8D&@hUnibm^c_s$> z2SH}chsK=6N5V|An_XrumaCu2iO1KTBXxfQMfzDnRHyn$A8(zevEurq+MU$PY)wU|G`FsyUWk>^FQ_%UGDA886Yj6mYV( zMUIYg2ITz9HGYhs;=f#{oHL3UIyJ*pN^?mJ8gqf7tMEvs|AfjE8^w#`?dwhO47wH! znC<1*{~d}jSIJe-#-Ku<>_}N$*s8+L*@#U7z&{(w)MVoyPx1Um?>B6_5O&$ny&zJx z24Xkkmh`)bYYjk0_fbv%94v!fD|nyE^3bV+7b=eDiSR{$qTi#$gi^G#wm6*s8ww3Hc6ZM;d^8 zWEK_TQf(?%v^wVRpb+kN&DdDgX(Lp_E`M0d6|~oughdM%%2!p%Q|+zTSIp_b8KV>h z#Yw+~8aIOCN|VKp?O-U5i@Cmt%G%1g7rj`Lp)`dHPwbJnQ7fuFVL@xU3+=6G4{8~^ zH4vZn%*yfmI2}v8o$e?*#a+`;fnC57jSHft2uGHt(lRBAQ>`8FfsXmWCw=v4!4i9d z67n85%pvI2PB}IJK-6m;6VVab+`{(DR=v5=l#lPJ$LrSWQYGr|yzz@@%=%MphAooY3 zHK$)RS#6WDsG5@?3b?%2>(e*=hL)3dxb3#A8x+*VM=ir4!cd8S7SBNWVKt-azQ&@X z|1}+5R_1n~k4HG}d^uS^izNV-S=%rmV&y1*0~#?zO}6KXn=V^|eZIlS+(l6CX$7C~ zcl=DWSpx*-!f`g-&>U)$)x4t(4I{d6hcsrhEXaSfZ~X5^m9%Mc+nznA(+HKvM2y!n zr~|C2l11dncF6kOvz7are&3X!Ri!g$jxMrDPqNcvZnzrL%sHi<1BlbX5!~xZ>b~=8 zngcO4CPnQ0#U@wj37L!bH!Qk^c>^0v%`$`(5}U+NK|I~QH$#29+Bq4>aE;L-n>Fc zWrQ@$a(5WpPV>2a2^dLeH_Djg-2ubczc!0Ruko+W#Mu7o z_jKtn@Z0QW2oiE4#^FkD=JPLbY+Tgu0+k;*^(Qeh;x*JXwkvzG7sy_#(3 zvI42~F8F9;P0K5DIYUXoU7#$JO-dr!*wkVu^Xl8J+isJv6|9a;JjS8UCt14qh2(Ml zlcKy7AiBY}0e2Y&CbvhVkfcP3bY(4K3B9Yk1W+;1IhjtKu?0t9&@f^og`B%>7(GSS?>6%S{HlxeKZk|aVHBM!! zcASKX9-3{C6Tv;T^Z`yk*zKuosI=Cvni0J7E!q21zz>l&VHYAeVu1qFp5Xjy3&XzZ z(nz3T;Rv!l%2QA{wsh=0wHoI+8Q>&&5ds-XM#l~XYLfD+lXkg1dIWLcxb21q=hG^uKNyTd zgU9#)Pz+~E@N!~5Ix@D0!0;#V+HNiIIaX}i zGoasciKpwzXQ}y?ipo94j)x6vWbF@*%ke=B3w$HB;F>5)7$Eps5M-@MMX&=9iag6e zLRkpb&qC&=QVnwBu|)AYf+O*evV$8$mDG*^D2ZD3;c*Hm@P6_HqloUnZC4{rVOSMv zO1Dfi1RtLKNyc)RQb~s*dtO8g?%5_D5`0-qTv6;1pFZ&nzh_@;gvw{bSG*Tn za-Cl=IfDFSZ0gZ5DbYfykZQltX ze-Rpw{>=wx;b`vW?rLG;@E>wAwT0s#VJ7+S&Cbll3A{z=!Q&=j`7fpl$E2>#O2YFW zB>4wfNVtJ03>XmXBrGhz2{xkUPgFE`z;^ua4$Qu1wFd1L=^%A7+2x%ghD3$3ez5E^ z8K`cq&fE1YT&}i*)Pr0ZrZ>)jeADOfw4LA%D3ePN&Lu7U`8{dSO-4IsA=LafN{Aq8c~UWy<1;Iyp*i875m*6Qb!P@LSzTA-g$&ujZe=tQs3rJ^fCKBy@R1aK z*8)`FQBD~~*N8@3Suf9$`(TbuifoL`5;;tvEs~$2pI_ajRFMlo1GmgL1dox7uts=0 z%lNCzoNFeE&?~&5-{B*)NK%&4;g!QDKW=^gE! z4UtERi>{2_>eLa@0GK_F51aLSv$yQEgea|8h{=k(e1f|Dx9r;?PQ6=e)9peU6gf41 zGu$2}*JK?U_89CWwefBJz1DTXse4Enk`W2jCO?!S$a4-P}ay8APFYC0mv#jSg>Nz8&U@rz$|?z zdl-ixVWvdsm{cPIWEJZ&~LRhhVgdZs;6it>Cv8Q}Ozgvh32$@bpJoBBUD-CFPlDQBVe}$38 zU-I_K1ItQU2jIUy>IJPibZ=&Um1f3HtCCF^g-vdf zY2=7tl4fOBcW{1MLGzsWOsaMi%7u;ld~osoQ*?O427VrI+-b0E^W4)2HFP4;Oc!&8 zf-?hMl;f|X>fs)^2lTXN!^`K7Wn`Bo2I+{hsDuo20AY8yQf}RdVvIBk1TEhSrdkqX z0@ohaxk%kXRJjxe!l+GzcoxJ^h>BpDS*NjT3yK#}qIz3#%Y;FM0k#>HjLK~#Uq8~& zMwJZ2KSZfIt{0a9$@-A{PcTZ-nfoKcNvrPDP4W8+!h1Akwj4!vW zZU&ITOJfTxKBIUEccS^d5PwsF}sH^*2##9gHj z!H5Zn-hO^+L%!nv3?gv=HqMGNye{`LeCG+U->L6MJ~#V{fb)PW=L)o8F;3o%e2KAh zk4?k_*mPDE?6R$_fVWQ3YiP2l@B%nMzQm2Y=*>Q5@Ydz&VFnZV>Hv-Lc@TU#@SEBd z01!3&z8NwS`qjUaZ-n-`BlPF{pU_tl>itan&hF(lM)*rQr8@X_NVrLkO}OR=cVRW& zNgl{m9HyZXQi>+;39-qeG8np*Lv51STv2PXzNRE?ExshN>Ok;ATOg&HN%_EHY=Dv# z?lLs2rOf)*9NOlPJezm*7Mk3;e})VmAYGtkfge7ZU-Zrw^w!dWYC3p~xr{2sYHXVQ zB3Ca*=7u%`8aV6Fr35NOol6K`-e2A0B-+{4UopchKRYJm+kr!Rq7!Fkm%#}?I~c_2RlHedgM>Miy3Oobnki3a(Mc@=299J99$_zCZP zYCRluOB)VUxpXr0#BH37HGtHUQ*%g@`ldEi+3e8Dg;Oiczk&wwdfb?xE z9@0&ja`t@$y(#QpAhtC=_R4mU*{pZay5iOzQF-J7!PxeJFLV5K;w2)$7hv7^`M$slI zS|t*`eP`nd*=2mj{)gMH;TUy2Z`zIogV6NJWjZ3ulf5^WRQrZ%G@c3l$Y-?%^92Yu zc|9a6Vz5$^4ZC7uR+h2s%kdK=xbo(RhwU^2=gC{kk8OmWmbL;)8Qq0>Koj? zkDOwBq)BvTJBHBWJiZFq@jdmT6Qm`4G*$!M46DT@Y@&mbRi>OJb=~u^?&in=<5iWl zvdZTok5Jm8{7TWdj;iWzh300tNC_EbjMyUiEPEE}aCbSF7Z4^KsVZ&`(L$d@X`F2b zVkqRSCMVUXLY8+G)E|ccW>85ha@o$!*HHWVaX2>{qw(iOg3GC4SW8uH#bw&~{f!b>E;l`=e zHRwJv#Kj{x5glxKdt{0egL4zc`zcA@;SYO+f;pm2kQK@!pLma%G)SO-fH2V0iVyiS zK|IwaaS6?+W4c&ytEeu8M^Zq%20b0uBv1UoXqoo@z!nP74@1pLoWNOeDv)6His(cc z6BLCP^gJZ7zo0!h5*roRVa<u9LP;$@SZH^nhNJ*&e2pS4yGkPDO)O^|C&{%QC6}NnPU4%WgXT zg{$oRn&>7V4K?-_7Hg(C><5eu4`>6ni1fq+)skj~ZHmfL1}SCGW%d<9fP zY;6-1fBFy9j}b)p)~=y9a~)%m^A_8I@*Idc*swH!?TYMtdeFD?3D;XTaIFo)7+F^B zz<&~qkbmsp1L8q)d65cg$Nq|#*RWj%Vu-O|K?j6Nmxi=H!E+5f1w$D?RSw}B!IU@)8d?3%R66ZHv-CM4#hwDpr8dU^c#vtNb|vZ z6D=KplAf`j+;}!*LMFQOY7-$M;P)h7MMbQ&n7E%gAErxntP=#MAO%u?iFUdxL@K`y z!XCi*&7$C#<{LlpIuTZmGK#pklJ)*>TJi@BYIst#US+Dg*L_$t6|vucl(m6QDRVV$p$kOu~-~ zHoJ>p%12!&99#^ge&btG;r5Ynwr;omX>98fW}+Ban(dtkY&*FS5x+SyW$!0BrV0g| z@8*5Loxjhe&eqiVvbC6|Y#|IGI6$`+4RO(It(0yui|Lp>UF4=R_+}Kg+_Kyzf#Jed z*wvF_4hy%txWhLi4))^mHt-z6&bp zu!}f4>X;`sNA}QQU)vh6uqtAbX=^TLuobm&xJdQufocP3%8Id zQA+49_ik{S)~>8Va>}_|-v8CyQD*$_=<;1e@lp#2c$J#>D3L=suL9)3HTVbg*<90| z*ZNTJwE}BL6D1v>rZu~FLXL=FBDeHWG3?YLwt}(UdB2D05nX}VwIXJ&Sb!fmP@i}! z<9%f3caA>mo($I{SGU|~Js$6={Ptb(WH)P=Xo}s5FBT#!dm`_I-qtHTKO|ThM8DQ? zs*ZL|r$v3@Uw%YPaVx5LetaFvi(Ah{AIty8185|KNftNjTL-j+jsDF7AX9?kvnr0_<_&xaCAoPJ@SNMCCfI2ottw<5+>y3^-SCdwdXPS zWDsI75{qMFU{;mhYJZ40^_J&^4}Ya7g!{FJqA`pnj7PHQGL2f<{7NQkR?F<>Wvnar ze-YxJu%rk6peF$5;@|`d)Au9)|K#s~nwNl+goW*Ybnt)r_kS=C2`ej5h(Q@J)s!uX zvVBg+%hyed%Q6i<+I^6Qt>gW-tE!}j+>|_$Vjl89?`_x~IQd;-FCgpw z?4HjP&}FpC))Pc3@4VXM0~cmGtd$~$!cGi__)84xygYfZ4Z_yw5UXNNrr>6yAD#Sw z6hx5%R;(bF8W5gv+273caSsph9zK5bx(|L!ewh{|NbVo|*)H{B0bUeX;NeY`SS+YQ}e~}qf_z_Ywp>9kL7HL^!-)EsF`(79JUCev<}#gvS|4= z)WCDZA__iTjDDZd`Fqg4BHb{~7Z-v&(K<0aPeOo7T~M_5!A@W1eVY1g23u!7(Le}zJI(85sFo(KpE%!p;;;;9lE@s zVbdus+m;hklClGgA?m-EkbbzJ#IB{=;2Nd(DReD)X~z&x}17s149$i2lX=2KHyS%8Ap;M=q=O9+1Y)a$s5APb9;y(&~bX=1kYy*#5ft_~WVfG@PQ&|>1FPHp&9ZSVOCmWRpp6W8|I1FEEO#(R5g3mxmdgQ+ z_>RI&#;kZt`y3EkdK7_sHNd32soUl-AY^f3{g)yISDp8j1B6LxS6+)F5Ihv0t2%h2 z%xmF%<0!7#bStd{JD1~uL59no?XpJc^%X@dO$%j&<)mitwN&&&Yk^p3kaI3^U~YVS z=)Jbd&t~ zWBDgHBg1eaN?718iEtb)E_|^7H*gPUoXZ#;!IphMAb^n?eF}tZ1Qrt(yk{qFUk8s_ z%m6D_k(V}BKA-~}l{(&!bR~8(Axx2v6IL-w$P3zady~A9vB)%ApJdWBQda+bSmI4V zESlZAh>Pnc)@p!bcHEf+CDiMI;}u5GFsxb=pSsR%0?AiPq_4Ue|NPD_H6O-!!UW$! zIfo74M?zSRd9fHe8k(ATHHs_}SLAUucObT_JHM5$BRp`hw>Nz;qp0E{fE4Y3-<<0N z^AUUA;(%u1#}DaQ*~sgB@nL_;8%M`MEUVyp3sWzltAU3KTx%wGWV5pYjMc%UCDMV` z4&DCQ#_H3-$%J=U0=LM`|0_4mqbSU(Tvx12G{jqSTSmJd*o(2he%YBBoXL7`-wStz z(sVa%yClHi;6#h;g6pnf(Mz()#z{7z5NF^f(rmgPtTSaoJrrZ1&zJ>k^>}4D_Vg;` zNx~@nkCD+4{>PbQVdG#2{$=e4)}mq){trF>XG#8_RQ!*WS-F8LY^6XPQ4S0RF*B^FCMsb;7X>gd z2x#W(;0vJWV6mjU)E)k~;s^z(IvC=R5bh9!=EIP&v7tdoTNu|`0q7XNZoi)mlh3N^ zt^_^KmN%;JZp4~LS@`HIhC|HC{|JTR3dL8)-U`L#emVnWU;cc+n8`l9;3CT-?&ui} z2Hb(G9mON>bZ^JD<}jOVeNz1O!xG(A^bEW9(OXuak`KUfK1lcs=ywvdcw3J+X527h zdHj;X8@0;+D`>I#sWvvzj(eUGC3lazWF=_7)f9jCnT3lSXXl-d&0;BQN&GqQFkT}S z^4H7xkU9W>!6#=0%$&tIvecNK%HTw}w)LjXrz?Aq%J2MG4XFFDqu;Ri_dWUBL9oHC z!(P5UgZZdm&G8M|{`cn{XdjybW>jn?m1A88X5k86;sJ0pUyx%ur%#XOP=#+bZn2Bw zuS!h_YF(-PVUm0Sp^1L4aAe1rb$48KjDv8(k~JT|(|=9w9BUV;4J5!5tAAy*$)y$V zhJIAf@<=>k!uouaFKac8{CKHZo(QsbCU0O`ho4T`HKG_L6BQr z0DyVZpSQ9qZkdC~jVofqd^p`HZc&2#3}{t&_rnNi3KG1ME_ZS3BFjZ{zay*mRGpX7 zD?J#yhx+NMJP#`J4%y3K zO}u*_G|cMKREQzkLs5Dg{N_`L+V3<4ChpVMTB6I>qm~tb z7$Bgo^=S?ALEp|-a~?}%4rcSiJ*TZREHCiifh0mHrOs0(%}sJ^GN=t|>(J1u)%Jxd zh*~GHRGeQ;A+&j0)fzCqXg!YyhQ3Ye2G8EYdR)<~kSnbrU-T!iTSATLM99iKkt%=U zR*l>2NNrla|c`C$hOGEF=nTA=o>cnUd z1qHYvWlH!p3iSmxYT0&6P)o~4>=N?__F3fCrkn~LBFGn|w;`jjw5aT!^2wY4&3T-o z)lu?=&k#xYE~WY2A&1RgMLZ2rGUO$gt=PztznoxF*bm9%&2nI?g-O zeTP-O+})j&yfD36x_jKU;?NKPy2~MsjJ5q@kQ{JB2JHoE=SM}39R9>tAqJPa^D+Z? zhSA-1o-wN{iUxMx%-ThssLQz2?tLP!A-o*r@gaA@yFF-UiJ0{sCvumNt#*W!t>`Jg z(>EWq}v$5 z&!nUiG1t8z{286)L0dS0fy*CW8J>*g25z0>m}R+3CM!9ft`RoJAeRK1u0fuB8r|U+ z$?cofoFbaj!?fdQ3YJ`%5T_uu@Qb8T%sgEpaJ(t;!@(d<3eyTb5$W_gGfUs!uO{CK zN|0sE5riC*o?j5Qr&7xe7L%gdr=vS~o*>uMqkbG8)J6l(1-+Pnz7dtS41>R#zUl2! z)mS@Nm4Xjx%?hJyhYyI^5>5@k3mCqbRWAO78wQ~X{||yu9Tz`@a9bBIkhNEJISKwu zC5yRREf5#M>c2}HqL8huFo{CSN(Im0Z3w^YHr(uaH(jA(g1?XLsq{wbnjR-5I0-HV zE>LbznSYJyzu0&J2ou}ra#L@;uTcsdjPYMgJ+o%iapgOWk6V{yc?+(F5peK_IBm*X zACrkHl=6z=UliB$OR=)zc1x~hNCr$uwc6}|A!EHaD`7OQ6_Z!@ZN8~h z_7s-g4~g~;ySzqTM@PGfwbW`d>|HLXU1fiuBXtBfV_>%^ssoAUP6Ijy-H~ey6MJgm z5)Dak;G8Z7)I=2=Vp&p4Qozu)ds%LfgD>7!U@|(wZ{rsL&Vpr9wC9=itSBNmh&QMSQ=*UT7f+Zg z>LHA*S_({x4t0~!>LK;rHbP1(b^lnu!eA0NqlgdwA;{!M#Nv9|qeY4UwFk9OfxJZ0 zr|X68E*I>hP09#$(=P~#!PNT{ckbvtVG&}Xh&OXFT$opcF+rH&j9IIF!SGAlND~ae z7K?c33jzz8*p@lioNflD1O6W`;cAv6QTjuX6SQE?FrY-Ccry;x)SfoKoUwv4a-4-e zuAJ!v&cK*zW#LwKpT(IM-f_W(|kk5UV!jlxPNUXtPOw6-l=ce9DaQ zR+1`hj<=byh7P{Tu_kDnLTE(k+4&Iw*l4{$^7q}X!#F6xZn$2Wp zy3QyCb--zc%sn}3f9lt7Ww{LCkoQ<)_9S2`TotM|A#lLotc&0UYsGw4sW{|gsZgje zQ#r5LSDyN!tgrx(+P(%Z-cHji@}TmhpdYeD3k@oL!5G!eQEw^nOv(+_$F1}4RlQhF zBf2;a9!0HD2?~h7{4tH~m}QH&Ke02bv+EvF^N;nelAW$ZqwojPYxn~sFyGi&q!=p) z?;Havi9&iEVexG!q;XdD*JNUSz^9Nd1}=v$FA-)+p;zPlUQ-$SG;#W8a|zoAVdd5PjXsY5?o zc|eOnZ(r+s8a*BO^!Nbs_RwSkOEiv3ypy7anzq&Z3G*%1J`95 zk5o;xlqC=Br2_Y63tDP^p2zXeTKcr7y-ivpbd4;*nACbIo`pT3cP!Cn z>RfRF;iDWF78rmRRcNCogq!F(aS30ukC~LMwm(no_7i&}a-3RqdRmopeI&dApQ$G= zj~0QuF>W8mxxs7FyQxohJ?f#2pkHWsT*@gb!mLPfSkyk$;nXA4=qg7=HNusm8xc+T zhcJ`n)JRe3m8kVO)=ugrrg!c4M{OD}(%|JY{fhYpRCj>6TO95zY;3%a4QvR=u9x4(*D!VY-U zE%iTpYp)Jl-0Lf%OXOjl()XtK_lseTl8{QR{$F$x4%5N?iH9r&*`Ba^*~vG4^XOea z@1FpIyiovEbpEhFj+UJM7~Sca>>D*s3wiV>h`LJzt`++P7c7vF>nDUIUpgKE9$GQ9X$#J+; z4N@%|jSdbP$`u6#^zFjX!mfaKl7Yn2u8V39tsUg4#viS!-eyfPYT!7$*rTel&TQiq zH0=QRxe3iuaz38?(jK&|*7UKXvF8`wJpz1M#ojpY2bg!5aW`(|{QcJWnkEetF+&MKCHTBY_5s;Bky)kSTsk@3bD zxarH&x#E=*NofaI{n#-1RiUz=4(E&@e|Z7Vhv)MuKAHTmwqlR}E-pO54B>Z|aK22W**UexZizZicj=VF^r{VrfyAtSj%tt2uL=I2of6vIhzD}wwU_B!46N?2xE zLKE9rfG*5A9;P(BOC#`uwO&JRi3y)u;yK}>7}L-N(rvF|YlQLJEl-}nd1;VvL~*#4 zWc@p2L&~#@w6YS;D7}wIxuNAKR%-=t6+5LR>daGxd{M(l$bM}q?ktQN8ZLG-SbNxc zRy=yL0epX*9h16;zx$Zyd+gmyoUbzIcKLUL#Vp=!1qKMqvC@q(6cxXCr4q|N@N|iBi1qWq%S;MMOFK=sb zS}R>8`#TNS&S{gCrphLHDj6d+QC5c0$d&S?5(!{p%ifgIGX*a684VFENk`$+7d)3W z=qQ2XNlTA88D?RZuixZ<2?Xr*N+{{`1ny0u$I#|s?F~Y@oS%M`x*ex7<_NW`^Qd>a zT4-2oL_do8^I>0cyO@p*<_hloE#K+BIZT?7ddZL?3V2BJDUBKAZ$oiAvze}>ImeKX zo7b^;h;baFeaG{%s50CrA#J5aDMVLNY$e~w9+|M{Q~sHX#MJx)dktXR!`Ar&!DL@H z!r5D3@k^F11-O?=m$xa8+hl#IOMl#S@7juNF~0J3ORV2ZDu}&h)Or&-Y7pU59M^1UW%k~Jrtc$;+nR~UQ=5*T`;ds4T#6vbV7dUWXJci z)#?Zk{9?T(L7FQ1Lj|B6v2Rpd3~eTD)6K1(9nk74&{9LKw|j{GYKo$(>CB?UrP8bW zyTa>DhD8y5?CRlof{EvTpK~T=8ko<0!@JXz>hx;V;2wujR#|_OuF$opZ-J&6xb2{g z+NlpFMtgF^gD38EjrQz_`P?_lCx(SSY1R~@Xo?-L<|5!yniKtLRXEf<|5xW^o`#nnp78%0yP$nZU)!wo@-##iL55y!xA@biXX5AOm0T`!P}1ziJLYg zSr6RdVg0zMmw0ib(BrUkK0#g{~x=CTmQ9aa^w0*4+qU@q%gVqf9d(}RGC`*EAG50G1^ng^L#h^`} z!N(<@kgKWgXDbaAJD^v#eoOjT4g$??amoBFG$R4`JaMoO*)1D#ph-W+nm*xxHDp1Wl`dwA$eHIP~cs?G9 zS&b6(pVJazGVFQsaWVLidQkr|_}=_j@zbO>7=FP80K6N_&-v=Nztznj8i%A3WV#^) zvLOZV$2KAM_YE!his&Y8s{(#@FRF@Y+@fxHrj=Ta%6;C&z=p3S;evFRhh=vC2n>FG z09$yn)%<248}@Mt@;ZznYkRnE4mc?cg+|77pqqAB2+_L1^~bBXUD(q;F5qSqL?Mpe zADGPmRD%t&cqk9yaUn~drluX%ES9pRkBDzP(W@o%Ey0V6dN3zNB!xkz;Ep>UyKvpV z3ZO!9GIadB?s@!^q-XCAOFY>f!!_*bVtTIdC;PeA$1OhX$7+=7ZH716zO;cij2V*f z@70P%i)6_=)pdihw{iM7{e*_=t%}Ye!Ir;+fFUt{@#gcN)OKgYs(;{S78ISZm)h2@ zw;BH$L41(*w=*xyhBEd1y z*pd-s%Z93KMqH_;lE|<|D)d#&~3YJ z06?mbuIx1~ytn|3a^h~>4dZy12qhDPVkQQg2*)`A9P2`+?(-AWleGwOH#6?XU z#WDO1-o3uw#Mwel_!ngGG1PDWmMc8Fz8}~15_7G3xK&{D*0^GB?W)Gv>}T)`>z;IzTBX+maIt(EaD(JEA2T@s-Fhs5z;3$>KY@ zik8uRl;?+~-{W|k{Nwn{Q@@BwGYJq~gyXKmJ4-wc3m{A!pqubx<|JF)gAzRYP_UAV&|=WSU@@{3J`g#7dq$>=nPSa+rsSJkZT zVV&Uuq!lRQEVjHy6H`p7pB78D3klaf1DG!7N2Sj#v2SMQY4keXk5kS0-_2i;2sFp^ zbvSNMB+wf?8H34NL|UR061Y`^K)^wi$8Q7rRd}#r%kxf|xT0u`Xm={4!OsY{D1KSP zvb3t5GN?tKGMuG)o1&ELy&0~+IyI2nqCRgj|*{!rfW>MC}K^@n%7B z{?&;P;NrK`>(RMBpzQ1ASgEGcU*Ct%^-Yr{crL(F{S)r;K}b-yU5lpf*T?#z1Rcq- zs?alNercl+Bp=^J^b(e|EI^S}4+F@Nn3JP!+)6=F&40Ese*DiV|Im2q(Z#K}QRh%< z+Dt~5uh9|BW20M4Nzd9KSQ7d026eTjo{O-CsUmQD-+`sqc5WtR=vWz+-zrIz`MYSk zGpkPVou0uKI;CAm!>a4sIZo)^Lz^=`MSjm77732Rd@`ee-c?iMu% z4q)kz2GJJ`or_v{TSaJT_Otf^cYOwi{o|;uQFG!S44QL_FtRsqlt927 zcU|!JUqEUq{9rq^FQ2h**I_uip)5oUo_RMBVom`xB)OCze1xEEN*X&YDrchZTt~J_ zOLlQ(Ca;*=0iY}@PFL%eH7<<_>k!uLS=uaRwr$%^-ias18+&5gwllG9+rD$o?|k>v#Xq~cSMT0cU0v1n^jgna8?x0} zq7vAeUsze0F|D^%<)CS zAMc5XX3PJ!@K*F_ljoJtS%I@%#rl}F@ll*-5=N>O_9w%vAP1m+*AR~sT?14%K!Yya z(A*q3APo-PnAdGkEIk5fXx)`Oa4Uxy^h7LvtI#&k-OhxYMIRI84(b*|X%$LpFt;q$!ka;>6WW7V4+ zH};I~Q!zf^J_tx3>*!LWb|6n?uY6D+5g^kPe$D*MwgFAv4)I+@7H0h;0>VA=4yk}_u!w-E+!hu_C%aMg{!%i{ZCGQu6jQV$bDs>xw>5X=5X{8~Ujd_v^AGNKxtL7nTt zSfNbv(qH<`dhhwEtJAZgpiE9KI^pIft-e^n&t2ThR570G`zLu9T39H8K7I2zH}5xJ z&|E+Kap<8n4erO*m9iGU8MA$c`gv)}l}Li_?3)n}j@J=;r-!FrKg-+Mp;5W z7Go!;eUKx)L7nMB8M#dI9Lz!0*L)=*UzCRkW>5bb5?WL2l&|~g{R(UJa}=ar-cJSj z<#s^QuyElM9dO-wyhI9;&r<9v6p8=@R$8GA=I}drro>C0YY^_Qxc*-74Ain!uQR`$} zRIsvHBRh0>Fj6`2CkqW|CU18?jE$nXCg++v%Oun{?s}GQ6(O^zh!jap)~$@XT-X3i z`6sJ$2BWzX&UgF(x`PXR2a6xt1)+mcqm#dP#xd!2RJwe3>e9!z?$>xcCl1@QbvLa) z=7Ulg2r`x9mGbuq-u8he!vg%I0!ZPCz+gQ)ZM#wq#ug8kGU}-5D*SupfZthp5Cli(mQzc}$w1(+K;p7Gl#Q%(rDT)_s>! zNDSI)D!_-n39M%7_R}}2cABM*PvZ|3{<_cB8IviQHoYOw!ZtYOguj&UT|Ap^Lab@m z1US+rtbT$Wp7p4XdzvWe-$qvd1m5EvX!?#LYEe$T%bN8V&zgtBqnCFy0d@dev;xMF zm$O_n4@;tozPw&yphG}EA#>t-YCYIX2x6}ozG+i(+6#j-k*j^d$03-0hE^>VgPI2m zBX%*v+qN)WoGWe|ven3MbL$~<`2xZ}o#Tm3%E3&}tK|TUlu*%u?!O_S(5$ z7y-Wv*xlRb39y%j5FvQeP3QpT%a$tekMwlRHKNQEtkl|3h$a;!%-86!6PC07O*3T~ zPPP)wj(S&ryq9ZnC2PazT{c3*!>W3j`Z>yXR1qc`T+d}^36W+o>bbSU7mO!crFAN^ zT8mlq(+VdRbL}S&xsHLF^zyNsgXtM6>5J?0;XEWkSr*m~m!cs>#+`s=wls<|w1@Db z*85)^8aX!Bpm_N4dpk@%{`R-eXVxz%2EX+2TYoasT0e|T`}&K(S6`K))1m4yKM^rK z?RfK9W@GBRh1JIGXwH3iA-!z~*3}9_2{QRXn*Tf8G+jv1KEYjMud?x73a*lCqi~m_DO7G$rCpGbD?9`!%ak_Gs}t%Gsu1cB zY7iP^D{dC>)$)x_N#KOi@Wgyc|MZV9pt2gwOFB}feAMFj2wBetf@~QCvm-It$BCe6g+tq(5yZHd8;g_Mu*xlzB!xU5D*N^Oe z&G#<8@_YlP0h~Gj*;BJOp7->x=m!=?+IpF-fn7H@N(a>x&3+-No%qwsn2pc|NFVx# zbe7-eH^bxVf}hW)k%D^Nt~al4JRXO8a~4zCpU)E%H}TJu&!=P#(R(3M9ntfojm9NB z;Cs?<*~Dko-Sk2(;1YxHA;5P? z7c1z|{DS)0Pn~J8G)=D|((Bp(j-hnS}~I?>sB5b`Et$bI0QY#5`m zFmqiy1fe5jLHaWsW|+B#h({iKa62_V%H$EyU$dQBT!dLiNHLOQM9c85FWX9rz$=>{ zD39}=FnV*5;J_C(seqraJcx}FQ2mf_?C!+I~F{27_$6UcANq@^B- z!2wrGFq?Qq=*l z$Q*`C^RX*Ajcq0vMmLkMISEBIE2dk~-(ymAw3SraGEBQ0`X{l!!4Y2{hHBn(OnbU*f_%a(0(AyP%DCaE`?%|de_M@+C zY1P6p=qBl?`Vbl?&n1tk2KVU)>(Q5mFQw2T!B*oMq=Ic8bx~Nvj!YUKGly`aXU??? zSSWB_h+@~k)t3IPm7)(C!_MvrgH;FEBWK%3+jnOzc`1MILj(%XkUirT-S`6XtT=LP zX5-OVP8O+bBpNH-T6pHIhw$kmh?0rkjdo5ujd`lMqrnd^=Q_k?0XfavR;S0W4reyc zYkB3fI^h_=7vN5-{LfAO;8yRILqjBqs5ug?;UdlR*}a>A?e5lfW(H1R((r{Nk1n%( zaefa$fC?~~Wez0P1rR)Z;S3m&OSmvB~9=nV(jlRvuJ5t#VB7u4(ou!$~~?9zxLZ=v;K&zIKnBv1)!W;-+$i zvm&$Z_pKPohhQ7cyp!DjlFP6s)CZ{yOymrj(!8L9aImdyf%)1kG7umqITpkXIY-ZQ zW&CE9Vjik64wtssPvd4II?d3`9ffA@Y_@OolYn3Xb)m$4zIQ$7H8o5r-V0xjWh&3h z{EW&=^;@qD!;_y>H`t^fnR@&kqy{X($fIQJH@>aR>Qg3^Hs438``Sw{-#D>0hP(F6*!I2YvLPvBA0nV z2j+y#KtbmGtxM}4vR+!JVCR%Mit?W{%_y5kBNGW@7+;4ezcYPNEHYze+UIcvYAB{q zX6nz`vsAO8AEM^suKH!5N$j%FLi$6b)sGbyu=#IAYkx5&-m3zZrF?0l9PH?j?@!OQ z;5yAIlgOP_^6YDkN%#GJ!i0eI`i<{@>Sk)sN735B609?c??-r)4^6iZKj-h(nhZT~ zoGXHzv+X~hXk~SpH*4Ze%dm~=VTR|w&4;1Nfwcu#_Oze^k0W%s#ldEYLX{{vkbP_7 zECM(vMp^`qnacsTk!l+AVw0Jcz2_jjWWW2R_raKEGk7`2 z<%Zq3oGHBz2kRbeeclU0^{Q_tV(8i(U7!ue|Jpf_+8c5i3SS1^Z#Y%8K>Q6<`CPi| zf8k<|LI(G_y2ZCAIqQF|^RE!Z>$x1FyD|z|HhhFSA43x8#|bswW)F-u&0qeoh4LZz zO1r`JnGs3|`s#Zg%Ll9Y((8ZQ(2LsytT#~4=^)`g^;A$l2@WiOf%JHoD+6zY@erAr zI9XZ#aoaNkb2HhIWJJ`2Wrb-~yzGn}Y~@seMk0d1Pd0ksfEYc*zb^sx*h_)cKOjJe zfsH>HfIJ*j0616lg@>*ub9V~CIvA3DF!MzcDWDuQ@vW3`os>IR9WrV{kG;^wBn25U z33ad}Y$La`qArkNTAib~>K|%Y zJK1laPJihtzBsYIUooqjm19e*m6GCiYUsUa1+WcswlKS(%1UZP&_QV;+;?kV5AxE= zYRw|Z^6=Osod}s%g{R_{Y6=-CW@IlKC>WSP2p&;d^QFEnL+7G{SS=8WMAsyNC@bv2 zr)JWF)hrZhLQkbA92u?C$|fEjudSoYFcmIh8KEY*NSrLQARaVbIsXyZcrV#O8gQEq7`G)Yv2b`YP5#_M7DdYny|cb7qwRK()M!Jntiu^Qy`8dxnHgn zVCZ>w_V6r!!Fa&qf3 zTdwU|su2(_%tTD~dptH2-*lP(fLVof3+dB}DPCEsdfHSMC}~=4m20H!g*91^o!4=7 z3$aG(!;}c3Z5dp&CMu~><5I2O;0I?f;7;8V{Ik)iv4J2gVD;$`MlxHWkXG#js9+BL z95Lyxs+!?{JR^K_i)C-Z?aw!f?h0tE%7st5EK`gBWQvX)?7TMBUQa4LtYR@Sk*2fq zFz=%K=7qUiVNY1CehY5MVxgWIbMMHFzH;mt)pcYCh^x%C zjP3J_16wl`oWNpf5Y~i0IuMf#u~L-f=>-Q~Z`@&X!*B+n9Z>~9I5OG-gmlAhuSWRh zk$;8gOuyNCg2(ja>^Q{5u*!#_e2>3s5ER0gH-XnNgckU#HfAxQ_#;g9xLo7DXUS4R zjU1iJ*eUWB{q;5+^vb4!(f-ES0rAAY$PN%xO5!gyv(#y@X!J0I6$e0TeByS5cQK%Z z&`}D!vYjD(>F87w^zjV^X4qhJlJ}YTYYG+EiBBTGE#5uS_N`P`}dc_qnOCe>}tRdQc#vV5} z6Y@mKJNXkWpUxZ+&=mg>L10{6@3H)LPFnH$BTz$=)E3npPWM@{h02#S_y@9D@JXJ= zy5OtWGLC-ffhD$mTre$r)TJ;C+5t6t8Eqv34<*%W0DY4io+)gK;5_BFi)jnw&Z>VIebxG zhzY{MM$V`jI71i=#rEE`7r%8*7}`<94k=VItpGw33WWD$=n^RJc7nz82kq-RFY#dA0Sb9Bn3T2hL$lEaUiyjSfjwa z?#&(Vi>U7oIW=X)r!#&$_bksPAulb%+@|yhy84bfHWJ{7%17B&8YcT2YGilDE+1eN zYxyS0!w<%k&ZaF~UbBna7<3Qq3*pnB5~AW5oc&YW*XB72c*maI$$KqVk6$$n&ZqG3 zOn6ea0>B*`x2K_}&K7jIjIMV`Wp@#ux$gtD@!y$mF3m zGj>kkb`lZs)wPYHOA`xF0);?qT+P46N5XQR4}pVo(|^e8@rmx~$3Rz$ZQh9x_!C*? zl+4kf`#~zBGce0xE;S)dorsA^g{Zc3wW>xg21q~EmAtAew+}I3Iwpst-^Z2(Wx<4t zQN*{pa1TL?-Q8Z`zwi$m*4GpYbgEUeR&w4wCmr*M;sm z0}P8%>98NSuvkRvhjF*^nmjdHx$buH5wlHybh`_@U|G!h8#+0^`*a*>+fm%{&Ms25 z)ouY|`<|9st8g-`W-J`roe=S5>dW~*tzG?y?33#Cg&kbm*9J%3UBka_R))&HpGE45 z*74h55az3wU3@kYu4ljthM9FH2SmZI0pi?YS@0vedkeKay^2mBSBt?_db%r~9NXli zh^ndSpwofh!x7{qqfl>PmQX8G?|=Qtg?GtvX22V#n=w&!IOL$C&IycfQPrK}BWU~s z*6l!O|4qO?Fy9mIas-!9<=`eG(v6!T-jR8&g67i!gjT5YdeAeRlZM$WqZ>l66tFa^ zS?RRfDeY38baZq^{#|V++c?S$5@2E^tnf>{M9&<8w_{M4{&4Y(fuZkShwc^f3VtOQ z2WL~`DB>EH%>wafC3H3Se7;R+wKWC%X?jvQ2bIjsd%Z_VFW~pNFtBmGA@FKntoR5+GE8NLwZq17-;_LwT0s zKn+<7TxHAFsCb~{10i^Y%tVv8O~H;?Z6QPruLa(vnN3kh6H%^1EXB+@&e!cdNT9Do z@O%gtL30DTHeR#FgAuO3-parYFlCdf9Zeo-?~ z*izRhk|}qGg<3WfTZs%f0QyR10~$SJLi&)~*%{@|$xJ8F1aj)N1XC-t?TEh6>SeKK zLUbd|SkP@SZ%~s6uyJIj+dMmwC~zE@zY=$FHQj5&VtW0di(=P)-vkcXV1a&)%icLR z=Y(`2rTC)&8_VtVCW= zQZz;+ZN)<;!DQB1GTS!(7YMJXNX6e`|G%C!7H)Pfpzojnq@uWngt#WKXOI+~mE%9Y zVFxvPD-#D(Gh$XwU{op%1RFaSu^y1pi4wS*`W@&nbP3PO^>^yOQn^@I*nnJ)91#Dk zf&pwDPNQV~pHwaZfq#B0{tf(VJ|7=3qpX>|g{vho8xzoLL>3?wgNzI#2rrSqo3Or2 zfgH*^@0>yuCmDy$1QsDnr+tIUvm}!B*R+EXEqPBMi~xV3XlrS1JIs?$K(D%%#>KP9 zHHF<1oN!y>2gn&-!>}Kujraj~a9$sD) z%`fDOtn=pygIkein2iYUO3~V z=VzkG<)T7;kuSTuFKh#Y@+Pt&G=Y*>*sWdcuDcx9_zno%Vb3f^Lb~j>5rzyukxmU;Qmw1u+K}C$Q1PuF!ZklZI14dXV~IyAax^jPqGH7Ky<*BA z8ez(iWPaR}==@$x;~a>c;pv*=k&v%6M*BHM`-Q90;(tV)K8Oj7dFvzbTda0_?zb_N z;{hxd*vauM`np$SV+QYa*5aL{lP%Gnd-pe=(k0vpZNZ6)J0gCqXIy?Q~;sx0lNM~ye4Tt7KH-|P$%#!i=G8N zbv}o)!fHwX3Gb8EyylIy;A^ z_Lam7*|_vV>Xas`og29(z6g5)@3avNnSip4W2obf(|?4)J9?;L5&0Ua$C-g*+5{NP zhTVH4kJD%dW{Jom0+w+i&nuyrN#i`S=-i8VHKEqV+Lrf5xQ8&hptYKBJ3DgV{Kdn| zFjh-whZ{AogfK(D=3&k9MR?bqED^lz^WLtb6SOWSNbh}yw7_gk?apBqW0|9BoJN+` zr!))~?OxJQRW?p7R?RQCM@noeKLJrYBKFa`szMYPvy~+@zXWg3ms#eKM4ugWua{sV>eLt&cx1yfreyAF zUU~DyEK8mZI6a_xx-Ncp`sDbc|4NO$nR?NHrM4P_ERx}v%&VFy@udrR_H zXD_8vWTuTd9kgA#KZv~Ev-#D3{`y4w!1;*2_hLhHOUkX{(GDwf|J(W2kb?TBtWa^( z$(w*hI%myIh=PK)wp^>POzT%=h}eoZrisonN0Uie9@cWC?N0&;`YTZZ!=q(`WrLNJ z7~Oq_?BU4b)AA#mXP&M!!CpYlzQUbG4Qbdj^(V*|G<(bqTnV%2sFFDqC$%s+xRvUq zsymfWqVPeKvpmjlTkFEw0<2r5H>b5=c}!`J5qWEoWytDxJL&?tc8#^l2kR+giCCLG z2F}M=`Z>LE-Pl&dwoqN7Hii?{dpKWd9`;T7&MF4AjIUPXSV)kN^zKDdS zK&RJ+&pVI%lg_)n1~o>F%QC_fwbm~d<{Z-XN{@oZI}#t)S6mJ#+6T(Ek^&`7ewnjG z-cnH;WtMwJ%b#{CMCR30Bs|h#5BBcT;naI$MwQczvX@AoiOynMrNj3M%(K-=AKDoL zv6b`QE8h$PINKuGr#S)Vpda7(9gbX1==kM*v^WL0prZ0^aW}V71S0=F4fXK6KY7W8 zd9xuz=W59<6@4BKSLMX-mE|+s15k8L-LB`w5V*0!ls|VV=u@3$e>@^#9h%JFCbT#= zJcF9Id0$xX%=hJ|MjuVh!nuN^jQMFv3XulSn9J zQ$?1Bpy&J<5SQ5FLB#Ak7+8o&!BpZWOc;s}K2cdM({?=;Fk>*!@V;AKl{e)TVSB84 zaM?AEC>06cyj%z4OgNNtKt!eqqnz5yfSW9Qq9%_?R@aqj&wY?5N>2%~g3+VY@u<+L z_GUsNL8KIM;miRP^GoW>g7Oyo@+I@pA@}I>x=2tf9$$Tx0O5velj=a?w+yxOV8x`l zXh$`ejgui;EUGZ?N!8I4v8|f0bmPHG%yM#n4KXUGedvgDHw;n}Ko3T|%mmk2rI!ZzD; z@%VWI)W31BM)T@5Qw`&q1Wq(U%E<;10c#xXvRaPi7!CBbKC8 zyne&5r=XM+pR#VktTWiPzQ!R-5kut;k_XDh4}X5I{?ziR95zU}H62frH#3*xSf8u1 zZ!pFvn6d(J@3_O|cd;x?5XP&~f-aj(Qi!A0f-}-JJ5(MdS~3hrY)7z6Sn?h+CSTM2 za1)`u*EHV+H6qpAGtjjOSJ2iC$%ZrKy|`d$JOGb0u!`I@X7;G+RJo_2qZe1-IgWfM z-}r9p<}Hgdl&Itfj`SlX*?7!Pz$eKk3~V0!$2}WBtiWCw_=F81?KHo`yyo&6VKJn= zHs>HwU!K<{3N(uIUBn~X<4LN$)rR?9YN{c`J-0M z0KJ_jxS1y&TFaaYMP?w3(mS1Q&V*cf$1#ufSF=(w8=q6#5-q6T3`eLG2Hb(|uM;(t z!SM?~RygJpjZ(K?#F>)*&}cv=W6KB9LiAMy-g!nHGRBT?z?SKAGH^Bs_$!dK0%K%$ z%jDGO-0Qt0lh{s#yH|jOrjzdyrx?RvSDyo5)Wq06opN!ebgYb2JYEp}S>GW+(CC9_ zTKr7D5UtzVO+18^4;I2s+RODhcBn9%AJkz*DEyET{I}&tE^#mNYm4C-XQ_F^1JF^v z@VQ|96bH7P5_ubbDte|K@_q1Z^=e}t)b_60e!~?Y(GhvPW&fE@@c%}(vN8Qr9kMgA z{Zj&R0e@$*k*P{+iOb0RC-^|b!Pbi$nrY+# zVo2!JA#gCVX+9AVAt|v?vEE=}@F$dbr6?^SGi)my*F2|?g=fFEnEv5!XE6-p;#wPS zCgQ_UZM7=rrI)!ecdY=A^4Cq3r*)m9>?QsqRR^1{Wf|- zyXW#AJNMb~M85->K!%LJ>;H(+A&GwP81o_}t9PCR96&7mW zjM4p{Ue?EabP^kHB2j8!AV&hc6$8GR#}T7^Q<%{PAV%4vie}xF#$A{DpqhWctfw#g zIM~bl(I8|{w_}Xq5C=?cE!pNa-bk4RZmMvOoHQJTSmwX80|dpT(psHXUWI{kj15w2 z`ambcZw5F$DZ|%GCeO2xcP}zv&%3^SXafch+b6_-{Rr`dd=DK-Ijg^>bZ!bT03>_i zM^W#90c-(_0gD{3U_siw`lA7hn6PKo*lkw3-5V3FcTeb8ncZ4CKAOEPh}x+bg{MD9 z3ggeNUk`AzZnaOPtsNc$0_<3^d^r0O9J@eaUy-4l*qt3_U)>?m@aI$_pUmeamd~W9 z*fCGVp-XSptIcqz$F*k=s7t`W#M9a}3hO06=WO>aaM`SKS@R?idJ-X*wi2^3LcZPsxkRIOb~QuD$N1MO!8l*i%@n2ZyY(mKk( zn^o_Ju&tXh9EtX+V|&!oXp3EWyaT)OT{7P$-Ci=EZQe>z*7EVdBm$UkeH225wP!!z z8%INU#^T#c5$-x!I3DLNB(5!X&%>;nVCYGfBS95uO%>wOth|k$ro#{q&eBMW_K+HH zt@==so2FlLw8pq+GlB*mExgnhOo=X%pvY6M)iCLcV zu!y&|WO_7mtky9-8jHs%9U(|1i%&C5#mc)34emB8AqXqcxC`wLI_ap7x)l>3K#o#; z50_AY;o^eoSq0(p29c}u#}sW!swdOmJw_a;#v`y241Ckda81Fc8kT}d)r-+elg~~H z_XquSo*-K=<(aYQk7C1{g3en~8R>MH7WGshX;ZOV&kAG!Wx$!UlJZ8LvrSDmJ}3oG ztpAOnl0eTl7(wlnoxl#mw-U%R3aj7|E{{i%lpi$0?LDm@)nwejg4G;jWQ{ep$Y=73>gW=Jb!P`JsrwdkvO8T9hm+2eyzG@UpF!9$sA*dST4cCG9e2 z$XHRtotDnh{t8JxBQ(XI2NDK-8Ib?XAb_6nrhAOJiP0vUyS*-v8n*4_2@%sz;)(H{ zX$=*R1qRQ3x_X~W~z>=e9&Z7=mexs);vi{hs;Oy$imn7t31&LVvN3+%mEs1`iOu({W!tg+8%2cee3{VJDJ zJlNVO%n>_uK-(R(s?4@wOVkk?R~Q*>M-M=UiPgvHNRlj4Cl!dMIq)>>u&V=x^Qzp|suT;aWzj{c@@J-|@Q9%=O|L<6WE zEhMAbTVdD<2|~!VPm=25*An-A-0LXf-BiH%v`y%BrRg2Mrm0Zr9VV-2C_R9hK#6>u zzh?VW$pO+57&hw@iW*x9r#c=AQPgF?^cYAed`_ft&ZtQl#*}(ZuL#dXNz6QgM8focALxr9(+LK5+sK0-Z@|KQE_Qh``zOJ1Zbi*e(VUNn2XF zNaXX_5kyPb?l6a%KGEo5H7&)9m+5=?e&qSyjl|0VoQYB$Y>?=ZAgT8%3t&x||^94ZP=R z{Fy6UGI#f`wG%n(P1tK5=a*BJvNOA9?gq;a`sUC%Z1y!Jb4ZbN&>x_}%e9o(*L z8xyq8cE@~jauxBn99N-0A#b@rIjb2n5}cs`W<4ken8Of%MYNj{r@Q4^1JsJjGiQ2^ zO>CWkVa{Q}BLu)5(_pqEPp&i|{q|Q?o%J`@X>t2`4ioW_Q#mvJ$f-bqhUet^)j7tR zh1>YA)1;S!8+wr^%@|K--}0KTHR(a9^3kEEgy@GjvGm5W^z-S&nw8D-d2ckmV|G(s z6X{bEUK9GL9$lN7R)S;>l1{?eL8(R^piW+&p`m$arExFF@td>FWpb=_kFk* z8L#_D#?%0u?l_31NVhS1=l1v9^*)|a$cuq~=Uo!K^a5_g_Bhk=P+OJ2m4uOK*Rr|~ zb&+2@8b03n&D1}Zs_fV}N;!(z6vmoXiRUV^5>F(ZGYC#nnMd&n$bfqFWXaPHqB*J) z81>O7cHRKh3=`tS-djy2qr(O~`?9(#v9t=Os^0o zmHMCW1s(GK2@qYV)iDRitou;3qmW6vh|Z*f=kd3VG?MO=Y49}s6*9_|^)1v#MU{6K zjcfqQ3+A7U^e{74^E~%n_O8pITKlBkzp0SP7KXSopdk+9QR~FsHHhV?T`^kV_(C>) zLd<>Y^U-*;imNs@FONg?7t1de2$~6+pH_VcI;A@0B@n!DwSw*iGhXO7zr#}FX#EJ8 z>zo@Q?1E2fvqa1|bb_uX^m7~}SX)h1=u!r_c3hsDrJZbQX*7RMMwf3|8z<8SmO5Yb zVH9UK*x@*AdHDHde9JXU~(L)0; z+c^)V21^D+lC*Uj9%ub-DbbU44Zb+*V{BG-hR>il{Yh=@${c2}6tX9ZYE+X)4oA9E zB$}`M9S zB$VT^{3h8KbedF`*jT?(Zi&jK=IQvop1__C@HKrd`;iRFFGh|0capQQruf{CCn9fM zZc_k~awbC^>pn!5m6`+2IQeB>LlNW~%unE;yZ&mtmc7tG@^<0klh7cV-#UP1H8Fk{ z$LUhJLz#L=sQh}!r0J>w_d5r;3iPFm&F`nw6JFKOg|;fHh6uOFF09?}0h)MrM7XFi zxx_h&k480tkJR~PE71Pb@j;<(dmM7j^7%^8y%P#dlcrB zay4Q5Pr*NA)B!X|`kvu>1FL}F4pWz#eD_mMtJ3;olwY+X0f`kq%vrvvgwXpSKv9!( zX3N3yOei{Pn z3x8W8dR}>EsC`^XZ^YVb(~&!BjDPGzY3_H2raV{MZ6akxA_(m<7`gzoc%9rUuB&Ix z!gs+(texp-FFIIS;Ruc-2;v!y-cpk0jOJ{Aro=y=g!6Qc)3dw@=#;bC8olMJ!M{;!%Q;&;T&l89NV%m(EFkKL&wQnSN0$f0ky9iL zoJi?IvMa|x@zJS3TY|3sWXMIr1|9lIy_D`S-h9LZY87z*lXe?`=t<$lT7SV#r~ar2 z?gA&xqoj2GDv-55Jp0GBj#FRHx6ImYL-2&w=j$=w<{<@Fy|dGKBlPwoGKc^Dq|oP6 zKhuu@Hd5ML6?`W7VZGPjbN0wYkcK&0WBWJ1!l?ScRX{fOzbYUt@Sz6@_>qqPR|8}OD)jCEBQs$T{>p#<@H=d5|By9^ z|FascsFAIev9lFWC>;}+)E5EC#`&+6fppo}F#kw^TtM;uXkbnTE`TUhh6rC&npVh~ z?^#TA~z$%t06hI0h>+j;-RGvU;kNem+fp?|rb7>fFnKRJ8XOTA*q#>?o-q;_ z7!nvBGAk36h#jO9yH4*eRweI=Bgn0L9Yvh)ANv ztfVFU*xju4;_qjC@OCkgaOVTdn&B4J33~_6fJlMK(L~^knxMTHk!|$e2THfz2O4OM ze=ZWphs(eWSQ9f7G9URBAu{oL26xLy8idSNv5ftbWd8yM^AaofA~O}3rkV)z?I*X@ zzXjUAZa*{3|8BU%_K&v9#?1^&$rON8Ru`3%Q39@I;(~Dhhnph+3TD0hJ^P2A`_B~X z>_STRf02L6#Q){z{tf(J{2V(okRwMGAn7TosDzGMhJozmIfzBPya>9aj2>CJKpR`O zWP?&$uA$;;1%07rV|QU!>FrQ`to__w{!za0=FnNCe?Wr({5taZlQv4`{_&-^)Y6sN z`NUoSB+xzV@%89H)V$enVa={}q1>k3WIc&+mUOeERhW2jreUY=5~S6<*4pI?SeVoi zHP?HKvoZWYz~jhp!<(|v;n4Moe0W1Wtu)y1d`NdY^keU9bRk7B*UK1UZ*#g^Brwxmr)z_OFs!Fg=sD@%U+)dfd&b=LG#wx5w{ zi>=2B>$;;R|8<$_m^0sg%hfrY1wgr}-EsK2Gm57`RU2WhidIJ(Pu;!#nl40uUB*le zSa#4_cV9noF5M_Lsgx!XDf$rQBhD`)G45INY|%9JE~^na{AH_|#G((dN*@izTyL|I zW+de(|FCZN79!Z*8ZHfU;iM_ts>VG>Dz8!IOFzL=jxqZXoNs7{3~iX<7cE-?1U4^K zzt7H-6q@st9X5;rh5T)n%!iNJ~CEmhz(3`fy& zR&8>|At00;d}KU7&3*!|w>v-#etSOj^w7Q5$_Ty(4?iJH_p_@b=|&fwa}&~x-iJUw zJlB0jzCn3Byh0v5AU^l)Ob7NJB|jhuES1h(TeKKKa~LHodaQkTODo&zLm< zo$7k8D`1NO`G(7%bvJ9#i5dZSJ?4)1BUe~1Ur3q(CveiO(|1e{ai_&{pSD7r((ZH* zUr$F&gj9`$tQ&w4?i~rwTpEjlQE{ITw`S))73Gj0&*kd&pARLt2kfVfW%6=L4`l)A z3hXr9u!^v_Pv$${u2y%O+HEcF^_2#ZVj#h2Xw2LMRkutP%+NZj@_Mrg|dS#eK6k70ziE2A|)u5#s zS=;WT67y6f*wQ>tS;Y%dW#3tSUdc4@ZX1eq*7z27PBmM2IyS4sn~uBUJ)EDC)O~M@ zGw`X?I2580R{=_OS@J362wXkVtp)oZURf{wFXO&Kg zrv!s$`Sg`Z>71lSoh3*Y^QCIV&JM{7?fum47n@s<{c<37vt{dPhFrT#JcNhhR95wV zNAvN@25wB1XHQ+2me#PDdJj^$)c6x0Z~cV`mx=)Cr7HomavYo&v&!bunM-HOr#C#j zAku)Lp_<3Mh9tSVqeUx5ZyVAF#1ztIhJ73OXmC8dkJigRg*cn=zSoD$57F~VM1f1? zyT%=0s(yI75wr^7D0X3M;<|WgRsvOJvAo;tut*K)$e26pGh_=AK7>M0PQa4z3&!7l zB?thpL|_@JpF#G2Kxy2pDMIdgzb%8?gLwQD-DY+KegE54aV$OL&fFAPs~2@)Y>Q>m zj=eUx%bSQ%?QXD+4>umKv09OOpTB<#_b^_c0lE}+`-=H27-Vz)Qsk| zc5ijbAgb!U_I|pVR%!P@%dgg3cmZ&k91GC0*;6BY6TZqS?Vj>;Ua}(symU}@Ha_r2 zB3X^g^A)-IzKtya9x6~*cXpp{Scv*n1X3!GwuaL`m)|rQExVB57f!?k>1 z?H!^k=eG$j9IJgkE1DidG1%311U4-U4KFcn%F@?^*gXmeXEWbCKAtqDeCnEtx-4dT z*Y_w1$3ITjY#1$GYOIiAKcy7TcoF%>O^ug2}Q!(mr6?-DzLuwP2g zv3&sa&-`nmkT0r#LDHQ_0uaC((va?!YXT^Zr}CGl`-t?8UC#dHM&M0oVhSaV0;?(( ztS-2EAc7(9@_%3RGyk&#lh(+P@Ndjzd$E@vkNSG5i-emU&fBY#A0JDH)lDgky3GLh zmAXb77nt&&b5%=^%S&f?S~-3-hf<^*#4)D)j2>!?+)XsDwSJ=COAK=E5uEr+ab=w(C5MMyJ^(+_o)HJvLp zewKyL3EyF5_N54&8n{lw7C`H_Fn$J37lY%Kdi3HLjuZt4VlCSzPE+I?FI=Ya=j}o6 z3CaNfS7BcP)CRM)O=*i3C{|pG7Au4h65L&j6n81X-65qEC@w*Y6?gaITHK`+EAH+N zKYj1L-}kk>Gk+$t*?IP?6ayeB;U7RH59 z)}bKT_fgFx)zkW8h;VtF;Lj>6JyoNMOmv2|&Pv2lbd%D#FF0JCqFM`x%OqH6qeXhc zJ3iL8r=l7Q6)>L}@D*vG^9&jl?Zn>IRf&ErO(MZ^vX~ay9nQ1ydMB^tUbVI_tpfFc z74X0hp|x0X*%f?hg*{VhgpN@iaaH-pL6sAY>3xt1a4jkW+Y}El}dN#O4TgV6vK8iF87qbhjqKfmzCql zD<;g&PfX0Z`EaE~Go+fE=syRErH`oCt}tbjwq;OE?+aqiZHbJf(;JPn=lg;QbP0kB zIgJ(V-6fqA(Uo~x`G2;`II^vBJ*^$@)0!mcSp|M5x3sbJ>+e=z7ZYHB!~DysdNjt_ zO`CO&MB^?+iH;2#jp#U^s6Ea1`Sd;1EFj(@&ivz;EM1^2E84UWvT&G_#hQEzr)~>b zQL=rGJkyW#foZ@eZWK`tE3vMq!Pt|_ci8UvGs-ZiOIN?~K%A!G=`?+yShCf?@qGn| zSZc`ea(a5pbN#MV08i$r9PH94*dP(iXRlro`Z+W$(i~>x7JTQ@5G2P!bX#=Gd5vEF z#Ud^cR$6R&*nR(=e5m)xtaB;G){9nK4|P(l?ewo|phQrJsFrfRdXJk6va{R@^@t_C zpP&9ybu4S7d4zMHj0NZc@PNDY3|TiF!U`LEK0~N<`gE5^jCGJob!)Wch2vfeDj}|B zD1Xx$>wAQE5B5 z<3yFVR7HYm&B|y>zTs4=e|RA?Y>2AKEc6R{!V;VMZ}6F}9Mya7b^@J?^kFgTX;_FY z*>ZL&3ZHtWAK)%-t|5D=^Wz8qWfUw`C7e+(gJ!PAIODiBE3b+bpdtsN$!O~kKqM+8 zIxUdwxp0TPS7O!2;j+G!kRJJC&+m5A41U%N3r)JcK&|JQtaF-)Euz*#m4K(I(~Q!{ z;sxGr#J}@*C_$lsS)AzYlI;N3U^Ar`x|9XttjdutmK}!mt`6;n^`$>vGgqSr@3#G2 zWwI&LQMZhPmYvW}g}=Tk%CvNgB}o1xb>97YGFZN0qvO96qNKu0KXJ`p14-V>F{3(Q z6a$<;bGM%$80B0N!HPOW<(|0UP@E3?4dZ9Hyixz_!={uo&iY1#R0y%1e3g@KxP3b& zvDKC9HfBukzZMT|t*&nTgsk+>8R!>Cl?<82@DlY<(X$s_R76#Pub7c;^{Ib6vPMR3 z1+YDV=_1;^w_lt5s3Q+tBQWw-Rv1fBmNRMn+{-4~^{4PJ+4B~9efB$2AeC=nZ9zW# zHXT}_QB*p{eikC+KoK87_IdHJN{FSoW_*w-kS;;_%9tt$NzHAgC427Pb|U7y=}2MS zd-ik{-7-`zp6)^a*tzHQ-eBKtiPeyPwc8d6$NJ)Bb*K}W7g=3=K3mj-zd7wE)9kq_ zR={L_gEi;1p$Z$;n;AZv&XhEis;Fsn=t{`CRRuYP|8&}klQWZUCy2QfgBZnr2WQp+ zqS1y!^=W>_bZF$%8f|n;^OT**7dGNr?Eh~SeqW4C=KL)AhwwY^uHisGXH6de!Y$DQ z6i*zkuSoj4gpBalB`;v5r)ZXqhy!Y=muN;^lu!sO4-&l->ur#Eg*a4l;B_JLgyGVJ znC$p#j9oDdZ|DI*(WxEulZ>x=g`O(Occsuzl#5`R2jrbv_tXroTv$@uLnd$HW!M1rk@_3v=yU7`(AsuzS zRp{uv6&muAk1I_F&(!$Ok@=bPErqgdxk=7+6Al&+v7SEXx2;>+e5GXds4qXtqoKE= zm6FdsYkIWzSfW*MY~kI4lYY_AB{TZ%=)Cb&qU?RSFV-8(9#<3&lR|2pr&b#2tgMzl z@vGkkgi z``R%STc(=mr1VX3mWIYHYNFkzOS<~a(qv^C#Z=6u2A9XNrd?rXH|=1Na5(e}`ug(M zX8sEODX9?E$PmOR^UR^L#)c|YBF2i3N^d-&k+iR%irKW|A|?;1t(@}Gz{xQYk9k(X zjttj*u??@ahD~I2;mu`4u%|lJgfbHNXCsCu8}EwCg{Z86UEMKJxHJ(3MNF1qoza9u zan_ApT71`easuQN`QEjQlIJHeWO*HZkLJg#WqCQ+U2np?x?ryBcU_G>GFPz{a6Nai z~{ zLE+uoCQI4$Zvdifc^H*oUwRgG8=lvcjenbrZX)^ zkL^!}jz7QA0$z!3*B2!dA2;}~1=IZ-N4((7_hlqLi$Y zEa6+a>*@HX)|K{ZMpu17kBukPeYJ>ZqrS$H)(#@lqQ$uClr!+rM+BABm{*G;s~e3mT|N*7XmobNe_zfM$=bZ?XT z2QM!3ZJgL>s|Y8-mz(EQUp|86T;Om{JMinvxe8M)`D5DHp-z=x5%oB zkLM8%@{5u^LQ;FeM|kCR&(BEqwM4W&>Lo28yglmx@y_TBS5|F=GJNk{2sfc9r0i6G z+84qm&oO7+FT(kzoIHvP;Pj;IeCj#_f6W zkru^259Yde)@(Ul=pwt%_G$_g*@=rzSL!@Gyd60v$-=~88LcX#C47~;OxNGn-^!G$ zD3M&S(g&TH&=wrdf1GCP7kEh>5Y3iJJsKN@wYeS-pz_9Lu%`*xx{Vl&`Kc zMe-T;izBcO9v=NPSc$}A_=zwYfVV95b<1Qx9}rto#fHBABZO(n!a8h z=(wXPfwKO1b7=7?=3u7zfLONa6;cto3*`uQwOCVgHcQNK>;>X9Gv>33^#~5!v+47` za+U2!lb$5HCc`A5n=hvuRJ+0SQxe=N1&d5ammyuRU;{ZEoZ}A-k6YK8tb-*icuMY=T z+`M-;{JfZQ6nM_FFN|nnPiCA0q9P@An8$eEJ(%}RDXt@l{Hx{LNx_E5JX5}o7IXA) z@tR!NDdDy0yJisUG%xy*4oqN$MCZcs9plr>ARMDbO$D1T9=MBw4peNNjRTKHK(qBh zu8zUpq2!u>$4<;W&|6=KwcW7oi(Sq9m(X4 z34JvB!#MawpVZAN&7D0Cj4QA?>7e-+0Q-fMJG<>GUJy#&WMxqD54RO}9(CS_Z~Q<@ zp<&HN@xU_(r`mb*kuRuJ0{iS$8@bqzjDNsWqP}{(K?EWdSvV`j0PU2Isyanwe<}jD z0X}A7n~y4_6b)rU7 z+1|aEk+0L_W*5{nqF%dN5OLF&QAPzX3L8(Nc0 zL%&3s9og-FVaYsbB{8_$T}#GQL%r_2G8>jO6Y0QXZ~YILJcYg4D6(ioS;9PDD=98y zpNx~JLeykQZ^3*hkICh-g1Ts#0;MLhq=DDKy&v2opK(UDinIHNa*Qay^ZB;@(RMos zGA->D##LRFO!L;%`-mtk1|3AI#Tkji4#zaIk4i5BX0y)pieDA6H?WIqNpmp9Mz*ml zsf(laNg5C_FjM=PWR`~D{TuAX8~eo@wlco*5L!WEVq$a0Y_?IwWLf)KpdDT59<1G! zH+FzUI-C22D=#{?QjhN=y?tu6JK+LCRe|QU3(KP8!DWTL8Sq6%?h+|G9&K@z8VbXt z>m;-G=j(%20tYX2D}`CNYb@mbA7B*LW0vw;cUP{WCOXv8qc&9StTchZ35(%0Z7;tP zz@2#@^+GeVw#Egq2C=Wdt%(a635*~ZZ}hf2dNqC!f=V5#XMVTsITHt4W zHYn0_X3}-Fqy|fS62EvRsp)_MygMYpSUqQaOZ_up-)6qf)zoq=Y1>6I3Fdj?E!A z_OHgmvsWCD0gygPT`v^5j(nF9&l zsXt06OYAFU#0LEr$bJrBKR?n5W@Z(p``#mrWLo{o49V|XDuv|}o|fGON(hpFi_8KB zW&f;+rF5{;y||@`<+C4Omu9`IDa%Wl=looQQ($r4@I zZWjTsF>6X6eR7&4C2nDS)AAClRqdspTFUi+GO*cAF0+vvN9)1)J7q*=ZmPm?F@4Hq z_x8$VH1O=qYOI0`+eOR$vVqlcTIOtT{<^fLskj(}WS`=;rRh7r?81rBWiFrLMfI>w z3+%uu5H9wWq4=oECke6pysqe}zsONV1E~V*e4ZfH$U<%qXN=l*W!Z z6PKX45)-i?R95KCTgfn06#rwP{iGZEXIE#{c>@Er&9#>81P(r(qFU$E$S*9fuSMlf z&l8u&Ue^O+yE!(u6Mno~4WpQHl^dn7E`Z61UdM{QEkQRYNRMmj8ym|z^Uk!T-fug{(1fL#={1XL%ey_YK*@&7`K8v_>dLZXJ+H1&3G&0UYI-GPD*oNh z605nIHy)IvffDV4A^&Mnt2U@L^Krc%%{Rxi7`Si;@66$hT{lBF;a^ zk7fHGAA9I~WA*R*T=KCsBd?ve+>n2s{};H)iZ#0mKrMSPx^}BMVw_lb@2)XLQ-!b? zVN}2YGHc|{JFI}Z46MD_U`Ck(Z^IFE5qGA585a<9r$49L}rrx<<2w{$5UtSko_G3sU4?$*e_&MSZl(y-sC+g{G;UmTq zJcDcMRK+naofZWJIsT@%`Yvwl*mA0KSKZMkAHHvJ4B$T#pMmjkMLy(ZG^4I1lu+BP z2Db-ho3R0C4Oz=lc(VDv38`sWSHX%>L>1r9x^_DcQptUWo6cUSDdhH@6|3v6 zFm_IW<#P3S(&V4&j>qB5;F*WlFLx14C}za7_VlhTP0B0F7S%Gn?fYzWHrpqN zwMn*(58fiq_cw$|PYJz??p0}95aJ#|A3vhwOnnZg{XBpYvudDkwD2hC72+jjqL3gS zich|f_FKv)orpY&KB?)cjM@?U#`*>q87-a*;g6ZxZIGVEJ{D9JZ0V+aGBMQoaP8Ov z8P3+~TH3C9bo}RK5<~=texb(yLhG*p{9m*J*}(r{2LSvPH-#iCB`mBi0`Ih;L#f-GdP)D8v*8kLmg6^L1?&Cb7Icey_weBW_4`4hf>n>^{# zUdKVX zNgBd5OFYwBaS|qVDBM+#gL3Je_3J^e(CW3Ra1$>M_DZFc9{e91QC~rz$a5s91wO-V>WH3 z;P+j+^g#OXpOaB5TsENY-+7x~7*MT# zG#&Y=^jf=`@YJW{rTMu3iXv>x*oM%!P6$anlxf!=5}^+?gUzn==1bXs;(mmTK>rA> z3c)56O0()y@ML3}48iZLr#%zVAHfE}ap0vHrjP?lg2=E+FI(A7m1h$SrcEwxYfI^% zy;+;j%q2)H*nMrn$~AHp3Yf;p;1Q%3ZU&0i^!>aea+6ZEi-;e5WP#vQyStfEmFhUG zpY8U{^qh8J?~&P2KKm+ph&h&c6>`S3@0;Yurj<=3S98Pr{@yid^KzCPt4Yr-7&~`1 z6{LfqEh^voQnh8X%&4Acz+_gI?nWD^RbNhh%*G;gO|g8^+}^^1q^rMBv08>lg z-qMefnJh5eFpVizrXrlUWxk(XA4%tPzpQDYdnL8yP9eV3Zg};a2BuT-xD?BFdbkq7 z=4sLs$#!@aRu)p0^xHIl0xMU8!>DN8Xz6G)jYoa5{ibxKYVK_FybDtArCSgM(e+Ud zkXoqtS}--lX%Sdc$)6*B9+t=6!Z*+s+enjqF$Sqz#hZDBKaQQ@mL6ySay{th-7K$- zY7#{9^!@Wx++h~XvqYFuRKC(;&b2%uGeRXoHR2f}CPJYK>a$?5kV=qrtsrv*TDeEt z`z~ek;U49Tll-Jta{Y{Q`I@Zsl(M*Htb&H!xNIw^pSNfku#yC~@P@Hlq*|cw$qx{p zWFWM@YI%aL*xYi!PU5{z2}O{y@Toy8J{b{Fe$POVTC%S>QsoC5#!DX%9%m5s@IzUK z>T{ZJoVmAPwqU=vCPAOUe5{7ZihxoHcmW))rCH$Rs@ChE^~2Wt@CSbyjaW(>_q00-8Y_sJpGx5`_&#bw+g$!o>vT9snvwe|9$ z17Absl>LdluE@ zwC4Q0;7bvrquOQ<_9mk_YcCqEEfFV-N2i-fshasfO_+Qsrk%Ad2Qrda?dPp?j36jC zDiYFiy;v%XF?7Rr2dtGJ3B_iM61?4gdxs^_tHPeGl(%;)$X=4wb zZ83dph8em=tR3YwB@Em-#|f+))jSq9-_H(vR#iW+NSH~?pOr|OPfB5~^*wFu`x#q` zebx0iaoo@dcrurJwAlLlfP+pG|MZT{vlFYc>g%g@_w_5CqNatG!ta6C5{@qWS$kJ> z)pt(s%nN@05N#~c5O3T+t7e!z znHto0N@%QT>s})o3}KlHz+0kcXeCp@)tSi0NTqkTQ?-k+Zqv$66c#=+v9^4^6#Fctfzb5=5jzOFUo0 zy94XI`Z((j z!)XT%ud-H8FpJWzH`j;d)+RR@j+AgL_ak7&ZGjI-EJnjObj(NZo)p2!GaOVzCzS$T zq!~|3V>gA88>LAE^=?|3=OnjL&-KRrAf>kt^z^sMF{~W@1o!4n77fO&a_xRhCE==A z5UCr(@|~(k^csl8&{f5GMeEVQu*&5gI(Ve+N9AJHIBji(6`F2iJb2JI4Voq%H&2H> zx60H4e6V(pmbX>x$CIe^0AwR{md1F?m6Vg9;jFfI*(8`O44thpAZ4*?OwVZ z&)kFs`iF~!K^-bNtynIh{1eLHLawACRl_`O#`C^&|9halc%RrzXl06+Y#y$TEB5f{(2{>F2uyR=X}Wyu+ID=ng#?Ru!V>U+Ia< zLl38^r&ZKw$BXq#zg(7qO!Kb9cBC=E zvr}ayI6-foTg``=@rx@MnIJ{*8uH`f_#@gLumP9Xh>`WH0W(2v3h-vFfQkVbQqMRVbN~VlC>IB zmTi&!Nv2-AhF9M}?N;sK&zebVxtD@(C`U=Sh`I1DMP-J=%u*ubrP(?ui#iBx+HdyL zugzGGmZ2esMpsEq9SQeDWf7!Z8iaOV%B(?z=e!}Fs9~~9irg1;9nFa;i{9Qo0T-_* z*3~Xq?mi8nc5al2$NSWz!lVjYNXfB>P*fYj?R9TbNW+z3c}XE!Vki~0T0ea+Z?wH> z1e8Cri`R-n6{{JWK~iJ(Vj}RX})p4XFm}wpi$ApNbI!<4a=csvS- z>%1g0zDwY9zE;-ZrvQ@pYN;>JuSJ7ri+EF24m`fTEN{U8q>b zo7zxZV^-c9oDFKro-6XS#yMiy@davh!OS!L2nr-cKMvJZGr+`bJm?2i2AR)!_>pC5R2L>gyB#CZEfP7=PRWZTz!9vZIM zrY!`&t5q1x=5I6AG;9O%{5DxAF2Fy5&}u}%*=A2 z;@OnLuu)%8+kq|GCHPK4Q5&8Ud1u_s1dkTX=2@y(e>>kqbRMYRc;x<3w{3DI<#3Ks zkhDaEBeCqfunnC4q?s_+)%qyxeoVWxnBXF7Z=wLF0tHZ=7hLMkIM*D&{$yRkum_Q4d z4G|I<>rnM9-tn32#?YU1ik!~(46ZVfm(y|647)vxaI<~XklRNNATMZfny_ZeJfnu? z(OZx^6O*aCscdt#r{+|2Pu66#Y+c>gZazC*a^QJB{usy=Q@-e&P2zkG?lFZSl$rq_o; zPT4mD_Ln#2+32bxA^qnyuhq5*kZzhRbAamFnf3$hYKhWU48vAm6+=ft&5Pf#h=apa z8BIkR!eE^SE!bGlO`1AI0p8#zBDVBo#q} ztnTSUSaU0i%i0sgVP6u3)e{QIV_wYd>^%4*VVb{t)wjO^efBlU+@zZ6$5wqlYmEDg zIo^m(C*!b6Jc83Hc!tj|NerG5j+GkwE(*+j+|<^;esF@Nj#T4&*G58yd*quwQbMT~ zKdzYV+{PsL*chWn2TzEq##hxNRn4{Ka=Z9-CXIp$6OMLYOANUQBYhpbv&+l|Wdqh{ zhTzuY$1C>vd9&_;YID|3OQL*Y%pi5;kg~RjzMx=Ezi*6cIdhLbpkq%^R~NNz!k@#u zbCmTKewM~fQ|8X0KYlYMWHoiWlKj!b7iBXxO(qr~SC@4iwQ7GFfgbPqJOCvfkneP} z+DzjyZ3gRdj2XKNtK~Bn8aO2M_KXIk(<6e z%Ro$tleKXN@nu9VY3vWyDGgn_|huIgdtjEB6OJotm>IGoY1s^nA?>9SbU zl6cF}#WHoopa3Y|P3<4|gL<2|Z1q!JXBHpdA+=@IkA8P|bDgm1FNz8l>f6>1Tsy^I zgh&ND&mFJIFvQe23dyzx-dfZ=1;k)}32VStnOk4-cyZ=-`NcoWN9bmB>1z%EHXNQI zCzs1j$oy7*Si0p_okLspJ?cF+;PI#Ly5FD68R2pW-&Zp*wMv&OTBS_ktabSQu$BuN zlneqVw(zoMbq7^!)UC&}7ol7C*bddemgB)Y@izD0fkXTu6k2@kKcXm zTiRgfk>bMg;-Kc9YVKOElOV@!!W>!q&Yq7DnRIyD^su0kX_k;g7Rk5;iE=j1%%R&e z19k(u8Zh-Y=vmvqj^B{xG4`?4G12j)DV(c6<(aYUYzlT~iMaK34R}Eq=H`6i@AOry zZb-=_>$dQA2SlrqL&q_mw;a(Bz#w<+uT*7&Ijt;_l}$0qpEfd0|G0W~W%lR?ZYGKA z97ZK3(WacFOw~KJ?5$T^g5Ick|( zW{&1c`FnQ#iHLOk{3BrrFhOCuRkxFZgKqlnycJ>@6J;}d294|xmrzi+lw6`Vx9Xwj zV3Q;B5q=J-N1z1QtHEZzi~GPQt$Q-b)A$pdT93l(L_q%DaENF&q>Q^0*KRSmczy7k zVy>xMk$o@dO+68qqt061$tkr{r^0#pN_BU8z2-i*$v~I-R=^>j@(0d;F>n3K3i(ge z8JHa&Gs=j{B4T3gsGtmHf%lABqX5|e5Oy#d2V7umhmj5V5Tf?$L1|5i_D_Y41HkoQ zS^NzH03XCv$LW*-;6Iz#IM}%!%xS-gvw;DShv25)FdzWJ_7Io$8wLOZxH#a02B{_y-07|H&VKGKz5G5Sa@Iy@aHxF!4LZU#{z+1 zHm<)h;NKVw%=y>8KI}E{uSp=BoPX~11A%`X3=Z%=wEo5x2N=Tj=QeSGLI3E)FaH1M zU_Jo&&=5m(GBIV6Oio_s{;bJ?H}9&*S`n{dG7& zKrZ$_7xRGqrCbjf*PluVdiaCm|1juiZveG4v4;yxvFLL>%w)u7U}S6zG2-Gh;e;5l yvp<|)AeXU`A&0R68$TNF|5t=k=U1SlgQJ1HqpQ7%DH@0a00yJc(uygFqy0Z~_2#?) delta 45845 zcmZU4W00mjv~BmaZQHhO+qP}vZQHgrZQHhc+O}=Xo$uT__s{*6RjJgjq@HB$tey3o zHiAqyfh4E`4%v}=FRAL&Q&h4`q3!_k*-qw_&UYtc`lm^iblOD{8;PRfDWmtjbNsUQ zR0`LhR}cXOk`VzwUer=Eq*xr--@67JZ#eIfU*b`O(gzivWVDjXqQEqkvW?ZBaw>@i z<7vA3Eh*DF!XpOPIi^MlXm1O&vO&D^%*cm*M_h#fCB=Fy|BJwo1BS2lT}jM(%^#k> za5Ke(Wm16zv%xX@;iotcFX#YjSP^OaQ_@5M8bIc@{rK@UoxsOSpssJ9oyW0v&xSvt zLGmUb*`w`%`jA9(vR^LCT4Gu}WFo`SiYRaRDxhrH$jM+|}63C(_DPkrs-1if3{!&*y-QMkXBk}6- z7mjn^Zlb%^?JA73L1LZ70KhV9CvCUp&lrU-~yLe+5y-97Pd5d2vsRokoB121r77<5aJufczOU8d?afB6G zK6>|+S)Hy5Ny5DO#lbT~JmiQ;h3uM1WtB6g{{B&TS5+>dWEX>)>Y{4vV({o1<48|$ z_gA4)mt)%nbMX|~26ubhSN?fnKK$F)lOo-dlDMK9N(L(-fwi%lN3a8k&r;**!mL0S zut66b1)GOR1ZDG~ZDbcC8304~Sh&|b&_YsNz;;DGWfM=|vx7KcsTx*th?*S1HA%fU zH}_J?0(D9PVQ?hlKweXV6r~%Qg2>Goz;DL%nRKF}wpl>k$XKz2Z}u6kj#|a;$Xl0+ z5rRUCvvJpkzNFMld~pVNn$^Q=2_|QpA9>5ufy>idN}qF%V&3DX6`<{jg&;?Q>;@Z} zyb{>YLi`mP!g4AvfGTpL|C0C^ZukoXV|W;GtQ$#cMea9uMaG{x4&~gN8X-PgAU{)7 z_owPz;z7gJ?T>LuTYn;`c^FGG>V~?F=wYC_+ioC#5a>Ws1q~+vb256}0F$`5B9w3Z zdq`Y9)5+sKj;C!(LjipfYtSE4od5M_NLW6V82|OhmSpu`dt@sujttj?xv+=J#LxO1 zW?Ol^GwqO4WJ`-2GI0-l;wl%GG2v7Kl!OEYT3u(iMFQq8Dw@fFN_BPAO%fWKgHB*S z{lIVf$<(pKPz}IR7!65>Z=n$Gi$)9b-cDF4`%?77-#{jwaa2YuR-L7vaUXmO*h4UU*bFQvlpwq6zk4EAqc6$+8|8v3m$^ z!K;B_izu;4Qe2O4sK=imx+F5zU0mC@Z0n>93ya3XDnbZCxJ6m9mQ)H}$}L2bo{Ez+ zp9)JGP-3r7cu5p9adEJXcb3}hO(*CZw8hNUe}tEgN(`S8Z{9HB z`My(-i``DXWV&YRp=K;$8$n+xLu{B6SgARGj1}4AOpIP#$~XYLL08kZHq)Kg^wQtTXDgN9&+FA0r}3eAX~I>q-N& z!x*q-O+E+G*&jeYk^gI5sg}QX$^t2L^1XX>FVS{NZY2xhsI)MHvl4_3Nl@z~;BW5_ zmnP!q({IdbSM(!gpl5W@HPQY!beIcQ(}5HObW@5`ZHy;$R`S!b2aip?l?1VsU%>hW zarT?#om%6fN)80-GoxiW#N$k)@m;|NH8_B3{Bc;PIC~(4DDPXC^HKR(9S##``%WYr z{2pmUM}qmw?bR-_^)^N9@Pe$)okX{9qZYO*DtRTXF;tS9xJZ`g5@arHfetrB1muoG zTV{06Vm9zk!XS$A4r{3yC01v9?al+Ogl^q*0-D~|#RRjSferm0ebrbkD&N#!p=tox z#Jx zt(W$7nq-|X#pTUL=QJo#3(y0G#~46|8a?w#d`i}D@lvdR%=v>k(Bv4;q>NQl4oA&C z7wcVh2mZ*H+95V4+uxMNml10_-4iYp3YIIrooBvqAs@M>rsTXOy4RX@?@1Fa(&&t0 zG(&%XO@5XKH+}-ExoV|ez;DtxCYIJ zqvG{2p2|LfbTK**u~Rf9c#r>;$a(_%v6O`50Evh{f^GQ>Wd`p|tyPzx>(xUt5Z(Hv zn#t3QX>;%Us*m?~@(jz&G8qsK74n&G@&sDIwS}0Y9Ix=?N_dLGhd2Hk=&6THw~`Dz zHmA6AVrs^vtBU=|@O9DdJ#vXt67@j>%}abal7fvlR`yxWC`1F^7(kBCicg^`tELi> zn67!=kRk%1IS|uLtvL{w6CJ0fQjzGQGAV~aU)Tm$D({+9@ z3*2&FR)Ch?xx=*%-UZ-%$uBL7i6RYPs>8-!qH4Q|g=*p0?QelZJn^yy$$lAi&B}?^ zc^&=lNFgi~NiV-|w~BU2vO=^UqbAN%}jhy4p<9{?F3P{2+{qrsx9EO zXHZwjnTS=b){zZy1J0})+rk7rggNc)N0M(CqrOLj)Sqa$<7yROyuY-+Ry`li3 z)>oQhoC%NV-b0fFC4<;%ulvVcH4`>~=>;d|;BQSIJ zzk*dPw2i+-8+j|l)EHoof0Rgh%si?08EuR2CC#1m@-L1-xpptaNKQ-9#qm@1$8k4L zbh*-y#l>LUOv}-R618U%mx3~_Tws&Yu}CZydi|$J0FA6PQ&@tq!z!ZJF^Nq!x(LHe zMrv#QXetzFv%1#CXtS8mh_{X}mm_S5De*q2c4xzd^_B0SHJP_t>A4r247sJ4LE4s8 zrmpDMmu;=D?n?TQYq}(Uy_HG!=i?G;en67)_IO@kKs;QxK#b%Tcj9!BQWejeBjwIK z66kdV01waft)xaP>!~aTf{)4et=#vE_85<{;`S?L#3ySZ88UbH>GMSyI(O$CYpmo) zC767X2(-A*506HAr6EDFG`9O-?M{}SoG<&8tC!=fp_*NjlWua4Hjw<)7c~^#%L!=d zwKsS6KGiN25yUnJCd@KS38E)einVaXv8D z*pwKBqi)!@=e@ERiA6m$9n`kokMC<{lWh|)7-Wu{@TwbqK0%`5+fb8`bfKVmh3C^a^dxevYsKtq8!!C4>nnk1)X0P@Ud1N*eI$oo(t8HiCF26zISF}j|9zf*s4lk;~LlywVPFE5a0-GR~i zdWw*&>V&!(Ar^EZ+tzZK#;6WagzE%dxX1`VX+YdNz8TSfOw)uu*UPB1 zXiK%2nd$OA%e9-iZZPii07Df_S{nI9LMx?BE~G1-a@6r9qm!5~B}c#GinQ)Vdhpks zM;TQ}|3Kq00bDHcB&3W9@FPt8atz+*CL;X9;QxYw49Y%7T zV_Oe1#3*8SNA9%)=`*Huk3e2cuC=6YNt4UuLuMSOh=@j?$#cq*c02yxFFi$))=c_tRg5&I6q@Kd?YG7;M- zJD=#N+7NOvryOAdRO4WnHcyWtOVjg+GNJ9~m?8N_cW9?fIL0-GI>sHyipr*y3PEbP z47-pYb~F%BNhbx6TS=o2zia=hom?12Jhh1An7MDSsq4e%x+OsgF+(h;vSsA!)igBu z6^3NByZb4BE=MBOA(V)$`bGUX24Y&H|T;E6JPyQ#X3*CE0$_Tz@4?EmUP-qJEfEH&Vw zr%wPEGV1eV-nI@Z3be7V%Rkz|exi0e@2xExXYu(I=c`Q#sliLYRY`lu3JVO1;a&n; zpZb0UYY~}jb_4luUNfb#yOF_oQ73I z(_40+vcpa5Gab?58LleN~mg+uTw}(J7VcfFdt&kC_8Prp*wr z&og!+v0PaQk6e*bS?uw0xjV#D6GA-MrEM<&wxw9M;nk`G@Ej{-PNuz$5s8@H7OT-{VY1|f$>sHQBPd~g`O_LSq_aV?^Q$#CovL@zOEg> zYYC45hgx))l*K+4v62&2u^DE%vDRq7856wDZ|Oh6Q2FWJ?njhp#Uv`(QXG+kgkWt# z%W)cLNnLg`&%!qh*rvY4Od_eq^b(0FO}}C@we6Xr5fhI%a@tm;{KtvUrWc*i@2T?8 z)>DeM$}76@sC84t(ne|~iB+8Z`Aa4MWph3!_3q;l3$~_2EMKmfEeTATzm9cYRLv>H z(g&j1cr2@_?l6YmgTiJ{m$tQNjRHnDFBA*IzoS^$xUMdv3aTCYk9XrP>HbitBdpxS zm#lusx@KlrrNf7`8MI06AZaag5B=i%qoFqL{edGPkmI{cDUc$}uEzh1ajWV;cST6lwNpmJpQTwxxDH#f?OZ7!+%C>@A zc(es9)i{m#&&G~S!bvLgV_ARz1S;{kz+RT+h$X!m-in{!B)3$MUfff*3KinWsBGzbx9ZKK)H3t3iaT>D zWW2*Q6Ubql(VN(T-#5Tua0GCX{s~M7U0v3%kvmlCp>U`iimXr81xMAuwX{dJ~#~N z0dGJ*JBdk#=aiGc!Ok#oDWvkOa#Gm8RPCkvyX8IW+3;kQe+lH(1>gTWzpkN!VVnXq zemWw5Uv*YP!9oWWk__&7Sn4FhKYUk{^Iz-$qjcG~Z9L14DU7*=GuI z+|7evtIDU^ry=R3VplbD-$b%r_@77rP{?C3p)4A3o3Ph-j+tlH2mK2b%~?vWa={L_ZJ#)mmT9v=xr?z zUsXVM6jG`UaLLt@HCz%;gHBwerC@}HmYtbj(Pi_CugbKQ?Xsz=O!LV%5?F%F!7&k7 z*}(&1k5t0>oLEEWiPBySb^pz2K#UKL+VZgQQK{ERYp-_Ah<0j`fIwWn*+U`RpcaDl zu%TLlsT<&ko3hWFb;IurxuXxza)a{SZ0;8;~UHi*N z_V<}o$OUCtMO@jWTOQBr*alG!llu>##EXzc3%W*s7%8*3Dtbk(r6OuLtI;yO!0xGVXCL>jo zpx1N>Xzd|p{Fjfj{tcmb3NzZ-2>vyRPFF=Fuj9*dnhE`#{fL&Os#MQP-85Z4!GsCQ zKciGt-E>K^3`{Xo8-la=lvjR>0n3VlHzF*OXxKSBmNAMM->ZN8F@wj(0YG8gD?wrtWCxiN57}R1d>u>--KV8K+`|G4?C!!PQ0MvUjQ?v7nwc1|#8{ahd5QkaxaDRc|2nl8!tU_+-B>4ah(5VoB1MW|em~aWaS-BD@2&Pa7 z2OwPa_4uw%xM<}lyw@h5{<}N0#7y6Zah$~e>fPSmd9Lnj%nnOz_-agBjAD)T(?h4B zo`TLAxp4=1nNpd-+6iFccrjsrfCPND?9*MPkD_ML8vl)IQ0S(e4gX#Y%a3Zp>{t9V z=i&KaxeADZA_P!dUa3JE2&W*NZr5Jm+976#xj3stdW57nW3AdRG>TEhMiR{yL6d-! z9=DAI&(hgvN8-Nybe~c=_%rjgpQ^szEQ&rBu}~rKsSZ@aq&|q#HeUQ$$fl&eQXwnv3Ff9&7IJ?y`$38e_K9;iUre~UHSrOA#K|El zyjf!SUS7a-Y`*fDyzH(}a$buYE0DeOrAXfN4^^GSpdQMX11gx8&3ZsFT9^5TLm4ID zF}!$%H}5|Mnn*@L(*WjUL7WC8fz$_TVMMcYlDGKniP)N87@gN)hKD9U_b|n3>b{;) zT2^G^K{=xu2kL6*hLVg#l?oYf`z!|5F+be?$LjWguL?s(UYzuMS03hWdWKVq@t9DQ zN-?WBd)e9z!0~y2gor1~K-+|`9-uz)aRW~=1m!DHcPa58cPm@omh#}u?JpB89WL); zBpiX#Nb?C~S7B{yTB(S!4*KcBA$+7A_3XjDxV_?S+vha}uNcwW8PyAUsnxm<2WQ$_ zr-|I{{0%%`=3-@cT!fBfqmGg3dysm#UvY>j2a!exql%7R?kj}rVFsRWSn2V74|6yiAuK(@+Pk|@%(kcRElC#ATdoMLy?cLRwjq?H=CejeN z-uATBl=+dFw2@>Az)Vy9jccWj|CWT8XP}V~(&L4+rsetjK0dF0L+9_K2@jU;&7@-l z!EzZ9q3wOnh}7# z+f&Y>m$sm1_V-ge2yjnA+Anh@c;|-N+C&62TJo!zzEUnLmJx+284xKtcG9%`L#Omj zw*Zk&Yuri+i8rnc;ixR+__ z#Csn64ro}%LF$Bi2vzxndyLs?RiEQfo`r(FF=Wv?`$Iw?PRfe#b1QF3%LNTeZyQE0H3^!Y@1p>Ysw3&+?7-@!Qj)>T>uOdVl2pAp(J9Ki$3+1jZ$ z%m_W%>ZuB7Qz<@hBm9$Yuw|^@&%t``5pM8W-1;O$yu_fV^P?+kwO2c*AVZrNVTZjtT%WNu%p@ zH@1&C#I>1%x(rMN`82o5tW?QoKz)8e!s(|fAdjg^)*>S$zvBEL!E}6bL`crDqsjEYislQ*g3>T+`ers?T_SjWL2J<^31QkSe83= zKgOeEVlYlQZBPpiAyox|VXgoux;^*hPB!8|D|ZG5j!?UCpXqwQ!{b8;m-jB9a1qGT zYxW9LANST3O(zBSETrH*)O^u*~8%Gb?(=@s;-sB`c2X=HY zFEDe!#rAP0DUj)(1;}7Fbvx^Iu?}giMCA5CP`+Ifa9$Ke=s$U`ctybRq*U^}0W|Ph z@Zw}(s_4lIcO8_7wod@&8h)1c+ADn-$09s82&X~D2HRQ^PC*Hv{5#_(ds>xrVq|E! z^4ycL^}g*OiIf%)jf*iG@g-6;XQc%pGuwerI@x|jkCeMNb%>=*qF}Xd2fXiPL_!D5 zJ2l6Y7l`vSqysRk&HPArQ{uPWRh+2I;I9gWD1kYB*;zBF(<+r=Yd7D3i${+ z!|qLo4EOY!&}R0gF0RgIMt1)p2V-k!=Ko0eKfuJo!j^o`)Q|KZ z)BeZ0|B>`R#LW3$F%;w<6(@@$;U~W`CnqNuv4hLWi6}}dBv1b;|_R;m)%W->80Ydz%_`Zyyo{`Y{1OXA2G5CZu zs9?5W1r{WTe2_Y;+J0)nWIcmb2j8wrj^=Zz=^4BjZ$r8A`ZT9yMulS5Uc2fft9<66 z+3b@1@ukZ_Jf*ei^JdGZug|A%_w%Ip#tlcC2+2DzaC>+E^4Fo%PKZhx0ASLFJQ7+A zR8-$sRYMXrh9~0du$h&Ys>J)wl=Hc%<4322OMl2)g$JdSGd=7j?IXdli;-_yE1|!1 z9)F+gL1ce%XBTxIjuJs*Lyttk)+nq=@3;tUE(vac0^FOMS>%^x@ z7f44zlw*83gw>^>5S?_=#pd$#s{DGV40m}K5sCesYQ>76Lq8KLpA<*jhI2@4Qq4GO z%)fZ>b8vOVn7h#zuMqm3{OFWrtiYL?%E!mR)3*MRON z2Sbn=V5eFm21}P3z^3AqftF7VVyDU=0V|iZa;~&Z8=Hu9?xvk0*Gl*e>#VIQVAXaH zS&}*J%M9g<3cDr?;EDl>6O5EK0=7KNjPAs)jF7>32(Hpvpl7czLN?efiL^#rP}bYC zuAZDfS<^L=GN_(u?O^?F-@zj)nGf+BdmEp8{tO-^H@Q`-dD;4v5V6Q%(<*WXAECsd zdb~oCP9an0@GWw{2C)ZzbA{rNIwGN}_Ec@097k}l;WHrx@SQOH8%`1qdzr8t9L{>w z)UK^+paw7FYQfx5F#n1uoEqXPJGZ8Csft^t!KVceXOpFQ$6O3*9fDJ2L9@1PeRtNv zpo+bqm7BHeLQyz%w3DEL!^OSy0&>9IqL`<7edpq=u33XyEq{mwvZaJeb)G|f+fQQ| zP8itg$05`RusGdDyN7KPTPm=)Hn!fPYeKNPHpcd6!v-#PR*g5%?Ir2&to;fWgGbJ($qXEZ1oTL&!aq@sTwA((TjaJ!4if+#<*2 z-1+SwY4Z=E_YZe>XeT{#C@q=)2kd3!mySUdfMA%Dv}neXuT}b~483#TDg`%;KoYmL z>$fmXg+Nk~!Vv`+YJH)fOaaJE&~-gZk0~ddz?N^Vb9ziRi z_$?tj+@TlfX7(MFZ`d_$PA~%$8Sw|E0(8CHkh=7hDX^BXJ%ybq-@1rCxsh{5w^%RX z?qa4Zdaew{!bo$h`+_}o2{zmU$rJ21fI?eqFvphf6OCtl$MCihVQozF83r`JUV4r2 z3Ym4EWIyPx1`$a}wLuQe@1Qr4f~0obnNNdZCHpzo8*!5>=HBg0j{c}nz%4^fpn7=n zeDKA^mJhSb?rg!{6W3&{_?0LlnZ$7>_arX|ZF2Uk{an&fi_$Y=i*zJ~`n5a2{#hc)hQOiuKM_nre)osM5>pCuSR zu|4=niol{ME_fB(atEi)ndvKNk!&`tkj3clk(_GE^_3=Ptk4MNsH!W2t%+w92yTR+ zi@pn*k6G{?69vpJOurC35AXLBmw4)ifCT|(D&PlBbCRwI{w|CTyVNlVAe<_-|ALjZNl1~*&_5=B_|6q-VZ-DHz6)hB0cC}x%`vDinrR@+wN4-v zcq)eQoFwHc&|zkJIc~64{Gp#Dr2rCB5~I3kUENOh0ql+08^)I?GbqI=8$X2XYx5SH z{0NuV!*eg!gi60e%Buhec*8$$+{B@obfBi8%jB_miDhxfVDi(xUoH~X5&D^XaCRxH zSk+0rx+GUdQf8DQ_I(woA~sfyP={bDGK|xXm4X1s6rOLfr6qS zE|OR35ivL9U;^cy(LyODB+pCG$+&U0$fBhmu+xs6+bmpMY|Dp_SU;npS(j|ovD@_j zZMF@ARK>AoRcRpyU|FZAVRwS?q$uty?)}tbW%aZUqqmH-4c0Ib-0Uwa+g7X=%6*Mw z##B+-#{uGB^`~0u16WK_2SY&uebDR-dOovS&}nuD4hQ%g>1KZ4gIg;;e`io@1P5)L zvB&F>Y$}rdjGbcYi+xAyi#T^zq0!0LC~tyP^<-pM2Y^Qde5${-v|fb1Nlm#@1&eiB ztkKX{4qarSON9)b<_cxIlDN`TR56*$ML}?|({VwNlWW2Lxz3dGfUyp6o$2snY4_PH zIc(f%srrJ_+SQ({;0d%(1^WdcPy*t^_o!>YSQ@3Ht6spT$#UZ8k>#eDs-*XL`k@u) z09vXLFCJUwp+FoCo6s_TG&d zT2w3CB6M@d21*Uq*eJpS`Q;GYugsVtdng%Z^->`s=~(lZ+4#6T&nh-|^Pkrk2HjRP%@oGQARUi+f>h3k`ZOc6S$`5vtnQ!*5EliIcSz{Pw%Z z*1;9mq1{DaDfwJK&1|yINR*F9xb^b%eB0+6YG&p}z+pcOXtSr;Nd{aD%!vrg&EUxY zskVysn?{k06&nQgWHD&3@3bEv))7&Va5>Eijcp$T03kg|761SGfaSkp%>M`lE_Rmx z6%Aa;PN}T0GKx~FVk$IpX7;uY$qo+K$)`qi$;hl)$&swEOi7*5rMEGQhTvmm#Xy3qY;!Chv2aiEEq*D+~zO8HsQon;3YI>=z7F zI59Zr(E|`DI#lC0S`2*#q9I#RG-A91I?_-B5*Ml{m?*E)0vf{Bcqeo_O!C3&?>x}> z+mFAuuh~*=Y8tQI-p?1?Y8|(EUMd;6sVv5YJm%Z{=~x6~9x?X~4_`^R_cr561usb}mu`cWVHc~dHh+k=AIyYHeMQ^+`mhH-CIuRU?#(v26 z+H$#0h7QT44#PKH~-g2$dB#mYH-0Ys8DQgx2Nb{Thqi`~~OyZSiP2BA> zDxPhIOf=C*bf+>Wi!%jzCfmIO5uM@}+;KE8Hbd~s7u>JD#sGpf1_?ZC$WQB9h#ELk z11r}3O_&aunJ9eZ#Wgs$mf|{W9}{OvG5Gk@Xr!QQ42AUtHbJ!~^MIFyzV!Kc4eDkB zuy0Sn9_J3#E@dH&$(5<}4XbpSb7#q(6#xLX#DPA=YFBk3l=(w@Uc-Rg+5qZTH=$qCj^RgAzNvDlCDEZB|xIvCR%0M(-*XyNEm7O;cn`hi#F zu07AA&P{e!Qh;K^yAjF$mffICl7bmoF@{3 z0PCSX1KPujDATxFep~g^E-vW1$*=f!BlvF7-R@(kxXzdS6uIanyhdv-kHV(@v|@nS zh_!xI^MJ0t8aEfp##L=< zh*l@DG{LAGeOpmeeO}|Qk)Ai%s~LM)Fgd;mlL*=fi)E@}m$cz+)}E&p0?>f*H4hf^ky?g^{}5Vs6hQEWZUh%w zW)?hrTAhQ)G?xb9YYNLGoxcX5^H?PofCZhvWO?N4WuF##!R3VVE8jLP`9UoE^td`m z_DIZc2c1A?vG}C0mq(e;S=Y_ri#2U5$qIQK&%+8Wxma$fb-ED9p|Of7W)|>}Q`mSw z0UYdGV;(MGI-LE(nC`;zvqj$k4m$#QxwOG0O&6+R-yRRwu+cHAE7zg0vOLWdk~Ho7dETH z^3ZH|&RfqdI?cWA7n}Veh0HDS1v`R;uWA=$6&60!h$#raPScg*uRv?Y5HIK}bWSa6 zvJ1M2mf2{8F1bUTm5!k&2co%x8t*xI0vnMjQEH|+FN`BsIxzRxlq1yEk8=aJdlrzVRi=gi+ zJT^aMDI1x}VT#P+^5`j~6>yfD;)=xTWK4O;pd&C*C`TZmyFgK~=hY+V%CgNm(dV)Y z_ECdAN()CLw>?3;86D*bTbKja03weNclvTYmyU6?!rUdJl^l0xam!PnYg~2b0QWA{ zuF$Kbw$3VcA@%8D>TzTlbB;{VbD$cS#iB??u1;xa?v!5#f&m`nC*(W*Q|i@+SbzWe zuKhh!2|Two9E(*RBM_tejsR~})`F(l{;)F)zl$^OUhR*6T=8Yt*xb{>1z1e2zivs_ zJ>FQd9kh{E67;0nM&Dmbe?-j`e_yfkjPi?L(&Q<;(Fx3aec_I3`I*3mVmo<2u8u5A zlJSPl87n+u068()?76HdgS9XtC+sRK6u#26BJVz5S+PUdaRndu|3ztyt}#nr6F>fi z6aJ#_4*CX}VPHc41>5yY65uB7U`D;e^UE@Ojl4G}*XXqpwoJEvu9-y|yx?XK7BhRg z)zYFlHVMCC&T@Aj%0$XL7~c-s5IxC#^UXi62G*kd{&U2ZRj#1x+@x3dUp4paSCuNJ zoH5H9)O8I047D7v`fr6}m=&o}52gY-b@Ym4PrNRmjO6p(_E(T5I>2bmz77>h%l?Mr zv={Y9E9UCtxSB^(+ZpxQPX+NCp&QWih%b7T$hvqdn&XlX*64{MzIgr+y3HlAfqJ-u zg&m$+U=cW*XYFFPol@CDOaBXW1y}e-(+%doe*nhS@AUe!Gt=sQT3BKV*ApAk8lX7l>tfK&C9zTOLg`t+hxn%>_s~bj4k^g&q!p}Me5phEx*ePI`rYd z`9EvI^WAP(O+}@wL0-|G9e{OMe+zI+q#A;LP1wU~g!D>EIQ5_p8{C(CEc29=);iTe zp;kL7P@Td4ty@C;XKefmeGHeud3#2Ks|GCMdnUSW)_B^UrvS3FS$hC{`5`zq6t1pM z#b%c&+(4G_m|Dn`a(c;~W$m_d7XiywZRx-c#iPMgHqtCi!AfLHPI!6;bqJ~CJC^cP zbg9LgWVm0Tb#+u=Ay{;Xia2_iGoBL*R+83yEjUWfGE#nCe}_L5|1OI53A9xF^hYFp zfPABTmzH`?c>zFF47*Lebzx@d_pYuYPH!Ml6DU(O=cHGw6B#8^LBF1lZT^tf4)AK< z;H(82xczg9$0^E4fFv^tMiQ?DBLRg`?U!Wys<%;$+l+u0vDWa9oiUN4#N$4#qBP&5DwHA(hs2Af3 zbp$xWmeNV1PV%CzGh9lezT1;edZX?c?~(0GeyJC9M>#{9ImuYrO??ng>Zg#W+$x$E zj{9@DliXzoe!xyTqpll-5${iONn_(mI29Dc=L`CEmc|6wiXY&E8p)nMI^|Egw+%Bu z-(V68eF0$akwm6VfAwi+pxNQo0sj~!_8${0qrTU5t7 zh5j*~panB|)53t9wzL zN>QAWB}IUeAwmB8ciN7+PX#~~p~Apg{ThU?gd@}WpQzW7m5@uH2AQs!mY|C=i!tkK z>E|BkT=D+HKJ$`u9nh2g4g4t-zQQzmFENH@fpMyP>QWn5i@dtK)o_z|LwEC-=adJR z#{uZkcMwrcuP86>jgybKLFQxiR(g6l^Dz2d7D?@v^}_mRcUbua$B9}qK;rhq+^(aj zaeC;M-Hhe6OYUDI=Jl0VuzQ$a)_B*Gg83t?nwj(W=LcVpzSQVBY$vk0qAXF^dcY6f;yV_;5yB1M z6330-a^(=L{X$Wgc1w{zJ$aIXlPc4};p+G$4p008EZiVe^X*g)y7w}jI zsKpP=y@9m%V`5!DRPUzG-!}62z=iiYm6uM3B`~F>XtUAhpzG?2cTr#4wqNKlcQ)fW z&;&2dY^>_B`Z08KPHh`KGQ94PqUhVMcAvW&Yf*50U!ipIsS{YZa-?v-AANGnx8ug; zzw*B>`YfW@J)C(xnyOk27iXXH1zdlnM&I_tN;HBX_`Pe*CzH25>aaSfZnTlNk^4w5 z(RL%uU1m+Vm=w7sGbG#`1+u2Cw&=XlpWUQoqg+Ox2hsD9bN@LyYCkz~z1#`+(D>EO z-h+2v4uSBShsAe!2a6zrVYPZ@!u$K(e+uGBSK0M*E65&Ylwfv^2%wQUOKA&et_gikgfDNQdKjN_`2On3U`m_;cL_w~?pKtc`LCS8(Yvh@U zRXrbJn?=caQJ;}gld{-=*cDzV4w5^FP;Yp&Kvpa>{sB=MZIV4@o3gI3JNzJHO~J&V zzzIt%6S8-CAe|PayNHHq0ibVCkejr+vY9(ttJ&)-X7?NhxAO7zSah0h5D~<{@F0?( zcNm@x+f5Es_mqEFiX8)Yw_D(Z_Ad(Q;lf!!QoM4EauhS38PTM53U&$}rH^7

          M=N zf@h}o{bcO(s3=XDAcup#MyLX#Ve)EVmQN z@I(BpR47qKXo(P2dA?*`Q^6QC42e~eG)L?Z4Agu&1Os&$or(`15VMPNCuqz&DfOe_ zwB){!f2+X}S%g;W=BuXs=axtXb$80=>-x-= zU+;_3ejk^LceacgfOUa=tQT{e)E9a>9T-bTLc;?sqM){^&r{XiHI#v206g*lwj1C9 z;F?wF8{qWs4N^dE@eR(f>hII9a1V!&qNO)gS))#+U?Iy?6^Rzg)Z@+>aVdmEXAfiO zEy{hLqm2O|pEv}#Bg>*kOpk@goA4*8FXBrZOUDigl2{4>=om6+s7C$|WA7LoNYr%; zCzDAsu_m^iOl;e>ZJRx@ZQJ(5wmq?JJGt|`_kC~Oy7m3|s`|&S)u;PZ?LU2b?Y-8{ z>fo>3z1!N}=o51*o!903b9Wko>;b=(S_XO?!g`)854l8EdZMZA{p|%gpsgCUjc1y@ zyr4o^H43LlWoOA)FFj+GthGO+Uj`DM-=A<^h9f1Nt`jrPNXWA2`qfc#-XDV#!BkPw zo@=C(vIb##QlW^1izBC`13=7fi5Wgff>YPy{XAah((C>(vZbayb11H^zWi}DXQuEl zDTPPZaWZ+H2?Jy~Z+H3XNq$7ROJ{+#QO36Q$wRxv1|V@jW3EUqVwI?%*|yXhHR(cdA|NMmP zM4j@{wB9kP8L3m_Pk{%o+TEtThXiY9~ugo>=9WllH{M zOG0)I$w==zDstdNz+!3bw#T+)h`^SVx)JvjM}jV-!ehHT8gLX!5D4)zbgsVY?}zV5 zR$+S!u%q`O>f5>l0b=kv1ib65`-4posx*r(R^fZ8Y?KEq6E`q*&NQiOC@JSNw)2YF@^=>Sytx4 za3Gmn?6=3z2+;B@zfW2Wu4k5HVLG{_B@^=0ALNeO&kR5S_*4lSKcRgxkv6qSSd1 zBUu}bX?e}WsdA$n7p|pMd{?!SlSP~IIZJ;9&YMJLsrpWx4(-D`8TFG9#&&w$*5fYN zy_CTylSmBmF{xy$i?~Or@|$(#8tt1#*Rf-hvt=WIL(P{=?M=K``vU)SXz^;0d>4NZ zJF$GJ$XYk*;LsOO&lSBz_Z7V*l*KSwo$_+<(Z4Te_yFdCwK7zKip?U5Xcc}81X>{I zcE2=_=TQ(}vgu9g;(N>Jbj}gafP%)tns8GpJ*&8RZ}cAG#Y2+UIw+aoDVn=nST+jF-|AE7Ysa_y_6W=D$j_$pj^nsXGgHP9% znG8Ryx8z#-qYM!@STIp?t9F8urU8DuvY!z+`xiTh|5yB<@W0`Ip=X83l0jOX2ACE- zAz3DK?hEK7g1ImM9auX4%=_;{NM^qO3+hJw4+_D|mFvP4;W8>JOoY@z5FFQpP(f)$ zen~sirpQll2Pu#qx{E|A;XzC&v2HpiuF$- zZ&`|G76Mxnm3_kwQTjHeXy)KjGUlsgNf>($hGZ=fUgdz=;AUceyiQZ9^PP})lVSD< znd2=s#F8AS$ttEU`KMzVJ{L>-%k6}cCXlO9gkEiWjrt9W@}!L6!FFOe(nZ{4OZ3mA z|1TvvS(;=q$F#w1#{OZ)zG1;&+Fc`#o&O(KFM*mYxL= zC9wY|0RA_G6r8yMlQTWOieW!bGE5ojzfaN;d__P^a6&M;jL{(aJb}U>3TkQd-JsaE zbPqmr>tp)0e7NQ74j<6&vJSwQc=EluIv8K(Bd!kp3I!eOPS?}yu)VS@ib>^sa&t?u z@wzBl!;gvPakzhmvPj7_YsfR((@2pQ1l}X8&8%5CbQ`an)wIe>$q1>2r|KUnznAIx zGUm-xYY5bOSq7GAy#uLoHTUm}=LTBC5z_;Nnz%02>6sM3Yp7!U^Tl= zFV?#AdHrFVgbs=wq?>5uLY;8gI#DcmEA>McLJXcwCa4vzCle+N3eh}kiRV+dz_&Pi z6zM_(5`(D*e~u0AOV`ieU{BXN%UkTOSu#|6M(#kJ-a?qtTJ?>9_ehf!Orvz2 zKw<>spb>`HX&*6$6Z>kjY7{LBPJ9Z{CEb#kDf_;su=lj;B<_s>96AQx5>omWx2DIR z7rcX{>u(p*S*be99W}Cj-5}4Tz;8Q)Ioj{3dc9)g??YRGxPSPa(#a{5(%JA+^pBQU z+JED3@0`LG#XajN z1mVW}hO4JI9Kz6DgK7V}THoAAg1ZCK_YmN<2h|vqQQ3p(c!8p3IdIUqI%-RtjNJ|64M>M?xnR>{w`L*AWu@8!Vsw~l}0l2J88~8?PNJsqOJe-1DYue z;i<<6l2L(M6Z5{y+|t%v58(2sYWF<1O!hq2blc9Y^@z=Y3I=wK{NxjhRz(&WRI1b2 zlZ~#5kKFHeVP$Px#OnWO`OO=Mhq9fT*=Tk;Dou_hv1F)bf7Z3WjK%C6;wQm$q>_iy z=WSsRq;O}WM~LKS^7W|QBz0&fV(&?HWraMj5sxP$h3_reLO9&C0ad0XMvXXP2nbTm z`=U~L8P1>_M81M@)ZDI~iT*uweD*G0O9Ykj z$B8Ts>-xC&KH+UcBf$It!4eD4@FLAu5~gS&`AhFZVb1VjwP5j56`GW)14nd-9(8+u2O`Y z+Cv?iTx0K_X@+Yf%Sv_-2uvdvO;`wK zBcS^M(V7Gxz3-shV51&VqmX%=D`kBCz8XvE1-b7kb%6&L^Y_?m@ z^Dgojsfk;83oJCsHLofn%T($Zb}@0SCgvnB;>`>6xZ^pRQ%onD|0u_CdfS2`P`7U& zqW!ZtAiZ7~E3q?YxHWQLsNW_^GefswUt!XiIBHTkgN8}i#%wTMm9%Ec!@8FRw!5`+ za<%Dlr8RGPddS0hx9@w&&Q`3j_NqFqOMTg8q)9;c24tm7d9SwKy$yb-(Pwk++9Q@-qo_1{uU4k~NjGB62HrsyXx0G3L%zXUE0G zEhL-?bZ`ES8{iD|rn@C_vM7tLaJW+$tu~fxj-RL}ilib%6=)<8{khM_xkMfSo;Ey| z(88!440xq%2G#J{x)sskFg^NqkAI4O{_bnToIkUrqLTNVAFB0P8hFm`^n8fS`IS%| zSmJYIxs?qL&hy5vPD(eTRDtamF%=xlX^#n3p9^0DleCkCsjERa|4iq91dgCLx=>$e zWfw}1^PVFpc;YFtP9OL@7t$BJ!tA?7$*^CK0XUY+j{kvX9AUU&Fz%h=g?SJ&>@{pE zRfW;886lxy#oq5TW)+}gZdfV&4t11w&OLG-q$)$mbYh({Y2BhhdpL5K4(B(SfyDP~ z{mhthRpHmjIWW~GLRZ{GG zKY-ixcnB*svow_*0{6<@#D8W%SL@v5(hy@>@WNgcI8<)bc=PH$FMg*k6=swFA$!OC zCYWAB*ErDv-jkWVE=>1Dp}*%xoa9oHQ^DUflKgy)Vn}%DZt=%%q`p)z+UL_Sp)Nl_feLGks9^@L@Nv~9d? z{GAM?EY+Zebls-q9AxFPmqmCZ3KI)ED55%Zye(%ZqUf)Ayga+qKhHCkeV^m_8b6o7 z_DU|PHM|Pl+LcM4E?bojvp3fa%z?Xl88J_@2c{0Qs~-0DYI0cdzI8|a&3!D4A#kUOR}cB%j;6?` zqE?%f=yydrl`74fnRFI}D)q&8kCI8Ht>@RioBDJ*I5^2eFMJ>G!;J=fO5iDm25ESJ zZ;)>wuC8Ed)W&oQ9yEu*9DkZo2kbJdc2zwF09OwKr66 z&)Wero;UF}8VEey-2Lbo5x{5`3U%rj+9|3b&W(MCpmRpRX`)reVb=%g)(Ll(kAghQ~|xw}G4b?dwxvKXvlCoLl|WAkH7{kPtaJLI z+oQ1E`7`X{CEbB^2l$3Td~gQs(#RSPJV478_%tL@b7G&@9yf!|Dn7!_o&{0BCWAPG zwGv?>F*`;99hQ~pf6Rt9#+O)`jqSRhR&d8I4|~ThPeb&4n>~u~Hs0?Gxp)(t+e2^0 zT+j_kAhD5mh%Nq*;E#HzLE&|vc95*GF2uK-Glq!%B~5%Mamyh_(lnly54LSv&-;UP zqkl%#<8|}&Qh9C7E9E_;goU*LwX;4Zd0Oz(7Y^qU2xr(I%ETR^zyCqH15(@6H{q7> zR_nxs%Zz`!IuS17P}Y{<(aSEw5rSakS2+JWP+SV0MT&`4DE|RA8xk{x(x&LU!Sw<9 z7flx?BvM2%Jyneg4rixH*r(a|;P|D#w2E$q+SpvkRKMP6O#hlEAb0=~2(BY$j0yQK z&KO1_z(cPR1#^J}&(mSATc&=jk zMM~Y>f;~!Rex`?pMQVJmL0aRGMk<+Qe2J~Orp8Wt>$wZc2j#8#Bx8ZCHFIpyu}Yhs zEh%H1_F&0T%fz~}flVubufd!Su=X3ZEs24vCtDe3Xt(G2Yebc7r}Cm1MFtnbgE-p;*%eW;?=U zjx^{?ISu*M&fTB*iS7}tf3tR5DZ6SL%4BT8a=t(ygn(67r@Lc<>Uxr)-ckJt>_?rT zm|;**aw~3p7`7004(dvE7E4#S@5hC^#BkSN_Qj}mwb~y*XT2SFGT{T>hn+Fap>6|P zy=o;MW;o+ghdPCL7C(&^W--)Ohu7sZupjGYHTn@|drAHd`2{DvryYU3bnb9|FWO{0 zT-jxM?@LjyHH%@6)ARWlTEO}QHpW8n>l}6N7&bIHEGyk*yun&_{;K=74krD2j-3X< zr-PKmb9JJSWLpXKC|zAK=P<87d?#}oVe*gKCSE7z-V6(E+HW3$%QW&iz0HmY&sl@x*3;MoeAzUCzeRhHcC0z7 zjl+YzV~49-a=P8X#UIA9_$N@GqMFpw z%~xuTin`kXR|_`C{@+;5C}{YX8d3u*SdM+>Bl-=4gS-p&%j=NK=PL=FdzVMecNcT+ zlJjLW9nCIp7bdltjy&VPhBZz}p4F8EadR7xdY*|KV9!IMQ8;;V=HnbD1TfHWVipz* zRgL}MF`IYa?FJK>x#sKonHlyId%M#n%F8JQMAAm`woIf^D7=EuZ$N88y}E*OSktrH zRbjNR734tCxt;>U6JE8kfZ{8&-oxH4Xx2KKZd7a0{E4Mpl%+|Nq*S%PH088GMb{*x zeygSIS+)|5WPcUU*|i6`C@vb|Jt38P)LQzx zR!gYnEy_7{G7QoTGiqq&F4?{|9b>8*#<6Nf^jUSK>WbBw5@D-ifH|=<6I^53rYZSi ztNF@^q@qT7opQQ4UppPkD6kDpBPBYc`Hc|Euf~TNTZg94!K?>@?Qcc3t#PV)6)MH7 zcHxz0@-vR$=3#sIc>>oUwdi}qizL+F3!uq!^6fLY*^D1FDz#NvsY|VH{F;MQ6UJ1S zmb5J_CnC-jB_ z{9&VVD!fM~WC6ErijZk}hpAm%0|oRuZkicMNy1lz^M;&Lf)hB$zH=`-PsdPn(rNaU z>I7Z`+a}(X`H}U}=?>-NPcJE4)wHiU8E8fUB*>cfOv?95I?_!p!dAr8D_G5MPRim zZD;=0uozvV$kqmG^?)_RK~SnXk{h|HNw2sgC;4pWCr$*Thq8%Hc<>5 zv18xi>u90XBdnggLr!D!J(bhL>)Bcbm#_|$8^=2wc%`x#X03A2h3G<4GzzXc5R@GV zo$?N)U!}Z|4!xe=@pm?om$Tf09JZz|d$tz5sYS|C{mCr7-fM$mM@Q^7x+BRH)0V== z>2{p$DKg=$dkS_=o}(!HMbm<`ax^lQJcjy(mr|DLi)I!mJ9D;x$y-Y{y)&b9PMW2h z{rw>lm=Cn;llnnylZ747?;+{>EIw(>^J-HUNuPAD{MX`L6{EYUPJg7Lp@il>K1(@y zKt`f%Fgz-j4U`NA^!pQS1mvy#sT@;vBdNFhym1`4ZcUnWP0lt#D5M<5GIni0ZS8#A zUP+1bWBi7pjR5^9iJJyV^rhQYvN_faoN&Mpkd!K{wm-_C8SBgC&sm4G9Zr*b0;n<|?Jc-*vpGqnT( zu%JI&HzDf<{zBtU1lQ(SV_;9&4&m4t5U)@?a-EOH3_=Af>a%3a=%cJ$Sd)8UeobE^ zdoA_MulZMSv-Si>QsC(@QyKkDTwywL#^X4c@?f&-4ypSBqtGJM`~T2#rxQ2+ZkV3*yC&4!+)&!_7^#n8ry8i|fyQ(3W*#6V`nJ{ig zo?zE41|a?r#)y|-M8Ttsjs0%=D_w#BktUJmcJ4;w; z7>P~ffC=Ax@F;!t{3O~fRZ2wS&OV&KFeVakO&6RLzEzlKR3tcyCd(fskJ(&H-{-K4 z0vfPb@W<_b4LvCKoyC|ZcVDW~sc-xm(6PmMn2?KnPZa0K(`aN%gh`=I@k9$LmB3E! z2b-MlFo@NFz{Fw7YlPg@_n*uKbC{>9C>}95{e}aQ`JG|`x`U@UE)lXCIoHY!^yex$ zLIN}fL>?{$0f!FnpAb9))vyQo)f$i4IOXF$v@cYxen zoi-7+1+u4IEDWqB{YN5#2ZM1IUHlzfoBR~Zv0Lu+?=IO_N^obtN|ybXSfAJatV+b?A&-lCm=&j4*_V6F?}|d6KS&x5q+g9=Ze99+?16E}8dV{hUf82urtd zCumSg(Nlp+fyx-1#_3lEN007FulL>W5)dlT2+*qE20d0F5%(Zm#+XSU9lt&Kf9MNx ziIl1ZI-ur-5NSxG%p@zF=PJvKMIMInjs;~>zd|_Pb*MP(5-frV{-)!PVF%dtB_+xw zgK{ppz-uvPp#Q?V|Fj3uFOt+(?|{lzR2~~NtW%ENNPytURt%8MKq^u@5VkN>wNP9X z<$y9s7moQx63h)HlpR>68-LpaRVWLJ3!3>o6XF<@p8pp#V&pgJT95}ASo($?H~4sn z*hV~eu5C$t9%k@VN6^>TVpKp!>xT^CDvfZKV53^-uWSg@f?(Sk$n$SFpvTQOwHJ)` zq}PVO`LXvHz_O&iO(pC>3TrE3+#F~~s4yWt4T4|{$_hJ??=~wj0As>TJ`~IfVH-)-vs8@H{j?;+{#xvLgX@^>(FH5zc#ksY+<`b(o#j07SIuCec$0% z0jF)beFHJIV*@wJ}^&#On z4RDD9eHhKm)hq{?G-Yey9c-N&zXuDqrtUn!g{5&qK?Lu53AX}a)iGB$1_UYZBcPpj zp_!Zv?<09{aeG?6t%k*yDK!bDdeu8ATw^sr^!(MC+cy!PLkwOg(YH#xi-y%}4cxo9 zq30+vx+WtIA=&<63l5{m56PT$bG@$_@~^8`ZKSE_Q)(cv+rT3f?YitUz3LM_g>V1X z4Mfm#D|rgGsbpgZBOi;mCZu*{z1@TBGX$DD`m>Hr*Y@^$^XQwHi`#V3ODJ+|q^ zx7C`bCOzQFs@ko3HYM&sT#8x+(n>SmS)OEo*iUF>O5Y{Dv!ZY0aAhjeW+mk3uAZVl zS1DOrxe7MF-2HC(F4ab0i!@u5A19^h*k9JQG@noalW8SS)>TC*7>GguHZ~Z@s6Lg} zH#Ry?UN6rC+So9GjSSX+Q!CMpzyxYj`6P4iE#S5m`^?J;Uq7TyZ2a2_wZP%BixEZq%5edVx}6f*yxNP&2=?_CtJs+XTYspjyo-`_2#?syPkTO- zfWt9Y?>Y%C+<+LOwfx7C(Bd$+?e(8vhyhml_(CClFa?RKb6SnjmjyZeY*BhexFIL?kh6`7|-vt~pi@&!G2CC>8d$? zD(CnfYWRBfgN0XPCv$LDJO?qorBahiDX`$x7j{I9Fr#9s%<{4Gx3IWyEz+=$kj~yJ+BlJeY$YNy4(tLNU{=FKJWrE zbpIWV1J+1dcBz2H|V3bxhbZr1^H^9e1=Cj364G2#}HpxR)v{h_Qwv6^>x?~e;es1rWdV_ekR(A zx)+HSl@;NgLvAEqB{wccj${z8U>MS3_~JUz_5AsALo)PC=p&h9H2LMPE*`x{6UjcU z-hvhBMJU<@D^{#Rk>&lb0M;*e1Hw1l@0}QPH~tO*^c;ORx>qZh0EVB!jf2-t4(zZ<%g_udl0izkOAV>=Yc+iY<+MDiE9QSvzBB zbVV!DdQHeSC>6$U0LXLLNPMV+j%kbvWOHO4b|lFWTq2>qz0BH4&ov;PTz~X%2IW9mKhw)g!>Mas?dBjV&GIBUHXbQio7k6Z{f}ZoYY5v zqXX~cGZCzO7OizDx)E1i7*2ev(LL9E~BqqlYb%M(zfl$EFvmz| z?1tBN-*c0?WR7+7cc``yTPXgl`z+}YaZbhw@XU%A!uIrS$<$w6B)l;U^*;HB;iBH& zPX`t|q3r4c-pe8)yd8sowKXxOKSI0!gHxgW^b+2 zVD4a^d`!DyKuK13DKSA}8!zOEGSH1jBlAdWKvT0HVU+K7FFzbjDdZfj>0N)nLy@$E z&@iMnVKUlBk>oNbH z(v2b`N$c9D?YGXIY+DXqG5R&j3%Yj;G~)0TK|1YUucd8l1%Ex*v0v@bTHpvuNUB6D;rQ%*z zkN*8srx26RZqomHe4AXnZ*2{RwqO9NjO#|V7WbP^+6rpm) zSr$9pI=c4NT=RB8Bt=~L#pp)`T+dF{R8bGloz_#W?9I}Wr+V@=T)f+#=p65KA)b9l zj)5K?LLl$5In>AU(^&6<0b4fLtk<&SRP67VS-c@*gduuW8*?jX2ruCgfA|QyhE(Q} z06lHtj~gg`l%BGa>S|xv8vOvIlTVEg|4LSAg-OSkcgtcJmD$LNr5g zG<1rsra=`tq#r+zS+z@tjzw9POVJ9jhp|u_@_5C7S^KN#+N@Qf%YmfoBpX^#mF7IS z?(}ofZeA9jvti7wP;;E4$@c0-({Wt@7{Usvm)sah`EO1wyIc=Jr zdq^d!DE4k2pY_U)1+8uXu&OK~EGAwa?+URWxLY$VsakY)Ra&&NxHaUEq~Ml*{__Xf zuiwq5HK-d}G;#aAEhzjDYNKTjEd31JI$1#fLw{c6`omIAh=7W#l*j9LhmyS=BH;$3 z_b6kvM$5f+y>>O8BVhue`gFE`-}m#FHt-~-T*ZnmG} zt8K*!iVM|{KOF*ShsunszAX>P7z z^Np!SOjfqEEFF|yz&$hvHD&+n@wq(3?E^J7v`fKXlXn*BU(M^XZgLevR65z$7|{|~ z{GjV<&)XVzW1~ZW-AO?k1~z2;Kyhp=1s8ku>m2=6!7lsrcMQKtKgWb(@;83g2b+^+ z$#~X09Qgjwo>{$7Js6i>Bnkll(GoEOn+{^JYY3!rf~jwg}-gnL>m zJHEKEsJLWw&zpP4=BDd}kH(HXwcAP~f##n9Lj6!1*(b!>>V9-x#az{1CgUh3Im#|g zm@Kqae}F_<5(I97t$dA*cABL1@DW4cXyBmEX5`P36&SV#bl$T`u?g}?vkAR)nZsWI zbLziAP@)*!SgjX&dO!%w!Ajg2>o(d6uT)afW5Z*El2oazjCrLJIe`a)Qu-rmk)p>m4`0`EgnK>BaTt;lN<#e_5qJpFP+bS0;WeX!A>IfEs z@hs9kaC=xtqO7TiqNx8}Qc6a)MtpJh??R#S#$GBLxU{!-K7h;O7brb;cdWKED;KLY z%91@+Jm08TFP(FYWrvrN&RXRhyc?G3v!lKbBg^slEym{4eya^rvpvU9?`}{%r^&eJ?fS31wUcsDjlY;V%nIU1$R|F_b@GYE&k`cs{ z5&Qu`!~C5gbjJb<1vZxd?gtboX{dO$;w{ zg7JCnEduN8-ILcyem^c?#+lEsLytdLXk7k2!*{T zprK5Kv6`C)hBZyP9F6u)!#p~ph7zzm&yNijHF|=SVzU+7JNTq zV_BA~G*baFY;4*#f@m7B@K$*5CBq=VJ{17}mMY*c48lz+>NgKCn&jn9eM*ZzKkz^m z0pDWC9uKv&67CX1B2?DG3!-MX?hu&IENr|L({i5{;2g0oJP21QfPTJE1w~U^?PlK@ z<0qJ^xus8&EJ+^Gm-Z43w9`s80 zx$y49n}It~Uqb*khi%tsns+QG;ilDTw_&*deMRhMMfK*nPTH3{a+vf+oeVGO#!m3B z)v%f8;jNjmck$ON_(|K}yL;RYYbk(y*y!W?%x}- z?^2jwfftGxTP>-ZnVWf>Gz;L}!=m;6%qdYdtS(?YvtY4B90z z6dc9UVE_VPYYs-8ee*VgvrQa;!?x#vTSD08Jn;k}zLzb8Uq)8f3b8UTVX>`bGs=pr zFwrL68_QCs-V5if>{=VDFzHwe9v8yMjvwiVuXNnji5T1TYzm-A>_`aGWG^|^icKnVw-B%wJ~CMgB^F<&19s` zX+RmTbgw`$%eX#7oT}fRP(;b0G&+&-)V1u(xMwdQ37bA1ia+txjSnQP+I8lUO&Qp= zkk!?WoDXfakfot=zRicG$+X-HlFhX2m-kBuIj#L&43n9fbCig~-3@z}nJQJP%_ciq zcTH&##$KcsOH!4Zkk#WvlR8fi5>-#0;qLm)^r^v#IlXf3W|S;*eOj}qeLx>vRXCsm@js5$*Q~O51&oJ%Zwo1J};Qry?O^Z=r*W7Cej6@7KGAG zdDMerItg$7IE*T}0V5o3v$~PZhK-DDEzt&sKWGmTTO#w)OeYDYf2rIAW|`;5l|e@d z|2w(_@cLn|CrAWP0Z|kf9BpM{qRgq-gh(2E6>AMSCSToM+h4Km%&bW-D=^l49nuVJ zzA?4n@^D<&Lg}OV$5T2C5TvvG(;NAq zAwMqt3ZC(JaWdWnkC8V~+W2#~*QHWJcEH_Hqx%Wn;a>F<^}v6;k-^k{WAD2SJwOaQ0z}jbUl7e2HPuwv6J#bcwF?!`1OsIDXz~uyk z>CGUJr4NI~C~V;i_dSHa?t6}LOYd1ZOP|4xOoBonI?!*AfhB;5vcp4zcGTZuPnaxN zFYb?`KJYYbx2pw){$gT4b}s*igs!a?)^tu2KU3|gT$)C%Ga_bYO$&q~&G%aZsBeL) z1Cj(Ghptl&VyfCQIc?=_7w)6X=*#Ggm8#cUZvFJ1jWyuI(92jd#y zV|{-n5y%W5qq5s-DjOx#Y~DDXZMZBpoJ0*jkc$g7J)+{ht7~aWR*ig=f#EX5iBI6yGo@fU zKX4x)7{JUBBB)7voducXh_B(xx_s3lsJ zu8G}*Y)MTvRPn=AK}%LfL(J$f$K95sRQo0!x-?&T_5|!&a4~05v@VEm4T_H`fUl4G zNUoKgMddsUx*p>_Pc(yn__wQJE^%pzDG(YJwU9wT_-G9gp@=zW67_Hr3!gLtXIHEB z*Orwm5ynm*x_KA#UEDch(U5I=o4WL};1!9;u?1sC3^Xj{=O{rJeED)(a1FBX2zCdv zHprn=e@gIO6N8sAk{O@iR2ri*Taa2 zSHZw(`>azJL?Xs?EK1yGHFsvttDBrLx1F=?JN#KO4T7g)35|q6IiZVnnT&?0=(YgvEOX>7zp5@%Xf zPR7MdYF*F9)zl@-_6n;pm5RK3$P%;P;G8sgPN1YYkroMy^Y0`K1dbev8#_6XFn%J= zGY(!g-m*FVlMZzw@qH+MO5%OoN}1{p(VO^P7~(octdsGPwA8}a3t->WM!JvqlUXG9 z(~+#y6O1S7H(x9!XoXYSJoKb$x8WPf)wn6qf$J9V$ zD;kf6YHG^xa*9Oe+wti3@C3VLYp&bjwVZ}>o3qcysvEWLW@02Hb>N+6bC3K*86T=jlpr1!! zAPv&jfs_*T#!I%hUEY;$-pc0r@o)I0JgbHl4$s_>2XimyVVmI#o<}?}ImMWH1)*%w zC4!G>W6+42P(evgQ-vMoE#>+UKAj@E^uc0J+&(Kn3}4fCcuDmzrRFDY4VRaOX`9>f zQk9og|5!^#>Or`^X1(d>t&-ddYfQ^UN9XO89u^KoDp!s9(BHxdpmpbqOTrfWkABxa z+ux{WAN?yvO`=-dD9B8t3tem3Ca#`XE5|=L<@!{koYJ~zZq){NAN{-)fMBXB&1*WW|*xUDM_PTHVAG-w?Pg_8jOBS0t{z=l5u_WeeL^O`jU%Z z(R^<9N3Efq>V#RPK0CSFY@UReY)#LaZP)73&Ko7Gk?m02<~*{#-xW$wjs`Q^n4(z{ zTP*p6t>MOfk9>YI#g%rap-oMLg%_ewIJgEN0tW7L4GDHVudy`5pynB>jmSxJ29>eY z*qADOuRqeHXWR7|lV7y7c@?NDUcN5(B?DZb~SdMsKj~`Yq ztRq-HVq;w5jPqtO7G4{6-)J0`A3Rv}$n?OyXUe1jI$9+WZf!_Y5^ z^=N6MAkwIH=PWpdiQB&o4`P3=h=1f!w8EN1E368(8m+1CdaB(fX03DVBi`*(JE5(6 zw0H--@NAsrT%vB`BS4d1>bY(A-sl)!II&pK4Y{<0PgxOPcoEx*og+&8tr!4o#0=>; zVSD*v)*SBUPV)X#u@_;!pZsiDZfdO5+L~kZjU@$m`{EDe#CTKq20vVxtIh-P3!YiAz35GrFZ=|WwCHo;~Aj5!cO52?B#P+xVHw* z`F>=OT#nhb7ntf5&r<;--&TNTyvJuszont%hUtM)bK@k zEzjAnbfTZKKq4tw{J@C>F9eHXGkOP&&<{)h)m*w#1T6odT*~2evvHu|h~2-ew=tLN z7|N6Ug|Yseg+}#J{`=hzNlpcY>sP|8{lU2@=6W_=9rtoel?}erl>7IG;pJ0$mP&84 z!PN)UH*{XN=LV^#_bT=~&Yx&W(lxMow0AE7-LFYo)4A@V7Nhrb_X87~(VI+ow^yR| zVxWA2yy^rTtzn;4$KL=LE(|vZDl*(d;RG2Dap!132QhqFQWzQbJfFVhq-U%{l91KdZtuS) zEN}VBb1w6YAsk^;(MZqD3zSi^nW!7~d{4q4bpCx^8ii%c$~D}J9TG3%P;S>xMU;(e`t*AQ!e#|(@^d5*XCwqsy1-ixqNVrZ7ye~n(7j%- zVmbR&cxP2d4!eMmh#pd{@lMCBNsGyrLbrv{UZNHj+fpw8#?oHinLrqe0{b6#=l{6E zF*C9MN}z1zg%B4KloJz6uxZ8o$^1Y5{dOw07Djf)CIrk(33aj534^T&Xw3f^0PvqD zxw#4GrA=(joXrWCnG-dqrNqL+O>gzi4nw(LoLHB4BI|U$MkCa-dTRt zQ~4&Y>JO){uWtxOWm^CJ4kPc?9pf*C`){Ife%^_&eAs+`Br-&S6x1Jnbv^LP1f>+E z&?Fd`>KLCCzwn>;dd99Z1pE#_|SU zOE^=C$eI85?85(xo%#>(|0bRz0U}iy(03P?zX69@gbwBI*o8r~w(_&03?E!NMXf!3 z&=fvDUHqwoCFr%NspX|rvAITFkM?wni>XPx!To|%32J~MOn%yZ7x zEXq@@dGU4m?jp&-gfme44j6|PvYYOC4s16J?j6iF-As3~!fYGFWmWj13Zo0OJePQl zubosFjjt|86IABS#&(?~M^mdOnU1B1(Y2{N=7^w!H{ncuP-UGs-21-YB4sLzT=DASOlos+M)t)9W-jtoI#WJw zsL7>&q@ns9CUj@_9hJ4?*{97Dilv>CyhezVqEYi@ zWKwvwF1e$uFKXnW6pAaIl43>~T?+fSd8psD-}vykd-@!?p?ECXnYAoD?!83OT|e?_7SFJc-_Zj2Xy$w|--u!)Cm7Jf>}dP=QQU~8<2LHbf%{-|Oc~`<)lptbRTS6J z+uT!1*L(aHb0qz*wGmCcIn)p?TdLloZ3i8PDZ~ijC$WTL_NkTr)jmG@D8ALrkn}w|1ExSm!&Ty25O)elV)#qm%ZS8Sq{dh$Z4HSOjdrEW<-*tlRLKLi-p|ntvD1T zfB~L(<@e2WYJD_BZd?PW^mT!ufqCKmt*LJ1sWrPOV6Cya!h1`2%dLB>z*<8>RWxsi zTJ~V$J8vETY6Z;<9v3lhYjTZ-gnL0%heECkZcK1xxr)WyN8gh)!Ezi1mE^7@mOPgL zCFg0+CUpM#AhK}Yp;ZOUdDyFAtCT*wGDLn1<3g4|2oBcYF*avTFd8fv)j1s#-y~y`u(9qM zCnSEv#dYa0>z6_~j_r4{#d8%fp-JX3lR5C+Kh)5T&cdHc<_)c3u?5DekjrY2Ri(TMo~=nPwZY#*mO99D-%j) zKkk@V!3^t&;OO5_q5msBe`S-^a@-TKhD zvtU+@8+%i|OG{?V_AnEJtoQ}BN)$S zizhM{M6n=M4uO$|RQ12AZLt6pdpHSu;N{V;)d04Bi)_I6e z-qp#qyPKG-&Ow6y_Efj4NKY?LR5oGm;|FX%{alQ`egCRuX@O_o!4Bb?{2CU^Vzl&G z{;?G-^_tqfh>giI)J6kjH=A{PyLG5KokvgzXqQ<{#zSj-m7C4S&Fglyj?wc61=WtK zu}GdslqM@H;=@b@9+TufYtv%x7{}PELs+!aGm_vS#lVlUJ_(eBkcWydO^LmJQKAO% z_myy9iDq~&Xq~IUD=2+7cY zgM_>`deO;B*z2&Tm^TNXsOjiqJVFVT_`1E4Z!H#IdarPoVCVxTbv~K##H&9IG5TytamQ01JyJ zW30~ej|_!{+FLVr@lYzF;db-TqNk?$cMo&aNbch^2Aij;C!2Al#P+#3Lb`iaqk?GAX=^7pzP)+5+d7pUX`tTyQmeB6YJWtHMPOPR z>Tbaj=5@X!2T$2daF*nnwwmi%>$Mq5kyyR~+)@(DA|21B8nJ}C3!bIa&8vGYQcEG} zy#*gkk_;Iu&hlj__K6#ZcAMa+XT%z!JLIL(>6b?W!^2ub!s(L5C6enY3eq+F3OX5n zpbAn$3Q7c9(FvV&T*DmheGW-)OT~|~lmbm1AIdgL(RkUPuv#G_n-}or-?@J#60{($ z0h0u0#mqTRV~6>lDsmC0)E>Vt5U;CZ7ZKU5k)$S;y*!z1dBuVqoaIfU3tD+Xelz67 zV85;cP{iX45Pcw5A*-+1uT?Xupz;Y<63O+^h@AqR9$@IC`7jPLc4g|!)iz49rC>!G zyBjhaiF<`JUP{G5BJrdK(xO3EJK+qqeGEOZm|JAv5~^w@d34co8&SSKt-4n7=Xl3`(HmM`#_dG>aj3j;l9<99NOpRk~8HUIMT8@p|m#$7WeHXsqnZT#$+z22^# z@j{z;!h3*>8`)5p8JoZEA%+$b3Y#|~LCd=j3(aD73)I|pSftf|!DG=2@F&nSe+LZ< z0J`3dE})*^LxhX(<5hg$3dQ9u;=)5hgrc`q&uWksm6?V!a`RqE)D2HP>b4SHnj@~d zIi1-8u7zsG%cC)Gb1IUr<|TAI4!Up#o6PEH&z|p6lq+jgsHAJhxi2S5fA>1$lO^$7 zbE#1{pdz7RzQQ|~C$c)+)rm@*SjTGj(9)YTo$LhZ-!;KhT+#AhAY& zZpZ!$8ZvnF57@RaN{f&K_W0(wh>7vOx_R@)6S@TmmNhEtza&o|9 zQF%tB`NfMB2=||~ij3le-GkCI5nwK{&v8XFZoVG`kbA7ROjXJ_04{}vjKqOE8WSlY zT;@eL<6V=XDW!D|1)7yMbDW1!b`YW2XX(XffoWOp0xv-tgkD)GC~xfa1CeiHoo z$3~;;#!QDH!D?0nwl?qrf7-9zS-(X4e^ggkD<6N@;be_&q`mqk))W=VI(P`A;ea;C zCs*9Q1rj8={*U6lh~$jBOuw`)Yffm9-D|X zFIA;Y|9*pqw^*d(xOJOQ$$z-KFbTt-CyOIC-*OwAjn_&p)UH16Rn;!fP3ySp5oR zD$yyP&;Mn91CHfhL{m0CnNjCZAgkl53tEzzS$2hCSME!s&}N1(AIp1VA*m5J*#v-Q zQS%t{kjI1gA`WM?aQ~xHLp#N@;i4Qa%Siu`?N&E=R(c)nHqo8oA)S$h7-Zm^21Sg2 zHRL_?O1VOxb#!8$)+bd)C4BMlZ1|ycr5d<}Ws!NQmj>(o8NU<5tyPXNyhg6P=Y7e7*oEGr+(d~q|(UOH92qD@c zSb7eas;|e~(tn>fx{M+7cyBM+A@Z5gkZgm=tQXt!js8~^y4oBj#g_??aw(s3pKt{;2C7Om(hk_~6kJdIiFa^$2QG|{c z0?4n2d??)ZMKHbATmA-TrK_83yGXLzSq{nB`{Ygc{i1w84zHsbi#tl@q*^D+Kg|`M zkYSQG=wF0H7{}CC@9rgE6)Bb3#JS%@Kh}MCxnz5%w;u;oiWPJ(iv%mc7m_TT8=9YP zazC(?X5+8FT4Z3(djZo0)VanyyT8k=)FQUc$)A!mE;~(nvuPgIT0M{W zm`en-tMTR*hvKJ82suQdW1A=Nh!;jCQohr&*4B4`WVLlwJ8m`1ZB7naT_5DAob;Xq z)Mgj0OVa6}pJ!DX|40pMNq5;5xcpjoDzJgBHSF?*>mq6#GI;T!oUG*)L}TgZsKu_F zv9O`qWxvMLMSzCU;kX(@pl~Eb%o^+DRE-U2MoXa$SR6bg?%1?l>FuD^AdS%9JZ37+R{vLJPDP`h-5YGE)h&GYHi*PaEs1=jun&Y>k4C8OiBT)i>Bxi%5gH4NwTGcwbaUrdQXk47Rz+=s}VX#^#&NuFZWV9cziFD`--i-%5k~7HtTFfakIX=K*mmXC|{9RXt zlrpb_cxHGZx~*cl%L)IfLQdOOxb_AXJvbs)Wg$cUt?+%+2TyT7|6L(un0Wdu^&U^8 z{*|y$BY)@RLWE5|5wMhv<`LgYL`h0wq=PYMOXw_R&%}6T@aS|Ur$AawvGV!YeZP$P z53bmAkXhN6Q*E==%PxcQ*4;Y+nDe()p+bcfTwMLrH!k4!fF8*GplG zk9T*DF3uPtb{@~TO{Uj5d+fRMIg|3jP7*Z1aPoOMa#@rMKj6HTc99}@*IE--hVO1k z9cJ_%*2#W;+IovuZJ(v$p2)+ehS5%J@igv2ME@B)Lm9QD>7zZWwZzu2aG&rQzhy=v zC#r4OT$O+2!zS*I`}x~}madg`pUo}5ktpRywNUg5sy+W$f*MVvpJ-M)8yjGiW+XuC zV6e&m?mOM#%NXF<+9Sv0Uy4MwcLO-<{Q4Zp`2m66{^mJsFGkzAVzxbHLxw(mNv-09=`lDhqsz%=7JWw&)a zJF}*$sYVcut!}5Y)9ZD+LO#-9ai1?hhOWEOmg;F?Z$Y@xmkh3b-IusKy)RT2n;uno z#R9_O7>xRo5*e&?6vKmHL(yw`#brry^Zi)q4YANcKrBckc$yyYr{DPW`8ZSCDlef873Fry=qdhllh7_Zp5JR^Nqwf(BE~+ zF4rzWA0YKfEIo{VnyoT7OoP+;Q1+cCM&-JawEto-?^3^3M?&C@l+JgZ;`ATmPnZ|0 zfJJDmhXR_0!0xj&8mkW;fRiRuD(k_6a&=NdlR+wT`t6Fn2;(nfG`-nE*}wvD)5F50~7o`=vy(Q-e*oe%0ium8qVL-BH1#iUVkvk5SuP2 zmlg&;M*>TfTTC8-_@D2lbl!Y;%(?Ys)CG64mBl<(d4xlbcoh%&N>W5j!N_3pdu-il zH;(5j4xUUAZURUNwNx}=F*Rx?4;lP}`vW@_>Am5NM?^KQnu zA#L>Ww6kA$n4~t#cYf1d0uvmHi!dVp%9meBVR|Th6F!cXvz-z6#qdc`gjXh}O#R9H5yUV&9>;$&W zkC+YLM}ehCEqZX=VtEZs>sTKUO^6Dau#1QknQojz?P z7n?|b=#Hx&O1-V{6YRW%KS$x?eq_Aw%e@i~QqFpKV<@cPr_V&y{1Ef(^zbn9Ti+>j z7o(!6EH*Qds`+gfbc0t0a~_756L(W3ye_t$MP$DNwijAr01J11m(80q`|R>{_dWBH ze)gUDyTjfq%xh823zJ=ug3W$dMNgu~iMi5Ipo1;LfNZY$)DAq;B=>uB+EOY(k`E5k zVGexuHWC9nT{UDpRWxhP%QGQ~e}ksZqHcSN=Y(C%y)JCw3ZJyH+vt`3*{8dSrR$Y| z0kSv3+|#C0lE@_8%ht3$!A8YlXk6hf;+zvdAw3!*tG~gI`ZTh~BkFnwyi_x_)FG9M zDTX1|)(nABaVZ}DhAYD8ozb!xzI_>AV-qvXwmxq3R+ff&<)IaQ{1%NJ9AunP{1G=g ztd&zyO&qmXQlE&Cg~ksK0zXmCcE_K$W`kUVO?7=I2Zy7W*l9^_MoKHJg{TN*fIB zs#Wyid*{SOmnW6)w(44)5{3zGmpVKzB-<-Lp1*_=6w&6CJ)f2OfonG};y| zHLOi$B}h4R`@I0LHFH!4?jKgN6efz{BV!sLgtFX*wF{M=OW@yi{h(04ruhIE{RCUY z`;UKagW~FnHyLNGsOnuTi^w`(Zylw!hG5Ifz$UD`T5hx7-^ekR0$WzDeYd7vIN%`f z=$c`U@sDq&sdT_eoH6572|ONr_%@xbJ8IQrkE;N~MQ4_o5WndXyT8%p{T=xKg0xXv zkeC_u0lp*$!GUPBv zqYrM$0L4O(BRc*9X&fkM9N6b8x(=z043b!k^h`c@o5-u7UA7<>lg-@6cni?zJ*-EV zLul>O?#L>CdSctA($VoYn0a8wl#j%mspmS>^OcE}eW<_T7e?iX1Wawuoq>}oryKYc z;pNdnb9z|gF-#PM#Mu(RG0lEEysD|=cH=kC4?ap57oWBSSTta(B|=L z9}_mRzAk+TYgcaM`lNL4LZ_-?VJ(G+sfu)dLH1EUY4+hRYodDcTIXP@wG=T*+9fkEs<{J9Zqsr!~%1{>(QKl0ws?iKbpU8IFALaC- zh$bOflp7_!*|DC2vPvGB(~di@-@@kq9HIWn>_^W+YIZ}_D1Sk^ zacP5R2>RtyZwsY95T5zd2^b5|QRKC~HPaDP`__j!inA12*!4XVno@KB%Mnq4W^2GI zwvNS3TcyQ#h7o6czT5aDsdQV#;ee~P)5!=hluxnE1P{%>_0+Tvctf)+0N+CVy3J$PZ;~y5avb-ZU=J?7Mq9k{zA<;au0BO(kX@z|{gm zDpiZg^C7&Wc5kF|yHH%Mo?pf2IJT4?eP5d`K3NSOpRt+^t8;mK)l9XIcFuT??uz2! z3yOF`^+{C&o|mm*fwLIj>b@?@**lR1qJ5=(l6{Qx_s`}qES~+lm8jyDP#Uj?*p|PM zJWhViXZZDCL=KrMJd?y=yq0_lICT!3IzZZaQspRo)B5P-1N}&hY>qB(YNLU$=ZPL(;H#WBj3yDM<)e1o6{M$ z!2NP)A<0i3!DF6(KKFA&I3k2T34vu~Ux|yWGmGe3nH$)fQ?iTO+Bk|DI~dxV+d10W zqeB0l&BFfbU(yB?1Sf6q;zR#K_4qHs29&exei;6JeCWT)0XZT6AuB*R;4^9P{-SIA zeaZ-(@Em05PuhoKM0X8C1UMofqM)7*Pf%^5CizjQ=EIYfLTbyPAv%{gc}w?Wh;m*BB>-Hst{ppOM?sji$O#A z-yY|Jdz>kv!}bY2^glF||MofzPSbfBfor#m5B<5K&)+ni|8qR_U&sG*7OB^T5yDN- z2o`%mpqq?}lKz^5w0kyexr2*JzgmRV<>G!IQs8~CXjtF_W*y-*jU2E>)aNv;z($&! zcd2AS==~pe)J)6M{Ve!!Bsz(+UyAW2313dmegc)B?(M=-ZtC|!ZyL`$_pDE62MVt= zyQLav!ZOf1EQ@flTR7L>dmDk22C^vXCBSXjuG3I zI9(E)S8@?rCC#EX)>uyuXjdkyqmS`c!sIT%e4qI$+g)T&7ftP3si9BC?G34oA+ox6}zV~Fa^&Z5H%xqL-cF~%O z1S&SeSI6`yd3hc8bGr?%nC0h3YmY-m6mwoO&p9seR2(y{K21+CJKQ-A%@W8Oudkk$ zN_|4iGa28cL9tksl%s<%Wr@XS^Szg=!RY&ES@x;pL|F+dUMrI-S`IEL%1G$|k}h!T_f#@Y?J6`2IdQ2l6#CH|9qK zTX>+MzksKA@0@W6vHTT#w`{L0vvf$Y4GpUl+eEACWL>lowwwEeqJZ zico+ODcFv!TGl#8IQyu4Ua@?mQ5cO86EpCuPx9H2**5Ig%w0gDu8=8;AG&EM6?GvFCuRkQ_b}<@Q9fl$9GKPpV z7M%+fT@z*5X%7;`clJoOdu|l-?u`RX*Nez%5z$a{4S11~l#@=k=&HLd9v`;s=BI6Y zu9Ea%y5D|_nlYFuUD;)lzYjdDAlJ7OsIpqa%bfoM{{H8zTCTSZnK7N4DN#H#_Cc)E z)!6x1EE`b~mR1~xscg;RS^jagTv-ca%;Qxnnam4=8(r-^k1ewoUn1kxeF339SlWq$ zMeB{!=LfFd7~iM_KjIshF;WiYX39l^G=#OIJsEe9QPwG9t0~l@l}C^OoHU6RynUz- zkw?Gd`xDLUCp#j$>=ztDorCIgqg|So;uEa_QJ{(bCURKj?is-_(m$7DRp4TRlzD~{4>{n> z2G~X>jrQ@sXfjP4EfXK>AU8!M{Q5NEtw+132h?OXGDQkB$q3|HDFexVA9=>|DE_KB@BVCSpHv8M<|arOiUU+_Ug``przd<836&K&uQ&MmD__xz8h6^et` zw?ub})QqxIv`{I&jPzjuv|+trU86z%DYT1V zii)nBuBd}T41v?=F!HNWpBK*Gyr<(u$4E`Fkk8CV+3 z(otDLW;O08Hdsb5LCF`WG3Qf1$X47`+*HcWQqxDqA4(uMuG&cgoFg|z2@Rwy$Q{I# z&;-EO4-ve30u4Em&H;(^gsn=#q@FV(nMdwMI!n1{Qf(wUK96s%1JMLRcgruqjY zLFU4|xwyP4Q&&DhjATmgBe9o{#4n>9<;|4{N}w+&NS5;s0CATRx663#G>Xq_Ngh;5 z*_~!WTOBBCpPUo>TS@qP)=C6d)Hi(jDIY`$Y~$yD)+CA`Pc??1WJf)KP`GQSYQ4QS zUNNp>(^jmlHVPZmtly7*Fwe?VKN-9CZEY4#^xO5`TORCBh~VR6n2w6#>5U6Z&iaBO z7R^m#JM^&K5m3Ozu@6(w-T^z&V2E6k_{R?EqxOHqs=d%6EhGx_618b$8@83W%%+Kx z))mY1&=D|O|KV~UQQ|}J3065K(#IS&`utNe6-~C%NOgIBa{g45qiKX%J&?dt;aTfI zJ(h)|(pTbcQ3|8+yGM#l0*L)+<)U5dG9~g4%82>lRgo!hu zb!dued(slxx$`Tes21m%q)UCe=x3@F>0{=g#%Da7wRw94X@I*5l6gP3T8jmRdJL|jAA3X zqG+H!Xcw$o6t{8kMyb%sJxeK0T?u_H-u3k9$AZv|(eTVKvT+-$aiurETq#S;$aO)?KOAn=&73 zW~AOLid~iI&~b*GY@w(hRYeT5>WuRj@P$}H|!yi+fyv*HVJz71hiRWTE#`X zH1PYXZ*1m9hgKT zTz@Lg#qo!BFfb=Piu(1)ATSs{l>P;SYYh8C0}vSW`|&^^$WOMs{x3U2I5>Fz5Cn68 z;ex-&fk0dwzncXF<^aJXwqNDI@LcTmqqG2ohw~5H!jknVUT?qT#g%E%P`iE&C@SgI! zGH^F>{@ywW54`97+mgSPhVVfC@HJfSe_%XZKacm*{{LQ<@E-qjBE~~#qrSbPtG%%aDip#A<3^>U6O$81{eK)^rC0y} diff --git a/_install-dependencies.sh b/_install-dependencies.sh index 8b6f8d5..bc8e51e 100755 --- a/_install-dependencies.sh +++ b/_install-dependencies.sh @@ -2,7 +2,6 @@ main() { sudo yum makecache fast - sudo yum install -y etcd install_docker install_docker_compose install_jq diff --git a/build/haproxy/start.sh b/build/haproxy/start.sh index 1476958..b94696d 100755 --- a/build/haproxy/start.sh +++ b/build/haproxy/start.sh @@ -1,4 +1,9 @@ -#!/bin/bash -ex +#!/bin/bash + # kill running haproxy daemon if any +haproxy_pid=$(ps aux | grep haproxy | grep -v grep | awk '{print $2}') +if [[ "$haproxy_pid" != "" ]]; then + kill -9 $haproxy_pid +fi -# haproxy.cfg is created and updated by update_haproxy.sh script in cdemo/etc -exec haproxy -f /usr/local/etc/haproxy/haproxy.cfg +# haproxy.cfg is created and updated by update_haproxy.sh script in $DEMO_ROOT/etc +haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg diff --git a/etc/update_haproxy.sh b/etc/update_haproxy.sh index 9884bd0..af2fd70 100755 --- a/etc/update_haproxy.sh +++ b/etc/update_haproxy.sh @@ -16,7 +16,7 @@ main() { update_ldap_servers docker cp haproxy.cfg $haproxy_cname:/usr/local/etc/haproxy/haproxy.cfg - docker restart $haproxy_cname + docker-compose exec haproxy /start.sh } # Appends Conjur HTTP server info in HAProxy format to haproxy.cfg. @@ -27,7 +27,7 @@ update_http_servers() { # Generated by $0 in $(pwd) backend b_conjur_master_http mode tcp - balance static-rr + balance roundrobin default-server inter 5s fall 3 rise 2 option httpchk GET /health http-check expect status 200 @@ -48,7 +48,7 @@ update_pg_servers() { # Generated by $0 in $(pwd) backend b_conjur_master_pg mode tcp - balance static-rr + balance roundrobin default-server inter 5s fall 3 rise 2 option httpchk GET /health http-check expect status 200 @@ -69,7 +69,7 @@ update_ldap_servers() { # Generated by $0 in $(pwd) backend b_conjur_master_ldap mode tcp - balance static-rr + balance roundrobin default-server inter 5s fall 3 rise 2 option ldap-check CONFIG From bbce3d5c78812ac38a5ed803d726bb8b9cff8388 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sun, 31 Dec 2017 15:13:38 -0600 Subject: [PATCH 46/68] Failover works (once) w/ 4.9.10 and 4.9.11 --- 0-startup-conjur.sh | 33 ++- build/haproxy/haproxy.cfg | 43 +-- build/haproxy/start.sh | 9 +- cluster/0-setup-standbys.sh | 128 ++++++--- cluster/1-trigger-failover.sh | 91 +++---- cluster/cluster.log | 2 - cluster/cluster.stdout | 374 --------------------------- cluster/cluster.yml | 7 +- cluster/conjur.conf | 9 - docker-compose.yml | 74 +++++- etc/haproxy.cfg | 24 +- etc/haproxy.cfg.template | 4 +- etc/update_haproxy.sh | 2 +- host_factory/temp.out | 5 - ldap/1-create-policy.sh | 2 +- ldap/2-ldap-sync.sh | 1 + ssh_ansible/1_create_key_for_user.sh | 2 +- ssh_ansible/id_bob | 27 -- ssh_ansible/id_carol | 27 -- 19 files changed, 276 insertions(+), 588 deletions(-) delete mode 100644 cluster/cluster.log delete mode 100644 cluster/cluster.stdout delete mode 100644 cluster/conjur.conf delete mode 100644 host_factory/temp.out delete mode 100644 ssh_ansible/id_bob delete mode 100644 ssh_ansible/id_carol diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 4e3e00c..ecb80a8 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -9,6 +9,7 @@ CONJUR_FOLLOWER_INGRESS=conjur_follower CONJUR_MASTER_HOSTNAME=conjur_master CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 +CONJUR_MASTER_CONT_ID=conjur1 main() { @@ -16,9 +17,9 @@ main() { conjur_master_up haproxy_up + update_etc_hosts cli_up conjur_follower_up - update_etc_hosts docker-compose up -d scope # bring up webscope docker-compose build webapp # force build of demo app @@ -33,7 +34,7 @@ main() { echo echo "Demo environment ready!" - echo "The Conjur service is running as hostname: $CONJUR_MASTER_INGRESS" + echo "The Conjur master endpoint is at hostname: $CONJUR_MASTER_INGRESS" echo } @@ -65,7 +66,7 @@ conjur_master_up() { exit -1 fi - if [[ "$(docker images --format {{.Repository}} | grep conjur-appliance)" == "" ]]; then + if [[ "$(docker images conjur-appliance | grep conjur-appliance)" == "" ]]; then echo "Loading image from tarfile. This takes about a minute..." LOAD_MSG=$(docker load -i $CONJUR_CONTAINER_TARFILE) IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message @@ -73,9 +74,7 @@ conjur_master_up() { fi echo "Bringing up Conjur" - docker-compose up -d conjur_node - CONJUR_MASTER_CONT_ID=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - + docker-compose up -d conjur1 echo "-----" echo "Initializing Conjur Master" @@ -96,9 +95,7 @@ conjur_master_up() { ############################ haproxy_up() { - # bring up hproxy, rename as ingress, update & start docker-compose up -d haproxy - pushd ./etc && ./update_haproxy.sh $CONJUR_MASTER_INGRESS && popd } ############################ @@ -113,7 +110,6 @@ cli_up() { docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/etc docker cp -L ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem $CLI_CONT_ID:/etc docker-compose exec cli conjur authn login -u admin -p $CONJUR_MASTER_PASSWORD - } ############################# @@ -132,8 +128,9 @@ conjur_follower_up() { docker rename $conjur_follower_cname $CONJUR_FOLLOWER_INGRESS docker cp /tmp/follower-seed.tar $CONJUR_FOLLOWER_INGRESS:/tmp/seed - docker exec $CONJUR_FOLLOWER_INGRESS bash -c "evoke unpack seed /tmp/seed && evoke configure follower -j /src/etc/conjur.json" + docker exec $CONJUR_FOLLOWER_INGRESS bash -c "evoke unpack seed /tmp/seed" rm /tmp/follower-seed.tar + docker exec $CONJUR_FOLLOWER_INGRESS bash -c "evoke configure follower -j /src/etc/conjur.json" } ############################ @@ -149,6 +146,22 @@ update_etc_hosts() { fi } +############################# +wait_for_healthy_master() { + printf "\n-----\nWaiting for master to report healthy...\n" + set +e + while : ; do + printf "..." + sleep 2 + healthy=$(curl -sk https://conjur_master/health | jq -r '.ok') + if [[ $healthy == true ]]; then + break + fi + done + printf "\n" + set -e +} + ############################ main $@ diff --git a/build/haproxy/haproxy.cfg b/build/haproxy/haproxy.cfg index cee7c1a..d43f18f 100644 --- a/build/haproxy/haproxy.cfg +++ b/build/haproxy/haproxy.cfg @@ -1,11 +1,12 @@ +# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. global maxconn 256 external-check defaults - timeout connect 5000ms - timeout client 50000ms - timeout server 50000ms + timeout connect 5s + timeout client 50s + timeout server 50s frontend f_conjur_master_http mode tcp @@ -21,30 +22,32 @@ frontend f_conjur_master_ldap mode tcp bind *:636 default_backend b_conjur_master_ldap -# HTTP backend info is generated by http_servers.sh + +# HTTP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_http mode tcp balance static-rr - option external-check default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_1 172.19.0.2:443 check -# PG backend info is generated by pg_servers.sh + option httpchk GET /health + http-check expect status 200 + server conjur1 conjur1:443 check port 443 check-ssl verify none + +# PG backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp balance static-rr - option external-check - default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_1 172.19.0.2:5432 check -# LDAP backend info is generated by ldap_servers.sh + default-server inter 5s fall 3 rise 2 + option httpchk GET /health + http-check expect status 200 + server conjur1 conjur1:5432 check port 443 check-ssl verify none + +# LDAP backend info +# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp balance static-rr - option external-check - default-server inter 30s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_1 172.19.0.2:636 check + option ldap-check + default-server inter 5s fall 3 rise 2 + server conjur1 conjur1:636 check check-ssl verify none diff --git a/build/haproxy/start.sh b/build/haproxy/start.sh index b94696d..2e0f027 100755 --- a/build/haproxy/start.sh +++ b/build/haproxy/start.sh @@ -1,9 +1,2 @@ #!/bin/bash - # kill running haproxy daemon if any -haproxy_pid=$(ps aux | grep haproxy | grep -v grep | awk '{print $2}') -if [[ "$haproxy_pid" != "" ]]; then - kill -9 $haproxy_pid -fi - -# haproxy.cfg is created and updated by update_haproxy.sh script in $DEMO_ROOT/etc -haproxy -D -f /usr/local/etc/haproxy/haproxy.cfg +exec haproxy -f /usr/local/etc/haproxy/haproxy.cfg diff --git a/cluster/0-setup-standbys.sh b/cluster/0-setup-standbys.sh index da62bb4..cce8d2b 100755 --- a/cluster/0-setup-standbys.sh +++ b/cluster/0-setup-standbys.sh @@ -1,64 +1,53 @@ #!/bin/bash set -eo pipefail -CONJUR_MASTER_CNAME="" -CONJUR_MASTER_IP="" +CLUSTER_NAME=dev +CLUSTER_POLICY_FILE=cluster.yml + +CONJUR_MASTER_CNAME=conjur1 +CONJUR_MASTER_IP="$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' conjur1)" CONJUR_MASTER_INGRESS=conjur_master -NUM_STATEFUL_NODES=3 # 1 master + n standbys +NUM_STATEFUL_NODES=3 # 1 master + 2 standbys +CONT_LIST="" # list of stateful nodes + # conjur version components for checking if auto-failover is supported +CONJUR_VERSION="" +CONJUR_MAJOR="" +CONJUR_MINOR="" +CONJUR_POINT="" main() { - - find_current_master start_new_standbys wait_for_healthy_master setup_standbys wait_for_standbys # start synchronous replication docker exec $CONJUR_MASTER_CNAME bash -c "evoke replication sync" + wait_for_healthy_master + setup_cluster_mgr update_load_balancer ../inspect-cluster.sh } -############################# -find_current_master() { - # find master node, get container name & IP address - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cname in $cont_list; do - crole=$(docker exec $cname sh -c "evoke role") - if [[ $crole == master ]]; then - CONJUR_MASTER_CNAME=$cname - CONJUR_MASTER_IP="$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname)" - break - fi - done -} - ############################# start_new_standbys() { printf "\n-----\nBringing up new standby node(s)...\n" - # "no-recreate" prevents recreation of existing nodes - docker-compose up -d --no-recreate --scale "conjur_node=$NUM_STATEFUL_NODES" conjur_node + docker-compose up -d conjur2 + docker-compose up -d conjur3 } ############################# setup_standbys() { printf "\n-----\nConfiguring standby nodes...\n" # generate seed file - docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-standby > /tmp/standby-seed.tar" + docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-node > /tmp/standby-seed.tar" # copy to local /tmp docker cp $CONJUR_MASTER_CNAME:/tmp/standby-seed.tar /tmp/ - # configure each uninitialized stateful node as a standby - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cname in $cont_list; do - crole=$(docker exec $cname sh -c "evoke role") - if [[ "$crole" == "blank" ]]; then - docker cp /tmp/standby-seed.tar $cname:/tmp/seed - docker exec $cname bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" - fi - done + docker cp /tmp/standby-seed.tar conjur2:/tmp/seed + docker exec conjur2 bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" + docker cp /tmp/standby-seed.tar conjur3:/tmp/seed + docker exec conjur3 bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" rm /tmp/standby-seed.tar - } @@ -112,4 +101,79 @@ update_load_balancer() { && popd } +############################# +setup_cluster_mgr() { + failover_supported=false + check_conjur_version + if [ failover_supported ]; then + setup_cluster_state + fi +} + +########################### +check_conjur_version() { + printf "\n-----\nChecking if Conjur version supports failover...\n" + CONJUR_VERSION=$(docker-compose exec cli conjur version | awk -F " " '/Conjur appliance version:/ { print $4 }') + CONJUR_MAJOR=$(echo $CONJUR_VERSION | awk -F "." '{ print $1 }') + CONJUR_MINOR=$(echo $CONJUR_VERSION | awk -F "." '{ print $2 }') + CONJUR_POINT=$(echo $CONJUR_VERSION | awk -F "." '{ print $3 }') + + if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 10) ]]; then + printf "\nConjur version %i.%i.%i is running.\n" $CONJUR_MAJOR $CONJUR_MINOR $CONJUR_POINT + printf "This script only supports failover in Conjur versions 4.9.10 and above.\n\n" + else + failover_supported=true + fi +} + +############################# +setup_cluster_state() { + printf "\n-----\nConfiguring etcd cluster manager and cluster policy...\n" + if [[ $CONJUR_POINT == 10 ]]; then + docker-compose up -d etcd # external etcd in 4.9.10 + fi + + CONT_LIST=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) + construct_cluster_policy # build cluster policy file + + # load policy describing cluster + docker-compose exec cli conjur authn login -u admin -p Cyberark1 + docker-compose exec cli conjur policy load --as-group=security_admin /src/cluster/$CLUSTER_POLICY_FILE + + for cname in $CONT_LIST; do + if [[ $CONJUR_POINT == 10 ]]; then + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) + docker exec $cname evoke cluster enroll -a $cont_ip -n $cname $CLUSTER_NAME + else + docker exec $cname evoke cluster enroll -n $cname $CLUSTER_NAME + fi + done +} + +############################# +construct_cluster_policy() { + # create policy file header + cat < $CLUSTER_POLICY_FILE +--- +- !policy + id: conjur/cluster/$CLUSTER_NAME + body: + - !layer + - &hosts +POLICY_HEADER + # for each stateful node, add hosts entries to policy file + for cname in $CONT_LIST; do + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) + printf " - !host %s\n" $cname >> $CLUSTER_POLICY_FILE + done + + # add footer to policy file + cat <> $CLUSTER_POLICY_FILE + - !grant + role: !layer + member: *hosts +POLICY_FOOTER + +} + main $@ diff --git a/cluster/1-trigger-failover.sh b/cluster/1-trigger-failover.sh index dab837a..2191640 100755 --- a/cluster/1-trigger-failover.sh +++ b/cluster/1-trigger-failover.sh @@ -2,17 +2,21 @@ set -eo pipefail CLUSTER_NAME=dev -CLUSTER_MANAGER_CONT_NAME="" -CLUSTER_POLICY_FILE=cluster.yml +CONJUR_MASTER_CNAME="" # name of newly promoted master +CONJUR_MASTER_IP="" # IP of newly promoted master +CONTAINER_TO_RECYCLE="" # old master container to repurpose as standby +CONJUR_VERSION="" +CONJUR_MAJOR="" +CONJUR_MINOR="" +CONJUR_POINT="" main() { START_TIME=$(date) - check_conjur_version - setup_etcd + check_CONJUR_VERSION kill_master wait_for_new_master wait_for_healthy_master - ./0-setup-standbys.sh + recycle_old_master END_TIME=$(date) printf "\nFailover complete. Cluster back in operational state.\n" printf " Started: %s\n" "$START_TIME" @@ -20,15 +24,15 @@ main() { } ########################### -check_conjur_version() { +check_CONJUR_VERSION() { printf "\n-----\nChecking if Conjur version supports failover...\n" - conjur_version=$(docker-compose exec cli conjur version | awk -F " " '/Conjur appliance version:/ { print $4 }') - conjur_major=$(echo $conjur_version | awk -F "." '{ print $1 }') - conjur_minor=$(echo $conjur_version | awk -F "." '{ print $2 }') - conjur_point=$(echo $conjur_version | awk -F "." '{ print $3 }') + CONJUR_VERSION=$(docker-compose exec cli conjur version | awk -F " " '/Conjur appliance version:/ { print $4 }') + CONJUR_MAJOR=$(echo $CONJUR_VERSION | awk -F "." '{ print $1 }') + CONJUR_MINOR=$(echo $CONJUR_VERSION | awk -F "." '{ print $2 }') + CONJUR_POINT=$(echo $CONJUR_VERSION | awk -F "." '{ print $3 }') - if [[ ($conjur_major -ne 4) || (($conjur_minor -lt 10) && ($conjur_point -ne 10)) ]]; then - printf "\nConjur version %i.%i.%i is running.\n" $conjur_major $conjur_minor $conjur_point + if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 10) ]]; then + printf "\nConjur version %i.%i.%i is running.\n" $CONJUR_MAJOR $CONJUR_MINOR $CONJUR_POINT printf "This script only supports failover in Conjur version 4.9.10.\n\n" exit -1 fi @@ -41,6 +45,7 @@ kill_master() { for cname in $cont_list; do crole=$(docker exec $cname sh -c "evoke role") if [[ $crole == master ]]; then + CONTAINER_TO_RECYCLE=$cname printf "Stopping: " docker stop $cname printf "Removing: " @@ -59,9 +64,12 @@ wait_for_new_master() { crole=$(docker exec $cname sh -c "evoke role") if [[ $crole == master ]]; then MASTER_FOUND=true + CONJUR_MASTER_CNAME=$cname + CONJUR_MASTER_IP="$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname)" fi done done + printf "New master is: %s/%s\n" $CONJUR_MASTER_CNAME $CONJUR_MASTER_IP } ############################# @@ -81,49 +89,28 @@ wait_for_healthy_master() { } ############################# -setup_etcd() { - printf "\n-----\nConfiguring etcd cluster manager and cluster policy...\n" - # startup etcd cluster manager - docker-compose up -d etcd - # build cluster policy file - construct_cluster_policy +recycle_old_master() { + printf "\n-----\nConfiguring standby node...\n" + docker-compose up -d $CONTAINER_TO_RECYCLE - # load policy describing cluster - docker-compose exec cli conjur authn login -u admin -p Cyberark1 - docker-compose exec cli conjur policy load --as-group=security_admin /src/cluster/$CLUSTER_POLICY_FILE + # generate seed file & copy to local tmp + docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-standby > /tmp/standby-seed.tar" + docker cp $CONJUR_MASTER_CNAME:/tmp/standby-seed.tar /tmp/ + # copy seed to container & configure + docker cp /tmp/standby-seed.tar $CONTAINER_TO_RECYCLE:/tmp/seed + docker exec $CONTAINER_TO_RECYCLE bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" - printf "\n-----\nEnrolling Conjur nodes with cluster manager...\n" - # enroll each stateful node in cluster - for cname in $cont_list; do - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) - docker exec $cname evoke cluster enroll -a $cont_ip -n $cname $CLUSTER_NAME - done -} + rm /tmp/standby-seed.tar -############################# -construct_cluster_policy() { - # create policy file header - cat < $CLUSTER_POLICY_FILE ---- -- !policy - id: conjur/cluster/$CLUSTER_NAME - body: - - !layer - - &hosts -POLICY_HEADER - # for each stateful node, add hosts entries to policy file - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cname in $cont_list; do - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) - printf " - !host %s\n" $cname >> $CLUSTER_POLICY_FILE - done - # add footer to policy file - cat <> $CLUSTER_POLICY_FILE - - !grant - role: !layer - member: *hosts -POLICY_FOOTER + wait_for_healthy_master + printf "\n-----\nRe-enrolling standby node in cluster...\n" + if [[ $CONJUR_POINT == 10 ]]; then + cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $CONTAINER_TO_RECYCLE) + docker exec $CONTAINER_TO_RECYCLE evoke cluster enroll -a $cont_ip -n $CONTAINER_TO_RECYCLE $CLUSTER_NAME + else + docker exec $CONTAINER_TO_RECYCLE evoke cluster enroll -n $CONTAINER_TO_RECYCLE $CLUSTER_NAME + fi } -main "$@" +main $@ diff --git a/cluster/cluster.log b/cluster/cluster.log deleted file mode 100644 index 357018a..0000000 --- a/cluster/cluster.log +++ /dev/null @@ -1,2 +0,0 @@ -Dec 22 17:40:30 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:40:31 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... diff --git a/cluster/cluster.stdout b/cluster/cluster.stdout deleted file mode 100644 index 5eb6a0d..0000000 --- a/cluster/cluster.stdout +++ /dev/null @@ -1,374 +0,0 @@ -Load balancer config: ----------------- -# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. -global - maxconn 256 - external-check - -defaults - timeout connect 5000ms - timeout client 50000ms - timeout server 50000ms - -frontend f_conjur_master_http - mode tcp - bind *:443 - default_backend b_conjur_master_http - -frontend f_conjur_master_pg - mode tcp - bind *:5432 - default_backend b_conjur_master_pg - -frontend f_conjur_master_ldap - mode tcp - bind *:636 - default_backend b_conjur_master_ldap - -# HTTP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc -backend b_conjur_master_http - mode tcp - balance static-rr - option external-check - default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.8:443 check - server cdemo_conjur_node_2 172.18.0.7:443 check - server cdemo_conjur_node_1 172.18.0.2:443 check - -# PG backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc -backend b_conjur_master_pg - mode tcp - balance static-rr - option external-check - default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.8:5432 check - server cdemo_conjur_node_2 172.18.0.7:5432 check - server cdemo_conjur_node_1 172.18.0.2:5432 check - -# LDAP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc -backend b_conjur_master_ldap - mode tcp - balance static-rr - option external-check - default-server inter 30s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.8:636 check - server cdemo_conjur_node_2 172.18.0.7:636 check - server cdemo_conjur_node_1 172.18.0.2:636 check - - -Running containers: ----------------- -cdemo_conjur_node_3 Up About a minute -cdemo_conjur_node_2 Up About a minute -cdemo_scope_1 Up 3 minutes -conjur_follower Up 4 minutes -cdemo_cli_1 Up 4 minutes -conjur_master Up 1 second -cdemo_conjur_node_1 Up 6 minutes -artifacturlweb_app_1 Up 2 hours - - -Stateful node info: ----------------- -cdemo_conjur_node_3, standby, 172.18.0.8 -cdemo_conjur_node_2, standby, 172.18.0.7 -cdemo_conjur_node_1, master, 172.18.0.2 - - -~/Conjur/cdemo/cluster >> ./1-trigger-failover.sh - ------ -Checking if Conjur version supports failover... - ------ -Configuring etcd cluster manager and cluster policy... -Logged in -Create policy role 'conjur/cluster/dev' -Create policy resource 'conjur/cluster/dev' -Create layer 'conjur/cluster/dev' -Create host 'conjur/cluster/dev/cdemo_conjur_node_3' -Create host 'conjur/cluster/dev/cdemo_conjur_node_2' -Create host 'conjur/cluster/dev/cdemo_conjur_node_1' -Grant layer 'conjur/cluster/dev' to host 'conjur/cluster/dev/cdemo_conjur_node_3' -Grant layer 'conjur/cluster/dev' to host 'conjur/cluster/dev/cdemo_conjur_node_2' -Grant layer 'conjur/cluster/dev' to host 'conjur/cluster/dev/cdemo_conjur_node_1' -{"dev:host:conjur/cluster/dev/cdemo_conjur_node_3":"e053ty343epk4xgqah6ysdmbn299z94t3qy9rk32ssxenecs3g9b","dev:host:conjur/cluster/dev/cdemo_conjur_node_2":"3yaks29194d5m22jqw97x2em645q2g8n0zw7qdp76228cd4r3aayy16","dev:host:conjur/cluster/dev/cdemo_conjur_node_1":"23027zrh353dv3sp2hf52xyb2bd3zy55ta2mzrkaw1s5emj44yj55m"} - ------ -Enrolling Conjur nodes with cluster manager... -error: Unknown option -a - -NAME - enroll - Enroll this node in the named Conjur cluster - -SYNOPSIS - evoke [global options] cluster enroll [command options] cluster-name - -COMMAND OPTIONS - -n, --cluster-machine-name=name - Name for this machine in the cluster - (default: 1b3de23dad45) -~/Conjur/cdemo/cluster >> vi 1-trigger-failover.sh -~/Conjur/cdemo/cluster >> ./1-trigger-failover.sh - ------ -Checking if Conjur version supports failover... - ------ -Configuring cluster management... -Logged in -{} - ------ -Enrolling Conjur nodes with cluster manager... -error: Received extra command arguments -~/Conjur/cdemo/cluster >> vi 1-trigger-failover.sh -~/Conjur/cdemo/cluster >> ./1-trigger-failover.sh - ------ -Checking if Conjur version supports failover... - ------ -Configuring cluster management... -Logged in -{} - ------ -Enrolling Conjur nodes with cluster manager... -[2017-12-22T17:10:21+00:00] INFO: *** Chef 10.34.6 *** -[2017-12-22T17:10:21+00:00] WARN: Run List override has been provided. -[2017-12-22T17:10:21+00:00] WARN: Original Run List: [] -[2017-12-22T17:10:21+00:00] WARN: Overridden Run List: [recipe[conjur::cluster]] -[2017-12-22T17:10:21+00:00] INFO: Run List is [recipe[conjur::cluster]] -[2017-12-22T17:10:21+00:00] INFO: Run List expands to [conjur::cluster] -[2017-12-22T17:10:21+00:00] INFO: Starting Chef Run for 1b3de23dad45 -[2017-12-22T17:10:21+00:00] INFO: Running start handlers -[2017-12-22T17:10:21+00:00] INFO: Start handlers complete. -[2017-12-22T17:10:21+00:00] WARN: Cloning resource attributes for service[etcd-proxy] from prior resource (CHEF-3694) -[2017-12-22T17:10:21+00:00] WARN: Previous service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:21+00:00] WARN: Current service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:21+00:00] WARN: Cloning resource attributes for service[etcd] from prior resource (CHEF-3694) -[2017-12-22T17:10:21+00:00] WARN: Previous service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:21+00:00] WARN: Current service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:21+00:00] WARN: Cloning resource attributes for service[cluster] from prior resource (CHEF-3694) -[2017-12-22T17:10:21+00:00] WARN: Previous service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:21+00:00] WARN: Current service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:21+00:00] INFO: Processing template[/opt/conjur/etc/conjur.conf] action create (conjur::_conjur_conf line 1) -[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] backed up to /var/chef/backup/opt/conjur/etc/conjur.conf.chef-20171222171021 -[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] updated content -[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] owner changed to 999 -[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] group changed to 999 -[2017-12-22T17:10:21+00:00] INFO: template[/opt/conjur/etc/conjur.conf] mode changed to 644 -[2017-12-22T17:10:21+00:00] INFO: Processing service[etcd-proxy] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:23+00:00] INFO: service[etcd-proxy] enabled -[2017-12-22T17:10:23+00:00] INFO: Processing service[etcd-proxy] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:23+00:00] INFO: Processing service[etcd] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:28+00:00] INFO: service[etcd] enabled -[2017-12-22T17:10:28+00:00] INFO: Processing service[etcd] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:28+00:00] INFO: Processing service[cluster] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:33+00:00] INFO: service[cluster] enabled -[2017-12-22T17:10:33+00:00] INFO: Processing service[cluster] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:33+00:00] INFO: Chef Run complete in 12.303429835 seconds -[2017-12-22T17:10:33+00:00] INFO: Running report handlers -[2017-12-22T17:10:33+00:00] INFO: Report handlers complete -Enrolled in cluster "dev", members: - cdemo_conjur_node_3 - cdemo_conjur_node_2 - cdemo_conjur_node_1 -[2017-12-22T17:10:35+00:00] INFO: *** Chef 10.34.6 *** -[2017-12-22T17:10:35+00:00] WARN: Run List override has been provided. -[2017-12-22T17:10:35+00:00] WARN: Original Run List: [] -[2017-12-22T17:10:35+00:00] WARN: Overridden Run List: [recipe[conjur::cluster]] -[2017-12-22T17:10:35+00:00] INFO: Run List is [recipe[conjur::cluster]] -[2017-12-22T17:10:35+00:00] INFO: Run List expands to [conjur::cluster] -[2017-12-22T17:10:35+00:00] INFO: Starting Chef Run for a263e40bff34 -[2017-12-22T17:10:35+00:00] INFO: Running start handlers -[2017-12-22T17:10:35+00:00] INFO: Start handlers complete. -[2017-12-22T17:10:35+00:00] WARN: Cloning resource attributes for service[etcd-proxy] from prior resource (CHEF-3694) -[2017-12-22T17:10:35+00:00] WARN: Previous service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:35+00:00] WARN: Current service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:35+00:00] WARN: Cloning resource attributes for service[etcd] from prior resource (CHEF-3694) -[2017-12-22T17:10:35+00:00] WARN: Previous service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:35+00:00] WARN: Current service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:35+00:00] WARN: Cloning resource attributes for service[cluster] from prior resource (CHEF-3694) -[2017-12-22T17:10:35+00:00] WARN: Previous service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:35+00:00] WARN: Current service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:35+00:00] INFO: Processing template[/opt/conjur/etc/conjur.conf] action create (conjur::_conjur_conf line 1) -[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] backed up to /var/chef/backup/opt/conjur/etc/conjur.conf.chef-20171222171035 -[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] updated content -[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] owner changed to 999 -[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] group changed to 999 -[2017-12-22T17:10:35+00:00] INFO: template[/opt/conjur/etc/conjur.conf] mode changed to 644 -[2017-12-22T17:10:35+00:00] INFO: Processing service[etcd-proxy] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:38+00:00] INFO: service[etcd-proxy] enabled -[2017-12-22T17:10:38+00:00] INFO: Processing service[etcd-proxy] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:38+00:00] INFO: Processing service[etcd] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:43+00:00] INFO: service[etcd] enabled -[2017-12-22T17:10:43+00:00] INFO: Processing service[etcd] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:43+00:00] INFO: Processing service[cluster] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:48+00:00] INFO: service[cluster] enabled -[2017-12-22T17:10:48+00:00] INFO: Processing service[cluster] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:48+00:00] INFO: Chef Run complete in 12.801079398 seconds -[2017-12-22T17:10:48+00:00] INFO: Running report handlers -[2017-12-22T17:10:48+00:00] INFO: Report handlers complete -Enrolled in cluster "dev", members: - cdemo_conjur_node_3 - cdemo_conjur_node_2 - cdemo_conjur_node_1 -[2017-12-22T17:10:50+00:00] INFO: *** Chef 10.34.6 *** -[2017-12-22T17:10:51+00:00] WARN: Run List override has been provided. -[2017-12-22T17:10:51+00:00] WARN: Original Run List: [] -[2017-12-22T17:10:51+00:00] WARN: Overridden Run List: [recipe[conjur::cluster]] -[2017-12-22T17:10:51+00:00] INFO: Run List is [recipe[conjur::cluster]] -[2017-12-22T17:10:51+00:00] INFO: Run List expands to [conjur::cluster] -[2017-12-22T17:10:51+00:00] INFO: Starting Chef Run for 0dabb6a4379a -[2017-12-22T17:10:51+00:00] INFO: Running start handlers -[2017-12-22T17:10:51+00:00] INFO: Start handlers complete. -[2017-12-22T17:10:51+00:00] WARN: Cloning resource attributes for service[etcd-proxy] from prior resource (CHEF-3694) -[2017-12-22T17:10:51+00:00] WARN: Previous service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:51+00:00] WARN: Current service[etcd-proxy]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:51+00:00] WARN: Cloning resource attributes for service[etcd] from prior resource (CHEF-3694) -[2017-12-22T17:10:51+00:00] WARN: Previous service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:51+00:00] WARN: Current service[etcd]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:51+00:00] WARN: Cloning resource attributes for service[cluster] from prior resource (CHEF-3694) -[2017-12-22T17:10:51+00:00] WARN: Previous service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:3:in `block in from_file' -[2017-12-22T17:10:51+00:00] WARN: Current service[cluster]: /var/chef/cookbooks/conjur/recipes/_cluster_service.rb:7:in `block in from_file' -[2017-12-22T17:10:51+00:00] INFO: Processing template[/opt/conjur/etc/conjur.conf] action create (conjur::_conjur_conf line 1) -[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] backed up to /var/chef/backup/opt/conjur/etc/conjur.conf.chef-20171222171051 -[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] updated content -[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] owner changed to 999 -[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] group changed to 999 -[2017-12-22T17:10:51+00:00] INFO: template[/opt/conjur/etc/conjur.conf] mode changed to 644 -[2017-12-22T17:10:51+00:00] INFO: Processing service[etcd-proxy] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:53+00:00] INFO: service[etcd-proxy] enabled -[2017-12-22T17:10:53+00:00] INFO: Processing service[etcd-proxy] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:53+00:00] INFO: Processing service[etcd] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:10:58+00:00] INFO: service[etcd] enabled -[2017-12-22T17:10:58+00:00] INFO: Processing service[etcd] action start (conjur::_cluster_service line 7) -[2017-12-22T17:10:58+00:00] INFO: Processing service[cluster] action enable (conjur::_cluster_service line 3) -[2017-12-22T17:11:03+00:00] INFO: service[cluster] enabled -[2017-12-22T17:11:03+00:00] INFO: Processing service[cluster] action start (conjur::_cluster_service line 7) -[2017-12-22T17:11:03+00:00] INFO: Chef Run complete in 12.814428459 seconds -[2017-12-22T17:11:03+00:00] INFO: Running report handlers -[2017-12-22T17:11:03+00:00] INFO: Report handlers complete -Enrolled in cluster "dev", members: - cdemo_conjur_node_3 - cdemo_conjur_node_2 - cdemo_conjur_node_1 - ------ -Killing current master... -Stopping: cdemo_conjur_node_1 -Removing: cdemo_conjur_node_1 - ------ -Waiting for standby to be promoted to master... -~/Conjur/cdemo/cluster >> cd .. -~/Conjur/cdemo >> ./inspect-cluster.sh - - -Load balancer config: ----------------- -# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. -global - maxconn 256 - external-check - -defaults - timeout connect 5000ms - timeout client 50000ms - timeout server 50000ms - -frontend f_conjur_master_http - mode tcp - bind *:443 - default_backend b_conjur_master_http - -frontend f_conjur_master_pg - mode tcp - bind *:5432 - default_backend b_conjur_master_pg - -frontend f_conjur_master_ldap - mode tcp - bind *:636 - default_backend b_conjur_master_ldap - -# HTTP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc -backend b_conjur_master_http - mode tcp - balance static-rr - option external-check - default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.8:443 check - server cdemo_conjur_node_2 172.18.0.7:443 check - server cdemo_conjur_node_1 172.18.0.2:443 check - -# PG backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc -backend b_conjur_master_pg - mode tcp - balance static-rr - option external-check - default-server inter 5s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.8:5432 check - server cdemo_conjur_node_2 172.18.0.7:5432 check - server cdemo_conjur_node_1 172.18.0.2:5432 check - -# LDAP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc -backend b_conjur_master_ldap - mode tcp - balance static-rr - option external-check - default-server inter 30s fall 3 rise 2 - external-check path "/usr/bin:/usr/local/bin" - external-check command "/root/conjur-health-check.sh" - server cdemo_conjur_node_3 172.18.0.8:636 check - server cdemo_conjur_node_2 172.18.0.7:636 check - server cdemo_conjur_node_1 172.18.0.2:636 check - - -Running containers: ----------------- -cdemo_conjur_node_3 Up 15 minutes -cdemo_conjur_node_2 Up 15 minutes -cdemo_scope_1 Up 15 minutes -conjur_follower Up 17 minutes -cdemo_cli_1 Up 18 minutes -conjur_master Up 13 minutes -artifacturlweb_app_1 Up 3 hours - - -Stateful node info: ----------------- -cdemo_conjur_node_3, standby, 172.18.0.8 -cdemo_conjur_node_2, standby, 172.18.0.7 - - -~/Conjur/cdemo >> cat cdemo_conjur_node_2:/var/log/cluster.log -cat: cdemo_conjur_node_2:/var/log/cluster.log: No such file or directory -~/Conjur/cdemo >> docker exec cdemo_conjur_node_2 cat /var/log/cluster.log -Dec 22 17:40:30 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:40:31 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:42:31 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:42:32 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:44:33 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:44:33 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:46:34 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:46:34 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... -Dec 22 17:48:35 949af8fb8d22 evoke-cluster: etcd version not available (Request Timeout). Waiting 5 seconds... - diff --git a/cluster/cluster.yml b/cluster/cluster.yml index cc61e53..b59f859 100644 --- a/cluster/cluster.yml +++ b/cluster/cluster.yml @@ -3,11 +3,10 @@ id: conjur/cluster/dev body: - !layer - - &hosts - - !host cdemo_conjur_node_3 - - !host cdemo_conjur_node_2 - - !host cdemo_conjur_node_1 + - !host conjur3 + - !host conjur2 + - !host conjur1 - !grant role: !layer member: *hosts diff --git a/cluster/conjur.conf b/cluster/conjur.conf deleted file mode 100644 index 869e8bb..0000000 --- a/cluster/conjur.conf +++ /dev/null @@ -1,9 +0,0 @@ -CONJUR_ACCOUNT=dev -ENABLED=true -LOG_LEVEL=warn -TRUSTED_PROXIES=127.0.0.1/32 -CONJUR_MASTER_HOST=172.18.0.2:443 -CLUSTER_NAME=dev -CLUSTER_MACHINE_NAME=cdemo_conjur_node_2 -CLUSTER_MACHINE_ADDRESS=cdemo_conjur_node_2 -ETCD_INITIAL_CLUSTER=cdemo_conjur_node_3=http://cdemo_conjur_node_3:2380,cdemo_conjur_node_2=http://cdemo_conjur_node_2:2380,cdemo_conjur_node_1=http://cdemo_conjur_node_1:2380 diff --git a/docker-compose.yml b/docker-compose.yml index 86e70ca..ba77371 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,13 +1,47 @@ version: '2' services: -# The Conjur, CLI and Weave Scope services are started by the 0-startup-conjur.sh script. -# The Conjur service is a single master. +# NOTE: static IP addresses are currently only supported in docker-compose v2 + # The CLI container is used to execute Conjur commands in lieu of requiring the CLI # package installation on the host machine. This makes managing multi-version Conjur # environments easier. - conjur_node: + + conjur1: + image: conjur-appliance:latest + container_name: conjur1 # important that container name == service name + labels: + role: "conjur_node" + volumes: + - ./:/src:z + - ./log:/var/log/conjur # exported conjur audit log + - ./log:/var/log/nginx # exported nginx audit log + security_opt: + - seccomp:unconfined + restart: always + networks: + ntwk: + ipv4_address: "10.5.0.2" + + conjur2: + image: conjur-appliance:latest + container_name: conjur2 # important that container name == service name + labels: + role: "conjur_node" + volumes: + - ./:/src:z + - ./log:/var/log/conjur # exported conjur audit log + - ./log:/var/log/nginx # exported nginx audit log + security_opt: + - seccomp:unconfined + restart: always + networks: + ntwk: + ipv4_address: "10.5.0.13" # upper range of addresses, hopefully unused when created + + conjur3: image: conjur-appliance:latest + container_name: conjur3 # important that container name == service name labels: role: "conjur_node" volumes: @@ -17,6 +51,9 @@ services: security_opt: - seccomp:unconfined restart: always + networks: + ntwk: + ipv4_address: "10.5.0.14" # upper range of addresses, hopefully unused when created haproxy: image: haproxy:conjur @@ -30,7 +67,9 @@ services: ports: - 443:443 restart: always - entrypoint: /start.sh + entrypoint: "/start.sh" + networks: + - ntwk etcd: image: quay.io/coreos/etcd @@ -51,10 +90,14 @@ services: - http://0.0.0.0:2380 - -initial-cluster - etcd=http://etcd:2380 + networks: + - ntwk hsm: image: softhsm:latest build: ./build/hsm + networks: + - ntwk follower: image: conjur-appliance:latest @@ -65,6 +108,8 @@ services: security_opt: - seccomp:unconfined restart: always + networks: + - ntwk cli: environment: @@ -80,6 +125,8 @@ services: - "/usr/bin/docker:/usr/bin/docker:z" entrypoint: sleep command: infinity + networks: + - ntwk scope: image: weaveworks/scope:1.6.5 @@ -92,6 +139,8 @@ services: - "/var/run/docker.sock:/var/run/docker.sock:rw" command: - "--probe.docker=true" + networks: + - ntwk # The webapp service is just a simple script running in a container - not really a web app. # This service is brought up by the 1-setup-containers.sh script. @@ -105,6 +154,8 @@ services: - APP_HOSTNAME # values for these variables are in .env file - VAR_ID # written by 1-setup-containers.sh - SLEEP_TIME + networks: + - ntwk # VM containers for SSH management demonstration. # This service is brought up by the ./ssh/0-setup-ssh.sh script. @@ -116,6 +167,8 @@ services: - data:/data entrypoint: sleep command: infinity + networks: + - ntwk # Open LDAP server for ldap sync demonstration. # This service is brought up by the ./ldap/0-setup-ldap.sh script. @@ -126,6 +179,8 @@ services: restart: always volumes: - .:/src + networks: + - ntwk # Splunk enterprise server for Splunk monitoring demonstration. # This requires the Conjur and Nginx logs be exported from the Conjur container. @@ -149,6 +204,8 @@ services: - "9997:9997" - "8088:8088" - "1514:1514" + networks: + - ntwk ansible: container_name: ansible @@ -160,9 +217,18 @@ services: - ./:/src:rw - ./ssh_ansible/ansible_hosts:/etc/ansible/hosts:rw entrypoint: "sleep infinity" + networks: + - ntwk volumes: data: opt-splunk-etc: opt-splunk-var: +networks: + ntwk: + driver: bridge + ipam: + config: + - subnet: 10.5.0.0/16 + gateway: 10.5.0.1 diff --git a/etc/haproxy.cfg b/etc/haproxy.cfg index 148cb5b..aa8652a 100644 --- a/etc/haproxy.cfg +++ b/etc/haproxy.cfg @@ -5,8 +5,8 @@ global defaults timeout connect 5s - timeout client 5s - timeout server 5s + timeout client 50s + timeout server 50s frontend f_conjur_master_http mode tcp @@ -27,27 +27,33 @@ frontend f_conjur_master_ldap # Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_http mode tcp - balance static-rr + balance roundrobin default-server inter 5s fall 3 rise 2 option httpchk GET /health http-check expect status 200 - server cdemo_conjur_node_1 cdemo_conjur_node_1:443 check port 443 check-ssl verify none + server conjur3 conjur3:443 check port 443 check-ssl verify none + server conjur2 conjur2:443 check port 443 check-ssl verify none + server conjur1 conjur1:443 check port 443 check-ssl verify none # PG backend info # Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp - balance static-rr + balance roundrobin default-server inter 5s fall 3 rise 2 option httpchk GET /health http-check expect status 200 - server cdemo_conjur_node_1 cdemo_conjur_node_1:5432 check port 443 check-ssl verify none + server conjur3 conjur3:5432 check port 443 check-ssl verify none + server conjur2 conjur2:5432 check port 443 check-ssl verify none + server conjur1 conjur1:5432 check port 443 check-ssl verify none # LDAP backend info # Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp - balance static-rr - option ldap-check + balance roundrobin default-server inter 5s fall 3 rise 2 - server cdemo_conjur_node_1 cdemo_conjur_node_1:636 check check-ssl verify none + option ldap-check + server conjur3 conjur3:636 check check-ssl verify none + server conjur2 conjur2:636 check check-ssl verify none + server conjur1 conjur1:636 check check-ssl verify none diff --git a/etc/haproxy.cfg.template b/etc/haproxy.cfg.template index ab8859f..66fb63e 100644 --- a/etc/haproxy.cfg.template +++ b/etc/haproxy.cfg.template @@ -4,8 +4,8 @@ global defaults timeout connect 5s - timeout client 5s - timeout server 5s + timeout client 50s + timeout server 50s frontend f_conjur_master_http mode tcp diff --git a/etc/update_haproxy.sh b/etc/update_haproxy.sh index af2fd70..fed46dc 100755 --- a/etc/update_haproxy.sh +++ b/etc/update_haproxy.sh @@ -16,7 +16,7 @@ main() { update_ldap_servers docker cp haproxy.cfg $haproxy_cname:/usr/local/etc/haproxy/haproxy.cfg - docker-compose exec haproxy /start.sh + docker restart $haproxy_cname } # Appends Conjur HTTP server info in HAProxy format to haproxy.cfg. diff --git a/host_factory/temp.out b/host_factory/temp.out deleted file mode 100644 index 3d2e304..0000000 --- a/host_factory/temp.out +++ /dev/null @@ -1,5 +0,0 @@ - - - - - diff --git a/ldap/1-create-policy.sh b/ldap/1-create-policy.sh index 34c7a50..c3bc759 100755 --- a/ldap/1-create-policy.sh +++ b/ldap/1-create-policy.sh @@ -13,4 +13,4 @@ if [[ "$(uname -s)" == "Linux" ]]; then else open https://conjur_master/ui/settings/ldap-sync/ fi - +echo diff --git a/ldap/2-ldap-sync.sh b/ldap/2-ldap-sync.sh index 0e233b0..bfd4bc4 100755 --- a/ldap/2-ldap-sync.sh +++ b/ldap/2-ldap-sync.sh @@ -3,3 +3,4 @@ set -o pipefail docker-compose exec cli conjur authn login -u admin -p Cyberark1 docker-compose exec -T cli conjur ldap-sync policy show > ldap-sync.yml docker-compose exec -T cli conjur elevate policy load /src/ldap/ldap-sync.yml +printf "\n\nNow browse the users and groups in the UI to see the synced updates.\n\n" diff --git a/ssh_ansible/1_create_key_for_user.sh b/ssh_ansible/1_create_key_for_user.sh index 516fb8b..043b5ae 100755 --- a/ssh_ansible/1_create_key_for_user.sh +++ b/ssh_ansible/1_create_key_for_user.sh @@ -8,4 +8,4 @@ USER=$1 printf "\nGenerating SSH keys for user %s and adding public key to Conjur...\n" $USER docker-compose exec cli conjur authn login -u admin -p Cyberark1 ssh-keygen -q -b 2048 -t rsa -C $USER-ssh-demo -f id_$USER -N '' -docker-compose exec -T cli conjur pubkeys add $USER @/src/ssh/id_$USER.pub +docker-compose exec -T cli conjur pubkeys add $USER @/src/ssh_ansible/id_$USER.pub diff --git a/ssh_ansible/id_bob b/ssh_ansible/id_bob deleted file mode 100644 index 2450192..0000000 --- a/ssh_ansible/id_bob +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA6HOjJ60Us36jRbtaMrsO91XMQAKDI93+vvimcyMEmnNTaiG2 -KZTQEhg83afM2vdjpWakJmi8bntICspaZ9DktY6/QcZgauDZng/YYvpoI4f9Ifmy -5QIRaWxSm36B5m5LBRDYu0HDjK58EVOh+HxNQsPM/eIt/g8QPQNYUvzBmI7kpjFM -Ra362gQfwicWegJAgMsRw+ZDlpBcWgl5pCYpWaTrCZI7fAmpIa7enLS3gFYZTnlV -TVbQQADFj8gtEc9qHZvfbQs42LiYEAB/ExSGCoxktSezixOMktg0S/5XFWmi42SG -mgvxPWv3nF4cNMczsbVhJhs+kK4IiBrYVS91DQIDAQABAoIBAEeKX2p0oGxly0ZI -1QfL/l0s8MG6hDXjuuV3jXLeEiqe18tQOMovXKJVB1aIsEmr3eUn49lWXrf6BUAc -6xoMdndSSZaqwT3jmdZFtikwPCDDV6q/OMm2izlQ91OX6c7LnxceCjYHlXGUueZz -QORDDVxA+rQgilsos6yzfNl9pO+YZIuzGRnQ+cQMGk1vLUTygMfFWcdQR6zz5kvo -75jvZaQyjkU9e7oQd9hIcIVIujChWMKBlAgkcTtryi4qaYnipQSblsf4midBI6j9 -+sowkJFiq0AW3vL0JYkKS3tA3Jxvw7DTk9HoAaSEVaWvmATSlEdJcVUasH/RCi0x -RyxhIwECgYEA/fKIaVOG3DtvZH1VX89JNN40xUfMZ6Zrqc7y11vuqihVpZV9h5F/ -z0QOwTNrSPV0f5QCjIAv9nN4VGXUyvuz9EshYgg8yZoyhK9EF/jdm86yEYBFLn5J -OcaCxheoUNR0PLeKR57vDzfqVrIk5VBBACICEckvC8cS31tfbzwEaKECgYEA6lSg -K2gCxlHymRUG/HJSa6KCYLujEuEYjEQssvYPj2SVU2rYGS37XtgdC79S1KVjZdhJ -Q3ym/5KK28245tEV0EAUc/TYJ7aZoqUTKzgGF2saQoT+9leO8Yk+zneZktctfyRS -nB9JnZq3Fe+dVWY0ZkFeQ9TjZSS3SWJmuV4bmO0CgYEAiVhECNshBDms/GeA5imh -CVPorI4xchmi/xsrYeiZwzO/ZqfcVZcOzhWb+UgLDVGbqWhunHiz+BHpkZPlq8bI -RCbiLjgQUGTyT6rPJDv3902qJyb9w7CPgAzqK6Md6GGPYEtQIX5HAy8Vsb/1joSC -M0UxY1cw96i6f0zW571JESECgYB7/T0m2oklULUR5PtmVkNgKoPcFUyrL6mihmw0 -YVhIYktU8SLY5+iq/aUY0ypL1BstB210pR9j+bE5rrfYgeeN4mowFOzOzqKqWbgz -1Rf8CjLB4cdap2e+TAWMj+IVvX+YV6rSawezueqIU9onFsZBGPN85sdPfEbzMHr0 -OGRX3QKBgG6pvrYyChUkiP0WU+0JaMrl1hyTiJRp9asbYMKWdyJRlO3hjlP6nLU9 -J7sZjEE9y2ga25CqmFvbkMV5rl3fdExISAWZHf9U1DwBrBImMtP8hB9bhv07CUL8 -/ANYonUEFz3jQW5sRpuHESHcOld+ewA1j5eVTUjeeSMI1Lw7YBbD ------END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_carol b/ssh_ansible/id_carol deleted file mode 100644 index 71e1c94..0000000 --- a/ssh_ansible/id_carol +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA1QoqG2z9VG6sSkACIqTRoPI4x1LNfzuqaT2LG5nzDs6/Ivyc -diUJGhvy0RdCykWqab6sD/UKkoxt9gdQSK/PZ+tD3Eny8dHVdHetPlDgdbFei9k+ -axfJVYmSoC2TVklLANZrvJx1mTDCP0ZE+I4nIfzHt0sg9VxL30Fh016hO51/wQuF -vGc/uloH4DQ700FExrqwAf9y9R5BIHY3DYYCWWjnfLQXpNBAtr+qjLg8olCQb9FJ -FOONFIqgGMhFrE7tbEWKCLm4c4u6QR75h9eiSMb/qwiA9cPF4qFoI2nV7TbqI4Zz -twANYmTXL5+R3U01JMhc2j9YOgIOkYXdxWEjlQIDAQABAoIBAEuF4/F/DLue1GMq -F9eyOEJnPCulNgZx33KZh7QMOnc4YdgEV28mp/hiig0Hwvyz/7qnBpZNlybms6Cx -bQunj85WP+NbL838RkCYoIjj4P64Fz1akV8jupMhRyKTpZTEPNuaJ+1gRew9tc76 -mT7IHiVVWHOpJZD13EvUANsOw/e+srb/Et1VOyoAv2iEb3ec+Ai3qz6gjc+57E4x -yi1JA8MdJz+FgrS+s83/Ifr8chqFf2Y8ixhgXeXHzMibQACAJX4ntoK1UU9g+Um6 -W3ys1/7+7FOmWRVHT2BjAfx5G1BEzqFXLAeWMZyH5j1y/nsBx0uJKpKnieqKxpVV -kYkapC0CgYEA/oiMEVFBzbLQuAS1YlzRGcUezkkUGHzvy6rKngiV/isggTcHTAZ8 -bFkftzod1nWW132WHAlu5QwK1vVEsQWaRznq/Z+spJWoYTiMOEYxmeGh4qKWNpdk -FAnjLiVOeMyfxCVieiwmWQttYlXQqEnA6v5HKgSUvSvc5V06jQRBDP8CgYEA1kRp -WkFiSStLGzISb4FXi3q7Htclau2wYZo6y0lI/iFK5ZN4bnZvU5H2/9PkpJMYOHsY -rvUX60eE4ZXBsrDzlrZB8nkTBw4i5Z1gC0Im23siTNC0tCzlIBI2g8fABSvIwZZ0 -qVP/Dlgpe/+IuS6GUzzKaAY/Q+JyrUkYlhaeS2sCgYEA+bykIYGmnNqr60HDbkU/ -bJd6CFCvhO9goGZs8u3drUpHVEDXygI7JluzwKUnDXrGi5xPIicnRVixcgOoaD/l -BamQJVT7oWitkuZWvggxNpipq6J23A1iRj8FRguYmPG8eElt/A1BevC5XFhyqAvl -WywuSs2/2nQlAm6cuivIX6UCgYEAiG3c6wQQ0egIFZPnWypvFLeb58Iz6AbaNPtg -DkpmeLG4H7+rgiJVNlANhs1jm0qxtFzk1Znnlf7e5EhXojC7mS4JhZuD+w0MOUng -eqqvVTbtGx4UwViIt8gBAB2y7Vf4pxLmy15ZW8fU+kg1xTuTefKOKng31kCcpiuR -xRc3yWsCgYEAie/Twly/hGW0ovxlZgKiSk9TEVdybgyzjw7MVVBSFURO631uo9Jw -oskXTYQ4cIEhX9XP+Asf8w+Kjlugr+skSPLYFqg8I7Pgb89lbQVgJvK6O+m2cVgh -AHT7tTqM+wJEPfsfTDii3gU5TgSYnCojTCYfAhPyeS9im10yMvb5MxM= ------END RSA PRIVATE KEY----- From 0257fdb3001cd591984618e7f292422fb30c4f80 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 6 Jan 2018 18:38:41 +0000 Subject: [PATCH 47/68] added bastion demo, improved haproxy update and seed file transfer --- .gitignore | 1 + 0-startup-conjur.sh | 52 +++++----- _install-dependencies.sh | 2 + audit_policy.sh | 2 +- bastion/0-setup-bastion.sh | 98 +++++++++++++++++++ bastion/1-exec-to-outside-vm.sh | 2 + bastion/3_root_key_rotators.sh | 6 ++ bastion/4_rotate.sh | 9 ++ bastion/README.md | 17 ++++ bastion/_test_fetch_userkey_from_host.sh | 10 ++ bastion/policy/bastion.yml | 28 ++++++ bastion/policy/hosts.yml | 4 + bastion/policy/protected.yml | 19 ++++ bastion/policy/root_key_rotators.yml | 13 +++ bastion/policy/users.yml | 22 +++++ bastion/ssh-bastion.yml | 2 + build/haproxy/Dockerfile | 2 +- .../haproxy/haproxy.cfg.cluster | 23 ++--- .../{haproxy.cfg => haproxy.cfg.master-only} | 4 - cluster/0-setup-standbys.sh | 41 +++----- cluster/1-trigger-failover.sh | 13 +-- cluster/README.md | 6 +- cluster/watch-cluster.sh | 15 +++ docker-compose.yml | 75 ++++++++------ etc/conjur_follower.conf | 5 + etc/{conjur.conf => conjur_master.conf} | 0 etc/haproxy.cfg.template | 23 ----- etc/update_haproxy.sh | 84 ---------------- host_factory/foo.out | 3 + host_factory/process_template.sh | 1 + host_factory/temp.out | 5 + ssh_ansible/0-setup-ssh.sh | 20 ++-- ssh_ansible/2_ssh_user_to_host.sh | 5 +- ssh_ansible/id_bob | 27 +++++ ssh_ansible/id_bob.pub | 1 + ssh_ansible/id_carol | 27 +++++ ssh_ansible/id_carol.pub | 1 + 37 files changed, 431 insertions(+), 237 deletions(-) create mode 100755 bastion/0-setup-bastion.sh create mode 100755 bastion/1-exec-to-outside-vm.sh create mode 100755 bastion/3_root_key_rotators.sh create mode 100755 bastion/4_rotate.sh create mode 100644 bastion/README.md create mode 100755 bastion/_test_fetch_userkey_from_host.sh create mode 100644 bastion/policy/bastion.yml create mode 100644 bastion/policy/hosts.yml create mode 100644 bastion/policy/protected.yml create mode 100644 bastion/policy/root_key_rotators.yml create mode 100644 bastion/policy/users.yml create mode 100644 bastion/ssh-bastion.yml rename etc/haproxy.cfg => build/haproxy/haproxy.cfg.cluster (84%) rename build/haproxy/{haproxy.cfg => haproxy.cfg.master-only} (77%) create mode 100755 cluster/watch-cluster.sh create mode 100644 etc/conjur_follower.conf rename etc/{conjur.conf => conjur_master.conf} (100%) delete mode 100644 etc/haproxy.cfg.template delete mode 100755 etc/update_haproxy.sh create mode 100644 host_factory/foo.out create mode 100644 host_factory/temp.out create mode 100644 ssh_ansible/id_bob create mode 100644 ssh_ansible/id_bob.pub create mode 100644 ssh_ansible/id_carol create mode 100644 ssh_ansible/id_carol.pub diff --git a/.gitignore b/.gitignore index 384a4dd..326df4c 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ ldap/ldap-sync.yml ssh/id* build/hsm/* *.swp +*.new diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index ecb80a8..68e1699 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -6,10 +6,10 @@ CONJUR_CONTAINER_TARFILE= CONJUR_MASTER_INGRESS=conjur_master CONJUR_FOLLOWER_INGRESS=conjur_follower -CONJUR_MASTER_HOSTNAME=conjur_master CONJUR_MASTER_ORGACCOUNT=dev CONJUR_MASTER_PASSWORD=Cyberark1 -CONJUR_MASTER_CONT_ID=conjur1 +CONJUR_MASTER_CONT_NAME=conjur1 +CLI_CONT_NAME=conjur_cli main() { @@ -27,7 +27,6 @@ main() { docker-compose exec cli "/src/etc/_demo-init.sh" # force builds of images for demo modules - docker-compose build etcd docker-compose build ldap docker-compose build vm docker-compose build splunk @@ -61,27 +60,29 @@ all_down() { ############################ conjur_master_up() { echo "-----" - if [[ "$CONJUR_CONTAINER_TARFILE" == "" ]]; then - printf "\n\nEdit this script to set CONJUR_CONTAINER_TARFILE to the location of the Conjur appliance tarfile to load.\n\n" - exit -1 - fi + if [[ "$(docker images conjur-appliance:latest | grep conjur-appliance)" == "" ]]; then + if [[ "$CONJUR_CONTAINER_TARFILE" == "" ]]; then + printf "\n\nEdit this script to set CONJUR_CONTAINER_TARFILE to the location of the Conjur appliance tarfile to load.\n\n" + exit -1 + fi - if [[ "$(docker images conjur-appliance | grep conjur-appliance)" == "" ]]; then echo "Loading image from tarfile. This takes about a minute..." LOAD_MSG=$(docker load -i $CONJUR_CONTAINER_TARFILE) IMAGE_ID=$(cut -d " " -f 3 <<< "$LOAD_MSG") # parse image name as 3rd field in "Loaded image: xx" message docker tag $IMAGE_ID conjur-appliance:latest fi - echo "Bringing up Conjur" - docker-compose up -d conjur1 + image_tag=$(docker images | grep $(docker images conjur-appliance:latest --format "{{.ID}}") | awk '!/latest/ {print $2}') + printf "Bringing up Conjur using image tagged as version %s...\n" $image_tag +exit + docker-compose up -d $CONJUR_MASTER_CONT_NAME echo "-----" echo "Initializing Conjur Master" - docker exec $CONJUR_MASTER_CONT_ID \ + docker exec $CONJUR_MASTER_CONT_NAME \ evoke configure master \ -j /src/etc/conjur.json \ - -h $CONJUR_MASTER_HOSTNAME \ + -h $CONJUR_MASTER_INGRESS \ -p $CONJUR_MASTER_PASSWORD \ $CONJUR_MASTER_ORGACCOUNT @@ -89,7 +90,7 @@ conjur_master_up() { echo "Get certificate from Conjur" rm -f ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem # cache cert for copying to other containers - docker cp -L $CONJUR_MASTER_CONT_ID:/opt/conjur/etc/ssl/conjur.pem ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem + docker cp -L $CONJUR_MASTER_CONT_NAME:/opt/conjur/etc/ssl/conjur.pem ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem } @@ -103,12 +104,11 @@ cli_up() { printf "\n-----\nBring up CLI client...\n" docker-compose up -d cli - CLI_CONT_ID=$(docker-compose ps -q cli) echo "-----" echo "Copy Conjur config and certificate to CLI" - docker cp -L ./etc/conjur.conf $CLI_CONT_ID:/etc - docker cp -L ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem $CLI_CONT_ID:/etc + docker cp -L ./etc/conjur_master.conf $CLI_CONT_NAME:/etc/conjur.conf + docker cp -L ./etc/conjur-$CONJUR_MASTER_ORGACCOUNT.pem $CLI_CONT_NAME:/etc docker-compose exec cli conjur authn login -u admin -p $CONJUR_MASTER_PASSWORD } @@ -116,21 +116,13 @@ cli_up() { conjur_follower_up() { printf "\n-----\nConfiguring follower node...\n" - # get container name of conjur master - conjur_master_cname=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - # generate seed file that references haproxy - docker exec -it $conjur_master_cname bash -c "evoke seed follower $CONJUR_MASTER_INGRESS > /tmp/follower-seed.tar" - # and copy to local /tmp - docker cp $conjur_master_cname:/tmp/follower-seed.tar /tmp/ docker-compose up -d follower - # only one follower - conjur_follower_cname=$(docker ps -f "label=role=conjur_follower" --format {{.Names}}) - docker rename $conjur_follower_cname $CONJUR_FOLLOWER_INGRESS - - docker cp /tmp/follower-seed.tar $CONJUR_FOLLOWER_INGRESS:/tmp/seed - docker exec $CONJUR_FOLLOWER_INGRESS bash -c "evoke unpack seed /tmp/seed" - rm /tmp/follower-seed.tar - docker exec $CONJUR_FOLLOWER_INGRESS bash -c "evoke configure follower -j /src/etc/conjur.json" + # generate seed file & pipe to follower + docker exec conjur1 evoke seed follower $CONJUR_FOLLOWER_INGRESS \ + | docker exec -i $CONJUR_FOLLOWER_INGRESS evoke unpack seed - + docker exec $CONJUR_FOLLOWER_INGRESS evoke configure follower -j /src/etc/conjur.json + rm -f ./etc/conjur_follower.pem + docker cp $CONJUR_FOLLOWER_INGRESS:/opt/conjur/etc/ssl/conjur_follower.pem ./etc } ############################ diff --git a/_install-dependencies.sh b/_install-dependencies.sh index bc8e51e..6ca7d35 100755 --- a/_install-dependencies.sh +++ b/_install-dependencies.sh @@ -21,6 +21,8 @@ install_docker() { sudo yum install -y docker-ce # add user to docker group to run docker w/o sudo sudo usermod -aG docker $USER + # default overlay storage driver causes probs + sudo echo '{ "storage-driver": "devicemapper" }' > /etc/docker/daemon.json sudo systemctl start docker } diff --git a/audit_policy.sh b/audit_policy.sh index 17960ac..75ed8bf 100755 --- a/audit_policy.sh +++ b/audit_policy.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/bash -ex if [[ -z $1 ]] ; then printf "\n\tUsage: %s \n\n" $0 exit 1 diff --git a/bastion/0-setup-bastion.sh b/bastion/0-setup-bastion.sh new file mode 100755 index 0000000..95fc804 --- /dev/null +++ b/bastion/0-setup-bastion.sh @@ -0,0 +1,98 @@ +#!/bin/bash +set -eo pipefail + +CONJUR_MASTER_ORGACCOUNT=dev +CONJUR_APPLIANCE_URL=https://conjur_follower/api +CONJUR_CONF_FILE=../etc/conjur_follower.conf +CONJUR_CERT_FILE=../etc/conjur_follower.pem +ACCESS_POLICY_FILE=ssh-bastion.yml +BASTION_SERVICES="outside bastion protected" +BASTION_CONT_NAMES="bastion_server protected_vm" +SSH_USERS="carol alice ted" + +################ MAIN ################ +main() { + load_policy + bring_up_vms + conjurize_vms + setup_user_creds +} + +###################### +load_policy() { + printf "\n-----\nLoading bastion server access policy...\n" + docker-compose exec cli conjur policy load --as-group=security_admin /src/bastion/$ACCESS_POLICY_FILE +} + +###################### +bring_up_vms() { + printf "\n-----\nBringing down old, then up all vm containers...\n" + # the outside and bastion VMs are both on the external network (netwkx) + docker-compose rm -svf $BASTION_SERVICES + docker-compose up -d $BASTION_SERVICES +} + +###################### +conjurize_vms() { + printf "\n-----\nConfiguring hosts for SSH & identities ...\n" + + conjurize_container_as_host bastion_server bastion/server + conjurize_container_as_host protected_vm protected/vm +} + +###################### +conjurize_container_as_host(){ + cname=$1; shift + hname=$1; shift + # note: conjur.conf and conjur-.pem are + # copied from conjur container to shared volume + # just after conjur service is brought up. + docker cp $CONJUR_CONF_FILE $cname:/etc/conjur.conf + docker cp $CONJUR_CERT_FILE $cname:/etc + + api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $hname) + # run chef recipe to configure vm for ssh access + docker exec \ + -e CONJURRC=/etc/conjur.conf \ + -e CONJUR_ACCOUNT=$CONJUR_MASTER_ORGACCOUNT \ + -e CONJUR_APPLIANCE_URL=$CONJUR_APPLIANCE_URL \ + -e CONJUR_AUTHN_LOGIN="host/$hname" \ + -e CONJUR_AUTHN_API_KEY=$api_key \ + $cname chef-solo -o conjur::configure + + # finish configuration, start sshd & logshipper + docker exec $cname sudo /root/configure-ssh.sh +} + +###################### +setup_user_creds() { + for i in $SSH_USERS; do + setup_user $i + done +} + +###################### +# sets up users on vm that is "outside" the network +setup_user() { + user=$1 + printf "\n\n-----\nGenerating SSH keys for user %s and adding public key to Conjur...\n" $user + ssh-keygen -q -b 2048 -t rsa -C ${user}-ssh-demo -f id_$user -N '' + docker-compose exec -T cli conjur pubkeys add $user @/src/bastion/id_$user.pub + + docker exec outside_vm sudo useradd -m $user + docker exec outside_vm sudo su $user -c 'mkdir ~/.ssh' + docker exec outside_vm sudo cp /src/bastion/id_$user /home/$user/.ssh/id_rsa + docker exec outside_vm sudo chown $user:$user /home/$user/.ssh/id_rsa + docker exec outside_vm sudo chmod 0600 /home/$user/.ssh/id_rsa + cat < \n\n" $0 + exit 1 +fi +USER=$1 +CNAME=$2 +printf "\nFrom container %s, retrieving public SSH key for user %s from Conjur service:\n\n" $CNAME $USER +docker exec -it $CNAME /opt/conjur/bin/conjur_authorized_keys $USER diff --git a/bastion/policy/bastion.yml b/bastion/policy/bastion.yml new file mode 100644 index 0000000..40d4edb --- /dev/null +++ b/bastion/policy/bastion.yml @@ -0,0 +1,28 @@ +--- +- !policy + id: bastion + body: + + - !layer + + - !host server + + - !grant + role: !layer + member: !host server + +# Give developers user access (ssh) to VMs in layer + + - !grant + role: !automatic-role + record: !layer + role_name: use_host + member: !group /developers + +# Give sec_ops admin access (ssh & sudo) to VMs in layer + + - !grant + role: !automatic-role + record: !layer + role_name: admin_host + member: !group /sec_ops diff --git a/bastion/policy/hosts.yml b/bastion/policy/hosts.yml new file mode 100644 index 0000000..147e56f --- /dev/null +++ b/bastion/policy/hosts.yml @@ -0,0 +1,4 @@ +- !host home_vm +- !host bastion_server +- !host protected_vm + diff --git a/bastion/policy/protected.yml b/bastion/policy/protected.yml new file mode 100644 index 0000000..eeff7cf --- /dev/null +++ b/bastion/policy/protected.yml @@ -0,0 +1,19 @@ +- !policy + id: protected + body: + + - !layer + + - !host vm + + - !grant + role: !layer + member: !host vm + +# Give developers ssh & sudo rights on VMs in layer + + - !grant + role: !automatic-role + record: !layer + role_name: admin_host + member: !group /developers diff --git a/bastion/policy/root_key_rotators.yml b/bastion/policy/root_key_rotators.yml new file mode 100644 index 0000000..660257d --- /dev/null +++ b/bastion/policy/root_key_rotators.yml @@ -0,0 +1,13 @@ +- !policy + id: root-key-rotators + body: + - !policy + id: bastion + body: + - !variable host + - !variable login + - !variable + id: private-key + annotations: + rotation/rotator: ssh/key_pair + rotation/ttl: P1D # rotate every day diff --git a/bastion/policy/users.yml b/bastion/policy/users.yml new file mode 100644 index 0000000..9a943c6 --- /dev/null +++ b/bastion/policy/users.yml @@ -0,0 +1,22 @@ +# users & groups +- !user + id: donna + public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNOpajDmA/Ld8w9BALKGQesYnQ1jL/O7jCrjc+DDXDemmS8Ky8muvSoBdoipGweRRwvmF1CCZky8fITRTcmWIKDa/vIE+CmHo8MfFKWmz93stoBuMo8jgrRvl00SEyaExh9S0gQCbH4LmM8khE1jE6ZKrptkGB5xmWN0MBHLwO/zdSzNDklwfZyT9J1/ITy6M3zVScgTFp9GMxVFngCJDXmGigZ5cj187MVf80irktZkAawxWvrwFXvvDDwMBjs9+/2CWvbUho7UOKmgyMN+8xCHXANQH8euhYp8fKdVaxuWYweCljF2jGOYZ7/z2r7XNRd9yz4Pg8SccUYahrUei3 donna-bastion-tutorial + +- !user + id: otto + public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyxERgaUnB3VIsMfh+5cBoIHeFj7bBY/APv/tAUwsZMUDFfxMvycsYoZ9SDMBtPCuLoFn6NC213JwfYCvTidSk+0rwKmenVqw6S/4BhsKLACXEF8DQMqwImZbO9joS5p6V3jda3E6qqPuieyRqVt4BBrK6kwGygaSqGxW8gavZeCLa6/EPiJWqiIy0kKDOYMvPcqfRYgIwoFxlTubaCfeT8D7qQ8wyr0rBSCv9FIE4ziIkG9LDduiYkV07Kj/vHaCr9y94+pkjtSuHh5xYB71S0byrudiGxSSPmxGLFSsnfZWLD+d1HEViErziTzgAbOuCPchHjD0KskJVghtNClVJ otto-bastion-tutorial + +- !group operations +- !group developers + +- !grant + role: !group developers + members: + - !user donna + - !group operations + +- !grant + role: !group operations + members: + - !user otto diff --git a/bastion/ssh-bastion.yml b/bastion/ssh-bastion.yml new file mode 100644 index 0000000..80c2bdd --- /dev/null +++ b/bastion/ssh-bastion.yml @@ -0,0 +1,2 @@ +- !include policy/bastion.yml +- !include policy/protected.yml diff --git a/build/haproxy/Dockerfile b/build/haproxy/Dockerfile index 08c4f91..1062645 100644 --- a/build/haproxy/Dockerfile +++ b/build/haproxy/Dockerfile @@ -6,5 +6,5 @@ RUN apt-get install -y \ curl \ vim -COPY haproxy.cfg /usr/local/etc/haproxy/ +COPY haproxy.cfg.master-only /usr/local/etc/haproxy/haproxy.cfg COPY start.sh / diff --git a/etc/haproxy.cfg b/build/haproxy/haproxy.cfg.cluster similarity index 84% rename from etc/haproxy.cfg rename to build/haproxy/haproxy.cfg.cluster index aa8652a..196c03e 100644 --- a/etc/haproxy.cfg +++ b/build/haproxy/haproxy.cfg.cluster @@ -24,36 +24,33 @@ frontend f_conjur_master_ldap default_backend b_conjur_master_ldap # HTTP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_http mode tcp - balance roundrobin + balance static-rr default-server inter 5s fall 3 rise 2 option httpchk GET /health http-check expect status 200 - server conjur3 conjur3:443 check port 443 check-ssl verify none - server conjur2 conjur2:443 check port 443 check-ssl verify none server conjur1 conjur1:443 check port 443 check-ssl verify none + server conjur2 conjur2:443 check port 443 check-ssl verify none + server conjur3 conjur3:443 check port 443 check-ssl verify none # PG backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp - balance roundrobin + balance static-rr default-server inter 5s fall 3 rise 2 option httpchk GET /health http-check expect status 200 - server conjur3 conjur3:5432 check port 443 check-ssl verify none - server conjur2 conjur2:5432 check port 443 check-ssl verify none server conjur1 conjur1:5432 check port 443 check-ssl verify none + server conjur2 conjur2:5432 check port 443 check-ssl verify none + server conjur3 conjur3:5432 check port 443 check-ssl verify none # LDAP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp - balance roundrobin - default-server inter 5s fall 3 rise 2 + balance static-rr option ldap-check - server conjur3 conjur3:636 check check-ssl verify none - server conjur2 conjur2:636 check check-ssl verify none + default-server inter 5s fall 3 rise 2 server conjur1 conjur1:636 check check-ssl verify none + server conjur2 conjur2:636 check check-ssl verify none + server conjur3 conjur3:636 check check-ssl verify none diff --git a/build/haproxy/haproxy.cfg b/build/haproxy/haproxy.cfg.master-only similarity index 77% rename from build/haproxy/haproxy.cfg rename to build/haproxy/haproxy.cfg.master-only index d43f18f..f43bf61 100644 --- a/build/haproxy/haproxy.cfg +++ b/build/haproxy/haproxy.cfg.master-only @@ -1,4 +1,3 @@ -# This file is generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc. global maxconn 256 external-check @@ -24,7 +23,6 @@ frontend f_conjur_master_ldap default_backend b_conjur_master_ldap # HTTP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_http mode tcp balance static-rr @@ -34,7 +32,6 @@ backend b_conjur_master_http server conjur1 conjur1:443 check port 443 check-ssl verify none # PG backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_pg mode tcp balance static-rr @@ -44,7 +41,6 @@ backend b_conjur_master_pg server conjur1 conjur1:5432 check port 443 check-ssl verify none # LDAP backend info -# Generated by ./update_haproxy.sh in /Users/josephhunt/Conjur/cdemo/etc backend b_conjur_master_ldap mode tcp balance static-rr diff --git a/cluster/0-setup-standbys.sh b/cluster/0-setup-standbys.sh index cce8d2b..fa0f5b9 100755 --- a/cluster/0-setup-standbys.sh +++ b/cluster/0-setup-standbys.sh @@ -38,16 +38,15 @@ start_new_standbys() { ############################# setup_standbys() { printf "\n-----\nConfiguring standby nodes...\n" - # generate seed file - docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-node > /tmp/standby-seed.tar" - # copy to local /tmp - docker cp $CONJUR_MASTER_CNAME:/tmp/standby-seed.tar /tmp/ - - docker cp /tmp/standby-seed.tar conjur2:/tmp/seed - docker exec conjur2 bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" - docker cp /tmp/standby-seed.tar conjur3:/tmp/seed - docker exec conjur3 bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" - rm /tmp/standby-seed.tar + + # generate seed file & pipe to standby for unpacking + docker exec $CONJUR_MASTER_CNAME evoke seed standby \ + | docker exec -i conjur2 evoke unpack seed - + docker exec conjur2 evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP + + docker exec $CONJUR_MASTER_CNAME evoke seed standby \ + | docker exec -i conjur3 evoke unpack seed - + docker exec conjur3 evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP } @@ -96,9 +95,9 @@ wait_for_standbys() { ############################# update_load_balancer() { printf "\n-----\nUpdating load balancer configuration...\n" - pushd ../etc \ - && ./update_haproxy.sh $CONJUR_MASTER_INGRESS \ - && popd + docker cp ../build/haproxy/haproxy.cfg.cluster \ + $CONJUR_MASTER_INGRESS:/usr/local/etc/haproxy/haproxy.cfg + docker restart $CONJUR_MASTER_INGRESS } ############################# @@ -118,9 +117,9 @@ check_conjur_version() { CONJUR_MINOR=$(echo $CONJUR_VERSION | awk -F "." '{ print $2 }') CONJUR_POINT=$(echo $CONJUR_VERSION | awk -F "." '{ print $3 }') - if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 10) ]]; then + if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 11) ]]; then printf "\nConjur version %i.%i.%i is running.\n" $CONJUR_MAJOR $CONJUR_MINOR $CONJUR_POINT - printf "This script only supports failover in Conjur versions 4.9.10 and above.\n\n" + printf "This script only supports failover in Conjur versions 4.9.11 and above.\n\n" else failover_supported=true fi @@ -129,10 +128,7 @@ check_conjur_version() { ############################# setup_cluster_state() { printf "\n-----\nConfiguring etcd cluster manager and cluster policy...\n" - if [[ $CONJUR_POINT == 10 ]]; then - docker-compose up -d etcd # external etcd in 4.9.10 - fi - + CONT_LIST=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) construct_cluster_policy # build cluster policy file @@ -141,12 +137,7 @@ setup_cluster_state() { docker-compose exec cli conjur policy load --as-group=security_admin /src/cluster/$CLUSTER_POLICY_FILE for cname in $CONT_LIST; do - if [[ $CONJUR_POINT == 10 ]]; then - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cname) - docker exec $cname evoke cluster enroll -a $cont_ip -n $cname $CLUSTER_NAME - else - docker exec $cname evoke cluster enroll -n $cname $CLUSTER_NAME - fi + docker exec $cname evoke cluster enroll -n $cname $CLUSTER_NAME done } diff --git a/cluster/1-trigger-failover.sh b/cluster/1-trigger-failover.sh index 2191640..a7f09b4 100755 --- a/cluster/1-trigger-failover.sh +++ b/cluster/1-trigger-failover.sh @@ -92,15 +92,10 @@ wait_for_healthy_master() { recycle_old_master() { printf "\n-----\nConfiguring standby node...\n" docker-compose up -d $CONTAINER_TO_RECYCLE - - # generate seed file & copy to local tmp - docker exec -it $CONJUR_MASTER_CNAME bash -c "evoke seed standby conjur-standby > /tmp/standby-seed.tar" - docker cp $CONJUR_MASTER_CNAME:/tmp/standby-seed.tar /tmp/ - # copy seed to container & configure - docker cp /tmp/standby-seed.tar $CONTAINER_TO_RECYCLE:/tmp/seed - docker exec $CONTAINER_TO_RECYCLE bash -c "evoke unpack seed /tmp/seed && evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP" - - rm /tmp/standby-seed.tar + # generate seed file & pipe to standby + docker exec $CONJUR_MASTER_CNAME evoke seed standby conjur-standby \ + | docker exec -i $CONTAINER_TO_RECYCLE evoke unpack seed - + docker exec $CONTAINER_TO_RECYCLE evoke configure standby -j /src/etc/conjur.json -i $CONJUR_MASTER_IP wait_for_healthy_master diff --git a/cluster/README.md b/cluster/README.md index d0f0b34..1de1047 100644 --- a/cluster/README.md +++ b/cluster/README.md @@ -1,3 +1,3 @@ -# adds standbys to cluster and shows failover - - 0-setup-cluster.sh - brings stateful sub-cluster to default of 1-master/2-standbys - - 1-cluster-failover.sh - removes current master to trigger auto-failover, calls 0-setup-cluster to replace standby +# adds standbys to cluster and (for Conjur 4.9.10 and above) shows failover + - 0-setup-cluster.sh - brings stateful sub-cluster (1-master/2-standbys) + - 1-cluster-failover.sh - removes current master to trigger auto-failover, reconfigured failed master as a standby diff --git a/cluster/watch-cluster.sh b/cluster/watch-cluster.sh new file mode 100755 index 0000000..0d68d65 --- /dev/null +++ b/cluster/watch-cluster.sh @@ -0,0 +1,15 @@ +#!/bin/bash +SLEEP_TIME=2 +if [[ "$1" != "" ]]; then + SLEEP_TIME=$1 +fi +while : ; do + printf "\n\n-----\nCluster members:\n" + printf "\nAccording to conjur1:\n" + docker exec conjur1 etcdctl member list + printf "\nAccording to conjur2:\n" + docker exec conjur2 etcdctl member list + printf "\nAccording to conjur3:\n" + docker exec conjur3 etcdctl member list + sleep $SLEEP_TIME +done diff --git a/docker-compose.yml b/docker-compose.yml index ba77371..427fdce 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -71,38 +71,10 @@ services: networks: - ntwk - etcd: - image: quay.io/coreos/etcd - hostname: etcd - build: ./build/etcd - command: - - etcd - - -debug - - -name - - etcd - - -advertise-client-urls - - http://etcd:2379 - - -listen-client-urls - - http://0.0.0.0:2379 - - -initial-advertise-peer-urls - - http://etcd:2380 - - -listen-peer-urls - - http://0.0.0.0:2380 - - -initial-cluster - - etcd=http://etcd:2380 - networks: - - ntwk - - hsm: - image: softhsm:latest - build: ./build/hsm - networks: - - ntwk - follower: image: conjur-appliance:latest - labels: - role: "conjur_follower" + hostname: conjur_follower + container_name: conjur_follower volumes: - ./:/src:z security_opt: @@ -115,7 +87,8 @@ services: environment: CONJUR_ACCOUNT: dev CONJUR_APPLIANCE_URL: https://conjur_master/api - hostname: conjurcli + container_name: conjur_cli + hostname: conjur_cli image: my-conjurcli:5.4.0 build: ./build/conjurcli volumes: @@ -158,9 +131,12 @@ services: - ntwk # VM containers for SSH management demonstration. + # This service is brought up by the ./ssh/0-setup-ssh.sh script. vm: image: rack-vm:1.0 + labels: + - "role=rack-vm" build: ./build/vm volumes: - .:/src @@ -170,6 +146,37 @@ services: networks: - ntwk +# bastion server and outside vm are part of the ssh_bastion demo + protected: + image: rack-vm:1.0 + container_name: protected_vm + hostname: protected_vm + entrypoint: sleep + command: infinity + networks: + - ntwk + + bastion: + image: rack-vm:1.0 + container_name: bastion_server + hostname: bastion_server + entrypoint: sleep + command: infinity + networks: + - ntwk + - ntwkx + + outside: + image: rack-vm:1.0 + container_name: outside_vm + hostname: outside_vm + volumes: + - .:/src + entrypoint: sleep + command: infinity + networks: + - ntwkx + # Open LDAP server for ldap sync demonstration. # This service is brought up by the ./ldap/0-setup-ldap.sh script. ldap: @@ -232,3 +239,9 @@ networks: config: - subnet: 10.5.0.0/16 gateway: 10.5.0.1 + ntwkx: + driver: bridge + ipam: + config: + - subnet: 10.6.0.0/16 + gateway: 10.6.0.1 diff --git a/etc/conjur_follower.conf b/etc/conjur_follower.conf new file mode 100644 index 0000000..346df3a --- /dev/null +++ b/etc/conjur_follower.conf @@ -0,0 +1,5 @@ +--- +appliance_url: https://conjur_follower/api +account: dev +cert_file: "/etc/conjur_follower.pem" +plugins: [] diff --git a/etc/conjur.conf b/etc/conjur_master.conf similarity index 100% rename from etc/conjur.conf rename to etc/conjur_master.conf diff --git a/etc/haproxy.cfg.template b/etc/haproxy.cfg.template deleted file mode 100644 index 66fb63e..0000000 --- a/etc/haproxy.cfg.template +++ /dev/null @@ -1,23 +0,0 @@ -global - maxconn 256 - external-check - -defaults - timeout connect 5s - timeout client 50s - timeout server 50s - -frontend f_conjur_master_http - mode tcp - bind *:443 - default_backend b_conjur_master_http - -frontend f_conjur_master_pg - mode tcp - bind *:5432 - default_backend b_conjur_master_pg - -frontend f_conjur_master_ldap - mode tcp - bind *:636 - default_backend b_conjur_master_ldap diff --git a/etc/update_haproxy.sh b/etc/update_haproxy.sh deleted file mode 100755 index fed46dc..0000000 --- a/etc/update_haproxy.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash -e -set -o pipefail - -# This script updates the HAProxy configuration for currently running Conjur containers -# and restarts the proxy daemon - -destination_file="haproxy.cfg" - -# takes one argument: the name of the HAProxy container to update -main() { - haproxy_cname=$1 - echo "# This file is generated by $0 in $(pwd)." > $destination_file - cat haproxy.cfg.template >> $destination_file - update_http_servers - update_pg_servers - update_ldap_servers - - docker cp haproxy.cfg $haproxy_cname:/usr/local/etc/haproxy/haproxy.cfg - docker restart $haproxy_cname -} - - # Appends Conjur HTTP server info in HAProxy format to haproxy.cfg. -update_http_servers() { - cat <> $destination_file - -# HTTP backend info -# Generated by $0 in $(pwd) -backend b_conjur_master_http - mode tcp - balance roundrobin - default-server inter 5s fall 3 rise 2 - option httpchk GET /health - http-check expect status 200 -CONFIG - - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cont_name in $cont_list; do - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - echo -e '\t' server $cont_name $cont_name:443 check port 443 check-ssl verify none >> $destination_file - done -} - - # Appends Conjur PostgreSQL server info in HAProxy format to haproxy.cfg. -update_pg_servers() { - cat <> $destination_file - -# PG backend info -# Generated by $0 in $(pwd) -backend b_conjur_master_pg - mode tcp - balance roundrobin - default-server inter 5s fall 3 rise 2 - option httpchk GET /health - http-check expect status 200 -CONFIG - - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cont_name in $cont_list; do - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - echo -e '\t' server $cont_name $cont_name:5432 check port 443 check-ssl verify none >> $destination_file - done -} - - # Appends Conjur LDAP server info in HAProxy format to haproxy.cfg. -update_ldap_servers() { - cat <> $destination_file - -# LDAP backend info -# Generated by $0 in $(pwd) -backend b_conjur_master_ldap - mode tcp - balance roundrobin - default-server inter 5s fall 3 rise 2 - option ldap-check -CONFIG - - cont_list=$(docker ps -f "label=role=conjur_node" --format {{.Names}}) - for cont_name in $cont_list; do - cont_ip=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $cont_name) - echo -e '\t' server $cont_name $cont_name:636 check check-ssl verify none >> $destination_file - done -} - -main $@ diff --git a/host_factory/foo.out b/host_factory/foo.out new file mode 100644 index 0000000..2a75028 --- /dev/null +++ b/host_factory/foo.out @@ -0,0 +1,3 @@ +1rdxp305gjy4y3be0yft3bnrb821rrvm9s2eambz51n591es375rc2j +tomcat_host_from_hf_token +webapp1/database_password diff --git a/host_factory/process_template.sh b/host_factory/process_template.sh index cc8ff30..a744063 100755 --- a/host_factory/process_template.sh +++ b/host_factory/process_template.sh @@ -13,6 +13,7 @@ main() { printf "\n\nContents of processed template:\n" cat $"temp.out" printf "\n\n" + rm temp.out } main $@ diff --git a/host_factory/temp.out b/host_factory/temp.out new file mode 100644 index 0000000..303a0ae --- /dev/null +++ b/host_factory/temp.out @@ -0,0 +1,5 @@ + + + + + diff --git a/ssh_ansible/0-setup-ssh.sh b/ssh_ansible/0-setup-ssh.sh index 9129aa1..d9743bd 100755 --- a/ssh_ansible/0-setup-ssh.sh +++ b/ssh_ansible/0-setup-ssh.sh @@ -1,8 +1,10 @@ -#!/bin/bash -e -set -o pipefail +#!/bin/bash +set -eo pipefail CONJUR_MASTER_ORGACCOUNT=dev -CONJUR_MASTER_URL=https://conjur_master/api +CONJUR_APPLIANCE_URL=https://conjur_follower/api +CONJUR_CONF_FILE=../etc/conjur_follower.conf +CONJUR_CERT_FILE=../etc/conjur_follower.pem RACK_SERVICE_NAME=vm RACK_POLICY_NAME=rack RACK_POLICY_FILE=$RACK_POLICY_NAME.yml @@ -44,7 +46,7 @@ refresh_vms() { construct_host_policy() { printf "\n-----\nConstructing & loading rack host policy...\n" echo "---" > $RACK_POLICY_FILE - RACK_CONT_NAMES=$(docker ps --format "{{.Names}}" | grep $RACK_SERVICE_NAME) + RACK_CONT_NAMES=$(docker ps --format "{{.Names}}" -f "label=role=rack-vm") for cname in $RACK_CONT_NAMES; do echo "- !host" $cname >> $RACK_POLICY_FILE done @@ -59,11 +61,11 @@ conjurize_vms() { printf "\n-----\nConfiguring hosts for SSH & identities ...\n" CLI_CONT_ID=$(docker-compose ps -q cli) for cname in $RACK_CONT_NAMES; do - # note: conjur.conf and conjur-.pem are - # copied from conjur container to shared volume + # note: conjur.conf and .pem files are + # copied from conjur follower container # just after conjur service is brought up. - docker cp ../etc/conjur.conf $cname:/etc - docker cp ../etc/conjur-dev.pem $cname:/etc + docker cp $CONJUR_CONF_FILE $cname:/etc/conjur.conf + docker cp $CONJUR_CERT_FILE $cname:/etc api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $cname) @@ -71,7 +73,7 @@ conjurize_vms() { docker exec \ -e CONJURRC=/etc/conjur.conf \ -e CONJUR_ACCOUNT=$CONJUR_MASTER_ORGACCOUNT \ - -e CONJUR_APPLIANCE_URL=$CONJUR_MASTER_URL \ + -e CONJUR_APPLIANCE_URL=$CONJUR_APPLIANCE_URL \ -e CONJUR_AUTHN_LOGIN="host/$cname" \ -e CONJUR_AUTHN_API_KEY=$api_key \ $cname chef-solo -o conjur::configure diff --git a/ssh_ansible/2_ssh_user_to_host.sh b/ssh_ansible/2_ssh_user_to_host.sh index fcc5e35..e9916de 100755 --- a/ssh_ansible/2_ssh_user_to_host.sh +++ b/ssh_ansible/2_ssh_user_to_host.sh @@ -1,5 +1,4 @@ #!/bin/bash -set -eo pipefail if [[ $# -ne 2 ]] ; then printf "\n\tUsage: %s \n\n" $0 exit 1 @@ -7,7 +6,5 @@ fi USER=$1 CNAME=$2 printf "\n\nUser %s attempting to ssh from CLI container to container %s:\n\n" $USER $CNAME -set -x -docker exec $CNAME service nscd restart -set +x +docker exec $CNAME service nscd restart > /dev/null docker-compose exec cli ssh -i /src/ssh_ansible/id_$USER $USER@$CNAME diff --git a/ssh_ansible/id_bob b/ssh_ansible/id_bob new file mode 100644 index 0000000..6e32c13 --- /dev/null +++ b/ssh_ansible/id_bob @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA0I0DlWcJirWvlwyQX48tFHJ1kVxg11qKNv+nUlAWi9+7ii/G +iVCjbHgx7Q8RJk7SqhaatjxrVMcPDs9wCOD7+ITSD+rNp3RiJ8/LoaYkRWnxPhkK +kSSkkGlcWkA5dPLnw6lPDb878I9VXCs8/r4QAGZ2Ku6wA/3d1f2UGbmchnoi56RW +SQag5R4RlzZbFL9C3o9PF39NgkK7TGVH/gnNADvbWriQI7rmMwFSlBq3KPYAhqSc +r+jfvtTHMrRW4/M9VxXxWq+3GP3KgojmQQUUwgC20k4QLWc2Cl3dVtKLBjnh7ybj +FjKWq+pAtymAeb/0Ohj0Oi2F4Tqkm3MjxCKCQwIDAQABAoIBAQCyXViKSASmKLvT +kUBNKlQg37/jocGFjf8WCNMfGDYgTSrFhhTkTh5nX+k7WZ6OR+3u4MRTRht594HO +ZeXpAhsesuJCEMzxAh4M9LCxQTpWT8SvGpWqC0/f3uzIl5NMjY9hDYX6OOtX1A7q +dGSHbyCaZwd7sobB8zbulSE8Wz4e1/xUUmzRuvgMk8Gl+jh4FjcVG5zIXGlmjENQ +PtsxuxdjDH1QvpEjhkK1jwhCYIY+ncId2hO8Kbrd8NkXU3ZL8wlVpFjwVl94IvAH +BnXiG5NM25WrZXimkqBCnCYHyQkd6R8dZunwB2Qee65kUPjPe6D0x1RhEnnYNzI2 +r+D0BWa5AoGBAPomuxngzvG8d5SxOP7cScU9VJYBnBAa5NgJmrAWDFM27XdLFDpF +84J8L5fKTAEfJfZ+WiGBrhIaa2Qlqeh5eButQOMVfX7lfELKCvX9NQp4b6epu9S0 +BVcg1h4jPdwGYcMI4n3KSWY/Lwu06EB5rFEKkJpnwElI8nepzCWqO4xvAoGBANVt +SRauRXEcJWNv5PgPFeNM4L05O5zwAdzKlIBPG8+dJCtbfblo11w01NYSQSVPYHBu +rdk7tvgL1+V7coe9VGitQSyOqxyI8IAWxGz1N40IWLgzzAM7i3czwXJjs4SGJx7i +JbmUx7lezCXLlUApowizVDlRx/YYjIcAfIOZLTltAoGBAKeSVngJbtflBr4m0iV4 +cDqe0RED1wW63l4SYPtgabU88GqfctdukKdyhXdLXwrJUOcE0V/svS0HYbVevakr +5de0gekdNkpRdKJRMnKCwotXDoTkYR0l0wYAyy65MPE5nTfHteHKJs1FukA/We4H +E/Xd++xTYC43naWnq0f395glAoGAfnJdFx7w7W6riBpHIeBuK1jk3bcG5pgbwmAT +U2GLLJoBT97Iwgyna22xm5L9HcnFbVdlkIqcgKEjrEZTOLCnTc04C9oK7sEDHCBh +B9zQqLIFPj0R5ehlXJ5BQjBnr2B71QRPLYBEREMx2EKhjn4cpY75m2wkeF1bBLD5 +FE6wSJECgYEA78NB96a2771buKkPt9t/q/BmXtjCi6QEQiSrXl5xh3EAa/v39WH7 +HANIkqyRHVA59RwSv9XEmzftmPRYI42lHlGdEaTmiZbIp5fbXZrsl1+q0h57ww1y +gDxb6GxhDk33WHyTZZAxrJn/7KIknf8mrRFXpXhpTAaIHf6oekcv3hc= +-----END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_bob.pub b/ssh_ansible/id_bob.pub new file mode 100644 index 0000000..873eaba --- /dev/null +++ b/ssh_ansible/id_bob.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQjQOVZwmKta+XDJBfjy0UcnWRXGDXWoo2/6dSUBaL37uKL8aJUKNseDHtDxEmTtKqFpq2PGtUxw8Oz3AI4Pv4hNIP6s2ndGInz8uhpiRFafE+GQqRJKSQaVxaQDl08ufDqU8Nvzvwj1VcKzz+vhAAZnYq7rAD/d3V/ZQZuZyGeiLnpFZJBqDlHhGXNlsUv0Lej08Xf02CQrtMZUf+Cc0AO9tauJAjuuYzAVKUGrco9gCGpJyv6N++1McytFbj8z1XFfFar7cY/cqCiOZBBRTCALbSThAtZzYKXd1W0osGOeHvJuMWMpar6kC3KYB5v/Q6GPQ6LYXhOqSbcyPEIoJD bob-ssh-demo diff --git a/ssh_ansible/id_carol b/ssh_ansible/id_carol new file mode 100644 index 0000000..2f05052 --- /dev/null +++ b/ssh_ansible/id_carol @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAuW7YpczZngE27wvKdmBmmkxIfa5XWQOHTSobcRR2t898gDYO +FVtnAxT1jC5a2vl7D90Y0ZEFvKrzb3xRfZKF3pHo80kPYnpnahR2ANdln9wczBpz +r+AQMRPfTXSq6EOAq+/Amu4XTC1j6cGR0YpyLdIV2QU1UgdN5MYVW+T2r5nUIrIm +obkGGj1/5J1N25hWCprNTbb3bQWtT13FIvNMbsZPZTe0oGawn3f03Xl+tKJ15EMi +cM6LrG8lER3XNN4bOJxRD93Vxm6ldHmuMTaFfQo6KUs2EHIiNSt1o3/xxFSnSx9m +lgNeiMfbJhMtEk8vQ7fCNRBfmRmH5ykg1+sjVwIDAQABAoIBAQCB2IemGfqsdIdF +/oioObq/Avmj4CfT8e+Vbg3HMiAreAPjN3bHJ7jLZKrInVELkrTEl/qgDJ/qy/4o +q/HYL3jEMIHhkeBPAg1WL7utvSaxOQ2FMmSd3BUaeKLd9vsSJup7+ydwlZYExqf2 +8I+uHfbz9O9NhyMeLHUz5Cziq0K+FJSc+MssFyj7f5zPfvp+PkNT/d6HICNZ6lgB +DhmupunWdYfGqntOIrgrmaZMJYxYLVmbiJL4IRSYlGwC6OZf/T14j43Lyp9SrHfs +4vHPabSYS0sg8VkuSeS2uTgVU6tfw0EdklT96XqG6sMpfX09FK5w/dL5ihRWthOs +T+5w1zHZAoGBAOnR2vtGhusRFM59gcCwAzExF2AdTXkJ78qlrop0auB+7mirlMIY +V+brCmhfRgJY1419idlKsGf9Zchuw8PEJo4O9/QKkutY8HwGHbQAQf37PkX4U5MS +jAqRPxEHAnKfe/SsOg+DgLnEfK6L0yQ/Ul6yL9gl98cE3KwFszMnmr5bAoGBAMsF +9AxRhsTlPd3zmJvfrwqbdp2TlPEEncsUn12ZPJdaDgLC4lXXRuktMk0BhLMRXHpy +A3Wa6FetOTXbTAn8R8vJjDqji4H/a5ftQLB1hFGs1FG09L8R8ROGjDjLktdnTfC+ +PRSIB1MDOO09wvkYas6yKcz5/4WJEq2fROamZze1AoGBAJNgbsJK5edsUM0GVq55 +QsnSw4UVcyuDk90LKUSjtGnkF6lp3M2qQl2OcHTw+FOqY9MO+cA4T5B8K5d2GXZf +QF3yGV98+rXUzV+fC0HVl8LahZnct/DPk+1lN3coD+bnl13U4JO+s3hj3KK4B1Gl +h+mgLn/zDoYnDmBvB1CK+gJZAoGAd+oTRLdep6tTSGZaDC8pX1WF0PrbbSQx40JS +AuHAlRDe16iuMM+PlahZXnx4GaA2hCgVfQA7HZY2BWZ62icFbQulZPk2LFll/n1m +yRMQTYGMgpokOTrqroK5Dc7H86yTr49d2mOiF9j+ZbomECTo6R74a5Z54zCcNKqu +8qD0tEUCgYBD8S0Y/ASImUTKqdnVGdtEuRReuc1UeYBxDZGuGU3SP17wimadhod3 +i6dmmwZCWJP8f3sg7SX5s/zeBZs2IHfC4wa6Wd1QMExr+HdBWGHbqqzt+y+b84JD +lLQqRNoiCLkE0Nd5BKFxQpdhuJqY/7bGaweIqsyq77kWpAXEyPVauQ== +-----END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_carol.pub b/ssh_ansible/id_carol.pub new file mode 100644 index 0000000..7ce5e8d --- /dev/null +++ b/ssh_ansible/id_carol.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5btilzNmeATbvC8p2YGaaTEh9rldZA4dNKhtxFHa3z3yANg4VW2cDFPWMLlra+XsP3RjRkQW8qvNvfFF9koXekejzSQ9iemdqFHYA12Wf3BzMGnOv4BAxE99NdKroQ4Cr78Ca7hdMLWPpwZHRinIt0hXZBTVSB03kxhVb5PavmdQisiahuQYaPX/knU3bmFYKms1NtvdtBa1PXcUi80xuxk9lN7SgZrCfd/TdeX60onXkQyJwzousbyURHdc03hs4nFEP3dXGbqV0ea4xNoV9CjopSzYQciI1K3Wjf/HEVKdLH2aWA16Ix9smEy0STy9Dt8I1EF+ZGYfnKSDX6yNX carol-ssh-demo From ea00b15f93e9b6edc94cc0203893479c7d6f8aff Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 6 Jan 2018 18:39:15 +0000 Subject: [PATCH 48/68] added bastion demo, improved haproxy update and seed file transfer --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 326df4c..5978236 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ etc/conjur*.pem log/* ldap/ldap-sync.yml -ssh/id* +ssh_ansible/id* build/hsm/* *.swp *.new From 6775ff86c320c37faa4550d8504da031a76db286 Mon Sep 17 00:00:00 2001 From: Joseph Hunt Date: Sat, 6 Jan 2018 18:42:55 +0000 Subject: [PATCH 49/68] added bastion demo, improved haproxy update and seed file transfer --- ssh_ansible/2_ssh_user_to_host.sh | 2 +- ssh_ansible/id_bob | 27 --------------------------- ssh_ansible/id_bob.pub | 1 - ssh_ansible/id_carol | 27 --------------------------- ssh_ansible/id_carol.pub | 1 - 5 files changed, 1 insertion(+), 57 deletions(-) delete mode 100644 ssh_ansible/id_bob delete mode 100644 ssh_ansible/id_bob.pub delete mode 100644 ssh_ansible/id_carol delete mode 100644 ssh_ansible/id_carol.pub diff --git a/ssh_ansible/2_ssh_user_to_host.sh b/ssh_ansible/2_ssh_user_to_host.sh index e9916de..d7f68be 100755 --- a/ssh_ansible/2_ssh_user_to_host.sh +++ b/ssh_ansible/2_ssh_user_to_host.sh @@ -7,4 +7,4 @@ USER=$1 CNAME=$2 printf "\n\nUser %s attempting to ssh from CLI container to container %s:\n\n" $USER $CNAME docker exec $CNAME service nscd restart > /dev/null -docker-compose exec cli ssh -i /src/ssh_ansible/id_$USER $USER@$CNAME +docker-compose exec cli ssh -o StrictHostKeyChecking=no -i /src/ssh_ansible/id_$USER $USER@$CNAME diff --git a/ssh_ansible/id_bob b/ssh_ansible/id_bob deleted file mode 100644 index 6e32c13..0000000 --- a/ssh_ansible/id_bob +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA0I0DlWcJirWvlwyQX48tFHJ1kVxg11qKNv+nUlAWi9+7ii/G -iVCjbHgx7Q8RJk7SqhaatjxrVMcPDs9wCOD7+ITSD+rNp3RiJ8/LoaYkRWnxPhkK -kSSkkGlcWkA5dPLnw6lPDb878I9VXCs8/r4QAGZ2Ku6wA/3d1f2UGbmchnoi56RW -SQag5R4RlzZbFL9C3o9PF39NgkK7TGVH/gnNADvbWriQI7rmMwFSlBq3KPYAhqSc -r+jfvtTHMrRW4/M9VxXxWq+3GP3KgojmQQUUwgC20k4QLWc2Cl3dVtKLBjnh7ybj -FjKWq+pAtymAeb/0Ohj0Oi2F4Tqkm3MjxCKCQwIDAQABAoIBAQCyXViKSASmKLvT -kUBNKlQg37/jocGFjf8WCNMfGDYgTSrFhhTkTh5nX+k7WZ6OR+3u4MRTRht594HO -ZeXpAhsesuJCEMzxAh4M9LCxQTpWT8SvGpWqC0/f3uzIl5NMjY9hDYX6OOtX1A7q -dGSHbyCaZwd7sobB8zbulSE8Wz4e1/xUUmzRuvgMk8Gl+jh4FjcVG5zIXGlmjENQ -PtsxuxdjDH1QvpEjhkK1jwhCYIY+ncId2hO8Kbrd8NkXU3ZL8wlVpFjwVl94IvAH -BnXiG5NM25WrZXimkqBCnCYHyQkd6R8dZunwB2Qee65kUPjPe6D0x1RhEnnYNzI2 -r+D0BWa5AoGBAPomuxngzvG8d5SxOP7cScU9VJYBnBAa5NgJmrAWDFM27XdLFDpF -84J8L5fKTAEfJfZ+WiGBrhIaa2Qlqeh5eButQOMVfX7lfELKCvX9NQp4b6epu9S0 -BVcg1h4jPdwGYcMI4n3KSWY/Lwu06EB5rFEKkJpnwElI8nepzCWqO4xvAoGBANVt -SRauRXEcJWNv5PgPFeNM4L05O5zwAdzKlIBPG8+dJCtbfblo11w01NYSQSVPYHBu -rdk7tvgL1+V7coe9VGitQSyOqxyI8IAWxGz1N40IWLgzzAM7i3czwXJjs4SGJx7i -JbmUx7lezCXLlUApowizVDlRx/YYjIcAfIOZLTltAoGBAKeSVngJbtflBr4m0iV4 -cDqe0RED1wW63l4SYPtgabU88GqfctdukKdyhXdLXwrJUOcE0V/svS0HYbVevakr -5de0gekdNkpRdKJRMnKCwotXDoTkYR0l0wYAyy65MPE5nTfHteHKJs1FukA/We4H -E/Xd++xTYC43naWnq0f395glAoGAfnJdFx7w7W6riBpHIeBuK1jk3bcG5pgbwmAT -U2GLLJoBT97Iwgyna22xm5L9HcnFbVdlkIqcgKEjrEZTOLCnTc04C9oK7sEDHCBh -B9zQqLIFPj0R5ehlXJ5BQjBnr2B71QRPLYBEREMx2EKhjn4cpY75m2wkeF1bBLD5 -FE6wSJECgYEA78NB96a2771buKkPt9t/q/BmXtjCi6QEQiSrXl5xh3EAa/v39WH7 -HANIkqyRHVA59RwSv9XEmzftmPRYI42lHlGdEaTmiZbIp5fbXZrsl1+q0h57ww1y -gDxb6GxhDk33WHyTZZAxrJn/7KIknf8mrRFXpXhpTAaIHf6oekcv3hc= ------END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_bob.pub b/ssh_ansible/id_bob.pub deleted file mode 100644 index 873eaba..0000000 --- a/ssh_ansible/id_bob.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQjQOVZwmKta+XDJBfjy0UcnWRXGDXWoo2/6dSUBaL37uKL8aJUKNseDHtDxEmTtKqFpq2PGtUxw8Oz3AI4Pv4hNIP6s2ndGInz8uhpiRFafE+GQqRJKSQaVxaQDl08ufDqU8Nvzvwj1VcKzz+vhAAZnYq7rAD/d3V/ZQZuZyGeiLnpFZJBqDlHhGXNlsUv0Lej08Xf02CQrtMZUf+Cc0AO9tauJAjuuYzAVKUGrco9gCGpJyv6N++1McytFbj8z1XFfFar7cY/cqCiOZBBRTCALbSThAtZzYKXd1W0osGOeHvJuMWMpar6kC3KYB5v/Q6GPQ6LYXhOqSbcyPEIoJD bob-ssh-demo diff --git a/ssh_ansible/id_carol b/ssh_ansible/id_carol deleted file mode 100644 index 2f05052..0000000 --- a/ssh_ansible/id_carol +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuW7YpczZngE27wvKdmBmmkxIfa5XWQOHTSobcRR2t898gDYO -FVtnAxT1jC5a2vl7D90Y0ZEFvKrzb3xRfZKF3pHo80kPYnpnahR2ANdln9wczBpz -r+AQMRPfTXSq6EOAq+/Amu4XTC1j6cGR0YpyLdIV2QU1UgdN5MYVW+T2r5nUIrIm -obkGGj1/5J1N25hWCprNTbb3bQWtT13FIvNMbsZPZTe0oGawn3f03Xl+tKJ15EMi -cM6LrG8lER3XNN4bOJxRD93Vxm6ldHmuMTaFfQo6KUs2EHIiNSt1o3/xxFSnSx9m -lgNeiMfbJhMtEk8vQ7fCNRBfmRmH5ykg1+sjVwIDAQABAoIBAQCB2IemGfqsdIdF -/oioObq/Avmj4CfT8e+Vbg3HMiAreAPjN3bHJ7jLZKrInVELkrTEl/qgDJ/qy/4o -q/HYL3jEMIHhkeBPAg1WL7utvSaxOQ2FMmSd3BUaeKLd9vsSJup7+ydwlZYExqf2 -8I+uHfbz9O9NhyMeLHUz5Cziq0K+FJSc+MssFyj7f5zPfvp+PkNT/d6HICNZ6lgB -DhmupunWdYfGqntOIrgrmaZMJYxYLVmbiJL4IRSYlGwC6OZf/T14j43Lyp9SrHfs -4vHPabSYS0sg8VkuSeS2uTgVU6tfw0EdklT96XqG6sMpfX09FK5w/dL5ihRWthOs -T+5w1zHZAoGBAOnR2vtGhusRFM59gcCwAzExF2AdTXkJ78qlrop0auB+7mirlMIY -V+brCmhfRgJY1419idlKsGf9Zchuw8PEJo4O9/QKkutY8HwGHbQAQf37PkX4U5MS -jAqRPxEHAnKfe/SsOg+DgLnEfK6L0yQ/Ul6yL9gl98cE3KwFszMnmr5bAoGBAMsF -9AxRhsTlPd3zmJvfrwqbdp2TlPEEncsUn12ZPJdaDgLC4lXXRuktMk0BhLMRXHpy -A3Wa6FetOTXbTAn8R8vJjDqji4H/a5ftQLB1hFGs1FG09L8R8ROGjDjLktdnTfC+ -PRSIB1MDOO09wvkYas6yKcz5/4WJEq2fROamZze1AoGBAJNgbsJK5edsUM0GVq55 -QsnSw4UVcyuDk90LKUSjtGnkF6lp3M2qQl2OcHTw+FOqY9MO+cA4T5B8K5d2GXZf -QF3yGV98+rXUzV+fC0HVl8LahZnct/DPk+1lN3coD+bnl13U4JO+s3hj3KK4B1Gl -h+mgLn/zDoYnDmBvB1CK+gJZAoGAd+oTRLdep6tTSGZaDC8pX1WF0PrbbSQx40JS -AuHAlRDe16iuMM+PlahZXnx4GaA2hCgVfQA7HZY2BWZ62icFbQulZPk2LFll/n1m -yRMQTYGMgpokOTrqroK5Dc7H86yTr49d2mOiF9j+ZbomECTo6R74a5Z54zCcNKqu -8qD0tEUCgYBD8S0Y/ASImUTKqdnVGdtEuRReuc1UeYBxDZGuGU3SP17wimadhod3 -i6dmmwZCWJP8f3sg7SX5s/zeBZs2IHfC4wa6Wd1QMExr+HdBWGHbqqzt+y+b84JD -lLQqRNoiCLkE0Nd5BKFxQpdhuJqY/7bGaweIqsyq77kWpAXEyPVauQ== ------END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_carol.pub b/ssh_ansible/id_carol.pub deleted file mode 100644 index 7ce5e8d..0000000 --- a/ssh_ansible/id_carol.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5btilzNmeATbvC8p2YGaaTEh9rldZA4dNKhtxFHa3z3yANg4VW2cDFPWMLlra+XsP3RjRkQW8qvNvfFF9koXekejzSQ9iemdqFHYA12Wf3BzMGnOv4BAxE99NdKroQ4Cr78Ca7hdMLWPpwZHRinIt0hXZBTVSB03kxhVb5PavmdQisiahuQYaPX/knU3bmFYKms1NtvdtBa1PXcUi80xuxk9lN7SgZrCfd/TdeX60onXkQyJwzousbyURHdc03hs4nFEP3dXGbqV0ea4xNoV9CjopSzYQciI1K3Wjf/HEVKdLH2aWA16Ix9smEy0STy9Dt8I1EF+ZGYfnKSDX6yNX carol-ssh-demo From 360d5370e9e4096cd1963ac89298332f2ecc975a Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Sat, 6 Jan 2018 19:06:57 +0000 Subject: [PATCH 50/68] added bastion demo, improved haproxy update and seed file transfer --- ssh_ansible/2_ssh_user_to_host.sh | 2 +- ssh_ansible/id_bob | 27 --------------------------- ssh_ansible/id_bob.pub | 1 - ssh_ansible/id_carol | 27 --------------------------- ssh_ansible/id_carol.pub | 1 - 5 files changed, 1 insertion(+), 57 deletions(-) delete mode 100644 ssh_ansible/id_bob delete mode 100644 ssh_ansible/id_bob.pub delete mode 100644 ssh_ansible/id_carol delete mode 100644 ssh_ansible/id_carol.pub diff --git a/ssh_ansible/2_ssh_user_to_host.sh b/ssh_ansible/2_ssh_user_to_host.sh index e9916de..d7f68be 100755 --- a/ssh_ansible/2_ssh_user_to_host.sh +++ b/ssh_ansible/2_ssh_user_to_host.sh @@ -7,4 +7,4 @@ USER=$1 CNAME=$2 printf "\n\nUser %s attempting to ssh from CLI container to container %s:\n\n" $USER $CNAME docker exec $CNAME service nscd restart > /dev/null -docker-compose exec cli ssh -i /src/ssh_ansible/id_$USER $USER@$CNAME +docker-compose exec cli ssh -o StrictHostKeyChecking=no -i /src/ssh_ansible/id_$USER $USER@$CNAME diff --git a/ssh_ansible/id_bob b/ssh_ansible/id_bob deleted file mode 100644 index 6e32c13..0000000 --- a/ssh_ansible/id_bob +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA0I0DlWcJirWvlwyQX48tFHJ1kVxg11qKNv+nUlAWi9+7ii/G -iVCjbHgx7Q8RJk7SqhaatjxrVMcPDs9wCOD7+ITSD+rNp3RiJ8/LoaYkRWnxPhkK -kSSkkGlcWkA5dPLnw6lPDb878I9VXCs8/r4QAGZ2Ku6wA/3d1f2UGbmchnoi56RW -SQag5R4RlzZbFL9C3o9PF39NgkK7TGVH/gnNADvbWriQI7rmMwFSlBq3KPYAhqSc -r+jfvtTHMrRW4/M9VxXxWq+3GP3KgojmQQUUwgC20k4QLWc2Cl3dVtKLBjnh7ybj -FjKWq+pAtymAeb/0Ohj0Oi2F4Tqkm3MjxCKCQwIDAQABAoIBAQCyXViKSASmKLvT -kUBNKlQg37/jocGFjf8WCNMfGDYgTSrFhhTkTh5nX+k7WZ6OR+3u4MRTRht594HO -ZeXpAhsesuJCEMzxAh4M9LCxQTpWT8SvGpWqC0/f3uzIl5NMjY9hDYX6OOtX1A7q -dGSHbyCaZwd7sobB8zbulSE8Wz4e1/xUUmzRuvgMk8Gl+jh4FjcVG5zIXGlmjENQ -PtsxuxdjDH1QvpEjhkK1jwhCYIY+ncId2hO8Kbrd8NkXU3ZL8wlVpFjwVl94IvAH -BnXiG5NM25WrZXimkqBCnCYHyQkd6R8dZunwB2Qee65kUPjPe6D0x1RhEnnYNzI2 -r+D0BWa5AoGBAPomuxngzvG8d5SxOP7cScU9VJYBnBAa5NgJmrAWDFM27XdLFDpF -84J8L5fKTAEfJfZ+WiGBrhIaa2Qlqeh5eButQOMVfX7lfELKCvX9NQp4b6epu9S0 -BVcg1h4jPdwGYcMI4n3KSWY/Lwu06EB5rFEKkJpnwElI8nepzCWqO4xvAoGBANVt -SRauRXEcJWNv5PgPFeNM4L05O5zwAdzKlIBPG8+dJCtbfblo11w01NYSQSVPYHBu -rdk7tvgL1+V7coe9VGitQSyOqxyI8IAWxGz1N40IWLgzzAM7i3czwXJjs4SGJx7i -JbmUx7lezCXLlUApowizVDlRx/YYjIcAfIOZLTltAoGBAKeSVngJbtflBr4m0iV4 -cDqe0RED1wW63l4SYPtgabU88GqfctdukKdyhXdLXwrJUOcE0V/svS0HYbVevakr -5de0gekdNkpRdKJRMnKCwotXDoTkYR0l0wYAyy65MPE5nTfHteHKJs1FukA/We4H -E/Xd++xTYC43naWnq0f395glAoGAfnJdFx7w7W6riBpHIeBuK1jk3bcG5pgbwmAT -U2GLLJoBT97Iwgyna22xm5L9HcnFbVdlkIqcgKEjrEZTOLCnTc04C9oK7sEDHCBh -B9zQqLIFPj0R5ehlXJ5BQjBnr2B71QRPLYBEREMx2EKhjn4cpY75m2wkeF1bBLD5 -FE6wSJECgYEA78NB96a2771buKkPt9t/q/BmXtjCi6QEQiSrXl5xh3EAa/v39WH7 -HANIkqyRHVA59RwSv9XEmzftmPRYI42lHlGdEaTmiZbIp5fbXZrsl1+q0h57ww1y -gDxb6GxhDk33WHyTZZAxrJn/7KIknf8mrRFXpXhpTAaIHf6oekcv3hc= ------END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_bob.pub b/ssh_ansible/id_bob.pub deleted file mode 100644 index 873eaba..0000000 --- a/ssh_ansible/id_bob.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQjQOVZwmKta+XDJBfjy0UcnWRXGDXWoo2/6dSUBaL37uKL8aJUKNseDHtDxEmTtKqFpq2PGtUxw8Oz3AI4Pv4hNIP6s2ndGInz8uhpiRFafE+GQqRJKSQaVxaQDl08ufDqU8Nvzvwj1VcKzz+vhAAZnYq7rAD/d3V/ZQZuZyGeiLnpFZJBqDlHhGXNlsUv0Lej08Xf02CQrtMZUf+Cc0AO9tauJAjuuYzAVKUGrco9gCGpJyv6N++1McytFbj8z1XFfFar7cY/cqCiOZBBRTCALbSThAtZzYKXd1W0osGOeHvJuMWMpar6kC3KYB5v/Q6GPQ6LYXhOqSbcyPEIoJD bob-ssh-demo diff --git a/ssh_ansible/id_carol b/ssh_ansible/id_carol deleted file mode 100644 index 2f05052..0000000 --- a/ssh_ansible/id_carol +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuW7YpczZngE27wvKdmBmmkxIfa5XWQOHTSobcRR2t898gDYO -FVtnAxT1jC5a2vl7D90Y0ZEFvKrzb3xRfZKF3pHo80kPYnpnahR2ANdln9wczBpz -r+AQMRPfTXSq6EOAq+/Amu4XTC1j6cGR0YpyLdIV2QU1UgdN5MYVW+T2r5nUIrIm -obkGGj1/5J1N25hWCprNTbb3bQWtT13FIvNMbsZPZTe0oGawn3f03Xl+tKJ15EMi -cM6LrG8lER3XNN4bOJxRD93Vxm6ldHmuMTaFfQo6KUs2EHIiNSt1o3/xxFSnSx9m -lgNeiMfbJhMtEk8vQ7fCNRBfmRmH5ykg1+sjVwIDAQABAoIBAQCB2IemGfqsdIdF -/oioObq/Avmj4CfT8e+Vbg3HMiAreAPjN3bHJ7jLZKrInVELkrTEl/qgDJ/qy/4o -q/HYL3jEMIHhkeBPAg1WL7utvSaxOQ2FMmSd3BUaeKLd9vsSJup7+ydwlZYExqf2 -8I+uHfbz9O9NhyMeLHUz5Cziq0K+FJSc+MssFyj7f5zPfvp+PkNT/d6HICNZ6lgB -DhmupunWdYfGqntOIrgrmaZMJYxYLVmbiJL4IRSYlGwC6OZf/T14j43Lyp9SrHfs -4vHPabSYS0sg8VkuSeS2uTgVU6tfw0EdklT96XqG6sMpfX09FK5w/dL5ihRWthOs -T+5w1zHZAoGBAOnR2vtGhusRFM59gcCwAzExF2AdTXkJ78qlrop0auB+7mirlMIY -V+brCmhfRgJY1419idlKsGf9Zchuw8PEJo4O9/QKkutY8HwGHbQAQf37PkX4U5MS -jAqRPxEHAnKfe/SsOg+DgLnEfK6L0yQ/Ul6yL9gl98cE3KwFszMnmr5bAoGBAMsF -9AxRhsTlPd3zmJvfrwqbdp2TlPEEncsUn12ZPJdaDgLC4lXXRuktMk0BhLMRXHpy -A3Wa6FetOTXbTAn8R8vJjDqji4H/a5ftQLB1hFGs1FG09L8R8ROGjDjLktdnTfC+ -PRSIB1MDOO09wvkYas6yKcz5/4WJEq2fROamZze1AoGBAJNgbsJK5edsUM0GVq55 -QsnSw4UVcyuDk90LKUSjtGnkF6lp3M2qQl2OcHTw+FOqY9MO+cA4T5B8K5d2GXZf -QF3yGV98+rXUzV+fC0HVl8LahZnct/DPk+1lN3coD+bnl13U4JO+s3hj3KK4B1Gl -h+mgLn/zDoYnDmBvB1CK+gJZAoGAd+oTRLdep6tTSGZaDC8pX1WF0PrbbSQx40JS -AuHAlRDe16iuMM+PlahZXnx4GaA2hCgVfQA7HZY2BWZ62icFbQulZPk2LFll/n1m -yRMQTYGMgpokOTrqroK5Dc7H86yTr49d2mOiF9j+ZbomECTo6R74a5Z54zCcNKqu -8qD0tEUCgYBD8S0Y/ASImUTKqdnVGdtEuRReuc1UeYBxDZGuGU3SP17wimadhod3 -i6dmmwZCWJP8f3sg7SX5s/zeBZs2IHfC4wa6Wd1QMExr+HdBWGHbqqzt+y+b84JD -lLQqRNoiCLkE0Nd5BKFxQpdhuJqY/7bGaweIqsyq77kWpAXEyPVauQ== ------END RSA PRIVATE KEY----- diff --git a/ssh_ansible/id_carol.pub b/ssh_ansible/id_carol.pub deleted file mode 100644 index 7ce5e8d..0000000 --- a/ssh_ansible/id_carol.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5btilzNmeATbvC8p2YGaaTEh9rldZA4dNKhtxFHa3z3yANg4VW2cDFPWMLlra+XsP3RjRkQW8qvNvfFF9koXekejzSQ9iemdqFHYA12Wf3BzMGnOv4BAxE99NdKroQ4Cr78Ca7hdMLWPpwZHRinIt0hXZBTVSB03kxhVb5PavmdQisiahuQYaPX/knU3bmFYKms1NtvdtBa1PXcUi80xuxk9lN7SgZrCfd/TdeX60onXkQyJwzousbyURHdc03hs4nFEP3dXGbqV0ea4xNoV9CjopSzYQciI1K3Wjf/HEVKdLH2aWA16Ix9smEy0STy9Dt8I1EF+ZGYfnKSDX6yNX carol-ssh-demo From 4234accf8dd0f2aeefada3e02bf1a009dc846124 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Sat, 6 Jan 2018 19:08:28 +0000 Subject: [PATCH 51/68] updated main readme --- README.md | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index eb801f0..c93e5c5 100644 --- a/README.md +++ b/README.md @@ -10,27 +10,29 @@ Dependencies: Demo root directory (.../cdemo): - 0-startup-conjur.sh - takes no arguments - initializes demo environment: - - EDIT SCRIPT WITH PATH TO CONJUR TARFILE BEFORE RUNNING. + - uses image tagged conjur-appliance:latest + - EDIT SCRIPT WITH PATH TO CONJUR TARFILE BEFORE RUNNING, if you have no conjur-appliance loaded. - triggers builds of ALL demo images - this can take 30 minutes or more - prepare accordingly! - - startups up Conjur, Conjur client CLI and Weave Scope containers + - startups up Conjur Master, Conjur client CLI, load balancer, Conjur Follower and Weave Scope containers - Loads users-policy.yml and sets all user passwords to “foo” - loads demo policies and sets secret values to the secret name prefixed with “ThisIsThe" - - 1-setup-containers.sh - takes two arguments (see demo scenario below) - starts up client application containers that fetch secrets from Conjur. - - 2-shutdown-containers.sh - takes no arguments - shuts down all client application containers. + - 1-setup-containers.sh - takes two arguments (see demo scenario below) - starts up webapp application containers that fetch secrets from Conjur. + - 2-shutdown-containers.sh - takes no arguments - shuts down all webapp application containers. - docker-compose.yml - file that drives all container builds and configurations. - .env - file of environment variables for client application containers, referenced from docker-compose.yml, dynamically created by 1-setup-containers.sh - load_policy.sh - loads a supplied policy file - - master-control.sh - inspect, pause/unpause, or kill Conjur master. - audit_policy.sh - compares a supplied policy file against current Conjur state, reports any deviations. - watch_container_log.sh - takes no arguments - runs tail on container #1 script logfile to monitor fetch activity - dbpassword_rotator.sh - sets the database password to a random hex value every 5 seconds - - apikey_rotator.sh - rotates the API key once. + - apikey_rotator.sh - rotates API key. With no arg, provides new key to apps. Any arg denies apps new API key. - inspect-cluster.sh - echos current state of cluster. -Basic demo scenario: +Basic demo scenario ("Scalability Demo"): Spin up a bunch of minimal containers, each of which fetches a secret every few seconds in a continuous loop. Change the secret, deny access, rotate the API key and watch effects. - - run 0-startup-conjur.sh. REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY. When complete demo environment is ready. + - run 0-startup-conjur.sh. + - REQUIRES INTERNET ACCESS FOR FIRST RUN ONLY. + - When complete demo environment is ready. - run 1-setup_containers.sh w/ 2 args: - number of containers to create - number seconds for each container client to sleep betwixt secrets fetches @@ -40,17 +42,19 @@ Basic demo scenario: - audit_policy to show how we can see if current state is compliant with policy doc, change "permit" to "deny" for tomcat_hosts permissions, re-run audit_policy to show how to detect non-compliance - change "permit" to "deny" in policy file, reload policy and show how none of the containers can fetch secrets - 2-shutdown-containers.sh - brings down all webapp containers. - - docker-compose down - brings down all containers incl. conjur, cli & scope. + - 3-shutdwon-all.sh - brings down ALL containers, volumes, networks, etc. - confirms first :) -Demo directories: +Demo directories (each demo has its own README): + - ./bastion - bastion server (AKA jump server) with SSH access controlled by Conjur policy - ./cluster - adds standbys to cluster and shows failover - ./ldap - shows LDAP synchronization w/ an OpenLDAP server - - ./policy - shows how to apply policies across multiple environments + - ./policy - shows how to apply application policies w/ different user permissions across multiple environments - ./splunk - brings up Splunk to monitor audit messages and NGINX logs - - ./ssh - shows how to use policies to control SSH and sudo on hosts - - ./simple_hf_example - a very basic Host Factory demo + - ./ssh_ansible - shows how to use policies to control SSH and sudo on hosts, incl. Ansible module/playbooks + - ./host_factory - a basic Host Factory demo with secrets retrieval using REST API and Summon ./etc directory: - _conjur_init.sh - Conjur initialization script run from CLI container. - _demo_init.sh - demo initialization script run from CLI container. - - conjur.conf, conjur-xxx.pem - configuration files for conjurization + - conjur*.conf, conjur*.pem - configuration files for conjurization + - conjur.json - referenced when configuring conjur-appliance containers to limit Postgres memory usage From b2799fdd7fb9d7e4c5839a39b8955babb40ec761 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Sat, 6 Jan 2018 19:19:16 +0000 Subject: [PATCH 52/68] updated bastion tutorial readme --- bastion/README.md | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/bastion/README.md b/bastion/README.md index a2c1bce..376dff8 100644 --- a/bastion/README.md +++ b/bastion/README.md @@ -1,17 +1,13 @@ # Bastion Tutorial -* Bring up 3 machines: `vm0: conjur`, `vm1: bastion`, `vm2: inventory`. -* **bastion** This is the bastion server. It is reachable from any IP, and all users have user-level access to it. The `operations` group has root-level acess to it. -* **inventory** This is the `inventory` application server. It is only reachable from the bastion IP. The `developers` group has root-level access to it. -* Run the script `./1_policy.sh` to load the base policies. -* Run `./2_setup_ssh.sh` to Conjurize the bastion and inventory servers. - - Host identities are created with host factory tokens. - - HF tokens can be managed through the UI. -* Observe the following: - - `otto` can SSH to the bastion or to the inventory server, with `sudo` access. - - `donna` can SSH to the bastion, without `sudo`. `donna` can SSH to the inventory server through the bastion, with `sudo` access to the inventory server. - - Both users will jump through the bastion to the `inventory` host. +- 0-setup-bastion.sh - Brings up 3 machines: + - outside_vm - ubuntu container on separate network from all others - can only reach the bastion_server + - bastion_server - proxy for access to designated VMs in network. All users have SSH access to it. The sec_ops group has sudo access to it. + - protected_vm - VM accessible via SSH through bastion_server. All users have SSH and sudo access to it. +- 1-exec-to-outside-vm.sh - execs into outside_vm, where you can "su -" to one of the users + - "su - carol", ping bastion_server to show connectivity, then ping conjur_master, conjur_follower etc. + - ssh protected_vm - will ssh through bastion_server to protected_vm + - exit, then "su - ted", show how ted can't access either the bastion_server or protected_vm + - all access is governed by Conjur policy with no need to distribute SSH keys + - Users' SSH configuration is standard .ssh -# TODO - -* The `inventory` machine needs a firewall rule (iptables?) which makes it unreachable except through the bastion. From c9689710e98636b99ff7fb9b1c5c2db11a957be9 Mon Sep 17 00:00:00 2001 From: "Joe Garcia, CISSP" Date: Wed, 10 Jan 2018 09:32:36 -0500 Subject: [PATCH 53/68] Removed rogue EXIT on L77 --- 0-startup-conjur.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 68e1699..25770c7 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -74,7 +74,7 @@ conjur_master_up() { image_tag=$(docker images | grep $(docker images conjur-appliance:latest --format "{{.ID}}") | awk '!/latest/ {print $2}') printf "Bringing up Conjur using image tagged as version %s...\n" $image_tag -exit + docker-compose up -d $CONJUR_MASTER_CONT_NAME echo "-----" From eb8f0ebdc531de7614fc23974333f34c292541d9 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Sun, 14 Jan 2018 16:05:27 -0600 Subject: [PATCH 54/68] added summon demo, use HF token to create protected VM in bastion demo --- .gitignore | 1 + 0-startup-conjur.sh | 14 +++- _install-dependencies.sh | 2 + apikey_rotator.sh | 6 +- audit_policy.sh | 2 +- bastion/0-setup-bastion.sh | 14 ++-- bastion/3_root_key_rotators.sh | 6 -- bastion/4_rotate.sh | 9 --- bastion/policy/bastion.yml | 15 ++-- bastion/policy/protected.yml | 15 ++-- bastion/policy/root_key_rotators.yml | 13 ---- build/vm/Dockerfile | 4 +- dbpassword_rotator.sh | 8 +-- docker-compose.yml | 100 +++++++++++++++------------ elevate.yml | 7 ++ host_factory/echo_secrets.sh | 8 +++ host_factory/foo.out | 3 - ssh_ansible/rack.yml | 2 +- summon/0-setup-summon.sh | 35 ++++++++++ summon/1-get-secret-summon.sh | 7 ++ summon/conjur_summon_provider.sh | 91 ++++++++++++++++++++++++ summon/secrets.yml | 4 ++ summon/test.sh | 7 ++ 23 files changed, 260 insertions(+), 113 deletions(-) delete mode 100755 bastion/3_root_key_rotators.sh delete mode 100755 bastion/4_rotate.sh delete mode 100644 bastion/policy/root_key_rotators.yml create mode 100644 elevate.yml create mode 100755 host_factory/echo_secrets.sh delete mode 100644 host_factory/foo.out create mode 100755 summon/0-setup-summon.sh create mode 100755 summon/1-get-secret-summon.sh create mode 100755 summon/conjur_summon_provider.sh create mode 100644 summon/secrets.yml create mode 100755 summon/test.sh diff --git a/.gitignore b/.gitignore index 5978236..141cc42 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ ssh_ansible/id* build/hsm/* *.swp *.new +get-secret.sh diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 68e1699..c420f77 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -12,7 +12,7 @@ CONJUR_MASTER_CONT_NAME=conjur1 CLI_CONT_NAME=conjur_cli main() { - + check_dir_name all_down # bring down anything still running conjur_master_up @@ -26,7 +26,7 @@ main() { # initialize "scalability" demo docker-compose exec cli "/src/etc/_demo-init.sh" - # force builds of images for demo modules + # force image builds for demo modules docker-compose build ldap docker-compose build vm docker-compose build splunk @@ -37,6 +37,15 @@ main() { echo } +############################ +check_dir_name() { + curr_dir_name=$(pwd | awk -F/ '{print $NF}') + if [ "$curr_dir_name" != "cdemo" ]; then + printf "\nRenaming directory from %s to cdemo.\n" $curr_dir_name + cd ..; mv $curr_dir_name cdemo; cd cdemo + fi +} + ############################ all_down() { printf "\n\nBringing down all running containers.\n" @@ -74,7 +83,6 @@ conjur_master_up() { image_tag=$(docker images | grep $(docker images conjur-appliance:latest --format "{{.ID}}") | awk '!/latest/ {print $2}') printf "Bringing up Conjur using image tagged as version %s...\n" $image_tag -exit docker-compose up -d $CONJUR_MASTER_CONT_NAME echo "-----" diff --git a/_install-dependencies.sh b/_install-dependencies.sh index 6ca7d35..b3551b6 100755 --- a/_install-dependencies.sh +++ b/_install-dependencies.sh @@ -49,6 +49,8 @@ install_conjur_cli() { configure_env() { echo "Configuring environment..." + # the shell init file works around some + # networking anomalies SHELL_INIT_FILE=/etc/profile.d/cdemo.sh sudo rm -f $SHELL_INIT_FILE diff --git a/apikey_rotator.sh b/apikey_rotator.sh index 1988d9c..fa6f680 100755 --- a/apikey_rotator.sh +++ b/apikey_rotator.sh @@ -4,15 +4,13 @@ set -eo pipefail APP_HOSTNAME=webapp1/tomcat_host # rotate api key for host -api_key=$(docker-compose exec -T cli \ +api_key=$(docker exec conjur_cli \ conjur host rotate_api_key --host $APP_HOSTNAME) # if no arg provided if [[ "$1" == "" ]]; then # write new key to nondescript file in shared volume - echo $api_key > local_foo - docker cp local_foo $(docker-compose ps -q cli):/data/foo - rm local_foo + echo $api_key | docker exec -i conjur_cli bash -c "tee > /data/foo" sleep 5 docker-compose exec cli rm /data/foo fi diff --git a/audit_policy.sh b/audit_policy.sh index 75ed8bf..17960ac 100755 --- a/audit_policy.sh +++ b/audit_policy.sh @@ -1,4 +1,4 @@ -#!/bin/bash -ex +#!/bin/bash -e if [[ -z $1 ]] ; then printf "\n\tUsage: %s \n\n" $0 exit 1 diff --git a/bastion/0-setup-bastion.sh b/bastion/0-setup-bastion.sh index 95fc804..f97cd62 100755 --- a/bastion/0-setup-bastion.sh +++ b/bastion/0-setup-bastion.sh @@ -21,7 +21,8 @@ main() { ###################### load_policy() { printf "\n-----\nLoading bastion server access policy...\n" - docker-compose exec cli conjur policy load --as-group=security_admin /src/bastion/$ACCESS_POLICY_FILE + docker exec conjur_cli conjur authn login -u admin -p Cyberark1 + docker exec conjur_cli conjur policy load --as-group=security_admin /src/bastion/$ACCESS_POLICY_FILE } ###################### @@ -35,22 +36,27 @@ bring_up_vms() { ###################### conjurize_vms() { printf "\n-----\nConfiguring hosts for SSH & identities ...\n" + + api_key=$(docker exec conjur_cli conjur host rotate_api_key --host bastion/server) + conjurize_container_as_host bastion_server bastion/server $api_key + + hf_token=$(docker exec conjur_cli conjur hostfactory tokens create --duration-minutes=1 protected | jq -r .[].token) + api_key=$(docker exec conjur_cli conjur hostfactory hosts create $hf_token protected/vm | jq -r .api_key) + conjurize_container_as_host protected_vm protected/vm $api_key - conjurize_container_as_host bastion_server bastion/server - conjurize_container_as_host protected_vm protected/vm } ###################### conjurize_container_as_host(){ cname=$1; shift hname=$1; shift + api_key=$1; shift # note: conjur.conf and conjur-.pem are # copied from conjur container to shared volume # just after conjur service is brought up. docker cp $CONJUR_CONF_FILE $cname:/etc/conjur.conf docker cp $CONJUR_CERT_FILE $cname:/etc - api_key=$(docker-compose exec -T cli conjur host rotate_api_key --host $hname) # run chef recipe to configure vm for ssh access docker exec \ -e CONJURRC=/etc/conjur.conf \ diff --git a/bastion/3_root_key_rotators.sh b/bastion/3_root_key_rotators.sh deleted file mode 100755 index f1f4b9a..0000000 --- a/bastion/3_root_key_rotators.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -ex -set -eo pipefail -docker-compose exec cli conjur policy load --as-group security_admin /src/bastion/policy/root_key_rotators.yml -docker-compose exec cli conjur variable values add root-key-rotators/bastion/host bastion_server -docker-compose exec cli conjur variable values add root-key-rotators/bastion/login alice -docker exec -i outside_vm cat /home/alice/.ssh/id_rsa | docker exec -i conjur_cli conjur variable values add root-key-rotators/bastion/private-key diff --git a/bastion/4_rotate.sh b/bastion/4_rotate.sh deleted file mode 100755 index ae43cbe..0000000 --- a/bastion/4_rotate.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -ex - -# You can run this as many times as you want. - -docker exec -it conjur_cli conjur variable expire --now root-key-rotators/bastion/private-key - -sleep 5 - -docker exec -it conjur_cli conjur audit resource -s variable:root-key-rotators/bastion/private-key | grep rotator | grep reported diff --git a/bastion/policy/bastion.yml b/bastion/policy/bastion.yml index 40d4edb..3eaa9d0 100644 --- a/bastion/policy/bastion.yml +++ b/bastion/policy/bastion.yml @@ -3,26 +3,27 @@ id: bastion body: - - !layer + - !layer bastion - !host server - !grant - role: !layer + role: !layer bastion member: !host server # Give developers user access (ssh) to VMs in layer +# managed role is used for staticly created hosts - !grant - role: !automatic-role - record: !layer + role: !managed_role + record: !layer bastion role_name: use_host member: !group /developers # Give sec_ops admin access (ssh & sudo) to VMs in layer - !grant - role: !automatic-role - record: !layer + role: !managed_role + record: !layer bastion role_name: admin_host - member: !group /sec_ops + members: !group /sec_ops diff --git a/bastion/policy/protected.yml b/bastion/policy/protected.yml index eeff7cf..25a0d1f 100644 --- a/bastion/policy/protected.yml +++ b/bastion/policy/protected.yml @@ -1,19 +1,18 @@ +--- - !policy id: protected body: - - !layer + - !layer - - !host vm + - !host-factory + layer: !layer - - !grant - role: !layer - member: !host vm - -# Give developers ssh & sudo rights on VMs in layer +# Give developers user (ssh) and admin (sudo) access to VMs in layer +# automatic role is used for dynamically created hosts (i.e. w/ host factory) - !grant - role: !automatic-role + role: !automatic_role record: !layer role_name: admin_host member: !group /developers diff --git a/bastion/policy/root_key_rotators.yml b/bastion/policy/root_key_rotators.yml deleted file mode 100644 index 660257d..0000000 --- a/bastion/policy/root_key_rotators.yml +++ /dev/null @@ -1,13 +0,0 @@ -- !policy - id: root-key-rotators - body: - - !policy - id: bastion - body: - - !variable host - - !variable login - - !variable - id: private-key - annotations: - rotation/rotator: ssh/key_pair - rotation/ttl: P1D # rotate every day diff --git a/build/vm/Dockerfile b/build/vm/Dockerfile index b118c0f..c724ab4 100644 --- a/build/vm/Dockerfile +++ b/build/vm/Dockerfile @@ -10,7 +10,9 @@ COPY configure-ssh.sh /root # Install Chef, download Conjur cookbook and run the Conjur installation recipe RUN cd /tmp \ && curl -L https://www.opscode.com/chef/install.sh | bash \ - && chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur::install + && chef-solo --recipe-url https://github.com/conjur-cookbooks/conjur/releases/download/v0.4.3/conjur-v0.4.3.tar.gz -o conjur::install \ + && curl -sSL https://github.com/raw/cyberark/summon/master/install.sh | bash \ + && curl -sSL https://github.com/raw/cyberark/summon-conjur/master/install.sh | bash # Cleanup RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/dbpassword_rotator.sh b/dbpassword_rotator.sh index e22a5b9..f89de01 100755 --- a/dbpassword_rotator.sh +++ b/dbpassword_rotator.sh @@ -3,7 +3,7 @@ VAR_ID=webapp1/database_password while [[ 1 == 1 ]]; do new_value=$(openssl rand -hex 12) - msg=$(docker-compose exec -T cli conjur variable values add $VAR_ID $new_value) + msg=$(docker exec conjur_cli conjur variable values add $VAR_ID $new_value) if [[ "$msg" == "Value added" ]]; then echo $(date "+%H:%M:%S") "$VAR_ID is now: $new_value" else @@ -11,9 +11,3 @@ while [[ 1 == 1 ]]; do fi sleep 5 done - -while [[ 1 == 1 ]]; do - new_pwd=$(openssl rand -hex 12) - error_msg=$(conjur variable values add db/password $new_pwd 2>&1 >/dev/null) - sleep 5 -done diff --git a/docker-compose.yml b/docker-compose.yml index 427fdce..9361f34 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,7 +20,7 @@ services: - seccomp:unconfined restart: always networks: - ntwk: + mnetwk: ipv4_address: "10.5.0.2" conjur2: @@ -36,8 +36,8 @@ services: - seccomp:unconfined restart: always networks: - ntwk: - ipv4_address: "10.5.0.13" # upper range of addresses, hopefully unused when created + mnetwk: + ipv4_address: "10.5.0.3" conjur3: image: conjur-appliance:latest @@ -52,8 +52,8 @@ services: - seccomp:unconfined restart: always networks: - ntwk: - ipv4_address: "10.5.0.14" # upper range of addresses, hopefully unused when created + mnetwk: + ipv4_address: "10.5.0.4" haproxy: image: haproxy:conjur @@ -69,19 +69,8 @@ services: restart: always entrypoint: "/start.sh" networks: - - ntwk - - follower: - image: conjur-appliance:latest - hostname: conjur_follower - container_name: conjur_follower - volumes: - - ./:/src:z - security_opt: - - seccomp:unconfined - restart: always - networks: - - ntwk + - mnetwk + - fnetwk cli: environment: @@ -99,7 +88,8 @@ services: entrypoint: sleep command: infinity networks: - - ntwk + - mnetwk + - fnetwk scope: image: weaveworks/scope:1.6.5 @@ -113,7 +103,19 @@ services: command: - "--probe.docker=true" networks: - - ntwk + - mnetwk + + follower: + image: conjur-appliance:latest + hostname: conjur_follower + container_name: conjur_follower + volumes: + - ./:/src:z + security_opt: + - seccomp:unconfined + restart: always + networks: + - fnetwk # The webapp service is just a simple script running in a container - not really a web app. # This service is brought up by the 1-setup-containers.sh script. @@ -128,11 +130,11 @@ services: - VAR_ID # written by 1-setup-containers.sh - SLEEP_TIME networks: - - ntwk + - fnetwk -# VM containers for SSH management demonstration. +# VM containers for SSH management demonstrations. -# This service is brought up by the ./ssh/0-setup-ssh.sh script. +# ssh access control and Ansible execution governed via Conjur policy vm: image: rack-vm:1.0 labels: @@ -144,9 +146,22 @@ services: entrypoint: sleep command: infinity networks: - - ntwk + - fnetwk -# bastion server and outside vm are part of the ssh_bastion demo + ansible: + container_name: ansible + image: "ansible:centos7" + build: build/ansible + environment: + ANSIBLE_HOST_KEY_CHECKING: "false" + volumes: + - ./:/src:rw + - ./ssh_ansible/ansible_hosts:/etc/ansible/hosts:rw + entrypoint: "sleep infinity" + networks: + - fnetwk + +# ssh from outside_vm to protected_vm through bastion_server, governed by Conjur policy protected: image: rack-vm:1.0 container_name: protected_vm @@ -154,7 +169,7 @@ services: entrypoint: sleep command: infinity networks: - - ntwk + - fnetwk bastion: image: rack-vm:1.0 @@ -163,8 +178,8 @@ services: entrypoint: sleep command: infinity networks: - - ntwk - - ntwkx + - xnetwk + - fnetwk outside: image: rack-vm:1.0 @@ -175,7 +190,7 @@ services: entrypoint: sleep command: infinity networks: - - ntwkx + - xnetwk # all alone on "external" network # Open LDAP server for ldap sync demonstration. # This service is brought up by the ./ldap/0-setup-ldap.sh script. @@ -187,7 +202,7 @@ services: volumes: - .:/src networks: - - ntwk + - mnetwk # Splunk enterprise server for Splunk monitoring demonstration. # This requires the Conjur and Nginx logs be exported from the Conjur container. @@ -212,20 +227,7 @@ services: - "8088:8088" - "1514:1514" networks: - - ntwk - - ansible: - container_name: ansible - image: "ansible:centos7" - build: build/ansible - environment: - ANSIBLE_HOST_KEY_CHECKING: "false" - volumes: - - ./:/src:rw - - ./ssh_ansible/ansible_hosts:/etc/ansible/hosts:rw - entrypoint: "sleep infinity" - networks: - - ntwk + - mnetwk volumes: data: @@ -233,15 +235,21 @@ volumes: opt-splunk-var: networks: - ntwk: + mnetwk: driver: bridge ipam: config: - subnet: 10.5.0.0/16 gateway: 10.5.0.1 - ntwkx: + fnetwk: driver: bridge ipam: config: - subnet: 10.6.0.0/16 gateway: 10.6.0.1 + xnetwk: + driver: bridge + ipam: + config: + - subnet: 10.7.0.0/16 + gateway: 10.7.0.1 diff --git a/elevate.yml b/elevate.yml new file mode 100644 index 0000000..2ffa804 --- /dev/null +++ b/elevate.yml @@ -0,0 +1,7 @@ +--- +- !policy + id: elevate + body: + - !grant +:q! + diff --git a/host_factory/echo_secrets.sh b/host_factory/echo_secrets.sh new file mode 100755 index 0000000..e105a87 --- /dev/null +++ b/host_factory/echo_secrets.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +main() { + printf "\n\nValue for %s is: %s\n\n" "DB_PWD" $DB_PWD + read -n 1 -s -p "Press any key to continue" +} + +main $@ diff --git a/host_factory/foo.out b/host_factory/foo.out deleted file mode 100644 index 2a75028..0000000 --- a/host_factory/foo.out +++ /dev/null @@ -1,3 +0,0 @@ -1rdxp305gjy4y3be0yft3bnrb821rrvm9s2eambz51n591es375rc2j -tomcat_host_from_hf_token -webapp1/database_password diff --git a/ssh_ansible/rack.yml b/ssh_ansible/rack.yml index 96bffeb..d6886ef 100644 --- a/ssh_ansible/rack.yml +++ b/ssh_ansible/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_2 - !host cdemo_vm_1 +- !host cdemo_vm_2 diff --git a/summon/0-setup-summon.sh b/summon/0-setup-summon.sh new file mode 100755 index 0000000..dbc0e54 --- /dev/null +++ b/summon/0-setup-summon.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -eo pipefail + +CONJUR_MASTER_ORGACCOUNT=dev +CONJUR_APPLIANCE_URL=https://conjur_follower/api +CONJUR_CERT_FILE=../etc/conjur_follower.pem +CONJUR_CERT_FILE_ON_HOST=/etc/conjur_follower.pem +HOST_IMAGE=rack-vm:1.0 +CNAME=cdemo_vm_1 +HOSTNAME=webapp1/tomcat_host + + # start container - summon is already installed +docker-compose up -d vm + # copy over conjur.conf +cat <\n\n" $0 + exit 1 + fi + var_id=$1 + + get_authn_info + host_authn $CONJUR_AUTHN_LOGIN $CONJUR_AUTHN_API_KEY + fetch_secret $var_id # sets SECRET_VALUE + echo $SECRET_VALUE +} + +################ +get_authn_info() { + CONJUR_APPLIANCE_URL=$(cat /etc/conjur.conf | awk '/appliance_url/ {print $2}') + CONJUR_CERT_FILE=$(cat /etc/conjur.conf | awk '/cert_file/ {print $2}') + CONJUR_CERT_FILE=$(sed -e 's/^"//' -e 's/"$//' <<<$CONJUR_CERT_FILE) # remove quotes + CONJUR_AUTHN_LOGIN=$(cat /etc/conjur.identity | awk '/login/ {print $2}') + urlify $CONJUR_AUTHN_LOGIN + CONJUR_AUTHN_LOGIN=$URLIFIED + CONJUR_AUTHN_API_KEY=$(cat /etc/conjur.identity | awk '/password/ {print $2}') +} + +################ +# HOST AUTHN using its name and API key to get session token +# $1 - host name +# $2 - API key +host_authn() { + local host_name=$1; shift + local host_api_key=$1; shift + + # Authenticate host w/ its name & API key to get session token + response=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --request POST \ + --data-binary $host_api_key \ + $CONJUR_APPLIANCE_URL/authn/users/${host_name}/authenticate) + + HOST_SESSION_TOKEN=$(echo -n $response| base64 | tr -d '\r\n') +} + +################ +# URLIFY - converts '/' and ':' in input string to hex equivalents +# in: $1 - string to convert +# out: URLIFIED - converted string in global variable +urlify() { + local str=$1; shift + str=$(echo $str | sed 's= =%20=g') + str=$(echo $str | sed 's=/=%2F=g') + str=$(echo $str | sed 's=:=%3A=g') + URLIFIED=$str +} + +################ +# FETCH SECRET using session token +# $1 - name of secret to fetch +fetch_secret() { + local var_id=$1; shift + + urlify $var_id + local var_id_urlfmt=$URLIFIED + + # FETCH variable value + SECRET_VALUE=$(curl -s \ + --cacert $CONJUR_CERT_FILE \ + --request GET \ + -H "Content-Type: application/json" \ + -H "Authorization: Token token=\"$HOST_SESSION_TOKEN\"" \ + $CONJUR_APPLIANCE_URL/variables/{$var_id_urlfmt}/value) +} + +main $@ diff --git a/summon/secrets.yml b/summon/secrets.yml new file mode 100644 index 0000000..64ee0f1 --- /dev/null +++ b/summon/secrets.yml @@ -0,0 +1,4 @@ +DB_PWD: !var webapp1/database_password +DB_PWD_FILE: !var:file webapp1/database_password +LITERAL: ThisIsAliteralValue +LITERAL_FILE: !file ThisIsAliteralValue diff --git a/summon/test.sh b/summon/test.sh new file mode 100755 index 0000000..a7d24e8 --- /dev/null +++ b/summon/test.sh @@ -0,0 +1,7 @@ +#!/bin/bash +printf "\n\nDB_PWD: $DB_PWD\n" +printf "DB_PWD_FILE: $DB_PWD_FILE\n" +printf "Contents of $DB_PWD_FILE: %s\n" $(cat $DB_PWD_FILE) +printf "\nLITERAL: $LITERAL\n" +printf "LITERAL_FILE: $LITERAL_FILE\n" +printf "Contents of $LITERAL_FILE: %s\n\n" $(cat $LITERAL_FILE) From 11a56c0a8b398149a759c840dc6e7acb879d25cd Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Sun, 14 Jan 2018 16:06:07 -0600 Subject: [PATCH 55/68] remove elevate.yml --- elevate.yml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 elevate.yml diff --git a/elevate.yml b/elevate.yml deleted file mode 100644 index 2ffa804..0000000 --- a/elevate.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- !policy - id: elevate - body: - - !grant -:q! - From 8946b97780df4b2dae8c904be4408eb97c0fe927 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Mon, 15 Jan 2018 09:24:10 -0600 Subject: [PATCH 56/68] fix ansible build, and linux-specific env tweaks --- 0-startup-conjur.sh | 10 ++++++++-- _install-dependencies.sh | 17 ----------------- build/ansible/Dockerfile | 6 ++++-- docker-compose.yml | 21 ++++++--------------- etc/env_config.sh | 18 ++++++++++++++++++ ssh_ansible/rack.yml | 2 +- ssh_ansible/ssh-mgmt.yml | 2 +- 7 files changed, 38 insertions(+), 38 deletions(-) create mode 100644 etc/env_config.sh diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index c420f77..4b943ae 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -12,7 +12,7 @@ CONJUR_MASTER_CONT_NAME=conjur1 CLI_CONT_NAME=conjur_cli main() { - check_dir_name + check_env all_down # bring down anything still running conjur_master_up @@ -30,6 +30,7 @@ main() { docker-compose build ldap docker-compose build vm docker-compose build splunk + docker-compose build ansible echo echo "Demo environment ready!" @@ -38,11 +39,16 @@ main() { } ############################ -check_dir_name() { +check_env() { curr_dir_name=$(pwd | awk -F/ '{print $NF}') if [ "$curr_dir_name" != "cdemo" ]; then printf "\nRenaming directory from %s to cdemo.\n" $curr_dir_name cd ..; mv $curr_dir_name cdemo; cd cdemo + fi + # forward IP packets and ensure dhcp clien stays up + if [[ "$(uname -s)" == "Linux" ]]; then + sudo sysctl -w net.ipv4.ip_forward=1 + sudo dhclient -v fi } diff --git a/_install-dependencies.sh b/_install-dependencies.sh index b3551b6..67b92cf 100755 --- a/_install-dependencies.sh +++ b/_install-dependencies.sh @@ -6,7 +6,6 @@ main() { install_docker_compose install_jq install_conjur_cli - configure_env echo "Logout and log back in to run docker commands w/o sudo..." } @@ -47,20 +46,4 @@ install_conjur_cli() { && rm conjur.rpm } -configure_env() { - echo "Configuring environment..." - # the shell init file works around some - # networking anomalies - SHELL_INIT_FILE=/etc/profile.d/cdemo.sh - sudo rm -f $SHELL_INIT_FILE - - sudo touch $SHELL_INIT_FILE - sudo chmod a+w $SHELL_INIT_FILE - sudo echo PATH=\$PATH:/usr/local/bin >> $SHELL_INIT_FILE - # ensure internet connectivity on shell startup - sudo echo "sudo sysctl -w net.ipv4.ip_forward=1" >> $SHELL_INIT_FILE - sudo echo "sudo dhclient -v" >> $SHELL_INIT_FILE - sudo chmod go-w $SHELL_INIT_FILE -} - main $@ diff --git a/build/ansible/Dockerfile b/build/ansible/Dockerfile index a7bfd87..14587be 100644 --- a/build/ansible/Dockerfile +++ b/build/ansible/Dockerfile @@ -1,4 +1,4 @@ -from williamyeh/ansible:centos7-onbuild +from williamyeh/ansible:alpine3 # ==> Specify requirements filename; default = "requirements.yml" #ENV REQUIREMENTS requirements.yml @@ -10,4 +10,6 @@ from williamyeh/ansible:centos7-onbuild #ENV INVENTORY inventory.ini # ==> Executing Ansible (with a simple wrapper)... -RUN ansible-playbook-wrapper +#RUN ansible-playbook-wrapper + +ENTRYPOINT sh -c 'while sleep 3600; do :; done' diff --git a/docker-compose.yml b/docker-compose.yml index 9361f34..4a57b72 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,9 @@ version: '2' services: -# NOTE: static IP addresses are currently only supported in docker-compose v2 - -# The CLI container is used to execute Conjur commands in lieu of requiring the CLI -# package installation on the host machine. This makes managing multi-version Conjur -# environments easier. +# The CLI container is used to execute Conjur commands. As the CLI is the +# admin UI for Conjur, this affords a way to protect access to it. +# It also makes managing multi-version Conjur environments easier. conjur1: image: conjur-appliance:latest @@ -150,14 +148,13 @@ services: ansible: container_name: ansible - image: "ansible:centos7" + image: "ansible:alpine3" build: build/ansible environment: ANSIBLE_HOST_KEY_CHECKING: "false" volumes: - ./:/src:rw - ./ssh_ansible/ansible_hosts:/etc/ansible/hosts:rw - entrypoint: "sleep infinity" networks: - fnetwk @@ -178,7 +175,7 @@ services: entrypoint: sleep command: infinity networks: - - xnetwk + - default - fnetwk outside: @@ -190,7 +187,7 @@ services: entrypoint: sleep command: infinity networks: - - xnetwk # all alone on "external" network + - default # all alone on "external" network # Open LDAP server for ldap sync demonstration. # This service is brought up by the ./ldap/0-setup-ldap.sh script. @@ -247,9 +244,3 @@ networks: config: - subnet: 10.6.0.0/16 gateway: 10.6.0.1 - xnetwk: - driver: bridge - ipam: - config: - - subnet: 10.7.0.0/16 - gateway: 10.7.0.1 diff --git a/etc/env_config.sh b/etc/env_config.sh new file mode 100644 index 0000000..1e98248 --- /dev/null +++ b/etc/env_config.sh @@ -0,0 +1,18 @@ +configure_env() { + echo "Configuring environment..." + # the shell init file works around some + # networking anomalies + SHELL_INIT_FILE=/etc/profile.d/cdemo.sh + sudo rm -f $SHELL_INIT_FILE + + sudo touch $SHELL_INIT_FILE + sudo chmod a+w $SHELL_INIT_FILE + sudo echo PATH=\$PATH:/usr/local/bin >> $SHELL_INIT_FILE + # ensure internet connectivity on shell startup + sudo echo "sudo sysctl -w net.ipv4.ip_forward=1" >> $SHELL_INIT_FILE + sudo echo "sudo dhclient -v" >> $SHELL_INIT_FILE + sudo chmod go-w $SHELL_INIT_FILE + sudo chmod +x $SHELL_INIT_FILE +} + +main $@ diff --git a/ssh_ansible/rack.yml b/ssh_ansible/rack.yml index d6886ef..96bffeb 100644 --- a/ssh_ansible/rack.yml +++ b/ssh_ansible/rack.yml @@ -1,3 +1,3 @@ --- -- !host cdemo_vm_1 - !host cdemo_vm_2 +- !host cdemo_vm_1 diff --git a/ssh_ansible/ssh-mgmt.yml b/ssh_ansible/ssh-mgmt.yml index c1d6cf8..a154622 100644 --- a/ssh_ansible/ssh-mgmt.yml +++ b/ssh_ansible/ssh-mgmt.yml @@ -8,7 +8,7 @@ - !permit roles: - !group /devops - - !group /developers +# - !group /developers privileges: [ read, execute ] resources: - !host /cdemo_vm_1 From 39b1ed2b08214144efad689964ec1cc05326cb4e Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Mon, 15 Jan 2018 09:24:33 -0600 Subject: [PATCH 57/68] fix ansible build, and linux-specific env tweaks --- etc/env_config.sh | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 etc/env_config.sh diff --git a/etc/env_config.sh b/etc/env_config.sh deleted file mode 100644 index 1e98248..0000000 --- a/etc/env_config.sh +++ /dev/null @@ -1,18 +0,0 @@ -configure_env() { - echo "Configuring environment..." - # the shell init file works around some - # networking anomalies - SHELL_INIT_FILE=/etc/profile.d/cdemo.sh - sudo rm -f $SHELL_INIT_FILE - - sudo touch $SHELL_INIT_FILE - sudo chmod a+w $SHELL_INIT_FILE - sudo echo PATH=\$PATH:/usr/local/bin >> $SHELL_INIT_FILE - # ensure internet connectivity on shell startup - sudo echo "sudo sysctl -w net.ipv4.ip_forward=1" >> $SHELL_INIT_FILE - sudo echo "sudo dhclient -v" >> $SHELL_INIT_FILE - sudo chmod go-w $SHELL_INIT_FILE - sudo chmod +x $SHELL_INIT_FILE -} - -main $@ From a67d7f0c5c63ff7ac898452bea20cdcf61a2b4b3 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Mon, 15 Jan 2018 10:17:16 -0600 Subject: [PATCH 58/68] tweaks in host_factory --- build/haproxy/Dockerfile | 9 ++++----- cluster/0-setup-standbys.sh | 4 ++-- cluster/1-trigger-failover.sh | 4 ++-- host_factory/0_setup_summon.sh | 2 +- host_factory/process_template.sh | 1 - 5 files changed, 9 insertions(+), 11 deletions(-) diff --git a/build/haproxy/Dockerfile b/build/haproxy/Dockerfile index 1062645..74bcee4 100644 --- a/build/haproxy/Dockerfile +++ b/build/haproxy/Dockerfile @@ -1,10 +1,9 @@ FROM haproxy:1.7 -RUN apt-get clean -RUN apt-get update -RUN apt-get install -y \ - curl \ - vim +RUN apt-get clean \ + && apt-get update \ + && apt-get install -y curl vim \ + && rm -rf /var/lib/apt/lists/* COPY haproxy.cfg.master-only /usr/local/etc/haproxy/haproxy.cfg COPY start.sh / diff --git a/cluster/0-setup-standbys.sh b/cluster/0-setup-standbys.sh index fa0f5b9..ad0a297 100755 --- a/cluster/0-setup-standbys.sh +++ b/cluster/0-setup-standbys.sh @@ -117,9 +117,9 @@ check_conjur_version() { CONJUR_MINOR=$(echo $CONJUR_VERSION | awk -F "." '{ print $2 }') CONJUR_POINT=$(echo $CONJUR_VERSION | awk -F "." '{ print $3 }') - if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 11) ]]; then + if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 12) ]]; then printf "\nConjur version %i.%i.%i is running.\n" $CONJUR_MAJOR $CONJUR_MINOR $CONJUR_POINT - printf "This script only supports failover in Conjur versions 4.9.11 and above.\n\n" + printf "This script supports failover in Conjur versions 4.9.12 and above.\n\n" else failover_supported=true fi diff --git a/cluster/1-trigger-failover.sh b/cluster/1-trigger-failover.sh index a7f09b4..ce1b53b 100755 --- a/cluster/1-trigger-failover.sh +++ b/cluster/1-trigger-failover.sh @@ -31,9 +31,9 @@ check_CONJUR_VERSION() { CONJUR_MINOR=$(echo $CONJUR_VERSION | awk -F "." '{ print $2 }') CONJUR_POINT=$(echo $CONJUR_VERSION | awk -F "." '{ print $3 }') - if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 10) ]]; then + if [[ ($CONJUR_MINOR -lt 10) && ($CONJUR_POINT -lt 12) ]]; then printf "\nConjur version %i.%i.%i is running.\n" $CONJUR_MAJOR $CONJUR_MINOR $CONJUR_POINT - printf "This script only supports failover in Conjur version 4.9.10.\n\n" + printf "This script supports failover in Conjur version 4.9.12 and above.\n\n" exit -1 fi } diff --git a/host_factory/0_setup_summon.sh b/host_factory/0_setup_summon.sh index 1f6d7b7..74bafd0 100755 --- a/host_factory/0_setup_summon.sh +++ b/host_factory/0_setup_summon.sh @@ -1,7 +1,7 @@ #!/bin/bash if [[ "$(which summon)" == "" ]]; then printf "\nInstalling Summon...\n" - curl -sSL https://github.com/raw/cyberark/summon/master/install.sh | bash + curl -sSL https://github.com/raw/cyberark/summon/master/install.sh | sudo bash else printf "\nSummon already installed.\n" fi diff --git a/host_factory/process_template.sh b/host_factory/process_template.sh index a744063..8ab56ff 100755 --- a/host_factory/process_template.sh +++ b/host_factory/process_template.sh @@ -2,7 +2,6 @@ main() { printf "\n\nValue for %s is: %s\n\n" "DB_PWD" $DB_PWD - read -n 1 -s -p "Press any key to continue" TEMPLATE=tomcat.xml.erb printf -v SED_STRING "s=@database_password=%s=g" $DB_PWD From c2463b91842477b70cd35875f4dc1464f5dd68d1 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Mon, 15 Jan 2018 10:19:47 -0600 Subject: [PATCH 59/68] avoid error on dhclient call --- 0-startup-conjur.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 4b943ae..ac4ca0e 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -47,8 +47,10 @@ check_env() { fi # forward IP packets and ensure dhcp clien stays up if [[ "$(uname -s)" == "Linux" ]]; then + set +x sudo sysctl -w net.ipv4.ip_forward=1 sudo dhclient -v + set -x fi } From edd198c79a293d81b48089ff6b15cb8dd0b2ffc1 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Mon, 15 Jan 2018 10:21:12 -0600 Subject: [PATCH 60/68] avoid error on dhclient call --- 0-startup-conjur.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index ac4ca0e..103fee5 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -47,10 +47,10 @@ check_env() { fi # forward IP packets and ensure dhcp clien stays up if [[ "$(uname -s)" == "Linux" ]]; then - set +x + set +e sudo sysctl -w net.ipv4.ip_forward=1 sudo dhclient -v - set -x + set -e fi } From 6d56ba21c2ab3c2139edeb6796aaf3f7b3c2982d Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Mon, 15 Jan 2018 10:33:38 -0600 Subject: [PATCH 61/68] remove static ip addresses for master/standbys --- docker-compose.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4a57b72..bc611b2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,8 +18,7 @@ services: - seccomp:unconfined restart: always networks: - mnetwk: - ipv4_address: "10.5.0.2" + - mnetwk conjur2: image: conjur-appliance:latest @@ -34,8 +33,7 @@ services: - seccomp:unconfined restart: always networks: - mnetwk: - ipv4_address: "10.5.0.3" + - mnetwk conjur3: image: conjur-appliance:latest @@ -50,8 +48,7 @@ services: - seccomp:unconfined restart: always networks: - mnetwk: - ipv4_address: "10.5.0.4" + - mnetwk haproxy: image: haproxy:conjur From 16b35819613f1cfaf08214289af889d11ce5f830 Mon Sep 17 00:00:00 2001 From: Jody Hunt Date: Mon, 15 Jan 2018 10:49:15 -0600 Subject: [PATCH 62/68] fix failover check logic --- cluster/0-setup-standbys.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/0-setup-standbys.sh b/cluster/0-setup-standbys.sh index ad0a297..7dc30a5 100755 --- a/cluster/0-setup-standbys.sh +++ b/cluster/0-setup-standbys.sh @@ -104,7 +104,7 @@ update_load_balancer() { setup_cluster_mgr() { failover_supported=false check_conjur_version - if [ failover_supported ]; then + if $failover_supported ; then setup_cluster_state fi } From 27155c1f2033e20768a1bb86536a667c6d33deda Mon Sep 17 00:00:00 2001 From: Ben Floyd Date: Tue, 16 Jan 2018 14:06:36 -0800 Subject: [PATCH 63/68] Added config file template and updated scripts to load the config file. --- .gitignore | 1 + 0-startup-conjur.sh | 10 +--------- 1-setup-containers.sh | 3 +-- _loadcfg.sh | 13 +++++++++++++ apikey_rotator.sh | 2 +- config.template.cfg | 15 +++++++++++++++ dbpassword_rotator.sh | 3 ++- 7 files changed, 34 insertions(+), 13 deletions(-) create mode 100644 _loadcfg.sh create mode 100644 config.template.cfg diff --git a/.gitignore b/.gitignore index 141cc42..8bba030 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ build/hsm/* *.swp *.new get-secret.sh +config.cfg diff --git a/0-startup-conjur.sh b/0-startup-conjur.sh index 103fee5..ec8d450 100755 --- a/0-startup-conjur.sh +++ b/0-startup-conjur.sh @@ -1,15 +1,7 @@ #!/bin/bash set -eo pipefail - # EDIT TO POINT TO YOUR LOCAL CONJUR IMAGE TARFILE -CONJUR_CONTAINER_TARFILE= - -CONJUR_MASTER_INGRESS=conjur_master -CONJUR_FOLLOWER_INGRESS=conjur_follower -CONJUR_MASTER_ORGACCOUNT=dev -CONJUR_MASTER_PASSWORD=Cyberark1 -CONJUR_MASTER_CONT_NAME=conjur1 -CLI_CONT_NAME=conjur_cli +. ./_loadcfg.sh main() { check_env diff --git a/1-setup-containers.sh b/1-setup-containers.sh index fae99fe..e37bb6c 100755 --- a/1-setup-containers.sh +++ b/1-setup-containers.sh @@ -1,8 +1,7 @@ #!/bin/bash -e set -o pipefail -APP_HOSTNAME="webapp1/tomcat_host" -VAR_ID="webapp1/database_password" +. ./_loadcfg.sh ################ MAIN ################ # $1 = number of containers to create diff --git a/_loadcfg.sh b/_loadcfg.sh new file mode 100644 index 0000000..367595e --- /dev/null +++ b/_loadcfg.sh @@ -0,0 +1,13 @@ +# Internal script used to check and load config files + +echo -n "Checking for config.cfg... " +if [ ! -f ./config.cfg ]; then + echo " Not Found!" + echo " Please copy config.template.cfg to config.cfg and edit as needed." + exit 1 +else + echo "Found!" + echo " Loading config.cfg" + . ./config.cfg +fi + diff --git a/apikey_rotator.sh b/apikey_rotator.sh index fa6f680..f634774 100755 --- a/apikey_rotator.sh +++ b/apikey_rotator.sh @@ -1,7 +1,7 @@ #!/bin/bash set -eo pipefail -APP_HOSTNAME=webapp1/tomcat_host +. ./_loadcfg.sh # rotate api key for host api_key=$(docker exec conjur_cli \ diff --git a/config.template.cfg b/config.template.cfg new file mode 100644 index 0000000..fd67051 --- /dev/null +++ b/config.template.cfg @@ -0,0 +1,15 @@ +# Variables for 0-startup-conjur.sh +CONJUR_CONTAINER_TARFILE=/path/to/conjur-appliance-4.9.11.0.tar + +CONJUR_MASTER_INGRESS=conjur_master +CONJUR_FOLLOWER_INGRESS=conjur_follower +CONJUR_MASTER_ORGACCOUNT=dev +CONJUR_MASTER_PASSWORD=Cyberark1 +CONJUR_MASTER_CONT_NAME=conjur1 +CLI_CONT_NAME=conjur_cli + +# Variables for 1-setup-containers.sh +APP_HOSTNAME="webapp1/tomcat_host" +VAR_ID="webapp1/database_password" + + diff --git a/dbpassword_rotator.sh b/dbpassword_rotator.sh index f89de01..8bc9036 100755 --- a/dbpassword_rotator.sh +++ b/dbpassword_rotator.sh @@ -1,5 +1,6 @@ #!/bin/bash -VAR_ID=webapp1/database_password + +. ./_loadcfg.sh while [[ 1 == 1 ]]; do new_value=$(openssl rand -hex 12) From bab15395e6582d432621816c4c52ed3af04bce59 Mon Sep 17 00:00:00 2001 From: Ben Floyd Date: Tue, 16 Jan 2018 14:36:19 -0800 Subject: [PATCH 64/68] Removing check messaging --- _loadcfg.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/_loadcfg.sh b/_loadcfg.sh index 367595e..fedd436 100644 --- a/_loadcfg.sh +++ b/_loadcfg.sh @@ -1,13 +1,9 @@ # Internal script used to check and load config files -echo -n "Checking for config.cfg... " if [ ! -f ./config.cfg ]; then - echo " Not Found!" echo " Please copy config.template.cfg to config.cfg and edit as needed." exit 1 else - echo "Found!" - echo " Loading config.cfg" . ./config.cfg fi From 99b5213fce63065091476bcf6df21f614c4a0f19 Mon Sep 17 00:00:00 2001 From: Ben Floyd Date: Tue, 16 Jan 2018 14:38:03 -0800 Subject: [PATCH 65/68] Removing .env from git tracking --- .env | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 .env diff --git a/.env b/.env deleted file mode 100644 index 3754f72..0000000 --- a/.env +++ /dev/null @@ -1,3 +0,0 @@ -APP_HOSTNAME=webapp1%2Ftomcat_host -VAR_ID=webapp1%2Fdatabase_password -SLEEP_TIME=5 From 7f60c1ea233310630ad0d11927fdf1eaee4edb84 Mon Sep 17 00:00:00 2001 From: Ben Floyd Date: Tue, 16 Jan 2018 14:43:08 -0800 Subject: [PATCH 66/68] Updating git ignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 8bba030..6143181 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ build/hsm/* *.new get-secret.sh config.cfg +.env From 779de332effaa746d9741e7d43fae1259b74c1fd Mon Sep 17 00:00:00 2001 From: Benjamin Floyd Date: Wed, 17 Jan 2018 01:59:23 -0600 Subject: [PATCH 67/68] Corrected echo statement to use tee for more reliability. Also added check for configuration directory. --- _install-dependencies.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/_install-dependencies.sh b/_install-dependencies.sh index 67b92cf..a63b52b 100755 --- a/_install-dependencies.sh +++ b/_install-dependencies.sh @@ -21,7 +21,10 @@ install_docker() { # add user to docker group to run docker w/o sudo sudo usermod -aG docker $USER # default overlay storage driver causes probs - sudo echo '{ "storage-driver": "devicemapper" }' > /etc/docker/daemon.json + if [ ! -d /etc/docker ]; then + sudo mkdir /etc/docker + fi + echo '{ "storage-driver": "devicemapper" }' | sudo tee -a /etc/docker/daemon.json sudo systemctl start docker } From 89fc95bac60e3f88ccb36d631941af04e2bbe83d Mon Sep 17 00:00:00 2001 From: Brian Kelly Date: Tue, 23 Jan 2018 15:41:19 -0500 Subject: [PATCH 68/68] Small formatting change to README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c93e5c5..6c7c013 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ This is self-contained implementation of a basic Conjur implementation to demonstrate all key capabilities and to serve as a foundation for POCs and implementations. Dependencies: - - TO INSTALL DOCKER, DOCKER-COMPOSE, JQ, ETC - run _install-dependencies.sh + - TO INSTALL DOCKER, DOCKER-COMPOSE, JQ, ETC - run `_install-dependencies.sh` - locally available conjur docker image tarfile - v4.9.10 or greater required for auto-failover - request download image via https://www.cyberark.com/get-conjur-enterprise/ - internet access required for initial builds, can run standalone after that